[PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec

[Burakov, Anatoly]

On 2/12/2026 1:53 PM, Anatoly Burakov wrote:
> The original IPsec "add SA from flow" function expected a void* pointer to
> security session as its first argument. However, the actual code was not
> passing that, instead it passed `rte_flow_action_security` which was a
> *container* for security session pointer.
> 
> Fix it by passing correct pointer type, as well as make typing more
> explicit to let compiler catch such bugs in the future.
> 
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> Cc: radu.nicolau at intel.com
> Cc: stable at dpdk.org
> 
> Signed-off-by: Anatoly Burakov <anatoly.burakov at intel.com>
> ---

<snip>

> +		const struct ip_spec *spec)
>   {
> -	/**
> -	 * FIXME Updating the session priv data when the session is const.
> -	 * Typecasting done here is wrong and the implementation need to be corrected.
> -	 */
> -	struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t)
> -			((const struct rte_security_session *)sess)->driver_priv_data;
> +	struct ixgbe_crypto_session *ic_session =
> +			RTE_CAST_PTR(struct ixgbe_crypto_session *, sess->driver_priv_data);

Despite being removed, the comment is still true. This is an artifact of 
how we get the crypto session (it comes from security rte_flow action, 
which is const).

I suppose this could be fixed by looking up the security session by 
pointer, but this would quickly get out of hand if we have a lot of 
security sessions, so there's not much choice other than to cast away 
the constness here. Ideas are welcome though!

-- 
Thanks,
Anatoly