* [PATCH net-next v2] net: dsa: sja1105: flower: reject cross-chip redirect
@ 2026-05-30 0:39 David Yang
2026-06-02 21:50 ` patchwork-bot+netdevbpf
0 siblings, 1 reply; 2+ messages in thread
From: David Yang @ 2026-05-30 0:39 UTC (permalink / raw)
To: netdev
Cc: David Yang, Vladimir Oltean, Andrew Lunn, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, linux-kernel
dsa_port_from_netdev() may return a valid port from a different switch
chip. Programming another chip's port index into the local hardware
causes redirection to the wrong port, or an out-of-bounds access if the
index exceeds the local chip's port count.
Apply a minimal fix that adds a check to catch this case and adjusts the
extack message. When cls->common.skip_sw is not set, the operation could
instead redirect to the upstream port and let the software or upstream
switch(es) handle the forward, but that is not addressed here.
Signed-off-by: David Yang <mmyangfl@gmail.com>
Reviewed-by: Vladimir Oltean <olteanv@gmail.com>
---
v1: https://lore.kernel.org/r/20260528203549.1918040-1-mmyangfl@gmail.com
- rewrite commit message
drivers/net/dsa/sja1105/sja1105_flower.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/dsa/sja1105/sja1105_flower.c b/drivers/net/dsa/sja1105/sja1105_flower.c
index fba926f85b47..7547999a113f 100644
--- a/drivers/net/dsa/sja1105/sja1105_flower.c
+++ b/drivers/net/dsa/sja1105/sja1105_flower.c
@@ -391,9 +391,9 @@ int sja1105_cls_flower_add(struct dsa_switch *ds, int port,
struct dsa_port *to_dp;
to_dp = dsa_port_from_netdev(act->dev);
- if (IS_ERR(to_dp)) {
+ if (IS_ERR(to_dp) || to_dp->ds != ds) {
NL_SET_ERR_MSG_MOD(extack,
- "Destination not a switch port");
+ "Destination not a local switch port");
return -EOPNOTSUPP;
}
--
2.53.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net-next v2] net: dsa: sja1105: flower: reject cross-chip redirect
2026-05-30 0:39 [PATCH net-next v2] net: dsa: sja1105: flower: reject cross-chip redirect David Yang
@ 2026-06-02 21:50 ` patchwork-bot+netdevbpf
0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+netdevbpf @ 2026-06-02 21:50 UTC (permalink / raw)
To: David Yang
Cc: netdev, olteanv, andrew, davem, edumazet, kuba, pabeni,
linux-kernel
Hello:
This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Sat, 30 May 2026 08:39:14 +0800 you wrote:
> dsa_port_from_netdev() may return a valid port from a different switch
> chip. Programming another chip's port index into the local hardware
> causes redirection to the wrong port, or an out-of-bounds access if the
> index exceeds the local chip's port count.
>
> Apply a minimal fix that adds a check to catch this case and adjusts the
> extack message. When cls->common.skip_sw is not set, the operation could
> instead redirect to the upstream port and let the software or upstream
> switch(es) handle the forward, but that is not addressed here.
>
> [...]
Here is the summary with links:
- [net-next,v2] net: dsa: sja1105: flower: reject cross-chip redirect
https://git.kernel.org/netdev/net-next/c/cfa5274a5dc2
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-06-02 21:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-30 0:39 [PATCH net-next v2] net: dsa: sja1105: flower: reject cross-chip redirect David Yang
2026-06-02 21:50 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox