[syzbot] [crypto?] general protection fault in cryptd_hash_export

[syzbot] [crypto?] general protection fault in cryptd_hash_export

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    ded5c1a16ec6 Merge branch 'tools-ynl-gen-code-gen-improvem..
git tree:       net-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=104cdef1280000
kernel config:  https://syzkaller.appspot.com/x/.config?x=526f919910d4a671
dashboard link: https://syzkaller.appspot.com/bug?extid=e79818f5c12416aba9de
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=13c6193b280000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=16c7a795280000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ffd66beb6784/disk-ded5c1a1.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e7336ae5a7bf/vmlinux-ded5c1a1.xz
kernel image: https://storage.googleapis.com/syzbot-assets/10ded02dc7e2/bzImage-ded5c1a1.xz

The issue was bisected to:

commit c662b043cdca89bf0f03fc37251000ac69a3a548
Author: David Howells <dhowells@redhat.com>
Date:   Tue Jun 6 13:08:56 2023 +0000

    crypto: af_alg/hash: Support MSG_SPLICE_PAGES

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=11cfc8d9280000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=13cfc8d9280000
console output: https://syzkaller.appspot.com/x/log.txt?x=15cfc8d9280000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e79818f5c12416aba9de@syzkaller.appspotmail.com
Fixes: c662b043cdca ("crypto: af_alg/hash: Support MSG_SPLICE_PAGES")

general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
CPU: 1 PID: 5003 Comm: syz-executor195 Not tainted 6.4.0-rc5-syzkaller-00929-gded5c1a16ec6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
RIP: 0010:crypto_shash_alg include/crypto/hash.h:827 [inline]
RIP: 0010:crypto_shash_export include/crypto/hash.h:956 [inline]
RIP: 0010:cryptd_hash_export+0x47/0xa0 crypto/cryptd.c:636
Code: 00 fc ff df 4c 89 e2 48 c1 ea 03 80 3c 02 00 75 4e 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 60 48 8d 7b 20 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 40 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 20 48 8d
RSP: 0018:ffffc90003acfd48 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000004 RSI: ffffffff83e46723 RDI: 0000000000000020
RBP: ffff888015a96528 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: ffffffff81d71db5 R12: ffff88802945bb08
R13: 0000000000000001 R14: ffff88801aba6000 R15: ffff8880220c1648
FS:  0000555556eb3300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020004e80 CR3: 0000000076861000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 crypto_ahash_export include/crypto/hash.h:523 [inline]
 hash_accept+0x229/0x670 crypto/algif_hash.c:286
 do_accept+0x380/0x510 net/socket.c:1871
 __sys_accept4_file net/socket.c:1912 [inline]
 __sys_accept4+0x9a/0x120 net/socket.c:1942
 __do_sys_accept4 net/socket.c:1953 [inline]
 __se_sys_accept4 net/socket.c:1950 [inline]
 __x64_sys_accept4+0x97/0x100 net/socket.c:1950
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f6a9d4eac09
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff241f3198 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6a9d4eac09
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f6a9d4aedb0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6a9d4aee40
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:crypto_shash_alg include/crypto/hash.h:827 [inline]
RIP: 0010:crypto_shash_export include/crypto/hash.h:956 [inline]
RIP: 0010:cryptd_hash_export+0x47/0xa0 crypto/cryptd.c:636
Code: 00 fc ff df 4c 89 e2 48 c1 ea 03 80 3c 02 00 75 4e 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 60 48 8d 7b 20 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 40 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 20 48 8d
RSP: 0018:ffffc90003acfd48 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000004 RSI: ffffffff83e46723 RDI: 0000000000000020
RBP: ffff888015a96528 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: ffffffff81d71db5 R12: ffff88802945bb08
R13: 0000000000000001 R14: ffff88801aba6000 R15: ffff8880220c1648
FS:  0000555556eb3300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555a4edc6008 CR3: 0000000076861000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	df 4c 89 e2          	fisttps -0x1e(%rcx,%rcx,4)
   4:	48 c1 ea 03          	shr    $0x3,%rdx
   8:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   c:	75 4e                	jne    0x5c
   e:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  15:	fc ff df
  18:	48 8b 5b 60          	mov    0x60(%rbx),%rbx
  1c:	48 8d 7b 20          	lea    0x20(%rbx),%rdi
  20:	48 89 fa             	mov    %rdi,%rdx
  23:	48 c1 ea 03          	shr    $0x3,%rdx
* 27:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2b:	75 40                	jne    0x6d
  2d:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  34:	fc ff df
  37:	48 8b 5b 20          	mov    0x20(%rbx),%rbx
  3b:	48                   	rex.W
  3c:	8d                   	.byte 0x8d


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection

If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [crypto?] general protection fault in cryptd_hash_export

[Herbert Xu]

On Mon, Jun 12, 2023 at 02:43:45AM -0700, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    ded5c1a16ec6 Merge branch 'tools-ynl-gen-code-gen-improvem..
> git tree:       net-next
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=104cdef1280000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=526f919910d4a671
> dashboard link: https://syzkaller.appspot.com/bug?extid=e79818f5c12416aba9de
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=13c6193b280000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=16c7a795280000
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/ffd66beb6784/disk-ded5c1a1.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/e7336ae5a7bf/vmlinux-ded5c1a1.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/10ded02dc7e2/bzImage-ded5c1a1.xz
> 
> The issue was bisected to:
> 
> commit c662b043cdca89bf0f03fc37251000ac69a3a548
> Author: David Howells <dhowells@redhat.com>
> Date:   Tue Jun 6 13:08:56 2023 +0000
> 
>     crypto: af_alg/hash: Support MSG_SPLICE_PAGES

David, the logic for calling hash_alloc_result looks quite different
from that on whether you do the hash finalisation.  I'd suggest that
you change them to use the same check, and also set use NULL instead
of ctx->result if you didn't call hash_alloc_result.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [syzbot] [crypto?] general protection fault in cryptd_hash_export

[David Howells]

Herbert Xu <herbert@gondor.apana.org.au> wrote:

> David, the logic for calling hash_alloc_result looks quite different
> from that on whether you do the hash finalisation.  I'd suggest that
> you change them to use the same check, and also set use NULL instead
> of ctx->result if you didn't call hash_alloc_result.

I don't fully understand what the upstream hash_sendmsg() is doing.  Take this
bit for example:

	if (!ctx->more) {
		if ((msg->msg_flags & MSG_MORE))
			hash_free_result(sk, ctx);

Why is it freeing the old result only if MSG_MORE is now set, but wasn't set
on the last sendmsg()?

David

Re: [syzbot] [crypto?] general protection fault in cryptd_hash_export

[David Howells]

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git main

    crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE)
    
    If an AF_ALG socket bound to a hashing algorithm is sent a zero-length
    message with MSG_MORE set and then recvmsg() is called without first
    sending another message without MSG_MORE set to end the operation, an oops
    will occur because the crypto context and result doesn't now get set up in
    advance because hash_sendmsg() now defers that as long as possible in the
    hope that it can use crypto_ahash_digest() - and then because the message
    is zero-length, it the data wrangling loop is skipped.
    
    Fix this by always making a pass of the loop, even in the case that no data
    is provided to the sendmsg().
    
    Fix also extract_iter_to_sg() to handle a zero-length iterator by returning
    0 immediately.
    
    Whilst we're at it, remove the code to create a kvmalloc'd scatterlist if
    we get more than ALG_MAX_PAGES - this shouldn't happen.
    
    Fixes: c662b043cdca ("crypto: af_alg/hash: Support MSG_SPLICE_PAGES")
    Reported-by: syzbot+13a08c0bf4d212766c3c@syzkaller.appspotmail.com
    Link: https://lore.kernel.org/r/000000000000b928f705fdeb873a@google.com/
    Signed-off-by: David Howells <dhowells@redhat.com>
    cc: Herbert Xu <herbert@gondor.apana.org.au>
    cc: "David S. Miller" <davem@davemloft.net>
    cc: Eric Dumazet <edumazet@google.com>
    cc: Jakub Kicinski <kuba@kernel.org>
    cc: Paolo Abeni <pabeni@redhat.com>
    cc: Jens Axboe <axboe@kernel.dk>
    cc: Matthew Wilcox <willy@infradead.org>
    cc: linux-crypto@vger.kernel.org
    cc: netdev@vger.kernel.org

diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index dfb048cefb60..1176533a55c9 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -83,26 +83,14 @@ static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
 
 	ctx->more = false;
 
-	while (msg_data_left(msg)) {
+	do {
 		ctx->sgl.sgt.sgl = ctx->sgl.sgl;
 		ctx->sgl.sgt.nents = 0;
 		ctx->sgl.sgt.orig_nents = 0;
 
 		err = -EIO;
 		npages = iov_iter_npages(&msg->msg_iter, max_pages);
-		if (npages == 0)
-			goto unlock_free;
-
-		if (npages > ARRAY_SIZE(ctx->sgl.sgl)) {
-			err = -ENOMEM;
-			ctx->sgl.sgt.sgl =
-				kvmalloc(array_size(npages,
-						    sizeof(*ctx->sgl.sgt.sgl)),
-					 GFP_KERNEL);
-			if (!ctx->sgl.sgt.sgl)
-				goto unlock_free;
-		}
-		sg_init_table(ctx->sgl.sgl, npages);
+		sg_init_table(ctx->sgl.sgl, max_t(size_t, npages, 1));
 
 		ctx->sgl.need_unpin = iov_iter_extract_will_pin(&msg->msg_iter);
 
@@ -111,7 +99,8 @@ static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
 		if (err < 0)
 			goto unlock_free;
 		len = err;
-		sg_mark_end(ctx->sgl.sgt.sgl + ctx->sgl.sgt.nents - 1);
+		if (len > 0)
+			sg_mark_end(ctx->sgl.sgt.sgl + ctx->sgl.sgt.nents - 1);
 
 		if (!msg_data_left(msg)) {
 			err = hash_alloc_result(sk, ctx);
@@ -148,7 +137,7 @@ static int hash_sendmsg(struct socket *sock, struct msghdr *msg,
 
 		copied += len;
 		af_alg_free_sg(&ctx->sgl);
-	}
+	} while (msg_data_left(msg));
 
 	ctx->more = msg->msg_flags & MSG_MORE;
 	err = 0;
diff --git a/lib/scatterlist.c b/lib/scatterlist.c
index e97d7060329e..77a7b18ee751 100644
--- a/lib/scatterlist.c
+++ b/lib/scatterlist.c
@@ -1340,7 +1340,7 @@ ssize_t extract_iter_to_sg(struct iov_iter *iter, size_t maxsize,
 			   struct sg_table *sgtable, unsigned int sg_max,
 			   iov_iter_extraction_t extraction_flags)
 {
-	if (maxsize == 0)
+	if (!maxsize || !iter->count)
 		return 0;
 
 	switch (iov_iter_type(iter)) {

Re: [syzbot] [crypto?] general protection fault in cryptd_hash_export

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+e79818f5c12416aba9de@syzkaller.appspotmail.com

Tested on:

commit:         fa0e21fa rtnetlink: extend RTEXT_FILTER_SKIP_STATS to ..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=12ae3673280000
kernel config:  https://syzkaller.appspot.com/x/.config?x=526f919910d4a671
dashboard link: https://syzkaller.appspot.com/bug?extid=e79818f5c12416aba9de
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch:          https://syzkaller.appspot.com/x/patch.diff?x=172d9e8b280000

Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [crypto?] general protection fault in cryptd_hash_export

[syzbot]

syzbot suspects this issue was fixed by commit:

commit 30c3d3b70aba2464ee8c91025e91428f92464077
Author: Mario Limonciello <mario.limonciello@amd.com>
Date:   Tue May 30 16:57:59 2023 +0000

    drm/amd: Disallow s0ix without BIOS support again

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=13ad506ea80000
start commit:   ded5c1a16ec6 Merge branch 'tools-ynl-gen-code-gen-improvem..
git tree:       net-next
kernel config:  https://syzkaller.appspot.com/x/.config?x=526f919910d4a671
dashboard link: https://syzkaller.appspot.com/bug?extid=e79818f5c12416aba9de
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=13c6193b280000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=16c7a795280000

If the result looks correct, please mark the issue as fixed by replying with:

#syz fix: drm/amd: Disallow s0ix without BIOS support again

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

Re: [syzbot] [crypto?] general protection fault in cryptd_hash_export

[Aleksandr Nogikh]

On Tue, Jul 25, 2023 at 2:57 PM syzbot
<syzbot+e79818f5c12416aba9de@syzkaller.appspotmail.com> wrote:
>
> syzbot suspects this issue was fixed by commit:
>
> commit 30c3d3b70aba2464ee8c91025e91428f92464077
> Author: Mario Limonciello <mario.limonciello@amd.com>
> Date:   Tue May 30 16:57:59 2023 +0000
>
>     drm/amd: Disallow s0ix without BIOS support again
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=13ad506ea80000
> start commit:   ded5c1a16ec6 Merge branch 'tools-ynl-gen-code-gen-improvem..
> git tree:       net-next
> kernel config:  https://syzkaller.appspot.com/x/.config?x=526f919910d4a671
> dashboard link: https://syzkaller.appspot.com/bug?extid=e79818f5c12416aba9de
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=13c6193b280000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=16c7a795280000
>
> If the result looks correct, please mark the issue as fixed by replying with:

No, that's rather unlikely.

>
> #syz fix: drm/amd: Disallow s0ix without BIOS support again
>
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000009eae2406014f451d%40google.com.

Re: [syzbot] [crypto?] general protection fault in cryptd_hash_export

[David Howells]

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git b6d972f6898308fbe7e693bf8d44ebfdb1cd2dc4

Re: [syzbot] [crypto?] general protection fault in cryptd_hash_export

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+e79818f5c12416aba9de@syzkaller.appspotmail.com

Tested on:

commit:         b6d972f6 crypto: af_alg/hash: Fix recvmsg() after send..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=11736cbea80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=2cdac84c489b934f
dashboard link: https://syzkaller.appspot.com/bug?extid=e79818f5c12416aba9de
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40

Note: no patches were applied.
Note: testing is done by a robot and is best-effort only.

Re: [syzbot] [crypto?] general protection fault in cryptd_hash_export

[David Howells]

#syz fix: crypto: af_alg/hash: Fix recvmsg() after sendmsg(MSG_MORE)