Commit 3c4d7902 authored by Jakub Kicinski's avatar Jakub Kicinski

Merge branch 'net-lan966x-flower-validate-control-flags'

Asbjørn Sloth Tønnesen says:

====================
net: lan966x: flower: validate control flags

This series adds flower control flags validation to the
lan966x driver, and changes it from assuming that it handles
all control flags, to instead reject rules if they have
masked any unknown/unsupported control flags.

v1: https://lore.kernel.org/netdev/20240423102720.228728-1-ast@fiberby.net/
====================

Link: https://lore.kernel.org/r/20240424125347.461995-1-ast@fiberby.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents df654941 8c65e27b
...@@ -45,6 +45,7 @@ static bool lan966x_tc_is_known_etype(struct vcap_tc_flower_parse_usage *st, ...@@ -45,6 +45,7 @@ static bool lan966x_tc_is_known_etype(struct vcap_tc_flower_parse_usage *st,
static int static int
lan966x_tc_flower_handler_control_usage(struct vcap_tc_flower_parse_usage *st) lan966x_tc_flower_handler_control_usage(struct vcap_tc_flower_parse_usage *st)
{ {
struct netlink_ext_ack *extack = st->fco->common.extack;
struct flow_match_control match; struct flow_match_control match;
int err = 0; int err = 0;
...@@ -59,7 +60,7 @@ lan966x_tc_flower_handler_control_usage(struct vcap_tc_flower_parse_usage *st) ...@@ -59,7 +60,7 @@ lan966x_tc_flower_handler_control_usage(struct vcap_tc_flower_parse_usage *st)
VCAP_KF_L3_FRAGMENT, VCAP_KF_L3_FRAGMENT,
VCAP_BIT_0); VCAP_BIT_0);
if (err) if (err)
goto out; goto bad_frag_out;
} }
if (match.mask->flags & FLOW_DIS_FIRST_FRAG) { if (match.mask->flags & FLOW_DIS_FIRST_FRAG) {
...@@ -72,15 +73,20 @@ lan966x_tc_flower_handler_control_usage(struct vcap_tc_flower_parse_usage *st) ...@@ -72,15 +73,20 @@ lan966x_tc_flower_handler_control_usage(struct vcap_tc_flower_parse_usage *st)
VCAP_KF_L3_FRAG_OFS_GT0, VCAP_KF_L3_FRAG_OFS_GT0,
VCAP_BIT_1); VCAP_BIT_1);
if (err) if (err)
goto out; goto bad_frag_out;
} }
if (!flow_rule_is_supp_control_flags(FLOW_DIS_IS_FRAGMENT |
FLOW_DIS_FIRST_FRAG,
match.mask->flags, extack))
return -EOPNOTSUPP;
st->used_keys |= BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL); st->used_keys |= BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL);
return err; return err;
out: bad_frag_out:
NL_SET_ERR_MSG_MOD(st->fco->common.extack, "ip_frag parse error"); NL_SET_ERR_MSG_MOD(extack, "ip_frag parse error");
return err; return err;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment