tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'net-sparx5-flower-validate-control-flags'

Asbjørn Sloth Tønnesen says:

====================
net: sparx5: flower: validate control flags

This series adds flower control flags validation to the
sparx5 driver, and changes it from assuming that it handles
all control flags, to instead reject rules if they have
masked any unknown/unsupported control flags.
Reviewed-by: Daniel Machon <daniel.machon@microchip.com>
Tested-by: Daniel Machon <daniel.machon@microchip.com>

v1: https://lore.kernel.org/netdev/20240423102728.228765-1-ast@fiberby.net/
====================

Link: https://lore.kernel.org/r/20240424121632.459022-1-ast@fiberby.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski df654941 c984f374

+12 -8
+12 -8
drivers/net/ethernet/microchip/sparx5/sparx5_tc_flower.c
··· 159 159 static int 160 160 sparx5_tc_flower_handler_control_usage(struct vcap_tc_flower_parse_usage *st) 161 161 { 162 + struct netlink_ext_ack *extack = st->fco->common.extack; 162 163 struct flow_match_control mt; 163 164 u32 value, mask; 164 165 int err = 0; 165 166 166 167 flow_rule_match_control(st->frule, &mt); 167 168 168 - if (mt.mask->flags) { 169 + if (mt.mask->flags & (FLOW_DIS_IS_FRAGMENT | FLOW_DIS_FIRST_FRAG)) { 169 170 u8 is_frag_key = !!(mt.key->flags & FLOW_DIS_IS_FRAGMENT); 170 171 u8 is_frag_mask = !!(mt.mask->flags & FLOW_DIS_IS_FRAGMENT); 171 172 u8 is_frag_idx = (is_frag_key << 1) | is_frag_mask; ··· 179 178 u8 vdt = sparx5_vcap_frag_map[is_frag_idx][first_frag_idx]; 180 179 181 180 if (vdt == FRAG_INVAL) { 182 - NL_SET_ERR_MSG_MOD(st->fco->common.extack, 181 + NL_SET_ERR_MSG_MOD(extack, 183 182 "Match on invalid fragment flag combination"); 184 183 return -EINVAL; 185 184 } ··· 191 190 err = vcap_rule_add_key_u32(st->vrule, 192 191 VCAP_KF_L3_FRAGMENT_TYPE, 193 192 value, mask); 194 - if (err) 195 - goto out; 193 + if (err) { 194 + NL_SET_ERR_MSG_MOD(extack, "ip_frag parse error"); 195 + return err; 196 + } 196 197 } 198 + 199 + if (!flow_rule_is_supp_control_flags(FLOW_DIS_IS_FRAGMENT | 200 + FLOW_DIS_FIRST_FRAG, 201 + mt.mask->flags, extack)) 202 + return -EOPNOTSUPP; 197 203 198 204 st->used_keys |= BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL); 199 205 200 - return err; 201 - 202 - out: 203 - NL_SET_ERR_MSG_MOD(st->fco->common.extack, "ip_frag parse error"); 204 206 return err; 205 207 } 206 208