From: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
To: dev@dpdk.org
Cc: rasland@nvidia.com, Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
Subject: [PATCH] net/mlx5: fix segfault on indirect action age query with conntrack
Date: Tue, 24 Jun 2025 01:10:15 -0400 [thread overview]
Message-ID: <20250624051015.3145137-1-14pwcse1224@uetpeshawar.edu.pk> (raw)
This patch fixes a segmentation fault that occurs when querying the
age action of an indirect flow rule using connection tracking.
Steps to reproduce:
1. Create an indirect action:
flow indirect_action 0 create ingress action conntrack / end
2. Create a root flow rule with a jump:
flow create 0 ingress pattern eth / ipv4 / tcp / end /
actions jump group 3 / end
3. Create a group 3 rule using the indirect action:
flow create 0 group 3 ingress pattern eth / ipv4 / tcp / end /
actions indirect 0 / jump group 5 / end
4. Create a group 5 rule matching on conntrack state:
flow create 0 group 5 ingress pattern eth / ipv4 / tcp /
conntrack is 1 / end actions queue index 5 / end
5. Querying the first rule causes a segmentation fault:
flow query 0 1 age
This patch ensures proper handling of the indirect action with
conntrack to prevent this crash.
Signed-off-by: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
---
.mailmap | 1 +
drivers/net/mlx5/mlx5_flow.c | 2 ++
drivers/net/mlx5/mlx5_flow_dv.c | 5 +++++
3 files changed, 8 insertions(+)
diff --git a/.mailmap b/.mailmap
index 8483d96ec5..5c9ea95346 100644
--- a/.mailmap
+++ b/.mailmap
@@ -812,6 +812,7 @@ Kevin Scott <kevin.c.scott@intel.com>
Kevin Traynor <ktraynor@redhat.com>
Ke Xu <ke1.xu@intel.com>
Ke Zhang <ke1x.zhang@intel.com>
+Khadem Ullah <14pwcse@uetpeshawar.edu.pk>
Khoa To <khot@microsoft.com>
Kiran KN <kirankn@juniper.net>
Kiran Kumar K <kirankumark@marvell.com> <kkokkilagadda@caviumnetworks.com> <kiran.kokkilagadda@caviumnetworks.com>
diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index 3d49a2d833..5c799ea4ce 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -4550,6 +4550,8 @@ flow_aso_age_get_by_idx(struct rte_eth_dev *dev, uint32_t age_idx)
struct mlx5_aso_age_pool *pool;
rte_rwlock_read_lock(&mng->resize_rwl);
+ if (mng->pools == NULL)
+ return NULL;
pool = mng->pools[pool_idx];
rte_rwlock_read_unlock(&mng->resize_rwl);
return &pool->actions[offset - 1];
diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c
index c217634d9b..f81ce20385 100644
--- a/drivers/net/mlx5/mlx5_flow_dv.c
+++ b/drivers/net/mlx5/mlx5_flow_dv.c
@@ -18086,6 +18086,11 @@ flow_dv_query_age(struct rte_eth_dev *dev, struct rte_flow *flow,
if (flow->age) {
struct mlx5_aso_age_action *act =
flow_aso_age_get_by_idx(dev, flow->age);
+ if (!act)
+ return rte_flow_error_set
+ (error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
+ NULL, "cannot read age data");
age_param = &act->age_params;
} else if (flow->counter) {
--
2.43.0
reply other threads:[~2025-06-24 11:27 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250624051015.3145137-1-14pwcse1224@uetpeshawar.edu.pk \
--to=14pwcse1224@uetpeshawar.edu.pk \
--cc=dev@dpdk.org \
--cc=rasland@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).