Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp4223616ybg; Mon, 8 Jun 2020 02:15:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxxuuDIx4C6LZSLoCyqHX/FBtw2YtYBWtk0ZPgnkyOD/hXLi+z8opOQI3K7CH9Nn53qSGLd X-Received: by 2002:a17:906:7c82:: with SMTP id w2mr19135962ejo.296.1591607756208; Mon, 08 Jun 2020 02:15:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591607756; cv=none; d=google.com; s=arc-20160816; b=A8DATUZ1vgxmttpdCWuXI1DjS7KzcX1QduWxttGVcDcqjO1froZlr0BT3Wr8KpU68+ Jp2SPvTssmffZDDbj7+tMTKZqNfDRR4YPwTaa/fLa32Me+t6iEoeWRdsDtTaR8XeDAat uoUTf8Cu1Zlf011zfX6G7ikm88DIyl5yzyuqUIccVsBxaZRHdvL7Kb3ejJgTsiBzs1cz If16+yUjJ7wbNSkZijvaw9F/amjpFLtELeUyx+oJMVxPZtZiq5tgNXl3182ipgDAhoLN LCsJ/RxllSHfr1oXaFxiVIf1acsZ5s1A7+9CJThBwO3khB7Bk4Ay82rhVop9Y6SKXanw 3NbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=3jh8LbcA7hJ1LBJfJIeXznQlrjaryCQ2h2QNPAiccPU=; b=VSr7+apSg/hAXt9mmCTN/hexDOEtokT3aXn13/YN5jSVa9UCvq9Ej1h3ycUoUXpikK A30OuJRcr37FPk23lzP+mAYlDL/PlvostrYTOFuYVB5kGlKyoAhdg47lNjFA+pGdHd3T /HSAvubfuW7Vg9YfXbi3ps2QYl5MnHTN2dXrsLjiWtSKxZyRWz75cOhNOMihJ8BeOXLv GoUYQCpt4sqJh8HxmboUV12aKUIu3rDkx0DVAhV8+lvgJtrl8L+RJKz6oodQX0vKoKOw WBillljxWyHYOG4QPaJIObZzKXNGAAxv+zhooC5JVUyCpPB3tOX5Zeyz75YgkrjgXIf1 7Pcw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ZlkMbdSH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t16si8153502ejs.182.2020.06.08.02.15.33; Mon, 08 Jun 2020 02:15:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ZlkMbdSH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729186AbgFHJNo (ORCPT + 99 others); Mon, 8 Jun 2020 05:13:44 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:29836 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728939AbgFHJNm (ORCPT ); Mon, 8 Jun 2020 05:13:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1591607621; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3jh8LbcA7hJ1LBJfJIeXznQlrjaryCQ2h2QNPAiccPU=; b=ZlkMbdSHlX7Ln+89TMTkuo2/CpUGWWx7tTlxyRnC984R56vIgzLwQFyx+kJTw/mwvSEwkM g5fycUgxm3rpXgj0NhL4c/IH41EoEbptqhFPp4u3KsAq5he3J8iYv7jhNbuJtvVYplrdrJ Eshym+jFzrCPJ3X6+asBPucaEGbQ65A= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-270-rYnTrcm5N9u9pRTAl4TyCA-1; Mon, 08 Jun 2020 05:13:39 -0400 X-MC-Unique: rYnTrcm5N9u9pRTAl4TyCA-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 542138014D4; Mon, 8 Jun 2020 09:13:38 +0000 (UTC) Received: from epycfail.redhat.com (unknown [10.36.110.3]) by smtp.corp.redhat.com (Postfix) with ESMTP id 11CF77B5FB; Mon, 8 Jun 2020 09:13:35 +0000 (UTC) From: Stefano Brivio To: Andrew Morton , Andy Shevchenko Cc: Yury Norov , Rasmus Villemoes , Pablo Neira Ayuso , linux-kernel@vger.kernel.org Subject: [PATCH 1/2] lib: Fix bitmap_cut() for partial overlapping case Date: Mon, 8 Jun 2020 11:13:28 +0200 Message-Id: <003e38d4428cd6091ef00b5b03354f1bd7d9091e.1591606281.git.sbrivio@redhat.com> In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Yury Norov reports that bitmap_cut() will not produce the right outcome if src and dst partially overlap, with src pointing at some location after dst, because the memmove() affects src before we store the bits that we need to keep, that is, the bits preceding the cut -- as long as the beginning of the cut is not aligned to a long. Fix this by storing those bits before the memmove(). Note that this is just a theoretical concern so far, as the only user of this function, pipapo_drop() from the nftables set back-end implemented in net/netfilter/nft_set_pipapo.c, always supplies entirely overlapping src and dst. Reported-by: Yury Norov Fixes: 2092767168f0 ("bitmap: Introduce bitmap_cut(): cut bits and shift remaining") Signed-off-by: Stefano Brivio --- lib/bitmap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/bitmap.c b/lib/bitmap.c index 89260aa342d6..c5712e8f4c38 100644 --- a/lib/bitmap.c +++ b/lib/bitmap.c @@ -211,13 +211,13 @@ void bitmap_cut(unsigned long *dst, const unsigned long *src, unsigned long keep = 0, carry; int i; - memmove(dst, src, len * sizeof(*dst)); - if (first % BITS_PER_LONG) { keep = src[first / BITS_PER_LONG] & (~0UL >> (BITS_PER_LONG - first % BITS_PER_LONG)); } + memmove(dst, src, len * sizeof(*dst)); + while (cut--) { for (i = first / BITS_PER_LONG; i < len; i++) { if (i < len - 1) -- 2.26.2