diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2024-04-25 19:35:10 -0700 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2024-04-25 19:35:11 -0700 |
| commit | df654941d8711e184fe945935591eaadcb4fd34f (patch) | |
| tree | 3414fd64499b0f74c7e2208d582e3d410aa98668 | |
| parent | c984f374aeec6118d59f115bb69ff1a7344a0443 (diff) | |
| parent | 8ef631e9c995d397dafd1565b82e9ab933fa25a6 (diff) | |
| download | ath-df654941d8711e184fe945935591eaadcb4fd34f.tar.gz | |
Merge branch 'net-sparx5-flower-validate-control-flags'
Asbjørn Sloth Tønnesen says:
====================
net: sparx5: flower: validate control flags
This series adds flower control flags validation to the
sparx5 driver, and changes it from assuming that it handles
all control flags, to instead reject rules if they have
masked any unknown/unsupported control flags.
Reviewed-by: Daniel Machon <daniel.machon@microchip.com>
Tested-by: Daniel Machon <daniel.machon@microchip.com>
v1: https://lore.kernel.org/netdev/20240423102728.228765-1-ast@fiberby.net/
====================
Link: https://lore.kernel.org/r/20240424121632.459022-1-ast@fiberby.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
| -rw-r--r-- | drivers/net/ethernet/microchip/sparx5/sparx5_tc_flower.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/drivers/net/ethernet/microchip/sparx5/sparx5_tc_flower.c b/drivers/net/ethernet/microchip/sparx5/sparx5_tc_flower.c index 663571fe7b2dd1..8d67d9f24c76bf 100644 --- a/drivers/net/ethernet/microchip/sparx5/sparx5_tc_flower.c +++ b/drivers/net/ethernet/microchip/sparx5/sparx5_tc_flower.c @@ -159,13 +159,14 @@ out: static int sparx5_tc_flower_handler_control_usage(struct vcap_tc_flower_parse_usage *st) { + struct netlink_ext_ack *extack = st->fco->common.extack; struct flow_match_control mt; u32 value, mask; int err = 0; flow_rule_match_control(st->frule, &mt); - if (mt.mask->flags) { + if (mt.mask->flags & (FLOW_DIS_IS_FRAGMENT | FLOW_DIS_FIRST_FRAG)) { u8 is_frag_key = !!(mt.key->flags & FLOW_DIS_IS_FRAGMENT); u8 is_frag_mask = !!(mt.mask->flags & FLOW_DIS_IS_FRAGMENT); u8 is_frag_idx = (is_frag_key << 1) | is_frag_mask; @@ -178,7 +179,7 @@ sparx5_tc_flower_handler_control_usage(struct vcap_tc_flower_parse_usage *st) u8 vdt = sparx5_vcap_frag_map[is_frag_idx][first_frag_idx]; if (vdt == FRAG_INVAL) { - NL_SET_ERR_MSG_MOD(st->fco->common.extack, + NL_SET_ERR_MSG_MOD(extack, "Match on invalid fragment flag combination"); return -EINVAL; } @@ -190,16 +191,19 @@ sparx5_tc_flower_handler_control_usage(struct vcap_tc_flower_parse_usage *st) err = vcap_rule_add_key_u32(st->vrule, VCAP_KF_L3_FRAGMENT_TYPE, value, mask); - if (err) - goto out; + if (err) { + NL_SET_ERR_MSG_MOD(extack, "ip_frag parse error"); + return err; + } } - st->used_keys |= BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL); + if (!flow_rule_is_supp_control_flags(FLOW_DIS_IS_FRAGMENT | + FLOW_DIS_FIRST_FRAG, + mt.mask->flags, extack)) + return -EOPNOTSUPP; - return err; + st->used_keys |= BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL); -out: - NL_SET_ERR_MSG_MOD(st->fco->common.extack, "ip_frag parse error"); return err; } |