xref: /openbmc/linux/net/bridge/br_vlan.c (revision 6774def6)
1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5 
6 #include "br_private.h"
7 
8 static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid)
9 {
10 	if (v->pvid == vid)
11 		return;
12 
13 	smp_wmb();
14 	v->pvid = vid;
15 }
16 
17 static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid)
18 {
19 	if (v->pvid != vid)
20 		return;
21 
22 	smp_wmb();
23 	v->pvid = 0;
24 }
25 
26 static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags)
27 {
28 	if (flags & BRIDGE_VLAN_INFO_PVID)
29 		__vlan_add_pvid(v, vid);
30 	else
31 		__vlan_delete_pvid(v, vid);
32 
33 	if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
34 		set_bit(vid, v->untagged_bitmap);
35 	else
36 		clear_bit(vid, v->untagged_bitmap);
37 }
38 
39 static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags)
40 {
41 	struct net_bridge_port *p = NULL;
42 	struct net_bridge *br;
43 	struct net_device *dev;
44 	int err;
45 
46 	if (test_bit(vid, v->vlan_bitmap)) {
47 		__vlan_add_flags(v, vid, flags);
48 		return 0;
49 	}
50 
51 	if (v->port_idx) {
52 		p = v->parent.port;
53 		br = p->br;
54 		dev = p->dev;
55 	} else {
56 		br = v->parent.br;
57 		dev = br->dev;
58 	}
59 
60 	if (p) {
61 		/* Add VLAN to the device filter if it is supported.
62 		 * This ensures tagged traffic enters the bridge when
63 		 * promiscuous mode is disabled by br_manage_promisc().
64 		 */
65 		err = vlan_vid_add(dev, br->vlan_proto, vid);
66 		if (err)
67 			return err;
68 	}
69 
70 	err = br_fdb_insert(br, p, dev->dev_addr, vid);
71 	if (err) {
72 		br_err(br, "failed insert local address into bridge "
73 		       "forwarding table\n");
74 		goto out_filt;
75 	}
76 
77 	set_bit(vid, v->vlan_bitmap);
78 	v->num_vlans++;
79 	__vlan_add_flags(v, vid, flags);
80 
81 	return 0;
82 
83 out_filt:
84 	if (p)
85 		vlan_vid_del(dev, br->vlan_proto, vid);
86 	return err;
87 }
88 
89 static int __vlan_del(struct net_port_vlans *v, u16 vid)
90 {
91 	if (!test_bit(vid, v->vlan_bitmap))
92 		return -EINVAL;
93 
94 	__vlan_delete_pvid(v, vid);
95 	clear_bit(vid, v->untagged_bitmap);
96 
97 	if (v->port_idx) {
98 		struct net_bridge_port *p = v->parent.port;
99 		vlan_vid_del(p->dev, p->br->vlan_proto, vid);
100 	}
101 
102 	clear_bit(vid, v->vlan_bitmap);
103 	v->num_vlans--;
104 	if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) {
105 		if (v->port_idx)
106 			RCU_INIT_POINTER(v->parent.port->vlan_info, NULL);
107 		else
108 			RCU_INIT_POINTER(v->parent.br->vlan_info, NULL);
109 		kfree_rcu(v, rcu);
110 	}
111 	return 0;
112 }
113 
114 static void __vlan_flush(struct net_port_vlans *v)
115 {
116 	smp_wmb();
117 	v->pvid = 0;
118 	bitmap_zero(v->vlan_bitmap, VLAN_N_VID);
119 	if (v->port_idx)
120 		RCU_INIT_POINTER(v->parent.port->vlan_info, NULL);
121 	else
122 		RCU_INIT_POINTER(v->parent.br->vlan_info, NULL);
123 	kfree_rcu(v, rcu);
124 }
125 
126 struct sk_buff *br_handle_vlan(struct net_bridge *br,
127 			       const struct net_port_vlans *pv,
128 			       struct sk_buff *skb)
129 {
130 	u16 vid;
131 
132 	/* If this packet was not filtered at input, let it pass */
133 	if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
134 		goto out;
135 
136 	/* Vlan filter table must be configured at this point.  The
137 	 * only exception is the bridge is set in promisc mode and the
138 	 * packet is destined for the bridge device.  In this case
139 	 * pass the packet as is.
140 	 */
141 	if (!pv) {
142 		if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
143 			goto out;
144 		} else {
145 			kfree_skb(skb);
146 			return NULL;
147 		}
148 	}
149 
150 	/* At this point, we know that the frame was filtered and contains
151 	 * a valid vlan id.  If the vlan id is set in the untagged bitmap,
152 	 * send untagged; otherwise, send tagged.
153 	 */
154 	br_vlan_get_tag(skb, &vid);
155 	if (test_bit(vid, pv->untagged_bitmap))
156 		skb->vlan_tci = 0;
157 
158 out:
159 	return skb;
160 }
161 
162 /* Called under RCU */
163 bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
164 			struct sk_buff *skb, u16 *vid)
165 {
166 	bool tagged;
167 	__be16 proto;
168 
169 	/* If VLAN filtering is disabled on the bridge, all packets are
170 	 * permitted.
171 	 */
172 	if (!br->vlan_enabled) {
173 		BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
174 		return true;
175 	}
176 
177 	/* If there are no vlan in the permitted list, all packets are
178 	 * rejected.
179 	 */
180 	if (!v)
181 		goto drop;
182 
183 	BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
184 	proto = br->vlan_proto;
185 
186 	/* If vlan tx offload is disabled on bridge device and frame was
187 	 * sent from vlan device on the bridge device, it does not have
188 	 * HW accelerated vlan tag.
189 	 */
190 	if (unlikely(!vlan_tx_tag_present(skb) &&
191 		     skb->protocol == proto)) {
192 		skb = skb_vlan_untag(skb);
193 		if (unlikely(!skb))
194 			return false;
195 	}
196 
197 	if (!br_vlan_get_tag(skb, vid)) {
198 		/* Tagged frame */
199 		if (skb->vlan_proto != proto) {
200 			/* Protocol-mismatch, empty out vlan_tci for new tag */
201 			skb_push(skb, ETH_HLEN);
202 			skb = __vlan_put_tag(skb, skb->vlan_proto,
203 					     vlan_tx_tag_get(skb));
204 			if (unlikely(!skb))
205 				return false;
206 
207 			skb_pull(skb, ETH_HLEN);
208 			skb_reset_mac_len(skb);
209 			*vid = 0;
210 			tagged = false;
211 		} else {
212 			tagged = true;
213 		}
214 	} else {
215 		/* Untagged frame */
216 		tagged = false;
217 	}
218 
219 	if (!*vid) {
220 		u16 pvid = br_get_pvid(v);
221 
222 		/* Frame had a tag with VID 0 or did not have a tag.
223 		 * See if pvid is set on this port.  That tells us which
224 		 * vlan untagged or priority-tagged traffic belongs to.
225 		 */
226 		if (!pvid)
227 			goto drop;
228 
229 		/* PVID is set on this port.  Any untagged or priority-tagged
230 		 * ingress frame is considered to belong to this vlan.
231 		 */
232 		*vid = pvid;
233 		if (likely(!tagged))
234 			/* Untagged Frame. */
235 			__vlan_hwaccel_put_tag(skb, proto, pvid);
236 		else
237 			/* Priority-tagged Frame.
238 			 * At this point, We know that skb->vlan_tci had
239 			 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
240 			 * We update only VID field and preserve PCP field.
241 			 */
242 			skb->vlan_tci |= pvid;
243 
244 		return true;
245 	}
246 
247 	/* Frame had a valid vlan tag.  See if vlan is allowed */
248 	if (test_bit(*vid, v->vlan_bitmap))
249 		return true;
250 drop:
251 	kfree_skb(skb);
252 	return false;
253 }
254 
255 /* Called under RCU. */
256 bool br_allowed_egress(struct net_bridge *br,
257 		       const struct net_port_vlans *v,
258 		       const struct sk_buff *skb)
259 {
260 	u16 vid;
261 
262 	/* If this packet was not filtered at input, let it pass */
263 	if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
264 		return true;
265 
266 	if (!v)
267 		return false;
268 
269 	br_vlan_get_tag(skb, &vid);
270 	if (test_bit(vid, v->vlan_bitmap))
271 		return true;
272 
273 	return false;
274 }
275 
276 /* Called under RCU */
277 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
278 {
279 	struct net_bridge *br = p->br;
280 	struct net_port_vlans *v;
281 
282 	/* If filtering was disabled at input, let it pass. */
283 	if (!br->vlan_enabled)
284 		return true;
285 
286 	v = rcu_dereference(p->vlan_info);
287 	if (!v)
288 		return false;
289 
290 	if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
291 		*vid = 0;
292 
293 	if (!*vid) {
294 		*vid = br_get_pvid(v);
295 		if (!*vid)
296 			return false;
297 
298 		return true;
299 	}
300 
301 	if (test_bit(*vid, v->vlan_bitmap))
302 		return true;
303 
304 	return false;
305 }
306 
307 /* Must be protected by RTNL.
308  * Must be called with vid in range from 1 to 4094 inclusive.
309  */
310 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
311 {
312 	struct net_port_vlans *pv = NULL;
313 	int err;
314 
315 	ASSERT_RTNL();
316 
317 	pv = rtnl_dereference(br->vlan_info);
318 	if (pv)
319 		return __vlan_add(pv, vid, flags);
320 
321 	/* Create port vlan infomration
322 	 */
323 	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
324 	if (!pv)
325 		return -ENOMEM;
326 
327 	pv->parent.br = br;
328 	err = __vlan_add(pv, vid, flags);
329 	if (err)
330 		goto out;
331 
332 	rcu_assign_pointer(br->vlan_info, pv);
333 	return 0;
334 out:
335 	kfree(pv);
336 	return err;
337 }
338 
339 /* Must be protected by RTNL.
340  * Must be called with vid in range from 1 to 4094 inclusive.
341  */
342 int br_vlan_delete(struct net_bridge *br, u16 vid)
343 {
344 	struct net_port_vlans *pv;
345 
346 	ASSERT_RTNL();
347 
348 	pv = rtnl_dereference(br->vlan_info);
349 	if (!pv)
350 		return -EINVAL;
351 
352 	br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
353 
354 	__vlan_del(pv, vid);
355 	return 0;
356 }
357 
358 void br_vlan_flush(struct net_bridge *br)
359 {
360 	struct net_port_vlans *pv;
361 
362 	ASSERT_RTNL();
363 	pv = rtnl_dereference(br->vlan_info);
364 	if (!pv)
365 		return;
366 
367 	__vlan_flush(pv);
368 }
369 
370 bool br_vlan_find(struct net_bridge *br, u16 vid)
371 {
372 	struct net_port_vlans *pv;
373 	bool found = false;
374 
375 	rcu_read_lock();
376 	pv = rcu_dereference(br->vlan_info);
377 
378 	if (!pv)
379 		goto out;
380 
381 	if (test_bit(vid, pv->vlan_bitmap))
382 		found = true;
383 
384 out:
385 	rcu_read_unlock();
386 	return found;
387 }
388 
389 /* Must be protected by RTNL. */
390 static void recalculate_group_addr(struct net_bridge *br)
391 {
392 	if (br->group_addr_set)
393 		return;
394 
395 	spin_lock_bh(&br->lock);
396 	if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) {
397 		/* Bridge Group Address */
398 		br->group_addr[5] = 0x00;
399 	} else { /* vlan_enabled && ETH_P_8021AD */
400 		/* Provider Bridge Group Address */
401 		br->group_addr[5] = 0x08;
402 	}
403 	spin_unlock_bh(&br->lock);
404 }
405 
406 /* Must be protected by RTNL. */
407 void br_recalculate_fwd_mask(struct net_bridge *br)
408 {
409 	if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q))
410 		br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
411 	else /* vlan_enabled && ETH_P_8021AD */
412 		br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
413 					      ~(1u << br->group_addr[5]);
414 }
415 
416 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
417 {
418 	if (!rtnl_trylock())
419 		return restart_syscall();
420 
421 	if (br->vlan_enabled == val)
422 		goto unlock;
423 
424 	br->vlan_enabled = val;
425 	br_manage_promisc(br);
426 	recalculate_group_addr(br);
427 	br_recalculate_fwd_mask(br);
428 
429 unlock:
430 	rtnl_unlock();
431 	return 0;
432 }
433 
434 int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
435 {
436 	int err = 0;
437 	struct net_bridge_port *p;
438 	struct net_port_vlans *pv;
439 	__be16 proto, oldproto;
440 	u16 vid, errvid;
441 
442 	if (val != ETH_P_8021Q && val != ETH_P_8021AD)
443 		return -EPROTONOSUPPORT;
444 
445 	if (!rtnl_trylock())
446 		return restart_syscall();
447 
448 	proto = htons(val);
449 	if (br->vlan_proto == proto)
450 		goto unlock;
451 
452 	/* Add VLANs for the new proto to the device filter. */
453 	list_for_each_entry(p, &br->port_list, list) {
454 		pv = rtnl_dereference(p->vlan_info);
455 		if (!pv)
456 			continue;
457 
458 		for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) {
459 			err = vlan_vid_add(p->dev, proto, vid);
460 			if (err)
461 				goto err_filt;
462 		}
463 	}
464 
465 	oldproto = br->vlan_proto;
466 	br->vlan_proto = proto;
467 
468 	recalculate_group_addr(br);
469 	br_recalculate_fwd_mask(br);
470 
471 	/* Delete VLANs for the old proto from the device filter. */
472 	list_for_each_entry(p, &br->port_list, list) {
473 		pv = rtnl_dereference(p->vlan_info);
474 		if (!pv)
475 			continue;
476 
477 		for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID)
478 			vlan_vid_del(p->dev, oldproto, vid);
479 	}
480 
481 unlock:
482 	rtnl_unlock();
483 	return err;
484 
485 err_filt:
486 	errvid = vid;
487 	for_each_set_bit(vid, pv->vlan_bitmap, errvid)
488 		vlan_vid_del(p->dev, proto, vid);
489 
490 	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
491 		pv = rtnl_dereference(p->vlan_info);
492 		if (!pv)
493 			continue;
494 
495 		for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID)
496 			vlan_vid_del(p->dev, proto, vid);
497 	}
498 
499 	goto unlock;
500 }
501 
502 static bool vlan_default_pvid(struct net_port_vlans *pv, u16 vid)
503 {
504 	return pv && vid == pv->pvid && test_bit(vid, pv->untagged_bitmap);
505 }
506 
507 static void br_vlan_disable_default_pvid(struct net_bridge *br)
508 {
509 	struct net_bridge_port *p;
510 	u16 pvid = br->default_pvid;
511 
512 	/* Disable default_pvid on all ports where it is still
513 	 * configured.
514 	 */
515 	if (vlan_default_pvid(br_get_vlan_info(br), pvid))
516 		br_vlan_delete(br, pvid);
517 
518 	list_for_each_entry(p, &br->port_list, list) {
519 		if (vlan_default_pvid(nbp_get_vlan_info(p), pvid))
520 			nbp_vlan_delete(p, pvid);
521 	}
522 
523 	br->default_pvid = 0;
524 }
525 
526 static int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid)
527 {
528 	struct net_bridge_port *p;
529 	u16 old_pvid;
530 	int err = 0;
531 	unsigned long *changed;
532 
533 	changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long),
534 			  GFP_KERNEL);
535 	if (!changed)
536 		return -ENOMEM;
537 
538 	old_pvid = br->default_pvid;
539 
540 	/* Update default_pvid config only if we do not conflict with
541 	 * user configuration.
542 	 */
543 	if ((!old_pvid || vlan_default_pvid(br_get_vlan_info(br), old_pvid)) &&
544 	    !br_vlan_find(br, pvid)) {
545 		err = br_vlan_add(br, pvid,
546 				  BRIDGE_VLAN_INFO_PVID |
547 				  BRIDGE_VLAN_INFO_UNTAGGED);
548 		if (err)
549 			goto out;
550 		br_vlan_delete(br, old_pvid);
551 		set_bit(0, changed);
552 	}
553 
554 	list_for_each_entry(p, &br->port_list, list) {
555 		/* Update default_pvid config only if we do not conflict with
556 		 * user configuration.
557 		 */
558 		if ((old_pvid &&
559 		     !vlan_default_pvid(nbp_get_vlan_info(p), old_pvid)) ||
560 		    nbp_vlan_find(p, pvid))
561 			continue;
562 
563 		err = nbp_vlan_add(p, pvid,
564 				   BRIDGE_VLAN_INFO_PVID |
565 				   BRIDGE_VLAN_INFO_UNTAGGED);
566 		if (err)
567 			goto err_port;
568 		nbp_vlan_delete(p, old_pvid);
569 		set_bit(p->port_no, changed);
570 	}
571 
572 	br->default_pvid = pvid;
573 
574 out:
575 	kfree(changed);
576 	return err;
577 
578 err_port:
579 	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
580 		if (!test_bit(p->port_no, changed))
581 			continue;
582 
583 		if (old_pvid)
584 			nbp_vlan_add(p, old_pvid,
585 				     BRIDGE_VLAN_INFO_PVID |
586 				     BRIDGE_VLAN_INFO_UNTAGGED);
587 		nbp_vlan_delete(p, pvid);
588 	}
589 
590 	if (test_bit(0, changed)) {
591 		if (old_pvid)
592 			br_vlan_add(br, old_pvid,
593 				    BRIDGE_VLAN_INFO_PVID |
594 				    BRIDGE_VLAN_INFO_UNTAGGED);
595 		br_vlan_delete(br, pvid);
596 	}
597 	goto out;
598 }
599 
600 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val)
601 {
602 	u16 pvid = val;
603 	int err = 0;
604 
605 	if (val >= VLAN_VID_MASK)
606 		return -EINVAL;
607 
608 	if (!rtnl_trylock())
609 		return restart_syscall();
610 
611 	if (pvid == br->default_pvid)
612 		goto unlock;
613 
614 	/* Only allow default pvid change when filtering is disabled */
615 	if (br->vlan_enabled) {
616 		pr_info_once("Please disable vlan filtering to change default_pvid\n");
617 		err = -EPERM;
618 		goto unlock;
619 	}
620 
621 	if (!pvid)
622 		br_vlan_disable_default_pvid(br);
623 	else
624 		err = __br_vlan_set_default_pvid(br, pvid);
625 
626 unlock:
627 	rtnl_unlock();
628 	return err;
629 }
630 
631 int br_vlan_init(struct net_bridge *br)
632 {
633 	br->vlan_proto = htons(ETH_P_8021Q);
634 	br->default_pvid = 1;
635 	return br_vlan_add(br, 1,
636 			   BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED);
637 }
638 
639 /* Must be protected by RTNL.
640  * Must be called with vid in range from 1 to 4094 inclusive.
641  */
642 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
643 {
644 	struct net_port_vlans *pv = NULL;
645 	int err;
646 
647 	ASSERT_RTNL();
648 
649 	pv = rtnl_dereference(port->vlan_info);
650 	if (pv)
651 		return __vlan_add(pv, vid, flags);
652 
653 	/* Create port vlan infomration
654 	 */
655 	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
656 	if (!pv) {
657 		err = -ENOMEM;
658 		goto clean_up;
659 	}
660 
661 	pv->port_idx = port->port_no;
662 	pv->parent.port = port;
663 	err = __vlan_add(pv, vid, flags);
664 	if (err)
665 		goto clean_up;
666 
667 	rcu_assign_pointer(port->vlan_info, pv);
668 	return 0;
669 
670 clean_up:
671 	kfree(pv);
672 	return err;
673 }
674 
675 /* Must be protected by RTNL.
676  * Must be called with vid in range from 1 to 4094 inclusive.
677  */
678 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
679 {
680 	struct net_port_vlans *pv;
681 
682 	ASSERT_RTNL();
683 
684 	pv = rtnl_dereference(port->vlan_info);
685 	if (!pv)
686 		return -EINVAL;
687 
688 	br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
689 
690 	return __vlan_del(pv, vid);
691 }
692 
693 void nbp_vlan_flush(struct net_bridge_port *port)
694 {
695 	struct net_port_vlans *pv;
696 	u16 vid;
697 
698 	ASSERT_RTNL();
699 
700 	pv = rtnl_dereference(port->vlan_info);
701 	if (!pv)
702 		return;
703 
704 	for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID)
705 		vlan_vid_del(port->dev, port->br->vlan_proto, vid);
706 
707 	__vlan_flush(pv);
708 }
709 
710 bool nbp_vlan_find(struct net_bridge_port *port, u16 vid)
711 {
712 	struct net_port_vlans *pv;
713 	bool found = false;
714 
715 	rcu_read_lock();
716 	pv = rcu_dereference(port->vlan_info);
717 
718 	if (!pv)
719 		goto out;
720 
721 	if (test_bit(vid, pv->vlan_bitmap))
722 		found = true;
723 
724 out:
725 	rcu_read_unlock();
726 	return found;
727 }
728 
729 int nbp_vlan_init(struct net_bridge_port *p)
730 {
731 	return p->br->default_pvid ?
732 			nbp_vlan_add(p, p->br->default_pvid,
733 				     BRIDGE_VLAN_INFO_PVID |
734 				     BRIDGE_VLAN_INFO_UNTAGGED) :
735 			0;
736 }
737