|SUCCESS| net/mlx5: remove nonsensical flow action class_id checks

dpdklab at iol.unh.edu dpdklab at iol.unh.edu
Wed May 20 19:58:13 CEST 2026

Previous message (by thread): |PENDING| pw164214 [PATCH] eal: fix data race in hugepage prefault
Next message (by thread): |Smoke |SUCCESS| pw(164213) sid(38188) job(PER_PATCH_BUILD18856-20260520231246) [v2] net/ice: fix TM node ID validation against configured queues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Test-Label: ai-code-review
Test-Status: SUCCESS
https://dpdk.org/patch/164212

_AI Code Review_

=== Patch Review: series.patch (via Claude) ===
Review date: 2026-05-20

Reviewing patch for commit 1a2b3c4d5e6f7890abcdef1234567890abcdef12
Author: Michael Pfeiffer <m.pfeiffer at syseleven.de>
net/mlx5: remove nonsensical flow action class_id checks

This patch removes two class_id validation checks in
flow_hw_validate_action_modify_field() for non-GENEVE fields. The checks
are problematic because rte_flow_field_data initialization via unions
leaves class_id potentially uninitialized when other fields are set,
causing spurious validation failures.

> diff --git a/drivers/net/mlx5/mlx5_flow_hw.c b/drivers/net/mlx5/mlx5_flow_hw.c
> index bca5b2769e..add48d7c8f 100644
> --- a/drivers/net/mlx5/mlx5_flow_hw.c
> +++ b/drivers/net/mlx5/mlx5_flow_hw.c
> @@ -6264,10 +6264,6 @@ flow_hw_validate_action_modify_field(struct rte_eth_dev *dev,
>  			return rte_flow_error_set(error, EINVAL,
>  					RTE_FLOW_ERROR_TYPE_ACTION, action,
>  					"destination tag index is not supported");
> -		if (action_conf->dst.class_id)
> -			return rte_flow_error_set(error, EINVAL,
> -					RTE_FLOW_ERROR_TYPE_ACTION, action,
> -					"destination class id is not supported");
>  	}
>  	if (mask_conf->dst.level != UINT8_MAX)
>  		return rte_flow_error_set(error, EINVAL,

Does removing this validation weaken security or correctness? If class_id
is genuinely unsupported for non-GENEVE fields in hardware, should the
code instead require callers to explicitly zero-initialize the entire
rte_flow_field_data structure? This would catch uninitialized memory
issues rather than silently accepting potentially garbage values.

Looking at the call chain flow_hw_create_tx_repr_tag_jump_acts_tmpl()
-> __flow_hw_actions_template_create(), does the initialization code in
flow_hw_create_tx_repr_tag_jump_acts_tmpl() properly zero the full
structure before setting specific fields? If not, wouldn't the proper fix
be to use memset() or designated initializers with all fields specified?

[ ... ]

> @@ -6290,10 +6286,6 @@ flow_hw_validate_action_modify_field(struct rte_eth_dev *dev,
>  				return rte_flow_error_set(error, EINVAL,
>  					RTE_FLOW_ERROR_TYPE_ACTION, action,
>  					"source tag index is not supported");
> -			if (action_conf->src.class_id)
> -				return rte_flow_error_set(error, EINVAL,
> -					RTE_FLOW_ERROR_TYPE_ACTION, action,
> -					"source class id is not supported");
>  		}
>  		if (mask_conf->src.level != UINT8_MAX)
>  			return rte_flow_error_set(error, EINVAL,

Same question applies here for the source field. Additionally, does the
hardware silently ignore class_id values for non-GENEVE operations, or
could passing uninitialized garbage cause undefined behavior at the
hardware level?

The commit message mentions "unspecified" initialization behavior for
union members. However, C99 and later standards actually do specify that
unmentioned members in designated initializers are zero-initialized. Can
you clarify which specific initialization patterns in the codebase are
causing uninitialized memory to reach these checks?

Previous message (by thread): |PENDING| pw164214 [PATCH] eal: fix data race in hugepage prefault
Next message (by thread): |Smoke |SUCCESS| pw(164213) sid(38188) job(PER_PATCH_BUILD18856-20260520231246) [v2] net/ice: fix TM node ID validation against configured queues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the test-report mailing list