Re: [syzbot] [crypto?] general protection fault in cryptd_hash_export

From: David Howells
Date: Wed Jun 14 2023 - 08:05:45 EST


Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

> David, the logic for calling hash_alloc_result looks quite different
> from that on whether you do the hash finalisation. I'd suggest that
> you change them to use the same check, and also set use NULL instead
> of ctx->result if you didn't call hash_alloc_result.

I don't fully understand what the upstream hash_sendmsg() is doing. Take this
bit for example:

if (!ctx->more) {
if ((msg->msg_flags & MSG_MORE))
hash_free_result(sk, ctx);

Why is it freeing the old result only if MSG_MORE is now set, but wasn't set
on the last sendmsg()?

David