From: Dawid Osuchowski <dawid.osuchowski@linux.intel.com>
To: Zilin Guan <zilin@seu.edu.cn>
Cc: andrew+netdev@lunn.ch, anthony.l.nguyen@intel.com,
davem@davemloft.net, edumazet@google.com,
intel-wired-lan@lists.osuosl.org, jianhao.xu@seu.edu.cn,
kuba@kernel.org, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, pabeni@redhat.com,
przemyslaw.kitszel@intel.com
Subject: Re: [PATCH] ixgbe/ipsec: use memzero_explicit() for stack SA structs
Date: Tue, 13 May 2025 15:21:24 +0200 [thread overview]
Message-ID: <dbc58b6f-b15e-42d9-b4d7-344b9ab53f74@linux.intel.com> (raw)
In-Reply-To: <20250513122441.4065314-1-zilin@seu.edu.cn>
On 2025-05-13 2:24 PM, Zilin Guan wrote:
> OK, I will resend the patch to the iwl-net branch and include the Fixes
> tag. Before I do that, I noticed that in ixgbe_ipsec_add_sa() we clear
> the Tx SA struct with memset 0 on key-parsing failure but do not clear
> the Rx SA struct in the corresponding error path:
>
> 617 /* get the key and salt */
> 618 ret = ixgbe_ipsec_parse_proto_keys(xs, rsa.key, &rsa.salt);
> 619 if (ret) {
> 620 NL_SET_ERR_MSG_MOD(extack,
> "Failed to get key data for Rx SA table");
> 621 return ret; /* <- no memzero_explicit() here */
> 622 }
> ...
> 728 if (ret) {
> 729 NL_SET_ERR_MSG_MOD(extack,
> "Failed to get key data for Tx SA table");
> 730 memset(&tsa, 0, sizeof(tsa));
> 731 return ret; /* <- clears tsa on error */
> 732 }
>
> Both paths return immediately on key-parsing failure, should I add a
> memzero_explicit(&rsa, sizeof(rsa)) before Rx-SA's return or remove the
> memset(&tsa, ...) in the Tx-SA path to keep them consistent?
From the code in ixgbe_ipsec_parse_proto_keys() it seems that copying
of the salt and key values occurs at the end of the function and only in
case of success, see below.
---
if (key_len == IXGBE_IPSEC_KEY_BITS) {
*mysalt = ((u32 *)key_data)[4];
} else if (key_len != (IXGBE_IPSEC_KEY_BITS - (sizeof(*mysalt) * 8))) {
netdev_err(dev, "IPsec hw offload only supports keys up to 128 bits
with a 32 bit salt\n");
return -EINVAL;
} else {
netdev_info(dev, "IPsec hw offload parameters missing 32 bit salt
value\n");
*mysalt = 0;
}
memcpy(mykey, key_data, 16);
return 0;
---
In my (limited) understanding the memset(&tsa, 0, ...) call in case of
error after the ixgbe_ipsec_parse_proto_keys() is redundant, as there is
nothing to clear in the tsa.key and tsa.salt. The rsa and tsa also
contain the pointer to the xfrm_state and I am unsure whether we should
clear that as well.
Please note that I do not have much experience with ipsec so take my
opinion with a grain of salt. Best for someone more experienced to assess.
Thanks,
Dawid
>
> Best Regards,
> Zilin Guan
next prev parent reply other threads:[~2025-05-13 13:21 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-12 10:58 [PATCH] ixgbe/ipsec: use memzero_explicit() for stack SA structs Zilin Guan
2025-05-12 12:53 ` Dawid Osuchowski
2025-05-13 12:24 ` Zilin Guan
2025-05-13 13:21 ` Dawid Osuchowski [this message]
2025-05-13 13:31 ` Zilin Guan
2025-05-13 13:54 ` Dawid Osuchowski
2025-05-15 9:27 ` Przemek Kitszel
2025-05-16 15:04 ` Zilin Guan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dbc58b6f-b15e-42d9-b4d7-344b9ab53f74@linux.intel.com \
--to=dawid.osuchowski@linux.intel.com \
--cc=andrew+netdev@lunn.ch \
--cc=anthony.l.nguyen@intel.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=intel-wired-lan@lists.osuosl.org \
--cc=jianhao.xu@seu.edu.cn \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=przemyslaw.kitszel@intel.com \
--cc=zilin@seu.edu.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).