On 2/3/26 5:11 PM, Simon Horman wrote:
This is an AI-generated review of your patch. The human sending this
email has considered the AI review valid, or at least plausible.
For local reproduction steps seehttps://netdev-ai.bots.linux.dev/ai-local.html
---
ice: dpll: Support E825-C SyncE and dynamic pin discovery
This patch implements SyncE support for the E825-C Ethernet controller
using the DPLL subsystem, with dynamic pin discovery via firmware (ACPI)
and asynchronous registration using the DPLL notifier chain.
diff --git a/drivers/net/ethernet/intel/ice/ice_dpll.c
b/drivers/net/ethernet/intel/ice/ice_dpll.c
index 4eca62688d83..a8c99e49bfae 100644
--- a/drivers/net/ethernet/intel/ice/ice_dpll.c
+++ b/drivers/net/ethernet/intel/ice/ice_dpll.c
[ ... ]
@@ -528,6 +529,92 @@ ice_dpll_pin_disable(struct ice_hw *hw, struct
ice_dpll_pin *pin,
return ret;
}
+/**
+ * ice_dpll_rclk_update - updates the state of rclk pin on a device
+ * @pf: private board struct
+ * @pin: pointer to a pin
+ * @port_num: port number
+ *
+ * Update struct holding pin states info, states are separate for each parent
+ *
+ * Context: Called under pf->dplls.lock
+ * Return:
+ * * 0 - OK
+ * * negative - error
+ */
+static int ice_dpll_rclk_update(struct ice_pf *pf, struct ice_dpll_pin *pin,
+ u8 port_num)
+{
+ int ret;
+
+ for (u8 parent = 0; parent < pf->dplls.rclk.num_parents; parent++) {
+ ret = ice_aq_get_phy_rec_clk_out(&pf->hw, &parent, &port_num,
+ &pin->flags[parent], NULL);
Is it safe to pass &parent as an output parameter when it's also the loop
counter? Looking at ice_aq_get_phy_rec_clk_out():
int ice_aq_get_phy_rec_clk_out(struct ice_hw *hw, u8 *phy_output, ...)
{
cmd->phy_output = *phy_output; // Read as input
status = ice_aq_send_cmd(hw, &desc, NULL, 0, NULL);
if (!status) {
*phy_output = cmd->phy_output; // Write back from firmware
...
The firmware could potentially return a different value than was sent,
which would be written back to 'parent', corrupting the loop counter.
This corrupted value is then used as an array index:
+ if (ret)
+ return ret;
+
+ ice_dpll_pin_store_state(pin, parent,
+ ICE_AQC_GET_PHY_REC_CLK_OUT_OUT_EN &
+ pin->flags[parent]);
Both pin->flags[parent] and pin->state[parent] (inside
ice_dpll_pin_store_state) could access out of bounds if firmware returns
a value >= ICE_DPLL_RCLK_NUM_MAX (which is 2).
Would it be safer to use a separate variable for the phy_output parameter
and validate that firmware echoes back the expected value?
Yes, there should be a separate variable like in previous code prior
this refactor...
<snip>
case ICE_DPLL_PIN_TYPE_RCLK_INPUT:
- for (parent = 0; parent < pf->dplls.rclk.num_parents;
- parent++) {
- u8 p = parent; <--- HERE
-
- ret = ice_aq_get_phy_rec_clk_out(&pf->hw, &p,
- &port_num,
-
&pin->flags[parent],
- NULL);
</snip>
Arek, I will fix it by myself.
Thanks,
Ivan
