1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 #include <net/switchdev.h> 6 7 #include "br_private.h" 8 9 static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg, 10 const void *ptr) 11 { 12 const struct net_bridge_vlan *vle = ptr; 13 u16 vid = *(u16 *)arg->key; 14 15 return vle->vid != vid; 16 } 17 18 static const struct rhashtable_params br_vlan_rht_params = { 19 .head_offset = offsetof(struct net_bridge_vlan, vnode), 20 .key_offset = offsetof(struct net_bridge_vlan, vid), 21 .key_len = sizeof(u16), 22 .nelem_hint = 3, 23 .locks_mul = 1, 24 .max_size = VLAN_N_VID, 25 .obj_cmpfn = br_vlan_cmp, 26 .automatic_shrinking = true, 27 }; 28 29 static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid) 30 { 31 return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params); 32 } 33 34 static void __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid) 35 { 36 if (vg->pvid == vid) 37 return; 38 39 smp_wmb(); 40 vg->pvid = vid; 41 } 42 43 static void __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid) 44 { 45 if (vg->pvid != vid) 46 return; 47 48 smp_wmb(); 49 vg->pvid = 0; 50 } 51 52 static void __vlan_add_flags(struct net_bridge_vlan *v, u16 flags) 53 { 54 struct net_bridge_vlan_group *vg; 55 56 if (br_vlan_is_master(v)) 57 vg = v->br->vlgrp; 58 else 59 vg = v->port->vlgrp; 60 61 if (flags & BRIDGE_VLAN_INFO_PVID) 62 __vlan_add_pvid(vg, v->vid); 63 else 64 __vlan_delete_pvid(vg, v->vid); 65 66 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 67 v->flags |= BRIDGE_VLAN_INFO_UNTAGGED; 68 else 69 v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED; 70 } 71 72 static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, 73 u16 vid, u16 flags) 74 { 75 const struct net_device_ops *ops = dev->netdev_ops; 76 int err; 77 78 /* If driver uses VLAN ndo ops, use 8021q to install vid 79 * on device, otherwise try switchdev ops to install vid. 80 */ 81 82 if (ops->ndo_vlan_rx_add_vid) { 83 err = vlan_vid_add(dev, br->vlan_proto, vid); 84 } else { 85 struct switchdev_obj_vlan v = { 86 .flags = flags, 87 .vid_begin = vid, 88 .vid_end = vid, 89 }; 90 91 err = switchdev_port_obj_add(dev, SWITCHDEV_OBJ_ID_PORT_VLAN, 92 &v); 93 if (err == -EOPNOTSUPP) 94 err = 0; 95 } 96 97 return err; 98 } 99 100 static void __vlan_add_list(struct net_bridge_vlan *v) 101 { 102 struct list_head *headp, *hpos; 103 struct net_bridge_vlan *vent; 104 105 headp = br_vlan_is_master(v) ? &v->br->vlgrp->vlan_list : 106 &v->port->vlgrp->vlan_list; 107 list_for_each_prev(hpos, headp) { 108 vent = list_entry(hpos, struct net_bridge_vlan, vlist); 109 if (v->vid < vent->vid) 110 continue; 111 else 112 break; 113 } 114 list_add(&v->vlist, hpos); 115 } 116 117 static void __vlan_del_list(struct net_bridge_vlan *v) 118 { 119 list_del(&v->vlist); 120 } 121 122 static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br, 123 u16 vid) 124 { 125 const struct net_device_ops *ops = dev->netdev_ops; 126 int err = 0; 127 128 /* If driver uses VLAN ndo ops, use 8021q to delete vid 129 * on device, otherwise try switchdev ops to delete vid. 130 */ 131 132 if (ops->ndo_vlan_rx_kill_vid) { 133 vlan_vid_del(dev, br->vlan_proto, vid); 134 } else { 135 struct switchdev_obj_vlan v = { 136 .vid_begin = vid, 137 .vid_end = vid, 138 }; 139 140 err = switchdev_port_obj_del(dev, SWITCHDEV_OBJ_ID_PORT_VLAN, 141 &v); 142 if (err == -EOPNOTSUPP) 143 err = 0; 144 } 145 146 return err; 147 } 148 149 /* This is the shared VLAN add function which works for both ports and bridge 150 * devices. There are four possible calls to this function in terms of the 151 * vlan entry type: 152 * 1. vlan is being added on a port (no master flags, global entry exists) 153 * 2. vlan is being added on a bridge (both master and brvlan flags) 154 * 3. vlan is being added on a port, but a global entry didn't exist which 155 * is being created right now (master flag set, brvlan flag unset), the 156 * global entry is used for global per-vlan features, but not for filtering 157 * 4. same as 3 but with both master and brvlan flags set so the entry 158 * will be used for filtering in both the port and the bridge 159 */ 160 static int __vlan_add(struct net_bridge_vlan *v, u16 flags) 161 { 162 struct net_bridge_vlan *masterv = NULL; 163 struct net_bridge_port *p = NULL; 164 struct rhashtable *tbl; 165 struct net_device *dev; 166 struct net_bridge *br; 167 int err; 168 169 if (br_vlan_is_master(v)) { 170 br = v->br; 171 dev = br->dev; 172 tbl = &br->vlgrp->vlan_hash; 173 } else { 174 p = v->port; 175 br = p->br; 176 dev = p->dev; 177 tbl = &p->vlgrp->vlan_hash; 178 } 179 180 if (p) { 181 u16 master_flags = flags; 182 183 /* Add VLAN to the device filter if it is supported. 184 * This ensures tagged traffic enters the bridge when 185 * promiscuous mode is disabled by br_manage_promisc(). 186 */ 187 err = __vlan_vid_add(dev, br, v->vid, flags); 188 if (err) 189 goto out; 190 191 /* need to work on the master vlan too */ 192 if (flags & BRIDGE_VLAN_INFO_MASTER) { 193 master_flags |= BRIDGE_VLAN_INFO_BRENTRY; 194 err = br_vlan_add(br, v->vid, master_flags); 195 if (err) 196 goto out_filt; 197 } 198 199 masterv = br_vlan_find(br->vlgrp, v->vid); 200 if (!masterv) { 201 /* missing global ctx, create it now */ 202 err = br_vlan_add(br, v->vid, 0); 203 if (err) 204 goto out_filt; 205 masterv = br_vlan_find(br->vlgrp, v->vid); 206 WARN_ON(!masterv); 207 } 208 atomic_inc(&masterv->refcnt); 209 v->brvlan = masterv; 210 } 211 212 /* Add the dev mac only if it's a usable vlan */ 213 if (br_vlan_should_use(v)) { 214 err = br_fdb_insert(br, p, dev->dev_addr, v->vid); 215 if (err) { 216 br_err(br, "failed insert local address into bridge forwarding table\n"); 217 goto out_filt; 218 } 219 } 220 221 err = rhashtable_lookup_insert_fast(tbl, &v->vnode, br_vlan_rht_params); 222 if (err) 223 goto out_fdb_insert; 224 225 __vlan_add_list(v); 226 __vlan_add_flags(v, flags); 227 if (br_vlan_is_master(v)) { 228 if (br_vlan_is_brentry(v)) 229 br->vlgrp->num_vlans++; 230 } else { 231 p->vlgrp->num_vlans++; 232 } 233 out: 234 return err; 235 236 out_fdb_insert: 237 br_fdb_find_delete_local(br, p, br->dev->dev_addr, v->vid); 238 239 out_filt: 240 if (p) { 241 __vlan_vid_del(dev, br, v->vid); 242 if (masterv) { 243 atomic_dec(&masterv->refcnt); 244 v->brvlan = NULL; 245 } 246 } 247 248 goto out; 249 } 250 251 static int __vlan_del(struct net_bridge_vlan *v) 252 { 253 struct net_bridge_vlan *masterv = v; 254 struct net_bridge_vlan_group *vg; 255 struct net_bridge_port *p = NULL; 256 struct net_bridge *br; 257 int err = 0; 258 259 if (br_vlan_is_master(v)) { 260 br = v->br; 261 vg = v->br->vlgrp; 262 } else { 263 p = v->port; 264 br = p->br; 265 vg = v->port->vlgrp; 266 masterv = v->brvlan; 267 } 268 269 __vlan_delete_pvid(vg, v->vid); 270 if (p) { 271 err = __vlan_vid_del(p->dev, p->br, v->vid); 272 if (err) 273 goto out; 274 } 275 276 if (br_vlan_is_master(v)) { 277 if (br_vlan_is_brentry(v)) { 278 v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY; 279 br->vlgrp->num_vlans--; 280 } 281 } else { 282 p->vlgrp->num_vlans--; 283 } 284 285 if (masterv != v) { 286 rhashtable_remove_fast(&vg->vlan_hash, &v->vnode, 287 br_vlan_rht_params); 288 __vlan_del_list(v); 289 kfree_rcu(v, rcu); 290 } 291 292 if (atomic_dec_and_test(&masterv->refcnt)) { 293 rhashtable_remove_fast(&masterv->br->vlgrp->vlan_hash, 294 &masterv->vnode, br_vlan_rht_params); 295 __vlan_del_list(masterv); 296 kfree_rcu(masterv, rcu); 297 } 298 out: 299 return err; 300 } 301 302 static void __vlan_flush(struct net_bridge_vlan_group *vlgrp) 303 { 304 struct net_bridge_vlan *vlan, *tmp; 305 306 __vlan_delete_pvid(vlgrp, vlgrp->pvid); 307 list_for_each_entry_safe(vlan, tmp, &vlgrp->vlan_list, vlist) 308 __vlan_del(vlan); 309 rhashtable_destroy(&vlgrp->vlan_hash); 310 kfree(vlgrp); 311 } 312 313 struct sk_buff *br_handle_vlan(struct net_bridge *br, 314 struct net_bridge_vlan_group *vg, 315 struct sk_buff *skb) 316 { 317 struct net_bridge_vlan *v; 318 u16 vid; 319 320 /* If this packet was not filtered at input, let it pass */ 321 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 322 goto out; 323 324 /* At this point, we know that the frame was filtered and contains 325 * a valid vlan id. If the vlan id has untagged flag set, 326 * send untagged; otherwise, send tagged. 327 */ 328 br_vlan_get_tag(skb, &vid); 329 v = br_vlan_find(vg, vid); 330 /* Vlan entry must be configured at this point. The 331 * only exception is the bridge is set in promisc mode and the 332 * packet is destined for the bridge device. In this case 333 * pass the packet as is. 334 */ 335 if (!v || !br_vlan_should_use(v)) { 336 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) { 337 goto out; 338 } else { 339 kfree_skb(skb); 340 return NULL; 341 } 342 } 343 if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED) 344 skb->vlan_tci = 0; 345 346 out: 347 return skb; 348 } 349 350 /* Called under RCU */ 351 static bool __allowed_ingress(struct net_bridge_vlan_group *vg, __be16 proto, 352 struct sk_buff *skb, u16 *vid) 353 { 354 const struct net_bridge_vlan *v; 355 bool tagged; 356 357 BR_INPUT_SKB_CB(skb)->vlan_filtered = true; 358 /* If vlan tx offload is disabled on bridge device and frame was 359 * sent from vlan device on the bridge device, it does not have 360 * HW accelerated vlan tag. 361 */ 362 if (unlikely(!skb_vlan_tag_present(skb) && 363 skb->protocol == proto)) { 364 skb = skb_vlan_untag(skb); 365 if (unlikely(!skb)) 366 return false; 367 } 368 369 if (!br_vlan_get_tag(skb, vid)) { 370 /* Tagged frame */ 371 if (skb->vlan_proto != proto) { 372 /* Protocol-mismatch, empty out vlan_tci for new tag */ 373 skb_push(skb, ETH_HLEN); 374 skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto, 375 skb_vlan_tag_get(skb)); 376 if (unlikely(!skb)) 377 return false; 378 379 skb_pull(skb, ETH_HLEN); 380 skb_reset_mac_len(skb); 381 *vid = 0; 382 tagged = false; 383 } else { 384 tagged = true; 385 } 386 } else { 387 /* Untagged frame */ 388 tagged = false; 389 } 390 391 if (!*vid) { 392 u16 pvid = br_get_pvid(vg); 393 394 /* Frame had a tag with VID 0 or did not have a tag. 395 * See if pvid is set on this port. That tells us which 396 * vlan untagged or priority-tagged traffic belongs to. 397 */ 398 if (!pvid) 399 goto drop; 400 401 /* PVID is set on this port. Any untagged or priority-tagged 402 * ingress frame is considered to belong to this vlan. 403 */ 404 *vid = pvid; 405 if (likely(!tagged)) 406 /* Untagged Frame. */ 407 __vlan_hwaccel_put_tag(skb, proto, pvid); 408 else 409 /* Priority-tagged Frame. 410 * At this point, We know that skb->vlan_tci had 411 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 412 * We update only VID field and preserve PCP field. 413 */ 414 skb->vlan_tci |= pvid; 415 416 return true; 417 } 418 419 /* Frame had a valid vlan tag. See if vlan is allowed */ 420 v = br_vlan_find(vg, *vid); 421 if (v && br_vlan_should_use(v)) 422 return true; 423 drop: 424 kfree_skb(skb); 425 return false; 426 } 427 428 bool br_allowed_ingress(const struct net_bridge *br, 429 struct net_bridge_vlan_group *vg, struct sk_buff *skb, 430 u16 *vid) 431 { 432 /* If VLAN filtering is disabled on the bridge, all packets are 433 * permitted. 434 */ 435 if (!br->vlan_enabled) { 436 BR_INPUT_SKB_CB(skb)->vlan_filtered = false; 437 return true; 438 } 439 440 return __allowed_ingress(vg, br->vlan_proto, skb, vid); 441 } 442 443 /* Called under RCU. */ 444 bool br_allowed_egress(struct net_bridge_vlan_group *vg, 445 const struct sk_buff *skb) 446 { 447 const struct net_bridge_vlan *v; 448 u16 vid; 449 450 /* If this packet was not filtered at input, let it pass */ 451 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 452 return true; 453 454 br_vlan_get_tag(skb, &vid); 455 v = br_vlan_find(vg, vid); 456 if (v && br_vlan_should_use(v)) 457 return true; 458 459 return false; 460 } 461 462 /* Called under RCU */ 463 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid) 464 { 465 struct net_bridge_vlan_group *vg; 466 struct net_bridge *br = p->br; 467 468 /* If filtering was disabled at input, let it pass. */ 469 if (!br->vlan_enabled) 470 return true; 471 472 vg = p->vlgrp; 473 if (!vg || !vg->num_vlans) 474 return false; 475 476 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto) 477 *vid = 0; 478 479 if (!*vid) { 480 *vid = br_get_pvid(vg); 481 if (!*vid) 482 return false; 483 484 return true; 485 } 486 487 if (br_vlan_find(vg, *vid)) 488 return true; 489 490 return false; 491 } 492 493 /* Must be protected by RTNL. 494 * Must be called with vid in range from 1 to 4094 inclusive. 495 */ 496 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags) 497 { 498 struct net_bridge_vlan *vlan; 499 int ret; 500 501 ASSERT_RTNL(); 502 503 vlan = br_vlan_find(br->vlgrp, vid); 504 if (vlan) { 505 if (!br_vlan_is_brentry(vlan)) { 506 /* Trying to change flags of non-existent bridge vlan */ 507 if (!(flags & BRIDGE_VLAN_INFO_BRENTRY)) 508 return -EINVAL; 509 /* It was only kept for port vlans, now make it real */ 510 ret = br_fdb_insert(br, NULL, br->dev->dev_addr, 511 vlan->vid); 512 if (ret) { 513 br_err(br, "failed insert local address into bridge forwarding table\n"); 514 return ret; 515 } 516 atomic_inc(&vlan->refcnt); 517 vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY; 518 br->vlgrp->num_vlans++; 519 } 520 __vlan_add_flags(vlan, flags); 521 return 0; 522 } 523 524 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL); 525 if (!vlan) 526 return -ENOMEM; 527 528 vlan->vid = vid; 529 vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER; 530 vlan->flags &= ~BRIDGE_VLAN_INFO_PVID; 531 vlan->br = br; 532 if (flags & BRIDGE_VLAN_INFO_BRENTRY) 533 atomic_set(&vlan->refcnt, 1); 534 ret = __vlan_add(vlan, flags); 535 if (ret) 536 kfree(vlan); 537 538 return ret; 539 } 540 541 /* Must be protected by RTNL. 542 * Must be called with vid in range from 1 to 4094 inclusive. 543 */ 544 int br_vlan_delete(struct net_bridge *br, u16 vid) 545 { 546 struct net_bridge_vlan *v; 547 548 ASSERT_RTNL(); 549 550 v = br_vlan_find(br->vlgrp, vid); 551 if (!v || !br_vlan_is_brentry(v)) 552 return -ENOENT; 553 554 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid); 555 556 return __vlan_del(v); 557 } 558 559 void br_vlan_flush(struct net_bridge *br) 560 { 561 ASSERT_RTNL(); 562 563 __vlan_flush(br_vlan_group(br)); 564 } 565 566 struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid) 567 { 568 if (!vg) 569 return NULL; 570 571 return br_vlan_lookup(&vg->vlan_hash, vid); 572 } 573 574 /* Must be protected by RTNL. */ 575 static void recalculate_group_addr(struct net_bridge *br) 576 { 577 if (br->group_addr_set) 578 return; 579 580 spin_lock_bh(&br->lock); 581 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) { 582 /* Bridge Group Address */ 583 br->group_addr[5] = 0x00; 584 } else { /* vlan_enabled && ETH_P_8021AD */ 585 /* Provider Bridge Group Address */ 586 br->group_addr[5] = 0x08; 587 } 588 spin_unlock_bh(&br->lock); 589 } 590 591 /* Must be protected by RTNL. */ 592 void br_recalculate_fwd_mask(struct net_bridge *br) 593 { 594 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) 595 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT; 596 else /* vlan_enabled && ETH_P_8021AD */ 597 br->group_fwd_mask_required = BR_GROUPFWD_8021AD & 598 ~(1u << br->group_addr[5]); 599 } 600 601 int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 602 { 603 if (br->vlan_enabled == val) 604 return 0; 605 606 br->vlan_enabled = val; 607 br_manage_promisc(br); 608 recalculate_group_addr(br); 609 br_recalculate_fwd_mask(br); 610 611 return 0; 612 } 613 614 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 615 { 616 if (!rtnl_trylock()) 617 return restart_syscall(); 618 619 __br_vlan_filter_toggle(br, val); 620 rtnl_unlock(); 621 622 return 0; 623 } 624 625 int __br_vlan_set_proto(struct net_bridge *br, __be16 proto) 626 { 627 int err = 0; 628 struct net_bridge_port *p; 629 struct net_bridge_vlan *vlan; 630 __be16 oldproto; 631 632 if (br->vlan_proto == proto) 633 return 0; 634 635 /* Add VLANs for the new proto to the device filter. */ 636 list_for_each_entry(p, &br->port_list, list) { 637 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist) { 638 err = vlan_vid_add(p->dev, proto, vlan->vid); 639 if (err) 640 goto err_filt; 641 } 642 } 643 644 oldproto = br->vlan_proto; 645 br->vlan_proto = proto; 646 647 recalculate_group_addr(br); 648 br_recalculate_fwd_mask(br); 649 650 /* Delete VLANs for the old proto from the device filter. */ 651 list_for_each_entry(p, &br->port_list, list) 652 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist) 653 vlan_vid_del(p->dev, oldproto, vlan->vid); 654 655 return 0; 656 657 err_filt: 658 list_for_each_entry_continue_reverse(vlan, &p->vlgrp->vlan_list, vlist) 659 vlan_vid_del(p->dev, proto, vlan->vid); 660 661 list_for_each_entry_continue_reverse(p, &br->port_list, list) 662 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist) 663 vlan_vid_del(p->dev, proto, vlan->vid); 664 665 return err; 666 } 667 668 int br_vlan_set_proto(struct net_bridge *br, unsigned long val) 669 { 670 int err; 671 672 if (val != ETH_P_8021Q && val != ETH_P_8021AD) 673 return -EPROTONOSUPPORT; 674 675 if (!rtnl_trylock()) 676 return restart_syscall(); 677 678 err = __br_vlan_set_proto(br, htons(val)); 679 rtnl_unlock(); 680 681 return err; 682 } 683 684 static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid) 685 { 686 struct net_bridge_vlan *v; 687 688 if (vid != vg->pvid) 689 return false; 690 691 v = br_vlan_lookup(&vg->vlan_hash, vid); 692 if (v && br_vlan_should_use(v) && 693 (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) 694 return true; 695 696 return false; 697 } 698 699 static void br_vlan_disable_default_pvid(struct net_bridge *br) 700 { 701 struct net_bridge_port *p; 702 u16 pvid = br->default_pvid; 703 704 /* Disable default_pvid on all ports where it is still 705 * configured. 706 */ 707 if (vlan_default_pvid(br->vlgrp, pvid)) 708 br_vlan_delete(br, pvid); 709 710 list_for_each_entry(p, &br->port_list, list) { 711 if (vlan_default_pvid(p->vlgrp, pvid)) 712 nbp_vlan_delete(p, pvid); 713 } 714 715 br->default_pvid = 0; 716 } 717 718 static int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid) 719 { 720 const struct net_bridge_vlan *pvent; 721 struct net_bridge_port *p; 722 u16 old_pvid; 723 int err = 0; 724 unsigned long *changed; 725 726 changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long), 727 GFP_KERNEL); 728 if (!changed) 729 return -ENOMEM; 730 731 old_pvid = br->default_pvid; 732 733 /* Update default_pvid config only if we do not conflict with 734 * user configuration. 735 */ 736 pvent = br_vlan_find(br->vlgrp, pvid); 737 if ((!old_pvid || vlan_default_pvid(br->vlgrp, old_pvid)) && 738 (!pvent || !br_vlan_should_use(pvent))) { 739 err = br_vlan_add(br, pvid, 740 BRIDGE_VLAN_INFO_PVID | 741 BRIDGE_VLAN_INFO_UNTAGGED | 742 BRIDGE_VLAN_INFO_BRENTRY); 743 if (err) 744 goto out; 745 br_vlan_delete(br, old_pvid); 746 set_bit(0, changed); 747 } 748 749 list_for_each_entry(p, &br->port_list, list) { 750 /* Update default_pvid config only if we do not conflict with 751 * user configuration. 752 */ 753 if ((old_pvid && 754 !vlan_default_pvid(p->vlgrp, old_pvid)) || 755 br_vlan_find(p->vlgrp, pvid)) 756 continue; 757 758 err = nbp_vlan_add(p, pvid, 759 BRIDGE_VLAN_INFO_PVID | 760 BRIDGE_VLAN_INFO_UNTAGGED); 761 if (err) 762 goto err_port; 763 nbp_vlan_delete(p, old_pvid); 764 set_bit(p->port_no, changed); 765 } 766 767 br->default_pvid = pvid; 768 769 out: 770 kfree(changed); 771 return err; 772 773 err_port: 774 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 775 if (!test_bit(p->port_no, changed)) 776 continue; 777 778 if (old_pvid) 779 nbp_vlan_add(p, old_pvid, 780 BRIDGE_VLAN_INFO_PVID | 781 BRIDGE_VLAN_INFO_UNTAGGED); 782 nbp_vlan_delete(p, pvid); 783 } 784 785 if (test_bit(0, changed)) { 786 if (old_pvid) 787 br_vlan_add(br, old_pvid, 788 BRIDGE_VLAN_INFO_PVID | 789 BRIDGE_VLAN_INFO_UNTAGGED | 790 BRIDGE_VLAN_INFO_BRENTRY); 791 br_vlan_delete(br, pvid); 792 } 793 goto out; 794 } 795 796 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val) 797 { 798 u16 pvid = val; 799 int err = 0; 800 801 if (val >= VLAN_VID_MASK) 802 return -EINVAL; 803 804 if (!rtnl_trylock()) 805 return restart_syscall(); 806 807 if (pvid == br->default_pvid) 808 goto unlock; 809 810 /* Only allow default pvid change when filtering is disabled */ 811 if (br->vlan_enabled) { 812 pr_info_once("Please disable vlan filtering to change default_pvid\n"); 813 err = -EPERM; 814 goto unlock; 815 } 816 817 if (!pvid) 818 br_vlan_disable_default_pvid(br); 819 else 820 err = __br_vlan_set_default_pvid(br, pvid); 821 822 unlock: 823 rtnl_unlock(); 824 return err; 825 } 826 827 int br_vlan_init(struct net_bridge *br) 828 { 829 int ret = -ENOMEM; 830 831 br->vlgrp = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL); 832 if (!br->vlgrp) 833 goto out; 834 ret = rhashtable_init(&br->vlgrp->vlan_hash, &br_vlan_rht_params); 835 if (ret) 836 goto err_rhtbl; 837 INIT_LIST_HEAD(&br->vlgrp->vlan_list); 838 br->vlan_proto = htons(ETH_P_8021Q); 839 br->default_pvid = 1; 840 ret = br_vlan_add(br, 1, 841 BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED | 842 BRIDGE_VLAN_INFO_BRENTRY); 843 if (ret) 844 goto err_vlan_add; 845 846 out: 847 return ret; 848 849 err_vlan_add: 850 rhashtable_destroy(&br->vlgrp->vlan_hash); 851 err_rhtbl: 852 kfree(br->vlgrp); 853 854 goto out; 855 } 856 857 int nbp_vlan_init(struct net_bridge_port *p) 858 { 859 struct net_bridge_vlan_group *vg; 860 int ret = -ENOMEM; 861 862 vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL); 863 if (!vg) 864 goto out; 865 866 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params); 867 if (ret) 868 goto err_rhtbl; 869 INIT_LIST_HEAD(&vg->vlan_list); 870 /* Make sure everything's committed before publishing vg */ 871 smp_wmb(); 872 p->vlgrp = vg; 873 if (p->br->default_pvid) { 874 ret = nbp_vlan_add(p, p->br->default_pvid, 875 BRIDGE_VLAN_INFO_PVID | 876 BRIDGE_VLAN_INFO_UNTAGGED); 877 if (ret) 878 goto err_vlan_add; 879 } 880 out: 881 return ret; 882 883 err_vlan_add: 884 rhashtable_destroy(&vg->vlan_hash); 885 err_rhtbl: 886 kfree(vg); 887 888 goto out; 889 } 890 891 /* Must be protected by RTNL. 892 * Must be called with vid in range from 1 to 4094 inclusive. 893 */ 894 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags) 895 { 896 struct net_bridge_vlan *vlan; 897 int ret; 898 899 ASSERT_RTNL(); 900 901 vlan = br_vlan_find(port->vlgrp, vid); 902 if (vlan) { 903 __vlan_add_flags(vlan, flags); 904 return 0; 905 } 906 907 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL); 908 if (!vlan) 909 return -ENOMEM; 910 911 vlan->vid = vid; 912 vlan->port = port; 913 ret = __vlan_add(vlan, flags); 914 if (ret) 915 kfree(vlan); 916 917 return ret; 918 } 919 920 /* Must be protected by RTNL. 921 * Must be called with vid in range from 1 to 4094 inclusive. 922 */ 923 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 924 { 925 struct net_bridge_vlan *v; 926 927 ASSERT_RTNL(); 928 929 v = br_vlan_find(port->vlgrp, vid); 930 if (!v) 931 return -ENOENT; 932 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid); 933 br_fdb_delete_by_port(port->br, port, vid, 0); 934 935 return __vlan_del(v); 936 } 937 938 void nbp_vlan_flush(struct net_bridge_port *port) 939 { 940 struct net_bridge_vlan *vlan; 941 942 ASSERT_RTNL(); 943 944 list_for_each_entry(vlan, &port->vlgrp->vlan_list, vlist) 945 vlan_vid_del(port->dev, port->br->vlan_proto, vlan->vid); 946 947 __vlan_flush(nbp_vlan_group(port)); 948 } 949