| Message ID | 20240409154543.8181-2-marcin.szycik@linux.intel.com (mailing list archive) |
|---|---|
| State | Awaiting Upstream |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [iwl-net] ice: Fix checking for unsupported keys on non-tunnel device | expand |
On 4/9/2024 8:45 AM, Marcin Szycik wrote: > Add missing FLOW_DISSECTOR_KEY_ENC_* checks to TC flower filter parsing. > Without these checks, it would be possible to add filters with tunnel > options on non-tunnel devices. enc_* options are only valid for tunnel > devices. > > Example: > devlink dev eswitch set $PF1_PCI mode switchdev > echo 1 > /sys/class/net/$PF1/device/sriov_numvfs > tc qdisc add dev $VF1_PR ingress > ethtool -K $PF1 hw-tc-offload on > tc filter add dev $VF1_PR ingress flower enc_ttl 12 skip_sw action drop > > Fixes: 9e300987d4a8 ("ice: VXLAN and Geneve TC support") > Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com> > Signed-off-by: Marcin Szycik <marcin.szycik@linux.intel.com> Reviewed-by: Jacob Keller <jacob.e.keller@intel.com> > --- > drivers/net/ethernet/intel/ice/ice_tc_lib.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/ethernet/intel/ice/ice_tc_lib.c b/drivers/net/ethernet/intel/ice/ice_tc_lib.c > index f8df93e1a9de..b49aa6554024 100644 > --- a/drivers/net/ethernet/intel/ice/ice_tc_lib.c > +++ b/drivers/net/ethernet/intel/ice/ice_tc_lib.c > @@ -1489,7 +1489,10 @@ ice_parse_cls_flower(struct net_device *filter_dev, struct ice_vsi *vsi, > (BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | > BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | > BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) | > - BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS))) { > + BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS) | > + BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IP) | > + BIT_ULL(FLOW_DISSECTOR_KEY_ENC_OPTS) | > + BIT_ULL(FLOW_DISSECTOR_KEY_ENC_CONTROL))) { > NL_SET_ERR_MSG_MOD(fltr->extack, "Tunnel key used, but device isn't a tunnel"); > return -EOPNOTSUPP; > } else {
> -----Original Message----- > From: Intel-wired-lan <intel-wired-lan-bounces@osuosl.org> On Behalf Of > Marcin Szycik > Sent: Tuesday, April 9, 2024 9:16 PM > To: intel-wired-lan@lists.osuosl.org > Cc: netdev@vger.kernel.org; Marcin Szycik <marcin.szycik@linux.intel.com>; > Michal Swiatkowski <michal.swiatkowski@linux.intel.com> > Subject: [Intel-wired-lan] [PATCH iwl-net] ice: Fix checking for unsupported > keys on non-tunnel device > > Add missing FLOW_DISSECTOR_KEY_ENC_* checks to TC flower filter parsing. > Without these checks, it would be possible to add filters with tunnel options > on non-tunnel devices. enc_* options are only valid for tunnel devices. > > Example: > devlink dev eswitch set $PF1_PCI mode switchdev > echo 1 > /sys/class/net/$PF1/device/sriov_numvfs > tc qdisc add dev $VF1_PR ingress > ethtool -K $PF1 hw-tc-offload on > tc filter add dev $VF1_PR ingress flower enc_ttl 12 skip_sw action drop > > Fixes: 9e300987d4a8 ("ice: VXLAN and Geneve TC support") > Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com> > Signed-off-by: Marcin Szycik <marcin.szycik@linux.intel.com> > --- > drivers/net/ethernet/intel/ice/ice_tc_lib.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > Tested-by: Sujai Buvaneswaran <sujai.buvaneswaran@intel.com>
diff --git a/drivers/net/ethernet/intel/ice/ice_tc_lib.c b/drivers/net/ethernet/intel/ice/ice_tc_lib.c index f8df93e1a9de..b49aa6554024 100644 --- a/drivers/net/ethernet/intel/ice/ice_tc_lib.c +++ b/drivers/net/ethernet/intel/ice/ice_tc_lib.c @@ -1489,7 +1489,10 @@ ice_parse_cls_flower(struct net_device *filter_dev, struct ice_vsi *vsi, (BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) | - BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS))) { + BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS) | + BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IP) | + BIT_ULL(FLOW_DISSECTOR_KEY_ENC_OPTS) | + BIT_ULL(FLOW_DISSECTOR_KEY_ENC_CONTROL))) { NL_SET_ERR_MSG_MOD(fltr->extack, "Tunnel key used, but device isn't a tunnel"); return -EOPNOTSUPP; } else {
Add missing FLOW_DISSECTOR_KEY_ENC_* checks to TC flower filter parsing. Without these checks, it would be possible to add filters with tunnel options on non-tunnel devices. enc_* options are only valid for tunnel devices. Example: devlink dev eswitch set $PF1_PCI mode switchdev echo 1 > /sys/class/net/$PF1/device/sriov_numvfs tc qdisc add dev $VF1_PR ingress ethtool -K $PF1 hw-tc-offload on tc filter add dev $VF1_PR ingress flower enc_ttl 12 skip_sw action drop Fixes: 9e300987d4a8 ("ice: VXLAN and Geneve TC support") Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com> Signed-off-by: Marcin Szycik <marcin.szycik@linux.intel.com> --- drivers/net/ethernet/intel/ice/ice_tc_lib.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)