)]}'
{
  "commit": "6b22d433aa13f68e3cd9534ca9a5f4277bfa01c2",
  "tree": "e8e926a1c27f5312ef13eb3c86a60b44817c95ab",
  "parents": [
    "9015985b5eb1a90eb86caf5bce1dfcf1aa38f8ad"
  ],
  "author": {
    "name": "Chuck Lever",
    "email": "chuck.lever@oracle.com",
    "time": "Mon May 25 12:51:17 2026 -0400"
  },
  "committer": {
    "name": "Paolo Abeni",
    "email": "pabeni@redhat.com",
    "time": "Thu May 28 13:35:31 2026 +0200"
  },
  "message": "net/handshake: Pass negative errno through handshake_complete()\n\nhandshake_complete() declares status as unsigned int and\ntls_handshake_done() negates that value (-status) before handing\nit to the TLS consumer. Consumers match on negative errno\nconstants -- xs_tls_handshake_done() has\n\n\tswitch (status) {\n\tcase 0:\n\tcase -EACCES:\n\tcase -ETIMEDOUT:\n\t\tlower_transport-\u003exprt_err \u003d status;\n\t\tbreak;\n\tdefault:\n\t\tlower_transport-\u003exprt_err \u003d -EACCES;\n\t}\n\nso the API as designed expects callers to pass positive errno\nvalues that the tlshd shim then negates.\n\nThree internal callers in handshake_nl_accept_doit(), the\nnet-exit drain, and a kunit test follow kernel convention and\npass negative errnos -- -EIO, -ETIMEDOUT, -ETIMEDOUT. The\nimplicit conversion to unsigned int turns -ETIMEDOUT into\n0xFFFFFF92; the subsequent -status in tls_handshake_done()\nwraps back to 110, the consumer\u0027s switch falls through, and\nthe xprt reports -EACCES on what should be -ETIMEDOUT or -EIO.\n\nFix the API rather than the call sites. The natural kernel\nconvention is negative errno in, negative errno out. Change\nhandshake_complete() and hp_done to take int status, drop the\nnegation in tls_handshake_done(), and negate once in\nhandshake_nl_done_doit() where status arrives from the wire\nas an unsigned netlink attribute. The three internal callers\nwere already correct under that convention and need no change.\n\nAt the same wire boundary, declare MAX_ERRNO as the netlink\npolicy upper bound for HANDSHAKE_A_DONE_STATUS. Attribute\nvalidation rejects out-of-range values before\nhandshake_nl_done_doit() runs, and negating a bounded u32 there\nstays within int range -- closing the UBSAN-visible signed-\ninteger overflow that an unconstrained u32 would invoke.\n\nFixes: 3b3009ea8abb (\"net/handshake: Create a NETLINK service for handling handshake requests\")\nSigned-off-by: Chuck Lever \u003cchuck.lever@oracle.com\u003e\nReviewed-by: Hannes Reinecke \u003chare@kernel.org\u003e\nLink: https://patch.msgid.link/20260525-handshake-file-pin-v3-3-66c616906ead@oracle.com\nSigned-off-by: Paolo Abeni \u003cpabeni@redhat.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "95c3fade7a8d7b818a15198593f6a0f59bafb489",
      "old_mode": 33188,
      "old_path": "Documentation/netlink/specs/handshake.yaml",
      "new_id": "1024297b38513ac9f1554f9353327ea23cf4d90d",
      "new_mode": 33188,
      "new_path": "Documentation/netlink/specs/handshake.yaml"
    },
    {
      "type": "modify",
      "old_id": "8706126094915dc5a99c38050fb5666be0ef5735",
      "old_mode": 33188,
      "old_path": "net/handshake/genl.c",
      "new_id": "4b20cd9cdd0e096fea503c192d4fe4d6a144e88b",
      "new_mode": 33188,
      "new_path": "net/handshake/genl.c"
    },
    {
      "type": "modify",
      "old_id": "8d3e18672dafcf4e1d20c3e621b0c9af970367a4",
      "old_mode": 33188,
      "old_path": "net/handshake/genl.h",
      "new_id": "46b65f131669a66ecca9201f5f6469b21e0c0ab1",
      "new_mode": 33188,
      "new_path": "net/handshake/genl.h"
    },
    {
      "type": "modify",
      "old_id": "55442b2f518afbc2a845b4108cbcabd27f8d17fc",
      "old_mode": 33188,
      "old_path": "net/handshake/handshake-test.c",
      "new_id": "df3948e807a0fd691fff71ec26f5dab7521a8c57",
      "new_mode": 33188,
      "new_path": "net/handshake/handshake-test.c"
    },
    {
      "type": "modify",
      "old_id": "a48163765a7a1d425783519be9b754712c71a2d5",
      "old_mode": 33188,
      "old_path": "net/handshake/handshake.h",
      "new_id": "2289b0e274f40a833af8d9aed0dbcce4a8e0bd73",
      "new_mode": 33188,
      "new_path": "net/handshake/handshake.h"
    },
    {
      "type": "modify",
      "old_id": "97114ec8027a5a1594a3130d89da97ebfdf2429d",
      "old_mode": 33188,
      "old_path": "net/handshake/netlink.c",
      "new_id": "039344979de934a352af6e0ed483797cacb1011b",
      "new_mode": 33188,
      "new_path": "net/handshake/netlink.c"
    },
    {
      "type": "modify",
      "old_id": "5d4a17f902d201cdcc356f41ab453c35ba79aad5",
      "old_mode": 33188,
      "old_path": "net/handshake/request.c",
      "new_id": "97f9f82399499474919cfe85efb1cdfe85e1dec9",
      "new_mode": 33188,
      "new_path": "net/handshake/request.c"
    },
    {
      "type": "modify",
      "old_id": "af294c6cc717313cb5deb66d2e4cd9ffa288284d",
      "old_mode": 33188,
      "old_path": "net/handshake/tlshd.c",
      "new_id": "7567150c2a4f95ab6d91ed977ee699187aca4439",
      "new_mode": 33188,
      "new_path": "net/handshake/tlshd.c"
    }
  ]
}