patch 'net/mlx5: fix crash on age query with indirect conntrack' has been queued to stable release 22.11.9
Khadem Ullah
14pwcse1224 at uetpeshawar.edu.pk
Thu Jul 3 13:57:52 CEST 2025
Hi Luca Boccassi,
Sorry to interrupt you again.
Please apply the patch to dpdk-stable.
Regards,
Khadem
On Wed, Jul 2, 2025, 20:32 Khadem Ullah <14pwcse1224 at uetpeshawar.edu.pk>
wrote:
> Hi Luca Boccassi
>
> I think the page is still in queue. Please apply it to dpdk-stable.
>
> Regards,
> Khadem
>
> On Mon, Jun 30, 2025, 17:26 <luca.boccassi at gmail.com> wrote:
>
>> Hi,
>>
>> FYI, your patch has been queued to stable release 22.11.9
>>
>> Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
>> It will be pushed if I get no objections before 07/02/25. So please
>> shout if anyone has objections.
>>
>> Also note that after the patch there's a diff of the upstream commit vs
>> the
>> patch applied to the branch. This will indicate if there was any rebasing
>> needed to apply to the stable branch. If there were code changes for
>> rebasing
>> (ie: not only metadata diffs), please double check that the rebase was
>> correctly done.
>>
>> Queued patches are on a temporary branch at:
>> https://github.com/bluca/dpdk-stable
>>
>> This queued commit can be viewed at:
>>
>> https://github.com/bluca/dpdk-stable/commit/ab74ac87bc7fe0554e3a2e0e6c94558647b9770d
>>
>> Thanks.
>>
>> Luca Boccassi
>>
>> ---
>> From ab74ac87bc7fe0554e3a2e0e6c94558647b9770d Mon Sep 17 00:00:00 2001
>> From: Khadem Ullah <14pwcse1224 at uetpeshawar.edu.pk>
>> Date: Thu, 26 Jun 2025 09:07:02 -0400
>> Subject: [PATCH] net/mlx5: fix crash on age query with indirect conntrack
>>
>> [ upstream commit 3bb6e3bf05284f0668e2ac14ce4b90a2909dff99 ]
>>
>> This patch fixes a segmentation fault that occurs when querying the
>> AGE action of a flow rule that uses indirect connection tracking (CT).
>>
>> Background:
>> AGE and CT indices share a union in the mlx5 flow struct. When using CT
>> without age, the age index is invalid. Querying AGE in this case leads
>> to a crash due to reading an invalid pointer.
>>
>> Solution:
>> Add a check in `flow_dv_query()` to prevent AGE queries on indirect CT
>> actions. This is the correct fix rather than null-checking the pool.
>>
>> Steps to reproduce:
>> 1. Create an indirect CT action:
>> flow indirect_action 0 create ingress action conntrack / end
>>
>> 2. Create a root rule with jump:
>> flow create 0 ingress pattern eth / ipv4 / tcp / end actions jump
>> group 3 / end
>>
>> 3. Create a group 3 rule using the indirect action:
>> flow create 0 group 3 ingress pattern eth / ipv4 / tcp / end actions
>> indirect 0 / jump group 5 / end
>>
>> 4. Create a group 5 rule matching CT state:
>> flow create 0 group 5 ingress pattern eth / ipv4 / tcp / conntrack is
>> 1 / end actions queue index 5 / end
>>
>> 5. Querying the first rule causes segfault:
>> flow query 0 1 age
>>
>> Fixes: 2d084f69aa26 ("net/mlx5: add translation of connection tracking
>> action")
>>
>> Signed-off-by: Khadem Ullah <14pwcse1224 at uetpeshawar.edu.pk>
>> Acked-by: Dariusz Sosnowski <dsosnowski at nvidia.com>
>> ---
>> .mailmap | 1 +
>> drivers/net/mlx5/mlx5_flow_dv.c | 5 +++++
>> 2 files changed, 6 insertions(+)
>>
>> diff --git a/.mailmap b/.mailmap
>> index 7e6ada5733..9a89b1a12e 100644
>> --- a/.mailmap
>> +++ b/.mailmap
>> @@ -736,6 +736,7 @@ Kevin Scott <kevin.c.scott at intel.com>
>> Kevin Traynor <ktraynor at redhat.com>
>> Ke Xu <ke1.xu at intel.com>
>> Ke Zhang <ke1x.zhang at intel.com>
>> +Khadem Ullah <14pwcse1224 at uetpeshawar.edu.pk>
>> Khoa To <khot at microsoft.com>
>> Kiran KN <kirankn at juniper.net>
>> Kiran Kumar K <kirankumark at marvell.com>
>> diff --git a/drivers/net/mlx5/mlx5_flow_dv.c
>> b/drivers/net/mlx5/mlx5_flow_dv.c
>> index d11e39431f..f3a76f9e93 100644
>> --- a/drivers/net/mlx5/mlx5_flow_dv.c
>> +++ b/drivers/net/mlx5/mlx5_flow_dv.c
>> @@ -16950,6 +16950,11 @@ flow_dv_query(struct rte_eth_dev *dev,
>> error);
>> break;
>> case RTE_FLOW_ACTION_TYPE_AGE:
>> + if (flow->indirect_type ==
>> MLX5_INDIRECT_ACTION_TYPE_CT)
>> + return rte_flow_error_set(error, ENOTSUP,
>> +
>> RTE_FLOW_ERROR_TYPE_ACTION,
>> + actions,
>> + "age not available");
>> ret = flow_dv_query_age(dev, flow, data, error);
>> break;
>> default:
>> --
>> 2.47.2
>>
>> ---
>> Diff of the applied patch vs upstream commit (please double-check if
>> non-empty:
>> ---
>> --- - 2025-06-30 13:21:21.850344929 +0100
>> +++ 0002-net-mlx5-fix-crash-on-age-query-with-indirect-conntr.patch
>> 2025-06-30 13:21:21.739057181 +0100
>> @@ -1 +1 @@
>> -From 3bb6e3bf05284f0668e2ac14ce4b90a2909dff99 Mon Sep 17 00:00:00 2001
>> +From ab74ac87bc7fe0554e3a2e0e6c94558647b9770d Mon Sep 17 00:00:00 2001
>> @@ -5,0 +6,2 @@
>> +[ upstream commit 3bb6e3bf05284f0668e2ac14ce4b90a2909dff99 ]
>> +
>> @@ -35 +36,0 @@
>> -Cc: stable at dpdk.org
>> @@ -45 +46 @@
>> -index 8483d96ec5..6126f7e472 100644
>> +index 7e6ada5733..9a89b1a12e 100644
>> @@ -48 +49 @@
>> -@@ -812,6 +812,7 @@ Kevin Scott <kevin.c.scott at intel.com>
>> +@@ -736,6 +736,7 @@ Kevin Scott <kevin.c.scott at intel.com>
>> @@ -55 +56 @@
>> - Kiran Kumar K <kirankumark at marvell.com> <
>> kkokkilagadda at caviumnetworks.com> <kiran.kokkilagadda at caviumnetworks.com>
>> + Kiran Kumar K <kirankumark at marvell.com>
>> @@ -57 +58 @@
>> -index d555a9cdcb..7b9e5018b8 100644
>> +index d11e39431f..f3a76f9e93 100644
>> @@ -60 +61 @@
>> -@@ -18146,6 +18146,11 @@ flow_dv_query(struct rte_eth_dev *dev,
>> +@@ -16950,6 +16950,11 @@ flow_dv_query(struct rte_eth_dev *dev,
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mails.dpdk.org/archives/stable/attachments/20250703/2ec669af/attachment.htm>
More information about the stable
mailing list