Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2225879/?format=api
{ "id": 2225879, "url": "http://patchwork.ozlabs.org/api/patches/2225879/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260421173851.7945-2-fmancera@suse.de/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260421173851.7945-2-fmancera@suse.de>", "list_archive_url": null, "date": "2026-04-21T17:38:52", "name": "[nf] netfilter: nft_bitwise: fix dst corruption in same register shifts", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": true, "hash": "12d5600deff4a55c8862a32abd6f52964af8327d", "submitter": { "id": 90904, "url": "http://patchwork.ozlabs.org/api/people/90904/?format=api", "name": "Fernando Fernandez Mancera", "email": "fmancera@suse.de" }, "delegate": { "id": 11902, "url": "http://patchwork.ozlabs.org/api/users/11902/?format=api", "username": "strlen", "first_name": "Florian", "last_name": "Westphal", "email": "fw@strlen.de" }, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260421173851.7945-2-fmancera@suse.de/mbox/", "series": [ { "id": 500862, "url": "http://patchwork.ozlabs.org/api/series/500862/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=500862", "date": "2026-04-21T17:38:52", "name": "[nf] netfilter: nft_bitwise: fix dst corruption in same register shifts", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/500862/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2225879/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2225879/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <netfilter-devel+bounces-12116-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256\n header.s=susede2_rsa header.b=OGIKaAdu;\n\tdkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=VTQloidW;\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.a=rsa-sha256 header.s=susede2_rsa header.b=iJhc4o06;\n\tdkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=eUVvNSEO;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12116-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"OGIKaAdu\";\n\tdkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"VTQloidW\";\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"iJhc4o06\";\n\tdkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"eUVvNSEO\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=195.135.223.131", "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=suse.de", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=suse.de", "smtp-out2.suse.de;\n\tdkim=pass header.d=suse.de header.s=susede2_rsa header.b=iJhc4o06;\n\tdkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=eUVvNSEO" ], "Received": [ "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0VBy30SHz1yGt\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 03:46:02 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 9988E30AE9C1\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 21 Apr 2026 17:40:09 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 178EF31E827;\n\tTue, 21 Apr 2026 17:40:09 +0000 (UTC)", "from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 6403B4C6C\n\tfor <netfilter-devel@vger.kernel.org>; Tue, 21 Apr 2026 17:40:07 +0000 (UTC)", "from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org\n [IPv6:2a07:de40:b281:104:10:150:64:97])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby smtp-out2.suse.de (Postfix) with ESMTPS id 63F945BD2A;\n\tTue, 21 Apr 2026 17:40:04 +0000 (UTC)", "from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id D6895593AF;\n\tTue, 21 Apr 2026 17:40:03 +0000 (UTC)", "from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])\n\tby imap1.dmz-prg2.suse.org with ESMTPSA\n\tid AZaTMHO252lxBQAAD6G6ig\n\t(envelope-from <fmancera@suse.de>); Tue, 21 Apr 2026 17:40:03 +0000" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776793208; cv=none;\n b=avZTR2mhq/994PyIB5lXtveB3fbG1JQ7QjAIaiXOqUjDuB316YLCpOkeiu7F7KapTGhRW0EPo6xScm5stnrqAyaKmLunDk1/qsNOKUw9zmcpI9jS0xZeFARs/MvKzw4YMo1Yk54FI7PUDnnkg9VEnIFJ95nR7bm0K2gDwsM4Bsw=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776793208; c=relaxed/simple;\n\tbh=fmN9ec2CXR4G9rQPY7wmdZcKYopNT2zCLuG9WqhWtNk=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version;\n b=SADQhSc29yDqNoSSY+xQVXMwoLw4/igOpN540pdHtsVnQiMrtmh6HNnAq9IhMuhN7dh+zioMz9/KHUlEOz80Dyc2Bkbl+5rAfj4bG7tdwVjSeXT8mmp1G90xVkop4e4ob/s2YJB9ounR9T+K8iai1LrJ2BNdyNqJwU/SnoF3Vys=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=suse.de;\n spf=pass smtp.mailfrom=suse.de;\n dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=OGIKaAdu;\n dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=VTQloidW;\n dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=iJhc4o06;\n dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=eUVvNSEO; arc=none smtp.client-ip=195.135.223.131", "DKIM-Signature": [ "v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n\tt=1776793205;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:\n content-transfer-encoding:content-transfer-encoding;\n\tbh=CPp2KyLd/ovGUTDUkDRpkTGGS1w+vXatZrC2mHHUqPM=;\n\tb=OGIKaAduFIyHA97wBBI6JyCVscOlNN7UXmUHjZqgYlLIAQpAR2szrOQt2gc2jWHUQDmAEq\n\tUdwrGBWGxS/tEG3UIAc7PqtCQG4dJaH+YNyxP2hNjm63JFniv0BqPXGQNg08kj1RZDeSxD\n\tFMEpDD5ZcXZIzgtv4tU1C3XRqPyQh7Y=", "v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n\ts=susede2_ed25519; t=1776793205;\n\th=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:\n content-transfer-encoding:content-transfer-encoding;\n\tbh=CPp2KyLd/ovGUTDUkDRpkTGGS1w+vXatZrC2mHHUqPM=;\n\tb=VTQloidWpyQam6glY5WG9L5jODwgyNA5nq/kUl92aI7plUbl4exHHShRb0fmFW98HHPIzn\n\tglrWgG4K0BBEByCA==", "v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n\tt=1776793204;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:\n content-transfer-encoding:content-transfer-encoding;\n\tbh=CPp2KyLd/ovGUTDUkDRpkTGGS1w+vXatZrC2mHHUqPM=;\n\tb=iJhc4o06/fRoIBjTRkuAvCa5dlYcCTWVwcdXPRwJ4akDDDiFmOusfoidkV+VxlDNq8HeyQ\n\tC2t3W/s2EDP0uHFbm5wVrxmnZRGXq/DAhj7diT4hJS7fhSsNYsPtyUcmhuYr1OgnOSDRkf\n\tcmvK8oaG6Xb/KGYNgbARdjiJF5A15fI=", "v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n\ts=susede2_ed25519; t=1776793204;\n\th=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:\n content-transfer-encoding:content-transfer-encoding;\n\tbh=CPp2KyLd/ovGUTDUkDRpkTGGS1w+vXatZrC2mHHUqPM=;\n\tb=eUVvNSEOczJ3j5MwIKjkiM+jfooafxRGrIyiH5dq4dTiyWi6PahU19MJQ/ENSNsWLXc/fp\n\tM6eXmJbtQgwY9hAQ==" ], "From": "Fernando Fernandez Mancera <fmancera@suse.de>", "To": "netfilter-devel@vger.kernel.org", "Cc": "coreteam@netfilter.org,\n\tphil@nwl.cc,\n\tfw@strlen.de,\n\tpablo@netfilter.org,\n\tjeremy@azazel.net,\n\tFernando Fernandez Mancera <fmancera@suse.de>", "Subject": "[PATCH nf] netfilter: nft_bitwise: fix dst corruption in same\n register shifts", "Date": "Tue, 21 Apr 2026 19:38:52 +0200", "Message-ID": "<20260421173851.7945-2-fmancera@suse.de>", "X-Mailer": "git-send-email 2.51.0", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-Spamd-Result": "default: False [-3.01 / 50.00];\n\tBAYES_HAM(-3.00)[100.00%];\n\tNEURAL_HAM_LONG(-1.00)[-1.000];\n\tMID_CONTAINS_FROM(1.00)[];\n\tR_MISSING_CHARSET(0.50)[];\n\tR_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];\n\tNEURAL_HAM_SHORT(-0.20)[-1.000];\n\tMIME_GOOD(-0.10)[text/plain];\n\tMX_GOOD(-0.01)[];\n\tARC_NA(0.00)[];\n\tRCVD_VIA_SMTP_AUTH(0.00)[];\n\tRCVD_COUNT_TWO(0.00)[2];\n\tRBL_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:104:10:150:64:97:from];\n\tMIME_TRACE(0.00)[0:+];\n\tFUZZY_RATELIMITED(0.00)[rspamd.com];\n\tTO_DN_SOME(0.00)[];\n\tFROM_HAS_DN(0.00)[];\n\tRECEIVED_SPAMHAUS_BLOCKED_OPENRESOLVER(0.00)[2a07:de40:b281:106:10:150:64:167:received];\n\tRCPT_COUNT_SEVEN(0.00)[7];\n\tTO_MATCH_ENVRCPT_ALL(0.00)[];\n\tDBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,imap1.dmz-prg2.suse.org:rdns,suse.de:mid,suse.de:dkim,suse.de:email];\n\tRCVD_TLS_ALL(0.00)[];\n\tFROM_EQ_ENVFROM(0.00)[];\n\tSPAMHAUS_XBL(0.00)[2a07:de40:b281:104:10:150:64:97:from];\n\tDKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];\n\tDKIM_TRACE(0.00)[suse.de:+]", "X-Rspamd-Action": "no action", "X-Spam-Flag": "NO", "X-Spam-Score": "-3.01", "X-Spam-Level": "", "X-Rspamd-Server": "rspamd1.dmz-prg2.suse.org", "X-Rspamd-Queue-Id": "63F945BD2A" }, "content": "For lshift and rshift, the shift operations are performed in a loop over\n32-bit words. The loop calculates the shifted value and write it to dst,\nand then immediately reads from src to calculate the carry for the next\niteration. Because src and dst could point to the same memory location,\nthe carry is incorrectly calculated using the newly modified dst value\ninstead of the original src value.\n\nAdding a temporal local variable to cache the original value before\nwriting to dst and using it for the carry calculation solves the\nproblem. This was tested with the following payload:\n\ntable test_table ip flags 0 use 1 handle 1\nip test_table test_chain use 3 type filter hook input prio 0 policy accept packets 0 bytes 0 flags 1\nip test_table test_chain 2\n [ immediate reg 1 0x44332211 0x88776655 ]\n [ bitwise reg 1 = ( reg 1 << 0x08000000 ) ]\n [ cmp eq reg 1 0x66443322 0x00887766 ]\n [ counter pkts 0 bytes 0 ]\nip test_table test_chain 4 3\n [ immediate reg 1 0x44332211 0x88776655 ]\n [ bitwise reg 1 = ( reg 1 << 0x08000000 ) ]\n [ cmp eq reg 1 0x55443322 0x00887766 ]\n [ counter pkts 21794 bytes 1917798 ]\n\nFixes: 567d746b55bc (\"netfilter: bitwise: add support for shifts.\")\nSigned-off-by: Fernando Fernandez Mancera <fmancera@suse.de>\n---\nNote: I found this issue while digging into the lshift/rshift operation\n---\n net/netfilter/nft_bitwise.c | 12 ++++++++----\n 1 file changed, 8 insertions(+), 4 deletions(-)", "diff": "diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c\nindex 13808e9cd999..136e8f3a71c5 100644\n--- a/net/netfilter/nft_bitwise.c\n+++ b/net/netfilter/nft_bitwise.c\n@@ -43,8 +43,10 @@ static void nft_bitwise_eval_lshift(u32 *dst, const u32 *src,\n \tu32 carry = 0;\n \n \tfor (i = DIV_ROUND_UP(priv->len, sizeof(u32)); i > 0; i--) {\n-\t\tdst[i - 1] = (src[i - 1] << shift) | carry;\n-\t\tcarry = src[i - 1] >> (BITS_PER_TYPE(u32) - shift);\n+\t\tu32 tmp_src = src[i - 1];\n+\n+\t\tdst[i - 1] = (tmp_src << shift) | carry;\n+\t\tcarry = tmp_src >> (BITS_PER_TYPE(u32) - shift);\n \t}\n }\n \n@@ -56,8 +58,10 @@ static void nft_bitwise_eval_rshift(u32 *dst, const u32 *src,\n \tu32 carry = 0;\n \n \tfor (i = 0; i < DIV_ROUND_UP(priv->len, sizeof(u32)); i++) {\n-\t\tdst[i] = carry | (src[i] >> shift);\n-\t\tcarry = src[i] << (BITS_PER_TYPE(u32) - shift);\n+\t\tu32 tmp_src = src[i];\n+\n+\t\tdst[i] = carry | (tmp_src >> shift);\n+\t\tcarry = tmp_src << (BITS_PER_TYPE(u32) - shift);\n \t}\n }\n \n", "prefixes": [ "nf" ] }