xref: /linux/net/bridge/br_vlan.c (revision ec63e2a4897075e427c121d863bd89c44578094f)
1 #include <linux/kernel.h>
2 #include <linux/netdevice.h>
3 #include <linux/rtnetlink.h>
4 #include <linux/slab.h>
5 #include <net/switchdev.h>
6 
7 #include "br_private.h"
8 #include "br_private_tunnel.h"
9 
10 static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg,
11 			      const void *ptr)
12 {
13 	const struct net_bridge_vlan *vle = ptr;
14 	u16 vid = *(u16 *)arg->key;
15 
16 	return vle->vid != vid;
17 }
18 
19 static const struct rhashtable_params br_vlan_rht_params = {
20 	.head_offset = offsetof(struct net_bridge_vlan, vnode),
21 	.key_offset = offsetof(struct net_bridge_vlan, vid),
22 	.key_len = sizeof(u16),
23 	.nelem_hint = 3,
24 	.locks_mul = 1,
25 	.max_size = VLAN_N_VID,
26 	.obj_cmpfn = br_vlan_cmp,
27 	.automatic_shrinking = true,
28 };
29 
30 static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid)
31 {
32 	return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params);
33 }
34 
35 static bool __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid)
36 {
37 	if (vg->pvid == vid)
38 		return false;
39 
40 	smp_wmb();
41 	vg->pvid = vid;
42 
43 	return true;
44 }
45 
46 static bool __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid)
47 {
48 	if (vg->pvid != vid)
49 		return false;
50 
51 	smp_wmb();
52 	vg->pvid = 0;
53 
54 	return true;
55 }
56 
57 /* return true if anything changed, false otherwise */
58 static bool __vlan_add_flags(struct net_bridge_vlan *v, u16 flags)
59 {
60 	struct net_bridge_vlan_group *vg;
61 	u16 old_flags = v->flags;
62 	bool ret;
63 
64 	if (br_vlan_is_master(v))
65 		vg = br_vlan_group(v->br);
66 	else
67 		vg = nbp_vlan_group(v->port);
68 
69 	if (flags & BRIDGE_VLAN_INFO_PVID)
70 		ret = __vlan_add_pvid(vg, v->vid);
71 	else
72 		ret = __vlan_delete_pvid(vg, v->vid);
73 
74 	if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
75 		v->flags |= BRIDGE_VLAN_INFO_UNTAGGED;
76 	else
77 		v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED;
78 
79 	return ret || !!(old_flags ^ v->flags);
80 }
81 
82 static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br,
83 			  struct net_bridge_vlan *v, u16 flags,
84 			  struct netlink_ext_ack *extack)
85 {
86 	int err;
87 
88 	/* Try switchdev op first. In case it is not supported, fallback to
89 	 * 8021q add.
90 	 */
91 	err = br_switchdev_port_vlan_add(dev, v->vid, flags, extack);
92 	if (err == -EOPNOTSUPP)
93 		return vlan_vid_add(dev, br->vlan_proto, v->vid);
94 	v->priv_flags |= BR_VLFLAG_ADDED_BY_SWITCHDEV;
95 	return err;
96 }
97 
98 static void __vlan_add_list(struct net_bridge_vlan *v)
99 {
100 	struct net_bridge_vlan_group *vg;
101 	struct list_head *headp, *hpos;
102 	struct net_bridge_vlan *vent;
103 
104 	if (br_vlan_is_master(v))
105 		vg = br_vlan_group(v->br);
106 	else
107 		vg = nbp_vlan_group(v->port);
108 
109 	headp = &vg->vlan_list;
110 	list_for_each_prev(hpos, headp) {
111 		vent = list_entry(hpos, struct net_bridge_vlan, vlist);
112 		if (v->vid < vent->vid)
113 			continue;
114 		else
115 			break;
116 	}
117 	list_add_rcu(&v->vlist, hpos);
118 }
119 
120 static void __vlan_del_list(struct net_bridge_vlan *v)
121 {
122 	list_del_rcu(&v->vlist);
123 }
124 
125 static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br,
126 			  const struct net_bridge_vlan *v)
127 {
128 	int err;
129 
130 	/* Try switchdev op first. In case it is not supported, fallback to
131 	 * 8021q del.
132 	 */
133 	err = br_switchdev_port_vlan_del(dev, v->vid);
134 	if (!(v->priv_flags & BR_VLFLAG_ADDED_BY_SWITCHDEV))
135 		vlan_vid_del(dev, br->vlan_proto, v->vid);
136 	return err == -EOPNOTSUPP ? 0 : err;
137 }
138 
139 /* Returns a master vlan, if it didn't exist it gets created. In all cases a
140  * a reference is taken to the master vlan before returning.
141  */
142 static struct net_bridge_vlan *
143 br_vlan_get_master(struct net_bridge *br, u16 vid,
144 		   struct netlink_ext_ack *extack)
145 {
146 	struct net_bridge_vlan_group *vg;
147 	struct net_bridge_vlan *masterv;
148 
149 	vg = br_vlan_group(br);
150 	masterv = br_vlan_find(vg, vid);
151 	if (!masterv) {
152 		bool changed;
153 
154 		/* missing global ctx, create it now */
155 		if (br_vlan_add(br, vid, 0, &changed, extack))
156 			return NULL;
157 		masterv = br_vlan_find(vg, vid);
158 		if (WARN_ON(!masterv))
159 			return NULL;
160 		refcount_set(&masterv->refcnt, 1);
161 		return masterv;
162 	}
163 	refcount_inc(&masterv->refcnt);
164 
165 	return masterv;
166 }
167 
168 static void br_master_vlan_rcu_free(struct rcu_head *rcu)
169 {
170 	struct net_bridge_vlan *v;
171 
172 	v = container_of(rcu, struct net_bridge_vlan, rcu);
173 	WARN_ON(!br_vlan_is_master(v));
174 	free_percpu(v->stats);
175 	v->stats = NULL;
176 	kfree(v);
177 }
178 
179 static void br_vlan_put_master(struct net_bridge_vlan *masterv)
180 {
181 	struct net_bridge_vlan_group *vg;
182 
183 	if (!br_vlan_is_master(masterv))
184 		return;
185 
186 	vg = br_vlan_group(masterv->br);
187 	if (refcount_dec_and_test(&masterv->refcnt)) {
188 		rhashtable_remove_fast(&vg->vlan_hash,
189 				       &masterv->vnode, br_vlan_rht_params);
190 		__vlan_del_list(masterv);
191 		call_rcu(&masterv->rcu, br_master_vlan_rcu_free);
192 	}
193 }
194 
195 static void nbp_vlan_rcu_free(struct rcu_head *rcu)
196 {
197 	struct net_bridge_vlan *v;
198 
199 	v = container_of(rcu, struct net_bridge_vlan, rcu);
200 	WARN_ON(br_vlan_is_master(v));
201 	/* if we had per-port stats configured then free them here */
202 	if (v->priv_flags & BR_VLFLAG_PER_PORT_STATS)
203 		free_percpu(v->stats);
204 	v->stats = NULL;
205 	kfree(v);
206 }
207 
208 /* This is the shared VLAN add function which works for both ports and bridge
209  * devices. There are four possible calls to this function in terms of the
210  * vlan entry type:
211  * 1. vlan is being added on a port (no master flags, global entry exists)
212  * 2. vlan is being added on a bridge (both master and brentry flags)
213  * 3. vlan is being added on a port, but a global entry didn't exist which
214  *    is being created right now (master flag set, brentry flag unset), the
215  *    global entry is used for global per-vlan features, but not for filtering
216  * 4. same as 3 but with both master and brentry flags set so the entry
217  *    will be used for filtering in both the port and the bridge
218  */
219 static int __vlan_add(struct net_bridge_vlan *v, u16 flags,
220 		      struct netlink_ext_ack *extack)
221 {
222 	struct net_bridge_vlan *masterv = NULL;
223 	struct net_bridge_port *p = NULL;
224 	struct net_bridge_vlan_group *vg;
225 	struct net_device *dev;
226 	struct net_bridge *br;
227 	int err;
228 
229 	if (br_vlan_is_master(v)) {
230 		br = v->br;
231 		dev = br->dev;
232 		vg = br_vlan_group(br);
233 	} else {
234 		p = v->port;
235 		br = p->br;
236 		dev = p->dev;
237 		vg = nbp_vlan_group(p);
238 	}
239 
240 	if (p) {
241 		/* Add VLAN to the device filter if it is supported.
242 		 * This ensures tagged traffic enters the bridge when
243 		 * promiscuous mode is disabled by br_manage_promisc().
244 		 */
245 		err = __vlan_vid_add(dev, br, v, flags, extack);
246 		if (err)
247 			goto out;
248 
249 		/* need to work on the master vlan too */
250 		if (flags & BRIDGE_VLAN_INFO_MASTER) {
251 			bool changed;
252 
253 			err = br_vlan_add(br, v->vid,
254 					  flags | BRIDGE_VLAN_INFO_BRENTRY,
255 					  &changed, extack);
256 			if (err)
257 				goto out_filt;
258 		}
259 
260 		masterv = br_vlan_get_master(br, v->vid, extack);
261 		if (!masterv)
262 			goto out_filt;
263 		v->brvlan = masterv;
264 		if (br_opt_get(br, BROPT_VLAN_STATS_PER_PORT)) {
265 			v->stats = netdev_alloc_pcpu_stats(struct br_vlan_stats);
266 			if (!v->stats) {
267 				err = -ENOMEM;
268 				goto out_filt;
269 			}
270 			v->priv_flags |= BR_VLFLAG_PER_PORT_STATS;
271 		} else {
272 			v->stats = masterv->stats;
273 		}
274 	} else {
275 		err = br_switchdev_port_vlan_add(dev, v->vid, flags, extack);
276 		if (err && err != -EOPNOTSUPP)
277 			goto out;
278 	}
279 
280 	/* Add the dev mac and count the vlan only if it's usable */
281 	if (br_vlan_should_use(v)) {
282 		err = br_fdb_insert(br, p, dev->dev_addr, v->vid);
283 		if (err) {
284 			br_err(br, "failed insert local address into bridge forwarding table\n");
285 			goto out_filt;
286 		}
287 		vg->num_vlans++;
288 	}
289 
290 	err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode,
291 					    br_vlan_rht_params);
292 	if (err)
293 		goto out_fdb_insert;
294 
295 	__vlan_add_list(v);
296 	__vlan_add_flags(v, flags);
297 out:
298 	return err;
299 
300 out_fdb_insert:
301 	if (br_vlan_should_use(v)) {
302 		br_fdb_find_delete_local(br, p, dev->dev_addr, v->vid);
303 		vg->num_vlans--;
304 	}
305 
306 out_filt:
307 	if (p) {
308 		__vlan_vid_del(dev, br, v);
309 		if (masterv) {
310 			if (v->stats && masterv->stats != v->stats)
311 				free_percpu(v->stats);
312 			v->stats = NULL;
313 
314 			br_vlan_put_master(masterv);
315 			v->brvlan = NULL;
316 		}
317 	} else {
318 		br_switchdev_port_vlan_del(dev, v->vid);
319 	}
320 
321 	goto out;
322 }
323 
324 static int __vlan_del(struct net_bridge_vlan *v)
325 {
326 	struct net_bridge_vlan *masterv = v;
327 	struct net_bridge_vlan_group *vg;
328 	struct net_bridge_port *p = NULL;
329 	int err = 0;
330 
331 	if (br_vlan_is_master(v)) {
332 		vg = br_vlan_group(v->br);
333 	} else {
334 		p = v->port;
335 		vg = nbp_vlan_group(v->port);
336 		masterv = v->brvlan;
337 	}
338 
339 	__vlan_delete_pvid(vg, v->vid);
340 	if (p) {
341 		err = __vlan_vid_del(p->dev, p->br, v);
342 		if (err)
343 			goto out;
344 	} else {
345 		err = br_switchdev_port_vlan_del(v->br->dev, v->vid);
346 		if (err && err != -EOPNOTSUPP)
347 			goto out;
348 		err = 0;
349 	}
350 
351 	if (br_vlan_should_use(v)) {
352 		v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY;
353 		vg->num_vlans--;
354 	}
355 
356 	if (masterv != v) {
357 		vlan_tunnel_info_del(vg, v);
358 		rhashtable_remove_fast(&vg->vlan_hash, &v->vnode,
359 				       br_vlan_rht_params);
360 		__vlan_del_list(v);
361 		call_rcu(&v->rcu, nbp_vlan_rcu_free);
362 	}
363 
364 	br_vlan_put_master(masterv);
365 out:
366 	return err;
367 }
368 
369 static void __vlan_group_free(struct net_bridge_vlan_group *vg)
370 {
371 	WARN_ON(!list_empty(&vg->vlan_list));
372 	rhashtable_destroy(&vg->vlan_hash);
373 	vlan_tunnel_deinit(vg);
374 	kfree(vg);
375 }
376 
377 static void __vlan_flush(struct net_bridge_vlan_group *vg)
378 {
379 	struct net_bridge_vlan *vlan, *tmp;
380 
381 	__vlan_delete_pvid(vg, vg->pvid);
382 	list_for_each_entry_safe(vlan, tmp, &vg->vlan_list, vlist)
383 		__vlan_del(vlan);
384 }
385 
386 struct sk_buff *br_handle_vlan(struct net_bridge *br,
387 			       const struct net_bridge_port *p,
388 			       struct net_bridge_vlan_group *vg,
389 			       struct sk_buff *skb)
390 {
391 	struct br_vlan_stats *stats;
392 	struct net_bridge_vlan *v;
393 	u16 vid;
394 
395 	/* If this packet was not filtered at input, let it pass */
396 	if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
397 		goto out;
398 
399 	/* At this point, we know that the frame was filtered and contains
400 	 * a valid vlan id.  If the vlan id has untagged flag set,
401 	 * send untagged; otherwise, send tagged.
402 	 */
403 	br_vlan_get_tag(skb, &vid);
404 	v = br_vlan_find(vg, vid);
405 	/* Vlan entry must be configured at this point.  The
406 	 * only exception is the bridge is set in promisc mode and the
407 	 * packet is destined for the bridge device.  In this case
408 	 * pass the packet as is.
409 	 */
410 	if (!v || !br_vlan_should_use(v)) {
411 		if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
412 			goto out;
413 		} else {
414 			kfree_skb(skb);
415 			return NULL;
416 		}
417 	}
418 	if (br_opt_get(br, BROPT_VLAN_STATS_ENABLED)) {
419 		stats = this_cpu_ptr(v->stats);
420 		u64_stats_update_begin(&stats->syncp);
421 		stats->tx_bytes += skb->len;
422 		stats->tx_packets++;
423 		u64_stats_update_end(&stats->syncp);
424 	}
425 
426 	if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)
427 		__vlan_hwaccel_clear_tag(skb);
428 
429 	if (p && (p->flags & BR_VLAN_TUNNEL) &&
430 	    br_handle_egress_vlan_tunnel(skb, v)) {
431 		kfree_skb(skb);
432 		return NULL;
433 	}
434 out:
435 	return skb;
436 }
437 
438 /* Called under RCU */
439 static bool __allowed_ingress(const struct net_bridge *br,
440 			      struct net_bridge_vlan_group *vg,
441 			      struct sk_buff *skb, u16 *vid)
442 {
443 	struct br_vlan_stats *stats;
444 	struct net_bridge_vlan *v;
445 	bool tagged;
446 
447 	BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
448 	/* If vlan tx offload is disabled on bridge device and frame was
449 	 * sent from vlan device on the bridge device, it does not have
450 	 * HW accelerated vlan tag.
451 	 */
452 	if (unlikely(!skb_vlan_tag_present(skb) &&
453 		     skb->protocol == br->vlan_proto)) {
454 		skb = skb_vlan_untag(skb);
455 		if (unlikely(!skb))
456 			return false;
457 	}
458 
459 	if (!br_vlan_get_tag(skb, vid)) {
460 		/* Tagged frame */
461 		if (skb->vlan_proto != br->vlan_proto) {
462 			/* Protocol-mismatch, empty out vlan_tci for new tag */
463 			skb_push(skb, ETH_HLEN);
464 			skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto,
465 							skb_vlan_tag_get(skb));
466 			if (unlikely(!skb))
467 				return false;
468 
469 			skb_pull(skb, ETH_HLEN);
470 			skb_reset_mac_len(skb);
471 			*vid = 0;
472 			tagged = false;
473 		} else {
474 			tagged = true;
475 		}
476 	} else {
477 		/* Untagged frame */
478 		tagged = false;
479 	}
480 
481 	if (!*vid) {
482 		u16 pvid = br_get_pvid(vg);
483 
484 		/* Frame had a tag with VID 0 or did not have a tag.
485 		 * See if pvid is set on this port.  That tells us which
486 		 * vlan untagged or priority-tagged traffic belongs to.
487 		 */
488 		if (!pvid)
489 			goto drop;
490 
491 		/* PVID is set on this port.  Any untagged or priority-tagged
492 		 * ingress frame is considered to belong to this vlan.
493 		 */
494 		*vid = pvid;
495 		if (likely(!tagged))
496 			/* Untagged Frame. */
497 			__vlan_hwaccel_put_tag(skb, br->vlan_proto, pvid);
498 		else
499 			/* Priority-tagged Frame.
500 			 * At this point, we know that skb->vlan_tci VID
501 			 * field was 0.
502 			 * We update only VID field and preserve PCP field.
503 			 */
504 			skb->vlan_tci |= pvid;
505 
506 		/* if stats are disabled we can avoid the lookup */
507 		if (!br_opt_get(br, BROPT_VLAN_STATS_ENABLED))
508 			return true;
509 	}
510 	v = br_vlan_find(vg, *vid);
511 	if (!v || !br_vlan_should_use(v))
512 		goto drop;
513 
514 	if (br_opt_get(br, BROPT_VLAN_STATS_ENABLED)) {
515 		stats = this_cpu_ptr(v->stats);
516 		u64_stats_update_begin(&stats->syncp);
517 		stats->rx_bytes += skb->len;
518 		stats->rx_packets++;
519 		u64_stats_update_end(&stats->syncp);
520 	}
521 
522 	return true;
523 
524 drop:
525 	kfree_skb(skb);
526 	return false;
527 }
528 
529 bool br_allowed_ingress(const struct net_bridge *br,
530 			struct net_bridge_vlan_group *vg, struct sk_buff *skb,
531 			u16 *vid)
532 {
533 	/* If VLAN filtering is disabled on the bridge, all packets are
534 	 * permitted.
535 	 */
536 	if (!br_opt_get(br, BROPT_VLAN_ENABLED)) {
537 		BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
538 		return true;
539 	}
540 
541 	return __allowed_ingress(br, vg, skb, vid);
542 }
543 
544 /* Called under RCU. */
545 bool br_allowed_egress(struct net_bridge_vlan_group *vg,
546 		       const struct sk_buff *skb)
547 {
548 	const struct net_bridge_vlan *v;
549 	u16 vid;
550 
551 	/* If this packet was not filtered at input, let it pass */
552 	if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
553 		return true;
554 
555 	br_vlan_get_tag(skb, &vid);
556 	v = br_vlan_find(vg, vid);
557 	if (v && br_vlan_should_use(v))
558 		return true;
559 
560 	return false;
561 }
562 
563 /* Called under RCU */
564 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
565 {
566 	struct net_bridge_vlan_group *vg;
567 	struct net_bridge *br = p->br;
568 
569 	/* If filtering was disabled at input, let it pass. */
570 	if (!br_opt_get(br, BROPT_VLAN_ENABLED))
571 		return true;
572 
573 	vg = nbp_vlan_group_rcu(p);
574 	if (!vg || !vg->num_vlans)
575 		return false;
576 
577 	if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
578 		*vid = 0;
579 
580 	if (!*vid) {
581 		*vid = br_get_pvid(vg);
582 		if (!*vid)
583 			return false;
584 
585 		return true;
586 	}
587 
588 	if (br_vlan_find(vg, *vid))
589 		return true;
590 
591 	return false;
592 }
593 
594 static int br_vlan_add_existing(struct net_bridge *br,
595 				struct net_bridge_vlan_group *vg,
596 				struct net_bridge_vlan *vlan,
597 				u16 flags, bool *changed,
598 				struct netlink_ext_ack *extack)
599 {
600 	int err;
601 
602 	err = br_switchdev_port_vlan_add(br->dev, vlan->vid, flags, extack);
603 	if (err && err != -EOPNOTSUPP)
604 		return err;
605 
606 	if (!br_vlan_is_brentry(vlan)) {
607 		/* Trying to change flags of non-existent bridge vlan */
608 		if (!(flags & BRIDGE_VLAN_INFO_BRENTRY)) {
609 			err = -EINVAL;
610 			goto err_flags;
611 		}
612 		/* It was only kept for port vlans, now make it real */
613 		err = br_fdb_insert(br, NULL, br->dev->dev_addr,
614 				    vlan->vid);
615 		if (err) {
616 			br_err(br, "failed to insert local address into bridge forwarding table\n");
617 			goto err_fdb_insert;
618 		}
619 
620 		refcount_inc(&vlan->refcnt);
621 		vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY;
622 		vg->num_vlans++;
623 		*changed = true;
624 	}
625 
626 	if (__vlan_add_flags(vlan, flags))
627 		*changed = true;
628 
629 	return 0;
630 
631 err_fdb_insert:
632 err_flags:
633 	br_switchdev_port_vlan_del(br->dev, vlan->vid);
634 	return err;
635 }
636 
637 /* Must be protected by RTNL.
638  * Must be called with vid in range from 1 to 4094 inclusive.
639  * changed must be true only if the vlan was created or updated
640  */
641 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags, bool *changed,
642 		struct netlink_ext_ack *extack)
643 {
644 	struct net_bridge_vlan_group *vg;
645 	struct net_bridge_vlan *vlan;
646 	int ret;
647 
648 	ASSERT_RTNL();
649 
650 	*changed = false;
651 	vg = br_vlan_group(br);
652 	vlan = br_vlan_find(vg, vid);
653 	if (vlan)
654 		return br_vlan_add_existing(br, vg, vlan, flags, changed,
655 					    extack);
656 
657 	vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
658 	if (!vlan)
659 		return -ENOMEM;
660 
661 	vlan->stats = netdev_alloc_pcpu_stats(struct br_vlan_stats);
662 	if (!vlan->stats) {
663 		kfree(vlan);
664 		return -ENOMEM;
665 	}
666 	vlan->vid = vid;
667 	vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER;
668 	vlan->flags &= ~BRIDGE_VLAN_INFO_PVID;
669 	vlan->br = br;
670 	if (flags & BRIDGE_VLAN_INFO_BRENTRY)
671 		refcount_set(&vlan->refcnt, 1);
672 	ret = __vlan_add(vlan, flags, extack);
673 	if (ret) {
674 		free_percpu(vlan->stats);
675 		kfree(vlan);
676 	} else {
677 		*changed = true;
678 	}
679 
680 	return ret;
681 }
682 
683 /* Must be protected by RTNL.
684  * Must be called with vid in range from 1 to 4094 inclusive.
685  */
686 int br_vlan_delete(struct net_bridge *br, u16 vid)
687 {
688 	struct net_bridge_vlan_group *vg;
689 	struct net_bridge_vlan *v;
690 
691 	ASSERT_RTNL();
692 
693 	vg = br_vlan_group(br);
694 	v = br_vlan_find(vg, vid);
695 	if (!v || !br_vlan_is_brentry(v))
696 		return -ENOENT;
697 
698 	br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
699 	br_fdb_delete_by_port(br, NULL, vid, 0);
700 
701 	vlan_tunnel_info_del(vg, v);
702 
703 	return __vlan_del(v);
704 }
705 
706 void br_vlan_flush(struct net_bridge *br)
707 {
708 	struct net_bridge_vlan_group *vg;
709 
710 	ASSERT_RTNL();
711 
712 	vg = br_vlan_group(br);
713 	__vlan_flush(vg);
714 	RCU_INIT_POINTER(br->vlgrp, NULL);
715 	synchronize_rcu();
716 	__vlan_group_free(vg);
717 }
718 
719 struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid)
720 {
721 	if (!vg)
722 		return NULL;
723 
724 	return br_vlan_lookup(&vg->vlan_hash, vid);
725 }
726 
727 /* Must be protected by RTNL. */
728 static void recalculate_group_addr(struct net_bridge *br)
729 {
730 	if (br_opt_get(br, BROPT_GROUP_ADDR_SET))
731 		return;
732 
733 	spin_lock_bh(&br->lock);
734 	if (!br_opt_get(br, BROPT_VLAN_ENABLED) ||
735 	    br->vlan_proto == htons(ETH_P_8021Q)) {
736 		/* Bridge Group Address */
737 		br->group_addr[5] = 0x00;
738 	} else { /* vlan_enabled && ETH_P_8021AD */
739 		/* Provider Bridge Group Address */
740 		br->group_addr[5] = 0x08;
741 	}
742 	spin_unlock_bh(&br->lock);
743 }
744 
745 /* Must be protected by RTNL. */
746 void br_recalculate_fwd_mask(struct net_bridge *br)
747 {
748 	if (!br_opt_get(br, BROPT_VLAN_ENABLED) ||
749 	    br->vlan_proto == htons(ETH_P_8021Q))
750 		br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
751 	else /* vlan_enabled && ETH_P_8021AD */
752 		br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
753 					      ~(1u << br->group_addr[5]);
754 }
755 
756 int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
757 {
758 	struct switchdev_attr attr = {
759 		.orig_dev = br->dev,
760 		.id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING,
761 		.flags = SWITCHDEV_F_SKIP_EOPNOTSUPP,
762 		.u.vlan_filtering = val,
763 	};
764 	int err;
765 
766 	if (br_opt_get(br, BROPT_VLAN_ENABLED) == !!val)
767 		return 0;
768 
769 	err = switchdev_port_attr_set(br->dev, &attr);
770 	if (err && err != -EOPNOTSUPP)
771 		return err;
772 
773 	br_opt_toggle(br, BROPT_VLAN_ENABLED, !!val);
774 	br_manage_promisc(br);
775 	recalculate_group_addr(br);
776 	br_recalculate_fwd_mask(br);
777 
778 	return 0;
779 }
780 
781 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
782 {
783 	return __br_vlan_filter_toggle(br, val);
784 }
785 
786 bool br_vlan_enabled(const struct net_device *dev)
787 {
788 	struct net_bridge *br = netdev_priv(dev);
789 
790 	return br_opt_get(br, BROPT_VLAN_ENABLED);
791 }
792 EXPORT_SYMBOL_GPL(br_vlan_enabled);
793 
794 int __br_vlan_set_proto(struct net_bridge *br, __be16 proto)
795 {
796 	int err = 0;
797 	struct net_bridge_port *p;
798 	struct net_bridge_vlan *vlan;
799 	struct net_bridge_vlan_group *vg;
800 	__be16 oldproto;
801 
802 	if (br->vlan_proto == proto)
803 		return 0;
804 
805 	/* Add VLANs for the new proto to the device filter. */
806 	list_for_each_entry(p, &br->port_list, list) {
807 		vg = nbp_vlan_group(p);
808 		list_for_each_entry(vlan, &vg->vlan_list, vlist) {
809 			err = vlan_vid_add(p->dev, proto, vlan->vid);
810 			if (err)
811 				goto err_filt;
812 		}
813 	}
814 
815 	oldproto = br->vlan_proto;
816 	br->vlan_proto = proto;
817 
818 	recalculate_group_addr(br);
819 	br_recalculate_fwd_mask(br);
820 
821 	/* Delete VLANs for the old proto from the device filter. */
822 	list_for_each_entry(p, &br->port_list, list) {
823 		vg = nbp_vlan_group(p);
824 		list_for_each_entry(vlan, &vg->vlan_list, vlist)
825 			vlan_vid_del(p->dev, oldproto, vlan->vid);
826 	}
827 
828 	return 0;
829 
830 err_filt:
831 	list_for_each_entry_continue_reverse(vlan, &vg->vlan_list, vlist)
832 		vlan_vid_del(p->dev, proto, vlan->vid);
833 
834 	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
835 		vg = nbp_vlan_group(p);
836 		list_for_each_entry(vlan, &vg->vlan_list, vlist)
837 			vlan_vid_del(p->dev, proto, vlan->vid);
838 	}
839 
840 	return err;
841 }
842 
843 int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
844 {
845 	if (val != ETH_P_8021Q && val != ETH_P_8021AD)
846 		return -EPROTONOSUPPORT;
847 
848 	return __br_vlan_set_proto(br, htons(val));
849 }
850 
851 int br_vlan_set_stats(struct net_bridge *br, unsigned long val)
852 {
853 	switch (val) {
854 	case 0:
855 	case 1:
856 		br_opt_toggle(br, BROPT_VLAN_STATS_ENABLED, !!val);
857 		break;
858 	default:
859 		return -EINVAL;
860 	}
861 
862 	return 0;
863 }
864 
865 int br_vlan_set_stats_per_port(struct net_bridge *br, unsigned long val)
866 {
867 	struct net_bridge_port *p;
868 
869 	/* allow to change the option if there are no port vlans configured */
870 	list_for_each_entry(p, &br->port_list, list) {
871 		struct net_bridge_vlan_group *vg = nbp_vlan_group(p);
872 
873 		if (vg->num_vlans)
874 			return -EBUSY;
875 	}
876 
877 	switch (val) {
878 	case 0:
879 	case 1:
880 		br_opt_toggle(br, BROPT_VLAN_STATS_PER_PORT, !!val);
881 		break;
882 	default:
883 		return -EINVAL;
884 	}
885 
886 	return 0;
887 }
888 
889 static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid)
890 {
891 	struct net_bridge_vlan *v;
892 
893 	if (vid != vg->pvid)
894 		return false;
895 
896 	v = br_vlan_lookup(&vg->vlan_hash, vid);
897 	if (v && br_vlan_should_use(v) &&
898 	    (v->flags & BRIDGE_VLAN_INFO_UNTAGGED))
899 		return true;
900 
901 	return false;
902 }
903 
904 static void br_vlan_disable_default_pvid(struct net_bridge *br)
905 {
906 	struct net_bridge_port *p;
907 	u16 pvid = br->default_pvid;
908 
909 	/* Disable default_pvid on all ports where it is still
910 	 * configured.
911 	 */
912 	if (vlan_default_pvid(br_vlan_group(br), pvid))
913 		br_vlan_delete(br, pvid);
914 
915 	list_for_each_entry(p, &br->port_list, list) {
916 		if (vlan_default_pvid(nbp_vlan_group(p), pvid))
917 			nbp_vlan_delete(p, pvid);
918 	}
919 
920 	br->default_pvid = 0;
921 }
922 
923 int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid,
924 			       struct netlink_ext_ack *extack)
925 {
926 	const struct net_bridge_vlan *pvent;
927 	struct net_bridge_vlan_group *vg;
928 	struct net_bridge_port *p;
929 	unsigned long *changed;
930 	bool vlchange;
931 	u16 old_pvid;
932 	int err = 0;
933 
934 	if (!pvid) {
935 		br_vlan_disable_default_pvid(br);
936 		return 0;
937 	}
938 
939 	changed = bitmap_zalloc(BR_MAX_PORTS, GFP_KERNEL);
940 	if (!changed)
941 		return -ENOMEM;
942 
943 	old_pvid = br->default_pvid;
944 
945 	/* Update default_pvid config only if we do not conflict with
946 	 * user configuration.
947 	 */
948 	vg = br_vlan_group(br);
949 	pvent = br_vlan_find(vg, pvid);
950 	if ((!old_pvid || vlan_default_pvid(vg, old_pvid)) &&
951 	    (!pvent || !br_vlan_should_use(pvent))) {
952 		err = br_vlan_add(br, pvid,
953 				  BRIDGE_VLAN_INFO_PVID |
954 				  BRIDGE_VLAN_INFO_UNTAGGED |
955 				  BRIDGE_VLAN_INFO_BRENTRY,
956 				  &vlchange, extack);
957 		if (err)
958 			goto out;
959 		br_vlan_delete(br, old_pvid);
960 		set_bit(0, changed);
961 	}
962 
963 	list_for_each_entry(p, &br->port_list, list) {
964 		/* Update default_pvid config only if we do not conflict with
965 		 * user configuration.
966 		 */
967 		vg = nbp_vlan_group(p);
968 		if ((old_pvid &&
969 		     !vlan_default_pvid(vg, old_pvid)) ||
970 		    br_vlan_find(vg, pvid))
971 			continue;
972 
973 		err = nbp_vlan_add(p, pvid,
974 				   BRIDGE_VLAN_INFO_PVID |
975 				   BRIDGE_VLAN_INFO_UNTAGGED,
976 				   &vlchange, extack);
977 		if (err)
978 			goto err_port;
979 		nbp_vlan_delete(p, old_pvid);
980 		set_bit(p->port_no, changed);
981 	}
982 
983 	br->default_pvid = pvid;
984 
985 out:
986 	bitmap_free(changed);
987 	return err;
988 
989 err_port:
990 	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
991 		if (!test_bit(p->port_no, changed))
992 			continue;
993 
994 		if (old_pvid)
995 			nbp_vlan_add(p, old_pvid,
996 				     BRIDGE_VLAN_INFO_PVID |
997 				     BRIDGE_VLAN_INFO_UNTAGGED,
998 				     &vlchange, NULL);
999 		nbp_vlan_delete(p, pvid);
1000 	}
1001 
1002 	if (test_bit(0, changed)) {
1003 		if (old_pvid)
1004 			br_vlan_add(br, old_pvid,
1005 				    BRIDGE_VLAN_INFO_PVID |
1006 				    BRIDGE_VLAN_INFO_UNTAGGED |
1007 				    BRIDGE_VLAN_INFO_BRENTRY,
1008 				    &vlchange, NULL);
1009 		br_vlan_delete(br, pvid);
1010 	}
1011 	goto out;
1012 }
1013 
1014 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val)
1015 {
1016 	u16 pvid = val;
1017 	int err = 0;
1018 
1019 	if (val >= VLAN_VID_MASK)
1020 		return -EINVAL;
1021 
1022 	if (pvid == br->default_pvid)
1023 		goto out;
1024 
1025 	/* Only allow default pvid change when filtering is disabled */
1026 	if (br_opt_get(br, BROPT_VLAN_ENABLED)) {
1027 		pr_info_once("Please disable vlan filtering to change default_pvid\n");
1028 		err = -EPERM;
1029 		goto out;
1030 	}
1031 	err = __br_vlan_set_default_pvid(br, pvid, NULL);
1032 out:
1033 	return err;
1034 }
1035 
1036 int br_vlan_init(struct net_bridge *br)
1037 {
1038 	struct net_bridge_vlan_group *vg;
1039 	int ret = -ENOMEM;
1040 	bool changed;
1041 
1042 	vg = kzalloc(sizeof(*vg), GFP_KERNEL);
1043 	if (!vg)
1044 		goto out;
1045 	ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
1046 	if (ret)
1047 		goto err_rhtbl;
1048 	ret = vlan_tunnel_init(vg);
1049 	if (ret)
1050 		goto err_tunnel_init;
1051 	INIT_LIST_HEAD(&vg->vlan_list);
1052 	br->vlan_proto = htons(ETH_P_8021Q);
1053 	br->default_pvid = 1;
1054 	rcu_assign_pointer(br->vlgrp, vg);
1055 	ret = br_vlan_add(br, 1,
1056 			  BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED |
1057 			  BRIDGE_VLAN_INFO_BRENTRY, &changed, NULL);
1058 	if (ret)
1059 		goto err_vlan_add;
1060 
1061 out:
1062 	return ret;
1063 
1064 err_vlan_add:
1065 	vlan_tunnel_deinit(vg);
1066 err_tunnel_init:
1067 	rhashtable_destroy(&vg->vlan_hash);
1068 err_rhtbl:
1069 	kfree(vg);
1070 
1071 	goto out;
1072 }
1073 
1074 int nbp_vlan_init(struct net_bridge_port *p, struct netlink_ext_ack *extack)
1075 {
1076 	struct switchdev_attr attr = {
1077 		.orig_dev = p->br->dev,
1078 		.id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING,
1079 		.flags = SWITCHDEV_F_SKIP_EOPNOTSUPP,
1080 		.u.vlan_filtering = br_opt_get(p->br, BROPT_VLAN_ENABLED),
1081 	};
1082 	struct net_bridge_vlan_group *vg;
1083 	int ret = -ENOMEM;
1084 
1085 	vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL);
1086 	if (!vg)
1087 		goto out;
1088 
1089 	ret = switchdev_port_attr_set(p->dev, &attr);
1090 	if (ret && ret != -EOPNOTSUPP)
1091 		goto err_vlan_enabled;
1092 
1093 	ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
1094 	if (ret)
1095 		goto err_rhtbl;
1096 	ret = vlan_tunnel_init(vg);
1097 	if (ret)
1098 		goto err_tunnel_init;
1099 	INIT_LIST_HEAD(&vg->vlan_list);
1100 	rcu_assign_pointer(p->vlgrp, vg);
1101 	if (p->br->default_pvid) {
1102 		bool changed;
1103 
1104 		ret = nbp_vlan_add(p, p->br->default_pvid,
1105 				   BRIDGE_VLAN_INFO_PVID |
1106 				   BRIDGE_VLAN_INFO_UNTAGGED,
1107 				   &changed, extack);
1108 		if (ret)
1109 			goto err_vlan_add;
1110 	}
1111 out:
1112 	return ret;
1113 
1114 err_vlan_add:
1115 	RCU_INIT_POINTER(p->vlgrp, NULL);
1116 	synchronize_rcu();
1117 	vlan_tunnel_deinit(vg);
1118 err_tunnel_init:
1119 	rhashtable_destroy(&vg->vlan_hash);
1120 err_rhtbl:
1121 err_vlan_enabled:
1122 	kfree(vg);
1123 
1124 	goto out;
1125 }
1126 
1127 /* Must be protected by RTNL.
1128  * Must be called with vid in range from 1 to 4094 inclusive.
1129  * changed must be true only if the vlan was created or updated
1130  */
1131 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags,
1132 		 bool *changed, struct netlink_ext_ack *extack)
1133 {
1134 	struct net_bridge_vlan *vlan;
1135 	int ret;
1136 
1137 	ASSERT_RTNL();
1138 
1139 	*changed = false;
1140 	vlan = br_vlan_find(nbp_vlan_group(port), vid);
1141 	if (vlan) {
1142 		/* Pass the flags to the hardware bridge */
1143 		ret = br_switchdev_port_vlan_add(port->dev, vid, flags, extack);
1144 		if (ret && ret != -EOPNOTSUPP)
1145 			return ret;
1146 		*changed = __vlan_add_flags(vlan, flags);
1147 
1148 		return 0;
1149 	}
1150 
1151 	vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
1152 	if (!vlan)
1153 		return -ENOMEM;
1154 
1155 	vlan->vid = vid;
1156 	vlan->port = port;
1157 	ret = __vlan_add(vlan, flags, extack);
1158 	if (ret)
1159 		kfree(vlan);
1160 	else
1161 		*changed = true;
1162 
1163 	return ret;
1164 }
1165 
1166 /* Must be protected by RTNL.
1167  * Must be called with vid in range from 1 to 4094 inclusive.
1168  */
1169 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
1170 {
1171 	struct net_bridge_vlan *v;
1172 
1173 	ASSERT_RTNL();
1174 
1175 	v = br_vlan_find(nbp_vlan_group(port), vid);
1176 	if (!v)
1177 		return -ENOENT;
1178 	br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
1179 	br_fdb_delete_by_port(port->br, port, vid, 0);
1180 
1181 	return __vlan_del(v);
1182 }
1183 
1184 void nbp_vlan_flush(struct net_bridge_port *port)
1185 {
1186 	struct net_bridge_vlan_group *vg;
1187 
1188 	ASSERT_RTNL();
1189 
1190 	vg = nbp_vlan_group(port);
1191 	__vlan_flush(vg);
1192 	RCU_INIT_POINTER(port->vlgrp, NULL);
1193 	synchronize_rcu();
1194 	__vlan_group_free(vg);
1195 }
1196 
1197 void br_vlan_get_stats(const struct net_bridge_vlan *v,
1198 		       struct br_vlan_stats *stats)
1199 {
1200 	int i;
1201 
1202 	memset(stats, 0, sizeof(*stats));
1203 	for_each_possible_cpu(i) {
1204 		u64 rxpackets, rxbytes, txpackets, txbytes;
1205 		struct br_vlan_stats *cpu_stats;
1206 		unsigned int start;
1207 
1208 		cpu_stats = per_cpu_ptr(v->stats, i);
1209 		do {
1210 			start = u64_stats_fetch_begin_irq(&cpu_stats->syncp);
1211 			rxpackets = cpu_stats->rx_packets;
1212 			rxbytes = cpu_stats->rx_bytes;
1213 			txbytes = cpu_stats->tx_bytes;
1214 			txpackets = cpu_stats->tx_packets;
1215 		} while (u64_stats_fetch_retry_irq(&cpu_stats->syncp, start));
1216 
1217 		stats->rx_packets += rxpackets;
1218 		stats->rx_bytes += rxbytes;
1219 		stats->tx_bytes += txbytes;
1220 		stats->tx_packets += txpackets;
1221 	}
1222 }
1223 
1224 int br_vlan_get_pvid(const struct net_device *dev, u16 *p_pvid)
1225 {
1226 	struct net_bridge_vlan_group *vg;
1227 	struct net_bridge_port *p;
1228 
1229 	ASSERT_RTNL();
1230 	p = br_port_get_check_rtnl(dev);
1231 	if (p)
1232 		vg = nbp_vlan_group(p);
1233 	else if (netif_is_bridge_master(dev))
1234 		vg = br_vlan_group(netdev_priv(dev));
1235 	else
1236 		return -EINVAL;
1237 
1238 	*p_pvid = br_get_pvid(vg);
1239 	return 0;
1240 }
1241 EXPORT_SYMBOL_GPL(br_vlan_get_pvid);
1242 
1243 int br_vlan_get_info(const struct net_device *dev, u16 vid,
1244 		     struct bridge_vlan_info *p_vinfo)
1245 {
1246 	struct net_bridge_vlan_group *vg;
1247 	struct net_bridge_vlan *v;
1248 	struct net_bridge_port *p;
1249 
1250 	ASSERT_RTNL();
1251 	p = br_port_get_check_rtnl(dev);
1252 	if (p)
1253 		vg = nbp_vlan_group(p);
1254 	else if (netif_is_bridge_master(dev))
1255 		vg = br_vlan_group(netdev_priv(dev));
1256 	else
1257 		return -EINVAL;
1258 
1259 	v = br_vlan_find(vg, vid);
1260 	if (!v)
1261 		return -ENOENT;
1262 
1263 	p_vinfo->vid = vid;
1264 	p_vinfo->flags = v->flags;
1265 	return 0;
1266 }
1267 EXPORT_SYMBOL_GPL(br_vlan_get_info);
1268