tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'net-lan966x-flower-validate-control-flags'
Asbjørn Sloth Tønnesen says:
====================
net: lan966x: flower: validate control flags
This series adds flower control flags validation to the
lan966x driver, and changes it from assuming that it handles
all control flags, to instead reject rules if they have
masked any unknown/unsupported control flags.
v1: https://lore.kernel.org/netdev/20240423102720.228728-1-ast@fiberby.net/
====================
Link: https://lore.kernel.org/r/20240424125347.461995-1-ast@fiberby.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+10
-4
+10
-4
drivers/net/ethernet/microchip/lan966x/lan966x_tc_flower.c
+10
-4
drivers/net/ethernet/microchip/lan966x/lan966x_tc_flower.c
···
45
45
static int
46
46
lan966x_tc_flower_handler_control_usage(struct vcap_tc_flower_parse_usage *st)
47
47
{
48
+
struct netlink_ext_ack *extack = st->fco->common.extack;
48
49
struct flow_match_control match;
49
50
int err = 0;
50
51
···
60
59
VCAP_KF_L3_FRAGMENT,
61
60
VCAP_BIT_0);
62
61
if (err)
63
-
goto out;
62
+
goto bad_frag_out;
64
63
}
65
64
66
65
if (match.mask->flags & FLOW_DIS_FIRST_FRAG) {
···
73
72
VCAP_KF_L3_FRAG_OFS_GT0,
74
73
VCAP_BIT_1);
75
74
if (err)
76
-
goto out;
75
+
goto bad_frag_out;
77
76
}
77
+
78
+
if (!flow_rule_is_supp_control_flags(FLOW_DIS_IS_FRAGMENT |
79
+
FLOW_DIS_FIRST_FRAG,
80
+
match.mask->flags, extack))
81
+
return -EOPNOTSUPP;
78
82
79
83
st->used_keys |= BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL);
80
84
81
85
return err;
82
86
83
-
out:
84
-
NL_SET_ERR_MSG_MOD(st->fco->common.extack, "ip_frag parse error");
87
+
bad_frag_out:
88
+
NL_SET_ERR_MSG_MOD(extack, "ip_frag parse error");
85
89
return err;
86
90
}
87
91