Hello I have a problem when using a simple md5 tfm. When I use the data that ahash_request_ctx() give me, it will cause random crash when removing the module later. I do not understand it, because .cra_ctxsize seems to be rightly used. The very simplified POC code will follow, it register a fake md5 implementation. If I remove the op->mode = 0, I can modprobe/rmmod for ever without problem. With it, rmmod will segfault in 2 or 3 tries, so it is this write that is the source of the problem. I have try to debug, but I cannot find where __ctx (the pointer returned by ahash_request_ctx) is allocated. Does I am right when saying: ahash_request_ctx() return the pointer to a structure of size equal to cra_ctxsize allocated for each request ? Thanks in advance Best regards #include <linux/clk.h> #include <linux/crypto.h> #include <linux/io.h> #include <linux/module.h> #include <linux/of.h> #include <linux/platform_device.h> #include <crypto/scatterwalk.h> #include <linux/scatterlist.h> #include <linux/interrupt.h> #include <linux/delay.h> #include <crypto/md5.h> #include <crypto/sha.h> #include <crypto/hash.h> #include <crypto/internal/hash.h> struct sunxi_req_ctx { u8 key[32 * 8]; u32 keylen; u32 mode; u64 byte_count; u32 waitbuf; unsigned int nbwait; }; int fake_init(struct ahash_request *areq) { struct sunxi_req_ctx *op = ahash_request_ctx(areq); /* this is the location of action that cause the crash */ op->mode = 0; op->nbwait = 0; return 0; } int fake_update(struct ahash_request *areq) { return 0; } int fake_final(struct ahash_request *areq) { return 0; } int fake_finup(struct ahash_request *areq) { fake_init(areq); return 0; } int fake_digest(struct ahash_request *areq) { fake_init(areq); return 0; } static struct ahash_alg sunxi_md5_alg = { .init = fake_init, .update = fake_update, .final = fake_final, .finup = fake_finup, .digest = fake_digest, .halg = { .digestsize = MD5_DIGEST_SIZE, .base = { .cra_name = "md5", .cra_driver_name = "md5-sunxi-ss", .cra_priority = 300, .cra_alignmask = 3, .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC, .cra_blocksize = MD5_HMAC_BLOCK_SIZE, .cra_ctxsize = sizeof(struct sunxi_req_ctx), .cra_module = THIS_MODULE, .cra_type = &crypto_ahash_type } } }; static int sunxi_ss_md5_init(void) { int err = 0; err = crypto_register_ahash(&sunxi_md5_alg); if (err) pr_err("crypto_register_alg error for MD5\n"); else pr_info("Registred MD5\n"); return err; } static void __exit sunxi_ss_md5_exit(void) { crypto_unregister_ahash(&sunxi_md5_alg); } module_init(sunxi_ss_md5_init); module_exit(sunxi_ss_md5_exit); MODULE_DESCRIPTION("test MD5 module"); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Corentin LABBE <clabbe.montjoie@xxxxxxxxx>"); -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html