1 // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 2 /* Copyright (C) 2017-2018 Netronome Systems, Inc. */ 3 4 #include <linux/skbuff.h> 5 #include <net/devlink.h> 6 #include <net/pkt_cls.h> 7 8 #include "cmsg.h" 9 #include "main.h" 10 #include "../nfpcore/nfp_cpp.h" 11 #include "../nfpcore/nfp_nsp.h" 12 #include "../nfp_app.h" 13 #include "../nfp_main.h" 14 #include "../nfp_net.h" 15 #include "../nfp_port.h" 16 17 #define NFP_FLOWER_SUPPORTED_TCPFLAGS \ 18 (TCPHDR_FIN | TCPHDR_SYN | TCPHDR_RST | \ 19 TCPHDR_PSH | TCPHDR_URG) 20 21 #define NFP_FLOWER_SUPPORTED_CTLFLAGS \ 22 (FLOW_DIS_IS_FRAGMENT | \ 23 FLOW_DIS_FIRST_FRAG) 24 25 #define NFP_FLOWER_WHITELIST_DISSECTOR \ 26 (BIT(FLOW_DISSECTOR_KEY_CONTROL) | \ 27 BIT(FLOW_DISSECTOR_KEY_BASIC) | \ 28 BIT(FLOW_DISSECTOR_KEY_IPV4_ADDRS) | \ 29 BIT(FLOW_DISSECTOR_KEY_IPV6_ADDRS) | \ 30 BIT(FLOW_DISSECTOR_KEY_TCP) | \ 31 BIT(FLOW_DISSECTOR_KEY_PORTS) | \ 32 BIT(FLOW_DISSECTOR_KEY_ETH_ADDRS) | \ 33 BIT(FLOW_DISSECTOR_KEY_VLAN) | \ 34 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) | \ 35 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | \ 36 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | \ 37 BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 38 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS) | \ 39 BIT(FLOW_DISSECTOR_KEY_ENC_OPTS) | \ 40 BIT(FLOW_DISSECTOR_KEY_ENC_IP) | \ 41 BIT(FLOW_DISSECTOR_KEY_MPLS) | \ 42 BIT(FLOW_DISSECTOR_KEY_IP)) 43 44 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR \ 45 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 46 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) | \ 47 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | \ 48 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | \ 49 BIT(FLOW_DISSECTOR_KEY_ENC_OPTS) | \ 50 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS) | \ 51 BIT(FLOW_DISSECTOR_KEY_ENC_IP)) 52 53 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R \ 54 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 55 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS)) 56 57 #define NFP_FLOWER_MERGE_FIELDS \ 58 (NFP_FLOWER_LAYER_PORT | \ 59 NFP_FLOWER_LAYER_MAC | \ 60 NFP_FLOWER_LAYER_TP | \ 61 NFP_FLOWER_LAYER_IPV4 | \ 62 NFP_FLOWER_LAYER_IPV6) 63 64 struct nfp_flower_merge_check { 65 union { 66 struct { 67 __be16 tci; 68 struct nfp_flower_mac_mpls l2; 69 struct nfp_flower_tp_ports l4; 70 union { 71 struct nfp_flower_ipv4 ipv4; 72 struct nfp_flower_ipv6 ipv6; 73 }; 74 }; 75 unsigned long vals[8]; 76 }; 77 }; 78 79 static int 80 nfp_flower_xmit_flow(struct nfp_app *app, struct nfp_fl_payload *nfp_flow, 81 u8 mtype) 82 { 83 u32 meta_len, key_len, mask_len, act_len, tot_len; 84 struct sk_buff *skb; 85 unsigned char *msg; 86 87 meta_len = sizeof(struct nfp_fl_rule_metadata); 88 key_len = nfp_flow->meta.key_len; 89 mask_len = nfp_flow->meta.mask_len; 90 act_len = nfp_flow->meta.act_len; 91 92 tot_len = meta_len + key_len + mask_len + act_len; 93 94 /* Convert to long words as firmware expects 95 * lengths in units of NFP_FL_LW_SIZ. 96 */ 97 nfp_flow->meta.key_len >>= NFP_FL_LW_SIZ; 98 nfp_flow->meta.mask_len >>= NFP_FL_LW_SIZ; 99 nfp_flow->meta.act_len >>= NFP_FL_LW_SIZ; 100 101 skb = nfp_flower_cmsg_alloc(app, tot_len, mtype, GFP_KERNEL); 102 if (!skb) 103 return -ENOMEM; 104 105 msg = nfp_flower_cmsg_get_data(skb); 106 memcpy(msg, &nfp_flow->meta, meta_len); 107 memcpy(&msg[meta_len], nfp_flow->unmasked_data, key_len); 108 memcpy(&msg[meta_len + key_len], nfp_flow->mask_data, mask_len); 109 memcpy(&msg[meta_len + key_len + mask_len], 110 nfp_flow->action_data, act_len); 111 112 /* Convert back to bytes as software expects 113 * lengths in units of bytes. 114 */ 115 nfp_flow->meta.key_len <<= NFP_FL_LW_SIZ; 116 nfp_flow->meta.mask_len <<= NFP_FL_LW_SIZ; 117 nfp_flow->meta.act_len <<= NFP_FL_LW_SIZ; 118 119 nfp_ctrl_tx(app->ctrl, skb); 120 121 return 0; 122 } 123 124 static bool nfp_flower_check_higher_than_mac(struct flow_cls_offload *f) 125 { 126 struct flow_rule *rule = flow_cls_offload_flow_rule(f); 127 128 return flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS) || 129 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS) || 130 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS) || 131 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ICMP); 132 } 133 134 static bool nfp_flower_check_higher_than_l3(struct flow_cls_offload *f) 135 { 136 struct flow_rule *rule = flow_cls_offload_flow_rule(f); 137 138 return flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS) || 139 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ICMP); 140 } 141 142 static int 143 nfp_flower_calc_opt_layer(struct flow_dissector_key_enc_opts *enc_opts, 144 u32 *key_layer_two, int *key_size, 145 struct netlink_ext_ack *extack) 146 { 147 if (enc_opts->len > NFP_FL_MAX_GENEVE_OPT_KEY) { 148 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: geneve options exceed maximum length"); 149 return -EOPNOTSUPP; 150 } 151 152 if (enc_opts->len > 0) { 153 *key_layer_two |= NFP_FLOWER_LAYER2_GENEVE_OP; 154 *key_size += sizeof(struct nfp_flower_geneve_options); 155 } 156 157 return 0; 158 } 159 160 static int 161 nfp_flower_calc_udp_tun_layer(struct flow_dissector_key_ports *enc_ports, 162 struct flow_dissector_key_enc_opts *enc_op, 163 u32 *key_layer_two, u8 *key_layer, int *key_size, 164 struct nfp_flower_priv *priv, 165 enum nfp_flower_tun_type *tun_type, 166 struct netlink_ext_ack *extack) 167 { 168 int err; 169 170 switch (enc_ports->dst) { 171 case htons(IANA_VXLAN_UDP_PORT): 172 *tun_type = NFP_FL_TUNNEL_VXLAN; 173 *key_layer |= NFP_FLOWER_LAYER_VXLAN; 174 *key_size += sizeof(struct nfp_flower_ipv4_udp_tun); 175 176 if (enc_op) { 177 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: encap options not supported on vxlan tunnels"); 178 return -EOPNOTSUPP; 179 } 180 break; 181 case htons(GENEVE_UDP_PORT): 182 if (!(priv->flower_ext_feats & NFP_FL_FEATS_GENEVE)) { 183 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support geneve offload"); 184 return -EOPNOTSUPP; 185 } 186 *tun_type = NFP_FL_TUNNEL_GENEVE; 187 *key_layer |= NFP_FLOWER_LAYER_EXT_META; 188 *key_size += sizeof(struct nfp_flower_ext_meta); 189 *key_layer_two |= NFP_FLOWER_LAYER2_GENEVE; 190 *key_size += sizeof(struct nfp_flower_ipv4_udp_tun); 191 192 if (!enc_op) 193 break; 194 if (!(priv->flower_ext_feats & NFP_FL_FEATS_GENEVE_OPT)) { 195 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support geneve option offload"); 196 return -EOPNOTSUPP; 197 } 198 err = nfp_flower_calc_opt_layer(enc_op, key_layer_two, 199 key_size, extack); 200 if (err) 201 return err; 202 break; 203 default: 204 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel type unknown"); 205 return -EOPNOTSUPP; 206 } 207 208 return 0; 209 } 210 211 static int 212 nfp_flower_calculate_key_layers(struct nfp_app *app, 213 struct net_device *netdev, 214 struct nfp_fl_key_ls *ret_key_ls, 215 struct flow_cls_offload *flow, 216 enum nfp_flower_tun_type *tun_type, 217 struct netlink_ext_ack *extack) 218 { 219 struct flow_rule *rule = flow_cls_offload_flow_rule(flow); 220 struct flow_dissector *dissector = rule->match.dissector; 221 struct flow_match_basic basic = { NULL, NULL}; 222 struct nfp_flower_priv *priv = app->priv; 223 u32 key_layer_two; 224 u8 key_layer; 225 int key_size; 226 int err; 227 228 if (dissector->used_keys & ~NFP_FLOWER_WHITELIST_DISSECTOR) { 229 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match not supported"); 230 return -EOPNOTSUPP; 231 } 232 233 /* If any tun dissector is used then the required set must be used. */ 234 if (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR && 235 (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R) 236 != NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R) { 237 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel match not supported"); 238 return -EOPNOTSUPP; 239 } 240 241 key_layer_two = 0; 242 key_layer = NFP_FLOWER_LAYER_PORT; 243 key_size = sizeof(struct nfp_flower_meta_tci) + 244 sizeof(struct nfp_flower_in_port); 245 246 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS) || 247 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_MPLS)) { 248 key_layer |= NFP_FLOWER_LAYER_MAC; 249 key_size += sizeof(struct nfp_flower_mac_mpls); 250 } 251 252 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN)) { 253 struct flow_match_vlan vlan; 254 255 flow_rule_match_vlan(rule, &vlan); 256 if (!(priv->flower_ext_feats & NFP_FL_FEATS_VLAN_PCP) && 257 vlan.key->vlan_priority) { 258 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support VLAN PCP offload"); 259 return -EOPNOTSUPP; 260 } 261 } 262 263 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_CONTROL)) { 264 struct flow_match_enc_opts enc_op = { NULL, NULL }; 265 struct flow_match_ipv4_addrs ipv4_addrs; 266 struct flow_match_control enc_ctl; 267 struct flow_match_ports enc_ports; 268 269 flow_rule_match_enc_control(rule, &enc_ctl); 270 271 if (enc_ctl.mask->addr_type != 0xffff) { 272 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: wildcarded protocols on tunnels are not supported"); 273 return -EOPNOTSUPP; 274 } 275 if (enc_ctl.key->addr_type != FLOW_DISSECTOR_KEY_IPV4_ADDRS) { 276 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only IPv4 tunnels are supported"); 277 return -EOPNOTSUPP; 278 } 279 280 /* These fields are already verified as used. */ 281 flow_rule_match_enc_ipv4_addrs(rule, &ipv4_addrs); 282 if (ipv4_addrs.mask->dst != cpu_to_be32(~0)) { 283 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match IPv4 destination address is supported"); 284 return -EOPNOTSUPP; 285 } 286 287 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS)) 288 flow_rule_match_enc_opts(rule, &enc_op); 289 290 291 if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS)) { 292 /* check if GRE, which has no enc_ports */ 293 if (netif_is_gretap(netdev)) { 294 *tun_type = NFP_FL_TUNNEL_GRE; 295 key_layer |= NFP_FLOWER_LAYER_EXT_META; 296 key_size += sizeof(struct nfp_flower_ext_meta); 297 key_layer_two |= NFP_FLOWER_LAYER2_GRE; 298 key_size += 299 sizeof(struct nfp_flower_ipv4_gre_tun); 300 301 if (enc_op.key) { 302 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: encap options not supported on GRE tunnels"); 303 return -EOPNOTSUPP; 304 } 305 } else { 306 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: an exact match on L4 destination port is required for non-GRE tunnels"); 307 return -EOPNOTSUPP; 308 } 309 } else { 310 flow_rule_match_enc_ports(rule, &enc_ports); 311 if (enc_ports.mask->dst != cpu_to_be16(~0)) { 312 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match L4 destination port is supported"); 313 return -EOPNOTSUPP; 314 } 315 316 err = nfp_flower_calc_udp_tun_layer(enc_ports.key, 317 enc_op.key, 318 &key_layer_two, 319 &key_layer, 320 &key_size, priv, 321 tun_type, extack); 322 if (err) 323 return err; 324 325 /* Ensure the ingress netdev matches the expected 326 * tun type. 327 */ 328 if (!nfp_fl_netdev_is_tunnel_type(netdev, *tun_type)) { 329 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: ingress netdev does not match the expected tunnel type"); 330 return -EOPNOTSUPP; 331 } 332 } 333 } 334 335 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) 336 flow_rule_match_basic(rule, &basic); 337 338 if (basic.mask && basic.mask->n_proto) { 339 /* Ethernet type is present in the key. */ 340 switch (basic.key->n_proto) { 341 case cpu_to_be16(ETH_P_IP): 342 key_layer |= NFP_FLOWER_LAYER_IPV4; 343 key_size += sizeof(struct nfp_flower_ipv4); 344 break; 345 346 case cpu_to_be16(ETH_P_IPV6): 347 key_layer |= NFP_FLOWER_LAYER_IPV6; 348 key_size += sizeof(struct nfp_flower_ipv6); 349 break; 350 351 /* Currently we do not offload ARP 352 * because we rely on it to get to the host. 353 */ 354 case cpu_to_be16(ETH_P_ARP): 355 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: ARP not supported"); 356 return -EOPNOTSUPP; 357 358 case cpu_to_be16(ETH_P_MPLS_UC): 359 case cpu_to_be16(ETH_P_MPLS_MC): 360 if (!(key_layer & NFP_FLOWER_LAYER_MAC)) { 361 key_layer |= NFP_FLOWER_LAYER_MAC; 362 key_size += sizeof(struct nfp_flower_mac_mpls); 363 } 364 break; 365 366 /* Will be included in layer 2. */ 367 case cpu_to_be16(ETH_P_8021Q): 368 break; 369 370 default: 371 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on given EtherType is not supported"); 372 return -EOPNOTSUPP; 373 } 374 } else if (nfp_flower_check_higher_than_mac(flow)) { 375 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: cannot match above L2 without specified EtherType"); 376 return -EOPNOTSUPP; 377 } 378 379 if (basic.mask && basic.mask->ip_proto) { 380 switch (basic.key->ip_proto) { 381 case IPPROTO_TCP: 382 case IPPROTO_UDP: 383 case IPPROTO_SCTP: 384 case IPPROTO_ICMP: 385 case IPPROTO_ICMPV6: 386 key_layer |= NFP_FLOWER_LAYER_TP; 387 key_size += sizeof(struct nfp_flower_tp_ports); 388 break; 389 } 390 } 391 392 if (!(key_layer & NFP_FLOWER_LAYER_TP) && 393 nfp_flower_check_higher_than_l3(flow)) { 394 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: cannot match on L4 information without specified IP protocol type"); 395 return -EOPNOTSUPP; 396 } 397 398 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_TCP)) { 399 struct flow_match_tcp tcp; 400 u32 tcp_flags; 401 402 flow_rule_match_tcp(rule, &tcp); 403 tcp_flags = be16_to_cpu(tcp.key->flags); 404 405 if (tcp_flags & ~NFP_FLOWER_SUPPORTED_TCPFLAGS) { 406 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: no match support for selected TCP flags"); 407 return -EOPNOTSUPP; 408 } 409 410 /* We only support PSH and URG flags when either 411 * FIN, SYN or RST is present as well. 412 */ 413 if ((tcp_flags & (TCPHDR_PSH | TCPHDR_URG)) && 414 !(tcp_flags & (TCPHDR_FIN | TCPHDR_SYN | TCPHDR_RST))) { 415 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: PSH and URG is only supported when used with FIN, SYN or RST"); 416 return -EOPNOTSUPP; 417 } 418 419 /* We need to store TCP flags in the either the IPv4 or IPv6 key 420 * space, thus we need to ensure we include a IPv4/IPv6 key 421 * layer if we have not done so already. 422 */ 423 if (!basic.key) { 424 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on TCP flags requires a match on L3 protocol"); 425 return -EOPNOTSUPP; 426 } 427 428 if (!(key_layer & NFP_FLOWER_LAYER_IPV4) && 429 !(key_layer & NFP_FLOWER_LAYER_IPV6)) { 430 switch (basic.key->n_proto) { 431 case cpu_to_be16(ETH_P_IP): 432 key_layer |= NFP_FLOWER_LAYER_IPV4; 433 key_size += sizeof(struct nfp_flower_ipv4); 434 break; 435 436 case cpu_to_be16(ETH_P_IPV6): 437 key_layer |= NFP_FLOWER_LAYER_IPV6; 438 key_size += sizeof(struct nfp_flower_ipv6); 439 break; 440 441 default: 442 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on TCP flags requires a match on IPv4/IPv6"); 443 return -EOPNOTSUPP; 444 } 445 } 446 } 447 448 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) { 449 struct flow_match_control ctl; 450 451 flow_rule_match_control(rule, &ctl); 452 if (ctl.key->flags & ~NFP_FLOWER_SUPPORTED_CTLFLAGS) { 453 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on unknown control flag"); 454 return -EOPNOTSUPP; 455 } 456 } 457 458 ret_key_ls->key_layer = key_layer; 459 ret_key_ls->key_layer_two = key_layer_two; 460 ret_key_ls->key_size = key_size; 461 462 return 0; 463 } 464 465 static struct nfp_fl_payload * 466 nfp_flower_allocate_new(struct nfp_fl_key_ls *key_layer) 467 { 468 struct nfp_fl_payload *flow_pay; 469 470 flow_pay = kmalloc(sizeof(*flow_pay), GFP_KERNEL); 471 if (!flow_pay) 472 return NULL; 473 474 flow_pay->meta.key_len = key_layer->key_size; 475 flow_pay->unmasked_data = kmalloc(key_layer->key_size, GFP_KERNEL); 476 if (!flow_pay->unmasked_data) 477 goto err_free_flow; 478 479 flow_pay->meta.mask_len = key_layer->key_size; 480 flow_pay->mask_data = kmalloc(key_layer->key_size, GFP_KERNEL); 481 if (!flow_pay->mask_data) 482 goto err_free_unmasked; 483 484 flow_pay->action_data = kmalloc(NFP_FL_MAX_A_SIZ, GFP_KERNEL); 485 if (!flow_pay->action_data) 486 goto err_free_mask; 487 488 flow_pay->nfp_tun_ipv4_addr = 0; 489 flow_pay->meta.flags = 0; 490 INIT_LIST_HEAD(&flow_pay->linked_flows); 491 flow_pay->in_hw = false; 492 493 return flow_pay; 494 495 err_free_mask: 496 kfree(flow_pay->mask_data); 497 err_free_unmasked: 498 kfree(flow_pay->unmasked_data); 499 err_free_flow: 500 kfree(flow_pay); 501 return NULL; 502 } 503 504 static int 505 nfp_flower_update_merge_with_actions(struct nfp_fl_payload *flow, 506 struct nfp_flower_merge_check *merge, 507 u8 *last_act_id, int *act_out) 508 { 509 struct nfp_fl_set_ipv6_tc_hl_fl *ipv6_tc_hl_fl; 510 struct nfp_fl_set_ip4_ttl_tos *ipv4_ttl_tos; 511 struct nfp_fl_set_ip4_addrs *ipv4_add; 512 struct nfp_fl_set_ipv6_addr *ipv6_add; 513 struct nfp_fl_push_vlan *push_vlan; 514 struct nfp_fl_set_tport *tport; 515 struct nfp_fl_set_eth *eth; 516 struct nfp_fl_act_head *a; 517 unsigned int act_off = 0; 518 u8 act_id = 0; 519 u8 *ports; 520 int i; 521 522 while (act_off < flow->meta.act_len) { 523 a = (struct nfp_fl_act_head *)&flow->action_data[act_off]; 524 act_id = a->jump_id; 525 526 switch (act_id) { 527 case NFP_FL_ACTION_OPCODE_OUTPUT: 528 if (act_out) 529 (*act_out)++; 530 break; 531 case NFP_FL_ACTION_OPCODE_PUSH_VLAN: 532 push_vlan = (struct nfp_fl_push_vlan *)a; 533 if (push_vlan->vlan_tci) 534 merge->tci = cpu_to_be16(0xffff); 535 break; 536 case NFP_FL_ACTION_OPCODE_POP_VLAN: 537 merge->tci = cpu_to_be16(0); 538 break; 539 case NFP_FL_ACTION_OPCODE_SET_IPV4_TUNNEL: 540 /* New tunnel header means l2 to l4 can be matched. */ 541 eth_broadcast_addr(&merge->l2.mac_dst[0]); 542 eth_broadcast_addr(&merge->l2.mac_src[0]); 543 memset(&merge->l4, 0xff, 544 sizeof(struct nfp_flower_tp_ports)); 545 memset(&merge->ipv4, 0xff, 546 sizeof(struct nfp_flower_ipv4)); 547 break; 548 case NFP_FL_ACTION_OPCODE_SET_ETHERNET: 549 eth = (struct nfp_fl_set_eth *)a; 550 for (i = 0; i < ETH_ALEN; i++) 551 merge->l2.mac_dst[i] |= eth->eth_addr_mask[i]; 552 for (i = 0; i < ETH_ALEN; i++) 553 merge->l2.mac_src[i] |= 554 eth->eth_addr_mask[ETH_ALEN + i]; 555 break; 556 case NFP_FL_ACTION_OPCODE_SET_IPV4_ADDRS: 557 ipv4_add = (struct nfp_fl_set_ip4_addrs *)a; 558 merge->ipv4.ipv4_src |= ipv4_add->ipv4_src_mask; 559 merge->ipv4.ipv4_dst |= ipv4_add->ipv4_dst_mask; 560 break; 561 case NFP_FL_ACTION_OPCODE_SET_IPV4_TTL_TOS: 562 ipv4_ttl_tos = (struct nfp_fl_set_ip4_ttl_tos *)a; 563 merge->ipv4.ip_ext.ttl |= ipv4_ttl_tos->ipv4_ttl_mask; 564 merge->ipv4.ip_ext.tos |= ipv4_ttl_tos->ipv4_tos_mask; 565 break; 566 case NFP_FL_ACTION_OPCODE_SET_IPV6_SRC: 567 ipv6_add = (struct nfp_fl_set_ipv6_addr *)a; 568 for (i = 0; i < 4; i++) 569 merge->ipv6.ipv6_src.in6_u.u6_addr32[i] |= 570 ipv6_add->ipv6[i].mask; 571 break; 572 case NFP_FL_ACTION_OPCODE_SET_IPV6_DST: 573 ipv6_add = (struct nfp_fl_set_ipv6_addr *)a; 574 for (i = 0; i < 4; i++) 575 merge->ipv6.ipv6_dst.in6_u.u6_addr32[i] |= 576 ipv6_add->ipv6[i].mask; 577 break; 578 case NFP_FL_ACTION_OPCODE_SET_IPV6_TC_HL_FL: 579 ipv6_tc_hl_fl = (struct nfp_fl_set_ipv6_tc_hl_fl *)a; 580 merge->ipv6.ip_ext.ttl |= 581 ipv6_tc_hl_fl->ipv6_hop_limit_mask; 582 merge->ipv6.ip_ext.tos |= ipv6_tc_hl_fl->ipv6_tc_mask; 583 merge->ipv6.ipv6_flow_label_exthdr |= 584 ipv6_tc_hl_fl->ipv6_label_mask; 585 break; 586 case NFP_FL_ACTION_OPCODE_SET_UDP: 587 case NFP_FL_ACTION_OPCODE_SET_TCP: 588 tport = (struct nfp_fl_set_tport *)a; 589 ports = (u8 *)&merge->l4.port_src; 590 for (i = 0; i < 4; i++) 591 ports[i] |= tport->tp_port_mask[i]; 592 break; 593 case NFP_FL_ACTION_OPCODE_PRE_TUNNEL: 594 case NFP_FL_ACTION_OPCODE_PRE_LAG: 595 case NFP_FL_ACTION_OPCODE_PUSH_GENEVE: 596 break; 597 default: 598 return -EOPNOTSUPP; 599 } 600 601 act_off += a->len_lw << NFP_FL_LW_SIZ; 602 } 603 604 if (last_act_id) 605 *last_act_id = act_id; 606 607 return 0; 608 } 609 610 static int 611 nfp_flower_populate_merge_match(struct nfp_fl_payload *flow, 612 struct nfp_flower_merge_check *merge, 613 bool extra_fields) 614 { 615 struct nfp_flower_meta_tci *meta_tci; 616 u8 *mask = flow->mask_data; 617 u8 key_layer, match_size; 618 619 memset(merge, 0, sizeof(struct nfp_flower_merge_check)); 620 621 meta_tci = (struct nfp_flower_meta_tci *)mask; 622 key_layer = meta_tci->nfp_flow_key_layer; 623 624 if (key_layer & ~NFP_FLOWER_MERGE_FIELDS && !extra_fields) 625 return -EOPNOTSUPP; 626 627 merge->tci = meta_tci->tci; 628 mask += sizeof(struct nfp_flower_meta_tci); 629 630 if (key_layer & NFP_FLOWER_LAYER_EXT_META) 631 mask += sizeof(struct nfp_flower_ext_meta); 632 633 mask += sizeof(struct nfp_flower_in_port); 634 635 if (key_layer & NFP_FLOWER_LAYER_MAC) { 636 match_size = sizeof(struct nfp_flower_mac_mpls); 637 memcpy(&merge->l2, mask, match_size); 638 mask += match_size; 639 } 640 641 if (key_layer & NFP_FLOWER_LAYER_TP) { 642 match_size = sizeof(struct nfp_flower_tp_ports); 643 memcpy(&merge->l4, mask, match_size); 644 mask += match_size; 645 } 646 647 if (key_layer & NFP_FLOWER_LAYER_IPV4) { 648 match_size = sizeof(struct nfp_flower_ipv4); 649 memcpy(&merge->ipv4, mask, match_size); 650 } 651 652 if (key_layer & NFP_FLOWER_LAYER_IPV6) { 653 match_size = sizeof(struct nfp_flower_ipv6); 654 memcpy(&merge->ipv6, mask, match_size); 655 } 656 657 return 0; 658 } 659 660 static int 661 nfp_flower_can_merge(struct nfp_fl_payload *sub_flow1, 662 struct nfp_fl_payload *sub_flow2) 663 { 664 /* Two flows can be merged if sub_flow2 only matches on bits that are 665 * either matched by sub_flow1 or set by a sub_flow1 action. This 666 * ensures that every packet that hits sub_flow1 and recirculates is 667 * guaranteed to hit sub_flow2. 668 */ 669 struct nfp_flower_merge_check sub_flow1_merge, sub_flow2_merge; 670 int err, act_out = 0; 671 u8 last_act_id = 0; 672 673 err = nfp_flower_populate_merge_match(sub_flow1, &sub_flow1_merge, 674 true); 675 if (err) 676 return err; 677 678 err = nfp_flower_populate_merge_match(sub_flow2, &sub_flow2_merge, 679 false); 680 if (err) 681 return err; 682 683 err = nfp_flower_update_merge_with_actions(sub_flow1, &sub_flow1_merge, 684 &last_act_id, &act_out); 685 if (err) 686 return err; 687 688 /* Must only be 1 output action and it must be the last in sequence. */ 689 if (act_out != 1 || last_act_id != NFP_FL_ACTION_OPCODE_OUTPUT) 690 return -EOPNOTSUPP; 691 692 /* Reject merge if sub_flow2 matches on something that is not matched 693 * on or set in an action by sub_flow1. 694 */ 695 err = bitmap_andnot(sub_flow2_merge.vals, sub_flow2_merge.vals, 696 sub_flow1_merge.vals, 697 sizeof(struct nfp_flower_merge_check) * 8); 698 if (err) 699 return -EINVAL; 700 701 return 0; 702 } 703 704 static unsigned int 705 nfp_flower_copy_pre_actions(char *act_dst, char *act_src, int len, 706 bool *tunnel_act) 707 { 708 unsigned int act_off = 0, act_len; 709 struct nfp_fl_act_head *a; 710 u8 act_id = 0; 711 712 while (act_off < len) { 713 a = (struct nfp_fl_act_head *)&act_src[act_off]; 714 act_len = a->len_lw << NFP_FL_LW_SIZ; 715 act_id = a->jump_id; 716 717 switch (act_id) { 718 case NFP_FL_ACTION_OPCODE_PRE_TUNNEL: 719 if (tunnel_act) 720 *tunnel_act = true; 721 /* fall through */ 722 case NFP_FL_ACTION_OPCODE_PRE_LAG: 723 memcpy(act_dst + act_off, act_src + act_off, act_len); 724 break; 725 default: 726 return act_off; 727 } 728 729 act_off += act_len; 730 } 731 732 return act_off; 733 } 734 735 static int nfp_fl_verify_post_tun_acts(char *acts, int len) 736 { 737 struct nfp_fl_act_head *a; 738 unsigned int act_off = 0; 739 740 while (act_off < len) { 741 a = (struct nfp_fl_act_head *)&acts[act_off]; 742 if (a->jump_id != NFP_FL_ACTION_OPCODE_OUTPUT) 743 return -EOPNOTSUPP; 744 745 act_off += a->len_lw << NFP_FL_LW_SIZ; 746 } 747 748 return 0; 749 } 750 751 static int 752 nfp_flower_merge_action(struct nfp_fl_payload *sub_flow1, 753 struct nfp_fl_payload *sub_flow2, 754 struct nfp_fl_payload *merge_flow) 755 { 756 unsigned int sub1_act_len, sub2_act_len, pre_off1, pre_off2; 757 bool tunnel_act = false; 758 char *merge_act; 759 int err; 760 761 /* The last action of sub_flow1 must be output - do not merge this. */ 762 sub1_act_len = sub_flow1->meta.act_len - sizeof(struct nfp_fl_output); 763 sub2_act_len = sub_flow2->meta.act_len; 764 765 if (!sub2_act_len) 766 return -EINVAL; 767 768 if (sub1_act_len + sub2_act_len > NFP_FL_MAX_A_SIZ) 769 return -EINVAL; 770 771 /* A shortcut can only be applied if there is a single action. */ 772 if (sub1_act_len) 773 merge_flow->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL); 774 else 775 merge_flow->meta.shortcut = sub_flow2->meta.shortcut; 776 777 merge_flow->meta.act_len = sub1_act_len + sub2_act_len; 778 merge_act = merge_flow->action_data; 779 780 /* Copy any pre-actions to the start of merge flow action list. */ 781 pre_off1 = nfp_flower_copy_pre_actions(merge_act, 782 sub_flow1->action_data, 783 sub1_act_len, &tunnel_act); 784 merge_act += pre_off1; 785 sub1_act_len -= pre_off1; 786 pre_off2 = nfp_flower_copy_pre_actions(merge_act, 787 sub_flow2->action_data, 788 sub2_act_len, NULL); 789 merge_act += pre_off2; 790 sub2_act_len -= pre_off2; 791 792 /* FW does a tunnel push when egressing, therefore, if sub_flow 1 pushes 793 * a tunnel, sub_flow 2 can only have output actions for a valid merge. 794 */ 795 if (tunnel_act) { 796 char *post_tun_acts = &sub_flow2->action_data[pre_off2]; 797 798 err = nfp_fl_verify_post_tun_acts(post_tun_acts, sub2_act_len); 799 if (err) 800 return err; 801 } 802 803 /* Copy remaining actions from sub_flows 1 and 2. */ 804 memcpy(merge_act, sub_flow1->action_data + pre_off1, sub1_act_len); 805 merge_act += sub1_act_len; 806 memcpy(merge_act, sub_flow2->action_data + pre_off2, sub2_act_len); 807 808 return 0; 809 } 810 811 /* Flow link code should only be accessed under RTNL. */ 812 static void nfp_flower_unlink_flow(struct nfp_fl_payload_link *link) 813 { 814 list_del(&link->merge_flow.list); 815 list_del(&link->sub_flow.list); 816 kfree(link); 817 } 818 819 static void nfp_flower_unlink_flows(struct nfp_fl_payload *merge_flow, 820 struct nfp_fl_payload *sub_flow) 821 { 822 struct nfp_fl_payload_link *link; 823 824 list_for_each_entry(link, &merge_flow->linked_flows, merge_flow.list) 825 if (link->sub_flow.flow == sub_flow) { 826 nfp_flower_unlink_flow(link); 827 return; 828 } 829 } 830 831 static int nfp_flower_link_flows(struct nfp_fl_payload *merge_flow, 832 struct nfp_fl_payload *sub_flow) 833 { 834 struct nfp_fl_payload_link *link; 835 836 link = kmalloc(sizeof(*link), GFP_KERNEL); 837 if (!link) 838 return -ENOMEM; 839 840 link->merge_flow.flow = merge_flow; 841 list_add_tail(&link->merge_flow.list, &merge_flow->linked_flows); 842 link->sub_flow.flow = sub_flow; 843 list_add_tail(&link->sub_flow.list, &sub_flow->linked_flows); 844 845 return 0; 846 } 847 848 /** 849 * nfp_flower_merge_offloaded_flows() - Merge 2 existing flows to single flow. 850 * @app: Pointer to the APP handle 851 * @sub_flow1: Initial flow matched to produce merge hint 852 * @sub_flow2: Post recirculation flow matched in merge hint 853 * 854 * Combines 2 flows (if valid) to a single flow, removing the initial from hw 855 * and offloading the new, merged flow. 856 * 857 * Return: negative value on error, 0 in success. 858 */ 859 int nfp_flower_merge_offloaded_flows(struct nfp_app *app, 860 struct nfp_fl_payload *sub_flow1, 861 struct nfp_fl_payload *sub_flow2) 862 { 863 struct flow_cls_offload merge_tc_off; 864 struct nfp_flower_priv *priv = app->priv; 865 struct netlink_ext_ack *extack = NULL; 866 struct nfp_fl_payload *merge_flow; 867 struct nfp_fl_key_ls merge_key_ls; 868 int err; 869 870 ASSERT_RTNL(); 871 872 extack = merge_tc_off.common.extack; 873 if (sub_flow1 == sub_flow2 || 874 nfp_flower_is_merge_flow(sub_flow1) || 875 nfp_flower_is_merge_flow(sub_flow2)) 876 return -EINVAL; 877 878 err = nfp_flower_can_merge(sub_flow1, sub_flow2); 879 if (err) 880 return err; 881 882 merge_key_ls.key_size = sub_flow1->meta.key_len; 883 884 merge_flow = nfp_flower_allocate_new(&merge_key_ls); 885 if (!merge_flow) 886 return -ENOMEM; 887 888 merge_flow->tc_flower_cookie = (unsigned long)merge_flow; 889 merge_flow->ingress_dev = sub_flow1->ingress_dev; 890 891 memcpy(merge_flow->unmasked_data, sub_flow1->unmasked_data, 892 sub_flow1->meta.key_len); 893 memcpy(merge_flow->mask_data, sub_flow1->mask_data, 894 sub_flow1->meta.mask_len); 895 896 err = nfp_flower_merge_action(sub_flow1, sub_flow2, merge_flow); 897 if (err) 898 goto err_destroy_merge_flow; 899 900 err = nfp_flower_link_flows(merge_flow, sub_flow1); 901 if (err) 902 goto err_destroy_merge_flow; 903 904 err = nfp_flower_link_flows(merge_flow, sub_flow2); 905 if (err) 906 goto err_unlink_sub_flow1; 907 908 merge_tc_off.cookie = merge_flow->tc_flower_cookie; 909 err = nfp_compile_flow_metadata(app, &merge_tc_off, merge_flow, 910 merge_flow->ingress_dev, extack); 911 if (err) 912 goto err_unlink_sub_flow2; 913 914 err = rhashtable_insert_fast(&priv->flow_table, &merge_flow->fl_node, 915 nfp_flower_table_params); 916 if (err) 917 goto err_release_metadata; 918 919 err = nfp_flower_xmit_flow(app, merge_flow, 920 NFP_FLOWER_CMSG_TYPE_FLOW_MOD); 921 if (err) 922 goto err_remove_rhash; 923 924 merge_flow->in_hw = true; 925 sub_flow1->in_hw = false; 926 927 return 0; 928 929 err_remove_rhash: 930 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table, 931 &merge_flow->fl_node, 932 nfp_flower_table_params)); 933 err_release_metadata: 934 nfp_modify_flow_metadata(app, merge_flow); 935 err_unlink_sub_flow2: 936 nfp_flower_unlink_flows(merge_flow, sub_flow2); 937 err_unlink_sub_flow1: 938 nfp_flower_unlink_flows(merge_flow, sub_flow1); 939 err_destroy_merge_flow: 940 kfree(merge_flow->action_data); 941 kfree(merge_flow->mask_data); 942 kfree(merge_flow->unmasked_data); 943 kfree(merge_flow); 944 return err; 945 } 946 947 /** 948 * nfp_flower_add_offload() - Adds a new flow to hardware. 949 * @app: Pointer to the APP handle 950 * @netdev: netdev structure. 951 * @flow: TC flower classifier offload structure. 952 * 953 * Adds a new flow to the repeated hash structure and action payload. 954 * 955 * Return: negative value on error, 0 if configured successfully. 956 */ 957 static int 958 nfp_flower_add_offload(struct nfp_app *app, struct net_device *netdev, 959 struct flow_cls_offload *flow) 960 { 961 enum nfp_flower_tun_type tun_type = NFP_FL_TUNNEL_NONE; 962 struct nfp_flower_priv *priv = app->priv; 963 struct netlink_ext_ack *extack = NULL; 964 struct nfp_fl_payload *flow_pay; 965 struct nfp_fl_key_ls *key_layer; 966 struct nfp_port *port = NULL; 967 int err; 968 969 extack = flow->common.extack; 970 if (nfp_netdev_is_nfp_repr(netdev)) 971 port = nfp_port_from_netdev(netdev); 972 973 key_layer = kmalloc(sizeof(*key_layer), GFP_KERNEL); 974 if (!key_layer) 975 return -ENOMEM; 976 977 err = nfp_flower_calculate_key_layers(app, netdev, key_layer, flow, 978 &tun_type, extack); 979 if (err) 980 goto err_free_key_ls; 981 982 flow_pay = nfp_flower_allocate_new(key_layer); 983 if (!flow_pay) { 984 err = -ENOMEM; 985 goto err_free_key_ls; 986 } 987 988 err = nfp_flower_compile_flow_match(app, flow, key_layer, netdev, 989 flow_pay, tun_type, extack); 990 if (err) 991 goto err_destroy_flow; 992 993 err = nfp_flower_compile_action(app, flow, netdev, flow_pay, extack); 994 if (err) 995 goto err_destroy_flow; 996 997 err = nfp_compile_flow_metadata(app, flow, flow_pay, netdev, extack); 998 if (err) 999 goto err_destroy_flow; 1000 1001 flow_pay->tc_flower_cookie = flow->cookie; 1002 err = rhashtable_insert_fast(&priv->flow_table, &flow_pay->fl_node, 1003 nfp_flower_table_params); 1004 if (err) { 1005 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot insert flow into tables for offloads"); 1006 goto err_release_metadata; 1007 } 1008 1009 err = nfp_flower_xmit_flow(app, flow_pay, 1010 NFP_FLOWER_CMSG_TYPE_FLOW_ADD); 1011 if (err) 1012 goto err_remove_rhash; 1013 1014 if (port) 1015 port->tc_offload_cnt++; 1016 1017 flow_pay->in_hw = true; 1018 1019 /* Deallocate flow payload when flower rule has been destroyed. */ 1020 kfree(key_layer); 1021 1022 return 0; 1023 1024 err_remove_rhash: 1025 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table, 1026 &flow_pay->fl_node, 1027 nfp_flower_table_params)); 1028 err_release_metadata: 1029 nfp_modify_flow_metadata(app, flow_pay); 1030 err_destroy_flow: 1031 kfree(flow_pay->action_data); 1032 kfree(flow_pay->mask_data); 1033 kfree(flow_pay->unmasked_data); 1034 kfree(flow_pay); 1035 err_free_key_ls: 1036 kfree(key_layer); 1037 return err; 1038 } 1039 1040 static void 1041 nfp_flower_remove_merge_flow(struct nfp_app *app, 1042 struct nfp_fl_payload *del_sub_flow, 1043 struct nfp_fl_payload *merge_flow) 1044 { 1045 struct nfp_flower_priv *priv = app->priv; 1046 struct nfp_fl_payload_link *link, *temp; 1047 struct nfp_fl_payload *origin; 1048 bool mod = false; 1049 int err; 1050 1051 link = list_first_entry(&merge_flow->linked_flows, 1052 struct nfp_fl_payload_link, merge_flow.list); 1053 origin = link->sub_flow.flow; 1054 1055 /* Re-add rule the merge had overwritten if it has not been deleted. */ 1056 if (origin != del_sub_flow) 1057 mod = true; 1058 1059 err = nfp_modify_flow_metadata(app, merge_flow); 1060 if (err) { 1061 nfp_flower_cmsg_warn(app, "Metadata fail for merge flow delete.\n"); 1062 goto err_free_links; 1063 } 1064 1065 if (!mod) { 1066 err = nfp_flower_xmit_flow(app, merge_flow, 1067 NFP_FLOWER_CMSG_TYPE_FLOW_DEL); 1068 if (err) { 1069 nfp_flower_cmsg_warn(app, "Failed to delete merged flow.\n"); 1070 goto err_free_links; 1071 } 1072 } else { 1073 __nfp_modify_flow_metadata(priv, origin); 1074 err = nfp_flower_xmit_flow(app, origin, 1075 NFP_FLOWER_CMSG_TYPE_FLOW_MOD); 1076 if (err) 1077 nfp_flower_cmsg_warn(app, "Failed to revert merge flow.\n"); 1078 origin->in_hw = true; 1079 } 1080 1081 err_free_links: 1082 /* Clean any links connected with the merged flow. */ 1083 list_for_each_entry_safe(link, temp, &merge_flow->linked_flows, 1084 merge_flow.list) 1085 nfp_flower_unlink_flow(link); 1086 1087 kfree(merge_flow->action_data); 1088 kfree(merge_flow->mask_data); 1089 kfree(merge_flow->unmasked_data); 1090 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table, 1091 &merge_flow->fl_node, 1092 nfp_flower_table_params)); 1093 kfree_rcu(merge_flow, rcu); 1094 } 1095 1096 static void 1097 nfp_flower_del_linked_merge_flows(struct nfp_app *app, 1098 struct nfp_fl_payload *sub_flow) 1099 { 1100 struct nfp_fl_payload_link *link, *temp; 1101 1102 /* Remove any merge flow formed from the deleted sub_flow. */ 1103 list_for_each_entry_safe(link, temp, &sub_flow->linked_flows, 1104 sub_flow.list) 1105 nfp_flower_remove_merge_flow(app, sub_flow, 1106 link->merge_flow.flow); 1107 } 1108 1109 /** 1110 * nfp_flower_del_offload() - Removes a flow from hardware. 1111 * @app: Pointer to the APP handle 1112 * @netdev: netdev structure. 1113 * @flow: TC flower classifier offload structure 1114 * 1115 * Removes a flow from the repeated hash structure and clears the 1116 * action payload. Any flows merged from this are also deleted. 1117 * 1118 * Return: negative value on error, 0 if removed successfully. 1119 */ 1120 static int 1121 nfp_flower_del_offload(struct nfp_app *app, struct net_device *netdev, 1122 struct flow_cls_offload *flow) 1123 { 1124 struct nfp_flower_priv *priv = app->priv; 1125 struct netlink_ext_ack *extack = NULL; 1126 struct nfp_fl_payload *nfp_flow; 1127 struct nfp_port *port = NULL; 1128 int err; 1129 1130 extack = flow->common.extack; 1131 if (nfp_netdev_is_nfp_repr(netdev)) 1132 port = nfp_port_from_netdev(netdev); 1133 1134 nfp_flow = nfp_flower_search_fl_table(app, flow->cookie, netdev); 1135 if (!nfp_flow) { 1136 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot remove flow that does not exist"); 1137 return -ENOENT; 1138 } 1139 1140 err = nfp_modify_flow_metadata(app, nfp_flow); 1141 if (err) 1142 goto err_free_merge_flow; 1143 1144 if (nfp_flow->nfp_tun_ipv4_addr) 1145 nfp_tunnel_del_ipv4_off(app, nfp_flow->nfp_tun_ipv4_addr); 1146 1147 if (!nfp_flow->in_hw) { 1148 err = 0; 1149 goto err_free_merge_flow; 1150 } 1151 1152 err = nfp_flower_xmit_flow(app, nfp_flow, 1153 NFP_FLOWER_CMSG_TYPE_FLOW_DEL); 1154 /* Fall through on error. */ 1155 1156 err_free_merge_flow: 1157 nfp_flower_del_linked_merge_flows(app, nfp_flow); 1158 if (port) 1159 port->tc_offload_cnt--; 1160 kfree(nfp_flow->action_data); 1161 kfree(nfp_flow->mask_data); 1162 kfree(nfp_flow->unmasked_data); 1163 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table, 1164 &nfp_flow->fl_node, 1165 nfp_flower_table_params)); 1166 kfree_rcu(nfp_flow, rcu); 1167 return err; 1168 } 1169 1170 static void 1171 __nfp_flower_update_merge_stats(struct nfp_app *app, 1172 struct nfp_fl_payload *merge_flow) 1173 { 1174 struct nfp_flower_priv *priv = app->priv; 1175 struct nfp_fl_payload_link *link; 1176 struct nfp_fl_payload *sub_flow; 1177 u64 pkts, bytes, used; 1178 u32 ctx_id; 1179 1180 ctx_id = be32_to_cpu(merge_flow->meta.host_ctx_id); 1181 pkts = priv->stats[ctx_id].pkts; 1182 /* Do not cycle subflows if no stats to distribute. */ 1183 if (!pkts) 1184 return; 1185 bytes = priv->stats[ctx_id].bytes; 1186 used = priv->stats[ctx_id].used; 1187 1188 /* Reset stats for the merge flow. */ 1189 priv->stats[ctx_id].pkts = 0; 1190 priv->stats[ctx_id].bytes = 0; 1191 1192 /* The merge flow has received stats updates from firmware. 1193 * Distribute these stats to all subflows that form the merge. 1194 * The stats will collected from TC via the subflows. 1195 */ 1196 list_for_each_entry(link, &merge_flow->linked_flows, merge_flow.list) { 1197 sub_flow = link->sub_flow.flow; 1198 ctx_id = be32_to_cpu(sub_flow->meta.host_ctx_id); 1199 priv->stats[ctx_id].pkts += pkts; 1200 priv->stats[ctx_id].bytes += bytes; 1201 max_t(u64, priv->stats[ctx_id].used, used); 1202 } 1203 } 1204 1205 static void 1206 nfp_flower_update_merge_stats(struct nfp_app *app, 1207 struct nfp_fl_payload *sub_flow) 1208 { 1209 struct nfp_fl_payload_link *link; 1210 1211 /* Get merge flows that the subflow forms to distribute their stats. */ 1212 list_for_each_entry(link, &sub_flow->linked_flows, sub_flow.list) 1213 __nfp_flower_update_merge_stats(app, link->merge_flow.flow); 1214 } 1215 1216 /** 1217 * nfp_flower_get_stats() - Populates flow stats obtained from hardware. 1218 * @app: Pointer to the APP handle 1219 * @netdev: Netdev structure. 1220 * @flow: TC flower classifier offload structure 1221 * 1222 * Populates a flow statistics structure which which corresponds to a 1223 * specific flow. 1224 * 1225 * Return: negative value on error, 0 if stats populated successfully. 1226 */ 1227 static int 1228 nfp_flower_get_stats(struct nfp_app *app, struct net_device *netdev, 1229 struct flow_cls_offload *flow) 1230 { 1231 struct nfp_flower_priv *priv = app->priv; 1232 struct netlink_ext_ack *extack = NULL; 1233 struct nfp_fl_payload *nfp_flow; 1234 u32 ctx_id; 1235 1236 extack = flow->common.extack; 1237 nfp_flow = nfp_flower_search_fl_table(app, flow->cookie, netdev); 1238 if (!nfp_flow) { 1239 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot dump stats for flow that does not exist"); 1240 return -EINVAL; 1241 } 1242 1243 ctx_id = be32_to_cpu(nfp_flow->meta.host_ctx_id); 1244 1245 spin_lock_bh(&priv->stats_lock); 1246 /* If request is for a sub_flow, update stats from merged flows. */ 1247 if (!list_empty(&nfp_flow->linked_flows)) 1248 nfp_flower_update_merge_stats(app, nfp_flow); 1249 1250 flow_stats_update(&flow->stats, priv->stats[ctx_id].bytes, 1251 priv->stats[ctx_id].pkts, priv->stats[ctx_id].used); 1252 1253 priv->stats[ctx_id].pkts = 0; 1254 priv->stats[ctx_id].bytes = 0; 1255 spin_unlock_bh(&priv->stats_lock); 1256 1257 return 0; 1258 } 1259 1260 static int 1261 nfp_flower_repr_offload(struct nfp_app *app, struct net_device *netdev, 1262 struct flow_cls_offload *flower) 1263 { 1264 if (!eth_proto_is_802_3(flower->common.protocol)) 1265 return -EOPNOTSUPP; 1266 1267 switch (flower->command) { 1268 case FLOW_CLS_REPLACE: 1269 return nfp_flower_add_offload(app, netdev, flower); 1270 case FLOW_CLS_DESTROY: 1271 return nfp_flower_del_offload(app, netdev, flower); 1272 case FLOW_CLS_STATS: 1273 return nfp_flower_get_stats(app, netdev, flower); 1274 default: 1275 return -EOPNOTSUPP; 1276 } 1277 } 1278 1279 static int nfp_flower_setup_tc_block_cb(enum tc_setup_type type, 1280 void *type_data, void *cb_priv) 1281 { 1282 struct nfp_repr *repr = cb_priv; 1283 1284 if (!tc_cls_can_offload_and_chain0(repr->netdev, type_data)) 1285 return -EOPNOTSUPP; 1286 1287 switch (type) { 1288 case TC_SETUP_CLSFLOWER: 1289 return nfp_flower_repr_offload(repr->app, repr->netdev, 1290 type_data); 1291 case TC_SETUP_CLSMATCHALL: 1292 return nfp_flower_setup_qos_offload(repr->app, repr->netdev, 1293 type_data); 1294 default: 1295 return -EOPNOTSUPP; 1296 } 1297 } 1298 1299 static LIST_HEAD(nfp_block_cb_list); 1300 1301 static int nfp_flower_setup_tc_block(struct net_device *netdev, 1302 struct flow_block_offload *f) 1303 { 1304 struct nfp_repr *repr = netdev_priv(netdev); 1305 struct nfp_flower_repr_priv *repr_priv; 1306 struct flow_block_cb *block_cb; 1307 1308 if (f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS) 1309 return -EOPNOTSUPP; 1310 1311 repr_priv = repr->app_priv; 1312 repr_priv->block_shared = f->block_shared; 1313 f->driver_block_list = &nfp_block_cb_list; 1314 1315 switch (f->command) { 1316 case FLOW_BLOCK_BIND: 1317 if (flow_block_cb_is_busy(nfp_flower_setup_tc_block_cb, repr, 1318 &nfp_block_cb_list)) 1319 return -EBUSY; 1320 1321 block_cb = flow_block_cb_alloc(f->net, 1322 nfp_flower_setup_tc_block_cb, 1323 repr, repr, NULL); 1324 if (IS_ERR(block_cb)) 1325 return PTR_ERR(block_cb); 1326 1327 flow_block_cb_add(block_cb, f); 1328 list_add_tail(&block_cb->driver_list, &nfp_block_cb_list); 1329 return 0; 1330 case FLOW_BLOCK_UNBIND: 1331 block_cb = flow_block_cb_lookup(f, nfp_flower_setup_tc_block_cb, 1332 repr); 1333 if (!block_cb) 1334 return -ENOENT; 1335 1336 flow_block_cb_remove(block_cb, f); 1337 list_del(&block_cb->driver_list); 1338 return 0; 1339 default: 1340 return -EOPNOTSUPP; 1341 } 1342 } 1343 1344 int nfp_flower_setup_tc(struct nfp_app *app, struct net_device *netdev, 1345 enum tc_setup_type type, void *type_data) 1346 { 1347 switch (type) { 1348 case TC_SETUP_BLOCK: 1349 return nfp_flower_setup_tc_block(netdev, type_data); 1350 default: 1351 return -EOPNOTSUPP; 1352 } 1353 } 1354 1355 struct nfp_flower_indr_block_cb_priv { 1356 struct net_device *netdev; 1357 struct nfp_app *app; 1358 struct list_head list; 1359 }; 1360 1361 static struct nfp_flower_indr_block_cb_priv * 1362 nfp_flower_indr_block_cb_priv_lookup(struct nfp_app *app, 1363 struct net_device *netdev) 1364 { 1365 struct nfp_flower_indr_block_cb_priv *cb_priv; 1366 struct nfp_flower_priv *priv = app->priv; 1367 1368 /* All callback list access should be protected by RTNL. */ 1369 ASSERT_RTNL(); 1370 1371 list_for_each_entry(cb_priv, &priv->indr_block_cb_priv, list) 1372 if (cb_priv->netdev == netdev) 1373 return cb_priv; 1374 1375 return NULL; 1376 } 1377 1378 static int nfp_flower_setup_indr_block_cb(enum tc_setup_type type, 1379 void *type_data, void *cb_priv) 1380 { 1381 struct nfp_flower_indr_block_cb_priv *priv = cb_priv; 1382 struct flow_cls_offload *flower = type_data; 1383 1384 if (flower->common.chain_index) 1385 return -EOPNOTSUPP; 1386 1387 switch (type) { 1388 case TC_SETUP_CLSFLOWER: 1389 return nfp_flower_repr_offload(priv->app, priv->netdev, 1390 type_data); 1391 default: 1392 return -EOPNOTSUPP; 1393 } 1394 } 1395 1396 static void nfp_flower_setup_indr_tc_release(void *cb_priv) 1397 { 1398 struct nfp_flower_indr_block_cb_priv *priv = cb_priv; 1399 1400 list_del(&priv->list); 1401 kfree(priv); 1402 } 1403 1404 static int 1405 nfp_flower_setup_indr_tc_block(struct net_device *netdev, struct nfp_app *app, 1406 struct flow_block_offload *f) 1407 { 1408 struct nfp_flower_indr_block_cb_priv *cb_priv; 1409 struct nfp_flower_priv *priv = app->priv; 1410 struct flow_block_cb *block_cb; 1411 1412 if (f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS && 1413 !(f->binder_type == FLOW_BLOCK_BINDER_TYPE_CLSACT_EGRESS && 1414 nfp_flower_internal_port_can_offload(app, netdev))) 1415 return -EOPNOTSUPP; 1416 1417 switch (f->command) { 1418 case FLOW_BLOCK_BIND: 1419 cb_priv = kmalloc(sizeof(*cb_priv), GFP_KERNEL); 1420 if (!cb_priv) 1421 return -ENOMEM; 1422 1423 cb_priv->netdev = netdev; 1424 cb_priv->app = app; 1425 list_add(&cb_priv->list, &priv->indr_block_cb_priv); 1426 1427 block_cb = flow_block_cb_alloc(f->net, 1428 nfp_flower_setup_indr_block_cb, 1429 cb_priv, cb_priv, 1430 nfp_flower_setup_indr_tc_release); 1431 if (IS_ERR(block_cb)) { 1432 list_del(&cb_priv->list); 1433 kfree(cb_priv); 1434 return PTR_ERR(block_cb); 1435 } 1436 1437 flow_block_cb_add(block_cb, f); 1438 list_add_tail(&block_cb->driver_list, &nfp_block_cb_list); 1439 return 0; 1440 case FLOW_BLOCK_UNBIND: 1441 cb_priv = nfp_flower_indr_block_cb_priv_lookup(app, netdev); 1442 if (!cb_priv) 1443 return -ENOENT; 1444 1445 block_cb = flow_block_cb_lookup(f, 1446 nfp_flower_setup_indr_block_cb, 1447 cb_priv); 1448 if (!block_cb) 1449 return -ENOENT; 1450 1451 flow_block_cb_remove(block_cb, f); 1452 list_del(&block_cb->driver_list); 1453 return 0; 1454 default: 1455 return -EOPNOTSUPP; 1456 } 1457 return 0; 1458 } 1459 1460 static int 1461 nfp_flower_indr_setup_tc_cb(struct net_device *netdev, void *cb_priv, 1462 enum tc_setup_type type, void *type_data) 1463 { 1464 switch (type) { 1465 case TC_SETUP_BLOCK: 1466 return nfp_flower_setup_indr_tc_block(netdev, cb_priv, 1467 type_data); 1468 default: 1469 return -EOPNOTSUPP; 1470 } 1471 } 1472 1473 int nfp_flower_reg_indir_block_handler(struct nfp_app *app, 1474 struct net_device *netdev, 1475 unsigned long event) 1476 { 1477 int err; 1478 1479 if (!nfp_fl_is_netdev_to_offload(netdev)) 1480 return NOTIFY_OK; 1481 1482 if (event == NETDEV_REGISTER) { 1483 err = __tc_indr_block_cb_register(netdev, app, 1484 nfp_flower_indr_setup_tc_cb, 1485 app); 1486 if (err) 1487 nfp_flower_cmsg_warn(app, 1488 "Indirect block reg failed - %s\n", 1489 netdev->name); 1490 } else if (event == NETDEV_UNREGISTER) { 1491 __tc_indr_block_cb_unregister(netdev, 1492 nfp_flower_indr_setup_tc_cb, app); 1493 } 1494 1495 return NOTIFY_OK; 1496 } 1497