diff mbox series

[net-next] bnxt_en: flower: validate control flags

Message ID 20240422152626.175569-1-ast@fiberby.net (mailing list archive)
State Accepted
Commit 3833e4834d70440582c127443073fde3204d5c07
Delegated to: Netdev Maintainers
Headers show
Series [net-next] bnxt_en: flower: validate control flags | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 926 this patch: 926
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 5 of 5 maintainers
netdev/build_clang success Errors and warnings before: 937 this patch: 937
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 937 this patch: 937
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 16 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-04-24--15-00 (tests: 995)

Commit Message

Asbjørn Sloth Tønnesen April 22, 2024, 3:26 p.m. UTC 
This driver currently doesn't support any control flags.

Use flow_rule_match_has_control_flags() to check for control flags,
such as can be set through `tc flower ... ip_flags frag`.

In case any control flags are masked, flow_rule_match_has_control_flags()
sets a NL extended error message, and we return -EOPNOTSUPP.

Only compile-tested.

Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
 drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Sriharsha Basavapatna April 22, 2024, 5:21 p.m. UTC | #1 
On Mon, Apr 22, 2024 at 8:58 PM Asbjørn Sloth Tønnesen <ast@fiberby.net> wrote:
>
> This driver currently doesn't support any control flags.
>
> Use flow_rule_match_has_control_flags() to check for control flags,
> such as can be set through `tc flower ... ip_flags frag`.
>
> In case any control flags are masked, flow_rule_match_has_control_flags()
> sets a NL extended error message, and we return -EOPNOTSUPP.
>
> Only compile-tested.
>
> Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
> ---
>  drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c
> index 273c9ba48f09..d2ca90407cce 100644
> --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c
> +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c
> @@ -370,6 +370,7 @@ static int bnxt_tc_parse_flow(struct bnxt *bp,
>                               struct bnxt_tc_flow *flow)
>  {
>         struct flow_rule *rule = flow_cls_offload_flow_rule(tc_flow_cmd);
> +       struct netlink_ext_ack *extack = tc_flow_cmd->common.extack;
>         struct flow_dissector *dissector = rule->match.dissector;
>
>         /* KEY_CONTROL and KEY_BASIC are needed for forming a meaningful key */
> @@ -380,6 +381,9 @@ static int bnxt_tc_parse_flow(struct bnxt *bp,
>                 return -EOPNOTSUPP;
>         }
>
> +       if (flow_rule_match_has_control_flags(rule, extack))
> +               return -EOPNOTSUPP;
> +
>         if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
>                 struct flow_match_basic match;
>
> --
> 2.43.0
>
>

Thanks for this fix, it looks good. I need some time to test this; I
will get back to you in a few days.
-Harsha
Jiri Pirko April 23, 2024, 12:56 p.m. UTC | #2 
Mon, Apr 22, 2024 at 05:26:23PM CEST, ast@fiberby.net wrote:
>This driver currently doesn't support any control flags.
>
>Use flow_rule_match_has_control_flags() to check for control flags,
>such as can be set through `tc flower ... ip_flags frag`.
>
>In case any control flags are masked, flow_rule_match_has_control_flags()
>sets a NL extended error message, and we return -EOPNOTSUPP.
>
>Only compile-tested.
>
>Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>

Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Sriharsha Basavapatna April 24, 2024, 9:14 a.m. UTC | #3 
On Mon, Apr 22, 2024 at 10:51 PM Sriharsha Basavapatna
<sriharsha.basavapatna@broadcom.com> wrote:
>
> On Mon, Apr 22, 2024 at 8:58 PM Asbjørn Sloth Tønnesen <ast@fiberby.net> wrote:
> >
> > This driver currently doesn't support any control flags.
> >
> > Use flow_rule_match_has_control_flags() to check for control flags,
> > such as can be set through `tc flower ... ip_flags frag`.
> >
> > In case any control flags are masked, flow_rule_match_has_control_flags()
> > sets a NL extended error message, and we return -EOPNOTSUPP.
> >
> > Only compile-tested.
> >
> > Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
> > ---
> >  drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c
> > index 273c9ba48f09..d2ca90407cce 100644
> > --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c
> > +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c
> > @@ -370,6 +370,7 @@ static int bnxt_tc_parse_flow(struct bnxt *bp,
> >                               struct bnxt_tc_flow *flow)
> >  {
> >         struct flow_rule *rule = flow_cls_offload_flow_rule(tc_flow_cmd);
> > +       struct netlink_ext_ack *extack = tc_flow_cmd->common.extack;
> >         struct flow_dissector *dissector = rule->match.dissector;
> >
> >         /* KEY_CONTROL and KEY_BASIC are needed for forming a meaningful key */
> > @@ -380,6 +381,9 @@ static int bnxt_tc_parse_flow(struct bnxt *bp,
> >                 return -EOPNOTSUPP;
> >         }
> >
> > +       if (flow_rule_match_has_control_flags(rule, extack))
> > +               return -EOPNOTSUPP;
> > +
> >         if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
> >                 struct flow_match_basic match;
> >
> > --
> > 2.43.0
> >
> >
>
> Thanks for this fix, it looks good. I need some time to test this; I
> will get back to you in a few days.
> -Harsha

Reviewed-by: Sriharsha Basavapatna <sriharsha.basavapatna@broadcom.com>
Tested-by: Sriharsha Basavapatna <sriharsha.basavapatna@broadcom.com>
patchwork-bot+netdevbpf@kernel.org April 25, 2024, 3 a.m. UTC | #4 
Hello:

This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Mon, 22 Apr 2024 15:26:23 +0000 you wrote:
> This driver currently doesn't support any control flags.
> 
> Use flow_rule_match_has_control_flags() to check for control flags,
> such as can be set through `tc flower ... ip_flags frag`.
> 
> In case any control flags are masked, flow_rule_match_has_control_flags()
> sets a NL extended error message, and we return -EOPNOTSUPP.
> 
> [...]

Here is the summary with links:
  - [net-next] bnxt_en: flower: validate control flags
    https://git.kernel.org/netdev/net-next/c/3833e4834d70

You are awesome, thank you!
diff mbox series

Patch

diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c
index 273c9ba48f09..d2ca90407cce 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c
@@ -370,6 +370,7 @@  static int bnxt_tc_parse_flow(struct bnxt *bp,
 			      struct bnxt_tc_flow *flow)
 {
 	struct flow_rule *rule = flow_cls_offload_flow_rule(tc_flow_cmd);
+	struct netlink_ext_ack *extack = tc_flow_cmd->common.extack;
 	struct flow_dissector *dissector = rule->match.dissector;
 
 	/* KEY_CONTROL and KEY_BASIC are needed for forming a meaningful key */
@@ -380,6 +381,9 @@  static int bnxt_tc_parse_flow(struct bnxt *bp,
 		return -EOPNOTSUPP;
 	}
 
+	if (flow_rule_match_has_control_flags(rule, extack))
+		return -EOPNOTSUPP;
+
 	if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
 		struct flow_match_basic match;