From: David Howells <dhowells@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: dhowells@redhat.com,
syzbot <syzbot+13a08c0bf4d212766c3c@syzkaller.appspotmail.com>,
davem@davemloft.net, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
pabeni@redhat.com, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [crypto?] general protection fault in shash_async_final
Date: Fri, 16 Jun 2023 02:03:28 +0100 [thread overview]
Message-ID: <415469.1686877408@warthog.procyon.org.uk> (raw)
In-Reply-To: <ZIrWOe4pG7M3TJic@gondor.apana.org.au>
Hi Herbert,
Here's a slightly more comprehensive test program for the hashing code to
exercise some combinations of sendmsg, sendmsg+MSG_MORE and recvmsg.
David
---
#define _GNU_SOURCE
#include <endian.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>
#include <linux/if_alg.h>
#define OSERROR(R, S) do { if ((long)(R) == -1L) { perror((S)); exit(1); } } while(0)
static int hashfd;
static unsigned char buf[1024], sbuf[1024];
static const unsigned char no_zeros[2] = { 0xe3, 0xb0 };
static const unsigned char one_zero[2] = { 0x6e, 0x34 };
static const unsigned char two_zeros[2] = { 0x96, 0xa2 };
static void do_send(unsigned int n, unsigned int flags)
{
struct msghdr msg;
struct iovec iov[1];
int res;
memset(&msg, 0, sizeof(msg));
iov[0].iov_base = sbuf;
iov[0].iov_len = n;
msg.msg_iov = iov;
msg.msg_iovlen = 1;
res = sendmsg(hashfd, &msg, flags);
OSERROR(res, "sendmsg");
}
static void do_recv(unsigned int ix, const unsigned char r[2])
{
struct msghdr msg;
struct iovec iov[1];
int res, i;
memset(&msg, 0, sizeof(msg));
iov[0].iov_base = buf;
iov[0].iov_len = sizeof(buf);
msg.msg_iov = iov;
msg.msg_iovlen = 1;
res = recvmsg(hashfd, &msg, 0);
OSERROR(res, "recvmsg");
printf("%3u: ", ix);
for (i = 0; i < res; i++)
printf("%02x", buf[i]);
printf("\n");
if (buf[0] != r[0] || buf[1] != r[1])
fprintf(stderr, " ^ Bad result!\n");
}
int main(void)
{
struct sockaddr_alg salg;
int algfd, res;
algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
OSERROR(algfd, "socket");
memset(&salg, 0, sizeof(salg));
salg.salg_family = AF_ALG;
strcpy(salg.salg_type, "hash");
strcpy(salg.salg_name, "sha256");
res = bind(algfd, (struct sockaddr *)&salg, sizeof(salg));
OSERROR(res, "bind/alg");
hashfd = accept4(algfd, NULL, 0, 0);
OSERROR(hashfd, "accept/alg");
//res = setsockopt(3, SOL_ALG, ALG_SET_KEY, NULL, 0);
//OSERROR(res, "setsockopt/ALG_SET_KEY");
/* Test no send */
do_recv(__LINE__, no_zeros);
/* Test single send of 0 */
do_send(0, 0);
do_recv(__LINE__, no_zeros);
do_send(0, MSG_MORE);
do_recv(__LINE__, no_zeros);
/* Test single send of 1 */
do_send(1, 0);
do_recv(__LINE__, one_zero);
do_send(1, MSG_MORE);
do_recv(__LINE__, one_zero);
/* Test single send of 2 */
do_send(2, 0);
do_recv(__LINE__, two_zeros);
do_send(2, MSG_MORE);
do_recv(__LINE__, two_zeros);
/* Test two sends of 1 */
do_send(1, 0);
do_send(1, 0);
do_recv(__LINE__, one_zero);
do_send(1, 0);
do_send(1, MSG_MORE);
do_recv(__LINE__, one_zero);
do_send(1, MSG_MORE);
do_send(1, 0);
do_recv(__LINE__, two_zeros);
do_send(1, MSG_MORE);
do_send(1, MSG_MORE);
do_recv(__LINE__, two_zeros);
/* Test send of 0 then send of 2 */
do_send(0, 0);
do_send(2, 0);
do_recv(__LINE__, two_zeros);
do_send(0, 0);
do_send(2, MSG_MORE);
do_recv(__LINE__, two_zeros);
do_send(0, MSG_MORE);
do_send(2, 0);
do_recv(__LINE__, two_zeros);
do_send(0, MSG_MORE);
do_send(2, MSG_MORE);
do_recv(__LINE__, two_zeros);
/* Test send of 2 then send of 0 */
do_send(2, 0);
do_send(0, 0);
do_recv(__LINE__, no_zeros);
do_send(2, 0);
do_send(0, MSG_MORE);
do_recv(__LINE__, no_zeros);
do_send(2, MSG_MORE);
do_send(0, 0);
do_recv(__LINE__, two_zeros);
do_send(2, MSG_MORE);
do_send(0, MSG_MORE);
do_recv(__LINE__, two_zeros);
return 0;
}
next prev parent reply other threads:[~2023-06-16 1:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-12 9:41 [syzbot] [crypto?] general protection fault in shash_async_final syzbot
2023-06-14 11:25 ` David Howells
2023-06-15 9:13 ` Herbert Xu
2023-06-16 1:03 ` David Howells [this message]
2023-06-14 14:45 ` David Howells
2023-06-14 15:36 ` syzbot
2023-06-16 1:01 ` David Howells
2023-06-16 5:01 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=415469.1686877408@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syzbot+13a08c0bf4d212766c3c@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox