vppinfra: add clib_mem_free_s

IPsec zero-es all allocated key memory including memory sur-allocated by
the allocator.
Move it to its own function in clib mem infra to make it easier to
instrument.

Type: refactor

Change-Id: Icd1c44d18b741e723864abce75ac93e2eff74b61
Signed-off-by: Benoît Ganne <bganne@cisco.com>

diff --git a/src/plugins/crypto_ia32/main.c b/src/plugins/crypto_ia32/main.c
index cca5fb4..194182f 100644 (file)
--- a/src/plugins/crypto_ia32/main.c
+++ b/src/plugins/crypto_ia32/main.c
@@ -40,9 +40,7 @@ crypto_ia32_key_handler (vlib_main_t * vm, vnet_crypto_key_op_t kop,
       if (cm->key_data[idx] == 0)
        return;
 
-      clib_memset_u8 (cm->key_data[idx], 0,
-                     clib_mem_size (cm->key_data[idx]));
-      clib_mem_free (cm->key_data[idx]);
+      clib_mem_free_s (cm->key_data[idx]);
       cm->key_data[idx] = 0;
       return;
     }
@@ -51,9 +49,7 @@ crypto_ia32_key_handler (vlib_main_t * vm, vnet_crypto_key_op_t kop,
 
   if (kop == VNET_CRYPTO_KEY_OP_MODIFY && cm->key_data[idx])
     {
-      clib_memset_u8 (cm->key_data[idx], 0,
-                     clib_mem_size (cm->key_data[idx]));
-      clib_mem_free (cm->key_data[idx]);
+      clib_mem_free_s (cm->key_data[idx]);
     }
 
   cm->key_data[idx] = cm->key_fn[key->alg] (key);

diff --git a/src/plugins/crypto_ipsecmb/ipsecmb.c b/src/plugins/crypto_ipsecmb/ipsecmb.c
index fccc697..7428e99 100644 (file)
--- a/src/plugins/crypto_ipsecmb/ipsecmb.c
+++ b/src/plugins/crypto_ipsecmb/ipsecmb.c
@@ -402,9 +402,7 @@ crypto_ipsecmb_key_handler (vlib_main_t * vm, vnet_crypto_key_op_t kop,
       if (imbm->key_data[idx] == 0)
        return;
 
-      clib_memset_u8 (imbm->key_data[idx], 0,
-                     clib_mem_size (imbm->key_data[idx]));
-      clib_mem_free (imbm->key_data[idx]);
+      clib_mem_free_s (imbm->key_data[idx]);
       imbm->key_data[idx] = 0;
       return;
     }
@@ -416,9 +414,7 @@ crypto_ipsecmb_key_handler (vlib_main_t * vm, vnet_crypto_key_op_t kop,
 
   if (kop == VNET_CRYPTO_KEY_OP_MODIFY && imbm->key_data[idx])
     {
-      clib_memset_u8 (imbm->key_data[idx], 0,
-                     clib_mem_size (imbm->key_data[idx]));
-      clib_mem_free (imbm->key_data[idx]);
+      clib_mem_free_s (imbm->key_data[idx]);
     }
 
   kd = imbm->key_data[idx] = clib_mem_alloc_aligned (ad->data_size,

diff --git a/src/vppinfra/mem.h b/src/vppinfra/mem.h
index f2930a1..e565757 100644 (file)
--- a/src/vppinfra/mem.h
+++ b/src/vppinfra/mem.h
@@ -272,6 +272,14 @@ clib_mem_size (void *p)
 #endif
 }
 
+always_inline void
+clib_mem_free_s (void *p)
+{
+  uword size = clib_mem_size (p);
+  memset_s_inline (p, size, 0, size);
+  clib_mem_free (p);
+}
+
 always_inline void *
 clib_mem_get_heap (void)
 {