1 /*
2 * This file is part of the Chelsio T4/T5/T6 Ethernet driver for Linux.
3 *
4 * Copyright (c) 2017 Chelsio Communications, Inc. All rights reserved.
5 *
6 * This software is available to you under a choice of one of two
7 * licenses. You may choose to be licensed under the terms of the GNU
8 * General Public License (GPL) Version 2, available from the file
9 * COPYING in the main directory of this source tree, or the
10 * OpenIB.org BSD license below:
11 *
12 * Redistribution and use in source and binary forms, with or
13 * without modification, are permitted provided that the following
14 * conditions are met:
15 *
16 * - Redistributions of source code must retain the above
17 * copyright notice, this list of conditions and the following
18 * disclaimer.
19 *
20 * - Redistributions in binary form must reproduce the above
21 * copyright notice, this list of conditions and the following
22 * disclaimer in the documentation and/or other materials
23 * provided with the distribution.
24 *
25 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
29 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
30 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
31 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32 * SOFTWARE.
33 */
34
35 #include <net/tc_act/tc_mirred.h>
36 #include <net/tc_act/tc_pedit.h>
37 #include <net/tc_act/tc_gact.h>
38 #include <net/tc_act/tc_vlan.h>
39
40 #include "cxgb4.h"
41 #include "cxgb4_filter.h"
42 #include "cxgb4_tc_flower.h"
43
44 #define STATS_CHECK_PERIOD (HZ / 2)
45
46 static struct ch_tc_pedit_fields pedits[] = {
47 PEDIT_FIELDS(ETH_, DMAC_31_0, 4, dmac, 0),
48 PEDIT_FIELDS(ETH_, DMAC_47_32, 2, dmac, 4),
49 PEDIT_FIELDS(ETH_, SMAC_15_0, 2, smac, 0),
50 PEDIT_FIELDS(ETH_, SMAC_47_16, 4, smac, 2),
51 PEDIT_FIELDS(IP4_, SRC, 4, nat_fip, 0),
52 PEDIT_FIELDS(IP4_, DST, 4, nat_lip, 0),
53 PEDIT_FIELDS(IP6_, SRC_31_0, 4, nat_fip, 0),
54 PEDIT_FIELDS(IP6_, SRC_63_32, 4, nat_fip, 4),
55 PEDIT_FIELDS(IP6_, SRC_95_64, 4, nat_fip, 8),
56 PEDIT_FIELDS(IP6_, SRC_127_96, 4, nat_fip, 12),
57 PEDIT_FIELDS(IP6_, DST_31_0, 4, nat_lip, 0),
58 PEDIT_FIELDS(IP6_, DST_63_32, 4, nat_lip, 4),
59 PEDIT_FIELDS(IP6_, DST_95_64, 4, nat_lip, 8),
60 PEDIT_FIELDS(IP6_, DST_127_96, 4, nat_lip, 12),
61 };
62
63 static const struct cxgb4_natmode_config cxgb4_natmode_config_array[] = {
64 /* Default supported NAT modes */
65 {
66 .chip = CHELSIO_T5,
67 .flags = CXGB4_ACTION_NATMODE_NONE,
68 .natmode = NAT_MODE_NONE,
69 },
70 {
71 .chip = CHELSIO_T5,
72 .flags = CXGB4_ACTION_NATMODE_DIP,
73 .natmode = NAT_MODE_DIP,
74 },
75 {
76 .chip = CHELSIO_T5,
77 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT,
78 .natmode = NAT_MODE_DIP_DP,
79 },
80 {
81 .chip = CHELSIO_T5,
82 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT |
83 CXGB4_ACTION_NATMODE_SIP,
84 .natmode = NAT_MODE_DIP_DP_SIP,
85 },
86 {
87 .chip = CHELSIO_T5,
88 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT |
89 CXGB4_ACTION_NATMODE_SPORT,
90 .natmode = NAT_MODE_DIP_DP_SP,
91 },
92 {
93 .chip = CHELSIO_T5,
94 .flags = CXGB4_ACTION_NATMODE_SIP | CXGB4_ACTION_NATMODE_SPORT,
95 .natmode = NAT_MODE_SIP_SP,
96 },
97 {
98 .chip = CHELSIO_T5,
99 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP |
100 CXGB4_ACTION_NATMODE_SPORT,
101 .natmode = NAT_MODE_DIP_SIP_SP,
102 },
103 {
104 .chip = CHELSIO_T5,
105 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP |
106 CXGB4_ACTION_NATMODE_DPORT |
107 CXGB4_ACTION_NATMODE_SPORT,
108 .natmode = NAT_MODE_ALL,
109 },
110 /* T6+ can ignore L4 ports when they're disabled. */
111 {
112 .chip = CHELSIO_T6,
113 .flags = CXGB4_ACTION_NATMODE_SIP,
114 .natmode = NAT_MODE_SIP_SP,
115 },
116 {
117 .chip = CHELSIO_T6,
118 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SPORT,
119 .natmode = NAT_MODE_DIP_DP_SP,
120 },
121 {
122 .chip = CHELSIO_T6,
123 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP,
124 .natmode = NAT_MODE_ALL,
125 },
126 };
127
cxgb4_action_natmode_tweak(struct ch_filter_specification * fs,u8 natmode_flags)128 static void cxgb4_action_natmode_tweak(struct ch_filter_specification *fs,
129 u8 natmode_flags)
130 {
131 u8 i = 0;
132
133 /* Translate the enabled NAT 4-tuple fields to one of the
134 * hardware supported NAT mode configurations. This ensures
135 * that we pick a valid combination, where the disabled fields
136 * do not get overwritten to 0.
137 */
138 for (i = 0; i < ARRAY_SIZE(cxgb4_natmode_config_array); i++) {
139 if (cxgb4_natmode_config_array[i].flags == natmode_flags) {
140 fs->nat_mode = cxgb4_natmode_config_array[i].natmode;
141 return;
142 }
143 }
144 }
145
allocate_flower_entry(void)146 static struct ch_tc_flower_entry *allocate_flower_entry(void)
147 {
148 struct ch_tc_flower_entry *new = kzalloc(sizeof(*new), GFP_KERNEL);
149 if (new)
150 spin_lock_init(&new->lock);
151 return new;
152 }
153
154 /* Must be called with either RTNL or rcu_read_lock */
ch_flower_lookup(struct adapter * adap,unsigned long flower_cookie)155 static struct ch_tc_flower_entry *ch_flower_lookup(struct adapter *adap,
156 unsigned long flower_cookie)
157 {
158 return rhashtable_lookup_fast(&adap->flower_tbl, &flower_cookie,
159 adap->flower_ht_params);
160 }
161
cxgb4_process_flow_match(struct net_device * dev,struct flow_rule * rule,struct ch_filter_specification * fs)162 static void cxgb4_process_flow_match(struct net_device *dev,
163 struct flow_rule *rule,
164 struct ch_filter_specification *fs)
165 {
166 u16 addr_type = 0;
167
168 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) {
169 struct flow_match_control match;
170
171 flow_rule_match_control(rule, &match);
172 addr_type = match.key->addr_type;
173 } else if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
174 addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
175 } else if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
176 addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
177 }
178
179 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
180 struct flow_match_basic match;
181 u16 ethtype_key, ethtype_mask;
182
183 flow_rule_match_basic(rule, &match);
184 ethtype_key = ntohs(match.key->n_proto);
185 ethtype_mask = ntohs(match.mask->n_proto);
186
187 if (ethtype_key == ETH_P_ALL) {
188 ethtype_key = 0;
189 ethtype_mask = 0;
190 }
191
192 if (ethtype_key == ETH_P_IPV6)
193 fs->type = 1;
194
195 fs->val.ethtype = ethtype_key;
196 fs->mask.ethtype = ethtype_mask;
197 fs->val.proto = match.key->ip_proto;
198 fs->mask.proto = match.mask->ip_proto;
199 }
200
201 if (addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
202 struct flow_match_ipv4_addrs match;
203
204 flow_rule_match_ipv4_addrs(rule, &match);
205 fs->type = 0;
206 memcpy(&fs->val.lip[0], &match.key->dst, sizeof(match.key->dst));
207 memcpy(&fs->val.fip[0], &match.key->src, sizeof(match.key->src));
208 memcpy(&fs->mask.lip[0], &match.mask->dst, sizeof(match.mask->dst));
209 memcpy(&fs->mask.fip[0], &match.mask->src, sizeof(match.mask->src));
210
211 /* also initialize nat_lip/fip to same values */
212 memcpy(&fs->nat_lip[0], &match.key->dst, sizeof(match.key->dst));
213 memcpy(&fs->nat_fip[0], &match.key->src, sizeof(match.key->src));
214 }
215
216 if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
217 struct flow_match_ipv6_addrs match;
218
219 flow_rule_match_ipv6_addrs(rule, &match);
220 fs->type = 1;
221 memcpy(&fs->val.lip[0], match.key->dst.s6_addr,
222 sizeof(match.key->dst));
223 memcpy(&fs->val.fip[0], match.key->src.s6_addr,
224 sizeof(match.key->src));
225 memcpy(&fs->mask.lip[0], match.mask->dst.s6_addr,
226 sizeof(match.mask->dst));
227 memcpy(&fs->mask.fip[0], match.mask->src.s6_addr,
228 sizeof(match.mask->src));
229
230 /* also initialize nat_lip/fip to same values */
231 memcpy(&fs->nat_lip[0], match.key->dst.s6_addr,
232 sizeof(match.key->dst));
233 memcpy(&fs->nat_fip[0], match.key->src.s6_addr,
234 sizeof(match.key->src));
235 }
236
237 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS)) {
238 struct flow_match_ports match;
239
240 flow_rule_match_ports(rule, &match);
241 fs->val.lport = be16_to_cpu(match.key->dst);
242 fs->mask.lport = be16_to_cpu(match.mask->dst);
243 fs->val.fport = be16_to_cpu(match.key->src);
244 fs->mask.fport = be16_to_cpu(match.mask->src);
245
246 /* also initialize nat_lport/fport to same values */
247 fs->nat_lport = fs->val.lport;
248 fs->nat_fport = fs->val.fport;
249 }
250
251 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) {
252 struct flow_match_ip match;
253
254 flow_rule_match_ip(rule, &match);
255 fs->val.tos = match.key->tos;
256 fs->mask.tos = match.mask->tos;
257 }
258
259 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID)) {
260 struct flow_match_enc_keyid match;
261
262 flow_rule_match_enc_keyid(rule, &match);
263 fs->val.vni = be32_to_cpu(match.key->keyid);
264 fs->mask.vni = be32_to_cpu(match.mask->keyid);
265 if (fs->mask.vni) {
266 fs->val.encap_vld = 1;
267 fs->mask.encap_vld = 1;
268 }
269 }
270
271 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN)) {
272 struct flow_match_vlan match;
273 u16 vlan_tci, vlan_tci_mask;
274
275 flow_rule_match_vlan(rule, &match);
276 vlan_tci = match.key->vlan_id | (match.key->vlan_priority <<
277 VLAN_PRIO_SHIFT);
278 vlan_tci_mask = match.mask->vlan_id | (match.mask->vlan_priority <<
279 VLAN_PRIO_SHIFT);
280 fs->val.ivlan = vlan_tci;
281 fs->mask.ivlan = vlan_tci_mask;
282
283 fs->val.ivlan_vld = 1;
284 fs->mask.ivlan_vld = 1;
285
286 /* Chelsio adapters use ivlan_vld bit to match vlan packets
287 * as 802.1Q. Also, when vlan tag is present in packets,
288 * ethtype match is used then to match on ethtype of inner
289 * header ie. the header following the vlan header.
290 * So, set the ivlan_vld based on ethtype info supplied by
291 * TC for vlan packets if its 802.1Q. And then reset the
292 * ethtype value else, hw will try to match the supplied
293 * ethtype value with ethtype of inner header.
294 */
295 if (fs->val.ethtype == ETH_P_8021Q) {
296 fs->val.ethtype = 0;
297 fs->mask.ethtype = 0;
298 }
299 }
300
301 /* Match only packets coming from the ingress port where this
302 * filter will be created.
303 */
304 fs->val.iport = netdev2pinfo(dev)->port_id;
305 fs->mask.iport = ~0;
306 }
307
cxgb4_validate_flow_match(struct netlink_ext_ack * extack,struct flow_rule * rule)308 static int cxgb4_validate_flow_match(struct netlink_ext_ack *extack,
309 struct flow_rule *rule)
310 {
311 struct flow_dissector *dissector = rule->match.dissector;
312 u16 ethtype_mask = 0;
313 u16 ethtype_key = 0;
314
315 if (dissector->used_keys &
316 ~(BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL) |
317 BIT_ULL(FLOW_DISSECTOR_KEY_BASIC) |
318 BIT_ULL(FLOW_DISSECTOR_KEY_IPV4_ADDRS) |
319 BIT_ULL(FLOW_DISSECTOR_KEY_IPV6_ADDRS) |
320 BIT_ULL(FLOW_DISSECTOR_KEY_PORTS) |
321 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) |
322 BIT_ULL(FLOW_DISSECTOR_KEY_VLAN) |
323 BIT_ULL(FLOW_DISSECTOR_KEY_IP))) {
324 NL_SET_ERR_MSG_FMT_MOD(extack,
325 "Unsupported key used: 0x%llx",
326 dissector->used_keys);
327 return -EOPNOTSUPP;
328 }
329
330 if (flow_rule_match_has_control_flags(rule, extack))
331 return -EOPNOTSUPP;
332
333 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
334 struct flow_match_basic match;
335
336 flow_rule_match_basic(rule, &match);
337 ethtype_key = ntohs(match.key->n_proto);
338 ethtype_mask = ntohs(match.mask->n_proto);
339 }
340
341 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) {
342 u16 eth_ip_type = ethtype_key & ethtype_mask;
343 struct flow_match_ip match;
344
345 if (eth_ip_type != ETH_P_IP && eth_ip_type != ETH_P_IPV6) {
346 NL_SET_ERR_MSG_MOD(extack,
347 "IP Key supported only with IPv4/v6");
348 return -EINVAL;
349 }
350
351 flow_rule_match_ip(rule, &match);
352 if (match.mask->ttl) {
353 NL_SET_ERR_MSG_MOD(extack,
354 "ttl match unsupported for offload");
355 return -EOPNOTSUPP;
356 }
357 }
358
359 return 0;
360 }
361
offload_pedit(struct ch_filter_specification * fs,u32 val,u32 mask,u8 field)362 static void offload_pedit(struct ch_filter_specification *fs, u32 val, u32 mask,
363 u8 field)
364 {
365 u32 set_val = val & ~mask;
366 u32 offset = 0;
367 u8 size = 1;
368 int i;
369
370 for (i = 0; i < ARRAY_SIZE(pedits); i++) {
371 if (pedits[i].field == field) {
372 offset = pedits[i].offset;
373 size = pedits[i].size;
374 break;
375 }
376 }
377 memcpy((u8 *)fs + offset, &set_val, size);
378 }
379
process_pedit_field(struct ch_filter_specification * fs,u32 val,u32 mask,u32 offset,u8 htype,u8 * natmode_flags)380 static void process_pedit_field(struct ch_filter_specification *fs, u32 val,
381 u32 mask, u32 offset, u8 htype,
382 u8 *natmode_flags)
383 {
384 switch (htype) {
385 case FLOW_ACT_MANGLE_HDR_TYPE_ETH:
386 switch (offset) {
387 case PEDIT_ETH_DMAC_31_0:
388 fs->newdmac = 1;
389 offload_pedit(fs, val, mask, ETH_DMAC_31_0);
390 break;
391 case PEDIT_ETH_DMAC_47_32_SMAC_15_0:
392 if (~mask & PEDIT_ETH_DMAC_MASK)
393 offload_pedit(fs, val, mask, ETH_DMAC_47_32);
394 else
395 offload_pedit(fs, val >> 16, mask >> 16,
396 ETH_SMAC_15_0);
397 break;
398 case PEDIT_ETH_SMAC_47_16:
399 fs->newsmac = 1;
400 offload_pedit(fs, val, mask, ETH_SMAC_47_16);
401 }
402 break;
403 case FLOW_ACT_MANGLE_HDR_TYPE_IP4:
404 switch (offset) {
405 case PEDIT_IP4_SRC:
406 offload_pedit(fs, val, mask, IP4_SRC);
407 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
408 break;
409 case PEDIT_IP4_DST:
410 offload_pedit(fs, val, mask, IP4_DST);
411 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
412 }
413 break;
414 case FLOW_ACT_MANGLE_HDR_TYPE_IP6:
415 switch (offset) {
416 case PEDIT_IP6_SRC_31_0:
417 offload_pedit(fs, val, mask, IP6_SRC_31_0);
418 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
419 break;
420 case PEDIT_IP6_SRC_63_32:
421 offload_pedit(fs, val, mask, IP6_SRC_63_32);
422 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
423 break;
424 case PEDIT_IP6_SRC_95_64:
425 offload_pedit(fs, val, mask, IP6_SRC_95_64);
426 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
427 break;
428 case PEDIT_IP6_SRC_127_96:
429 offload_pedit(fs, val, mask, IP6_SRC_127_96);
430 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
431 break;
432 case PEDIT_IP6_DST_31_0:
433 offload_pedit(fs, val, mask, IP6_DST_31_0);
434 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
435 break;
436 case PEDIT_IP6_DST_63_32:
437 offload_pedit(fs, val, mask, IP6_DST_63_32);
438 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
439 break;
440 case PEDIT_IP6_DST_95_64:
441 offload_pedit(fs, val, mask, IP6_DST_95_64);
442 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
443 break;
444 case PEDIT_IP6_DST_127_96:
445 offload_pedit(fs, val, mask, IP6_DST_127_96);
446 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
447 }
448 break;
449 case FLOW_ACT_MANGLE_HDR_TYPE_TCP:
450 switch (offset) {
451 case PEDIT_TCP_SPORT_DPORT:
452 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) {
453 fs->nat_fport = val;
454 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT;
455 } else {
456 fs->nat_lport = val >> 16;
457 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT;
458 }
459 }
460 break;
461 case FLOW_ACT_MANGLE_HDR_TYPE_UDP:
462 switch (offset) {
463 case PEDIT_UDP_SPORT_DPORT:
464 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) {
465 fs->nat_fport = val;
466 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT;
467 } else {
468 fs->nat_lport = val >> 16;
469 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT;
470 }
471 }
472 break;
473 }
474 }
475
cxgb4_action_natmode_validate(struct adapter * adap,u8 natmode_flags,struct netlink_ext_ack * extack)476 static int cxgb4_action_natmode_validate(struct adapter *adap, u8 natmode_flags,
477 struct netlink_ext_ack *extack)
478 {
479 u8 i = 0;
480
481 /* Extract the NAT mode to enable based on what 4-tuple fields
482 * are enabled to be overwritten. This ensures that the
483 * disabled fields don't get overwritten to 0.
484 */
485 for (i = 0; i < ARRAY_SIZE(cxgb4_natmode_config_array); i++) {
486 const struct cxgb4_natmode_config *c;
487
488 c = &cxgb4_natmode_config_array[i];
489 if (CHELSIO_CHIP_VERSION(adap->params.chip) >= c->chip &&
490 natmode_flags == c->flags)
491 return 0;
492 }
493 NL_SET_ERR_MSG_MOD(extack, "Unsupported NAT mode 4-tuple combination");
494 return -EOPNOTSUPP;
495 }
496
cxgb4_process_flow_actions(struct net_device * in,struct flow_action * actions,struct ch_filter_specification * fs)497 void cxgb4_process_flow_actions(struct net_device *in,
498 struct flow_action *actions,
499 struct ch_filter_specification *fs)
500 {
501 struct flow_action_entry *act;
502 u8 natmode_flags = 0;
503 int i;
504
505 flow_action_for_each(i, act, actions) {
506 switch (act->id) {
507 case FLOW_ACTION_ACCEPT:
508 fs->action = FILTER_PASS;
509 break;
510 case FLOW_ACTION_DROP:
511 fs->action = FILTER_DROP;
512 break;
513 case FLOW_ACTION_MIRRED:
514 case FLOW_ACTION_REDIRECT: {
515 struct net_device *out = act->dev;
516 struct port_info *pi = netdev_priv(out);
517
518 fs->action = FILTER_SWITCH;
519 fs->eport = pi->port_id;
520 }
521 break;
522 case FLOW_ACTION_VLAN_POP:
523 case FLOW_ACTION_VLAN_PUSH:
524 case FLOW_ACTION_VLAN_MANGLE: {
525 u8 prio = act->vlan.prio;
526 u16 vid = act->vlan.vid;
527 u16 vlan_tci = (prio << VLAN_PRIO_SHIFT) | vid;
528 switch (act->id) {
529 case FLOW_ACTION_VLAN_POP:
530 fs->newvlan |= VLAN_REMOVE;
531 break;
532 case FLOW_ACTION_VLAN_PUSH:
533 fs->newvlan |= VLAN_INSERT;
534 fs->vlan = vlan_tci;
535 break;
536 case FLOW_ACTION_VLAN_MANGLE:
537 fs->newvlan |= VLAN_REWRITE;
538 fs->vlan = vlan_tci;
539 break;
540 default:
541 break;
542 }
543 }
544 break;
545 case FLOW_ACTION_MANGLE: {
546 u32 mask, val, offset;
547 u8 htype;
548
549 htype = act->mangle.htype;
550 mask = act->mangle.mask;
551 val = act->mangle.val;
552 offset = act->mangle.offset;
553
554 process_pedit_field(fs, val, mask, offset, htype,
555 &natmode_flags);
556 }
557 break;
558 case FLOW_ACTION_QUEUE:
559 fs->action = FILTER_PASS;
560 fs->dirsteer = 1;
561 fs->iq = act->queue.index;
562 break;
563 default:
564 break;
565 }
566 }
567 if (natmode_flags)
568 cxgb4_action_natmode_tweak(fs, natmode_flags);
569
570 }
571
valid_l4_mask(u32 mask)572 static bool valid_l4_mask(u32 mask)
573 {
574 u16 hi, lo;
575
576 /* Either the upper 16-bits (SPORT) OR the lower
577 * 16-bits (DPORT) can be set, but NOT BOTH.
578 */
579 hi = (mask >> 16) & 0xFFFF;
580 lo = mask & 0xFFFF;
581
582 return hi && lo ? false : true;
583 }
584
valid_pedit_action(struct netlink_ext_ack * extack,const struct flow_action_entry * act,u8 * natmode_flags)585 static bool valid_pedit_action(struct netlink_ext_ack *extack,
586 const struct flow_action_entry *act,
587 u8 *natmode_flags)
588 {
589 u32 mask, offset;
590 u8 htype;
591
592 htype = act->mangle.htype;
593 mask = act->mangle.mask;
594 offset = act->mangle.offset;
595
596 switch (htype) {
597 case FLOW_ACT_MANGLE_HDR_TYPE_ETH:
598 switch (offset) {
599 case PEDIT_ETH_DMAC_31_0:
600 case PEDIT_ETH_DMAC_47_32_SMAC_15_0:
601 case PEDIT_ETH_SMAC_47_16:
602 break;
603 default:
604 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field");
605 return false;
606 }
607 break;
608 case FLOW_ACT_MANGLE_HDR_TYPE_IP4:
609 switch (offset) {
610 case PEDIT_IP4_SRC:
611 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
612 break;
613 case PEDIT_IP4_DST:
614 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
615 break;
616 default:
617 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field");
618 return false;
619 }
620 break;
621 case FLOW_ACT_MANGLE_HDR_TYPE_IP6:
622 switch (offset) {
623 case PEDIT_IP6_SRC_31_0:
624 case PEDIT_IP6_SRC_63_32:
625 case PEDIT_IP6_SRC_95_64:
626 case PEDIT_IP6_SRC_127_96:
627 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
628 break;
629 case PEDIT_IP6_DST_31_0:
630 case PEDIT_IP6_DST_63_32:
631 case PEDIT_IP6_DST_95_64:
632 case PEDIT_IP6_DST_127_96:
633 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
634 break;
635 default:
636 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field");
637 return false;
638 }
639 break;
640 case FLOW_ACT_MANGLE_HDR_TYPE_TCP:
641 switch (offset) {
642 case PEDIT_TCP_SPORT_DPORT:
643 if (!valid_l4_mask(~mask)) {
644 NL_SET_ERR_MSG_MOD(extack,
645 "Unsupported mask for TCP L4 ports");
646 return false;
647 }
648 if (~mask & PEDIT_TCP_UDP_SPORT_MASK)
649 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT;
650 else
651 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT;
652 break;
653 default:
654 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field");
655 return false;
656 }
657 break;
658 case FLOW_ACT_MANGLE_HDR_TYPE_UDP:
659 switch (offset) {
660 case PEDIT_UDP_SPORT_DPORT:
661 if (!valid_l4_mask(~mask)) {
662 NL_SET_ERR_MSG_MOD(extack,
663 "Unsupported mask for UDP L4 ports");
664 return false;
665 }
666 if (~mask & PEDIT_TCP_UDP_SPORT_MASK)
667 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT;
668 else
669 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT;
670 break;
671 default:
672 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field");
673 return false;
674 }
675 break;
676 default:
677 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit type");
678 return false;
679 }
680 return true;
681 }
682
cxgb4_validate_flow_actions(struct net_device * dev,struct flow_action * actions,struct netlink_ext_ack * extack,u8 matchall_filter)683 int cxgb4_validate_flow_actions(struct net_device *dev,
684 struct flow_action *actions,
685 struct netlink_ext_ack *extack,
686 u8 matchall_filter)
687 {
688 struct adapter *adap = netdev2adap(dev);
689 struct flow_action_entry *act;
690 bool act_redir = false;
691 bool act_pedit = false;
692 bool act_vlan = false;
693 u8 natmode_flags = 0;
694 int i;
695
696 if (!flow_action_basic_hw_stats_check(actions, extack))
697 return -EOPNOTSUPP;
698
699 flow_action_for_each(i, act, actions) {
700 switch (act->id) {
701 case FLOW_ACTION_ACCEPT:
702 case FLOW_ACTION_DROP:
703 /* Do nothing */
704 break;
705 case FLOW_ACTION_MIRRED:
706 case FLOW_ACTION_REDIRECT: {
707 struct net_device *n_dev, *target_dev;
708 bool found = false;
709 unsigned int i;
710
711 if (act->id == FLOW_ACTION_MIRRED &&
712 !matchall_filter) {
713 NL_SET_ERR_MSG_MOD(extack,
714 "Egress mirror action is only supported for tc-matchall");
715 return -EOPNOTSUPP;
716 }
717
718 target_dev = act->dev;
719 for_each_port(adap, i) {
720 n_dev = adap->port[i];
721 if (target_dev == n_dev) {
722 found = true;
723 break;
724 }
725 }
726
727 /* If interface doesn't belong to our hw, then
728 * the provided output port is not valid
729 */
730 if (!found) {
731 NL_SET_ERR_MSG_MOD(extack, "Out port invalid");
732 return -EINVAL;
733 }
734 act_redir = true;
735 }
736 break;
737 case FLOW_ACTION_VLAN_POP:
738 case FLOW_ACTION_VLAN_PUSH:
739 case FLOW_ACTION_VLAN_MANGLE: {
740 u16 proto = be16_to_cpu(act->vlan.proto);
741
742 switch (act->id) {
743 case FLOW_ACTION_VLAN_POP:
744 break;
745 case FLOW_ACTION_VLAN_PUSH:
746 case FLOW_ACTION_VLAN_MANGLE:
747 if (proto != ETH_P_8021Q) {
748 NL_SET_ERR_MSG_MOD(extack,
749 "Unsupported vlan proto");
750 return -EOPNOTSUPP;
751 }
752 break;
753 default:
754 NL_SET_ERR_MSG_MOD(extack,
755 "Unsupported vlan action");
756 return -EOPNOTSUPP;
757 }
758 act_vlan = true;
759 }
760 break;
761 case FLOW_ACTION_MANGLE: {
762 bool pedit_valid = valid_pedit_action(extack, act,
763 &natmode_flags);
764
765 if (!pedit_valid)
766 return -EOPNOTSUPP;
767 act_pedit = true;
768 }
769 break;
770 case FLOW_ACTION_QUEUE:
771 /* Do nothing. cxgb4_set_filter will validate */
772 break;
773 default:
774 NL_SET_ERR_MSG_MOD(extack, "Unsupported action");
775 return -EOPNOTSUPP;
776 }
777 }
778
779 if ((act_pedit || act_vlan) && !act_redir) {
780 NL_SET_ERR_MSG_MOD(extack,
781 "pedit/vlan rewrite invalid without egress redirect");
782 return -EINVAL;
783 }
784
785 if (act_pedit) {
786 int ret;
787
788 ret = cxgb4_action_natmode_validate(adap, natmode_flags,
789 extack);
790 if (ret)
791 return ret;
792 }
793
794 return 0;
795 }
796
cxgb4_tc_flower_hash_prio_add(struct adapter * adap,u32 tc_prio)797 static void cxgb4_tc_flower_hash_prio_add(struct adapter *adap, u32 tc_prio)
798 {
799 spin_lock_bh(&adap->tids.ftid_lock);
800 if (adap->tids.tc_hash_tids_max_prio < tc_prio)
801 adap->tids.tc_hash_tids_max_prio = tc_prio;
802 spin_unlock_bh(&adap->tids.ftid_lock);
803 }
804
cxgb4_tc_flower_hash_prio_del(struct adapter * adap,u32 tc_prio)805 static void cxgb4_tc_flower_hash_prio_del(struct adapter *adap, u32 tc_prio)
806 {
807 struct tid_info *t = &adap->tids;
808 struct ch_tc_flower_entry *fe;
809 struct rhashtable_iter iter;
810 u32 found = 0;
811
812 spin_lock_bh(&t->ftid_lock);
813 /* Bail if the current rule is not the one with the max
814 * prio.
815 */
816 if (t->tc_hash_tids_max_prio != tc_prio)
817 goto out_unlock;
818
819 /* Search for the next rule having the same or next lower
820 * max prio.
821 */
822 rhashtable_walk_enter(&adap->flower_tbl, &iter);
823 do {
824 rhashtable_walk_start(&iter);
825
826 fe = rhashtable_walk_next(&iter);
827 while (!IS_ERR_OR_NULL(fe)) {
828 if (fe->fs.hash &&
829 fe->fs.tc_prio <= t->tc_hash_tids_max_prio) {
830 t->tc_hash_tids_max_prio = fe->fs.tc_prio;
831 found++;
832
833 /* Bail if we found another rule
834 * having the same prio as the
835 * current max one.
836 */
837 if (fe->fs.tc_prio == tc_prio)
838 break;
839 }
840
841 fe = rhashtable_walk_next(&iter);
842 }
843
844 rhashtable_walk_stop(&iter);
845 } while (fe == ERR_PTR(-EAGAIN));
846 rhashtable_walk_exit(&iter);
847
848 if (!found)
849 t->tc_hash_tids_max_prio = 0;
850
851 out_unlock:
852 spin_unlock_bh(&t->ftid_lock);
853 }
854
cxgb4_flow_rule_replace(struct net_device * dev,struct flow_rule * rule,u32 tc_prio,struct netlink_ext_ack * extack,struct ch_filter_specification * fs,u32 * tid)855 int cxgb4_flow_rule_replace(struct net_device *dev, struct flow_rule *rule,
856 u32 tc_prio, struct netlink_ext_ack *extack,
857 struct ch_filter_specification *fs, u32 *tid)
858 {
859 struct adapter *adap = netdev2adap(dev);
860 struct filter_ctx ctx;
861 u8 inet_family;
862 int fidx, ret;
863
864 if (cxgb4_validate_flow_actions(dev, &rule->action, extack, 0))
865 return -EOPNOTSUPP;
866
867 if (cxgb4_validate_flow_match(extack, rule))
868 return -EOPNOTSUPP;
869
870 cxgb4_process_flow_match(dev, rule, fs);
871 cxgb4_process_flow_actions(dev, &rule->action, fs);
872
873 fs->hash = is_filter_exact_match(adap, fs);
874 inet_family = fs->type ? PF_INET6 : PF_INET;
875
876 /* Get a free filter entry TID, where we can insert this new
877 * rule. Only insert rule if its prio doesn't conflict with
878 * existing rules.
879 */
880 fidx = cxgb4_get_free_ftid(dev, inet_family, fs->hash,
881 tc_prio);
882 if (fidx < 0) {
883 NL_SET_ERR_MSG_MOD(extack,
884 "No free LETCAM index available");
885 return -ENOMEM;
886 }
887
888 if (fidx < adap->tids.nhpftids) {
889 fs->prio = 1;
890 fs->hash = 0;
891 }
892
893 /* If the rule can be inserted into HASH region, then ignore
894 * the index to normal FILTER region.
895 */
896 if (fs->hash)
897 fidx = 0;
898
899 fs->tc_prio = tc_prio;
900
901 init_completion(&ctx.completion);
902 ret = __cxgb4_set_filter(dev, fidx, fs, &ctx);
903 if (ret) {
904 NL_SET_ERR_MSG_FMT_MOD(extack, "filter creation err %d", ret);
905 return ret;
906 }
907
908 /* Wait for reply */
909 ret = wait_for_completion_timeout(&ctx.completion, 10 * HZ);
910 if (!ret)
911 return -ETIMEDOUT;
912
913 /* Check if hw returned error for filter creation */
914 if (ctx.result)
915 return ctx.result;
916
917 *tid = ctx.tid;
918
919 if (fs->hash)
920 cxgb4_tc_flower_hash_prio_add(adap, tc_prio);
921
922 return 0;
923 }
924
cxgb4_tc_flower_replace(struct net_device * dev,struct flow_cls_offload * cls)925 int cxgb4_tc_flower_replace(struct net_device *dev,
926 struct flow_cls_offload *cls)
927 {
928 struct flow_rule *rule = flow_cls_offload_flow_rule(cls);
929 struct netlink_ext_ack *extack = cls->common.extack;
930 struct adapter *adap = netdev2adap(dev);
931 struct ch_tc_flower_entry *ch_flower;
932 struct ch_filter_specification *fs;
933 int ret;
934
935 ch_flower = allocate_flower_entry();
936 if (!ch_flower) {
937 netdev_err(dev, "%s: ch_flower alloc failed.\n", __func__);
938 return -ENOMEM;
939 }
940
941 fs = &ch_flower->fs;
942 fs->hitcnts = 1;
943 fs->tc_cookie = cls->cookie;
944
945 ret = cxgb4_flow_rule_replace(dev, rule, cls->common.prio, extack, fs,
946 &ch_flower->filter_id);
947 if (ret)
948 goto free_entry;
949
950 ch_flower->tc_flower_cookie = cls->cookie;
951 ret = rhashtable_insert_fast(&adap->flower_tbl, &ch_flower->node,
952 adap->flower_ht_params);
953 if (ret)
954 goto del_filter;
955
956 return 0;
957
958 del_filter:
959 if (fs->hash)
960 cxgb4_tc_flower_hash_prio_del(adap, cls->common.prio);
961
962 cxgb4_del_filter(dev, ch_flower->filter_id, &ch_flower->fs);
963
964 free_entry:
965 kfree(ch_flower);
966 return ret;
967 }
968
cxgb4_flow_rule_destroy(struct net_device * dev,u32 tc_prio,struct ch_filter_specification * fs,int tid)969 int cxgb4_flow_rule_destroy(struct net_device *dev, u32 tc_prio,
970 struct ch_filter_specification *fs, int tid)
971 {
972 struct adapter *adap = netdev2adap(dev);
973 u8 hash;
974 int ret;
975
976 hash = fs->hash;
977
978 ret = cxgb4_del_filter(dev, tid, fs);
979 if (ret)
980 return ret;
981
982 if (hash)
983 cxgb4_tc_flower_hash_prio_del(adap, tc_prio);
984
985 return ret;
986 }
987
cxgb4_tc_flower_destroy(struct net_device * dev,struct flow_cls_offload * cls)988 int cxgb4_tc_flower_destroy(struct net_device *dev,
989 struct flow_cls_offload *cls)
990 {
991 struct adapter *adap = netdev2adap(dev);
992 struct ch_tc_flower_entry *ch_flower;
993 int ret;
994
995 ch_flower = ch_flower_lookup(adap, cls->cookie);
996 if (!ch_flower)
997 return -ENOENT;
998
999 rhashtable_remove_fast(&adap->flower_tbl, &ch_flower->node,
1000 adap->flower_ht_params);
1001
1002 ret = cxgb4_flow_rule_destroy(dev, ch_flower->fs.tc_prio,
1003 &ch_flower->fs, ch_flower->filter_id);
1004 if (ret)
1005 netdev_err(dev, "Flow rule destroy failed for tid: %u, ret: %d",
1006 ch_flower->filter_id, ret);
1007
1008 kfree_rcu(ch_flower, rcu);
1009 return ret;
1010 }
1011
ch_flower_stats_handler(struct work_struct * work)1012 static void ch_flower_stats_handler(struct work_struct *work)
1013 {
1014 struct adapter *adap = container_of(work, struct adapter,
1015 flower_stats_work);
1016 struct ch_tc_flower_entry *flower_entry;
1017 struct ch_tc_flower_stats *ofld_stats;
1018 struct rhashtable_iter iter;
1019 u64 packets;
1020 u64 bytes;
1021 int ret;
1022
1023 rhashtable_walk_enter(&adap->flower_tbl, &iter);
1024 do {
1025 rhashtable_walk_start(&iter);
1026
1027 while ((flower_entry = rhashtable_walk_next(&iter)) &&
1028 !IS_ERR(flower_entry)) {
1029 ret = cxgb4_get_filter_counters(adap->port[0],
1030 flower_entry->filter_id,
1031 &packets, &bytes,
1032 flower_entry->fs.hash);
1033 if (!ret) {
1034 spin_lock(&flower_entry->lock);
1035 ofld_stats = &flower_entry->stats;
1036
1037 if (ofld_stats->prev_packet_count != packets) {
1038 ofld_stats->prev_packet_count = packets;
1039 ofld_stats->last_used = jiffies;
1040 }
1041 spin_unlock(&flower_entry->lock);
1042 }
1043 }
1044
1045 rhashtable_walk_stop(&iter);
1046
1047 } while (flower_entry == ERR_PTR(-EAGAIN));
1048 rhashtable_walk_exit(&iter);
1049 mod_timer(&adap->flower_stats_timer, jiffies + STATS_CHECK_PERIOD);
1050 }
1051
ch_flower_stats_cb(struct timer_list * t)1052 static void ch_flower_stats_cb(struct timer_list *t)
1053 {
1054 struct adapter *adap = from_timer(adap, t, flower_stats_timer);
1055
1056 schedule_work(&adap->flower_stats_work);
1057 }
1058
cxgb4_tc_flower_stats(struct net_device * dev,struct flow_cls_offload * cls)1059 int cxgb4_tc_flower_stats(struct net_device *dev,
1060 struct flow_cls_offload *cls)
1061 {
1062 struct adapter *adap = netdev2adap(dev);
1063 struct ch_tc_flower_stats *ofld_stats;
1064 struct ch_tc_flower_entry *ch_flower;
1065 u64 packets;
1066 u64 bytes;
1067 int ret;
1068
1069 ch_flower = ch_flower_lookup(adap, cls->cookie);
1070 if (!ch_flower) {
1071 ret = -ENOENT;
1072 goto err;
1073 }
1074
1075 ret = cxgb4_get_filter_counters(dev, ch_flower->filter_id,
1076 &packets, &bytes,
1077 ch_flower->fs.hash);
1078 if (ret < 0)
1079 goto err;
1080
1081 spin_lock_bh(&ch_flower->lock);
1082 ofld_stats = &ch_flower->stats;
1083 if (ofld_stats->packet_count != packets) {
1084 if (ofld_stats->prev_packet_count != packets)
1085 ofld_stats->last_used = jiffies;
1086 flow_stats_update(&cls->stats, bytes - ofld_stats->byte_count,
1087 packets - ofld_stats->packet_count, 0,
1088 ofld_stats->last_used,
1089 FLOW_ACTION_HW_STATS_IMMEDIATE);
1090
1091 ofld_stats->packet_count = packets;
1092 ofld_stats->byte_count = bytes;
1093 ofld_stats->prev_packet_count = packets;
1094 }
1095 spin_unlock_bh(&ch_flower->lock);
1096 return 0;
1097
1098 err:
1099 return ret;
1100 }
1101
1102 static const struct rhashtable_params cxgb4_tc_flower_ht_params = {
1103 .nelem_hint = 384,
1104 .head_offset = offsetof(struct ch_tc_flower_entry, node),
1105 .key_offset = offsetof(struct ch_tc_flower_entry, tc_flower_cookie),
1106 .key_len = sizeof(((struct ch_tc_flower_entry *)0)->tc_flower_cookie),
1107 .max_size = 524288,
1108 .min_size = 512,
1109 .automatic_shrinking = true
1110 };
1111
cxgb4_init_tc_flower(struct adapter * adap)1112 int cxgb4_init_tc_flower(struct adapter *adap)
1113 {
1114 int ret;
1115
1116 if (adap->tc_flower_initialized)
1117 return -EEXIST;
1118
1119 adap->flower_ht_params = cxgb4_tc_flower_ht_params;
1120 ret = rhashtable_init(&adap->flower_tbl, &adap->flower_ht_params);
1121 if (ret)
1122 return ret;
1123
1124 INIT_WORK(&adap->flower_stats_work, ch_flower_stats_handler);
1125 timer_setup(&adap->flower_stats_timer, ch_flower_stats_cb, 0);
1126 mod_timer(&adap->flower_stats_timer, jiffies + STATS_CHECK_PERIOD);
1127 adap->tc_flower_initialized = true;
1128 return 0;
1129 }
1130
cxgb4_cleanup_tc_flower(struct adapter * adap)1131 void cxgb4_cleanup_tc_flower(struct adapter *adap)
1132 {
1133 if (!adap->tc_flower_initialized)
1134 return;
1135
1136 if (adap->flower_stats_timer.function)
1137 timer_shutdown_sync(&adap->flower_stats_timer);
1138 cancel_work_sync(&adap->flower_stats_work);
1139 rhashtable_destroy(&adap->flower_tbl);
1140 adap->tc_flower_initialized = false;
1141 }
1142