Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2225701/?format=api
{ "id": 2225701, "url": "http://patchwork.ozlabs.org/api/patches/2225701/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/5166c80ac3006080e4542ef4c3bf28bc78c696bc.1776667409.git.k4729.23098@gmail.com/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<5166c80ac3006080e4542ef4c3bf28bc78c696bc.1776667409.git.k4729.23098@gmail.com>", "list_archive_url": null, "date": "2026-04-21T12:42:34", "name": "[net,1/1] netfilter: shift-out-of-bounds in nft_bitwise", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "420801ac3e3693783861fdf1ded89eb40678aca5", "submitter": { "id": 92912, "url": "http://patchwork.ozlabs.org/api/people/92912/?format=api", "name": "Ren Wei", "email": "n05ec@lzu.edu.cn" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/5166c80ac3006080e4542ef4c3bf28bc78c696bc.1776667409.git.k4729.23098@gmail.com/mbox/", "series": [ { "id": 500797, "url": "http://patchwork.ozlabs.org/api/series/500797/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=500797", "date": "2026-04-21T12:42:34", "name": "[net,1/1] netfilter: shift-out-of-bounds in nft_bitwise", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/500797/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2225701/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2225701/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <netfilter-devel+bounces-12110-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12110-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=13.75.44.102", "smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=lzu.edu.cn", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=lzu.edu.cn" ], "Received": [ "from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0Mgn0Hnbz1yGs\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 21 Apr 2026 22:52:05 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 7B7F230511BA\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 21 Apr 2026 12:49:15 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 7BC113D091D;\n\tTue, 21 Apr 2026 12:49:14 +0000 (UTC)", "from azure-sdnproxy.icoremail.net (azure-sdnproxy.icoremail.net\n [13.75.44.102])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id DA1163845D8\n\tfor <netfilter-devel@vger.kernel.org>; Tue, 21 Apr 2026 12:49:08 +0000 (UTC)", "from enjou-Legion-Y7000P-2019.coin-barley.ts.net (unknown\n [172.23.56.36])\n\tby app1 (Coremail) with SMTP id ygmowAC3Kvs3cudpsdDYAA--.16054S2;\n\tTue, 21 Apr 2026 20:48:56 +0800 (CST)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776775754; cv=none;\n b=K7AEqeXQCflGrXWHOFQYXfCyrGXY1Qf8PKZ1aGdTL6Yf5mXN0xnmQlaZ2tC77XBZ1u839xP0BRSTOFT8Q6Ts8V4pO0W60biLN1XM+u9b7L5o4v/e0fKVhzKBySQrJ1FoJuDDKeOBiTbG3eL19qu1X+xcXbxe9BeegEtq+NaHd4g=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776775754; c=relaxed/simple;\n\tbh=pLtUm3OqzCQeZJmni3gZn1EAGz4h84MfZk1Zqlt3Vq4=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=NAmAS3Son95dyc8ahjRNMHHTVX+U0DxSRkquo3ubRUdgbVwb73qBmObPYLBzfVB0BP7NvZxfGX89GeE26rIuxOPHvI2QXnqvHu5ZASRdQR70UbFTLKyJ32aEr5Qzod0xN9b+9KNiHtmRevDnSTjYR+ToLzU8gLR+jJOOZFI+uSw=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=lzu.edu.cn;\n spf=pass smtp.mailfrom=lzu.edu.cn; arc=none smtp.client-ip=13.75.44.102", "From": "Ren Wei <n05ec@lzu.edu.cn>", "To": "netfilter-devel@vger.kernel.org", "Cc": "pablo@netfilter.org,\n\tfw@strlen.de,\n\tjeremy@azazel.net,\n\tyuantan098@gmail.com,\n\tyifanwucs@gmail.com,\n\ttomapufckgml@gmail.com,\n\tbird@lzu.edu.cn,\n\tk4729.23098@gmail.com,\n\tn05ec@lzu.edu.cn", "Subject": "[PATCH net 1/1] netfilter: shift-out-of-bounds in nft_bitwise", "Date": "Tue, 21 Apr 2026 20:42:34 +0800", "Message-ID": "\n <5166c80ac3006080e4542ef4c3bf28bc78c696bc.1776667409.git.k4729.23098@gmail.com>", "X-Mailer": "git-send-email 2.51.0", "In-Reply-To": "<cover.1776667409.git.k4729.23098@gmail.com>", "References": "<cover.1776667409.git.k4729.23098@gmail.com>", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-CM-TRANSID": "ygmowAC3Kvs3cudpsdDYAA--.16054S2", "X-Coremail-Antispam": "1UD129KBjvJXoW7CrWrGr13Jry5tr1xWFyxuFg_yoW8tw43pa\n\tsxK34ftFZrJFy2gw1Syry0yFn5Jrn3Cr13CrnxZFykZ3WUJr1rJ3WrK39Ivw1UGFs29Fs3\n\tZanIvFn3Kan5CFJanT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2\n\t9KBjDU0xBIdaVrnRJUUUB01xkIjI8I6I8E6xAIw20EY4v20xvaj40_Wr0E3s1l1IIY67AE\n\tw4v_Jr0_Jr4l8cAvFVAK0II2c7xJM28CjxkF64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2\n\tIY67AKxVW5JVW7JwA2z4x0Y4vE2Ix0cI8IcVCY1x0267AKxVWxJVW8Jr1l84ACjcxK6I8E\n\t87Iv67AKxVW0oVCq3wA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_GcCE3s1le2I262IYc4CY6c\n\t8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2j2WlYx0E2Ix0cI8IcVAFwI0_JrI_\n\tJrylYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7xkEbVWUJVW8JwACjcxG0xvY0x0EwI\n\txGrwACjI8F5VA0II8E6IAqYI8I648v4I1lFIxGxcIEc7CjxVA2Y2ka0xkIwI1lc7CjxVAa\n\tw2AFwI0_Jw0_GFylc2xSY4AK6svPMxAIw28IcxkI7VAKI48JMxAIw28IcVCjz48v1sIEY2\n\t0_Gr4l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8G\n\tjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r1q6r43MIIYrxkI7VAKI48JMIIF0xvE2I\n\tx0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42xK\n\t8VAvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I\n\t0E14v26r4j6r4UJbIYCTnIWIevJa73UjIFyTuYvjfUFg4SDUUUU", "X-CM-SenderInfo": "zqqvvuo6o23hxhgxhubq/1tbiAQsECWnnOeEFwgAAsW" }, "content": "From: Kai Ma <k4729.23098@gmail.com>\n\nHandle zero shift operands explicitly in nft_bitwise_eval_lshift() and\nnft_bitwise_eval_rshift().\n\nShift expressions accept values in the range [0, 31], but the carry\npropagation code assumes a non-zero shift and computes the carry from the\nadjacent 32-bit word unconditionally. For a zero shift operand, the\nexpected result is to leave the value unchanged.\n\nTreat zero shift as a no-op before entering the carry propagation loops.\nThis preserves the existing behaviour for non-zero shifts and matches the\nexpected semantics of shifting by zero.\n\nFixes: 567d746b55bc (\"netfilter: bitwise: add support for shifts.\")\nCc: stable@kernel.org\nReported-by: Yuan Tan <yuantan098@gmail.com>\nReported-by: Yifan Wu <yifanwucs@gmail.com>\nReported-by: Juefei Pu <tomapufckgml@gmail.com>\nReported-by: Xin Liu <bird@lzu.edu.cn>\nSigned-off-by: Kai Ma <k4729.23098@gmail.com>\nSigned-off-by: Ren Wei <n05ec@lzu.edu.cn>\n---\n net/netfilter/nft_bitwise.c | 20 ++++++++++++++++----\n 1 file changed, 16 insertions(+), 4 deletions(-)", "diff": "diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c\nindex d550910aabec..f74774b176af 100644\n--- a/net/netfilter/nft_bitwise.c\n+++ b/net/netfilter/nft_bitwise.c\n@@ -39,10 +39,16 @@ static void nft_bitwise_eval_lshift(u32 *dst, const u32 *src,\n \t\t\t\t const struct nft_bitwise *priv)\n {\n \tu32 shift = priv->data.data[0];\n-\tunsigned int i;\n+\tunsigned int i, n = DIV_ROUND_UP(priv->len, sizeof(u32));\n \tu32 carry = 0;\n \n-\tfor (i = DIV_ROUND_UP(priv->len, sizeof(u32)); i > 0; i--) {\n+\tif (!shift) {\n+\t\tfor (i = 0; i < n; i++)\n+\t\t\tdst[i] = src[i];\n+\t\treturn;\n+\t}\n+\n+\tfor (i = n; i > 0; i--) {\n \t\tdst[i - 1] = (src[i - 1] << shift) | carry;\n \t\tcarry = src[i - 1] >> (BITS_PER_TYPE(u32) - shift);\n \t}\n@@ -52,10 +58,16 @@ static void nft_bitwise_eval_rshift(u32 *dst, const u32 *src,\n \t\t\t\t const struct nft_bitwise *priv)\n {\n \tu32 shift = priv->data.data[0];\n-\tunsigned int i;\n+\tunsigned int i, n = DIV_ROUND_UP(priv->len, sizeof(u32));\n \tu32 carry = 0;\n \n-\tfor (i = 0; i < DIV_ROUND_UP(priv->len, sizeof(u32)); i++) {\n+\tif (!shift) {\n+\t\tfor (i = 0; i < n; i++)\n+\t\t\tdst[i] = src[i];\n+\t\treturn;\n+\t}\n+\n+\tfor (i = 0; i < n; i++) {\n \t\tdst[i] = carry | (src[i] >> shift);\n \t\tcarry = src[i] << (BITS_PER_TYPE(u32) - shift);\n \t}\n", "prefixes": [ "net", "1/1" ] }