From: luca.boccassi@gmail.com
To: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
Cc: Dariusz Sosnowski <dsosnowski@nvidia.com>, dpdk stable <stable@dpdk.org>
Subject: patch 'net/mlx5: fix connection tracking state item validation' has been queued to stable release 22.11.11
Date: Mon, 27 Oct 2025 16:18:58 +0000 [thread overview]
Message-ID: <20251027162001.3710450-20-luca.boccassi@gmail.com> (raw)
In-Reply-To: <20251027162001.3710450-1-luca.boccassi@gmail.com>
Hi,
FYI, your patch has been queued to stable release 22.11.11
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 10/29/25. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable
This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/22388ebd621d3554ab259e159f4f0964702ecc7e
Thanks.
Luca Boccassi
---
From 22388ebd621d3554ab259e159f4f0964702ecc7e Mon Sep 17 00:00:00 2001
From: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
Date: Thu, 14 Aug 2025 06:16:01 -0400
Subject: [PATCH] net/mlx5: fix connection tracking state item validation
[ upstream commit 179e70fd7ad2027705b42e7416d436d299eca78c ]
This patch validate a connection tracking state when matching
'conntrack is' in rte_flow rules. Since conntrack item flags
is a bitmap, then any combination of RTE_FLOW_CONNTRACK_PKT_STATE_*
flags is a valid value to match on.
This patch validate the CT state item.
Fixes: aca19061e4b9 ("net/mlx5: validate connection tracking item")
Signed-off-by: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
Acked-by: Dariusz Sosnowski <dsosnowski@nvidia.com>
---
drivers/net/mlx5/mlx5_flow.h | 5 +++++
drivers/net/mlx5/mlx5_flow_dv.c | 5 +++++
2 files changed, 10 insertions(+)
diff --git a/drivers/net/mlx5/mlx5_flow.h b/drivers/net/mlx5/mlx5_flow.h
index eb7040ee4d..3a23954697 100644
--- a/drivers/net/mlx5/mlx5_flow.h
+++ b/drivers/net/mlx5/mlx5_flow.h
@@ -95,6 +95,11 @@ enum {
#define MLX5_ACTION_CTX_CT_GET_OWNER MLX5_INDIRECT_ACT_CT_GET_OWNER
#define MLX5_ACTION_CTX_CT_GEN_IDX MLX5_INDIRECT_ACT_CT_GEN_IDX
+#define MLX5_FLOW_CONNTRACK_PKT_STATE_ALL \
+ (RTE_FLOW_CONNTRACK_PKT_STATE_VALID | RTE_FLOW_CONNTRACK_PKT_STATE_CHANGED | \
+ RTE_FLOW_CONNTRACK_PKT_STATE_INVALID | RTE_FLOW_CONNTRACK_PKT_STATE_DISABLED | \
+ RTE_FLOW_CONNTRACK_PKT_STATE_BAD)
+
/* Matches on selected register. */
struct mlx5_rte_flow_item_tag {
enum modify_reg id;
diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c
index f3a76f9e93..ff8d58db64 100644
--- a/drivers/net/mlx5/mlx5_flow_dv.c
+++ b/drivers/net/mlx5/mlx5_flow_dv.c
@@ -2862,6 +2862,11 @@ flow_dv_validate_item_aso_ct(struct rte_eth_dev *dev,
return rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM, NULL,
"Conflict status bits");
+ if (spec->flags & ~MLX5_FLOW_CONNTRACK_PKT_STATE_ALL)
+ return rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ITEM,
+ NULL,
+ "Invalid CT item flags");
/* State change also needs to be considered. */
*item_flags |= MLX5_FLOW_LAYER_ASO_CT;
return 0;
--
2.47.3
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2025-10-27 15:54:35.576474552 +0000
+++ 0020-net-mlx5-fix-connection-tracking-state-item-validati.patch 2025-10-27 15:54:34.767948846 +0000
@@ -1 +1 @@
-From 179e70fd7ad2027705b42e7416d436d299eca78c Mon Sep 17 00:00:00 2001
+From 22388ebd621d3554ab259e159f4f0964702ecc7e Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 179e70fd7ad2027705b42e7416d436d299eca78c ]
+
@@ -14 +15,0 @@
-Cc: stable@dpdk.org
@@ -19,4 +20,3 @@
- drivers/net/mlx5/mlx5_flow.h | 5 +++++
- drivers/net/mlx5/mlx5_flow_dv.c | 5 +++++
- drivers/net/mlx5/mlx5_flow_hw.c | 10 ++++++++++
- 3 files changed, 20 insertions(+)
+ drivers/net/mlx5/mlx5_flow.h | 5 +++++
+ drivers/net/mlx5/mlx5_flow_dv.c | 5 +++++
+ 2 files changed, 10 insertions(+)
@@ -25 +25 @@
-index e890e732c3..ed0c1fcfd2 100644
+index eb7040ee4d..3a23954697 100644
@@ -28,3 +28,3 @@
-@@ -100,6 +100,11 @@ enum mlx5_indirect_type {
- #define MLX5_INDIRECT_ACT_CT_GET_IDX(index) \
- ((index) & ((1 << MLX5_INDIRECT_ACT_CT_OWNER_SHIFT) - 1))
+@@ -95,6 +95,11 @@ enum {
+ #define MLX5_ACTION_CTX_CT_GET_OWNER MLX5_INDIRECT_ACT_CT_GET_OWNER
+ #define MLX5_ACTION_CTX_CT_GEN_IDX MLX5_INDIRECT_ACT_CT_GEN_IDX
@@ -37,3 +37,3 @@
- /*
- * When HW steering flow engine is used, the CT action handles are encoded in a following way:
- * - bits 31:29 - type
+ /* Matches on selected register. */
+ struct mlx5_rte_flow_item_tag {
+ enum modify_reg id;
@@ -41 +41 @@
-index 7b9e5018b8..f673637e7d 100644
+index f3a76f9e93..ff8d58db64 100644
@@ -44,10 +44,9 @@
-@@ -3289,6 +3289,11 @@ mlx5_flow_dv_validate_item_aso_ct(struct rte_eth_dev *dev,
- RTE_FLOW_ERROR_TYPE_ITEM,
- NULL,
- "Conflict status bits");
-+ if (spec->flags & ~MLX5_FLOW_CONNTRACK_PKT_STATE_ALL)
-+ return rte_flow_error_set(error, EINVAL,
-+ RTE_FLOW_ERROR_TYPE_ITEM,
-+ NULL,
-+ "Invalid CT item flags");
- }
+@@ -2862,6 +2862,11 @@ flow_dv_validate_item_aso_ct(struct rte_eth_dev *dev,
+ return rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ITEM, NULL,
+ "Conflict status bits");
++ if (spec->flags & ~MLX5_FLOW_CONNTRACK_PKT_STATE_ALL)
++ return rte_flow_error_set(error, EINVAL,
++ RTE_FLOW_ERROR_TYPE_ITEM,
++ NULL,
++ "Invalid CT item flags");
@@ -56,28 +55 @@
-diff --git a/drivers/net/mlx5/mlx5_flow_hw.c b/drivers/net/mlx5/mlx5_flow_hw.c
-index 3da8d93454..bca396a9ab 100644
---- a/drivers/net/mlx5/mlx5_flow_hw.c
-+++ b/drivers/net/mlx5/mlx5_flow_hw.c
-@@ -17010,6 +17010,7 @@ flow_hw_validate_rule_pattern(struct rte_eth_dev *dev,
- switch (items->type) {
- const struct rte_flow_item_ethdev *ethdev;
- const struct rte_flow_item_tx_queue *tx_queue;
-+ const struct rte_flow_item_conntrack *spec;
- struct mlx5_txq_ctrl *txq;
-
- case RTE_FLOW_ITEM_TYPE_REPRESENTED_PORT:
-@@ -17030,6 +17031,15 @@ flow_hw_validate_rule_pattern(struct rte_eth_dev *dev,
- RTE_FLOW_ERROR_TYPE_ITEM_SPEC, items,
- "Invalid Tx queue");
- mlx5_txq_release(dev, tx_queue->tx_queue);
-+ break;
-+ case RTE_FLOW_ITEM_TYPE_CONNTRACK:
-+ spec = items->spec;
-+ if (spec->flags & ~MLX5_FLOW_CONNTRACK_PKT_STATE_ALL)
-+ return rte_flow_error_set(error, EINVAL,
-+ RTE_FLOW_ERROR_TYPE_ITEM,
-+ NULL,
-+ "Invalid CT item flags");
-+ break;
- default:
- break;
- }
+ return 0;
next prev parent reply other threads:[~2025-10-27 16:21 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-27 16:18 patch 'net/gve: allocate Rx QPL pages using malloc' " luca.boccassi
2025-10-27 16:18 ` patch 'eal: fix plugin dir walk' " luca.boccassi
2025-10-27 16:18 ` patch 'cmdline: fix port list parsing' " luca.boccassi
2025-10-27 16:18 ` patch 'cmdline: fix highest bit " luca.boccassi
2025-10-27 16:18 ` patch 'tailq: fix lookup macro' " luca.boccassi
2025-10-27 16:18 ` patch 'hash: fix unaligned access in predictable RSS' " luca.boccassi
2025-10-27 16:18 ` patch 'graph: fix unaligned access in stats' " luca.boccassi
2025-10-27 16:18 ` patch 'eventdev: fix listing timer adapters with telemetry' " luca.boccassi
2025-10-27 16:18 ` patch 'cfgfile: fix section count with no name' " luca.boccassi
2025-10-27 16:18 ` patch 'net/vmxnet3: fix mapping of mempools to queues' " luca.boccassi
2025-10-27 16:18 ` patch 'app/testpmd: increase size of set cores list command' " luca.boccassi
2025-10-27 16:18 ` patch 'net/dpaa2: fix shaper rate' " luca.boccassi
2025-10-27 16:18 ` patch 'app/testpmd: monitor state of primary process' " luca.boccassi
2025-10-27 16:18 ` patch 'app/testpmd: fix conntrack action query' " luca.boccassi
2025-10-27 16:18 ` patch 'doc: add conntrack state inspect command to testpmd guide' " luca.boccassi
2025-10-27 16:18 ` patch 'app/testpmd: validate DSCP and VLAN for meter creation' " luca.boccassi
2025-10-27 16:18 ` patch 'net/mlx5: fix min and max MTU reporting' " luca.boccassi
2025-10-27 16:18 ` patch 'net/mlx5: fix unsupported flow rule port action' " luca.boccassi
2025-10-27 16:18 ` patch 'net/mlx5: fix non-template age rules flush' " luca.boccassi
2025-10-27 16:18 ` luca.boccassi [this message]
2025-10-27 16:18 ` patch 'net/mlx5: fix indirect flow age action handling' " luca.boccassi
2025-10-27 16:19 ` patch 'net/mlx5: fix Direct Verbs counter offset detection' " luca.boccassi
2025-10-27 16:19 ` patch 'net/mlx5: fix interface name parameter definition' " luca.boccassi
2025-10-27 16:19 ` patch 'net/intel: fix assumption about tag placement order' " luca.boccassi
2025-10-27 16:19 ` patch 'net/ice/base: fix adding special words' " luca.boccassi
2025-10-27 16:19 ` patch 'net/ice/base: fix memory leak in HW profile handling' " luca.boccassi
2025-10-27 16:19 ` patch 'net/ice/base: fix memory leak in recipe " luca.boccassi
2025-10-27 16:19 ` patch 'eal: fix DMA mask validation with IOVA mode option' " luca.boccassi
2025-10-27 16:19 ` patch 'eal: fix MP socket cleanup' " luca.boccassi
2025-10-27 16:19 ` patch 'crypto/ipsec_mb: fix QP release in secondary' " luca.boccassi
2025-10-27 16:19 ` patch 'efd: fix AVX2 support' " luca.boccassi
2025-10-27 16:19 ` patch 'common/cnxk: fix async event handling' " luca.boccassi
2025-10-27 16:19 ` patch 'doc: fix feature list of ice driver' " luca.boccassi
2025-10-27 16:19 ` patch 'doc: fix feature list of iavf " luca.boccassi
2025-10-27 16:19 ` patch 'baseband/acc: fix exported header' " luca.boccassi
2025-10-27 16:19 ` patch 'gpudev: fix driver header for Windows' " luca.boccassi
2025-10-27 16:19 ` patch 'drivers: fix some exported headers' " luca.boccassi
2025-10-27 16:19 ` patch 'test/debug: fix crash with mlx5 devices' " luca.boccassi
2025-10-27 16:19 ` patch 'bus/pci: fix build with MinGW 13' " luca.boccassi
2025-10-27 16:19 ` patch 'net/mlx5: " luca.boccassi
2025-10-27 16:19 ` patch 'dma/hisilicon: fix stop with pending transfers' " luca.boccassi
2025-10-27 16:19 ` patch 'test/dma: fix failure condition' " luca.boccassi
2025-10-27 16:19 ` patch 'fib6: fix tbl8 allocation check logic' " luca.boccassi
2025-10-27 16:19 ` patch 'vhost: fix double fetch when dequeue offloading' " luca.boccassi
2025-10-27 16:19 ` patch 'net/ice/base: fix integer overflow on NVM init' " luca.boccassi
2025-10-27 16:19 ` patch 'net/ice: fix initialization with 8 ports' " luca.boccassi
2025-10-27 16:19 ` patch 'net/ice: remove indirection for FDIR filters' " luca.boccassi
2025-10-27 16:19 ` patch 'net/ice: fix memory leak in raw pattern parse' " luca.boccassi
2025-10-27 16:19 ` patch 'net/i40e: fix symmetric Toeplitz hashing for SCTP' " luca.boccassi
2025-10-27 16:19 ` patch 'net/mlx5: fix multicast' " luca.boccassi
2025-10-27 16:19 ` patch 'net/mlx5: fix MTU initialization' " luca.boccassi
2025-10-27 16:19 ` patch 'net/mlx5: fix leak of flow indexed pools' " luca.boccassi
2025-10-27 16:19 ` patch 'net/hns3: fix inconsistent lock' " luca.boccassi
2025-10-27 16:19 ` patch 'net/hns3: fix VLAN resources freeing' " luca.boccassi
2025-10-27 16:19 ` patch 'net/af_packet: fix crash in secondary process' " luca.boccassi
2025-10-27 16:19 ` patch 'net/ark: remove double mbuf free' " luca.boccassi
2025-10-27 16:19 ` patch 'net/hns3: fix VLAN tag loss for short tunnel frame' " luca.boccassi
2025-10-27 16:19 ` patch 'ethdev: fix VLAN filter parameter description' " luca.boccassi
2025-10-27 16:19 ` patch 'net/enetfec: fix file descriptor leak on read error' " luca.boccassi
2025-10-27 16:19 ` patch 'net/enetfec: fix out-of-bounds access in UIO mapping' " luca.boccassi
2025-10-27 16:19 ` patch 'net/enetfec: fix buffer descriptor size configuration' " luca.boccassi
2025-10-27 16:19 ` patch 'net/enetfec: fix Tx queue free' " luca.boccassi
2025-10-27 16:19 ` patch 'net/enetfec: fix checksum flag handling and error return' " luca.boccassi
2025-10-27 16:19 ` patch 'net/enetfec: reject multi-queue configuration' " luca.boccassi
2025-10-27 16:19 ` patch 'net/enetfec: fix memory leak in Rx buffer cleanup' " luca.boccassi
2025-10-27 16:19 ` patch 'net/enetfec: reject Tx deferred queue' " luca.boccassi
2025-10-27 16:19 ` patch 'net/tap: fix interrupt callback crash after failed start' " luca.boccassi
2025-10-27 16:19 ` patch 'net/ena: fix PCI BAR mapping on 64K page size' " luca.boccassi
2025-10-27 16:19 ` patch 'net/ena/base: fix unsafe memcpy on invalid memory' " luca.boccassi
2025-10-27 16:19 ` patch 'net/dpaa2: fix uninitialized variable' " luca.boccassi
2025-10-27 16:19 ` patch 'net/dpaa2: fix L3/L4 checksum results' " luca.boccassi
2025-10-27 16:19 ` patch 'net/dpaa2: receive packets with additional parse errors' " luca.boccassi
2025-10-27 16:19 ` patch 'crypto/qat: fix source buffer alignment' " luca.boccassi
2025-10-27 16:19 ` patch 'crypto/cnxk: refactor RSA verification' " luca.boccassi
2025-10-27 16:19 ` patch 'test/crypto: fix mbuf handling' " luca.boccassi
2025-10-27 16:19 ` patch 'app/crypto-perf: fix plaintext size exceeds buffer size' " luca.boccassi
2025-10-27 16:19 ` patch 'test/crypto: fix vector initialization' " luca.boccassi
2025-10-27 16:19 ` patch 'crypto/virtio: fix cookies leak' " luca.boccassi
2025-10-27 16:19 ` patch 'sched: fix WRR parameter data type' " luca.boccassi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251027162001.3710450-20-luca.boccassi@gmail.com \
--to=luca.boccassi@gmail.com \
--cc=14pwcse1224@uetpeshawar.edu.pk \
--cc=dsosnowski@nvidia.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).