On Fri, Nov 23, 2018 at 09:05:55AM +0800, PanBian wrote: > > Thanks for your explanation! But I find that the function > crypto_init_spawn just lets spawn->alg point to the algorithm without > increasing the reference count, i.e., alg->cra_refcnt. So I am confused > about how this can protect the algorithm from being freed. Maybe I > missed some key points. Could you please explain it in more details? Oh you're right! This bug was introduced during the skcipher conversion. The spawns are not meant to carry a reference count with them because they are not supposed to stop the underlying algorithm from being removed. So yes we do need to hold a reference count on alg until the instance is registered. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt