1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 #include <net/switchdev.h> 6 7 #include "br_private.h" 8 #include "br_private_tunnel.h" 9 10 static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg, 11 const void *ptr) 12 { 13 const struct net_bridge_vlan *vle = ptr; 14 u16 vid = *(u16 *)arg->key; 15 16 return vle->vid != vid; 17 } 18 19 static const struct rhashtable_params br_vlan_rht_params = { 20 .head_offset = offsetof(struct net_bridge_vlan, vnode), 21 .key_offset = offsetof(struct net_bridge_vlan, vid), 22 .key_len = sizeof(u16), 23 .nelem_hint = 3, 24 .locks_mul = 1, 25 .max_size = VLAN_N_VID, 26 .obj_cmpfn = br_vlan_cmp, 27 .automatic_shrinking = true, 28 }; 29 30 static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid) 31 { 32 return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params); 33 } 34 35 static void __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid) 36 { 37 if (vg->pvid == vid) 38 return; 39 40 smp_wmb(); 41 vg->pvid = vid; 42 } 43 44 static void __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid) 45 { 46 if (vg->pvid != vid) 47 return; 48 49 smp_wmb(); 50 vg->pvid = 0; 51 } 52 53 static void __vlan_add_flags(struct net_bridge_vlan *v, u16 flags) 54 { 55 struct net_bridge_vlan_group *vg; 56 57 if (br_vlan_is_master(v)) 58 vg = br_vlan_group(v->br); 59 else 60 vg = nbp_vlan_group(v->port); 61 62 if (flags & BRIDGE_VLAN_INFO_PVID) 63 __vlan_add_pvid(vg, v->vid); 64 else 65 __vlan_delete_pvid(vg, v->vid); 66 67 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 68 v->flags |= BRIDGE_VLAN_INFO_UNTAGGED; 69 else 70 v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED; 71 } 72 73 static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, 74 u16 vid, u16 flags) 75 { 76 struct switchdev_obj_port_vlan v = { 77 .obj.orig_dev = dev, 78 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, 79 .flags = flags, 80 .vid_begin = vid, 81 .vid_end = vid, 82 }; 83 int err; 84 85 /* Try switchdev op first. In case it is not supported, fallback to 86 * 8021q add. 87 */ 88 err = switchdev_port_obj_add(dev, &v.obj); 89 if (err == -EOPNOTSUPP) 90 return vlan_vid_add(dev, br->vlan_proto, vid); 91 return err; 92 } 93 94 static void __vlan_add_list(struct net_bridge_vlan *v) 95 { 96 struct net_bridge_vlan_group *vg; 97 struct list_head *headp, *hpos; 98 struct net_bridge_vlan *vent; 99 100 if (br_vlan_is_master(v)) 101 vg = br_vlan_group(v->br); 102 else 103 vg = nbp_vlan_group(v->port); 104 105 headp = &vg->vlan_list; 106 list_for_each_prev(hpos, headp) { 107 vent = list_entry(hpos, struct net_bridge_vlan, vlist); 108 if (v->vid < vent->vid) 109 continue; 110 else 111 break; 112 } 113 list_add_rcu(&v->vlist, hpos); 114 } 115 116 static void __vlan_del_list(struct net_bridge_vlan *v) 117 { 118 list_del_rcu(&v->vlist); 119 } 120 121 static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br, 122 u16 vid) 123 { 124 struct switchdev_obj_port_vlan v = { 125 .obj.orig_dev = dev, 126 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, 127 .vid_begin = vid, 128 .vid_end = vid, 129 }; 130 int err; 131 132 /* Try switchdev op first. In case it is not supported, fallback to 133 * 8021q del. 134 */ 135 err = switchdev_port_obj_del(dev, &v.obj); 136 if (err == -EOPNOTSUPP) { 137 vlan_vid_del(dev, br->vlan_proto, vid); 138 return 0; 139 } 140 return err; 141 } 142 143 /* Returns a master vlan, if it didn't exist it gets created. In all cases a 144 * a reference is taken to the master vlan before returning. 145 */ 146 static struct net_bridge_vlan *br_vlan_get_master(struct net_bridge *br, u16 vid) 147 { 148 struct net_bridge_vlan_group *vg; 149 struct net_bridge_vlan *masterv; 150 151 vg = br_vlan_group(br); 152 masterv = br_vlan_find(vg, vid); 153 if (!masterv) { 154 /* missing global ctx, create it now */ 155 if (br_vlan_add(br, vid, 0)) 156 return NULL; 157 masterv = br_vlan_find(vg, vid); 158 if (WARN_ON(!masterv)) 159 return NULL; 160 } 161 refcount_inc(&masterv->refcnt); 162 163 return masterv; 164 } 165 166 static void br_master_vlan_rcu_free(struct rcu_head *rcu) 167 { 168 struct net_bridge_vlan *v; 169 170 v = container_of(rcu, struct net_bridge_vlan, rcu); 171 WARN_ON(!br_vlan_is_master(v)); 172 free_percpu(v->stats); 173 v->stats = NULL; 174 kfree(v); 175 } 176 177 static void br_vlan_put_master(struct net_bridge_vlan *masterv) 178 { 179 struct net_bridge_vlan_group *vg; 180 181 if (!br_vlan_is_master(masterv)) 182 return; 183 184 vg = br_vlan_group(masterv->br); 185 if (refcount_dec_and_test(&masterv->refcnt)) { 186 rhashtable_remove_fast(&vg->vlan_hash, 187 &masterv->vnode, br_vlan_rht_params); 188 __vlan_del_list(masterv); 189 call_rcu(&masterv->rcu, br_master_vlan_rcu_free); 190 } 191 } 192 193 /* This is the shared VLAN add function which works for both ports and bridge 194 * devices. There are four possible calls to this function in terms of the 195 * vlan entry type: 196 * 1. vlan is being added on a port (no master flags, global entry exists) 197 * 2. vlan is being added on a bridge (both master and brentry flags) 198 * 3. vlan is being added on a port, but a global entry didn't exist which 199 * is being created right now (master flag set, brentry flag unset), the 200 * global entry is used for global per-vlan features, but not for filtering 201 * 4. same as 3 but with both master and brentry flags set so the entry 202 * will be used for filtering in both the port and the bridge 203 */ 204 static int __vlan_add(struct net_bridge_vlan *v, u16 flags) 205 { 206 struct net_bridge_vlan *masterv = NULL; 207 struct net_bridge_port *p = NULL; 208 struct net_bridge_vlan_group *vg; 209 struct net_device *dev; 210 struct net_bridge *br; 211 int err; 212 213 if (br_vlan_is_master(v)) { 214 br = v->br; 215 dev = br->dev; 216 vg = br_vlan_group(br); 217 } else { 218 p = v->port; 219 br = p->br; 220 dev = p->dev; 221 vg = nbp_vlan_group(p); 222 } 223 224 if (p) { 225 /* Add VLAN to the device filter if it is supported. 226 * This ensures tagged traffic enters the bridge when 227 * promiscuous mode is disabled by br_manage_promisc(). 228 */ 229 err = __vlan_vid_add(dev, br, v->vid, flags); 230 if (err) 231 goto out; 232 233 /* need to work on the master vlan too */ 234 if (flags & BRIDGE_VLAN_INFO_MASTER) { 235 err = br_vlan_add(br, v->vid, flags | 236 BRIDGE_VLAN_INFO_BRENTRY); 237 if (err) 238 goto out_filt; 239 } 240 241 masterv = br_vlan_get_master(br, v->vid); 242 if (!masterv) 243 goto out_filt; 244 v->brvlan = masterv; 245 v->stats = masterv->stats; 246 } 247 248 /* Add the dev mac and count the vlan only if it's usable */ 249 if (br_vlan_should_use(v)) { 250 err = br_fdb_insert(br, p, dev->dev_addr, v->vid); 251 if (err) { 252 br_err(br, "failed insert local address into bridge forwarding table\n"); 253 goto out_filt; 254 } 255 vg->num_vlans++; 256 } 257 258 err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode, 259 br_vlan_rht_params); 260 if (err) 261 goto out_fdb_insert; 262 263 __vlan_add_list(v); 264 __vlan_add_flags(v, flags); 265 out: 266 return err; 267 268 out_fdb_insert: 269 if (br_vlan_should_use(v)) { 270 br_fdb_find_delete_local(br, p, dev->dev_addr, v->vid); 271 vg->num_vlans--; 272 } 273 274 out_filt: 275 if (p) { 276 __vlan_vid_del(dev, br, v->vid); 277 if (masterv) { 278 br_vlan_put_master(masterv); 279 v->brvlan = NULL; 280 } 281 } 282 283 goto out; 284 } 285 286 static int __vlan_del(struct net_bridge_vlan *v) 287 { 288 struct net_bridge_vlan *masterv = v; 289 struct net_bridge_vlan_group *vg; 290 struct net_bridge_port *p = NULL; 291 int err = 0; 292 293 if (br_vlan_is_master(v)) { 294 vg = br_vlan_group(v->br); 295 } else { 296 p = v->port; 297 vg = nbp_vlan_group(v->port); 298 masterv = v->brvlan; 299 } 300 301 __vlan_delete_pvid(vg, v->vid); 302 if (p) { 303 err = __vlan_vid_del(p->dev, p->br, v->vid); 304 if (err) 305 goto out; 306 } 307 308 if (br_vlan_should_use(v)) { 309 v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY; 310 vg->num_vlans--; 311 } 312 313 if (masterv != v) { 314 vlan_tunnel_info_del(vg, v); 315 rhashtable_remove_fast(&vg->vlan_hash, &v->vnode, 316 br_vlan_rht_params); 317 __vlan_del_list(v); 318 kfree_rcu(v, rcu); 319 } 320 321 br_vlan_put_master(masterv); 322 out: 323 return err; 324 } 325 326 static void __vlan_group_free(struct net_bridge_vlan_group *vg) 327 { 328 WARN_ON(!list_empty(&vg->vlan_list)); 329 rhashtable_destroy(&vg->vlan_hash); 330 vlan_tunnel_deinit(vg); 331 kfree(vg); 332 } 333 334 static void __vlan_flush(struct net_bridge_vlan_group *vg) 335 { 336 struct net_bridge_vlan *vlan, *tmp; 337 338 __vlan_delete_pvid(vg, vg->pvid); 339 list_for_each_entry_safe(vlan, tmp, &vg->vlan_list, vlist) 340 __vlan_del(vlan); 341 } 342 343 struct sk_buff *br_handle_vlan(struct net_bridge *br, 344 const struct net_bridge_port *p, 345 struct net_bridge_vlan_group *vg, 346 struct sk_buff *skb) 347 { 348 struct br_vlan_stats *stats; 349 struct net_bridge_vlan *v; 350 u16 vid; 351 352 /* If this packet was not filtered at input, let it pass */ 353 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 354 goto out; 355 356 /* At this point, we know that the frame was filtered and contains 357 * a valid vlan id. If the vlan id has untagged flag set, 358 * send untagged; otherwise, send tagged. 359 */ 360 br_vlan_get_tag(skb, &vid); 361 v = br_vlan_find(vg, vid); 362 /* Vlan entry must be configured at this point. The 363 * only exception is the bridge is set in promisc mode and the 364 * packet is destined for the bridge device. In this case 365 * pass the packet as is. 366 */ 367 if (!v || !br_vlan_should_use(v)) { 368 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) { 369 goto out; 370 } else { 371 kfree_skb(skb); 372 return NULL; 373 } 374 } 375 if (br->vlan_stats_enabled) { 376 stats = this_cpu_ptr(v->stats); 377 u64_stats_update_begin(&stats->syncp); 378 stats->tx_bytes += skb->len; 379 stats->tx_packets++; 380 u64_stats_update_end(&stats->syncp); 381 } 382 383 if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED) 384 skb->vlan_tci = 0; 385 386 if (p && (p->flags & BR_VLAN_TUNNEL) && 387 br_handle_egress_vlan_tunnel(skb, v)) { 388 kfree_skb(skb); 389 return NULL; 390 } 391 out: 392 return skb; 393 } 394 395 /* Called under RCU */ 396 static bool __allowed_ingress(const struct net_bridge *br, 397 struct net_bridge_vlan_group *vg, 398 struct sk_buff *skb, u16 *vid) 399 { 400 struct br_vlan_stats *stats; 401 struct net_bridge_vlan *v; 402 bool tagged; 403 404 BR_INPUT_SKB_CB(skb)->vlan_filtered = true; 405 /* If vlan tx offload is disabled on bridge device and frame was 406 * sent from vlan device on the bridge device, it does not have 407 * HW accelerated vlan tag. 408 */ 409 if (unlikely(!skb_vlan_tag_present(skb) && 410 skb->protocol == br->vlan_proto)) { 411 skb = skb_vlan_untag(skb); 412 if (unlikely(!skb)) 413 return false; 414 } 415 416 if (!br_vlan_get_tag(skb, vid)) { 417 /* Tagged frame */ 418 if (skb->vlan_proto != br->vlan_proto) { 419 /* Protocol-mismatch, empty out vlan_tci for new tag */ 420 skb_push(skb, ETH_HLEN); 421 skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto, 422 skb_vlan_tag_get(skb)); 423 if (unlikely(!skb)) 424 return false; 425 426 skb_pull(skb, ETH_HLEN); 427 skb_reset_mac_len(skb); 428 *vid = 0; 429 tagged = false; 430 } else { 431 tagged = true; 432 } 433 } else { 434 /* Untagged frame */ 435 tagged = false; 436 } 437 438 if (!*vid) { 439 u16 pvid = br_get_pvid(vg); 440 441 /* Frame had a tag with VID 0 or did not have a tag. 442 * See if pvid is set on this port. That tells us which 443 * vlan untagged or priority-tagged traffic belongs to. 444 */ 445 if (!pvid) 446 goto drop; 447 448 /* PVID is set on this port. Any untagged or priority-tagged 449 * ingress frame is considered to belong to this vlan. 450 */ 451 *vid = pvid; 452 if (likely(!tagged)) 453 /* Untagged Frame. */ 454 __vlan_hwaccel_put_tag(skb, br->vlan_proto, pvid); 455 else 456 /* Priority-tagged Frame. 457 * At this point, We know that skb->vlan_tci had 458 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 459 * We update only VID field and preserve PCP field. 460 */ 461 skb->vlan_tci |= pvid; 462 463 /* if stats are disabled we can avoid the lookup */ 464 if (!br->vlan_stats_enabled) 465 return true; 466 } 467 v = br_vlan_find(vg, *vid); 468 if (!v || !br_vlan_should_use(v)) 469 goto drop; 470 471 if (br->vlan_stats_enabled) { 472 stats = this_cpu_ptr(v->stats); 473 u64_stats_update_begin(&stats->syncp); 474 stats->rx_bytes += skb->len; 475 stats->rx_packets++; 476 u64_stats_update_end(&stats->syncp); 477 } 478 479 return true; 480 481 drop: 482 kfree_skb(skb); 483 return false; 484 } 485 486 bool br_allowed_ingress(const struct net_bridge *br, 487 struct net_bridge_vlan_group *vg, struct sk_buff *skb, 488 u16 *vid) 489 { 490 /* If VLAN filtering is disabled on the bridge, all packets are 491 * permitted. 492 */ 493 if (!br->vlan_enabled) { 494 BR_INPUT_SKB_CB(skb)->vlan_filtered = false; 495 return true; 496 } 497 498 return __allowed_ingress(br, vg, skb, vid); 499 } 500 501 /* Called under RCU. */ 502 bool br_allowed_egress(struct net_bridge_vlan_group *vg, 503 const struct sk_buff *skb) 504 { 505 const struct net_bridge_vlan *v; 506 u16 vid; 507 508 /* If this packet was not filtered at input, let it pass */ 509 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 510 return true; 511 512 br_vlan_get_tag(skb, &vid); 513 v = br_vlan_find(vg, vid); 514 if (v && br_vlan_should_use(v)) 515 return true; 516 517 return false; 518 } 519 520 /* Called under RCU */ 521 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid) 522 { 523 struct net_bridge_vlan_group *vg; 524 struct net_bridge *br = p->br; 525 526 /* If filtering was disabled at input, let it pass. */ 527 if (!br->vlan_enabled) 528 return true; 529 530 vg = nbp_vlan_group_rcu(p); 531 if (!vg || !vg->num_vlans) 532 return false; 533 534 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto) 535 *vid = 0; 536 537 if (!*vid) { 538 *vid = br_get_pvid(vg); 539 if (!*vid) 540 return false; 541 542 return true; 543 } 544 545 if (br_vlan_find(vg, *vid)) 546 return true; 547 548 return false; 549 } 550 551 /* Must be protected by RTNL. 552 * Must be called with vid in range from 1 to 4094 inclusive. 553 */ 554 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags) 555 { 556 struct net_bridge_vlan_group *vg; 557 struct net_bridge_vlan *vlan; 558 int ret; 559 560 ASSERT_RTNL(); 561 562 vg = br_vlan_group(br); 563 vlan = br_vlan_find(vg, vid); 564 if (vlan) { 565 if (!br_vlan_is_brentry(vlan)) { 566 /* Trying to change flags of non-existent bridge vlan */ 567 if (!(flags & BRIDGE_VLAN_INFO_BRENTRY)) 568 return -EINVAL; 569 /* It was only kept for port vlans, now make it real */ 570 ret = br_fdb_insert(br, NULL, br->dev->dev_addr, 571 vlan->vid); 572 if (ret) { 573 br_err(br, "failed insert local address into bridge forwarding table\n"); 574 return ret; 575 } 576 refcount_inc(&vlan->refcnt); 577 vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY; 578 vg->num_vlans++; 579 } 580 __vlan_add_flags(vlan, flags); 581 return 0; 582 } 583 584 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL); 585 if (!vlan) 586 return -ENOMEM; 587 588 vlan->stats = netdev_alloc_pcpu_stats(struct br_vlan_stats); 589 if (!vlan->stats) { 590 kfree(vlan); 591 return -ENOMEM; 592 } 593 vlan->vid = vid; 594 vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER; 595 vlan->flags &= ~BRIDGE_VLAN_INFO_PVID; 596 vlan->br = br; 597 if (flags & BRIDGE_VLAN_INFO_BRENTRY) 598 refcount_set(&vlan->refcnt, 1); 599 ret = __vlan_add(vlan, flags); 600 if (ret) { 601 free_percpu(vlan->stats); 602 kfree(vlan); 603 } 604 605 return ret; 606 } 607 608 /* Must be protected by RTNL. 609 * Must be called with vid in range from 1 to 4094 inclusive. 610 */ 611 int br_vlan_delete(struct net_bridge *br, u16 vid) 612 { 613 struct net_bridge_vlan_group *vg; 614 struct net_bridge_vlan *v; 615 616 ASSERT_RTNL(); 617 618 vg = br_vlan_group(br); 619 v = br_vlan_find(vg, vid); 620 if (!v || !br_vlan_is_brentry(v)) 621 return -ENOENT; 622 623 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid); 624 br_fdb_delete_by_port(br, NULL, vid, 0); 625 626 vlan_tunnel_info_del(vg, v); 627 628 return __vlan_del(v); 629 } 630 631 void br_vlan_flush(struct net_bridge *br) 632 { 633 struct net_bridge_vlan_group *vg; 634 635 ASSERT_RTNL(); 636 637 vg = br_vlan_group(br); 638 __vlan_flush(vg); 639 RCU_INIT_POINTER(br->vlgrp, NULL); 640 synchronize_rcu(); 641 __vlan_group_free(vg); 642 } 643 644 struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid) 645 { 646 if (!vg) 647 return NULL; 648 649 return br_vlan_lookup(&vg->vlan_hash, vid); 650 } 651 652 /* Must be protected by RTNL. */ 653 static void recalculate_group_addr(struct net_bridge *br) 654 { 655 if (br->group_addr_set) 656 return; 657 658 spin_lock_bh(&br->lock); 659 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) { 660 /* Bridge Group Address */ 661 br->group_addr[5] = 0x00; 662 } else { /* vlan_enabled && ETH_P_8021AD */ 663 /* Provider Bridge Group Address */ 664 br->group_addr[5] = 0x08; 665 } 666 spin_unlock_bh(&br->lock); 667 } 668 669 /* Must be protected by RTNL. */ 670 void br_recalculate_fwd_mask(struct net_bridge *br) 671 { 672 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) 673 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT; 674 else /* vlan_enabled && ETH_P_8021AD */ 675 br->group_fwd_mask_required = BR_GROUPFWD_8021AD & 676 ~(1u << br->group_addr[5]); 677 } 678 679 int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 680 { 681 struct switchdev_attr attr = { 682 .orig_dev = br->dev, 683 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING, 684 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP, 685 .u.vlan_filtering = val, 686 }; 687 int err; 688 689 if (br->vlan_enabled == val) 690 return 0; 691 692 err = switchdev_port_attr_set(br->dev, &attr); 693 if (err && err != -EOPNOTSUPP) 694 return err; 695 696 br->vlan_enabled = val; 697 br_manage_promisc(br); 698 recalculate_group_addr(br); 699 br_recalculate_fwd_mask(br); 700 701 return 0; 702 } 703 704 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 705 { 706 return __br_vlan_filter_toggle(br, val); 707 } 708 709 bool br_vlan_enabled(const struct net_device *dev) 710 { 711 struct net_bridge *br = netdev_priv(dev); 712 713 return !!br->vlan_enabled; 714 } 715 EXPORT_SYMBOL_GPL(br_vlan_enabled); 716 717 int __br_vlan_set_proto(struct net_bridge *br, __be16 proto) 718 { 719 int err = 0; 720 struct net_bridge_port *p; 721 struct net_bridge_vlan *vlan; 722 struct net_bridge_vlan_group *vg; 723 __be16 oldproto; 724 725 if (br->vlan_proto == proto) 726 return 0; 727 728 /* Add VLANs for the new proto to the device filter. */ 729 list_for_each_entry(p, &br->port_list, list) { 730 vg = nbp_vlan_group(p); 731 list_for_each_entry(vlan, &vg->vlan_list, vlist) { 732 err = vlan_vid_add(p->dev, proto, vlan->vid); 733 if (err) 734 goto err_filt; 735 } 736 } 737 738 oldproto = br->vlan_proto; 739 br->vlan_proto = proto; 740 741 recalculate_group_addr(br); 742 br_recalculate_fwd_mask(br); 743 744 /* Delete VLANs for the old proto from the device filter. */ 745 list_for_each_entry(p, &br->port_list, list) { 746 vg = nbp_vlan_group(p); 747 list_for_each_entry(vlan, &vg->vlan_list, vlist) 748 vlan_vid_del(p->dev, oldproto, vlan->vid); 749 } 750 751 return 0; 752 753 err_filt: 754 list_for_each_entry_continue_reverse(vlan, &vg->vlan_list, vlist) 755 vlan_vid_del(p->dev, proto, vlan->vid); 756 757 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 758 vg = nbp_vlan_group(p); 759 list_for_each_entry(vlan, &vg->vlan_list, vlist) 760 vlan_vid_del(p->dev, proto, vlan->vid); 761 } 762 763 return err; 764 } 765 766 int br_vlan_set_proto(struct net_bridge *br, unsigned long val) 767 { 768 if (val != ETH_P_8021Q && val != ETH_P_8021AD) 769 return -EPROTONOSUPPORT; 770 771 return __br_vlan_set_proto(br, htons(val)); 772 } 773 774 int br_vlan_set_stats(struct net_bridge *br, unsigned long val) 775 { 776 switch (val) { 777 case 0: 778 case 1: 779 br->vlan_stats_enabled = val; 780 break; 781 default: 782 return -EINVAL; 783 } 784 785 return 0; 786 } 787 788 static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid) 789 { 790 struct net_bridge_vlan *v; 791 792 if (vid != vg->pvid) 793 return false; 794 795 v = br_vlan_lookup(&vg->vlan_hash, vid); 796 if (v && br_vlan_should_use(v) && 797 (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) 798 return true; 799 800 return false; 801 } 802 803 static void br_vlan_disable_default_pvid(struct net_bridge *br) 804 { 805 struct net_bridge_port *p; 806 u16 pvid = br->default_pvid; 807 808 /* Disable default_pvid on all ports where it is still 809 * configured. 810 */ 811 if (vlan_default_pvid(br_vlan_group(br), pvid)) 812 br_vlan_delete(br, pvid); 813 814 list_for_each_entry(p, &br->port_list, list) { 815 if (vlan_default_pvid(nbp_vlan_group(p), pvid)) 816 nbp_vlan_delete(p, pvid); 817 } 818 819 br->default_pvid = 0; 820 } 821 822 int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid) 823 { 824 const struct net_bridge_vlan *pvent; 825 struct net_bridge_vlan_group *vg; 826 struct net_bridge_port *p; 827 u16 old_pvid; 828 int err = 0; 829 unsigned long *changed; 830 831 if (!pvid) { 832 br_vlan_disable_default_pvid(br); 833 return 0; 834 } 835 836 changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long), 837 GFP_KERNEL); 838 if (!changed) 839 return -ENOMEM; 840 841 old_pvid = br->default_pvid; 842 843 /* Update default_pvid config only if we do not conflict with 844 * user configuration. 845 */ 846 vg = br_vlan_group(br); 847 pvent = br_vlan_find(vg, pvid); 848 if ((!old_pvid || vlan_default_pvid(vg, old_pvid)) && 849 (!pvent || !br_vlan_should_use(pvent))) { 850 err = br_vlan_add(br, pvid, 851 BRIDGE_VLAN_INFO_PVID | 852 BRIDGE_VLAN_INFO_UNTAGGED | 853 BRIDGE_VLAN_INFO_BRENTRY); 854 if (err) 855 goto out; 856 br_vlan_delete(br, old_pvid); 857 set_bit(0, changed); 858 } 859 860 list_for_each_entry(p, &br->port_list, list) { 861 /* Update default_pvid config only if we do not conflict with 862 * user configuration. 863 */ 864 vg = nbp_vlan_group(p); 865 if ((old_pvid && 866 !vlan_default_pvid(vg, old_pvid)) || 867 br_vlan_find(vg, pvid)) 868 continue; 869 870 err = nbp_vlan_add(p, pvid, 871 BRIDGE_VLAN_INFO_PVID | 872 BRIDGE_VLAN_INFO_UNTAGGED); 873 if (err) 874 goto err_port; 875 nbp_vlan_delete(p, old_pvid); 876 set_bit(p->port_no, changed); 877 } 878 879 br->default_pvid = pvid; 880 881 out: 882 kfree(changed); 883 return err; 884 885 err_port: 886 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 887 if (!test_bit(p->port_no, changed)) 888 continue; 889 890 if (old_pvid) 891 nbp_vlan_add(p, old_pvid, 892 BRIDGE_VLAN_INFO_PVID | 893 BRIDGE_VLAN_INFO_UNTAGGED); 894 nbp_vlan_delete(p, pvid); 895 } 896 897 if (test_bit(0, changed)) { 898 if (old_pvid) 899 br_vlan_add(br, old_pvid, 900 BRIDGE_VLAN_INFO_PVID | 901 BRIDGE_VLAN_INFO_UNTAGGED | 902 BRIDGE_VLAN_INFO_BRENTRY); 903 br_vlan_delete(br, pvid); 904 } 905 goto out; 906 } 907 908 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val) 909 { 910 u16 pvid = val; 911 int err = 0; 912 913 if (val >= VLAN_VID_MASK) 914 return -EINVAL; 915 916 if (pvid == br->default_pvid) 917 goto out; 918 919 /* Only allow default pvid change when filtering is disabled */ 920 if (br->vlan_enabled) { 921 pr_info_once("Please disable vlan filtering to change default_pvid\n"); 922 err = -EPERM; 923 goto out; 924 } 925 err = __br_vlan_set_default_pvid(br, pvid); 926 out: 927 return err; 928 } 929 930 int br_vlan_init(struct net_bridge *br) 931 { 932 struct net_bridge_vlan_group *vg; 933 int ret = -ENOMEM; 934 935 vg = kzalloc(sizeof(*vg), GFP_KERNEL); 936 if (!vg) 937 goto out; 938 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params); 939 if (ret) 940 goto err_rhtbl; 941 ret = vlan_tunnel_init(vg); 942 if (ret) 943 goto err_tunnel_init; 944 INIT_LIST_HEAD(&vg->vlan_list); 945 br->vlan_proto = htons(ETH_P_8021Q); 946 br->default_pvid = 1; 947 rcu_assign_pointer(br->vlgrp, vg); 948 ret = br_vlan_add(br, 1, 949 BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED | 950 BRIDGE_VLAN_INFO_BRENTRY); 951 if (ret) 952 goto err_vlan_add; 953 954 out: 955 return ret; 956 957 err_vlan_add: 958 vlan_tunnel_deinit(vg); 959 err_tunnel_init: 960 rhashtable_destroy(&vg->vlan_hash); 961 err_rhtbl: 962 kfree(vg); 963 964 goto out; 965 } 966 967 int nbp_vlan_init(struct net_bridge_port *p) 968 { 969 struct switchdev_attr attr = { 970 .orig_dev = p->br->dev, 971 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING, 972 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP, 973 .u.vlan_filtering = p->br->vlan_enabled, 974 }; 975 struct net_bridge_vlan_group *vg; 976 int ret = -ENOMEM; 977 978 vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL); 979 if (!vg) 980 goto out; 981 982 ret = switchdev_port_attr_set(p->dev, &attr); 983 if (ret && ret != -EOPNOTSUPP) 984 goto err_vlan_enabled; 985 986 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params); 987 if (ret) 988 goto err_rhtbl; 989 ret = vlan_tunnel_init(vg); 990 if (ret) 991 goto err_tunnel_init; 992 INIT_LIST_HEAD(&vg->vlan_list); 993 rcu_assign_pointer(p->vlgrp, vg); 994 if (p->br->default_pvid) { 995 ret = nbp_vlan_add(p, p->br->default_pvid, 996 BRIDGE_VLAN_INFO_PVID | 997 BRIDGE_VLAN_INFO_UNTAGGED); 998 if (ret) 999 goto err_vlan_add; 1000 } 1001 out: 1002 return ret; 1003 1004 err_vlan_add: 1005 RCU_INIT_POINTER(p->vlgrp, NULL); 1006 synchronize_rcu(); 1007 vlan_tunnel_deinit(vg); 1008 err_tunnel_init: 1009 rhashtable_destroy(&vg->vlan_hash); 1010 err_rhtbl: 1011 err_vlan_enabled: 1012 kfree(vg); 1013 1014 goto out; 1015 } 1016 1017 /* Must be protected by RTNL. 1018 * Must be called with vid in range from 1 to 4094 inclusive. 1019 */ 1020 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags) 1021 { 1022 struct switchdev_obj_port_vlan v = { 1023 .obj.orig_dev = port->dev, 1024 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, 1025 .flags = flags, 1026 .vid_begin = vid, 1027 .vid_end = vid, 1028 }; 1029 struct net_bridge_vlan *vlan; 1030 int ret; 1031 1032 ASSERT_RTNL(); 1033 1034 vlan = br_vlan_find(nbp_vlan_group(port), vid); 1035 if (vlan) { 1036 /* Pass the flags to the hardware bridge */ 1037 ret = switchdev_port_obj_add(port->dev, &v.obj); 1038 if (ret && ret != -EOPNOTSUPP) 1039 return ret; 1040 __vlan_add_flags(vlan, flags); 1041 return 0; 1042 } 1043 1044 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL); 1045 if (!vlan) 1046 return -ENOMEM; 1047 1048 vlan->vid = vid; 1049 vlan->port = port; 1050 ret = __vlan_add(vlan, flags); 1051 if (ret) 1052 kfree(vlan); 1053 1054 return ret; 1055 } 1056 1057 /* Must be protected by RTNL. 1058 * Must be called with vid in range from 1 to 4094 inclusive. 1059 */ 1060 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 1061 { 1062 struct net_bridge_vlan *v; 1063 1064 ASSERT_RTNL(); 1065 1066 v = br_vlan_find(nbp_vlan_group(port), vid); 1067 if (!v) 1068 return -ENOENT; 1069 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid); 1070 br_fdb_delete_by_port(port->br, port, vid, 0); 1071 1072 return __vlan_del(v); 1073 } 1074 1075 void nbp_vlan_flush(struct net_bridge_port *port) 1076 { 1077 struct net_bridge_vlan_group *vg; 1078 1079 ASSERT_RTNL(); 1080 1081 vg = nbp_vlan_group(port); 1082 __vlan_flush(vg); 1083 RCU_INIT_POINTER(port->vlgrp, NULL); 1084 synchronize_rcu(); 1085 __vlan_group_free(vg); 1086 } 1087 1088 void br_vlan_get_stats(const struct net_bridge_vlan *v, 1089 struct br_vlan_stats *stats) 1090 { 1091 int i; 1092 1093 memset(stats, 0, sizeof(*stats)); 1094 for_each_possible_cpu(i) { 1095 u64 rxpackets, rxbytes, txpackets, txbytes; 1096 struct br_vlan_stats *cpu_stats; 1097 unsigned int start; 1098 1099 cpu_stats = per_cpu_ptr(v->stats, i); 1100 do { 1101 start = u64_stats_fetch_begin_irq(&cpu_stats->syncp); 1102 rxpackets = cpu_stats->rx_packets; 1103 rxbytes = cpu_stats->rx_bytes; 1104 txbytes = cpu_stats->tx_bytes; 1105 txpackets = cpu_stats->tx_packets; 1106 } while (u64_stats_fetch_retry_irq(&cpu_stats->syncp, start)); 1107 1108 stats->rx_packets += rxpackets; 1109 stats->rx_bytes += rxbytes; 1110 stats->tx_bytes += txbytes; 1111 stats->tx_packets += txpackets; 1112 } 1113 } 1114