[{"id":3680751,"web_url":"http://patchwork.ozlabs.org/comment/3680751/","msgid":"<55b8bb86-3f2d-4feb-9311-3381a460b243@suse.de>","list_archive_url":null,"date":"2026-04-22T18:07:11","subject":"Re: [PATCH nf v2 1/1] netfilter: reject zero shift in nft_bitwise","submitter":{"id":90904,"url":"http://patchwork.ozlabs.org/api/people/90904/","name":"Fernando Fernandez Mancera","email":"fmancera@suse.de"},"content":"On 4/22/26 4:54 PM, Ren Wei wrote:\n> From: Kai Ma <k4729.23098@gmail.com>\n> \n> Reject zero shift operands for nft_bitwise left and right shift\n> expressions during initialization.\n> \n> The carry propagation logic computes the carry from the adjacent 32-bit\n> word using BITS_PER_TYPE(u32) - shift. A zero shift operand turns this\n> into a 32-bit shift, which is undefined behaviour.\n> \n> Reject zero shift operands in the control plane, alongside the existing\n> check for values greater than or equal to 32, so malformed rules never\n> reach the packet path.\n> \n> Fixes: 567d746b55bc (\"netfilter: bitwise: add support for shifts.\")\n> Cc: stable@kernel.org\n\nWhat is the point of Cc'ing stable@kernel.org? Also they are not on CC. \nThis is a corner case that no one hit before because it is useless to \nperform a 0-shift operation.\n\n> Reported-by: Yuan Tan <yuantan098@gmail.com>\n> Reported-by: Yifan Wu <yifanwucs@gmail.com>\n> Reported-by: Juefei Pu <tomapufckgml@gmail.com>\n> Reported-by: Xin Liu <bird@lzu.edu.cn>\n> Signed-off-by: Kai Ma <k4729.23098@gmail.com>\n> Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>\n\nReviewed-by: Fernando Fernandez Mancera <fmancera@suse.de>\n\n> ---\n> changes in v2:\n>    - Reject zero shift operands in nft_bitwise_init_shift() and drop the\n>      runtime zero-shift handling in the eval path.\n>    - v1 Link: https://lore.kernel.org/all/5166c80ac3006080e4542ef4c3bf28bc78c696bc.1776667409.git.k4729.23098@gmail.com/\n> \n>   net/netfilter/nft_bitwise.c | 3 ++-\n>   1 file changed, 2 insertions(+), 1 deletion(-)\n> \n> diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c\n> index 13808e9cd999..94dccdcfa06b 100644\n> --- a/net/netfilter/nft_bitwise.c\n> +++ b/net/netfilter/nft_bitwise.c\n> @@ -196,7 +196,8 @@ static int nft_bitwise_init_shift(struct nft_bitwise *priv,\n>   \tif (err < 0)\n>   \t\treturn err;\n>   \n> -\tif (priv->data.data[0] >= BITS_PER_TYPE(u32)) {\n> +\tif (!priv->data.data[0] ||\n> +\t    priv->data.data[0] >= BITS_PER_TYPE(u32)) {\n>   \t\tnft_data_release(&priv->data, desc.type);\n>   \t\treturn -EINVAL;\n>   \t}","headers":{"Return-Path":"\n <netfilter-devel+bounces-12141-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256\n header.s=susede2_rsa header.b=1iq9Csh4;\n\tdkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=9y0R5UYe;\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.a=rsa-sha256 header.s=susede2_rsa header.b=1iq9Csh4;\n\tdkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=9y0R5UYe;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.105.105.114; helo=tor.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12141-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"1iq9Csh4\";\n\tdkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"9y0R5UYe\";\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"1iq9Csh4\";\n\tdkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"9y0R5UYe\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=195.135.223.131","smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=suse.de","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=suse.de","smtp-out2.suse.de;\n\tnone"],"Received":["from tor.lore.kernel.org (tor.lore.kernel.org [172.105.105.114])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g16dS2JDMz1y2d\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 23 Apr 2026 04:07:40 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 13AC83061DE5\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 18:07:31 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id E0D5F3BED76;\n\tWed, 22 Apr 2026 18:07:29 +0000 (UTC)","from smtp-out2.suse.de (smtp-out2.suse.de [195.135.223.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 1BA8F387594\n\tfor <netfilter-devel@vger.kernel.org>; Wed, 22 Apr 2026 18:07:27 +0000 (UTC)","from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby smtp-out2.suse.de (Postfix) with ESMTPS id 1AC415BD33;\n\tWed, 22 Apr 2026 18:07:26 +0000 (UTC)","from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 2F5D4593AF;\n\tWed, 22 Apr 2026 18:07:25 +0000 (UTC)","from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])\n\tby imap1.dmz-prg2.suse.org with ESMTPSA\n\tid k8xvCF0O6WnaOwAAD6G6ig\n\t(envelope-from <fmancera@suse.de>); Wed, 22 Apr 2026 18:07:25 +0000"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776881249; cv=none;\n b=CCNX/eynlxW9HL+JSrS/3+4atz3mlJ+Q8GbEPWJUYCijFwKX7CmA9CHGr7SQSOfUSYAp/YWTa9GZY+hcACofrHaAbZTY4REkjNT/4X/IqMZTueylWqGY3ayc5px7Gw91M009Gj5JKpX6ptSnhdOL102IG02aUlHvifUGQpL4hLU=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776881249; c=relaxed/simple;\n\tbh=YvUM8qOUy9WhDTYzAG5Mik3nxmgStgV1kp4u4MUBZTc=;\n\th=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:\n\t In-Reply-To:Content-Type;\n b=CfKuPgPQRN1O6r6pTNNIFgwiMFPVGBBaxWAfRMB5msr9xOdgQgNcHVN+3g90NkER99XnuhKS7J044s4LFErsK3zHlqIwD33N6PIhckftjZxH+K/0XChFHjZ6Th3QRHpJnh1Krxpb74894FVrzY68zVaPM9Cf3wCsSB2E3Rl87W4=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=suse.de;\n spf=pass smtp.mailfrom=suse.de;\n dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=1iq9Csh4;\n dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=9y0R5UYe;\n dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=1iq9Csh4;\n dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=9y0R5UYe; arc=none smtp.client-ip=195.135.223.131","DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n\tt=1776881246;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:content-type:content-type:\n\t content-transfer-encoding:content-transfer-encoding:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=VuCkhLoRLC9lrzx8fvFMucxkSisEGye2DBWzpre6BSo=;\n\tb=1iq9Csh4evSlkv3KJy8r0hgJw3lSUkCr+dNY6/xrD3Yjnhiq0JLs7iTWt3cgfPYDmkUN8z\n\tr8a0lvd9se7UsHsbcG0/zj0hySWO1VsrShYGx83Zxt2ZcFFdAMWi6OQuYHq5mHvcW5AYSC\n\tv3kjS4Datydz5EdYM/Srt0ZdViHP320=","v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n\ts=susede2_ed25519; t=1776881246;\n\th=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:content-type:content-type:\n\t content-transfer-encoding:content-transfer-encoding:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=VuCkhLoRLC9lrzx8fvFMucxkSisEGye2DBWzpre6BSo=;\n\tb=9y0R5UYeRqk3UHhwEyN7eVddmoHqoqfu5X+YnKVHqF55apSH7VFS568B7uP8rVDHKpHVWq\n\t7tasIBXtkskBTFDg==","v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n\tt=1776881246;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:content-type:content-type:\n\t content-transfer-encoding:content-transfer-encoding:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=VuCkhLoRLC9lrzx8fvFMucxkSisEGye2DBWzpre6BSo=;\n\tb=1iq9Csh4evSlkv3KJy8r0hgJw3lSUkCr+dNY6/xrD3Yjnhiq0JLs7iTWt3cgfPYDmkUN8z\n\tr8a0lvd9se7UsHsbcG0/zj0hySWO1VsrShYGx83Zxt2ZcFFdAMWi6OQuYHq5mHvcW5AYSC\n\tv3kjS4Datydz5EdYM/Srt0ZdViHP320=","v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n\ts=susede2_ed25519; t=1776881246;\n\th=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:content-type:content-type:\n\t content-transfer-encoding:content-transfer-encoding:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=VuCkhLoRLC9lrzx8fvFMucxkSisEGye2DBWzpre6BSo=;\n\tb=9y0R5UYeRqk3UHhwEyN7eVddmoHqoqfu5X+YnKVHqF55apSH7VFS568B7uP8rVDHKpHVWq\n\t7tasIBXtkskBTFDg=="],"Message-ID":"<55b8bb86-3f2d-4feb-9311-3381a460b243@suse.de>","Date":"Wed, 22 Apr 2026 20:07:11 +0200","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"<netfilter-devel.vger.kernel.org>","List-Subscribe":"<mailto:netfilter-devel+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:netfilter-devel+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"Re: [PATCH nf v2 1/1] netfilter: reject zero shift in nft_bitwise","To":"Ren Wei <n05ec@lzu.edu.cn>, netfilter-devel@vger.kernel.org","Cc":"pablo@netfilter.org, fw@strlen.de, phil@nwl.cc, davem@davemloft.net,\n edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, horms@kernel.org,\n jeremy@azazel.net, yuantan098@gmail.com, yifanwucs@gmail.com,\n tomapufckgml@gmail.com, bird@lzu.edu.cn, k4729.23098@gmail.com","References":"<20260422145419.2927088-1-n05ec@lzu.edu.cn>","Content-Language":"en-US","From":"Fernando Fernandez Mancera <fmancera@suse.de>","In-Reply-To":"<20260422145419.2927088-1-n05ec@lzu.edu.cn>","Content-Type":"text/plain; charset=UTF-8; format=flowed","Content-Transfer-Encoding":"7bit","X-Spam-Score":"-2.80","X-Spam-Level":"","X-Spamd-Result":"default: False [-2.80 / 50.00];\n\tBAYES_HAM(-3.00)[100.00%];\n\tSUSPICIOUS_RECIPS(1.50)[];\n\tNEURAL_HAM_LONG(-1.00)[-1.000];\n\tNEURAL_HAM_SHORT(-0.20)[-1.000];\n\tMIME_GOOD(-0.10)[text/plain];\n\tTAGGED_RCPT(0.00)[];\n\tFUZZY_RATELIMITED(0.00)[rspamd.com];\n\tMIME_TRACE(0.00)[0:+];\n\tRCPT_COUNT_TWELVE(0.00)[16];\n\tARC_NA(0.00)[];\n\tRCVD_VIA_SMTP_AUTH(0.00)[];\n\tRCVD_TLS_ALL(0.00)[];\n\tFREEMAIL_ENVRCPT(0.00)[gmail.com];\n\tTO_DN_SOME(0.00)[];\n\tFROM_HAS_DN(0.00)[];\n\tFREEMAIL_CC(0.00)[netfilter.org,strlen.de,nwl.cc,davemloft.net,google.com,kernel.org,redhat.com,azazel.net,gmail.com,lzu.edu.cn];\n\tMID_RHS_MATCH_FROM(0.00)[];\n\tFROM_EQ_ENVFROM(0.00)[];\n\tRCVD_COUNT_TWO(0.00)[2];\n\tTO_MATCH_ENVRCPT_ALL(0.00)[];\n\tDKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];\n\tDBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,suse.de:mid,suse.de:email]","X-Spam-Flag":"NO"}}]