Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v5.8 2020-06-16T01:06:52Z 2020-06-16T01:06:52Z Alaa Hleihel alaa@mellanox.com 2020-06-14T11:12:48Z urn:sha1:762f926d6f19b9ab4dee0f98d55fc67e276cd094 Currently, tcf_ct_flow_table_restore_skb is exported by act_ct module, therefore modules using it will have hard-dependency on act_ct and will require loading it all the time. This can lead to an unnecessary overhead on systems that do not use hardware connection tracking action (ct_metadata action) in the first place. To relax the hard-dependency between the modules, we unexport this function and make it a static inline one. Fixes: 30b0cf90c6dd ("net/sched: act_ct: Support restoring conntrack info on skbs") Signed-off-by: Alaa Hleihel <alaa@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-05-01T23:08:19Z Po Liu Po.Liu@nxp.com 2020-05-01T00:53:16Z urn:sha1:d29bdd69ecdd70e8e3c2268fc8e188d6ab55e54a Add the gate action to the flow action entry. Add the gate parameters to the tc_setup_flow_action() queueing to the entries of flow_action_entry array provide to the driver. Signed-off-by: Po Liu <Po.Liu@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-05-01T23:08:19Z Po Liu Po.Liu@nxp.com 2020-05-01T00:53:15Z urn:sha1:a51c328df3106663879645680609eb49b3ff6444 Introduce a ingress frame gate control flow action. Tc gate action does the work like this: Assume there is a gate allow specified ingress frames can be passed at specific time slot, and be dropped at specific time slot. Tc filter chooses the ingress frames, and tc gate action would specify what slot does these frames can be passed to device and what time slot would be dropped. Tc gate action would provide an entry list to tell how much time gate keep open and how much time gate keep state close. Gate action also assign a start time to tell when the entry list start. Then driver would repeat the gate entry list cyclically. For the software simulation, gate action requires the user assign a time clock type. Below is the setting example in user space. Tc filter a stream source ip address is 192.168.0.20 and gate action own two time slots. One is last 200ms gate open let frame pass another is last 100ms gate close let frames dropped. When the ingress frames have reach total frames over 8000000 bytes, the excessive frames will be dropped in that 200000000ns time slot. > tc qdisc add dev eth0 ingress > tc filter add dev eth0 parent ffff: protocol ip \ flower src_ip 192.168.0.20 \ action gate index 2 clockid CLOCK_TAI \ sched-entry open 200000000 -1 8000000 \ sched-entry close 100000000 -1 -1 > tc chain del dev eth0 ingress chain 0 "sched-entry" follow the name taprio style. Gate state is "open"/"close". Follow with period nanosecond. Then next item is internal priority value means which ingress queue should put. "-1" means wildcard. The last value optional specifies the maximum number of MSDU octets that are permitted to pass the gate during the specified time interval. Base-time is not set will be 0 as default, as result start time would be ((N + 1) * cycletime) which is the minimal of future time. Below example shows filtering a stream with destination mac address is 10:00:80:00:00:00 and ip type is ICMP, follow the action gate. The gate action would run with one close time slot which means always keep close. The time cycle is total 200000000ns. The base-time would calculate by: 1357000000000 + (N + 1) * cycletime When the total value is the future time, it will be the start time. The cycletime here would be 200000000ns for this case. > tc filter add dev eth0 parent ffff: protocol ip \ flower skip_hw ip_proto icmp dst_mac 10:00:80:00:00:00 \ action gate index 12 base-time 1357000000000 \ sched-entry close 200000000 -1 -1 \ clockid CLOCK_TAI Signed-off-by: Po Liu <Po.Liu@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-03-20T04:09:19Z Petr Machata petrm@mellanox.com 2020-03-19T13:47:21Z urn:sha1:2ce124109c0fe0ea03233ae3625583de1f25e89c The skbedit action "priority" is used for adjusting SKB priority. Allow drivers to offload the action by introducing two new skbedit getters and a new flow action, and initializing appropriately in tc_setup_flow_action(). Signed-off-by: Petr Machata <petrm@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-03-20T04:09:19Z Petr Machata petrm@mellanox.com 2020-03-19T13:47:20Z urn:sha1:fe93f0b225ea45fe1fd72c991bd53f9e3d69276d The two functions is_tcf_skbedit_mark() and is_tcf_skbedit_ptype() have a very similar structure. A follow-up patch will add one more such function. Instead of more cut'n'pasting, extract a helper function that checks whether a TC action is an skbedit with the required flag. Convert the two existing functions into thin wrappers around the helper. Signed-off-by: Petr Machata <petrm@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-03-20T03:25:52Z Ido Schimmel idosch@mellanox.com 2020-03-19T11:33:10Z urn:sha1:3ebaf6da07168c3ab80dac71e063a9ae5a6882ff The cited commit removed RTNL from tc_setup_flow_action(), but the function calls two tunnel key action helpers that use rtnl_dereference() to fetch the action's parameters. This leads to "suspicious RCU usage" warnings [1][2]. Change the helpers to use rcu_dereference_protected() while requiring the action's lock to be held. This is safe because the two helpers are only called from tc_setup_flow_action() which acquires the lock. [1] [ 156.950855] ============================= [ 156.955463] WARNING: suspicious RCU usage [ 156.960085] 5.6.0-rc5-custom-47426-gdfe43878d573 #2409 Not tainted [ 156.967116] ----------------------------- [ 156.971728] include/net/tc_act/tc_tunnel_key.h:31 suspicious rcu_dereference_protected() usage! [ 156.981583] [ 156.981583] other info that might help us debug this: [ 156.981583] [ 156.990675] [ 156.990675] rcu_scheduler_active = 2, debug_locks = 1 [ 156.998205] 1 lock held by tc/877: [ 157.002187] #0: ffff8881cbf7bea0 (&(&p->tcfa_lock)->rlock){+...}, at: tc_setup_flow_action+0xbe/0x4f78 [ 157.012866] [ 157.012866] stack backtrace: [ 157.017886] CPU: 2 PID: 877 Comm: tc Not tainted 5.6.0-rc5-custom-47426-gdfe43878d573 #2409 [ 157.027253] Hardware name: Mellanox Technologies Ltd. MSN2100-CB2FO/SA001017, BIOS 5.6.5 06/07/2016 [ 157.037389] Call Trace: [ 157.040170] dump_stack+0xfd/0x178 [ 157.044034] lockdep_rcu_suspicious+0x14a/0x153 [ 157.049157] tc_setup_flow_action+0x89f/0x4f78 [ 157.054227] fl_hw_replace_filter+0x375/0x640 [ 157.064348] fl_change+0x28ec/0x4f6b [ 157.088843] tc_new_tfilter+0x15e2/0x2260 [ 157.176801] rtnetlink_rcv_msg+0x8d6/0xb60 [ 157.190915] netlink_rcv_skb+0x177/0x460 [ 157.208884] rtnetlink_rcv+0x21/0x30 [ 157.212925] netlink_unicast+0x5d0/0x7f0 [ 157.227728] netlink_sendmsg+0x981/0xe90 [ 157.245416] ____sys_sendmsg+0x76d/0x8f0 [ 157.255348] ___sys_sendmsg+0x10f/0x190 [ 157.320308] __sys_sendmsg+0x115/0x1f0 [ 157.342553] __x64_sys_sendmsg+0x7d/0xc0 [ 157.346987] do_syscall_64+0xc1/0x600 [ 157.351142] entry_SYSCALL_64_after_hwframe+0x49/0xbe [2] [ 157.432346] ============================= [ 157.436937] WARNING: suspicious RCU usage [ 157.441537] 5.6.0-rc5-custom-47426-gdfe43878d573 #2409 Not tainted [ 157.448559] ----------------------------- [ 157.453204] include/net/tc_act/tc_tunnel_key.h:43 suspicious rcu_dereference_protected() usage! [ 157.463042] [ 157.463042] other info that might help us debug this: [ 157.463042] [ 157.472112] [ 157.472112] rcu_scheduler_active = 2, debug_locks = 1 [ 157.479529] 1 lock held by tc/877: [ 157.483442] #0: ffff8881cbf7bea0 (&(&p->tcfa_lock)->rlock){+...}, at: tc_setup_flow_action+0xbe/0x4f78 [ 157.494119] [ 157.494119] stack backtrace: [ 157.499114] CPU: 2 PID: 877 Comm: tc Not tainted 5.6.0-rc5-custom-47426-gdfe43878d573 #2409 [ 157.508485] Hardware name: Mellanox Technologies Ltd. MSN2100-CB2FO/SA001017, BIOS 5.6.5 06/07/2016 [ 157.518628] Call Trace: [ 157.521416] dump_stack+0xfd/0x178 [ 157.525293] lockdep_rcu_suspicious+0x14a/0x153 [ 157.530425] tc_setup_flow_action+0x993/0x4f78 [ 157.535505] fl_hw_replace_filter+0x375/0x640 [ 157.545650] fl_change+0x28ec/0x4f6b [ 157.570204] tc_new_tfilter+0x15e2/0x2260 [ 157.658199] rtnetlink_rcv_msg+0x8d6/0xb60 [ 157.672315] netlink_rcv_skb+0x177/0x460 [ 157.690278] rtnetlink_rcv+0x21/0x30 [ 157.694320] netlink_unicast+0x5d0/0x7f0 [ 157.709129] netlink_sendmsg+0x981/0xe90 [ 157.726813] ____sys_sendmsg+0x76d/0x8f0 [ 157.736725] ___sys_sendmsg+0x10f/0x190 [ 157.801721] __sys_sendmsg+0x115/0x1f0 [ 157.823967] __x64_sys_sendmsg+0x7d/0xc0 [ 157.828403] do_syscall_64+0xc1/0x600 [ 157.832558] entry_SYSCALL_64_after_hwframe+0x49/0xbe Fixes: b15e7a6e8d31 ("net: sched: don't take rtnl lock during flow_action setup") Signed-off-by: Ido Schimmel <idosch@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Reviewed-by: Vlad Buslov <vladbu@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-03-12T22:00:39Z Paul Blakey paulb@mellanox.com 2020-03-12T10:23:09Z urn:sha1:edd5861e597b7ec2fae2fa3bc8180164045b5075 Pass the zone's flow table instance on the flow action to the drivers. Thus, allowing drivers to register FT add/del/stats callbacks. Finally, enable hardware offload on the flow table instance. Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-03-12T22:00:38Z Paul Blakey paulb@mellanox.com 2020-03-12T10:23:07Z urn:sha1:30b0cf90c6dd82e7ebb3fcb5ba8447f1baeb80be Provide an API to restore the ct state pointer. This may be used by drivers to restore the ct state if they miss in tc chain after they already did the hardware connection tracking action (ct_metadata action). For example, consider the following rule on chain 0 that is in_hw, however chain 1 is not_in_hw: $ tc filter add dev ... chain 0 ... \ flower ... action ct pipe action goto chain 1 Packets of a flow offloaded (via nf flow table offload) by the driver hit this rule in hardware, will be marked with the ct metadata action (mark, label, zone) that does the equivalent of the software ct action, and when the packet jumps to hardware chain 1, there would be a miss. CT was already processed in hardware. Therefore, the driver's miss handling should restore the ct state on the skb, using the provided API, and continue the packet processing in chain 1. Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-03-03T23:09:12Z Paul Blakey paulb@mellanox.com 2020-03-03T13:07:49Z urn:sha1:c34b961a249211bdb08d03bdecfb31ff22eb002f Use the NF flow tables infrastructure for CT offload. Create a nf flow table per zone. Next patches will add FT entries to this table, and do the software offload. Signed-off-by: Paul Blakey <paulb@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-02-17T22:17:02Z Vlad Buslov vladbu@mellanox.com 2020-02-17T10:12:11Z urn:sha1:107f2d50916500985b9fffd7c77d8c14809f9802 In order to remove rtnl lock dependency from flow_action representation translator, change rtnl_dereference() to rcu_dereference_protected() in ct action helpers that provide external access to zone and action values. This is safe to do because the functions are not called from anywhere else outside flow_action infrastructure which was modified to obtain tcf_lock when accessing action data in one of previous patches in the series. Signed-off-by: Vlad Buslov <vladbu@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>