[PATCH] net/mlx5: fix segfault on indirect action age query with conntrack

Khadem Ullah 14pwcse1224 at uetpeshawar.edu.pk
Tue Jun 24 07:10:15 CEST 2025

Previous message (by thread): [PATCH v4 5/5] net/mlx5: use consecutive memory for Tx queue creation
Next message (by thread): [PATCH] net/mlx5: fix segfault on indirect action age query with conntrack
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch fixes a segmentation fault that occurs when querying the
age action of an indirect flow rule using connection tracking.

Steps to reproduce:
 1. Create an indirect action:
    flow indirect_action 0 create ingress action conntrack / end

 2. Create a root flow rule with a jump:
    flow create 0 ingress pattern eth / ipv4 / tcp / end /
         actions jump group 3 / end

 3. Create a group 3 rule using the indirect action:
    flow create 0 group 3 ingress pattern eth / ipv4 / tcp / end /
         actions indirect 0 / jump group 5 / end

 4. Create a group 5 rule matching on conntrack state:
    flow create 0 group 5 ingress pattern eth / ipv4 / tcp /
         conntrack is 1 / end actions queue index 5 / end

 5. Querying the first rule causes a segmentation fault:
    flow query 0 1 age

This patch ensures proper handling of the indirect action with
conntrack to prevent this crash.

Signed-off-by: Khadem Ullah <14pwcse1224 at uetpeshawar.edu.pk>
---
 .mailmap                        | 1 +
 drivers/net/mlx5/mlx5_flow.c    | 2 ++
 drivers/net/mlx5/mlx5_flow_dv.c | 5 +++++
 3 files changed, 8 insertions(+)

diff --git a/.mailmap b/.mailmap
index 8483d96ec5..5c9ea95346 100644
--- a/.mailmap
+++ b/.mailmap
@@ -812,6 +812,7 @@ Kevin Scott <kevin.c.scott at intel.com>
 Kevin Traynor <ktraynor at redhat.com>
 Ke Xu <ke1.xu at intel.com>
 Ke Zhang <ke1x.zhang at intel.com>
+Khadem Ullah <14pwcse at uetpeshawar.edu.pk>
 Khoa To <khot at microsoft.com>
 Kiran KN <kirankn at juniper.net>
 Kiran Kumar K <kirankumark at marvell.com> <kkokkilagadda at caviumnetworks.com> <kiran.kokkilagadda at caviumnetworks.com>
diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index 3d49a2d833..5c799ea4ce 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -4550,6 +4550,8 @@ flow_aso_age_get_by_idx(struct rte_eth_dev *dev, uint32_t age_idx)
 	struct mlx5_aso_age_pool *pool;
 
 	rte_rwlock_read_lock(&mng->resize_rwl);
+	if (mng->pools == NULL)
+		return NULL;
 	pool = mng->pools[pool_idx];
 	rte_rwlock_read_unlock(&mng->resize_rwl);
 	return &pool->actions[offset - 1];
diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c
index c217634d9b..f81ce20385 100644
--- a/drivers/net/mlx5/mlx5_flow_dv.c
+++ b/drivers/net/mlx5/mlx5_flow_dv.c
@@ -18086,6 +18086,11 @@ flow_dv_query_age(struct rte_eth_dev *dev, struct rte_flow *flow,
 	if (flow->age) {
 		struct mlx5_aso_age_action *act =
 				     flow_aso_age_get_by_idx(dev, flow->age);
+		if (!act)
+			return rte_flow_error_set
+					(error, EINVAL,
+					 RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
+					 NULL, "cannot read age data");
 
 		age_param = &act->age_params;
 	} else if (flow->counter) {
-- 
2.43.0

Previous message (by thread): [PATCH v4 5/5] net/mlx5: use consecutive memory for Tx queue creation
Next message (by thread): [PATCH] net/mlx5: fix segfault on indirect action age query with conntrack
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list