On Wed, Nov 12, 2025 at 01:34:30PM -0600, Daniel Jurgens wrote:
...
> +static int setup_classifier(struct virtnet_ff *ff, struct virtnet_classifier
> *c)
> +{
> + int err;
> +
> + err = xa_alloc(&ff->classifiers, &c->id, c,
> + XA_LIMIT(0, le32_to_cpu(ff->ff_caps->classifiers_limit)
> - 1),
> + GFP_KERNEL);
Hi Daniel,
I am wondering if some sort of bounds checking should be done for
classifiers_limit. E.g. if it is 0, then this will set the
maximum limit to -1 (UINT_MAX), which seems somewhat large,
assuming classifiers_limit of 0 doesn't mean unlimited.
Flagged by Claude Code with https://github.com/masoncl/review-prompts/
> + if (err)
> + return err;
> +
> + err = virtio_admin_obj_create(ff->vdev,
> + VIRTIO_NET_RESOURCE_OBJ_FF_CLASSIFIER,
> + c->id,
> + VIRTIO_ADMIN_GROUP_TYPE_SELF,
> + 0,
> + &c->classifier,
> + c->size);
> + if (err)
> + goto err_xarray;
> +
> + return 0;
> +
> +err_xarray:
> + xa_erase(&ff->classifiers, c->id);
> +
> + return err;
> +}
...
> +static int virtnet_ethtool_flow_insert(struct virtnet_ff *ff,
> + struct ethtool_rx_flow_spec *fs,
> + u16 curr_queue_pairs)
> +{
> + struct virtnet_ethtool_rule *eth_rule;
> + int err;
> +
> + if (!ff->ff_supported)
> + return -EOPNOTSUPP;
> +
> + err = validate_flow_input(ff, fs, curr_queue_pairs);
> + if (err)
> + return err;
> +
> + eth_rule = kzalloc(sizeof(*eth_rule), GFP_KERNEL);
> + if (!eth_rule)
> + return -ENOMEM;
> +
> + err = xa_alloc(&ff->ethtool.rules, &fs->location, eth_rule,
> + XA_LIMIT(0, le32_to_cpu(ff->ff_caps->rules_limit) - 1),
> + GFP_KERNEL);
Likewise for rules_limit.
> + if (err)
> + goto err_rule;
> +
> + eth_rule->flow_spec = *fs;
> +
> + err = build_and_insert(ff, eth_rule);
> + if (err)
> + goto err_xa;
> +
> + return err;
> +
> +err_xa:
> + xa_erase(&ff->ethtool.rules, eth_rule->flow_spec.location);
> +
> +err_rule:
> + fs->location = RX_CLS_LOC_ANY;
> + kfree(eth_rule);
> +
> + return err;
> +}
...
