1 // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 2 /* Copyright (C) 2017-2018 Netronome Systems, Inc. */ 3 4 #include <linux/skbuff.h> 5 #include <net/devlink.h> 6 #include <net/pkt_cls.h> 7 8 #include "cmsg.h" 9 #include "main.h" 10 #include "conntrack.h" 11 #include "../nfpcore/nfp_cpp.h" 12 #include "../nfpcore/nfp_nsp.h" 13 #include "../nfp_app.h" 14 #include "../nfp_main.h" 15 #include "../nfp_net.h" 16 #include "../nfp_port.h" 17 18 #define NFP_FLOWER_SUPPORTED_TCPFLAGS \ 19 (TCPHDR_FIN | TCPHDR_SYN | TCPHDR_RST | \ 20 TCPHDR_PSH | TCPHDR_URG) 21 22 #define NFP_FLOWER_SUPPORTED_CTLFLAGS \ 23 (FLOW_DIS_IS_FRAGMENT | \ 24 FLOW_DIS_FIRST_FRAG) 25 26 #define NFP_FLOWER_WHITELIST_DISSECTOR \ 27 (BIT(FLOW_DISSECTOR_KEY_CONTROL) | \ 28 BIT(FLOW_DISSECTOR_KEY_BASIC) | \ 29 BIT(FLOW_DISSECTOR_KEY_IPV4_ADDRS) | \ 30 BIT(FLOW_DISSECTOR_KEY_IPV6_ADDRS) | \ 31 BIT(FLOW_DISSECTOR_KEY_TCP) | \ 32 BIT(FLOW_DISSECTOR_KEY_PORTS) | \ 33 BIT(FLOW_DISSECTOR_KEY_ETH_ADDRS) | \ 34 BIT(FLOW_DISSECTOR_KEY_VLAN) | \ 35 BIT(FLOW_DISSECTOR_KEY_CVLAN) | \ 36 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) | \ 37 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | \ 38 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | \ 39 BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 40 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS) | \ 41 BIT(FLOW_DISSECTOR_KEY_ENC_OPTS) | \ 42 BIT(FLOW_DISSECTOR_KEY_ENC_IP) | \ 43 BIT(FLOW_DISSECTOR_KEY_MPLS) | \ 44 BIT(FLOW_DISSECTOR_KEY_CT) | \ 45 BIT(FLOW_DISSECTOR_KEY_META) | \ 46 BIT(FLOW_DISSECTOR_KEY_IP)) 47 48 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR \ 49 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 50 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) | \ 51 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | \ 52 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | \ 53 BIT(FLOW_DISSECTOR_KEY_ENC_OPTS) | \ 54 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS) | \ 55 BIT(FLOW_DISSECTOR_KEY_ENC_IP)) 56 57 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R \ 58 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 59 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS)) 60 61 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR_V6_R \ 62 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 63 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS)) 64 65 #define NFP_FLOWER_MERGE_FIELDS \ 66 (NFP_FLOWER_LAYER_PORT | \ 67 NFP_FLOWER_LAYER_MAC | \ 68 NFP_FLOWER_LAYER_TP | \ 69 NFP_FLOWER_LAYER_IPV4 | \ 70 NFP_FLOWER_LAYER_IPV6) 71 72 #define NFP_FLOWER_PRE_TUN_RULE_FIELDS \ 73 (NFP_FLOWER_LAYER_EXT_META | \ 74 NFP_FLOWER_LAYER_PORT | \ 75 NFP_FLOWER_LAYER_MAC | \ 76 NFP_FLOWER_LAYER_IPV4 | \ 77 NFP_FLOWER_LAYER_IPV6) 78 79 struct nfp_flower_merge_check { 80 union { 81 struct { 82 __be16 tci; 83 struct nfp_flower_mac_mpls l2; 84 struct nfp_flower_tp_ports l4; 85 union { 86 struct nfp_flower_ipv4 ipv4; 87 struct nfp_flower_ipv6 ipv6; 88 }; 89 }; 90 unsigned long vals[8]; 91 }; 92 }; 93 94 int 95 nfp_flower_xmit_flow(struct nfp_app *app, struct nfp_fl_payload *nfp_flow, 96 u8 mtype) 97 { 98 u32 meta_len, key_len, mask_len, act_len, tot_len; 99 struct sk_buff *skb; 100 unsigned char *msg; 101 102 meta_len = sizeof(struct nfp_fl_rule_metadata); 103 key_len = nfp_flow->meta.key_len; 104 mask_len = nfp_flow->meta.mask_len; 105 act_len = nfp_flow->meta.act_len; 106 107 tot_len = meta_len + key_len + mask_len + act_len; 108 109 /* Convert to long words as firmware expects 110 * lengths in units of NFP_FL_LW_SIZ. 111 */ 112 nfp_flow->meta.key_len >>= NFP_FL_LW_SIZ; 113 nfp_flow->meta.mask_len >>= NFP_FL_LW_SIZ; 114 nfp_flow->meta.act_len >>= NFP_FL_LW_SIZ; 115 116 skb = nfp_flower_cmsg_alloc(app, tot_len, mtype, GFP_KERNEL); 117 if (!skb) 118 return -ENOMEM; 119 120 msg = nfp_flower_cmsg_get_data(skb); 121 memcpy(msg, &nfp_flow->meta, meta_len); 122 memcpy(&msg[meta_len], nfp_flow->unmasked_data, key_len); 123 memcpy(&msg[meta_len + key_len], nfp_flow->mask_data, mask_len); 124 memcpy(&msg[meta_len + key_len + mask_len], 125 nfp_flow->action_data, act_len); 126 127 /* Convert back to bytes as software expects 128 * lengths in units of bytes. 129 */ 130 nfp_flow->meta.key_len <<= NFP_FL_LW_SIZ; 131 nfp_flow->meta.mask_len <<= NFP_FL_LW_SIZ; 132 nfp_flow->meta.act_len <<= NFP_FL_LW_SIZ; 133 134 nfp_ctrl_tx(app->ctrl, skb); 135 136 return 0; 137 } 138 139 static bool nfp_flower_check_higher_than_mac(struct flow_rule *rule) 140 { 141 return flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS) || 142 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS) || 143 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS) || 144 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ICMP); 145 } 146 147 static bool nfp_flower_check_higher_than_l3(struct flow_rule *rule) 148 { 149 return flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS) || 150 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ICMP); 151 } 152 153 static int 154 nfp_flower_calc_opt_layer(struct flow_dissector_key_enc_opts *enc_opts, 155 u32 *key_layer_two, int *key_size, bool ipv6, 156 struct netlink_ext_ack *extack) 157 { 158 if (enc_opts->len > NFP_FL_MAX_GENEVE_OPT_KEY || 159 (ipv6 && enc_opts->len > NFP_FL_MAX_GENEVE_OPT_KEY_V6)) { 160 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: geneve options exceed maximum length"); 161 return -EOPNOTSUPP; 162 } 163 164 if (enc_opts->len > 0) { 165 *key_layer_two |= NFP_FLOWER_LAYER2_GENEVE_OP; 166 *key_size += sizeof(struct nfp_flower_geneve_options); 167 } 168 169 return 0; 170 } 171 172 static int 173 nfp_flower_calc_udp_tun_layer(struct flow_dissector_key_ports *enc_ports, 174 struct flow_dissector_key_enc_opts *enc_op, 175 u32 *key_layer_two, u8 *key_layer, int *key_size, 176 struct nfp_flower_priv *priv, 177 enum nfp_flower_tun_type *tun_type, bool ipv6, 178 struct netlink_ext_ack *extack) 179 { 180 int err; 181 182 switch (enc_ports->dst) { 183 case htons(IANA_VXLAN_UDP_PORT): 184 *tun_type = NFP_FL_TUNNEL_VXLAN; 185 *key_layer |= NFP_FLOWER_LAYER_VXLAN; 186 187 if (ipv6) { 188 *key_layer |= NFP_FLOWER_LAYER_EXT_META; 189 *key_size += sizeof(struct nfp_flower_ext_meta); 190 *key_layer_two |= NFP_FLOWER_LAYER2_TUN_IPV6; 191 *key_size += sizeof(struct nfp_flower_ipv6_udp_tun); 192 } else { 193 *key_size += sizeof(struct nfp_flower_ipv4_udp_tun); 194 } 195 196 if (enc_op) { 197 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: encap options not supported on vxlan tunnels"); 198 return -EOPNOTSUPP; 199 } 200 break; 201 case htons(GENEVE_UDP_PORT): 202 if (!(priv->flower_ext_feats & NFP_FL_FEATS_GENEVE)) { 203 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support geneve offload"); 204 return -EOPNOTSUPP; 205 } 206 *tun_type = NFP_FL_TUNNEL_GENEVE; 207 *key_layer |= NFP_FLOWER_LAYER_EXT_META; 208 *key_size += sizeof(struct nfp_flower_ext_meta); 209 *key_layer_two |= NFP_FLOWER_LAYER2_GENEVE; 210 211 if (ipv6) { 212 *key_layer_two |= NFP_FLOWER_LAYER2_TUN_IPV6; 213 *key_size += sizeof(struct nfp_flower_ipv6_udp_tun); 214 } else { 215 *key_size += sizeof(struct nfp_flower_ipv4_udp_tun); 216 } 217 218 if (!enc_op) 219 break; 220 if (!(priv->flower_ext_feats & NFP_FL_FEATS_GENEVE_OPT)) { 221 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support geneve option offload"); 222 return -EOPNOTSUPP; 223 } 224 err = nfp_flower_calc_opt_layer(enc_op, key_layer_two, key_size, 225 ipv6, extack); 226 if (err) 227 return err; 228 break; 229 default: 230 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel type unknown"); 231 return -EOPNOTSUPP; 232 } 233 234 return 0; 235 } 236 237 int 238 nfp_flower_calculate_key_layers(struct nfp_app *app, 239 struct net_device *netdev, 240 struct nfp_fl_key_ls *ret_key_ls, 241 struct flow_rule *rule, 242 enum nfp_flower_tun_type *tun_type, 243 struct netlink_ext_ack *extack) 244 { 245 struct flow_dissector *dissector = rule->match.dissector; 246 struct flow_match_basic basic = { NULL, NULL}; 247 struct nfp_flower_priv *priv = app->priv; 248 u32 key_layer_two; 249 u8 key_layer; 250 int key_size; 251 int err; 252 253 if (dissector->used_keys & ~NFP_FLOWER_WHITELIST_DISSECTOR) { 254 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match not supported"); 255 return -EOPNOTSUPP; 256 } 257 258 /* If any tun dissector is used then the required set must be used. */ 259 if (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR && 260 (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR_V6_R) 261 != NFP_FLOWER_WHITELIST_TUN_DISSECTOR_V6_R && 262 (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R) 263 != NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R) { 264 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel match not supported"); 265 return -EOPNOTSUPP; 266 } 267 268 key_layer_two = 0; 269 key_layer = NFP_FLOWER_LAYER_PORT; 270 key_size = sizeof(struct nfp_flower_meta_tci) + 271 sizeof(struct nfp_flower_in_port); 272 273 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS) || 274 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_MPLS)) { 275 key_layer |= NFP_FLOWER_LAYER_MAC; 276 key_size += sizeof(struct nfp_flower_mac_mpls); 277 } 278 279 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN)) { 280 struct flow_match_vlan vlan; 281 282 flow_rule_match_vlan(rule, &vlan); 283 if (!(priv->flower_ext_feats & NFP_FL_FEATS_VLAN_PCP) && 284 vlan.key->vlan_priority) { 285 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support VLAN PCP offload"); 286 return -EOPNOTSUPP; 287 } 288 if (priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ && 289 !(key_layer_two & NFP_FLOWER_LAYER2_QINQ)) { 290 key_layer |= NFP_FLOWER_LAYER_EXT_META; 291 key_size += sizeof(struct nfp_flower_ext_meta); 292 key_size += sizeof(struct nfp_flower_vlan); 293 key_layer_two |= NFP_FLOWER_LAYER2_QINQ; 294 } 295 } 296 297 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CVLAN)) { 298 struct flow_match_vlan cvlan; 299 300 if (!(priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ)) { 301 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support VLAN QinQ offload"); 302 return -EOPNOTSUPP; 303 } 304 305 flow_rule_match_vlan(rule, &cvlan); 306 if (!(key_layer_two & NFP_FLOWER_LAYER2_QINQ)) { 307 key_layer |= NFP_FLOWER_LAYER_EXT_META; 308 key_size += sizeof(struct nfp_flower_ext_meta); 309 key_size += sizeof(struct nfp_flower_vlan); 310 key_layer_two |= NFP_FLOWER_LAYER2_QINQ; 311 } 312 } 313 314 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_CONTROL)) { 315 struct flow_match_enc_opts enc_op = { NULL, NULL }; 316 struct flow_match_ipv4_addrs ipv4_addrs; 317 struct flow_match_ipv6_addrs ipv6_addrs; 318 struct flow_match_control enc_ctl; 319 struct flow_match_ports enc_ports; 320 bool ipv6_tun = false; 321 322 flow_rule_match_enc_control(rule, &enc_ctl); 323 324 if (enc_ctl.mask->addr_type != 0xffff) { 325 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: wildcarded protocols on tunnels are not supported"); 326 return -EOPNOTSUPP; 327 } 328 329 ipv6_tun = enc_ctl.key->addr_type == 330 FLOW_DISSECTOR_KEY_IPV6_ADDRS; 331 if (ipv6_tun && 332 !(priv->flower_ext_feats & NFP_FL_FEATS_IPV6_TUN)) { 333 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: firmware does not support IPv6 tunnels"); 334 return -EOPNOTSUPP; 335 } 336 337 if (!ipv6_tun && 338 enc_ctl.key->addr_type != FLOW_DISSECTOR_KEY_IPV4_ADDRS) { 339 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel address type not IPv4 or IPv6"); 340 return -EOPNOTSUPP; 341 } 342 343 if (ipv6_tun) { 344 flow_rule_match_enc_ipv6_addrs(rule, &ipv6_addrs); 345 if (memchr_inv(&ipv6_addrs.mask->dst, 0xff, 346 sizeof(ipv6_addrs.mask->dst))) { 347 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match IPv6 destination address is supported"); 348 return -EOPNOTSUPP; 349 } 350 } else { 351 flow_rule_match_enc_ipv4_addrs(rule, &ipv4_addrs); 352 if (ipv4_addrs.mask->dst != cpu_to_be32(~0)) { 353 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match IPv4 destination address is supported"); 354 return -EOPNOTSUPP; 355 } 356 } 357 358 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS)) 359 flow_rule_match_enc_opts(rule, &enc_op); 360 361 if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS)) { 362 /* check if GRE, which has no enc_ports */ 363 if (!netif_is_gretap(netdev) && !netif_is_ip6gretap(netdev)) { 364 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: an exact match on L4 destination port is required for non-GRE tunnels"); 365 return -EOPNOTSUPP; 366 } 367 368 *tun_type = NFP_FL_TUNNEL_GRE; 369 key_layer |= NFP_FLOWER_LAYER_EXT_META; 370 key_size += sizeof(struct nfp_flower_ext_meta); 371 key_layer_two |= NFP_FLOWER_LAYER2_GRE; 372 373 if (ipv6_tun) { 374 key_layer_two |= NFP_FLOWER_LAYER2_TUN_IPV6; 375 key_size += 376 sizeof(struct nfp_flower_ipv6_udp_tun); 377 } else { 378 key_size += 379 sizeof(struct nfp_flower_ipv4_udp_tun); 380 } 381 382 if (enc_op.key) { 383 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: encap options not supported on GRE tunnels"); 384 return -EOPNOTSUPP; 385 } 386 } else { 387 flow_rule_match_enc_ports(rule, &enc_ports); 388 if (enc_ports.mask->dst != cpu_to_be16(~0)) { 389 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match L4 destination port is supported"); 390 return -EOPNOTSUPP; 391 } 392 393 err = nfp_flower_calc_udp_tun_layer(enc_ports.key, 394 enc_op.key, 395 &key_layer_two, 396 &key_layer, 397 &key_size, priv, 398 tun_type, ipv6_tun, 399 extack); 400 if (err) 401 return err; 402 403 /* Ensure the ingress netdev matches the expected 404 * tun type. 405 */ 406 if (!nfp_fl_netdev_is_tunnel_type(netdev, *tun_type)) { 407 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: ingress netdev does not match the expected tunnel type"); 408 return -EOPNOTSUPP; 409 } 410 } 411 } 412 413 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) 414 flow_rule_match_basic(rule, &basic); 415 416 if (basic.mask && basic.mask->n_proto) { 417 /* Ethernet type is present in the key. */ 418 switch (basic.key->n_proto) { 419 case cpu_to_be16(ETH_P_IP): 420 key_layer |= NFP_FLOWER_LAYER_IPV4; 421 key_size += sizeof(struct nfp_flower_ipv4); 422 break; 423 424 case cpu_to_be16(ETH_P_IPV6): 425 key_layer |= NFP_FLOWER_LAYER_IPV6; 426 key_size += sizeof(struct nfp_flower_ipv6); 427 break; 428 429 /* Currently we do not offload ARP 430 * because we rely on it to get to the host. 431 */ 432 case cpu_to_be16(ETH_P_ARP): 433 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: ARP not supported"); 434 return -EOPNOTSUPP; 435 436 case cpu_to_be16(ETH_P_MPLS_UC): 437 case cpu_to_be16(ETH_P_MPLS_MC): 438 if (!(key_layer & NFP_FLOWER_LAYER_MAC)) { 439 key_layer |= NFP_FLOWER_LAYER_MAC; 440 key_size += sizeof(struct nfp_flower_mac_mpls); 441 } 442 break; 443 444 /* Will be included in layer 2. */ 445 case cpu_to_be16(ETH_P_8021Q): 446 break; 447 448 default: 449 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on given EtherType is not supported"); 450 return -EOPNOTSUPP; 451 } 452 } else if (nfp_flower_check_higher_than_mac(rule)) { 453 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: cannot match above L2 without specified EtherType"); 454 return -EOPNOTSUPP; 455 } 456 457 if (basic.mask && basic.mask->ip_proto) { 458 switch (basic.key->ip_proto) { 459 case IPPROTO_TCP: 460 case IPPROTO_UDP: 461 case IPPROTO_SCTP: 462 case IPPROTO_ICMP: 463 case IPPROTO_ICMPV6: 464 key_layer |= NFP_FLOWER_LAYER_TP; 465 key_size += sizeof(struct nfp_flower_tp_ports); 466 break; 467 } 468 } 469 470 if (!(key_layer & NFP_FLOWER_LAYER_TP) && 471 nfp_flower_check_higher_than_l3(rule)) { 472 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: cannot match on L4 information without specified IP protocol type"); 473 return -EOPNOTSUPP; 474 } 475 476 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_TCP)) { 477 struct flow_match_tcp tcp; 478 u32 tcp_flags; 479 480 flow_rule_match_tcp(rule, &tcp); 481 tcp_flags = be16_to_cpu(tcp.key->flags); 482 483 if (tcp_flags & ~NFP_FLOWER_SUPPORTED_TCPFLAGS) { 484 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: no match support for selected TCP flags"); 485 return -EOPNOTSUPP; 486 } 487 488 /* We only support PSH and URG flags when either 489 * FIN, SYN or RST is present as well. 490 */ 491 if ((tcp_flags & (TCPHDR_PSH | TCPHDR_URG)) && 492 !(tcp_flags & (TCPHDR_FIN | TCPHDR_SYN | TCPHDR_RST))) { 493 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: PSH and URG is only supported when used with FIN, SYN or RST"); 494 return -EOPNOTSUPP; 495 } 496 497 /* We need to store TCP flags in the either the IPv4 or IPv6 key 498 * space, thus we need to ensure we include a IPv4/IPv6 key 499 * layer if we have not done so already. 500 */ 501 if (!basic.key) { 502 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on TCP flags requires a match on L3 protocol"); 503 return -EOPNOTSUPP; 504 } 505 506 if (!(key_layer & NFP_FLOWER_LAYER_IPV4) && 507 !(key_layer & NFP_FLOWER_LAYER_IPV6)) { 508 switch (basic.key->n_proto) { 509 case cpu_to_be16(ETH_P_IP): 510 key_layer |= NFP_FLOWER_LAYER_IPV4; 511 key_size += sizeof(struct nfp_flower_ipv4); 512 break; 513 514 case cpu_to_be16(ETH_P_IPV6): 515 key_layer |= NFP_FLOWER_LAYER_IPV6; 516 key_size += sizeof(struct nfp_flower_ipv6); 517 break; 518 519 default: 520 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on TCP flags requires a match on IPv4/IPv6"); 521 return -EOPNOTSUPP; 522 } 523 } 524 } 525 526 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) { 527 struct flow_match_control ctl; 528 529 flow_rule_match_control(rule, &ctl); 530 if (ctl.key->flags & ~NFP_FLOWER_SUPPORTED_CTLFLAGS) { 531 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on unknown control flag"); 532 return -EOPNOTSUPP; 533 } 534 } 535 536 ret_key_ls->key_layer = key_layer; 537 ret_key_ls->key_layer_two = key_layer_two; 538 ret_key_ls->key_size = key_size; 539 540 return 0; 541 } 542 543 struct nfp_fl_payload * 544 nfp_flower_allocate_new(struct nfp_fl_key_ls *key_layer) 545 { 546 struct nfp_fl_payload *flow_pay; 547 548 flow_pay = kmalloc(sizeof(*flow_pay), GFP_KERNEL); 549 if (!flow_pay) 550 return NULL; 551 552 flow_pay->meta.key_len = key_layer->key_size; 553 flow_pay->unmasked_data = kmalloc(key_layer->key_size, GFP_KERNEL); 554 if (!flow_pay->unmasked_data) 555 goto err_free_flow; 556 557 flow_pay->meta.mask_len = key_layer->key_size; 558 flow_pay->mask_data = kmalloc(key_layer->key_size, GFP_KERNEL); 559 if (!flow_pay->mask_data) 560 goto err_free_unmasked; 561 562 flow_pay->action_data = kmalloc(NFP_FL_MAX_A_SIZ, GFP_KERNEL); 563 if (!flow_pay->action_data) 564 goto err_free_mask; 565 566 flow_pay->nfp_tun_ipv4_addr = 0; 567 flow_pay->nfp_tun_ipv6 = NULL; 568 flow_pay->meta.flags = 0; 569 INIT_LIST_HEAD(&flow_pay->linked_flows); 570 flow_pay->in_hw = false; 571 flow_pay->pre_tun_rule.dev = NULL; 572 573 return flow_pay; 574 575 err_free_mask: 576 kfree(flow_pay->mask_data); 577 err_free_unmasked: 578 kfree(flow_pay->unmasked_data); 579 err_free_flow: 580 kfree(flow_pay); 581 return NULL; 582 } 583 584 static int 585 nfp_flower_update_merge_with_actions(struct nfp_fl_payload *flow, 586 struct nfp_flower_merge_check *merge, 587 u8 *last_act_id, int *act_out) 588 { 589 struct nfp_fl_set_ipv6_tc_hl_fl *ipv6_tc_hl_fl; 590 struct nfp_fl_set_ip4_ttl_tos *ipv4_ttl_tos; 591 struct nfp_fl_set_ip4_addrs *ipv4_add; 592 struct nfp_fl_set_ipv6_addr *ipv6_add; 593 struct nfp_fl_push_vlan *push_vlan; 594 struct nfp_fl_pre_tunnel *pre_tun; 595 struct nfp_fl_set_tport *tport; 596 struct nfp_fl_set_eth *eth; 597 struct nfp_fl_act_head *a; 598 unsigned int act_off = 0; 599 bool ipv6_tun = false; 600 u8 act_id = 0; 601 u8 *ports; 602 int i; 603 604 while (act_off < flow->meta.act_len) { 605 a = (struct nfp_fl_act_head *)&flow->action_data[act_off]; 606 act_id = a->jump_id; 607 608 switch (act_id) { 609 case NFP_FL_ACTION_OPCODE_OUTPUT: 610 if (act_out) 611 (*act_out)++; 612 break; 613 case NFP_FL_ACTION_OPCODE_PUSH_VLAN: 614 push_vlan = (struct nfp_fl_push_vlan *)a; 615 if (push_vlan->vlan_tci) 616 merge->tci = cpu_to_be16(0xffff); 617 break; 618 case NFP_FL_ACTION_OPCODE_POP_VLAN: 619 merge->tci = cpu_to_be16(0); 620 break; 621 case NFP_FL_ACTION_OPCODE_SET_TUNNEL: 622 /* New tunnel header means l2 to l4 can be matched. */ 623 eth_broadcast_addr(&merge->l2.mac_dst[0]); 624 eth_broadcast_addr(&merge->l2.mac_src[0]); 625 memset(&merge->l4, 0xff, 626 sizeof(struct nfp_flower_tp_ports)); 627 if (ipv6_tun) 628 memset(&merge->ipv6, 0xff, 629 sizeof(struct nfp_flower_ipv6)); 630 else 631 memset(&merge->ipv4, 0xff, 632 sizeof(struct nfp_flower_ipv4)); 633 break; 634 case NFP_FL_ACTION_OPCODE_SET_ETHERNET: 635 eth = (struct nfp_fl_set_eth *)a; 636 for (i = 0; i < ETH_ALEN; i++) 637 merge->l2.mac_dst[i] |= eth->eth_addr_mask[i]; 638 for (i = 0; i < ETH_ALEN; i++) 639 merge->l2.mac_src[i] |= 640 eth->eth_addr_mask[ETH_ALEN + i]; 641 break; 642 case NFP_FL_ACTION_OPCODE_SET_IPV4_ADDRS: 643 ipv4_add = (struct nfp_fl_set_ip4_addrs *)a; 644 merge->ipv4.ipv4_src |= ipv4_add->ipv4_src_mask; 645 merge->ipv4.ipv4_dst |= ipv4_add->ipv4_dst_mask; 646 break; 647 case NFP_FL_ACTION_OPCODE_SET_IPV4_TTL_TOS: 648 ipv4_ttl_tos = (struct nfp_fl_set_ip4_ttl_tos *)a; 649 merge->ipv4.ip_ext.ttl |= ipv4_ttl_tos->ipv4_ttl_mask; 650 merge->ipv4.ip_ext.tos |= ipv4_ttl_tos->ipv4_tos_mask; 651 break; 652 case NFP_FL_ACTION_OPCODE_SET_IPV6_SRC: 653 ipv6_add = (struct nfp_fl_set_ipv6_addr *)a; 654 for (i = 0; i < 4; i++) 655 merge->ipv6.ipv6_src.in6_u.u6_addr32[i] |= 656 ipv6_add->ipv6[i].mask; 657 break; 658 case NFP_FL_ACTION_OPCODE_SET_IPV6_DST: 659 ipv6_add = (struct nfp_fl_set_ipv6_addr *)a; 660 for (i = 0; i < 4; i++) 661 merge->ipv6.ipv6_dst.in6_u.u6_addr32[i] |= 662 ipv6_add->ipv6[i].mask; 663 break; 664 case NFP_FL_ACTION_OPCODE_SET_IPV6_TC_HL_FL: 665 ipv6_tc_hl_fl = (struct nfp_fl_set_ipv6_tc_hl_fl *)a; 666 merge->ipv6.ip_ext.ttl |= 667 ipv6_tc_hl_fl->ipv6_hop_limit_mask; 668 merge->ipv6.ip_ext.tos |= ipv6_tc_hl_fl->ipv6_tc_mask; 669 merge->ipv6.ipv6_flow_label_exthdr |= 670 ipv6_tc_hl_fl->ipv6_label_mask; 671 break; 672 case NFP_FL_ACTION_OPCODE_SET_UDP: 673 case NFP_FL_ACTION_OPCODE_SET_TCP: 674 tport = (struct nfp_fl_set_tport *)a; 675 ports = (u8 *)&merge->l4.port_src; 676 for (i = 0; i < 4; i++) 677 ports[i] |= tport->tp_port_mask[i]; 678 break; 679 case NFP_FL_ACTION_OPCODE_PRE_TUNNEL: 680 pre_tun = (struct nfp_fl_pre_tunnel *)a; 681 ipv6_tun = be16_to_cpu(pre_tun->flags) & 682 NFP_FL_PRE_TUN_IPV6; 683 break; 684 case NFP_FL_ACTION_OPCODE_PRE_LAG: 685 case NFP_FL_ACTION_OPCODE_PUSH_GENEVE: 686 break; 687 default: 688 return -EOPNOTSUPP; 689 } 690 691 act_off += a->len_lw << NFP_FL_LW_SIZ; 692 } 693 694 if (last_act_id) 695 *last_act_id = act_id; 696 697 return 0; 698 } 699 700 static int 701 nfp_flower_populate_merge_match(struct nfp_fl_payload *flow, 702 struct nfp_flower_merge_check *merge, 703 bool extra_fields) 704 { 705 struct nfp_flower_meta_tci *meta_tci; 706 u8 *mask = flow->mask_data; 707 u8 key_layer, match_size; 708 709 memset(merge, 0, sizeof(struct nfp_flower_merge_check)); 710 711 meta_tci = (struct nfp_flower_meta_tci *)mask; 712 key_layer = meta_tci->nfp_flow_key_layer; 713 714 if (key_layer & ~NFP_FLOWER_MERGE_FIELDS && !extra_fields) 715 return -EOPNOTSUPP; 716 717 merge->tci = meta_tci->tci; 718 mask += sizeof(struct nfp_flower_meta_tci); 719 720 if (key_layer & NFP_FLOWER_LAYER_EXT_META) 721 mask += sizeof(struct nfp_flower_ext_meta); 722 723 mask += sizeof(struct nfp_flower_in_port); 724 725 if (key_layer & NFP_FLOWER_LAYER_MAC) { 726 match_size = sizeof(struct nfp_flower_mac_mpls); 727 memcpy(&merge->l2, mask, match_size); 728 mask += match_size; 729 } 730 731 if (key_layer & NFP_FLOWER_LAYER_TP) { 732 match_size = sizeof(struct nfp_flower_tp_ports); 733 memcpy(&merge->l4, mask, match_size); 734 mask += match_size; 735 } 736 737 if (key_layer & NFP_FLOWER_LAYER_IPV4) { 738 match_size = sizeof(struct nfp_flower_ipv4); 739 memcpy(&merge->ipv4, mask, match_size); 740 } 741 742 if (key_layer & NFP_FLOWER_LAYER_IPV6) { 743 match_size = sizeof(struct nfp_flower_ipv6); 744 memcpy(&merge->ipv6, mask, match_size); 745 } 746 747 return 0; 748 } 749 750 static int 751 nfp_flower_can_merge(struct nfp_fl_payload *sub_flow1, 752 struct nfp_fl_payload *sub_flow2) 753 { 754 /* Two flows can be merged if sub_flow2 only matches on bits that are 755 * either matched by sub_flow1 or set by a sub_flow1 action. This 756 * ensures that every packet that hits sub_flow1 and recirculates is 757 * guaranteed to hit sub_flow2. 758 */ 759 struct nfp_flower_merge_check sub_flow1_merge, sub_flow2_merge; 760 int err, act_out = 0; 761 u8 last_act_id = 0; 762 763 err = nfp_flower_populate_merge_match(sub_flow1, &sub_flow1_merge, 764 true); 765 if (err) 766 return err; 767 768 err = nfp_flower_populate_merge_match(sub_flow2, &sub_flow2_merge, 769 false); 770 if (err) 771 return err; 772 773 err = nfp_flower_update_merge_with_actions(sub_flow1, &sub_flow1_merge, 774 &last_act_id, &act_out); 775 if (err) 776 return err; 777 778 /* Must only be 1 output action and it must be the last in sequence. */ 779 if (act_out != 1 || last_act_id != NFP_FL_ACTION_OPCODE_OUTPUT) 780 return -EOPNOTSUPP; 781 782 /* Reject merge if sub_flow2 matches on something that is not matched 783 * on or set in an action by sub_flow1. 784 */ 785 err = bitmap_andnot(sub_flow2_merge.vals, sub_flow2_merge.vals, 786 sub_flow1_merge.vals, 787 sizeof(struct nfp_flower_merge_check) * 8); 788 if (err) 789 return -EINVAL; 790 791 return 0; 792 } 793 794 static unsigned int 795 nfp_flower_copy_pre_actions(char *act_dst, char *act_src, int len, 796 bool *tunnel_act) 797 { 798 unsigned int act_off = 0, act_len; 799 struct nfp_fl_act_head *a; 800 u8 act_id = 0; 801 802 while (act_off < len) { 803 a = (struct nfp_fl_act_head *)&act_src[act_off]; 804 act_len = a->len_lw << NFP_FL_LW_SIZ; 805 act_id = a->jump_id; 806 807 switch (act_id) { 808 case NFP_FL_ACTION_OPCODE_PRE_TUNNEL: 809 if (tunnel_act) 810 *tunnel_act = true; 811 fallthrough; 812 case NFP_FL_ACTION_OPCODE_PRE_LAG: 813 memcpy(act_dst + act_off, act_src + act_off, act_len); 814 break; 815 default: 816 return act_off; 817 } 818 819 act_off += act_len; 820 } 821 822 return act_off; 823 } 824 825 static int 826 nfp_fl_verify_post_tun_acts(char *acts, int len, struct nfp_fl_push_vlan **vlan) 827 { 828 struct nfp_fl_act_head *a; 829 unsigned int act_off = 0; 830 831 while (act_off < len) { 832 a = (struct nfp_fl_act_head *)&acts[act_off]; 833 834 if (a->jump_id == NFP_FL_ACTION_OPCODE_PUSH_VLAN && !act_off) 835 *vlan = (struct nfp_fl_push_vlan *)a; 836 else if (a->jump_id != NFP_FL_ACTION_OPCODE_OUTPUT) 837 return -EOPNOTSUPP; 838 839 act_off += a->len_lw << NFP_FL_LW_SIZ; 840 } 841 842 /* Ensure any VLAN push also has an egress action. */ 843 if (*vlan && act_off <= sizeof(struct nfp_fl_push_vlan)) 844 return -EOPNOTSUPP; 845 846 return 0; 847 } 848 849 static int 850 nfp_fl_push_vlan_after_tun(char *acts, int len, struct nfp_fl_push_vlan *vlan) 851 { 852 struct nfp_fl_set_tun *tun; 853 struct nfp_fl_act_head *a; 854 unsigned int act_off = 0; 855 856 while (act_off < len) { 857 a = (struct nfp_fl_act_head *)&acts[act_off]; 858 859 if (a->jump_id == NFP_FL_ACTION_OPCODE_SET_TUNNEL) { 860 tun = (struct nfp_fl_set_tun *)a; 861 tun->outer_vlan_tpid = vlan->vlan_tpid; 862 tun->outer_vlan_tci = vlan->vlan_tci; 863 864 return 0; 865 } 866 867 act_off += a->len_lw << NFP_FL_LW_SIZ; 868 } 869 870 /* Return error if no tunnel action is found. */ 871 return -EOPNOTSUPP; 872 } 873 874 static int 875 nfp_flower_merge_action(struct nfp_fl_payload *sub_flow1, 876 struct nfp_fl_payload *sub_flow2, 877 struct nfp_fl_payload *merge_flow) 878 { 879 unsigned int sub1_act_len, sub2_act_len, pre_off1, pre_off2; 880 struct nfp_fl_push_vlan *post_tun_push_vlan = NULL; 881 bool tunnel_act = false; 882 char *merge_act; 883 int err; 884 885 /* The last action of sub_flow1 must be output - do not merge this. */ 886 sub1_act_len = sub_flow1->meta.act_len - sizeof(struct nfp_fl_output); 887 sub2_act_len = sub_flow2->meta.act_len; 888 889 if (!sub2_act_len) 890 return -EINVAL; 891 892 if (sub1_act_len + sub2_act_len > NFP_FL_MAX_A_SIZ) 893 return -EINVAL; 894 895 /* A shortcut can only be applied if there is a single action. */ 896 if (sub1_act_len) 897 merge_flow->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL); 898 else 899 merge_flow->meta.shortcut = sub_flow2->meta.shortcut; 900 901 merge_flow->meta.act_len = sub1_act_len + sub2_act_len; 902 merge_act = merge_flow->action_data; 903 904 /* Copy any pre-actions to the start of merge flow action list. */ 905 pre_off1 = nfp_flower_copy_pre_actions(merge_act, 906 sub_flow1->action_data, 907 sub1_act_len, &tunnel_act); 908 merge_act += pre_off1; 909 sub1_act_len -= pre_off1; 910 pre_off2 = nfp_flower_copy_pre_actions(merge_act, 911 sub_flow2->action_data, 912 sub2_act_len, NULL); 913 merge_act += pre_off2; 914 sub2_act_len -= pre_off2; 915 916 /* FW does a tunnel push when egressing, therefore, if sub_flow 1 pushes 917 * a tunnel, there are restrictions on what sub_flow 2 actions lead to a 918 * valid merge. 919 */ 920 if (tunnel_act) { 921 char *post_tun_acts = &sub_flow2->action_data[pre_off2]; 922 923 err = nfp_fl_verify_post_tun_acts(post_tun_acts, sub2_act_len, 924 &post_tun_push_vlan); 925 if (err) 926 return err; 927 928 if (post_tun_push_vlan) { 929 pre_off2 += sizeof(*post_tun_push_vlan); 930 sub2_act_len -= sizeof(*post_tun_push_vlan); 931 } 932 } 933 934 /* Copy remaining actions from sub_flows 1 and 2. */ 935 memcpy(merge_act, sub_flow1->action_data + pre_off1, sub1_act_len); 936 937 if (post_tun_push_vlan) { 938 /* Update tunnel action in merge to include VLAN push. */ 939 err = nfp_fl_push_vlan_after_tun(merge_act, sub1_act_len, 940 post_tun_push_vlan); 941 if (err) 942 return err; 943 944 merge_flow->meta.act_len -= sizeof(*post_tun_push_vlan); 945 } 946 947 merge_act += sub1_act_len; 948 memcpy(merge_act, sub_flow2->action_data + pre_off2, sub2_act_len); 949 950 return 0; 951 } 952 953 /* Flow link code should only be accessed under RTNL. */ 954 static void nfp_flower_unlink_flow(struct nfp_fl_payload_link *link) 955 { 956 list_del(&link->merge_flow.list); 957 list_del(&link->sub_flow.list); 958 kfree(link); 959 } 960 961 static void nfp_flower_unlink_flows(struct nfp_fl_payload *merge_flow, 962 struct nfp_fl_payload *sub_flow) 963 { 964 struct nfp_fl_payload_link *link; 965 966 list_for_each_entry(link, &merge_flow->linked_flows, merge_flow.list) 967 if (link->sub_flow.flow == sub_flow) { 968 nfp_flower_unlink_flow(link); 969 return; 970 } 971 } 972 973 static int nfp_flower_link_flows(struct nfp_fl_payload *merge_flow, 974 struct nfp_fl_payload *sub_flow) 975 { 976 struct nfp_fl_payload_link *link; 977 978 link = kmalloc(sizeof(*link), GFP_KERNEL); 979 if (!link) 980 return -ENOMEM; 981 982 link->merge_flow.flow = merge_flow; 983 list_add_tail(&link->merge_flow.list, &merge_flow->linked_flows); 984 link->sub_flow.flow = sub_flow; 985 list_add_tail(&link->sub_flow.list, &sub_flow->linked_flows); 986 987 return 0; 988 } 989 990 /** 991 * nfp_flower_merge_offloaded_flows() - Merge 2 existing flows to single flow. 992 * @app: Pointer to the APP handle 993 * @sub_flow1: Initial flow matched to produce merge hint 994 * @sub_flow2: Post recirculation flow matched in merge hint 995 * 996 * Combines 2 flows (if valid) to a single flow, removing the initial from hw 997 * and offloading the new, merged flow. 998 * 999 * Return: negative value on error, 0 in success. 1000 */ 1001 int nfp_flower_merge_offloaded_flows(struct nfp_app *app, 1002 struct nfp_fl_payload *sub_flow1, 1003 struct nfp_fl_payload *sub_flow2) 1004 { 1005 struct nfp_flower_priv *priv = app->priv; 1006 struct nfp_fl_payload *merge_flow; 1007 struct nfp_fl_key_ls merge_key_ls; 1008 struct nfp_merge_info *merge_info; 1009 u64 parent_ctx = 0; 1010 int err; 1011 1012 ASSERT_RTNL(); 1013 1014 if (sub_flow1 == sub_flow2 || 1015 nfp_flower_is_merge_flow(sub_flow1) || 1016 nfp_flower_is_merge_flow(sub_flow2)) 1017 return -EINVAL; 1018 1019 /* check if the two flows are already merged */ 1020 parent_ctx = (u64)(be32_to_cpu(sub_flow1->meta.host_ctx_id)) << 32; 1021 parent_ctx |= (u64)(be32_to_cpu(sub_flow2->meta.host_ctx_id)); 1022 if (rhashtable_lookup_fast(&priv->merge_table, 1023 &parent_ctx, merge_table_params)) { 1024 nfp_flower_cmsg_warn(app, "The two flows are already merged.\n"); 1025 return 0; 1026 } 1027 1028 err = nfp_flower_can_merge(sub_flow1, sub_flow2); 1029 if (err) 1030 return err; 1031 1032 merge_key_ls.key_size = sub_flow1->meta.key_len; 1033 1034 merge_flow = nfp_flower_allocate_new(&merge_key_ls); 1035 if (!merge_flow) 1036 return -ENOMEM; 1037 1038 merge_flow->tc_flower_cookie = (unsigned long)merge_flow; 1039 merge_flow->ingress_dev = sub_flow1->ingress_dev; 1040 1041 memcpy(merge_flow->unmasked_data, sub_flow1->unmasked_data, 1042 sub_flow1->meta.key_len); 1043 memcpy(merge_flow->mask_data, sub_flow1->mask_data, 1044 sub_flow1->meta.mask_len); 1045 1046 err = nfp_flower_merge_action(sub_flow1, sub_flow2, merge_flow); 1047 if (err) 1048 goto err_destroy_merge_flow; 1049 1050 err = nfp_flower_link_flows(merge_flow, sub_flow1); 1051 if (err) 1052 goto err_destroy_merge_flow; 1053 1054 err = nfp_flower_link_flows(merge_flow, sub_flow2); 1055 if (err) 1056 goto err_unlink_sub_flow1; 1057 1058 err = nfp_compile_flow_metadata(app, merge_flow->tc_flower_cookie, merge_flow, 1059 merge_flow->ingress_dev, NULL); 1060 if (err) 1061 goto err_unlink_sub_flow2; 1062 1063 err = rhashtable_insert_fast(&priv->flow_table, &merge_flow->fl_node, 1064 nfp_flower_table_params); 1065 if (err) 1066 goto err_release_metadata; 1067 1068 merge_info = kmalloc(sizeof(*merge_info), GFP_KERNEL); 1069 if (!merge_info) { 1070 err = -ENOMEM; 1071 goto err_remove_rhash; 1072 } 1073 merge_info->parent_ctx = parent_ctx; 1074 err = rhashtable_insert_fast(&priv->merge_table, &merge_info->ht_node, 1075 merge_table_params); 1076 if (err) 1077 goto err_destroy_merge_info; 1078 1079 err = nfp_flower_xmit_flow(app, merge_flow, 1080 NFP_FLOWER_CMSG_TYPE_FLOW_MOD); 1081 if (err) 1082 goto err_remove_merge_info; 1083 1084 merge_flow->in_hw = true; 1085 sub_flow1->in_hw = false; 1086 1087 return 0; 1088 1089 err_remove_merge_info: 1090 WARN_ON_ONCE(rhashtable_remove_fast(&priv->merge_table, 1091 &merge_info->ht_node, 1092 merge_table_params)); 1093 err_destroy_merge_info: 1094 kfree(merge_info); 1095 err_remove_rhash: 1096 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table, 1097 &merge_flow->fl_node, 1098 nfp_flower_table_params)); 1099 err_release_metadata: 1100 nfp_modify_flow_metadata(app, merge_flow); 1101 err_unlink_sub_flow2: 1102 nfp_flower_unlink_flows(merge_flow, sub_flow2); 1103 err_unlink_sub_flow1: 1104 nfp_flower_unlink_flows(merge_flow, sub_flow1); 1105 err_destroy_merge_flow: 1106 kfree(merge_flow->action_data); 1107 kfree(merge_flow->mask_data); 1108 kfree(merge_flow->unmasked_data); 1109 kfree(merge_flow); 1110 return err; 1111 } 1112 1113 /** 1114 * nfp_flower_validate_pre_tun_rule() 1115 * @app: Pointer to the APP handle 1116 * @flow: Pointer to NFP flow representation of rule 1117 * @key_ls: Pointer to NFP key layers structure 1118 * @extack: Netlink extended ACK report 1119 * 1120 * Verifies the flow as a pre-tunnel rule. 1121 * 1122 * Return: negative value on error, 0 if verified. 1123 */ 1124 static int 1125 nfp_flower_validate_pre_tun_rule(struct nfp_app *app, 1126 struct nfp_fl_payload *flow, 1127 struct nfp_fl_key_ls *key_ls, 1128 struct netlink_ext_ack *extack) 1129 { 1130 struct nfp_flower_priv *priv = app->priv; 1131 struct nfp_flower_meta_tci *meta_tci; 1132 struct nfp_flower_mac_mpls *mac; 1133 u8 *ext = flow->unmasked_data; 1134 struct nfp_fl_act_head *act; 1135 u8 *mask = flow->mask_data; 1136 bool vlan = false; 1137 int act_offset; 1138 u8 key_layer; 1139 1140 meta_tci = (struct nfp_flower_meta_tci *)flow->unmasked_data; 1141 key_layer = key_ls->key_layer; 1142 if (!(priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ)) { 1143 if (meta_tci->tci & cpu_to_be16(NFP_FLOWER_MASK_VLAN_PRESENT)) { 1144 u16 vlan_tci = be16_to_cpu(meta_tci->tci); 1145 1146 vlan_tci &= ~NFP_FLOWER_MASK_VLAN_PRESENT; 1147 flow->pre_tun_rule.vlan_tci = cpu_to_be16(vlan_tci); 1148 vlan = true; 1149 } else { 1150 flow->pre_tun_rule.vlan_tci = cpu_to_be16(0xffff); 1151 } 1152 } 1153 1154 if (key_layer & ~NFP_FLOWER_PRE_TUN_RULE_FIELDS) { 1155 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: too many match fields"); 1156 return -EOPNOTSUPP; 1157 } else if (key_ls->key_layer_two & ~NFP_FLOWER_LAYER2_QINQ) { 1158 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: non-vlan in extended match fields"); 1159 return -EOPNOTSUPP; 1160 } 1161 1162 if (!(key_layer & NFP_FLOWER_LAYER_MAC)) { 1163 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: MAC fields match required"); 1164 return -EOPNOTSUPP; 1165 } 1166 1167 if (!(key_layer & NFP_FLOWER_LAYER_IPV4) && 1168 !(key_layer & NFP_FLOWER_LAYER_IPV6)) { 1169 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: match on ipv4/ipv6 eth_type must be present"); 1170 return -EOPNOTSUPP; 1171 } 1172 1173 /* Skip fields known to exist. */ 1174 mask += sizeof(struct nfp_flower_meta_tci); 1175 ext += sizeof(struct nfp_flower_meta_tci); 1176 if (key_ls->key_layer_two) { 1177 mask += sizeof(struct nfp_flower_ext_meta); 1178 ext += sizeof(struct nfp_flower_ext_meta); 1179 } 1180 mask += sizeof(struct nfp_flower_in_port); 1181 ext += sizeof(struct nfp_flower_in_port); 1182 1183 /* Ensure destination MAC address matches pre_tun_dev. */ 1184 mac = (struct nfp_flower_mac_mpls *)ext; 1185 if (memcmp(&mac->mac_dst[0], flow->pre_tun_rule.dev->dev_addr, 6)) { 1186 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: dest MAC must match output dev MAC"); 1187 return -EOPNOTSUPP; 1188 } 1189 1190 /* Ensure destination MAC address is fully matched. */ 1191 mac = (struct nfp_flower_mac_mpls *)mask; 1192 if (!is_broadcast_ether_addr(&mac->mac_dst[0])) { 1193 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: dest MAC field must not be masked"); 1194 return -EOPNOTSUPP; 1195 } 1196 1197 if (mac->mpls_lse) { 1198 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: MPLS not supported"); 1199 return -EOPNOTSUPP; 1200 } 1201 1202 mask += sizeof(struct nfp_flower_mac_mpls); 1203 ext += sizeof(struct nfp_flower_mac_mpls); 1204 if (key_layer & NFP_FLOWER_LAYER_IPV4 || 1205 key_layer & NFP_FLOWER_LAYER_IPV6) { 1206 /* Flags and proto fields have same offset in IPv4 and IPv6. */ 1207 int ip_flags = offsetof(struct nfp_flower_ipv4, ip_ext.flags); 1208 int ip_proto = offsetof(struct nfp_flower_ipv4, ip_ext.proto); 1209 int size; 1210 int i; 1211 1212 size = key_layer & NFP_FLOWER_LAYER_IPV4 ? 1213 sizeof(struct nfp_flower_ipv4) : 1214 sizeof(struct nfp_flower_ipv6); 1215 1216 1217 /* Ensure proto and flags are the only IP layer fields. */ 1218 for (i = 0; i < size; i++) 1219 if (mask[i] && i != ip_flags && i != ip_proto) { 1220 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: only flags and proto can be matched in ip header"); 1221 return -EOPNOTSUPP; 1222 } 1223 ext += size; 1224 mask += size; 1225 } 1226 1227 if ((priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ)) { 1228 if (key_ls->key_layer_two & NFP_FLOWER_LAYER2_QINQ) { 1229 struct nfp_flower_vlan *vlan_tags; 1230 u16 vlan_tci; 1231 1232 vlan_tags = (struct nfp_flower_vlan *)ext; 1233 1234 vlan_tci = be16_to_cpu(vlan_tags->outer_tci); 1235 1236 vlan_tci &= ~NFP_FLOWER_MASK_VLAN_PRESENT; 1237 flow->pre_tun_rule.vlan_tci = cpu_to_be16(vlan_tci); 1238 vlan = true; 1239 } else { 1240 flow->pre_tun_rule.vlan_tci = cpu_to_be16(0xffff); 1241 } 1242 } 1243 1244 /* Action must be a single egress or pop_vlan and egress. */ 1245 act_offset = 0; 1246 act = (struct nfp_fl_act_head *)&flow->action_data[act_offset]; 1247 if (vlan) { 1248 if (act->jump_id != NFP_FL_ACTION_OPCODE_POP_VLAN) { 1249 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: match on VLAN must have VLAN pop as first action"); 1250 return -EOPNOTSUPP; 1251 } 1252 1253 act_offset += act->len_lw << NFP_FL_LW_SIZ; 1254 act = (struct nfp_fl_act_head *)&flow->action_data[act_offset]; 1255 } 1256 1257 if (act->jump_id != NFP_FL_ACTION_OPCODE_OUTPUT) { 1258 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: non egress action detected where egress was expected"); 1259 return -EOPNOTSUPP; 1260 } 1261 1262 act_offset += act->len_lw << NFP_FL_LW_SIZ; 1263 1264 /* Ensure there are no more actions after egress. */ 1265 if (act_offset != flow->meta.act_len) { 1266 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: egress is not the last action"); 1267 return -EOPNOTSUPP; 1268 } 1269 1270 return 0; 1271 } 1272 1273 static bool offload_pre_check(struct flow_cls_offload *flow) 1274 { 1275 struct flow_rule *rule = flow_cls_offload_flow_rule(flow); 1276 struct flow_dissector *dissector = rule->match.dissector; 1277 1278 if (dissector->used_keys & BIT(FLOW_DISSECTOR_KEY_CT)) 1279 return false; 1280 1281 if (flow->common.chain_index) 1282 return false; 1283 1284 return true; 1285 } 1286 1287 /** 1288 * nfp_flower_add_offload() - Adds a new flow to hardware. 1289 * @app: Pointer to the APP handle 1290 * @netdev: netdev structure. 1291 * @flow: TC flower classifier offload structure. 1292 * 1293 * Adds a new flow to the repeated hash structure and action payload. 1294 * 1295 * Return: negative value on error, 0 if configured successfully. 1296 */ 1297 static int 1298 nfp_flower_add_offload(struct nfp_app *app, struct net_device *netdev, 1299 struct flow_cls_offload *flow) 1300 { 1301 struct flow_rule *rule = flow_cls_offload_flow_rule(flow); 1302 enum nfp_flower_tun_type tun_type = NFP_FL_TUNNEL_NONE; 1303 struct nfp_flower_priv *priv = app->priv; 1304 struct netlink_ext_ack *extack = NULL; 1305 struct nfp_fl_payload *flow_pay; 1306 struct nfp_fl_key_ls *key_layer; 1307 struct nfp_port *port = NULL; 1308 int err; 1309 1310 extack = flow->common.extack; 1311 if (nfp_netdev_is_nfp_repr(netdev)) 1312 port = nfp_port_from_netdev(netdev); 1313 1314 if (is_pre_ct_flow(flow)) 1315 return nfp_fl_ct_handle_pre_ct(priv, netdev, flow, extack); 1316 1317 if (is_post_ct_flow(flow)) 1318 return nfp_fl_ct_handle_post_ct(priv, netdev, flow, extack); 1319 1320 if (!offload_pre_check(flow)) 1321 return -EOPNOTSUPP; 1322 1323 key_layer = kmalloc(sizeof(*key_layer), GFP_KERNEL); 1324 if (!key_layer) 1325 return -ENOMEM; 1326 1327 err = nfp_flower_calculate_key_layers(app, netdev, key_layer, rule, 1328 &tun_type, extack); 1329 if (err) 1330 goto err_free_key_ls; 1331 1332 flow_pay = nfp_flower_allocate_new(key_layer); 1333 if (!flow_pay) { 1334 err = -ENOMEM; 1335 goto err_free_key_ls; 1336 } 1337 1338 err = nfp_flower_compile_flow_match(app, rule, key_layer, netdev, 1339 flow_pay, tun_type, extack); 1340 if (err) 1341 goto err_destroy_flow; 1342 1343 err = nfp_flower_compile_action(app, rule, netdev, flow_pay, extack); 1344 if (err) 1345 goto err_destroy_flow; 1346 1347 if (flow_pay->pre_tun_rule.dev) { 1348 err = nfp_flower_validate_pre_tun_rule(app, flow_pay, key_layer, extack); 1349 if (err) 1350 goto err_destroy_flow; 1351 } 1352 1353 err = nfp_compile_flow_metadata(app, flow->cookie, flow_pay, netdev, extack); 1354 if (err) 1355 goto err_destroy_flow; 1356 1357 flow_pay->tc_flower_cookie = flow->cookie; 1358 err = rhashtable_insert_fast(&priv->flow_table, &flow_pay->fl_node, 1359 nfp_flower_table_params); 1360 if (err) { 1361 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot insert flow into tables for offloads"); 1362 goto err_release_metadata; 1363 } 1364 1365 if (flow_pay->pre_tun_rule.dev) 1366 err = nfp_flower_xmit_pre_tun_flow(app, flow_pay); 1367 else 1368 err = nfp_flower_xmit_flow(app, flow_pay, 1369 NFP_FLOWER_CMSG_TYPE_FLOW_ADD); 1370 if (err) 1371 goto err_remove_rhash; 1372 1373 if (port) 1374 port->tc_offload_cnt++; 1375 1376 flow_pay->in_hw = true; 1377 1378 /* Deallocate flow payload when flower rule has been destroyed. */ 1379 kfree(key_layer); 1380 1381 return 0; 1382 1383 err_remove_rhash: 1384 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table, 1385 &flow_pay->fl_node, 1386 nfp_flower_table_params)); 1387 err_release_metadata: 1388 nfp_modify_flow_metadata(app, flow_pay); 1389 err_destroy_flow: 1390 if (flow_pay->nfp_tun_ipv6) 1391 nfp_tunnel_put_ipv6_off(app, flow_pay->nfp_tun_ipv6); 1392 kfree(flow_pay->action_data); 1393 kfree(flow_pay->mask_data); 1394 kfree(flow_pay->unmasked_data); 1395 kfree(flow_pay); 1396 err_free_key_ls: 1397 kfree(key_layer); 1398 return err; 1399 } 1400 1401 static void 1402 nfp_flower_remove_merge_flow(struct nfp_app *app, 1403 struct nfp_fl_payload *del_sub_flow, 1404 struct nfp_fl_payload *merge_flow) 1405 { 1406 struct nfp_flower_priv *priv = app->priv; 1407 struct nfp_fl_payload_link *link, *temp; 1408 struct nfp_merge_info *merge_info; 1409 struct nfp_fl_payload *origin; 1410 u64 parent_ctx = 0; 1411 bool mod = false; 1412 int err; 1413 1414 link = list_first_entry(&merge_flow->linked_flows, 1415 struct nfp_fl_payload_link, merge_flow.list); 1416 origin = link->sub_flow.flow; 1417 1418 /* Re-add rule the merge had overwritten if it has not been deleted. */ 1419 if (origin != del_sub_flow) 1420 mod = true; 1421 1422 err = nfp_modify_flow_metadata(app, merge_flow); 1423 if (err) { 1424 nfp_flower_cmsg_warn(app, "Metadata fail for merge flow delete.\n"); 1425 goto err_free_links; 1426 } 1427 1428 if (!mod) { 1429 err = nfp_flower_xmit_flow(app, merge_flow, 1430 NFP_FLOWER_CMSG_TYPE_FLOW_DEL); 1431 if (err) { 1432 nfp_flower_cmsg_warn(app, "Failed to delete merged flow.\n"); 1433 goto err_free_links; 1434 } 1435 } else { 1436 __nfp_modify_flow_metadata(priv, origin); 1437 err = nfp_flower_xmit_flow(app, origin, 1438 NFP_FLOWER_CMSG_TYPE_FLOW_MOD); 1439 if (err) 1440 nfp_flower_cmsg_warn(app, "Failed to revert merge flow.\n"); 1441 origin->in_hw = true; 1442 } 1443 1444 err_free_links: 1445 /* Clean any links connected with the merged flow. */ 1446 list_for_each_entry_safe(link, temp, &merge_flow->linked_flows, 1447 merge_flow.list) { 1448 u32 ctx_id = be32_to_cpu(link->sub_flow.flow->meta.host_ctx_id); 1449 1450 parent_ctx = (parent_ctx << 32) | (u64)(ctx_id); 1451 nfp_flower_unlink_flow(link); 1452 } 1453 1454 merge_info = rhashtable_lookup_fast(&priv->merge_table, 1455 &parent_ctx, 1456 merge_table_params); 1457 if (merge_info) { 1458 WARN_ON_ONCE(rhashtable_remove_fast(&priv->merge_table, 1459 &merge_info->ht_node, 1460 merge_table_params)); 1461 kfree(merge_info); 1462 } 1463 1464 kfree(merge_flow->action_data); 1465 kfree(merge_flow->mask_data); 1466 kfree(merge_flow->unmasked_data); 1467 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table, 1468 &merge_flow->fl_node, 1469 nfp_flower_table_params)); 1470 kfree_rcu(merge_flow, rcu); 1471 } 1472 1473 void 1474 nfp_flower_del_linked_merge_flows(struct nfp_app *app, 1475 struct nfp_fl_payload *sub_flow) 1476 { 1477 struct nfp_fl_payload_link *link, *temp; 1478 1479 /* Remove any merge flow formed from the deleted sub_flow. */ 1480 list_for_each_entry_safe(link, temp, &sub_flow->linked_flows, 1481 sub_flow.list) 1482 nfp_flower_remove_merge_flow(app, sub_flow, 1483 link->merge_flow.flow); 1484 } 1485 1486 /** 1487 * nfp_flower_del_offload() - Removes a flow from hardware. 1488 * @app: Pointer to the APP handle 1489 * @netdev: netdev structure. 1490 * @flow: TC flower classifier offload structure 1491 * 1492 * Removes a flow from the repeated hash structure and clears the 1493 * action payload. Any flows merged from this are also deleted. 1494 * 1495 * Return: negative value on error, 0 if removed successfully. 1496 */ 1497 static int 1498 nfp_flower_del_offload(struct nfp_app *app, struct net_device *netdev, 1499 struct flow_cls_offload *flow) 1500 { 1501 struct nfp_flower_priv *priv = app->priv; 1502 struct nfp_fl_ct_map_entry *ct_map_ent; 1503 struct netlink_ext_ack *extack = NULL; 1504 struct nfp_fl_payload *nfp_flow; 1505 struct nfp_port *port = NULL; 1506 int err; 1507 1508 extack = flow->common.extack; 1509 if (nfp_netdev_is_nfp_repr(netdev)) 1510 port = nfp_port_from_netdev(netdev); 1511 1512 /* Check ct_map_table */ 1513 ct_map_ent = rhashtable_lookup_fast(&priv->ct_map_table, &flow->cookie, 1514 nfp_ct_map_params); 1515 if (ct_map_ent) { 1516 err = nfp_fl_ct_del_flow(ct_map_ent); 1517 return err; 1518 } 1519 1520 nfp_flow = nfp_flower_search_fl_table(app, flow->cookie, netdev); 1521 if (!nfp_flow) { 1522 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot remove flow that does not exist"); 1523 return -ENOENT; 1524 } 1525 1526 err = nfp_modify_flow_metadata(app, nfp_flow); 1527 if (err) 1528 goto err_free_merge_flow; 1529 1530 if (nfp_flow->nfp_tun_ipv4_addr) 1531 nfp_tunnel_del_ipv4_off(app, nfp_flow->nfp_tun_ipv4_addr); 1532 1533 if (nfp_flow->nfp_tun_ipv6) 1534 nfp_tunnel_put_ipv6_off(app, nfp_flow->nfp_tun_ipv6); 1535 1536 if (!nfp_flow->in_hw) { 1537 err = 0; 1538 goto err_free_merge_flow; 1539 } 1540 1541 if (nfp_flow->pre_tun_rule.dev) 1542 err = nfp_flower_xmit_pre_tun_del_flow(app, nfp_flow); 1543 else 1544 err = nfp_flower_xmit_flow(app, nfp_flow, 1545 NFP_FLOWER_CMSG_TYPE_FLOW_DEL); 1546 /* Fall through on error. */ 1547 1548 err_free_merge_flow: 1549 nfp_flower_del_linked_merge_flows(app, nfp_flow); 1550 if (port) 1551 port->tc_offload_cnt--; 1552 kfree(nfp_flow->action_data); 1553 kfree(nfp_flow->mask_data); 1554 kfree(nfp_flow->unmasked_data); 1555 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table, 1556 &nfp_flow->fl_node, 1557 nfp_flower_table_params)); 1558 kfree_rcu(nfp_flow, rcu); 1559 return err; 1560 } 1561 1562 static void 1563 __nfp_flower_update_merge_stats(struct nfp_app *app, 1564 struct nfp_fl_payload *merge_flow) 1565 { 1566 struct nfp_flower_priv *priv = app->priv; 1567 struct nfp_fl_payload_link *link; 1568 struct nfp_fl_payload *sub_flow; 1569 u64 pkts, bytes, used; 1570 u32 ctx_id; 1571 1572 ctx_id = be32_to_cpu(merge_flow->meta.host_ctx_id); 1573 pkts = priv->stats[ctx_id].pkts; 1574 /* Do not cycle subflows if no stats to distribute. */ 1575 if (!pkts) 1576 return; 1577 bytes = priv->stats[ctx_id].bytes; 1578 used = priv->stats[ctx_id].used; 1579 1580 /* Reset stats for the merge flow. */ 1581 priv->stats[ctx_id].pkts = 0; 1582 priv->stats[ctx_id].bytes = 0; 1583 1584 /* The merge flow has received stats updates from firmware. 1585 * Distribute these stats to all subflows that form the merge. 1586 * The stats will collected from TC via the subflows. 1587 */ 1588 list_for_each_entry(link, &merge_flow->linked_flows, merge_flow.list) { 1589 sub_flow = link->sub_flow.flow; 1590 ctx_id = be32_to_cpu(sub_flow->meta.host_ctx_id); 1591 priv->stats[ctx_id].pkts += pkts; 1592 priv->stats[ctx_id].bytes += bytes; 1593 priv->stats[ctx_id].used = max_t(u64, used, 1594 priv->stats[ctx_id].used); 1595 } 1596 } 1597 1598 void 1599 nfp_flower_update_merge_stats(struct nfp_app *app, 1600 struct nfp_fl_payload *sub_flow) 1601 { 1602 struct nfp_fl_payload_link *link; 1603 1604 /* Get merge flows that the subflow forms to distribute their stats. */ 1605 list_for_each_entry(link, &sub_flow->linked_flows, sub_flow.list) 1606 __nfp_flower_update_merge_stats(app, link->merge_flow.flow); 1607 } 1608 1609 /** 1610 * nfp_flower_get_stats() - Populates flow stats obtained from hardware. 1611 * @app: Pointer to the APP handle 1612 * @netdev: Netdev structure. 1613 * @flow: TC flower classifier offload structure 1614 * 1615 * Populates a flow statistics structure which which corresponds to a 1616 * specific flow. 1617 * 1618 * Return: negative value on error, 0 if stats populated successfully. 1619 */ 1620 static int 1621 nfp_flower_get_stats(struct nfp_app *app, struct net_device *netdev, 1622 struct flow_cls_offload *flow) 1623 { 1624 struct nfp_flower_priv *priv = app->priv; 1625 struct nfp_fl_ct_map_entry *ct_map_ent; 1626 struct netlink_ext_ack *extack = NULL; 1627 struct nfp_fl_payload *nfp_flow; 1628 u32 ctx_id; 1629 1630 /* Check ct_map table first */ 1631 ct_map_ent = rhashtable_lookup_fast(&priv->ct_map_table, &flow->cookie, 1632 nfp_ct_map_params); 1633 if (ct_map_ent) 1634 return nfp_fl_ct_stats(flow, ct_map_ent); 1635 1636 extack = flow->common.extack; 1637 nfp_flow = nfp_flower_search_fl_table(app, flow->cookie, netdev); 1638 if (!nfp_flow) { 1639 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot dump stats for flow that does not exist"); 1640 return -EINVAL; 1641 } 1642 1643 ctx_id = be32_to_cpu(nfp_flow->meta.host_ctx_id); 1644 1645 spin_lock_bh(&priv->stats_lock); 1646 /* If request is for a sub_flow, update stats from merged flows. */ 1647 if (!list_empty(&nfp_flow->linked_flows)) 1648 nfp_flower_update_merge_stats(app, nfp_flow); 1649 1650 flow_stats_update(&flow->stats, priv->stats[ctx_id].bytes, 1651 priv->stats[ctx_id].pkts, 0, priv->stats[ctx_id].used, 1652 FLOW_ACTION_HW_STATS_DELAYED); 1653 1654 priv->stats[ctx_id].pkts = 0; 1655 priv->stats[ctx_id].bytes = 0; 1656 spin_unlock_bh(&priv->stats_lock); 1657 1658 return 0; 1659 } 1660 1661 static int 1662 nfp_flower_repr_offload(struct nfp_app *app, struct net_device *netdev, 1663 struct flow_cls_offload *flower) 1664 { 1665 if (!eth_proto_is_802_3(flower->common.protocol)) 1666 return -EOPNOTSUPP; 1667 1668 switch (flower->command) { 1669 case FLOW_CLS_REPLACE: 1670 return nfp_flower_add_offload(app, netdev, flower); 1671 case FLOW_CLS_DESTROY: 1672 return nfp_flower_del_offload(app, netdev, flower); 1673 case FLOW_CLS_STATS: 1674 return nfp_flower_get_stats(app, netdev, flower); 1675 default: 1676 return -EOPNOTSUPP; 1677 } 1678 } 1679 1680 static int nfp_flower_setup_tc_block_cb(enum tc_setup_type type, 1681 void *type_data, void *cb_priv) 1682 { 1683 struct flow_cls_common_offload *common = type_data; 1684 struct nfp_repr *repr = cb_priv; 1685 1686 if (!tc_can_offload_extack(repr->netdev, common->extack)) 1687 return -EOPNOTSUPP; 1688 1689 switch (type) { 1690 case TC_SETUP_CLSFLOWER: 1691 return nfp_flower_repr_offload(repr->app, repr->netdev, 1692 type_data); 1693 case TC_SETUP_CLSMATCHALL: 1694 return nfp_flower_setup_qos_offload(repr->app, repr->netdev, 1695 type_data); 1696 default: 1697 return -EOPNOTSUPP; 1698 } 1699 } 1700 1701 static LIST_HEAD(nfp_block_cb_list); 1702 1703 static int nfp_flower_setup_tc_block(struct net_device *netdev, 1704 struct flow_block_offload *f) 1705 { 1706 struct nfp_repr *repr = netdev_priv(netdev); 1707 struct nfp_flower_repr_priv *repr_priv; 1708 struct flow_block_cb *block_cb; 1709 1710 if (f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS) 1711 return -EOPNOTSUPP; 1712 1713 repr_priv = repr->app_priv; 1714 repr_priv->block_shared = f->block_shared; 1715 f->driver_block_list = &nfp_block_cb_list; 1716 1717 switch (f->command) { 1718 case FLOW_BLOCK_BIND: 1719 if (flow_block_cb_is_busy(nfp_flower_setup_tc_block_cb, repr, 1720 &nfp_block_cb_list)) 1721 return -EBUSY; 1722 1723 block_cb = flow_block_cb_alloc(nfp_flower_setup_tc_block_cb, 1724 repr, repr, NULL); 1725 if (IS_ERR(block_cb)) 1726 return PTR_ERR(block_cb); 1727 1728 flow_block_cb_add(block_cb, f); 1729 list_add_tail(&block_cb->driver_list, &nfp_block_cb_list); 1730 return 0; 1731 case FLOW_BLOCK_UNBIND: 1732 block_cb = flow_block_cb_lookup(f->block, 1733 nfp_flower_setup_tc_block_cb, 1734 repr); 1735 if (!block_cb) 1736 return -ENOENT; 1737 1738 flow_block_cb_remove(block_cb, f); 1739 list_del(&block_cb->driver_list); 1740 return 0; 1741 default: 1742 return -EOPNOTSUPP; 1743 } 1744 } 1745 1746 int nfp_flower_setup_tc(struct nfp_app *app, struct net_device *netdev, 1747 enum tc_setup_type type, void *type_data) 1748 { 1749 switch (type) { 1750 case TC_SETUP_BLOCK: 1751 return nfp_flower_setup_tc_block(netdev, type_data); 1752 default: 1753 return -EOPNOTSUPP; 1754 } 1755 } 1756 1757 struct nfp_flower_indr_block_cb_priv { 1758 struct net_device *netdev; 1759 struct nfp_app *app; 1760 struct list_head list; 1761 }; 1762 1763 static struct nfp_flower_indr_block_cb_priv * 1764 nfp_flower_indr_block_cb_priv_lookup(struct nfp_app *app, 1765 struct net_device *netdev) 1766 { 1767 struct nfp_flower_indr_block_cb_priv *cb_priv; 1768 struct nfp_flower_priv *priv = app->priv; 1769 1770 list_for_each_entry(cb_priv, &priv->indr_block_cb_priv, list) 1771 if (cb_priv->netdev == netdev) 1772 return cb_priv; 1773 1774 return NULL; 1775 } 1776 1777 static int nfp_flower_setup_indr_block_cb(enum tc_setup_type type, 1778 void *type_data, void *cb_priv) 1779 { 1780 struct nfp_flower_indr_block_cb_priv *priv = cb_priv; 1781 1782 switch (type) { 1783 case TC_SETUP_CLSFLOWER: 1784 return nfp_flower_repr_offload(priv->app, priv->netdev, 1785 type_data); 1786 default: 1787 return -EOPNOTSUPP; 1788 } 1789 } 1790 1791 void nfp_flower_setup_indr_tc_release(void *cb_priv) 1792 { 1793 struct nfp_flower_indr_block_cb_priv *priv = cb_priv; 1794 1795 list_del(&priv->list); 1796 kfree(priv); 1797 } 1798 1799 static int 1800 nfp_flower_setup_indr_tc_block(struct net_device *netdev, struct Qdisc *sch, struct nfp_app *app, 1801 struct flow_block_offload *f, void *data, 1802 void (*cleanup)(struct flow_block_cb *block_cb)) 1803 { 1804 struct nfp_flower_indr_block_cb_priv *cb_priv; 1805 struct nfp_flower_priv *priv = app->priv; 1806 struct flow_block_cb *block_cb; 1807 1808 if ((f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS && 1809 !nfp_flower_internal_port_can_offload(app, netdev)) || 1810 (f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_EGRESS && 1811 nfp_flower_internal_port_can_offload(app, netdev))) 1812 return -EOPNOTSUPP; 1813 1814 switch (f->command) { 1815 case FLOW_BLOCK_BIND: 1816 cb_priv = nfp_flower_indr_block_cb_priv_lookup(app, netdev); 1817 if (cb_priv && 1818 flow_block_cb_is_busy(nfp_flower_setup_indr_block_cb, 1819 cb_priv, 1820 &nfp_block_cb_list)) 1821 return -EBUSY; 1822 1823 cb_priv = kmalloc(sizeof(*cb_priv), GFP_KERNEL); 1824 if (!cb_priv) 1825 return -ENOMEM; 1826 1827 cb_priv->netdev = netdev; 1828 cb_priv->app = app; 1829 list_add(&cb_priv->list, &priv->indr_block_cb_priv); 1830 1831 block_cb = flow_indr_block_cb_alloc(nfp_flower_setup_indr_block_cb, 1832 cb_priv, cb_priv, 1833 nfp_flower_setup_indr_tc_release, 1834 f, netdev, sch, data, app, cleanup); 1835 if (IS_ERR(block_cb)) { 1836 list_del(&cb_priv->list); 1837 kfree(cb_priv); 1838 return PTR_ERR(block_cb); 1839 } 1840 1841 flow_block_cb_add(block_cb, f); 1842 list_add_tail(&block_cb->driver_list, &nfp_block_cb_list); 1843 return 0; 1844 case FLOW_BLOCK_UNBIND: 1845 cb_priv = nfp_flower_indr_block_cb_priv_lookup(app, netdev); 1846 if (!cb_priv) 1847 return -ENOENT; 1848 1849 block_cb = flow_block_cb_lookup(f->block, 1850 nfp_flower_setup_indr_block_cb, 1851 cb_priv); 1852 if (!block_cb) 1853 return -ENOENT; 1854 1855 flow_indr_block_cb_remove(block_cb, f); 1856 list_del(&block_cb->driver_list); 1857 return 0; 1858 default: 1859 return -EOPNOTSUPP; 1860 } 1861 return 0; 1862 } 1863 1864 int 1865 nfp_flower_indr_setup_tc_cb(struct net_device *netdev, struct Qdisc *sch, void *cb_priv, 1866 enum tc_setup_type type, void *type_data, 1867 void *data, 1868 void (*cleanup)(struct flow_block_cb *block_cb)) 1869 { 1870 if (!netdev) 1871 return -EOPNOTSUPP; 1872 1873 if (!nfp_fl_is_netdev_to_offload(netdev)) 1874 return -EOPNOTSUPP; 1875 1876 switch (type) { 1877 case TC_SETUP_BLOCK: 1878 return nfp_flower_setup_indr_tc_block(netdev, sch, cb_priv, 1879 type_data, data, cleanup); 1880 default: 1881 return -EOPNOTSUPP; 1882 } 1883 } 1884