]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blob - net/bridge/br_vlan.c
projects / mirror_ubuntu-jammy-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
[mirror_ubuntu-jammy-kernel.git] / net / bridge / br_vlan.c
1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5 #include <net/switchdev.h>
6
7 #include "br_private.h"
8 #include "br_private_tunnel.h"
9
10 static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg,
11 const void *ptr)
12 {
13 const struct net_bridge_vlan *vle = ptr;
14 u16 vid = *(u16 *)arg->key;
15
16 return vle->vid != vid;
17 }
18
19 static const struct rhashtable_params br_vlan_rht_params = {
20 .head_offset = offsetof(struct net_bridge_vlan, vnode),
21 .key_offset = offsetof(struct net_bridge_vlan, vid),
22 .key_len = sizeof(u16),
23 .nelem_hint = 3,
24 .locks_mul = 1,
25 .max_size = VLAN_N_VID,
26 .obj_cmpfn = br_vlan_cmp,
27 .automatic_shrinking = true,
28 };
29
30 static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid)
31 {
32 return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params);
33 }
34
35 static bool __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid)
36 {
37 if (vg->pvid == vid)
38 return false;
39
40 smp_wmb();
41 vg->pvid = vid;
42
43 return true;
44 }
45
46 static bool __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid)
47 {
48 if (vg->pvid != vid)
49 return false;
50
51 smp_wmb();
52 vg->pvid = 0;
53
54 return true;
55 }
56
57 /* return true if anything changed, false otherwise */
58 static bool __vlan_add_flags(struct net_bridge_vlan *v, u16 flags)
59 {
60 struct net_bridge_vlan_group *vg;
61 u16 old_flags = v->flags;
62 bool ret;
63
64 if (br_vlan_is_master(v))
65 vg = br_vlan_group(v->br);
66 else
67 vg = nbp_vlan_group(v->port);
68
69 if (flags & BRIDGE_VLAN_INFO_PVID)
70 ret = __vlan_add_pvid(vg, v->vid);
71 else
72 ret = __vlan_delete_pvid(vg, v->vid);
73
74 if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
75 v->flags |= BRIDGE_VLAN_INFO_UNTAGGED;
76 else
77 v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED;
78
79 return ret || !!(old_flags ^ v->flags);
80 }
81
82 static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br,
83 u16 vid, u16 flags, struct netlink_ext_ack *extack)
84 {
85 int err;
86
87 /* Try switchdev op first. In case it is not supported, fallback to
88 * 8021q add.
89 */
90 err = br_switchdev_port_vlan_add(dev, vid, flags, extack);
91 if (err == -EOPNOTSUPP)
92 return vlan_vid_add(dev, br->vlan_proto, vid);
93 return err;
94 }
95
96 static void __vlan_add_list(struct net_bridge_vlan *v)
97 {
98 struct net_bridge_vlan_group *vg;
99 struct list_head *headp, *hpos;
100 struct net_bridge_vlan *vent;
101
102 if (br_vlan_is_master(v))
103 vg = br_vlan_group(v->br);
104 else
105 vg = nbp_vlan_group(v->port);
106
107 headp = &vg->vlan_list;
108 list_for_each_prev(hpos, headp) {
109 vent = list_entry(hpos, struct net_bridge_vlan, vlist);
110 if (v->vid < vent->vid)
111 continue;
112 else
113 break;
114 }
115 list_add_rcu(&v->vlist, hpos);
116 }
117
118 static void __vlan_del_list(struct net_bridge_vlan *v)
119 {
120 list_del_rcu(&v->vlist);
121 }
122
123 static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br,
124 u16 vid)
125 {
126 int err;
127
128 /* Try switchdev op first. In case it is not supported, fallback to
129 * 8021q del.
130 */
131 err = br_switchdev_port_vlan_del(dev, vid);
132 if (err == -EOPNOTSUPP) {
133 vlan_vid_del(dev, br->vlan_proto, vid);
134 return 0;
135 }
136 return err;
137 }
138
139 /* Returns a master vlan, if it didn't exist it gets created. In all cases a
140 * a reference is taken to the master vlan before returning.
141 */
142 static struct net_bridge_vlan *
143 br_vlan_get_master(struct net_bridge *br, u16 vid,
144 struct netlink_ext_ack *extack)
145 {
146 struct net_bridge_vlan_group *vg;
147 struct net_bridge_vlan *masterv;
148
149 vg = br_vlan_group(br);
150 masterv = br_vlan_find(vg, vid);
151 if (!masterv) {
152 bool changed;
153
154 /* missing global ctx, create it now */
155 if (br_vlan_add(br, vid, 0, &changed, extack))
156 return NULL;
157 masterv = br_vlan_find(vg, vid);
158 if (WARN_ON(!masterv))
159 return NULL;
160 refcount_set(&masterv->refcnt, 1);
161 return masterv;
162 }
163 refcount_inc(&masterv->refcnt);
164
165 return masterv;
166 }
167
168 static void br_master_vlan_rcu_free(struct rcu_head *rcu)
169 {
170 struct net_bridge_vlan *v;
171
172 v = container_of(rcu, struct net_bridge_vlan, rcu);
173 WARN_ON(!br_vlan_is_master(v));
174 free_percpu(v->stats);
175 v->stats = NULL;
176 kfree(v);
177 }
178
179 static void br_vlan_put_master(struct net_bridge_vlan *masterv)
180 {
181 struct net_bridge_vlan_group *vg;
182
183 if (!br_vlan_is_master(masterv))
184 return;
185
186 vg = br_vlan_group(masterv->br);
187 if (refcount_dec_and_test(&masterv->refcnt)) {
188 rhashtable_remove_fast(&vg->vlan_hash,
189 &masterv->vnode, br_vlan_rht_params);
190 __vlan_del_list(masterv);
191 call_rcu(&masterv->rcu, br_master_vlan_rcu_free);
192 }
193 }
194
195 static void nbp_vlan_rcu_free(struct rcu_head *rcu)
196 {
197 struct net_bridge_vlan *v;
198
199 v = container_of(rcu, struct net_bridge_vlan, rcu);
200 WARN_ON(br_vlan_is_master(v));
201 /* if we had per-port stats configured then free them here */
202 if (v->priv_flags & BR_VLFLAG_PER_PORT_STATS)
203 free_percpu(v->stats);
204 v->stats = NULL;
205 kfree(v);
206 }
207
208 /* This is the shared VLAN add function which works for both ports and bridge
209 * devices. There are four possible calls to this function in terms of the
210 * vlan entry type:
211 * 1. vlan is being added on a port (no master flags, global entry exists)
212 * 2. vlan is being added on a bridge (both master and brentry flags)
213 * 3. vlan is being added on a port, but a global entry didn't exist which
214 * is being created right now (master flag set, brentry flag unset), the
215 * global entry is used for global per-vlan features, but not for filtering
216 * 4. same as 3 but with both master and brentry flags set so the entry
217 * will be used for filtering in both the port and the bridge
218 */
219 static int __vlan_add(struct net_bridge_vlan *v, u16 flags,
220 struct netlink_ext_ack *extack)
221 {
222 struct net_bridge_vlan *masterv = NULL;
223 struct net_bridge_port *p = NULL;
224 struct net_bridge_vlan_group *vg;
225 struct net_device *dev;
226 struct net_bridge *br;
227 int err;
228
229 if (br_vlan_is_master(v)) {
230 br = v->br;
231 dev = br->dev;
232 vg = br_vlan_group(br);
233 } else {
234 p = v->port;
235 br = p->br;
236 dev = p->dev;
237 vg = nbp_vlan_group(p);
238 }
239
240 if (p) {
241 /* Add VLAN to the device filter if it is supported.
242 * This ensures tagged traffic enters the bridge when
243 * promiscuous mode is disabled by br_manage_promisc().
244 */
245 err = __vlan_vid_add(dev, br, v->vid, flags, extack);
246 if (err)
247 goto out;
248
249 /* need to work on the master vlan too */
250 if (flags & BRIDGE_VLAN_INFO_MASTER) {
251 bool changed;
252
253 err = br_vlan_add(br, v->vid,
254 flags | BRIDGE_VLAN_INFO_BRENTRY,
255 &changed, extack);
256 if (err)
257 goto out_filt;
258 }
259
260 masterv = br_vlan_get_master(br, v->vid, extack);
261 if (!masterv)
262 goto out_filt;
263 v->brvlan = masterv;
264 if (br_opt_get(br, BROPT_VLAN_STATS_PER_PORT)) {
265 v->stats = netdev_alloc_pcpu_stats(struct br_vlan_stats);
266 if (!v->stats) {
267 err = -ENOMEM;
268 goto out_filt;
269 }
270 v->priv_flags |= BR_VLFLAG_PER_PORT_STATS;
271 } else {
272 v->stats = masterv->stats;
273 }
274 } else {
275 err = br_switchdev_port_vlan_add(dev, v->vid, flags, extack);
276 if (err && err != -EOPNOTSUPP)
277 goto out;
278 }
279
280 /* Add the dev mac and count the vlan only if it's usable */
281 if (br_vlan_should_use(v)) {
282 err = br_fdb_insert(br, p, dev->dev_addr, v->vid);
283 if (err) {
284 br_err(br, "failed insert local address into bridge forwarding table\n");
285 goto out_filt;
286 }
287 vg->num_vlans++;
288 }
289
290 err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode,
291 br_vlan_rht_params);
292 if (err)
293 goto out_fdb_insert;
294
295 __vlan_add_list(v);
296 __vlan_add_flags(v, flags);
297 out:
298 return err;
299
300 out_fdb_insert:
301 if (br_vlan_should_use(v)) {
302 br_fdb_find_delete_local(br, p, dev->dev_addr, v->vid);
303 vg->num_vlans--;
304 }
305
306 out_filt:
307 if (p) {
308 __vlan_vid_del(dev, br, v->vid);
309 if (masterv) {
310 if (v->stats && masterv->stats != v->stats)
311 free_percpu(v->stats);
312 v->stats = NULL;
313
314 br_vlan_put_master(masterv);
315 v->brvlan = NULL;
316 }
317 } else {
318 br_switchdev_port_vlan_del(dev, v->vid);
319 }
320
321 goto out;
322 }
323
324 static int __vlan_del(struct net_bridge_vlan *v)
325 {
326 struct net_bridge_vlan *masterv = v;
327 struct net_bridge_vlan_group *vg;
328 struct net_bridge_port *p = NULL;
329 int err = 0;
330
331 if (br_vlan_is_master(v)) {
332 vg = br_vlan_group(v->br);
333 } else {
334 p = v->port;
335 vg = nbp_vlan_group(v->port);
336 masterv = v->brvlan;
337 }
338
339 __vlan_delete_pvid(vg, v->vid);
340 if (p) {
341 err = __vlan_vid_del(p->dev, p->br, v->vid);
342 if (err)
343 goto out;
344 } else {
345 err = br_switchdev_port_vlan_del(v->br->dev, v->vid);
346 if (err && err != -EOPNOTSUPP)
347 goto out;
348 err = 0;
349 }
350
351 if (br_vlan_should_use(v)) {
352 v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY;
353 vg->num_vlans--;
354 }
355
356 if (masterv != v) {
357 vlan_tunnel_info_del(vg, v);
358 rhashtable_remove_fast(&vg->vlan_hash, &v->vnode,
359 br_vlan_rht_params);
360 __vlan_del_list(v);
361 call_rcu(&v->rcu, nbp_vlan_rcu_free);
362 }
363
364 br_vlan_put_master(masterv);
365 out:
366 return err;
367 }
368
369 static void __vlan_group_free(struct net_bridge_vlan_group *vg)
370 {
371 WARN_ON(!list_empty(&vg->vlan_list));
372 rhashtable_destroy(&vg->vlan_hash);
373 vlan_tunnel_deinit(vg);
374 kfree(vg);
375 }
376
377 static void __vlan_flush(struct net_bridge_vlan_group *vg)
378 {
379 struct net_bridge_vlan *vlan, *tmp;
380
381 __vlan_delete_pvid(vg, vg->pvid);
382 list_for_each_entry_safe(vlan, tmp, &vg->vlan_list, vlist)
383 __vlan_del(vlan);
384 }
385
386 struct sk_buff *br_handle_vlan(struct net_bridge *br,
387 const struct net_bridge_port *p,
388 struct net_bridge_vlan_group *vg,
389 struct sk_buff *skb)
390 {
391 struct br_vlan_stats *stats;
392 struct net_bridge_vlan *v;
393 u16 vid;
394
395 /* If this packet was not filtered at input, let it pass */
396 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
397 goto out;
398
399 /* At this point, we know that the frame was filtered and contains
400 * a valid vlan id. If the vlan id has untagged flag set,
401 * send untagged; otherwise, send tagged.
402 */
403 br_vlan_get_tag(skb, &vid);
404 v = br_vlan_find(vg, vid);
405 /* Vlan entry must be configured at this point. The
406 * only exception is the bridge is set in promisc mode and the
407 * packet is destined for the bridge device. In this case
408 * pass the packet as is.
409 */
410 if (!v || !br_vlan_should_use(v)) {
411 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
412 goto out;
413 } else {
414 kfree_skb(skb);
415 return NULL;
416 }
417 }
418 if (br_opt_get(br, BROPT_VLAN_STATS_ENABLED)) {
419 stats = this_cpu_ptr(v->stats);
420 u64_stats_update_begin(&stats->syncp);
421 stats->tx_bytes += skb->len;
422 stats->tx_packets++;
423 u64_stats_update_end(&stats->syncp);
424 }
425
426 if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)
427 __vlan_hwaccel_clear_tag(skb);
428
429 if (p && (p->flags & BR_VLAN_TUNNEL) &&
430 br_handle_egress_vlan_tunnel(skb, v)) {
431 kfree_skb(skb);
432 return NULL;
433 }
434 out:
435 return skb;
436 }
437
438 /* Called under RCU */
439 static bool __allowed_ingress(const struct net_bridge *br,
440 struct net_bridge_vlan_group *vg,
441 struct sk_buff *skb, u16 *vid)
442 {
443 struct br_vlan_stats *stats;
444 struct net_bridge_vlan *v;
445 bool tagged;
446
447 BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
448 /* If vlan tx offload is disabled on bridge device and frame was
449 * sent from vlan device on the bridge device, it does not have
450 * HW accelerated vlan tag.
451 */
452 if (unlikely(!skb_vlan_tag_present(skb) &&
453 skb->protocol == br->vlan_proto)) {
454 skb = skb_vlan_untag(skb);
455 if (unlikely(!skb))
456 return false;
457 }
458
459 if (!br_vlan_get_tag(skb, vid)) {
460 /* Tagged frame */
461 if (skb->vlan_proto != br->vlan_proto) {
462 /* Protocol-mismatch, empty out vlan_tci for new tag */
463 skb_push(skb, ETH_HLEN);
464 skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto,
465 skb_vlan_tag_get(skb));
466 if (unlikely(!skb))
467 return false;
468
469 skb_pull(skb, ETH_HLEN);
470 skb_reset_mac_len(skb);
471 *vid = 0;
472 tagged = false;
473 } else {
474 tagged = true;
475 }
476 } else {
477 /* Untagged frame */
478 tagged = false;
479 }
480
481 if (!*vid) {
482 u16 pvid = br_get_pvid(vg);
483
484 /* Frame had a tag with VID 0 or did not have a tag.
485 * See if pvid is set on this port. That tells us which
486 * vlan untagged or priority-tagged traffic belongs to.
487 */
488 if (!pvid)
489 goto drop;
490
491 /* PVID is set on this port. Any untagged or priority-tagged
492 * ingress frame is considered to belong to this vlan.
493 */
494 *vid = pvid;
495 if (likely(!tagged))
496 /* Untagged Frame. */
497 __vlan_hwaccel_put_tag(skb, br->vlan_proto, pvid);
498 else
499 /* Priority-tagged Frame.
500 * At this point, we know that skb->vlan_tci VID
501 * field was 0.
502 * We update only VID field and preserve PCP field.
503 */
504 skb->vlan_tci |= pvid;
505
506 /* if stats are disabled we can avoid the lookup */
507 if (!br_opt_get(br, BROPT_VLAN_STATS_ENABLED))
508 return true;
509 }
510 v = br_vlan_find(vg, *vid);
511 if (!v || !br_vlan_should_use(v))
512 goto drop;
513
514 if (br_opt_get(br, BROPT_VLAN_STATS_ENABLED)) {
515 stats = this_cpu_ptr(v->stats);
516 u64_stats_update_begin(&stats->syncp);
517 stats->rx_bytes += skb->len;
518 stats->rx_packets++;
519 u64_stats_update_end(&stats->syncp);
520 }
521
522 return true;
523
524 drop:
525 kfree_skb(skb);
526 return false;
527 }
528
529 bool br_allowed_ingress(const struct net_bridge *br,
530 struct net_bridge_vlan_group *vg, struct sk_buff *skb,
531 u16 *vid)
532 {
533 /* If VLAN filtering is disabled on the bridge, all packets are
534 * permitted.
535 */
536 if (!br_opt_get(br, BROPT_VLAN_ENABLED)) {
537 BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
538 return true;
539 }
540
541 return __allowed_ingress(br, vg, skb, vid);
542 }
543
544 /* Called under RCU. */
545 bool br_allowed_egress(struct net_bridge_vlan_group *vg,
546 const struct sk_buff *skb)
547 {
548 const struct net_bridge_vlan *v;
549 u16 vid;
550
551 /* If this packet was not filtered at input, let it pass */
552 if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
553 return true;
554
555 br_vlan_get_tag(skb, &vid);
556 v = br_vlan_find(vg, vid);
557 if (v && br_vlan_should_use(v))
558 return true;
559
560 return false;
561 }
562
563 /* Called under RCU */
564 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
565 {
566 struct net_bridge_vlan_group *vg;
567 struct net_bridge *br = p->br;
568
569 /* If filtering was disabled at input, let it pass. */
570 if (!br_opt_get(br, BROPT_VLAN_ENABLED))
571 return true;
572
573 vg = nbp_vlan_group_rcu(p);
574 if (!vg || !vg->num_vlans)
575 return false;
576
577 if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
578 *vid = 0;
579
580 if (!*vid) {
581 *vid = br_get_pvid(vg);
582 if (!*vid)
583 return false;
584
585 return true;
586 }
587
588 if (br_vlan_find(vg, *vid))
589 return true;
590
591 return false;
592 }
593
594 static int br_vlan_add_existing(struct net_bridge *br,
595 struct net_bridge_vlan_group *vg,
596 struct net_bridge_vlan *vlan,
597 u16 flags, bool *changed,
598 struct netlink_ext_ack *extack)
599 {
600 int err;
601
602 err = br_switchdev_port_vlan_add(br->dev, vlan->vid, flags, extack);
603 if (err && err != -EOPNOTSUPP)
604 return err;
605
606 if (!br_vlan_is_brentry(vlan)) {
607 /* Trying to change flags of non-existent bridge vlan */
608 if (!(flags & BRIDGE_VLAN_INFO_BRENTRY)) {
609 err = -EINVAL;
610 goto err_flags;
611 }
612 /* It was only kept for port vlans, now make it real */
613 err = br_fdb_insert(br, NULL, br->dev->dev_addr,
614 vlan->vid);
615 if (err) {
616 br_err(br, "failed to insert local address into bridge forwarding table\n");
617 goto err_fdb_insert;
618 }
619
620 refcount_inc(&vlan->refcnt);
621 vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY;
622 vg->num_vlans++;
623 *changed = true;
624 }
625
626 if (__vlan_add_flags(vlan, flags))
627 *changed = true;
628
629 return 0;
630
631 err_fdb_insert:
632 err_flags:
633 br_switchdev_port_vlan_del(br->dev, vlan->vid);
634 return err;
635 }
636
637 /* Must be protected by RTNL.
638 * Must be called with vid in range from 1 to 4094 inclusive.
639 * changed must be true only if the vlan was created or updated
640 */
641 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags, bool *changed,
642 struct netlink_ext_ack *extack)
643 {
644 struct net_bridge_vlan_group *vg;
645 struct net_bridge_vlan *vlan;
646 int ret;
647
648 ASSERT_RTNL();
649
650 *changed = false;
651 vg = br_vlan_group(br);
652 vlan = br_vlan_find(vg, vid);
653 if (vlan)
654 return br_vlan_add_existing(br, vg, vlan, flags, changed,
655 extack);
656
657 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
658 if (!vlan)
659 return -ENOMEM;
660
661 vlan->stats = netdev_alloc_pcpu_stats(struct br_vlan_stats);
662 if (!vlan->stats) {
663 kfree(vlan);
664 return -ENOMEM;
665 }
666 vlan->vid = vid;
667 vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER;
668 vlan->flags &= ~BRIDGE_VLAN_INFO_PVID;
669 vlan->br = br;
670 if (flags & BRIDGE_VLAN_INFO_BRENTRY)
671 refcount_set(&vlan->refcnt, 1);
672 ret = __vlan_add(vlan, flags, extack);
673 if (ret) {
674 free_percpu(vlan->stats);
675 kfree(vlan);
676 } else {
677 *changed = true;
678 }
679
680 return ret;
681 }
682
683 /* Must be protected by RTNL.
684 * Must be called with vid in range from 1 to 4094 inclusive.
685 */
686 int br_vlan_delete(struct net_bridge *br, u16 vid)
687 {
688 struct net_bridge_vlan_group *vg;
689 struct net_bridge_vlan *v;
690
691 ASSERT_RTNL();
692
693 vg = br_vlan_group(br);
694 v = br_vlan_find(vg, vid);
695 if (!v || !br_vlan_is_brentry(v))
696 return -ENOENT;
697
698 br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
699 br_fdb_delete_by_port(br, NULL, vid, 0);
700
701 vlan_tunnel_info_del(vg, v);
702
703 return __vlan_del(v);
704 }
705
706 void br_vlan_flush(struct net_bridge *br)
707 {
708 struct net_bridge_vlan_group *vg;
709
710 ASSERT_RTNL();
711
712 vg = br_vlan_group(br);
713 __vlan_flush(vg);
714 RCU_INIT_POINTER(br->vlgrp, NULL);
715 synchronize_rcu();
716 __vlan_group_free(vg);
717 }
718
719 struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid)
720 {
721 if (!vg)
722 return NULL;
723
724 return br_vlan_lookup(&vg->vlan_hash, vid);
725 }
726
727 /* Must be protected by RTNL. */
728 static void recalculate_group_addr(struct net_bridge *br)
729 {
730 if (br_opt_get(br, BROPT_GROUP_ADDR_SET))
731 return;
732
733 spin_lock_bh(&br->lock);
734 if (!br_opt_get(br, BROPT_VLAN_ENABLED) ||
735 br->vlan_proto == htons(ETH_P_8021Q)) {
736 /* Bridge Group Address */
737 br->group_addr[5] = 0x00;
738 } else { /* vlan_enabled && ETH_P_8021AD */
739 /* Provider Bridge Group Address */
740 br->group_addr[5] = 0x08;
741 }
742 spin_unlock_bh(&br->lock);
743 }
744
745 /* Must be protected by RTNL. */
746 void br_recalculate_fwd_mask(struct net_bridge *br)
747 {
748 if (!br_opt_get(br, BROPT_VLAN_ENABLED) ||
749 br->vlan_proto == htons(ETH_P_8021Q))
750 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
751 else /* vlan_enabled && ETH_P_8021AD */
752 br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
753 ~(1u << br->group_addr[5]);
754 }
755
756 int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
757 {
758 struct switchdev_attr attr = {
759 .orig_dev = br->dev,
760 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING,
761 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP,
762 .u.vlan_filtering = val,
763 };
764 int err;
765
766 if (br_opt_get(br, BROPT_VLAN_ENABLED) == !!val)
767 return 0;
768
769 err = switchdev_port_attr_set(br->dev, &attr);
770 if (err && err != -EOPNOTSUPP)
771 return err;
772
773 br_opt_toggle(br, BROPT_VLAN_ENABLED, !!val);
774 br_manage_promisc(br);
775 recalculate_group_addr(br);
776 br_recalculate_fwd_mask(br);
777
778 return 0;
779 }
780
781 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
782 {
783 return __br_vlan_filter_toggle(br, val);
784 }
785
786 bool br_vlan_enabled(const struct net_device *dev)
787 {
788 struct net_bridge *br = netdev_priv(dev);
789
790 return br_opt_get(br, BROPT_VLAN_ENABLED);
791 }
792 EXPORT_SYMBOL_GPL(br_vlan_enabled);
793
794 int __br_vlan_set_proto(struct net_bridge *br, __be16 proto)
795 {
796 int err = 0;
797 struct net_bridge_port *p;
798 struct net_bridge_vlan *vlan;
799 struct net_bridge_vlan_group *vg;
800 __be16 oldproto;
801
802 if (br->vlan_proto == proto)
803 return 0;
804
805 /* Add VLANs for the new proto to the device filter. */
806 list_for_each_entry(p, &br->port_list, list) {
807 vg = nbp_vlan_group(p);
808 list_for_each_entry(vlan, &vg->vlan_list, vlist) {
809 err = vlan_vid_add(p->dev, proto, vlan->vid);
810 if (err)
811 goto err_filt;
812 }
813 }
814
815 oldproto = br->vlan_proto;
816 br->vlan_proto = proto;
817
818 recalculate_group_addr(br);
819 br_recalculate_fwd_mask(br);
820
821 /* Delete VLANs for the old proto from the device filter. */
822 list_for_each_entry(p, &br->port_list, list) {
823 vg = nbp_vlan_group(p);
824 list_for_each_entry(vlan, &vg->vlan_list, vlist)
825 vlan_vid_del(p->dev, oldproto, vlan->vid);
826 }
827
828 return 0;
829
830 err_filt:
831 list_for_each_entry_continue_reverse(vlan, &vg->vlan_list, vlist)
832 vlan_vid_del(p->dev, proto, vlan->vid);
833
834 list_for_each_entry_continue_reverse(p, &br->port_list, list) {
835 vg = nbp_vlan_group(p);
836 list_for_each_entry(vlan, &vg->vlan_list, vlist)
837 vlan_vid_del(p->dev, proto, vlan->vid);
838 }
839
840 return err;
841 }
842
843 int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
844 {
845 if (val != ETH_P_8021Q && val != ETH_P_8021AD)
846 return -EPROTONOSUPPORT;
847
848 return __br_vlan_set_proto(br, htons(val));
849 }
850
851 int br_vlan_set_stats(struct net_bridge *br, unsigned long val)
852 {
853 switch (val) {
854 case 0:
855 case 1:
856 br_opt_toggle(br, BROPT_VLAN_STATS_ENABLED, !!val);
857 break;
858 default:
859 return -EINVAL;
860 }
861
862 return 0;
863 }
864
865 int br_vlan_set_stats_per_port(struct net_bridge *br, unsigned long val)
866 {
867 struct net_bridge_port *p;
868
869 /* allow to change the option if there are no port vlans configured */
870 list_for_each_entry(p, &br->port_list, list) {
871 struct net_bridge_vlan_group *vg = nbp_vlan_group(p);
872
873 if (vg->num_vlans)
874 return -EBUSY;
875 }
876
877 switch (val) {
878 case 0:
879 case 1:
880 br_opt_toggle(br, BROPT_VLAN_STATS_PER_PORT, !!val);
881 break;
882 default:
883 return -EINVAL;
884 }
885
886 return 0;
887 }
888
889 static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid)
890 {
891 struct net_bridge_vlan *v;
892
893 if (vid != vg->pvid)
894 return false;
895
896 v = br_vlan_lookup(&vg->vlan_hash, vid);
897 if (v && br_vlan_should_use(v) &&
898 (v->flags & BRIDGE_VLAN_INFO_UNTAGGED))
899 return true;
900
901 return false;
902 }
903
904 static void br_vlan_disable_default_pvid(struct net_bridge *br)
905 {
906 struct net_bridge_port *p;
907 u16 pvid = br->default_pvid;
908
909 /* Disable default_pvid on all ports where it is still
910 * configured.
911 */
912 if (vlan_default_pvid(br_vlan_group(br), pvid))
913 br_vlan_delete(br, pvid);
914
915 list_for_each_entry(p, &br->port_list, list) {
916 if (vlan_default_pvid(nbp_vlan_group(p), pvid))
917 nbp_vlan_delete(p, pvid);
918 }
919
920 br->default_pvid = 0;
921 }
922
923 int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid,
924 struct netlink_ext_ack *extack)
925 {
926 const struct net_bridge_vlan *pvent;
927 struct net_bridge_vlan_group *vg;
928 struct net_bridge_port *p;
929 unsigned long *changed;
930 bool vlchange;
931 u16 old_pvid;
932 int err = 0;
933
934 if (!pvid) {
935 br_vlan_disable_default_pvid(br);
936 return 0;
937 }
938
939 changed = bitmap_zalloc(BR_MAX_PORTS, GFP_KERNEL);
940 if (!changed)
941 return -ENOMEM;
942
943 old_pvid = br->default_pvid;
944
945 /* Update default_pvid config only if we do not conflict with
946 * user configuration.
947 */
948 vg = br_vlan_group(br);
949 pvent = br_vlan_find(vg, pvid);
950 if ((!old_pvid || vlan_default_pvid(vg, old_pvid)) &&
951 (!pvent || !br_vlan_should_use(pvent))) {
952 err = br_vlan_add(br, pvid,
953 BRIDGE_VLAN_INFO_PVID |
954 BRIDGE_VLAN_INFO_UNTAGGED |
955 BRIDGE_VLAN_INFO_BRENTRY,
956 &vlchange, extack);
957 if (err)
958 goto out;
959 br_vlan_delete(br, old_pvid);
960 set_bit(0, changed);
961 }
962
963 list_for_each_entry(p, &br->port_list, list) {
964 /* Update default_pvid config only if we do not conflict with
965 * user configuration.
966 */
967 vg = nbp_vlan_group(p);
968 if ((old_pvid &&
969 !vlan_default_pvid(vg, old_pvid)) ||
970 br_vlan_find(vg, pvid))
971 continue;
972
973 err = nbp_vlan_add(p, pvid,
974 BRIDGE_VLAN_INFO_PVID |
975 BRIDGE_VLAN_INFO_UNTAGGED,
976 &vlchange, extack);
977 if (err)
978 goto err_port;
979 nbp_vlan_delete(p, old_pvid);
980 set_bit(p->port_no, changed);
981 }
982
983 br->default_pvid = pvid;
984
985 out:
986 bitmap_free(changed);
987 return err;
988
989 err_port:
990 list_for_each_entry_continue_reverse(p, &br->port_list, list) {
991 if (!test_bit(p->port_no, changed))
992 continue;
993
994 if (old_pvid)
995 nbp_vlan_add(p, old_pvid,
996 BRIDGE_VLAN_INFO_PVID |
997 BRIDGE_VLAN_INFO_UNTAGGED,
998 &vlchange, NULL);
999 nbp_vlan_delete(p, pvid);
1000 }
1001
1002 if (test_bit(0, changed)) {
1003 if (old_pvid)
1004 br_vlan_add(br, old_pvid,
1005 BRIDGE_VLAN_INFO_PVID |
1006 BRIDGE_VLAN_INFO_UNTAGGED |
1007 BRIDGE_VLAN_INFO_BRENTRY,
1008 &vlchange, NULL);
1009 br_vlan_delete(br, pvid);
1010 }
1011 goto out;
1012 }
1013
1014 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val)
1015 {
1016 u16 pvid = val;
1017 int err = 0;
1018
1019 if (val >= VLAN_VID_MASK)
1020 return -EINVAL;
1021
1022 if (pvid == br->default_pvid)
1023 goto out;
1024
1025 /* Only allow default pvid change when filtering is disabled */
1026 if (br_opt_get(br, BROPT_VLAN_ENABLED)) {
1027 pr_info_once("Please disable vlan filtering to change default_pvid\n");
1028 err = -EPERM;
1029 goto out;
1030 }
1031 err = __br_vlan_set_default_pvid(br, pvid, NULL);
1032 out:
1033 return err;
1034 }
1035
1036 int br_vlan_init(struct net_bridge *br)
1037 {
1038 struct net_bridge_vlan_group *vg;
1039 int ret = -ENOMEM;
1040 bool changed;
1041
1042 vg = kzalloc(sizeof(*vg), GFP_KERNEL);
1043 if (!vg)
1044 goto out;
1045 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
1046 if (ret)
1047 goto err_rhtbl;
1048 ret = vlan_tunnel_init(vg);
1049 if (ret)
1050 goto err_tunnel_init;
1051 INIT_LIST_HEAD(&vg->vlan_list);
1052 br->vlan_proto = htons(ETH_P_8021Q);
1053 br->default_pvid = 1;
1054 rcu_assign_pointer(br->vlgrp, vg);
1055 ret = br_vlan_add(br, 1,
1056 BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED |
1057 BRIDGE_VLAN_INFO_BRENTRY, &changed, NULL);
1058 if (ret)
1059 goto err_vlan_add;
1060
1061 out:
1062 return ret;
1063
1064 err_vlan_add:
1065 vlan_tunnel_deinit(vg);
1066 err_tunnel_init:
1067 rhashtable_destroy(&vg->vlan_hash);
1068 err_rhtbl:
1069 kfree(vg);
1070
1071 goto out;
1072 }
1073
1074 int nbp_vlan_init(struct net_bridge_port *p, struct netlink_ext_ack *extack)
1075 {
1076 struct switchdev_attr attr = {
1077 .orig_dev = p->br->dev,
1078 .id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING,
1079 .flags = SWITCHDEV_F_SKIP_EOPNOTSUPP,
1080 .u.vlan_filtering = br_opt_get(p->br, BROPT_VLAN_ENABLED),
1081 };
1082 struct net_bridge_vlan_group *vg;
1083 int ret = -ENOMEM;
1084
1085 vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL);
1086 if (!vg)
1087 goto out;
1088
1089 ret = switchdev_port_attr_set(p->dev, &attr);
1090 if (ret && ret != -EOPNOTSUPP)
1091 goto err_vlan_enabled;
1092
1093 ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
1094 if (ret)
1095 goto err_rhtbl;
1096 ret = vlan_tunnel_init(vg);
1097 if (ret)
1098 goto err_tunnel_init;
1099 INIT_LIST_HEAD(&vg->vlan_list);
1100 rcu_assign_pointer(p->vlgrp, vg);
1101 if (p->br->default_pvid) {
1102 bool changed;
1103
1104 ret = nbp_vlan_add(p, p->br->default_pvid,
1105 BRIDGE_VLAN_INFO_PVID |
1106 BRIDGE_VLAN_INFO_UNTAGGED,
1107 &changed, extack);
1108 if (ret)
1109 goto err_vlan_add;
1110 }
1111 out:
1112 return ret;
1113
1114 err_vlan_add:
1115 RCU_INIT_POINTER(p->vlgrp, NULL);
1116 synchronize_rcu();
1117 vlan_tunnel_deinit(vg);
1118 err_tunnel_init:
1119 rhashtable_destroy(&vg->vlan_hash);
1120 err_rhtbl:
1121 err_vlan_enabled:
1122 kfree(vg);
1123
1124 goto out;
1125 }
1126
1127 /* Must be protected by RTNL.
1128 * Must be called with vid in range from 1 to 4094 inclusive.
1129 * changed must be true only if the vlan was created or updated
1130 */
1131 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags,
1132 bool *changed, struct netlink_ext_ack *extack)
1133 {
1134 struct net_bridge_vlan *vlan;
1135 int ret;
1136
1137 ASSERT_RTNL();
1138
1139 *changed = false;
1140 vlan = br_vlan_find(nbp_vlan_group(port), vid);
1141 if (vlan) {
1142 /* Pass the flags to the hardware bridge */
1143 ret = br_switchdev_port_vlan_add(port->dev, vid, flags, extack);
1144 if (ret && ret != -EOPNOTSUPP)
1145 return ret;
1146 *changed = __vlan_add_flags(vlan, flags);
1147
1148 return 0;
1149 }
1150
1151 vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
1152 if (!vlan)
1153 return -ENOMEM;
1154
1155 vlan->vid = vid;
1156 vlan->port = port;
1157 ret = __vlan_add(vlan, flags, extack);
1158 if (ret)
1159 kfree(vlan);
1160 else
1161 *changed = true;
1162
1163 return ret;
1164 }
1165
1166 /* Must be protected by RTNL.
1167 * Must be called with vid in range from 1 to 4094 inclusive.
1168 */
1169 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
1170 {
1171 struct net_bridge_vlan *v;
1172
1173 ASSERT_RTNL();
1174
1175 v = br_vlan_find(nbp_vlan_group(port), vid);
1176 if (!v)
1177 return -ENOENT;
1178 br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
1179 br_fdb_delete_by_port(port->br, port, vid, 0);
1180
1181 return __vlan_del(v);
1182 }
1183
1184 void nbp_vlan_flush(struct net_bridge_port *port)
1185 {
1186 struct net_bridge_vlan_group *vg;
1187
1188 ASSERT_RTNL();
1189
1190 vg = nbp_vlan_group(port);
1191 __vlan_flush(vg);
1192 RCU_INIT_POINTER(port->vlgrp, NULL);
1193 synchronize_rcu();
1194 __vlan_group_free(vg);
1195 }
1196
1197 void br_vlan_get_stats(const struct net_bridge_vlan *v,
1198 struct br_vlan_stats *stats)
1199 {
1200 int i;
1201
1202 memset(stats, 0, sizeof(*stats));
1203 for_each_possible_cpu(i) {
1204 u64 rxpackets, rxbytes, txpackets, txbytes;
1205 struct br_vlan_stats *cpu_stats;
1206 unsigned int start;
1207
1208 cpu_stats = per_cpu_ptr(v->stats, i);
1209 do {
1210 start = u64_stats_fetch_begin_irq(&cpu_stats->syncp);
1211 rxpackets = cpu_stats->rx_packets;
1212 rxbytes = cpu_stats->rx_bytes;
1213 txbytes = cpu_stats->tx_bytes;
1214 txpackets = cpu_stats->tx_packets;
1215 } while (u64_stats_fetch_retry_irq(&cpu_stats->syncp, start));
1216
1217 stats->rx_packets += rxpackets;
1218 stats->rx_bytes += rxbytes;
1219 stats->tx_bytes += txbytes;
1220 stats->tx_packets += txpackets;
1221 }
1222 }
1223
1224 int br_vlan_get_pvid(const struct net_device *dev, u16 *p_pvid)
1225 {
1226 struct net_bridge_vlan_group *vg;
1227 struct net_bridge_port *p;
1228
1229 ASSERT_RTNL();
1230 p = br_port_get_check_rtnl(dev);
1231 if (p)
1232 vg = nbp_vlan_group(p);
1233 else if (netif_is_bridge_master(dev))
1234 vg = br_vlan_group(netdev_priv(dev));
1235 else
1236 return -EINVAL;
1237
1238 *p_pvid = br_get_pvid(vg);
1239 return 0;
1240 }
1241 EXPORT_SYMBOL_GPL(br_vlan_get_pvid);
1242
1243 int br_vlan_get_info(const struct net_device *dev, u16 vid,
1244 struct bridge_vlan_info *p_vinfo)
1245 {
1246 struct net_bridge_vlan_group *vg;
1247 struct net_bridge_vlan *v;
1248 struct net_bridge_port *p;
1249
1250 ASSERT_RTNL();
1251 p = br_port_get_check_rtnl(dev);
1252 if (p)
1253 vg = nbp_vlan_group(p);
1254 else if (netif_is_bridge_master(dev))
1255 vg = br_vlan_group(netdev_priv(dev));
1256 else
1257 return -EINVAL;
1258
1259 v = br_vlan_find(vg, vid);
1260 if (!v)
1261 return -ENOENT;
1262
1263 p_vinfo->vid = vid;
1264 p_vinfo->flags = v->flags;
1265 return 0;
1266 }
1267 EXPORT_SYMBOL_GPL(br_vlan_get_info);
Ubuntu Jammy Linux kernel mirror