On Fri, May 06, 2022 at 11:22:39AM +0200, Greg KH wrote: > On Fri, May 06, 2022 at 09:23:25AM +0100, Giovanni Cabiddu wrote: > > Use memzero_explicit(), instead of a memset(.., 0, ..) in the > > implementation of the algorithms, for buffers containing sensitive > > information to ensure they are wiped out before free. > > > > Cc: stable@xxxxxxxxxxxxxxx > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@xxxxxxxxx> > > Reviewed-by: Adam Guerin <adam.guerin@xxxxxxxxx> > > Reviewed-by: Wojciech Ziemba <wojciech.ziemba@xxxxxxxxx> > > --- > > drivers/crypto/qat/qat_common/qat_algs.c | 20 +++++++++---------- > > drivers/crypto/qat/qat_common/qat_asym_algs.c | 20 +++++++++---------- > > 2 files changed, 20 insertions(+), 20 deletions(-) > > > > diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c > > index 873533dc43a7..c42df18e02b2 100644 > > --- a/drivers/crypto/qat/qat_common/qat_algs.c > > +++ b/drivers/crypto/qat/qat_common/qat_algs.c > > @@ -637,12 +637,12 @@ static int qat_alg_aead_newkey(struct crypto_aead *tfm, const u8 *key, > > return 0; > > > > out_free_all: > > - memset(ctx->dec_cd, 0, sizeof(struct qat_alg_cd)); > > + memzero_explicit(ctx->dec_cd, sizeof(struct qat_alg_cd)); > > This is for structure fields, why does memset() not work properly here? > The compiler should always call this, it doesn't know what > dma_free_coherent() does. You are referencing this pointer after the > memset() call so all should be working as intended here. > > Because of this, I don't see why this change is needed. Do you have > reports of compilers not calling memset() for all of this properly? Apologies, I had a wrong assumption. Based on a comment in the memzero_explicit() documentation I assumed it should be always used to zero sensitive data. * memzero_explicit - Fill a region of memory (e.g. sensitive * keying data) with 0s. I'm going to drop this patch. Thanks, -- Giovanni