GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/2227395/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2227395,
    "url": "http://patchwork.ozlabs.org/api/patches/2227395/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260423155453.7499-1-fmancera@suse.de/",
    "project": {
        "id": 26,
        "url": "http://patchwork.ozlabs.org/api/projects/26/?format=api",
        "name": "Netfilter Development",
        "link_name": "netfilter-devel",
        "list_id": "netfilter-devel.vger.kernel.org",
        "list_email": "netfilter-devel@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260423155453.7499-1-fmancera@suse.de>",
    "list_archive_url": null,
    "date": "2026-04-23T15:54:53",
    "name": "[nf,v3] netfilter: nft_bitwise: fix dst corruption in same register shifts",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "f89b45fea550e6a167405431f233af85c38262da",
    "submitter": {
        "id": 90904,
        "url": "http://patchwork.ozlabs.org/api/people/90904/?format=api",
        "name": "Fernando Fernandez Mancera",
        "email": "fmancera@suse.de"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260423155453.7499-1-fmancera@suse.de/mbox/",
    "series": [
        {
            "id": 501213,
            "url": "http://patchwork.ozlabs.org/api/series/501213/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=501213",
            "date": "2026-04-23T15:54:53",
            "name": "[nf,v3] netfilter: nft_bitwise: fix dst corruption in same register shifts",
            "version": 3,
            "mbox": "http://patchwork.ozlabs.org/series/501213/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2227395/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2227395/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "\n <netfilter-devel+bounces-12162-incoming=patchwork.ozlabs.org@vger.kernel.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "netfilter-devel@vger.kernel.org"
        ],
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256\n header.s=susede2_rsa header.b=diNSikBq;\n\tdkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=neyORW8b;\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.a=rsa-sha256 header.s=susede2_rsa header.b=diNSikBq;\n\tdkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=neyORW8b;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12162-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)",
            "smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"diNSikBq\";\n\tdkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"neyORW8b\";\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"diNSikBq\";\n\tdkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"neyORW8b\"",
            "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=195.135.223.130",
            "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=suse.de",
            "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=suse.de",
            "smtp-out1.suse.de;\n\tnone"
        ],
        "Received": [
            "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g1ghl2mN4z1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 24 Apr 2026 01:57:27 +1000 (AEST)",
            "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id B3D96303C60F\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 23 Apr 2026 15:55:10 +0000 (UTC)",
            "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 6BC5136C9CC;\n\tThu, 23 Apr 2026 15:55:09 +0000 (UTC)",
            "from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 6745C26738D\n\tfor <netfilter-devel@vger.kernel.org>; Thu, 23 Apr 2026 15:55:07 +0000 (UTC)",
            "from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby smtp-out1.suse.de (Postfix) with ESMTPS id 9762B6A882;\n\tThu, 23 Apr 2026 15:55:05 +0000 (UTC)",
            "from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 2E12C593A3;\n\tThu, 23 Apr 2026 15:55:05 +0000 (UTC)",
            "from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])\n\tby imap1.dmz-prg2.suse.org with ESMTPSA\n\tid GayFCNlA6mkKQwAAD6G6ig\n\t(envelope-from <fmancera@suse.de>); Thu, 23 Apr 2026 15:55:05 +0000"
        ],
        "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776959709; cv=none;\n b=VLtkWtcUhz1Jgveqj99YTIpp+GFxONw6kMriigzOSKKhxXDeVd9GbTOxsL//VZD0hJSY7BGAdUe/+bRNJM5xZ0o4e8RWhjSSBUnud047dszezNIQWCQ0pEgyv1ThSzWPHpBlZMlHqS5wNTRnvlPY0w12gZf/0AtWrSNmh306Vok=",
        "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776959709; c=relaxed/simple;\n\tbh=2VF/N28Sc6OmVKvS1jHYF42AAcYQw/5oGBJoyuO9OYw=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version;\n b=IDZyiNBbYbKTkuttumAOjALjur5DyLU1JwAIQEAeWVY6RAqKrLP8VuY6m862yYx+vMbZQWNFYHlBkj8o/IlLhorFx0AA7QwskVm0rRtmieAGJKKC4hNjb3VVFf1Ol7vLGXOY3MM3ROiZu6wggaLuuwN3EsL5zVZCSFBQ+P2IvzQ=",
        "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=suse.de;\n spf=pass smtp.mailfrom=suse.de;\n dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=diNSikBq;\n dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=neyORW8b;\n dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=diNSikBq;\n dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=neyORW8b; arc=none smtp.client-ip=195.135.223.130",
        "DKIM-Signature": [
            "v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n\tt=1776959705;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:\n  content-transfer-encoding:content-transfer-encoding;\n\tbh=YlZVZ+d4uNyokqlcnGcDE3g52q6N182GVtkbAYIj2PU=;\n\tb=diNSikBqyGf50RvrTVZOJ1yrRZ7VfbTEpbuhgvUkaZbdyo0bcKod31QavJCYuL3csmwqoS\n\tbBV82M3k98KTX9+Mt6XVmVPTzSodr5ccMTXKKBOStjFYLPiUONrXmLpmbjGuuhymYYUz1r\n\tXk2Pe3TB1h+rgBr5oLHqjdOZFQC9IJk=",
            "v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n\ts=susede2_ed25519; t=1776959705;\n\th=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:\n  content-transfer-encoding:content-transfer-encoding;\n\tbh=YlZVZ+d4uNyokqlcnGcDE3g52q6N182GVtkbAYIj2PU=;\n\tb=neyORW8bt38oYbidfBRePaRm5iUOkkxy+QaZxHwt8OMP9aCMJAjUVIddxrgzBGWM1kYZEw\n\tzNcU5GzpAMnSTaAA==",
            "v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n\tt=1776959705;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:\n  content-transfer-encoding:content-transfer-encoding;\n\tbh=YlZVZ+d4uNyokqlcnGcDE3g52q6N182GVtkbAYIj2PU=;\n\tb=diNSikBqyGf50RvrTVZOJ1yrRZ7VfbTEpbuhgvUkaZbdyo0bcKod31QavJCYuL3csmwqoS\n\tbBV82M3k98KTX9+Mt6XVmVPTzSodr5ccMTXKKBOStjFYLPiUONrXmLpmbjGuuhymYYUz1r\n\tXk2Pe3TB1h+rgBr5oLHqjdOZFQC9IJk=",
            "v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n\ts=susede2_ed25519; t=1776959705;\n\th=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:\n  content-transfer-encoding:content-transfer-encoding;\n\tbh=YlZVZ+d4uNyokqlcnGcDE3g52q6N182GVtkbAYIj2PU=;\n\tb=neyORW8bt38oYbidfBRePaRm5iUOkkxy+QaZxHwt8OMP9aCMJAjUVIddxrgzBGWM1kYZEw\n\tzNcU5GzpAMnSTaAA=="
        ],
        "From": "Fernando Fernandez Mancera <fmancera@suse.de>",
        "To": "netfilter-devel@vger.kernel.org",
        "Cc": "coreteam@netfilter.org,\n\tjeremy@azazel.net,\n\tphil@nwl.cc,\n\tfw@strlen.de,\n\tpablo@netfilter.org,\n\tFernando Fernandez Mancera <fmancera@suse.de>",
        "Subject": "[PATCH nf v3] netfilter: nft_bitwise: fix dst corruption in same\n register shifts",
        "Date": "Thu, 23 Apr 2026 17:54:53 +0200",
        "Message-ID": "<20260423155453.7499-1-fmancera@suse.de>",
        "X-Mailer": "git-send-email 2.51.0",
        "Precedence": "bulk",
        "X-Mailing-List": "netfilter-devel@vger.kernel.org",
        "List-Id": "<netfilter-devel.vger.kernel.org>",
        "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>",
        "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "X-Spam-Score": "-2.80",
        "X-Spam-Level": "",
        "X-Spamd-Result": "default: False [-2.80 / 50.00];\n\tBAYES_HAM(-3.00)[100.00%];\n\tNEURAL_HAM_LONG(-1.00)[-1.000];\n\tMID_CONTAINS_FROM(1.00)[];\n\tR_MISSING_CHARSET(0.50)[];\n\tNEURAL_HAM_SHORT(-0.20)[-0.988];\n\tMIME_GOOD(-0.10)[text/plain];\n\tTO_MATCH_ENVRCPT_ALL(0.00)[];\n\tARC_NA(0.00)[];\n\tRCVD_VIA_SMTP_AUTH(0.00)[];\n\tFROM_HAS_DN(0.00)[];\n\tMIME_TRACE(0.00)[0:+];\n\tDBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo];\n\tFUZZY_RATELIMITED(0.00)[rspamd.com];\n\tRCPT_COUNT_SEVEN(0.00)[7];\n\tRCVD_COUNT_TWO(0.00)[2];\n\tFROM_EQ_ENVFROM(0.00)[];\n\tDKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];\n\tTO_DN_SOME(0.00)[];\n\tRCVD_TLS_ALL(0.00)[]",
        "X-Spam-Flag": "NO"
    },
    "content": "For lshift and rshift, the shift operations are performed in a loop over\n32-bit words. The loop calculates the shifted value and write it to dst,\nand then immediately reads from src to calculate the carry for the next\niteration. Because src and dst could point to the same memory location,\nthe carry is incorrectly calculated using the newly modified dst value\ninstead of the original src value.\n\nAdding a temporary local variable to cache the original value before\nwriting to dst and using it for the carry calculation solves the\nproblem. In addition, partial overlap is rejected from control plane.\nThis was tested with the following bytecode:\n\ntable test_table ip flags 0 use 1 handle 1\nip test_table test_chain use 3 type filter hook input prio 0 policy accept packets 0 bytes 0 flags 1\nip test_table test_chain 2\n  [ immediate reg 1 0x44332211 0x88776655 ]\n  [ bitwise reg 1 = ( reg 1 << 0x08000000 ) ]\n  [ cmp eq reg 1 0x66443322 0x00887766 ]\n  [ counter pkts 0 bytes 0 ]\nip test_table test_chain 4 3\n  [ immediate reg 1 0x44332211 0x88776655 ]\n  [ bitwise reg 1 = ( reg 1 << 0x08000000 ) ]\n  [ cmp eq reg 1 0x55443322 0x00887766 ]\n  [ counter pkts 21794 bytes 1917798 ]\n\nFixes: 567d746b55bc (\"netfilter: bitwise: add support for shifts.\")\nSigned-off-by: Fernando Fernandez Mancera <fmancera@suse.de>\nAcked-by: Jeremy Sowden <jeremy@azazel.net>\n---\nv2: handled partially register overlap\nv3: reject partially overlap from control plane, added back Acked-by\nfrom Jeremy Snowden as he provided it for v1\n---\n net/netfilter/nft_bitwise.c | 18 ++++++++++++++----\n 1 file changed, 14 insertions(+), 4 deletions(-)",
    "diff": "diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c\nindex 13808e9cd999..c1a3e690f4a4 100644\n--- a/net/netfilter/nft_bitwise.c\n+++ b/net/netfilter/nft_bitwise.c\n@@ -43,8 +43,10 @@ static void nft_bitwise_eval_lshift(u32 *dst, const u32 *src,\n \tu32 carry = 0;\n \n \tfor (i = DIV_ROUND_UP(priv->len, sizeof(u32)); i > 0; i--) {\n-\t\tdst[i - 1] = (src[i - 1] << shift) | carry;\n-\t\tcarry = src[i - 1] >> (BITS_PER_TYPE(u32) - shift);\n+\t\tu32 tmp_src = src[i - 1];\n+\n+\t\tdst[i - 1] = (tmp_src << shift) | carry;\n+\t\tcarry = tmp_src >> (BITS_PER_TYPE(u32) - shift);\n \t}\n }\n \n@@ -56,8 +58,10 @@ static void nft_bitwise_eval_rshift(u32 *dst, const u32 *src,\n \tu32 carry = 0;\n \n \tfor (i = 0; i < DIV_ROUND_UP(priv->len, sizeof(u32)); i++) {\n-\t\tdst[i] = carry | (src[i] >> shift);\n-\t\tcarry = src[i] << (BITS_PER_TYPE(u32) - shift);\n+\t\tu32 tmp_src = src[i];\n+\n+\t\tdst[i] = carry | (tmp_src >> shift);\n+\t\tcarry = tmp_src << (BITS_PER_TYPE(u32) - shift);\n \t}\n }\n \n@@ -177,6 +181,7 @@ static int nft_bitwise_init_mask_xor(struct nft_bitwise *priv,\n static int nft_bitwise_init_shift(struct nft_bitwise *priv,\n \t\t\t\t  const struct nlattr *const tb[])\n {\n+\tunsigned int n = DIV_ROUND_UP(priv->len, sizeof(u32));\n \tstruct nft_data_desc desc = {\n \t\t.type\t= NFT_DATA_VALUE,\n \t\t.size\t= sizeof(priv->data),\n@@ -201,6 +206,11 @@ static int nft_bitwise_init_shift(struct nft_bitwise *priv,\n \t\treturn -EINVAL;\n \t}\n \n+\tif (priv->sreg != priv->dreg &&\n+\t    priv->dreg < priv->sreg + n &&\n+\t    priv->sreg < priv->dreg + n)\n+\t\treturn -EINVAL;\n+\n \treturn 0;\n }\n \n",
    "prefixes": [
        "nf",
        "v3"
    ]
}