net/tls: fix sign extension issue when left shifting u16 value

Left shifting the u16 value promotes it to a int and then it
gets sign extended to a u64.  If len << 16 is greater than 0x7fffffff
then the upper bits get set to 1 because of the implicit sign extension.
Fix this by casting len to u64 before shifting it.

Addresses-Coverity: ("integer handling issues")
Fixes: ed9b7646b06a ("net/tls: Add asynchronous resync")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/tls.h b/include/net/tls.h
index c875c0a..e5dac7e 100644 (file)
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -637,7 +637,7 @@ tls_offload_rx_resync_async_request_start(struct sock *sk, __be32 seq, u16 len)
        struct tls_offload_context_rx *rx_ctx = tls_offload_ctx_rx(tls_ctx);
 
        atomic64_set(&rx_ctx->resync_async->req, ((u64)ntohl(seq) << 32) |
-                    (len << 16) | RESYNC_REQ | RESYNC_REQ_ASYNC);
+                    ((u64)len << 16) | RESYNC_REQ | RESYNC_REQ_ASYNC);
        rx_ctx->resync_async->loglen = 0;
 }