From: Eric Biggers Date: Mon, 27 Apr 2026 17:27:26 +0000 (-0700) Subject: net/tcp-ao: Return void from functions that can no longer fail X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e4f61e431634730af2244312c783f746575905d;p=thirdparty%2Flinux.git net/tcp-ao: Return void from functions that can no longer fail Since tcp-ao now uses the crypto library API instead of crypto_ahash, and MACs and keys now have a statically-known maximum size, many tcp-ao functions can no longer fail. Propagate this change up into the return types of various functions. Reviewed-by: Ard Biesheuvel Signed-off-by: Eric Biggers Link: https://patch.msgid.link/20260427172727.9310-5-ebiggers@kernel.org Signed-off-by: Paolo Abeni --- diff --git a/include/net/tcp.h b/include/net/tcp.h index fb2bc9edc7de..35fc6b35b216 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -2520,9 +2520,9 @@ struct tcp_sock_af_ops { struct tcp_ao_key *(*ao_lookup)(const struct sock *sk, struct sock *addr_sk, int sndid, int rcvid); - int (*ao_calc_key_sk)(struct tcp_ao_key *mkt, u8 *key, - const struct sock *sk, - __be32 sisn, __be32 disn, bool send); + void (*ao_calc_key_sk)(struct tcp_ao_key *mkt, u8 *key, + const struct sock *sk, + __be32 sisn, __be32 disn, bool send); int (*calc_ao_hash)(char *location, struct tcp_ao_key *ao, const struct sock *sk, const struct sk_buff *skb, const u8 *tkey, int hash_offset, u32 sne); @@ -2543,7 +2543,7 @@ struct tcp_request_sock_ops { struct tcp_ao_key *(*ao_lookup)(const struct sock *sk, struct request_sock *req, int sndid, int rcvid); - int (*ao_calc_key)(struct tcp_ao_key *mkt, u8 *key, struct request_sock *sk); + void (*ao_calc_key)(struct tcp_ao_key *mkt, u8 *key, struct request_sock *sk); int (*ao_synack_hash)(char *ao_hash, struct tcp_ao_key *mkt, struct request_sock *req, const struct sk_buff *skb, int hash_offset, u32 sne); diff --git a/include/net/tcp_ao.h b/include/net/tcp_ao.h index 20997aef3b0d..29fd7b735afa 100644 --- a/include/net/tcp_ao.h +++ b/include/net/tcp_ao.h @@ -187,9 +187,9 @@ struct tcp6_ao_context { #define TCP_AO_ESTABLISHED (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_FIN_WAIT2 | \ TCPF_CLOSE_WAIT | TCPF_LAST_ACK | TCPF_CLOSING) -int tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb, - struct tcp_ao_key *key, struct tcphdr *th, - __u8 *hash_location); +void tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb, + struct tcp_ao_key *key, struct tcphdr *th, + __u8 *hash_location); void tcp_ao_mac_update(struct tcp_ao_mac_ctx *mac_ctx, const void *data, size_t data_len); int tcp_ao_hash_skb(unsigned short int family, @@ -238,11 +238,11 @@ struct tcp_ao_key *tcp_v4_ao_lookup(const struct sock *sk, struct sock *addr_sk, int tcp_v4_ao_synack_hash(char *ao_hash, struct tcp_ao_key *mkt, struct request_sock *req, const struct sk_buff *skb, int hash_offset, u32 sne); -int tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key, - const struct sock *sk, - __be32 sisn, __be32 disn, bool send); -int tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key, - struct request_sock *req); +void tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key, + const struct sock *sk, + __be32 sisn, __be32 disn, bool send); +void tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key, + struct request_sock *req); struct tcp_ao_key *tcp_v4_ao_lookup_rsk(const struct sock *sk, struct request_sock *req, int sndid, int rcvid); @@ -250,16 +250,17 @@ int tcp_v4_ao_hash_skb(char *ao_hash, struct tcp_ao_key *key, const struct sock *sk, const struct sk_buff *skb, const u8 *tkey, int hash_offset, u32 sne); /* ipv6 specific functions */ -int tcp_v6_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx, - const struct in6_addr *daddr, - const struct in6_addr *saddr, int nbytes); -int tcp_v6_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key, - const struct sk_buff *skb, __be32 sisn, __be32 disn); -int tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key, - const struct sock *sk, __be32 sisn, - __be32 disn, bool send); -int tcp_v6_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key, - struct request_sock *req); +void tcp_v6_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx, + const struct in6_addr *daddr, + const struct in6_addr *saddr, int nbytes); +void tcp_v6_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key, + const struct sk_buff *skb, __be32 sisn, + __be32 disn); +void tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key, + const struct sock *sk, __be32 sisn, + __be32 disn, bool send); +void tcp_v6_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key, + struct request_sock *req); struct tcp_ao_key *tcp_v6_ao_lookup(const struct sock *sk, struct sock *addr_sk, int sndid, int rcvid); struct tcp_ao_key *tcp_v6_ao_lookup_rsk(const struct sock *sk, @@ -279,11 +280,10 @@ void tcp_ao_syncookie(struct sock *sk, const struct sk_buff *skb, struct request_sock *req, unsigned short int family); #else /* CONFIG_TCP_AO */ -static inline int tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb, - struct tcp_ao_key *key, struct tcphdr *th, - __u8 *hash_location) +static inline void tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb, + struct tcp_ao_key *key, + struct tcphdr *th, __u8 *hash_location) { - return 0; } static inline void tcp_ao_syncookie(struct sock *sk, const struct sk_buff *skb, diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c index 69f1d6d26562..36a64c1cd8c9 100644 --- a/net/ipv4/tcp_ao.c +++ b/net/ipv4/tcp_ao.c @@ -435,10 +435,10 @@ void tcp_ao_time_wait(struct tcp_timewait_sock *tcptw, struct tcp_sock *tp) } /* 4 tuple and ISNs are expected in NBO */ -static int tcp_v4_ao_calc_key(struct tcp_ao_key *mkt, u8 *key, - __be32 saddr, __be32 daddr, - __be16 sport, __be16 dport, - __be32 sisn, __be32 disn) +static void tcp_v4_ao_calc_key(struct tcp_ao_key *mkt, u8 *key, + __be32 saddr, __be32 daddr, + __be16 sport, __be16 dport, + __be32 sisn, __be32 disn) { /* See RFC5926 3.1.1 */ struct kdf_input_block { @@ -461,76 +461,78 @@ static int tcp_v4_ao_calc_key(struct tcp_ao_key *mkt, u8 *key, }; tcp_ao_calc_traffic_key(mkt, key, &input, sizeof(input)); - return 0; } -int tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key, - const struct sock *sk, - __be32 sisn, __be32 disn, bool send) +void tcp_v4_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key, + const struct sock *sk, + __be32 sisn, __be32 disn, bool send) { if (send) - return tcp_v4_ao_calc_key(mkt, key, sk->sk_rcv_saddr, - sk->sk_daddr, htons(sk->sk_num), - sk->sk_dport, sisn, disn); + tcp_v4_ao_calc_key(mkt, key, sk->sk_rcv_saddr, sk->sk_daddr, + htons(sk->sk_num), sk->sk_dport, sisn, disn); else - return tcp_v4_ao_calc_key(mkt, key, sk->sk_daddr, - sk->sk_rcv_saddr, sk->sk_dport, - htons(sk->sk_num), disn, sisn); + tcp_v4_ao_calc_key(mkt, key, sk->sk_daddr, sk->sk_rcv_saddr, + sk->sk_dport, htons(sk->sk_num), disn, sisn); } static int tcp_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key, const struct sock *sk, __be32 sisn, __be32 disn, bool send) { - if (mkt->family == AF_INET) - return tcp_v4_ao_calc_key_sk(mkt, key, sk, sisn, disn, send); + if (mkt->family == AF_INET) { + tcp_v4_ao_calc_key_sk(mkt, key, sk, sisn, disn, send); + return 0; + } #if IS_ENABLED(CONFIG_IPV6) - else if (mkt->family == AF_INET6) - return tcp_v6_ao_calc_key_sk(mkt, key, sk, sisn, disn, send); + if (mkt->family == AF_INET6) { + tcp_v6_ao_calc_key_sk(mkt, key, sk, sisn, disn, send); + return 0; + } #endif - else - return -EOPNOTSUPP; + return -EOPNOTSUPP; } -int tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key, - struct request_sock *req) +void tcp_v4_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key, + struct request_sock *req) { struct inet_request_sock *ireq = inet_rsk(req); - return tcp_v4_ao_calc_key(mkt, key, - ireq->ir_loc_addr, ireq->ir_rmt_addr, - htons(ireq->ir_num), ireq->ir_rmt_port, - htonl(tcp_rsk(req)->snt_isn), - htonl(tcp_rsk(req)->rcv_isn)); + tcp_v4_ao_calc_key(mkt, key, ireq->ir_loc_addr, ireq->ir_rmt_addr, + htons(ireq->ir_num), ireq->ir_rmt_port, + htonl(tcp_rsk(req)->snt_isn), + htonl(tcp_rsk(req)->rcv_isn)); } -static int tcp_v4_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key, - const struct sk_buff *skb, - __be32 sisn, __be32 disn) +static void tcp_v4_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key, + const struct sk_buff *skb, + __be32 sisn, __be32 disn) { const struct iphdr *iph = ip_hdr(skb); const struct tcphdr *th = tcp_hdr(skb); - return tcp_v4_ao_calc_key(mkt, key, iph->saddr, iph->daddr, - th->source, th->dest, sisn, disn); + tcp_v4_ao_calc_key(mkt, key, iph->saddr, iph->daddr, th->source, + th->dest, sisn, disn); } static int tcp_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key, const struct sk_buff *skb, __be32 sisn, __be32 disn, int family) { - if (family == AF_INET) - return tcp_v4_ao_calc_key_skb(mkt, key, skb, sisn, disn); + if (family == AF_INET) { + tcp_v4_ao_calc_key_skb(mkt, key, skb, sisn, disn); + return 0; + } #if IS_ENABLED(CONFIG_IPV6) - else if (family == AF_INET6) - return tcp_v6_ao_calc_key_skb(mkt, key, skb, sisn, disn); + if (family == AF_INET6) { + tcp_v6_ao_calc_key_skb(mkt, key, skb, sisn, disn); + return 0; + } #endif return -EAFNOSUPPORT; } -static int tcp_v4_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx, - __be32 daddr, __be32 saddr, - int nbytes) +static void tcp_v4_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx, + __be32 daddr, __be32 saddr, int nbytes) { struct tcp4_pseudohdr phdr = { .saddr = saddr, @@ -541,7 +543,6 @@ static int tcp_v4_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx, }; tcp_ao_mac_update(mac_ctx, &phdr, sizeof(phdr)); - return 0; } static int tcp_ao_hash_pseudoheader(unsigned short int family, @@ -553,31 +554,38 @@ static int tcp_ao_hash_pseudoheader(unsigned short int family, /* TODO: Can we rely on checksum being zero to mean outbound pkt? */ if (!th->check) { - if (family == AF_INET) - return tcp_v4_ao_hash_pseudoheader(mac_ctx, sk->sk_daddr, - sk->sk_rcv_saddr, skb->len); + if (family == AF_INET) { + tcp_v4_ao_hash_pseudoheader(mac_ctx, sk->sk_daddr, + sk->sk_rcv_saddr, skb->len); + return 0; + } #if IS_ENABLED(CONFIG_IPV6) - else if (family == AF_INET6) - return tcp_v6_ao_hash_pseudoheader(mac_ctx, &sk->sk_v6_daddr, - &sk->sk_v6_rcv_saddr, skb->len); + if (family == AF_INET6) { + tcp_v6_ao_hash_pseudoheader(mac_ctx, &sk->sk_v6_daddr, + &sk->sk_v6_rcv_saddr, + skb->len); + return 0; + } #endif - else - return -EAFNOSUPPORT; + return -EAFNOSUPPORT; } if (family == AF_INET) { const struct iphdr *iph = ip_hdr(skb); - return tcp_v4_ao_hash_pseudoheader(mac_ctx, iph->daddr, - iph->saddr, skb->len); + tcp_v4_ao_hash_pseudoheader(mac_ctx, iph->daddr, iph->saddr, + skb->len); + return 0; + } #if IS_ENABLED(CONFIG_IPV6) - } else if (family == AF_INET6) { + if (family == AF_INET6) { const struct ipv6hdr *iph = ipv6_hdr(skb); - return tcp_v6_ao_hash_pseudoheader(mac_ctx, &iph->daddr, - &iph->saddr, skb->len); -#endif + tcp_v6_ao_hash_pseudoheader(mac_ctx, &iph->daddr, &iph->saddr, + skb->len); + return 0; } +#endif return -EAFNOSUPPORT; } @@ -740,11 +748,8 @@ int tcp_v4_ao_synack_hash(char *ao_hash, struct tcp_ao_key *ao_key, int hash_offset, u32 sne) { u8 tkey_buf[TCP_AO_MAX_TRAFFIC_KEY_LEN]; - int err; - err = tcp_v4_ao_calc_key_rsk(ao_key, tkey_buf, req); - if (err) - return err; + tcp_v4_ao_calc_key_rsk(ao_key, tkey_buf, req); return tcp_ao_hash_skb(AF_INET, ao_hash, ao_key, req_to_sk(req), skb, tkey_buf, hash_offset, sne); @@ -857,9 +862,9 @@ int tcp_ao_prepare_reset(const struct sock *sk, struct sk_buff *skb, return 0; } -int tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb, - struct tcp_ao_key *key, struct tcphdr *th, - __u8 *hash_location) +void tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb, + struct tcp_ao_key *key, struct tcphdr *th, + __u8 *hash_location) { struct tcp_skb_cb *tcb = TCP_SKB_CB(skb); u8 tkey_buf[TCP_AO_MAX_TRAFFIC_KEY_LEN]; @@ -887,7 +892,6 @@ int tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb, ntohl(th->seq)); tp->af_specific->calc_ao_hash(hash_location, key, sk, skb, traffic_key, hash_location - (u8 *)th, sne); - return 0; } static struct tcp_ao_key *tcp_ao_inbound_lookup(unsigned short int family, diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index c8d7b5d20d18..75eb18a2ad4e 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -1657,14 +1657,8 @@ static int __tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, key.md5_key, sk, skb); #endif } else if (tcp_key_is_ao(&key)) { - int err; - - err = tcp_ao_transmit_skb(sk, skb, key.ao_key, th, - opts.hash_location); - if (err) { - sk_skb_reason_drop(sk, skb, SKB_DROP_REASON_NOT_SPECIFIED); - return -ENOMEM; - } + tcp_ao_transmit_skb(sk, skb, key.ao_key, th, + opts.hash_location); } /* BPF prog is the last one writing header option */ diff --git a/net/ipv6/tcp_ao.c b/net/ipv6/tcp_ao.c index bf30b970181d..01a8472805d1 100644 --- a/net/ipv6/tcp_ao.c +++ b/net/ipv6/tcp_ao.c @@ -12,11 +12,11 @@ #include #include -static int tcp_v6_ao_calc_key(struct tcp_ao_key *mkt, u8 *key, - const struct in6_addr *saddr, - const struct in6_addr *daddr, - __be16 sport, __be16 dport, - __be32 sisn, __be32 disn) +static void tcp_v6_ao_calc_key(struct tcp_ao_key *mkt, u8 *key, + const struct in6_addr *saddr, + const struct in6_addr *daddr, + __be16 sport, __be16 dport, + __be32 sisn, __be32 disn) { struct kdf_input_block { u8 counter; @@ -38,45 +38,42 @@ static int tcp_v6_ao_calc_key(struct tcp_ao_key *mkt, u8 *key, }; tcp_ao_calc_traffic_key(mkt, key, &input, sizeof(input)); - return 0; } -int tcp_v6_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key, - const struct sk_buff *skb, - __be32 sisn, __be32 disn) +void tcp_v6_ao_calc_key_skb(struct tcp_ao_key *mkt, u8 *key, + const struct sk_buff *skb, __be32 sisn, __be32 disn) { const struct ipv6hdr *iph = ipv6_hdr(skb); const struct tcphdr *th = tcp_hdr(skb); - return tcp_v6_ao_calc_key(mkt, key, &iph->saddr, - &iph->daddr, th->source, - th->dest, sisn, disn); + tcp_v6_ao_calc_key(mkt, key, &iph->saddr, &iph->daddr, th->source, + th->dest, sisn, disn); } -int tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key, - const struct sock *sk, __be32 sisn, - __be32 disn, bool send) +void tcp_v6_ao_calc_key_sk(struct tcp_ao_key *mkt, u8 *key, + const struct sock *sk, __be32 sisn, + __be32 disn, bool send) { if (send) - return tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_rcv_saddr, - &sk->sk_v6_daddr, htons(sk->sk_num), - sk->sk_dport, sisn, disn); + tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_rcv_saddr, + &sk->sk_v6_daddr, htons(sk->sk_num), + sk->sk_dport, sisn, disn); else - return tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_daddr, - &sk->sk_v6_rcv_saddr, sk->sk_dport, - htons(sk->sk_num), disn, sisn); + tcp_v6_ao_calc_key(mkt, key, &sk->sk_v6_daddr, + &sk->sk_v6_rcv_saddr, sk->sk_dport, + htons(sk->sk_num), disn, sisn); } -int tcp_v6_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key, - struct request_sock *req) +void tcp_v6_ao_calc_key_rsk(struct tcp_ao_key *mkt, u8 *key, + struct request_sock *req) { struct inet_request_sock *ireq = inet_rsk(req); - return tcp_v6_ao_calc_key(mkt, key, - &ireq->ir_v6_loc_addr, &ireq->ir_v6_rmt_addr, - htons(ireq->ir_num), ireq->ir_rmt_port, - htonl(tcp_rsk(req)->snt_isn), - htonl(tcp_rsk(req)->rcv_isn)); + tcp_v6_ao_calc_key(mkt, key, + &ireq->ir_v6_loc_addr, &ireq->ir_v6_rmt_addr, + htons(ireq->ir_num), ireq->ir_rmt_port, + htonl(tcp_rsk(req)->snt_isn), + htonl(tcp_rsk(req)->rcv_isn)); } struct tcp_ao_key *tcp_v6_ao_lookup(const struct sock *sk, @@ -104,9 +101,9 @@ struct tcp_ao_key *tcp_v6_ao_lookup_rsk(const struct sock *sk, AF_INET6, sndid, rcvid); } -int tcp_v6_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx, - const struct in6_addr *daddr, - const struct in6_addr *saddr, int nbytes) +void tcp_v6_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx, + const struct in6_addr *daddr, + const struct in6_addr *saddr, int nbytes) { /* 1. TCP pseudo-header (RFC2460) */ struct tcp6_pseudohdr phdr = { @@ -117,7 +114,6 @@ int tcp_v6_ao_hash_pseudoheader(struct tcp_ao_mac_ctx *mac_ctx, }; tcp_ao_mac_update(mac_ctx, &phdr, sizeof(phdr)); - return 0; } int tcp_v6_ao_hash_skb(char *ao_hash, struct tcp_ao_key *key, @@ -139,11 +135,8 @@ int tcp_v6_ao_synack_hash(char *ao_hash, struct tcp_ao_key *ao_key, int hash_offset, u32 sne) { u8 tkey_buf[TCP_AO_MAX_TRAFFIC_KEY_LEN]; - int err; - err = tcp_v6_ao_calc_key_rsk(ao_key, tkey_buf, req); - if (err) - return err; + tcp_v6_ao_calc_key_rsk(ao_key, tkey_buf, req); return tcp_ao_hash_skb(AF_INET6, ao_hash, ao_key, req_to_sk(req), skb, tkey_buf, hash_offset, sne);