From: Gregory Etelson <getelson@nvidia.com>
To: <dev@dpdk.org>
Cc: <getelson@nvidia.com>, <mkashani@nvidia.com>,
<rasland@nvidia.com>, Dariusz Sosnowski <dsosnowski@nvidia.com>,
Viacheslav Ovsiienko <viacheslavo@nvidia.com>,
Bing Zhao <bingz@nvidia.com>, Ori Kam <orika@nvidia.com>,
Suanming Mou <suanmingm@nvidia.com>,
Matan Azrad <matan@nvidia.com>
Subject: [PATCH] net/mlx5: fix non-template sample action validation
Date: Thu, 6 Nov 2025 15:02:28 +0200 [thread overview]
Message-ID: <20251106130228.491915-1-getelson@nvidia.com> (raw)
The patch validates that sample actions include terminal action
Fixes: d986f04d6529 ("net/mlx5: add functions for non-template flow sample")
Signed-off-by: Gregory Etelson <getelson@nvidia.com>
---
drivers/net/mlx5/mlx5_flow.h | 3 +++
drivers/net/mlx5/mlx5_flow_hw.c | 4 ---
drivers/net/mlx5/mlx5_nta_sample.c | 43 +++++++++++++++++++++++++++++-
3 files changed, 45 insertions(+), 5 deletions(-)
diff --git a/drivers/net/mlx5/mlx5_flow.h b/drivers/net/mlx5/mlx5_flow.h
index 146d547f72..d4f4d5a8ef 100644
--- a/drivers/net/mlx5/mlx5_flow.h
+++ b/drivers/net/mlx5/mlx5_flow.h
@@ -21,6 +21,9 @@
#include "hws/mlx5dr.h"
#include "mlx5_tx.h"
+#define MLX5_HW_PORT_IS_PROXY(priv) \
+ (!!((priv)->sh->esw_mode && (priv)->master))
+
/* E-Switch Manager port, used for rte_flow_item_port_id. */
#define MLX5_PORT_ESW_MGR UINT32_MAX
diff --git a/drivers/net/mlx5/mlx5_flow_hw.c b/drivers/net/mlx5/mlx5_flow_hw.c
index ff68483a40..2d80c99c18 100644
--- a/drivers/net/mlx5/mlx5_flow_hw.c
+++ b/drivers/net/mlx5/mlx5_flow_hw.c
@@ -62,10 +62,6 @@ static struct rte_flow_fp_ops mlx5_flow_hw_fp_ops;
#define MLX5_HW_VLAN_PUSH_VID_IDX 1
#define MLX5_HW_VLAN_PUSH_PCP_IDX 2
-#define MLX5_HW_PORT_IS_PROXY(priv) \
- (!!((priv)->sh->esw_mode && (priv)->master))
-
-
struct mlx5_indlst_legacy {
struct mlx5_indirect_list indirect;
struct rte_flow_action_handle *handle;
diff --git a/drivers/net/mlx5/mlx5_nta_sample.c b/drivers/net/mlx5/mlx5_nta_sample.c
index 938108cf4c..0b7b3d0c8e 100644
--- a/drivers/net/mlx5/mlx5_nta_sample.c
+++ b/drivers/net/mlx5/mlx5_nta_sample.c
@@ -525,6 +525,42 @@ validate_prefix_actions(const struct rte_flow_action *actions)
return i < MLX5_HW_MAX_ACTS - 1;
}
+static bool
+validate_sample_terminal_actions(const struct rte_eth_dev *dev,
+ const struct rte_flow_attr *flow_attr,
+ const struct rte_flow_action *actions)
+{
+ uint32_t i;
+ const struct mlx5_priv *priv = dev->data->dev_private;
+ const struct rte_flow_action_ethdev *port = NULL;
+ bool is_proxy = MLX5_HW_PORT_IS_PROXY(priv);
+ const struct rte_flow_action *a = NULL;
+
+ for (i = 0; actions[i].type != RTE_FLOW_ACTION_TYPE_END; i++) {
+ if (actions[i].type != RTE_FLOW_ACTION_TYPE_VOID)
+ a = &actions[i];
+ }
+ if (a == NULL)
+ return false;
+ switch (a->type) {
+ case RTE_FLOW_ACTION_TYPE_JUMP:
+ case RTE_FLOW_ACTION_TYPE_QUEUE:
+ case RTE_FLOW_ACTION_TYPE_DROP:
+ case RTE_FLOW_ACTION_TYPE_REPRESENTED_PORT:
+ return true;
+ case RTE_FLOW_ACTION_TYPE_PORT_REPRESENTOR:
+ if (!is_proxy || !flow_attr->transfer)
+ return false;
+ port = a->conf;
+ if (!port || port->port_id != MLX5_REPRESENTED_PORT_ESW_MGR)
+ return false;
+ return true;
+ default:
+ break;
+ }
+ return false;
+}
+
static void
action_append(struct rte_flow_action *actions, const struct rte_flow_action *last)
{
@@ -829,10 +865,15 @@ mlx5_nta_sample_flow_list_create(struct rte_eth_dev *dev,
}
mlx5_nta_parse_sample_actions(actions, &sample, prefix_actions, suffix_actions);
if (!validate_prefix_actions(prefix_actions)) {
- rte_flow_error_set(error, -EINVAL, RTE_FLOW_ERROR_TYPE_ACTION,
+ rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ACTION,
NULL, "Too many actions");
return NULL;
}
+ if (!validate_sample_terminal_actions(dev, attr, sample)) {
+ rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ACTION,
+ NULL, "Invalid sample actions");
+ return NULL;
+ }
sample_conf = (const struct rte_flow_action_sample *)sample->conf;
sample_actions = (struct rte_flow_action *)(uintptr_t)sample_conf->actions;
mirror_entry = mlx5_create_nta_mirror(dev, attr, sample_actions,
--
2.51.0
reply other threads:[~2025-11-06 13:04 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251106130228.491915-1-getelson@nvidia.com \
--to=getelson@nvidia.com \
--cc=bingz@nvidia.com \
--cc=dev@dpdk.org \
--cc=dsosnowski@nvidia.com \
--cc=matan@nvidia.com \
--cc=mkashani@nvidia.com \
--cc=orika@nvidia.com \
--cc=rasland@nvidia.com \
--cc=suanmingm@nvidia.com \
--cc=viacheslavo@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).