The patch validates that sample actions include terminal action
Fixes: d986f04d6529 ("net/mlx5: add functions for non-template flow sample")
Signed-off-by: Gregory Etelson <[email protected]>
---
drivers/net/mlx5/mlx5_flow.h | 3 +++
drivers/net/mlx5/mlx5_flow_hw.c | 4 ---
drivers/net/mlx5/mlx5_nta_sample.c | 43 +++++++++++++++++++++++++++++-
3 files changed, 45 insertions(+), 5 deletions(-)
diff --git a/drivers/net/mlx5/mlx5_flow.h b/drivers/net/mlx5/mlx5_flow.h
index 146d547f72..d4f4d5a8ef 100644
--- a/drivers/net/mlx5/mlx5_flow.h
+++ b/drivers/net/mlx5/mlx5_flow.h
@@ -21,6 +21,9 @@
#include "hws/mlx5dr.h"
#include "mlx5_tx.h"
+#define MLX5_HW_PORT_IS_PROXY(priv) \
+ (!!((priv)->sh->esw_mode && (priv)->master))
+
/* E-Switch Manager port, used for rte_flow_item_port_id. */
#define MLX5_PORT_ESW_MGR UINT32_MAX
diff --git a/drivers/net/mlx5/mlx5_flow_hw.c b/drivers/net/mlx5/mlx5_flow_hw.c
index ff68483a40..2d80c99c18 100644
--- a/drivers/net/mlx5/mlx5_flow_hw.c
+++ b/drivers/net/mlx5/mlx5_flow_hw.c
@@ -62,10 +62,6 @@ static struct rte_flow_fp_ops mlx5_flow_hw_fp_ops;
#define MLX5_HW_VLAN_PUSH_VID_IDX 1
#define MLX5_HW_VLAN_PUSH_PCP_IDX 2
-#define MLX5_HW_PORT_IS_PROXY(priv) \
- (!!((priv)->sh->esw_mode && (priv)->master))
-
-
struct mlx5_indlst_legacy {
struct mlx5_indirect_list indirect;
struct rte_flow_action_handle *handle;
diff --git a/drivers/net/mlx5/mlx5_nta_sample.c
b/drivers/net/mlx5/mlx5_nta_sample.c
index 938108cf4c..0b7b3d0c8e 100644
--- a/drivers/net/mlx5/mlx5_nta_sample.c
+++ b/drivers/net/mlx5/mlx5_nta_sample.c
@@ -525,6 +525,42 @@ validate_prefix_actions(const struct rte_flow_action
*actions)
return i < MLX5_HW_MAX_ACTS - 1;
}
+static bool
+validate_sample_terminal_actions(const struct rte_eth_dev *dev,
+ const struct rte_flow_attr *flow_attr,
+ const struct rte_flow_action *actions)
+{
+ uint32_t i;
+ const struct mlx5_priv *priv = dev->data->dev_private;
+ const struct rte_flow_action_ethdev *port = NULL;
+ bool is_proxy = MLX5_HW_PORT_IS_PROXY(priv);
+ const struct rte_flow_action *a = NULL;
+
+ for (i = 0; actions[i].type != RTE_FLOW_ACTION_TYPE_END; i++) {
+ if (actions[i].type != RTE_FLOW_ACTION_TYPE_VOID)
+ a = &actions[i];
+ }
+ if (a == NULL)
+ return false;
+ switch (a->type) {
+ case RTE_FLOW_ACTION_TYPE_JUMP:
+ case RTE_FLOW_ACTION_TYPE_QUEUE:
+ case RTE_FLOW_ACTION_TYPE_DROP:
+ case RTE_FLOW_ACTION_TYPE_REPRESENTED_PORT:
+ return true;
+ case RTE_FLOW_ACTION_TYPE_PORT_REPRESENTOR:
+ if (!is_proxy || !flow_attr->transfer)
+ return false;
+ port = a->conf;
+ if (!port || port->port_id != MLX5_REPRESENTED_PORT_ESW_MGR)
+ return false;
+ return true;
+ default:
+ break;
+ }
+ return false;
+}
+
static void
action_append(struct rte_flow_action *actions, const struct rte_flow_action
*last)
{
@@ -829,10 +865,15 @@ mlx5_nta_sample_flow_list_create(struct rte_eth_dev *dev,
}
mlx5_nta_parse_sample_actions(actions, &sample, prefix_actions,
suffix_actions);
if (!validate_prefix_actions(prefix_actions)) {
- rte_flow_error_set(error, -EINVAL, RTE_FLOW_ERROR_TYPE_ACTION,
+ rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ACTION,
NULL, "Too many actions");
return NULL;
}
+ if (!validate_sample_terminal_actions(dev, attr, sample)) {
+ rte_flow_error_set(error, EINVAL, RTE_FLOW_ERROR_TYPE_ACTION,
+ NULL, "Invalid sample actions");
+ return NULL;
+ }
sample_conf = (const struct rte_flow_action_sample *)sample->conf;
sample_actions = (struct rte_flow_action
*)(uintptr_t)sample_conf->actions;
mirror_entry = mlx5_create_nta_mirror(dev, attr, sample_actions,
--
2.51.0
