]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commitdiff
net/mlx5e: Disallow inserting vxlan/vlan egress rules without decap/pop
authorPaul Blakey <paulb@mellanox.com>
Sun, 16 Feb 2020 10:01:33 +0000 (12:01 +0200)
committerSaeed Mahameed <saeedm@mellanox.com>
Thu, 20 Feb 2020 01:49:49 +0000 (17:49 -0800)
Currently, rules on tunnel devices can be offloaded without decap action
when a vlan pop action exists. Similarly, the driver will offload rules
on vlan interfaces with no pop action when a decap action exists.

Disallow the faulty behavior by checking that vlan egress rules do pop or
drop and vxlan egress rules do decap, as intended.

Signed-off-by: Paul Blakey <paulb@mellanox.com>
Reviewed-by: Oz Shlomo <ozsh@mellanox.com>
Reviewed-by: Mark Bloch <markb@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c

index 1ddb360c99bf9557acf5b7365207b7168f395506..17dba5964122dc3593cdd70387b48228dcecce62 100644 (file)
@@ -2675,6 +2675,8 @@ static bool actions_match_supported(struct mlx5e_priv *priv,
                                    struct mlx5e_tc_flow *flow,
                                    struct netlink_ext_ack *extack)
 {
+       struct net_device *filter_dev = parse_attr->filter_dev;
+       bool drop_action, decap_action, pop_action;
        u32 actions;
 
        if (mlx5e_is_eswitch_flow(flow))
@@ -2682,11 +2684,19 @@ static bool actions_match_supported(struct mlx5e_priv *priv,
        else
                actions = flow->nic_attr->action;
 
-       if (flow_flag_test(flow, EGRESS) &&
-           !((actions & MLX5_FLOW_CONTEXT_ACTION_DECAP) ||
-             (actions & MLX5_FLOW_CONTEXT_ACTION_VLAN_POP) ||
-             (actions & MLX5_FLOW_CONTEXT_ACTION_DROP)))
-               return false;
+       drop_action = actions & MLX5_FLOW_CONTEXT_ACTION_DROP;
+       decap_action = actions & MLX5_FLOW_CONTEXT_ACTION_DECAP;
+       pop_action = actions & MLX5_FLOW_CONTEXT_ACTION_VLAN_POP;
+
+       if (flow_flag_test(flow, EGRESS) && !drop_action) {
+               /* If no drop, we must decap (vxlan) or pop (vlan) */
+               if (mlx5e_get_tc_tun(filter_dev) && !decap_action)
+                       return false;
+               else if (is_vlan_dev(filter_dev) && !pop_action)
+                       return false;
+               else
+                       return false; /* Sanity */
+       }
 
        if (actions & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR)
                return modify_header_match_supported(&parse_attr->spec,