GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/1.1/patches/2228724/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2228724,
    "url": "http://patchwork.ozlabs.org/api/1.1/patches/2228724/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260427092117.4160-2-fmancera@suse.de/",
    "project": {
        "id": 26,
        "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api",
        "name": "Netfilter Development",
        "link_name": "netfilter-devel",
        "list_id": "netfilter-devel.vger.kernel.org",
        "list_email": "netfilter-devel@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null
    },
    "msgid": "<20260427092117.4160-2-fmancera@suse.de>",
    "date": "2026-04-27T09:21:18",
    "name": "[nf,v4] netfilter: nft_bitwise: fix dst corruption in same register shifts",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "aab8b594b5b0816dc855af11da8d1780a5a07cf1",
    "submitter": {
        "id": 90904,
        "url": "http://patchwork.ozlabs.org/api/1.1/people/90904/?format=api",
        "name": "Fernando Fernandez Mancera",
        "email": "fmancera@suse.de"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260427092117.4160-2-fmancera@suse.de/mbox/",
    "series": [
        {
            "id": 501611,
            "url": "http://patchwork.ozlabs.org/api/1.1/series/501611/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=501611",
            "date": "2026-04-27T09:21:18",
            "name": "[nf,v4] netfilter: nft_bitwise: fix dst corruption in same register shifts",
            "version": 4,
            "mbox": "http://patchwork.ozlabs.org/series/501611/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2228724/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2228724/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "\n <netfilter-devel+bounces-12212-incoming=patchwork.ozlabs.org@vger.kernel.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "netfilter-devel@vger.kernel.org"
        ],
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256\n header.s=susede2_rsa header.b=cOW3K+Jw;\n\tdkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=t7pWqeIV;\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.a=rsa-sha256 header.s=susede2_rsa header.b=cOW3K+Jw;\n\tdkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=t7pWqeIV;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c09:e001:a7::12fc:5321; helo=sto.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12212-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)",
            "smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"cOW3K+Jw\";\n\tdkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"t7pWqeIV\";\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"cOW3K+Jw\";\n\tdkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"t7pWqeIV\"",
            "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=195.135.223.131",
            "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=suse.de",
            "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=suse.de",
            "smtp-out2.suse.de;\n\tdkim=pass header.d=suse.de header.s=susede2_rsa header.b=cOW3K+Jw;\n\tdkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=t7pWqeIV"
        ],
        "Received": [
            "from sto.lore.kernel.org (sto.lore.kernel.org\n [IPv6:2600:3c09:e001:a7::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g3ykp0p5wz1yHv\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 27 Apr 2026 19:22:10 +1000 (AEST)",
            "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sto.lore.kernel.org (Postfix) with ESMTP id 0DA893000FC0\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 27 Apr 2026 09:22:06 +0000 (UTC)",
            "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 8C67A3750B2;\n\tMon, 27 Apr 2026 09:22:05 +0000 (UTC)",
            "from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 9543E3B19BA\n\tfor <netfilter-devel@vger.kernel.org>; Mon, 27 Apr 2026 09:21:59 +0000 (UTC)",
            "from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org\n [IPv6:2a07:de40:b281:104:10:150:64:97])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby smtp-out2.suse.de (Postfix) with ESMTPS id 3F4985BCCD;\n\tMon, 27 Apr 2026 09:21:57 +0000 (UTC)",
            "from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id C4701593B0;\n\tMon, 27 Apr 2026 09:21:56 +0000 (UTC)",
            "from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])\n\tby imap1.dmz-prg2.suse.org with ESMTPSA\n\tid TcAVLbQq72l2UAAAD6G6ig\n\t(envelope-from <fmancera@suse.de>); Mon, 27 Apr 2026 09:21:56 +0000"
        ],
        "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777281722; cv=none;\n b=fuwlU/1Uj3Ua7FBoSrH5plSV2fNCq4pXQWVBcVcs5vuqo1DSvYeir0fs50Pde/2jDBa/3COSExr9iE3bQUqrtbNt5W1Cg1eqJvPX/r9t22ZGiQlYAz7pt+r1hTIiqjbH/mzMOfA4Ak6IqHB3QqNMxQPBfQV9aJIPYyGDryLHhSg=",
        "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777281722; c=relaxed/simple;\n\tbh=eCn3k8u/63/LHwU0IpVlIKdIDI/o5V1LiBuq5/heX5M=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version;\n b=miB6wHRw1K+MrqFCww7fIelxe+kxTczZ9SEE//RX/kpWyRZO5KDWIcqdMA32MZAxvMUB8itkbMgwUjKo+l3df/HkGW/zjBCFWqDzxNUmh/wieKz0MbXg3CRUEbB4XsFedmgR9Bc0CwrFcKBcrfelqsQG6toahBgVBZr3jbdY1BY=",
        "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=suse.de;\n spf=pass smtp.mailfrom=suse.de;\n dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=cOW3K+Jw;\n dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=t7pWqeIV;\n dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=cOW3K+Jw;\n dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=t7pWqeIV; arc=none smtp.client-ip=195.135.223.131",
        "DKIM-Signature": [
            "v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n\tt=1777281717;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:\n  content-transfer-encoding:content-transfer-encoding;\n\tbh=k5y3pjY1aXRQOQV4DE2hjR7vsDXg5H9bmpiES3KwAB8=;\n\tb=cOW3K+JwboD0xyIqMjgKHowG4D0LPbTuZaf82PgEpus14FwbQApj9WpwN8niKQvHgi+lO2\n\t8g/7+fk7z1lyzgVrZXLo8cnIIlm9gFu3bGDNLeC9Ng/dJ366rn+HpnphxKKqdDIAgtPJgV\n\tO6cseuYCCBYxAzk6PCSNg+ddpntK8K8=",
            "v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n\ts=susede2_ed25519; t=1777281717;\n\th=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:\n  content-transfer-encoding:content-transfer-encoding;\n\tbh=k5y3pjY1aXRQOQV4DE2hjR7vsDXg5H9bmpiES3KwAB8=;\n\tb=t7pWqeIVhkDPme/j4RSV3IDo1Ez3M31UBRgJnrPdeY3Lz7O5au389dDmAKPAKMfb4b4q51\n\tmyoKhEysxzTsjHBg==",
            "v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n\tt=1777281717;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:\n  content-transfer-encoding:content-transfer-encoding;\n\tbh=k5y3pjY1aXRQOQV4DE2hjR7vsDXg5H9bmpiES3KwAB8=;\n\tb=cOW3K+JwboD0xyIqMjgKHowG4D0LPbTuZaf82PgEpus14FwbQApj9WpwN8niKQvHgi+lO2\n\t8g/7+fk7z1lyzgVrZXLo8cnIIlm9gFu3bGDNLeC9Ng/dJ366rn+HpnphxKKqdDIAgtPJgV\n\tO6cseuYCCBYxAzk6PCSNg+ddpntK8K8=",
            "v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n\ts=susede2_ed25519; t=1777281717;\n\th=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:\n  content-transfer-encoding:content-transfer-encoding;\n\tbh=k5y3pjY1aXRQOQV4DE2hjR7vsDXg5H9bmpiES3KwAB8=;\n\tb=t7pWqeIVhkDPme/j4RSV3IDo1Ez3M31UBRgJnrPdeY3Lz7O5au389dDmAKPAKMfb4b4q51\n\tmyoKhEysxzTsjHBg=="
        ],
        "From": "Fernando Fernandez Mancera <fmancera@suse.de>",
        "To": "netfilter-devel@vger.kernel.org",
        "Cc": "coreteam@netfilter.org,\n\tjeremy@azazel.net,\n\tphil@nwl.cc,\n\tfw@strlen.de,\n\tpablo@netfilter.org,\n\tFernando Fernandez Mancera <fmancera@suse.de>",
        "Subject": "[PATCH nf v4] netfilter: nft_bitwise: fix dst corruption in same\n register shifts",
        "Date": "Mon, 27 Apr 2026 11:21:18 +0200",
        "Message-ID": "<20260427092117.4160-2-fmancera@suse.de>",
        "X-Mailer": "git-send-email 2.51.0",
        "Precedence": "bulk",
        "X-Mailing-List": "netfilter-devel@vger.kernel.org",
        "List-Id": "<netfilter-devel.vger.kernel.org>",
        "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>",
        "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "X-Rspamd-Action": "no action",
        "X-Rspamd-Server": "rspamd2.dmz-prg2.suse.org",
        "X-Spamd-Result": "default: False [-3.01 / 50.00];\n\tBAYES_HAM(-3.00)[100.00%];\n\tMID_CONTAINS_FROM(1.00)[];\n\tNEURAL_HAM_LONG(-1.00)[-1.000];\n\tR_MISSING_CHARSET(0.50)[];\n\tR_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];\n\tNEURAL_HAM_SHORT(-0.20)[-1.000];\n\tMIME_GOOD(-0.10)[text/plain];\n\tMX_GOOD(-0.01)[];\n\tFUZZY_RATELIMITED(0.00)[rspamd.com];\n\tARC_NA(0.00)[];\n\tRCVD_VIA_SMTP_AUTH(0.00)[];\n\tTO_DN_SOME(0.00)[];\n\tMIME_TRACE(0.00)[0:+];\n\tRCPT_COUNT_SEVEN(0.00)[7];\n\tDNSWL_BLOCKED(0.00)[2a07:de40:b281:104:10:150:64:97:from];\n\tDKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];\n\tFROM_EQ_ENVFROM(0.00)[];\n\tFROM_HAS_DN(0.00)[];\n\tSPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from];\n\tRCVD_TLS_ALL(0.00)[];\n\tDBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns,suse.de:dkim,suse.de:mid,suse.de:email];\n\tRCVD_COUNT_TWO(0.00)[2];\n\tTO_MATCH_ENVRCPT_ALL(0.00)[];\n\tDKIM_TRACE(0.00)[suse.de:+]",
        "X-Rspamd-Queue-Id": "3F4985BCCD",
        "X-Spam-Flag": "NO",
        "X-Spam-Score": "-3.01",
        "X-Spam-Level": ""
    },
    "content": "For lshift and rshift, the shift operations are performed in a loop over\n32-bit words. The loop calculates the shifted value and write it to dst,\nand then immediately reads from src to calculate the carry for the next\niteration. Because src and dst could point to the same memory location,\nthe carry is incorrectly calculated using the newly modified dst value\ninstead of the original src value.\n\nAdding a temporary local variable to cache the original value before\nwriting to dst and using it for the carry calculation solves the\nproblem. In addition, partial overlap is rejected from control plane for\nall kind of operations. This was tested with the following bytecode:\n\ntable test_table ip flags 0 use 1 handle 1\nip test_table test_chain use 3 type filter hook input prio 0 policy accept packets 0 bytes 0 flags 1\nip test_table test_chain 2\n  [ immediate reg 1 0x44332211 0x88776655 ]\n  [ bitwise reg 1 = ( reg 1 << 0x08000000 ) ]\n  [ cmp eq reg 1 0x66443322 0x00887766 ]\n  [ counter pkts 0 bytes 0 ]\nip test_table test_chain 4 3\n  [ immediate reg 1 0x44332211 0x88776655 ]\n  [ bitwise reg 1 = ( reg 1 << 0x08000000 ) ]\n  [ cmp eq reg 1 0x55443322 0x00887766 ]\n  [ counter pkts 21794 bytes 1917798 ]\n\nFixes: 567d746b55bc (\"netfilter: bitwise: add support for shifts.\")\nSigned-off-by: Fernando Fernandez Mancera <fmancera@suse.de>\n---\nv2: handled partially register overlap\nv3: reject partially overlap from control plane\nv4: applied the partial overlap check to all operations\n---\n net/netfilter/nft_bitwise.c | 19 +++++++++++++++----\n 1 file changed, 15 insertions(+), 4 deletions(-)",
    "diff": "diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c\nindex 13808e9cd999..76e7ae96429d 100644\n--- a/net/netfilter/nft_bitwise.c\n+++ b/net/netfilter/nft_bitwise.c\n@@ -43,8 +43,10 @@ static void nft_bitwise_eval_lshift(u32 *dst, const u32 *src,\n \tu32 carry = 0;\n \n \tfor (i = DIV_ROUND_UP(priv->len, sizeof(u32)); i > 0; i--) {\n-\t\tdst[i - 1] = (src[i - 1] << shift) | carry;\n-\t\tcarry = src[i - 1] >> (BITS_PER_TYPE(u32) - shift);\n+\t\tu32 tmp_src = src[i - 1];\n+\n+\t\tdst[i - 1] = (tmp_src << shift) | carry;\n+\t\tcarry = tmp_src >> (BITS_PER_TYPE(u32) - shift);\n \t}\n }\n \n@@ -56,8 +58,10 @@ static void nft_bitwise_eval_rshift(u32 *dst, const u32 *src,\n \tu32 carry = 0;\n \n \tfor (i = 0; i < DIV_ROUND_UP(priv->len, sizeof(u32)); i++) {\n-\t\tdst[i] = carry | (src[i] >> shift);\n-\t\tcarry = src[i] << (BITS_PER_TYPE(u32) - shift);\n+\t\tu32 tmp_src = src[i];\n+\n+\t\tdst[i] = carry | (tmp_src >> shift);\n+\t\tcarry = tmp_src << (BITS_PER_TYPE(u32) - shift);\n \t}\n }\n \n@@ -244,6 +248,7 @@ static int nft_bitwise_init(const struct nft_ctx *ctx,\n \t\t\t    const struct nlattr * const tb[])\n {\n \tstruct nft_bitwise *priv = nft_expr_priv(expr);\n+\tunsigned int n;\n \tu32 len;\n \tint err;\n \n@@ -264,6 +269,12 @@ static int nft_bitwise_init(const struct nft_ctx *ctx,\n \tif (err < 0)\n \t\treturn err;\n \n+\tn = DIV_ROUND_UP(priv->len, sizeof(u32));\n+\tif (priv->sreg != priv->dreg &&\n+\t    priv->dreg < priv->sreg + n &&\n+\t    priv->sreg < priv->dreg + n)\n+\t\treturn -EINVAL;\n+\n \tif (tb[NFTA_BITWISE_OP]) {\n \t\tpriv->op = ntohl(nla_get_be32(tb[NFTA_BITWISE_OP]));\n \t\tswitch (priv->op) {\n",
    "prefixes": [
        "nf",
        "v4"
    ]
}