From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id F3EE9A00BE for ; Mon, 7 Mar 2022 18:17:57 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E71DB41226; Mon, 7 Mar 2022 18:17:57 +0100 (CET) Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2044.outbound.protection.outlook.com [40.107.236.44]) by mails.dpdk.org (Postfix) with ESMTP id 803654014E; Mon, 7 Mar 2022 18:17:55 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PgibBy3IQ4qceqPGBpl9qSUy8DUmqGFViwJ4SwrB1/zoQ9T7Opo4w50pbFg56pyu+B4AuP6IVJGMGX5wvsnXefgO3RWHNTe7RyYwP/93xpqObbkKucZh26hAXQNKcOyUE7KH239bRGIqBPjYexADzJ5XXj0DTXvPjc/m16VMwnGWxQsCJ7Co8WlBFLKUkikIfVI4+vSeExyJPp/5PEGXvZrGRHYbFiSa3mVT/x4oNG+hwtsmTQ1q1XAFFMkWteft46U6NQKNITtZ7pCWbV63DQVrGgZnDmDoB8I/ng9VM7LjEKZ+AOuROlyO6sAZd1FSDJSBmS6/Wu3V32nr71h56Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MR4id5AOc+f2EV8ttsxMnAD2XEYCgCDtj3PUOlt50WM=; b=RYx8MSWuq/99YVS59KYleKipMLnpf6emrEff5fYMjNSn6QyQ/DtTvMT76OX5Qwqsw1ivlnQtao4aP392rtjYrcEzT5EBYz+obdO5i/TwRDnsQtC/6+hrAepYVHucqcW0G5TG/zVLYf7XFAVMqEu+Ep9WOkNBRiHUysotoCRKDn1vP1Wamo82Fzr3AmAzGwFfFpmR6l3tk6QzCPdzoT1DQaWa54j2RZCmuetxULWFzTajWbAEqLqifq7ysAdo/lM/xt/CEKurV8yZK4sD9bhOdMLdQp358j4cwT/XlSKWPmviUvMr6v7VtqHrroV/rJmKIP1/f/eXMpXHhIveNZWvHg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 12.22.5.234) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MR4id5AOc+f2EV8ttsxMnAD2XEYCgCDtj3PUOlt50WM=; b=BhA9MSt8c2E1Gio0K2Zbeya2lyQIgbTeVYwXi/XVaq3wh9e3i6A6pougMZbEsR3Wa4fZ9nunwTa43tJygHDEW0fC7htbY4xQFa5+fRf9XiyRn0KsMItuAs5rrvLyu8DHz5wS3B/XeYb2g2HjQ7ycsHA1QRTW1HtZaJJATMdurydu6L/3+qeEdAd6khlN+scWNCJ59CUDhzig41Q0hjSFrNjCyWza2Du5R0qkmpO40TgZxfPGWVk2z/zNtEq+a8UU3aSohqBvSdt/UiBCM1eCUIsy8u+/frfbtnH9BOZggPvYfD4hZtbLizjWM8esct0ojY2p58375MpABnNz8Se6ow== Received: from DM6PR02CA0117.namprd02.prod.outlook.com (2603:10b6:5:1b4::19) by BN8PR12MB3556.namprd12.prod.outlook.com (2603:10b6:408:41::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.19; Mon, 7 Mar 2022 17:17:52 +0000 Received: from DM6NAM11FT045.eop-nam11.prod.protection.outlook.com (2603:10b6:5:1b4:cafe::bb) by DM6PR02CA0117.outlook.office365.com (2603:10b6:5:1b4::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14 via Frontend Transport; Mon, 7 Mar 2022 17:17:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 12.22.5.234) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 12.22.5.234 as permitted sender) receiver=protection.outlook.com; client-ip=12.22.5.234; helo=mail.nvidia.com; Received: from mail.nvidia.com (12.22.5.234) by DM6NAM11FT045.mail.protection.outlook.com (10.13.173.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.5038.14 via Frontend Transport; Mon, 7 Mar 2022 17:17:52 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by DRHQMAIL101.nvidia.com (10.27.9.10) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 7 Mar 2022 17:17:48 +0000 Received: from nvidia.com (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.9; Mon, 7 Mar 2022 09:17:45 -0800 From: Gregory Etelson To: CC: , , , , Viacheslav Ovsiienko , Dekel Peled , Ori Kam Subject: [PATCH] net/mlx5: fix IPv6 flow item validation for VERB API Date: Mon, 7 Mar 2022 19:17:31 +0200 Message-ID: <20220307171731.3643-1-getelson@nvidia.com> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.126.231.35] X-ClientProxiedBy: rnnvmail203.nvidia.com (10.129.68.9) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 785f0176-e833-4ded-77bc-08da005e6972 X-MS-TrafficTypeDiagnostic: BN8PR12MB3556:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: QKA2dC9oAewY7iEKmcKmC+hmkcT7afIyfJPV+fyHiOJEB+uhc7Ya3ltXXm4gA4Od0MRenOUxCAuvX+WNFL5maF7wjaXZmPEfaQxNpIMY0s9N0ayA0rq7hho4bVkd0wMtQPqpwsdL12KxEDDh+UCtxepsOtPEOmhSgawjFwyiG1Vigk+eoCzQ27wERSVZdmkc2q4AO3hcR6DVhC2lo67V6RnBmVhBRbEfhR0yW7qOPRgLUctrclHrl+k0Uo/g6SzJkpZ54jHJPUDR+AhmeIUuz96gpSrm9W6PiY0DJ42aFiFQAeSg4rbMHhv+CfEb2RM+k5PqUC1nE9LCxMfKTLDk0LXCwxK700ekZ+svZtFhfcEGnJHE4ZtxP3fklm9Z4j4lYSuzNoAhIVfvogBaHuat8MOo2SPwcGtmSjzhmGRpMECQD5ENM9IlAKE4PtgNDB3oSBM4MqchG19u1HprWTJgnEz2GvVqsZQmMCAKTV5miPlsNkl7fZoabHHA6hniRTLQskem6+mpnuQTQkxCWHvaH/vnKR6UoMtYQHJN6liTnZM3AJcyWmjaBzseM8zqwxRslVgnXswn7b8D8XD23HNI2op9UDT6DfrK5tBewFc2s7AsUfvxY8mTHNwXaWsBTx6zpOjQEn2ZVdADJuu2jbDIJDIgzlKhbPMfKxAlKRThA0Qx8zpafT1sWHR13TqTtmCi8sR1FF43qjY4lz4mq0FQGQ== X-Forefront-Antispam-Report: CIP:12.22.5.234; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:mail.nvidia.com; PTR:InfoNoRecords; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(16526019)(86362001)(2616005)(186003)(70586007)(1076003)(107886003)(26005)(81166007)(356005)(40460700003)(83380400001)(82310400004)(426003)(450100002)(336012)(36860700001)(47076005)(8676002)(36756003)(54906003)(6916009)(70206006)(316002)(4326008)(8936002)(2906002)(5660300002)(508600001)(55016003)(6286002)(7696005)(6666004)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Mar 2022 17:17:52.0819 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 785f0176-e833-4ded-77bc-08da005e6972 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[12.22.5.234]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT045.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR12MB3556 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org In case the PMD was activated over VERB API, limit IPv6 flow item next protocol mask value to 0 or 0xFF. The limitation is required for RSS flow action TCP and UDP types. Cc: stable@dpdk.org Fixes: 491757372f98 ("net/mlx5: enforce limitation on IPv6 next protocol") Signed-off-by: Gregory Etelson Acked-by: Matan Azrad --- drivers/net/mlx5/mlx5_flow.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c index 312649b732..97f05d7d30 100644 --- a/drivers/net/mlx5/mlx5_flow.c +++ b/drivers/net/mlx5/mlx5_flow.c @@ -2562,8 +2562,6 @@ mlx5_flow_validate_item_ipv6(const struct rte_flow_item *item, RTE_FLOW_ERROR_TYPE_ITEM, item, "IPv6 cannot follow L2/VLAN layer " "which ether type is not IPv6"); - if (mask && mask->hdr.proto == UINT8_MAX && spec) - next_proto = spec->hdr.proto; if (item_flags & MLX5_FLOW_LAYER_TUNNEL) { if (next_proto == IPPROTO_IPIP || next_proto == IPPROTO_IPV6) return rte_flow_error_set(error, EINVAL, @@ -2572,16 +2570,6 @@ mlx5_flow_validate_item_ipv6(const struct rte_flow_item *item, "multiple tunnel " "not supported"); } - if (next_proto == IPPROTO_HOPOPTS || - next_proto == IPPROTO_ROUTING || - next_proto == IPPROTO_FRAGMENT || - next_proto == IPPROTO_ESP || - next_proto == IPPROTO_AH || - next_proto == IPPROTO_DSTOPTS) - return rte_flow_error_set(error, EINVAL, - RTE_FLOW_ERROR_TYPE_ITEM, item, - "IPv6 proto (next header) should " - "not be set as extension header"); if (item_flags & MLX5_FLOW_LAYER_IPIP) return rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ITEM, item, @@ -2609,6 +2597,21 @@ mlx5_flow_validate_item_ipv6(const struct rte_flow_item *item, MLX5_ITEM_RANGE_NOT_ACCEPTED, error); if (ret < 0) return ret; + if (mask->hdr.proto != 0 && mask->hdr.proto != 0xff) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask, + "partial mask is not supported for protocol"); + next_proto = spec->hdr.proto & mask->hdr.proto; + if (next_proto == IPPROTO_HOPOPTS || + next_proto == IPPROTO_ROUTING || + next_proto == IPPROTO_FRAGMENT || + next_proto == IPPROTO_ESP || + next_proto == IPPROTO_AH || + next_proto == IPPROTO_DSTOPTS) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ITEM, item, + "IPv6 proto (next header) should " + "not be set as extension header"); return 0; } -- 2.35.1