[PATCH v2 0/2] Fix implicit sign conversions in handshake upcall

[PATCH v2 0/2] Fix implicit sign conversions in handshake upcall

[Chuck Lever]

An internal static analysis tool noticed some implicit sign
conversions for some of the arguments in the handshake upcall
protocol.

---

Chuck Lever (2):
      handshake: Fix sign of socket file descriptor fields
      handshake: Fix sign of key_serial_t fields

Changes since v1:
- Rebased on 581512a6dc93 ("vsock/virtio: MSG_ZEROCOPY flag support")

 Documentation/netlink/specs/handshake.yaml |  8 ++++----
 net/handshake/genl.c                       |  2 +-
 net/handshake/netlink.c                    |  2 +-
 net/handshake/tlshd.c                      |  6 +++---
 tools/net/ynl/generated/handshake-user.h   | 10 +++++-----
 5 files changed, 14 insertions(+), 14 deletions(-)

--
Chuck Lever

[PATCH v2 1/2] handshake: Fix sign of socket file descriptor fields

[Chuck Lever]

From: Chuck Lever <chuck.lever@oracle.com>

Socket file descriptors are signed integers. Use nla_get/put_s32 for
those to avoid implicit signed conversion in the netlink protocol.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 Documentation/netlink/specs/handshake.yaml |    4 ++--
 net/handshake/genl.c                       |    2 +-
 net/handshake/netlink.c                    |    2 +-
 net/handshake/tlshd.c                      |    2 +-
 tools/net/ynl/generated/handshake-user.h   |    6 +++---
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Documentation/netlink/specs/handshake.yaml b/Documentation/netlink/specs/handshake.yaml
index 6d89e30f5fd5..a49b46b80e16 100644
--- a/Documentation/netlink/specs/handshake.yaml
+++ b/Documentation/netlink/specs/handshake.yaml
@@ -43,7 +43,7 @@ attribute-sets:
     attributes:
       -
         name: sockfd
-        type: u32
+        type: s32
       -
         name: handler-class
         type: u32
@@ -79,7 +79,7 @@ attribute-sets:
         type: u32
       -
         name: sockfd
-        type: u32
+        type: s32
       -
         name: remote-auth
         type: u32
diff --git a/net/handshake/genl.c b/net/handshake/genl.c
index 233be5cbfec9..f55d14d7b726 100644
--- a/net/handshake/genl.c
+++ b/net/handshake/genl.c
@@ -18,7 +18,7 @@ static const struct nla_policy handshake_accept_nl_policy[HANDSHAKE_A_ACCEPT_HAN
 /* HANDSHAKE_CMD_DONE - do */
 static const struct nla_policy handshake_done_nl_policy[HANDSHAKE_A_DONE_REMOTE_AUTH + 1] = {
 	[HANDSHAKE_A_DONE_STATUS] = { .type = NLA_U32, },
-	[HANDSHAKE_A_DONE_SOCKFD] = { .type = NLA_U32, },
+	[HANDSHAKE_A_DONE_SOCKFD] = { .type = NLA_S32, },
 	[HANDSHAKE_A_DONE_REMOTE_AUTH] = { .type = NLA_U32, },
 };
 
diff --git a/net/handshake/netlink.c b/net/handshake/netlink.c
index d0bc1dd8e65a..64a0046dd611 100644
--- a/net/handshake/netlink.c
+++ b/net/handshake/netlink.c
@@ -163,7 +163,7 @@ int handshake_nl_done_doit(struct sk_buff *skb, struct genl_info *info)
 
 	if (GENL_REQ_ATTR_CHECK(info, HANDSHAKE_A_DONE_SOCKFD))
 		return -EINVAL;
-	fd = nla_get_u32(info->attrs[HANDSHAKE_A_DONE_SOCKFD]);
+	fd = nla_get_s32(info->attrs[HANDSHAKE_A_DONE_SOCKFD]);
 
 	sock = sockfd_lookup(fd, &err);
 	if (!sock)
diff --git a/net/handshake/tlshd.c b/net/handshake/tlshd.c
index bbfb4095ddd6..7ac80201aa1f 100644
--- a/net/handshake/tlshd.c
+++ b/net/handshake/tlshd.c
@@ -214,7 +214,7 @@ static int tls_handshake_accept(struct handshake_req *req,
 		goto out_cancel;
 
 	ret = -EMSGSIZE;
-	ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_SOCKFD, fd);
+	ret = nla_put_s32(msg, HANDSHAKE_A_ACCEPT_SOCKFD, fd);
 	if (ret < 0)
 		goto out_cancel;
 	ret = nla_put_u32(msg, HANDSHAKE_A_ACCEPT_MESSAGE_TYPE, treq->th_type);
diff --git a/tools/net/ynl/generated/handshake-user.h b/tools/net/ynl/generated/handshake-user.h
index 47646bb91cea..f8e481fa9e09 100644
--- a/tools/net/ynl/generated/handshake-user.h
+++ b/tools/net/ynl/generated/handshake-user.h
@@ -65,7 +65,7 @@ struct handshake_accept_rsp {
 		__u32 peername_len;
 	} _present;
 
-	__u32 sockfd;
+	__s32 sockfd;
 	enum handshake_msg_type message_type;
 	__u32 timeout;
 	enum handshake_auth auth_mode;
@@ -104,7 +104,7 @@ struct handshake_done_req {
 	} _present;
 
 	__u32 status;
-	__u32 sockfd;
+	__s32 sockfd;
 	unsigned int n_remote_auth;
 	__u32 *remote_auth;
 };
@@ -122,7 +122,7 @@ handshake_done_req_set_status(struct handshake_done_req *req, __u32 status)
 	req->status = status;
 }
 static inline void
-handshake_done_req_set_sockfd(struct handshake_done_req *req, __u32 sockfd)
+handshake_done_req_set_sockfd(struct handshake_done_req *req, __s32 sockfd)
 {
 	req->_present.sockfd = 1;
 	req->sockfd = sockfd;

[PATCH v2 2/2] handshake: Fix sign of key_serial_t fields

[Chuck Lever]

From: Chuck Lever <chuck.lever@oracle.com>

key_serial_t fields are signed integers. Use nla_get/put_s32 for
those to avoid implicit signed conversion in the netlink protocol.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 Documentation/netlink/specs/handshake.yaml |    4 ++--
 net/handshake/tlshd.c                      |    4 ++--
 tools/net/ynl/generated/handshake-user.h   |    4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Documentation/netlink/specs/handshake.yaml b/Documentation/netlink/specs/handshake.yaml
index a49b46b80e16..b934cc513e3d 100644
--- a/Documentation/netlink/specs/handshake.yaml
+++ b/Documentation/netlink/specs/handshake.yaml
@@ -34,10 +34,10 @@ attribute-sets:
     attributes:
       -
         name: cert
-        type: u32
+        type: s32
       -
         name: privkey
-        type: u32
+        type: s32
   -
     name: accept
     attributes:
diff --git a/net/handshake/tlshd.c b/net/handshake/tlshd.c
index 7ac80201aa1f..d697f68c598c 100644
--- a/net/handshake/tlshd.c
+++ b/net/handshake/tlshd.c
@@ -173,9 +173,9 @@ static int tls_handshake_put_certificate(struct sk_buff *msg,
 	if (!entry_attr)
 		return -EMSGSIZE;
 
-	if (nla_put_u32(msg, HANDSHAKE_A_X509_CERT,
+	if (nla_put_s32(msg, HANDSHAKE_A_X509_CERT,
 			treq->th_certificate) ||
-	    nla_put_u32(msg, HANDSHAKE_A_X509_PRIVKEY,
+	    nla_put_s32(msg, HANDSHAKE_A_X509_PRIVKEY,
 			treq->th_privkey)) {
 		nla_nest_cancel(msg, entry_attr);
 		return -EMSGSIZE;
diff --git a/tools/net/ynl/generated/handshake-user.h b/tools/net/ynl/generated/handshake-user.h
index f8e481fa9e09..2b34acc608de 100644
--- a/tools/net/ynl/generated/handshake-user.h
+++ b/tools/net/ynl/generated/handshake-user.h
@@ -28,8 +28,8 @@ struct handshake_x509 {
 		__u32 privkey:1;
 	} _present;
 
-	__u32 cert;
-	__u32 privkey;
+	__s32 cert;
+	__s32 privkey;
 };
 
 /* ============== HANDSHAKE_CMD_ACCEPT ============== */

Re: [PATCH v2 0/2] Fix implicit sign conversions in handshake upcall

[Simon Horman]

On Thu, Sep 21, 2023 at 09:07:14AM -0400, Chuck Lever wrote:
> An internal static analysis tool noticed some implicit sign
> conversions for some of the arguments in the handshake upcall
> protocol.
> 
> ---

...

For series,

Reviewed-by: Simon Horman <horms@kernel.org>

Re: [PATCH v2 0/2] Fix implicit sign conversions in handshake upcall

[patchwork-bot+netdevbpf]

Hello:

This series was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Thu, 21 Sep 2023 09:07:14 -0400 you wrote:
> An internal static analysis tool noticed some implicit sign
> conversions for some of the arguments in the handshake upcall
> protocol.
> 
> ---
> 
> Chuck Lever (2):
>       handshake: Fix sign of socket file descriptor fields
>       handshake: Fix sign of key_serial_t fields
> 
> [...]

Here is the summary with links:
  - [v2,1/2] handshake: Fix sign of socket file descriptor fields
    https://git.kernel.org/netdev/net-next/c/a6b07a51b161
  - [v2,2/2] handshake: Fix sign of key_serial_t fields
    https://git.kernel.org/netdev/net-next/c/160f404495aa

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html