summary refs log tree commit diff stats
path: root/results/classifier/gemma3:27b/syscall/2197
diff options
context:
space:
mode:
authorChristian Krinitsin <mail@krinitsin.com>2025-07-06 16:43:19 +0000
committerChristian Krinitsin <mail@krinitsin.com>2025-07-06 16:43:19 +0000
commit238ec2b7cc1557d6f34c33cc482e4d0cd3e266dd (patch)
treecd8a1b75ba7b3543eb7fe6857f408e7be4d9fd0b /results/classifier/gemma3:27b/syscall/2197
parent96049c939b1916d80532630d63c14e04d5244f1d (diff)
downloadqemu-analysis-238ec2b7cc1557d6f34c33cc482e4d0cd3e266dd.tar.gz
qemu-analysis-238ec2b7cc1557d6f34c33cc482e4d0cd3e266dd.zip
add results
Diffstat (limited to 'results/classifier/gemma3:27b/syscall/2197')
-rw-r--r--results/classifier/gemma3:27b/syscall/219761


1 files changed, 61 insertions, 0 deletions
diff --git a/results/classifier/gemma3:27b/syscall/2197 b/results/classifier/gemma3:27b/syscall/2197
new file mode 100644
index 000000000..08119aaf3
--- /dev/null
+++ b/results/classifier/gemma3:27b/syscall/2197
@@ -0,0 +1,61 @@
+
+
+
+qemu user space emulator handles syscall `setsockopt()` with `optlen=0` incorrectly
+Description of problem:
+Note that despite I have only tested with the parameters/environments above, this problem probably **affects ALL architectures on Linux**.
+
+When user program calls `setsockopt(fd, SOL_ALG, ALG_SET_KEY, NULL, 0)`, qemu intercepts the syscall and returns `-1` with `errno = ENOMEM`, which should have completed successfully returning zero.
+Steps to reproduce:
+1. compile this code to binary executable:
+```c
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <linux/if_alg.h>
+
+int create_alg(const char *alg)
+{
+        struct sockaddr_alg salg;
+        int sk;
+
+        sk = socket(PF_ALG, SOCK_SEQPACKET | SOCK_CLOEXEC, 0);
+        if (sk < 0)
+                return -1;
+
+        memset(&salg, 0, sizeof(salg));
+        salg.salg_family = AF_ALG;
+        strcpy((char *) salg.salg_type, "hash");
+        strcpy((char *) salg.salg_name, alg);
+
+        if (bind(sk, (struct sockaddr *) &salg, sizeof(salg)) < 0) {
+                close(sk);
+                return -1;
+        }
+
+        return sk;
+}
+
+int main() {
+        int fd = create_alg("hmac(sha1)");
+        char buf[10];
+        int ret = setsockopt(fd, SOL_ALG, ALG_SET_KEY, NULL, 0);
+        if(ret < 0){
+                perror("err");
+        }
+        else{
+                puts("SUCCESS!");
+        }
+        return 0;
+}
+```
+2. run it in any qemu user space emulator
+
+On real Linux kernel, this program outputs a `SUCCESS!` while in qemu it prints `err: Cannot allocate memory`.
+
+The error is neither informative nor intuitive and could be misleading for user programs.
+Additional information:
+I already have a patch which fixes the issue and I'm willing to send it to mailing list as soon as I have done the testing.