[dpdk-stable] patch 'net/mlx5: update VLAN and encap actions validation' has been queued to stable release 19.11.3
luca.boccassi at gmail.com
luca.boccassi at gmail.com
Tue May 19 15:02:37 CEST 2020
Hi,
FYI, your patch has been queued to stable release 19.11.3
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 05/21/20. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Thanks.
Luca Boccassi
---
>From 24f6ab6d31de3da65bc97dc7079b1a57c2257c4d Mon Sep 17 00:00:00 2001
From: Dekel Peled <dekelp at mellanox.com>
Date: Tue, 24 Mar 2020 14:58:11 +0200
Subject: [PATCH] net/mlx5: update VLAN and encap actions validation
[ upstream commit 9c4971e5231d1fb169ca6f74c9af795953500e88 ]
Flow rule in NIC table on VF representor should not contain VLAN pop
or push actions, and encap or decap actions. Using these actions in
NIC table on VF representor is not a valid use case.
This patch updates the various validation functions to reject such
rules.
Signed-off-by: Dekel Peled <dekelp at mellanox.com>
Acked-by: Jack Min <jackmin at mellanox.com>
---
drivers/net/mlx5/mlx5_flow_dv.c | 82 +++++++++++++++++++++++++++------
1 file changed, 67 insertions(+), 15 deletions(-)
diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c
index b2e0365c1f..48d3031c90 100644
--- a/drivers/net/mlx5/mlx5_flow_dv.c
+++ b/drivers/net/mlx5/mlx5_flow_dv.c
@@ -1567,7 +1567,7 @@ flow_dv_validate_action_pop_vlan(struct rte_eth_dev *dev,
const struct rte_flow_attr *attr,
struct rte_flow_error *error)
{
- struct mlx5_priv *priv = dev->data->dev_private;
+ const struct mlx5_priv *priv = dev->data->dev_private;
(void)action;
(void)attr;
@@ -1598,6 +1598,11 @@ flow_dv_validate_action_pop_vlan(struct rte_eth_dev *dev,
RTE_FLOW_ERROR_TYPE_ACTION, action,
"wrong action order, port_id should "
"be after pop VLAN action");
+ if (!attr->transfer && priv->representor)
+ return rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
+ "pop vlan action for VF representor "
+ "not supported on NIC table");
return 0;
}
@@ -1661,6 +1666,8 @@ flow_dev_get_vlan_info_from_items(const struct rte_flow_item *items,
/**
* Validate the push VLAN action.
*
+ * @param[in] dev
+ * Pointer to the rte_eth_dev structure.
* @param[in] action_flags
* Holds the actions detected until now.
* @param[in] item_flags
@@ -1676,13 +1683,15 @@ flow_dev_get_vlan_info_from_items(const struct rte_flow_item *items,
* 0 on success, a negative errno value otherwise and rte_errno is set.
*/
static int
-flow_dv_validate_action_push_vlan(uint64_t action_flags,
+flow_dv_validate_action_push_vlan(struct rte_eth_dev *dev,
+ uint64_t action_flags,
uint64_t item_flags __rte_unused,
const struct rte_flow_action *action,
const struct rte_flow_attr *attr,
struct rte_flow_error *error)
{
const struct rte_flow_action_of_push_vlan *push_vlan = action->conf;
+ const struct mlx5_priv *priv = dev->data->dev_private;
if (!attr->transfer && attr->ingress)
return rte_flow_error_set(error, ENOTSUP,
@@ -1705,6 +1714,11 @@ flow_dv_validate_action_push_vlan(uint64_t action_flags,
RTE_FLOW_ERROR_TYPE_ACTION, action,
"wrong action order, port_id should "
"be after push VLAN");
+ if (!attr->transfer && priv->representor)
+ return rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
+ "push vlan action for VF representor "
+ "not supported on NIC table");
(void)attr;
return 0;
}
@@ -2070,10 +2084,14 @@ notsup_err:
/**
* Validate the L2 encap action.
*
+ * @param[in] dev
+ * Pointer to the rte_eth_dev structure.
* @param[in] action_flags
* Holds the actions detected until now.
* @param[in] action
* Pointer to the action structure.
+ * @param[in] attr
+ * Pointer to flow attributes.
* @param[out] error
* Pointer to error structure.
*
@@ -2081,10 +2099,14 @@ notsup_err:
* 0 on success, a negative errno value otherwise and rte_errno is set.
*/
static int
-flow_dv_validate_action_l2_encap(uint64_t action_flags,
+flow_dv_validate_action_l2_encap(struct rte_eth_dev *dev,
+ uint64_t action_flags,
const struct rte_flow_action *action,
+ const struct rte_flow_attr *attr,
struct rte_flow_error *error)
{
+ const struct mlx5_priv *priv = dev->data->dev_private;
+
if (!(action->conf))
return rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION, action,
@@ -2094,12 +2116,19 @@ flow_dv_validate_action_l2_encap(uint64_t action_flags,
RTE_FLOW_ERROR_TYPE_ACTION, NULL,
"can only have a single encap action "
"in a flow");
+ if (!attr->transfer && priv->representor)
+ return rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
+ "encap action for VF representor "
+ "not supported on NIC table");
return 0;
}
/**
* Validate a decap action.
*
+ * @param[in] dev
+ * Pointer to the rte_eth_dev structure.
* @param[in] action_flags
* Holds the actions detected until now.
* @param[in] attr
@@ -2111,10 +2140,13 @@ flow_dv_validate_action_l2_encap(uint64_t action_flags,
* 0 on success, a negative errno value otherwise and rte_errno is set.
*/
static int
-flow_dv_validate_action_decap(uint64_t action_flags,
- const struct rte_flow_attr *attr,
- struct rte_flow_error *error)
+flow_dv_validate_action_decap(struct rte_eth_dev *dev,
+ uint64_t action_flags,
+ const struct rte_flow_attr *attr,
+ struct rte_flow_error *error)
{
+ const struct mlx5_priv *priv = dev->data->dev_private;
+
if (action_flags & MLX5_FLOW_XCAP_ACTIONS)
return rte_flow_error_set(error, ENOTSUP,
RTE_FLOW_ERROR_TYPE_ACTION, NULL,
@@ -2133,6 +2165,11 @@ flow_dv_validate_action_decap(uint64_t action_flags,
NULL,
"decap action not supported for "
"egress");
+ if (!attr->transfer && priv->representor)
+ return rte_flow_error_set(error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
+ "decap action for VF representor "
+ "not supported on NIC table");
return 0;
}
@@ -2141,6 +2178,8 @@ const struct rte_flow_action_raw_decap empty_decap = {.data = NULL, .size = 0,};
/**
* Validate the raw encap and decap actions.
*
+ * @param[in] dev
+ * Pointer to the rte_eth_dev structure.
* @param[in] decap
* Pointer to the decap action.
* @param[in] encap
@@ -2159,11 +2198,13 @@ const struct rte_flow_action_raw_decap empty_decap = {.data = NULL, .size = 0,};
*/
static int
flow_dv_validate_action_raw_encap_decap
- (const struct rte_flow_action_raw_decap *decap,
+ (struct rte_eth_dev *dev,
+ const struct rte_flow_action_raw_decap *decap,
const struct rte_flow_action_raw_encap *encap,
const struct rte_flow_attr *attr, uint64_t *action_flags,
int *actions_n, struct rte_flow_error *error)
{
+ const struct mlx5_priv *priv = dev->data->dev_private;
int ret;
if (encap && (!encap->size || !encap->data))
@@ -2196,7 +2237,8 @@ flow_dv_validate_action_raw_encap_decap
"encap combination");
}
if (decap) {
- ret = flow_dv_validate_action_decap(*action_flags, attr, error);
+ ret = flow_dv_validate_action_decap(dev, *action_flags, attr,
+ error);
if (ret < 0)
return ret;
*action_flags |= MLX5_FLOW_ACTION_DECAP;
@@ -2213,6 +2255,12 @@ flow_dv_validate_action_raw_encap_decap
RTE_FLOW_ERROR_TYPE_ACTION,
NULL,
"more than one encap action");
+ if (!attr->transfer && priv->representor)
+ return rte_flow_error_set
+ (error, ENOTSUP,
+ RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
+ "encap action for VF representor "
+ "not supported on NIC table");
*action_flags |= MLX5_FLOW_ACTION_ENCAP;
++(*actions_n);
}
@@ -4654,7 +4702,8 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
++actions_n;
break;
case RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN:
- ret = flow_dv_validate_action_push_vlan(action_flags,
+ ret = flow_dv_validate_action_push_vlan(dev,
+ action_flags,
item_flags,
actions, attr,
error);
@@ -4682,8 +4731,10 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
break;
case RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP:
case RTE_FLOW_ACTION_TYPE_NVGRE_ENCAP:
- ret = flow_dv_validate_action_l2_encap(action_flags,
- actions, error);
+ ret = flow_dv_validate_action_l2_encap(dev,
+ action_flags,
+ actions, attr,
+ error);
if (ret < 0)
return ret;
action_flags |= MLX5_FLOW_ACTION_ENCAP;
@@ -4691,8 +4742,8 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
break;
case RTE_FLOW_ACTION_TYPE_VXLAN_DECAP:
case RTE_FLOW_ACTION_TYPE_NVGRE_DECAP:
- ret = flow_dv_validate_action_decap(action_flags, attr,
- error);
+ ret = flow_dv_validate_action_decap(dev, action_flags,
+ attr, error);
if (ret < 0)
return ret;
action_flags |= MLX5_FLOW_ACTION_DECAP;
@@ -4700,7 +4751,7 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
break;
case RTE_FLOW_ACTION_TYPE_RAW_ENCAP:
ret = flow_dv_validate_action_raw_encap_decap
- (NULL, actions->conf, attr, &action_flags,
+ (dev, NULL, actions->conf, attr, &action_flags,
&actions_n, error);
if (ret < 0)
return ret;
@@ -4716,7 +4767,8 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
encap = actions->conf;
}
ret = flow_dv_validate_action_raw_encap_decap
- (decap ? decap : &empty_decap, encap,
+ (dev,
+ decap ? decap : &empty_decap, encap,
attr, &action_flags, &actions_n,
error);
if (ret < 0)
--
2.20.1
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2020-05-19 14:04:45.506264192 +0100
+++ 0022-net-mlx5-update-VLAN-and-encap-actions-validation.patch 2020-05-19 14:04:44.144647067 +0100
@@ -1,16 +1,16 @@
-From 9c4971e5231d1fb169ca6f74c9af795953500e88 Mon Sep 17 00:00:00 2001
+From 24f6ab6d31de3da65bc97dc7079b1a57c2257c4d Mon Sep 17 00:00:00 2001
From: Dekel Peled <dekelp at mellanox.com>
Date: Tue, 24 Mar 2020 14:58:11 +0200
Subject: [PATCH] net/mlx5: update VLAN and encap actions validation
+[ upstream commit 9c4971e5231d1fb169ca6f74c9af795953500e88 ]
+
Flow rule in NIC table on VF representor should not contain VLAN pop
or push actions, and encap or decap actions. Using these actions in
NIC table on VF representor is not a valid use case.
This patch updates the various validation functions to reject such
rules.
-Cc: stable at dpdk.org
-
Signed-off-by: Dekel Peled <dekelp at mellanox.com>
Acked-by: Jack Min <jackmin at mellanox.com>
---
@@ -18,10 +18,10 @@
1 file changed, 67 insertions(+), 15 deletions(-)
diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c
-index 809833b7ee..f90cab2961 100644
+index b2e0365c1f..48d3031c90 100644
--- a/drivers/net/mlx5/mlx5_flow_dv.c
+++ b/drivers/net/mlx5/mlx5_flow_dv.c
-@@ -1698,7 +1698,7 @@ flow_dv_validate_action_pop_vlan(struct rte_eth_dev *dev,
+@@ -1567,7 +1567,7 @@ flow_dv_validate_action_pop_vlan(struct rte_eth_dev *dev,
const struct rte_flow_attr *attr,
struct rte_flow_error *error)
{
@@ -30,7 +30,7 @@
(void)action;
(void)attr;
-@@ -1729,6 +1729,11 @@ flow_dv_validate_action_pop_vlan(struct rte_eth_dev *dev,
+@@ -1598,6 +1598,11 @@ flow_dv_validate_action_pop_vlan(struct rte_eth_dev *dev,
RTE_FLOW_ERROR_TYPE_ACTION, action,
"wrong action order, port_id should "
"be after pop VLAN action");
@@ -42,7 +42,7 @@
return 0;
}
-@@ -1792,6 +1797,8 @@ flow_dev_get_vlan_info_from_items(const struct rte_flow_item *items,
+@@ -1661,6 +1666,8 @@ flow_dev_get_vlan_info_from_items(const struct rte_flow_item *items,
/**
* Validate the push VLAN action.
*
@@ -51,7 +51,7 @@
* @param[in] action_flags
* Holds the actions detected until now.
* @param[in] item_flags
-@@ -1807,13 +1814,15 @@ flow_dev_get_vlan_info_from_items(const struct rte_flow_item *items,
+@@ -1676,13 +1683,15 @@ flow_dev_get_vlan_info_from_items(const struct rte_flow_item *items,
* 0 on success, a negative errno value otherwise and rte_errno is set.
*/
static int
@@ -68,7 +68,7 @@
if (!attr->transfer && attr->ingress)
return rte_flow_error_set(error, ENOTSUP,
-@@ -1836,6 +1845,11 @@ flow_dv_validate_action_push_vlan(uint64_t action_flags,
+@@ -1705,6 +1714,11 @@ flow_dv_validate_action_push_vlan(uint64_t action_flags,
RTE_FLOW_ERROR_TYPE_ACTION, action,
"wrong action order, port_id should "
"be after push VLAN");
@@ -80,7 +80,7 @@
(void)attr;
return 0;
}
-@@ -2201,10 +2215,14 @@ notsup_err:
+@@ -2070,10 +2084,14 @@ notsup_err:
/**
* Validate the L2 encap action.
*
@@ -95,7 +95,7 @@
* @param[out] error
* Pointer to error structure.
*
-@@ -2212,10 +2230,14 @@ notsup_err:
+@@ -2081,10 +2099,14 @@ notsup_err:
* 0 on success, a negative errno value otherwise and rte_errno is set.
*/
static int
@@ -111,7 +111,7 @@
if (!(action->conf))
return rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION, action,
-@@ -2225,12 +2247,19 @@ flow_dv_validate_action_l2_encap(uint64_t action_flags,
+@@ -2094,12 +2116,19 @@ flow_dv_validate_action_l2_encap(uint64_t action_flags,
RTE_FLOW_ERROR_TYPE_ACTION, NULL,
"can only have a single encap action "
"in a flow");
@@ -131,7 +131,7 @@
* @param[in] action_flags
* Holds the actions detected until now.
* @param[in] attr
-@@ -2242,10 +2271,13 @@ flow_dv_validate_action_l2_encap(uint64_t action_flags,
+@@ -2111,10 +2140,13 @@ flow_dv_validate_action_l2_encap(uint64_t action_flags,
* 0 on success, a negative errno value otherwise and rte_errno is set.
*/
static int
@@ -148,7 +148,7 @@
if (action_flags & MLX5_FLOW_XCAP_ACTIONS)
return rte_flow_error_set(error, ENOTSUP,
RTE_FLOW_ERROR_TYPE_ACTION, NULL,
-@@ -2264,6 +2296,11 @@ flow_dv_validate_action_decap(uint64_t action_flags,
+@@ -2133,6 +2165,11 @@ flow_dv_validate_action_decap(uint64_t action_flags,
NULL,
"decap action not supported for "
"egress");
@@ -160,7 +160,7 @@
return 0;
}
-@@ -2272,6 +2309,8 @@ const struct rte_flow_action_raw_decap empty_decap = {.data = NULL, .size = 0,};
+@@ -2141,6 +2178,8 @@ const struct rte_flow_action_raw_decap empty_decap = {.data = NULL, .size = 0,};
/**
* Validate the raw encap and decap actions.
*
@@ -169,7 +169,7 @@
* @param[in] decap
* Pointer to the decap action.
* @param[in] encap
-@@ -2290,11 +2329,13 @@ const struct rte_flow_action_raw_decap empty_decap = {.data = NULL, .size = 0,};
+@@ -2159,11 +2198,13 @@ const struct rte_flow_action_raw_decap empty_decap = {.data = NULL, .size = 0,};
*/
static int
flow_dv_validate_action_raw_encap_decap
@@ -184,7 +184,7 @@
int ret;
if (encap && (!encap->size || !encap->data))
-@@ -2327,7 +2368,8 @@ flow_dv_validate_action_raw_encap_decap
+@@ -2196,7 +2237,8 @@ flow_dv_validate_action_raw_encap_decap
"encap combination");
}
if (decap) {
@@ -194,7 +194,7 @@
if (ret < 0)
return ret;
*action_flags |= MLX5_FLOW_ACTION_DECAP;
-@@ -2344,6 +2386,12 @@ flow_dv_validate_action_raw_encap_decap
+@@ -2213,6 +2255,12 @@ flow_dv_validate_action_raw_encap_decap
RTE_FLOW_ERROR_TYPE_ACTION,
NULL,
"more than one encap action");
@@ -207,7 +207,7 @@
*action_flags |= MLX5_FLOW_ACTION_ENCAP;
++(*actions_n);
}
-@@ -4889,7 +4937,8 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
+@@ -4654,7 +4702,8 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
++actions_n;
break;
case RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN:
@@ -217,7 +217,7 @@
item_flags,
actions, attr,
error);
-@@ -4917,8 +4966,10 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
+@@ -4682,8 +4731,10 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
break;
case RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP:
case RTE_FLOW_ACTION_TYPE_NVGRE_ENCAP:
@@ -230,7 +230,7 @@
if (ret < 0)
return ret;
action_flags |= MLX5_FLOW_ACTION_ENCAP;
-@@ -4926,8 +4977,8 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
+@@ -4691,8 +4742,8 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
break;
case RTE_FLOW_ACTION_TYPE_VXLAN_DECAP:
case RTE_FLOW_ACTION_TYPE_NVGRE_DECAP:
@@ -241,7 +241,7 @@
if (ret < 0)
return ret;
action_flags |= MLX5_FLOW_ACTION_DECAP;
-@@ -4935,7 +4986,7 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
+@@ -4700,7 +4751,7 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
break;
case RTE_FLOW_ACTION_TYPE_RAW_ENCAP:
ret = flow_dv_validate_action_raw_encap_decap
@@ -250,7 +250,7 @@
&actions_n, error);
if (ret < 0)
return ret;
-@@ -4951,7 +5002,8 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
+@@ -4716,7 +4767,8 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
encap = actions->conf;
}
ret = flow_dv_validate_action_raw_encap_decap
More information about the stable
mailing list