Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-09-29 03:13:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

mlx5-updates-2020-05-26

Browse Source 
Updates highlights:
 
 1) From Vu Pham (8): Support VM traffics failover with bonded VF
 representors and e-switch egress/ingress ACLs
 
 This series introduce the support for Virtual Machine running I/O
 traffic over direct/fast VF path and failing over to slower
 paravirtualized path using the following features:
 
      __________________________________
     |  VM      _________________        |
     |          |FAILOVER device |       |
     |          |________________|       |
     |                  |                |
     |              ____|_____           |
     |              |         |          |
     |       ______ |___  ____|_______   |
     |       |  VF PT  |  |VIRTIO-NET |  |
     |       | device  |  | device    |  |
     |       |_________|  |___________|  |
     |___________|______________|________|
                 |              |
                 | HYPERVISOR   |
                 |          ____|______
                 |         |  macvtap  |
                 |         |virtio BE  |
                 |         |___________|
                 |               |
                 |           ____|_____
                 |           |host VF  |
                 |           |_________|
                 |               |
            _____|______    _____|_____
            |  PT VF    |  |  host VF  |
            |representor|  |representor|
            |___________|  |___________|
                 \               /
                  \             /
                   \           /
                    \         /                     _________________
                     \_______/                     |                |
                  _______|________                 |    V-SWITCH    |
                 |VF representors |________________|      (OVS)     |
                 |      bond      |                |________________|
                 |________________|                        |
                                                   ________|________
                                                  |    Uplink       |
                                                  |  representor    |
                                                  |_________________|
 
 Summary:
 --------
 Problem statement:
 ------------------
 Currently in above topology, when netfailover device is configured using
 VFs and eswitch VF representors, and when traffic fails over to stand-by
 VF which is exposed using macvtap device to guest VM, eswitch fails to
 switch the traffic to the stand-by VF representor. This occurs because
 there is no knowledge at eswitch level of the stand-by representor
 device.
 
 Solution:
 ---------
 Using standard bonding driver, a bond netdevice is created over VF
 representor device which is used for offloading tc rules.
 Two VF representors are bonded together, one for the passthrough VF
 device and another one for the stand-by VF device.
 With this solution, mlx5 driver listens to the failover events
 occuring at the bond device level to failover traffic to either of
 the active VF representor of the bond.
 
 a. VM with netfailover device of VF pass-thru (PT) device and virtio-net
    paravirtualized device with same MAC-address to handle failover
    traffics at VM level.
 
 b. Host bond is active-standby mode, with the lower devices being the VM
    VF PT representor, and the representor of the 2nd VF to handle
    failover traffics at Hypervisor/V-Switch OVS level.
    - During the steady state (fast datapath): set the bond active
      device to be the VM PT VF representor.
    - During failover: apply bond failover to the second VF representor
      device which connects to the VM non-accelerated path.
 
 c. E-Switch ingress/egress ACL tables to support failover traffics at
    E-Switch level
    I. E-Switch egress ACL with forward-to-vport rule:
      - By default, eswitch vport egress acl forward packets to its
        counterpart NIC vport.
      - During port failover, the egress acl forward-to-vport rule will
        be added to e-switch vport of passive/in-active slave VF
 representor
        to forward packets to other e-switch vport ie. the active slave
        representor's e-switch vport to handle egress "failover"
 traffics.
      - Using lower change netdev event to detect a representor is a
        lower
        dev (slave) of bond and becomes active, adding egress acl
        forward-to-vport rule of all other slave netdevs to forward to
 this
        representor's vport.
      - Using upper change netdev event to detect a representor unslaving
        from bond device to delete its vport's egress acl forward-to-vport
        rule.
 
    II. E-Switch ingress ACL metadata reg_c for match
      - Bonded representors' vorts sharing tc block have the same
        root ingress acl table and a unique metadata for match.
      - Traffics from both representors's vports will be tagged with same
        unique metadata reg_c.
      - Using upper change netdev event to detect a representor
        enslaving/unslaving from bond device to setup shared root ingress
        acl and unique metadata.
 
 2) From Alex Vesker (2): Slpit RX and TX lock for parallel rule insertion in
 software steering
 
 3) Eli Britstein (2): Optimize performance for IPv4/IPv6 ethertype use the HW
 ip_version register rather than parsing eth frames for ethertype.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEGhZs6bAKwk/OTgTpSD+KveBX+j4FAl7PEFAACgkQSD+KveBX
 +j4Z5Af+NYwihYZpQYBBN00K7Wu10XZ65u5MbGSDmzpdN62w0kKfjsJ70bb9aiws
 h8LC7lspdMLRMMn9pWwFKshyF6RoSD9Ku3ZYhUbtj+hJLElAd9IwGt6pPKr8hPDd
 9h+ZcBkacdhNwWKf7CKThic0c/0PLdVyzRysHxcQWKSMPCTdgiL5Z3PQHA0TM6J3
 6Excs2z7kSuuyyxQ1cyWCaqSz4rqCrYyd8Ws4HOPhXgSbX14Q3mtMsBDayx2gHNW
 rdVbaNN6s2o0TxbrCwd0AaNP3UWcnjNqu1ohxgJiSe8y+MHMoB0OMoO+6vQJnwNI
 bzpZEioswV1zdgK3qNmXqbHOiHRSVQ==
 =xM1D
 -----END PGP SIGNATURE-----

Merge tag 'mlx5-updates-2020-05-26' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux

Saeed Mahameed says:

====================
mlx5-updates-2020-05-26

Updates highlights:

1) From Vu Pham (8): Support VM traffics failover with bonded VF
representors and e-switch egress/ingress ACLs

This series introduce the support for Virtual Machine running I/O
traffic over direct/fast VF path and failing over to slower
paravirtualized path using the following features:

     __________________________________
    |  VM      _________________        |
    |          |FAILOVER device |       |
    |          |________________|       |
    |                  |                |
    |              ____|_____           |
    |              |         |          |
    |       ______ |___  ____|_______   |
    |       |  VF PT  |  |VIRTIO-NET |  |
    |       | device  |  | device    |  |
    |       |_________|  |___________|  |
    |___________|______________|________|
                |              |
                | HYPERVISOR   |
                |          ____|______
                |         |  macvtap  |
                |         |virtio BE  |
                |         |___________|
                |               |
                |           ____|_____
                |           |host VF  |
                |           |_________|
                |               |
           _____|______    _____|_____
           |  PT VF    |  |  host VF  |
           |representor|  |representor|
           |___________|  |___________|
                \               /
                 \             /
                  \           /
                   \         /                     _________________
                    \_______/                     |                |
                 _______|________                 |    V-SWITCH    |
                |VF representors |________________|      (OVS)     |
                |      bond      |                |________________|
                |________________|                        |
                                                  ________|________
                                                 |    Uplink       |
                                                 |  representor    |
                                                 |_________________|

Summary:
--------
Problem statement:
------------------
Currently in above topology, when netfailover device is configured using
VFs and eswitch VF representors, and when traffic fails over to stand-by
VF which is exposed using macvtap device to guest VM, eswitch fails to
switch the traffic to the stand-by VF representor. This occurs because
there is no knowledge at eswitch level of the stand-by representor
device.

Solution:
---------
Using standard bonding driver, a bond netdevice is created over VF
representor device which is used for offloading tc rules.
Two VF representors are bonded together, one for the passthrough VF
device and another one for the stand-by VF device.
With this solution, mlx5 driver listens to the failover events
occuring at the bond device level to failover traffic to either of
the active VF representor of the bond.

a. VM with netfailover device of VF pass-thru (PT) device and virtio-net
   paravirtualized device with same MAC-address to handle failover
   traffics at VM level.

b. Host bond is active-standby mode, with the lower devices being the VM
   VF PT representor, and the representor of the 2nd VF to handle
   failover traffics at Hypervisor/V-Switch OVS level.
   - During the steady state (fast datapath): set the bond active
     device to be the VM PT VF representor.
   - During failover: apply bond failover to the second VF representor
     device which connects to the VM non-accelerated path.

c. E-Switch ingress/egress ACL tables to support failover traffics at
   E-Switch level
   I. E-Switch egress ACL with forward-to-vport rule:
     - By default, eswitch vport egress acl forward packets to its
       counterpart NIC vport.
     - During port failover, the egress acl forward-to-vport rule will
       be added to e-switch vport of passive/in-active slave VF
representor
       to forward packets to other e-switch vport ie. the active slave
       representor's e-switch vport to handle egress "failover"
traffics.
     - Using lower change netdev event to detect a representor is a
       lower
       dev (slave) of bond and becomes active, adding egress acl
       forward-to-vport rule of all other slave netdevs to forward to
this
       representor's vport.
     - Using upper change netdev event to detect a representor unslaving
       from bond device to delete its vport's egress acl forward-to-vport
       rule.

   II. E-Switch ingress ACL metadata reg_c for match
     - Bonded representors' vorts sharing tc block have the same
       root ingress acl table and a unique metadata for match.
     - Traffics from both representors's vports will be tagged with same
       unique metadata reg_c.
     - Using upper change netdev event to detect a representor
       enslaving/unslaving from bond device to setup shared root ingress
       acl and unique metadata.

2) From Alex Vesker (2): Slpit RX and TX lock for parallel rule insertion in
software steering

3) Eli Britstein (2): Optimize performance for IPv4/IPv6 ethertype use the HW
ip_version register rather than parsing eth frames for ethertype.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2020-05-28 11:04:12 -07:00
commit 1eba1110f0
27 changed files with 1965 additions and 1011 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
drivers/net/ethernet/mellanox/mlx5/core/Makefile
View File

@ -34,7 +34,8 @@ mlx5_core-$(CONFIG_MLX5_EN_ARFS) += en_arfs.o
mlx5_core-$(CONFIG_MLX5_EN_RXNFC) += en_fs_ethtool.o
mlx5_core-$(CONFIG_MLX5_CORE_EN_DCB) += en_dcbnl.o en/port_buffer.o
mlx5_core-$(CONFIG_PCI_HYPERV_INTERFACE) += en/hv_vhca_stats.o
mlx5_core-$(CONFIG_MLX5_ESWITCH) += en_rep.o lib/geneve.o lib/port_tun.o lag_mp.o
mlx5_core-$(CONFIG_MLX5_ESWITCH) += lag_mp.o lib/geneve.o lib/port_tun.o \
en_rep.o en/rep/bond.o
mlx5_core-$(CONFIG_MLX5_CLS_ACT) += en_tc.o en/rep/tc.o en/rep/neigh.o \
en/mapping.o esw/chains.o en/tc_tun.o \
en/tc_tun_vxlan.o en/tc_tun_gre.o en/tc_tun_geneve.o \
@ -46,6 +47,10 @@ mlx5_core-$(CONFIG_MLX5_TC_CT) += en/tc_ct.o
#
mlx5_core-$(CONFIG_MLX5_ESWITCH) += eswitch.o eswitch_offloads.o eswitch_offloads_termtbl.o \
ecpf.o rdma.o
mlx5_core-$(CONFIG_MLX5_ESWITCH) += esw/acl/helper.o \
esw/acl/egress_lgcy.o esw/acl/egress_ofld.o \
esw/acl/ingress_lgcy.o esw/acl/ingress_ofld.o
mlx5_core-$(CONFIG_MLX5_MPFS) += lib/mpfs.o
mlx5_core-$(CONFIG_VXLAN) += lib/vxlan.o
mlx5_core-$(CONFIG_PTP_1588_CLOCK) += lib/clock.o

85
drivers/net/ethernet/mellanox/mlx5/core/diag/fs_tracepoint.c
View File

@ -76,58 +76,59 @@ static void print_lyr_2_4_hdrs(struct trace_seq *p,
.v = MLX5_GET(fte_match_set_lyr_2_4, value, dmac_47_16) << 16 |
MLX5_GET(fte_match_set_lyr_2_4, value, dmac_15_0)};
MASK_VAL_L2(u16, ethertype, ethertype);
MASK_VAL_L2(u8, ip_version, ip_version);
PRINT_MASKED_VALP(smac, u8 *, p, "%pM");
PRINT_MASKED_VALP(dmac, u8 *, p, "%pM");
PRINT_MASKED_VAL(ethertype, p, "%04x");
if (ethertype.m == 0xffff) {
if (ethertype.v == ETH_P_IP) {
if ((ethertype.m == 0xffff && ethertype.v == ETH_P_IP) ||
(ip_version.m == 0xf && ip_version.v == 4)) {
#define MASK_VAL_L2_BE(type, name, fld) \
MASK_VAL_BE(type, fte_match_set_lyr_2_4, name, mask, value, fld)
MASK_VAL_L2_BE(u32, src_ipv4,
src_ipv4_src_ipv6.ipv4_layout.ipv4);
MASK_VAL_L2_BE(u32, dst_ipv4,
dst_ipv4_dst_ipv6.ipv4_layout.ipv4);
MASK_VAL_L2_BE(u32, src_ipv4,
src_ipv4_src_ipv6.ipv4_layout.ipv4);
MASK_VAL_L2_BE(u32, dst_ipv4,
dst_ipv4_dst_ipv6.ipv4_layout.ipv4);
PRINT_MASKED_VALP(src_ipv4, typeof(&src_ipv4.v), p,
"%pI4");
PRINT_MASKED_VALP(dst_ipv4, typeof(&dst_ipv4.v), p,
"%pI4");
} else if (ethertype.v == ETH_P_IPV6) {
static const struct in6_addr full_ones = {
.in6_u.u6_addr32 = {__constant_htonl(0xffffffff),
__constant_htonl(0xffffffff),
__constant_htonl(0xffffffff),
__constant_htonl(0xffffffff)},
};
DECLARE_MASK_VAL(struct in6_addr, src_ipv6);
DECLARE_MASK_VAL(struct in6_addr, dst_ipv6);
PRINT_MASKED_VALP(src_ipv4, typeof(&src_ipv4.v), p,
"%pI4");
PRINT_MASKED_VALP(dst_ipv4, typeof(&dst_ipv4.v), p,
"%pI4");
} else if ((ethertype.m == 0xffff && ethertype.v == ETH_P_IPV6) ||
(ip_version.m == 0xf && ip_version.v == 6)) {
static const struct in6_addr full_ones = {
.in6_u.u6_addr32 = {__constant_htonl(0xffffffff),
__constant_htonl(0xffffffff),
__constant_htonl(0xffffffff),
__constant_htonl(0xffffffff)},
};
DECLARE_MASK_VAL(struct in6_addr, src_ipv6);
DECLARE_MASK_VAL(struct in6_addr, dst_ipv6);
memcpy(src_ipv6.m.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, mask,
src_ipv4_src_ipv6.ipv6_layout.ipv6),
sizeof(src_ipv6.m));
memcpy(dst_ipv6.m.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, mask,
dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
sizeof(dst_ipv6.m));
memcpy(src_ipv6.v.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, value,
src_ipv4_src_ipv6.ipv6_layout.ipv6),
sizeof(src_ipv6.v));
memcpy(dst_ipv6.v.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, value,
dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
sizeof(dst_ipv6.v));
memcpy(src_ipv6.m.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, mask,
src_ipv4_src_ipv6.ipv6_layout.ipv6),
sizeof(src_ipv6.m));
memcpy(dst_ipv6.m.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, mask,
dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
sizeof(dst_ipv6.m));
memcpy(src_ipv6.v.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, value,
src_ipv4_src_ipv6.ipv6_layout.ipv6),
sizeof(src_ipv6.v));
memcpy(dst_ipv6.v.in6_u.u6_addr8,
MLX5_ADDR_OF(fte_match_set_lyr_2_4, value,
dst_ipv4_dst_ipv6.ipv6_layout.ipv6),
sizeof(dst_ipv6.v));
if (!memcmp(&src_ipv6.m, &full_ones, sizeof(full_ones)))
trace_seq_printf(p, "src_ipv6=%pI6 ",
&src_ipv6.v);
if (!memcmp(&dst_ipv6.m, &full_ones, sizeof(full_ones)))
trace_seq_printf(p, "dst_ipv6=%pI6 ",
&dst_ipv6.v);
}
if (!memcmp(&src_ipv6.m, &full_ones, sizeof(full_ones)))
trace_seq_printf(p, "src_ipv6=%pI6 ",
&src_ipv6.v);
if (!memcmp(&dst_ipv6.m, &full_ones, sizeof(full_ones)))
trace_seq_printf(p, "dst_ipv6=%pI6 ",
&dst_ipv6.v);
}
#define PRINT_MASKED_VAL_L2(type, name, fld, p, format) {\

350
drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c Normal file
View File

@ -0,0 +1,350 @@
// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
/* Copyright (c) 2020 Mellanox Technologies Inc. All rights reserved. */
#include <linux/netdevice.h>
#include <linux/list.h>
#include <net/lag.h>
#include "mlx5_core.h"
#include "eswitch.h"
#include "esw/acl/ofld.h"
#include "en_rep.h"
struct mlx5e_rep_bond {
struct notifier_block nb;
struct netdev_net_notifier nn;
struct list_head metadata_list;
};
struct mlx5e_rep_bond_slave_entry {
struct list_head list;
struct net_device *netdev;
};
struct mlx5e_rep_bond_metadata {
struct list_head list; /* link to global list of rep_bond_metadata */
struct mlx5_eswitch *esw;
/* private of uplink holding rep bond metadata list */
struct net_device *lag_dev;
u32 metadata_reg_c_0;
struct list_head slaves_list; /* slaves list */
int slaves;
};
static struct mlx5e_rep_bond_metadata *
mlx5e_lookup_rep_bond_metadata(struct mlx5_rep_uplink_priv *uplink_priv,
const struct net_device *lag_dev)
{
struct mlx5e_rep_bond_metadata *found = NULL;
struct mlx5e_rep_bond_metadata *cur;
list_for_each_entry(cur, &uplink_priv->bond->metadata_list, list) {
if (cur->lag_dev == lag_dev) {
found = cur;
break;
}
}
return found;
}
static struct mlx5e_rep_bond_slave_entry *
mlx5e_lookup_rep_bond_slave_entry(struct mlx5e_rep_bond_metadata *mdata,
const struct net_device *netdev)
{
struct mlx5e_rep_bond_slave_entry *found = NULL;
struct mlx5e_rep_bond_slave_entry *cur;
list_for_each_entry(cur, &mdata->slaves_list, list) {
if (cur->netdev == netdev) {
found = cur;
break;
}
}
return found;
}
static void mlx5e_rep_bond_metadata_release(struct mlx5e_rep_bond_metadata *mdata)
{
netdev_dbg(mdata->lag_dev, "destroy rep_bond_metadata(%d)\n",
mdata->metadata_reg_c_0);
list_del(&mdata->list);
mlx5_esw_match_metadata_free(mdata->esw, mdata->metadata_reg_c_0);
WARN_ON(!list_empty(&mdata->slaves_list));
kfree(mdata);
}
/* This must be called under rtnl_lock */
int mlx5e_rep_bond_enslave(struct mlx5_eswitch *esw, struct net_device *netdev,
struct net_device *lag_dev)
{
struct mlx5e_rep_bond_slave_entry *s_entry;
struct mlx5e_rep_bond_metadata *mdata;
struct mlx5e_rep_priv *rpriv;
struct mlx5e_priv *priv;
int err;
ASSERT_RTNL();
rpriv = mlx5_eswitch_get_uplink_priv(esw, REP_ETH);
mdata = mlx5e_lookup_rep_bond_metadata(&rpriv->uplink_priv, lag_dev);
if (!mdata) {
/* First netdev becomes slave, no metadata presents the lag_dev. Create one */
mdata = kzalloc(sizeof(*mdata), GFP_KERNEL);
if (!mdata)
return -ENOMEM;
mdata->lag_dev = lag_dev;
mdata->esw = esw;
INIT_LIST_HEAD(&mdata->slaves_list);
mdata->metadata_reg_c_0 = mlx5_esw_match_metadata_alloc(esw);
if (!mdata->metadata_reg_c_0) {
kfree(mdata);
return -ENOSPC;
}
list_add(&mdata->list, &rpriv->uplink_priv.bond->metadata_list);
netdev_dbg(lag_dev, "create rep_bond_metadata(%d)\n",
mdata->metadata_reg_c_0);
}
s_entry = kzalloc(sizeof(*s_entry), GFP_KERNEL);
if (!s_entry) {
err = -ENOMEM;
goto entry_alloc_err;
}
s_entry->netdev = netdev;
priv = netdev_priv(netdev);
rpriv = priv->ppriv;
err = mlx5_esw_acl_ingress_vport_bond_update(esw, rpriv->rep->vport,
mdata->metadata_reg_c_0);
if (err)
goto ingress_err;
mdata->slaves++;
list_add_tail(&s_entry->list, &mdata->slaves_list);
netdev_dbg(netdev, "enslave rep vport(%d) lag_dev(%s) metadata(0x%x)\n",
rpriv->rep->vport, lag_dev->name, mdata->metadata_reg_c_0);
return 0;
ingress_err:
kfree(s_entry);
entry_alloc_err:
if (!mdata->slaves)
mlx5e_rep_bond_metadata_release(mdata);
return err;
}
/* This must be called under rtnl_lock */
void mlx5e_rep_bond_unslave(struct mlx5_eswitch *esw,
const struct net_device *netdev,
const struct net_device *lag_dev)
{
struct mlx5e_rep_bond_slave_entry *s_entry;
struct mlx5e_rep_bond_metadata *mdata;
struct mlx5e_rep_priv *rpriv;
struct mlx5e_priv *priv;
ASSERT_RTNL();
rpriv = mlx5_eswitch_get_uplink_priv(esw, REP_ETH);
mdata = mlx5e_lookup_rep_bond_metadata(&rpriv->uplink_priv, lag_dev);
if (!mdata)
return;
s_entry = mlx5e_lookup_rep_bond_slave_entry(mdata, netdev);
if (!s_entry)
return;
priv = netdev_priv(netdev);
rpriv = priv->ppriv;
/* Reset bond_metadata to zero first then reset all ingress/egress
* acls and rx rules of unslave representor's vport
*/
mlx5_esw_acl_ingress_vport_bond_update(esw, rpriv->rep->vport, 0);
mlx5_esw_acl_egress_vport_unbond(esw, rpriv->rep->vport);
mlx5e_rep_bond_update(priv, false);
list_del(&s_entry->list);
netdev_dbg(netdev, "unslave rep vport(%d) lag_dev(%s) metadata(0x%x)\n",
rpriv->rep->vport, lag_dev->name, mdata->metadata_reg_c_0);
if (--mdata->slaves == 0)
mlx5e_rep_bond_metadata_release(mdata);
kfree(s_entry);
}
static bool mlx5e_rep_is_lag_netdev(struct net_device *netdev)
{
struct mlx5e_priv *priv = netdev_priv(netdev);
struct mlx5e_rep_priv *rpriv = priv->ppriv;
/* A given netdev is not a representor or not a slave of LAG configuration */
if (!mlx5e_eswitch_rep(netdev) || !bond_slave_get_rtnl(netdev))
return false;
/* Egress acl forward to vport is supported only non-uplink representor */
return rpriv->rep->vport != MLX5_VPORT_UPLINK;
}
static void mlx5e_rep_changelowerstate_event(struct net_device *netdev, void *ptr)
{
struct netdev_notifier_changelowerstate_info *info;
struct netdev_lag_lower_state_info *lag_info;
struct mlx5e_rep_priv *rpriv;
struct net_device *lag_dev;
struct mlx5e_priv *priv;
struct list_head *iter;
struct net_device *dev;
u16 acl_vport_num;
u16 fwd_vport_num;
int err;
if (!mlx5e_rep_is_lag_netdev(netdev))
return;
info = ptr;
lag_info = info->lower_state_info;
/* This is not an event of a representor becoming active slave */
if (!lag_info->tx_enabled)
return;
priv = netdev_priv(netdev);
rpriv = priv->ppriv;
fwd_vport_num = rpriv->rep->vport;
lag_dev = netdev_master_upper_dev_get(netdev);
netdev_dbg(netdev, "lag_dev(%s)'s slave vport(%d) is txable(%d)\n",
lag_dev->name, fwd_vport_num, net_lag_port_dev_txable(netdev));
/* Point everyone's egress acl to the vport of the active representor */
netdev_for_each_lower_dev(lag_dev, dev, iter) {
priv = netdev_priv(dev);
rpriv = priv->ppriv;
acl_vport_num = rpriv->rep->vport;
if (acl_vport_num != fwd_vport_num) {
/* Only single rx_rule for unique bond_metadata should be
* present, delete it if it's saved as passive vport's
* rx_rule with destination as passive vport's root_ft
*/
mlx5e_rep_bond_update(priv, true);
err = mlx5_esw_acl_egress_vport_bond(priv->mdev->priv.eswitch,
fwd_vport_num,
acl_vport_num);
if (err)
netdev_warn(dev,
"configure slave vport(%d) egress fwd, err(%d)",
acl_vport_num, err);
}
}
/* Insert new rx_rule for unique bond_metadata, save it as active vport's
* rx_rule with new destination as active vport's root_ft
*/
err = mlx5e_rep_bond_update(netdev_priv(netdev), false);
if (err)
netdev_warn(netdev, "configure active slave vport(%d) rx_rule, err(%d)",
fwd_vport_num, err);
}
static void mlx5e_rep_changeupper_event(struct net_device *netdev, void *ptr)
{
struct netdev_notifier_changeupper_info *info = ptr;
struct mlx5e_rep_priv *rpriv;
struct net_device *lag_dev;
struct mlx5e_priv *priv;
if (!mlx5e_rep_is_lag_netdev(netdev))
return;
priv = netdev_priv(netdev);
rpriv = priv->ppriv;
lag_dev = info->upper_dev;
netdev_dbg(netdev, "%sslave vport(%d) lag(%s)\n",
info->linking ? "en" : "un", rpriv->rep->vport, lag_dev->name);
if (info->linking)
mlx5e_rep_bond_enslave(priv->mdev->priv.eswitch, netdev, lag_dev);
else
mlx5e_rep_bond_unslave(priv->mdev->priv.eswitch, netdev, lag_dev);
}
/* Bond device of representors and netdev events are used here in specific way
* to support eswitch vports bonding and to perform failover of eswitch vport
* by modifying the vport's egress acl of lower dev representors. Thus this
* also change the traditional behavior of lower dev under bond device.
* All non-representor netdevs or representors of other vendors as lower dev
* of bond device are not supported.
*/
static int mlx5e_rep_esw_bond_netevent(struct notifier_block *nb,
unsigned long event, void *ptr)
{
struct net_device *netdev = netdev_notifier_info_to_dev(ptr);
switch (event) {
case NETDEV_CHANGELOWERSTATE:
mlx5e_rep_changelowerstate_event(netdev, ptr);
break;
case NETDEV_CHANGEUPPER:
mlx5e_rep_changeupper_event(netdev, ptr);
break;
}
return NOTIFY_DONE;
}
/* If HW support eswitch vports bonding, register a specific notifier to
* handle it when two or more representors are bonded
*/
int mlx5e_rep_bond_init(struct mlx5e_rep_priv *rpriv)
{
struct mlx5_rep_uplink_priv *uplink_priv = &rpriv->uplink_priv;
struct net_device *netdev = rpriv->netdev;
struct mlx5e_priv *priv;
int ret = 0;
priv = netdev_priv(netdev);
if (!mlx5_esw_acl_egress_fwd2vport_supported(priv->mdev->priv.eswitch))
goto out;
uplink_priv->bond = kvzalloc(sizeof(*uplink_priv->bond), GFP_KERNEL);
if (!uplink_priv->bond) {
ret = -ENOMEM;
goto out;
}
INIT_LIST_HEAD(&uplink_priv->bond->metadata_list);
uplink_priv->bond->nb.notifier_call = mlx5e_rep_esw_bond_netevent;
ret = register_netdevice_notifier_dev_net(netdev,
&uplink_priv->bond->nb,
&uplink_priv->bond->nn);
if (ret) {
netdev_err(netdev, "register bonding netevent notifier, err(%d)\n", ret);
kvfree(uplink_priv->bond);
uplink_priv->bond = NULL;
}
out:
return ret;
}
void mlx5e_rep_bond_cleanup(struct mlx5e_rep_priv *rpriv)
{
struct mlx5e_priv *priv = netdev_priv(rpriv->netdev);
if (!mlx5_esw_acl_egress_fwd2vport_supported(priv->mdev->priv.eswitch) ||
!rpriv->uplink_priv.bond)
return;
unregister_netdevice_notifier_dev_net(rpriv->netdev,
&rpriv->uplink_priv.bond->nb,
&rpriv->uplink_priv.bond->nn);
kvfree(rpriv->uplink_priv.bond);
}

10
drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
View File

@ -119,7 +119,7 @@ mlx5_tc_ct_get_ct_priv(struct mlx5e_priv *priv)
}
static int
mlx5_tc_ct_set_tuple_match(struct mlx5_flow_spec *spec,
mlx5_tc_ct_set_tuple_match(struct mlx5e_priv *priv, struct mlx5_flow_spec *spec,
struct flow_rule *rule)
{
void *headers_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria,
@ -134,10 +134,8 @@ mlx5_tc_ct_set_tuple_match(struct mlx5_flow_spec *spec,
flow_rule_match_basic(rule, &match);
MLX5_SET(fte_match_set_lyr_2_4, headers_c, ethertype,
ntohs(match.mask->n_proto));
MLX5_SET(fte_match_set_lyr_2_4, headers_v, ethertype,
ntohs(match.key->n_proto));
mlx5e_tc_set_ethertype(priv->mdev, &match, true, headers_c,
headers_v);
MLX5_SET(fte_match_set_lyr_2_4, headers_c, ip_protocol,
match.mask->ip_proto);
MLX5_SET(fte_match_set_lyr_2_4, headers_v, ip_protocol,
@ -533,7 +531,7 @@ mlx5_tc_ct_entry_add_rule(struct mlx5_tc_ct_priv *ct_priv,
attr->counter = entry->counter;
attr->flags |= MLX5_ESW_ATTR_FLAG_NO_IN_PORT;
mlx5_tc_ct_set_tuple_match(spec, flow_rule);
mlx5_tc_ct_set_tuple_match(netdev_priv(ct_priv->netdev), spec, flow_rule);
mlx5e_tc_match_to_reg_match(spec, ZONE_TO_REG,
entry->zone & MLX5_CT_ZONE_MASK,
MLX5_CT_ZONE_MASK);

21
drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun.c
View File

@ -512,6 +512,13 @@ int mlx5e_tc_tun_parse(struct net_device *filter_dev,
}
if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_CONTROL)) {
struct flow_dissector_key_basic key_basic = {};
struct flow_dissector_key_basic mask_basic = {
.n_proto = htons(0xFFFF),
};
struct flow_match_basic match_basic = {
.key = &key_basic, .mask = &mask_basic,
};
struct flow_match_control match;
u16 addr_type;
@ -537,10 +544,9 @@ int mlx5e_tc_tun_parse(struct net_device *filter_dev,
dst_ipv4_dst_ipv6.ipv4_layout.ipv4,
ntohl(match.key->dst));
MLX5_SET_TO_ONES(fte_match_set_lyr_2_4, headers_c,
ethertype);
MLX5_SET(fte_match_set_lyr_2_4, headers_v, ethertype,
ETH_P_IP);
key_basic.n_proto = htons(ETH_P_IP);
mlx5e_tc_set_ethertype(priv->mdev, &match_basic, true,
headers_c, headers_v);
} else if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
struct flow_match_ipv6_addrs match;
@ -563,10 +569,9 @@ int mlx5e_tc_tun_parse(struct net_device *filter_dev,
&match.key->dst, MLX5_FLD_SZ_BYTES(ipv6_layout,
ipv6));
MLX5_SET_TO_ONES(fte_match_set_lyr_2_4, headers_c,
ethertype);
MLX5_SET(fte_match_set_lyr_2_4, headers_v, ethertype,
ETH_P_IPV6);
key_basic.n_proto = htons(ETH_P_IPV6);
mlx5e_tc_set_ethertype(priv->mdev, &match_basic, true,
headers_c, headers_v);
}
}

30
drivers/net/ethernet/mellanox/mlx5/core/en_rep.c
View File

@ -854,6 +854,24 @@ static int mlx5e_create_rep_vport_rx_rule(struct mlx5e_priv *priv)
return 0;
}
static void rep_vport_rx_rule_destroy(struct mlx5e_priv *priv)
{
struct mlx5e_rep_priv *rpriv = priv->ppriv;
if (!rpriv->vport_rx_rule)
return;
mlx5_del_flow_rules(rpriv->vport_rx_rule);
rpriv->vport_rx_rule = NULL;
}
int mlx5e_rep_bond_update(struct mlx5e_priv *priv, bool cleanup)
{
rep_vport_rx_rule_destroy(priv);
return cleanup ? 0 : mlx5e_create_rep_vport_rx_rule(priv);
}
static int mlx5e_init_rep_rx(struct mlx5e_priv *priv)
{
struct mlx5_core_dev *mdev = priv->mdev;
@ -918,9 +936,7 @@ err_close_drop_rq:
static void mlx5e_cleanup_rep_rx(struct mlx5e_priv *priv)
{
struct mlx5e_rep_priv *rpriv = priv->ppriv;
mlx5_del_flow_rules(rpriv->vport_rx_rule);
rep_vport_rx_rule_destroy(priv);
mlx5e_destroy_rep_root_ft(priv);
mlx5e_destroy_ttc_table(priv, &priv->fs.ttc);
mlx5e_destroy_direct_tirs(priv, priv->direct_tir);
@ -959,16 +975,18 @@ static int mlx5e_init_uplink_rep_tx(struct mlx5e_rep_priv *rpriv)
mlx5_init_port_tun_entropy(&uplink_priv->tun_entropy, priv->mdev);
mlx5e_rep_bond_init(rpriv);
err = mlx5e_rep_tc_netdevice_event_register(rpriv);
if (err) {
mlx5_core_err(priv->mdev, "Failed to register netdev notifier, err: %d\n",
err);
goto tc_rep_cleanup;
goto err_event_reg;
}
return 0;
tc_rep_cleanup:
err_event_reg:
mlx5e_rep_bond_cleanup(rpriv);
mlx5e_rep_tc_cleanup(rpriv);
return err;
}
@ -1001,7 +1019,7 @@ static void mlx5e_cleanup_uplink_rep_tx(struct mlx5e_rep_priv *rpriv)
{
mlx5e_rep_tc_netdevice_event_unregister(rpriv);
mlx5e_rep_indr_clean_block_privs(rpriv);
mlx5e_rep_bond_cleanup(rpriv);
mlx5e_rep_tc_cleanup(rpriv);
}

13
drivers/net/ethernet/mellanox/mlx5/core/en_rep.h
View File

@ -56,6 +56,7 @@ struct mlx5e_neigh_update_table {
};
struct mlx5_tc_ct_priv;
struct mlx5e_rep_bond;
struct mlx5_rep_uplink_priv {
/* Filters DB - instantiated by the uplink representor and shared by
* the uplink's VFs
@ -89,6 +90,9 @@ struct mlx5_rep_uplink_priv {
struct mapping_ctx *tunnel_enc_opts_mapping;
struct mlx5_tc_ct_priv *ct_priv;
/* support eswitch vports bonding */
struct mlx5e_rep_bond *bond;
};
struct mlx5e_rep_priv {
@ -211,6 +215,15 @@ struct mlx5e_rep_sq {
void mlx5e_rep_register_vport_reps(struct mlx5_core_dev *mdev);
void mlx5e_rep_unregister_vport_reps(struct mlx5_core_dev *mdev);
int mlx5e_rep_bond_init(struct mlx5e_rep_priv *rpriv);
void mlx5e_rep_bond_cleanup(struct mlx5e_rep_priv *rpriv);
int mlx5e_rep_bond_enslave(struct mlx5_eswitch *esw, struct net_device *netdev,
struct net_device *lag_dev);
void mlx5e_rep_bond_unslave(struct mlx5_eswitch *esw,
const struct net_device *netdev,
const struct net_device *lag_dev);
int mlx5e_rep_bond_update(struct mlx5e_priv *priv, bool cleanup);
bool mlx5e_is_uplink_rep(struct mlx5e_priv *priv);
int mlx5e_add_sqs_fwd_rules(struct mlx5e_priv *priv);
void mlx5e_remove_sqs_fwd_rules(struct mlx5e_priv *priv);

96
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
View File

@ -50,6 +50,7 @@
#include <net/arp.h>
#include <net/ipv6_stubs.h>
#include <net/bareudp.h>
#include <net/bonding.h>
#include "en.h"
#include "en_rep.h"
#include "en/rep/tc.h"
@ -145,6 +146,7 @@ struct mlx5e_tc_flow {
struct list_head hairpin; /* flows sharing the same hairpin */
struct list_head peer; /* flows with peer flow */
struct list_head unready; /* flows not ready to be offloaded (e.g due to missing route) */
struct net_device *orig_dev; /* netdev adding flow first */
int tmp_efi_index;
struct list_head tmp_list; /* temporary flow list used by neigh update */
refcount_t refcnt;
@ -2018,6 +2020,32 @@ u32 mlx5e_tc_get_flow_tun_id(struct mlx5e_tc_flow *flow)
return flow->tunnel_id;
}
void mlx5e_tc_set_ethertype(struct mlx5_core_dev *mdev,
struct flow_match_basic *match, bool outer,
void *headers_c, void *headers_v)
{
bool ip_version_cap;
ip_version_cap = outer ?
MLX5_CAP_FLOWTABLE_NIC_RX(mdev,
ft_field_support.outer_ip_version) :
MLX5_CAP_FLOWTABLE_NIC_RX(mdev,
ft_field_support.inner_ip_version);
if (ip_version_cap && match->mask->n_proto == htons(0xFFFF) &&
(match->key->n_proto == htons(ETH_P_IP) ||
match->key->n_proto == htons(ETH_P_IPV6))) {
MLX5_SET_TO_ONES(fte_match_set_lyr_2_4, headers_c, ip_version);
MLX5_SET(fte_match_set_lyr_2_4, headers_v, ip_version,
match->key->n_proto == htons(ETH_P_IP) ? 4 : 6);
} else {
MLX5_SET(fte_match_set_lyr_2_4, headers_c, ethertype,
ntohs(match->mask->n_proto));
MLX5_SET(fte_match_set_lyr_2_4, headers_v, ethertype,
ntohs(match->key->n_proto));
}
}
static int parse_tunnel_attr(struct mlx5e_priv *priv,
struct mlx5e_tc_flow *flow,
struct mlx5_flow_spec *spec,
@ -2239,10 +2267,9 @@ static int __parse_cls_flower(struct mlx5e_priv *priv,
struct flow_match_basic match;
flow_rule_match_basic(rule, &match);
MLX5_SET(fte_match_set_lyr_2_4, headers_c, ethertype,
ntohs(match.mask->n_proto));
MLX5_SET(fte_match_set_lyr_2_4, headers_v, ethertype,
ntohs(match.key->n_proto));
mlx5e_tc_set_ethertype(priv->mdev, &match,
match_level == outer_match_level,
headers_c, headers_v);
if (match.mask->n_proto)
*match_level = MLX5_MATCH_L2;
@ -3118,16 +3145,19 @@ static bool modify_header_match_supported(struct mlx5_flow_spec *spec,
{
const struct flow_action_entry *act;
bool modify_ip_header;
void *headers_c;
void *headers_v;
u16 ethertype;
u8 ip_proto;
int i, err;
headers_c = get_match_headers_criteria(actions, spec);
headers_v = get_match_headers_value(actions, spec);
ethertype = MLX5_GET(fte_match_set_lyr_2_4, headers_v, ethertype);
/* for non-IP we only re-write MACs, so we're okay */
if (ethertype != ETH_P_IP && ethertype != ETH_P_IPV6)
if (MLX5_GET(fte_match_set_lyr_2_4, headers_c, ip_version) == 0 &&
ethertype != ETH_P_IP && ethertype != ETH_P_IPV6)
goto out_ok;
modify_ip_header = false;
@ -3758,6 +3788,28 @@ static int parse_tc_vlan_action(struct mlx5e_priv *priv,
return 0;
}
static struct net_device *get_fdb_out_dev(struct net_device *uplink_dev,
struct net_device *out_dev)
{
struct net_device *fdb_out_dev = out_dev;
struct net_device *uplink_upper;
rcu_read_lock();
uplink_upper = netdev_master_upper_dev_get_rcu(uplink_dev);
if (uplink_upper && netif_is_lag_master(uplink_upper) &&
uplink_upper == out_dev) {
fdb_out_dev = uplink_dev;
} else if (netif_is_lag_master(out_dev)) {
fdb_out_dev = bond_option_active_slave_get_rcu(netdev_priv(out_dev));
if (fdb_out_dev &&
(!mlx5e_eswitch_rep(fdb_out_dev) ||
!netdev_port_same_parent_id(fdb_out_dev, uplink_dev)))
fdb_out_dev = NULL;
}
rcu_read_unlock();
return fdb_out_dev;
}
static int add_vlan_push_action(struct mlx5e_priv *priv,
struct mlx5_esw_flow_attr *attr,
struct net_device **out_dev,
@ -4073,7 +4125,6 @@ static int parse_tc_fdb_actions(struct mlx5e_priv *priv,
} else if (netdev_port_same_parent_id(priv->netdev, out_dev)) {
struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
struct net_device *uplink_dev = mlx5_eswitch_uplink_get_proto_dev(esw, REP_ETH);
struct net_device *uplink_upper;
if (is_duplicated_output_device(priv->netdev,
out_dev,
@ -4085,14 +4136,9 @@ static int parse_tc_fdb_actions(struct mlx5e_priv *priv,
ifindexes[if_count] = out_dev->ifindex;
if_count++;
rcu_read_lock();
uplink_upper =
netdev_master_upper_dev_get_rcu(uplink_dev);
if (uplink_upper &&
netif_is_lag_master(uplink_upper) &&
uplink_upper == out_dev)
out_dev = uplink_dev;
rcu_read_unlock();
out_dev = get_fdb_out_dev(uplink_dev, out_dev);
if (!out_dev)
return -ENODEV;
if (is_vlan_dev(out_dev)) {
err = add_vlan_push_action(priv, attr,
@ -4624,11 +4670,21 @@ mlx5e_tc_add_flow(struct mlx5e_priv *priv,
return err;
}
static bool is_flow_rule_duplicate_allowed(struct net_device *dev,
struct mlx5e_rep_priv *rpriv)
{
/* Offloaded flow rule is allowed to duplicate on non-uplink representor
* sharing tc block with other slaves of a lag device.
*/
return netif_is_lag_port(dev) && rpriv->rep->vport != MLX5_VPORT_UPLINK;
}
int mlx5e_configure_flower(struct net_device *dev, struct mlx5e_priv *priv,
struct flow_cls_offload *f, unsigned long flags)
{
struct netlink_ext_ack *extack = f->common.extack;
struct rhashtable *tc_ht = get_tc_ht(priv, flags);
struct mlx5e_rep_priv *rpriv = priv->ppriv;
struct mlx5e_tc_flow *flow;
int err = 0;
@ -4636,6 +4692,12 @@ int mlx5e_configure_flower(struct net_device *dev, struct mlx5e_priv *priv,
flow = rhashtable_lookup(tc_ht, &f->cookie, tc_ht_params);
rcu_read_unlock();
if (flow) {
/* Same flow rule offloaded to non-uplink representor sharing tc block,
* just return 0.
*/
if (is_flow_rule_duplicate_allowed(dev, rpriv) && flow->orig_dev != dev)
goto out;
NL_SET_ERR_MSG_MOD(extack,
"flow cookie already exists, ignoring");
netdev_warn_once(priv->netdev,
@ -4650,6 +4712,12 @@ int mlx5e_configure_flower(struct net_device *dev, struct mlx5e_priv *priv,
if (err)
goto out;
/* Flow rule offloaded to non-uplink representor sharing tc block,
* set the flow's owner dev.
*/
if (is_flow_rule_duplicate_allowed(dev, rpriv))
flow->orig_dev = dev;
err = rhashtable_lookup_insert_fast(tc_ht, &flow->node, tc_ht_params);
if (err)
goto err_free;

4
drivers/net/ethernet/mellanox/mlx5/core/en_tc.h
View File

@ -170,6 +170,10 @@ void dealloc_mod_hdr_actions(struct mlx5e_tc_mod_hdr_acts *mod_hdr_acts);
struct mlx5e_tc_flow;
u32 mlx5e_tc_get_flow_tun_id(struct mlx5e_tc_flow *flow);
void mlx5e_tc_set_ethertype(struct mlx5_core_dev *mdev,
struct flow_match_basic *match, bool outer,
void *headers_c, void *headers_v);
#if IS_ENABLED(CONFIG_MLX5_CLS_ACT)
int mlx5e_tc_nic_init(struct mlx5e_priv *priv);

170
drivers/net/ethernet/mellanox/mlx5/core/esw/acl/egress_lgcy.c Normal file
View File

@ -0,0 +1,170 @@
// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
/* Copyright (c) 2020 Mellanox Technologies Inc. All rights reserved. */
#include "mlx5_core.h"
#include "eswitch.h"
#include "helper.h"
#include "lgcy.h"
static void esw_acl_egress_lgcy_rules_destroy(struct mlx5_vport *vport)
{
esw_acl_egress_vlan_destroy(vport);
if (!IS_ERR_OR_NULL(vport->egress.legacy.drop_rule)) {
mlx5_del_flow_rules(vport->egress.legacy.drop_rule);
vport->egress.legacy.drop_rule = NULL;
}
}
static int esw_acl_egress_lgcy_groups_create(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
struct mlx5_core_dev *dev = esw->dev;
struct mlx5_flow_group *drop_grp;
u32 *flow_group_in;
int err = 0;
err = esw_acl_egress_vlan_grp_create(esw, vport);
if (err)
return err;
flow_group_in = kvzalloc(inlen, GFP_KERNEL);
if (!flow_group_in) {
err = -ENOMEM;
goto alloc_err;
}
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 1);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 1);
drop_grp = mlx5_create_flow_group(vport->egress.acl, flow_group_in);
if (IS_ERR(drop_grp)) {
err = PTR_ERR(drop_grp);
esw_warn(dev, "Failed to create E-Switch vport[%d] egress drop flow group, err(%d)\n",
vport->vport, err);
goto drop_grp_err;
}
vport->egress.legacy.drop_grp = drop_grp;
kvfree(flow_group_in);
return 0;
drop_grp_err:
kvfree(flow_group_in);
alloc_err:
esw_acl_egress_vlan_grp_destroy(vport);
return err;
}
static void esw_acl_egress_lgcy_groups_destroy(struct mlx5_vport *vport)
{
if (!IS_ERR_OR_NULL(vport->egress.legacy.drop_grp)) {
mlx5_destroy_flow_group(vport->egress.legacy.drop_grp);
vport->egress.legacy.drop_grp = NULL;
}
esw_acl_egress_vlan_grp_destroy(vport);
}
int esw_acl_egress_lgcy_setup(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
struct mlx5_flow_destination drop_ctr_dst = {};
struct mlx5_flow_destination *dst = NULL;
struct mlx5_fc *drop_counter = NULL;
struct mlx5_flow_act flow_act = {};
/* The egress acl table contains 2 rules:
* 1)Allow traffic with vlan_tag=vst_vlan_id
* 2)Drop all other traffic.
*/
int table_size = 2;
int dest_num = 0;
int err = 0;
if (MLX5_CAP_ESW_EGRESS_ACL(esw->dev, flow_counter)) {
drop_counter = mlx5_fc_create(esw->dev, false);
if (IS_ERR(drop_counter))
esw_warn(esw->dev,
"vport[%d] configure egress drop rule counter err(%ld)\n",
vport->vport, PTR_ERR(drop_counter));
vport->egress.legacy.drop_counter = drop_counter;
}
esw_acl_egress_lgcy_rules_destroy(vport);
if (!vport->info.vlan && !vport->info.qos) {
esw_acl_egress_lgcy_cleanup(esw, vport);
return 0;
}
if (!IS_ERR_OR_NULL(vport->egress.acl))
return 0;
vport->egress.acl = esw_acl_table_create(esw, vport->vport,
MLX5_FLOW_NAMESPACE_ESW_EGRESS,
table_size);
if (IS_ERR_OR_NULL(vport->egress.acl)) {
err = PTR_ERR(vport->egress.acl);
vport->egress.acl = NULL;
goto out;
}
err = esw_acl_egress_lgcy_groups_create(esw, vport);
if (err)
goto out;
esw_debug(esw->dev,
"vport[%d] configure egress rules, vlan(%d) qos(%d)\n",
vport->vport, vport->info.vlan, vport->info.qos);
/* Allowed vlan rule */
err = esw_egress_acl_vlan_create(esw, vport, NULL, vport->info.vlan,
MLX5_FLOW_CONTEXT_ACTION_ALLOW);
if (err)
goto out;
flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP;
/* Attach egress drop flow counter */
if (!IS_ERR_OR_NULL(drop_counter)) {
flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_COUNT;
drop_ctr_dst.type = MLX5_FLOW_DESTINATION_TYPE_COUNTER;
drop_ctr_dst.counter_id = mlx5_fc_id(drop_counter);
dst = &drop_ctr_dst;
dest_num++;
}
vport->egress.legacy.drop_rule =
mlx5_add_flow_rules(vport->egress.acl, NULL,
&flow_act, dst, dest_num);
if (IS_ERR(vport->egress.legacy.drop_rule)) {
err = PTR_ERR(vport->egress.legacy.drop_rule);
esw_warn(esw->dev,
"vport[%d] configure egress drop rule failed, err(%d)\n",
vport->vport, err);
vport->egress.legacy.drop_rule = NULL;
goto out;
}
return err;
out:
esw_acl_egress_lgcy_cleanup(esw, vport);
return err;
}
void esw_acl_egress_lgcy_cleanup(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
if (IS_ERR_OR_NULL(vport->egress.acl))
goto clean_drop_counter;
esw_debug(esw->dev, "Destroy vport[%d] E-Switch egress ACL\n", vport->vport);
esw_acl_egress_lgcy_rules_destroy(vport);
esw_acl_egress_lgcy_groups_destroy(vport);
esw_acl_egress_table_destroy(vport);
clean_drop_counter:
if (!IS_ERR_OR_NULL(vport->egress.legacy.drop_counter)) {
mlx5_fc_destroy(esw->dev, vport->egress.legacy.drop_counter);
vport->egress.legacy.drop_counter = NULL;
}
}

235
drivers/net/ethernet/mellanox/mlx5/core/esw/acl/egress_ofld.c Normal file
View File

@ -0,0 +1,235 @@
// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
/* Copyright (c) 2020 Mellanox Technologies Inc. All rights reserved. */
#include "mlx5_core.h"
#include "eswitch.h"
#include "helper.h"
#include "ofld.h"
static void esw_acl_egress_ofld_fwd2vport_destroy(struct mlx5_vport *vport)
{
if (!vport->egress.offloads.fwd_rule)
return;
mlx5_del_flow_rules(vport->egress.offloads.fwd_rule);
vport->egress.offloads.fwd_rule = NULL;
}
static int esw_acl_egress_ofld_fwd2vport_create(struct mlx5_eswitch *esw,
struct mlx5_vport *vport,
struct mlx5_flow_destination *fwd_dest)
{
struct mlx5_flow_act flow_act = {};
int err = 0;
esw_debug(esw->dev, "vport(%d) configure egress acl rule fwd2vport(%d)\n",
vport->vport, fwd_dest->vport.num);
/* Delete the old egress forward-to-vport rule if any */
esw_acl_egress_ofld_fwd2vport_destroy(vport);
flow_act.action = MLX5_FLOW_CONTEXT_ACTION_FWD_DEST;
vport->egress.offloads.fwd_rule =
mlx5_add_flow_rules(vport->egress.acl, NULL,
&flow_act, fwd_dest, 1);
if (IS_ERR(vport->egress.offloads.fwd_rule)) {
err = PTR_ERR(vport->egress.offloads.fwd_rule);
esw_warn(esw->dev,
"vport(%d) failed to add fwd2vport acl rule err(%d)\n",
vport->vport, err);
vport->egress.offloads.fwd_rule = NULL;
}
return err;
}
static int esw_acl_egress_ofld_rules_create(struct mlx5_eswitch *esw,
struct mlx5_vport *vport,
struct mlx5_flow_destination *fwd_dest)
{
int err = 0;
int action;
if (MLX5_CAP_GEN(esw->dev, prio_tag_required)) {
/* For prio tag mode, there is only 1 FTEs:
* 1) prio tag packets - pop the prio tag VLAN, allow
* Unmatched traffic is allowed by default
*/
esw_debug(esw->dev,
"vport[%d] configure prio tag egress rules\n", vport->vport);
action = MLX5_FLOW_CONTEXT_ACTION_VLAN_POP;
action |= fwd_dest ? MLX5_FLOW_CONTEXT_ACTION_FWD_DEST :
MLX5_FLOW_CONTEXT_ACTION_ALLOW;
/* prio tag vlan rule - pop it so vport receives untagged packets */
err = esw_egress_acl_vlan_create(esw, vport, fwd_dest, 0, action);
if (err)
goto prio_err;
}
if (fwd_dest) {
err = esw_acl_egress_ofld_fwd2vport_create(esw, vport, fwd_dest);
if (err)
goto fwd_err;
}
return 0;
fwd_err:
esw_acl_egress_vlan_destroy(vport);
prio_err:
return err;
}
static void esw_acl_egress_ofld_rules_destroy(struct mlx5_vport *vport)
{
esw_acl_egress_vlan_destroy(vport);
esw_acl_egress_ofld_fwd2vport_destroy(vport);
}
static int esw_acl_egress_ofld_groups_create(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
struct mlx5_flow_group *fwd_grp;
u32 *flow_group_in;
u32 flow_index = 0;
int ret = 0;
if (MLX5_CAP_GEN(esw->dev, prio_tag_required)) {
ret = esw_acl_egress_vlan_grp_create(esw, vport);
if (ret)
return ret;
flow_index++;
}
if (!mlx5_esw_acl_egress_fwd2vport_supported(esw))
goto out;
flow_group_in = kvzalloc(inlen, GFP_KERNEL);
if (!flow_group_in) {
ret = -ENOMEM;
goto fwd_grp_err;
}
/* This group holds 1 FTE to forward all packets to other vport
* when bond vports is supported.
*/
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, flow_index);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, flow_index);
fwd_grp = mlx5_create_flow_group(vport->egress.acl, flow_group_in);
if (IS_ERR(fwd_grp)) {
ret = PTR_ERR(fwd_grp);
esw_warn(esw->dev,
"Failed to create vport[%d] egress fwd2vport flow group, err(%d)\n",
vport->vport, ret);
kvfree(flow_group_in);
goto fwd_grp_err;
}
vport->egress.offloads.fwd_grp = fwd_grp;
kvfree(flow_group_in);
return 0;
fwd_grp_err:
esw_acl_egress_vlan_grp_destroy(vport);
out:
return ret;
}
static void esw_acl_egress_ofld_groups_destroy(struct mlx5_vport *vport)
{
if (!IS_ERR_OR_NULL(vport->egress.offloads.fwd_grp)) {
mlx5_destroy_flow_group(vport->egress.offloads.fwd_grp);
vport->egress.offloads.fwd_grp = NULL;
}
esw_acl_egress_vlan_grp_destroy(vport);
}
int esw_acl_egress_ofld_setup(struct mlx5_eswitch *esw, struct mlx5_vport *vport)
{
int table_size = 0;
int err;
if (!mlx5_esw_acl_egress_fwd2vport_supported(esw) &&
!MLX5_CAP_GEN(esw->dev, prio_tag_required))
return 0;
esw_acl_egress_ofld_rules_destroy(vport);
if (mlx5_esw_acl_egress_fwd2vport_supported(esw))
table_size++;
if (MLX5_CAP_GEN(esw->dev, prio_tag_required))
table_size++;
vport->egress.acl = esw_acl_table_create(esw, vport->vport,
MLX5_FLOW_NAMESPACE_ESW_EGRESS, table_size);
if (IS_ERR_OR_NULL(vport->egress.acl)) {
err = PTR_ERR(vport->egress.acl);
vport->egress.acl = NULL;
return err;
}
err = esw_acl_egress_ofld_groups_create(esw, vport);
if (err)
goto group_err;
esw_debug(esw->dev, "vport[%d] configure egress rules\n", vport->vport);
err = esw_acl_egress_ofld_rules_create(esw, vport, NULL);
if (err)
goto rules_err;
return 0;
rules_err:
esw_acl_egress_ofld_groups_destroy(vport);
group_err:
esw_acl_egress_table_destroy(vport);
return err;
}
void esw_acl_egress_ofld_cleanup(struct mlx5_vport *vport)
{
esw_acl_egress_ofld_rules_destroy(vport);
esw_acl_egress_ofld_groups_destroy(vport);
esw_acl_egress_table_destroy(vport);
}
int mlx5_esw_acl_egress_vport_bond(struct mlx5_eswitch *esw, u16 active_vport_num,
u16 passive_vport_num)
{
struct mlx5_vport *passive_vport = mlx5_eswitch_get_vport(esw, passive_vport_num);
struct mlx5_vport *active_vport = mlx5_eswitch_get_vport(esw, active_vport_num);
struct mlx5_flow_destination fwd_dest = {};
if (IS_ERR(active_vport))
return PTR_ERR(active_vport);
if (IS_ERR(passive_vport))
return PTR_ERR(passive_vport);
/* Cleanup and recreate rules WITHOUT fwd2vport of active vport */
esw_acl_egress_ofld_rules_destroy(active_vport);
esw_acl_egress_ofld_rules_create(esw, active_vport, NULL);
/* Cleanup and recreate all rules + fwd2vport rule of passive vport to forward */
esw_acl_egress_ofld_rules_destroy(passive_vport);
fwd_dest.type = MLX5_FLOW_DESTINATION_TYPE_VPORT;
fwd_dest.vport.num = active_vport_num;
fwd_dest.vport.vhca_id = MLX5_CAP_GEN(esw->dev, vhca_id);
fwd_dest.vport.flags = MLX5_FLOW_DEST_VPORT_VHCA_ID;
return esw_acl_egress_ofld_rules_create(esw, passive_vport, &fwd_dest);
}
int mlx5_esw_acl_egress_vport_unbond(struct mlx5_eswitch *esw, u16 vport_num)
{
struct mlx5_vport *vport = mlx5_eswitch_get_vport(esw, vport_num);
if (IS_ERR(vport))
return PTR_ERR(vport);
esw_acl_egress_ofld_rules_destroy(vport);
return esw_acl_egress_ofld_rules_create(esw, vport, NULL);
}

160
drivers/net/ethernet/mellanox/mlx5/core/esw/acl/helper.c Normal file
View File

@ -0,0 +1,160 @@
// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
/* Copyright (c) 2020 Mellanox Technologies Inc. All rights reserved. */
#include "mlx5_core.h"
#include "eswitch.h"
#include "helper.h"
struct mlx5_flow_table *
esw_acl_table_create(struct mlx5_eswitch *esw, u16 vport_num, int ns, int size)
{
struct mlx5_core_dev *dev = esw->dev;
struct mlx5_flow_namespace *root_ns;
struct mlx5_flow_table *acl;
int acl_supported;
int vport_index;
int err;
acl_supported = (ns == MLX5_FLOW_NAMESPACE_ESW_INGRESS) ?
MLX5_CAP_ESW_INGRESS_ACL(dev, ft_support) :
MLX5_CAP_ESW_EGRESS_ACL(dev, ft_support);
if (!acl_supported)
return ERR_PTR(-EOPNOTSUPP);
esw_debug(dev, "Create vport[%d] %s ACL table\n", vport_num,
ns == MLX5_FLOW_NAMESPACE_ESW_INGRESS ? "ingress" : "egress");
vport_index = mlx5_eswitch_vport_num_to_index(esw, vport_num);
root_ns = mlx5_get_flow_vport_acl_namespace(dev, ns, vport_index);
if (!root_ns) {
esw_warn(dev, "Failed to get E-Switch root namespace for vport (%d)\n",
vport_num);
return ERR_PTR(-EOPNOTSUPP);
}
acl = mlx5_create_vport_flow_table(root_ns, 0, size, 0, vport_num);
if (IS_ERR(acl)) {
err = PTR_ERR(acl);
esw_warn(dev, "vport[%d] create %s ACL table, err(%d)\n", vport_num,
ns == MLX5_FLOW_NAMESPACE_ESW_INGRESS ? "ingress" : "egress", err);
}
return acl;
}
int esw_egress_acl_vlan_create(struct mlx5_eswitch *esw,
struct mlx5_vport *vport,
struct mlx5_flow_destination *fwd_dest,
u16 vlan_id, u32 flow_action)
{
struct mlx5_flow_act flow_act = {};
struct mlx5_flow_spec *spec;
int err = 0;
if (vport->egress.allowed_vlan)
return -EEXIST;
spec = kvzalloc(sizeof(*spec), GFP_KERNEL);
if (!spec)
return -ENOMEM;
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.cvlan_tag);
MLX5_SET_TO_ONES(fte_match_param, spec->match_value, outer_headers.cvlan_tag);
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.first_vid);
MLX5_SET(fte_match_param, spec->match_value, outer_headers.first_vid, vlan_id);
spec->match_criteria_enable = MLX5_MATCH_OUTER_HEADERS;
flow_act.action = flow_action;
vport->egress.allowed_vlan =
mlx5_add_flow_rules(vport->egress.acl, spec,
&flow_act, fwd_dest, 0);
if (IS_ERR(vport->egress.allowed_vlan)) {
err = PTR_ERR(vport->egress.allowed_vlan);
esw_warn(esw->dev,
"vport[%d] configure egress vlan rule failed, err(%d)\n",
vport->vport, err);
vport->egress.allowed_vlan = NULL;
}
kvfree(spec);
return err;
}
void esw_acl_egress_vlan_destroy(struct mlx5_vport *vport)
{
if (!IS_ERR_OR_NULL(vport->egress.allowed_vlan)) {
mlx5_del_flow_rules(vport->egress.allowed_vlan);
vport->egress.allowed_vlan = NULL;
}
}
int esw_acl_egress_vlan_grp_create(struct mlx5_eswitch *esw, struct mlx5_vport *vport)
{
int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
struct mlx5_flow_group *vlan_grp;
void *match_criteria;
u32 *flow_group_in;
int ret = 0;
flow_group_in = kvzalloc(inlen, GFP_KERNEL);
if (!flow_group_in)
return -ENOMEM;
MLX5_SET(create_flow_group_in, flow_group_in,
match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
match_criteria = MLX5_ADDR_OF(create_flow_group_in,
flow_group_in, match_criteria);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.cvlan_tag);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.first_vid);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 0);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 0);
vlan_grp = mlx5_create_flow_group(vport->egress.acl, flow_group_in);
if (IS_ERR(vlan_grp)) {
ret = PTR_ERR(vlan_grp);
esw_warn(esw->dev,
"Failed to create E-Switch vport[%d] egress pop vlans flow group, err(%d)\n",
vport->vport, ret);
goto out;
}
vport->egress.vlan_grp = vlan_grp;
out:
kvfree(flow_group_in);
return ret;
}
void esw_acl_egress_vlan_grp_destroy(struct mlx5_vport *vport)
{
if (!IS_ERR_OR_NULL(vport->egress.vlan_grp)) {
mlx5_destroy_flow_group(vport->egress.vlan_grp);
vport->egress.vlan_grp = NULL;
}
}
void esw_acl_egress_table_destroy(struct mlx5_vport *vport)
{
if (IS_ERR_OR_NULL(vport->egress.acl))
return;
mlx5_destroy_flow_table(vport->egress.acl);
vport->egress.acl = NULL;
}
void esw_acl_ingress_table_destroy(struct mlx5_vport *vport)
{
if (!vport->ingress.acl)
return;
mlx5_destroy_flow_table(vport->ingress.acl);
vport->ingress.acl = NULL;
}
void esw_acl_ingress_allow_rule_destroy(struct mlx5_vport *vport)
{
if (!vport->ingress.allow_rule)
return;
mlx5_del_flow_rules(vport->ingress.allow_rule);
vport->ingress.allow_rule = NULL;
}

26
drivers/net/ethernet/mellanox/mlx5/core/esw/acl/helper.h Normal file
View File

@ -0,0 +1,26 @@
/* SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB */
/* Copyright (c) 2020 Mellanox Technologies Inc. All rights reserved. */
#ifndef __MLX5_ESWITCH_ACL_HELPER_H__
#define __MLX5_ESWITCH_ACL_HELPER_H__
#include "eswitch.h"
/* General acl helper functions */
struct mlx5_flow_table *
esw_acl_table_create(struct mlx5_eswitch *esw, u16 vport_num, int ns, int size);
/* Egress acl helper functions */
void esw_acl_egress_table_destroy(struct mlx5_vport *vport);
int esw_egress_acl_vlan_create(struct mlx5_eswitch *esw, struct mlx5_vport *vport,
struct mlx5_flow_destination *fwd_dest,
u16 vlan_id, u32 flow_action);
void esw_acl_egress_vlan_destroy(struct mlx5_vport *vport);
int esw_acl_egress_vlan_grp_create(struct mlx5_eswitch *esw, struct mlx5_vport *vport);
void esw_acl_egress_vlan_grp_destroy(struct mlx5_vport *vport);
/* Ingress acl helper functions */
void esw_acl_ingress_table_destroy(struct mlx5_vport *vport);
void esw_acl_ingress_allow_rule_destroy(struct mlx5_vport *vport);
#endif /* __MLX5_ESWITCH_ACL_HELPER_H__ */

279
drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_lgcy.c Normal file
View File

@ -0,0 +1,279 @@
// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
/* Copyright (c) 2020 Mellanox Technologies Inc. All rights reserved. */
#include "mlx5_core.h"
#include "eswitch.h"
#include "helper.h"
#include "lgcy.h"
static void esw_acl_ingress_lgcy_rules_destroy(struct mlx5_vport *vport)
{
if (vport->ingress.legacy.drop_rule) {
mlx5_del_flow_rules(vport->ingress.legacy.drop_rule);
vport->ingress.legacy.drop_rule = NULL;
}
esw_acl_ingress_allow_rule_destroy(vport);
}
static int esw_acl_ingress_lgcy_groups_create(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
struct mlx5_core_dev *dev = esw->dev;
struct mlx5_flow_group *g;
void *match_criteria;
u32 *flow_group_in;
int err;
flow_group_in = kvzalloc(inlen, GFP_KERNEL);
if (!flow_group_in)
return -ENOMEM;
match_criteria = MLX5_ADDR_OF(create_flow_group_in, flow_group_in, match_criteria);
MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable,
MLX5_MATCH_OUTER_HEADERS);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.cvlan_tag);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_47_16);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_15_0);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 0);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 0);
g = mlx5_create_flow_group(vport->ingress.acl, flow_group_in);
if (IS_ERR(g)) {
err = PTR_ERR(g);
esw_warn(dev, "vport[%d] ingress create untagged spoofchk flow group, err(%d)\n",
vport->vport, err);
goto spoof_err;
}
vport->ingress.legacy.allow_untagged_spoofchk_grp = g;
memset(flow_group_in, 0, inlen);
MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable,
MLX5_MATCH_OUTER_HEADERS);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.cvlan_tag);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 1);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 1);
g = mlx5_create_flow_group(vport->ingress.acl, flow_group_in);
if (IS_ERR(g)) {
err = PTR_ERR(g);
esw_warn(dev, "vport[%d] ingress create untagged flow group, err(%d)\n",
vport->vport, err);
goto untagged_err;
}
vport->ingress.legacy.allow_untagged_only_grp = g;
memset(flow_group_in, 0, inlen);
MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable,
MLX5_MATCH_OUTER_HEADERS);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_47_16);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_15_0);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 2);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 2);
g = mlx5_create_flow_group(vport->ingress.acl, flow_group_in);
if (IS_ERR(g)) {
err = PTR_ERR(g);
esw_warn(dev, "vport[%d] ingress create spoofchk flow group, err(%d)\n",
vport->vport, err);
goto allow_spoof_err;
}
vport->ingress.legacy.allow_spoofchk_only_grp = g;
memset(flow_group_in, 0, inlen);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 3);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 3);
g = mlx5_create_flow_group(vport->ingress.acl, flow_group_in);
if (IS_ERR(g)) {
err = PTR_ERR(g);
esw_warn(dev, "vport[%d] ingress create drop flow group, err(%d)\n",
vport->vport, err);
goto drop_err;
}
vport->ingress.legacy.drop_grp = g;
kvfree(flow_group_in);
return 0;
drop_err:
if (!IS_ERR_OR_NULL(vport->ingress.legacy.allow_spoofchk_only_grp)) {
mlx5_destroy_flow_group(vport->ingress.legacy.allow_spoofchk_only_grp);
vport->ingress.legacy.allow_spoofchk_only_grp = NULL;
}
allow_spoof_err:
if (!IS_ERR_OR_NULL(vport->ingress.legacy.allow_untagged_only_grp)) {
mlx5_destroy_flow_group(vport->ingress.legacy.allow_untagged_only_grp);
vport->ingress.legacy.allow_untagged_only_grp = NULL;
}
untagged_err:
if (!IS_ERR_OR_NULL(vport->ingress.legacy.allow_untagged_spoofchk_grp)) {
mlx5_destroy_flow_group(vport->ingress.legacy.allow_untagged_spoofchk_grp);
vport->ingress.legacy.allow_untagged_spoofchk_grp = NULL;
}
spoof_err:
kvfree(flow_group_in);
return err;
}
static void esw_acl_ingress_lgcy_groups_destroy(struct mlx5_vport *vport)
{
if (vport->ingress.legacy.allow_spoofchk_only_grp) {
mlx5_destroy_flow_group(vport->ingress.legacy.allow_spoofchk_only_grp);
vport->ingress.legacy.allow_spoofchk_only_grp = NULL;
}
if (vport->ingress.legacy.allow_untagged_only_grp) {
mlx5_destroy_flow_group(vport->ingress.legacy.allow_untagged_only_grp);
vport->ingress.legacy.allow_untagged_only_grp = NULL;
}
if (vport->ingress.legacy.allow_untagged_spoofchk_grp) {
mlx5_destroy_flow_group(vport->ingress.legacy.allow_untagged_spoofchk_grp);
vport->ingress.legacy.allow_untagged_spoofchk_grp = NULL;
}
if (vport->ingress.legacy.drop_grp) {
mlx5_destroy_flow_group(vport->ingress.legacy.drop_grp);
vport->ingress.legacy.drop_grp = NULL;
}
}
int esw_acl_ingress_lgcy_setup(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
struct mlx5_flow_destination drop_ctr_dst = {};
struct mlx5_flow_destination *dst = NULL;
struct mlx5_flow_act flow_act = {};
struct mlx5_flow_spec *spec = NULL;
struct mlx5_fc *counter = NULL;
/* The ingress acl table contains 4 groups
* (2 active rules at the same time -
* 1 allow rule from one of the first 3 groups.
* 1 drop rule from the last group):
* 1)Allow untagged traffic with smac=original mac.
* 2)Allow untagged traffic.
* 3)Allow traffic with smac=original mac.
* 4)Drop all other traffic.
*/
int table_size = 4;
int dest_num = 0;
int err = 0;
u8 *smac_v;
esw_acl_ingress_lgcy_rules_destroy(vport);
if (MLX5_CAP_ESW_INGRESS_ACL(esw->dev, flow_counter)) {
counter = mlx5_fc_create(esw->dev, false);
if (IS_ERR(counter))
esw_warn(esw->dev,
"vport[%d] configure ingress drop rule counter failed\n",
vport->vport);
vport->ingress.legacy.drop_counter = counter;
}
if (!vport->info.vlan && !vport->info.qos && !vport->info.spoofchk) {
esw_acl_ingress_lgcy_cleanup(esw, vport);
return 0;
}
if (!vport->ingress.acl) {
vport->ingress.acl = esw_acl_table_create(esw, vport->vport,
MLX5_FLOW_NAMESPACE_ESW_INGRESS,
table_size);
if (IS_ERR_OR_NULL(vport->ingress.acl)) {
err = PTR_ERR(vport->ingress.acl);
vport->ingress.acl = NULL;
return err;
}
err = esw_acl_ingress_lgcy_groups_create(esw, vport);
if (err)
goto out;
}
esw_debug(esw->dev,
"vport[%d] configure ingress rules, vlan(%d) qos(%d)\n",
vport->vport, vport->info.vlan, vport->info.qos);
spec = kvzalloc(sizeof(*spec), GFP_KERNEL);
if (!spec) {
err = -ENOMEM;
goto out;
}
if (vport->info.vlan || vport->info.qos)
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria,
outer_headers.cvlan_tag);
if (vport->info.spoofchk) {
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria,
outer_headers.smac_47_16);
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria,
outer_headers.smac_15_0);
smac_v = MLX5_ADDR_OF(fte_match_param,
spec->match_value,
outer_headers.smac_47_16);
ether_addr_copy(smac_v, vport->info.mac);
}
/* Create ingress allow rule */
memset(spec, 0, sizeof(*spec));
spec->match_criteria_enable = MLX5_MATCH_OUTER_HEADERS;
flow_act.action = MLX5_FLOW_CONTEXT_ACTION_ALLOW;
vport->ingress.allow_rule = mlx5_add_flow_rules(vport->ingress.acl, spec,
&flow_act, NULL, 0);
if (IS_ERR(vport->ingress.allow_rule)) {
err = PTR_ERR(vport->ingress.allow_rule);
esw_warn(esw->dev,
"vport[%d] configure ingress allow rule, err(%d)\n",
vport->vport, err);
vport->ingress.allow_rule = NULL;
goto out;
}
memset(&flow_act, 0, sizeof(flow_act));
flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP;
/* Attach drop flow counter */
if (counter) {
flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_COUNT;
drop_ctr_dst.type = MLX5_FLOW_DESTINATION_TYPE_COUNTER;
drop_ctr_dst.counter_id = mlx5_fc_id(counter);
dst = &drop_ctr_dst;
dest_num++;
}
vport->ingress.legacy.drop_rule =
mlx5_add_flow_rules(vport->ingress.acl, NULL,
&flow_act, dst, dest_num);
if (IS_ERR(vport->ingress.legacy.drop_rule)) {
err = PTR_ERR(vport->ingress.legacy.drop_rule);
esw_warn(esw->dev,
"vport[%d] configure ingress drop rule, err(%d)\n",
vport->vport, err);
vport->ingress.legacy.drop_rule = NULL;
goto out;
}
kvfree(spec);
return 0;
out:
esw_acl_ingress_lgcy_cleanup(esw, vport);
kvfree(spec);
return err;
}
void esw_acl_ingress_lgcy_cleanup(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
if (IS_ERR_OR_NULL(vport->ingress.acl))
goto clean_drop_counter;
esw_debug(esw->dev, "Destroy vport[%d] E-Switch ingress ACL\n", vport->vport);
esw_acl_ingress_lgcy_rules_destroy(vport);
esw_acl_ingress_lgcy_groups_destroy(vport);
esw_acl_ingress_table_destroy(vport);
clean_drop_counter:
if (!IS_ERR_OR_NULL(vport->ingress.legacy.drop_counter)) {
mlx5_fc_destroy(esw->dev, vport->ingress.legacy.drop_counter);
vport->ingress.legacy.drop_counter = NULL;
}
}

322
drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c Normal file
View File

@ -0,0 +1,322 @@
// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
/* Copyright (c) 2020 Mellanox Technologies Inc. All rights reserved. */
#include "mlx5_core.h"
#include "eswitch.h"
#include "helper.h"
#include "ofld.h"
static bool
esw_acl_ingress_prio_tag_enabled(const struct mlx5_eswitch *esw,
const struct mlx5_vport *vport)
{
return (MLX5_CAP_GEN(esw->dev, prio_tag_required) &&
mlx5_eswitch_is_vf_vport(esw, vport->vport));
}
static int esw_acl_ingress_prio_tag_create(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
struct mlx5_flow_act flow_act = {};
struct mlx5_flow_spec *spec;
int err = 0;
/* For prio tag mode, there is only 1 FTEs:
* 1) Untagged packets - push prio tag VLAN and modify metadata if
* required, allow
* Unmatched traffic is allowed by default
*/
spec = kvzalloc(sizeof(*spec), GFP_KERNEL);
if (!spec)
return -ENOMEM;
/* Untagged packets - push prio tag VLAN, allow */
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.cvlan_tag);
MLX5_SET(fte_match_param, spec->match_value, outer_headers.cvlan_tag, 0);
spec->match_criteria_enable = MLX5_MATCH_OUTER_HEADERS;
flow_act.action = MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH |
MLX5_FLOW_CONTEXT_ACTION_ALLOW;
flow_act.vlan[0].ethtype = ETH_P_8021Q;
flow_act.vlan[0].vid = 0;
flow_act.vlan[0].prio = 0;
if (vport->ingress.offloads.modify_metadata_rule) {
flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_MOD_HDR;
flow_act.modify_hdr = vport->ingress.offloads.modify_metadata;
}
vport->ingress.allow_rule = mlx5_add_flow_rules(vport->ingress.acl, spec,
&flow_act, NULL, 0);
if (IS_ERR(vport->ingress.allow_rule)) {
err = PTR_ERR(vport->ingress.allow_rule);
esw_warn(esw->dev,
"vport[%d] configure ingress untagged allow rule, err(%d)\n",
vport->vport, err);
vport->ingress.allow_rule = NULL;
}
kvfree(spec);
return err;
}
static int esw_acl_ingress_mod_metadata_create(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
u8 action[MLX5_UN_SZ_BYTES(set_add_copy_action_in_auto)] = {};
struct mlx5_flow_act flow_act = {};
int err = 0;
u32 key;
key = mlx5_eswitch_get_vport_metadata_for_match(esw, vport->vport);
key >>= ESW_SOURCE_PORT_METADATA_OFFSET;
MLX5_SET(set_action_in, action, action_type, MLX5_ACTION_TYPE_SET);
MLX5_SET(set_action_in, action, field,
MLX5_ACTION_IN_FIELD_METADATA_REG_C_0);
MLX5_SET(set_action_in, action, data, key);
MLX5_SET(set_action_in, action, offset,
ESW_SOURCE_PORT_METADATA_OFFSET);
MLX5_SET(set_action_in, action, length,
ESW_SOURCE_PORT_METADATA_BITS);
vport->ingress.offloads.modify_metadata =
mlx5_modify_header_alloc(esw->dev, MLX5_FLOW_NAMESPACE_ESW_INGRESS,
1, action);
if (IS_ERR(vport->ingress.offloads.modify_metadata)) {
err = PTR_ERR(vport->ingress.offloads.modify_metadata);
esw_warn(esw->dev,
"failed to alloc modify header for vport %d ingress acl (%d)\n",
vport->vport, err);
return err;
}
flow_act.action = MLX5_FLOW_CONTEXT_ACTION_MOD_HDR | MLX5_FLOW_CONTEXT_ACTION_ALLOW;
flow_act.modify_hdr = vport->ingress.offloads.modify_metadata;
vport->ingress.offloads.modify_metadata_rule =
mlx5_add_flow_rules(vport->ingress.acl,
NULL, &flow_act, NULL, 0);
if (IS_ERR(vport->ingress.offloads.modify_metadata_rule)) {
err = PTR_ERR(vport->ingress.offloads.modify_metadata_rule);
esw_warn(esw->dev,
"failed to add setting metadata rule for vport %d ingress acl, err(%d)\n",
vport->vport, err);
mlx5_modify_header_dealloc(esw->dev, vport->ingress.offloads.modify_metadata);
vport->ingress.offloads.modify_metadata_rule = NULL;
}
return err;
}
static void esw_acl_ingress_mod_metadata_destroy(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
if (!vport->ingress.offloads.modify_metadata_rule)
return;
mlx5_del_flow_rules(vport->ingress.offloads.modify_metadata_rule);
mlx5_modify_header_dealloc(esw->dev, vport->ingress.offloads.modify_metadata);
vport->ingress.offloads.modify_metadata_rule = NULL;
}
static int esw_acl_ingress_ofld_rules_create(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
int err;
if (mlx5_eswitch_vport_match_metadata_enabled(esw)) {
err = esw_acl_ingress_mod_metadata_create(esw, vport);
if (err) {
esw_warn(esw->dev,
"vport(%d) create ingress modify metadata, err(%d)\n",
vport->vport, err);
return err;
}
}
if (esw_acl_ingress_prio_tag_enabled(esw, vport)) {
err = esw_acl_ingress_prio_tag_create(esw, vport);
if (err) {
esw_warn(esw->dev,
"vport(%d) create ingress prio tag rule, err(%d)\n",
vport->vport, err);
goto prio_tag_err;
}
}
return 0;
prio_tag_err:
esw_acl_ingress_mod_metadata_destroy(esw, vport);
return err;
}
static void esw_acl_ingress_ofld_rules_destroy(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
esw_acl_ingress_allow_rule_destroy(vport);
esw_acl_ingress_mod_metadata_destroy(esw, vport);
}
static int esw_acl_ingress_ofld_groups_create(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
struct mlx5_flow_group *g;
void *match_criteria;
u32 *flow_group_in;
u32 flow_index = 0;
int ret = 0;
flow_group_in = kvzalloc(inlen, GFP_KERNEL);
if (!flow_group_in)
return -ENOMEM;
if (esw_acl_ingress_prio_tag_enabled(esw, vport)) {
/* This group is to hold FTE to match untagged packets when prio_tag
* is enabled.
*/
match_criteria = MLX5_ADDR_OF(create_flow_group_in,
flow_group_in, match_criteria);
MLX5_SET(create_flow_group_in, flow_group_in,
match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.cvlan_tag);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, flow_index);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, flow_index);
g = mlx5_create_flow_group(vport->ingress.acl, flow_group_in);
if (IS_ERR(g)) {
ret = PTR_ERR(g);
esw_warn(esw->dev, "vport[%d] ingress create untagged flow group, err(%d)\n",
vport->vport, ret);
goto prio_tag_err;
}
vport->ingress.offloads.metadata_prio_tag_grp = g;
flow_index++;
}
if (mlx5_eswitch_vport_match_metadata_enabled(esw)) {
/* This group holds an FTE with no match to add metadata for
* tagged packets if prio-tag is enabled, or for all untagged
* traffic in case prio-tag is disabled.
*/
memset(flow_group_in, 0, inlen);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, flow_index);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, flow_index);
g = mlx5_create_flow_group(vport->ingress.acl, flow_group_in);
if (IS_ERR(g)) {
ret = PTR_ERR(g);
esw_warn(esw->dev, "vport[%d] ingress create drop flow group, err(%d)\n",
vport->vport, ret);
goto metadata_err;
}
vport->ingress.offloads.metadata_allmatch_grp = g;
}
kvfree(flow_group_in);
return 0;
metadata_err:
if (!IS_ERR_OR_NULL(vport->ingress.offloads.metadata_prio_tag_grp)) {
mlx5_destroy_flow_group(vport->ingress.offloads.metadata_prio_tag_grp);
vport->ingress.offloads.metadata_prio_tag_grp = NULL;
}
prio_tag_err:
kvfree(flow_group_in);
return ret;
}
static void esw_acl_ingress_ofld_groups_destroy(struct mlx5_vport *vport)
{
if (vport->ingress.offloads.metadata_allmatch_grp) {
mlx5_destroy_flow_group(vport->ingress.offloads.metadata_allmatch_grp);
vport->ingress.offloads.metadata_allmatch_grp = NULL;
}
if (vport->ingress.offloads.metadata_prio_tag_grp) {
mlx5_destroy_flow_group(vport->ingress.offloads.metadata_prio_tag_grp);
vport->ingress.offloads.metadata_prio_tag_grp = NULL;
}
}
int esw_acl_ingress_ofld_setup(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
int num_ftes = 0;
int err;
if (!mlx5_eswitch_vport_match_metadata_enabled(esw) &&
!esw_acl_ingress_prio_tag_enabled(esw, vport))
return 0;
esw_acl_ingress_allow_rule_destroy(vport);
if (mlx5_eswitch_vport_match_metadata_enabled(esw))
num_ftes++;
if (esw_acl_ingress_prio_tag_enabled(esw, vport))
num_ftes++;
vport->ingress.acl = esw_acl_table_create(esw, vport->vport,
MLX5_FLOW_NAMESPACE_ESW_INGRESS,
num_ftes);
if (IS_ERR_OR_NULL(vport->ingress.acl)) {
err = PTR_ERR(vport->ingress.acl);
vport->ingress.acl = NULL;
return err;
}
err = esw_acl_ingress_ofld_groups_create(esw, vport);
if (err)
goto group_err;
esw_debug(esw->dev,
"vport[%d] configure ingress rules\n", vport->vport);
err = esw_acl_ingress_ofld_rules_create(esw, vport);
if (err)
goto rules_err;
return 0;
rules_err:
esw_acl_ingress_ofld_groups_destroy(vport);
group_err:
esw_acl_ingress_table_destroy(vport);
return err;
}
void esw_acl_ingress_ofld_cleanup(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
esw_acl_ingress_ofld_rules_destroy(esw, vport);
esw_acl_ingress_ofld_groups_destroy(vport);
esw_acl_ingress_table_destroy(vport);
}
/* Caller must hold rtnl_lock */
int mlx5_esw_acl_ingress_vport_bond_update(struct mlx5_eswitch *esw, u16 vport_num,
u32 metadata)
{
struct mlx5_vport *vport = mlx5_eswitch_get_vport(esw, vport_num);
int err;
if (WARN_ON_ONCE(IS_ERR(vport))) {
esw_warn(esw->dev, "vport(%d) invalid!\n", vport_num);
err = PTR_ERR(vport);
goto out;
}
esw_acl_ingress_ofld_rules_destroy(esw, vport);
vport->metadata = metadata ? metadata : vport->default_metadata;
/* Recreate ingress acl rules with vport->metadata */
err = esw_acl_ingress_ofld_rules_create(esw, vport);
if (err)
goto out;
return 0;
out:
vport->metadata = vport->default_metadata;
return err;
}

17
drivers/net/ethernet/mellanox/mlx5/core/esw/acl/lgcy.h Normal file
View File

@ -0,0 +1,17 @@
/* SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB */
/* Copyright (c) 2020 Mellanox Technologies Inc. All rights reserved. */
#ifndef __MLX5_ESWITCH_ACL_LGCY_H__
#define __MLX5_ESWITCH_ACL_LGCY_H__
#include "eswitch.h"
/* Eswitch acl egress external APIs */
int esw_acl_egress_lgcy_setup(struct mlx5_eswitch *esw, struct mlx5_vport *vport);
void esw_acl_egress_lgcy_cleanup(struct mlx5_eswitch *esw, struct mlx5_vport *vport);
/* Eswitch acl ingress external APIs */
int esw_acl_ingress_lgcy_setup(struct mlx5_eswitch *esw, struct mlx5_vport *vport);
void esw_acl_ingress_lgcy_cleanup(struct mlx5_eswitch *esw, struct mlx5_vport *vport);
#endif /* __MLX5_ESWITCH_ACL_LGCY_H__ */

29
drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ofld.h Normal file
View File

@ -0,0 +1,29 @@
/* SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB */
/* Copyright (c) 2020 Mellanox Technologies Inc. All rights reserved. */
#ifndef __MLX5_ESWITCH_ACL_OFLD_H__
#define __MLX5_ESWITCH_ACL_OFLD_H__
#include "eswitch.h"
/* Eswitch acl egress external APIs */
int esw_acl_egress_ofld_setup(struct mlx5_eswitch *esw, struct mlx5_vport *vport);
void esw_acl_egress_ofld_cleanup(struct mlx5_vport *vport);
int mlx5_esw_acl_egress_vport_bond(struct mlx5_eswitch *esw, u16 active_vport_num,
u16 passive_vport_num);
int mlx5_esw_acl_egress_vport_unbond(struct mlx5_eswitch *esw, u16 vport_num);
static inline bool mlx5_esw_acl_egress_fwd2vport_supported(struct mlx5_eswitch *esw)
{
return esw && esw->mode == MLX5_ESWITCH_OFFLOADS &&
mlx5_eswitch_vport_match_metadata_enabled(esw) &&
MLX5_CAP_ESW_FLOWTABLE(esw->dev, egress_acl_forward_to_vport);
}
/* Eswitch acl ingress external APIs */
int esw_acl_ingress_ofld_setup(struct mlx5_eswitch *esw, struct mlx5_vport *vport);
void esw_acl_ingress_ofld_cleanup(struct mlx5_eswitch *esw, struct mlx5_vport *vport);
int mlx5_esw_acl_ingress_vport_bond_update(struct mlx5_eswitch *esw, u16 vport_num,
u32 metadata);
#endif /* __MLX5_ESWITCH_ACL_OFLD_H__ */

559
drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
View File

@ -35,6 +35,7 @@
#include <linux/mlx5/mlx5_ifc.h>
#include <linux/mlx5/vport.h>
#include <linux/mlx5/fs.h>
#include "esw/acl/lgcy.h"
#include "mlx5_core.h"
#include "lib/eq.h"
#include "eswitch.h"
@ -936,512 +937,6 @@ static void esw_vport_change_handler(struct work_struct *work)
mutex_unlock(&esw->state_lock);
}
int esw_vport_enable_egress_acl(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
struct mlx5_flow_group *vlan_grp = NULL;
struct mlx5_flow_group *drop_grp = NULL;
struct mlx5_core_dev *dev = esw->dev;
struct mlx5_flow_namespace *root_ns;
struct mlx5_flow_table *acl;
void *match_criteria;
u32 *flow_group_in;
/* The egress acl table contains 2 rules:
* 1)Allow traffic with vlan_tag=vst_vlan_id
* 2)Drop all other traffic.
*/
int table_size = 2;
int err = 0;
if (!MLX5_CAP_ESW_EGRESS_ACL(dev, ft_support))
return -EOPNOTSUPP;
if (!IS_ERR_OR_NULL(vport->egress.acl))
return 0;
esw_debug(dev, "Create vport[%d] egress ACL log_max_size(%d)\n",
vport->vport, MLX5_CAP_ESW_EGRESS_ACL(dev, log_max_ft_size));
root_ns = mlx5_get_flow_vport_acl_namespace(dev, MLX5_FLOW_NAMESPACE_ESW_EGRESS,
mlx5_eswitch_vport_num_to_index(esw, vport->vport));
if (!root_ns) {
esw_warn(dev, "Failed to get E-Switch egress flow namespace for vport (%d)\n", vport->vport);
return -EOPNOTSUPP;
}
flow_group_in = kvzalloc(inlen, GFP_KERNEL);
if (!flow_group_in)
return -ENOMEM;
acl = mlx5_create_vport_flow_table(root_ns, 0, table_size, 0, vport->vport);
if (IS_ERR(acl)) {
err = PTR_ERR(acl);
esw_warn(dev, "Failed to create E-Switch vport[%d] egress flow Table, err(%d)\n",
vport->vport, err);
goto out;
}
MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
match_criteria = MLX5_ADDR_OF(create_flow_group_in, flow_group_in, match_criteria);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.cvlan_tag);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.first_vid);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 0);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 0);
vlan_grp = mlx5_create_flow_group(acl, flow_group_in);
if (IS_ERR(vlan_grp)) {
err = PTR_ERR(vlan_grp);
esw_warn(dev, "Failed to create E-Switch vport[%d] egress allowed vlans flow group, err(%d)\n",
vport->vport, err);
goto out;
}
memset(flow_group_in, 0, inlen);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 1);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 1);
drop_grp = mlx5_create_flow_group(acl, flow_group_in);
if (IS_ERR(drop_grp)) {
err = PTR_ERR(drop_grp);
esw_warn(dev, "Failed to create E-Switch vport[%d] egress drop flow group, err(%d)\n",
vport->vport, err);
goto out;
}
vport->egress.acl = acl;
vport->egress.drop_grp = drop_grp;
vport->egress.allowed_vlans_grp = vlan_grp;
out:
kvfree(flow_group_in);
if (err && !IS_ERR_OR_NULL(vlan_grp))
mlx5_destroy_flow_group(vlan_grp);
if (err && !IS_ERR_OR_NULL(acl))
mlx5_destroy_flow_table(acl);
return err;
}
void esw_vport_cleanup_egress_rules(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
if (!IS_ERR_OR_NULL(vport->egress.allowed_vlan)) {
mlx5_del_flow_rules(vport->egress.allowed_vlan);
vport->egress.allowed_vlan = NULL;
}
if (!IS_ERR_OR_NULL(vport->egress.legacy.drop_rule)) {
mlx5_del_flow_rules(vport->egress.legacy.drop_rule);
vport->egress.legacy.drop_rule = NULL;
}
}
void esw_vport_disable_egress_acl(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
if (IS_ERR_OR_NULL(vport->egress.acl))
return;
esw_debug(esw->dev, "Destroy vport[%d] E-Switch egress ACL\n", vport->vport);
esw_vport_cleanup_egress_rules(esw, vport);
mlx5_destroy_flow_group(vport->egress.allowed_vlans_grp);
mlx5_destroy_flow_group(vport->egress.drop_grp);
mlx5_destroy_flow_table(vport->egress.acl);
vport->egress.allowed_vlans_grp = NULL;
vport->egress.drop_grp = NULL;
vport->egress.acl = NULL;
}
static int
esw_vport_create_legacy_ingress_acl_groups(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
struct mlx5_core_dev *dev = esw->dev;
struct mlx5_flow_group *g;
void *match_criteria;
u32 *flow_group_in;
int err;
flow_group_in = kvzalloc(inlen, GFP_KERNEL);
if (!flow_group_in)
return -ENOMEM;
match_criteria = MLX5_ADDR_OF(create_flow_group_in, flow_group_in, match_criteria);
MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.cvlan_tag);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_47_16);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_15_0);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 0);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 0);
g = mlx5_create_flow_group(vport->ingress.acl, flow_group_in);
if (IS_ERR(g)) {
err = PTR_ERR(g);
esw_warn(dev, "vport[%d] ingress create untagged spoofchk flow group, err(%d)\n",
vport->vport, err);
goto spoof_err;
}
vport->ingress.legacy.allow_untagged_spoofchk_grp = g;
memset(flow_group_in, 0, inlen);
MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.cvlan_tag);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 1);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 1);
g = mlx5_create_flow_group(vport->ingress.acl, flow_group_in);
if (IS_ERR(g)) {
err = PTR_ERR(g);
esw_warn(dev, "vport[%d] ingress create untagged flow group, err(%d)\n",
vport->vport, err);
goto untagged_err;
}
vport->ingress.legacy.allow_untagged_only_grp = g;
memset(flow_group_in, 0, inlen);
MLX5_SET(create_flow_group_in, flow_group_in, match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_47_16);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.smac_15_0);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 2);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 2);
g = mlx5_create_flow_group(vport->ingress.acl, flow_group_in);
if (IS_ERR(g)) {
err = PTR_ERR(g);
esw_warn(dev, "vport[%d] ingress create spoofchk flow group, err(%d)\n",
vport->vport, err);
goto allow_spoof_err;
}
vport->ingress.legacy.allow_spoofchk_only_grp = g;
memset(flow_group_in, 0, inlen);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, 3);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, 3);
g = mlx5_create_flow_group(vport->ingress.acl, flow_group_in);
if (IS_ERR(g)) {
err = PTR_ERR(g);
esw_warn(dev, "vport[%d] ingress create drop flow group, err(%d)\n",
vport->vport, err);
goto drop_err;
}
vport->ingress.legacy.drop_grp = g;
kvfree(flow_group_in);
return 0;
drop_err:
if (!IS_ERR_OR_NULL(vport->ingress.legacy.allow_spoofchk_only_grp)) {
mlx5_destroy_flow_group(vport->ingress.legacy.allow_spoofchk_only_grp);
vport->ingress.legacy.allow_spoofchk_only_grp = NULL;
}
allow_spoof_err:
if (!IS_ERR_OR_NULL(vport->ingress.legacy.allow_untagged_only_grp)) {
mlx5_destroy_flow_group(vport->ingress.legacy.allow_untagged_only_grp);
vport->ingress.legacy.allow_untagged_only_grp = NULL;
}
untagged_err:
if (!IS_ERR_OR_NULL(vport->ingress.legacy.allow_untagged_spoofchk_grp)) {
mlx5_destroy_flow_group(vport->ingress.legacy.allow_untagged_spoofchk_grp);
vport->ingress.legacy.allow_untagged_spoofchk_grp = NULL;
}
spoof_err:
kvfree(flow_group_in);
return err;
}
int esw_vport_create_ingress_acl_table(struct mlx5_eswitch *esw,
struct mlx5_vport *vport, int table_size)
{
struct mlx5_core_dev *dev = esw->dev;
struct mlx5_flow_namespace *root_ns;
struct mlx5_flow_table *acl;
int vport_index;
int err;
if (!MLX5_CAP_ESW_INGRESS_ACL(dev, ft_support))
return -EOPNOTSUPP;
esw_debug(dev, "Create vport[%d] ingress ACL log_max_size(%d)\n",
vport->vport, MLX5_CAP_ESW_INGRESS_ACL(dev, log_max_ft_size));
vport_index = mlx5_eswitch_vport_num_to_index(esw, vport->vport);
root_ns = mlx5_get_flow_vport_acl_namespace(dev, MLX5_FLOW_NAMESPACE_ESW_INGRESS,
vport_index);
if (!root_ns) {
esw_warn(dev, "Failed to get E-Switch ingress flow namespace for vport (%d)\n",
vport->vport);
return -EOPNOTSUPP;
}
acl = mlx5_create_vport_flow_table(root_ns, 0, table_size, 0, vport->vport);
if (IS_ERR(acl)) {
err = PTR_ERR(acl);
esw_warn(dev, "vport[%d] ingress create flow Table, err(%d)\n",
vport->vport, err);
return err;
}
vport->ingress.acl = acl;
return 0;
}
void esw_vport_destroy_ingress_acl_table(struct mlx5_vport *vport)
{
if (!vport->ingress.acl)
return;
mlx5_destroy_flow_table(vport->ingress.acl);
vport->ingress.acl = NULL;
}
void esw_vport_cleanup_ingress_rules(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
if (vport->ingress.legacy.drop_rule) {
mlx5_del_flow_rules(vport->ingress.legacy.drop_rule);
vport->ingress.legacy.drop_rule = NULL;
}
if (vport->ingress.allow_rule) {
mlx5_del_flow_rules(vport->ingress.allow_rule);
vport->ingress.allow_rule = NULL;
}
}
static void esw_vport_disable_legacy_ingress_acl(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
if (!vport->ingress.acl)
return;
esw_debug(esw->dev, "Destroy vport[%d] E-Switch ingress ACL\n", vport->vport);
esw_vport_cleanup_ingress_rules(esw, vport);
if (vport->ingress.legacy.allow_spoofchk_only_grp) {
mlx5_destroy_flow_group(vport->ingress.legacy.allow_spoofchk_only_grp);
vport->ingress.legacy.allow_spoofchk_only_grp = NULL;
}
if (vport->ingress.legacy.allow_untagged_only_grp) {
mlx5_destroy_flow_group(vport->ingress.legacy.allow_untagged_only_grp);
vport->ingress.legacy.allow_untagged_only_grp = NULL;
}
if (vport->ingress.legacy.allow_untagged_spoofchk_grp) {
mlx5_destroy_flow_group(vport->ingress.legacy.allow_untagged_spoofchk_grp);
vport->ingress.legacy.allow_untagged_spoofchk_grp = NULL;
}
if (vport->ingress.legacy.drop_grp) {
mlx5_destroy_flow_group(vport->ingress.legacy.drop_grp);
vport->ingress.legacy.drop_grp = NULL;
}
esw_vport_destroy_ingress_acl_table(vport);
}
static int esw_vport_ingress_config(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
struct mlx5_fc *counter = vport->ingress.legacy.drop_counter;
struct mlx5_flow_destination drop_ctr_dst = {0};
struct mlx5_flow_destination *dst = NULL;
struct mlx5_flow_act flow_act = {0};
struct mlx5_flow_spec *spec = NULL;
int dest_num = 0;
int err = 0;
u8 *smac_v;
/* The ingress acl table contains 4 groups
* (2 active rules at the same time -
* 1 allow rule from one of the first 3 groups.
* 1 drop rule from the last group):
* 1)Allow untagged traffic with smac=original mac.
* 2)Allow untagged traffic.
* 3)Allow traffic with smac=original mac.
* 4)Drop all other traffic.
*/
int table_size = 4;
esw_vport_cleanup_ingress_rules(esw, vport);
if (!vport->info.vlan && !vport->info.qos && !vport->info.spoofchk) {
esw_vport_disable_legacy_ingress_acl(esw, vport);
return 0;
}
if (!vport->ingress.acl) {
err = esw_vport_create_ingress_acl_table(esw, vport, table_size);
if (err) {
esw_warn(esw->dev,
"vport[%d] enable ingress acl err (%d)\n",
err, vport->vport);
return err;
}
err = esw_vport_create_legacy_ingress_acl_groups(esw, vport);
if (err)
goto out;
}
esw_debug(esw->dev,
"vport[%d] configure ingress rules, vlan(%d) qos(%d)\n",
vport->vport, vport->info.vlan, vport->info.qos);
spec = kvzalloc(sizeof(*spec), GFP_KERNEL);
if (!spec) {
err = -ENOMEM;
goto out;
}
if (vport->info.vlan || vport->info.qos)
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.cvlan_tag);
if (vport->info.spoofchk) {
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.smac_47_16);
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.smac_15_0);
smac_v = MLX5_ADDR_OF(fte_match_param,
spec->match_value,
outer_headers.smac_47_16);
ether_addr_copy(smac_v, vport->info.mac);
}
spec->match_criteria_enable = MLX5_MATCH_OUTER_HEADERS;
flow_act.action = MLX5_FLOW_CONTEXT_ACTION_ALLOW;
vport->ingress.allow_rule =
mlx5_add_flow_rules(vport->ingress.acl, spec,
&flow_act, NULL, 0);
if (IS_ERR(vport->ingress.allow_rule)) {
err = PTR_ERR(vport->ingress.allow_rule);
esw_warn(esw->dev,
"vport[%d] configure ingress allow rule, err(%d)\n",
vport->vport, err);
vport->ingress.allow_rule = NULL;
goto out;
}
flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP;
/* Attach drop flow counter */
if (counter) {
flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_COUNT;
drop_ctr_dst.type = MLX5_FLOW_DESTINATION_TYPE_COUNTER;
drop_ctr_dst.counter_id = mlx5_fc_id(counter);
dst = &drop_ctr_dst;
dest_num++;
}
vport->ingress.legacy.drop_rule =
mlx5_add_flow_rules(vport->ingress.acl, NULL,
&flow_act, dst, dest_num);
if (IS_ERR(vport->ingress.legacy.drop_rule)) {
err = PTR_ERR(vport->ingress.legacy.drop_rule);
esw_warn(esw->dev,
"vport[%d] configure ingress drop rule, err(%d)\n",
vport->vport, err);
vport->ingress.legacy.drop_rule = NULL;
goto out;
}
kvfree(spec);
return 0;
out:
esw_vport_disable_legacy_ingress_acl(esw, vport);
kvfree(spec);
return err;
}
int mlx5_esw_create_vport_egress_acl_vlan(struct mlx5_eswitch *esw,
struct mlx5_vport *vport,
u16 vlan_id, u32 flow_action)
{
struct mlx5_flow_act flow_act = {};
struct mlx5_flow_spec *spec;
int err = 0;
if (vport->egress.allowed_vlan)
return -EEXIST;
spec = kvzalloc(sizeof(*spec), GFP_KERNEL);
if (!spec)
return -ENOMEM;
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.cvlan_tag);
MLX5_SET_TO_ONES(fte_match_param, spec->match_value, outer_headers.cvlan_tag);
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.first_vid);
MLX5_SET(fte_match_param, spec->match_value, outer_headers.first_vid, vlan_id);
spec->match_criteria_enable = MLX5_MATCH_OUTER_HEADERS;
flow_act.action = flow_action;
vport->egress.allowed_vlan =
mlx5_add_flow_rules(vport->egress.acl, spec,
&flow_act, NULL, 0);
if (IS_ERR(vport->egress.allowed_vlan)) {
err = PTR_ERR(vport->egress.allowed_vlan);
esw_warn(esw->dev,
"vport[%d] configure egress vlan rule failed, err(%d)\n",
vport->vport, err);
vport->egress.allowed_vlan = NULL;
}
kvfree(spec);
return err;
}
static int esw_vport_egress_config(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
struct mlx5_fc *counter = vport->egress.legacy.drop_counter;
struct mlx5_flow_destination drop_ctr_dst = {0};
struct mlx5_flow_destination *dst = NULL;
struct mlx5_flow_act flow_act = {0};
int dest_num = 0;
int err = 0;
esw_vport_cleanup_egress_rules(esw, vport);
if (!vport->info.vlan && !vport->info.qos) {
esw_vport_disable_egress_acl(esw, vport);
return 0;
}
err = esw_vport_enable_egress_acl(esw, vport);
if (err) {
mlx5_core_warn(esw->dev,
"failed to enable egress acl (%d) on vport[%d]\n",
err, vport->vport);
return err;
}
esw_debug(esw->dev,
"vport[%d] configure egress rules, vlan(%d) qos(%d)\n",
vport->vport, vport->info.vlan, vport->info.qos);
/* Allowed vlan rule */
err = mlx5_esw_create_vport_egress_acl_vlan(esw, vport, vport->info.vlan,
MLX5_FLOW_CONTEXT_ACTION_ALLOW);
if (err)
return err;
flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP;
/* Attach egress drop flow counter */
if (counter) {
flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_COUNT;
drop_ctr_dst.type = MLX5_FLOW_DESTINATION_TYPE_COUNTER;
drop_ctr_dst.counter_id = mlx5_fc_id(counter);
dst = &drop_ctr_dst;
dest_num++;
}
vport->egress.legacy.drop_rule =
mlx5_add_flow_rules(vport->egress.acl, NULL,
&flow_act, dst, dest_num);
if (IS_ERR(vport->egress.legacy.drop_rule)) {
err = PTR_ERR(vport->egress.legacy.drop_rule);
esw_warn(esw->dev,
"vport[%d] configure egress drop rule failed, err(%d)\n",
vport->vport, err);
vport->egress.legacy.drop_rule = NULL;
}
return err;
}
static bool element_type_supported(struct mlx5_eswitch *esw, int type)
{
const struct mlx5_core_dev *dev = esw->dev;
@ -1653,44 +1148,19 @@ static int esw_vport_create_legacy_acl_tables(struct mlx5_eswitch *esw,
if (mlx5_esw_is_manager_vport(esw, vport->vport))
return 0;
if (MLX5_CAP_ESW_INGRESS_ACL(esw->dev, flow_counter)) {
vport->ingress.legacy.drop_counter = mlx5_fc_create(esw->dev, false);
if (IS_ERR(vport->ingress.legacy.drop_counter)) {
esw_warn(esw->dev,
"vport[%d] configure ingress drop rule counter failed\n",
vport->vport);
vport->ingress.legacy.drop_counter = NULL;
}
}
ret = esw_vport_ingress_config(esw, vport);
ret = esw_acl_ingress_lgcy_setup(esw, vport);
if (ret)
goto ingress_err;
if (MLX5_CAP_ESW_EGRESS_ACL(esw->dev, flow_counter)) {
vport->egress.legacy.drop_counter = mlx5_fc_create(esw->dev, false);
if (IS_ERR(vport->egress.legacy.drop_counter)) {
esw_warn(esw->dev,
"vport[%d] configure egress drop rule counter failed\n",
vport->vport);
vport->egress.legacy.drop_counter = NULL;
}
}
ret = esw_vport_egress_config(esw, vport);
ret = esw_acl_egress_lgcy_setup(esw, vport);
if (ret)
goto egress_err;
return 0;
egress_err:
esw_vport_disable_legacy_ingress_acl(esw, vport);
mlx5_fc_destroy(esw->dev, vport->egress.legacy.drop_counter);
vport->egress.legacy.drop_counter = NULL;
esw_acl_ingress_lgcy_cleanup(esw, vport);
ingress_err:
mlx5_fc_destroy(esw->dev, vport->ingress.legacy.drop_counter);
vport->ingress.legacy.drop_counter = NULL;
return ret;
}
@ -1710,13 +1180,8 @@ static void esw_vport_destroy_legacy_acl_tables(struct mlx5_eswitch *esw,
if (mlx5_esw_is_manager_vport(esw, vport->vport))
return;
esw_vport_disable_egress_acl(esw, vport);
mlx5_fc_destroy(esw->dev, vport->egress.legacy.drop_counter);
vport->egress.legacy.drop_counter = NULL;
esw_vport_disable_legacy_ingress_acl(esw, vport);
mlx5_fc_destroy(esw->dev, vport->ingress.legacy.drop_counter);
vport->ingress.legacy.drop_counter = NULL;
esw_acl_egress_lgcy_cleanup(esw, vport);
esw_acl_ingress_lgcy_cleanup(esw, vport);
}
static void esw_vport_cleanup_acl(struct mlx5_eswitch *esw,
@ -2265,6 +1730,7 @@ int mlx5_eswitch_init(struct mlx5_core_dev *dev)
mutex_init(&esw->offloads.decap_tbl_lock);
hash_init(esw->offloads.decap_tbl);
atomic64_set(&esw->offloads.num_flows, 0);
ida_init(&esw->offloads.vport_metadata_ida);
mutex_init(&esw->state_lock);
mutex_init(&esw->mode_lock);
@ -2303,6 +1769,7 @@ void mlx5_eswitch_cleanup(struct mlx5_eswitch *esw)
esw_offloads_cleanup_reps(esw);
mutex_destroy(&esw->mode_lock);
mutex_destroy(&esw->state_lock);
ida_destroy(&esw->offloads.vport_metadata_ida);
mutex_destroy(&esw->offloads.mod_hdr.lock);
mutex_destroy(&esw->offloads.encap_tbl_lock);
mutex_destroy(&esw->offloads.decap_tbl_lock);
@ -2348,7 +1815,7 @@ int mlx5_eswitch_set_vport_mac(struct mlx5_eswitch *esw,
ether_addr_copy(evport->info.mac, mac);
evport->info.node_guid = node_guid;
if (evport->enabled && esw->mode == MLX5_ESWITCH_LEGACY)
err = esw_vport_ingress_config(esw, evport);
err = esw_acl_ingress_lgcy_setup(esw, evport);
unlock:
mutex_unlock(&esw->state_lock);
@ -2430,10 +1897,10 @@ int __mlx5_eswitch_set_vport_vlan(struct mlx5_eswitch *esw,
evport->info.vlan = vlan;
evport->info.qos = qos;
if (evport->enabled && esw->mode == MLX5_ESWITCH_LEGACY) {
err = esw_vport_ingress_config(esw, evport);
err = esw_acl_ingress_lgcy_setup(esw, evport);
if (err)
return err;
err = esw_vport_egress_config(esw, evport);
err = esw_acl_egress_lgcy_setup(esw, evport);
}
return err;
@ -2475,7 +1942,7 @@ int mlx5_eswitch_set_vport_spoofchk(struct mlx5_eswitch *esw,
"Spoofchk in set while MAC is invalid, vport(%d)\n",
evport->vport);
if (evport->enabled && esw->mode == MLX5_ESWITCH_LEGACY)
err = esw_vport_ingress_config(esw, evport);
err = esw_acl_ingress_lgcy_setup(esw, evport);
if (err)
evport->info.spoofchk = pschk;
mutex_unlock(&esw->state_lock);
@ -2734,7 +2201,7 @@ static int mlx5_eswitch_query_vport_drop_stats(struct mlx5_core_dev *dev,
if (!vport->enabled)
goto unlock;
if (vport->egress.legacy.drop_counter)
if (!IS_ERR_OR_NULL(vport->egress.legacy.drop_counter))
mlx5_fc_query(dev, vport->egress.legacy.drop_counter,
&stats->rx_dropped, &bytes);

41
drivers/net/ethernet/mellanox/mlx5/core/eswitch.h
View File

@ -99,13 +99,19 @@ struct vport_ingress {
struct vport_egress {
struct mlx5_flow_table *acl;
struct mlx5_flow_group *allowed_vlans_grp;
struct mlx5_flow_group *drop_grp;
struct mlx5_flow_handle *allowed_vlan;
struct {
struct mlx5_flow_handle *drop_rule;
struct mlx5_fc *drop_counter;
} legacy;
struct mlx5_flow_group *vlan_grp;
union {
struct {
struct mlx5_flow_group *drop_grp;
struct mlx5_flow_handle *drop_rule;
struct mlx5_fc *drop_counter;
} legacy;
struct {
struct mlx5_flow_group *fwd_grp;
struct mlx5_flow_handle *fwd_rule;
} offloads;
};
};
struct mlx5_vport_drop_stats {
@ -143,6 +149,8 @@ struct mlx5_vport {
struct vport_ingress ingress;
struct vport_egress egress;
u32 default_metadata;
u32 metadata;
struct mlx5_vport_info info;
@ -218,6 +226,7 @@ struct mlx5_esw_offload {
u8 inline_mode;
atomic64_t num_flows;
enum devlink_eswitch_encap_mode encap;
struct ida vport_metadata_ida;
};
/* E-Switch MC FDB table hash node */
@ -285,18 +294,10 @@ void esw_offloads_disable(struct mlx5_eswitch *esw);
int esw_offloads_enable(struct mlx5_eswitch *esw);
void esw_offloads_cleanup_reps(struct mlx5_eswitch *esw);
int esw_offloads_init_reps(struct mlx5_eswitch *esw);
void esw_vport_cleanup_ingress_rules(struct mlx5_eswitch *esw,
struct mlx5_vport *vport);
int esw_vport_create_ingress_acl_table(struct mlx5_eswitch *esw,
struct mlx5_vport *vport,
int table_size);
void esw_vport_destroy_ingress_acl_table(struct mlx5_vport *vport);
void esw_vport_cleanup_egress_rules(struct mlx5_eswitch *esw,
struct mlx5_vport *vport);
int esw_vport_enable_egress_acl(struct mlx5_eswitch *esw,
struct mlx5_vport *vport);
void esw_vport_disable_egress_acl(struct mlx5_eswitch *esw,
struct mlx5_vport *vport);
u32 mlx5_esw_match_metadata_alloc(struct mlx5_eswitch *esw);
void mlx5_esw_match_metadata_free(struct mlx5_eswitch *esw, u32 metadata);
int mlx5_esw_modify_vport_rate(struct mlx5_eswitch *esw, u16 vport_num,
u32 rate_mbps);
@ -458,10 +459,6 @@ int mlx5_eswitch_del_vlan_action(struct mlx5_eswitch *esw,
int __mlx5_eswitch_set_vport_vlan(struct mlx5_eswitch *esw,
u16 vport, u16 vlan, u8 qos, u8 set_flags);
int mlx5_esw_create_vport_egress_acl_vlan(struct mlx5_eswitch *esw,
struct mlx5_vport *vport,
u16 vlan_id, u32 flow_action);
static inline bool mlx5_esw_qos_enabled(struct mlx5_eswitch *esw)
{
return esw->qos.enabled;

401
drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c
View File

@ -31,12 +31,14 @@
*/
#include <linux/etherdevice.h>
#include <linux/idr.h>
#include <linux/mlx5/driver.h>
#include <linux/mlx5/mlx5_ifc.h>
#include <linux/mlx5/vport.h>
#include <linux/mlx5/fs.h>
#include "mlx5_core.h"
#include "eswitch.h"
#include "esw/acl/ofld.h"
#include "esw/chains.h"
#include "rdma.h"
#include "en.h"
@ -234,13 +236,6 @@ static struct mlx5_eswitch_rep *mlx5_eswitch_get_rep(struct mlx5_eswitch *esw,
return &esw->offloads.vport_reps[idx];
}
static bool
esw_check_ingress_prio_tag_enabled(const struct mlx5_eswitch *esw,
const struct mlx5_vport *vport)
{
return (MLX5_CAP_GEN(esw->dev, prio_tag_required) &&
mlx5_eswitch_is_vf_vport(esw, vport->vport));
}
static void
mlx5_eswitch_set_rule_source_port(struct mlx5_eswitch *esw,
@ -1851,279 +1846,6 @@ static void esw_offloads_devcom_cleanup(struct mlx5_eswitch *esw)
mlx5_devcom_unregister_component(devcom, MLX5_DEVCOM_ESW_OFFLOADS);
}
static int esw_vport_ingress_prio_tag_config(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
struct mlx5_flow_act flow_act = {0};
struct mlx5_flow_spec *spec;
int err = 0;
/* For prio tag mode, there is only 1 FTEs:
* 1) Untagged packets - push prio tag VLAN and modify metadata if
* required, allow
* Unmatched traffic is allowed by default
*/
spec = kvzalloc(sizeof(*spec), GFP_KERNEL);
if (!spec)
return -ENOMEM;
/* Untagged packets - push prio tag VLAN, allow */
MLX5_SET_TO_ONES(fte_match_param, spec->match_criteria, outer_headers.cvlan_tag);
MLX5_SET(fte_match_param, spec->match_value, outer_headers.cvlan_tag, 0);
spec->match_criteria_enable = MLX5_MATCH_OUTER_HEADERS;
flow_act.action = MLX5_FLOW_CONTEXT_ACTION_VLAN_PUSH |
MLX5_FLOW_CONTEXT_ACTION_ALLOW;
flow_act.vlan[0].ethtype = ETH_P_8021Q;
flow_act.vlan[0].vid = 0;
flow_act.vlan[0].prio = 0;
if (vport->ingress.offloads.modify_metadata_rule) {
flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_MOD_HDR;
flow_act.modify_hdr = vport->ingress.offloads.modify_metadata;
}
vport->ingress.allow_rule =
mlx5_add_flow_rules(vport->ingress.acl, spec,
&flow_act, NULL, 0);
if (IS_ERR(vport->ingress.allow_rule)) {
err = PTR_ERR(vport->ingress.allow_rule);
esw_warn(esw->dev,
"vport[%d] configure ingress untagged allow rule, err(%d)\n",
vport->vport, err);
vport->ingress.allow_rule = NULL;
}
kvfree(spec);
return err;
}
static int esw_vport_add_ingress_acl_modify_metadata(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
u8 action[MLX5_UN_SZ_BYTES(set_add_copy_action_in_auto)] = {};
struct mlx5_flow_act flow_act = {};
int err = 0;
u32 key;
key = mlx5_eswitch_get_vport_metadata_for_match(esw, vport->vport);
key >>= ESW_SOURCE_PORT_METADATA_OFFSET;
MLX5_SET(set_action_in, action, action_type, MLX5_ACTION_TYPE_SET);
MLX5_SET(set_action_in, action, field,
MLX5_ACTION_IN_FIELD_METADATA_REG_C_0);
MLX5_SET(set_action_in, action, data, key);
MLX5_SET(set_action_in, action, offset,
ESW_SOURCE_PORT_METADATA_OFFSET);
MLX5_SET(set_action_in, action, length,
ESW_SOURCE_PORT_METADATA_BITS);
vport->ingress.offloads.modify_metadata =
mlx5_modify_header_alloc(esw->dev, MLX5_FLOW_NAMESPACE_ESW_INGRESS,
1, action);
if (IS_ERR(vport->ingress.offloads.modify_metadata)) {
err = PTR_ERR(vport->ingress.offloads.modify_metadata);
esw_warn(esw->dev,
"failed to alloc modify header for vport %d ingress acl (%d)\n",
vport->vport, err);
return err;
}
flow_act.action = MLX5_FLOW_CONTEXT_ACTION_MOD_HDR | MLX5_FLOW_CONTEXT_ACTION_ALLOW;
flow_act.modify_hdr = vport->ingress.offloads.modify_metadata;
vport->ingress.offloads.modify_metadata_rule =
mlx5_add_flow_rules(vport->ingress.acl,
NULL, &flow_act, NULL, 0);
if (IS_ERR(vport->ingress.offloads.modify_metadata_rule)) {
err = PTR_ERR(vport->ingress.offloads.modify_metadata_rule);
esw_warn(esw->dev,
"failed to add setting metadata rule for vport %d ingress acl, err(%d)\n",
vport->vport, err);
mlx5_modify_header_dealloc(esw->dev, vport->ingress.offloads.modify_metadata);
vport->ingress.offloads.modify_metadata_rule = NULL;
}
return err;
}
static void esw_vport_del_ingress_acl_modify_metadata(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
if (vport->ingress.offloads.modify_metadata_rule) {
mlx5_del_flow_rules(vport->ingress.offloads.modify_metadata_rule);
mlx5_modify_header_dealloc(esw->dev, vport->ingress.offloads.modify_metadata);
vport->ingress.offloads.modify_metadata_rule = NULL;
}
}
static int esw_vport_create_ingress_acl_group(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
int inlen = MLX5_ST_SZ_BYTES(create_flow_group_in);
struct mlx5_flow_group *g;
void *match_criteria;
u32 *flow_group_in;
u32 flow_index = 0;
int ret = 0;
flow_group_in = kvzalloc(inlen, GFP_KERNEL);
if (!flow_group_in)
return -ENOMEM;
if (esw_check_ingress_prio_tag_enabled(esw, vport)) {
/* This group is to hold FTE to match untagged packets when prio_tag
* is enabled.
*/
memset(flow_group_in, 0, inlen);
match_criteria = MLX5_ADDR_OF(create_flow_group_in,
flow_group_in, match_criteria);
MLX5_SET(create_flow_group_in, flow_group_in,
match_criteria_enable, MLX5_MATCH_OUTER_HEADERS);
MLX5_SET_TO_ONES(fte_match_param, match_criteria, outer_headers.cvlan_tag);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, flow_index);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, flow_index);
g = mlx5_create_flow_group(vport->ingress.acl, flow_group_in);
if (IS_ERR(g)) {
ret = PTR_ERR(g);
esw_warn(esw->dev, "vport[%d] ingress create untagged flow group, err(%d)\n",
vport->vport, ret);
goto prio_tag_err;
}
vport->ingress.offloads.metadata_prio_tag_grp = g;
flow_index++;
}
if (mlx5_eswitch_vport_match_metadata_enabled(esw)) {
/* This group holds an FTE with no matches for add metadata for
* tagged packets, if prio-tag is enabled (as a fallthrough),
* or all traffic in case prio-tag is disabled.
*/
memset(flow_group_in, 0, inlen);
MLX5_SET(create_flow_group_in, flow_group_in, start_flow_index, flow_index);
MLX5_SET(create_flow_group_in, flow_group_in, end_flow_index, flow_index);
g = mlx5_create_flow_group(vport->ingress.acl, flow_group_in);
if (IS_ERR(g)) {
ret = PTR_ERR(g);
esw_warn(esw->dev, "vport[%d] ingress create drop flow group, err(%d)\n",
vport->vport, ret);
goto metadata_err;
}
vport->ingress.offloads.metadata_allmatch_grp = g;
}
kvfree(flow_group_in);
return 0;
metadata_err:
if (!IS_ERR_OR_NULL(vport->ingress.offloads.metadata_prio_tag_grp)) {
mlx5_destroy_flow_group(vport->ingress.offloads.metadata_prio_tag_grp);
vport->ingress.offloads.metadata_prio_tag_grp = NULL;
}
prio_tag_err:
kvfree(flow_group_in);
return ret;
}
static void esw_vport_destroy_ingress_acl_group(struct mlx5_vport *vport)
{
if (vport->ingress.offloads.metadata_allmatch_grp) {
mlx5_destroy_flow_group(vport->ingress.offloads.metadata_allmatch_grp);
vport->ingress.offloads.metadata_allmatch_grp = NULL;
}
if (vport->ingress.offloads.metadata_prio_tag_grp) {
mlx5_destroy_flow_group(vport->ingress.offloads.metadata_prio_tag_grp);
vport->ingress.offloads.metadata_prio_tag_grp = NULL;
}
}
static int esw_vport_ingress_config(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
int num_ftes = 0;
int err;
if (!mlx5_eswitch_vport_match_metadata_enabled(esw) &&
!esw_check_ingress_prio_tag_enabled(esw, vport))
return 0;
esw_vport_cleanup_ingress_rules(esw, vport);
if (mlx5_eswitch_vport_match_metadata_enabled(esw))
num_ftes++;
if (esw_check_ingress_prio_tag_enabled(esw, vport))
num_ftes++;
err = esw_vport_create_ingress_acl_table(esw, vport, num_ftes);
if (err) {
esw_warn(esw->dev,
"failed to enable ingress acl (%d) on vport[%d]\n",
err, vport->vport);
return err;
}
err = esw_vport_create_ingress_acl_group(esw, vport);
if (err)
goto group_err;
esw_debug(esw->dev,
"vport[%d] configure ingress rules\n", vport->vport);
if (mlx5_eswitch_vport_match_metadata_enabled(esw)) {
err = esw_vport_add_ingress_acl_modify_metadata(esw, vport);
if (err)
goto metadata_err;
}
if (esw_check_ingress_prio_tag_enabled(esw, vport)) {
err = esw_vport_ingress_prio_tag_config(esw, vport);
if (err)
goto prio_tag_err;
}
return 0;
prio_tag_err:
esw_vport_del_ingress_acl_modify_metadata(esw, vport);
metadata_err:
esw_vport_destroy_ingress_acl_group(vport);
group_err:
esw_vport_destroy_ingress_acl_table(vport);
return err;
}
static int esw_vport_egress_config(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
int err;
if (!MLX5_CAP_GEN(esw->dev, prio_tag_required))
return 0;
esw_vport_cleanup_egress_rules(esw, vport);
err = esw_vport_enable_egress_acl(esw, vport);
if (err)
return err;
/* For prio tag mode, there is only 1 FTEs:
* 1) prio tag packets - pop the prio tag VLAN, allow
* Unmatched traffic is allowed by default
*/
esw_debug(esw->dev,
"vport[%d] configure prio tag egress rules\n", vport->vport);
/* prio tag vlan rule - pop it so VF receives untagged packets */
err = mlx5_esw_create_vport_egress_acl_vlan(esw, vport, 0,
MLX5_FLOW_CONTEXT_ACTION_VLAN_POP |
MLX5_FLOW_CONTEXT_ACTION_ALLOW);
if (err)
esw_vport_disable_egress_acl(esw, vport);
return err;
}
static bool
esw_check_vport_match_metadata_supported(const struct mlx5_eswitch *esw)
{
@ -2156,25 +1878,83 @@ static bool esw_use_vport_metadata(const struct mlx5_eswitch *esw)
esw_check_vport_match_metadata_supported(esw);
}
u32 mlx5_esw_match_metadata_alloc(struct mlx5_eswitch *esw)
{
u32 num_vports = GENMASK(ESW_VPORT_BITS - 1, 0) - 1;
u32 vhca_id_mask = GENMASK(ESW_VHCA_ID_BITS - 1, 0);
u32 vhca_id = MLX5_CAP_GEN(esw->dev, vhca_id);
u32 start;
u32 end;
int id;
/* Make sure the vhca_id fits the ESW_VHCA_ID_BITS */
WARN_ON_ONCE(vhca_id >= BIT(ESW_VHCA_ID_BITS));
/* Trim vhca_id to ESW_VHCA_ID_BITS */
vhca_id &= vhca_id_mask;
start = (vhca_id << ESW_VPORT_BITS);
end = start + num_vports;
if (!vhca_id)
start += 1; /* zero is reserved/invalid metadata */
id = ida_alloc_range(&esw->offloads.vport_metadata_ida, start, end, GFP_KERNEL);
return (id < 0) ? 0 : id;
}
void mlx5_esw_match_metadata_free(struct mlx5_eswitch *esw, u32 metadata)
{
ida_free(&esw->offloads.vport_metadata_ida, metadata);
}
static int esw_offloads_vport_metadata_setup(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
if (vport->vport == MLX5_VPORT_UPLINK)
return 0;
vport->default_metadata = mlx5_esw_match_metadata_alloc(esw);
vport->metadata = vport->default_metadata;
return vport->metadata ? 0 : -ENOSPC;
}
static void esw_offloads_vport_metadata_cleanup(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
if (vport->vport == MLX5_VPORT_UPLINK || !vport->default_metadata)
return;
WARN_ON(vport->metadata != vport->default_metadata);
mlx5_esw_match_metadata_free(esw, vport->default_metadata);
}
int
esw_vport_create_offloads_acl_tables(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
int err;
err = esw_vport_ingress_config(esw, vport);
err = esw_offloads_vport_metadata_setup(esw, vport);
if (err)
return err;
goto metadata_err;
err = esw_acl_ingress_ofld_setup(esw, vport);
if (err)
goto ingress_err;
if (mlx5_eswitch_is_vf_vport(esw, vport->vport)) {
err = esw_vport_egress_config(esw, vport);
if (err) {
esw_vport_cleanup_ingress_rules(esw, vport);
esw_vport_del_ingress_acl_modify_metadata(esw, vport);
esw_vport_destroy_ingress_acl_group(vport);
esw_vport_destroy_ingress_acl_table(vport);
}
err = esw_acl_egress_ofld_setup(esw, vport);
if (err)
goto egress_err;
}
return 0;
egress_err:
esw_acl_ingress_ofld_cleanup(esw, vport);
ingress_err:
esw_offloads_vport_metadata_cleanup(esw, vport);
metadata_err:
return err;
}
@ -2182,11 +1962,9 @@ void
esw_vport_destroy_offloads_acl_tables(struct mlx5_eswitch *esw,
struct mlx5_vport *vport)
{
esw_vport_disable_egress_acl(esw, vport);
esw_vport_cleanup_ingress_rules(esw, vport);
esw_vport_del_ingress_acl_modify_metadata(esw, vport);
esw_vport_destroy_ingress_acl_group(vport);
esw_vport_destroy_ingress_acl_table(vport);
esw_acl_egress_ofld_cleanup(vport);
esw_acl_ingress_ofld_cleanup(esw, vport);
esw_offloads_vport_metadata_cleanup(esw, vport);
}
static int esw_create_uplink_offloads_acl_tables(struct mlx5_eswitch *esw)
@ -2852,38 +2630,11 @@ EXPORT_SYMBOL(mlx5_eswitch_vport_match_metadata_enabled);
u32 mlx5_eswitch_get_vport_metadata_for_match(struct mlx5_eswitch *esw,
u16 vport_num)
{
u32 vport_num_mask = GENMASK(ESW_VPORT_BITS - 1, 0);
u32 vhca_id_mask = GENMASK(ESW_VHCA_ID_BITS - 1, 0);
u32 vhca_id = MLX5_CAP_GEN(esw->dev, vhca_id);
u32 val;
struct mlx5_vport *vport = mlx5_eswitch_get_vport(esw, vport_num);
/* Make sure the vhca_id fits the ESW_VHCA_ID_BITS */
WARN_ON_ONCE(vhca_id >= BIT(ESW_VHCA_ID_BITS));
if (WARN_ON_ONCE(IS_ERR(vport)))
return 0;
/* Trim vhca_id to ESW_VHCA_ID_BITS */
vhca_id &= vhca_id_mask;
/* Make sure pf and ecpf map to end of ESW_VPORT_BITS range so they
* don't overlap with VF numbers, and themselves, after trimming.
*/
WARN_ON_ONCE((MLX5_VPORT_UPLINK & vport_num_mask) <
vport_num_mask - 1);
WARN_ON_ONCE((MLX5_VPORT_ECPF & vport_num_mask) <
vport_num_mask - 1);
WARN_ON_ONCE((MLX5_VPORT_UPLINK & vport_num_mask) ==
(MLX5_VPORT_ECPF & vport_num_mask));
/* Make sure that the VF vport_num fits ESW_VPORT_BITS and don't
* overlap with pf and ecpf.
*/
if (vport_num != MLX5_VPORT_UPLINK &&
vport_num != MLX5_VPORT_ECPF)
WARN_ON_ONCE(vport_num >= vport_num_mask - 1);
/* We can now trim vport_num to ESW_VPORT_BITS */
vport_num &= vport_num_mask;
val = (vhca_id << ESW_VPORT_BITS) | vport_num;
return val << (32 - ESW_SOURCE_PORT_METADATA_BITS);
return vport->metadata << (32 - ESW_SOURCE_PORT_METADATA_BITS);
}
EXPORT_SYMBOL(mlx5_eswitch_get_vport_metadata_for_match);

16
drivers/net/ethernet/mellanox/mlx5/core/main.c
View File

@ -1272,7 +1272,7 @@ static int mlx5_mdev_init(struct mlx5_core_dev *dev, int profile_idx)
mlx5_debugfs_root);
if (!priv->dbg_root) {
dev_err(dev->device, "mlx5_core: error, Cannot create debugfs dir, aborting\n");
return -ENOMEM;
goto err_dbg_root;
}
err = mlx5_health_init(dev);
@ -1289,15 +1289,27 @@ err_pagealloc_init:
mlx5_health_cleanup(dev);
err_health_init:
debugfs_remove(dev->priv.dbg_root);
err_dbg_root:
mutex_destroy(&priv->pgdir_mutex);
mutex_destroy(&priv->alloc_mutex);
mutex_destroy(&priv->bfregs.wc_head.lock);
mutex_destroy(&priv->bfregs.reg_head.lock);
mutex_destroy(&dev->intf_state_mutex);
return err;
}
static void mlx5_mdev_uninit(struct mlx5_core_dev *dev)
{
struct mlx5_priv *priv = &dev->priv;
mlx5_pagealloc_cleanup(dev);
mlx5_health_cleanup(dev);
debugfs_remove_recursive(dev->priv.dbg_root);
mutex_destroy(&priv->pgdir_mutex);
mutex_destroy(&priv->alloc_mutex);
mutex_destroy(&priv->bfregs.wc_head.lock);
mutex_destroy(&priv->bfregs.reg_head.lock);
mutex_destroy(&dev->intf_state_mutex);
}
#define MLX5_IB_MOD "mlx5_ib"

14
drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c
View File

@ -297,7 +297,8 @@ mlx5dr_domain_create(struct mlx5_core_dev *mdev, enum mlx5dr_domain_type type)
dmn->mdev = mdev;
dmn->type = type;
refcount_set(&dmn->refcount, 1);
mutex_init(&dmn->mutex);
mutex_init(&dmn->info.rx.mutex);
mutex_init(&dmn->info.tx.mutex);
if (dr_domain_caps_init(mdev, dmn)) {
mlx5dr_err(dmn, "Failed init domain, no caps\n");
@ -345,9 +346,9 @@ int mlx5dr_domain_sync(struct mlx5dr_domain *dmn, u32 flags)
int ret = 0;
if (flags & MLX5DR_DOMAIN_SYNC_FLAGS_SW) {
mutex_lock(&dmn->mutex);
mlx5dr_domain_lock(dmn);
ret = mlx5dr_send_ring_force_drain(dmn);
mutex_unlock(&dmn->mutex);
mlx5dr_domain_unlock(dmn);
if (ret) {
mlx5dr_err(dmn, "Force drain failed flags: %d, ret: %d\n",
flags, ret);
@ -371,7 +372,8 @@ int mlx5dr_domain_destroy(struct mlx5dr_domain *dmn)
dr_domain_uninit_cache(dmn);
dr_domain_uninit_resources(dmn);
dr_domain_caps_uninit(dmn);
mutex_destroy(&dmn->mutex);
mutex_destroy(&dmn->info.tx.mutex);
mutex_destroy(&dmn->info.rx.mutex);
kfree(dmn);
return 0;
}
@ -379,7 +381,7 @@ int mlx5dr_domain_destroy(struct mlx5dr_domain *dmn)
void mlx5dr_domain_set_peer(struct mlx5dr_domain *dmn,
struct mlx5dr_domain *peer_dmn)
{
mutex_lock(&dmn->mutex);
mlx5dr_domain_lock(dmn);
if (dmn->peer_dmn)
refcount_dec(&dmn->peer_dmn->refcount);
@ -389,5 +391,5 @@ void mlx5dr_domain_set_peer(struct mlx5dr_domain *dmn,
if (dmn->peer_dmn)
refcount_inc(&dmn->peer_dmn->refcount);
mutex_unlock(&dmn->mutex);
mlx5dr_domain_unlock(dmn);
}

10
drivers/net/ethernet/mellanox/mlx5/core/steering/dr_matcher.c
View File

@ -690,7 +690,7 @@ mlx5dr_matcher_create(struct mlx5dr_table *tbl,
refcount_set(&matcher->refcount, 1);
INIT_LIST_HEAD(&matcher->matcher_list);
mutex_lock(&tbl->dmn->mutex);
mlx5dr_domain_lock(tbl->dmn);
ret = dr_matcher_init(matcher, mask);
if (ret)
@ -700,14 +700,14 @@ mlx5dr_matcher_create(struct mlx5dr_table *tbl,
if (ret)
goto matcher_uninit;
mutex_unlock(&tbl->dmn->mutex);
mlx5dr_domain_unlock(tbl->dmn);
return matcher;
matcher_uninit:
dr_matcher_uninit(matcher);
free_matcher:
mutex_unlock(&tbl->dmn->mutex);
mlx5dr_domain_unlock(tbl->dmn);
kfree(matcher);
dec_ref:
refcount_dec(&tbl->refcount);
@ -791,13 +791,13 @@ int mlx5dr_matcher_destroy(struct mlx5dr_matcher *matcher)
if (refcount_read(&matcher->refcount) > 1)
return -EBUSY;
mutex_lock(&tbl->dmn->mutex);
mlx5dr_domain_lock(tbl->dmn);
dr_matcher_remove_from_tbl(matcher);
dr_matcher_uninit(matcher);
refcount_dec(&matcher->tbl->refcount);
mutex_unlock(&tbl->dmn->mutex);
mlx5dr_domain_unlock(tbl->dmn);
kfree(matcher);
return 0;

31
drivers/net/ethernet/mellanox/mlx5/core/steering/dr_rule.c
View File

@ -938,7 +938,10 @@ static bool dr_rule_verify(struct mlx5dr_matcher *matcher,
static int dr_rule_destroy_rule_nic(struct mlx5dr_rule *rule,
struct mlx5dr_rule_rx_tx *nic_rule)
{
mlx5dr_domain_nic_lock(nic_rule->nic_matcher->nic_tbl->nic_dmn);
dr_rule_clean_rule_members(rule, nic_rule);
mlx5dr_domain_nic_unlock(nic_rule->nic_matcher->nic_tbl->nic_dmn);
return 0;
}
@ -1039,18 +1042,18 @@ dr_rule_create_rule_nic(struct mlx5dr_rule *rule,
if (dr_rule_skip(dmn->type, nic_dmn->ste_type, &matcher->mask, param))
return 0;
hw_ste_arr = kzalloc(DR_RULE_MAX_STE_CHAIN * DR_STE_SIZE, GFP_KERNEL);
if (!hw_ste_arr)
return -ENOMEM;
mlx5dr_domain_nic_lock(nic_dmn);
ret = mlx5dr_matcher_select_builders(matcher,
nic_matcher,
dr_rule_get_ipv(&param->outer),
dr_rule_get_ipv(&param->inner));
if (ret)
goto out_err;
hw_ste_arr = kzalloc(DR_RULE_MAX_STE_CHAIN * DR_STE_SIZE, GFP_KERNEL);
if (!hw_ste_arr) {
ret = -ENOMEM;
goto out_err;
}
goto free_hw_ste;
/* Set the tag values inside the ste array */
ret = mlx5dr_ste_build_ste_arr(matcher, nic_matcher, param, hw_ste_arr);
@ -1115,6 +1118,8 @@ dr_rule_create_rule_nic(struct mlx5dr_rule *rule,
if (htbl)
mlx5dr_htbl_put(htbl);
mlx5dr_domain_nic_unlock(nic_dmn);
kfree(hw_ste_arr);
return 0;
@ -1129,8 +1134,8 @@ free_rule:
kfree(ste_info);
}
free_hw_ste:
mlx5dr_domain_nic_unlock(nic_dmn);
kfree(hw_ste_arr);
out_err:
return ret;
}
@ -1232,31 +1237,23 @@ struct mlx5dr_rule *mlx5dr_rule_create(struct mlx5dr_matcher *matcher,
{
struct mlx5dr_rule *rule;
mutex_lock(&matcher->tbl->dmn->mutex);
refcount_inc(&matcher->refcount);
rule = dr_rule_create_rule(matcher, value, num_actions, actions);
if (!rule)
refcount_dec(&matcher->refcount);
mutex_unlock(&matcher->tbl->dmn->mutex);
return rule;
}
int mlx5dr_rule_destroy(struct mlx5dr_rule *rule)
{
struct mlx5dr_matcher *matcher = rule->matcher;
struct mlx5dr_table *tbl = rule->matcher->tbl;
int ret;
mutex_lock(&tbl->dmn->mutex);
ret = dr_rule_destroy_rule(rule);
mutex_unlock(&tbl->dmn->mutex);
if (!ret)
refcount_dec(&matcher->refcount);
return ret;
}

13
drivers/net/ethernet/mellanox/mlx5/core/steering/dr_send.c
View File

@ -357,9 +357,11 @@ static int dr_postsend_icm_data(struct mlx5dr_domain *dmn,
u32 buff_offset;
int ret;
spin_lock(&send_ring->lock);
ret = dr_handle_pending_wc(dmn, send_ring);
if (ret)
return ret;
goto out_unlock;
if (send_info->write.length > dmn->info.max_inline_size) {
buff_offset = (send_ring->tx_head &
@ -377,7 +379,9 @@ static int dr_postsend_icm_data(struct mlx5dr_domain *dmn,
dr_fill_data_segs(send_ring, send_info);
dr_post_send(send_ring->qp, send_info);
return 0;
out_unlock:
spin_unlock(&send_ring->lock);
return ret;
}
static int dr_get_tbl_copy_details(struct mlx5dr_domain *dmn,
@ -563,9 +567,7 @@ int mlx5dr_send_postsend_action(struct mlx5dr_domain *dmn,
send_info.remote_addr = action->rewrite.chunk->mr_addr;
send_info.rkey = action->rewrite.chunk->rkey;
mutex_lock(&dmn->mutex);
ret = dr_postsend_icm_data(dmn, &send_info);
mutex_unlock(&dmn->mutex);
return ret;
}
@ -886,6 +888,7 @@ int mlx5dr_send_ring_alloc(struct mlx5dr_domain *dmn)
init_attr.pdn = dmn->pdn;
init_attr.uar = dmn->uar;
init_attr.max_send_wr = QUEUE_SIZE;
spin_lock_init(&dmn->send_ring->lock);
dmn->send_ring->qp = dr_create_rc_qp(dmn->mdev, &init_attr);
if (!dmn->send_ring->qp) {
@ -990,7 +993,9 @@ int mlx5dr_send_ring_force_drain(struct mlx5dr_domain *dmn)
return ret;
}
spin_lock(&send_ring->lock);
ret = dr_handle_pending_wc(dmn, send_ring);
spin_unlock(&send_ring->lock);
return ret;
}

12
drivers/net/ethernet/mellanox/mlx5/core/steering/dr_table.c
View File

@ -14,7 +14,7 @@ int mlx5dr_table_set_miss_action(struct mlx5dr_table *tbl,
if (action && action->action_type != DR_ACTION_TYP_FT)
return -EOPNOTSUPP;
mutex_lock(&tbl->dmn->mutex);
mlx5dr_domain_lock(tbl->dmn);
if (!list_empty(&tbl->matcher_list))
last_matcher = list_last_entry(&tbl->matcher_list,
@ -78,7 +78,7 @@ int mlx5dr_table_set_miss_action(struct mlx5dr_table *tbl,
refcount_inc(&action->refcount);
out:
mutex_unlock(&tbl->dmn->mutex);
mlx5dr_domain_unlock(tbl->dmn);
return ret;
}
@ -95,7 +95,7 @@ static void dr_table_uninit_fdb(struct mlx5dr_table *tbl)
static void dr_table_uninit(struct mlx5dr_table *tbl)
{
mutex_lock(&tbl->dmn->mutex);
mlx5dr_domain_lock(tbl->dmn);
switch (tbl->dmn->type) {
case MLX5DR_DOMAIN_TYPE_NIC_RX:
@ -112,7 +112,7 @@ static void dr_table_uninit(struct mlx5dr_table *tbl)
break;
}
mutex_unlock(&tbl->dmn->mutex);
mlx5dr_domain_unlock(tbl->dmn);
}
static int dr_table_init_nic(struct mlx5dr_domain *dmn,
@ -177,7 +177,7 @@ static int dr_table_init(struct mlx5dr_table *tbl)
INIT_LIST_HEAD(&tbl->matcher_list);
mutex_lock(&tbl->dmn->mutex);
mlx5dr_domain_lock(tbl->dmn);
switch (tbl->dmn->type) {
case MLX5DR_DOMAIN_TYPE_NIC_RX:
@ -201,7 +201,7 @@ static int dr_table_init(struct mlx5dr_table *tbl)
break;
}
mutex_unlock(&tbl->dmn->mutex);
mlx5dr_domain_unlock(tbl->dmn);
return ret;
}

25
drivers/net/ethernet/mellanox/mlx5/core/steering/dr_types.h
View File

@ -636,6 +636,7 @@ struct mlx5dr_domain_rx_tx {
u64 drop_icm_addr;
u64 default_icm_addr;
enum mlx5dr_ste_entry_type ste_type;
struct mutex mutex; /* protect rx/tx domain */
};
struct mlx5dr_domain_info {
@ -660,7 +661,6 @@ struct mlx5dr_domain {
struct mlx5_uars_page *uar;
enum mlx5dr_domain_type type;
refcount_t refcount;
struct mutex mutex; /* protect domain */
struct mlx5dr_icm_pool *ste_icm_pool;
struct mlx5dr_icm_pool *action_icm_pool;
struct mlx5dr_send_ring *send_ring;
@ -814,6 +814,28 @@ struct mlx5dr_icm_chunk {
struct list_head *miss_list;
};
static inline void mlx5dr_domain_nic_lock(struct mlx5dr_domain_rx_tx *nic_dmn)
{
mutex_lock(&nic_dmn->mutex);
}
static inline void mlx5dr_domain_nic_unlock(struct mlx5dr_domain_rx_tx *nic_dmn)
{
mutex_unlock(&nic_dmn->mutex);
}
static inline void mlx5dr_domain_lock(struct mlx5dr_domain *dmn)
{
mlx5dr_domain_nic_lock(&dmn->info.rx);
mlx5dr_domain_nic_lock(&dmn->info.tx);
}
static inline void mlx5dr_domain_unlock(struct mlx5dr_domain *dmn)
{
mlx5dr_domain_nic_unlock(&dmn->info.tx);
mlx5dr_domain_nic_unlock(&dmn->info.rx);
}
static inline int
mlx5dr_matcher_supp_flex_parser_icmp_v4(struct mlx5dr_cmd_caps *caps)
{
@ -1043,6 +1065,7 @@ struct mlx5dr_send_ring {
struct ib_wc wc[MAX_SEND_CQE];
u8 sync_buff[MIN_READ_SYNC];
struct mlx5dr_mr *sync_mr;
spinlock_t lock; /* Protect the data path of the send ring */
};
int mlx5dr_send_ring_alloc(struct mlx5dr_domain *dmn);