From patchwork Wed Nov 9 11:41:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steen Hegelund X-Patchwork-Id: 17502 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp285495wru; Wed, 9 Nov 2022 03:44:12 -0800 (PST) X-Google-Smtp-Source: AA0mqf7Vi8fweRo/dJ2ucdK3PsWhGRNJ1IpJXJp1XrSkWxH3htg1tcg/VMwpO1As6h+bV2WL2VXH X-Received: by 2002:a17:903:11c6:b0:188:81f8:e2e4 with SMTP id q6-20020a17090311c600b0018881f8e2e4mr14528679plh.142.1667994252008; Wed, 09 Nov 2022 03:44:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667994252; cv=none; d=google.com; s=arc-20160816; b=eKuJOCbpdsBsjd1CyjZGw4bN0fwqcWKoNh+jzwwH4XfGV8Akp0LCYxPonyHLv7Uim/ qNTDj5qdQAHR6oDrtEuFBP+8IfdFp0/fnxb4HEFUr9SIc7VYajlaOBSHtqNUVHfOkQo4 ug+p0JER7Jg2s55HYshhnYbDlI43s8rPCHn7EbHh/HPzVglEk2bGlBPVVCAQnnudL2N3 1usdU3JzaBcOca8KSvMq6cAm1VK7WzxPakeX7hCz0O+eiz5IXfKJsn+Jq4mxkiajWLga PFOPvPR06Qjcf4K+E2R7jeBi47jICQ7sOVUyZfvmiTMyPhDfbA3QsAEM47ttRx51oLVo /bWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=2LgFHqesXEWN/mGF9Mv3kgNRPUHTZQzwfP6syMbLtvE=; b=bON1zXYRXuSV6d7G2uvmIKG631B4H7Blsa6sDrfTC3XbJ8TOyHXC8Si7wNGzHfHj2s ML+a7FTKFCNZhMkJJjbUah2N9zlE3HpYiNcgsRupuqNOVZdwXwYky/XdzFU6UHJxLl5J KSjiokVfubEUAAV7fWteY8PQZaR6JKXsAumlQRcpLIrcEocQBOJa0Pehl0P6urfZlegj 26o8L/1iFIKCPEceQL2zrA6YfOgW9PiHivz8iCEeWL1qrY6Gm/Z/ZNSl4HCPT1BPjjBV F7S36T+1oso/4xuTPJoJtYtrIvu+Sw7Z859IEjIjV/f77t1CscNyFje+GkPx3HMUBihS 3LYA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@microchip.com header.s=mchp header.b="B/WO5LTi"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=microchip.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j24-20020a63cf18000000b00461f124bc4csi17474114pgg.86.2022.11.09.03.43.58; Wed, 09 Nov 2022 03:44:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@microchip.com header.s=mchp header.b="B/WO5LTi"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=microchip.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230176AbiKILmO (ORCPT + 99 others); Wed, 9 Nov 2022 06:42:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55962 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230392AbiKILls (ORCPT ); Wed, 9 Nov 2022 06:41:48 -0500 Received: from esa.microchip.iphmx.com (esa.microchip.iphmx.com [68.232.154.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D64C2EF2D; Wed, 9 Nov 2022 03:41:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=microchip.com; i=@microchip.com; q=dns/txt; s=mchp; t=1667994106; x=1699530106; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=+W6heY0OWTfT6RRvl+2wVYvfqiqmJULsVcGpkSGMnWY=; b=B/WO5LTiKUE/w7Qtl8b4L8T98f18q0JL1ID/HjyPJkz80e6V1ZefUayz 2m6p92FPGPH2yScQDghTYyBcD9tk3iHT+kmAEgV51ujbZevUXTjAayc/R 1LuAiTtvxt/VjCmltDouzP3gwmBdhr367YUMEc00Z1HbhhXWc9ZVPfNCa A8H94z7um7IY95E5H2YQuaAzMchxFeHltLqMKgZ93r4AR2nDNDTdQ2uMK V8q7iXjgFyj4ct4NeDE5uh0SbM9wHiXXOebBQsNIgFkwn5RAb85Dca0Kc m3TdlYL91URo6XcV0jevs3m5k8Bk6ooId3lZG4TST1W7H6iyRxCiC8gra g==; X-IronPort-AV: E=Sophos;i="5.96,150,1665471600"; d="scan'208";a="182651248" Received: from unknown (HELO email.microchip.com) ([170.129.1.10]) by esa4.microchip.iphmx.com with ESMTP/TLS/AES256-SHA256; 09 Nov 2022 04:41:45 -0700 Received: from chn-vm-ex02.mchp-main.com (10.10.85.144) by chn-vm-ex01.mchp-main.com (10.10.85.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.12; Wed, 9 Nov 2022 04:41:43 -0700 Received: from den-dk-m31857.microchip.com (10.10.115.15) by chn-vm-ex02.mchp-main.com (10.10.85.144) with Microsoft SMTP Server id 15.1.2507.12 via Frontend Transport; Wed, 9 Nov 2022 04:41:40 -0700 From: Steen Hegelund To: "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni CC: Steen Hegelund , , Randy Dunlap , "Casper Andersson" , Russell King , Wan Jiabing , "Nathan Huckleberry" , , , , "Daniel Machon" , Horatiu Vultur , Lars Povlsen Subject: [PATCH net-next v6 6/8] net: microchip: sparx5: Let VCAP API validate added key- and actionfields Date: Wed, 9 Nov 2022 12:41:14 +0100 Message-ID: <20221109114116.3612477-7-steen.hegelund@microchip.com> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221109114116.3612477-1-steen.hegelund@microchip.com> References: <20221109114116.3612477-1-steen.hegelund@microchip.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749018740629550962?= X-GMAIL-MSGID: =?utf-8?q?1749018740629550962?= Add support for validating keyfields and actionfields when they are added to a VCAP rule. We need to ensure that the field is not already present and that the field is in the key- or actionset, if the client has added a key- or actionset to the rule at this point. Signed-off-by: Steen Hegelund --- .../net/ethernet/microchip/vcap/vcap_api.c | 103 +++++++++++++++++- 1 file changed, 101 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/microchip/vcap/vcap_api.c b/drivers/net/ethernet/microchip/vcap/vcap_api.c index 37122ba1e201..73ec7744c21f 100644 --- a/drivers/net/ethernet/microchip/vcap/vcap_api.c +++ b/drivers/net/ethernet/microchip/vcap/vcap_api.c @@ -790,6 +790,13 @@ const char *vcap_keyfield_name(struct vcap_control *vctrl, } EXPORT_SYMBOL_GPL(vcap_keyfield_name); +/* map action field id to a string with the action name */ +static const char *vcap_actionfield_name(struct vcap_control *vctrl, + enum vcap_action_field action) +{ + return vctrl->stats->actionfield_names[action]; +} + /* Return the keyfield that matches a key in a keyset */ static const struct vcap_field * vcap_find_keyset_keyfield(struct vcap_control *vctrl, @@ -1162,14 +1169,60 @@ static void vcap_copy_from_client_keyfield(struct vcap_rule *rule, memcpy(&field->data, data, sizeof(field->data)); } +/* Check if the keyfield is already in the rule */ +static bool vcap_keyfield_unique(struct vcap_rule *rule, + enum vcap_key_field key) +{ + struct vcap_rule_internal *ri = to_intrule(rule); + const struct vcap_client_keyfield *ckf; + + list_for_each_entry(ckf, &ri->data.keyfields, ctrl.list) + if (ckf->ctrl.key == key) + return false; + return true; +} + +/* Check if the keyfield is in the keyset */ +static bool vcap_keyfield_match_keyset(struct vcap_rule *rule, + enum vcap_key_field key) +{ + struct vcap_rule_internal *ri = to_intrule(rule); + enum vcap_keyfield_set keyset = rule->keyset; + enum vcap_type vt = ri->admin->vtype; + const struct vcap_field *fields; + + /* the field is accepted if the rule has no keyset yet */ + if (keyset == VCAP_KFS_NO_VALUE) + return true; + fields = vcap_keyfields(ri->vctrl, vt, keyset); + if (!fields) + return false; + /* if there is a width there is a way */ + return fields[key].width > 0; +} + static int vcap_rule_add_key(struct vcap_rule *rule, enum vcap_key_field key, enum vcap_field_type ftype, struct vcap_client_keyfield_data *data) { + struct vcap_rule_internal *ri = to_intrule(rule); struct vcap_client_keyfield *field; - /* More validation will be added here later */ + if (!vcap_keyfield_unique(rule, key)) { + pr_warn("%s:%d: keyfield %s is already in the rule\n", + __func__, __LINE__, + vcap_keyfield_name(ri->vctrl, key)); + return -EINVAL; + } + + if (!vcap_keyfield_match_keyset(rule, key)) { + pr_err("%s:%d: keyfield %s does not belong in the rule keyset\n", + __func__, __LINE__, + vcap_keyfield_name(ri->vctrl, key)); + return -EINVAL; + } + field = kzalloc(sizeof(*field), GFP_KERNEL); if (!field) return -ENOMEM; @@ -1262,14 +1315,60 @@ static void vcap_copy_from_client_actionfield(struct vcap_rule *rule, memcpy(&field->data, data, sizeof(field->data)); } +/* Check if the actionfield is already in the rule */ +static bool vcap_actionfield_unique(struct vcap_rule *rule, + enum vcap_action_field act) +{ + struct vcap_rule_internal *ri = to_intrule(rule); + const struct vcap_client_actionfield *caf; + + list_for_each_entry(caf, &ri->data.actionfields, ctrl.list) + if (caf->ctrl.action == act) + return false; + return true; +} + +/* Check if the actionfield is in the actionset */ +static bool vcap_actionfield_match_actionset(struct vcap_rule *rule, + enum vcap_action_field action) +{ + enum vcap_actionfield_set actionset = rule->actionset; + struct vcap_rule_internal *ri = to_intrule(rule); + enum vcap_type vt = ri->admin->vtype; + const struct vcap_field *fields; + + /* the field is accepted if the rule has no actionset yet */ + if (actionset == VCAP_AFS_NO_VALUE) + return true; + fields = vcap_actionfields(ri->vctrl, vt, actionset); + if (!fields) + return false; + /* if there is a width there is a way */ + return fields[action].width > 0; +} + static int vcap_rule_add_action(struct vcap_rule *rule, enum vcap_action_field action, enum vcap_field_type ftype, struct vcap_client_actionfield_data *data) { + struct vcap_rule_internal *ri = to_intrule(rule); struct vcap_client_actionfield *field; - /* More validation will be added here later */ + if (!vcap_actionfield_unique(rule, action)) { + pr_warn("%s:%d: actionfield %s is already in the rule\n", + __func__, __LINE__, + vcap_actionfield_name(ri->vctrl, action)); + return -EINVAL; + } + + if (!vcap_actionfield_match_actionset(rule, action)) { + pr_err("%s:%d: actionfield %s does not belong in the rule actionset\n", + __func__, __LINE__, + vcap_actionfield_name(ri->vctrl, action)); + return -EINVAL; + } + field = kzalloc(sizeof(*field), GFP_KERNEL); if (!field) return -ENOMEM;