Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp2416882rwd; Fri, 16 Jun 2023 03:35:27 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7u2DG00EoAUu+ZNILNfwoYBf4aYv23lBYRtZazhLc06YuEz6IaYj6eiZilJ2OolS9fVHNc X-Received: by 2002:a17:902:d489:b0:1ae:4567:2737 with SMTP id c9-20020a170902d48900b001ae45672737mr1823940plg.2.1686911727238; Fri, 16 Jun 2023 03:35:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686911727; cv=none; d=google.com; s=arc-20160816; b=jzLaIDaFzBGXIkAKnomQsSB3G6V33A6lfeDzFM2VMIf9PuUkn+S1Y0mIUnMUzd+FRU 3IQdJZTYQuANIklS7KR9ZPGTXzvIGy+BuUC0G0LajPL1/kJhX8K+LxjBiylsEf8wgZ9w DgRQ4CtiRRMtAwjtgIcaztVp1CXs+YOhOnweFzDyz36mAC7w+T+Fza10rmBrzb01rPxu NY1/KIUnyIdNz5whkpGHj4zLW3YHTHw4d16IMVAxVqGucnVOBCymq3lh738cJMnsuLzR I66C1BquYJw8c6UXfmOwkp7zmn6p9cfscCylD/Z0pUsVm4pq7HYNS6fyAXhOqZPRoJSJ yAKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=Oh2/09Z6+fAo9Yd0XUwlr2zfwBfafMC7hEWeDJePpoY=; b=byl8mJOw75Bpog1a+0Zeana9h4/ITN08qVvS9pWQYO1tIDOj7E7+eisoHUVkN6wUcT jYGMhXHKjzJ6eZ5BgVE8zzmdzvHj5FvelpXV8zHYLkCneMCbP5C0Qc3w+TIGoBF4pXfU YAgQdYPqUzFU9ZFzbH2SQUixZ/cztXrs9zyYwMcNTfK9DMiEncMtfhmLfK4A03IyJhbN c6ylveuqjqXw7FpsiFq4a9dCe821EG6FITa4r0GleD4IWnzauxX4LyLx3YcW4GpNvvRP xZtf8Pt+kEXlVfDX5V9ctk/7OeVvb7izNPF49dyMgua00rMr7pctPHl1vMHBES76fxQ5 f1qg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l6-20020a170902f68600b001aafb271d16si2935343plg.461.2023.06.16.03.34.21; Fri, 16 Jun 2023 03:35:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344913AbjFPKeB (ORCPT + 99 others); Fri, 16 Jun 2023 06:34:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56710 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344993AbjFPKdO (ORCPT ); Fri, 16 Jun 2023 06:33:14 -0400 Received: from 167-179-156-38.a7b39c.syd.nbn.aussiebb.net (167-179-156-38.a7b39c.syd.nbn.aussiebb.net [167.179.156.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1888059C1; Fri, 16 Jun 2023 03:28:19 -0700 (PDT) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1qA6fY-003lEH-TO; Fri, 16 Jun 2023 18:27:05 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Fri, 16 Jun 2023 18:27:04 +0800 Date: Fri, 16 Jun 2023 18:27:04 +0800 From: Herbert Xu To: David Howells Cc: netdev@vger.kernel.org, syzbot+13a08c0bf4d212766c3c@syzkaller.appspotmail.com, syzbot+14234ccf6d0ef629ec1a@syzkaller.appspotmail.com, syzbot+4e2e47f32607d0f72d43@syzkaller.appspotmail.com, syzbot+472626bb5e7c59fb768f@syzkaller.appspotmail.com, "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Jens Axboe , Matthew Wilcox , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH net-next] crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE) Message-ID: References: <1679829.1686785273@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1679829.1686785273@warthog.procyon.org.uk> X-Spam-Status: No, score=2.7 required=5.0 tests=BAYES_00,HELO_DYNAMIC_IPADDR2, PDS_RDNS_DYNAMIC_FP,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_PASS,TVD_RCVD_IP, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.6 X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Jun 15, 2023 at 12:27:53AM +0100, David Howells wrote: > > If an AF_ALG socket bound to a hashing algorithm is sent a zero-length > message with MSG_MORE set and then recvmsg() is called without first > sending another message without MSG_MORE set to end the operation, an oops > will occur because the crypto context and result doesn't now get set up in > advance because hash_sendmsg() now defers that as long as possible in the > hope that it can use crypto_ahash_digest() - and then because the message > is zero-length, it the data wrangling loop is skipped. > > Fix this by always making a pass of the loop, even in the case that no data > is provided to the sendmsg(). > > Fix also extract_iter_to_sg() to handle a zero-length iterator by returning > 0 immediately. > > Whilst we're at it, remove the code to create a kvmalloc'd scatterlist if > we get more than ALG_MAX_PAGES - this shouldn't happen. > > Fixes: c662b043cdca ("crypto: af_alg/hash: Support MSG_SPLICE_PAGES") > Reported-by: syzbot+13a08c0bf4d212766c3c@syzkaller.appspotmail.com > Link: https://lore.kernel.org/r/000000000000b928f705fdeb873a@google.com/ > Reported-by: syzbot+14234ccf6d0ef629ec1a@syzkaller.appspotmail.com > Link: https://lore.kernel.org/r/000000000000c047db05fdeb8790@google.com/ > Reported-by: syzbot+4e2e47f32607d0f72d43@syzkaller.appspotmail.com > Link: https://lore.kernel.org/r/000000000000bcca3205fdeb87fb@google.com/ > Reported-by: syzbot+472626bb5e7c59fb768f@syzkaller.appspotmail.com > Link: https://lore.kernel.org/r/000000000000b55d8805fdeb8385@google.com/ > Signed-off-by: David Howells > Tested-by: syzbot+13a08c0bf4d212766c3c@syzkaller.appspotmail.com > Tested-by: syzbot+14234ccf6d0ef629ec1a@syzkaller.appspotmail.com > Tested-by: syzbot+4e2e47f32607d0f72d43@syzkaller.appspotmail.com > Tested-by: syzbot+472626bb5e7c59fb768f@syzkaller.appspotmail.com > cc: Herbert Xu > cc: "David S. Miller" > cc: Eric Dumazet > cc: Jakub Kicinski > cc: Paolo Abeni > cc: Jens Axboe > cc: Matthew Wilcox > cc: linux-crypto@vger.kernel.org > cc: netdev@vger.kernel.org > --- > crypto/algif_hash.c | 21 +++++---------------- > lib/scatterlist.c | 2 +- > 2 files changed, 6 insertions(+), 17 deletions(-) Acked-by: Herbert Xu Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt