1 // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 2 /* Copyright (C) 2017-2018 Netronome Systems, Inc. */ 3 4 #include <linux/skbuff.h> 5 #include <net/devlink.h> 6 #include <net/pkt_cls.h> 7 8 #include "cmsg.h" 9 #include "main.h" 10 #include "conntrack.h" 11 #include "../nfpcore/nfp_cpp.h" 12 #include "../nfpcore/nfp_nsp.h" 13 #include "../nfp_app.h" 14 #include "../nfp_main.h" 15 #include "../nfp_net.h" 16 #include "../nfp_port.h" 17 18 #define NFP_FLOWER_SUPPORTED_TCPFLAGS \ 19 (TCPHDR_FIN | TCPHDR_SYN | TCPHDR_RST | \ 20 TCPHDR_PSH | TCPHDR_URG) 21 22 #define NFP_FLOWER_SUPPORTED_CTLFLAGS \ 23 (FLOW_DIS_IS_FRAGMENT | \ 24 FLOW_DIS_FIRST_FRAG) 25 26 #define NFP_FLOWER_WHITELIST_DISSECTOR \ 27 (BIT(FLOW_DISSECTOR_KEY_CONTROL) | \ 28 BIT(FLOW_DISSECTOR_KEY_BASIC) | \ 29 BIT(FLOW_DISSECTOR_KEY_IPV4_ADDRS) | \ 30 BIT(FLOW_DISSECTOR_KEY_IPV6_ADDRS) | \ 31 BIT(FLOW_DISSECTOR_KEY_TCP) | \ 32 BIT(FLOW_DISSECTOR_KEY_PORTS) | \ 33 BIT(FLOW_DISSECTOR_KEY_ETH_ADDRS) | \ 34 BIT(FLOW_DISSECTOR_KEY_VLAN) | \ 35 BIT(FLOW_DISSECTOR_KEY_CVLAN) | \ 36 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) | \ 37 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | \ 38 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | \ 39 BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 40 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS) | \ 41 BIT(FLOW_DISSECTOR_KEY_ENC_OPTS) | \ 42 BIT(FLOW_DISSECTOR_KEY_ENC_IP) | \ 43 BIT(FLOW_DISSECTOR_KEY_MPLS) | \ 44 BIT(FLOW_DISSECTOR_KEY_CT) | \ 45 BIT(FLOW_DISSECTOR_KEY_META) | \ 46 BIT(FLOW_DISSECTOR_KEY_IP)) 47 48 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR \ 49 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 50 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) | \ 51 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | \ 52 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | \ 53 BIT(FLOW_DISSECTOR_KEY_ENC_OPTS) | \ 54 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS) | \ 55 BIT(FLOW_DISSECTOR_KEY_ENC_IP)) 56 57 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R \ 58 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 59 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS)) 60 61 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR_V6_R \ 62 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 63 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS)) 64 65 #define NFP_FLOWER_MERGE_FIELDS \ 66 (NFP_FLOWER_LAYER_PORT | \ 67 NFP_FLOWER_LAYER_MAC | \ 68 NFP_FLOWER_LAYER_TP | \ 69 NFP_FLOWER_LAYER_IPV4 | \ 70 NFP_FLOWER_LAYER_IPV6) 71 72 #define NFP_FLOWER_PRE_TUN_RULE_FIELDS \ 73 (NFP_FLOWER_LAYER_EXT_META | \ 74 NFP_FLOWER_LAYER_PORT | \ 75 NFP_FLOWER_LAYER_MAC | \ 76 NFP_FLOWER_LAYER_IPV4 | \ 77 NFP_FLOWER_LAYER_IPV6) 78 79 struct nfp_flower_merge_check { 80 union { 81 struct { 82 __be16 tci; 83 struct nfp_flower_mac_mpls l2; 84 struct nfp_flower_tp_ports l4; 85 union { 86 struct nfp_flower_ipv4 ipv4; 87 struct nfp_flower_ipv6 ipv6; 88 }; 89 }; 90 unsigned long vals[8]; 91 }; 92 }; 93 94 int 95 nfp_flower_xmit_flow(struct nfp_app *app, struct nfp_fl_payload *nfp_flow, 96 u8 mtype) 97 { 98 u32 meta_len, key_len, mask_len, act_len, tot_len; 99 struct sk_buff *skb; 100 unsigned char *msg; 101 102 meta_len = sizeof(struct nfp_fl_rule_metadata); 103 key_len = nfp_flow->meta.key_len; 104 mask_len = nfp_flow->meta.mask_len; 105 act_len = nfp_flow->meta.act_len; 106 107 tot_len = meta_len + key_len + mask_len + act_len; 108 109 /* Convert to long words as firmware expects 110 * lengths in units of NFP_FL_LW_SIZ. 111 */ 112 nfp_flow->meta.key_len >>= NFP_FL_LW_SIZ; 113 nfp_flow->meta.mask_len >>= NFP_FL_LW_SIZ; 114 nfp_flow->meta.act_len >>= NFP_FL_LW_SIZ; 115 116 skb = nfp_flower_cmsg_alloc(app, tot_len, mtype, GFP_KERNEL); 117 if (!skb) 118 return -ENOMEM; 119 120 msg = nfp_flower_cmsg_get_data(skb); 121 memcpy(msg, &nfp_flow->meta, meta_len); 122 memcpy(&msg[meta_len], nfp_flow->unmasked_data, key_len); 123 memcpy(&msg[meta_len + key_len], nfp_flow->mask_data, mask_len); 124 memcpy(&msg[meta_len + key_len + mask_len], 125 nfp_flow->action_data, act_len); 126 127 /* Convert back to bytes as software expects 128 * lengths in units of bytes. 129 */ 130 nfp_flow->meta.key_len <<= NFP_FL_LW_SIZ; 131 nfp_flow->meta.mask_len <<= NFP_FL_LW_SIZ; 132 nfp_flow->meta.act_len <<= NFP_FL_LW_SIZ; 133 134 nfp_ctrl_tx(app->ctrl, skb); 135 136 return 0; 137 } 138 139 static bool nfp_flower_check_higher_than_mac(struct flow_rule *rule) 140 { 141 return flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS) || 142 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS) || 143 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS) || 144 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ICMP); 145 } 146 147 static bool nfp_flower_check_higher_than_l3(struct flow_rule *rule) 148 { 149 return flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS) || 150 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ICMP); 151 } 152 153 static int 154 nfp_flower_calc_opt_layer(struct flow_dissector_key_enc_opts *enc_opts, 155 u32 *key_layer_two, int *key_size, bool ipv6, 156 struct netlink_ext_ack *extack) 157 { 158 if (enc_opts->len > NFP_FL_MAX_GENEVE_OPT_KEY || 159 (ipv6 && enc_opts->len > NFP_FL_MAX_GENEVE_OPT_KEY_V6)) { 160 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: geneve options exceed maximum length"); 161 return -EOPNOTSUPP; 162 } 163 164 if (enc_opts->len > 0) { 165 *key_layer_two |= NFP_FLOWER_LAYER2_GENEVE_OP; 166 *key_size += sizeof(struct nfp_flower_geneve_options); 167 } 168 169 return 0; 170 } 171 172 static int 173 nfp_flower_calc_udp_tun_layer(struct flow_dissector_key_ports *enc_ports, 174 struct flow_dissector_key_enc_opts *enc_op, 175 u32 *key_layer_two, u8 *key_layer, int *key_size, 176 struct nfp_flower_priv *priv, 177 enum nfp_flower_tun_type *tun_type, bool ipv6, 178 struct netlink_ext_ack *extack) 179 { 180 int err; 181 182 switch (enc_ports->dst) { 183 case htons(IANA_VXLAN_UDP_PORT): 184 *tun_type = NFP_FL_TUNNEL_VXLAN; 185 *key_layer |= NFP_FLOWER_LAYER_VXLAN; 186 187 if (ipv6) { 188 *key_layer |= NFP_FLOWER_LAYER_EXT_META; 189 *key_size += sizeof(struct nfp_flower_ext_meta); 190 *key_layer_two |= NFP_FLOWER_LAYER2_TUN_IPV6; 191 *key_size += sizeof(struct nfp_flower_ipv6_udp_tun); 192 } else { 193 *key_size += sizeof(struct nfp_flower_ipv4_udp_tun); 194 } 195 196 if (enc_op) { 197 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: encap options not supported on vxlan tunnels"); 198 return -EOPNOTSUPP; 199 } 200 break; 201 case htons(GENEVE_UDP_PORT): 202 if (!(priv->flower_ext_feats & NFP_FL_FEATS_GENEVE)) { 203 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support geneve offload"); 204 return -EOPNOTSUPP; 205 } 206 *tun_type = NFP_FL_TUNNEL_GENEVE; 207 *key_layer |= NFP_FLOWER_LAYER_EXT_META; 208 *key_size += sizeof(struct nfp_flower_ext_meta); 209 *key_layer_two |= NFP_FLOWER_LAYER2_GENEVE; 210 211 if (ipv6) { 212 *key_layer_two |= NFP_FLOWER_LAYER2_TUN_IPV6; 213 *key_size += sizeof(struct nfp_flower_ipv6_udp_tun); 214 } else { 215 *key_size += sizeof(struct nfp_flower_ipv4_udp_tun); 216 } 217 218 if (!enc_op) 219 break; 220 if (!(priv->flower_ext_feats & NFP_FL_FEATS_GENEVE_OPT)) { 221 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support geneve option offload"); 222 return -EOPNOTSUPP; 223 } 224 err = nfp_flower_calc_opt_layer(enc_op, key_layer_two, key_size, 225 ipv6, extack); 226 if (err) 227 return err; 228 break; 229 default: 230 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel type unknown"); 231 return -EOPNOTSUPP; 232 } 233 234 return 0; 235 } 236 237 int 238 nfp_flower_calculate_key_layers(struct nfp_app *app, 239 struct net_device *netdev, 240 struct nfp_fl_key_ls *ret_key_ls, 241 struct flow_rule *rule, 242 enum nfp_flower_tun_type *tun_type, 243 struct netlink_ext_ack *extack) 244 { 245 struct flow_dissector *dissector = rule->match.dissector; 246 struct flow_match_basic basic = { NULL, NULL}; 247 struct nfp_flower_priv *priv = app->priv; 248 u32 key_layer_two; 249 u8 key_layer; 250 int key_size; 251 int err; 252 253 if (dissector->used_keys & ~NFP_FLOWER_WHITELIST_DISSECTOR) { 254 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match not supported"); 255 return -EOPNOTSUPP; 256 } 257 258 /* If any tun dissector is used then the required set must be used. */ 259 if (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR && 260 (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR_V6_R) 261 != NFP_FLOWER_WHITELIST_TUN_DISSECTOR_V6_R && 262 (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R) 263 != NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R) { 264 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel match not supported"); 265 return -EOPNOTSUPP; 266 } 267 268 key_layer_two = 0; 269 key_layer = NFP_FLOWER_LAYER_PORT; 270 key_size = sizeof(struct nfp_flower_meta_tci) + 271 sizeof(struct nfp_flower_in_port); 272 273 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS) || 274 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_MPLS)) { 275 key_layer |= NFP_FLOWER_LAYER_MAC; 276 key_size += sizeof(struct nfp_flower_mac_mpls); 277 } 278 279 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN)) { 280 struct flow_match_vlan vlan; 281 282 flow_rule_match_vlan(rule, &vlan); 283 if (!(priv->flower_ext_feats & NFP_FL_FEATS_VLAN_PCP) && 284 vlan.key->vlan_priority) { 285 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support VLAN PCP offload"); 286 return -EOPNOTSUPP; 287 } 288 if (priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ && 289 !(key_layer_two & NFP_FLOWER_LAYER2_QINQ)) { 290 key_layer |= NFP_FLOWER_LAYER_EXT_META; 291 key_size += sizeof(struct nfp_flower_ext_meta); 292 key_size += sizeof(struct nfp_flower_vlan); 293 key_layer_two |= NFP_FLOWER_LAYER2_QINQ; 294 } 295 } 296 297 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CVLAN)) { 298 struct flow_match_vlan cvlan; 299 300 if (!(priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ)) { 301 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support VLAN QinQ offload"); 302 return -EOPNOTSUPP; 303 } 304 305 flow_rule_match_vlan(rule, &cvlan); 306 if (!(key_layer_two & NFP_FLOWER_LAYER2_QINQ)) { 307 key_layer |= NFP_FLOWER_LAYER_EXT_META; 308 key_size += sizeof(struct nfp_flower_ext_meta); 309 key_size += sizeof(struct nfp_flower_vlan); 310 key_layer_two |= NFP_FLOWER_LAYER2_QINQ; 311 } 312 } 313 314 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_CONTROL)) { 315 struct flow_match_enc_opts enc_op = { NULL, NULL }; 316 struct flow_match_ipv4_addrs ipv4_addrs; 317 struct flow_match_ipv6_addrs ipv6_addrs; 318 struct flow_match_control enc_ctl; 319 struct flow_match_ports enc_ports; 320 bool ipv6_tun = false; 321 322 flow_rule_match_enc_control(rule, &enc_ctl); 323 324 if (enc_ctl.mask->addr_type != 0xffff) { 325 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: wildcarded protocols on tunnels are not supported"); 326 return -EOPNOTSUPP; 327 } 328 329 ipv6_tun = enc_ctl.key->addr_type == 330 FLOW_DISSECTOR_KEY_IPV6_ADDRS; 331 if (ipv6_tun && 332 !(priv->flower_ext_feats & NFP_FL_FEATS_IPV6_TUN)) { 333 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: firmware does not support IPv6 tunnels"); 334 return -EOPNOTSUPP; 335 } 336 337 if (!ipv6_tun && 338 enc_ctl.key->addr_type != FLOW_DISSECTOR_KEY_IPV4_ADDRS) { 339 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel address type not IPv4 or IPv6"); 340 return -EOPNOTSUPP; 341 } 342 343 if (ipv6_tun) { 344 flow_rule_match_enc_ipv6_addrs(rule, &ipv6_addrs); 345 if (memchr_inv(&ipv6_addrs.mask->dst, 0xff, 346 sizeof(ipv6_addrs.mask->dst))) { 347 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match IPv6 destination address is supported"); 348 return -EOPNOTSUPP; 349 } 350 } else { 351 flow_rule_match_enc_ipv4_addrs(rule, &ipv4_addrs); 352 if (ipv4_addrs.mask->dst != cpu_to_be32(~0)) { 353 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match IPv4 destination address is supported"); 354 return -EOPNOTSUPP; 355 } 356 } 357 358 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS)) 359 flow_rule_match_enc_opts(rule, &enc_op); 360 361 if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS)) { 362 /* Check if GRE, which has no enc_ports */ 363 if (!netif_is_gretap(netdev) && !netif_is_ip6gretap(netdev)) { 364 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: an exact match on L4 destination port is required for non-GRE tunnels"); 365 return -EOPNOTSUPP; 366 } 367 368 *tun_type = NFP_FL_TUNNEL_GRE; 369 key_layer |= NFP_FLOWER_LAYER_EXT_META; 370 key_size += sizeof(struct nfp_flower_ext_meta); 371 key_layer_two |= NFP_FLOWER_LAYER2_GRE; 372 373 if (ipv6_tun) { 374 key_layer_two |= NFP_FLOWER_LAYER2_TUN_IPV6; 375 key_size += 376 sizeof(struct nfp_flower_ipv6_gre_tun); 377 } else { 378 key_size += 379 sizeof(struct nfp_flower_ipv4_gre_tun); 380 } 381 382 if (enc_op.key) { 383 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: encap options not supported on GRE tunnels"); 384 return -EOPNOTSUPP; 385 } 386 } else { 387 flow_rule_match_enc_ports(rule, &enc_ports); 388 if (enc_ports.mask->dst != cpu_to_be16(~0)) { 389 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match L4 destination port is supported"); 390 return -EOPNOTSUPP; 391 } 392 393 err = nfp_flower_calc_udp_tun_layer(enc_ports.key, 394 enc_op.key, 395 &key_layer_two, 396 &key_layer, 397 &key_size, priv, 398 tun_type, ipv6_tun, 399 extack); 400 if (err) 401 return err; 402 403 /* Ensure the ingress netdev matches the expected 404 * tun type. 405 */ 406 if (!nfp_fl_netdev_is_tunnel_type(netdev, *tun_type)) { 407 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: ingress netdev does not match the expected tunnel type"); 408 return -EOPNOTSUPP; 409 } 410 } 411 } 412 413 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) 414 flow_rule_match_basic(rule, &basic); 415 416 if (basic.mask && basic.mask->n_proto) { 417 /* Ethernet type is present in the key. */ 418 switch (basic.key->n_proto) { 419 case cpu_to_be16(ETH_P_IP): 420 key_layer |= NFP_FLOWER_LAYER_IPV4; 421 key_size += sizeof(struct nfp_flower_ipv4); 422 break; 423 424 case cpu_to_be16(ETH_P_IPV6): 425 key_layer |= NFP_FLOWER_LAYER_IPV6; 426 key_size += sizeof(struct nfp_flower_ipv6); 427 break; 428 429 /* Currently we do not offload ARP 430 * because we rely on it to get to the host. 431 */ 432 case cpu_to_be16(ETH_P_ARP): 433 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: ARP not supported"); 434 return -EOPNOTSUPP; 435 436 case cpu_to_be16(ETH_P_MPLS_UC): 437 case cpu_to_be16(ETH_P_MPLS_MC): 438 if (!(key_layer & NFP_FLOWER_LAYER_MAC)) { 439 key_layer |= NFP_FLOWER_LAYER_MAC; 440 key_size += sizeof(struct nfp_flower_mac_mpls); 441 } 442 break; 443 444 /* Will be included in layer 2. */ 445 case cpu_to_be16(ETH_P_8021Q): 446 break; 447 448 default: 449 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on given EtherType is not supported"); 450 return -EOPNOTSUPP; 451 } 452 } else if (nfp_flower_check_higher_than_mac(rule)) { 453 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: cannot match above L2 without specified EtherType"); 454 return -EOPNOTSUPP; 455 } 456 457 if (basic.mask && basic.mask->ip_proto) { 458 switch (basic.key->ip_proto) { 459 case IPPROTO_TCP: 460 case IPPROTO_UDP: 461 case IPPROTO_SCTP: 462 case IPPROTO_ICMP: 463 case IPPROTO_ICMPV6: 464 key_layer |= NFP_FLOWER_LAYER_TP; 465 key_size += sizeof(struct nfp_flower_tp_ports); 466 break; 467 } 468 } 469 470 if (!(key_layer & NFP_FLOWER_LAYER_TP) && 471 nfp_flower_check_higher_than_l3(rule)) { 472 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: cannot match on L4 information without specified IP protocol type"); 473 return -EOPNOTSUPP; 474 } 475 476 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_TCP)) { 477 struct flow_match_tcp tcp; 478 u32 tcp_flags; 479 480 flow_rule_match_tcp(rule, &tcp); 481 tcp_flags = be16_to_cpu(tcp.key->flags); 482 483 if (tcp_flags & ~NFP_FLOWER_SUPPORTED_TCPFLAGS) { 484 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: no match support for selected TCP flags"); 485 return -EOPNOTSUPP; 486 } 487 488 /* We only support PSH and URG flags when either 489 * FIN, SYN or RST is present as well. 490 */ 491 if ((tcp_flags & (TCPHDR_PSH | TCPHDR_URG)) && 492 !(tcp_flags & (TCPHDR_FIN | TCPHDR_SYN | TCPHDR_RST))) { 493 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: PSH and URG is only supported when used with FIN, SYN or RST"); 494 return -EOPNOTSUPP; 495 } 496 497 /* We need to store TCP flags in the either the IPv4 or IPv6 key 498 * space, thus we need to ensure we include a IPv4/IPv6 key 499 * layer if we have not done so already. 500 */ 501 if (!basic.key) { 502 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on TCP flags requires a match on L3 protocol"); 503 return -EOPNOTSUPP; 504 } 505 506 if (!(key_layer & NFP_FLOWER_LAYER_IPV4) && 507 !(key_layer & NFP_FLOWER_LAYER_IPV6)) { 508 switch (basic.key->n_proto) { 509 case cpu_to_be16(ETH_P_IP): 510 key_layer |= NFP_FLOWER_LAYER_IPV4; 511 key_size += sizeof(struct nfp_flower_ipv4); 512 break; 513 514 case cpu_to_be16(ETH_P_IPV6): 515 key_layer |= NFP_FLOWER_LAYER_IPV6; 516 key_size += sizeof(struct nfp_flower_ipv6); 517 break; 518 519 default: 520 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on TCP flags requires a match on IPv4/IPv6"); 521 return -EOPNOTSUPP; 522 } 523 } 524 } 525 526 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) { 527 struct flow_match_control ctl; 528 529 flow_rule_match_control(rule, &ctl); 530 if (ctl.key->flags & ~NFP_FLOWER_SUPPORTED_CTLFLAGS) { 531 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on unknown control flag"); 532 return -EOPNOTSUPP; 533 } 534 } 535 536 ret_key_ls->key_layer = key_layer; 537 ret_key_ls->key_layer_two = key_layer_two; 538 ret_key_ls->key_size = key_size; 539 540 return 0; 541 } 542 543 struct nfp_fl_payload * 544 nfp_flower_allocate_new(struct nfp_fl_key_ls *key_layer) 545 { 546 struct nfp_fl_payload *flow_pay; 547 548 flow_pay = kmalloc(sizeof(*flow_pay), GFP_KERNEL); 549 if (!flow_pay) 550 return NULL; 551 552 flow_pay->meta.key_len = key_layer->key_size; 553 flow_pay->unmasked_data = kmalloc(key_layer->key_size, GFP_KERNEL); 554 if (!flow_pay->unmasked_data) 555 goto err_free_flow; 556 557 flow_pay->meta.mask_len = key_layer->key_size; 558 flow_pay->mask_data = kmalloc(key_layer->key_size, GFP_KERNEL); 559 if (!flow_pay->mask_data) 560 goto err_free_unmasked; 561 562 flow_pay->action_data = kmalloc(NFP_FL_MAX_A_SIZ, GFP_KERNEL); 563 if (!flow_pay->action_data) 564 goto err_free_mask; 565 566 flow_pay->nfp_tun_ipv4_addr = 0; 567 flow_pay->nfp_tun_ipv6 = NULL; 568 flow_pay->meta.flags = 0; 569 INIT_LIST_HEAD(&flow_pay->linked_flows); 570 flow_pay->in_hw = false; 571 flow_pay->pre_tun_rule.dev = NULL; 572 573 return flow_pay; 574 575 err_free_mask: 576 kfree(flow_pay->mask_data); 577 err_free_unmasked: 578 kfree(flow_pay->unmasked_data); 579 err_free_flow: 580 kfree(flow_pay); 581 return NULL; 582 } 583 584 static int 585 nfp_flower_update_merge_with_actions(struct nfp_fl_payload *flow, 586 struct nfp_flower_merge_check *merge, 587 u8 *last_act_id, int *act_out) 588 { 589 struct nfp_fl_set_ipv6_tc_hl_fl *ipv6_tc_hl_fl; 590 struct nfp_fl_set_ip4_ttl_tos *ipv4_ttl_tos; 591 struct nfp_fl_set_ip4_addrs *ipv4_add; 592 struct nfp_fl_set_ipv6_addr *ipv6_add; 593 struct nfp_fl_push_vlan *push_vlan; 594 struct nfp_fl_pre_tunnel *pre_tun; 595 struct nfp_fl_set_tport *tport; 596 struct nfp_fl_set_eth *eth; 597 struct nfp_fl_act_head *a; 598 unsigned int act_off = 0; 599 bool ipv6_tun = false; 600 u8 act_id = 0; 601 u8 *ports; 602 int i; 603 604 while (act_off < flow->meta.act_len) { 605 a = (struct nfp_fl_act_head *)&flow->action_data[act_off]; 606 act_id = a->jump_id; 607 608 switch (act_id) { 609 case NFP_FL_ACTION_OPCODE_OUTPUT: 610 if (act_out) 611 (*act_out)++; 612 break; 613 case NFP_FL_ACTION_OPCODE_PUSH_VLAN: 614 push_vlan = (struct nfp_fl_push_vlan *)a; 615 if (push_vlan->vlan_tci) 616 merge->tci = cpu_to_be16(0xffff); 617 break; 618 case NFP_FL_ACTION_OPCODE_POP_VLAN: 619 merge->tci = cpu_to_be16(0); 620 break; 621 case NFP_FL_ACTION_OPCODE_SET_TUNNEL: 622 /* New tunnel header means l2 to l4 can be matched. */ 623 eth_broadcast_addr(&merge->l2.mac_dst[0]); 624 eth_broadcast_addr(&merge->l2.mac_src[0]); 625 memset(&merge->l4, 0xff, 626 sizeof(struct nfp_flower_tp_ports)); 627 if (ipv6_tun) 628 memset(&merge->ipv6, 0xff, 629 sizeof(struct nfp_flower_ipv6)); 630 else 631 memset(&merge->ipv4, 0xff, 632 sizeof(struct nfp_flower_ipv4)); 633 break; 634 case NFP_FL_ACTION_OPCODE_SET_ETHERNET: 635 eth = (struct nfp_fl_set_eth *)a; 636 for (i = 0; i < ETH_ALEN; i++) 637 merge->l2.mac_dst[i] |= eth->eth_addr_mask[i]; 638 for (i = 0; i < ETH_ALEN; i++) 639 merge->l2.mac_src[i] |= 640 eth->eth_addr_mask[ETH_ALEN + i]; 641 break; 642 case NFP_FL_ACTION_OPCODE_SET_IPV4_ADDRS: 643 ipv4_add = (struct nfp_fl_set_ip4_addrs *)a; 644 merge->ipv4.ipv4_src |= ipv4_add->ipv4_src_mask; 645 merge->ipv4.ipv4_dst |= ipv4_add->ipv4_dst_mask; 646 break; 647 case NFP_FL_ACTION_OPCODE_SET_IPV4_TTL_TOS: 648 ipv4_ttl_tos = (struct nfp_fl_set_ip4_ttl_tos *)a; 649 merge->ipv4.ip_ext.ttl |= ipv4_ttl_tos->ipv4_ttl_mask; 650 merge->ipv4.ip_ext.tos |= ipv4_ttl_tos->ipv4_tos_mask; 651 break; 652 case NFP_FL_ACTION_OPCODE_SET_IPV6_SRC: 653 ipv6_add = (struct nfp_fl_set_ipv6_addr *)a; 654 for (i = 0; i < 4; i++) 655 merge->ipv6.ipv6_src.in6_u.u6_addr32[i] |= 656 ipv6_add->ipv6[i].mask; 657 break; 658 case NFP_FL_ACTION_OPCODE_SET_IPV6_DST: 659 ipv6_add = (struct nfp_fl_set_ipv6_addr *)a; 660 for (i = 0; i < 4; i++) 661 merge->ipv6.ipv6_dst.in6_u.u6_addr32[i] |= 662 ipv6_add->ipv6[i].mask; 663 break; 664 case NFP_FL_ACTION_OPCODE_SET_IPV6_TC_HL_FL: 665 ipv6_tc_hl_fl = (struct nfp_fl_set_ipv6_tc_hl_fl *)a; 666 merge->ipv6.ip_ext.ttl |= 667 ipv6_tc_hl_fl->ipv6_hop_limit_mask; 668 merge->ipv6.ip_ext.tos |= ipv6_tc_hl_fl->ipv6_tc_mask; 669 merge->ipv6.ipv6_flow_label_exthdr |= 670 ipv6_tc_hl_fl->ipv6_label_mask; 671 break; 672 case NFP_FL_ACTION_OPCODE_SET_UDP: 673 case NFP_FL_ACTION_OPCODE_SET_TCP: 674 tport = (struct nfp_fl_set_tport *)a; 675 ports = (u8 *)&merge->l4.port_src; 676 for (i = 0; i < 4; i++) 677 ports[i] |= tport->tp_port_mask[i]; 678 break; 679 case NFP_FL_ACTION_OPCODE_PRE_TUNNEL: 680 pre_tun = (struct nfp_fl_pre_tunnel *)a; 681 ipv6_tun = be16_to_cpu(pre_tun->flags) & 682 NFP_FL_PRE_TUN_IPV6; 683 break; 684 case NFP_FL_ACTION_OPCODE_PRE_LAG: 685 case NFP_FL_ACTION_OPCODE_PUSH_GENEVE: 686 break; 687 default: 688 return -EOPNOTSUPP; 689 } 690 691 act_off += a->len_lw << NFP_FL_LW_SIZ; 692 } 693 694 if (last_act_id) 695 *last_act_id = act_id; 696 697 return 0; 698 } 699 700 static int 701 nfp_flower_populate_merge_match(struct nfp_fl_payload *flow, 702 struct nfp_flower_merge_check *merge, 703 bool extra_fields) 704 { 705 struct nfp_flower_meta_tci *meta_tci; 706 u8 *mask = flow->mask_data; 707 u8 key_layer, match_size; 708 709 memset(merge, 0, sizeof(struct nfp_flower_merge_check)); 710 711 meta_tci = (struct nfp_flower_meta_tci *)mask; 712 key_layer = meta_tci->nfp_flow_key_layer; 713 714 if (key_layer & ~NFP_FLOWER_MERGE_FIELDS && !extra_fields) 715 return -EOPNOTSUPP; 716 717 merge->tci = meta_tci->tci; 718 mask += sizeof(struct nfp_flower_meta_tci); 719 720 if (key_layer & NFP_FLOWER_LAYER_EXT_META) 721 mask += sizeof(struct nfp_flower_ext_meta); 722 723 mask += sizeof(struct nfp_flower_in_port); 724 725 if (key_layer & NFP_FLOWER_LAYER_MAC) { 726 match_size = sizeof(struct nfp_flower_mac_mpls); 727 memcpy(&merge->l2, mask, match_size); 728 mask += match_size; 729 } 730 731 if (key_layer & NFP_FLOWER_LAYER_TP) { 732 match_size = sizeof(struct nfp_flower_tp_ports); 733 memcpy(&merge->l4, mask, match_size); 734 mask += match_size; 735 } 736 737 if (key_layer & NFP_FLOWER_LAYER_IPV4) { 738 match_size = sizeof(struct nfp_flower_ipv4); 739 memcpy(&merge->ipv4, mask, match_size); 740 } 741 742 if (key_layer & NFP_FLOWER_LAYER_IPV6) { 743 match_size = sizeof(struct nfp_flower_ipv6); 744 memcpy(&merge->ipv6, mask, match_size); 745 } 746 747 return 0; 748 } 749 750 static int 751 nfp_flower_can_merge(struct nfp_fl_payload *sub_flow1, 752 struct nfp_fl_payload *sub_flow2) 753 { 754 /* Two flows can be merged if sub_flow2 only matches on bits that are 755 * either matched by sub_flow1 or set by a sub_flow1 action. This 756 * ensures that every packet that hits sub_flow1 and recirculates is 757 * guaranteed to hit sub_flow2. 758 */ 759 struct nfp_flower_merge_check sub_flow1_merge, sub_flow2_merge; 760 int err, act_out = 0; 761 u8 last_act_id = 0; 762 763 err = nfp_flower_populate_merge_match(sub_flow1, &sub_flow1_merge, 764 true); 765 if (err) 766 return err; 767 768 err = nfp_flower_populate_merge_match(sub_flow2, &sub_flow2_merge, 769 false); 770 if (err) 771 return err; 772 773 err = nfp_flower_update_merge_with_actions(sub_flow1, &sub_flow1_merge, 774 &last_act_id, &act_out); 775 if (err) 776 return err; 777 778 /* Must only be 1 output action and it must be the last in sequence. */ 779 if (act_out != 1 || last_act_id != NFP_FL_ACTION_OPCODE_OUTPUT) 780 return -EOPNOTSUPP; 781 782 /* Reject merge if sub_flow2 matches on something that is not matched 783 * on or set in an action by sub_flow1. 784 */ 785 err = bitmap_andnot(sub_flow2_merge.vals, sub_flow2_merge.vals, 786 sub_flow1_merge.vals, 787 sizeof(struct nfp_flower_merge_check) * 8); 788 if (err) 789 return -EINVAL; 790 791 return 0; 792 } 793 794 static unsigned int 795 nfp_flower_copy_pre_actions(char *act_dst, char *act_src, int len, 796 bool *tunnel_act) 797 { 798 unsigned int act_off = 0, act_len; 799 struct nfp_fl_act_head *a; 800 u8 act_id = 0; 801 802 while (act_off < len) { 803 a = (struct nfp_fl_act_head *)&act_src[act_off]; 804 act_len = a->len_lw << NFP_FL_LW_SIZ; 805 act_id = a->jump_id; 806 807 switch (act_id) { 808 case NFP_FL_ACTION_OPCODE_PRE_TUNNEL: 809 if (tunnel_act) 810 *tunnel_act = true; 811 fallthrough; 812 case NFP_FL_ACTION_OPCODE_PRE_LAG: 813 memcpy(act_dst + act_off, act_src + act_off, act_len); 814 break; 815 default: 816 return act_off; 817 } 818 819 act_off += act_len; 820 } 821 822 return act_off; 823 } 824 825 static int 826 nfp_fl_verify_post_tun_acts(char *acts, int len, struct nfp_fl_push_vlan **vlan) 827 { 828 struct nfp_fl_act_head *a; 829 unsigned int act_off = 0; 830 831 while (act_off < len) { 832 a = (struct nfp_fl_act_head *)&acts[act_off]; 833 834 if (a->jump_id == NFP_FL_ACTION_OPCODE_PUSH_VLAN && !act_off) 835 *vlan = (struct nfp_fl_push_vlan *)a; 836 else if (a->jump_id != NFP_FL_ACTION_OPCODE_OUTPUT) 837 return -EOPNOTSUPP; 838 839 act_off += a->len_lw << NFP_FL_LW_SIZ; 840 } 841 842 /* Ensure any VLAN push also has an egress action. */ 843 if (*vlan && act_off <= sizeof(struct nfp_fl_push_vlan)) 844 return -EOPNOTSUPP; 845 846 return 0; 847 } 848 849 static int 850 nfp_fl_push_vlan_after_tun(char *acts, int len, struct nfp_fl_push_vlan *vlan) 851 { 852 struct nfp_fl_set_tun *tun; 853 struct nfp_fl_act_head *a; 854 unsigned int act_off = 0; 855 856 while (act_off < len) { 857 a = (struct nfp_fl_act_head *)&acts[act_off]; 858 859 if (a->jump_id == NFP_FL_ACTION_OPCODE_SET_TUNNEL) { 860 tun = (struct nfp_fl_set_tun *)a; 861 tun->outer_vlan_tpid = vlan->vlan_tpid; 862 tun->outer_vlan_tci = vlan->vlan_tci; 863 864 return 0; 865 } 866 867 act_off += a->len_lw << NFP_FL_LW_SIZ; 868 } 869 870 /* Return error if no tunnel action is found. */ 871 return -EOPNOTSUPP; 872 } 873 874 static int 875 nfp_flower_merge_action(struct nfp_fl_payload *sub_flow1, 876 struct nfp_fl_payload *sub_flow2, 877 struct nfp_fl_payload *merge_flow) 878 { 879 unsigned int sub1_act_len, sub2_act_len, pre_off1, pre_off2; 880 struct nfp_fl_push_vlan *post_tun_push_vlan = NULL; 881 bool tunnel_act = false; 882 char *merge_act; 883 int err; 884 885 /* The last action of sub_flow1 must be output - do not merge this. */ 886 sub1_act_len = sub_flow1->meta.act_len - sizeof(struct nfp_fl_output); 887 sub2_act_len = sub_flow2->meta.act_len; 888 889 if (!sub2_act_len) 890 return -EINVAL; 891 892 if (sub1_act_len + sub2_act_len > NFP_FL_MAX_A_SIZ) 893 return -EINVAL; 894 895 /* A shortcut can only be applied if there is a single action. */ 896 if (sub1_act_len) 897 merge_flow->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL); 898 else 899 merge_flow->meta.shortcut = sub_flow2->meta.shortcut; 900 901 merge_flow->meta.act_len = sub1_act_len + sub2_act_len; 902 merge_act = merge_flow->action_data; 903 904 /* Copy any pre-actions to the start of merge flow action list. */ 905 pre_off1 = nfp_flower_copy_pre_actions(merge_act, 906 sub_flow1->action_data, 907 sub1_act_len, &tunnel_act); 908 merge_act += pre_off1; 909 sub1_act_len -= pre_off1; 910 pre_off2 = nfp_flower_copy_pre_actions(merge_act, 911 sub_flow2->action_data, 912 sub2_act_len, NULL); 913 merge_act += pre_off2; 914 sub2_act_len -= pre_off2; 915 916 /* FW does a tunnel push when egressing, therefore, if sub_flow 1 pushes 917 * a tunnel, there are restrictions on what sub_flow 2 actions lead to a 918 * valid merge. 919 */ 920 if (tunnel_act) { 921 char *post_tun_acts = &sub_flow2->action_data[pre_off2]; 922 923 err = nfp_fl_verify_post_tun_acts(post_tun_acts, sub2_act_len, 924 &post_tun_push_vlan); 925 if (err) 926 return err; 927 928 if (post_tun_push_vlan) { 929 pre_off2 += sizeof(*post_tun_push_vlan); 930 sub2_act_len -= sizeof(*post_tun_push_vlan); 931 } 932 } 933 934 /* Copy remaining actions from sub_flows 1 and 2. */ 935 memcpy(merge_act, sub_flow1->action_data + pre_off1, sub1_act_len); 936 937 if (post_tun_push_vlan) { 938 /* Update tunnel action in merge to include VLAN push. */ 939 err = nfp_fl_push_vlan_after_tun(merge_act, sub1_act_len, 940 post_tun_push_vlan); 941 if (err) 942 return err; 943 944 merge_flow->meta.act_len -= sizeof(*post_tun_push_vlan); 945 } 946 947 merge_act += sub1_act_len; 948 memcpy(merge_act, sub_flow2->action_data + pre_off2, sub2_act_len); 949 950 return 0; 951 } 952 953 /* Flow link code should only be accessed under RTNL. */ 954 static void nfp_flower_unlink_flow(struct nfp_fl_payload_link *link) 955 { 956 list_del(&link->merge_flow.list); 957 list_del(&link->sub_flow.list); 958 kfree(link); 959 } 960 961 static void nfp_flower_unlink_flows(struct nfp_fl_payload *merge_flow, 962 struct nfp_fl_payload *sub_flow) 963 { 964 struct nfp_fl_payload_link *link; 965 966 list_for_each_entry(link, &merge_flow->linked_flows, merge_flow.list) 967 if (link->sub_flow.flow == sub_flow) { 968 nfp_flower_unlink_flow(link); 969 return; 970 } 971 } 972 973 static int nfp_flower_link_flows(struct nfp_fl_payload *merge_flow, 974 struct nfp_fl_payload *sub_flow) 975 { 976 struct nfp_fl_payload_link *link; 977 978 link = kmalloc(sizeof(*link), GFP_KERNEL); 979 if (!link) 980 return -ENOMEM; 981 982 link->merge_flow.flow = merge_flow; 983 list_add_tail(&link->merge_flow.list, &merge_flow->linked_flows); 984 link->sub_flow.flow = sub_flow; 985 list_add_tail(&link->sub_flow.list, &sub_flow->linked_flows); 986 987 return 0; 988 } 989 990 /** 991 * nfp_flower_merge_offloaded_flows() - Merge 2 existing flows to single flow. 992 * @app: Pointer to the APP handle 993 * @sub_flow1: Initial flow matched to produce merge hint 994 * @sub_flow2: Post recirculation flow matched in merge hint 995 * 996 * Combines 2 flows (if valid) to a single flow, removing the initial from hw 997 * and offloading the new, merged flow. 998 * 999 * Return: negative value on error, 0 in success. 1000 */ 1001 int nfp_flower_merge_offloaded_flows(struct nfp_app *app, 1002 struct nfp_fl_payload *sub_flow1, 1003 struct nfp_fl_payload *sub_flow2) 1004 { 1005 struct nfp_flower_priv *priv = app->priv; 1006 struct nfp_fl_payload *merge_flow; 1007 struct nfp_fl_key_ls merge_key_ls; 1008 struct nfp_merge_info *merge_info; 1009 u64 parent_ctx = 0; 1010 int err; 1011 1012 ASSERT_RTNL(); 1013 1014 if (sub_flow1 == sub_flow2 || 1015 nfp_flower_is_merge_flow(sub_flow1) || 1016 nfp_flower_is_merge_flow(sub_flow2)) 1017 return -EINVAL; 1018 1019 /* Check if the two flows are already merged */ 1020 parent_ctx = (u64)(be32_to_cpu(sub_flow1->meta.host_ctx_id)) << 32; 1021 parent_ctx |= (u64)(be32_to_cpu(sub_flow2->meta.host_ctx_id)); 1022 if (rhashtable_lookup_fast(&priv->merge_table, 1023 &parent_ctx, merge_table_params)) { 1024 nfp_flower_cmsg_warn(app, "The two flows are already merged.\n"); 1025 return 0; 1026 } 1027 1028 err = nfp_flower_can_merge(sub_flow1, sub_flow2); 1029 if (err) 1030 return err; 1031 1032 merge_key_ls.key_size = sub_flow1->meta.key_len; 1033 1034 merge_flow = nfp_flower_allocate_new(&merge_key_ls); 1035 if (!merge_flow) 1036 return -ENOMEM; 1037 1038 merge_flow->tc_flower_cookie = (unsigned long)merge_flow; 1039 merge_flow->ingress_dev = sub_flow1->ingress_dev; 1040 1041 memcpy(merge_flow->unmasked_data, sub_flow1->unmasked_data, 1042 sub_flow1->meta.key_len); 1043 memcpy(merge_flow->mask_data, sub_flow1->mask_data, 1044 sub_flow1->meta.mask_len); 1045 1046 err = nfp_flower_merge_action(sub_flow1, sub_flow2, merge_flow); 1047 if (err) 1048 goto err_destroy_merge_flow; 1049 1050 err = nfp_flower_link_flows(merge_flow, sub_flow1); 1051 if (err) 1052 goto err_destroy_merge_flow; 1053 1054 err = nfp_flower_link_flows(merge_flow, sub_flow2); 1055 if (err) 1056 goto err_unlink_sub_flow1; 1057 1058 err = nfp_compile_flow_metadata(app, merge_flow->tc_flower_cookie, merge_flow, 1059 merge_flow->ingress_dev, NULL); 1060 if (err) 1061 goto err_unlink_sub_flow2; 1062 1063 err = rhashtable_insert_fast(&priv->flow_table, &merge_flow->fl_node, 1064 nfp_flower_table_params); 1065 if (err) 1066 goto err_release_metadata; 1067 1068 merge_info = kmalloc(sizeof(*merge_info), GFP_KERNEL); 1069 if (!merge_info) { 1070 err = -ENOMEM; 1071 goto err_remove_rhash; 1072 } 1073 merge_info->parent_ctx = parent_ctx; 1074 err = rhashtable_insert_fast(&priv->merge_table, &merge_info->ht_node, 1075 merge_table_params); 1076 if (err) 1077 goto err_destroy_merge_info; 1078 1079 err = nfp_flower_xmit_flow(app, merge_flow, 1080 NFP_FLOWER_CMSG_TYPE_FLOW_MOD); 1081 if (err) 1082 goto err_remove_merge_info; 1083 1084 merge_flow->in_hw = true; 1085 sub_flow1->in_hw = false; 1086 1087 return 0; 1088 1089 err_remove_merge_info: 1090 WARN_ON_ONCE(rhashtable_remove_fast(&priv->merge_table, 1091 &merge_info->ht_node, 1092 merge_table_params)); 1093 err_destroy_merge_info: 1094 kfree(merge_info); 1095 err_remove_rhash: 1096 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table, 1097 &merge_flow->fl_node, 1098 nfp_flower_table_params)); 1099 err_release_metadata: 1100 nfp_modify_flow_metadata(app, merge_flow); 1101 err_unlink_sub_flow2: 1102 nfp_flower_unlink_flows(merge_flow, sub_flow2); 1103 err_unlink_sub_flow1: 1104 nfp_flower_unlink_flows(merge_flow, sub_flow1); 1105 err_destroy_merge_flow: 1106 kfree(merge_flow->action_data); 1107 kfree(merge_flow->mask_data); 1108 kfree(merge_flow->unmasked_data); 1109 kfree(merge_flow); 1110 return err; 1111 } 1112 1113 /** 1114 * nfp_flower_validate_pre_tun_rule() 1115 * @app: Pointer to the APP handle 1116 * @flow: Pointer to NFP flow representation of rule 1117 * @key_ls: Pointer to NFP key layers structure 1118 * @extack: Netlink extended ACK report 1119 * 1120 * Verifies the flow as a pre-tunnel rule. 1121 * 1122 * Return: negative value on error, 0 if verified. 1123 */ 1124 static int 1125 nfp_flower_validate_pre_tun_rule(struct nfp_app *app, 1126 struct nfp_fl_payload *flow, 1127 struct nfp_fl_key_ls *key_ls, 1128 struct netlink_ext_ack *extack) 1129 { 1130 struct nfp_flower_priv *priv = app->priv; 1131 struct nfp_flower_meta_tci *meta_tci; 1132 struct nfp_flower_mac_mpls *mac; 1133 u8 *ext = flow->unmasked_data; 1134 struct nfp_fl_act_head *act; 1135 u8 *mask = flow->mask_data; 1136 bool vlan = false; 1137 int act_offset; 1138 u8 key_layer; 1139 1140 meta_tci = (struct nfp_flower_meta_tci *)flow->unmasked_data; 1141 key_layer = key_ls->key_layer; 1142 if (!(priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ)) { 1143 if (meta_tci->tci & cpu_to_be16(NFP_FLOWER_MASK_VLAN_PRESENT)) { 1144 u16 vlan_tci = be16_to_cpu(meta_tci->tci); 1145 1146 vlan_tci &= ~NFP_FLOWER_MASK_VLAN_PRESENT; 1147 flow->pre_tun_rule.vlan_tci = cpu_to_be16(vlan_tci); 1148 vlan = true; 1149 } else { 1150 flow->pre_tun_rule.vlan_tci = cpu_to_be16(0xffff); 1151 } 1152 } 1153 1154 if (key_layer & ~NFP_FLOWER_PRE_TUN_RULE_FIELDS) { 1155 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: too many match fields"); 1156 return -EOPNOTSUPP; 1157 } else if (key_ls->key_layer_two & ~NFP_FLOWER_LAYER2_QINQ) { 1158 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: non-vlan in extended match fields"); 1159 return -EOPNOTSUPP; 1160 } 1161 1162 if (!(key_layer & NFP_FLOWER_LAYER_MAC)) { 1163 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: MAC fields match required"); 1164 return -EOPNOTSUPP; 1165 } 1166 1167 if (!(key_layer & NFP_FLOWER_LAYER_IPV4) && 1168 !(key_layer & NFP_FLOWER_LAYER_IPV6)) { 1169 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: match on ipv4/ipv6 eth_type must be present"); 1170 return -EOPNOTSUPP; 1171 } 1172 1173 if (key_layer & NFP_FLOWER_LAYER_IPV6) 1174 flow->pre_tun_rule.is_ipv6 = true; 1175 else 1176 flow->pre_tun_rule.is_ipv6 = false; 1177 1178 /* Skip fields known to exist. */ 1179 mask += sizeof(struct nfp_flower_meta_tci); 1180 ext += sizeof(struct nfp_flower_meta_tci); 1181 if (key_ls->key_layer_two) { 1182 mask += sizeof(struct nfp_flower_ext_meta); 1183 ext += sizeof(struct nfp_flower_ext_meta); 1184 } 1185 mask += sizeof(struct nfp_flower_in_port); 1186 ext += sizeof(struct nfp_flower_in_port); 1187 1188 /* Ensure destination MAC address is fully matched. */ 1189 mac = (struct nfp_flower_mac_mpls *)mask; 1190 if (!is_broadcast_ether_addr(&mac->mac_dst[0])) { 1191 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: dest MAC field must not be masked"); 1192 return -EOPNOTSUPP; 1193 } 1194 1195 /* Ensure source MAC address is fully matched. This is only needed 1196 * for firmware with the DECAP_V2 feature enabled. Don't do this 1197 * for firmware without this feature to keep old behaviour. 1198 */ 1199 if (priv->flower_ext_feats & NFP_FL_FEATS_DECAP_V2) { 1200 mac = (struct nfp_flower_mac_mpls *)mask; 1201 if (!is_broadcast_ether_addr(&mac->mac_src[0])) { 1202 NL_SET_ERR_MSG_MOD(extack, 1203 "unsupported pre-tunnel rule: source MAC field must not be masked"); 1204 return -EOPNOTSUPP; 1205 } 1206 } 1207 1208 if (mac->mpls_lse) { 1209 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: MPLS not supported"); 1210 return -EOPNOTSUPP; 1211 } 1212 1213 /* Ensure destination MAC address matches pre_tun_dev. */ 1214 mac = (struct nfp_flower_mac_mpls *)ext; 1215 if (memcmp(&mac->mac_dst[0], flow->pre_tun_rule.dev->dev_addr, 6)) { 1216 NL_SET_ERR_MSG_MOD(extack, 1217 "unsupported pre-tunnel rule: dest MAC must match output dev MAC"); 1218 return -EOPNOTSUPP; 1219 } 1220 1221 /* Save mac addresses in pre_tun_rule entry for later use */ 1222 memcpy(&flow->pre_tun_rule.loc_mac, &mac->mac_dst[0], ETH_ALEN); 1223 memcpy(&flow->pre_tun_rule.rem_mac, &mac->mac_src[0], ETH_ALEN); 1224 1225 mask += sizeof(struct nfp_flower_mac_mpls); 1226 ext += sizeof(struct nfp_flower_mac_mpls); 1227 if (key_layer & NFP_FLOWER_LAYER_IPV4 || 1228 key_layer & NFP_FLOWER_LAYER_IPV6) { 1229 /* Flags and proto fields have same offset in IPv4 and IPv6. */ 1230 int ip_flags = offsetof(struct nfp_flower_ipv4, ip_ext.flags); 1231 int ip_proto = offsetof(struct nfp_flower_ipv4, ip_ext.proto); 1232 int size; 1233 int i; 1234 1235 size = key_layer & NFP_FLOWER_LAYER_IPV4 ? 1236 sizeof(struct nfp_flower_ipv4) : 1237 sizeof(struct nfp_flower_ipv6); 1238 1239 1240 /* Ensure proto and flags are the only IP layer fields. */ 1241 for (i = 0; i < size; i++) 1242 if (mask[i] && i != ip_flags && i != ip_proto) { 1243 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: only flags and proto can be matched in ip header"); 1244 return -EOPNOTSUPP; 1245 } 1246 ext += size; 1247 mask += size; 1248 } 1249 1250 if ((priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ)) { 1251 if (key_ls->key_layer_two & NFP_FLOWER_LAYER2_QINQ) { 1252 struct nfp_flower_vlan *vlan_tags; 1253 u16 vlan_tpid; 1254 u16 vlan_tci; 1255 1256 vlan_tags = (struct nfp_flower_vlan *)ext; 1257 1258 vlan_tci = be16_to_cpu(vlan_tags->outer_tci); 1259 vlan_tpid = be16_to_cpu(vlan_tags->outer_tpid); 1260 1261 vlan_tci &= ~NFP_FLOWER_MASK_VLAN_PRESENT; 1262 flow->pre_tun_rule.vlan_tci = cpu_to_be16(vlan_tci); 1263 flow->pre_tun_rule.vlan_tpid = cpu_to_be16(vlan_tpid); 1264 vlan = true; 1265 } else { 1266 flow->pre_tun_rule.vlan_tci = cpu_to_be16(0xffff); 1267 flow->pre_tun_rule.vlan_tpid = cpu_to_be16(0xffff); 1268 } 1269 } 1270 1271 /* Action must be a single egress or pop_vlan and egress. */ 1272 act_offset = 0; 1273 act = (struct nfp_fl_act_head *)&flow->action_data[act_offset]; 1274 if (vlan) { 1275 if (act->jump_id != NFP_FL_ACTION_OPCODE_POP_VLAN) { 1276 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: match on VLAN must have VLAN pop as first action"); 1277 return -EOPNOTSUPP; 1278 } 1279 1280 act_offset += act->len_lw << NFP_FL_LW_SIZ; 1281 act = (struct nfp_fl_act_head *)&flow->action_data[act_offset]; 1282 } 1283 1284 if (act->jump_id != NFP_FL_ACTION_OPCODE_OUTPUT) { 1285 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: non egress action detected where egress was expected"); 1286 return -EOPNOTSUPP; 1287 } 1288 1289 act_offset += act->len_lw << NFP_FL_LW_SIZ; 1290 1291 /* Ensure there are no more actions after egress. */ 1292 if (act_offset != flow->meta.act_len) { 1293 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: egress is not the last action"); 1294 return -EOPNOTSUPP; 1295 } 1296 1297 return 0; 1298 } 1299 1300 static bool offload_pre_check(struct flow_cls_offload *flow) 1301 { 1302 struct flow_rule *rule = flow_cls_offload_flow_rule(flow); 1303 struct flow_dissector *dissector = rule->match.dissector; 1304 struct flow_match_ct ct; 1305 1306 if (dissector->used_keys & BIT(FLOW_DISSECTOR_KEY_CT)) { 1307 flow_rule_match_ct(rule, &ct); 1308 /* Allow special case where CT match is all 0 */ 1309 if (memchr_inv(ct.key, 0, sizeof(*ct.key))) 1310 return false; 1311 } 1312 1313 if (flow->common.chain_index) 1314 return false; 1315 1316 return true; 1317 } 1318 1319 /** 1320 * nfp_flower_add_offload() - Adds a new flow to hardware. 1321 * @app: Pointer to the APP handle 1322 * @netdev: netdev structure. 1323 * @flow: TC flower classifier offload structure. 1324 * 1325 * Adds a new flow to the repeated hash structure and action payload. 1326 * 1327 * Return: negative value on error, 0 if configured successfully. 1328 */ 1329 static int 1330 nfp_flower_add_offload(struct nfp_app *app, struct net_device *netdev, 1331 struct flow_cls_offload *flow) 1332 { 1333 struct flow_rule *rule = flow_cls_offload_flow_rule(flow); 1334 enum nfp_flower_tun_type tun_type = NFP_FL_TUNNEL_NONE; 1335 struct nfp_flower_priv *priv = app->priv; 1336 struct netlink_ext_ack *extack = NULL; 1337 struct nfp_fl_payload *flow_pay; 1338 struct nfp_fl_key_ls *key_layer; 1339 struct nfp_port *port = NULL; 1340 int err; 1341 1342 extack = flow->common.extack; 1343 if (nfp_netdev_is_nfp_repr(netdev)) 1344 port = nfp_port_from_netdev(netdev); 1345 1346 if (is_pre_ct_flow(flow)) 1347 return nfp_fl_ct_handle_pre_ct(priv, netdev, flow, extack, NULL); 1348 1349 if (is_post_ct_flow(flow)) 1350 return nfp_fl_ct_handle_post_ct(priv, netdev, flow, extack); 1351 1352 if (!offload_pre_check(flow)) 1353 return -EOPNOTSUPP; 1354 1355 key_layer = kmalloc(sizeof(*key_layer), GFP_KERNEL); 1356 if (!key_layer) 1357 return -ENOMEM; 1358 1359 err = nfp_flower_calculate_key_layers(app, netdev, key_layer, rule, 1360 &tun_type, extack); 1361 if (err) 1362 goto err_free_key_ls; 1363 1364 flow_pay = nfp_flower_allocate_new(key_layer); 1365 if (!flow_pay) { 1366 err = -ENOMEM; 1367 goto err_free_key_ls; 1368 } 1369 1370 err = nfp_flower_compile_flow_match(app, rule, key_layer, netdev, 1371 flow_pay, tun_type, extack); 1372 if (err) 1373 goto err_destroy_flow; 1374 1375 err = nfp_flower_compile_action(app, rule, netdev, flow_pay, extack); 1376 if (err) 1377 goto err_destroy_flow; 1378 1379 if (flow_pay->pre_tun_rule.dev) { 1380 err = nfp_flower_validate_pre_tun_rule(app, flow_pay, key_layer, extack); 1381 if (err) 1382 goto err_destroy_flow; 1383 } 1384 1385 err = nfp_compile_flow_metadata(app, flow->cookie, flow_pay, netdev, extack); 1386 if (err) 1387 goto err_destroy_flow; 1388 1389 flow_pay->tc_flower_cookie = flow->cookie; 1390 err = rhashtable_insert_fast(&priv->flow_table, &flow_pay->fl_node, 1391 nfp_flower_table_params); 1392 if (err) { 1393 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot insert flow into tables for offloads"); 1394 goto err_release_metadata; 1395 } 1396 1397 if (flow_pay->pre_tun_rule.dev) { 1398 if (priv->flower_ext_feats & NFP_FL_FEATS_DECAP_V2) { 1399 struct nfp_predt_entry *predt; 1400 1401 predt = kzalloc(sizeof(*predt), GFP_KERNEL); 1402 if (!predt) { 1403 err = -ENOMEM; 1404 goto err_remove_rhash; 1405 } 1406 predt->flow_pay = flow_pay; 1407 INIT_LIST_HEAD(&predt->nn_list); 1408 spin_lock_bh(&priv->predt_lock); 1409 list_add(&predt->list_head, &priv->predt_list); 1410 flow_pay->pre_tun_rule.predt = predt; 1411 nfp_tun_link_and_update_nn_entries(app, predt); 1412 spin_unlock_bh(&priv->predt_lock); 1413 } else { 1414 err = nfp_flower_xmit_pre_tun_flow(app, flow_pay); 1415 } 1416 } else { 1417 err = nfp_flower_xmit_flow(app, flow_pay, 1418 NFP_FLOWER_CMSG_TYPE_FLOW_ADD); 1419 } 1420 1421 if (err) 1422 goto err_remove_rhash; 1423 1424 if (port) 1425 port->tc_offload_cnt++; 1426 1427 flow_pay->in_hw = true; 1428 1429 /* Deallocate flow payload when flower rule has been destroyed. */ 1430 kfree(key_layer); 1431 1432 return 0; 1433 1434 err_remove_rhash: 1435 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table, 1436 &flow_pay->fl_node, 1437 nfp_flower_table_params)); 1438 err_release_metadata: 1439 nfp_modify_flow_metadata(app, flow_pay); 1440 err_destroy_flow: 1441 if (flow_pay->nfp_tun_ipv6) 1442 nfp_tunnel_put_ipv6_off(app, flow_pay->nfp_tun_ipv6); 1443 kfree(flow_pay->action_data); 1444 kfree(flow_pay->mask_data); 1445 kfree(flow_pay->unmasked_data); 1446 kfree(flow_pay); 1447 err_free_key_ls: 1448 kfree(key_layer); 1449 return err; 1450 } 1451 1452 static void 1453 nfp_flower_remove_merge_flow(struct nfp_app *app, 1454 struct nfp_fl_payload *del_sub_flow, 1455 struct nfp_fl_payload *merge_flow) 1456 { 1457 struct nfp_flower_priv *priv = app->priv; 1458 struct nfp_fl_payload_link *link, *temp; 1459 struct nfp_merge_info *merge_info; 1460 struct nfp_fl_payload *origin; 1461 u64 parent_ctx = 0; 1462 bool mod = false; 1463 int err; 1464 1465 link = list_first_entry(&merge_flow->linked_flows, 1466 struct nfp_fl_payload_link, merge_flow.list); 1467 origin = link->sub_flow.flow; 1468 1469 /* Re-add rule the merge had overwritten if it has not been deleted. */ 1470 if (origin != del_sub_flow) 1471 mod = true; 1472 1473 err = nfp_modify_flow_metadata(app, merge_flow); 1474 if (err) { 1475 nfp_flower_cmsg_warn(app, "Metadata fail for merge flow delete.\n"); 1476 goto err_free_links; 1477 } 1478 1479 if (!mod) { 1480 err = nfp_flower_xmit_flow(app, merge_flow, 1481 NFP_FLOWER_CMSG_TYPE_FLOW_DEL); 1482 if (err) { 1483 nfp_flower_cmsg_warn(app, "Failed to delete merged flow.\n"); 1484 goto err_free_links; 1485 } 1486 } else { 1487 __nfp_modify_flow_metadata(priv, origin); 1488 err = nfp_flower_xmit_flow(app, origin, 1489 NFP_FLOWER_CMSG_TYPE_FLOW_MOD); 1490 if (err) 1491 nfp_flower_cmsg_warn(app, "Failed to revert merge flow.\n"); 1492 origin->in_hw = true; 1493 } 1494 1495 err_free_links: 1496 /* Clean any links connected with the merged flow. */ 1497 list_for_each_entry_safe(link, temp, &merge_flow->linked_flows, 1498 merge_flow.list) { 1499 u32 ctx_id = be32_to_cpu(link->sub_flow.flow->meta.host_ctx_id); 1500 1501 parent_ctx = (parent_ctx << 32) | (u64)(ctx_id); 1502 nfp_flower_unlink_flow(link); 1503 } 1504 1505 merge_info = rhashtable_lookup_fast(&priv->merge_table, 1506 &parent_ctx, 1507 merge_table_params); 1508 if (merge_info) { 1509 WARN_ON_ONCE(rhashtable_remove_fast(&priv->merge_table, 1510 &merge_info->ht_node, 1511 merge_table_params)); 1512 kfree(merge_info); 1513 } 1514 1515 kfree(merge_flow->action_data); 1516 kfree(merge_flow->mask_data); 1517 kfree(merge_flow->unmasked_data); 1518 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table, 1519 &merge_flow->fl_node, 1520 nfp_flower_table_params)); 1521 kfree_rcu(merge_flow, rcu); 1522 } 1523 1524 void 1525 nfp_flower_del_linked_merge_flows(struct nfp_app *app, 1526 struct nfp_fl_payload *sub_flow) 1527 { 1528 struct nfp_fl_payload_link *link, *temp; 1529 1530 /* Remove any merge flow formed from the deleted sub_flow. */ 1531 list_for_each_entry_safe(link, temp, &sub_flow->linked_flows, 1532 sub_flow.list) 1533 nfp_flower_remove_merge_flow(app, sub_flow, 1534 link->merge_flow.flow); 1535 } 1536 1537 /** 1538 * nfp_flower_del_offload() - Removes a flow from hardware. 1539 * @app: Pointer to the APP handle 1540 * @netdev: netdev structure. 1541 * @flow: TC flower classifier offload structure 1542 * 1543 * Removes a flow from the repeated hash structure and clears the 1544 * action payload. Any flows merged from this are also deleted. 1545 * 1546 * Return: negative value on error, 0 if removed successfully. 1547 */ 1548 static int 1549 nfp_flower_del_offload(struct nfp_app *app, struct net_device *netdev, 1550 struct flow_cls_offload *flow) 1551 { 1552 struct nfp_flower_priv *priv = app->priv; 1553 struct nfp_fl_ct_map_entry *ct_map_ent; 1554 struct netlink_ext_ack *extack = NULL; 1555 struct nfp_fl_payload *nfp_flow; 1556 struct nfp_port *port = NULL; 1557 int err; 1558 1559 extack = flow->common.extack; 1560 if (nfp_netdev_is_nfp_repr(netdev)) 1561 port = nfp_port_from_netdev(netdev); 1562 1563 /* Check ct_map_table */ 1564 ct_map_ent = rhashtable_lookup_fast(&priv->ct_map_table, &flow->cookie, 1565 nfp_ct_map_params); 1566 if (ct_map_ent) { 1567 err = nfp_fl_ct_del_flow(ct_map_ent); 1568 return err; 1569 } 1570 1571 nfp_flow = nfp_flower_search_fl_table(app, flow->cookie, netdev); 1572 if (!nfp_flow) { 1573 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot remove flow that does not exist"); 1574 return -ENOENT; 1575 } 1576 1577 err = nfp_modify_flow_metadata(app, nfp_flow); 1578 if (err) 1579 goto err_free_merge_flow; 1580 1581 if (nfp_flow->nfp_tun_ipv4_addr) 1582 nfp_tunnel_del_ipv4_off(app, nfp_flow->nfp_tun_ipv4_addr); 1583 1584 if (nfp_flow->nfp_tun_ipv6) 1585 nfp_tunnel_put_ipv6_off(app, nfp_flow->nfp_tun_ipv6); 1586 1587 if (!nfp_flow->in_hw) { 1588 err = 0; 1589 goto err_free_merge_flow; 1590 } 1591 1592 if (nfp_flow->pre_tun_rule.dev) { 1593 if (priv->flower_ext_feats & NFP_FL_FEATS_DECAP_V2) { 1594 struct nfp_predt_entry *predt; 1595 1596 predt = nfp_flow->pre_tun_rule.predt; 1597 if (predt) { 1598 spin_lock_bh(&priv->predt_lock); 1599 nfp_tun_unlink_and_update_nn_entries(app, predt); 1600 list_del(&predt->list_head); 1601 spin_unlock_bh(&priv->predt_lock); 1602 kfree(predt); 1603 } 1604 } else { 1605 err = nfp_flower_xmit_pre_tun_del_flow(app, nfp_flow); 1606 } 1607 } else { 1608 err = nfp_flower_xmit_flow(app, nfp_flow, 1609 NFP_FLOWER_CMSG_TYPE_FLOW_DEL); 1610 } 1611 /* Fall through on error. */ 1612 1613 err_free_merge_flow: 1614 nfp_flower_del_linked_merge_flows(app, nfp_flow); 1615 if (port) 1616 port->tc_offload_cnt--; 1617 kfree(nfp_flow->action_data); 1618 kfree(nfp_flow->mask_data); 1619 kfree(nfp_flow->unmasked_data); 1620 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table, 1621 &nfp_flow->fl_node, 1622 nfp_flower_table_params)); 1623 kfree_rcu(nfp_flow, rcu); 1624 return err; 1625 } 1626 1627 static void 1628 __nfp_flower_update_merge_stats(struct nfp_app *app, 1629 struct nfp_fl_payload *merge_flow) 1630 { 1631 struct nfp_flower_priv *priv = app->priv; 1632 struct nfp_fl_payload_link *link; 1633 struct nfp_fl_payload *sub_flow; 1634 u64 pkts, bytes, used; 1635 u32 ctx_id; 1636 1637 ctx_id = be32_to_cpu(merge_flow->meta.host_ctx_id); 1638 pkts = priv->stats[ctx_id].pkts; 1639 /* Do not cycle subflows if no stats to distribute. */ 1640 if (!pkts) 1641 return; 1642 bytes = priv->stats[ctx_id].bytes; 1643 used = priv->stats[ctx_id].used; 1644 1645 /* Reset stats for the merge flow. */ 1646 priv->stats[ctx_id].pkts = 0; 1647 priv->stats[ctx_id].bytes = 0; 1648 1649 /* The merge flow has received stats updates from firmware. 1650 * Distribute these stats to all subflows that form the merge. 1651 * The stats will collected from TC via the subflows. 1652 */ 1653 list_for_each_entry(link, &merge_flow->linked_flows, merge_flow.list) { 1654 sub_flow = link->sub_flow.flow; 1655 ctx_id = be32_to_cpu(sub_flow->meta.host_ctx_id); 1656 priv->stats[ctx_id].pkts += pkts; 1657 priv->stats[ctx_id].bytes += bytes; 1658 priv->stats[ctx_id].used = max_t(u64, used, 1659 priv->stats[ctx_id].used); 1660 } 1661 } 1662 1663 void 1664 nfp_flower_update_merge_stats(struct nfp_app *app, 1665 struct nfp_fl_payload *sub_flow) 1666 { 1667 struct nfp_fl_payload_link *link; 1668 1669 /* Get merge flows that the subflow forms to distribute their stats. */ 1670 list_for_each_entry(link, &sub_flow->linked_flows, sub_flow.list) 1671 __nfp_flower_update_merge_stats(app, link->merge_flow.flow); 1672 } 1673 1674 /** 1675 * nfp_flower_get_stats() - Populates flow stats obtained from hardware. 1676 * @app: Pointer to the APP handle 1677 * @netdev: Netdev structure. 1678 * @flow: TC flower classifier offload structure 1679 * 1680 * Populates a flow statistics structure which which corresponds to a 1681 * specific flow. 1682 * 1683 * Return: negative value on error, 0 if stats populated successfully. 1684 */ 1685 static int 1686 nfp_flower_get_stats(struct nfp_app *app, struct net_device *netdev, 1687 struct flow_cls_offload *flow) 1688 { 1689 struct nfp_flower_priv *priv = app->priv; 1690 struct nfp_fl_ct_map_entry *ct_map_ent; 1691 struct netlink_ext_ack *extack = NULL; 1692 struct nfp_fl_payload *nfp_flow; 1693 u32 ctx_id; 1694 1695 /* Check ct_map table first */ 1696 ct_map_ent = rhashtable_lookup_fast(&priv->ct_map_table, &flow->cookie, 1697 nfp_ct_map_params); 1698 if (ct_map_ent) 1699 return nfp_fl_ct_stats(flow, ct_map_ent); 1700 1701 extack = flow->common.extack; 1702 nfp_flow = nfp_flower_search_fl_table(app, flow->cookie, netdev); 1703 if (!nfp_flow) { 1704 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot dump stats for flow that does not exist"); 1705 return -EINVAL; 1706 } 1707 1708 ctx_id = be32_to_cpu(nfp_flow->meta.host_ctx_id); 1709 1710 spin_lock_bh(&priv->stats_lock); 1711 /* If request is for a sub_flow, update stats from merged flows. */ 1712 if (!list_empty(&nfp_flow->linked_flows)) 1713 nfp_flower_update_merge_stats(app, nfp_flow); 1714 1715 flow_stats_update(&flow->stats, priv->stats[ctx_id].bytes, 1716 priv->stats[ctx_id].pkts, 0, priv->stats[ctx_id].used, 1717 FLOW_ACTION_HW_STATS_DELAYED); 1718 1719 priv->stats[ctx_id].pkts = 0; 1720 priv->stats[ctx_id].bytes = 0; 1721 spin_unlock_bh(&priv->stats_lock); 1722 1723 return 0; 1724 } 1725 1726 static int 1727 nfp_flower_repr_offload(struct nfp_app *app, struct net_device *netdev, 1728 struct flow_cls_offload *flower) 1729 { 1730 if (!eth_proto_is_802_3(flower->common.protocol)) 1731 return -EOPNOTSUPP; 1732 1733 switch (flower->command) { 1734 case FLOW_CLS_REPLACE: 1735 return nfp_flower_add_offload(app, netdev, flower); 1736 case FLOW_CLS_DESTROY: 1737 return nfp_flower_del_offload(app, netdev, flower); 1738 case FLOW_CLS_STATS: 1739 return nfp_flower_get_stats(app, netdev, flower); 1740 default: 1741 return -EOPNOTSUPP; 1742 } 1743 } 1744 1745 static int nfp_flower_setup_tc_block_cb(enum tc_setup_type type, 1746 void *type_data, void *cb_priv) 1747 { 1748 struct flow_cls_common_offload *common = type_data; 1749 struct nfp_repr *repr = cb_priv; 1750 1751 if (!tc_can_offload_extack(repr->netdev, common->extack)) 1752 return -EOPNOTSUPP; 1753 1754 switch (type) { 1755 case TC_SETUP_CLSFLOWER: 1756 return nfp_flower_repr_offload(repr->app, repr->netdev, 1757 type_data); 1758 case TC_SETUP_CLSMATCHALL: 1759 return nfp_flower_setup_qos_offload(repr->app, repr->netdev, 1760 type_data); 1761 default: 1762 return -EOPNOTSUPP; 1763 } 1764 } 1765 1766 static LIST_HEAD(nfp_block_cb_list); 1767 1768 static int nfp_flower_setup_tc_block(struct net_device *netdev, 1769 struct flow_block_offload *f) 1770 { 1771 struct nfp_repr *repr = netdev_priv(netdev); 1772 struct nfp_flower_repr_priv *repr_priv; 1773 struct flow_block_cb *block_cb; 1774 1775 if (f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS) 1776 return -EOPNOTSUPP; 1777 1778 repr_priv = repr->app_priv; 1779 repr_priv->block_shared = f->block_shared; 1780 f->driver_block_list = &nfp_block_cb_list; 1781 1782 switch (f->command) { 1783 case FLOW_BLOCK_BIND: 1784 if (flow_block_cb_is_busy(nfp_flower_setup_tc_block_cb, repr, 1785 &nfp_block_cb_list)) 1786 return -EBUSY; 1787 1788 block_cb = flow_block_cb_alloc(nfp_flower_setup_tc_block_cb, 1789 repr, repr, NULL); 1790 if (IS_ERR(block_cb)) 1791 return PTR_ERR(block_cb); 1792 1793 flow_block_cb_add(block_cb, f); 1794 list_add_tail(&block_cb->driver_list, &nfp_block_cb_list); 1795 return 0; 1796 case FLOW_BLOCK_UNBIND: 1797 block_cb = flow_block_cb_lookup(f->block, 1798 nfp_flower_setup_tc_block_cb, 1799 repr); 1800 if (!block_cb) 1801 return -ENOENT; 1802 1803 flow_block_cb_remove(block_cb, f); 1804 list_del(&block_cb->driver_list); 1805 return 0; 1806 default: 1807 return -EOPNOTSUPP; 1808 } 1809 } 1810 1811 int nfp_flower_setup_tc(struct nfp_app *app, struct net_device *netdev, 1812 enum tc_setup_type type, void *type_data) 1813 { 1814 switch (type) { 1815 case TC_SETUP_BLOCK: 1816 return nfp_flower_setup_tc_block(netdev, type_data); 1817 default: 1818 return -EOPNOTSUPP; 1819 } 1820 } 1821 1822 struct nfp_flower_indr_block_cb_priv { 1823 struct net_device *netdev; 1824 struct nfp_app *app; 1825 struct list_head list; 1826 }; 1827 1828 static struct nfp_flower_indr_block_cb_priv * 1829 nfp_flower_indr_block_cb_priv_lookup(struct nfp_app *app, 1830 struct net_device *netdev) 1831 { 1832 struct nfp_flower_indr_block_cb_priv *cb_priv; 1833 struct nfp_flower_priv *priv = app->priv; 1834 1835 list_for_each_entry(cb_priv, &priv->indr_block_cb_priv, list) 1836 if (cb_priv->netdev == netdev) 1837 return cb_priv; 1838 1839 return NULL; 1840 } 1841 1842 static int nfp_flower_setup_indr_block_cb(enum tc_setup_type type, 1843 void *type_data, void *cb_priv) 1844 { 1845 struct nfp_flower_indr_block_cb_priv *priv = cb_priv; 1846 1847 switch (type) { 1848 case TC_SETUP_CLSFLOWER: 1849 return nfp_flower_repr_offload(priv->app, priv->netdev, 1850 type_data); 1851 default: 1852 return -EOPNOTSUPP; 1853 } 1854 } 1855 1856 void nfp_flower_setup_indr_tc_release(void *cb_priv) 1857 { 1858 struct nfp_flower_indr_block_cb_priv *priv = cb_priv; 1859 1860 list_del(&priv->list); 1861 kfree(priv); 1862 } 1863 1864 static int 1865 nfp_flower_setup_indr_tc_block(struct net_device *netdev, struct Qdisc *sch, struct nfp_app *app, 1866 struct flow_block_offload *f, void *data, 1867 void (*cleanup)(struct flow_block_cb *block_cb)) 1868 { 1869 struct nfp_flower_indr_block_cb_priv *cb_priv; 1870 struct nfp_flower_priv *priv = app->priv; 1871 struct flow_block_cb *block_cb; 1872 1873 if ((f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS && 1874 !nfp_flower_internal_port_can_offload(app, netdev)) || 1875 (f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_EGRESS && 1876 nfp_flower_internal_port_can_offload(app, netdev))) 1877 return -EOPNOTSUPP; 1878 1879 switch (f->command) { 1880 case FLOW_BLOCK_BIND: 1881 cb_priv = nfp_flower_indr_block_cb_priv_lookup(app, netdev); 1882 if (cb_priv && 1883 flow_block_cb_is_busy(nfp_flower_setup_indr_block_cb, 1884 cb_priv, 1885 &nfp_block_cb_list)) 1886 return -EBUSY; 1887 1888 cb_priv = kmalloc(sizeof(*cb_priv), GFP_KERNEL); 1889 if (!cb_priv) 1890 return -ENOMEM; 1891 1892 cb_priv->netdev = netdev; 1893 cb_priv->app = app; 1894 list_add(&cb_priv->list, &priv->indr_block_cb_priv); 1895 1896 block_cb = flow_indr_block_cb_alloc(nfp_flower_setup_indr_block_cb, 1897 cb_priv, cb_priv, 1898 nfp_flower_setup_indr_tc_release, 1899 f, netdev, sch, data, app, cleanup); 1900 if (IS_ERR(block_cb)) { 1901 list_del(&cb_priv->list); 1902 kfree(cb_priv); 1903 return PTR_ERR(block_cb); 1904 } 1905 1906 flow_block_cb_add(block_cb, f); 1907 list_add_tail(&block_cb->driver_list, &nfp_block_cb_list); 1908 return 0; 1909 case FLOW_BLOCK_UNBIND: 1910 cb_priv = nfp_flower_indr_block_cb_priv_lookup(app, netdev); 1911 if (!cb_priv) 1912 return -ENOENT; 1913 1914 block_cb = flow_block_cb_lookup(f->block, 1915 nfp_flower_setup_indr_block_cb, 1916 cb_priv); 1917 if (!block_cb) 1918 return -ENOENT; 1919 1920 flow_indr_block_cb_remove(block_cb, f); 1921 list_del(&block_cb->driver_list); 1922 return 0; 1923 default: 1924 return -EOPNOTSUPP; 1925 } 1926 return 0; 1927 } 1928 1929 static int 1930 nfp_setup_tc_no_dev(struct nfp_app *app, enum tc_setup_type type, void *data) 1931 { 1932 if (!data) 1933 return -EOPNOTSUPP; 1934 1935 switch (type) { 1936 case TC_SETUP_ACT: 1937 return nfp_setup_tc_act_offload(app, data); 1938 default: 1939 return -EOPNOTSUPP; 1940 } 1941 } 1942 1943 int 1944 nfp_flower_indr_setup_tc_cb(struct net_device *netdev, struct Qdisc *sch, void *cb_priv, 1945 enum tc_setup_type type, void *type_data, 1946 void *data, 1947 void (*cleanup)(struct flow_block_cb *block_cb)) 1948 { 1949 if (!netdev) 1950 return nfp_setup_tc_no_dev(cb_priv, type, data); 1951 1952 if (!nfp_fl_is_netdev_to_offload(netdev)) 1953 return -EOPNOTSUPP; 1954 1955 switch (type) { 1956 case TC_SETUP_BLOCK: 1957 return nfp_flower_setup_indr_tc_block(netdev, sch, cb_priv, 1958 type_data, data, cleanup); 1959 default: 1960 return -EOPNOTSUPP; 1961 } 1962 } 1963