git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Srijit Bose <srijit.bose@broadcom.com>
	Wed, 31 Dec 2025 08:36:25 +0000 (00:36 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 17 Jan 2026 15:31:23 +0000 (16:31 +0100)
commit	f1029391e6043acfb954a76f5bfdb7642b1f7f1d
tree	c8a4ab953894dc4719f3c4c59a00230c873942e0	tree \| snapshot
parent	57f1dd8fa96687fa8b2039321553b6f573178112	commit \| diff

bnxt_en: Fix potential data corruption with HW GRO/LRO

[ Upstream commit ffeafa65b2b26df2f5b5a6118d3174f17bd12ec5 ]

Fix the max number of bits passed to find_first_zero_bit() in
bnxt_alloc_agg_idx().  We were incorrectly passing the number of
long words.  find_first_zero_bit() may fail to find a zero bit and
cause a wrong ID to be used.  If the wrong ID is already in use, this
can cause data corruption.  Sometimes an error like this can also be
seen:

bnxt_en 0000:83:00.0 enp131s0np0: TPA end agg_buf 2 != expected agg_bufs 1

Fix it by passing the correct number of bits MAX_TPA_P5.  Use
DECLARE_BITMAP() to more cleanly define the bitmap.  Add a sanity
check to warn if a bit cannot be found and reset the ring [MChan].

Fixes: ec4d8e7cf024 ("bnxt_en: Add TPA ID mapping logic for 57500 chips.")
Reviewed-by: Ray Jui <ray.jui@broadcom.com>
Signed-off-by: Srijit Bose <srijit.bose@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Reviewed-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>
Link: https://patch.msgid.link/20251231083625.3911652-1-michael.chan@broadcom.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

drivers/net/ethernet/broadcom/bnxt/bnxt.c		diff \| blob \| blame \| history
drivers/net/ethernet/broadcom/bnxt/bnxt.h		diff \| blob \| blame \| history