From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6B4D5489EF for ; Mon, 27 Oct 2025 17:21:05 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 66D524065F; Mon, 27 Oct 2025 17:21:05 +0100 (CET) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mails.dpdk.org (Postfix) with ESMTP id A24274065F for ; Mon, 27 Oct 2025 17:21:04 +0100 (CET) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-475dd54d7cdso7774545e9.1 for ; Mon, 27 Oct 2025 09:21:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761582064; x=1762186864; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CrD7y2B5Z67h5iIEv0uDzM/bguOXgKRSkvkA9VbKurE=; b=W44dUOqQJ1uSPVf44aryUchhR/Cu4InZTSyfa7Ws1nfTrmFshvQ5ARY9587h5a6XxL TJhAyWNANkPmZPMWc5416PlsOKn8qVfRIFPEEjBVMh0Y/n4xdqpJLP70owg6ut9ghEUi c0Trr3DNXt7LAXG+beSfcVtfJQu623veH+4uzAAsiiXWuiuSjlLlGE6M207bIsUSTfjJ s4hPhhn2cJHiBQ5Hq/y6hhUC/PX7HjhcaFpCnWqX3IKLWl7ehliuGsDOOb07gKksbPaG XZiE4zFvRaRAWiHgY5esQaHZd1pPE8+F9VzJxQmMn3Ui+gcPlfceJX4qIKE2jR9X/sq5 XGjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761582064; x=1762186864; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CrD7y2B5Z67h5iIEv0uDzM/bguOXgKRSkvkA9VbKurE=; b=bCUkoODtAZ+x1nHPMRwP00ZnUphvocdqFvlpVlcrU1mOHEis4Kd4Xcy6z85/WanMqz 2WPmVL8iR/kMZE2rcJDz5FYBH/K76UKn7SWMfoMpc3sOprNFY8YCexj0DDdmzhfyphEP EOoqglxdSBjZF7KsQFgj/NMwasM87xK5njhaS4ABSYISZK3OwxJU4RRo5SkA/SAq9dXA y8kSi90aUrfbS0yX2zNWViYuqLQwaP2Rfj7/tcTRvxnsv6+v+tc202lR5UcsG+GdI/r5 1p4NwRwo41HAsa5afcqZB8T1hSjS9dQl/0yiVnW7TlMRjXMVqLNBWCZLOniGwTdm5b05 qRLw== X-Forwarded-Encrypted: i=1; AJvYcCUuR1h5jYozz62dg2AClc/SCaUKrgwBU92jSI4+G0MNjW/e72ESHhWVl5pQ1pVe2zK9/vSAz0g=@dpdk.org X-Gm-Message-State: AOJu0YzqYxGqkEmmldDfyx0rSBpi0x6fg+H2K74wnqm4RdcRiHWOD5fS tDQ8VuZ/+EpBiClAy3ZthYoa37NSaW3K+hNKGoLgmMVFtlxQRE4zOLplDYyhlA== X-Gm-Gg: ASbGncssDr4tg3lIKYlJ56E7Gfdr683gTVGkpsxxOlom3wOZeT5EJsiktsGwBTQZwFg AZ9rIh7crhZmaf5teDTFux66+lyM5VTdhViBOM0iycpet3LSiGGQoApdX7N3+jsuqzfb3AFJ0h2 F4xQU1XkzkvfS+GXPtxK+3JtDadYrKyjEssUHCzlJ4rz3b3IgfHmV0elIPUSeoE5vis5huIbVQf V32Y+pfFvkLs821hTno87B2eIrt01t78FNCGvTuhi7kpnrbLqMcsYxbglVDGZTvXfFexmf/r3Iv w2uX4BSwglHG/qAZDqCf9nPFd5BEsR4Tbnc33UuKx92qEMGd2+94MVDoGR3DIhNgVkjqbVAfvui hVhzYTeWk+hDl0GSmJ6M015+yow1fl1Z/asshNT0aiJ+6sT6fp+4MbIdmEWMWfMg4snvgbXvzJc g7uObfVZklf4BrCHLy X-Google-Smtp-Source: AGHT+IFM2AWZglnsjh2EXesniO/WIDjFxhU+Z9JwRIGcFewAXWKUbBW7g5y5m4ZwZqnwLgjqNagwUg== X-Received: by 2002:a05:6000:26d2:b0:428:3ee0:6965 with SMTP id ffacd0b85a97d-429a7e8938cmr198284f8f.43.1761582064059; Mon, 27 Oct 2025 09:21:04 -0700 (PDT) Received: from localhost ([2a01:4b00:d036:ae00:6fc5:c3bc:147e:832c]) by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-429952b7b6fsm15217390f8f.1.2025.10.27.09.21.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Oct 2025 09:21:03 -0700 (PDT) From: luca.boccassi@gmail.com To: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk> Cc: Dariusz Sosnowski , dpdk stable Subject: patch 'net/mlx5: fix connection tracking state item validation' has been queued to stable release 22.11.11 Date: Mon, 27 Oct 2025 16:18:58 +0000 Message-ID: <20251027162001.3710450-20-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20251027162001.3710450-1-luca.boccassi@gmail.com> References: <20251027162001.3710450-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 22.11.11 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 10/29/25. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/22388ebd621d3554ab259e159f4f0964702ecc7e Thanks. Luca Boccassi --- >From 22388ebd621d3554ab259e159f4f0964702ecc7e Mon Sep 17 00:00:00 2001 From: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk> Date: Thu, 14 Aug 2025 06:16:01 -0400 Subject: [PATCH] net/mlx5: fix connection tracking state item validation [ upstream commit 179e70fd7ad2027705b42e7416d436d299eca78c ] This patch validate a connection tracking state when matching 'conntrack is' in rte_flow rules. Since conntrack item flags is a bitmap, then any combination of RTE_FLOW_CONNTRACK_PKT_STATE_* flags is a valid value to match on. This patch validate the CT state item. Fixes: aca19061e4b9 ("net/mlx5: validate connection tracking item") Signed-off-by: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk> Acked-by: Dariusz Sosnowski --- drivers/net/mlx5/mlx5_flow.h | 5 +++++ drivers/net/mlx5/mlx5_flow_dv.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/drivers/net/mlx5/mlx5_flow.h b/drivers/net/mlx5/mlx5_flow.h index eb7040ee4d..3a23954697 100644 --- a/drivers/net/mlx5/mlx5_flow.h +++ b/drivers/net/mlx5/mlx5_flow.h @@ -95,6 +95,11 @@ enum { #define MLX5_ACTION_CTX_CT_GET_OWNER MLX5_INDIRECT_ACT_CT_GET_OWNER #define MLX5_ACTION_CTX_CT_GEN_IDX MLX5_INDIRECT_ACT_CT_GEN_IDX +#define MLX5_FLOW_CONNTRACK_PKT_STATE_ALL \ + (RTE_FLOW_CONNTRACK_PKT_STATE_VALID | RTE_FLOW_CONNTRACK_PKT_STATE_CHANGED | \ + RTE_FLOW_CONNTRACK_PKT_STATE_INVALID | RTE_FLOW_CONNTRACK_PKT_STATE_DISABLED | \ + RTE_FLOW_CONNTRACK_PKT_STATE_BAD) + /* Matches on selected register. */ struct mlx5_rte_flow_item_tag { enum modify_reg id; diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c index f3a76f9e93..ff8d58db64 100644 --- a/drivers/net/mlx5/mlx5_flow_dv.c +++ b/drivers/net/mlx5/mlx5_flow_dv.c @@ -2862,6 +2862,11 @@ flow_dv_validate_item_aso_ct(struct rte_eth_dev *dev, return rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ITEM, NULL, "Conflict status bits"); + if (spec->flags & ~MLX5_FLOW_CONNTRACK_PKT_STATE_ALL) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, + NULL, + "Invalid CT item flags"); /* State change also needs to be considered. */ *item_flags |= MLX5_FLOW_LAYER_ASO_CT; return 0; -- 2.47.3 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2025-10-27 15:54:35.576474552 +0000 +++ 0020-net-mlx5-fix-connection-tracking-state-item-validati.patch 2025-10-27 15:54:34.767948846 +0000 @@ -1 +1 @@ -From 179e70fd7ad2027705b42e7416d436d299eca78c Mon Sep 17 00:00:00 2001 +From 22388ebd621d3554ab259e159f4f0964702ecc7e Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 179e70fd7ad2027705b42e7416d436d299eca78c ] + @@ -14 +15,0 @@ -Cc: stable@dpdk.org @@ -19,4 +20,3 @@ - drivers/net/mlx5/mlx5_flow.h | 5 +++++ - drivers/net/mlx5/mlx5_flow_dv.c | 5 +++++ - drivers/net/mlx5/mlx5_flow_hw.c | 10 ++++++++++ - 3 files changed, 20 insertions(+) + drivers/net/mlx5/mlx5_flow.h | 5 +++++ + drivers/net/mlx5/mlx5_flow_dv.c | 5 +++++ + 2 files changed, 10 insertions(+) @@ -25 +25 @@ -index e890e732c3..ed0c1fcfd2 100644 +index eb7040ee4d..3a23954697 100644 @@ -28,3 +28,3 @@ -@@ -100,6 +100,11 @@ enum mlx5_indirect_type { - #define MLX5_INDIRECT_ACT_CT_GET_IDX(index) \ - ((index) & ((1 << MLX5_INDIRECT_ACT_CT_OWNER_SHIFT) - 1)) +@@ -95,6 +95,11 @@ enum { + #define MLX5_ACTION_CTX_CT_GET_OWNER MLX5_INDIRECT_ACT_CT_GET_OWNER + #define MLX5_ACTION_CTX_CT_GEN_IDX MLX5_INDIRECT_ACT_CT_GEN_IDX @@ -37,3 +37,3 @@ - /* - * When HW steering flow engine is used, the CT action handles are encoded in a following way: - * - bits 31:29 - type + /* Matches on selected register. */ + struct mlx5_rte_flow_item_tag { + enum modify_reg id; @@ -41 +41 @@ -index 7b9e5018b8..f673637e7d 100644 +index f3a76f9e93..ff8d58db64 100644 @@ -44,10 +44,9 @@ -@@ -3289,6 +3289,11 @@ mlx5_flow_dv_validate_item_aso_ct(struct rte_eth_dev *dev, - RTE_FLOW_ERROR_TYPE_ITEM, - NULL, - "Conflict status bits"); -+ if (spec->flags & ~MLX5_FLOW_CONNTRACK_PKT_STATE_ALL) -+ return rte_flow_error_set(error, EINVAL, -+ RTE_FLOW_ERROR_TYPE_ITEM, -+ NULL, -+ "Invalid CT item flags"); - } +@@ -2862,6 +2862,11 @@ flow_dv_validate_item_aso_ct(struct rte_eth_dev *dev, + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, NULL, + "Conflict status bits"); ++ if (spec->flags & ~MLX5_FLOW_CONNTRACK_PKT_STATE_ALL) ++ return rte_flow_error_set(error, EINVAL, ++ RTE_FLOW_ERROR_TYPE_ITEM, ++ NULL, ++ "Invalid CT item flags"); @@ -56,28 +55 @@ -diff --git a/drivers/net/mlx5/mlx5_flow_hw.c b/drivers/net/mlx5/mlx5_flow_hw.c -index 3da8d93454..bca396a9ab 100644 ---- a/drivers/net/mlx5/mlx5_flow_hw.c -+++ b/drivers/net/mlx5/mlx5_flow_hw.c -@@ -17010,6 +17010,7 @@ flow_hw_validate_rule_pattern(struct rte_eth_dev *dev, - switch (items->type) { - const struct rte_flow_item_ethdev *ethdev; - const struct rte_flow_item_tx_queue *tx_queue; -+ const struct rte_flow_item_conntrack *spec; - struct mlx5_txq_ctrl *txq; - - case RTE_FLOW_ITEM_TYPE_REPRESENTED_PORT: -@@ -17030,6 +17031,15 @@ flow_hw_validate_rule_pattern(struct rte_eth_dev *dev, - RTE_FLOW_ERROR_TYPE_ITEM_SPEC, items, - "Invalid Tx queue"); - mlx5_txq_release(dev, tx_queue->tx_queue); -+ break; -+ case RTE_FLOW_ITEM_TYPE_CONNTRACK: -+ spec = items->spec; -+ if (spec->flags & ~MLX5_FLOW_CONNTRACK_PKT_STATE_ALL) -+ return rte_flow_error_set(error, EINVAL, -+ RTE_FLOW_ERROR_TYPE_ITEM, -+ NULL, -+ "Invalid CT item flags"); -+ break; - default: - break; - } + return 0;