1 // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
2 /* Copyright (C) 2017-2018 Netronome Systems, Inc. */
3
4 #include <linux/skbuff.h>
5 #include <net/devlink.h>
6 #include <net/pkt_cls.h>
7
8 #include "cmsg.h"
9 #include "main.h"
10 #include "conntrack.h"
11 #include "../nfpcore/nfp_cpp.h"
12 #include "../nfpcore/nfp_nsp.h"
13 #include "../nfp_app.h"
14 #include "../nfp_main.h"
15 #include "../nfp_net.h"
16 #include "../nfp_port.h"
17
18 #define NFP_FLOWER_SUPPORTED_TCPFLAGS \
19 (TCPHDR_FIN | TCPHDR_SYN | TCPHDR_RST | \
20 TCPHDR_PSH | TCPHDR_URG)
21
22 #define NFP_FLOWER_SUPPORTED_CTLFLAGS \
23 (FLOW_DIS_IS_FRAGMENT | \
24 FLOW_DIS_FIRST_FRAG)
25
26 #define NFP_FLOWER_WHITELIST_DISSECTOR \
27 (BIT(FLOW_DISSECTOR_KEY_CONTROL) | \
28 BIT(FLOW_DISSECTOR_KEY_BASIC) | \
29 BIT(FLOW_DISSECTOR_KEY_IPV4_ADDRS) | \
30 BIT(FLOW_DISSECTOR_KEY_IPV6_ADDRS) | \
31 BIT(FLOW_DISSECTOR_KEY_TCP) | \
32 BIT(FLOW_DISSECTOR_KEY_PORTS) | \
33 BIT(FLOW_DISSECTOR_KEY_ETH_ADDRS) | \
34 BIT(FLOW_DISSECTOR_KEY_VLAN) | \
35 BIT(FLOW_DISSECTOR_KEY_CVLAN) | \
36 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) | \
37 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | \
38 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | \
39 BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \
40 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS) | \
41 BIT(FLOW_DISSECTOR_KEY_ENC_OPTS) | \
42 BIT(FLOW_DISSECTOR_KEY_ENC_IP) | \
43 BIT(FLOW_DISSECTOR_KEY_MPLS) | \
44 BIT(FLOW_DISSECTOR_KEY_CT) | \
45 BIT(FLOW_DISSECTOR_KEY_META) | \
46 BIT(FLOW_DISSECTOR_KEY_IP))
47
48 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR \
49 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \
50 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) | \
51 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | \
52 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | \
53 BIT(FLOW_DISSECTOR_KEY_ENC_OPTS) | \
54 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS) | \
55 BIT(FLOW_DISSECTOR_KEY_ENC_IP))
56
57 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R \
58 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \
59 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS))
60
61 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR_V6_R \
62 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \
63 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS))
64
65 #define NFP_FLOWER_MERGE_FIELDS \
66 (NFP_FLOWER_LAYER_PORT | \
67 NFP_FLOWER_LAYER_MAC | \
68 NFP_FLOWER_LAYER_TP | \
69 NFP_FLOWER_LAYER_IPV4 | \
70 NFP_FLOWER_LAYER_IPV6)
71
72 #define NFP_FLOWER_PRE_TUN_RULE_FIELDS \
73 (NFP_FLOWER_LAYER_EXT_META | \
74 NFP_FLOWER_LAYER_PORT | \
75 NFP_FLOWER_LAYER_MAC | \
76 NFP_FLOWER_LAYER_IPV4 | \
77 NFP_FLOWER_LAYER_IPV6)
78
79 struct nfp_flower_merge_check {
80 union {
81 struct {
82 __be16 tci;
83 struct nfp_flower_mac_mpls l2;
84 struct nfp_flower_tp_ports l4;
85 union {
86 struct nfp_flower_ipv4 ipv4;
87 struct nfp_flower_ipv6 ipv6;
88 };
89 };
90 unsigned long vals[8];
91 };
92 };
93
94 int
nfp_flower_xmit_flow(struct nfp_app * app,struct nfp_fl_payload * nfp_flow,u8 mtype)95 nfp_flower_xmit_flow(struct nfp_app *app, struct nfp_fl_payload *nfp_flow,
96 u8 mtype)
97 {
98 u32 meta_len, key_len, mask_len, act_len, tot_len;
99 struct sk_buff *skb;
100 unsigned char *msg;
101
102 meta_len = sizeof(struct nfp_fl_rule_metadata);
103 key_len = nfp_flow->meta.key_len;
104 mask_len = nfp_flow->meta.mask_len;
105 act_len = nfp_flow->meta.act_len;
106
107 tot_len = meta_len + key_len + mask_len + act_len;
108
109 /* Convert to long words as firmware expects
110 * lengths in units of NFP_FL_LW_SIZ.
111 */
112 nfp_flow->meta.key_len >>= NFP_FL_LW_SIZ;
113 nfp_flow->meta.mask_len >>= NFP_FL_LW_SIZ;
114 nfp_flow->meta.act_len >>= NFP_FL_LW_SIZ;
115
116 skb = nfp_flower_cmsg_alloc(app, tot_len, mtype, GFP_KERNEL);
117 if (!skb)
118 return -ENOMEM;
119
120 msg = nfp_flower_cmsg_get_data(skb);
121 memcpy(msg, &nfp_flow->meta, meta_len);
122 memcpy(&msg[meta_len], nfp_flow->unmasked_data, key_len);
123 memcpy(&msg[meta_len + key_len], nfp_flow->mask_data, mask_len);
124 memcpy(&msg[meta_len + key_len + mask_len],
125 nfp_flow->action_data, act_len);
126
127 /* Convert back to bytes as software expects
128 * lengths in units of bytes.
129 */
130 nfp_flow->meta.key_len <<= NFP_FL_LW_SIZ;
131 nfp_flow->meta.mask_len <<= NFP_FL_LW_SIZ;
132 nfp_flow->meta.act_len <<= NFP_FL_LW_SIZ;
133
134 nfp_ctrl_tx(app->ctrl, skb);
135
136 return 0;
137 }
138
nfp_flower_check_higher_than_mac(struct flow_rule * rule)139 static bool nfp_flower_check_higher_than_mac(struct flow_rule *rule)
140 {
141 return flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS) ||
142 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS) ||
143 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS) ||
144 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ICMP);
145 }
146
nfp_flower_check_higher_than_l3(struct flow_rule * rule)147 static bool nfp_flower_check_higher_than_l3(struct flow_rule *rule)
148 {
149 return flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS) ||
150 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ICMP);
151 }
152
153 static int
nfp_flower_calc_opt_layer(struct flow_dissector_key_enc_opts * enc_opts,u32 * key_layer_two,int * key_size,bool ipv6,struct netlink_ext_ack * extack)154 nfp_flower_calc_opt_layer(struct flow_dissector_key_enc_opts *enc_opts,
155 u32 *key_layer_two, int *key_size, bool ipv6,
156 struct netlink_ext_ack *extack)
157 {
158 if (enc_opts->len > NFP_FL_MAX_GENEVE_OPT_KEY ||
159 (ipv6 && enc_opts->len > NFP_FL_MAX_GENEVE_OPT_KEY_V6)) {
160 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: geneve options exceed maximum length");
161 return -EOPNOTSUPP;
162 }
163
164 if (enc_opts->len > 0) {
165 *key_layer_two |= NFP_FLOWER_LAYER2_GENEVE_OP;
166 *key_size += sizeof(struct nfp_flower_geneve_options);
167 }
168
169 return 0;
170 }
171
172 static int
nfp_flower_calc_udp_tun_layer(struct flow_dissector_key_ports * enc_ports,struct flow_dissector_key_enc_opts * enc_op,u32 * key_layer_two,u8 * key_layer,int * key_size,struct nfp_flower_priv * priv,enum nfp_flower_tun_type * tun_type,bool ipv6,struct netlink_ext_ack * extack)173 nfp_flower_calc_udp_tun_layer(struct flow_dissector_key_ports *enc_ports,
174 struct flow_dissector_key_enc_opts *enc_op,
175 u32 *key_layer_two, u8 *key_layer, int *key_size,
176 struct nfp_flower_priv *priv,
177 enum nfp_flower_tun_type *tun_type, bool ipv6,
178 struct netlink_ext_ack *extack)
179 {
180 int err;
181
182 switch (enc_ports->dst) {
183 case htons(IANA_VXLAN_UDP_PORT):
184 *tun_type = NFP_FL_TUNNEL_VXLAN;
185 *key_layer |= NFP_FLOWER_LAYER_VXLAN;
186
187 if (ipv6) {
188 *key_layer |= NFP_FLOWER_LAYER_EXT_META;
189 *key_size += sizeof(struct nfp_flower_ext_meta);
190 *key_layer_two |= NFP_FLOWER_LAYER2_TUN_IPV6;
191 *key_size += sizeof(struct nfp_flower_ipv6_udp_tun);
192 } else {
193 *key_size += sizeof(struct nfp_flower_ipv4_udp_tun);
194 }
195
196 if (enc_op) {
197 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: encap options not supported on vxlan tunnels");
198 return -EOPNOTSUPP;
199 }
200 break;
201 case htons(GENEVE_UDP_PORT):
202 if (!(priv->flower_ext_feats & NFP_FL_FEATS_GENEVE)) {
203 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support geneve offload");
204 return -EOPNOTSUPP;
205 }
206 *tun_type = NFP_FL_TUNNEL_GENEVE;
207 *key_layer |= NFP_FLOWER_LAYER_EXT_META;
208 *key_size += sizeof(struct nfp_flower_ext_meta);
209 *key_layer_two |= NFP_FLOWER_LAYER2_GENEVE;
210
211 if (ipv6) {
212 *key_layer_two |= NFP_FLOWER_LAYER2_TUN_IPV6;
213 *key_size += sizeof(struct nfp_flower_ipv6_udp_tun);
214 } else {
215 *key_size += sizeof(struct nfp_flower_ipv4_udp_tun);
216 }
217
218 if (!enc_op)
219 break;
220 if (!(priv->flower_ext_feats & NFP_FL_FEATS_GENEVE_OPT)) {
221 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support geneve option offload");
222 return -EOPNOTSUPP;
223 }
224 err = nfp_flower_calc_opt_layer(enc_op, key_layer_two, key_size,
225 ipv6, extack);
226 if (err)
227 return err;
228 break;
229 default:
230 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel type unknown");
231 return -EOPNOTSUPP;
232 }
233
234 return 0;
235 }
236
237 int
nfp_flower_calculate_key_layers(struct nfp_app * app,struct net_device * netdev,struct nfp_fl_key_ls * ret_key_ls,struct flow_rule * rule,enum nfp_flower_tun_type * tun_type,struct netlink_ext_ack * extack)238 nfp_flower_calculate_key_layers(struct nfp_app *app,
239 struct net_device *netdev,
240 struct nfp_fl_key_ls *ret_key_ls,
241 struct flow_rule *rule,
242 enum nfp_flower_tun_type *tun_type,
243 struct netlink_ext_ack *extack)
244 {
245 struct flow_dissector *dissector = rule->match.dissector;
246 struct flow_match_basic basic = { NULL, NULL};
247 struct nfp_flower_priv *priv = app->priv;
248 u32 key_layer_two;
249 u8 key_layer;
250 int key_size;
251 int err;
252
253 if (dissector->used_keys & ~NFP_FLOWER_WHITELIST_DISSECTOR) {
254 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match not supported");
255 return -EOPNOTSUPP;
256 }
257
258 /* If any tun dissector is used then the required set must be used. */
259 if (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR &&
260 (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR_V6_R)
261 != NFP_FLOWER_WHITELIST_TUN_DISSECTOR_V6_R &&
262 (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R)
263 != NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R) {
264 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel match not supported");
265 return -EOPNOTSUPP;
266 }
267
268 key_layer_two = 0;
269 key_layer = NFP_FLOWER_LAYER_PORT;
270 key_size = sizeof(struct nfp_flower_meta_tci) +
271 sizeof(struct nfp_flower_in_port);
272
273 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS) ||
274 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_MPLS)) {
275 key_layer |= NFP_FLOWER_LAYER_MAC;
276 key_size += sizeof(struct nfp_flower_mac_mpls);
277 }
278
279 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN)) {
280 struct flow_match_vlan vlan;
281
282 flow_rule_match_vlan(rule, &vlan);
283 if (!(priv->flower_ext_feats & NFP_FL_FEATS_VLAN_PCP) &&
284 vlan.key->vlan_priority) {
285 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support VLAN PCP offload");
286 return -EOPNOTSUPP;
287 }
288 if (priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ &&
289 !(key_layer_two & NFP_FLOWER_LAYER2_QINQ)) {
290 key_layer |= NFP_FLOWER_LAYER_EXT_META;
291 key_size += sizeof(struct nfp_flower_ext_meta);
292 key_size += sizeof(struct nfp_flower_vlan);
293 key_layer_two |= NFP_FLOWER_LAYER2_QINQ;
294 }
295 }
296
297 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CVLAN)) {
298 struct flow_match_vlan cvlan;
299
300 if (!(priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ)) {
301 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support VLAN QinQ offload");
302 return -EOPNOTSUPP;
303 }
304
305 flow_rule_match_vlan(rule, &cvlan);
306 if (!(key_layer_two & NFP_FLOWER_LAYER2_QINQ)) {
307 key_layer |= NFP_FLOWER_LAYER_EXT_META;
308 key_size += sizeof(struct nfp_flower_ext_meta);
309 key_size += sizeof(struct nfp_flower_vlan);
310 key_layer_two |= NFP_FLOWER_LAYER2_QINQ;
311 }
312 }
313
314 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_CONTROL)) {
315 struct flow_match_enc_opts enc_op = { NULL, NULL };
316 struct flow_match_ipv4_addrs ipv4_addrs;
317 struct flow_match_ipv6_addrs ipv6_addrs;
318 struct flow_match_control enc_ctl;
319 struct flow_match_ports enc_ports;
320 bool ipv6_tun = false;
321
322 flow_rule_match_enc_control(rule, &enc_ctl);
323
324 if (enc_ctl.mask->addr_type != 0xffff) {
325 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: wildcarded protocols on tunnels are not supported");
326 return -EOPNOTSUPP;
327 }
328
329 ipv6_tun = enc_ctl.key->addr_type ==
330 FLOW_DISSECTOR_KEY_IPV6_ADDRS;
331 if (ipv6_tun &&
332 !(priv->flower_ext_feats & NFP_FL_FEATS_IPV6_TUN)) {
333 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: firmware does not support IPv6 tunnels");
334 return -EOPNOTSUPP;
335 }
336
337 if (!ipv6_tun &&
338 enc_ctl.key->addr_type != FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
339 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel address type not IPv4 or IPv6");
340 return -EOPNOTSUPP;
341 }
342
343 if (ipv6_tun) {
344 flow_rule_match_enc_ipv6_addrs(rule, &ipv6_addrs);
345 if (memchr_inv(&ipv6_addrs.mask->dst, 0xff,
346 sizeof(ipv6_addrs.mask->dst))) {
347 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match IPv6 destination address is supported");
348 return -EOPNOTSUPP;
349 }
350 } else {
351 flow_rule_match_enc_ipv4_addrs(rule, &ipv4_addrs);
352 if (ipv4_addrs.mask->dst != cpu_to_be32(~0)) {
353 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match IPv4 destination address is supported");
354 return -EOPNOTSUPP;
355 }
356 }
357
358 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS))
359 flow_rule_match_enc_opts(rule, &enc_op);
360
361 if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS)) {
362 /* check if GRE, which has no enc_ports */
363 if (!netif_is_gretap(netdev)) {
364 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: an exact match on L4 destination port is required for non-GRE tunnels");
365 return -EOPNOTSUPP;
366 }
367
368 *tun_type = NFP_FL_TUNNEL_GRE;
369 key_layer |= NFP_FLOWER_LAYER_EXT_META;
370 key_size += sizeof(struct nfp_flower_ext_meta);
371 key_layer_two |= NFP_FLOWER_LAYER2_GRE;
372
373 if (ipv6_tun) {
374 key_layer_two |= NFP_FLOWER_LAYER2_TUN_IPV6;
375 key_size +=
376 sizeof(struct nfp_flower_ipv6_udp_tun);
377 } else {
378 key_size +=
379 sizeof(struct nfp_flower_ipv4_udp_tun);
380 }
381
382 if (enc_op.key) {
383 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: encap options not supported on GRE tunnels");
384 return -EOPNOTSUPP;
385 }
386 } else {
387 flow_rule_match_enc_ports(rule, &enc_ports);
388 if (enc_ports.mask->dst != cpu_to_be16(~0)) {
389 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match L4 destination port is supported");
390 return -EOPNOTSUPP;
391 }
392
393 err = nfp_flower_calc_udp_tun_layer(enc_ports.key,
394 enc_op.key,
395 &key_layer_two,
396 &key_layer,
397 &key_size, priv,
398 tun_type, ipv6_tun,
399 extack);
400 if (err)
401 return err;
402
403 /* Ensure the ingress netdev matches the expected
404 * tun type.
405 */
406 if (!nfp_fl_netdev_is_tunnel_type(netdev, *tun_type)) {
407 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: ingress netdev does not match the expected tunnel type");
408 return -EOPNOTSUPP;
409 }
410 }
411 }
412
413 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC))
414 flow_rule_match_basic(rule, &basic);
415
416 if (basic.mask && basic.mask->n_proto) {
417 /* Ethernet type is present in the key. */
418 switch (basic.key->n_proto) {
419 case cpu_to_be16(ETH_P_IP):
420 key_layer |= NFP_FLOWER_LAYER_IPV4;
421 key_size += sizeof(struct nfp_flower_ipv4);
422 break;
423
424 case cpu_to_be16(ETH_P_IPV6):
425 key_layer |= NFP_FLOWER_LAYER_IPV6;
426 key_size += sizeof(struct nfp_flower_ipv6);
427 break;
428
429 /* Currently we do not offload ARP
430 * because we rely on it to get to the host.
431 */
432 case cpu_to_be16(ETH_P_ARP):
433 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: ARP not supported");
434 return -EOPNOTSUPP;
435
436 case cpu_to_be16(ETH_P_MPLS_UC):
437 case cpu_to_be16(ETH_P_MPLS_MC):
438 if (!(key_layer & NFP_FLOWER_LAYER_MAC)) {
439 key_layer |= NFP_FLOWER_LAYER_MAC;
440 key_size += sizeof(struct nfp_flower_mac_mpls);
441 }
442 break;
443
444 /* Will be included in layer 2. */
445 case cpu_to_be16(ETH_P_8021Q):
446 break;
447
448 default:
449 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on given EtherType is not supported");
450 return -EOPNOTSUPP;
451 }
452 } else if (nfp_flower_check_higher_than_mac(rule)) {
453 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: cannot match above L2 without specified EtherType");
454 return -EOPNOTSUPP;
455 }
456
457 if (basic.mask && basic.mask->ip_proto) {
458 switch (basic.key->ip_proto) {
459 case IPPROTO_TCP:
460 case IPPROTO_UDP:
461 case IPPROTO_SCTP:
462 case IPPROTO_ICMP:
463 case IPPROTO_ICMPV6:
464 key_layer |= NFP_FLOWER_LAYER_TP;
465 key_size += sizeof(struct nfp_flower_tp_ports);
466 break;
467 }
468 }
469
470 if (!(key_layer & NFP_FLOWER_LAYER_TP) &&
471 nfp_flower_check_higher_than_l3(rule)) {
472 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: cannot match on L4 information without specified IP protocol type");
473 return -EOPNOTSUPP;
474 }
475
476 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_TCP)) {
477 struct flow_match_tcp tcp;
478 u32 tcp_flags;
479
480 flow_rule_match_tcp(rule, &tcp);
481 tcp_flags = be16_to_cpu(tcp.key->flags);
482
483 if (tcp_flags & ~NFP_FLOWER_SUPPORTED_TCPFLAGS) {
484 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: no match support for selected TCP flags");
485 return -EOPNOTSUPP;
486 }
487
488 /* We only support PSH and URG flags when either
489 * FIN, SYN or RST is present as well.
490 */
491 if ((tcp_flags & (TCPHDR_PSH | TCPHDR_URG)) &&
492 !(tcp_flags & (TCPHDR_FIN | TCPHDR_SYN | TCPHDR_RST))) {
493 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: PSH and URG is only supported when used with FIN, SYN or RST");
494 return -EOPNOTSUPP;
495 }
496
497 /* We need to store TCP flags in the either the IPv4 or IPv6 key
498 * space, thus we need to ensure we include a IPv4/IPv6 key
499 * layer if we have not done so already.
500 */
501 if (!basic.key) {
502 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on TCP flags requires a match on L3 protocol");
503 return -EOPNOTSUPP;
504 }
505
506 if (!(key_layer & NFP_FLOWER_LAYER_IPV4) &&
507 !(key_layer & NFP_FLOWER_LAYER_IPV6)) {
508 switch (basic.key->n_proto) {
509 case cpu_to_be16(ETH_P_IP):
510 key_layer |= NFP_FLOWER_LAYER_IPV4;
511 key_size += sizeof(struct nfp_flower_ipv4);
512 break;
513
514 case cpu_to_be16(ETH_P_IPV6):
515 key_layer |= NFP_FLOWER_LAYER_IPV6;
516 key_size += sizeof(struct nfp_flower_ipv6);
517 break;
518
519 default:
520 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on TCP flags requires a match on IPv4/IPv6");
521 return -EOPNOTSUPP;
522 }
523 }
524 }
525
526 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) {
527 struct flow_match_control ctl;
528
529 flow_rule_match_control(rule, &ctl);
530 if (ctl.key->flags & ~NFP_FLOWER_SUPPORTED_CTLFLAGS) {
531 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on unknown control flag");
532 return -EOPNOTSUPP;
533 }
534 }
535
536 ret_key_ls->key_layer = key_layer;
537 ret_key_ls->key_layer_two = key_layer_two;
538 ret_key_ls->key_size = key_size;
539
540 return 0;
541 }
542
543 struct nfp_fl_payload *
nfp_flower_allocate_new(struct nfp_fl_key_ls * key_layer)544 nfp_flower_allocate_new(struct nfp_fl_key_ls *key_layer)
545 {
546 struct nfp_fl_payload *flow_pay;
547
548 flow_pay = kmalloc(sizeof(*flow_pay), GFP_KERNEL);
549 if (!flow_pay)
550 return NULL;
551
552 flow_pay->meta.key_len = key_layer->key_size;
553 flow_pay->unmasked_data = kmalloc(key_layer->key_size, GFP_KERNEL);
554 if (!flow_pay->unmasked_data)
555 goto err_free_flow;
556
557 flow_pay->meta.mask_len = key_layer->key_size;
558 flow_pay->mask_data = kmalloc(key_layer->key_size, GFP_KERNEL);
559 if (!flow_pay->mask_data)
560 goto err_free_unmasked;
561
562 flow_pay->action_data = kmalloc(NFP_FL_MAX_A_SIZ, GFP_KERNEL);
563 if (!flow_pay->action_data)
564 goto err_free_mask;
565
566 flow_pay->nfp_tun_ipv4_addr = 0;
567 flow_pay->nfp_tun_ipv6 = NULL;
568 flow_pay->meta.flags = 0;
569 INIT_LIST_HEAD(&flow_pay->linked_flows);
570 flow_pay->in_hw = false;
571 flow_pay->pre_tun_rule.dev = NULL;
572
573 return flow_pay;
574
575 err_free_mask:
576 kfree(flow_pay->mask_data);
577 err_free_unmasked:
578 kfree(flow_pay->unmasked_data);
579 err_free_flow:
580 kfree(flow_pay);
581 return NULL;
582 }
583
584 static int
nfp_flower_update_merge_with_actions(struct nfp_fl_payload * flow,struct nfp_flower_merge_check * merge,u8 * last_act_id,int * act_out)585 nfp_flower_update_merge_with_actions(struct nfp_fl_payload *flow,
586 struct nfp_flower_merge_check *merge,
587 u8 *last_act_id, int *act_out)
588 {
589 struct nfp_fl_set_ipv6_tc_hl_fl *ipv6_tc_hl_fl;
590 struct nfp_fl_set_ip4_ttl_tos *ipv4_ttl_tos;
591 struct nfp_fl_set_ip4_addrs *ipv4_add;
592 struct nfp_fl_set_ipv6_addr *ipv6_add;
593 struct nfp_fl_push_vlan *push_vlan;
594 struct nfp_fl_pre_tunnel *pre_tun;
595 struct nfp_fl_set_tport *tport;
596 struct nfp_fl_set_eth *eth;
597 struct nfp_fl_act_head *a;
598 unsigned int act_off = 0;
599 bool ipv6_tun = false;
600 u8 act_id = 0;
601 u8 *ports;
602 int i;
603
604 while (act_off < flow->meta.act_len) {
605 a = (struct nfp_fl_act_head *)&flow->action_data[act_off];
606 act_id = a->jump_id;
607
608 switch (act_id) {
609 case NFP_FL_ACTION_OPCODE_OUTPUT:
610 if (act_out)
611 (*act_out)++;
612 break;
613 case NFP_FL_ACTION_OPCODE_PUSH_VLAN:
614 push_vlan = (struct nfp_fl_push_vlan *)a;
615 if (push_vlan->vlan_tci)
616 merge->tci = cpu_to_be16(0xffff);
617 break;
618 case NFP_FL_ACTION_OPCODE_POP_VLAN:
619 merge->tci = cpu_to_be16(0);
620 break;
621 case NFP_FL_ACTION_OPCODE_SET_TUNNEL:
622 /* New tunnel header means l2 to l4 can be matched. */
623 eth_broadcast_addr(&merge->l2.mac_dst[0]);
624 eth_broadcast_addr(&merge->l2.mac_src[0]);
625 memset(&merge->l4, 0xff,
626 sizeof(struct nfp_flower_tp_ports));
627 if (ipv6_tun)
628 memset(&merge->ipv6, 0xff,
629 sizeof(struct nfp_flower_ipv6));
630 else
631 memset(&merge->ipv4, 0xff,
632 sizeof(struct nfp_flower_ipv4));
633 break;
634 case NFP_FL_ACTION_OPCODE_SET_ETHERNET:
635 eth = (struct nfp_fl_set_eth *)a;
636 for (i = 0; i < ETH_ALEN; i++)
637 merge->l2.mac_dst[i] |= eth->eth_addr_mask[i];
638 for (i = 0; i < ETH_ALEN; i++)
639 merge->l2.mac_src[i] |=
640 eth->eth_addr_mask[ETH_ALEN + i];
641 break;
642 case NFP_FL_ACTION_OPCODE_SET_IPV4_ADDRS:
643 ipv4_add = (struct nfp_fl_set_ip4_addrs *)a;
644 merge->ipv4.ipv4_src |= ipv4_add->ipv4_src_mask;
645 merge->ipv4.ipv4_dst |= ipv4_add->ipv4_dst_mask;
646 break;
647 case NFP_FL_ACTION_OPCODE_SET_IPV4_TTL_TOS:
648 ipv4_ttl_tos = (struct nfp_fl_set_ip4_ttl_tos *)a;
649 merge->ipv4.ip_ext.ttl |= ipv4_ttl_tos->ipv4_ttl_mask;
650 merge->ipv4.ip_ext.tos |= ipv4_ttl_tos->ipv4_tos_mask;
651 break;
652 case NFP_FL_ACTION_OPCODE_SET_IPV6_SRC:
653 ipv6_add = (struct nfp_fl_set_ipv6_addr *)a;
654 for (i = 0; i < 4; i++)
655 merge->ipv6.ipv6_src.in6_u.u6_addr32[i] |=
656 ipv6_add->ipv6[i].mask;
657 break;
658 case NFP_FL_ACTION_OPCODE_SET_IPV6_DST:
659 ipv6_add = (struct nfp_fl_set_ipv6_addr *)a;
660 for (i = 0; i < 4; i++)
661 merge->ipv6.ipv6_dst.in6_u.u6_addr32[i] |=
662 ipv6_add->ipv6[i].mask;
663 break;
664 case NFP_FL_ACTION_OPCODE_SET_IPV6_TC_HL_FL:
665 ipv6_tc_hl_fl = (struct nfp_fl_set_ipv6_tc_hl_fl *)a;
666 merge->ipv6.ip_ext.ttl |=
667 ipv6_tc_hl_fl->ipv6_hop_limit_mask;
668 merge->ipv6.ip_ext.tos |= ipv6_tc_hl_fl->ipv6_tc_mask;
669 merge->ipv6.ipv6_flow_label_exthdr |=
670 ipv6_tc_hl_fl->ipv6_label_mask;
671 break;
672 case NFP_FL_ACTION_OPCODE_SET_UDP:
673 case NFP_FL_ACTION_OPCODE_SET_TCP:
674 tport = (struct nfp_fl_set_tport *)a;
675 ports = (u8 *)&merge->l4.port_src;
676 for (i = 0; i < 4; i++)
677 ports[i] |= tport->tp_port_mask[i];
678 break;
679 case NFP_FL_ACTION_OPCODE_PRE_TUNNEL:
680 pre_tun = (struct nfp_fl_pre_tunnel *)a;
681 ipv6_tun = be16_to_cpu(pre_tun->flags) &
682 NFP_FL_PRE_TUN_IPV6;
683 break;
684 case NFP_FL_ACTION_OPCODE_PRE_LAG:
685 case NFP_FL_ACTION_OPCODE_PUSH_GENEVE:
686 break;
687 default:
688 return -EOPNOTSUPP;
689 }
690
691 act_off += a->len_lw << NFP_FL_LW_SIZ;
692 }
693
694 if (last_act_id)
695 *last_act_id = act_id;
696
697 return 0;
698 }
699
700 static int
nfp_flower_populate_merge_match(struct nfp_fl_payload * flow,struct nfp_flower_merge_check * merge,bool extra_fields)701 nfp_flower_populate_merge_match(struct nfp_fl_payload *flow,
702 struct nfp_flower_merge_check *merge,
703 bool extra_fields)
704 {
705 struct nfp_flower_meta_tci *meta_tci;
706 u8 *mask = flow->mask_data;
707 u8 key_layer, match_size;
708
709 memset(merge, 0, sizeof(struct nfp_flower_merge_check));
710
711 meta_tci = (struct nfp_flower_meta_tci *)mask;
712 key_layer = meta_tci->nfp_flow_key_layer;
713
714 if (key_layer & ~NFP_FLOWER_MERGE_FIELDS && !extra_fields)
715 return -EOPNOTSUPP;
716
717 merge->tci = meta_tci->tci;
718 mask += sizeof(struct nfp_flower_meta_tci);
719
720 if (key_layer & NFP_FLOWER_LAYER_EXT_META)
721 mask += sizeof(struct nfp_flower_ext_meta);
722
723 mask += sizeof(struct nfp_flower_in_port);
724
725 if (key_layer & NFP_FLOWER_LAYER_MAC) {
726 match_size = sizeof(struct nfp_flower_mac_mpls);
727 memcpy(&merge->l2, mask, match_size);
728 mask += match_size;
729 }
730
731 if (key_layer & NFP_FLOWER_LAYER_TP) {
732 match_size = sizeof(struct nfp_flower_tp_ports);
733 memcpy(&merge->l4, mask, match_size);
734 mask += match_size;
735 }
736
737 if (key_layer & NFP_FLOWER_LAYER_IPV4) {
738 match_size = sizeof(struct nfp_flower_ipv4);
739 memcpy(&merge->ipv4, mask, match_size);
740 }
741
742 if (key_layer & NFP_FLOWER_LAYER_IPV6) {
743 match_size = sizeof(struct nfp_flower_ipv6);
744 memcpy(&merge->ipv6, mask, match_size);
745 }
746
747 return 0;
748 }
749
750 static int
nfp_flower_can_merge(struct nfp_fl_payload * sub_flow1,struct nfp_fl_payload * sub_flow2)751 nfp_flower_can_merge(struct nfp_fl_payload *sub_flow1,
752 struct nfp_fl_payload *sub_flow2)
753 {
754 /* Two flows can be merged if sub_flow2 only matches on bits that are
755 * either matched by sub_flow1 or set by a sub_flow1 action. This
756 * ensures that every packet that hits sub_flow1 and recirculates is
757 * guaranteed to hit sub_flow2.
758 */
759 struct nfp_flower_merge_check sub_flow1_merge, sub_flow2_merge;
760 int err, act_out = 0;
761 u8 last_act_id = 0;
762
763 err = nfp_flower_populate_merge_match(sub_flow1, &sub_flow1_merge,
764 true);
765 if (err)
766 return err;
767
768 err = nfp_flower_populate_merge_match(sub_flow2, &sub_flow2_merge,
769 false);
770 if (err)
771 return err;
772
773 err = nfp_flower_update_merge_with_actions(sub_flow1, &sub_flow1_merge,
774 &last_act_id, &act_out);
775 if (err)
776 return err;
777
778 /* Must only be 1 output action and it must be the last in sequence. */
779 if (act_out != 1 || last_act_id != NFP_FL_ACTION_OPCODE_OUTPUT)
780 return -EOPNOTSUPP;
781
782 /* Reject merge if sub_flow2 matches on something that is not matched
783 * on or set in an action by sub_flow1.
784 */
785 err = bitmap_andnot(sub_flow2_merge.vals, sub_flow2_merge.vals,
786 sub_flow1_merge.vals,
787 sizeof(struct nfp_flower_merge_check) * 8);
788 if (err)
789 return -EINVAL;
790
791 return 0;
792 }
793
794 static unsigned int
nfp_flower_copy_pre_actions(char * act_dst,char * act_src,int len,bool * tunnel_act)795 nfp_flower_copy_pre_actions(char *act_dst, char *act_src, int len,
796 bool *tunnel_act)
797 {
798 unsigned int act_off = 0, act_len;
799 struct nfp_fl_act_head *a;
800 u8 act_id = 0;
801
802 while (act_off < len) {
803 a = (struct nfp_fl_act_head *)&act_src[act_off];
804 act_len = a->len_lw << NFP_FL_LW_SIZ;
805 act_id = a->jump_id;
806
807 switch (act_id) {
808 case NFP_FL_ACTION_OPCODE_PRE_TUNNEL:
809 if (tunnel_act)
810 *tunnel_act = true;
811 fallthrough;
812 case NFP_FL_ACTION_OPCODE_PRE_LAG:
813 memcpy(act_dst + act_off, act_src + act_off, act_len);
814 break;
815 default:
816 return act_off;
817 }
818
819 act_off += act_len;
820 }
821
822 return act_off;
823 }
824
825 static int
nfp_fl_verify_post_tun_acts(char * acts,int len,struct nfp_fl_push_vlan ** vlan)826 nfp_fl_verify_post_tun_acts(char *acts, int len, struct nfp_fl_push_vlan **vlan)
827 {
828 struct nfp_fl_act_head *a;
829 unsigned int act_off = 0;
830
831 while (act_off < len) {
832 a = (struct nfp_fl_act_head *)&acts[act_off];
833
834 if (a->jump_id == NFP_FL_ACTION_OPCODE_PUSH_VLAN && !act_off)
835 *vlan = (struct nfp_fl_push_vlan *)a;
836 else if (a->jump_id != NFP_FL_ACTION_OPCODE_OUTPUT)
837 return -EOPNOTSUPP;
838
839 act_off += a->len_lw << NFP_FL_LW_SIZ;
840 }
841
842 /* Ensure any VLAN push also has an egress action. */
843 if (*vlan && act_off <= sizeof(struct nfp_fl_push_vlan))
844 return -EOPNOTSUPP;
845
846 return 0;
847 }
848
849 static int
nfp_fl_push_vlan_after_tun(char * acts,int len,struct nfp_fl_push_vlan * vlan)850 nfp_fl_push_vlan_after_tun(char *acts, int len, struct nfp_fl_push_vlan *vlan)
851 {
852 struct nfp_fl_set_tun *tun;
853 struct nfp_fl_act_head *a;
854 unsigned int act_off = 0;
855
856 while (act_off < len) {
857 a = (struct nfp_fl_act_head *)&acts[act_off];
858
859 if (a->jump_id == NFP_FL_ACTION_OPCODE_SET_TUNNEL) {
860 tun = (struct nfp_fl_set_tun *)a;
861 tun->outer_vlan_tpid = vlan->vlan_tpid;
862 tun->outer_vlan_tci = vlan->vlan_tci;
863
864 return 0;
865 }
866
867 act_off += a->len_lw << NFP_FL_LW_SIZ;
868 }
869
870 /* Return error if no tunnel action is found. */
871 return -EOPNOTSUPP;
872 }
873
874 static int
nfp_flower_merge_action(struct nfp_fl_payload * sub_flow1,struct nfp_fl_payload * sub_flow2,struct nfp_fl_payload * merge_flow)875 nfp_flower_merge_action(struct nfp_fl_payload *sub_flow1,
876 struct nfp_fl_payload *sub_flow2,
877 struct nfp_fl_payload *merge_flow)
878 {
879 unsigned int sub1_act_len, sub2_act_len, pre_off1, pre_off2;
880 struct nfp_fl_push_vlan *post_tun_push_vlan = NULL;
881 bool tunnel_act = false;
882 char *merge_act;
883 int err;
884
885 /* The last action of sub_flow1 must be output - do not merge this. */
886 sub1_act_len = sub_flow1->meta.act_len - sizeof(struct nfp_fl_output);
887 sub2_act_len = sub_flow2->meta.act_len;
888
889 if (!sub2_act_len)
890 return -EINVAL;
891
892 if (sub1_act_len + sub2_act_len > NFP_FL_MAX_A_SIZ)
893 return -EINVAL;
894
895 /* A shortcut can only be applied if there is a single action. */
896 if (sub1_act_len)
897 merge_flow->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL);
898 else
899 merge_flow->meta.shortcut = sub_flow2->meta.shortcut;
900
901 merge_flow->meta.act_len = sub1_act_len + sub2_act_len;
902 merge_act = merge_flow->action_data;
903
904 /* Copy any pre-actions to the start of merge flow action list. */
905 pre_off1 = nfp_flower_copy_pre_actions(merge_act,
906 sub_flow1->action_data,
907 sub1_act_len, &tunnel_act);
908 merge_act += pre_off1;
909 sub1_act_len -= pre_off1;
910 pre_off2 = nfp_flower_copy_pre_actions(merge_act,
911 sub_flow2->action_data,
912 sub2_act_len, NULL);
913 merge_act += pre_off2;
914 sub2_act_len -= pre_off2;
915
916 /* FW does a tunnel push when egressing, therefore, if sub_flow 1 pushes
917 * a tunnel, there are restrictions on what sub_flow 2 actions lead to a
918 * valid merge.
919 */
920 if (tunnel_act) {
921 char *post_tun_acts = &sub_flow2->action_data[pre_off2];
922
923 err = nfp_fl_verify_post_tun_acts(post_tun_acts, sub2_act_len,
924 &post_tun_push_vlan);
925 if (err)
926 return err;
927
928 if (post_tun_push_vlan) {
929 pre_off2 += sizeof(*post_tun_push_vlan);
930 sub2_act_len -= sizeof(*post_tun_push_vlan);
931 }
932 }
933
934 /* Copy remaining actions from sub_flows 1 and 2. */
935 memcpy(merge_act, sub_flow1->action_data + pre_off1, sub1_act_len);
936
937 if (post_tun_push_vlan) {
938 /* Update tunnel action in merge to include VLAN push. */
939 err = nfp_fl_push_vlan_after_tun(merge_act, sub1_act_len,
940 post_tun_push_vlan);
941 if (err)
942 return err;
943
944 merge_flow->meta.act_len -= sizeof(*post_tun_push_vlan);
945 }
946
947 merge_act += sub1_act_len;
948 memcpy(merge_act, sub_flow2->action_data + pre_off2, sub2_act_len);
949
950 return 0;
951 }
952
953 /* Flow link code should only be accessed under RTNL. */
nfp_flower_unlink_flow(struct nfp_fl_payload_link * link)954 static void nfp_flower_unlink_flow(struct nfp_fl_payload_link *link)
955 {
956 list_del(&link->merge_flow.list);
957 list_del(&link->sub_flow.list);
958 kfree(link);
959 }
960
nfp_flower_unlink_flows(struct nfp_fl_payload * merge_flow,struct nfp_fl_payload * sub_flow)961 static void nfp_flower_unlink_flows(struct nfp_fl_payload *merge_flow,
962 struct nfp_fl_payload *sub_flow)
963 {
964 struct nfp_fl_payload_link *link;
965
966 list_for_each_entry(link, &merge_flow->linked_flows, merge_flow.list)
967 if (link->sub_flow.flow == sub_flow) {
968 nfp_flower_unlink_flow(link);
969 return;
970 }
971 }
972
nfp_flower_link_flows(struct nfp_fl_payload * merge_flow,struct nfp_fl_payload * sub_flow)973 static int nfp_flower_link_flows(struct nfp_fl_payload *merge_flow,
974 struct nfp_fl_payload *sub_flow)
975 {
976 struct nfp_fl_payload_link *link;
977
978 link = kmalloc(sizeof(*link), GFP_KERNEL);
979 if (!link)
980 return -ENOMEM;
981
982 link->merge_flow.flow = merge_flow;
983 list_add_tail(&link->merge_flow.list, &merge_flow->linked_flows);
984 link->sub_flow.flow = sub_flow;
985 list_add_tail(&link->sub_flow.list, &sub_flow->linked_flows);
986
987 return 0;
988 }
989
990 /**
991 * nfp_flower_merge_offloaded_flows() - Merge 2 existing flows to single flow.
992 * @app: Pointer to the APP handle
993 * @sub_flow1: Initial flow matched to produce merge hint
994 * @sub_flow2: Post recirculation flow matched in merge hint
995 *
996 * Combines 2 flows (if valid) to a single flow, removing the initial from hw
997 * and offloading the new, merged flow.
998 *
999 * Return: negative value on error, 0 in success.
1000 */
nfp_flower_merge_offloaded_flows(struct nfp_app * app,struct nfp_fl_payload * sub_flow1,struct nfp_fl_payload * sub_flow2)1001 int nfp_flower_merge_offloaded_flows(struct nfp_app *app,
1002 struct nfp_fl_payload *sub_flow1,
1003 struct nfp_fl_payload *sub_flow2)
1004 {
1005 struct nfp_flower_priv *priv = app->priv;
1006 struct nfp_fl_payload *merge_flow;
1007 struct nfp_fl_key_ls merge_key_ls;
1008 struct nfp_merge_info *merge_info;
1009 u64 parent_ctx = 0;
1010 int err;
1011
1012 if (sub_flow1 == sub_flow2 ||
1013 nfp_flower_is_merge_flow(sub_flow1) ||
1014 nfp_flower_is_merge_flow(sub_flow2))
1015 return -EINVAL;
1016
1017 /* check if the two flows are already merged */
1018 parent_ctx = (u64)(be32_to_cpu(sub_flow1->meta.host_ctx_id)) << 32;
1019 parent_ctx |= (u64)(be32_to_cpu(sub_flow2->meta.host_ctx_id));
1020 if (rhashtable_lookup_fast(&priv->merge_table,
1021 &parent_ctx, merge_table_params)) {
1022 nfp_flower_cmsg_warn(app, "The two flows are already merged.\n");
1023 return 0;
1024 }
1025
1026 err = nfp_flower_can_merge(sub_flow1, sub_flow2);
1027 if (err)
1028 return err;
1029
1030 merge_key_ls.key_size = sub_flow1->meta.key_len;
1031
1032 merge_flow = nfp_flower_allocate_new(&merge_key_ls);
1033 if (!merge_flow)
1034 return -ENOMEM;
1035
1036 merge_flow->tc_flower_cookie = (unsigned long)merge_flow;
1037 merge_flow->ingress_dev = sub_flow1->ingress_dev;
1038
1039 memcpy(merge_flow->unmasked_data, sub_flow1->unmasked_data,
1040 sub_flow1->meta.key_len);
1041 memcpy(merge_flow->mask_data, sub_flow1->mask_data,
1042 sub_flow1->meta.mask_len);
1043
1044 err = nfp_flower_merge_action(sub_flow1, sub_flow2, merge_flow);
1045 if (err)
1046 goto err_destroy_merge_flow;
1047
1048 err = nfp_flower_link_flows(merge_flow, sub_flow1);
1049 if (err)
1050 goto err_destroy_merge_flow;
1051
1052 err = nfp_flower_link_flows(merge_flow, sub_flow2);
1053 if (err)
1054 goto err_unlink_sub_flow1;
1055
1056 err = nfp_compile_flow_metadata(app, merge_flow->tc_flower_cookie, merge_flow,
1057 merge_flow->ingress_dev, NULL);
1058 if (err)
1059 goto err_unlink_sub_flow2;
1060
1061 err = rhashtable_insert_fast(&priv->flow_table, &merge_flow->fl_node,
1062 nfp_flower_table_params);
1063 if (err)
1064 goto err_release_metadata;
1065
1066 merge_info = kmalloc(sizeof(*merge_info), GFP_KERNEL);
1067 if (!merge_info) {
1068 err = -ENOMEM;
1069 goto err_remove_rhash;
1070 }
1071 merge_info->parent_ctx = parent_ctx;
1072 err = rhashtable_insert_fast(&priv->merge_table, &merge_info->ht_node,
1073 merge_table_params);
1074 if (err)
1075 goto err_destroy_merge_info;
1076
1077 err = nfp_flower_xmit_flow(app, merge_flow,
1078 NFP_FLOWER_CMSG_TYPE_FLOW_MOD);
1079 if (err)
1080 goto err_remove_merge_info;
1081
1082 merge_flow->in_hw = true;
1083 sub_flow1->in_hw = false;
1084
1085 return 0;
1086
1087 err_remove_merge_info:
1088 WARN_ON_ONCE(rhashtable_remove_fast(&priv->merge_table,
1089 &merge_info->ht_node,
1090 merge_table_params));
1091 err_destroy_merge_info:
1092 kfree(merge_info);
1093 err_remove_rhash:
1094 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table,
1095 &merge_flow->fl_node,
1096 nfp_flower_table_params));
1097 err_release_metadata:
1098 nfp_modify_flow_metadata(app, merge_flow);
1099 err_unlink_sub_flow2:
1100 nfp_flower_unlink_flows(merge_flow, sub_flow2);
1101 err_unlink_sub_flow1:
1102 nfp_flower_unlink_flows(merge_flow, sub_flow1);
1103 err_destroy_merge_flow:
1104 kfree(merge_flow->action_data);
1105 kfree(merge_flow->mask_data);
1106 kfree(merge_flow->unmasked_data);
1107 kfree(merge_flow);
1108 return err;
1109 }
1110
1111 /**
1112 * nfp_flower_validate_pre_tun_rule()
1113 * @app: Pointer to the APP handle
1114 * @flow: Pointer to NFP flow representation of rule
1115 * @key_ls: Pointer to NFP key layers structure
1116 * @extack: Netlink extended ACK report
1117 *
1118 * Verifies the flow as a pre-tunnel rule.
1119 *
1120 * Return: negative value on error, 0 if verified.
1121 */
1122 static int
nfp_flower_validate_pre_tun_rule(struct nfp_app * app,struct nfp_fl_payload * flow,struct nfp_fl_key_ls * key_ls,struct netlink_ext_ack * extack)1123 nfp_flower_validate_pre_tun_rule(struct nfp_app *app,
1124 struct nfp_fl_payload *flow,
1125 struct nfp_fl_key_ls *key_ls,
1126 struct netlink_ext_ack *extack)
1127 {
1128 struct nfp_flower_priv *priv = app->priv;
1129 struct nfp_flower_meta_tci *meta_tci;
1130 struct nfp_flower_mac_mpls *mac;
1131 u8 *ext = flow->unmasked_data;
1132 struct nfp_fl_act_head *act;
1133 u8 *mask = flow->mask_data;
1134 bool vlan = false;
1135 int act_offset;
1136 u8 key_layer;
1137
1138 meta_tci = (struct nfp_flower_meta_tci *)flow->unmasked_data;
1139 key_layer = key_ls->key_layer;
1140 if (!(priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ)) {
1141 if (meta_tci->tci & cpu_to_be16(NFP_FLOWER_MASK_VLAN_PRESENT)) {
1142 u16 vlan_tci = be16_to_cpu(meta_tci->tci);
1143
1144 vlan_tci &= ~NFP_FLOWER_MASK_VLAN_PRESENT;
1145 flow->pre_tun_rule.vlan_tci = cpu_to_be16(vlan_tci);
1146 vlan = true;
1147 } else {
1148 flow->pre_tun_rule.vlan_tci = cpu_to_be16(0xffff);
1149 }
1150 }
1151
1152 if (key_layer & ~NFP_FLOWER_PRE_TUN_RULE_FIELDS) {
1153 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: too many match fields");
1154 return -EOPNOTSUPP;
1155 } else if (key_ls->key_layer_two & ~NFP_FLOWER_LAYER2_QINQ) {
1156 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: non-vlan in extended match fields");
1157 return -EOPNOTSUPP;
1158 }
1159
1160 if (!(key_layer & NFP_FLOWER_LAYER_MAC)) {
1161 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: MAC fields match required");
1162 return -EOPNOTSUPP;
1163 }
1164
1165 if (!(key_layer & NFP_FLOWER_LAYER_IPV4) &&
1166 !(key_layer & NFP_FLOWER_LAYER_IPV6)) {
1167 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: match on ipv4/ipv6 eth_type must be present");
1168 return -EOPNOTSUPP;
1169 }
1170
1171 /* Skip fields known to exist. */
1172 mask += sizeof(struct nfp_flower_meta_tci);
1173 ext += sizeof(struct nfp_flower_meta_tci);
1174 if (key_ls->key_layer_two) {
1175 mask += sizeof(struct nfp_flower_ext_meta);
1176 ext += sizeof(struct nfp_flower_ext_meta);
1177 }
1178 mask += sizeof(struct nfp_flower_in_port);
1179 ext += sizeof(struct nfp_flower_in_port);
1180
1181 /* Ensure destination MAC address matches pre_tun_dev. */
1182 mac = (struct nfp_flower_mac_mpls *)ext;
1183 if (memcmp(&mac->mac_dst[0], flow->pre_tun_rule.dev->dev_addr, 6)) {
1184 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: dest MAC must match output dev MAC");
1185 return -EOPNOTSUPP;
1186 }
1187
1188 /* Ensure destination MAC address is fully matched. */
1189 mac = (struct nfp_flower_mac_mpls *)mask;
1190 if (!is_broadcast_ether_addr(&mac->mac_dst[0])) {
1191 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: dest MAC field must not be masked");
1192 return -EOPNOTSUPP;
1193 }
1194
1195 if (mac->mpls_lse) {
1196 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: MPLS not supported");
1197 return -EOPNOTSUPP;
1198 }
1199
1200 mask += sizeof(struct nfp_flower_mac_mpls);
1201 ext += sizeof(struct nfp_flower_mac_mpls);
1202 if (key_layer & NFP_FLOWER_LAYER_IPV4 ||
1203 key_layer & NFP_FLOWER_LAYER_IPV6) {
1204 /* Flags and proto fields have same offset in IPv4 and IPv6. */
1205 int ip_flags = offsetof(struct nfp_flower_ipv4, ip_ext.flags);
1206 int ip_proto = offsetof(struct nfp_flower_ipv4, ip_ext.proto);
1207 int size;
1208 int i;
1209
1210 size = key_layer & NFP_FLOWER_LAYER_IPV4 ?
1211 sizeof(struct nfp_flower_ipv4) :
1212 sizeof(struct nfp_flower_ipv6);
1213
1214
1215 /* Ensure proto and flags are the only IP layer fields. */
1216 for (i = 0; i < size; i++)
1217 if (mask[i] && i != ip_flags && i != ip_proto) {
1218 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: only flags and proto can be matched in ip header");
1219 return -EOPNOTSUPP;
1220 }
1221 ext += size;
1222 mask += size;
1223 }
1224
1225 if ((priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ)) {
1226 if (key_ls->key_layer_two & NFP_FLOWER_LAYER2_QINQ) {
1227 struct nfp_flower_vlan *vlan_tags;
1228 u16 vlan_tci;
1229
1230 vlan_tags = (struct nfp_flower_vlan *)ext;
1231
1232 vlan_tci = be16_to_cpu(vlan_tags->outer_tci);
1233
1234 vlan_tci &= ~NFP_FLOWER_MASK_VLAN_PRESENT;
1235 flow->pre_tun_rule.vlan_tci = cpu_to_be16(vlan_tci);
1236 vlan = true;
1237 } else {
1238 flow->pre_tun_rule.vlan_tci = cpu_to_be16(0xffff);
1239 }
1240 }
1241
1242 /* Action must be a single egress or pop_vlan and egress. */
1243 act_offset = 0;
1244 act = (struct nfp_fl_act_head *)&flow->action_data[act_offset];
1245 if (vlan) {
1246 if (act->jump_id != NFP_FL_ACTION_OPCODE_POP_VLAN) {
1247 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: match on VLAN must have VLAN pop as first action");
1248 return -EOPNOTSUPP;
1249 }
1250
1251 act_offset += act->len_lw << NFP_FL_LW_SIZ;
1252 act = (struct nfp_fl_act_head *)&flow->action_data[act_offset];
1253 }
1254
1255 if (act->jump_id != NFP_FL_ACTION_OPCODE_OUTPUT) {
1256 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: non egress action detected where egress was expected");
1257 return -EOPNOTSUPP;
1258 }
1259
1260 act_offset += act->len_lw << NFP_FL_LW_SIZ;
1261
1262 /* Ensure there are no more actions after egress. */
1263 if (act_offset != flow->meta.act_len) {
1264 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: egress is not the last action");
1265 return -EOPNOTSUPP;
1266 }
1267
1268 return 0;
1269 }
1270
offload_pre_check(struct flow_cls_offload * flow)1271 static bool offload_pre_check(struct flow_cls_offload *flow)
1272 {
1273 struct flow_rule *rule = flow_cls_offload_flow_rule(flow);
1274 struct flow_dissector *dissector = rule->match.dissector;
1275
1276 if (dissector->used_keys & BIT(FLOW_DISSECTOR_KEY_CT))
1277 return false;
1278
1279 if (flow->common.chain_index)
1280 return false;
1281
1282 return true;
1283 }
1284
1285 /**
1286 * nfp_flower_add_offload() - Adds a new flow to hardware.
1287 * @app: Pointer to the APP handle
1288 * @netdev: netdev structure.
1289 * @flow: TC flower classifier offload structure.
1290 *
1291 * Adds a new flow to the repeated hash structure and action payload.
1292 *
1293 * Return: negative value on error, 0 if configured successfully.
1294 */
1295 static int
nfp_flower_add_offload(struct nfp_app * app,struct net_device * netdev,struct flow_cls_offload * flow)1296 nfp_flower_add_offload(struct nfp_app *app, struct net_device *netdev,
1297 struct flow_cls_offload *flow)
1298 {
1299 struct flow_rule *rule = flow_cls_offload_flow_rule(flow);
1300 enum nfp_flower_tun_type tun_type = NFP_FL_TUNNEL_NONE;
1301 struct nfp_flower_priv *priv = app->priv;
1302 struct netlink_ext_ack *extack = NULL;
1303 struct nfp_fl_payload *flow_pay;
1304 struct nfp_fl_key_ls *key_layer;
1305 struct nfp_port *port = NULL;
1306 int err;
1307
1308 extack = flow->common.extack;
1309 if (nfp_netdev_is_nfp_repr(netdev))
1310 port = nfp_port_from_netdev(netdev);
1311
1312 if (is_pre_ct_flow(flow))
1313 return nfp_fl_ct_handle_pre_ct(priv, netdev, flow, extack);
1314
1315 if (is_post_ct_flow(flow))
1316 return nfp_fl_ct_handle_post_ct(priv, netdev, flow, extack);
1317
1318 if (!offload_pre_check(flow))
1319 return -EOPNOTSUPP;
1320
1321 key_layer = kmalloc(sizeof(*key_layer), GFP_KERNEL);
1322 if (!key_layer)
1323 return -ENOMEM;
1324
1325 err = nfp_flower_calculate_key_layers(app, netdev, key_layer, rule,
1326 &tun_type, extack);
1327 if (err)
1328 goto err_free_key_ls;
1329
1330 flow_pay = nfp_flower_allocate_new(key_layer);
1331 if (!flow_pay) {
1332 err = -ENOMEM;
1333 goto err_free_key_ls;
1334 }
1335
1336 err = nfp_flower_compile_flow_match(app, rule, key_layer, netdev,
1337 flow_pay, tun_type, extack);
1338 if (err)
1339 goto err_destroy_flow;
1340
1341 err = nfp_flower_compile_action(app, rule, netdev, flow_pay, extack);
1342 if (err)
1343 goto err_destroy_flow;
1344
1345 if (flow_pay->pre_tun_rule.dev) {
1346 err = nfp_flower_validate_pre_tun_rule(app, flow_pay, key_layer, extack);
1347 if (err)
1348 goto err_destroy_flow;
1349 }
1350
1351 err = nfp_compile_flow_metadata(app, flow->cookie, flow_pay, netdev, extack);
1352 if (err)
1353 goto err_destroy_flow;
1354
1355 flow_pay->tc_flower_cookie = flow->cookie;
1356 err = rhashtable_insert_fast(&priv->flow_table, &flow_pay->fl_node,
1357 nfp_flower_table_params);
1358 if (err) {
1359 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot insert flow into tables for offloads");
1360 goto err_release_metadata;
1361 }
1362
1363 if (flow_pay->pre_tun_rule.dev)
1364 err = nfp_flower_xmit_pre_tun_flow(app, flow_pay);
1365 else
1366 err = nfp_flower_xmit_flow(app, flow_pay,
1367 NFP_FLOWER_CMSG_TYPE_FLOW_ADD);
1368 if (err)
1369 goto err_remove_rhash;
1370
1371 if (port)
1372 port->tc_offload_cnt++;
1373
1374 flow_pay->in_hw = true;
1375
1376 /* Deallocate flow payload when flower rule has been destroyed. */
1377 kfree(key_layer);
1378
1379 return 0;
1380
1381 err_remove_rhash:
1382 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table,
1383 &flow_pay->fl_node,
1384 nfp_flower_table_params));
1385 err_release_metadata:
1386 nfp_modify_flow_metadata(app, flow_pay);
1387 err_destroy_flow:
1388 if (flow_pay->nfp_tun_ipv6)
1389 nfp_tunnel_put_ipv6_off(app, flow_pay->nfp_tun_ipv6);
1390 kfree(flow_pay->action_data);
1391 kfree(flow_pay->mask_data);
1392 kfree(flow_pay->unmasked_data);
1393 kfree(flow_pay);
1394 err_free_key_ls:
1395 kfree(key_layer);
1396 return err;
1397 }
1398
1399 static void
nfp_flower_remove_merge_flow(struct nfp_app * app,struct nfp_fl_payload * del_sub_flow,struct nfp_fl_payload * merge_flow)1400 nfp_flower_remove_merge_flow(struct nfp_app *app,
1401 struct nfp_fl_payload *del_sub_flow,
1402 struct nfp_fl_payload *merge_flow)
1403 {
1404 struct nfp_flower_priv *priv = app->priv;
1405 struct nfp_fl_payload_link *link, *temp;
1406 struct nfp_merge_info *merge_info;
1407 struct nfp_fl_payload *origin;
1408 u64 parent_ctx = 0;
1409 bool mod = false;
1410 int err;
1411
1412 link = list_first_entry(&merge_flow->linked_flows,
1413 struct nfp_fl_payload_link, merge_flow.list);
1414 origin = link->sub_flow.flow;
1415
1416 /* Re-add rule the merge had overwritten if it has not been deleted. */
1417 if (origin != del_sub_flow)
1418 mod = true;
1419
1420 err = nfp_modify_flow_metadata(app, merge_flow);
1421 if (err) {
1422 nfp_flower_cmsg_warn(app, "Metadata fail for merge flow delete.\n");
1423 goto err_free_links;
1424 }
1425
1426 if (!mod) {
1427 err = nfp_flower_xmit_flow(app, merge_flow,
1428 NFP_FLOWER_CMSG_TYPE_FLOW_DEL);
1429 if (err) {
1430 nfp_flower_cmsg_warn(app, "Failed to delete merged flow.\n");
1431 goto err_free_links;
1432 }
1433 } else {
1434 __nfp_modify_flow_metadata(priv, origin);
1435 err = nfp_flower_xmit_flow(app, origin,
1436 NFP_FLOWER_CMSG_TYPE_FLOW_MOD);
1437 if (err)
1438 nfp_flower_cmsg_warn(app, "Failed to revert merge flow.\n");
1439 origin->in_hw = true;
1440 }
1441
1442 err_free_links:
1443 /* Clean any links connected with the merged flow. */
1444 list_for_each_entry_safe(link, temp, &merge_flow->linked_flows,
1445 merge_flow.list) {
1446 u32 ctx_id = be32_to_cpu(link->sub_flow.flow->meta.host_ctx_id);
1447
1448 parent_ctx = (parent_ctx << 32) | (u64)(ctx_id);
1449 nfp_flower_unlink_flow(link);
1450 }
1451
1452 merge_info = rhashtable_lookup_fast(&priv->merge_table,
1453 &parent_ctx,
1454 merge_table_params);
1455 if (merge_info) {
1456 WARN_ON_ONCE(rhashtable_remove_fast(&priv->merge_table,
1457 &merge_info->ht_node,
1458 merge_table_params));
1459 kfree(merge_info);
1460 }
1461
1462 kfree(merge_flow->action_data);
1463 kfree(merge_flow->mask_data);
1464 kfree(merge_flow->unmasked_data);
1465 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table,
1466 &merge_flow->fl_node,
1467 nfp_flower_table_params));
1468 kfree_rcu(merge_flow, rcu);
1469 }
1470
1471 void
nfp_flower_del_linked_merge_flows(struct nfp_app * app,struct nfp_fl_payload * sub_flow)1472 nfp_flower_del_linked_merge_flows(struct nfp_app *app,
1473 struct nfp_fl_payload *sub_flow)
1474 {
1475 struct nfp_fl_payload_link *link, *temp;
1476
1477 /* Remove any merge flow formed from the deleted sub_flow. */
1478 list_for_each_entry_safe(link, temp, &sub_flow->linked_flows,
1479 sub_flow.list)
1480 nfp_flower_remove_merge_flow(app, sub_flow,
1481 link->merge_flow.flow);
1482 }
1483
1484 /**
1485 * nfp_flower_del_offload() - Removes a flow from hardware.
1486 * @app: Pointer to the APP handle
1487 * @netdev: netdev structure.
1488 * @flow: TC flower classifier offload structure
1489 *
1490 * Removes a flow from the repeated hash structure and clears the
1491 * action payload. Any flows merged from this are also deleted.
1492 *
1493 * Return: negative value on error, 0 if removed successfully.
1494 */
1495 static int
nfp_flower_del_offload(struct nfp_app * app,struct net_device * netdev,struct flow_cls_offload * flow)1496 nfp_flower_del_offload(struct nfp_app *app, struct net_device *netdev,
1497 struct flow_cls_offload *flow)
1498 {
1499 struct nfp_flower_priv *priv = app->priv;
1500 struct nfp_fl_ct_map_entry *ct_map_ent;
1501 struct netlink_ext_ack *extack = NULL;
1502 struct nfp_fl_payload *nfp_flow;
1503 struct nfp_port *port = NULL;
1504 int err;
1505
1506 extack = flow->common.extack;
1507 if (nfp_netdev_is_nfp_repr(netdev))
1508 port = nfp_port_from_netdev(netdev);
1509
1510 /* Check ct_map_table */
1511 ct_map_ent = rhashtable_lookup_fast(&priv->ct_map_table, &flow->cookie,
1512 nfp_ct_map_params);
1513 if (ct_map_ent) {
1514 err = nfp_fl_ct_del_flow(ct_map_ent);
1515 return err;
1516 }
1517
1518 nfp_flow = nfp_flower_search_fl_table(app, flow->cookie, netdev);
1519 if (!nfp_flow) {
1520 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot remove flow that does not exist");
1521 return -ENOENT;
1522 }
1523
1524 err = nfp_modify_flow_metadata(app, nfp_flow);
1525 if (err)
1526 goto err_free_merge_flow;
1527
1528 if (nfp_flow->nfp_tun_ipv4_addr)
1529 nfp_tunnel_del_ipv4_off(app, nfp_flow->nfp_tun_ipv4_addr);
1530
1531 if (nfp_flow->nfp_tun_ipv6)
1532 nfp_tunnel_put_ipv6_off(app, nfp_flow->nfp_tun_ipv6);
1533
1534 if (!nfp_flow->in_hw) {
1535 err = 0;
1536 goto err_free_merge_flow;
1537 }
1538
1539 if (nfp_flow->pre_tun_rule.dev)
1540 err = nfp_flower_xmit_pre_tun_del_flow(app, nfp_flow);
1541 else
1542 err = nfp_flower_xmit_flow(app, nfp_flow,
1543 NFP_FLOWER_CMSG_TYPE_FLOW_DEL);
1544 /* Fall through on error. */
1545
1546 err_free_merge_flow:
1547 nfp_flower_del_linked_merge_flows(app, nfp_flow);
1548 if (port)
1549 port->tc_offload_cnt--;
1550 kfree(nfp_flow->action_data);
1551 kfree(nfp_flow->mask_data);
1552 kfree(nfp_flow->unmasked_data);
1553 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table,
1554 &nfp_flow->fl_node,
1555 nfp_flower_table_params));
1556 kfree_rcu(nfp_flow, rcu);
1557 return err;
1558 }
1559
1560 static void
__nfp_flower_update_merge_stats(struct nfp_app * app,struct nfp_fl_payload * merge_flow)1561 __nfp_flower_update_merge_stats(struct nfp_app *app,
1562 struct nfp_fl_payload *merge_flow)
1563 {
1564 struct nfp_flower_priv *priv = app->priv;
1565 struct nfp_fl_payload_link *link;
1566 struct nfp_fl_payload *sub_flow;
1567 u64 pkts, bytes, used;
1568 u32 ctx_id;
1569
1570 ctx_id = be32_to_cpu(merge_flow->meta.host_ctx_id);
1571 pkts = priv->stats[ctx_id].pkts;
1572 /* Do not cycle subflows if no stats to distribute. */
1573 if (!pkts)
1574 return;
1575 bytes = priv->stats[ctx_id].bytes;
1576 used = priv->stats[ctx_id].used;
1577
1578 /* Reset stats for the merge flow. */
1579 priv->stats[ctx_id].pkts = 0;
1580 priv->stats[ctx_id].bytes = 0;
1581
1582 /* The merge flow has received stats updates from firmware.
1583 * Distribute these stats to all subflows that form the merge.
1584 * The stats will collected from TC via the subflows.
1585 */
1586 list_for_each_entry(link, &merge_flow->linked_flows, merge_flow.list) {
1587 sub_flow = link->sub_flow.flow;
1588 ctx_id = be32_to_cpu(sub_flow->meta.host_ctx_id);
1589 priv->stats[ctx_id].pkts += pkts;
1590 priv->stats[ctx_id].bytes += bytes;
1591 priv->stats[ctx_id].used = max_t(u64, used,
1592 priv->stats[ctx_id].used);
1593 }
1594 }
1595
1596 void
nfp_flower_update_merge_stats(struct nfp_app * app,struct nfp_fl_payload * sub_flow)1597 nfp_flower_update_merge_stats(struct nfp_app *app,
1598 struct nfp_fl_payload *sub_flow)
1599 {
1600 struct nfp_fl_payload_link *link;
1601
1602 /* Get merge flows that the subflow forms to distribute their stats. */
1603 list_for_each_entry(link, &sub_flow->linked_flows, sub_flow.list)
1604 __nfp_flower_update_merge_stats(app, link->merge_flow.flow);
1605 }
1606
1607 /**
1608 * nfp_flower_get_stats() - Populates flow stats obtained from hardware.
1609 * @app: Pointer to the APP handle
1610 * @netdev: Netdev structure.
1611 * @flow: TC flower classifier offload structure
1612 *
1613 * Populates a flow statistics structure which which corresponds to a
1614 * specific flow.
1615 *
1616 * Return: negative value on error, 0 if stats populated successfully.
1617 */
1618 static int
nfp_flower_get_stats(struct nfp_app * app,struct net_device * netdev,struct flow_cls_offload * flow)1619 nfp_flower_get_stats(struct nfp_app *app, struct net_device *netdev,
1620 struct flow_cls_offload *flow)
1621 {
1622 struct nfp_flower_priv *priv = app->priv;
1623 struct nfp_fl_ct_map_entry *ct_map_ent;
1624 struct netlink_ext_ack *extack = NULL;
1625 struct nfp_fl_payload *nfp_flow;
1626 u32 ctx_id;
1627
1628 /* Check ct_map table first */
1629 ct_map_ent = rhashtable_lookup_fast(&priv->ct_map_table, &flow->cookie,
1630 nfp_ct_map_params);
1631 if (ct_map_ent)
1632 return nfp_fl_ct_stats(flow, ct_map_ent);
1633
1634 extack = flow->common.extack;
1635 nfp_flow = nfp_flower_search_fl_table(app, flow->cookie, netdev);
1636 if (!nfp_flow) {
1637 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot dump stats for flow that does not exist");
1638 return -EINVAL;
1639 }
1640
1641 ctx_id = be32_to_cpu(nfp_flow->meta.host_ctx_id);
1642
1643 spin_lock_bh(&priv->stats_lock);
1644 /* If request is for a sub_flow, update stats from merged flows. */
1645 if (!list_empty(&nfp_flow->linked_flows))
1646 nfp_flower_update_merge_stats(app, nfp_flow);
1647
1648 flow_stats_update(&flow->stats, priv->stats[ctx_id].bytes,
1649 priv->stats[ctx_id].pkts, 0, priv->stats[ctx_id].used,
1650 FLOW_ACTION_HW_STATS_DELAYED);
1651
1652 priv->stats[ctx_id].pkts = 0;
1653 priv->stats[ctx_id].bytes = 0;
1654 spin_unlock_bh(&priv->stats_lock);
1655
1656 return 0;
1657 }
1658
1659 static int
nfp_flower_repr_offload(struct nfp_app * app,struct net_device * netdev,struct flow_cls_offload * flower)1660 nfp_flower_repr_offload(struct nfp_app *app, struct net_device *netdev,
1661 struct flow_cls_offload *flower)
1662 {
1663 struct nfp_flower_priv *priv = app->priv;
1664 int ret;
1665
1666 if (!eth_proto_is_802_3(flower->common.protocol))
1667 return -EOPNOTSUPP;
1668
1669 mutex_lock(&priv->nfp_fl_lock);
1670 switch (flower->command) {
1671 case FLOW_CLS_REPLACE:
1672 ret = nfp_flower_add_offload(app, netdev, flower);
1673 break;
1674 case FLOW_CLS_DESTROY:
1675 ret = nfp_flower_del_offload(app, netdev, flower);
1676 break;
1677 case FLOW_CLS_STATS:
1678 ret = nfp_flower_get_stats(app, netdev, flower);
1679 break;
1680 default:
1681 ret = -EOPNOTSUPP;
1682 break;
1683 }
1684 mutex_unlock(&priv->nfp_fl_lock);
1685
1686 return ret;
1687 }
1688
nfp_flower_setup_tc_block_cb(enum tc_setup_type type,void * type_data,void * cb_priv)1689 static int nfp_flower_setup_tc_block_cb(enum tc_setup_type type,
1690 void *type_data, void *cb_priv)
1691 {
1692 struct flow_cls_common_offload *common = type_data;
1693 struct nfp_repr *repr = cb_priv;
1694
1695 if (!tc_can_offload_extack(repr->netdev, common->extack))
1696 return -EOPNOTSUPP;
1697
1698 switch (type) {
1699 case TC_SETUP_CLSFLOWER:
1700 return nfp_flower_repr_offload(repr->app, repr->netdev,
1701 type_data);
1702 case TC_SETUP_CLSMATCHALL:
1703 return nfp_flower_setup_qos_offload(repr->app, repr->netdev,
1704 type_data);
1705 default:
1706 return -EOPNOTSUPP;
1707 }
1708 }
1709
1710 static LIST_HEAD(nfp_block_cb_list);
1711
nfp_flower_setup_tc_block(struct net_device * netdev,struct flow_block_offload * f)1712 static int nfp_flower_setup_tc_block(struct net_device *netdev,
1713 struct flow_block_offload *f)
1714 {
1715 struct nfp_repr *repr = netdev_priv(netdev);
1716 struct nfp_flower_repr_priv *repr_priv;
1717 struct flow_block_cb *block_cb;
1718
1719 if (f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS)
1720 return -EOPNOTSUPP;
1721
1722 repr_priv = repr->app_priv;
1723 repr_priv->block_shared = f->block_shared;
1724 f->driver_block_list = &nfp_block_cb_list;
1725 f->unlocked_driver_cb = true;
1726
1727 switch (f->command) {
1728 case FLOW_BLOCK_BIND:
1729 if (flow_block_cb_is_busy(nfp_flower_setup_tc_block_cb, repr,
1730 &nfp_block_cb_list))
1731 return -EBUSY;
1732
1733 block_cb = flow_block_cb_alloc(nfp_flower_setup_tc_block_cb,
1734 repr, repr, NULL);
1735 if (IS_ERR(block_cb))
1736 return PTR_ERR(block_cb);
1737
1738 flow_block_cb_add(block_cb, f);
1739 list_add_tail(&block_cb->driver_list, &nfp_block_cb_list);
1740 return 0;
1741 case FLOW_BLOCK_UNBIND:
1742 block_cb = flow_block_cb_lookup(f->block,
1743 nfp_flower_setup_tc_block_cb,
1744 repr);
1745 if (!block_cb)
1746 return -ENOENT;
1747
1748 flow_block_cb_remove(block_cb, f);
1749 list_del(&block_cb->driver_list);
1750 return 0;
1751 default:
1752 return -EOPNOTSUPP;
1753 }
1754 }
1755
nfp_flower_setup_tc(struct nfp_app * app,struct net_device * netdev,enum tc_setup_type type,void * type_data)1756 int nfp_flower_setup_tc(struct nfp_app *app, struct net_device *netdev,
1757 enum tc_setup_type type, void *type_data)
1758 {
1759 switch (type) {
1760 case TC_SETUP_BLOCK:
1761 return nfp_flower_setup_tc_block(netdev, type_data);
1762 default:
1763 return -EOPNOTSUPP;
1764 }
1765 }
1766
1767 struct nfp_flower_indr_block_cb_priv {
1768 struct net_device *netdev;
1769 struct nfp_app *app;
1770 struct list_head list;
1771 };
1772
1773 static struct nfp_flower_indr_block_cb_priv *
nfp_flower_indr_block_cb_priv_lookup(struct nfp_app * app,struct net_device * netdev)1774 nfp_flower_indr_block_cb_priv_lookup(struct nfp_app *app,
1775 struct net_device *netdev)
1776 {
1777 struct nfp_flower_indr_block_cb_priv *cb_priv;
1778 struct nfp_flower_priv *priv = app->priv;
1779
1780 list_for_each_entry(cb_priv, &priv->indr_block_cb_priv, list)
1781 if (cb_priv->netdev == netdev)
1782 return cb_priv;
1783
1784 return NULL;
1785 }
1786
nfp_flower_setup_indr_block_cb(enum tc_setup_type type,void * type_data,void * cb_priv)1787 static int nfp_flower_setup_indr_block_cb(enum tc_setup_type type,
1788 void *type_data, void *cb_priv)
1789 {
1790 struct nfp_flower_indr_block_cb_priv *priv = cb_priv;
1791
1792 switch (type) {
1793 case TC_SETUP_CLSFLOWER:
1794 return nfp_flower_repr_offload(priv->app, priv->netdev,
1795 type_data);
1796 default:
1797 return -EOPNOTSUPP;
1798 }
1799 }
1800
nfp_flower_setup_indr_tc_release(void * cb_priv)1801 void nfp_flower_setup_indr_tc_release(void *cb_priv)
1802 {
1803 struct nfp_flower_indr_block_cb_priv *priv = cb_priv;
1804
1805 list_del(&priv->list);
1806 kfree(priv);
1807 }
1808
1809 static int
nfp_flower_setup_indr_tc_block(struct net_device * netdev,struct Qdisc * sch,struct nfp_app * app,struct flow_block_offload * f,void * data,void (* cleanup)(struct flow_block_cb * block_cb))1810 nfp_flower_setup_indr_tc_block(struct net_device *netdev, struct Qdisc *sch, struct nfp_app *app,
1811 struct flow_block_offload *f, void *data,
1812 void (*cleanup)(struct flow_block_cb *block_cb))
1813 {
1814 struct nfp_flower_indr_block_cb_priv *cb_priv;
1815 struct nfp_flower_priv *priv = app->priv;
1816 struct flow_block_cb *block_cb;
1817
1818 if ((f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS &&
1819 !nfp_flower_internal_port_can_offload(app, netdev)) ||
1820 (f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_EGRESS &&
1821 nfp_flower_internal_port_can_offload(app, netdev)))
1822 return -EOPNOTSUPP;
1823
1824 f->unlocked_driver_cb = true;
1825
1826 switch (f->command) {
1827 case FLOW_BLOCK_BIND:
1828 cb_priv = nfp_flower_indr_block_cb_priv_lookup(app, netdev);
1829 if (cb_priv &&
1830 flow_block_cb_is_busy(nfp_flower_setup_indr_block_cb,
1831 cb_priv,
1832 &nfp_block_cb_list))
1833 return -EBUSY;
1834
1835 cb_priv = kmalloc(sizeof(*cb_priv), GFP_KERNEL);
1836 if (!cb_priv)
1837 return -ENOMEM;
1838
1839 cb_priv->netdev = netdev;
1840 cb_priv->app = app;
1841 list_add(&cb_priv->list, &priv->indr_block_cb_priv);
1842
1843 block_cb = flow_indr_block_cb_alloc(nfp_flower_setup_indr_block_cb,
1844 cb_priv, cb_priv,
1845 nfp_flower_setup_indr_tc_release,
1846 f, netdev, sch, data, app, cleanup);
1847 if (IS_ERR(block_cb)) {
1848 list_del(&cb_priv->list);
1849 kfree(cb_priv);
1850 return PTR_ERR(block_cb);
1851 }
1852
1853 flow_block_cb_add(block_cb, f);
1854 list_add_tail(&block_cb->driver_list, &nfp_block_cb_list);
1855 return 0;
1856 case FLOW_BLOCK_UNBIND:
1857 cb_priv = nfp_flower_indr_block_cb_priv_lookup(app, netdev);
1858 if (!cb_priv)
1859 return -ENOENT;
1860
1861 block_cb = flow_block_cb_lookup(f->block,
1862 nfp_flower_setup_indr_block_cb,
1863 cb_priv);
1864 if (!block_cb)
1865 return -ENOENT;
1866
1867 flow_indr_block_cb_remove(block_cb, f);
1868 list_del(&block_cb->driver_list);
1869 return 0;
1870 default:
1871 return -EOPNOTSUPP;
1872 }
1873 return 0;
1874 }
1875
1876 int
nfp_flower_indr_setup_tc_cb(struct net_device * netdev,struct Qdisc * sch,void * cb_priv,enum tc_setup_type type,void * type_data,void * data,void (* cleanup)(struct flow_block_cb * block_cb))1877 nfp_flower_indr_setup_tc_cb(struct net_device *netdev, struct Qdisc *sch, void *cb_priv,
1878 enum tc_setup_type type, void *type_data,
1879 void *data,
1880 void (*cleanup)(struct flow_block_cb *block_cb))
1881 {
1882 if (!nfp_fl_is_netdev_to_offload(netdev))
1883 return -EOPNOTSUPP;
1884
1885 switch (type) {
1886 case TC_SETUP_BLOCK:
1887 return nfp_flower_setup_indr_tc_block(netdev, sch, cb_priv,
1888 type_data, data, cleanup);
1889 default:
1890 return -EOPNOTSUPP;
1891 }
1892 }
1893