1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #include <linux/kernel.h> 3 #include <linux/slab.h> 4 #include <net/act_api.h> 5 #include <net/flow_offload.h> 6 #include <linux/rtnetlink.h> 7 #include <linux/mutex.h> 8 #include <linux/rhashtable.h> 9 10 struct flow_rule *flow_rule_alloc(unsigned int num_actions) 11 { 12 struct flow_rule *rule; 13 int i; 14 15 rule = kzalloc(struct_size(rule, action.entries, num_actions), 16 GFP_KERNEL); 17 if (!rule) 18 return NULL; 19 20 rule->action.num_entries = num_actions; 21 /* Pre-fill each action hw_stats with DONT_CARE. 22 * Caller can override this if it wants stats for a given action. 23 */ 24 for (i = 0; i < num_actions; i++) 25 rule->action.entries[i].hw_stats = FLOW_ACTION_HW_STATS_DONT_CARE; 26 27 return rule; 28 } 29 EXPORT_SYMBOL(flow_rule_alloc); 30 31 struct flow_offload_action *offload_action_alloc(unsigned int num_actions) 32 { 33 struct flow_offload_action *fl_action; 34 int i; 35 36 fl_action = kzalloc(struct_size(fl_action, action.entries, num_actions), 37 GFP_KERNEL); 38 if (!fl_action) 39 return NULL; 40 41 fl_action->action.num_entries = num_actions; 42 /* Pre-fill each action hw_stats with DONT_CARE. 43 * Caller can override this if it wants stats for a given action. 44 */ 45 for (i = 0; i < num_actions; i++) 46 fl_action->action.entries[i].hw_stats = FLOW_ACTION_HW_STATS_DONT_CARE; 47 48 return fl_action; 49 } 50 51 #define FLOW_DISSECTOR_MATCH(__rule, __type, __out) \ 52 const struct flow_match *__m = &(__rule)->match; \ 53 struct flow_dissector *__d = (__m)->dissector; \ 54 \ 55 (__out)->key = skb_flow_dissector_target(__d, __type, (__m)->key); \ 56 (__out)->mask = skb_flow_dissector_target(__d, __type, (__m)->mask); \ 57 58 void flow_rule_match_meta(const struct flow_rule *rule, 59 struct flow_match_meta *out) 60 { 61 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_META, out); 62 } 63 EXPORT_SYMBOL(flow_rule_match_meta); 64 65 void flow_rule_match_basic(const struct flow_rule *rule, 66 struct flow_match_basic *out) 67 { 68 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_BASIC, out); 69 } 70 EXPORT_SYMBOL(flow_rule_match_basic); 71 72 void flow_rule_match_control(const struct flow_rule *rule, 73 struct flow_match_control *out) 74 { 75 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_CONTROL, out); 76 } 77 EXPORT_SYMBOL(flow_rule_match_control); 78 79 void flow_rule_match_eth_addrs(const struct flow_rule *rule, 80 struct flow_match_eth_addrs *out) 81 { 82 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS, out); 83 } 84 EXPORT_SYMBOL(flow_rule_match_eth_addrs); 85 86 void flow_rule_match_vlan(const struct flow_rule *rule, 87 struct flow_match_vlan *out) 88 { 89 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_VLAN, out); 90 } 91 EXPORT_SYMBOL(flow_rule_match_vlan); 92 93 void flow_rule_match_cvlan(const struct flow_rule *rule, 94 struct flow_match_vlan *out) 95 { 96 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_CVLAN, out); 97 } 98 EXPORT_SYMBOL(flow_rule_match_cvlan); 99 100 void flow_rule_match_ipv4_addrs(const struct flow_rule *rule, 101 struct flow_match_ipv4_addrs *out) 102 { 103 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS, out); 104 } 105 EXPORT_SYMBOL(flow_rule_match_ipv4_addrs); 106 107 void flow_rule_match_ipv6_addrs(const struct flow_rule *rule, 108 struct flow_match_ipv6_addrs *out) 109 { 110 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS, out); 111 } 112 EXPORT_SYMBOL(flow_rule_match_ipv6_addrs); 113 114 void flow_rule_match_ip(const struct flow_rule *rule, 115 struct flow_match_ip *out) 116 { 117 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_IP, out); 118 } 119 EXPORT_SYMBOL(flow_rule_match_ip); 120 121 void flow_rule_match_ports(const struct flow_rule *rule, 122 struct flow_match_ports *out) 123 { 124 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_PORTS, out); 125 } 126 EXPORT_SYMBOL(flow_rule_match_ports); 127 128 void flow_rule_match_ports_range(const struct flow_rule *rule, 129 struct flow_match_ports_range *out) 130 { 131 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_PORTS_RANGE, out); 132 } 133 EXPORT_SYMBOL(flow_rule_match_ports_range); 134 135 void flow_rule_match_tcp(const struct flow_rule *rule, 136 struct flow_match_tcp *out) 137 { 138 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_TCP, out); 139 } 140 EXPORT_SYMBOL(flow_rule_match_tcp); 141 142 void flow_rule_match_icmp(const struct flow_rule *rule, 143 struct flow_match_icmp *out) 144 { 145 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ICMP, out); 146 } 147 EXPORT_SYMBOL(flow_rule_match_icmp); 148 149 void flow_rule_match_mpls(const struct flow_rule *rule, 150 struct flow_match_mpls *out) 151 { 152 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_MPLS, out); 153 } 154 EXPORT_SYMBOL(flow_rule_match_mpls); 155 156 void flow_rule_match_enc_control(const struct flow_rule *rule, 157 struct flow_match_control *out) 158 { 159 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_CONTROL, out); 160 } 161 EXPORT_SYMBOL(flow_rule_match_enc_control); 162 163 void flow_rule_match_enc_ipv4_addrs(const struct flow_rule *rule, 164 struct flow_match_ipv4_addrs *out) 165 { 166 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, out); 167 } 168 EXPORT_SYMBOL(flow_rule_match_enc_ipv4_addrs); 169 170 void flow_rule_match_enc_ipv6_addrs(const struct flow_rule *rule, 171 struct flow_match_ipv6_addrs *out) 172 { 173 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, out); 174 } 175 EXPORT_SYMBOL(flow_rule_match_enc_ipv6_addrs); 176 177 void flow_rule_match_enc_ip(const struct flow_rule *rule, 178 struct flow_match_ip *out) 179 { 180 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_IP, out); 181 } 182 EXPORT_SYMBOL(flow_rule_match_enc_ip); 183 184 void flow_rule_match_enc_ports(const struct flow_rule *rule, 185 struct flow_match_ports *out) 186 { 187 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_PORTS, out); 188 } 189 EXPORT_SYMBOL(flow_rule_match_enc_ports); 190 191 void flow_rule_match_enc_keyid(const struct flow_rule *rule, 192 struct flow_match_enc_keyid *out) 193 { 194 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_KEYID, out); 195 } 196 EXPORT_SYMBOL(flow_rule_match_enc_keyid); 197 198 void flow_rule_match_enc_opts(const struct flow_rule *rule, 199 struct flow_match_enc_opts *out) 200 { 201 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_ENC_OPTS, out); 202 } 203 EXPORT_SYMBOL(flow_rule_match_enc_opts); 204 205 struct flow_action_cookie *flow_action_cookie_create(void *data, 206 unsigned int len, 207 gfp_t gfp) 208 { 209 struct flow_action_cookie *cookie; 210 211 cookie = kmalloc(sizeof(*cookie) + len, gfp); 212 if (!cookie) 213 return NULL; 214 cookie->cookie_len = len; 215 memcpy(cookie->cookie, data, len); 216 return cookie; 217 } 218 EXPORT_SYMBOL(flow_action_cookie_create); 219 220 void flow_action_cookie_destroy(struct flow_action_cookie *cookie) 221 { 222 kfree(cookie); 223 } 224 EXPORT_SYMBOL(flow_action_cookie_destroy); 225 226 void flow_rule_match_ct(const struct flow_rule *rule, 227 struct flow_match_ct *out) 228 { 229 FLOW_DISSECTOR_MATCH(rule, FLOW_DISSECTOR_KEY_CT, out); 230 } 231 EXPORT_SYMBOL(flow_rule_match_ct); 232 233 struct flow_block_cb *flow_block_cb_alloc(flow_setup_cb_t *cb, 234 void *cb_ident, void *cb_priv, 235 void (*release)(void *cb_priv)) 236 { 237 struct flow_block_cb *block_cb; 238 239 block_cb = kzalloc(sizeof(*block_cb), GFP_KERNEL); 240 if (!block_cb) 241 return ERR_PTR(-ENOMEM); 242 243 block_cb->cb = cb; 244 block_cb->cb_ident = cb_ident; 245 block_cb->cb_priv = cb_priv; 246 block_cb->release = release; 247 248 return block_cb; 249 } 250 EXPORT_SYMBOL(flow_block_cb_alloc); 251 252 void flow_block_cb_free(struct flow_block_cb *block_cb) 253 { 254 if (block_cb->release) 255 block_cb->release(block_cb->cb_priv); 256 257 kfree(block_cb); 258 } 259 EXPORT_SYMBOL(flow_block_cb_free); 260 261 struct flow_block_cb *flow_block_cb_lookup(struct flow_block *block, 262 flow_setup_cb_t *cb, void *cb_ident) 263 { 264 struct flow_block_cb *block_cb; 265 266 list_for_each_entry(block_cb, &block->cb_list, list) { 267 if (block_cb->cb == cb && 268 block_cb->cb_ident == cb_ident) 269 return block_cb; 270 } 271 272 return NULL; 273 } 274 EXPORT_SYMBOL(flow_block_cb_lookup); 275 276 void *flow_block_cb_priv(struct flow_block_cb *block_cb) 277 { 278 return block_cb->cb_priv; 279 } 280 EXPORT_SYMBOL(flow_block_cb_priv); 281 282 void flow_block_cb_incref(struct flow_block_cb *block_cb) 283 { 284 block_cb->refcnt++; 285 } 286 EXPORT_SYMBOL(flow_block_cb_incref); 287 288 unsigned int flow_block_cb_decref(struct flow_block_cb *block_cb) 289 { 290 return --block_cb->refcnt; 291 } 292 EXPORT_SYMBOL(flow_block_cb_decref); 293 294 bool flow_block_cb_is_busy(flow_setup_cb_t *cb, void *cb_ident, 295 struct list_head *driver_block_list) 296 { 297 struct flow_block_cb *block_cb; 298 299 list_for_each_entry(block_cb, driver_block_list, driver_list) { 300 if (block_cb->cb == cb && 301 block_cb->cb_ident == cb_ident) 302 return true; 303 } 304 305 return false; 306 } 307 EXPORT_SYMBOL(flow_block_cb_is_busy); 308 309 int flow_block_cb_setup_simple(struct flow_block_offload *f, 310 struct list_head *driver_block_list, 311 flow_setup_cb_t *cb, 312 void *cb_ident, void *cb_priv, 313 bool ingress_only) 314 { 315 struct flow_block_cb *block_cb; 316 317 if (ingress_only && 318 f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS) 319 return -EOPNOTSUPP; 320 321 f->driver_block_list = driver_block_list; 322 323 switch (f->command) { 324 case FLOW_BLOCK_BIND: 325 if (flow_block_cb_is_busy(cb, cb_ident, driver_block_list)) 326 return -EBUSY; 327 328 block_cb = flow_block_cb_alloc(cb, cb_ident, cb_priv, NULL); 329 if (IS_ERR(block_cb)) 330 return PTR_ERR(block_cb); 331 332 flow_block_cb_add(block_cb, f); 333 list_add_tail(&block_cb->driver_list, driver_block_list); 334 return 0; 335 case FLOW_BLOCK_UNBIND: 336 block_cb = flow_block_cb_lookup(f->block, cb, cb_ident); 337 if (!block_cb) 338 return -ENOENT; 339 340 flow_block_cb_remove(block_cb, f); 341 list_del(&block_cb->driver_list); 342 return 0; 343 default: 344 return -EOPNOTSUPP; 345 } 346 } 347 EXPORT_SYMBOL(flow_block_cb_setup_simple); 348 349 static DEFINE_MUTEX(flow_indr_block_lock); 350 static LIST_HEAD(flow_block_indr_list); 351 static LIST_HEAD(flow_block_indr_dev_list); 352 static LIST_HEAD(flow_indir_dev_list); 353 354 struct flow_indr_dev { 355 struct list_head list; 356 flow_indr_block_bind_cb_t *cb; 357 void *cb_priv; 358 refcount_t refcnt; 359 }; 360 361 static struct flow_indr_dev *flow_indr_dev_alloc(flow_indr_block_bind_cb_t *cb, 362 void *cb_priv) 363 { 364 struct flow_indr_dev *indr_dev; 365 366 indr_dev = kmalloc(sizeof(*indr_dev), GFP_KERNEL); 367 if (!indr_dev) 368 return NULL; 369 370 indr_dev->cb = cb; 371 indr_dev->cb_priv = cb_priv; 372 refcount_set(&indr_dev->refcnt, 1); 373 374 return indr_dev; 375 } 376 377 struct flow_indir_dev_info { 378 void *data; 379 struct net_device *dev; 380 struct Qdisc *sch; 381 enum tc_setup_type type; 382 void (*cleanup)(struct flow_block_cb *block_cb); 383 struct list_head list; 384 enum flow_block_command command; 385 enum flow_block_binder_type binder_type; 386 struct list_head *cb_list; 387 }; 388 389 static void existing_qdiscs_register(flow_indr_block_bind_cb_t *cb, void *cb_priv) 390 { 391 struct flow_block_offload bo; 392 struct flow_indir_dev_info *cur; 393 394 list_for_each_entry(cur, &flow_indir_dev_list, list) { 395 memset(&bo, 0, sizeof(bo)); 396 bo.command = cur->command; 397 bo.binder_type = cur->binder_type; 398 INIT_LIST_HEAD(&bo.cb_list); 399 cb(cur->dev, cur->sch, cb_priv, cur->type, &bo, cur->data, cur->cleanup); 400 list_splice(&bo.cb_list, cur->cb_list); 401 } 402 } 403 404 int flow_indr_dev_register(flow_indr_block_bind_cb_t *cb, void *cb_priv) 405 { 406 struct flow_indr_dev *indr_dev; 407 408 mutex_lock(&flow_indr_block_lock); 409 list_for_each_entry(indr_dev, &flow_block_indr_dev_list, list) { 410 if (indr_dev->cb == cb && 411 indr_dev->cb_priv == cb_priv) { 412 refcount_inc(&indr_dev->refcnt); 413 mutex_unlock(&flow_indr_block_lock); 414 return 0; 415 } 416 } 417 418 indr_dev = flow_indr_dev_alloc(cb, cb_priv); 419 if (!indr_dev) { 420 mutex_unlock(&flow_indr_block_lock); 421 return -ENOMEM; 422 } 423 424 list_add(&indr_dev->list, &flow_block_indr_dev_list); 425 existing_qdiscs_register(cb, cb_priv); 426 mutex_unlock(&flow_indr_block_lock); 427 428 tcf_action_reoffload_cb(cb, cb_priv, true); 429 430 return 0; 431 } 432 EXPORT_SYMBOL(flow_indr_dev_register); 433 434 static void __flow_block_indr_cleanup(void (*release)(void *cb_priv), 435 void *cb_priv, 436 struct list_head *cleanup_list) 437 { 438 struct flow_block_cb *this, *next; 439 440 list_for_each_entry_safe(this, next, &flow_block_indr_list, indr.list) { 441 if (this->release == release && 442 this->indr.cb_priv == cb_priv) 443 list_move(&this->indr.list, cleanup_list); 444 } 445 } 446 447 static void flow_block_indr_notify(struct list_head *cleanup_list) 448 { 449 struct flow_block_cb *this, *next; 450 451 list_for_each_entry_safe(this, next, cleanup_list, indr.list) { 452 list_del(&this->indr.list); 453 this->indr.cleanup(this); 454 } 455 } 456 457 void flow_indr_dev_unregister(flow_indr_block_bind_cb_t *cb, void *cb_priv, 458 void (*release)(void *cb_priv)) 459 { 460 struct flow_indr_dev *this, *next, *indr_dev = NULL; 461 LIST_HEAD(cleanup_list); 462 463 mutex_lock(&flow_indr_block_lock); 464 list_for_each_entry_safe(this, next, &flow_block_indr_dev_list, list) { 465 if (this->cb == cb && 466 this->cb_priv == cb_priv && 467 refcount_dec_and_test(&this->refcnt)) { 468 indr_dev = this; 469 list_del(&indr_dev->list); 470 break; 471 } 472 } 473 474 if (!indr_dev) { 475 mutex_unlock(&flow_indr_block_lock); 476 return; 477 } 478 479 __flow_block_indr_cleanup(release, cb_priv, &cleanup_list); 480 mutex_unlock(&flow_indr_block_lock); 481 482 tcf_action_reoffload_cb(cb, cb_priv, false); 483 flow_block_indr_notify(&cleanup_list); 484 kfree(indr_dev); 485 } 486 EXPORT_SYMBOL(flow_indr_dev_unregister); 487 488 static void flow_block_indr_init(struct flow_block_cb *flow_block, 489 struct flow_block_offload *bo, 490 struct net_device *dev, struct Qdisc *sch, void *data, 491 void *cb_priv, 492 void (*cleanup)(struct flow_block_cb *block_cb)) 493 { 494 flow_block->indr.binder_type = bo->binder_type; 495 flow_block->indr.data = data; 496 flow_block->indr.cb_priv = cb_priv; 497 flow_block->indr.dev = dev; 498 flow_block->indr.sch = sch; 499 flow_block->indr.cleanup = cleanup; 500 } 501 502 struct flow_block_cb *flow_indr_block_cb_alloc(flow_setup_cb_t *cb, 503 void *cb_ident, void *cb_priv, 504 void (*release)(void *cb_priv), 505 struct flow_block_offload *bo, 506 struct net_device *dev, 507 struct Qdisc *sch, void *data, 508 void *indr_cb_priv, 509 void (*cleanup)(struct flow_block_cb *block_cb)) 510 { 511 struct flow_block_cb *block_cb; 512 513 block_cb = flow_block_cb_alloc(cb, cb_ident, cb_priv, release); 514 if (IS_ERR(block_cb)) 515 goto out; 516 517 flow_block_indr_init(block_cb, bo, dev, sch, data, indr_cb_priv, cleanup); 518 list_add(&block_cb->indr.list, &flow_block_indr_list); 519 520 out: 521 return block_cb; 522 } 523 EXPORT_SYMBOL(flow_indr_block_cb_alloc); 524 525 static struct flow_indir_dev_info *find_indir_dev(void *data) 526 { 527 struct flow_indir_dev_info *cur; 528 529 list_for_each_entry(cur, &flow_indir_dev_list, list) { 530 if (cur->data == data) 531 return cur; 532 } 533 return NULL; 534 } 535 536 static int indir_dev_add(void *data, struct net_device *dev, struct Qdisc *sch, 537 enum tc_setup_type type, void (*cleanup)(struct flow_block_cb *block_cb), 538 struct flow_block_offload *bo) 539 { 540 struct flow_indir_dev_info *info; 541 542 info = find_indir_dev(data); 543 if (info) 544 return -EEXIST; 545 546 info = kzalloc(sizeof(*info), GFP_KERNEL); 547 if (!info) 548 return -ENOMEM; 549 550 info->data = data; 551 info->dev = dev; 552 info->sch = sch; 553 info->type = type; 554 info->cleanup = cleanup; 555 info->command = bo->command; 556 info->binder_type = bo->binder_type; 557 info->cb_list = bo->cb_list_head; 558 559 list_add(&info->list, &flow_indir_dev_list); 560 return 0; 561 } 562 563 static int indir_dev_remove(void *data) 564 { 565 struct flow_indir_dev_info *info; 566 567 info = find_indir_dev(data); 568 if (!info) 569 return -ENOENT; 570 571 list_del(&info->list); 572 573 kfree(info); 574 return 0; 575 } 576 577 int flow_indr_dev_setup_offload(struct net_device *dev, struct Qdisc *sch, 578 enum tc_setup_type type, void *data, 579 struct flow_block_offload *bo, 580 void (*cleanup)(struct flow_block_cb *block_cb)) 581 { 582 struct flow_indr_dev *this; 583 u32 count = 0; 584 int err; 585 586 mutex_lock(&flow_indr_block_lock); 587 if (bo) { 588 if (bo->command == FLOW_BLOCK_BIND) 589 indir_dev_add(data, dev, sch, type, cleanup, bo); 590 else if (bo->command == FLOW_BLOCK_UNBIND) 591 indir_dev_remove(data); 592 } 593 594 list_for_each_entry(this, &flow_block_indr_dev_list, list) { 595 err = this->cb(dev, sch, this->cb_priv, type, bo, data, cleanup); 596 if (!err) 597 count++; 598 } 599 600 mutex_unlock(&flow_indr_block_lock); 601 602 return (bo && list_empty(&bo->cb_list)) ? -EOPNOTSUPP : count; 603 } 604 EXPORT_SYMBOL(flow_indr_dev_setup_offload); 605 606 bool flow_indr_dev_exists(void) 607 { 608 return !list_empty(&flow_block_indr_dev_list); 609 } 610 EXPORT_SYMBOL(flow_indr_dev_exists); 611