Am Donnerstag, 16. März 2017, 10:52:48 CET schrieb Herbert Xu: Hi Herbert, > > First of all you're only limiting the amount of memory occupied > by the SG list which is not the same thing as the memory pinned > down by the actual recvmsg. When considering af_alg_make_sg, the function iov_iter_get_pages is used to obtain the user space pages for recvmsg. When looking closely at that function, I would understand that the user space pages are pinned into memory and made accessible from kernel space. That said, I would infer from the code that no kernel-local memory is allocated for the real data. Similar to zero- copy, pages are shared between kernel and user that will hold the crypto operation result (ciphertext for enc or plaintext for dec). Therefore, I would infer that the memory usage of the discussed code is limited to the skcipher_rsgl meta data which is limited by sock_kmalloc. This finally would imply that the kernel will not occupy more memory than allocated by sock_kmalloc. Or am I missing something? Thanks Stephan