This patch fixes a segmentation fault that occurs when querying the age action of an indirect flow rule using connection tracking.
Steps to reproduce: 1. Create an indirect action: flow indirect_action 0 create ingress action conntrack / end 2. Create a root flow rule with a jump: flow create 0 ingress pattern eth / ipv4 / tcp / end / actions jump group 3 / end 3. Create a group 3 rule using the indirect action: flow create 0 group 3 ingress pattern eth / ipv4 / tcp / end / actions indirect 0 / jump group 5 / end 4. Create a group 5 rule matching on conntrack state: flow create 0 group 5 ingress pattern eth / ipv4 / tcp / conntrack is 1 / end actions queue index 5 / end 5. Querying the first rule causes a segmentation fault: flow query 0 1 age This patch ensures proper handling of the indirect action with conntrack to prevent this crash. Signed-off-by: Khadem Ullah <14pwcse1...@uetpeshawar.edu.pk> --- .mailmap | 1 + drivers/net/mlx5/mlx5_flow.c | 2 ++ drivers/net/mlx5/mlx5_flow_dv.c | 5 +++++ 3 files changed, 8 insertions(+) diff --git a/.mailmap b/.mailmap index 8483d96ec5..5c9ea95346 100644 --- a/.mailmap +++ b/.mailmap @@ -812,6 +812,7 @@ Kevin Scott <kevin.c.sc...@intel.com> Kevin Traynor <ktray...@redhat.com> Ke Xu <ke1...@intel.com> Ke Zhang <ke1x.zh...@intel.com> +Khadem Ullah <14pw...@uetpeshawar.edu.pk> Khoa To <k...@microsoft.com> Kiran KN <kira...@juniper.net> Kiran Kumar K <kirankum...@marvell.com> <kkokkilaga...@caviumnetworks.com> <kiran.kokkilaga...@caviumnetworks.com> diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c index 3d49a2d833..5c799ea4ce 100644 --- a/drivers/net/mlx5/mlx5_flow.c +++ b/drivers/net/mlx5/mlx5_flow.c @@ -4550,6 +4550,8 @@ flow_aso_age_get_by_idx(struct rte_eth_dev *dev, uint32_t age_idx) struct mlx5_aso_age_pool *pool; rte_rwlock_read_lock(&mng->resize_rwl); + if (mng->pools == NULL) + return NULL; pool = mng->pools[pool_idx]; rte_rwlock_read_unlock(&mng->resize_rwl); return &pool->actions[offset - 1]; diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c index c217634d9b..f81ce20385 100644 --- a/drivers/net/mlx5/mlx5_flow_dv.c +++ b/drivers/net/mlx5/mlx5_flow_dv.c @@ -18086,6 +18086,11 @@ flow_dv_query_age(struct rte_eth_dev *dev, struct rte_flow *flow, if (flow->age) { struct mlx5_aso_age_action *act = flow_aso_age_get_by_idx(dev, flow->age); + if (!act) + return rte_flow_error_set + (error, EINVAL, + RTE_FLOW_ERROR_TYPE_UNSPECIFIED, + NULL, "cannot read age data"); age_param = &act->age_params; } else if (flow->counter) { -- 2.43.0