Re: [PATCH net v5] bnxt_en: validate firmware backing store types

Next message: Usama Arif: "[v3 01/24] mm: thp: make split_huge_pmd functions return int for error propagation"
Previous message: Yixun Lan: "Re: [PATCH v2 0/6] riscv: dts: spacemit: enable more devices on Milk-V Jupiter"
In reply to: Pengpeng Hou: "[PATCH net v5] bnxt_en: validate firmware backing store types"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Michael Chan

Date: Thu Mar 26 2026 - 22:13:34 EST

On Thu, Mar 26, 2026 at 6:03 PM Pengpeng Hou <pengpeng@xxxxxxxxxxx> wrote:

> @@ -8692,15 +8692,18 @@ static int bnxt_hwrm_func_backing_store_qcaps_v2(struct bnxt *bp)
> u8 init_val, init_off, i;
> u32 max_entries;
> u16 entry_size;
> + u16 req_type;
> __le32 *p;
> + u16 next_type;
> u32 flags;
>
> - req->type = cpu_to_le16(type);
> + req_type = type;
> + req->type = cpu_to_le16(req_type);
> rc = hwrm_req_send(bp, req);
> if (rc)
> goto ctx_done;
> flags = le32_to_cpu(resp->flags);
> - type = le16_to_cpu(resp->next_valid_type);

I think a simpler fix is to assign ctxm->type = type here if the
concern is that FW can return a bogus resp->type.

ctxm->type is fixed and is equal to the array index of ctx->ctx_arr so
it can be set up early. You can optionally validate resp->type for
sanity but it will not be used. After that, type can advance to the
next valid type.

> + next_type = le16_to_cpu(resp->next_valid_type);
> if (!(flags & BNXT_CTX_MEM_TYPE_VALID)) {
> bnxt_free_one_ctx_mem(bp, ctxm, true);
> continue;

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature