1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) 2019, Vladimir Oltean <olteanv@gmail.com> 3 * 4 * This module is not a complete tagger implementation. It only provides 5 * primitives for taggers that rely on 802.1Q VLAN tags to use. The 6 * dsa_8021q_netdev_ops is registered for API compliance and not used 7 * directly by callers. 8 */ 9 #include <linux/if_bridge.h> 10 #include <linux/if_vlan.h> 11 #include <linux/dsa/8021q.h> 12 13 #include "dsa_priv.h" 14 15 /* Binary structure of the fake 12-bit VID field (when the TPID is 16 * ETH_P_DSA_8021Q): 17 * 18 * | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | 19 * +-----------+-----+-----------------+-----------+-----------------------+ 20 * | DIR | SVL | SWITCH_ID | SUBVLAN | PORT | 21 * +-----------+-----+-----------------+-----------+-----------------------+ 22 * 23 * DIR - VID[11:10]: 24 * Direction flags. 25 * * 1 (0b01) for RX VLAN, 26 * * 2 (0b10) for TX VLAN. 27 * These values make the special VIDs of 0, 1 and 4095 to be left 28 * unused by this coding scheme. 29 * 30 * SVL/SUBVLAN - { VID[9], VID[5:4] }: 31 * Sub-VLAN encoding. Valid only when DIR indicates an RX VLAN. 32 * * 0 (0b000): Field does not encode a sub-VLAN, either because 33 * received traffic is untagged, PVID-tagged or because a second 34 * VLAN tag is present after this tag and not inside of it. 35 * * 1 (0b001): Received traffic is tagged with a VID value private 36 * to the host. This field encodes the index in the host's lookup 37 * table through which the value of the ingress VLAN ID can be 38 * recovered. 39 * * 2 (0b010): Field encodes a sub-VLAN. 40 * ... 41 * * 7 (0b111): Field encodes a sub-VLAN. 42 * When DIR indicates a TX VLAN, SUBVLAN must be transmitted as zero 43 * (by the host) and ignored on receive (by the switch). 44 * 45 * SWITCH_ID - VID[8:6]: 46 * Index of switch within DSA tree. Must be between 0 and 7. 47 * 48 * PORT - VID[3:0]: 49 * Index of switch port. Must be between 0 and 15. 50 */ 51 52 #define DSA_8021Q_DIR_SHIFT 10 53 #define DSA_8021Q_DIR_MASK GENMASK(11, 10) 54 #define DSA_8021Q_DIR(x) (((x) << DSA_8021Q_DIR_SHIFT) & \ 55 DSA_8021Q_DIR_MASK) 56 #define DSA_8021Q_DIR_RX DSA_8021Q_DIR(1) 57 #define DSA_8021Q_DIR_TX DSA_8021Q_DIR(2) 58 59 #define DSA_8021Q_SWITCH_ID_SHIFT 6 60 #define DSA_8021Q_SWITCH_ID_MASK GENMASK(8, 6) 61 #define DSA_8021Q_SWITCH_ID(x) (((x) << DSA_8021Q_SWITCH_ID_SHIFT) & \ 62 DSA_8021Q_SWITCH_ID_MASK) 63 64 #define DSA_8021Q_SUBVLAN_HI_SHIFT 9 65 #define DSA_8021Q_SUBVLAN_HI_MASK GENMASK(9, 9) 66 #define DSA_8021Q_SUBVLAN_LO_SHIFT 4 67 #define DSA_8021Q_SUBVLAN_LO_MASK GENMASK(5, 4) 68 #define DSA_8021Q_SUBVLAN_HI(x) (((x) & GENMASK(2, 2)) >> 2) 69 #define DSA_8021Q_SUBVLAN_LO(x) ((x) & GENMASK(1, 0)) 70 #define DSA_8021Q_SUBVLAN(x) \ 71 (((DSA_8021Q_SUBVLAN_LO(x) << DSA_8021Q_SUBVLAN_LO_SHIFT) & \ 72 DSA_8021Q_SUBVLAN_LO_MASK) | \ 73 ((DSA_8021Q_SUBVLAN_HI(x) << DSA_8021Q_SUBVLAN_HI_SHIFT) & \ 74 DSA_8021Q_SUBVLAN_HI_MASK)) 75 76 #define DSA_8021Q_PORT_SHIFT 0 77 #define DSA_8021Q_PORT_MASK GENMASK(3, 0) 78 #define DSA_8021Q_PORT(x) (((x) << DSA_8021Q_PORT_SHIFT) & \ 79 DSA_8021Q_PORT_MASK) 80 81 /* Returns the VID to be inserted into the frame from xmit for switch steering 82 * instructions on egress. Encodes switch ID and port ID. 83 */ 84 u16 dsa_8021q_tx_vid(struct dsa_switch *ds, int port) 85 { 86 return DSA_8021Q_DIR_TX | DSA_8021Q_SWITCH_ID(ds->index) | 87 DSA_8021Q_PORT(port); 88 } 89 EXPORT_SYMBOL_GPL(dsa_8021q_tx_vid); 90 91 /* Returns the VID that will be installed as pvid for this switch port, sent as 92 * tagged egress towards the CPU port and decoded by the rcv function. 93 */ 94 u16 dsa_8021q_rx_vid(struct dsa_switch *ds, int port) 95 { 96 return DSA_8021Q_DIR_RX | DSA_8021Q_SWITCH_ID(ds->index) | 97 DSA_8021Q_PORT(port); 98 } 99 EXPORT_SYMBOL_GPL(dsa_8021q_rx_vid); 100 101 u16 dsa_8021q_rx_vid_subvlan(struct dsa_switch *ds, int port, u16 subvlan) 102 { 103 return DSA_8021Q_DIR_RX | DSA_8021Q_SWITCH_ID(ds->index) | 104 DSA_8021Q_PORT(port) | DSA_8021Q_SUBVLAN(subvlan); 105 } 106 EXPORT_SYMBOL_GPL(dsa_8021q_rx_vid_subvlan); 107 108 /* Returns the decoded switch ID from the RX VID. */ 109 int dsa_8021q_rx_switch_id(u16 vid) 110 { 111 return (vid & DSA_8021Q_SWITCH_ID_MASK) >> DSA_8021Q_SWITCH_ID_SHIFT; 112 } 113 EXPORT_SYMBOL_GPL(dsa_8021q_rx_switch_id); 114 115 /* Returns the decoded port ID from the RX VID. */ 116 int dsa_8021q_rx_source_port(u16 vid) 117 { 118 return (vid & DSA_8021Q_PORT_MASK) >> DSA_8021Q_PORT_SHIFT; 119 } 120 EXPORT_SYMBOL_GPL(dsa_8021q_rx_source_port); 121 122 /* Returns the decoded subvlan from the RX VID. */ 123 u16 dsa_8021q_rx_subvlan(u16 vid) 124 { 125 u16 svl_hi, svl_lo; 126 127 svl_hi = (vid & DSA_8021Q_SUBVLAN_HI_MASK) >> 128 DSA_8021Q_SUBVLAN_HI_SHIFT; 129 svl_lo = (vid & DSA_8021Q_SUBVLAN_LO_MASK) >> 130 DSA_8021Q_SUBVLAN_LO_SHIFT; 131 132 return (svl_hi << 2) | svl_lo; 133 } 134 EXPORT_SYMBOL_GPL(dsa_8021q_rx_subvlan); 135 136 bool vid_is_dsa_8021q_rxvlan(u16 vid) 137 { 138 return (vid & DSA_8021Q_DIR_MASK) == DSA_8021Q_DIR_RX; 139 } 140 EXPORT_SYMBOL_GPL(vid_is_dsa_8021q_rxvlan); 141 142 bool vid_is_dsa_8021q_txvlan(u16 vid) 143 { 144 return (vid & DSA_8021Q_DIR_MASK) == DSA_8021Q_DIR_TX; 145 } 146 EXPORT_SYMBOL_GPL(vid_is_dsa_8021q_txvlan); 147 148 bool vid_is_dsa_8021q(u16 vid) 149 { 150 return vid_is_dsa_8021q_rxvlan(vid) || vid_is_dsa_8021q_txvlan(vid); 151 } 152 EXPORT_SYMBOL_GPL(vid_is_dsa_8021q); 153 154 /* If @enabled is true, installs @vid with @flags into the switch port's HW 155 * filter. 156 * If @enabled is false, deletes @vid (ignores @flags) from the port. Had the 157 * user explicitly configured this @vid through the bridge core, then the @vid 158 * is installed again, but this time with the flags from the bridge layer. 159 */ 160 static int dsa_8021q_vid_apply(struct dsa_8021q_context *ctx, int port, u16 vid, 161 u16 flags, bool enabled) 162 { 163 struct dsa_port *dp = dsa_to_port(ctx->ds, port); 164 165 if (enabled) 166 return ctx->ops->vlan_add(ctx->ds, dp->index, vid, flags); 167 168 return ctx->ops->vlan_del(ctx->ds, dp->index, vid); 169 } 170 171 /* RX VLAN tagging (left) and TX VLAN tagging (right) setup shown for a single 172 * front-panel switch port (here swp0). 173 * 174 * Port identification through VLAN (802.1Q) tags has different requirements 175 * for it to work effectively: 176 * - On RX (ingress from network): each front-panel port must have a pvid 177 * that uniquely identifies it, and the egress of this pvid must be tagged 178 * towards the CPU port, so that software can recover the source port based 179 * on the VID in the frame. But this would only work for standalone ports; 180 * if bridged, this VLAN setup would break autonomous forwarding and would 181 * force all switched traffic to pass through the CPU. So we must also make 182 * the other front-panel ports members of this VID we're adding, albeit 183 * we're not making it their PVID (they'll still have their own). 184 * By the way - just because we're installing the same VID in multiple 185 * switch ports doesn't mean that they'll start to talk to one another, even 186 * while not bridged: the final forwarding decision is still an AND between 187 * the L2 forwarding information (which is limiting forwarding in this case) 188 * and the VLAN-based restrictions (of which there are none in this case, 189 * since all ports are members). 190 * - On TX (ingress from CPU and towards network) we are faced with a problem. 191 * If we were to tag traffic (from within DSA) with the port's pvid, all 192 * would be well, assuming the switch ports were standalone. Frames would 193 * have no choice but to be directed towards the correct front-panel port. 194 * But because we also want the RX VLAN to not break bridging, then 195 * inevitably that means that we have to give them a choice (of what 196 * front-panel port to go out on), and therefore we cannot steer traffic 197 * based on the RX VID. So what we do is simply install one more VID on the 198 * front-panel and CPU ports, and profit off of the fact that steering will 199 * work just by virtue of the fact that there is only one other port that's 200 * a member of the VID we're tagging the traffic with - the desired one. 201 * 202 * So at the end, each front-panel port will have one RX VID (also the PVID), 203 * the RX VID of all other front-panel ports, and one TX VID. Whereas the CPU 204 * port will have the RX and TX VIDs of all front-panel ports, and on top of 205 * that, is also tagged-input and tagged-output (VLAN trunk). 206 * 207 * CPU port CPU port 208 * +-------------+-----+-------------+ +-------------+-----+-------------+ 209 * | RX VID | | | | TX VID | | | 210 * | of swp0 | | | | of swp0 | | | 211 * | +-----+ | | +-----+ | 212 * | ^ T | | | Tagged | 213 * | | | | | ingress | 214 * | +-------+---+---+-------+ | | +-----------+ | 215 * | | | | | | | | Untagged | 216 * | | U v U v U v | | v egress | 217 * | +-----+ +-----+ +-----+ +-----+ | | +-----+ +-----+ +-----+ +-----+ | 218 * | | | | | | | | | | | | | | | | | | | | 219 * | |PVID | | | | | | | | | | | | | | | | | | 220 * +-+-----+-+-----+-+-----+-+-----+-+ +-+-----+-+-----+-+-----+-+-----+-+ 221 * swp0 swp1 swp2 swp3 swp0 swp1 swp2 swp3 222 */ 223 static int dsa_8021q_setup_port(struct dsa_8021q_context *ctx, int port, 224 bool enabled) 225 { 226 int upstream = dsa_upstream_port(ctx->ds, port); 227 u16 rx_vid = dsa_8021q_rx_vid(ctx->ds, port); 228 u16 tx_vid = dsa_8021q_tx_vid(ctx->ds, port); 229 struct net_device *master; 230 int i, err, subvlan; 231 232 /* The CPU port is implicitly configured by 233 * configuring the front-panel ports 234 */ 235 if (!dsa_is_user_port(ctx->ds, port)) 236 return 0; 237 238 master = dsa_to_port(ctx->ds, port)->cpu_dp->master; 239 240 /* Add this user port's RX VID to the membership list of all others 241 * (including itself). This is so that bridging will not be hindered. 242 * L2 forwarding rules still take precedence when there are no VLAN 243 * restrictions, so there are no concerns about leaking traffic. 244 */ 245 for (i = 0; i < ctx->ds->num_ports; i++) { 246 u16 flags; 247 248 if (i == upstream) 249 continue; 250 else if (i == port) 251 /* The RX VID is pvid on this port */ 252 flags = BRIDGE_VLAN_INFO_UNTAGGED | 253 BRIDGE_VLAN_INFO_PVID; 254 else 255 /* The RX VID is a regular VLAN on all others */ 256 flags = BRIDGE_VLAN_INFO_UNTAGGED; 257 258 err = dsa_8021q_vid_apply(ctx, i, rx_vid, flags, enabled); 259 if (err) { 260 dev_err(ctx->ds->dev, 261 "Failed to apply RX VID %d to port %d: %d\n", 262 rx_vid, port, err); 263 return err; 264 } 265 } 266 267 /* CPU port needs to see this port's RX VID 268 * as tagged egress. 269 */ 270 err = dsa_8021q_vid_apply(ctx, upstream, rx_vid, 0, enabled); 271 if (err) { 272 dev_err(ctx->ds->dev, 273 "Failed to apply RX VID %d to port %d: %d\n", 274 rx_vid, port, err); 275 return err; 276 } 277 278 /* Add to the master's RX filter not only @rx_vid, but in fact 279 * the entire subvlan range, just in case this DSA switch might 280 * want to use sub-VLANs. 281 */ 282 for (subvlan = 0; subvlan < DSA_8021Q_N_SUBVLAN; subvlan++) { 283 u16 vid = dsa_8021q_rx_vid_subvlan(ctx->ds, port, subvlan); 284 285 if (enabled) 286 vlan_vid_add(master, ctx->proto, vid); 287 else 288 vlan_vid_del(master, ctx->proto, vid); 289 } 290 291 /* Finally apply the TX VID on this port and on the CPU port */ 292 err = dsa_8021q_vid_apply(ctx, port, tx_vid, BRIDGE_VLAN_INFO_UNTAGGED, 293 enabled); 294 if (err) { 295 dev_err(ctx->ds->dev, 296 "Failed to apply TX VID %d on port %d: %d\n", 297 tx_vid, port, err); 298 return err; 299 } 300 err = dsa_8021q_vid_apply(ctx, upstream, tx_vid, 0, enabled); 301 if (err) { 302 dev_err(ctx->ds->dev, 303 "Failed to apply TX VID %d on port %d: %d\n", 304 tx_vid, upstream, err); 305 return err; 306 } 307 308 return err; 309 } 310 311 int dsa_8021q_setup(struct dsa_8021q_context *ctx, bool enabled) 312 { 313 int rc, port; 314 315 ASSERT_RTNL(); 316 317 for (port = 0; port < ctx->ds->num_ports; port++) { 318 rc = dsa_8021q_setup_port(ctx, port, enabled); 319 if (rc < 0) { 320 dev_err(ctx->ds->dev, 321 "Failed to setup VLAN tagging for port %d: %d\n", 322 port, rc); 323 return rc; 324 } 325 } 326 327 return 0; 328 } 329 EXPORT_SYMBOL_GPL(dsa_8021q_setup); 330 331 static int dsa_8021q_crosschip_link_apply(struct dsa_8021q_context *ctx, 332 int port, 333 struct dsa_8021q_context *other_ctx, 334 int other_port, bool enabled) 335 { 336 u16 rx_vid = dsa_8021q_rx_vid(ctx->ds, port); 337 338 /* @rx_vid of local @ds port @port goes to @other_port of 339 * @other_ds 340 */ 341 return dsa_8021q_vid_apply(other_ctx, other_port, rx_vid, 342 BRIDGE_VLAN_INFO_UNTAGGED, enabled); 343 } 344 345 static int dsa_8021q_crosschip_link_add(struct dsa_8021q_context *ctx, int port, 346 struct dsa_8021q_context *other_ctx, 347 int other_port) 348 { 349 struct dsa_8021q_crosschip_link *c; 350 351 list_for_each_entry(c, &ctx->crosschip_links, list) { 352 if (c->port == port && c->other_ctx == other_ctx && 353 c->other_port == other_port) { 354 refcount_inc(&c->refcount); 355 return 0; 356 } 357 } 358 359 dev_dbg(ctx->ds->dev, 360 "adding crosschip link from port %d to %s port %d\n", 361 port, dev_name(other_ctx->ds->dev), other_port); 362 363 c = kzalloc(sizeof(*c), GFP_KERNEL); 364 if (!c) 365 return -ENOMEM; 366 367 c->port = port; 368 c->other_ctx = other_ctx; 369 c->other_port = other_port; 370 refcount_set(&c->refcount, 1); 371 372 list_add(&c->list, &ctx->crosschip_links); 373 374 return 0; 375 } 376 377 static void dsa_8021q_crosschip_link_del(struct dsa_8021q_context *ctx, 378 struct dsa_8021q_crosschip_link *c, 379 bool *keep) 380 { 381 *keep = !refcount_dec_and_test(&c->refcount); 382 383 if (*keep) 384 return; 385 386 dev_dbg(ctx->ds->dev, 387 "deleting crosschip link from port %d to %s port %d\n", 388 c->port, dev_name(c->other_ctx->ds->dev), c->other_port); 389 390 list_del(&c->list); 391 kfree(c); 392 } 393 394 /* Make traffic from local port @port be received by remote port @other_port. 395 * This means that our @rx_vid needs to be installed on @other_ds's upstream 396 * and user ports. The user ports should be egress-untagged so that they can 397 * pop the dsa_8021q VLAN. But the @other_upstream can be either egress-tagged 398 * or untagged: it doesn't matter, since it should never egress a frame having 399 * our @rx_vid. 400 */ 401 int dsa_8021q_crosschip_bridge_join(struct dsa_8021q_context *ctx, int port, 402 struct dsa_8021q_context *other_ctx, 403 int other_port) 404 { 405 /* @other_upstream is how @other_ds reaches us. If we are part 406 * of disjoint trees, then we are probably connected through 407 * our CPU ports. If we're part of the same tree though, we should 408 * probably use dsa_towards_port. 409 */ 410 int other_upstream = dsa_upstream_port(other_ctx->ds, other_port); 411 int rc; 412 413 rc = dsa_8021q_crosschip_link_add(ctx, port, other_ctx, other_port); 414 if (rc) 415 return rc; 416 417 rc = dsa_8021q_crosschip_link_apply(ctx, port, other_ctx, 418 other_port, true); 419 if (rc) 420 return rc; 421 422 rc = dsa_8021q_crosschip_link_add(ctx, port, other_ctx, other_upstream); 423 if (rc) 424 return rc; 425 426 return dsa_8021q_crosschip_link_apply(ctx, port, other_ctx, 427 other_upstream, true); 428 } 429 EXPORT_SYMBOL_GPL(dsa_8021q_crosschip_bridge_join); 430 431 int dsa_8021q_crosschip_bridge_leave(struct dsa_8021q_context *ctx, int port, 432 struct dsa_8021q_context *other_ctx, 433 int other_port) 434 { 435 int other_upstream = dsa_upstream_port(other_ctx->ds, other_port); 436 struct dsa_8021q_crosschip_link *c, *n; 437 438 list_for_each_entry_safe(c, n, &ctx->crosschip_links, list) { 439 if (c->port == port && c->other_ctx == other_ctx && 440 (c->other_port == other_port || 441 c->other_port == other_upstream)) { 442 struct dsa_8021q_context *other_ctx = c->other_ctx; 443 int other_port = c->other_port; 444 bool keep; 445 int rc; 446 447 dsa_8021q_crosschip_link_del(ctx, c, &keep); 448 if (keep) 449 continue; 450 451 rc = dsa_8021q_crosschip_link_apply(ctx, port, 452 other_ctx, 453 other_port, 454 false); 455 if (rc) 456 return rc; 457 } 458 } 459 460 return 0; 461 } 462 EXPORT_SYMBOL_GPL(dsa_8021q_crosschip_bridge_leave); 463 464 struct sk_buff *dsa_8021q_xmit(struct sk_buff *skb, struct net_device *netdev, 465 u16 tpid, u16 tci) 466 { 467 /* skb->data points at skb_mac_header, which 468 * is fine for vlan_insert_tag. 469 */ 470 return vlan_insert_tag(skb, htons(tpid), tci); 471 } 472 EXPORT_SYMBOL_GPL(dsa_8021q_xmit); 473 474 void dsa_8021q_rcv(struct sk_buff *skb, int *source_port, int *switch_id, 475 int *subvlan) 476 { 477 u16 vid, tci; 478 479 skb_push_rcsum(skb, ETH_HLEN); 480 if (skb_vlan_tag_present(skb)) { 481 tci = skb_vlan_tag_get(skb); 482 __vlan_hwaccel_clear_tag(skb); 483 } else { 484 __skb_vlan_pop(skb, &tci); 485 } 486 skb_pull_rcsum(skb, ETH_HLEN); 487 488 vid = tci & VLAN_VID_MASK; 489 490 *source_port = dsa_8021q_rx_source_port(vid); 491 *switch_id = dsa_8021q_rx_switch_id(vid); 492 *subvlan = dsa_8021q_rx_subvlan(vid); 493 skb->priority = (tci & VLAN_PRIO_MASK) >> VLAN_PRIO_SHIFT; 494 } 495 EXPORT_SYMBOL_GPL(dsa_8021q_rcv); 496 497 MODULE_LICENSE("GPL v2"); 498