lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220914160604.1740282-2-simon.horman@corigine.com> Date: Wed, 14 Sep 2022 17:06:02 +0100 From: Simon Horman <simon.horman@...igine.com> To: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com> Cc: netdev@...r.kernel.org, oss-drivers@...igine.com, Hui Zhou <hui.zhou@...igine.com>, Ziyang Chen <ziyang.chen@...igine.com> Subject: [PATCH net-next 1/3] nfp: flower: add validation of for police actions which are independent of flows From: Ziyang Chen <ziyang.chen@...igine.com> Validation of police actions was added to offload drivers in commit d97b4b105ce7 ("flow_offload: reject offload for all drivers with invalid police parameters") This patch extends that validation in the nfp driver to include police actions which are created independently of flows. Signed-off-by: Ziyang Chen <ziyang.chen@...igine.com> Reviewed-by: Baowen Zheng <baowen.zheng@...igine.com> Reviewed-by: Louis Peens <louis.peens@...igine.com> Signed-off-by: Simon Horman <simon.horman@...igine.com> --- .../ethernet/netronome/nfp/flower/qos_conf.c | 31 ++++++++++++++----- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/drivers/net/ethernet/netronome/nfp/flower/qos_conf.c b/drivers/net/ethernet/netronome/nfp/flower/qos_conf.c index 7b92026e1a6f..99052a925d9e 100644 --- a/drivers/net/ethernet/netronome/nfp/flower/qos_conf.c +++ b/drivers/net/ethernet/netronome/nfp/flower/qos_conf.c @@ -119,7 +119,8 @@ int nfp_flower_offload_one_police(struct nfp_app *app, bool ingress, static int nfp_policer_validate(const struct flow_action *action, const struct flow_action_entry *act, - struct netlink_ext_ack *extack) + struct netlink_ext_ack *extack, + bool ingress) { if (act->police.exceed.act_id != FLOW_ACTION_DROP) { NL_SET_ERR_MSG_MOD(extack, @@ -127,12 +128,20 @@ static int nfp_policer_validate(const struct flow_action *action, return -EOPNOTSUPP; } - if (act->police.notexceed.act_id != FLOW_ACTION_CONTINUE && - act->police.notexceed.act_id != FLOW_ACTION_PIPE && - act->police.notexceed.act_id != FLOW_ACTION_ACCEPT) { - NL_SET_ERR_MSG_MOD(extack, - "Offload not supported when conform action is not continue, pipe or ok"); - return -EOPNOTSUPP; + if (ingress) { + if (act->police.notexceed.act_id != FLOW_ACTION_CONTINUE && + act->police.notexceed.act_id != FLOW_ACTION_ACCEPT) { + NL_SET_ERR_MSG_MOD(extack, + "Offload not supported when conform action is not continue or ok"); + return -EOPNOTSUPP; + } + } else { + if (act->police.notexceed.act_id != FLOW_ACTION_PIPE && + act->police.notexceed.act_id != FLOW_ACTION_ACCEPT) { + NL_SET_ERR_MSG_MOD(extack, + "Offload not supported when conform action is not pipe or ok"); + return -EOPNOTSUPP; + } } if (act->police.notexceed.act_id == FLOW_ACTION_ACCEPT && @@ -218,7 +227,7 @@ nfp_flower_install_rate_limiter(struct nfp_app *app, struct net_device *netdev, return -EOPNOTSUPP; } - err = nfp_policer_validate(&flow->rule->action, action, extack); + err = nfp_policer_validate(&flow->rule->action, action, extack, true); if (err) return err; @@ -687,6 +696,7 @@ nfp_act_install_actions(struct nfp_app *app, struct flow_offload_action *fl_act, bool pps_support, pps; bool add = false; u64 rate; + int err; pps_support = !!(fl_priv->flower_ext_feats & NFP_FL_FEATS_QOS_PPS); @@ -698,6 +708,11 @@ nfp_act_install_actions(struct nfp_app *app, struct flow_offload_action *fl_act, "unsupported offload: qos rate limit offload requires police action"); continue; } + + err = nfp_policer_validate(&fl_act->action, action, extack, false); + if (err) + return err; + if (action->police.rate_bytes_ps > 0) { rate = action->police.rate_bytes_ps; burst = action->police.burst; -- 2.30.2
Powered by blists - more mailing lists