On Fri, May 22, 2026 at 07:01:42PM +0000, Sam James wrote: > nx_crypto_ctx_shash_exit calls nx_crypto_ctx_exit with crypto_shash_ctx(...) > but crypto_shash_ctx gives a nx_crypto_ctx *, not a crypto_tfm *. > > Fix the type in nx_crypto_ctx_exit and drop the bogus crypto_tfm_ctx > call. > > This fixes the following oops: > > BUG: Unable to handle kernel data access at 0xc0403effffffffc8 > Faulting instruction address: 0xc000000000396cb4 > Oops: Kernel access of bad area, sig: 11 [#15] > Call Trace: > nx_crypto_ctx_shash_exit+0x24/0x60 > crypto_shash_exit_tfm+0x28/0x40 > crypto_destroy_tfm+0x98/0x140 > crypto_exit_ahash_using_shash+0x20/0x40 > crypto_destroy_tfm+0x98/0x140 > hash_release+0x1c/0x30 > alg_sock_destruct+0x38/0x60 > __sk_destruct+0x48/0x2b0 > af_alg_release+0x58/0xb0 > __sock_release+0x68/0x150 > sock_close+0x20/0x40 > __fput+0x110/0x3a0 > sys_close+0x48/0xa0 > system_call_exception+0x140/0x2d0 > system_call_common+0xf4/0x258 > > .. which came from hardlink(1) opportunistically using AF_ALG. > > The same problem exists with nx_crypto_ctx_skcipher_exit getting a context > it wasn't expecting, but apparently nobody hit that for years. > > Cc: Eric Biggers <[email protected]> > Fixes: bfd9efddf990 ("crypto: nx - convert AES-ECB to skcipher API") > Fixes: 9420e628e7d8 ("crypto: nx - Use API partial block handling") > Reported-by: Calvin Buckley <[email protected]> > Tested-by: Calvin Buckley <[email protected]> > Suggested-by: Brad Spengler <[email protected]> > Signed-off-by: Sam James <[email protected]>
Acked-by: Breno Leitao <[email protected]>
