From patchwork Tue Apr 16 20:24:06 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Nguyen <anthony.l.nguyen@intel.com>
X-Patchwork-Id: 13632557
X-Patchwork-Delegate: kuba@kernel.org
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.21])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A0C12C6A3
	for <netdev@vger.kernel.org>; Tue, 16 Apr 2024 20:24:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=198.175.65.21
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713299056; cv=none;
 b=JJi/769rVK9bNeuQbImJ1xykXHfUt0zvDdJqq4ou8+r+//DuAJ4Q43PYAVLqkjb5Z0B7ZSnQL0kd22xoHOJ22zw1Cbm45B4GMoBvBn+Hn0uFNG3syz/V8SOzCQoYsl1KWprTfllk/SNiupScVNkxfY295KwDYoVHTkz8LzOgXC0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713299056; c=relaxed/simple;
	bh=UcRGENiElOE3qzcdU/4RPooTRbe/+e99fKpJg3x8zNI=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=Oz1Jmzv3SmsLSqata6mrhz8GBqXN8YSZ7vCVwMneuUNfnjE/7PBSKIgRRIvHeqWA0cJ5KlpFjpXJdc0FPzHRNn64WADLDX4yLc7vq6gznsvtg8rvOiDVNXFhRweIe4vAPLYry1x7alaAQ4x3D6DYqwGS3SUxOs1oR8+UsJR/deM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com;
 spf=pass smtp.mailfrom=intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=fN9x6vCe; arc=none smtp.client-ip=198.175.65.21
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="fN9x6vCe"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1713299054; x=1744835054;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=UcRGENiElOE3qzcdU/4RPooTRbe/+e99fKpJg3x8zNI=;
  b=fN9x6vCeZWwcYg6IXWga7tV/Lun39w7t0VuwiTiDAZPqPHWUSzwPwqrL
   hJRI8QVvihT7NeTD62jKbaiYIAJ8F7fF5VnPx78X27d5mOLAQ4uKS3agh
   USs7BzmrqdPPC8Ayy413APEUpcKsougjp4CYsjQ/4E28JZqzC62b2PmMt
   4HTStTkdDEk7H9d/1qqTbdifgWeyeSikIPtIoCEUTA1bUdcFE3WDO/RSP
   05qOW/0e35WH346lz7wEnXXlU8jBuQxmw6Lf5fDxwpFO9N0kMGxfc8yNH
   mRlY0DP5WeIbwZGtYv0whpfF3IZUNVDetjJQUWEDmBrjiGR7Iiv/gVhBb
   w==;
X-CSE-ConnectionGUID: 8dhvhZqwS8utnpbB+2Fr+g==
X-CSE-MsgGUID: Vgoc8AIARje1sYiofNqytA==
X-IronPort-AV: E=McAfee;i="6600,9927,11046"; a="8688450"
X-IronPort-AV: E=Sophos;i="6.07,207,1708416000";
   d="scan'208";a="8688450"
Received: from fmviesa003.fm.intel.com ([10.60.135.143])
  by orvoesa113.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 16 Apr 2024 13:24:12 -0700
X-CSE-ConnectionGUID: wiLs3sAaRfW/KgEaKIC5lQ==
X-CSE-MsgGUID: zwMokgu4SQm/336KJFykLA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,207,1708416000";
   d="scan'208";a="26941870"
Received: from anguy11-upstream.jf.intel.com ([10.166.9.133])
  by fmviesa003.fm.intel.com with ESMTP; 16 Apr 2024 13:24:12 -0700
From: Tony Nguyen <anthony.l.nguyen@intel.com>
To: davem@davemloft.net,
	kuba@kernel.org,
	pabeni@redhat.com,
	edumazet@google.com,
	netdev@vger.kernel.org
Cc: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>,
	anthony.l.nguyen@intel.com,
	Jedrzej Jagielski <jedrzej.jagielski@intel.com>,
	Sridhar Samudrala <sridhar.samudrala@intel.com>,
	Simon Horman <horms@kernel.org>,
	Sujai Buvaneswaran <sujai.buvaneswaran@intel.com>
Subject: [PATCH net 1/3] ice: tc: check src_vsi in case of traffic from VF
Date: Tue, 16 Apr 2024 13:24:06 -0700
Message-ID: <20240416202409.2008383-2-anthony.l.nguyen@intel.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240416202409.2008383-1-anthony.l.nguyen@intel.com>
References: <20240416202409.2008383-1-anthony.l.nguyen@intel.com>
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Patchwork-Delegate: kuba@kernel.org

From: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>

In case of traffic going from the VF (so ingress for port representor)
source VSI should be consider during packet classification. It is
needed for hardware to not match packets from different ports with
filters added on other port.

It is only for "from VF" traffic, because other traffic direction
doesn't have source VSI.

Set correct ::src_vsi in rule_info to pass it to the hardware filter.

For example this rule should drop only ipv4 packets from eth10, not from
the others VF PRs. It is needed to check source VSI in this case.
$tc filter add dev eth10 ingress protocol ip flower skip_sw action drop

Fixes: 0d08a441fb1a ("ice: ndo_setup_tc implementation for PF")
Reviewed-by: Jedrzej Jagielski <jedrzej.jagielski@intel.com>
Reviewed-by: Sridhar Samudrala <sridhar.samudrala@intel.com>
Signed-off-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Tested-by: Sujai Buvaneswaran <sujai.buvaneswaran@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
---
 drivers/net/ethernet/intel/ice/ice_tc_lib.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/net/ethernet/intel/ice/ice_tc_lib.c b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
index b890410a2bc0..49ed5fd7db10 100644
--- a/drivers/net/ethernet/intel/ice/ice_tc_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
@@ -28,6 +28,8 @@ ice_tc_count_lkups(u32 flags, struct ice_tc_flower_lyr_2_4_hdrs *headers,
 	 * - ICE_TC_FLWR_FIELD_VLAN_TPID (present if specified)
 	 * - Tunnel flag (present if tunnel)
 	 */
+	if (fltr->direction == ICE_ESWITCH_FLTR_EGRESS)
+		lkups_cnt++;
 
 	if (flags & ICE_TC_FLWR_FIELD_TENANT_ID)
 		lkups_cnt++;
@@ -363,6 +365,11 @@ ice_tc_fill_rules(struct ice_hw *hw, u32 flags,
 	/* Always add direction metadata */
 	ice_rule_add_direction_metadata(&list[ICE_TC_METADATA_LKUP_IDX]);
 
+	if (tc_fltr->direction == ICE_ESWITCH_FLTR_EGRESS) {
+		ice_rule_add_src_vsi_metadata(&list[i]);
+		i++;
+	}
+
 	rule_info->tun_type = ice_sw_type_from_tunnel(tc_fltr->tunnel_type);
 	if (tc_fltr->tunnel_type != TNL_LAST) {
 		i = ice_tc_fill_tunnel_outer(flags, tc_fltr, list, i);
@@ -820,6 +827,7 @@ ice_eswitch_add_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
 
 	/* specify the cookie as filter_rule_id */
 	rule_info.fltr_rule_id = fltr->cookie;
+	rule_info.src_vsi = vsi->idx;
 
 	ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added);
 	if (ret == -EEXIST) {

From patchwork Tue Apr 16 20:24:07 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Nguyen <anthony.l.nguyen@intel.com>
X-Patchwork-Id: 13632558
X-Patchwork-Delegate: kuba@kernel.org
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.21])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1FB67139D0B
	for <netdev@vger.kernel.org>; Tue, 16 Apr 2024 20:24:15 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=198.175.65.21
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713299056; cv=none;
 b=aerzs3oBZdxcPQ0f9RzJ0cLKvpODB1U/BnEIw3e/RzbrNOf9f4D39H3aYlqecH9TyUnh78+eYrhEbKftLMlmlvFLzE3HwDCNTbFYGehGn3+yDyxGYzFLpyfZ0PHBco31vJBA/rKjrtCa3nskP0E6Wmdmy5oPqA1rOvZAVO7/gsc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713299056; c=relaxed/simple;
	bh=Lkxs2jxpSfMnw9Ng6K/i7PiLVRbb/QQuS25pSxsWvpE=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=DozrbrMHE+WAX65oguUCPDtsZSUPg56RDqvwwbOr7HNipkA6PAll3KdT76Q5Z6zTmtLNIjY7OXCzpoPBV34/C3HaoCb6pN/bZl+ZB5CT0nV5i+aIM5VhoTqeTSfwbrojxnCcehO77LT98mf2RS2jM+YclMhuCx6Z/yXvsqmTdV8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com;
 spf=pass smtp.mailfrom=intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=msG8u9va; arc=none smtp.client-ip=198.175.65.21
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="msG8u9va"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1713299055; x=1744835055;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=Lkxs2jxpSfMnw9Ng6K/i7PiLVRbb/QQuS25pSxsWvpE=;
  b=msG8u9vavKqysLC9My1AOCiOKg0XHx0AT16HzOzWi1b54l2PEvGKXrxV
   TH1CbKXBVOWJWiZJvTAiRHO5/JH4LGwSb3AHit4CbbV4TmxHdV//J7DDi
   3xpKjeu2ShwAdE0FNSZoud9L2LYyNI1wXlrQgikGIJkCvierP5UG6sN8s
   34w6o+M0oe3KoCxE0Kaet79R+Lwid6W81aCa7U+SjLXMbenT62Ke8NeL4
   rLCTKQdHqHh81kQwqPByS7WdLv8x1NAeKtP2gHXcNuSJaEw7RsGv3J0R8
   ccpZph9ySsWeGwwoMTn0Kv78Qkx5UbVW0O64ZtlUI1WjJ7H8GEfrPICMo
   A==;
X-CSE-ConnectionGUID: RjUHaTiRRGSdJQpX4QkD+w==
X-CSE-MsgGUID: ODt4xIn3RaKC1qSMKoZhdg==
X-IronPort-AV: E=McAfee;i="6600,9927,11046"; a="8688457"
X-IronPort-AV: E=Sophos;i="6.07,207,1708416000";
   d="scan'208";a="8688457"
Received: from fmviesa003.fm.intel.com ([10.60.135.143])
  by orvoesa113.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 16 Apr 2024 13:24:13 -0700
X-CSE-ConnectionGUID: pAnU5b93Q5CYJSP9hfNFoQ==
X-CSE-MsgGUID: iIEJi3khTzy1X24744X/yg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,207,1708416000";
   d="scan'208";a="26941875"
Received: from anguy11-upstream.jf.intel.com ([10.166.9.133])
  by fmviesa003.fm.intel.com with ESMTP; 16 Apr 2024 13:24:12 -0700
From: Tony Nguyen <anthony.l.nguyen@intel.com>
To: davem@davemloft.net,
	kuba@kernel.org,
	pabeni@redhat.com,
	edumazet@google.com,
	netdev@vger.kernel.org
Cc: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>,
	anthony.l.nguyen@intel.com,
	Wojciech Drewek <wojciech.drewek@intel.com>,
	Simon Horman <horms@kernel.org>,
	Sujai Buvaneswaran <sujai.buvaneswaran@intel.com>
Subject: [PATCH net 2/3] ice: tc: allow zero flags in parsing tc flower
Date: Tue, 16 Apr 2024 13:24:07 -0700
Message-ID: <20240416202409.2008383-3-anthony.l.nguyen@intel.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240416202409.2008383-1-anthony.l.nguyen@intel.com>
References: <20240416202409.2008383-1-anthony.l.nguyen@intel.com>
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Patchwork-Delegate: kuba@kernel.org

From: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>

The check for flags is done to not pass empty lookups to adding switch
rule functions. Since metadata is always added to lookups there is no
need to check against the flag.

It is also fixing the problem with such rule:
$ tc filter add dev gtp_dev ingress protocol ip prio 0 flower \
	enc_dst_port 2123 action drop
Switch block in case of GTP can't parse the destination port, because it
should always be set to GTP specific value. The same with ethertype. The
result is that there is no other matching criteria than GTP tunnel. In
this case flags is 0, rule can't be added only because of defensive
check against flags.

Fixes: 9a225f81f540 ("ice: Support GTP-U and GTP-C offload in switchdev")
Reviewed-by: Wojciech Drewek <wojciech.drewek@intel.com>
Signed-off-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Tested-by: Sujai Buvaneswaran <sujai.buvaneswaran@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
---
 drivers/net/ethernet/intel/ice/ice_tc_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/intel/ice/ice_tc_lib.c b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
index 49ed5fd7db10..bcbcfc67e560 100644
--- a/drivers/net/ethernet/intel/ice/ice_tc_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
@@ -779,7 +779,7 @@ ice_eswitch_add_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
 	int ret;
 	int i;
 
-	if (!flags || (flags & ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT)) {
+	if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT) {
 		NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported encap field(s)");
 		return -EOPNOTSUPP;
 	}

From patchwork Tue Apr 16 20:24:08 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Nguyen <anthony.l.nguyen@intel.com>
X-Patchwork-Id: 13632559
X-Patchwork-Delegate: kuba@kernel.org
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.21])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7AD27139D18
	for <netdev@vger.kernel.org>; Tue, 16 Apr 2024 20:24:15 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=198.175.65.21
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713299057; cv=none;
 b=fFkiiSqNk1B6Jvz7mZLJLx8dspGN8fzzyrfkgpcL4XVdp9RT+1oIDG4HTj3Y5FHM0/ZZqcLfzOyfSY/jV26T9dd46Xjk5xtrr/4BWAyDJrMXSLk6khHVRSLv93SZi9skanLfFz8B5kd3NvILXjS3T+1R1e+qJGgXiD7l3lmhvm8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713299057; c=relaxed/simple;
	bh=Xy691gG63Qt3bA4amjinW1w/KYLE226an9o6FoGMMEI=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=bPoHu7StmyLjbd9HVcr3dLc6ZKjvIdQdViD1jVpOH3zmsHn/NYVYa4yKTRGSwNg4FQKkTnlcDOd3Syze0RjPNpiqmvZ1OCm0tcIPLVbkw5dq1cCdFcjTwivDZTlT1gyTvG4M/xBSn/4ebxJWEn2hBJCE8cORyE3W+d+cXlN1nGY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com;
 spf=pass smtp.mailfrom=intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=ludVfeBj; arc=none smtp.client-ip=198.175.65.21
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="ludVfeBj"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1713299055; x=1744835055;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=Xy691gG63Qt3bA4amjinW1w/KYLE226an9o6FoGMMEI=;
  b=ludVfeBjhb0Yddfw4s3LnOa3gJsApNKPayIqcyh+oWAztInUWF/Cz2le
   x0HxGTa/kbmpCER3LDMjVytMIy7/70ZW7uh7nH2RvJYuNAHg/LQ2tt4FS
   jWU+qGIDEBoiPPa32cHJBfJnkNqg6W8ccuDegzNcDyZHZeLta+SJginA7
   +/Rtlal+ab5zB30o5CnvMcBxi5rCzwscLzudB1D0Y8cm0oLfyJ+e0e9pi
   6eZ1mRxYBjPuT9xouLHvQ43+rdxa8hOAgqLFtt1JhZA5pJRkpkqZ9ne5z
   6hPFn/Ht7cVDhwNqrIxZEA992PFJgUQ9FuXRmYndyYWIkZdaKkkN+y/z/
   A==;
X-CSE-ConnectionGUID: HKYiwdcWRcK3gAU+EaVbEw==
X-CSE-MsgGUID: HRbKAdVQQaSHHfb3BMyB2Q==
X-IronPort-AV: E=McAfee;i="6600,9927,11046"; a="8688463"
X-IronPort-AV: E=Sophos;i="6.07,207,1708416000";
   d="scan'208";a="8688463"
Received: from fmviesa003.fm.intel.com ([10.60.135.143])
  by orvoesa113.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 16 Apr 2024 13:24:13 -0700
X-CSE-ConnectionGUID: wLiifA18TZuMNNLObzging==
X-CSE-MsgGUID: 5H1DzLZfSYOQrVBQO5TXJA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,207,1708416000";
   d="scan'208";a="26941880"
Received: from anguy11-upstream.jf.intel.com ([10.166.9.133])
  by fmviesa003.fm.intel.com with ESMTP; 16 Apr 2024 13:24:13 -0700
From: Tony Nguyen <anthony.l.nguyen@intel.com>
To: davem@davemloft.net,
	kuba@kernel.org,
	pabeni@redhat.com,
	edumazet@google.com,
	netdev@vger.kernel.org
Cc: Marcin Szycik <marcin.szycik@linux.intel.com>,
	anthony.l.nguyen@intel.com,
	Michal Swiatkowski <michal.swiatkowski@linux.intel.com>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Sujai Buvaneswaran <sujai.buvaneswaran@intel.com>
Subject: [PATCH net 3/3] ice: Fix checking for unsupported keys on non-tunnel
 device
Date: Tue, 16 Apr 2024 13:24:08 -0700
Message-ID: <20240416202409.2008383-4-anthony.l.nguyen@intel.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240416202409.2008383-1-anthony.l.nguyen@intel.com>
References: <20240416202409.2008383-1-anthony.l.nguyen@intel.com>
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Patchwork-Delegate: kuba@kernel.org

From: Marcin Szycik <marcin.szycik@linux.intel.com>

Add missing FLOW_DISSECTOR_KEY_ENC_* checks to TC flower filter parsing.
Without these checks, it would be possible to add filters with tunnel
options on non-tunnel devices. enc_* options are only valid for tunnel
devices.

Example:
  devlink dev eswitch set $PF1_PCI mode switchdev
  echo 1 > /sys/class/net/$PF1/device/sriov_numvfs
  tc qdisc add dev $VF1_PR ingress
  ethtool -K $PF1 hw-tc-offload on
  tc filter add dev $VF1_PR ingress flower enc_ttl 12 skip_sw action drop

Fixes: 9e300987d4a8 ("ice: VXLAN and Geneve TC support")
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Signed-off-by: Marcin Szycik <marcin.szycik@linux.intel.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Sujai Buvaneswaran <sujai.buvaneswaran@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
---
 drivers/net/ethernet/intel/ice/ice_tc_lib.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/intel/ice/ice_tc_lib.c b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
index bcbcfc67e560..688ccb0615ab 100644
--- a/drivers/net/ethernet/intel/ice/ice_tc_lib.c
+++ b/drivers/net/ethernet/intel/ice/ice_tc_lib.c
@@ -1489,7 +1489,10 @@ ice_parse_cls_flower(struct net_device *filter_dev, struct ice_vsi *vsi,
 		  (BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) |
 		   BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) |
 		   BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) |
-		   BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS))) {
+		   BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS) |
+		   BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IP) |
+		   BIT_ULL(FLOW_DISSECTOR_KEY_ENC_OPTS) |
+		   BIT_ULL(FLOW_DISSECTOR_KEY_ENC_CONTROL))) {
 		NL_SET_ERR_MSG_MOD(fltr->extack, "Tunnel key used, but device isn't a tunnel");
 		return -EOPNOTSUPP;
 	} else {