1 #include <linux/kernel.h> 2 #include <linux/netdevice.h> 3 #include <linux/rtnetlink.h> 4 #include <linux/slab.h> 5 #include <net/switchdev.h> 6 7 #include "br_private.h" 8 9 static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg, 10 const void *ptr) 11 { 12 const struct net_bridge_vlan *vle = ptr; 13 u16 vid = *(u16 *)arg->key; 14 15 return vle->vid != vid; 16 } 17 18 static const struct rhashtable_params br_vlan_rht_params = { 19 .head_offset = offsetof(struct net_bridge_vlan, vnode), 20 .key_offset = offsetof(struct net_bridge_vlan, vid), 21 .key_len = sizeof(u16), 22 .nelem_hint = 3, 23 .locks_mul = 1, 24 .max_size = VLAN_N_VID, 25 .obj_cmpfn = br_vlan_cmp, 26 .automatic_shrinking = true, 27 }; 28 29 static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid) 30 { 31 return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params); 32 } 33 34 static void __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid) 35 { 36 if (vg->pvid == vid) 37 return; 38 39 smp_wmb(); 40 vg->pvid = vid; 41 } 42 43 static void __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid) 44 { 45 if (vg->pvid != vid) 46 return; 47 48 smp_wmb(); 49 vg->pvid = 0; 50 } 51 52 static void __vlan_add_flags(struct net_bridge_vlan *v, u16 flags) 53 { 54 struct net_bridge_vlan_group *vg; 55 56 if (br_vlan_is_master(v)) 57 vg = v->br->vlgrp; 58 else 59 vg = v->port->vlgrp; 60 61 if (flags & BRIDGE_VLAN_INFO_PVID) 62 __vlan_add_pvid(vg, v->vid); 63 else 64 __vlan_delete_pvid(vg, v->vid); 65 66 if (flags & BRIDGE_VLAN_INFO_UNTAGGED) 67 v->flags |= BRIDGE_VLAN_INFO_UNTAGGED; 68 else 69 v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED; 70 } 71 72 static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br, 73 u16 vid, u16 flags) 74 { 75 const struct net_device_ops *ops = dev->netdev_ops; 76 int err; 77 78 /* If driver uses VLAN ndo ops, use 8021q to install vid 79 * on device, otherwise try switchdev ops to install vid. 80 */ 81 82 if (ops->ndo_vlan_rx_add_vid) { 83 err = vlan_vid_add(dev, br->vlan_proto, vid); 84 } else { 85 struct switchdev_obj_port_vlan v = { 86 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, 87 .flags = flags, 88 .vid_begin = vid, 89 .vid_end = vid, 90 }; 91 92 err = switchdev_port_obj_add(dev, &v.obj); 93 if (err == -EOPNOTSUPP) 94 err = 0; 95 } 96 97 return err; 98 } 99 100 static void __vlan_add_list(struct net_bridge_vlan *v) 101 { 102 struct list_head *headp, *hpos; 103 struct net_bridge_vlan *vent; 104 105 headp = br_vlan_is_master(v) ? &v->br->vlgrp->vlan_list : 106 &v->port->vlgrp->vlan_list; 107 list_for_each_prev(hpos, headp) { 108 vent = list_entry(hpos, struct net_bridge_vlan, vlist); 109 if (v->vid < vent->vid) 110 continue; 111 else 112 break; 113 } 114 list_add_rcu(&v->vlist, hpos); 115 } 116 117 static void __vlan_del_list(struct net_bridge_vlan *v) 118 { 119 list_del_rcu(&v->vlist); 120 } 121 122 static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br, 123 u16 vid) 124 { 125 const struct net_device_ops *ops = dev->netdev_ops; 126 int err = 0; 127 128 /* If driver uses VLAN ndo ops, use 8021q to delete vid 129 * on device, otherwise try switchdev ops to delete vid. 130 */ 131 132 if (ops->ndo_vlan_rx_kill_vid) { 133 vlan_vid_del(dev, br->vlan_proto, vid); 134 } else { 135 struct switchdev_obj_port_vlan v = { 136 .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN, 137 .vid_begin = vid, 138 .vid_end = vid, 139 }; 140 141 err = switchdev_port_obj_del(dev, &v.obj); 142 if (err == -EOPNOTSUPP) 143 err = 0; 144 } 145 146 return err; 147 } 148 149 /* Returns a master vlan, if it didn't exist it gets created. In all cases a 150 * a reference is taken to the master vlan before returning. 151 */ 152 static struct net_bridge_vlan *br_vlan_get_master(struct net_bridge *br, u16 vid) 153 { 154 struct net_bridge_vlan *masterv; 155 156 masterv = br_vlan_find(br->vlgrp, vid); 157 if (!masterv) { 158 /* missing global ctx, create it now */ 159 if (br_vlan_add(br, vid, 0)) 160 return NULL; 161 masterv = br_vlan_find(br->vlgrp, vid); 162 if (WARN_ON(!masterv)) 163 return NULL; 164 } 165 atomic_inc(&masterv->refcnt); 166 167 return masterv; 168 } 169 170 static void br_vlan_put_master(struct net_bridge_vlan *masterv) 171 { 172 if (!br_vlan_is_master(masterv)) 173 return; 174 175 if (atomic_dec_and_test(&masterv->refcnt)) { 176 rhashtable_remove_fast(&masterv->br->vlgrp->vlan_hash, 177 &masterv->vnode, br_vlan_rht_params); 178 __vlan_del_list(masterv); 179 kfree_rcu(masterv, rcu); 180 } 181 } 182 183 /* This is the shared VLAN add function which works for both ports and bridge 184 * devices. There are four possible calls to this function in terms of the 185 * vlan entry type: 186 * 1. vlan is being added on a port (no master flags, global entry exists) 187 * 2. vlan is being added on a bridge (both master and brvlan flags) 188 * 3. vlan is being added on a port, but a global entry didn't exist which 189 * is being created right now (master flag set, brvlan flag unset), the 190 * global entry is used for global per-vlan features, but not for filtering 191 * 4. same as 3 but with both master and brvlan flags set so the entry 192 * will be used for filtering in both the port and the bridge 193 */ 194 static int __vlan_add(struct net_bridge_vlan *v, u16 flags) 195 { 196 struct net_bridge_vlan *masterv = NULL; 197 struct net_bridge_port *p = NULL; 198 struct rhashtable *tbl; 199 struct net_device *dev; 200 struct net_bridge *br; 201 int err; 202 203 if (br_vlan_is_master(v)) { 204 br = v->br; 205 dev = br->dev; 206 tbl = &br->vlgrp->vlan_hash; 207 } else { 208 p = v->port; 209 br = p->br; 210 dev = p->dev; 211 tbl = &p->vlgrp->vlan_hash; 212 } 213 214 if (p) { 215 u16 master_flags = flags; 216 217 /* Add VLAN to the device filter if it is supported. 218 * This ensures tagged traffic enters the bridge when 219 * promiscuous mode is disabled by br_manage_promisc(). 220 */ 221 err = __vlan_vid_add(dev, br, v->vid, flags); 222 if (err) 223 goto out; 224 225 /* need to work on the master vlan too */ 226 if (flags & BRIDGE_VLAN_INFO_MASTER) { 227 master_flags |= BRIDGE_VLAN_INFO_BRENTRY; 228 err = br_vlan_add(br, v->vid, master_flags); 229 if (err) 230 goto out_filt; 231 } 232 233 masterv = br_vlan_get_master(br, v->vid); 234 if (!masterv) 235 goto out_filt; 236 v->brvlan = masterv; 237 } 238 239 /* Add the dev mac only if it's a usable vlan */ 240 if (br_vlan_should_use(v)) { 241 err = br_fdb_insert(br, p, dev->dev_addr, v->vid); 242 if (err) { 243 br_err(br, "failed insert local address into bridge forwarding table\n"); 244 goto out_filt; 245 } 246 } 247 248 err = rhashtable_lookup_insert_fast(tbl, &v->vnode, br_vlan_rht_params); 249 if (err) 250 goto out_fdb_insert; 251 252 __vlan_add_list(v); 253 __vlan_add_flags(v, flags); 254 if (br_vlan_is_master(v)) { 255 if (br_vlan_is_brentry(v)) 256 br->vlgrp->num_vlans++; 257 } else { 258 p->vlgrp->num_vlans++; 259 } 260 out: 261 return err; 262 263 out_fdb_insert: 264 br_fdb_find_delete_local(br, p, br->dev->dev_addr, v->vid); 265 266 out_filt: 267 if (p) { 268 __vlan_vid_del(dev, br, v->vid); 269 if (masterv) { 270 br_vlan_put_master(masterv); 271 v->brvlan = NULL; 272 } 273 } 274 275 goto out; 276 } 277 278 static int __vlan_del(struct net_bridge_vlan *v) 279 { 280 struct net_bridge_vlan *masterv = v; 281 struct net_bridge_vlan_group *vg; 282 struct net_bridge_port *p = NULL; 283 struct net_bridge *br; 284 int err = 0; 285 286 if (br_vlan_is_master(v)) { 287 br = v->br; 288 vg = v->br->vlgrp; 289 } else { 290 p = v->port; 291 br = p->br; 292 vg = v->port->vlgrp; 293 masterv = v->brvlan; 294 } 295 296 __vlan_delete_pvid(vg, v->vid); 297 if (p) { 298 err = __vlan_vid_del(p->dev, p->br, v->vid); 299 if (err) 300 goto out; 301 } 302 303 if (br_vlan_is_master(v)) { 304 if (br_vlan_is_brentry(v)) { 305 v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY; 306 br->vlgrp->num_vlans--; 307 } 308 } else { 309 p->vlgrp->num_vlans--; 310 } 311 312 if (masterv != v) { 313 rhashtable_remove_fast(&vg->vlan_hash, &v->vnode, 314 br_vlan_rht_params); 315 __vlan_del_list(v); 316 kfree_rcu(v, rcu); 317 } 318 319 br_vlan_put_master(masterv); 320 out: 321 return err; 322 } 323 324 static void __vlan_flush(struct net_bridge_vlan_group *vlgrp) 325 { 326 struct net_bridge_vlan *vlan, *tmp; 327 328 __vlan_delete_pvid(vlgrp, vlgrp->pvid); 329 list_for_each_entry_safe(vlan, tmp, &vlgrp->vlan_list, vlist) 330 __vlan_del(vlan); 331 rhashtable_destroy(&vlgrp->vlan_hash); 332 kfree(vlgrp); 333 } 334 335 struct sk_buff *br_handle_vlan(struct net_bridge *br, 336 struct net_bridge_vlan_group *vg, 337 struct sk_buff *skb) 338 { 339 struct net_bridge_vlan *v; 340 u16 vid; 341 342 /* If this packet was not filtered at input, let it pass */ 343 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 344 goto out; 345 346 /* At this point, we know that the frame was filtered and contains 347 * a valid vlan id. If the vlan id has untagged flag set, 348 * send untagged; otherwise, send tagged. 349 */ 350 br_vlan_get_tag(skb, &vid); 351 v = br_vlan_find(vg, vid); 352 /* Vlan entry must be configured at this point. The 353 * only exception is the bridge is set in promisc mode and the 354 * packet is destined for the bridge device. In this case 355 * pass the packet as is. 356 */ 357 if (!v || !br_vlan_should_use(v)) { 358 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) { 359 goto out; 360 } else { 361 kfree_skb(skb); 362 return NULL; 363 } 364 } 365 if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED) 366 skb->vlan_tci = 0; 367 368 out: 369 return skb; 370 } 371 372 /* Called under RCU */ 373 static bool __allowed_ingress(struct net_bridge_vlan_group *vg, __be16 proto, 374 struct sk_buff *skb, u16 *vid) 375 { 376 const struct net_bridge_vlan *v; 377 bool tagged; 378 379 BR_INPUT_SKB_CB(skb)->vlan_filtered = true; 380 /* If vlan tx offload is disabled on bridge device and frame was 381 * sent from vlan device on the bridge device, it does not have 382 * HW accelerated vlan tag. 383 */ 384 if (unlikely(!skb_vlan_tag_present(skb) && 385 skb->protocol == proto)) { 386 skb = skb_vlan_untag(skb); 387 if (unlikely(!skb)) 388 return false; 389 } 390 391 if (!br_vlan_get_tag(skb, vid)) { 392 /* Tagged frame */ 393 if (skb->vlan_proto != proto) { 394 /* Protocol-mismatch, empty out vlan_tci for new tag */ 395 skb_push(skb, ETH_HLEN); 396 skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto, 397 skb_vlan_tag_get(skb)); 398 if (unlikely(!skb)) 399 return false; 400 401 skb_pull(skb, ETH_HLEN); 402 skb_reset_mac_len(skb); 403 *vid = 0; 404 tagged = false; 405 } else { 406 tagged = true; 407 } 408 } else { 409 /* Untagged frame */ 410 tagged = false; 411 } 412 413 if (!*vid) { 414 u16 pvid = br_get_pvid(vg); 415 416 /* Frame had a tag with VID 0 or did not have a tag. 417 * See if pvid is set on this port. That tells us which 418 * vlan untagged or priority-tagged traffic belongs to. 419 */ 420 if (!pvid) 421 goto drop; 422 423 /* PVID is set on this port. Any untagged or priority-tagged 424 * ingress frame is considered to belong to this vlan. 425 */ 426 *vid = pvid; 427 if (likely(!tagged)) 428 /* Untagged Frame. */ 429 __vlan_hwaccel_put_tag(skb, proto, pvid); 430 else 431 /* Priority-tagged Frame. 432 * At this point, We know that skb->vlan_tci had 433 * VLAN_TAG_PRESENT bit and its VID field was 0x000. 434 * We update only VID field and preserve PCP field. 435 */ 436 skb->vlan_tci |= pvid; 437 438 return true; 439 } 440 441 /* Frame had a valid vlan tag. See if vlan is allowed */ 442 v = br_vlan_find(vg, *vid); 443 if (v && br_vlan_should_use(v)) 444 return true; 445 drop: 446 kfree_skb(skb); 447 return false; 448 } 449 450 bool br_allowed_ingress(const struct net_bridge *br, 451 struct net_bridge_vlan_group *vg, struct sk_buff *skb, 452 u16 *vid) 453 { 454 /* If VLAN filtering is disabled on the bridge, all packets are 455 * permitted. 456 */ 457 if (!br->vlan_enabled) { 458 BR_INPUT_SKB_CB(skb)->vlan_filtered = false; 459 return true; 460 } 461 462 return __allowed_ingress(vg, br->vlan_proto, skb, vid); 463 } 464 465 /* Called under RCU. */ 466 bool br_allowed_egress(struct net_bridge_vlan_group *vg, 467 const struct sk_buff *skb) 468 { 469 const struct net_bridge_vlan *v; 470 u16 vid; 471 472 /* If this packet was not filtered at input, let it pass */ 473 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered) 474 return true; 475 476 br_vlan_get_tag(skb, &vid); 477 v = br_vlan_find(vg, vid); 478 if (v && br_vlan_should_use(v)) 479 return true; 480 481 return false; 482 } 483 484 /* Called under RCU */ 485 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid) 486 { 487 struct net_bridge_vlan_group *vg; 488 struct net_bridge *br = p->br; 489 490 /* If filtering was disabled at input, let it pass. */ 491 if (!br->vlan_enabled) 492 return true; 493 494 vg = p->vlgrp; 495 if (!vg || !vg->num_vlans) 496 return false; 497 498 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto) 499 *vid = 0; 500 501 if (!*vid) { 502 *vid = br_get_pvid(vg); 503 if (!*vid) 504 return false; 505 506 return true; 507 } 508 509 if (br_vlan_find(vg, *vid)) 510 return true; 511 512 return false; 513 } 514 515 /* Must be protected by RTNL. 516 * Must be called with vid in range from 1 to 4094 inclusive. 517 */ 518 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags) 519 { 520 struct net_bridge_vlan *vlan; 521 int ret; 522 523 ASSERT_RTNL(); 524 525 vlan = br_vlan_find(br->vlgrp, vid); 526 if (vlan) { 527 if (!br_vlan_is_brentry(vlan)) { 528 /* Trying to change flags of non-existent bridge vlan */ 529 if (!(flags & BRIDGE_VLAN_INFO_BRENTRY)) 530 return -EINVAL; 531 /* It was only kept for port vlans, now make it real */ 532 ret = br_fdb_insert(br, NULL, br->dev->dev_addr, 533 vlan->vid); 534 if (ret) { 535 br_err(br, "failed insert local address into bridge forwarding table\n"); 536 return ret; 537 } 538 atomic_inc(&vlan->refcnt); 539 vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY; 540 br->vlgrp->num_vlans++; 541 } 542 __vlan_add_flags(vlan, flags); 543 return 0; 544 } 545 546 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL); 547 if (!vlan) 548 return -ENOMEM; 549 550 vlan->vid = vid; 551 vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER; 552 vlan->flags &= ~BRIDGE_VLAN_INFO_PVID; 553 vlan->br = br; 554 if (flags & BRIDGE_VLAN_INFO_BRENTRY) 555 atomic_set(&vlan->refcnt, 1); 556 ret = __vlan_add(vlan, flags); 557 if (ret) 558 kfree(vlan); 559 560 return ret; 561 } 562 563 /* Must be protected by RTNL. 564 * Must be called with vid in range from 1 to 4094 inclusive. 565 */ 566 int br_vlan_delete(struct net_bridge *br, u16 vid) 567 { 568 struct net_bridge_vlan *v; 569 570 ASSERT_RTNL(); 571 572 v = br_vlan_find(br->vlgrp, vid); 573 if (!v || !br_vlan_is_brentry(v)) 574 return -ENOENT; 575 576 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid); 577 578 return __vlan_del(v); 579 } 580 581 void br_vlan_flush(struct net_bridge *br) 582 { 583 ASSERT_RTNL(); 584 585 __vlan_flush(br_vlan_group(br)); 586 } 587 588 struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid) 589 { 590 if (!vg) 591 return NULL; 592 593 return br_vlan_lookup(&vg->vlan_hash, vid); 594 } 595 596 /* Must be protected by RTNL. */ 597 static void recalculate_group_addr(struct net_bridge *br) 598 { 599 if (br->group_addr_set) 600 return; 601 602 spin_lock_bh(&br->lock); 603 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) { 604 /* Bridge Group Address */ 605 br->group_addr[5] = 0x00; 606 } else { /* vlan_enabled && ETH_P_8021AD */ 607 /* Provider Bridge Group Address */ 608 br->group_addr[5] = 0x08; 609 } 610 spin_unlock_bh(&br->lock); 611 } 612 613 /* Must be protected by RTNL. */ 614 void br_recalculate_fwd_mask(struct net_bridge *br) 615 { 616 if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) 617 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT; 618 else /* vlan_enabled && ETH_P_8021AD */ 619 br->group_fwd_mask_required = BR_GROUPFWD_8021AD & 620 ~(1u << br->group_addr[5]); 621 } 622 623 int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 624 { 625 if (br->vlan_enabled == val) 626 return 0; 627 628 br->vlan_enabled = val; 629 br_manage_promisc(br); 630 recalculate_group_addr(br); 631 br_recalculate_fwd_mask(br); 632 633 return 0; 634 } 635 636 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val) 637 { 638 if (!rtnl_trylock()) 639 return restart_syscall(); 640 641 __br_vlan_filter_toggle(br, val); 642 rtnl_unlock(); 643 644 return 0; 645 } 646 647 int __br_vlan_set_proto(struct net_bridge *br, __be16 proto) 648 { 649 int err = 0; 650 struct net_bridge_port *p; 651 struct net_bridge_vlan *vlan; 652 __be16 oldproto; 653 654 if (br->vlan_proto == proto) 655 return 0; 656 657 /* Add VLANs for the new proto to the device filter. */ 658 list_for_each_entry(p, &br->port_list, list) { 659 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist) { 660 err = vlan_vid_add(p->dev, proto, vlan->vid); 661 if (err) 662 goto err_filt; 663 } 664 } 665 666 oldproto = br->vlan_proto; 667 br->vlan_proto = proto; 668 669 recalculate_group_addr(br); 670 br_recalculate_fwd_mask(br); 671 672 /* Delete VLANs for the old proto from the device filter. */ 673 list_for_each_entry(p, &br->port_list, list) 674 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist) 675 vlan_vid_del(p->dev, oldproto, vlan->vid); 676 677 return 0; 678 679 err_filt: 680 list_for_each_entry_continue_reverse(vlan, &p->vlgrp->vlan_list, vlist) 681 vlan_vid_del(p->dev, proto, vlan->vid); 682 683 list_for_each_entry_continue_reverse(p, &br->port_list, list) 684 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist) 685 vlan_vid_del(p->dev, proto, vlan->vid); 686 687 return err; 688 } 689 690 int br_vlan_set_proto(struct net_bridge *br, unsigned long val) 691 { 692 int err; 693 694 if (val != ETH_P_8021Q && val != ETH_P_8021AD) 695 return -EPROTONOSUPPORT; 696 697 if (!rtnl_trylock()) 698 return restart_syscall(); 699 700 err = __br_vlan_set_proto(br, htons(val)); 701 rtnl_unlock(); 702 703 return err; 704 } 705 706 static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid) 707 { 708 struct net_bridge_vlan *v; 709 710 if (vid != vg->pvid) 711 return false; 712 713 v = br_vlan_lookup(&vg->vlan_hash, vid); 714 if (v && br_vlan_should_use(v) && 715 (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)) 716 return true; 717 718 return false; 719 } 720 721 static void br_vlan_disable_default_pvid(struct net_bridge *br) 722 { 723 struct net_bridge_port *p; 724 u16 pvid = br->default_pvid; 725 726 /* Disable default_pvid on all ports where it is still 727 * configured. 728 */ 729 if (vlan_default_pvid(br->vlgrp, pvid)) 730 br_vlan_delete(br, pvid); 731 732 list_for_each_entry(p, &br->port_list, list) { 733 if (vlan_default_pvid(p->vlgrp, pvid)) 734 nbp_vlan_delete(p, pvid); 735 } 736 737 br->default_pvid = 0; 738 } 739 740 static int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid) 741 { 742 const struct net_bridge_vlan *pvent; 743 struct net_bridge_port *p; 744 u16 old_pvid; 745 int err = 0; 746 unsigned long *changed; 747 748 changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long), 749 GFP_KERNEL); 750 if (!changed) 751 return -ENOMEM; 752 753 old_pvid = br->default_pvid; 754 755 /* Update default_pvid config only if we do not conflict with 756 * user configuration. 757 */ 758 pvent = br_vlan_find(br->vlgrp, pvid); 759 if ((!old_pvid || vlan_default_pvid(br->vlgrp, old_pvid)) && 760 (!pvent || !br_vlan_should_use(pvent))) { 761 err = br_vlan_add(br, pvid, 762 BRIDGE_VLAN_INFO_PVID | 763 BRIDGE_VLAN_INFO_UNTAGGED | 764 BRIDGE_VLAN_INFO_BRENTRY); 765 if (err) 766 goto out; 767 br_vlan_delete(br, old_pvid); 768 set_bit(0, changed); 769 } 770 771 list_for_each_entry(p, &br->port_list, list) { 772 /* Update default_pvid config only if we do not conflict with 773 * user configuration. 774 */ 775 if ((old_pvid && 776 !vlan_default_pvid(p->vlgrp, old_pvid)) || 777 br_vlan_find(p->vlgrp, pvid)) 778 continue; 779 780 err = nbp_vlan_add(p, pvid, 781 BRIDGE_VLAN_INFO_PVID | 782 BRIDGE_VLAN_INFO_UNTAGGED); 783 if (err) 784 goto err_port; 785 nbp_vlan_delete(p, old_pvid); 786 set_bit(p->port_no, changed); 787 } 788 789 br->default_pvid = pvid; 790 791 out: 792 kfree(changed); 793 return err; 794 795 err_port: 796 list_for_each_entry_continue_reverse(p, &br->port_list, list) { 797 if (!test_bit(p->port_no, changed)) 798 continue; 799 800 if (old_pvid) 801 nbp_vlan_add(p, old_pvid, 802 BRIDGE_VLAN_INFO_PVID | 803 BRIDGE_VLAN_INFO_UNTAGGED); 804 nbp_vlan_delete(p, pvid); 805 } 806 807 if (test_bit(0, changed)) { 808 if (old_pvid) 809 br_vlan_add(br, old_pvid, 810 BRIDGE_VLAN_INFO_PVID | 811 BRIDGE_VLAN_INFO_UNTAGGED | 812 BRIDGE_VLAN_INFO_BRENTRY); 813 br_vlan_delete(br, pvid); 814 } 815 goto out; 816 } 817 818 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val) 819 { 820 u16 pvid = val; 821 int err = 0; 822 823 if (val >= VLAN_VID_MASK) 824 return -EINVAL; 825 826 if (!rtnl_trylock()) 827 return restart_syscall(); 828 829 if (pvid == br->default_pvid) 830 goto unlock; 831 832 /* Only allow default pvid change when filtering is disabled */ 833 if (br->vlan_enabled) { 834 pr_info_once("Please disable vlan filtering to change default_pvid\n"); 835 err = -EPERM; 836 goto unlock; 837 } 838 839 if (!pvid) 840 br_vlan_disable_default_pvid(br); 841 else 842 err = __br_vlan_set_default_pvid(br, pvid); 843 844 unlock: 845 rtnl_unlock(); 846 return err; 847 } 848 849 int br_vlan_init(struct net_bridge *br) 850 { 851 int ret = -ENOMEM; 852 853 br->vlgrp = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL); 854 if (!br->vlgrp) 855 goto out; 856 ret = rhashtable_init(&br->vlgrp->vlan_hash, &br_vlan_rht_params); 857 if (ret) 858 goto err_rhtbl; 859 INIT_LIST_HEAD(&br->vlgrp->vlan_list); 860 br->vlan_proto = htons(ETH_P_8021Q); 861 br->default_pvid = 1; 862 ret = br_vlan_add(br, 1, 863 BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED | 864 BRIDGE_VLAN_INFO_BRENTRY); 865 if (ret) 866 goto err_vlan_add; 867 868 out: 869 return ret; 870 871 err_vlan_add: 872 rhashtable_destroy(&br->vlgrp->vlan_hash); 873 err_rhtbl: 874 kfree(br->vlgrp); 875 876 goto out; 877 } 878 879 int nbp_vlan_init(struct net_bridge_port *p) 880 { 881 struct net_bridge_vlan_group *vg; 882 int ret = -ENOMEM; 883 884 vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL); 885 if (!vg) 886 goto out; 887 888 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params); 889 if (ret) 890 goto err_rhtbl; 891 INIT_LIST_HEAD(&vg->vlan_list); 892 /* Make sure everything's committed before publishing vg */ 893 smp_wmb(); 894 p->vlgrp = vg; 895 if (p->br->default_pvid) { 896 ret = nbp_vlan_add(p, p->br->default_pvid, 897 BRIDGE_VLAN_INFO_PVID | 898 BRIDGE_VLAN_INFO_UNTAGGED); 899 if (ret) 900 goto err_vlan_add; 901 } 902 out: 903 return ret; 904 905 err_vlan_add: 906 rhashtable_destroy(&vg->vlan_hash); 907 err_rhtbl: 908 kfree(vg); 909 910 goto out; 911 } 912 913 /* Must be protected by RTNL. 914 * Must be called with vid in range from 1 to 4094 inclusive. 915 */ 916 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags) 917 { 918 struct net_bridge_vlan *vlan; 919 int ret; 920 921 ASSERT_RTNL(); 922 923 vlan = br_vlan_find(port->vlgrp, vid); 924 if (vlan) { 925 __vlan_add_flags(vlan, flags); 926 return 0; 927 } 928 929 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL); 930 if (!vlan) 931 return -ENOMEM; 932 933 vlan->vid = vid; 934 vlan->port = port; 935 ret = __vlan_add(vlan, flags); 936 if (ret) 937 kfree(vlan); 938 939 return ret; 940 } 941 942 /* Must be protected by RTNL. 943 * Must be called with vid in range from 1 to 4094 inclusive. 944 */ 945 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid) 946 { 947 struct net_bridge_vlan *v; 948 949 ASSERT_RTNL(); 950 951 v = br_vlan_find(port->vlgrp, vid); 952 if (!v) 953 return -ENOENT; 954 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid); 955 br_fdb_delete_by_port(port->br, port, vid, 0); 956 957 return __vlan_del(v); 958 } 959 960 void nbp_vlan_flush(struct net_bridge_port *port) 961 { 962 struct net_bridge_vlan *vlan; 963 964 ASSERT_RTNL(); 965 966 list_for_each_entry(vlan, &port->vlgrp->vlan_list, vlist) 967 vlan_vid_del(port->dev, port->br->vlan_proto, vlan->vid); 968 969 __vlan_flush(nbp_vlan_group(port)); 970 } 971