net/mlx5e: TC, Fix slab-out-of-bounds in parse_tc_actions

Bugzilla: https://bugzilla.redhat.com/2112947
Upstream-status: v6.1-rc5

commit 7f1a6d4
Author: Roi Dayan <roid@nvidia.com>
Date:   Wed Nov 2 23:55:47 2022 -0700

	net/mlx5e: TC, Fix slab-out-of-bounds in parse_tc_actions

	esw_attr is only allocated if namespace is fdb.

	BUG: KASAN: slab-out-of-bounds in parse_tc_actions+0xdc6/0x10e0 [mlx5_core]
	Write of size 4 at addr ffff88815f185b04 by task tc/2135

	CPU: 5 PID: 2135 Comm: tc Not tainted 6.1.0-rc2+ ctrliq#2
	Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
	Call Trace:
	 <TASK>
	 dump_stack_lvl+0x57/0x7d
	 print_report+0x170/0x471
	 ? parse_tc_actions+0xdc6/0x10e0 [mlx5_core]
	 kasan_report+0xbc/0xf0
	 ? parse_tc_actions+0xdc6/0x10e0 [mlx5_core]
	 parse_tc_actions+0xdc6/0x10e0 [mlx5_core]

	Fixes: 94d6517 ("net/mlx5e: TC, Fix cloned flow attr instance dests are not zeroed")
	Signed-off-by: Roi Dayan <roid@nvidia.com>
	Reviewed-by: Maor Dickman <maord@nvidia.com>
	Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>

Signed-off-by: Mohammad Kabat <mkabat@redhat.com>

Author: Mohammad Kabat

drivers/net/ethernet/mellanox/mlx5/core/en_tc.c

@@ -3617,10 +3617,14 @@ mlx5e_clone_flow_attr_for_post_act(struct mlx5_flow_attr *attr,
 	attr2->action = 0;
 	attr2->flags = 0;
 	attr2->parse_attr = parse_attr;
-	attr2->esw_attr->out_count = 0;
-	attr2->esw_attr->split_count = 0;
 	attr2->dest_chain = 0;
 	attr2->dest_ft = NULL;
+
+	if (ns_type == MLX5_FLOW_NAMESPACE_FDB) {
+		attr2->esw_attr->out_count = 0;
+		attr2->esw_attr->split_count = 0;
+	}
+
 	return attr2;
 }