• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5 #include <net/switchdev.h>
6 
7 #include "br_private.h"
8 
br_vlan_cmp(struct rhashtable_compare_arg * arg,const void * ptr)9 static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg,
10 			      const void *ptr)
11 {
12 	const struct net_bridge_vlan *vle = ptr;
13 	u16 vid = *(u16 *)arg->key;
14 
15 	return vle->vid != vid;
16 }
17 
18 static const struct rhashtable_params br_vlan_rht_params = {
19 	.head_offset = offsetof(struct net_bridge_vlan, vnode),
20 	.key_offset = offsetof(struct net_bridge_vlan, vid),
21 	.key_len = sizeof(u16),
22 	.nelem_hint = 3,
23 	.locks_mul = 1,
24 	.max_size = VLAN_N_VID,
25 	.obj_cmpfn = br_vlan_cmp,
26 	.automatic_shrinking = true,
27 };
28 
br_vlan_lookup(struct rhashtable * tbl,u16 vid)29 static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid)
30 {
31 	return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params);
32 }
33 
__vlan_add_pvid(struct net_bridge_vlan_group * vg,u16 vid)34 static void __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid)
35 {
36 	if (vg->pvid == vid)
37 		return;
38 
39 	smp_wmb();
40 	vg->pvid = vid;
41 }
42 
__vlan_delete_pvid(struct net_bridge_vlan_group * vg,u16 vid)43 static void __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid)
44 {
45 	if (vg->pvid != vid)
46 		return;
47 
48 	smp_wmb();
49 	vg->pvid = 0;
50 }
51 
__vlan_add_flags(struct net_bridge_vlan * v,u16 flags)52 static void __vlan_add_flags(struct net_bridge_vlan *v, u16 flags)
53 {
54 	struct net_bridge_vlan_group *vg;
55 
56 	if (br_vlan_is_master(v))
57 		vg = br_vlan_group(v->br);
58 	else
59 		vg = nbp_vlan_group(v->port);
60 
61 	if (flags & BRIDGE_VLAN_INFO_PVID)
62 		__vlan_add_pvid(vg, v->vid);
63 	else
64 		__vlan_delete_pvid(vg, v->vid);
65 
66 	if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
67 		v->flags |= BRIDGE_VLAN_INFO_UNTAGGED;
68 	else
69 		v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED;
70 }
71 
__vlan_vid_add(struct net_device * dev,struct net_bridge * br,u16 vid,u16 flags)72 static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br,
73 			  u16 vid, u16 flags)
74 {
75 	struct switchdev_obj_port_vlan v = {
76 		.obj.orig_dev = dev,
77 		.obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
78 		.flags = flags,
79 		.vid_begin = vid,
80 		.vid_end = vid,
81 	};
82 	int err;
83 
84 	/* Try switchdev op first. In case it is not supported, fallback to
85 	 * 8021q add.
86 	 */
87 	err = switchdev_port_obj_add(dev, &v.obj);
88 	if (err == -EOPNOTSUPP)
89 		return vlan_vid_add(dev, br->vlan_proto, vid);
90 	return err;
91 }
92 
__vlan_add_list(struct net_bridge_vlan * v)93 static void __vlan_add_list(struct net_bridge_vlan *v)
94 {
95 	struct net_bridge_vlan_group *vg;
96 	struct list_head *headp, *hpos;
97 	struct net_bridge_vlan *vent;
98 
99 	if (br_vlan_is_master(v))
100 		vg = br_vlan_group(v->br);
101 	else
102 		vg = nbp_vlan_group(v->port);
103 
104 	headp = &vg->vlan_list;
105 	list_for_each_prev(hpos, headp) {
106 		vent = list_entry(hpos, struct net_bridge_vlan, vlist);
107 		if (v->vid < vent->vid)
108 			continue;
109 		else
110 			break;
111 	}
112 	list_add_rcu(&v->vlist, hpos);
113 }
114 
__vlan_del_list(struct net_bridge_vlan * v)115 static void __vlan_del_list(struct net_bridge_vlan *v)
116 {
117 	list_del_rcu(&v->vlist);
118 }
119 
__vlan_vid_del(struct net_device * dev,struct net_bridge * br,u16 vid)120 static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br,
121 			  u16 vid)
122 {
123 	struct switchdev_obj_port_vlan v = {
124 		.obj.orig_dev = dev,
125 		.obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
126 		.vid_begin = vid,
127 		.vid_end = vid,
128 	};
129 	int err;
130 
131 	/* Try switchdev op first. In case it is not supported, fallback to
132 	 * 8021q del.
133 	 */
134 	err = switchdev_port_obj_del(dev, &v.obj);
135 	if (err == -EOPNOTSUPP) {
136 		vlan_vid_del(dev, br->vlan_proto, vid);
137 		return 0;
138 	}
139 	return err;
140 }
141 
142 /* Returns a master vlan, if it didn't exist it gets created. In all cases a
143  * a reference is taken to the master vlan before returning.
144  */
br_vlan_get_master(struct net_bridge * br,u16 vid)145 static struct net_bridge_vlan *br_vlan_get_master(struct net_bridge *br, u16 vid)
146 {
147 	struct net_bridge_vlan_group *vg;
148 	struct net_bridge_vlan *masterv;
149 
150 	vg = br_vlan_group(br);
151 	masterv = br_vlan_find(vg, vid);
152 	if (!masterv) {
153 		/* missing global ctx, create it now */
154 		if (br_vlan_add(br, vid, 0))
155 			return NULL;
156 		masterv = br_vlan_find(vg, vid);
157 		if (WARN_ON(!masterv))
158 			return NULL;
159 	}
160 	atomic_inc(&masterv->refcnt);
161 
162 	return masterv;
163 }
164 
br_master_vlan_rcu_free(struct rcu_head * rcu)165 static void br_master_vlan_rcu_free(struct rcu_head *rcu)
166 {
167 	struct net_bridge_vlan *v;
168 
169 	v = container_of(rcu, struct net_bridge_vlan, rcu);
170 	WARN_ON(!br_vlan_is_master(v));
171 	free_percpu(v->stats);
172 	v->stats = NULL;
173 	kfree(v);
174 }
175 
br_vlan_put_master(struct net_bridge_vlan * masterv)176 static void br_vlan_put_master(struct net_bridge_vlan *masterv)
177 {
178 	struct net_bridge_vlan_group *vg;
179 
180 	if (!br_vlan_is_master(masterv))
181 		return;
182 
183 	vg = br_vlan_group(masterv->br);
184 	if (atomic_dec_and_test(&masterv->refcnt)) {
185 		rhashtable_remove_fast(&vg->vlan_hash,
186 				       &masterv->vnode, br_vlan_rht_params);
187 		__vlan_del_list(masterv);
188 		call_rcu(&masterv->rcu, br_master_vlan_rcu_free);
189 	}
190 }
191 
192 /* This is the shared VLAN add function which works for both ports and bridge
193  * devices. There are four possible calls to this function in terms of the
194  * vlan entry type:
195  * 1. vlan is being added on a port (no master flags, global entry exists)
196  * 2. vlan is being added on a bridge (both master and brentry flags)
197  * 3. vlan is being added on a port, but a global entry didn't exist which
198  *    is being created right now (master flag set, brentry flag unset), the
199  *    global entry is used for global per-vlan features, but not for filtering
200  * 4. same as 3 but with both master and brentry flags set so the entry
201  *    will be used for filtering in both the port and the bridge
202  */
__vlan_add(struct net_bridge_vlan * v,u16 flags)203 static int __vlan_add(struct net_bridge_vlan *v, u16 flags)
204 {
205 	struct net_bridge_vlan *masterv = NULL;
206 	struct net_bridge_port *p = NULL;
207 	struct net_bridge_vlan_group *vg;
208 	struct net_device *dev;
209 	struct net_bridge *br;
210 	int err;
211 
212 	if (br_vlan_is_master(v)) {
213 		br = v->br;
214 		dev = br->dev;
215 		vg = br_vlan_group(br);
216 	} else {
217 		p = v->port;
218 		br = p->br;
219 		dev = p->dev;
220 		vg = nbp_vlan_group(p);
221 	}
222 
223 	if (p) {
224 		/* Add VLAN to the device filter if it is supported.
225 		 * This ensures tagged traffic enters the bridge when
226 		 * promiscuous mode is disabled by br_manage_promisc().
227 		 */
228 		err = __vlan_vid_add(dev, br, v->vid, flags);
229 		if (err)
230 			goto out;
231 
232 		/* need to work on the master vlan too */
233 		if (flags & BRIDGE_VLAN_INFO_MASTER) {
234 			err = br_vlan_add(br, v->vid, flags |
235 						      BRIDGE_VLAN_INFO_BRENTRY);
236 			if (err)
237 				goto out_filt;
238 		}
239 
240 		masterv = br_vlan_get_master(br, v->vid);
241 		if (!masterv)
242 			goto out_filt;
243 		v->brvlan = masterv;
244 		v->stats = masterv->stats;
245 	}
246 
247 	/* Add the dev mac and count the vlan only if it's usable */
248 	if (br_vlan_should_use(v)) {
249 		err = br_fdb_insert(br, p, dev->dev_addr, v->vid);
250 		if (err) {
251 			br_err(br, "failed insert local address into bridge forwarding table\n");
252 			goto out_filt;
253 		}
254 		vg->num_vlans++;
255 	}
256 
257 	err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode,
258 					    br_vlan_rht_params);
259 	if (err)
260 		goto out_fdb_insert;
261 
262 	__vlan_add_list(v);
263 	__vlan_add_flags(v, flags);
264 out:
265 	return err;
266 
267 out_fdb_insert:
268 	if (br_vlan_should_use(v)) {
269 		br_fdb_find_delete_local(br, p, dev->dev_addr, v->vid);
270 		vg->num_vlans--;
271 	}
272 
273 out_filt:
274 	if (p) {
275 		__vlan_vid_del(dev, br, v->vid);
276 		if (masterv) {
277 			br_vlan_put_master(masterv);
278 			v->brvlan = NULL;
279 		}
280 	}
281 
282 	goto out;
283 }
284 
__vlan_del(struct net_bridge_vlan * v)285 static int __vlan_del(struct net_bridge_vlan *v)
286 {
287 	struct net_bridge_vlan *masterv = v;
288 	struct net_bridge_vlan_group *vg;
289 	struct net_bridge_port *p = NULL;
290 	int err = 0;
291 
292 	if (br_vlan_is_master(v)) {
293 		vg = br_vlan_group(v->br);
294 	} else {
295 		p = v->port;
296 		vg = nbp_vlan_group(v->port);
297 		masterv = v->brvlan;
298 	}
299 
300 	__vlan_delete_pvid(vg, v->vid);
301 	if (p) {
302 		err = __vlan_vid_del(p->dev, p->br, v->vid);
303 		if (err)
304 			goto out;
305 	}
306 
307 	if (br_vlan_should_use(v)) {
308 		v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY;
309 		vg->num_vlans--;
310 	}
311 
312 	if (masterv != v) {
313 		rhashtable_remove_fast(&vg->vlan_hash, &v->vnode,
314 				       br_vlan_rht_params);
315 		__vlan_del_list(v);
316 		kfree_rcu(v, rcu);
317 	}
318 
319 	br_vlan_put_master(masterv);
320 out:
321 	return err;
322 }
323 
__vlan_group_free(struct net_bridge_vlan_group * vg)324 static void __vlan_group_free(struct net_bridge_vlan_group *vg)
325 {
326 	WARN_ON(!list_empty(&vg->vlan_list));
327 	rhashtable_destroy(&vg->vlan_hash);
328 	kfree(vg);
329 }
330 
__vlan_flush(struct net_bridge_vlan_group * vg)331 static void __vlan_flush(struct net_bridge_vlan_group *vg)
332 {
333 	struct net_bridge_vlan *vlan, *tmp;
334 
335 	__vlan_delete_pvid(vg, vg->pvid);
336 	list_for_each_entry_safe(vlan, tmp, &vg->vlan_list, vlist)
337 		__vlan_del(vlan);
338 }
339 
br_handle_vlan(struct net_bridge * br,struct net_bridge_vlan_group * vg,struct sk_buff * skb)340 struct sk_buff *br_handle_vlan(struct net_bridge *br,
341 			       struct net_bridge_vlan_group *vg,
342 			       struct sk_buff *skb)
343 {
344 	struct br_vlan_stats *stats;
345 	struct net_bridge_vlan *v;
346 	u16 vid;
347 
348 	/* If this packet was not filtered at input, let it pass */
349 	if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
350 		goto out;
351 
352 	/* At this point, we know that the frame was filtered and contains
353 	 * a valid vlan id.  If the vlan id has untagged flag set,
354 	 * send untagged; otherwise, send tagged.
355 	 */
356 	br_vlan_get_tag(skb, &vid);
357 	v = br_vlan_find(vg, vid);
358 	/* Vlan entry must be configured at this point.  The
359 	 * only exception is the bridge is set in promisc mode and the
360 	 * packet is destined for the bridge device.  In this case
361 	 * pass the packet as is.
362 	 */
363 	if (!v || !br_vlan_should_use(v)) {
364 		if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
365 			goto out;
366 		} else {
367 			kfree_skb(skb);
368 			return NULL;
369 		}
370 	}
371 	if (br->vlan_stats_enabled) {
372 		stats = this_cpu_ptr(v->stats);
373 		u64_stats_update_begin(&stats->syncp);
374 		stats->tx_bytes += skb->len;
375 		stats->tx_packets++;
376 		u64_stats_update_end(&stats->syncp);
377 	}
378 
379 	if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)
380 		skb->vlan_tci = 0;
381 out:
382 	return skb;
383 }
384 
385 /* Called under RCU */
__allowed_ingress(const struct net_bridge * br,struct net_bridge_vlan_group * vg,struct sk_buff * skb,u16 * vid)386 static bool __allowed_ingress(const struct net_bridge *br,
387 			      struct net_bridge_vlan_group *vg,
388 			      struct sk_buff *skb, u16 *vid)
389 {
390 	struct br_vlan_stats *stats;
391 	struct net_bridge_vlan *v;
392 	bool tagged;
393 
394 	BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
395 	/* If vlan tx offload is disabled on bridge device and frame was
396 	 * sent from vlan device on the bridge device, it does not have
397 	 * HW accelerated vlan tag.
398 	 */
399 	if (unlikely(!skb_vlan_tag_present(skb) &&
400 		     skb->protocol == br->vlan_proto)) {
401 		skb = skb_vlan_untag(skb);
402 		if (unlikely(!skb))
403 			return false;
404 	}
405 
406 	if (!br_vlan_get_tag(skb, vid)) {
407 		/* Tagged frame */
408 		if (skb->vlan_proto != br->vlan_proto) {
409 			/* Protocol-mismatch, empty out vlan_tci for new tag */
410 			skb_push(skb, ETH_HLEN);
411 			skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto,
412 							skb_vlan_tag_get(skb));
413 			if (unlikely(!skb))
414 				return false;
415 
416 			skb_pull(skb, ETH_HLEN);
417 			skb_reset_mac_len(skb);
418 			*vid = 0;
419 			tagged = false;
420 		} else {
421 			tagged = true;
422 		}
423 	} else {
424 		/* Untagged frame */
425 		tagged = false;
426 	}
427 
428 	if (!*vid) {
429 		u16 pvid = br_get_pvid(vg);
430 
431 		/* Frame had a tag with VID 0 or did not have a tag.
432 		 * See if pvid is set on this port.  That tells us which
433 		 * vlan untagged or priority-tagged traffic belongs to.
434 		 */
435 		if (!pvid)
436 			goto drop;
437 
438 		/* PVID is set on this port.  Any untagged or priority-tagged
439 		 * ingress frame is considered to belong to this vlan.
440 		 */
441 		*vid = pvid;
442 		if (likely(!tagged))
443 			/* Untagged Frame. */
444 			__vlan_hwaccel_put_tag(skb, br->vlan_proto, pvid);
445 		else
446 			/* Priority-tagged Frame.
447 			 * At this point, We know that skb->vlan_tci had
448 			 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
449 			 * We update only VID field and preserve PCP field.
450 			 */
451 			skb->vlan_tci |= pvid;
452 
453 		/* if stats are disabled we can avoid the lookup */
454 		if (!br->vlan_stats_enabled)
455 			return true;
456 	}
457 	v = br_vlan_find(vg, *vid);
458 	if (!v || !br_vlan_should_use(v))
459 		goto drop;
460 
461 	if (br->vlan_stats_enabled) {
462 		stats = this_cpu_ptr(v->stats);
463 		u64_stats_update_begin(&stats->syncp);
464 		stats->rx_bytes += skb->len;
465 		stats->rx_packets++;
466 		u64_stats_update_end(&stats->syncp);
467 	}
468 
469 	return true;
470 
471 drop:
472 	kfree_skb(skb);
473 	return false;
474 }
475 
br_allowed_ingress(const struct net_bridge * br,struct net_bridge_vlan_group * vg,struct sk_buff * skb,u16 * vid)476 bool br_allowed_ingress(const struct net_bridge *br,
477 			struct net_bridge_vlan_group *vg, struct sk_buff *skb,
478 			u16 *vid)
479 {
480 	/* If VLAN filtering is disabled on the bridge, all packets are
481 	 * permitted.
482 	 */
483 	if (!br->vlan_enabled) {
484 		BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
485 		return true;
486 	}
487 
488 	return __allowed_ingress(br, vg, skb, vid);
489 }
490 
491 /* Called under RCU. */
br_allowed_egress(struct net_bridge_vlan_group * vg,const struct sk_buff * skb)492 bool br_allowed_egress(struct net_bridge_vlan_group *vg,
493 		       const struct sk_buff *skb)
494 {
495 	const struct net_bridge_vlan *v;
496 	u16 vid;
497 
498 	/* If this packet was not filtered at input, let it pass */
499 	if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
500 		return true;
501 
502 	br_vlan_get_tag(skb, &vid);
503 	v = br_vlan_find(vg, vid);
504 	if (v && br_vlan_should_use(v))
505 		return true;
506 
507 	return false;
508 }
509 
510 /* Called under RCU */
br_should_learn(struct net_bridge_port * p,struct sk_buff * skb,u16 * vid)511 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
512 {
513 	struct net_bridge_vlan_group *vg;
514 	struct net_bridge *br = p->br;
515 
516 	/* If filtering was disabled at input, let it pass. */
517 	if (!br->vlan_enabled)
518 		return true;
519 
520 	vg = nbp_vlan_group_rcu(p);
521 	if (!vg || !vg->num_vlans)
522 		return false;
523 
524 	if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
525 		*vid = 0;
526 
527 	if (!*vid) {
528 		*vid = br_get_pvid(vg);
529 		if (!*vid)
530 			return false;
531 
532 		return true;
533 	}
534 
535 	if (br_vlan_find(vg, *vid))
536 		return true;
537 
538 	return false;
539 }
540 
541 /* Must be protected by RTNL.
542  * Must be called with vid in range from 1 to 4094 inclusive.
543  */
br_vlan_add(struct net_bridge * br,u16 vid,u16 flags)544 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
545 {
546 	struct net_bridge_vlan_group *vg;
547 	struct net_bridge_vlan *vlan;
548 	int ret;
549 
550 	ASSERT_RTNL();
551 
552 	vg = br_vlan_group(br);
553 	vlan = br_vlan_find(vg, vid);
554 	if (vlan) {
555 		if (!br_vlan_is_brentry(vlan)) {
556 			/* Trying to change flags of non-existent bridge vlan */
557 			if (!(flags & BRIDGE_VLAN_INFO_BRENTRY))
558 				return -EINVAL;
559 			/* It was only kept for port vlans, now make it real */
560 			ret = br_fdb_insert(br, NULL, br->dev->dev_addr,
561 					    vlan->vid);
562 			if (ret) {
563 				br_err(br, "failed insert local address into bridge forwarding table\n");
564 				return ret;
565 			}
566 			atomic_inc(&vlan->refcnt);
567 			vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY;
568 			vg->num_vlans++;
569 		}
570 		__vlan_add_flags(vlan, flags);
571 		return 0;
572 	}
573 
574 	vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
575 	if (!vlan)
576 		return -ENOMEM;
577 
578 	vlan->stats = netdev_alloc_pcpu_stats(struct br_vlan_stats);
579 	if (!vlan->stats) {
580 		kfree(vlan);
581 		return -ENOMEM;
582 	}
583 	vlan->vid = vid;
584 	vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER;
585 	vlan->flags &= ~BRIDGE_VLAN_INFO_PVID;
586 	vlan->br = br;
587 	if (flags & BRIDGE_VLAN_INFO_BRENTRY)
588 		atomic_set(&vlan->refcnt, 1);
589 	ret = __vlan_add(vlan, flags);
590 	if (ret) {
591 		free_percpu(vlan->stats);
592 		kfree(vlan);
593 	}
594 
595 	return ret;
596 }
597 
598 /* Must be protected by RTNL.
599  * Must be called with vid in range from 1 to 4094 inclusive.
600  */
br_vlan_delete(struct net_bridge * br,u16 vid)601 int br_vlan_delete(struct net_bridge *br, u16 vid)
602 {
603 	struct net_bridge_vlan_group *vg;
604 	struct net_bridge_vlan *v;
605 
606 	ASSERT_RTNL();
607 
608 	vg = br_vlan_group(br);
609 	v = br_vlan_find(vg, vid);
610 	if (!v || !br_vlan_is_brentry(v))
611 		return -ENOENT;
612 
613 	br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
614 	br_fdb_delete_by_port(br, NULL, vid, 0);
615 
616 	return __vlan_del(v);
617 }
618 
br_vlan_flush(struct net_bridge * br)619 void br_vlan_flush(struct net_bridge *br)
620 {
621 	struct net_bridge_vlan_group *vg;
622 
623 	ASSERT_RTNL();
624 
625 	vg = br_vlan_group(br);
626 	__vlan_flush(vg);
627 	RCU_INIT_POINTER(br->vlgrp, NULL);
628 	synchronize_rcu();
629 	__vlan_group_free(vg);
630 }
631 
br_vlan_find(struct net_bridge_vlan_group * vg,u16 vid)632 struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid)
633 {
634 	if (!vg)
635 		return NULL;
636 
637 	return br_vlan_lookup(&vg->vlan_hash, vid);
638 }
639 
640 /* Must be protected by RTNL. */
recalculate_group_addr(struct net_bridge * br)641 static void recalculate_group_addr(struct net_bridge *br)
642 {
643 	if (br->group_addr_set)
644 		return;
645 
646 	spin_lock_bh(&br->lock);
647 	if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) {
648 		/* Bridge Group Address */
649 		br->group_addr[5] = 0x00;
650 	} else { /* vlan_enabled && ETH_P_8021AD */
651 		/* Provider Bridge Group Address */
652 		br->group_addr[5] = 0x08;
653 	}
654 	spin_unlock_bh(&br->lock);
655 }
656 
657 /* Must be protected by RTNL. */
br_recalculate_fwd_mask(struct net_bridge * br)658 void br_recalculate_fwd_mask(struct net_bridge *br)
659 {
660 	if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q))
661 		br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
662 	else /* vlan_enabled && ETH_P_8021AD */
663 		br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
664 					      ~(1u << br->group_addr[5]);
665 }
666 
__br_vlan_filter_toggle(struct net_bridge * br,unsigned long val)667 int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
668 {
669 	struct switchdev_attr attr = {
670 		.orig_dev = br->dev,
671 		.id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING,
672 		.flags = SWITCHDEV_F_SKIP_EOPNOTSUPP,
673 		.u.vlan_filtering = val,
674 	};
675 	int err;
676 
677 	if (br->vlan_enabled == val)
678 		return 0;
679 
680 	err = switchdev_port_attr_set(br->dev, &attr);
681 	if (err && err != -EOPNOTSUPP)
682 		return err;
683 
684 	br->vlan_enabled = val;
685 	br_manage_promisc(br);
686 	recalculate_group_addr(br);
687 	br_recalculate_fwd_mask(br);
688 
689 	return 0;
690 }
691 
br_vlan_filter_toggle(struct net_bridge * br,unsigned long val)692 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
693 {
694 	return __br_vlan_filter_toggle(br, val);
695 }
696 
__br_vlan_set_proto(struct net_bridge * br,__be16 proto)697 int __br_vlan_set_proto(struct net_bridge *br, __be16 proto)
698 {
699 	int err = 0;
700 	struct net_bridge_port *p;
701 	struct net_bridge_vlan *vlan;
702 	struct net_bridge_vlan_group *vg;
703 	__be16 oldproto;
704 
705 	if (br->vlan_proto == proto)
706 		return 0;
707 
708 	/* Add VLANs for the new proto to the device filter. */
709 	list_for_each_entry(p, &br->port_list, list) {
710 		vg = nbp_vlan_group(p);
711 		list_for_each_entry(vlan, &vg->vlan_list, vlist) {
712 			err = vlan_vid_add(p->dev, proto, vlan->vid);
713 			if (err)
714 				goto err_filt;
715 		}
716 	}
717 
718 	oldproto = br->vlan_proto;
719 	br->vlan_proto = proto;
720 
721 	recalculate_group_addr(br);
722 	br_recalculate_fwd_mask(br);
723 
724 	/* Delete VLANs for the old proto from the device filter. */
725 	list_for_each_entry(p, &br->port_list, list) {
726 		vg = nbp_vlan_group(p);
727 		list_for_each_entry(vlan, &vg->vlan_list, vlist)
728 			vlan_vid_del(p->dev, oldproto, vlan->vid);
729 	}
730 
731 	return 0;
732 
733 err_filt:
734 	list_for_each_entry_continue_reverse(vlan, &vg->vlan_list, vlist)
735 		vlan_vid_del(p->dev, proto, vlan->vid);
736 
737 	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
738 		vg = nbp_vlan_group(p);
739 		list_for_each_entry(vlan, &vg->vlan_list, vlist)
740 			vlan_vid_del(p->dev, proto, vlan->vid);
741 	}
742 
743 	return err;
744 }
745 
br_vlan_set_proto(struct net_bridge * br,unsigned long val)746 int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
747 {
748 	if (val != ETH_P_8021Q && val != ETH_P_8021AD)
749 		return -EPROTONOSUPPORT;
750 
751 	return __br_vlan_set_proto(br, htons(val));
752 }
753 
br_vlan_set_stats(struct net_bridge * br,unsigned long val)754 int br_vlan_set_stats(struct net_bridge *br, unsigned long val)
755 {
756 	switch (val) {
757 	case 0:
758 	case 1:
759 		br->vlan_stats_enabled = val;
760 		break;
761 	default:
762 		return -EINVAL;
763 	}
764 
765 	return 0;
766 }
767 
vlan_default_pvid(struct net_bridge_vlan_group * vg,u16 vid)768 static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid)
769 {
770 	struct net_bridge_vlan *v;
771 
772 	if (vid != vg->pvid)
773 		return false;
774 
775 	v = br_vlan_lookup(&vg->vlan_hash, vid);
776 	if (v && br_vlan_should_use(v) &&
777 	    (v->flags & BRIDGE_VLAN_INFO_UNTAGGED))
778 		return true;
779 
780 	return false;
781 }
782 
br_vlan_disable_default_pvid(struct net_bridge * br)783 static void br_vlan_disable_default_pvid(struct net_bridge *br)
784 {
785 	struct net_bridge_port *p;
786 	u16 pvid = br->default_pvid;
787 
788 	/* Disable default_pvid on all ports where it is still
789 	 * configured.
790 	 */
791 	if (vlan_default_pvid(br_vlan_group(br), pvid))
792 		br_vlan_delete(br, pvid);
793 
794 	list_for_each_entry(p, &br->port_list, list) {
795 		if (vlan_default_pvid(nbp_vlan_group(p), pvid))
796 			nbp_vlan_delete(p, pvid);
797 	}
798 
799 	br->default_pvid = 0;
800 }
801 
__br_vlan_set_default_pvid(struct net_bridge * br,u16 pvid)802 int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid)
803 {
804 	const struct net_bridge_vlan *pvent;
805 	struct net_bridge_vlan_group *vg;
806 	struct net_bridge_port *p;
807 	u16 old_pvid;
808 	int err = 0;
809 	unsigned long *changed;
810 
811 	if (!pvid) {
812 		br_vlan_disable_default_pvid(br);
813 		return 0;
814 	}
815 
816 	changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long),
817 			  GFP_KERNEL);
818 	if (!changed)
819 		return -ENOMEM;
820 
821 	old_pvid = br->default_pvid;
822 
823 	/* Update default_pvid config only if we do not conflict with
824 	 * user configuration.
825 	 */
826 	vg = br_vlan_group(br);
827 	pvent = br_vlan_find(vg, pvid);
828 	if ((!old_pvid || vlan_default_pvid(vg, old_pvid)) &&
829 	    (!pvent || !br_vlan_should_use(pvent))) {
830 		err = br_vlan_add(br, pvid,
831 				  BRIDGE_VLAN_INFO_PVID |
832 				  BRIDGE_VLAN_INFO_UNTAGGED |
833 				  BRIDGE_VLAN_INFO_BRENTRY);
834 		if (err)
835 			goto out;
836 		br_vlan_delete(br, old_pvid);
837 		set_bit(0, changed);
838 	}
839 
840 	list_for_each_entry(p, &br->port_list, list) {
841 		/* Update default_pvid config only if we do not conflict with
842 		 * user configuration.
843 		 */
844 		vg = nbp_vlan_group(p);
845 		if ((old_pvid &&
846 		     !vlan_default_pvid(vg, old_pvid)) ||
847 		    br_vlan_find(vg, pvid))
848 			continue;
849 
850 		err = nbp_vlan_add(p, pvid,
851 				   BRIDGE_VLAN_INFO_PVID |
852 				   BRIDGE_VLAN_INFO_UNTAGGED);
853 		if (err)
854 			goto err_port;
855 		nbp_vlan_delete(p, old_pvid);
856 		set_bit(p->port_no, changed);
857 	}
858 
859 	br->default_pvid = pvid;
860 
861 out:
862 	kfree(changed);
863 	return err;
864 
865 err_port:
866 	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
867 		if (!test_bit(p->port_no, changed))
868 			continue;
869 
870 		if (old_pvid)
871 			nbp_vlan_add(p, old_pvid,
872 				     BRIDGE_VLAN_INFO_PVID |
873 				     BRIDGE_VLAN_INFO_UNTAGGED);
874 		nbp_vlan_delete(p, pvid);
875 	}
876 
877 	if (test_bit(0, changed)) {
878 		if (old_pvid)
879 			br_vlan_add(br, old_pvid,
880 				    BRIDGE_VLAN_INFO_PVID |
881 				    BRIDGE_VLAN_INFO_UNTAGGED |
882 				    BRIDGE_VLAN_INFO_BRENTRY);
883 		br_vlan_delete(br, pvid);
884 	}
885 	goto out;
886 }
887 
br_vlan_set_default_pvid(struct net_bridge * br,unsigned long val)888 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val)
889 {
890 	u16 pvid = val;
891 	int err = 0;
892 
893 	if (val >= VLAN_VID_MASK)
894 		return -EINVAL;
895 
896 	if (pvid == br->default_pvid)
897 		goto out;
898 
899 	/* Only allow default pvid change when filtering is disabled */
900 	if (br->vlan_enabled) {
901 		pr_info_once("Please disable vlan filtering to change default_pvid\n");
902 		err = -EPERM;
903 		goto out;
904 	}
905 	err = __br_vlan_set_default_pvid(br, pvid);
906 out:
907 	return err;
908 }
909 
br_vlan_init(struct net_bridge * br)910 int br_vlan_init(struct net_bridge *br)
911 {
912 	struct net_bridge_vlan_group *vg;
913 	int ret = -ENOMEM;
914 
915 	vg = kzalloc(sizeof(*vg), GFP_KERNEL);
916 	if (!vg)
917 		goto out;
918 	ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
919 	if (ret)
920 		goto err_rhtbl;
921 	INIT_LIST_HEAD(&vg->vlan_list);
922 	br->vlan_proto = htons(ETH_P_8021Q);
923 	br->default_pvid = 1;
924 	rcu_assign_pointer(br->vlgrp, vg);
925 	ret = br_vlan_add(br, 1,
926 			  BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED |
927 			  BRIDGE_VLAN_INFO_BRENTRY);
928 	if (ret)
929 		goto err_vlan_add;
930 
931 out:
932 	return ret;
933 
934 err_vlan_add:
935 	rhashtable_destroy(&vg->vlan_hash);
936 err_rhtbl:
937 	kfree(vg);
938 
939 	goto out;
940 }
941 
nbp_vlan_init(struct net_bridge_port * p)942 int nbp_vlan_init(struct net_bridge_port *p)
943 {
944 	struct switchdev_attr attr = {
945 		.orig_dev = p->br->dev,
946 		.id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING,
947 		.flags = SWITCHDEV_F_SKIP_EOPNOTSUPP,
948 		.u.vlan_filtering = p->br->vlan_enabled,
949 	};
950 	struct net_bridge_vlan_group *vg;
951 	int ret = -ENOMEM;
952 
953 	vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL);
954 	if (!vg)
955 		goto out;
956 
957 	ret = switchdev_port_attr_set(p->dev, &attr);
958 	if (ret && ret != -EOPNOTSUPP)
959 		goto err_vlan_enabled;
960 
961 	ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
962 	if (ret)
963 		goto err_rhtbl;
964 	INIT_LIST_HEAD(&vg->vlan_list);
965 	rcu_assign_pointer(p->vlgrp, vg);
966 	if (p->br->default_pvid) {
967 		ret = nbp_vlan_add(p, p->br->default_pvid,
968 				   BRIDGE_VLAN_INFO_PVID |
969 				   BRIDGE_VLAN_INFO_UNTAGGED);
970 		if (ret)
971 			goto err_vlan_add;
972 	}
973 out:
974 	return ret;
975 
976 err_vlan_add:
977 	RCU_INIT_POINTER(p->vlgrp, NULL);
978 	synchronize_rcu();
979 	rhashtable_destroy(&vg->vlan_hash);
980 err_vlan_enabled:
981 err_rhtbl:
982 	kfree(vg);
983 
984 	goto out;
985 }
986 
987 /* Must be protected by RTNL.
988  * Must be called with vid in range from 1 to 4094 inclusive.
989  */
nbp_vlan_add(struct net_bridge_port * port,u16 vid,u16 flags)990 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
991 {
992 	struct switchdev_obj_port_vlan v = {
993 		.obj.orig_dev = port->dev,
994 		.obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
995 		.flags = flags,
996 		.vid_begin = vid,
997 		.vid_end = vid,
998 	};
999 	struct net_bridge_vlan *vlan;
1000 	int ret;
1001 
1002 	ASSERT_RTNL();
1003 
1004 	vlan = br_vlan_find(nbp_vlan_group(port), vid);
1005 	if (vlan) {
1006 		/* Pass the flags to the hardware bridge */
1007 		ret = switchdev_port_obj_add(port->dev, &v.obj);
1008 		if (ret && ret != -EOPNOTSUPP)
1009 			return ret;
1010 		__vlan_add_flags(vlan, flags);
1011 		return 0;
1012 	}
1013 
1014 	vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
1015 	if (!vlan)
1016 		return -ENOMEM;
1017 
1018 	vlan->vid = vid;
1019 	vlan->port = port;
1020 	ret = __vlan_add(vlan, flags);
1021 	if (ret)
1022 		kfree(vlan);
1023 
1024 	return ret;
1025 }
1026 
1027 /* Must be protected by RTNL.
1028  * Must be called with vid in range from 1 to 4094 inclusive.
1029  */
nbp_vlan_delete(struct net_bridge_port * port,u16 vid)1030 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
1031 {
1032 	struct net_bridge_vlan *v;
1033 
1034 	ASSERT_RTNL();
1035 
1036 	v = br_vlan_find(nbp_vlan_group(port), vid);
1037 	if (!v)
1038 		return -ENOENT;
1039 	br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
1040 	br_fdb_delete_by_port(port->br, port, vid, 0);
1041 
1042 	return __vlan_del(v);
1043 }
1044 
nbp_vlan_flush(struct net_bridge_port * port)1045 void nbp_vlan_flush(struct net_bridge_port *port)
1046 {
1047 	struct net_bridge_vlan_group *vg;
1048 
1049 	ASSERT_RTNL();
1050 
1051 	vg = nbp_vlan_group(port);
1052 	__vlan_flush(vg);
1053 	RCU_INIT_POINTER(port->vlgrp, NULL);
1054 	synchronize_rcu();
1055 	__vlan_group_free(vg);
1056 }
1057 
br_vlan_get_stats(const struct net_bridge_vlan * v,struct br_vlan_stats * stats)1058 void br_vlan_get_stats(const struct net_bridge_vlan *v,
1059 		       struct br_vlan_stats *stats)
1060 {
1061 	int i;
1062 
1063 	memset(stats, 0, sizeof(*stats));
1064 	for_each_possible_cpu(i) {
1065 		u64 rxpackets, rxbytes, txpackets, txbytes;
1066 		struct br_vlan_stats *cpu_stats;
1067 		unsigned int start;
1068 
1069 		cpu_stats = per_cpu_ptr(v->stats, i);
1070 		do {
1071 			start = u64_stats_fetch_begin_irq(&cpu_stats->syncp);
1072 			rxpackets = cpu_stats->rx_packets;
1073 			rxbytes = cpu_stats->rx_bytes;
1074 			txbytes = cpu_stats->tx_bytes;
1075 			txpackets = cpu_stats->tx_packets;
1076 		} while (u64_stats_fetch_retry_irq(&cpu_stats->syncp, start));
1077 
1078 		stats->rx_packets += rxpackets;
1079 		stats->rx_bytes += rxbytes;
1080 		stats->tx_bytes += txbytes;
1081 		stats->tx_packets += txpackets;
1082 	}
1083 }
1084