1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright (c) 2007-2014 Nicira, Inc.
6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8 #include <linux/init.h>
9 #include <linux/module.h>
10 #include <linux/if_arp.h>
11 #include <linux/if_vlan.h>
14 #include <linux/jhash.h>
15 #include <linux/delay.h>
16 #include <linux/time.h>
17 #include <linux/etherdevice.h>
18 #include <linux/genetlink.h>
19 #include <linux/kernel.h>
20 #include <linux/kthread.h>
21 #include <linux/mutex.h>
22 #include <linux/percpu.h>
23 #include <linux/rcupdate.h>
24 #include <linux/tcp.h>
25 #include <linux/udp.h>
26 #include <linux/ethtool.h>
27 #include <linux/wait.h>
28 #include <asm/div64.h>
29 #include <linux/highmem.h>
30 #include <linux/netfilter_bridge.h>
31 #include <linux/netfilter_ipv4.h>
32 #include <linux/inetdevice.h>
33 #include <linux/list.h>
34 #include <linux/openvswitch.h>
35 #include <linux/rculist.h>
36 #include <linux/dmi.h>
37 #include <net/genetlink.h>
38 #include <net/net_namespace.h>
39 #include <net/netns/generic.h>
40 #include <net/pkt_cls.h>
44 #include "flow_table.h"
45 #include "flow_netlink.h"
47 #include "openvswitch_trace.h"
48 #include "vport-internal_dev.h"
49 #include "vport-netdev.h"
51 unsigned int ovs_net_id __read_mostly;
53 static struct genl_family dp_packet_genl_family;
54 static struct genl_family dp_flow_genl_family;
55 static struct genl_family dp_datapath_genl_family;
57 static const struct nla_policy flow_policy[];
59 static const struct genl_multicast_group ovs_dp_flow_multicast_group = {
60 .name = OVS_FLOW_MCGROUP,
63 static const struct genl_multicast_group ovs_dp_datapath_multicast_group = {
64 .name = OVS_DATAPATH_MCGROUP,
67 static const struct genl_multicast_group ovs_dp_vport_multicast_group = {
68 .name = OVS_VPORT_MCGROUP,
71 /* Check if need to build a reply message.
72 * OVS userspace sets the NLM_F_ECHO flag if it needs the reply. */
73 static bool ovs_must_notify(struct genl_family *family, struct genl_info *info,
76 return info->nlhdr->nlmsg_flags & NLM_F_ECHO ||
77 genl_has_listeners(family, genl_info_net(info), group);
80 static void ovs_notify(struct genl_family *family,
81 struct sk_buff *skb, struct genl_info *info)
83 genl_notify(family, skb, info, 0, GFP_KERNEL);
89 * All writes e.g. Writes to device state (add/remove datapath, port, set
90 * operations on vports, etc.), Writes to other state (flow table
91 * modifications, set miscellaneous datapath parameters, etc.) are protected
94 * Reads are protected by RCU.
96 * There are a few special cases (mostly stats) that have their own
97 * synchronization but they nest under all of above and don't interact with
100 * The RTNL lock nests inside ovs_mutex.
103 static DEFINE_MUTEX(ovs_mutex);
107 mutex_lock(&ovs_mutex);
110 void ovs_unlock(void)
112 mutex_unlock(&ovs_mutex);
115 #ifdef CONFIG_LOCKDEP
116 int lockdep_ovsl_is_held(void)
119 return lockdep_is_held(&ovs_mutex);
125 static struct vport *new_vport(const struct vport_parms *);
126 static int queue_gso_packets(struct datapath *dp, struct sk_buff *,
127 const struct sw_flow_key *,
128 const struct dp_upcall_info *,
130 static int queue_userspace_packet(struct datapath *dp, struct sk_buff *,
131 const struct sw_flow_key *,
132 const struct dp_upcall_info *,
135 static void ovs_dp_masks_rebalance(struct work_struct *work);
137 static int ovs_dp_set_upcall_portids(struct datapath *, const struct nlattr *);
139 /* Must be called with rcu_read_lock or ovs_mutex. */
140 const char *ovs_dp_name(const struct datapath *dp)
142 struct vport *vport = ovs_vport_ovsl_rcu(dp, OVSP_LOCAL);
143 return ovs_vport_name(vport);
146 static int get_dpifindex(const struct datapath *dp)
153 local = ovs_vport_rcu(dp, OVSP_LOCAL);
155 ifindex = local->dev->ifindex;
164 static void destroy_dp_rcu(struct rcu_head *rcu)
166 struct datapath *dp = container_of(rcu, struct datapath, rcu);
168 ovs_flow_tbl_destroy(&dp->table);
169 free_percpu(dp->stats_percpu);
172 kfree(rcu_dereference_raw(dp->upcall_portids));
176 static struct hlist_head *vport_hash_bucket(const struct datapath *dp,
179 return &dp->ports[port_no & (DP_VPORT_HASH_BUCKETS - 1)];
182 /* Called with ovs_mutex or RCU read lock. */
183 struct vport *ovs_lookup_vport(const struct datapath *dp, u16 port_no)
186 struct hlist_head *head;
188 head = vport_hash_bucket(dp, port_no);
189 hlist_for_each_entry_rcu(vport, head, dp_hash_node,
190 lockdep_ovsl_is_held()) {
191 if (vport->port_no == port_no)
197 /* Called with ovs_mutex. */
198 static struct vport *new_vport(const struct vport_parms *parms)
202 vport = ovs_vport_add(parms);
203 if (!IS_ERR(vport)) {
204 struct datapath *dp = parms->dp;
205 struct hlist_head *head = vport_hash_bucket(dp, vport->port_no);
207 hlist_add_head_rcu(&vport->dp_hash_node, head);
212 static void ovs_vport_update_upcall_stats(struct sk_buff *skb,
213 const struct dp_upcall_info *upcall_info,
216 struct vport *p = OVS_CB(skb)->input_vport;
217 struct vport_upcall_stats_percpu *stats;
219 if (upcall_info->cmd != OVS_PACKET_CMD_MISS &&
220 upcall_info->cmd != OVS_PACKET_CMD_ACTION)
223 stats = this_cpu_ptr(p->upcall_stats);
224 u64_stats_update_begin(&stats->syncp);
226 u64_stats_inc(&stats->n_success);
228 u64_stats_inc(&stats->n_fail);
229 u64_stats_update_end(&stats->syncp);
232 void ovs_dp_detach_port(struct vport *p)
236 /* First drop references to device. */
237 hlist_del_rcu(&p->dp_hash_node);
239 /* Then destroy it. */
243 /* Must be called with rcu_read_lock. */
244 void ovs_dp_process_packet(struct sk_buff *skb, struct sw_flow_key *key)
246 const struct vport *p = OVS_CB(skb)->input_vport;
247 struct datapath *dp = p->dp;
248 struct sw_flow *flow;
249 struct sw_flow_actions *sf_acts;
250 struct dp_stats_percpu *stats;
256 stats = this_cpu_ptr(dp->stats_percpu);
259 flow = ovs_flow_tbl_lookup_stats(&dp->table, key, skb_get_hash(skb),
260 &n_mask_hit, &n_cache_hit);
261 if (unlikely(!flow)) {
262 struct dp_upcall_info upcall;
264 memset(&upcall, 0, sizeof(upcall));
265 upcall.cmd = OVS_PACKET_CMD_MISS;
267 if (dp->user_features & OVS_DP_F_DISPATCH_UPCALL_PER_CPU)
269 ovs_dp_get_upcall_portid(dp, smp_processor_id());
271 upcall.portid = ovs_vport_find_upcall_portid(p, skb);
273 upcall.mru = OVS_CB(skb)->mru;
274 error = ovs_dp_upcall(dp, skb, key, &upcall, 0);
286 stats_counter = &stats->n_missed;
290 ovs_flow_stats_update(flow, key->tp.flags, skb);
291 sf_acts = rcu_dereference(flow->sf_acts);
292 error = ovs_execute_actions(dp, skb, sf_acts, key);
294 net_dbg_ratelimited("ovs: action execution error on datapath %s: %d\n",
295 ovs_dp_name(dp), error);
297 stats_counter = &stats->n_hit;
300 /* Update datapath statistics. */
301 u64_stats_update_begin(&stats->syncp);
303 stats->n_mask_hit += n_mask_hit;
304 stats->n_cache_hit += n_cache_hit;
305 u64_stats_update_end(&stats->syncp);
308 int ovs_dp_upcall(struct datapath *dp, struct sk_buff *skb,
309 const struct sw_flow_key *key,
310 const struct dp_upcall_info *upcall_info,
313 struct dp_stats_percpu *stats;
316 if (trace_ovs_dp_upcall_enabled())
317 trace_ovs_dp_upcall(dp, skb, key, upcall_info);
319 if (upcall_info->portid == 0) {
324 if (!skb_is_gso(skb))
325 err = queue_userspace_packet(dp, skb, key, upcall_info, cutlen);
327 err = queue_gso_packets(dp, skb, key, upcall_info, cutlen);
329 ovs_vport_update_upcall_stats(skb, upcall_info, !err);
336 stats = this_cpu_ptr(dp->stats_percpu);
338 u64_stats_update_begin(&stats->syncp);
340 u64_stats_update_end(&stats->syncp);
345 static int queue_gso_packets(struct datapath *dp, struct sk_buff *skb,
346 const struct sw_flow_key *key,
347 const struct dp_upcall_info *upcall_info,
350 unsigned int gso_type = skb_shinfo(skb)->gso_type;
351 struct sw_flow_key later_key;
352 struct sk_buff *segs, *nskb;
355 BUILD_BUG_ON(sizeof(*OVS_CB(skb)) > SKB_GSO_CB_OFFSET);
356 segs = __skb_gso_segment(skb, NETIF_F_SG, false);
358 return PTR_ERR(segs);
362 if (gso_type & SKB_GSO_UDP) {
363 /* The initial flow key extracted by ovs_flow_key_extract()
364 * in this case is for a first fragment, so we need to
365 * properly mark later fragments.
368 later_key.ip.frag = OVS_FRAG_TYPE_LATER;
371 /* Queue all of the segments. */
372 skb_list_walk_safe(segs, skb, nskb) {
373 if (gso_type & SKB_GSO_UDP && skb != segs)
376 err = queue_userspace_packet(dp, skb, key, upcall_info, cutlen);
382 /* Free all of the segments. */
383 skb_list_walk_safe(segs, skb, nskb) {
392 static size_t upcall_msg_size(const struct dp_upcall_info *upcall_info,
393 unsigned int hdrlen, int actions_attrlen)
395 size_t size = NLMSG_ALIGN(sizeof(struct ovs_header))
396 + nla_total_size(hdrlen) /* OVS_PACKET_ATTR_PACKET */
397 + nla_total_size(ovs_key_attr_size()) /* OVS_PACKET_ATTR_KEY */
398 + nla_total_size(sizeof(unsigned int)) /* OVS_PACKET_ATTR_LEN */
399 + nla_total_size(sizeof(u64)); /* OVS_PACKET_ATTR_HASH */
401 /* OVS_PACKET_ATTR_USERDATA */
402 if (upcall_info->userdata)
403 size += NLA_ALIGN(upcall_info->userdata->nla_len);
405 /* OVS_PACKET_ATTR_EGRESS_TUN_KEY */
406 if (upcall_info->egress_tun_info)
407 size += nla_total_size(ovs_tun_key_attr_size());
409 /* OVS_PACKET_ATTR_ACTIONS */
410 if (upcall_info->actions_len)
411 size += nla_total_size(actions_attrlen);
413 /* OVS_PACKET_ATTR_MRU */
414 if (upcall_info->mru)
415 size += nla_total_size(sizeof(upcall_info->mru));
420 static void pad_packet(struct datapath *dp, struct sk_buff *skb)
422 if (!(dp->user_features & OVS_DP_F_UNALIGNED)) {
423 size_t plen = NLA_ALIGN(skb->len) - skb->len;
426 skb_put_zero(skb, plen);
430 static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
431 const struct sw_flow_key *key,
432 const struct dp_upcall_info *upcall_info,
435 struct ovs_header *upcall;
436 struct sk_buff *nskb = NULL;
437 struct sk_buff *user_skb = NULL; /* to be queued to userspace */
444 dp_ifindex = get_dpifindex(dp);
448 if (skb_vlan_tag_present(skb)) {
449 nskb = skb_clone(skb, GFP_ATOMIC);
453 nskb = __vlan_hwaccel_push_inside(nskb);
460 if (nla_attr_size(skb->len) > USHRT_MAX) {
465 /* Complete checksum if needed */
466 if (skb->ip_summed == CHECKSUM_PARTIAL &&
467 (err = skb_csum_hwoffload_help(skb, 0)))
470 /* Older versions of OVS user space enforce alignment of the last
471 * Netlink attribute to NLA_ALIGNTO which would require extensive
472 * padding logic. Only perform zerocopy if padding is not required.
474 if (dp->user_features & OVS_DP_F_UNALIGNED)
475 hlen = skb_zerocopy_headlen(skb);
479 len = upcall_msg_size(upcall_info, hlen - cutlen,
480 OVS_CB(skb)->acts_origlen);
481 user_skb = genlmsg_new(len, GFP_ATOMIC);
487 upcall = genlmsg_put(user_skb, 0, 0, &dp_packet_genl_family,
488 0, upcall_info->cmd);
493 upcall->dp_ifindex = dp_ifindex;
495 err = ovs_nla_put_key(key, key, OVS_PACKET_ATTR_KEY, false, user_skb);
499 if (upcall_info->userdata)
500 __nla_put(user_skb, OVS_PACKET_ATTR_USERDATA,
501 nla_len(upcall_info->userdata),
502 nla_data(upcall_info->userdata));
504 if (upcall_info->egress_tun_info) {
505 nla = nla_nest_start_noflag(user_skb,
506 OVS_PACKET_ATTR_EGRESS_TUN_KEY);
511 err = ovs_nla_put_tunnel_info(user_skb,
512 upcall_info->egress_tun_info);
516 nla_nest_end(user_skb, nla);
519 if (upcall_info->actions_len) {
520 nla = nla_nest_start_noflag(user_skb, OVS_PACKET_ATTR_ACTIONS);
525 err = ovs_nla_put_actions(upcall_info->actions,
526 upcall_info->actions_len,
529 nla_nest_end(user_skb, nla);
531 nla_nest_cancel(user_skb, nla);
534 /* Add OVS_PACKET_ATTR_MRU */
535 if (upcall_info->mru &&
536 nla_put_u16(user_skb, OVS_PACKET_ATTR_MRU, upcall_info->mru)) {
541 /* Add OVS_PACKET_ATTR_LEN when packet is truncated */
543 nla_put_u32(user_skb, OVS_PACKET_ATTR_LEN, skb->len)) {
548 /* Add OVS_PACKET_ATTR_HASH */
549 hash = skb_get_hash_raw(skb);
551 hash |= OVS_PACKET_HASH_SW_BIT;
554 hash |= OVS_PACKET_HASH_L4_BIT;
556 if (nla_put(user_skb, OVS_PACKET_ATTR_HASH, sizeof (u64), &hash)) {
561 /* Only reserve room for attribute header, packet data is added
562 * in skb_zerocopy() */
563 if (!(nla = nla_reserve(user_skb, OVS_PACKET_ATTR_PACKET, 0))) {
567 nla->nla_len = nla_attr_size(skb->len - cutlen);
569 err = skb_zerocopy(user_skb, skb, skb->len - cutlen, hlen);
573 /* Pad OVS_PACKET_ATTR_PACKET if linear copy was performed */
574 pad_packet(dp, user_skb);
576 ((struct nlmsghdr *) user_skb->data)->nlmsg_len = user_skb->len;
578 err = genlmsg_unicast(ovs_dp_get_net(dp), user_skb, upcall_info->portid);
583 consume_skb(user_skb);
589 static int ovs_packet_cmd_execute(struct sk_buff *skb, struct genl_info *info)
591 struct ovs_header *ovs_header = info->userhdr;
592 struct net *net = sock_net(skb->sk);
593 struct nlattr **a = info->attrs;
594 struct sw_flow_actions *acts;
595 struct sk_buff *packet;
596 struct sw_flow *flow;
597 struct sw_flow_actions *sf_acts;
599 struct vport *input_vport;
604 bool log = !a[OVS_PACKET_ATTR_PROBE];
607 if (!a[OVS_PACKET_ATTR_PACKET] || !a[OVS_PACKET_ATTR_KEY] ||
608 !a[OVS_PACKET_ATTR_ACTIONS])
611 len = nla_len(a[OVS_PACKET_ATTR_PACKET]);
612 packet = __dev_alloc_skb(NET_IP_ALIGN + len, GFP_KERNEL);
616 skb_reserve(packet, NET_IP_ALIGN);
618 nla_memcpy(__skb_put(packet, len), a[OVS_PACKET_ATTR_PACKET], len);
620 /* Set packet's mru */
621 if (a[OVS_PACKET_ATTR_MRU]) {
622 mru = nla_get_u16(a[OVS_PACKET_ATTR_MRU]);
623 packet->ignore_df = 1;
625 OVS_CB(packet)->mru = mru;
627 if (a[OVS_PACKET_ATTR_HASH]) {
628 hash = nla_get_u64(a[OVS_PACKET_ATTR_HASH]);
630 __skb_set_hash(packet, hash & 0xFFFFFFFFULL,
631 !!(hash & OVS_PACKET_HASH_SW_BIT),
632 !!(hash & OVS_PACKET_HASH_L4_BIT));
635 /* Build an sw_flow for sending this packet. */
636 flow = ovs_flow_alloc();
641 err = ovs_flow_key_extract_userspace(net, a[OVS_PACKET_ATTR_KEY],
642 packet, &flow->key, log);
646 err = ovs_nla_copy_actions(net, a[OVS_PACKET_ATTR_ACTIONS],
647 &flow->key, &acts, log);
651 rcu_assign_pointer(flow->sf_acts, acts);
652 packet->priority = flow->key.phy.priority;
653 packet->mark = flow->key.phy.skb_mark;
656 dp = get_dp_rcu(net, ovs_header->dp_ifindex);
661 input_vport = ovs_vport_rcu(dp, flow->key.phy.in_port);
663 input_vport = ovs_vport_rcu(dp, OVSP_LOCAL);
668 packet->dev = input_vport->dev;
669 OVS_CB(packet)->input_vport = input_vport;
670 sf_acts = rcu_dereference(flow->sf_acts);
673 err = ovs_execute_actions(dp, packet, sf_acts, &flow->key);
677 ovs_flow_free(flow, false);
683 ovs_flow_free(flow, false);
690 static const struct nla_policy packet_policy[OVS_PACKET_ATTR_MAX + 1] = {
691 [OVS_PACKET_ATTR_PACKET] = { .len = ETH_HLEN },
692 [OVS_PACKET_ATTR_KEY] = { .type = NLA_NESTED },
693 [OVS_PACKET_ATTR_ACTIONS] = { .type = NLA_NESTED },
694 [OVS_PACKET_ATTR_PROBE] = { .type = NLA_FLAG },
695 [OVS_PACKET_ATTR_MRU] = { .type = NLA_U16 },
696 [OVS_PACKET_ATTR_HASH] = { .type = NLA_U64 },
699 static const struct genl_small_ops dp_packet_genl_ops[] = {
700 { .cmd = OVS_PACKET_CMD_EXECUTE,
701 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
702 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
703 .doit = ovs_packet_cmd_execute
707 static struct genl_family dp_packet_genl_family __ro_after_init = {
708 .hdrsize = sizeof(struct ovs_header),
709 .name = OVS_PACKET_FAMILY,
710 .version = OVS_PACKET_VERSION,
711 .maxattr = OVS_PACKET_ATTR_MAX,
712 .policy = packet_policy,
714 .parallel_ops = true,
715 .small_ops = dp_packet_genl_ops,
716 .n_small_ops = ARRAY_SIZE(dp_packet_genl_ops),
717 .resv_start_op = OVS_PACKET_CMD_EXECUTE + 1,
718 .module = THIS_MODULE,
721 static void get_dp_stats(const struct datapath *dp, struct ovs_dp_stats *stats,
722 struct ovs_dp_megaflow_stats *mega_stats)
726 memset(mega_stats, 0, sizeof(*mega_stats));
728 stats->n_flows = ovs_flow_tbl_count(&dp->table);
729 mega_stats->n_masks = ovs_flow_tbl_num_masks(&dp->table);
731 stats->n_hit = stats->n_missed = stats->n_lost = 0;
733 for_each_possible_cpu(i) {
734 const struct dp_stats_percpu *percpu_stats;
735 struct dp_stats_percpu local_stats;
738 percpu_stats = per_cpu_ptr(dp->stats_percpu, i);
741 start = u64_stats_fetch_begin(&percpu_stats->syncp);
742 local_stats = *percpu_stats;
743 } while (u64_stats_fetch_retry(&percpu_stats->syncp, start));
745 stats->n_hit += local_stats.n_hit;
746 stats->n_missed += local_stats.n_missed;
747 stats->n_lost += local_stats.n_lost;
748 mega_stats->n_mask_hit += local_stats.n_mask_hit;
749 mega_stats->n_cache_hit += local_stats.n_cache_hit;
753 static bool should_fill_key(const struct sw_flow_id *sfid, uint32_t ufid_flags)
755 return ovs_identifier_is_ufid(sfid) &&
756 !(ufid_flags & OVS_UFID_F_OMIT_KEY);
759 static bool should_fill_mask(uint32_t ufid_flags)
761 return !(ufid_flags & OVS_UFID_F_OMIT_MASK);
764 static bool should_fill_actions(uint32_t ufid_flags)
766 return !(ufid_flags & OVS_UFID_F_OMIT_ACTIONS);
769 static size_t ovs_flow_cmd_msg_size(const struct sw_flow_actions *acts,
770 const struct sw_flow_id *sfid,
773 size_t len = NLMSG_ALIGN(sizeof(struct ovs_header));
775 /* OVS_FLOW_ATTR_UFID, or unmasked flow key as fallback
776 * see ovs_nla_put_identifier()
778 if (sfid && ovs_identifier_is_ufid(sfid))
779 len += nla_total_size(sfid->ufid_len);
781 len += nla_total_size(ovs_key_attr_size());
783 /* OVS_FLOW_ATTR_KEY */
784 if (!sfid || should_fill_key(sfid, ufid_flags))
785 len += nla_total_size(ovs_key_attr_size());
787 /* OVS_FLOW_ATTR_MASK */
788 if (should_fill_mask(ufid_flags))
789 len += nla_total_size(ovs_key_attr_size());
791 /* OVS_FLOW_ATTR_ACTIONS */
792 if (should_fill_actions(ufid_flags))
793 len += nla_total_size(acts->orig_len);
796 + nla_total_size_64bit(sizeof(struct ovs_flow_stats)) /* OVS_FLOW_ATTR_STATS */
797 + nla_total_size(1) /* OVS_FLOW_ATTR_TCP_FLAGS */
798 + nla_total_size_64bit(8); /* OVS_FLOW_ATTR_USED */
801 /* Called with ovs_mutex or RCU read lock. */
802 static int ovs_flow_cmd_fill_stats(const struct sw_flow *flow,
805 struct ovs_flow_stats stats;
809 ovs_flow_stats_get(flow, &stats, &used, &tcp_flags);
812 nla_put_u64_64bit(skb, OVS_FLOW_ATTR_USED, ovs_flow_used_time(used),
816 if (stats.n_packets &&
817 nla_put_64bit(skb, OVS_FLOW_ATTR_STATS,
818 sizeof(struct ovs_flow_stats), &stats,
822 if ((u8)ntohs(tcp_flags) &&
823 nla_put_u8(skb, OVS_FLOW_ATTR_TCP_FLAGS, (u8)ntohs(tcp_flags)))
829 /* Called with ovs_mutex or RCU read lock. */
830 static int ovs_flow_cmd_fill_actions(const struct sw_flow *flow,
831 struct sk_buff *skb, int skb_orig_len)
833 struct nlattr *start;
836 /* If OVS_FLOW_ATTR_ACTIONS doesn't fit, skip dumping the actions if
837 * this is the first flow to be dumped into 'skb'. This is unusual for
838 * Netlink but individual action lists can be longer than
839 * NLMSG_GOODSIZE and thus entirely undumpable if we didn't do this.
840 * The userspace caller can always fetch the actions separately if it
841 * really wants them. (Most userspace callers in fact don't care.)
843 * This can only fail for dump operations because the skb is always
844 * properly sized for single flows.
846 start = nla_nest_start_noflag(skb, OVS_FLOW_ATTR_ACTIONS);
848 const struct sw_flow_actions *sf_acts;
850 sf_acts = rcu_dereference_ovsl(flow->sf_acts);
851 err = ovs_nla_put_actions(sf_acts->actions,
852 sf_acts->actions_len, skb);
855 nla_nest_end(skb, start);
860 nla_nest_cancel(skb, start);
862 } else if (skb_orig_len) {
869 /* Called with ovs_mutex or RCU read lock. */
870 static int ovs_flow_cmd_fill_info(const struct sw_flow *flow, int dp_ifindex,
871 struct sk_buff *skb, u32 portid,
872 u32 seq, u32 flags, u8 cmd, u32 ufid_flags)
874 const int skb_orig_len = skb->len;
875 struct ovs_header *ovs_header;
878 ovs_header = genlmsg_put(skb, portid, seq, &dp_flow_genl_family,
883 ovs_header->dp_ifindex = dp_ifindex;
885 err = ovs_nla_put_identifier(flow, skb);
889 if (should_fill_key(&flow->id, ufid_flags)) {
890 err = ovs_nla_put_masked_key(flow, skb);
895 if (should_fill_mask(ufid_flags)) {
896 err = ovs_nla_put_mask(flow, skb);
901 err = ovs_flow_cmd_fill_stats(flow, skb);
905 if (should_fill_actions(ufid_flags)) {
906 err = ovs_flow_cmd_fill_actions(flow, skb, skb_orig_len);
911 genlmsg_end(skb, ovs_header);
915 genlmsg_cancel(skb, ovs_header);
919 /* May not be called with RCU read lock. */
920 static struct sk_buff *ovs_flow_cmd_alloc_info(const struct sw_flow_actions *acts,
921 const struct sw_flow_id *sfid,
922 struct genl_info *info,
929 if (!always && !ovs_must_notify(&dp_flow_genl_family, info, 0))
932 len = ovs_flow_cmd_msg_size(acts, sfid, ufid_flags);
933 skb = genlmsg_new(len, GFP_KERNEL);
935 return ERR_PTR(-ENOMEM);
940 /* Called with ovs_mutex. */
941 static struct sk_buff *ovs_flow_cmd_build_info(const struct sw_flow *flow,
943 struct genl_info *info, u8 cmd,
944 bool always, u32 ufid_flags)
949 skb = ovs_flow_cmd_alloc_info(ovsl_dereference(flow->sf_acts),
950 &flow->id, info, always, ufid_flags);
951 if (IS_ERR_OR_NULL(skb))
954 retval = ovs_flow_cmd_fill_info(flow, dp_ifindex, skb,
955 info->snd_portid, info->snd_seq, 0,
957 if (WARN_ON_ONCE(retval < 0)) {
959 skb = ERR_PTR(retval);
964 static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
966 struct net *net = sock_net(skb->sk);
967 struct nlattr **a = info->attrs;
968 struct ovs_header *ovs_header = info->userhdr;
969 struct sw_flow *flow = NULL, *new_flow;
970 struct sw_flow_mask mask;
971 struct sk_buff *reply;
973 struct sw_flow_key *key;
974 struct sw_flow_actions *acts;
975 struct sw_flow_match match;
976 u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
978 bool log = !a[OVS_FLOW_ATTR_PROBE];
980 /* Must have key and actions. */
982 if (!a[OVS_FLOW_ATTR_KEY]) {
983 OVS_NLERR(log, "Flow key attr not present in new flow.");
986 if (!a[OVS_FLOW_ATTR_ACTIONS]) {
987 OVS_NLERR(log, "Flow actions attr not present in new flow.");
991 /* Most of the time we need to allocate a new flow, do it before
994 new_flow = ovs_flow_alloc();
995 if (IS_ERR(new_flow)) {
996 error = PTR_ERR(new_flow);
1001 key = kzalloc(sizeof(*key), GFP_KERNEL);
1004 goto err_kfree_flow;
1007 ovs_match_init(&match, key, false, &mask);
1008 error = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY],
1009 a[OVS_FLOW_ATTR_MASK], log);
1013 ovs_flow_mask_key(&new_flow->key, key, true, &mask);
1015 /* Extract flow identifier. */
1016 error = ovs_nla_get_identifier(&new_flow->id, a[OVS_FLOW_ATTR_UFID],
1021 /* Validate actions. */
1022 error = ovs_nla_copy_actions(net, a[OVS_FLOW_ATTR_ACTIONS],
1023 &new_flow->key, &acts, log);
1025 OVS_NLERR(log, "Flow actions may not be safe on all matching packets.");
1029 reply = ovs_flow_cmd_alloc_info(acts, &new_flow->id, info, false,
1031 if (IS_ERR(reply)) {
1032 error = PTR_ERR(reply);
1033 goto err_kfree_acts;
1037 dp = get_dp(net, ovs_header->dp_ifindex);
1038 if (unlikely(!dp)) {
1040 goto err_unlock_ovs;
1043 /* Check if this is a duplicate flow */
1044 if (ovs_identifier_is_ufid(&new_flow->id))
1045 flow = ovs_flow_tbl_lookup_ufid(&dp->table, &new_flow->id);
1047 flow = ovs_flow_tbl_lookup(&dp->table, key);
1048 if (likely(!flow)) {
1049 rcu_assign_pointer(new_flow->sf_acts, acts);
1051 /* Put flow in bucket. */
1052 error = ovs_flow_tbl_insert(&dp->table, new_flow, &mask);
1053 if (unlikely(error)) {
1055 goto err_unlock_ovs;
1058 if (unlikely(reply)) {
1059 error = ovs_flow_cmd_fill_info(new_flow,
1060 ovs_header->dp_ifindex,
1061 reply, info->snd_portid,
1069 struct sw_flow_actions *old_acts;
1071 /* Bail out if we're not allowed to modify an existing flow.
1072 * We accept NLM_F_CREATE in place of the intended NLM_F_EXCL
1073 * because Generic Netlink treats the latter as a dump
1074 * request. We also accept NLM_F_EXCL in case that bug ever
1077 if (unlikely(info->nlhdr->nlmsg_flags & (NLM_F_CREATE
1080 goto err_unlock_ovs;
1082 /* The flow identifier has to be the same for flow updates.
1083 * Look for any overlapping flow.
1085 if (unlikely(!ovs_flow_cmp(flow, &match))) {
1086 if (ovs_identifier_is_key(&flow->id))
1087 flow = ovs_flow_tbl_lookup_exact(&dp->table,
1089 else /* UFID matches but key is different */
1093 goto err_unlock_ovs;
1096 /* Update actions. */
1097 old_acts = ovsl_dereference(flow->sf_acts);
1098 rcu_assign_pointer(flow->sf_acts, acts);
1100 if (unlikely(reply)) {
1101 error = ovs_flow_cmd_fill_info(flow,
1102 ovs_header->dp_ifindex,
1103 reply, info->snd_portid,
1111 ovs_nla_free_flow_actions_rcu(old_acts);
1112 ovs_flow_free(new_flow, false);
1116 ovs_notify(&dp_flow_genl_family, reply, info);
1125 ovs_nla_free_flow_actions(acts);
1129 ovs_flow_free(new_flow, false);
1134 /* Factor out action copy to avoid "Wframe-larger-than=1024" warning. */
1135 static noinline_for_stack
1136 struct sw_flow_actions *get_flow_actions(struct net *net,
1137 const struct nlattr *a,
1138 const struct sw_flow_key *key,
1139 const struct sw_flow_mask *mask,
1142 struct sw_flow_actions *acts;
1143 struct sw_flow_key masked_key;
1146 ovs_flow_mask_key(&masked_key, key, true, mask);
1147 error = ovs_nla_copy_actions(net, a, &masked_key, &acts, log);
1150 "Actions may not be safe on all matching packets");
1151 return ERR_PTR(error);
1157 /* Factor out match-init and action-copy to avoid
1158 * "Wframe-larger-than=1024" warning. Because mask is only
1159 * used to get actions, we new a function to save some
1162 * If there are not key and action attrs, we return 0
1163 * directly. In the case, the caller will also not use the
1164 * match as before. If there is action attr, we try to get
1165 * actions and save them to *acts. Before returning from
1166 * the function, we reset the match->mask pointer. Because
1167 * we should not to return match object with dangling reference
1170 static noinline_for_stack int
1171 ovs_nla_init_match_and_action(struct net *net,
1172 struct sw_flow_match *match,
1173 struct sw_flow_key *key,
1175 struct sw_flow_actions **acts,
1178 struct sw_flow_mask mask;
1181 if (a[OVS_FLOW_ATTR_KEY]) {
1182 ovs_match_init(match, key, true, &mask);
1183 error = ovs_nla_get_match(net, match, a[OVS_FLOW_ATTR_KEY],
1184 a[OVS_FLOW_ATTR_MASK], log);
1189 if (a[OVS_FLOW_ATTR_ACTIONS]) {
1190 if (!a[OVS_FLOW_ATTR_KEY]) {
1192 "Flow key attribute not present in set flow.");
1197 *acts = get_flow_actions(net, a[OVS_FLOW_ATTR_ACTIONS], key,
1199 if (IS_ERR(*acts)) {
1200 error = PTR_ERR(*acts);
1205 /* On success, error is 0. */
1211 static int ovs_flow_cmd_set(struct sk_buff *skb, struct genl_info *info)
1213 struct net *net = sock_net(skb->sk);
1214 struct nlattr **a = info->attrs;
1215 struct ovs_header *ovs_header = info->userhdr;
1216 struct sw_flow_key key;
1217 struct sw_flow *flow;
1218 struct sk_buff *reply = NULL;
1219 struct datapath *dp;
1220 struct sw_flow_actions *old_acts = NULL, *acts = NULL;
1221 struct sw_flow_match match;
1222 struct sw_flow_id sfid;
1223 u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
1225 bool log = !a[OVS_FLOW_ATTR_PROBE];
1228 ufid_present = ovs_nla_get_ufid(&sfid, a[OVS_FLOW_ATTR_UFID], log);
1229 if (!a[OVS_FLOW_ATTR_KEY] && !ufid_present) {
1231 "Flow set message rejected, Key attribute missing.");
1235 error = ovs_nla_init_match_and_action(net, &match, &key, a,
1241 /* Can allocate before locking if have acts. */
1242 reply = ovs_flow_cmd_alloc_info(acts, &sfid, info, false,
1244 if (IS_ERR(reply)) {
1245 error = PTR_ERR(reply);
1246 goto err_kfree_acts;
1251 dp = get_dp(net, ovs_header->dp_ifindex);
1252 if (unlikely(!dp)) {
1254 goto err_unlock_ovs;
1256 /* Check that the flow exists. */
1258 flow = ovs_flow_tbl_lookup_ufid(&dp->table, &sfid);
1260 flow = ovs_flow_tbl_lookup_exact(&dp->table, &match);
1261 if (unlikely(!flow)) {
1263 goto err_unlock_ovs;
1266 /* Update actions, if present. */
1268 old_acts = ovsl_dereference(flow->sf_acts);
1269 rcu_assign_pointer(flow->sf_acts, acts);
1271 if (unlikely(reply)) {
1272 error = ovs_flow_cmd_fill_info(flow,
1273 ovs_header->dp_ifindex,
1274 reply, info->snd_portid,
1281 /* Could not alloc without acts before locking. */
1282 reply = ovs_flow_cmd_build_info(flow, ovs_header->dp_ifindex,
1283 info, OVS_FLOW_CMD_SET, false,
1286 if (IS_ERR(reply)) {
1287 error = PTR_ERR(reply);
1288 goto err_unlock_ovs;
1293 if (a[OVS_FLOW_ATTR_CLEAR])
1294 ovs_flow_stats_clear(flow);
1298 ovs_notify(&dp_flow_genl_family, reply, info);
1300 ovs_nla_free_flow_actions_rcu(old_acts);
1308 ovs_nla_free_flow_actions(acts);
1313 static int ovs_flow_cmd_get(struct sk_buff *skb, struct genl_info *info)
1315 struct nlattr **a = info->attrs;
1316 struct ovs_header *ovs_header = info->userhdr;
1317 struct net *net = sock_net(skb->sk);
1318 struct sw_flow_key key;
1319 struct sk_buff *reply;
1320 struct sw_flow *flow;
1321 struct datapath *dp;
1322 struct sw_flow_match match;
1323 struct sw_flow_id ufid;
1324 u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
1326 bool log = !a[OVS_FLOW_ATTR_PROBE];
1329 ufid_present = ovs_nla_get_ufid(&ufid, a[OVS_FLOW_ATTR_UFID], log);
1330 if (a[OVS_FLOW_ATTR_KEY]) {
1331 ovs_match_init(&match, &key, true, NULL);
1332 err = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY], NULL,
1334 } else if (!ufid_present) {
1336 "Flow get message rejected, Key attribute missing.");
1343 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1350 flow = ovs_flow_tbl_lookup_ufid(&dp->table, &ufid);
1352 flow = ovs_flow_tbl_lookup_exact(&dp->table, &match);
1358 reply = ovs_flow_cmd_build_info(flow, ovs_header->dp_ifindex, info,
1359 OVS_FLOW_CMD_GET, true, ufid_flags);
1360 if (IS_ERR(reply)) {
1361 err = PTR_ERR(reply);
1366 return genlmsg_reply(reply, info);
1372 static int ovs_flow_cmd_del(struct sk_buff *skb, struct genl_info *info)
1374 struct nlattr **a = info->attrs;
1375 struct ovs_header *ovs_header = info->userhdr;
1376 struct net *net = sock_net(skb->sk);
1377 struct sw_flow_key key;
1378 struct sk_buff *reply;
1379 struct sw_flow *flow = NULL;
1380 struct datapath *dp;
1381 struct sw_flow_match match;
1382 struct sw_flow_id ufid;
1383 u32 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
1385 bool log = !a[OVS_FLOW_ATTR_PROBE];
1388 ufid_present = ovs_nla_get_ufid(&ufid, a[OVS_FLOW_ATTR_UFID], log);
1389 if (a[OVS_FLOW_ATTR_KEY]) {
1390 ovs_match_init(&match, &key, true, NULL);
1391 err = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY],
1398 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
1399 if (unlikely(!dp)) {
1404 if (unlikely(!a[OVS_FLOW_ATTR_KEY] && !ufid_present)) {
1405 err = ovs_flow_tbl_flush(&dp->table);
1410 flow = ovs_flow_tbl_lookup_ufid(&dp->table, &ufid);
1412 flow = ovs_flow_tbl_lookup_exact(&dp->table, &match);
1413 if (unlikely(!flow)) {
1418 ovs_flow_tbl_remove(&dp->table, flow);
1421 reply = ovs_flow_cmd_alloc_info((const struct sw_flow_actions __force *) flow->sf_acts,
1422 &flow->id, info, false, ufid_flags);
1423 if (likely(reply)) {
1424 if (!IS_ERR(reply)) {
1425 rcu_read_lock(); /*To keep RCU checker happy. */
1426 err = ovs_flow_cmd_fill_info(flow, ovs_header->dp_ifindex,
1427 reply, info->snd_portid,
1432 if (WARN_ON_ONCE(err < 0)) {
1437 ovs_notify(&dp_flow_genl_family, reply, info);
1439 netlink_set_err(sock_net(skb->sk)->genl_sock, 0, 0,
1445 ovs_flow_free(flow, true);
1452 static int ovs_flow_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
1454 struct nlattr *a[__OVS_FLOW_ATTR_MAX];
1455 struct ovs_header *ovs_header = genlmsg_data(nlmsg_data(cb->nlh));
1456 struct table_instance *ti;
1457 struct datapath *dp;
1461 err = genlmsg_parse_deprecated(cb->nlh, &dp_flow_genl_family, a,
1462 OVS_FLOW_ATTR_MAX, flow_policy, NULL);
1465 ufid_flags = ovs_nla_get_ufid_flags(a[OVS_FLOW_ATTR_UFID_FLAGS]);
1468 dp = get_dp_rcu(sock_net(skb->sk), ovs_header->dp_ifindex);
1474 ti = rcu_dereference(dp->table.ti);
1476 struct sw_flow *flow;
1479 bucket = cb->args[0];
1481 flow = ovs_flow_tbl_dump_next(ti, &bucket, &obj);
1485 if (ovs_flow_cmd_fill_info(flow, ovs_header->dp_ifindex, skb,
1486 NETLINK_CB(cb->skb).portid,
1487 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1488 OVS_FLOW_CMD_GET, ufid_flags) < 0)
1491 cb->args[0] = bucket;
1498 static const struct nla_policy flow_policy[OVS_FLOW_ATTR_MAX + 1] = {
1499 [OVS_FLOW_ATTR_KEY] = { .type = NLA_NESTED },
1500 [OVS_FLOW_ATTR_MASK] = { .type = NLA_NESTED },
1501 [OVS_FLOW_ATTR_ACTIONS] = { .type = NLA_NESTED },
1502 [OVS_FLOW_ATTR_CLEAR] = { .type = NLA_FLAG },
1503 [OVS_FLOW_ATTR_PROBE] = { .type = NLA_FLAG },
1504 [OVS_FLOW_ATTR_UFID] = { .type = NLA_UNSPEC, .len = 1 },
1505 [OVS_FLOW_ATTR_UFID_FLAGS] = { .type = NLA_U32 },
1508 static const struct genl_small_ops dp_flow_genl_ops[] = {
1509 { .cmd = OVS_FLOW_CMD_NEW,
1510 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
1511 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1512 .doit = ovs_flow_cmd_new
1514 { .cmd = OVS_FLOW_CMD_DEL,
1515 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
1516 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1517 .doit = ovs_flow_cmd_del
1519 { .cmd = OVS_FLOW_CMD_GET,
1520 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
1521 .flags = 0, /* OK for unprivileged users. */
1522 .doit = ovs_flow_cmd_get,
1523 .dumpit = ovs_flow_cmd_dump
1525 { .cmd = OVS_FLOW_CMD_SET,
1526 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
1527 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
1528 .doit = ovs_flow_cmd_set,
1532 static struct genl_family dp_flow_genl_family __ro_after_init = {
1533 .hdrsize = sizeof(struct ovs_header),
1534 .name = OVS_FLOW_FAMILY,
1535 .version = OVS_FLOW_VERSION,
1536 .maxattr = OVS_FLOW_ATTR_MAX,
1537 .policy = flow_policy,
1539 .parallel_ops = true,
1540 .small_ops = dp_flow_genl_ops,
1541 .n_small_ops = ARRAY_SIZE(dp_flow_genl_ops),
1542 .resv_start_op = OVS_FLOW_CMD_SET + 1,
1543 .mcgrps = &ovs_dp_flow_multicast_group,
1545 .module = THIS_MODULE,
1548 static size_t ovs_dp_cmd_msg_size(void)
1550 size_t msgsize = NLMSG_ALIGN(sizeof(struct ovs_header));
1552 msgsize += nla_total_size(IFNAMSIZ);
1553 msgsize += nla_total_size_64bit(sizeof(struct ovs_dp_stats));
1554 msgsize += nla_total_size_64bit(sizeof(struct ovs_dp_megaflow_stats));
1555 msgsize += nla_total_size(sizeof(u32)); /* OVS_DP_ATTR_USER_FEATURES */
1556 msgsize += nla_total_size(sizeof(u32)); /* OVS_DP_ATTR_MASKS_CACHE_SIZE */
1557 msgsize += nla_total_size(sizeof(u32) * nr_cpu_ids); /* OVS_DP_ATTR_PER_CPU_PIDS */
1562 /* Called with ovs_mutex. */
1563 static int ovs_dp_cmd_fill_info(struct datapath *dp, struct sk_buff *skb,
1564 u32 portid, u32 seq, u32 flags, u8 cmd)
1566 struct ovs_header *ovs_header;
1567 struct ovs_dp_stats dp_stats;
1568 struct ovs_dp_megaflow_stats dp_megaflow_stats;
1569 struct dp_nlsk_pids *pids = ovsl_dereference(dp->upcall_portids);
1572 ovs_header = genlmsg_put(skb, portid, seq, &dp_datapath_genl_family,
1577 ovs_header->dp_ifindex = get_dpifindex(dp);
1579 err = nla_put_string(skb, OVS_DP_ATTR_NAME, ovs_dp_name(dp));
1581 goto nla_put_failure;
1583 get_dp_stats(dp, &dp_stats, &dp_megaflow_stats);
1584 if (nla_put_64bit(skb, OVS_DP_ATTR_STATS, sizeof(struct ovs_dp_stats),
1585 &dp_stats, OVS_DP_ATTR_PAD))
1586 goto nla_put_failure;
1588 if (nla_put_64bit(skb, OVS_DP_ATTR_MEGAFLOW_STATS,
1589 sizeof(struct ovs_dp_megaflow_stats),
1590 &dp_megaflow_stats, OVS_DP_ATTR_PAD))
1591 goto nla_put_failure;
1593 if (nla_put_u32(skb, OVS_DP_ATTR_USER_FEATURES, dp->user_features))
1594 goto nla_put_failure;
1596 if (nla_put_u32(skb, OVS_DP_ATTR_MASKS_CACHE_SIZE,
1597 ovs_flow_tbl_masks_cache_size(&dp->table)))
1598 goto nla_put_failure;
1600 if (dp->user_features & OVS_DP_F_DISPATCH_UPCALL_PER_CPU && pids) {
1601 pids_len = min(pids->n_pids, nr_cpu_ids) * sizeof(u32);
1602 if (nla_put(skb, OVS_DP_ATTR_PER_CPU_PIDS, pids_len, &pids->pids))
1603 goto nla_put_failure;
1606 genlmsg_end(skb, ovs_header);
1610 genlmsg_cancel(skb, ovs_header);
1615 static struct sk_buff *ovs_dp_cmd_alloc_info(void)
1617 return genlmsg_new(ovs_dp_cmd_msg_size(), GFP_KERNEL);
1620 /* Called with rcu_read_lock or ovs_mutex. */
1621 static struct datapath *lookup_datapath(struct net *net,
1622 const struct ovs_header *ovs_header,
1623 struct nlattr *a[OVS_DP_ATTR_MAX + 1])
1625 struct datapath *dp;
1627 if (!a[OVS_DP_ATTR_NAME])
1628 dp = get_dp(net, ovs_header->dp_ifindex);
1630 struct vport *vport;
1632 vport = ovs_vport_locate(net, nla_data(a[OVS_DP_ATTR_NAME]));
1633 dp = vport && vport->port_no == OVSP_LOCAL ? vport->dp : NULL;
1635 return dp ? dp : ERR_PTR(-ENODEV);
1638 static void ovs_dp_reset_user_features(struct sk_buff *skb,
1639 struct genl_info *info)
1641 struct datapath *dp;
1643 dp = lookup_datapath(sock_net(skb->sk), info->userhdr,
1648 pr_warn("%s: Dropping previously announced user features\n",
1650 dp->user_features = 0;
1653 static int ovs_dp_set_upcall_portids(struct datapath *dp,
1654 const struct nlattr *ids)
1656 struct dp_nlsk_pids *old, *dp_nlsk_pids;
1658 if (!nla_len(ids) || nla_len(ids) % sizeof(u32))
1661 old = ovsl_dereference(dp->upcall_portids);
1663 dp_nlsk_pids = kmalloc(sizeof(*dp_nlsk_pids) + nla_len(ids),
1668 dp_nlsk_pids->n_pids = nla_len(ids) / sizeof(u32);
1669 nla_memcpy(dp_nlsk_pids->pids, ids, nla_len(ids));
1671 rcu_assign_pointer(dp->upcall_portids, dp_nlsk_pids);
1673 kfree_rcu(old, rcu);
1678 u32 ovs_dp_get_upcall_portid(const struct datapath *dp, uint32_t cpu_id)
1680 struct dp_nlsk_pids *dp_nlsk_pids;
1682 dp_nlsk_pids = rcu_dereference(dp->upcall_portids);
1685 if (cpu_id < dp_nlsk_pids->n_pids) {
1686 return dp_nlsk_pids->pids[cpu_id];
1687 } else if (dp_nlsk_pids->n_pids > 0 &&
1688 cpu_id >= dp_nlsk_pids->n_pids) {
1689 /* If the number of netlink PIDs is mismatched with
1690 * the number of CPUs as seen by the kernel, log this
1691 * and send the upcall to an arbitrary socket (0) in
1692 * order to not drop packets
1694 pr_info_ratelimited("cpu_id mismatch with handler threads");
1695 return dp_nlsk_pids->pids[cpu_id %
1696 dp_nlsk_pids->n_pids];
1705 static int ovs_dp_change(struct datapath *dp, struct nlattr *a[])
1707 u32 user_features = 0, old_features = dp->user_features;
1710 if (a[OVS_DP_ATTR_USER_FEATURES]) {
1711 user_features = nla_get_u32(a[OVS_DP_ATTR_USER_FEATURES]);
1713 if (user_features & ~(OVS_DP_F_VPORT_PIDS |
1714 OVS_DP_F_UNALIGNED |
1715 OVS_DP_F_TC_RECIRC_SHARING |
1716 OVS_DP_F_DISPATCH_UPCALL_PER_CPU))
1719 #if !IS_ENABLED(CONFIG_NET_TC_SKB_EXT)
1720 if (user_features & OVS_DP_F_TC_RECIRC_SHARING)
1725 if (a[OVS_DP_ATTR_MASKS_CACHE_SIZE]) {
1729 cache_size = nla_get_u32(a[OVS_DP_ATTR_MASKS_CACHE_SIZE]);
1730 err = ovs_flow_tbl_masks_cache_resize(&dp->table, cache_size);
1735 dp->user_features = user_features;
1737 if (dp->user_features & OVS_DP_F_DISPATCH_UPCALL_PER_CPU &&
1738 a[OVS_DP_ATTR_PER_CPU_PIDS]) {
1739 /* Upcall Netlink Port IDs have been updated */
1740 err = ovs_dp_set_upcall_portids(dp,
1741 a[OVS_DP_ATTR_PER_CPU_PIDS]);
1746 if ((dp->user_features & OVS_DP_F_TC_RECIRC_SHARING) &&
1747 !(old_features & OVS_DP_F_TC_RECIRC_SHARING))
1748 tc_skb_ext_tc_enable();
1749 else if (!(dp->user_features & OVS_DP_F_TC_RECIRC_SHARING) &&
1750 (old_features & OVS_DP_F_TC_RECIRC_SHARING))
1751 tc_skb_ext_tc_disable();
1756 static int ovs_dp_stats_init(struct datapath *dp)
1758 dp->stats_percpu = netdev_alloc_pcpu_stats(struct dp_stats_percpu);
1759 if (!dp->stats_percpu)
1765 static int ovs_dp_vport_init(struct datapath *dp)
1769 dp->ports = kmalloc_array(DP_VPORT_HASH_BUCKETS,
1770 sizeof(struct hlist_head),
1775 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++)
1776 INIT_HLIST_HEAD(&dp->ports[i]);
1781 static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info)
1783 struct nlattr **a = info->attrs;
1784 struct vport_parms parms;
1785 struct sk_buff *reply;
1786 struct datapath *dp;
1787 struct vport *vport;
1788 struct ovs_net *ovs_net;
1792 if (!a[OVS_DP_ATTR_NAME] || !a[OVS_DP_ATTR_UPCALL_PID])
1795 reply = ovs_dp_cmd_alloc_info();
1800 dp = kzalloc(sizeof(*dp), GFP_KERNEL);
1802 goto err_destroy_reply;
1804 ovs_dp_set_net(dp, sock_net(skb->sk));
1806 /* Allocate table. */
1807 err = ovs_flow_tbl_init(&dp->table);
1809 goto err_destroy_dp;
1811 err = ovs_dp_stats_init(dp);
1813 goto err_destroy_table;
1815 err = ovs_dp_vport_init(dp);
1817 goto err_destroy_stats;
1819 err = ovs_meters_init(dp);
1821 goto err_destroy_ports;
1823 /* Set up our datapath device. */
1824 parms.name = nla_data(a[OVS_DP_ATTR_NAME]);
1825 parms.type = OVS_VPORT_TYPE_INTERNAL;
1826 parms.options = NULL;
1828 parms.port_no = OVSP_LOCAL;
1829 parms.upcall_portids = a[OVS_DP_ATTR_UPCALL_PID];
1830 parms.desired_ifindex = a[OVS_DP_ATTR_IFINDEX]
1831 ? nla_get_u32(a[OVS_DP_ATTR_IFINDEX]) : 0;
1833 /* So far only local changes have been made, now need the lock. */
1836 err = ovs_dp_change(dp, a);
1838 goto err_unlock_and_destroy_meters;
1840 vport = new_vport(&parms);
1841 if (IS_ERR(vport)) {
1842 err = PTR_ERR(vport);
1846 if (err == -EEXIST) {
1847 /* An outdated user space instance that does not understand
1848 * the concept of user_features has attempted to create a new
1849 * datapath and is likely to reuse it. Drop all user features.
1851 if (info->genlhdr->version < OVS_DP_VER_FEATURES)
1852 ovs_dp_reset_user_features(skb, info);
1855 goto err_destroy_portids;
1858 err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
1859 info->snd_seq, 0, OVS_DP_CMD_NEW);
1862 ovs_net = net_generic(ovs_dp_get_net(dp), ovs_net_id);
1863 list_add_tail_rcu(&dp->list_node, &ovs_net->dps);
1867 ovs_notify(&dp_datapath_genl_family, reply, info);
1870 err_destroy_portids:
1871 kfree(rcu_dereference_raw(dp->upcall_portids));
1872 err_unlock_and_destroy_meters:
1874 ovs_meters_exit(dp);
1878 free_percpu(dp->stats_percpu);
1880 ovs_flow_tbl_destroy(&dp->table);
1889 /* Called with ovs_mutex. */
1890 static void __dp_destroy(struct datapath *dp)
1892 struct flow_table *table = &dp->table;
1895 if (dp->user_features & OVS_DP_F_TC_RECIRC_SHARING)
1896 tc_skb_ext_tc_disable();
1898 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) {
1899 struct vport *vport;
1900 struct hlist_node *n;
1902 hlist_for_each_entry_safe(vport, n, &dp->ports[i], dp_hash_node)
1903 if (vport->port_no != OVSP_LOCAL)
1904 ovs_dp_detach_port(vport);
1907 list_del_rcu(&dp->list_node);
1909 /* OVSP_LOCAL is datapath internal port. We need to make sure that
1910 * all ports in datapath are destroyed first before freeing datapath.
1912 ovs_dp_detach_port(ovs_vport_ovsl(dp, OVSP_LOCAL));
1914 /* Flush sw_flow in the tables. RCU cb only releases resource
1915 * such as dp, ports and tables. That may avoid some issues
1916 * such as RCU usage warning.
1918 table_instance_flow_flush(table, ovsl_dereference(table->ti),
1919 ovsl_dereference(table->ufid_ti));
1921 /* RCU destroy the ports, meters and flow tables. */
1922 call_rcu(&dp->rcu, destroy_dp_rcu);
1925 static int ovs_dp_cmd_del(struct sk_buff *skb, struct genl_info *info)
1927 struct sk_buff *reply;
1928 struct datapath *dp;
1931 reply = ovs_dp_cmd_alloc_info();
1936 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
1939 goto err_unlock_free;
1941 err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
1942 info->snd_seq, 0, OVS_DP_CMD_DEL);
1948 ovs_notify(&dp_datapath_genl_family, reply, info);
1958 static int ovs_dp_cmd_set(struct sk_buff *skb, struct genl_info *info)
1960 struct sk_buff *reply;
1961 struct datapath *dp;
1964 reply = ovs_dp_cmd_alloc_info();
1969 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
1972 goto err_unlock_free;
1974 err = ovs_dp_change(dp, info->attrs);
1976 goto err_unlock_free;
1978 err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
1979 info->snd_seq, 0, OVS_DP_CMD_SET);
1983 ovs_notify(&dp_datapath_genl_family, reply, info);
1993 static int ovs_dp_cmd_get(struct sk_buff *skb, struct genl_info *info)
1995 struct sk_buff *reply;
1996 struct datapath *dp;
1999 reply = ovs_dp_cmd_alloc_info();
2004 dp = lookup_datapath(sock_net(skb->sk), info->userhdr, info->attrs);
2007 goto err_unlock_free;
2009 err = ovs_dp_cmd_fill_info(dp, reply, info->snd_portid,
2010 info->snd_seq, 0, OVS_DP_CMD_GET);
2014 return genlmsg_reply(reply, info);
2022 static int ovs_dp_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
2024 struct ovs_net *ovs_net = net_generic(sock_net(skb->sk), ovs_net_id);
2025 struct datapath *dp;
2026 int skip = cb->args[0];
2030 list_for_each_entry(dp, &ovs_net->dps, list_node) {
2032 ovs_dp_cmd_fill_info(dp, skb, NETLINK_CB(cb->skb).portid,
2033 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2034 OVS_DP_CMD_GET) < 0)
2045 static const struct nla_policy datapath_policy[OVS_DP_ATTR_MAX + 1] = {
2046 [OVS_DP_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
2047 [OVS_DP_ATTR_UPCALL_PID] = { .type = NLA_U32 },
2048 [OVS_DP_ATTR_USER_FEATURES] = { .type = NLA_U32 },
2049 [OVS_DP_ATTR_MASKS_CACHE_SIZE] = NLA_POLICY_RANGE(NLA_U32, 0,
2050 PCPU_MIN_UNIT_SIZE / sizeof(struct mask_cache_entry)),
2051 [OVS_DP_ATTR_IFINDEX] = {.type = NLA_U32 },
2054 static const struct genl_small_ops dp_datapath_genl_ops[] = {
2055 { .cmd = OVS_DP_CMD_NEW,
2056 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
2057 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2058 .doit = ovs_dp_cmd_new
2060 { .cmd = OVS_DP_CMD_DEL,
2061 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
2062 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2063 .doit = ovs_dp_cmd_del
2065 { .cmd = OVS_DP_CMD_GET,
2066 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
2067 .flags = 0, /* OK for unprivileged users. */
2068 .doit = ovs_dp_cmd_get,
2069 .dumpit = ovs_dp_cmd_dump
2071 { .cmd = OVS_DP_CMD_SET,
2072 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
2073 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2074 .doit = ovs_dp_cmd_set,
2078 static struct genl_family dp_datapath_genl_family __ro_after_init = {
2079 .hdrsize = sizeof(struct ovs_header),
2080 .name = OVS_DATAPATH_FAMILY,
2081 .version = OVS_DATAPATH_VERSION,
2082 .maxattr = OVS_DP_ATTR_MAX,
2083 .policy = datapath_policy,
2085 .parallel_ops = true,
2086 .small_ops = dp_datapath_genl_ops,
2087 .n_small_ops = ARRAY_SIZE(dp_datapath_genl_ops),
2088 .resv_start_op = OVS_DP_CMD_SET + 1,
2089 .mcgrps = &ovs_dp_datapath_multicast_group,
2091 .module = THIS_MODULE,
2094 /* Called with ovs_mutex or RCU read lock. */
2095 static int ovs_vport_cmd_fill_info(struct vport *vport, struct sk_buff *skb,
2096 struct net *net, u32 portid, u32 seq,
2097 u32 flags, u8 cmd, gfp_t gfp)
2099 struct ovs_header *ovs_header;
2100 struct ovs_vport_stats vport_stats;
2103 ovs_header = genlmsg_put(skb, portid, seq, &dp_vport_genl_family,
2108 ovs_header->dp_ifindex = get_dpifindex(vport->dp);
2110 if (nla_put_u32(skb, OVS_VPORT_ATTR_PORT_NO, vport->port_no) ||
2111 nla_put_u32(skb, OVS_VPORT_ATTR_TYPE, vport->ops->type) ||
2112 nla_put_string(skb, OVS_VPORT_ATTR_NAME,
2113 ovs_vport_name(vport)) ||
2114 nla_put_u32(skb, OVS_VPORT_ATTR_IFINDEX, vport->dev->ifindex))
2115 goto nla_put_failure;
2117 if (!net_eq(net, dev_net(vport->dev))) {
2118 int id = peernet2id_alloc(net, dev_net(vport->dev), gfp);
2120 if (nla_put_s32(skb, OVS_VPORT_ATTR_NETNSID, id))
2121 goto nla_put_failure;
2124 ovs_vport_get_stats(vport, &vport_stats);
2125 if (nla_put_64bit(skb, OVS_VPORT_ATTR_STATS,
2126 sizeof(struct ovs_vport_stats), &vport_stats,
2127 OVS_VPORT_ATTR_PAD))
2128 goto nla_put_failure;
2130 if (ovs_vport_get_upcall_stats(vport, skb))
2131 goto nla_put_failure;
2133 if (ovs_vport_get_upcall_portids(vport, skb))
2134 goto nla_put_failure;
2136 err = ovs_vport_get_options(vport, skb);
2137 if (err == -EMSGSIZE)
2140 genlmsg_end(skb, ovs_header);
2146 genlmsg_cancel(skb, ovs_header);
2150 static struct sk_buff *ovs_vport_cmd_alloc_info(void)
2152 return nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2155 /* Called with ovs_mutex, only via ovs_dp_notify_wq(). */
2156 struct sk_buff *ovs_vport_cmd_build_info(struct vport *vport, struct net *net,
2157 u32 portid, u32 seq, u8 cmd)
2159 struct sk_buff *skb;
2162 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2164 return ERR_PTR(-ENOMEM);
2166 retval = ovs_vport_cmd_fill_info(vport, skb, net, portid, seq, 0, cmd,
2173 /* Called with ovs_mutex or RCU read lock. */
2174 static struct vport *lookup_vport(struct net *net,
2175 const struct ovs_header *ovs_header,
2176 struct nlattr *a[OVS_VPORT_ATTR_MAX + 1])
2178 struct datapath *dp;
2179 struct vport *vport;
2181 if (a[OVS_VPORT_ATTR_IFINDEX])
2182 return ERR_PTR(-EOPNOTSUPP);
2183 if (a[OVS_VPORT_ATTR_NAME]) {
2184 vport = ovs_vport_locate(net, nla_data(a[OVS_VPORT_ATTR_NAME]));
2186 return ERR_PTR(-ENODEV);
2187 if (ovs_header->dp_ifindex &&
2188 ovs_header->dp_ifindex != get_dpifindex(vport->dp))
2189 return ERR_PTR(-ENODEV);
2191 } else if (a[OVS_VPORT_ATTR_PORT_NO]) {
2192 u32 port_no = nla_get_u32(a[OVS_VPORT_ATTR_PORT_NO]);
2194 if (port_no >= DP_MAX_PORTS)
2195 return ERR_PTR(-EFBIG);
2197 dp = get_dp(net, ovs_header->dp_ifindex);
2199 return ERR_PTR(-ENODEV);
2201 vport = ovs_vport_ovsl_rcu(dp, port_no);
2203 return ERR_PTR(-ENODEV);
2206 return ERR_PTR(-EINVAL);
2210 static unsigned int ovs_get_max_headroom(struct datapath *dp)
2212 unsigned int dev_headroom, max_headroom = 0;
2213 struct net_device *dev;
2214 struct vport *vport;
2217 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) {
2218 hlist_for_each_entry_rcu(vport, &dp->ports[i], dp_hash_node,
2219 lockdep_ovsl_is_held()) {
2221 dev_headroom = netdev_get_fwd_headroom(dev);
2222 if (dev_headroom > max_headroom)
2223 max_headroom = dev_headroom;
2227 return max_headroom;
2230 /* Called with ovs_mutex */
2231 static void ovs_update_headroom(struct datapath *dp, unsigned int new_headroom)
2233 struct vport *vport;
2236 dp->max_headroom = new_headroom;
2237 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) {
2238 hlist_for_each_entry_rcu(vport, &dp->ports[i], dp_hash_node,
2239 lockdep_ovsl_is_held())
2240 netdev_set_rx_headroom(vport->dev, new_headroom);
2244 static int ovs_vport_cmd_new(struct sk_buff *skb, struct genl_info *info)
2246 struct nlattr **a = info->attrs;
2247 struct ovs_header *ovs_header = info->userhdr;
2248 struct vport_parms parms;
2249 struct sk_buff *reply;
2250 struct vport *vport;
2251 struct datapath *dp;
2252 unsigned int new_headroom;
2256 if (!a[OVS_VPORT_ATTR_NAME] || !a[OVS_VPORT_ATTR_TYPE] ||
2257 !a[OVS_VPORT_ATTR_UPCALL_PID])
2260 parms.type = nla_get_u32(a[OVS_VPORT_ATTR_TYPE]);
2262 if (a[OVS_VPORT_ATTR_IFINDEX] && parms.type != OVS_VPORT_TYPE_INTERNAL)
2265 port_no = a[OVS_VPORT_ATTR_PORT_NO]
2266 ? nla_get_u32(a[OVS_VPORT_ATTR_PORT_NO]) : 0;
2267 if (port_no >= DP_MAX_PORTS)
2270 reply = ovs_vport_cmd_alloc_info();
2276 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex);
2279 goto exit_unlock_free;
2282 vport = ovs_vport_ovsl(dp, port_no);
2285 goto exit_unlock_free;
2287 for (port_no = 1; ; port_no++) {
2288 if (port_no >= DP_MAX_PORTS) {
2290 goto exit_unlock_free;
2292 vport = ovs_vport_ovsl(dp, port_no);
2298 parms.name = nla_data(a[OVS_VPORT_ATTR_NAME]);
2299 parms.options = a[OVS_VPORT_ATTR_OPTIONS];
2301 parms.port_no = port_no;
2302 parms.upcall_portids = a[OVS_VPORT_ATTR_UPCALL_PID];
2303 parms.desired_ifindex = a[OVS_VPORT_ATTR_IFINDEX]
2304 ? nla_get_u32(a[OVS_VPORT_ATTR_IFINDEX]) : 0;
2306 vport = new_vport(&parms);
2307 err = PTR_ERR(vport);
2308 if (IS_ERR(vport)) {
2311 goto exit_unlock_free;
2314 err = ovs_vport_cmd_fill_info(vport, reply, genl_info_net(info),
2315 info->snd_portid, info->snd_seq, 0,
2316 OVS_VPORT_CMD_NEW, GFP_KERNEL);
2318 new_headroom = netdev_get_fwd_headroom(vport->dev);
2320 if (new_headroom > dp->max_headroom)
2321 ovs_update_headroom(dp, new_headroom);
2323 netdev_set_rx_headroom(vport->dev, dp->max_headroom);
2328 ovs_notify(&dp_vport_genl_family, reply, info);
2337 static int ovs_vport_cmd_set(struct sk_buff *skb, struct genl_info *info)
2339 struct nlattr **a = info->attrs;
2340 struct sk_buff *reply;
2341 struct vport *vport;
2344 reply = ovs_vport_cmd_alloc_info();
2349 vport = lookup_vport(sock_net(skb->sk), info->userhdr, a);
2350 err = PTR_ERR(vport);
2352 goto exit_unlock_free;
2354 if (a[OVS_VPORT_ATTR_TYPE] &&
2355 nla_get_u32(a[OVS_VPORT_ATTR_TYPE]) != vport->ops->type) {
2357 goto exit_unlock_free;
2360 if (a[OVS_VPORT_ATTR_OPTIONS]) {
2361 err = ovs_vport_set_options(vport, a[OVS_VPORT_ATTR_OPTIONS]);
2363 goto exit_unlock_free;
2367 if (a[OVS_VPORT_ATTR_UPCALL_PID]) {
2368 struct nlattr *ids = a[OVS_VPORT_ATTR_UPCALL_PID];
2370 err = ovs_vport_set_upcall_portids(vport, ids);
2372 goto exit_unlock_free;
2375 err = ovs_vport_cmd_fill_info(vport, reply, genl_info_net(info),
2376 info->snd_portid, info->snd_seq, 0,
2377 OVS_VPORT_CMD_SET, GFP_KERNEL);
2381 ovs_notify(&dp_vport_genl_family, reply, info);
2390 static int ovs_vport_cmd_del(struct sk_buff *skb, struct genl_info *info)
2392 bool update_headroom = false;
2393 struct nlattr **a = info->attrs;
2394 struct sk_buff *reply;
2395 struct datapath *dp;
2396 struct vport *vport;
2397 unsigned int new_headroom;
2400 reply = ovs_vport_cmd_alloc_info();
2405 vport = lookup_vport(sock_net(skb->sk), info->userhdr, a);
2406 err = PTR_ERR(vport);
2408 goto exit_unlock_free;
2410 if (vport->port_no == OVSP_LOCAL) {
2412 goto exit_unlock_free;
2415 err = ovs_vport_cmd_fill_info(vport, reply, genl_info_net(info),
2416 info->snd_portid, info->snd_seq, 0,
2417 OVS_VPORT_CMD_DEL, GFP_KERNEL);
2420 /* the vport deletion may trigger dp headroom update */
2422 if (netdev_get_fwd_headroom(vport->dev) == dp->max_headroom)
2423 update_headroom = true;
2425 netdev_reset_rx_headroom(vport->dev);
2426 ovs_dp_detach_port(vport);
2428 if (update_headroom) {
2429 new_headroom = ovs_get_max_headroom(dp);
2431 if (new_headroom < dp->max_headroom)
2432 ovs_update_headroom(dp, new_headroom);
2436 ovs_notify(&dp_vport_genl_family, reply, info);
2445 static int ovs_vport_cmd_get(struct sk_buff *skb, struct genl_info *info)
2447 struct nlattr **a = info->attrs;
2448 struct ovs_header *ovs_header = info->userhdr;
2449 struct sk_buff *reply;
2450 struct vport *vport;
2453 reply = ovs_vport_cmd_alloc_info();
2458 vport = lookup_vport(sock_net(skb->sk), ovs_header, a);
2459 err = PTR_ERR(vport);
2461 goto exit_unlock_free;
2462 err = ovs_vport_cmd_fill_info(vport, reply, genl_info_net(info),
2463 info->snd_portid, info->snd_seq, 0,
2464 OVS_VPORT_CMD_GET, GFP_ATOMIC);
2468 return genlmsg_reply(reply, info);
2476 static int ovs_vport_cmd_dump(struct sk_buff *skb, struct netlink_callback *cb)
2478 struct ovs_header *ovs_header = genlmsg_data(nlmsg_data(cb->nlh));
2479 struct datapath *dp;
2480 int bucket = cb->args[0], skip = cb->args[1];
2484 dp = get_dp_rcu(sock_net(skb->sk), ovs_header->dp_ifindex);
2489 for (i = bucket; i < DP_VPORT_HASH_BUCKETS; i++) {
2490 struct vport *vport;
2493 hlist_for_each_entry_rcu(vport, &dp->ports[i], dp_hash_node) {
2495 ovs_vport_cmd_fill_info(vport, skb,
2497 NETLINK_CB(cb->skb).portid,
2517 static void ovs_dp_masks_rebalance(struct work_struct *work)
2519 struct ovs_net *ovs_net = container_of(work, struct ovs_net,
2520 masks_rebalance.work);
2521 struct datapath *dp;
2525 list_for_each_entry(dp, &ovs_net->dps, list_node)
2526 ovs_flow_masks_rebalance(&dp->table);
2530 schedule_delayed_work(&ovs_net->masks_rebalance,
2531 msecs_to_jiffies(DP_MASKS_REBALANCE_INTERVAL));
2534 static const struct nla_policy vport_policy[OVS_VPORT_ATTR_MAX + 1] = {
2535 [OVS_VPORT_ATTR_NAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
2536 [OVS_VPORT_ATTR_STATS] = { .len = sizeof(struct ovs_vport_stats) },
2537 [OVS_VPORT_ATTR_PORT_NO] = { .type = NLA_U32 },
2538 [OVS_VPORT_ATTR_TYPE] = { .type = NLA_U32 },
2539 [OVS_VPORT_ATTR_UPCALL_PID] = { .type = NLA_UNSPEC },
2540 [OVS_VPORT_ATTR_OPTIONS] = { .type = NLA_NESTED },
2541 [OVS_VPORT_ATTR_IFINDEX] = { .type = NLA_U32 },
2542 [OVS_VPORT_ATTR_NETNSID] = { .type = NLA_S32 },
2543 [OVS_VPORT_ATTR_UPCALL_STATS] = { .type = NLA_NESTED },
2546 static const struct genl_small_ops dp_vport_genl_ops[] = {
2547 { .cmd = OVS_VPORT_CMD_NEW,
2548 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
2549 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2550 .doit = ovs_vport_cmd_new
2552 { .cmd = OVS_VPORT_CMD_DEL,
2553 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
2554 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2555 .doit = ovs_vport_cmd_del
2557 { .cmd = OVS_VPORT_CMD_GET,
2558 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
2559 .flags = 0, /* OK for unprivileged users. */
2560 .doit = ovs_vport_cmd_get,
2561 .dumpit = ovs_vport_cmd_dump
2563 { .cmd = OVS_VPORT_CMD_SET,
2564 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
2565 .flags = GENL_UNS_ADMIN_PERM, /* Requires CAP_NET_ADMIN privilege. */
2566 .doit = ovs_vport_cmd_set,
2570 struct genl_family dp_vport_genl_family __ro_after_init = {
2571 .hdrsize = sizeof(struct ovs_header),
2572 .name = OVS_VPORT_FAMILY,
2573 .version = OVS_VPORT_VERSION,
2574 .maxattr = OVS_VPORT_ATTR_MAX,
2575 .policy = vport_policy,
2577 .parallel_ops = true,
2578 .small_ops = dp_vport_genl_ops,
2579 .n_small_ops = ARRAY_SIZE(dp_vport_genl_ops),
2580 .resv_start_op = OVS_VPORT_CMD_SET + 1,
2581 .mcgrps = &ovs_dp_vport_multicast_group,
2583 .module = THIS_MODULE,
2586 static struct genl_family * const dp_genl_families[] = {
2587 &dp_datapath_genl_family,
2588 &dp_vport_genl_family,
2589 &dp_flow_genl_family,
2590 &dp_packet_genl_family,
2591 &dp_meter_genl_family,
2592 #if IS_ENABLED(CONFIG_NETFILTER_CONNCOUNT)
2593 &dp_ct_limit_genl_family,
2597 static void dp_unregister_genl(int n_families)
2601 for (i = 0; i < n_families; i++)
2602 genl_unregister_family(dp_genl_families[i]);
2605 static int __init dp_register_genl(void)
2610 for (i = 0; i < ARRAY_SIZE(dp_genl_families); i++) {
2612 err = genl_register_family(dp_genl_families[i]);
2620 dp_unregister_genl(i);
2624 static int __net_init ovs_init_net(struct net *net)
2626 struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
2629 INIT_LIST_HEAD(&ovs_net->dps);
2630 INIT_WORK(&ovs_net->dp_notify_work, ovs_dp_notify_wq);
2631 INIT_DELAYED_WORK(&ovs_net->masks_rebalance, ovs_dp_masks_rebalance);
2633 err = ovs_ct_init(net);
2637 schedule_delayed_work(&ovs_net->masks_rebalance,
2638 msecs_to_jiffies(DP_MASKS_REBALANCE_INTERVAL));
2642 static void __net_exit list_vports_from_net(struct net *net, struct net *dnet,
2643 struct list_head *head)
2645 struct ovs_net *ovs_net = net_generic(net, ovs_net_id);
2646 struct datapath *dp;
2648 list_for_each_entry(dp, &ovs_net->dps, list_node) {
2651 for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) {
2652 struct vport *vport;
2654 hlist_for_each_entry(vport, &dp->ports[i], dp_hash_node) {
2655 if (vport->ops->type != OVS_VPORT_TYPE_INTERNAL)
2658 if (dev_net(vport->dev) == dnet)
2659 list_add(&vport->detach_list, head);
2665 static void __net_exit ovs_exit_net(struct net *dnet)
2667 struct datapath *dp, *dp_next;
2668 struct ovs_net *ovs_net = net_generic(dnet, ovs_net_id);
2669 struct vport *vport, *vport_next;
2677 list_for_each_entry_safe(dp, dp_next, &ovs_net->dps, list_node)
2680 down_read(&net_rwsem);
2682 list_vports_from_net(net, dnet, &head);
2683 up_read(&net_rwsem);
2685 /* Detach all vports from given namespace. */
2686 list_for_each_entry_safe(vport, vport_next, &head, detach_list) {
2687 list_del(&vport->detach_list);
2688 ovs_dp_detach_port(vport);
2693 cancel_delayed_work_sync(&ovs_net->masks_rebalance);
2694 cancel_work_sync(&ovs_net->dp_notify_work);
2697 static struct pernet_operations ovs_net_ops = {
2698 .init = ovs_init_net,
2699 .exit = ovs_exit_net,
2701 .size = sizeof(struct ovs_net),
2704 static int __init dp_init(void)
2708 BUILD_BUG_ON(sizeof(struct ovs_skb_cb) >
2709 sizeof_field(struct sk_buff, cb));
2711 pr_info("Open vSwitch switching datapath\n");
2713 err = action_fifos_init();
2717 err = ovs_internal_dev_rtnl_link_register();
2719 goto error_action_fifos_exit;
2721 err = ovs_flow_init();
2723 goto error_unreg_rtnl_link;
2725 err = ovs_vport_init();
2727 goto error_flow_exit;
2729 err = register_pernet_device(&ovs_net_ops);
2731 goto error_vport_exit;
2733 err = register_netdevice_notifier(&ovs_dp_device_notifier);
2735 goto error_netns_exit;
2737 err = ovs_netdev_init();
2739 goto error_unreg_notifier;
2741 err = dp_register_genl();
2743 goto error_unreg_netdev;
2749 error_unreg_notifier:
2750 unregister_netdevice_notifier(&ovs_dp_device_notifier);
2752 unregister_pernet_device(&ovs_net_ops);
2757 error_unreg_rtnl_link:
2758 ovs_internal_dev_rtnl_link_unregister();
2759 error_action_fifos_exit:
2760 action_fifos_exit();
2765 static void dp_cleanup(void)
2767 dp_unregister_genl(ARRAY_SIZE(dp_genl_families));
2769 unregister_netdevice_notifier(&ovs_dp_device_notifier);
2770 unregister_pernet_device(&ovs_net_ops);
2774 ovs_internal_dev_rtnl_link_unregister();
2775 action_fifos_exit();
2778 module_init(dp_init);
2779 module_exit(dp_cleanup);
2781 MODULE_DESCRIPTION("Open vSwitch switching datapath");
2782 MODULE_LICENSE("GPL");
2783 MODULE_ALIAS_GENL_FAMILY(OVS_DATAPATH_FAMILY);
2784 MODULE_ALIAS_GENL_FAMILY(OVS_VPORT_FAMILY);
2785 MODULE_ALIAS_GENL_FAMILY(OVS_FLOW_FAMILY);
2786 MODULE_ALIAS_GENL_FAMILY(OVS_PACKET_FAMILY);
2787 MODULE_ALIAS_GENL_FAMILY(OVS_METER_FAMILY);
2788 MODULE_ALIAS_GENL_FAMILY(OVS_CT_LIMIT_FAMILY);