• Vladimir Oltean's avatar
    net: mscc: ocelot: create a function that replaces an existing VCAP filter · 95706be1
    Vladimir Oltean authored
    VCAP (Versatile Content Aware Processor) is the TCAM-based engine behind
    tc flower offload on ocelot, among other things. The ingress port mask
    on which VCAP rules match is present as a bit field in the actual key of
    the rule. This means that it is possible for a rule to be shared among
    multiple source ports. When the rule is added one by one on each desired
    port, that the ingress port mask of the key must be edited and rewritten
    to hardware.
    
    But the API in ocelot_vcap.c does not allow for this. For one thing,
    ocelot_vcap_filter_add() and ocelot_vcap_filter_del() are not symmetric,
    because ocelot_vcap_filter_add() works with a preallocated and
    prepopulated filter and programs it to hardware, and
    ocelot_vcap_filter_del() does both the job of removing the specified
    filter from hardware, as well as kfreeing it. That is to say, the only
    option of editing a filter in place, which is to delete it, modify the
    structure and add it back, does not work because it results in
    use-after-free.
    
    This patch introduces ocelot_vcap_filter_replace, which trivially
    reprograms a VCAP entry to hardware, at the exact same index at which it
    existed before, without modifying any list or allocating any memory.
    Signed-off-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
    Acked-by: default avatarRichard Cochran <richardcochran@gmail.com>
    Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
    95706be1
ocelot_vcap.h 18.2 KB