[PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec

[Burakov, Anatoly]

On 2/12/2026 6:21 PM, Radu Nicolau wrote:
> 
> On 12-Feb-26 5:17 PM, Bruce Richardson wrote:
>> On Thu, Feb 12, 2026 at 03:50:26PM +0100, Burakov, Anatoly wrote:
>>> On 2/12/2026 1:53 PM, Anatoly Burakov wrote:
>>>> The original IPsec "add SA from flow" function expected a void* 
>>>> pointer to
>>>> security session as its first argument. However, the actual code was 
>>>> not
>>>> passing that, instead it passed `rte_flow_action_security` which was a
>>>> *container* for security session pointer.
>>>>
>>>> Fix it by passing correct pointer type, as well as make typing more
>>>> explicit to let compiler catch such bugs in the future.
>>>>
>>>> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
>>>> Cc: radu.nicolau at intel.com
>>>> Cc: stable at dpdk.org
>>>>
>>>> Signed-off-by: Anatoly Burakov <anatoly.burakov at intel.com>
>>>> ---
>>> <snip>
>>>
>>>> +        const struct ip_spec *spec)
>>>>    {
>>>> -    /**
>>>> -     * FIXME Updating the session priv data when the session is const.
>>>> -     * Typecasting done here is wrong and the implementation need 
>>>> to be corrected.
>>>> -     */
>>>> -    struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t)
>>>> -            ((const struct rte_security_session *)sess)- 
>>>> >driver_priv_data;
>>>> +    struct ixgbe_crypto_session *ic_session =
>>>> +            RTE_CAST_PTR(struct ixgbe_crypto_session *, sess- 
>>>> >driver_priv_data);
>>> Despite being removed, the comment is still true. This is an artifact 
>>> of how
>>> we get the crypto session (it comes from security rte_flow action, 
>>> which is
>>> const).
>>>
>> Why not keep the comment then?
> Probably it's best to explain why we cast away the const, but not 
> include the FIXME or TODO tag anymore.

The removal was accidental, I'll add it back in v6

-- 
Thanks,
Anatoly