| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0cece70f-a7ae-47e2-a4a2-602d37063890@intel.com>
Date: Mon, 10 Jun 2024 13:38:11 +0200
From: Przemek Kitszel <przemyslaw.kitszel@...el.com>
To: Michael Chan <michael.chan@...adcom.com>
CC: <netdev@...r.kernel.org>, <edumazet@...gle.com>, <kuba@...nel.org>,
<pabeni@...hat.com>, <andrew.gospodarek@...adcom.com>, <horms@...nel.org>,
Somnath Kotur <somnath.kotur@...adcom.com>, Pavan Chebbi
<pavan.chebbi@...adcom.com>, <davem@...emloft.net>
Subject: Re: [PATCH net v2] bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG
forwarded response
On 6/8/24 21:13, Michael Chan wrote:
> Firmware interface 1.10.2.118 has increased the size of
> HWRM_PORT_PHY_QCFG response beyond the maximum size that can be
> forwarded. When the VF's link state is not the default auto state,
> the PF will need to forward the response back to the VF to indicate
> the forced state. This regression may cause the VF to fail to
> initialize.
>
> Fix it by capping the HWRM_PORT_PHY_QCFG response to the maximum
> 96 bytes. The SPEEDS2_SUPPORTED flag needs to be cleared because the
> new speeds2 fields are beyond the legacy structure. Also modify
> bnxt_hwrm_fwd_resp() to print a warning if the message size exceeds 96
> bytes to make this failure more obvious.
>
> Fixes: 84a911db8305 ("bnxt_en: Update firmware interface to 1.10.2.118")
> Reviewed-by: Somnath Kotur <somnath.kotur@...adcom.com>
> Reviewed-by: Pavan Chebbi <pavan.chebbi@...adcom.com>
> Signed-off-by: Michael Chan <michael.chan@...adcom.com>
> ---
> v2: Remove Bug and ChangeID from ChangeLog
> Add comment to explain the clearing of the SPEEDS2_SUPPORTED flag
> ---
> drivers/net/ethernet/broadcom/bnxt/bnxt.h | 48 +++++++++++++++++++
> .../net/ethernet/broadcom/bnxt/bnxt_sriov.c | 12 ++++-
> 2 files changed, 58 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
> index 656ab81c0272..94d242aca8d5 100644
> --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h
> +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h
> @@ -1434,6 +1434,54 @@ struct bnxt_l2_filter {
> atomic_t refcnt;
> };
>
> +/* hwrm_port_phy_qcfg_output (size:96 bytes) */
> +struct hwrm_port_phy_qcfg_output_compat {
I assume that the first 96 bytes of the current
struct hwrm_port_phy_qcfg are the same as here; with that you could wrap
those there by struct_group_tagged, giving the very same name as here,
but without replicating all the content.
> + __le16 error_code;
> + __le16 req_type;
> + __le16 seq_id;
> + __le16 resp_len;
> + u8 link;
> + u8 active_fec_signal_mode;
> + __le16 link_speed;
> + u8 duplex_cfg;
> + u8 pause;
> + __le16 support_speeds;
> + __le16 force_link_speed;
> + u8 auto_mode;
> + u8 auto_pause;
> + __le16 auto_link_speed;
> + __le16 auto_link_speed_mask;
> + u8 wirespeed;
> + u8 lpbk;
> + u8 force_pause;
> + u8 module_status;
> + __le32 preemphasis;
> + u8 phy_maj;
> + u8 phy_min;
> + u8 phy_bld;
> + u8 phy_type;
> + u8 media_type;
> + u8 xcvr_pkg_type;
> + u8 eee_config_phy_addr;
> + u8 parallel_detect;
> + __le16 link_partner_adv_speeds;
> + u8 link_partner_adv_auto_mode;
> + u8 link_partner_adv_pause;
> + __le16 adv_eee_link_speed_mask;
> + __le16 link_partner_adv_eee_link_speed_mask;
> + __le32 xcvr_identifier_type_tx_lpi_timer;
> + __le16 fec_cfg;
> + u8 duplex_state;
> + u8 option_flags;
> + char phy_vendor_name[16];
> + char phy_vendor_partnumber[16];
> + __le16 support_pam4_speeds;
> + __le16 force_pam4_link_speed;
> + __le16 auto_pam4_link_speed_mask;
> + u8 link_partner_pam4_adv_speeds;
> + u8 valid;
> +};
> +
> struct bnxt_link_info {
> u8 phy_type;
> u8 media_type;
> diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c
> index 175192ebaa77..b28073777ef5 100644
> --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c
> +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c
> @@ -950,8 +950,11 @@ static int bnxt_hwrm_fwd_resp(struct bnxt *bp, struct bnxt_vf_info *vf,
> struct hwrm_fwd_resp_input *req;
> int rc;
>
> - if (BNXT_FWD_RESP_SIZE_ERR(msg_size))
> + if (BNXT_FWD_RESP_SIZE_ERR(msg_size)) {
> + netdev_warn_once(bp->dev, "HWRM fwd response too big (%d bytes)\n",
> + msg_size);
> return -EINVAL;
> + }
>
> rc = hwrm_req_init(bp, req, HWRM_FWD_RESP);
> if (!rc) {
> @@ -1085,7 +1088,7 @@ static int bnxt_vf_set_link(struct bnxt *bp, struct bnxt_vf_info *vf)
> rc = bnxt_hwrm_exec_fwd_resp(
> bp, vf, sizeof(struct hwrm_port_phy_qcfg_input));
> } else {
> - struct hwrm_port_phy_qcfg_output phy_qcfg_resp = {0};
> + struct hwrm_port_phy_qcfg_output_compat phy_qcfg_resp = {0};
nit: we usually just write `{}`
> struct hwrm_port_phy_qcfg_input *phy_qcfg_req;
>
> phy_qcfg_req =
> @@ -1096,6 +1099,11 @@ static int bnxt_vf_set_link(struct bnxt *bp, struct bnxt_vf_info *vf)
> mutex_unlock(&bp->link_lock);
> phy_qcfg_resp.resp_len = cpu_to_le16(sizeof(phy_qcfg_resp));
> phy_qcfg_resp.seq_id = phy_qcfg_req->seq_id;
> + /* New SPEEDS2 fields are beyond the legacy structure, so
> + * clear the SPEEDS2_SUPPORTED flag.
> + */
> + phy_qcfg_resp.option_flags &=
> + ~PORT_PHY_QCAPS_RESP_FLAGS2_SPEEDS2_SUPPORTED;
> phy_qcfg_resp.valid = 1;
>
> if (vf->flags & BNXT_VF_LINK_UP) {
Powered by blists - more mailing lists