* [PATCH net-next] ixgbe: Use memzero_explicit directly in crypto cases
@ 2019-09-18 2:36 zhong jiang
2019-09-18 2:43 ` zhong jiang
0 siblings, 1 reply; 2+ messages in thread
From: zhong jiang @ 2019-09-18 2:36 UTC (permalink / raw)
To: jakub.kicinski, davem
Cc: anna.schumaker, trond.myklebust, netdev, linux-kernel, zhongjiang
In general, Use kzfree() to replace memset() + kfree() is feasible and
resonable. But It's btter to use memzero_explicit() to replace memset()
in crypto cases.
Signed-off-by: zhong jiang <zhongjiang@huawei.com>
---
drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
index 113f608..7e4f32f 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
@@ -960,9 +960,11 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
return 0;
err_aead:
- kzfree(xs->aead);
+ memzero_explicit(xs->aead, sizeof(*xs->aead));
+ kfree(xs->aead);
err_xs:
- kzfree(xs);
+ memzero_explicit(xs, sizeof(*xs));
+ kfree(xs);
err_out:
msgbuf[1] = err;
return err;
@@ -1047,7 +1049,8 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
ixgbe_ipsec_del_sa(xs);
/* remove the xs that was made-up in the add request */
- kzfree(xs);
+ memzero_explicit(xs, sizeof(*xs));
+ kfree(xs);
return 0;
}
--
1.7.12.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net-next] ixgbe: Use memzero_explicit directly in crypto cases
2019-09-18 2:36 [PATCH net-next] ixgbe: Use memzero_explicit directly in crypto cases zhong jiang
@ 2019-09-18 2:43 ` zhong jiang
0 siblings, 0 replies; 2+ messages in thread
From: zhong jiang @ 2019-09-18 2:43 UTC (permalink / raw)
To: zhong jiang
Cc: jakub.kicinski, davem, anna.schumaker, trond.myklebust, netdev,
linux-kernel
On 2019/9/18 10:36, zhong jiang wrote:
> In general, Use kzfree() to replace memset() + kfree() is feasible and
> resonable. But It's btter to use memzero_explicit() to replace memset()
> in crypto cases.
s/btter/better/, will repost. sorry for that.
Thanks,
zhong jiang
> Signed-off-by: zhong jiang <zhongjiang@huawei.com>
> ---
> drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> index 113f608..7e4f32f 100644
> --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c
> @@ -960,9 +960,11 @@ int ixgbe_ipsec_vf_add_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
> return 0;
>
> err_aead:
> - kzfree(xs->aead);
> + memzero_explicit(xs->aead, sizeof(*xs->aead));
> + kfree(xs->aead);
> err_xs:
> - kzfree(xs);
> + memzero_explicit(xs, sizeof(*xs));
> + kfree(xs);
> err_out:
> msgbuf[1] = err;
> return err;
> @@ -1047,7 +1049,8 @@ int ixgbe_ipsec_vf_del_sa(struct ixgbe_adapter *adapter, u32 *msgbuf, u32 vf)
> ixgbe_ipsec_del_sa(xs);
>
> /* remove the xs that was made-up in the add request */
> - kzfree(xs);
> + memzero_explicit(xs, sizeof(*xs));
> + kfree(xs);
>
> return 0;
> }
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-09-18 2:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-09-18 2:36 [PATCH net-next] ixgbe: Use memzero_explicit directly in crypto cases zhong jiang
2019-09-18 2:43 ` zhong jiang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).