{"id":2231521,"url":"http://patchwork.ozlabs.org/api/patches/2231521/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/46ebb67fc01871fad3c4838a3edbbcdebdf5b565.1777576834.git.massimiliano.pellizzer@canonical.com/","project":{"id":15,"url":"http://patchwork.ozlabs.org/api/projects/15/?format=json","name":"Ubuntu Kernel","link_name":"ubuntu-kernel","list_id":"kernel-team.lists.ubuntu.com","list_email":"kernel-team@lists.ubuntu.com","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<46ebb67fc01871fad3c4838a3edbbcdebdf5b565.1777576834.git.massimiliano.pellizzer@canonical.com>","list_archive_url":null,"date":"2026-04-30T19:28:14","name":"[SRU,N,v2,3/9] crypto: algif_aead - Revert to operating out-of-place","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"48ae849e61eb5f6fdccd36c6ff03f1f4a40d1ff5","submitter":{"id":89057,"url":"http://patchwork.ozlabs.org/api/people/89057/?format=json","name":"Massimiliano Pellizzer","email":"massimiliano.pellizzer@canonical.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/ubuntu-kernel/patch/46ebb67fc01871fad3c4838a3edbbcdebdf5b565.1777576834.git.massimiliano.pellizzer@canonical.com/mbox/","series":[{"id":502367,"url":"http://patchwork.ozlabs.org/api/series/502367/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/list/?series=502367","date":"2026-04-30T19:28:11","name":"CVE-2026-31431","version":2,"mbox":"http://patchwork.ozlabs.org/series/502367/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2231521/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2231521/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=Jg8QZrMN;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g644D6rJPz1yJr\n\tfor ; Fri, 01 May 2026 05:29:32 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from )\n\tid 1wIX4h-000258-18; Thu, 30 Apr 2026 19:29:27 +0000","from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from )\n id 1wIX4e-0001vX-HA\n for kernel-team@lists.ubuntu.com; Thu, 30 Apr 2026 19:29:24 +0000","from mail-wr1-f72.google.com (mail-wr1-f72.google.com\n [209.85.221.72])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 55C583FE9F\n for ; Thu, 30 Apr 2026 19:29:24 +0000 (UTC)","by mail-wr1-f72.google.com with SMTP id\n ffacd0b85a97d-43cfedb10a8so779950f8f.1\n for ; Thu, 30 Apr 2026 12:29:24 -0700 (PDT)","from tuxedo-infinitybook (net-93-71-66-38.cust.vodafonedsl.it.\n [93.71.66.38]) by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-448e74324a5sm8133217f8f.12.2026.04.30.12.29.22\n for \n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 30 Apr 2026 12:29:22 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1777577364;\n bh=ATGiKVgg5hBg1V668lM/Kw2xGBusG3VkOLSUqAS4l8s=;\n h=From:To:Subject:Date:Message-ID:In-Reply-To:References:\n MIME-Version;\n b=Jg8QZrMNHEDMDfcM1PGgYEqaSwqujn2Uz2B3VHSQEzfrmR+e1goKD4wwsxlUC6JWA\n UW9jmiTEpg6Dus+7SMpoIjHJV5xRJ7zY24Y0vVS5rifGFeNqE7fAk++q8T3i1fmlYE\n KRKWruvnEHIPPsI1CVbio1HUK1QOnq7WeFxBuhKYkDhWyGuPoo159HB1cGHIIQCBVZ\n GuW/bEGcx3htANhxvTEKDb9U9SkUum83zJVUImi914F8MpptEGpqsaZskS1mdHYJub\n 7P7OAKmcY5M2D57AfTs5IhwhcMVlUR8PEpgPiYJRp6MrTqP/x4+wRnpqTsvRdBNf4I\n IwHeI6Rb7GpP9oNoBLPDUj53I07pfnZVA/cIBBn6YnBRl9fRs7iNX20G61kvh1HOis\n IYuPuDDtMTwyDaeQ86ZVaFMjtL+3fLkFRgO/NLWxLMeCOFRwHTCLJ/Z7Y0WeYqgM4E\n vR0THg2uXbW2rYnO2YdutiDedXC3xbh0tF0hnsX64zeoo9yOYRmI9QMH7w8jEJTfhS\n dxPq+XrG26vC87SYz6kNissoTXJz3rqUNv9NIZMp2keXc4AvjrreIRHL5vdPiUbAKK\n Un1cfCA2/vSx3OQg53KHNNQzpU62286LA96f4z1f9YzCR6GcL2hYaLN3jEXbdYZomT\n Mz4y9pzpte/aiyBbL8HB+Si0=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777577363; x=1778182163;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to\n :cc:subject:date:message-id:reply-to;\n bh=ATGiKVgg5hBg1V668lM/Kw2xGBusG3VkOLSUqAS4l8s=;\n b=FqbOEnO6Qk4LwnCzveHymXHuwvDwbcUqbZk8+/Sjn+h6MfbHxZmRJiMB3DDFhgUzPe\n j6aFQGokBZVpUQ3Boj6wPxCGrJ4kyIynZpeq2ASWNGW9GMn6BvN/oYAMKMjmD0CPZKlx\n 3VQ/mQvdZ6nw5TmFKnzFOcdPp5+Q5swH2/iBQfr+SSvwMkvMrEcOR5kdb/yn2TPraNx7\n 43v7eR2dOZzzr5S0gxkXHYbFkTe+HwKlq+SAkuI6pXKSytpz0pSxfhTDvMilot8iY0rd\n zQ5eH9yOYCOBXnRvyx1xOCEAAZx2zZVsNowQc/PkGCtVdh0kZoInrj0iedxqu9wgJTR0\n oPjA==","X-Gm-Message-State":"AOJu0YwZhAN1/QiNux/+w6pbMuJeoWKt3p7amAUDuQLd+v6Ls4bvGnGT\n +zCDviFZzKmKS9AKdcHXMIoGzOHWdOLLS+kQJo234VPfXVKNkT28/rEStSym/WGdWvYPhcHpqaL\n gqtFVRrRxs33NY83Lrary/NcZiL+5DTUXhr4/hG7D70FsaGhsAgiBBpeUcP08NXaRiaCqwp7IBO\n b6qPjyVlMT5UBg0w==","X-Gm-Gg":"AeBDiesp8dMJfMbZxx6jSvi0D5dryftf09vNT3qPl8rf5A8JnpPbGPni+kzf11akU2h\n 0rAw29QrA/2V6fbMQRe53+Pd1kwmjYt7rAv9Sw7WQSz8492OGjwGgqEixcXdlvPax1hVB3XCUPc\n 3/bNqbBlu9aqNH/M8l1r5KcIoORzHfP4H4RspG6vu0q++/whY+hE4T/yttrZsJuy80azF5uiJOg\n Ui4KqLqW38bObe0FxmaNj2fJ5oHVItd4OPspATSc5cGriDnEH1za1z3G/n152nTYWWEIf55tkiu\n ACrI+NDaccXib//F/jp7DQLuGMVs1LrAzi5JpisrTEZD+oHBReGLTo48wGKLF2xYvSd8v/CPiiE\n LNZOwcY4uuXo8qZi/AX9h0obNmrXyC4yJn14X5LXSzCs5L7YAXks/Urvuzwy5nhpUl2W7ouxJYo\n eoa3Dm19RGFmhauDTpzuq2Fves9yVsJp/0jAn0wDutnz2ogh3v7R4c9n+7KnmZLu2n0P1ZcI6UK\n fplPc+uyFYP8w==","X-Received":["by 2002:a05:6000:24c5:b0:43d:71f4:7ed5 with SMTP id\n ffacd0b85a97d-4493cc3fdffmr7400520f8f.17.1777577363484;\n Thu, 30 Apr 2026 12:29:23 -0700 (PDT)","by 2002:a05:6000:24c5:b0:43d:71f4:7ed5 with SMTP id\n ffacd0b85a97d-4493cc3fdffmr7400484f8f.17.1777577362912;\n Thu, 30 Apr 2026 12:29:22 -0700 (PDT)"],"From":"Massimiliano Pellizzer ","To":"kernel-team@lists.ubuntu.com","Subject":"[SRU][N][PATCH v2 3/9] crypto: algif_aead - Revert to operating\n out-of-place","Date":"Thu, 30 Apr 2026 21:28:14 +0200","Message-ID":"\n <46ebb67fc01871fad3c4838a3edbbcdebdf5b565.1777576834.git.massimiliano.pellizzer@canonical.com>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"","References":"\n <177757626672.818044.11792928639290212185@tuxedo-infinitybook.public>\n ","MIME-Version":"1.0","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" "},"content":"From: Herbert Xu \n\ncommit a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 upstream.\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings. Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.\n\nFixes: 72548b093ee3 (\"crypto: algif_aead - copy AAD from src to dst\")\nReported-by: Taeyang Lee <0wn@theori.io>\nSigned-off-by: Herbert Xu \nSigned-off-by: Eric Biggers \nSigned-off-by: Greg Kroah-Hartman \n(cherry picked from commit 8b88d99341f139e23bdeb1027a2a3ae10d341d82 linux-6.12.y)\nCVE-2026-31431\nSigned-off-by: Massimiliano Pellizzer \n---\n crypto/af_alg.c | 49 ++++----------------\n crypto/algif_aead.c | 100 ++++++++--------------------------------\n crypto/algif_skcipher.c | 6 +--\n include/crypto/if_alg.h | 5 +-\n 4 files changed, 34 insertions(+), 126 deletions(-)","diff":"diff --git a/crypto/af_alg.c b/crypto/af_alg.c\nindex 3d0b7542f771..cab04b009d03 100644\n--- a/crypto/af_alg.c\n+++ b/crypto/af_alg.c\n@@ -634,15 +634,13 @@ static int af_alg_alloc_tsgl(struct sock *sk)\n /**\n * af_alg_count_tsgl - Count number of TX SG entries\n *\n- * The counting starts from the beginning of the SGL to @bytes. If\n- * an @offset is provided, the counting of the SG entries starts at the @offset.\n+ * The counting starts from the beginning of the SGL to @bytes.\n *\n * @sk: socket of connection to user space\n * @bytes: Count the number of SG entries holding given number of bytes.\n- * @offset: Start the counting of SG entries from the given offset.\n * Return: Number of TX SG entries found given the constraints\n */\n-unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset)\n+unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes)\n {\n \tconst struct alg_sock *ask = alg_sk(sk);\n \tconst struct af_alg_ctx *ctx = ask->private;\n@@ -657,25 +655,11 @@ unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset)\n \t\tconst struct scatterlist *sg = sgl->sg;\n \n \t\tfor (i = 0; i < sgl->cur; i++) {\n-\t\t\tsize_t bytes_count;\n-\n-\t\t\t/* Skip offset */\n-\t\t\tif (offset >= sg[i].length) {\n-\t\t\t\toffset -= sg[i].length;\n-\t\t\t\tbytes -= sg[i].length;\n-\t\t\t\tcontinue;\n-\t\t\t}\n-\n-\t\t\tbytes_count = sg[i].length - offset;\n-\n-\t\t\toffset = 0;\n \t\t\tsgl_count++;\n-\n-\t\t\t/* If we have seen requested number of bytes, stop */\n-\t\t\tif (bytes_count >= bytes)\n+\t\t\tif (sg[i].length >= bytes)\n \t\t\t\treturn sgl_count;\n \n-\t\t\tbytes -= bytes_count;\n+\t\t\tbytes -= sg[i].length;\n \t\t}\n \t}\n \n@@ -687,19 +671,14 @@ EXPORT_SYMBOL_GPL(af_alg_count_tsgl);\n * af_alg_pull_tsgl - Release the specified buffers from TX SGL\n *\n * If @dst is non-null, reassign the pages to @dst. The caller must release\n- * the pages. If @dst_offset is given only reassign the pages to @dst starting\n- * at the @dst_offset (byte). The caller must ensure that @dst is large\n- * enough (e.g. by using af_alg_count_tsgl with the same offset).\n+ * the pages.\n *\n * @sk: socket of connection to user space\n * @used: Number of bytes to pull from TX SGL\n * @dst: If non-NULL, buffer is reassigned to dst SGL instead of releasing. The\n *\t caller must release the buffers in dst.\n- * @dst_offset: Reassign the TX SGL from given offset. All buffers before\n- *\t reaching the offset is released.\n */\n-void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst,\n-\t\t size_t dst_offset)\n+void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst)\n {\n \tstruct alg_sock *ask = alg_sk(sk);\n \tstruct af_alg_ctx *ctx = ask->private;\n@@ -724,18 +703,10 @@ void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst,\n \t\t\t * SG entries in dst.\n \t\t\t */\n \t\t\tif (dst) {\n-\t\t\t\tif (dst_offset >= plen) {\n-\t\t\t\t\t/* discard page before offset */\n-\t\t\t\t\tdst_offset -= plen;\n-\t\t\t\t} else {\n-\t\t\t\t\t/* reassign page to dst after offset */\n-\t\t\t\t\tget_page(page);\n-\t\t\t\t\tsg_set_page(dst + j, page,\n-\t\t\t\t\t\t plen - dst_offset,\n-\t\t\t\t\t\t sg[i].offset + dst_offset);\n-\t\t\t\t\tdst_offset = 0;\n-\t\t\t\t\tj++;\n-\t\t\t\t}\n+\t\t\t\t/* reassign page to dst after offset */\n+\t\t\t\tget_page(page);\n+\t\t\t\tsg_set_page(dst + j, page, plen, sg[i].offset);\n+\t\t\t\tj++;\n \t\t\t}\n \n \t\t\tsg[i].length -= plen;\ndiff --git a/crypto/algif_aead.c b/crypto/algif_aead.c\nindex 79b016a899a1..dda15bb05e89 100644\n--- a/crypto/algif_aead.c\n+++ b/crypto/algif_aead.c\n@@ -26,7 +26,6 @@\n #include \n #include \n #include \n-#include \n #include \n #include \n #include \n@@ -72,9 +71,8 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,\n \tstruct alg_sock *pask = alg_sk(psk);\n \tstruct af_alg_ctx *ctx = ask->private;\n \tstruct crypto_aead *tfm = pask->private;\n-\tunsigned int i, as = crypto_aead_authsize(tfm);\n+\tunsigned int as = crypto_aead_authsize(tfm);\n \tstruct af_alg_async_req *areq;\n-\tstruct af_alg_tsgl *tsgl, *tmp;\n \tstruct scatterlist *rsgl_src, *tsgl_src = NULL;\n \tint err = 0;\n \tsize_t used = 0;\t\t/* [in] TX bufs to be en/decrypted */\n@@ -154,23 +152,24 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,\n \t\toutlen -= less;\n \t}\n \n+\t/*\n+\t * Create a per request TX SGL for this request which tracks the\n+\t * SG entries from the global TX SGL.\n+\t */\n \tprocessed = used + ctx->aead_assoclen;\n-\tlist_for_each_entry_safe(tsgl, tmp, &ctx->tsgl_list, list) {\n-\t\tfor (i = 0; i < tsgl->cur; i++) {\n-\t\t\tstruct scatterlist *process_sg = tsgl->sg + i;\n-\n-\t\t\tif (!(process_sg->length) || !sg_page(process_sg))\n-\t\t\t\tcontinue;\n-\t\t\ttsgl_src = process_sg;\n-\t\t\tbreak;\n-\t\t}\n-\t\tif (tsgl_src)\n-\t\t\tbreak;\n-\t}\n-\tif (processed && !tsgl_src) {\n-\t\terr = -EFAULT;\n+\tareq->tsgl_entries = af_alg_count_tsgl(sk, processed);\n+\tif (!areq->tsgl_entries)\n+\t\tareq->tsgl_entries = 1;\n+\tareq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),\n+\t\t\t\t\t areq->tsgl_entries),\n+\t\t\t\t GFP_KERNEL);\n+\tif (!areq->tsgl) {\n+\t\terr = -ENOMEM;\n \t\tgoto free;\n \t}\n+\tsg_init_table(areq->tsgl, areq->tsgl_entries);\n+\taf_alg_pull_tsgl(sk, processed, areq->tsgl);\n+\ttsgl_src = areq->tsgl;\n \n \t/*\n \t * Copy of AAD from source to destination\n@@ -179,76 +178,15 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,\n \t * when user space uses an in-place cipher operation, the kernel\n \t * will copy the data as it does not see whether such in-place operation\n \t * is initiated.\n-\t *\n-\t * To ensure efficiency, the following implementation ensure that the\n-\t * ciphers are invoked to perform a crypto operation in-place. This\n-\t * is achieved by memory management specified as follows.\n \t */\n \n \t/* Use the RX SGL as source (and destination) for crypto op. */\n \trsgl_src = areq->first_rsgl.sgl.sgt.sgl;\n \n-\tif (ctx->enc) {\n-\t\t/*\n-\t\t * Encryption operation - The in-place cipher operation is\n-\t\t * achieved by the following operation:\n-\t\t *\n-\t\t * TX SGL: AAD || PT\n-\t\t *\t |\t |\n-\t\t *\t | copy |\n-\t\t *\t v\t v\n-\t\t * RX SGL: AAD || PT || Tag\n-\t\t */\n-\t\tmemcpy_sglist(areq->first_rsgl.sgl.sgt.sgl, tsgl_src,\n-\t\t\t processed);\n-\t\taf_alg_pull_tsgl(sk, processed, NULL, 0);\n-\t} else {\n-\t\t/*\n-\t\t * Decryption operation - To achieve an in-place cipher\n-\t\t * operation, the following SGL structure is used:\n-\t\t *\n-\t\t * TX SGL: AAD || CT || Tag\n-\t\t *\t |\t |\t ^\n-\t\t *\t | copy |\t | Create SGL link.\n-\t\t *\t v\t v\t |\n-\t\t * RX SGL: AAD || CT ----+\n-\t\t */\n-\n-\t\t/* Copy AAD || CT to RX SGL buffer for in-place operation. */\n-\t\tmemcpy_sglist(areq->first_rsgl.sgl.sgt.sgl, tsgl_src, outlen);\n-\n-\t\t/* Create TX SGL for tag and chain it to RX SGL. */\n-\t\tareq->tsgl_entries = af_alg_count_tsgl(sk, processed,\n-\t\t\t\t\t\t processed - as);\n-\t\tif (!areq->tsgl_entries)\n-\t\t\tareq->tsgl_entries = 1;\n-\t\tareq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),\n-\t\t\t\t\t\t\t areq->tsgl_entries),\n-\t\t\t\t\t GFP_KERNEL);\n-\t\tif (!areq->tsgl) {\n-\t\t\terr = -ENOMEM;\n-\t\t\tgoto free;\n-\t\t}\n-\t\tsg_init_table(areq->tsgl, areq->tsgl_entries);\n-\n-\t\t/* Release TX SGL, except for tag data and reassign tag data. */\n-\t\taf_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as);\n-\n-\t\t/* chain the areq TX SGL holding the tag with RX SGL */\n-\t\tif (usedpages) {\n-\t\t\t/* RX SGL present */\n-\t\t\tstruct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl;\n-\t\t\tstruct scatterlist *sg = sgl_prev->sgt.sgl;\n-\n-\t\t\tsg_unmark_end(sg + sgl_prev->sgt.nents - 1);\n-\t\t\tsg_chain(sg, sgl_prev->sgt.nents + 1, areq->tsgl);\n-\t\t} else\n-\t\t\t/* no RX SGL present (e.g. authentication only) */\n-\t\t\trsgl_src = areq->tsgl;\n-\t}\n+\tmemcpy_sglist(rsgl_src, tsgl_src, ctx->aead_assoclen);\n \n \t/* Initialize the crypto operation */\n-\taead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,\n+\taead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,\n \t\t\t areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv);\n \taead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);\n \taead_request_set_tfm(&areq->cra_u.aead_req, tfm);\n@@ -450,7 +388,7 @@ static void aead_sock_destruct(struct sock *sk)\n \tstruct crypto_aead *tfm = pask->private;\n \tunsigned int ivlen = crypto_aead_ivsize(tfm);\n \n-\taf_alg_pull_tsgl(sk, ctx->used, NULL, 0);\n+\taf_alg_pull_tsgl(sk, ctx->used, NULL);\n \tsock_kzfree_s(sk, ctx->iv, ivlen);\n \tsock_kfree_s(sk, ctx, ctx->len);\n \taf_alg_release_parent(sk);\ndiff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c\nindex 02cea2149504..3c45d982afca 100644\n--- a/crypto/algif_skcipher.c\n+++ b/crypto/algif_skcipher.c\n@@ -138,7 +138,7 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg,\n \t * Create a per request TX SGL for this request which tracks the\n \t * SG entries from the global TX SGL.\n \t */\n-\tareq->tsgl_entries = af_alg_count_tsgl(sk, len, 0);\n+\tareq->tsgl_entries = af_alg_count_tsgl(sk, len);\n \tif (!areq->tsgl_entries)\n \t\tareq->tsgl_entries = 1;\n \tareq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),\n@@ -149,7 +149,7 @@ static int _skcipher_recvmsg(struct socket *sock, struct msghdr *msg,\n \t\tgoto free;\n \t}\n \tsg_init_table(areq->tsgl, areq->tsgl_entries);\n-\taf_alg_pull_tsgl(sk, len, areq->tsgl, 0);\n+\taf_alg_pull_tsgl(sk, len, areq->tsgl);\n \n \t/* Initialize the crypto operation */\n \tskcipher_request_set_tfm(&areq->cra_u.skcipher_req, tfm);\n@@ -363,7 +363,7 @@ static void skcipher_sock_destruct(struct sock *sk)\n \tstruct alg_sock *pask = alg_sk(psk);\n \tstruct crypto_skcipher *tfm = pask->private;\n \n-\taf_alg_pull_tsgl(sk, ctx->used, NULL, 0);\n+\taf_alg_pull_tsgl(sk, ctx->used, NULL);\n \tsock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm));\n \tif (ctx->state)\n \t\tsock_kzfree_s(sk, ctx->state, crypto_skcipher_statesize(tfm));\ndiff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h\nindex 7d191c52050d..844930bb6783 100644\n--- a/include/crypto/if_alg.h\n+++ b/include/crypto/if_alg.h\n@@ -229,9 +229,8 @@ static inline bool af_alg_readable(struct sock *sk)\n \treturn PAGE_SIZE <= af_alg_rcvbuf(sk);\n }\n \n-unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset);\n-void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst,\n-\t\t size_t dst_offset);\n+unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes);\n+void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst);\n void af_alg_wmem_wakeup(struct sock *sk);\n int af_alg_wait_for_data(struct sock *sk, unsigned flags, unsigned min);\n int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size,\n","prefixes":["SRU","N","v2","3/9"]}