bnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the
firmware response in ctxm->type and later uses that value to index
fixed backing-store metadata arrays such as ctx_arr[] and
bnxt_bstore_to_trace[].
ctxm->type is fixed by the current backing-store query type and matches
the array index of ctx->ctx_arr. Avoid depending on resp->type and assign
ctxm->type from the current loop variable instead. Keep next_valid_type in
a dedicated variable so loop control stays clear for non-valid or
unchanged entries.
Fixes: 6a4d0774f02d ("bnxt_en: Add support for new backing store query firmware API")
Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
---
v6:
- assign ctxm->type from the current query type
- stop depending on resp->type
Link: https://lore.kernel.org/r/20260327010235.42668-1-pengpeng@iscas.ac.cn
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index 0751c0e4581a..db8152c66d32 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -8692,6 +8692,7 @@ static int bnxt_hwrm_func_backing_store_qcaps_v2(struct bnxt *bp)
u8 init_val, init_off, i;
u32 max_entries;
u16 entry_size;
+ u16 next_type;
__le32 *p;
u32 flags;
@@ -8700,22 +8701,24 @@ static int bnxt_hwrm_func_backing_store_qcaps_v2(struct bnxt *bp)
if (rc)
goto ctx_done;
flags = le32_to_cpu(resp->flags);
- type = le16_to_cpu(resp->next_valid_type);
+ next_type = le16_to_cpu(resp->next_valid_type);
if (!(flags & BNXT_CTX_MEM_TYPE_VALID)) {
bnxt_free_one_ctx_mem(bp, ctxm, true);
+ type = next_type;
continue;
}
entry_size = le16_to_cpu(resp->entry_size);
max_entries = le32_to_cpu(resp->max_num_entries);
if (ctxm->mem_valid) {
- if (!(flags & BNXT_CTX_MEM_PERSIST) ||
- ctxm->entry_size != entry_size ||
- ctxm->max_entries != max_entries)
- bnxt_free_one_ctx_mem(bp, ctxm, true);
- else
+ if ((flags & BNXT_CTX_MEM_PERSIST) &&
+ ctxm->entry_size == entry_size &&
+ ctxm->max_entries == max_entries) {
+ type = next_type;
continue;
+ }
+ bnxt_free_one_ctx_mem(bp, ctxm, true);
}
- ctxm->type = le16_to_cpu(resp->type);
+ ctxm->type = type;
ctxm->entry_size = entry_size;
ctxm->flags = flags;
ctxm->instance_bmap = le32_to_cpu(resp->instance_bit_map);
@@ -8731,6 +8734,7 @@ static int bnxt_hwrm_func_backing_store_qcaps_v2(struct bnxt *bp)
for (i = 0, p = &resp->split_entry_0; i < ctxm->split_entry_cnt;
i++, p++)
ctxm->split[i] = le32_to_cpu(*p);
+ type = next_type;
}
rc = bnxt_alloc_all_ctx_pg_info(bp, BNXT_CTX_V2_MAX);
--
2.50.1 (Apple Git-155)On Fri, Mar 27, 2026 at 11:08 PM Pengpeng Hou <pengpeng@iscas.ac.cn> wrote:
>
> bnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the
> firmware response in ctxm->type and later uses that value to index
> fixed backing-store metadata arrays such as ctx_arr[] and
> bnxt_bstore_to_trace[].
>
> ctxm->type is fixed by the current backing-store query type and matches
> the array index of ctx->ctx_arr. Avoid depending on resp->type and assign
> ctxm->type from the current loop variable instead. Keep next_valid_type in
> a dedicated variable so loop control stays clear for non-valid or
> unchanged entries.
Please change the title of the commit since you are not validating the
type in the FW response anymore.
> @@ -8700,22 +8701,24 @@ static int bnxt_hwrm_func_backing_store_qcaps_v2(struct bnxt *bp)
> if (rc)
> goto ctx_done;
> flags = le32_to_cpu(resp->flags);
> - type = le16_to_cpu(resp->next_valid_type);
> + next_type = le16_to_cpu(resp->next_valid_type);
> if (!(flags & BNXT_CTX_MEM_TYPE_VALID)) {
> bnxt_free_one_ctx_mem(bp, ctxm, true);
> + type = next_type;
You can just update type = next_type in the for loop statement instead
of updating it in 3 different places:
for (type = 0; type < BNXT_CTX_V2_MAX; type = next_type)
© 2016 - 2026 Red Hat, Inc.