superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/include/net
History
Fernando Fernandez Mancera 18014147d3 netfilter: nf_tables: fix dst corruption in same register operation 
For lshift and rshift, the shift operations are performed in a loop over
32-bit words. The loop calculates the shifted value and write it to dst,
and then immediately reads from src to calculate the carry for the next
iteration. Because src and dst could point to the same memory location,
the carry is incorrectly calculated using the newly modified dst value
instead of the original src value.

Adding a temporary local variable to cache the original value before
writing to dst and using it for the carry calculation solves the
problem. In addition, partial overlap is rejected from control plane for
all kind of operations including byteorder. This was tested with the
following bytecode:

table test_table ip flags 0 use 1 handle 1
ip test_table test_chain use 3 type filter hook input prio 0 policy accept packets 0 bytes 0 flags 1
ip test_table test_chain 2
  [ immediate reg 1 0x44332211 0x88776655 ]
  [ bitwise reg 1 = ( reg 1 << 0x08000000 ) ]
  [ cmp eq reg 1 0x66443322 0x00887766 ]
  [ counter pkts 0 bytes 0 ]
ip test_table test_chain 4 3
  [ immediate reg 1 0x44332211 0x88776655 ]
  [ bitwise reg 1 = ( reg 1 << 0x08000000 ) ]
  [ cmp eq reg 1 0x55443322 0x00887766 ]
  [ counter pkts 21794 bytes 1917798 ]

Fixes: 567d746b55 ("netfilter: bitwise: add support for shifts.")
Acked-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
 		2026-05-22 12:28:46 +02:00
..
9p 9p: document missing enum values in kernel-doc comments 2026-04-16 02:57:01 +00:00
bluetooth Bluetooth: serialize accept_q access 2026-05-14 09:49:56 -04:00
iucv treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
libeth libeth, idpf: use truesize as XDP RxQ info frag_size 2026-03-05 08:02:05 -08:00
mana net: mana: Fix crash from unvalidated SHM offset read from BAR0 during FLR 2026-05-05 15:43:08 +02:00
netfilter netfilter: nf_tables: fix dst corruption in same register operation 2026-05-22 12:28:46 +02:00
netns ipv6: flowlabel: enforce per-netns limit for unprivileged callers 2026-05-08 14:59:14 -07:00
nfc nfc: nci: Fix race between rfkill and nci_unregister_device(). 2026-01-28 19:32:26 -08:00
page_pool net: Slightly simplify net_mp_{open,close}_rxq 2026-04-09 18:21:46 -07:00
phonet phonet: Convert phonet_routes.lock to spinlock_t. 2024-10-24 16:03:40 +02:00
phy net: phy: realtek: add dummy PHY driver for RTL8127ATF 2026-01-12 19:29:11 -08:00
psp psp: add stats from psp spec to driver facing api 2025-11-07 18:53:57 -08:00
sctp sctp: Remove unused declaration sctp_auth_init_hmacs() 2025-11-14 18:00:34 -08:00
tc_act net/sched: act_ife: Fix metalist update behavior 2026-03-05 07:54:08 -08:00
6lowpan.h
Space.h drivers: net: 8390: wd80x3: Remove this driver 2026-04-23 15:57:10 -07:00
act_api.h net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks 2026-02-27 19:06:21 -08:00
addrconf.h ipv6: addrconf: reduce default temp_valid_lft to 2 days 2026-02-17 17:12:06 -08:00
af_ieee802154.h
af_rxrpc.h rxrpc: Remove deadcode 2025-04-24 17:03:45 -07:00
af_unix.h af_unix: Introduce SO_INQ. 2025-07-08 18:05:25 -07:00
af_vsock.h vsock: add G2H fallback for CIDs not owned by H2G transport 2026-03-12 10:59:36 +01:00
ah.h
aligned_data.h udp: move udp_memory_allocated into net_aligned_data 2025-07-02 14:22:02 -07:00
amt.h
arp.h neighbour: switch to standard rcu, instead of rcu_bh 2023-03-21 21:32:18 -07:00
ax25.h net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
ax88796.h
bareudp.h
bond_3ad.h bonding: 3ad: implement proper RCU rules for port->aggregator 2026-04-29 18:32:02 -07:00
bond_alb.h bonding: Correct spelling in headers 2024-08-26 09:37:22 -07:00
bond_options.h bonding: add support for per-port LACP actor priority 2025-09-09 10:56:02 +02:00
bonding.h bonding: remove unused bond_is_first_slave and bond_is_last_slave macros 2026-04-08 19:07:08 -07:00
bpf_sk_storage.h
busy_poll.h net: gro: decouple GRO from the NAPI layer 2025-02-27 14:03:14 +01:00
calipso.h move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
can.h can: add CAN skb extension infrastructure 2026-02-05 11:58:39 +01:00
cfg80211-wext.h wifi: cfg80211: Avoid clashing function prototypes 2022-11-16 11:31:47 +02:00
cfg80211.h wifi: nl80211: Add a notification to notify NAN channel evacuation 2026-03-25 20:56:55 +01:00
cfg802154.h mac802154: fix llsec key resources release in mac802154_llsec_key_del 2024-03-06 21:01:26 +01:00
checksum.h net: Fix checksum update for ILA adj-transport 2025-05-30 19:53:51 -07:00
cipso_ipv4.h move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
cls_cgroup.h net/cls_cgroup: Fix task_get_classid() during qdisc run 2025-09-14 11:55:04 -07:00
codel.h codel: fix kernel-doc notation warnings 2023-07-14 20:39:29 -07:00
codel_impl.h codel: annotate data-races in codel_dump_stats() 2026-04-08 19:18:52 -07:00
codel_qdisc.h
compat.h
datalink.h net: datalink: Remove unused declarations 2023-07-27 17:17:32 -07:00
dcbevent.h
dcbnl.h net: dcb: add helper functions to retrieve PCP and DSCP rewrite maps 2023-01-20 09:33:22 +00:00
devlink.h devlink: Add port-level resource registration infrastructure 2026-04-08 19:55:38 -07:00
dropreason-core.h ipv6: Implement limits on extension header parsing 2026-04-30 17:21:45 -07:00
dropreason-qdisc.h net: sched: sch_dualpi2: use qdisc_dequeue_drop() for dequeue drops 2026-02-28 15:31:35 -08:00
dropreason.h net: sched: introduce qdisc-specific drop reason tracing 2026-02-28 15:31:34 -08:00
dsa.h net: dsa: add bridge member iteration macro 2026-04-06 18:30:33 -07:00
dsa_stubs.h net: dsa: Use conduit and user terms 2023-10-24 13:08:14 -07:00
dscp.h net: add IEEE 802.1q specific helpers 2024-05-08 10:35:09 +01:00
dsfield.h
dst.h inet: add dst4_mtu() and dst6_mtu() helpers 2026-02-02 17:49:29 -08:00
dst_cache.h net: Correct spelling in headers 2024-08-26 09:37:23 -07:00
dst_metadata.h net: dst_metadata: fix IP_DF bit not extracted from tunnel headers 2025-09-14 14:28:12 -07:00
dst_ops.h net: fix __dst_negative_advice() race 2024-05-29 17:34:49 -07:00
eee.h net: simplify eeecfg_mac_can_tx_lpi 2024-11-13 18:49:50 -08:00
erspan.h net: Correct spelling in headers 2024-08-26 09:37:23 -07:00
esp.h
espintcp.h inet: preserve const qualifier in inet_csk() 2024-04-01 21:27:08 -07:00
ethoc.h
failover.h
fib_notifier.h net: do not acquire rtnl in fib_seq_sum() 2024-10-11 15:35:05 -07:00
fib_rules.h net: fib_rules: Fix iif / oif matching on L3 master device 2025-04-15 17:54:56 -07:00
firewire.h
flow.h ipv4: Convert ->flowi4_tos to dscp_t. 2025-08-26 17:34:31 -07:00
flow_dissector.h flow_dissector: cleanup FLOW_DISSECTOR_KEY_ENC_FLAGS 2024-07-15 09:14:39 -07:00
flow_offload.h net: dsa: eliminate local type for tc policers 2026-02-10 15:30:11 +01:00
fou.h bpf,fou: Add bpf_skb_{set,get}_fou_encap kfuncs 2023-04-12 16:40:39 -07:00
fq.h net: fq: Remove unused typedef fq_flow_get_default_t 2023-08-08 15:58:23 -07:00
fq_impl.h Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
garp.h
gen_stats.h
genetlink.h genetlink: free the skb on 'group >= family->n_mcgrps' 2026-05-08 15:43:29 -07:00
geneve.h net: geneve: fix array of flexible structures warnings 2022-10-31 10:43:04 +00:00
gre.h ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
gro.h gro: inline tcp6_gro_complete() 2026-01-21 19:28:32 -08:00
gro_cells.h
gso.h net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
gtp.h gtp: properly parse extension headers 2024-05-07 01:35:55 +02:00
gue.h
handshake.h net/handshake: Add helpers for parsing incoming TLS Alerts 2023-07-28 14:07:59 -07:00
hotdata.h net-sysfs: use rps_tag_ptr and remove metadata from rps_sock_flow_table 2026-03-04 16:54:09 -08:00
hwbm.h net: Correct spelling in headers 2024-08-26 09:37:23 -07:00
icmp.h ipv4: icmp: Pass IPv4 control block structure as an argument to __icmp_send() 2025-09-11 12:22:38 +02:00
ieee8021q.h net: add IEEE 802.1q specific helpers 2024-05-08 10:35:09 +01:00
ieee80211_radiotap.h wifi: mac80211: add RX flag to report radiotap VHT information 2025-10-30 08:38:51 +01:00
ieee802154_netdev.h mac802154: Handle association requests from peers 2023-11-20 11:43:03 +01:00
if_inet6.h ipv6: anycast: complete RCU handling of struct ifacaddr6 2024-02-26 18:40:34 -08:00
ife.h
inet6_connection_sock.h tcp: move inet6_csk_update_pmtu() to tcp_ipv6.c 2026-02-24 17:47:27 -08:00
inet6_hashtables.h tcp: Initialise ehash secrets during connect() and listen(). 2026-03-05 18:50:05 -08:00
inet_common.h net: remove addr_len argument of recvmsg() handlers 2026-03-02 18:17:17 -08:00
inet_connection_sock.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-02-26 10:23:00 -08:00
inet_dscp.h ipv4: Convert ->flowi4_tos to dscp_t. 2025-08-26 17:34:31 -07:00
inet_ecn.h tcp: ECT_1_NEGOTIATION and NEEDS_ACCECN identifiers 2026-02-03 15:13:24 +01:00
inet_frag.h inet: frags: flush pending skbs in fqdir_pre_exit() 2025-12-10 01:15:27 -08:00
inet_hashtables.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-03-26 12:09:57 -07:00
inet_sock.h ipv6: colocate inet6_cork in inet_cork_full 2026-02-02 17:49:30 -08:00
inet_timewait_sock.h tcp: Update bind bucket state on port release 2025-09-23 10:12:15 +02:00
inetpeer.h inetpeer: remove create argument of inet_getpeer() 2024-12-17 19:37:00 -08:00
ioam6.h ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() 2026-02-13 12:24:05 -08:00
ip.h net: remove EXPORT_IPV6_MOD() and EXPORT_IPV6_MOD_GPL() macros 2026-03-29 11:21:22 -07:00
ip6_checksum.h udp: move udp6_csum_init() back to net/ipv6/udp.c 2026-02-24 16:30:40 -08:00
ip6_fib.h ipv6: remove ipv6_stub infrastructure completely 2026-03-29 11:21:24 -07:00
ip6_route.h ipv6: prepare headers for ipv6_stub removal 2026-03-29 11:21:23 -07:00
ip6_tunnel.h net: dropreason: add SKB_DROP_REASON_RECURSION_LIMIT 2026-03-14 08:38:06 -07:00
ip_fib.h net: ipv4: fix ARM64 alignment fault in multipath hash seed 2026-03-03 17:20:37 -08:00
ip_tunnels.h net: increase IP_TUNNEL_RECURSION_LIMIT to 5 2026-04-03 15:52:10 -07:00
ip_vs.h ipvs: avoid possible loop in ip_vs_dst_event on resizing 2026-05-16 12:19:56 +02:00
ipcomp.h xfrm: ipcomp: Use crypto_acomp interface 2025-03-21 17:36:49 +08:00
ipconfig.h
ipv6.h ipv6: Implement limits on extension header parsing 2026-04-30 17:21:45 -07:00
ipv6_frag.h inet: frags: flush pending skbs in fqdir_pre_exit() 2025-12-10 01:15:27 -08:00
iw_handler.h Revert "wifi: cfg80211: unexport wireless_nlevent_flush()" 2024-10-09 08:53:01 +02:00
kcm.h net: kcm: Fix race condition in kcm_unattach() 2025-08-13 18:18:33 -07:00
l3mdev.h net: l3mdev: use skb_dst_dev_rcu() in l3mdev_l3_out() 2026-02-02 17:09:11 -08:00
lag.h
lapb.h net: lapb: increase LAPB_HEADER_LEN 2024-12-06 17:43:08 -08:00
llc.h
llc_c_ac.h net: llc: Remove unused function declarations 2023-08-04 15:33:17 -07:00
llc_c_ev.h net: llc: Remove unused function declarations 2023-08-04 15:33:17 -07:00
llc_c_st.h llc: Constify struct llc_conn_state_trans 2024-07-15 08:51:01 -07:00
llc_conn.h llc: Check netns in llc_estab_match() and llc_listener_match(). 2023-07-20 10:46:28 +02:00
llc_if.h
llc_pdu.h net: Correct spelling in headers 2024-08-26 09:37:23 -07:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h llc: Constify struct llc_sap_state_trans 2024-07-15 08:51:19 -07:00
llc_sap.h
lwtunnel.h net: dst: annotate data-races around dst->output 2025-07-02 14:32:30 -07:00
mac80211.h wifi: mac80211: add NAN peer schedule support 2026-04-07 15:36:03 +02:00
mac802154.h move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
macsec.h macsec: use rcu_work to defer TX SA crypto cleanup out of softirq 2026-05-13 19:03:05 -07:00
mctp.h net: mctp: fix don't require received header reserved bits to be zero 2026-04-20 11:46:57 -07:00
mctpdevice.h net: mctp: Expose transport binding identifier via IFLA attribute 2024-11-09 09:04:54 -08:00
mip6.h
mld.h
mpls.h
mpls_iptunnel.h
mptcp.h mptcp: sched: remove mptcp_sched_data 2025-04-15 08:21:46 -07:00
mrp.h mrp: introduce active flags to prevent UAF when applicant uninit 2022-11-18 12:14:55 +00:00
ncsi.h
ndisc.h ipv6: remove ipv6_stub infrastructure completely 2026-03-29 11:21:24 -07:00
neighbour.h netfilter: br_netfilter: Reallocate headroom if necessary in neigh_hh_bridge() 2026-05-16 13:22:50 +02:00
neighbour_tables.h neighbour: Create netdev->neighbour association 2024-11-09 13:22:57 -08:00
net_debug.h Kbuild updates for v6.13 2024-11-30 13:41:50 -08:00
net_failover.h
net_namespace.h kernfs: pass struct ns_common instead of const void * for namespace tags 2026-04-09 14:36:52 +02:00
net_ratelimit.h
net_shaper.h net: shaper: rework the VALID marking (again) 2026-05-20 16:34:20 -07:00
net_trackers.h
netdev_lock.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-05-22 09:42:41 -07:00
netdev_netlink.h net: add granular lock for the netdev netlink socket 2025-03-12 13:32:35 -07:00
netdev_queues.h net: Proxy netdev_queue_get_dma_dev for leased queues 2026-04-09 18:21:46 -07:00
netdev_rx_queue.h net: remove the netif_get_rx_queue_lease_locked() helpers 2026-04-09 18:26:28 -07:00
netevent.h
netkit.h bpf, netkit: Add indirect call wrapper for fetching peer dev 2023-11-20 10:15:16 -08:00
netlabel.h Networking changes for 6.13. 2024-11-21 08:28:08 -08:00
netlink.h netlink: add a nla_nest_end_safe() helper 2026-04-12 11:23:50 -07:00
netmem.h net: add net_iov_init() and use it to initialize ->page_type 2026-04-29 16:40:08 -07:00
netprio_cgroup.h
nexthop.h ipv6: Protect nh->f6i_list with spinlock and flag. 2025-04-24 09:29:56 +02:00
nl802154.h nl802154: fix some kernel-doc warnings 2025-10-20 17:13:40 -07:00
nsh.h net: nsh: fix incorrect header length macros 2026-05-08 15:32:59 -07:00
pfcp.h net: pfcp: fix typo in message_priority field name 2025-06-13 18:17:08 -07:00
pie.h net/sched: sch_pie: annotate data-races in pie_dump_stats() 2026-04-22 21:12:47 -07:00
ping.h net: remove addr_len argument of recvmsg() handlers 2026-03-02 18:17:17 -08:00
pkt_cls.h net: sched: fix TCF_LAYER_TRANSPORT handling in tcf_get_base_ptr() 2025-11-24 18:53:14 -08:00
pkt_sched.h net/sched: don't use dynamic lockdep keys with clsact/ingress/noqueue 2026-02-05 09:32:45 -08:00
pptp.h
proto_memory.h net: Allow opt-out from global protocol memory accounting. 2025-10-16 12:04:47 -07:00
protocol.h ipv6: move tcp_ipv6_hash_secret and udp_ipv6_hash_secret to net_hotdata 2024-03-07 21:12:43 -08:00
psample.h net: psample: fix flag being set in wrong skb 2024-07-11 18:11:31 -07:00
psnap.h
psp.h psp: base PSP device support 2025-09-18 12:32:06 +02:00
raw.h net: use NUMA drop counters for softnet_data.dropped 2025-09-14 11:35:17 -07:00
rawv6.h ipv6: raw: constify raw_v6_match() socket argument 2023-03-17 08:56:37 +00:00
red.h net: sched: Correct spelling in headers 2024-08-26 09:37:23 -07:00
regulatory.h net: Correct spelling in headers 2024-08-26 09:37:23 -07:00
request_sock.h tcp: move __reqsk_free() out of line 2026-02-05 09:23:06 -08:00
rose.h net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
route.h net: use dst_dev_rcu() in sk_setup_caps() 2025-08-29 19:36:32 -07:00
rpl.h ipv6: rpl: Remove pskb(_may)?_pull() in ipv6_rpl_srh_rcv(). 2023-06-19 11:32:58 -07:00
rps-types.h net: add rps_tag_ptr type and helpers 2026-03-04 16:54:09 -08:00
rps.h net-sysfs: use rps_tag_ptr and remove metadata from rps_dev_flow_table 2026-03-04 16:54:10 -08:00
rsi_91x.h rsi: remove kernel-doc comment marker 2023-07-14 20:39:30 -07:00
rstreason.h net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
rtnetlink.h rtnetlink: Remove "net" from newlink params 2025-02-21 15:28:03 -08:00
rtnh.h
sch_generic.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-14 12:04:00 -07:00
sch_priv.h net/sched: Export mq functions for reuse 2026-01-13 11:54:29 +01:00
scm.h af_unix/scm: fix whitespace errors 2025-07-04 09:32:35 +02:00
secure_seq.h tcp: secure_seq: add back ports to TS offset 2026-03-04 17:44:35 -08:00
seg6.h ipv6: sr: restruct ifdefines 2024-05-30 18:29:38 -07:00
seg6_hmac.h ipv6: sr: Prepare HMAC key ahead of time 2025-08-26 18:11:29 -07:00
seg6_local.h seg6: Use nested-BH locking for seg6_bpf_srh_states. 2024-06-24 16:41:23 -07:00
selftests.h net: selftests: export packet creation helpers for driver use 2025-11-06 13:38:11 +01:00
slhc_vj.h
smc.h net/smc: bpf: Introduce generic hook for handshake flow 2025-11-10 11:19:41 -08:00
snmp.h net: snmp: remove SNMP_MIB_SENTINEL 2025-09-08 18:06:21 -07:00
sock.h Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
sock_reuseport.h net: core: annotate socks of struct sock_reuseport with __counted_by 2024-08-02 17:16:59 -07:00
stp.h
strparser.h strparser: Remove unused __strp_unpause 2025-05-05 16:48:12 -07:00
switchdev.h bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign 2026-03-19 13:14:00 +01:00
tc_wrapper.h net/sched: refine indirect call mitigation in tc_wrapper.h 2026-03-09 19:31:41 -07:00
tcp.h tcp: fix stale per-CPU tcp_tw_isn leak enabling ISN prediction 2026-05-20 19:14:06 -07:00
tcp_ao.h tcp: Free TCP-AO/TCP-MD5 info/keys without RCU 2025-09-11 19:05:56 -07:00
tcp_ecn.h tcp: annotate data-races around tp->delivered and tp->delivered_ce 2026-04-18 11:10:12 -07:00
tcp_states.h tcp: Dump bound-only sockets in inet_diag. 2023-12-04 14:45:26 -08:00
tcx.h bpf: Remove location field in tcx_link 2025-07-11 11:00:57 -07:00
timewait_sock.h tcp: Remove timewait_sock_ops.twsk_destructor(). 2025-08-25 17:53:35 -07:00
tipc.h
tls.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-10-31 06:46:03 -07:00
tls_prot.h net/tls: Add TLS Alert definitions 2023-07-28 14:07:59 -07:00
tls_toe.h
transp_v6.h ipv6: Retire UDP-Lite. 2026-03-13 18:57:44 -07:00
tso.h net: tso: Introduce tso_dma_map and helpers 2026-04-12 10:54:31 -07:00
tun_proto.h
udp.h udp: Don't pass udptable to IPv4 socket lookup functions. 2026-03-13 18:57:46 -07:00
udp_tunnel.h ipv6: remove ipv6_stub infrastructure completely 2026-03-29 11:21:24 -07:00
vsock_addr.h net: Convert proto_ops connect() callbacks to use sockaddr_unsized 2025-11-04 19:10:32 -08:00
vxlan.h vxlan: Support MC routing in the underlay 2025-06-17 18:18:46 -07:00
wext.h
x25.h net/x25: Remove unused x25_terminate_link() 2025-07-14 17:19:13 -07:00
x25device.h
xdp.h bpf-next-for-netdev 2025-09-24 10:22:37 -07:00
xdp_priv.h
xdp_sock.h xsk: fix XDP_UMEM_SG_FLAG issues 2026-04-06 18:43:51 -07:00
xdp_sock_drv.h xsk: respect tailroom for ZC setups 2026-04-06 18:43:51 -07:00
xfrm.h xfrm: reduce struct sec_path size 2026-02-10 20:21:48 -08:00
xsk_buff_pool.h xsk: remove repeated defines 2026-03-16 19:28:21 -07:00