From: Dariusz Sosnowski <dsosnowski@nvidia.com>
To: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
Cc: <dev@dpdk.org>, <rasland@nvidia.com>, <stable@dpdk.org>,
<viacheslavo@nvidia.com>, <bingz@nvidia.com>, <orika@nvidia.com>,
<suanmingm@nvidia.com>, <matan@nvidia.com>
Subject: Re: [PATCH v2] net/mlx5: fix segfault on indirect action age query with conntrack
Date: Thu, 26 Jun 2025 15:32:51 +0200 [thread overview]
Message-ID: <20250626133251.cfa7hd5tbclo3xjo@ds-vm-debian.local> (raw)
In-Reply-To: <20250626130702.3921887-1-14pwcse1224@uetpeshawar.edu.pk>
Thank you very much for changes and detailed descriptions.
It helped a lot during review.
Acked-by: Dariusz Sosnowski <dsosnowski@nvidia.com>
On Thu, Jun 26, 2025 at 09:07:02AM -0400, Khadem Ullah wrote:
> v2:
> - Added missing check for AGE + CT conflict in flow_dv_query().
> - Removed unnecessary null check from flow_aso_age_get_by_idx().
> - Added Fixes tag for LTS tracking.
> - Ensured .mailmap and Signed-off-by addresses match.
In case of any future contribution would you be able to put the changes
between versions in notes section of the patch?
You can find the details here: https://doc.dpdk.org/guides/contributing/patches.html#creating-patches
Also, in the future would you be able to send patches to all relevant
maintainers? We have a script, ./devtools/get-maintainer.sh,
which extracts the info from MAINTAINERS file.
You can find more info here: https://doc.dpdk.org/guides/contributing/patches.html#sending-patches
>
> This patch fixes a segmentation fault that occurs when querying the
> AGE action of a flow rule that uses indirect connection tracking (CT).
>
> Background:
> AGE and CT indices share a union in the mlx5 flow struct. When using CT
> without age, the age index is invalid. Querying AGE in this case leads
> to a crash due to reading an invalid pointer.
>
> Fix:
> Add a check in `flow_dv_query()` to prevent AGE queries on indirect CT
> actions. This is the correct fix rather than null-checking the pool.
>
> Steps to reproduce:
> 1. Create an indirect CT action:
> flow indirect_action 0 create ingress action conntrack / end
>
> 2. Create a root rule with jump:
> flow create 0 ingress pattern eth / ipv4 / tcp / end actions jump group 3 / end
>
> 3. Create a group 3 rule using the indirect action:
> flow create 0 group 3 ingress pattern eth / ipv4 / tcp / end actions indirect 0 / jump group 5 / end
>
> 4. Create a group 5 rule matching CT state:
> flow create 0 group 5 ingress pattern eth / ipv4 / tcp / conntrack is 1 / end actions queue index 5 / end
>
> 5. Querying the first rule causes segfault:
> flow query 0 1 age
>
> Fixes: 2d084f69aa26 ("net/mlx5: add translation of connection tracking action")
> Cc: stable@dpdk.org
>
> Signed-off-by: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
next prev parent reply other threads:[~2025-06-26 13:33 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-26 13:07 Khadem Ullah
2025-06-26 13:32 ` Dariusz Sosnowski [this message]
2025-06-26 14:29 ` Khadem Ullah
-- strict thread matches above, loose matches on Subject: below --
2025-06-24 5:10 [PATCH] " Khadem Ullah
2025-06-26 13:22 ` [PATCH v2] " Khadem Ullah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250626133251.cfa7hd5tbclo3xjo@ds-vm-debian.local \
--to=dsosnowski@nvidia.com \
--cc=14pwcse1224@uetpeshawar.edu.pk \
--cc=bingz@nvidia.com \
--cc=dev@dpdk.org \
--cc=matan@nvidia.com \
--cc=orika@nvidia.com \
--cc=rasland@nvidia.com \
--cc=stable@dpdk.org \
--cc=suanmingm@nvidia.com \
--cc=viacheslavo@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).