| Message ID | a18fc6cf356bc338c69b3cc44d7be8bd35c6d7d0.1741028854.git.christophe.jaillet@wanadoo.fr (mailing list archive) |
|---|---|
| State | Under Review |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: virtio - Erase some sensitive memory when it is freed | expand |
QE tested this patch with virtio-net regression tests, everything works fine. Tested-by: Lei Yang <leiyang@redhat.com> On Tue, Mar 4, 2025 at 3:08 AM Christophe JAILLET <christophe.jaillet@wanadoo.fr> wrote: > > virtcrypto_clear_request() does the same as the code here, but uses > kfree_sensitive() for one of the free operation. > > So, better safe than sorry, use virtcrypto_clear_request() directly to > save a few lines of code and cleanly free the memory. > > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> > --- > I've no idea if this is needed or not, but it looks not consistent to me. > > If safe as-is, maybe the kfree_sensitive() in virtcrypto_clear_request() > should be removed instead. > --- > drivers/crypto/virtio/virtio_crypto_core.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/drivers/crypto/virtio/virtio_crypto_core.c b/drivers/crypto/virtio/virtio_crypto_core.c > index d0278eb568b9..0d522049f595 100644 > --- a/drivers/crypto/virtio/virtio_crypto_core.c > +++ b/drivers/crypto/virtio/virtio_crypto_core.c > @@ -480,10 +480,8 @@ static void virtcrypto_free_unused_reqs(struct virtio_crypto *vcrypto) > > for (i = 0; i < vcrypto->max_data_queues; i++) { > vq = vcrypto->data_vq[i].vq; > - while ((vc_req = virtqueue_detach_unused_buf(vq)) != NULL) { > - kfree(vc_req->req_data); > - kfree(vc_req->sgs); > - } > + while ((vc_req = virtqueue_detach_unused_buf(vq)) != NULL) > + virtcrypto_clear_request(vc_req); > cond_resched(); > } > } > -- > 2.48.1 > >
On Tue, Mar 4, 2025 at 3:08 AM Christophe JAILLET <christophe.jaillet@wanadoo.fr> wrote: > > virtcrypto_clear_request() does the same as the code here, but uses > kfree_sensitive() for one of the free operation. > > So, better safe than sorry, use virtcrypto_clear_request() directly to > save a few lines of code and cleanly free the memory. > > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> > --- > I've no idea if this is needed or not, but it looks not consistent to me. > > If safe as-is, maybe the kfree_sensitive() in virtcrypto_clear_request() > should be removed instead. > --- > drivers/crypto/virtio/virtio_crypto_core.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/drivers/crypto/virtio/virtio_crypto_core.c b/drivers/crypto/virtio/virtio_crypto_core.c > index d0278eb568b9..0d522049f595 100644 > --- a/drivers/crypto/virtio/virtio_crypto_core.c > +++ b/drivers/crypto/virtio/virtio_crypto_core.c > @@ -480,10 +480,8 @@ static void virtcrypto_free_unused_reqs(struct virtio_crypto *vcrypto) > > for (i = 0; i < vcrypto->max_data_queues; i++) { > vq = vcrypto->data_vq[i].vq; > - while ((vc_req = virtqueue_detach_unused_buf(vq)) != NULL) { > - kfree(vc_req->req_data); > - kfree(vc_req->sgs); > - } > + while ((vc_req = virtqueue_detach_unused_buf(vq)) != NULL) > + virtcrypto_clear_request(vc_req); > cond_resched(); > } > } > -- > 2.48.1 > > Acked-by: Jason Wang <jasowang@redhat.com> Thanks
diff --git a/drivers/crypto/virtio/virtio_crypto_core.c b/drivers/crypto/virtio/virtio_crypto_core.c index d0278eb568b9..0d522049f595 100644 --- a/drivers/crypto/virtio/virtio_crypto_core.c +++ b/drivers/crypto/virtio/virtio_crypto_core.c @@ -480,10 +480,8 @@ static void virtcrypto_free_unused_reqs(struct virtio_crypto *vcrypto) for (i = 0; i < vcrypto->max_data_queues; i++) { vq = vcrypto->data_vq[i].vq; - while ((vc_req = virtqueue_detach_unused_buf(vq)) != NULL) { - kfree(vc_req->req_data); - kfree(vc_req->sgs); - } + while ((vc_req = virtqueue_detach_unused_buf(vq)) != NULL) + virtcrypto_clear_request(vc_req); cond_resched(); } }
virtcrypto_clear_request() does the same as the code here, but uses kfree_sensitive() for one of the free operation. So, better safe than sorry, use virtcrypto_clear_request() directly to save a few lines of code and cleanly free the memory. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> --- I've no idea if this is needed or not, but it looks not consistent to me. If safe as-is, maybe the kfree_sensitive() in virtcrypto_clear_request() should be removed instead. --- drivers/crypto/virtio/virtio_crypto_core.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)