1 // SPDX-License-Identifier: GPL-2.0 2 #include <linux/err.h> 3 #include <linux/igmp.h> 4 #include <linux/kernel.h> 5 #include <linux/netdevice.h> 6 #include <linux/rculist.h> 7 #include <linux/skbuff.h> 8 #include <linux/if_ether.h> 9 #include <net/ip.h> 10 #include <net/netlink.h> 11 #include <net/switchdev.h> 12 #if IS_ENABLED(CONFIG_IPV6) 13 #include <net/ipv6.h> 14 #include <net/addrconf.h> 15 #endif 16 17 #include "br_private.h" 18 19 static bool br_rports_have_mc_router(struct net_bridge *br) 20 { 21 #if IS_ENABLED(CONFIG_IPV6) 22 return !hlist_empty(&br->ip4_mc_router_list) || 23 !hlist_empty(&br->ip6_mc_router_list); 24 #else 25 return !hlist_empty(&br->ip4_mc_router_list); 26 #endif 27 } 28 29 static bool 30 br_ip4_rports_get_timer(struct net_bridge_port *port, unsigned long *timer) 31 { 32 *timer = br_timer_value(&port->ip4_mc_router_timer); 33 return !hlist_unhashed(&port->ip4_rlist); 34 } 35 36 static bool 37 br_ip6_rports_get_timer(struct net_bridge_port *port, unsigned long *timer) 38 { 39 #if IS_ENABLED(CONFIG_IPV6) 40 *timer = br_timer_value(&port->ip6_mc_router_timer); 41 return !hlist_unhashed(&port->ip6_rlist); 42 #else 43 *timer = 0; 44 return false; 45 #endif 46 } 47 48 static int br_rports_fill_info(struct sk_buff *skb, struct netlink_callback *cb, 49 struct net_device *dev) 50 { 51 struct net_bridge *br = netdev_priv(dev); 52 bool have_ip4_mc_rtr, have_ip6_mc_rtr; 53 unsigned long ip4_timer, ip6_timer; 54 struct nlattr *nest, *port_nest; 55 struct net_bridge_port *p; 56 57 if (!br->multicast_router) 58 return 0; 59 60 if (!br_rports_have_mc_router(br)) 61 return 0; 62 63 nest = nla_nest_start_noflag(skb, MDBA_ROUTER); 64 if (nest == NULL) 65 return -EMSGSIZE; 66 67 list_for_each_entry_rcu(p, &br->port_list, list) { 68 have_ip4_mc_rtr = br_ip4_rports_get_timer(p, &ip4_timer); 69 have_ip6_mc_rtr = br_ip6_rports_get_timer(p, &ip6_timer); 70 71 if (!have_ip4_mc_rtr && !have_ip6_mc_rtr) 72 continue; 73 74 port_nest = nla_nest_start_noflag(skb, MDBA_ROUTER_PORT); 75 if (!port_nest) 76 goto fail; 77 78 if (nla_put_nohdr(skb, sizeof(u32), &p->dev->ifindex) || 79 nla_put_u32(skb, MDBA_ROUTER_PATTR_TIMER, 80 max(ip4_timer, ip6_timer)) || 81 nla_put_u8(skb, MDBA_ROUTER_PATTR_TYPE, 82 p->multicast_router) || 83 (have_ip4_mc_rtr && 84 nla_put_u32(skb, MDBA_ROUTER_PATTR_INET_TIMER, 85 ip4_timer)) || 86 (have_ip6_mc_rtr && 87 nla_put_u32(skb, MDBA_ROUTER_PATTR_INET6_TIMER, 88 ip6_timer))) { 89 nla_nest_cancel(skb, port_nest); 90 goto fail; 91 } 92 nla_nest_end(skb, port_nest); 93 } 94 95 nla_nest_end(skb, nest); 96 return 0; 97 fail: 98 nla_nest_cancel(skb, nest); 99 return -EMSGSIZE; 100 } 101 102 static void __mdb_entry_fill_flags(struct br_mdb_entry *e, unsigned char flags) 103 { 104 e->state = flags & MDB_PG_FLAGS_PERMANENT; 105 e->flags = 0; 106 if (flags & MDB_PG_FLAGS_OFFLOAD) 107 e->flags |= MDB_FLAGS_OFFLOAD; 108 if (flags & MDB_PG_FLAGS_FAST_LEAVE) 109 e->flags |= MDB_FLAGS_FAST_LEAVE; 110 if (flags & MDB_PG_FLAGS_STAR_EXCL) 111 e->flags |= MDB_FLAGS_STAR_EXCL; 112 if (flags & MDB_PG_FLAGS_BLOCKED) 113 e->flags |= MDB_FLAGS_BLOCKED; 114 } 115 116 static void __mdb_entry_to_br_ip(struct br_mdb_entry *entry, struct br_ip *ip, 117 struct nlattr **mdb_attrs) 118 { 119 memset(ip, 0, sizeof(struct br_ip)); 120 ip->vid = entry->vid; 121 ip->proto = entry->addr.proto; 122 switch (ip->proto) { 123 case htons(ETH_P_IP): 124 ip->dst.ip4 = entry->addr.u.ip4; 125 if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE]) 126 ip->src.ip4 = nla_get_in_addr(mdb_attrs[MDBE_ATTR_SOURCE]); 127 break; 128 #if IS_ENABLED(CONFIG_IPV6) 129 case htons(ETH_P_IPV6): 130 ip->dst.ip6 = entry->addr.u.ip6; 131 if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE]) 132 ip->src.ip6 = nla_get_in6_addr(mdb_attrs[MDBE_ATTR_SOURCE]); 133 break; 134 #endif 135 default: 136 ether_addr_copy(ip->dst.mac_addr, entry->addr.u.mac_addr); 137 } 138 139 } 140 141 static int __mdb_fill_srcs(struct sk_buff *skb, 142 struct net_bridge_port_group *p) 143 { 144 struct net_bridge_group_src *ent; 145 struct nlattr *nest, *nest_ent; 146 147 if (hlist_empty(&p->src_list)) 148 return 0; 149 150 nest = nla_nest_start(skb, MDBA_MDB_EATTR_SRC_LIST); 151 if (!nest) 152 return -EMSGSIZE; 153 154 hlist_for_each_entry_rcu(ent, &p->src_list, node, 155 lockdep_is_held(&p->key.port->br->multicast_lock)) { 156 nest_ent = nla_nest_start(skb, MDBA_MDB_SRCLIST_ENTRY); 157 if (!nest_ent) 158 goto out_cancel_err; 159 switch (ent->addr.proto) { 160 case htons(ETH_P_IP): 161 if (nla_put_in_addr(skb, MDBA_MDB_SRCATTR_ADDRESS, 162 ent->addr.src.ip4)) { 163 nla_nest_cancel(skb, nest_ent); 164 goto out_cancel_err; 165 } 166 break; 167 #if IS_ENABLED(CONFIG_IPV6) 168 case htons(ETH_P_IPV6): 169 if (nla_put_in6_addr(skb, MDBA_MDB_SRCATTR_ADDRESS, 170 &ent->addr.src.ip6)) { 171 nla_nest_cancel(skb, nest_ent); 172 goto out_cancel_err; 173 } 174 break; 175 #endif 176 default: 177 nla_nest_cancel(skb, nest_ent); 178 continue; 179 } 180 if (nla_put_u32(skb, MDBA_MDB_SRCATTR_TIMER, 181 br_timer_value(&ent->timer))) { 182 nla_nest_cancel(skb, nest_ent); 183 goto out_cancel_err; 184 } 185 nla_nest_end(skb, nest_ent); 186 } 187 188 nla_nest_end(skb, nest); 189 190 return 0; 191 192 out_cancel_err: 193 nla_nest_cancel(skb, nest); 194 return -EMSGSIZE; 195 } 196 197 static int __mdb_fill_info(struct sk_buff *skb, 198 struct net_bridge_mdb_entry *mp, 199 struct net_bridge_port_group *p) 200 { 201 bool dump_srcs_mode = false; 202 struct timer_list *mtimer; 203 struct nlattr *nest_ent; 204 struct br_mdb_entry e; 205 u8 flags = 0; 206 int ifindex; 207 208 memset(&e, 0, sizeof(e)); 209 if (p) { 210 ifindex = p->key.port->dev->ifindex; 211 mtimer = &p->timer; 212 flags = p->flags; 213 } else { 214 ifindex = mp->br->dev->ifindex; 215 mtimer = &mp->timer; 216 } 217 218 __mdb_entry_fill_flags(&e, flags); 219 e.ifindex = ifindex; 220 e.vid = mp->addr.vid; 221 if (mp->addr.proto == htons(ETH_P_IP)) 222 e.addr.u.ip4 = mp->addr.dst.ip4; 223 #if IS_ENABLED(CONFIG_IPV6) 224 else if (mp->addr.proto == htons(ETH_P_IPV6)) 225 e.addr.u.ip6 = mp->addr.dst.ip6; 226 #endif 227 else 228 ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr); 229 e.addr.proto = mp->addr.proto; 230 nest_ent = nla_nest_start_noflag(skb, 231 MDBA_MDB_ENTRY_INFO); 232 if (!nest_ent) 233 return -EMSGSIZE; 234 235 if (nla_put_nohdr(skb, sizeof(e), &e) || 236 nla_put_u32(skb, 237 MDBA_MDB_EATTR_TIMER, 238 br_timer_value(mtimer))) 239 goto nest_err; 240 241 switch (mp->addr.proto) { 242 case htons(ETH_P_IP): 243 dump_srcs_mode = !!(mp->br->multicast_igmp_version == 3); 244 if (mp->addr.src.ip4) { 245 if (nla_put_in_addr(skb, MDBA_MDB_EATTR_SOURCE, 246 mp->addr.src.ip4)) 247 goto nest_err; 248 break; 249 } 250 break; 251 #if IS_ENABLED(CONFIG_IPV6) 252 case htons(ETH_P_IPV6): 253 dump_srcs_mode = !!(mp->br->multicast_mld_version == 2); 254 if (!ipv6_addr_any(&mp->addr.src.ip6)) { 255 if (nla_put_in6_addr(skb, MDBA_MDB_EATTR_SOURCE, 256 &mp->addr.src.ip6)) 257 goto nest_err; 258 break; 259 } 260 break; 261 #endif 262 default: 263 ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr); 264 } 265 if (p) { 266 if (nla_put_u8(skb, MDBA_MDB_EATTR_RTPROT, p->rt_protocol)) 267 goto nest_err; 268 if (dump_srcs_mode && 269 (__mdb_fill_srcs(skb, p) || 270 nla_put_u8(skb, MDBA_MDB_EATTR_GROUP_MODE, 271 p->filter_mode))) 272 goto nest_err; 273 } 274 nla_nest_end(skb, nest_ent); 275 276 return 0; 277 278 nest_err: 279 nla_nest_cancel(skb, nest_ent); 280 return -EMSGSIZE; 281 } 282 283 static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb, 284 struct net_device *dev) 285 { 286 int idx = 0, s_idx = cb->args[1], err = 0, pidx = 0, s_pidx = cb->args[2]; 287 struct net_bridge *br = netdev_priv(dev); 288 struct net_bridge_mdb_entry *mp; 289 struct nlattr *nest, *nest2; 290 291 if (!br_opt_get(br, BROPT_MULTICAST_ENABLED)) 292 return 0; 293 294 nest = nla_nest_start_noflag(skb, MDBA_MDB); 295 if (nest == NULL) 296 return -EMSGSIZE; 297 298 hlist_for_each_entry_rcu(mp, &br->mdb_list, mdb_node) { 299 struct net_bridge_port_group *p; 300 struct net_bridge_port_group __rcu **pp; 301 302 if (idx < s_idx) 303 goto skip; 304 305 nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY); 306 if (!nest2) { 307 err = -EMSGSIZE; 308 break; 309 } 310 311 if (!s_pidx && mp->host_joined) { 312 err = __mdb_fill_info(skb, mp, NULL); 313 if (err) { 314 nla_nest_cancel(skb, nest2); 315 break; 316 } 317 } 318 319 for (pp = &mp->ports; (p = rcu_dereference(*pp)) != NULL; 320 pp = &p->next) { 321 if (!p->key.port) 322 continue; 323 if (pidx < s_pidx) 324 goto skip_pg; 325 326 err = __mdb_fill_info(skb, mp, p); 327 if (err) { 328 nla_nest_end(skb, nest2); 329 goto out; 330 } 331 skip_pg: 332 pidx++; 333 } 334 pidx = 0; 335 s_pidx = 0; 336 nla_nest_end(skb, nest2); 337 skip: 338 idx++; 339 } 340 341 out: 342 cb->args[1] = idx; 343 cb->args[2] = pidx; 344 nla_nest_end(skb, nest); 345 return err; 346 } 347 348 static int br_mdb_valid_dump_req(const struct nlmsghdr *nlh, 349 struct netlink_ext_ack *extack) 350 { 351 struct br_port_msg *bpm; 352 353 if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*bpm))) { 354 NL_SET_ERR_MSG_MOD(extack, "Invalid header for mdb dump request"); 355 return -EINVAL; 356 } 357 358 bpm = nlmsg_data(nlh); 359 if (bpm->ifindex) { 360 NL_SET_ERR_MSG_MOD(extack, "Filtering by device index is not supported for mdb dump request"); 361 return -EINVAL; 362 } 363 if (nlmsg_attrlen(nlh, sizeof(*bpm))) { 364 NL_SET_ERR_MSG(extack, "Invalid data after header in mdb dump request"); 365 return -EINVAL; 366 } 367 368 return 0; 369 } 370 371 static int br_mdb_dump(struct sk_buff *skb, struct netlink_callback *cb) 372 { 373 struct net_device *dev; 374 struct net *net = sock_net(skb->sk); 375 struct nlmsghdr *nlh = NULL; 376 int idx = 0, s_idx; 377 378 if (cb->strict_check) { 379 int err = br_mdb_valid_dump_req(cb->nlh, cb->extack); 380 381 if (err < 0) 382 return err; 383 } 384 385 s_idx = cb->args[0]; 386 387 rcu_read_lock(); 388 389 cb->seq = net->dev_base_seq; 390 391 for_each_netdev_rcu(net, dev) { 392 if (dev->priv_flags & IFF_EBRIDGE) { 393 struct br_port_msg *bpm; 394 395 if (idx < s_idx) 396 goto skip; 397 398 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, 399 cb->nlh->nlmsg_seq, RTM_GETMDB, 400 sizeof(*bpm), NLM_F_MULTI); 401 if (nlh == NULL) 402 break; 403 404 bpm = nlmsg_data(nlh); 405 memset(bpm, 0, sizeof(*bpm)); 406 bpm->ifindex = dev->ifindex; 407 if (br_mdb_fill_info(skb, cb, dev) < 0) 408 goto out; 409 if (br_rports_fill_info(skb, cb, dev) < 0) 410 goto out; 411 412 cb->args[1] = 0; 413 nlmsg_end(skb, nlh); 414 skip: 415 idx++; 416 } 417 } 418 419 out: 420 if (nlh) 421 nlmsg_end(skb, nlh); 422 rcu_read_unlock(); 423 cb->args[0] = idx; 424 return skb->len; 425 } 426 427 static int nlmsg_populate_mdb_fill(struct sk_buff *skb, 428 struct net_device *dev, 429 struct net_bridge_mdb_entry *mp, 430 struct net_bridge_port_group *pg, 431 int type) 432 { 433 struct nlmsghdr *nlh; 434 struct br_port_msg *bpm; 435 struct nlattr *nest, *nest2; 436 437 nlh = nlmsg_put(skb, 0, 0, type, sizeof(*bpm), 0); 438 if (!nlh) 439 return -EMSGSIZE; 440 441 bpm = nlmsg_data(nlh); 442 memset(bpm, 0, sizeof(*bpm)); 443 bpm->family = AF_BRIDGE; 444 bpm->ifindex = dev->ifindex; 445 nest = nla_nest_start_noflag(skb, MDBA_MDB); 446 if (nest == NULL) 447 goto cancel; 448 nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY); 449 if (nest2 == NULL) 450 goto end; 451 452 if (__mdb_fill_info(skb, mp, pg)) 453 goto end; 454 455 nla_nest_end(skb, nest2); 456 nla_nest_end(skb, nest); 457 nlmsg_end(skb, nlh); 458 return 0; 459 460 end: 461 nla_nest_end(skb, nest); 462 cancel: 463 nlmsg_cancel(skb, nlh); 464 return -EMSGSIZE; 465 } 466 467 static size_t rtnl_mdb_nlmsg_size(struct net_bridge_port_group *pg) 468 { 469 size_t nlmsg_size = NLMSG_ALIGN(sizeof(struct br_port_msg)) + 470 nla_total_size(sizeof(struct br_mdb_entry)) + 471 nla_total_size(sizeof(u32)); 472 struct net_bridge_group_src *ent; 473 size_t addr_size = 0; 474 475 if (!pg) 476 goto out; 477 478 /* MDBA_MDB_EATTR_RTPROT */ 479 nlmsg_size += nla_total_size(sizeof(u8)); 480 481 switch (pg->key.addr.proto) { 482 case htons(ETH_P_IP): 483 /* MDBA_MDB_EATTR_SOURCE */ 484 if (pg->key.addr.src.ip4) 485 nlmsg_size += nla_total_size(sizeof(__be32)); 486 if (pg->key.port->br->multicast_igmp_version == 2) 487 goto out; 488 addr_size = sizeof(__be32); 489 break; 490 #if IS_ENABLED(CONFIG_IPV6) 491 case htons(ETH_P_IPV6): 492 /* MDBA_MDB_EATTR_SOURCE */ 493 if (!ipv6_addr_any(&pg->key.addr.src.ip6)) 494 nlmsg_size += nla_total_size(sizeof(struct in6_addr)); 495 if (pg->key.port->br->multicast_mld_version == 1) 496 goto out; 497 addr_size = sizeof(struct in6_addr); 498 break; 499 #endif 500 } 501 502 /* MDBA_MDB_EATTR_GROUP_MODE */ 503 nlmsg_size += nla_total_size(sizeof(u8)); 504 505 /* MDBA_MDB_EATTR_SRC_LIST nested attr */ 506 if (!hlist_empty(&pg->src_list)) 507 nlmsg_size += nla_total_size(0); 508 509 hlist_for_each_entry(ent, &pg->src_list, node) { 510 /* MDBA_MDB_SRCLIST_ENTRY nested attr + 511 * MDBA_MDB_SRCATTR_ADDRESS + MDBA_MDB_SRCATTR_TIMER 512 */ 513 nlmsg_size += nla_total_size(0) + 514 nla_total_size(addr_size) + 515 nla_total_size(sizeof(u32)); 516 } 517 out: 518 return nlmsg_size; 519 } 520 521 struct br_mdb_complete_info { 522 struct net_bridge_port *port; 523 struct br_ip ip; 524 }; 525 526 static void br_mdb_complete(struct net_device *dev, int err, void *priv) 527 { 528 struct br_mdb_complete_info *data = priv; 529 struct net_bridge_port_group __rcu **pp; 530 struct net_bridge_port_group *p; 531 struct net_bridge_mdb_entry *mp; 532 struct net_bridge_port *port = data->port; 533 struct net_bridge *br = port->br; 534 535 if (err) 536 goto err; 537 538 spin_lock_bh(&br->multicast_lock); 539 mp = br_mdb_ip_get(br, &data->ip); 540 if (!mp) 541 goto out; 542 for (pp = &mp->ports; (p = mlock_dereference(*pp, br)) != NULL; 543 pp = &p->next) { 544 if (p->key.port != port) 545 continue; 546 p->flags |= MDB_PG_FLAGS_OFFLOAD; 547 } 548 out: 549 spin_unlock_bh(&br->multicast_lock); 550 err: 551 kfree(priv); 552 } 553 554 static void br_switchdev_mdb_populate(struct switchdev_obj_port_mdb *mdb, 555 const struct net_bridge_mdb_entry *mp) 556 { 557 if (mp->addr.proto == htons(ETH_P_IP)) 558 ip_eth_mc_map(mp->addr.dst.ip4, mdb->addr); 559 #if IS_ENABLED(CONFIG_IPV6) 560 else if (mp->addr.proto == htons(ETH_P_IPV6)) 561 ipv6_eth_mc_map(&mp->addr.dst.ip6, mdb->addr); 562 #endif 563 else 564 ether_addr_copy(mdb->addr, mp->addr.dst.mac_addr); 565 566 mdb->vid = mp->addr.vid; 567 } 568 569 static int br_mdb_replay_one(struct notifier_block *nb, struct net_device *dev, 570 struct switchdev_obj_port_mdb *mdb, 571 struct netlink_ext_ack *extack) 572 { 573 struct switchdev_notifier_port_obj_info obj_info = { 574 .info = { 575 .dev = dev, 576 .extack = extack, 577 }, 578 .obj = &mdb->obj, 579 }; 580 int err; 581 582 err = nb->notifier_call(nb, SWITCHDEV_PORT_OBJ_ADD, &obj_info); 583 return notifier_to_errno(err); 584 } 585 586 static int br_mdb_queue_one(struct list_head *mdb_list, 587 enum switchdev_obj_id id, 588 const struct net_bridge_mdb_entry *mp, 589 struct net_device *orig_dev) 590 { 591 struct switchdev_obj_port_mdb *mdb; 592 593 mdb = kzalloc(sizeof(*mdb), GFP_ATOMIC); 594 if (!mdb) 595 return -ENOMEM; 596 597 mdb->obj.id = id; 598 mdb->obj.orig_dev = orig_dev; 599 br_switchdev_mdb_populate(mdb, mp); 600 list_add_tail(&mdb->obj.list, mdb_list); 601 602 return 0; 603 } 604 605 int br_mdb_replay(struct net_device *br_dev, struct net_device *dev, 606 struct notifier_block *nb, struct netlink_ext_ack *extack) 607 { 608 struct net_bridge_mdb_entry *mp; 609 struct switchdev_obj *obj, *tmp; 610 struct net_bridge *br; 611 LIST_HEAD(mdb_list); 612 int err = 0; 613 614 ASSERT_RTNL(); 615 616 if (!netif_is_bridge_master(br_dev) || !netif_is_bridge_port(dev)) 617 return -EINVAL; 618 619 br = netdev_priv(br_dev); 620 621 if (!br_opt_get(br, BROPT_MULTICAST_ENABLED)) 622 return 0; 623 624 /* We cannot walk over br->mdb_list protected just by the rtnl_mutex, 625 * because the write-side protection is br->multicast_lock. But we 626 * need to emulate the [ blocking ] calling context of a regular 627 * switchdev event, so since both br->multicast_lock and RCU read side 628 * critical sections are atomic, we have no choice but to pick the RCU 629 * read side lock, queue up all our events, leave the critical section 630 * and notify switchdev from blocking context. 631 */ 632 rcu_read_lock(); 633 634 hlist_for_each_entry_rcu(mp, &br->mdb_list, mdb_node) { 635 struct net_bridge_port_group __rcu **pp; 636 struct net_bridge_port_group *p; 637 638 if (mp->host_joined) { 639 err = br_mdb_queue_one(&mdb_list, 640 SWITCHDEV_OBJ_ID_HOST_MDB, 641 mp, br_dev); 642 if (err) { 643 rcu_read_unlock(); 644 goto out_free_mdb; 645 } 646 } 647 648 for (pp = &mp->ports; (p = rcu_dereference(*pp)) != NULL; 649 pp = &p->next) { 650 if (p->key.port->dev != dev) 651 continue; 652 653 err = br_mdb_queue_one(&mdb_list, 654 SWITCHDEV_OBJ_ID_PORT_MDB, 655 mp, dev); 656 if (err) { 657 rcu_read_unlock(); 658 goto out_free_mdb; 659 } 660 } 661 } 662 663 rcu_read_unlock(); 664 665 list_for_each_entry(obj, &mdb_list, list) { 666 err = br_mdb_replay_one(nb, dev, SWITCHDEV_OBJ_PORT_MDB(obj), 667 extack); 668 if (err) 669 goto out_free_mdb; 670 } 671 672 out_free_mdb: 673 list_for_each_entry_safe(obj, tmp, &mdb_list, list) { 674 list_del(&obj->list); 675 kfree(SWITCHDEV_OBJ_PORT_MDB(obj)); 676 } 677 678 return err; 679 } 680 EXPORT_SYMBOL_GPL(br_mdb_replay); 681 682 static void br_mdb_switchdev_host_port(struct net_device *dev, 683 struct net_device *lower_dev, 684 struct net_bridge_mdb_entry *mp, 685 int type) 686 { 687 struct switchdev_obj_port_mdb mdb = { 688 .obj = { 689 .id = SWITCHDEV_OBJ_ID_HOST_MDB, 690 .flags = SWITCHDEV_F_DEFER, 691 .orig_dev = dev, 692 }, 693 }; 694 695 br_switchdev_mdb_populate(&mdb, mp); 696 697 switch (type) { 698 case RTM_NEWMDB: 699 switchdev_port_obj_add(lower_dev, &mdb.obj, NULL); 700 break; 701 case RTM_DELMDB: 702 switchdev_port_obj_del(lower_dev, &mdb.obj); 703 break; 704 } 705 } 706 707 static void br_mdb_switchdev_host(struct net_device *dev, 708 struct net_bridge_mdb_entry *mp, int type) 709 { 710 struct net_device *lower_dev; 711 struct list_head *iter; 712 713 netdev_for_each_lower_dev(dev, lower_dev, iter) 714 br_mdb_switchdev_host_port(dev, lower_dev, mp, type); 715 } 716 717 void br_mdb_notify(struct net_device *dev, 718 struct net_bridge_mdb_entry *mp, 719 struct net_bridge_port_group *pg, 720 int type) 721 { 722 struct br_mdb_complete_info *complete_info; 723 struct switchdev_obj_port_mdb mdb = { 724 .obj = { 725 .id = SWITCHDEV_OBJ_ID_PORT_MDB, 726 .flags = SWITCHDEV_F_DEFER, 727 }, 728 }; 729 struct net *net = dev_net(dev); 730 struct sk_buff *skb; 731 int err = -ENOBUFS; 732 733 if (pg) { 734 br_switchdev_mdb_populate(&mdb, mp); 735 736 mdb.obj.orig_dev = pg->key.port->dev; 737 switch (type) { 738 case RTM_NEWMDB: 739 complete_info = kmalloc(sizeof(*complete_info), GFP_ATOMIC); 740 if (!complete_info) 741 break; 742 complete_info->port = pg->key.port; 743 complete_info->ip = mp->addr; 744 mdb.obj.complete_priv = complete_info; 745 mdb.obj.complete = br_mdb_complete; 746 if (switchdev_port_obj_add(pg->key.port->dev, &mdb.obj, NULL)) 747 kfree(complete_info); 748 break; 749 case RTM_DELMDB: 750 switchdev_port_obj_del(pg->key.port->dev, &mdb.obj); 751 break; 752 } 753 } else { 754 br_mdb_switchdev_host(dev, mp, type); 755 } 756 757 skb = nlmsg_new(rtnl_mdb_nlmsg_size(pg), GFP_ATOMIC); 758 if (!skb) 759 goto errout; 760 761 err = nlmsg_populate_mdb_fill(skb, dev, mp, pg, type); 762 if (err < 0) { 763 kfree_skb(skb); 764 goto errout; 765 } 766 767 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC); 768 return; 769 errout: 770 rtnl_set_sk_err(net, RTNLGRP_MDB, err); 771 } 772 773 static int nlmsg_populate_rtr_fill(struct sk_buff *skb, 774 struct net_device *dev, 775 int ifindex, u32 pid, 776 u32 seq, int type, unsigned int flags) 777 { 778 struct br_port_msg *bpm; 779 struct nlmsghdr *nlh; 780 struct nlattr *nest; 781 782 nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), 0); 783 if (!nlh) 784 return -EMSGSIZE; 785 786 bpm = nlmsg_data(nlh); 787 memset(bpm, 0, sizeof(*bpm)); 788 bpm->family = AF_BRIDGE; 789 bpm->ifindex = dev->ifindex; 790 nest = nla_nest_start_noflag(skb, MDBA_ROUTER); 791 if (!nest) 792 goto cancel; 793 794 if (nla_put_u32(skb, MDBA_ROUTER_PORT, ifindex)) 795 goto end; 796 797 nla_nest_end(skb, nest); 798 nlmsg_end(skb, nlh); 799 return 0; 800 801 end: 802 nla_nest_end(skb, nest); 803 cancel: 804 nlmsg_cancel(skb, nlh); 805 return -EMSGSIZE; 806 } 807 808 static inline size_t rtnl_rtr_nlmsg_size(void) 809 { 810 return NLMSG_ALIGN(sizeof(struct br_port_msg)) 811 + nla_total_size(sizeof(__u32)); 812 } 813 814 void br_rtr_notify(struct net_device *dev, struct net_bridge_port *port, 815 int type) 816 { 817 struct net *net = dev_net(dev); 818 struct sk_buff *skb; 819 int err = -ENOBUFS; 820 int ifindex; 821 822 ifindex = port ? port->dev->ifindex : 0; 823 skb = nlmsg_new(rtnl_rtr_nlmsg_size(), GFP_ATOMIC); 824 if (!skb) 825 goto errout; 826 827 err = nlmsg_populate_rtr_fill(skb, dev, ifindex, 0, 0, type, NTF_SELF); 828 if (err < 0) { 829 kfree_skb(skb); 830 goto errout; 831 } 832 833 rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC); 834 return; 835 836 errout: 837 rtnl_set_sk_err(net, RTNLGRP_MDB, err); 838 } 839 840 static bool is_valid_mdb_entry(struct br_mdb_entry *entry, 841 struct netlink_ext_ack *extack) 842 { 843 if (entry->ifindex == 0) { 844 NL_SET_ERR_MSG_MOD(extack, "Zero entry ifindex is not allowed"); 845 return false; 846 } 847 848 if (entry->addr.proto == htons(ETH_P_IP)) { 849 if (!ipv4_is_multicast(entry->addr.u.ip4)) { 850 NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is not multicast"); 851 return false; 852 } 853 if (ipv4_is_local_multicast(entry->addr.u.ip4)) { 854 NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is local multicast"); 855 return false; 856 } 857 #if IS_ENABLED(CONFIG_IPV6) 858 } else if (entry->addr.proto == htons(ETH_P_IPV6)) { 859 if (ipv6_addr_is_ll_all_nodes(&entry->addr.u.ip6)) { 860 NL_SET_ERR_MSG_MOD(extack, "IPv6 entry group address is link-local all nodes"); 861 return false; 862 } 863 #endif 864 } else if (entry->addr.proto == 0) { 865 /* L2 mdb */ 866 if (!is_multicast_ether_addr(entry->addr.u.mac_addr)) { 867 NL_SET_ERR_MSG_MOD(extack, "L2 entry group is not multicast"); 868 return false; 869 } 870 } else { 871 NL_SET_ERR_MSG_MOD(extack, "Unknown entry protocol"); 872 return false; 873 } 874 875 if (entry->state != MDB_PERMANENT && entry->state != MDB_TEMPORARY) { 876 NL_SET_ERR_MSG_MOD(extack, "Unknown entry state"); 877 return false; 878 } 879 if (entry->vid >= VLAN_VID_MASK) { 880 NL_SET_ERR_MSG_MOD(extack, "Invalid entry VLAN id"); 881 return false; 882 } 883 884 return true; 885 } 886 887 static bool is_valid_mdb_source(struct nlattr *attr, __be16 proto, 888 struct netlink_ext_ack *extack) 889 { 890 switch (proto) { 891 case htons(ETH_P_IP): 892 if (nla_len(attr) != sizeof(struct in_addr)) { 893 NL_SET_ERR_MSG_MOD(extack, "IPv4 invalid source address length"); 894 return false; 895 } 896 if (ipv4_is_multicast(nla_get_in_addr(attr))) { 897 NL_SET_ERR_MSG_MOD(extack, "IPv4 multicast source address is not allowed"); 898 return false; 899 } 900 break; 901 #if IS_ENABLED(CONFIG_IPV6) 902 case htons(ETH_P_IPV6): { 903 struct in6_addr src; 904 905 if (nla_len(attr) != sizeof(struct in6_addr)) { 906 NL_SET_ERR_MSG_MOD(extack, "IPv6 invalid source address length"); 907 return false; 908 } 909 src = nla_get_in6_addr(attr); 910 if (ipv6_addr_is_multicast(&src)) { 911 NL_SET_ERR_MSG_MOD(extack, "IPv6 multicast source address is not allowed"); 912 return false; 913 } 914 break; 915 } 916 #endif 917 default: 918 NL_SET_ERR_MSG_MOD(extack, "Invalid protocol used with source address"); 919 return false; 920 } 921 922 return true; 923 } 924 925 static const struct nla_policy br_mdbe_attrs_pol[MDBE_ATTR_MAX + 1] = { 926 [MDBE_ATTR_SOURCE] = NLA_POLICY_RANGE(NLA_BINARY, 927 sizeof(struct in_addr), 928 sizeof(struct in6_addr)), 929 }; 930 931 static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh, 932 struct net_device **pdev, struct br_mdb_entry **pentry, 933 struct nlattr **mdb_attrs, struct netlink_ext_ack *extack) 934 { 935 struct net *net = sock_net(skb->sk); 936 struct br_mdb_entry *entry; 937 struct br_port_msg *bpm; 938 struct nlattr *tb[MDBA_SET_ENTRY_MAX+1]; 939 struct net_device *dev; 940 int err; 941 942 err = nlmsg_parse_deprecated(nlh, sizeof(*bpm), tb, 943 MDBA_SET_ENTRY_MAX, NULL, NULL); 944 if (err < 0) 945 return err; 946 947 bpm = nlmsg_data(nlh); 948 if (bpm->ifindex == 0) { 949 NL_SET_ERR_MSG_MOD(extack, "Invalid bridge ifindex"); 950 return -EINVAL; 951 } 952 953 dev = __dev_get_by_index(net, bpm->ifindex); 954 if (dev == NULL) { 955 NL_SET_ERR_MSG_MOD(extack, "Bridge device doesn't exist"); 956 return -ENODEV; 957 } 958 959 if (!(dev->priv_flags & IFF_EBRIDGE)) { 960 NL_SET_ERR_MSG_MOD(extack, "Device is not a bridge"); 961 return -EOPNOTSUPP; 962 } 963 964 *pdev = dev; 965 966 if (!tb[MDBA_SET_ENTRY]) { 967 NL_SET_ERR_MSG_MOD(extack, "Missing MDBA_SET_ENTRY attribute"); 968 return -EINVAL; 969 } 970 if (nla_len(tb[MDBA_SET_ENTRY]) != sizeof(struct br_mdb_entry)) { 971 NL_SET_ERR_MSG_MOD(extack, "Invalid MDBA_SET_ENTRY attribute length"); 972 return -EINVAL; 973 } 974 975 entry = nla_data(tb[MDBA_SET_ENTRY]); 976 if (!is_valid_mdb_entry(entry, extack)) 977 return -EINVAL; 978 *pentry = entry; 979 980 if (tb[MDBA_SET_ENTRY_ATTRS]) { 981 err = nla_parse_nested(mdb_attrs, MDBE_ATTR_MAX, 982 tb[MDBA_SET_ENTRY_ATTRS], 983 br_mdbe_attrs_pol, extack); 984 if (err) 985 return err; 986 if (mdb_attrs[MDBE_ATTR_SOURCE] && 987 !is_valid_mdb_source(mdb_attrs[MDBE_ATTR_SOURCE], 988 entry->addr.proto, extack)) 989 return -EINVAL; 990 } else { 991 memset(mdb_attrs, 0, 992 sizeof(struct nlattr *) * (MDBE_ATTR_MAX + 1)); 993 } 994 995 return 0; 996 } 997 998 static int br_mdb_add_group(struct net_bridge *br, struct net_bridge_port *port, 999 struct br_mdb_entry *entry, 1000 struct nlattr **mdb_attrs, 1001 struct netlink_ext_ack *extack) 1002 { 1003 struct net_bridge_mdb_entry *mp, *star_mp; 1004 struct net_bridge_port_group *p; 1005 struct net_bridge_port_group __rcu **pp; 1006 struct br_ip group, star_group; 1007 unsigned long now = jiffies; 1008 unsigned char flags = 0; 1009 u8 filter_mode; 1010 int err; 1011 1012 __mdb_entry_to_br_ip(entry, &group, mdb_attrs); 1013 1014 /* host join errors which can happen before creating the group */ 1015 if (!port) { 1016 /* don't allow any flags for host-joined groups */ 1017 if (entry->state) { 1018 NL_SET_ERR_MSG_MOD(extack, "Flags are not allowed for host groups"); 1019 return -EINVAL; 1020 } 1021 if (!br_multicast_is_star_g(&group)) { 1022 NL_SET_ERR_MSG_MOD(extack, "Groups with sources cannot be manually host joined"); 1023 return -EINVAL; 1024 } 1025 } 1026 1027 if (br_group_is_l2(&group) && entry->state != MDB_PERMANENT) { 1028 NL_SET_ERR_MSG_MOD(extack, "Only permanent L2 entries allowed"); 1029 return -EINVAL; 1030 } 1031 1032 mp = br_mdb_ip_get(br, &group); 1033 if (!mp) { 1034 mp = br_multicast_new_group(br, &group); 1035 err = PTR_ERR_OR_ZERO(mp); 1036 if (err) 1037 return err; 1038 } 1039 1040 /* host join */ 1041 if (!port) { 1042 if (mp->host_joined) { 1043 NL_SET_ERR_MSG_MOD(extack, "Group is already joined by host"); 1044 return -EEXIST; 1045 } 1046 1047 br_multicast_host_join(mp, false); 1048 br_mdb_notify(br->dev, mp, NULL, RTM_NEWMDB); 1049 1050 return 0; 1051 } 1052 1053 for (pp = &mp->ports; 1054 (p = mlock_dereference(*pp, br)) != NULL; 1055 pp = &p->next) { 1056 if (p->key.port == port) { 1057 NL_SET_ERR_MSG_MOD(extack, "Group is already joined by port"); 1058 return -EEXIST; 1059 } 1060 if ((unsigned long)p->key.port < (unsigned long)port) 1061 break; 1062 } 1063 1064 filter_mode = br_multicast_is_star_g(&group) ? MCAST_EXCLUDE : 1065 MCAST_INCLUDE; 1066 1067 if (entry->state == MDB_PERMANENT) 1068 flags |= MDB_PG_FLAGS_PERMANENT; 1069 1070 p = br_multicast_new_port_group(port, &group, *pp, flags, NULL, 1071 filter_mode, RTPROT_STATIC); 1072 if (unlikely(!p)) { 1073 NL_SET_ERR_MSG_MOD(extack, "Couldn't allocate new port group"); 1074 return -ENOMEM; 1075 } 1076 rcu_assign_pointer(*pp, p); 1077 if (entry->state == MDB_TEMPORARY) 1078 mod_timer(&p->timer, now + br->multicast_membership_interval); 1079 br_mdb_notify(br->dev, mp, p, RTM_NEWMDB); 1080 /* if we are adding a new EXCLUDE port group (*,G) it needs to be also 1081 * added to all S,G entries for proper replication, if we are adding 1082 * a new INCLUDE port (S,G) then all of *,G EXCLUDE ports need to be 1083 * added to it for proper replication 1084 */ 1085 if (br_multicast_should_handle_mode(br, group.proto)) { 1086 switch (filter_mode) { 1087 case MCAST_EXCLUDE: 1088 br_multicast_star_g_handle_mode(p, MCAST_EXCLUDE); 1089 break; 1090 case MCAST_INCLUDE: 1091 star_group = p->key.addr; 1092 memset(&star_group.src, 0, sizeof(star_group.src)); 1093 star_mp = br_mdb_ip_get(br, &star_group); 1094 if (star_mp) 1095 br_multicast_sg_add_exclude_ports(star_mp, p); 1096 break; 1097 } 1098 } 1099 1100 return 0; 1101 } 1102 1103 static int __br_mdb_add(struct net *net, struct net_bridge *br, 1104 struct net_bridge_port *p, 1105 struct br_mdb_entry *entry, 1106 struct nlattr **mdb_attrs, 1107 struct netlink_ext_ack *extack) 1108 { 1109 int ret; 1110 1111 spin_lock_bh(&br->multicast_lock); 1112 ret = br_mdb_add_group(br, p, entry, mdb_attrs, extack); 1113 spin_unlock_bh(&br->multicast_lock); 1114 1115 return ret; 1116 } 1117 1118 static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr *nlh, 1119 struct netlink_ext_ack *extack) 1120 { 1121 struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1]; 1122 struct net *net = sock_net(skb->sk); 1123 struct net_bridge_vlan_group *vg; 1124 struct net_bridge_port *p = NULL; 1125 struct net_device *dev, *pdev; 1126 struct br_mdb_entry *entry; 1127 struct net_bridge_vlan *v; 1128 struct net_bridge *br; 1129 int err; 1130 1131 err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack); 1132 if (err < 0) 1133 return err; 1134 1135 br = netdev_priv(dev); 1136 1137 if (!netif_running(br->dev)) { 1138 NL_SET_ERR_MSG_MOD(extack, "Bridge device is not running"); 1139 return -EINVAL; 1140 } 1141 1142 if (!br_opt_get(br, BROPT_MULTICAST_ENABLED)) { 1143 NL_SET_ERR_MSG_MOD(extack, "Bridge's multicast processing is disabled"); 1144 return -EINVAL; 1145 } 1146 1147 if (entry->ifindex != br->dev->ifindex) { 1148 pdev = __dev_get_by_index(net, entry->ifindex); 1149 if (!pdev) { 1150 NL_SET_ERR_MSG_MOD(extack, "Port net device doesn't exist"); 1151 return -ENODEV; 1152 } 1153 1154 p = br_port_get_rtnl(pdev); 1155 if (!p) { 1156 NL_SET_ERR_MSG_MOD(extack, "Net device is not a bridge port"); 1157 return -EINVAL; 1158 } 1159 1160 if (p->br != br) { 1161 NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge device"); 1162 return -EINVAL; 1163 } 1164 if (p->state == BR_STATE_DISABLED) { 1165 NL_SET_ERR_MSG_MOD(extack, "Port is in disabled state"); 1166 return -EINVAL; 1167 } 1168 vg = nbp_vlan_group(p); 1169 } else { 1170 vg = br_vlan_group(br); 1171 } 1172 1173 /* If vlan filtering is enabled and VLAN is not specified 1174 * install mdb entry on all vlans configured on the port. 1175 */ 1176 if (br_vlan_enabled(br->dev) && vg && entry->vid == 0) { 1177 list_for_each_entry(v, &vg->vlan_list, vlist) { 1178 entry->vid = v->vid; 1179 err = __br_mdb_add(net, br, p, entry, mdb_attrs, extack); 1180 if (err) 1181 break; 1182 } 1183 } else { 1184 err = __br_mdb_add(net, br, p, entry, mdb_attrs, extack); 1185 } 1186 1187 return err; 1188 } 1189 1190 static int __br_mdb_del(struct net_bridge *br, struct br_mdb_entry *entry, 1191 struct nlattr **mdb_attrs) 1192 { 1193 struct net_bridge_mdb_entry *mp; 1194 struct net_bridge_port_group *p; 1195 struct net_bridge_port_group __rcu **pp; 1196 struct br_ip ip; 1197 int err = -EINVAL; 1198 1199 if (!netif_running(br->dev) || !br_opt_get(br, BROPT_MULTICAST_ENABLED)) 1200 return -EINVAL; 1201 1202 __mdb_entry_to_br_ip(entry, &ip, mdb_attrs); 1203 1204 spin_lock_bh(&br->multicast_lock); 1205 mp = br_mdb_ip_get(br, &ip); 1206 if (!mp) 1207 goto unlock; 1208 1209 /* host leave */ 1210 if (entry->ifindex == mp->br->dev->ifindex && mp->host_joined) { 1211 br_multicast_host_leave(mp, false); 1212 err = 0; 1213 br_mdb_notify(br->dev, mp, NULL, RTM_DELMDB); 1214 if (!mp->ports && netif_running(br->dev)) 1215 mod_timer(&mp->timer, jiffies); 1216 goto unlock; 1217 } 1218 1219 for (pp = &mp->ports; 1220 (p = mlock_dereference(*pp, br)) != NULL; 1221 pp = &p->next) { 1222 if (!p->key.port || p->key.port->dev->ifindex != entry->ifindex) 1223 continue; 1224 1225 if (p->key.port->state == BR_STATE_DISABLED) 1226 goto unlock; 1227 1228 br_multicast_del_pg(mp, p, pp); 1229 err = 0; 1230 break; 1231 } 1232 1233 unlock: 1234 spin_unlock_bh(&br->multicast_lock); 1235 return err; 1236 } 1237 1238 static int br_mdb_del(struct sk_buff *skb, struct nlmsghdr *nlh, 1239 struct netlink_ext_ack *extack) 1240 { 1241 struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1]; 1242 struct net *net = sock_net(skb->sk); 1243 struct net_bridge_vlan_group *vg; 1244 struct net_bridge_port *p = NULL; 1245 struct net_device *dev, *pdev; 1246 struct br_mdb_entry *entry; 1247 struct net_bridge_vlan *v; 1248 struct net_bridge *br; 1249 int err; 1250 1251 err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack); 1252 if (err < 0) 1253 return err; 1254 1255 br = netdev_priv(dev); 1256 1257 if (entry->ifindex != br->dev->ifindex) { 1258 pdev = __dev_get_by_index(net, entry->ifindex); 1259 if (!pdev) 1260 return -ENODEV; 1261 1262 p = br_port_get_rtnl(pdev); 1263 if (!p || p->br != br || p->state == BR_STATE_DISABLED) 1264 return -EINVAL; 1265 vg = nbp_vlan_group(p); 1266 } else { 1267 vg = br_vlan_group(br); 1268 } 1269 1270 /* If vlan filtering is enabled and VLAN is not specified 1271 * delete mdb entry on all vlans configured on the port. 1272 */ 1273 if (br_vlan_enabled(br->dev) && vg && entry->vid == 0) { 1274 list_for_each_entry(v, &vg->vlan_list, vlist) { 1275 entry->vid = v->vid; 1276 err = __br_mdb_del(br, entry, mdb_attrs); 1277 } 1278 } else { 1279 err = __br_mdb_del(br, entry, mdb_attrs); 1280 } 1281 1282 return err; 1283 } 1284 1285 void br_mdb_init(void) 1286 { 1287 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_GETMDB, NULL, br_mdb_dump, 0); 1288 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_NEWMDB, br_mdb_add, NULL, 0); 1289 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_DELMDB, br_mdb_del, NULL, 0); 1290 } 1291 1292 void br_mdb_uninit(void) 1293 { 1294 rtnl_unregister(PF_BRIDGE, RTM_GETMDB); 1295 rtnl_unregister(PF_BRIDGE, RTM_NEWMDB); 1296 rtnl_unregister(PF_BRIDGE, RTM_DELMDB); 1297 } 1298