patch 'net/mlx5: fix index-based flow rules' has been queued to stable release 24.11.4

[Kevin Traynor]

Hi,

FYI, your patch has been queued to stable release 24.11.4

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/05/25. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/1d6b9ec03f78f6733899ce4f65f2db096750f44b

Thanks.

Kevin

---
>From 1d6b9ec03f78f6733899ce4f65f2db096750f44b Mon Sep 17 00:00:00 2001
From: Maayan Kashani <mkashani at nvidia.com>
Date: Wed, 30 Jul 2025 10:16:59 +0300
Subject: [PATCH] net/mlx5: fix index-based flow rules

[ upstream commit 4a35eb531b7542c4f86b98bb04b46f17081b537d ]

During asynchronous flow creation by index,
the items array was initialized with only one element,
but the table metadata did not update the item count accordingly.
This mismatch led to an out-of-bounds memcpy operation,
as the code attempted to copy more elements than were actually allocated.

To resolve this, since item matching is disregarded when inserting a
rule by index (the rule is triggered when a packet reaches the
specified index),
the fix is to skip preparing the items array in this case.
Instead, the items array should only contain a single element,
RTE_FLOW_ITEM_TYPE_END, which indicates no match pattern is needed.
This prevents unsafe memory operations and aligns the array size
with its intended usage.

Fixes: 36c379c82e82 ("net/mlx5: add flow rule insertion by index with pattern")

Signed-off-by: Maayan Kashani <mkashani at nvidia.com>
Acked-by: Dariusz Sosnowski <dsosnowski at nvidia.com>
---
 drivers/net/mlx5/mlx5_flow_hw.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/drivers/net/mlx5/mlx5_flow_hw.c b/drivers/net/mlx5/mlx5_flow_hw.c
index 586500753a..56d9504cb3 100644
--- a/drivers/net/mlx5/mlx5_flow_hw.c
+++ b/drivers/net/mlx5/mlx5_flow_hw.c
@@ -3935,8 +3935,12 @@ flow_hw_async_flow_create_generic(struct rte_eth_dev *dev,
 				      rule_acts, queue, &sub_error))
 		goto error;
-	rule_items = flow_hw_get_rule_items(dev, table, items,
-					    pattern_template_index, &priv->hw_q[queue].pp);
-	if (!rule_items)
-		goto error;
+	if (insertion_type == RTE_FLOW_TABLE_INSERTION_TYPE_INDEX) {
+		rule_items = items;
+	} else {
+		rule_items = flow_hw_get_rule_items(dev, table, items,
+						    pattern_template_index, &priv->hw_q[queue].pp);
+		if (!rule_items)
+			goto error;
+	}
 	if (likely(!rte_flow_template_table_resizable(dev->data->port_id, &table->cfg.attr))) {
 		ret = mlx5dr_rule_create(table->matcher_info[0].matcher,
-- 
2.51.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2025-10-31 13:53:53.212850054 +0000
+++ 0031-net-mlx5-fix-index-based-flow-rules.patch	2025-10-31 13:53:52.066523462 +0000
@@ -1 +1 @@
-From 4a35eb531b7542c4f86b98bb04b46f17081b537d Mon Sep 17 00:00:00 2001
+From 1d6b9ec03f78f6733899ce4f65f2db096750f44b Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 4a35eb531b7542c4f86b98bb04b46f17081b537d ]
+
@@ -22 +23,0 @@
-Cc: stable at dpdk.org
@@ -31 +32 @@
-index 6dc16f80d3..016370f68b 100644
+index 586500753a..56d9504cb3 100644
@@ -34 +35 @@
-@@ -3983,8 +3983,12 @@ flow_hw_async_flow_create_generic(struct rte_eth_dev *dev,
+@@ -3935,8 +3935,12 @@ flow_hw_async_flow_create_generic(struct rte_eth_dev *dev,