net/mlx5e: CT: Fix NAT miss rule cleanup on init failure

[PATCH net v1] net/mlx5e: CT: Fix NAT miss rule cleanup on init failure

Posted by Prathamesh Deshpande 1 month, 1 week ago

mlx5_tc_ct_init() creates the CT-NAT miss rule before initializing the
conntrack hash tables, workqueue and flow-steering state.

If one of those later initialization steps fails, the error path destroys
the CT-NAT table but does not delete the miss rule and flow group created
in that table.

Add a dedicated unwind step to delete the CT-NAT miss rule before
destroying the CT-NAT table.

Fixes: 49d37d05f216 ("net/mlx5: CT: Separate CT and CT-NAT tuple entries")
Signed-off-by: Prathamesh Deshpande <prathameshdeshpande7@gmail.com>
---
 drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
index 6c87a1c7db09..15e406d29004 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
@@ -2349,7 +2349,7 @@ mlx5_tc_ct_init(struct mlx5e_priv *priv, struct mlx5_fs_chains *chains,
 					   &ct_priv->ct_nat_miss_group,
 					   &ct_priv->ct_nat_miss_rule);
 	if (err)
-		goto err_ct_zone_ht;
+		goto err_ct_nat_miss_rule;
 
 	ct_priv->post_act = post_act;
 	mutex_init(&ct_priv->control_lock);
@@ -2382,6 +2382,9 @@ mlx5_tc_ct_init(struct mlx5e_priv *priv, struct mlx5_fs_chains *chains,
 err_ct_tuples_ht:
 	rhashtable_destroy(&ct_priv->zone_ht);
 err_ct_zone_ht:
+	tc_ct_del_ct_table_miss_rule(ct_priv->ct_nat_miss_group,
+				     ct_priv->ct_nat_miss_rule);
+err_ct_nat_miss_rule:
 	mlx5_chains_destroy_global_table(chains, ct_priv->ct_nat);
 err_ct_nat_tbl:
 	mlx5_chains_destroy_global_table(chains, ct_priv->ct);
-- 
2.43.0

Re: [PATCH net v1] net/mlx5e: CT: Fix NAT miss rule cleanup on init failure

Posted by Tariq Toukan 1 month, 1 week ago


On 06/05/2026 2:48, Prathamesh Deshpande wrote:
> mlx5_tc_ct_init() creates the CT-NAT miss rule before initializing the
> conntrack hash tables, workqueue and flow-steering state.
> 
> If one of those later initialization steps fails, the error path destroys
> the CT-NAT table but does not delete the miss rule and flow group created
> in that table.
> 
> Add a dedicated unwind step to delete the CT-NAT miss rule before
> destroying the CT-NAT table.
> 
> Fixes: 49d37d05f216 ("net/mlx5: CT: Separate CT and CT-NAT tuple entries")
> Signed-off-by: Prathamesh Deshpande <prathameshdeshpande7@gmail.com>
> ---
>   drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c | 5 ++++-
>   1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
> index 6c87a1c7db09..15e406d29004 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
> @@ -2349,7 +2349,7 @@ mlx5_tc_ct_init(struct mlx5e_priv *priv, struct mlx5_fs_chains *chains,
>   					   &ct_priv->ct_nat_miss_group,
>   					   &ct_priv->ct_nat_miss_rule);
>   	if (err)
> -		goto err_ct_zone_ht;
> +		goto err_ct_nat_miss_rule;
>   
>   	ct_priv->post_act = post_act;
>   	mutex_init(&ct_priv->control_lock);
> @@ -2382,6 +2382,9 @@ mlx5_tc_ct_init(struct mlx5e_priv *priv, struct mlx5_fs_chains *chains,
>   err_ct_tuples_ht:
>   	rhashtable_destroy(&ct_priv->zone_ht);
>   err_ct_zone_ht:
> +	tc_ct_del_ct_table_miss_rule(ct_priv->ct_nat_miss_group,
> +				     ct_priv->ct_nat_miss_rule);
> +err_ct_nat_miss_rule:
>   	mlx5_chains_destroy_global_table(chains, ct_priv->ct_nat);
>   err_ct_nat_tbl:
>   	mlx5_chains_destroy_global_table(chains, ct_priv->ct);

Reviewed-by: Tariq Toukan <tariqt@nvidia.com>

Thanks.