patches for DPDK stable branches
 help / color / mirror / Atom feed
From: Kevin Traynor <ktraynor@redhat.com>
To: Xiaoyu Min <jackmin@mellanox.com>
Cc: Viacheslav Ovsiienko <viacheslavo@mellanox.com>,
	dpdk stable <stable@dpdk.org>
Subject: [dpdk-stable] patch 'net/mlx5: validate flow rule item order' has been queued to LTS release 18.11.6
Date: Tue,  3 Dec 2019 18:27:04 +0000	[thread overview]
Message-ID: <20191203182714.17297-55-ktraynor@redhat.com> (raw)
In-Reply-To: <20191203182714.17297-1-ktraynor@redhat.com>

Hi,

FYI, your patch has been queued to LTS release 18.11.6

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 12/10/19. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/16dfdb13c1e86e2643b2181f6b7dc1a966e6e460

Thanks.

Kevin.

---
From 16dfdb13c1e86e2643b2181f6b7dc1a966e6e460 Mon Sep 17 00:00:00 2001
From: Xiaoyu Min <jackmin@mellanox.com>
Date: Wed, 11 Sep 2019 16:46:15 +0800
Subject: [PATCH] net/mlx5: validate flow rule item order

[ upstream commit 906a2efae8da8507bab2d089c544d4fa4150a5fd ]

The Item order validation between L2 and L3 is missing, which leading to
the following flow rule is accepted:

  testpmd> flow create 0 ingress pattern ipv4 / eth / end actions drop /
           end

Only the outer L3 layer should check whether the L2 layer is present,
because the L3 layer could directly follow the tunnel layer
without L2 layer.

Meanwhile inner L2 layer should check whether there is inner L3 layer
before it.

Fixes: 23c1d42c7138 ("net/mlx5: split flow validation to dedicated function")

Signed-off-by: Xiaoyu Min <jackmin@mellanox.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@mellanox.com>
---
 drivers/net/mlx5/mlx5_flow.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index f19b27ede..cf9cdcfe3 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -1069,4 +1069,9 @@ mlx5_flow_validate_item_eth(const struct rte_flow_item *item,
 					  RTE_FLOW_ERROR_TYPE_ITEM, item,
 					  "multiple L2 layers not supported");
+	if (tunnel && (item_flags & MLX5_FLOW_LAYER_INNER_L3))
+		return rte_flow_error_set(error, EINVAL,
+					  RTE_FLOW_ERROR_TYPE_ITEM, item,
+					  "inner L2 layer should not "
+					  "follow inner L3 layers");
 	if (!mask)
 		mask = &rte_flow_item_eth_mask;
@@ -1112,4 +1117,6 @@ mlx5_flow_validate_item_vlan(const struct rte_flow_item *item,
 					MLX5_FLOW_LAYER_OUTER_VLAN;
 
+	const uint64_t l2m = tunnel ? MLX5_FLOW_LAYER_INNER_L2 :
+				      MLX5_FLOW_LAYER_OUTER_L2;
 	if (item_flags & vlanm)
 		return rte_flow_error_set(error, EINVAL,
@@ -1120,4 +1127,8 @@ mlx5_flow_validate_item_vlan(const struct rte_flow_item *item,
 					  RTE_FLOW_ERROR_TYPE_ITEM, item,
 					  "L2 layer cannot follow L3/L4 layer");
+	else if ((item_flags & l2m) == 0)
+		return rte_flow_error_set(error, EINVAL,
+					  RTE_FLOW_ERROR_TYPE_ITEM, item,
+					  "no L2 layer before VLAN");
 	if (!mask)
 		mask = &rte_flow_item_vlan_mask;
@@ -1186,4 +1197,8 @@ mlx5_flow_validate_item_ipv4(const struct rte_flow_item *item,
 					  RTE_FLOW_ERROR_TYPE_ITEM, item,
 					  "L3 cannot follow an L4 layer.");
+	else if (!tunnel && !(item_flags & MLX5_FLOW_LAYER_OUTER_L2))
+		return rte_flow_error_set(error, EINVAL,
+					  RTE_FLOW_ERROR_TYPE_ITEM, item,
+					  "no L2 layer before IPV4");
 	if (!mask)
 		mask = &rte_flow_item_ipv4_mask;
@@ -1250,4 +1265,8 @@ mlx5_flow_validate_item_ipv6(const struct rte_flow_item *item,
 					  RTE_FLOW_ERROR_TYPE_ITEM, item,
 					  "L3 cannot follow an L4 layer.");
+	else if (!tunnel && !(item_flags & MLX5_FLOW_LAYER_OUTER_L2))
+		return rte_flow_error_set(error, EINVAL,
+					  RTE_FLOW_ERROR_TYPE_ITEM, item,
+					  "no L2 layer before IPV6");
 	if (!mask)
 		mask = &rte_flow_item_ipv6_mask;
-- 
2.21.0

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2019-12-03 17:29:54.913024875 +0000
+++ 0055-net-mlx5-validate-flow-rule-item-order.patch	2019-12-03 17:29:51.778749370 +0000
@@ -1 +1 @@
-From 906a2efae8da8507bab2d089c544d4fa4150a5fd Mon Sep 17 00:00:00 2001
+From 16dfdb13c1e86e2643b2181f6b7dc1a966e6e460 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 906a2efae8da8507bab2d089c544d4fa4150a5fd ]
+
@@ -20 +21,0 @@
-Cc: stable@dpdk.org
@@ -29 +30 @@
-index 482f65b5d..578d00338 100644
+index f19b27ede..cf9cdcfe3 100644
@@ -32 +33 @@
-@@ -1225,4 +1225,9 @@ mlx5_flow_validate_item_eth(const struct rte_flow_item *item,
+@@ -1069,4 +1069,9 @@ mlx5_flow_validate_item_eth(const struct rte_flow_item *item,
@@ -42 +43 @@
-@@ -1271,4 +1276,6 @@ mlx5_flow_validate_item_vlan(const struct rte_flow_item *item,
+@@ -1112,4 +1117,6 @@ mlx5_flow_validate_item_vlan(const struct rte_flow_item *item,
@@ -49 +50 @@
-@@ -1279,4 +1286,8 @@ mlx5_flow_validate_item_vlan(const struct rte_flow_item *item,
+@@ -1120,4 +1127,8 @@ mlx5_flow_validate_item_vlan(const struct rte_flow_item *item,
@@ -58 +59 @@
-@@ -1391,4 +1402,8 @@ mlx5_flow_validate_item_ipv4(const struct rte_flow_item *item,
+@@ -1186,4 +1197,8 @@ mlx5_flow_validate_item_ipv4(const struct rte_flow_item *item,
@@ -60 +61 @@
- 					  "L3 cannot follow an NVGRE layer.");
+ 					  "L3 cannot follow an L4 layer.");
@@ -67 +68 @@
-@@ -1482,4 +1497,8 @@ mlx5_flow_validate_item_ipv6(const struct rte_flow_item *item,
+@@ -1250,4 +1265,8 @@ mlx5_flow_validate_item_ipv6(const struct rte_flow_item *item,
@@ -69 +70 @@
- 					  "L3 cannot follow an NVGRE layer.");
+ 					  "L3 cannot follow an L4 layer.");


  parent reply	other threads:[~2019-12-03 18:29 UTC|newest]

Thread overview: 65+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-03 18:26 [dpdk-stable] patch 'ethdev: remove redundant device info cleanup before get' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/sfc: fix missing notification on link status change' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'vhost: fix slave request fd leak' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/bonding: fix link speed update in broadcast mode' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'app/testpmd: fix crash on port reset' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'vhost: forbid reallocation when running' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'vhost: fix vring address handling during live migration' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'vhost: protect vring access done by application' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/vhost: fix redundant queue state event' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'vhost: fix vring memory partially mapped' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/virtio: fix Rx stats with vectorized functions' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/virtio: get all pending Rx packets in vectorized paths' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/mlx5: fix BlueField VF type recognition' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/cxgbe: add prefix to global functions' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/cxgbe: fix null access when allocating CLIP entry' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/cxgbe: fix slot allocation for IPv6 flows' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/cxgbe: fix parsing VLAN ID rewrite action' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/cxgbe: fix prefetch for non-coalesced Tx packets' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/cxgbe: avoid polling link status before device start' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/ixgbe: fix X553 speed capability' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/i40e: set speed to undefined for default case' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/bonding: fix slave id types' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/bonding: fix OOB access in other aggregator modes' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/null: fix multi-process Rx and Tx' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/bnxt: remove duplicate barrier' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/bnxt: replace memory barrier for doorbell response' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/bnxt: enforce IO barrier for doorbell command' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/bnxt: fix flow steering' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/bnxt: fix accessing variable before null check' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/szedata2: fix dependency " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/bnxt: fix multicast filter programming' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/qede: limit Rx ring index read for debug' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/atlantic: add FW mailbox guard mutex' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'net/cxgbe: fix races on flow API operations' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'event/sw: fix xstats reset value' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'event/dpaa2: fix default queue configuration' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'build: avoid overlinking' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'vfio: fix leak with multiprocess' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'service: use log for error messages' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'test/mbuf: fix forged mbuf in clone test' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'eal/ppc: fix 64-bit atomic exchange operation' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'devtools: fix cleanup of checkpatch temporary file' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'event/dpaa: fix number of supported atomic flows' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'test/lpm: fix measured cycles for delete' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'eal/linux: restore specific hugepage ordering for ppc' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'eal: remove dead code on NUMA node detection' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'crypto/dpaa_sec: fix auth-cipher check for AEAD' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'cryptodev: fix checks related to device id' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'doc: fix typo in l2fwd-crypto guide' " Kevin Traynor
2019-12-03 18:26 ` [dpdk-stable] patch 'crypto/qat: fix null auth when using VFIO' " Kevin Traynor
2019-12-03 18:27 ` [dpdk-stable] patch 'crypto/qat: fix AES CMAC mininum digest size' " Kevin Traynor
2019-12-03 18:27 ` [dpdk-stable] patch 'lib/distributor: fix deadlock on aarch64' " Kevin Traynor
2019-12-03 18:27 ` [dpdk-stable] patch 'test/distributor: fix spurious failure' " Kevin Traynor
2019-12-03 18:27 ` [dpdk-stable] patch 'bus/pci: remove useless link dependency on ethdev' " Kevin Traynor
2019-12-03 18:27 ` Kevin Traynor [this message]
2019-12-03 18:27 ` [dpdk-stable] patch 'test/bonding: fix LSC related cases' " Kevin Traynor
2019-12-03 18:27 ` [dpdk-stable] patch 'test/bonding: fix LSC timeout unit' " Kevin Traynor
2019-12-03 18:27 ` [dpdk-stable] patch 'net/enic: fix probe for secondary process' " Kevin Traynor
2019-12-03 18:27 ` [dpdk-stable] patch 'net/enic: fix crash in " Kevin Traynor
2019-12-03 18:27 ` [dpdk-stable] patch 'net/tap: fix blocked Rx packets' " Kevin Traynor
2019-12-03 18:27 ` [dpdk-stable] patch 'net/bnxt: return error if setting link up fails' " Kevin Traynor
2019-12-03 18:27 ` [dpdk-stable] patch 'net/bnxt: remove unnecessary variable assignment' " Kevin Traynor
2019-12-03 18:27 ` [dpdk-stable] patch 'net/qede/base: fix page index for PBL chains' " Kevin Traynor
2019-12-03 18:27 ` [dpdk-stable] patch 'net/bnxt: fix dereference before null check' " Kevin Traynor
2019-12-03 18:27 ` [dpdk-stable] patch 'net/bnxt: cleanup comments' " Kevin Traynor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191203182714.17297-55-ktraynor@redhat.com \
    --to=ktraynor@redhat.com \
    --cc=jackmin@mellanox.com \
    --cc=stable@dpdk.org \
    --cc=viacheslavo@mellanox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).