* [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF
@ 2026-05-24 7:29 Junrui Luo
2026-05-27 1:02 ` Jakub Kicinski
0 siblings, 1 reply; 6+ messages in thread
From: Junrui Luo @ 2026-05-24 7:29 UTC (permalink / raw)
To: Sunil Goutham, Linu Cherian, Geetha sowjanya, hariprasad,
Subbaraya Sundeep, Andrew Lunn, David S. Miller, Eric Dumazet,
Jakub Kicinski, Paolo Abeni
Cc: netdev, linux-kernel, Yuhao Jiang, stable, Junrui Luo
rvu_mbox_handler_lmtst_tbl_setup() uses req->base_pcifunc as a direct
index into the LMT map table to read another function's LMTLINE
physical base address and copy it into the caller's own LMT map table
entry. The mailbox dispatcher authenticates req->hdr.pcifunc from the
IRQ source, but req->base_pcifunc is a separate payload field and is
not sanitized.
Reject the request with -EPERM when the caller and base function do
not share a parent PF.
Fixes: 893ae97214c3 ("octeontx2-af: cn10k: Support configurable LMTST regions")
Reported-by: Yuhao Jiang <danisjiang@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Junrui Luo <moonafterrain@outlook.com>
---
drivers/net/ethernet/marvell/octeontx2/af/rvu_cn10k.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_cn10k.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_cn10k.c
index d2163da28d18..0c27b4b669f1 100644
--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_cn10k.c
+++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_cn10k.c
@@ -178,6 +178,13 @@ int rvu_mbox_handler_lmtst_tbl_setup(struct rvu *rvu,
* pcifunc (will be the one who is calling this mailbox).
*/
if (req->base_pcifunc) {
+ /* Only allow LMTLINE sharing within the same PF, so that a
+ * PCI function cannot hijack another PF's LMTLINE region.
+ */
+ if (rvu_get_pf(rvu->pdev, req->hdr.pcifunc) !=
+ rvu_get_pf(rvu->pdev, req->base_pcifunc))
+ return -EPERM;
+
/* Calculating the LMT table index equivalent to primary
* pcifunc.
*/
---
base-commit: c369299895a591d96745d6492d4888259b004a9e
change-id: 20260524-fixes-33bb6d8cccf8
Best regards,
--
Junrui Luo <moonafterrain@outlook.com>
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF
2026-05-24 7:29 [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF Junrui Luo
@ 2026-05-27 1:02 ` Jakub Kicinski
2026-05-27 1:46 ` Yuhao Jiang
0 siblings, 1 reply; 6+ messages in thread
From: Jakub Kicinski @ 2026-05-27 1:02 UTC (permalink / raw)
To: Junrui Luo
Cc: Sunil Goutham, Linu Cherian, Geetha sowjanya, hariprasad,
Subbaraya Sundeep, Andrew Lunn, David S. Miller, Eric Dumazet,
Paolo Abeni, netdev, linux-kernel, Yuhao Jiang, stable
On Sun, 24 May 2026 15:29:29 +0800 Junrui Luo wrote:
> Reported-by: Yuhao Jiang <danisjiang@gmail.com>
Really? I thought I saw this reported in Sashiko..
https://netdev-ai.bots.linux.dev/sashiko/#/patchset/20260520154157.1439319-1-michael.bommarito@gmail.com
Either way, Marvell folks - please review.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF
2026-05-27 1:02 ` Jakub Kicinski
@ 2026-05-27 1:46 ` Yuhao Jiang
2026-05-27 1:52 ` Jakub Kicinski
0 siblings, 1 reply; 6+ messages in thread
From: Yuhao Jiang @ 2026-05-27 1:46 UTC (permalink / raw)
To: Jakub Kicinski
Cc: Junrui Luo, Sunil Goutham, Linu Cherian, Geetha sowjanya,
hariprasad, Subbaraya Sundeep, Andrew Lunn, David S. Miller,
Eric Dumazet, Paolo Abeni, netdev, linux-kernel, stable
Hi Jakub,
I worked with Junrui on discovering this bug and preparing the patch.
I found the bug and reported it to Junrui, and he helped write the
patch. There may be some overlap with other work.
Thanks.
On Tue, May 26, 2026 at 8:02 PM Jakub Kicinski <kuba@kernel.org> wrote:
>
> On Sun, 24 May 2026 15:29:29 +0800 Junrui Luo wrote:
> > Reported-by: Yuhao Jiang <danisjiang@gmail.com>
>
> Really? I thought I saw this reported in Sashiko..
>
> https://netdev-ai.bots.linux.dev/sashiko/#/patchset/20260520154157.1439319-1-michael.bommarito@gmail.com
>
> Either way, Marvell folks - please review.
--
Yuhao Jiang
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF
2026-05-27 1:46 ` Yuhao Jiang
@ 2026-05-27 1:52 ` Jakub Kicinski
2026-05-27 2:26 ` Junrui Luo
2026-05-27 5:20 ` [EXTERNAL] " Geethasowjanya Akula
0 siblings, 2 replies; 6+ messages in thread
From: Jakub Kicinski @ 2026-05-27 1:52 UTC (permalink / raw)
To: Yuhao Jiang
Cc: Junrui Luo, Sunil Goutham, Linu Cherian, Geetha sowjanya,
hariprasad, Subbaraya Sundeep, Andrew Lunn, David S. Miller,
Eric Dumazet, Paolo Abeni, netdev, linux-kernel, stable
On Tue, 26 May 2026 20:46:46 -0500 Yuhao Jiang wrote:
> Hi Jakub,
>
> I worked with Junrui on discovering this bug and preparing the patch.
> I found the bug and reported it to Junrui, and he helped write the
> patch. There may be some overlap with other work.
Please don't top post on the list.
Junrui, please describe your discovery process.
> On Tue, May 26, 2026 at 8:02 PM Jakub Kicinski <kuba@kernel.org> wrote:
> >
> > On Sun, 24 May 2026 15:29:29 +0800 Junrui Luo wrote:
> > > Reported-by: Yuhao Jiang <danisjiang@gmail.com>
> >
> > Really? I thought I saw this reported in Sashiko..
> >
> > https://netdev-ai.bots.linux.dev/sashiko/#/patchset/20260520154157.1439319-1-michael.bommarito@gmail.com
> >
> > Either way, Marvell folks - please review.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF
2026-05-27 1:52 ` Jakub Kicinski
@ 2026-05-27 2:26 ` Junrui Luo
2026-05-27 5:20 ` [EXTERNAL] " Geethasowjanya Akula
1 sibling, 0 replies; 6+ messages in thread
From: Junrui Luo @ 2026-05-27 2:26 UTC (permalink / raw)
To: Jakub Kicinski
Cc: Yuhao Jiang, Sunil Goutham, Linu Cherian, Geetha sowjanya,
hariprasad, Subbaraya Sundeep, Andrew Lunn, David S. Miller,
Eric Dumazet, Paolo Abeni, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, stable@vger.kernel.org
On Tue, May 26, 2026 at 06:52:24PM -0700, Jakub Kicinski wrote:
> Junrui, please describe your discovery process.
Hi Jakub,
Yuhao forwarded the report to me, and I investigated the issue and wrote
the patch. Sorry for missing the earlier report on Sashiko, and thanks for
the link.
Thanks,
Junrui Luo
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [EXTERNAL] Re: [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF
2026-05-27 1:52 ` Jakub Kicinski
2026-05-27 2:26 ` Junrui Luo
@ 2026-05-27 5:20 ` Geethasowjanya Akula
1 sibling, 0 replies; 6+ messages in thread
From: Geethasowjanya Akula @ 2026-05-27 5:20 UTC (permalink / raw)
To: Jakub Kicinski, Yuhao Jiang
Cc: Junrui Luo, Sunil Kovvuri Goutham, Linu Cherian, Hariprasad Kelam,
Subbaraya Sundeep Bhatta, Andrew Lunn, David S. Miller,
Eric Dumazet, Paolo Abeni, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, stable@vger.kernel.org
>-----Original Message-----
>From: Jakub Kicinski <kuba@kernel.org>
>Sent: Wednesday, May 27, 2026 7:22 AM
>To: Yuhao Jiang <danisjiang@gmail.com>
>Cc: Junrui Luo <moonafterrain@outlook.com>; Sunil Kovvuri Goutham
><sgoutham@marvell.com>; Linu Cherian <lcherian@marvell.com>;
>Geethasowjanya Akula <gakula@marvell.com>; Hariprasad Kelam
><hkelam@marvell.com>; Subbaraya Sundeep Bhatta <sbhatta@marvell.com>;
>Andrew Lunn <andrew+netdev@lunn.ch>; David S. Miller
><davem@davemloft.net>; Eric Dumazet <edumazet@google.com>; Paolo
>Abeni <pabeni@redhat.com>; netdev@vger.kernel.org; linux-
>kernel@vger.kernel.org; stable@vger.kernel.org
>Subject: [EXTERNAL] Re: [PATCH net] octeontx2-af: cn10k: restrict LMTLINE
>sharing to same PF
>On Tue, 26 May 2026 20:46:46 -0500 Yuhao Jiang wrote:
>> Hi Jakub,
>>
>> I worked with Junrui on discovering this bug and preparing the patch.
>> I found the bug and reported it to Junrui, and he helped write the
>> patch. There may be some overlap with other work.
>
>Please don't top post on the list.
>
>Junrui, please describe your discovery process.
>
>> On Tue, May 26, 2026 at 8:02 PM Jakub Kicinski <kuba@kernel.org> wrote:
>> >
>> > On Sun, 24 May 2026 15:29:29 +0800 Junrui Luo wrote:
>> > > Reported-by: Yuhao Jiang <danisjiang@gmail.com>
>> >
>> > Really? I thought I saw this reported in Sashiko..
>> >
>> > https://urldefense.proofpoint.com/v2/url?u=https-3A__netdev-2Dai.bot
>> > s.linux.dev_sashiko_-23_patchset_20260520154157.1439319-2D1-
>2Dmichae
>> > l.bommarito-
>40gmail.com&d=DwIFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=UiEt_nUe
>> >
>YFctu7JVLXVlXDhTmq_EAfooaZEYInfGuEQ&m=ESyWUuC7cOhVRmobPkCa2wZp
>UJil1G
>> > km_eJqp-iBzx2soczScJlUupDstoIztUIo&s=J8p73boIdnnkY-
>tzhEXMXXE6W0qp5sC
>> > HAZFQ0FjEugE&e=
>> >
>> > Either way, Marvell folks - please review.
Hi Junrui and Jakub,
This patch enforces that the requester’s pcifunc and req->base_pcifunc belong to the same PF.
However, this assumption is not always valid.
We have valid use cases where LMTST lines are intentionally shared across multiple PFs. In such scenarios,
the base_pcifunc may legitimately belong to a different PF, and restricting access to the same PF would
break these existing use cases.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-05-27 5:20 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-24 7:29 [PATCH net] octeontx2-af: cn10k: restrict LMTLINE sharing to same PF Junrui Luo
2026-05-27 1:02 ` Jakub Kicinski
2026-05-27 1:46 ` Yuhao Jiang
2026-05-27 1:52 ` Jakub Kicinski
2026-05-27 2:26 ` Junrui Luo
2026-05-27 5:20 ` [EXTERNAL] " Geethasowjanya Akula
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox