On Thu, Feb 12, 2026 at 12:53:26PM +0000, Anatoly Burakov wrote:
> When parsing IPsec flows, we access the `conf` pointer unconditionally,
> even though it might be NULL. Fix by adding the check.
>
> Fixes: 9a0752f498d2 ("net/ixgbe: enable inline IPsec")
> Cc: [email protected]
> Cc: [email protected]
>
> Signed-off-by: Anatoly Burakov <[email protected]>
> ---
Acked-by: Bruce Richardson <[email protected]>
> drivers/net/intel/ixgbe/ixgbe_flow.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/net/intel/ixgbe/ixgbe_flow.c
> b/drivers/net/intel/ixgbe/ixgbe_flow.c
> index 90072e757e..81b983ce69 100644
> --- a/drivers/net/intel/ixgbe/ixgbe_flow.c
> +++ b/drivers/net/intel/ixgbe/ixgbe_flow.c
> @@ -221,6 +221,13 @@ cons_parse_ntuple_filter(const struct rte_flow_attr
> *attr,
> act = next_no_void_action(actions, NULL);
> if (act->type == RTE_FLOW_ACTION_TYPE_SECURITY) {
> const void *conf = act->conf;
> +
> + if (conf == NULL) {
> + rte_flow_error_set(error, EINVAL,
> + RTE_FLOW_ERROR_TYPE_ACTION_CONF,
> + act, "NULL security conf.");
> + return -rte_errno;
> + }
> /* check if the next not void item is END */
> act = next_no_void_action(actions, act);
> if (act->type != RTE_FLOW_ACTION_TYPE_END) {
> --
> 2.47.3
>
