[net-next,0/5] net: flower: validate encapsulation control flags

Message ID	20240609173358.193178-1-ast@fiberby.net (mailing list archive)
Headers	show Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B2C83D2E5; Sun, 9 Jun 2024 17:34:56 +0000 (UTC) From: =?utf-8?q?Asbj=C3=B8rn_Sloth_T=C3=B8nnesen?= <ast@fiberby.net> To: netdev@vger.kernel.org Cc: =?utf-8?q?Asbj=C3=B8rn_Sloth_T=C3=B8nnesen?= <ast@fiberby.net>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Edward Cree <ecree.xilinx@gmail.com>, Martin Habets <habetsm.xilinx@gmail.com>, linux-net-drivers@amd.com, Saeed Mahameed <saeedm@nvidia.com>, Leon Romanovsky <leon@kernel.org>, Tariq Toukan <tariqt@nvidia.com>, linux-rdma@vger.kernel.org, Jesse Brandeburg <jesse.brandeburg@intel.com>, Tony Nguyen <anthony.l.nguyen@intel.com>, intel-wired-lan@lists.osuosl.org, Louis Peens <louis.peens@corigine.com>, oss-drivers@corigine.com, linux-kernel@vger.kernel.org, Davide Caratti <dcaratti@redhat.com>, i.maximets@ovn.org Subject: [PATCH net-next 0/5] net: flower: validate encapsulation control flags Date: Sun, 9 Jun 2024 17:33:50 +0000 Message-ID: <20240609173358.193178-1-ast@fiberby.net> Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
Series	net: flower: validate encapsulation control flags \| expand [net-next,0/5] net: flower: validate encapsulation control flags [net-next,1/5] flow_offload: add encapsulation control flag helpers [net-next,2/5] sfc: use flow_rule_is_supp_enc_control_flags() [net-next,3/5] net/mlx5e: flower: validate encapsulation control flags [net-next,4/5] nfp: flower: validate encapsulation control flags [net-next,5/5] ice: flower: validate encapsulation control flags

Message ID

20240609173358.193178-1-ast@fiberby.net (mailing list archive)

Headers

From: =?utf-8?q?Asbj=C3=B8rn_Sloth_T=C3=B8nnesen?= <ast@fiberby.net>
To: netdev@vger.kernel.org
Cc: =?utf-8?q?Asbj=C3=B8rn_Sloth_T=C3=B8nnesen?= <ast@fiberby.net>,
 "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>,
 Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
 Edward Cree <ecree.xilinx@gmail.com>,
 Martin Habets <habetsm.xilinx@gmail.com>, linux-net-drivers@amd.com,
 Saeed Mahameed <saeedm@nvidia.com>, Leon Romanovsky <leon@kernel.org>,
 Tariq Toukan <tariqt@nvidia.com>, linux-rdma@vger.kernel.org,
 Jesse Brandeburg <jesse.brandeburg@intel.com>,
 Tony Nguyen <anthony.l.nguyen@intel.com>, intel-wired-lan@lists.osuosl.org,
 Louis Peens <louis.peens@corigine.com>, oss-drivers@corigine.com,
 linux-kernel@vger.kernel.org, Davide Caratti <dcaratti@redhat.com>,
 i.maximets@ovn.org
Subject: [PATCH net-next 0/5] net: flower: validate encapsulation control
 flags
Date: Sun,  9 Jun 2024 17:33:50 +0000
Message-ID: <20240609173358.193178-1-ast@fiberby.net>
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Series

net: flower: validate encapsulation control flags | expand

Message

Asbjørn Sloth Tønnesen June 9, 2024, 5:33 p.m. UTC

Now that all drivers properly rejects unsupported flower control flags
used with FLOW_DISSECTOR_KEY_CONTROL, then time has come to add similar
checks to the drivers supporting FLOW_DISSECTOR_KEY_ENC_CONTROL.

There are currently just 4 drivers supporting this key, and
3 of those currently doesn't validate encapsulated control flags.

Encapsulation control flags may currently be unused, but they should
still be validated by the drivers, so that drivers will properly
reject any new flags when they are introduced.

This series adds some helper functions, and implements them in all
4 drivers.

NB: It is currently discussed[1] to use encapsulation control flags
for tunnel flags instead of the new FLOW_DISSECTOR_KEY_ENC_FLAGS.

[1] https://lore.kernel.org/netdev/ZmFuxElwZiYJzBkh@dcaratti.users.ipa.redhat.com/

Asbjørn Sloth Tønnesen (5):
  flow_offload: add encapsulation control flag helpers
  sfc: use flow_rule_is_supp_enc_control_flags()
  net/mlx5e: flower: validate encapsulation control flags
  nfp: flower: validate encapsulation control flags
  ice: flower: validate encapsulation control flags

 drivers/net/ethernet/intel/ice/ice_tc_lib.c   |  4 +++
 .../ethernet/mellanox/mlx5/core/en/tc_tun.c   |  6 ++++
 .../ethernet/netronome/nfp/flower/offload.c   |  4 +++
 drivers/net/ethernet/sfc/tc.c                 |  5 +--
 include/net/flow_offload.h                    | 35 +++++++++++++++++++
 5 files changed, 50 insertions(+), 4 deletions(-)

Comments

Davide Caratti June 11, 2024, 9:09 a.m. UTC | #1

On Sun, Jun 09, 2024 at 05:33:50PM +0000, Asbjørn Sloth Tønnesen wrote:
> Now that all drivers properly rejects unsupported flower control flags
> used with FLOW_DISSECTOR_KEY_CONTROL, then time has come to add similar
> checks to the drivers supporting FLOW_DISSECTOR_KEY_ENC_CONTROL.
> 
> There are currently just 4 drivers supporting this key, and
> 3 of those currently doesn't validate encapsulated control flags.
> 
> Encapsulation control flags may currently be unused, but they should
> still be validated by the drivers, so that drivers will properly
> reject any new flags when they are introduced.
> 
> This series adds some helper functions, and implements them in all
> 4 drivers.
>

Reviewed-by: Davide Caratti <dcaratti@redhat.com>

Jakub Kicinski June 13, 2024, 1:04 a.m. UTC | #2

On Sun,  9 Jun 2024 17:33:50 +0000 Asbjørn Sloth Tønnesen wrote:
> Now that all drivers properly rejects unsupported flower control flags
> used with FLOW_DISSECTOR_KEY_CONTROL, then time has come to add similar
> checks to the drivers supporting FLOW_DISSECTOR_KEY_ENC_CONTROL.

Thanks for doing this work!
Do you have any more of such series left? Could we perhaps consider
recording the driver support somewhere in struct net_device and do 
the rejecting in the core? That's much easier to extend when adding
new flags than updating all the drivers.
This series I think may not be a great first candidate as IIUC all
drivers would reject so the flag would be half-dead...

patchwork-bot+netdevbpf@kernel.org June 13, 2024, 1:10 a.m. UTC | #3

Hello:

This series was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Sun,  9 Jun 2024 17:33:50 +0000 you wrote:
> Now that all drivers properly rejects unsupported flower control flags
> used with FLOW_DISSECTOR_KEY_CONTROL, then time has come to add similar
> checks to the drivers supporting FLOW_DISSECTOR_KEY_ENC_CONTROL.
> 
> There are currently just 4 drivers supporting this key, and
> 3 of those currently doesn't validate encapsulated control flags.
> 
> [...]

Here is the summary with links:
  - [net-next,1/5] flow_offload: add encapsulation control flag helpers
    https://git.kernel.org/netdev/net-next/c/b48a1540b73a
  - [net-next,2/5] sfc: use flow_rule_is_supp_enc_control_flags()
    https://git.kernel.org/netdev/net-next/c/2ede54f8786f
  - [net-next,3/5] net/mlx5e: flower: validate encapsulation control flags
    https://git.kernel.org/netdev/net-next/c/28d19ec91755
  - [net-next,4/5] nfp: flower: validate encapsulation control flags
    https://git.kernel.org/netdev/net-next/c/34cdd9847820
  - [net-next,5/5] ice: flower: validate encapsulation control flags
    https://git.kernel.org/netdev/net-next/c/5a1b015d521d

You are awesome, thank you!

Asbjørn Sloth Tønnesen June 13, 2024, 5:38 p.m. UTC | #4

Hi Jakub,

On 6/13/24 1:04 AM, Jakub Kicinski wrote:
> On Sun,  9 Jun 2024 17:33:50 +0000 Asbjørn Sloth Tønnesen wrote:
>> Now that all drivers properly rejects unsupported flower control flags
>> used with FLOW_DISSECTOR_KEY_CONTROL, then time has come to add similar
>> checks to the drivers supporting FLOW_DISSECTOR_KEY_ENC_CONTROL.
> 
> Thanks for doing this work!

Thank you, for maintaining the tree!

> Do you have any more of such series left?

Not at the moment, I only stumbled upon this, because I read the code
with an eye on adding a new IS_JUMBO_FRAME flag (patches for which are
almost ready).

Once this[1] currently RFC patch goes in, I might try to move all
control flags in under FLOW_DIS_F_*, to get rid of the then
FLOW_DIS_(IS_FRAGMENT|FIRST_FRAG|ENCAPSULATION|F_*).

[1] [RFC PATCH net-next 1/9] net/sched: flower: define new tunnel flags
https://lore.kernel.org/netdev/20240611235355.177667-2-ast@fiberby.net/

> Could we perhaps consider
> recording the driver support somewhere in struct net_device and do
> the rejecting in the core?

Sure, it could work for the control flags, and used_keys validation,
but I am not sure if it is worth it, as most of the validation is
very specific to the limitations of the different hardware. An easy
first step in that direction would be to move the used_keys checks
behind a helper, and possibly storing used_keys in struct net_device.

> That's much easier to extend when adding
> new flags than updating all the drivers.

That's how it is now, with the new helpers, as all flags are
unsupported, unless the driver specifically supports it.

Any new flag only needs to be added to the core, and drivers only needs
to be updated when they implement offloading support for a flag.

> This series I think may not be a great first candidate as IIUC all
> drivers would reject so the flag would be half-dead...

Correct. I don't know if there is any hardware support planned for the
tunnel-related encapsulation control flags.