lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <DM5PR1301MB21721A9F0AE0615C8B83A079E7379@DM5PR1301MB2172.namprd13.prod.outlook.com>
Date:   Fri, 18 Feb 2022 01:46:19 +0000
From:   Baowen Zheng <baowen.zheng@...igine.com>
To:     Roi Dayan <roid@...dia.com>, Jianbo Liu <jianbol@...dia.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-rdma@...r.kernel.org" <linux-rdma@...r.kernel.org>
CC:     "olteanv@...il.com" <olteanv@...il.com>,
        "andrew@...n.ch" <andrew@...n.ch>,
        "vivien.didelot@...il.com" <vivien.didelot@...il.com>,
        "f.fainelli@...il.com" <f.fainelli@...il.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "rajur@...lsio.com" <rajur@...lsio.com>,
        "claudiu.manoil@....com" <claudiu.manoil@....com>,
        "sgoutham@...vell.com" <sgoutham@...vell.com>,
        "gakula@...vell.com" <gakula@...vell.com>,
        "sbhatta@...vell.com" <sbhatta@...vell.com>,
        "hkelam@...vell.com" <hkelam@...vell.com>,
        "saeedm@...dia.com" <saeedm@...dia.com>,
        "leon@...nel.org" <leon@...nel.org>,
        "idosch@...dia.com" <idosch@...dia.com>,
        "petrm@...dia.com" <petrm@...dia.com>,
        "alexandre.belloni@...tlin.com" <alexandre.belloni@...tlin.com>,
        "UNGLinuxDriver@...rochip.com" <UNGLinuxDriver@...rochip.com>,
        Simon Horman <simon.horman@...igine.com>,
        "jhs@...atatu.com" <jhs@...atatu.com>,
        "xiyou.wangcong@...il.com" <xiyou.wangcong@...il.com>,
        "jiri@...nulli.us" <jiri@...nulli.us>,
        "louis.peens@...ronome.com" <louis.peens@...ronome.com>,
        Nole Zhang <peng.zhang@...igine.com>,
        oss-drivers <oss-drivers@...igine.com>
Subject: RE: [PATCH net-next v2 1/2] net: flow_offload: add tc police action
 parameters

On, February 17, 2022 8:10 PM, Roi wrote:
>On 2022-02-17 12:25 PM, Baowen Zheng wrote:
>> On February 17, 2022 4:28 PM, Jianbo wrote:
>>> The current police offload action entry is missing exceed/notexceed
>>> actions and parameters that can be configured by tc police action.
>>> Add the missing parameters as a pre-step for offloading police
>>> actions to hardware.
>>>
>>> Signed-off-by: Jianbo Liu <jianbol@...dia.com>
>>> Signed-off-by: Roi Dayan <roid@...dia.com>
>>> Reviewed-by: Ido Schimmel <idosch@...dia.com>
>>> ---
>>> include/net/flow_offload.h     | 13 ++++++++++
>>> include/net/tc_act/tc_police.h | 30 ++++++++++++++++++++++
>>> net/sched/act_police.c         | 46
>++++++++++++++++++++++++++++++++++
>>> 3 files changed, 89 insertions(+)
>>>
>>> diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h
>>> index
>>> 5b8c54eb7a6b..94cde6bbc8a5 100644
>>> --- a/include/net/flow_offload.h
>>> +++ b/include/net/flow_offload.h
>>> @@ -148,6 +148,8 @@ enum flow_action_id {
>>> 	FLOW_ACTION_MPLS_MANGLE,
>>> 	FLOW_ACTION_GATE,
>>> 	FLOW_ACTION_PPPOE_PUSH,
>>> +	FLOW_ACTION_JUMP,
>>> +	FLOW_ACTION_PIPE,
>>> 	NUM_FLOW_ACTIONS,
>>> };
>>>
>>> @@ -235,9 +237,20 @@ struct flow_action_entry {
>>> 		struct {				/* FLOW_ACTION_POLICE */
>>> 			u32			burst;
>>> 			u64			rate_bytes_ps;
>>> +			u64			peakrate_bytes_ps;
>>> +			u32			avrate;
>>> +			u16			overhead;
>>> 			u64			burst_pkt;
>>> 			u64			rate_pkt_ps;
>>> 			u32			mtu;
>>> +			struct {
>>> +				enum flow_action_id     act_id;
>>> +				u32                     index;
>>> +			} exceed;
>>> +			struct {
>>> +				enum flow_action_id     act_id;
>>> +				u32                     index;
>>> +			} notexceed;
>> It seems exceed and notexceed use the same format struct, will it be more
>simpler to define as:
>> 			struct {
>> 				enum flow_action_id     act_id;
>> 				u32                     index;
>> 			} exceed, notexceed;
>
>right. it can be.
>
>>
>>> 		} police;
>>> 		struct {				/* FLOW_ACTION_CT */
>>> 			int action;
>>> diff --git a/include/net/tc_act/tc_police.h
>>> b/include/net/tc_act/tc_police.h index 72649512dcdd..283bde711a42
>>> 100644
>>> --- a/include/net/tc_act/tc_police.h
>>> +++ b/include/net/tc_act/tc_police.h
>>> @@ -159,4 +159,34 @@ static inline u32 tcf_police_tcfp_mtu(const
>>> struct tc_action *act)
>>> 	return params->tcfp_mtu;
>>> }
>>>
>>> +static inline u64 tcf_police_peakrate_bytes_ps(const struct
>>> +tc_action
>>> +*act) {
>>> +	struct tcf_police *police = to_police(act);
>>> +	struct tcf_police_params *params;
>>> +
>>> +	params = rcu_dereference_protected(police->params,
>>> +					   lockdep_is_held(&police->tcf_lock));
>>> +	return params->peak.rate_bytes_ps;
>>> +}
>>> +
>>> +static inline u32 tcf_police_tcfp_ewma_rate(const struct tc_action
>>> +*act) {
>>> +	struct tcf_police *police = to_police(act);
>>> +	struct tcf_police_params *params;
>>> +
>>> +	params = rcu_dereference_protected(police->params,
>>> +					   lockdep_is_held(&police->tcf_lock));
>>> +	return params->tcfp_ewma_rate;
>>> +}
>>> +
>>> +static inline u16 tcf_police_rate_overhead(const struct tc_action
>>> +*act) {
>>> +	struct tcf_police *police = to_police(act);
>>> +	struct tcf_police_params *params;
>>> +
>>> +	params = rcu_dereference_protected(police->params,
>>> +					   lockdep_is_held(&police->tcf_lock));
>>> +	return params->rate.overhead;
>>> +}
>>> +
>>> #endif /* __NET_TC_POLICE_H */
>>> diff --git a/net/sched/act_police.c b/net/sched/act_police.c index
>>> 0923aa2b8f8a..0457b6c9c4e7 100644
>>> --- a/net/sched/act_police.c
>>> +++ b/net/sched/act_police.c
>>> @@ -405,20 +405,66 @@ static int tcf_police_search(struct net *net,
>>> struct tc_action **a, u32 index)
>>> 	return tcf_idr_search(tn, a, index); }
>>>
>>> +static int tcf_police_act_to_flow_act(int tc_act, int *index) {
>>> +	int act_id = -EOPNOTSUPP;
>>> +
>>> +	if (!TC_ACT_EXT_OPCODE(tc_act)) {
>>> +		if (tc_act == TC_ACT_OK)
>>> +			act_id = FLOW_ACTION_ACCEPT;
>>> +		else if (tc_act ==  TC_ACT_SHOT)
>>> +			act_id = FLOW_ACTION_DROP;
>>> +		else if (tc_act == TC_ACT_PIPE)
>>> +			act_id = FLOW_ACTION_PIPE;
>>> +	} else if (TC_ACT_EXT_CMP(tc_act, TC_ACT_GOTO_CHAIN)) {
>>> +		act_id = FLOW_ACTION_GOTO;
>>> +		*index = tc_act & TC_ACT_EXT_VAL_MASK;
>> For the TC_ACT_GOTO_CHAIN  action, the goto_chain information is missing
>from software to hardware, is it useful for hardware to check?
>>
>
>what information do you mean?
Sorry, I do not realize the chain index is in the return value of index, so please just ignore.
It seems the definition of index is a little confused since in TC_ACT_GOTO_CHAIN case, it means chain index and in TC_ACT_JUMP case, it means jump count. 
Just a suggestion, can we change the index definition as a union as:
	union {
			u32 chain_index;
			u32 jmp_cnt;
		{
WDYT?
>
>>> +	} else if (TC_ACT_EXT_CMP(tc_act, TC_ACT_JUMP)) {
>>> +		act_id = FLOW_ACTION_JUMP;
>>> +		*index = tc_act & TC_ACT_EXT_VAL_MASK;
>>> +	}
>>> +
>>> +	return act_id;
>>> +}
>>> +
>>> static int tcf_police_offload_act_setup(struct tc_action *act, void
>*entry_data,
>>> 					u32 *index_inc, bool bind)
>>> {
>>> 	if (bind) {
>>> 		struct flow_action_entry *entry = entry_data;
>>> +		struct tcf_police *police = to_police(act);
>>> +		struct tcf_police_params *p;
>>> +		int act_id;
>>> +
>>> +		p = rcu_dereference_protected(police->params,
>>> +					      lockdep_is_held(&police-
>>tcf_lock));
>>>
>>> 		entry->id = FLOW_ACTION_POLICE;
>>> 		entry->police.burst = tcf_police_burst(act);
>>> 		entry->police.rate_bytes_ps =
>>> 			tcf_police_rate_bytes_ps(act);
>>> +		entry->police.peakrate_bytes_ps =
>>> tcf_police_peakrate_bytes_ps(act);
>>> +		entry->police.avrate = tcf_police_tcfp_ewma_rate(act);
>>> +		entry->police.overhead = tcf_police_rate_overhead(act);
>>> 		entry->police.burst_pkt = tcf_police_burst_pkt(act);
>>> 		entry->police.rate_pkt_ps =
>>> 			tcf_police_rate_pkt_ps(act);
>>> 		entry->police.mtu = tcf_police_tcfp_mtu(act);
>>> +
>>> +		act_id = tcf_police_act_to_flow_act(police->tcf_action,
>>> +						    &entry-
>>>> police.exceed.index);
>>> +		if (act_id < 0)
>>> +			return act_id;
>>> +
>>> +		entry->police.exceed.act_id = act_id;
>>> +
>>> +		act_id = tcf_police_act_to_flow_act(p->tcfp_result,
>>> +						    &entry-
>>>> police.notexceed.index);
>>> +		if (act_id < 0)
>>> +			return act_id;
>>> +
>>> +		entry->police.notexceed.act_id = act_id;
>>> +
>>> 		*index_inc = 1;
>>> 	} else {
>>> 		struct flow_offload_action *fl_action = entry_data;
>>> --
>>> 2.26.2
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ