On 2/12/2026 1:53 PM, Anatoly Burakov wrote:
The original IPsec "add SA from flow" function expected a void* pointer to
security session as its first argument. However, the actual code was not
passing that, instead it passed `rte_flow_action_security` which was a
*container* for security session pointer.
Fix it by passing correct pointer type, as well as make typing more
explicit to let compiler catch such bugs in the future.
Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Anatoly Burakov <[email protected]>
---
<snip>
+ const struct ip_spec *spec)
{
- /**
- * FIXME Updating the session priv data when the session is const.
- * Typecasting done here is wrong and the implementation need to be
corrected.
- */
- struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t)
- ((const struct rte_security_session
*)sess)->driver_priv_data;
+ struct ixgbe_crypto_session *ic_session =
+ RTE_CAST_PTR(struct ixgbe_crypto_session *,
sess->driver_priv_data);
Despite being removed, the comment is still true. This is an artifact of
how we get the crypto session (it comes from security rte_flow action,
which is const).
I suppose this could be fixed by looking up the security session by
pointer, but this would quickly get out of hand if we have a lot of
security sessions, so there's not much choice other than to cast away
the constness here. Ideas are welcome though!
--
Thanks,
Anatoly
