lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260110225932.3900827-1-kuba@kernel.org>
Date: Sat, 10 Jan 2026 14:59:32 -0800
From: Jakub Kicinski <kuba@...nel.org>
To: rkannoth@...vell.com
Cc: Jakub Kicinski <kuba@...nel.org>,
	netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [net-next,v3,04/13] ocetontx2-af: npc: cn20k: MKEX profile support

This is an AI-generated review of your patch. The human sending this
email has considered the AI review valid, or at least pausible.

For local reproduction steps see https://netdev-ai.bots.linux.dev/ai-local.html
---
ocetontx2-af: npc: cn20k: MKEX profile support

This patch adds MKEX profile support for the cn20k silicon variant,
introducing a new key extractor concept with up to 24 extractors per
packet parsing profile.

> diff --git a/drivers/net/ethernet/marvell/octeontx2/af/cn20k/npc.c b/drivers/net/ethernet/marvell/octeontx2/af/cn20k/npc.c
> index 316e6cd1436a..88d7f65d246c 100644
> --- a/drivers/net/ethernet/marvell/octeontx2/af/cn20k/npc.c
> +++ b/drivers/net/ethernet/marvell/octeontx2/af/cn20k/npc.c

[ ... ]

> +void npc_cn20k_load_mkex_profile(struct rvu *rvu, int blkaddr,
> +				 const char *mkex_profile)
> +{
> +	struct npc_mcam_kex_extr *mcam_kex_extr;
> +	struct device *dev = &rvu->pdev->dev;
> +	void __iomem *mkex_prfl_addr = NULL;
> +	u64 prfl_sz;
> +	int ret;
> +
> +	/* If user not selected mkex profile */
> +	if (rvu->kpu_fwdata_sz ||
> +	    !strncmp(mkex_profile, cn20k_def_pfl_name, MKEX_NAME_LEN))
> +		goto program_mkex_extr;
> +
> +	/* Setting up the mapping for mkex profile image */
> +	ret = npc_fwdb_prfl_img_map(rvu, &mkex_prfl_addr, &prfl_sz);
> +	if (ret < 0)
> +		goto program_mkex_extr;
> +
> +	mcam_kex_extr = (struct npc_mcam_kex_extr __force *)mkex_prfl_addr;
> +
> +	while (((s64)prfl_sz > 0) && (mcam_kex_extr->mkex_sign != MKEX_END_SIGN)) {
> +		/* Compare with mkex mod_param name string */
> +		if (mcam_kex_extr->mkex_sign == MKEX_CN20K_SIGN &&
> +		    !strncmp(mcam_kex_extr->name, mkex_profile, MKEX_NAME_LEN)) {
> +			rvu->kpu.mcam_kex_prfl.mkex_extr = mcam_kex_extr;
> +			goto program_mkex_extr;
> +		}
> +
> +		mcam_kex_extr++;
> +		prfl_sz -= sizeof(struct npc_mcam_kex);
                                 ^^^^^^^^^^^^^^^^^^^^^

The loop iterates over struct npc_mcam_kex_extr entries (the pointer
mcam_kex_extr is advanced by sizeof(struct npc_mcam_kex_extr) via
mcam_kex_extr++), but the size decrement uses sizeof(struct npc_mcam_kex).

These structures have different sizes:
- struct npc_mcam_kex_extr contains intf_extr_lid[2][24] and
  intf_extr_lt[2][24][16] arrays
- struct npc_mcam_kex contains intf_lid_lt_ld[2][8][16][2] and
  intf_ld_flags[2][2][16] arrays

Should this be sizeof(struct npc_mcam_kex_extr) to match the pointer
increment? Otherwise the loop termination condition will be incorrect
and could read beyond the profile buffer boundaries.

> +	}
> +	dev_warn(dev, "Failed to load requested profile: %s\n", mkex_profile);

[ ... ]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ