Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp806244rwd;
        Thu, 15 Jun 2023 02:14:13 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ49AD6eeJi6hFgGKLn5OieXgxED6wZDCm2CGxIRDw5zYEFk5aTphOF4mqt5+sDqr+/boKoj
X-Received: by 2002:a05:6a20:431f:b0:10b:e7d2:9066 with SMTP id h31-20020a056a20431f00b0010be7d29066mr17913232pzk.2.1686820452999;
        Thu, 15 Jun 2023 02:14:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686820452; cv=none;
        d=google.com; s=arc-20160816;
        b=uUvOLKGU4qNr5aO23nDfMpwRyZ1WxG29ayqwzzVGzZQyVTrY6cK+RFON/i1bO03kKx
         Nqogjsro1Hnr4EEuxWNahHnDJIcoSrAoJ62FAxJbF2jcW77cUlxk3ZacC1TXjtFZlZpf
         WqsLHA+gGqHQ9+mbbEF3CxaGI9MBpqlIAzGFlTp1gUlReSJLQN77gPDUTTEGXlskZyJZ
         wPRmsjO6XUsRhMQx9X3EU7uH0jO5cvuvOLLB4jQWfOR/FavpTS7oz5hULEPzFqz0Tths
         h0VC/7t3G9i38lgbjOOFXtw58qBbuMbnWeOlRrFCMiwWFDXjelFiavZ+fU0SuzvQNBCC
         VBzw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=XaHzezx/izXQHwKBlJ3xrPo5ScQ7XIV856/on64RPJo=;
        b=wgUTGM/oR0mbywtKR5ZXO2M0BCrbTiUMb4sdheCqtvnhReyllp/bkfSsKUVOen/pfP
         Qz4v7zAC5PfwHac95PVUVI7oBYzobf3aGw1buVSRnx0KjhUCTPf5tbhx38L7JjeBH3b4
         rhfiZmMFlQCbDFJha28bGqtZ04cxHAUVlnfJvT03LetTDOXIxZoS6cz5cYnlxbnisy1W
         Jrq2Kw/IVGsZA2mFcEKB6LAHg5wAO5ngE4YGkTxMPNzd00gXJAdD/GKxGatCOlt+Hmh5
         I37WmvSSzVw+b0vutqZrPFHiQj0yyzc4WdbD7Aouv+O8yvUVL1Pg63Kp77fxcPmHWjNO
         MvBA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id s16-20020a170902ea1000b001a93c1d66e0si12880247plg.269.2023.06.15.02.13.59;
        Thu, 15 Jun 2023 02:14:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241250AbjFOJNl (ORCPT <rfc822;proase2022@gmail.com> + 99 others);
        Thu, 15 Jun 2023 05:13:41 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50552 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S240706AbjFOJNl (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 15 Jun 2023 05:13:41 -0400
Received: from 167-179-156-38.a7b39c.syd.nbn.aussiebb.net (167-179-156-38.a7b39c.syd.nbn.aussiebb.net [167.179.156.38])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D4BD2119;
        Thu, 15 Jun 2023 02:13:39 -0700 (PDT)
Received: from loth.rohan.me.apana.org.au ([192.168.167.2])
        by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian))
        id 1q9j2n-003GDH-T8; Thu, 15 Jun 2023 17:13:30 +0800
Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Thu, 15 Jun 2023 17:13:29 +0800
Date:   Thu, 15 Jun 2023 17:13:29 +0800
From:   Herbert Xu <herbert@gondor.apana.org.au>
To:     David Howells <dhowells@redhat.com>
Cc:     syzbot <syzbot+13a08c0bf4d212766c3c@syzkaller.appspotmail.com>,
        davem@davemloft.net, linux-crypto@vger.kernel.org,
        linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
        pabeni@redhat.com, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [crypto?] general protection fault in shash_async_final
Message-ID: <ZIrWOe4pG7M3TJic@gondor.apana.org.au>
References: <000000000000b928f705fdeb873a@google.com>
 <1433015.1686741914@warthog.procyon.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1433015.1686741914@warthog.procyon.org.uk>
X-Spam-Status: No, score=2.7 required=5.0 tests=BAYES_00,HELO_DYNAMIC_IPADDR2,
        PDS_RDNS_DYNAMIC_FP,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_PASS,TVD_RCVD_IP,
        T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Wed, Jun 14, 2023 at 12:25:14PM +0100, David Howells wrote:
> Here's a reduced testcase for this.  The key seems to be passing MSG_MORE to
> sendmsg() and then not following up with more data before calling recvmsg().
> Apart from not oopsing, I wonder what the behaviour should be here?  Should
> recvmsg() return an error (EAGAIN or ENODATA maybe) or should it close the
> existing operation?

On send if MSG_MORE is set then we don't finalise the hash.

If the user calls recvmsg while the hash hasn't been finalised, then
we will force finalisation (thus rendering the last MSG_MORE moot).

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt