Hi Vadim, Thanks, you are right that v3 still does not answer the main question clearly enough.
What I was trying to address is the BPF kfunc boundary, where bpf_crypto_ctx_create() accepts a BPF-supplied struct and then passes type/algo to string consumers. In the current tree that path reaches strcmp() in bpf_crypto_get_type(), and for the skcipher backend it also reaches crypto_has_skcipher() and crypto_alloc_lskcipher(). That said, your point about the snapshot is fair. v3 conflates the bounded-string issue with a stability/TOCTOU argument, and I have not yet re-verified what argument sources the verifier permits for this kfunc well enough to justify that part. I will not resend this version. I will re-audit the accepted argument types for this kfunc and come back only if I can show a real verifier-reachable failure mode and justify a narrower fix at the BPF kfunc boundary. Otherwise I will drop the patch. Thanks, Pengpeng
