forked from Minki/linux
653cd284a8
Recently, ops->init() and ops->dump() of all actions were modified to always obtain tcf_lock when accessing private action state. Actions that don't depend on tcf_lock for synchronization with their data path use non-bh locking API. However, tcf_lock is also used to protect rate estimator stats in softirq context by timer callback. Change ops->init() and ops->dump() of all actions to disable bh when using tcf_lock to prevent deadlock reported by following lockdep warning: [ 105.470398] ================================ [ 105.475014] WARNING: inconsistent lock state [ 105.479628] 4.18.0-rc8+ #664 Not tainted [ 105.483897] -------------------------------- [ 105.488511] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. [ 105.494871] swapper/16/0 [HC0[0]:SC1[1]:HE1:SE0] takes: [ 105.500449] 00000000f86c012e (&(&p->tcfa_lock)->rlock){+.?.}, at: est_fetch_counters+0x3c/0xa0 [ 105.509696] {SOFTIRQ-ON-W} state was registered at: [ 105.514925] _raw_spin_lock+0x2c/0x40 [ 105.519022] tcf_bpf_init+0x579/0x820 [act_bpf] [ 105.523990] tcf_action_init_1+0x4e4/0x660 [ 105.528518] tcf_action_init+0x1ce/0x2d0 [ 105.532880] tcf_exts_validate+0x1d8/0x200 [ 105.537416] fl_change+0x55a/0x268b [cls_flower] [ 105.542469] tc_new_tfilter+0x748/0xa20 [ 105.546738] rtnetlink_rcv_msg+0x56a/0x6d0 [ 105.551268] netlink_rcv_skb+0x18d/0x200 [ 105.555628] netlink_unicast+0x2d0/0x370 [ 105.559990] netlink_sendmsg+0x3b9/0x6a0 [ 105.564349] sock_sendmsg+0x6b/0x80 [ 105.568271] ___sys_sendmsg+0x4a1/0x520 [ 105.572547] __sys_sendmsg+0xd7/0x150 [ 105.576655] do_syscall_64+0x72/0x2c0 [ 105.580757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.586243] irq event stamp: 489296 [ 105.590084] hardirqs last enabled at (489296): [<ffffffffb507e639>] _raw_spin_unlock_irq+0x29/0x40 [ 105.599765] hardirqs last disabled at (489295): [<ffffffffb507e745>] _raw_spin_lock_irq+0x15/0x50 [ 105.609277] softirqs last enabled at (489292): [<ffffffffb413a6a3>] irq_enter+0x83/0xa0 [ 105.618001] softirqs last disabled at (489293): [<ffffffffb413a800>] irq_exit+0x140/0x190 [ 105.626813] other info that might help us debug this: [ 105.633976] Possible unsafe locking scenario: [ 105.640526] CPU0 [ 105.643325] ---- [ 105.646125] lock(&(&p->tcfa_lock)->rlock); [ 105.650747] <Interrupt> [ 105.653717] lock(&(&p->tcfa_lock)->rlock); [ 105.658514] *** DEADLOCK *** [ 105.665349] 1 lock held by swapper/16/0: [ 105.669629] #0: 00000000a640ad99 ((&est->timer)){+.-.}, at: call_timer_fn+0x10b/0x550 [ 105.678200] stack backtrace: [ 105.683194] CPU: 16 PID: 0 Comm: swapper/16 Not tainted 4.18.0-rc8+ #664 [ 105.690249] Hardware name: Supermicro SYS-2028TP-DECR/X10DRT-P, BIOS 2.0b 03/30/2017 [ 105.698626] Call Trace: [ 105.701421] <IRQ> [ 105.703791] dump_stack+0x92/0xeb [ 105.707461] print_usage_bug+0x336/0x34c [ 105.711744] mark_lock+0x7c9/0x980 [ 105.715500] ? print_shortest_lock_dependencies+0x2e0/0x2e0 [ 105.721424] ? check_usage_forwards+0x230/0x230 [ 105.726315] __lock_acquire+0x923/0x26f0 [ 105.730597] ? debug_show_all_locks+0x240/0x240 [ 105.735478] ? mark_lock+0x493/0x980 [ 105.739412] ? check_chain_key+0x140/0x1f0 [ 105.743861] ? __lock_acquire+0x836/0x26f0 [ 105.748323] ? lock_acquire+0x12e/0x290 [ 105.752516] lock_acquire+0x12e/0x290 [ 105.756539] ? est_fetch_counters+0x3c/0xa0 [ 105.761084] _raw_spin_lock+0x2c/0x40 [ 105.765099] ? est_fetch_counters+0x3c/0xa0 [ 105.769633] est_fetch_counters+0x3c/0xa0 [ 105.773995] est_timer+0x87/0x390 [ 105.777670] ? est_fetch_counters+0xa0/0xa0 [ 105.782210] ? lock_acquire+0x12e/0x290 [ 105.786410] call_timer_fn+0x161/0x550 [ 105.790512] ? est_fetch_counters+0xa0/0xa0 [ 105.795055] ? del_timer_sync+0xd0/0xd0 [ 105.799249] ? __lock_is_held+0x93/0x110 [ 105.803531] ? mark_held_locks+0x20/0xe0 [ 105.807813] ? _raw_spin_unlock_irq+0x29/0x40 [ 105.812525] ? est_fetch_counters+0xa0/0xa0 [ 105.817069] ? est_fetch_counters+0xa0/0xa0 [ 105.821610] run_timer_softirq+0x3c4/0x9f0 [ 105.826064] ? lock_acquire+0x12e/0x290 [ 105.830257] ? __bpf_trace_timer_class+0x10/0x10 [ 105.835237] ? __lock_is_held+0x25/0x110 [ 105.839517] __do_softirq+0x11d/0x7bf [ 105.843542] irq_exit+0x140/0x190 [ 105.847208] smp_apic_timer_interrupt+0xac/0x3b0 [ 105.852182] apic_timer_interrupt+0xf/0x20 [ 105.856628] </IRQ> [ 105.859081] RIP: 0010:cpuidle_enter_state+0xd8/0x4d0 [ 105.864395] Code: 46 ff 48 89 44 24 08 0f 1f 44 00 00 31 ff e8 cf ec 46 ff 80 7c 24 07 00 0f 85 1d 02 00 00 e8 9f 90 4b ff fb 66 0f 1f 44 00 00 <4c> 8b 6c 24 08 4d 29 fd 0f 80 36 03 00 00 4c 89 e8 48 ba cf f7 53 [ 105.884288] RSP: 0018:ffff8803ad94fd20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 105.892494] RAX: 0000000000000000 RBX: ffffe8fb300829c0 RCX: ffffffffb41e19e1 [ 105.899988] RDX: 0000000000000007 RSI: dffffc0000000000 RDI: ffff8803ad9358ac [ 105.907503] RBP: ffffffffb6636300 R08: 0000000000000004 R09: 0000000000000000 [ 105.914997] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004 [ 105.922487] R13: ffffffffb6636140 R14: ffffffffb66362d8 R15: 000000188d36091b [ 105.929988] ? trace_hardirqs_on_caller+0x141/0x2d0 [ 105.935232] do_idle+0x28e/0x320 [ 105.938817] ? arch_cpu_idle_exit+0x40/0x40 [ 105.943361] ? mark_lock+0x8c1/0x980 [ 105.947295] ? _raw_spin_unlock_irqrestore+0x32/0x60 [ 105.952619] cpu_startup_entry+0xc2/0xd0 [ 105.956900] ? cpu_in_idle+0x20/0x20 [ 105.960830] ? _raw_spin_unlock_irqrestore+0x32/0x60 [ 105.966146] ? trace_hardirqs_on_caller+0x141/0x2d0 [ 105.971391] start_secondary+0x2b5/0x360 [ 105.975669] ? set_cpu_sibling_map+0x1330/0x1330 [ 105.980654] secondary_startup_64+0xa5/0xb0 Taking tcf_lock in sample action with bh disabled causes lockdep to issue a warning regarding possible irq lock inversion dependency between tcf_lock, and psample_groups_lock that is taken when holding tcf_lock in sample init: [ 162.108959] Possible interrupt unsafe locking scenario: [ 162.116386] CPU0 CPU1 [ 162.121277] ---- ---- [ 162.126162] lock(psample_groups_lock); [ 162.130447] local_irq_disable(); [ 162.136772] lock(&(&p->tcfa_lock)->rlock); [ 162.143957] lock(psample_groups_lock); [ 162.150813] <Interrupt> [ 162.153808] lock(&(&p->tcfa_lock)->rlock); [ 162.158608] *** DEADLOCK *** In order to prevent potential lock inversion dependency between tcf_lock and psample_groups_lock, extract call to psample_group_get() from tcf_lock protected section in sample action init function. Fixes:4e232818bd
("net: sched: act_mirred: remove dependency on rtnl lock") Fixes:764e9a2448
("net: sched: act_vlan: remove dependency on rtnl lock") Fixes:729e012609
("net: sched: act_tunnel_key: remove dependency on rtnl lock") Fixes:d772849566
("net: sched: act_sample: remove dependency on rtnl lock") Fixes:e8917f4370
("net: sched: act_gact: remove dependency on rtnl lock") Fixes:b6a2b971c0
("net: sched: act_csum: remove dependency on rtnl lock") Fixes:2142236b45
("net: sched: act_bpf: remove dependency on rtnl lock") Signed-off-by: Vlad Buslov <vladbu@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
607 lines
16 KiB
C
607 lines
16 KiB
C
/*
|
|
* Copyright (c) 2016, Amir Vadai <amir@vadai.me>
|
|
* Copyright (c) 2016, Mellanox Technologies. All rights reserved.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/init.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/skbuff.h>
|
|
#include <linux/rtnetlink.h>
|
|
#include <net/geneve.h>
|
|
#include <net/netlink.h>
|
|
#include <net/pkt_sched.h>
|
|
#include <net/dst.h>
|
|
|
|
#include <linux/tc_act/tc_tunnel_key.h>
|
|
#include <net/tc_act/tc_tunnel_key.h>
|
|
|
|
static unsigned int tunnel_key_net_id;
|
|
static struct tc_action_ops act_tunnel_key_ops;
|
|
|
|
static int tunnel_key_act(struct sk_buff *skb, const struct tc_action *a,
|
|
struct tcf_result *res)
|
|
{
|
|
struct tcf_tunnel_key *t = to_tunnel_key(a);
|
|
struct tcf_tunnel_key_params *params;
|
|
int action;
|
|
|
|
params = rcu_dereference_bh(t->params);
|
|
|
|
tcf_lastuse_update(&t->tcf_tm);
|
|
bstats_cpu_update(this_cpu_ptr(t->common.cpu_bstats), skb);
|
|
action = READ_ONCE(t->tcf_action);
|
|
|
|
switch (params->tcft_action) {
|
|
case TCA_TUNNEL_KEY_ACT_RELEASE:
|
|
skb_dst_drop(skb);
|
|
break;
|
|
case TCA_TUNNEL_KEY_ACT_SET:
|
|
skb_dst_drop(skb);
|
|
skb_dst_set(skb, dst_clone(¶ms->tcft_enc_metadata->dst));
|
|
break;
|
|
default:
|
|
WARN_ONCE(1, "Bad tunnel_key action %d.\n",
|
|
params->tcft_action);
|
|
break;
|
|
}
|
|
|
|
return action;
|
|
}
|
|
|
|
static const struct nla_policy
|
|
enc_opts_policy[TCA_TUNNEL_KEY_ENC_OPTS_MAX + 1] = {
|
|
[TCA_TUNNEL_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED },
|
|
};
|
|
|
|
static const struct nla_policy
|
|
geneve_opt_policy[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX + 1] = {
|
|
[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 },
|
|
[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 },
|
|
[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY,
|
|
.len = 128 },
|
|
};
|
|
|
|
static int
|
|
tunnel_key_copy_geneve_opt(const struct nlattr *nla, void *dst, int dst_len,
|
|
struct netlink_ext_ack *extack)
|
|
{
|
|
struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX + 1];
|
|
int err, data_len, opt_len;
|
|
u8 *data;
|
|
|
|
err = nla_parse_nested(tb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX,
|
|
nla, geneve_opt_policy, extack);
|
|
if (err < 0)
|
|
return err;
|
|
|
|
if (!tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS] ||
|
|
!tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE] ||
|
|
!tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]) {
|
|
NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data");
|
|
return -EINVAL;
|
|
}
|
|
|
|
data = nla_data(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]);
|
|
data_len = nla_len(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]);
|
|
if (data_len < 4) {
|
|
NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long");
|
|
return -ERANGE;
|
|
}
|
|
if (data_len % 4) {
|
|
NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long");
|
|
return -ERANGE;
|
|
}
|
|
|
|
opt_len = sizeof(struct geneve_opt) + data_len;
|
|
if (dst) {
|
|
struct geneve_opt *opt = dst;
|
|
|
|
WARN_ON(dst_len < opt_len);
|
|
|
|
opt->opt_class =
|
|
nla_get_be16(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS]);
|
|
opt->type = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE]);
|
|
opt->length = data_len / 4; /* length is in units of 4 bytes */
|
|
opt->r1 = 0;
|
|
opt->r2 = 0;
|
|
opt->r3 = 0;
|
|
|
|
memcpy(opt + 1, data, data_len);
|
|
}
|
|
|
|
return opt_len;
|
|
}
|
|
|
|
static int tunnel_key_copy_opts(const struct nlattr *nla, u8 *dst,
|
|
int dst_len, struct netlink_ext_ack *extack)
|
|
{
|
|
int err, rem, opt_len, len = nla_len(nla), opts_len = 0;
|
|
const struct nlattr *attr, *head = nla_data(nla);
|
|
|
|
err = nla_validate(head, len, TCA_TUNNEL_KEY_ENC_OPTS_MAX,
|
|
enc_opts_policy, extack);
|
|
if (err)
|
|
return err;
|
|
|
|
nla_for_each_attr(attr, head, len, rem) {
|
|
switch (nla_type(attr)) {
|
|
case TCA_TUNNEL_KEY_ENC_OPTS_GENEVE:
|
|
opt_len = tunnel_key_copy_geneve_opt(attr, dst,
|
|
dst_len, extack);
|
|
if (opt_len < 0)
|
|
return opt_len;
|
|
opts_len += opt_len;
|
|
if (dst) {
|
|
dst_len -= opt_len;
|
|
dst += opt_len;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!opts_len) {
|
|
NL_SET_ERR_MSG(extack, "Empty list of tunnel options");
|
|
return -EINVAL;
|
|
}
|
|
|
|
if (rem > 0) {
|
|
NL_SET_ERR_MSG(extack, "Trailing data after parsing tunnel key options attributes");
|
|
return -EINVAL;
|
|
}
|
|
|
|
return opts_len;
|
|
}
|
|
|
|
static int tunnel_key_get_opts_len(struct nlattr *nla,
|
|
struct netlink_ext_ack *extack)
|
|
{
|
|
return tunnel_key_copy_opts(nla, NULL, 0, extack);
|
|
}
|
|
|
|
static int tunnel_key_opts_set(struct nlattr *nla, struct ip_tunnel_info *info,
|
|
int opts_len, struct netlink_ext_ack *extack)
|
|
{
|
|
info->options_len = opts_len;
|
|
switch (nla_type(nla_data(nla))) {
|
|
case TCA_TUNNEL_KEY_ENC_OPTS_GENEVE:
|
|
#if IS_ENABLED(CONFIG_INET)
|
|
info->key.tun_flags |= TUNNEL_GENEVE_OPT;
|
|
return tunnel_key_copy_opts(nla, ip_tunnel_info_opts(info),
|
|
opts_len, extack);
|
|
#else
|
|
return -EAFNOSUPPORT;
|
|
#endif
|
|
default:
|
|
NL_SET_ERR_MSG(extack, "Cannot set tunnel options for unknown tunnel type");
|
|
return -EINVAL;
|
|
}
|
|
}
|
|
|
|
static const struct nla_policy tunnel_key_policy[TCA_TUNNEL_KEY_MAX + 1] = {
|
|
[TCA_TUNNEL_KEY_PARMS] = { .len = sizeof(struct tc_tunnel_key) },
|
|
[TCA_TUNNEL_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
|
|
[TCA_TUNNEL_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
|
|
[TCA_TUNNEL_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
|
|
[TCA_TUNNEL_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
|
|
[TCA_TUNNEL_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
|
|
[TCA_TUNNEL_KEY_ENC_DST_PORT] = {.type = NLA_U16},
|
|
[TCA_TUNNEL_KEY_NO_CSUM] = { .type = NLA_U8 },
|
|
[TCA_TUNNEL_KEY_ENC_OPTS] = { .type = NLA_NESTED },
|
|
[TCA_TUNNEL_KEY_ENC_TOS] = { .type = NLA_U8 },
|
|
[TCA_TUNNEL_KEY_ENC_TTL] = { .type = NLA_U8 },
|
|
};
|
|
|
|
static int tunnel_key_init(struct net *net, struct nlattr *nla,
|
|
struct nlattr *est, struct tc_action **a,
|
|
int ovr, int bind, bool rtnl_held,
|
|
struct netlink_ext_ack *extack)
|
|
{
|
|
struct tc_action_net *tn = net_generic(net, tunnel_key_net_id);
|
|
struct nlattr *tb[TCA_TUNNEL_KEY_MAX + 1];
|
|
struct tcf_tunnel_key_params *params_new;
|
|
struct metadata_dst *metadata = NULL;
|
|
struct tc_tunnel_key *parm;
|
|
struct tcf_tunnel_key *t;
|
|
bool exists = false;
|
|
__be16 dst_port = 0;
|
|
int opts_len = 0;
|
|
__be64 key_id;
|
|
__be16 flags;
|
|
u8 tos, ttl;
|
|
int ret = 0;
|
|
int err;
|
|
|
|
if (!nla) {
|
|
NL_SET_ERR_MSG(extack, "Tunnel requires attributes to be passed");
|
|
return -EINVAL;
|
|
}
|
|
|
|
err = nla_parse_nested(tb, TCA_TUNNEL_KEY_MAX, nla, tunnel_key_policy,
|
|
extack);
|
|
if (err < 0) {
|
|
NL_SET_ERR_MSG(extack, "Failed to parse nested tunnel key attributes");
|
|
return err;
|
|
}
|
|
|
|
if (!tb[TCA_TUNNEL_KEY_PARMS]) {
|
|
NL_SET_ERR_MSG(extack, "Missing tunnel key parameters");
|
|
return -EINVAL;
|
|
}
|
|
|
|
parm = nla_data(tb[TCA_TUNNEL_KEY_PARMS]);
|
|
err = tcf_idr_check_alloc(tn, &parm->index, a, bind);
|
|
if (err < 0)
|
|
return err;
|
|
exists = err;
|
|
if (exists && bind)
|
|
return 0;
|
|
|
|
switch (parm->t_action) {
|
|
case TCA_TUNNEL_KEY_ACT_RELEASE:
|
|
break;
|
|
case TCA_TUNNEL_KEY_ACT_SET:
|
|
if (!tb[TCA_TUNNEL_KEY_ENC_KEY_ID]) {
|
|
NL_SET_ERR_MSG(extack, "Missing tunnel key id");
|
|
ret = -EINVAL;
|
|
goto err_out;
|
|
}
|
|
|
|
key_id = key32_to_tunnel_id(nla_get_be32(tb[TCA_TUNNEL_KEY_ENC_KEY_ID]));
|
|
|
|
flags = TUNNEL_KEY | TUNNEL_CSUM;
|
|
if (tb[TCA_TUNNEL_KEY_NO_CSUM] &&
|
|
nla_get_u8(tb[TCA_TUNNEL_KEY_NO_CSUM]))
|
|
flags &= ~TUNNEL_CSUM;
|
|
|
|
if (tb[TCA_TUNNEL_KEY_ENC_DST_PORT])
|
|
dst_port = nla_get_be16(tb[TCA_TUNNEL_KEY_ENC_DST_PORT]);
|
|
|
|
if (tb[TCA_TUNNEL_KEY_ENC_OPTS]) {
|
|
opts_len = tunnel_key_get_opts_len(tb[TCA_TUNNEL_KEY_ENC_OPTS],
|
|
extack);
|
|
if (opts_len < 0) {
|
|
ret = opts_len;
|
|
goto err_out;
|
|
}
|
|
}
|
|
|
|
tos = 0;
|
|
if (tb[TCA_TUNNEL_KEY_ENC_TOS])
|
|
tos = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_TOS]);
|
|
ttl = 0;
|
|
if (tb[TCA_TUNNEL_KEY_ENC_TTL])
|
|
ttl = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_TTL]);
|
|
|
|
if (tb[TCA_TUNNEL_KEY_ENC_IPV4_SRC] &&
|
|
tb[TCA_TUNNEL_KEY_ENC_IPV4_DST]) {
|
|
__be32 saddr;
|
|
__be32 daddr;
|
|
|
|
saddr = nla_get_in_addr(tb[TCA_TUNNEL_KEY_ENC_IPV4_SRC]);
|
|
daddr = nla_get_in_addr(tb[TCA_TUNNEL_KEY_ENC_IPV4_DST]);
|
|
|
|
metadata = __ip_tun_set_dst(saddr, daddr, tos, ttl,
|
|
dst_port, flags,
|
|
key_id, opts_len);
|
|
} else if (tb[TCA_TUNNEL_KEY_ENC_IPV6_SRC] &&
|
|
tb[TCA_TUNNEL_KEY_ENC_IPV6_DST]) {
|
|
struct in6_addr saddr;
|
|
struct in6_addr daddr;
|
|
|
|
saddr = nla_get_in6_addr(tb[TCA_TUNNEL_KEY_ENC_IPV6_SRC]);
|
|
daddr = nla_get_in6_addr(tb[TCA_TUNNEL_KEY_ENC_IPV6_DST]);
|
|
|
|
metadata = __ipv6_tun_set_dst(&saddr, &daddr, tos, ttl, dst_port,
|
|
0, flags,
|
|
key_id, 0);
|
|
} else {
|
|
NL_SET_ERR_MSG(extack, "Missing either ipv4 or ipv6 src and dst");
|
|
ret = -EINVAL;
|
|
goto err_out;
|
|
}
|
|
|
|
if (!metadata) {
|
|
NL_SET_ERR_MSG(extack, "Cannot allocate tunnel metadata dst");
|
|
ret = -ENOMEM;
|
|
goto err_out;
|
|
}
|
|
|
|
if (opts_len) {
|
|
ret = tunnel_key_opts_set(tb[TCA_TUNNEL_KEY_ENC_OPTS],
|
|
&metadata->u.tun_info,
|
|
opts_len, extack);
|
|
if (ret < 0)
|
|
goto err_out;
|
|
}
|
|
|
|
metadata->u.tun_info.mode |= IP_TUNNEL_INFO_TX;
|
|
break;
|
|
default:
|
|
NL_SET_ERR_MSG(extack, "Unknown tunnel key action");
|
|
ret = -EINVAL;
|
|
goto err_out;
|
|
}
|
|
|
|
if (!exists) {
|
|
ret = tcf_idr_create(tn, parm->index, est, a,
|
|
&act_tunnel_key_ops, bind, true);
|
|
if (ret) {
|
|
NL_SET_ERR_MSG(extack, "Cannot create TC IDR");
|
|
goto err_out;
|
|
}
|
|
|
|
ret = ACT_P_CREATED;
|
|
} else if (!ovr) {
|
|
tcf_idr_release(*a, bind);
|
|
NL_SET_ERR_MSG(extack, "TC IDR already exists");
|
|
return -EEXIST;
|
|
}
|
|
|
|
t = to_tunnel_key(*a);
|
|
|
|
params_new = kzalloc(sizeof(*params_new), GFP_KERNEL);
|
|
if (unlikely(!params_new)) {
|
|
tcf_idr_release(*a, bind);
|
|
NL_SET_ERR_MSG(extack, "Cannot allocate tunnel key parameters");
|
|
return -ENOMEM;
|
|
}
|
|
params_new->tcft_action = parm->t_action;
|
|
params_new->tcft_enc_metadata = metadata;
|
|
|
|
spin_lock_bh(&t->tcf_lock);
|
|
t->tcf_action = parm->action;
|
|
rcu_swap_protected(t->params, params_new,
|
|
lockdep_is_held(&t->tcf_lock));
|
|
spin_unlock_bh(&t->tcf_lock);
|
|
if (params_new)
|
|
kfree_rcu(params_new, rcu);
|
|
|
|
if (ret == ACT_P_CREATED)
|
|
tcf_idr_insert(tn, *a);
|
|
|
|
return ret;
|
|
|
|
err_out:
|
|
if (exists)
|
|
tcf_idr_release(*a, bind);
|
|
else
|
|
tcf_idr_cleanup(tn, parm->index);
|
|
return ret;
|
|
}
|
|
|
|
static void tunnel_key_release(struct tc_action *a)
|
|
{
|
|
struct tcf_tunnel_key *t = to_tunnel_key(a);
|
|
struct tcf_tunnel_key_params *params;
|
|
|
|
params = rcu_dereference_protected(t->params, 1);
|
|
if (params) {
|
|
if (params->tcft_action == TCA_TUNNEL_KEY_ACT_SET)
|
|
dst_release(¶ms->tcft_enc_metadata->dst);
|
|
|
|
kfree_rcu(params, rcu);
|
|
}
|
|
}
|
|
|
|
static int tunnel_key_geneve_opts_dump(struct sk_buff *skb,
|
|
const struct ip_tunnel_info *info)
|
|
{
|
|
int len = info->options_len;
|
|
u8 *src = (u8 *)(info + 1);
|
|
struct nlattr *start;
|
|
|
|
start = nla_nest_start(skb, TCA_TUNNEL_KEY_ENC_OPTS_GENEVE);
|
|
if (!start)
|
|
return -EMSGSIZE;
|
|
|
|
while (len > 0) {
|
|
struct geneve_opt *opt = (struct geneve_opt *)src;
|
|
|
|
if (nla_put_be16(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS,
|
|
opt->opt_class) ||
|
|
nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE,
|
|
opt->type) ||
|
|
nla_put(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA,
|
|
opt->length * 4, opt + 1))
|
|
return -EMSGSIZE;
|
|
|
|
len -= sizeof(struct geneve_opt) + opt->length * 4;
|
|
src += sizeof(struct geneve_opt) + opt->length * 4;
|
|
}
|
|
|
|
nla_nest_end(skb, start);
|
|
return 0;
|
|
}
|
|
|
|
static int tunnel_key_opts_dump(struct sk_buff *skb,
|
|
const struct ip_tunnel_info *info)
|
|
{
|
|
struct nlattr *start;
|
|
int err;
|
|
|
|
if (!info->options_len)
|
|
return 0;
|
|
|
|
start = nla_nest_start(skb, TCA_TUNNEL_KEY_ENC_OPTS);
|
|
if (!start)
|
|
return -EMSGSIZE;
|
|
|
|
if (info->key.tun_flags & TUNNEL_GENEVE_OPT) {
|
|
err = tunnel_key_geneve_opts_dump(skb, info);
|
|
if (err)
|
|
return err;
|
|
} else {
|
|
return -EINVAL;
|
|
}
|
|
|
|
nla_nest_end(skb, start);
|
|
return 0;
|
|
}
|
|
|
|
static int tunnel_key_dump_addresses(struct sk_buff *skb,
|
|
const struct ip_tunnel_info *info)
|
|
{
|
|
unsigned short family = ip_tunnel_info_af(info);
|
|
|
|
if (family == AF_INET) {
|
|
__be32 saddr = info->key.u.ipv4.src;
|
|
__be32 daddr = info->key.u.ipv4.dst;
|
|
|
|
if (!nla_put_in_addr(skb, TCA_TUNNEL_KEY_ENC_IPV4_SRC, saddr) &&
|
|
!nla_put_in_addr(skb, TCA_TUNNEL_KEY_ENC_IPV4_DST, daddr))
|
|
return 0;
|
|
}
|
|
|
|
if (family == AF_INET6) {
|
|
const struct in6_addr *saddr6 = &info->key.u.ipv6.src;
|
|
const struct in6_addr *daddr6 = &info->key.u.ipv6.dst;
|
|
|
|
if (!nla_put_in6_addr(skb,
|
|
TCA_TUNNEL_KEY_ENC_IPV6_SRC, saddr6) &&
|
|
!nla_put_in6_addr(skb,
|
|
TCA_TUNNEL_KEY_ENC_IPV6_DST, daddr6))
|
|
return 0;
|
|
}
|
|
|
|
return -EINVAL;
|
|
}
|
|
|
|
static int tunnel_key_dump(struct sk_buff *skb, struct tc_action *a,
|
|
int bind, int ref)
|
|
{
|
|
unsigned char *b = skb_tail_pointer(skb);
|
|
struct tcf_tunnel_key *t = to_tunnel_key(a);
|
|
struct tcf_tunnel_key_params *params;
|
|
struct tc_tunnel_key opt = {
|
|
.index = t->tcf_index,
|
|
.refcnt = refcount_read(&t->tcf_refcnt) - ref,
|
|
.bindcnt = atomic_read(&t->tcf_bindcnt) - bind,
|
|
};
|
|
struct tcf_t tm;
|
|
|
|
spin_lock_bh(&t->tcf_lock);
|
|
params = rcu_dereference_protected(t->params,
|
|
lockdep_is_held(&t->tcf_lock));
|
|
opt.action = t->tcf_action;
|
|
opt.t_action = params->tcft_action;
|
|
|
|
if (nla_put(skb, TCA_TUNNEL_KEY_PARMS, sizeof(opt), &opt))
|
|
goto nla_put_failure;
|
|
|
|
if (params->tcft_action == TCA_TUNNEL_KEY_ACT_SET) {
|
|
struct ip_tunnel_info *info =
|
|
¶ms->tcft_enc_metadata->u.tun_info;
|
|
struct ip_tunnel_key *key = &info->key;
|
|
__be32 key_id = tunnel_id_to_key32(key->tun_id);
|
|
|
|
if (nla_put_be32(skb, TCA_TUNNEL_KEY_ENC_KEY_ID, key_id) ||
|
|
tunnel_key_dump_addresses(skb,
|
|
¶ms->tcft_enc_metadata->u.tun_info) ||
|
|
nla_put_be16(skb, TCA_TUNNEL_KEY_ENC_DST_PORT, key->tp_dst) ||
|
|
nla_put_u8(skb, TCA_TUNNEL_KEY_NO_CSUM,
|
|
!(key->tun_flags & TUNNEL_CSUM)) ||
|
|
tunnel_key_opts_dump(skb, info))
|
|
goto nla_put_failure;
|
|
|
|
if (key->tos && nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_TOS, key->tos))
|
|
goto nla_put_failure;
|
|
|
|
if (key->ttl && nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_TTL, key->ttl))
|
|
goto nla_put_failure;
|
|
}
|
|
|
|
tcf_tm_dump(&tm, &t->tcf_tm);
|
|
if (nla_put_64bit(skb, TCA_TUNNEL_KEY_TM, sizeof(tm),
|
|
&tm, TCA_TUNNEL_KEY_PAD))
|
|
goto nla_put_failure;
|
|
spin_unlock_bh(&t->tcf_lock);
|
|
|
|
return skb->len;
|
|
|
|
nla_put_failure:
|
|
spin_unlock_bh(&t->tcf_lock);
|
|
nlmsg_trim(skb, b);
|
|
return -1;
|
|
}
|
|
|
|
static int tunnel_key_walker(struct net *net, struct sk_buff *skb,
|
|
struct netlink_callback *cb, int type,
|
|
const struct tc_action_ops *ops,
|
|
struct netlink_ext_ack *extack)
|
|
{
|
|
struct tc_action_net *tn = net_generic(net, tunnel_key_net_id);
|
|
|
|
return tcf_generic_walker(tn, skb, cb, type, ops, extack);
|
|
}
|
|
|
|
static int tunnel_key_search(struct net *net, struct tc_action **a, u32 index,
|
|
struct netlink_ext_ack *extack)
|
|
{
|
|
struct tc_action_net *tn = net_generic(net, tunnel_key_net_id);
|
|
|
|
return tcf_idr_search(tn, a, index);
|
|
}
|
|
|
|
static int tunnel_key_delete(struct net *net, u32 index)
|
|
{
|
|
struct tc_action_net *tn = net_generic(net, tunnel_key_net_id);
|
|
|
|
return tcf_idr_delete_index(tn, index);
|
|
}
|
|
|
|
static struct tc_action_ops act_tunnel_key_ops = {
|
|
.kind = "tunnel_key",
|
|
.type = TCA_ACT_TUNNEL_KEY,
|
|
.owner = THIS_MODULE,
|
|
.act = tunnel_key_act,
|
|
.dump = tunnel_key_dump,
|
|
.init = tunnel_key_init,
|
|
.cleanup = tunnel_key_release,
|
|
.walk = tunnel_key_walker,
|
|
.lookup = tunnel_key_search,
|
|
.delete = tunnel_key_delete,
|
|
.size = sizeof(struct tcf_tunnel_key),
|
|
};
|
|
|
|
static __net_init int tunnel_key_init_net(struct net *net)
|
|
{
|
|
struct tc_action_net *tn = net_generic(net, tunnel_key_net_id);
|
|
|
|
return tc_action_net_init(tn, &act_tunnel_key_ops);
|
|
}
|
|
|
|
static void __net_exit tunnel_key_exit_net(struct list_head *net_list)
|
|
{
|
|
tc_action_net_exit(net_list, tunnel_key_net_id);
|
|
}
|
|
|
|
static struct pernet_operations tunnel_key_net_ops = {
|
|
.init = tunnel_key_init_net,
|
|
.exit_batch = tunnel_key_exit_net,
|
|
.id = &tunnel_key_net_id,
|
|
.size = sizeof(struct tc_action_net),
|
|
};
|
|
|
|
static int __init tunnel_key_init_module(void)
|
|
{
|
|
return tcf_register_action(&act_tunnel_key_ops, &tunnel_key_net_ops);
|
|
}
|
|
|
|
static void __exit tunnel_key_cleanup_module(void)
|
|
{
|
|
tcf_unregister_action(&act_tunnel_key_ops, &tunnel_key_net_ops);
|
|
}
|
|
|
|
module_init(tunnel_key_init_module);
|
|
module_exit(tunnel_key_cleanup_module);
|
|
|
|
MODULE_AUTHOR("Amir Vadai <amir@vadai.me>");
|
|
MODULE_DESCRIPTION("ip tunnel manipulation actions");
|
|
MODULE_LICENSE("GPL v2");
|