[{"id":3681984,"web_url":"http://patchwork.ozlabs.org/comment/3681984/","msgid":"","list_archive_url":null,"date":"2026-04-24T11:18:32","subject":"Re: [PATCH nf v3] netfilter: nft_bitwise: fix dst corruption in same\n register shifts","submitter":{"id":1315,"url":"http://patchwork.ozlabs.org/api/people/1315/","name":"Pablo Neira Ayuso","email":"pablo@netfilter.org"},"content":"Hi Fernando,\n\nOn Thu, Apr 23, 2026 at 05:54:53PM +0200, Fernando Fernandez Mancera wrote:\n[...]\n> @@ -201,6 +206,11 @@ static int nft_bitwise_init_shift(struct nft_bitwise *priv,\n> \t\treturn -EINVAL;\n> \t}\n> \n> +\tif (priv->sreg != priv->dreg &&\n> +\t priv->dreg < priv->sreg + n &&\n> +\t priv->sreg < priv->dreg + n)\n\nIs this enough? Just to make sure we are on the same page.\n\nNFT_REG_1\nNFT_REG_2\nNFT_REG_3\nNFT_REG_4\n\nhave a size of 128 bytes.\n\nThen, NFT_REG32_00, NFT_REG32_01, NFT_REG32_02 and NFT_REG32_03\nbasically overlap with NFT_REG_1. They split the 128 bytes of\nNFT_REG_1 in 4 registers of 32 bytes.\n\nIs this check above enough to deal with the partial overlaps?\n\nThanks!\n\n> +\t\treturn -EINVAL;\n> +\n> \treturn 0;\n> }\n> \n> -- \n> 2.53.0\n> \n>","headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=netfilter.org header.i=@netfilter.org\n header.a=rsa-sha256 header.s=2025 header.b=XvB2C3Ns;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c15:e001:75::12fc:5321; helo=sin.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12174-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=\"XvB2C3Ns\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=217.70.190.124","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=netfilter.org"],"Received":["from sin.lore.kernel.org (sin.lore.kernel.org\n [IPv6:2600:3c15:e001:75::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g29Sx0fkFz1yDD\n\tfor ; Fri, 24 Apr 2026 21:18:57 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id 23E88300600F\n\tfor ; Fri, 24 Apr 2026 11:18:51 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id F00963ACEE6;\n\tFri, 24 Apr 2026 11:18:42 +0000 (UTC)","from mail.netfilter.org (mail.netfilter.org [217.70.190.124])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 8625D3A962D\n\tfor ; Fri, 24 Apr 2026 11:18:37 +0000 (UTC)","from netfilter.org (mail-agni [217.70.190.124])\n\tby mail.netfilter.org (Postfix) with UTF8SMTPSA id 9F791600B5;\n\tFri, 24 Apr 2026 13:18:34 +0200 (CEST)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777029521; cv=none;\n b=YuGUq/o6ItzU+Y7M43Ik/6WrIAiLxxajhZkjXPrrCQ0aZl985mwsQscEG+Lk8w3cGK+jp+YZoh967yrwO8+76r0POOWDZU42XZjFjnciuQir1NTjUij3WV39ItnVkeJFYxk4KTF6OmQyQ9xzmVo6VqJr+Px1gNg5y6tDEQMGVUw=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777029521; c=relaxed/simple;\n\tbh=JHCdOl1O5TCcRorW5swJrMuzFPwFczv8rd44PrZkF4k=;\n\th=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:\n\t Content-Type:Content-Disposition:In-Reply-To;\n b=Tc1FrGg75IR0X4Obrk+04QzvJNXhA6bin63yHYfG5E7AxR1BFjzrru904hN/cFW3JO5wImpFk6aZOax7z5mMguekS0AwezVG7fLuVnXx65O0wu/Z6ByzXG0acQRrVAvv4tmIvpXOTnijzZlHMBVcCvK2gHG21B8OghPGyP2zO18=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org;\n spf=pass smtp.mailfrom=netfilter.org;\n dkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=XvB2C3Ns; arc=none smtp.client-ip=217.70.190.124","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfilter.org;\n\ts=2025; t=1777029514;\n\tbh=hyKBmCiwm7cVJYTWuUsDM/MNW76xozDu9Pjo0IU6aD0=;\n\th=Date:From:To:Cc:Subject:References:In-Reply-To:From;\n\tb=XvB2C3Nsih2/S8e2l8T1ilxNjlr6WWi98GQckm1wd93AGuICsrrK4G7VqJhmXf+to\n\t nTem8NXVXs4zSxNSjOFOjiGLaPr07F+j/F10jqpar/3Rswm9B+SqxY3HdXV1K73JoL\n\t WLc9twsLpa1NDHI8UR/q5mBkix3CBNoXD7wT6ibQTjLtj2rq1IsH3IUOEZv4r47Wo0\n\t GNqMgVufz4bw5TBDpTICSiFTenrUdvEjvfoilP7YUuxriHquWtK9SPCiEfFYKsHYud\n\t /6iCUX4U0WXtlkqqu9UoO+LFTvbTD6VUJccz1fwiUoRTA/d0OGMuKc5cBlDtV1V5yO\n\t /riwvzXSDZM4A==","Date":"Fri, 24 Apr 2026 13:18:32 +0200","From":"Pablo Neira Ayuso ","To":"Fernando Fernandez Mancera ","Cc":"netfilter-devel@vger.kernel.org, coreteam@netfilter.org,\n\tjeremy@azazel.net, phil@nwl.cc, fw@strlen.de","Subject":"Re: [PATCH nf v3] netfilter: nft_bitwise: fix dst corruption in same\n register shifts","Message-ID":"","References":"<20260423155453.7499-1-fmancera@suse.de>","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Disposition":"inline","In-Reply-To":"<20260423155453.7499-1-fmancera@suse.de>"}},{"id":3682071,"web_url":"http://patchwork.ozlabs.org/comment/3682071/","msgid":"","list_archive_url":null,"date":"2026-04-24T15:03:17","subject":"Re: [PATCH nf v3] netfilter: nft_bitwise: fix dst corruption in same\n register shifts","submitter":{"id":90904,"url":"http://patchwork.ozlabs.org/api/people/90904/","name":"Fernando Fernandez Mancera","email":"fmancera@suse.de"},"content":"On 4/24/26 1:18 PM, Pablo Neira Ayuso wrote:\n> Hi Fernando,\n> \n> On Thu, Apr 23, 2026 at 05:54:53PM +0200, Fernando Fernandez Mancera wrote:\n> [...]\n>> @@ -201,6 +206,11 @@ static int nft_bitwise_init_shift(struct nft_bitwise *priv,\n>> \t\treturn -EINVAL;\n>> \t}\n>> \n>> +\tif (priv->sreg != priv->dreg &&\n>> +\t priv->dreg < priv->sreg + n &&\n>> +\t priv->sreg < priv->dreg + n)\n> \n> Is this enough? Just to make sure we are on the same page.\n> \n> NFT_REG_1\n> NFT_REG_2\n> NFT_REG_3\n> NFT_REG_4\n> \n> have a size of 128 bytes.\n> \n\nRight but if I am not wrong these registers are mapped/normalized. That \nhappens during nft_parse_register() earlier in the init() path.\n\nTherefore we must expect priv->sreg/dreg in the range [4, 19].\n\n> Then, NFT_REG32_00, NFT_REG32_01, NFT_REG32_02 and NFT_REG32_03\n> basically overlap with NFT_REG_1. They split the 128 bytes of\n> NFT_REG_1 in 4 registers of 32 bytes.\n> \n> Is this check above enough to deal with the partial overlaps?\n> \n\nI am not very good at math but as long as we have the length of the data \nwe can calculate the overlap in 4 bytes segments. Of course if from \nuserspace you mix both APIs the math should hold up.\n\nlet's say we have NFT_REG_1 as sreg and NFT_REG32_O1 as dreg and length \nof 8 bytes.\n\nThat is after normalization:\n\nsreg: 4 and dreg: 5\n\nsreg expands through registers 4 and 5\ndreg expands through registers 5 and 6\n\nThe check is able to catch it. Of course, if the length would be 4 \nbytes, the check would pass but that is fine.\n\nAt the end NFT_REG_1 is mapped to 32bits register number 4 while \nNFT_REG32_O1 is mapped to 32 bits register number 5.\n\nDoes this make sense? Anyway, AI suggested if this should be applied \nXOR, OR, AND, etc. I think yes, as the partial overlap could corrupt the \nresult there too. So a v4 is needed anyway.\n\nThanks,\nFernando.\n\n> Thanks!\n> \n>> +\t\treturn -EINVAL;\n>> +\n>> \treturn 0;\n>> }\n>> \n>> -- \n>> 2.53.0\n>>\n>>\n>","headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256\n header.s=susede2_rsa header.b=KpXPxbvd;\n\tdkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=R6zilqoZ;\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.a=rsa-sha256 header.s=susede2_rsa header.b=KpXPxbvd;\n\tdkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=R6zilqoZ;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12177-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"KpXPxbvd\";\n\tdkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"R6zilqoZ\";\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"KpXPxbvd\";\n\tdkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=\"R6zilqoZ\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=195.135.223.130","smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=suse.de","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=suse.de","smtp-out1.suse.de;\n\tnone"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g2GW54My0z1yD5\n\tfor ; Sat, 25 Apr 2026 01:06:09 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 2DC3E3011BC2\n\tfor ; Fri, 24 Apr 2026 15:03:23 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id EEE91282F3F;\n\tFri, 24 Apr 2026 15:03:21 +0000 (UTC)","from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 4BE9E282F14\n\tfor ; Fri, 24 Apr 2026 15:03:20 +0000 (UTC)","from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby smtp-out1.suse.de (Postfix) with ESMTPS id 984B86A869;\n\tFri, 24 Apr 2026 15:03:18 +0000 (UTC)","from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 434E6593A4;\n\tFri, 24 Apr 2026 15:03:18 +0000 (UTC)","from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])\n\tby imap1.dmz-prg2.suse.org with ESMTPSA\n\tid 0DWuDTaG62l+FgAAD6G6ig\n\t(envelope-from ); Fri, 24 Apr 2026 15:03:18 +0000"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777043001; cv=none;\n b=h3JvqsX/yHu6CyuTKxg+RCjsgxojKy5J3/05IyTvbO49R8WGyx1RaF0bzNLAEpZyevUeuM1k/Evj/0njjGaDoBy2MvXJU4VuLL8SI3DIpPMqbsZHUa5ScPyzuB/Gcfx6O5jPFySkStUb+q6kgYGp0W1q9HcMz813NTIHPbIIFR4=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777043001; c=relaxed/simple;\n\tbh=QGyDHsy6gpNnOdvz052XFtA4uMqbWyDYx5AzxE01M4w=;\n\th=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:\n\t In-Reply-To:Content-Type;\n b=JRUSQeRXlLmXdF8bq6CnjDVfnQaNpgxjAO+7NZF/UVLogeZW88oL8Opb3VgL55rrzS0nPFNmPQaVhSes+U2pOoz0/tXeO26z4laxJACiOopSPPsU8kdyur4ecsHgnH4gTGdMiIrCPbTWuvKLf+0fjZEXKl8cSoTvd3Dy4FgpP/U=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=suse.de;\n spf=pass smtp.mailfrom=suse.de;\n dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=KpXPxbvd;\n dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=R6zilqoZ;\n dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.b=KpXPxbvd;\n dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de\n header.b=R6zilqoZ; arc=none smtp.client-ip=195.135.223.130","DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n\tt=1777042998;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:content-type:content-type:\n\t content-transfer-encoding:content-transfer-encoding:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=Hf/WeSjesDWq9fMP1Egzq/M9bqh/fedm0IAgBxupDyw=;\n\tb=KpXPxbvd11DNvQBQadFVTx5DfnjR3wq01v/O+bt+fDDWRKwsCtjv8XUEIRZKSHUQkl+zPd\n\tBJ045XnnEIqEC8hce1FfbuYCISDcyEY4eOn8oofSfoz0WLOiNa+Wol2NZglWFSc5EREciK\n\tByHR6I61AEIaVcLqQbb2o/5sCJHMQ7o=","v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n\ts=susede2_ed25519; t=1777042998;\n\th=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:content-type:content-type:\n\t content-transfer-encoding:content-transfer-encoding:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=Hf/WeSjesDWq9fMP1Egzq/M9bqh/fedm0IAgBxupDyw=;\n\tb=R6zilqoZUU3MWvMW9FwwRt3lc64Idondo0a8GleFo7ZPv1w5dMYq5UHAKEMmyYfgekgv8f\n\tKb5gKbP7XriemECg==","v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n\tt=1777042998;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:content-type:content-type:\n\t content-transfer-encoding:content-transfer-encoding:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=Hf/WeSjesDWq9fMP1Egzq/M9bqh/fedm0IAgBxupDyw=;\n\tb=KpXPxbvd11DNvQBQadFVTx5DfnjR3wq01v/O+bt+fDDWRKwsCtjv8XUEIRZKSHUQkl+zPd\n\tBJ045XnnEIqEC8hce1FfbuYCISDcyEY4eOn8oofSfoz0WLOiNa+Wol2NZglWFSc5EREciK\n\tByHR6I61AEIaVcLqQbb2o/5sCJHMQ7o=","v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n\ts=susede2_ed25519; t=1777042998;\n\th=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n\t mime-version:mime-version:content-type:content-type:\n\t content-transfer-encoding:content-transfer-encoding:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=Hf/WeSjesDWq9fMP1Egzq/M9bqh/fedm0IAgBxupDyw=;\n\tb=R6zilqoZUU3MWvMW9FwwRt3lc64Idondo0a8GleFo7ZPv1w5dMYq5UHAKEMmyYfgekgv8f\n\tKb5gKbP7XriemECg=="],"Message-ID":"","Date":"Fri, 24 Apr 2026 17:03:17 +0200","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","User-Agent":"Mozilla Thunderbird","Subject":"Re: [PATCH nf v3] netfilter: nft_bitwise: fix dst corruption in same\n register shifts","To":"Pablo Neira Ayuso ","Cc":"netfilter-devel@vger.kernel.org, coreteam@netfilter.org,\n jeremy@azazel.net, phil@nwl.cc, fw@strlen.de","References":"<20260423155453.7499-1-fmancera@suse.de>\n ","Content-Language":"en-US","From":"Fernando Fernandez Mancera ","In-Reply-To":"","Content-Type":"text/plain; charset=UTF-8; format=flowed","Content-Transfer-Encoding":"7bit","X-Spamd-Result":"default: False [-4.30 / 50.00];\n\tBAYES_HAM(-3.00)[100.00%];\n\tNEURAL_HAM_LONG(-1.00)[-1.000];\n\tNEURAL_HAM_SHORT(-0.20)[-1.000];\n\tMIME_GOOD(-0.10)[text/plain];\n\tFUZZY_RATELIMITED(0.00)[rspamd.com];\n\tRCVD_VIA_SMTP_AUTH(0.00)[];\n\tMIME_TRACE(0.00)[0:+];\n\tARC_NA(0.00)[];\n\tTO_DN_SOME(0.00)[];\n\tMID_RHS_MATCH_FROM(0.00)[];\n\tRCVD_TLS_ALL(0.00)[];\n\tDKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];\n\tFROM_HAS_DN(0.00)[];\n\tRCPT_COUNT_FIVE(0.00)[6];\n\tFROM_EQ_ENVFROM(0.00)[];\n\tTO_MATCH_ENVRCPT_ALL(0.00)[];\n\tRCVD_COUNT_TWO(0.00)[2];\n\tDBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo,suse.de:mid]","X-Spam-Flag":"NO","X-Spam-Score":"-4.30","X-Spam-Level":""}},{"id":3682150,"web_url":"http://patchwork.ozlabs.org/comment/3682150/","msgid":"","list_archive_url":null,"date":"2026-04-24T17:14:06","subject":"Re: [PATCH nf v3] netfilter: nft_bitwise: fix dst corruption in same\n register shifts","submitter":{"id":1315,"url":"http://patchwork.ozlabs.org/api/people/1315/","name":"Pablo Neira Ayuso","email":"pablo@netfilter.org"},"content":"Hi Fernando,\n\nOn Fri, Apr 24, 2026 at 05:03:17PM +0200, Fernando Fernandez Mancera wrote:\n> On 4/24/26 1:18 PM, Pablo Neira Ayuso wrote:\n> > Hi Fernando,\n> > \n> > On Thu, Apr 23, 2026 at 05:54:53PM +0200, Fernando Fernandez Mancera wrote:\n> > [...]\n> > > @@ -201,6 +206,11 @@ static int nft_bitwise_init_shift(struct nft_bitwise *priv,\n> > > \t\treturn -EINVAL;\n> > > \t}\n> > > +\tif (priv->sreg != priv->dreg &&\n> > > +\t priv->dreg < priv->sreg + n &&\n> > > +\t priv->sreg < priv->dreg + n)\n> > \n> > Is this enough? Just to make sure we are on the same page.\n> > \n> > NFT_REG_1\n> > NFT_REG_2\n> > NFT_REG_3\n> > NFT_REG_4\n> > \n> > have a size of 128 bytes.\n> > \n> \n> Right but if I am not wrong these registers are mapped/normalized. That\n> happens during nft_parse_register() earlier in the init() path.\n\nIndeed, registers has been already normalized by nft_parse_register()\nat this stage.\n\n> Therefore we must expect priv->sreg/dreg in the range [4, 19].\n> \n> > Then, NFT_REG32_00, NFT_REG32_01, NFT_REG32_02 and NFT_REG32_03\n> > basically overlap with NFT_REG_1. They split the 128 bytes of\n> > NFT_REG_1 in 4 registers of 32 bytes.\n> > \n> > Is this check above enough to deal with the partial overlaps?\n> > \n> \n> I am not very good at math but as long as we have the length of the data we\n> can calculate the overlap in 4 bytes segments. Of course if from userspace\n> you mix both APIs the math should hold up.\n> \n> let's say we have NFT_REG_1 as sreg and NFT_REG32_O1 as dreg and length of 8\n> bytes.\n> \n> That is after normalization:\n> \n> sreg: 4 and dreg: 5\n> \n> sreg expands through registers 4 and 5\n> dreg expands through registers 5 and 6\n> \n> The check is able to catch it. Of course, if the length would be 4 bytes,\n> the check would pass but that is fine.\n> \n> At the end NFT_REG_1 is mapped to 32bits register number 4 while\n> NFT_REG32_O1 is mapped to 32 bits register number 5.\n> \n> Does this make sense? Anyway, AI suggested if this should be applied XOR,\n> OR, AND, etc. I think yes, as the partial overlap could corrupt the result\n> there too. So a v4 is needed anyway.\n\nOK, let's do that.\n\nThanks.","headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=netfilter.org header.i=@netfilter.org\n header.a=rsa-sha256 header.s=2025 header.b=rIR3qCR4;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12179-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=\"rIR3qCR4\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=217.70.190.124","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=netfilter.org"],"Received":["from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g2KSD3tsLz1yD5\n\tfor ; Sat, 25 Apr 2026 03:18:52 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 397A13030D3E\n\tfor ; Fri, 24 Apr 2026 17:14:15 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 7A3733E4C8F;\n\tFri, 24 Apr 2026 17:14:14 +0000 (UTC)","from mail.netfilter.org (mail.netfilter.org [217.70.190.124])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id E1D9A3E4C7F\n\tfor ; Fri, 24 Apr 2026 17:14:11 +0000 (UTC)","from netfilter.org (mail-agni [217.70.190.124])\n\tby mail.netfilter.org (Postfix) with UTF8SMTPSA id 7407B60178;\n\tFri, 24 Apr 2026 19:14:09 +0200 (CEST)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777050854; cv=none;\n b=scK4IjgB4QjXoiC7sjurKRIC/poyni/+/sDcZozYiqj+aqDCqqmcvZcwz/IBLe0XU42cc6f3RwwpKrV0FMJWHS/BQUi254XooikAU1+shL1MlLPO7ns9zGPQVEkx5SsRfcs0XCL4/DRcXkAac5M7LH3jDglZP4V4NjzTFccGC4Y=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777050854; c=relaxed/simple;\n\tbh=avuXtfTr98umn+Vg8Rj8X2RM9t03Uxoa7uJKMV+3qIo=;\n\th=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:\n\t Content-Type:Content-Disposition:In-Reply-To;\n b=BPCsMwOldSE87TvFwYS3wlqsCzJIsW5DsJpbnRx2uR5MCM+OAH+Gip9tgqkGWwKp3zKGGAFA5KP5cMX343C4Amzr5WEIQEVHyBbalAuSvtS8PBvWXCH/rAWd86VC6UPlHKusnJrMh/bAaMqR9k7sEsNNra/XOfgmoq3OpH47iWc=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org;\n spf=pass smtp.mailfrom=netfilter.org;\n dkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=rIR3qCR4; arc=none smtp.client-ip=217.70.190.124","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfilter.org;\n\ts=2025; t=1777050849;\n\tbh=UDrvALqsOBbDBMlCtUU7ekRnxzIgZPpjqiXGIN8H8Ak=;\n\th=Date:From:To:Cc:Subject:References:In-Reply-To:From;\n\tb=rIR3qCR4hiDWBVzRIJNpRoDfo5DVnunzbL/nYJxt3YFcwz1F0lZ4Z7zY403vHH89j\n\t UKZXCFx7aia0UaQQwSed6nWCX+WmhzoPEg8noEGvfCXcmq/KIJeJI1VzZH8H3b98to\n\t k5vo2S4dvIMrto2V1wFT9c9SVhvHYSZAqhiQJU4uXETgefNpvv3wVY2i3U9LhUEhaJ\n\t cAiTEHBtzYYY/p16794CfDK+vYTbL4MYA2qIWKUzPqfMZpPjrRSy2AxIuXIEx2tv3o\n\t 54v7321sR8UR47fFx7MH0N6lzSNRAK7XRhsmbs+/GZogEmUk+A7vPpjwQK4qBHkCE/\n\t 7m1rR0S+PsmuQ==","Date":"Fri, 24 Apr 2026 19:14:06 +0200","From":"Pablo Neira Ayuso ","To":"Fernando Fernandez Mancera ","Cc":"netfilter-devel@vger.kernel.org, coreteam@netfilter.org,\n\tjeremy@azazel.net, phil@nwl.cc, fw@strlen.de","Subject":"Re: [PATCH nf v3] netfilter: nft_bitwise: fix dst corruption in same\n register shifts","Message-ID":"","References":"<20260423155453.7499-1-fmancera@suse.de>\n \n ","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Disposition":"inline","In-Reply-To":""}}]