diff mbox series

[net,1/2] netfilter: bitwise: fix reduce comparisons

Message ID 20220405100923.7231-2-pablo@netfilter.org
State Accepted
Delegated to: Pablo Neira
Headers show
Series [net,1/2] netfilter: bitwise: fix reduce comparisons | expand

Commit Message

Pablo Neira Ayuso April 5, 2022, 10:09 a.m. UTC 
From: Jeremy Sowden <jeremy@azazel.net>

The `nft_bitwise_reduce` and `nft_bitwise_fast_reduce` functions should
compare the bitwise operation in `expr` with the tracked operation
associated with the destination register of `expr`.  However, instead of
being called on `expr` and `track->regs[priv->dreg].selector`,
`nft_expr_priv` is called on `expr` twice, so both reduce functions
return true even when the operations differ.

Fixes: be5650f8f47e ("netfilter: nft_bitwise: track register operations")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nft_bitwise.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

patchwork-bot+netdevbpf@kernel.org April 5, 2022, 8:10 p.m. UTC | #1 
Hello:

This series was applied to netdev/net.git (master)
by Pablo Neira Ayuso <pablo@netfilter.org>:

On Tue,  5 Apr 2022 12:09:22 +0200 you wrote:
> From: Jeremy Sowden <jeremy@azazel.net>
> 
> The `nft_bitwise_reduce` and `nft_bitwise_fast_reduce` functions should
> compare the bitwise operation in `expr` with the tracked operation
> associated with the destination register of `expr`.  However, instead of
> being called on `expr` and `track->regs[priv->dreg].selector`,
> `nft_expr_priv` is called on `expr` twice, so both reduce functions
> return true even when the operations differ.
> 
> [...]

Here is the summary with links:
  - [net,1/2] netfilter: bitwise: fix reduce comparisons
    https://git.kernel.org/netdev/net/c/31818213170c
  - [net,2/2] netfilter: nf_tables: memcg accounting for dynamically allocated objects
    https://git.kernel.org/netdev/net/c/42193ffd79bd

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index 38caa66632b4..f590ee1c8a1b 100644
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -290,7 +290,7 @@  static bool nft_bitwise_reduce(struct nft_regs_track *track,
 	if (!track->regs[priv->sreg].selector)
 		return false;
 
-	bitwise = nft_expr_priv(expr);
+	bitwise = nft_expr_priv(track->regs[priv->dreg].selector);
 	if (track->regs[priv->sreg].selector == track->regs[priv->dreg].selector &&
 	    track->regs[priv->sreg].num_reg == 0 &&
 	    track->regs[priv->dreg].bitwise &&
@@ -442,7 +442,7 @@  static bool nft_bitwise_fast_reduce(struct nft_regs_track *track,
 	if (!track->regs[priv->sreg].selector)
 		return false;
 
-	bitwise = nft_expr_priv(expr);
+	bitwise = nft_expr_priv(track->regs[priv->dreg].selector);
 	if (track->regs[priv->sreg].selector == track->regs[priv->dreg].selector &&
 	    track->regs[priv->dreg].bitwise &&
 	    track->regs[priv->dreg].bitwise->ops == expr->ops &&