From: "Medvedkin, Vladimir" <vladimir.medvedkin@intel.com>
To: Anatoly Burakov <anatoly.burakov@intel.com>, <dev@dpdk.org>,
"Declan Doherty" <declan.doherty@intel.com>,
Radu Nicolau <radu.nicolau@intel.com>
Subject: Re: [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows
Date: Wed, 11 Feb 2026 15:28:44 +0000 [thread overview]
Message-ID: <d1373420-e064-41c2-9dc3-16b5c8aa4f32@intel.com> (raw)
In-Reply-To: <27473234ede7bb1551ad61cd69e3ed34f120fed7.1770817694.git.anatoly.burakov@intel.com>
On 2/11/2026 1:49 PM, Anatoly Burakov wrote:
> Currently, security flows are implemented as a special case and do not go
> through the normal flow create/destroy infrastructure. However, because of
> that, it is impossible to destroy such flows once created. Fix it by adding
> a flag to rte_flow indicating that it is a security flow, so that it can be
> destroyed later.
>
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> Cc: radu.nicolau@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
> drivers/net/intel/ixgbe/ixgbe_ethdev.h | 2 ++
> drivers/net/intel/ixgbe/ixgbe_flow.c | 11 ++++++++++-
> 2 files changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/intel/ixgbe/ixgbe_ethdev.h b/drivers/net/intel/ixgbe/ixgbe_ethdev.h
> index 5393c81363..5dbd659941 100644
> --- a/drivers/net/intel/ixgbe/ixgbe_ethdev.h
> +++ b/drivers/net/intel/ixgbe/ixgbe_ethdev.h
> @@ -359,6 +359,8 @@ struct ixgbe_l2_tn_info {
>
> struct rte_flow {
> enum rte_filter_type filter_type;
> + /* security flows are not rte_filter_type */
> + bool is_security;
> void *rule;
> };
>
> diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c b/drivers/net/intel/ixgbe/ixgbe_flow.c
> index 27d2ba1132..066a69eb12 100644
> --- a/drivers/net/intel/ixgbe/ixgbe_flow.c
> +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
> @@ -3062,8 +3062,10 @@ ixgbe_flow_create(struct rte_eth_dev *dev,
>
> #ifdef RTE_LIB_SECURITY
> /* ESP flow not really a flow*/
> - if (ntuple_filter.proto == IPPROTO_ESP)
> + if (ntuple_filter.proto == IPPROTO_ESP) {
> + flow->is_security = true;
> return flow;
here previous call ixgbe_parse_ntuple_filter() may return an error even
if ntuple_filter.proto is IPPROTO_ESP.
From cons_parse_ntuple_filter():
filter->proto = IPPROTO_ESP;
return ixgbe_crypto_add_ingress_sa_from_flow(conf, item->spec,
item->type == RTE_FLOW_ITEM_TYPE_IPV6);
ixgbe_crypto_add_ingress_sa_from_flow() may fail.
> + }
> #endif
>
> if (!ret) {
> @@ -3350,6 +3352,12 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
> IXGBE_DEV_PRIVATE_TO_FDIR_INFO(dev->data->dev_private);
> struct ixgbe_rss_conf_ele *rss_filter_ptr;
>
> + /* Special case for SECURITY flows */
> + if (flow->is_security) {
> + ret = 0;
> + goto free;
> + }
> +
> switch (filter_type) {
> case RTE_ETH_FILTER_NTUPLE:
> ntuple_filter_ptr = (struct ixgbe_ntuple_filter_ele *)
> @@ -3442,6 +3450,7 @@ ixgbe_flow_destroy(struct rte_eth_dev *dev,
> return ret;
> }
>
> +free:
> TAILQ_FOREACH(ixgbe_flow_mem_ptr, &ixgbe_flow_list, entries) {
> if (ixgbe_flow_mem_ptr->flow == pmd_flow) {
> TAILQ_REMOVE(&ixgbe_flow_list,
--
Regards,
Vladimir
next prev parent reply other threads:[~2026-02-11 15:28 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-09 12:58 [PATCH v1 1/4] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-09 12:58 ` [PATCH v1 2/4] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-09 12:58 ` [PATCH v1 3/4] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
2026-02-09 14:40 ` Radu Nicolau
2026-02-09 12:58 ` [PATCH v1 4/4] net/iavf: fix memory leak on uninit Anatoly Burakov
2026-02-09 14:40 ` Radu Nicolau
2026-02-10 15:52 ` [PATCH v2 1/7] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 2/7] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 3/7] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 4/7] net/iavf: fix memory leak on uninit Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 5/7] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 6/7] net/iavf: fix IPv4 flow subscription Anatoly Burakov
2026-02-10 15:52 ` [PATCH v2 7/7] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 0/8] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 1/8] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 2/8] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 3/8] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 4/8] net/iavf: fix memory leak on uninit Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 5/8] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 6/8] net/iavf: fix IPv4 flow subscription Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 7/8] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
2026-02-11 13:03 ` [PATCH v3 8/8] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
2026-02-11 13:49 ` [PATCH v4 0/9] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-11 13:49 ` [PATCH v4 1/9] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-11 15:17 ` Medvedkin, Vladimir
2026-02-11 21:57 ` Kwapulinski, Piotr
2026-02-11 13:49 ` [PATCH v4 2/9] net/ixgbe: fix memory leak in security flows Anatoly Burakov
2026-02-11 15:28 ` Medvedkin, Vladimir [this message]
2026-02-11 13:49 ` [PATCH v4 3/9] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-11 15:38 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 4/9] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
2026-02-11 15:40 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 5/9] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
2026-02-11 15:45 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 6/9] net/iavf: fix memory leak on uninit Anatoly Burakov
2026-02-11 15:52 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 7/9] net/iavf: fix IPv4 flow subscription Anatoly Burakov
2026-02-11 15:53 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 8/9] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
2026-02-11 15:56 ` Medvedkin, Vladimir
2026-02-11 13:49 ` [PATCH v4 9/9] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
2026-02-11 16:06 ` Medvedkin, Vladimir
2026-02-12 12:53 ` [PATCH v5 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov
2026-02-12 17:10 ` Bruce Richardson
2026-02-12 17:14 ` Bruce Richardson
2026-02-13 8:44 ` Burakov, Anatoly
2026-02-13 8:50 ` Bruce Richardson
2026-02-12 17:19 ` Radu Nicolau
2026-02-12 12:53 ` [PATCH v5 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov
2026-02-12 17:13 ` Bruce Richardson
2026-02-12 17:19 ` Radu Nicolau
2026-02-12 12:53 ` [PATCH v5 04/12] " Anatoly Burakov
2026-02-12 17:15 ` Bruce Richardson
2026-02-12 17:19 ` Radu Nicolau
2026-02-12 12:53 ` [PATCH v5 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov
2026-02-12 14:50 ` Burakov, Anatoly
2026-02-12 17:17 ` Bruce Richardson
2026-02-12 17:21 ` Radu Nicolau
2026-02-13 8:40 ` Burakov, Anatoly
2026-02-12 17:18 ` Radu Nicolau
2026-02-12 12:53 ` [PATCH v5 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
2026-02-12 12:53 ` [PATCH v5 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 01/12] net/ixgbe: add missing E610 MAC type checks Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 02/12] net/ixgbe: fix memory leak in security flows Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 03/12] net/ixgbe: fix potential null dereference in IPsec Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 04/12] " Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 05/12] net/ixgbe: fix wrong pointer handling " Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 06/12] net/i40e: move FDIR config to flow create Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 07/12] net/i40e: fix IPv6 GTPU handling Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 08/12] net/iavf: fix memory leak on egress IPsec flows Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 09/12] net/iavf: fix memory leak on uninit Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 10/12] net/iavf: fix IPv4 flow subscription Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 11/12] net/ice: fix memory leak in DCF QoS bandwidth config Anatoly Burakov
2026-02-13 9:10 ` [PATCH v6 12/12] net/ice: fix memory leak in FDIR flow parsing Anatoly Burakov
2026-02-13 10:10 ` [PATCH v6 00/12] Assortment of bug fixes for Intel PMD's Bruce Richardson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d1373420-e064-41c2-9dc3-16b5c8aa4f32@intel.com \
--to=vladimir.medvedkin@intel.com \
--cc=anatoly.burakov@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=radu.nicolau@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox