1 /*
2 * Copyright (c) 2016, Mellanox Technologies. All rights reserved.
3 *
4 * This software is available to you under a choice of one of two
5 * licenses. You may choose to be licensed under the terms of the GNU
6 * General Public License (GPL) Version 2, available from the file
7 * COPYING in the main directory of this source tree, or the
8 * OpenIB.org BSD license below:
9 *
10 * Redistribution and use in source and binary forms, with or
11 * without modification, are permitted provided that the following
12 * conditions are met:
13 *
14 * - Redistributions of source code must retain the above
15 * copyright notice, this list of conditions and the following
16 * disclaimer.
17 *
18 * - Redistributions in binary form must reproduce the above
19 * copyright notice, this list of conditions and the following
20 * disclaimer in the documentation and/or other materials
21 * provided with the distribution.
22 *
23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30 * SOFTWARE.
31 */
32
33 #include <net/flow_dissector.h>
34 #include <net/flow_offload.h>
35 #include <net/sch_generic.h>
36 #include <net/pkt_cls.h>
37 #include <linux/mlx5/fs.h>
38 #include <linux/mlx5/device.h>
39 #include <linux/rhashtable.h>
40 #include <linux/refcount.h>
41 #include <linux/completion.h>
42 #include <net/tc_act/tc_pedit.h>
43 #include <net/tc_act/tc_csum.h>
44 #include <net/psample.h>
45 #include <net/arp.h>
46 #include <net/ipv6_stubs.h>
47 #include <net/bareudp.h>
48 #include <net/bonding.h>
49 #include "en.h"
50 #include "en/tc/post_act.h"
51 #include "en_rep.h"
52 #include "en/rep/tc.h"
53 #include "en/rep/neigh.h"
54 #include "en_tc.h"
55 #include "eswitch.h"
56 #include "fs_core.h"
57 #include "en/port.h"
58 #include "en/tc_tun.h"
59 #include "en/mapping.h"
60 #include "en/tc_ct.h"
61 #include "en/mod_hdr.h"
62 #include "en/tc_priv.h"
63 #include "en/tc_tun_encap.h"
64 #include "en/tc/sample.h"
65 #include "lib/devcom.h"
66 #include "lib/geneve.h"
67 #include "lib/fs_chains.h"
68 #include "diag/en_tc_tracepoint.h"
69 #include <asm/div64.h>
70 #include "lag.h"
71 #include "lag_mp.h"
72
73 #define nic_chains(priv) ((priv)->fs.tc.chains)
74 #define MLX5_MH_ACT_SZ MLX5_UN_SZ_BYTES(set_add_copy_action_in_auto)
75
76 #define MLX5E_TC_TABLE_NUM_GROUPS 4
77 #define MLX5E_TC_TABLE_MAX_GROUP_SIZE BIT(18)
78
79 struct mlx5e_tc_attr_to_reg_mapping mlx5e_tc_attr_to_reg_mappings[] = {
80 [CHAIN_TO_REG] = {
81 .mfield = MLX5_ACTION_IN_FIELD_METADATA_REG_C_0,
82 .moffset = 0,
83 .mlen = 16,
84 },
85 [VPORT_TO_REG] = {
86 .mfield = MLX5_ACTION_IN_FIELD_METADATA_REG_C_0,
87 .moffset = 16,
88 .mlen = 16,
89 },
90 [TUNNEL_TO_REG] = {
91 .mfield = MLX5_ACTION_IN_FIELD_METADATA_REG_C_1,
92 .moffset = 8,
93 .mlen = ESW_TUN_OPTS_BITS + ESW_TUN_ID_BITS,
94 .soffset = MLX5_BYTE_OFF(fte_match_param,
95 misc_parameters_2.metadata_reg_c_1),
96 },
97 [ZONE_TO_REG] = zone_to_reg_ct,
98 [ZONE_RESTORE_TO_REG] = zone_restore_to_reg_ct,
99 [CTSTATE_TO_REG] = ctstate_to_reg_ct,
100 [MARK_TO_REG] = mark_to_reg_ct,
101 [LABELS_TO_REG] = labels_to_reg_ct,
102 [FTEID_TO_REG] = fteid_to_reg_ct,
103 /* For NIC rules we store the restore metadata directly
104 * into reg_b that is passed to SW since we don't
105 * jump between steering domains.
106 */
107 [NIC_CHAIN_TO_REG] = {
108 .mfield = MLX5_ACTION_IN_FIELD_METADATA_REG_B,
109 .moffset = 0,
110 .mlen = 16,
111 },
112 [NIC_ZONE_RESTORE_TO_REG] = nic_zone_restore_to_reg_ct,
113 };
114
115 /* To avoid false lock dependency warning set the tc_ht lock
116 * class different than the lock class of the ht being used when deleting
117 * last flow from a group and then deleting a group, we get into del_sw_flow_group()
118 * which call rhashtable_destroy on fg->ftes_hash which will take ht->mutex but
119 * it's different than the ht->mutex here.
120 */
121 static struct lock_class_key tc_ht_lock_key;
122
123 static void mlx5e_put_flow_tunnel_id(struct mlx5e_tc_flow *flow);
124
125 void
mlx5e_tc_match_to_reg_match(struct mlx5_flow_spec * spec,enum mlx5e_tc_attr_to_reg type,u32 val,u32 mask)126 mlx5e_tc_match_to_reg_match(struct mlx5_flow_spec *spec,
127 enum mlx5e_tc_attr_to_reg type,
128 u32 val,
129 u32 mask)
130 {
131 void *headers_c = spec->match_criteria, *headers_v = spec->match_value, *fmask, *fval;
132 int soffset = mlx5e_tc_attr_to_reg_mappings[type].soffset;
133 int moffset = mlx5e_tc_attr_to_reg_mappings[type].moffset;
134 int match_len = mlx5e_tc_attr_to_reg_mappings[type].mlen;
135 u32 max_mask = GENMASK(match_len - 1, 0);
136 __be32 curr_mask_be, curr_val_be;
137 u32 curr_mask, curr_val;
138
139 fmask = headers_c + soffset;
140 fval = headers_v + soffset;
141
142 memcpy(&curr_mask_be, fmask, 4);
143 memcpy(&curr_val_be, fval, 4);
144
145 curr_mask = be32_to_cpu(curr_mask_be);
146 curr_val = be32_to_cpu(curr_val_be);
147
148 //move to correct offset
149 WARN_ON(mask > max_mask);
150 mask <<= moffset;
151 val <<= moffset;
152 max_mask <<= moffset;
153
154 //zero val and mask
155 curr_mask &= ~max_mask;
156 curr_val &= ~max_mask;
157
158 //add current to mask
159 curr_mask |= mask;
160 curr_val |= val;
161
162 //back to be32 and write
163 curr_mask_be = cpu_to_be32(curr_mask);
164 curr_val_be = cpu_to_be32(curr_val);
165
166 memcpy(fmask, &curr_mask_be, 4);
167 memcpy(fval, &curr_val_be, 4);
168
169 spec->match_criteria_enable |= MLX5_MATCH_MISC_PARAMETERS_2;
170 }
171
172 void
mlx5e_tc_match_to_reg_get_match(struct mlx5_flow_spec * spec,enum mlx5e_tc_attr_to_reg type,u32 * val,u32 * mask)173 mlx5e_tc_match_to_reg_get_match(struct mlx5_flow_spec *spec,
174 enum mlx5e_tc_attr_to_reg type,
175 u32 *val,
176 u32 *mask)
177 {
178 void *headers_c = spec->match_criteria, *headers_v = spec->match_value, *fmask, *fval;
179 int soffset = mlx5e_tc_attr_to_reg_mappings[type].soffset;
180 int moffset = mlx5e_tc_attr_to_reg_mappings[type].moffset;
181 int match_len = mlx5e_tc_attr_to_reg_mappings[type].mlen;
182 u32 max_mask = GENMASK(match_len - 1, 0);
183 __be32 curr_mask_be, curr_val_be;
184 u32 curr_mask, curr_val;
185
186 fmask = headers_c + soffset;
187 fval = headers_v + soffset;
188
189 memcpy(&curr_mask_be, fmask, 4);
190 memcpy(&curr_val_be, fval, 4);
191
192 curr_mask = be32_to_cpu(curr_mask_be);
193 curr_val = be32_to_cpu(curr_val_be);
194
195 *mask = (curr_mask >> moffset) & max_mask;
196 *val = (curr_val >> moffset) & max_mask;
197 }
198
199 int
mlx5e_tc_match_to_reg_set_and_get_id(struct mlx5_core_dev * mdev,struct mlx5e_tc_mod_hdr_acts * mod_hdr_acts,enum mlx5_flow_namespace_type ns,enum mlx5e_tc_attr_to_reg type,u32 data)200 mlx5e_tc_match_to_reg_set_and_get_id(struct mlx5_core_dev *mdev,
201 struct mlx5e_tc_mod_hdr_acts *mod_hdr_acts,
202 enum mlx5_flow_namespace_type ns,
203 enum mlx5e_tc_attr_to_reg type,
204 u32 data)
205 {
206 int moffset = mlx5e_tc_attr_to_reg_mappings[type].moffset;
207 int mfield = mlx5e_tc_attr_to_reg_mappings[type].mfield;
208 int mlen = mlx5e_tc_attr_to_reg_mappings[type].mlen;
209 char *modact;
210 int err;
211
212 err = alloc_mod_hdr_actions(mdev, ns, mod_hdr_acts);
213 if (err)
214 return err;
215
216 modact = mod_hdr_acts->actions +
217 (mod_hdr_acts->num_actions * MLX5_MH_ACT_SZ);
218
219 /* Firmware has 5bit length field and 0 means 32bits */
220 if (mlen == 32)
221 mlen = 0;
222
223 MLX5_SET(set_action_in, modact, action_type, MLX5_ACTION_TYPE_SET);
224 MLX5_SET(set_action_in, modact, field, mfield);
225 MLX5_SET(set_action_in, modact, offset, moffset);
226 MLX5_SET(set_action_in, modact, length, mlen);
227 MLX5_SET(set_action_in, modact, data, data);
228 err = mod_hdr_acts->num_actions;
229 mod_hdr_acts->num_actions++;
230
231 return err;
232 }
233
234 static struct mlx5_tc_ct_priv *
get_ct_priv(struct mlx5e_priv * priv)235 get_ct_priv(struct mlx5e_priv *priv)
236 {
237 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
238 struct mlx5_rep_uplink_priv *uplink_priv;
239 struct mlx5e_rep_priv *uplink_rpriv;
240
241 if (is_mdev_switchdev_mode(priv->mdev)) {
242 uplink_rpriv = mlx5_eswitch_get_uplink_priv(esw, REP_ETH);
243 uplink_priv = &uplink_rpriv->uplink_priv;
244
245 return uplink_priv->ct_priv;
246 }
247
248 return priv->fs.tc.ct;
249 }
250
251 #if IS_ENABLED(CONFIG_MLX5_TC_SAMPLE)
252 static struct mlx5e_tc_psample *
get_sample_priv(struct mlx5e_priv * priv)253 get_sample_priv(struct mlx5e_priv *priv)
254 {
255 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
256 struct mlx5_rep_uplink_priv *uplink_priv;
257 struct mlx5e_rep_priv *uplink_rpriv;
258
259 if (is_mdev_switchdev_mode(priv->mdev)) {
260 uplink_rpriv = mlx5_eswitch_get_uplink_priv(esw, REP_ETH);
261 uplink_priv = &uplink_rpriv->uplink_priv;
262
263 return uplink_priv->tc_psample;
264 }
265
266 return NULL;
267 }
268 #endif
269
270 struct mlx5_flow_handle *
mlx5_tc_rule_insert(struct mlx5e_priv * priv,struct mlx5_flow_spec * spec,struct mlx5_flow_attr * attr)271 mlx5_tc_rule_insert(struct mlx5e_priv *priv,
272 struct mlx5_flow_spec *spec,
273 struct mlx5_flow_attr *attr)
274 {
275 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
276
277 if (is_mdev_switchdev_mode(priv->mdev))
278 return mlx5_eswitch_add_offloaded_rule(esw, spec, attr);
279
280 return mlx5e_add_offloaded_nic_rule(priv, spec, attr);
281 }
282
283 void
mlx5_tc_rule_delete(struct mlx5e_priv * priv,struct mlx5_flow_handle * rule,struct mlx5_flow_attr * attr)284 mlx5_tc_rule_delete(struct mlx5e_priv *priv,
285 struct mlx5_flow_handle *rule,
286 struct mlx5_flow_attr *attr)
287 {
288 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
289
290 if (is_mdev_switchdev_mode(priv->mdev)) {
291 mlx5_eswitch_del_offloaded_rule(esw, rule, attr);
292
293 return;
294 }
295
296 mlx5e_del_offloaded_nic_rule(priv, rule, attr);
297 }
298
299 int
mlx5e_tc_match_to_reg_set(struct mlx5_core_dev * mdev,struct mlx5e_tc_mod_hdr_acts * mod_hdr_acts,enum mlx5_flow_namespace_type ns,enum mlx5e_tc_attr_to_reg type,u32 data)300 mlx5e_tc_match_to_reg_set(struct mlx5_core_dev *mdev,
301 struct mlx5e_tc_mod_hdr_acts *mod_hdr_acts,
302 enum mlx5_flow_namespace_type ns,
303 enum mlx5e_tc_attr_to_reg type,
304 u32 data)
305 {
306 int ret = mlx5e_tc_match_to_reg_set_and_get_id(mdev, mod_hdr_acts, ns, type, data);
307
308 return ret < 0 ? ret : 0;
309 }
310
mlx5e_tc_match_to_reg_mod_hdr_change(struct mlx5_core_dev * mdev,struct mlx5e_tc_mod_hdr_acts * mod_hdr_acts,enum mlx5e_tc_attr_to_reg type,int act_id,u32 data)311 void mlx5e_tc_match_to_reg_mod_hdr_change(struct mlx5_core_dev *mdev,
312 struct mlx5e_tc_mod_hdr_acts *mod_hdr_acts,
313 enum mlx5e_tc_attr_to_reg type,
314 int act_id, u32 data)
315 {
316 int moffset = mlx5e_tc_attr_to_reg_mappings[type].moffset;
317 int mfield = mlx5e_tc_attr_to_reg_mappings[type].mfield;
318 int mlen = mlx5e_tc_attr_to_reg_mappings[type].mlen;
319 char *modact;
320
321 modact = mod_hdr_acts->actions + (act_id * MLX5_MH_ACT_SZ);
322
323 /* Firmware has 5bit length field and 0 means 32bits */
324 if (mlen == 32)
325 mlen = 0;
326
327 MLX5_SET(set_action_in, modact, action_type, MLX5_ACTION_TYPE_SET);
328 MLX5_SET(set_action_in, modact, field, mfield);
329 MLX5_SET(set_action_in, modact, offset, moffset);
330 MLX5_SET(set_action_in, modact, length, mlen);
331 MLX5_SET(set_action_in, modact, data, data);
332 }
333
334 struct mlx5e_hairpin {
335 struct mlx5_hairpin *pair;
336
337 struct mlx5_core_dev *func_mdev;
338 struct mlx5e_priv *func_priv;
339 u32 tdn;
340 struct mlx5e_tir direct_tir;
341
342 int num_channels;
343 struct mlx5e_rqt indir_rqt;
344 struct mlx5e_tir indir_tir[MLX5E_NUM_INDIR_TIRS];
345 struct mlx5_ttc_table *ttc;
346 };
347
348 struct mlx5e_hairpin_entry {
349 /* a node of a hash table which keeps all the hairpin entries */
350 struct hlist_node hairpin_hlist;
351
352 /* protects flows list */
353 spinlock_t flows_lock;
354 /* flows sharing the same hairpin */
355 struct list_head flows;
356 /* hpe's that were not fully initialized when dead peer update event
357 * function traversed them.
358 */
359 struct list_head dead_peer_wait_list;
360
361 u16 peer_vhca_id;
362 u8 prio;
363 struct mlx5e_hairpin *hp;
364 refcount_t refcnt;
365 struct completion res_ready;
366 };
367
368 static void mlx5e_tc_del_flow(struct mlx5e_priv *priv,
369 struct mlx5e_tc_flow *flow);
370
mlx5e_flow_get(struct mlx5e_tc_flow * flow)371 struct mlx5e_tc_flow *mlx5e_flow_get(struct mlx5e_tc_flow *flow)
372 {
373 if (!flow || !refcount_inc_not_zero(&flow->refcnt))
374 return ERR_PTR(-EINVAL);
375 return flow;
376 }
377
mlx5e_flow_put(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow)378 void mlx5e_flow_put(struct mlx5e_priv *priv, struct mlx5e_tc_flow *flow)
379 {
380 if (refcount_dec_and_test(&flow->refcnt)) {
381 mlx5e_tc_del_flow(priv, flow);
382 kfree_rcu(flow, rcu_head);
383 }
384 }
385
mlx5e_is_eswitch_flow(struct mlx5e_tc_flow * flow)386 bool mlx5e_is_eswitch_flow(struct mlx5e_tc_flow *flow)
387 {
388 return flow_flag_test(flow, ESWITCH);
389 }
390
mlx5e_is_ft_flow(struct mlx5e_tc_flow * flow)391 static bool mlx5e_is_ft_flow(struct mlx5e_tc_flow *flow)
392 {
393 return flow_flag_test(flow, FT);
394 }
395
mlx5e_is_offloaded_flow(struct mlx5e_tc_flow * flow)396 bool mlx5e_is_offloaded_flow(struct mlx5e_tc_flow *flow)
397 {
398 return flow_flag_test(flow, OFFLOADED);
399 }
400
get_flow_name_space(struct mlx5e_tc_flow * flow)401 static int get_flow_name_space(struct mlx5e_tc_flow *flow)
402 {
403 return mlx5e_is_eswitch_flow(flow) ?
404 MLX5_FLOW_NAMESPACE_FDB : MLX5_FLOW_NAMESPACE_KERNEL;
405 }
406
407 static struct mod_hdr_tbl *
get_mod_hdr_table(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow)408 get_mod_hdr_table(struct mlx5e_priv *priv, struct mlx5e_tc_flow *flow)
409 {
410 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
411
412 return get_flow_name_space(flow) == MLX5_FLOW_NAMESPACE_FDB ?
413 &esw->offloads.mod_hdr :
414 &priv->fs.tc.mod_hdr;
415 }
416
mlx5e_attach_mod_hdr(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow,struct mlx5e_tc_flow_parse_attr * parse_attr)417 static int mlx5e_attach_mod_hdr(struct mlx5e_priv *priv,
418 struct mlx5e_tc_flow *flow,
419 struct mlx5e_tc_flow_parse_attr *parse_attr)
420 {
421 struct mlx5_modify_hdr *modify_hdr;
422 struct mlx5e_mod_hdr_handle *mh;
423
424 mh = mlx5e_mod_hdr_attach(priv->mdev, get_mod_hdr_table(priv, flow),
425 get_flow_name_space(flow),
426 &parse_attr->mod_hdr_acts);
427 if (IS_ERR(mh))
428 return PTR_ERR(mh);
429
430 modify_hdr = mlx5e_mod_hdr_get(mh);
431 flow->attr->modify_hdr = modify_hdr;
432 flow->mh = mh;
433
434 return 0;
435 }
436
mlx5e_detach_mod_hdr(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow)437 static void mlx5e_detach_mod_hdr(struct mlx5e_priv *priv,
438 struct mlx5e_tc_flow *flow)
439 {
440 /* flow wasn't fully initialized */
441 if (!flow->mh)
442 return;
443
444 mlx5e_mod_hdr_detach(priv->mdev, get_mod_hdr_table(priv, flow),
445 flow->mh);
446 flow->mh = NULL;
447 }
448
449 static
mlx5e_hairpin_get_mdev(struct net * net,int ifindex)450 struct mlx5_core_dev *mlx5e_hairpin_get_mdev(struct net *net, int ifindex)
451 {
452 struct mlx5_core_dev *mdev;
453 struct net_device *netdev;
454 struct mlx5e_priv *priv;
455
456 netdev = dev_get_by_index(net, ifindex);
457 if (!netdev)
458 return ERR_PTR(-ENODEV);
459
460 priv = netdev_priv(netdev);
461 mdev = priv->mdev;
462 dev_put(netdev);
463
464 /* Mirred tc action holds a refcount on the ifindex net_device (see
465 * net/sched/act_mirred.c:tcf_mirred_get_dev). So, it's okay to continue using mdev
466 * after dev_put(netdev), while we're in the context of adding a tc flow.
467 *
468 * The mdev pointer corresponds to the peer/out net_device of a hairpin. It is then
469 * stored in a hairpin object, which exists until all flows, that refer to it, get
470 * removed.
471 *
472 * On the other hand, after a hairpin object has been created, the peer net_device may
473 * be removed/unbound while there are still some hairpin flows that are using it. This
474 * case is handled by mlx5e_tc_hairpin_update_dead_peer, which is hooked to
475 * NETDEV_UNREGISTER event of the peer net_device.
476 */
477 return mdev;
478 }
479
mlx5e_hairpin_create_transport(struct mlx5e_hairpin * hp)480 static int mlx5e_hairpin_create_transport(struct mlx5e_hairpin *hp)
481 {
482 struct mlx5e_tir_builder *builder;
483 int err;
484
485 builder = mlx5e_tir_builder_alloc(false);
486 if (!builder)
487 return -ENOMEM;
488
489 err = mlx5_core_alloc_transport_domain(hp->func_mdev, &hp->tdn);
490 if (err)
491 goto out;
492
493 mlx5e_tir_builder_build_inline(builder, hp->tdn, hp->pair->rqn[0]);
494 err = mlx5e_tir_init(&hp->direct_tir, builder, hp->func_mdev, false);
495 if (err)
496 goto create_tir_err;
497
498 out:
499 mlx5e_tir_builder_free(builder);
500 return err;
501
502 create_tir_err:
503 mlx5_core_dealloc_transport_domain(hp->func_mdev, hp->tdn);
504
505 goto out;
506 }
507
mlx5e_hairpin_destroy_transport(struct mlx5e_hairpin * hp)508 static void mlx5e_hairpin_destroy_transport(struct mlx5e_hairpin *hp)
509 {
510 mlx5e_tir_destroy(&hp->direct_tir);
511 mlx5_core_dealloc_transport_domain(hp->func_mdev, hp->tdn);
512 }
513
mlx5e_hairpin_create_indirect_rqt(struct mlx5e_hairpin * hp)514 static int mlx5e_hairpin_create_indirect_rqt(struct mlx5e_hairpin *hp)
515 {
516 struct mlx5e_priv *priv = hp->func_priv;
517 struct mlx5_core_dev *mdev = priv->mdev;
518 struct mlx5e_rss_params_indir *indir;
519 int err;
520
521 indir = kvmalloc(sizeof(*indir), GFP_KERNEL);
522 if (!indir)
523 return -ENOMEM;
524
525 mlx5e_rss_params_indir_init_uniform(indir, hp->num_channels);
526 err = mlx5e_rqt_init_indir(&hp->indir_rqt, mdev, hp->pair->rqn, hp->num_channels,
527 mlx5e_rx_res_get_current_hash(priv->rx_res).hfunc,
528 indir);
529
530 kvfree(indir);
531 return err;
532 }
533
mlx5e_hairpin_create_indirect_tirs(struct mlx5e_hairpin * hp)534 static int mlx5e_hairpin_create_indirect_tirs(struct mlx5e_hairpin *hp)
535 {
536 struct mlx5e_priv *priv = hp->func_priv;
537 struct mlx5e_rss_params_hash rss_hash;
538 enum mlx5_traffic_types tt, max_tt;
539 struct mlx5e_tir_builder *builder;
540 int err = 0;
541
542 builder = mlx5e_tir_builder_alloc(false);
543 if (!builder)
544 return -ENOMEM;
545
546 rss_hash = mlx5e_rx_res_get_current_hash(priv->rx_res);
547
548 for (tt = 0; tt < MLX5E_NUM_INDIR_TIRS; tt++) {
549 struct mlx5e_rss_params_traffic_type rss_tt;
550
551 rss_tt = mlx5e_rss_get_default_tt_config(tt);
552
553 mlx5e_tir_builder_build_rqt(builder, hp->tdn,
554 mlx5e_rqt_get_rqtn(&hp->indir_rqt),
555 false);
556 mlx5e_tir_builder_build_rss(builder, &rss_hash, &rss_tt, false);
557
558 err = mlx5e_tir_init(&hp->indir_tir[tt], builder, hp->func_mdev, false);
559 if (err) {
560 mlx5_core_warn(hp->func_mdev, "create indirect tirs failed, %d\n", err);
561 goto err_destroy_tirs;
562 }
563
564 mlx5e_tir_builder_clear(builder);
565 }
566
567 out:
568 mlx5e_tir_builder_free(builder);
569 return err;
570
571 err_destroy_tirs:
572 max_tt = tt;
573 for (tt = 0; tt < max_tt; tt++)
574 mlx5e_tir_destroy(&hp->indir_tir[tt]);
575
576 goto out;
577 }
578
mlx5e_hairpin_destroy_indirect_tirs(struct mlx5e_hairpin * hp)579 static void mlx5e_hairpin_destroy_indirect_tirs(struct mlx5e_hairpin *hp)
580 {
581 int tt;
582
583 for (tt = 0; tt < MLX5E_NUM_INDIR_TIRS; tt++)
584 mlx5e_tir_destroy(&hp->indir_tir[tt]);
585 }
586
mlx5e_hairpin_set_ttc_params(struct mlx5e_hairpin * hp,struct ttc_params * ttc_params)587 static void mlx5e_hairpin_set_ttc_params(struct mlx5e_hairpin *hp,
588 struct ttc_params *ttc_params)
589 {
590 struct mlx5_flow_table_attr *ft_attr = &ttc_params->ft_attr;
591 int tt;
592
593 memset(ttc_params, 0, sizeof(*ttc_params));
594
595 ttc_params->ns = mlx5_get_flow_namespace(hp->func_mdev,
596 MLX5_FLOW_NAMESPACE_KERNEL);
597 for (tt = 0; tt < MLX5_NUM_TT; tt++) {
598 ttc_params->dests[tt].type = MLX5_FLOW_DESTINATION_TYPE_TIR;
599 ttc_params->dests[tt].tir_num =
600 tt == MLX5_TT_ANY ?
601 mlx5e_tir_get_tirn(&hp->direct_tir) :
602 mlx5e_tir_get_tirn(&hp->indir_tir[tt]);
603 }
604
605 ft_attr->level = MLX5E_TC_TTC_FT_LEVEL;
606 ft_attr->prio = MLX5E_TC_PRIO;
607 }
608
mlx5e_hairpin_rss_init(struct mlx5e_hairpin * hp)609 static int mlx5e_hairpin_rss_init(struct mlx5e_hairpin *hp)
610 {
611 struct mlx5e_priv *priv = hp->func_priv;
612 struct ttc_params ttc_params;
613 int err;
614
615 err = mlx5e_hairpin_create_indirect_rqt(hp);
616 if (err)
617 return err;
618
619 err = mlx5e_hairpin_create_indirect_tirs(hp);
620 if (err)
621 goto err_create_indirect_tirs;
622
623 mlx5e_hairpin_set_ttc_params(hp, &ttc_params);
624 hp->ttc = mlx5_create_ttc_table(priv->mdev, &ttc_params);
625 if (IS_ERR(hp->ttc)) {
626 err = PTR_ERR(hp->ttc);
627 goto err_create_ttc_table;
628 }
629
630 netdev_dbg(priv->netdev, "add hairpin: using %d channels rss ttc table id %x\n",
631 hp->num_channels,
632 mlx5_get_ttc_flow_table(priv->fs.ttc)->id);
633
634 return 0;
635
636 err_create_ttc_table:
637 mlx5e_hairpin_destroy_indirect_tirs(hp);
638 err_create_indirect_tirs:
639 mlx5e_rqt_destroy(&hp->indir_rqt);
640
641 return err;
642 }
643
mlx5e_hairpin_rss_cleanup(struct mlx5e_hairpin * hp)644 static void mlx5e_hairpin_rss_cleanup(struct mlx5e_hairpin *hp)
645 {
646 mlx5_destroy_ttc_table(hp->ttc);
647 mlx5e_hairpin_destroy_indirect_tirs(hp);
648 mlx5e_rqt_destroy(&hp->indir_rqt);
649 }
650
651 static struct mlx5e_hairpin *
mlx5e_hairpin_create(struct mlx5e_priv * priv,struct mlx5_hairpin_params * params,int peer_ifindex)652 mlx5e_hairpin_create(struct mlx5e_priv *priv, struct mlx5_hairpin_params *params,
653 int peer_ifindex)
654 {
655 struct mlx5_core_dev *func_mdev, *peer_mdev;
656 struct mlx5e_hairpin *hp;
657 struct mlx5_hairpin *pair;
658 int err;
659
660 hp = kzalloc(sizeof(*hp), GFP_KERNEL);
661 if (!hp)
662 return ERR_PTR(-ENOMEM);
663
664 func_mdev = priv->mdev;
665 peer_mdev = mlx5e_hairpin_get_mdev(dev_net(priv->netdev), peer_ifindex);
666 if (IS_ERR(peer_mdev)) {
667 err = PTR_ERR(peer_mdev);
668 goto create_pair_err;
669 }
670
671 pair = mlx5_core_hairpin_create(func_mdev, peer_mdev, params);
672 if (IS_ERR(pair)) {
673 err = PTR_ERR(pair);
674 goto create_pair_err;
675 }
676 hp->pair = pair;
677 hp->func_mdev = func_mdev;
678 hp->func_priv = priv;
679 hp->num_channels = params->num_channels;
680
681 err = mlx5e_hairpin_create_transport(hp);
682 if (err)
683 goto create_transport_err;
684
685 if (hp->num_channels > 1) {
686 err = mlx5e_hairpin_rss_init(hp);
687 if (err)
688 goto rss_init_err;
689 }
690
691 return hp;
692
693 rss_init_err:
694 mlx5e_hairpin_destroy_transport(hp);
695 create_transport_err:
696 mlx5_core_hairpin_destroy(hp->pair);
697 create_pair_err:
698 kfree(hp);
699 return ERR_PTR(err);
700 }
701
mlx5e_hairpin_destroy(struct mlx5e_hairpin * hp)702 static void mlx5e_hairpin_destroy(struct mlx5e_hairpin *hp)
703 {
704 if (hp->num_channels > 1)
705 mlx5e_hairpin_rss_cleanup(hp);
706 mlx5e_hairpin_destroy_transport(hp);
707 mlx5_core_hairpin_destroy(hp->pair);
708 kvfree(hp);
709 }
710
hash_hairpin_info(u16 peer_vhca_id,u8 prio)711 static inline u32 hash_hairpin_info(u16 peer_vhca_id, u8 prio)
712 {
713 return (peer_vhca_id << 16 | prio);
714 }
715
mlx5e_hairpin_get(struct mlx5e_priv * priv,u16 peer_vhca_id,u8 prio)716 static struct mlx5e_hairpin_entry *mlx5e_hairpin_get(struct mlx5e_priv *priv,
717 u16 peer_vhca_id, u8 prio)
718 {
719 struct mlx5e_hairpin_entry *hpe;
720 u32 hash_key = hash_hairpin_info(peer_vhca_id, prio);
721
722 hash_for_each_possible(priv->fs.tc.hairpin_tbl, hpe,
723 hairpin_hlist, hash_key) {
724 if (hpe->peer_vhca_id == peer_vhca_id && hpe->prio == prio) {
725 refcount_inc(&hpe->refcnt);
726 return hpe;
727 }
728 }
729
730 return NULL;
731 }
732
mlx5e_hairpin_put(struct mlx5e_priv * priv,struct mlx5e_hairpin_entry * hpe)733 static void mlx5e_hairpin_put(struct mlx5e_priv *priv,
734 struct mlx5e_hairpin_entry *hpe)
735 {
736 /* no more hairpin flows for us, release the hairpin pair */
737 if (!refcount_dec_and_mutex_lock(&hpe->refcnt, &priv->fs.tc.hairpin_tbl_lock))
738 return;
739 hash_del(&hpe->hairpin_hlist);
740 mutex_unlock(&priv->fs.tc.hairpin_tbl_lock);
741
742 if (!IS_ERR_OR_NULL(hpe->hp)) {
743 netdev_dbg(priv->netdev, "del hairpin: peer %s\n",
744 dev_name(hpe->hp->pair->peer_mdev->device));
745
746 mlx5e_hairpin_destroy(hpe->hp);
747 }
748
749 WARN_ON(!list_empty(&hpe->flows));
750 kfree(hpe);
751 }
752
753 #define UNKNOWN_MATCH_PRIO 8
754
mlx5e_hairpin_get_prio(struct mlx5e_priv * priv,struct mlx5_flow_spec * spec,u8 * match_prio,struct netlink_ext_ack * extack)755 static int mlx5e_hairpin_get_prio(struct mlx5e_priv *priv,
756 struct mlx5_flow_spec *spec, u8 *match_prio,
757 struct netlink_ext_ack *extack)
758 {
759 void *headers_c, *headers_v;
760 u8 prio_val, prio_mask = 0;
761 bool vlan_present;
762
763 #ifdef CONFIG_MLX5_CORE_EN_DCB
764 if (priv->dcbx_dp.trust_state != MLX5_QPTS_TRUST_PCP) {
765 NL_SET_ERR_MSG_MOD(extack,
766 "only PCP trust state supported for hairpin");
767 return -EOPNOTSUPP;
768 }
769 #endif
770 headers_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, outer_headers);
771 headers_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, outer_headers);
772
773 vlan_present = MLX5_GET(fte_match_set_lyr_2_4, headers_v, cvlan_tag);
774 if (vlan_present) {
775 prio_mask = MLX5_GET(fte_match_set_lyr_2_4, headers_c, first_prio);
776 prio_val = MLX5_GET(fte_match_set_lyr_2_4, headers_v, first_prio);
777 }
778
779 if (!vlan_present || !prio_mask) {
780 prio_val = UNKNOWN_MATCH_PRIO;
781 } else if (prio_mask != 0x7) {
782 NL_SET_ERR_MSG_MOD(extack,
783 "masked priority match not supported for hairpin");
784 return -EOPNOTSUPP;
785 }
786
787 *match_prio = prio_val;
788 return 0;
789 }
790
mlx5e_hairpin_flow_add(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow,struct mlx5e_tc_flow_parse_attr * parse_attr,struct netlink_ext_ack * extack)791 static int mlx5e_hairpin_flow_add(struct mlx5e_priv *priv,
792 struct mlx5e_tc_flow *flow,
793 struct mlx5e_tc_flow_parse_attr *parse_attr,
794 struct netlink_ext_ack *extack)
795 {
796 int peer_ifindex = parse_attr->mirred_ifindex[0];
797 struct mlx5_hairpin_params params;
798 struct mlx5_core_dev *peer_mdev;
799 struct mlx5e_hairpin_entry *hpe;
800 struct mlx5e_hairpin *hp;
801 u64 link_speed64;
802 u32 link_speed;
803 u8 match_prio;
804 u16 peer_id;
805 int err;
806
807 peer_mdev = mlx5e_hairpin_get_mdev(dev_net(priv->netdev), peer_ifindex);
808 if (IS_ERR(peer_mdev)) {
809 NL_SET_ERR_MSG_MOD(extack, "invalid ifindex of mirred device");
810 return PTR_ERR(peer_mdev);
811 }
812
813 if (!MLX5_CAP_GEN(priv->mdev, hairpin) || !MLX5_CAP_GEN(peer_mdev, hairpin)) {
814 NL_SET_ERR_MSG_MOD(extack, "hairpin is not supported");
815 return -EOPNOTSUPP;
816 }
817
818 peer_id = MLX5_CAP_GEN(peer_mdev, vhca_id);
819 err = mlx5e_hairpin_get_prio(priv, &parse_attr->spec, &match_prio,
820 extack);
821 if (err)
822 return err;
823
824 mutex_lock(&priv->fs.tc.hairpin_tbl_lock);
825 hpe = mlx5e_hairpin_get(priv, peer_id, match_prio);
826 if (hpe) {
827 mutex_unlock(&priv->fs.tc.hairpin_tbl_lock);
828 wait_for_completion(&hpe->res_ready);
829
830 if (IS_ERR(hpe->hp)) {
831 err = -EREMOTEIO;
832 goto out_err;
833 }
834 goto attach_flow;
835 }
836
837 hpe = kzalloc(sizeof(*hpe), GFP_KERNEL);
838 if (!hpe) {
839 mutex_unlock(&priv->fs.tc.hairpin_tbl_lock);
840 return -ENOMEM;
841 }
842
843 spin_lock_init(&hpe->flows_lock);
844 INIT_LIST_HEAD(&hpe->flows);
845 INIT_LIST_HEAD(&hpe->dead_peer_wait_list);
846 hpe->peer_vhca_id = peer_id;
847 hpe->prio = match_prio;
848 refcount_set(&hpe->refcnt, 1);
849 init_completion(&hpe->res_ready);
850
851 hash_add(priv->fs.tc.hairpin_tbl, &hpe->hairpin_hlist,
852 hash_hairpin_info(peer_id, match_prio));
853 mutex_unlock(&priv->fs.tc.hairpin_tbl_lock);
854
855 params.log_data_size = 16;
856 params.log_data_size = min_t(u8, params.log_data_size,
857 MLX5_CAP_GEN(priv->mdev, log_max_hairpin_wq_data_sz));
858 params.log_data_size = max_t(u8, params.log_data_size,
859 MLX5_CAP_GEN(priv->mdev, log_min_hairpin_wq_data_sz));
860
861 params.log_num_packets = params.log_data_size -
862 MLX5_MPWRQ_MIN_LOG_STRIDE_SZ(priv->mdev);
863 params.log_num_packets = min_t(u8, params.log_num_packets,
864 MLX5_CAP_GEN(priv->mdev, log_max_hairpin_num_packets));
865
866 params.q_counter = priv->q_counter;
867 /* set hairpin pair per each 50Gbs share of the link */
868 mlx5e_port_max_linkspeed(priv->mdev, &link_speed);
869 link_speed = max_t(u32, link_speed, 50000);
870 link_speed64 = link_speed;
871 do_div(link_speed64, 50000);
872 params.num_channels = link_speed64;
873
874 hp = mlx5e_hairpin_create(priv, ¶ms, peer_ifindex);
875 hpe->hp = hp;
876 complete_all(&hpe->res_ready);
877 if (IS_ERR(hp)) {
878 err = PTR_ERR(hp);
879 goto out_err;
880 }
881
882 netdev_dbg(priv->netdev, "add hairpin: tirn %x rqn %x peer %s sqn %x prio %d (log) data %d packets %d\n",
883 mlx5e_tir_get_tirn(&hp->direct_tir), hp->pair->rqn[0],
884 dev_name(hp->pair->peer_mdev->device),
885 hp->pair->sqn[0], match_prio, params.log_data_size, params.log_num_packets);
886
887 attach_flow:
888 if (hpe->hp->num_channels > 1) {
889 flow_flag_set(flow, HAIRPIN_RSS);
890 flow->attr->nic_attr->hairpin_ft =
891 mlx5_get_ttc_flow_table(hpe->hp->ttc);
892 } else {
893 flow->attr->nic_attr->hairpin_tirn = mlx5e_tir_get_tirn(&hpe->hp->direct_tir);
894 }
895
896 flow->hpe = hpe;
897 spin_lock(&hpe->flows_lock);
898 list_add(&flow->hairpin, &hpe->flows);
899 spin_unlock(&hpe->flows_lock);
900
901 return 0;
902
903 out_err:
904 mlx5e_hairpin_put(priv, hpe);
905 return err;
906 }
907
mlx5e_hairpin_flow_del(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow)908 static void mlx5e_hairpin_flow_del(struct mlx5e_priv *priv,
909 struct mlx5e_tc_flow *flow)
910 {
911 /* flow wasn't fully initialized */
912 if (!flow->hpe)
913 return;
914
915 spin_lock(&flow->hpe->flows_lock);
916 list_del(&flow->hairpin);
917 spin_unlock(&flow->hpe->flows_lock);
918
919 mlx5e_hairpin_put(priv, flow->hpe);
920 flow->hpe = NULL;
921 }
922
923 struct mlx5_flow_handle *
mlx5e_add_offloaded_nic_rule(struct mlx5e_priv * priv,struct mlx5_flow_spec * spec,struct mlx5_flow_attr * attr)924 mlx5e_add_offloaded_nic_rule(struct mlx5e_priv *priv,
925 struct mlx5_flow_spec *spec,
926 struct mlx5_flow_attr *attr)
927 {
928 struct mlx5_flow_context *flow_context = &spec->flow_context;
929 struct mlx5_fs_chains *nic_chains = nic_chains(priv);
930 struct mlx5_nic_flow_attr *nic_attr = attr->nic_attr;
931 struct mlx5e_tc_table *tc = &priv->fs.tc;
932 struct mlx5_flow_destination dest[2] = {};
933 struct mlx5_flow_act flow_act = {
934 .action = attr->action,
935 .flags = FLOW_ACT_NO_APPEND,
936 };
937 struct mlx5_flow_handle *rule;
938 struct mlx5_flow_table *ft;
939 int dest_ix = 0;
940
941 flow_context->flags |= FLOW_CONTEXT_HAS_TAG;
942 flow_context->flow_tag = nic_attr->flow_tag;
943
944 if (attr->dest_ft) {
945 dest[dest_ix].type = MLX5_FLOW_DESTINATION_TYPE_FLOW_TABLE;
946 dest[dest_ix].ft = attr->dest_ft;
947 dest_ix++;
948 } else if (nic_attr->hairpin_ft) {
949 dest[dest_ix].type = MLX5_FLOW_DESTINATION_TYPE_FLOW_TABLE;
950 dest[dest_ix].ft = nic_attr->hairpin_ft;
951 dest_ix++;
952 } else if (nic_attr->hairpin_tirn) {
953 dest[dest_ix].type = MLX5_FLOW_DESTINATION_TYPE_TIR;
954 dest[dest_ix].tir_num = nic_attr->hairpin_tirn;
955 dest_ix++;
956 } else if (attr->action & MLX5_FLOW_CONTEXT_ACTION_FWD_DEST) {
957 dest[dest_ix].type = MLX5_FLOW_DESTINATION_TYPE_FLOW_TABLE;
958 if (attr->dest_chain) {
959 dest[dest_ix].ft = mlx5_chains_get_table(nic_chains,
960 attr->dest_chain, 1,
961 MLX5E_TC_FT_LEVEL);
962 if (IS_ERR(dest[dest_ix].ft))
963 return ERR_CAST(dest[dest_ix].ft);
964 } else {
965 dest[dest_ix].ft = mlx5e_vlan_get_flowtable(priv->fs.vlan);
966 }
967 dest_ix++;
968 }
969
970 if (dest[0].type == MLX5_FLOW_DESTINATION_TYPE_FLOW_TABLE &&
971 MLX5_CAP_FLOWTABLE_NIC_RX(priv->mdev, ignore_flow_level))
972 flow_act.flags |= FLOW_ACT_IGNORE_FLOW_LEVEL;
973
974 if (flow_act.action & MLX5_FLOW_CONTEXT_ACTION_COUNT) {
975 dest[dest_ix].type = MLX5_FLOW_DESTINATION_TYPE_COUNTER;
976 dest[dest_ix].counter_id = mlx5_fc_id(attr->counter);
977 dest_ix++;
978 }
979
980 if (attr->action & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR)
981 flow_act.modify_hdr = attr->modify_hdr;
982
983 mutex_lock(&tc->t_lock);
984 if (IS_ERR_OR_NULL(tc->t)) {
985 /* Create the root table here if doesn't exist yet */
986 tc->t =
987 mlx5_chains_get_table(nic_chains, 0, 1, MLX5E_TC_FT_LEVEL);
988
989 if (IS_ERR(tc->t)) {
990 mutex_unlock(&tc->t_lock);
991 netdev_err(priv->netdev,
992 "Failed to create tc offload table\n");
993 rule = ERR_CAST(priv->fs.tc.t);
994 goto err_ft_get;
995 }
996 }
997 mutex_unlock(&tc->t_lock);
998
999 if (attr->chain || attr->prio)
1000 ft = mlx5_chains_get_table(nic_chains,
1001 attr->chain, attr->prio,
1002 MLX5E_TC_FT_LEVEL);
1003 else
1004 ft = attr->ft;
1005
1006 if (IS_ERR(ft)) {
1007 rule = ERR_CAST(ft);
1008 goto err_ft_get;
1009 }
1010
1011 if (attr->outer_match_level != MLX5_MATCH_NONE)
1012 spec->match_criteria_enable |= MLX5_MATCH_OUTER_HEADERS;
1013
1014 rule = mlx5_add_flow_rules(ft, spec,
1015 &flow_act, dest, dest_ix);
1016 if (IS_ERR(rule))
1017 goto err_rule;
1018
1019 return rule;
1020
1021 err_rule:
1022 if (attr->chain || attr->prio)
1023 mlx5_chains_put_table(nic_chains,
1024 attr->chain, attr->prio,
1025 MLX5E_TC_FT_LEVEL);
1026 err_ft_get:
1027 if (attr->dest_chain)
1028 mlx5_chains_put_table(nic_chains,
1029 attr->dest_chain, 1,
1030 MLX5E_TC_FT_LEVEL);
1031
1032 return ERR_CAST(rule);
1033 }
1034
1035 static int
mlx5e_tc_add_nic_flow(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow,struct netlink_ext_ack * extack)1036 mlx5e_tc_add_nic_flow(struct mlx5e_priv *priv,
1037 struct mlx5e_tc_flow *flow,
1038 struct netlink_ext_ack *extack)
1039 {
1040 struct mlx5e_tc_flow_parse_attr *parse_attr;
1041 struct mlx5_flow_attr *attr = flow->attr;
1042 struct mlx5_core_dev *dev = priv->mdev;
1043 struct mlx5_fc *counter;
1044 int err;
1045
1046 parse_attr = attr->parse_attr;
1047
1048 if (flow_flag_test(flow, HAIRPIN)) {
1049 err = mlx5e_hairpin_flow_add(priv, flow, parse_attr, extack);
1050 if (err)
1051 return err;
1052 }
1053
1054 if (attr->action & MLX5_FLOW_CONTEXT_ACTION_COUNT) {
1055 counter = mlx5_fc_create(dev, true);
1056 if (IS_ERR(counter))
1057 return PTR_ERR(counter);
1058
1059 attr->counter = counter;
1060 }
1061
1062 if (attr->action & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR) {
1063 err = mlx5e_attach_mod_hdr(priv, flow, parse_attr);
1064 dealloc_mod_hdr_actions(&parse_attr->mod_hdr_acts);
1065 if (err)
1066 return err;
1067 }
1068
1069 if (flow_flag_test(flow, CT))
1070 flow->rule[0] = mlx5_tc_ct_flow_offload(get_ct_priv(priv), flow, &parse_attr->spec,
1071 attr, &parse_attr->mod_hdr_acts);
1072 else
1073 flow->rule[0] = mlx5e_add_offloaded_nic_rule(priv, &parse_attr->spec,
1074 attr);
1075
1076 return PTR_ERR_OR_ZERO(flow->rule[0]);
1077 }
1078
mlx5e_del_offloaded_nic_rule(struct mlx5e_priv * priv,struct mlx5_flow_handle * rule,struct mlx5_flow_attr * attr)1079 void mlx5e_del_offloaded_nic_rule(struct mlx5e_priv *priv,
1080 struct mlx5_flow_handle *rule,
1081 struct mlx5_flow_attr *attr)
1082 {
1083 struct mlx5_fs_chains *nic_chains = nic_chains(priv);
1084
1085 mlx5_del_flow_rules(rule);
1086
1087 if (attr->chain || attr->prio)
1088 mlx5_chains_put_table(nic_chains, attr->chain, attr->prio,
1089 MLX5E_TC_FT_LEVEL);
1090
1091 if (attr->dest_chain)
1092 mlx5_chains_put_table(nic_chains, attr->dest_chain, 1,
1093 MLX5E_TC_FT_LEVEL);
1094 }
1095
mlx5e_tc_del_nic_flow(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow)1096 static void mlx5e_tc_del_nic_flow(struct mlx5e_priv *priv,
1097 struct mlx5e_tc_flow *flow)
1098 {
1099 struct mlx5_flow_attr *attr = flow->attr;
1100 struct mlx5e_tc_table *tc = &priv->fs.tc;
1101
1102 flow_flag_clear(flow, OFFLOADED);
1103
1104 if (flow_flag_test(flow, CT))
1105 mlx5_tc_ct_delete_flow(get_ct_priv(flow->priv), flow, attr);
1106 else if (!IS_ERR_OR_NULL(flow->rule[0]))
1107 mlx5e_del_offloaded_nic_rule(priv, flow->rule[0], attr);
1108
1109 /* Remove root table if no rules are left to avoid
1110 * extra steering hops.
1111 */
1112 mutex_lock(&priv->fs.tc.t_lock);
1113 if (!mlx5e_tc_num_filters(priv, MLX5_TC_FLAG(NIC_OFFLOAD)) &&
1114 !IS_ERR_OR_NULL(tc->t)) {
1115 mlx5_chains_put_table(nic_chains(priv), 0, 1, MLX5E_TC_FT_LEVEL);
1116 priv->fs.tc.t = NULL;
1117 }
1118 mutex_unlock(&priv->fs.tc.t_lock);
1119
1120 kvfree(attr->parse_attr);
1121
1122 if (attr->action & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR)
1123 mlx5e_detach_mod_hdr(priv, flow);
1124
1125 mlx5_fc_destroy(priv->mdev, attr->counter);
1126
1127 if (flow_flag_test(flow, HAIRPIN))
1128 mlx5e_hairpin_flow_del(priv, flow);
1129
1130 kfree(flow->attr);
1131 }
1132
1133 struct mlx5_flow_handle *
mlx5e_tc_offload_fdb_rules(struct mlx5_eswitch * esw,struct mlx5e_tc_flow * flow,struct mlx5_flow_spec * spec,struct mlx5_flow_attr * attr)1134 mlx5e_tc_offload_fdb_rules(struct mlx5_eswitch *esw,
1135 struct mlx5e_tc_flow *flow,
1136 struct mlx5_flow_spec *spec,
1137 struct mlx5_flow_attr *attr)
1138 {
1139 struct mlx5e_tc_mod_hdr_acts *mod_hdr_acts;
1140 struct mlx5_flow_handle *rule;
1141
1142 if (attr->flags & MLX5_ESW_ATTR_FLAG_SLOW_PATH)
1143 return mlx5_eswitch_add_offloaded_rule(esw, spec, attr);
1144
1145 if (flow_flag_test(flow, CT)) {
1146 mod_hdr_acts = &attr->parse_attr->mod_hdr_acts;
1147
1148 rule = mlx5_tc_ct_flow_offload(get_ct_priv(flow->priv),
1149 flow, spec, attr,
1150 mod_hdr_acts);
1151 #if IS_ENABLED(CONFIG_MLX5_TC_SAMPLE)
1152 } else if (flow_flag_test(flow, SAMPLE)) {
1153 rule = mlx5e_tc_sample_offload(get_sample_priv(flow->priv), spec, attr,
1154 mlx5e_tc_get_flow_tun_id(flow));
1155 #endif
1156 } else {
1157 rule = mlx5_eswitch_add_offloaded_rule(esw, spec, attr);
1158 }
1159
1160 if (IS_ERR(rule))
1161 return rule;
1162
1163 if (attr->esw_attr->split_count) {
1164 flow->rule[1] = mlx5_eswitch_add_fwd_rule(esw, spec, attr);
1165 if (IS_ERR(flow->rule[1])) {
1166 if (flow_flag_test(flow, CT))
1167 mlx5_tc_ct_delete_flow(get_ct_priv(flow->priv), flow, attr);
1168 else
1169 mlx5_eswitch_del_offloaded_rule(esw, rule, attr);
1170 return flow->rule[1];
1171 }
1172 }
1173
1174 return rule;
1175 }
1176
mlx5e_tc_unoffload_fdb_rules(struct mlx5_eswitch * esw,struct mlx5e_tc_flow * flow,struct mlx5_flow_attr * attr)1177 void mlx5e_tc_unoffload_fdb_rules(struct mlx5_eswitch *esw,
1178 struct mlx5e_tc_flow *flow,
1179 struct mlx5_flow_attr *attr)
1180 {
1181 flow_flag_clear(flow, OFFLOADED);
1182
1183 if (attr->flags & MLX5_ESW_ATTR_FLAG_SLOW_PATH)
1184 goto offload_rule_0;
1185
1186 if (flow_flag_test(flow, CT)) {
1187 mlx5_tc_ct_delete_flow(get_ct_priv(flow->priv), flow, attr);
1188 return;
1189 }
1190
1191 #if IS_ENABLED(CONFIG_MLX5_TC_SAMPLE)
1192 if (flow_flag_test(flow, SAMPLE)) {
1193 mlx5e_tc_sample_unoffload(get_sample_priv(flow->priv), flow->rule[0], attr);
1194 return;
1195 }
1196 #endif
1197
1198 if (attr->esw_attr->split_count)
1199 mlx5_eswitch_del_fwd_rule(esw, flow->rule[1], attr);
1200
1201 offload_rule_0:
1202 mlx5_eswitch_del_offloaded_rule(esw, flow->rule[0], attr);
1203 }
1204
1205 struct mlx5_flow_handle *
mlx5e_tc_offload_to_slow_path(struct mlx5_eswitch * esw,struct mlx5e_tc_flow * flow,struct mlx5_flow_spec * spec)1206 mlx5e_tc_offload_to_slow_path(struct mlx5_eswitch *esw,
1207 struct mlx5e_tc_flow *flow,
1208 struct mlx5_flow_spec *spec)
1209 {
1210 struct mlx5_flow_attr *slow_attr;
1211 struct mlx5_flow_handle *rule;
1212
1213 slow_attr = mlx5_alloc_flow_attr(MLX5_FLOW_NAMESPACE_FDB);
1214 if (!slow_attr)
1215 return ERR_PTR(-ENOMEM);
1216
1217 memcpy(slow_attr, flow->attr, ESW_FLOW_ATTR_SZ);
1218 slow_attr->action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;
1219 slow_attr->esw_attr->split_count = 0;
1220 slow_attr->flags |= MLX5_ESW_ATTR_FLAG_SLOW_PATH;
1221
1222 rule = mlx5e_tc_offload_fdb_rules(esw, flow, spec, slow_attr);
1223 if (!IS_ERR(rule))
1224 flow_flag_set(flow, SLOW);
1225
1226 kfree(slow_attr);
1227
1228 return rule;
1229 }
1230
mlx5e_tc_unoffload_from_slow_path(struct mlx5_eswitch * esw,struct mlx5e_tc_flow * flow)1231 void mlx5e_tc_unoffload_from_slow_path(struct mlx5_eswitch *esw,
1232 struct mlx5e_tc_flow *flow)
1233 {
1234 struct mlx5_flow_attr *slow_attr;
1235
1236 slow_attr = mlx5_alloc_flow_attr(MLX5_FLOW_NAMESPACE_FDB);
1237 if (!slow_attr) {
1238 mlx5_core_warn(flow->priv->mdev, "Unable to alloc attr to unoffload slow path rule\n");
1239 return;
1240 }
1241
1242 memcpy(slow_attr, flow->attr, ESW_FLOW_ATTR_SZ);
1243 slow_attr->action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;
1244 slow_attr->esw_attr->split_count = 0;
1245 slow_attr->flags |= MLX5_ESW_ATTR_FLAG_SLOW_PATH;
1246 mlx5e_tc_unoffload_fdb_rules(esw, flow, slow_attr);
1247 flow_flag_clear(flow, SLOW);
1248 kfree(slow_attr);
1249 }
1250
1251 /* Caller must obtain uplink_priv->unready_flows_lock mutex before calling this
1252 * function.
1253 */
unready_flow_add(struct mlx5e_tc_flow * flow,struct list_head * unready_flows)1254 static void unready_flow_add(struct mlx5e_tc_flow *flow,
1255 struct list_head *unready_flows)
1256 {
1257 flow_flag_set(flow, NOT_READY);
1258 list_add_tail(&flow->unready, unready_flows);
1259 }
1260
1261 /* Caller must obtain uplink_priv->unready_flows_lock mutex before calling this
1262 * function.
1263 */
unready_flow_del(struct mlx5e_tc_flow * flow)1264 static void unready_flow_del(struct mlx5e_tc_flow *flow)
1265 {
1266 list_del(&flow->unready);
1267 flow_flag_clear(flow, NOT_READY);
1268 }
1269
add_unready_flow(struct mlx5e_tc_flow * flow)1270 static void add_unready_flow(struct mlx5e_tc_flow *flow)
1271 {
1272 struct mlx5_rep_uplink_priv *uplink_priv;
1273 struct mlx5e_rep_priv *rpriv;
1274 struct mlx5_eswitch *esw;
1275
1276 esw = flow->priv->mdev->priv.eswitch;
1277 rpriv = mlx5_eswitch_get_uplink_priv(esw, REP_ETH);
1278 uplink_priv = &rpriv->uplink_priv;
1279
1280 mutex_lock(&uplink_priv->unready_flows_lock);
1281 unready_flow_add(flow, &uplink_priv->unready_flows);
1282 mutex_unlock(&uplink_priv->unready_flows_lock);
1283 }
1284
remove_unready_flow(struct mlx5e_tc_flow * flow)1285 static void remove_unready_flow(struct mlx5e_tc_flow *flow)
1286 {
1287 struct mlx5_rep_uplink_priv *uplink_priv;
1288 struct mlx5e_rep_priv *rpriv;
1289 struct mlx5_eswitch *esw;
1290
1291 esw = flow->priv->mdev->priv.eswitch;
1292 rpriv = mlx5_eswitch_get_uplink_priv(esw, REP_ETH);
1293 uplink_priv = &rpriv->uplink_priv;
1294
1295 mutex_lock(&uplink_priv->unready_flows_lock);
1296 unready_flow_del(flow);
1297 mutex_unlock(&uplink_priv->unready_flows_lock);
1298 }
1299
1300 static bool same_hw_devs(struct mlx5e_priv *priv, struct mlx5e_priv *peer_priv);
1301
mlx5e_tc_is_vf_tunnel(struct net_device * out_dev,struct net_device * route_dev)1302 bool mlx5e_tc_is_vf_tunnel(struct net_device *out_dev, struct net_device *route_dev)
1303 {
1304 struct mlx5_core_dev *out_mdev, *route_mdev;
1305 struct mlx5e_priv *out_priv, *route_priv;
1306
1307 out_priv = netdev_priv(out_dev);
1308 out_mdev = out_priv->mdev;
1309 route_priv = netdev_priv(route_dev);
1310 route_mdev = route_priv->mdev;
1311
1312 if (out_mdev->coredev_type != MLX5_COREDEV_PF ||
1313 route_mdev->coredev_type != MLX5_COREDEV_VF)
1314 return false;
1315
1316 return same_hw_devs(out_priv, route_priv);
1317 }
1318
mlx5e_tc_query_route_vport(struct net_device * out_dev,struct net_device * route_dev,u16 * vport)1319 int mlx5e_tc_query_route_vport(struct net_device *out_dev, struct net_device *route_dev, u16 *vport)
1320 {
1321 struct mlx5e_priv *out_priv, *route_priv;
1322 struct mlx5_devcom *devcom = NULL;
1323 struct mlx5_core_dev *route_mdev;
1324 struct mlx5_eswitch *esw;
1325 u16 vhca_id;
1326 int err;
1327
1328 out_priv = netdev_priv(out_dev);
1329 esw = out_priv->mdev->priv.eswitch;
1330 route_priv = netdev_priv(route_dev);
1331 route_mdev = route_priv->mdev;
1332
1333 vhca_id = MLX5_CAP_GEN(route_mdev, vhca_id);
1334 if (mlx5_lag_is_active(out_priv->mdev)) {
1335 /* In lag case we may get devices from different eswitch instances.
1336 * If we failed to get vport num, it means, mostly, that we on the wrong
1337 * eswitch.
1338 */
1339 err = mlx5_eswitch_vhca_id_to_vport(esw, vhca_id, vport);
1340 if (err != -ENOENT)
1341 return err;
1342
1343 devcom = out_priv->mdev->priv.devcom;
1344 esw = mlx5_devcom_get_peer_data(devcom, MLX5_DEVCOM_ESW_OFFLOADS);
1345 if (!esw)
1346 return -ENODEV;
1347 }
1348
1349 err = mlx5_eswitch_vhca_id_to_vport(esw, vhca_id, vport);
1350 if (devcom)
1351 mlx5_devcom_release_peer_data(devcom, MLX5_DEVCOM_ESW_OFFLOADS);
1352 return err;
1353 }
1354
mlx5e_tc_add_flow_mod_hdr(struct mlx5e_priv * priv,struct mlx5e_tc_flow_parse_attr * parse_attr,struct mlx5e_tc_flow * flow)1355 int mlx5e_tc_add_flow_mod_hdr(struct mlx5e_priv *priv,
1356 struct mlx5e_tc_flow_parse_attr *parse_attr,
1357 struct mlx5e_tc_flow *flow)
1358 {
1359 struct mlx5e_tc_mod_hdr_acts *mod_hdr_acts = &parse_attr->mod_hdr_acts;
1360 struct mlx5_modify_hdr *mod_hdr;
1361
1362 mod_hdr = mlx5_modify_header_alloc(priv->mdev,
1363 get_flow_name_space(flow),
1364 mod_hdr_acts->num_actions,
1365 mod_hdr_acts->actions);
1366 if (IS_ERR(mod_hdr))
1367 return PTR_ERR(mod_hdr);
1368
1369 WARN_ON(flow->attr->modify_hdr);
1370 flow->attr->modify_hdr = mod_hdr;
1371
1372 return 0;
1373 }
1374
1375 static int
mlx5e_tc_add_fdb_flow(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow,struct netlink_ext_ack * extack)1376 mlx5e_tc_add_fdb_flow(struct mlx5e_priv *priv,
1377 struct mlx5e_tc_flow *flow,
1378 struct netlink_ext_ack *extack)
1379 {
1380 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
1381 struct mlx5e_tc_flow_parse_attr *parse_attr;
1382 struct mlx5_flow_attr *attr = flow->attr;
1383 bool vf_tun = false, encap_valid = true;
1384 struct net_device *encap_dev = NULL;
1385 struct mlx5_esw_flow_attr *esw_attr;
1386 struct mlx5e_rep_priv *rpriv;
1387 struct mlx5e_priv *out_priv;
1388 struct mlx5_fc *counter;
1389 u32 max_prio, max_chain;
1390 int err = 0;
1391 int out_index;
1392
1393 /* We check chain range only for tc flows.
1394 * For ft flows, we checked attr->chain was originally 0 and set it to
1395 * FDB_FT_CHAIN which is outside tc range.
1396 * See mlx5e_rep_setup_ft_cb().
1397 */
1398 max_chain = mlx5_chains_get_chain_range(esw_chains(esw));
1399 if (!mlx5e_is_ft_flow(flow) && attr->chain > max_chain) {
1400 NL_SET_ERR_MSG_MOD(extack,
1401 "Requested chain is out of supported range");
1402 err = -EOPNOTSUPP;
1403 goto err_out;
1404 }
1405
1406 max_prio = mlx5_chains_get_prio_range(esw_chains(esw));
1407 if (attr->prio > max_prio) {
1408 NL_SET_ERR_MSG_MOD(extack,
1409 "Requested priority is out of supported range");
1410 err = -EOPNOTSUPP;
1411 goto err_out;
1412 }
1413
1414 if (flow_flag_test(flow, TUN_RX)) {
1415 err = mlx5e_attach_decap_route(priv, flow);
1416 if (err)
1417 goto err_out;
1418 }
1419
1420 if (flow_flag_test(flow, L3_TO_L2_DECAP)) {
1421 err = mlx5e_attach_decap(priv, flow, extack);
1422 if (err)
1423 goto err_out;
1424 }
1425
1426 parse_attr = attr->parse_attr;
1427 esw_attr = attr->esw_attr;
1428
1429 for (out_index = 0; out_index < MLX5_MAX_FLOW_FWD_VPORTS; out_index++) {
1430 struct net_device *out_dev;
1431 int mirred_ifindex;
1432
1433 if (!(esw_attr->dests[out_index].flags & MLX5_ESW_DEST_ENCAP))
1434 continue;
1435
1436 mirred_ifindex = parse_attr->mirred_ifindex[out_index];
1437 out_dev = dev_get_by_index(dev_net(priv->netdev), mirred_ifindex);
1438 if (!out_dev) {
1439 NL_SET_ERR_MSG_MOD(extack, "Requested mirred device not found");
1440 err = -ENODEV;
1441 goto err_out;
1442 }
1443 err = mlx5e_attach_encap(priv, flow, out_dev, out_index,
1444 extack, &encap_dev, &encap_valid);
1445 dev_put(out_dev);
1446 if (err)
1447 goto err_out;
1448
1449 if (esw_attr->dests[out_index].flags &
1450 MLX5_ESW_DEST_CHAIN_WITH_SRC_PORT_CHANGE)
1451 vf_tun = true;
1452 out_priv = netdev_priv(encap_dev);
1453 rpriv = out_priv->ppriv;
1454 esw_attr->dests[out_index].rep = rpriv->rep;
1455 esw_attr->dests[out_index].mdev = out_priv->mdev;
1456 }
1457
1458 if (vf_tun && esw_attr->out_count > 1) {
1459 NL_SET_ERR_MSG_MOD(extack, "VF tunnel encap with mirroring is not supported");
1460 err = -EOPNOTSUPP;
1461 goto err_out;
1462 }
1463
1464 err = mlx5_eswitch_add_vlan_action(esw, attr);
1465 if (err)
1466 goto err_out;
1467
1468 if (attr->action & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR &&
1469 !(attr->ct_attr.ct_action & TCA_CT_ACT_CLEAR)) {
1470 if (vf_tun) {
1471 err = mlx5e_tc_add_flow_mod_hdr(priv, parse_attr, flow);
1472 if (err)
1473 goto err_out;
1474 } else {
1475 err = mlx5e_attach_mod_hdr(priv, flow, parse_attr);
1476 if (err)
1477 goto err_out;
1478 }
1479 }
1480
1481 if (attr->action & MLX5_FLOW_CONTEXT_ACTION_COUNT) {
1482 counter = mlx5_fc_create(esw_attr->counter_dev, true);
1483 if (IS_ERR(counter)) {
1484 err = PTR_ERR(counter);
1485 goto err_out;
1486 }
1487
1488 attr->counter = counter;
1489 }
1490
1491 /* we get here if one of the following takes place:
1492 * (1) there's no error
1493 * (2) there's an encap action and we don't have valid neigh
1494 */
1495 if (!encap_valid)
1496 flow->rule[0] = mlx5e_tc_offload_to_slow_path(esw, flow, &parse_attr->spec);
1497 else
1498 flow->rule[0] = mlx5e_tc_offload_fdb_rules(esw, flow, &parse_attr->spec, attr);
1499
1500 if (IS_ERR(flow->rule[0])) {
1501 err = PTR_ERR(flow->rule[0]);
1502 goto err_out;
1503 }
1504 flow_flag_set(flow, OFFLOADED);
1505
1506 return 0;
1507
1508 err_out:
1509 flow_flag_set(flow, FAILED);
1510 return err;
1511 }
1512
mlx5_flow_has_geneve_opt(struct mlx5e_tc_flow * flow)1513 static bool mlx5_flow_has_geneve_opt(struct mlx5e_tc_flow *flow)
1514 {
1515 struct mlx5_flow_spec *spec = &flow->attr->parse_attr->spec;
1516 void *headers_v = MLX5_ADDR_OF(fte_match_param,
1517 spec->match_value,
1518 misc_parameters_3);
1519 u32 geneve_tlv_opt_0_data = MLX5_GET(fte_match_set_misc3,
1520 headers_v,
1521 geneve_tlv_option_0_data);
1522
1523 return !!geneve_tlv_opt_0_data;
1524 }
1525
mlx5e_tc_del_fdb_flow(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow)1526 static void mlx5e_tc_del_fdb_flow(struct mlx5e_priv *priv,
1527 struct mlx5e_tc_flow *flow)
1528 {
1529 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
1530 struct mlx5_flow_attr *attr = flow->attr;
1531 struct mlx5_esw_flow_attr *esw_attr;
1532 bool vf_tun = false;
1533 int out_index;
1534
1535 esw_attr = attr->esw_attr;
1536 mlx5e_put_flow_tunnel_id(flow);
1537
1538 if (flow_flag_test(flow, NOT_READY))
1539 remove_unready_flow(flow);
1540
1541 if (mlx5e_is_offloaded_flow(flow)) {
1542 if (flow_flag_test(flow, SLOW))
1543 mlx5e_tc_unoffload_from_slow_path(esw, flow);
1544 else
1545 mlx5e_tc_unoffload_fdb_rules(esw, flow, attr);
1546 }
1547
1548 if (mlx5_flow_has_geneve_opt(flow))
1549 mlx5_geneve_tlv_option_del(priv->mdev->geneve);
1550
1551 mlx5_eswitch_del_vlan_action(esw, attr);
1552
1553 if (flow->decap_route)
1554 mlx5e_detach_decap_route(priv, flow);
1555
1556 for (out_index = 0; out_index < MLX5_MAX_FLOW_FWD_VPORTS; out_index++) {
1557 if (esw_attr->dests[out_index].flags &
1558 MLX5_ESW_DEST_CHAIN_WITH_SRC_PORT_CHANGE)
1559 vf_tun = true;
1560 if (esw_attr->dests[out_index].flags & MLX5_ESW_DEST_ENCAP) {
1561 mlx5e_detach_encap(priv, flow, out_index);
1562 kfree(attr->parse_attr->tun_info[out_index]);
1563 }
1564 }
1565
1566 mlx5_tc_ct_match_del(get_ct_priv(priv), &flow->attr->ct_attr);
1567
1568 if (attr->action & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR) {
1569 dealloc_mod_hdr_actions(&attr->parse_attr->mod_hdr_acts);
1570 if (vf_tun && attr->modify_hdr)
1571 mlx5_modify_header_dealloc(priv->mdev, attr->modify_hdr);
1572 else
1573 mlx5e_detach_mod_hdr(priv, flow);
1574 }
1575 kfree(attr->sample_attr);
1576 kvfree(attr->parse_attr);
1577 kvfree(attr->esw_attr->rx_tun_attr);
1578
1579 if (attr->action & MLX5_FLOW_CONTEXT_ACTION_COUNT)
1580 mlx5_fc_destroy(esw_attr->counter_dev, attr->counter);
1581
1582 if (flow_flag_test(flow, L3_TO_L2_DECAP))
1583 mlx5e_detach_decap(priv, flow);
1584
1585 kfree(flow->attr);
1586 }
1587
mlx5e_tc_get_counter(struct mlx5e_tc_flow * flow)1588 struct mlx5_fc *mlx5e_tc_get_counter(struct mlx5e_tc_flow *flow)
1589 {
1590 return flow->attr->counter;
1591 }
1592
1593 /* Iterate over tmp_list of flows attached to flow_list head. */
mlx5e_put_flow_list(struct mlx5e_priv * priv,struct list_head * flow_list)1594 void mlx5e_put_flow_list(struct mlx5e_priv *priv, struct list_head *flow_list)
1595 {
1596 struct mlx5e_tc_flow *flow, *tmp;
1597
1598 list_for_each_entry_safe(flow, tmp, flow_list, tmp_list)
1599 mlx5e_flow_put(priv, flow);
1600 }
1601
__mlx5e_tc_del_fdb_peer_flow(struct mlx5e_tc_flow * flow)1602 static void __mlx5e_tc_del_fdb_peer_flow(struct mlx5e_tc_flow *flow)
1603 {
1604 struct mlx5_eswitch *esw = flow->priv->mdev->priv.eswitch;
1605
1606 if (!flow_flag_test(flow, ESWITCH) ||
1607 !flow_flag_test(flow, DUP))
1608 return;
1609
1610 mutex_lock(&esw->offloads.peer_mutex);
1611 list_del(&flow->peer);
1612 mutex_unlock(&esw->offloads.peer_mutex);
1613
1614 flow_flag_clear(flow, DUP);
1615
1616 if (refcount_dec_and_test(&flow->peer_flow->refcnt)) {
1617 mlx5e_tc_del_fdb_flow(flow->peer_flow->priv, flow->peer_flow);
1618 kfree(flow->peer_flow);
1619 }
1620
1621 flow->peer_flow = NULL;
1622 }
1623
mlx5e_tc_del_fdb_peer_flow(struct mlx5e_tc_flow * flow)1624 static void mlx5e_tc_del_fdb_peer_flow(struct mlx5e_tc_flow *flow)
1625 {
1626 struct mlx5_core_dev *dev = flow->priv->mdev;
1627 struct mlx5_devcom *devcom = dev->priv.devcom;
1628 struct mlx5_eswitch *peer_esw;
1629
1630 peer_esw = mlx5_devcom_get_peer_data(devcom, MLX5_DEVCOM_ESW_OFFLOADS);
1631 if (!peer_esw)
1632 return;
1633
1634 __mlx5e_tc_del_fdb_peer_flow(flow);
1635 mlx5_devcom_release_peer_data(devcom, MLX5_DEVCOM_ESW_OFFLOADS);
1636 }
1637
mlx5e_tc_del_flow(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow)1638 static void mlx5e_tc_del_flow(struct mlx5e_priv *priv,
1639 struct mlx5e_tc_flow *flow)
1640 {
1641 if (mlx5e_is_eswitch_flow(flow)) {
1642 mlx5e_tc_del_fdb_peer_flow(flow);
1643 mlx5e_tc_del_fdb_flow(priv, flow);
1644 } else {
1645 mlx5e_tc_del_nic_flow(priv, flow);
1646 }
1647 }
1648
flow_requires_tunnel_mapping(u32 chain,struct flow_cls_offload * f)1649 static bool flow_requires_tunnel_mapping(u32 chain, struct flow_cls_offload *f)
1650 {
1651 struct flow_rule *rule = flow_cls_offload_flow_rule(f);
1652 struct flow_action *flow_action = &rule->action;
1653 const struct flow_action_entry *act;
1654 int i;
1655
1656 if (chain)
1657 return false;
1658
1659 flow_action_for_each(i, act, flow_action) {
1660 switch (act->id) {
1661 case FLOW_ACTION_GOTO:
1662 return true;
1663 case FLOW_ACTION_SAMPLE:
1664 return true;
1665 default:
1666 continue;
1667 }
1668 }
1669
1670 return false;
1671 }
1672
1673 static int
enc_opts_is_dont_care_or_full_match(struct mlx5e_priv * priv,struct flow_dissector_key_enc_opts * opts,struct netlink_ext_ack * extack,bool * dont_care)1674 enc_opts_is_dont_care_or_full_match(struct mlx5e_priv *priv,
1675 struct flow_dissector_key_enc_opts *opts,
1676 struct netlink_ext_ack *extack,
1677 bool *dont_care)
1678 {
1679 struct geneve_opt *opt;
1680 int off = 0;
1681
1682 *dont_care = true;
1683
1684 while (opts->len > off) {
1685 opt = (struct geneve_opt *)&opts->data[off];
1686
1687 if (!(*dont_care) || opt->opt_class || opt->type ||
1688 memchr_inv(opt->opt_data, 0, opt->length * 4)) {
1689 *dont_care = false;
1690
1691 if (opt->opt_class != htons(U16_MAX) ||
1692 opt->type != U8_MAX) {
1693 NL_SET_ERR_MSG(extack,
1694 "Partial match of tunnel options in chain > 0 isn't supported");
1695 netdev_warn(priv->netdev,
1696 "Partial match of tunnel options in chain > 0 isn't supported");
1697 return -EOPNOTSUPP;
1698 }
1699 }
1700
1701 off += sizeof(struct geneve_opt) + opt->length * 4;
1702 }
1703
1704 return 0;
1705 }
1706
1707 #define COPY_DISSECTOR(rule, diss_key, dst)\
1708 ({ \
1709 struct flow_rule *__rule = (rule);\
1710 typeof(dst) __dst = dst;\
1711 \
1712 memcpy(__dst,\
1713 skb_flow_dissector_target(__rule->match.dissector,\
1714 diss_key,\
1715 __rule->match.key),\
1716 sizeof(*__dst));\
1717 })
1718
mlx5e_get_flow_tunnel_id(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow,struct flow_cls_offload * f,struct net_device * filter_dev)1719 static int mlx5e_get_flow_tunnel_id(struct mlx5e_priv *priv,
1720 struct mlx5e_tc_flow *flow,
1721 struct flow_cls_offload *f,
1722 struct net_device *filter_dev)
1723 {
1724 struct flow_rule *rule = flow_cls_offload_flow_rule(f);
1725 struct netlink_ext_ack *extack = f->common.extack;
1726 struct mlx5e_tc_mod_hdr_acts *mod_hdr_acts;
1727 struct flow_match_enc_opts enc_opts_match;
1728 struct tunnel_match_enc_opts tun_enc_opts;
1729 struct mlx5_rep_uplink_priv *uplink_priv;
1730 struct mlx5_flow_attr *attr = flow->attr;
1731 struct mlx5e_rep_priv *uplink_rpriv;
1732 struct tunnel_match_key tunnel_key;
1733 bool enc_opts_is_dont_care = true;
1734 u32 tun_id, enc_opts_id = 0;
1735 struct mlx5_eswitch *esw;
1736 u32 value, mask;
1737 int err;
1738
1739 esw = priv->mdev->priv.eswitch;
1740 uplink_rpriv = mlx5_eswitch_get_uplink_priv(esw, REP_ETH);
1741 uplink_priv = &uplink_rpriv->uplink_priv;
1742
1743 memset(&tunnel_key, 0, sizeof(tunnel_key));
1744 COPY_DISSECTOR(rule, FLOW_DISSECTOR_KEY_ENC_CONTROL,
1745 &tunnel_key.enc_control);
1746 if (tunnel_key.enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS)
1747 COPY_DISSECTOR(rule, FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS,
1748 &tunnel_key.enc_ipv4);
1749 else
1750 COPY_DISSECTOR(rule, FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS,
1751 &tunnel_key.enc_ipv6);
1752 COPY_DISSECTOR(rule, FLOW_DISSECTOR_KEY_ENC_IP, &tunnel_key.enc_ip);
1753 COPY_DISSECTOR(rule, FLOW_DISSECTOR_KEY_ENC_PORTS,
1754 &tunnel_key.enc_tp);
1755 COPY_DISSECTOR(rule, FLOW_DISSECTOR_KEY_ENC_KEYID,
1756 &tunnel_key.enc_key_id);
1757 tunnel_key.filter_ifindex = filter_dev->ifindex;
1758
1759 err = mapping_add(uplink_priv->tunnel_mapping, &tunnel_key, &tun_id);
1760 if (err)
1761 return err;
1762
1763 flow_rule_match_enc_opts(rule, &enc_opts_match);
1764 err = enc_opts_is_dont_care_or_full_match(priv,
1765 enc_opts_match.mask,
1766 extack,
1767 &enc_opts_is_dont_care);
1768 if (err)
1769 goto err_enc_opts;
1770
1771 if (!enc_opts_is_dont_care) {
1772 memset(&tun_enc_opts, 0, sizeof(tun_enc_opts));
1773 memcpy(&tun_enc_opts.key, enc_opts_match.key,
1774 sizeof(*enc_opts_match.key));
1775 memcpy(&tun_enc_opts.mask, enc_opts_match.mask,
1776 sizeof(*enc_opts_match.mask));
1777
1778 err = mapping_add(uplink_priv->tunnel_enc_opts_mapping,
1779 &tun_enc_opts, &enc_opts_id);
1780 if (err)
1781 goto err_enc_opts;
1782 }
1783
1784 value = tun_id << ENC_OPTS_BITS | enc_opts_id;
1785 mask = enc_opts_id ? TUNNEL_ID_MASK :
1786 (TUNNEL_ID_MASK & ~ENC_OPTS_BITS_MASK);
1787
1788 if (attr->chain) {
1789 mlx5e_tc_match_to_reg_match(&attr->parse_attr->spec,
1790 TUNNEL_TO_REG, value, mask);
1791 } else {
1792 mod_hdr_acts = &attr->parse_attr->mod_hdr_acts;
1793 err = mlx5e_tc_match_to_reg_set(priv->mdev,
1794 mod_hdr_acts, MLX5_FLOW_NAMESPACE_FDB,
1795 TUNNEL_TO_REG, value);
1796 if (err)
1797 goto err_set;
1798
1799 attr->action |= MLX5_FLOW_CONTEXT_ACTION_MOD_HDR;
1800 }
1801
1802 flow->tunnel_id = value;
1803 return 0;
1804
1805 err_set:
1806 if (enc_opts_id)
1807 mapping_remove(uplink_priv->tunnel_enc_opts_mapping,
1808 enc_opts_id);
1809 err_enc_opts:
1810 mapping_remove(uplink_priv->tunnel_mapping, tun_id);
1811 return err;
1812 }
1813
mlx5e_put_flow_tunnel_id(struct mlx5e_tc_flow * flow)1814 static void mlx5e_put_flow_tunnel_id(struct mlx5e_tc_flow *flow)
1815 {
1816 u32 enc_opts_id = flow->tunnel_id & ENC_OPTS_BITS_MASK;
1817 u32 tun_id = flow->tunnel_id >> ENC_OPTS_BITS;
1818 struct mlx5_rep_uplink_priv *uplink_priv;
1819 struct mlx5e_rep_priv *uplink_rpriv;
1820 struct mlx5_eswitch *esw;
1821
1822 esw = flow->priv->mdev->priv.eswitch;
1823 uplink_rpriv = mlx5_eswitch_get_uplink_priv(esw, REP_ETH);
1824 uplink_priv = &uplink_rpriv->uplink_priv;
1825
1826 if (tun_id)
1827 mapping_remove(uplink_priv->tunnel_mapping, tun_id);
1828 if (enc_opts_id)
1829 mapping_remove(uplink_priv->tunnel_enc_opts_mapping,
1830 enc_opts_id);
1831 }
1832
mlx5e_tc_get_flow_tun_id(struct mlx5e_tc_flow * flow)1833 u32 mlx5e_tc_get_flow_tun_id(struct mlx5e_tc_flow *flow)
1834 {
1835 return flow->tunnel_id;
1836 }
1837
mlx5e_tc_set_ethertype(struct mlx5_core_dev * mdev,struct flow_match_basic * match,bool outer,void * headers_c,void * headers_v)1838 void mlx5e_tc_set_ethertype(struct mlx5_core_dev *mdev,
1839 struct flow_match_basic *match, bool outer,
1840 void *headers_c, void *headers_v)
1841 {
1842 bool ip_version_cap;
1843
1844 ip_version_cap = outer ?
1845 MLX5_CAP_FLOWTABLE_NIC_RX(mdev,
1846 ft_field_support.outer_ip_version) :
1847 MLX5_CAP_FLOWTABLE_NIC_RX(mdev,
1848 ft_field_support.inner_ip_version);
1849
1850 if (ip_version_cap && match->mask->n_proto == htons(0xFFFF) &&
1851 (match->key->n_proto == htons(ETH_P_IP) ||
1852 match->key->n_proto == htons(ETH_P_IPV6))) {
1853 MLX5_SET_TO_ONES(fte_match_set_lyr_2_4, headers_c, ip_version);
1854 MLX5_SET(fte_match_set_lyr_2_4, headers_v, ip_version,
1855 match->key->n_proto == htons(ETH_P_IP) ? 4 : 6);
1856 } else {
1857 MLX5_SET(fte_match_set_lyr_2_4, headers_c, ethertype,
1858 ntohs(match->mask->n_proto));
1859 MLX5_SET(fte_match_set_lyr_2_4, headers_v, ethertype,
1860 ntohs(match->key->n_proto));
1861 }
1862 }
1863
mlx5e_tc_get_ip_version(struct mlx5_flow_spec * spec,bool outer)1864 u8 mlx5e_tc_get_ip_version(struct mlx5_flow_spec *spec, bool outer)
1865 {
1866 void *headers_v;
1867 u16 ethertype;
1868 u8 ip_version;
1869
1870 if (outer)
1871 headers_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, outer_headers);
1872 else
1873 headers_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, inner_headers);
1874
1875 ip_version = MLX5_GET(fte_match_set_lyr_2_4, headers_v, ip_version);
1876 /* Return ip_version converted from ethertype anyway */
1877 if (!ip_version) {
1878 ethertype = MLX5_GET(fte_match_set_lyr_2_4, headers_v, ethertype);
1879 if (ethertype == ETH_P_IP || ethertype == ETH_P_ARP)
1880 ip_version = 4;
1881 else if (ethertype == ETH_P_IPV6)
1882 ip_version = 6;
1883 }
1884 return ip_version;
1885 }
1886
parse_tunnel_attr(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow,struct mlx5_flow_spec * spec,struct flow_cls_offload * f,struct net_device * filter_dev,u8 * match_level,bool * match_inner)1887 static int parse_tunnel_attr(struct mlx5e_priv *priv,
1888 struct mlx5e_tc_flow *flow,
1889 struct mlx5_flow_spec *spec,
1890 struct flow_cls_offload *f,
1891 struct net_device *filter_dev,
1892 u8 *match_level,
1893 bool *match_inner)
1894 {
1895 struct mlx5e_tc_tunnel *tunnel = mlx5e_get_tc_tun(filter_dev);
1896 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
1897 struct netlink_ext_ack *extack = f->common.extack;
1898 bool needs_mapping, sets_mapping;
1899 int err;
1900
1901 if (!mlx5e_is_eswitch_flow(flow))
1902 return -EOPNOTSUPP;
1903
1904 needs_mapping = !!flow->attr->chain;
1905 sets_mapping = flow_requires_tunnel_mapping(flow->attr->chain, f);
1906 *match_inner = !needs_mapping;
1907
1908 if ((needs_mapping || sets_mapping) &&
1909 !mlx5_eswitch_reg_c1_loopback_enabled(esw)) {
1910 NL_SET_ERR_MSG(extack,
1911 "Chains on tunnel devices isn't supported without register loopback support");
1912 netdev_warn(priv->netdev,
1913 "Chains on tunnel devices isn't supported without register loopback support");
1914 return -EOPNOTSUPP;
1915 }
1916
1917 if (!flow->attr->chain) {
1918 err = mlx5e_tc_tun_parse(filter_dev, priv, spec, f,
1919 match_level);
1920 if (err) {
1921 NL_SET_ERR_MSG_MOD(extack,
1922 "Failed to parse tunnel attributes");
1923 netdev_warn(priv->netdev,
1924 "Failed to parse tunnel attributes");
1925 return err;
1926 }
1927
1928 /* With mpls over udp we decapsulate using packet reformat
1929 * object
1930 */
1931 if (!netif_is_bareudp(filter_dev))
1932 flow->attr->action |= MLX5_FLOW_CONTEXT_ACTION_DECAP;
1933 err = mlx5e_tc_set_attr_rx_tun(flow, spec);
1934 if (err)
1935 return err;
1936 } else if (tunnel && tunnel->tunnel_type == MLX5E_TC_TUNNEL_TYPE_VXLAN) {
1937 struct mlx5_flow_spec *tmp_spec;
1938
1939 tmp_spec = kvzalloc(sizeof(*tmp_spec), GFP_KERNEL);
1940 if (!tmp_spec) {
1941 NL_SET_ERR_MSG_MOD(extack, "Failed to allocate memory for vxlan tmp spec");
1942 netdev_warn(priv->netdev, "Failed to allocate memory for vxlan tmp spec");
1943 return -ENOMEM;
1944 }
1945 memcpy(tmp_spec, spec, sizeof(*tmp_spec));
1946
1947 err = mlx5e_tc_tun_parse(filter_dev, priv, tmp_spec, f, match_level);
1948 if (err) {
1949 kvfree(tmp_spec);
1950 NL_SET_ERR_MSG_MOD(extack, "Failed to parse tunnel attributes");
1951 netdev_warn(priv->netdev, "Failed to parse tunnel attributes");
1952 return err;
1953 }
1954 err = mlx5e_tc_set_attr_rx_tun(flow, tmp_spec);
1955 kvfree(tmp_spec);
1956 if (err)
1957 return err;
1958 }
1959
1960 if (!needs_mapping && !sets_mapping)
1961 return 0;
1962
1963 return mlx5e_get_flow_tunnel_id(priv, flow, f, filter_dev);
1964 }
1965
get_match_inner_headers_criteria(struct mlx5_flow_spec * spec)1966 static void *get_match_inner_headers_criteria(struct mlx5_flow_spec *spec)
1967 {
1968 return MLX5_ADDR_OF(fte_match_param, spec->match_criteria,
1969 inner_headers);
1970 }
1971
get_match_inner_headers_value(struct mlx5_flow_spec * spec)1972 static void *get_match_inner_headers_value(struct mlx5_flow_spec *spec)
1973 {
1974 return MLX5_ADDR_OF(fte_match_param, spec->match_value,
1975 inner_headers);
1976 }
1977
get_match_outer_headers_criteria(struct mlx5_flow_spec * spec)1978 static void *get_match_outer_headers_criteria(struct mlx5_flow_spec *spec)
1979 {
1980 return MLX5_ADDR_OF(fte_match_param, spec->match_criteria,
1981 outer_headers);
1982 }
1983
get_match_outer_headers_value(struct mlx5_flow_spec * spec)1984 static void *get_match_outer_headers_value(struct mlx5_flow_spec *spec)
1985 {
1986 return MLX5_ADDR_OF(fte_match_param, spec->match_value,
1987 outer_headers);
1988 }
1989
get_match_headers_value(u32 flags,struct mlx5_flow_spec * spec)1990 static void *get_match_headers_value(u32 flags,
1991 struct mlx5_flow_spec *spec)
1992 {
1993 return (flags & MLX5_FLOW_CONTEXT_ACTION_DECAP) ?
1994 get_match_inner_headers_value(spec) :
1995 get_match_outer_headers_value(spec);
1996 }
1997
get_match_headers_criteria(u32 flags,struct mlx5_flow_spec * spec)1998 static void *get_match_headers_criteria(u32 flags,
1999 struct mlx5_flow_spec *spec)
2000 {
2001 return (flags & MLX5_FLOW_CONTEXT_ACTION_DECAP) ?
2002 get_match_inner_headers_criteria(spec) :
2003 get_match_outer_headers_criteria(spec);
2004 }
2005
mlx5e_flower_parse_meta(struct net_device * filter_dev,struct flow_cls_offload * f)2006 static int mlx5e_flower_parse_meta(struct net_device *filter_dev,
2007 struct flow_cls_offload *f)
2008 {
2009 struct flow_rule *rule = flow_cls_offload_flow_rule(f);
2010 struct netlink_ext_ack *extack = f->common.extack;
2011 struct net_device *ingress_dev;
2012 struct flow_match_meta match;
2013
2014 if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_META))
2015 return 0;
2016
2017 flow_rule_match_meta(rule, &match);
2018 if (!match.mask->ingress_ifindex)
2019 return 0;
2020
2021 if (match.mask->ingress_ifindex != 0xFFFFFFFF) {
2022 NL_SET_ERR_MSG_MOD(extack, "Unsupported ingress ifindex mask");
2023 return -EOPNOTSUPP;
2024 }
2025
2026 ingress_dev = __dev_get_by_index(dev_net(filter_dev),
2027 match.key->ingress_ifindex);
2028 if (!ingress_dev) {
2029 NL_SET_ERR_MSG_MOD(extack,
2030 "Can't find the ingress port to match on");
2031 return -ENOENT;
2032 }
2033
2034 if (ingress_dev != filter_dev) {
2035 NL_SET_ERR_MSG_MOD(extack,
2036 "Can't match on the ingress filter port");
2037 return -EOPNOTSUPP;
2038 }
2039
2040 return 0;
2041 }
2042
skip_key_basic(struct net_device * filter_dev,struct flow_cls_offload * f)2043 static bool skip_key_basic(struct net_device *filter_dev,
2044 struct flow_cls_offload *f)
2045 {
2046 /* When doing mpls over udp decap, the user needs to provide
2047 * MPLS_UC as the protocol in order to be able to match on mpls
2048 * label fields. However, the actual ethertype is IP so we want to
2049 * avoid matching on this, otherwise we'll fail the match.
2050 */
2051 if (netif_is_bareudp(filter_dev) && f->common.chain_index == 0)
2052 return true;
2053
2054 return false;
2055 }
2056
__parse_cls_flower(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow,struct mlx5_flow_spec * spec,struct flow_cls_offload * f,struct net_device * filter_dev,u8 * inner_match_level,u8 * outer_match_level)2057 static int __parse_cls_flower(struct mlx5e_priv *priv,
2058 struct mlx5e_tc_flow *flow,
2059 struct mlx5_flow_spec *spec,
2060 struct flow_cls_offload *f,
2061 struct net_device *filter_dev,
2062 u8 *inner_match_level, u8 *outer_match_level)
2063 {
2064 struct netlink_ext_ack *extack = f->common.extack;
2065 void *headers_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria,
2066 outer_headers);
2067 void *headers_v = MLX5_ADDR_OF(fte_match_param, spec->match_value,
2068 outer_headers);
2069 void *misc_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria,
2070 misc_parameters);
2071 void *misc_v = MLX5_ADDR_OF(fte_match_param, spec->match_value,
2072 misc_parameters);
2073 void *misc_c_3 = MLX5_ADDR_OF(fte_match_param, spec->match_criteria,
2074 misc_parameters_3);
2075 void *misc_v_3 = MLX5_ADDR_OF(fte_match_param, spec->match_value,
2076 misc_parameters_3);
2077 struct flow_rule *rule = flow_cls_offload_flow_rule(f);
2078 struct flow_dissector *dissector = rule->match.dissector;
2079 enum fs_flow_table_type fs_type;
2080 u16 addr_type = 0;
2081 u8 ip_proto = 0;
2082 u8 *match_level;
2083 int err;
2084
2085 fs_type = mlx5e_is_eswitch_flow(flow) ? FS_FT_FDB : FS_FT_NIC_RX;
2086 match_level = outer_match_level;
2087
2088 if (dissector->used_keys &
2089 ~(BIT(FLOW_DISSECTOR_KEY_META) |
2090 BIT(FLOW_DISSECTOR_KEY_CONTROL) |
2091 BIT(FLOW_DISSECTOR_KEY_BASIC) |
2092 BIT(FLOW_DISSECTOR_KEY_ETH_ADDRS) |
2093 BIT(FLOW_DISSECTOR_KEY_VLAN) |
2094 BIT(FLOW_DISSECTOR_KEY_CVLAN) |
2095 BIT(FLOW_DISSECTOR_KEY_IPV4_ADDRS) |
2096 BIT(FLOW_DISSECTOR_KEY_IPV6_ADDRS) |
2097 BIT(FLOW_DISSECTOR_KEY_PORTS) |
2098 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) |
2099 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) |
2100 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) |
2101 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS) |
2102 BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) |
2103 BIT(FLOW_DISSECTOR_KEY_TCP) |
2104 BIT(FLOW_DISSECTOR_KEY_IP) |
2105 BIT(FLOW_DISSECTOR_KEY_CT) |
2106 BIT(FLOW_DISSECTOR_KEY_ENC_IP) |
2107 BIT(FLOW_DISSECTOR_KEY_ENC_OPTS) |
2108 BIT(FLOW_DISSECTOR_KEY_ICMP) |
2109 BIT(FLOW_DISSECTOR_KEY_MPLS))) {
2110 NL_SET_ERR_MSG_MOD(extack, "Unsupported key");
2111 netdev_dbg(priv->netdev, "Unsupported key used: 0x%x\n",
2112 dissector->used_keys);
2113 return -EOPNOTSUPP;
2114 }
2115
2116 if (mlx5e_get_tc_tun(filter_dev)) {
2117 bool match_inner = false;
2118
2119 err = parse_tunnel_attr(priv, flow, spec, f, filter_dev,
2120 outer_match_level, &match_inner);
2121 if (err)
2122 return err;
2123
2124 if (match_inner) {
2125 /* header pointers should point to the inner headers
2126 * if the packet was decapsulated already.
2127 * outer headers are set by parse_tunnel_attr.
2128 */
2129 match_level = inner_match_level;
2130 headers_c = get_match_inner_headers_criteria(spec);
2131 headers_v = get_match_inner_headers_value(spec);
2132 }
2133 }
2134
2135 err = mlx5e_flower_parse_meta(filter_dev, f);
2136 if (err)
2137 return err;
2138
2139 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC) &&
2140 !skip_key_basic(filter_dev, f)) {
2141 struct flow_match_basic match;
2142
2143 flow_rule_match_basic(rule, &match);
2144 mlx5e_tc_set_ethertype(priv->mdev, &match,
2145 match_level == outer_match_level,
2146 headers_c, headers_v);
2147
2148 if (match.mask->n_proto)
2149 *match_level = MLX5_MATCH_L2;
2150 }
2151 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN) ||
2152 is_vlan_dev(filter_dev)) {
2153 struct flow_dissector_key_vlan filter_dev_mask;
2154 struct flow_dissector_key_vlan filter_dev_key;
2155 struct flow_match_vlan match;
2156
2157 if (is_vlan_dev(filter_dev)) {
2158 match.key = &filter_dev_key;
2159 match.key->vlan_id = vlan_dev_vlan_id(filter_dev);
2160 match.key->vlan_tpid = vlan_dev_vlan_proto(filter_dev);
2161 match.key->vlan_priority = 0;
2162 match.mask = &filter_dev_mask;
2163 memset(match.mask, 0xff, sizeof(*match.mask));
2164 match.mask->vlan_priority = 0;
2165 } else {
2166 flow_rule_match_vlan(rule, &match);
2167 }
2168 if (match.mask->vlan_id ||
2169 match.mask->vlan_priority ||
2170 match.mask->vlan_tpid) {
2171 if (match.key->vlan_tpid == htons(ETH_P_8021AD)) {
2172 MLX5_SET(fte_match_set_lyr_2_4, headers_c,
2173 svlan_tag, 1);
2174 MLX5_SET(fte_match_set_lyr_2_4, headers_v,
2175 svlan_tag, 1);
2176 } else {
2177 MLX5_SET(fte_match_set_lyr_2_4, headers_c,
2178 cvlan_tag, 1);
2179 MLX5_SET(fte_match_set_lyr_2_4, headers_v,
2180 cvlan_tag, 1);
2181 }
2182
2183 MLX5_SET(fte_match_set_lyr_2_4, headers_c, first_vid,
2184 match.mask->vlan_id);
2185 MLX5_SET(fte_match_set_lyr_2_4, headers_v, first_vid,
2186 match.key->vlan_id);
2187
2188 MLX5_SET(fte_match_set_lyr_2_4, headers_c, first_prio,
2189 match.mask->vlan_priority);
2190 MLX5_SET(fte_match_set_lyr_2_4, headers_v, first_prio,
2191 match.key->vlan_priority);
2192
2193 *match_level = MLX5_MATCH_L2;
2194 }
2195 } else if (*match_level != MLX5_MATCH_NONE) {
2196 /* cvlan_tag enabled in match criteria and
2197 * disabled in match value means both S & C tags
2198 * don't exist (untagged of both)
2199 */
2200 MLX5_SET(fte_match_set_lyr_2_4, headers_c, cvlan_tag, 1);
2201 *match_level = MLX5_MATCH_L2;
2202 }
2203
2204 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CVLAN)) {
2205 struct flow_match_vlan match;
2206
2207 flow_rule_match_cvlan(rule, &match);
2208 if (match.mask->vlan_id ||
2209 match.mask->vlan_priority ||
2210 match.mask->vlan_tpid) {
2211 if (!MLX5_CAP_FLOWTABLE_TYPE(priv->mdev, ft_field_support.outer_second_vid,
2212 fs_type)) {
2213 NL_SET_ERR_MSG_MOD(extack,
2214 "Matching on CVLAN is not supported");
2215 return -EOPNOTSUPP;
2216 }
2217
2218 if (match.key->vlan_tpid == htons(ETH_P_8021AD)) {
2219 MLX5_SET(fte_match_set_misc, misc_c,
2220 outer_second_svlan_tag, 1);
2221 MLX5_SET(fte_match_set_misc, misc_v,
2222 outer_second_svlan_tag, 1);
2223 } else {
2224 MLX5_SET(fte_match_set_misc, misc_c,
2225 outer_second_cvlan_tag, 1);
2226 MLX5_SET(fte_match_set_misc, misc_v,
2227 outer_second_cvlan_tag, 1);
2228 }
2229
2230 MLX5_SET(fte_match_set_misc, misc_c, outer_second_vid,
2231 match.mask->vlan_id);
2232 MLX5_SET(fte_match_set_misc, misc_v, outer_second_vid,
2233 match.key->vlan_id);
2234 MLX5_SET(fte_match_set_misc, misc_c, outer_second_prio,
2235 match.mask->vlan_priority);
2236 MLX5_SET(fte_match_set_misc, misc_v, outer_second_prio,
2237 match.key->vlan_priority);
2238
2239 *match_level = MLX5_MATCH_L2;
2240 spec->match_criteria_enable |= MLX5_MATCH_MISC_PARAMETERS;
2241 }
2242 }
2243
2244 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
2245 struct flow_match_eth_addrs match;
2246
2247 flow_rule_match_eth_addrs(rule, &match);
2248 ether_addr_copy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_c,
2249 dmac_47_16),
2250 match.mask->dst);
2251 ether_addr_copy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_v,
2252 dmac_47_16),
2253 match.key->dst);
2254
2255 ether_addr_copy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_c,
2256 smac_47_16),
2257 match.mask->src);
2258 ether_addr_copy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_v,
2259 smac_47_16),
2260 match.key->src);
2261
2262 if (!is_zero_ether_addr(match.mask->src) ||
2263 !is_zero_ether_addr(match.mask->dst))
2264 *match_level = MLX5_MATCH_L2;
2265 }
2266
2267 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) {
2268 struct flow_match_control match;
2269
2270 flow_rule_match_control(rule, &match);
2271 addr_type = match.key->addr_type;
2272
2273 /* the HW doesn't support frag first/later */
2274 if (match.mask->flags & FLOW_DIS_FIRST_FRAG)
2275 return -EOPNOTSUPP;
2276
2277 if (match.mask->flags & FLOW_DIS_IS_FRAGMENT) {
2278 MLX5_SET(fte_match_set_lyr_2_4, headers_c, frag, 1);
2279 MLX5_SET(fte_match_set_lyr_2_4, headers_v, frag,
2280 match.key->flags & FLOW_DIS_IS_FRAGMENT);
2281
2282 /* the HW doesn't need L3 inline to match on frag=no */
2283 if (!(match.key->flags & FLOW_DIS_IS_FRAGMENT))
2284 *match_level = MLX5_MATCH_L2;
2285 /* *** L2 attributes parsing up to here *** */
2286 else
2287 *match_level = MLX5_MATCH_L3;
2288 }
2289 }
2290
2291 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
2292 struct flow_match_basic match;
2293
2294 flow_rule_match_basic(rule, &match);
2295 ip_proto = match.key->ip_proto;
2296
2297 MLX5_SET(fte_match_set_lyr_2_4, headers_c, ip_protocol,
2298 match.mask->ip_proto);
2299 MLX5_SET(fte_match_set_lyr_2_4, headers_v, ip_protocol,
2300 match.key->ip_proto);
2301
2302 if (match.mask->ip_proto)
2303 *match_level = MLX5_MATCH_L3;
2304 }
2305
2306 if (addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
2307 struct flow_match_ipv4_addrs match;
2308
2309 flow_rule_match_ipv4_addrs(rule, &match);
2310 memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_c,
2311 src_ipv4_src_ipv6.ipv4_layout.ipv4),
2312 &match.mask->src, sizeof(match.mask->src));
2313 memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_v,
2314 src_ipv4_src_ipv6.ipv4_layout.ipv4),
2315 &match.key->src, sizeof(match.key->src));
2316 memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_c,
2317 dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
2318 &match.mask->dst, sizeof(match.mask->dst));
2319 memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_v,
2320 dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
2321 &match.key->dst, sizeof(match.key->dst));
2322
2323 if (match.mask->src || match.mask->dst)
2324 *match_level = MLX5_MATCH_L3;
2325 }
2326
2327 if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
2328 struct flow_match_ipv6_addrs match;
2329
2330 flow_rule_match_ipv6_addrs(rule, &match);
2331 memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_c,
2332 src_ipv4_src_ipv6.ipv6_layout.ipv6),
2333 &match.mask->src, sizeof(match.mask->src));
2334 memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_v,
2335 src_ipv4_src_ipv6.ipv6_layout.ipv6),
2336 &match.key->src, sizeof(match.key->src));
2337
2338 memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_c,
2339 dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
2340 &match.mask->dst, sizeof(match.mask->dst));
2341 memcpy(MLX5_ADDR_OF(fte_match_set_lyr_2_4, headers_v,
2342 dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
2343 &match.key->dst, sizeof(match.key->dst));
2344
2345 if (ipv6_addr_type(&match.mask->src) != IPV6_ADDR_ANY ||
2346 ipv6_addr_type(&match.mask->dst) != IPV6_ADDR_ANY)
2347 *match_level = MLX5_MATCH_L3;
2348 }
2349
2350 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) {
2351 struct flow_match_ip match;
2352
2353 flow_rule_match_ip(rule, &match);
2354 MLX5_SET(fte_match_set_lyr_2_4, headers_c, ip_ecn,
2355 match.mask->tos & 0x3);
2356 MLX5_SET(fte_match_set_lyr_2_4, headers_v, ip_ecn,
2357 match.key->tos & 0x3);
2358
2359 MLX5_SET(fte_match_set_lyr_2_4, headers_c, ip_dscp,
2360 match.mask->tos >> 2);
2361 MLX5_SET(fte_match_set_lyr_2_4, headers_v, ip_dscp,
2362 match.key->tos >> 2);
2363
2364 MLX5_SET(fte_match_set_lyr_2_4, headers_c, ttl_hoplimit,
2365 match.mask->ttl);
2366 MLX5_SET(fte_match_set_lyr_2_4, headers_v, ttl_hoplimit,
2367 match.key->ttl);
2368
2369 if (match.mask->ttl &&
2370 !MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev,
2371 ft_field_support.outer_ipv4_ttl)) {
2372 NL_SET_ERR_MSG_MOD(extack,
2373 "Matching on TTL is not supported");
2374 return -EOPNOTSUPP;
2375 }
2376
2377 if (match.mask->tos || match.mask->ttl)
2378 *match_level = MLX5_MATCH_L3;
2379 }
2380
2381 /* *** L3 attributes parsing up to here *** */
2382
2383 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS)) {
2384 struct flow_match_ports match;
2385
2386 flow_rule_match_ports(rule, &match);
2387 switch (ip_proto) {
2388 case IPPROTO_TCP:
2389 MLX5_SET(fte_match_set_lyr_2_4, headers_c,
2390 tcp_sport, ntohs(match.mask->src));
2391 MLX5_SET(fte_match_set_lyr_2_4, headers_v,
2392 tcp_sport, ntohs(match.key->src));
2393
2394 MLX5_SET(fte_match_set_lyr_2_4, headers_c,
2395 tcp_dport, ntohs(match.mask->dst));
2396 MLX5_SET(fte_match_set_lyr_2_4, headers_v,
2397 tcp_dport, ntohs(match.key->dst));
2398 break;
2399
2400 case IPPROTO_UDP:
2401 MLX5_SET(fte_match_set_lyr_2_4, headers_c,
2402 udp_sport, ntohs(match.mask->src));
2403 MLX5_SET(fte_match_set_lyr_2_4, headers_v,
2404 udp_sport, ntohs(match.key->src));
2405
2406 MLX5_SET(fte_match_set_lyr_2_4, headers_c,
2407 udp_dport, ntohs(match.mask->dst));
2408 MLX5_SET(fte_match_set_lyr_2_4, headers_v,
2409 udp_dport, ntohs(match.key->dst));
2410 break;
2411 default:
2412 NL_SET_ERR_MSG_MOD(extack,
2413 "Only UDP and TCP transports are supported for L4 matching");
2414 netdev_err(priv->netdev,
2415 "Only UDP and TCP transport are supported\n");
2416 return -EINVAL;
2417 }
2418
2419 if (match.mask->src || match.mask->dst)
2420 *match_level = MLX5_MATCH_L4;
2421 }
2422
2423 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_TCP)) {
2424 struct flow_match_tcp match;
2425
2426 flow_rule_match_tcp(rule, &match);
2427 MLX5_SET(fte_match_set_lyr_2_4, headers_c, tcp_flags,
2428 ntohs(match.mask->flags));
2429 MLX5_SET(fte_match_set_lyr_2_4, headers_v, tcp_flags,
2430 ntohs(match.key->flags));
2431
2432 if (match.mask->flags)
2433 *match_level = MLX5_MATCH_L4;
2434 }
2435 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ICMP)) {
2436 struct flow_match_icmp match;
2437
2438 flow_rule_match_icmp(rule, &match);
2439 switch (ip_proto) {
2440 case IPPROTO_ICMP:
2441 if (!(MLX5_CAP_GEN(priv->mdev, flex_parser_protocols) &
2442 MLX5_FLEX_PROTO_ICMP))
2443 return -EOPNOTSUPP;
2444 MLX5_SET(fte_match_set_misc3, misc_c_3, icmp_type,
2445 match.mask->type);
2446 MLX5_SET(fte_match_set_misc3, misc_v_3, icmp_type,
2447 match.key->type);
2448 MLX5_SET(fte_match_set_misc3, misc_c_3, icmp_code,
2449 match.mask->code);
2450 MLX5_SET(fte_match_set_misc3, misc_v_3, icmp_code,
2451 match.key->code);
2452 break;
2453 case IPPROTO_ICMPV6:
2454 if (!(MLX5_CAP_GEN(priv->mdev, flex_parser_protocols) &
2455 MLX5_FLEX_PROTO_ICMPV6))
2456 return -EOPNOTSUPP;
2457 MLX5_SET(fte_match_set_misc3, misc_c_3, icmpv6_type,
2458 match.mask->type);
2459 MLX5_SET(fte_match_set_misc3, misc_v_3, icmpv6_type,
2460 match.key->type);
2461 MLX5_SET(fte_match_set_misc3, misc_c_3, icmpv6_code,
2462 match.mask->code);
2463 MLX5_SET(fte_match_set_misc3, misc_v_3, icmpv6_code,
2464 match.key->code);
2465 break;
2466 default:
2467 NL_SET_ERR_MSG_MOD(extack,
2468 "Code and type matching only with ICMP and ICMPv6");
2469 netdev_err(priv->netdev,
2470 "Code and type matching only with ICMP and ICMPv6\n");
2471 return -EINVAL;
2472 }
2473 if (match.mask->code || match.mask->type) {
2474 *match_level = MLX5_MATCH_L4;
2475 spec->match_criteria_enable |= MLX5_MATCH_MISC_PARAMETERS_3;
2476 }
2477 }
2478 /* Currently supported only for MPLS over UDP */
2479 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_MPLS) &&
2480 !netif_is_bareudp(filter_dev)) {
2481 NL_SET_ERR_MSG_MOD(extack,
2482 "Matching on MPLS is supported only for MPLS over UDP");
2483 netdev_err(priv->netdev,
2484 "Matching on MPLS is supported only for MPLS over UDP\n");
2485 return -EOPNOTSUPP;
2486 }
2487
2488 return 0;
2489 }
2490
parse_cls_flower(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow,struct mlx5_flow_spec * spec,struct flow_cls_offload * f,struct net_device * filter_dev)2491 static int parse_cls_flower(struct mlx5e_priv *priv,
2492 struct mlx5e_tc_flow *flow,
2493 struct mlx5_flow_spec *spec,
2494 struct flow_cls_offload *f,
2495 struct net_device *filter_dev)
2496 {
2497 u8 inner_match_level, outer_match_level, non_tunnel_match_level;
2498 struct netlink_ext_ack *extack = f->common.extack;
2499 struct mlx5_core_dev *dev = priv->mdev;
2500 struct mlx5_eswitch *esw = dev->priv.eswitch;
2501 struct mlx5e_rep_priv *rpriv = priv->ppriv;
2502 struct mlx5_eswitch_rep *rep;
2503 bool is_eswitch_flow;
2504 int err;
2505
2506 inner_match_level = MLX5_MATCH_NONE;
2507 outer_match_level = MLX5_MATCH_NONE;
2508
2509 err = __parse_cls_flower(priv, flow, spec, f, filter_dev,
2510 &inner_match_level, &outer_match_level);
2511 non_tunnel_match_level = (inner_match_level == MLX5_MATCH_NONE) ?
2512 outer_match_level : inner_match_level;
2513
2514 is_eswitch_flow = mlx5e_is_eswitch_flow(flow);
2515 if (!err && is_eswitch_flow) {
2516 rep = rpriv->rep;
2517 if (rep->vport != MLX5_VPORT_UPLINK &&
2518 (esw->offloads.inline_mode != MLX5_INLINE_MODE_NONE &&
2519 esw->offloads.inline_mode < non_tunnel_match_level)) {
2520 NL_SET_ERR_MSG_MOD(extack,
2521 "Flow is not offloaded due to min inline setting");
2522 netdev_warn(priv->netdev,
2523 "Flow is not offloaded due to min inline setting, required %d actual %d\n",
2524 non_tunnel_match_level, esw->offloads.inline_mode);
2525 return -EOPNOTSUPP;
2526 }
2527 }
2528
2529 flow->attr->inner_match_level = inner_match_level;
2530 flow->attr->outer_match_level = outer_match_level;
2531
2532
2533 return err;
2534 }
2535
2536 struct pedit_headers {
2537 struct ethhdr eth;
2538 struct vlan_hdr vlan;
2539 struct iphdr ip4;
2540 struct ipv6hdr ip6;
2541 struct tcphdr tcp;
2542 struct udphdr udp;
2543 };
2544
2545 struct pedit_headers_action {
2546 struct pedit_headers vals;
2547 struct pedit_headers masks;
2548 u32 pedits;
2549 };
2550
2551 static int pedit_header_offsets[] = {
2552 [FLOW_ACT_MANGLE_HDR_TYPE_ETH] = offsetof(struct pedit_headers, eth),
2553 [FLOW_ACT_MANGLE_HDR_TYPE_IP4] = offsetof(struct pedit_headers, ip4),
2554 [FLOW_ACT_MANGLE_HDR_TYPE_IP6] = offsetof(struct pedit_headers, ip6),
2555 [FLOW_ACT_MANGLE_HDR_TYPE_TCP] = offsetof(struct pedit_headers, tcp),
2556 [FLOW_ACT_MANGLE_HDR_TYPE_UDP] = offsetof(struct pedit_headers, udp),
2557 };
2558
2559 #define pedit_header(_ph, _htype) ((void *)(_ph) + pedit_header_offsets[_htype])
2560
set_pedit_val(u8 hdr_type,u32 mask,u32 val,u32 offset,struct pedit_headers_action * hdrs)2561 static int set_pedit_val(u8 hdr_type, u32 mask, u32 val, u32 offset,
2562 struct pedit_headers_action *hdrs)
2563 {
2564 u32 *curr_pmask, *curr_pval;
2565
2566 curr_pmask = (u32 *)(pedit_header(&hdrs->masks, hdr_type) + offset);
2567 curr_pval = (u32 *)(pedit_header(&hdrs->vals, hdr_type) + offset);
2568
2569 if (*curr_pmask & mask) /* disallow acting twice on the same location */
2570 goto out_err;
2571
2572 *curr_pmask |= mask;
2573 *curr_pval |= (val & mask);
2574
2575 return 0;
2576
2577 out_err:
2578 return -EOPNOTSUPP;
2579 }
2580
2581 struct mlx5_fields {
2582 u8 field;
2583 u8 field_bsize;
2584 u32 field_mask;
2585 u32 offset;
2586 u32 match_offset;
2587 };
2588
2589 #define OFFLOAD(fw_field, field_bsize, field_mask, field, off, match_field) \
2590 {MLX5_ACTION_IN_FIELD_OUT_ ## fw_field, field_bsize, field_mask, \
2591 offsetof(struct pedit_headers, field) + (off), \
2592 MLX5_BYTE_OFF(fte_match_set_lyr_2_4, match_field)}
2593
2594 /* masked values are the same and there are no rewrites that do not have a
2595 * match.
2596 */
2597 #define SAME_VAL_MASK(type, valp, maskp, matchvalp, matchmaskp) ({ \
2598 type matchmaskx = *(type *)(matchmaskp); \
2599 type matchvalx = *(type *)(matchvalp); \
2600 type maskx = *(type *)(maskp); \
2601 type valx = *(type *)(valp); \
2602 \
2603 (valx & maskx) == (matchvalx & matchmaskx) && !(maskx & (maskx ^ \
2604 matchmaskx)); \
2605 })
2606
cmp_val_mask(void * valp,void * maskp,void * matchvalp,void * matchmaskp,u8 bsize)2607 static bool cmp_val_mask(void *valp, void *maskp, void *matchvalp,
2608 void *matchmaskp, u8 bsize)
2609 {
2610 bool same = false;
2611
2612 switch (bsize) {
2613 case 8:
2614 same = SAME_VAL_MASK(u8, valp, maskp, matchvalp, matchmaskp);
2615 break;
2616 case 16:
2617 same = SAME_VAL_MASK(u16, valp, maskp, matchvalp, matchmaskp);
2618 break;
2619 case 32:
2620 same = SAME_VAL_MASK(u32, valp, maskp, matchvalp, matchmaskp);
2621 break;
2622 }
2623
2624 return same;
2625 }
2626
2627 static struct mlx5_fields fields[] = {
2628 OFFLOAD(DMAC_47_16, 32, U32_MAX, eth.h_dest[0], 0, dmac_47_16),
2629 OFFLOAD(DMAC_15_0, 16, U16_MAX, eth.h_dest[4], 0, dmac_15_0),
2630 OFFLOAD(SMAC_47_16, 32, U32_MAX, eth.h_source[0], 0, smac_47_16),
2631 OFFLOAD(SMAC_15_0, 16, U16_MAX, eth.h_source[4], 0, smac_15_0),
2632 OFFLOAD(ETHERTYPE, 16, U16_MAX, eth.h_proto, 0, ethertype),
2633 OFFLOAD(FIRST_VID, 16, U16_MAX, vlan.h_vlan_TCI, 0, first_vid),
2634
2635 OFFLOAD(IP_DSCP, 8, 0xfc, ip4.tos, 0, ip_dscp),
2636 OFFLOAD(IP_TTL, 8, U8_MAX, ip4.ttl, 0, ttl_hoplimit),
2637 OFFLOAD(SIPV4, 32, U32_MAX, ip4.saddr, 0, src_ipv4_src_ipv6.ipv4_layout.ipv4),
2638 OFFLOAD(DIPV4, 32, U32_MAX, ip4.daddr, 0, dst_ipv4_dst_ipv6.ipv4_layout.ipv4),
2639
2640 OFFLOAD(SIPV6_127_96, 32, U32_MAX, ip6.saddr.s6_addr32[0], 0,
2641 src_ipv4_src_ipv6.ipv6_layout.ipv6[0]),
2642 OFFLOAD(SIPV6_95_64, 32, U32_MAX, ip6.saddr.s6_addr32[1], 0,
2643 src_ipv4_src_ipv6.ipv6_layout.ipv6[4]),
2644 OFFLOAD(SIPV6_63_32, 32, U32_MAX, ip6.saddr.s6_addr32[2], 0,
2645 src_ipv4_src_ipv6.ipv6_layout.ipv6[8]),
2646 OFFLOAD(SIPV6_31_0, 32, U32_MAX, ip6.saddr.s6_addr32[3], 0,
2647 src_ipv4_src_ipv6.ipv6_layout.ipv6[12]),
2648 OFFLOAD(DIPV6_127_96, 32, U32_MAX, ip6.daddr.s6_addr32[0], 0,
2649 dst_ipv4_dst_ipv6.ipv6_layout.ipv6[0]),
2650 OFFLOAD(DIPV6_95_64, 32, U32_MAX, ip6.daddr.s6_addr32[1], 0,
2651 dst_ipv4_dst_ipv6.ipv6_layout.ipv6[4]),
2652 OFFLOAD(DIPV6_63_32, 32, U32_MAX, ip6.daddr.s6_addr32[2], 0,
2653 dst_ipv4_dst_ipv6.ipv6_layout.ipv6[8]),
2654 OFFLOAD(DIPV6_31_0, 32, U32_MAX, ip6.daddr.s6_addr32[3], 0,
2655 dst_ipv4_dst_ipv6.ipv6_layout.ipv6[12]),
2656 OFFLOAD(IPV6_HOPLIMIT, 8, U8_MAX, ip6.hop_limit, 0, ttl_hoplimit),
2657 OFFLOAD(IP_DSCP, 16, 0xc00f, ip6, 0, ip_dscp),
2658
2659 OFFLOAD(TCP_SPORT, 16, U16_MAX, tcp.source, 0, tcp_sport),
2660 OFFLOAD(TCP_DPORT, 16, U16_MAX, tcp.dest, 0, tcp_dport),
2661 /* in linux iphdr tcp_flags is 8 bits long */
2662 OFFLOAD(TCP_FLAGS, 8, U8_MAX, tcp.ack_seq, 5, tcp_flags),
2663
2664 OFFLOAD(UDP_SPORT, 16, U16_MAX, udp.source, 0, udp_sport),
2665 OFFLOAD(UDP_DPORT, 16, U16_MAX, udp.dest, 0, udp_dport),
2666 };
2667
mask_to_le(unsigned long mask,int size)2668 static unsigned long mask_to_le(unsigned long mask, int size)
2669 {
2670 __be32 mask_be32;
2671 __be16 mask_be16;
2672
2673 if (size == 32) {
2674 mask_be32 = (__force __be32)(mask);
2675 mask = (__force unsigned long)cpu_to_le32(be32_to_cpu(mask_be32));
2676 } else if (size == 16) {
2677 mask_be32 = (__force __be32)(mask);
2678 mask_be16 = *(__be16 *)&mask_be32;
2679 mask = (__force unsigned long)cpu_to_le16(be16_to_cpu(mask_be16));
2680 }
2681
2682 return mask;
2683 }
offload_pedit_fields(struct mlx5e_priv * priv,int namespace,struct pedit_headers_action * hdrs,struct mlx5e_tc_flow_parse_attr * parse_attr,u32 * action_flags,struct netlink_ext_ack * extack)2684 static int offload_pedit_fields(struct mlx5e_priv *priv,
2685 int namespace,
2686 struct pedit_headers_action *hdrs,
2687 struct mlx5e_tc_flow_parse_attr *parse_attr,
2688 u32 *action_flags,
2689 struct netlink_ext_ack *extack)
2690 {
2691 struct pedit_headers *set_masks, *add_masks, *set_vals, *add_vals;
2692 int i, action_size, first, last, next_z;
2693 void *headers_c, *headers_v, *action, *vals_p;
2694 u32 *s_masks_p, *a_masks_p, s_mask, a_mask;
2695 struct mlx5e_tc_mod_hdr_acts *mod_acts;
2696 struct mlx5_fields *f;
2697 unsigned long mask, field_mask;
2698 int err;
2699 u8 cmd;
2700
2701 mod_acts = &parse_attr->mod_hdr_acts;
2702 headers_c = get_match_headers_criteria(*action_flags, &parse_attr->spec);
2703 headers_v = get_match_headers_value(*action_flags, &parse_attr->spec);
2704
2705 set_masks = &hdrs[0].masks;
2706 add_masks = &hdrs[1].masks;
2707 set_vals = &hdrs[0].vals;
2708 add_vals = &hdrs[1].vals;
2709
2710 action_size = MLX5_UN_SZ_BYTES(set_add_copy_action_in_auto);
2711
2712 for (i = 0; i < ARRAY_SIZE(fields); i++) {
2713 bool skip;
2714
2715 f = &fields[i];
2716 /* avoid seeing bits set from previous iterations */
2717 s_mask = 0;
2718 a_mask = 0;
2719
2720 s_masks_p = (void *)set_masks + f->offset;
2721 a_masks_p = (void *)add_masks + f->offset;
2722
2723 s_mask = *s_masks_p & f->field_mask;
2724 a_mask = *a_masks_p & f->field_mask;
2725
2726 if (!s_mask && !a_mask) /* nothing to offload here */
2727 continue;
2728
2729 if (s_mask && a_mask) {
2730 NL_SET_ERR_MSG_MOD(extack,
2731 "can't set and add to the same HW field");
2732 netdev_warn(priv->netdev,
2733 "mlx5: can't set and add to the same HW field (%x)\n",
2734 f->field);
2735 return -EOPNOTSUPP;
2736 }
2737
2738 skip = false;
2739 if (s_mask) {
2740 void *match_mask = headers_c + f->match_offset;
2741 void *match_val = headers_v + f->match_offset;
2742
2743 cmd = MLX5_ACTION_TYPE_SET;
2744 mask = s_mask;
2745 vals_p = (void *)set_vals + f->offset;
2746 /* don't rewrite if we have a match on the same value */
2747 if (cmp_val_mask(vals_p, s_masks_p, match_val,
2748 match_mask, f->field_bsize))
2749 skip = true;
2750 /* clear to denote we consumed this field */
2751 *s_masks_p &= ~f->field_mask;
2752 } else {
2753 cmd = MLX5_ACTION_TYPE_ADD;
2754 mask = a_mask;
2755 vals_p = (void *)add_vals + f->offset;
2756 /* add 0 is no change */
2757 if ((*(u32 *)vals_p & f->field_mask) == 0)
2758 skip = true;
2759 /* clear to denote we consumed this field */
2760 *a_masks_p &= ~f->field_mask;
2761 }
2762 if (skip)
2763 continue;
2764
2765 mask = mask_to_le(mask, f->field_bsize);
2766
2767 first = find_first_bit(&mask, f->field_bsize);
2768 next_z = find_next_zero_bit(&mask, f->field_bsize, first);
2769 last = find_last_bit(&mask, f->field_bsize);
2770 if (first < next_z && next_z < last) {
2771 NL_SET_ERR_MSG_MOD(extack,
2772 "rewrite of few sub-fields isn't supported");
2773 netdev_warn(priv->netdev,
2774 "mlx5: rewrite of few sub-fields (mask %lx) isn't offloaded\n",
2775 mask);
2776 return -EOPNOTSUPP;
2777 }
2778
2779 err = alloc_mod_hdr_actions(priv->mdev, namespace, mod_acts);
2780 if (err) {
2781 NL_SET_ERR_MSG_MOD(extack,
2782 "too many pedit actions, can't offload");
2783 mlx5_core_warn(priv->mdev,
2784 "mlx5: parsed %d pedit actions, can't do more\n",
2785 mod_acts->num_actions);
2786 return err;
2787 }
2788
2789 action = mod_acts->actions +
2790 (mod_acts->num_actions * action_size);
2791 MLX5_SET(set_action_in, action, action_type, cmd);
2792 MLX5_SET(set_action_in, action, field, f->field);
2793
2794 if (cmd == MLX5_ACTION_TYPE_SET) {
2795 int start;
2796
2797 field_mask = mask_to_le(f->field_mask, f->field_bsize);
2798
2799 /* if field is bit sized it can start not from first bit */
2800 start = find_first_bit(&field_mask, f->field_bsize);
2801
2802 MLX5_SET(set_action_in, action, offset, first - start);
2803 /* length is num of bits to be written, zero means length of 32 */
2804 MLX5_SET(set_action_in, action, length, (last - first + 1));
2805 }
2806
2807 if (f->field_bsize == 32)
2808 MLX5_SET(set_action_in, action, data, ntohl(*(__be32 *)vals_p) >> first);
2809 else if (f->field_bsize == 16)
2810 MLX5_SET(set_action_in, action, data, ntohs(*(__be16 *)vals_p) >> first);
2811 else if (f->field_bsize == 8)
2812 MLX5_SET(set_action_in, action, data, *(u8 *)vals_p >> first);
2813
2814 ++mod_acts->num_actions;
2815 }
2816
2817 return 0;
2818 }
2819
mlx5e_flow_namespace_max_modify_action(struct mlx5_core_dev * mdev,int namespace)2820 static int mlx5e_flow_namespace_max_modify_action(struct mlx5_core_dev *mdev,
2821 int namespace)
2822 {
2823 if (namespace == MLX5_FLOW_NAMESPACE_FDB) /* FDB offloading */
2824 return MLX5_CAP_ESW_FLOWTABLE_FDB(mdev, max_modify_header_actions);
2825 else /* namespace is MLX5_FLOW_NAMESPACE_KERNEL - NIC offloading */
2826 return MLX5_CAP_FLOWTABLE_NIC_RX(mdev, max_modify_header_actions);
2827 }
2828
alloc_mod_hdr_actions(struct mlx5_core_dev * mdev,int namespace,struct mlx5e_tc_mod_hdr_acts * mod_hdr_acts)2829 int alloc_mod_hdr_actions(struct mlx5_core_dev *mdev,
2830 int namespace,
2831 struct mlx5e_tc_mod_hdr_acts *mod_hdr_acts)
2832 {
2833 int action_size, new_num_actions, max_hw_actions;
2834 size_t new_sz, old_sz;
2835 void *ret;
2836
2837 if (mod_hdr_acts->num_actions < mod_hdr_acts->max_actions)
2838 return 0;
2839
2840 action_size = MLX5_UN_SZ_BYTES(set_add_copy_action_in_auto);
2841
2842 max_hw_actions = mlx5e_flow_namespace_max_modify_action(mdev,
2843 namespace);
2844 new_num_actions = min(max_hw_actions,
2845 mod_hdr_acts->actions ?
2846 mod_hdr_acts->max_actions * 2 : 1);
2847 if (mod_hdr_acts->max_actions == new_num_actions)
2848 return -ENOSPC;
2849
2850 new_sz = action_size * new_num_actions;
2851 old_sz = mod_hdr_acts->max_actions * action_size;
2852 ret = krealloc(mod_hdr_acts->actions, new_sz, GFP_KERNEL);
2853 if (!ret)
2854 return -ENOMEM;
2855
2856 memset(ret + old_sz, 0, new_sz - old_sz);
2857 mod_hdr_acts->actions = ret;
2858 mod_hdr_acts->max_actions = new_num_actions;
2859
2860 return 0;
2861 }
2862
dealloc_mod_hdr_actions(struct mlx5e_tc_mod_hdr_acts * mod_hdr_acts)2863 void dealloc_mod_hdr_actions(struct mlx5e_tc_mod_hdr_acts *mod_hdr_acts)
2864 {
2865 kfree(mod_hdr_acts->actions);
2866 mod_hdr_acts->actions = NULL;
2867 mod_hdr_acts->num_actions = 0;
2868 mod_hdr_acts->max_actions = 0;
2869 }
2870
2871 static const struct pedit_headers zero_masks = {};
2872
2873 static int
parse_pedit_to_modify_hdr(struct mlx5e_priv * priv,const struct flow_action_entry * act,int namespace,struct mlx5e_tc_flow_parse_attr * parse_attr,struct pedit_headers_action * hdrs,struct netlink_ext_ack * extack)2874 parse_pedit_to_modify_hdr(struct mlx5e_priv *priv,
2875 const struct flow_action_entry *act, int namespace,
2876 struct mlx5e_tc_flow_parse_attr *parse_attr,
2877 struct pedit_headers_action *hdrs,
2878 struct netlink_ext_ack *extack)
2879 {
2880 u8 cmd = (act->id == FLOW_ACTION_MANGLE) ? 0 : 1;
2881 int err = -EOPNOTSUPP;
2882 u32 mask, val, offset;
2883 u8 htype;
2884
2885 htype = act->mangle.htype;
2886 err = -EOPNOTSUPP; /* can't be all optimistic */
2887
2888 if (htype == FLOW_ACT_MANGLE_UNSPEC) {
2889 NL_SET_ERR_MSG_MOD(extack, "legacy pedit isn't offloaded");
2890 goto out_err;
2891 }
2892
2893 if (!mlx5e_flow_namespace_max_modify_action(priv->mdev, namespace)) {
2894 NL_SET_ERR_MSG_MOD(extack,
2895 "The pedit offload action is not supported");
2896 goto out_err;
2897 }
2898
2899 mask = act->mangle.mask;
2900 val = act->mangle.val;
2901 offset = act->mangle.offset;
2902
2903 err = set_pedit_val(htype, ~mask, val, offset, &hdrs[cmd]);
2904 if (err)
2905 goto out_err;
2906
2907 hdrs[cmd].pedits++;
2908
2909 return 0;
2910 out_err:
2911 return err;
2912 }
2913
2914 static int
parse_pedit_to_reformat(struct mlx5e_priv * priv,const struct flow_action_entry * act,struct mlx5e_tc_flow_parse_attr * parse_attr,struct netlink_ext_ack * extack)2915 parse_pedit_to_reformat(struct mlx5e_priv *priv,
2916 const struct flow_action_entry *act,
2917 struct mlx5e_tc_flow_parse_attr *parse_attr,
2918 struct netlink_ext_ack *extack)
2919 {
2920 u32 mask, val, offset;
2921 u32 *p;
2922
2923 if (act->id != FLOW_ACTION_MANGLE)
2924 return -EOPNOTSUPP;
2925
2926 if (act->mangle.htype != FLOW_ACT_MANGLE_HDR_TYPE_ETH) {
2927 NL_SET_ERR_MSG_MOD(extack, "Only Ethernet modification is supported");
2928 return -EOPNOTSUPP;
2929 }
2930
2931 mask = ~act->mangle.mask;
2932 val = act->mangle.val;
2933 offset = act->mangle.offset;
2934 p = (u32 *)&parse_attr->eth;
2935 *(p + (offset >> 2)) |= (val & mask);
2936
2937 return 0;
2938 }
2939
parse_tc_pedit_action(struct mlx5e_priv * priv,const struct flow_action_entry * act,int namespace,struct mlx5e_tc_flow_parse_attr * parse_attr,struct pedit_headers_action * hdrs,struct mlx5e_tc_flow * flow,struct netlink_ext_ack * extack)2940 static int parse_tc_pedit_action(struct mlx5e_priv *priv,
2941 const struct flow_action_entry *act, int namespace,
2942 struct mlx5e_tc_flow_parse_attr *parse_attr,
2943 struct pedit_headers_action *hdrs,
2944 struct mlx5e_tc_flow *flow,
2945 struct netlink_ext_ack *extack)
2946 {
2947 if (flow && flow_flag_test(flow, L3_TO_L2_DECAP))
2948 return parse_pedit_to_reformat(priv, act, parse_attr, extack);
2949
2950 return parse_pedit_to_modify_hdr(priv, act, namespace,
2951 parse_attr, hdrs, extack);
2952 }
2953
alloc_tc_pedit_action(struct mlx5e_priv * priv,int namespace,struct mlx5e_tc_flow_parse_attr * parse_attr,struct pedit_headers_action * hdrs,u32 * action_flags,struct netlink_ext_ack * extack)2954 static int alloc_tc_pedit_action(struct mlx5e_priv *priv, int namespace,
2955 struct mlx5e_tc_flow_parse_attr *parse_attr,
2956 struct pedit_headers_action *hdrs,
2957 u32 *action_flags,
2958 struct netlink_ext_ack *extack)
2959 {
2960 struct pedit_headers *cmd_masks;
2961 int err;
2962 u8 cmd;
2963
2964 err = offload_pedit_fields(priv, namespace, hdrs, parse_attr,
2965 action_flags, extack);
2966 if (err < 0)
2967 goto out_dealloc_parsed_actions;
2968
2969 for (cmd = 0; cmd < __PEDIT_CMD_MAX; cmd++) {
2970 cmd_masks = &hdrs[cmd].masks;
2971 if (memcmp(cmd_masks, &zero_masks, sizeof(zero_masks))) {
2972 NL_SET_ERR_MSG_MOD(extack,
2973 "attempt to offload an unsupported field");
2974 netdev_warn(priv->netdev, "attempt to offload an unsupported field (cmd %d)\n", cmd);
2975 print_hex_dump(KERN_WARNING, "mask: ", DUMP_PREFIX_ADDRESS,
2976 16, 1, cmd_masks, sizeof(zero_masks), true);
2977 err = -EOPNOTSUPP;
2978 goto out_dealloc_parsed_actions;
2979 }
2980 }
2981
2982 return 0;
2983
2984 out_dealloc_parsed_actions:
2985 dealloc_mod_hdr_actions(&parse_attr->mod_hdr_acts);
2986 return err;
2987 }
2988
csum_offload_supported(struct mlx5e_priv * priv,u32 action,u32 update_flags,struct netlink_ext_ack * extack)2989 static bool csum_offload_supported(struct mlx5e_priv *priv,
2990 u32 action,
2991 u32 update_flags,
2992 struct netlink_ext_ack *extack)
2993 {
2994 u32 prot_flags = TCA_CSUM_UPDATE_FLAG_IPV4HDR | TCA_CSUM_UPDATE_FLAG_TCP |
2995 TCA_CSUM_UPDATE_FLAG_UDP;
2996
2997 /* The HW recalcs checksums only if re-writing headers */
2998 if (!(action & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR)) {
2999 NL_SET_ERR_MSG_MOD(extack,
3000 "TC csum action is only offloaded with pedit");
3001 netdev_warn(priv->netdev,
3002 "TC csum action is only offloaded with pedit\n");
3003 return false;
3004 }
3005
3006 if (update_flags & ~prot_flags) {
3007 NL_SET_ERR_MSG_MOD(extack,
3008 "can't offload TC csum action for some header/s");
3009 netdev_warn(priv->netdev,
3010 "can't offload TC csum action for some header/s - flags %#x\n",
3011 update_flags);
3012 return false;
3013 }
3014
3015 return true;
3016 }
3017
3018 struct ip_ttl_word {
3019 __u8 ttl;
3020 __u8 protocol;
3021 __sum16 check;
3022 };
3023
3024 struct ipv6_hoplimit_word {
3025 __be16 payload_len;
3026 __u8 nexthdr;
3027 __u8 hop_limit;
3028 };
3029
is_action_keys_supported(const struct flow_action_entry * act,bool ct_flow,bool * modify_ip_header,bool * modify_tuple,struct netlink_ext_ack * extack)3030 static int is_action_keys_supported(const struct flow_action_entry *act,
3031 bool ct_flow, bool *modify_ip_header,
3032 bool *modify_tuple,
3033 struct netlink_ext_ack *extack)
3034 {
3035 u32 mask, offset;
3036 u8 htype;
3037
3038 htype = act->mangle.htype;
3039 offset = act->mangle.offset;
3040 mask = ~act->mangle.mask;
3041 /* For IPv4 & IPv6 header check 4 byte word,
3042 * to determine that modified fields
3043 * are NOT ttl & hop_limit only.
3044 */
3045 if (htype == FLOW_ACT_MANGLE_HDR_TYPE_IP4) {
3046 struct ip_ttl_word *ttl_word =
3047 (struct ip_ttl_word *)&mask;
3048
3049 if (offset != offsetof(struct iphdr, ttl) ||
3050 ttl_word->protocol ||
3051 ttl_word->check) {
3052 *modify_ip_header = true;
3053 }
3054
3055 if (offset >= offsetof(struct iphdr, saddr))
3056 *modify_tuple = true;
3057
3058 if (ct_flow && *modify_tuple) {
3059 NL_SET_ERR_MSG_MOD(extack,
3060 "can't offload re-write of ipv4 address with action ct");
3061 return -EOPNOTSUPP;
3062 }
3063 } else if (htype == FLOW_ACT_MANGLE_HDR_TYPE_IP6) {
3064 struct ipv6_hoplimit_word *hoplimit_word =
3065 (struct ipv6_hoplimit_word *)&mask;
3066
3067 if (offset != offsetof(struct ipv6hdr, payload_len) ||
3068 hoplimit_word->payload_len ||
3069 hoplimit_word->nexthdr) {
3070 *modify_ip_header = true;
3071 }
3072
3073 if (ct_flow && offset >= offsetof(struct ipv6hdr, saddr))
3074 *modify_tuple = true;
3075
3076 if (ct_flow && *modify_tuple) {
3077 NL_SET_ERR_MSG_MOD(extack,
3078 "can't offload re-write of ipv6 address with action ct");
3079 return -EOPNOTSUPP;
3080 }
3081 } else if (htype == FLOW_ACT_MANGLE_HDR_TYPE_TCP ||
3082 htype == FLOW_ACT_MANGLE_HDR_TYPE_UDP) {
3083 *modify_tuple = true;
3084 if (ct_flow) {
3085 NL_SET_ERR_MSG_MOD(extack,
3086 "can't offload re-write of transport header ports with action ct");
3087 return -EOPNOTSUPP;
3088 }
3089 }
3090
3091 return 0;
3092 }
3093
modify_tuple_supported(bool modify_tuple,bool ct_clear,bool ct_flow,struct netlink_ext_ack * extack,struct mlx5e_priv * priv,struct mlx5_flow_spec * spec)3094 static bool modify_tuple_supported(bool modify_tuple, bool ct_clear,
3095 bool ct_flow, struct netlink_ext_ack *extack,
3096 struct mlx5e_priv *priv,
3097 struct mlx5_flow_spec *spec)
3098 {
3099 if (!modify_tuple || ct_clear)
3100 return true;
3101
3102 if (ct_flow) {
3103 NL_SET_ERR_MSG_MOD(extack,
3104 "can't offload tuple modification with non-clear ct()");
3105 netdev_info(priv->netdev,
3106 "can't offload tuple modification with non-clear ct()");
3107 return false;
3108 }
3109
3110 /* Add ct_state=-trk match so it will be offloaded for non ct flows
3111 * (or after clear action), as otherwise, since the tuple is changed,
3112 * we can't restore ct state
3113 */
3114 if (mlx5_tc_ct_add_no_trk_match(spec)) {
3115 NL_SET_ERR_MSG_MOD(extack,
3116 "can't offload tuple modification with ct matches and no ct(clear) action");
3117 netdev_info(priv->netdev,
3118 "can't offload tuple modification with ct matches and no ct(clear) action");
3119 return false;
3120 }
3121
3122 return true;
3123 }
3124
modify_header_match_supported(struct mlx5e_priv * priv,struct mlx5_flow_spec * spec,struct flow_action * flow_action,u32 actions,bool ct_flow,bool ct_clear,struct netlink_ext_ack * extack)3125 static bool modify_header_match_supported(struct mlx5e_priv *priv,
3126 struct mlx5_flow_spec *spec,
3127 struct flow_action *flow_action,
3128 u32 actions, bool ct_flow,
3129 bool ct_clear,
3130 struct netlink_ext_ack *extack)
3131 {
3132 const struct flow_action_entry *act;
3133 bool modify_ip_header, modify_tuple;
3134 void *headers_c;
3135 void *headers_v;
3136 u16 ethertype;
3137 u8 ip_proto;
3138 int i, err;
3139
3140 headers_c = get_match_headers_criteria(actions, spec);
3141 headers_v = get_match_headers_value(actions, spec);
3142 ethertype = MLX5_GET(fte_match_set_lyr_2_4, headers_v, ethertype);
3143
3144 /* for non-IP we only re-write MACs, so we're okay */
3145 if (MLX5_GET(fte_match_set_lyr_2_4, headers_c, ip_version) == 0 &&
3146 ethertype != ETH_P_IP && ethertype != ETH_P_IPV6)
3147 goto out_ok;
3148
3149 modify_ip_header = false;
3150 modify_tuple = false;
3151 flow_action_for_each(i, act, flow_action) {
3152 if (act->id != FLOW_ACTION_MANGLE &&
3153 act->id != FLOW_ACTION_ADD)
3154 continue;
3155
3156 err = is_action_keys_supported(act, ct_flow,
3157 &modify_ip_header,
3158 &modify_tuple, extack);
3159 if (err)
3160 return err;
3161 }
3162
3163 if (!modify_tuple_supported(modify_tuple, ct_clear, ct_flow, extack,
3164 priv, spec))
3165 return false;
3166
3167 ip_proto = MLX5_GET(fte_match_set_lyr_2_4, headers_v, ip_protocol);
3168 if (modify_ip_header && ip_proto != IPPROTO_TCP &&
3169 ip_proto != IPPROTO_UDP && ip_proto != IPPROTO_ICMP) {
3170 NL_SET_ERR_MSG_MOD(extack,
3171 "can't offload re-write of non TCP/UDP");
3172 netdev_info(priv->netdev, "can't offload re-write of ip proto %d\n",
3173 ip_proto);
3174 return false;
3175 }
3176
3177 out_ok:
3178 return true;
3179 }
3180
actions_match_supported(struct mlx5e_priv * priv,struct flow_action * flow_action,struct mlx5e_tc_flow_parse_attr * parse_attr,struct mlx5e_tc_flow * flow,struct netlink_ext_ack * extack)3181 static bool actions_match_supported(struct mlx5e_priv *priv,
3182 struct flow_action *flow_action,
3183 struct mlx5e_tc_flow_parse_attr *parse_attr,
3184 struct mlx5e_tc_flow *flow,
3185 struct netlink_ext_ack *extack)
3186 {
3187 bool ct_flow = false, ct_clear = false;
3188 u32 actions;
3189
3190 ct_clear = flow->attr->ct_attr.ct_action &
3191 TCA_CT_ACT_CLEAR;
3192 ct_flow = flow_flag_test(flow, CT) && !ct_clear;
3193 actions = flow->attr->action;
3194
3195 if (mlx5e_is_eswitch_flow(flow)) {
3196 if (flow->attr->esw_attr->split_count && ct_flow &&
3197 !MLX5_CAP_GEN(flow->attr->esw_attr->in_mdev, reg_c_preserve)) {
3198 /* All registers used by ct are cleared when using
3199 * split rules.
3200 */
3201 NL_SET_ERR_MSG_MOD(extack,
3202 "Can't offload mirroring with action ct");
3203 return false;
3204 }
3205 }
3206
3207 if (actions & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR)
3208 return modify_header_match_supported(priv, &parse_attr->spec,
3209 flow_action, actions,
3210 ct_flow, ct_clear,
3211 extack);
3212
3213 return true;
3214 }
3215
same_port_devs(struct mlx5e_priv * priv,struct mlx5e_priv * peer_priv)3216 static bool same_port_devs(struct mlx5e_priv *priv, struct mlx5e_priv *peer_priv)
3217 {
3218 return priv->mdev == peer_priv->mdev;
3219 }
3220
same_hw_devs(struct mlx5e_priv * priv,struct mlx5e_priv * peer_priv)3221 static bool same_hw_devs(struct mlx5e_priv *priv, struct mlx5e_priv *peer_priv)
3222 {
3223 struct mlx5_core_dev *fmdev, *pmdev;
3224 u64 fsystem_guid, psystem_guid;
3225
3226 fmdev = priv->mdev;
3227 pmdev = peer_priv->mdev;
3228
3229 fsystem_guid = mlx5_query_nic_system_image_guid(fmdev);
3230 psystem_guid = mlx5_query_nic_system_image_guid(pmdev);
3231
3232 return (fsystem_guid == psystem_guid);
3233 }
3234
same_vf_reps(struct mlx5e_priv * priv,struct net_device * out_dev)3235 static bool same_vf_reps(struct mlx5e_priv *priv,
3236 struct net_device *out_dev)
3237 {
3238 return mlx5e_eswitch_vf_rep(priv->netdev) &&
3239 priv->netdev == out_dev;
3240 }
3241
add_vlan_rewrite_action(struct mlx5e_priv * priv,int namespace,const struct flow_action_entry * act,struct mlx5e_tc_flow_parse_attr * parse_attr,struct pedit_headers_action * hdrs,u32 * action,struct netlink_ext_ack * extack)3242 static int add_vlan_rewrite_action(struct mlx5e_priv *priv, int namespace,
3243 const struct flow_action_entry *act,
3244 struct mlx5e_tc_flow_parse_attr *parse_attr,
3245 struct pedit_headers_action *hdrs,
3246 u32 *action, struct netlink_ext_ack *extack)
3247 {
3248 u16 mask16 = VLAN_VID_MASK;
3249 u16 val16 = act->vlan.vid & VLAN_VID_MASK;
3250 const struct flow_action_entry pedit_act = {
3251 .id = FLOW_ACTION_MANGLE,
3252 .mangle.htype = FLOW_ACT_MANGLE_HDR_TYPE_ETH,
3253 .mangle.offset = offsetof(struct vlan_ethhdr, h_vlan_TCI),
3254 .mangle.mask = ~(u32)be16_to_cpu(*(__be16 *)&mask16),
3255 .mangle.val = (u32)be16_to_cpu(*(__be16 *)&val16),
3256 };
3257 u8 match_prio_mask, match_prio_val;
3258 void *headers_c, *headers_v;
3259 int err;
3260
3261 headers_c = get_match_headers_criteria(*action, &parse_attr->spec);
3262 headers_v = get_match_headers_value(*action, &parse_attr->spec);
3263
3264 if (!(MLX5_GET(fte_match_set_lyr_2_4, headers_c, cvlan_tag) &&
3265 MLX5_GET(fte_match_set_lyr_2_4, headers_v, cvlan_tag))) {
3266 NL_SET_ERR_MSG_MOD(extack,
3267 "VLAN rewrite action must have VLAN protocol match");
3268 return -EOPNOTSUPP;
3269 }
3270
3271 match_prio_mask = MLX5_GET(fte_match_set_lyr_2_4, headers_c, first_prio);
3272 match_prio_val = MLX5_GET(fte_match_set_lyr_2_4, headers_v, first_prio);
3273 if (act->vlan.prio != (match_prio_val & match_prio_mask)) {
3274 NL_SET_ERR_MSG_MOD(extack,
3275 "Changing VLAN prio is not supported");
3276 return -EOPNOTSUPP;
3277 }
3278
3279 err = parse_tc_pedit_action(priv, &pedit_act, namespace, parse_attr, hdrs, NULL, extack);
3280 *action |= MLX5_FLOW_CONTEXT_ACTION_MOD_HDR;
3281
3282 return err;
3283 }
3284
3285 static int
add_vlan_prio_tag_rewrite_action(struct mlx5e_priv * priv,struct mlx5e_tc_flow_parse_attr * parse_attr,struct pedit_headers_action * hdrs,u32 * action,struct netlink_ext_ack * extack)3286 add_vlan_prio_tag_rewrite_action(struct mlx5e_priv *priv,
3287 struct mlx5e_tc_flow_parse_attr *parse_attr,
3288 struct pedit_headers_action *hdrs,
3289 u32 *action, struct netlink_ext_ack *extack)
3290 {
3291 const struct flow_action_entry prio_tag_act = {
3292 .vlan.vid = 0,
3293 .vlan.prio =
3294 MLX5_GET(fte_match_set_lyr_2_4,
3295 get_match_headers_value(*action,
3296 &parse_attr->spec),
3297 first_prio) &
3298 MLX5_GET(fte_match_set_lyr_2_4,
3299 get_match_headers_criteria(*action,
3300 &parse_attr->spec),
3301 first_prio),
3302 };
3303
3304 return add_vlan_rewrite_action(priv, MLX5_FLOW_NAMESPACE_FDB,
3305 &prio_tag_act, parse_attr, hdrs, action,
3306 extack);
3307 }
3308
validate_goto_chain(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow,const struct flow_action_entry * act,u32 actions,struct netlink_ext_ack * extack)3309 static int validate_goto_chain(struct mlx5e_priv *priv,
3310 struct mlx5e_tc_flow *flow,
3311 const struct flow_action_entry *act,
3312 u32 actions,
3313 struct netlink_ext_ack *extack)
3314 {
3315 bool is_esw = mlx5e_is_eswitch_flow(flow);
3316 struct mlx5_flow_attr *attr = flow->attr;
3317 bool ft_flow = mlx5e_is_ft_flow(flow);
3318 u32 dest_chain = act->chain_index;
3319 struct mlx5_fs_chains *chains;
3320 struct mlx5_eswitch *esw;
3321 u32 reformat_and_fwd;
3322 u32 max_chain;
3323
3324 esw = priv->mdev->priv.eswitch;
3325 chains = is_esw ? esw_chains(esw) : nic_chains(priv);
3326 max_chain = mlx5_chains_get_chain_range(chains);
3327 reformat_and_fwd = is_esw ?
3328 MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev, reformat_and_fwd_to_table) :
3329 MLX5_CAP_FLOWTABLE_NIC_RX(priv->mdev, reformat_and_fwd_to_table);
3330
3331 if (ft_flow) {
3332 NL_SET_ERR_MSG_MOD(extack, "Goto action is not supported");
3333 return -EOPNOTSUPP;
3334 }
3335
3336 if (!mlx5_chains_backwards_supported(chains) &&
3337 dest_chain <= attr->chain) {
3338 NL_SET_ERR_MSG_MOD(extack,
3339 "Goto lower numbered chain isn't supported");
3340 return -EOPNOTSUPP;
3341 }
3342
3343 if (dest_chain > max_chain) {
3344 NL_SET_ERR_MSG_MOD(extack,
3345 "Requested destination chain is out of supported range");
3346 return -EOPNOTSUPP;
3347 }
3348
3349 if (actions & (MLX5_FLOW_CONTEXT_ACTION_PACKET_REFORMAT |
3350 MLX5_FLOW_CONTEXT_ACTION_DECAP) &&
3351 !reformat_and_fwd) {
3352 NL_SET_ERR_MSG_MOD(extack,
3353 "Goto chain is not allowed if action has reformat or decap");
3354 return -EOPNOTSUPP;
3355 }
3356
3357 return 0;
3358 }
3359
parse_tc_nic_actions(struct mlx5e_priv * priv,struct flow_action * flow_action,struct mlx5e_tc_flow * flow,struct netlink_ext_ack * extack)3360 static int parse_tc_nic_actions(struct mlx5e_priv *priv,
3361 struct flow_action *flow_action,
3362 struct mlx5e_tc_flow *flow,
3363 struct netlink_ext_ack *extack)
3364 {
3365 struct mlx5e_tc_flow_parse_attr *parse_attr;
3366 struct mlx5_flow_attr *attr = flow->attr;
3367 struct pedit_headers_action hdrs[2] = {};
3368 const struct flow_action_entry *act;
3369 struct mlx5_nic_flow_attr *nic_attr;
3370 u32 action = 0;
3371 int err, i;
3372
3373 if (!flow_action_has_entries(flow_action))
3374 return -EINVAL;
3375
3376 if (!flow_action_hw_stats_check(flow_action, extack,
3377 FLOW_ACTION_HW_STATS_DELAYED_BIT))
3378 return -EOPNOTSUPP;
3379
3380 nic_attr = attr->nic_attr;
3381 nic_attr->flow_tag = MLX5_FS_DEFAULT_FLOW_TAG;
3382 parse_attr = attr->parse_attr;
3383
3384 flow_action_for_each(i, act, flow_action) {
3385 switch (act->id) {
3386 case FLOW_ACTION_ACCEPT:
3387 action |= MLX5_FLOW_CONTEXT_ACTION_FWD_DEST |
3388 MLX5_FLOW_CONTEXT_ACTION_COUNT;
3389 break;
3390 case FLOW_ACTION_DROP:
3391 action |= MLX5_FLOW_CONTEXT_ACTION_DROP |
3392 MLX5_FLOW_CONTEXT_ACTION_COUNT;
3393 break;
3394 case FLOW_ACTION_MANGLE:
3395 case FLOW_ACTION_ADD:
3396 err = parse_tc_pedit_action(priv, act, MLX5_FLOW_NAMESPACE_KERNEL,
3397 parse_attr, hdrs, NULL, extack);
3398 if (err)
3399 return err;
3400
3401 action |= MLX5_FLOW_CONTEXT_ACTION_MOD_HDR;
3402 break;
3403 case FLOW_ACTION_VLAN_MANGLE:
3404 err = add_vlan_rewrite_action(priv,
3405 MLX5_FLOW_NAMESPACE_KERNEL,
3406 act, parse_attr, hdrs,
3407 &action, extack);
3408 if (err)
3409 return err;
3410
3411 break;
3412 case FLOW_ACTION_CSUM:
3413 if (csum_offload_supported(priv, action,
3414 act->csum_flags,
3415 extack))
3416 break;
3417
3418 return -EOPNOTSUPP;
3419 case FLOW_ACTION_REDIRECT: {
3420 struct net_device *peer_dev = act->dev;
3421
3422 if (priv->netdev->netdev_ops == peer_dev->netdev_ops &&
3423 same_hw_devs(priv, netdev_priv(peer_dev))) {
3424 parse_attr->mirred_ifindex[0] = peer_dev->ifindex;
3425 flow_flag_set(flow, HAIRPIN);
3426 action |= MLX5_FLOW_CONTEXT_ACTION_FWD_DEST |
3427 MLX5_FLOW_CONTEXT_ACTION_COUNT;
3428 } else {
3429 NL_SET_ERR_MSG_MOD(extack,
3430 "device is not on same HW, can't offload");
3431 netdev_warn(priv->netdev, "device %s not on same HW, can't offload\n",
3432 peer_dev->name);
3433 return -EOPNOTSUPP;
3434 }
3435 }
3436 break;
3437 case FLOW_ACTION_MARK: {
3438 u32 mark = act->mark;
3439
3440 if (mark & ~MLX5E_TC_FLOW_ID_MASK) {
3441 NL_SET_ERR_MSG_MOD(extack,
3442 "Bad flow mark - only 16 bit is supported");
3443 return -EOPNOTSUPP;
3444 }
3445
3446 nic_attr->flow_tag = mark;
3447 action |= MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;
3448 }
3449 break;
3450 case FLOW_ACTION_GOTO:
3451 err = validate_goto_chain(priv, flow, act, action,
3452 extack);
3453 if (err)
3454 return err;
3455
3456 action |= MLX5_FLOW_CONTEXT_ACTION_COUNT;
3457 attr->dest_chain = act->chain_index;
3458 break;
3459 case FLOW_ACTION_CT:
3460 err = mlx5_tc_ct_parse_action(get_ct_priv(priv), attr, act, extack);
3461 if (err)
3462 return err;
3463
3464 flow_flag_set(flow, CT);
3465 break;
3466 default:
3467 NL_SET_ERR_MSG_MOD(extack, "The offload action is not supported");
3468 return -EOPNOTSUPP;
3469 }
3470 }
3471
3472 if (hdrs[TCA_PEDIT_KEY_EX_CMD_SET].pedits ||
3473 hdrs[TCA_PEDIT_KEY_EX_CMD_ADD].pedits) {
3474 err = alloc_tc_pedit_action(priv, MLX5_FLOW_NAMESPACE_KERNEL,
3475 parse_attr, hdrs, &action, extack);
3476 if (err)
3477 return err;
3478 /* in case all pedit actions are skipped, remove the MOD_HDR
3479 * flag.
3480 */
3481 if (parse_attr->mod_hdr_acts.num_actions == 0) {
3482 action &= ~MLX5_FLOW_CONTEXT_ACTION_MOD_HDR;
3483 dealloc_mod_hdr_actions(&parse_attr->mod_hdr_acts);
3484 }
3485 }
3486
3487 attr->action = action;
3488
3489 if (attr->dest_chain) {
3490 if (attr->action & MLX5_FLOW_CONTEXT_ACTION_FWD_DEST) {
3491 NL_SET_ERR_MSG(extack, "Mirroring goto chain rules isn't supported");
3492 return -EOPNOTSUPP;
3493 }
3494 attr->action |= MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;
3495 }
3496
3497 if (attr->action & MLX5_FLOW_CONTEXT_ACTION_MOD_HDR)
3498 attr->action |= MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;
3499
3500 if (!actions_match_supported(priv, flow_action, parse_attr, flow, extack))
3501 return -EOPNOTSUPP;
3502
3503 return 0;
3504 }
3505
is_merged_eswitch_vfs(struct mlx5e_priv * priv,struct net_device * peer_netdev)3506 static bool is_merged_eswitch_vfs(struct mlx5e_priv *priv,
3507 struct net_device *peer_netdev)
3508 {
3509 struct mlx5e_priv *peer_priv;
3510
3511 peer_priv = netdev_priv(peer_netdev);
3512
3513 return (MLX5_CAP_ESW(priv->mdev, merged_eswitch) &&
3514 mlx5e_eswitch_vf_rep(priv->netdev) &&
3515 mlx5e_eswitch_vf_rep(peer_netdev) &&
3516 same_hw_devs(priv, peer_priv));
3517 }
3518
parse_tc_vlan_action(struct mlx5e_priv * priv,const struct flow_action_entry * act,struct mlx5_esw_flow_attr * attr,u32 * action)3519 static int parse_tc_vlan_action(struct mlx5e_priv *priv,
3520 const struct flow_action_entry *act,
3521 struct mlx5_esw_flow_attr *attr,
3522 u32 *action)
3523 {
3524 u8 vlan_idx = attr->total_vlan;
3525
3526 if (vlan_idx >= MLX5_FS_VLAN_DEPTH)
3527 return -EOPNOTSUPP;
3528
3529 switch (act->id) {
3530 case FLOW_ACTION_VLAN_POP:
3531 if (vlan_idx) {
3532 if (!mlx5_eswitch_vlan_actions_supported(priv->mdev,
3533 MLX5_FS_VLAN_DEPTH))
3534 return -EOPNOTSUPP;
3535
3536 *action |= MLX5_FLOW_CONTEXT_ACTION_VLAN_POP_2;
3537 } else {
3538 *action |= MLX5_FLOW_CONTEXT_ACTION_VLAN_POP;
3539 }
3540 break;
3541 case FLOW_ACTION_VLAN_PUSH:
3542 attr->vlan_vid[vlan_idx] = act->vlan.vid;
3543 attr->vlan_prio[vlan_idx] = act->vlan.prio;
3544 attr->vlan_proto[vlan_idx] = act->vlan.proto;
3545 if (!attr->vlan_proto[vlan_idx])
3546 attr->vlan_proto[vlan_idx] = htons(ETH_P_8021Q);
3547
3548 if (vlan_idx) {
3549 if (!mlx5_eswitch_vlan_actions_supported(priv->mdev,
3550 MLX5_FS_VLAN_DEPTH))
3551 return -EOPNOTSUPP;
3552
3553 *action |= MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH_2;
3554 } else {
3555 if (!mlx5_eswitch_vlan_actions_supported(priv->mdev, 1) &&
3556 (act->vlan.proto != htons(ETH_P_8021Q) ||
3557 act->vlan.prio))
3558 return -EOPNOTSUPP;
3559
3560 *action |= MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH;
3561 }
3562 break;
3563 default:
3564 return -EINVAL;
3565 }
3566
3567 attr->total_vlan = vlan_idx + 1;
3568
3569 return 0;
3570 }
3571
get_fdb_out_dev(struct net_device * uplink_dev,struct net_device * out_dev)3572 static struct net_device *get_fdb_out_dev(struct net_device *uplink_dev,
3573 struct net_device *out_dev)
3574 {
3575 struct net_device *fdb_out_dev = out_dev;
3576 struct net_device *uplink_upper;
3577
3578 rcu_read_lock();
3579 uplink_upper = netdev_master_upper_dev_get_rcu(uplink_dev);
3580 if (uplink_upper && netif_is_lag_master(uplink_upper) &&
3581 uplink_upper == out_dev) {
3582 fdb_out_dev = uplink_dev;
3583 } else if (netif_is_lag_master(out_dev)) {
3584 fdb_out_dev = bond_option_active_slave_get_rcu(netdev_priv(out_dev));
3585 if (fdb_out_dev &&
3586 (!mlx5e_eswitch_rep(fdb_out_dev) ||
3587 !netdev_port_same_parent_id(fdb_out_dev, uplink_dev)))
3588 fdb_out_dev = NULL;
3589 }
3590 rcu_read_unlock();
3591 return fdb_out_dev;
3592 }
3593
add_vlan_push_action(struct mlx5e_priv * priv,struct mlx5_flow_attr * attr,struct net_device ** out_dev,u32 * action)3594 static int add_vlan_push_action(struct mlx5e_priv *priv,
3595 struct mlx5_flow_attr *attr,
3596 struct net_device **out_dev,
3597 u32 *action)
3598 {
3599 struct net_device *vlan_dev = *out_dev;
3600 struct flow_action_entry vlan_act = {
3601 .id = FLOW_ACTION_VLAN_PUSH,
3602 .vlan.vid = vlan_dev_vlan_id(vlan_dev),
3603 .vlan.proto = vlan_dev_vlan_proto(vlan_dev),
3604 .vlan.prio = 0,
3605 };
3606 int err;
3607
3608 err = parse_tc_vlan_action(priv, &vlan_act, attr->esw_attr, action);
3609 if (err)
3610 return err;
3611
3612 rcu_read_lock();
3613 *out_dev = dev_get_by_index_rcu(dev_net(vlan_dev), dev_get_iflink(vlan_dev));
3614 rcu_read_unlock();
3615 if (!*out_dev)
3616 return -ENODEV;
3617
3618 if (is_vlan_dev(*out_dev))
3619 err = add_vlan_push_action(priv, attr, out_dev, action);
3620
3621 return err;
3622 }
3623
add_vlan_pop_action(struct mlx5e_priv * priv,struct mlx5_flow_attr * attr,u32 * action)3624 static int add_vlan_pop_action(struct mlx5e_priv *priv,
3625 struct mlx5_flow_attr *attr,
3626 u32 *action)
3627 {
3628 struct flow_action_entry vlan_act = {
3629 .id = FLOW_ACTION_VLAN_POP,
3630 };
3631 int nest_level, err = 0;
3632
3633 nest_level = attr->parse_attr->filter_dev->lower_level -
3634 priv->netdev->lower_level;
3635 while (nest_level--) {
3636 err = parse_tc_vlan_action(priv, &vlan_act, attr->esw_attr, action);
3637 if (err)
3638 return err;
3639 }
3640
3641 return err;
3642 }
3643
same_hw_reps(struct mlx5e_priv * priv,struct net_device * peer_netdev)3644 static bool same_hw_reps(struct mlx5e_priv *priv,
3645 struct net_device *peer_netdev)
3646 {
3647 struct mlx5e_priv *peer_priv;
3648
3649 peer_priv = netdev_priv(peer_netdev);
3650
3651 return mlx5e_eswitch_rep(priv->netdev) &&
3652 mlx5e_eswitch_rep(peer_netdev) &&
3653 same_hw_devs(priv, peer_priv);
3654 }
3655
is_lag_dev(struct mlx5e_priv * priv,struct net_device * peer_netdev)3656 static bool is_lag_dev(struct mlx5e_priv *priv,
3657 struct net_device *peer_netdev)
3658 {
3659 return ((mlx5_lag_is_sriov(priv->mdev) ||
3660 mlx5_lag_is_multipath(priv->mdev)) &&
3661 same_hw_reps(priv, peer_netdev));
3662 }
3663
mlx5e_is_valid_eswitch_fwd_dev(struct mlx5e_priv * priv,struct net_device * out_dev)3664 bool mlx5e_is_valid_eswitch_fwd_dev(struct mlx5e_priv *priv,
3665 struct net_device *out_dev)
3666 {
3667 if (is_merged_eswitch_vfs(priv, out_dev))
3668 return true;
3669
3670 if (is_lag_dev(priv, out_dev))
3671 return true;
3672
3673 return mlx5e_eswitch_rep(out_dev) &&
3674 same_port_devs(priv, netdev_priv(out_dev));
3675 }
3676
is_duplicated_output_device(struct net_device * dev,struct net_device * out_dev,int * ifindexes,int if_count,struct netlink_ext_ack * extack)3677 static bool is_duplicated_output_device(struct net_device *dev,
3678 struct net_device *out_dev,
3679 int *ifindexes, int if_count,
3680 struct netlink_ext_ack *extack)
3681 {
3682 int i;
3683
3684 for (i = 0; i < if_count; i++) {
3685 if (ifindexes[i] == out_dev->ifindex) {
3686 NL_SET_ERR_MSG_MOD(extack,
3687 "can't duplicate output to same device");
3688 netdev_err(dev, "can't duplicate output to same device: %s\n",
3689 out_dev->name);
3690 return true;
3691 }
3692 }
3693
3694 return false;
3695 }
3696
verify_uplink_forwarding(struct mlx5e_priv * priv,struct mlx5e_tc_flow * flow,struct net_device * out_dev,struct netlink_ext_ack * extack)3697 static int verify_uplink_forwarding(struct mlx5e_priv *priv,
3698 struct mlx5e_tc_flow *flow,
3699 struct net_device *out_dev,
3700 struct netlink_ext_ack *extack)
3701 {
3702 struct mlx5_esw_flow_attr *attr = flow->attr->esw_attr;
3703 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
3704 struct mlx5e_rep_priv *rep_priv;
3705
3706 /* Forwarding non encapsulated traffic between
3707 * uplink ports is allowed only if
3708 * termination_table_raw_traffic cap is set.
3709 *
3710 * Input vport was stored attr->in_rep.
3711 * In LAG case, *priv* is the private data of
3712 * uplink which may be not the input vport.
3713 */
3714 rep_priv = mlx5e_rep_to_rep_priv(attr->in_rep);
3715
3716 if (!(mlx5e_eswitch_uplink_rep(rep_priv->netdev) &&
3717 mlx5e_eswitch_uplink_rep(out_dev)))
3718 return 0;
3719
3720 if (!MLX5_CAP_ESW_FLOWTABLE_FDB(esw->dev,
3721 termination_table_raw_traffic)) {
3722 NL_SET_ERR_MSG_MOD(extack,
3723 "devices are both uplink, can't offload forwarding");
3724 pr_err("devices %s %s are both uplink, can't offload forwarding\n",
3725 priv->netdev->name, out_dev->name);
3726 return -EOPNOTSUPP;
3727 } else if (out_dev != rep_priv->netdev) {
3728 NL_SET_ERR_MSG_MOD(extack,
3729 "devices are not the same uplink, can't offload forwarding");
3730 pr_err("devices %s %s are both uplink but not the same, can't offload forwarding\n",
3731 priv->netdev->name, out_dev->name);
3732 return -EOPNOTSUPP;
3733 }
3734 return 0;
3735 }
3736
parse_tc_fdb_actions(struct mlx5e_priv * priv,struct flow_action * flow_action,struct mlx5e_tc_flow * flow,struct netlink_ext_ack * extack)3737 static int parse_tc_fdb_actions(struct mlx5e_priv *priv,
3738 struct flow_action *flow_action,
3739 struct mlx5e_tc_flow *flow,
3740 struct netlink_ext_ack *extack)
3741 {
3742 struct pedit_headers_action hdrs[2] = {};
3743 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
3744 struct mlx5e_tc_flow_parse_attr *parse_attr;
3745 struct mlx5e_rep_priv *rpriv = priv->ppriv;
3746 struct mlx5e_sample_attr sample_attr = {};
3747 const struct ip_tunnel_info *info = NULL;
3748 struct mlx5_flow_attr *attr = flow->attr;
3749 int ifindexes[MLX5_MAX_FLOW_FWD_VPORTS];
3750 bool ft_flow = mlx5e_is_ft_flow(flow);
3751 const struct flow_action_entry *act;
3752 struct mlx5_esw_flow_attr *esw_attr;
3753 bool encap = false, decap = false;
3754 u32 action = attr->action;
3755 int err, i, if_count = 0;
3756 bool mpls_push = false;
3757
3758 if (!flow_action_has_entries(flow_action))
3759 return -EINVAL;
3760
3761 if (!flow_action_hw_stats_check(flow_action, extack,
3762 FLOW_ACTION_HW_STATS_DELAYED_BIT))
3763 return -EOPNOTSUPP;
3764
3765 esw_attr = attr->esw_attr;
3766 parse_attr = attr->parse_attr;
3767
3768 flow_action_for_each(i, act, flow_action) {
3769 switch (act->id) {
3770 case FLOW_ACTION_DROP:
3771 action |= MLX5_FLOW_CONTEXT_ACTION_DROP |
3772 MLX5_FLOW_CONTEXT_ACTION_COUNT;
3773 break;
3774 case FLOW_ACTION_TRAP:
3775 if (!flow_offload_has_one_action(flow_action)) {
3776 NL_SET_ERR_MSG_MOD(extack,
3777 "action trap is supported as a sole action only");
3778 return -EOPNOTSUPP;
3779 }
3780 action |= (MLX5_FLOW_CONTEXT_ACTION_FWD_DEST |
3781 MLX5_FLOW_CONTEXT_ACTION_COUNT);
3782 attr->flags |= MLX5_ESW_ATTR_FLAG_SLOW_PATH;
3783 break;
3784 case FLOW_ACTION_MPLS_PUSH:
3785 if (!MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev,
3786 reformat_l2_to_l3_tunnel) ||
3787 act->mpls_push.proto != htons(ETH_P_MPLS_UC)) {
3788 NL_SET_ERR_MSG_MOD(extack,
3789 "mpls push is supported only for mpls_uc protocol");
3790 return -EOPNOTSUPP;
3791 }
3792 mpls_push = true;
3793 break;
3794 case FLOW_ACTION_MPLS_POP:
3795 /* we only support mpls pop if it is the first action
3796 * and the filter net device is bareudp. Subsequent
3797 * actions can be pedit and the last can be mirred
3798 * egress redirect.
3799 */
3800 if (i) {
3801 NL_SET_ERR_MSG_MOD(extack,
3802 "mpls pop supported only as first action");
3803 return -EOPNOTSUPP;
3804 }
3805 if (!netif_is_bareudp(parse_attr->filter_dev)) {
3806 NL_SET_ERR_MSG_MOD(extack,
3807 "mpls pop supported only on bareudp devices");
3808 return -EOPNOTSUPP;
3809 }
3810
3811 parse_attr->eth.h_proto = act->mpls_pop.proto;
3812 action |= MLX5_FLOW_CONTEXT_ACTION_PACKET_REFORMAT;
3813 flow_flag_set(flow, L3_TO_L2_DECAP);
3814 break;
3815 case FLOW_ACTION_MANGLE:
3816 case FLOW_ACTION_ADD:
3817 err = parse_tc_pedit_action(priv, act, MLX5_FLOW_NAMESPACE_FDB,
3818 parse_attr, hdrs, flow, extack);
3819 if (err)
3820 return err;
3821
3822 if (!flow_flag_test(flow, L3_TO_L2_DECAP)) {
3823 action |= MLX5_FLOW_CONTEXT_ACTION_MOD_HDR;
3824 esw_attr->split_count = esw_attr->out_count;
3825 }
3826 break;
3827 case FLOW_ACTION_CSUM:
3828 if (csum_offload_supported(priv, action,
3829 act->csum_flags, extack))
3830 break;
3831
3832 return -EOPNOTSUPP;
3833 case FLOW_ACTION_REDIRECT:
3834 case FLOW_ACTION_MIRRED: {
3835 struct mlx5e_priv *out_priv;
3836 struct net_device *out_dev;
3837
3838 out_dev = act->dev;
3839 if (!out_dev) {
3840 /* out_dev is NULL when filters with
3841 * non-existing mirred device are replayed to
3842 * the driver.
3843 */
3844 return -EINVAL;
3845 }
3846
3847 if (mpls_push && !netif_is_bareudp(out_dev)) {
3848 NL_SET_ERR_MSG_MOD(extack,
3849 "mpls is supported only through a bareudp device");
3850 return -EOPNOTSUPP;
3851 }
3852
3853 if (ft_flow && out_dev == priv->netdev) {
3854 /* Ignore forward to self rules generated
3855 * by adding both mlx5 devs to the flow table
3856 * block on a normal nft offload setup.
3857 */
3858 return -EOPNOTSUPP;
3859 }
3860
3861 if (esw_attr->out_count >= MLX5_MAX_FLOW_FWD_VPORTS) {
3862 NL_SET_ERR_MSG_MOD(extack,
3863 "can't support more output ports, can't offload forwarding");
3864 netdev_warn(priv->netdev,
3865 "can't support more than %d output ports, can't offload forwarding\n",
3866 esw_attr->out_count);
3867 return -EOPNOTSUPP;
3868 }
3869
3870 action |= MLX5_FLOW_CONTEXT_ACTION_FWD_DEST |
3871 MLX5_FLOW_CONTEXT_ACTION_COUNT;
3872 if (encap) {
3873 parse_attr->mirred_ifindex[esw_attr->out_count] =
3874 out_dev->ifindex;
3875 parse_attr->tun_info[esw_attr->out_count] =
3876 mlx5e_dup_tun_info(info);
3877 if (!parse_attr->tun_info[esw_attr->out_count])
3878 return -ENOMEM;
3879 encap = false;
3880 esw_attr->dests[esw_attr->out_count].flags |=
3881 MLX5_ESW_DEST_ENCAP;
3882 esw_attr->out_count++;
3883 /* attr->dests[].rep is resolved when we
3884 * handle encap
3885 */
3886 } else if (netdev_port_same_parent_id(priv->netdev, out_dev)) {
3887 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
3888 struct net_device *uplink_dev = mlx5_eswitch_uplink_get_proto_dev(esw, REP_ETH);
3889
3890 if (is_duplicated_output_device(priv->netdev,
3891 out_dev,
3892 ifindexes,
3893 if_count,
3894 extack))
3895 return -EOPNOTSUPP;
3896
3897 ifindexes[if_count] = out_dev->ifindex;
3898 if_count++;
3899
3900 out_dev = get_fdb_out_dev(uplink_dev, out_dev);
3901 if (!out_dev)
3902 return -ENODEV;
3903
3904 if (is_vlan_dev(out_dev)) {
3905 err = add_vlan_push_action(priv, attr,
3906 &out_dev,
3907 &action);
3908 if (err)
3909 return err;
3910 }
3911
3912 if (is_vlan_dev(parse_attr->filter_dev)) {
3913 err = add_vlan_pop_action(priv, attr,
3914 &action);
3915 if (err)
3916 return err;
3917 }
3918
3919 err = verify_uplink_forwarding(priv, flow, out_dev, extack);
3920 if (err)
3921 return err;
3922
3923 if (!mlx5e_is_valid_eswitch_fwd_dev(priv, out_dev)) {
3924 NL_SET_ERR_MSG_MOD(extack,
3925 "devices are not on same switch HW, can't offload forwarding");
3926 return -EOPNOTSUPP;
3927 }
3928
3929 if (same_vf_reps(priv, out_dev)) {
3930 NL_SET_ERR_MSG_MOD(extack,
3931 "can't forward from a VF to itself");
3932 return -EOPNOTSUPP;
3933 }
3934
3935 out_priv = netdev_priv(out_dev);
3936 rpriv = out_priv->ppriv;
3937 esw_attr->dests[esw_attr->out_count].rep = rpriv->rep;
3938 esw_attr->dests[esw_attr->out_count].mdev = out_priv->mdev;
3939 esw_attr->out_count++;
3940 } else if (parse_attr->filter_dev != priv->netdev) {
3941 /* All mlx5 devices are called to configure
3942 * high level device filters. Therefore, the
3943 * *attempt* to install a filter on invalid
3944 * eswitch should not trigger an explicit error
3945 */
3946 return -EINVAL;
3947 } else {
3948 NL_SET_ERR_MSG_MOD(extack,
3949 "devices are not on same switch HW, can't offload forwarding");
3950 netdev_warn(priv->netdev,
3951 "devices %s %s not on same switch HW, can't offload forwarding\n",
3952 priv->netdev->name,
3953 out_dev->name);
3954 return -EOPNOTSUPP;
3955 }
3956 }
3957 break;
3958 case FLOW_ACTION_TUNNEL_ENCAP:
3959 info = act->tunnel;
3960 if (info)
3961 encap = true;
3962 else
3963 return -EOPNOTSUPP;
3964
3965 break;
3966 case FLOW_ACTION_VLAN_PUSH:
3967 case FLOW_ACTION_VLAN_POP:
3968 if (act->id == FLOW_ACTION_VLAN_PUSH &&
3969 (action & MLX5_FLOW_CONTEXT_ACTION_VLAN_POP)) {
3970 /* Replace vlan pop+push with vlan modify */
3971 action &= ~MLX5_FLOW_CONTEXT_ACTION_VLAN_POP;
3972 err = add_vlan_rewrite_action(priv,
3973 MLX5_FLOW_NAMESPACE_FDB,
3974 act, parse_attr, hdrs,
3975 &action, extack);
3976 } else {
3977 err = parse_tc_vlan_action(priv, act, esw_attr, &action);
3978 }
3979 if (err)
3980 return err;
3981
3982 esw_attr->split_count = esw_attr->out_count;
3983 break;
3984 case FLOW_ACTION_VLAN_MANGLE:
3985 err = add_vlan_rewrite_action(priv,
3986 MLX5_FLOW_NAMESPACE_FDB,
3987 act, parse_attr, hdrs,
3988 &action, extack);
3989 if (err)
3990 return err;
3991
3992 esw_attr->split_count = esw_attr->out_count;
3993 break;
3994 case FLOW_ACTION_TUNNEL_DECAP:
3995 decap = true;
3996 break;
3997 case FLOW_ACTION_GOTO:
3998 err = validate_goto_chain(priv, flow, act, action,
3999 extack);
4000 if (err)
4001 return err;
4002
4003 action |= MLX5_FLOW_CONTEXT_ACTION_COUNT;
4004 attr->dest_chain = act->chain_index;
4005 break;
4006 case FLOW_ACTION_CT:
4007 if (flow_flag_test(flow, SAMPLE)) {
4008 NL_SET_ERR_MSG_MOD(extack, "Sample action with connection tracking is not supported");
4009 return -EOPNOTSUPP;
4010 }
4011 err = mlx5_tc_ct_parse_action(get_ct_priv(priv), attr, act, extack);
4012 if (err)
4013 return err;
4014
4015 flow_flag_set(flow, CT);
4016 esw_attr->split_count = esw_attr->out_count;
4017 break;
4018 case FLOW_ACTION_SAMPLE:
4019 if (flow_flag_test(flow, CT)) {
4020 NL_SET_ERR_MSG_MOD(extack, "Sample action with connection tracking is not supported");
4021 return -EOPNOTSUPP;
4022 }
4023 sample_attr.rate = act->sample.rate;
4024 sample_attr.group_num = act->sample.psample_group->group_num;
4025 if (act->sample.truncate)
4026 sample_attr.trunc_size = act->sample.trunc_size;
4027 flow_flag_set(flow, SAMPLE);
4028 break;
4029 default:
4030 NL_SET_ERR_MSG_MOD(extack, "The offload action is not supported");
4031 return -EOPNOTSUPP;
4032 }
4033 }
4034
4035 /* always set IP version for indirect table handling */
4036 attr->ip_version = mlx5e_tc_get_ip_version(&parse_attr->spec, true);
4037
4038 if (MLX5_CAP_GEN(esw->dev, prio_tag_required) &&
4039 action & MLX5_FLOW_CONTEXT_ACTION_VLAN_POP) {
4040 /* For prio tag mode, replace vlan pop with rewrite vlan prio
4041 * tag rewrite.
4042 */
4043 action &= ~MLX5_FLOW_CONTEXT_ACTION_VLAN_POP;
4044 err = add_vlan_prio_tag_rewrite_action(priv, parse_attr, hdrs,
4045 &action, extack);
4046 if (err)
4047 return err;
4048 }
4049
4050 if (hdrs[TCA_PEDIT_KEY_EX_CMD_SET].pedits ||
4051 hdrs[TCA_PEDIT_KEY_EX_CMD_ADD].pedits) {
4052 err = alloc_tc_pedit_action(priv, MLX5_FLOW_NAMESPACE_FDB,
4053 parse_attr, hdrs, &action, extack);
4054 if (err)
4055 return err;
4056 /* in case all pedit actions are skipped, remove the MOD_HDR
4057 * flag. we might have set split_count either by pedit or
4058 * pop/push. if there is no pop/push either, reset it too.
4059 */
4060 if (parse_attr->mod_hdr_acts.num_actions == 0) {
4061 action &= ~MLX5_FLOW_CONTEXT_ACTION_MOD_HDR;
4062 dealloc_mod_hdr_actions(&parse_attr->mod_hdr_acts);
4063 if (!((action & MLX5_FLOW_CONTEXT_ACTION_VLAN_POP) ||
4064 (action & MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH)))
4065 esw_attr->split_count = 0;
4066 }
4067 }
4068
4069 attr->action = action;
4070 if (!actions_match_supported(priv, flow_action, parse_attr, flow, extack))
4071 return -EOPNOTSUPP;
4072
4073 if (attr->dest_chain) {
4074 if (decap) {
4075 /* It can be supported if we'll create a mapping for
4076 * the tunnel device only (without tunnel), and set
4077 * this tunnel id with this decap flow.
4078 *
4079 * On restore (miss), we'll just set this saved tunnel
4080 * device.
4081 */
4082
4083 NL_SET_ERR_MSG(extack,
4084 "Decap with goto isn't supported");
4085 netdev_warn(priv->netdev,
4086 "Decap with goto isn't supported");
4087 return -EOPNOTSUPP;
4088 }
4089
4090 attr->action |= MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;
4091 }
4092
4093 if (!(attr->action &
4094 (MLX5_FLOW_CONTEXT_ACTION_FWD_DEST | MLX5_FLOW_CONTEXT_ACTION_DROP))) {
4095 NL_SET_ERR_MSG_MOD(extack,
4096 "Rule must have at least one forward/drop action");
4097 return -EOPNOTSUPP;
4098 }
4099
4100 if (esw_attr->split_count > 0 && !mlx5_esw_has_fwd_fdb(priv->mdev)) {
4101 NL_SET_ERR_MSG_MOD(extack,
4102 "current firmware doesn't support split rule for port mirroring");
4103 netdev_warn_once(priv->netdev, "current firmware doesn't support split rule for port mirroring\n");
4104 return -EOPNOTSUPP;
4105 }
4106
4107 /* Allocate sample attribute only when there is a sample action and
4108 * no errors after parsing.
4109 */
4110 if (flow_flag_test(flow, SAMPLE)) {
4111 attr->sample_attr = kzalloc(sizeof(*attr->sample_attr), GFP_KERNEL);
4112 if (!attr->sample_attr)
4113 return -ENOMEM;
4114 *attr->sample_attr = sample_attr;
4115 }
4116
4117 return 0;
4118 }
4119
get_flags(int flags,unsigned long * flow_flags)4120 static void get_flags(int flags, unsigned long *flow_flags)
4121 {
4122 unsigned long __flow_flags = 0;
4123
4124 if (flags & MLX5_TC_FLAG(INGRESS))
4125 __flow_flags |= BIT(MLX5E_TC_FLOW_FLAG_INGRESS);
4126 if (flags & MLX5_TC_FLAG(EGRESS))
4127 __flow_flags |= BIT(MLX5E_TC_FLOW_FLAG_EGRESS);
4128
4129 if (flags & MLX5_TC_FLAG(ESW_OFFLOAD))
4130 __flow_flags |= BIT(MLX5E_TC_FLOW_FLAG_ESWITCH);
4131 if (flags & MLX5_TC_FLAG(NIC_OFFLOAD))
4132 __flow_flags |= BIT(MLX5E_TC_FLOW_FLAG_NIC);
4133 if (flags & MLX5_TC_FLAG(FT_OFFLOAD))
4134 __flow_flags |= BIT(MLX5E_TC_FLOW_FLAG_FT);
4135
4136 *flow_flags = __flow_flags;
4137 }
4138
4139 static const struct rhashtable_params tc_ht_params = {
4140 .head_offset = offsetof(struct mlx5e_tc_flow, node),
4141 .key_offset = offsetof(struct mlx5e_tc_flow, cookie),
4142 .key_len = sizeof(((struct mlx5e_tc_flow *)0)->cookie),
4143 .automatic_shrinking = true,
4144 };
4145
get_tc_ht(struct mlx5e_priv * priv,unsigned long flags)4146 static struct rhashtable *get_tc_ht(struct mlx5e_priv *priv,
4147 unsigned long flags)
4148 {
4149 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
4150 struct mlx5e_rep_priv *uplink_rpriv;
4151
4152 if (flags & MLX5_TC_FLAG(ESW_OFFLOAD)) {
4153 uplink_rpriv = mlx5_eswitch_get_uplink_priv(esw, REP_ETH);
4154 return &uplink_rpriv->uplink_priv.tc_ht;
4155 } else /* NIC offload */
4156 return &priv->fs.tc.ht;
4157 }
4158
is_peer_flow_needed(struct mlx5e_tc_flow * flow)4159 static bool is_peer_flow_needed(struct mlx5e_tc_flow *flow)
4160 {
4161 struct mlx5_esw_flow_attr *esw_attr = flow->attr->esw_attr;
4162 struct mlx5_flow_attr *attr = flow->attr;
4163 bool is_rep_ingress = esw_attr->in_rep->vport != MLX5_VPORT_UPLINK &&
4164 flow_flag_test(flow, INGRESS);
4165 bool act_is_encap = !!(attr->action &
4166 MLX5_FLOW_CONTEXT_ACTION_PACKET_REFORMAT);
4167 bool esw_paired = mlx5_devcom_is_paired(esw_attr->in_mdev->priv.devcom,
4168 MLX5_DEVCOM_ESW_OFFLOADS);
4169
4170 if (!esw_paired)
4171 return false;
4172
4173 if ((mlx5_lag_is_sriov(esw_attr->in_mdev) ||
4174 mlx5_lag_is_multipath(esw_attr->in_mdev)) &&
4175 (is_rep_ingress || act_is_encap))
4176 return true;
4177
4178 return false;
4179 }
4180
4181 struct mlx5_flow_attr *
mlx5_alloc_flow_attr(enum mlx5_flow_namespace_type type)4182 mlx5_alloc_flow_attr(enum mlx5_flow_namespace_type type)
4183 {
4184 u32 ex_attr_size = (type == MLX5_FLOW_NAMESPACE_FDB) ?
4185 sizeof(struct mlx5_esw_flow_attr) :
4186 sizeof(struct mlx5_nic_flow_attr);
4187 struct mlx5_flow_attr *attr;
4188
4189 return kzalloc(sizeof(*attr) + ex_attr_size, GFP_KERNEL);
4190 }
4191
4192 static int
mlx5e_alloc_flow(struct mlx5e_priv * priv,int attr_size,struct flow_cls_offload * f,unsigned long flow_flags,struct mlx5e_tc_flow_parse_attr ** __parse_attr,struct mlx5e_tc_flow ** __flow)4193 mlx5e_alloc_flow(struct mlx5e_priv *priv, int attr_size,
4194 struct flow_cls_offload *f, unsigned long flow_flags,
4195 struct mlx5e_tc_flow_parse_attr **__parse_attr,
4196 struct mlx5e_tc_flow **__flow)
4197 {
4198 struct mlx5e_tc_flow_parse_attr *parse_attr;
4199 struct mlx5_flow_attr *attr;
4200 struct mlx5e_tc_flow *flow;
4201 int err = -ENOMEM;
4202 int out_index;
4203
4204 flow = kzalloc(sizeof(*flow), GFP_KERNEL);
4205 parse_attr = kvzalloc(sizeof(*parse_attr), GFP_KERNEL);
4206 if (!parse_attr || !flow)
4207 goto err_free;
4208
4209 flow->flags = flow_flags;
4210 flow->cookie = f->cookie;
4211 flow->priv = priv;
4212
4213 attr = mlx5_alloc_flow_attr(get_flow_name_space(flow));
4214 if (!attr)
4215 goto err_free;
4216
4217 flow->attr = attr;
4218
4219 for (out_index = 0; out_index < MLX5_MAX_FLOW_FWD_VPORTS; out_index++)
4220 INIT_LIST_HEAD(&flow->encaps[out_index].list);
4221 INIT_LIST_HEAD(&flow->hairpin);
4222 INIT_LIST_HEAD(&flow->l3_to_l2_reformat);
4223 refcount_set(&flow->refcnt, 1);
4224 init_completion(&flow->init_done);
4225
4226 *__flow = flow;
4227 *__parse_attr = parse_attr;
4228
4229 return 0;
4230
4231 err_free:
4232 kfree(flow);
4233 kvfree(parse_attr);
4234 return err;
4235 }
4236
4237 static void
mlx5e_flow_attr_init(struct mlx5_flow_attr * attr,struct mlx5e_tc_flow_parse_attr * parse_attr,struct flow_cls_offload * f)4238 mlx5e_flow_attr_init(struct mlx5_flow_attr *attr,
4239 struct mlx5e_tc_flow_parse_attr *parse_attr,
4240 struct flow_cls_offload *f)
4241 {
4242 attr->parse_attr = parse_attr;
4243 attr->chain = f->common.chain_index;
4244 attr->prio = f->common.prio;
4245 }
4246
4247 static void
mlx5e_flow_esw_attr_init(struct mlx5_flow_attr * attr,struct mlx5e_priv * priv,struct mlx5e_tc_flow_parse_attr * parse_attr,struct flow_cls_offload * f,struct mlx5_eswitch_rep * in_rep,struct mlx5_core_dev * in_mdev)4248 mlx5e_flow_esw_attr_init(struct mlx5_flow_attr *attr,
4249 struct mlx5e_priv *priv,
4250 struct mlx5e_tc_flow_parse_attr *parse_attr,
4251 struct flow_cls_offload *f,
4252 struct mlx5_eswitch_rep *in_rep,
4253 struct mlx5_core_dev *in_mdev)
4254 {
4255 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
4256 struct mlx5_esw_flow_attr *esw_attr = attr->esw_attr;
4257
4258 mlx5e_flow_attr_init(attr, parse_attr, f);
4259
4260 esw_attr->in_rep = in_rep;
4261 esw_attr->in_mdev = in_mdev;
4262
4263 if (MLX5_CAP_ESW(esw->dev, counter_eswitch_affinity) ==
4264 MLX5_COUNTER_SOURCE_ESWITCH)
4265 esw_attr->counter_dev = in_mdev;
4266 else
4267 esw_attr->counter_dev = priv->mdev;
4268 }
4269
4270 static struct mlx5e_tc_flow *
__mlx5e_add_fdb_flow(struct mlx5e_priv * priv,struct flow_cls_offload * f,unsigned long flow_flags,struct net_device * filter_dev,struct mlx5_eswitch_rep * in_rep,struct mlx5_core_dev * in_mdev)4271 __mlx5e_add_fdb_flow(struct mlx5e_priv *priv,
4272 struct flow_cls_offload *f,
4273 unsigned long flow_flags,
4274 struct net_device *filter_dev,
4275 struct mlx5_eswitch_rep *in_rep,
4276 struct mlx5_core_dev *in_mdev)
4277 {
4278 struct flow_rule *rule = flow_cls_offload_flow_rule(f);
4279 struct netlink_ext_ack *extack = f->common.extack;
4280 struct mlx5e_tc_flow_parse_attr *parse_attr;
4281 struct mlx5e_tc_flow *flow;
4282 int attr_size, err;
4283
4284 flow_flags |= BIT(MLX5E_TC_FLOW_FLAG_ESWITCH);
4285 attr_size = sizeof(struct mlx5_esw_flow_attr);
4286 err = mlx5e_alloc_flow(priv, attr_size, f, flow_flags,
4287 &parse_attr, &flow);
4288 if (err)
4289 goto out;
4290
4291 parse_attr->filter_dev = filter_dev;
4292 mlx5e_flow_esw_attr_init(flow->attr,
4293 priv, parse_attr,
4294 f, in_rep, in_mdev);
4295
4296 err = parse_cls_flower(flow->priv, flow, &parse_attr->spec,
4297 f, filter_dev);
4298 if (err)
4299 goto err_free;
4300
4301 /* actions validation depends on parsing the ct matches first */
4302 err = mlx5_tc_ct_match_add(get_ct_priv(priv), &parse_attr->spec, f,
4303 &flow->attr->ct_attr, extack);
4304 if (err)
4305 goto err_free;
4306
4307 err = parse_tc_fdb_actions(priv, &rule->action, flow, extack);
4308 if (err)
4309 goto err_free;
4310
4311 err = mlx5e_tc_add_fdb_flow(priv, flow, extack);
4312 complete_all(&flow->init_done);
4313 if (err) {
4314 if (!(err == -ENETUNREACH && mlx5_lag_is_multipath(in_mdev)))
4315 goto err_free;
4316
4317 add_unready_flow(flow);
4318 }
4319
4320 return flow;
4321
4322 err_free:
4323 mlx5e_flow_put(priv, flow);
4324 out:
4325 return ERR_PTR(err);
4326 }
4327
mlx5e_tc_add_fdb_peer_flow(struct flow_cls_offload * f,struct mlx5e_tc_flow * flow,unsigned long flow_flags)4328 static int mlx5e_tc_add_fdb_peer_flow(struct flow_cls_offload *f,
4329 struct mlx5e_tc_flow *flow,
4330 unsigned long flow_flags)
4331 {
4332 struct mlx5e_priv *priv = flow->priv, *peer_priv;
4333 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch, *peer_esw;
4334 struct mlx5_esw_flow_attr *attr = flow->attr->esw_attr;
4335 struct mlx5_devcom *devcom = priv->mdev->priv.devcom;
4336 struct mlx5e_tc_flow_parse_attr *parse_attr;
4337 struct mlx5e_rep_priv *peer_urpriv;
4338 struct mlx5e_tc_flow *peer_flow;
4339 struct mlx5_core_dev *in_mdev;
4340 int err = 0;
4341
4342 peer_esw = mlx5_devcom_get_peer_data(devcom, MLX5_DEVCOM_ESW_OFFLOADS);
4343 if (!peer_esw)
4344 return -ENODEV;
4345
4346 peer_urpriv = mlx5_eswitch_get_uplink_priv(peer_esw, REP_ETH);
4347 peer_priv = netdev_priv(peer_urpriv->netdev);
4348
4349 /* in_mdev is assigned of which the packet originated from.
4350 * So packets redirected to uplink use the same mdev of the
4351 * original flow and packets redirected from uplink use the
4352 * peer mdev.
4353 */
4354 if (attr->in_rep->vport == MLX5_VPORT_UPLINK)
4355 in_mdev = peer_priv->mdev;
4356 else
4357 in_mdev = priv->mdev;
4358
4359 parse_attr = flow->attr->parse_attr;
4360 peer_flow = __mlx5e_add_fdb_flow(peer_priv, f, flow_flags,
4361 parse_attr->filter_dev,
4362 attr->in_rep, in_mdev);
4363 if (IS_ERR(peer_flow)) {
4364 err = PTR_ERR(peer_flow);
4365 goto out;
4366 }
4367
4368 flow->peer_flow = peer_flow;
4369 flow_flag_set(flow, DUP);
4370 mutex_lock(&esw->offloads.peer_mutex);
4371 list_add_tail(&flow->peer, &esw->offloads.peer_flows);
4372 mutex_unlock(&esw->offloads.peer_mutex);
4373
4374 out:
4375 mlx5_devcom_release_peer_data(devcom, MLX5_DEVCOM_ESW_OFFLOADS);
4376 return err;
4377 }
4378
4379 static int
mlx5e_add_fdb_flow(struct mlx5e_priv * priv,struct flow_cls_offload * f,unsigned long flow_flags,struct net_device * filter_dev,struct mlx5e_tc_flow ** __flow)4380 mlx5e_add_fdb_flow(struct mlx5e_priv *priv,
4381 struct flow_cls_offload *f,
4382 unsigned long flow_flags,
4383 struct net_device *filter_dev,
4384 struct mlx5e_tc_flow **__flow)
4385 {
4386 struct mlx5e_rep_priv *rpriv = priv->ppriv;
4387 struct mlx5_eswitch_rep *in_rep = rpriv->rep;
4388 struct mlx5_core_dev *in_mdev = priv->mdev;
4389 struct mlx5e_tc_flow *flow;
4390 int err;
4391
4392 flow = __mlx5e_add_fdb_flow(priv, f, flow_flags, filter_dev, in_rep,
4393 in_mdev);
4394 if (IS_ERR(flow))
4395 return PTR_ERR(flow);
4396
4397 if (is_peer_flow_needed(flow)) {
4398 err = mlx5e_tc_add_fdb_peer_flow(f, flow, flow_flags);
4399 if (err) {
4400 mlx5e_tc_del_fdb_flow(priv, flow);
4401 goto out;
4402 }
4403 }
4404
4405 *__flow = flow;
4406
4407 return 0;
4408
4409 out:
4410 return err;
4411 }
4412
4413 static int
mlx5e_add_nic_flow(struct mlx5e_priv * priv,struct flow_cls_offload * f,unsigned long flow_flags,struct net_device * filter_dev,struct mlx5e_tc_flow ** __flow)4414 mlx5e_add_nic_flow(struct mlx5e_priv *priv,
4415 struct flow_cls_offload *f,
4416 unsigned long flow_flags,
4417 struct net_device *filter_dev,
4418 struct mlx5e_tc_flow **__flow)
4419 {
4420 struct flow_rule *rule = flow_cls_offload_flow_rule(f);
4421 struct netlink_ext_ack *extack = f->common.extack;
4422 struct mlx5e_tc_flow_parse_attr *parse_attr;
4423 struct mlx5e_tc_flow *flow;
4424 int attr_size, err;
4425
4426 if (!MLX5_CAP_FLOWTABLE_NIC_RX(priv->mdev, ignore_flow_level)) {
4427 if (!tc_cls_can_offload_and_chain0(priv->netdev, &f->common))
4428 return -EOPNOTSUPP;
4429 } else if (!tc_can_offload_extack(priv->netdev, f->common.extack)) {
4430 return -EOPNOTSUPP;
4431 }
4432
4433 flow_flags |= BIT(MLX5E_TC_FLOW_FLAG_NIC);
4434 attr_size = sizeof(struct mlx5_nic_flow_attr);
4435 err = mlx5e_alloc_flow(priv, attr_size, f, flow_flags,
4436 &parse_attr, &flow);
4437 if (err)
4438 goto out;
4439
4440 parse_attr->filter_dev = filter_dev;
4441 mlx5e_flow_attr_init(flow->attr, parse_attr, f);
4442
4443 err = parse_cls_flower(flow->priv, flow, &parse_attr->spec,
4444 f, filter_dev);
4445 if (err)
4446 goto err_free;
4447
4448 err = mlx5_tc_ct_match_add(get_ct_priv(priv), &parse_attr->spec, f,
4449 &flow->attr->ct_attr, extack);
4450 if (err)
4451 goto err_free;
4452
4453 err = parse_tc_nic_actions(priv, &rule->action, flow, extack);
4454 if (err)
4455 goto err_free;
4456
4457 err = mlx5e_tc_add_nic_flow(priv, flow, extack);
4458 if (err)
4459 goto err_free;
4460
4461 flow_flag_set(flow, OFFLOADED);
4462 *__flow = flow;
4463
4464 return 0;
4465
4466 err_free:
4467 flow_flag_set(flow, FAILED);
4468 dealloc_mod_hdr_actions(&parse_attr->mod_hdr_acts);
4469 mlx5e_flow_put(priv, flow);
4470 out:
4471 return err;
4472 }
4473
4474 static int
mlx5e_tc_add_flow(struct mlx5e_priv * priv,struct flow_cls_offload * f,unsigned long flags,struct net_device * filter_dev,struct mlx5e_tc_flow ** flow)4475 mlx5e_tc_add_flow(struct mlx5e_priv *priv,
4476 struct flow_cls_offload *f,
4477 unsigned long flags,
4478 struct net_device *filter_dev,
4479 struct mlx5e_tc_flow **flow)
4480 {
4481 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
4482 unsigned long flow_flags;
4483 int err;
4484
4485 get_flags(flags, &flow_flags);
4486
4487 if (!tc_can_offload_extack(priv->netdev, f->common.extack))
4488 return -EOPNOTSUPP;
4489
4490 if (esw && esw->mode == MLX5_ESWITCH_OFFLOADS)
4491 err = mlx5e_add_fdb_flow(priv, f, flow_flags,
4492 filter_dev, flow);
4493 else
4494 err = mlx5e_add_nic_flow(priv, f, flow_flags,
4495 filter_dev, flow);
4496
4497 return err;
4498 }
4499
is_flow_rule_duplicate_allowed(struct net_device * dev,struct mlx5e_rep_priv * rpriv)4500 static bool is_flow_rule_duplicate_allowed(struct net_device *dev,
4501 struct mlx5e_rep_priv *rpriv)
4502 {
4503 /* Offloaded flow rule is allowed to duplicate on non-uplink representor
4504 * sharing tc block with other slaves of a lag device. Rpriv can be NULL if this
4505 * function is called from NIC mode.
4506 */
4507 return netif_is_lag_port(dev) && rpriv && rpriv->rep->vport != MLX5_VPORT_UPLINK;
4508 }
4509
mlx5e_configure_flower(struct net_device * dev,struct mlx5e_priv * priv,struct flow_cls_offload * f,unsigned long flags)4510 int mlx5e_configure_flower(struct net_device *dev, struct mlx5e_priv *priv,
4511 struct flow_cls_offload *f, unsigned long flags)
4512 {
4513 struct netlink_ext_ack *extack = f->common.extack;
4514 struct rhashtable *tc_ht = get_tc_ht(priv, flags);
4515 struct mlx5e_rep_priv *rpriv = priv->ppriv;
4516 struct mlx5e_tc_flow *flow;
4517 int err = 0;
4518
4519 if (!mlx5_esw_hold(priv->mdev))
4520 return -EAGAIN;
4521
4522 mlx5_esw_get(priv->mdev);
4523
4524 rcu_read_lock();
4525 flow = rhashtable_lookup(tc_ht, &f->cookie, tc_ht_params);
4526 if (flow) {
4527 /* Same flow rule offloaded to non-uplink representor sharing tc block,
4528 * just return 0.
4529 */
4530 if (is_flow_rule_duplicate_allowed(dev, rpriv) && flow->orig_dev != dev)
4531 goto rcu_unlock;
4532
4533 NL_SET_ERR_MSG_MOD(extack,
4534 "flow cookie already exists, ignoring");
4535 netdev_warn_once(priv->netdev,
4536 "flow cookie %lx already exists, ignoring\n",
4537 f->cookie);
4538 err = -EEXIST;
4539 goto rcu_unlock;
4540 }
4541 rcu_unlock:
4542 rcu_read_unlock();
4543 if (flow)
4544 goto out;
4545
4546 trace_mlx5e_configure_flower(f);
4547 err = mlx5e_tc_add_flow(priv, f, flags, dev, &flow);
4548 if (err)
4549 goto out;
4550
4551 /* Flow rule offloaded to non-uplink representor sharing tc block,
4552 * set the flow's owner dev.
4553 */
4554 if (is_flow_rule_duplicate_allowed(dev, rpriv))
4555 flow->orig_dev = dev;
4556
4557 err = rhashtable_lookup_insert_fast(tc_ht, &flow->node, tc_ht_params);
4558 if (err)
4559 goto err_free;
4560
4561 mlx5_esw_release(priv->mdev);
4562 return 0;
4563
4564 err_free:
4565 mlx5e_flow_put(priv, flow);
4566 out:
4567 mlx5_esw_put(priv->mdev);
4568 mlx5_esw_release(priv->mdev);
4569 return err;
4570 }
4571
same_flow_direction(struct mlx5e_tc_flow * flow,int flags)4572 static bool same_flow_direction(struct mlx5e_tc_flow *flow, int flags)
4573 {
4574 bool dir_ingress = !!(flags & MLX5_TC_FLAG(INGRESS));
4575 bool dir_egress = !!(flags & MLX5_TC_FLAG(EGRESS));
4576
4577 return flow_flag_test(flow, INGRESS) == dir_ingress &&
4578 flow_flag_test(flow, EGRESS) == dir_egress;
4579 }
4580
mlx5e_delete_flower(struct net_device * dev,struct mlx5e_priv * priv,struct flow_cls_offload * f,unsigned long flags)4581 int mlx5e_delete_flower(struct net_device *dev, struct mlx5e_priv *priv,
4582 struct flow_cls_offload *f, unsigned long flags)
4583 {
4584 struct rhashtable *tc_ht = get_tc_ht(priv, flags);
4585 struct mlx5e_tc_flow *flow;
4586 int err;
4587
4588 rcu_read_lock();
4589 flow = rhashtable_lookup(tc_ht, &f->cookie, tc_ht_params);
4590 if (!flow || !same_flow_direction(flow, flags)) {
4591 err = -EINVAL;
4592 goto errout;
4593 }
4594
4595 /* Only delete the flow if it doesn't have MLX5E_TC_FLOW_DELETED flag
4596 * set.
4597 */
4598 if (flow_flag_test_and_set(flow, DELETED)) {
4599 err = -EINVAL;
4600 goto errout;
4601 }
4602 rhashtable_remove_fast(tc_ht, &flow->node, tc_ht_params);
4603 rcu_read_unlock();
4604
4605 trace_mlx5e_delete_flower(f);
4606 mlx5e_flow_put(priv, flow);
4607
4608 mlx5_esw_put(priv->mdev);
4609 return 0;
4610
4611 errout:
4612 rcu_read_unlock();
4613 return err;
4614 }
4615
mlx5e_stats_flower(struct net_device * dev,struct mlx5e_priv * priv,struct flow_cls_offload * f,unsigned long flags)4616 int mlx5e_stats_flower(struct net_device *dev, struct mlx5e_priv *priv,
4617 struct flow_cls_offload *f, unsigned long flags)
4618 {
4619 struct mlx5_devcom *devcom = priv->mdev->priv.devcom;
4620 struct rhashtable *tc_ht = get_tc_ht(priv, flags);
4621 struct mlx5_eswitch *peer_esw;
4622 struct mlx5e_tc_flow *flow;
4623 struct mlx5_fc *counter;
4624 u64 lastuse = 0;
4625 u64 packets = 0;
4626 u64 bytes = 0;
4627 int err = 0;
4628
4629 rcu_read_lock();
4630 flow = mlx5e_flow_get(rhashtable_lookup(tc_ht, &f->cookie,
4631 tc_ht_params));
4632 rcu_read_unlock();
4633 if (IS_ERR(flow))
4634 return PTR_ERR(flow);
4635
4636 if (!same_flow_direction(flow, flags)) {
4637 err = -EINVAL;
4638 goto errout;
4639 }
4640
4641 if (mlx5e_is_offloaded_flow(flow) || flow_flag_test(flow, CT)) {
4642 counter = mlx5e_tc_get_counter(flow);
4643 if (!counter)
4644 goto errout;
4645
4646 mlx5_fc_query_cached(counter, &bytes, &packets, &lastuse);
4647 }
4648
4649 /* Under multipath it's possible for one rule to be currently
4650 * un-offloaded while the other rule is offloaded.
4651 */
4652 peer_esw = mlx5_devcom_get_peer_data(devcom, MLX5_DEVCOM_ESW_OFFLOADS);
4653 if (!peer_esw)
4654 goto out;
4655
4656 if (flow_flag_test(flow, DUP) &&
4657 flow_flag_test(flow->peer_flow, OFFLOADED)) {
4658 u64 bytes2;
4659 u64 packets2;
4660 u64 lastuse2;
4661
4662 counter = mlx5e_tc_get_counter(flow->peer_flow);
4663 if (!counter)
4664 goto no_peer_counter;
4665 mlx5_fc_query_cached(counter, &bytes2, &packets2, &lastuse2);
4666
4667 bytes += bytes2;
4668 packets += packets2;
4669 lastuse = max_t(u64, lastuse, lastuse2);
4670 }
4671
4672 no_peer_counter:
4673 mlx5_devcom_release_peer_data(devcom, MLX5_DEVCOM_ESW_OFFLOADS);
4674 out:
4675 flow_stats_update(&f->stats, bytes, packets, 0, lastuse,
4676 FLOW_ACTION_HW_STATS_DELAYED);
4677 trace_mlx5e_stats_flower(f);
4678 errout:
4679 mlx5e_flow_put(priv, flow);
4680 return err;
4681 }
4682
apply_police_params(struct mlx5e_priv * priv,u64 rate,struct netlink_ext_ack * extack)4683 static int apply_police_params(struct mlx5e_priv *priv, u64 rate,
4684 struct netlink_ext_ack *extack)
4685 {
4686 struct mlx5e_rep_priv *rpriv = priv->ppriv;
4687 struct mlx5_eswitch *esw;
4688 u32 rate_mbps = 0;
4689 u16 vport_num;
4690 int err;
4691
4692 vport_num = rpriv->rep->vport;
4693 if (vport_num >= MLX5_VPORT_ECPF) {
4694 NL_SET_ERR_MSG_MOD(extack,
4695 "Ingress rate limit is supported only for Eswitch ports connected to VFs");
4696 return -EOPNOTSUPP;
4697 }
4698
4699 esw = priv->mdev->priv.eswitch;
4700 /* rate is given in bytes/sec.
4701 * First convert to bits/sec and then round to the nearest mbit/secs.
4702 * mbit means million bits.
4703 * Moreover, if rate is non zero we choose to configure to a minimum of
4704 * 1 mbit/sec.
4705 */
4706 if (rate) {
4707 rate = (rate * BITS_PER_BYTE) + 500000;
4708 do_div(rate, 1000000);
4709 rate_mbps = max_t(u32, rate, 1);
4710 }
4711
4712 err = mlx5_esw_qos_modify_vport_rate(esw, vport_num, rate_mbps);
4713 if (err)
4714 NL_SET_ERR_MSG_MOD(extack, "failed applying action to hardware");
4715
4716 return err;
4717 }
4718
scan_tc_matchall_fdb_actions(struct mlx5e_priv * priv,struct flow_action * flow_action,struct netlink_ext_ack * extack)4719 static int scan_tc_matchall_fdb_actions(struct mlx5e_priv *priv,
4720 struct flow_action *flow_action,
4721 struct netlink_ext_ack *extack)
4722 {
4723 struct mlx5e_rep_priv *rpriv = priv->ppriv;
4724 const struct flow_action_entry *act;
4725 int err;
4726 int i;
4727
4728 if (!flow_action_has_entries(flow_action)) {
4729 NL_SET_ERR_MSG_MOD(extack, "matchall called with no action");
4730 return -EINVAL;
4731 }
4732
4733 if (!flow_offload_has_one_action(flow_action)) {
4734 NL_SET_ERR_MSG_MOD(extack, "matchall policing support only a single action");
4735 return -EOPNOTSUPP;
4736 }
4737
4738 if (!flow_action_basic_hw_stats_check(flow_action, extack))
4739 return -EOPNOTSUPP;
4740
4741 flow_action_for_each(i, act, flow_action) {
4742 switch (act->id) {
4743 case FLOW_ACTION_POLICE:
4744 if (act->police.rate_pkt_ps) {
4745 NL_SET_ERR_MSG_MOD(extack, "QoS offload not support packets per second");
4746 return -EOPNOTSUPP;
4747 }
4748 err = apply_police_params(priv, act->police.rate_bytes_ps, extack);
4749 if (err)
4750 return err;
4751
4752 rpriv->prev_vf_vport_stats = priv->stats.vf_vport;
4753 break;
4754 default:
4755 NL_SET_ERR_MSG_MOD(extack, "mlx5 supports only police action for matchall");
4756 return -EOPNOTSUPP;
4757 }
4758 }
4759
4760 return 0;
4761 }
4762
mlx5e_tc_configure_matchall(struct mlx5e_priv * priv,struct tc_cls_matchall_offload * ma)4763 int mlx5e_tc_configure_matchall(struct mlx5e_priv *priv,
4764 struct tc_cls_matchall_offload *ma)
4765 {
4766 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
4767 struct netlink_ext_ack *extack = ma->common.extack;
4768
4769 if (!mlx5_esw_qos_enabled(esw)) {
4770 NL_SET_ERR_MSG_MOD(extack, "QoS is not supported on this device");
4771 return -EOPNOTSUPP;
4772 }
4773
4774 if (ma->common.prio != 1) {
4775 NL_SET_ERR_MSG_MOD(extack, "only priority 1 is supported");
4776 return -EINVAL;
4777 }
4778
4779 return scan_tc_matchall_fdb_actions(priv, &ma->rule->action, extack);
4780 }
4781
mlx5e_tc_delete_matchall(struct mlx5e_priv * priv,struct tc_cls_matchall_offload * ma)4782 int mlx5e_tc_delete_matchall(struct mlx5e_priv *priv,
4783 struct tc_cls_matchall_offload *ma)
4784 {
4785 struct netlink_ext_ack *extack = ma->common.extack;
4786
4787 return apply_police_params(priv, 0, extack);
4788 }
4789
mlx5e_tc_stats_matchall(struct mlx5e_priv * priv,struct tc_cls_matchall_offload * ma)4790 void mlx5e_tc_stats_matchall(struct mlx5e_priv *priv,
4791 struct tc_cls_matchall_offload *ma)
4792 {
4793 struct mlx5e_rep_priv *rpriv = priv->ppriv;
4794 struct rtnl_link_stats64 cur_stats;
4795 u64 dbytes;
4796 u64 dpkts;
4797
4798 cur_stats = priv->stats.vf_vport;
4799 dpkts = cur_stats.rx_packets - rpriv->prev_vf_vport_stats.rx_packets;
4800 dbytes = cur_stats.rx_bytes - rpriv->prev_vf_vport_stats.rx_bytes;
4801 rpriv->prev_vf_vport_stats = cur_stats;
4802 flow_stats_update(&ma->stats, dbytes, dpkts, 0, jiffies,
4803 FLOW_ACTION_HW_STATS_DELAYED);
4804 }
4805
mlx5e_tc_hairpin_update_dead_peer(struct mlx5e_priv * priv,struct mlx5e_priv * peer_priv)4806 static void mlx5e_tc_hairpin_update_dead_peer(struct mlx5e_priv *priv,
4807 struct mlx5e_priv *peer_priv)
4808 {
4809 struct mlx5_core_dev *peer_mdev = peer_priv->mdev;
4810 struct mlx5e_hairpin_entry *hpe, *tmp;
4811 LIST_HEAD(init_wait_list);
4812 u16 peer_vhca_id;
4813 int bkt;
4814
4815 if (!same_hw_devs(priv, peer_priv))
4816 return;
4817
4818 peer_vhca_id = MLX5_CAP_GEN(peer_mdev, vhca_id);
4819
4820 mutex_lock(&priv->fs.tc.hairpin_tbl_lock);
4821 hash_for_each(priv->fs.tc.hairpin_tbl, bkt, hpe, hairpin_hlist)
4822 if (refcount_inc_not_zero(&hpe->refcnt))
4823 list_add(&hpe->dead_peer_wait_list, &init_wait_list);
4824 mutex_unlock(&priv->fs.tc.hairpin_tbl_lock);
4825
4826 list_for_each_entry_safe(hpe, tmp, &init_wait_list, dead_peer_wait_list) {
4827 wait_for_completion(&hpe->res_ready);
4828 if (!IS_ERR_OR_NULL(hpe->hp) && hpe->peer_vhca_id == peer_vhca_id)
4829 mlx5_core_hairpin_clear_dead_peer(hpe->hp->pair);
4830
4831 mlx5e_hairpin_put(priv, hpe);
4832 }
4833 }
4834
mlx5e_tc_netdev_event(struct notifier_block * this,unsigned long event,void * ptr)4835 static int mlx5e_tc_netdev_event(struct notifier_block *this,
4836 unsigned long event, void *ptr)
4837 {
4838 struct net_device *ndev = netdev_notifier_info_to_dev(ptr);
4839 struct mlx5e_flow_steering *fs;
4840 struct mlx5e_priv *peer_priv;
4841 struct mlx5e_tc_table *tc;
4842 struct mlx5e_priv *priv;
4843
4844 if (ndev->netdev_ops != &mlx5e_netdev_ops ||
4845 event != NETDEV_UNREGISTER ||
4846 ndev->reg_state == NETREG_REGISTERED)
4847 return NOTIFY_DONE;
4848
4849 tc = container_of(this, struct mlx5e_tc_table, netdevice_nb);
4850 fs = container_of(tc, struct mlx5e_flow_steering, tc);
4851 priv = container_of(fs, struct mlx5e_priv, fs);
4852 peer_priv = netdev_priv(ndev);
4853 if (priv == peer_priv ||
4854 !(priv->netdev->features & NETIF_F_HW_TC))
4855 return NOTIFY_DONE;
4856
4857 mlx5e_tc_hairpin_update_dead_peer(priv, peer_priv);
4858
4859 return NOTIFY_DONE;
4860 }
4861
mlx5e_tc_nic_get_ft_size(struct mlx5_core_dev * dev)4862 static int mlx5e_tc_nic_get_ft_size(struct mlx5_core_dev *dev)
4863 {
4864 int tc_grp_size, tc_tbl_size;
4865 u32 max_flow_counter;
4866
4867 max_flow_counter = (MLX5_CAP_GEN(dev, max_flow_counter_31_16) << 16) |
4868 MLX5_CAP_GEN(dev, max_flow_counter_15_0);
4869
4870 tc_grp_size = min_t(int, max_flow_counter, MLX5E_TC_TABLE_MAX_GROUP_SIZE);
4871
4872 tc_tbl_size = min_t(int, tc_grp_size * MLX5E_TC_TABLE_NUM_GROUPS,
4873 BIT(MLX5_CAP_FLOWTABLE_NIC_RX(dev, log_max_ft_size)));
4874
4875 return tc_tbl_size;
4876 }
4877
mlx5e_tc_nic_init(struct mlx5e_priv * priv)4878 int mlx5e_tc_nic_init(struct mlx5e_priv *priv)
4879 {
4880 struct mlx5e_tc_table *tc = &priv->fs.tc;
4881 struct mlx5_core_dev *dev = priv->mdev;
4882 struct mapping_ctx *chains_mapping;
4883 struct mlx5_chains_attr attr = {};
4884 u64 mapping_id;
4885 int err;
4886
4887 mlx5e_mod_hdr_tbl_init(&tc->mod_hdr);
4888 mutex_init(&tc->t_lock);
4889 mutex_init(&tc->hairpin_tbl_lock);
4890 hash_init(tc->hairpin_tbl);
4891
4892 err = rhashtable_init(&tc->ht, &tc_ht_params);
4893 if (err)
4894 return err;
4895
4896 lockdep_set_class(&tc->ht.mutex, &tc_ht_lock_key);
4897
4898 mapping_id = mlx5_query_nic_system_image_guid(dev);
4899
4900 chains_mapping = mapping_create_for_id(mapping_id, MAPPING_TYPE_CHAIN,
4901 sizeof(struct mlx5_mapped_obj),
4902 MLX5E_TC_TABLE_CHAIN_TAG_MASK, true);
4903
4904 if (IS_ERR(chains_mapping)) {
4905 err = PTR_ERR(chains_mapping);
4906 goto err_mapping;
4907 }
4908 tc->mapping = chains_mapping;
4909
4910 if (MLX5_CAP_FLOWTABLE_NIC_RX(priv->mdev, ignore_flow_level))
4911 attr.flags = MLX5_CHAINS_AND_PRIOS_SUPPORTED |
4912 MLX5_CHAINS_IGNORE_FLOW_LEVEL_SUPPORTED;
4913 attr.ns = MLX5_FLOW_NAMESPACE_KERNEL;
4914 attr.max_ft_sz = mlx5e_tc_nic_get_ft_size(dev);
4915 attr.max_grp_num = MLX5E_TC_TABLE_NUM_GROUPS;
4916 attr.default_ft = mlx5e_vlan_get_flowtable(priv->fs.vlan);
4917 attr.mapping = chains_mapping;
4918
4919 tc->chains = mlx5_chains_create(dev, &attr);
4920 if (IS_ERR(tc->chains)) {
4921 err = PTR_ERR(tc->chains);
4922 goto err_chains;
4923 }
4924
4925 tc->post_act = mlx5e_tc_post_act_init(priv, tc->chains, MLX5_FLOW_NAMESPACE_KERNEL);
4926 tc->ct = mlx5_tc_ct_init(priv, tc->chains, &priv->fs.tc.mod_hdr,
4927 MLX5_FLOW_NAMESPACE_KERNEL, tc->post_act);
4928
4929 tc->netdevice_nb.notifier_call = mlx5e_tc_netdev_event;
4930 err = register_netdevice_notifier_dev_net(priv->netdev,
4931 &tc->netdevice_nb,
4932 &tc->netdevice_nn);
4933 if (err) {
4934 tc->netdevice_nb.notifier_call = NULL;
4935 mlx5_core_warn(priv->mdev, "Failed to register netdev notifier\n");
4936 goto err_reg;
4937 }
4938
4939 return 0;
4940
4941 err_reg:
4942 mlx5_tc_ct_clean(tc->ct);
4943 mlx5e_tc_post_act_destroy(tc->post_act);
4944 mlx5_chains_destroy(tc->chains);
4945 err_chains:
4946 mapping_destroy(chains_mapping);
4947 err_mapping:
4948 rhashtable_destroy(&tc->ht);
4949 return err;
4950 }
4951
_mlx5e_tc_del_flow(void * ptr,void * arg)4952 static void _mlx5e_tc_del_flow(void *ptr, void *arg)
4953 {
4954 struct mlx5e_tc_flow *flow = ptr;
4955 struct mlx5e_priv *priv = flow->priv;
4956
4957 mlx5e_tc_del_flow(priv, flow);
4958 kfree(flow);
4959 }
4960
mlx5e_tc_nic_cleanup(struct mlx5e_priv * priv)4961 void mlx5e_tc_nic_cleanup(struct mlx5e_priv *priv)
4962 {
4963 struct mlx5e_tc_table *tc = &priv->fs.tc;
4964
4965 if (tc->netdevice_nb.notifier_call)
4966 unregister_netdevice_notifier_dev_net(priv->netdev,
4967 &tc->netdevice_nb,
4968 &tc->netdevice_nn);
4969
4970 mlx5e_mod_hdr_tbl_destroy(&tc->mod_hdr);
4971 mutex_destroy(&tc->hairpin_tbl_lock);
4972
4973 rhashtable_free_and_destroy(&tc->ht, _mlx5e_tc_del_flow, NULL);
4974
4975 if (!IS_ERR_OR_NULL(tc->t)) {
4976 mlx5_chains_put_table(tc->chains, 0, 1, MLX5E_TC_FT_LEVEL);
4977 tc->t = NULL;
4978 }
4979 mutex_destroy(&tc->t_lock);
4980
4981 mlx5_tc_ct_clean(tc->ct);
4982 mlx5e_tc_post_act_destroy(tc->post_act);
4983 mapping_destroy(tc->mapping);
4984 mlx5_chains_destroy(tc->chains);
4985 }
4986
mlx5e_tc_esw_init(struct rhashtable * tc_ht)4987 int mlx5e_tc_esw_init(struct rhashtable *tc_ht)
4988 {
4989 const size_t sz_enc_opts = sizeof(struct tunnel_match_enc_opts);
4990 struct mlx5_rep_uplink_priv *uplink_priv;
4991 struct mlx5e_rep_priv *rpriv;
4992 struct mapping_ctx *mapping;
4993 struct mlx5_eswitch *esw;
4994 struct mlx5e_priv *priv;
4995 u64 mapping_id;
4996 int err = 0;
4997
4998 uplink_priv = container_of(tc_ht, struct mlx5_rep_uplink_priv, tc_ht);
4999 rpriv = container_of(uplink_priv, struct mlx5e_rep_priv, uplink_priv);
5000 priv = netdev_priv(rpriv->netdev);
5001 esw = priv->mdev->priv.eswitch;
5002
5003 uplink_priv->post_act = mlx5e_tc_post_act_init(priv, esw_chains(esw),
5004 MLX5_FLOW_NAMESPACE_FDB);
5005 uplink_priv->ct_priv = mlx5_tc_ct_init(netdev_priv(priv->netdev),
5006 esw_chains(esw),
5007 &esw->offloads.mod_hdr,
5008 MLX5_FLOW_NAMESPACE_FDB,
5009 uplink_priv->post_act);
5010
5011 #if IS_ENABLED(CONFIG_MLX5_TC_SAMPLE)
5012 uplink_priv->tc_psample = mlx5e_tc_sample_init(esw, uplink_priv->post_act);
5013 #endif
5014
5015 mapping_id = mlx5_query_nic_system_image_guid(esw->dev);
5016
5017 mapping = mapping_create_for_id(mapping_id, MAPPING_TYPE_TUNNEL,
5018 sizeof(struct tunnel_match_key),
5019 TUNNEL_INFO_BITS_MASK, true);
5020
5021 if (IS_ERR(mapping)) {
5022 err = PTR_ERR(mapping);
5023 goto err_tun_mapping;
5024 }
5025 uplink_priv->tunnel_mapping = mapping;
5026
5027 /* 0xFFF is reserved for stack devices slow path table mark */
5028 mapping = mapping_create_for_id(mapping_id, MAPPING_TYPE_TUNNEL_ENC_OPTS,
5029 sz_enc_opts, ENC_OPTS_BITS_MASK - 1, true);
5030 if (IS_ERR(mapping)) {
5031 err = PTR_ERR(mapping);
5032 goto err_enc_opts_mapping;
5033 }
5034 uplink_priv->tunnel_enc_opts_mapping = mapping;
5035
5036 err = rhashtable_init(tc_ht, &tc_ht_params);
5037 if (err)
5038 goto err_ht_init;
5039
5040 lockdep_set_class(&tc_ht->mutex, &tc_ht_lock_key);
5041
5042 uplink_priv->encap = mlx5e_tc_tun_init(priv);
5043 if (IS_ERR(uplink_priv->encap)) {
5044 err = PTR_ERR(uplink_priv->encap);
5045 goto err_register_fib_notifier;
5046 }
5047
5048 return 0;
5049
5050 err_register_fib_notifier:
5051 rhashtable_destroy(tc_ht);
5052 err_ht_init:
5053 mapping_destroy(uplink_priv->tunnel_enc_opts_mapping);
5054 err_enc_opts_mapping:
5055 mapping_destroy(uplink_priv->tunnel_mapping);
5056 err_tun_mapping:
5057 #if IS_ENABLED(CONFIG_MLX5_TC_SAMPLE)
5058 mlx5e_tc_sample_cleanup(uplink_priv->tc_psample);
5059 #endif
5060 mlx5_tc_ct_clean(uplink_priv->ct_priv);
5061 netdev_warn(priv->netdev,
5062 "Failed to initialize tc (eswitch), err: %d", err);
5063 mlx5e_tc_post_act_destroy(uplink_priv->post_act);
5064 return err;
5065 }
5066
mlx5e_tc_esw_cleanup(struct rhashtable * tc_ht)5067 void mlx5e_tc_esw_cleanup(struct rhashtable *tc_ht)
5068 {
5069 struct mlx5_rep_uplink_priv *uplink_priv;
5070
5071 uplink_priv = container_of(tc_ht, struct mlx5_rep_uplink_priv, tc_ht);
5072
5073 rhashtable_free_and_destroy(tc_ht, _mlx5e_tc_del_flow, NULL);
5074 mlx5e_tc_tun_cleanup(uplink_priv->encap);
5075
5076 mapping_destroy(uplink_priv->tunnel_enc_opts_mapping);
5077 mapping_destroy(uplink_priv->tunnel_mapping);
5078
5079 #if IS_ENABLED(CONFIG_MLX5_TC_SAMPLE)
5080 mlx5e_tc_sample_cleanup(uplink_priv->tc_psample);
5081 #endif
5082 mlx5_tc_ct_clean(uplink_priv->ct_priv);
5083 mlx5e_tc_post_act_destroy(uplink_priv->post_act);
5084 }
5085
mlx5e_tc_num_filters(struct mlx5e_priv * priv,unsigned long flags)5086 int mlx5e_tc_num_filters(struct mlx5e_priv *priv, unsigned long flags)
5087 {
5088 struct rhashtable *tc_ht = get_tc_ht(priv, flags);
5089
5090 return atomic_read(&tc_ht->nelems);
5091 }
5092
mlx5e_tc_clean_fdb_peer_flows(struct mlx5_eswitch * esw)5093 void mlx5e_tc_clean_fdb_peer_flows(struct mlx5_eswitch *esw)
5094 {
5095 struct mlx5e_tc_flow *flow, *tmp;
5096
5097 list_for_each_entry_safe(flow, tmp, &esw->offloads.peer_flows, peer)
5098 __mlx5e_tc_del_fdb_peer_flow(flow);
5099 }
5100
mlx5e_tc_reoffload_flows_work(struct work_struct * work)5101 void mlx5e_tc_reoffload_flows_work(struct work_struct *work)
5102 {
5103 struct mlx5_rep_uplink_priv *rpriv =
5104 container_of(work, struct mlx5_rep_uplink_priv,
5105 reoffload_flows_work);
5106 struct mlx5e_tc_flow *flow, *tmp;
5107
5108 mutex_lock(&rpriv->unready_flows_lock);
5109 list_for_each_entry_safe(flow, tmp, &rpriv->unready_flows, unready) {
5110 if (!mlx5e_tc_add_fdb_flow(flow->priv, flow, NULL))
5111 unready_flow_del(flow);
5112 }
5113 mutex_unlock(&rpriv->unready_flows_lock);
5114 }
5115
mlx5e_setup_tc_cls_flower(struct mlx5e_priv * priv,struct flow_cls_offload * cls_flower,unsigned long flags)5116 static int mlx5e_setup_tc_cls_flower(struct mlx5e_priv *priv,
5117 struct flow_cls_offload *cls_flower,
5118 unsigned long flags)
5119 {
5120 switch (cls_flower->command) {
5121 case FLOW_CLS_REPLACE:
5122 return mlx5e_configure_flower(priv->netdev, priv, cls_flower,
5123 flags);
5124 case FLOW_CLS_DESTROY:
5125 return mlx5e_delete_flower(priv->netdev, priv, cls_flower,
5126 flags);
5127 case FLOW_CLS_STATS:
5128 return mlx5e_stats_flower(priv->netdev, priv, cls_flower,
5129 flags);
5130 default:
5131 return -EOPNOTSUPP;
5132 }
5133 }
5134
mlx5e_setup_tc_block_cb(enum tc_setup_type type,void * type_data,void * cb_priv)5135 int mlx5e_setup_tc_block_cb(enum tc_setup_type type, void *type_data,
5136 void *cb_priv)
5137 {
5138 unsigned long flags = MLX5_TC_FLAG(INGRESS);
5139 struct mlx5e_priv *priv = cb_priv;
5140
5141 if (!priv->netdev || !netif_device_present(priv->netdev))
5142 return -EOPNOTSUPP;
5143
5144 if (mlx5e_is_uplink_rep(priv))
5145 flags |= MLX5_TC_FLAG(ESW_OFFLOAD);
5146 else
5147 flags |= MLX5_TC_FLAG(NIC_OFFLOAD);
5148
5149 switch (type) {
5150 case TC_SETUP_CLSFLOWER:
5151 return mlx5e_setup_tc_cls_flower(priv, type_data, flags);
5152 default:
5153 return -EOPNOTSUPP;
5154 }
5155 }
5156
mlx5e_tc_update_skb(struct mlx5_cqe64 * cqe,struct sk_buff * skb)5157 bool mlx5e_tc_update_skb(struct mlx5_cqe64 *cqe,
5158 struct sk_buff *skb)
5159 {
5160 #if IS_ENABLED(CONFIG_NET_TC_SKB_EXT)
5161 u32 chain = 0, chain_tag, reg_b, zone_restore_id;
5162 struct mlx5e_priv *priv = netdev_priv(skb->dev);
5163 struct mlx5e_tc_table *tc = &priv->fs.tc;
5164 struct mlx5_mapped_obj mapped_obj;
5165 struct tc_skb_ext *tc_skb_ext;
5166 int err;
5167
5168 reg_b = be32_to_cpu(cqe->ft_metadata);
5169
5170 chain_tag = reg_b & MLX5E_TC_TABLE_CHAIN_TAG_MASK;
5171
5172 err = mapping_find(tc->mapping, chain_tag, &mapped_obj);
5173 if (err) {
5174 netdev_dbg(priv->netdev,
5175 "Couldn't find chain for chain tag: %d, err: %d\n",
5176 chain_tag, err);
5177 return false;
5178 }
5179
5180 if (mapped_obj.type == MLX5_MAPPED_OBJ_CHAIN) {
5181 chain = mapped_obj.chain;
5182 tc_skb_ext = tc_skb_ext_alloc(skb);
5183 if (WARN_ON(!tc_skb_ext))
5184 return false;
5185
5186 tc_skb_ext->chain = chain;
5187
5188 zone_restore_id = (reg_b >> REG_MAPPING_MOFFSET(NIC_ZONE_RESTORE_TO_REG)) &
5189 ESW_ZONE_ID_MASK;
5190
5191 if (!mlx5e_tc_ct_restore_flow(tc->ct, skb,
5192 zone_restore_id))
5193 return false;
5194 } else {
5195 netdev_dbg(priv->netdev, "Invalid mapped object type: %d\n", mapped_obj.type);
5196 return false;
5197 }
5198 #endif /* CONFIG_NET_TC_SKB_EXT */
5199
5200 return true;
5201 }
5202
