[PATCH] net/mlx5: fix ASan issue in RSS flow creation

DPDK patches and discussions
 help / color / mirror / Atom feed

* [PATCH] net/mlx5: fix ASan issue in RSS flow creation
@ 2025-08-05 13:20 Maayan Kashani
  0 siblings, 0 replies; only message in thread
From: Maayan Kashani @ 2025-08-05 13:20 UTC (permalink / raw)
  To: dev
  Cc: mkashani, rasland, stable, Dariusz Sosnowski,
	Viacheslav Ovsiienko, Bing Zhao, Ori Kam, Suanming Mou,
	Matan Azrad, Gregory Etelson

This patch addresses AddressSanitizer (ASan) stack-use-after-scope
issues occurring during RSS flow creation in the MLX5 driver.
The root cause stemmed from the use of compound literals to
initialize flow action configurations, which could result in
pointers to temporary stack memory being retained in flow structures.
When these pointers were later accessed during flow conversion,
the underlying stack memory was no longer valid,
leading to ASAN-detected errors.

Modifications:
In mlx5_hw_rss_ptype_create_base_flow(),
the struct rte_flow_action_jump is now constructed
at the start of the function, rather than within the do statement.
This ensures a persistent stack allocation for the structure,
preventing use-after-scope situations.

This change eliminates the following ASan errors:
stack-use-after-scope reported in rte_flow_conv_copy

Fixes: ae67e3c43dd5 ("net/mlx5: support RSS expansion in non-template HWS setup")
Cc: stable@dpdk.org

Signed-off-by: Maayan Kashani <mkashani@nvidia.com>
Acked-by: Dariusz Sosnowski <dsosnowski@nvidia.com>
---
 drivers/net/mlx5/mlx5_nta_rss.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/net/mlx5/mlx5_nta_rss.c b/drivers/net/mlx5/mlx5_nta_rss.c
index 8f005104454..1d2940a370d 100644
--- a/drivers/net/mlx5/mlx5_nta_rss.c
+++ b/drivers/net/mlx5/mlx5_nta_rss.c
@@ -320,6 +320,9 @@ mlx5_hw_rss_ptype_create_base_flow(struct rte_eth_dev *dev,
 	struct rte_flow_hw *flow = NULL;
 	struct rte_flow_action actions[MLX5_HW_MAX_ACTS];
 	enum mlx5_indirect_type indirect_type;
+	const struct rte_flow_action_jump jump_conf = {
+		.group = ptype_group
+	};
 
 	do {
 		switch (orig_actions[i].type) {
@@ -334,9 +337,7 @@ mlx5_hw_rss_ptype_create_base_flow(struct rte_eth_dev *dev,
 			/* Fall through */
 		case RTE_FLOW_ACTION_TYPE_RSS:
 			actions[i].type = RTE_FLOW_ACTION_TYPE_JUMP;
-			actions[i].conf = &(const struct rte_flow_action_jump) {
-				.group = ptype_group
-			};
+			actions[i].conf = &jump_conf;
 			break;
 		default:
 			actions[i] = orig_actions[i];
-- 
2.21.0


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2025-08-05 13:21 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-08-05 13:20 [PATCH] net/mlx5: fix ASan issue in RSS flow creation Maayan Kashani

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).