From: sashiko-bot@kernel.org
To: wei.fang@oss.nxp.com
Cc: imx@lists.linux.dev, Frank.Li@kernel.org
Subject: Re: [PATCH v4 net-next 5/9] net: dsa: netc: initialize the group bitmap of ETT and ECT
Date: Wed, 10 Jun 2026 03:27:59 +0000 [thread overview]
Message-ID: <20260610032759.A09281F00898@smtp.kernel.org> (raw)
In-Reply-To: <20260609032955.2066089-6-wei.fang@oss.nxp.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Hardware ETT and ECT table out-of-bounds access due to incorrect group sizing based on available ports instead of physical ports.
--
commit 86672a593cae6156b47d02f0d2ead38cfa53953b
Author: Wei Fang <wei.fang@nxp.com>
net: dsa: netc: initialize the group bitmap of ETT and ECT
This commit calculates and allocates index bitmaps for the Egress Treatment
Table (ETT) and Egress Count Table (ECT) based on hardware capabilities. The
bitmap sizes are calculated by dividing the total hardware entries by the
number of available ports.
> diff --git a/drivers/net/dsa/netc/netc_main.c b/drivers/net/dsa/netc/netc_main.c
> index fa7dd307ce130..d4475ad7ed6c2 100644
> --- a/drivers/net/dsa/netc/netc_main.c
> +++ b/drivers/net/dsa/netc/netc_main.c
[ ... ]
> +static int netc_init_ntmp_bitmap_sizes(struct netc_switch *priv)
> +{
> + u32 num_ports = netc_num_available_ports(priv);
> + struct netc_switch_regs *regs = &priv->regs;
> + struct ntmp_user *ntmp = &priv->ntmp;
> + u32 val;
> +
> + if (!num_ports)
> + return -EINVAL;
> +
> + val = netc_base_rd(regs, NETC_ETTCAPR);
> + ntmp->ett_bitmap_size = NETC_GET_NUM_ENTRIES(val) / num_ports;
[Severity: High]
Could calculating the bitmap size using the number of available ports lead to
out-of-bounds accesses by the hardware?
If any physical ports are disabled in the device tree, the available port
count will be strictly less than the hardware's actual physical port count.
When the hardware performs an egress lookup, it adds the physical port index
to the base ETT or ECT entry ID. Because the group size is compressed here
based only on available ports, it appears the hardware could access an entry
outside of the intended group. For the highest allocated group indices,
would this addition exceed the boundaries of the entire ETT/ECT table?
> + if (!ntmp->ett_bitmap_size)
> + return -EINVAL;
> +
> + val = netc_base_rd(regs, NETC_ECTCAPR);
> + ntmp->ect_bitmap_size = NETC_GET_NUM_ENTRIES(val) / num_ports;
[ ... ]
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260609032955.2066089-1-wei.fang@oss.nxp.com?part=5
next prev parent reply other threads:[~2026-06-10 3:27 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-09 3:29 [PATCH v4 net-next 0/9] net: dsa: netc: add bridge mode support wei.fang
2026-06-09 3:29 ` [PATCH v4 net-next 1/9] net: enetc: add interfaces to manage dynamic FDB entries wei.fang
2026-06-09 3:29 ` [PATCH v4 net-next 2/9] net: enetc: add "Update" and "Delete" operations to VLAN filter table wei.fang
2026-06-09 3:29 ` [PATCH v4 net-next 3/9] net: enetc: add interfaces to manage egress treatment table wei.fang
2026-06-09 3:29 ` [PATCH v4 net-next 4/9] net: enetc: add "Update" operation to the egress count table wei.fang
2026-06-09 3:29 ` [PATCH v4 net-next 5/9] net: dsa: netc: initialize the group bitmap of ETT and ECT wei.fang
2026-06-10 3:27 ` sashiko-bot [this message]
2026-06-10 10:13 ` Wei Fang (OSS)
2026-06-09 3:29 ` [PATCH v4 net-next 6/9] net: enetc: add helpers to set/clear table bitmap wei.fang
2026-06-10 3:27 ` sashiko-bot
2026-06-09 3:29 ` [PATCH v4 net-next 7/9] net: dsa: netc: add VLAN filter table and egress treatment management wei.fang
2026-06-10 3:27 ` sashiko-bot
2026-06-10 10:16 ` Wei Fang (OSS)
2026-06-09 3:29 ` [PATCH v4 net-next 8/9] net: dsa: netc: add bridge mode support wei.fang
2026-06-10 3:28 ` sashiko-bot
2026-06-10 10:30 ` Wei Fang (OSS)
2026-06-09 3:29 ` [PATCH v4 net-next 9/9] net: dsa: netc: implement dynamic FDB entry ageing wei.fang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260610032759.A09281F00898@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=Frank.Li@kernel.org \
--cc=imx@lists.linux.dev \
--cc=sashiko-reviews@lists.linux.dev \
--cc=wei.fang@oss.nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.