From: Thomas Fourier <fourier.thomas@gmail.com>

The `dma_unmap_sg()` functions should be called with the same nents as the
`dma_map_sg()`, not the value the map function returned.

Fixes: c957f8b3e2e5 ("crypto: inside-secure - avoid unmapping DMA memory that was not mapped")
Signed-off-by: Thomas Fourier <fourier.thomas@gmail.com>
---
 drivers/crypto/inside-secure/safexcel_hash.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/inside-secure/safexcel_hash.c b/drivers/crypto/inside-secure/safexcel_hash.c
index d2b632193beb..1ef1ccfaaa95 100644
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -249,7 +249,10 @@ static int safexcel_handle_req_result(struct safexcel_crypto_priv *priv,
 	safexcel_complete(priv, ring);
 
 	if (sreq->nents) {
-		dma_unmap_sg(priv->dev, areq->src, sreq->nents, DMA_TO_DEVICE);
+		dma_unmap_sg(priv->dev,
+			     areq->src,
+			     sg_nents_for_len(areq->src, areq->nbytes),
+			     DMA_TO_DEVICE);
 		sreq->nents = 0;
 	}
 
@@ -497,7 +500,10 @@ static int safexcel_ahash_send_req(struct crypto_async_request *async, int ring,
 			 DMA_FROM_DEVICE);
 unmap_sg:
 	if (req->nents) {
-		dma_unmap_sg(priv->dev, areq->src, req->nents, DMA_TO_DEVICE);
+		dma_unmap_sg(priv->dev,
+			     areq->src,
+			     sg_nents_for_len(areq->src, areq->nbytes),
+			     DMA_TO_DEVICE);
 		req->nents = 0;
 	}
 cdesc_rollback:
-- 
2.43.0

IMO the patch subject could be improved, to remove the ` and to be more
descriptive. E.g.

"crypto: inside-secure: unmap DMA buffers using the original number of entries"

On Thu, Jun 19, 2025 at 05:28:36PM +0200, fourier.thomas@gmail.com wrote:
> 
> diff --git a/drivers/crypto/inside-secure/safexcel_hash.c b/drivers/crypto/inside-secure/safexcel_hash.c
> index d2b632193beb..1ef1ccfaaa95 100644
> --- a/drivers/crypto/inside-secure/safexcel_hash.c
> +++ b/drivers/crypto/inside-secure/safexcel_hash.c
> @@ -249,7 +249,10 @@ static int safexcel_handle_req_result(struct safexcel_crypto_priv *priv,
>  	safexcel_complete(priv, ring);
>  
>  	if (sreq->nents) {
> -		dma_unmap_sg(priv->dev, areq->src, sreq->nents, DMA_TO_DEVICE);
> +		dma_unmap_sg(priv->dev,
> +			     areq->src,
> +			     sg_nents_for_len(areq->src, areq->nbytes),
> +			     DMA_TO_DEVICE);

No need to put 'areq->src,' on a new line.

>  		sreq->nents = 0;
>  	}
>  
> @@ -497,7 +500,10 @@ static int safexcel_ahash_send_req(struct crypto_async_request *async, int ring,
>  			 DMA_FROM_DEVICE);
>  unmap_sg:
>  	if (req->nents) {
> -		dma_unmap_sg(priv->dev, areq->src, req->nents, DMA_TO_DEVICE);
> +		dma_unmap_sg(priv->dev,
> +			     areq->src,
> +			     sg_nents_for_len(areq->src, areq->nbytes),
> +			     DMA_TO_DEVICE);

Same here.

Otherwise this looks good to me. With those fixed, you can add:

Reviewed-by: Antoine Tenart <atenart@kernel.org>

Thanks!