[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <003e38d4428cd6091ef00b5b03354f1bd7d9091e.1591606281.git.sbrivio@redhat.com>
Date: Mon, 8 Jun 2020 11:13:28 +0200
From: Stefano Brivio <sbrivio@...hat.com>
To: Andrew Morton <akpm@...ux-foundation.org>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc: Yury Norov <yury.norov@...il.com>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Pablo Neira Ayuso <pablo@...filter.org>,
linux-kernel@...r.kernel.org
Subject: [PATCH 1/2] lib: Fix bitmap_cut() for partial overlapping case
Yury Norov reports that bitmap_cut() will not produce the right outcome
if src and dst partially overlap, with src pointing at some location
after dst, because the memmove() affects src before we store the bits
that we need to keep, that is, the bits preceding the cut -- as long as
the beginning of the cut is not aligned to a long.
Fix this by storing those bits before the memmove().
Note that this is just a theoretical concern so far, as the only user
of this function, pipapo_drop() from the nftables set back-end
implemented in net/netfilter/nft_set_pipapo.c, always supplies entirely
overlapping src and dst.
Reported-by: Yury Norov <yury.norov@...il.com>
Fixes: 2092767168f0 ("bitmap: Introduce bitmap_cut(): cut bits and shift remaining")
Signed-off-by: Stefano Brivio <sbrivio@...hat.com>
---
lib/bitmap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/bitmap.c b/lib/bitmap.c
index 89260aa342d6..c5712e8f4c38 100644
--- a/lib/bitmap.c
+++ b/lib/bitmap.c
@@ -211,13 +211,13 @@ void bitmap_cut(unsigned long *dst, const unsigned long *src,
unsigned long keep = 0, carry;
int i;
- memmove(dst, src, len * sizeof(*dst));
-
if (first % BITS_PER_LONG) {
keep = src[first / BITS_PER_LONG] &
(~0UL >> (BITS_PER_LONG - first % BITS_PER_LONG));
}
+ memmove(dst, src, len * sizeof(*dst));
+
while (cut--) {
for (i = first / BITS_PER_LONG; i < len; i++) {
if (i < len - 1)
--
2.26.2
Powered by blists - more mailing lists