superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/net/netfilter
History
Fernando Fernandez Mancera 18014147d3 netfilter: nf_tables: fix dst corruption in same register operation 
For lshift and rshift, the shift operations are performed in a loop over
32-bit words. The loop calculates the shifted value and write it to dst,
and then immediately reads from src to calculate the carry for the next
iteration. Because src and dst could point to the same memory location,
the carry is incorrectly calculated using the newly modified dst value
instead of the original src value.

Adding a temporary local variable to cache the original value before
writing to dst and using it for the carry calculation solves the
problem. In addition, partial overlap is rejected from control plane for
all kind of operations including byteorder. This was tested with the
following bytecode:

table test_table ip flags 0 use 1 handle 1
ip test_table test_chain use 3 type filter hook input prio 0 policy accept packets 0 bytes 0 flags 1
ip test_table test_chain 2
  [ immediate reg 1 0x44332211 0x88776655 ]
  [ bitwise reg 1 = ( reg 1 << 0x08000000 ) ]
  [ cmp eq reg 1 0x66443322 0x00887766 ]
  [ counter pkts 0 bytes 0 ]
ip test_table test_chain 4 3
  [ immediate reg 1 0x44332211 0x88776655 ]
  [ bitwise reg 1 = ( reg 1 << 0x08000000 ) ]
  [ cmp eq reg 1 0x55443322 0x00887766 ]
  [ counter pkts 21794 bytes 1917798 ]

Fixes: 567d746b55 ("netfilter: bitwise: add support for shifts.")
Acked-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
 		2026-05-22 12:28:46 +02:00
..
ipset netfilter: ipset: annotate "pos" for concurrent readers/writers 2026-05-16 13:21:42 +02:00
ipvs ipvs: avoid possible loop in ip_vs_dst_event on resizing 2026-05-16 12:19:56 +02:00
Kconfig netfilter: conntrack: remove UDP-Lite conntrack support 2026-04-10 12:16:26 +02:00
Makefile netfilter: flowtable: move path discovery infrastructure to its own file 2025-11-27 23:59:43 +00:00
core.c netfilter: remove nf_ipv6_ops and use direct function calls 2026-03-29 11:21:24 -07:00
nf_bpf_link.c netfilter: bpf: defer hook memory release until rcu readers are done 2026-03-19 10:26:31 +01:00
nf_conncount.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
nf_conntrack_acct.c
nf_conntrack_amanda.c netfilter: use function typedefs for __rcu NAT helper hook pointers 2026-04-08 07:51:26 +02:00
nf_conntrack_bpf.c Networking changes for 7.0 2026-02-11 19:31:52 -08:00
nf_conntrack_broadcast.c netfilter: nf_conntrack_expect: restore helper propagation via expectation 2026-05-08 01:30:17 +02:00
nf_conntrack_core.c netfilter: nf_conntrack_gre: fix gre keymap list corruption 2026-05-22 12:28:46 +02:00
nf_conntrack_ecache.c netfilter: ctnetlink: ensure safe access to master conntrack 2026-03-26 13:18:32 +01:00
nf_conntrack_expect.c netfilter: nf_conntrack_expect: restore helper propagation via expectation 2026-05-08 01:30:17 +02:00
nf_conntrack_extend.c
nf_conntrack_ftp.c netfilter: use function typedefs for __rcu NAT helper hook pointers 2026-04-08 07:51:26 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: Correct indentation when H323_TRACE defined 2026-04-08 07:51:31 +02:00
nf_conntrack_h323_main.c netfilter: nf_conntrack_expect: restore helper propagation via expectation 2026-05-08 01:30:17 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: nf_conntrack_helper: fix possible null deref during error log 2026-05-16 12:19:56 +02:00
nf_conntrack_irc.c netfilter: use function typedefs for __rcu NAT helper hook pointers 2026-04-08 07:51:26 +02:00
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: ctnetlink: check tuple and mask in expectations created via nfqueue 2026-05-08 01:30:17 +02:00
nf_conntrack_ovs.c net/ipv6: Introduce payload_len helpers 2026-02-06 20:50:03 -08:00
nf_conntrack_pptp.c netfilter: nf_conntrack_gre: fix gre keymap list corruption 2026-05-22 12:28:46 +02:00
nf_conntrack_proto.c netfilter: conntrack: remove UDP-Lite conntrack support 2026-04-10 12:16:26 +02:00
nf_conntrack_proto_generic.c netfilter: nf_conntrack: Add allow_clash to generic protocol handler 2026-01-20 16:23:37 +01:00
nf_conntrack_proto_gre.c netfilter: nf_conntrack_gre: fix gre keymap list corruption 2026-05-22 12:28:46 +02:00
nf_conntrack_proto_icmp.c netfilter: nf_conntrack: enable icmp clash support 2026-01-20 16:23:37 +01:00
nf_conntrack_proto_icmpv6.c netfilter: nf_conntrack: enable icmp clash support 2026-01-20 16:23:37 +01:00
nf_conntrack_proto_sctp.c netfilter: skip recording stale or retransmitted INIT 2026-04-28 17:52:19 -07:00
nf_conntrack_proto_tcp.c netfilter: conntrack: tcp: do not force CLOSE on invalid-seq RST without direction check 2026-05-22 12:27:55 +02:00
nf_conntrack_proto_udp.c netfilter: conntrack: remove UDP-Lite conntrack support 2026-04-10 12:16:26 +02:00
nf_conntrack_sane.c
nf_conntrack_seqadj.c
nf_conntrack_sip.c netfilter: nf_conntrack_sip: get helper before allocating expectation 2026-05-08 01:30:17 +02:00
nf_conntrack_snmp.c netfilter: use function typedefs for __rcu NAT helper hook pointers 2026-04-08 07:51:26 +02:00
nf_conntrack_standalone.c netfilter: conntrack: remove UDP-Lite conntrack support 2026-04-10 12:16:26 +02:00
nf_conntrack_tftp.c netfilter: use function typedefs for __rcu NAT helper hook pointers 2026-04-08 07:51:26 +02:00
nf_conntrack_timeout.c
nf_conntrack_timestamp.c
nf_dup_netdev.c netfilter: nft_fwd_netdev: use recursion counter in neigh egress path 2026-04-30 00:57:42 +02:00
nf_flow_table_bpf.c bpf: Remove redundant KF_TRUSTED_ARGS flag from all kfuncs 2026-01-02 12:04:28 -08:00
nf_flow_table_core.c netfilter: flowtable: fix inline pppoe encapsulation in xmit path 2026-05-01 01:24:01 +02:00
nf_flow_table_inet.c net: netfilter: move nf flowtable bpf initialization in nf_flow_table_module_init() 2024-09-12 15:41:03 +02:00
nf_flow_table_ip.c netfilter: flowtable: use skb_pull_rcsum() to pop vlan/pppoe header 2026-05-01 12:39:23 +02:00
nf_flow_table_offload.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-02 11:03:13 -07:00
nf_flow_table_path.c netfilter: flowtable: fix inline pppoe encapsulation in xmit path 2026-05-01 01:24:01 +02:00
nf_flow_table_procfs.c
nf_flow_table_xdp.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
nf_hooks_lwtunnel.c
nf_internals.h
nf_log.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
nf_log_syslog.c netfilter: require Ethernet MAC header before using eth_hdr() 2026-04-10 12:16:27 +02:00
nf_nat_amanda.c netfilter: conntrack: remove sprintf usage 2026-04-20 23:27:46 +02:00
nf_nat_bpf.c bpf: Remove redundant KF_TRUSTED_ARGS flag from all kfuncs 2026-01-02 12:04:28 -08:00
nf_nat_core.c netfilter: nat: use kfree_rcu to release ops 2026-04-20 23:45:41 +02:00
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_masquerade.c netfilter: remove nf_ipv6_ops and use direct function calls 2026-03-29 11:21:24 -07:00
nf_nat_ovs.c netfilter: nf_conntrack: don't rely on implicit includes 2026-01-20 16:23:37 +01:00
nf_nat_proto.c netfilter: conntrack: remove UDP-Lite conntrack support 2026-04-10 12:16:26 +02:00
nf_nat_redirect.c
nf_nat_sip.c netfilter: nf_conntrack_sip: don't use simple_strtoul 2026-04-24 20:09:57 +02:00
nf_nat_tftp.c
nf_queue.c netfilter: nf_queue: hold bridge skb->dev while queued 2026-05-16 13:23:01 +02:00
nf_sockopt.c
nf_synproxy_core.c netfilter: synproxy: refresh tcphdr after skb_ensure_writable 2026-05-22 12:28:40 +02:00
nf_tables_api.c netfilter: nf_tables: fix netdev hook allocation memleak with dormant tables 2026-04-30 08:03:22 +02:00
nf_tables_core.c netfilter: nf_tables: skip L4 header parsing for non-first fragments 2026-04-30 17:59:01 +02:00
nf_tables_offload.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
nf_tables_trace.c netfilter: nf_tables: hide clash bit from userspace 2025-07-14 15:22:35 +02:00
nfnetlink.c net: Add SPDX ids to some source files 2026-03-09 18:32:45 -07:00
nfnetlink_acct.c netfilter: add more netlink-based policy range checks 2026-04-08 07:51:30 +02:00
nfnetlink_cthelper.c netfilter: add more netlink-based policy range checks 2026-04-08 07:51:30 +02:00
nfnetlink_cttimeout.c netfilter: conntrack: remove UDP-Lite conntrack support 2026-04-10 12:16:26 +02:00
nfnetlink_hook.c netfilter: add more netlink-based policy range checks 2026-04-08 07:51:30 +02:00
nfnetlink_log.c netfilter: nfnetlink: prefer skb_mac_header helpers 2026-04-10 12:16:26 +02:00
nfnetlink_osf.c netfilter: nfnetlink_osf: fix potential NULL dereference in ttl check 2026-04-20 23:45:44 +02:00
nfnetlink_queue.c netfilter: disable payload mangling in userns 2026-05-22 12:28:46 +02:00
nft_bitwise.c netfilter: nf_tables: fix dst corruption in same register operation 2026-05-22 12:28:46 +02:00
nft_byteorder.c netfilter: nf_tables: fix dst corruption in same register operation 2026-05-22 12:28:46 +02:00
nft_chain_filter.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-03-12 12:53:34 -07:00
nft_chain_nat.c
nft_chain_route.c
nft_cmp.c netfilter: nf_tables: add netlink policy based cap on registers 2026-04-08 07:51:31 +02:00
nft_compat.c netfilter: nft_compat: run xt_check_hooks_{match,target}() from .validate 2026-04-30 08:03:22 +02:00
nft_connlimit.c netfilter: add more netlink-based policy range checks 2026-04-08 07:51:30 +02:00
nft_counter.c netfilter: nf_tables: remove register tracking infrastructure 2026-02-25 19:36:26 -08:00
nft_ct.c netfilter: nft_ct: fix missing expect put in obj eval 2026-05-08 01:30:17 +02:00
nft_ct_fast.c
nft_dup_netdev.c netfilter: nf_tables: remove register tracking infrastructure 2026-02-25 19:36:26 -08:00
nft_dynset.c netfilter: add more netlink-based policy range checks 2026-04-08 07:51:30 +02:00
nft_exthdr.c netfilter: nf_tables: skip L4 header parsing for non-first fragments 2026-04-30 17:59:01 +02:00
nft_fib.c netfilter: nf_tables: add netlink policy based cap on registers 2026-04-08 07:51:31 +02:00
nft_fib_inet.c netfilter: nf_tables: remove register tracking infrastructure 2026-02-25 19:36:26 -08:00
nft_fib_netdev.c netfilter: nf_tables: remove register tracking infrastructure 2026-02-25 19:36:26 -08:00
nft_flow_offload.c netfilter: nf_tables: remove register tracking infrastructure 2026-02-25 19:36:26 -08:00
nft_fwd_netdev.c netfilter: nft_fwd_netdev: use recursion counter in neigh egress path 2026-04-30 00:57:42 +02:00
nft_hash.c netfilter: nf_tables: add netlink policy based cap on registers 2026-04-08 07:51:31 +02:00
nft_immediate.c netfilter: nf_tables_offload: add nft_flow_action_entry_next() and use it 2026-04-08 07:51:31 +02:00
nft_inner.c netfilter: nft_inner: release local_lock before re-enabling softirqs 2026-05-16 13:21:41 +02:00
nft_last.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-02-26 10:23:00 -08:00
nft_limit.c netfilter: add more netlink-based policy range checks 2026-04-08 07:51:30 +02:00
nft_log.c netfilter: add more netlink-based policy range checks 2026-04-08 07:51:30 +02:00
nft_lookup.c netfilter: nf_tables: add netlink policy based cap on registers 2026-04-08 07:51:31 +02:00
nft_masq.c netfilter: nf_tables: remove register tracking infrastructure 2026-02-25 19:36:26 -08:00
nft_meta.c netfilter: nft_meta: add double-tagged vlan and pppoe support 2026-04-08 07:51:31 +02:00
nft_nat.c netfilter: nf_tables: remove register tracking infrastructure 2026-02-25 19:36:26 -08:00
nft_numgen.c netfilter: nf_tables: add netlink policy based cap on registers 2026-04-08 07:51:31 +02:00
nft_objref.c netfilter: nf_tables: add netlink policy based cap on registers 2026-04-08 07:51:31 +02:00
nft_osf.c netfilter: nf_tables: skip L4 header parsing for non-first fragments 2026-04-30 17:59:01 +02:00
nft_payload.c netfilter: disable payload mangling in userns 2026-05-22 12:28:46 +02:00
nft_queue.c netfilter: add more netlink-based policy range checks 2026-04-08 07:51:30 +02:00
nft_quota.c netfilter: add more netlink-based policy range checks 2026-04-08 07:51:30 +02:00
nft_range.c netfilter: nf_tables: add netlink policy based cap on registers 2026-04-08 07:51:31 +02:00
nft_redir.c netfilter: nf_tables: remove register tracking infrastructure 2026-02-25 19:36:26 -08:00
nft_reject.c
nft_reject_inet.c netfilter: nf_tables: remove register tracking infrastructure 2026-02-25 19:36:26 -08:00
nft_reject_netdev.c netfilter: nf_tables: remove register tracking infrastructure 2026-02-25 19:36:26 -08:00
nft_rt.c netfilter: nf_tables: add netlink policy based cap on registers 2026-04-08 07:51:31 +02:00
nft_set_bitmap.c netfilter: nft_set_bitmap: fix lockdep splat due to missing annotation 2025-09-10 20:28:24 +02:00
nft_set_hash.c netfilter: nf_tables: clone set on flush only 2026-03-05 13:22:37 +01:00
nft_set_pipapo.c netfilter: nft_set_pipapo: increment data in one step 2026-04-08 07:51:31 +02:00
nft_set_pipapo.h netfilter: nft_set_pipapo: increment data in one step 2026-04-08 07:51:31 +02:00
nft_set_pipapo_avx2.c netfilter: nft_set_pipapo_avx2: remove redundant loop in lookup_slow 2026-04-08 07:51:31 +02:00
nft_set_pipapo_avx2.h netfilter: nft_set_pipapo: use avx2 algorithm for insertions too 2025-08-20 13:52:37 +02:00
nft_set_rbtree.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-03-26 12:09:57 -07:00
nft_socket.c netfilter: nf_tables: add netlink policy based cap on registers 2026-04-08 07:51:31 +02:00
nft_synproxy.c netfilter: add more netlink-based policy range checks 2026-04-08 07:51:30 +02:00
nft_tproxy.c netfilter: nf_tables: skip L4 header parsing for non-first fragments 2026-04-30 17:59:01 +02:00
nft_tunnel.c netfilter: nf_tables: add netlink policy based cap on registers 2026-04-08 07:51:31 +02:00
nft_xfrm.c netfilter: nf_tables: add netlink policy based cap on registers 2026-04-08 07:51:31 +02:00
utils.c netfilter: remove nf_ipv6_ops and use direct function calls 2026-03-29 11:21:24 -07:00
x_tables.c netfilter: x_tables: add and use xtables_unregister_table_exit 2026-05-08 01:30:16 +02:00
xt_AUDIT.c audit: add audit_log_nf_skb helper function 2025-12-16 11:04:14 -05:00
xt_CHECKSUM.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-09 23:20:46 +02:00
xt_CLASSIFY.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-09 23:20:46 +02:00
xt_CONNSECMARK.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-09 23:20:46 +02:00
xt_CT.c netfilter: xt_CT: fix usersize for v1 and v2 revision 2026-04-30 08:03:22 +02:00
xt_DSCP.c
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels 2026-03-10 14:10:43 +01:00
xt_LED.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
xt_LOG.c
xt_MASQUERADE.c
xt_NETMAP.c
xt_NFLOG.c netfilter: xtables: fix typo causing some targets not to load on IPv6 2024-10-21 11:31:26 +02:00
xt_NFQUEUE.c
xt_RATEEST.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
xt_REDIRECT.c
xt_SECMARK.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-09 23:20:46 +02:00
xt_TCPMSS.c netfilter: x_tables: add .check_hooks to matches and targets 2026-04-30 08:03:22 +02:00
xt_TCPOPTSTRIP.c netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds 2025-05-22 17:16:02 +02:00
xt_TEE.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
xt_TPROXY.c netfilter: xtables: fix L4 header parsing for non-first fragments 2026-04-30 17:59:01 +02:00
xt_TRACE.c netfilter: xtables: fix typo causing some targets not to load on IPv6 2024-10-21 11:31:26 +02:00
xt_addrtype.c netfilter: x_tables: add .check_hooks to matches and targets 2026-04-30 08:03:22 +02:00
xt_bpf.c
xt_cgroup.c netfilter: x_tables: ensure names are nul-terminated 2026-04-01 11:55:29 +02:00
xt_cluster.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-09 23:20:46 +02:00
xt_comment.c
xt_connbytes.c net: Add SPDX ids to some source files 2026-03-09 18:32:45 -07:00
xt_connlabel.c
xt_connlimit.c net: Add SPDX ids to some source files 2026-03-09 18:32:45 -07:00
xt_connmark.c netfilter: xtables: avoid NFPROTO_UNSPEC where needed 2024-10-09 23:20:46 +02:00
xt_conntrack.c
xt_cpu.c netfilter: xt_cpu: prefer raw_smp_processor_id 2026-05-22 12:28:46 +02:00
xt_dccp.c netfilter: add deprecation warning for dccp support 2026-04-08 07:51:27 +02:00
xt_devgroup.c netfilter: x_tables: add .check_hooks to matches and targets 2026-04-30 08:03:22 +02:00
xt_dscp.c
xt_ecn.c netfilter: xtables: fix L4 header parsing for non-first fragments 2026-04-30 17:59:01 +02:00
xt_esp.c
xt_hashlimit.c netfilter: xtables: fix L4 header parsing for non-first fragments 2026-04-30 17:59:01 +02:00
xt_helper.c
xt_hl.c netfilter: xt_HL: add pr_fmt and checkentry validation 2026-04-10 12:16:26 +02:00
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_length.c
xt_limit.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
xt_mac.c netfilter: xtables: restrict several matches to inet family 2026-04-20 23:27:52 +02:00
xt_mark.c netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds 2025-05-22 17:16:02 +02:00
xt_multiport.c netfilter: xt_multiport: validate range encoding in checkentry 2026-04-08 13:33:38 +02:00
xt_nat.c
xt_nfacct.c netfilter: xt_nfacct: don't assume acct name is null-terminated 2025-07-25 18:40:43 +02:00
xt_osf.c netfilter: xtables: fix L4 header parsing for non-first fragments 2026-04-30 17:59:01 +02:00
xt_owner.c netfilter: xtables: restrict several matches to inet family 2026-04-20 23:27:52 +02:00
xt_physdev.c netfilter: x_tables: add .check_hooks to matches and targets 2026-04-30 08:03:22 +02:00
xt_pkttype.c
xt_policy.c netfilter: x_tables: add .check_hooks to matches and targets 2026-04-30 08:03:22 +02:00
xt_quota.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
xt_rateest.c netfilter: x_tables: ensure names are nul-terminated 2026-04-01 11:55:29 +02:00
xt_realm.c netfilter: xtables: restrict several matches to inet family 2026-04-20 23:27:52 +02:00
xt_recent.c Convert 'alloc_flex' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
xt_repldata.h netfilter: xtables: Use strscpy() instead of strscpy_pad() 2025-03-23 10:53:47 +01:00
xt_sctp.c
xt_set.c netfilter: x_tables: add .check_hooks to matches and targets 2026-04-30 08:03:22 +02:00
xt_socket.c netfilter: xt_socket: enable defrag after all other checks 2026-04-10 12:16:26 +02:00
xt_state.c
xt_statistic.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
xt_string.c
xt_tcpmss.c netfilter: xtables: fix L4 header parsing for non-first fragments 2026-04-30 17:59:01 +02:00
xt_tcpudp.c netfilter: x_tables: guard option walkers against 1-byte tail reads 2026-03-10 14:10:42 +01:00
xt_time.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-03-19 14:16:00 -07:00
xt_u32.c