1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 #include <net/switchdev.h> 6 7 #include "br_private.h" 8 #include "br_private_tunnel.h" 9 10 static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg, 11 const void *ptr) 12 { 13 const struct net_bridge_vlan *vle = ptr; 14 u16 vid = *(u16 *)arg->key; 15 16 return vle->vid != vid; 17 } 18 19 static const struct rhashtable_params br_vlan_rht_params = { 20 .head_offset = offsetof(struct net_bridge_vlan, vnode), 21 .key_offset = offsetof(struct net_bridge_vlan, vid), 22 .key_len = sizeof(u16), 23 .nelem_hint = 3, 24 .locks_mul = 1, 25 .max_size = VLAN_N_VID, 26 .obj_cmpfn = br_vlan_cmp, 27 .automatic_shrinking = true, 28 }; 29 30 static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid) 31 { 32 return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params); 33 } 34 35 static bool __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid) 36 { 37 if (vg->pvid == vid) 38 return false; 39 40 smp_wmb(); 41 vg->pvid = vid; 42 43 return true; 44 } 45 46 static bool __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid) 47 { 48 if (vg->pvid != vid) 49 return false; 50 51 smp_wmb(); 52 vg->pvid = 0; 53 54 return true; 55 } 56 57 /* return true if anything changed, false otherwise */ 58 static bool __vlan_add_flags(struct net_bridge_vlan *v, u16 flags) 59 { 60 struct net_bridge_vlan_group *vg; 61 u16 old_flags = v->flags; 62 bool ret; 63 64 if (br_vlan_is_master(v)) 65 vg = br_vlan_group(v->br); 66 else 67 vg = nbp_vlan_group(v->port); 68 69 if (flags & BRIDGE_VLAN_INFO_PVID) 70 ret = __vlan_add_pvid(vg, v->vid); 71 else 72 ret = __vlan_delete_pvid(vg, v->vid); 73 74 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 75 v->flags |= BRIDGE_VLAN_INFO_UNTAGGED; 76 else 77 v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED; 78 79 return ret || !!(old_flags ^ v->flags); 80 } 81 82 static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, 83 u16 vid, u16 flags) 84 { 85 struct switchdev_obj_port_vlan v = { 86 .obj.orig_dev = dev, 87 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, 88 .flags = flags, 89 .vid_begin = vid, 90 .vid_end = vid, 91 }; 92 int err; 93 94 /* Try switchdev op first. In case it is not supported, fallback to 95 * 8021q add. 96 */ 97 err = switchdev_port_obj_add(dev, &v.obj); 98 if (err == -EOPNOTSUPP) 99 return vlan_vid_add(dev, br->vlan_proto, vid); 100 return err; 101 } 102 103 static void __vlan_add_list(struct net_bridge_vlan *v) 104 { 105 struct net_bridge_vlan_group *vg; 106 struct list_head *headp, *hpos; 107 struct net_bridge_vlan *vent; 108 109 if (br_vlan_is_master(v)) 110 vg = br_vlan_group(v->br); 111 else 112 vg = nbp_vlan_group(v->port); 113 114 headp = &vg->vlan_list; 115 list_for_each_prev(hpos, headp) { 116 vent = list_entry(hpos, struct net_bridge_vlan, vlist); 117 if (v->vid < vent->vid) 118 continue; 119 else 120 break; 121 } 122 list_add_rcu(&v->vlist, hpos); 123 } 124 125 static void __vlan_del_list(struct net_bridge_vlan *v) 126 { 127 list_del_rcu(&v->vlist); 128 } 129 130 static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br, 131 u16 vid) 132 { 133 struct switchdev_obj_port_vlan v = { 134 .obj.orig_dev = dev, 135 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, 136 .vid_begin = vid, 137 .vid_end = vid, 138 }; 139 int err; 140 141 /* Try switchdev op first. In case it is not supported, fallback to 142 * 8021q del. 143 */ 144 err = switchdev_port_obj_del(dev, &v.obj); 145 if (err == -EOPNOTSUPP) { 146 vlan_vid_del(dev, br->vlan_proto, vid); 147 return 0; 148 } 149 return err; 150 } 151 152 /* Returns a master vlan, if it didn't exist it gets created. In all cases a 153 * a reference is taken to the master vlan before returning. 154 */ 155 static struct net_bridge_vlan *br_vlan_get_master(struct net_bridge *br, u16 vid) 156 { 157 struct net_bridge_vlan_group *vg; 158 struct net_bridge_vlan *masterv; 159 160 vg = br_vlan_group(br); 161 masterv = br_vlan_find(vg, vid); 162 if (!masterv) { 163 bool changed; 164 165 /* missing global ctx, create it now */ 166 if (br_vlan_add(br, vid, 0, &changed)) 167 return NULL; 168 masterv = br_vlan_find(vg, vid); 169 if (WARN_ON(!masterv)) 170 return NULL; 171 refcount_set(&masterv->refcnt, 1); 172 return masterv; 173 } 174 refcount_inc(&masterv->refcnt); 175 176 return masterv; 177 } 178 179 static void br_master_vlan_rcu_free(struct rcu_head *rcu) 180 { 181 struct net_bridge_vlan *v; 182 183 v = container_of(rcu, struct net_bridge_vlan, rcu); 184 WARN_ON(!br_vlan_is_master(v)); 185 free_percpu(v->stats); 186 v->stats = NULL; 187 kfree(v); 188 } 189 190 static void br_vlan_put_master(struct net_bridge_vlan *masterv) 191 { 192 struct net_bridge_vlan_group *vg; 193 194 if (!br_vlan_is_master(masterv)) 195 return; 196 197 vg = br_vlan_group(masterv->br); 198 if (refcount_dec_and_test(&masterv->refcnt)) { 199 rhashtable_remove_fast(&vg->vlan_hash, 200 &masterv->vnode, br_vlan_rht_params); 201 __vlan_del_list(masterv); 202 call_rcu(&masterv->rcu, br_master_vlan_rcu_free); 203 } 204 } 205 206 /* This is the shared VLAN add function which works for both ports and bridge 207 * devices. There are four possible calls to this function in terms of the 208 * vlan entry type: 209 * 1. vlan is being added on a port (no master flags, global entry exists) 210 * 2. vlan is being added on a bridge (both master and brentry flags) 211 * 3. vlan is being added on a port, but a global entry didn't exist which 212 * is being created right now (master flag set, brentry flag unset), the 213 * global entry is used for global per-vlan features, but not for filtering 214 * 4. same as 3 but with both master and brentry flags set so the entry 215 * will be used for filtering in both the port and the bridge 216 */ 217 static int __vlan_add(struct net_bridge_vlan *v, u16 flags) 218 { 219 struct net_bridge_vlan *masterv = NULL; 220 struct net_bridge_port *p = NULL; 221 struct net_bridge_vlan_group *vg; 222 struct net_device *dev; 223 struct net_bridge *br; 224 int err; 225 226 if (br_vlan_is_master(v)) { 227 br = v->br; 228 dev = br->dev; 229 vg = br_vlan_group(br); 230 } else { 231 p = v->port; 232 br = p->br; 233 dev = p->dev; 234 vg = nbp_vlan_group(p); 235 } 236 237 if (p) { 238 /* Add VLAN to the device filter if it is supported. 239 * This ensures tagged traffic enters the bridge when 240 * promiscuous mode is disabled by br_manage_promisc(). 241 */ 242 err = __vlan_vid_add(dev, br, v->vid, flags); 243 if (err) 244 goto out; 245 246 /* need to work on the master vlan too */ 247 if (flags & BRIDGE_VLAN_INFO_MASTER) { 248 bool changed; 249 250 err = br_vlan_add(br, v->vid, 251 flags | BRIDGE_VLAN_INFO_BRENTRY, 252 &changed); 253 if (err) 254 goto out_filt; 255 } 256 257 masterv = br_vlan_get_master(br, v->vid); 258 if (!masterv) 259 goto out_filt; 260 v->brvlan = masterv; 261 v->stats = masterv->stats; 262 } 263 264 /* Add the dev mac and count the vlan only if it's usable */ 265 if (br_vlan_should_use(v)) { 266 err = br_fdb_insert(br, p, dev->dev_addr, v->vid); 267 if (err) { 268 br_err(br, "failed insert local address into bridge forwarding table\n"); 269 goto out_filt; 270 } 271 vg->num_vlans++; 272 } 273 274 err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode, 275 br_vlan_rht_params); 276 if (err) 277 goto out_fdb_insert; 278 279 __vlan_add_list(v); 280 __vlan_add_flags(v, flags); 281 out: 282 return err; 283 284 out_fdb_insert: 285 if (br_vlan_should_use(v)) { 286 br_fdb_find_delete_local(br, p, dev->dev_addr, v->vid); 287 vg->num_vlans--; 288 } 289 290 out_filt: 291 if (p) { 292 __vlan_vid_del(dev, br, v->vid); 293 if (masterv) { 294 br_vlan_put_master(masterv); 295 v->brvlan = NULL; 296 } 297 } 298 299 goto out; 300 } 301 302 static int __vlan_del(struct net_bridge_vlan *v) 303 { 304 struct net_bridge_vlan *masterv = v; 305 struct net_bridge_vlan_group *vg; 306 struct net_bridge_port *p = NULL; 307 int err = 0; 308 309 if (br_vlan_is_master(v)) { 310 vg = br_vlan_group(v->br); 311 } else { 312 p = v->port; 313 vg = nbp_vlan_group(v->port); 314 masterv = v->brvlan; 315 } 316 317 __vlan_delete_pvid(vg, v->vid); 318 if (p) { 319 err = __vlan_vid_del(p->dev, p->br, v->vid); 320 if (err) 321 goto out; 322 } 323 324 if (br_vlan_should_use(v)) { 325 v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY; 326 vg->num_vlans--; 327 } 328 329 if (masterv != v) { 330 vlan_tunnel_info_del(vg, v); 331 rhashtable_remove_fast(&vg->vlan_hash, &v->vnode, 332 br_vlan_rht_params); 333 __vlan_del_list(v); 334 kfree_rcu(v, rcu); 335 } 336 337 br_vlan_put_master(masterv); 338 out: 339 return err; 340 } 341 342 static void __vlan_group_free(struct net_bridge_vlan_group *vg) 343 { 344 WARN_ON(!list_empty(&vg->vlan_list)); 345 rhashtable_destroy(&vg->vlan_hash); 346 vlan_tunnel_deinit(vg); 347 kfree(vg); 348 } 349 350 static void __vlan_flush(struct net_bridge_vlan_group *vg) 351 { 352 struct net_bridge_vlan *vlan, *tmp; 353 354 __vlan_delete_pvid(vg, vg->pvid); 355 list_for_each_entry_safe(vlan, tmp, &vg->vlan_list, vlist) 356 __vlan_del(vlan); 357 } 358 359 struct sk_buff *br_handle_vlan(struct net_bridge *br, 360 const struct net_bridge_port *p, 361 struct net_bridge_vlan_group *vg, 362 struct sk_buff *skb) 363 { 364 struct br_vlan_stats *stats; 365 struct net_bridge_vlan *v; 366 u16 vid; 367 368 /* If this packet was not filtered at input, let it pass */ 369 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 370 goto out; 371 372 /* At this point, we know that the frame was filtered and contains 373 * a valid vlan id. If the vlan id has untagged flag set, 374 * send untagged; otherwise, send tagged. 375 */ 376 br_vlan_get_tag(skb, &vid); 377 v = br_vlan_find(vg, vid); 378 /* Vlan entry must be configured at this point. The 379 * only exception is the bridge is set in promisc mode and the 380 * packet is destined for the bridge device. In this case 381 * pass the packet as is. 382 */ 383 if (!v || !br_vlan_should_use(v)) { 384 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) { 385 goto out; 386 } else { 387 kfree_skb(skb); 388 return NULL; 389 } 390 } 391 if (br->vlan_stats_enabled) { 392 stats = this_cpu_ptr(v->stats); 393 u64_stats_update_begin(&stats->syncp); 394 stats->tx_bytes += skb->len; 395 stats->tx_packets++; 396 u64_stats_update_end(&stats->syncp); 397 } 398 399 if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED) 400 skb->vlan_tci = 0; 401 402 if (p && (p->flags & BR_VLAN_TUNNEL) && 403 br_handle_egress_vlan_tunnel(skb, v)) { 404 kfree_skb(skb); 405 return NULL; 406 } 407 out: 408 return skb; 409 } 410 411 /* Called under RCU */ 412 static bool __allowed_ingress(const struct net_bridge *br, 413 struct net_bridge_vlan_group *vg, 414 struct sk_buff *skb, u16 *vid) 415 { 416 struct br_vlan_stats *stats; 417 struct net_bridge_vlan *v; 418 bool tagged; 419 420 BR_INPUT_SKB_CB(skb)->vlan_filtered = true; 421 /* If vlan tx offload is disabled on bridge device and frame was 422 * sent from vlan device on the bridge device, it does not have 423 * HW accelerated vlan tag. 424 */ 425 if (unlikely(!skb_vlan_tag_present(skb) && 426 skb->protocol == br->vlan_proto)) { 427 skb = skb_vlan_untag(skb); 428 if (unlikely(!skb)) 429 return false; 430 } 431 432 if (!br_vlan_get_tag(skb, vid)) { 433 /* Tagged frame */ 434 if (skb->vlan_proto != br->vlan_proto) { 435 /* Protocol-mismatch, empty out vlan_tci for new tag */ 436 skb_push(skb, ETH_HLEN); 437 skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto, 438 skb_vlan_tag_get(skb)); 439 if (unlikely(!skb)) 440 return false; 441 442 skb_pull(skb, ETH_HLEN); 443 skb_reset_mac_len(skb); 444 *vid = 0; 445 tagged = false; 446 } else { 447 tagged = true; 448 } 449 } else { 450 /* Untagged frame */ 451 tagged = false; 452 } 453 454 if (!*vid) { 455 u16 pvid = br_get_pvid(vg); 456 457 /* Frame had a tag with VID 0 or did not have a tag. 458 * See if pvid is set on this port. That tells us which 459 * vlan untagged or priority-tagged traffic belongs to. 460 */ 461 if (!pvid) 462 goto drop; 463 464 /* PVID is set on this port. Any untagged or priority-tagged 465 * ingress frame is considered to belong to this vlan. 466 */ 467 *vid = pvid; 468 if (likely(!tagged)) 469 /* Untagged Frame. */ 470 __vlan_hwaccel_put_tag(skb, br->vlan_proto, pvid); 471 else 472 /* Priority-tagged Frame. 473 * At this point, We know that skb->vlan_tci had 474 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 475 * We update only VID field and preserve PCP field. 476 */ 477 skb->vlan_tci |= pvid; 478 479 /* if stats are disabled we can avoid the lookup */ 480 if (!br->vlan_stats_enabled) 481 return true; 482 } 483 v = br_vlan_find(vg, *vid); 484 if (!v || !br_vlan_should_use(v)) 485 goto drop; 486 487 if (br->vlan_stats_enabled) { 488 stats = this_cpu_ptr(v->stats); 489 u64_stats_update_begin(&stats->syncp); 490 stats->rx_bytes += skb->len; 491 stats->rx_packets++; 492 u64_stats_update_end(&stats->syncp); 493 } 494 495 return true; 496 497 drop: 498 kfree_skb(skb); 499 return false; 500 } 501 502 bool br_allowed_ingress(const struct net_bridge *br, 503 struct net_bridge_vlan_group *vg, struct sk_buff *skb, 504 u16 *vid) 505 { 506 /* If VLAN filtering is disabled on the bridge, all packets are 507 * permitted. 508 */ 509 if (!br->vlan_enabled) { 510 BR_INPUT_SKB_CB(skb)->vlan_filtered = false; 511 return true; 512 } 513 514 return __allowed_ingress(br, vg, skb, vid); 515 } 516 517 /* Called under RCU. */ 518 bool br_allowed_egress(struct net_bridge_vlan_group *vg, 519 const struct sk_buff *skb) 520 { 521 const struct net_bridge_vlan *v; 522 u16 vid; 523 524 /* If this packet was not filtered at input, let it pass */ 525 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 526 return true; 527 528 br_vlan_get_tag(skb, &vid); 529 v = br_vlan_find(vg, vid); 530 if (v && br_vlan_should_use(v)) 531 return true; 532 533 return false; 534 } 535 536 /* Called under RCU */ 537 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid) 538 { 539 struct net_bridge_vlan_group *vg; 540 struct net_bridge *br = p->br; 541 542 /* If filtering was disabled at input, let it pass. */ 543 if (!br->vlan_enabled) 544 return true; 545 546 vg = nbp_vlan_group_rcu(p); 547 if (!vg || !vg->num_vlans) 548 return false; 549 550 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto) 551 *vid = 0; 552 553 if (!*vid) { 554 *vid = br_get_pvid(vg); 555 if (!*vid) 556 return false; 557 558 return true; 559 } 560 561 if (br_vlan_find(vg, *vid)) 562 return true; 563 564 return false; 565 } 566 567 /* Must be protected by RTNL. 568 * Must be called with vid in range from 1 to 4094 inclusive. 569 * changed must be true only if the vlan was created or updated 570 */ 571 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags, bool *changed) 572 { 573 struct net_bridge_vlan_group *vg; 574 struct net_bridge_vlan *vlan; 575 int ret; 576 577 ASSERT_RTNL(); 578 579 *changed = false; 580 vg = br_vlan_group(br); 581 vlan = br_vlan_find(vg, vid); 582 if (vlan) { 583 if (!br_vlan_is_brentry(vlan)) { 584 /* Trying to change flags of non-existent bridge vlan */ 585 if (!(flags & BRIDGE_VLAN_INFO_BRENTRY)) 586 return -EINVAL; 587 /* It was only kept for port vlans, now make it real */ 588 ret = br_fdb_insert(br, NULL, br->dev->dev_addr, 589 vlan->vid); 590 if (ret) { 591 br_err(br, "failed insert local address into bridge forwarding table\n"); 592 return ret; 593 } 594 refcount_inc(&vlan->refcnt); 595 vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY; 596 vg->num_vlans++; 597 *changed = true; 598 } 599 if (__vlan_add_flags(vlan, flags)) 600 *changed = true; 601 602 return 0; 603 } 604 605 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL); 606 if (!vlan) 607 return -ENOMEM; 608 609 vlan->stats = netdev_alloc_pcpu_stats(struct br_vlan_stats); 610 if (!vlan->stats) { 611 kfree(vlan); 612 return -ENOMEM; 613 } 614 vlan->vid = vid; 615 vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER; 616 vlan->flags &= ~BRIDGE_VLAN_INFO_PVID; 617 vlan->br = br; 618 if (flags & BRIDGE_VLAN_INFO_BRENTRY) 619 refcount_set(&vlan->refcnt, 1); 620 ret = __vlan_add(vlan, flags); 621 if (ret) { 622 free_percpu(vlan->stats); 623 kfree(vlan); 624 } else { 625 *changed = true; 626 } 627 628 return ret; 629 } 630 631 /* Must be protected by RTNL. 632 * Must be called with vid in range from 1 to 4094 inclusive. 633 */ 634 int br_vlan_delete(struct net_bridge *br, u16 vid) 635 { 636 struct net_bridge_vlan_group *vg; 637 struct net_bridge_vlan *v; 638 639 ASSERT_RTNL(); 640 641 vg = br_vlan_group(br); 642 v = br_vlan_find(vg, vid); 643 if (!v || !br_vlan_is_brentry(v)) 644 return -ENOENT; 645 646 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid); 647 br_fdb_delete_by_port(br, NULL, vid, 0); 648 649 vlan_tunnel_info_del(vg, v); 650 651 return __vlan_del(v); 652 } 653 654 void br_vlan_flush(struct net_bridge *br) 655 { 656 struct net_bridge_vlan_group *vg; 657 658 ASSERT_RTNL(); 659 660 vg = br_vlan_group(br); 661 __vlan_flush(vg); 662 RCU_INIT_POINTER(br->vlgrp, NULL); 663 synchronize_rcu(); 664 __vlan_group_free(vg); 665 } 666 667 struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid) 668 { 669 if (!vg) 670 return NULL; 671 672 return br_vlan_lookup(&vg->vlan_hash, vid); 673 } 674 675 /* Must be protected by RTNL. */ 676 static void recalculate_group_addr(struct net_bridge *br) 677 { 678 if (br->group_addr_set) 679 return; 680 681 spin_lock_bh(&br->lock); 682 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) { 683 /* Bridge Group Address */ 684 br->group_addr[5] = 0x00; 685 } else { /* vlan_enabled && ETH_P_8021AD */ 686 /* Provider Bridge Group Address */ 687 br->group_addr[5] = 0x08; 688 } 689 spin_unlock_bh(&br->lock); 690 } 691 692 /* Must be protected by RTNL. */ 693 void br_recalculate_fwd_mask(struct net_bridge *br) 694 { 695 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) 696 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT; 697 else /* vlan_enabled && ETH_P_8021AD */ 698 br->group_fwd_mask_required = BR_GROUPFWD_8021AD & 699 ~(1u << br->group_addr[5]); 700 } 701 702 int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 703 { 704 struct switchdev_attr attr = { 705 .orig_dev = br->dev, 706 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING, 707 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP, 708 .u.vlan_filtering = val, 709 }; 710 int err; 711 712 if (br->vlan_enabled == val) 713 return 0; 714 715 err = switchdev_port_attr_set(br->dev, &attr); 716 if (err && err != -EOPNOTSUPP) 717 return err; 718 719 br->vlan_enabled = val; 720 br_manage_promisc(br); 721 recalculate_group_addr(br); 722 br_recalculate_fwd_mask(br); 723 724 return 0; 725 } 726 727 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 728 { 729 return __br_vlan_filter_toggle(br, val); 730 } 731 732 bool br_vlan_enabled(const struct net_device *dev) 733 { 734 struct net_bridge *br = netdev_priv(dev); 735 736 return !!br->vlan_enabled; 737 } 738 EXPORT_SYMBOL_GPL(br_vlan_enabled); 739 740 int __br_vlan_set_proto(struct net_bridge *br, __be16 proto) 741 { 742 int err = 0; 743 struct net_bridge_port *p; 744 struct net_bridge_vlan *vlan; 745 struct net_bridge_vlan_group *vg; 746 __be16 oldproto; 747 748 if (br->vlan_proto == proto) 749 return 0; 750 751 /* Add VLANs for the new proto to the device filter. */ 752 list_for_each_entry(p, &br->port_list, list) { 753 vg = nbp_vlan_group(p); 754 list_for_each_entry(vlan, &vg->vlan_list, vlist) { 755 err = vlan_vid_add(p->dev, proto, vlan->vid); 756 if (err) 757 goto err_filt; 758 } 759 } 760 761 oldproto = br->vlan_proto; 762 br->vlan_proto = proto; 763 764 recalculate_group_addr(br); 765 br_recalculate_fwd_mask(br); 766 767 /* Delete VLANs for the old proto from the device filter. */ 768 list_for_each_entry(p, &br->port_list, list) { 769 vg = nbp_vlan_group(p); 770 list_for_each_entry(vlan, &vg->vlan_list, vlist) 771 vlan_vid_del(p->dev, oldproto, vlan->vid); 772 } 773 774 return 0; 775 776 err_filt: 777 list_for_each_entry_continue_reverse(vlan, &vg->vlan_list, vlist) 778 vlan_vid_del(p->dev, proto, vlan->vid); 779 780 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 781 vg = nbp_vlan_group(p); 782 list_for_each_entry(vlan, &vg->vlan_list, vlist) 783 vlan_vid_del(p->dev, proto, vlan->vid); 784 } 785 786 return err; 787 } 788 789 int br_vlan_set_proto(struct net_bridge *br, unsigned long val) 790 { 791 if (val != ETH_P_8021Q && val != ETH_P_8021AD) 792 return -EPROTONOSUPPORT; 793 794 return __br_vlan_set_proto(br, htons(val)); 795 } 796 797 int br_vlan_set_stats(struct net_bridge *br, unsigned long val) 798 { 799 switch (val) { 800 case 0: 801 case 1: 802 br->vlan_stats_enabled = val; 803 break; 804 default: 805 return -EINVAL; 806 } 807 808 return 0; 809 } 810 811 static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid) 812 { 813 struct net_bridge_vlan *v; 814 815 if (vid != vg->pvid) 816 return false; 817 818 v = br_vlan_lookup(&vg->vlan_hash, vid); 819 if (v && br_vlan_should_use(v) && 820 (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) 821 return true; 822 823 return false; 824 } 825 826 static void br_vlan_disable_default_pvid(struct net_bridge *br) 827 { 828 struct net_bridge_port *p; 829 u16 pvid = br->default_pvid; 830 831 /* Disable default_pvid on all ports where it is still 832 * configured. 833 */ 834 if (vlan_default_pvid(br_vlan_group(br), pvid)) 835 br_vlan_delete(br, pvid); 836 837 list_for_each_entry(p, &br->port_list, list) { 838 if (vlan_default_pvid(nbp_vlan_group(p), pvid)) 839 nbp_vlan_delete(p, pvid); 840 } 841 842 br->default_pvid = 0; 843 } 844 845 int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid) 846 { 847 const struct net_bridge_vlan *pvent; 848 struct net_bridge_vlan_group *vg; 849 struct net_bridge_port *p; 850 unsigned long *changed; 851 bool vlchange; 852 u16 old_pvid; 853 int err = 0; 854 855 if (!pvid) { 856 br_vlan_disable_default_pvid(br); 857 return 0; 858 } 859 860 changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long), 861 GFP_KERNEL); 862 if (!changed) 863 return -ENOMEM; 864 865 old_pvid = br->default_pvid; 866 867 /* Update default_pvid config only if we do not conflict with 868 * user configuration. 869 */ 870 vg = br_vlan_group(br); 871 pvent = br_vlan_find(vg, pvid); 872 if ((!old_pvid || vlan_default_pvid(vg, old_pvid)) && 873 (!pvent || !br_vlan_should_use(pvent))) { 874 err = br_vlan_add(br, pvid, 875 BRIDGE_VLAN_INFO_PVID | 876 BRIDGE_VLAN_INFO_UNTAGGED | 877 BRIDGE_VLAN_INFO_BRENTRY, 878 &vlchange); 879 if (err) 880 goto out; 881 br_vlan_delete(br, old_pvid); 882 set_bit(0, changed); 883 } 884 885 list_for_each_entry(p, &br->port_list, list) { 886 /* Update default_pvid config only if we do not conflict with 887 * user configuration. 888 */ 889 vg = nbp_vlan_group(p); 890 if ((old_pvid && 891 !vlan_default_pvid(vg, old_pvid)) || 892 br_vlan_find(vg, pvid)) 893 continue; 894 895 err = nbp_vlan_add(p, pvid, 896 BRIDGE_VLAN_INFO_PVID | 897 BRIDGE_VLAN_INFO_UNTAGGED, 898 &vlchange); 899 if (err) 900 goto err_port; 901 nbp_vlan_delete(p, old_pvid); 902 set_bit(p->port_no, changed); 903 } 904 905 br->default_pvid = pvid; 906 907 out: 908 kfree(changed); 909 return err; 910 911 err_port: 912 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 913 if (!test_bit(p->port_no, changed)) 914 continue; 915 916 if (old_pvid) 917 nbp_vlan_add(p, old_pvid, 918 BRIDGE_VLAN_INFO_PVID | 919 BRIDGE_VLAN_INFO_UNTAGGED, 920 &vlchange); 921 nbp_vlan_delete(p, pvid); 922 } 923 924 if (test_bit(0, changed)) { 925 if (old_pvid) 926 br_vlan_add(br, old_pvid, 927 BRIDGE_VLAN_INFO_PVID | 928 BRIDGE_VLAN_INFO_UNTAGGED | 929 BRIDGE_VLAN_INFO_BRENTRY, 930 &vlchange); 931 br_vlan_delete(br, pvid); 932 } 933 goto out; 934 } 935 936 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val) 937 { 938 u16 pvid = val; 939 int err = 0; 940 941 if (val >= VLAN_VID_MASK) 942 return -EINVAL; 943 944 if (pvid == br->default_pvid) 945 goto out; 946 947 /* Only allow default pvid change when filtering is disabled */ 948 if (br->vlan_enabled) { 949 pr_info_once("Please disable vlan filtering to change default_pvid\n"); 950 err = -EPERM; 951 goto out; 952 } 953 err = __br_vlan_set_default_pvid(br, pvid); 954 out: 955 return err; 956 } 957 958 int br_vlan_init(struct net_bridge *br) 959 { 960 struct net_bridge_vlan_group *vg; 961 int ret = -ENOMEM; 962 bool changed; 963 964 vg = kzalloc(sizeof(*vg), GFP_KERNEL); 965 if (!vg) 966 goto out; 967 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params); 968 if (ret) 969 goto err_rhtbl; 970 ret = vlan_tunnel_init(vg); 971 if (ret) 972 goto err_tunnel_init; 973 INIT_LIST_HEAD(&vg->vlan_list); 974 br->vlan_proto = htons(ETH_P_8021Q); 975 br->default_pvid = 1; 976 rcu_assign_pointer(br->vlgrp, vg); 977 ret = br_vlan_add(br, 1, 978 BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED | 979 BRIDGE_VLAN_INFO_BRENTRY, &changed); 980 if (ret) 981 goto err_vlan_add; 982 983 out: 984 return ret; 985 986 err_vlan_add: 987 vlan_tunnel_deinit(vg); 988 err_tunnel_init: 989 rhashtable_destroy(&vg->vlan_hash); 990 err_rhtbl: 991 kfree(vg); 992 993 goto out; 994 } 995 996 int nbp_vlan_init(struct net_bridge_port *p) 997 { 998 struct switchdev_attr attr = { 999 .orig_dev = p->br->dev, 1000 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING, 1001 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP, 1002 .u.vlan_filtering = p->br->vlan_enabled, 1003 }; 1004 struct net_bridge_vlan_group *vg; 1005 int ret = -ENOMEM; 1006 1007 vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL); 1008 if (!vg) 1009 goto out; 1010 1011 ret = switchdev_port_attr_set(p->dev, &attr); 1012 if (ret && ret != -EOPNOTSUPP) 1013 goto err_vlan_enabled; 1014 1015 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params); 1016 if (ret) 1017 goto err_rhtbl; 1018 ret = vlan_tunnel_init(vg); 1019 if (ret) 1020 goto err_tunnel_init; 1021 INIT_LIST_HEAD(&vg->vlan_list); 1022 rcu_assign_pointer(p->vlgrp, vg); 1023 if (p->br->default_pvid) { 1024 bool changed; 1025 1026 ret = nbp_vlan_add(p, p->br->default_pvid, 1027 BRIDGE_VLAN_INFO_PVID | 1028 BRIDGE_VLAN_INFO_UNTAGGED, 1029 &changed); 1030 if (ret) 1031 goto err_vlan_add; 1032 } 1033 out: 1034 return ret; 1035 1036 err_vlan_add: 1037 RCU_INIT_POINTER(p->vlgrp, NULL); 1038 synchronize_rcu(); 1039 vlan_tunnel_deinit(vg); 1040 err_tunnel_init: 1041 rhashtable_destroy(&vg->vlan_hash); 1042 err_rhtbl: 1043 err_vlan_enabled: 1044 kfree(vg); 1045 1046 goto out; 1047 } 1048 1049 /* Must be protected by RTNL. 1050 * Must be called with vid in range from 1 to 4094 inclusive. 1051 * changed must be true only if the vlan was created or updated 1052 */ 1053 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags, 1054 bool *changed) 1055 { 1056 struct switchdev_obj_port_vlan v = { 1057 .obj.orig_dev = port->dev, 1058 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, 1059 .flags = flags, 1060 .vid_begin = vid, 1061 .vid_end = vid, 1062 }; 1063 struct net_bridge_vlan *vlan; 1064 int ret; 1065 1066 ASSERT_RTNL(); 1067 1068 *changed = false; 1069 vlan = br_vlan_find(nbp_vlan_group(port), vid); 1070 if (vlan) { 1071 /* Pass the flags to the hardware bridge */ 1072 ret = switchdev_port_obj_add(port->dev, &v.obj); 1073 if (ret && ret != -EOPNOTSUPP) 1074 return ret; 1075 *changed = __vlan_add_flags(vlan, flags); 1076 1077 return 0; 1078 } 1079 1080 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL); 1081 if (!vlan) 1082 return -ENOMEM; 1083 1084 vlan->vid = vid; 1085 vlan->port = port; 1086 ret = __vlan_add(vlan, flags); 1087 if (ret) 1088 kfree(vlan); 1089 else 1090 *changed = true; 1091 1092 return ret; 1093 } 1094 1095 /* Must be protected by RTNL. 1096 * Must be called with vid in range from 1 to 4094 inclusive. 1097 */ 1098 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 1099 { 1100 struct net_bridge_vlan *v; 1101 1102 ASSERT_RTNL(); 1103 1104 v = br_vlan_find(nbp_vlan_group(port), vid); 1105 if (!v) 1106 return -ENOENT; 1107 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid); 1108 br_fdb_delete_by_port(port->br, port, vid, 0); 1109 1110 return __vlan_del(v); 1111 } 1112 1113 void nbp_vlan_flush(struct net_bridge_port *port) 1114 { 1115 struct net_bridge_vlan_group *vg; 1116 1117 ASSERT_RTNL(); 1118 1119 vg = nbp_vlan_group(port); 1120 __vlan_flush(vg); 1121 RCU_INIT_POINTER(port->vlgrp, NULL); 1122 synchronize_rcu(); 1123 __vlan_group_free(vg); 1124 } 1125 1126 void br_vlan_get_stats(const struct net_bridge_vlan *v, 1127 struct br_vlan_stats *stats) 1128 { 1129 int i; 1130 1131 memset(stats, 0, sizeof(*stats)); 1132 for_each_possible_cpu(i) { 1133 u64 rxpackets, rxbytes, txpackets, txbytes; 1134 struct br_vlan_stats *cpu_stats; 1135 unsigned int start; 1136 1137 cpu_stats = per_cpu_ptr(v->stats, i); 1138 do { 1139 start = u64_stats_fetch_begin_irq(&cpu_stats->syncp); 1140 rxpackets = cpu_stats->rx_packets; 1141 rxbytes = cpu_stats->rx_bytes; 1142 txbytes = cpu_stats->tx_bytes; 1143 txpackets = cpu_stats->tx_packets; 1144 } while (u64_stats_fetch_retry_irq(&cpu_stats->syncp, start)); 1145 1146 stats->rx_packets += rxpackets; 1147 stats->rx_bytes += rxbytes; 1148 stats->tx_bytes += txbytes; 1149 stats->tx_packets += txpackets; 1150 } 1151 } 1152