xref: /openbmc/linux/net/dsa/tag_8021q.c (revision 8bbecfb4) 
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2019, Vladimir Oltean <olteanv@gmail.com>
3  *
4  * This module is not a complete tagger implementation. It only provides
5  * primitives for taggers that rely on 802.1Q VLAN tags to use. The
6  * dsa_8021q_netdev_ops is registered for API compliance and not used
7  * directly by callers.
8  */
9 #include <linux/if_bridge.h>
10 #include <linux/if_vlan.h>
11 #include <linux/dsa/8021q.h>
12 
13 #include "dsa_priv.h"
14 
15 /* Binary structure of the fake 12-bit VID field (when the TPID is
16  * ETH_P_DSA_8021Q):
17  *
18  * | 11  | 10  |  9  |  8  |  7  |  6  |  5  |  4  |  3  |  2  |  1  |  0  |
19  * +-----------+-----+-----------------+-----------+-----------------------+
20  * |    DIR    | SVL |    SWITCH_ID    |  SUBVLAN  |          PORT         |
21  * +-----------+-----+-----------------+-----------+-----------------------+
22  *
23  * DIR - VID[11:10]:
24  *	Direction flags.
25  *	* 1 (0b01) for RX VLAN,
26  *	* 2 (0b10) for TX VLAN.
27  *	These values make the special VIDs of 0, 1 and 4095 to be left
28  *	unused by this coding scheme.
29  *
30  * SVL/SUBVLAN - { VID[9], VID[5:4] }:
31  *	Sub-VLAN encoding. Valid only when DIR indicates an RX VLAN.
32  *	* 0 (0b000): Field does not encode a sub-VLAN, either because
33  *	received traffic is untagged, PVID-tagged or because a second
34  *	VLAN tag is present after this tag and not inside of it.
35  *	* 1 (0b001): Received traffic is tagged with a VID value private
36  *	to the host. This field encodes the index in the host's lookup
37  *	table through which the value of the ingress VLAN ID can be
38  *	recovered.
39  *	* 2 (0b010): Field encodes a sub-VLAN.
40  *	...
41  *	* 7 (0b111): Field encodes a sub-VLAN.
42  *	When DIR indicates a TX VLAN, SUBVLAN must be transmitted as zero
43  *	(by the host) and ignored on receive (by the switch).
44  *
45  * SWITCH_ID - VID[8:6]:
46  *	Index of switch within DSA tree. Must be between 0 and 7.
47  *
48  * PORT - VID[3:0]:
49  *	Index of switch port. Must be between 0 and 15.
50  */
51 
52 #define DSA_8021Q_DIR_SHIFT		10
53 #define DSA_8021Q_DIR_MASK		GENMASK(11, 10)
54 #define DSA_8021Q_DIR(x)		(((x) << DSA_8021Q_DIR_SHIFT) & \
55 						 DSA_8021Q_DIR_MASK)
56 #define DSA_8021Q_DIR_RX		DSA_8021Q_DIR(1)
57 #define DSA_8021Q_DIR_TX		DSA_8021Q_DIR(2)
58 
59 #define DSA_8021Q_SWITCH_ID_SHIFT	6
60 #define DSA_8021Q_SWITCH_ID_MASK	GENMASK(8, 6)
61 #define DSA_8021Q_SWITCH_ID(x)		(((x) << DSA_8021Q_SWITCH_ID_SHIFT) & \
62 						 DSA_8021Q_SWITCH_ID_MASK)
63 
64 #define DSA_8021Q_SUBVLAN_HI_SHIFT	9
65 #define DSA_8021Q_SUBVLAN_HI_MASK	GENMASK(9, 9)
66 #define DSA_8021Q_SUBVLAN_LO_SHIFT	4
67 #define DSA_8021Q_SUBVLAN_LO_MASK	GENMASK(4, 3)
68 #define DSA_8021Q_SUBVLAN_HI(x)		(((x) & GENMASK(2, 2)) >> 2)
69 #define DSA_8021Q_SUBVLAN_LO(x)		((x) & GENMASK(1, 0))
70 #define DSA_8021Q_SUBVLAN(x)		\
71 		(((DSA_8021Q_SUBVLAN_LO(x) << DSA_8021Q_SUBVLAN_LO_SHIFT) & \
72 		  DSA_8021Q_SUBVLAN_LO_MASK) | \
73 		 ((DSA_8021Q_SUBVLAN_HI(x) << DSA_8021Q_SUBVLAN_HI_SHIFT) & \
74 		  DSA_8021Q_SUBVLAN_HI_MASK))
75 
76 #define DSA_8021Q_PORT_SHIFT		0
77 #define DSA_8021Q_PORT_MASK		GENMASK(3, 0)
78 #define DSA_8021Q_PORT(x)		(((x) << DSA_8021Q_PORT_SHIFT) & \
79 						 DSA_8021Q_PORT_MASK)
80 
81 /* Returns the VID to be inserted into the frame from xmit for switch steering
82  * instructions on egress. Encodes switch ID and port ID.
83  */
84 u16 dsa_8021q_tx_vid(struct dsa_switch *ds, int port)
85 {
86 	return DSA_8021Q_DIR_TX | DSA_8021Q_SWITCH_ID(ds->index) |
87 	       DSA_8021Q_PORT(port);
88 }
89 EXPORT_SYMBOL_GPL(dsa_8021q_tx_vid);
90 
91 /* Returns the VID that will be installed as pvid for this switch port, sent as
92  * tagged egress towards the CPU port and decoded by the rcv function.
93  */
94 u16 dsa_8021q_rx_vid(struct dsa_switch *ds, int port)
95 {
96 	return DSA_8021Q_DIR_RX | DSA_8021Q_SWITCH_ID(ds->index) |
97 	       DSA_8021Q_PORT(port);
98 }
99 EXPORT_SYMBOL_GPL(dsa_8021q_rx_vid);
100 
101 u16 dsa_8021q_rx_vid_subvlan(struct dsa_switch *ds, int port, u16 subvlan)
102 {
103 	return DSA_8021Q_DIR_RX | DSA_8021Q_SWITCH_ID(ds->index) |
104 	       DSA_8021Q_PORT(port) | DSA_8021Q_SUBVLAN(subvlan);
105 }
106 EXPORT_SYMBOL_GPL(dsa_8021q_rx_vid_subvlan);
107 
108 /* Returns the decoded switch ID from the RX VID. */
109 int dsa_8021q_rx_switch_id(u16 vid)
110 {
111 	return (vid & DSA_8021Q_SWITCH_ID_MASK) >> DSA_8021Q_SWITCH_ID_SHIFT;
112 }
113 EXPORT_SYMBOL_GPL(dsa_8021q_rx_switch_id);
114 
115 /* Returns the decoded port ID from the RX VID. */
116 int dsa_8021q_rx_source_port(u16 vid)
117 {
118 	return (vid & DSA_8021Q_PORT_MASK) >> DSA_8021Q_PORT_SHIFT;
119 }
120 EXPORT_SYMBOL_GPL(dsa_8021q_rx_source_port);
121 
122 /* Returns the decoded subvlan from the RX VID. */
123 u16 dsa_8021q_rx_subvlan(u16 vid)
124 {
125 	u16 svl_hi, svl_lo;
126 
127 	svl_hi = (vid & DSA_8021Q_SUBVLAN_HI_MASK) >>
128 		 DSA_8021Q_SUBVLAN_HI_SHIFT;
129 	svl_lo = (vid & DSA_8021Q_SUBVLAN_LO_MASK) >>
130 		 DSA_8021Q_SUBVLAN_LO_SHIFT;
131 
132 	return (svl_hi << 2) | svl_lo;
133 }
134 EXPORT_SYMBOL_GPL(dsa_8021q_rx_subvlan);
135 
136 bool vid_is_dsa_8021q_rxvlan(u16 vid)
137 {
138 	return (vid & DSA_8021Q_DIR_MASK) == DSA_8021Q_DIR_RX;
139 }
140 EXPORT_SYMBOL_GPL(vid_is_dsa_8021q_rxvlan);
141 
142 bool vid_is_dsa_8021q_txvlan(u16 vid)
143 {
144 	return (vid & DSA_8021Q_DIR_MASK) == DSA_8021Q_DIR_TX;
145 }
146 EXPORT_SYMBOL_GPL(vid_is_dsa_8021q_txvlan);
147 
148 bool vid_is_dsa_8021q(u16 vid)
149 {
150 	return vid_is_dsa_8021q_rxvlan(vid) || vid_is_dsa_8021q_txvlan(vid);
151 }
152 EXPORT_SYMBOL_GPL(vid_is_dsa_8021q);
153 
154 /* If @enabled is true, installs @vid with @flags into the switch port's HW
155  * filter.
156  * If @enabled is false, deletes @vid (ignores @flags) from the port. Had the
157  * user explicitly configured this @vid through the bridge core, then the @vid
158  * is installed again, but this time with the flags from the bridge layer.
159  */
160 static int dsa_8021q_vid_apply(struct dsa_8021q_context *ctx, int port, u16 vid,
161 			       u16 flags, bool enabled)
162 {
163 	struct dsa_port *dp = dsa_to_port(ctx->ds, port);
164 
165 	if (enabled)
166 		return ctx->ops->vlan_add(ctx->ds, dp->index, vid, flags);
167 
168 	return ctx->ops->vlan_del(ctx->ds, dp->index, vid);
169 }
170 
171 /* RX VLAN tagging (left) and TX VLAN tagging (right) setup shown for a single
172  * front-panel switch port (here swp0).
173  *
174  * Port identification through VLAN (802.1Q) tags has different requirements
175  * for it to work effectively:
176  *  - On RX (ingress from network): each front-panel port must have a pvid
177  *    that uniquely identifies it, and the egress of this pvid must be tagged
178  *    towards the CPU port, so that software can recover the source port based
179  *    on the VID in the frame. But this would only work for standalone ports;
180  *    if bridged, this VLAN setup would break autonomous forwarding and would
181  *    force all switched traffic to pass through the CPU. So we must also make
182  *    the other front-panel ports members of this VID we're adding, albeit
183  *    we're not making it their PVID (they'll still have their own).
184  *    By the way - just because we're installing the same VID in multiple
185  *    switch ports doesn't mean that they'll start to talk to one another, even
186  *    while not bridged: the final forwarding decision is still an AND between
187  *    the L2 forwarding information (which is limiting forwarding in this case)
188  *    and the VLAN-based restrictions (of which there are none in this case,
189  *    since all ports are members).
190  *  - On TX (ingress from CPU and towards network) we are faced with a problem.
191  *    If we were to tag traffic (from within DSA) with the port's pvid, all
192  *    would be well, assuming the switch ports were standalone. Frames would
193  *    have no choice but to be directed towards the correct front-panel port.
194  *    But because we also want the RX VLAN to not break bridging, then
195  *    inevitably that means that we have to give them a choice (of what
196  *    front-panel port to go out on), and therefore we cannot steer traffic
197  *    based on the RX VID. So what we do is simply install one more VID on the
198  *    front-panel and CPU ports, and profit off of the fact that steering will
199  *    work just by virtue of the fact that there is only one other port that's
200  *    a member of the VID we're tagging the traffic with - the desired one.
201  *
202  * So at the end, each front-panel port will have one RX VID (also the PVID),
203  * the RX VID of all other front-panel ports, and one TX VID. Whereas the CPU
204  * port will have the RX and TX VIDs of all front-panel ports, and on top of
205  * that, is also tagged-input and tagged-output (VLAN trunk).
206  *
207  *               CPU port                               CPU port
208  * +-------------+-----+-------------+    +-------------+-----+-------------+
209  * |  RX VID     |     |             |    |  TX VID     |     |             |
210  * |  of swp0    |     |             |    |  of swp0    |     |             |
211  * |             +-----+             |    |             +-----+             |
212  * |                ^ T              |    |                | Tagged         |
213  * |                |                |    |                | ingress        |
214  * |    +-------+---+---+-------+    |    |    +-----------+                |
215  * |    |       |       |       |    |    |    | Untagged                   |
216  * |    |     U v     U v     U v    |    |    v egress                     |
217  * | +-----+ +-----+ +-----+ +-----+ |    | +-----+ +-----+ +-----+ +-----+ |
218  * | |     | |     | |     | |     | |    | |     | |     | |     | |     | |
219  * | |PVID | |     | |     | |     | |    | |     | |     | |     | |     | |
220  * +-+-----+-+-----+-+-----+-+-----+-+    +-+-----+-+-----+-+-----+-+-----+-+
221  *   swp0    swp1    swp2    swp3           swp0    swp1    swp2    swp3
222  */
223 static int dsa_8021q_setup_port(struct dsa_8021q_context *ctx, int port,
224 				bool enabled)
225 {
226 	int upstream = dsa_upstream_port(ctx->ds, port);
227 	u16 rx_vid = dsa_8021q_rx_vid(ctx->ds, port);
228 	u16 tx_vid = dsa_8021q_tx_vid(ctx->ds, port);
229 	struct net_device *master;
230 	int i, err, subvlan;
231 
232 	/* The CPU port is implicitly configured by
233 	 * configuring the front-panel ports
234 	 */
235 	if (!dsa_is_user_port(ctx->ds, port))
236 		return 0;
237 
238 	master = dsa_to_port(ctx->ds, port)->cpu_dp->master;
239 
240 	/* Add this user port's RX VID to the membership list of all others
241 	 * (including itself). This is so that bridging will not be hindered.
242 	 * L2 forwarding rules still take precedence when there are no VLAN
243 	 * restrictions, so there are no concerns about leaking traffic.
244 	 */
245 	for (i = 0; i < ctx->ds->num_ports; i++) {
246 		u16 flags;
247 
248 		if (i == upstream)
249 			continue;
250 		else if (i == port)
251 			/* The RX VID is pvid on this port */
252 			flags = BRIDGE_VLAN_INFO_UNTAGGED |
253 				BRIDGE_VLAN_INFO_PVID;
254 		else
255 			/* The RX VID is a regular VLAN on all others */
256 			flags = BRIDGE_VLAN_INFO_UNTAGGED;
257 
258 		err = dsa_8021q_vid_apply(ctx, i, rx_vid, flags, enabled);
259 		if (err) {
260 			dev_err(ctx->ds->dev,
261 				"Failed to apply RX VID %d to port %d: %d\n",
262 				rx_vid, port, err);
263 			return err;
264 		}
265 	}
266 
267 	/* CPU port needs to see this port's RX VID
268 	 * as tagged egress.
269 	 */
270 	err = dsa_8021q_vid_apply(ctx, upstream, rx_vid, 0, enabled);
271 	if (err) {
272 		dev_err(ctx->ds->dev,
273 			"Failed to apply RX VID %d to port %d: %d\n",
274 			rx_vid, port, err);
275 		return err;
276 	}
277 
278 	/* Add to the master's RX filter not only @rx_vid, but in fact
279 	 * the entire subvlan range, just in case this DSA switch might
280 	 * want to use sub-VLANs.
281 	 */
282 	for (subvlan = 0; subvlan < DSA_8021Q_N_SUBVLAN; subvlan++) {
283 		u16 vid = dsa_8021q_rx_vid_subvlan(ctx->ds, port, subvlan);
284 
285 		if (enabled)
286 			vlan_vid_add(master, ctx->proto, vid);
287 		else
288 			vlan_vid_del(master, ctx->proto, vid);
289 	}
290 
291 	/* Finally apply the TX VID on this port and on the CPU port */
292 	err = dsa_8021q_vid_apply(ctx, port, tx_vid, BRIDGE_VLAN_INFO_UNTAGGED,
293 				  enabled);
294 	if (err) {
295 		dev_err(ctx->ds->dev,
296 			"Failed to apply TX VID %d on port %d: %d\n",
297 			tx_vid, port, err);
298 		return err;
299 	}
300 	err = dsa_8021q_vid_apply(ctx, upstream, tx_vid, 0, enabled);
301 	if (err) {
302 		dev_err(ctx->ds->dev,
303 			"Failed to apply TX VID %d on port %d: %d\n",
304 			tx_vid, upstream, err);
305 		return err;
306 	}
307 
308 	return err;
309 }
310 
311 int dsa_8021q_setup(struct dsa_8021q_context *ctx, bool enabled)
312 {
313 	int rc, port;
314 
315 	ASSERT_RTNL();
316 
317 	for (port = 0; port < ctx->ds->num_ports; port++) {
318 		rc = dsa_8021q_setup_port(ctx, port, enabled);
319 		if (rc < 0) {
320 			dev_err(ctx->ds->dev,
321 				"Failed to setup VLAN tagging for port %d: %d\n",
322 				port, rc);
323 			return rc;
324 		}
325 	}
326 
327 	return 0;
328 }
329 EXPORT_SYMBOL_GPL(dsa_8021q_setup);
330 
331 static int dsa_8021q_crosschip_link_apply(struct dsa_8021q_context *ctx,
332 					  int port,
333 					  struct dsa_8021q_context *other_ctx,
334 					  int other_port, bool enabled)
335 {
336 	u16 rx_vid = dsa_8021q_rx_vid(ctx->ds, port);
337 
338 	/* @rx_vid of local @ds port @port goes to @other_port of
339 	 * @other_ds
340 	 */
341 	return dsa_8021q_vid_apply(other_ctx, other_port, rx_vid,
342 				   BRIDGE_VLAN_INFO_UNTAGGED, enabled);
343 }
344 
345 static int dsa_8021q_crosschip_link_add(struct dsa_8021q_context *ctx, int port,
346 					struct dsa_8021q_context *other_ctx,
347 					int other_port)
348 {
349 	struct dsa_8021q_crosschip_link *c;
350 
351 	list_for_each_entry(c, &ctx->crosschip_links, list) {
352 		if (c->port == port && c->other_ctx == other_ctx &&
353 		    c->other_port == other_port) {
354 			refcount_inc(&c->refcount);
355 			return 0;
356 		}
357 	}
358 
359 	dev_dbg(ctx->ds->dev,
360 		"adding crosschip link from port %d to %s port %d\n",
361 		port, dev_name(other_ctx->ds->dev), other_port);
362 
363 	c = kzalloc(sizeof(*c), GFP_KERNEL);
364 	if (!c)
365 		return -ENOMEM;
366 
367 	c->port = port;
368 	c->other_ctx = other_ctx;
369 	c->other_port = other_port;
370 	refcount_set(&c->refcount, 1);
371 
372 	list_add(&c->list, &ctx->crosschip_links);
373 
374 	return 0;
375 }
376 
377 static void dsa_8021q_crosschip_link_del(struct dsa_8021q_context *ctx,
378 					 struct dsa_8021q_crosschip_link *c,
379 					 bool *keep)
380 {
381 	*keep = !refcount_dec_and_test(&c->refcount);
382 
383 	if (*keep)
384 		return;
385 
386 	dev_dbg(ctx->ds->dev,
387 		"deleting crosschip link from port %d to %s port %d\n",
388 		c->port, dev_name(c->other_ctx->ds->dev), c->other_port);
389 
390 	list_del(&c->list);
391 	kfree(c);
392 }
393 
394 /* Make traffic from local port @port be received by remote port @other_port.
395  * This means that our @rx_vid needs to be installed on @other_ds's upstream
396  * and user ports. The user ports should be egress-untagged so that they can
397  * pop the dsa_8021q VLAN. But the @other_upstream can be either egress-tagged
398  * or untagged: it doesn't matter, since it should never egress a frame having
399  * our @rx_vid.
400  */
401 int dsa_8021q_crosschip_bridge_join(struct dsa_8021q_context *ctx, int port,
402 				    struct dsa_8021q_context *other_ctx,
403 				    int other_port)
404 {
405 	/* @other_upstream is how @other_ds reaches us. If we are part
406 	 * of disjoint trees, then we are probably connected through
407 	 * our CPU ports. If we're part of the same tree though, we should
408 	 * probably use dsa_towards_port.
409 	 */
410 	int other_upstream = dsa_upstream_port(other_ctx->ds, other_port);
411 	int rc;
412 
413 	rc = dsa_8021q_crosschip_link_add(ctx, port, other_ctx, other_port);
414 	if (rc)
415 		return rc;
416 
417 	rc = dsa_8021q_crosschip_link_apply(ctx, port, other_ctx,
418 					    other_port, true);
419 	if (rc)
420 		return rc;
421 
422 	rc = dsa_8021q_crosschip_link_add(ctx, port, other_ctx, other_upstream);
423 	if (rc)
424 		return rc;
425 
426 	return dsa_8021q_crosschip_link_apply(ctx, port, other_ctx,
427 					      other_upstream, true);
428 }
429 EXPORT_SYMBOL_GPL(dsa_8021q_crosschip_bridge_join);
430 
431 int dsa_8021q_crosschip_bridge_leave(struct dsa_8021q_context *ctx, int port,
432 				     struct dsa_8021q_context *other_ctx,
433 				     int other_port)
434 {
435 	int other_upstream = dsa_upstream_port(other_ctx->ds, other_port);
436 	struct dsa_8021q_crosschip_link *c, *n;
437 
438 	list_for_each_entry_safe(c, n, &ctx->crosschip_links, list) {
439 		if (c->port == port && c->other_ctx == other_ctx &&
440 		    (c->other_port == other_port ||
441 		     c->other_port == other_upstream)) {
442 			struct dsa_8021q_context *other_ctx = c->other_ctx;
443 			int other_port = c->other_port;
444 			bool keep;
445 			int rc;
446 
447 			dsa_8021q_crosschip_link_del(ctx, c, &keep);
448 			if (keep)
449 				continue;
450 
451 			rc = dsa_8021q_crosschip_link_apply(ctx, port,
452 							    other_ctx,
453 							    other_port,
454 							    false);
455 			if (rc)
456 				return rc;
457 		}
458 	}
459 
460 	return 0;
461 }
462 EXPORT_SYMBOL_GPL(dsa_8021q_crosschip_bridge_leave);
463 
464 struct sk_buff *dsa_8021q_xmit(struct sk_buff *skb, struct net_device *netdev,
465 			       u16 tpid, u16 tci)
466 {
467 	/* skb->data points at skb_mac_header, which
468 	 * is fine for vlan_insert_tag.
469 	 */
470 	return vlan_insert_tag(skb, htons(tpid), tci);
471 }
472 EXPORT_SYMBOL_GPL(dsa_8021q_xmit);
473 
474 MODULE_LICENSE("GPL v2");
475