[PATCH 2/3] net/tls: fix sign extension issue when left shifting u16 value

[Daniel Jurgens]

From: Colin Ian King <colin.king at canonical.com>

Left shifting the u16 value promotes it to a int and then it
gets sign extended to a u64.  If len << 16 is greater than 0x7fffffff
then the upper bits get set to 1 because of the implicit sign extension.
Fix this by casting len to u64 before shifting it.

Addresses-Coverity: ("integer handling issues")
Fixes: ed9b7646b06a ("net/tls: Add asynchronous resync")
Signed-off-by: Colin Ian King <colin.king at canonical.com>
Reviewed-by: Tariq Toukan <tariqt at mellanox.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit a6ed3ebca49b62d7a917287b9986feff4e9fa7b1)
Signed-off-by: Daniel Jurgens <danielj at nvidia.com>
---
 include/net/tls.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/net/tls.h b/include/net/tls.h
index e70dc8b..8885daf 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -662,7 +662,7 @@ static inline void tls_offload_rx_resync_request(struct sock *sk, __be32 seq)
 	struct tls_offload_context_rx *rx_ctx = tls_offload_ctx_rx(tls_ctx);
 
 	atomic64_set(&rx_ctx->resync_async->req, ((u64)ntohl(seq) << 32) |
-		     (len << 16) | RESYNC_REQ | RESYNC_REQ_ASYNC);
+		     ((u64)len << 16) | RESYNC_REQ | RESYNC_REQ_ASYNC);
 	rx_ctx->resync_async->loglen = 0;
 }
 
-- 
1.8.3.1