* [PATCH net 0/3][pull request] Intel Wired LAN Driver Updates 2024-04-16 (ice)
@ 2024-04-16 20:24 Tony Nguyen
2024-04-16 20:24 ` [PATCH net 1/3] ice: tc: check src_vsi in case of traffic from VF Tony Nguyen
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Tony Nguyen @ 2024-04-16 20:24 UTC (permalink / raw
To: davem, kuba, pabeni, edumazet, netdev; +Cc: Tony Nguyen
This series contains updates to ice driver only.
Michal fixes a couple of issues with TC filter parsing; always add match
for src_vsi and remove flag check that could prevent addition of valid
filters.
Marcin adds additional checks for unsupported flower filters.
The following are changes since commit e226eade8f50cda14a353f13777709797c21abf8:
Merge branch 'net-stmmac-fix-mac-capabilities-procedure'
and are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue 100GbE
Marcin Szycik (1):
ice: Fix checking for unsupported keys on non-tunnel device
Michal Swiatkowski (2):
ice: tc: check src_vsi in case of traffic from VF
ice: tc: allow zero flags in parsing tc flower
drivers/net/ethernet/intel/ice/ice_tc_lib.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
--
2.41.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH net 1/3] ice: tc: check src_vsi in case of traffic from VF
2024-04-16 20:24 [PATCH net 0/3][pull request] Intel Wired LAN Driver Updates 2024-04-16 (ice) Tony Nguyen
@ 2024-04-16 20:24 ` Tony Nguyen
2024-04-16 20:24 ` [PATCH net 2/3] ice: tc: allow zero flags in parsing tc flower Tony Nguyen
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Tony Nguyen @ 2024-04-16 20:24 UTC (permalink / raw
To: davem, kuba, pabeni, edumazet, netdev
Cc: Michal Swiatkowski, anthony.l.nguyen, Jedrzej Jagielski,
Sridhar Samudrala, Simon Horman, Sujai Buvaneswaran
From: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
In case of traffic going from the VF (so ingress for port representor)
source VSI should be consider during packet classification. It is
needed for hardware to not match packets from different ports with
filters added on other port.
It is only for "from VF" traffic, because other traffic direction
doesn't have source VSI.
Set correct ::src_vsi in rule_info to pass it to the hardware filter.
For example this rule should drop only ipv4 packets from eth10, not from
the others VF PRs. It is needed to check source VSI in this case.
$tc filter add dev eth10 ingress protocol ip flower skip_sw action drop
Fixes: 0d08a441fb1a ("ice: ndo_setup_tc implementation for PF")
Reviewed-by: Jedrzej Jagielski <jedrzej.jagielski@intel.com>
Reviewed-by: Sridhar Samudrala <sridhar.samudrala@intel.com>
Signed-off-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Tested-by: Sujai Buvaneswaran <sujai.buvaneswaran@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
---
drivers/net/ethernet/intel/ice/ice_tc_lib.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/net/ethernet/intel/ice/ice_tc_lib.c b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
index b890410a2bc0..49ed5fd7db10 100644
--- a/drivers/net/ethernet/intel/ice/ice_tc_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
@@ -28,6 +28,8 @@ ice_tc_count_lkups(u32 flags, struct ice_tc_flower_lyr_2_4_hdrs *headers,
* - ICE_TC_FLWR_FIELD_VLAN_TPID (present if specified)
* - Tunnel flag (present if tunnel)
*/
+ if (fltr->direction == ICE_ESWITCH_FLTR_EGRESS)
+ lkups_cnt++;
if (flags & ICE_TC_FLWR_FIELD_TENANT_ID)
lkups_cnt++;
@@ -363,6 +365,11 @@ ice_tc_fill_rules(struct ice_hw *hw, u32 flags,
/* Always add direction metadata */
ice_rule_add_direction_metadata(&list[ICE_TC_METADATA_LKUP_IDX]);
+ if (tc_fltr->direction == ICE_ESWITCH_FLTR_EGRESS) {
+ ice_rule_add_src_vsi_metadata(&list[i]);
+ i++;
+ }
+
rule_info->tun_type = ice_sw_type_from_tunnel(tc_fltr->tunnel_type);
if (tc_fltr->tunnel_type != TNL_LAST) {
i = ice_tc_fill_tunnel_outer(flags, tc_fltr, list, i);
@@ -820,6 +827,7 @@ ice_eswitch_add_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
/* specify the cookie as filter_rule_id */
rule_info.fltr_rule_id = fltr->cookie;
+ rule_info.src_vsi = vsi->idx;
ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added);
if (ret == -EEXIST) {
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH net 2/3] ice: tc: allow zero flags in parsing tc flower
2024-04-16 20:24 [PATCH net 0/3][pull request] Intel Wired LAN Driver Updates 2024-04-16 (ice) Tony Nguyen
2024-04-16 20:24 ` [PATCH net 1/3] ice: tc: check src_vsi in case of traffic from VF Tony Nguyen
@ 2024-04-16 20:24 ` Tony Nguyen
2024-04-16 20:24 ` [PATCH net 3/3] ice: Fix checking for unsupported keys on non-tunnel device Tony Nguyen
2024-04-18 2:10 ` [PATCH net 0/3][pull request] Intel Wired LAN Driver Updates 2024-04-16 (ice) patchwork-bot+netdevbpf
3 siblings, 0 replies; 5+ messages in thread
From: Tony Nguyen @ 2024-04-16 20:24 UTC (permalink / raw
To: davem, kuba, pabeni, edumazet, netdev
Cc: Michal Swiatkowski, anthony.l.nguyen, Wojciech Drewek,
Simon Horman, Sujai Buvaneswaran
From: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
The check for flags is done to not pass empty lookups to adding switch
rule functions. Since metadata is always added to lookups there is no
need to check against the flag.
It is also fixing the problem with such rule:
$ tc filter add dev gtp_dev ingress protocol ip prio 0 flower \
enc_dst_port 2123 action drop
Switch block in case of GTP can't parse the destination port, because it
should always be set to GTP specific value. The same with ethertype. The
result is that there is no other matching criteria than GTP tunnel. In
this case flags is 0, rule can't be added only because of defensive
check against flags.
Fixes: 9a225f81f540 ("ice: Support GTP-U and GTP-C offload in switchdev")
Reviewed-by: Wojciech Drewek <wojciech.drewek@intel.com>
Signed-off-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Tested-by: Sujai Buvaneswaran <sujai.buvaneswaran@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
---
drivers/net/ethernet/intel/ice/ice_tc_lib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_tc_lib.c b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
index 49ed5fd7db10..bcbcfc67e560 100644
--- a/drivers/net/ethernet/intel/ice/ice_tc_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
@@ -779,7 +779,7 @@ ice_eswitch_add_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
int ret;
int i;
- if (!flags || (flags & ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT)) {
+ if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT) {
NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported encap field(s)");
return -EOPNOTSUPP;
}
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH net 3/3] ice: Fix checking for unsupported keys on non-tunnel device
2024-04-16 20:24 [PATCH net 0/3][pull request] Intel Wired LAN Driver Updates 2024-04-16 (ice) Tony Nguyen
2024-04-16 20:24 ` [PATCH net 1/3] ice: tc: check src_vsi in case of traffic from VF Tony Nguyen
2024-04-16 20:24 ` [PATCH net 2/3] ice: tc: allow zero flags in parsing tc flower Tony Nguyen
@ 2024-04-16 20:24 ` Tony Nguyen
2024-04-18 2:10 ` [PATCH net 0/3][pull request] Intel Wired LAN Driver Updates 2024-04-16 (ice) patchwork-bot+netdevbpf
3 siblings, 0 replies; 5+ messages in thread
From: Tony Nguyen @ 2024-04-16 20:24 UTC (permalink / raw
To: davem, kuba, pabeni, edumazet, netdev
Cc: Marcin Szycik, anthony.l.nguyen, Michal Swiatkowski, Jacob Keller,
Sujai Buvaneswaran
From: Marcin Szycik <marcin.szycik@linux.intel.com>
Add missing FLOW_DISSECTOR_KEY_ENC_* checks to TC flower filter parsing.
Without these checks, it would be possible to add filters with tunnel
options on non-tunnel devices. enc_* options are only valid for tunnel
devices.
Example:
devlink dev eswitch set $PF1_PCI mode switchdev
echo 1 > /sys/class/net/$PF1/device/sriov_numvfs
tc qdisc add dev $VF1_PR ingress
ethtool -K $PF1 hw-tc-offload on
tc filter add dev $VF1_PR ingress flower enc_ttl 12 skip_sw action drop
Fixes: 9e300987d4a8 ("ice: VXLAN and Geneve TC support")
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Signed-off-by: Marcin Szycik <marcin.szycik@linux.intel.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Sujai Buvaneswaran <sujai.buvaneswaran@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
---
drivers/net/ethernet/intel/ice/ice_tc_lib.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/ice/ice_tc_lib.c b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
index bcbcfc67e560..688ccb0615ab 100644
--- a/drivers/net/ethernet/intel/ice/ice_tc_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
@@ -1489,7 +1489,10 @@ ice_parse_cls_flower(struct net_device *filter_dev, struct ice_vsi *vsi,
(BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) |
BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) |
BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) |
- BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS))) {
+ BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS) |
+ BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IP) |
+ BIT_ULL(FLOW_DISSECTOR_KEY_ENC_OPTS) |
+ BIT_ULL(FLOW_DISSECTOR_KEY_ENC_CONTROL))) {
NL_SET_ERR_MSG_MOD(fltr->extack, "Tunnel key used, but device isn't a tunnel");
return -EOPNOTSUPP;
} else {
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH net 0/3][pull request] Intel Wired LAN Driver Updates 2024-04-16 (ice)
2024-04-16 20:24 [PATCH net 0/3][pull request] Intel Wired LAN Driver Updates 2024-04-16 (ice) Tony Nguyen
` (2 preceding siblings ...)
2024-04-16 20:24 ` [PATCH net 3/3] ice: Fix checking for unsupported keys on non-tunnel device Tony Nguyen
@ 2024-04-18 2:10 ` patchwork-bot+netdevbpf
3 siblings, 0 replies; 5+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-04-18 2:10 UTC (permalink / raw
To: Tony Nguyen; +Cc: davem, kuba, pabeni, edumazet, netdev
Hello:
This series was applied to netdev/net.git (main)
by Tony Nguyen <anthony.l.nguyen@intel.com>:
On Tue, 16 Apr 2024 13:24:05 -0700 you wrote:
> This series contains updates to ice driver only.
>
> Michal fixes a couple of issues with TC filter parsing; always add match
> for src_vsi and remove flag check that could prevent addition of valid
> filters.
>
> Marcin adds additional checks for unsupported flower filters.
>
> [...]
Here is the summary with links:
- [net,1/3] ice: tc: check src_vsi in case of traffic from VF
https://git.kernel.org/netdev/net/c/428051600cb4
- [net,2/3] ice: tc: allow zero flags in parsing tc flower
https://git.kernel.org/netdev/net/c/73278715725a
- [net,3/3] ice: Fix checking for unsupported keys on non-tunnel device
https://git.kernel.org/netdev/net/c/2cca35f5dd78
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-04-18 2:10 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-16 20:24 [PATCH net 0/3][pull request] Intel Wired LAN Driver Updates 2024-04-16 (ice) Tony Nguyen
2024-04-16 20:24 ` [PATCH net 1/3] ice: tc: check src_vsi in case of traffic from VF Tony Nguyen
2024-04-16 20:24 ` [PATCH net 2/3] ice: tc: allow zero flags in parsing tc flower Tony Nguyen
2024-04-16 20:24 ` [PATCH net 3/3] ice: Fix checking for unsupported keys on non-tunnel device Tony Nguyen
2024-04-18 2:10 ` [PATCH net 0/3][pull request] Intel Wired LAN Driver Updates 2024-04-16 (ice) patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).