xref: /openbmc/linux/net/bridge/br_mdb.c (revision 339031bafe6b281cf2dcb8364217288b9fdab555)
1 // SPDX-License-Identifier: GPL-2.0
2 #include <linux/err.h>
3 #include <linux/igmp.h>
4 #include <linux/kernel.h>
5 #include <linux/netdevice.h>
6 #include <linux/rculist.h>
7 #include <linux/skbuff.h>
8 #include <linux/if_ether.h>
9 #include <net/ip.h>
10 #include <net/netlink.h>
11 #include <net/switchdev.h>
12 #if IS_ENABLED(CONFIG_IPV6)
13 #include <net/ipv6.h>
14 #include <net/addrconf.h>
15 #endif
16 
17 #include "br_private.h"
18 
19 static bool
20 br_ip4_rports_get_timer(struct net_bridge_mcast_port *pmctx,
21 			unsigned long *timer)
22 {
23 	*timer = br_timer_value(&pmctx->ip4_mc_router_timer);
24 	return !hlist_unhashed(&pmctx->ip4_rlist);
25 }
26 
27 static bool
28 br_ip6_rports_get_timer(struct net_bridge_mcast_port *pmctx,
29 			unsigned long *timer)
30 {
31 #if IS_ENABLED(CONFIG_IPV6)
32 	*timer = br_timer_value(&pmctx->ip6_mc_router_timer);
33 	return !hlist_unhashed(&pmctx->ip6_rlist);
34 #else
35 	*timer = 0;
36 	return false;
37 #endif
38 }
39 
40 static size_t __br_rports_one_size(void)
41 {
42 	return nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PORT */
43 	       nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_TIMER */
44 	       nla_total_size(sizeof(u8)) +  /* MDBA_ROUTER_PATTR_TYPE */
45 	       nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_INET_TIMER */
46 	       nla_total_size(sizeof(u32)) + /* MDBA_ROUTER_PATTR_INET6_TIMER */
47 	       nla_total_size(sizeof(u32));  /* MDBA_ROUTER_PATTR_VID */
48 }
49 
50 size_t br_rports_size(const struct net_bridge_mcast *brmctx)
51 {
52 	struct net_bridge_mcast_port *pmctx;
53 	size_t size = nla_total_size(0); /* MDBA_ROUTER */
54 
55 	rcu_read_lock();
56 	hlist_for_each_entry_rcu(pmctx, &brmctx->ip4_mc_router_list,
57 				 ip4_rlist)
58 		size += __br_rports_one_size();
59 
60 #if IS_ENABLED(CONFIG_IPV6)
61 	hlist_for_each_entry_rcu(pmctx, &brmctx->ip6_mc_router_list,
62 				 ip6_rlist)
63 		size += __br_rports_one_size();
64 #endif
65 	rcu_read_unlock();
66 
67 	return size;
68 }
69 
70 int br_rports_fill_info(struct sk_buff *skb,
71 			const struct net_bridge_mcast *brmctx)
72 {
73 	u16 vid = brmctx->vlan ? brmctx->vlan->vid : 0;
74 	bool have_ip4_mc_rtr, have_ip6_mc_rtr;
75 	unsigned long ip4_timer, ip6_timer;
76 	struct nlattr *nest, *port_nest;
77 	struct net_bridge_port *p;
78 
79 	if (!brmctx->multicast_router || !br_rports_have_mc_router(brmctx))
80 		return 0;
81 
82 	nest = nla_nest_start_noflag(skb, MDBA_ROUTER);
83 	if (nest == NULL)
84 		return -EMSGSIZE;
85 
86 	list_for_each_entry_rcu(p, &brmctx->br->port_list, list) {
87 		struct net_bridge_mcast_port *pmctx;
88 
89 		if (vid) {
90 			struct net_bridge_vlan *v;
91 
92 			v = br_vlan_find(nbp_vlan_group(p), vid);
93 			if (!v)
94 				continue;
95 			pmctx = &v->port_mcast_ctx;
96 		} else {
97 			pmctx = &p->multicast_ctx;
98 		}
99 
100 		have_ip4_mc_rtr = br_ip4_rports_get_timer(pmctx, &ip4_timer);
101 		have_ip6_mc_rtr = br_ip6_rports_get_timer(pmctx, &ip6_timer);
102 
103 		if (!have_ip4_mc_rtr && !have_ip6_mc_rtr)
104 			continue;
105 
106 		port_nest = nla_nest_start_noflag(skb, MDBA_ROUTER_PORT);
107 		if (!port_nest)
108 			goto fail;
109 
110 		if (nla_put_nohdr(skb, sizeof(u32), &p->dev->ifindex) ||
111 		    nla_put_u32(skb, MDBA_ROUTER_PATTR_TIMER,
112 				max(ip4_timer, ip6_timer)) ||
113 		    nla_put_u8(skb, MDBA_ROUTER_PATTR_TYPE,
114 			       p->multicast_ctx.multicast_router) ||
115 		    (have_ip4_mc_rtr &&
116 		     nla_put_u32(skb, MDBA_ROUTER_PATTR_INET_TIMER,
117 				 ip4_timer)) ||
118 		    (have_ip6_mc_rtr &&
119 		     nla_put_u32(skb, MDBA_ROUTER_PATTR_INET6_TIMER,
120 				 ip6_timer)) ||
121 		    (vid && nla_put_u16(skb, MDBA_ROUTER_PATTR_VID, vid))) {
122 			nla_nest_cancel(skb, port_nest);
123 			goto fail;
124 		}
125 		nla_nest_end(skb, port_nest);
126 	}
127 
128 	nla_nest_end(skb, nest);
129 	return 0;
130 fail:
131 	nla_nest_cancel(skb, nest);
132 	return -EMSGSIZE;
133 }
134 
135 static void __mdb_entry_fill_flags(struct br_mdb_entry *e, unsigned char flags)
136 {
137 	e->state = flags & MDB_PG_FLAGS_PERMANENT;
138 	e->flags = 0;
139 	if (flags & MDB_PG_FLAGS_OFFLOAD)
140 		e->flags |= MDB_FLAGS_OFFLOAD;
141 	if (flags & MDB_PG_FLAGS_FAST_LEAVE)
142 		e->flags |= MDB_FLAGS_FAST_LEAVE;
143 	if (flags & MDB_PG_FLAGS_STAR_EXCL)
144 		e->flags |= MDB_FLAGS_STAR_EXCL;
145 	if (flags & MDB_PG_FLAGS_BLOCKED)
146 		e->flags |= MDB_FLAGS_BLOCKED;
147 }
148 
149 static void __mdb_entry_to_br_ip(struct br_mdb_entry *entry, struct br_ip *ip,
150 				 struct nlattr **mdb_attrs)
151 {
152 	memset(ip, 0, sizeof(struct br_ip));
153 	ip->vid = entry->vid;
154 	ip->proto = entry->addr.proto;
155 	switch (ip->proto) {
156 	case htons(ETH_P_IP):
157 		ip->dst.ip4 = entry->addr.u.ip4;
158 		if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE])
159 			ip->src.ip4 = nla_get_in_addr(mdb_attrs[MDBE_ATTR_SOURCE]);
160 		break;
161 #if IS_ENABLED(CONFIG_IPV6)
162 	case htons(ETH_P_IPV6):
163 		ip->dst.ip6 = entry->addr.u.ip6;
164 		if (mdb_attrs && mdb_attrs[MDBE_ATTR_SOURCE])
165 			ip->src.ip6 = nla_get_in6_addr(mdb_attrs[MDBE_ATTR_SOURCE]);
166 		break;
167 #endif
168 	default:
169 		ether_addr_copy(ip->dst.mac_addr, entry->addr.u.mac_addr);
170 	}
171 
172 }
173 
174 static int __mdb_fill_srcs(struct sk_buff *skb,
175 			   struct net_bridge_port_group *p)
176 {
177 	struct net_bridge_group_src *ent;
178 	struct nlattr *nest, *nest_ent;
179 
180 	if (hlist_empty(&p->src_list))
181 		return 0;
182 
183 	nest = nla_nest_start(skb, MDBA_MDB_EATTR_SRC_LIST);
184 	if (!nest)
185 		return -EMSGSIZE;
186 
187 	hlist_for_each_entry_rcu(ent, &p->src_list, node,
188 				 lockdep_is_held(&p->key.port->br->multicast_lock)) {
189 		nest_ent = nla_nest_start(skb, MDBA_MDB_SRCLIST_ENTRY);
190 		if (!nest_ent)
191 			goto out_cancel_err;
192 		switch (ent->addr.proto) {
193 		case htons(ETH_P_IP):
194 			if (nla_put_in_addr(skb, MDBA_MDB_SRCATTR_ADDRESS,
195 					    ent->addr.src.ip4)) {
196 				nla_nest_cancel(skb, nest_ent);
197 				goto out_cancel_err;
198 			}
199 			break;
200 #if IS_ENABLED(CONFIG_IPV6)
201 		case htons(ETH_P_IPV6):
202 			if (nla_put_in6_addr(skb, MDBA_MDB_SRCATTR_ADDRESS,
203 					     &ent->addr.src.ip6)) {
204 				nla_nest_cancel(skb, nest_ent);
205 				goto out_cancel_err;
206 			}
207 			break;
208 #endif
209 		default:
210 			nla_nest_cancel(skb, nest_ent);
211 			continue;
212 		}
213 		if (nla_put_u32(skb, MDBA_MDB_SRCATTR_TIMER,
214 				br_timer_value(&ent->timer))) {
215 			nla_nest_cancel(skb, nest_ent);
216 			goto out_cancel_err;
217 		}
218 		nla_nest_end(skb, nest_ent);
219 	}
220 
221 	nla_nest_end(skb, nest);
222 
223 	return 0;
224 
225 out_cancel_err:
226 	nla_nest_cancel(skb, nest);
227 	return -EMSGSIZE;
228 }
229 
230 static int __mdb_fill_info(struct sk_buff *skb,
231 			   struct net_bridge_mdb_entry *mp,
232 			   struct net_bridge_port_group *p)
233 {
234 	bool dump_srcs_mode = false;
235 	struct timer_list *mtimer;
236 	struct nlattr *nest_ent;
237 	struct br_mdb_entry e;
238 	u8 flags = 0;
239 	int ifindex;
240 
241 	memset(&e, 0, sizeof(e));
242 	if (p) {
243 		ifindex = p->key.port->dev->ifindex;
244 		mtimer = &p->timer;
245 		flags = p->flags;
246 	} else {
247 		ifindex = mp->br->dev->ifindex;
248 		mtimer = &mp->timer;
249 	}
250 
251 	__mdb_entry_fill_flags(&e, flags);
252 	e.ifindex = ifindex;
253 	e.vid = mp->addr.vid;
254 	if (mp->addr.proto == htons(ETH_P_IP))
255 		e.addr.u.ip4 = mp->addr.dst.ip4;
256 #if IS_ENABLED(CONFIG_IPV6)
257 	else if (mp->addr.proto == htons(ETH_P_IPV6))
258 		e.addr.u.ip6 = mp->addr.dst.ip6;
259 #endif
260 	else
261 		ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr);
262 	e.addr.proto = mp->addr.proto;
263 	nest_ent = nla_nest_start_noflag(skb,
264 					 MDBA_MDB_ENTRY_INFO);
265 	if (!nest_ent)
266 		return -EMSGSIZE;
267 
268 	if (nla_put_nohdr(skb, sizeof(e), &e) ||
269 	    nla_put_u32(skb,
270 			MDBA_MDB_EATTR_TIMER,
271 			br_timer_value(mtimer)))
272 		goto nest_err;
273 
274 	switch (mp->addr.proto) {
275 	case htons(ETH_P_IP):
276 		dump_srcs_mode = !!(mp->br->multicast_ctx.multicast_igmp_version == 3);
277 		if (mp->addr.src.ip4) {
278 			if (nla_put_in_addr(skb, MDBA_MDB_EATTR_SOURCE,
279 					    mp->addr.src.ip4))
280 				goto nest_err;
281 			break;
282 		}
283 		break;
284 #if IS_ENABLED(CONFIG_IPV6)
285 	case htons(ETH_P_IPV6):
286 		dump_srcs_mode = !!(mp->br->multicast_ctx.multicast_mld_version == 2);
287 		if (!ipv6_addr_any(&mp->addr.src.ip6)) {
288 			if (nla_put_in6_addr(skb, MDBA_MDB_EATTR_SOURCE,
289 					     &mp->addr.src.ip6))
290 				goto nest_err;
291 			break;
292 		}
293 		break;
294 #endif
295 	default:
296 		ether_addr_copy(e.addr.u.mac_addr, mp->addr.dst.mac_addr);
297 	}
298 	if (p) {
299 		if (nla_put_u8(skb, MDBA_MDB_EATTR_RTPROT, p->rt_protocol))
300 			goto nest_err;
301 		if (dump_srcs_mode &&
302 		    (__mdb_fill_srcs(skb, p) ||
303 		     nla_put_u8(skb, MDBA_MDB_EATTR_GROUP_MODE,
304 				p->filter_mode)))
305 			goto nest_err;
306 	}
307 	nla_nest_end(skb, nest_ent);
308 
309 	return 0;
310 
311 nest_err:
312 	nla_nest_cancel(skb, nest_ent);
313 	return -EMSGSIZE;
314 }
315 
316 static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb,
317 			    struct net_device *dev)
318 {
319 	int idx = 0, s_idx = cb->args[1], err = 0, pidx = 0, s_pidx = cb->args[2];
320 	struct net_bridge *br = netdev_priv(dev);
321 	struct net_bridge_mdb_entry *mp;
322 	struct nlattr *nest, *nest2;
323 
324 	if (!br_opt_get(br, BROPT_MULTICAST_ENABLED))
325 		return 0;
326 
327 	nest = nla_nest_start_noflag(skb, MDBA_MDB);
328 	if (nest == NULL)
329 		return -EMSGSIZE;
330 
331 	hlist_for_each_entry_rcu(mp, &br->mdb_list, mdb_node) {
332 		struct net_bridge_port_group *p;
333 		struct net_bridge_port_group __rcu **pp;
334 
335 		if (idx < s_idx)
336 			goto skip;
337 
338 		nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY);
339 		if (!nest2) {
340 			err = -EMSGSIZE;
341 			break;
342 		}
343 
344 		if (!s_pidx && mp->host_joined) {
345 			err = __mdb_fill_info(skb, mp, NULL);
346 			if (err) {
347 				nla_nest_cancel(skb, nest2);
348 				break;
349 			}
350 		}
351 
352 		for (pp = &mp->ports; (p = rcu_dereference(*pp)) != NULL;
353 		      pp = &p->next) {
354 			if (!p->key.port)
355 				continue;
356 			if (pidx < s_pidx)
357 				goto skip_pg;
358 
359 			err = __mdb_fill_info(skb, mp, p);
360 			if (err) {
361 				nla_nest_end(skb, nest2);
362 				goto out;
363 			}
364 skip_pg:
365 			pidx++;
366 		}
367 		pidx = 0;
368 		s_pidx = 0;
369 		nla_nest_end(skb, nest2);
370 skip:
371 		idx++;
372 	}
373 
374 out:
375 	cb->args[1] = idx;
376 	cb->args[2] = pidx;
377 	nla_nest_end(skb, nest);
378 	return err;
379 }
380 
381 static int br_mdb_valid_dump_req(const struct nlmsghdr *nlh,
382 				 struct netlink_ext_ack *extack)
383 {
384 	struct br_port_msg *bpm;
385 
386 	if (nlh->nlmsg_len < nlmsg_msg_size(sizeof(*bpm))) {
387 		NL_SET_ERR_MSG_MOD(extack, "Invalid header for mdb dump request");
388 		return -EINVAL;
389 	}
390 
391 	bpm = nlmsg_data(nlh);
392 	if (bpm->ifindex) {
393 		NL_SET_ERR_MSG_MOD(extack, "Filtering by device index is not supported for mdb dump request");
394 		return -EINVAL;
395 	}
396 	if (nlmsg_attrlen(nlh, sizeof(*bpm))) {
397 		NL_SET_ERR_MSG(extack, "Invalid data after header in mdb dump request");
398 		return -EINVAL;
399 	}
400 
401 	return 0;
402 }
403 
404 static int br_mdb_dump(struct sk_buff *skb, struct netlink_callback *cb)
405 {
406 	struct net_device *dev;
407 	struct net *net = sock_net(skb->sk);
408 	struct nlmsghdr *nlh = NULL;
409 	int idx = 0, s_idx;
410 
411 	if (cb->strict_check) {
412 		int err = br_mdb_valid_dump_req(cb->nlh, cb->extack);
413 
414 		if (err < 0)
415 			return err;
416 	}
417 
418 	s_idx = cb->args[0];
419 
420 	rcu_read_lock();
421 
422 	cb->seq = net->dev_base_seq;
423 
424 	for_each_netdev_rcu(net, dev) {
425 		if (dev->priv_flags & IFF_EBRIDGE) {
426 			struct net_bridge *br = netdev_priv(dev);
427 			struct br_port_msg *bpm;
428 
429 			if (idx < s_idx)
430 				goto skip;
431 
432 			nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid,
433 					cb->nlh->nlmsg_seq, RTM_GETMDB,
434 					sizeof(*bpm), NLM_F_MULTI);
435 			if (nlh == NULL)
436 				break;
437 
438 			bpm = nlmsg_data(nlh);
439 			memset(bpm, 0, sizeof(*bpm));
440 			bpm->ifindex = dev->ifindex;
441 			if (br_mdb_fill_info(skb, cb, dev) < 0)
442 				goto out;
443 			if (br_rports_fill_info(skb, &br->multicast_ctx) < 0)
444 				goto out;
445 
446 			cb->args[1] = 0;
447 			nlmsg_end(skb, nlh);
448 		skip:
449 			idx++;
450 		}
451 	}
452 
453 out:
454 	if (nlh)
455 		nlmsg_end(skb, nlh);
456 	rcu_read_unlock();
457 	cb->args[0] = idx;
458 	return skb->len;
459 }
460 
461 static int nlmsg_populate_mdb_fill(struct sk_buff *skb,
462 				   struct net_device *dev,
463 				   struct net_bridge_mdb_entry *mp,
464 				   struct net_bridge_port_group *pg,
465 				   int type)
466 {
467 	struct nlmsghdr *nlh;
468 	struct br_port_msg *bpm;
469 	struct nlattr *nest, *nest2;
470 
471 	nlh = nlmsg_put(skb, 0, 0, type, sizeof(*bpm), 0);
472 	if (!nlh)
473 		return -EMSGSIZE;
474 
475 	bpm = nlmsg_data(nlh);
476 	memset(bpm, 0, sizeof(*bpm));
477 	bpm->family  = AF_BRIDGE;
478 	bpm->ifindex = dev->ifindex;
479 	nest = nla_nest_start_noflag(skb, MDBA_MDB);
480 	if (nest == NULL)
481 		goto cancel;
482 	nest2 = nla_nest_start_noflag(skb, MDBA_MDB_ENTRY);
483 	if (nest2 == NULL)
484 		goto end;
485 
486 	if (__mdb_fill_info(skb, mp, pg))
487 		goto end;
488 
489 	nla_nest_end(skb, nest2);
490 	nla_nest_end(skb, nest);
491 	nlmsg_end(skb, nlh);
492 	return 0;
493 
494 end:
495 	nla_nest_end(skb, nest);
496 cancel:
497 	nlmsg_cancel(skb, nlh);
498 	return -EMSGSIZE;
499 }
500 
501 static size_t rtnl_mdb_nlmsg_size(struct net_bridge_port_group *pg)
502 {
503 	size_t nlmsg_size = NLMSG_ALIGN(sizeof(struct br_port_msg)) +
504 			    nla_total_size(sizeof(struct br_mdb_entry)) +
505 			    nla_total_size(sizeof(u32));
506 	struct net_bridge_group_src *ent;
507 	size_t addr_size = 0;
508 
509 	if (!pg)
510 		goto out;
511 
512 	/* MDBA_MDB_EATTR_RTPROT */
513 	nlmsg_size += nla_total_size(sizeof(u8));
514 
515 	switch (pg->key.addr.proto) {
516 	case htons(ETH_P_IP):
517 		/* MDBA_MDB_EATTR_SOURCE */
518 		if (pg->key.addr.src.ip4)
519 			nlmsg_size += nla_total_size(sizeof(__be32));
520 		if (pg->key.port->br->multicast_ctx.multicast_igmp_version == 2)
521 			goto out;
522 		addr_size = sizeof(__be32);
523 		break;
524 #if IS_ENABLED(CONFIG_IPV6)
525 	case htons(ETH_P_IPV6):
526 		/* MDBA_MDB_EATTR_SOURCE */
527 		if (!ipv6_addr_any(&pg->key.addr.src.ip6))
528 			nlmsg_size += nla_total_size(sizeof(struct in6_addr));
529 		if (pg->key.port->br->multicast_ctx.multicast_mld_version == 1)
530 			goto out;
531 		addr_size = sizeof(struct in6_addr);
532 		break;
533 #endif
534 	}
535 
536 	/* MDBA_MDB_EATTR_GROUP_MODE */
537 	nlmsg_size += nla_total_size(sizeof(u8));
538 
539 	/* MDBA_MDB_EATTR_SRC_LIST nested attr */
540 	if (!hlist_empty(&pg->src_list))
541 		nlmsg_size += nla_total_size(0);
542 
543 	hlist_for_each_entry(ent, &pg->src_list, node) {
544 		/* MDBA_MDB_SRCLIST_ENTRY nested attr +
545 		 * MDBA_MDB_SRCATTR_ADDRESS + MDBA_MDB_SRCATTR_TIMER
546 		 */
547 		nlmsg_size += nla_total_size(0) +
548 			      nla_total_size(addr_size) +
549 			      nla_total_size(sizeof(u32));
550 	}
551 out:
552 	return nlmsg_size;
553 }
554 
555 struct br_mdb_complete_info {
556 	struct net_bridge_port *port;
557 	struct br_ip ip;
558 };
559 
560 static void br_mdb_complete(struct net_device *dev, int err, void *priv)
561 {
562 	struct br_mdb_complete_info *data = priv;
563 	struct net_bridge_port_group __rcu **pp;
564 	struct net_bridge_port_group *p;
565 	struct net_bridge_mdb_entry *mp;
566 	struct net_bridge_port *port = data->port;
567 	struct net_bridge *br = port->br;
568 
569 	if (err)
570 		goto err;
571 
572 	spin_lock_bh(&br->multicast_lock);
573 	mp = br_mdb_ip_get(br, &data->ip);
574 	if (!mp)
575 		goto out;
576 	for (pp = &mp->ports; (p = mlock_dereference(*pp, br)) != NULL;
577 	     pp = &p->next) {
578 		if (p->key.port != port)
579 			continue;
580 		p->flags |= MDB_PG_FLAGS_OFFLOAD;
581 	}
582 out:
583 	spin_unlock_bh(&br->multicast_lock);
584 err:
585 	kfree(priv);
586 }
587 
588 static void br_switchdev_mdb_populate(struct switchdev_obj_port_mdb *mdb,
589 				      const struct net_bridge_mdb_entry *mp)
590 {
591 	if (mp->addr.proto == htons(ETH_P_IP))
592 		ip_eth_mc_map(mp->addr.dst.ip4, mdb->addr);
593 #if IS_ENABLED(CONFIG_IPV6)
594 	else if (mp->addr.proto == htons(ETH_P_IPV6))
595 		ipv6_eth_mc_map(&mp->addr.dst.ip6, mdb->addr);
596 #endif
597 	else
598 		ether_addr_copy(mdb->addr, mp->addr.dst.mac_addr);
599 
600 	mdb->vid = mp->addr.vid;
601 }
602 
603 static int br_mdb_replay_one(struct notifier_block *nb, struct net_device *dev,
604 			     const struct switchdev_obj_port_mdb *mdb,
605 			     unsigned long action, const void *ctx,
606 			     struct netlink_ext_ack *extack)
607 {
608 	struct switchdev_notifier_port_obj_info obj_info = {
609 		.info = {
610 			.dev = dev,
611 			.extack = extack,
612 			.ctx = ctx,
613 		},
614 		.obj = &mdb->obj,
615 	};
616 	int err;
617 
618 	err = nb->notifier_call(nb, action, &obj_info);
619 	return notifier_to_errno(err);
620 }
621 
622 static int br_mdb_queue_one(struct list_head *mdb_list,
623 			    enum switchdev_obj_id id,
624 			    const struct net_bridge_mdb_entry *mp,
625 			    struct net_device *orig_dev)
626 {
627 	struct switchdev_obj_port_mdb *mdb;
628 
629 	mdb = kzalloc(sizeof(*mdb), GFP_ATOMIC);
630 	if (!mdb)
631 		return -ENOMEM;
632 
633 	mdb->obj.id = id;
634 	mdb->obj.orig_dev = orig_dev;
635 	br_switchdev_mdb_populate(mdb, mp);
636 	list_add_tail(&mdb->obj.list, mdb_list);
637 
638 	return 0;
639 }
640 
641 int br_mdb_replay(struct net_device *br_dev, struct net_device *dev,
642 		  const void *ctx, bool adding, struct notifier_block *nb,
643 		  struct netlink_ext_ack *extack)
644 {
645 	const struct net_bridge_mdb_entry *mp;
646 	struct switchdev_obj *obj, *tmp;
647 	struct net_bridge *br;
648 	unsigned long action;
649 	LIST_HEAD(mdb_list);
650 	int err = 0;
651 
652 	ASSERT_RTNL();
653 
654 	if (!nb)
655 		return 0;
656 
657 	if (!netif_is_bridge_master(br_dev) || !netif_is_bridge_port(dev))
658 		return -EINVAL;
659 
660 	br = netdev_priv(br_dev);
661 
662 	if (!br_opt_get(br, BROPT_MULTICAST_ENABLED))
663 		return 0;
664 
665 	/* We cannot walk over br->mdb_list protected just by the rtnl_mutex,
666 	 * because the write-side protection is br->multicast_lock. But we
667 	 * need to emulate the [ blocking ] calling context of a regular
668 	 * switchdev event, so since both br->multicast_lock and RCU read side
669 	 * critical sections are atomic, we have no choice but to pick the RCU
670 	 * read side lock, queue up all our events, leave the critical section
671 	 * and notify switchdev from blocking context.
672 	 */
673 	rcu_read_lock();
674 
675 	hlist_for_each_entry_rcu(mp, &br->mdb_list, mdb_node) {
676 		struct net_bridge_port_group __rcu * const *pp;
677 		const struct net_bridge_port_group *p;
678 
679 		if (mp->host_joined) {
680 			err = br_mdb_queue_one(&mdb_list,
681 					       SWITCHDEV_OBJ_ID_HOST_MDB,
682 					       mp, br_dev);
683 			if (err) {
684 				rcu_read_unlock();
685 				goto out_free_mdb;
686 			}
687 		}
688 
689 		for (pp = &mp->ports; (p = rcu_dereference(*pp)) != NULL;
690 		     pp = &p->next) {
691 			if (p->key.port->dev != dev)
692 				continue;
693 
694 			err = br_mdb_queue_one(&mdb_list,
695 					       SWITCHDEV_OBJ_ID_PORT_MDB,
696 					       mp, dev);
697 			if (err) {
698 				rcu_read_unlock();
699 				goto out_free_mdb;
700 			}
701 		}
702 	}
703 
704 	rcu_read_unlock();
705 
706 	if (adding)
707 		action = SWITCHDEV_PORT_OBJ_ADD;
708 	else
709 		action = SWITCHDEV_PORT_OBJ_DEL;
710 
711 	list_for_each_entry(obj, &mdb_list, list) {
712 		err = br_mdb_replay_one(nb, dev, SWITCHDEV_OBJ_PORT_MDB(obj),
713 					action, ctx, extack);
714 		if (err)
715 			goto out_free_mdb;
716 	}
717 
718 out_free_mdb:
719 	list_for_each_entry_safe(obj, tmp, &mdb_list, list) {
720 		list_del(&obj->list);
721 		kfree(SWITCHDEV_OBJ_PORT_MDB(obj));
722 	}
723 
724 	return err;
725 }
726 
727 static void br_mdb_switchdev_host_port(struct net_device *dev,
728 				       struct net_device *lower_dev,
729 				       struct net_bridge_mdb_entry *mp,
730 				       int type)
731 {
732 	struct switchdev_obj_port_mdb mdb = {
733 		.obj = {
734 			.id = SWITCHDEV_OBJ_ID_HOST_MDB,
735 			.flags = SWITCHDEV_F_DEFER,
736 			.orig_dev = dev,
737 		},
738 	};
739 
740 	br_switchdev_mdb_populate(&mdb, mp);
741 
742 	switch (type) {
743 	case RTM_NEWMDB:
744 		switchdev_port_obj_add(lower_dev, &mdb.obj, NULL);
745 		break;
746 	case RTM_DELMDB:
747 		switchdev_port_obj_del(lower_dev, &mdb.obj);
748 		break;
749 	}
750 }
751 
752 static void br_mdb_switchdev_host(struct net_device *dev,
753 				  struct net_bridge_mdb_entry *mp, int type)
754 {
755 	struct net_device *lower_dev;
756 	struct list_head *iter;
757 
758 	netdev_for_each_lower_dev(dev, lower_dev, iter)
759 		br_mdb_switchdev_host_port(dev, lower_dev, mp, type);
760 }
761 
762 void br_mdb_notify(struct net_device *dev,
763 		   struct net_bridge_mdb_entry *mp,
764 		   struct net_bridge_port_group *pg,
765 		   int type)
766 {
767 	struct br_mdb_complete_info *complete_info;
768 	struct switchdev_obj_port_mdb mdb = {
769 		.obj = {
770 			.id = SWITCHDEV_OBJ_ID_PORT_MDB,
771 			.flags = SWITCHDEV_F_DEFER,
772 		},
773 	};
774 	struct net *net = dev_net(dev);
775 	struct sk_buff *skb;
776 	int err = -ENOBUFS;
777 
778 	if (pg) {
779 		br_switchdev_mdb_populate(&mdb, mp);
780 
781 		mdb.obj.orig_dev = pg->key.port->dev;
782 		switch (type) {
783 		case RTM_NEWMDB:
784 			complete_info = kmalloc(sizeof(*complete_info), GFP_ATOMIC);
785 			if (!complete_info)
786 				break;
787 			complete_info->port = pg->key.port;
788 			complete_info->ip = mp->addr;
789 			mdb.obj.complete_priv = complete_info;
790 			mdb.obj.complete = br_mdb_complete;
791 			if (switchdev_port_obj_add(pg->key.port->dev, &mdb.obj, NULL))
792 				kfree(complete_info);
793 			break;
794 		case RTM_DELMDB:
795 			switchdev_port_obj_del(pg->key.port->dev, &mdb.obj);
796 			break;
797 		}
798 	} else {
799 		br_mdb_switchdev_host(dev, mp, type);
800 	}
801 
802 	skb = nlmsg_new(rtnl_mdb_nlmsg_size(pg), GFP_ATOMIC);
803 	if (!skb)
804 		goto errout;
805 
806 	err = nlmsg_populate_mdb_fill(skb, dev, mp, pg, type);
807 	if (err < 0) {
808 		kfree_skb(skb);
809 		goto errout;
810 	}
811 
812 	rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC);
813 	return;
814 errout:
815 	rtnl_set_sk_err(net, RTNLGRP_MDB, err);
816 }
817 
818 static int nlmsg_populate_rtr_fill(struct sk_buff *skb,
819 				   struct net_device *dev,
820 				   int ifindex, u16 vid, u32 pid,
821 				   u32 seq, int type, unsigned int flags)
822 {
823 	struct nlattr *nest, *port_nest;
824 	struct br_port_msg *bpm;
825 	struct nlmsghdr *nlh;
826 
827 	nlh = nlmsg_put(skb, pid, seq, type, sizeof(*bpm), 0);
828 	if (!nlh)
829 		return -EMSGSIZE;
830 
831 	bpm = nlmsg_data(nlh);
832 	memset(bpm, 0, sizeof(*bpm));
833 	bpm->family = AF_BRIDGE;
834 	bpm->ifindex = dev->ifindex;
835 	nest = nla_nest_start_noflag(skb, MDBA_ROUTER);
836 	if (!nest)
837 		goto cancel;
838 
839 	port_nest = nla_nest_start_noflag(skb, MDBA_ROUTER_PORT);
840 	if (!port_nest)
841 		goto end;
842 	if (nla_put_nohdr(skb, sizeof(u32), &ifindex)) {
843 		nla_nest_cancel(skb, port_nest);
844 		goto end;
845 	}
846 	if (vid && nla_put_u16(skb, MDBA_ROUTER_PATTR_VID, vid)) {
847 		nla_nest_cancel(skb, port_nest);
848 		goto end;
849 	}
850 	nla_nest_end(skb, port_nest);
851 
852 	nla_nest_end(skb, nest);
853 	nlmsg_end(skb, nlh);
854 	return 0;
855 
856 end:
857 	nla_nest_end(skb, nest);
858 cancel:
859 	nlmsg_cancel(skb, nlh);
860 	return -EMSGSIZE;
861 }
862 
863 static inline size_t rtnl_rtr_nlmsg_size(void)
864 {
865 	return NLMSG_ALIGN(sizeof(struct br_port_msg))
866 		+ nla_total_size(sizeof(__u32))
867 		+ nla_total_size(sizeof(u16));
868 }
869 
870 void br_rtr_notify(struct net_device *dev, struct net_bridge_mcast_port *pmctx,
871 		   int type)
872 {
873 	struct net *net = dev_net(dev);
874 	struct sk_buff *skb;
875 	int err = -ENOBUFS;
876 	int ifindex;
877 	u16 vid;
878 
879 	ifindex = pmctx ? pmctx->port->dev->ifindex : 0;
880 	vid = pmctx && br_multicast_port_ctx_is_vlan(pmctx) ? pmctx->vlan->vid :
881 							      0;
882 	skb = nlmsg_new(rtnl_rtr_nlmsg_size(), GFP_ATOMIC);
883 	if (!skb)
884 		goto errout;
885 
886 	err = nlmsg_populate_rtr_fill(skb, dev, ifindex, vid, 0, 0, type,
887 				      NTF_SELF);
888 	if (err < 0) {
889 		kfree_skb(skb);
890 		goto errout;
891 	}
892 
893 	rtnl_notify(skb, net, 0, RTNLGRP_MDB, NULL, GFP_ATOMIC);
894 	return;
895 
896 errout:
897 	rtnl_set_sk_err(net, RTNLGRP_MDB, err);
898 }
899 
900 static bool is_valid_mdb_entry(struct br_mdb_entry *entry,
901 			       struct netlink_ext_ack *extack)
902 {
903 	if (entry->ifindex == 0) {
904 		NL_SET_ERR_MSG_MOD(extack, "Zero entry ifindex is not allowed");
905 		return false;
906 	}
907 
908 	if (entry->addr.proto == htons(ETH_P_IP)) {
909 		if (!ipv4_is_multicast(entry->addr.u.ip4)) {
910 			NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is not multicast");
911 			return false;
912 		}
913 		if (ipv4_is_local_multicast(entry->addr.u.ip4)) {
914 			NL_SET_ERR_MSG_MOD(extack, "IPv4 entry group address is local multicast");
915 			return false;
916 		}
917 #if IS_ENABLED(CONFIG_IPV6)
918 	} else if (entry->addr.proto == htons(ETH_P_IPV6)) {
919 		if (ipv6_addr_is_ll_all_nodes(&entry->addr.u.ip6)) {
920 			NL_SET_ERR_MSG_MOD(extack, "IPv6 entry group address is link-local all nodes");
921 			return false;
922 		}
923 #endif
924 	} else if (entry->addr.proto == 0) {
925 		/* L2 mdb */
926 		if (!is_multicast_ether_addr(entry->addr.u.mac_addr)) {
927 			NL_SET_ERR_MSG_MOD(extack, "L2 entry group is not multicast");
928 			return false;
929 		}
930 	} else {
931 		NL_SET_ERR_MSG_MOD(extack, "Unknown entry protocol");
932 		return false;
933 	}
934 
935 	if (entry->state != MDB_PERMANENT && entry->state != MDB_TEMPORARY) {
936 		NL_SET_ERR_MSG_MOD(extack, "Unknown entry state");
937 		return false;
938 	}
939 	if (entry->vid >= VLAN_VID_MASK) {
940 		NL_SET_ERR_MSG_MOD(extack, "Invalid entry VLAN id");
941 		return false;
942 	}
943 
944 	return true;
945 }
946 
947 static bool is_valid_mdb_source(struct nlattr *attr, __be16 proto,
948 				struct netlink_ext_ack *extack)
949 {
950 	switch (proto) {
951 	case htons(ETH_P_IP):
952 		if (nla_len(attr) != sizeof(struct in_addr)) {
953 			NL_SET_ERR_MSG_MOD(extack, "IPv4 invalid source address length");
954 			return false;
955 		}
956 		if (ipv4_is_multicast(nla_get_in_addr(attr))) {
957 			NL_SET_ERR_MSG_MOD(extack, "IPv4 multicast source address is not allowed");
958 			return false;
959 		}
960 		break;
961 #if IS_ENABLED(CONFIG_IPV6)
962 	case htons(ETH_P_IPV6): {
963 		struct in6_addr src;
964 
965 		if (nla_len(attr) != sizeof(struct in6_addr)) {
966 			NL_SET_ERR_MSG_MOD(extack, "IPv6 invalid source address length");
967 			return false;
968 		}
969 		src = nla_get_in6_addr(attr);
970 		if (ipv6_addr_is_multicast(&src)) {
971 			NL_SET_ERR_MSG_MOD(extack, "IPv6 multicast source address is not allowed");
972 			return false;
973 		}
974 		break;
975 	}
976 #endif
977 	default:
978 		NL_SET_ERR_MSG_MOD(extack, "Invalid protocol used with source address");
979 		return false;
980 	}
981 
982 	return true;
983 }
984 
985 static const struct nla_policy br_mdbe_attrs_pol[MDBE_ATTR_MAX + 1] = {
986 	[MDBE_ATTR_SOURCE] = NLA_POLICY_RANGE(NLA_BINARY,
987 					      sizeof(struct in_addr),
988 					      sizeof(struct in6_addr)),
989 };
990 
991 static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh,
992 			struct net_device **pdev, struct br_mdb_entry **pentry,
993 			struct nlattr **mdb_attrs, struct netlink_ext_ack *extack)
994 {
995 	struct net *net = sock_net(skb->sk);
996 	struct br_mdb_entry *entry;
997 	struct br_port_msg *bpm;
998 	struct nlattr *tb[MDBA_SET_ENTRY_MAX+1];
999 	struct net_device *dev;
1000 	int err;
1001 
1002 	err = nlmsg_parse_deprecated(nlh, sizeof(*bpm), tb,
1003 				     MDBA_SET_ENTRY_MAX, NULL, NULL);
1004 	if (err < 0)
1005 		return err;
1006 
1007 	bpm = nlmsg_data(nlh);
1008 	if (bpm->ifindex == 0) {
1009 		NL_SET_ERR_MSG_MOD(extack, "Invalid bridge ifindex");
1010 		return -EINVAL;
1011 	}
1012 
1013 	dev = __dev_get_by_index(net, bpm->ifindex);
1014 	if (dev == NULL) {
1015 		NL_SET_ERR_MSG_MOD(extack, "Bridge device doesn't exist");
1016 		return -ENODEV;
1017 	}
1018 
1019 	if (!(dev->priv_flags & IFF_EBRIDGE)) {
1020 		NL_SET_ERR_MSG_MOD(extack, "Device is not a bridge");
1021 		return -EOPNOTSUPP;
1022 	}
1023 
1024 	*pdev = dev;
1025 
1026 	if (!tb[MDBA_SET_ENTRY]) {
1027 		NL_SET_ERR_MSG_MOD(extack, "Missing MDBA_SET_ENTRY attribute");
1028 		return -EINVAL;
1029 	}
1030 	if (nla_len(tb[MDBA_SET_ENTRY]) != sizeof(struct br_mdb_entry)) {
1031 		NL_SET_ERR_MSG_MOD(extack, "Invalid MDBA_SET_ENTRY attribute length");
1032 		return -EINVAL;
1033 	}
1034 
1035 	entry = nla_data(tb[MDBA_SET_ENTRY]);
1036 	if (!is_valid_mdb_entry(entry, extack))
1037 		return -EINVAL;
1038 	*pentry = entry;
1039 
1040 	if (tb[MDBA_SET_ENTRY_ATTRS]) {
1041 		err = nla_parse_nested(mdb_attrs, MDBE_ATTR_MAX,
1042 				       tb[MDBA_SET_ENTRY_ATTRS],
1043 				       br_mdbe_attrs_pol, extack);
1044 		if (err)
1045 			return err;
1046 		if (mdb_attrs[MDBE_ATTR_SOURCE] &&
1047 		    !is_valid_mdb_source(mdb_attrs[MDBE_ATTR_SOURCE],
1048 					 entry->addr.proto, extack))
1049 			return -EINVAL;
1050 	} else {
1051 		memset(mdb_attrs, 0,
1052 		       sizeof(struct nlattr *) * (MDBE_ATTR_MAX + 1));
1053 	}
1054 
1055 	return 0;
1056 }
1057 
1058 static struct net_bridge_mcast *
1059 __br_mdb_choose_context(struct net_bridge *br,
1060 			const struct br_mdb_entry *entry,
1061 			struct netlink_ext_ack *extack)
1062 {
1063 	struct net_bridge_mcast *brmctx = NULL;
1064 	struct net_bridge_vlan *v;
1065 
1066 	if (!br_opt_get(br, BROPT_MCAST_VLAN_SNOOPING_ENABLED)) {
1067 		brmctx = &br->multicast_ctx;
1068 		goto out;
1069 	}
1070 
1071 	if (!entry->vid) {
1072 		NL_SET_ERR_MSG_MOD(extack, "Cannot add an entry without a vlan when vlan snooping is enabled");
1073 		goto out;
1074 	}
1075 
1076 	v = br_vlan_find(br_vlan_group(br), entry->vid);
1077 	if (!v) {
1078 		NL_SET_ERR_MSG_MOD(extack, "Vlan is not configured");
1079 		goto out;
1080 	}
1081 	if (br_multicast_ctx_vlan_global_disabled(&v->br_mcast_ctx)) {
1082 		NL_SET_ERR_MSG_MOD(extack, "Vlan's multicast processing is disabled");
1083 		goto out;
1084 	}
1085 	brmctx = &v->br_mcast_ctx;
1086 out:
1087 	return brmctx;
1088 }
1089 
1090 static int br_mdb_add_group(struct net_bridge *br, struct net_bridge_port *port,
1091 			    struct br_mdb_entry *entry,
1092 			    struct nlattr **mdb_attrs,
1093 			    struct netlink_ext_ack *extack)
1094 {
1095 	struct net_bridge_mdb_entry *mp, *star_mp;
1096 	struct net_bridge_port_group __rcu **pp;
1097 	struct net_bridge_port_group *p;
1098 	struct net_bridge_mcast *brmctx;
1099 	struct br_ip group, star_group;
1100 	unsigned long now = jiffies;
1101 	unsigned char flags = 0;
1102 	u8 filter_mode;
1103 	int err;
1104 
1105 	__mdb_entry_to_br_ip(entry, &group, mdb_attrs);
1106 
1107 	brmctx = __br_mdb_choose_context(br, entry, extack);
1108 	if (!brmctx)
1109 		return -EINVAL;
1110 
1111 	/* host join errors which can happen before creating the group */
1112 	if (!port) {
1113 		/* don't allow any flags for host-joined groups */
1114 		if (entry->state) {
1115 			NL_SET_ERR_MSG_MOD(extack, "Flags are not allowed for host groups");
1116 			return -EINVAL;
1117 		}
1118 		if (!br_multicast_is_star_g(&group)) {
1119 			NL_SET_ERR_MSG_MOD(extack, "Groups with sources cannot be manually host joined");
1120 			return -EINVAL;
1121 		}
1122 	}
1123 
1124 	if (br_group_is_l2(&group) && entry->state != MDB_PERMANENT) {
1125 		NL_SET_ERR_MSG_MOD(extack, "Only permanent L2 entries allowed");
1126 		return -EINVAL;
1127 	}
1128 
1129 	mp = br_mdb_ip_get(br, &group);
1130 	if (!mp) {
1131 		mp = br_multicast_new_group(br, &group);
1132 		err = PTR_ERR_OR_ZERO(mp);
1133 		if (err)
1134 			return err;
1135 	}
1136 
1137 	/* host join */
1138 	if (!port) {
1139 		if (mp->host_joined) {
1140 			NL_SET_ERR_MSG_MOD(extack, "Group is already joined by host");
1141 			return -EEXIST;
1142 		}
1143 
1144 		br_multicast_host_join(brmctx, mp, false);
1145 		br_mdb_notify(br->dev, mp, NULL, RTM_NEWMDB);
1146 
1147 		return 0;
1148 	}
1149 
1150 	for (pp = &mp->ports;
1151 	     (p = mlock_dereference(*pp, br)) != NULL;
1152 	     pp = &p->next) {
1153 		if (p->key.port == port) {
1154 			NL_SET_ERR_MSG_MOD(extack, "Group is already joined by port");
1155 			return -EEXIST;
1156 		}
1157 		if ((unsigned long)p->key.port < (unsigned long)port)
1158 			break;
1159 	}
1160 
1161 	filter_mode = br_multicast_is_star_g(&group) ? MCAST_EXCLUDE :
1162 						       MCAST_INCLUDE;
1163 
1164 	if (entry->state == MDB_PERMANENT)
1165 		flags |= MDB_PG_FLAGS_PERMANENT;
1166 
1167 	p = br_multicast_new_port_group(port, &group, *pp, flags, NULL,
1168 					filter_mode, RTPROT_STATIC);
1169 	if (unlikely(!p)) {
1170 		NL_SET_ERR_MSG_MOD(extack, "Couldn't allocate new port group");
1171 		return -ENOMEM;
1172 	}
1173 	rcu_assign_pointer(*pp, p);
1174 	if (entry->state == MDB_TEMPORARY)
1175 		mod_timer(&p->timer,
1176 			  now + brmctx->multicast_membership_interval);
1177 	br_mdb_notify(br->dev, mp, p, RTM_NEWMDB);
1178 	/* if we are adding a new EXCLUDE port group (*,G) it needs to be also
1179 	 * added to all S,G entries for proper replication, if we are adding
1180 	 * a new INCLUDE port (S,G) then all of *,G EXCLUDE ports need to be
1181 	 * added to it for proper replication
1182 	 */
1183 	if (br_multicast_should_handle_mode(brmctx, group.proto)) {
1184 		switch (filter_mode) {
1185 		case MCAST_EXCLUDE:
1186 			br_multicast_star_g_handle_mode(p, MCAST_EXCLUDE);
1187 			break;
1188 		case MCAST_INCLUDE:
1189 			star_group = p->key.addr;
1190 			memset(&star_group.src, 0, sizeof(star_group.src));
1191 			star_mp = br_mdb_ip_get(br, &star_group);
1192 			if (star_mp)
1193 				br_multicast_sg_add_exclude_ports(star_mp, p);
1194 			break;
1195 		}
1196 	}
1197 
1198 	return 0;
1199 }
1200 
1201 static int __br_mdb_add(struct net *net, struct net_bridge *br,
1202 			struct net_bridge_port *p,
1203 			struct br_mdb_entry *entry,
1204 			struct nlattr **mdb_attrs,
1205 			struct netlink_ext_ack *extack)
1206 {
1207 	int ret;
1208 
1209 	spin_lock_bh(&br->multicast_lock);
1210 	ret = br_mdb_add_group(br, p, entry, mdb_attrs, extack);
1211 	spin_unlock_bh(&br->multicast_lock);
1212 
1213 	return ret;
1214 }
1215 
1216 static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr *nlh,
1217 		      struct netlink_ext_ack *extack)
1218 {
1219 	struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1];
1220 	struct net *net = sock_net(skb->sk);
1221 	struct net_bridge_vlan_group *vg;
1222 	struct net_bridge_port *p = NULL;
1223 	struct net_device *dev, *pdev;
1224 	struct br_mdb_entry *entry;
1225 	struct net_bridge_vlan *v;
1226 	struct net_bridge *br;
1227 	int err;
1228 
1229 	err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack);
1230 	if (err < 0)
1231 		return err;
1232 
1233 	br = netdev_priv(dev);
1234 
1235 	if (!netif_running(br->dev)) {
1236 		NL_SET_ERR_MSG_MOD(extack, "Bridge device is not running");
1237 		return -EINVAL;
1238 	}
1239 
1240 	if (!br_opt_get(br, BROPT_MULTICAST_ENABLED)) {
1241 		NL_SET_ERR_MSG_MOD(extack, "Bridge's multicast processing is disabled");
1242 		return -EINVAL;
1243 	}
1244 
1245 	if (entry->ifindex != br->dev->ifindex) {
1246 		pdev = __dev_get_by_index(net, entry->ifindex);
1247 		if (!pdev) {
1248 			NL_SET_ERR_MSG_MOD(extack, "Port net device doesn't exist");
1249 			return -ENODEV;
1250 		}
1251 
1252 		p = br_port_get_rtnl(pdev);
1253 		if (!p) {
1254 			NL_SET_ERR_MSG_MOD(extack, "Net device is not a bridge port");
1255 			return -EINVAL;
1256 		}
1257 
1258 		if (p->br != br) {
1259 			NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge device");
1260 			return -EINVAL;
1261 		}
1262 		if (p->state == BR_STATE_DISABLED) {
1263 			NL_SET_ERR_MSG_MOD(extack, "Port is in disabled state");
1264 			return -EINVAL;
1265 		}
1266 		vg = nbp_vlan_group(p);
1267 	} else {
1268 		vg = br_vlan_group(br);
1269 	}
1270 
1271 	/* If vlan filtering is enabled and VLAN is not specified
1272 	 * install mdb entry on all vlans configured on the port.
1273 	 */
1274 	if (br_vlan_enabled(br->dev) && vg && entry->vid == 0) {
1275 		list_for_each_entry(v, &vg->vlan_list, vlist) {
1276 			entry->vid = v->vid;
1277 			err = __br_mdb_add(net, br, p, entry, mdb_attrs, extack);
1278 			if (err)
1279 				break;
1280 		}
1281 	} else {
1282 		err = __br_mdb_add(net, br, p, entry, mdb_attrs, extack);
1283 	}
1284 
1285 	return err;
1286 }
1287 
1288 static int __br_mdb_del(struct net_bridge *br, struct br_mdb_entry *entry,
1289 			struct nlattr **mdb_attrs)
1290 {
1291 	struct net_bridge_mdb_entry *mp;
1292 	struct net_bridge_port_group *p;
1293 	struct net_bridge_port_group __rcu **pp;
1294 	struct br_ip ip;
1295 	int err = -EINVAL;
1296 
1297 	if (!netif_running(br->dev) || !br_opt_get(br, BROPT_MULTICAST_ENABLED))
1298 		return -EINVAL;
1299 
1300 	__mdb_entry_to_br_ip(entry, &ip, mdb_attrs);
1301 
1302 	spin_lock_bh(&br->multicast_lock);
1303 	mp = br_mdb_ip_get(br, &ip);
1304 	if (!mp)
1305 		goto unlock;
1306 
1307 	/* host leave */
1308 	if (entry->ifindex == mp->br->dev->ifindex && mp->host_joined) {
1309 		br_multicast_host_leave(mp, false);
1310 		err = 0;
1311 		br_mdb_notify(br->dev, mp, NULL, RTM_DELMDB);
1312 		if (!mp->ports && netif_running(br->dev))
1313 			mod_timer(&mp->timer, jiffies);
1314 		goto unlock;
1315 	}
1316 
1317 	for (pp = &mp->ports;
1318 	     (p = mlock_dereference(*pp, br)) != NULL;
1319 	     pp = &p->next) {
1320 		if (!p->key.port || p->key.port->dev->ifindex != entry->ifindex)
1321 			continue;
1322 
1323 		if (p->key.port->state == BR_STATE_DISABLED)
1324 			goto unlock;
1325 
1326 		br_multicast_del_pg(mp, p, pp);
1327 		err = 0;
1328 		break;
1329 	}
1330 
1331 unlock:
1332 	spin_unlock_bh(&br->multicast_lock);
1333 	return err;
1334 }
1335 
1336 static int br_mdb_del(struct sk_buff *skb, struct nlmsghdr *nlh,
1337 		      struct netlink_ext_ack *extack)
1338 {
1339 	struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1];
1340 	struct net *net = sock_net(skb->sk);
1341 	struct net_bridge_vlan_group *vg;
1342 	struct net_bridge_port *p = NULL;
1343 	struct net_device *dev, *pdev;
1344 	struct br_mdb_entry *entry;
1345 	struct net_bridge_vlan *v;
1346 	struct net_bridge *br;
1347 	int err;
1348 
1349 	err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack);
1350 	if (err < 0)
1351 		return err;
1352 
1353 	br = netdev_priv(dev);
1354 
1355 	if (entry->ifindex != br->dev->ifindex) {
1356 		pdev = __dev_get_by_index(net, entry->ifindex);
1357 		if (!pdev)
1358 			return -ENODEV;
1359 
1360 		p = br_port_get_rtnl(pdev);
1361 		if (!p || p->br != br || p->state == BR_STATE_DISABLED)
1362 			return -EINVAL;
1363 		vg = nbp_vlan_group(p);
1364 	} else {
1365 		vg = br_vlan_group(br);
1366 	}
1367 
1368 	/* If vlan filtering is enabled and VLAN is not specified
1369 	 * delete mdb entry on all vlans configured on the port.
1370 	 */
1371 	if (br_vlan_enabled(br->dev) && vg && entry->vid == 0) {
1372 		list_for_each_entry(v, &vg->vlan_list, vlist) {
1373 			entry->vid = v->vid;
1374 			err = __br_mdb_del(br, entry, mdb_attrs);
1375 		}
1376 	} else {
1377 		err = __br_mdb_del(br, entry, mdb_attrs);
1378 	}
1379 
1380 	return err;
1381 }
1382 
1383 void br_mdb_init(void)
1384 {
1385 	rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_GETMDB, NULL, br_mdb_dump, 0);
1386 	rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_NEWMDB, br_mdb_add, NULL, 0);
1387 	rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_DELMDB, br_mdb_del, NULL, 0);
1388 }
1389 
1390 void br_mdb_uninit(void)
1391 {
1392 	rtnl_unregister(PF_BRIDGE, RTM_GETMDB);
1393 	rtnl_unregister(PF_BRIDGE, RTM_NEWMDB);
1394 	rtnl_unregister(PF_BRIDGE, RTM_DELMDB);
1395 }
1396