#
6fb88aaf |
|
08-Mar-2024 |
Petr Machata <petrm@nvidia.com> |
mlxsw: spectrum: Allow fetch-and-clear of flow counters For the report_delta-like interface like a previous patch has added for collection of NH group statistics, it's easiest to read the counter and have the HW clear it right away. Thus, change mlxsw_sp_flow_counter_get() to take a bool indicating whether this should be done. Signed-off-by: Petr Machata <petrm@nvidia.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Link: https://lore.kernel.org/r/6a096ede8ee92d5041e3832242c3bbc137198aba.1709901020.git.petrm@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
1267f722 |
|
26-Jan-2024 |
Amit Cohen <amcohen@nvidia.com> |
mlxsw: Use refcount_t for reference counting mlxsw driver uses 'unsigned int' for reference counters in several structures. Instead, use refcount_t type which allows us to catch overflow and underflow issues. Change the type of the counters and use the appropriate API. Signed-off-by: Amit Cohen <amcohen@nvidia.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Petr Machata <petrm@nvidia.com> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
|
#
0433670e |
|
11-Aug-2023 |
Ido Schimmel <idosch@nvidia.com> |
mlxsw: spectrum_flower: Disable learning and security lookup when redirecting It is possible to add a filter that redirects traffic from the ingress of a bridge port that is locked (i.e., performs security / SMAC lookup) and has learning enabled. For example: # ip link add name br0 type bridge # ip link set dev swp1 master br0 # bridge link set dev swp1 learning on locked on mab on # tc qdisc add dev swp1 clsact # tc filter add dev swp1 ingress pref 1 proto ip flower skip_sw src_ip 192.0.2.1 action mirred egress redirect dev swp2 In the kernel's Rx path, this filter is evaluated before the Rx handler of the bridge, which means that redirected traffic should not be affected by bridge port configuration such as learning. However, the hardware data path is a bit different and the redirect action (FORWARDING_ACTION in hardware) merely attaches a pointer to the packet, which is later used by the L2 lookup stage to understand how to forward the packet. Between both stages - ingress ACL and L2 lookup - learning and security lookup are performed, which means that redirected traffic is affected by bridge port configuration, unlike in the kernel's data path. The learning discrepancy was handled in commit 577fa14d2100 ("mlxsw: spectrum: Do not process learned records with a dummy FID") by simply ignoring learning notifications generated by the redirected traffic. A similar solution is not possible for the security / SMAC lookup since - unlike learning - the CPU is not involved and packets that failed the lookup are dropped by the device. Instead, solve this by prepending the ignore action to the redirect action and use it to instruct the device to disable both learning and the security / SMAC lookup for redirected traffic. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Petr Machata <petrm@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
fe22f741 |
|
11-Jul-2023 |
Ido Schimmel <idosch@nvidia.com> |
mlxsw: spectrum_flower: Add ability to match on port ranges Add the ability to match on port ranges by utilizing the previously added port range registers and the port range key element. Up to two port range registers can be used for each filter, one for source port and another for destination port. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Petr Machata <petrm@nvidia.com> Link: https://lore.kernel.org/r/df4385a9592917e9a22ebff339e0463e4a8dfa82.1689092769.git.petrm@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
898979c7 |
|
11-Jul-2023 |
Ido Schimmel <idosch@nvidia.com> |
mlxsw: spectrum_acl: Pass main driver structure to mlxsw_sp_acl_rulei_destroy() The main driver structure will be needed in this function by a subsequent patch, so pass it. No functional changes intended. Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Petr Machata <petrm@nvidia.com> Link: https://lore.kernel.org/r/24d96a4e21310e5de2951ace58263db35e44a0df.1689092769.git.petrm@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
74cbc3c0 |
|
06-Feb-2023 |
Ido Schimmel <idosch@nvidia.com> |
mlxsw: spectrum_acl_tcam: Move devlink param to TCAM code Cited commit added 'DEVLINK_CMD_PARAM_DEL' notifications whenever the network namespace of the devlink instance is changed. Specifically, the notifications are generated after calling reload_down(), but before calling reload_up(). At this stage, the data structures accessed while reading the value of the "acl_region_rehash_interval" devlink parameter are uninitialized, resulting in a use-after-free [1]. Fix by moving the registration and unregistration of the devlink parameter to the TCAM code where it is actually used. This means that the parameter is unregistered during reload_down() and then re-registered during reload_up(), avoiding the use-after-free between these two operations. Reproducer: # ip netns add test123 # devlink dev reload pci/0000:06:00.0 netns test123 [1] BUG: KASAN: use-after-free in mlxsw_sp_acl_tcam_vregion_rehash_intrvl_get+0xb2/0xd0 Read of size 4 at addr ffff888162fd37d8 by task devlink/1323 [...] Call Trace: <TASK> dump_stack_lvl+0x95/0xbd print_report+0x181/0x4a1 kasan_report+0xdb/0x200 mlxsw_sp_acl_tcam_vregion_rehash_intrvl_get+0xb2/0xd0 mlxsw_sp_params_acl_region_rehash_intrvl_get+0x32/0x80 devlink_nl_param_fill.constprop.0+0x29a/0x11e0 devlink_param_notify.constprop.0+0xb9/0x250 devlink_notify_unregister+0xbc/0x470 devlink_reload+0x1aa/0x440 devlink_nl_cmd_reload+0x559/0x11b0 genl_family_rcv_msg_doit.isra.0+0x1f8/0x2e0 genl_rcv_msg+0x558/0x7f0 netlink_rcv_skb+0x170/0x440 genl_rcv+0x2d/0x40 netlink_unicast+0x53f/0x810 netlink_sendmsg+0x961/0xe80 __sys_sendto+0x2a4/0x420 __x64_sys_sendto+0xe5/0x1c0 do_syscall_64+0x38/0x80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Fixes: 7d7e9169a3ec ("devlink: move devlink reload notifications back in between _down() and _up() calls") Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Petr Machata <petrm@nvidia.com> Reviewed-by: Jacob Keller <jacob.e.keller@intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
463e1ab8 |
|
06-Feb-2022 |
Danielle Ratson <danieller@nvidia.com> |
mlxsw: Support FLOW_ACTION_MANGLE for SIP and DIP IPv6 addresses Spectrum-2 supports an ACL action SIP_DIP, which allows IPv4 and IPv6 source and destination addresses change. Offload suitable mangles to the IPv6 address change action. Signed-off-by: Danielle Ratson <danieller@nvidia.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d7809b62 |
|
06-Feb-2022 |
Danielle Ratson <danieller@nvidia.com> |
mlxsw: Support FLOW_ACTION_MANGLE for SIP and DIP IPv4 addresses Spectrum-2 supports an ACL action SIP_DIP, which allows IPv4 and IPv6 source and destination addresses change. Offload suitable mangles to the IPv4 address change action. Signed-off-by: Danielle Ratson <danieller@nvidia.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c934757d |
|
01-Dec-2021 |
Amit Cohen <amcohen@nvidia.com> |
mlxsw: Use u16 for local_port field instead of u8 Currently, local_port field is saved as u8, which means that maximum 256 ports can be used. As preparation for Spectrum-4, which will support more than 256 ports, local_port field should be extended. Save local_port as u16 to allow use of additional ports. Signed-off-by: Amit Cohen <amcohen@nvidia.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
45aad0b7 |
|
16-Mar-2021 |
Ido Schimmel <idosch@nvidia.com> |
mlxsw: spectrum_acl: Offload FLOW_ACTION_SAMPLE Implement support for action sample when used with a flower classifier by implementing the required sampler_add() / sampler_del() callbacks and registering an Rx listener for the sampled packets. The sampler_add() callback returns an error for Spectrum-1 as the functionality is not supported. In Spectrum-{2,3} the callback creates a mirroring agent towards the CPU. The agent's identifier is used by the policy engine code to mirror towards the CPU with probability. The Rx listener for the sampled packet is registered with the 'policy engine' mirroring reason and passes trapped packets to the psample module after looking up their parameters (e.g., sampling group). Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
af11e818 |
|
15-Jul-2020 |
Ido Schimmel <idosch@mellanox.com> |
mlxsw: spectrum_acl: Offload FLOW_ACTION_POLICE Offload action police when used with a flower classifier. The number of dropped packets is read from the policer and reported to tc. Signed-off-by: Ido Schimmel <idosch@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Reviewed-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
ce10d7d4 |
|
21-Jun-2020 |
Petr Machata <petrm@mellanox.com> |
mlxsw: spectrum_acl: Support FLOW_ACTION_MANGLE for TCP, UDP ports Spectrum-2 supports an ACL action L4_PORT, which allows TCP and UDP source and destination port number change. Offload suitable mangles to this action. Signed-off-by: Petr Machata <petrm@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
3cc9a15a |
|
21-Jun-2020 |
Petr Machata <petrm@mellanox.com> |
mlxsw: spectrum: Split handling of pedit mangle by chip type Certain ACL actions are only available on some Spectrum revisions. In particular, L4_PORT_ACTION is not available on Spectrum-1. Introduce a new ops struct intended to hold these differences, mlxsw_sp_rulei_ops. Prime it with a sole member, act_mangle_field, meant for handling of pedit mangles. Create two ops structures, one for Spectrum-1, the other for Spectrum-2 and above. Add callbacks for act_mangle_field and dispatch to the common handler. Invoke mlxsw_sp_rulei_ops.act_mangle_field from the field mangler instead of calling the common handler directly. Signed-off-by: Petr Machata <petrm@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
593bb843 |
|
09-May-2020 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_flower: Expose a function to get min and max rule priority Introduce an infrastructure that allows to get minimum and maximum rule priority for specified chain. This is going to be used by a subsequent patch to enforce ordering between flower and matchall filters. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
6c8cd435 |
|
27-Apr-2020 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Use block variable in mlxsw_sp_acl_rule_del() On couple of places in mlxsw_sp_acl_rule_del(), block variable is not used directly as it could be. So do it. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d52238eb |
|
27-Apr-2020 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum: Push flow_block related functions into a separate file The code around flow_block is currently mixed in spectrum_acl.c. However, as it really does not directly relate to ACL part only, push the bits into a separate file. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
3bc3ffb6 |
|
27-Apr-2020 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum: Rename acl_block to flow_block The acl_block structure is going to be used for non-acl case - matchall offload. So rename it accordingly. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
49c958cc |
|
27-Apr-2020 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Move block helpers into inline header functions The struct is defined in the header, no need to have the helpers in the c file. Move the helpers to the header. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c391eb83 |
|
21-Apr-2020 |
Dan Carpenter <dan.carpenter@oracle.com> |
mlxsw: Fix some IS_ERR() vs NULL bugs The mlxsw_sp_acl_rulei_create() function is supposed to return an error pointer from mlxsw_afa_block_create(). The problem is that these functions both return NULL instead of error pointers. Half the callers expect NULL and half expect error pointers so it could lead to a NULL dereference on failure. This patch changes both of them to return error pointers and changes all the callers which checked for NULL to check for IS_ERR() instead. Fixes: 4cda7d8d7098 ("mlxsw: core: Introduce flexible actions support") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
93a129eb |
|
28-Mar-2020 |
Jiri Pirko <jiri@mellanox.com> |
net: sched: expose HW stats types per action used by drivers It may be up to the driver (in case ANY HW stats is passed) to select which type of HW stats he is going to use. Add an infrastructure to expose this information to user. $ tc filter add dev enp3s0np1 ingress proto ip handle 1 pref 1 flower dst_ip 192.168.1.1 action drop $ tc -s filter show dev enp3s0np1 ingress filter protocol ip pref 1 flower chain 0 filter protocol ip pref 1 flower chain 0 handle 0x1 eth_type ipv4 dst_ip 192.168.1.1 in_hw in_hw_count 2 action order 1: gact action drop random type none pass val 0 index 1 ref 1 bind 1 installed 10 sec used 10 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 used_hw_stats immediate <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
9b4b16bb |
|
26-Mar-2020 |
Petr Machata <petrm@mellanox.com> |
mlxsw: spectrum_flower: Offload FLOW_ACTION_MANGLE Offload action pedit ex munge when used with a flower classifier. Only allow setting of DSCP, ECN, or the whole DSField in IPv4 and IPv6 packets. Signed-off-by: Petr Machata <petrm@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
463957e3 |
|
19-Mar-2020 |
Petr Machata <petrm@mellanox.com> |
mlxsw: spectrum_flower: Offload FLOW_ACTION_PRIORITY Offload action skbedit priority when keyed to a flower classifier. The skb->priority field in Linux is very generic, so only allow setting the bottom 8 priorities and bounce anything else. Signed-off-by: Petr Machata <petrm@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
f16e7f64 |
|
06-Mar-2020 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Ask device for rule stats only if counter was created Set a flag in case rule counter was created. Only query the device for stats of a rule, which has the valid counter assigned. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
6d19d2bd |
|
25-Feb-2020 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: core_acl_flex_actions: Implement flow_offload action cookie offload Track cookies coming down to driver by flow_offload. Assign a cookie_index to each unique cookie binary. Use previously defined "Trap with userdef" flex action to ask HW to pass cookie_index alongside with the dropped packets. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
3128f3a1 |
|
24-Feb-2020 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Pass the ingress indication down to flex action The ACL flex action will have to know if it is in ingress or egress, so it can use correct trap ID. Pass the ingress indication down to it. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
86272d33 |
|
24-Feb-2020 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_flower: Disable mixed bound blocks to contain action drop Action drop is going to be tracked by two separate traps, one for ingress and one for egress. Prepare for it and disallow the possibility to have drop action in blocks which are bound to both ingress and egress. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
68cc7ecc |
|
24-Feb-2020 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Track ingress and egress block bindings Count the number of ingress and egress block bindings. Use the egress counter in "is_egress_bound" helper. Add couple of helpers to check ingress and mixed bound. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
b32bd7f7 |
|
23-Feb-2020 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Make block arg const where appropriate There are couple of places where block pointer as a function argument can be const. So make those const. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
e99f8e7f |
|
18-Feb-2020 |
Gustavo A. R. Silva <gustavo@embeddedor.com> |
mlxsw: Replace zero-length array with flexible-array member The current codebase makes use of the zero-length array language extension to the C90 standard, but the preferred mechanism to declare variable-length types such as these ones is a flexible array member[1][2], introduced in C99: struct foo { int stuff; struct boo array[]; }; By making use of the mechanism above, we will get a compiler warning in case the flexible array does not occur last in the structure, which will help us prevent some kind of undefined behavior bugs from being inadvertently introduced[3] to the codebase from now on. Also, notice that, dynamic memory allocations won't be affected by this change: "Flexible array members have incomplete type, and so the sizeof operator may not be applied. As a quirk of the original implementation of zero-length arrays, sizeof evaluates to zero."[1] This issue was found with the help of Coccinelle. [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html [2] https://github.com/KSPP/linux/issues/21 [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Tested-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
971de2e5 |
|
22-Jan-2020 |
Ido Schimmel <idosch@mellanox.com> |
mlxsw: spectrum_acl: Fix use-after-free during reload During reload (or module unload), the router block is de-initialized. Among other things, this results in the removal of a default multicast route from each active virtual router (VRF). These default routes are configured during initialization to trap packets to the CPU. In Spectrum-2, unlike Spectrum-1, multicast routes are implemented using ACL rules. Since the router block is de-initialized before the ACL block, it is possible that the ACL rules corresponding to the default routes are deleted while being accessed by the ACL delayed work that queries rules' activity from the device. This can result in a rare use-after-free [1]. Fix this by protecting the rules list accessed by the delayed work with a lock. We cannot use a spinlock as the activity read operation is blocking. [1] [ 123.331662] ================================================================== [ 123.339920] BUG: KASAN: use-after-free in mlxsw_sp_acl_rule_activity_update_work+0x330/0x3b0 [ 123.349381] Read of size 8 at addr ffff8881f3bb4520 by task kworker/0:2/78 [ 123.357080] [ 123.358773] CPU: 0 PID: 78 Comm: kworker/0:2 Not tainted 5.5.0-rc5-custom-33108-gf5df95d3ef41 #2209 [ 123.368898] Hardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018 [ 123.378456] Workqueue: mlxsw_core mlxsw_sp_acl_rule_activity_update_work [ 123.385970] Call Trace: [ 123.388734] dump_stack+0xc6/0x11e [ 123.392568] print_address_description.constprop.4+0x21/0x340 [ 123.403236] __kasan_report.cold.8+0x76/0xb1 [ 123.414884] kasan_report+0xe/0x20 [ 123.418716] mlxsw_sp_acl_rule_activity_update_work+0x330/0x3b0 [ 123.444034] process_one_work+0xb06/0x19a0 [ 123.453731] worker_thread+0x91/0xe90 [ 123.467348] kthread+0x348/0x410 [ 123.476847] ret_from_fork+0x24/0x30 [ 123.480863] [ 123.482545] Allocated by task 73: [ 123.486273] save_stack+0x19/0x80 [ 123.490000] __kasan_kmalloc.constprop.6+0xc1/0xd0 [ 123.495379] mlxsw_sp_acl_rule_create+0xa7/0x230 [ 123.500566] mlxsw_sp2_mr_tcam_route_create+0xf6/0x3e0 [ 123.506334] mlxsw_sp_mr_tcam_route_create+0x5b4/0x820 [ 123.512102] mlxsw_sp_mr_table_create+0x3b5/0x690 [ 123.517389] mlxsw_sp_vr_get+0x289/0x4d0 [ 123.521797] mlxsw_sp_fib_node_get+0xa2/0x990 [ 123.526692] mlxsw_sp_router_fib4_event_work+0x54c/0x2d60 [ 123.532752] process_one_work+0xb06/0x19a0 [ 123.537352] worker_thread+0x91/0xe90 [ 123.541471] kthread+0x348/0x410 [ 123.545103] ret_from_fork+0x24/0x30 [ 123.549113] [ 123.550795] Freed by task 518: [ 123.554231] save_stack+0x19/0x80 [ 123.557958] __kasan_slab_free+0x125/0x170 [ 123.562556] kfree+0xd7/0x3a0 [ 123.565895] mlxsw_sp_acl_rule_destroy+0x63/0xd0 [ 123.571081] mlxsw_sp2_mr_tcam_route_destroy+0xd5/0x130 [ 123.576946] mlxsw_sp_mr_tcam_route_destroy+0xba/0x260 [ 123.582714] mlxsw_sp_mr_table_destroy+0x1ab/0x290 [ 123.588091] mlxsw_sp_vr_put+0x1db/0x350 [ 123.592496] mlxsw_sp_fib_node_put+0x298/0x4c0 [ 123.597486] mlxsw_sp_vr_fib_flush+0x15b/0x360 [ 123.602476] mlxsw_sp_router_fib_flush+0xba/0x470 [ 123.607756] mlxsw_sp_vrs_fini+0xaa/0x120 [ 123.612260] mlxsw_sp_router_fini+0x137/0x384 [ 123.617152] mlxsw_sp_fini+0x30a/0x4a0 [ 123.621374] mlxsw_core_bus_device_unregister+0x159/0x600 [ 123.627435] mlxsw_devlink_core_bus_device_reload_down+0x7e/0xb0 [ 123.634176] devlink_reload+0xb4/0x380 [ 123.638391] devlink_nl_cmd_reload+0x610/0x700 [ 123.643382] genl_rcv_msg+0x6a8/0xdc0 [ 123.647497] netlink_rcv_skb+0x134/0x3a0 [ 123.651904] genl_rcv+0x29/0x40 [ 123.655436] netlink_unicast+0x4d4/0x700 [ 123.659843] netlink_sendmsg+0x7c0/0xc70 [ 123.664251] __sys_sendto+0x265/0x3c0 [ 123.668367] __x64_sys_sendto+0xe2/0x1b0 [ 123.672773] do_syscall_64+0xa0/0x530 [ 123.676892] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 123.682552] [ 123.684238] The buggy address belongs to the object at ffff8881f3bb4500 [ 123.684238] which belongs to the cache kmalloc-128 of size 128 [ 123.698261] The buggy address is located 32 bytes inside of [ 123.698261] 128-byte region [ffff8881f3bb4500, ffff8881f3bb4580) [ 123.711303] The buggy address belongs to the page: [ 123.716682] page:ffffea0007ceed00 refcount:1 mapcount:0 mapping:ffff888236403500 index:0x0 [ 123.725958] raw: 0200000000000200 dead000000000100 dead000000000122 ffff888236403500 [ 123.734646] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 123.743315] page dumped because: kasan: bad access detected [ 123.749562] [ 123.751241] Memory state around the buggy address: [ 123.756620] ffff8881f3bb4400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 123.764716] ffff8881f3bb4480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 123.772812] >ffff8881f3bb4500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 123.780904] ^ [ 123.785697] ffff8881f3bb4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 123.793793] ffff8881f3bb4600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 123.801883] ================================================================== Fixes: cf7221a4f5a5 ("mlxsw: spectrum_router: Add Multicast routing support for Spectrum-2") Signed-off-by: Ido Schimmel <idosch@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
ef01adae |
|
15-Aug-2019 |
Pablo Neira Ayuso <pablo@netfilter.org> |
net: sched: use major priority number as hardware priority tc transparently maps the software priority number to hardware. Update it to pass the major priority which is what most drivers expect. Update drivers too so they do not need to lshift the priority field of the flow_cls_common_offload object. The stmmac driver is an exception, since this code assumes the tc software priority is fine, therefore, lshift it just to be conservative. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c9588e28 |
|
27-Jul-2019 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Track rules that forbid egress block bind Some matches and actions are not supported on egress. Track such rules and forbid a bind of block which contains them to egress. With this patch, the kernel tells the user he cannot do that: $ tc qdisc add dev ens16np1 ingress_block 22 clsact $ tc filter add block 22 protocol 802.1q pref 2 handle 101 flower vlan_id 100 skip_sw action pass $ tc qdisc add dev ens16np2 egress_block 22 clsact Error: mlxsw_spectrum: Block cannot be bound to egress because it contains unsupported rules. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
0c1f391d |
|
19-Jun-2019 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_flower: Implement support for ingress device matching Benefit from the previously extended flow_dissector infrastructure and offload matching on ingress port. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
98bbf70c |
|
07-Feb-2019 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum: add "acl_region_rehash_interval" devlink param Expose new driver-specific "acl_region_rehash_interval" devlink param which would allow user to alter default ACL region rehash interval. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c4c2dc54 |
|
07-Feb-2019 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Split entry struct into entry and ventry Do the split of entry struct so the new entry struct is related to the actual HW entry, whereas ventry struct is a SW abstration of that. This split prepares possibility for ventry to hold 2 HW entries which is needed for region ERP rehash flow. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
73867881 |
|
01-Feb-2019 |
Pablo Neira Ayuso <pablo@netfilter.org> |
drivers: net: use flow action infrastructure This patch updates drivers to use the new flow action infrastructure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
3021afe1 |
|
27-Jan-2019 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Fix rul/rule typo Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
42d704e0 |
|
27-Jan-2019 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Remove unnecessary arg on action_replace call path No need to pass ruleset/group and chunk pointers on action_replace call path, nobody uses them. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c20580c2 |
|
10-Dec-2018 |
Nir Dotan <nird@mellanox.com> |
mlxsw: spectrum_acl: Support rule creation without action creation Up until now, when ACL rule was created its action was created with it. It suits well for tc flower where ACL rule always needs an action, however it does not suit multicast router, where the action is created prior to setting a route, which in Spectrum-2 is actually an ACL rule. Add support for rule creation without action creation. Do it by adding afa_block argument to mlxsw_sp_acl_rule_create, which if NULL then an action would be created, also add an indication within struct mlxsw_sp_acl_rule_info that tells if the action should be destroyed when the rule is destroyed. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
2507a64c |
|
10-Dec-2018 |
Nir Dotan <nird@mellanox.com> |
mlxsw: spectrum_acl: Add replace rule action operation Multicast routes actions may be updated after creation. An example for that is an addition of an egress interface to an existing route. So far, as tc flower API dictated, ACL rules were either created or deleted. Since multicast routes in Spectrum-2 are written to ACL as any rule, it is required to allow the update of a rule's action as it may change. Add methods and operations to support updating rule's action. This is supported only for Spectrum-2. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
9948a064 |
|
09-Aug-2018 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: Replace license text with SPDX identifiers and adjust copyrights Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
903fcf73 |
|
09-Aug-2018 |
Nir Dotan <nird@mellanox.com> |
mlxsw: spectrum_flower: Disallow usage of vlan_id key on egress As recent spectrum FW imposes a limitation on using vlan_id key for egress ACL, disallow the usage of that key accordingly and return a proper extack message. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
af1fe786 |
|
24-Jul-2018 |
Nir Dotan <nird@mellanox.com> |
mlxsw: spectrum_acl: Add extack messages Return extack messages for failures in action set creation. Messages provide reasons for not being able to implement the action in HW. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
ad7769ca |
|
24-Jul-2018 |
Nir Dotan <nird@mellanox.com> |
mlxsw: spectrum_acl: Propagate extack pointer Propagate extack pointer in order to add extack messages for ACL. In the follow-up patches, appropriate messages will be added in various points. Signed-off-by: Nir Dotan <nird@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
e2f2a1fd |
|
23-Jul-2018 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum: Implement chain template hinting Since cld_flower provides information about the filter template for specific chain, use this information in order to prepare a region. Use the template to find out what elements are going to be used and pass that down to mlxsw_sp_acl_tcam_group_add(). Later on, when the first filter is inserted, the mlxsw_sp_acl_tcam_group_use_patterns() function would use this element usage information instead of looking up a pattern. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c17d2083 |
|
08-Jul-2018 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Convert mlxsw_afk_create args to ops Since the flex keys for Spectrum-2 differ not only in blocks definitions but also in encoding layout, prepare for the implementation and pass Spectrum/Spectrum-2 specific ops down to mlxsw_afk_create. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
bab5c1cf |
|
08-Jul-2018 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Add tcam init/fini ops Add ops to be called on driver instance init and fini. This is needed in order to be possible to do Spectrum-2 specific init and fini work. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
64eccd00 |
|
08-Jul-2018 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Split TCAM handling 3 ways To allow easy and clean Spectrum-2 implementation for things that differ from Spectrum, split the existing ACL TCAM code 3 ways: 1) common code that calls Spectrum/Spectrum-2 specific ops 2) Spectrum ops implementations 3) common C-TCAM code that is going to be shared between Spectrum and Spectrum-2 implementations Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
2139469b |
|
08-Jul-2018 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Ignore always-zeroed bits in tp->prio The lowest 16 bits of tp->prio are always zero, so ignore them with a shift. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d4b0d20f |
|
08-Jul-2018 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum: Change name of mlxsw_sp_afk_blocks to mlxsw_sp1_afk_blocks This is specific for Spectrum as Spectrum-2 has completely different key blocks. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
808be37a |
|
19-Mar-2018 |
Ido Schimmel <idosch@mellanox.com> |
mlxsw: spectrum_acl: Adapt ACL configuration to new firmware versions The driver currently creates empty ACL groups, binds them to the requested port and then fills them with actual ACLs that point to TCAM regions. However, empty ACL groups are considered invalid and upcoming firmware versions are going to forbid their binding. Work around this limitation by only performing the binding after the first ACL was added to the group. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
49bae2f3 |
|
09-Mar-2018 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum: Fix gact_ok offloading For ok GACT action, TERMINATE binding_cmd should be used in action set passed down to HW. Fixes: b2925957ec1a9 ("mlxsw: spectrum_flower: Offload "ok" termination action") Signed-off-by: Jiri Pirko <jiri@mellanox.com> Reported-by: Alexander Petrovskiy <alexpe@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
52a6444c |
|
27-Feb-2018 |
Petr Machata <petrm@mellanox.com> |
mlxsw: Move a mirroring check to mlxsw_sp_span_entry_create The check for whether a mirror port (which is a mlxsw front panel port) belongs to the same mlxsw instance as the mirrored port, is currently only done in spectrum_acl, even though it's applicable for the matchall case as well. Thus move it to mlxsw_sp_span_entry_create(). Signed-off-by: Petr Machata <petrm@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
169b5d95 |
|
27-Feb-2018 |
Petr Machata <petrm@mellanox.com> |
mlxsw: spectrum_span: Generalize SPAN support To support mirroring to different device types, the functions that partake in configuring the port analyzer need to be extended to admit non-trivial SPAN types. Create a structure where all details of SPAN configuration are kept, struct mlxsw_sp_span_parms. Also create struct mlxsw_sp_span_entry_ops to keep per-SPAN-type operations. Instantiate the latter once for MLXSW_REG_MPAT_SPAN_TYPE_LOCAL_ETH, and once for a suite of NOP callbacks used for invalidated SPAN entry. Put the formet as a sole member of a new array mlxsw_sp_span_entry_types, where all known SPAN types are kept. Introduce a new function, mlxsw_sp_span_entry_ops(), to look up the right ops suite given a netdevice. Change mlxsw_sp_span_mirror_add() to use both parms and ops structures. Change mlxsw_sp_span_entry_get() and mlxsw_sp_span_entry_create() to take these as arguments. Modify mlxsw_sp_span_entry_configure() and mlxsw_sp_span_entry_deconfigure() to dispatch to ops. Signed-off-by: Petr Machata <petrm@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
079c9f39 |
|
27-Feb-2018 |
Petr Machata <petrm@mellanox.com> |
mlxsw: spectrum: Keep mirror netdev in mlxsw_sp_span_entry Currently the only mirror action supported by mlxsw is mirror to another mlxsw physical port. Correspondingly, span_entry, which tracks each mlxsw mirror in the system, currently holds a u8 number of the destination port. To extend this system to mirror to gretap and ip6gretap netdevices, have struct mlxsw_sp_span_entry actually hold the destination netdevice itself. This change then trickles down in obvious manner to SPAN module API and mirror-related interfaces in struct mlxsw_afa_ops. To prevent use of invalid pointer, NETDEV_UNREGISTER needs to be hooked and the corresponding SPAN entry invalidated. Signed-off-by: Petr Machata <petrm@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d0d13c18 |
|
19-Jan-2018 |
Arkadi Sharshevsky <arkadis@mellanox.com> |
mlxsw: spectrum_acl: Add support for mirror action Add support for mirror action. Only one mirror action can be set per rule. Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c18c1e18 |
|
19-Jan-2018 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: core: Make counter index allocated inside the action append So far, the caller of mlxsw_afa_block_append_counter needed to allocate counter index by hand. Benefit from the previously introduced resource infra and counter_index_get/put callbacks, and allocate the counter index in place where it is needed, inside the action append function. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
4b23258d |
|
17-Jan-2018 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Pass mlxsw_sp_port down to ruleset bind/unbind ops No need to convert from mlxsw_sp_port to net_device and back again. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Acked-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
3aaff323 |
|
17-Jan-2018 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Implement TC block sharing Benefit from the prepared TC and in-driver ACL infrastructure and introduce block sharing offload. For that, a new struct "block" is introduced in spectrum_acl in order to hold a list of specific block-port bindings. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Acked-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
02caf499 |
|
17-Jan-2018 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Don't store netdev and ingress for ruleset unbind Instead, pass netdev and ingress flag to ruleset unbind op. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Acked-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
9fe5fdf2 |
|
17-Jan-2018 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Reshuffle code around mlxsw_sp_acl_ruleset_create/destroy In order to prepare for follow-up changes, make the bind/unbind helpers very simple. That required move of ht insertion/removal and bind/unbind calls into mlxsw_sp_acl_ruleset_create/destroy. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Acked-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
2a52a8c6 |
|
25-Sep-2017 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Propagate errors from mlxsw_afa_block_jump/continue Propagate error instead of doing WARN_ON right away. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
9cb3fa94 |
|
19-Sep-2017 |
Yotam Gigi <yotamg@mellanox.com> |
mlxsw: acl: Change trap ACL action to get the trap_id as a parameter Allow the trap ACL action to be configured with different traps. This allows the multicast router offloading code to use that same ACL action with the multicast router traps. By using different traps, the multicast router can have different trap policies and can handle the packet differently. Signed-off-by: Yotam Gigi <yotamg@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d3b939b8 |
|
19-Sep-2017 |
Yotam Gigi <yotamg@mellanox.com> |
mlxsw: spectrum: Move ACL flexible actions instance to spectrum A flexible action instance allows, given a set of ops, creating, committing and sharing a set of ACL action blocks. The flexible action instance in question is using the spectrum KVD linear space to store the flexible action sets. Move this flexible action instance to the common spectrum struct to allow other users (such as multicast router) to get that functionality. Signed-off-by: Yotam Gigi <yotamg@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
dbec8ee9 |
|
23-Aug-2017 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Provide helper to lookup ruleset We need to lookup ruleset in order to offload goto_chain termination action. This patch adds it. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
0ade3b64 |
|
23-Aug-2017 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum_acl: Allow to get group_id value for a ruleset For goto_chain action we need to know group_id of a ruleset to jump to. Provide infrastructure in order to get it. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
45b62742 |
|
23-Aug-2017 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum: Offload multichain TC rules Reflect chain index coming down from TC core and create a ruleset per chain. Note that only chain 0, being the implicit chain, is bound to the device for processing. The rest of chains have to be "jumped-to" by actions. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
4bb51bd6 |
|
31-Jul-2017 |
Petr Machata <petrm@mellanox.com> |
mlxsw: spectrum_acl: Fix a typo Signed-off-by: Petr Machata <petrm@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
df7eea96 |
|
06-Jun-2017 |
Jiri Pirko <jiri@mellanox.com> |
acl: Introduce ACL trap action Use trap/discard flex action to implement trap. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Reviewed-by: Yotam Gigi <yotamg@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a1107487 |
|
26-May-2017 |
Ido Schimmel <idosch@mellanox.com> |
mlxsw: spectrum: Implement common FID core The device supports three types of FIDs. 802.1Q and 802.1D FIDs for VLAN-aware and VLAN-unaware bridges (respectively) and rFIDs to transport packets to the router block. The different users (e.g., bridge, router, ACLs) of the FIDs infrastructure need not know about the internal FIDs implementation and can therefore interact with it using a restricted set of exported functions. By encapsulating the entire FID logic and hiding it from the rest of the driver we get a code base that it much simpler and easier to work with and extend. For example, in the current Spectrum ASIC only 802.1D FIDs can be assigned a VNI, but future ASICs will also support 802.1Q FIDs. With this patch in place, support for future ASICs can be easily added by implementing a new FID operations according to their capabilities. Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
ac44dd43 |
|
18-Apr-2017 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum: Implement action to set FID Implement part of multipurpose Virtual Router and Forwarding Domain Action that takes care of setting up FID. We need to use it to be able to forward packets using ACL action when no FID is associated on RX. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
13124443 |
|
25-Mar-2017 |
Arkadi Sharshevsky <arkadis@mellanox.com> |
mlxsw: spectrum_kvdl: Cosmetic kvdl allocator API change Currently the return allocated index and err value are multiplexed. This patch changes the API to decouple the ret value from the allocated index. Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
7c1b8eb1 |
|
11-Mar-2017 |
Arkadi Sharshevsky <arkadis@mellanox.com> |
mlxsw: spectrum: Add support for TC flower offload statistics Add support for TC flower offload statistics including number of packets, bytes and last use timestamp. Currently the statistics are gathered on a per-rule basis. Signed-off-by: Arkadi Sharshvesky <arkadis@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
48170729 |
|
11-Mar-2017 |
Arkadi Sharshevsky <arkadis@mellanox.com> |
mlxsw: spectrum: Add support for counters on TCAM entries Add support for packets and byte statistics on TCAM entries. The counters are allocated from the generic flow counters pool. Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
446a1541 |
|
11-Mar-2017 |
Arkadi Sharshevsky <arkadis@mellanox.com> |
mlxsw: spectrum: Add periodic ACL rule activity update Introduce periodic task for dumping the activity status for the ACL rule TCAM entries. This is done in order to emulate last use statistics. Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.comi> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
096e914f |
|
11-Mar-2017 |
Arkadi Sharshevsky <arkadis@mellanox.com> |
mlxsw: spectrum: Add support for direct rule access Currently the ACL rules can be accessed only by hashing. In order to dump the activity the rules are also placed in a list. Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a150201a |
|
09-Mar-2017 |
Petr Machata <petrm@mellanox.com> |
mlxsw: spectrum: Add support for vlan modify TC action Add VLAN action offloading. Invoke it from Spectrum flower handler for "vlan modify" actions. Signed-off-by: Petr Machata <petrm@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
22a67766 |
|
03-Feb-2017 |
Jiri Pirko <jiri@mellanox.com> |
mlxsw: spectrum: Introduce ACL core with simple TCAM implementation Add ACL core infrastructure for Spectrum ASIC. This infra provides an abstraction layer over specific HW implementations. There are two basic objects used. One is "rule" and the second is "ruleset" which serves as a container of multiple rules. In general, within one ruleset the rules are allowed to have multiple priorities and masks. Each ruleset is bound to either ingress or egress a of port netdevice. The initial TCAM implementation is very simple and limited. It utilizes parman lsort manager to take care of TCAM region layout. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Reviewed-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|