From: luca.boccassi@gmail.com
To: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
Cc: Dariusz Sosnowski <dsosnowski@nvidia.com>, dpdk stable <stable@dpdk.org>
Subject: patch 'net/mlx5: fix crash on age query with indirect conntrack' has been queued to stable release 22.11.9
Date: Mon, 30 Jun 2025 13:25:32 +0100 [thread overview]
Message-ID: <20250630122556.1133654-2-luca.boccassi@gmail.com> (raw)
In-Reply-To: <20250630122556.1133654-1-luca.boccassi@gmail.com>
Hi,
FYI, your patch has been queued to stable release 22.11.9
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 07/02/25. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable
This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/ab74ac87bc7fe0554e3a2e0e6c94558647b9770d
Thanks.
Luca Boccassi
---
From ab74ac87bc7fe0554e3a2e0e6c94558647b9770d Mon Sep 17 00:00:00 2001
From: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
Date: Thu, 26 Jun 2025 09:07:02 -0400
Subject: [PATCH] net/mlx5: fix crash on age query with indirect conntrack
[ upstream commit 3bb6e3bf05284f0668e2ac14ce4b90a2909dff99 ]
This patch fixes a segmentation fault that occurs when querying the
AGE action of a flow rule that uses indirect connection tracking (CT).
Background:
AGE and CT indices share a union in the mlx5 flow struct. When using CT
without age, the age index is invalid. Querying AGE in this case leads
to a crash due to reading an invalid pointer.
Solution:
Add a check in `flow_dv_query()` to prevent AGE queries on indirect CT
actions. This is the correct fix rather than null-checking the pool.
Steps to reproduce:
1. Create an indirect CT action:
flow indirect_action 0 create ingress action conntrack / end
2. Create a root rule with jump:
flow create 0 ingress pattern eth / ipv4 / tcp / end actions jump group 3 / end
3. Create a group 3 rule using the indirect action:
flow create 0 group 3 ingress pattern eth / ipv4 / tcp / end actions indirect 0 / jump group 5 / end
4. Create a group 5 rule matching CT state:
flow create 0 group 5 ingress pattern eth / ipv4 / tcp / conntrack is 1 / end actions queue index 5 / end
5. Querying the first rule causes segfault:
flow query 0 1 age
Fixes: 2d084f69aa26 ("net/mlx5: add translation of connection tracking action")
Signed-off-by: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
Acked-by: Dariusz Sosnowski <dsosnowski@nvidia.com>
---
.mailmap | 1 +
drivers/net/mlx5/mlx5_flow_dv.c | 5 +++++
2 files changed, 6 insertions(+)
diff --git a/.mailmap b/.mailmap
index 7e6ada5733..9a89b1a12e 100644
--- a/.mailmap
+++ b/.mailmap
@@ -736,6 +736,7 @@ Kevin Scott <kevin.c.scott@intel.com>
Kevin Traynor <ktraynor@redhat.com>
Ke Xu <ke1.xu@intel.com>
Ke Zhang <ke1x.zhang@intel.com>
+Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
Khoa To <khot@microsoft.com>
Kiran KN <kirankn@juniper.net>
Kiran Kumar K <kirankumark@marvell.com>
diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c
index d11e39431f..f3a76f9e93 100644
--- a/drivers/net/mlx5/mlx5_flow_dv.c
+++ b/drivers/net/mlx5/mlx5_flow_dv.c
@@ -16950,6 +16950,11 @@ flow_dv_query(struct rte_eth_dev *dev,
error);
break;
case RTE_FLOW_ACTION_TYPE_AGE:
+ if (flow->indirect_type == MLX5_INDIRECT_ACTION_TYPE_CT)
+ return rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_ACTION,
+ actions,
+ "age not available");
ret = flow_dv_query_age(dev, flow, data, error);
break;
default:
--
2.47.2
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2025-06-30 13:21:21.850344929 +0100
+++ 0002-net-mlx5-fix-crash-on-age-query-with-indirect-conntr.patch 2025-06-30 13:21:21.739057181 +0100
@@ -1 +1 @@
-From 3bb6e3bf05284f0668e2ac14ce4b90a2909dff99 Mon Sep 17 00:00:00 2001
+From ab74ac87bc7fe0554e3a2e0e6c94558647b9770d Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 3bb6e3bf05284f0668e2ac14ce4b90a2909dff99 ]
+
@@ -35 +36,0 @@
-Cc: stable@dpdk.org
@@ -45 +46 @@
-index 8483d96ec5..6126f7e472 100644
+index 7e6ada5733..9a89b1a12e 100644
@@ -48 +49 @@
-@@ -812,6 +812,7 @@ Kevin Scott <kevin.c.scott@intel.com>
+@@ -736,6 +736,7 @@ Kevin Scott <kevin.c.scott@intel.com>
@@ -55 +56 @@
- Kiran Kumar K <kirankumark@marvell.com> <kkokkilagadda@caviumnetworks.com> <kiran.kokkilagadda@caviumnetworks.com>
+ Kiran Kumar K <kirankumark@marvell.com>
@@ -57 +58 @@
-index d555a9cdcb..7b9e5018b8 100644
+index d11e39431f..f3a76f9e93 100644
@@ -60 +61 @@
-@@ -18146,6 +18146,11 @@ flow_dv_query(struct rte_eth_dev *dev,
+@@ -16950,6 +16950,11 @@ flow_dv_query(struct rte_eth_dev *dev,
next prev parent reply other threads:[~2025-06-30 12:26 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-12 21:06 patch 'net/i40e/base: remove unused variables' " luca.boccassi
2025-06-12 21:06 ` patch 'ci: bump tested distributions in GHA' " luca.boccassi
2025-06-12 21:06 ` patch 'net/fm10k/base: fix compilation warnings' " luca.boccassi
2025-06-12 21:06 ` patch 'net/ixgbe/base: correct definition of endianness macro' " luca.boccassi
2025-06-12 21:06 ` patch 'net/ixgbe/base: fix compilation warnings' " luca.boccassi
2025-06-12 21:06 ` patch 'net/i40e/base: fix unused value " luca.boccassi
2025-06-12 21:06 ` patch 'net/i40e/base: fix compiler " luca.boccassi
2025-06-12 21:06 ` patch 'acl: fix build with GCC 15 on aarch64' " luca.boccassi
2025-06-12 21:06 ` patch 'eal/linux: improve ASLR check' " luca.boccassi
2025-06-12 21:06 ` patch 'net/e1000: fix xstats name' " luca.boccassi
2025-06-12 21:06 ` patch 'net/e1000: fix EEPROM dump' " luca.boccassi
2025-06-12 21:06 ` patch 'net/ixgbe: fix port mask default value in filter' " luca.boccassi
2025-06-12 21:06 ` patch 'net/e1000: fix igb Tx queue offloads capability' " luca.boccassi
2025-06-12 21:06 ` patch 'vhost/crypto: fix cipher data length' " luca.boccassi
2025-06-12 21:06 ` patch 'crypto/virtio: fix cipher data source " luca.boccassi
2025-06-12 21:06 ` patch 'app/crypto-perf: fix AAD offset alignment' " luca.boccassi
2025-06-12 21:06 ` patch 'crypto/qat: fix out-of-place header bytes in AEAD raw API' " luca.boccassi
2025-06-12 21:06 ` patch 'crypto/qat: fix out-of-place chain/cipher/auth headers' " luca.boccassi
2025-06-12 21:06 ` patch 'net/mlx5: fix header modify action on group 0' " luca.boccassi
2025-06-12 21:06 ` patch 'net/mlx5: validate GTP PSC QFI width' " luca.boccassi
2025-06-12 21:06 ` patch 'net/mlx5: fix counter service cleanup on init failure' " luca.boccassi
2025-06-12 21:06 ` patch 'net/mlx5: remove unsupported flow meter action in HWS' " luca.boccassi
2025-06-12 21:06 ` patch 'net/mlx5: fix maximal queue size query' " luca.boccassi
2025-06-12 21:06 ` patch 'net/mlx5: align PF and VF/SF MAC address handling' " luca.boccassi
2025-06-12 21:06 ` patch 'app/testpmd: fix RSS hash key update' " luca.boccassi
2025-06-12 21:06 ` patch 'net/af_xdp: fix use after free in zero-copy Tx' " luca.boccassi
2025-06-12 21:06 ` patch 'net/hns3: fix integer overflow in interrupt unmap' " luca.boccassi
2025-06-12 21:06 ` patch 'net/hns3: fix memory leak on failure' " luca.boccassi
2025-06-12 21:06 ` patch 'net/hns3: fix extra wait for link up' " luca.boccassi
2025-06-12 21:06 ` patch 'net/hns3: fix memory leak for indirect flow action' " luca.boccassi
2025-06-12 21:06 ` patch 'net/hns3: fix interrupt rollback' " luca.boccassi
2025-06-12 21:06 ` patch 'net/hns3: fix divide by zero' " luca.boccassi
2025-06-12 21:06 ` patch 'net/hns3: fix resources release on reset' " luca.boccassi
2025-06-12 21:06 ` patch 'net/qede: fix use after free' " luca.boccassi
2025-06-12 21:06 ` patch 'bus/fslmc: " luca.boccassi
2025-06-12 21:06 ` patch 'net/null: fix packet copy' " luca.boccassi
2025-06-12 21:06 ` patch 'bus/vmbus: align ring buffer data to page boundary' " luca.boccassi
2025-06-12 21:06 ` patch 'bus/vmbus: use Hyper-V page size' " luca.boccassi
2025-06-12 21:06 ` patch 'net/netvsc: " luca.boccassi
2025-06-12 21:06 ` patch 'net/netvsc: add stats counters from VF' " luca.boccassi
2025-06-12 21:06 ` patch 'app/testpmd: relax number of TCs in DCB command' " luca.boccassi
2025-06-12 21:06 ` patch 'net/mana: check vendor ID when probing RDMA device' " luca.boccassi
2025-06-12 21:07 ` patch 'net/hns3: fix CRC data segment' " luca.boccassi
2025-06-12 21:07 ` patch 'net/tap: fix qdisc add failure handling' " luca.boccassi
2025-06-12 21:07 ` patch 'net/mlx5: fix VLAN stripping on hairpin queue' " luca.boccassi
2025-06-12 21:07 ` patch 'mem: fix lockup on address space shortage' " luca.boccassi
2025-06-12 21:07 ` patch 'test/malloc: improve resiliency' " luca.boccassi
2025-06-12 21:07 ` patch 'trace: fix overflow in per-lcore trace buffer' " luca.boccassi
2025-06-12 21:07 ` patch 'common/cnxk: fix E-tag pattern parsing' " luca.boccassi
2025-06-12 21:07 ` patch 'common/cnxk: fix CQ tail drop' " luca.boccassi
2025-06-12 21:07 ` patch 'net/cnxk: fix descriptor count update on reconfig' " luca.boccassi
2025-06-12 21:07 ` patch 'ethdev: fix error struct in flow configure' " luca.boccassi
2025-06-12 21:07 ` patch 'net/ice/base: fix integer overflow' " luca.boccassi
2025-06-12 21:07 ` patch 'net/ice/base: fix typo in device ID description' " luca.boccassi
2025-06-12 21:07 ` patch 'common/dpaax: fix PDCP key command race condition' " luca.boccassi
2025-06-12 21:07 ` patch 'common/dpaax: fix PDCP AES only 12-bit SN' " luca.boccassi
2025-06-12 21:07 ` patch 'crypto/virtio: add request check on request side' " luca.boccassi
2025-06-12 21:07 ` patch 'crypto/virtio: fix driver cleanup' " luca.boccassi
2025-06-12 21:07 ` patch 'ethdev: keep promiscuous/allmulti value before disabling' " luca.boccassi
2025-06-12 21:07 ` patch 'eal: fix return value of lcore role' " luca.boccassi
2025-06-12 21:07 ` patch 'eal: warn if no lcore is available' " luca.boccassi
2025-06-12 21:07 ` patch 'bus: cleanup device lists' " luca.boccassi
2025-06-12 21:07 ` patch 'eal/linux: unregister alarm callback before free' " luca.boccassi
2025-06-12 21:07 ` patch 'eal/freebsd: " luca.boccassi
2025-06-12 21:07 ` patch 'bus/pci/bsd: fix device existence check' " luca.boccassi
2025-06-17 18:38 ` Jake Freeland
2025-06-12 21:07 ` patch 'power/intel_uncore: fix crash closing uninitialized driver' " luca.boccassi
2025-06-12 21:07 ` patch 'pcapng: fix null dereference in close' " luca.boccassi
2025-06-12 21:07 ` patch 'net/mlx5: avoid setting kernel MTU if not needed' " luca.boccassi
2025-06-12 21:07 ` patch 'net/mlx5: fix hypervisor detection in VLAN workaround' " luca.boccassi
2025-06-12 21:07 ` patch 'net/hns3: check requirement for hardware GRO' " luca.boccassi
2025-06-12 21:07 ` patch 'net/hns3: allow Tx vector when fast free not enabled' " luca.boccassi
2025-06-12 21:07 ` patch 'net/hns3: allow Rx vector mode with VLAN filter' " luca.boccassi
2025-06-30 12:25 ` patch 'common/mlx5: fix extraction of auxiliary device name' " luca.boccassi
2025-06-30 12:25 ` luca.boccassi [this message]
2025-07-02 15:32 ` patch 'net/mlx5: fix crash on age query with indirect conntrack' " Khadem Ullah
2025-06-30 12:25 ` patch 'net/mlx5: fix WQE size calculation for Tx queue' " luca.boccassi
2025-06-30 12:25 ` patch 'net/ixgbe: fix indentation' " luca.boccassi
2025-06-30 12:25 ` patch 'net/ice: fix querying RSS hash for DCF' " luca.boccassi
2025-06-30 12:25 ` patch 'net/iavf: fix VLAN strip setting after enabling filter' " luca.boccassi
2025-06-30 12:25 ` patch 'common/cnxk: fix null pointer checks' " luca.boccassi
2025-06-30 12:25 ` patch 'vhost: search virtqueues driver data in read-only area' " luca.boccassi
2025-06-30 12:25 ` patch 'net/virtio: fix check of threshold for Tx freeing' " luca.boccassi
2025-06-30 12:25 ` patch 'eal/unix: fix log message for madvise failure' " luca.boccassi
2025-06-30 12:25 ` patch 'common/cnxk: fix qsize in CPT iq enable' " luca.boccassi
2025-06-30 12:25 ` patch 'crypto/qat: fix out-of-place chain/cipher/auth headers' " luca.boccassi
2025-06-30 12:25 ` patch 'examples/ipsec-secgw: fix crash with IPv6' " luca.boccassi
2025-06-30 12:25 ` patch 'examples/ipsec-secgw: fix crash in event vector mode' " luca.boccassi
2025-06-30 12:25 ` patch 'test/crypto: fix auth and cipher case IV length' " luca.boccassi
2025-06-30 12:25 ` patch 'test/crypto: set to null after freeing operation' " luca.boccassi
2025-06-30 12:25 ` patch 'crypto/openssl: include private exponent in RSA session' " luca.boccassi
2025-06-30 12:25 ` patch 'test/crypto: fix RSA decrypt validation' " luca.boccassi
2025-06-30 12:25 ` patch 'event/dlb2: fix dequeue with CQ depth <= 16' " luca.boccassi
2025-06-30 12:25 ` patch 'event/dlb2: fix validaton of LDB port COS ID arguments' " luca.boccassi
2025-06-30 12:25 ` patch 'event/dlb2: fix num single link ports for DLB2.5' " luca.boccassi
2025-06-30 12:25 ` patch 'event/dlb2: fix default credits based on HW version' " luca.boccassi
2025-06-30 12:25 ` patch 'app/eventdev: fix number of releases sent during cleanup' " luca.boccassi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250630122556.1133654-2-luca.boccassi@gmail.com \
--to=luca.boccassi@gmail.com \
--cc=14pwcse1224@uetpeshawar.edu.pk \
--cc=dsosnowski@nvidia.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).