patch 'net/ixgbe: fix MAC/VLAN item validation for ntuple' has been queued to stable release 24.11.7

luca.boccassi at gmail.com luca.boccassi at gmail.com
Thu Jun 11 15:20:01 CEST 2026 

Hi,

FYI, your patch has been queued to stable release 24.11.7

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 06/13/26. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/bluca/dpdk-stable

This queued commit can be viewed at:
https://github.com/bluca/dpdk-stable/commit/8c9d72c5037c9f9d2b36ada6c2181a498bb60d55

Thanks.

Luca Boccassi

---
>From 8c9d72c5037c9f9d2b36ada6c2181a498bb60d55 Mon Sep 17 00:00:00 2001
From: Daniil Iskhakov <dish at amicon.ru>
Date: Thu, 7 May 2026 16:21:17 +0300
Subject: [PATCH] net/ixgbe: fix MAC/VLAN item validation for ntuple

[ upstream commit 0a360fdaa2f2794891f0a0f167337cda879f1340 ]

When parsing an ntuple filter, the code attempts to ensure that if the
first item is ETH or VLAN, its spec and mask are either absent or
contain only zero fields. The current check is:

  if ((item->spec || item->mask) &&
      (memcmp(spec, &null_struct, size) ||
       memcmp(mask, &null_struct, size)))

This condition is logically incorrect. If item->spec points to a
zero-filled structure and item->mask is NULL, memcmp(mask) would
dereference a NULL pointer.

The intended behavior is to reject any non-zero spec or mask.

Guard each memcmp() call with a check of the corresponding pointer while
keeping a single error path.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 46ea969177f3 ("net/ixgbe: add ntuple support to flow parser")

Signed-off-by: Daniil Agalakov <ade at amicon.ru>
Signed-off-by: Daniil Iskhakov <dish at amicon.ru>
Acked-by: Bruce Richardson <bruce.richardson at intel.com>
---
 drivers/net/ixgbe/ixgbe_flow.c | 25 ++++++++-----------------
 1 file changed, 8 insertions(+), 17 deletions(-)

diff --git a/drivers/net/ixgbe/ixgbe_flow.c b/drivers/net/ixgbe/ixgbe_flow.c
index 742b3da116..30582eb169 100644
--- a/drivers/net/ixgbe/ixgbe_flow.c
+++ b/drivers/net/ixgbe/ixgbe_flow.c
@@ -288,14 +288,10 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
 
 		}
 		/* if the first item is MAC, the content should be NULL */
-		if ((item->spec || item->mask) &&
-			(memcmp(eth_spec, &eth_null,
-				sizeof(struct rte_flow_item_eth)) ||
-			 memcmp(eth_mask, &eth_null,
-				sizeof(struct rte_flow_item_eth)))) {
-			rte_flow_error_set(error, EINVAL,
-				RTE_FLOW_ERROR_TYPE_ITEM,
-				item, "Not supported by ntuple filter");
+		if ((item->spec != NULL && memcmp(eth_spec, &eth_null, sizeof(eth_null)) != 0) ||
+		    (item->mask != NULL && memcmp(eth_mask, &eth_null, sizeof(eth_null)) != 0)) {
+			rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ITEM, item,
+					"Not supported by ntuple filter");
 			return -rte_errno;
 		}
 		/* check if the next not void item is IPv4 or Vlan */
@@ -321,15 +317,10 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
 			return -rte_errno;
 		}
 		/* the content should be NULL */
-		if ((item->spec || item->mask) &&
-			(memcmp(vlan_spec, &vlan_null,
-				sizeof(struct rte_flow_item_vlan)) ||
-			 memcmp(vlan_mask, &vlan_null,
-				sizeof(struct rte_flow_item_vlan)))) {
-
-			rte_flow_error_set(error, EINVAL,
-				RTE_FLOW_ERROR_TYPE_ITEM,
-				item, "Not supported by ntuple filter");
+		if ((item->spec != NULL && memcmp(vlan_spec, &vlan_null, sizeof(vlan_null)) != 0) ||
+		    (item->mask != NULL && memcmp(vlan_mask, &vlan_null, sizeof(vlan_null)) != 0)) {
+			rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ITEM, item,
+					"Not supported by ntuple filter");
 			return -rte_errno;
 		}
 		/* check if the next not void item is IPv4 */
-- 
2.47.3

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2026-06-11 14:20:03.388909895 +0100
+++ 0052-net-ixgbe-fix-MAC-VLAN-item-validation-for-ntuple.patch	2026-06-11 14:20:01.246746761 +0100
@@ -1 +1 @@
-From 0a360fdaa2f2794891f0a0f167337cda879f1340 Mon Sep 17 00:00:00 2001
+From 8c9d72c5037c9f9d2b36ada6c2181a498bb60d55 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 0a360fdaa2f2794891f0a0f167337cda879f1340 ]
+
@@ -26 +27,0 @@
-Cc: stable at dpdk.org
@@ -32 +33 @@
- drivers/net/intel/ixgbe/ixgbe_flow.c | 25 ++++++++-----------------
+ drivers/net/ixgbe/ixgbe_flow.c | 25 ++++++++-----------------
@@ -35,5 +36,5 @@
-diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
-index 7c0cdf8b74..4a3a5403ef 100644
---- a/drivers/net/intel/ixgbe/ixgbe_flow.c
-+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
-@@ -229,14 +229,10 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
+diff --git a/drivers/net/ixgbe/ixgbe_flow.c b/drivers/net/ixgbe/ixgbe_flow.c
+index 742b3da116..30582eb169 100644
+--- a/drivers/net/ixgbe/ixgbe_flow.c
++++ b/drivers/net/ixgbe/ixgbe_flow.c
+@@ -288,14 +288,10 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
@@ -58 +59 @@
-@@ -262,15 +258,10 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
+@@ -321,15 +317,10 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,

More information about the stable mailing list