Hello all, While playing around with the fuzz tests on kernelci.org (which has a couple of rk3288 based boards for boot testing), I noticed that the rk3288 cbc mode driver is still broken (both AES and DES fail). For instance, one of the runs failed with alg: skcipher: cbc-aes-rk encryption test failed (wrong result) on test vector \"random: len=6848 klen=32\", cfg=\"random: may_sleep use_digest src_divs=[93.41%@+1655, 2.19%@+3968, 4.40%@+22]\" (but see below for the details of a few runs) However, more importantly, it looks like the driver violates the scatterlist API, by assuming that sg entries are always mapped and that sg_virt() and/or page_address(sg_page()) can always be called on arbitrary scatterlist entries The failures in question all occur with inputs whose size > PAGE_SIZE, so it looks like the PAGE_SIZE limit is interacting poorly with the way the next IV is obtained. Broken CBC is a recipe for disaster, and so this should really be fixed, or the driver disabled. -- Ard. https://storage.kernelci.org/ardb/for-kernelci/v5.3-rc1-195-gd84aa2e87b0e/arm/multi_v7_defconfig/gcc-8/lab-collabora/boot-rk3288-veyron-jaq.html https://storage.kernelci.org/ardb/for-kernelci/v5.3-rc1-195-gd84aa2e87b0e/arm/multi_v7_defconfig+CONFIG_EFI=y+CONFIG_ARM_LPAE=y/gcc-8/lab-collabora/boot-rk3288-veyron-jaq.html https://storage.kernelci.org/ardb/for-kernelci/v5.3-rc1-195-gd84aa2e87b0e/arm/multi_v7_defconfig+CONFIG_SMP=n/gcc-8/lab-collabora/boot-rk3288-veyron-jaq.html