[PATCH net-next v2] net: dsa: sja1105: flower: reject cross-chip redirect

Next message: Yosry Ahmed: "Re: [PATCH v3 17/40] KVM: x86: Drop defunct vcpu_tsc_khz() declaration"
Previous message: Rosen Penev: "[PATCH 3/3] ata: pata_ep93xx: add COMPILE_TEST support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Yang

Date: Fri May 29 2026 - 20:46:24 EST

dsa_port_from_netdev() may return a valid port from a different switch
chip. Programming another chip's port index into the local hardware
causes redirection to the wrong port, or an out-of-bounds access if the
index exceeds the local chip's port count.

Apply a minimal fix that adds a check to catch this case and adjusts the
extack message. When cls->common.skip_sw is not set, the operation could
instead redirect to the upstream port and let the software or upstream
switch(es) handle the forward, but that is not addressed here.

Signed-off-by: David Yang <mmyangfl@xxxxxxxxx>
Reviewed-by: Vladimir Oltean <olteanv@xxxxxxxxx>
---
v1: https://lore.kernel.org/r/20260528203549.1918040-1-mmyangfl@xxxxxxxxx
- rewrite commit message
drivers/net/dsa/sja1105/sja1105_flower.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/dsa/sja1105/sja1105_flower.c b/drivers/net/dsa/sja1105/sja1105_flower.c
index fba926f85b47..7547999a113f 100644
--- a/drivers/net/dsa/sja1105/sja1105_flower.c
+++ b/drivers/net/dsa/sja1105/sja1105_flower.c
@@ -391,9 +391,9 @@ int sja1105_cls_flower_add(struct dsa_switch *ds, int port,
struct dsa_port *to_dp;

to_dp = dsa_port_from_netdev(act->dev);
- if (IS_ERR(to_dp)) {
+ if (IS_ERR(to_dp) || to_dp->ds != ds) {
NL_SET_ERR_MSG_MOD(extack,
- "Destination not a switch port");
+ "Destination not a local switch port");
return -EOPNOTSUPP;
}

--
2.53.0