1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 #include <net/switchdev.h> 6 7 #include "br_private.h" 8 #include "br_private_tunnel.h" 9 10 static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg, 11 const void *ptr) 12 { 13 const struct net_bridge_vlan *vle = ptr; 14 u16 vid = *(u16 *)arg->key; 15 16 return vle->vid != vid; 17 } 18 19 static const struct rhashtable_params br_vlan_rht_params = { 20 .head_offset = offsetof(struct net_bridge_vlan, vnode), 21 .key_offset = offsetof(struct net_bridge_vlan, vid), 22 .key_len = sizeof(u16), 23 .nelem_hint = 3, 24 .locks_mul = 1, 25 .max_size = VLAN_N_VID, 26 .obj_cmpfn = br_vlan_cmp, 27 .automatic_shrinking = true, 28 }; 29 30 static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid) 31 { 32 return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params); 33 } 34 35 static void __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid) 36 { 37 if (vg->pvid == vid) 38 return; 39 40 smp_wmb(); 41 vg->pvid = vid; 42 } 43 44 static void __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid) 45 { 46 if (vg->pvid != vid) 47 return; 48 49 smp_wmb(); 50 vg->pvid = 0; 51 } 52 53 static void __vlan_add_flags(struct net_bridge_vlan *v, u16 flags) 54 { 55 struct net_bridge_vlan_group *vg; 56 57 if (br_vlan_is_master(v)) 58 vg = br_vlan_group(v->br); 59 else 60 vg = nbp_vlan_group(v->port); 61 62 if (flags & BRIDGE_VLAN_INFO_PVID) 63 __vlan_add_pvid(vg, v->vid); 64 else 65 __vlan_delete_pvid(vg, v->vid); 66 67 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 68 v->flags |= BRIDGE_VLAN_INFO_UNTAGGED; 69 else 70 v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED; 71 } 72 73 static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, 74 u16 vid, u16 flags) 75 { 76 struct switchdev_obj_port_vlan v = { 77 .obj.orig_dev = dev, 78 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, 79 .flags = flags, 80 .vid_begin = vid, 81 .vid_end = vid, 82 }; 83 int err; 84 85 /* Try switchdev op first. In case it is not supported, fallback to 86 * 8021q add. 87 */ 88 err = switchdev_port_obj_add(dev, &v.obj); 89 if (err == -EOPNOTSUPP) 90 return vlan_vid_add(dev, br->vlan_proto, vid); 91 return err; 92 } 93 94 static void __vlan_add_list(struct net_bridge_vlan *v) 95 { 96 struct net_bridge_vlan_group *vg; 97 struct list_head *headp, *hpos; 98 struct net_bridge_vlan *vent; 99 100 if (br_vlan_is_master(v)) 101 vg = br_vlan_group(v->br); 102 else 103 vg = nbp_vlan_group(v->port); 104 105 headp = &vg->vlan_list; 106 list_for_each_prev(hpos, headp) { 107 vent = list_entry(hpos, struct net_bridge_vlan, vlist); 108 if (v->vid < vent->vid) 109 continue; 110 else 111 break; 112 } 113 list_add_rcu(&v->vlist, hpos); 114 } 115 116 static void __vlan_del_list(struct net_bridge_vlan *v) 117 { 118 list_del_rcu(&v->vlist); 119 } 120 121 static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br, 122 u16 vid) 123 { 124 struct switchdev_obj_port_vlan v = { 125 .obj.orig_dev = dev, 126 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, 127 .vid_begin = vid, 128 .vid_end = vid, 129 }; 130 int err; 131 132 /* Try switchdev op first. In case it is not supported, fallback to 133 * 8021q del. 134 */ 135 err = switchdev_port_obj_del(dev, &v.obj); 136 if (err == -EOPNOTSUPP) { 137 vlan_vid_del(dev, br->vlan_proto, vid); 138 return 0; 139 } 140 return err; 141 } 142 143 /* Returns a master vlan, if it didn't exist it gets created. In all cases a 144 * a reference is taken to the master vlan before returning. 145 */ 146 static struct net_bridge_vlan *br_vlan_get_master(struct net_bridge *br, u16 vid) 147 { 148 struct net_bridge_vlan_group *vg; 149 struct net_bridge_vlan *masterv; 150 151 vg = br_vlan_group(br); 152 masterv = br_vlan_find(vg, vid); 153 if (!masterv) { 154 /* missing global ctx, create it now */ 155 if (br_vlan_add(br, vid, 0)) 156 return NULL; 157 masterv = br_vlan_find(vg, vid); 158 if (WARN_ON(!masterv)) 159 return NULL; 160 } 161 atomic_inc(&masterv->refcnt); 162 163 return masterv; 164 } 165 166 static void br_master_vlan_rcu_free(struct rcu_head *rcu) 167 { 168 struct net_bridge_vlan *v; 169 170 v = container_of(rcu, struct net_bridge_vlan, rcu); 171 WARN_ON(!br_vlan_is_master(v)); 172 free_percpu(v->stats); 173 v->stats = NULL; 174 kfree(v); 175 } 176 177 static void br_vlan_put_master(struct net_bridge_vlan *masterv) 178 { 179 struct net_bridge_vlan_group *vg; 180 181 if (!br_vlan_is_master(masterv)) 182 return; 183 184 vg = br_vlan_group(masterv->br); 185 if (atomic_dec_and_test(&masterv->refcnt)) { 186 rhashtable_remove_fast(&vg->vlan_hash, 187 &masterv->vnode, br_vlan_rht_params); 188 __vlan_del_list(masterv); 189 call_rcu(&masterv->rcu, br_master_vlan_rcu_free); 190 } 191 } 192 193 /* This is the shared VLAN add function which works for both ports and bridge 194 * devices. There are four possible calls to this function in terms of the 195 * vlan entry type: 196 * 1. vlan is being added on a port (no master flags, global entry exists) 197 * 2. vlan is being added on a bridge (both master and brentry flags) 198 * 3. vlan is being added on a port, but a global entry didn't exist which 199 * is being created right now (master flag set, brentry flag unset), the 200 * global entry is used for global per-vlan features, but not for filtering 201 * 4. same as 3 but with both master and brentry flags set so the entry 202 * will be used for filtering in both the port and the bridge 203 */ 204 static int __vlan_add(struct net_bridge_vlan *v, u16 flags) 205 { 206 struct net_bridge_vlan *masterv = NULL; 207 struct net_bridge_port *p = NULL; 208 struct net_bridge_vlan_group *vg; 209 struct net_device *dev; 210 struct net_bridge *br; 211 int err; 212 213 if (br_vlan_is_master(v)) { 214 br = v->br; 215 dev = br->dev; 216 vg = br_vlan_group(br); 217 } else { 218 p = v->port; 219 br = p->br; 220 dev = p->dev; 221 vg = nbp_vlan_group(p); 222 } 223 224 if (p) { 225 /* Add VLAN to the device filter if it is supported. 226 * This ensures tagged traffic enters the bridge when 227 * promiscuous mode is disabled by br_manage_promisc(). 228 */ 229 err = __vlan_vid_add(dev, br, v->vid, flags); 230 if (err) 231 goto out; 232 233 /* need to work on the master vlan too */ 234 if (flags & BRIDGE_VLAN_INFO_MASTER) { 235 err = br_vlan_add(br, v->vid, flags | 236 BRIDGE_VLAN_INFO_BRENTRY); 237 if (err) 238 goto out_filt; 239 } 240 241 masterv = br_vlan_get_master(br, v->vid); 242 if (!masterv) 243 goto out_filt; 244 v->brvlan = masterv; 245 v->stats = masterv->stats; 246 } 247 248 /* Add the dev mac and count the vlan only if it's usable */ 249 if (br_vlan_should_use(v)) { 250 err = br_fdb_insert(br, p, dev->dev_addr, v->vid); 251 if (err) { 252 br_err(br, "failed insert local address into bridge forwarding table\n"); 253 goto out_filt; 254 } 255 vg->num_vlans++; 256 } 257 258 err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode, 259 br_vlan_rht_params); 260 if (err) 261 goto out_fdb_insert; 262 263 __vlan_add_list(v); 264 __vlan_add_flags(v, flags); 265 out: 266 return err; 267 268 out_fdb_insert: 269 if (br_vlan_should_use(v)) { 270 br_fdb_find_delete_local(br, p, dev->dev_addr, v->vid); 271 vg->num_vlans--; 272 } 273 274 out_filt: 275 if (p) { 276 __vlan_vid_del(dev, br, v->vid); 277 if (masterv) { 278 br_vlan_put_master(masterv); 279 v->brvlan = NULL; 280 } 281 } 282 283 goto out; 284 } 285 286 static int __vlan_del(struct net_bridge_vlan *v) 287 { 288 struct net_bridge_vlan *masterv = v; 289 struct net_bridge_vlan_group *vg; 290 struct net_bridge_port *p = NULL; 291 int err = 0; 292 293 if (br_vlan_is_master(v)) { 294 vg = br_vlan_group(v->br); 295 } else { 296 p = v->port; 297 vg = nbp_vlan_group(v->port); 298 masterv = v->brvlan; 299 } 300 301 __vlan_delete_pvid(vg, v->vid); 302 if (p) { 303 err = __vlan_vid_del(p->dev, p->br, v->vid); 304 if (err) 305 goto out; 306 } 307 308 if (br_vlan_should_use(v)) { 309 v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY; 310 vg->num_vlans--; 311 } 312 313 if (masterv != v) { 314 vlan_tunnel_info_del(vg, v); 315 rhashtable_remove_fast(&vg->vlan_hash, &v->vnode, 316 br_vlan_rht_params); 317 __vlan_del_list(v); 318 kfree_rcu(v, rcu); 319 } 320 321 br_vlan_put_master(masterv); 322 out: 323 return err; 324 } 325 326 static void __vlan_group_free(struct net_bridge_vlan_group *vg) 327 { 328 WARN_ON(!list_empty(&vg->vlan_list)); 329 rhashtable_destroy(&vg->vlan_hash); 330 vlan_tunnel_deinit(vg); 331 kfree(vg); 332 } 333 334 static void __vlan_flush(struct net_bridge_vlan_group *vg) 335 { 336 struct net_bridge_vlan *vlan, *tmp; 337 338 __vlan_delete_pvid(vg, vg->pvid); 339 list_for_each_entry_safe(vlan, tmp, &vg->vlan_list, vlist) 340 __vlan_del(vlan); 341 } 342 343 struct sk_buff *br_handle_vlan(struct net_bridge *br, 344 const struct net_bridge_port *p, 345 struct net_bridge_vlan_group *vg, 346 struct sk_buff *skb) 347 { 348 struct br_vlan_stats *stats; 349 struct net_bridge_vlan *v; 350 u16 vid; 351 352 /* If this packet was not filtered at input, let it pass */ 353 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 354 goto out; 355 356 /* At this point, we know that the frame was filtered and contains 357 * a valid vlan id. If the vlan id has untagged flag set, 358 * send untagged; otherwise, send tagged. 359 */ 360 br_vlan_get_tag(skb, &vid); 361 v = br_vlan_find(vg, vid); 362 /* Vlan entry must be configured at this point. The 363 * only exception is the bridge is set in promisc mode and the 364 * packet is destined for the bridge device. In this case 365 * pass the packet as is. 366 */ 367 if (!v || !br_vlan_should_use(v)) { 368 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) { 369 goto out; 370 } else { 371 kfree_skb(skb); 372 return NULL; 373 } 374 } 375 if (br->vlan_stats_enabled) { 376 stats = this_cpu_ptr(v->stats); 377 u64_stats_update_begin(&stats->syncp); 378 stats->tx_bytes += skb->len; 379 stats->tx_packets++; 380 u64_stats_update_end(&stats->syncp); 381 } 382 383 if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED) 384 skb->vlan_tci = 0; 385 386 if (p && (p->flags & BR_VLAN_TUNNEL) && 387 br_handle_egress_vlan_tunnel(skb, v)) { 388 kfree_skb(skb); 389 return NULL; 390 } 391 out: 392 return skb; 393 } 394 395 /* Called under RCU */ 396 static bool __allowed_ingress(const struct net_bridge *br, 397 struct net_bridge_vlan_group *vg, 398 struct sk_buff *skb, u16 *vid) 399 { 400 struct br_vlan_stats *stats; 401 struct net_bridge_vlan *v; 402 bool tagged; 403 404 BR_INPUT_SKB_CB(skb)->vlan_filtered = true; 405 /* If vlan tx offload is disabled on bridge device and frame was 406 * sent from vlan device on the bridge device, it does not have 407 * HW accelerated vlan tag. 408 */ 409 if (unlikely(!skb_vlan_tag_present(skb) && 410 skb->protocol == br->vlan_proto)) { 411 skb = skb_vlan_untag(skb); 412 if (unlikely(!skb)) 413 return false; 414 } 415 416 if (!br_vlan_get_tag(skb, vid)) { 417 /* Tagged frame */ 418 if (skb->vlan_proto != br->vlan_proto) { 419 /* Protocol-mismatch, empty out vlan_tci for new tag */ 420 skb_push(skb, ETH_HLEN); 421 skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto, 422 skb_vlan_tag_get(skb)); 423 if (unlikely(!skb)) 424 return false; 425 426 skb_pull(skb, ETH_HLEN); 427 skb_reset_mac_len(skb); 428 *vid = 0; 429 tagged = false; 430 } else { 431 tagged = true; 432 } 433 } else { 434 /* Untagged frame */ 435 tagged = false; 436 } 437 438 if (!*vid) { 439 u16 pvid = br_get_pvid(vg); 440 441 /* Frame had a tag with VID 0 or did not have a tag. 442 * See if pvid is set on this port. That tells us which 443 * vlan untagged or priority-tagged traffic belongs to. 444 */ 445 if (!pvid) 446 goto drop; 447 448 /* PVID is set on this port. Any untagged or priority-tagged 449 * ingress frame is considered to belong to this vlan. 450 */ 451 *vid = pvid; 452 if (likely(!tagged)) 453 /* Untagged Frame. */ 454 __vlan_hwaccel_put_tag(skb, br->vlan_proto, pvid); 455 else 456 /* Priority-tagged Frame. 457 * At this point, We know that skb->vlan_tci had 458 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 459 * We update only VID field and preserve PCP field. 460 */ 461 skb->vlan_tci |= pvid; 462 463 /* if stats are disabled we can avoid the lookup */ 464 if (!br->vlan_stats_enabled) 465 return true; 466 } 467 v = br_vlan_find(vg, *vid); 468 if (!v || !br_vlan_should_use(v)) 469 goto drop; 470 471 if (br->vlan_stats_enabled) { 472 stats = this_cpu_ptr(v->stats); 473 u64_stats_update_begin(&stats->syncp); 474 stats->rx_bytes += skb->len; 475 stats->rx_packets++; 476 u64_stats_update_end(&stats->syncp); 477 } 478 479 return true; 480 481 drop: 482 kfree_skb(skb); 483 return false; 484 } 485 486 bool br_allowed_ingress(const struct net_bridge *br, 487 struct net_bridge_vlan_group *vg, struct sk_buff *skb, 488 u16 *vid) 489 { 490 /* If VLAN filtering is disabled on the bridge, all packets are 491 * permitted. 492 */ 493 if (!br->vlan_enabled) { 494 BR_INPUT_SKB_CB(skb)->vlan_filtered = false; 495 return true; 496 } 497 498 return __allowed_ingress(br, vg, skb, vid); 499 } 500 501 /* Called under RCU. */ 502 bool br_allowed_egress(struct net_bridge_vlan_group *vg, 503 const struct sk_buff *skb) 504 { 505 const struct net_bridge_vlan *v; 506 u16 vid; 507 508 /* If this packet was not filtered at input, let it pass */ 509 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 510 return true; 511 512 br_vlan_get_tag(skb, &vid); 513 v = br_vlan_find(vg, vid); 514 if (v && br_vlan_should_use(v)) 515 return true; 516 517 return false; 518 } 519 520 /* Called under RCU */ 521 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid) 522 { 523 struct net_bridge_vlan_group *vg; 524 struct net_bridge *br = p->br; 525 526 /* If filtering was disabled at input, let it pass. */ 527 if (!br->vlan_enabled) 528 return true; 529 530 vg = nbp_vlan_group_rcu(p); 531 if (!vg || !vg->num_vlans) 532 return false; 533 534 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto) 535 *vid = 0; 536 537 if (!*vid) { 538 *vid = br_get_pvid(vg); 539 if (!*vid) 540 return false; 541 542 return true; 543 } 544 545 if (br_vlan_find(vg, *vid)) 546 return true; 547 548 return false; 549 } 550 551 /* Must be protected by RTNL. 552 * Must be called with vid in range from 1 to 4094 inclusive. 553 */ 554 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags) 555 { 556 struct net_bridge_vlan_group *vg; 557 struct net_bridge_vlan *vlan; 558 int ret; 559 560 ASSERT_RTNL(); 561 562 vg = br_vlan_group(br); 563 vlan = br_vlan_find(vg, vid); 564 if (vlan) { 565 if (!br_vlan_is_brentry(vlan)) { 566 /* Trying to change flags of non-existent bridge vlan */ 567 if (!(flags & BRIDGE_VLAN_INFO_BRENTRY)) 568 return -EINVAL; 569 /* It was only kept for port vlans, now make it real */ 570 ret = br_fdb_insert(br, NULL, br->dev->dev_addr, 571 vlan->vid); 572 if (ret) { 573 br_err(br, "failed insert local address into bridge forwarding table\n"); 574 return ret; 575 } 576 atomic_inc(&vlan->refcnt); 577 vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY; 578 vg->num_vlans++; 579 } 580 __vlan_add_flags(vlan, flags); 581 return 0; 582 } 583 584 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL); 585 if (!vlan) 586 return -ENOMEM; 587 588 vlan->stats = netdev_alloc_pcpu_stats(struct br_vlan_stats); 589 if (!vlan->stats) { 590 kfree(vlan); 591 return -ENOMEM; 592 } 593 vlan->vid = vid; 594 vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER; 595 vlan->flags &= ~BRIDGE_VLAN_INFO_PVID; 596 vlan->br = br; 597 if (flags & BRIDGE_VLAN_INFO_BRENTRY) 598 atomic_set(&vlan->refcnt, 1); 599 ret = __vlan_add(vlan, flags); 600 if (ret) { 601 free_percpu(vlan->stats); 602 kfree(vlan); 603 } 604 605 return ret; 606 } 607 608 /* Must be protected by RTNL. 609 * Must be called with vid in range from 1 to 4094 inclusive. 610 */ 611 int br_vlan_delete(struct net_bridge *br, u16 vid) 612 { 613 struct net_bridge_vlan_group *vg; 614 struct net_bridge_vlan *v; 615 616 ASSERT_RTNL(); 617 618 vg = br_vlan_group(br); 619 v = br_vlan_find(vg, vid); 620 if (!v || !br_vlan_is_brentry(v)) 621 return -ENOENT; 622 623 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid); 624 br_fdb_delete_by_port(br, NULL, vid, 0); 625 626 vlan_tunnel_info_del(vg, v); 627 628 return __vlan_del(v); 629 } 630 631 void br_vlan_flush(struct net_bridge *br) 632 { 633 struct net_bridge_vlan_group *vg; 634 635 ASSERT_RTNL(); 636 637 vg = br_vlan_group(br); 638 __vlan_flush(vg); 639 RCU_INIT_POINTER(br->vlgrp, NULL); 640 synchronize_rcu(); 641 __vlan_group_free(vg); 642 } 643 644 struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid) 645 { 646 if (!vg) 647 return NULL; 648 649 return br_vlan_lookup(&vg->vlan_hash, vid); 650 } 651 652 /* Must be protected by RTNL. */ 653 static void recalculate_group_addr(struct net_bridge *br) 654 { 655 if (br->group_addr_set) 656 return; 657 658 spin_lock_bh(&br->lock); 659 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) { 660 /* Bridge Group Address */ 661 br->group_addr[5] = 0x00; 662 } else { /* vlan_enabled && ETH_P_8021AD */ 663 /* Provider Bridge Group Address */ 664 br->group_addr[5] = 0x08; 665 } 666 spin_unlock_bh(&br->lock); 667 } 668 669 /* Must be protected by RTNL. */ 670 void br_recalculate_fwd_mask(struct net_bridge *br) 671 { 672 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) 673 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT; 674 else /* vlan_enabled && ETH_P_8021AD */ 675 br->group_fwd_mask_required = BR_GROUPFWD_8021AD & 676 ~(1u << br->group_addr[5]); 677 } 678 679 int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 680 { 681 struct switchdev_attr attr = { 682 .orig_dev = br->dev, 683 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING, 684 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP, 685 .u.vlan_filtering = val, 686 }; 687 int err; 688 689 if (br->vlan_enabled == val) 690 return 0; 691 692 err = switchdev_port_attr_set(br->dev, &attr); 693 if (err && err != -EOPNOTSUPP) 694 return err; 695 696 br->vlan_enabled = val; 697 br_manage_promisc(br); 698 recalculate_group_addr(br); 699 br_recalculate_fwd_mask(br); 700 701 return 0; 702 } 703 704 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 705 { 706 return __br_vlan_filter_toggle(br, val); 707 } 708 709 int __br_vlan_set_proto(struct net_bridge *br, __be16 proto) 710 { 711 int err = 0; 712 struct net_bridge_port *p; 713 struct net_bridge_vlan *vlan; 714 struct net_bridge_vlan_group *vg; 715 __be16 oldproto; 716 717 if (br->vlan_proto == proto) 718 return 0; 719 720 /* Add VLANs for the new proto to the device filter. */ 721 list_for_each_entry(p, &br->port_list, list) { 722 vg = nbp_vlan_group(p); 723 list_for_each_entry(vlan, &vg->vlan_list, vlist) { 724 err = vlan_vid_add(p->dev, proto, vlan->vid); 725 if (err) 726 goto err_filt; 727 } 728 } 729 730 oldproto = br->vlan_proto; 731 br->vlan_proto = proto; 732 733 recalculate_group_addr(br); 734 br_recalculate_fwd_mask(br); 735 736 /* Delete VLANs for the old proto from the device filter. */ 737 list_for_each_entry(p, &br->port_list, list) { 738 vg = nbp_vlan_group(p); 739 list_for_each_entry(vlan, &vg->vlan_list, vlist) 740 vlan_vid_del(p->dev, oldproto, vlan->vid); 741 } 742 743 return 0; 744 745 err_filt: 746 list_for_each_entry_continue_reverse(vlan, &vg->vlan_list, vlist) 747 vlan_vid_del(p->dev, proto, vlan->vid); 748 749 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 750 vg = nbp_vlan_group(p); 751 list_for_each_entry(vlan, &vg->vlan_list, vlist) 752 vlan_vid_del(p->dev, proto, vlan->vid); 753 } 754 755 return err; 756 } 757 758 int br_vlan_set_proto(struct net_bridge *br, unsigned long val) 759 { 760 if (val != ETH_P_8021Q && val != ETH_P_8021AD) 761 return -EPROTONOSUPPORT; 762 763 return __br_vlan_set_proto(br, htons(val)); 764 } 765 766 int br_vlan_set_stats(struct net_bridge *br, unsigned long val) 767 { 768 switch (val) { 769 case 0: 770 case 1: 771 br->vlan_stats_enabled = val; 772 break; 773 default: 774 return -EINVAL; 775 } 776 777 return 0; 778 } 779 780 static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid) 781 { 782 struct net_bridge_vlan *v; 783 784 if (vid != vg->pvid) 785 return false; 786 787 v = br_vlan_lookup(&vg->vlan_hash, vid); 788 if (v && br_vlan_should_use(v) && 789 (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) 790 return true; 791 792 return false; 793 } 794 795 static void br_vlan_disable_default_pvid(struct net_bridge *br) 796 { 797 struct net_bridge_port *p; 798 u16 pvid = br->default_pvid; 799 800 /* Disable default_pvid on all ports where it is still 801 * configured. 802 */ 803 if (vlan_default_pvid(br_vlan_group(br), pvid)) 804 br_vlan_delete(br, pvid); 805 806 list_for_each_entry(p, &br->port_list, list) { 807 if (vlan_default_pvid(nbp_vlan_group(p), pvid)) 808 nbp_vlan_delete(p, pvid); 809 } 810 811 br->default_pvid = 0; 812 } 813 814 int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid) 815 { 816 const struct net_bridge_vlan *pvent; 817 struct net_bridge_vlan_group *vg; 818 struct net_bridge_port *p; 819 u16 old_pvid; 820 int err = 0; 821 unsigned long *changed; 822 823 if (!pvid) { 824 br_vlan_disable_default_pvid(br); 825 return 0; 826 } 827 828 changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long), 829 GFP_KERNEL); 830 if (!changed) 831 return -ENOMEM; 832 833 old_pvid = br->default_pvid; 834 835 /* Update default_pvid config only if we do not conflict with 836 * user configuration. 837 */ 838 vg = br_vlan_group(br); 839 pvent = br_vlan_find(vg, pvid); 840 if ((!old_pvid || vlan_default_pvid(vg, old_pvid)) && 841 (!pvent || !br_vlan_should_use(pvent))) { 842 err = br_vlan_add(br, pvid, 843 BRIDGE_VLAN_INFO_PVID | 844 BRIDGE_VLAN_INFO_UNTAGGED | 845 BRIDGE_VLAN_INFO_BRENTRY); 846 if (err) 847 goto out; 848 br_vlan_delete(br, old_pvid); 849 set_bit(0, changed); 850 } 851 852 list_for_each_entry(p, &br->port_list, list) { 853 /* Update default_pvid config only if we do not conflict with 854 * user configuration. 855 */ 856 vg = nbp_vlan_group(p); 857 if ((old_pvid && 858 !vlan_default_pvid(vg, old_pvid)) || 859 br_vlan_find(vg, pvid)) 860 continue; 861 862 err = nbp_vlan_add(p, pvid, 863 BRIDGE_VLAN_INFO_PVID | 864 BRIDGE_VLAN_INFO_UNTAGGED); 865 if (err) 866 goto err_port; 867 nbp_vlan_delete(p, old_pvid); 868 set_bit(p->port_no, changed); 869 } 870 871 br->default_pvid = pvid; 872 873 out: 874 kfree(changed); 875 return err; 876 877 err_port: 878 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 879 if (!test_bit(p->port_no, changed)) 880 continue; 881 882 if (old_pvid) 883 nbp_vlan_add(p, old_pvid, 884 BRIDGE_VLAN_INFO_PVID | 885 BRIDGE_VLAN_INFO_UNTAGGED); 886 nbp_vlan_delete(p, pvid); 887 } 888 889 if (test_bit(0, changed)) { 890 if (old_pvid) 891 br_vlan_add(br, old_pvid, 892 BRIDGE_VLAN_INFO_PVID | 893 BRIDGE_VLAN_INFO_UNTAGGED | 894 BRIDGE_VLAN_INFO_BRENTRY); 895 br_vlan_delete(br, pvid); 896 } 897 goto out; 898 } 899 900 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val) 901 { 902 u16 pvid = val; 903 int err = 0; 904 905 if (val >= VLAN_VID_MASK) 906 return -EINVAL; 907 908 if (pvid == br->default_pvid) 909 goto out; 910 911 /* Only allow default pvid change when filtering is disabled */ 912 if (br->vlan_enabled) { 913 pr_info_once("Please disable vlan filtering to change default_pvid\n"); 914 err = -EPERM; 915 goto out; 916 } 917 err = __br_vlan_set_default_pvid(br, pvid); 918 out: 919 return err; 920 } 921 922 int br_vlan_init(struct net_bridge *br) 923 { 924 struct net_bridge_vlan_group *vg; 925 int ret = -ENOMEM; 926 927 vg = kzalloc(sizeof(*vg), GFP_KERNEL); 928 if (!vg) 929 goto out; 930 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params); 931 if (ret) 932 goto err_rhtbl; 933 ret = vlan_tunnel_init(vg); 934 if (ret) 935 goto err_tunnel_init; 936 INIT_LIST_HEAD(&vg->vlan_list); 937 br->vlan_proto = htons(ETH_P_8021Q); 938 br->default_pvid = 1; 939 rcu_assign_pointer(br->vlgrp, vg); 940 ret = br_vlan_add(br, 1, 941 BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED | 942 BRIDGE_VLAN_INFO_BRENTRY); 943 if (ret) 944 goto err_vlan_add; 945 946 out: 947 return ret; 948 949 err_vlan_add: 950 vlan_tunnel_deinit(vg); 951 err_tunnel_init: 952 rhashtable_destroy(&vg->vlan_hash); 953 err_rhtbl: 954 kfree(vg); 955 956 goto out; 957 } 958 959 int nbp_vlan_init(struct net_bridge_port *p) 960 { 961 struct switchdev_attr attr = { 962 .orig_dev = p->br->dev, 963 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING, 964 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP, 965 .u.vlan_filtering = p->br->vlan_enabled, 966 }; 967 struct net_bridge_vlan_group *vg; 968 int ret = -ENOMEM; 969 970 vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL); 971 if (!vg) 972 goto out; 973 974 ret = switchdev_port_attr_set(p->dev, &attr); 975 if (ret && ret != -EOPNOTSUPP) 976 goto err_vlan_enabled; 977 978 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params); 979 if (ret) 980 goto err_rhtbl; 981 ret = vlan_tunnel_init(vg); 982 if (ret) 983 goto err_tunnel_init; 984 INIT_LIST_HEAD(&vg->vlan_list); 985 rcu_assign_pointer(p->vlgrp, vg); 986 if (p->br->default_pvid) { 987 ret = nbp_vlan_add(p, p->br->default_pvid, 988 BRIDGE_VLAN_INFO_PVID | 989 BRIDGE_VLAN_INFO_UNTAGGED); 990 if (ret) 991 goto err_vlan_add; 992 } 993 out: 994 return ret; 995 996 err_vlan_add: 997 RCU_INIT_POINTER(p->vlgrp, NULL); 998 synchronize_rcu(); 999 vlan_tunnel_deinit(vg); 1000 err_tunnel_init: 1001 rhashtable_destroy(&vg->vlan_hash); 1002 err_rhtbl: 1003 err_vlan_enabled: 1004 kfree(vg); 1005 1006 goto out; 1007 } 1008 1009 /* Must be protected by RTNL. 1010 * Must be called with vid in range from 1 to 4094 inclusive. 1011 */ 1012 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags) 1013 { 1014 struct switchdev_obj_port_vlan v = { 1015 .obj.orig_dev = port->dev, 1016 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, 1017 .flags = flags, 1018 .vid_begin = vid, 1019 .vid_end = vid, 1020 }; 1021 struct net_bridge_vlan *vlan; 1022 int ret; 1023 1024 ASSERT_RTNL(); 1025 1026 vlan = br_vlan_find(nbp_vlan_group(port), vid); 1027 if (vlan) { 1028 /* Pass the flags to the hardware bridge */ 1029 ret = switchdev_port_obj_add(port->dev, &v.obj); 1030 if (ret && ret != -EOPNOTSUPP) 1031 return ret; 1032 __vlan_add_flags(vlan, flags); 1033 return 0; 1034 } 1035 1036 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL); 1037 if (!vlan) 1038 return -ENOMEM; 1039 1040 vlan->vid = vid; 1041 vlan->port = port; 1042 ret = __vlan_add(vlan, flags); 1043 if (ret) 1044 kfree(vlan); 1045 1046 return ret; 1047 } 1048 1049 /* Must be protected by RTNL. 1050 * Must be called with vid in range from 1 to 4094 inclusive. 1051 */ 1052 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 1053 { 1054 struct net_bridge_vlan *v; 1055 1056 ASSERT_RTNL(); 1057 1058 v = br_vlan_find(nbp_vlan_group(port), vid); 1059 if (!v) 1060 return -ENOENT; 1061 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid); 1062 br_fdb_delete_by_port(port->br, port, vid, 0); 1063 1064 return __vlan_del(v); 1065 } 1066 1067 void nbp_vlan_flush(struct net_bridge_port *port) 1068 { 1069 struct net_bridge_vlan_group *vg; 1070 1071 ASSERT_RTNL(); 1072 1073 vg = nbp_vlan_group(port); 1074 __vlan_flush(vg); 1075 RCU_INIT_POINTER(port->vlgrp, NULL); 1076 synchronize_rcu(); 1077 __vlan_group_free(vg); 1078 } 1079 1080 void br_vlan_get_stats(const struct net_bridge_vlan *v, 1081 struct br_vlan_stats *stats) 1082 { 1083 int i; 1084 1085 memset(stats, 0, sizeof(*stats)); 1086 for_each_possible_cpu(i) { 1087 u64 rxpackets, rxbytes, txpackets, txbytes; 1088 struct br_vlan_stats *cpu_stats; 1089 unsigned int start; 1090 1091 cpu_stats = per_cpu_ptr(v->stats, i); 1092 do { 1093 start = u64_stats_fetch_begin_irq(&cpu_stats->syncp); 1094 rxpackets = cpu_stats->rx_packets; 1095 rxbytes = cpu_stats->rx_bytes; 1096 txbytes = cpu_stats->tx_bytes; 1097 txpackets = cpu_stats->tx_packets; 1098 } while (u64_stats_fetch_retry_irq(&cpu_stats->syncp, start)); 1099 1100 stats->rx_packets += rxpackets; 1101 stats->rx_bytes += rxbytes; 1102 stats->tx_bytes += txbytes; 1103 stats->tx_packets += txpackets; 1104 } 1105 } 1106