mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-07 21:53:44 +00:00
net: mscc: ocelot: create a function that replaces an existing VCAP filter
VCAP (Versatile Content Aware Processor) is the TCAM-based engine behind tc flower offload on ocelot, among other things. The ingress port mask on which VCAP rules match is present as a bit field in the actual key of the rule. This means that it is possible for a rule to be shared among multiple source ports. When the rule is added one by one on each desired port, that the ingress port mask of the key must be edited and rewritten to hardware. But the API in ocelot_vcap.c does not allow for this. For one thing, ocelot_vcap_filter_add() and ocelot_vcap_filter_del() are not symmetric, because ocelot_vcap_filter_add() works with a preallocated and prepopulated filter and programs it to hardware, and ocelot_vcap_filter_del() does both the job of removing the specified filter from hardware, as well as kfreeing it. That is to say, the only option of editing a filter in place, which is to delete it, modify the structure and add it back, does not work because it results in use-after-free. This patch introduces ocelot_vcap_filter_replace, which trivially reprograms a VCAP entry to hardware, at the exact same index at which it existed before, without modifying any list or allocating any memory. Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Acked-by: Richard Cochran <richardcochran@gmail.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
parent
8a075464d1
commit
95706be13b
@ -1217,6 +1217,22 @@ int ocelot_vcap_filter_del(struct ocelot *ocelot,
|
||||
}
|
||||
EXPORT_SYMBOL(ocelot_vcap_filter_del);
|
||||
|
||||
int ocelot_vcap_filter_replace(struct ocelot *ocelot,
|
||||
struct ocelot_vcap_filter *filter)
|
||||
{
|
||||
struct ocelot_vcap_block *block = &ocelot->block[filter->block_id];
|
||||
int index;
|
||||
|
||||
index = ocelot_vcap_block_get_filter_index(block, filter);
|
||||
if (index < 0)
|
||||
return index;
|
||||
|
||||
vcap_entry_set(ocelot, index, filter);
|
||||
|
||||
return 0;
|
||||
}
|
||||
EXPORT_SYMBOL(ocelot_vcap_filter_replace);
|
||||
|
||||
int ocelot_vcap_filter_stats_update(struct ocelot *ocelot,
|
||||
struct ocelot_vcap_filter *filter)
|
||||
{
|
||||
|
@ -703,6 +703,8 @@ int ocelot_vcap_filter_add(struct ocelot *ocelot,
|
||||
struct netlink_ext_ack *extack);
|
||||
int ocelot_vcap_filter_del(struct ocelot *ocelot,
|
||||
struct ocelot_vcap_filter *rule);
|
||||
int ocelot_vcap_filter_replace(struct ocelot *ocelot,
|
||||
struct ocelot_vcap_filter *filter);
|
||||
struct ocelot_vcap_filter *
|
||||
ocelot_vcap_block_find_filter_by_id(struct ocelot_vcap_block *block,
|
||||
unsigned long cookie, bool tc_offload);
|
||||
|
Loading…
Reference in New Issue
Block a user