On Tue, Jan 10, 2023 at 08:19:16PM +0100, Linus Walleij wrote: > > +static void stm32_hash_emptymsg_fallback(struct ahash_request *req) > +{ > + struct crypto_ahash *ahash = crypto_ahash_reqtfm(req); > + struct stm32_hash_ctx *ctx = crypto_ahash_ctx(ahash); > + struct stm32_hash_request_ctx *rctx = ahash_request_ctx(req); > + struct stm32_hash_dev *hdev = rctx->hdev; > + struct crypto_shash *xtfm; > + struct shash_desc *sdesc; > + size_t len; > + int ret; > + > + dev_dbg(hdev->dev, "use fallback message size 0 key size %d\n", > + ctx->keylen); > + xtfm = crypto_alloc_shash(crypto_ahash_alg_name(ahash), > + 0, CRYPTO_ALG_NEED_FALLBACK); > + if (IS_ERR(xtfm)) { > + dev_err(hdev->dev, "failed to allocate synchronous fallback\n"); > + return; > + } > + > + len = sizeof(*sdesc) + crypto_shash_descsize(xtfm); > + sdesc = kmalloc(len, GFP_KERNEL); > + if (!sdesc) > + goto err_hashkey_sdesc; > + sdesc->tfm = xtfm; > + > + if (ctx->keylen) { > + ret = crypto_shash_setkey(xtfm, ctx->key, ctx->keylen); > + if (ret) { > + dev_err(hdev->dev, "failed to set key ret=%d\n", ret); > + goto err_hashkey; > + } > + } > + > + ret = crypto_shash_init(sdesc); > + if (ret) { > + dev_err(hdev->dev, "shash init error ret=%d\n", ret); > + goto err_hashkey; > + } > + > + ret = crypto_shash_finup(sdesc, NULL, 0, rctx->digest); > + if (ret) > + dev_err(hdev->dev, "shash finup error\n"); > +err_hashkey: > + kfree(sdesc); > +err_hashkey_sdesc: > + crypto_free_shash(xtfm); > +} Calling crypto_alloc_shash is not allowed in this context. For example, we might have been called down from the block layer due to swapping. Even if you intermediate this with kernel threads, it still doesn't change the nature of the dead-lock. So if you need a fallback for zero-length messages, just allocate it unconditionally in the init_tfm function. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt