On Sat, Jul 31, 2021 at 11:26:34AM +0800, Kai Ye wrote: > > @@ -2218,6 +2219,10 @@ static int sec_aead_spec_check(struct sec_ctx *ctx, struct sec_req *sreq) > } > > if (c_mode == SEC_CMODE_CCM) { > + if (unlikely(req->assoclen > SEC_MAX_CCM_AAD_LEN)) { > + dev_err(dev, "CCM input aad parameter is too long!\n"); > + return -EINVAL; > + } You shouldn't be printing messages on a code path that can be triggered by userspace without rate limit. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt