From: David Howells <dhowells@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: dhowells@redhat.com,
syzbot <syzbot+13a08c0bf4d212766c3c@syzkaller.appspotmail.com>,
davem@davemloft.net, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
pabeni@redhat.com, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [crypto?] general protection fault in shash_async_final
Date: Fri, 16 Jun 2023 02:03:28 +0100 [thread overview]
Message-ID: <415469.1686877408@warthog.procyon.org.uk> (raw)
In-Reply-To: <ZIrWOe4pG7M3TJic@gondor.apana.org.au>
Hi Herbert,
Here's a slightly more comprehensive test program for the hashing code to
exercise some combinations of sendmsg, sendmsg+MSG_MORE and recvmsg.
David
---
#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>
#include <linux/if_alg.h>
#define OSERROR(R, S) do { if ((long)(R) == -1L) { perror((S)); exit(1); } } while(0)
static int hashfd;
static unsigned char buf[1024], sbuf[1024];
static const unsigned char no_zeros[2] = { 0xe3, 0xb0 };
static const unsigned char one_zero[2] = { 0x6e, 0x34 };
static const unsigned char two_zeros[2] = { 0x96, 0xa2 };
static void do_send(unsigned int n, unsigned int flags)
{
struct msghdr msg;
struct iovec iov[1];
int res;
memset(&msg, 0, sizeof(msg));
iov[0].iov_base = sbuf;
iov[0].iov_len = n;
msg.msg_iov = iov;
msg.msg_iovlen = 1;
res = sendmsg(hashfd, &msg, flags);
OSERROR(res, "sendmsg");
}
static void do_recv(unsigned int ix, const unsigned char r[2])
{
struct msghdr msg;
struct iovec iov[1];
int res, i;
memset(&msg, 0, sizeof(msg));
iov[0].iov_base = buf;
iov[0].iov_len = sizeof(buf);
msg.msg_iov = iov;
msg.msg_iovlen = 1;
res = recvmsg(hashfd, &msg, 0);
OSERROR(res, "recvmsg");
printf("%3u: ", ix);
for (i = 0; i < res; i++)
printf("%02x", buf[i]);
printf("\n");
if (buf[0] != r[0] || buf[1] != r[1])
fprintf(stderr, " ^ Bad result!\n");
}
int main(void)
{
struct sockaddr_alg salg;
int algfd, res;
algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
OSERROR(algfd, "socket");
memset(&salg, 0, sizeof(salg));
salg.salg_family = AF_ALG;
strcpy(salg.salg_type, "hash");
strcpy(salg.salg_name, "sha256");
res = bind(algfd, (struct sockaddr *)&salg, sizeof(salg));
OSERROR(res, "bind/alg");
hashfd = accept4(algfd, NULL, 0, 0);
OSERROR(hashfd, "accept/alg");
//res = setsockopt(3, SOL_ALG, ALG_SET_KEY, NULL, 0);
//OSERROR(res, "setsockopt/ALG_SET_KEY");
/* Test no send */
do_recv(__LINE__, no_zeros);
/* Test single send of 0 */
do_send(0, 0);
do_recv(__LINE__, no_zeros);
do_send(0, MSG_MORE);
do_recv(__LINE__, no_zeros);
/* Test single send of 1 */
do_send(1, 0);
do_recv(__LINE__, one_zero);
do_send(1, MSG_MORE);
do_recv(__LINE__, one_zero);
/* Test single send of 2 */
do_send(2, 0);
do_recv(__LINE__, two_zeros);
do_send(2, MSG_MORE);
do_recv(__LINE__, two_zeros);
/* Test two sends of 1 */
do_send(1, 0);
do_send(1, 0);
do_recv(__LINE__, one_zero);
do_send(1, 0);
do_send(1, MSG_MORE);
do_recv(__LINE__, one_zero);
do_send(1, MSG_MORE);
do_send(1, 0);
do_recv(__LINE__, two_zeros);
do_send(1, MSG_MORE);
do_send(1, MSG_MORE);
do_recv(__LINE__, two_zeros);
/* Test send of 0 then send of 2 */
do_send(0, 0);
do_send(2, 0);
do_recv(__LINE__, two_zeros);
do_send(0, 0);
do_send(2, MSG_MORE);
do_recv(__LINE__, two_zeros);
do_send(0, MSG_MORE);
do_send(2, 0);
do_recv(__LINE__, two_zeros);
do_send(0, MSG_MORE);
do_send(2, MSG_MORE);
do_recv(__LINE__, two_zeros);
/* Test send of 2 then send of 0 */
do_send(2, 0);
do_send(0, 0);
do_recv(__LINE__, no_zeros);
do_send(2, 0);
do_send(0, MSG_MORE);
do_recv(__LINE__, no_zeros);
do_send(2, MSG_MORE);
do_send(0, 0);
do_recv(__LINE__, two_zeros);
do_send(2, MSG_MORE);
do_send(0, MSG_MORE);
do_recv(__LINE__, two_zeros);
return 0;
}
next prev parent reply other threads:[~2023-06-16 1:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-12 9:41 [syzbot] [crypto?] general protection fault in shash_async_final syzbot
2023-06-14 11:25 ` David Howells
2023-06-15 9:13 ` Herbert Xu
2023-06-16 1:03 ` David Howells [this message]
2023-06-14 14:45 ` David Howells
2023-06-14 15:36 ` syzbot
2023-06-16 1:01 ` David Howells
2023-06-16 5:01 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=415469.1686877408@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syzbot+13a08c0bf4d212766c3c@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.