[PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF

Netdev List
 help / color / mirror / Atom feed

* [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF
@ 2026-05-24  7:29 Junrui Luo
  2026-05-27  1:02 ` Jakub Kicinski
  0 siblings, 1 reply; 5+ messages in thread
From: Junrui Luo @ 2026-05-24  7:29 UTC (permalink / raw)
  To: Sunil Goutham, Linu Cherian, Geetha sowjanya, hariprasad,
	Subbaraya Sundeep, Andrew Lunn, David S. Miller, Eric Dumazet,
	Jakub Kicinski, Paolo Abeni
  Cc: netdev, linux-kernel, Yuhao Jiang, stable, Junrui Luo

rvu_mbox_handler_lmtst_tbl_setup() uses req->base_pcifunc as a direct
index into the LMT map table to read another function's LMTLINE
physical base address and copy it into the caller's own LMT map table
entry. The mailbox dispatcher authenticates req->hdr.pcifunc from the
IRQ source, but req->base_pcifunc is a separate payload field and is
not sanitized.

Reject the request with -EPERM when the caller and base function do
not share a parent PF.

Fixes: 893ae97214c3 ("octeontx2-af: cn10k: Support configurable LMTST regions")
Reported-by: Yuhao Jiang <danisjiang@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Junrui Luo <moonafterrain@outlook.com>
---
 drivers/net/ethernet/marvell/octeontx2/af/rvu_cn10k.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_cn10k.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_cn10k.c
index d2163da28d18..0c27b4b669f1 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_cn10k.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_cn10k.c
@@ -178,6 +178,13 @@ int rvu_mbox_handler_lmtst_tbl_setup(struct rvu *rvu,
 	 * pcifunc (will be the one who is calling this mailbox).
 	 */
 	if (req->base_pcifunc) {
+		/* Only allow LMTLINE sharing within the same PF, so that a
+		 * PCI function cannot hijack another PF's LMTLINE region.
+		 */
+		if (rvu_get_pf(rvu->pdev, req->hdr.pcifunc) !=
+		    rvu_get_pf(rvu->pdev, req->base_pcifunc))
+			return -EPERM;
+
 		/* Calculating the LMT table index equivalent to primary
 		 * pcifunc.
 		 */

---
base-commit: c369299895a591d96745d6492d4888259b004a9e
change-id: 20260524-fixes-33bb6d8cccf8

Best regards,
-- 
Junrui Luo <moonafterrain@outlook.com>


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF
  2026-05-24  7:29 [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF Junrui Luo
@ 2026-05-27  1:02 ` Jakub Kicinski
  2026-05-27  1:46   ` Yuhao Jiang
  0 siblings, 1 reply; 5+ messages in thread
From: Jakub Kicinski @ 2026-05-27  1:02 UTC (permalink / raw)
  To: Junrui Luo
  Cc: Sunil Goutham, Linu Cherian, Geetha sowjanya, hariprasad,
	Subbaraya Sundeep, Andrew Lunn, David S. Miller, Eric Dumazet,
	Paolo Abeni, netdev, linux-kernel, Yuhao Jiang, stable

On Sun, 24 May 2026 15:29:29 +0800 Junrui Luo wrote:
> Reported-by: Yuhao Jiang <danisjiang@gmail.com>

Really? I thought I saw this reported in Sashiko..

https://netdev-ai.bots.linux.dev/sashiko/#/patchset/20260520154157.1439319-1-michael.bommarito@gmail.com

Either way, Marvell folks - please review.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF
  2026-05-27  1:02 ` Jakub Kicinski
@ 2026-05-27  1:46   ` Yuhao Jiang
  2026-05-27  1:52     ` Jakub Kicinski
  0 siblings, 1 reply; 5+ messages in thread
From: Yuhao Jiang @ 2026-05-27  1:46 UTC (permalink / raw)
  To: Jakub Kicinski
  Cc: Junrui Luo, Sunil Goutham, Linu Cherian, Geetha sowjanya,
	hariprasad, Subbaraya Sundeep, Andrew Lunn, David S. Miller,
	Eric Dumazet, Paolo Abeni, netdev, linux-kernel, stable

Hi Jakub,

I worked with Junrui on discovering this bug and preparing the patch.
I found the bug and reported it to Junrui, and he helped write the
patch. There may be some overlap with other work.

Thanks.

On Tue, May 26, 2026 at 8:02 PM Jakub Kicinski <kuba@kernel.org> wrote:
>
> On Sun, 24 May 2026 15:29:29 +0800 Junrui Luo wrote:
> > Reported-by: Yuhao Jiang <danisjiang@gmail.com>
>
> Really? I thought I saw this reported in Sashiko..
>
> https://netdev-ai.bots.linux.dev/sashiko/#/patchset/20260520154157.1439319-1-michael.bommarito@gmail.com
>
> Either way, Marvell folks - please review.



-- 
Yuhao Jiang

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF
  2026-05-27  1:46   ` Yuhao Jiang
@ 2026-05-27  1:52     ` Jakub Kicinski
  2026-05-27  2:26       ` Junrui Luo
  0 siblings, 1 reply; 5+ messages in thread
From: Jakub Kicinski @ 2026-05-27  1:52 UTC (permalink / raw)
  To: Yuhao Jiang
  Cc: Junrui Luo, Sunil Goutham, Linu Cherian, Geetha sowjanya,
	hariprasad, Subbaraya Sundeep, Andrew Lunn, David S. Miller,
	Eric Dumazet, Paolo Abeni, netdev, linux-kernel, stable

On Tue, 26 May 2026 20:46:46 -0500 Yuhao Jiang wrote:
> Hi Jakub,
> 
> I worked with Junrui on discovering this bug and preparing the patch.
> I found the bug and reported it to Junrui, and he helped write the
> patch. There may be some overlap with other work.

Please don't top post on the list.

Junrui, please describe your discovery process.

> On Tue, May 26, 2026 at 8:02 PM Jakub Kicinski <kuba@kernel.org> wrote:
> >
> > On Sun, 24 May 2026 15:29:29 +0800 Junrui Luo wrote:  
> > > Reported-by: Yuhao Jiang <danisjiang@gmail.com>  
> >
> > Really? I thought I saw this reported in Sashiko..
> >
> > https://netdev-ai.bots.linux.dev/sashiko/#/patchset/20260520154157.1439319-1-michael.bommarito@gmail.com
> >
> > Either way, Marvell folks - please review.  


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF
  2026-05-27  1:52     ` Jakub Kicinski
@ 2026-05-27  2:26       ` Junrui Luo
  0 siblings, 0 replies; 5+ messages in thread
From: Junrui Luo @ 2026-05-27  2:26 UTC (permalink / raw)
  To: Jakub Kicinski
  Cc: Yuhao Jiang, Sunil Goutham, Linu Cherian, Geetha sowjanya,
	hariprasad, Subbaraya Sundeep, Andrew Lunn, David S. Miller,
	Eric Dumazet, Paolo Abeni, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org, stable@vger.kernel.org

On Tue, May 26, 2026 at 06:52:24PM -0700, Jakub Kicinski wrote:
> Junrui, please describe your discovery process.

Hi Jakub,

Yuhao forwarded the report to me, and I investigated the issue and wrote
the patch. Sorry for missing the earlier report on Sashiko, and thanks for
the link.

Thanks,
Junrui Luo

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-05-27  2:26 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-24  7:29 [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF Junrui Luo
2026-05-27  1:02 ` Jakub Kicinski
2026-05-27  1:46   ` Yuhao Jiang
2026-05-27  1:52     ` Jakub Kicinski
2026-05-27  2:26       ` Junrui Luo

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox