As a preparation for more advanced police offload in mlx5 (e.g.,
jumping to another chain when bandwidth is not exceeded), extend the
flow offload API with more tc-police parameters. Adjust existing
drivers to reject unsupported configurations.
Changes since v1:
* Add one more strict validation for the control of drop/ok.
Jianbo Liu (2):
net: flow_offload: add tc police action parameters
flow_offload: reject offload for all drivers with invalid police
parameters
drivers/net/dsa/sja1105/sja1105_flower.c | 27 +++++++++
.../chelsio/cxgb4/cxgb4_tc_matchall.c | 55 +++++++++++++++++++
.../net/ethernet/freescale/enetc/enetc_qos.c | 31 +++++++++++
.../ethernet/marvell/octeontx2/nic/otx2_tc.c | 54 ++++++++++++++++++
.../net/ethernet/mellanox/mlx5/core/en_tc.c | 27 +++++++++
.../ethernet/mellanox/mlxsw/spectrum_flower.c | 27 +++++++++
drivers/net/ethernet/mscc/ocelot_flower.c | 28 ++++++++++
drivers/net/ethernet/mscc/ocelot_net.c | 27 +++++++++
.../ethernet/netronome/nfp/flower/qos_conf.c | 28 ++++++++++
include/net/flow_offload.h | 19 +++++++
include/net/tc_act/tc_police.h | 30 ++++++++++
net/sched/act_police.c | 46 ++++++++++++++++
12 files changed, 399 insertions(+)
--
2.26.2
On Thu, Feb 17, 2022 at 12:34:39PM +0100, Simon Horman wrote:
> On Thu, Feb 17, 2022 at 08:28:01AM +0000, Jianbo Liu wrote:
> > As a preparation for more advanced police offload in mlx5 (e.g.,
> > jumping to another chain when bandwidth is not exceeded), extend the
> > flow offload API with more tc-police parameters. Adjust existing
> > drivers to reject unsupported configurations.
>
> Hi,
>
> I have a concern that
> a) patch 1 introduces a facility that may break existing drivers; and
> b) patch 2 then fixes this
>
> I'd slightly prefer if the series was rearranged to avoid this problem.
Not sure what you mean by the above. Patch #1 extends the flow offload
API with tc-police parameters that weren't communicated to drivers until
now. Drivers still ignore the new parameters after this patch. It is
only in patch #2 that these drivers reject configurations where the
parameters are set.
Therefore, the only breakage I see is the one that can happen after
patch #2: unaware user space that was installing actions that weren't
fully reflected to hardware.
If we want to be on the safe side, it is possible to remove the errors,
but keep the extack messages so that user space is at least somewhat
aware.
As more police parameters are passed to flow_offload, driver can check
them to make sure hardware handles packets in the way indicated by tc.
The conform-exceed control should be drop/pipe or drop/ok. Besides,
for drop/ok, the police should be the last action. As hardware can't
configure peakrate/avrate/overhead, offload should not be supported if
any of them is configured.
Signed-off-by: Jianbo Liu <[email protected]>
Reviewed-by: Roi Dayan <[email protected]>
Reviewed-by: Ido Schimmel <[email protected]>
---
drivers/net/dsa/sja1105/sja1105_flower.c | 27 +++++++++
.../chelsio/cxgb4/cxgb4_tc_matchall.c | 55 +++++++++++++++++++
.../net/ethernet/freescale/enetc/enetc_qos.c | 31 +++++++++++
.../ethernet/marvell/octeontx2/nic/otx2_tc.c | 54 ++++++++++++++++++
.../net/ethernet/mellanox/mlx5/core/en_tc.c | 27 +++++++++
.../ethernet/mellanox/mlxsw/spectrum_flower.c | 27 +++++++++
drivers/net/ethernet/mscc/ocelot_flower.c | 28 ++++++++++
drivers/net/ethernet/mscc/ocelot_net.c | 27 +++++++++
.../ethernet/netronome/nfp/flower/qos_conf.c | 28 ++++++++++
include/net/flow_offload.h | 6 ++
10 files changed, 310 insertions(+)
diff --git a/drivers/net/dsa/sja1105/sja1105_flower.c b/drivers/net/dsa/sja1105/sja1105_flower.c
index 7dcdd784aea4..8a14df8cf91e 100644
--- a/drivers/net/dsa/sja1105/sja1105_flower.c
+++ b/drivers/net/dsa/sja1105/sja1105_flower.c
@@ -321,6 +321,33 @@ int sja1105_cls_flower_add(struct dsa_switch *ds, int port,
flow_action_for_each(i, act, &rule->action) {
switch (act->id) {
case FLOW_ACTION_POLICE:
+ if (act->police.exceed.act_id != FLOW_ACTION_DROP) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the exceed action is not drop");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.notexceed.act_id != FLOW_ACTION_PIPE &&
+ act->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is not pipe or ok");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
+ !flow_action_is_last_entry(&rule->action, act)) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is ok, but police action is not last");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.peakrate_bytes_ps ||
+ act->police.avrate || act->police.overhead) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when peakrate/avrate/overhead is configured");
+ return -EOPNOTSUPP;
+ }
+
if (act->police.rate_pkt_ps) {
NL_SET_ERR_MSG_MOD(extack,
"QoS offload not support packets per second");
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_matchall.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_matchall.c
index 28fd2de9e4cf..124e65116b2d 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_matchall.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_matchall.c
@@ -48,6 +48,33 @@ static int cxgb4_matchall_egress_validate(struct net_device *dev,
flow_action_for_each(i, entry, actions) {
switch (entry->id) {
case FLOW_ACTION_POLICE:
+ if (entry->police.exceed.act_id != FLOW_ACTION_DROP) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the exceed action is not drop");
+ return -EOPNOTSUPP;
+ }
+
+ if (entry->police.notexceed.act_id != FLOW_ACTION_PIPE &&
+ entry->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is not pipe or ok");
+ return -EOPNOTSUPP;
+ }
+
+ if (entry->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
+ !flow_action_is_last_entry(actions, entry)) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is ok, but police action is not last");
+ return -EOPNOTSUPP;
+ }
+
+ if (entry->police.peakrate_bytes_ps ||
+ entry->police.avrate || entry->police.overhead) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when peakrate/avrate/overhead is configured");
+ return -EOPNOTSUPP;
+ }
+
if (entry->police.rate_pkt_ps) {
NL_SET_ERR_MSG_MOD(extack,
"QoS offload not support packets per second");
@@ -150,6 +177,34 @@ static int cxgb4_matchall_alloc_tc(struct net_device *dev,
flow_action_for_each(i, entry, &cls->rule->action)
if (entry->id == FLOW_ACTION_POLICE)
break;
+
+ if (entry->police.exceed.act_id != FLOW_ACTION_DROP) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the exceed action is not drop");
+ return -EOPNOTSUPP;
+ }
+
+ if (entry->police.notexceed.act_id != FLOW_ACTION_PIPE &&
+ entry->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is not pipe or ok");
+ return -EOPNOTSUPP;
+ }
+
+ if (entry->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
+ !flow_action_is_last_entry(&cls->rule->action, entry)) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is ok, but police action is not last");
+ return -EOPNOTSUPP;
+ }
+
+ if (entry->police.peakrate_bytes_ps ||
+ entry->police.avrate || entry->police.overhead) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when peakrate/avrate/overhead is configured");
+ return -EOPNOTSUPP;
+ }
+
if (entry->police.rate_pkt_ps) {
NL_SET_ERR_MSG_MOD(extack,
"QoS offload not support packets per second");
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_qos.c b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
index 3555c12edb45..c992d9e86467 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
@@ -1230,6 +1230,37 @@ static int enetc_psfp_parse_clsflower(struct enetc_ndev_priv *priv,
/* Flow meter and max frame size */
if (entryp) {
+ if (entryp->police.exceed.act_id != FLOW_ACTION_DROP) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the exceed action is not drop");
+ err = -EOPNOTSUPP;
+ goto free_sfi;
+ }
+
+ if (entryp->police.notexceed.act_id != FLOW_ACTION_PIPE &&
+ entryp->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is not pipe or ok");
+ err = -EOPNOTSUPP;
+ goto free_sfi;
+ }
+
+ if (entryp->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
+ !flow_action_is_last_entry(&rule->action, entryp)) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is ok, but police action is not last");
+ err = -EOPNOTSUPP;
+ goto free_sfi;
+ }
+
+ if (entryp->police.peakrate_bytes_ps ||
+ entryp->police.avrate || entryp->police.overhead) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when peakrate/avrate/overhead is configured");
+ err = -EOPNOTSUPP;
+ goto free_sfi;
+ }
+
if (entryp->police.rate_pkt_ps) {
NL_SET_ERR_MSG_MOD(extack, "QoS offload not support packets per second");
err = -EOPNOTSUPP;
diff --git a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c
index 626961a41089..4b6e17765b2f 100644
--- a/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c
+++ b/drivers/net/ethernet/marvell/octeontx2/nic/otx2_tc.c
@@ -212,6 +212,33 @@ static int otx2_tc_egress_matchall_install(struct otx2_nic *nic,
entry = &cls->rule->action.entries[0];
switch (entry->id) {
case FLOW_ACTION_POLICE:
+ if (entry->police.exceed.act_id != FLOW_ACTION_DROP) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the exceed action is not drop");
+ return -EOPNOTSUPP;
+ }
+
+ if (entry->police.notexceed.act_id != FLOW_ACTION_PIPE &&
+ entry->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is not pipe or ok");
+ return -EOPNOTSUPP;
+ }
+
+ if (entry->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
+ !flow_action_is_last_entry(&cls->rule->action, entry)) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is ok, but police action is not last");
+ return -EOPNOTSUPP;
+ }
+
+ if (entry->police.peakrate_bytes_ps ||
+ entry->police.avrate || entry->police.overhead) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when peakrate/avrate/overhead is configured");
+ return -EOPNOTSUPP;
+ }
+
if (entry->police.rate_pkt_ps) {
NL_SET_ERR_MSG_MOD(extack, "QoS offload not support packets per second");
return -EOPNOTSUPP;
@@ -355,6 +382,33 @@ static int otx2_tc_parse_actions(struct otx2_nic *nic,
return -EOPNOTSUPP;
}
+ if (act->police.exceed.act_id != FLOW_ACTION_DROP) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the exceed action is not drop");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.notexceed.act_id != FLOW_ACTION_PIPE &&
+ act->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is not pipe or ok");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
+ !flow_action_is_last_entry(flow_action, act)) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is ok, but police action is not last");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.peakrate_bytes_ps ||
+ act->police.avrate || act->police.overhead) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when peakrate/avrate/overhead is configured");
+ return -EOPNOTSUPP;
+ }
+
if (act->police.rate_bytes_ps > 0) {
rate = act->police.rate_bytes_ps * 8;
burst = act->police.burst;
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
index 1287193a019b..7c160961c92e 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
@@ -4197,6 +4197,33 @@ static int scan_tc_matchall_fdb_actions(struct mlx5e_priv *priv,
flow_action_for_each(i, act, flow_action) {
switch (act->id) {
case FLOW_ACTION_POLICE:
+ if (act->police.exceed.act_id != FLOW_ACTION_DROP) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the exceed action is not drop");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.notexceed.act_id != FLOW_ACTION_PIPE &&
+ act->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is not pipe or ok");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
+ !flow_action_is_last_entry(flow_action, act)) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is ok, but police action is not last");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.peakrate_bytes_ps ||
+ act->police.avrate || act->police.overhead) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when peakrate/avrate/overhead is configured");
+ return -EOPNOTSUPP;
+ }
+
if (act->police.rate_pkt_ps) {
NL_SET_ERR_MSG_MOD(extack, "QoS offload not support packets per second");
return -EOPNOTSUPP;
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
index bb417db773b9..b33c3da4daf8 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
@@ -191,6 +191,33 @@ static int mlxsw_sp_flower_parse_actions(struct mlxsw_sp *mlxsw_sp,
return -EOPNOTSUPP;
}
+ if (act->police.exceed.act_id != FLOW_ACTION_DROP) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the exceed action is not drop");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.notexceed.act_id != FLOW_ACTION_PIPE &&
+ act->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is not pipe or ok");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
+ !flow_action_is_last_entry(flow_action, act)) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is ok, but police action is not last");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.peakrate_bytes_ps ||
+ act->police.avrate || act->police.overhead) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when peakrate/avrate/overhead is configured");
+ return -EOPNOTSUPP;
+ }
+
if (act->police.rate_pkt_ps) {
NL_SET_ERR_MSG_MOD(extack, "QoS offload not support packets per second");
return -EOPNOTSUPP;
diff --git a/drivers/net/ethernet/mscc/ocelot_flower.c b/drivers/net/ethernet/mscc/ocelot_flower.c
index 949858891973..eb478ddb0f90 100644
--- a/drivers/net/ethernet/mscc/ocelot_flower.c
+++ b/drivers/net/ethernet/mscc/ocelot_flower.c
@@ -296,6 +296,34 @@ static int ocelot_flower_parse_action(struct ocelot *ocelot, int port,
"Last action must be GOTO");
return -EOPNOTSUPP;
}
+
+ if (a->police.exceed.act_id != FLOW_ACTION_DROP) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the exceed action is not drop");
+ return -EOPNOTSUPP;
+ }
+
+ if (a->police.notexceed.act_id != FLOW_ACTION_PIPE &&
+ a->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is not pipe or ok");
+ return -EOPNOTSUPP;
+ }
+
+ if (a->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
+ !flow_action_is_last_entry(&f->rule->action, a)) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is ok, but police action is not last");
+ return -EOPNOTSUPP;
+ }
+
+ if (a->police.peakrate_bytes_ps ||
+ a->police.avrate || a->police.overhead) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when peakrate/avrate/overhead is configured");
+ return -EOPNOTSUPP;
+ }
+
if (a->police.rate_pkt_ps) {
NL_SET_ERR_MSG_MOD(extack,
"QoS offload not support packets per second");
diff --git a/drivers/net/ethernet/mscc/ocelot_net.c b/drivers/net/ethernet/mscc/ocelot_net.c
index e271b6225b72..69afb560ab98 100644
--- a/drivers/net/ethernet/mscc/ocelot_net.c
+++ b/drivers/net/ethernet/mscc/ocelot_net.c
@@ -258,6 +258,33 @@ static int ocelot_setup_tc_cls_matchall(struct ocelot_port_private *priv,
return -EEXIST;
}
+ if (action->police.exceed.act_id != FLOW_ACTION_DROP) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the exceed action is not drop");
+ return -EOPNOTSUPP;
+ }
+
+ if (action->police.notexceed.act_id != FLOW_ACTION_PIPE &&
+ action->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is not pipe or ok");
+ return -EOPNOTSUPP;
+ }
+
+ if (action->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
+ !flow_action_is_last_entry(&f->rule->action, action)) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is ok, but police action is not last");
+ return -EOPNOTSUPP;
+ }
+
+ if (action->police.peakrate_bytes_ps ||
+ action->police.avrate || action->police.overhead) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when peakrate/avrate/overhead is configured");
+ return -EOPNOTSUPP;
+ }
+
if (action->police.rate_pkt_ps) {
NL_SET_ERR_MSG_MOD(extack,
"QoS offload not support packets per second");
diff --git a/drivers/net/ethernet/netronome/nfp/flower/qos_conf.c b/drivers/net/ethernet/netronome/nfp/flower/qos_conf.c
index 784c6dbf8bc4..247984d50b49 100644
--- a/drivers/net/ethernet/netronome/nfp/flower/qos_conf.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/qos_conf.c
@@ -132,6 +132,34 @@ nfp_flower_install_rate_limiter(struct nfp_app *app, struct net_device *netdev,
"unsupported offload: qos rate limit offload requires police action");
return -EOPNOTSUPP;
}
+
+ if (action->police.exceed.act_id != FLOW_ACTION_DROP) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the exceed action is not drop");
+ return -EOPNOTSUPP;
+ }
+
+ if (action->police.notexceed.act_id != FLOW_ACTION_PIPE &&
+ action->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is not pipe or ok");
+ return -EOPNOTSUPP;
+ }
+
+ if (action->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
+ !flow_action_is_last_entry(&flow->rule->action, action)) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when the conform action is ok, but police action is not last");
+ return -EOPNOTSUPP;
+ }
+
+ if (action->police.peakrate_bytes_ps ||
+ action->police.avrate || action->police.overhead) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Police offload is not supported when peakrate/avrate/overhead is configured");
+ return -EOPNOTSUPP;
+ }
+
if (action->police.rate_bytes_ps > 0) {
if (bps_num++) {
NL_SET_ERR_MSG_MOD(extack,
diff --git a/include/net/flow_offload.h b/include/net/flow_offload.h
index 94cde6bbc8a5..2b9890177aa1 100644
--- a/include/net/flow_offload.h
+++ b/include/net/flow_offload.h
@@ -315,6 +315,12 @@ static inline bool flow_offload_has_one_action(const struct flow_action *action)
return action->num_entries == 1;
}
+static inline bool flow_action_is_last_entry(const struct flow_action *action,
+ const struct flow_action_entry *entry)
+{
+ return entry == &action->entries[action->num_entries - 1];
+}
+
#define flow_action_for_each(__i, __act, __actions) \
for (__i = 0, __act = &(__actions)->entries[0]; \
__i < (__actions)->num_entries; \
--
2.26.2
On 2022-02-17 1:34 PM, Simon Horman wrote:
> On Thu, Feb 17, 2022 at 08:28:01AM +0000, Jianbo Liu wrote:
>> As a preparation for more advanced police offload in mlx5 (e.g.,
>> jumping to another chain when bandwidth is not exceeded), extend the
>> flow offload API with more tc-police parameters. Adjust existing
>> drivers to reject unsupported configurations.
>
> Hi,
>
> I have a concern that
> a) patch 1 introduces a facility that may break existing drivers; and
> b) patch 2 then fixes this
>
> I'd slightly prefer if the series was rearranged to avoid this problem.
>
> ...
Hi Simon,
It can't be rearranged as patch 2 can't compile without patch 1.
Patch 1 only adds more information passing to the driver.
The drivers functionality doesn't change. drivers today ignore
police information, like actions, and still being ignored after patch 1.
patch 2 updates the drivers to use that information instead of
ignoring it. so it fixes the drivers that without patch 1 can't be
fixed.
Thanks,
Roi
On Thu, Feb 17, 2022 at 08:28:01AM +0000, Jianbo Liu wrote:
> As a preparation for more advanced police offload in mlx5 (e.g.,
> jumping to another chain when bandwidth is not exceeded), extend the
> flow offload API with more tc-police parameters. Adjust existing
> drivers to reject unsupported configurations.
Hi,
I have a concern that
a) patch 1 introduces a facility that may break existing drivers; and
b) patch 2 then fixes this
I'd slightly prefer if the series was rearranged to avoid this problem.
...
On Thu, Feb 17, 2022 at 08:28:03AM +0000, Jianbo Liu wrote:
> As more police parameters are passed to flow_offload, driver can check
> them to make sure hardware handles packets in the way indicated by tc.
> The conform-exceed control should be drop/pipe or drop/ok. Besides,
> for drop/ok, the police should be the last action. As hardware can't
> configure peakrate/avrate/overhead, offload should not be supported if
> any of them is configured.
>
> Signed-off-by: Jianbo Liu <[email protected]>
> Reviewed-by: Roi Dayan <[email protected]>
> Reviewed-by: Ido Schimmel <[email protected]>
> ---
Tested-by: Vladimir Oltean <[email protected]>
But could we cut down on line length a little? Example for sja1105
(messages were also shortened):
diff --git a/drivers/net/dsa/sja1105/sja1105_flower.c b/drivers/net/dsa/sja1105/sja1105_flower.c
index 8a14df8cf91e..54a16369a39e 100644
--- a/drivers/net/dsa/sja1105/sja1105_flower.c
+++ b/drivers/net/dsa/sja1105/sja1105_flower.c
@@ -300,6 +300,46 @@ static int sja1105_flower_parse_key(struct sja1105_private *priv,
return -EOPNOTSUPP;
}
+static int sja1105_policer_validate(const struct flow_action *action,
+ const struct flow_action_entry *act,
+ struct netlink_ext_ack *extack)
+{
+ if (act->police.exceed.act_id != FLOW_ACTION_DROP) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Offload not supported when exceed action is not drop");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.notexceed.act_id != FLOW_ACTION_PIPE &&
+ act->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Offload not supported when conform action is not pipe or ok");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
+ !flow_action_is_last_entry(action, act)) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Offload not supported when conform action is ok, but action is not last");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.peakrate_bytes_ps ||
+ act->police.avrate || act->police.overhead) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "Offload not supported when peakrate/avrate/overhead is configured");
+ return -EOPNOTSUPP;
+ }
+
+ if (act->police.rate_pkt_ps) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "QoS offload not support packets per second");
+ return -EOPNOTSUPP;
+ }
+
+ return 0;
+}
+
int sja1105_cls_flower_add(struct dsa_switch *ds, int port,
struct flow_cls_offload *cls, bool ingress)
{
@@ -321,39 +361,10 @@ int sja1105_cls_flower_add(struct dsa_switch *ds, int port,
flow_action_for_each(i, act, &rule->action) {
switch (act->id) {
case FLOW_ACTION_POLICE:
- if (act->police.exceed.act_id != FLOW_ACTION_DROP) {
- NL_SET_ERR_MSG_MOD(extack,
- "Police offload is not supported when the exceed action is not drop");
- return -EOPNOTSUPP;
- }
-
- if (act->police.notexceed.act_id != FLOW_ACTION_PIPE &&
- act->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
- NL_SET_ERR_MSG_MOD(extack,
- "Police offload is not supported when the conform action is not pipe or ok");
- return -EOPNOTSUPP;
- }
-
- if (act->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
- !flow_action_is_last_entry(&rule->action, act)) {
- NL_SET_ERR_MSG_MOD(extack,
- "Police offload is not supported when the conform action is ok, but police action is not last");
- return -EOPNOTSUPP;
- }
-
- if (act->police.peakrate_bytes_ps ||
- act->police.avrate || act->police.overhead) {
- NL_SET_ERR_MSG_MOD(extack,
- "Police offload is not supported when peakrate/avrate/overhead is configured");
- return -EOPNOTSUPP;
- }
-
- if (act->police.rate_pkt_ps) {
- NL_SET_ERR_MSG_MOD(extack,
- "QoS offload not support packets per second");
- rc = -EOPNOTSUPP;
+ rc = sja1105_policer_validate(&rule->action, act,
+ extack);
+ if (rc)
goto out;
- }
rc = sja1105_flower_policer(priv, port, extack, cookie,
&key,
Also, if you create a "validate" function for every driver, you'll
remove code duplication for those drivers that support both matchall and
flower policers.
On Thu, Feb 17, 2022 at 01:52:47PM +0200, Roi Dayan wrote:
> On 2022-02-17 1:34 PM, Simon Horman wrote:
> > On Thu, Feb 17, 2022 at 08:28:01AM +0000, Jianbo Liu wrote:
> > > As a preparation for more advanced police offload in mlx5 (e.g.,
> > > jumping to another chain when bandwidth is not exceeded), extend the
> > > flow offload API with more tc-police parameters. Adjust existing
> > > drivers to reject unsupported configurations.
> >
> > Hi,
> >
> > I have a concern that
> > a) patch 1 introduces a facility that may break existing drivers; and
> > b) patch 2 then fixes this
> >
> > I'd slightly prefer if the series was rearranged to avoid this problem.
> >
> > ...
>
> Hi Simon,
>
> It can't be rearranged as patch 2 can't compile without patch 1.
> Patch 1 only adds more information passing to the driver.
>
> The drivers functionality doesn't change. drivers today ignore
> police information, like actions, and still being ignored after patch 1.
>
> patch 2 updates the drivers to use that information instead of
> ignoring it. so it fixes the drivers that without patch 1 can't be
> fixed.
I think it would be possible, but...
On Thu, Feb 17, 2022 at 01:56:51PM +0200, Ido Schimmel wrote:
...
> Not sure what you mean by the above. Patch #1 extends the flow offload
> API with tc-police parameters that weren't communicated to drivers until
> now. Drivers still ignore the new parameters after this patch. It is
> only in patch #2 that these drivers reject configurations where the
> parameters are set.
>
> Therefore, the only breakage I see is the one that can happen after
> patch #2: unaware user space that was installing actions that weren't
> fully reflected to hardware.
>
> If we want to be on the safe side, it is possible to remove the errors,
> but keep the extack messages so that user space is at least somewhat
> aware.
Yes, I see what you mean.
I'm now comfortable with the way this patchset is arranged.
On Thu, 2022-02-17 at 14:49 +0200, Vladimir Oltean wrote:
> On Thu, Feb 17, 2022 at 08:28:03AM +0000, Jianbo Liu wrote:
> > As more police parameters are passed to flow_offload, driver can
> > check
> > them to make sure hardware handles packets in the way indicated by
> > tc.
> > The conform-exceed control should be drop/pipe or drop/ok. Besides,
> > for drop/ok, the police should be the last action. As hardware
> > can't
> > configure peakrate/avrate/overhead, offload should not be supported
> > if
> > any of them is configured.
> >
> > Signed-off-by: Jianbo Liu <[email protected]>
> > Reviewed-by: Roi Dayan <[email protected]>
> > Reviewed-by: Ido Schimmel <[email protected]>
> > ---
>
> Tested-by: Vladimir Oltean <[email protected]>
>
> But could we cut down on line length a little? Example for sja1105
> (messages were also shortened):
>
> diff --git a/drivers/net/dsa/sja1105/sja1105_flower.c
> b/drivers/net/dsa/sja1105/sja1105_flower.c
> index 8a14df8cf91e..54a16369a39e 100644
> --- a/drivers/net/dsa/sja1105/sja1105_flower.c
> +++ b/drivers/net/dsa/sja1105/sja1105_flower.c
> @@ -300,6 +300,46 @@ static int sja1105_flower_parse_key(struct
> sja1105_private *priv,
> return -EOPNOTSUPP;
> }
>
> +static int sja1105_policer_validate(const struct flow_action
> *action,
> + const struct flow_action_entry
> *act,
> + struct netlink_ext_ack *extack)
> +{
> + if (act->police.exceed.act_id != FLOW_ACTION_DROP) {
> + NL_SET_ERR_MSG_MOD(extack,
> + "Offload not supported when exceed
> action is not drop");
> + return -EOPNOTSUPP;
> + }
> +
> + if (act->police.notexceed.act_id != FLOW_ACTION_PIPE &&
> + act->police.notexceed.act_id != FLOW_ACTION_ACCEPT) {
> + NL_SET_ERR_MSG_MOD(extack,
> + "Offload not supported when
> conform action is not pipe or ok");
> + return -EOPNOTSUPP;
> + }
> +
> + if (act->police.notexceed.act_id == FLOW_ACTION_ACCEPT &&
> + !flow_action_is_last_entry(action, act)) {
> + NL_SET_ERR_MSG_MOD(extack,
> + "Offload not supported when
> conform action is ok, but action is not last");
> + return -EOPNOTSUPP;
> + }
> +
> + if (act->police.peakrate_bytes_ps ||
> + act->police.avrate || act->police.overhead) {
> + NL_SET_ERR_MSG_MOD(extack,
> + "Offload not supported when
> peakrate/avrate/overhead is configured");
> + return -EOPNOTSUPP;
> + }
> +
> + if (act->police.rate_pkt_ps) {
> + NL_SET_ERR_MSG_MOD(extack,
> + "QoS offload not support packets
> per second");
> + return -EOPNOTSUPP;
> + }
> +
> + return 0;
> +}
> +
> int sja1105_cls_flower_add(struct dsa_switch *ds, int port,
> struct flow_cls_offload *cls, bool
> ingress)
> {
> @@ -321,39 +361,10 @@ int sja1105_cls_flower_add(struct dsa_switch
> *ds, int port,
> flow_action_for_each(i, act, &rule->action) {
> switch (act->id) {
> case FLOW_ACTION_POLICE:
> - if (act->police.exceed.act_id !=
> FLOW_ACTION_DROP) {
> - NL_SET_ERR_MSG_MOD(extack,
> - "Police offload is
> not supported when the exceed action is not drop");
> - return -EOPNOTSUPP;
> - }
> -
> - if (act->police.notexceed.act_id !=
> FLOW_ACTION_PIPE &&
> - act->police.notexceed.act_id !=
> FLOW_ACTION_ACCEPT) {
> - NL_SET_ERR_MSG_MOD(extack,
> - "Police offload is
> not supported when the conform action is not pipe or ok");
> - return -EOPNOTSUPP;
> - }
> -
> - if (act->police.notexceed.act_id ==
> FLOW_ACTION_ACCEPT &&
> - !flow_action_is_last_entry(&rule->action,
> act)) {
> - NL_SET_ERR_MSG_MOD(extack,
> - "Police offload is
> not supported when the conform action is ok, but police action is not
> last");
> - return -EOPNOTSUPP;
> - }
> -
> - if (act->police.peakrate_bytes_ps ||
> - act->police.avrate || act-
> >police.overhead) {
> - NL_SET_ERR_MSG_MOD(extack,
> - "Police offload is
> not supported when peakrate/avrate/overhead is configured");
> - return -EOPNOTSUPP;
> - }
> -
> - if (act->police.rate_pkt_ps) {
> - NL_SET_ERR_MSG_MOD(extack,
> - "QoS offload not
> support packets per second");
> - rc = -EOPNOTSUPP;
> + rc = sja1105_policer_validate(&rule->action,
> act,
> + extack);
> + if (rc)
> goto out;
> - }
>
> rc = sja1105_flower_policer(priv, port,
> extack, cookie,
> &key,
>
> Also, if you create a "validate" function for every driver, you'll
> remove code duplication for those drivers that support both matchall
> and
> flower policers.
Hi Vladimir,
I'd love to hear your suggestion regarding where this validate function
to be placed for drivers/net/ethernet/mscc, as it will be used by both
ocelot_net.c and ocelot_flower.c.
Thanks!
Jianbo
Hi Jianbo,
On Tue, Feb 22, 2022 at 01:58:23AM +0000, Jianbo Liu wrote:
> Hi Vladimir,
>
> I'd love to hear your suggestion regarding where this validate function
> to be placed for drivers/net/ethernet/mscc, as it will be used by both
> ocelot_net.c and ocelot_flower.c.
>
> Thanks!
> Jianbo
Try the attached patch on top of yours.
Since almost all the drivers that support to offload police action make the similar validation, if it make sense to add the validation in the file of flow_offload.h or flow_offload.c?
Then the other drivers do not need to make the similar validation.
WDYT?
On Tuesday, February 22, 2022 6:10 PM, Vladimir wrote:
>On Tue, Feb 22, 2022 at 01:58:23AM +0000, Jianbo Liu wrote:
>> Hi Vladimir,
>>
>> I'd love to hear your suggestion regarding where this validate
>> function to be placed for drivers/net/ethernet/mscc, as it will be
>> used by both ocelot_net.c and ocelot_flower.c.
>>
>> Thanks!
>> Jianbo
>
>Try the attached patch on top of yours.
On Tue, 2022-02-22 at 10:09 +0000, Vladimir Oltean wrote:
> Hi Jianbo,
>
> On Tue, Feb 22, 2022 at 01:58:23AM +0000, Jianbo Liu wrote:
> > Hi Vladimir,
> >
> > I'd love to hear your suggestion regarding where this validate
> > function
> > to be placed for drivers/net/ethernet/mscc, as it will be used by
> > both
> > ocelot_net.c and ocelot_flower.c.
> >
> > Thanks!
> > Jianbo
>
> Try the attached patch on top of yours.
OK, thanks!
On Tue, Feb 22, 2022 at 10:29:57AM +0000, Baowen Zheng wrote:
> Since almost all the drivers that support to offload police action make the similar validation, if it make sense to add the validation in the file of flow_offload.h or flow_offload.c?
> Then the other drivers do not need to make the similar validation.
> WDYT?
But not all the drivers need the same validation. For example, nfp is
one of the few drivers that supports policing based on packet rate. The
octeontx2 driver has different restrictions based on whether the policer
is attached to matchall or flower.
We can put the restrictions that are common between all the drivers
somewhere, but it's not that much and it will also change over time,
resulting in needless churn where checks are moved to individual
drivers.