nfp: add whitelist of supported flow dissector
authorPieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
Wed, 13 Sep 2017 17:15:58 +0000 (10:15 -0700)
committerDavid S. Miller <davem@davemloft.net>
Wed, 13 Sep 2017 20:29:13 +0000 (13:29 -0700)
Previously we did not check the flow dissector against a list of allowed
and supported flow key dissectors. This patch introduces such a list and
correctly rejects unsupported flow keys.

Fixes: 43f84b72c50d ("nfp: add metadata to each flow offload")
Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/ethernet/netronome/nfp/flower/offload.c

index d396183108f76dc25f0d28724c5bee42b1948666..a18b4d2b1d3ea2d86352c7f0d07f0a894e600ad2 100644 (file)
 #include "../nfp_net.h"
 #include "../nfp_port.h"
 
+#define NFP_FLOWER_WHITELIST_DISSECTOR \
+       (BIT(FLOW_DISSECTOR_KEY_CONTROL) | \
+        BIT(FLOW_DISSECTOR_KEY_BASIC) | \
+        BIT(FLOW_DISSECTOR_KEY_IPV4_ADDRS) | \
+        BIT(FLOW_DISSECTOR_KEY_IPV6_ADDRS) | \
+        BIT(FLOW_DISSECTOR_KEY_PORTS) | \
+        BIT(FLOW_DISSECTOR_KEY_ETH_ADDRS) | \
+        BIT(FLOW_DISSECTOR_KEY_VLAN) | \
+        BIT(FLOW_DISSECTOR_KEY_IP))
+
 static int
 nfp_flower_xmit_flow(struct net_device *netdev,
                     struct nfp_fl_payload *nfp_flow, u8 mtype)
@@ -112,6 +122,9 @@ nfp_flower_calculate_key_layers(struct nfp_fl_key_ls *ret_key_ls,
        u8 key_layer;
        int key_size;
 
+       if (flow->dissector->used_keys & ~NFP_FLOWER_WHITELIST_DISSECTOR)
+               return -EOPNOTSUPP;
+
        if (dissector_uses_key(flow->dissector,
                               FLOW_DISSECTOR_KEY_ENC_CONTROL)) {
                struct flow_dissector_key_control *mask_enc_ctl =