Re: [PATCH 2/3] crypto: inside-secure: add EIP93 ESP packet backend
From: Simon Horman
Date: Wed May 27 2026 - 06:08:44 EST
On Sat, May 23, 2026 at 09:15:21PM +0900, Jihong Min wrote:
> Expose an EIP93 packet-mode IPsec backend for netdev drivers that need
> ESP encapsulation and decapsulation offload without advertising EIP93
> itself as a netdev.
>
> Add provider selection, capability reporting, SA lifecycle management,
> IPsec request completion, and provider fault notification around the
> existing EIP93 descriptor path.
>
> Assisted-by: Codex:gpt-5.5
> Signed-off-by: Jihong Min <hurryman2212@xxxxxxxxx>
...
> diff --git a/drivers/crypto/inside-secure/eip93/eip93-ipsec.c b/drivers/crypto/inside-secure/eip93/eip93-ipsec.c
...
> +static void eip93_ipsec_abort_requests(struct eip93_ipsec *ipsec, int err)
> +{
> + struct eip93_ipsec_sa *sa;
> +
> + while (true) {
> + bool found = false;
> +
> + spin_lock_bh(&ipsec->lock);
> + list_for_each_entry(sa, &ipsec->sa_list, node) {
> + spin_lock(&sa->lock);
> + if (sa->aborting) {
> + spin_unlock(&sa->lock);
> + continue;
> + }
> +
> + sa->aborting = true;
> + found = refcount_inc_not_zero(&sa->refcnt);
> + spin_unlock(&sa->lock);
> + if (found)
> + break;
> + }
> + spin_unlock_bh(&ipsec->lock);
> + if (!found)
> + return;
> +
> + eip93_ipsec_abort_sa(sa, err);
> + eip93_ipsec_sa_put(sa);
sa is the iterator for the list_for_each_entry loop.
However, here it is used outside of that context.
"If list_for_each_entry, etc complete a traversal of the list, the
iterator variable ends up pointing to an address at an offset from
the list head, and not a meaningful structure. Thus this value
should not be used after the end of the iterator.
https://www.spinics.net/lists/linux-kernel-janitors/msg11994.html
Flagged by Coccinelle.
> + }
> +}
...