diff mbox series

[net-next] mlxsw: spectrum_flower: Do not allow mixing sample and mirror actions

Message ID d6c979914e8706dbe1dedbaf29ffffb0b8d71166.1733822570.git.petrm@nvidia.com (mailing list archive)
State Accepted
Commit 175dd9079ecbd86d0e10927c442d64519baf5809
Delegated to: Netdev Maintainers
Headers show
Series [net-next] mlxsw: spectrum_flower: Do not allow mixing sample and mirror actions | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 7 of 7 maintainers
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 1 this patch: 1
netdev/checkpatch warning WARNING: line length of 113 exceeds 80 columns
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-12-12--00-00 (tests: 795)

Commit Message

Petr Machata Dec. 10, 2024, 9:45 a.m. UTC 
From: Ido Schimmel <idosch@nvidia.com>

The device does not support multiple mirror actions per rule and the
driver rejects such configuration:

 # tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw action mirred egress mirror dev swp2 action mirred egress mirror dev swp3
 Error: mlxsw_spectrum: Multiple mirror actions per rule are not supported.
 We have an error talking to the kernel

Internally, the sample action is implemented by the device by mirroring
to the CPU port. Therefore, mixing sample and mirror actions in a single
rule does not work correctly and results in the last action effect.

Solve by rejecting such misconfiguration:

 # tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw action mirred egress mirror dev swp2 action sample rate 100 group 1
 Error: mlxsw_spectrum: Sample action after mirror action is not supported.
 We have an error talking to the kernel

 # tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw action sample rate 100 group 1 action mirred egress mirror dev swp2
 Error: mlxsw_spectrum: Mirror action after sample action is not supported.
 We have an error talking to the kernel

Reported-by: Vladyslav Mykhaliuk <vmykhaliuk@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Amit Cohen <amcohen@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
---
 drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

Comments

Michal Swiatkowski Dec. 10, 2024, 9:50 a.m. UTC | #1 
On Tue, Dec 10, 2024 at 10:45:37AM +0100, Petr Machata wrote:
> From: Ido Schimmel <idosch@nvidia.com>
> 
> The device does not support multiple mirror actions per rule and the
> driver rejects such configuration:
> 
>  # tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw action mirred egress mirror dev swp2 action mirred egress mirror dev swp3
>  Error: mlxsw_spectrum: Multiple mirror actions per rule are not supported.
>  We have an error talking to the kernel
> 
> Internally, the sample action is implemented by the device by mirroring
> to the CPU port. Therefore, mixing sample and mirror actions in a single
> rule does not work correctly and results in the last action effect.
> 
> Solve by rejecting such misconfiguration:
> 
>  # tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw action mirred egress mirror dev swp2 action sample rate 100 group 1
>  Error: mlxsw_spectrum: Sample action after mirror action is not supported.
>  We have an error talking to the kernel
> 
>  # tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw action sample rate 100 group 1 action mirred egress mirror dev swp2
>  Error: mlxsw_spectrum: Mirror action after sample action is not supported.
>  We have an error talking to the kernel
> 
> Reported-by: Vladyslav Mykhaliuk <vmykhaliuk@nvidia.com>
> Signed-off-by: Ido Schimmel <idosch@nvidia.com>
> Reviewed-by: Amit Cohen <amcohen@nvidia.com>
> Reviewed-by: Jiri Pirko <jiri@nvidia.com>
> Signed-off-by: Petr Machata <petrm@nvidia.com>
> ---
>  drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
> index f07955b5439f..6a4a81c63451 100644
> --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
> +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
> @@ -192,6 +192,11 @@ static int mlxsw_sp_flower_parse_actions(struct mlxsw_sp *mlxsw_sp,
>  				return -EOPNOTSUPP;
>  			}
>  
> +			if (sample_act_count) {
> +				NL_SET_ERR_MSG_MOD(extack, "Mirror action after sample action is not supported");
> +				return -EOPNOTSUPP;
> +			}
> +
>  			err = mlxsw_sp_acl_rulei_act_mirror(mlxsw_sp, rulei,
>  							    block, out_dev,
>  							    extack);
> @@ -265,6 +270,11 @@ static int mlxsw_sp_flower_parse_actions(struct mlxsw_sp *mlxsw_sp,
>  				return -EOPNOTSUPP;
>  			}
>  
> +			if (mirror_act_count) {
> +				NL_SET_ERR_MSG_MOD(extack, "Sample action after mirror action is not supported");
> +				return -EOPNOTSUPP;
> +			}
> +
>  			err = mlxsw_sp_acl_rulei_act_sample(mlxsw_sp, rulei,
>  							    block,
>  							    act->sample.psample_group,
> -- 
> 2.47.0

Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>

Thanks
Kalesh AP Dec. 10, 2024, 10:15 a.m. UTC | #2 
On Tue, Dec 10, 2024 at 3:26 PM Petr Machata <petrm@nvidia.com> wrote:
>
> From: Ido Schimmel <idosch@nvidia.com>
>
> The device does not support multiple mirror actions per rule and the
> driver rejects such configuration:
>
>  # tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw action mirred egress mirror dev swp2 action mirred egress mirror dev swp3
>  Error: mlxsw_spectrum: Multiple mirror actions per rule are not supported.
>  We have an error talking to the kernel
>
> Internally, the sample action is implemented by the device by mirroring
> to the CPU port. Therefore, mixing sample and mirror actions in a single
> rule does not work correctly and results in the last action effect.
>
> Solve by rejecting such misconfiguration:
>
>  # tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw action mirred egress mirror dev swp2 action sample rate 100 group 1
>  Error: mlxsw_spectrum: Sample action after mirror action is not supported.
>  We have an error talking to the kernel
>
>  # tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw action sample rate 100 group 1 action mirred egress mirror dev swp2
>  Error: mlxsw_spectrum: Mirror action after sample action is not supported.
>  We have an error talking to the kernel
>
> Reported-by: Vladyslav Mykhaliuk <vmykhaliuk@nvidia.com>
> Signed-off-by: Ido Schimmel <idosch@nvidia.com>
> Reviewed-by: Amit Cohen <amcohen@nvidia.com>
> Reviewed-by: Jiri Pirko <jiri@nvidia.com>
> Signed-off-by: Petr Machata <petrm@nvidia.com>

Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
patchwork-bot+netdevbpf@kernel.org Dec. 12, 2024, 4:30 a.m. UTC | #3 
Hello:

This patch was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Tue, 10 Dec 2024 10:45:37 +0100 you wrote:
> From: Ido Schimmel <idosch@nvidia.com>
> 
> The device does not support multiple mirror actions per rule and the
> driver rejects such configuration:
> 
>  # tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw action mirred egress mirror dev swp2 action mirred egress mirror dev swp3
>  Error: mlxsw_spectrum: Multiple mirror actions per rule are not supported.
>  We have an error talking to the kernel
> 
> [...]

Here is the summary with links:
  - [net-next] mlxsw: spectrum_flower: Do not allow mixing sample and mirror actions
    https://git.kernel.org/netdev/net-next/c/175dd9079ecb

You are awesome, thank you!
diff mbox series

Patch

diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
index f07955b5439f..6a4a81c63451 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
@@ -192,6 +192,11 @@  static int mlxsw_sp_flower_parse_actions(struct mlxsw_sp *mlxsw_sp,
 				return -EOPNOTSUPP;
 			}
 
+			if (sample_act_count) {
+				NL_SET_ERR_MSG_MOD(extack, "Mirror action after sample action is not supported");
+				return -EOPNOTSUPP;
+			}
+
 			err = mlxsw_sp_acl_rulei_act_mirror(mlxsw_sp, rulei,
 							    block, out_dev,
 							    extack);
@@ -265,6 +270,11 @@  static int mlxsw_sp_flower_parse_actions(struct mlxsw_sp *mlxsw_sp,
 				return -EOPNOTSUPP;
 			}
 
+			if (mirror_act_count) {
+				NL_SET_ERR_MSG_MOD(extack, "Sample action after mirror action is not supported");
+				return -EOPNOTSUPP;
+			}
+
 			err = mlxsw_sp_acl_rulei_act_sample(mlxsw_sp, rulei,
 							    block,
 							    act->sample.psample_group,