* [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks
@ 2026-02-09 12:58 Anatoly Burakov
2026-02-09 12:58 ` [PATCH v1 2/4] net/i40e: move FDIR config to flow create Anatoly Burakov
` (7 more replies)
0 siblings, 8 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-09 12:58 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Carolyn Wyborny, Piotr Kwapulinski,
Jedrzej Jagielski
A few E610 MAC type checks were missing (verified using E610 datasheet).
Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +-----
drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++--------
drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++---
drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++-
drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++--
drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++----
6 files changed, 39 insertions(+), 28 deletions(-)
diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
index 6ef965dbb6..eb73bc8b17 100644
--- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
+++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
@@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status)
dir_sdo = IXGBE_ESDP_SDP6_DIR;
break;
case ixgbe_mac_X540:
- sck = IXGBE_ESDP_SDP2;
- sdi = IXGBE_ESDP_SDP0;
- sdo = IXGBE_ESDP_SDP1;
- dir_sck = IXGBE_ESDP_SDP2_DIR;
- dir_sdi = IXGBE_ESDP_SDP0_DIR;
- dir_sdo = IXGBE_ESDP_SDP1_DIR;
- break;
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
sck = IXGBE_ESDP_SDP2;
sdi = IXGBE_ESDP_SDP0;
sdo = IXGBE_ESDP_SDP1;
diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
index 89a799762f..11500a923c 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
@@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev,
(hw->mac.type != ixgbe_mac_X540) &&
(hw->mac.type != ixgbe_mac_X550) &&
(hw->mac.type != ixgbe_mac_X550EM_x) &&
- (hw->mac.type != ixgbe_mac_X550EM_a))
+ (hw->mac.type != ixgbe_mac_X550EM_a) &&
+ (hw->mac.type != ixgbe_mac_E610))
return -ENOSYS;
PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d",
@@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev)
ctrl |= IXGBE_EXTENDED_VLAN;
IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl);
- /* Clear pooling mode of PFVTCTL. It's required by X550. */
+ /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) {
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) {
ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL);
ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK;
IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl);
@@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev)
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
speed = IXGBE_LINK_SPEED_X550_AUTONEG;
break;
default:
@@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X540_vf ||
hw->mac.type == ixgbe_mac_X550 ||
- hw->mac.type == ixgbe_mac_X550_vf) {
+ hw->mac.type == ixgbe_mac_X550_vf ||
+ hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M;
}
- if (hw->mac.type == ixgbe_mac_X550) {
+ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G;
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G;
}
@@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c
index 97ef185583..0bdfbd411a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_fdir.c
+++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c
@@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev)
hw->mac.type != ixgbe_mac_E610)
return -ENOSYS;
- /* x550 supports mac-vlan and tunnel mode but other NICs not */
+ /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not */
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610 &&
mode != RTE_FDIR_MODE_SIGNATURE &&
mode != RTE_FDIR_MODE_PERFECT)
return -ENOSYS;
@@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
return -ENOTSUP;
/*
- * Sanity check for x550.
+ * Sanity check for x550 and E610.
* When adding a new filter with flow type set to IPv4,
* the flow director mask should be configed before,
* and the L4 protocol and ports are masked.
@@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
if ((!del) &&
(hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) &&
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) &&
(rule->ixgbe_fdir.formatted.flow_type ==
IXGBE_ATR_FLOW_TYPE_IPV4 ||
rule->ixgbe_fdir.formatted.flow_type ==
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 3b68d820ca..27d2ba1132 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf));
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c
index e967fe5e48..d9a775f99a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_pf.c
+++ b/drivers/net/intel/ixgbe/ixgbe_pf.c
@@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf)
uint32_t max_frs;
uint32_t hlreg0;
- /* X540 and X550 support jumbo frames in IOV mode */
+ /* X540, X550, and E610 support jumbo frames in IOV mode */
if (hw->mac.type != ixgbe_mac_X540 &&
hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
struct ixgbe_vf_info *vfinfo =
*IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private);
diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
index 0af04c9b0d..2857c19355 100644
--- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c
+++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
@@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
/*
* The packet type in RX descriptor is different for different NICs.
- * Some bits are used for x550 but reserved for other NICS.
+ * Some bits are used for x550 and E610 but reserved for other NICS.
* So set different masks for different NICs.
*/
if (hw->mac.type == ixgbe_mac_X550 ||
@@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
hw->mac.type == ixgbe_mac_X550EM_a ||
hw->mac.type == ixgbe_mac_X550_vf ||
hw->mac.type == ixgbe_mac_X550EM_x_vf ||
- hw->mac.type == ixgbe_mac_X550EM_a_vf)
+ hw->mac.type == ixgbe_mac_X550EM_a_vf ||
+ hw->mac.type == ixgbe_mac_E610)
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550;
else
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599;
@@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
ixgbe_setup_loopback_link_x540_x550(hw, false);
}
}
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v1 2/4] net/i40e: move FDIR config to flow create
2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
@ 2026-02-09 12:58 ` Anatoly Burakov
2026-02-09 12:58 ` [PATCH v1 3/4] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
` (6 subsequent siblings)
7 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-09 12:58 UTC (permalink / raw)
To: dev, Bruce Richardson, Beilei Xing, Xiaoyun Li
Currently, FDIR filter parsing function will modify FDIR state after a
successful match. However, this function is called from both flow create
and flow validate, which results in the driver modifying FDIR state after
a flow validate call. Move the FDIR config to flow create.
Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++----------------
1 file changed, 23 insertions(+), 28 deletions(-)
diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c
index f130f53ae0..193b1b6725 100644
--- a/drivers/net/intel/i40e/i40e_flow.c
+++ b/drivers/net/intel/i40e/i40e_flow.c
@@ -2551,9 +2551,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev,
struct rte_flow_error *error,
union i40e_filter_t *filter)
{
- struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
- struct i40e_fdir_filter_conf *fdir_filter =
- &filter->fdir_filter;
+ struct i40e_fdir_filter_conf *fdir_filter = &filter->fdir_filter;
int ret;
ret = i40e_flow_parse_fdir_pattern(dev, pattern, error, fdir_filter);
@@ -2570,32 +2568,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev,
cons_filter_type = RTE_ETH_FILTER_FDIR;
- if (pf->fdir.fdir_vsi == NULL) {
- /* Enable fdir when fdir flow is added at first time. */
- ret = i40e_fdir_setup(pf);
- if (ret != I40E_SUCCESS) {
- rte_flow_error_set(error, ENOTSUP,
- RTE_FLOW_ERROR_TYPE_HANDLE,
- NULL, "Failed to setup fdir.");
- return -rte_errno;
- }
- ret = i40e_fdir_configure(dev);
- if (ret < 0) {
- rte_flow_error_set(error, ENOTSUP,
- RTE_FLOW_ERROR_TYPE_HANDLE,
- NULL, "Failed to configure fdir.");
- goto err;
- }
- }
-
- /* If create the first fdir rule, enable fdir check for rx queues */
- if (TAILQ_EMPTY(&pf->fdir.fdir_list))
- i40e_fdir_rx_proc_enable(dev, 1);
-
return 0;
-err:
- i40e_fdir_teardown(pf);
- return -rte_errno;
}
/* Parse to get the action info of a tunnel filter
@@ -3921,6 +3894,28 @@ i40e_flow_create(struct rte_eth_dev *dev,
return NULL;
if (cons_filter_type == RTE_ETH_FILTER_FDIR) {
+ /* if this is the first time we're creating an fdir flow */
+ if (pf->fdir.fdir_vsi == NULL) {
+ ret = i40e_fdir_setup(pf);
+ if (ret != I40E_SUCCESS) {
+ rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_HANDLE,
+ NULL, "Failed to setup fdir.");
+ return NULL;
+ }
+ ret = i40e_fdir_configure(dev);
+ if (ret < 0) {
+ rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_HANDLE,
+ NULL, "Failed to configure fdir.");
+ i40e_fdir_teardown(pf);
+ return NULL;
+ }
+ }
+ /* If create the first fdir rule, enable fdir check for rx queues */
+ if (TAILQ_EMPTY(&pf->fdir.fdir_list))
+ i40e_fdir_rx_proc_enable(dev, 1);
+
flow = i40e_fdir_entry_pool_get(fdir_info);
if (flow == NULL) {
rte_flow_error_set(error, ENOBUFS,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v1 3/4] net/iavf: fix memory leak on egress IPsec flows
2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-09 12:58 ` [PATCH v1 2/4] net/i40e: move FDIR config to flow create Anatoly Burakov
@ 2026-02-09 12:58 ` Anatoly Burakov
2026-02-09 14:40 ` Radu Nicolau
2026-02-09 12:58 ` [PATCH v1 4/4] net/iavf: fix memory leak on uninit Anatoly Burakov
` (5 subsequent siblings)
7 siblings, 1 reply; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-09 12:58 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty,
Abhijit Sinha, Jingjing Wu
When creating egress IPsec flows, no action need to be done in hardware, as
this is just a software association. However, because we do not write
anything to the rte_flow entry, subsequent destroy call will not destroy
this kind of flow, because it expects a valid engine to be set for every
flow. This results in memory unable to be freed back to the system.
In addition to that, when creating these flows, we do not actually store
the rte_flow pointer anywhere, so even if the user has triggered `uninit`
(which would have freed the flow), this flow isn't in the list so it would
never get freed.
Fix this by marking the flow as egress IPsec flows, adding it to the tailq,
and changing the `destroy` code to take all of that into account.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++-----
drivers/net/intel/iavf/iavf_generic_flow.h | 1 +
2 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c
index 6f6e95fc45..02917f863d 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.c
+++ b/drivers/net/intel/iavf/iavf_generic_flow.c
@@ -2265,8 +2265,10 @@ iavf_flow_create(struct rte_eth_dev *dev,
}
/* Special case for inline crypto egress flows */
- if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY)
- goto free_flow;
+ if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) {
+ flow->is_ipsec_egress_flow = true;
+ goto tailq_insert;
+ }
ret = iavf_flow_process_filter(dev, flow, attr, pattern, actions,
&engine, iavf_parse_engine_create, error);
@@ -2278,6 +2280,7 @@ iavf_flow_create(struct rte_eth_dev *dev,
}
flow->engine = engine;
+tailq_insert:
rte_spinlock_lock(&vf->flow_ops_lock);
TAILQ_INSERT_TAIL(&vf->flow_list, flow, node);
rte_spinlock_unlock(&vf->flow_ops_lock);
@@ -2293,7 +2296,14 @@ iavf_flow_is_valid(struct rte_flow *flow)
struct iavf_flow_engine *engine;
void *temp;
- if (flow && flow->engine) {
+ if (flow == NULL)
+ return false;
+
+ /* these flows don't use engines */
+ if (flow->is_ipsec_egress_flow)
+ return true;
+
+ if (flow->engine) {
RTE_TAILQ_FOREACH_SAFE(engine, &engine_list, node, temp) {
if (engine == flow->engine)
return true;
@@ -2311,18 +2321,26 @@ iavf_flow_destroy(struct rte_eth_dev *dev,
struct iavf_adapter *ad =
IAVF_DEV_PRIVATE_TO_ADAPTER(dev->data->dev_private);
struct iavf_info *vf = IAVF_DEV_PRIVATE_TO_VF(ad);
+ bool need_destroy;
int ret = 0;
- if (!iavf_flow_is_valid(flow) || !flow->engine->destroy) {
+ if (!iavf_flow_is_valid(flow)) {
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_HANDLE,
NULL, "Invalid flow destroy");
return -rte_errno;
}
+ need_destroy = !flow->is_ipsec_egress_flow;
+
+ if (need_destroy && flow->engine->destroy == NULL) {
+ return rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_HANDLE, NULL,
+ "Invalid flow destroy");
+ }
rte_spinlock_lock(&vf->flow_ops_lock);
-
- ret = flow->engine->destroy(ad, flow, error);
+ if (need_destroy)
+ ret = flow->engine->destroy(ad, flow, error);
if (!ret) {
TAILQ_REMOVE(&vf->flow_list, flow, node);
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.h b/drivers/net/intel/iavf/iavf_generic_flow.h
index 60d8ab02b4..b11bb4cf2b 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.h
+++ b/drivers/net/intel/iavf/iavf_generic_flow.h
@@ -517,6 +517,7 @@ TAILQ_HEAD(iavf_engine_list, iavf_flow_engine);
/* Struct to store flow created. */
struct rte_flow {
TAILQ_ENTRY(rte_flow) node;
+ bool is_ipsec_egress_flow;
struct iavf_flow_engine *engine;
void *rule;
};
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v1 4/4] net/iavf: fix memory leak on uninit
2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-09 12:58 ` [PATCH v1 2/4] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-09 12:58 ` [PATCH v1 3/4] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
@ 2026-02-09 12:58 ` Anatoly Burakov
2026-02-09 14:40 ` Radu Nicolau
2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
` (4 subsequent siblings)
7 siblings, 1 reply; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-09 12:58 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau,
Abhijit Sinha, Jingjing Wu
When IPsec is initialized, parsers and engines are registered into the
common infrastructure. However, during deinitialization, they are not
cleaned up. Fix it by including IPsec engines in the cleanup.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c
index 02917f863d..42ecc90d1d 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.c
+++ b/drivers/net/intel/iavf/iavf_generic_flow.c
@@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad)
TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node);
rte_free(p_parser);
}
+
+ while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) {
+ TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node);
+ rte_free(p_parser);
+ }
}
int
@@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser,
else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) ||
(parser->engine->type == IAVF_FLOW_ENGINE_FSUB))
list = &vf->dist_parser_list;
+ else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO)
+ list = &vf->ipsec_crypto_parser_list;
if (list == NULL)
return;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v1 3/4] net/iavf: fix memory leak on egress IPsec flows
2026-02-09 12:58 ` [PATCH v1 3/4] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
@ 2026-02-09 14:40 ` Radu Nicolau
0 siblings, 0 replies; 83+ messages in thread
From: Radu Nicolau @ 2026-02-09 14:40 UTC (permalink / raw)
To: Anatoly Burakov, dev, Vladimir Medvedkin, Declan Doherty,
Abhijit Sinha, Jingjing Wu
On 09-Feb-26 12:58 PM, Anatoly Burakov wrote:
> When creating egress IPsec flows, no action need to be done in hardware, as
> this is just a software association. However, because we do not write
> anything to the rte_flow entry, subsequent destroy call will not destroy
> this kind of flow, because it expects a valid engine to be set for every
> flow. This results in memory unable to be freed back to the system.
>
> In addition to that, when creating these flows, we do not actually store
> the rte_flow pointer anywhere, so even if the user has triggered `uninit`
> (which would have freed the flow), this flow isn't in the list so it would
> never get freed.
>
> Fix this by marking the flow as egress IPsec flows, adding it to the tailq,
> and changing the `destroy` code to take all of that into account.
>
> Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v1 4/4] net/iavf: fix memory leak on uninit
2026-02-09 12:58 ` [PATCH v1 4/4] net/iavf: fix memory leak on uninit Anatoly Burakov
@ 2026-02-09 14:40 ` Radu Nicolau
0 siblings, 0 replies; 83+ messages in thread
From: Radu Nicolau @ 2026-02-09 14:40 UTC (permalink / raw)
To: Anatoly Burakov, dev, Vladimir Medvedkin, Declan Doherty,
Abhijit Sinha, Jingjing Wu
On 09-Feb-26 12:58 PM, Anatoly Burakov wrote:
> When IPsec is initialized, parsers and engines are registered into the
> common infrastructure. However, during deinitialization, they are not
> cleaned up. Fix it by including IPsec engines in the cleanup.
>
> Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks
2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
` (2 preceding siblings ...)
2026-02-09 12:58 ` [PATCH v1 4/4] net/iavf: fix memory leak on uninit Anatoly Burakov
@ 2026-02-10 15:52 ` Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 2/7] net/i40e: move FDIR config to flow create Anatoly Burakov
` (5 more replies)
2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (3 subsequent siblings)
7 siblings, 6 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Jedrzej Jagielski, Piotr Kwapulinski,
Carolyn Wyborny
A few E610 MAC type checks were missing (verified using E610 datasheet).
Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +-----
drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++--------
drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++---
drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++-
drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++--
drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++----
6 files changed, 39 insertions(+), 28 deletions(-)
diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
index 6ef965dbb6..eb73bc8b17 100644
--- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
+++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
@@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status)
dir_sdo = IXGBE_ESDP_SDP6_DIR;
break;
case ixgbe_mac_X540:
- sck = IXGBE_ESDP_SDP2;
- sdi = IXGBE_ESDP_SDP0;
- sdo = IXGBE_ESDP_SDP1;
- dir_sck = IXGBE_ESDP_SDP2_DIR;
- dir_sdi = IXGBE_ESDP_SDP0_DIR;
- dir_sdo = IXGBE_ESDP_SDP1_DIR;
- break;
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
sck = IXGBE_ESDP_SDP2;
sdi = IXGBE_ESDP_SDP0;
sdo = IXGBE_ESDP_SDP1;
diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
index 89a799762f..11500a923c 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
@@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev,
(hw->mac.type != ixgbe_mac_X540) &&
(hw->mac.type != ixgbe_mac_X550) &&
(hw->mac.type != ixgbe_mac_X550EM_x) &&
- (hw->mac.type != ixgbe_mac_X550EM_a))
+ (hw->mac.type != ixgbe_mac_X550EM_a) &&
+ (hw->mac.type != ixgbe_mac_E610))
return -ENOSYS;
PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d",
@@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev)
ctrl |= IXGBE_EXTENDED_VLAN;
IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl);
- /* Clear pooling mode of PFVTCTL. It's required by X550. */
+ /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) {
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) {
ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL);
ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK;
IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl);
@@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev)
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
speed = IXGBE_LINK_SPEED_X550_AUTONEG;
break;
default:
@@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X540_vf ||
hw->mac.type == ixgbe_mac_X550 ||
- hw->mac.type == ixgbe_mac_X550_vf) {
+ hw->mac.type == ixgbe_mac_X550_vf ||
+ hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M;
}
- if (hw->mac.type == ixgbe_mac_X550) {
+ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G;
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G;
}
@@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c
index 97ef185583..0bdfbd411a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_fdir.c
+++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c
@@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev)
hw->mac.type != ixgbe_mac_E610)
return -ENOSYS;
- /* x550 supports mac-vlan and tunnel mode but other NICs not */
+ /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not */
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610 &&
mode != RTE_FDIR_MODE_SIGNATURE &&
mode != RTE_FDIR_MODE_PERFECT)
return -ENOSYS;
@@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
return -ENOTSUP;
/*
- * Sanity check for x550.
+ * Sanity check for x550 and E610.
* When adding a new filter with flow type set to IPv4,
* the flow director mask should be configed before,
* and the L4 protocol and ports are masked.
@@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
if ((!del) &&
(hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) &&
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) &&
(rule->ixgbe_fdir.formatted.flow_type ==
IXGBE_ATR_FLOW_TYPE_IPV4 ||
rule->ixgbe_fdir.formatted.flow_type ==
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 3b68d820ca..27d2ba1132 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf));
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c
index e967fe5e48..d9a775f99a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_pf.c
+++ b/drivers/net/intel/ixgbe/ixgbe_pf.c
@@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf)
uint32_t max_frs;
uint32_t hlreg0;
- /* X540 and X550 support jumbo frames in IOV mode */
+ /* X540, X550, and E610 support jumbo frames in IOV mode */
if (hw->mac.type != ixgbe_mac_X540 &&
hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
struct ixgbe_vf_info *vfinfo =
*IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private);
diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
index 0af04c9b0d..2857c19355 100644
--- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c
+++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
@@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
/*
* The packet type in RX descriptor is different for different NICs.
- * Some bits are used for x550 but reserved for other NICS.
+ * Some bits are used for x550 and E610 but reserved for other NICS.
* So set different masks for different NICs.
*/
if (hw->mac.type == ixgbe_mac_X550 ||
@@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
hw->mac.type == ixgbe_mac_X550EM_a ||
hw->mac.type == ixgbe_mac_X550_vf ||
hw->mac.type == ixgbe_mac_X550EM_x_vf ||
- hw->mac.type == ixgbe_mac_X550EM_a_vf)
+ hw->mac.type == ixgbe_mac_X550EM_a_vf ||
+ hw->mac.type == ixgbe_mac_E610)
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550;
else
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599;
@@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
ixgbe_setup_loopback_link_x540_x550(hw, false);
}
}
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v2 2/7] net/i40e: move FDIR config to flow create
2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
@ 2026-02-10 15:52 ` Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 3/7] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
` (4 subsequent siblings)
5 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw)
To: dev, Bruce Richardson, Xiaoyun Li, Beilei Xing
Currently, FDIR filter parsing function will modify FDIR state after a
successful match. However, this function is called from both flow create
and flow validate, which results in the driver modifying FDIR state after
a flow validate call. Move the FDIR config to flow create.
Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++----------------
1 file changed, 23 insertions(+), 28 deletions(-)
diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c
index f130f53ae0..193b1b6725 100644
--- a/drivers/net/intel/i40e/i40e_flow.c
+++ b/drivers/net/intel/i40e/i40e_flow.c
@@ -2551,9 +2551,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev,
struct rte_flow_error *error,
union i40e_filter_t *filter)
{
- struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
- struct i40e_fdir_filter_conf *fdir_filter =
- &filter->fdir_filter;
+ struct i40e_fdir_filter_conf *fdir_filter = &filter->fdir_filter;
int ret;
ret = i40e_flow_parse_fdir_pattern(dev, pattern, error, fdir_filter);
@@ -2570,32 +2568,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev,
cons_filter_type = RTE_ETH_FILTER_FDIR;
- if (pf->fdir.fdir_vsi == NULL) {
- /* Enable fdir when fdir flow is added at first time. */
- ret = i40e_fdir_setup(pf);
- if (ret != I40E_SUCCESS) {
- rte_flow_error_set(error, ENOTSUP,
- RTE_FLOW_ERROR_TYPE_HANDLE,
- NULL, "Failed to setup fdir.");
- return -rte_errno;
- }
- ret = i40e_fdir_configure(dev);
- if (ret < 0) {
- rte_flow_error_set(error, ENOTSUP,
- RTE_FLOW_ERROR_TYPE_HANDLE,
- NULL, "Failed to configure fdir.");
- goto err;
- }
- }
-
- /* If create the first fdir rule, enable fdir check for rx queues */
- if (TAILQ_EMPTY(&pf->fdir.fdir_list))
- i40e_fdir_rx_proc_enable(dev, 1);
-
return 0;
-err:
- i40e_fdir_teardown(pf);
- return -rte_errno;
}
/* Parse to get the action info of a tunnel filter
@@ -3921,6 +3894,28 @@ i40e_flow_create(struct rte_eth_dev *dev,
return NULL;
if (cons_filter_type == RTE_ETH_FILTER_FDIR) {
+ /* if this is the first time we're creating an fdir flow */
+ if (pf->fdir.fdir_vsi == NULL) {
+ ret = i40e_fdir_setup(pf);
+ if (ret != I40E_SUCCESS) {
+ rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_HANDLE,
+ NULL, "Failed to setup fdir.");
+ return NULL;
+ }
+ ret = i40e_fdir_configure(dev);
+ if (ret < 0) {
+ rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_HANDLE,
+ NULL, "Failed to configure fdir.");
+ i40e_fdir_teardown(pf);
+ return NULL;
+ }
+ }
+ /* If create the first fdir rule, enable fdir check for rx queues */
+ if (TAILQ_EMPTY(&pf->fdir.fdir_list))
+ i40e_fdir_rx_proc_enable(dev, 1);
+
flow = i40e_fdir_entry_pool_get(fdir_info);
if (flow == NULL) {
rte_flow_error_set(error, ENOBUFS,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v2 3/7] net/iavf: fix memory leak on egress IPsec flows
2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 2/7] net/i40e: move FDIR config to flow create Anatoly Burakov
@ 2026-02-10 15:52 ` Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 4/7] net/iavf: fix memory leak on uninit Anatoly Burakov
` (3 subsequent siblings)
5 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Jingjing Wu, Declan Doherty,
Radu Nicolau, Abhijit Sinha
When creating egress IPsec flows, no action need to be done in hardware, as
this is just a software association. However, because we do not write
anything to the rte_flow entry, subsequent destroy call will not destroy
this kind of flow, because it expects a valid engine to be set for every
flow. This results in memory unable to be freed back to the system.
In addition to that, when creating these flows, we do not actually store
the rte_flow pointer anywhere, so even if the user has triggered `uninit`
(which would have freed the flow), this flow isn't in the list so it would
never get freed.
Fix this by marking the flow as egress IPsec flows, adding it to the tailq,
and changing the `destroy` code to take all of that into account.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++-----
drivers/net/intel/iavf/iavf_generic_flow.h | 1 +
2 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c
index 6f6e95fc45..02917f863d 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.c
+++ b/drivers/net/intel/iavf/iavf_generic_flow.c
@@ -2265,8 +2265,10 @@ iavf_flow_create(struct rte_eth_dev *dev,
}
/* Special case for inline crypto egress flows */
- if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY)
- goto free_flow;
+ if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) {
+ flow->is_ipsec_egress_flow = true;
+ goto tailq_insert;
+ }
ret = iavf_flow_process_filter(dev, flow, attr, pattern, actions,
&engine, iavf_parse_engine_create, error);
@@ -2278,6 +2280,7 @@ iavf_flow_create(struct rte_eth_dev *dev,
}
flow->engine = engine;
+tailq_insert:
rte_spinlock_lock(&vf->flow_ops_lock);
TAILQ_INSERT_TAIL(&vf->flow_list, flow, node);
rte_spinlock_unlock(&vf->flow_ops_lock);
@@ -2293,7 +2296,14 @@ iavf_flow_is_valid(struct rte_flow *flow)
struct iavf_flow_engine *engine;
void *temp;
- if (flow && flow->engine) {
+ if (flow == NULL)
+ return false;
+
+ /* these flows don't use engines */
+ if (flow->is_ipsec_egress_flow)
+ return true;
+
+ if (flow->engine) {
RTE_TAILQ_FOREACH_SAFE(engine, &engine_list, node, temp) {
if (engine == flow->engine)
return true;
@@ -2311,18 +2321,26 @@ iavf_flow_destroy(struct rte_eth_dev *dev,
struct iavf_adapter *ad =
IAVF_DEV_PRIVATE_TO_ADAPTER(dev->data->dev_private);
struct iavf_info *vf = IAVF_DEV_PRIVATE_TO_VF(ad);
+ bool need_destroy;
int ret = 0;
- if (!iavf_flow_is_valid(flow) || !flow->engine->destroy) {
+ if (!iavf_flow_is_valid(flow)) {
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_HANDLE,
NULL, "Invalid flow destroy");
return -rte_errno;
}
+ need_destroy = !flow->is_ipsec_egress_flow;
+
+ if (need_destroy && flow->engine->destroy == NULL) {
+ return rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_HANDLE, NULL,
+ "Invalid flow destroy");
+ }
rte_spinlock_lock(&vf->flow_ops_lock);
-
- ret = flow->engine->destroy(ad, flow, error);
+ if (need_destroy)
+ ret = flow->engine->destroy(ad, flow, error);
if (!ret) {
TAILQ_REMOVE(&vf->flow_list, flow, node);
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.h b/drivers/net/intel/iavf/iavf_generic_flow.h
index 60d8ab02b4..b11bb4cf2b 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.h
+++ b/drivers/net/intel/iavf/iavf_generic_flow.h
@@ -517,6 +517,7 @@ TAILQ_HEAD(iavf_engine_list, iavf_flow_engine);
/* Struct to store flow created. */
struct rte_flow {
TAILQ_ENTRY(rte_flow) node;
+ bool is_ipsec_egress_flow;
struct iavf_flow_engine *engine;
void *rule;
};
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v2 4/7] net/iavf: fix memory leak on uninit
2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 2/7] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 3/7] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
@ 2026-02-10 15:52 ` Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 5/7] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
` (2 subsequent siblings)
5 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau,
Abhijit Sinha, Jingjing Wu
When IPsec is initialized, parsers and engines are registered into the
common infrastructure. However, during deinitialization, they are not
cleaned up. Fix it by including IPsec engines in the cleanup.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c
index 02917f863d..42ecc90d1d 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.c
+++ b/drivers/net/intel/iavf/iavf_generic_flow.c
@@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad)
TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node);
rte_free(p_parser);
}
+
+ while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) {
+ TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node);
+ rte_free(p_parser);
+ }
}
int
@@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser,
else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) ||
(parser->engine->type == IAVF_FLOW_ENGINE_FSUB))
list = &vf->dist_parser_list;
+ else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO)
+ list = &vf->ipsec_crypto_parser_list;
if (list == NULL)
return;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v2 5/7] net/i40e: fix IPv6 GTPU handling
2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
` (2 preceding siblings ...)
2026-02-10 15:52 ` [PATCH v2 4/7] net/iavf: fix memory leak on uninit Anatoly Burakov
@ 2026-02-10 15:52 ` Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 6/7] net/iavf: fix IPv4 flow subscription Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 7/7] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
5 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw)
To: dev, Bruce Richardson, Beilei Xing, Jingjing Wu
GTP tunnel code declares support for IPv6 GTPU flows but does not actually
handle IPv6 flow pattern item, resulting in incorrect parsing for IPv6
GTPU flows. Add IPv6 flow item handling.
Fixes: 47ba0398da3f ("net/i40e: add cloud filter parsing function for GTP")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/i40e/i40e_flow.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c
index 193b1b6725..2374b9bbca 100644
--- a/drivers/net/intel/i40e/i40e_flow.c
+++ b/drivers/net/intel/i40e/i40e_flow.c
@@ -3580,6 +3580,19 @@ i40e_flow_parse_gtp_pattern(struct rte_eth_dev *dev,
return -rte_errno;
}
break;
+ case RTE_FLOW_ITEM_TYPE_IPV6:
+ filter->ip_type = I40E_TUNNEL_IPTYPE_IPV6;
+ /* IPv6 is used to describe protocol,
+ * spec and mask should be NULL.
+ */
+ if (item->spec || item->mask) {
+ rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ITEM,
+ item,
+ "Invalid IPv6 item");
+ return -rte_errno;
+ }
+ break;
case RTE_FLOW_ITEM_TYPE_UDP:
if (item->spec || item->mask) {
rte_flow_error_set(error, EINVAL,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v2 6/7] net/iavf: fix IPv4 flow subscription
2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
` (3 preceding siblings ...)
2026-02-10 15:52 ` [PATCH v2 5/7] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
@ 2026-02-10 15:52 ` Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 7/7] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
5 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Qi Zhang, Jie Wang
Currently, when IPv4 is parsed as part of flow subscription input set, we
add two bytes to the total number of bytes in the input set for IPv4 source
or destination addresses, whereas they should be 4 bytes. Fix to add the
correct number of bytes.
Fixes: 6d42380e5983 ("net/iavf: add flow subscrption supported pattern")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/iavf/iavf_fsub.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/intel/iavf/iavf_fsub.c b/drivers/net/intel/iavf/iavf_fsub.c
index 18df9c6500..cf1030320f 100644
--- a/drivers/net/intel/iavf/iavf_fsub.c
+++ b/drivers/net/intel/iavf/iavf_fsub.c
@@ -314,11 +314,11 @@ iavf_fsub_parse_pattern(const struct rte_flow_item pattern[],
if (ipv4_mask->hdr.src_addr) {
*input |= IAVF_INSET_IPV4_SRC;
- input_set_byte += 2;
+ input_set_byte += 4;
}
if (ipv4_mask->hdr.dst_addr) {
*input |= IAVF_INSET_IPV4_DST;
- input_set_byte += 2;
+ input_set_byte += 4;
}
if (ipv4_mask->hdr.time_to_live) {
*input |= IAVF_INSET_IPV4_TTL;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v2 7/7] net/ice: fix memory leak in DCF QoS bandwidth config
2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
` (4 preceding siblings ...)
2026-02-10 15:52 ` [PATCH v2 6/7] net/iavf: fix IPv4 flow subscription Anatoly Burakov
@ 2026-02-10 15:52 ` Anatoly Burakov
5 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw)
To: dev, Bruce Richardson, Ting Xu, Qiming Yang, Qi Zhang
Currently, when committing DCF QoS bandwidth configuration for VFs and TCs,
we are using rte_zmalloc followed by copying the data to persistent storage
and then discarding the temporary buffers. This is not needed as these
temporary buffers are not being stored anywhere, so replace them with
regular calloc. However, because the original code was missing a
corresponding `rte_free()` call for these temporary allocations, this
also fixes a memory leak.
Fixes: 3a6bfc37eaf4 ("net/ice: support QoS config VF bandwidth in DCF")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ice/ice_dcf_sched.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/net/intel/ice/ice_dcf_sched.c b/drivers/net/intel/ice/ice_dcf_sched.c
index 2832d223d1..645f1373f4 100644
--- a/drivers/net/intel/ice/ice_dcf_sched.c
+++ b/drivers/net/intel/ice/ice_dcf_sched.c
@@ -746,8 +746,8 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
{
struct ice_dcf_adapter *adapter = dev->data->dev_private;
struct ice_dcf_hw *hw = &adapter->real_hw;
- struct virtchnl_dcf_bw_cfg_list *vf_bw;
- struct virtchnl_dcf_bw_cfg_list *tc_bw;
+ struct virtchnl_dcf_bw_cfg_list *vf_bw = NULL;
+ struct virtchnl_dcf_bw_cfg_list *tc_bw = NULL;
struct ice_dcf_tm_node_list *vsi_list = &hw->tm_conf.vsi_list;
struct rte_tm_shaper_params *profile;
struct ice_dcf_tm_node *tm_node;
@@ -770,12 +770,12 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
size = sizeof(struct virtchnl_dcf_bw_cfg_list) +
sizeof(struct virtchnl_dcf_bw_cfg) *
(hw->tm_conf.nb_tc_node - 1);
- vf_bw = rte_zmalloc("vf_bw", size, 0);
+ vf_bw = calloc(1, size);
if (!vf_bw) {
ret_val = ICE_ERR_NO_MEMORY;
goto fail_clear;
}
- tc_bw = rte_zmalloc("tc_bw", size, 0);
+ tc_bw = calloc(1, size);
if (!tc_bw) {
ret_val = ICE_ERR_NO_MEMORY;
goto fail_clear;
@@ -875,6 +875,11 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
return ret_val;
fail_clear:
+ if (vf_bw != NULL)
+ free(vf_bw);
+ if (tc_bw != NULL)
+ free(tc_bw);
+
/* clear all the traffic manager configuration */
if (clear_on_fail) {
ice_dcf_tm_conf_uninit(dev);
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's
2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
` (3 preceding siblings ...)
2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
@ 2026-02-11 13:03 ` Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 1/8] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
` (7 more replies)
2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (2 subsequent siblings)
7 siblings, 8 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw)
To: dev
Various bug fixes for Intel IXGBE, I40E, ICE, and IAVF drivers
v1 -> v2:
- Added patches [1] [2] that were previously sent separately
- Added patch fixing leak in DCF config
v2 -> v3:
- Added patch fixing leak in FDIR parser
[1] https://patches.dpdk.org/project/dpdk/patch/fbd32a8a688fd0ed90fcf497703edcc30f69d54d.1770643356.git.anatoly.burakov@intel.com/
[2] https://patches.dpdk.org/project/dpdk/patch/ab4f8d8cf24dcd18f0dd6da3359266083f31d789.1770642901.git.anatoly.burakov@intel.com/
Anatoly Burakov (8):
net/ixgbe: add missing E610 MAC type checks
net/i40e: move FDIR config to flow create
net/iavf: fix memory leak on egress IPsec flows
net/iavf: fix memory leak on uninit
net/i40e: fix IPv6 GTPU handling
net/iavf: fix IPv4 flow subscription
net/ice: fix memory leak in DCF QoS bandwidth config
net/ice: fix memory leak in FDIR flow parsing
drivers/net/intel/i40e/i40e_flow.c | 64 ++++++++++++----------
drivers/net/intel/iavf/iavf_fsub.c | 4 +-
drivers/net/intel/iavf/iavf_generic_flow.c | 37 +++++++++++--
drivers/net/intel/iavf/iavf_generic_flow.h | 1 +
drivers/net/intel/ice/ice_dcf_sched.c | 13 +++--
drivers/net/intel/ice/ice_fdir_filter.c | 6 +-
drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +--
drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++----
drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 ++-
drivers/net/intel/ixgbe/ixgbe_flow.c | 3 +-
drivers/net/intel/ixgbe/ixgbe_pf.c | 5 +-
drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++--
12 files changed, 123 insertions(+), 69 deletions(-)
--
2.47.3
^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v3 1/8] net/ixgbe: add missing E610 MAC type checks
2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov
@ 2026-02-11 13:03 ` Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 2/8] net/i40e: move FDIR config to flow create Anatoly Burakov
` (6 subsequent siblings)
7 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Piotr Kwapulinski, Carolyn Wyborny,
Jedrzej Jagielski
A few E610 MAC type checks were missing (verified using E610 datasheet).
Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +-----
drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++--------
drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++---
drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++-
drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++--
drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++----
6 files changed, 39 insertions(+), 28 deletions(-)
diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
index 6ef965dbb6..eb73bc8b17 100644
--- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
+++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
@@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status)
dir_sdo = IXGBE_ESDP_SDP6_DIR;
break;
case ixgbe_mac_X540:
- sck = IXGBE_ESDP_SDP2;
- sdi = IXGBE_ESDP_SDP0;
- sdo = IXGBE_ESDP_SDP1;
- dir_sck = IXGBE_ESDP_SDP2_DIR;
- dir_sdi = IXGBE_ESDP_SDP0_DIR;
- dir_sdo = IXGBE_ESDP_SDP1_DIR;
- break;
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
sck = IXGBE_ESDP_SDP2;
sdi = IXGBE_ESDP_SDP0;
sdo = IXGBE_ESDP_SDP1;
diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
index 89a799762f..11500a923c 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
@@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev,
(hw->mac.type != ixgbe_mac_X540) &&
(hw->mac.type != ixgbe_mac_X550) &&
(hw->mac.type != ixgbe_mac_X550EM_x) &&
- (hw->mac.type != ixgbe_mac_X550EM_a))
+ (hw->mac.type != ixgbe_mac_X550EM_a) &&
+ (hw->mac.type != ixgbe_mac_E610))
return -ENOSYS;
PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d",
@@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev)
ctrl |= IXGBE_EXTENDED_VLAN;
IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl);
- /* Clear pooling mode of PFVTCTL. It's required by X550. */
+ /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) {
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) {
ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL);
ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK;
IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl);
@@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev)
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
speed = IXGBE_LINK_SPEED_X550_AUTONEG;
break;
default:
@@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X540_vf ||
hw->mac.type == ixgbe_mac_X550 ||
- hw->mac.type == ixgbe_mac_X550_vf) {
+ hw->mac.type == ixgbe_mac_X550_vf ||
+ hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M;
}
- if (hw->mac.type == ixgbe_mac_X550) {
+ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G;
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G;
}
@@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c
index 97ef185583..0bdfbd411a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_fdir.c
+++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c
@@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev)
hw->mac.type != ixgbe_mac_E610)
return -ENOSYS;
- /* x550 supports mac-vlan and tunnel mode but other NICs not */
+ /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not */
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610 &&
mode != RTE_FDIR_MODE_SIGNATURE &&
mode != RTE_FDIR_MODE_PERFECT)
return -ENOSYS;
@@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
return -ENOTSUP;
/*
- * Sanity check for x550.
+ * Sanity check for x550 and E610.
* When adding a new filter with flow type set to IPv4,
* the flow director mask should be configed before,
* and the L4 protocol and ports are masked.
@@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
if ((!del) &&
(hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) &&
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) &&
(rule->ixgbe_fdir.formatted.flow_type ==
IXGBE_ATR_FLOW_TYPE_IPV4 ||
rule->ixgbe_fdir.formatted.flow_type ==
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 3b68d820ca..27d2ba1132 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf));
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c
index e967fe5e48..d9a775f99a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_pf.c
+++ b/drivers/net/intel/ixgbe/ixgbe_pf.c
@@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf)
uint32_t max_frs;
uint32_t hlreg0;
- /* X540 and X550 support jumbo frames in IOV mode */
+ /* X540, X550, and E610 support jumbo frames in IOV mode */
if (hw->mac.type != ixgbe_mac_X540 &&
hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
struct ixgbe_vf_info *vfinfo =
*IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private);
diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
index 0af04c9b0d..2857c19355 100644
--- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c
+++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
@@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
/*
* The packet type in RX descriptor is different for different NICs.
- * Some bits are used for x550 but reserved for other NICS.
+ * Some bits are used for x550 and E610 but reserved for other NICS.
* So set different masks for different NICs.
*/
if (hw->mac.type == ixgbe_mac_X550 ||
@@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
hw->mac.type == ixgbe_mac_X550EM_a ||
hw->mac.type == ixgbe_mac_X550_vf ||
hw->mac.type == ixgbe_mac_X550EM_x_vf ||
- hw->mac.type == ixgbe_mac_X550EM_a_vf)
+ hw->mac.type == ixgbe_mac_X550EM_a_vf ||
+ hw->mac.type == ixgbe_mac_E610)
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550;
else
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599;
@@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
ixgbe_setup_loopback_link_x540_x550(hw, false);
}
}
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 2/8] net/i40e: move FDIR config to flow create
2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 1/8] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
@ 2026-02-11 13:03 ` Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 3/8] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
` (5 subsequent siblings)
7 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw)
To: dev, Bruce Richardson, Xiaoyun Li, Beilei Xing
Currently, FDIR filter parsing function will modify FDIR state after a
successful match. However, this function is called from both flow create
and flow validate, which results in the driver modifying FDIR state after
a flow validate call. Move the FDIR config to flow create.
Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++----------------
1 file changed, 23 insertions(+), 28 deletions(-)
diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c
index f130f53ae0..193b1b6725 100644
--- a/drivers/net/intel/i40e/i40e_flow.c
+++ b/drivers/net/intel/i40e/i40e_flow.c
@@ -2551,9 +2551,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev,
struct rte_flow_error *error,
union i40e_filter_t *filter)
{
- struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
- struct i40e_fdir_filter_conf *fdir_filter =
- &filter->fdir_filter;
+ struct i40e_fdir_filter_conf *fdir_filter = &filter->fdir_filter;
int ret;
ret = i40e_flow_parse_fdir_pattern(dev, pattern, error, fdir_filter);
@@ -2570,32 +2568,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev,
cons_filter_type = RTE_ETH_FILTER_FDIR;
- if (pf->fdir.fdir_vsi == NULL) {
- /* Enable fdir when fdir flow is added at first time. */
- ret = i40e_fdir_setup(pf);
- if (ret != I40E_SUCCESS) {
- rte_flow_error_set(error, ENOTSUP,
- RTE_FLOW_ERROR_TYPE_HANDLE,
- NULL, "Failed to setup fdir.");
- return -rte_errno;
- }
- ret = i40e_fdir_configure(dev);
- if (ret < 0) {
- rte_flow_error_set(error, ENOTSUP,
- RTE_FLOW_ERROR_TYPE_HANDLE,
- NULL, "Failed to configure fdir.");
- goto err;
- }
- }
-
- /* If create the first fdir rule, enable fdir check for rx queues */
- if (TAILQ_EMPTY(&pf->fdir.fdir_list))
- i40e_fdir_rx_proc_enable(dev, 1);
-
return 0;
-err:
- i40e_fdir_teardown(pf);
- return -rte_errno;
}
/* Parse to get the action info of a tunnel filter
@@ -3921,6 +3894,28 @@ i40e_flow_create(struct rte_eth_dev *dev,
return NULL;
if (cons_filter_type == RTE_ETH_FILTER_FDIR) {
+ /* if this is the first time we're creating an fdir flow */
+ if (pf->fdir.fdir_vsi == NULL) {
+ ret = i40e_fdir_setup(pf);
+ if (ret != I40E_SUCCESS) {
+ rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_HANDLE,
+ NULL, "Failed to setup fdir.");
+ return NULL;
+ }
+ ret = i40e_fdir_configure(dev);
+ if (ret < 0) {
+ rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_HANDLE,
+ NULL, "Failed to configure fdir.");
+ i40e_fdir_teardown(pf);
+ return NULL;
+ }
+ }
+ /* If create the first fdir rule, enable fdir check for rx queues */
+ if (TAILQ_EMPTY(&pf->fdir.fdir_list))
+ i40e_fdir_rx_proc_enable(dev, 1);
+
flow = i40e_fdir_entry_pool_get(fdir_info);
if (flow == NULL) {
rte_flow_error_set(error, ENOBUFS,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 3/8] net/iavf: fix memory leak on egress IPsec flows
2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 1/8] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 2/8] net/i40e: move FDIR config to flow create Anatoly Burakov
@ 2026-02-11 13:03 ` Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 4/8] net/iavf: fix memory leak on uninit Anatoly Burakov
` (4 subsequent siblings)
7 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Abhijit Sinha, Radu Nicolau, Jingjing Wu,
Declan Doherty
When creating egress IPsec flows, no action need to be done in hardware, as
this is just a software association. However, because we do not write
anything to the rte_flow entry, subsequent destroy call will not destroy
this kind of flow, because it expects a valid engine to be set for every
flow. This results in memory unable to be freed back to the system.
In addition to that, when creating these flows, we do not actually store
the rte_flow pointer anywhere, so even if the user has triggered `uninit`
(which would have freed the flow), this flow isn't in the list so it would
never get freed.
Fix this by marking the flow as egress IPsec flows, adding it to the tailq,
and changing the `destroy` code to take all of that into account.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++-----
drivers/net/intel/iavf/iavf_generic_flow.h | 1 +
2 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c
index 6f6e95fc45..02917f863d 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.c
+++ b/drivers/net/intel/iavf/iavf_generic_flow.c
@@ -2265,8 +2265,10 @@ iavf_flow_create(struct rte_eth_dev *dev,
}
/* Special case for inline crypto egress flows */
- if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY)
- goto free_flow;
+ if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) {
+ flow->is_ipsec_egress_flow = true;
+ goto tailq_insert;
+ }
ret = iavf_flow_process_filter(dev, flow, attr, pattern, actions,
&engine, iavf_parse_engine_create, error);
@@ -2278,6 +2280,7 @@ iavf_flow_create(struct rte_eth_dev *dev,
}
flow->engine = engine;
+tailq_insert:
rte_spinlock_lock(&vf->flow_ops_lock);
TAILQ_INSERT_TAIL(&vf->flow_list, flow, node);
rte_spinlock_unlock(&vf->flow_ops_lock);
@@ -2293,7 +2296,14 @@ iavf_flow_is_valid(struct rte_flow *flow)
struct iavf_flow_engine *engine;
void *temp;
- if (flow && flow->engine) {
+ if (flow == NULL)
+ return false;
+
+ /* these flows don't use engines */
+ if (flow->is_ipsec_egress_flow)
+ return true;
+
+ if (flow->engine) {
RTE_TAILQ_FOREACH_SAFE(engine, &engine_list, node, temp) {
if (engine == flow->engine)
return true;
@@ -2311,18 +2321,26 @@ iavf_flow_destroy(struct rte_eth_dev *dev,
struct iavf_adapter *ad =
IAVF_DEV_PRIVATE_TO_ADAPTER(dev->data->dev_private);
struct iavf_info *vf = IAVF_DEV_PRIVATE_TO_VF(ad);
+ bool need_destroy;
int ret = 0;
- if (!iavf_flow_is_valid(flow) || !flow->engine->destroy) {
+ if (!iavf_flow_is_valid(flow)) {
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_HANDLE,
NULL, "Invalid flow destroy");
return -rte_errno;
}
+ need_destroy = !flow->is_ipsec_egress_flow;
+
+ if (need_destroy && flow->engine->destroy == NULL) {
+ return rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_HANDLE, NULL,
+ "Invalid flow destroy");
+ }
rte_spinlock_lock(&vf->flow_ops_lock);
-
- ret = flow->engine->destroy(ad, flow, error);
+ if (need_destroy)
+ ret = flow->engine->destroy(ad, flow, error);
if (!ret) {
TAILQ_REMOVE(&vf->flow_list, flow, node);
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.h b/drivers/net/intel/iavf/iavf_generic_flow.h
index 60d8ab02b4..b11bb4cf2b 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.h
+++ b/drivers/net/intel/iavf/iavf_generic_flow.h
@@ -517,6 +517,7 @@ TAILQ_HEAD(iavf_engine_list, iavf_flow_engine);
/* Struct to store flow created. */
struct rte_flow {
TAILQ_ENTRY(rte_flow) node;
+ bool is_ipsec_egress_flow;
struct iavf_flow_engine *engine;
void *rule;
};
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 4/8] net/iavf: fix memory leak on uninit
2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (2 preceding siblings ...)
2026-02-11 13:03 ` [PATCH v3 3/8] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
@ 2026-02-11 13:03 ` Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 5/8] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
` (3 subsequent siblings)
7 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Jingjing Wu, Radu Nicolau, Abhijit Sinha,
Declan Doherty
When IPsec is initialized, parsers and engines are registered into the
common infrastructure. However, during deinitialization, they are not
cleaned up. Fix it by including IPsec engines in the cleanup.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c
index 02917f863d..42ecc90d1d 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.c
+++ b/drivers/net/intel/iavf/iavf_generic_flow.c
@@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad)
TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node);
rte_free(p_parser);
}
+
+ while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) {
+ TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node);
+ rte_free(p_parser);
+ }
}
int
@@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser,
else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) ||
(parser->engine->type == IAVF_FLOW_ENGINE_FSUB))
list = &vf->dist_parser_list;
+ else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO)
+ list = &vf->ipsec_crypto_parser_list;
if (list == NULL)
return;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 5/8] net/i40e: fix IPv6 GTPU handling
2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (3 preceding siblings ...)
2026-02-11 13:03 ` [PATCH v3 4/8] net/iavf: fix memory leak on uninit Anatoly Burakov
@ 2026-02-11 13:03 ` Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 6/8] net/iavf: fix IPv4 flow subscription Anatoly Burakov
` (2 subsequent siblings)
7 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw)
To: dev, Bruce Richardson, Jingjing Wu, Beilei Xing
GTP tunnel code declares support for IPv6 GTPU flows but does not actually
handle IPv6 flow pattern item, resulting in incorrect parsing for IPv6
GTPU flows. Add IPv6 flow item handling.
Fixes: 47ba0398da3f ("net/i40e: add cloud filter parsing function for GTP")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/i40e/i40e_flow.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c
index 193b1b6725..2374b9bbca 100644
--- a/drivers/net/intel/i40e/i40e_flow.c
+++ b/drivers/net/intel/i40e/i40e_flow.c
@@ -3580,6 +3580,19 @@ i40e_flow_parse_gtp_pattern(struct rte_eth_dev *dev,
return -rte_errno;
}
break;
+ case RTE_FLOW_ITEM_TYPE_IPV6:
+ filter->ip_type = I40E_TUNNEL_IPTYPE_IPV6;
+ /* IPv6 is used to describe protocol,
+ * spec and mask should be NULL.
+ */
+ if (item->spec || item->mask) {
+ rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ITEM,
+ item,
+ "Invalid IPv6 item");
+ return -rte_errno;
+ }
+ break;
case RTE_FLOW_ITEM_TYPE_UDP:
if (item->spec || item->mask) {
rte_flow_error_set(error, EINVAL,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 6/8] net/iavf: fix IPv4 flow subscription
2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (4 preceding siblings ...)
2026-02-11 13:03 ` [PATCH v3 5/8] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
@ 2026-02-11 13:03 ` Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 7/8] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 8/8] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
7 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Jie Wang, Qi Zhang
Currently, when IPv4 is parsed as part of flow subscription input set, we
add two bytes to the total number of bytes in the input set for IPv4 source
or destination addresses, whereas they should be 4 bytes. Fix to add the
correct number of bytes.
Fixes: 6d42380e5983 ("net/iavf: add flow subscrption supported pattern")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/iavf/iavf_fsub.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/intel/iavf/iavf_fsub.c b/drivers/net/intel/iavf/iavf_fsub.c
index 18df9c6500..cf1030320f 100644
--- a/drivers/net/intel/iavf/iavf_fsub.c
+++ b/drivers/net/intel/iavf/iavf_fsub.c
@@ -314,11 +314,11 @@ iavf_fsub_parse_pattern(const struct rte_flow_item pattern[],
if (ipv4_mask->hdr.src_addr) {
*input |= IAVF_INSET_IPV4_SRC;
- input_set_byte += 2;
+ input_set_byte += 4;
}
if (ipv4_mask->hdr.dst_addr) {
*input |= IAVF_INSET_IPV4_DST;
- input_set_byte += 2;
+ input_set_byte += 4;
}
if (ipv4_mask->hdr.time_to_live) {
*input |= IAVF_INSET_IPV4_TTL;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 7/8] net/ice: fix memory leak in DCF QoS bandwidth config
2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (5 preceding siblings ...)
2026-02-11 13:03 ` [PATCH v3 6/8] net/iavf: fix IPv4 flow subscription Anatoly Burakov
@ 2026-02-11 13:03 ` Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 8/8] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
7 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw)
To: dev, Bruce Richardson, Ting Xu, Qiming Yang, Qi Zhang
Currently, when committing DCF QoS bandwidth configuration for VFs and TCs,
we are using rte_zmalloc followed by copying the data to persistent storage
and then discarding the temporary buffers. This is not needed as these
temporary buffers are not being stored anywhere, so replace them with
regular calloc. However, because the original code was missing a
corresponding `rte_free()` call for these temporary allocations, this
also fixes a memory leak.
Fixes: 3a6bfc37eaf4 ("net/ice: support QoS config VF bandwidth in DCF")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ice/ice_dcf_sched.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/net/intel/ice/ice_dcf_sched.c b/drivers/net/intel/ice/ice_dcf_sched.c
index 2832d223d1..645f1373f4 100644
--- a/drivers/net/intel/ice/ice_dcf_sched.c
+++ b/drivers/net/intel/ice/ice_dcf_sched.c
@@ -746,8 +746,8 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
{
struct ice_dcf_adapter *adapter = dev->data->dev_private;
struct ice_dcf_hw *hw = &adapter->real_hw;
- struct virtchnl_dcf_bw_cfg_list *vf_bw;
- struct virtchnl_dcf_bw_cfg_list *tc_bw;
+ struct virtchnl_dcf_bw_cfg_list *vf_bw = NULL;
+ struct virtchnl_dcf_bw_cfg_list *tc_bw = NULL;
struct ice_dcf_tm_node_list *vsi_list = &hw->tm_conf.vsi_list;
struct rte_tm_shaper_params *profile;
struct ice_dcf_tm_node *tm_node;
@@ -770,12 +770,12 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
size = sizeof(struct virtchnl_dcf_bw_cfg_list) +
sizeof(struct virtchnl_dcf_bw_cfg) *
(hw->tm_conf.nb_tc_node - 1);
- vf_bw = rte_zmalloc("vf_bw", size, 0);
+ vf_bw = calloc(1, size);
if (!vf_bw) {
ret_val = ICE_ERR_NO_MEMORY;
goto fail_clear;
}
- tc_bw = rte_zmalloc("tc_bw", size, 0);
+ tc_bw = calloc(1, size);
if (!tc_bw) {
ret_val = ICE_ERR_NO_MEMORY;
goto fail_clear;
@@ -875,6 +875,11 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
return ret_val;
fail_clear:
+ if (vf_bw != NULL)
+ free(vf_bw);
+ if (tc_bw != NULL)
+ free(tc_bw);
+
/* clear all the traffic manager configuration */
if (clear_on_fail) {
ice_dcf_tm_conf_uninit(dev);
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 8/8] net/ice: fix memory leak in FDIR flow parsing
2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (6 preceding siblings ...)
2026-02-11 13:03 ` [PATCH v3 7/8] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
@ 2026-02-11 13:03 ` Anatoly Burakov
7 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw)
To: dev, Bruce Richardson, Qi Zhang, Junfeng Guo
Currently, RAW pattern parsing will cause a `pkt_buf` buffer to be
allocated to store parsed RAW pattern bytes. All error paths handle the
deallocation correctly, and the buffer will then be passed to FDIR filter
create function which also handles the presence of the buffer correctly,
and it is also freed correctly in destroy function.
However, rte_flow_validate will go through the same code path, but will not
call FDIR create/destroy nor even store the pointer, because `meta`
variable inside the flow parsing function will be set to NULL, which will
cause this memory to be leaked (and memset(0)-ed next time we try to
create/validate another flow).
Fix it by freeing the `pkt_buf` when `meta` is NULL.
Fixes: 25be39cc1760 ("net/ice: enable protocol agnostic flow offloading in FDIR")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ice/ice_fdir_filter.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/intel/ice/ice_fdir_filter.c b/drivers/net/intel/ice/ice_fdir_filter.c
index f7730ec6ab..5abdcbac7f 100644
--- a/drivers/net/intel/ice/ice_fdir_filter.c
+++ b/drivers/net/intel/ice/ice_fdir_filter.c
@@ -2497,8 +2497,12 @@ ice_fdir_parse(struct ice_adapter *ad,
if (ret)
goto error;
- if (meta)
+ /* if meta is NULL we're validating so the flow won't be stored */
+ if (meta) {
*meta = filter;
+ } else if (filter->pkt_buf != NULL) {
+ rte_free(filter->pkt_buf);
+ }
rte_free(item);
return ret;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's
2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
` (4 preceding siblings ...)
2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov
@ 2026-02-11 13:49 ` Anatoly Burakov
2026-02-11 13:49 ` [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
` (8 more replies)
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
7 siblings, 9 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw)
To: dev
Various bug fixes for Intel IXGBE, I40E, ICE, and IAVF drivers
v1 -> v2:
- Added patches [1] [2] that were previously sent separately
- Added patch fixing leak in DCF config
v2 -> v3:
- Added patch fixing leak in FDIR parser
v3 -> v4:
- Reordered patchsets by driver
- Added patch to fix ixgbe security flow memory leak
[1] https://patches.dpdk.org/project/dpdk/patch/fbd32a8a688fd0ed90fcf497703edcc30f69d54d.1770643356.git.anatoly.burakov@intel.com/
[2] https://patches.dpdk.org/project/dpdk/patch/ab4f8d8cf24dcd18f0dd6da3359266083f31d789.1770642901.git.anatoly.burakov@intel.com/
Anatoly Burakov (9):
net/ixgbe: add missing E610 MAC type checks
net/ixgbe: fix memory leak in security flows
net/i40e: move FDIR config to flow create
net/i40e: fix IPv6 GTPU handling
net/iavf: fix memory leak on egress IPsec flows
net/iavf: fix memory leak on uninit
net/iavf: fix IPv4 flow subscription
net/ice: fix memory leak in DCF QoS bandwidth config
net/ice: fix memory leak in FDIR flow parsing
drivers/net/intel/i40e/i40e_flow.c | 64 ++++++++++++----------
drivers/net/intel/iavf/iavf_fsub.c | 4 +-
drivers/net/intel/iavf/iavf_generic_flow.c | 37 +++++++++++--
drivers/net/intel/iavf/iavf_generic_flow.h | 1 +
drivers/net/intel/ice/ice_dcf_sched.c | 13 +++--
drivers/net/intel/ice/ice_fdir_filter.c | 6 +-
drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +--
drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++----
drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 +
drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 ++-
drivers/net/intel/ixgbe/ixgbe_flow.c | 14 ++++-
drivers/net/intel/ixgbe/ixgbe_pf.c | 5 +-
drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++--
13 files changed, 135 insertions(+), 70 deletions(-)
--
2.47.3
^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks
2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov
@ 2026-02-11 13:49 ` Anatoly Burakov
2026-02-11 15:17 ` Medvedkin, Vladimir
2026-02-11 21:57 ` Kwapulinski, Piotr
2026-02-11 13:49 ` [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows Anatoly Burakov
` (7 subsequent siblings)
8 siblings, 2 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Piotr Kwapulinski, Jedrzej Jagielski,
Carolyn Wyborny
A few E610 MAC type checks were missing (verified using E610 datasheet).
Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +-----
drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++--------
drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++---
drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++-
drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++--
drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++----
6 files changed, 39 insertions(+), 28 deletions(-)
diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
index 6ef965dbb6..eb73bc8b17 100644
--- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
+++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
@@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status)
dir_sdo = IXGBE_ESDP_SDP6_DIR;
break;
case ixgbe_mac_X540:
- sck = IXGBE_ESDP_SDP2;
- sdi = IXGBE_ESDP_SDP0;
- sdo = IXGBE_ESDP_SDP1;
- dir_sck = IXGBE_ESDP_SDP2_DIR;
- dir_sdi = IXGBE_ESDP_SDP0_DIR;
- dir_sdo = IXGBE_ESDP_SDP1_DIR;
- break;
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
sck = IXGBE_ESDP_SDP2;
sdi = IXGBE_ESDP_SDP0;
sdo = IXGBE_ESDP_SDP1;
diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
index 89a799762f..11500a923c 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
@@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev,
(hw->mac.type != ixgbe_mac_X540) &&
(hw->mac.type != ixgbe_mac_X550) &&
(hw->mac.type != ixgbe_mac_X550EM_x) &&
- (hw->mac.type != ixgbe_mac_X550EM_a))
+ (hw->mac.type != ixgbe_mac_X550EM_a) &&
+ (hw->mac.type != ixgbe_mac_E610))
return -ENOSYS;
PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d",
@@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev)
ctrl |= IXGBE_EXTENDED_VLAN;
IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl);
- /* Clear pooling mode of PFVTCTL. It's required by X550. */
+ /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) {
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) {
ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL);
ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK;
IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl);
@@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev)
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
speed = IXGBE_LINK_SPEED_X550_AUTONEG;
break;
default:
@@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X540_vf ||
hw->mac.type == ixgbe_mac_X550 ||
- hw->mac.type == ixgbe_mac_X550_vf) {
+ hw->mac.type == ixgbe_mac_X550_vf ||
+ hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M;
}
- if (hw->mac.type == ixgbe_mac_X550) {
+ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G;
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G;
}
@@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c
index 97ef185583..0bdfbd411a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_fdir.c
+++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c
@@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev)
hw->mac.type != ixgbe_mac_E610)
return -ENOSYS;
- /* x550 supports mac-vlan and tunnel mode but other NICs not */
+ /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not */
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610 &&
mode != RTE_FDIR_MODE_SIGNATURE &&
mode != RTE_FDIR_MODE_PERFECT)
return -ENOSYS;
@@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
return -ENOTSUP;
/*
- * Sanity check for x550.
+ * Sanity check for x550 and E610.
* When adding a new filter with flow type set to IPv4,
* the flow director mask should be configed before,
* and the L4 protocol and ports are masked.
@@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
if ((!del) &&
(hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) &&
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) &&
(rule->ixgbe_fdir.formatted.flow_type ==
IXGBE_ATR_FLOW_TYPE_IPV4 ||
rule->ixgbe_fdir.formatted.flow_type ==
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 3b68d820ca..27d2ba1132 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf));
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c
index e967fe5e48..d9a775f99a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_pf.c
+++ b/drivers/net/intel/ixgbe/ixgbe_pf.c
@@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf)
uint32_t max_frs;
uint32_t hlreg0;
- /* X540 and X550 support jumbo frames in IOV mode */
+ /* X540, X550, and E610 support jumbo frames in IOV mode */
if (hw->mac.type != ixgbe_mac_X540 &&
hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
struct ixgbe_vf_info *vfinfo =
*IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private);
diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
index 0af04c9b0d..2857c19355 100644
--- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c
+++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
@@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
/*
* The packet type in RX descriptor is different for different NICs.
- * Some bits are used for x550 but reserved for other NICS.
+ * Some bits are used for x550 and E610 but reserved for other NICS.
* So set different masks for different NICs.
*/
if (hw->mac.type == ixgbe_mac_X550 ||
@@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
hw->mac.type == ixgbe_mac_X550EM_a ||
hw->mac.type == ixgbe_mac_X550_vf ||
hw->mac.type == ixgbe_mac_X550EM_x_vf ||
- hw->mac.type == ixgbe_mac_X550EM_a_vf)
+ hw->mac.type == ixgbe_mac_X550EM_a_vf ||
+ hw->mac.type == ixgbe_mac_E610)
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550;
else
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599;
@@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
ixgbe_setup_loopback_link_x540_x550(hw, false);
}
}
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows
2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-11 13:49 ` [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
@ 2026-02-11 13:49 ` Anatoly Burakov
2026-02-11 15:28 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 3/9] net/i40e: move FDIR config to flow create Anatoly Burakov
` (6 subsequent siblings)
8 siblings, 1 reply; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau
Currently, security flows are implemented as a special case and do not go
through the normal flow create/destroy infrastructure. However, because of
that, it is impossible to destroy such flows once created. Fix it by adding
a flag to rte_flow indicating that it is a security flow, so that it can be
destroyed later.
Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 ++
drivers/net/intel/ixgbe/ixgbe_flow.c | 11 ++++++++++-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.h b/drivers/net/intel/ixgbe/ixgbe_ethdev.h
index 5393c81363..5dbd659941 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ethdev.h
+++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.h
@@ -359,6 +359,8 @@ struct ixgbe_l2_tn_info {
struct rte_flow {
enum rte_filter_type filter_type;
+ /* security flows are not rte_filter_type */
+ bool is_security;
void *rule;
};
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 27d2ba1132..066a69eb12 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -3062,8 +3062,10 @@ ixgbe_flow_create(struct rte_eth_dev *dev,
#ifdef RTE_LIB_SECURITY
/* ESP flow not really a flow*/
- if (ntuple_filter.proto == IPPROTO_ESP)
+ if (ntuple_filter.proto == IPPROTO_ESP) {
+ flow->is_security = true;
return flow;
+ }
#endif
if (!ret) {
@@ -3350,6 +3352,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private);
struct ixgbe_rss_conf_ele *rss_filter_ptr;
+ /* Special case for SECURITY flows */
+ if (flow->is_security) {
+ ret = 0;
+ goto free;
+ }
+
switch (filter_type) {
case RTE_ETH_FILTER_NTUPLE:
ntuple_filter_ptr = (struct ixgbe_ntuple_filter_ele *)
@@ -3442,6 +3450,7 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
return ret;
}
+free:
TAILQ_FOREACH(ixgbe_flow_mem_ptr, &ixgbe_flow_list, entries) {
if (ixgbe_flow_mem_ptr->flow == pmd_flow) {
TAILQ_REMOVE(&ixgbe_flow_list,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v4 3/9] net/i40e: move FDIR config to flow create
2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-11 13:49 ` [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-11 13:49 ` [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows Anatoly Burakov
@ 2026-02-11 13:49 ` Anatoly Burakov
2026-02-11 15:38 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 4/9] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
` (5 subsequent siblings)
8 siblings, 1 reply; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw)
To: dev, Bruce Richardson, Xiaoyun Li, Beilei Xing
Currently, FDIR filter parsing function will modify FDIR state after a
successful match. However, this function is called from both flow create
and flow validate, which results in the driver modifying FDIR state after
a flow validate call. Move the FDIR config to flow create.
Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++----------------
1 file changed, 23 insertions(+), 28 deletions(-)
diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c
index f130f53ae0..193b1b6725 100644
--- a/drivers/net/intel/i40e/i40e_flow.c
+++ b/drivers/net/intel/i40e/i40e_flow.c
@@ -2551,9 +2551,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev,
struct rte_flow_error *error,
union i40e_filter_t *filter)
{
- struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
- struct i40e_fdir_filter_conf *fdir_filter =
- &filter->fdir_filter;
+ struct i40e_fdir_filter_conf *fdir_filter = &filter->fdir_filter;
int ret;
ret = i40e_flow_parse_fdir_pattern(dev, pattern, error, fdir_filter);
@@ -2570,32 +2568,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev,
cons_filter_type = RTE_ETH_FILTER_FDIR;
- if (pf->fdir.fdir_vsi == NULL) {
- /* Enable fdir when fdir flow is added at first time. */
- ret = i40e_fdir_setup(pf);
- if (ret != I40E_SUCCESS) {
- rte_flow_error_set(error, ENOTSUP,
- RTE_FLOW_ERROR_TYPE_HANDLE,
- NULL, "Failed to setup fdir.");
- return -rte_errno;
- }
- ret = i40e_fdir_configure(dev);
- if (ret < 0) {
- rte_flow_error_set(error, ENOTSUP,
- RTE_FLOW_ERROR_TYPE_HANDLE,
- NULL, "Failed to configure fdir.");
- goto err;
- }
- }
-
- /* If create the first fdir rule, enable fdir check for rx queues */
- if (TAILQ_EMPTY(&pf->fdir.fdir_list))
- i40e_fdir_rx_proc_enable(dev, 1);
-
return 0;
-err:
- i40e_fdir_teardown(pf);
- return -rte_errno;
}
/* Parse to get the action info of a tunnel filter
@@ -3921,6 +3894,28 @@ i40e_flow_create(struct rte_eth_dev *dev,
return NULL;
if (cons_filter_type == RTE_ETH_FILTER_FDIR) {
+ /* if this is the first time we're creating an fdir flow */
+ if (pf->fdir.fdir_vsi == NULL) {
+ ret = i40e_fdir_setup(pf);
+ if (ret != I40E_SUCCESS) {
+ rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_HANDLE,
+ NULL, "Failed to setup fdir.");
+ return NULL;
+ }
+ ret = i40e_fdir_configure(dev);
+ if (ret < 0) {
+ rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_HANDLE,
+ NULL, "Failed to configure fdir.");
+ i40e_fdir_teardown(pf);
+ return NULL;
+ }
+ }
+ /* If create the first fdir rule, enable fdir check for rx queues */
+ if (TAILQ_EMPTY(&pf->fdir.fdir_list))
+ i40e_fdir_rx_proc_enable(dev, 1);
+
flow = i40e_fdir_entry_pool_get(fdir_info);
if (flow == NULL) {
rte_flow_error_set(error, ENOBUFS,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v4 4/9] net/i40e: fix IPv6 GTPU handling
2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (2 preceding siblings ...)
2026-02-11 13:49 ` [PATCH v4 3/9] net/i40e: move FDIR config to flow create Anatoly Burakov
@ 2026-02-11 13:49 ` Anatoly Burakov
2026-02-11 15:40 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 5/9] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
` (4 subsequent siblings)
8 siblings, 1 reply; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw)
To: dev, Bruce Richardson, Jingjing Wu, Beilei Xing
GTP tunnel code declares support for IPv6 GTPU flows but does not actually
handle IPv6 flow pattern item, resulting in incorrect parsing for IPv6
GTPU flows. Add IPv6 flow item handling.
Fixes: 47ba0398da3f ("net/i40e: add cloud filter parsing function for GTP")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/i40e/i40e_flow.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c
index 193b1b6725..2374b9bbca 100644
--- a/drivers/net/intel/i40e/i40e_flow.c
+++ b/drivers/net/intel/i40e/i40e_flow.c
@@ -3580,6 +3580,19 @@ i40e_flow_parse_gtp_pattern(struct rte_eth_dev *dev,
return -rte_errno;
}
break;
+ case RTE_FLOW_ITEM_TYPE_IPV6:
+ filter->ip_type = I40E_TUNNEL_IPTYPE_IPV6;
+ /* IPv6 is used to describe protocol,
+ * spec and mask should be NULL.
+ */
+ if (item->spec || item->mask) {
+ rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ITEM,
+ item,
+ "Invalid IPv6 item");
+ return -rte_errno;
+ }
+ break;
case RTE_FLOW_ITEM_TYPE_UDP:
if (item->spec || item->mask) {
rte_flow_error_set(error, EINVAL,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v4 5/9] net/iavf: fix memory leak on egress IPsec flows
2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (3 preceding siblings ...)
2026-02-11 13:49 ` [PATCH v4 4/9] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
@ 2026-02-11 13:49 ` Anatoly Burakov
2026-02-11 15:45 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 6/9] net/iavf: fix memory leak on uninit Anatoly Burakov
` (3 subsequent siblings)
8 siblings, 1 reply; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Jingjing Wu, Radu Nicolau,
Declan Doherty, Abhijit Sinha
When creating egress IPsec flows, no action need to be done in hardware, as
this is just a software association. However, because we do not write
anything to the rte_flow entry, subsequent destroy call will not destroy
this kind of flow, because it expects a valid engine to be set for every
flow. This results in memory unable to be freed back to the system.
In addition to that, when creating these flows, we do not actually store
the rte_flow pointer anywhere, so even if the user has triggered `uninit`
(which would have freed the flow), this flow isn't in the list so it would
never get freed.
Fix this by marking the flow as egress IPsec flows, adding it to the tailq,
and changing the `destroy` code to take all of that into account.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++-----
drivers/net/intel/iavf/iavf_generic_flow.h | 1 +
2 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c
index 6f6e95fc45..02917f863d 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.c
+++ b/drivers/net/intel/iavf/iavf_generic_flow.c
@@ -2265,8 +2265,10 @@ iavf_flow_create(struct rte_eth_dev *dev,
}
/* Special case for inline crypto egress flows */
- if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY)
- goto free_flow;
+ if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) {
+ flow->is_ipsec_egress_flow = true;
+ goto tailq_insert;
+ }
ret = iavf_flow_process_filter(dev, flow, attr, pattern, actions,
&engine, iavf_parse_engine_create, error);
@@ -2278,6 +2280,7 @@ iavf_flow_create(struct rte_eth_dev *dev,
}
flow->engine = engine;
+tailq_insert:
rte_spinlock_lock(&vf->flow_ops_lock);
TAILQ_INSERT_TAIL(&vf->flow_list, flow, node);
rte_spinlock_unlock(&vf->flow_ops_lock);
@@ -2293,7 +2296,14 @@ iavf_flow_is_valid(struct rte_flow *flow)
struct iavf_flow_engine *engine;
void *temp;
- if (flow && flow->engine) {
+ if (flow == NULL)
+ return false;
+
+ /* these flows don't use engines */
+ if (flow->is_ipsec_egress_flow)
+ return true;
+
+ if (flow->engine) {
RTE_TAILQ_FOREACH_SAFE(engine, &engine_list, node, temp) {
if (engine == flow->engine)
return true;
@@ -2311,18 +2321,26 @@ iavf_flow_destroy(struct rte_eth_dev *dev,
struct iavf_adapter *ad =
IAVF_DEV_PRIVATE_TO_ADAPTER(dev->data->dev_private);
struct iavf_info *vf = IAVF_DEV_PRIVATE_TO_VF(ad);
+ bool need_destroy;
int ret = 0;
- if (!iavf_flow_is_valid(flow) || !flow->engine->destroy) {
+ if (!iavf_flow_is_valid(flow)) {
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_HANDLE,
NULL, "Invalid flow destroy");
return -rte_errno;
}
+ need_destroy = !flow->is_ipsec_egress_flow;
+
+ if (need_destroy && flow->engine->destroy == NULL) {
+ return rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_HANDLE, NULL,
+ "Invalid flow destroy");
+ }
rte_spinlock_lock(&vf->flow_ops_lock);
-
- ret = flow->engine->destroy(ad, flow, error);
+ if (need_destroy)
+ ret = flow->engine->destroy(ad, flow, error);
if (!ret) {
TAILQ_REMOVE(&vf->flow_list, flow, node);
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.h b/drivers/net/intel/iavf/iavf_generic_flow.h
index 60d8ab02b4..b11bb4cf2b 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.h
+++ b/drivers/net/intel/iavf/iavf_generic_flow.h
@@ -517,6 +517,7 @@ TAILQ_HEAD(iavf_engine_list, iavf_flow_engine);
/* Struct to store flow created. */
struct rte_flow {
TAILQ_ENTRY(rte_flow) node;
+ bool is_ipsec_egress_flow;
struct iavf_flow_engine *engine;
void *rule;
};
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v4 6/9] net/iavf: fix memory leak on uninit
2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (4 preceding siblings ...)
2026-02-11 13:49 ` [PATCH v4 5/9] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
@ 2026-02-11 13:49 ` Anatoly Burakov
2026-02-11 15:52 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 7/9] net/iavf: fix IPv4 flow subscription Anatoly Burakov
` (2 subsequent siblings)
8 siblings, 1 reply; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Declan Doherty, Abhijit Sinha,
Jingjing Wu, Radu Nicolau
When IPsec is initialized, parsers and engines are registered into the
common infrastructure. However, during deinitialization, they are not
cleaned up. Fix it by including IPsec engines in the cleanup.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c
index 02917f863d..42ecc90d1d 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.c
+++ b/drivers/net/intel/iavf/iavf_generic_flow.c
@@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad)
TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node);
rte_free(p_parser);
}
+
+ while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) {
+ TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node);
+ rte_free(p_parser);
+ }
}
int
@@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser,
else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) ||
(parser->engine->type == IAVF_FLOW_ENGINE_FSUB))
list = &vf->dist_parser_list;
+ else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO)
+ list = &vf->ipsec_crypto_parser_list;
if (list == NULL)
return;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v4 7/9] net/iavf: fix IPv4 flow subscription
2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (5 preceding siblings ...)
2026-02-11 13:49 ` [PATCH v4 6/9] net/iavf: fix memory leak on uninit Anatoly Burakov
@ 2026-02-11 13:49 ` Anatoly Burakov
2026-02-11 15:53 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 8/9] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
2026-02-11 13:49 ` [PATCH v4 9/9] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
8 siblings, 1 reply; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Jie Wang, Qi Zhang
Currently, when IPv4 is parsed as part of flow subscription input set, we
add two bytes to the total number of bytes in the input set for IPv4 source
or destination addresses, whereas they should be 4 bytes. Fix to add the
correct number of bytes.
Fixes: 6d42380e5983 ("net/iavf: add flow subscrption supported pattern")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/iavf/iavf_fsub.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/intel/iavf/iavf_fsub.c b/drivers/net/intel/iavf/iavf_fsub.c
index 18df9c6500..cf1030320f 100644
--- a/drivers/net/intel/iavf/iavf_fsub.c
+++ b/drivers/net/intel/iavf/iavf_fsub.c
@@ -314,11 +314,11 @@ iavf_fsub_parse_pattern(const struct rte_flow_item pattern[],
if (ipv4_mask->hdr.src_addr) {
*input |= IAVF_INSET_IPV4_SRC;
- input_set_byte += 2;
+ input_set_byte += 4;
}
if (ipv4_mask->hdr.dst_addr) {
*input |= IAVF_INSET_IPV4_DST;
- input_set_byte += 2;
+ input_set_byte += 4;
}
if (ipv4_mask->hdr.time_to_live) {
*input |= IAVF_INSET_IPV4_TTL;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v4 8/9] net/ice: fix memory leak in DCF QoS bandwidth config
2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (6 preceding siblings ...)
2026-02-11 13:49 ` [PATCH v4 7/9] net/iavf: fix IPv4 flow subscription Anatoly Burakov
@ 2026-02-11 13:49 ` Anatoly Burakov
2026-02-11 15:56 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 9/9] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
8 siblings, 1 reply; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw)
To: dev, Bruce Richardson, Qi Zhang, Ting Xu, Qiming Yang
Currently, when committing DCF QoS bandwidth configuration for VFs and TCs,
we are using rte_zmalloc followed by copying the data to persistent storage
and then discarding the temporary buffers. This is not needed as these
temporary buffers are not being stored anywhere, so replace them with
regular calloc. However, because the original code was missing a
corresponding `rte_free()` call for these temporary allocations, this
also fixes a memory leak.
Fixes: 3a6bfc37eaf4 ("net/ice: support QoS config VF bandwidth in DCF")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ice/ice_dcf_sched.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/drivers/net/intel/ice/ice_dcf_sched.c b/drivers/net/intel/ice/ice_dcf_sched.c
index 2832d223d1..645f1373f4 100644
--- a/drivers/net/intel/ice/ice_dcf_sched.c
+++ b/drivers/net/intel/ice/ice_dcf_sched.c
@@ -746,8 +746,8 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
{
struct ice_dcf_adapter *adapter = dev->data->dev_private;
struct ice_dcf_hw *hw = &adapter->real_hw;
- struct virtchnl_dcf_bw_cfg_list *vf_bw;
- struct virtchnl_dcf_bw_cfg_list *tc_bw;
+ struct virtchnl_dcf_bw_cfg_list *vf_bw = NULL;
+ struct virtchnl_dcf_bw_cfg_list *tc_bw = NULL;
struct ice_dcf_tm_node_list *vsi_list = &hw->tm_conf.vsi_list;
struct rte_tm_shaper_params *profile;
struct ice_dcf_tm_node *tm_node;
@@ -770,12 +770,12 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
size = sizeof(struct virtchnl_dcf_bw_cfg_list) +
sizeof(struct virtchnl_dcf_bw_cfg) *
(hw->tm_conf.nb_tc_node - 1);
- vf_bw = rte_zmalloc("vf_bw", size, 0);
+ vf_bw = calloc(1, size);
if (!vf_bw) {
ret_val = ICE_ERR_NO_MEMORY;
goto fail_clear;
}
- tc_bw = rte_zmalloc("tc_bw", size, 0);
+ tc_bw = calloc(1, size);
if (!tc_bw) {
ret_val = ICE_ERR_NO_MEMORY;
goto fail_clear;
@@ -875,6 +875,11 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
return ret_val;
fail_clear:
+ if (vf_bw != NULL)
+ free(vf_bw);
+ if (tc_bw != NULL)
+ free(tc_bw);
+
/* clear all the traffic manager configuration */
if (clear_on_fail) {
ice_dcf_tm_conf_uninit(dev);
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v4 9/9] net/ice: fix memory leak in FDIR flow parsing
2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (7 preceding siblings ...)
2026-02-11 13:49 ` [PATCH v4 8/9] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
@ 2026-02-11 13:49 ` Anatoly Burakov
2026-02-11 16:06 ` Medvedkin, Vladimir
8 siblings, 1 reply; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw)
To: dev, Bruce Richardson, Junfeng Guo, Qi Zhang
Currently, RAW pattern parsing will cause a `pkt_buf` buffer to be
allocated to store parsed RAW pattern bytes. All error paths handle the
deallocation correctly, and the buffer will then be passed to FDIR filter
create function which also handles the presence of the buffer correctly,
and it is also freed correctly in destroy function.
However, rte_flow_validate will go through the same code path, but will not
call FDIR create/destroy nor even store the pointer, because `meta`
variable inside the flow parsing function will be set to NULL, which will
cause this memory to be leaked (and memset(0)-ed next time we try to
create/validate another flow).
Fix it by freeing the `pkt_buf` when `meta` is NULL.
Fixes: 25be39cc1760 ("net/ice: enable protocol agnostic flow offloading in FDIR")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ice/ice_fdir_filter.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/intel/ice/ice_fdir_filter.c b/drivers/net/intel/ice/ice_fdir_filter.c
index f7730ec6ab..5abdcbac7f 100644
--- a/drivers/net/intel/ice/ice_fdir_filter.c
+++ b/drivers/net/intel/ice/ice_fdir_filter.c
@@ -2497,8 +2497,12 @@ ice_fdir_parse(struct ice_adapter *ad,
if (ret)
goto error;
- if (meta)
+ /* if meta is NULL we're validating so the flow won't be stored */
+ if (meta) {
*meta = filter;
+ } else if (filter->pkt_buf != NULL) {
+ rte_free(filter->pkt_buf);
+ }
rte_free(item);
return ret;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks
2026-02-11 13:49 ` [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
@ 2026-02-11 15:17 ` Medvedkin, Vladimir
2026-02-11 21:57 ` Kwapulinski, Piotr
1 sibling, 0 replies; 83+ messages in thread
From: Medvedkin, Vladimir @ 2026-02-11 15:17 UTC (permalink / raw)
To: Anatoly Burakov, dev, Piotr Kwapulinski, Jedrzej Jagielski,
Carolyn Wyborny
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
On 2/11/2026 1:49 PM, Anatoly Burakov wrote:
> A few E610 MAC type checks were missing (verified using E610 datasheet).
>
> Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device")
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
> drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +-----
> drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++--------
> drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++---
> drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++-
> drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++--
> drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++----
> 6 files changed, 39 insertions(+), 28 deletions(-)
>
<snip>
--
Regards,
Vladimir
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows
2026-02-11 13:49 ` [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows Anatoly Burakov
@ 2026-02-11 15:28 ` Medvedkin, Vladimir
0 siblings, 0 replies; 83+ messages in thread
From: Medvedkin, Vladimir @ 2026-02-11 15:28 UTC (permalink / raw)
To: Anatoly Burakov, dev, Declan Doherty, Radu Nicolau
On 2/11/2026 1:49 PM, Anatoly Burakov wrote:
> Currently, security flows are implemented as a special case and do not go
> through the normal flow create/destroy infrastructure. However, because of
> that, it is impossible to destroy such flows once created. Fix it by adding
> a flag to rte_flow indicating that it is a security flow, so that it can be
> destroyed later.
>
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
> drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 ++
> drivers/net/intel/ixgbe/ixgbe_flow.c | 11 ++++++++++-
> 2 files changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.h b/drivers/net/intel/ixgbe/ixgbe_ethdev.h
> index 5393c81363..5dbd659941 100644
> --- a/drivers/net/intel/ixgbe/ixgbe_ethdev.h
> +++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.h
> @@ -359,6 +359,8 @@ struct ixgbe_l2_tn_info {
>
> struct rte_flow {
> enum rte_filter_type filter_type;
> + /* security flows are not rte_filter_type */
> + bool is_security;
> void *rule;
> };
>
> diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
> index 27d2ba1132..066a69eb12 100644
> --- a/drivers/net/intel/ixgbe/ixgbe_flow.c
> +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
> @@ -3062,8 +3062,10 @@ ixgbe_flow_create(struct rte_eth_dev *dev,
>
> #ifdef RTE_LIB_SECURITY
> /* ESP flow not really a flow*/
> - if (ntuple_filter.proto == IPPROTO_ESP)
> + if (ntuple_filter.proto == IPPROTO_ESP) {
> + flow->is_security = true;
> return flow;
here previous call ixgbe_parse_ntuple_filter() may return an error even
if ntuple_filter.proto is IPPROTO_ESP.
From cons_parse_ntuple_filter():
filter->proto = IPPROTO_ESP;
return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec,
item->type == RTE_FLOW_ITEM_TYPE_IPV6);
ixgbe_crypto_add_ingress_sa_from_flow() may fail.
> + }
> #endif
>
> if (!ret) {
> @@ -3350,6 +3352,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
> IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private);
> struct ixgbe_rss_conf_ele *rss_filter_ptr;
>
> + /* Special case for SECURITY flows */
> + if (flow->is_security) {
> + ret = 0;
> + goto free;
> + }
> +
> switch (filter_type) {
> case RTE_ETH_FILTER_NTUPLE:
> ntuple_filter_ptr = (struct ixgbe_ntuple_filter_ele *)
> @@ -3442,6 +3450,7 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
> return ret;
> }
>
> +free:
> TAILQ_FOREACH(ixgbe_flow_mem_ptr, &ixgbe_flow_list, entries) {
> if (ixgbe_flow_mem_ptr->flow == pmd_flow) {
> TAILQ_REMOVE(&ixgbe_flow_list,
--
Regards,
Vladimir
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v4 3/9] net/i40e: move FDIR config to flow create
2026-02-11 13:49 ` [PATCH v4 3/9] net/i40e: move FDIR config to flow create Anatoly Burakov
@ 2026-02-11 15:38 ` Medvedkin, Vladimir
0 siblings, 0 replies; 83+ messages in thread
From: Medvedkin, Vladimir @ 2026-02-11 15:38 UTC (permalink / raw)
To: Anatoly Burakov, dev, Bruce Richardson, Xiaoyun Li, Beilei Xing
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
On 2/11/2026 1:49 PM, Anatoly Burakov wrote:
> Currently, FDIR filter parsing function will modify FDIR state after a
> successful match. However, this function is called from both flow create
> and flow validate, which results in the driver modifying FDIR state after
> a flow validate call. Move the FDIR config to flow create.
>
> Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically")
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
> drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++----------------
> 1 file changed, 23 insertions(+), 28 deletions(-)
>
<snip>
--
Regards,
Vladimir
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v4 4/9] net/i40e: fix IPv6 GTPU handling
2026-02-11 13:49 ` [PATCH v4 4/9] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
@ 2026-02-11 15:40 ` Medvedkin, Vladimir
0 siblings, 0 replies; 83+ messages in thread
From: Medvedkin, Vladimir @ 2026-02-11 15:40 UTC (permalink / raw)
To: Anatoly Burakov, dev, Bruce Richardson, Jingjing Wu, Beilei Xing
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
On 2/11/2026 1:49 PM, Anatoly Burakov wrote:
> GTP tunnel code declares support for IPv6 GTPU flows but does not actually
> handle IPv6 flow pattern item, resulting in incorrect parsing for IPv6
> GTPU flows. Add IPv6 flow item handling.
>
> Fixes: 47ba0398da3f ("net/i40e: add cloud filter parsing function for GTP")
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
> drivers/net/intel/i40e/i40e_flow.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c
> index 193b1b6725..2374b9bbca 100644
> --- a/drivers/net/intel/i40e/i40e_flow.c
> +++ b/drivers/net/intel/i40e/i40e_flow.c
> @@ -3580,6 +3580,19 @@ i40e_flow_parse_gtp_pattern(struct rte_eth_dev *dev,
> return -rte_errno;
> }
> break;
> + case RTE_FLOW_ITEM_TYPE_IPV6:
> + filter->ip_type = I40E_TUNNEL_IPTYPE_IPV6;
> + /* IPv6 is used to describe protocol,
> + * spec and mask should be NULL.
> + */
> + if (item->spec || item->mask) {
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ITEM,
> + item,
> + "Invalid IPv6 item");
> + return -rte_errno;
> + }
> + break;
> case RTE_FLOW_ITEM_TYPE_UDP:
> if (item->spec || item->mask) {
> rte_flow_error_set(error, EINVAL,
--
Regards,
Vladimir
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v4 5/9] net/iavf: fix memory leak on egress IPsec flows
2026-02-11 13:49 ` [PATCH v4 5/9] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
@ 2026-02-11 15:45 ` Medvedkin, Vladimir
0 siblings, 0 replies; 83+ messages in thread
From: Medvedkin, Vladimir @ 2026-02-11 15:45 UTC (permalink / raw)
To: Anatoly Burakov, dev, Jingjing Wu, Radu Nicolau, Declan Doherty,
Abhijit Sinha
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
On 2/11/2026 1:49 PM, Anatoly Burakov wrote:
> When creating egress IPsec flows, no action need to be done in hardware, as
> this is just a software association. However, because we do not write
> anything to the rte_flow entry, subsequent destroy call will not destroy
> this kind of flow, because it expects a valid engine to be set for every
> flow. This results in memory unable to be freed back to the system.
>
> In addition to that, when creating these flows, we do not actually store
> the rte_flow pointer anywhere, so even if the user has triggered `uninit`
> (which would have freed the flow), this flow isn't in the list so it would
> never get freed.
>
> Fix this by marking the flow as egress IPsec flows, adding it to the tailq,
> and changing the `destroy` code to take all of that into account.
>
> Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> Acked-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
> drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++-----
> drivers/net/intel/iavf/iavf_generic_flow.h | 1 +
> 2 files changed, 25 insertions(+), 6 deletions(-)
>
<snip>
--
Regards,
Vladimir
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v4 6/9] net/iavf: fix memory leak on uninit
2026-02-11 13:49 ` [PATCH v4 6/9] net/iavf: fix memory leak on uninit Anatoly Burakov
@ 2026-02-11 15:52 ` Medvedkin, Vladimir
0 siblings, 0 replies; 83+ messages in thread
From: Medvedkin, Vladimir @ 2026-02-11 15:52 UTC (permalink / raw)
To: Anatoly Burakov, dev, Declan Doherty, Abhijit Sinha, Jingjing Wu,
Radu Nicolau
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
On 2/11/2026 1:49 PM, Anatoly Burakov wrote:
> When IPsec is initialized, parsers and engines are registered into the
> common infrastructure. However, during deinitialization, they are not
> cleaned up. Fix it by including IPsec engines in the cleanup.
>
> Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> Acked-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
> drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c
> index 02917f863d..42ecc90d1d 100644
> --- a/drivers/net/intel/iavf/iavf_generic_flow.c
> +++ b/drivers/net/intel/iavf/iavf_generic_flow.c
> @@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad)
> TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node);
> rte_free(p_parser);
> }
> +
> + while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) {
> + TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node);
> + rte_free(p_parser);
> + }
> }
>
> int
> @@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser,
> else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) ||
> (parser->engine->type == IAVF_FLOW_ENGINE_FSUB))
> list = &vf->dist_parser_list;
> + else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO)
> + list = &vf->ipsec_crypto_parser_list;
>
> if (list == NULL)
> return;
--
Regards,
Vladimir
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v4 7/9] net/iavf: fix IPv4 flow subscription
2026-02-11 13:49 ` [PATCH v4 7/9] net/iavf: fix IPv4 flow subscription Anatoly Burakov
@ 2026-02-11 15:53 ` Medvedkin, Vladimir
0 siblings, 0 replies; 83+ messages in thread
From: Medvedkin, Vladimir @ 2026-02-11 15:53 UTC (permalink / raw)
To: Anatoly Burakov, dev, Jie Wang, Qi Zhang
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
On 2/11/2026 1:49 PM, Anatoly Burakov wrote:
> Currently, when IPv4 is parsed as part of flow subscription input set, we
> add two bytes to the total number of bytes in the input set for IPv4 source
> or destination addresses, whereas they should be 4 bytes. Fix to add the
> correct number of bytes.
>
> Fixes: 6d42380e5983 ("net/iavf: add flow subscrption supported pattern")
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
> drivers/net/intel/iavf/iavf_fsub.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/intel/iavf/iavf_fsub.c b/drivers/net/intel/iavf/iavf_fsub.c
> index 18df9c6500..cf1030320f 100644
> --- a/drivers/net/intel/iavf/iavf_fsub.c
> +++ b/drivers/net/intel/iavf/iavf_fsub.c
> @@ -314,11 +314,11 @@ iavf_fsub_parse_pattern(const struct rte_flow_item pattern[],
>
> if (ipv4_mask->hdr.src_addr) {
> *input |= IAVF_INSET_IPV4_SRC;
> - input_set_byte += 2;
> + input_set_byte += 4;
> }
> if (ipv4_mask->hdr.dst_addr) {
> *input |= IAVF_INSET_IPV4_DST;
> - input_set_byte += 2;
> + input_set_byte += 4;
> }
> if (ipv4_mask->hdr.time_to_live) {
> *input |= IAVF_INSET_IPV4_TTL;
--
Regards,
Vladimir
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v4 8/9] net/ice: fix memory leak in DCF QoS bandwidth config
2026-02-11 13:49 ` [PATCH v4 8/9] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
@ 2026-02-11 15:56 ` Medvedkin, Vladimir
0 siblings, 0 replies; 83+ messages in thread
From: Medvedkin, Vladimir @ 2026-02-11 15:56 UTC (permalink / raw)
To: Anatoly Burakov, dev, Bruce Richardson, Qi Zhang, Ting Xu,
Qiming Yang
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
On 2/11/2026 1:49 PM, Anatoly Burakov wrote:
> Currently, when committing DCF QoS bandwidth configuration for VFs and TCs,
> we are using rte_zmalloc followed by copying the data to persistent storage
> and then discarding the temporary buffers. This is not needed as these
> temporary buffers are not being stored anywhere, so replace them with
> regular calloc. However, because the original code was missing a
> corresponding `rte_free()` call for these temporary allocations, this
> also fixes a memory leak.
>
> Fixes: 3a6bfc37eaf4 ("net/ice: support QoS config VF bandwidth in DCF")
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
> drivers/net/intel/ice/ice_dcf_sched.c | 13 +++++++++----
> 1 file changed, 9 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/intel/ice/ice_dcf_sched.c b/drivers/net/intel/ice/ice_dcf_sched.c
> index 2832d223d1..645f1373f4 100644
> --- a/drivers/net/intel/ice/ice_dcf_sched.c
> +++ b/drivers/net/intel/ice/ice_dcf_sched.c
> @@ -746,8 +746,8 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
> {
> struct ice_dcf_adapter *adapter = dev->data->dev_private;
> struct ice_dcf_hw *hw = &adapter->real_hw;
> - struct virtchnl_dcf_bw_cfg_list *vf_bw;
> - struct virtchnl_dcf_bw_cfg_list *tc_bw;
> + struct virtchnl_dcf_bw_cfg_list *vf_bw = NULL;
> + struct virtchnl_dcf_bw_cfg_list *tc_bw = NULL;
> struct ice_dcf_tm_node_list *vsi_list = &hw->tm_conf.vsi_list;
> struct rte_tm_shaper_params *profile;
> struct ice_dcf_tm_node *tm_node;
> @@ -770,12 +770,12 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
> size = sizeof(struct virtchnl_dcf_bw_cfg_list) +
> sizeof(struct virtchnl_dcf_bw_cfg) *
> (hw->tm_conf.nb_tc_node - 1);
> - vf_bw = rte_zmalloc("vf_bw", size, 0);
> + vf_bw = calloc(1, size);
> if (!vf_bw) {
> ret_val = ICE_ERR_NO_MEMORY;
> goto fail_clear;
> }
> - tc_bw = rte_zmalloc("tc_bw", size, 0);
> + tc_bw = calloc(1, size);
> if (!tc_bw) {
> ret_val = ICE_ERR_NO_MEMORY;
> goto fail_clear;
> @@ -875,6 +875,11 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
> return ret_val;
>
> fail_clear:
> + if (vf_bw != NULL)
> + free(vf_bw);
> + if (tc_bw != NULL)
> + free(tc_bw);
> +
> /* clear all the traffic manager configuration */
> if (clear_on_fail) {
> ice_dcf_tm_conf_uninit(dev);
--
Regards,
Vladimir
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v4 9/9] net/ice: fix memory leak in FDIR flow parsing
2026-02-11 13:49 ` [PATCH v4 9/9] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
@ 2026-02-11 16:06 ` Medvedkin, Vladimir
0 siblings, 0 replies; 83+ messages in thread
From: Medvedkin, Vladimir @ 2026-02-11 16:06 UTC (permalink / raw)
To: Anatoly Burakov, dev, Bruce Richardson, Junfeng Guo, Qi Zhang
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
On 2/11/2026 1:49 PM, Anatoly Burakov wrote:
> Currently, RAW pattern parsing will cause a `pkt_buf` buffer to be
> allocated to store parsed RAW pattern bytes. All error paths handle the
> deallocation correctly, and the buffer will then be passed to FDIR filter
> create function which also handles the presence of the buffer correctly,
> and it is also freed correctly in destroy function.
>
> However, rte_flow_validate will go through the same code path, but will not
> call FDIR create/destroy nor even store the pointer, because `meta`
> variable inside the flow parsing function will be set to NULL, which will
> cause this memory to be leaked (and memset(0)-ed next time we try to
> create/validate another flow).
>
> Fix it by freeing the `pkt_buf` when `meta` is NULL.
>
> Fixes: 25be39cc1760 ("net/ice: enable protocol agnostic flow offloading in FDIR")
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
> drivers/net/intel/ice/ice_fdir_filter.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/intel/ice/ice_fdir_filter.c b/drivers/net/intel/ice/ice_fdir_filter.c
> index f7730ec6ab..5abdcbac7f 100644
> --- a/drivers/net/intel/ice/ice_fdir_filter.c
> +++ b/drivers/net/intel/ice/ice_fdir_filter.c
> @@ -2497,8 +2497,12 @@ ice_fdir_parse(struct ice_adapter *ad,
> if (ret)
> goto error;
>
> - if (meta)
> + /* if meta is NULL we're validating so the flow won't be stored */
> + if (meta) {
> *meta = filter;
> + } else if (filter->pkt_buf != NULL) {
> + rte_free(filter->pkt_buf);
> + }
>
> rte_free(item);
> return ret;
--
Regards,
Vladimir
^ permalink raw reply [flat|nested] 83+ messages in thread
* RE: [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks
2026-02-11 13:49 ` [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-11 15:17 ` Medvedkin, Vladimir
@ 2026-02-11 21:57 ` Kwapulinski, Piotr
1 sibling, 0 replies; 83+ messages in thread
From: Kwapulinski, Piotr @ 2026-02-11 21:57 UTC (permalink / raw)
To: Burakov, Anatoly, dev@dpdk.org, Medvedkin, Vladimir,
Jagielski, Jedrzej, Carolyn Wyborny
>-----Original Message-----
>From: Burakov, Anatoly <anatoly.burakov@intel.com>
>Sent: Wednesday, February 11, 2026 2:49 PM
>To: dev@dpdk.org; Medvedkin, Vladimir <vladimir.medvedkin@intel.com>; Kwapulinski, Piotr <piotr.kwapulinski@intel.com>; Jagielski, Jedrzej <jedrzej.jagielski@intel.com>; Carolyn Wyborny <carolyn.wyborny@intel.com>
>Subject: [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks
>
>A few E610 MAC type checks were missing (verified using E610 datasheet).
>
>Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device")
>Cc: stable@dpdk.org
>
>Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
>---
> drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +-----
> drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++--------
> drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++---
> drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++-
> drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++--
> drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++----
> 6 files changed, 39 insertions(+), 28 deletions(-)
>
>diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
>index 6ef965dbb6..eb73bc8b17 100644
>--- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
>+++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
>@@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status)
> dir_sdo = IXGBE_ESDP_SDP6_DIR;
> break;
> case ixgbe_mac_X540:
>- sck = IXGBE_ESDP_SDP2;
>- sdi = IXGBE_ESDP_SDP0;
>- sdo = IXGBE_ESDP_SDP1;
>- dir_sck = IXGBE_ESDP_SDP2_DIR;
>- dir_sdi = IXGBE_ESDP_SDP0_DIR;
>- dir_sdo = IXGBE_ESDP_SDP1_DIR;
>- break;
> case ixgbe_mac_X550:
> case ixgbe_mac_X550EM_x:
> case ixgbe_mac_X550EM_a:
>+ case ixgbe_mac_E610:
> sck = IXGBE_ESDP_SDP2;
> sdi = IXGBE_ESDP_SDP0;
> sdo = IXGBE_ESDP_SDP1;
>diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
>index 89a799762f..11500a923c 100644
>--- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c
>+++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
>@@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev,
> (hw->mac.type != ixgbe_mac_X540) &&
> (hw->mac.type != ixgbe_mac_X550) &&
> (hw->mac.type != ixgbe_mac_X550EM_x) &&
>- (hw->mac.type != ixgbe_mac_X550EM_a))
>+ (hw->mac.type != ixgbe_mac_X550EM_a) &&
>+ (hw->mac.type != ixgbe_mac_E610))
> return -ENOSYS;
>
> PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d", @@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev)
> ctrl |= IXGBE_EXTENDED_VLAN;
> IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl);
>
>- /* Clear pooling mode of PFVTCTL. It's required by X550. */
>+ /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */
> if (hw->mac.type == ixgbe_mac_X550 ||
> hw->mac.type == ixgbe_mac_X550EM_x ||
>- hw->mac.type == ixgbe_mac_X550EM_a) {
>+ hw->mac.type == ixgbe_mac_X550EM_a ||
>+ hw->mac.type == ixgbe_mac_E610) {
> ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL);
> ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK;
> IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl); @@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev)
> case ixgbe_mac_X550:
> case ixgbe_mac_X550EM_x:
> case ixgbe_mac_X550EM_a:
>+ case ixgbe_mac_E610:
> speed = IXGBE_LINK_SPEED_X550_AUTONEG;
> break;
> default:
>@@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
> if (hw->mac.type == ixgbe_mac_X540 ||
> hw->mac.type == ixgbe_mac_X540_vf ||
> hw->mac.type == ixgbe_mac_X550 ||
>- hw->mac.type == ixgbe_mac_X550_vf) {
>+ hw->mac.type == ixgbe_mac_X550_vf ||
>+ hw->mac.type == ixgbe_mac_E610) {
> dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M;
> }
>- if (hw->mac.type == ixgbe_mac_X550) {
>+ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610)
>+{
> dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G;
> dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G;
> }
>@@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw,
>
> if (hw->mac.type != ixgbe_mac_X550 &&
> hw->mac.type != ixgbe_mac_X550EM_x &&
>- hw->mac.type != ixgbe_mac_X550EM_a) {
>+ hw->mac.type != ixgbe_mac_X550EM_a &&
>+ hw->mac.type != ixgbe_mac_E610) {
> return -ENOTSUP;
> }
>
>@@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw)
>
> if (hw->mac.type != ixgbe_mac_X550 &&
> hw->mac.type != ixgbe_mac_X550EM_x &&
>- hw->mac.type != ixgbe_mac_X550EM_a) {
>+ hw->mac.type != ixgbe_mac_X550EM_a &&
>+ hw->mac.type != ixgbe_mac_E610) {
> return -ENOTSUP;
> }
>
>@@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev,
>
> if (hw->mac.type != ixgbe_mac_X550 &&
> hw->mac.type != ixgbe_mac_X550EM_x &&
>- hw->mac.type != ixgbe_mac_X550EM_a) {
>+ hw->mac.type != ixgbe_mac_X550EM_a &&
>+ hw->mac.type != ixgbe_mac_E610) {
> return -ENOTSUP;
> }
>
>@@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev,
>
> if (hw->mac.type != ixgbe_mac_X550 &&
> hw->mac.type != ixgbe_mac_X550EM_x &&
>- hw->mac.type != ixgbe_mac_X550EM_a) {
>+ hw->mac.type != ixgbe_mac_X550EM_a &&
>+ hw->mac.type != ixgbe_mac_E610) {
> return -ENOTSUP;
> }
>
>@@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en)
>
> if (hw->mac.type != ixgbe_mac_X550 &&
> hw->mac.type != ixgbe_mac_X550EM_x &&
>- hw->mac.type != ixgbe_mac_X550EM_a) {
>+ hw->mac.type != ixgbe_mac_X550EM_a &&
>+ hw->mac.type != ixgbe_mac_E610) {
> return -ENOTSUP;
> }
>
>diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c
>index 97ef185583..0bdfbd411a 100644
>--- a/drivers/net/intel/ixgbe/ixgbe_fdir.c
>+++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c
>@@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev)
> hw->mac.type != ixgbe_mac_E610)
> return -ENOSYS;
>
>- /* x550 supports mac-vlan and tunnel mode but other NICs not */
>+ /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not
>+*/
> if (hw->mac.type != ixgbe_mac_X550 &&
> hw->mac.type != ixgbe_mac_X550EM_x &&
> hw->mac.type != ixgbe_mac_X550EM_a &&
>+ hw->mac.type != ixgbe_mac_E610 &&
> mode != RTE_FDIR_MODE_SIGNATURE &&
> mode != RTE_FDIR_MODE_PERFECT)
> return -ENOSYS;
>@@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
> return -ENOTSUP;
>
> /*
>- * Sanity check for x550.
>+ * Sanity check for x550 and E610.
> * When adding a new filter with flow type set to IPv4,
> * the flow director mask should be configed before,
> * and the L4 protocol and ports are masked.
>@@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
> if ((!del) &&
> (hw->mac.type == ixgbe_mac_X550 ||
> hw->mac.type == ixgbe_mac_X550EM_x ||
>- hw->mac.type == ixgbe_mac_X550EM_a) &&
>+ hw->mac.type == ixgbe_mac_X550EM_a ||
>+ hw->mac.type == ixgbe_mac_E610) &&
> (rule->ixgbe_fdir.formatted.flow_type ==
> IXGBE_ATR_FLOW_TYPE_IPV4 ||
> rule->ixgbe_fdir.formatted.flow_type == diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
>index 3b68d820ca..27d2ba1132 100644
>--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
>+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
>@@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev,
>
> if (hw->mac.type != ixgbe_mac_X550 &&
> hw->mac.type != ixgbe_mac_X550EM_x &&
>- hw->mac.type != ixgbe_mac_X550EM_a) {
>+ hw->mac.type != ixgbe_mac_X550EM_a &&
>+ hw->mac.type != ixgbe_mac_E610) {
> memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf));
> rte_flow_error_set(error, EINVAL,
> RTE_FLOW_ERROR_TYPE_ITEM,
>diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c
>index e967fe5e48..d9a775f99a 100644
>--- a/drivers/net/intel/ixgbe/ixgbe_pf.c
>+++ b/drivers/net/intel/ixgbe/ixgbe_pf.c
>@@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf)
> uint32_t max_frs;
> uint32_t hlreg0;
>
>- /* X540 and X550 support jumbo frames in IOV mode */
>+ /* X540, X550, and E610 support jumbo frames in IOV mode */
> if (hw->mac.type != ixgbe_mac_X540 &&
> hw->mac.type != ixgbe_mac_X550 &&
> hw->mac.type != ixgbe_mac_X550EM_x &&
>- hw->mac.type != ixgbe_mac_X550EM_a) {
>+ hw->mac.type != ixgbe_mac_X550EM_a &&
>+ hw->mac.type != ixgbe_mac_E610) {
> struct ixgbe_vf_info *vfinfo =
> *IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private);
>
>diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
>index 0af04c9b0d..2857c19355 100644
>--- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c
>+++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
>@@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev)
>
> if (hw->mac.type == ixgbe_mac_X550 ||
> hw->mac.type == ixgbe_mac_X550EM_x ||
>- hw->mac.type == ixgbe_mac_X550EM_a)
>+ hw->mac.type == ixgbe_mac_X550EM_a ||
>+ hw->mac.type == ixgbe_mac_E610)
> tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM;
>
> #ifdef RTE_LIB_SECURITY
>@@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev)
>
> if (hw->mac.type == ixgbe_mac_X550 ||
> hw->mac.type == ixgbe_mac_X550EM_x ||
>- hw->mac.type == ixgbe_mac_X550EM_a)
>+ hw->mac.type == ixgbe_mac_X550EM_a ||
>+ hw->mac.type == ixgbe_mac_E610)
> offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM;
>
> #ifdef RTE_LIB_SECURITY
>@@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
>
> /*
> * The packet type in RX descriptor is different for different NICs.
>- * Some bits are used for x550 but reserved for other NICS.
>+ * Some bits are used for x550 and E610 but reserved for other NICS.
> * So set different masks for different NICs.
> */
> if (hw->mac.type == ixgbe_mac_X550 ||
>@@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
> hw->mac.type == ixgbe_mac_X550EM_a ||
> hw->mac.type == ixgbe_mac_X550_vf ||
> hw->mac.type == ixgbe_mac_X550EM_x_vf ||
>- hw->mac.type == ixgbe_mac_X550EM_a_vf)
>+ hw->mac.type == ixgbe_mac_X550EM_a_vf ||
>+ hw->mac.type == ixgbe_mac_E610)
> rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550;
> else
> rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599; @@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev)
> if (hw->mac.type == ixgbe_mac_X540 ||
> hw->mac.type == ixgbe_mac_X550 ||
> hw->mac.type == ixgbe_mac_X550EM_x ||
>- hw->mac.type == ixgbe_mac_X550EM_a)
>+ hw->mac.type == ixgbe_mac_X550EM_a ||
>+ hw->mac.type == ixgbe_mac_E610)
> ixgbe_setup_loopback_link_x540_x550(hw, false);
> }
> }
Reviewed-by: Piotr Kwapulinski <piotr.kwapulinski@intel.com>
^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's
2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
` (5 preceding siblings ...)
2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov
@ 2026-02-12 12:53 ` Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
` (11 more replies)
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
7 siblings, 12 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw)
To: dev
Various bug fixes for Intel IXGBE, I40E, ICE, and IAVF drivers
v1 -> v2:
- Added patches [1] [2] that were previously sent separately
- Added patch fixing leak in DCF config
v2 -> v3:
- Added patch fixing leak in FDIR parser
v3 -> v4:
- Reordered patchsets by driver
- Added patch to fix ixgbe security flow memory leak
v4 -> v5:
- Fixed build issues in DCF patch
- Added three more patches to fix various bugs in IPsec
[1] https://patches.dpdk.org/project/dpdk/patch/fbd32a8a688fd0ed90fcf497703edcc30f69d54d.1770643356.git.anatoly.burakov@intel.com/
[2] https://patches.dpdk.org/project/dpdk/patch/ab4f8d8cf24dcd18f0dd6da3359266083f31d789.1770642901.git.anatoly.burakov@intel.com/
Anatoly Burakov (12):
net/ixgbe: add missing E610 MAC type checks
net/ixgbe: fix memory leak in security flows
net/ixgbe: fix potential null dereference in IPsec
net/ixgbe: fix potential null dereference in IPsec
net/ixgbe: fix wrong pointer handling in IPsec
net/i40e: move FDIR config to flow create
net/i40e: fix IPv6 GTPU handling
net/iavf: fix memory leak on egress IPsec flows
net/iavf: fix memory leak on uninit
net/iavf: fix IPv4 flow subscription
net/ice: fix memory leak in DCF QoS bandwidth config
net/ice: fix memory leak in FDIR flow parsing
drivers/net/intel/i40e/i40e_flow.c | 64 ++++++++++++----------
drivers/net/intel/iavf/iavf_fsub.c | 4 +-
drivers/net/intel/iavf/iavf_generic_flow.c | 37 +++++++++++--
drivers/net/intel/iavf/iavf_generic_flow.h | 1 +
drivers/net/intel/ice/ice_dcf_sched.c | 15 +++--
drivers/net/intel/ice/ice_fdir_filter.c | 8 ++-
drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +--
drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++----
drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 +
drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 ++-
drivers/net/intel/ixgbe/ixgbe_flow.c | 43 +++++++++++++--
drivers/net/intel/ixgbe/ixgbe_ipsec.c | 19 +++----
drivers/net/intel/ixgbe/ixgbe_ipsec.h | 16 +++++-
drivers/net/intel/ixgbe/ixgbe_pf.c | 5 +-
drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++--
15 files changed, 185 insertions(+), 88 deletions(-)
--
2.47.3
^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v5 01/12] net/ixgbe: add missing E610 MAC type checks
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
@ 2026-02-12 12:53 ` Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov
` (10 subsequent siblings)
11 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Piotr Kwapulinski, Carolyn Wyborny,
Jedrzej Jagielski
A few E610 MAC type checks were missing (verified using E610 datasheet).
Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Reviewed-by: Piotr Kwapulinski <piotr.kwapulinski@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +-----
drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++--------
drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++---
drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++-
drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++--
drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++----
6 files changed, 39 insertions(+), 28 deletions(-)
diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
index 6ef965dbb6..eb73bc8b17 100644
--- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
+++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
@@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status)
dir_sdo = IXGBE_ESDP_SDP6_DIR;
break;
case ixgbe_mac_X540:
- sck = IXGBE_ESDP_SDP2;
- sdi = IXGBE_ESDP_SDP0;
- sdo = IXGBE_ESDP_SDP1;
- dir_sck = IXGBE_ESDP_SDP2_DIR;
- dir_sdi = IXGBE_ESDP_SDP0_DIR;
- dir_sdo = IXGBE_ESDP_SDP1_DIR;
- break;
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
sck = IXGBE_ESDP_SDP2;
sdi = IXGBE_ESDP_SDP0;
sdo = IXGBE_ESDP_SDP1;
diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
index 89a799762f..11500a923c 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
@@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev,
(hw->mac.type != ixgbe_mac_X540) &&
(hw->mac.type != ixgbe_mac_X550) &&
(hw->mac.type != ixgbe_mac_X550EM_x) &&
- (hw->mac.type != ixgbe_mac_X550EM_a))
+ (hw->mac.type != ixgbe_mac_X550EM_a) &&
+ (hw->mac.type != ixgbe_mac_E610))
return -ENOSYS;
PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d",
@@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev)
ctrl |= IXGBE_EXTENDED_VLAN;
IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl);
- /* Clear pooling mode of PFVTCTL. It's required by X550. */
+ /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) {
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) {
ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL);
ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK;
IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl);
@@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev)
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
speed = IXGBE_LINK_SPEED_X550_AUTONEG;
break;
default:
@@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X540_vf ||
hw->mac.type == ixgbe_mac_X550 ||
- hw->mac.type == ixgbe_mac_X550_vf) {
+ hw->mac.type == ixgbe_mac_X550_vf ||
+ hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M;
}
- if (hw->mac.type == ixgbe_mac_X550) {
+ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G;
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G;
}
@@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c
index 97ef185583..0bdfbd411a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_fdir.c
+++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c
@@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev)
hw->mac.type != ixgbe_mac_E610)
return -ENOSYS;
- /* x550 supports mac-vlan and tunnel mode but other NICs not */
+ /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not */
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610 &&
mode != RTE_FDIR_MODE_SIGNATURE &&
mode != RTE_FDIR_MODE_PERFECT)
return -ENOSYS;
@@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
return -ENOTSUP;
/*
- * Sanity check for x550.
+ * Sanity check for x550 and E610.
* When adding a new filter with flow type set to IPv4,
* the flow director mask should be configed before,
* and the L4 protocol and ports are masked.
@@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
if ((!del) &&
(hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) &&
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) &&
(rule->ixgbe_fdir.formatted.flow_type ==
IXGBE_ATR_FLOW_TYPE_IPV4 ||
rule->ixgbe_fdir.formatted.flow_type ==
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 3b68d820ca..27d2ba1132 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf));
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c
index e967fe5e48..d9a775f99a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_pf.c
+++ b/drivers/net/intel/ixgbe/ixgbe_pf.c
@@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf)
uint32_t max_frs;
uint32_t hlreg0;
- /* X540 and X550 support jumbo frames in IOV mode */
+ /* X540, X550, and E610 support jumbo frames in IOV mode */
if (hw->mac.type != ixgbe_mac_X540 &&
hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
struct ixgbe_vf_info *vfinfo =
*IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private);
diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
index 0af04c9b0d..2857c19355 100644
--- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c
+++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
@@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
/*
* The packet type in RX descriptor is different for different NICs.
- * Some bits are used for x550 but reserved for other NICS.
+ * Some bits are used for x550 and E610 but reserved for other NICS.
* So set different masks for different NICs.
*/
if (hw->mac.type == ixgbe_mac_X550 ||
@@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
hw->mac.type == ixgbe_mac_X550EM_a ||
hw->mac.type == ixgbe_mac_X550_vf ||
hw->mac.type == ixgbe_mac_X550EM_x_vf ||
- hw->mac.type == ixgbe_mac_X550EM_a_vf)
+ hw->mac.type == ixgbe_mac_X550EM_a_vf ||
+ hw->mac.type == ixgbe_mac_E610)
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550;
else
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599;
@@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
ixgbe_setup_loopback_link_x540_x550(hw, false);
}
}
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
@ 2026-02-12 12:53 ` Anatoly Burakov
2026-02-12 17:10 ` Bruce Richardson
2026-02-12 17:19 ` Radu Nicolau
2026-02-12 12:53 ` [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov
` (9 subsequent siblings)
11 siblings, 2 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau
Currently, security flows are implemented as a special case and do not go
through the normal flow create/destroy infrastructure. However, because of
that, it is impossible to destroy such flows once created. Fix it by adding
a flag to rte_flow indicating that it is a security flow, so that it can be
destroyed later.
Additionally, security flows return pointer to allocated `rte_flow` struct
unconditionally, even though the underlying call to ipsec code might have
failed. Fix that by checking the return value from the filter function
before returning.
Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 ++
drivers/net/intel/ixgbe/ixgbe_flow.c | 13 ++++++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.h b/drivers/net/intel/ixgbe/ixgbe_ethdev.h
index 5393c81363..5dbd659941 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ethdev.h
+++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.h
@@ -359,6 +359,8 @@ struct ixgbe_l2_tn_info {
struct rte_flow {
enum rte_filter_type filter_type;
+ /* security flows are not rte_filter_type */
+ bool is_security;
void *rule;
};
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 27d2ba1132..90072e757e 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -3062,8 +3062,12 @@ ixgbe_flow_create(struct rte_eth_dev *dev,
#ifdef RTE_LIB_SECURITY
/* ESP flow not really a flow*/
- if (ntuple_filter.proto == IPPROTO_ESP)
+ if (ntuple_filter.proto == IPPROTO_ESP) {
+ if (ret != 0)
+ goto out;
+ flow->is_security = true;
return flow;
+ }
#endif
if (!ret) {
@@ -3350,6 +3354,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private);
struct ixgbe_rss_conf_ele *rss_filter_ptr;
+ /* Special case for SECURITY flows */
+ if (flow->is_security) {
+ ret = 0;
+ goto free;
+ }
+
switch (filter_type) {
case RTE_ETH_FILTER_NTUPLE:
ntuple_filter_ptr = (struct ixgbe_ntuple_filter_ele *)
@@ -3442,6 +3452,7 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
return ret;
}
+free:
TAILQ_FOREACH(ixgbe_flow_mem_ptr, &ixgbe_flow_list, entries) {
if (ixgbe_flow_mem_ptr->flow == pmd_flow) {
TAILQ_REMOVE(&ixgbe_flow_list,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov
@ 2026-02-12 12:53 ` Anatoly Burakov
2026-02-12 17:13 ` Bruce Richardson
2026-02-12 17:19 ` Radu Nicolau
2026-02-12 12:53 ` [PATCH v5 04/12] " Anatoly Burakov
` (8 subsequent siblings)
11 siblings, 2 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty
When parsing IPsec flows, we access the `conf` pointer unconditionally,
even though it might be NULL. Fix by adding the check.
Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_flow.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 90072e757e..81b983ce69 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -221,6 +221,13 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
act = next_no_void_action(actions, NULL);
if (act->type == RTE_FLOW_ACTION_TYPE_SECURITY) {
const void *conf = act->conf;
+
+ if (conf == NULL) {
+ rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ACTION_CONF,
+ act, "NULL security conf.");
+ return -rte_errno;
+ }
/* check if the next not void item is END */
act = next_no_void_action(actions, act);
if (act->type != RTE_FLOW_ACTION_TYPE_END) {
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 04/12] net/ixgbe: fix potential null dereference in IPsec
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (2 preceding siblings ...)
2026-02-12 12:53 ` [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov
@ 2026-02-12 12:53 ` Anatoly Burakov
2026-02-12 17:15 ` Bruce Richardson
2026-02-12 17:19 ` Radu Nicolau
2026-02-12 12:53 ` [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov
` (7 subsequent siblings)
11 siblings, 2 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty
Currently, IPsec flow parser will look for IPv4 flow item in the pattern,
and then pass it to IPsec SA flow function. However, we do not check if the
spec pointer is actually valid. Fix by adding the check.
Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_flow.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 81b983ce69..90a24806d2 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -251,6 +251,12 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
}
item = next_no_void_pattern(pattern, item);
}
+ if (item->spec == NULL) {
+ rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ITEM_SPEC, item,
+ "NULL IP pattern.");
+ return -rte_errno;
+ }
filter->proto = IPPROTO_ESP;
return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (3 preceding siblings ...)
2026-02-12 12:53 ` [PATCH v5 04/12] " Anatoly Burakov
@ 2026-02-12 12:53 ` Anatoly Burakov
2026-02-12 14:50 ` Burakov, Anatoly
2026-02-12 17:18 ` Radu Nicolau
2026-02-12 12:53 ` [PATCH v5 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov
` (6 subsequent siblings)
11 siblings, 2 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty
The original IPsec "add SA from flow" function expected a void* pointer to
security session as its first argument. However, the actual code was not
passing that, instead it passed `rte_flow_action_security` which was a
*container* for security session pointer.
Fix it by passing correct pointer type, as well as make typing more
explicit to let compiler catch such bugs in the future.
Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_flow.c | 14 ++++++++++++--
drivers/net/intel/ixgbe/ixgbe_ipsec.c | 19 +++++++------------
drivers/net/intel/ixgbe/ixgbe_ipsec.h | 16 +++++++++++++---
3 files changed, 32 insertions(+), 17 deletions(-)
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 90a24806d2..461fcf0857 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -221,6 +221,8 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
act = next_no_void_action(actions, NULL);
if (act->type == RTE_FLOW_ACTION_TYPE_SECURITY) {
const void *conf = act->conf;
+ const struct rte_flow_action_security *sec_act;
+ struct ip_spec spec;
if (conf == NULL) {
rte_flow_error_set(error, EINVAL,
@@ -259,8 +261,16 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
}
filter->proto = IPPROTO_ESP;
- return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec,
- item->type == RTE_FLOW_ITEM_TYPE_IPV6);
+ sec_act = (const struct rte_flow_action_security *)conf;
+ spec.is_ipv6 = item->type == RTE_FLOW_ITEM_TYPE_IPV6;
+ if (spec.is_ipv6) {
+ const struct rte_flow_item_ipv6 *ipv6 = item->spec;
+ spec.spec.ipv6 = *ipv6;
+ } else {
+ const struct rte_flow_item_ipv4 *ipv4 = item->spec;
+ spec.spec.ipv4 = *ipv4;
+ }
+ return ixgbe_crypto_add_ingress_sa_from_flow(sec_act->security_session, &spec);
}
#endif
diff --git a/drivers/net/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/intel/ixgbe/ixgbe_ipsec.c
index df0964a51d..f76ce5b3ee 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/intel/ixgbe/ixgbe_ipsec.c
@@ -664,20 +664,15 @@ ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev)
}
int
-ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
- const void *ip_spec,
- uint8_t is_ipv6)
+ixgbe_crypto_add_ingress_sa_from_flow(struct rte_security_session *sess,
+ const struct ip_spec *spec)
{
- /**
- * FIXME Updating the session priv data when the session is const.
- * Typecasting done here is wrong and the implementation need to be corrected.
- */
- struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t)
- ((const struct rte_security_session *)sess)->driver_priv_data;
+ struct ixgbe_crypto_session *ic_session =
+ RTE_CAST_PTR(struct ixgbe_crypto_session *, sess->driver_priv_data);
if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
- if (is_ipv6) {
- const struct rte_flow_item_ipv6 *ipv6 = ip_spec;
+ if (spec->is_ipv6) {
+ const struct rte_flow_item_ipv6 *ipv6 = &spec->spec.ipv6;
ic_session->src_ip.type = IPv6;
ic_session->dst_ip.type = IPv6;
rte_memcpy(ic_session->src_ip.ipv6,
@@ -685,7 +680,7 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
rte_memcpy(ic_session->dst_ip.ipv6,
&ipv6->hdr.dst_addr, 16);
} else {
- const struct rte_flow_item_ipv4 *ipv4 = ip_spec;
+ const struct rte_flow_item_ipv4 *ipv4 = &spec->spec.ipv4;
ic_session->src_ip.type = IPv4;
ic_session->dst_ip.type = IPv4;
ic_session->src_ip.ipv4 = ipv4->hdr.src_addr;
diff --git a/drivers/net/intel/ixgbe/ixgbe_ipsec.h b/drivers/net/intel/ixgbe/ixgbe_ipsec.h
index be39199be1..e7c7186264 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ipsec.h
+++ b/drivers/net/intel/ixgbe/ixgbe_ipsec.h
@@ -6,6 +6,9 @@
#define IXGBE_IPSEC_H_
#include <rte_security.h>
+#include <rte_security_driver.h>
+
+#include <rte_flow.h>
#define IPSRXIDX_RX_EN 0x00000001
#define IPSRXIDX_TABLE_IP 0x00000002
@@ -109,9 +112,16 @@ struct ixgbe_ipsec {
int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);
-int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
- const void *ip_spec,
- uint8_t is_ipv6);
+
+struct ip_spec {
+ bool is_ipv6;
+ union {
+ struct rte_flow_item_ipv4 ipv4;
+ struct rte_flow_item_ipv6 ipv6;
+ } spec;
+};
+int ixgbe_crypto_add_ingress_sa_from_flow(struct rte_security_session *sess,
+ const struct ip_spec *ip_spec);
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 06/12] net/i40e: move FDIR config to flow create
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (4 preceding siblings ...)
2026-02-12 12:53 ` [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov
@ 2026-02-12 12:53 ` Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
` (5 subsequent siblings)
11 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw)
To: dev, Bruce Richardson, Xiaoyun Li, Beilei Xing
Currently, FDIR filter parsing function will modify FDIR state after a
successful match. However, this function is called from both flow create
and flow validate, which results in the driver modifying FDIR state after
a flow validate call. Move the FDIR config to flow create.
Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++----------------
1 file changed, 23 insertions(+), 28 deletions(-)
diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c
index f130f53ae0..193b1b6725 100644
--- a/drivers/net/intel/i40e/i40e_flow.c
+++ b/drivers/net/intel/i40e/i40e_flow.c
@@ -2551,9 +2551,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev,
struct rte_flow_error *error,
union i40e_filter_t *filter)
{
- struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
- struct i40e_fdir_filter_conf *fdir_filter =
- &filter->fdir_filter;
+ struct i40e_fdir_filter_conf *fdir_filter = &filter->fdir_filter;
int ret;
ret = i40e_flow_parse_fdir_pattern(dev, pattern, error, fdir_filter);
@@ -2570,32 +2568,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev,
cons_filter_type = RTE_ETH_FILTER_FDIR;
- if (pf->fdir.fdir_vsi == NULL) {
- /* Enable fdir when fdir flow is added at first time. */
- ret = i40e_fdir_setup(pf);
- if (ret != I40E_SUCCESS) {
- rte_flow_error_set(error, ENOTSUP,
- RTE_FLOW_ERROR_TYPE_HANDLE,
- NULL, "Failed to setup fdir.");
- return -rte_errno;
- }
- ret = i40e_fdir_configure(dev);
- if (ret < 0) {
- rte_flow_error_set(error, ENOTSUP,
- RTE_FLOW_ERROR_TYPE_HANDLE,
- NULL, "Failed to configure fdir.");
- goto err;
- }
- }
-
- /* If create the first fdir rule, enable fdir check for rx queues */
- if (TAILQ_EMPTY(&pf->fdir.fdir_list))
- i40e_fdir_rx_proc_enable(dev, 1);
-
return 0;
-err:
- i40e_fdir_teardown(pf);
- return -rte_errno;
}
/* Parse to get the action info of a tunnel filter
@@ -3921,6 +3894,28 @@ i40e_flow_create(struct rte_eth_dev *dev,
return NULL;
if (cons_filter_type == RTE_ETH_FILTER_FDIR) {
+ /* if this is the first time we're creating an fdir flow */
+ if (pf->fdir.fdir_vsi == NULL) {
+ ret = i40e_fdir_setup(pf);
+ if (ret != I40E_SUCCESS) {
+ rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_HANDLE,
+ NULL, "Failed to setup fdir.");
+ return NULL;
+ }
+ ret = i40e_fdir_configure(dev);
+ if (ret < 0) {
+ rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_HANDLE,
+ NULL, "Failed to configure fdir.");
+ i40e_fdir_teardown(pf);
+ return NULL;
+ }
+ }
+ /* If create the first fdir rule, enable fdir check for rx queues */
+ if (TAILQ_EMPTY(&pf->fdir.fdir_list))
+ i40e_fdir_rx_proc_enable(dev, 1);
+
flow = i40e_fdir_entry_pool_get(fdir_info);
if (flow == NULL) {
rte_flow_error_set(error, ENOBUFS,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 07/12] net/i40e: fix IPv6 GTPU handling
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (5 preceding siblings ...)
2026-02-12 12:53 ` [PATCH v5 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov
@ 2026-02-12 12:53 ` Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
` (4 subsequent siblings)
11 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw)
To: dev, Bruce Richardson, Beilei Xing, Jingjing Wu
GTP tunnel code declares support for IPv6 GTPU flows but does not actually
handle IPv6 flow pattern item, resulting in incorrect parsing for IPv6
GTPU flows. Add IPv6 flow item handling.
Fixes: 47ba0398da3f ("net/i40e: add cloud filter parsing function for GTP")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/i40e/i40e_flow.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c
index 193b1b6725..2374b9bbca 100644
--- a/drivers/net/intel/i40e/i40e_flow.c
+++ b/drivers/net/intel/i40e/i40e_flow.c
@@ -3580,6 +3580,19 @@ i40e_flow_parse_gtp_pattern(struct rte_eth_dev *dev,
return -rte_errno;
}
break;
+ case RTE_FLOW_ITEM_TYPE_IPV6:
+ filter->ip_type = I40E_TUNNEL_IPTYPE_IPV6;
+ /* IPv6 is used to describe protocol,
+ * spec and mask should be NULL.
+ */
+ if (item->spec || item->mask) {
+ rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ITEM,
+ item,
+ "Invalid IPv6 item");
+ return -rte_errno;
+ }
+ break;
case RTE_FLOW_ITEM_TYPE_UDP:
if (item->spec || item->mask) {
rte_flow_error_set(error, EINVAL,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 08/12] net/iavf: fix memory leak on egress IPsec flows
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (6 preceding siblings ...)
2026-02-12 12:53 ` [PATCH v5 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
@ 2026-02-12 12:53 ` Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov
` (3 subsequent siblings)
11 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Abhijit Sinha, Jingjing Wu, Radu Nicolau,
Declan Doherty
When creating egress IPsec flows, no action need to be done in hardware, as
this is just a software association. However, because we do not write
anything to the rte_flow entry, subsequent destroy call will not destroy
this kind of flow, because it expects a valid engine to be set for every
flow. This results in memory unable to be freed back to the system.
In addition to that, when creating these flows, we do not actually store
the rte_flow pointer anywhere, so even if the user has triggered `uninit`
(which would have freed the flow), this flow isn't in the list so it would
never get freed.
Fix this by marking the flow as egress IPsec flows, adding it to the tailq,
and changing the `destroy` code to take all of that into account.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++-----
drivers/net/intel/iavf/iavf_generic_flow.h | 1 +
2 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c
index 6f6e95fc45..02917f863d 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.c
+++ b/drivers/net/intel/iavf/iavf_generic_flow.c
@@ -2265,8 +2265,10 @@ iavf_flow_create(struct rte_eth_dev *dev,
}
/* Special case for inline crypto egress flows */
- if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY)
- goto free_flow;
+ if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) {
+ flow->is_ipsec_egress_flow = true;
+ goto tailq_insert;
+ }
ret = iavf_flow_process_filter(dev, flow, attr, pattern, actions,
&engine, iavf_parse_engine_create, error);
@@ -2278,6 +2280,7 @@ iavf_flow_create(struct rte_eth_dev *dev,
}
flow->engine = engine;
+tailq_insert:
rte_spinlock_lock(&vf->flow_ops_lock);
TAILQ_INSERT_TAIL(&vf->flow_list, flow, node);
rte_spinlock_unlock(&vf->flow_ops_lock);
@@ -2293,7 +2296,14 @@ iavf_flow_is_valid(struct rte_flow *flow)
struct iavf_flow_engine *engine;
void *temp;
- if (flow && flow->engine) {
+ if (flow == NULL)
+ return false;
+
+ /* these flows don't use engines */
+ if (flow->is_ipsec_egress_flow)
+ return true;
+
+ if (flow->engine) {
RTE_TAILQ_FOREACH_SAFE(engine, &engine_list, node, temp) {
if (engine == flow->engine)
return true;
@@ -2311,18 +2321,26 @@ iavf_flow_destroy(struct rte_eth_dev *dev,
struct iavf_adapter *ad =
IAVF_DEV_PRIVATE_TO_ADAPTER(dev->data->dev_private);
struct iavf_info *vf = IAVF_DEV_PRIVATE_TO_VF(ad);
+ bool need_destroy;
int ret = 0;
- if (!iavf_flow_is_valid(flow) || !flow->engine->destroy) {
+ if (!iavf_flow_is_valid(flow)) {
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_HANDLE,
NULL, "Invalid flow destroy");
return -rte_errno;
}
+ need_destroy = !flow->is_ipsec_egress_flow;
+
+ if (need_destroy && flow->engine->destroy == NULL) {
+ return rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_HANDLE, NULL,
+ "Invalid flow destroy");
+ }
rte_spinlock_lock(&vf->flow_ops_lock);
-
- ret = flow->engine->destroy(ad, flow, error);
+ if (need_destroy)
+ ret = flow->engine->destroy(ad, flow, error);
if (!ret) {
TAILQ_REMOVE(&vf->flow_list, flow, node);
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.h b/drivers/net/intel/iavf/iavf_generic_flow.h
index 60d8ab02b4..b11bb4cf2b 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.h
+++ b/drivers/net/intel/iavf/iavf_generic_flow.h
@@ -517,6 +517,7 @@ TAILQ_HEAD(iavf_engine_list, iavf_flow_engine);
/* Struct to store flow created. */
struct rte_flow {
TAILQ_ENTRY(rte_flow) node;
+ bool is_ipsec_egress_flow;
struct iavf_flow_engine *engine;
void *rule;
};
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 09/12] net/iavf: fix memory leak on uninit
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (7 preceding siblings ...)
2026-02-12 12:53 ` [PATCH v5 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
@ 2026-02-12 12:53 ` Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov
` (2 subsequent siblings)
11 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Jingjing Wu, Abhijit Sinha,
Declan Doherty, Radu Nicolau
When IPsec is initialized, parsers and engines are registered into the
common infrastructure. However, during deinitialization, they are not
cleaned up. Fix it by including IPsec engines in the cleanup.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c
index 02917f863d..42ecc90d1d 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.c
+++ b/drivers/net/intel/iavf/iavf_generic_flow.c
@@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad)
TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node);
rte_free(p_parser);
}
+
+ while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) {
+ TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node);
+ rte_free(p_parser);
+ }
}
int
@@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser,
else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) ||
(parser->engine->type == IAVF_FLOW_ENGINE_FSUB))
list = &vf->dist_parser_list;
+ else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO)
+ list = &vf->ipsec_crypto_parser_list;
if (list == NULL)
return;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 10/12] net/iavf: fix IPv4 flow subscription
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (8 preceding siblings ...)
2026-02-12 12:53 ` [PATCH v5 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov
@ 2026-02-12 12:53 ` Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
11 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Qi Zhang, Jie Wang
Currently, when IPv4 is parsed as part of flow subscription input set, we
add two bytes to the total number of bytes in the input set for IPv4 source
or destination addresses, whereas they should be 4 bytes. Fix to add the
correct number of bytes.
Fixes: 6d42380e5983 ("net/iavf: add flow subscrption supported pattern")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/iavf/iavf_fsub.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/intel/iavf/iavf_fsub.c b/drivers/net/intel/iavf/iavf_fsub.c
index 18df9c6500..cf1030320f 100644
--- a/drivers/net/intel/iavf/iavf_fsub.c
+++ b/drivers/net/intel/iavf/iavf_fsub.c
@@ -314,11 +314,11 @@ iavf_fsub_parse_pattern(const struct rte_flow_item pattern[],
if (ipv4_mask->hdr.src_addr) {
*input |= IAVF_INSET_IPV4_SRC;
- input_set_byte += 2;
+ input_set_byte += 4;
}
if (ipv4_mask->hdr.dst_addr) {
*input |= IAVF_INSET_IPV4_DST;
- input_set_byte += 2;
+ input_set_byte += 4;
}
if (ipv4_mask->hdr.time_to_live) {
*input |= IAVF_INSET_IPV4_TTL;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 11/12] net/ice: fix memory leak in DCF QoS bandwidth config
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (9 preceding siblings ...)
2026-02-12 12:53 ` [PATCH v5 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov
@ 2026-02-12 12:53 ` Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
11 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw)
To: dev, Bruce Richardson, Qiming Yang, Qi Zhang, Ting Xu
Currently, when committing DCF QoS bandwidth configuration for VFs and TCs,
we are using rte_zmalloc followed by copying the data to persistent storage
and then discarding the temporary buffers. This is not needed as these
temporary buffers are not being stored anywhere, so replace them with
regular calloc. However, because the original code was missing a
corresponding `rte_free()` call for these temporary allocations, this
also fixes a memory leak.
Fixes: 3a6bfc37eaf4 ("net/ice: support QoS config VF bandwidth in DCF")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/ice/ice_dcf_sched.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/drivers/net/intel/ice/ice_dcf_sched.c b/drivers/net/intel/ice/ice_dcf_sched.c
index 2832d223d1..948774a282 100644
--- a/drivers/net/intel/ice/ice_dcf_sched.c
+++ b/drivers/net/intel/ice/ice_dcf_sched.c
@@ -1,6 +1,8 @@
/* SPDX-License-Identifier: BSD-3-Clause
* Copyright(c) 2010-2017 Intel Corporation
*/
+#include <stdlib.h>
+
#include <rte_tm_driver.h>
#include "base/ice_sched.h"
@@ -746,8 +748,8 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
{
struct ice_dcf_adapter *adapter = dev->data->dev_private;
struct ice_dcf_hw *hw = &adapter->real_hw;
- struct virtchnl_dcf_bw_cfg_list *vf_bw;
- struct virtchnl_dcf_bw_cfg_list *tc_bw;
+ struct virtchnl_dcf_bw_cfg_list *vf_bw = NULL;
+ struct virtchnl_dcf_bw_cfg_list *tc_bw = NULL;
struct ice_dcf_tm_node_list *vsi_list = &hw->tm_conf.vsi_list;
struct rte_tm_shaper_params *profile;
struct ice_dcf_tm_node *tm_node;
@@ -770,12 +772,12 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
size = sizeof(struct virtchnl_dcf_bw_cfg_list) +
sizeof(struct virtchnl_dcf_bw_cfg) *
(hw->tm_conf.nb_tc_node - 1);
- vf_bw = rte_zmalloc("vf_bw", size, 0);
+ vf_bw = calloc(1, size);
if (!vf_bw) {
ret_val = ICE_ERR_NO_MEMORY;
goto fail_clear;
}
- tc_bw = rte_zmalloc("tc_bw", size, 0);
+ tc_bw = calloc(1, size);
if (!tc_bw) {
ret_val = ICE_ERR_NO_MEMORY;
goto fail_clear;
@@ -875,6 +877,11 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
return ret_val;
fail_clear:
+ if (vf_bw != NULL)
+ free(vf_bw);
+ if (tc_bw != NULL)
+ free(tc_bw);
+
/* clear all the traffic manager configuration */
if (clear_on_fail) {
ice_dcf_tm_conf_uninit(dev);
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 12/12] net/ice: fix memory leak in FDIR flow parsing
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (10 preceding siblings ...)
2026-02-12 12:53 ` [PATCH v5 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
@ 2026-02-12 12:53 ` Anatoly Burakov
11 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw)
To: dev, Bruce Richardson, Junfeng Guo, Qi Zhang
Currently, RAW pattern parsing will cause a `pkt_buf` buffer to be
allocated to store parsed RAW pattern bytes. All error paths handle the
deallocation correctly, and the buffer will then be passed to FDIR filter
create function which also handles the presence of the buffer correctly,
and it is also freed correctly in destroy function.
However, rte_flow_validate will go through the same code path, but will not
call FDIR create/destroy nor even store the pointer, because `meta`
variable inside the flow parsing function will be set to NULL, which will
cause this memory to be leaked (and memset(0)-ed next time we try to
create/validate another flow).
Fix it by freeing the `pkt_buf` when `meta` is NULL.
Additionally, the initial allocation was done using `ice_malloc` macro. It
does not affect anything as `ice_malloc` translates to `rte_zmalloc` anyway
but for consistency, change the allocation to `rte_zmalloc` as well.
Fixes: 25be39cc1760 ("net/ice: enable protocol agnostic flow offloading in FDIR")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/ice/ice_fdir_filter.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/intel/ice/ice_fdir_filter.c b/drivers/net/intel/ice/ice_fdir_filter.c
index f7730ec6ab..da22b65a77 100644
--- a/drivers/net/intel/ice/ice_fdir_filter.c
+++ b/drivers/net/intel/ice/ice_fdir_filter.c
@@ -1938,7 +1938,7 @@ ice_fdir_parse_pattern(__rte_unused struct ice_adapter *ad,
goto raw_error;
}
- u8 *pkt_buf = (u8 *)ice_malloc(&ad->hw, pkt_len + 1);
+ u8 *pkt_buf = (u8 *)rte_zmalloc("raw pkt buf", pkt_len + 1, 0);
if (!pkt_buf) {
ret_val = -ENOMEM;
goto raw_error;
@@ -2497,8 +2497,12 @@ ice_fdir_parse(struct ice_adapter *ad,
if (ret)
goto error;
- if (meta)
+ /* if meta is NULL we're validating so the flow won't be stored */
+ if (meta) {
*meta = filter;
+ } else if (filter->pkt_buf != NULL) {
+ rte_free(filter->pkt_buf);
+ }
rte_free(item);
return ret;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec
2026-02-12 12:53 ` [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov
@ 2026-02-12 14:50 ` Burakov, Anatoly
2026-02-12 17:17 ` Bruce Richardson
2026-02-12 17:18 ` Radu Nicolau
1 sibling, 1 reply; 83+ messages in thread
From: Burakov, Anatoly @ 2026-02-12 14:50 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty
On 2/12/2026 1:53 PM, Anatoly Burakov wrote:
> The original IPsec "add SA from flow" function expected a void* pointer to
> security session as its first argument. However, the actual code was not
> passing that, instead it passed `rte_flow_action_security` which was a
> *container* for security session pointer.
>
> Fix it by passing correct pointer type, as well as make typing more
> explicit to let compiler catch such bugs in the future.
>
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
<snip>
> + const struct ip_spec *spec)
> {
> - /**
> - * FIXME Updating the session priv data when the session is const.
> - * Typecasting done here is wrong and the implementation need to be corrected.
> - */
> - struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t)
> - ((const struct rte_security_session *)sess)->driver_priv_data;
> + struct ixgbe_crypto_session *ic_session =
> + RTE_CAST_PTR(struct ixgbe_crypto_session *, sess->driver_priv_data);
Despite being removed, the comment is still true. This is an artifact of
how we get the crypto session (it comes from security rte_flow action,
which is const).
I suppose this could be fixed by looking up the security session by
pointer, but this would quickly get out of hand if we have a lot of
security sessions, so there's not much choice other than to cast away
the constness here. Ideas are welcome though!
--
Thanks,
Anatoly
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows
2026-02-12 12:53 ` [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov
@ 2026-02-12 17:10 ` Bruce Richardson
2026-02-12 17:14 ` Bruce Richardson
2026-02-13 8:44 ` Burakov, Anatoly
2026-02-12 17:19 ` Radu Nicolau
1 sibling, 2 replies; 83+ messages in thread
From: Bruce Richardson @ 2026-02-12 17:10 UTC (permalink / raw)
To: Anatoly Burakov; +Cc: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau
On Thu, Feb 12, 2026 at 12:53:25PM +0000, Anatoly Burakov wrote:
> Currently, security flows are implemented as a special case and do not go
> through the normal flow create/destroy infrastructure. However, because of
> that, it is impossible to destroy such flows once created. Fix it by adding
> a flag to rte_flow indicating that it is a security flow, so that it can be
> destroyed later.
>
> Additionally, security flows return pointer to allocated `rte_flow` struct
> unconditionally, even though the underlying call to ipsec code might have
> failed. Fix that by checking the return value from the filter function
> before returning.
>
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Not an expert in these security flows but the patch looks ok to me. One
minor nit inline below which you can take if you do a respin.
Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
> ---
> drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 ++
> drivers/net/intel/ixgbe/ixgbe_flow.c | 13 ++++++++++++-
> 2 files changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.h b/drivers/net/intel/ixgbe/ixgbe_ethdev.h
> index 5393c81363..5dbd659941 100644
> --- a/drivers/net/intel/ixgbe/ixgbe_ethdev.h
> +++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.h
> @@ -359,6 +359,8 @@ struct ixgbe_l2_tn_info {
>
> struct rte_flow {
> enum rte_filter_type filter_type;
> + /* security flows are not rte_filter_type */
> + bool is_security;
> void *rule;
> };
>
> diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
> index 27d2ba1132..90072e757e 100644
> --- a/drivers/net/intel/ixgbe/ixgbe_flow.c
> +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
> @@ -3062,8 +3062,12 @@ ixgbe_flow_create(struct rte_eth_dev *dev,
>
> #ifdef RTE_LIB_SECURITY
> /* ESP flow not really a flow*/
> - if (ntuple_filter.proto == IPPROTO_ESP)
> + if (ntuple_filter.proto == IPPROTO_ESP) {
> + if (ret != 0)
> + goto out;
> + flow->is_security = true;
> return flow;
> + }
> #endif
>
> if (!ret) {
> @@ -3350,6 +3354,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
> IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private);
> struct ixgbe_rss_conf_ele *rss_filter_ptr;
>
> + /* Special case for SECURITY flows */
> + if (flow->is_security) {
> + ret = 0;
Rather than assigning ret explicitly here, I think it might be better just
to set it = 0 at definition, and leaving this as a simple goto free. [It
would also head off any future compiler warnings about ret being
uninitialized :-)]
> + goto free;
> + }
> +
> switch (filter_type) {
> case RTE_ETH_FILTER_NTUPLE:
> ntuple_filter_ptr = (struct ixgbe_ntuple_filter_ele *)
> @@ -3442,6 +3452,7 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
> return ret;
> }
>
> +free:
> TAILQ_FOREACH(ixgbe_flow_mem_ptr, &ixgbe_flow_list, entries) {
> if (ixgbe_flow_mem_ptr->flow == pmd_flow) {
> TAILQ_REMOVE(&ixgbe_flow_list,
> --
> 2.47.3
>
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec
2026-02-12 12:53 ` [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov
@ 2026-02-12 17:13 ` Bruce Richardson
2026-02-12 17:19 ` Radu Nicolau
1 sibling, 0 replies; 83+ messages in thread
From: Bruce Richardson @ 2026-02-12 17:13 UTC (permalink / raw)
To: Anatoly Burakov; +Cc: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty
On Thu, Feb 12, 2026 at 12:53:26PM +0000, Anatoly Burakov wrote:
> When parsing IPsec flows, we access the `conf` pointer unconditionally,
> even though it might be NULL. Fix by adding the check.
>
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
> drivers/net/intel/ixgbe/ixgbe_flow.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
> index 90072e757e..81b983ce69 100644
> --- a/drivers/net/intel/ixgbe/ixgbe_flow.c
> +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
> @@ -221,6 +221,13 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
> act = next_no_void_action(actions, NULL);
> if (act->type == RTE_FLOW_ACTION_TYPE_SECURITY) {
> const void *conf = act->conf;
> +
> + if (conf == NULL) {
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ACTION_CONF,
> + act, "NULL security conf.");
> + return -rte_errno;
> + }
> /* check if the next not void item is END */
> act = next_no_void_action(actions, act);
> if (act->type != RTE_FLOW_ACTION_TYPE_END) {
> --
> 2.47.3
>
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows
2026-02-12 17:10 ` Bruce Richardson
@ 2026-02-12 17:14 ` Bruce Richardson
2026-02-13 8:44 ` Burakov, Anatoly
1 sibling, 0 replies; 83+ messages in thread
From: Bruce Richardson @ 2026-02-12 17:14 UTC (permalink / raw)
To: Anatoly Burakov; +Cc: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau
On Thu, Feb 12, 2026 at 05:10:54PM +0000, Bruce Richardson wrote:
> On Thu, Feb 12, 2026 at 12:53:25PM +0000, Anatoly Burakov wrote:
> > Currently, security flows are implemented as a special case and do not go
> > through the normal flow create/destroy infrastructure. However, because of
> > that, it is impossible to destroy such flows once created. Fix it by adding
> > a flag to rte_flow indicating that it is a security flow, so that it can be
> > destroyed later.
> >
> > Additionally, security flows return pointer to allocated `rte_flow` struct
> > unconditionally, even though the underlying call to ipsec code might have
> > failed. Fix that by checking the return value from the filter function
> > before returning.
> >
> > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> > Cc: radu.nicolau@intel.com
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
>
> Not an expert in these security flows but the patch looks ok to me. One
> minor nit inline below which you can take if you do a respin.
>
Correction :-): Wrong shortcut used!
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 04/12] net/ixgbe: fix potential null dereference in IPsec
2026-02-12 12:53 ` [PATCH v5 04/12] " Anatoly Burakov
@ 2026-02-12 17:15 ` Bruce Richardson
2026-02-12 17:19 ` Radu Nicolau
1 sibling, 0 replies; 83+ messages in thread
From: Bruce Richardson @ 2026-02-12 17:15 UTC (permalink / raw)
To: Anatoly Burakov; +Cc: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty
On Thu, Feb 12, 2026 at 12:53:27PM +0000, Anatoly Burakov wrote:
> Currently, IPsec flow parser will look for IPv4 flow item in the pattern,
> and then pass it to IPsec SA flow function. However, we do not check if the
> spec pointer is actually valid. Fix by adding the check.
>
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
> drivers/net/intel/ixgbe/ixgbe_flow.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
> index 81b983ce69..90a24806d2 100644
> --- a/drivers/net/intel/ixgbe/ixgbe_flow.c
> +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
> @@ -251,6 +251,12 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
> }
> item = next_no_void_pattern(pattern, item);
> }
> + if (item->spec == NULL) {
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ITEM_SPEC, item,
> + "NULL IP pattern.");
> + return -rte_errno;
> + }
>
> filter->proto = IPPROTO_ESP;
> return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec,
> --
> 2.47.3
>
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec
2026-02-12 14:50 ` Burakov, Anatoly
@ 2026-02-12 17:17 ` Bruce Richardson
2026-02-12 17:21 ` Radu Nicolau
0 siblings, 1 reply; 83+ messages in thread
From: Bruce Richardson @ 2026-02-12 17:17 UTC (permalink / raw)
To: Burakov, Anatoly; +Cc: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty
On Thu, Feb 12, 2026 at 03:50:26PM +0100, Burakov, Anatoly wrote:
> On 2/12/2026 1:53 PM, Anatoly Burakov wrote:
> > The original IPsec "add SA from flow" function expected a void* pointer to
> > security session as its first argument. However, the actual code was not
> > passing that, instead it passed `rte_flow_action_security` which was a
> > *container* for security session pointer.
> >
> > Fix it by passing correct pointer type, as well as make typing more
> > explicit to let compiler catch such bugs in the future.
> >
> > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> > Cc: radu.nicolau@intel.com
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> > ---
>
> <snip>
>
> > + const struct ip_spec *spec)
> > {
> > - /**
> > - * FIXME Updating the session priv data when the session is const.
> > - * Typecasting done here is wrong and the implementation need to be corrected.
> > - */
> > - struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t)
> > - ((const struct rte_security_session *)sess)->driver_priv_data;
> > + struct ixgbe_crypto_session *ic_session =
> > + RTE_CAST_PTR(struct ixgbe_crypto_session *, sess->driver_priv_data);
>
> Despite being removed, the comment is still true. This is an artifact of how
> we get the crypto session (it comes from security rte_flow action, which is
> const).
>
Why not keep the comment then?
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec
2026-02-12 12:53 ` [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov
2026-02-12 14:50 ` Burakov, Anatoly
@ 2026-02-12 17:18 ` Radu Nicolau
1 sibling, 0 replies; 83+ messages in thread
From: Radu Nicolau @ 2026-02-12 17:18 UTC (permalink / raw)
To: Anatoly Burakov, dev, Vladimir Medvedkin, Declan Doherty
On 12-Feb-26 12:53 PM, Anatoly Burakov wrote:
> The original IPsec "add SA from flow" function expected a void* pointer to
> security session as its first argument. However, the actual code was not
> passing that, instead it passed `rte_flow_action_security` which was a
> *container* for security session pointer.
>
> Fix it by passing correct pointer type, as well as make typing more
> explicit to let compiler catch such bugs in the future.
>
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 04/12] net/ixgbe: fix potential null dereference in IPsec
2026-02-12 12:53 ` [PATCH v5 04/12] " Anatoly Burakov
2026-02-12 17:15 ` Bruce Richardson
@ 2026-02-12 17:19 ` Radu Nicolau
1 sibling, 0 replies; 83+ messages in thread
From: Radu Nicolau @ 2026-02-12 17:19 UTC (permalink / raw)
To: Anatoly Burakov, dev, Vladimir Medvedkin, Declan Doherty
On 12-Feb-26 12:53 PM, Anatoly Burakov wrote:
> Currently, IPsec flow parser will look for IPv4 flow item in the pattern,
> and then pass it to IPsec SA flow function. However, we do not check if the
> spec pointer is actually valid. Fix by adding the check.
>
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec
2026-02-12 12:53 ` [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov
2026-02-12 17:13 ` Bruce Richardson
@ 2026-02-12 17:19 ` Radu Nicolau
1 sibling, 0 replies; 83+ messages in thread
From: Radu Nicolau @ 2026-02-12 17:19 UTC (permalink / raw)
To: Anatoly Burakov, dev, Vladimir Medvedkin, Declan Doherty
On 12-Feb-26 12:53 PM, Anatoly Burakov wrote:
> When parsing IPsec flows, we access the `conf` pointer unconditionally,
> even though it might be NULL. Fix by adding the check.
>
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows
2026-02-12 12:53 ` [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov
2026-02-12 17:10 ` Bruce Richardson
@ 2026-02-12 17:19 ` Radu Nicolau
1 sibling, 0 replies; 83+ messages in thread
From: Radu Nicolau @ 2026-02-12 17:19 UTC (permalink / raw)
To: Anatoly Burakov, dev, Vladimir Medvedkin, Declan Doherty
On 12-Feb-26 12:53 PM, Anatoly Burakov wrote:
> Currently, security flows are implemented as a special case and do not go
> through the normal flow create/destroy infrastructure. However, because of
> that, it is impossible to destroy such flows once created. Fix it by adding
> a flag to rte_flow indicating that it is a security flow, so that it can be
> destroyed later.
>
> Additionally, security flows return pointer to allocated `rte_flow` struct
> unconditionally, even though the underlying call to ipsec code might have
> failed. Fix that by checking the return value from the filter function
> before returning.
>
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec
2026-02-12 17:17 ` Bruce Richardson
@ 2026-02-12 17:21 ` Radu Nicolau
2026-02-13 8:40 ` Burakov, Anatoly
0 siblings, 1 reply; 83+ messages in thread
From: Radu Nicolau @ 2026-02-12 17:21 UTC (permalink / raw)
To: Bruce Richardson, Burakov, Anatoly
Cc: dev, Vladimir Medvedkin, Declan Doherty
On 12-Feb-26 5:17 PM, Bruce Richardson wrote:
> On Thu, Feb 12, 2026 at 03:50:26PM +0100, Burakov, Anatoly wrote:
>> On 2/12/2026 1:53 PM, Anatoly Burakov wrote:
>>> The original IPsec "add SA from flow" function expected a void* pointer to
>>> security session as its first argument. However, the actual code was not
>>> passing that, instead it passed `rte_flow_action_security` which was a
>>> *container* for security session pointer.
>>>
>>> Fix it by passing correct pointer type, as well as make typing more
>>> explicit to let compiler catch such bugs in the future.
>>>
>>> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
>>> Cc: radu.nicolau@intel.com
>>> Cc: stable@dpdk.org
>>>
>>> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
>>> ---
>> <snip>
>>
>>> + const struct ip_spec *spec)
>>> {
>>> - /**
>>> - * FIXME Updating the session priv data when the session is const.
>>> - * Typecasting done here is wrong and the implementation need to be corrected.
>>> - */
>>> - struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t)
>>> - ((const struct rte_security_session *)sess)->driver_priv_data;
>>> + struct ixgbe_crypto_session *ic_session =
>>> + RTE_CAST_PTR(struct ixgbe_crypto_session *, sess->driver_priv_data);
>> Despite being removed, the comment is still true. This is an artifact of how
>> we get the crypto session (it comes from security rte_flow action, which is
>> const).
>>
> Why not keep the comment then?
Probably it's best to explain why we cast away the const, but not
include the FIXME or TODO tag anymore.
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec
2026-02-12 17:21 ` Radu Nicolau
@ 2026-02-13 8:40 ` Burakov, Anatoly
0 siblings, 0 replies; 83+ messages in thread
From: Burakov, Anatoly @ 2026-02-13 8:40 UTC (permalink / raw)
To: Radu Nicolau, Bruce Richardson; +Cc: dev, Vladimir Medvedkin, Declan Doherty
On 2/12/2026 6:21 PM, Radu Nicolau wrote:
>
> On 12-Feb-26 5:17 PM, Bruce Richardson wrote:
>> On Thu, Feb 12, 2026 at 03:50:26PM +0100, Burakov, Anatoly wrote:
>>> On 2/12/2026 1:53 PM, Anatoly Burakov wrote:
>>>> The original IPsec "add SA from flow" function expected a void*
>>>> pointer to
>>>> security session as its first argument. However, the actual code was
>>>> not
>>>> passing that, instead it passed `rte_flow_action_security` which was a
>>>> *container* for security session pointer.
>>>>
>>>> Fix it by passing correct pointer type, as well as make typing more
>>>> explicit to let compiler catch such bugs in the future.
>>>>
>>>> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
>>>> Cc: radu.nicolau@intel.com
>>>> Cc: stable@dpdk.org
>>>>
>>>> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
>>>> ---
>>> <snip>
>>>
>>>> + const struct ip_spec *spec)
>>>> {
>>>> - /**
>>>> - * FIXME Updating the session priv data when the session is const.
>>>> - * Typecasting done here is wrong and the implementation need
>>>> to be corrected.
>>>> - */
>>>> - struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t)
>>>> - ((const struct rte_security_session *)sess)-
>>>> >driver_priv_data;
>>>> + struct ixgbe_crypto_session *ic_session =
>>>> + RTE_CAST_PTR(struct ixgbe_crypto_session *, sess-
>>>> >driver_priv_data);
>>> Despite being removed, the comment is still true. This is an artifact
>>> of how
>>> we get the crypto session (it comes from security rte_flow action,
>>> which is
>>> const).
>>>
>> Why not keep the comment then?
> Probably it's best to explain why we cast away the const, but not
> include the FIXME or TODO tag anymore.
The removal was accidental, I'll add it back in v6
--
Thanks,
Anatoly
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows
2026-02-12 17:10 ` Bruce Richardson
2026-02-12 17:14 ` Bruce Richardson
@ 2026-02-13 8:44 ` Burakov, Anatoly
2026-02-13 8:50 ` Bruce Richardson
1 sibling, 1 reply; 83+ messages in thread
From: Burakov, Anatoly @ 2026-02-13 8:44 UTC (permalink / raw)
To: Bruce Richardson; +Cc: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau
On 2/12/2026 6:10 PM, Bruce Richardson wrote:
> On Thu, Feb 12, 2026 at 12:53:25PM +0000, Anatoly Burakov wrote:
>> Currently, security flows are implemented as a special case and do not go
>> through the normal flow create/destroy infrastructure. However, because of
>> that, it is impossible to destroy such flows once created. Fix it by adding
>> a flag to rte_flow indicating that it is a security flow, so that it can be
>> destroyed later.
>>
>> Additionally, security flows return pointer to allocated `rte_flow` struct
>> unconditionally, even though the underlying call to ipsec code might have
>> failed. Fix that by checking the return value from the filter function
>> before returning.
>>
>> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
>> Cc: radu.nicolau@intel.com
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
<snip>
>> @@ -3350,6 +3354,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
>> IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private);
>> struct ixgbe_rss_conf_ele *rss_filter_ptr;
>>
>> + /* Special case for SECURITY flows */
>> + if (flow->is_security) {
>> + ret = 0;
>
> Rather than assigning ret explicitly here, I think it might be better just
> to set it = 0 at definition, and leaving this as a simple goto free. [It
> would also head off any future compiler warnings about ret being
> uninitialized :-)]
>
I actually remember a lot of commits *removing* that sort of thing, with
the idea being that we *want* to have these warnings to make sure every
path is covered. Additionally, I personally prefer it this way for
clarity (i.e. explicitly indicating success).
I can still fix it if you have strong feelings on it, but I'd rather
leave it as is.
--
Thanks,
Anatoly
^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows
2026-02-13 8:44 ` Burakov, Anatoly
@ 2026-02-13 8:50 ` Bruce Richardson
0 siblings, 0 replies; 83+ messages in thread
From: Bruce Richardson @ 2026-02-13 8:50 UTC (permalink / raw)
To: Burakov, Anatoly; +Cc: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau
On Fri, Feb 13, 2026 at 09:44:49AM +0100, Burakov, Anatoly wrote:
> On 2/12/2026 6:10 PM, Bruce Richardson wrote:
> > On Thu, Feb 12, 2026 at 12:53:25PM +0000, Anatoly Burakov wrote:
> > > Currently, security flows are implemented as a special case and do not go
> > > through the normal flow create/destroy infrastructure. However, because of
> > > that, it is impossible to destroy such flows once created. Fix it by adding
> > > a flag to rte_flow indicating that it is a security flow, so that it can be
> > > destroyed later.
> > >
> > > Additionally, security flows return pointer to allocated `rte_flow` struct
> > > unconditionally, even though the underlying call to ipsec code might have
> > > failed. Fix that by checking the return value from the filter function
> > > before returning.
> > >
> > > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> > > Cc: radu.nicolau@intel.com
> > > Cc: stable@dpdk.org
> > >
> > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
>
> <snip>
>
> > > @@ -3350,6 +3354,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
> > > IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private);
> > > struct ixgbe_rss_conf_ele *rss_filter_ptr;
> > > + /* Special case for SECURITY flows */
> > > + if (flow->is_security) {
> > > + ret = 0;
> >
> > Rather than assigning ret explicitly here, I think it might be better just
> > to set it = 0 at definition, and leaving this as a simple goto free. [It
> > would also head off any future compiler warnings about ret being
> > uninitialized :-)]
> >
>
> I actually remember a lot of commits *removing* that sort of thing, with the
> idea being that we *want* to have these warnings to make sure every path is
> covered. Additionally, I personally prefer it this way for clarity (i.e.
> explicitly indicating success).
>
> I can still fix it if you have strong feelings on it, but I'd rather leave
> it as is.
>
True. It was just fresh in my mind having had to fix an issue with the hash
gfni code where the compiler had failed to realise that the variable had
to have been initialized and so was giving a false positive warning.
If you prefer it this way, I'm ok to keep as-is.
/Bruce
^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's
2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
` (6 preceding siblings ...)
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
@ 2026-02-13 9:10 ` Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
` (12 more replies)
7 siblings, 13 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw)
To: dev
Various bug fixes for Intel IXGBE, I40E, ICE, and IAVF drivers
v1 -> v2:
- Added patches [1] [2] that were previously sent separately
- Added patch fixing leak in DCF config
v2 -> v3:
- Added patch fixing leak in FDIR parser
v3 -> v4:
- Reordered patchsets by driver
- Added patch to fix ixgbe security flow memory leak
v4 -> v5:
- Fixed build issues in DCF patch
- Added three more patches to fix various bugs in IPsec
v5 -> v6:
- Brought back comment about constness and moved it to where
casting away actually happens
[1] https://patches.dpdk.org/project/dpdk/patch/fbd32a8a688fd0ed90fcf497703edcc30f69d54d.1770643356.git.anatoly.burakov@intel.com/
[2] https://patches.dpdk.org/project/dpdk/patch/ab4f8d8cf24dcd18f0dd6da3359266083f31d789.1770642901.git.anatoly.burakov@intel.com/
Anatoly Burakov (12):
net/ixgbe: add missing E610 MAC type checks
net/ixgbe: fix memory leak in security flows
net/ixgbe: fix potential null dereference in IPsec
net/ixgbe: fix potential null dereference in IPsec
net/ixgbe: fix wrong pointer handling in IPsec
net/i40e: move FDIR config to flow create
net/i40e: fix IPv6 GTPU handling
net/iavf: fix memory leak on egress IPsec flows
net/iavf: fix memory leak on uninit
net/iavf: fix IPv4 flow subscription
net/ice: fix memory leak in DCF QoS bandwidth config
net/ice: fix memory leak in FDIR flow parsing
drivers/net/intel/i40e/i40e_flow.c | 64 ++++++++++++----------
drivers/net/intel/iavf/iavf_fsub.c | 4 +-
drivers/net/intel/iavf/iavf_generic_flow.c | 37 +++++++++++--
drivers/net/intel/iavf/iavf_generic_flow.h | 1 +
drivers/net/intel/ice/ice_dcf_sched.c | 15 +++--
drivers/net/intel/ice/ice_fdir_filter.c | 8 ++-
drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +--
drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++----
drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 +
drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 ++-
drivers/net/intel/ixgbe/ixgbe_flow.c | 53 ++++++++++++++++--
drivers/net/intel/ixgbe/ixgbe_ipsec.c | 18 ++----
drivers/net/intel/ixgbe/ixgbe_ipsec.h | 16 +++++-
drivers/net/intel/ixgbe/ixgbe_pf.c | 5 +-
drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++--
15 files changed, 194 insertions(+), 88 deletions(-)
--
2.47.3
^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v6 01/12] net/ixgbe: add missing E610 MAC type checks
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
@ 2026-02-13 9:10 ` Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov
` (11 subsequent siblings)
12 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Carolyn Wyborny, Piotr Kwapulinski,
Jedrzej Jagielski
A few E610 MAC type checks were missing (verified using E610 datasheet).
Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
Reviewed-by: Piotr Kwapulinski <piotr.kwapulinski@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +-----
drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++--------
drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++---
drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++-
drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++--
drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++----
6 files changed, 39 insertions(+), 28 deletions(-)
diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
index 6ef965dbb6..eb73bc8b17 100644
--- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
+++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
@@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status)
dir_sdo = IXGBE_ESDP_SDP6_DIR;
break;
case ixgbe_mac_X540:
- sck = IXGBE_ESDP_SDP2;
- sdi = IXGBE_ESDP_SDP0;
- sdo = IXGBE_ESDP_SDP1;
- dir_sck = IXGBE_ESDP_SDP2_DIR;
- dir_sdi = IXGBE_ESDP_SDP0_DIR;
- dir_sdo = IXGBE_ESDP_SDP1_DIR;
- break;
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
sck = IXGBE_ESDP_SDP2;
sdi = IXGBE_ESDP_SDP0;
sdo = IXGBE_ESDP_SDP1;
diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
index 89a799762f..11500a923c 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
@@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev,
(hw->mac.type != ixgbe_mac_X540) &&
(hw->mac.type != ixgbe_mac_X550) &&
(hw->mac.type != ixgbe_mac_X550EM_x) &&
- (hw->mac.type != ixgbe_mac_X550EM_a))
+ (hw->mac.type != ixgbe_mac_X550EM_a) &&
+ (hw->mac.type != ixgbe_mac_E610))
return -ENOSYS;
PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d",
@@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev)
ctrl |= IXGBE_EXTENDED_VLAN;
IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl);
- /* Clear pooling mode of PFVTCTL. It's required by X550. */
+ /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) {
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) {
ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL);
ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK;
IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl);
@@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev)
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
speed = IXGBE_LINK_SPEED_X550_AUTONEG;
break;
default:
@@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X540_vf ||
hw->mac.type == ixgbe_mac_X550 ||
- hw->mac.type == ixgbe_mac_X550_vf) {
+ hw->mac.type == ixgbe_mac_X550_vf ||
+ hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M;
}
- if (hw->mac.type == ixgbe_mac_X550) {
+ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G;
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G;
}
@@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c
index 97ef185583..0bdfbd411a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_fdir.c
+++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c
@@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev)
hw->mac.type != ixgbe_mac_E610)
return -ENOSYS;
- /* x550 supports mac-vlan and tunnel mode but other NICs not */
+ /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not */
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610 &&
mode != RTE_FDIR_MODE_SIGNATURE &&
mode != RTE_FDIR_MODE_PERFECT)
return -ENOSYS;
@@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
return -ENOTSUP;
/*
- * Sanity check for x550.
+ * Sanity check for x550 and E610.
* When adding a new filter with flow type set to IPv4,
* the flow director mask should be configed before,
* and the L4 protocol and ports are masked.
@@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
if ((!del) &&
(hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) &&
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) &&
(rule->ixgbe_fdir.formatted.flow_type ==
IXGBE_ATR_FLOW_TYPE_IPV4 ||
rule->ixgbe_fdir.formatted.flow_type ==
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 3b68d820ca..27d2ba1132 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf));
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c
index e967fe5e48..d9a775f99a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_pf.c
+++ b/drivers/net/intel/ixgbe/ixgbe_pf.c
@@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf)
uint32_t max_frs;
uint32_t hlreg0;
- /* X540 and X550 support jumbo frames in IOV mode */
+ /* X540, X550, and E610 support jumbo frames in IOV mode */
if (hw->mac.type != ixgbe_mac_X540 &&
hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
struct ixgbe_vf_info *vfinfo =
*IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private);
diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
index 0af04c9b0d..2857c19355 100644
--- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c
+++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
@@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
/*
* The packet type in RX descriptor is different for different NICs.
- * Some bits are used for x550 but reserved for other NICS.
+ * Some bits are used for x550 and E610 but reserved for other NICS.
* So set different masks for different NICs.
*/
if (hw->mac.type == ixgbe_mac_X550 ||
@@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
hw->mac.type == ixgbe_mac_X550EM_a ||
hw->mac.type == ixgbe_mac_X550_vf ||
hw->mac.type == ixgbe_mac_X550EM_x_vf ||
- hw->mac.type == ixgbe_mac_X550EM_a_vf)
+ hw->mac.type == ixgbe_mac_X550EM_a_vf ||
+ hw->mac.type == ixgbe_mac_E610)
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550;
else
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599;
@@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
ixgbe_setup_loopback_link_x540_x550(hw, false);
}
}
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 02/12] net/ixgbe: fix memory leak in security flows
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
@ 2026-02-13 9:10 ` Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov
` (10 subsequent siblings)
12 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau
Currently, security flows are implemented as a special case and do not go
through the normal flow create/destroy infrastructure. However, because of
that, it is impossible to destroy such flows once created. Fix it by adding
a flag to rte_flow indicating that it is a security flow, so that it can be
destroyed later.
Additionally, security flows return pointer to allocated `rte_flow` struct
unconditionally, even though the underlying call to ipsec code might have
failed. Fix that by checking the return value from the filter function
before returning.
Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 ++
drivers/net/intel/ixgbe/ixgbe_flow.c | 13 ++++++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.h b/drivers/net/intel/ixgbe/ixgbe_ethdev.h
index 5393c81363..5dbd659941 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ethdev.h
+++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.h
@@ -359,6 +359,8 @@ struct ixgbe_l2_tn_info {
struct rte_flow {
enum rte_filter_type filter_type;
+ /* security flows are not rte_filter_type */
+ bool is_security;
void *rule;
};
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 27d2ba1132..90072e757e 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -3062,8 +3062,12 @@ ixgbe_flow_create(struct rte_eth_dev *dev,
#ifdef RTE_LIB_SECURITY
/* ESP flow not really a flow*/
- if (ntuple_filter.proto == IPPROTO_ESP)
+ if (ntuple_filter.proto == IPPROTO_ESP) {
+ if (ret != 0)
+ goto out;
+ flow->is_security = true;
return flow;
+ }
#endif
if (!ret) {
@@ -3350,6 +3354,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private);
struct ixgbe_rss_conf_ele *rss_filter_ptr;
+ /* Special case for SECURITY flows */
+ if (flow->is_security) {
+ ret = 0;
+ goto free;
+ }
+
switch (filter_type) {
case RTE_ETH_FILTER_NTUPLE:
ntuple_filter_ptr = (struct ixgbe_ntuple_filter_ele *)
@@ -3442,6 +3452,7 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
return ret;
}
+free:
TAILQ_FOREACH(ixgbe_flow_mem_ptr, &ixgbe_flow_list, entries) {
if (ixgbe_flow_mem_ptr->flow == pmd_flow) {
TAILQ_REMOVE(&ixgbe_flow_list,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 03/12] net/ixgbe: fix potential null dereference in IPsec
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov
@ 2026-02-13 9:10 ` Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 04/12] " Anatoly Burakov
` (9 subsequent siblings)
12 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau
When parsing IPsec flows, we access the `conf` pointer unconditionally,
even though it might be NULL. Fix by adding the check.
Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_flow.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 90072e757e..81b983ce69 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -221,6 +221,13 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
act = next_no_void_action(actions, NULL);
if (act->type == RTE_FLOW_ACTION_TYPE_SECURITY) {
const void *conf = act->conf;
+
+ if (conf == NULL) {
+ rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ACTION_CONF,
+ act, "NULL security conf.");
+ return -rte_errno;
+ }
/* check if the next not void item is END */
act = next_no_void_action(actions, act);
if (act->type != RTE_FLOW_ACTION_TYPE_END) {
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 04/12] net/ixgbe: fix potential null dereference in IPsec
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (2 preceding siblings ...)
2026-02-13 9:10 ` [PATCH v6 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov
@ 2026-02-13 9:10 ` Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov
` (8 subsequent siblings)
12 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau
Currently, IPsec flow parser will look for IPv4 flow item in the pattern,
and then pass it to IPsec SA flow function. However, we do not check if the
spec pointer is actually valid. Fix by adding the check.
Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_flow.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 81b983ce69..90a24806d2 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -251,6 +251,12 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
}
item = next_no_void_pattern(pattern, item);
}
+ if (item->spec == NULL) {
+ rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ITEM_SPEC, item,
+ "NULL IP pattern.");
+ return -rte_errno;
+ }
filter->proto = IPPROTO_ESP;
return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 05/12] net/ixgbe: fix wrong pointer handling in IPsec
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (3 preceding siblings ...)
2026-02-13 9:10 ` [PATCH v6 04/12] " Anatoly Burakov
@ 2026-02-13 9:10 ` Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov
` (7 subsequent siblings)
12 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty
The original IPsec "add SA from flow" function expected a void* pointer to
security session as its first argument. However, the actual code was not
passing that, instead it passed `rte_flow_action_security` which was a
*container* for security session pointer.
Fix it by passing correct pointer type, as well as make typing more
explicit to let compiler catch such bugs in the future.
Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_flow.c | 24 ++++++++++++++++++++++--
drivers/net/intel/ixgbe/ixgbe_ipsec.c | 18 ++++++------------
drivers/net/intel/ixgbe/ixgbe_ipsec.h | 16 +++++++++++++---
3 files changed, 41 insertions(+), 17 deletions(-)
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 90a24806d2..6a7edc6377 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -221,6 +221,9 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
act = next_no_void_action(actions, NULL);
if (act->type == RTE_FLOW_ACTION_TYPE_SECURITY) {
const void *conf = act->conf;
+ const struct rte_flow_action_security *sec_act;
+ struct rte_security_session *session;
+ struct ip_spec spec;
if (conf == NULL) {
rte_flow_error_set(error, EINVAL,
@@ -259,8 +262,25 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr,
}
filter->proto = IPPROTO_ESP;
- return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec,
- item->type == RTE_FLOW_ITEM_TYPE_IPV6);
+ sec_act = (const struct rte_flow_action_security *)conf;
+ spec.is_ipv6 = item->type == RTE_FLOW_ITEM_TYPE_IPV6;
+ if (spec.is_ipv6) {
+ const struct rte_flow_item_ipv6 *ipv6 = item->spec;
+ spec.spec.ipv6 = *ipv6;
+ } else {
+ const struct rte_flow_item_ipv4 *ipv4 = item->spec;
+ spec.spec.ipv4 = *ipv4;
+ }
+
+ /*
+ * we get pointer to security session from security action,
+ * which is const. however, we do need to act on the session, so
+ * either we do some kind of pointer based lookup to get session
+ * pointer internally (which quickly gets unwieldy for lots of
+ * flows case), or we simply cast away constness.
+ */
+ session = RTE_CAST_PTR(struct rte_security_session *, sec_act->security_session);
+ return ixgbe_crypto_add_ingress_sa_from_flow(session, &spec);
}
#endif
diff --git a/drivers/net/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/intel/ixgbe/ixgbe_ipsec.c
index df0964a51d..fe9a96c54d 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ipsec.c
+++ b/drivers/net/intel/ixgbe/ixgbe_ipsec.c
@@ -664,20 +664,14 @@ ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev)
}
int
-ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
- const void *ip_spec,
- uint8_t is_ipv6)
+ixgbe_crypto_add_ingress_sa_from_flow(struct rte_security_session *sess,
+ const struct ip_spec *spec)
{
- /**
- * FIXME Updating the session priv data when the session is const.
- * Typecasting done here is wrong and the implementation need to be corrected.
- */
- struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t)
- ((const struct rte_security_session *)sess)->driver_priv_data;
+ struct ixgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(sess);
if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) {
- if (is_ipv6) {
- const struct rte_flow_item_ipv6 *ipv6 = ip_spec;
+ if (spec->is_ipv6) {
+ const struct rte_flow_item_ipv6 *ipv6 = &spec->spec.ipv6;
ic_session->src_ip.type = IPv6;
ic_session->dst_ip.type = IPv6;
rte_memcpy(ic_session->src_ip.ipv6,
@@ -685,7 +679,7 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
rte_memcpy(ic_session->dst_ip.ipv6,
&ipv6->hdr.dst_addr, 16);
} else {
- const struct rte_flow_item_ipv4 *ipv4 = ip_spec;
+ const struct rte_flow_item_ipv4 *ipv4 = &spec->spec.ipv4;
ic_session->src_ip.type = IPv4;
ic_session->dst_ip.type = IPv4;
ic_session->src_ip.ipv4 = ipv4->hdr.src_addr;
diff --git a/drivers/net/intel/ixgbe/ixgbe_ipsec.h b/drivers/net/intel/ixgbe/ixgbe_ipsec.h
index be39199be1..e7c7186264 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ipsec.h
+++ b/drivers/net/intel/ixgbe/ixgbe_ipsec.h
@@ -6,6 +6,9 @@
#define IXGBE_IPSEC_H_
#include <rte_security.h>
+#include <rte_security_driver.h>
+
+#include <rte_flow.h>
#define IPSRXIDX_RX_EN 0x00000001
#define IPSRXIDX_TABLE_IP 0x00000002
@@ -109,9 +112,16 @@ struct ixgbe_ipsec {
int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev);
int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev);
-int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess,
- const void *ip_spec,
- uint8_t is_ipv6);
+
+struct ip_spec {
+ bool is_ipv6;
+ union {
+ struct rte_flow_item_ipv4 ipv4;
+ struct rte_flow_item_ipv6 ipv6;
+ } spec;
+};
+int ixgbe_crypto_add_ingress_sa_from_flow(struct rte_security_session *sess,
+ const struct ip_spec *ip_spec);
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 06/12] net/i40e: move FDIR config to flow create
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (4 preceding siblings ...)
2026-02-13 9:10 ` [PATCH v6 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov
@ 2026-02-13 9:10 ` Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
` (6 subsequent siblings)
12 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw)
To: dev, Bruce Richardson, Xiaoyun Li, Beilei Xing
Currently, FDIR filter parsing function will modify FDIR state after a
successful match. However, this function is called from both flow create
and flow validate, which results in the driver modifying FDIR state after
a flow validate call. Move the FDIR config to flow create.
Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++----------------
1 file changed, 23 insertions(+), 28 deletions(-)
diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c
index f130f53ae0..193b1b6725 100644
--- a/drivers/net/intel/i40e/i40e_flow.c
+++ b/drivers/net/intel/i40e/i40e_flow.c
@@ -2551,9 +2551,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev,
struct rte_flow_error *error,
union i40e_filter_t *filter)
{
- struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
- struct i40e_fdir_filter_conf *fdir_filter =
- &filter->fdir_filter;
+ struct i40e_fdir_filter_conf *fdir_filter = &filter->fdir_filter;
int ret;
ret = i40e_flow_parse_fdir_pattern(dev, pattern, error, fdir_filter);
@@ -2570,32 +2568,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev,
cons_filter_type = RTE_ETH_FILTER_FDIR;
- if (pf->fdir.fdir_vsi == NULL) {
- /* Enable fdir when fdir flow is added at first time. */
- ret = i40e_fdir_setup(pf);
- if (ret != I40E_SUCCESS) {
- rte_flow_error_set(error, ENOTSUP,
- RTE_FLOW_ERROR_TYPE_HANDLE,
- NULL, "Failed to setup fdir.");
- return -rte_errno;
- }
- ret = i40e_fdir_configure(dev);
- if (ret < 0) {
- rte_flow_error_set(error, ENOTSUP,
- RTE_FLOW_ERROR_TYPE_HANDLE,
- NULL, "Failed to configure fdir.");
- goto err;
- }
- }
-
- /* If create the first fdir rule, enable fdir check for rx queues */
- if (TAILQ_EMPTY(&pf->fdir.fdir_list))
- i40e_fdir_rx_proc_enable(dev, 1);
-
return 0;
-err:
- i40e_fdir_teardown(pf);
- return -rte_errno;
}
/* Parse to get the action info of a tunnel filter
@@ -3921,6 +3894,28 @@ i40e_flow_create(struct rte_eth_dev *dev,
return NULL;
if (cons_filter_type == RTE_ETH_FILTER_FDIR) {
+ /* if this is the first time we're creating an fdir flow */
+ if (pf->fdir.fdir_vsi == NULL) {
+ ret = i40e_fdir_setup(pf);
+ if (ret != I40E_SUCCESS) {
+ rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_HANDLE,
+ NULL, "Failed to setup fdir.");
+ return NULL;
+ }
+ ret = i40e_fdir_configure(dev);
+ if (ret < 0) {
+ rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_HANDLE,
+ NULL, "Failed to configure fdir.");
+ i40e_fdir_teardown(pf);
+ return NULL;
+ }
+ }
+ /* If create the first fdir rule, enable fdir check for rx queues */
+ if (TAILQ_EMPTY(&pf->fdir.fdir_list))
+ i40e_fdir_rx_proc_enable(dev, 1);
+
flow = i40e_fdir_entry_pool_get(fdir_info);
if (flow == NULL) {
rte_flow_error_set(error, ENOBUFS,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 07/12] net/i40e: fix IPv6 GTPU handling
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (5 preceding siblings ...)
2026-02-13 9:10 ` [PATCH v6 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov
@ 2026-02-13 9:10 ` Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
` (5 subsequent siblings)
12 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw)
To: dev, Bruce Richardson, Beilei Xing, Jingjing Wu
GTP tunnel code declares support for IPv6 GTPU flows but does not actually
handle IPv6 flow pattern item, resulting in incorrect parsing for IPv6
GTPU flows. Add IPv6 flow item handling.
Fixes: 47ba0398da3f ("net/i40e: add cloud filter parsing function for GTP")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/i40e/i40e_flow.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c
index 193b1b6725..2374b9bbca 100644
--- a/drivers/net/intel/i40e/i40e_flow.c
+++ b/drivers/net/intel/i40e/i40e_flow.c
@@ -3580,6 +3580,19 @@ i40e_flow_parse_gtp_pattern(struct rte_eth_dev *dev,
return -rte_errno;
}
break;
+ case RTE_FLOW_ITEM_TYPE_IPV6:
+ filter->ip_type = I40E_TUNNEL_IPTYPE_IPV6;
+ /* IPv6 is used to describe protocol,
+ * spec and mask should be NULL.
+ */
+ if (item->spec || item->mask) {
+ rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_ITEM,
+ item,
+ "Invalid IPv6 item");
+ return -rte_errno;
+ }
+ break;
case RTE_FLOW_ITEM_TYPE_UDP:
if (item->spec || item->mask) {
rte_flow_error_set(error, EINVAL,
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 08/12] net/iavf: fix memory leak on egress IPsec flows
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (6 preceding siblings ...)
2026-02-13 9:10 ` [PATCH v6 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
@ 2026-02-13 9:10 ` Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov
` (4 subsequent siblings)
12 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau,
Abhijit Sinha, Jingjing Wu
When creating egress IPsec flows, no action need to be done in hardware, as
this is just a software association. However, because we do not write
anything to the rte_flow entry, subsequent destroy call will not destroy
this kind of flow, because it expects a valid engine to be set for every
flow. This results in memory unable to be freed back to the system.
In addition to that, when creating these flows, we do not actually store
the rte_flow pointer anywhere, so even if the user has triggered `uninit`
(which would have freed the flow), this flow isn't in the list so it would
never get freed.
Fix this by marking the flow as egress IPsec flows, adding it to the tailq,
and changing the `destroy` code to take all of that into account.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++-----
drivers/net/intel/iavf/iavf_generic_flow.h | 1 +
2 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c
index 6f6e95fc45..02917f863d 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.c
+++ b/drivers/net/intel/iavf/iavf_generic_flow.c
@@ -2265,8 +2265,10 @@ iavf_flow_create(struct rte_eth_dev *dev,
}
/* Special case for inline crypto egress flows */
- if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY)
- goto free_flow;
+ if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) {
+ flow->is_ipsec_egress_flow = true;
+ goto tailq_insert;
+ }
ret = iavf_flow_process_filter(dev, flow, attr, pattern, actions,
&engine, iavf_parse_engine_create, error);
@@ -2278,6 +2280,7 @@ iavf_flow_create(struct rte_eth_dev *dev,
}
flow->engine = engine;
+tailq_insert:
rte_spinlock_lock(&vf->flow_ops_lock);
TAILQ_INSERT_TAIL(&vf->flow_list, flow, node);
rte_spinlock_unlock(&vf->flow_ops_lock);
@@ -2293,7 +2296,14 @@ iavf_flow_is_valid(struct rte_flow *flow)
struct iavf_flow_engine *engine;
void *temp;
- if (flow && flow->engine) {
+ if (flow == NULL)
+ return false;
+
+ /* these flows don't use engines */
+ if (flow->is_ipsec_egress_flow)
+ return true;
+
+ if (flow->engine) {
RTE_TAILQ_FOREACH_SAFE(engine, &engine_list, node, temp) {
if (engine == flow->engine)
return true;
@@ -2311,18 +2321,26 @@ iavf_flow_destroy(struct rte_eth_dev *dev,
struct iavf_adapter *ad =
IAVF_DEV_PRIVATE_TO_ADAPTER(dev->data->dev_private);
struct iavf_info *vf = IAVF_DEV_PRIVATE_TO_VF(ad);
+ bool need_destroy;
int ret = 0;
- if (!iavf_flow_is_valid(flow) || !flow->engine->destroy) {
+ if (!iavf_flow_is_valid(flow)) {
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_HANDLE,
NULL, "Invalid flow destroy");
return -rte_errno;
}
+ need_destroy = !flow->is_ipsec_egress_flow;
+
+ if (need_destroy && flow->engine->destroy == NULL) {
+ return rte_flow_error_set(error, EINVAL,
+ RTE_FLOW_ERROR_TYPE_HANDLE, NULL,
+ "Invalid flow destroy");
+ }
rte_spinlock_lock(&vf->flow_ops_lock);
-
- ret = flow->engine->destroy(ad, flow, error);
+ if (need_destroy)
+ ret = flow->engine->destroy(ad, flow, error);
if (!ret) {
TAILQ_REMOVE(&vf->flow_list, flow, node);
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.h b/drivers/net/intel/iavf/iavf_generic_flow.h
index 60d8ab02b4..b11bb4cf2b 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.h
+++ b/drivers/net/intel/iavf/iavf_generic_flow.h
@@ -517,6 +517,7 @@ TAILQ_HEAD(iavf_engine_list, iavf_flow_engine);
/* Struct to store flow created. */
struct rte_flow {
TAILQ_ENTRY(rte_flow) node;
+ bool is_ipsec_egress_flow;
struct iavf_flow_engine *engine;
void *rule;
};
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 09/12] net/iavf: fix memory leak on uninit
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (7 preceding siblings ...)
2026-02-13 9:10 ` [PATCH v6 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
@ 2026-02-13 9:10 ` Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov
` (3 subsequent siblings)
12 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty,
Jingjing Wu, Abhijit Sinha
When IPsec is initialized, parsers and engines are registered into the
common infrastructure. However, during deinitialization, they are not
cleaned up. Fix it by including IPsec engines in the cleanup.
Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto")
Cc: radu.nicolau@intel.com
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c
index 02917f863d..42ecc90d1d 100644
--- a/drivers/net/intel/iavf/iavf_generic_flow.c
+++ b/drivers/net/intel/iavf/iavf_generic_flow.c
@@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad)
TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node);
rte_free(p_parser);
}
+
+ while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) {
+ TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node);
+ rte_free(p_parser);
+ }
}
int
@@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser,
else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) ||
(parser->engine->type == IAVF_FLOW_ENGINE_FSUB))
list = &vf->dist_parser_list;
+ else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO)
+ list = &vf->ipsec_crypto_parser_list;
if (list == NULL)
return;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 10/12] net/iavf: fix IPv4 flow subscription
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (8 preceding siblings ...)
2026-02-13 9:10 ` [PATCH v6 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov
@ 2026-02-13 9:10 ` Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
` (2 subsequent siblings)
12 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Qi Zhang, Jie Wang
Currently, when IPv4 is parsed as part of flow subscription input set, we
add two bytes to the total number of bytes in the input set for IPv4 source
or destination addresses, whereas they should be 4 bytes. Fix to add the
correct number of bytes.
Fixes: 6d42380e5983 ("net/iavf: add flow subscrption supported pattern")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/iavf/iavf_fsub.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/intel/iavf/iavf_fsub.c b/drivers/net/intel/iavf/iavf_fsub.c
index 18df9c6500..cf1030320f 100644
--- a/drivers/net/intel/iavf/iavf_fsub.c
+++ b/drivers/net/intel/iavf/iavf_fsub.c
@@ -314,11 +314,11 @@ iavf_fsub_parse_pattern(const struct rte_flow_item pattern[],
if (ipv4_mask->hdr.src_addr) {
*input |= IAVF_INSET_IPV4_SRC;
- input_set_byte += 2;
+ input_set_byte += 4;
}
if (ipv4_mask->hdr.dst_addr) {
*input |= IAVF_INSET_IPV4_DST;
- input_set_byte += 2;
+ input_set_byte += 4;
}
if (ipv4_mask->hdr.time_to_live) {
*input |= IAVF_INSET_IPV4_TTL;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 11/12] net/ice: fix memory leak in DCF QoS bandwidth config
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (9 preceding siblings ...)
2026-02-13 9:10 ` [PATCH v6 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov
@ 2026-02-13 9:10 ` Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
2026-02-13 10:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Bruce Richardson
12 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw)
To: dev, Bruce Richardson, Qi Zhang, Ting Xu, Qiming Yang
Currently, when committing DCF QoS bandwidth configuration for VFs and TCs,
we are using rte_zmalloc followed by copying the data to persistent storage
and then discarding the temporary buffers. This is not needed as these
temporary buffers are not being stored anywhere, so replace them with
regular calloc. However, because the original code was missing a
corresponding `rte_free()` call for these temporary allocations, this
also fixes a memory leak.
Fixes: 3a6bfc37eaf4 ("net/ice: support QoS config VF bandwidth in DCF")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/ice/ice_dcf_sched.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/drivers/net/intel/ice/ice_dcf_sched.c b/drivers/net/intel/ice/ice_dcf_sched.c
index 2832d223d1..948774a282 100644
--- a/drivers/net/intel/ice/ice_dcf_sched.c
+++ b/drivers/net/intel/ice/ice_dcf_sched.c
@@ -1,6 +1,8 @@
/* SPDX-License-Identifier: BSD-3-Clause
* Copyright(c) 2010-2017 Intel Corporation
*/
+#include <stdlib.h>
+
#include <rte_tm_driver.h>
#include "base/ice_sched.h"
@@ -746,8 +748,8 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
{
struct ice_dcf_adapter *adapter = dev->data->dev_private;
struct ice_dcf_hw *hw = &adapter->real_hw;
- struct virtchnl_dcf_bw_cfg_list *vf_bw;
- struct virtchnl_dcf_bw_cfg_list *tc_bw;
+ struct virtchnl_dcf_bw_cfg_list *vf_bw = NULL;
+ struct virtchnl_dcf_bw_cfg_list *tc_bw = NULL;
struct ice_dcf_tm_node_list *vsi_list = &hw->tm_conf.vsi_list;
struct rte_tm_shaper_params *profile;
struct ice_dcf_tm_node *tm_node;
@@ -770,12 +772,12 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
size = sizeof(struct virtchnl_dcf_bw_cfg_list) +
sizeof(struct virtchnl_dcf_bw_cfg) *
(hw->tm_conf.nb_tc_node - 1);
- vf_bw = rte_zmalloc("vf_bw", size, 0);
+ vf_bw = calloc(1, size);
if (!vf_bw) {
ret_val = ICE_ERR_NO_MEMORY;
goto fail_clear;
}
- tc_bw = rte_zmalloc("tc_bw", size, 0);
+ tc_bw = calloc(1, size);
if (!tc_bw) {
ret_val = ICE_ERR_NO_MEMORY;
goto fail_clear;
@@ -875,6 +877,11 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev,
return ret_val;
fail_clear:
+ if (vf_bw != NULL)
+ free(vf_bw);
+ if (tc_bw != NULL)
+ free(tc_bw);
+
/* clear all the traffic manager configuration */
if (clear_on_fail) {
ice_dcf_tm_conf_uninit(dev);
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 12/12] net/ice: fix memory leak in FDIR flow parsing
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (10 preceding siblings ...)
2026-02-13 9:10 ` [PATCH v6 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
@ 2026-02-13 9:10 ` Anatoly Burakov
2026-02-13 10:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Bruce Richardson
12 siblings, 0 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw)
To: dev, Bruce Richardson, Junfeng Guo, Qi Zhang
Currently, RAW pattern parsing will cause a `pkt_buf` buffer to be
allocated to store parsed RAW pattern bytes. All error paths handle the
deallocation correctly, and the buffer will then be passed to FDIR filter
create function which also handles the presence of the buffer correctly,
and it is also freed correctly in destroy function.
However, rte_flow_validate will go through the same code path, but will not
call FDIR create/destroy nor even store the pointer, because `meta`
variable inside the flow parsing function will be set to NULL, which will
cause this memory to be leaked (and memset(0)-ed next time we try to
create/validate another flow).
Fix it by freeing the `pkt_buf` when `meta` is NULL.
Additionally, the initial allocation was done using `ice_malloc` macro. It
does not affect anything as `ice_malloc` translates to `rte_zmalloc` anyway
but for consistency, change the allocation to `rte_zmalloc` as well.
Fixes: 25be39cc1760 ("net/ice: enable protocol agnostic flow offloading in FDIR")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com>
---
drivers/net/intel/ice/ice_fdir_filter.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/intel/ice/ice_fdir_filter.c b/drivers/net/intel/ice/ice_fdir_filter.c
index f7730ec6ab..da22b65a77 100644
--- a/drivers/net/intel/ice/ice_fdir_filter.c
+++ b/drivers/net/intel/ice/ice_fdir_filter.c
@@ -1938,7 +1938,7 @@ ice_fdir_parse_pattern(__rte_unused struct ice_adapter *ad,
goto raw_error;
}
- u8 *pkt_buf = (u8 *)ice_malloc(&ad->hw, pkt_len + 1);
+ u8 *pkt_buf = (u8 *)rte_zmalloc("raw pkt buf", pkt_len + 1, 0);
if (!pkt_buf) {
ret_val = -ENOMEM;
goto raw_error;
@@ -2497,8 +2497,12 @@ ice_fdir_parse(struct ice_adapter *ad,
if (ret)
goto error;
- if (meta)
+ /* if meta is NULL we're validating so the flow won't be stored */
+ if (meta) {
*meta = filter;
+ } else if (filter->pkt_buf != NULL) {
+ rte_free(filter->pkt_buf);
+ }
rte_free(item);
return ret;
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
` (11 preceding siblings ...)
2026-02-13 9:10 ` [PATCH v6 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
@ 2026-02-13 10:10 ` Bruce Richardson
12 siblings, 0 replies; 83+ messages in thread
From: Bruce Richardson @ 2026-02-13 10:10 UTC (permalink / raw)
To: Anatoly Burakov; +Cc: dev
On Fri, Feb 13, 2026 at 09:10:02AM +0000, Anatoly Burakov wrote:
> Various bug fixes for Intel IXGBE, I40E, ICE, and IAVF drivers
>
> v1 -> v2:
> - Added patches [1] [2] that were previously sent separately
> - Added patch fixing leak in DCF config
>
> v2 -> v3:
> - Added patch fixing leak in FDIR parser
>
> v3 -> v4:
> - Reordered patchsets by driver
> - Added patch to fix ixgbe security flow memory leak
>
> v4 -> v5:
> - Fixed build issues in DCF patch
> - Added three more patches to fix various bugs in IPsec
>
> v5 -> v6:
> - Brought back comment about constness and moved it to where
> casting away actually happens
>
> [1] https://patches.dpdk.org/project/dpdk/patch/fbd32a8a688fd0ed90fcf497703edcc30f69d54d.1770643356.git.anatoly.burakov@intel.com/
> [2] https://patches.dpdk.org/project/dpdk/patch/ab4f8d8cf24dcd18f0dd6da3359266083f31d789.1770642901.git.anatoly.burakov@intel.com/
>
Applied to dpdk-next-net-intel.
Thanks,
/Bruce
^ permalink raw reply [flat|nested] 83+ messages in thread
end of thread, other threads:[~2026-02-13 10:10 UTC | newest]
Thread overview: 83+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-09 12:58 ` [PATCH v1 2/4] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-09 12:58 ` [PATCH v1 3/4] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
2026-02-09 14:40 ` Radu Nicolau
2026-02-09 12:58 ` [PATCH v1 4/4] net/iavf: fix memory leak on uninit Anatoly Burakov
2026-02-09 14:40 ` Radu Nicolau
2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 2/7] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 3/7] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 4/7] net/iavf: fix memory leak on uninit Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 5/7] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 6/7] net/iavf: fix IPv4 flow subscription Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 7/7] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 1/8] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 2/8] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 3/8] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 4/8] net/iavf: fix memory leak on uninit Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 5/8] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 6/8] net/iavf: fix IPv4 flow subscription Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 7/8] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 8/8] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-11 13:49 ` [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-11 15:17 ` Medvedkin, Vladimir
2026-02-11 21:57 ` Kwapulinski, Piotr
2026-02-11 13:49 ` [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows Anatoly Burakov
2026-02-11 15:28 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 3/9] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-11 15:38 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 4/9] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
2026-02-11 15:40 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 5/9] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
2026-02-11 15:45 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 6/9] net/iavf: fix memory leak on uninit Anatoly Burakov
2026-02-11 15:52 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 7/9] net/iavf: fix IPv4 flow subscription Anatoly Burakov
2026-02-11 15:53 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 8/9] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
2026-02-11 15:56 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 9/9] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
2026-02-11 16:06 ` Medvedkin, Vladimir
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov
2026-02-12 17:10 ` Bruce Richardson
2026-02-12 17:14 ` Bruce Richardson
2026-02-13 8:44 ` Burakov, Anatoly
2026-02-13 8:50 ` Bruce Richardson
2026-02-12 17:19 ` Radu Nicolau
2026-02-12 12:53 ` [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov
2026-02-12 17:13 ` Bruce Richardson
2026-02-12 17:19 ` Radu Nicolau
2026-02-12 12:53 ` [PATCH v5 04/12] " Anatoly Burakov
2026-02-12 17:15 ` Bruce Richardson
2026-02-12 17:19 ` Radu Nicolau
2026-02-12 12:53 ` [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov
2026-02-12 14:50 ` Burakov, Anatoly
2026-02-12 17:17 ` Bruce Richardson
2026-02-12 17:21 ` Radu Nicolau
2026-02-13 8:40 ` Burakov, Anatoly
2026-02-12 17:18 ` Radu Nicolau
2026-02-12 12:53 ` [PATCH v5 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 04/12] " Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
2026-02-13 10:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Bruce Richardson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox