search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
WIP FPC-III support
[linux/fpc-iii.git] / drivers / net / ethernet / netronome / nfp / flower / offload.c
blob1c59aff2163c7e193d626e2eda9ffefa5604d478
1 // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
2 /* Copyright (C) 2017-2018 Netronome Systems, Inc. */
3
4 #include <linux/skbuff.h>
5 #include <net/devlink.h>
6 #include <net/pkt_cls.h>
7
8 #include "cmsg.h"
9 #include "main.h"
10 #include "../nfpcore/nfp_cpp.h"
11 #include "../nfpcore/nfp_nsp.h"
12 #include "../nfp_app.h"
13 #include "../nfp_main.h"
14 #include "../nfp_net.h"
15 #include "../nfp_port.h"
16
17 #define NFP_FLOWER_SUPPORTED_TCPFLAGS \
18 (TCPHDR_FIN | TCPHDR_SYN | TCPHDR_RST | \
19 TCPHDR_PSH | TCPHDR_URG)
20
21 #define NFP_FLOWER_SUPPORTED_CTLFLAGS \
22 (FLOW_DIS_IS_FRAGMENT | \
23 FLOW_DIS_FIRST_FRAG)
24
25 #define NFP_FLOWER_WHITELIST_DISSECTOR \
26 (BIT(FLOW_DISSECTOR_KEY_CONTROL) | \
27 BIT(FLOW_DISSECTOR_KEY_BASIC) | \
28 BIT(FLOW_DISSECTOR_KEY_IPV4_ADDRS) | \
29 BIT(FLOW_DISSECTOR_KEY_IPV6_ADDRS) | \
30 BIT(FLOW_DISSECTOR_KEY_TCP) | \
31 BIT(FLOW_DISSECTOR_KEY_PORTS) | \
32 BIT(FLOW_DISSECTOR_KEY_ETH_ADDRS) | \
33 BIT(FLOW_DISSECTOR_KEY_VLAN) | \
34 BIT(FLOW_DISSECTOR_KEY_CVLAN) | \
35 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) | \
36 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | \
37 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | \
38 BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \
39 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS) | \
40 BIT(FLOW_DISSECTOR_KEY_ENC_OPTS) | \
41 BIT(FLOW_DISSECTOR_KEY_ENC_IP) | \
42 BIT(FLOW_DISSECTOR_KEY_MPLS) | \
43 BIT(FLOW_DISSECTOR_KEY_IP))
44
45 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR \
46 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \
47 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) | \
48 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | \
49 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | \
50 BIT(FLOW_DISSECTOR_KEY_ENC_OPTS) | \
51 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS) | \
52 BIT(FLOW_DISSECTOR_KEY_ENC_IP))
53
54 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R \
55 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \
56 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS))
57
58 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR_V6_R \
59 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \
60 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS))
61
62 #define NFP_FLOWER_MERGE_FIELDS \
63 (NFP_FLOWER_LAYER_PORT | \
64 NFP_FLOWER_LAYER_MAC | \
65 NFP_FLOWER_LAYER_TP | \
66 NFP_FLOWER_LAYER_IPV4 | \
67 NFP_FLOWER_LAYER_IPV6)
68
69 #define NFP_FLOWER_PRE_TUN_RULE_FIELDS \
70 (NFP_FLOWER_LAYER_EXT_META | \
71 NFP_FLOWER_LAYER_PORT | \
72 NFP_FLOWER_LAYER_MAC | \
73 NFP_FLOWER_LAYER_IPV4 | \
74 NFP_FLOWER_LAYER_IPV6)
75
76 struct nfp_flower_merge_check {
77 union {
78 struct {
79 __be16 tci;
80 struct nfp_flower_mac_mpls l2;
81 struct nfp_flower_tp_ports l4;
82 union {
83 struct nfp_flower_ipv4 ipv4;
84 struct nfp_flower_ipv6 ipv6;
85 };
86 };
87 unsigned long vals[8];
88 };
89 };
90
91 static int
92 nfp_flower_xmit_flow(struct nfp_app *app, struct nfp_fl_payload *nfp_flow,
93 u8 mtype)
94 {
95 u32 meta_len, key_len, mask_len, act_len, tot_len;
96 struct sk_buff *skb;
97 unsigned char *msg;
98
99 meta_len = sizeof(struct nfp_fl_rule_metadata);
100 key_len = nfp_flow->meta.key_len;
101 mask_len = nfp_flow->meta.mask_len;
102 act_len = nfp_flow->meta.act_len;
103
104 tot_len = meta_len + key_len + mask_len + act_len;
105
106 /* Convert to long words as firmware expects
107 * lengths in units of NFP_FL_LW_SIZ.
108 */
109 nfp_flow->meta.key_len >>= NFP_FL_LW_SIZ;
110 nfp_flow->meta.mask_len >>= NFP_FL_LW_SIZ;
111 nfp_flow->meta.act_len >>= NFP_FL_LW_SIZ;
112
113 skb = nfp_flower_cmsg_alloc(app, tot_len, mtype, GFP_KERNEL);
114 if (!skb)
115 return -ENOMEM;
116
117 msg = nfp_flower_cmsg_get_data(skb);
118 memcpy(msg, &nfp_flow->meta, meta_len);
119 memcpy(&msg[meta_len], nfp_flow->unmasked_data, key_len);
120 memcpy(&msg[meta_len + key_len], nfp_flow->mask_data, mask_len);
121 memcpy(&msg[meta_len + key_len + mask_len],
122 nfp_flow->action_data, act_len);
123
124 /* Convert back to bytes as software expects
125 * lengths in units of bytes.
126 */
127 nfp_flow->meta.key_len <<= NFP_FL_LW_SIZ;
128 nfp_flow->meta.mask_len <<= NFP_FL_LW_SIZ;
129 nfp_flow->meta.act_len <<= NFP_FL_LW_SIZ;
130
131 nfp_ctrl_tx(app->ctrl, skb);
132
133 return 0;
134 }
135
136 static bool nfp_flower_check_higher_than_mac(struct flow_cls_offload *f)
137 {
138 struct flow_rule *rule = flow_cls_offload_flow_rule(f);
139
140 return flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS) ||
141 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS) ||
142 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS) ||
143 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ICMP);
144 }
145
146 static bool nfp_flower_check_higher_than_l3(struct flow_cls_offload *f)
147 {
148 struct flow_rule *rule = flow_cls_offload_flow_rule(f);
149
150 return flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS) ||
151 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ICMP);
152 }
153
154 static int
155 nfp_flower_calc_opt_layer(struct flow_dissector_key_enc_opts *enc_opts,
156 u32 *key_layer_two, int *key_size, bool ipv6,
157 struct netlink_ext_ack *extack)
158 {
159 if (enc_opts->len > NFP_FL_MAX_GENEVE_OPT_KEY ||
160 (ipv6 && enc_opts->len > NFP_FL_MAX_GENEVE_OPT_KEY_V6)) {
161 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: geneve options exceed maximum length");
162 return -EOPNOTSUPP;
163 }
164
165 if (enc_opts->len > 0) {
166 *key_layer_two |= NFP_FLOWER_LAYER2_GENEVE_OP;
167 *key_size += sizeof(struct nfp_flower_geneve_options);
168 }
169
170 return 0;
171 }
172
173 static int
174 nfp_flower_calc_udp_tun_layer(struct flow_dissector_key_ports *enc_ports,
175 struct flow_dissector_key_enc_opts *enc_op,
176 u32 *key_layer_two, u8 *key_layer, int *key_size,
177 struct nfp_flower_priv *priv,
178 enum nfp_flower_tun_type *tun_type, bool ipv6,
179 struct netlink_ext_ack *extack)
180 {
181 int err;
182
183 switch (enc_ports->dst) {
184 case htons(IANA_VXLAN_UDP_PORT):
185 *tun_type = NFP_FL_TUNNEL_VXLAN;
186 *key_layer |= NFP_FLOWER_LAYER_VXLAN;
187
188 if (ipv6) {
189 *key_layer |= NFP_FLOWER_LAYER_EXT_META;
190 *key_size += sizeof(struct nfp_flower_ext_meta);
191 *key_layer_two |= NFP_FLOWER_LAYER2_TUN_IPV6;
192 *key_size += sizeof(struct nfp_flower_ipv6_udp_tun);
193 } else {
194 *key_size += sizeof(struct nfp_flower_ipv4_udp_tun);
195 }
196
197 if (enc_op) {
198 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: encap options not supported on vxlan tunnels");
199 return -EOPNOTSUPP;
200 }
201 break;
202 case htons(GENEVE_UDP_PORT):
203 if (!(priv->flower_ext_feats & NFP_FL_FEATS_GENEVE)) {
204 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support geneve offload");
205 return -EOPNOTSUPP;
206 }
207 *tun_type = NFP_FL_TUNNEL_GENEVE;
208 *key_layer |= NFP_FLOWER_LAYER_EXT_META;
209 *key_size += sizeof(struct nfp_flower_ext_meta);
210 *key_layer_two |= NFP_FLOWER_LAYER2_GENEVE;
211
212 if (ipv6) {
213 *key_layer_two |= NFP_FLOWER_LAYER2_TUN_IPV6;
214 *key_size += sizeof(struct nfp_flower_ipv6_udp_tun);
215 } else {
216 *key_size += sizeof(struct nfp_flower_ipv4_udp_tun);
217 }
218
219 if (!enc_op)
220 break;
221 if (!(priv->flower_ext_feats & NFP_FL_FEATS_GENEVE_OPT)) {
222 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support geneve option offload");
223 return -EOPNOTSUPP;
224 }
225 err = nfp_flower_calc_opt_layer(enc_op, key_layer_two, key_size,
226 ipv6, extack);
227 if (err)
228 return err;
229 break;
230 default:
231 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel type unknown");
232 return -EOPNOTSUPP;
233 }
234
235 return 0;
236 }
237
238 static int
239 nfp_flower_calculate_key_layers(struct nfp_app *app,
240 struct net_device *netdev,
241 struct nfp_fl_key_ls *ret_key_ls,
242 struct flow_cls_offload *flow,
243 enum nfp_flower_tun_type *tun_type,
244 struct netlink_ext_ack *extack)
245 {
246 struct flow_rule *rule = flow_cls_offload_flow_rule(flow);
247 struct flow_dissector *dissector = rule->match.dissector;
248 struct flow_match_basic basic = { NULL, NULL};
249 struct nfp_flower_priv *priv = app->priv;
250 u32 key_layer_two;
251 u8 key_layer;
252 int key_size;
253 int err;
254
255 if (dissector->used_keys & ~NFP_FLOWER_WHITELIST_DISSECTOR) {
256 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match not supported");
257 return -EOPNOTSUPP;
258 }
259
260 /* If any tun dissector is used then the required set must be used. */
261 if (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR &&
262 (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR_V6_R)
263 != NFP_FLOWER_WHITELIST_TUN_DISSECTOR_V6_R &&
264 (dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R)
265 != NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R) {
266 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel match not supported");
267 return -EOPNOTSUPP;
268 }
269
270 key_layer_two = 0;
271 key_layer = NFP_FLOWER_LAYER_PORT;
272 key_size = sizeof(struct nfp_flower_meta_tci) +
273 sizeof(struct nfp_flower_in_port);
274
275 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS) ||
276 flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_MPLS)) {
277 key_layer |= NFP_FLOWER_LAYER_MAC;
278 key_size += sizeof(struct nfp_flower_mac_mpls);
279 }
280
281 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN)) {
282 struct flow_match_vlan vlan;
283
284 flow_rule_match_vlan(rule, &vlan);
285 if (!(priv->flower_ext_feats & NFP_FL_FEATS_VLAN_PCP) &&
286 vlan.key->vlan_priority) {
287 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support VLAN PCP offload");
288 return -EOPNOTSUPP;
289 }
290 if (priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ &&
291 !(key_layer_two & NFP_FLOWER_LAYER2_QINQ)) {
292 key_layer |= NFP_FLOWER_LAYER_EXT_META;
293 key_size += sizeof(struct nfp_flower_ext_meta);
294 key_size += sizeof(struct nfp_flower_vlan);
295 key_layer_two |= NFP_FLOWER_LAYER2_QINQ;
296 }
297 }
298
299 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CVLAN)) {
300 struct flow_match_vlan cvlan;
301
302 if (!(priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ)) {
303 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: loaded firmware does not support VLAN QinQ offload");
304 return -EOPNOTSUPP;
305 }
306
307 flow_rule_match_vlan(rule, &cvlan);
308 if (!(key_layer_two & NFP_FLOWER_LAYER2_QINQ)) {
309 key_layer |= NFP_FLOWER_LAYER_EXT_META;
310 key_size += sizeof(struct nfp_flower_ext_meta);
311 key_size += sizeof(struct nfp_flower_vlan);
312 key_layer_two |= NFP_FLOWER_LAYER2_QINQ;
313 }
314 }
315
316 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_CONTROL)) {
317 struct flow_match_enc_opts enc_op = { NULL, NULL };
318 struct flow_match_ipv4_addrs ipv4_addrs;
319 struct flow_match_ipv6_addrs ipv6_addrs;
320 struct flow_match_control enc_ctl;
321 struct flow_match_ports enc_ports;
322 bool ipv6_tun = false;
323
324 flow_rule_match_enc_control(rule, &enc_ctl);
325
326 if (enc_ctl.mask->addr_type != 0xffff) {
327 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: wildcarded protocols on tunnels are not supported");
328 return -EOPNOTSUPP;
329 }
330
331 ipv6_tun = enc_ctl.key->addr_type ==
332 FLOW_DISSECTOR_KEY_IPV6_ADDRS;
333 if (ipv6_tun &&
334 !(priv->flower_ext_feats & NFP_FL_FEATS_IPV6_TUN)) {
335 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: firmware does not support IPv6 tunnels");
336 return -EOPNOTSUPP;
337 }
338
339 if (!ipv6_tun &&
340 enc_ctl.key->addr_type != FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
341 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: tunnel address type not IPv4 or IPv6");
342 return -EOPNOTSUPP;
343 }
344
345 if (ipv6_tun) {
346 flow_rule_match_enc_ipv6_addrs(rule, &ipv6_addrs);
347 if (memchr_inv(&ipv6_addrs.mask->dst, 0xff,
348 sizeof(ipv6_addrs.mask->dst))) {
349 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match IPv6 destination address is supported");
350 return -EOPNOTSUPP;
351 }
352 } else {
353 flow_rule_match_enc_ipv4_addrs(rule, &ipv4_addrs);
354 if (ipv4_addrs.mask->dst != cpu_to_be32(~0)) {
355 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match IPv4 destination address is supported");
356 return -EOPNOTSUPP;
357 }
358 }
359
360 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS))
361 flow_rule_match_enc_opts(rule, &enc_op);
362
363 if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS)) {
364 /* check if GRE, which has no enc_ports */
365 if (!netif_is_gretap(netdev)) {
366 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: an exact match on L4 destination port is required for non-GRE tunnels");
367 return -EOPNOTSUPP;
368 }
369
370 *tun_type = NFP_FL_TUNNEL_GRE;
371 key_layer |= NFP_FLOWER_LAYER_EXT_META;
372 key_size += sizeof(struct nfp_flower_ext_meta);
373 key_layer_two |= NFP_FLOWER_LAYER2_GRE;
374
375 if (ipv6_tun) {
376 key_layer_two |= NFP_FLOWER_LAYER2_TUN_IPV6;
377 key_size +=
378 sizeof(struct nfp_flower_ipv6_udp_tun);
379 } else {
380 key_size +=
381 sizeof(struct nfp_flower_ipv4_udp_tun);
382 }
383
384 if (enc_op.key) {
385 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: encap options not supported on GRE tunnels");
386 return -EOPNOTSUPP;
387 }
388 } else {
389 flow_rule_match_enc_ports(rule, &enc_ports);
390 if (enc_ports.mask->dst != cpu_to_be16(~0)) {
391 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: only an exact match L4 destination port is supported");
392 return -EOPNOTSUPP;
393 }
394
395 err = nfp_flower_calc_udp_tun_layer(enc_ports.key,
396 enc_op.key,
397 &key_layer_two,
398 &key_layer,
399 &key_size, priv,
400 tun_type, ipv6_tun,
401 extack);
402 if (err)
403 return err;
404
405 /* Ensure the ingress netdev matches the expected
406 * tun type.
407 */
408 if (!nfp_fl_netdev_is_tunnel_type(netdev, *tun_type)) {
409 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: ingress netdev does not match the expected tunnel type");
410 return -EOPNOTSUPP;
411 }
412 }
413 }
414
415 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC))
416 flow_rule_match_basic(rule, &basic);
417
418 if (basic.mask && basic.mask->n_proto) {
419 /* Ethernet type is present in the key. */
420 switch (basic.key->n_proto) {
421 case cpu_to_be16(ETH_P_IP):
422 key_layer |= NFP_FLOWER_LAYER_IPV4;
423 key_size += sizeof(struct nfp_flower_ipv4);
424 break;
425
426 case cpu_to_be16(ETH_P_IPV6):
427 key_layer |= NFP_FLOWER_LAYER_IPV6;
428 key_size += sizeof(struct nfp_flower_ipv6);
429 break;
430
431 /* Currently we do not offload ARP
432 * because we rely on it to get to the host.
433 */
434 case cpu_to_be16(ETH_P_ARP):
435 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: ARP not supported");
436 return -EOPNOTSUPP;
437
438 case cpu_to_be16(ETH_P_MPLS_UC):
439 case cpu_to_be16(ETH_P_MPLS_MC):
440 if (!(key_layer & NFP_FLOWER_LAYER_MAC)) {
441 key_layer |= NFP_FLOWER_LAYER_MAC;
442 key_size += sizeof(struct nfp_flower_mac_mpls);
443 }
444 break;
445
446 /* Will be included in layer 2. */
447 case cpu_to_be16(ETH_P_8021Q):
448 break;
449
450 default:
451 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on given EtherType is not supported");
452 return -EOPNOTSUPP;
453 }
454 } else if (nfp_flower_check_higher_than_mac(flow)) {
455 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: cannot match above L2 without specified EtherType");
456 return -EOPNOTSUPP;
457 }
458
459 if (basic.mask && basic.mask->ip_proto) {
460 switch (basic.key->ip_proto) {
461 case IPPROTO_TCP:
462 case IPPROTO_UDP:
463 case IPPROTO_SCTP:
464 case IPPROTO_ICMP:
465 case IPPROTO_ICMPV6:
466 key_layer |= NFP_FLOWER_LAYER_TP;
467 key_size += sizeof(struct nfp_flower_tp_ports);
468 break;
469 }
470 }
471
472 if (!(key_layer & NFP_FLOWER_LAYER_TP) &&
473 nfp_flower_check_higher_than_l3(flow)) {
474 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: cannot match on L4 information without specified IP protocol type");
475 return -EOPNOTSUPP;
476 }
477
478 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_TCP)) {
479 struct flow_match_tcp tcp;
480 u32 tcp_flags;
481
482 flow_rule_match_tcp(rule, &tcp);
483 tcp_flags = be16_to_cpu(tcp.key->flags);
484
485 if (tcp_flags & ~NFP_FLOWER_SUPPORTED_TCPFLAGS) {
486 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: no match support for selected TCP flags");
487 return -EOPNOTSUPP;
488 }
489
490 /* We only support PSH and URG flags when either
491 * FIN, SYN or RST is present as well.
492 */
493 if ((tcp_flags & (TCPHDR_PSH | TCPHDR_URG)) &&
494 !(tcp_flags & (TCPHDR_FIN | TCPHDR_SYN | TCPHDR_RST))) {
495 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: PSH and URG is only supported when used with FIN, SYN or RST");
496 return -EOPNOTSUPP;
497 }
498
499 /* We need to store TCP flags in the either the IPv4 or IPv6 key
500 * space, thus we need to ensure we include a IPv4/IPv6 key
501 * layer if we have not done so already.
502 */
503 if (!basic.key) {
504 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on TCP flags requires a match on L3 protocol");
505 return -EOPNOTSUPP;
506 }
507
508 if (!(key_layer & NFP_FLOWER_LAYER_IPV4) &&
509 !(key_layer & NFP_FLOWER_LAYER_IPV6)) {
510 switch (basic.key->n_proto) {
511 case cpu_to_be16(ETH_P_IP):
512 key_layer |= NFP_FLOWER_LAYER_IPV4;
513 key_size += sizeof(struct nfp_flower_ipv4);
514 break;
515
516 case cpu_to_be16(ETH_P_IPV6):
517 key_layer |= NFP_FLOWER_LAYER_IPV6;
518 key_size += sizeof(struct nfp_flower_ipv6);
519 break;
520
521 default:
522 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on TCP flags requires a match on IPv4/IPv6");
523 return -EOPNOTSUPP;
524 }
525 }
526 }
527
528 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) {
529 struct flow_match_control ctl;
530
531 flow_rule_match_control(rule, &ctl);
532 if (ctl.key->flags & ~NFP_FLOWER_SUPPORTED_CTLFLAGS) {
533 NL_SET_ERR_MSG_MOD(extack, "unsupported offload: match on unknown control flag");
534 return -EOPNOTSUPP;
535 }
536 }
537
538 ret_key_ls->key_layer = key_layer;
539 ret_key_ls->key_layer_two = key_layer_two;
540 ret_key_ls->key_size = key_size;
541
542 return 0;
543 }
544
545 static struct nfp_fl_payload *
546 nfp_flower_allocate_new(struct nfp_fl_key_ls *key_layer)
547 {
548 struct nfp_fl_payload *flow_pay;
549
550 flow_pay = kmalloc(sizeof(*flow_pay), GFP_KERNEL);
551 if (!flow_pay)
552 return NULL;
553
554 flow_pay->meta.key_len = key_layer->key_size;
555 flow_pay->unmasked_data = kmalloc(key_layer->key_size, GFP_KERNEL);
556 if (!flow_pay->unmasked_data)
557 goto err_free_flow;
558
559 flow_pay->meta.mask_len = key_layer->key_size;
560 flow_pay->mask_data = kmalloc(key_layer->key_size, GFP_KERNEL);
561 if (!flow_pay->mask_data)
562 goto err_free_unmasked;
563
564 flow_pay->action_data = kmalloc(NFP_FL_MAX_A_SIZ, GFP_KERNEL);
565 if (!flow_pay->action_data)
566 goto err_free_mask;
567
568 flow_pay->nfp_tun_ipv4_addr = 0;
569 flow_pay->nfp_tun_ipv6 = NULL;
570 flow_pay->meta.flags = 0;
571 INIT_LIST_HEAD(&flow_pay->linked_flows);
572 flow_pay->in_hw = false;
573 flow_pay->pre_tun_rule.dev = NULL;
574
575 return flow_pay;
576
577 err_free_mask:
578 kfree(flow_pay->mask_data);
579 err_free_unmasked:
580 kfree(flow_pay->unmasked_data);
581 err_free_flow:
582 kfree(flow_pay);
583 return NULL;
584 }
585
586 static int
587 nfp_flower_update_merge_with_actions(struct nfp_fl_payload *flow,
588 struct nfp_flower_merge_check *merge,
589 u8 *last_act_id, int *act_out)
590 {
591 struct nfp_fl_set_ipv6_tc_hl_fl *ipv6_tc_hl_fl;
592 struct nfp_fl_set_ip4_ttl_tos *ipv4_ttl_tos;
593 struct nfp_fl_set_ip4_addrs *ipv4_add;
594 struct nfp_fl_set_ipv6_addr *ipv6_add;
595 struct nfp_fl_push_vlan *push_vlan;
596 struct nfp_fl_pre_tunnel *pre_tun;
597 struct nfp_fl_set_tport *tport;
598 struct nfp_fl_set_eth *eth;
599 struct nfp_fl_act_head *a;
600 unsigned int act_off = 0;
601 bool ipv6_tun = false;
602 u8 act_id = 0;
603 u8 *ports;
604 int i;
605
606 while (act_off < flow->meta.act_len) {
607 a = (struct nfp_fl_act_head *)&flow->action_data[act_off];
608 act_id = a->jump_id;
609
610 switch (act_id) {
611 case NFP_FL_ACTION_OPCODE_OUTPUT:
612 if (act_out)
613 (*act_out)++;
614 break;
615 case NFP_FL_ACTION_OPCODE_PUSH_VLAN:
616 push_vlan = (struct nfp_fl_push_vlan *)a;
617 if (push_vlan->vlan_tci)
618 merge->tci = cpu_to_be16(0xffff);
619 break;
620 case NFP_FL_ACTION_OPCODE_POP_VLAN:
621 merge->tci = cpu_to_be16(0);
622 break;
623 case NFP_FL_ACTION_OPCODE_SET_TUNNEL:
624 /* New tunnel header means l2 to l4 can be matched. */
625 eth_broadcast_addr(&merge->l2.mac_dst[0]);
626 eth_broadcast_addr(&merge->l2.mac_src[0]);
627 memset(&merge->l4, 0xff,
628 sizeof(struct nfp_flower_tp_ports));
629 if (ipv6_tun)
630 memset(&merge->ipv6, 0xff,
631 sizeof(struct nfp_flower_ipv6));
632 else
633 memset(&merge->ipv4, 0xff,
634 sizeof(struct nfp_flower_ipv4));
635 break;
636 case NFP_FL_ACTION_OPCODE_SET_ETHERNET:
637 eth = (struct nfp_fl_set_eth *)a;
638 for (i = 0; i < ETH_ALEN; i++)
639 merge->l2.mac_dst[i] |= eth->eth_addr_mask[i];
640 for (i = 0; i < ETH_ALEN; i++)
641 merge->l2.mac_src[i] |=
642 eth->eth_addr_mask[ETH_ALEN + i];
643 break;
644 case NFP_FL_ACTION_OPCODE_SET_IPV4_ADDRS:
645 ipv4_add = (struct nfp_fl_set_ip4_addrs *)a;
646 merge->ipv4.ipv4_src |= ipv4_add->ipv4_src_mask;
647 merge->ipv4.ipv4_dst |= ipv4_add->ipv4_dst_mask;
648 break;
649 case NFP_FL_ACTION_OPCODE_SET_IPV4_TTL_TOS:
650 ipv4_ttl_tos = (struct nfp_fl_set_ip4_ttl_tos *)a;
651 merge->ipv4.ip_ext.ttl |= ipv4_ttl_tos->ipv4_ttl_mask;
652 merge->ipv4.ip_ext.tos |= ipv4_ttl_tos->ipv4_tos_mask;
653 break;
654 case NFP_FL_ACTION_OPCODE_SET_IPV6_SRC:
655 ipv6_add = (struct nfp_fl_set_ipv6_addr *)a;
656 for (i = 0; i < 4; i++)
657 merge->ipv6.ipv6_src.in6_u.u6_addr32[i] |=
658 ipv6_add->ipv6[i].mask;
659 break;
660 case NFP_FL_ACTION_OPCODE_SET_IPV6_DST:
661 ipv6_add = (struct nfp_fl_set_ipv6_addr *)a;
662 for (i = 0; i < 4; i++)
663 merge->ipv6.ipv6_dst.in6_u.u6_addr32[i] |=
664 ipv6_add->ipv6[i].mask;
665 break;
666 case NFP_FL_ACTION_OPCODE_SET_IPV6_TC_HL_FL:
667 ipv6_tc_hl_fl = (struct nfp_fl_set_ipv6_tc_hl_fl *)a;
668 merge->ipv6.ip_ext.ttl |=
669 ipv6_tc_hl_fl->ipv6_hop_limit_mask;
670 merge->ipv6.ip_ext.tos |= ipv6_tc_hl_fl->ipv6_tc_mask;
671 merge->ipv6.ipv6_flow_label_exthdr |=
672 ipv6_tc_hl_fl->ipv6_label_mask;
673 break;
674 case NFP_FL_ACTION_OPCODE_SET_UDP:
675 case NFP_FL_ACTION_OPCODE_SET_TCP:
676 tport = (struct nfp_fl_set_tport *)a;
677 ports = (u8 *)&merge->l4.port_src;
678 for (i = 0; i < 4; i++)
679 ports[i] |= tport->tp_port_mask[i];
680 break;
681 case NFP_FL_ACTION_OPCODE_PRE_TUNNEL:
682 pre_tun = (struct nfp_fl_pre_tunnel *)a;
683 ipv6_tun = be16_to_cpu(pre_tun->flags) &
684 NFP_FL_PRE_TUN_IPV6;
685 break;
686 case NFP_FL_ACTION_OPCODE_PRE_LAG:
687 case NFP_FL_ACTION_OPCODE_PUSH_GENEVE:
688 break;
689 default:
690 return -EOPNOTSUPP;
691 }
692
693 act_off += a->len_lw << NFP_FL_LW_SIZ;
694 }
695
696 if (last_act_id)
697 *last_act_id = act_id;
698
699 return 0;
700 }
701
702 static int
703 nfp_flower_populate_merge_match(struct nfp_fl_payload *flow,
704 struct nfp_flower_merge_check *merge,
705 bool extra_fields)
706 {
707 struct nfp_flower_meta_tci *meta_tci;
708 u8 *mask = flow->mask_data;
709 u8 key_layer, match_size;
710
711 memset(merge, 0, sizeof(struct nfp_flower_merge_check));
712
713 meta_tci = (struct nfp_flower_meta_tci *)mask;
714 key_layer = meta_tci->nfp_flow_key_layer;
715
716 if (key_layer & ~NFP_FLOWER_MERGE_FIELDS && !extra_fields)
717 return -EOPNOTSUPP;
718
719 merge->tci = meta_tci->tci;
720 mask += sizeof(struct nfp_flower_meta_tci);
721
722 if (key_layer & NFP_FLOWER_LAYER_EXT_META)
723 mask += sizeof(struct nfp_flower_ext_meta);
724
725 mask += sizeof(struct nfp_flower_in_port);
726
727 if (key_layer & NFP_FLOWER_LAYER_MAC) {
728 match_size = sizeof(struct nfp_flower_mac_mpls);
729 memcpy(&merge->l2, mask, match_size);
730 mask += match_size;
731 }
732
733 if (key_layer & NFP_FLOWER_LAYER_TP) {
734 match_size = sizeof(struct nfp_flower_tp_ports);
735 memcpy(&merge->l4, mask, match_size);
736 mask += match_size;
737 }
738
739 if (key_layer & NFP_FLOWER_LAYER_IPV4) {
740 match_size = sizeof(struct nfp_flower_ipv4);
741 memcpy(&merge->ipv4, mask, match_size);
742 }
743
744 if (key_layer & NFP_FLOWER_LAYER_IPV6) {
745 match_size = sizeof(struct nfp_flower_ipv6);
746 memcpy(&merge->ipv6, mask, match_size);
747 }
748
749 return 0;
750 }
751
752 static int
753 nfp_flower_can_merge(struct nfp_fl_payload *sub_flow1,
754 struct nfp_fl_payload *sub_flow2)
755 {
756 /* Two flows can be merged if sub_flow2 only matches on bits that are
757 * either matched by sub_flow1 or set by a sub_flow1 action. This
758 * ensures that every packet that hits sub_flow1 and recirculates is
759 * guaranteed to hit sub_flow2.
760 */
761 struct nfp_flower_merge_check sub_flow1_merge, sub_flow2_merge;
762 int err, act_out = 0;
763 u8 last_act_id = 0;
764
765 err = nfp_flower_populate_merge_match(sub_flow1, &sub_flow1_merge,
766 true);
767 if (err)
768 return err;
769
770 err = nfp_flower_populate_merge_match(sub_flow2, &sub_flow2_merge,
771 false);
772 if (err)
773 return err;
774
775 err = nfp_flower_update_merge_with_actions(sub_flow1, &sub_flow1_merge,
776 &last_act_id, &act_out);
777 if (err)
778 return err;
779
780 /* Must only be 1 output action and it must be the last in sequence. */
781 if (act_out != 1 || last_act_id != NFP_FL_ACTION_OPCODE_OUTPUT)
782 return -EOPNOTSUPP;
783
784 /* Reject merge if sub_flow2 matches on something that is not matched
785 * on or set in an action by sub_flow1.
786 */
787 err = bitmap_andnot(sub_flow2_merge.vals, sub_flow2_merge.vals,
788 sub_flow1_merge.vals,
789 sizeof(struct nfp_flower_merge_check) * 8);
790 if (err)
791 return -EINVAL;
792
793 return 0;
794 }
795
796 static unsigned int
797 nfp_flower_copy_pre_actions(char *act_dst, char *act_src, int len,
798 bool *tunnel_act)
799 {
800 unsigned int act_off = 0, act_len;
801 struct nfp_fl_act_head *a;
802 u8 act_id = 0;
803
804 while (act_off < len) {
805 a = (struct nfp_fl_act_head *)&act_src[act_off];
806 act_len = a->len_lw << NFP_FL_LW_SIZ;
807 act_id = a->jump_id;
808
809 switch (act_id) {
810 case NFP_FL_ACTION_OPCODE_PRE_TUNNEL:
811 if (tunnel_act)
812 *tunnel_act = true;
813 fallthrough;
814 case NFP_FL_ACTION_OPCODE_PRE_LAG:
815 memcpy(act_dst + act_off, act_src + act_off, act_len);
816 break;
817 default:
818 return act_off;
819 }
820
821 act_off += act_len;
822 }
823
824 return act_off;
825 }
826
827 static int
828 nfp_fl_verify_post_tun_acts(char *acts, int len, struct nfp_fl_push_vlan **vlan)
829 {
830 struct nfp_fl_act_head *a;
831 unsigned int act_off = 0;
832
833 while (act_off < len) {
834 a = (struct nfp_fl_act_head *)&acts[act_off];
835
836 if (a->jump_id == NFP_FL_ACTION_OPCODE_PUSH_VLAN && !act_off)
837 *vlan = (struct nfp_fl_push_vlan *)a;
838 else if (a->jump_id != NFP_FL_ACTION_OPCODE_OUTPUT)
839 return -EOPNOTSUPP;
840
841 act_off += a->len_lw << NFP_FL_LW_SIZ;
842 }
843
844 /* Ensure any VLAN push also has an egress action. */
845 if (*vlan && act_off <= sizeof(struct nfp_fl_push_vlan))
846 return -EOPNOTSUPP;
847
848 return 0;
849 }
850
851 static int
852 nfp_fl_push_vlan_after_tun(char *acts, int len, struct nfp_fl_push_vlan *vlan)
853 {
854 struct nfp_fl_set_tun *tun;
855 struct nfp_fl_act_head *a;
856 unsigned int act_off = 0;
857
858 while (act_off < len) {
859 a = (struct nfp_fl_act_head *)&acts[act_off];
860
861 if (a->jump_id == NFP_FL_ACTION_OPCODE_SET_TUNNEL) {
862 tun = (struct nfp_fl_set_tun *)a;
863 tun->outer_vlan_tpid = vlan->vlan_tpid;
864 tun->outer_vlan_tci = vlan->vlan_tci;
865
866 return 0;
867 }
868
869 act_off += a->len_lw << NFP_FL_LW_SIZ;
870 }
871
872 /* Return error if no tunnel action is found. */
873 return -EOPNOTSUPP;
874 }
875
876 static int
877 nfp_flower_merge_action(struct nfp_fl_payload *sub_flow1,
878 struct nfp_fl_payload *sub_flow2,
879 struct nfp_fl_payload *merge_flow)
880 {
881 unsigned int sub1_act_len, sub2_act_len, pre_off1, pre_off2;
882 struct nfp_fl_push_vlan *post_tun_push_vlan = NULL;
883 bool tunnel_act = false;
884 char *merge_act;
885 int err;
886
887 /* The last action of sub_flow1 must be output - do not merge this. */
888 sub1_act_len = sub_flow1->meta.act_len - sizeof(struct nfp_fl_output);
889 sub2_act_len = sub_flow2->meta.act_len;
890
891 if (!sub2_act_len)
892 return -EINVAL;
893
894 if (sub1_act_len + sub2_act_len > NFP_FL_MAX_A_SIZ)
895 return -EINVAL;
896
897 /* A shortcut can only be applied if there is a single action. */
898 if (sub1_act_len)
899 merge_flow->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL);
900 else
901 merge_flow->meta.shortcut = sub_flow2->meta.shortcut;
902
903 merge_flow->meta.act_len = sub1_act_len + sub2_act_len;
904 merge_act = merge_flow->action_data;
905
906 /* Copy any pre-actions to the start of merge flow action list. */
907 pre_off1 = nfp_flower_copy_pre_actions(merge_act,
908 sub_flow1->action_data,
909 sub1_act_len, &tunnel_act);
910 merge_act += pre_off1;
911 sub1_act_len -= pre_off1;
912 pre_off2 = nfp_flower_copy_pre_actions(merge_act,
913 sub_flow2->action_data,
914 sub2_act_len, NULL);
915 merge_act += pre_off2;
916 sub2_act_len -= pre_off2;
917
918 /* FW does a tunnel push when egressing, therefore, if sub_flow 1 pushes
919 * a tunnel, there are restrictions on what sub_flow 2 actions lead to a
920 * valid merge.
921 */
922 if (tunnel_act) {
923 char *post_tun_acts = &sub_flow2->action_data[pre_off2];
924
925 err = nfp_fl_verify_post_tun_acts(post_tun_acts, sub2_act_len,
926 &post_tun_push_vlan);
927 if (err)
928 return err;
929
930 if (post_tun_push_vlan) {
931 pre_off2 += sizeof(*post_tun_push_vlan);
932 sub2_act_len -= sizeof(*post_tun_push_vlan);
933 }
934 }
935
936 /* Copy remaining actions from sub_flows 1 and 2. */
937 memcpy(merge_act, sub_flow1->action_data + pre_off1, sub1_act_len);
938
939 if (post_tun_push_vlan) {
940 /* Update tunnel action in merge to include VLAN push. */
941 err = nfp_fl_push_vlan_after_tun(merge_act, sub1_act_len,
942 post_tun_push_vlan);
943 if (err)
944 return err;
945
946 merge_flow->meta.act_len -= sizeof(*post_tun_push_vlan);
947 }
948
949 merge_act += sub1_act_len;
950 memcpy(merge_act, sub_flow2->action_data + pre_off2, sub2_act_len);
951
952 return 0;
953 }
954
955 /* Flow link code should only be accessed under RTNL. */
956 static void nfp_flower_unlink_flow(struct nfp_fl_payload_link *link)
957 {
958 list_del(&link->merge_flow.list);
959 list_del(&link->sub_flow.list);
960 kfree(link);
961 }
962
963 static void nfp_flower_unlink_flows(struct nfp_fl_payload *merge_flow,
964 struct nfp_fl_payload *sub_flow)
965 {
966 struct nfp_fl_payload_link *link;
967
968 list_for_each_entry(link, &merge_flow->linked_flows, merge_flow.list)
969 if (link->sub_flow.flow == sub_flow) {
970 nfp_flower_unlink_flow(link);
971 return;
972 }
973 }
974
975 static int nfp_flower_link_flows(struct nfp_fl_payload *merge_flow,
976 struct nfp_fl_payload *sub_flow)
977 {
978 struct nfp_fl_payload_link *link;
979
980 link = kmalloc(sizeof(*link), GFP_KERNEL);
981 if (!link)
982 return -ENOMEM;
983
984 link->merge_flow.flow = merge_flow;
985 list_add_tail(&link->merge_flow.list, &merge_flow->linked_flows);
986 link->sub_flow.flow = sub_flow;
987 list_add_tail(&link->sub_flow.list, &sub_flow->linked_flows);
988
989 return 0;
990 }
991
992 /**
993 * nfp_flower_merge_offloaded_flows() - Merge 2 existing flows to single flow.
994 * @app: Pointer to the APP handle
995 * @sub_flow1: Initial flow matched to produce merge hint
996 * @sub_flow2: Post recirculation flow matched in merge hint
997 *
998 * Combines 2 flows (if valid) to a single flow, removing the initial from hw
999 * and offloading the new, merged flow.
1000 *
1001 * Return: negative value on error, 0 in success.
1002 */
1003 int nfp_flower_merge_offloaded_flows(struct nfp_app *app,
1004 struct nfp_fl_payload *sub_flow1,
1005 struct nfp_fl_payload *sub_flow2)
1006 {
1007 struct flow_cls_offload merge_tc_off;
1008 struct nfp_flower_priv *priv = app->priv;
1009 struct netlink_ext_ack *extack = NULL;
1010 struct nfp_fl_payload *merge_flow;
1011 struct nfp_fl_key_ls merge_key_ls;
1012 int err;
1013
1014 ASSERT_RTNL();
1015
1016 extack = merge_tc_off.common.extack;
1017 if (sub_flow1 == sub_flow2 ||
1018 nfp_flower_is_merge_flow(sub_flow1) ||
1019 nfp_flower_is_merge_flow(sub_flow2))
1020 return -EINVAL;
1021
1022 err = nfp_flower_can_merge(sub_flow1, sub_flow2);
1023 if (err)
1024 return err;
1025
1026 merge_key_ls.key_size = sub_flow1->meta.key_len;
1027
1028 merge_flow = nfp_flower_allocate_new(&merge_key_ls);
1029 if (!merge_flow)
1030 return -ENOMEM;
1031
1032 merge_flow->tc_flower_cookie = (unsigned long)merge_flow;
1033 merge_flow->ingress_dev = sub_flow1->ingress_dev;
1034
1035 memcpy(merge_flow->unmasked_data, sub_flow1->unmasked_data,
1036 sub_flow1->meta.key_len);
1037 memcpy(merge_flow->mask_data, sub_flow1->mask_data,
1038 sub_flow1->meta.mask_len);
1039
1040 err = nfp_flower_merge_action(sub_flow1, sub_flow2, merge_flow);
1041 if (err)
1042 goto err_destroy_merge_flow;
1043
1044 err = nfp_flower_link_flows(merge_flow, sub_flow1);
1045 if (err)
1046 goto err_destroy_merge_flow;
1047
1048 err = nfp_flower_link_flows(merge_flow, sub_flow2);
1049 if (err)
1050 goto err_unlink_sub_flow1;
1051
1052 merge_tc_off.cookie = merge_flow->tc_flower_cookie;
1053 err = nfp_compile_flow_metadata(app, &merge_tc_off, merge_flow,
1054 merge_flow->ingress_dev, extack);
1055 if (err)
1056 goto err_unlink_sub_flow2;
1057
1058 err = rhashtable_insert_fast(&priv->flow_table, &merge_flow->fl_node,
1059 nfp_flower_table_params);
1060 if (err)
1061 goto err_release_metadata;
1062
1063 err = nfp_flower_xmit_flow(app, merge_flow,
1064 NFP_FLOWER_CMSG_TYPE_FLOW_MOD);
1065 if (err)
1066 goto err_remove_rhash;
1067
1068 merge_flow->in_hw = true;
1069 sub_flow1->in_hw = false;
1070
1071 return 0;
1072
1073 err_remove_rhash:
1074 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table,
1075 &merge_flow->fl_node,
1076 nfp_flower_table_params));
1077 err_release_metadata:
1078 nfp_modify_flow_metadata(app, merge_flow);
1079 err_unlink_sub_flow2:
1080 nfp_flower_unlink_flows(merge_flow, sub_flow2);
1081 err_unlink_sub_flow1:
1082 nfp_flower_unlink_flows(merge_flow, sub_flow1);
1083 err_destroy_merge_flow:
1084 kfree(merge_flow->action_data);
1085 kfree(merge_flow->mask_data);
1086 kfree(merge_flow->unmasked_data);
1087 kfree(merge_flow);
1088 return err;
1089 }
1090
1091 /**
1092 * nfp_flower_validate_pre_tun_rule()
1093 * @app: Pointer to the APP handle
1094 * @flow: Pointer to NFP flow representation of rule
1095 * @key_ls: Pointer to NFP key layers structure
1096 * @extack: Netlink extended ACK report
1097 *
1098 * Verifies the flow as a pre-tunnel rule.
1099 *
1100 * Return: negative value on error, 0 if verified.
1101 */
1102 static int
1103 nfp_flower_validate_pre_tun_rule(struct nfp_app *app,
1104 struct nfp_fl_payload *flow,
1105 struct nfp_fl_key_ls *key_ls,
1106 struct netlink_ext_ack *extack)
1107 {
1108 struct nfp_flower_priv *priv = app->priv;
1109 struct nfp_flower_meta_tci *meta_tci;
1110 struct nfp_flower_mac_mpls *mac;
1111 u8 *ext = flow->unmasked_data;
1112 struct nfp_fl_act_head *act;
1113 u8 *mask = flow->mask_data;
1114 bool vlan = false;
1115 int act_offset;
1116 u8 key_layer;
1117
1118 meta_tci = (struct nfp_flower_meta_tci *)flow->unmasked_data;
1119 key_layer = key_ls->key_layer;
1120 if (!(priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ)) {
1121 if (meta_tci->tci & cpu_to_be16(NFP_FLOWER_MASK_VLAN_PRESENT)) {
1122 u16 vlan_tci = be16_to_cpu(meta_tci->tci);
1123
1124 vlan_tci &= ~NFP_FLOWER_MASK_VLAN_PRESENT;
1125 flow->pre_tun_rule.vlan_tci = cpu_to_be16(vlan_tci);
1126 vlan = true;
1127 } else {
1128 flow->pre_tun_rule.vlan_tci = cpu_to_be16(0xffff);
1129 }
1130 }
1131
1132 if (key_layer & ~NFP_FLOWER_PRE_TUN_RULE_FIELDS) {
1133 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: too many match fields");
1134 return -EOPNOTSUPP;
1135 } else if (key_ls->key_layer_two & ~NFP_FLOWER_LAYER2_QINQ) {
1136 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: non-vlan in extended match fields");
1137 return -EOPNOTSUPP;
1138 }
1139
1140 if (!(key_layer & NFP_FLOWER_LAYER_MAC)) {
1141 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: MAC fields match required");
1142 return -EOPNOTSUPP;
1143 }
1144
1145 /* Skip fields known to exist. */
1146 mask += sizeof(struct nfp_flower_meta_tci);
1147 ext += sizeof(struct nfp_flower_meta_tci);
1148 if (key_ls->key_layer_two) {
1149 mask += sizeof(struct nfp_flower_ext_meta);
1150 ext += sizeof(struct nfp_flower_ext_meta);
1151 }
1152 mask += sizeof(struct nfp_flower_in_port);
1153 ext += sizeof(struct nfp_flower_in_port);
1154
1155 /* Ensure destination MAC address is fully matched. */
1156 mac = (struct nfp_flower_mac_mpls *)mask;
1157 if (!is_broadcast_ether_addr(&mac->mac_dst[0])) {
1158 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: dest MAC field must not be masked");
1159 return -EOPNOTSUPP;
1160 }
1161
1162 mask += sizeof(struct nfp_flower_mac_mpls);
1163 ext += sizeof(struct nfp_flower_mac_mpls);
1164 if (key_layer & NFP_FLOWER_LAYER_IPV4 ||
1165 key_layer & NFP_FLOWER_LAYER_IPV6) {
1166 /* Flags and proto fields have same offset in IPv4 and IPv6. */
1167 int ip_flags = offsetof(struct nfp_flower_ipv4, ip_ext.flags);
1168 int ip_proto = offsetof(struct nfp_flower_ipv4, ip_ext.proto);
1169 int size;
1170 int i;
1171
1172 size = key_layer & NFP_FLOWER_LAYER_IPV4 ?
1173 sizeof(struct nfp_flower_ipv4) :
1174 sizeof(struct nfp_flower_ipv6);
1175
1176
1177 /* Ensure proto and flags are the only IP layer fields. */
1178 for (i = 0; i < size; i++)
1179 if (mask[i] && i != ip_flags && i != ip_proto) {
1180 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: only flags and proto can be matched in ip header");
1181 return -EOPNOTSUPP;
1182 }
1183 ext += size;
1184 mask += size;
1185 }
1186
1187 if ((priv->flower_ext_feats & NFP_FL_FEATS_VLAN_QINQ)) {
1188 if (key_ls->key_layer_two & NFP_FLOWER_LAYER2_QINQ) {
1189 struct nfp_flower_vlan *vlan_tags;
1190 u16 vlan_tci;
1191
1192 vlan_tags = (struct nfp_flower_vlan *)ext;
1193
1194 vlan_tci = be16_to_cpu(vlan_tags->outer_tci);
1195
1196 vlan_tci &= ~NFP_FLOWER_MASK_VLAN_PRESENT;
1197 flow->pre_tun_rule.vlan_tci = cpu_to_be16(vlan_tci);
1198 vlan = true;
1199 } else {
1200 flow->pre_tun_rule.vlan_tci = cpu_to_be16(0xffff);
1201 }
1202 }
1203
1204 /* Action must be a single egress or pop_vlan and egress. */
1205 act_offset = 0;
1206 act = (struct nfp_fl_act_head *)&flow->action_data[act_offset];
1207 if (vlan) {
1208 if (act->jump_id != NFP_FL_ACTION_OPCODE_POP_VLAN) {
1209 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: match on VLAN must have VLAN pop as first action");
1210 return -EOPNOTSUPP;
1211 }
1212
1213 act_offset += act->len_lw << NFP_FL_LW_SIZ;
1214 act = (struct nfp_fl_act_head *)&flow->action_data[act_offset];
1215 }
1216
1217 if (act->jump_id != NFP_FL_ACTION_OPCODE_OUTPUT) {
1218 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: non egress action detected where egress was expected");
1219 return -EOPNOTSUPP;
1220 }
1221
1222 act_offset += act->len_lw << NFP_FL_LW_SIZ;
1223
1224 /* Ensure there are no more actions after egress. */
1225 if (act_offset != flow->meta.act_len) {
1226 NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: egress is not the last action");
1227 return -EOPNOTSUPP;
1228 }
1229
1230 return 0;
1231 }
1232
1233 /**
1234 * nfp_flower_add_offload() - Adds a new flow to hardware.
1235 * @app: Pointer to the APP handle
1236 * @netdev: netdev structure.
1237 * @flow: TC flower classifier offload structure.
1238 *
1239 * Adds a new flow to the repeated hash structure and action payload.
1240 *
1241 * Return: negative value on error, 0 if configured successfully.
1242 */
1243 static int
1244 nfp_flower_add_offload(struct nfp_app *app, struct net_device *netdev,
1245 struct flow_cls_offload *flow)
1246 {
1247 enum nfp_flower_tun_type tun_type = NFP_FL_TUNNEL_NONE;
1248 struct nfp_flower_priv *priv = app->priv;
1249 struct netlink_ext_ack *extack = NULL;
1250 struct nfp_fl_payload *flow_pay;
1251 struct nfp_fl_key_ls *key_layer;
1252 struct nfp_port *port = NULL;
1253 int err;
1254
1255 extack = flow->common.extack;
1256 if (nfp_netdev_is_nfp_repr(netdev))
1257 port = nfp_port_from_netdev(netdev);
1258
1259 key_layer = kmalloc(sizeof(*key_layer), GFP_KERNEL);
1260 if (!key_layer)
1261 return -ENOMEM;
1262
1263 err = nfp_flower_calculate_key_layers(app, netdev, key_layer, flow,
1264 &tun_type, extack);
1265 if (err)
1266 goto err_free_key_ls;
1267
1268 flow_pay = nfp_flower_allocate_new(key_layer);
1269 if (!flow_pay) {
1270 err = -ENOMEM;
1271 goto err_free_key_ls;
1272 }
1273
1274 err = nfp_flower_compile_flow_match(app, flow, key_layer, netdev,
1275 flow_pay, tun_type, extack);
1276 if (err)
1277 goto err_destroy_flow;
1278
1279 err = nfp_flower_compile_action(app, flow, netdev, flow_pay, extack);
1280 if (err)
1281 goto err_destroy_flow;
1282
1283 if (flow_pay->pre_tun_rule.dev) {
1284 err = nfp_flower_validate_pre_tun_rule(app, flow_pay, key_layer, extack);
1285 if (err)
1286 goto err_destroy_flow;
1287 }
1288
1289 err = nfp_compile_flow_metadata(app, flow, flow_pay, netdev, extack);
1290 if (err)
1291 goto err_destroy_flow;
1292
1293 flow_pay->tc_flower_cookie = flow->cookie;
1294 err = rhashtable_insert_fast(&priv->flow_table, &flow_pay->fl_node,
1295 nfp_flower_table_params);
1296 if (err) {
1297 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot insert flow into tables for offloads");
1298 goto err_release_metadata;
1299 }
1300
1301 if (flow_pay->pre_tun_rule.dev)
1302 err = nfp_flower_xmit_pre_tun_flow(app, flow_pay);
1303 else
1304 err = nfp_flower_xmit_flow(app, flow_pay,
1305 NFP_FLOWER_CMSG_TYPE_FLOW_ADD);
1306 if (err)
1307 goto err_remove_rhash;
1308
1309 if (port)
1310 port->tc_offload_cnt++;
1311
1312 flow_pay->in_hw = true;
1313
1314 /* Deallocate flow payload when flower rule has been destroyed. */
1315 kfree(key_layer);
1316
1317 return 0;
1318
1319 err_remove_rhash:
1320 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table,
1321 &flow_pay->fl_node,
1322 nfp_flower_table_params));
1323 err_release_metadata:
1324 nfp_modify_flow_metadata(app, flow_pay);
1325 err_destroy_flow:
1326 if (flow_pay->nfp_tun_ipv6)
1327 nfp_tunnel_put_ipv6_off(app, flow_pay->nfp_tun_ipv6);
1328 kfree(flow_pay->action_data);
1329 kfree(flow_pay->mask_data);
1330 kfree(flow_pay->unmasked_data);
1331 kfree(flow_pay);
1332 err_free_key_ls:
1333 kfree(key_layer);
1334 return err;
1335 }
1336
1337 static void
1338 nfp_flower_remove_merge_flow(struct nfp_app *app,
1339 struct nfp_fl_payload *del_sub_flow,
1340 struct nfp_fl_payload *merge_flow)
1341 {
1342 struct nfp_flower_priv *priv = app->priv;
1343 struct nfp_fl_payload_link *link, *temp;
1344 struct nfp_fl_payload *origin;
1345 bool mod = false;
1346 int err;
1347
1348 link = list_first_entry(&merge_flow->linked_flows,
1349 struct nfp_fl_payload_link, merge_flow.list);
1350 origin = link->sub_flow.flow;
1351
1352 /* Re-add rule the merge had overwritten if it has not been deleted. */
1353 if (origin != del_sub_flow)
1354 mod = true;
1355
1356 err = nfp_modify_flow_metadata(app, merge_flow);
1357 if (err) {
1358 nfp_flower_cmsg_warn(app, "Metadata fail for merge flow delete.\n");
1359 goto err_free_links;
1360 }
1361
1362 if (!mod) {
1363 err = nfp_flower_xmit_flow(app, merge_flow,
1364 NFP_FLOWER_CMSG_TYPE_FLOW_DEL);
1365 if (err) {
1366 nfp_flower_cmsg_warn(app, "Failed to delete merged flow.\n");
1367 goto err_free_links;
1368 }
1369 } else {
1370 __nfp_modify_flow_metadata(priv, origin);
1371 err = nfp_flower_xmit_flow(app, origin,
1372 NFP_FLOWER_CMSG_TYPE_FLOW_MOD);
1373 if (err)
1374 nfp_flower_cmsg_warn(app, "Failed to revert merge flow.\n");
1375 origin->in_hw = true;
1376 }
1377
1378 err_free_links:
1379 /* Clean any links connected with the merged flow. */
1380 list_for_each_entry_safe(link, temp, &merge_flow->linked_flows,
1381 merge_flow.list)
1382 nfp_flower_unlink_flow(link);
1383
1384 kfree(merge_flow->action_data);
1385 kfree(merge_flow->mask_data);
1386 kfree(merge_flow->unmasked_data);
1387 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table,
1388 &merge_flow->fl_node,
1389 nfp_flower_table_params));
1390 kfree_rcu(merge_flow, rcu);
1391 }
1392
1393 static void
1394 nfp_flower_del_linked_merge_flows(struct nfp_app *app,
1395 struct nfp_fl_payload *sub_flow)
1396 {
1397 struct nfp_fl_payload_link *link, *temp;
1398
1399 /* Remove any merge flow formed from the deleted sub_flow. */
1400 list_for_each_entry_safe(link, temp, &sub_flow->linked_flows,
1401 sub_flow.list)
1402 nfp_flower_remove_merge_flow(app, sub_flow,
1403 link->merge_flow.flow);
1404 }
1405
1406 /**
1407 * nfp_flower_del_offload() - Removes a flow from hardware.
1408 * @app: Pointer to the APP handle
1409 * @netdev: netdev structure.
1410 * @flow: TC flower classifier offload structure
1411 *
1412 * Removes a flow from the repeated hash structure and clears the
1413 * action payload. Any flows merged from this are also deleted.
1414 *
1415 * Return: negative value on error, 0 if removed successfully.
1416 */
1417 static int
1418 nfp_flower_del_offload(struct nfp_app *app, struct net_device *netdev,
1419 struct flow_cls_offload *flow)
1420 {
1421 struct nfp_flower_priv *priv = app->priv;
1422 struct netlink_ext_ack *extack = NULL;
1423 struct nfp_fl_payload *nfp_flow;
1424 struct nfp_port *port = NULL;
1425 int err;
1426
1427 extack = flow->common.extack;
1428 if (nfp_netdev_is_nfp_repr(netdev))
1429 port = nfp_port_from_netdev(netdev);
1430
1431 nfp_flow = nfp_flower_search_fl_table(app, flow->cookie, netdev);
1432 if (!nfp_flow) {
1433 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot remove flow that does not exist");
1434 return -ENOENT;
1435 }
1436
1437 err = nfp_modify_flow_metadata(app, nfp_flow);
1438 if (err)
1439 goto err_free_merge_flow;
1440
1441 if (nfp_flow->nfp_tun_ipv4_addr)
1442 nfp_tunnel_del_ipv4_off(app, nfp_flow->nfp_tun_ipv4_addr);
1443
1444 if (nfp_flow->nfp_tun_ipv6)
1445 nfp_tunnel_put_ipv6_off(app, nfp_flow->nfp_tun_ipv6);
1446
1447 if (!nfp_flow->in_hw) {
1448 err = 0;
1449 goto err_free_merge_flow;
1450 }
1451
1452 if (nfp_flow->pre_tun_rule.dev)
1453 err = nfp_flower_xmit_pre_tun_del_flow(app, nfp_flow);
1454 else
1455 err = nfp_flower_xmit_flow(app, nfp_flow,
1456 NFP_FLOWER_CMSG_TYPE_FLOW_DEL);
1457 /* Fall through on error. */
1458
1459 err_free_merge_flow:
1460 nfp_flower_del_linked_merge_flows(app, nfp_flow);
1461 if (port)
1462 port->tc_offload_cnt--;
1463 kfree(nfp_flow->action_data);
1464 kfree(nfp_flow->mask_data);
1465 kfree(nfp_flow->unmasked_data);
1466 WARN_ON_ONCE(rhashtable_remove_fast(&priv->flow_table,
1467 &nfp_flow->fl_node,
1468 nfp_flower_table_params));
1469 kfree_rcu(nfp_flow, rcu);
1470 return err;
1471 }
1472
1473 static void
1474 __nfp_flower_update_merge_stats(struct nfp_app *app,
1475 struct nfp_fl_payload *merge_flow)
1476 {
1477 struct nfp_flower_priv *priv = app->priv;
1478 struct nfp_fl_payload_link *link;
1479 struct nfp_fl_payload *sub_flow;
1480 u64 pkts, bytes, used;
1481 u32 ctx_id;
1482
1483 ctx_id = be32_to_cpu(merge_flow->meta.host_ctx_id);
1484 pkts = priv->stats[ctx_id].pkts;
1485 /* Do not cycle subflows if no stats to distribute. */
1486 if (!pkts)
1487 return;
1488 bytes = priv->stats[ctx_id].bytes;
1489 used = priv->stats[ctx_id].used;
1490
1491 /* Reset stats for the merge flow. */
1492 priv->stats[ctx_id].pkts = 0;
1493 priv->stats[ctx_id].bytes = 0;
1494
1495 /* The merge flow has received stats updates from firmware.
1496 * Distribute these stats to all subflows that form the merge.
1497 * The stats will collected from TC via the subflows.
1498 */
1499 list_for_each_entry(link, &merge_flow->linked_flows, merge_flow.list) {
1500 sub_flow = link->sub_flow.flow;
1501 ctx_id = be32_to_cpu(sub_flow->meta.host_ctx_id);
1502 priv->stats[ctx_id].pkts += pkts;
1503 priv->stats[ctx_id].bytes += bytes;
1504 priv->stats[ctx_id].used = max_t(u64, used,
1505 priv->stats[ctx_id].used);
1506 }
1507 }
1508
1509 static void
1510 nfp_flower_update_merge_stats(struct nfp_app *app,
1511 struct nfp_fl_payload *sub_flow)
1512 {
1513 struct nfp_fl_payload_link *link;
1514
1515 /* Get merge flows that the subflow forms to distribute their stats. */
1516 list_for_each_entry(link, &sub_flow->linked_flows, sub_flow.list)
1517 __nfp_flower_update_merge_stats(app, link->merge_flow.flow);
1518 }
1519
1520 /**
1521 * nfp_flower_get_stats() - Populates flow stats obtained from hardware.
1522 * @app: Pointer to the APP handle
1523 * @netdev: Netdev structure.
1524 * @flow: TC flower classifier offload structure
1525 *
1526 * Populates a flow statistics structure which which corresponds to a
1527 * specific flow.
1528 *
1529 * Return: negative value on error, 0 if stats populated successfully.
1530 */
1531 static int
1532 nfp_flower_get_stats(struct nfp_app *app, struct net_device *netdev,
1533 struct flow_cls_offload *flow)
1534 {
1535 struct nfp_flower_priv *priv = app->priv;
1536 struct netlink_ext_ack *extack = NULL;
1537 struct nfp_fl_payload *nfp_flow;
1538 u32 ctx_id;
1539
1540 extack = flow->common.extack;
1541 nfp_flow = nfp_flower_search_fl_table(app, flow->cookie, netdev);
1542 if (!nfp_flow) {
1543 NL_SET_ERR_MSG_MOD(extack, "invalid entry: cannot dump stats for flow that does not exist");
1544 return -EINVAL;
1545 }
1546
1547 ctx_id = be32_to_cpu(nfp_flow->meta.host_ctx_id);
1548
1549 spin_lock_bh(&priv->stats_lock);
1550 /* If request is for a sub_flow, update stats from merged flows. */
1551 if (!list_empty(&nfp_flow->linked_flows))
1552 nfp_flower_update_merge_stats(app, nfp_flow);
1553
1554 flow_stats_update(&flow->stats, priv->stats[ctx_id].bytes,
1555 priv->stats[ctx_id].pkts, 0, priv->stats[ctx_id].used,
1556 FLOW_ACTION_HW_STATS_DELAYED);
1557
1558 priv->stats[ctx_id].pkts = 0;
1559 priv->stats[ctx_id].bytes = 0;
1560 spin_unlock_bh(&priv->stats_lock);
1561
1562 return 0;
1563 }
1564
1565 static int
1566 nfp_flower_repr_offload(struct nfp_app *app, struct net_device *netdev,
1567 struct flow_cls_offload *flower)
1568 {
1569 if (!eth_proto_is_802_3(flower->common.protocol))
1570 return -EOPNOTSUPP;
1571
1572 switch (flower->command) {
1573 case FLOW_CLS_REPLACE:
1574 return nfp_flower_add_offload(app, netdev, flower);
1575 case FLOW_CLS_DESTROY:
1576 return nfp_flower_del_offload(app, netdev, flower);
1577 case FLOW_CLS_STATS:
1578 return nfp_flower_get_stats(app, netdev, flower);
1579 default:
1580 return -EOPNOTSUPP;
1581 }
1582 }
1583
1584 static int nfp_flower_setup_tc_block_cb(enum tc_setup_type type,
1585 void *type_data, void *cb_priv)
1586 {
1587 struct nfp_repr *repr = cb_priv;
1588
1589 if (!tc_cls_can_offload_and_chain0(repr->netdev, type_data))
1590 return -EOPNOTSUPP;
1591
1592 switch (type) {
1593 case TC_SETUP_CLSFLOWER:
1594 return nfp_flower_repr_offload(repr->app, repr->netdev,
1595 type_data);
1596 case TC_SETUP_CLSMATCHALL:
1597 return nfp_flower_setup_qos_offload(repr->app, repr->netdev,
1598 type_data);
1599 default:
1600 return -EOPNOTSUPP;
1601 }
1602 }
1603
1604 static LIST_HEAD(nfp_block_cb_list);
1605
1606 static int nfp_flower_setup_tc_block(struct net_device *netdev,
1607 struct flow_block_offload *f)
1608 {
1609 struct nfp_repr *repr = netdev_priv(netdev);
1610 struct nfp_flower_repr_priv *repr_priv;
1611 struct flow_block_cb *block_cb;
1612
1613 if (f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS)
1614 return -EOPNOTSUPP;
1615
1616 repr_priv = repr->app_priv;
1617 repr_priv->block_shared = f->block_shared;
1618 f->driver_block_list = &nfp_block_cb_list;
1619
1620 switch (f->command) {
1621 case FLOW_BLOCK_BIND:
1622 if (flow_block_cb_is_busy(nfp_flower_setup_tc_block_cb, repr,
1623 &nfp_block_cb_list))
1624 return -EBUSY;
1625
1626 block_cb = flow_block_cb_alloc(nfp_flower_setup_tc_block_cb,
1627 repr, repr, NULL);
1628 if (IS_ERR(block_cb))
1629 return PTR_ERR(block_cb);
1630
1631 flow_block_cb_add(block_cb, f);
1632 list_add_tail(&block_cb->driver_list, &nfp_block_cb_list);
1633 return 0;
1634 case FLOW_BLOCK_UNBIND:
1635 block_cb = flow_block_cb_lookup(f->block,
1636 nfp_flower_setup_tc_block_cb,
1637 repr);
1638 if (!block_cb)
1639 return -ENOENT;
1640
1641 flow_block_cb_remove(block_cb, f);
1642 list_del(&block_cb->driver_list);
1643 return 0;
1644 default:
1645 return -EOPNOTSUPP;
1646 }
1647 }
1648
1649 int nfp_flower_setup_tc(struct nfp_app *app, struct net_device *netdev,
1650 enum tc_setup_type type, void *type_data)
1651 {
1652 switch (type) {
1653 case TC_SETUP_BLOCK:
1654 return nfp_flower_setup_tc_block(netdev, type_data);
1655 default:
1656 return -EOPNOTSUPP;
1657 }
1658 }
1659
1660 struct nfp_flower_indr_block_cb_priv {
1661 struct net_device *netdev;
1662 struct nfp_app *app;
1663 struct list_head list;
1664 };
1665
1666 static struct nfp_flower_indr_block_cb_priv *
1667 nfp_flower_indr_block_cb_priv_lookup(struct nfp_app *app,
1668 struct net_device *netdev)
1669 {
1670 struct nfp_flower_indr_block_cb_priv *cb_priv;
1671 struct nfp_flower_priv *priv = app->priv;
1672
1673 /* All callback list access should be protected by RTNL. */
1674 ASSERT_RTNL();
1675
1676 list_for_each_entry(cb_priv, &priv->indr_block_cb_priv, list)
1677 if (cb_priv->netdev == netdev)
1678 return cb_priv;
1679
1680 return NULL;
1681 }
1682
1683 static int nfp_flower_setup_indr_block_cb(enum tc_setup_type type,
1684 void *type_data, void *cb_priv)
1685 {
1686 struct nfp_flower_indr_block_cb_priv *priv = cb_priv;
1687 struct flow_cls_offload *flower = type_data;
1688
1689 if (flower->common.chain_index)
1690 return -EOPNOTSUPP;
1691
1692 switch (type) {
1693 case TC_SETUP_CLSFLOWER:
1694 return nfp_flower_repr_offload(priv->app, priv->netdev,
1695 type_data);
1696 default:
1697 return -EOPNOTSUPP;
1698 }
1699 }
1700
1701 void nfp_flower_setup_indr_tc_release(void *cb_priv)
1702 {
1703 struct nfp_flower_indr_block_cb_priv *priv = cb_priv;
1704
1705 list_del(&priv->list);
1706 kfree(priv);
1707 }
1708
1709 static int
1710 nfp_flower_setup_indr_tc_block(struct net_device *netdev, struct Qdisc *sch, struct nfp_app *app,
1711 struct flow_block_offload *f, void *data,
1712 void (*cleanup)(struct flow_block_cb *block_cb))
1713 {
1714 struct nfp_flower_indr_block_cb_priv *cb_priv;
1715 struct nfp_flower_priv *priv = app->priv;
1716 struct flow_block_cb *block_cb;
1717
1718 if ((f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS &&
1719 !nfp_flower_internal_port_can_offload(app, netdev)) ||
1720 (f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_EGRESS &&
1721 nfp_flower_internal_port_can_offload(app, netdev)))
1722 return -EOPNOTSUPP;
1723
1724 switch (f->command) {
1725 case FLOW_BLOCK_BIND:
1726 cb_priv = nfp_flower_indr_block_cb_priv_lookup(app, netdev);
1727 if (cb_priv &&
1728 flow_block_cb_is_busy(nfp_flower_setup_indr_block_cb,
1729 cb_priv,
1730 &nfp_block_cb_list))
1731 return -EBUSY;
1732
1733 cb_priv = kmalloc(sizeof(*cb_priv), GFP_KERNEL);
1734 if (!cb_priv)
1735 return -ENOMEM;
1736
1737 cb_priv->netdev = netdev;
1738 cb_priv->app = app;
1739 list_add(&cb_priv->list, &priv->indr_block_cb_priv);
1740
1741 block_cb = flow_indr_block_cb_alloc(nfp_flower_setup_indr_block_cb,
1742 cb_priv, cb_priv,
1743 nfp_flower_setup_indr_tc_release,
1744 f, netdev, sch, data, app, cleanup);
1745 if (IS_ERR(block_cb)) {
1746 list_del(&cb_priv->list);
1747 kfree(cb_priv);
1748 return PTR_ERR(block_cb);
1749 }
1750
1751 flow_block_cb_add(block_cb, f);
1752 list_add_tail(&block_cb->driver_list, &nfp_block_cb_list);
1753 return 0;
1754 case FLOW_BLOCK_UNBIND:
1755 cb_priv = nfp_flower_indr_block_cb_priv_lookup(app, netdev);
1756 if (!cb_priv)
1757 return -ENOENT;
1758
1759 block_cb = flow_block_cb_lookup(f->block,
1760 nfp_flower_setup_indr_block_cb,
1761 cb_priv);
1762 if (!block_cb)
1763 return -ENOENT;
1764
1765 flow_indr_block_cb_remove(block_cb, f);
1766 list_del(&block_cb->driver_list);
1767 return 0;
1768 default:
1769 return -EOPNOTSUPP;
1770 }
1771 return 0;
1772 }
1773
1774 int
1775 nfp_flower_indr_setup_tc_cb(struct net_device *netdev, struct Qdisc *sch, void *cb_priv,
1776 enum tc_setup_type type, void *type_data,
1777 void *data,
1778 void (*cleanup)(struct flow_block_cb *block_cb))
1779 {
1780 if (!nfp_fl_is_netdev_to_offload(netdev))
1781 return -EOPNOTSUPP;
1782
1783 switch (type) {
1784 case TC_SETUP_BLOCK:
1785 return nfp_flower_setup_indr_tc_block(netdev, sch, cb_priv,
1786 type_data, data, cleanup);
1787 default:
1788 return -EOPNOTSUPP;
1789 }
1790 }
Linux with added FPC-III support