patch 'net/mlx5: fix crash on age query with indirect conntrack' has been queued to stable release 22.11.9

[Khadem Ullah]

Hi Luca Boccassi

I think the page is still in queue. Please apply it to dpdk-stable.

Regards,
Khadem

On Mon, Jun 30, 2025, 17:26 <luca.boccassi at gmail.com> wrote:

> Hi,
>
> FYI, your patch has been queued to stable release 22.11.9
>
> Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
> It will be pushed if I get no objections before 07/02/25. So please
> shout if anyone has objections.
>
> Also note that after the patch there's a diff of the upstream commit vs the
> patch applied to the branch. This will indicate if there was any rebasing
> needed to apply to the stable branch. If there were code changes for
> rebasing
> (ie: not only metadata diffs), please double check that the rebase was
> correctly done.
>
> Queued patches are on a temporary branch at:
> https://github.com/bluca/dpdk-stable
>
> This queued commit can be viewed at:
>
> https://github.com/bluca/dpdk-stable/commit/ab74ac87bc7fe0554e3a2e0e6c94558647b9770d
>
> Thanks.
>
> Luca Boccassi
>
> ---
> From ab74ac87bc7fe0554e3a2e0e6c94558647b9770d Mon Sep 17 00:00:00 2001
> From: Khadem Ullah <14pwcse1224 at uetpeshawar.edu.pk>
> Date: Thu, 26 Jun 2025 09:07:02 -0400
> Subject: [PATCH] net/mlx5: fix crash on age query with indirect conntrack
>
> [ upstream commit 3bb6e3bf05284f0668e2ac14ce4b90a2909dff99 ]
>
> This patch fixes a segmentation fault that occurs when querying the
> AGE action of a flow rule that uses indirect connection tracking (CT).
>
> Background:
> AGE and CT indices share a union in the mlx5 flow struct. When using CT
> without age, the age index is invalid. Querying AGE in this case leads
> to a crash due to reading an invalid pointer.
>
> Solution:
> Add a check in `flow_dv_query()` to prevent AGE queries on indirect CT
> actions. This is the correct fix rather than null-checking the pool.
>
> Steps to reproduce:
>  1. Create an indirect CT action:
>     flow indirect_action 0 create ingress action conntrack / end
>
>  2. Create a root rule with jump:
>     flow create 0 ingress pattern eth / ipv4 / tcp / end actions jump
> group 3 / end
>
>  3. Create a group 3 rule using the indirect action:
>     flow create 0 group 3 ingress pattern eth / ipv4 / tcp / end actions
> indirect 0 / jump group 5 / end
>
>  4. Create a group 5 rule matching CT state:
>     flow create 0 group 5 ingress pattern eth / ipv4 / tcp / conntrack is
> 1 / end actions queue index 5 / end
>
>  5. Querying the first rule causes segfault:
>     flow query 0 1 age
>
> Fixes: 2d084f69aa26 ("net/mlx5: add translation of connection tracking
> action")
>
> Signed-off-by: Khadem Ullah <14pwcse1224 at uetpeshawar.edu.pk>
> Acked-by: Dariusz Sosnowski <dsosnowski at nvidia.com>
> ---
>  .mailmap                        | 1 +
>  drivers/net/mlx5/mlx5_flow_dv.c | 5 +++++
>  2 files changed, 6 insertions(+)
>
> diff --git a/.mailmap b/.mailmap
> index 7e6ada5733..9a89b1a12e 100644
> --- a/.mailmap
> +++ b/.mailmap
> @@ -736,6 +736,7 @@ Kevin Scott <kevin.c.scott at intel.com>
>  Kevin Traynor <ktraynor at redhat.com>
>  Ke Xu <ke1.xu at intel.com>
>  Ke Zhang <ke1x.zhang at intel.com>
> +Khadem Ullah <14pwcse1224 at uetpeshawar.edu.pk>
>  Khoa To <khot at microsoft.com>
>  Kiran KN <kirankn at juniper.net>
>  Kiran Kumar K <kirankumark at marvell.com>
> diff --git a/drivers/net/mlx5/mlx5_flow_dv.c
> b/drivers/net/mlx5/mlx5_flow_dv.c
> index d11e39431f..f3a76f9e93 100644
> --- a/drivers/net/mlx5/mlx5_flow_dv.c
> +++ b/drivers/net/mlx5/mlx5_flow_dv.c
> @@ -16950,6 +16950,11 @@ flow_dv_query(struct rte_eth_dev *dev,
>                                                   error);
>                         break;
>                 case RTE_FLOW_ACTION_TYPE_AGE:
> +                       if (flow->indirect_type ==
> MLX5_INDIRECT_ACTION_TYPE_CT)
> +                               return rte_flow_error_set(error, ENOTSUP,
> +
>  RTE_FLOW_ERROR_TYPE_ACTION,
> +                                                 actions,
> +                                                 "age not available");
>                         ret = flow_dv_query_age(dev, flow, data, error);
>                         break;
>                 default:
> --
> 2.47.2
>
> ---
>   Diff of the applied patch vs upstream commit (please double-check if
> non-empty:
> ---
> --- -   2025-06-30 13:21:21.850344929 +0100
> +++ 0002-net-mlx5-fix-crash-on-age-query-with-indirect-conntr.patch
>  2025-06-30 13:21:21.739057181 +0100
> @@ -1 +1 @@
> -From 3bb6e3bf05284f0668e2ac14ce4b90a2909dff99 Mon Sep 17 00:00:00 2001
> +From ab74ac87bc7fe0554e3a2e0e6c94558647b9770d Mon Sep 17 00:00:00 2001
> @@ -5,0 +6,2 @@
> +[ upstream commit 3bb6e3bf05284f0668e2ac14ce4b90a2909dff99 ]
> +
> @@ -35 +36,0 @@
> -Cc: stable at dpdk.org
> @@ -45 +46 @@
> -index 8483d96ec5..6126f7e472 100644
> +index 7e6ada5733..9a89b1a12e 100644
> @@ -48 +49 @@
> -@@ -812,6 +812,7 @@ Kevin Scott <kevin.c.scott at intel.com>
> +@@ -736,6 +736,7 @@ Kevin Scott <kevin.c.scott at intel.com>
> @@ -55 +56 @@
> - Kiran Kumar K <kirankumark at marvell.com> <
> kkokkilagadda at caviumnetworks.com> <kiran.kokkilagadda at caviumnetworks.com>
> + Kiran Kumar K <kirankumark at marvell.com>
> @@ -57 +58 @@
> -index d555a9cdcb..7b9e5018b8 100644
> +index d11e39431f..f3a76f9e93 100644
> @@ -60 +61 @@
> -@@ -18146,6 +18146,11 @@ flow_dv_query(struct rte_eth_dev *dev,
> +@@ -16950,6 +16950,11 @@ flow_dv_query(struct rte_eth_dev *dev,
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mails.dpdk.org/archives/stable/attachments/20250702/21ee5ed2/attachment.htm>