* [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks
@ 2026-02-09 12:58 Anatoly Burakov
2026-02-09 12:58 ` [PATCH v1 2/4] net/i40e: move FDIR config to flow create Anatoly Burakov
` (7 more replies)
0 siblings, 8 replies; 83+ messages in thread
From: Anatoly Burakov @ 2026-02-09 12:58 UTC (permalink / raw)
To: dev, Vladimir Medvedkin, Carolyn Wyborny, Piotr Kwapulinski,
Jedrzej Jagielski
A few E610 MAC type checks were missing (verified using E610 datasheet).
Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device")
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +-----
drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++--------
drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++---
drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++-
drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++--
drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++----
6 files changed, 39 insertions(+), 28 deletions(-)
diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
index 6ef965dbb6..eb73bc8b17 100644
--- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
+++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h
@@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status)
dir_sdo = IXGBE_ESDP_SDP6_DIR;
break;
case ixgbe_mac_X540:
- sck = IXGBE_ESDP_SDP2;
- sdi = IXGBE_ESDP_SDP0;
- sdo = IXGBE_ESDP_SDP1;
- dir_sck = IXGBE_ESDP_SDP2_DIR;
- dir_sdi = IXGBE_ESDP_SDP0_DIR;
- dir_sdo = IXGBE_ESDP_SDP1_DIR;
- break;
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
sck = IXGBE_ESDP_SDP2;
sdi = IXGBE_ESDP_SDP0;
sdo = IXGBE_ESDP_SDP1;
diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
index 89a799762f..11500a923c 100644
--- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c
+++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c
@@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev,
(hw->mac.type != ixgbe_mac_X540) &&
(hw->mac.type != ixgbe_mac_X550) &&
(hw->mac.type != ixgbe_mac_X550EM_x) &&
- (hw->mac.type != ixgbe_mac_X550EM_a))
+ (hw->mac.type != ixgbe_mac_X550EM_a) &&
+ (hw->mac.type != ixgbe_mac_E610))
return -ENOSYS;
PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d",
@@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev)
ctrl |= IXGBE_EXTENDED_VLAN;
IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl);
- /* Clear pooling mode of PFVTCTL. It's required by X550. */
+ /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) {
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) {
ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL);
ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK;
IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl);
@@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev)
case ixgbe_mac_X550:
case ixgbe_mac_X550EM_x:
case ixgbe_mac_X550EM_a:
+ case ixgbe_mac_E610:
speed = IXGBE_LINK_SPEED_X550_AUTONEG;
break;
default:
@@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X540_vf ||
hw->mac.type == ixgbe_mac_X550 ||
- hw->mac.type == ixgbe_mac_X550_vf) {
+ hw->mac.type == ixgbe_mac_X550_vf ||
+ hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M;
}
- if (hw->mac.type == ixgbe_mac_X550) {
+ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610) {
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G;
dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G;
}
@@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
@@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en)
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
return -ENOTSUP;
}
diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c
index 97ef185583..0bdfbd411a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_fdir.c
+++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c
@@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev)
hw->mac.type != ixgbe_mac_E610)
return -ENOSYS;
- /* x550 supports mac-vlan and tunnel mode but other NICs not */
+ /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not */
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610 &&
mode != RTE_FDIR_MODE_SIGNATURE &&
mode != RTE_FDIR_MODE_PERFECT)
return -ENOSYS;
@@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
return -ENOTSUP;
/*
- * Sanity check for x550.
+ * Sanity check for x550 and E610.
* When adding a new filter with flow type set to IPv4,
* the flow director mask should be configed before,
* and the L4 protocol and ports are masked.
@@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev,
if ((!del) &&
(hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a) &&
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610) &&
(rule->ixgbe_fdir.formatted.flow_type ==
IXGBE_ATR_FLOW_TYPE_IPV4 ||
rule->ixgbe_fdir.formatted.flow_type ==
diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
index 3b68d820ca..27d2ba1132 100644
--- a/drivers/net/intel/ixgbe/ixgbe_flow.c
+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
@@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev,
if (hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf));
rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ITEM,
diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c
index e967fe5e48..d9a775f99a 100644
--- a/drivers/net/intel/ixgbe/ixgbe_pf.c
+++ b/drivers/net/intel/ixgbe/ixgbe_pf.c
@@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf)
uint32_t max_frs;
uint32_t hlreg0;
- /* X540 and X550 support jumbo frames in IOV mode */
+ /* X540, X550, and E610 support jumbo frames in IOV mode */
if (hw->mac.type != ixgbe_mac_X540 &&
hw->mac.type != ixgbe_mac_X550 &&
hw->mac.type != ixgbe_mac_X550EM_x &&
- hw->mac.type != ixgbe_mac_X550EM_a) {
+ hw->mac.type != ixgbe_mac_X550EM_a &&
+ hw->mac.type != ixgbe_mac_E610) {
struct ixgbe_vf_info *vfinfo =
*IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private);
diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
index 0af04c9b0d..2857c19355 100644
--- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c
+++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c
@@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM;
#ifdef RTE_LIB_SECURITY
@@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
/*
* The packet type in RX descriptor is different for different NICs.
- * Some bits are used for x550 but reserved for other NICS.
+ * Some bits are used for x550 and E610 but reserved for other NICS.
* So set different masks for different NICs.
*/
if (hw->mac.type == ixgbe_mac_X550 ||
@@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev,
hw->mac.type == ixgbe_mac_X550EM_a ||
hw->mac.type == ixgbe_mac_X550_vf ||
hw->mac.type == ixgbe_mac_X550EM_x_vf ||
- hw->mac.type == ixgbe_mac_X550EM_a_vf)
+ hw->mac.type == ixgbe_mac_X550EM_a_vf ||
+ hw->mac.type == ixgbe_mac_E610)
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550;
else
rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599;
@@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev)
if (hw->mac.type == ixgbe_mac_X540 ||
hw->mac.type == ixgbe_mac_X550 ||
hw->mac.type == ixgbe_mac_X550EM_x ||
- hw->mac.type == ixgbe_mac_X550EM_a)
+ hw->mac.type == ixgbe_mac_X550EM_a ||
+ hw->mac.type == ixgbe_mac_E610)
ixgbe_setup_loopback_link_x540_x550(hw, false);
}
}
--
2.47.3
^ permalink raw reply related [flat|nested] 83+ messages in thread* [PATCH v1 2/4] net/i40e: move FDIR config to flow create 2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov @ 2026-02-09 12:58 ` Anatoly Burakov 2026-02-09 12:58 ` [PATCH v1 3/4] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov ` (6 subsequent siblings) 7 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-09 12:58 UTC (permalink / raw) To: dev, Bruce Richardson, Beilei Xing, Xiaoyun Li Currently, FDIR filter parsing function will modify FDIR state after a successful match. However, this function is called from both flow create and flow validate, which results in the driver modifying FDIR state after a flow validate call. Move the FDIR config to flow create. Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++---------------- 1 file changed, 23 insertions(+), 28 deletions(-) diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c index f130f53ae0..193b1b6725 100644 --- a/drivers/net/intel/i40e/i40e_flow.c +++ b/drivers/net/intel/i40e/i40e_flow.c @@ -2551,9 +2551,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev, struct rte_flow_error *error, union i40e_filter_t *filter) { - struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private); - struct i40e_fdir_filter_conf *fdir_filter = - &filter->fdir_filter; + struct i40e_fdir_filter_conf *fdir_filter = &filter->fdir_filter; int ret; ret = i40e_flow_parse_fdir_pattern(dev, pattern, error, fdir_filter); @@ -2570,32 +2568,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev, cons_filter_type = RTE_ETH_FILTER_FDIR; - if (pf->fdir.fdir_vsi == NULL) { - /* Enable fdir when fdir flow is added at first time. */ - ret = i40e_fdir_setup(pf); - if (ret != I40E_SUCCESS) { - rte_flow_error_set(error, ENOTSUP, - RTE_FLOW_ERROR_TYPE_HANDLE, - NULL, "Failed to setup fdir."); - return -rte_errno; - } - ret = i40e_fdir_configure(dev); - if (ret < 0) { - rte_flow_error_set(error, ENOTSUP, - RTE_FLOW_ERROR_TYPE_HANDLE, - NULL, "Failed to configure fdir."); - goto err; - } - } - - /* If create the first fdir rule, enable fdir check for rx queues */ - if (TAILQ_EMPTY(&pf->fdir.fdir_list)) - i40e_fdir_rx_proc_enable(dev, 1); - return 0; -err: - i40e_fdir_teardown(pf); - return -rte_errno; } /* Parse to get the action info of a tunnel filter @@ -3921,6 +3894,28 @@ i40e_flow_create(struct rte_eth_dev *dev, return NULL; if (cons_filter_type == RTE_ETH_FILTER_FDIR) { + /* if this is the first time we're creating an fdir flow */ + if (pf->fdir.fdir_vsi == NULL) { + ret = i40e_fdir_setup(pf); + if (ret != I40E_SUCCESS) { + rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_HANDLE, + NULL, "Failed to setup fdir."); + return NULL; + } + ret = i40e_fdir_configure(dev); + if (ret < 0) { + rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_HANDLE, + NULL, "Failed to configure fdir."); + i40e_fdir_teardown(pf); + return NULL; + } + } + /* If create the first fdir rule, enable fdir check for rx queues */ + if (TAILQ_EMPTY(&pf->fdir.fdir_list)) + i40e_fdir_rx_proc_enable(dev, 1); + flow = i40e_fdir_entry_pool_get(fdir_info); if (flow == NULL) { rte_flow_error_set(error, ENOBUFS, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v1 3/4] net/iavf: fix memory leak on egress IPsec flows 2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-09 12:58 ` [PATCH v1 2/4] net/i40e: move FDIR config to flow create Anatoly Burakov @ 2026-02-09 12:58 ` Anatoly Burakov 2026-02-09 14:40 ` Radu Nicolau 2026-02-09 12:58 ` [PATCH v1 4/4] net/iavf: fix memory leak on uninit Anatoly Burakov ` (5 subsequent siblings) 7 siblings, 1 reply; 83+ messages in thread From: Anatoly Burakov @ 2026-02-09 12:58 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty, Abhijit Sinha, Jingjing Wu When creating egress IPsec flows, no action need to be done in hardware, as this is just a software association. However, because we do not write anything to the rte_flow entry, subsequent destroy call will not destroy this kind of flow, because it expects a valid engine to be set for every flow. This results in memory unable to be freed back to the system. In addition to that, when creating these flows, we do not actually store the rte_flow pointer anywhere, so even if the user has triggered `uninit` (which would have freed the flow), this flow isn't in the list so it would never get freed. Fix this by marking the flow as egress IPsec flows, adding it to the tailq, and changing the `destroy` code to take all of that into account. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++----- drivers/net/intel/iavf/iavf_generic_flow.h | 1 + 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c index 6f6e95fc45..02917f863d 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.c +++ b/drivers/net/intel/iavf/iavf_generic_flow.c @@ -2265,8 +2265,10 @@ iavf_flow_create(struct rte_eth_dev *dev, } /* Special case for inline crypto egress flows */ - if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) - goto free_flow; + if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) { + flow->is_ipsec_egress_flow = true; + goto tailq_insert; + } ret = iavf_flow_process_filter(dev, flow, attr, pattern, actions, &engine, iavf_parse_engine_create, error); @@ -2278,6 +2280,7 @@ iavf_flow_create(struct rte_eth_dev *dev, } flow->engine = engine; +tailq_insert: rte_spinlock_lock(&vf->flow_ops_lock); TAILQ_INSERT_TAIL(&vf->flow_list, flow, node); rte_spinlock_unlock(&vf->flow_ops_lock); @@ -2293,7 +2296,14 @@ iavf_flow_is_valid(struct rte_flow *flow) struct iavf_flow_engine *engine; void *temp; - if (flow && flow->engine) { + if (flow == NULL) + return false; + + /* these flows don't use engines */ + if (flow->is_ipsec_egress_flow) + return true; + + if (flow->engine) { RTE_TAILQ_FOREACH_SAFE(engine, &engine_list, node, temp) { if (engine == flow->engine) return true; @@ -2311,18 +2321,26 @@ iavf_flow_destroy(struct rte_eth_dev *dev, struct iavf_adapter *ad = IAVF_DEV_PRIVATE_TO_ADAPTER(dev->data->dev_private); struct iavf_info *vf = IAVF_DEV_PRIVATE_TO_VF(ad); + bool need_destroy; int ret = 0; - if (!iavf_flow_is_valid(flow) || !flow->engine->destroy) { + if (!iavf_flow_is_valid(flow)) { rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_HANDLE, NULL, "Invalid flow destroy"); return -rte_errno; } + need_destroy = !flow->is_ipsec_egress_flow; + + if (need_destroy && flow->engine->destroy == NULL) { + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_HANDLE, NULL, + "Invalid flow destroy"); + } rte_spinlock_lock(&vf->flow_ops_lock); - - ret = flow->engine->destroy(ad, flow, error); + if (need_destroy) + ret = flow->engine->destroy(ad, flow, error); if (!ret) { TAILQ_REMOVE(&vf->flow_list, flow, node); diff --git a/drivers/net/intel/iavf/iavf_generic_flow.h b/drivers/net/intel/iavf/iavf_generic_flow.h index 60d8ab02b4..b11bb4cf2b 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.h +++ b/drivers/net/intel/iavf/iavf_generic_flow.h @@ -517,6 +517,7 @@ TAILQ_HEAD(iavf_engine_list, iavf_flow_engine); /* Struct to store flow created. */ struct rte_flow { TAILQ_ENTRY(rte_flow) node; + bool is_ipsec_egress_flow; struct iavf_flow_engine *engine; void *rule; }; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v1 3/4] net/iavf: fix memory leak on egress IPsec flows 2026-02-09 12:58 ` [PATCH v1 3/4] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov @ 2026-02-09 14:40 ` Radu Nicolau 0 siblings, 0 replies; 83+ messages in thread From: Radu Nicolau @ 2026-02-09 14:40 UTC (permalink / raw) To: Anatoly Burakov, dev, Vladimir Medvedkin, Declan Doherty, Abhijit Sinha, Jingjing Wu On 09-Feb-26 12:58 PM, Anatoly Burakov wrote: > When creating egress IPsec flows, no action need to be done in hardware, as > this is just a software association. However, because we do not write > anything to the rte_flow entry, subsequent destroy call will not destroy > this kind of flow, because it expects a valid engine to be set for every > flow. This results in memory unable to be freed back to the system. > > In addition to that, when creating these flows, we do not actually store > the rte_flow pointer anywhere, so even if the user has triggered `uninit` > (which would have freed the flow), this flow isn't in the list so it would > never get freed. > > Fix this by marking the flow as egress IPsec flows, adding it to the tailq, > and changing the `destroy` code to take all of that into account. > > Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") > Cc: radu.nicolau@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- Acked-by: Radu Nicolau <radu.nicolau@intel.com> ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v1 4/4] net/iavf: fix memory leak on uninit 2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-09 12:58 ` [PATCH v1 2/4] net/i40e: move FDIR config to flow create Anatoly Burakov 2026-02-09 12:58 ` [PATCH v1 3/4] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov @ 2026-02-09 12:58 ` Anatoly Burakov 2026-02-09 14:40 ` Radu Nicolau 2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov ` (4 subsequent siblings) 7 siblings, 1 reply; 83+ messages in thread From: Anatoly Burakov @ 2026-02-09 12:58 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau, Abhijit Sinha, Jingjing Wu When IPsec is initialized, parsers and engines are registered into the common infrastructure. However, during deinitialization, they are not cleaned up. Fix it by including IPsec engines in the cleanup. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c index 02917f863d..42ecc90d1d 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.c +++ b/drivers/net/intel/iavf/iavf_generic_flow.c @@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad) TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node); rte_free(p_parser); } + + while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) { + TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node); + rte_free(p_parser); + } } int @@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser, else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) || (parser->engine->type == IAVF_FLOW_ENGINE_FSUB)) list = &vf->dist_parser_list; + else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO) + list = &vf->ipsec_crypto_parser_list; if (list == NULL) return; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v1 4/4] net/iavf: fix memory leak on uninit 2026-02-09 12:58 ` [PATCH v1 4/4] net/iavf: fix memory leak on uninit Anatoly Burakov @ 2026-02-09 14:40 ` Radu Nicolau 0 siblings, 0 replies; 83+ messages in thread From: Radu Nicolau @ 2026-02-09 14:40 UTC (permalink / raw) To: Anatoly Burakov, dev, Vladimir Medvedkin, Declan Doherty, Abhijit Sinha, Jingjing Wu On 09-Feb-26 12:58 PM, Anatoly Burakov wrote: > When IPsec is initialized, parsers and engines are registered into the > common infrastructure. However, during deinitialization, they are not > cleaned up. Fix it by including IPsec engines in the cleanup. > > Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") > Cc: radu.nicolau@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- Acked-by: Radu Nicolau <radu.nicolau@intel.com> ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks 2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov ` (2 preceding siblings ...) 2026-02-09 12:58 ` [PATCH v1 4/4] net/iavf: fix memory leak on uninit Anatoly Burakov @ 2026-02-10 15:52 ` Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 2/7] net/i40e: move FDIR config to flow create Anatoly Burakov ` (5 more replies) 2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (3 subsequent siblings) 7 siblings, 6 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Jedrzej Jagielski, Piotr Kwapulinski, Carolyn Wyborny A few E610 MAC type checks were missing (verified using E610 datasheet). Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +----- drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++-------- drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++--- drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++- drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++-- drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++---- 6 files changed, 39 insertions(+), 28 deletions(-) diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h index 6ef965dbb6..eb73bc8b17 100644 --- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h +++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h @@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status) dir_sdo = IXGBE_ESDP_SDP6_DIR; break; case ixgbe_mac_X540: - sck = IXGBE_ESDP_SDP2; - sdi = IXGBE_ESDP_SDP0; - sdo = IXGBE_ESDP_SDP1; - dir_sck = IXGBE_ESDP_SDP2_DIR; - dir_sdi = IXGBE_ESDP_SDP0_DIR; - dir_sdo = IXGBE_ESDP_SDP1_DIR; - break; case ixgbe_mac_X550: case ixgbe_mac_X550EM_x: case ixgbe_mac_X550EM_a: + case ixgbe_mac_E610: sck = IXGBE_ESDP_SDP2; sdi = IXGBE_ESDP_SDP0; sdo = IXGBE_ESDP_SDP1; diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c index 89a799762f..11500a923c 100644 --- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c +++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c @@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev, (hw->mac.type != ixgbe_mac_X540) && (hw->mac.type != ixgbe_mac_X550) && (hw->mac.type != ixgbe_mac_X550EM_x) && - (hw->mac.type != ixgbe_mac_X550EM_a)) + (hw->mac.type != ixgbe_mac_X550EM_a) && + (hw->mac.type != ixgbe_mac_E610)) return -ENOSYS; PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d", @@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev) ctrl |= IXGBE_EXTENDED_VLAN; IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl); - /* Clear pooling mode of PFVTCTL. It's required by X550. */ + /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) { + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) { ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL); ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK; IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl); @@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev) case ixgbe_mac_X550: case ixgbe_mac_X550EM_x: case ixgbe_mac_X550EM_a: + case ixgbe_mac_E610: speed = IXGBE_LINK_SPEED_X550_AUTONEG; break; default: @@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info) if (hw->mac.type == ixgbe_mac_X540 || hw->mac.type == ixgbe_mac_X540_vf || hw->mac.type == ixgbe_mac_X550 || - hw->mac.type == ixgbe_mac_X550_vf) { + hw->mac.type == ixgbe_mac_X550_vf || + hw->mac.type == ixgbe_mac_E610) { dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M; } - if (hw->mac.type == ixgbe_mac_X550) { + if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610) { dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G; dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G; } @@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw) if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en) if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c index 97ef185583..0bdfbd411a 100644 --- a/drivers/net/intel/ixgbe/ixgbe_fdir.c +++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c @@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev) hw->mac.type != ixgbe_mac_E610) return -ENOSYS; - /* x550 supports mac-vlan and tunnel mode but other NICs not */ + /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not */ if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610 && mode != RTE_FDIR_MODE_SIGNATURE && mode != RTE_FDIR_MODE_PERFECT) return -ENOSYS; @@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev, return -ENOTSUP; /* - * Sanity check for x550. + * Sanity check for x550 and E610. * When adding a new filter with flow type set to IPv4, * the flow director mask should be configed before, * and the L4 protocol and ports are masked. @@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev, if ((!del) && (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) && + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) && (rule->ixgbe_fdir.formatted.flow_type == IXGBE_ATR_FLOW_TYPE_IPV4 || rule->ixgbe_fdir.formatted.flow_type == diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 3b68d820ca..27d2ba1132 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf)); rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ITEM, diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c index e967fe5e48..d9a775f99a 100644 --- a/drivers/net/intel/ixgbe/ixgbe_pf.c +++ b/drivers/net/intel/ixgbe/ixgbe_pf.c @@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf) uint32_t max_frs; uint32_t hlreg0; - /* X540 and X550 support jumbo frames in IOV mode */ + /* X540, X550, and E610 support jumbo frames in IOV mode */ if (hw->mac.type != ixgbe_mac_X540 && hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { struct ixgbe_vf_info *vfinfo = *IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private); diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c index 0af04c9b0d..2857c19355 100644 --- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c +++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c @@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM; #ifdef RTE_LIB_SECURITY @@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM; #ifdef RTE_LIB_SECURITY @@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev, /* * The packet type in RX descriptor is different for different NICs. - * Some bits are used for x550 but reserved for other NICS. + * Some bits are used for x550 and E610 but reserved for other NICS. * So set different masks for different NICs. */ if (hw->mac.type == ixgbe_mac_X550 || @@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev, hw->mac.type == ixgbe_mac_X550EM_a || hw->mac.type == ixgbe_mac_X550_vf || hw->mac.type == ixgbe_mac_X550EM_x_vf || - hw->mac.type == ixgbe_mac_X550EM_a_vf) + hw->mac.type == ixgbe_mac_X550EM_a_vf || + hw->mac.type == ixgbe_mac_E610) rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550; else rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599; @@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X540 || hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) ixgbe_setup_loopback_link_x540_x550(hw, false); } } -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v2 2/7] net/i40e: move FDIR config to flow create 2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov @ 2026-02-10 15:52 ` Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 3/7] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov ` (4 subsequent siblings) 5 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw) To: dev, Bruce Richardson, Xiaoyun Li, Beilei Xing Currently, FDIR filter parsing function will modify FDIR state after a successful match. However, this function is called from both flow create and flow validate, which results in the driver modifying FDIR state after a flow validate call. Move the FDIR config to flow create. Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++---------------- 1 file changed, 23 insertions(+), 28 deletions(-) diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c index f130f53ae0..193b1b6725 100644 --- a/drivers/net/intel/i40e/i40e_flow.c +++ b/drivers/net/intel/i40e/i40e_flow.c @@ -2551,9 +2551,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev, struct rte_flow_error *error, union i40e_filter_t *filter) { - struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private); - struct i40e_fdir_filter_conf *fdir_filter = - &filter->fdir_filter; + struct i40e_fdir_filter_conf *fdir_filter = &filter->fdir_filter; int ret; ret = i40e_flow_parse_fdir_pattern(dev, pattern, error, fdir_filter); @@ -2570,32 +2568,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev, cons_filter_type = RTE_ETH_FILTER_FDIR; - if (pf->fdir.fdir_vsi == NULL) { - /* Enable fdir when fdir flow is added at first time. */ - ret = i40e_fdir_setup(pf); - if (ret != I40E_SUCCESS) { - rte_flow_error_set(error, ENOTSUP, - RTE_FLOW_ERROR_TYPE_HANDLE, - NULL, "Failed to setup fdir."); - return -rte_errno; - } - ret = i40e_fdir_configure(dev); - if (ret < 0) { - rte_flow_error_set(error, ENOTSUP, - RTE_FLOW_ERROR_TYPE_HANDLE, - NULL, "Failed to configure fdir."); - goto err; - } - } - - /* If create the first fdir rule, enable fdir check for rx queues */ - if (TAILQ_EMPTY(&pf->fdir.fdir_list)) - i40e_fdir_rx_proc_enable(dev, 1); - return 0; -err: - i40e_fdir_teardown(pf); - return -rte_errno; } /* Parse to get the action info of a tunnel filter @@ -3921,6 +3894,28 @@ i40e_flow_create(struct rte_eth_dev *dev, return NULL; if (cons_filter_type == RTE_ETH_FILTER_FDIR) { + /* if this is the first time we're creating an fdir flow */ + if (pf->fdir.fdir_vsi == NULL) { + ret = i40e_fdir_setup(pf); + if (ret != I40E_SUCCESS) { + rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_HANDLE, + NULL, "Failed to setup fdir."); + return NULL; + } + ret = i40e_fdir_configure(dev); + if (ret < 0) { + rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_HANDLE, + NULL, "Failed to configure fdir."); + i40e_fdir_teardown(pf); + return NULL; + } + } + /* If create the first fdir rule, enable fdir check for rx queues */ + if (TAILQ_EMPTY(&pf->fdir.fdir_list)) + i40e_fdir_rx_proc_enable(dev, 1); + flow = i40e_fdir_entry_pool_get(fdir_info); if (flow == NULL) { rte_flow_error_set(error, ENOBUFS, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v2 3/7] net/iavf: fix memory leak on egress IPsec flows 2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 2/7] net/i40e: move FDIR config to flow create Anatoly Burakov @ 2026-02-10 15:52 ` Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 4/7] net/iavf: fix memory leak on uninit Anatoly Burakov ` (3 subsequent siblings) 5 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Jingjing Wu, Declan Doherty, Radu Nicolau, Abhijit Sinha When creating egress IPsec flows, no action need to be done in hardware, as this is just a software association. However, because we do not write anything to the rte_flow entry, subsequent destroy call will not destroy this kind of flow, because it expects a valid engine to be set for every flow. This results in memory unable to be freed back to the system. In addition to that, when creating these flows, we do not actually store the rte_flow pointer anywhere, so even if the user has triggered `uninit` (which would have freed the flow), this flow isn't in the list so it would never get freed. Fix this by marking the flow as egress IPsec flows, adding it to the tailq, and changing the `destroy` code to take all of that into account. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> --- drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++----- drivers/net/intel/iavf/iavf_generic_flow.h | 1 + 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c index 6f6e95fc45..02917f863d 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.c +++ b/drivers/net/intel/iavf/iavf_generic_flow.c @@ -2265,8 +2265,10 @@ iavf_flow_create(struct rte_eth_dev *dev, } /* Special case for inline crypto egress flows */ - if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) - goto free_flow; + if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) { + flow->is_ipsec_egress_flow = true; + goto tailq_insert; + } ret = iavf_flow_process_filter(dev, flow, attr, pattern, actions, &engine, iavf_parse_engine_create, error); @@ -2278,6 +2280,7 @@ iavf_flow_create(struct rte_eth_dev *dev, } flow->engine = engine; +tailq_insert: rte_spinlock_lock(&vf->flow_ops_lock); TAILQ_INSERT_TAIL(&vf->flow_list, flow, node); rte_spinlock_unlock(&vf->flow_ops_lock); @@ -2293,7 +2296,14 @@ iavf_flow_is_valid(struct rte_flow *flow) struct iavf_flow_engine *engine; void *temp; - if (flow && flow->engine) { + if (flow == NULL) + return false; + + /* these flows don't use engines */ + if (flow->is_ipsec_egress_flow) + return true; + + if (flow->engine) { RTE_TAILQ_FOREACH_SAFE(engine, &engine_list, node, temp) { if (engine == flow->engine) return true; @@ -2311,18 +2321,26 @@ iavf_flow_destroy(struct rte_eth_dev *dev, struct iavf_adapter *ad = IAVF_DEV_PRIVATE_TO_ADAPTER(dev->data->dev_private); struct iavf_info *vf = IAVF_DEV_PRIVATE_TO_VF(ad); + bool need_destroy; int ret = 0; - if (!iavf_flow_is_valid(flow) || !flow->engine->destroy) { + if (!iavf_flow_is_valid(flow)) { rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_HANDLE, NULL, "Invalid flow destroy"); return -rte_errno; } + need_destroy = !flow->is_ipsec_egress_flow; + + if (need_destroy && flow->engine->destroy == NULL) { + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_HANDLE, NULL, + "Invalid flow destroy"); + } rte_spinlock_lock(&vf->flow_ops_lock); - - ret = flow->engine->destroy(ad, flow, error); + if (need_destroy) + ret = flow->engine->destroy(ad, flow, error); if (!ret) { TAILQ_REMOVE(&vf->flow_list, flow, node); diff --git a/drivers/net/intel/iavf/iavf_generic_flow.h b/drivers/net/intel/iavf/iavf_generic_flow.h index 60d8ab02b4..b11bb4cf2b 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.h +++ b/drivers/net/intel/iavf/iavf_generic_flow.h @@ -517,6 +517,7 @@ TAILQ_HEAD(iavf_engine_list, iavf_flow_engine); /* Struct to store flow created. */ struct rte_flow { TAILQ_ENTRY(rte_flow) node; + bool is_ipsec_egress_flow; struct iavf_flow_engine *engine; void *rule; }; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v2 4/7] net/iavf: fix memory leak on uninit 2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 2/7] net/i40e: move FDIR config to flow create Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 3/7] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov @ 2026-02-10 15:52 ` Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 5/7] net/i40e: fix IPv6 GTPU handling Anatoly Burakov ` (2 subsequent siblings) 5 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau, Abhijit Sinha, Jingjing Wu When IPsec is initialized, parsers and engines are registered into the common infrastructure. However, during deinitialization, they are not cleaned up. Fix it by including IPsec engines in the cleanup. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> --- drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c index 02917f863d..42ecc90d1d 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.c +++ b/drivers/net/intel/iavf/iavf_generic_flow.c @@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad) TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node); rte_free(p_parser); } + + while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) { + TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node); + rte_free(p_parser); + } } int @@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser, else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) || (parser->engine->type == IAVF_FLOW_ENGINE_FSUB)) list = &vf->dist_parser_list; + else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO) + list = &vf->ipsec_crypto_parser_list; if (list == NULL) return; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v2 5/7] net/i40e: fix IPv6 GTPU handling 2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov ` (2 preceding siblings ...) 2026-02-10 15:52 ` [PATCH v2 4/7] net/iavf: fix memory leak on uninit Anatoly Burakov @ 2026-02-10 15:52 ` Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 6/7] net/iavf: fix IPv4 flow subscription Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 7/7] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov 5 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw) To: dev, Bruce Richardson, Beilei Xing, Jingjing Wu GTP tunnel code declares support for IPv6 GTPU flows but does not actually handle IPv6 flow pattern item, resulting in incorrect parsing for IPv6 GTPU flows. Add IPv6 flow item handling. Fixes: 47ba0398da3f ("net/i40e: add cloud filter parsing function for GTP") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/i40e/i40e_flow.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c index 193b1b6725..2374b9bbca 100644 --- a/drivers/net/intel/i40e/i40e_flow.c +++ b/drivers/net/intel/i40e/i40e_flow.c @@ -3580,6 +3580,19 @@ i40e_flow_parse_gtp_pattern(struct rte_eth_dev *dev, return -rte_errno; } break; + case RTE_FLOW_ITEM_TYPE_IPV6: + filter->ip_type = I40E_TUNNEL_IPTYPE_IPV6; + /* IPv6 is used to describe protocol, + * spec and mask should be NULL. + */ + if (item->spec || item->mask) { + rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, + item, + "Invalid IPv6 item"); + return -rte_errno; + } + break; case RTE_FLOW_ITEM_TYPE_UDP: if (item->spec || item->mask) { rte_flow_error_set(error, EINVAL, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v2 6/7] net/iavf: fix IPv4 flow subscription 2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov ` (3 preceding siblings ...) 2026-02-10 15:52 ` [PATCH v2 5/7] net/i40e: fix IPv6 GTPU handling Anatoly Burakov @ 2026-02-10 15:52 ` Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 7/7] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov 5 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Qi Zhang, Jie Wang Currently, when IPv4 is parsed as part of flow subscription input set, we add two bytes to the total number of bytes in the input set for IPv4 source or destination addresses, whereas they should be 4 bytes. Fix to add the correct number of bytes. Fixes: 6d42380e5983 ("net/iavf: add flow subscrption supported pattern") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/iavf/iavf_fsub.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/intel/iavf/iavf_fsub.c b/drivers/net/intel/iavf/iavf_fsub.c index 18df9c6500..cf1030320f 100644 --- a/drivers/net/intel/iavf/iavf_fsub.c +++ b/drivers/net/intel/iavf/iavf_fsub.c @@ -314,11 +314,11 @@ iavf_fsub_parse_pattern(const struct rte_flow_item pattern[], if (ipv4_mask->hdr.src_addr) { *input |= IAVF_INSET_IPV4_SRC; - input_set_byte += 2; + input_set_byte += 4; } if (ipv4_mask->hdr.dst_addr) { *input |= IAVF_INSET_IPV4_DST; - input_set_byte += 2; + input_set_byte += 4; } if (ipv4_mask->hdr.time_to_live) { *input |= IAVF_INSET_IPV4_TTL; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v2 7/7] net/ice: fix memory leak in DCF QoS bandwidth config 2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov ` (4 preceding siblings ...) 2026-02-10 15:52 ` [PATCH v2 6/7] net/iavf: fix IPv4 flow subscription Anatoly Burakov @ 2026-02-10 15:52 ` Anatoly Burakov 5 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-10 15:52 UTC (permalink / raw) To: dev, Bruce Richardson, Ting Xu, Qiming Yang, Qi Zhang Currently, when committing DCF QoS bandwidth configuration for VFs and TCs, we are using rte_zmalloc followed by copying the data to persistent storage and then discarding the temporary buffers. This is not needed as these temporary buffers are not being stored anywhere, so replace them with regular calloc. However, because the original code was missing a corresponding `rte_free()` call for these temporary allocations, this also fixes a memory leak. Fixes: 3a6bfc37eaf4 ("net/ice: support QoS config VF bandwidth in DCF") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/ice/ice_dcf_sched.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/net/intel/ice/ice_dcf_sched.c b/drivers/net/intel/ice/ice_dcf_sched.c index 2832d223d1..645f1373f4 100644 --- a/drivers/net/intel/ice/ice_dcf_sched.c +++ b/drivers/net/intel/ice/ice_dcf_sched.c @@ -746,8 +746,8 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, { struct ice_dcf_adapter *adapter = dev->data->dev_private; struct ice_dcf_hw *hw = &adapter->real_hw; - struct virtchnl_dcf_bw_cfg_list *vf_bw; - struct virtchnl_dcf_bw_cfg_list *tc_bw; + struct virtchnl_dcf_bw_cfg_list *vf_bw = NULL; + struct virtchnl_dcf_bw_cfg_list *tc_bw = NULL; struct ice_dcf_tm_node_list *vsi_list = &hw->tm_conf.vsi_list; struct rte_tm_shaper_params *profile; struct ice_dcf_tm_node *tm_node; @@ -770,12 +770,12 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, size = sizeof(struct virtchnl_dcf_bw_cfg_list) + sizeof(struct virtchnl_dcf_bw_cfg) * (hw->tm_conf.nb_tc_node - 1); - vf_bw = rte_zmalloc("vf_bw", size, 0); + vf_bw = calloc(1, size); if (!vf_bw) { ret_val = ICE_ERR_NO_MEMORY; goto fail_clear; } - tc_bw = rte_zmalloc("tc_bw", size, 0); + tc_bw = calloc(1, size); if (!tc_bw) { ret_val = ICE_ERR_NO_MEMORY; goto fail_clear; @@ -875,6 +875,11 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, return ret_val; fail_clear: + if (vf_bw != NULL) + free(vf_bw); + if (tc_bw != NULL) + free(tc_bw); + /* clear all the traffic manager configuration */ if (clear_on_fail) { ice_dcf_tm_conf_uninit(dev); -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's 2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov ` (3 preceding siblings ...) 2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov @ 2026-02-11 13:03 ` Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 1/8] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov ` (7 more replies) 2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (2 subsequent siblings) 7 siblings, 8 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw) To: dev Various bug fixes for Intel IXGBE, I40E, ICE, and IAVF drivers v1 -> v2: - Added patches [1] [2] that were previously sent separately - Added patch fixing leak in DCF config v2 -> v3: - Added patch fixing leak in FDIR parser [1] https://patches.dpdk.org/project/dpdk/patch/fbd32a8a688fd0ed90fcf497703edcc30f69d54d.1770643356.git.anatoly.burakov@intel.com/ [2] https://patches.dpdk.org/project/dpdk/patch/ab4f8d8cf24dcd18f0dd6da3359266083f31d789.1770642901.git.anatoly.burakov@intel.com/ Anatoly Burakov (8): net/ixgbe: add missing E610 MAC type checks net/i40e: move FDIR config to flow create net/iavf: fix memory leak on egress IPsec flows net/iavf: fix memory leak on uninit net/i40e: fix IPv6 GTPU handling net/iavf: fix IPv4 flow subscription net/ice: fix memory leak in DCF QoS bandwidth config net/ice: fix memory leak in FDIR flow parsing drivers/net/intel/i40e/i40e_flow.c | 64 ++++++++++++---------- drivers/net/intel/iavf/iavf_fsub.c | 4 +- drivers/net/intel/iavf/iavf_generic_flow.c | 37 +++++++++++-- drivers/net/intel/iavf/iavf_generic_flow.h | 1 + drivers/net/intel/ice/ice_dcf_sched.c | 13 +++-- drivers/net/intel/ice/ice_fdir_filter.c | 6 +- drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +-- drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++---- drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 ++- drivers/net/intel/ixgbe/ixgbe_flow.c | 3 +- drivers/net/intel/ixgbe/ixgbe_pf.c | 5 +- drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++-- 12 files changed, 123 insertions(+), 69 deletions(-) -- 2.47.3 ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v3 1/8] net/ixgbe: add missing E610 MAC type checks 2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov @ 2026-02-11 13:03 ` Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 2/8] net/i40e: move FDIR config to flow create Anatoly Burakov ` (6 subsequent siblings) 7 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Piotr Kwapulinski, Carolyn Wyborny, Jedrzej Jagielski A few E610 MAC type checks were missing (verified using E610 datasheet). Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +----- drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++-------- drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++--- drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++- drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++-- drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++---- 6 files changed, 39 insertions(+), 28 deletions(-) diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h index 6ef965dbb6..eb73bc8b17 100644 --- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h +++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h @@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status) dir_sdo = IXGBE_ESDP_SDP6_DIR; break; case ixgbe_mac_X540: - sck = IXGBE_ESDP_SDP2; - sdi = IXGBE_ESDP_SDP0; - sdo = IXGBE_ESDP_SDP1; - dir_sck = IXGBE_ESDP_SDP2_DIR; - dir_sdi = IXGBE_ESDP_SDP0_DIR; - dir_sdo = IXGBE_ESDP_SDP1_DIR; - break; case ixgbe_mac_X550: case ixgbe_mac_X550EM_x: case ixgbe_mac_X550EM_a: + case ixgbe_mac_E610: sck = IXGBE_ESDP_SDP2; sdi = IXGBE_ESDP_SDP0; sdo = IXGBE_ESDP_SDP1; diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c index 89a799762f..11500a923c 100644 --- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c +++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c @@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev, (hw->mac.type != ixgbe_mac_X540) && (hw->mac.type != ixgbe_mac_X550) && (hw->mac.type != ixgbe_mac_X550EM_x) && - (hw->mac.type != ixgbe_mac_X550EM_a)) + (hw->mac.type != ixgbe_mac_X550EM_a) && + (hw->mac.type != ixgbe_mac_E610)) return -ENOSYS; PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d", @@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev) ctrl |= IXGBE_EXTENDED_VLAN; IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl); - /* Clear pooling mode of PFVTCTL. It's required by X550. */ + /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) { + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) { ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL); ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK; IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl); @@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev) case ixgbe_mac_X550: case ixgbe_mac_X550EM_x: case ixgbe_mac_X550EM_a: + case ixgbe_mac_E610: speed = IXGBE_LINK_SPEED_X550_AUTONEG; break; default: @@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info) if (hw->mac.type == ixgbe_mac_X540 || hw->mac.type == ixgbe_mac_X540_vf || hw->mac.type == ixgbe_mac_X550 || - hw->mac.type == ixgbe_mac_X550_vf) { + hw->mac.type == ixgbe_mac_X550_vf || + hw->mac.type == ixgbe_mac_E610) { dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M; } - if (hw->mac.type == ixgbe_mac_X550) { + if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610) { dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G; dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G; } @@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw) if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en) if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c index 97ef185583..0bdfbd411a 100644 --- a/drivers/net/intel/ixgbe/ixgbe_fdir.c +++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c @@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev) hw->mac.type != ixgbe_mac_E610) return -ENOSYS; - /* x550 supports mac-vlan and tunnel mode but other NICs not */ + /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not */ if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610 && mode != RTE_FDIR_MODE_SIGNATURE && mode != RTE_FDIR_MODE_PERFECT) return -ENOSYS; @@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev, return -ENOTSUP; /* - * Sanity check for x550. + * Sanity check for x550 and E610. * When adding a new filter with flow type set to IPv4, * the flow director mask should be configed before, * and the L4 protocol and ports are masked. @@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev, if ((!del) && (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) && + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) && (rule->ixgbe_fdir.formatted.flow_type == IXGBE_ATR_FLOW_TYPE_IPV4 || rule->ixgbe_fdir.formatted.flow_type == diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 3b68d820ca..27d2ba1132 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf)); rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ITEM, diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c index e967fe5e48..d9a775f99a 100644 --- a/drivers/net/intel/ixgbe/ixgbe_pf.c +++ b/drivers/net/intel/ixgbe/ixgbe_pf.c @@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf) uint32_t max_frs; uint32_t hlreg0; - /* X540 and X550 support jumbo frames in IOV mode */ + /* X540, X550, and E610 support jumbo frames in IOV mode */ if (hw->mac.type != ixgbe_mac_X540 && hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { struct ixgbe_vf_info *vfinfo = *IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private); diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c index 0af04c9b0d..2857c19355 100644 --- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c +++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c @@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM; #ifdef RTE_LIB_SECURITY @@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM; #ifdef RTE_LIB_SECURITY @@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev, /* * The packet type in RX descriptor is different for different NICs. - * Some bits are used for x550 but reserved for other NICS. + * Some bits are used for x550 and E610 but reserved for other NICS. * So set different masks for different NICs. */ if (hw->mac.type == ixgbe_mac_X550 || @@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev, hw->mac.type == ixgbe_mac_X550EM_a || hw->mac.type == ixgbe_mac_X550_vf || hw->mac.type == ixgbe_mac_X550EM_x_vf || - hw->mac.type == ixgbe_mac_X550EM_a_vf) + hw->mac.type == ixgbe_mac_X550EM_a_vf || + hw->mac.type == ixgbe_mac_E610) rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550; else rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599; @@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X540 || hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) ixgbe_setup_loopback_link_x540_x550(hw, false); } } -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 2/8] net/i40e: move FDIR config to flow create 2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 1/8] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov @ 2026-02-11 13:03 ` Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 3/8] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov ` (5 subsequent siblings) 7 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw) To: dev, Bruce Richardson, Xiaoyun Li, Beilei Xing Currently, FDIR filter parsing function will modify FDIR state after a successful match. However, this function is called from both flow create and flow validate, which results in the driver modifying FDIR state after a flow validate call. Move the FDIR config to flow create. Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++---------------- 1 file changed, 23 insertions(+), 28 deletions(-) diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c index f130f53ae0..193b1b6725 100644 --- a/drivers/net/intel/i40e/i40e_flow.c +++ b/drivers/net/intel/i40e/i40e_flow.c @@ -2551,9 +2551,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev, struct rte_flow_error *error, union i40e_filter_t *filter) { - struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private); - struct i40e_fdir_filter_conf *fdir_filter = - &filter->fdir_filter; + struct i40e_fdir_filter_conf *fdir_filter = &filter->fdir_filter; int ret; ret = i40e_flow_parse_fdir_pattern(dev, pattern, error, fdir_filter); @@ -2570,32 +2568,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev, cons_filter_type = RTE_ETH_FILTER_FDIR; - if (pf->fdir.fdir_vsi == NULL) { - /* Enable fdir when fdir flow is added at first time. */ - ret = i40e_fdir_setup(pf); - if (ret != I40E_SUCCESS) { - rte_flow_error_set(error, ENOTSUP, - RTE_FLOW_ERROR_TYPE_HANDLE, - NULL, "Failed to setup fdir."); - return -rte_errno; - } - ret = i40e_fdir_configure(dev); - if (ret < 0) { - rte_flow_error_set(error, ENOTSUP, - RTE_FLOW_ERROR_TYPE_HANDLE, - NULL, "Failed to configure fdir."); - goto err; - } - } - - /* If create the first fdir rule, enable fdir check for rx queues */ - if (TAILQ_EMPTY(&pf->fdir.fdir_list)) - i40e_fdir_rx_proc_enable(dev, 1); - return 0; -err: - i40e_fdir_teardown(pf); - return -rte_errno; } /* Parse to get the action info of a tunnel filter @@ -3921,6 +3894,28 @@ i40e_flow_create(struct rte_eth_dev *dev, return NULL; if (cons_filter_type == RTE_ETH_FILTER_FDIR) { + /* if this is the first time we're creating an fdir flow */ + if (pf->fdir.fdir_vsi == NULL) { + ret = i40e_fdir_setup(pf); + if (ret != I40E_SUCCESS) { + rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_HANDLE, + NULL, "Failed to setup fdir."); + return NULL; + } + ret = i40e_fdir_configure(dev); + if (ret < 0) { + rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_HANDLE, + NULL, "Failed to configure fdir."); + i40e_fdir_teardown(pf); + return NULL; + } + } + /* If create the first fdir rule, enable fdir check for rx queues */ + if (TAILQ_EMPTY(&pf->fdir.fdir_list)) + i40e_fdir_rx_proc_enable(dev, 1); + flow = i40e_fdir_entry_pool_get(fdir_info); if (flow == NULL) { rte_flow_error_set(error, ENOBUFS, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 3/8] net/iavf: fix memory leak on egress IPsec flows 2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 1/8] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 2/8] net/i40e: move FDIR config to flow create Anatoly Burakov @ 2026-02-11 13:03 ` Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 4/8] net/iavf: fix memory leak on uninit Anatoly Burakov ` (4 subsequent siblings) 7 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Abhijit Sinha, Radu Nicolau, Jingjing Wu, Declan Doherty When creating egress IPsec flows, no action need to be done in hardware, as this is just a software association. However, because we do not write anything to the rte_flow entry, subsequent destroy call will not destroy this kind of flow, because it expects a valid engine to be set for every flow. This results in memory unable to be freed back to the system. In addition to that, when creating these flows, we do not actually store the rte_flow pointer anywhere, so even if the user has triggered `uninit` (which would have freed the flow), this flow isn't in the list so it would never get freed. Fix this by marking the flow as egress IPsec flows, adding it to the tailq, and changing the `destroy` code to take all of that into account. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> --- drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++----- drivers/net/intel/iavf/iavf_generic_flow.h | 1 + 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c index 6f6e95fc45..02917f863d 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.c +++ b/drivers/net/intel/iavf/iavf_generic_flow.c @@ -2265,8 +2265,10 @@ iavf_flow_create(struct rte_eth_dev *dev, } /* Special case for inline crypto egress flows */ - if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) - goto free_flow; + if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) { + flow->is_ipsec_egress_flow = true; + goto tailq_insert; + } ret = iavf_flow_process_filter(dev, flow, attr, pattern, actions, &engine, iavf_parse_engine_create, error); @@ -2278,6 +2280,7 @@ iavf_flow_create(struct rte_eth_dev *dev, } flow->engine = engine; +tailq_insert: rte_spinlock_lock(&vf->flow_ops_lock); TAILQ_INSERT_TAIL(&vf->flow_list, flow, node); rte_spinlock_unlock(&vf->flow_ops_lock); @@ -2293,7 +2296,14 @@ iavf_flow_is_valid(struct rte_flow *flow) struct iavf_flow_engine *engine; void *temp; - if (flow && flow->engine) { + if (flow == NULL) + return false; + + /* these flows don't use engines */ + if (flow->is_ipsec_egress_flow) + return true; + + if (flow->engine) { RTE_TAILQ_FOREACH_SAFE(engine, &engine_list, node, temp) { if (engine == flow->engine) return true; @@ -2311,18 +2321,26 @@ iavf_flow_destroy(struct rte_eth_dev *dev, struct iavf_adapter *ad = IAVF_DEV_PRIVATE_TO_ADAPTER(dev->data->dev_private); struct iavf_info *vf = IAVF_DEV_PRIVATE_TO_VF(ad); + bool need_destroy; int ret = 0; - if (!iavf_flow_is_valid(flow) || !flow->engine->destroy) { + if (!iavf_flow_is_valid(flow)) { rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_HANDLE, NULL, "Invalid flow destroy"); return -rte_errno; } + need_destroy = !flow->is_ipsec_egress_flow; + + if (need_destroy && flow->engine->destroy == NULL) { + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_HANDLE, NULL, + "Invalid flow destroy"); + } rte_spinlock_lock(&vf->flow_ops_lock); - - ret = flow->engine->destroy(ad, flow, error); + if (need_destroy) + ret = flow->engine->destroy(ad, flow, error); if (!ret) { TAILQ_REMOVE(&vf->flow_list, flow, node); diff --git a/drivers/net/intel/iavf/iavf_generic_flow.h b/drivers/net/intel/iavf/iavf_generic_flow.h index 60d8ab02b4..b11bb4cf2b 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.h +++ b/drivers/net/intel/iavf/iavf_generic_flow.h @@ -517,6 +517,7 @@ TAILQ_HEAD(iavf_engine_list, iavf_flow_engine); /* Struct to store flow created. */ struct rte_flow { TAILQ_ENTRY(rte_flow) node; + bool is_ipsec_egress_flow; struct iavf_flow_engine *engine; void *rule; }; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 4/8] net/iavf: fix memory leak on uninit 2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (2 preceding siblings ...) 2026-02-11 13:03 ` [PATCH v3 3/8] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov @ 2026-02-11 13:03 ` Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 5/8] net/i40e: fix IPv6 GTPU handling Anatoly Burakov ` (3 subsequent siblings) 7 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Jingjing Wu, Radu Nicolau, Abhijit Sinha, Declan Doherty When IPsec is initialized, parsers and engines are registered into the common infrastructure. However, during deinitialization, they are not cleaned up. Fix it by including IPsec engines in the cleanup. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> --- drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c index 02917f863d..42ecc90d1d 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.c +++ b/drivers/net/intel/iavf/iavf_generic_flow.c @@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad) TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node); rte_free(p_parser); } + + while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) { + TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node); + rte_free(p_parser); + } } int @@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser, else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) || (parser->engine->type == IAVF_FLOW_ENGINE_FSUB)) list = &vf->dist_parser_list; + else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO) + list = &vf->ipsec_crypto_parser_list; if (list == NULL) return; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 5/8] net/i40e: fix IPv6 GTPU handling 2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (3 preceding siblings ...) 2026-02-11 13:03 ` [PATCH v3 4/8] net/iavf: fix memory leak on uninit Anatoly Burakov @ 2026-02-11 13:03 ` Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 6/8] net/iavf: fix IPv4 flow subscription Anatoly Burakov ` (2 subsequent siblings) 7 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw) To: dev, Bruce Richardson, Jingjing Wu, Beilei Xing GTP tunnel code declares support for IPv6 GTPU flows but does not actually handle IPv6 flow pattern item, resulting in incorrect parsing for IPv6 GTPU flows. Add IPv6 flow item handling. Fixes: 47ba0398da3f ("net/i40e: add cloud filter parsing function for GTP") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/i40e/i40e_flow.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c index 193b1b6725..2374b9bbca 100644 --- a/drivers/net/intel/i40e/i40e_flow.c +++ b/drivers/net/intel/i40e/i40e_flow.c @@ -3580,6 +3580,19 @@ i40e_flow_parse_gtp_pattern(struct rte_eth_dev *dev, return -rte_errno; } break; + case RTE_FLOW_ITEM_TYPE_IPV6: + filter->ip_type = I40E_TUNNEL_IPTYPE_IPV6; + /* IPv6 is used to describe protocol, + * spec and mask should be NULL. + */ + if (item->spec || item->mask) { + rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, + item, + "Invalid IPv6 item"); + return -rte_errno; + } + break; case RTE_FLOW_ITEM_TYPE_UDP: if (item->spec || item->mask) { rte_flow_error_set(error, EINVAL, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 6/8] net/iavf: fix IPv4 flow subscription 2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (4 preceding siblings ...) 2026-02-11 13:03 ` [PATCH v3 5/8] net/i40e: fix IPv6 GTPU handling Anatoly Burakov @ 2026-02-11 13:03 ` Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 7/8] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 8/8] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov 7 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Jie Wang, Qi Zhang Currently, when IPv4 is parsed as part of flow subscription input set, we add two bytes to the total number of bytes in the input set for IPv4 source or destination addresses, whereas they should be 4 bytes. Fix to add the correct number of bytes. Fixes: 6d42380e5983 ("net/iavf: add flow subscrption supported pattern") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/iavf/iavf_fsub.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/intel/iavf/iavf_fsub.c b/drivers/net/intel/iavf/iavf_fsub.c index 18df9c6500..cf1030320f 100644 --- a/drivers/net/intel/iavf/iavf_fsub.c +++ b/drivers/net/intel/iavf/iavf_fsub.c @@ -314,11 +314,11 @@ iavf_fsub_parse_pattern(const struct rte_flow_item pattern[], if (ipv4_mask->hdr.src_addr) { *input |= IAVF_INSET_IPV4_SRC; - input_set_byte += 2; + input_set_byte += 4; } if (ipv4_mask->hdr.dst_addr) { *input |= IAVF_INSET_IPV4_DST; - input_set_byte += 2; + input_set_byte += 4; } if (ipv4_mask->hdr.time_to_live) { *input |= IAVF_INSET_IPV4_TTL; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 7/8] net/ice: fix memory leak in DCF QoS bandwidth config 2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (5 preceding siblings ...) 2026-02-11 13:03 ` [PATCH v3 6/8] net/iavf: fix IPv4 flow subscription Anatoly Burakov @ 2026-02-11 13:03 ` Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 8/8] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov 7 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw) To: dev, Bruce Richardson, Ting Xu, Qiming Yang, Qi Zhang Currently, when committing DCF QoS bandwidth configuration for VFs and TCs, we are using rte_zmalloc followed by copying the data to persistent storage and then discarding the temporary buffers. This is not needed as these temporary buffers are not being stored anywhere, so replace them with regular calloc. However, because the original code was missing a corresponding `rte_free()` call for these temporary allocations, this also fixes a memory leak. Fixes: 3a6bfc37eaf4 ("net/ice: support QoS config VF bandwidth in DCF") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/ice/ice_dcf_sched.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/net/intel/ice/ice_dcf_sched.c b/drivers/net/intel/ice/ice_dcf_sched.c index 2832d223d1..645f1373f4 100644 --- a/drivers/net/intel/ice/ice_dcf_sched.c +++ b/drivers/net/intel/ice/ice_dcf_sched.c @@ -746,8 +746,8 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, { struct ice_dcf_adapter *adapter = dev->data->dev_private; struct ice_dcf_hw *hw = &adapter->real_hw; - struct virtchnl_dcf_bw_cfg_list *vf_bw; - struct virtchnl_dcf_bw_cfg_list *tc_bw; + struct virtchnl_dcf_bw_cfg_list *vf_bw = NULL; + struct virtchnl_dcf_bw_cfg_list *tc_bw = NULL; struct ice_dcf_tm_node_list *vsi_list = &hw->tm_conf.vsi_list; struct rte_tm_shaper_params *profile; struct ice_dcf_tm_node *tm_node; @@ -770,12 +770,12 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, size = sizeof(struct virtchnl_dcf_bw_cfg_list) + sizeof(struct virtchnl_dcf_bw_cfg) * (hw->tm_conf.nb_tc_node - 1); - vf_bw = rte_zmalloc("vf_bw", size, 0); + vf_bw = calloc(1, size); if (!vf_bw) { ret_val = ICE_ERR_NO_MEMORY; goto fail_clear; } - tc_bw = rte_zmalloc("tc_bw", size, 0); + tc_bw = calloc(1, size); if (!tc_bw) { ret_val = ICE_ERR_NO_MEMORY; goto fail_clear; @@ -875,6 +875,11 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, return ret_val; fail_clear: + if (vf_bw != NULL) + free(vf_bw); + if (tc_bw != NULL) + free(tc_bw); + /* clear all the traffic manager configuration */ if (clear_on_fail) { ice_dcf_tm_conf_uninit(dev); -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v3 8/8] net/ice: fix memory leak in FDIR flow parsing 2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (6 preceding siblings ...) 2026-02-11 13:03 ` [PATCH v3 7/8] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov @ 2026-02-11 13:03 ` Anatoly Burakov 7 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:03 UTC (permalink / raw) To: dev, Bruce Richardson, Qi Zhang, Junfeng Guo Currently, RAW pattern parsing will cause a `pkt_buf` buffer to be allocated to store parsed RAW pattern bytes. All error paths handle the deallocation correctly, and the buffer will then be passed to FDIR filter create function which also handles the presence of the buffer correctly, and it is also freed correctly in destroy function. However, rte_flow_validate will go through the same code path, but will not call FDIR create/destroy nor even store the pointer, because `meta` variable inside the flow parsing function will be set to NULL, which will cause this memory to be leaked (and memset(0)-ed next time we try to create/validate another flow). Fix it by freeing the `pkt_buf` when `meta` is NULL. Fixes: 25be39cc1760 ("net/ice: enable protocol agnostic flow offloading in FDIR") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/ice/ice_fdir_filter.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/intel/ice/ice_fdir_filter.c b/drivers/net/intel/ice/ice_fdir_filter.c index f7730ec6ab..5abdcbac7f 100644 --- a/drivers/net/intel/ice/ice_fdir_filter.c +++ b/drivers/net/intel/ice/ice_fdir_filter.c @@ -2497,8 +2497,12 @@ ice_fdir_parse(struct ice_adapter *ad, if (ret) goto error; - if (meta) + /* if meta is NULL we're validating so the flow won't be stored */ + if (meta) { *meta = filter; + } else if (filter->pkt_buf != NULL) { + rte_free(filter->pkt_buf); + } rte_free(item); return ret; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's 2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov ` (4 preceding siblings ...) 2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov @ 2026-02-11 13:49 ` Anatoly Burakov 2026-02-11 13:49 ` [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov ` (8 more replies) 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov 7 siblings, 9 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw) To: dev Various bug fixes for Intel IXGBE, I40E, ICE, and IAVF drivers v1 -> v2: - Added patches [1] [2] that were previously sent separately - Added patch fixing leak in DCF config v2 -> v3: - Added patch fixing leak in FDIR parser v3 -> v4: - Reordered patchsets by driver - Added patch to fix ixgbe security flow memory leak [1] https://patches.dpdk.org/project/dpdk/patch/fbd32a8a688fd0ed90fcf497703edcc30f69d54d.1770643356.git.anatoly.burakov@intel.com/ [2] https://patches.dpdk.org/project/dpdk/patch/ab4f8d8cf24dcd18f0dd6da3359266083f31d789.1770642901.git.anatoly.burakov@intel.com/ Anatoly Burakov (9): net/ixgbe: add missing E610 MAC type checks net/ixgbe: fix memory leak in security flows net/i40e: move FDIR config to flow create net/i40e: fix IPv6 GTPU handling net/iavf: fix memory leak on egress IPsec flows net/iavf: fix memory leak on uninit net/iavf: fix IPv4 flow subscription net/ice: fix memory leak in DCF QoS bandwidth config net/ice: fix memory leak in FDIR flow parsing drivers/net/intel/i40e/i40e_flow.c | 64 ++++++++++++---------- drivers/net/intel/iavf/iavf_fsub.c | 4 +- drivers/net/intel/iavf/iavf_generic_flow.c | 37 +++++++++++-- drivers/net/intel/iavf/iavf_generic_flow.h | 1 + drivers/net/intel/ice/ice_dcf_sched.c | 13 +++-- drivers/net/intel/ice/ice_fdir_filter.c | 6 +- drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +-- drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++---- drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 + drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 ++- drivers/net/intel/ixgbe/ixgbe_flow.c | 14 ++++- drivers/net/intel/ixgbe/ixgbe_pf.c | 5 +- drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++-- 13 files changed, 135 insertions(+), 70 deletions(-) -- 2.47.3 ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks 2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov @ 2026-02-11 13:49 ` Anatoly Burakov 2026-02-11 15:17 ` Medvedkin, Vladimir 2026-02-11 21:57 ` Kwapulinski, Piotr 2026-02-11 13:49 ` [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows Anatoly Burakov ` (7 subsequent siblings) 8 siblings, 2 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Piotr Kwapulinski, Jedrzej Jagielski, Carolyn Wyborny A few E610 MAC type checks were missing (verified using E610 datasheet). Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +----- drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++-------- drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++--- drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++- drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++-- drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++---- 6 files changed, 39 insertions(+), 28 deletions(-) diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h index 6ef965dbb6..eb73bc8b17 100644 --- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h +++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h @@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status) dir_sdo = IXGBE_ESDP_SDP6_DIR; break; case ixgbe_mac_X540: - sck = IXGBE_ESDP_SDP2; - sdi = IXGBE_ESDP_SDP0; - sdo = IXGBE_ESDP_SDP1; - dir_sck = IXGBE_ESDP_SDP2_DIR; - dir_sdi = IXGBE_ESDP_SDP0_DIR; - dir_sdo = IXGBE_ESDP_SDP1_DIR; - break; case ixgbe_mac_X550: case ixgbe_mac_X550EM_x: case ixgbe_mac_X550EM_a: + case ixgbe_mac_E610: sck = IXGBE_ESDP_SDP2; sdi = IXGBE_ESDP_SDP0; sdo = IXGBE_ESDP_SDP1; diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c index 89a799762f..11500a923c 100644 --- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c +++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c @@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev, (hw->mac.type != ixgbe_mac_X540) && (hw->mac.type != ixgbe_mac_X550) && (hw->mac.type != ixgbe_mac_X550EM_x) && - (hw->mac.type != ixgbe_mac_X550EM_a)) + (hw->mac.type != ixgbe_mac_X550EM_a) && + (hw->mac.type != ixgbe_mac_E610)) return -ENOSYS; PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d", @@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev) ctrl |= IXGBE_EXTENDED_VLAN; IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl); - /* Clear pooling mode of PFVTCTL. It's required by X550. */ + /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) { + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) { ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL); ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK; IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl); @@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev) case ixgbe_mac_X550: case ixgbe_mac_X550EM_x: case ixgbe_mac_X550EM_a: + case ixgbe_mac_E610: speed = IXGBE_LINK_SPEED_X550_AUTONEG; break; default: @@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info) if (hw->mac.type == ixgbe_mac_X540 || hw->mac.type == ixgbe_mac_X540_vf || hw->mac.type == ixgbe_mac_X550 || - hw->mac.type == ixgbe_mac_X550_vf) { + hw->mac.type == ixgbe_mac_X550_vf || + hw->mac.type == ixgbe_mac_E610) { dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M; } - if (hw->mac.type == ixgbe_mac_X550) { + if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610) { dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G; dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G; } @@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw) if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en) if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c index 97ef185583..0bdfbd411a 100644 --- a/drivers/net/intel/ixgbe/ixgbe_fdir.c +++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c @@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev) hw->mac.type != ixgbe_mac_E610) return -ENOSYS; - /* x550 supports mac-vlan and tunnel mode but other NICs not */ + /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not */ if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610 && mode != RTE_FDIR_MODE_SIGNATURE && mode != RTE_FDIR_MODE_PERFECT) return -ENOSYS; @@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev, return -ENOTSUP; /* - * Sanity check for x550. + * Sanity check for x550 and E610. * When adding a new filter with flow type set to IPv4, * the flow director mask should be configed before, * and the L4 protocol and ports are masked. @@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev, if ((!del) && (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) && + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) && (rule->ixgbe_fdir.formatted.flow_type == IXGBE_ATR_FLOW_TYPE_IPV4 || rule->ixgbe_fdir.formatted.flow_type == diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 3b68d820ca..27d2ba1132 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf)); rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ITEM, diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c index e967fe5e48..d9a775f99a 100644 --- a/drivers/net/intel/ixgbe/ixgbe_pf.c +++ b/drivers/net/intel/ixgbe/ixgbe_pf.c @@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf) uint32_t max_frs; uint32_t hlreg0; - /* X540 and X550 support jumbo frames in IOV mode */ + /* X540, X550, and E610 support jumbo frames in IOV mode */ if (hw->mac.type != ixgbe_mac_X540 && hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { struct ixgbe_vf_info *vfinfo = *IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private); diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c index 0af04c9b0d..2857c19355 100644 --- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c +++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c @@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM; #ifdef RTE_LIB_SECURITY @@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM; #ifdef RTE_LIB_SECURITY @@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev, /* * The packet type in RX descriptor is different for different NICs. - * Some bits are used for x550 but reserved for other NICS. + * Some bits are used for x550 and E610 but reserved for other NICS. * So set different masks for different NICs. */ if (hw->mac.type == ixgbe_mac_X550 || @@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev, hw->mac.type == ixgbe_mac_X550EM_a || hw->mac.type == ixgbe_mac_X550_vf || hw->mac.type == ixgbe_mac_X550EM_x_vf || - hw->mac.type == ixgbe_mac_X550EM_a_vf) + hw->mac.type == ixgbe_mac_X550EM_a_vf || + hw->mac.type == ixgbe_mac_E610) rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550; else rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599; @@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X540 || hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) ixgbe_setup_loopback_link_x540_x550(hw, false); } } -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks 2026-02-11 13:49 ` [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov @ 2026-02-11 15:17 ` Medvedkin, Vladimir 2026-02-11 21:57 ` Kwapulinski, Piotr 1 sibling, 0 replies; 83+ messages in thread From: Medvedkin, Vladimir @ 2026-02-11 15:17 UTC (permalink / raw) To: Anatoly Burakov, dev, Piotr Kwapulinski, Jedrzej Jagielski, Carolyn Wyborny Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> On 2/11/2026 1:49 PM, Anatoly Burakov wrote: > A few E610 MAC type checks were missing (verified using E610 datasheet). > > Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device") > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- > drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +----- > drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++-------- > drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++--- > drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++- > drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++-- > drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++---- > 6 files changed, 39 insertions(+), 28 deletions(-) > <snip> -- Regards, Vladimir ^ permalink raw reply [flat|nested] 83+ messages in thread
* RE: [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks 2026-02-11 13:49 ` [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-11 15:17 ` Medvedkin, Vladimir @ 2026-02-11 21:57 ` Kwapulinski, Piotr 1 sibling, 0 replies; 83+ messages in thread From: Kwapulinski, Piotr @ 2026-02-11 21:57 UTC (permalink / raw) To: Burakov, Anatoly, dev@dpdk.org, Medvedkin, Vladimir, Jagielski, Jedrzej, Carolyn Wyborny >-----Original Message----- >From: Burakov, Anatoly <anatoly.burakov@intel.com> >Sent: Wednesday, February 11, 2026 2:49 PM >To: dev@dpdk.org; Medvedkin, Vladimir <vladimir.medvedkin@intel.com>; Kwapulinski, Piotr <piotr.kwapulinski@intel.com>; Jagielski, Jedrzej <jedrzej.jagielski@intel.com>; Carolyn Wyborny <carolyn.wyborny@intel.com> >Subject: [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks > >A few E610 MAC type checks were missing (verified using E610 datasheet). > >Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device") >Cc: stable@dpdk.org > >Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> >--- > drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +----- > drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++-------- > drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++--- > drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++- > drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++-- > drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++---- > 6 files changed, 39 insertions(+), 28 deletions(-) > >diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h >index 6ef965dbb6..eb73bc8b17 100644 >--- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h >+++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h >@@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status) > dir_sdo = IXGBE_ESDP_SDP6_DIR; > break; > case ixgbe_mac_X540: >- sck = IXGBE_ESDP_SDP2; >- sdi = IXGBE_ESDP_SDP0; >- sdo = IXGBE_ESDP_SDP1; >- dir_sck = IXGBE_ESDP_SDP2_DIR; >- dir_sdi = IXGBE_ESDP_SDP0_DIR; >- dir_sdo = IXGBE_ESDP_SDP1_DIR; >- break; > case ixgbe_mac_X550: > case ixgbe_mac_X550EM_x: > case ixgbe_mac_X550EM_a: >+ case ixgbe_mac_E610: > sck = IXGBE_ESDP_SDP2; > sdi = IXGBE_ESDP_SDP0; > sdo = IXGBE_ESDP_SDP1; >diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c >index 89a799762f..11500a923c 100644 >--- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c >+++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c >@@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev, > (hw->mac.type != ixgbe_mac_X540) && > (hw->mac.type != ixgbe_mac_X550) && > (hw->mac.type != ixgbe_mac_X550EM_x) && >- (hw->mac.type != ixgbe_mac_X550EM_a)) >+ (hw->mac.type != ixgbe_mac_X550EM_a) && >+ (hw->mac.type != ixgbe_mac_E610)) > return -ENOSYS; > > PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d", @@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev) > ctrl |= IXGBE_EXTENDED_VLAN; > IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl); > >- /* Clear pooling mode of PFVTCTL. It's required by X550. */ >+ /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */ > if (hw->mac.type == ixgbe_mac_X550 || > hw->mac.type == ixgbe_mac_X550EM_x || >- hw->mac.type == ixgbe_mac_X550EM_a) { >+ hw->mac.type == ixgbe_mac_X550EM_a || >+ hw->mac.type == ixgbe_mac_E610) { > ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL); > ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK; > IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl); @@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev) > case ixgbe_mac_X550: > case ixgbe_mac_X550EM_x: > case ixgbe_mac_X550EM_a: >+ case ixgbe_mac_E610: > speed = IXGBE_LINK_SPEED_X550_AUTONEG; > break; > default: >@@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info) > if (hw->mac.type == ixgbe_mac_X540 || > hw->mac.type == ixgbe_mac_X540_vf || > hw->mac.type == ixgbe_mac_X550 || >- hw->mac.type == ixgbe_mac_X550_vf) { >+ hw->mac.type == ixgbe_mac_X550_vf || >+ hw->mac.type == ixgbe_mac_E610) { > dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M; > } >- if (hw->mac.type == ixgbe_mac_X550) { >+ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610) >+{ > dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G; > dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G; > } >@@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw, > > if (hw->mac.type != ixgbe_mac_X550 && > hw->mac.type != ixgbe_mac_X550EM_x && >- hw->mac.type != ixgbe_mac_X550EM_a) { >+ hw->mac.type != ixgbe_mac_X550EM_a && >+ hw->mac.type != ixgbe_mac_E610) { > return -ENOTSUP; > } > >@@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw) > > if (hw->mac.type != ixgbe_mac_X550 && > hw->mac.type != ixgbe_mac_X550EM_x && >- hw->mac.type != ixgbe_mac_X550EM_a) { >+ hw->mac.type != ixgbe_mac_X550EM_a && >+ hw->mac.type != ixgbe_mac_E610) { > return -ENOTSUP; > } > >@@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev, > > if (hw->mac.type != ixgbe_mac_X550 && > hw->mac.type != ixgbe_mac_X550EM_x && >- hw->mac.type != ixgbe_mac_X550EM_a) { >+ hw->mac.type != ixgbe_mac_X550EM_a && >+ hw->mac.type != ixgbe_mac_E610) { > return -ENOTSUP; > } > >@@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev, > > if (hw->mac.type != ixgbe_mac_X550 && > hw->mac.type != ixgbe_mac_X550EM_x && >- hw->mac.type != ixgbe_mac_X550EM_a) { >+ hw->mac.type != ixgbe_mac_X550EM_a && >+ hw->mac.type != ixgbe_mac_E610) { > return -ENOTSUP; > } > >@@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en) > > if (hw->mac.type != ixgbe_mac_X550 && > hw->mac.type != ixgbe_mac_X550EM_x && >- hw->mac.type != ixgbe_mac_X550EM_a) { >+ hw->mac.type != ixgbe_mac_X550EM_a && >+ hw->mac.type != ixgbe_mac_E610) { > return -ENOTSUP; > } > >diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c >index 97ef185583..0bdfbd411a 100644 >--- a/drivers/net/intel/ixgbe/ixgbe_fdir.c >+++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c >@@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev) > hw->mac.type != ixgbe_mac_E610) > return -ENOSYS; > >- /* x550 supports mac-vlan and tunnel mode but other NICs not */ >+ /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not >+*/ > if (hw->mac.type != ixgbe_mac_X550 && > hw->mac.type != ixgbe_mac_X550EM_x && > hw->mac.type != ixgbe_mac_X550EM_a && >+ hw->mac.type != ixgbe_mac_E610 && > mode != RTE_FDIR_MODE_SIGNATURE && > mode != RTE_FDIR_MODE_PERFECT) > return -ENOSYS; >@@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev, > return -ENOTSUP; > > /* >- * Sanity check for x550. >+ * Sanity check for x550 and E610. > * When adding a new filter with flow type set to IPv4, > * the flow director mask should be configed before, > * and the L4 protocol and ports are masked. >@@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev, > if ((!del) && > (hw->mac.type == ixgbe_mac_X550 || > hw->mac.type == ixgbe_mac_X550EM_x || >- hw->mac.type == ixgbe_mac_X550EM_a) && >+ hw->mac.type == ixgbe_mac_X550EM_a || >+ hw->mac.type == ixgbe_mac_E610) && > (rule->ixgbe_fdir.formatted.flow_type == > IXGBE_ATR_FLOW_TYPE_IPV4 || > rule->ixgbe_fdir.formatted.flow_type == diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c >index 3b68d820ca..27d2ba1132 100644 >--- a/drivers/net/intel/ixgbe/ixgbe_flow.c >+++ b/drivers/net/intel/ixgbe/ixgbe_flow.c >@@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev, > > if (hw->mac.type != ixgbe_mac_X550 && > hw->mac.type != ixgbe_mac_X550EM_x && >- hw->mac.type != ixgbe_mac_X550EM_a) { >+ hw->mac.type != ixgbe_mac_X550EM_a && >+ hw->mac.type != ixgbe_mac_E610) { > memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf)); > rte_flow_error_set(error, EINVAL, > RTE_FLOW_ERROR_TYPE_ITEM, >diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c >index e967fe5e48..d9a775f99a 100644 >--- a/drivers/net/intel/ixgbe/ixgbe_pf.c >+++ b/drivers/net/intel/ixgbe/ixgbe_pf.c >@@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf) > uint32_t max_frs; > uint32_t hlreg0; > >- /* X540 and X550 support jumbo frames in IOV mode */ >+ /* X540, X550, and E610 support jumbo frames in IOV mode */ > if (hw->mac.type != ixgbe_mac_X540 && > hw->mac.type != ixgbe_mac_X550 && > hw->mac.type != ixgbe_mac_X550EM_x && >- hw->mac.type != ixgbe_mac_X550EM_a) { >+ hw->mac.type != ixgbe_mac_X550EM_a && >+ hw->mac.type != ixgbe_mac_E610) { > struct ixgbe_vf_info *vfinfo = > *IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private); > >diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c >index 0af04c9b0d..2857c19355 100644 >--- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c >+++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c >@@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev) > > if (hw->mac.type == ixgbe_mac_X550 || > hw->mac.type == ixgbe_mac_X550EM_x || >- hw->mac.type == ixgbe_mac_X550EM_a) >+ hw->mac.type == ixgbe_mac_X550EM_a || >+ hw->mac.type == ixgbe_mac_E610) > tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM; > > #ifdef RTE_LIB_SECURITY >@@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev) > > if (hw->mac.type == ixgbe_mac_X550 || > hw->mac.type == ixgbe_mac_X550EM_x || >- hw->mac.type == ixgbe_mac_X550EM_a) >+ hw->mac.type == ixgbe_mac_X550EM_a || >+ hw->mac.type == ixgbe_mac_E610) > offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM; > > #ifdef RTE_LIB_SECURITY >@@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev, > > /* > * The packet type in RX descriptor is different for different NICs. >- * Some bits are used for x550 but reserved for other NICS. >+ * Some bits are used for x550 and E610 but reserved for other NICS. > * So set different masks for different NICs. > */ > if (hw->mac.type == ixgbe_mac_X550 || >@@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev, > hw->mac.type == ixgbe_mac_X550EM_a || > hw->mac.type == ixgbe_mac_X550_vf || > hw->mac.type == ixgbe_mac_X550EM_x_vf || >- hw->mac.type == ixgbe_mac_X550EM_a_vf) >+ hw->mac.type == ixgbe_mac_X550EM_a_vf || >+ hw->mac.type == ixgbe_mac_E610) > rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550; > else > rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599; @@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev) > if (hw->mac.type == ixgbe_mac_X540 || > hw->mac.type == ixgbe_mac_X550 || > hw->mac.type == ixgbe_mac_X550EM_x || >- hw->mac.type == ixgbe_mac_X550EM_a) >+ hw->mac.type == ixgbe_mac_X550EM_a || >+ hw->mac.type == ixgbe_mac_E610) > ixgbe_setup_loopback_link_x540_x550(hw, false); > } > } Reviewed-by: Piotr Kwapulinski <piotr.kwapulinski@intel.com> ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows 2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov 2026-02-11 13:49 ` [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov @ 2026-02-11 13:49 ` Anatoly Burakov 2026-02-11 15:28 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 3/9] net/i40e: move FDIR config to flow create Anatoly Burakov ` (6 subsequent siblings) 8 siblings, 1 reply; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau Currently, security flows are implemented as a special case and do not go through the normal flow create/destroy infrastructure. However, because of that, it is impossible to destroy such flows once created. Fix it by adding a flag to rte_flow indicating that it is a security flow, so that it can be destroyed later. Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 ++ drivers/net/intel/ixgbe/ixgbe_flow.c | 11 ++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.h b/drivers/net/intel/ixgbe/ixgbe_ethdev.h index 5393c81363..5dbd659941 100644 --- a/drivers/net/intel/ixgbe/ixgbe_ethdev.h +++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.h @@ -359,6 +359,8 @@ struct ixgbe_l2_tn_info { struct rte_flow { enum rte_filter_type filter_type; + /* security flows are not rte_filter_type */ + bool is_security; void *rule; }; diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 27d2ba1132..066a69eb12 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -3062,8 +3062,10 @@ ixgbe_flow_create(struct rte_eth_dev *dev, #ifdef RTE_LIB_SECURITY /* ESP flow not really a flow*/ - if (ntuple_filter.proto == IPPROTO_ESP) + if (ntuple_filter.proto == IPPROTO_ESP) { + flow->is_security = true; return flow; + } #endif if (!ret) { @@ -3350,6 +3352,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev, IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private); struct ixgbe_rss_conf_ele *rss_filter_ptr; + /* Special case for SECURITY flows */ + if (flow->is_security) { + ret = 0; + goto free; + } + switch (filter_type) { case RTE_ETH_FILTER_NTUPLE: ntuple_filter_ptr = (struct ixgbe_ntuple_filter_ele *) @@ -3442,6 +3450,7 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev, return ret; } +free: TAILQ_FOREACH(ixgbe_flow_mem_ptr, &ixgbe_flow_list, entries) { if (ixgbe_flow_mem_ptr->flow == pmd_flow) { TAILQ_REMOVE(&ixgbe_flow_list, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows 2026-02-11 13:49 ` [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows Anatoly Burakov @ 2026-02-11 15:28 ` Medvedkin, Vladimir 0 siblings, 0 replies; 83+ messages in thread From: Medvedkin, Vladimir @ 2026-02-11 15:28 UTC (permalink / raw) To: Anatoly Burakov, dev, Declan Doherty, Radu Nicolau On 2/11/2026 1:49 PM, Anatoly Burakov wrote: > Currently, security flows are implemented as a special case and do not go > through the normal flow create/destroy infrastructure. However, because of > that, it is impossible to destroy such flows once created. Fix it by adding > a flag to rte_flow indicating that it is a security flow, so that it can be > destroyed later. > > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") > Cc: radu.nicolau@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- > drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 ++ > drivers/net/intel/ixgbe/ixgbe_flow.c | 11 ++++++++++- > 2 files changed, 12 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.h b/drivers/net/intel/ixgbe/ixgbe_ethdev.h > index 5393c81363..5dbd659941 100644 > --- a/drivers/net/intel/ixgbe/ixgbe_ethdev.h > +++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.h > @@ -359,6 +359,8 @@ struct ixgbe_l2_tn_info { > > struct rte_flow { > enum rte_filter_type filter_type; > + /* security flows are not rte_filter_type */ > + bool is_security; > void *rule; > }; > > diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c > index 27d2ba1132..066a69eb12 100644 > --- a/drivers/net/intel/ixgbe/ixgbe_flow.c > +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c > @@ -3062,8 +3062,10 @@ ixgbe_flow_create(struct rte_eth_dev *dev, > > #ifdef RTE_LIB_SECURITY > /* ESP flow not really a flow*/ > - if (ntuple_filter.proto == IPPROTO_ESP) > + if (ntuple_filter.proto == IPPROTO_ESP) { > + flow->is_security = true; > return flow; here previous call ixgbe_parse_ntuple_filter() may return an error even if ntuple_filter.proto is IPPROTO_ESP. From cons_parse_ntuple_filter(): filter->proto = IPPROTO_ESP; return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec, item->type == RTE_FLOW_ITEM_TYPE_IPV6); ixgbe_crypto_add_ingress_sa_from_flow() may fail. > + } > #endif > > if (!ret) { > @@ -3350,6 +3352,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev, > IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private); > struct ixgbe_rss_conf_ele *rss_filter_ptr; > > + /* Special case for SECURITY flows */ > + if (flow->is_security) { > + ret = 0; > + goto free; > + } > + > switch (filter_type) { > case RTE_ETH_FILTER_NTUPLE: > ntuple_filter_ptr = (struct ixgbe_ntuple_filter_ele *) > @@ -3442,6 +3450,7 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev, > return ret; > } > > +free: > TAILQ_FOREACH(ixgbe_flow_mem_ptr, &ixgbe_flow_list, entries) { > if (ixgbe_flow_mem_ptr->flow == pmd_flow) { > TAILQ_REMOVE(&ixgbe_flow_list, -- Regards, Vladimir ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v4 3/9] net/i40e: move FDIR config to flow create 2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov 2026-02-11 13:49 ` [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-11 13:49 ` [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows Anatoly Burakov @ 2026-02-11 13:49 ` Anatoly Burakov 2026-02-11 15:38 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 4/9] net/i40e: fix IPv6 GTPU handling Anatoly Burakov ` (5 subsequent siblings) 8 siblings, 1 reply; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw) To: dev, Bruce Richardson, Xiaoyun Li, Beilei Xing Currently, FDIR filter parsing function will modify FDIR state after a successful match. However, this function is called from both flow create and flow validate, which results in the driver modifying FDIR state after a flow validate call. Move the FDIR config to flow create. Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++---------------- 1 file changed, 23 insertions(+), 28 deletions(-) diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c index f130f53ae0..193b1b6725 100644 --- a/drivers/net/intel/i40e/i40e_flow.c +++ b/drivers/net/intel/i40e/i40e_flow.c @@ -2551,9 +2551,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev, struct rte_flow_error *error, union i40e_filter_t *filter) { - struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private); - struct i40e_fdir_filter_conf *fdir_filter = - &filter->fdir_filter; + struct i40e_fdir_filter_conf *fdir_filter = &filter->fdir_filter; int ret; ret = i40e_flow_parse_fdir_pattern(dev, pattern, error, fdir_filter); @@ -2570,32 +2568,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev, cons_filter_type = RTE_ETH_FILTER_FDIR; - if (pf->fdir.fdir_vsi == NULL) { - /* Enable fdir when fdir flow is added at first time. */ - ret = i40e_fdir_setup(pf); - if (ret != I40E_SUCCESS) { - rte_flow_error_set(error, ENOTSUP, - RTE_FLOW_ERROR_TYPE_HANDLE, - NULL, "Failed to setup fdir."); - return -rte_errno; - } - ret = i40e_fdir_configure(dev); - if (ret < 0) { - rte_flow_error_set(error, ENOTSUP, - RTE_FLOW_ERROR_TYPE_HANDLE, - NULL, "Failed to configure fdir."); - goto err; - } - } - - /* If create the first fdir rule, enable fdir check for rx queues */ - if (TAILQ_EMPTY(&pf->fdir.fdir_list)) - i40e_fdir_rx_proc_enable(dev, 1); - return 0; -err: - i40e_fdir_teardown(pf); - return -rte_errno; } /* Parse to get the action info of a tunnel filter @@ -3921,6 +3894,28 @@ i40e_flow_create(struct rte_eth_dev *dev, return NULL; if (cons_filter_type == RTE_ETH_FILTER_FDIR) { + /* if this is the first time we're creating an fdir flow */ + if (pf->fdir.fdir_vsi == NULL) { + ret = i40e_fdir_setup(pf); + if (ret != I40E_SUCCESS) { + rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_HANDLE, + NULL, "Failed to setup fdir."); + return NULL; + } + ret = i40e_fdir_configure(dev); + if (ret < 0) { + rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_HANDLE, + NULL, "Failed to configure fdir."); + i40e_fdir_teardown(pf); + return NULL; + } + } + /* If create the first fdir rule, enable fdir check for rx queues */ + if (TAILQ_EMPTY(&pf->fdir.fdir_list)) + i40e_fdir_rx_proc_enable(dev, 1); + flow = i40e_fdir_entry_pool_get(fdir_info); if (flow == NULL) { rte_flow_error_set(error, ENOBUFS, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v4 3/9] net/i40e: move FDIR config to flow create 2026-02-11 13:49 ` [PATCH v4 3/9] net/i40e: move FDIR config to flow create Anatoly Burakov @ 2026-02-11 15:38 ` Medvedkin, Vladimir 0 siblings, 0 replies; 83+ messages in thread From: Medvedkin, Vladimir @ 2026-02-11 15:38 UTC (permalink / raw) To: Anatoly Burakov, dev, Bruce Richardson, Xiaoyun Li, Beilei Xing Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> On 2/11/2026 1:49 PM, Anatoly Burakov wrote: > Currently, FDIR filter parsing function will modify FDIR state after a > successful match. However, this function is called from both flow create > and flow validate, which results in the driver modifying FDIR state after > a flow validate call. Move the FDIR config to flow create. > > Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically") > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- > drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++---------------- > 1 file changed, 23 insertions(+), 28 deletions(-) > <snip> -- Regards, Vladimir ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v4 4/9] net/i40e: fix IPv6 GTPU handling 2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (2 preceding siblings ...) 2026-02-11 13:49 ` [PATCH v4 3/9] net/i40e: move FDIR config to flow create Anatoly Burakov @ 2026-02-11 13:49 ` Anatoly Burakov 2026-02-11 15:40 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 5/9] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov ` (4 subsequent siblings) 8 siblings, 1 reply; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw) To: dev, Bruce Richardson, Jingjing Wu, Beilei Xing GTP tunnel code declares support for IPv6 GTPU flows but does not actually handle IPv6 flow pattern item, resulting in incorrect parsing for IPv6 GTPU flows. Add IPv6 flow item handling. Fixes: 47ba0398da3f ("net/i40e: add cloud filter parsing function for GTP") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/i40e/i40e_flow.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c index 193b1b6725..2374b9bbca 100644 --- a/drivers/net/intel/i40e/i40e_flow.c +++ b/drivers/net/intel/i40e/i40e_flow.c @@ -3580,6 +3580,19 @@ i40e_flow_parse_gtp_pattern(struct rte_eth_dev *dev, return -rte_errno; } break; + case RTE_FLOW_ITEM_TYPE_IPV6: + filter->ip_type = I40E_TUNNEL_IPTYPE_IPV6; + /* IPv6 is used to describe protocol, + * spec and mask should be NULL. + */ + if (item->spec || item->mask) { + rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, + item, + "Invalid IPv6 item"); + return -rte_errno; + } + break; case RTE_FLOW_ITEM_TYPE_UDP: if (item->spec || item->mask) { rte_flow_error_set(error, EINVAL, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v4 4/9] net/i40e: fix IPv6 GTPU handling 2026-02-11 13:49 ` [PATCH v4 4/9] net/i40e: fix IPv6 GTPU handling Anatoly Burakov @ 2026-02-11 15:40 ` Medvedkin, Vladimir 0 siblings, 0 replies; 83+ messages in thread From: Medvedkin, Vladimir @ 2026-02-11 15:40 UTC (permalink / raw) To: Anatoly Burakov, dev, Bruce Richardson, Jingjing Wu, Beilei Xing Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> On 2/11/2026 1:49 PM, Anatoly Burakov wrote: > GTP tunnel code declares support for IPv6 GTPU flows but does not actually > handle IPv6 flow pattern item, resulting in incorrect parsing for IPv6 > GTPU flows. Add IPv6 flow item handling. > > Fixes: 47ba0398da3f ("net/i40e: add cloud filter parsing function for GTP") > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- > drivers/net/intel/i40e/i40e_flow.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c > index 193b1b6725..2374b9bbca 100644 > --- a/drivers/net/intel/i40e/i40e_flow.c > +++ b/drivers/net/intel/i40e/i40e_flow.c > @@ -3580,6 +3580,19 @@ i40e_flow_parse_gtp_pattern(struct rte_eth_dev *dev, > return -rte_errno; > } > break; > + case RTE_FLOW_ITEM_TYPE_IPV6: > + filter->ip_type = I40E_TUNNEL_IPTYPE_IPV6; > + /* IPv6 is used to describe protocol, > + * spec and mask should be NULL. > + */ > + if (item->spec || item->mask) { > + rte_flow_error_set(error, EINVAL, > + RTE_FLOW_ERROR_TYPE_ITEM, > + item, > + "Invalid IPv6 item"); > + return -rte_errno; > + } > + break; > case RTE_FLOW_ITEM_TYPE_UDP: > if (item->spec || item->mask) { > rte_flow_error_set(error, EINVAL, -- Regards, Vladimir ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v4 5/9] net/iavf: fix memory leak on egress IPsec flows 2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (3 preceding siblings ...) 2026-02-11 13:49 ` [PATCH v4 4/9] net/i40e: fix IPv6 GTPU handling Anatoly Burakov @ 2026-02-11 13:49 ` Anatoly Burakov 2026-02-11 15:45 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 6/9] net/iavf: fix memory leak on uninit Anatoly Burakov ` (3 subsequent siblings) 8 siblings, 1 reply; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Jingjing Wu, Radu Nicolau, Declan Doherty, Abhijit Sinha When creating egress IPsec flows, no action need to be done in hardware, as this is just a software association. However, because we do not write anything to the rte_flow entry, subsequent destroy call will not destroy this kind of flow, because it expects a valid engine to be set for every flow. This results in memory unable to be freed back to the system. In addition to that, when creating these flows, we do not actually store the rte_flow pointer anywhere, so even if the user has triggered `uninit` (which would have freed the flow), this flow isn't in the list so it would never get freed. Fix this by marking the flow as egress IPsec flows, adding it to the tailq, and changing the `destroy` code to take all of that into account. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> --- drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++----- drivers/net/intel/iavf/iavf_generic_flow.h | 1 + 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c index 6f6e95fc45..02917f863d 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.c +++ b/drivers/net/intel/iavf/iavf_generic_flow.c @@ -2265,8 +2265,10 @@ iavf_flow_create(struct rte_eth_dev *dev, } /* Special case for inline crypto egress flows */ - if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) - goto free_flow; + if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) { + flow->is_ipsec_egress_flow = true; + goto tailq_insert; + } ret = iavf_flow_process_filter(dev, flow, attr, pattern, actions, &engine, iavf_parse_engine_create, error); @@ -2278,6 +2280,7 @@ iavf_flow_create(struct rte_eth_dev *dev, } flow->engine = engine; +tailq_insert: rte_spinlock_lock(&vf->flow_ops_lock); TAILQ_INSERT_TAIL(&vf->flow_list, flow, node); rte_spinlock_unlock(&vf->flow_ops_lock); @@ -2293,7 +2296,14 @@ iavf_flow_is_valid(struct rte_flow *flow) struct iavf_flow_engine *engine; void *temp; - if (flow && flow->engine) { + if (flow == NULL) + return false; + + /* these flows don't use engines */ + if (flow->is_ipsec_egress_flow) + return true; + + if (flow->engine) { RTE_TAILQ_FOREACH_SAFE(engine, &engine_list, node, temp) { if (engine == flow->engine) return true; @@ -2311,18 +2321,26 @@ iavf_flow_destroy(struct rte_eth_dev *dev, struct iavf_adapter *ad = IAVF_DEV_PRIVATE_TO_ADAPTER(dev->data->dev_private); struct iavf_info *vf = IAVF_DEV_PRIVATE_TO_VF(ad); + bool need_destroy; int ret = 0; - if (!iavf_flow_is_valid(flow) || !flow->engine->destroy) { + if (!iavf_flow_is_valid(flow)) { rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_HANDLE, NULL, "Invalid flow destroy"); return -rte_errno; } + need_destroy = !flow->is_ipsec_egress_flow; + + if (need_destroy && flow->engine->destroy == NULL) { + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_HANDLE, NULL, + "Invalid flow destroy"); + } rte_spinlock_lock(&vf->flow_ops_lock); - - ret = flow->engine->destroy(ad, flow, error); + if (need_destroy) + ret = flow->engine->destroy(ad, flow, error); if (!ret) { TAILQ_REMOVE(&vf->flow_list, flow, node); diff --git a/drivers/net/intel/iavf/iavf_generic_flow.h b/drivers/net/intel/iavf/iavf_generic_flow.h index 60d8ab02b4..b11bb4cf2b 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.h +++ b/drivers/net/intel/iavf/iavf_generic_flow.h @@ -517,6 +517,7 @@ TAILQ_HEAD(iavf_engine_list, iavf_flow_engine); /* Struct to store flow created. */ struct rte_flow { TAILQ_ENTRY(rte_flow) node; + bool is_ipsec_egress_flow; struct iavf_flow_engine *engine; void *rule; }; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v4 5/9] net/iavf: fix memory leak on egress IPsec flows 2026-02-11 13:49 ` [PATCH v4 5/9] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov @ 2026-02-11 15:45 ` Medvedkin, Vladimir 0 siblings, 0 replies; 83+ messages in thread From: Medvedkin, Vladimir @ 2026-02-11 15:45 UTC (permalink / raw) To: Anatoly Burakov, dev, Jingjing Wu, Radu Nicolau, Declan Doherty, Abhijit Sinha Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> On 2/11/2026 1:49 PM, Anatoly Burakov wrote: > When creating egress IPsec flows, no action need to be done in hardware, as > this is just a software association. However, because we do not write > anything to the rte_flow entry, subsequent destroy call will not destroy > this kind of flow, because it expects a valid engine to be set for every > flow. This results in memory unable to be freed back to the system. > > In addition to that, when creating these flows, we do not actually store > the rte_flow pointer anywhere, so even if the user has triggered `uninit` > (which would have freed the flow), this flow isn't in the list so it would > never get freed. > > Fix this by marking the flow as egress IPsec flows, adding it to the tailq, > and changing the `destroy` code to take all of that into account. > > Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") > Cc: radu.nicolau@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > Acked-by: Radu Nicolau <radu.nicolau@intel.com> > --- > drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++----- > drivers/net/intel/iavf/iavf_generic_flow.h | 1 + > 2 files changed, 25 insertions(+), 6 deletions(-) > <snip> -- Regards, Vladimir ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v4 6/9] net/iavf: fix memory leak on uninit 2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (4 preceding siblings ...) 2026-02-11 13:49 ` [PATCH v4 5/9] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov @ 2026-02-11 13:49 ` Anatoly Burakov 2026-02-11 15:52 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 7/9] net/iavf: fix IPv4 flow subscription Anatoly Burakov ` (2 subsequent siblings) 8 siblings, 1 reply; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Declan Doherty, Abhijit Sinha, Jingjing Wu, Radu Nicolau When IPsec is initialized, parsers and engines are registered into the common infrastructure. However, during deinitialization, they are not cleaned up. Fix it by including IPsec engines in the cleanup. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> --- drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c index 02917f863d..42ecc90d1d 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.c +++ b/drivers/net/intel/iavf/iavf_generic_flow.c @@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad) TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node); rte_free(p_parser); } + + while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) { + TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node); + rte_free(p_parser); + } } int @@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser, else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) || (parser->engine->type == IAVF_FLOW_ENGINE_FSUB)) list = &vf->dist_parser_list; + else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO) + list = &vf->ipsec_crypto_parser_list; if (list == NULL) return; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v4 6/9] net/iavf: fix memory leak on uninit 2026-02-11 13:49 ` [PATCH v4 6/9] net/iavf: fix memory leak on uninit Anatoly Burakov @ 2026-02-11 15:52 ` Medvedkin, Vladimir 0 siblings, 0 replies; 83+ messages in thread From: Medvedkin, Vladimir @ 2026-02-11 15:52 UTC (permalink / raw) To: Anatoly Burakov, dev, Declan Doherty, Abhijit Sinha, Jingjing Wu, Radu Nicolau Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> On 2/11/2026 1:49 PM, Anatoly Burakov wrote: > When IPsec is initialized, parsers and engines are registered into the > common infrastructure. However, during deinitialization, they are not > cleaned up. Fix it by including IPsec engines in the cleanup. > > Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") > Cc: radu.nicolau@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > Acked-by: Radu Nicolau <radu.nicolau@intel.com> > --- > drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c > index 02917f863d..42ecc90d1d 100644 > --- a/drivers/net/intel/iavf/iavf_generic_flow.c > +++ b/drivers/net/intel/iavf/iavf_generic_flow.c > @@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad) > TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node); > rte_free(p_parser); > } > + > + while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) { > + TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node); > + rte_free(p_parser); > + } > } > > int > @@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser, > else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) || > (parser->engine->type == IAVF_FLOW_ENGINE_FSUB)) > list = &vf->dist_parser_list; > + else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO) > + list = &vf->ipsec_crypto_parser_list; > > if (list == NULL) > return; -- Regards, Vladimir ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v4 7/9] net/iavf: fix IPv4 flow subscription 2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (5 preceding siblings ...) 2026-02-11 13:49 ` [PATCH v4 6/9] net/iavf: fix memory leak on uninit Anatoly Burakov @ 2026-02-11 13:49 ` Anatoly Burakov 2026-02-11 15:53 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 8/9] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov 2026-02-11 13:49 ` [PATCH v4 9/9] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov 8 siblings, 1 reply; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Jie Wang, Qi Zhang Currently, when IPv4 is parsed as part of flow subscription input set, we add two bytes to the total number of bytes in the input set for IPv4 source or destination addresses, whereas they should be 4 bytes. Fix to add the correct number of bytes. Fixes: 6d42380e5983 ("net/iavf: add flow subscrption supported pattern") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/iavf/iavf_fsub.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/intel/iavf/iavf_fsub.c b/drivers/net/intel/iavf/iavf_fsub.c index 18df9c6500..cf1030320f 100644 --- a/drivers/net/intel/iavf/iavf_fsub.c +++ b/drivers/net/intel/iavf/iavf_fsub.c @@ -314,11 +314,11 @@ iavf_fsub_parse_pattern(const struct rte_flow_item pattern[], if (ipv4_mask->hdr.src_addr) { *input |= IAVF_INSET_IPV4_SRC; - input_set_byte += 2; + input_set_byte += 4; } if (ipv4_mask->hdr.dst_addr) { *input |= IAVF_INSET_IPV4_DST; - input_set_byte += 2; + input_set_byte += 4; } if (ipv4_mask->hdr.time_to_live) { *input |= IAVF_INSET_IPV4_TTL; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v4 7/9] net/iavf: fix IPv4 flow subscription 2026-02-11 13:49 ` [PATCH v4 7/9] net/iavf: fix IPv4 flow subscription Anatoly Burakov @ 2026-02-11 15:53 ` Medvedkin, Vladimir 0 siblings, 0 replies; 83+ messages in thread From: Medvedkin, Vladimir @ 2026-02-11 15:53 UTC (permalink / raw) To: Anatoly Burakov, dev, Jie Wang, Qi Zhang Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> On 2/11/2026 1:49 PM, Anatoly Burakov wrote: > Currently, when IPv4 is parsed as part of flow subscription input set, we > add two bytes to the total number of bytes in the input set for IPv4 source > or destination addresses, whereas they should be 4 bytes. Fix to add the > correct number of bytes. > > Fixes: 6d42380e5983 ("net/iavf: add flow subscrption supported pattern") > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- > drivers/net/intel/iavf/iavf_fsub.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/net/intel/iavf/iavf_fsub.c b/drivers/net/intel/iavf/iavf_fsub.c > index 18df9c6500..cf1030320f 100644 > --- a/drivers/net/intel/iavf/iavf_fsub.c > +++ b/drivers/net/intel/iavf/iavf_fsub.c > @@ -314,11 +314,11 @@ iavf_fsub_parse_pattern(const struct rte_flow_item pattern[], > > if (ipv4_mask->hdr.src_addr) { > *input |= IAVF_INSET_IPV4_SRC; > - input_set_byte += 2; > + input_set_byte += 4; > } > if (ipv4_mask->hdr.dst_addr) { > *input |= IAVF_INSET_IPV4_DST; > - input_set_byte += 2; > + input_set_byte += 4; > } > if (ipv4_mask->hdr.time_to_live) { > *input |= IAVF_INSET_IPV4_TTL; -- Regards, Vladimir ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v4 8/9] net/ice: fix memory leak in DCF QoS bandwidth config 2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (6 preceding siblings ...) 2026-02-11 13:49 ` [PATCH v4 7/9] net/iavf: fix IPv4 flow subscription Anatoly Burakov @ 2026-02-11 13:49 ` Anatoly Burakov 2026-02-11 15:56 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 9/9] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov 8 siblings, 1 reply; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw) To: dev, Bruce Richardson, Qi Zhang, Ting Xu, Qiming Yang Currently, when committing DCF QoS bandwidth configuration for VFs and TCs, we are using rte_zmalloc followed by copying the data to persistent storage and then discarding the temporary buffers. This is not needed as these temporary buffers are not being stored anywhere, so replace them with regular calloc. However, because the original code was missing a corresponding `rte_free()` call for these temporary allocations, this also fixes a memory leak. Fixes: 3a6bfc37eaf4 ("net/ice: support QoS config VF bandwidth in DCF") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/ice/ice_dcf_sched.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/net/intel/ice/ice_dcf_sched.c b/drivers/net/intel/ice/ice_dcf_sched.c index 2832d223d1..645f1373f4 100644 --- a/drivers/net/intel/ice/ice_dcf_sched.c +++ b/drivers/net/intel/ice/ice_dcf_sched.c @@ -746,8 +746,8 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, { struct ice_dcf_adapter *adapter = dev->data->dev_private; struct ice_dcf_hw *hw = &adapter->real_hw; - struct virtchnl_dcf_bw_cfg_list *vf_bw; - struct virtchnl_dcf_bw_cfg_list *tc_bw; + struct virtchnl_dcf_bw_cfg_list *vf_bw = NULL; + struct virtchnl_dcf_bw_cfg_list *tc_bw = NULL; struct ice_dcf_tm_node_list *vsi_list = &hw->tm_conf.vsi_list; struct rte_tm_shaper_params *profile; struct ice_dcf_tm_node *tm_node; @@ -770,12 +770,12 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, size = sizeof(struct virtchnl_dcf_bw_cfg_list) + sizeof(struct virtchnl_dcf_bw_cfg) * (hw->tm_conf.nb_tc_node - 1); - vf_bw = rte_zmalloc("vf_bw", size, 0); + vf_bw = calloc(1, size); if (!vf_bw) { ret_val = ICE_ERR_NO_MEMORY; goto fail_clear; } - tc_bw = rte_zmalloc("tc_bw", size, 0); + tc_bw = calloc(1, size); if (!tc_bw) { ret_val = ICE_ERR_NO_MEMORY; goto fail_clear; @@ -875,6 +875,11 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, return ret_val; fail_clear: + if (vf_bw != NULL) + free(vf_bw); + if (tc_bw != NULL) + free(tc_bw); + /* clear all the traffic manager configuration */ if (clear_on_fail) { ice_dcf_tm_conf_uninit(dev); -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v4 8/9] net/ice: fix memory leak in DCF QoS bandwidth config 2026-02-11 13:49 ` [PATCH v4 8/9] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov @ 2026-02-11 15:56 ` Medvedkin, Vladimir 0 siblings, 0 replies; 83+ messages in thread From: Medvedkin, Vladimir @ 2026-02-11 15:56 UTC (permalink / raw) To: Anatoly Burakov, dev, Bruce Richardson, Qi Zhang, Ting Xu, Qiming Yang Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> On 2/11/2026 1:49 PM, Anatoly Burakov wrote: > Currently, when committing DCF QoS bandwidth configuration for VFs and TCs, > we are using rte_zmalloc followed by copying the data to persistent storage > and then discarding the temporary buffers. This is not needed as these > temporary buffers are not being stored anywhere, so replace them with > regular calloc. However, because the original code was missing a > corresponding `rte_free()` call for these temporary allocations, this > also fixes a memory leak. > > Fixes: 3a6bfc37eaf4 ("net/ice: support QoS config VF bandwidth in DCF") > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- > drivers/net/intel/ice/ice_dcf_sched.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) > > diff --git a/drivers/net/intel/ice/ice_dcf_sched.c b/drivers/net/intel/ice/ice_dcf_sched.c > index 2832d223d1..645f1373f4 100644 > --- a/drivers/net/intel/ice/ice_dcf_sched.c > +++ b/drivers/net/intel/ice/ice_dcf_sched.c > @@ -746,8 +746,8 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, > { > struct ice_dcf_adapter *adapter = dev->data->dev_private; > struct ice_dcf_hw *hw = &adapter->real_hw; > - struct virtchnl_dcf_bw_cfg_list *vf_bw; > - struct virtchnl_dcf_bw_cfg_list *tc_bw; > + struct virtchnl_dcf_bw_cfg_list *vf_bw = NULL; > + struct virtchnl_dcf_bw_cfg_list *tc_bw = NULL; > struct ice_dcf_tm_node_list *vsi_list = &hw->tm_conf.vsi_list; > struct rte_tm_shaper_params *profile; > struct ice_dcf_tm_node *tm_node; > @@ -770,12 +770,12 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, > size = sizeof(struct virtchnl_dcf_bw_cfg_list) + > sizeof(struct virtchnl_dcf_bw_cfg) * > (hw->tm_conf.nb_tc_node - 1); > - vf_bw = rte_zmalloc("vf_bw", size, 0); > + vf_bw = calloc(1, size); > if (!vf_bw) { > ret_val = ICE_ERR_NO_MEMORY; > goto fail_clear; > } > - tc_bw = rte_zmalloc("tc_bw", size, 0); > + tc_bw = calloc(1, size); > if (!tc_bw) { > ret_val = ICE_ERR_NO_MEMORY; > goto fail_clear; > @@ -875,6 +875,11 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, > return ret_val; > > fail_clear: > + if (vf_bw != NULL) > + free(vf_bw); > + if (tc_bw != NULL) > + free(tc_bw); > + > /* clear all the traffic manager configuration */ > if (clear_on_fail) { > ice_dcf_tm_conf_uninit(dev); -- Regards, Vladimir ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v4 9/9] net/ice: fix memory leak in FDIR flow parsing 2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (7 preceding siblings ...) 2026-02-11 13:49 ` [PATCH v4 8/9] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov @ 2026-02-11 13:49 ` Anatoly Burakov 2026-02-11 16:06 ` Medvedkin, Vladimir 8 siblings, 1 reply; 83+ messages in thread From: Anatoly Burakov @ 2026-02-11 13:49 UTC (permalink / raw) To: dev, Bruce Richardson, Junfeng Guo, Qi Zhang Currently, RAW pattern parsing will cause a `pkt_buf` buffer to be allocated to store parsed RAW pattern bytes. All error paths handle the deallocation correctly, and the buffer will then be passed to FDIR filter create function which also handles the presence of the buffer correctly, and it is also freed correctly in destroy function. However, rte_flow_validate will go through the same code path, but will not call FDIR create/destroy nor even store the pointer, because `meta` variable inside the flow parsing function will be set to NULL, which will cause this memory to be leaked (and memset(0)-ed next time we try to create/validate another flow). Fix it by freeing the `pkt_buf` when `meta` is NULL. Fixes: 25be39cc1760 ("net/ice: enable protocol agnostic flow offloading in FDIR") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/ice/ice_fdir_filter.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/intel/ice/ice_fdir_filter.c b/drivers/net/intel/ice/ice_fdir_filter.c index f7730ec6ab..5abdcbac7f 100644 --- a/drivers/net/intel/ice/ice_fdir_filter.c +++ b/drivers/net/intel/ice/ice_fdir_filter.c @@ -2497,8 +2497,12 @@ ice_fdir_parse(struct ice_adapter *ad, if (ret) goto error; - if (meta) + /* if meta is NULL we're validating so the flow won't be stored */ + if (meta) { *meta = filter; + } else if (filter->pkt_buf != NULL) { + rte_free(filter->pkt_buf); + } rte_free(item); return ret; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v4 9/9] net/ice: fix memory leak in FDIR flow parsing 2026-02-11 13:49 ` [PATCH v4 9/9] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov @ 2026-02-11 16:06 ` Medvedkin, Vladimir 0 siblings, 0 replies; 83+ messages in thread From: Medvedkin, Vladimir @ 2026-02-11 16:06 UTC (permalink / raw) To: Anatoly Burakov, dev, Bruce Richardson, Junfeng Guo, Qi Zhang Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> On 2/11/2026 1:49 PM, Anatoly Burakov wrote: > Currently, RAW pattern parsing will cause a `pkt_buf` buffer to be > allocated to store parsed RAW pattern bytes. All error paths handle the > deallocation correctly, and the buffer will then be passed to FDIR filter > create function which also handles the presence of the buffer correctly, > and it is also freed correctly in destroy function. > > However, rte_flow_validate will go through the same code path, but will not > call FDIR create/destroy nor even store the pointer, because `meta` > variable inside the flow parsing function will be set to NULL, which will > cause this memory to be leaked (and memset(0)-ed next time we try to > create/validate another flow). > > Fix it by freeing the `pkt_buf` when `meta` is NULL. > > Fixes: 25be39cc1760 ("net/ice: enable protocol agnostic flow offloading in FDIR") > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- > drivers/net/intel/ice/ice_fdir_filter.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/intel/ice/ice_fdir_filter.c b/drivers/net/intel/ice/ice_fdir_filter.c > index f7730ec6ab..5abdcbac7f 100644 > --- a/drivers/net/intel/ice/ice_fdir_filter.c > +++ b/drivers/net/intel/ice/ice_fdir_filter.c > @@ -2497,8 +2497,12 @@ ice_fdir_parse(struct ice_adapter *ad, > if (ret) > goto error; > > - if (meta) > + /* if meta is NULL we're validating so the flow won't be stored */ > + if (meta) { > *meta = filter; > + } else if (filter->pkt_buf != NULL) { > + rte_free(filter->pkt_buf); > + } > > rte_free(item); > return ret; -- Regards, Vladimir ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's 2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov ` (5 preceding siblings ...) 2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov @ 2026-02-12 12:53 ` Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov ` (11 more replies) 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov 7 siblings, 12 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw) To: dev Various bug fixes for Intel IXGBE, I40E, ICE, and IAVF drivers v1 -> v2: - Added patches [1] [2] that were previously sent separately - Added patch fixing leak in DCF config v2 -> v3: - Added patch fixing leak in FDIR parser v3 -> v4: - Reordered patchsets by driver - Added patch to fix ixgbe security flow memory leak v4 -> v5: - Fixed build issues in DCF patch - Added three more patches to fix various bugs in IPsec [1] https://patches.dpdk.org/project/dpdk/patch/fbd32a8a688fd0ed90fcf497703edcc30f69d54d.1770643356.git.anatoly.burakov@intel.com/ [2] https://patches.dpdk.org/project/dpdk/patch/ab4f8d8cf24dcd18f0dd6da3359266083f31d789.1770642901.git.anatoly.burakov@intel.com/ Anatoly Burakov (12): net/ixgbe: add missing E610 MAC type checks net/ixgbe: fix memory leak in security flows net/ixgbe: fix potential null dereference in IPsec net/ixgbe: fix potential null dereference in IPsec net/ixgbe: fix wrong pointer handling in IPsec net/i40e: move FDIR config to flow create net/i40e: fix IPv6 GTPU handling net/iavf: fix memory leak on egress IPsec flows net/iavf: fix memory leak on uninit net/iavf: fix IPv4 flow subscription net/ice: fix memory leak in DCF QoS bandwidth config net/ice: fix memory leak in FDIR flow parsing drivers/net/intel/i40e/i40e_flow.c | 64 ++++++++++++---------- drivers/net/intel/iavf/iavf_fsub.c | 4 +- drivers/net/intel/iavf/iavf_generic_flow.c | 37 +++++++++++-- drivers/net/intel/iavf/iavf_generic_flow.h | 1 + drivers/net/intel/ice/ice_dcf_sched.c | 15 +++-- drivers/net/intel/ice/ice_fdir_filter.c | 8 ++- drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +-- drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++---- drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 + drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 ++- drivers/net/intel/ixgbe/ixgbe_flow.c | 43 +++++++++++++-- drivers/net/intel/ixgbe/ixgbe_ipsec.c | 19 +++---- drivers/net/intel/ixgbe/ixgbe_ipsec.h | 16 +++++- drivers/net/intel/ixgbe/ixgbe_pf.c | 5 +- drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++-- 15 files changed, 185 insertions(+), 88 deletions(-) -- 2.47.3 ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v5 01/12] net/ixgbe: add missing E610 MAC type checks 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov @ 2026-02-12 12:53 ` Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov ` (10 subsequent siblings) 11 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Piotr Kwapulinski, Carolyn Wyborny, Jedrzej Jagielski A few E610 MAC type checks were missing (verified using E610 datasheet). Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> Reviewed-by: Piotr Kwapulinski <piotr.kwapulinski@intel.com> --- drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +----- drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++-------- drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++--- drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++- drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++-- drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++---- 6 files changed, 39 insertions(+), 28 deletions(-) diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h index 6ef965dbb6..eb73bc8b17 100644 --- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h +++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h @@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status) dir_sdo = IXGBE_ESDP_SDP6_DIR; break; case ixgbe_mac_X540: - sck = IXGBE_ESDP_SDP2; - sdi = IXGBE_ESDP_SDP0; - sdo = IXGBE_ESDP_SDP1; - dir_sck = IXGBE_ESDP_SDP2_DIR; - dir_sdi = IXGBE_ESDP_SDP0_DIR; - dir_sdo = IXGBE_ESDP_SDP1_DIR; - break; case ixgbe_mac_X550: case ixgbe_mac_X550EM_x: case ixgbe_mac_X550EM_a: + case ixgbe_mac_E610: sck = IXGBE_ESDP_SDP2; sdi = IXGBE_ESDP_SDP0; sdo = IXGBE_ESDP_SDP1; diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c index 89a799762f..11500a923c 100644 --- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c +++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c @@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev, (hw->mac.type != ixgbe_mac_X540) && (hw->mac.type != ixgbe_mac_X550) && (hw->mac.type != ixgbe_mac_X550EM_x) && - (hw->mac.type != ixgbe_mac_X550EM_a)) + (hw->mac.type != ixgbe_mac_X550EM_a) && + (hw->mac.type != ixgbe_mac_E610)) return -ENOSYS; PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d", @@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev) ctrl |= IXGBE_EXTENDED_VLAN; IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl); - /* Clear pooling mode of PFVTCTL. It's required by X550. */ + /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) { + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) { ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL); ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK; IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl); @@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev) case ixgbe_mac_X550: case ixgbe_mac_X550EM_x: case ixgbe_mac_X550EM_a: + case ixgbe_mac_E610: speed = IXGBE_LINK_SPEED_X550_AUTONEG; break; default: @@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info) if (hw->mac.type == ixgbe_mac_X540 || hw->mac.type == ixgbe_mac_X540_vf || hw->mac.type == ixgbe_mac_X550 || - hw->mac.type == ixgbe_mac_X550_vf) { + hw->mac.type == ixgbe_mac_X550_vf || + hw->mac.type == ixgbe_mac_E610) { dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M; } - if (hw->mac.type == ixgbe_mac_X550) { + if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610) { dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G; dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G; } @@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw) if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en) if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c index 97ef185583..0bdfbd411a 100644 --- a/drivers/net/intel/ixgbe/ixgbe_fdir.c +++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c @@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev) hw->mac.type != ixgbe_mac_E610) return -ENOSYS; - /* x550 supports mac-vlan and tunnel mode but other NICs not */ + /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not */ if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610 && mode != RTE_FDIR_MODE_SIGNATURE && mode != RTE_FDIR_MODE_PERFECT) return -ENOSYS; @@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev, return -ENOTSUP; /* - * Sanity check for x550. + * Sanity check for x550 and E610. * When adding a new filter with flow type set to IPv4, * the flow director mask should be configed before, * and the L4 protocol and ports are masked. @@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev, if ((!del) && (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) && + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) && (rule->ixgbe_fdir.formatted.flow_type == IXGBE_ATR_FLOW_TYPE_IPV4 || rule->ixgbe_fdir.formatted.flow_type == diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 3b68d820ca..27d2ba1132 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf)); rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ITEM, diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c index e967fe5e48..d9a775f99a 100644 --- a/drivers/net/intel/ixgbe/ixgbe_pf.c +++ b/drivers/net/intel/ixgbe/ixgbe_pf.c @@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf) uint32_t max_frs; uint32_t hlreg0; - /* X540 and X550 support jumbo frames in IOV mode */ + /* X540, X550, and E610 support jumbo frames in IOV mode */ if (hw->mac.type != ixgbe_mac_X540 && hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { struct ixgbe_vf_info *vfinfo = *IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private); diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c index 0af04c9b0d..2857c19355 100644 --- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c +++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c @@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM; #ifdef RTE_LIB_SECURITY @@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM; #ifdef RTE_LIB_SECURITY @@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev, /* * The packet type in RX descriptor is different for different NICs. - * Some bits are used for x550 but reserved for other NICS. + * Some bits are used for x550 and E610 but reserved for other NICS. * So set different masks for different NICs. */ if (hw->mac.type == ixgbe_mac_X550 || @@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev, hw->mac.type == ixgbe_mac_X550EM_a || hw->mac.type == ixgbe_mac_X550_vf || hw->mac.type == ixgbe_mac_X550EM_x_vf || - hw->mac.type == ixgbe_mac_X550EM_a_vf) + hw->mac.type == ixgbe_mac_X550EM_a_vf || + hw->mac.type == ixgbe_mac_E610) rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550; else rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599; @@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X540 || hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) ixgbe_setup_loopback_link_x540_x550(hw, false); } } -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov @ 2026-02-12 12:53 ` Anatoly Burakov 2026-02-12 17:10 ` Bruce Richardson 2026-02-12 17:19 ` Radu Nicolau 2026-02-12 12:53 ` [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov ` (9 subsequent siblings) 11 siblings, 2 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau Currently, security flows are implemented as a special case and do not go through the normal flow create/destroy infrastructure. However, because of that, it is impossible to destroy such flows once created. Fix it by adding a flag to rte_flow indicating that it is a security flow, so that it can be destroyed later. Additionally, security flows return pointer to allocated `rte_flow` struct unconditionally, even though the underlying call to ipsec code might have failed. Fix that by checking the return value from the filter function before returning. Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 ++ drivers/net/intel/ixgbe/ixgbe_flow.c | 13 ++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.h b/drivers/net/intel/ixgbe/ixgbe_ethdev.h index 5393c81363..5dbd659941 100644 --- a/drivers/net/intel/ixgbe/ixgbe_ethdev.h +++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.h @@ -359,6 +359,8 @@ struct ixgbe_l2_tn_info { struct rte_flow { enum rte_filter_type filter_type; + /* security flows are not rte_filter_type */ + bool is_security; void *rule; }; diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 27d2ba1132..90072e757e 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -3062,8 +3062,12 @@ ixgbe_flow_create(struct rte_eth_dev *dev, #ifdef RTE_LIB_SECURITY /* ESP flow not really a flow*/ - if (ntuple_filter.proto == IPPROTO_ESP) + if (ntuple_filter.proto == IPPROTO_ESP) { + if (ret != 0) + goto out; + flow->is_security = true; return flow; + } #endif if (!ret) { @@ -3350,6 +3354,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev, IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private); struct ixgbe_rss_conf_ele *rss_filter_ptr; + /* Special case for SECURITY flows */ + if (flow->is_security) { + ret = 0; + goto free; + } + switch (filter_type) { case RTE_ETH_FILTER_NTUPLE: ntuple_filter_ptr = (struct ixgbe_ntuple_filter_ele *) @@ -3442,6 +3452,7 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev, return ret; } +free: TAILQ_FOREACH(ixgbe_flow_mem_ptr, &ixgbe_flow_list, entries) { if (ixgbe_flow_mem_ptr->flow == pmd_flow) { TAILQ_REMOVE(&ixgbe_flow_list, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows 2026-02-12 12:53 ` [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov @ 2026-02-12 17:10 ` Bruce Richardson 2026-02-12 17:14 ` Bruce Richardson 2026-02-13 8:44 ` Burakov, Anatoly 2026-02-12 17:19 ` Radu Nicolau 1 sibling, 2 replies; 83+ messages in thread From: Bruce Richardson @ 2026-02-12 17:10 UTC (permalink / raw) To: Anatoly Burakov; +Cc: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau On Thu, Feb 12, 2026 at 12:53:25PM +0000, Anatoly Burakov wrote: > Currently, security flows are implemented as a special case and do not go > through the normal flow create/destroy infrastructure. However, because of > that, it is impossible to destroy such flows once created. Fix it by adding > a flag to rte_flow indicating that it is a security flow, so that it can be > destroyed later. > > Additionally, security flows return pointer to allocated `rte_flow` struct > unconditionally, even though the underlying call to ipsec code might have > failed. Fix that by checking the return value from the filter function > before returning. > > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") > Cc: radu.nicolau@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Not an expert in these security flows but the patch looks ok to me. One minor nit inline below which you can take if you do a respin. Signed-off-by: Bruce Richardson <bruce.richardson@intel.com> > --- > drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 ++ > drivers/net/intel/ixgbe/ixgbe_flow.c | 13 ++++++++++++- > 2 files changed, 14 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.h b/drivers/net/intel/ixgbe/ixgbe_ethdev.h > index 5393c81363..5dbd659941 100644 > --- a/drivers/net/intel/ixgbe/ixgbe_ethdev.h > +++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.h > @@ -359,6 +359,8 @@ struct ixgbe_l2_tn_info { > > struct rte_flow { > enum rte_filter_type filter_type; > + /* security flows are not rte_filter_type */ > + bool is_security; > void *rule; > }; > > diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c > index 27d2ba1132..90072e757e 100644 > --- a/drivers/net/intel/ixgbe/ixgbe_flow.c > +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c > @@ -3062,8 +3062,12 @@ ixgbe_flow_create(struct rte_eth_dev *dev, > > #ifdef RTE_LIB_SECURITY > /* ESP flow not really a flow*/ > - if (ntuple_filter.proto == IPPROTO_ESP) > + if (ntuple_filter.proto == IPPROTO_ESP) { > + if (ret != 0) > + goto out; > + flow->is_security = true; > return flow; > + } > #endif > > if (!ret) { > @@ -3350,6 +3354,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev, > IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private); > struct ixgbe_rss_conf_ele *rss_filter_ptr; > > + /* Special case for SECURITY flows */ > + if (flow->is_security) { > + ret = 0; Rather than assigning ret explicitly here, I think it might be better just to set it = 0 at definition, and leaving this as a simple goto free. [It would also head off any future compiler warnings about ret being uninitialized :-)] > + goto free; > + } > + > switch (filter_type) { > case RTE_ETH_FILTER_NTUPLE: > ntuple_filter_ptr = (struct ixgbe_ntuple_filter_ele *) > @@ -3442,6 +3452,7 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev, > return ret; > } > > +free: > TAILQ_FOREACH(ixgbe_flow_mem_ptr, &ixgbe_flow_list, entries) { > if (ixgbe_flow_mem_ptr->flow == pmd_flow) { > TAILQ_REMOVE(&ixgbe_flow_list, > -- > 2.47.3 > ^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows 2026-02-12 17:10 ` Bruce Richardson @ 2026-02-12 17:14 ` Bruce Richardson 2026-02-13 8:44 ` Burakov, Anatoly 1 sibling, 0 replies; 83+ messages in thread From: Bruce Richardson @ 2026-02-12 17:14 UTC (permalink / raw) To: Anatoly Burakov; +Cc: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau On Thu, Feb 12, 2026 at 05:10:54PM +0000, Bruce Richardson wrote: > On Thu, Feb 12, 2026 at 12:53:25PM +0000, Anatoly Burakov wrote: > > Currently, security flows are implemented as a special case and do not go > > through the normal flow create/destroy infrastructure. However, because of > > that, it is impossible to destroy such flows once created. Fix it by adding > > a flag to rte_flow indicating that it is a security flow, so that it can be > > destroyed later. > > > > Additionally, security flows return pointer to allocated `rte_flow` struct > > unconditionally, even though the underlying call to ipsec code might have > > failed. Fix that by checking the return value from the filter function > > before returning. > > > > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") > > Cc: radu.nicolau@intel.com > > Cc: stable@dpdk.org > > > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > > Not an expert in these security flows but the patch looks ok to me. One > minor nit inline below which you can take if you do a respin. > Correction :-): Wrong shortcut used! Acked-by: Bruce Richardson <bruce.richardson@intel.com> ^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows 2026-02-12 17:10 ` Bruce Richardson 2026-02-12 17:14 ` Bruce Richardson @ 2026-02-13 8:44 ` Burakov, Anatoly 2026-02-13 8:50 ` Bruce Richardson 1 sibling, 1 reply; 83+ messages in thread From: Burakov, Anatoly @ 2026-02-13 8:44 UTC (permalink / raw) To: Bruce Richardson; +Cc: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau On 2/12/2026 6:10 PM, Bruce Richardson wrote: > On Thu, Feb 12, 2026 at 12:53:25PM +0000, Anatoly Burakov wrote: >> Currently, security flows are implemented as a special case and do not go >> through the normal flow create/destroy infrastructure. However, because of >> that, it is impossible to destroy such flows once created. Fix it by adding >> a flag to rte_flow indicating that it is a security flow, so that it can be >> destroyed later. >> >> Additionally, security flows return pointer to allocated `rte_flow` struct >> unconditionally, even though the underlying call to ipsec code might have >> failed. Fix that by checking the return value from the filter function >> before returning. >> >> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") >> Cc: radu.nicolau@intel.com >> Cc: stable@dpdk.org >> >> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> <snip> >> @@ -3350,6 +3354,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev, >> IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private); >> struct ixgbe_rss_conf_ele *rss_filter_ptr; >> >> + /* Special case for SECURITY flows */ >> + if (flow->is_security) { >> + ret = 0; > > Rather than assigning ret explicitly here, I think it might be better just > to set it = 0 at definition, and leaving this as a simple goto free. [It > would also head off any future compiler warnings about ret being > uninitialized :-)] > I actually remember a lot of commits *removing* that sort of thing, with the idea being that we *want* to have these warnings to make sure every path is covered. Additionally, I personally prefer it this way for clarity (i.e. explicitly indicating success). I can still fix it if you have strong feelings on it, but I'd rather leave it as is. -- Thanks, Anatoly ^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows 2026-02-13 8:44 ` Burakov, Anatoly @ 2026-02-13 8:50 ` Bruce Richardson 0 siblings, 0 replies; 83+ messages in thread From: Bruce Richardson @ 2026-02-13 8:50 UTC (permalink / raw) To: Burakov, Anatoly; +Cc: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau On Fri, Feb 13, 2026 at 09:44:49AM +0100, Burakov, Anatoly wrote: > On 2/12/2026 6:10 PM, Bruce Richardson wrote: > > On Thu, Feb 12, 2026 at 12:53:25PM +0000, Anatoly Burakov wrote: > > > Currently, security flows are implemented as a special case and do not go > > > through the normal flow create/destroy infrastructure. However, because of > > > that, it is impossible to destroy such flows once created. Fix it by adding > > > a flag to rte_flow indicating that it is a security flow, so that it can be > > > destroyed later. > > > > > > Additionally, security flows return pointer to allocated `rte_flow` struct > > > unconditionally, even though the underlying call to ipsec code might have > > > failed. Fix that by checking the return value from the filter function > > > before returning. > > > > > > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") > > > Cc: radu.nicolau@intel.com > > > Cc: stable@dpdk.org > > > > > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > > <snip> > > > > @@ -3350,6 +3354,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev, > > > IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private); > > > struct ixgbe_rss_conf_ele *rss_filter_ptr; > > > + /* Special case for SECURITY flows */ > > > + if (flow->is_security) { > > > + ret = 0; > > > > Rather than assigning ret explicitly here, I think it might be better just > > to set it = 0 at definition, and leaving this as a simple goto free. [It > > would also head off any future compiler warnings about ret being > > uninitialized :-)] > > > > I actually remember a lot of commits *removing* that sort of thing, with the > idea being that we *want* to have these warnings to make sure every path is > covered. Additionally, I personally prefer it this way for clarity (i.e. > explicitly indicating success). > > I can still fix it if you have strong feelings on it, but I'd rather leave > it as is. > True. It was just fresh in my mind having had to fix an issue with the hash gfni code where the compiler had failed to realise that the variable had to have been initialized and so was giving a false positive warning. If you prefer it this way, I'm ok to keep as-is. /Bruce ^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows 2026-02-12 12:53 ` [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov 2026-02-12 17:10 ` Bruce Richardson @ 2026-02-12 17:19 ` Radu Nicolau 1 sibling, 0 replies; 83+ messages in thread From: Radu Nicolau @ 2026-02-12 17:19 UTC (permalink / raw) To: Anatoly Burakov, dev, Vladimir Medvedkin, Declan Doherty On 12-Feb-26 12:53 PM, Anatoly Burakov wrote: > Currently, security flows are implemented as a special case and do not go > through the normal flow create/destroy infrastructure. However, because of > that, it is impossible to destroy such flows once created. Fix it by adding > a flag to rte_flow indicating that it is a security flow, so that it can be > destroyed later. > > Additionally, security flows return pointer to allocated `rte_flow` struct > unconditionally, even though the underlying call to ipsec code might have > failed. Fix that by checking the return value from the filter function > before returning. > > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") > Cc: radu.nicolau@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- Acked-by: Radu Nicolau <radu.nicolau@intel.com> ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov @ 2026-02-12 12:53 ` Anatoly Burakov 2026-02-12 17:13 ` Bruce Richardson 2026-02-12 17:19 ` Radu Nicolau 2026-02-12 12:53 ` [PATCH v5 04/12] " Anatoly Burakov ` (8 subsequent siblings) 11 siblings, 2 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty When parsing IPsec flows, we access the `conf` pointer unconditionally, even though it might be NULL. Fix by adding the check. Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/ixgbe/ixgbe_flow.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 90072e757e..81b983ce69 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -221,6 +221,13 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr, act = next_no_void_action(actions, NULL); if (act->type == RTE_FLOW_ACTION_TYPE_SECURITY) { const void *conf = act->conf; + + if (conf == NULL) { + rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ACTION_CONF, + act, "NULL security conf."); + return -rte_errno; + } /* check if the next not void item is END */ act = next_no_void_action(actions, act); if (act->type != RTE_FLOW_ACTION_TYPE_END) { -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec 2026-02-12 12:53 ` [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov @ 2026-02-12 17:13 ` Bruce Richardson 2026-02-12 17:19 ` Radu Nicolau 1 sibling, 0 replies; 83+ messages in thread From: Bruce Richardson @ 2026-02-12 17:13 UTC (permalink / raw) To: Anatoly Burakov; +Cc: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty On Thu, Feb 12, 2026 at 12:53:26PM +0000, Anatoly Burakov wrote: > When parsing IPsec flows, we access the `conf` pointer unconditionally, > even though it might be NULL. Fix by adding the check. > > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") > Cc: radu.nicolau@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- Acked-by: Bruce Richardson <bruce.richardson@intel.com> > drivers/net/intel/ixgbe/ixgbe_flow.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c > index 90072e757e..81b983ce69 100644 > --- a/drivers/net/intel/ixgbe/ixgbe_flow.c > +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c > @@ -221,6 +221,13 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr, > act = next_no_void_action(actions, NULL); > if (act->type == RTE_FLOW_ACTION_TYPE_SECURITY) { > const void *conf = act->conf; > + > + if (conf == NULL) { > + rte_flow_error_set(error, EINVAL, > + RTE_FLOW_ERROR_TYPE_ACTION_CONF, > + act, "NULL security conf."); > + return -rte_errno; > + } > /* check if the next not void item is END */ > act = next_no_void_action(actions, act); > if (act->type != RTE_FLOW_ACTION_TYPE_END) { > -- > 2.47.3 > ^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec 2026-02-12 12:53 ` [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov 2026-02-12 17:13 ` Bruce Richardson @ 2026-02-12 17:19 ` Radu Nicolau 1 sibling, 0 replies; 83+ messages in thread From: Radu Nicolau @ 2026-02-12 17:19 UTC (permalink / raw) To: Anatoly Burakov, dev, Vladimir Medvedkin, Declan Doherty On 12-Feb-26 12:53 PM, Anatoly Burakov wrote: > When parsing IPsec flows, we access the `conf` pointer unconditionally, > even though it might be NULL. Fix by adding the check. > > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") > Cc: radu.nicolau@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- Acked-by: Radu Nicolau <radu.nicolau@intel.com> ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v5 04/12] net/ixgbe: fix potential null dereference in IPsec 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (2 preceding siblings ...) 2026-02-12 12:53 ` [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov @ 2026-02-12 12:53 ` Anatoly Burakov 2026-02-12 17:15 ` Bruce Richardson 2026-02-12 17:19 ` Radu Nicolau 2026-02-12 12:53 ` [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov ` (7 subsequent siblings) 11 siblings, 2 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty Currently, IPsec flow parser will look for IPv4 flow item in the pattern, and then pass it to IPsec SA flow function. However, we do not check if the spec pointer is actually valid. Fix by adding the check. Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/ixgbe/ixgbe_flow.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 81b983ce69..90a24806d2 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -251,6 +251,12 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr, } item = next_no_void_pattern(pattern, item); } + if (item->spec == NULL) { + rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM_SPEC, item, + "NULL IP pattern."); + return -rte_errno; + } filter->proto = IPPROTO_ESP; return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v5 04/12] net/ixgbe: fix potential null dereference in IPsec 2026-02-12 12:53 ` [PATCH v5 04/12] " Anatoly Burakov @ 2026-02-12 17:15 ` Bruce Richardson 2026-02-12 17:19 ` Radu Nicolau 1 sibling, 0 replies; 83+ messages in thread From: Bruce Richardson @ 2026-02-12 17:15 UTC (permalink / raw) To: Anatoly Burakov; +Cc: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty On Thu, Feb 12, 2026 at 12:53:27PM +0000, Anatoly Burakov wrote: > Currently, IPsec flow parser will look for IPv4 flow item in the pattern, > and then pass it to IPsec SA flow function. However, we do not check if the > spec pointer is actually valid. Fix by adding the check. > > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") > Cc: radu.nicolau@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- Acked-by: Bruce Richardson <bruce.richardson@intel.com> > drivers/net/intel/ixgbe/ixgbe_flow.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c > index 81b983ce69..90a24806d2 100644 > --- a/drivers/net/intel/ixgbe/ixgbe_flow.c > +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c > @@ -251,6 +251,12 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr, > } > item = next_no_void_pattern(pattern, item); > } > + if (item->spec == NULL) { > + rte_flow_error_set(error, EINVAL, > + RTE_FLOW_ERROR_TYPE_ITEM_SPEC, item, > + "NULL IP pattern."); > + return -rte_errno; > + } > > filter->proto = IPPROTO_ESP; > return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec, > -- > 2.47.3 > ^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 04/12] net/ixgbe: fix potential null dereference in IPsec 2026-02-12 12:53 ` [PATCH v5 04/12] " Anatoly Burakov 2026-02-12 17:15 ` Bruce Richardson @ 2026-02-12 17:19 ` Radu Nicolau 1 sibling, 0 replies; 83+ messages in thread From: Radu Nicolau @ 2026-02-12 17:19 UTC (permalink / raw) To: Anatoly Burakov, dev, Vladimir Medvedkin, Declan Doherty On 12-Feb-26 12:53 PM, Anatoly Burakov wrote: > Currently, IPsec flow parser will look for IPv4 flow item in the pattern, > and then pass it to IPsec SA flow function. However, we do not check if the > spec pointer is actually valid. Fix by adding the check. > > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") > Cc: radu.nicolau@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- Acked-by: Radu Nicolau <radu.nicolau@intel.com> ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (3 preceding siblings ...) 2026-02-12 12:53 ` [PATCH v5 04/12] " Anatoly Burakov @ 2026-02-12 12:53 ` Anatoly Burakov 2026-02-12 14:50 ` Burakov, Anatoly 2026-02-12 17:18 ` Radu Nicolau 2026-02-12 12:53 ` [PATCH v5 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov ` (6 subsequent siblings) 11 siblings, 2 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty The original IPsec "add SA from flow" function expected a void* pointer to security session as its first argument. However, the actual code was not passing that, instead it passed `rte_flow_action_security` which was a *container* for security session pointer. Fix it by passing correct pointer type, as well as make typing more explicit to let compiler catch such bugs in the future. Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> --- drivers/net/intel/ixgbe/ixgbe_flow.c | 14 ++++++++++++-- drivers/net/intel/ixgbe/ixgbe_ipsec.c | 19 +++++++------------ drivers/net/intel/ixgbe/ixgbe_ipsec.h | 16 +++++++++++++--- 3 files changed, 32 insertions(+), 17 deletions(-) diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 90a24806d2..461fcf0857 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -221,6 +221,8 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr, act = next_no_void_action(actions, NULL); if (act->type == RTE_FLOW_ACTION_TYPE_SECURITY) { const void *conf = act->conf; + const struct rte_flow_action_security *sec_act; + struct ip_spec spec; if (conf == NULL) { rte_flow_error_set(error, EINVAL, @@ -259,8 +261,16 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr, } filter->proto = IPPROTO_ESP; - return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec, - item->type == RTE_FLOW_ITEM_TYPE_IPV6); + sec_act = (const struct rte_flow_action_security *)conf; + spec.is_ipv6 = item->type == RTE_FLOW_ITEM_TYPE_IPV6; + if (spec.is_ipv6) { + const struct rte_flow_item_ipv6 *ipv6 = item->spec; + spec.spec.ipv6 = *ipv6; + } else { + const struct rte_flow_item_ipv4 *ipv4 = item->spec; + spec.spec.ipv4 = *ipv4; + } + return ixgbe_crypto_add_ingress_sa_from_flow(sec_act->security_session, &spec); } #endif diff --git a/drivers/net/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/intel/ixgbe/ixgbe_ipsec.c index df0964a51d..f76ce5b3ee 100644 --- a/drivers/net/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/intel/ixgbe/ixgbe_ipsec.c @@ -664,20 +664,15 @@ ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev) } int -ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, - const void *ip_spec, - uint8_t is_ipv6) +ixgbe_crypto_add_ingress_sa_from_flow(struct rte_security_session *sess, + const struct ip_spec *spec) { - /** - * FIXME Updating the session priv data when the session is const. - * Typecasting done here is wrong and the implementation need to be corrected. - */ - struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t) - ((const struct rte_security_session *)sess)->driver_priv_data; + struct ixgbe_crypto_session *ic_session = + RTE_CAST_PTR(struct ixgbe_crypto_session *, sess->driver_priv_data); if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) { - if (is_ipv6) { - const struct rte_flow_item_ipv6 *ipv6 = ip_spec; + if (spec->is_ipv6) { + const struct rte_flow_item_ipv6 *ipv6 = &spec->spec.ipv6; ic_session->src_ip.type = IPv6; ic_session->dst_ip.type = IPv6; rte_memcpy(ic_session->src_ip.ipv6, @@ -685,7 +680,7 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, rte_memcpy(ic_session->dst_ip.ipv6, &ipv6->hdr.dst_addr, 16); } else { - const struct rte_flow_item_ipv4 *ipv4 = ip_spec; + const struct rte_flow_item_ipv4 *ipv4 = &spec->spec.ipv4; ic_session->src_ip.type = IPv4; ic_session->dst_ip.type = IPv4; ic_session->src_ip.ipv4 = ipv4->hdr.src_addr; diff --git a/drivers/net/intel/ixgbe/ixgbe_ipsec.h b/drivers/net/intel/ixgbe/ixgbe_ipsec.h index be39199be1..e7c7186264 100644 --- a/drivers/net/intel/ixgbe/ixgbe_ipsec.h +++ b/drivers/net/intel/ixgbe/ixgbe_ipsec.h @@ -6,6 +6,9 @@ #define IXGBE_IPSEC_H_ #include <rte_security.h> +#include <rte_security_driver.h> + +#include <rte_flow.h> #define IPSRXIDX_RX_EN 0x00000001 #define IPSRXIDX_TABLE_IP 0x00000002 @@ -109,9 +112,16 @@ struct ixgbe_ipsec { int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev); int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev); -int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, - const void *ip_spec, - uint8_t is_ipv6); + +struct ip_spec { + bool is_ipv6; + union { + struct rte_flow_item_ipv4 ipv4; + struct rte_flow_item_ipv6 ipv6; + } spec; +}; +int ixgbe_crypto_add_ingress_sa_from_flow(struct rte_security_session *sess, + const struct ip_spec *ip_spec); -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec 2026-02-12 12:53 ` [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov @ 2026-02-12 14:50 ` Burakov, Anatoly 2026-02-12 17:17 ` Bruce Richardson 2026-02-12 17:18 ` Radu Nicolau 1 sibling, 1 reply; 83+ messages in thread From: Burakov, Anatoly @ 2026-02-12 14:50 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty On 2/12/2026 1:53 PM, Anatoly Burakov wrote: > The original IPsec "add SA from flow" function expected a void* pointer to > security session as its first argument. However, the actual code was not > passing that, instead it passed `rte_flow_action_security` which was a > *container* for security session pointer. > > Fix it by passing correct pointer type, as well as make typing more > explicit to let compiler catch such bugs in the future. > > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") > Cc: radu.nicolau@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- <snip> > + const struct ip_spec *spec) > { > - /** > - * FIXME Updating the session priv data when the session is const. > - * Typecasting done here is wrong and the implementation need to be corrected. > - */ > - struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t) > - ((const struct rte_security_session *)sess)->driver_priv_data; > + struct ixgbe_crypto_session *ic_session = > + RTE_CAST_PTR(struct ixgbe_crypto_session *, sess->driver_priv_data); Despite being removed, the comment is still true. This is an artifact of how we get the crypto session (it comes from security rte_flow action, which is const). I suppose this could be fixed by looking up the security session by pointer, but this would quickly get out of hand if we have a lot of security sessions, so there's not much choice other than to cast away the constness here. Ideas are welcome though! -- Thanks, Anatoly ^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec 2026-02-12 14:50 ` Burakov, Anatoly @ 2026-02-12 17:17 ` Bruce Richardson 2026-02-12 17:21 ` Radu Nicolau 0 siblings, 1 reply; 83+ messages in thread From: Bruce Richardson @ 2026-02-12 17:17 UTC (permalink / raw) To: Burakov, Anatoly; +Cc: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty On Thu, Feb 12, 2026 at 03:50:26PM +0100, Burakov, Anatoly wrote: > On 2/12/2026 1:53 PM, Anatoly Burakov wrote: > > The original IPsec "add SA from flow" function expected a void* pointer to > > security session as its first argument. However, the actual code was not > > passing that, instead it passed `rte_flow_action_security` which was a > > *container* for security session pointer. > > > > Fix it by passing correct pointer type, as well as make typing more > > explicit to let compiler catch such bugs in the future. > > > > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") > > Cc: radu.nicolau@intel.com > > Cc: stable@dpdk.org > > > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > > --- > > <snip> > > > + const struct ip_spec *spec) > > { > > - /** > > - * FIXME Updating the session priv data when the session is const. > > - * Typecasting done here is wrong and the implementation need to be corrected. > > - */ > > - struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t) > > - ((const struct rte_security_session *)sess)->driver_priv_data; > > + struct ixgbe_crypto_session *ic_session = > > + RTE_CAST_PTR(struct ixgbe_crypto_session *, sess->driver_priv_data); > > Despite being removed, the comment is still true. This is an artifact of how > we get the crypto session (it comes from security rte_flow action, which is > const). > Why not keep the comment then? ^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec 2026-02-12 17:17 ` Bruce Richardson @ 2026-02-12 17:21 ` Radu Nicolau 2026-02-13 8:40 ` Burakov, Anatoly 0 siblings, 1 reply; 83+ messages in thread From: Radu Nicolau @ 2026-02-12 17:21 UTC (permalink / raw) To: Bruce Richardson, Burakov, Anatoly Cc: dev, Vladimir Medvedkin, Declan Doherty On 12-Feb-26 5:17 PM, Bruce Richardson wrote: > On Thu, Feb 12, 2026 at 03:50:26PM +0100, Burakov, Anatoly wrote: >> On 2/12/2026 1:53 PM, Anatoly Burakov wrote: >>> The original IPsec "add SA from flow" function expected a void* pointer to >>> security session as its first argument. However, the actual code was not >>> passing that, instead it passed `rte_flow_action_security` which was a >>> *container* for security session pointer. >>> >>> Fix it by passing correct pointer type, as well as make typing more >>> explicit to let compiler catch such bugs in the future. >>> >>> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") >>> Cc: radu.nicolau@intel.com >>> Cc: stable@dpdk.org >>> >>> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> >>> --- >> <snip> >> >>> + const struct ip_spec *spec) >>> { >>> - /** >>> - * FIXME Updating the session priv data when the session is const. >>> - * Typecasting done here is wrong and the implementation need to be corrected. >>> - */ >>> - struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t) >>> - ((const struct rte_security_session *)sess)->driver_priv_data; >>> + struct ixgbe_crypto_session *ic_session = >>> + RTE_CAST_PTR(struct ixgbe_crypto_session *, sess->driver_priv_data); >> Despite being removed, the comment is still true. This is an artifact of how >> we get the crypto session (it comes from security rte_flow action, which is >> const). >> > Why not keep the comment then? Probably it's best to explain why we cast away the const, but not include the FIXME or TODO tag anymore. ^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec 2026-02-12 17:21 ` Radu Nicolau @ 2026-02-13 8:40 ` Burakov, Anatoly 0 siblings, 0 replies; 83+ messages in thread From: Burakov, Anatoly @ 2026-02-13 8:40 UTC (permalink / raw) To: Radu Nicolau, Bruce Richardson; +Cc: dev, Vladimir Medvedkin, Declan Doherty On 2/12/2026 6:21 PM, Radu Nicolau wrote: > > On 12-Feb-26 5:17 PM, Bruce Richardson wrote: >> On Thu, Feb 12, 2026 at 03:50:26PM +0100, Burakov, Anatoly wrote: >>> On 2/12/2026 1:53 PM, Anatoly Burakov wrote: >>>> The original IPsec "add SA from flow" function expected a void* >>>> pointer to >>>> security session as its first argument. However, the actual code was >>>> not >>>> passing that, instead it passed `rte_flow_action_security` which was a >>>> *container* for security session pointer. >>>> >>>> Fix it by passing correct pointer type, as well as make typing more >>>> explicit to let compiler catch such bugs in the future. >>>> >>>> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") >>>> Cc: radu.nicolau@intel.com >>>> Cc: stable@dpdk.org >>>> >>>> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> >>>> --- >>> <snip> >>> >>>> + const struct ip_spec *spec) >>>> { >>>> - /** >>>> - * FIXME Updating the session priv data when the session is const. >>>> - * Typecasting done here is wrong and the implementation need >>>> to be corrected. >>>> - */ >>>> - struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t) >>>> - ((const struct rte_security_session *)sess)- >>>> >driver_priv_data; >>>> + struct ixgbe_crypto_session *ic_session = >>>> + RTE_CAST_PTR(struct ixgbe_crypto_session *, sess- >>>> >driver_priv_data); >>> Despite being removed, the comment is still true. This is an artifact >>> of how >>> we get the crypto session (it comes from security rte_flow action, >>> which is >>> const). >>> >> Why not keep the comment then? > Probably it's best to explain why we cast away the const, but not > include the FIXME or TODO tag anymore. The removal was accidental, I'll add it back in v6 -- Thanks, Anatoly ^ permalink raw reply [flat|nested] 83+ messages in thread
* Re: [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling in IPsec 2026-02-12 12:53 ` [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov 2026-02-12 14:50 ` Burakov, Anatoly @ 2026-02-12 17:18 ` Radu Nicolau 1 sibling, 0 replies; 83+ messages in thread From: Radu Nicolau @ 2026-02-12 17:18 UTC (permalink / raw) To: Anatoly Burakov, dev, Vladimir Medvedkin, Declan Doherty On 12-Feb-26 12:53 PM, Anatoly Burakov wrote: > The original IPsec "add SA from flow" function expected a void* pointer to > security session as its first argument. However, the actual code was not > passing that, instead it passed `rte_flow_action_security` which was a > *container* for security session pointer. > > Fix it by passing correct pointer type, as well as make typing more > explicit to let compiler catch such bugs in the future. > > Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") > Cc: radu.nicolau@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> > --- Acked-by: Radu Nicolau <radu.nicolau@intel.com> ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v5 06/12] net/i40e: move FDIR config to flow create 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (4 preceding siblings ...) 2026-02-12 12:53 ` [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov @ 2026-02-12 12:53 ` Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov ` (5 subsequent siblings) 11 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw) To: dev, Bruce Richardson, Xiaoyun Li, Beilei Xing Currently, FDIR filter parsing function will modify FDIR state after a successful match. However, this function is called from both flow create and flow validate, which results in the driver modifying FDIR state after a flow validate call. Move the FDIR config to flow create. Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++---------------- 1 file changed, 23 insertions(+), 28 deletions(-) diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c index f130f53ae0..193b1b6725 100644 --- a/drivers/net/intel/i40e/i40e_flow.c +++ b/drivers/net/intel/i40e/i40e_flow.c @@ -2551,9 +2551,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev, struct rte_flow_error *error, union i40e_filter_t *filter) { - struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private); - struct i40e_fdir_filter_conf *fdir_filter = - &filter->fdir_filter; + struct i40e_fdir_filter_conf *fdir_filter = &filter->fdir_filter; int ret; ret = i40e_flow_parse_fdir_pattern(dev, pattern, error, fdir_filter); @@ -2570,32 +2568,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev, cons_filter_type = RTE_ETH_FILTER_FDIR; - if (pf->fdir.fdir_vsi == NULL) { - /* Enable fdir when fdir flow is added at first time. */ - ret = i40e_fdir_setup(pf); - if (ret != I40E_SUCCESS) { - rte_flow_error_set(error, ENOTSUP, - RTE_FLOW_ERROR_TYPE_HANDLE, - NULL, "Failed to setup fdir."); - return -rte_errno; - } - ret = i40e_fdir_configure(dev); - if (ret < 0) { - rte_flow_error_set(error, ENOTSUP, - RTE_FLOW_ERROR_TYPE_HANDLE, - NULL, "Failed to configure fdir."); - goto err; - } - } - - /* If create the first fdir rule, enable fdir check for rx queues */ - if (TAILQ_EMPTY(&pf->fdir.fdir_list)) - i40e_fdir_rx_proc_enable(dev, 1); - return 0; -err: - i40e_fdir_teardown(pf); - return -rte_errno; } /* Parse to get the action info of a tunnel filter @@ -3921,6 +3894,28 @@ i40e_flow_create(struct rte_eth_dev *dev, return NULL; if (cons_filter_type == RTE_ETH_FILTER_FDIR) { + /* if this is the first time we're creating an fdir flow */ + if (pf->fdir.fdir_vsi == NULL) { + ret = i40e_fdir_setup(pf); + if (ret != I40E_SUCCESS) { + rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_HANDLE, + NULL, "Failed to setup fdir."); + return NULL; + } + ret = i40e_fdir_configure(dev); + if (ret < 0) { + rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_HANDLE, + NULL, "Failed to configure fdir."); + i40e_fdir_teardown(pf); + return NULL; + } + } + /* If create the first fdir rule, enable fdir check for rx queues */ + if (TAILQ_EMPTY(&pf->fdir.fdir_list)) + i40e_fdir_rx_proc_enable(dev, 1); + flow = i40e_fdir_entry_pool_get(fdir_info); if (flow == NULL) { rte_flow_error_set(error, ENOBUFS, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 07/12] net/i40e: fix IPv6 GTPU handling 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (5 preceding siblings ...) 2026-02-12 12:53 ` [PATCH v5 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov @ 2026-02-12 12:53 ` Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov ` (4 subsequent siblings) 11 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw) To: dev, Bruce Richardson, Beilei Xing, Jingjing Wu GTP tunnel code declares support for IPv6 GTPU flows but does not actually handle IPv6 flow pattern item, resulting in incorrect parsing for IPv6 GTPU flows. Add IPv6 flow item handling. Fixes: 47ba0398da3f ("net/i40e: add cloud filter parsing function for GTP") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/i40e/i40e_flow.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c index 193b1b6725..2374b9bbca 100644 --- a/drivers/net/intel/i40e/i40e_flow.c +++ b/drivers/net/intel/i40e/i40e_flow.c @@ -3580,6 +3580,19 @@ i40e_flow_parse_gtp_pattern(struct rte_eth_dev *dev, return -rte_errno; } break; + case RTE_FLOW_ITEM_TYPE_IPV6: + filter->ip_type = I40E_TUNNEL_IPTYPE_IPV6; + /* IPv6 is used to describe protocol, + * spec and mask should be NULL. + */ + if (item->spec || item->mask) { + rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, + item, + "Invalid IPv6 item"); + return -rte_errno; + } + break; case RTE_FLOW_ITEM_TYPE_UDP: if (item->spec || item->mask) { rte_flow_error_set(error, EINVAL, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 08/12] net/iavf: fix memory leak on egress IPsec flows 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (6 preceding siblings ...) 2026-02-12 12:53 ` [PATCH v5 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov @ 2026-02-12 12:53 ` Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov ` (3 subsequent siblings) 11 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Abhijit Sinha, Jingjing Wu, Radu Nicolau, Declan Doherty When creating egress IPsec flows, no action need to be done in hardware, as this is just a software association. However, because we do not write anything to the rte_flow entry, subsequent destroy call will not destroy this kind of flow, because it expects a valid engine to be set for every flow. This results in memory unable to be freed back to the system. In addition to that, when creating these flows, we do not actually store the rte_flow pointer anywhere, so even if the user has triggered `uninit` (which would have freed the flow), this flow isn't in the list so it would never get freed. Fix this by marking the flow as egress IPsec flows, adding it to the tailq, and changing the `destroy` code to take all of that into account. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++----- drivers/net/intel/iavf/iavf_generic_flow.h | 1 + 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c index 6f6e95fc45..02917f863d 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.c +++ b/drivers/net/intel/iavf/iavf_generic_flow.c @@ -2265,8 +2265,10 @@ iavf_flow_create(struct rte_eth_dev *dev, } /* Special case for inline crypto egress flows */ - if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) - goto free_flow; + if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) { + flow->is_ipsec_egress_flow = true; + goto tailq_insert; + } ret = iavf_flow_process_filter(dev, flow, attr, pattern, actions, &engine, iavf_parse_engine_create, error); @@ -2278,6 +2280,7 @@ iavf_flow_create(struct rte_eth_dev *dev, } flow->engine = engine; +tailq_insert: rte_spinlock_lock(&vf->flow_ops_lock); TAILQ_INSERT_TAIL(&vf->flow_list, flow, node); rte_spinlock_unlock(&vf->flow_ops_lock); @@ -2293,7 +2296,14 @@ iavf_flow_is_valid(struct rte_flow *flow) struct iavf_flow_engine *engine; void *temp; - if (flow && flow->engine) { + if (flow == NULL) + return false; + + /* these flows don't use engines */ + if (flow->is_ipsec_egress_flow) + return true; + + if (flow->engine) { RTE_TAILQ_FOREACH_SAFE(engine, &engine_list, node, temp) { if (engine == flow->engine) return true; @@ -2311,18 +2321,26 @@ iavf_flow_destroy(struct rte_eth_dev *dev, struct iavf_adapter *ad = IAVF_DEV_PRIVATE_TO_ADAPTER(dev->data->dev_private); struct iavf_info *vf = IAVF_DEV_PRIVATE_TO_VF(ad); + bool need_destroy; int ret = 0; - if (!iavf_flow_is_valid(flow) || !flow->engine->destroy) { + if (!iavf_flow_is_valid(flow)) { rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_HANDLE, NULL, "Invalid flow destroy"); return -rte_errno; } + need_destroy = !flow->is_ipsec_egress_flow; + + if (need_destroy && flow->engine->destroy == NULL) { + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_HANDLE, NULL, + "Invalid flow destroy"); + } rte_spinlock_lock(&vf->flow_ops_lock); - - ret = flow->engine->destroy(ad, flow, error); + if (need_destroy) + ret = flow->engine->destroy(ad, flow, error); if (!ret) { TAILQ_REMOVE(&vf->flow_list, flow, node); diff --git a/drivers/net/intel/iavf/iavf_generic_flow.h b/drivers/net/intel/iavf/iavf_generic_flow.h index 60d8ab02b4..b11bb4cf2b 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.h +++ b/drivers/net/intel/iavf/iavf_generic_flow.h @@ -517,6 +517,7 @@ TAILQ_HEAD(iavf_engine_list, iavf_flow_engine); /* Struct to store flow created. */ struct rte_flow { TAILQ_ENTRY(rte_flow) node; + bool is_ipsec_egress_flow; struct iavf_flow_engine *engine; void *rule; }; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 09/12] net/iavf: fix memory leak on uninit 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (7 preceding siblings ...) 2026-02-12 12:53 ` [PATCH v5 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov @ 2026-02-12 12:53 ` Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov ` (2 subsequent siblings) 11 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Jingjing Wu, Abhijit Sinha, Declan Doherty, Radu Nicolau When IPsec is initialized, parsers and engines are registered into the common infrastructure. However, during deinitialization, they are not cleaned up. Fix it by including IPsec engines in the cleanup. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c index 02917f863d..42ecc90d1d 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.c +++ b/drivers/net/intel/iavf/iavf_generic_flow.c @@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad) TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node); rte_free(p_parser); } + + while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) { + TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node); + rte_free(p_parser); + } } int @@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser, else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) || (parser->engine->type == IAVF_FLOW_ENGINE_FSUB)) list = &vf->dist_parser_list; + else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO) + list = &vf->ipsec_crypto_parser_list; if (list == NULL) return; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 10/12] net/iavf: fix IPv4 flow subscription 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (8 preceding siblings ...) 2026-02-12 12:53 ` [PATCH v5 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov @ 2026-02-12 12:53 ` Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov 11 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Qi Zhang, Jie Wang Currently, when IPv4 is parsed as part of flow subscription input set, we add two bytes to the total number of bytes in the input set for IPv4 source or destination addresses, whereas they should be 4 bytes. Fix to add the correct number of bytes. Fixes: 6d42380e5983 ("net/iavf: add flow subscrption supported pattern") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/iavf/iavf_fsub.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/intel/iavf/iavf_fsub.c b/drivers/net/intel/iavf/iavf_fsub.c index 18df9c6500..cf1030320f 100644 --- a/drivers/net/intel/iavf/iavf_fsub.c +++ b/drivers/net/intel/iavf/iavf_fsub.c @@ -314,11 +314,11 @@ iavf_fsub_parse_pattern(const struct rte_flow_item pattern[], if (ipv4_mask->hdr.src_addr) { *input |= IAVF_INSET_IPV4_SRC; - input_set_byte += 2; + input_set_byte += 4; } if (ipv4_mask->hdr.dst_addr) { *input |= IAVF_INSET_IPV4_DST; - input_set_byte += 2; + input_set_byte += 4; } if (ipv4_mask->hdr.time_to_live) { *input |= IAVF_INSET_IPV4_TTL; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 11/12] net/ice: fix memory leak in DCF QoS bandwidth config 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (9 preceding siblings ...) 2026-02-12 12:53 ` [PATCH v5 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov @ 2026-02-12 12:53 ` Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov 11 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw) To: dev, Bruce Richardson, Qiming Yang, Qi Zhang, Ting Xu Currently, when committing DCF QoS bandwidth configuration for VFs and TCs, we are using rte_zmalloc followed by copying the data to persistent storage and then discarding the temporary buffers. This is not needed as these temporary buffers are not being stored anywhere, so replace them with regular calloc. However, because the original code was missing a corresponding `rte_free()` call for these temporary allocations, this also fixes a memory leak. Fixes: 3a6bfc37eaf4 ("net/ice: support QoS config VF bandwidth in DCF") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/ice/ice_dcf_sched.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/net/intel/ice/ice_dcf_sched.c b/drivers/net/intel/ice/ice_dcf_sched.c index 2832d223d1..948774a282 100644 --- a/drivers/net/intel/ice/ice_dcf_sched.c +++ b/drivers/net/intel/ice/ice_dcf_sched.c @@ -1,6 +1,8 @@ /* SPDX-License-Identifier: BSD-3-Clause * Copyright(c) 2010-2017 Intel Corporation */ +#include <stdlib.h> + #include <rte_tm_driver.h> #include "base/ice_sched.h" @@ -746,8 +748,8 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, { struct ice_dcf_adapter *adapter = dev->data->dev_private; struct ice_dcf_hw *hw = &adapter->real_hw; - struct virtchnl_dcf_bw_cfg_list *vf_bw; - struct virtchnl_dcf_bw_cfg_list *tc_bw; + struct virtchnl_dcf_bw_cfg_list *vf_bw = NULL; + struct virtchnl_dcf_bw_cfg_list *tc_bw = NULL; struct ice_dcf_tm_node_list *vsi_list = &hw->tm_conf.vsi_list; struct rte_tm_shaper_params *profile; struct ice_dcf_tm_node *tm_node; @@ -770,12 +772,12 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, size = sizeof(struct virtchnl_dcf_bw_cfg_list) + sizeof(struct virtchnl_dcf_bw_cfg) * (hw->tm_conf.nb_tc_node - 1); - vf_bw = rte_zmalloc("vf_bw", size, 0); + vf_bw = calloc(1, size); if (!vf_bw) { ret_val = ICE_ERR_NO_MEMORY; goto fail_clear; } - tc_bw = rte_zmalloc("tc_bw", size, 0); + tc_bw = calloc(1, size); if (!tc_bw) { ret_val = ICE_ERR_NO_MEMORY; goto fail_clear; @@ -875,6 +877,11 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, return ret_val; fail_clear: + if (vf_bw != NULL) + free(vf_bw); + if (tc_bw != NULL) + free(tc_bw); + /* clear all the traffic manager configuration */ if (clear_on_fail) { ice_dcf_tm_conf_uninit(dev); -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v5 12/12] net/ice: fix memory leak in FDIR flow parsing 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (10 preceding siblings ...) 2026-02-12 12:53 ` [PATCH v5 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov @ 2026-02-12 12:53 ` Anatoly Burakov 11 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-12 12:53 UTC (permalink / raw) To: dev, Bruce Richardson, Junfeng Guo, Qi Zhang Currently, RAW pattern parsing will cause a `pkt_buf` buffer to be allocated to store parsed RAW pattern bytes. All error paths handle the deallocation correctly, and the buffer will then be passed to FDIR filter create function which also handles the presence of the buffer correctly, and it is also freed correctly in destroy function. However, rte_flow_validate will go through the same code path, but will not call FDIR create/destroy nor even store the pointer, because `meta` variable inside the flow parsing function will be set to NULL, which will cause this memory to be leaked (and memset(0)-ed next time we try to create/validate another flow). Fix it by freeing the `pkt_buf` when `meta` is NULL. Additionally, the initial allocation was done using `ice_malloc` macro. It does not affect anything as `ice_malloc` translates to `rte_zmalloc` anyway but for consistency, change the allocation to `rte_zmalloc` as well. Fixes: 25be39cc1760 ("net/ice: enable protocol agnostic flow offloading in FDIR") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/ice/ice_fdir_filter.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/net/intel/ice/ice_fdir_filter.c b/drivers/net/intel/ice/ice_fdir_filter.c index f7730ec6ab..da22b65a77 100644 --- a/drivers/net/intel/ice/ice_fdir_filter.c +++ b/drivers/net/intel/ice/ice_fdir_filter.c @@ -1938,7 +1938,7 @@ ice_fdir_parse_pattern(__rte_unused struct ice_adapter *ad, goto raw_error; } - u8 *pkt_buf = (u8 *)ice_malloc(&ad->hw, pkt_len + 1); + u8 *pkt_buf = (u8 *)rte_zmalloc("raw pkt buf", pkt_len + 1, 0); if (!pkt_buf) { ret_val = -ENOMEM; goto raw_error; @@ -2497,8 +2497,12 @@ ice_fdir_parse(struct ice_adapter *ad, if (ret) goto error; - if (meta) + /* if meta is NULL we're validating so the flow won't be stored */ + if (meta) { *meta = filter; + } else if (filter->pkt_buf != NULL) { + rte_free(filter->pkt_buf); + } rte_free(item); return ret; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's 2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov ` (6 preceding siblings ...) 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov @ 2026-02-13 9:10 ` Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov ` (12 more replies) 7 siblings, 13 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw) To: dev Various bug fixes for Intel IXGBE, I40E, ICE, and IAVF drivers v1 -> v2: - Added patches [1] [2] that were previously sent separately - Added patch fixing leak in DCF config v2 -> v3: - Added patch fixing leak in FDIR parser v3 -> v4: - Reordered patchsets by driver - Added patch to fix ixgbe security flow memory leak v4 -> v5: - Fixed build issues in DCF patch - Added three more patches to fix various bugs in IPsec v5 -> v6: - Brought back comment about constness and moved it to where casting away actually happens [1] https://patches.dpdk.org/project/dpdk/patch/fbd32a8a688fd0ed90fcf497703edcc30f69d54d.1770643356.git.anatoly.burakov@intel.com/ [2] https://patches.dpdk.org/project/dpdk/patch/ab4f8d8cf24dcd18f0dd6da3359266083f31d789.1770642901.git.anatoly.burakov@intel.com/ Anatoly Burakov (12): net/ixgbe: add missing E610 MAC type checks net/ixgbe: fix memory leak in security flows net/ixgbe: fix potential null dereference in IPsec net/ixgbe: fix potential null dereference in IPsec net/ixgbe: fix wrong pointer handling in IPsec net/i40e: move FDIR config to flow create net/i40e: fix IPv6 GTPU handling net/iavf: fix memory leak on egress IPsec flows net/iavf: fix memory leak on uninit net/iavf: fix IPv4 flow subscription net/ice: fix memory leak in DCF QoS bandwidth config net/ice: fix memory leak in FDIR flow parsing drivers/net/intel/i40e/i40e_flow.c | 64 ++++++++++++---------- drivers/net/intel/iavf/iavf_fsub.c | 4 +- drivers/net/intel/iavf/iavf_generic_flow.c | 37 +++++++++++-- drivers/net/intel/iavf/iavf_generic_flow.h | 1 + drivers/net/intel/ice/ice_dcf_sched.c | 15 +++-- drivers/net/intel/ice/ice_fdir_filter.c | 8 ++- drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +-- drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++---- drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 + drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 ++- drivers/net/intel/ixgbe/ixgbe_flow.c | 53 ++++++++++++++++-- drivers/net/intel/ixgbe/ixgbe_ipsec.c | 18 ++---- drivers/net/intel/ixgbe/ixgbe_ipsec.h | 16 +++++- drivers/net/intel/ixgbe/ixgbe_pf.c | 5 +- drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++-- 15 files changed, 194 insertions(+), 88 deletions(-) -- 2.47.3 ^ permalink raw reply [flat|nested] 83+ messages in thread
* [PATCH v6 01/12] net/ixgbe: add missing E610 MAC type checks 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov @ 2026-02-13 9:10 ` Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov ` (11 subsequent siblings) 12 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Carolyn Wyborny, Piotr Kwapulinski, Jedrzej Jagielski A few E610 MAC type checks were missing (verified using E610 datasheet). Fixes: 316637762a5f ("net/ixgbe/base: enable E610 device") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> Reviewed-by: Piotr Kwapulinski <piotr.kwapulinski@intel.com> --- drivers/net/intel/ixgbe/ixgbe_bypass_api.h | 8 +----- drivers/net/intel/ixgbe/ixgbe_ethdev.c | 29 ++++++++++++++-------- drivers/net/intel/ixgbe/ixgbe_fdir.c | 8 +++--- drivers/net/intel/ixgbe/ixgbe_flow.c | 3 ++- drivers/net/intel/ixgbe/ixgbe_pf.c | 5 ++-- drivers/net/intel/ixgbe/ixgbe_rxtx.c | 14 +++++++---- 6 files changed, 39 insertions(+), 28 deletions(-) diff --git a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h index 6ef965dbb6..eb73bc8b17 100644 --- a/drivers/net/intel/ixgbe/ixgbe_bypass_api.h +++ b/drivers/net/intel/ixgbe/ixgbe_bypass_api.h @@ -40,16 +40,10 @@ static s32 ixgbe_bypass_rw_generic(struct ixgbe_hw *hw, u32 cmd, u32 *status) dir_sdo = IXGBE_ESDP_SDP6_DIR; break; case ixgbe_mac_X540: - sck = IXGBE_ESDP_SDP2; - sdi = IXGBE_ESDP_SDP0; - sdo = IXGBE_ESDP_SDP1; - dir_sck = IXGBE_ESDP_SDP2_DIR; - dir_sdi = IXGBE_ESDP_SDP0_DIR; - dir_sdo = IXGBE_ESDP_SDP1_DIR; - break; case ixgbe_mac_X550: case ixgbe_mac_X550EM_x: case ixgbe_mac_X550EM_a: + case ixgbe_mac_E610: sck = IXGBE_ESDP_SDP2; sdi = IXGBE_ESDP_SDP0; sdo = IXGBE_ESDP_SDP1; diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.c b/drivers/net/intel/ixgbe/ixgbe_ethdev.c index 89a799762f..11500a923c 100644 --- a/drivers/net/intel/ixgbe/ixgbe_ethdev.c +++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.c @@ -911,7 +911,8 @@ ixgbe_dev_queue_stats_mapping_set(struct rte_eth_dev *eth_dev, (hw->mac.type != ixgbe_mac_X540) && (hw->mac.type != ixgbe_mac_X550) && (hw->mac.type != ixgbe_mac_X550EM_x) && - (hw->mac.type != ixgbe_mac_X550EM_a)) + (hw->mac.type != ixgbe_mac_X550EM_a) && + (hw->mac.type != ixgbe_mac_E610)) return -ENOSYS; PMD_INIT_LOG(DEBUG, "Setting port %d, %s queue_id %d to stat index %d", @@ -2134,10 +2135,11 @@ ixgbe_vlan_hw_extend_enable(struct rte_eth_dev *dev) ctrl |= IXGBE_EXTENDED_VLAN; IXGBE_WRITE_REG(hw, IXGBE_CTRL_EXT, ctrl); - /* Clear pooling mode of PFVTCTL. It's required by X550. */ + /* Clear pooling mode of PFVTCTL. It's required by X550 and E610. */ if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) { + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) { ctrl = IXGBE_READ_REG(hw, IXGBE_VT_CTL); ctrl &= ~IXGBE_VT_CTL_POOLING_MODE_MASK; IXGBE_WRITE_REG(hw, IXGBE_VT_CTL, ctrl); @@ -2830,6 +2832,7 @@ ixgbe_dev_start(struct rte_eth_dev *dev) case ixgbe_mac_X550: case ixgbe_mac_X550EM_x: case ixgbe_mac_X550EM_a: + case ixgbe_mac_E610: speed = IXGBE_LINK_SPEED_X550_AUTONEG; break; default: @@ -4046,10 +4049,11 @@ ixgbe_dev_info_get(struct rte_eth_dev *dev, struct rte_eth_dev_info *dev_info) if (hw->mac.type == ixgbe_mac_X540 || hw->mac.type == ixgbe_mac_X540_vf || hw->mac.type == ixgbe_mac_X550 || - hw->mac.type == ixgbe_mac_X550_vf) { + hw->mac.type == ixgbe_mac_X550_vf || + hw->mac.type == ixgbe_mac_E610) { dev_info->speed_capa |= RTE_ETH_LINK_SPEED_100M; } - if (hw->mac.type == ixgbe_mac_X550) { + if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_E610) { dev_info->speed_capa |= RTE_ETH_LINK_SPEED_2_5G; dev_info->speed_capa |= RTE_ETH_LINK_SPEED_5G; } @@ -7665,7 +7669,8 @@ ixgbe_update_e_tag_eth_type(struct ixgbe_hw *hw, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7686,7 +7691,8 @@ ixgbe_e_tag_enable(struct ixgbe_hw *hw) if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7709,7 +7715,8 @@ ixgbe_e_tag_filter_del(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7745,7 +7752,8 @@ ixgbe_e_tag_filter_add(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } @@ -7932,7 +7940,8 @@ ixgbe_e_tag_forwarding_en_dis(struct rte_eth_dev *dev, bool en) if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { return -ENOTSUP; } diff --git a/drivers/net/intel/ixgbe/ixgbe_fdir.c b/drivers/net/intel/ixgbe/ixgbe_fdir.c index 97ef185583..0bdfbd411a 100644 --- a/drivers/net/intel/ixgbe/ixgbe_fdir.c +++ b/drivers/net/intel/ixgbe/ixgbe_fdir.c @@ -650,10 +650,11 @@ ixgbe_fdir_configure(struct rte_eth_dev *dev) hw->mac.type != ixgbe_mac_E610) return -ENOSYS; - /* x550 supports mac-vlan and tunnel mode but other NICs not */ + /* x550 and E610 supports mac-vlan and tunnel mode but other NICs not */ if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610 && mode != RTE_FDIR_MODE_SIGNATURE && mode != RTE_FDIR_MODE_PERFECT) return -ENOSYS; @@ -1130,7 +1131,7 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev, return -ENOTSUP; /* - * Sanity check for x550. + * Sanity check for x550 and E610. * When adding a new filter with flow type set to IPv4, * the flow director mask should be configed before, * and the L4 protocol and ports are masked. @@ -1138,7 +1139,8 @@ ixgbe_fdir_filter_program(struct rte_eth_dev *dev, if ((!del) && (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) && + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) && (rule->ixgbe_fdir.formatted.flow_type == IXGBE_ATR_FLOW_TYPE_IPV4 || rule->ixgbe_fdir.formatted.flow_type == diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 3b68d820ca..27d2ba1132 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -1361,7 +1361,8 @@ ixgbe_parse_l2_tn_filter(struct rte_eth_dev *dev, if (hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { memset(l2_tn_filter, 0, sizeof(struct ixgbe_l2_tunnel_conf)); rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ITEM, diff --git a/drivers/net/intel/ixgbe/ixgbe_pf.c b/drivers/net/intel/ixgbe/ixgbe_pf.c index e967fe5e48..d9a775f99a 100644 --- a/drivers/net/intel/ixgbe/ixgbe_pf.c +++ b/drivers/net/intel/ixgbe/ixgbe_pf.c @@ -558,11 +558,12 @@ ixgbe_set_vf_lpe(struct rte_eth_dev *dev, uint32_t vf, uint32_t *msgbuf) uint32_t max_frs; uint32_t hlreg0; - /* X540 and X550 support jumbo frames in IOV mode */ + /* X540, X550, and E610 support jumbo frames in IOV mode */ if (hw->mac.type != ixgbe_mac_X540 && hw->mac.type != ixgbe_mac_X550 && hw->mac.type != ixgbe_mac_X550EM_x && - hw->mac.type != ixgbe_mac_X550EM_a) { + hw->mac.type != ixgbe_mac_X550EM_a && + hw->mac.type != ixgbe_mac_E610) { struct ixgbe_vf_info *vfinfo = *IXGBE_DEV_PRIVATE_TO_P_VFDATA(dev->data->dev_private); diff --git a/drivers/net/intel/ixgbe/ixgbe_rxtx.c b/drivers/net/intel/ixgbe/ixgbe_rxtx.c index 0af04c9b0d..2857c19355 100644 --- a/drivers/net/intel/ixgbe/ixgbe_rxtx.c +++ b/drivers/net/intel/ixgbe/ixgbe_rxtx.c @@ -2707,7 +2707,8 @@ ixgbe_get_tx_port_offloads(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) tx_offload_capa |= RTE_ETH_TX_OFFLOAD_OUTER_IPV4_CKSUM; #ifdef RTE_LIB_SECURITY @@ -3166,7 +3167,8 @@ ixgbe_get_rx_port_offloads(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) offloads |= RTE_ETH_RX_OFFLOAD_OUTER_IPV4_CKSUM; #ifdef RTE_LIB_SECURITY @@ -3246,7 +3248,7 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev, /* * The packet type in RX descriptor is different for different NICs. - * Some bits are used for x550 but reserved for other NICS. + * Some bits are used for x550 and E610 but reserved for other NICS. * So set different masks for different NICs. */ if (hw->mac.type == ixgbe_mac_X550 || @@ -3254,7 +3256,8 @@ ixgbe_dev_rx_queue_setup(struct rte_eth_dev *dev, hw->mac.type == ixgbe_mac_X550EM_a || hw->mac.type == ixgbe_mac_X550_vf || hw->mac.type == ixgbe_mac_X550EM_x_vf || - hw->mac.type == ixgbe_mac_X550EM_a_vf) + hw->mac.type == ixgbe_mac_X550EM_a_vf || + hw->mac.type == ixgbe_mac_E610) rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_X550; else rxq->pkt_type_mask = IXGBE_PACKET_TYPE_MASK_82599; @@ -3506,7 +3509,8 @@ ixgbe_dev_clear_queues(struct rte_eth_dev *dev) if (hw->mac.type == ixgbe_mac_X540 || hw->mac.type == ixgbe_mac_X550 || hw->mac.type == ixgbe_mac_X550EM_x || - hw->mac.type == ixgbe_mac_X550EM_a) + hw->mac.type == ixgbe_mac_X550EM_a || + hw->mac.type == ixgbe_mac_E610) ixgbe_setup_loopback_link_x540_x550(hw, false); } } -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 02/12] net/ixgbe: fix memory leak in security flows 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov @ 2026-02-13 9:10 ` Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov ` (10 subsequent siblings) 12 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau Currently, security flows are implemented as a special case and do not go through the normal flow create/destroy infrastructure. However, because of that, it is impossible to destroy such flows once created. Fix it by adding a flag to rte_flow indicating that it is a security flow, so that it can be destroyed later. Additionally, security flows return pointer to allocated `rte_flow` struct unconditionally, even though the underlying call to ipsec code might have failed. Fix that by checking the return value from the filter function before returning. Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Bruce Richardson <bruce.richardson@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> --- drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 ++ drivers/net/intel/ixgbe/ixgbe_flow.c | 13 ++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.h b/drivers/net/intel/ixgbe/ixgbe_ethdev.h index 5393c81363..5dbd659941 100644 --- a/drivers/net/intel/ixgbe/ixgbe_ethdev.h +++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.h @@ -359,6 +359,8 @@ struct ixgbe_l2_tn_info { struct rte_flow { enum rte_filter_type filter_type; + /* security flows are not rte_filter_type */ + bool is_security; void *rule; }; diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 27d2ba1132..90072e757e 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -3062,8 +3062,12 @@ ixgbe_flow_create(struct rte_eth_dev *dev, #ifdef RTE_LIB_SECURITY /* ESP flow not really a flow*/ - if (ntuple_filter.proto == IPPROTO_ESP) + if (ntuple_filter.proto == IPPROTO_ESP) { + if (ret != 0) + goto out; + flow->is_security = true; return flow; + } #endif if (!ret) { @@ -3350,6 +3354,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev, IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private); struct ixgbe_rss_conf_ele *rss_filter_ptr; + /* Special case for SECURITY flows */ + if (flow->is_security) { + ret = 0; + goto free; + } + switch (filter_type) { case RTE_ETH_FILTER_NTUPLE: ntuple_filter_ptr = (struct ixgbe_ntuple_filter_ele *) @@ -3442,6 +3452,7 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev, return ret; } +free: TAILQ_FOREACH(ixgbe_flow_mem_ptr, &ixgbe_flow_list, entries) { if (ixgbe_flow_mem_ptr->flow == pmd_flow) { TAILQ_REMOVE(&ixgbe_flow_list, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 03/12] net/ixgbe: fix potential null dereference in IPsec 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov @ 2026-02-13 9:10 ` Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 04/12] " Anatoly Burakov ` (9 subsequent siblings) 12 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau When parsing IPsec flows, we access the `conf` pointer unconditionally, even though it might be NULL. Fix by adding the check. Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Bruce Richardson <bruce.richardson@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> --- drivers/net/intel/ixgbe/ixgbe_flow.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 90072e757e..81b983ce69 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -221,6 +221,13 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr, act = next_no_void_action(actions, NULL); if (act->type == RTE_FLOW_ACTION_TYPE_SECURITY) { const void *conf = act->conf; + + if (conf == NULL) { + rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ACTION_CONF, + act, "NULL security conf."); + return -rte_errno; + } /* check if the next not void item is END */ act = next_no_void_action(actions, act); if (act->type != RTE_FLOW_ACTION_TYPE_END) { -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 04/12] net/ixgbe: fix potential null dereference in IPsec 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (2 preceding siblings ...) 2026-02-13 9:10 ` [PATCH v6 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov @ 2026-02-13 9:10 ` Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov ` (8 subsequent siblings) 12 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau Currently, IPsec flow parser will look for IPv4 flow item in the pattern, and then pass it to IPsec SA flow function. However, we do not check if the spec pointer is actually valid. Fix by adding the check. Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Bruce Richardson <bruce.richardson@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> --- drivers/net/intel/ixgbe/ixgbe_flow.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 81b983ce69..90a24806d2 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -251,6 +251,12 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr, } item = next_no_void_pattern(pattern, item); } + if (item->spec == NULL) { + rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM_SPEC, item, + "NULL IP pattern."); + return -rte_errno; + } filter->proto = IPPROTO_ESP; return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 05/12] net/ixgbe: fix wrong pointer handling in IPsec 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (3 preceding siblings ...) 2026-02-13 9:10 ` [PATCH v6 04/12] " Anatoly Burakov @ 2026-02-13 9:10 ` Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov ` (7 subsequent siblings) 12 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty The original IPsec "add SA from flow" function expected a void* pointer to security session as its first argument. However, the actual code was not passing that, instead it passed `rte_flow_action_security` which was a *container* for security session pointer. Fix it by passing correct pointer type, as well as make typing more explicit to let compiler catch such bugs in the future. Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> --- drivers/net/intel/ixgbe/ixgbe_flow.c | 24 ++++++++++++++++++++++-- drivers/net/intel/ixgbe/ixgbe_ipsec.c | 18 ++++++------------ drivers/net/intel/ixgbe/ixgbe_ipsec.h | 16 +++++++++++++--- 3 files changed, 41 insertions(+), 17 deletions(-) diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c index 90a24806d2..6a7edc6377 100644 --- a/drivers/net/intel/ixgbe/ixgbe_flow.c +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c @@ -221,6 +221,9 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr, act = next_no_void_action(actions, NULL); if (act->type == RTE_FLOW_ACTION_TYPE_SECURITY) { const void *conf = act->conf; + const struct rte_flow_action_security *sec_act; + struct rte_security_session *session; + struct ip_spec spec; if (conf == NULL) { rte_flow_error_set(error, EINVAL, @@ -259,8 +262,25 @@ cons_parse_ntuple_filter(const struct rte_flow_attr *attr, } filter->proto = IPPROTO_ESP; - return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec, - item->type == RTE_FLOW_ITEM_TYPE_IPV6); + sec_act = (const struct rte_flow_action_security *)conf; + spec.is_ipv6 = item->type == RTE_FLOW_ITEM_TYPE_IPV6; + if (spec.is_ipv6) { + const struct rte_flow_item_ipv6 *ipv6 = item->spec; + spec.spec.ipv6 = *ipv6; + } else { + const struct rte_flow_item_ipv4 *ipv4 = item->spec; + spec.spec.ipv4 = *ipv4; + } + + /* + * we get pointer to security session from security action, + * which is const. however, we do need to act on the session, so + * either we do some kind of pointer based lookup to get session + * pointer internally (which quickly gets unwieldy for lots of + * flows case), or we simply cast away constness. + */ + session = RTE_CAST_PTR(struct rte_security_session *, sec_act->security_session); + return ixgbe_crypto_add_ingress_sa_from_flow(session, &spec); } #endif diff --git a/drivers/net/intel/ixgbe/ixgbe_ipsec.c b/drivers/net/intel/ixgbe/ixgbe_ipsec.c index df0964a51d..fe9a96c54d 100644 --- a/drivers/net/intel/ixgbe/ixgbe_ipsec.c +++ b/drivers/net/intel/ixgbe/ixgbe_ipsec.c @@ -664,20 +664,14 @@ ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev) } int -ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, - const void *ip_spec, - uint8_t is_ipv6) +ixgbe_crypto_add_ingress_sa_from_flow(struct rte_security_session *sess, + const struct ip_spec *spec) { - /** - * FIXME Updating the session priv data when the session is const. - * Typecasting done here is wrong and the implementation need to be corrected. - */ - struct ixgbe_crypto_session *ic_session = (void *)(uintptr_t) - ((const struct rte_security_session *)sess)->driver_priv_data; + struct ixgbe_crypto_session *ic_session = SECURITY_GET_SESS_PRIV(sess); if (ic_session->op == IXGBE_OP_AUTHENTICATED_DECRYPTION) { - if (is_ipv6) { - const struct rte_flow_item_ipv6 *ipv6 = ip_spec; + if (spec->is_ipv6) { + const struct rte_flow_item_ipv6 *ipv6 = &spec->spec.ipv6; ic_session->src_ip.type = IPv6; ic_session->dst_ip.type = IPv6; rte_memcpy(ic_session->src_ip.ipv6, @@ -685,7 +679,7 @@ ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, rte_memcpy(ic_session->dst_ip.ipv6, &ipv6->hdr.dst_addr, 16); } else { - const struct rte_flow_item_ipv4 *ipv4 = ip_spec; + const struct rte_flow_item_ipv4 *ipv4 = &spec->spec.ipv4; ic_session->src_ip.type = IPv4; ic_session->dst_ip.type = IPv4; ic_session->src_ip.ipv4 = ipv4->hdr.src_addr; diff --git a/drivers/net/intel/ixgbe/ixgbe_ipsec.h b/drivers/net/intel/ixgbe/ixgbe_ipsec.h index be39199be1..e7c7186264 100644 --- a/drivers/net/intel/ixgbe/ixgbe_ipsec.h +++ b/drivers/net/intel/ixgbe/ixgbe_ipsec.h @@ -6,6 +6,9 @@ #define IXGBE_IPSEC_H_ #include <rte_security.h> +#include <rte_security_driver.h> + +#include <rte_flow.h> #define IPSRXIDX_RX_EN 0x00000001 #define IPSRXIDX_TABLE_IP 0x00000002 @@ -109,9 +112,16 @@ struct ixgbe_ipsec { int ixgbe_ipsec_ctx_create(struct rte_eth_dev *dev); int ixgbe_crypto_enable_ipsec(struct rte_eth_dev *dev); -int ixgbe_crypto_add_ingress_sa_from_flow(const void *sess, - const void *ip_spec, - uint8_t is_ipv6); + +struct ip_spec { + bool is_ipv6; + union { + struct rte_flow_item_ipv4 ipv4; + struct rte_flow_item_ipv6 ipv6; + } spec; +}; +int ixgbe_crypto_add_ingress_sa_from_flow(struct rte_security_session *sess, + const struct ip_spec *ip_spec); -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 06/12] net/i40e: move FDIR config to flow create 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (4 preceding siblings ...) 2026-02-13 9:10 ` [PATCH v6 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov @ 2026-02-13 9:10 ` Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov ` (6 subsequent siblings) 12 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw) To: dev, Bruce Richardson, Xiaoyun Li, Beilei Xing Currently, FDIR filter parsing function will modify FDIR state after a successful match. However, this function is called from both flow create and flow validate, which results in the driver modifying FDIR state after a flow validate call. Move the FDIR config to flow create. Fixes: 2e67a7fbf3ff ("net/i40e: config flow director automatically") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/i40e/i40e_flow.c | 51 ++++++++++++++---------------- 1 file changed, 23 insertions(+), 28 deletions(-) diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c index f130f53ae0..193b1b6725 100644 --- a/drivers/net/intel/i40e/i40e_flow.c +++ b/drivers/net/intel/i40e/i40e_flow.c @@ -2551,9 +2551,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev, struct rte_flow_error *error, union i40e_filter_t *filter) { - struct i40e_pf *pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private); - struct i40e_fdir_filter_conf *fdir_filter = - &filter->fdir_filter; + struct i40e_fdir_filter_conf *fdir_filter = &filter->fdir_filter; int ret; ret = i40e_flow_parse_fdir_pattern(dev, pattern, error, fdir_filter); @@ -2570,32 +2568,7 @@ i40e_flow_parse_fdir_filter(struct rte_eth_dev *dev, cons_filter_type = RTE_ETH_FILTER_FDIR; - if (pf->fdir.fdir_vsi == NULL) { - /* Enable fdir when fdir flow is added at first time. */ - ret = i40e_fdir_setup(pf); - if (ret != I40E_SUCCESS) { - rte_flow_error_set(error, ENOTSUP, - RTE_FLOW_ERROR_TYPE_HANDLE, - NULL, "Failed to setup fdir."); - return -rte_errno; - } - ret = i40e_fdir_configure(dev); - if (ret < 0) { - rte_flow_error_set(error, ENOTSUP, - RTE_FLOW_ERROR_TYPE_HANDLE, - NULL, "Failed to configure fdir."); - goto err; - } - } - - /* If create the first fdir rule, enable fdir check for rx queues */ - if (TAILQ_EMPTY(&pf->fdir.fdir_list)) - i40e_fdir_rx_proc_enable(dev, 1); - return 0; -err: - i40e_fdir_teardown(pf); - return -rte_errno; } /* Parse to get the action info of a tunnel filter @@ -3921,6 +3894,28 @@ i40e_flow_create(struct rte_eth_dev *dev, return NULL; if (cons_filter_type == RTE_ETH_FILTER_FDIR) { + /* if this is the first time we're creating an fdir flow */ + if (pf->fdir.fdir_vsi == NULL) { + ret = i40e_fdir_setup(pf); + if (ret != I40E_SUCCESS) { + rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_HANDLE, + NULL, "Failed to setup fdir."); + return NULL; + } + ret = i40e_fdir_configure(dev); + if (ret < 0) { + rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_HANDLE, + NULL, "Failed to configure fdir."); + i40e_fdir_teardown(pf); + return NULL; + } + } + /* If create the first fdir rule, enable fdir check for rx queues */ + if (TAILQ_EMPTY(&pf->fdir.fdir_list)) + i40e_fdir_rx_proc_enable(dev, 1); + flow = i40e_fdir_entry_pool_get(fdir_info); if (flow == NULL) { rte_flow_error_set(error, ENOBUFS, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 07/12] net/i40e: fix IPv6 GTPU handling 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (5 preceding siblings ...) 2026-02-13 9:10 ` [PATCH v6 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov @ 2026-02-13 9:10 ` Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov ` (5 subsequent siblings) 12 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw) To: dev, Bruce Richardson, Beilei Xing, Jingjing Wu GTP tunnel code declares support for IPv6 GTPU flows but does not actually handle IPv6 flow pattern item, resulting in incorrect parsing for IPv6 GTPU flows. Add IPv6 flow item handling. Fixes: 47ba0398da3f ("net/i40e: add cloud filter parsing function for GTP") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/i40e/i40e_flow.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/net/intel/i40e/i40e_flow.c b/drivers/net/intel/i40e/i40e_flow.c index 193b1b6725..2374b9bbca 100644 --- a/drivers/net/intel/i40e/i40e_flow.c +++ b/drivers/net/intel/i40e/i40e_flow.c @@ -3580,6 +3580,19 @@ i40e_flow_parse_gtp_pattern(struct rte_eth_dev *dev, return -rte_errno; } break; + case RTE_FLOW_ITEM_TYPE_IPV6: + filter->ip_type = I40E_TUNNEL_IPTYPE_IPV6; + /* IPv6 is used to describe protocol, + * spec and mask should be NULL. + */ + if (item->spec || item->mask) { + rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, + item, + "Invalid IPv6 item"); + return -rte_errno; + } + break; case RTE_FLOW_ITEM_TYPE_UDP: if (item->spec || item->mask) { rte_flow_error_set(error, EINVAL, -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 08/12] net/iavf: fix memory leak on egress IPsec flows 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (6 preceding siblings ...) 2026-02-13 9:10 ` [PATCH v6 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov @ 2026-02-13 9:10 ` Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov ` (4 subsequent siblings) 12 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Declan Doherty, Radu Nicolau, Abhijit Sinha, Jingjing Wu When creating egress IPsec flows, no action need to be done in hardware, as this is just a software association. However, because we do not write anything to the rte_flow entry, subsequent destroy call will not destroy this kind of flow, because it expects a valid engine to be set for every flow. This results in memory unable to be freed back to the system. In addition to that, when creating these flows, we do not actually store the rte_flow pointer anywhere, so even if the user has triggered `uninit` (which would have freed the flow), this flow isn't in the list so it would never get freed. Fix this by marking the flow as egress IPsec flows, adding it to the tailq, and changing the `destroy` code to take all of that into account. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/iavf/iavf_generic_flow.c | 30 +++++++++++++++++----- drivers/net/intel/iavf/iavf_generic_flow.h | 1 + 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c index 6f6e95fc45..02917f863d 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.c +++ b/drivers/net/intel/iavf/iavf_generic_flow.c @@ -2265,8 +2265,10 @@ iavf_flow_create(struct rte_eth_dev *dev, } /* Special case for inline crypto egress flows */ - if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) - goto free_flow; + if (attr->egress && actions[0].type == RTE_FLOW_ACTION_TYPE_SECURITY) { + flow->is_ipsec_egress_flow = true; + goto tailq_insert; + } ret = iavf_flow_process_filter(dev, flow, attr, pattern, actions, &engine, iavf_parse_engine_create, error); @@ -2278,6 +2280,7 @@ iavf_flow_create(struct rte_eth_dev *dev, } flow->engine = engine; +tailq_insert: rte_spinlock_lock(&vf->flow_ops_lock); TAILQ_INSERT_TAIL(&vf->flow_list, flow, node); rte_spinlock_unlock(&vf->flow_ops_lock); @@ -2293,7 +2296,14 @@ iavf_flow_is_valid(struct rte_flow *flow) struct iavf_flow_engine *engine; void *temp; - if (flow && flow->engine) { + if (flow == NULL) + return false; + + /* these flows don't use engines */ + if (flow->is_ipsec_egress_flow) + return true; + + if (flow->engine) { RTE_TAILQ_FOREACH_SAFE(engine, &engine_list, node, temp) { if (engine == flow->engine) return true; @@ -2311,18 +2321,26 @@ iavf_flow_destroy(struct rte_eth_dev *dev, struct iavf_adapter *ad = IAVF_DEV_PRIVATE_TO_ADAPTER(dev->data->dev_private); struct iavf_info *vf = IAVF_DEV_PRIVATE_TO_VF(ad); + bool need_destroy; int ret = 0; - if (!iavf_flow_is_valid(flow) || !flow->engine->destroy) { + if (!iavf_flow_is_valid(flow)) { rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_HANDLE, NULL, "Invalid flow destroy"); return -rte_errno; } + need_destroy = !flow->is_ipsec_egress_flow; + + if (need_destroy && flow->engine->destroy == NULL) { + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_HANDLE, NULL, + "Invalid flow destroy"); + } rte_spinlock_lock(&vf->flow_ops_lock); - - ret = flow->engine->destroy(ad, flow, error); + if (need_destroy) + ret = flow->engine->destroy(ad, flow, error); if (!ret) { TAILQ_REMOVE(&vf->flow_list, flow, node); diff --git a/drivers/net/intel/iavf/iavf_generic_flow.h b/drivers/net/intel/iavf/iavf_generic_flow.h index 60d8ab02b4..b11bb4cf2b 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.h +++ b/drivers/net/intel/iavf/iavf_generic_flow.h @@ -517,6 +517,7 @@ TAILQ_HEAD(iavf_engine_list, iavf_flow_engine); /* Struct to store flow created. */ struct rte_flow { TAILQ_ENTRY(rte_flow) node; + bool is_ipsec_egress_flow; struct iavf_flow_engine *engine; void *rule; }; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 09/12] net/iavf: fix memory leak on uninit 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (7 preceding siblings ...) 2026-02-13 9:10 ` [PATCH v6 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov @ 2026-02-13 9:10 ` Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov ` (3 subsequent siblings) 12 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Radu Nicolau, Declan Doherty, Jingjing Wu, Abhijit Sinha When IPsec is initialized, parsers and engines are registered into the common infrastructure. However, during deinitialization, they are not cleaned up. Fix it by including IPsec engines in the cleanup. Fixes: 6bc987ecb860 ("net/iavf: support IPsec inline crypto") Cc: radu.nicolau@intel.com Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/iavf/iavf_generic_flow.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/intel/iavf/iavf_generic_flow.c b/drivers/net/intel/iavf/iavf_generic_flow.c index 02917f863d..42ecc90d1d 100644 --- a/drivers/net/intel/iavf/iavf_generic_flow.c +++ b/drivers/net/intel/iavf/iavf_generic_flow.c @@ -1859,6 +1859,11 @@ iavf_flow_uninit(struct iavf_adapter *ad) TAILQ_REMOVE(&vf->dist_parser_list, p_parser, node); rte_free(p_parser); } + + while ((p_parser = TAILQ_FIRST(&vf->ipsec_crypto_parser_list))) { + TAILQ_REMOVE(&vf->ipsec_crypto_parser_list, p_parser, node); + rte_free(p_parser); + } } int @@ -1920,6 +1925,8 @@ iavf_unregister_parser(struct iavf_flow_parser *parser, else if ((parser->engine->type == IAVF_FLOW_ENGINE_FDIR) || (parser->engine->type == IAVF_FLOW_ENGINE_FSUB)) list = &vf->dist_parser_list; + else if (parser->engine->type == IAVF_FLOW_ENGINE_IPSEC_CRYPTO) + list = &vf->ipsec_crypto_parser_list; if (list == NULL) return; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 10/12] net/iavf: fix IPv4 flow subscription 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (8 preceding siblings ...) 2026-02-13 9:10 ` [PATCH v6 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov @ 2026-02-13 9:10 ` Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov ` (2 subsequent siblings) 12 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw) To: dev, Vladimir Medvedkin, Qi Zhang, Jie Wang Currently, when IPv4 is parsed as part of flow subscription input set, we add two bytes to the total number of bytes in the input set for IPv4 source or destination addresses, whereas they should be 4 bytes. Fix to add the correct number of bytes. Fixes: 6d42380e5983 ("net/iavf: add flow subscrption supported pattern") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/iavf/iavf_fsub.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/intel/iavf/iavf_fsub.c b/drivers/net/intel/iavf/iavf_fsub.c index 18df9c6500..cf1030320f 100644 --- a/drivers/net/intel/iavf/iavf_fsub.c +++ b/drivers/net/intel/iavf/iavf_fsub.c @@ -314,11 +314,11 @@ iavf_fsub_parse_pattern(const struct rte_flow_item pattern[], if (ipv4_mask->hdr.src_addr) { *input |= IAVF_INSET_IPV4_SRC; - input_set_byte += 2; + input_set_byte += 4; } if (ipv4_mask->hdr.dst_addr) { *input |= IAVF_INSET_IPV4_DST; - input_set_byte += 2; + input_set_byte += 4; } if (ipv4_mask->hdr.time_to_live) { *input |= IAVF_INSET_IPV4_TTL; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 11/12] net/ice: fix memory leak in DCF QoS bandwidth config 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (9 preceding siblings ...) 2026-02-13 9:10 ` [PATCH v6 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov @ 2026-02-13 9:10 ` Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov 2026-02-13 10:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Bruce Richardson 12 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw) To: dev, Bruce Richardson, Qi Zhang, Ting Xu, Qiming Yang Currently, when committing DCF QoS bandwidth configuration for VFs and TCs, we are using rte_zmalloc followed by copying the data to persistent storage and then discarding the temporary buffers. This is not needed as these temporary buffers are not being stored anywhere, so replace them with regular calloc. However, because the original code was missing a corresponding `rte_free()` call for these temporary allocations, this also fixes a memory leak. Fixes: 3a6bfc37eaf4 ("net/ice: support QoS config VF bandwidth in DCF") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/ice/ice_dcf_sched.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/net/intel/ice/ice_dcf_sched.c b/drivers/net/intel/ice/ice_dcf_sched.c index 2832d223d1..948774a282 100644 --- a/drivers/net/intel/ice/ice_dcf_sched.c +++ b/drivers/net/intel/ice/ice_dcf_sched.c @@ -1,6 +1,8 @@ /* SPDX-License-Identifier: BSD-3-Clause * Copyright(c) 2010-2017 Intel Corporation */ +#include <stdlib.h> + #include <rte_tm_driver.h> #include "base/ice_sched.h" @@ -746,8 +748,8 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, { struct ice_dcf_adapter *adapter = dev->data->dev_private; struct ice_dcf_hw *hw = &adapter->real_hw; - struct virtchnl_dcf_bw_cfg_list *vf_bw; - struct virtchnl_dcf_bw_cfg_list *tc_bw; + struct virtchnl_dcf_bw_cfg_list *vf_bw = NULL; + struct virtchnl_dcf_bw_cfg_list *tc_bw = NULL; struct ice_dcf_tm_node_list *vsi_list = &hw->tm_conf.vsi_list; struct rte_tm_shaper_params *profile; struct ice_dcf_tm_node *tm_node; @@ -770,12 +772,12 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, size = sizeof(struct virtchnl_dcf_bw_cfg_list) + sizeof(struct virtchnl_dcf_bw_cfg) * (hw->tm_conf.nb_tc_node - 1); - vf_bw = rte_zmalloc("vf_bw", size, 0); + vf_bw = calloc(1, size); if (!vf_bw) { ret_val = ICE_ERR_NO_MEMORY; goto fail_clear; } - tc_bw = rte_zmalloc("tc_bw", size, 0); + tc_bw = calloc(1, size); if (!tc_bw) { ret_val = ICE_ERR_NO_MEMORY; goto fail_clear; @@ -875,6 +877,11 @@ static int ice_dcf_hierarchy_commit(struct rte_eth_dev *dev, return ret_val; fail_clear: + if (vf_bw != NULL) + free(vf_bw); + if (tc_bw != NULL) + free(tc_bw); + /* clear all the traffic manager configuration */ if (clear_on_fail) { ice_dcf_tm_conf_uninit(dev); -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* [PATCH v6 12/12] net/ice: fix memory leak in FDIR flow parsing 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (10 preceding siblings ...) 2026-02-13 9:10 ` [PATCH v6 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov @ 2026-02-13 9:10 ` Anatoly Burakov 2026-02-13 10:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Bruce Richardson 12 siblings, 0 replies; 83+ messages in thread From: Anatoly Burakov @ 2026-02-13 9:10 UTC (permalink / raw) To: dev, Bruce Richardson, Junfeng Guo, Qi Zhang Currently, RAW pattern parsing will cause a `pkt_buf` buffer to be allocated to store parsed RAW pattern bytes. All error paths handle the deallocation correctly, and the buffer will then be passed to FDIR filter create function which also handles the presence of the buffer correctly, and it is also freed correctly in destroy function. However, rte_flow_validate will go through the same code path, but will not call FDIR create/destroy nor even store the pointer, because `meta` variable inside the flow parsing function will be set to NULL, which will cause this memory to be leaked (and memset(0)-ed next time we try to create/validate another flow). Fix it by freeing the `pkt_buf` when `meta` is NULL. Additionally, the initial allocation was done using `ice_malloc` macro. It does not affect anything as `ice_malloc` translates to `rte_zmalloc` anyway but for consistency, change the allocation to `rte_zmalloc` as well. Fixes: 25be39cc1760 ("net/ice: enable protocol agnostic flow offloading in FDIR") Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Acked-by: Vladimir Medvedkin <vladimir.medvedkin@intel.com> --- drivers/net/intel/ice/ice_fdir_filter.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/net/intel/ice/ice_fdir_filter.c b/drivers/net/intel/ice/ice_fdir_filter.c index f7730ec6ab..da22b65a77 100644 --- a/drivers/net/intel/ice/ice_fdir_filter.c +++ b/drivers/net/intel/ice/ice_fdir_filter.c @@ -1938,7 +1938,7 @@ ice_fdir_parse_pattern(__rte_unused struct ice_adapter *ad, goto raw_error; } - u8 *pkt_buf = (u8 *)ice_malloc(&ad->hw, pkt_len + 1); + u8 *pkt_buf = (u8 *)rte_zmalloc("raw pkt buf", pkt_len + 1, 0); if (!pkt_buf) { ret_val = -ENOMEM; goto raw_error; @@ -2497,8 +2497,12 @@ ice_fdir_parse(struct ice_adapter *ad, if (ret) goto error; - if (meta) + /* if meta is NULL we're validating so the flow won't be stored */ + if (meta) { *meta = filter; + } else if (filter->pkt_buf != NULL) { + rte_free(filter->pkt_buf); + } rte_free(item); return ret; -- 2.47.3 ^ permalink raw reply related [flat|nested] 83+ messages in thread
* Re: [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov ` (11 preceding siblings ...) 2026-02-13 9:10 ` [PATCH v6 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov @ 2026-02-13 10:10 ` Bruce Richardson 12 siblings, 0 replies; 83+ messages in thread From: Bruce Richardson @ 2026-02-13 10:10 UTC (permalink / raw) To: Anatoly Burakov; +Cc: dev On Fri, Feb 13, 2026 at 09:10:02AM +0000, Anatoly Burakov wrote: > Various bug fixes for Intel IXGBE, I40E, ICE, and IAVF drivers > > v1 -> v2: > - Added patches [1] [2] that were previously sent separately > - Added patch fixing leak in DCF config > > v2 -> v3: > - Added patch fixing leak in FDIR parser > > v3 -> v4: > - Reordered patchsets by driver > - Added patch to fix ixgbe security flow memory leak > > v4 -> v5: > - Fixed build issues in DCF patch > - Added three more patches to fix various bugs in IPsec > > v5 -> v6: > - Brought back comment about constness and moved it to where > casting away actually happens > > [1] https://patches.dpdk.org/project/dpdk/patch/fbd32a8a688fd0ed90fcf497703edcc30f69d54d.1770643356.git.anatoly.burakov@intel.com/ > [2] https://patches.dpdk.org/project/dpdk/patch/ab4f8d8cf24dcd18f0dd6da3359266083f31d789.1770642901.git.anatoly.burakov@intel.com/ > Applied to dpdk-next-net-intel. Thanks, /Bruce ^ permalink raw reply [flat|nested] 83+ messages in thread
end of thread, other threads:[~2026-02-13 10:10 UTC | newest] Thread overview: 83+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-09 12:58 ` [PATCH v1 2/4] net/i40e: move FDIR config to flow create Anatoly Burakov 2026-02-09 12:58 ` [PATCH v1 3/4] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov 2026-02-09 14:40 ` Radu Nicolau 2026-02-09 12:58 ` [PATCH v1 4/4] net/iavf: fix memory leak on uninit Anatoly Burakov 2026-02-09 14:40 ` Radu Nicolau 2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 2/7] net/i40e: move FDIR config to flow create Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 3/7] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 4/7] net/iavf: fix memory leak on uninit Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 5/7] net/i40e: fix IPv6 GTPU handling Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 6/7] net/iavf: fix IPv4 flow subscription Anatoly Burakov 2026-02-10 15:52 ` [PATCH v2 7/7] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 1/8] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 2/8] net/i40e: move FDIR config to flow create Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 3/8] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 4/8] net/iavf: fix memory leak on uninit Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 5/8] net/i40e: fix IPv6 GTPU handling Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 6/8] net/iavf: fix IPv4 flow subscription Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 7/8] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov 2026-02-11 13:03 ` [PATCH v3 8/8] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov 2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov 2026-02-11 13:49 ` [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-11 15:17 ` Medvedkin, Vladimir 2026-02-11 21:57 ` Kwapulinski, Piotr 2026-02-11 13:49 ` [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows Anatoly Burakov 2026-02-11 15:28 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 3/9] net/i40e: move FDIR config to flow create Anatoly Burakov 2026-02-11 15:38 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 4/9] net/i40e: fix IPv6 GTPU handling Anatoly Burakov 2026-02-11 15:40 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 5/9] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov 2026-02-11 15:45 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 6/9] net/iavf: fix memory leak on uninit Anatoly Burakov 2026-02-11 15:52 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 7/9] net/iavf: fix IPv4 flow subscription Anatoly Burakov 2026-02-11 15:53 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 8/9] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov 2026-02-11 15:56 ` Medvedkin, Vladimir 2026-02-11 13:49 ` [PATCH v4 9/9] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov 2026-02-11 16:06 ` Medvedkin, Vladimir 2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov 2026-02-12 17:10 ` Bruce Richardson 2026-02-12 17:14 ` Bruce Richardson 2026-02-13 8:44 ` Burakov, Anatoly 2026-02-13 8:50 ` Bruce Richardson 2026-02-12 17:19 ` Radu Nicolau 2026-02-12 12:53 ` [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov 2026-02-12 17:13 ` Bruce Richardson 2026-02-12 17:19 ` Radu Nicolau 2026-02-12 12:53 ` [PATCH v5 04/12] " Anatoly Burakov 2026-02-12 17:15 ` Bruce Richardson 2026-02-12 17:19 ` Radu Nicolau 2026-02-12 12:53 ` [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov 2026-02-12 14:50 ` Burakov, Anatoly 2026-02-12 17:17 ` Bruce Richardson 2026-02-12 17:21 ` Radu Nicolau 2026-02-13 8:40 ` Burakov, Anatoly 2026-02-12 17:18 ` Radu Nicolau 2026-02-12 12:53 ` [PATCH v5 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov 2026-02-12 12:53 ` [PATCH v5 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 04/12] " Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov 2026-02-13 9:10 ` [PATCH v6 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov 2026-02-13 10:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Bruce Richardson
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox