Thanks Pavan, that answers my question. I will drop this as a security issue and will not pursue the defensive data-path checks for bnxt_en. Thanks for clarifying the HW completion contract.
Regards, Taegu 2026년 6월 1일 (월) 오전 10:00, <[email protected]>님이 작성: > > Hello: > > This patch was applied to bpf/bpf-next.git (master) > by Alexei Starovoitov <[email protected]>: > > On Thu, 28 May 2026 15:21:55 +0900 you wrote: > > Global subprogram argument checking derives generic pointer sizes from BTF > > and passes the resolved size to check_mem_reg() as a u32. The access-size > > validation path then uses a signed int, and stack pointers negate the value > > before calling check_helper_mem_access(). > > > > This creates a wrap when BTF describes a pointee size larger than S32_MAX. > > For example, a global subprogram argument of type: > > > > [...] > > Here is the summary with links: > - [bpf-next,v3] bpf: reject overlarge global subprog argument sizes > https://git.kernel.org/bpf/bpf-next/c/de36adca6346 > > You are awesome, thank you! > -- > Deet-doot-dot, I am a bot. > https://korg.docs.kernel.org/patchwork/pwbot.html > >
