{"id":2231252,"url":"http://patchwork.ozlabs.org/api/patches/2231252/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/323e6bcd1191cc21faadf9ac8323b94fdb803109.1777549821.git.massimiliano.pellizzer@canonical.com/","project":{"id":15,"url":"http://patchwork.ozlabs.org/api/projects/15/?format=json","name":"Ubuntu Kernel","link_name":"ubuntu-kernel","list_id":"kernel-team.lists.ubuntu.com","list_email":"kernel-team@lists.ubuntu.com","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<323e6bcd1191cc21faadf9ac8323b94fdb803109.1777549821.git.massimiliano.pellizzer@canonical.com>","list_archive_url":null,"date":"2026-04-30T12:30:14","name":"[SRU,Q,1/5] crypto: algif_aead - Revert to operating out-of-place","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"48ae849e61eb5f6fdccd36c6ff03f1f4a40d1ff5","submitter":{"id":89057,"url":"http://patchwork.ozlabs.org/api/people/89057/?format=json","name":"Massimiliano Pellizzer","email":"massimiliano.pellizzer@canonical.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/323e6bcd1191cc21faadf9ac8323b94fdb803109.1777549821.git.massimiliano.pellizzer@canonical.com/mbox/","series":[{"id":502297,"url":"http://patchwork.ozlabs.org/api/series/502297/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/list/?series=502297","date":"2026-04-30T12:30:16","name":"CVE-2026-31431","version":1,"mbox":"http://patchwork.ozlabs.org/series/502297/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2231252/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2231252/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=Qw503Kmr;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5tnw6M93z1yGq\n\tfor ; Thu, 30 Apr 2026 22:31:30 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from )\n\tid 1wIQY4-0004Ob-Rh; Thu, 30 Apr 2026 12:31:20 +0000","from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from )\n id 1wIQY3-0004L0-FN\n for kernel-team@lists.ubuntu.com; Thu, 30 Apr 2026 12:31:19 +0000","from mail-wm1-f71.google.com (mail-wm1-f71.google.com\n [209.85.128.71])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 4CE613F427\n for ; Thu, 30 Apr 2026 12:31:19 +0000 (UTC)","by mail-wm1-f71.google.com with SMTP id\n 5b1f17b1804b1-48a55ecc32cso7644155e9.1\n for ; Thu, 30 Apr 2026 05:31:19 -0700 (PDT)","from tuxedo-infinitybook.ts.net\n (net-93-71-66-38.cust.vodafonedsl.it. [93.71.66.38])\n by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-48a81ed6bafsm103695005e9.2.2026.04.30.05.31.16\n for \n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 30 Apr 2026 05:31:16 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1777552279;\n bh=6kFT2gXoAsA2bTfN+SvwKfgsg39rTj7QhAhLvucLetQ=;\n h=From:To:Subject:Date:Message-ID:In-Reply-To:References:\n MIME-Version;\n b=Qw503KmrCH7zGwXjOXEnZJbJ54qgFOlEqDM2WFSzbHOtZ06NGUnSjkMLX7YCJBTfW\n JWNScCMjzAfLfjMA9zlHcA2tELZsPoLyXDEELKg7zofcYlJp7XoesL0AgQ9rwQQZyT\n hPxdh/5V09NVi5KAblJAemVBzPu9NJT3LEF2XRFJwAmx6c++QvXqvmqeIn6o7WxybQ\n QU+76TXz6DPsRUEIKZ/EzU+7FmBTbDfy7EUEa3N3kow4IpWaNwwAVv704hql3sqbdN\n WR5YbfM9VTFVGkRugkI0Zl6o9Snb21v5EUQsuFkK8x2XKVIE0QacHpfHNI3fNYGGh2\n AkVGZBRYXVeZdnueEkn64Xbd9n6Gg880+vCxopFGoHrXFh8CA7tHyZvz1ld8D/Mn7f\n dm7lrZdVWM5FCVGpWiQ9Z7CkwizYnQlZy1tPHqgOTlcK7yDt/Oc9tlh4JWHLao8SPJ\n XPtgYf5d432k9BHgZidM7Fuwnys8/j9TjT/L+om5yOyZusGLsG2+jW7h6oP9shHZzR\n ZKA7dHa7M2ZM/PMGZ4V3MJKvGUNum+YbmIlG848UWJnubX8qGJeLKg9Nob3tIfTFS2\n G/8qW18TUCHwh1ptPjmTVnxYEJwszhSiFhoddMb9hhYoEvt3ZZZYCSVPZ693DXstD4\n o9c1MG62PEZk6jBBA6HryDMQ=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777552278; x=1778157078;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to\n :cc:subject:date:message-id:reply-to;\n bh=6kFT2gXoAsA2bTfN+SvwKfgsg39rTj7QhAhLvucLetQ=;\n b=B8PmbNcsI2/E+NGtS8Le3i29O4zhz889ToaMez0Aif7UZvGFoRAqB3XAquJaeKRGJT\n 1Vlo0rJIsbp53yX5axJFEU1HqQKvDEBjD/dqg53sdNNSgDr4OKJJcZGyhQCKmIeMYNDH\n gHiATxO9jJzBb5xxc/RMaD9Ci9EiD4v8veAMn4EiGsSwWqmrRXepK5ycPXzLrGLKaHpI\n IDaVuV50SGB9WE2QwLil1Jvsr/7Ib/JplsND+4/CTu/h+zogXrlVnMKtp+J9AD9oPdh3\n +IxUPwVFBNUeccQFNFdQzPyrXRqtIjBmZ5YDRbzIFsPmiUqPxB/zHbRRSQeovK8CSZ8n\n 5vbA==","X-Gm-Message-State":"AOJu0YwzrtBAe67T+ZVD1RkpRK2hG3Q04SltdrwnCEfAM8qWJ1gb1I98\n pQTWZRz5QlUvcSZoc0m8HEoMSHcmnc8nA4kdf5XN8g6nfPTmQWYHu75ASidYgQuw9GxmLhvugZr\n ojJlfJqWVEL1gUBXVehVRBi8qZ/4BnNKZPXU2lnKE4p7KYZ9bmVaZzgUd4NkUn8EmH4IXA00KOw\n Ca50ypFB7icWNCwQ==","X-Gm-Gg":"AeBDietDjCwpkJ4B31zVNaYNP4lhfwMGD5hqmntqT0P71adYieV8LgsujUvEGztr9zy\n TOpSxdFRHqnK/nRXfzGljQY8gkGHJLdWByfYZ3omcVcB1WA2g4Shfgutst59jkLSrrWHyFIngSJ\n 6103KGU1coDShFPV7LAGG3srRL4O3Y72xsNNKglCVeF4ubuRhQGQCRUv2gpUAWa6P5KYh2RzVwY\n d6kLYs+pm4FCXAQfMg2bcBcQV6Ee3J/YMKtTEC9K4oigAQ+vSmX0350IZ+r99vTMLzaZW7FMtFp\n wb3OdQ3l4QsQb6e0GBamlUs66SQe21c29zW+f9lPyWZODhQQIToUCjt5xI5tZxfgWkCoLEV86e3\n epWGlBhQSGvsKTMUg9g70azZQ42IQxK690EILqzN8XdxCUOkqJogCT7DER7OeJix7wxiP4437bR\n Hq8B+RVN3fMkGgZimqIeh5irnLCe5xn0ATw+LgcFUYZ8A8NLUoxPHe2kLyIgCx7X9EzHAskd/aQ\n tSv07p7bj5/qGzsunMyhug=","X-Received":["by 2002:a05:600c:45d4:b0:488:90ac:8f71 with SMTP id\n 5b1f17b1804b1-48a83d66cd4mr39762215e9.5.1777552278324;\n Thu, 30 Apr 2026 05:31:18 -0700 (PDT)","by 2002:a05:600c:45d4:b0:488:90ac:8f71 with SMTP id\n 5b1f17b1804b1-48a83d66cd4mr39761525e9.5.1777552277606;\n Thu, 30 Apr 2026 05:31:17 -0700 (PDT)"],"From":"Massimiliano Pellizzer ","To":"kernel-team@lists.ubuntu.com","Subject":"[SRU][Q][PATCH 1/5] crypto: algif_aead - Revert to operating\n out-of-place","Date":"Thu, 30 Apr 2026 14:30:14 +0200","Message-ID":"\n <323e6bcd1191cc21faadf9ac8323b94fdb803109.1777549821.git.massimiliano.pellizzer@canonical.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"","References":"\n <177754965576.503496.12142658280614619991@tuxedo-infinitybook.public>\n ","MIME-Version":"1.0","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" "},"content":"From: Herbert Xu \n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings. Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.\n\nFixes: 72548b093ee3 (\"crypto: algif_aead - copy AAD from src to dst\")\nReported-by: Taeyang Lee <0wn@theori.io>\nSigned-off-by: Herbert Xu \n(cherry picked from commit a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5)\nCVE-2026-31431\nSigned-off-by: Massimiliano Pellizzer \n---\n crypto/af_alg.c | 49 ++++----------------\n crypto/algif_aead.c | 100 ++++++++--------------------------------\n crypto/algif_skcipher.c | 6 +--\n include/crypto/if_alg.h | 5 +-\n 4 files changed, 34 insertions(+), 126 deletions(-)","diff":"diff --git a/crypto/af_alg.c b/crypto/af_alg.c\nindex 6c271e55f44d..c1306b3cb67d 100644\n--- a/crypto/af_alg.c\n+++ b/crypto/af_alg.c\n@@ -635,15 +635,13 @@ static int af_alg_alloc_tsgl(struct sock *sk)\n /**\n * af_alg_count_tsgl - Count number of TX SG entries\n *\n- * The counting starts from the beginning of the SGL to @bytes. If\n- * an @offset is provided, the counting of the SG entries starts at the @offset.\n+ * The counting starts from the beginning of the SGL to @bytes.\n *\n * @sk: socket of connection to user space\n * @bytes: Count the number of SG entries holding given number of bytes.\n- * @offset: Start the counting of SG entries from the given offset.\n * Return: Number of TX SG entries found given the constraints\n */\n-unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset)\n+unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes)\n {\n \tconst struct alg_sock *ask = alg_sk(sk);\n \tconst struct af_alg_ctx *ctx = ask->private;\n@@ -658,25 +656,11 @@ unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset)\n \t\tconst struct scatterlist *sg = sgl->sg;\n \n \t\tfor (i = 0; i < sgl->cur; i++) {\n-\t\t\tsize_t bytes_count;\n-\n-\t\t\t/* Skip offset */\n-\t\t\tif (offset >= sg[i].length) {\n-\t\t\t\toffset -= sg[i].length;\n-\t\t\t\tbytes -= sg[i].length;\n-\t\t\t\tcontinue;\n-\t\t\t}\n-\n-\t\t\tbytes_count = sg[i].length - offset;\n-\n-\t\t\toffset = 0;\n \t\t\tsgl_count++;\n-\n-\t\t\t/* If we have seen requested number of bytes, stop */\n-\t\t\tif (bytes_count >= bytes)\n+\t\t\tif (sg[i].length >= bytes)\n \t\t\t\treturn sgl_count;\n \n-\t\t\tbytes -= bytes_count;\n+\t\t\tbytes -= sg[i].length;\n \t\t}\n \t}\n \n@@ -688,19 +672,14 @@ EXPORT_SYMBOL_GPL(af_alg_count_tsgl);\n * af_alg_pull_tsgl - Release the specified buffers from TX SGL\n *\n * If @dst is non-null, reassign the pages to @dst. The caller must release\n- * the pages. If @dst_offset is given only reassign the pages to @dst starting\n- * at the @dst_offset (byte). The caller must ensure that @dst is large\n- * enough (e.g. by using af_alg_count_tsgl with the same offset).\n+ * the pages.\n *\n * @sk: socket of connection to user space\n * @used: Number of bytes to pull from TX SGL\n * @dst: If non-NULL, buffer is reassigned to dst SGL instead of releasing. The\n *\t caller must release the buffers in dst.\n- * @dst_offset: Reassign the TX SGL from given offset. All buffers before\n- *\t reaching the offset is released.\n */\n-void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst,\n-\t\t size_t dst_offset)\n+void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst)\n {\n \tstruct alg_sock *ask = alg_sk(sk);\n \tstruct af_alg_ctx *ctx = ask->private;\n@@ -725,18 +704,10 @@ void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst,\n \t\t\t * SG entries in dst.\n \t\t\t */\n \t\t\tif (dst) {\n-\t\t\t\tif (dst_offset >= plen) {\n-\t\t\t\t\t/* discard page before offset */\n-\t\t\t\t\tdst_offset -= plen;\n-\t\t\t\t} else {\n-\t\t\t\t\t/* reassign page to dst after offset */\n-\t\t\t\t\tget_page(page);\n-\t\t\t\t\tsg_set_page(dst + j, page,\n-\t\t\t\t\t\t plen - dst_offset,\n-\t\t\t\t\t\t sg[i].offset + dst_offset);\n-\t\t\t\t\tdst_offset = 0;\n-\t\t\t\t\tj++;\n-\t\t\t\t}\n+\t\t\t\t/* reassign page to dst after offset */\n+\t\t\t\tget_page(page);\n+\t\t\t\tsg_set_page(dst + j, page, plen, sg[i].offset);\n+\t\t\t\tj++;\n \t\t\t}\n \n \t\t\tsg[i].length -= plen;\ndiff --git a/crypto/algif_aead.c b/crypto/algif_aead.c\nindex 79b016a899a1..dda15bb05e89 100644\n--- a/crypto/algif_aead.c\n+++ b/crypto/algif_aead.c\n@@ -26,7 +26,6 @@\n #include \n #include \n #include \n-#include \n #include \n #include \n #include \n@@ -72,9 +71,8 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,\n \tstruct alg_sock *pask = alg_sk(psk);\n \tstruct af_alg_ctx *ctx = ask->private;\n \tstruct crypto_aead *tfm = pask->private;\n-\tunsigned int i, as = crypto_aead_authsize(tfm);\n+\tunsigned int as = crypto_aead_authsize(tfm);\n \tstruct af_alg_async_req *areq;\n-\tstruct af_alg_tsgl *tsgl, *tmp;\n \tstruct scatterlist *rsgl_src, *tsgl_src = NULL;\n \tint err = 0;\n \tsize_t used = 0;\t\t/* [in] TX bufs to be en/decrypted */\n@@ -154,23 +152,24 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,\n \t\toutlen -= less;\n \t}\n \n+\t/*\n+\t * Create a per request TX SGL for this request which tracks the\n+\t * SG entries from the global TX SGL.\n+\t */\n \tprocessed = used + ctx->aead_assoclen;\n-\tlist_for_each_entry_safe(tsgl, tmp, &ctx->tsgl_list, list) {\n-\t\tfor (i = 0; i < tsgl->cur; i++) {\n-\t\t\tstruct scatterlist *process_sg = tsgl->sg + i;\n-\n-\t\t\tif (!(process_sg->length) || !sg_page(process_sg))\n-\t\t\t\tcontinue;\n-\t\t\ttsgl_src = process_sg;\n-\t\t\tbreak;\n-\t\t}\n-\t\tif (tsgl_src)\n-\t\t\tbreak;\n-\t}\n-\tif (processed && !tsgl_src) {\n-\t\terr = -EFAULT;\n+\tareq->tsgl_entries = af_alg_count_tsgl(sk, processed);\n+\tif (!areq->tsgl_entries)\n+\t\tareq->tsgl_entries = 1;\n+\tareq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),\n+\t\t\t\t\t areq->tsgl_entries),\n+\t\t\t\t GFP_KERNEL);\n+\tif (!areq->tsgl) {\n+\t\terr = -ENOMEM;\n \t\tgoto free;\n \t}\n+\tsg_init_table(areq->tsgl, areq->tsgl_entries);\n+\taf_alg_pull_tsgl(sk, processed, areq->tsgl);\n+\ttsgl_src = areq->tsgl;\n \n \t/*\n \t * Copy of AAD from source to destination\n@@ -179,76 +178,15 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,\n \t * when user space uses an in-place cipher operation, the kernel\n \t * will copy the data as it does not see whether such in-place operation\n \t * is initiated.\n-\t *\n-\t * To ensure efficiency, the following implementation ensure that the\n-\t * ciphers are invoked to perform a crypto operation in-place. This\n-\t * is achieved by memory management specified as follows.\n \t */\n \n \t/* Use the RX SGL as source (and destination) for crypto op. */\n \trsgl_src = areq->first_rsgl.sgl.sgt.sgl;\n \n-\tif (ctx->enc) {\n-\t\t/*\n-\t\t * Encryption operation - The in-place cipher operation is\n-\t\t * achieved by the following operation:\n-\t\t *\n-\t\t * TX SGL: AAD || PT\n-\t\t *\t |\t |\n-\t\t *\t | copy |\n-\t\t *\t v\t v\n-\t\t * RX SGL: AAD || PT || Tag\n-\t\t */\n-\t\tmemcpy_sglist(areq->first_rsgl.sgl.sgt.sgl, tsgl_src,\n-\t\t\t processed);\n-\t\taf_alg_pull_tsgl(sk, processed, NULL, 0);\n-\t} else {\n-\t\t/*\n-\t\t * Decryption operation - To achieve an in-place cipher\n-\t\t * operation, the following SGL structure is used:\n-\t\t *\n-\t\t * TX SGL: AAD || CT || Tag\n-\t\t *\t |\t |\t ^\n-\t\t *\t | copy |\t | Create SGL link.\n-\t\t *\t v\t v\t |\n-\t\t * RX SGL: AAD || CT ----+\n-\t\t */\n-\n-\t\t/* Copy AAD || CT to RX SGL buffer for in-place operation. */\n-\t\tmemcpy_sglist(areq->first_rsgl.sgl.sgt.sgl, tsgl_src, outlen);\n-\n-\t\t/* Create TX SGL for tag and chain it to RX SGL. */\n-\t\tareq->tsgl_entries = af_alg_count_tsgl(sk, processed,\n-\t\t\t\t\t\t processed - as);\n-\t\tif (!areq->tsgl_entries)\n-\t\t\tareq->tsgl_entries = 1;\n-\t\tareq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),\n-\t\t\t\t\t\t\t areq->tsgl_entries),\n-\t\t\t\t\t GFP_KERNEL);\n-\t\tif (!areq->tsgl) {\n-\t\t\terr = -ENOMEM;\n-\t\t\tgoto free;\n-\t\t}\n-\t\tsg_init_table(areq->tsgl, areq->tsgl_entries);\n-\n-\t\t/* Release TX SGL, except for tag data and reassign tag data. */\n-\t\taf_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as);\n-\n-\t\t/* chain the areq TX SGL holding the tag with RX SGL */\n-\t\tif (usedpages) {\n-\t\t\t/* RX SGL present */\n-\t\t\tstruct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl;\n-\t\t\tstruct scatterlist *sg = sgl_prev->sgt.sgl;\n-\n-\t\t\tsg_unmark_end(sg + sgl_prev->sgt.nents - 1);\n-\t\t\tsg_chain(sg, sgl_prev->sgt.nents + 1, areq->tsgl);\n-\t\t} else\n-\t\t\t/* no RX SGL present (e.g. authentication only) */\n-\t\t\trsgl_src = areq->tsgl;\n-\t}\n+\tmemcpy_sglist(rsgl_src, tsgl_src, ctx->aead_assoclen);\n \n \t/* Initialize the crypto operation */\n-\taead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,\n+\taead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,\n \t\t\t areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv);\n \taead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);\n \taead_request_set_tfm(&areq->cra_u.aead_req, tfm);\n@@ -450,7 +388,7 @@ static void aead_sock_destruct(struct sock *sk)\n \tstruct crypto_aead *tfm = pask->private;\n \tunsigned int ivlen = crypto_aead_ivsize(tfm);\n \n-\taf_alg_pull_tsgl(sk, ctx->used, NULL, 0);\n+\taf_alg_pull_tsgl(sk, ctx->used, NULL);\n \tsock_kzfree_s(sk, ctx->iv, ivlen);\n \tsock_kfree_s(sk, ctx, ctx->len);\n \taf_alg_release_parent(sk);\ndiff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c\nindex 125d395c5e00..82735e51be10 100644\n--- a/crypto/algif_skcipher.c\n+++ b/crypto/algif_skcipher.c\n@@ -138,7 +138,7 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg,\n \t * Create a per request TX SGL for this request which tracks the\n \t * SG entries from the global TX SGL.\n \t */\n-\tareq->tsgl_entries = af_alg_count_tsgl(sk, len, 0);\n+\tareq->tsgl_entries = af_alg_count_tsgl(sk, len);\n \tif (!areq->tsgl_entries)\n \t\tareq->tsgl_entries = 1;\n \tareq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),\n@@ -149,7 +149,7 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg,\n \t\tgoto free;\n \t}\n \tsg_init_table(areq->tsgl, areq->tsgl_entries);\n-\taf_alg_pull_tsgl(sk, len, areq->tsgl, 0);\n+\taf_alg_pull_tsgl(sk, len, areq->tsgl);\n \n \t/* Initialize the crypto operation */\n \tskcipher_request_set_tfm(&areq->cra_u.skcipher_req, tfm);\n@@ -363,7 +363,7 @@ static void skcipher_sock_destruct(struct sock *sk)\n \tstruct alg_sock *pask = alg_sk(psk);\n \tstruct crypto_skcipher *tfm = pask->private;\n \n-\taf_alg_pull_tsgl(sk, ctx->used, NULL, 0);\n+\taf_alg_pull_tsgl(sk, ctx->used, NULL);\n \tsock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm));\n \tif (ctx->state)\n \t\tsock_kzfree_s(sk, ctx->state, crypto_skcipher_statesize(tfm));\ndiff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h\nindex 107b797c33ec..0cc8fa749f68 100644\n--- a/include/crypto/if_alg.h\n+++ b/include/crypto/if_alg.h\n@@ -230,9 +230,8 @@ static inline bool af_alg_readable(struct sock *sk)\n \treturn PAGE_SIZE <= af_alg_rcvbuf(sk);\n }\n \n-unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset);\n-void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst,\n-\t\t size_t dst_offset);\n+unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes);\n+void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst);\n void af_alg_wmem_wakeup(struct sock *sk);\n int af_alg_wait_for_data(struct sock *sk, unsigned flags, unsigned min);\n int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size,\n","prefixes":["SRU","Q","1/5"]}