Re: [PATCH v2] net/mlx5: fix segfault on indirect action age query with conntrack

[Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>]

[-- Attachment #1: Type: text/plain, Size: 2937 bytes --]

Thank you very much for the review and Ack.

I’ll make sure to include version change notes under a notes section in
future patch versions, as per the contribution guide.

Also noted about maintainers, I had added them in v1 but missed them in v2.
I’ll make sure to always use `get-maintainer.sh` going forward.

Thanks again for the guidance and support.

Best regards,
Khadem Ullah


On Thu, Jun 26, 2025, 18:33 Dariusz Sosnowski <dsosnowski@nvidia.com> wrote:

> Thank you very much for changes and detailed descriptions.
> It helped a lot during review.
>
> Acked-by: Dariusz Sosnowski <dsosnowski@nvidia.com>
>
> On Thu, Jun 26, 2025 at 09:07:02AM -0400, Khadem Ullah wrote:
> > v2:
> >  - Added missing check for AGE + CT conflict in flow_dv_query().
> >  - Removed unnecessary null check from flow_aso_age_get_by_idx().
> >  - Added Fixes tag for LTS tracking.
> >  - Ensured .mailmap and Signed-off-by addresses match.
>
> In case of any future contribution would you be able to put the changes
> between versions in notes section of the patch?
> You can find the details here:
> https://doc.dpdk.org/guides/contributing/patches.html#creating-patches
>
> Also, in the future would you be able to send patches to all relevant
> maintainers? We have a script, ./devtools/get-maintainer.sh,
> which extracts the info from MAINTAINERS file.
> You can find more info here:
> https://doc.dpdk.org/guides/contributing/patches.html#sending-patches
>
> >
> > This patch fixes a segmentation fault that occurs when querying the
> > AGE action of a flow rule that uses indirect connection tracking (CT).
> >
> > Background:
> > AGE and CT indices share a union in the mlx5 flow struct. When using CT
> > without age, the age index is invalid. Querying AGE in this case leads
> > to a crash due to reading an invalid pointer.
> >
> > Fix:
> > Add a check in `flow_dv_query()` to prevent AGE queries on indirect CT
> > actions. This is the correct fix rather than null-checking the pool.
> >
> > Steps to reproduce:
> >  1. Create an indirect CT action:
> >     flow indirect_action 0 create ingress action conntrack / end
> >
> >  2. Create a root rule with jump:
> >     flow create 0 ingress pattern eth / ipv4 / tcp / end actions jump
> group 3 / end
> >
> >  3. Create a group 3 rule using the indirect action:
> >     flow create 0 group 3 ingress pattern eth / ipv4 / tcp / end actions
> indirect 0 / jump group 5 / end
> >
> >  4. Create a group 5 rule matching CT state:
> >     flow create 0 group 5 ingress pattern eth / ipv4 / tcp / conntrack
> is 1 / end actions queue index 5 / end
> >
> >  5. Querying the first rule causes segfault:
> >     flow query 0 1 age
> >
> > Fixes: 2d084f69aa26 ("net/mlx5: add translation of connection tracking
> action")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>
>

[-- Attachment #2: Type: text/html, Size: 4190 bytes --]