br_vlan.c 22.6 KB
Newer Older
1 2 3 4
#include <linux/kernel.h>
#include <linux/netdevice.h>
#include <linux/rtnetlink.h>
#include <linux/slab.h>
5
#include <net/switchdev.h>
6 7 8

#include "br_private.h"

9 10
static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg,
			      const void *ptr)
11
{
12 13 14 15 16 17 18 19 20 21
	const struct net_bridge_vlan *vle = ptr;
	u16 vid = *(u16 *)arg->key;

	return vle->vid != vid;
}

static const struct rhashtable_params br_vlan_rht_params = {
	.head_offset = offsetof(struct net_bridge_vlan, vnode),
	.key_offset = offsetof(struct net_bridge_vlan, vid),
	.key_len = sizeof(u16),
22 23
	.nelem_hint = 3,
	.locks_mul = 1,
24 25 26 27 28 29 30 31 32 33
	.max_size = VLAN_N_VID,
	.obj_cmpfn = br_vlan_cmp,
	.automatic_shrinking = true,
};

static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid)
{
	return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params);
}

34
static void __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid)
35
{
36
	if (vg->pvid == vid)
37 38 39
		return;

	smp_wmb();
40
	vg->pvid = vid;
41 42
}

43
static void __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid)
44
{
45
	if (vg->pvid != vid)
46 47 48
		return;

	smp_wmb();
49
	vg->pvid = 0;
50 51
}

52
static void __vlan_add_flags(struct net_bridge_vlan *v, u16 flags)
53
{
54 55 56
	struct net_bridge_vlan_group *vg;

	if (br_vlan_is_master(v))
57
		vg = br_vlan_group(v->br);
58
	else
59
		vg = nbp_vlan_group(v->port);
60 61 62 63 64

	if (flags & BRIDGE_VLAN_INFO_PVID)
		__vlan_add_pvid(vg, v->vid);
	else
		__vlan_delete_pvid(vg, v->vid);
65 66

	if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
67
		v->flags |= BRIDGE_VLAN_INFO_UNTAGGED;
68
	else
69
		v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED;
70 71
}

72 73 74
static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br,
			  u16 vid, u16 flags)
{
75
	struct switchdev_obj_port_vlan v = {
76
		.obj.orig_dev = dev,
77 78 79 80 81
		.obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
		.flags = flags,
		.vid_begin = vid,
		.vid_end = vid,
	};
82 83
	int err;

84 85
	/* Try switchdev op first. In case it is not supported, fallback to
	 * 8021q add.
86
	 */
87 88 89
	err = switchdev_port_obj_add(dev, &v.obj);
	if (err == -EOPNOTSUPP)
		return vlan_vid_add(dev, br->vlan_proto, vid);
90 91 92
	return err;
}

93
static void __vlan_add_list(struct net_bridge_vlan *v)
94
{
95
	struct net_bridge_vlan_group *vg;
96 97
	struct list_head *headp, *hpos;
	struct net_bridge_vlan *vent;
98

99 100 101 102 103 104
	if (br_vlan_is_master(v))
		vg = br_vlan_group(v->br);
	else
		vg = nbp_vlan_group(v->port);

	headp = &vg->vlan_list;
105 106 107 108 109 110
	list_for_each_prev(hpos, headp) {
		vent = list_entry(hpos, struct net_bridge_vlan, vlist);
		if (v->vid < vent->vid)
			continue;
		else
			break;
111
	}
112
	list_add_rcu(&v->vlist, hpos);
113
}
114

115 116
static void __vlan_del_list(struct net_bridge_vlan *v)
{
117
	list_del_rcu(&v->vlist);
118 119
}

120 121
static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br,
			  u16 vid)
122
{
123
	struct switchdev_obj_port_vlan v = {
124
		.obj.orig_dev = dev,
125 126 127 128 129
		.obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
		.vid_begin = vid,
		.vid_end = vid,
	};
	int err;
130

131 132
	/* Try switchdev op first. In case it is not supported, fallback to
	 * 8021q del.
133
	 */
134 135
	err = switchdev_port_obj_del(dev, &v.obj);
	if (err == -EOPNOTSUPP) {
136
		vlan_vid_del(dev, br->vlan_proto, vid);
137
		return 0;
138
	}
139
	return err;
140 141
}

142 143 144 145 146
/* Returns a master vlan, if it didn't exist it gets created. In all cases a
 * a reference is taken to the master vlan before returning.
 */
static struct net_bridge_vlan *br_vlan_get_master(struct net_bridge *br, u16 vid)
{
147
	struct net_bridge_vlan_group *vg;
148 149
	struct net_bridge_vlan *masterv;

150 151
	vg = br_vlan_group(br);
	masterv = br_vlan_find(vg, vid);
152 153 154 155
	if (!masterv) {
		/* missing global ctx, create it now */
		if (br_vlan_add(br, vid, 0))
			return NULL;
156
		masterv = br_vlan_find(vg, vid);
157 158 159 160 161 162 163 164 165 166
		if (WARN_ON(!masterv))
			return NULL;
	}
	atomic_inc(&masterv->refcnt);

	return masterv;
}

static void br_vlan_put_master(struct net_bridge_vlan *masterv)
{
167 168
	struct net_bridge_vlan_group *vg;

169 170 171
	if (!br_vlan_is_master(masterv))
		return;

172
	vg = br_vlan_group(masterv->br);
173
	if (atomic_dec_and_test(&masterv->refcnt)) {
174
		rhashtable_remove_fast(&vg->vlan_hash,
175 176 177 178 179 180
				       &masterv->vnode, br_vlan_rht_params);
		__vlan_del_list(masterv);
		kfree_rcu(masterv, rcu);
	}
}

181 182 183 184
/* This is the shared VLAN add function which works for both ports and bridge
 * devices. There are four possible calls to this function in terms of the
 * vlan entry type:
 * 1. vlan is being added on a port (no master flags, global entry exists)
185
 * 2. vlan is being added on a bridge (both master and brentry flags)
186
 * 3. vlan is being added on a port, but a global entry didn't exist which
187
 *    is being created right now (master flag set, brentry flag unset), the
188
 *    global entry is used for global per-vlan features, but not for filtering
189
 * 4. same as 3 but with both master and brentry flags set so the entry
190 191 192
 *    will be used for filtering in both the port and the bridge
 */
static int __vlan_add(struct net_bridge_vlan *v, u16 flags)
193
{
194 195
	struct net_bridge_vlan *masterv = NULL;
	struct net_bridge_port *p = NULL;
196
	struct net_bridge_vlan_group *vg;
197 198 199 200 201 202 203
	struct net_device *dev;
	struct net_bridge *br;
	int err;

	if (br_vlan_is_master(v)) {
		br = v->br;
		dev = br->dev;
204
		vg = br_vlan_group(br);
205 206 207 208
	} else {
		p = v->port;
		br = p->br;
		dev = p->dev;
209
		vg = nbp_vlan_group(p);
210 211 212 213 214 215 216 217 218 219 220 221 222
	}

	if (p) {
		/* Add VLAN to the device filter if it is supported.
		 * This ensures tagged traffic enters the bridge when
		 * promiscuous mode is disabled by br_manage_promisc().
		 */
		err = __vlan_vid_add(dev, br, v->vid, flags);
		if (err)
			goto out;

		/* need to work on the master vlan too */
		if (flags & BRIDGE_VLAN_INFO_MASTER) {
223 224
			err = br_vlan_add(br, v->vid, flags |
						      BRIDGE_VLAN_INFO_BRENTRY);
225 226 227 228
			if (err)
				goto out_filt;
		}

229 230 231
		masterv = br_vlan_get_master(br, v->vid);
		if (!masterv)
			goto out_filt;
232 233 234
		v->brvlan = masterv;
	}

235
	/* Add the dev mac and count the vlan only if it's usable */
236 237 238 239 240 241
	if (br_vlan_should_use(v)) {
		err = br_fdb_insert(br, p, dev->dev_addr, v->vid);
		if (err) {
			br_err(br, "failed insert local address into bridge forwarding table\n");
			goto out_filt;
		}
242
		vg->num_vlans++;
243 244
	}

245 246
	err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode,
					    br_vlan_rht_params);
247 248
	if (err)
		goto out_fdb_insert;
249

250 251 252 253 254 255
	__vlan_add_list(v);
	__vlan_add_flags(v, flags);
out:
	return err;

out_fdb_insert:
256 257 258 259
	if (br_vlan_should_use(v)) {
		br_fdb_find_delete_local(br, p, dev->dev_addr, v->vid);
		vg->num_vlans--;
	}
260 261 262 263 264

out_filt:
	if (p) {
		__vlan_vid_del(dev, br, v->vid);
		if (masterv) {
265
			br_vlan_put_master(masterv);
266 267 268 269 270 271 272 273 274 275
			v->brvlan = NULL;
		}
	}

	goto out;
}

static int __vlan_del(struct net_bridge_vlan *v)
{
	struct net_bridge_vlan *masterv = v;
276
	struct net_bridge_vlan_group *vg;
277 278
	struct net_bridge_port *p = NULL;
	int err = 0;
279

280
	if (br_vlan_is_master(v)) {
281
		vg = br_vlan_group(v->br);
282 283
	} else {
		p = v->port;
284
		vg = nbp_vlan_group(v->port);
285 286
		masterv = v->brvlan;
	}
287

288
	__vlan_delete_pvid(vg, v->vid);
289 290
	if (p) {
		err = __vlan_vid_del(p->dev, p->br, v->vid);
291
		if (err)
292
			goto out;
293
	}
294

295 296 297
	if (br_vlan_should_use(v)) {
		v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY;
		vg->num_vlans--;
298 299 300
	}

	if (masterv != v) {
301 302
		rhashtable_remove_fast(&vg->vlan_hash, &v->vnode,
				       br_vlan_rht_params);
303
		__vlan_del_list(v);
304 305
		kfree_rcu(v, rcu);
	}
306

307
	br_vlan_put_master(masterv);
308 309
out:
	return err;
310 311
}

312 313 314 315 316 317 318 319
static void __vlan_group_free(struct net_bridge_vlan_group *vg)
{
	WARN_ON(!list_empty(&vg->vlan_list));
	rhashtable_destroy(&vg->vlan_hash);
	kfree(vg);
}

static void __vlan_flush(struct net_bridge_vlan_group *vg)
320
{
321 322
	struct net_bridge_vlan *vlan, *tmp;

323 324
	__vlan_delete_pvid(vg, vg->pvid);
	list_for_each_entry_safe(vlan, tmp, &vg->vlan_list, vlist)
325
		__vlan_del(vlan);
326 327
}

328
struct sk_buff *br_handle_vlan(struct net_bridge *br,
329
			       struct net_bridge_vlan_group *vg,
330
			       struct sk_buff *skb)
331
{
332
	struct net_bridge_vlan *v;
333 334
	u16 vid;

335 336
	/* If this packet was not filtered at input, let it pass */
	if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
337 338
		goto out;

339 340 341 342 343 344 345
	/* At this point, we know that the frame was filtered and contains
	 * a valid vlan id.  If the vlan id has untagged flag set,
	 * send untagged; otherwise, send tagged.
	 */
	br_vlan_get_tag(skb, &vid);
	v = br_vlan_find(vg, vid);
	/* Vlan entry must be configured at this point.  The
346 347 348 349
	 * only exception is the bridge is set in promisc mode and the
	 * packet is destined for the bridge device.  In this case
	 * pass the packet as is.
	 */
350
	if (!v || !br_vlan_should_use(v)) {
351 352 353 354 355 356 357
		if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
			goto out;
		} else {
			kfree_skb(skb);
			return NULL;
		}
	}
358
	if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)
359
		skb->vlan_tci = 0;
360 361 362 363 364 365

out:
	return skb;
}

/* Called under RCU */
366
static bool __allowed_ingress(struct net_bridge_vlan_group *vg, __be16 proto,
367
			      struct sk_buff *skb, u16 *vid)
368
{
369
	const struct net_bridge_vlan *v;
370
	bool tagged;
371

372
	BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
373 374 375 376
	/* If vlan tx offload is disabled on bridge device and frame was
	 * sent from vlan device on the bridge device, it does not have
	 * HW accelerated vlan tag.
	 */
377
	if (unlikely(!skb_vlan_tag_present(skb) &&
378
		     skb->protocol == proto)) {
379
		skb = skb_vlan_untag(skb);
380 381 382 383
		if (unlikely(!skb))
			return false;
	}

384 385 386 387 388
	if (!br_vlan_get_tag(skb, vid)) {
		/* Tagged frame */
		if (skb->vlan_proto != proto) {
			/* Protocol-mismatch, empty out vlan_tci for new tag */
			skb_push(skb, ETH_HLEN);
389
			skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto,
390
							skb_vlan_tag_get(skb));
391 392 393 394 395 396 397 398 399 400 401 402 403 404 405
			if (unlikely(!skb))
				return false;

			skb_pull(skb, ETH_HLEN);
			skb_reset_mac_len(skb);
			*vid = 0;
			tagged = false;
		} else {
			tagged = true;
		}
	} else {
		/* Untagged frame */
		tagged = false;
	}

406
	if (!*vid) {
407 408
		u16 pvid = br_get_pvid(vg);

409 410 411
		/* Frame had a tag with VID 0 or did not have a tag.
		 * See if pvid is set on this port.  That tells us which
		 * vlan untagged or priority-tagged traffic belongs to.
412
		 */
V
Vlad Yasevich 已提交
413
		if (!pvid)
414
			goto drop;
415

416 417
		/* PVID is set on this port.  Any untagged or priority-tagged
		 * ingress frame is considered to belong to this vlan.
418
		 */
419
		*vid = pvid;
420
		if (likely(!tagged))
421
			/* Untagged Frame. */
422
			__vlan_hwaccel_put_tag(skb, proto, pvid);
423 424 425 426 427 428 429 430
		else
			/* Priority-tagged Frame.
			 * At this point, We know that skb->vlan_tci had
			 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
			 * We update only VID field and preserve PCP field.
			 */
			skb->vlan_tci |= pvid;

431 432 433 434
		return true;
	}

	/* Frame had a valid vlan tag.  See if vlan is allowed */
435
	v = br_vlan_find(vg, *vid);
436
	if (v && br_vlan_should_use(v))
437
		return true;
438 439
drop:
	kfree_skb(skb);
440 441 442
	return false;
}

443 444 445
bool br_allowed_ingress(const struct net_bridge *br,
			struct net_bridge_vlan_group *vg, struct sk_buff *skb,
			u16 *vid)
446 447 448 449 450 451 452 453 454
{
	/* If VLAN filtering is disabled on the bridge, all packets are
	 * permitted.
	 */
	if (!br->vlan_enabled) {
		BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
		return true;
	}

455
	return __allowed_ingress(vg, br->vlan_proto, skb, vid);
456 457
}

458
/* Called under RCU. */
459
bool br_allowed_egress(struct net_bridge_vlan_group *vg,
460 461
		       const struct sk_buff *skb)
{
462
	const struct net_bridge_vlan *v;
463 464
	u16 vid;

465 466
	/* If this packet was not filtered at input, let it pass */
	if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
467 468 469
		return true;

	br_vlan_get_tag(skb, &vid);
470 471
	v = br_vlan_find(vg, vid);
	if (v && br_vlan_should_use(v))
472 473 474 475 476
		return true;

	return false;
}

477 478 479
/* Called under RCU */
bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
{
480
	struct net_bridge_vlan_group *vg;
481 482
	struct net_bridge *br = p->br;

483
	/* If filtering was disabled at input, let it pass. */
484
	if (!br->vlan_enabled)
485 486
		return true;

487
	vg = nbp_vlan_group_rcu(p);
488
	if (!vg || !vg->num_vlans)
489 490
		return false;

491 492 493
	if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
		*vid = 0;

494
	if (!*vid) {
495
		*vid = br_get_pvid(vg);
V
Vlad Yasevich 已提交
496
		if (!*vid)
497 498 499 500 501
			return false;

		return true;
	}

502
	if (br_vlan_find(vg, *vid))
503 504 505 506 507
		return true;

	return false;
}

508 509 510
/* Must be protected by RTNL.
 * Must be called with vid in range from 1 to 4094 inclusive.
 */
511
int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
512
{
513
	struct net_bridge_vlan_group *vg;
514 515
	struct net_bridge_vlan *vlan;
	int ret;
516 517 518

	ASSERT_RTNL();

519 520
	vg = br_vlan_group(br);
	vlan = br_vlan_find(vg, vid);
521 522 523 524 525 526 527 528 529 530 531 532 533 534
	if (vlan) {
		if (!br_vlan_is_brentry(vlan)) {
			/* Trying to change flags of non-existent bridge vlan */
			if (!(flags & BRIDGE_VLAN_INFO_BRENTRY))
				return -EINVAL;
			/* It was only kept for port vlans, now make it real */
			ret = br_fdb_insert(br, NULL, br->dev->dev_addr,
					    vlan->vid);
			if (ret) {
				br_err(br, "failed insert local address into bridge forwarding table\n");
				return ret;
			}
			atomic_inc(&vlan->refcnt);
			vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY;
535
			vg->num_vlans++;
536 537 538 539
		}
		__vlan_add_flags(vlan, flags);
		return 0;
	}
540

541 542
	vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
	if (!vlan)
543 544
		return -ENOMEM;

545 546 547 548 549 550 551 552 553
	vlan->vid = vid;
	vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER;
	vlan->flags &= ~BRIDGE_VLAN_INFO_PVID;
	vlan->br = br;
	if (flags & BRIDGE_VLAN_INFO_BRENTRY)
		atomic_set(&vlan->refcnt, 1);
	ret = __vlan_add(vlan, flags);
	if (ret)
		kfree(vlan);
554

555
	return ret;
556 557
}

558 559 560
/* Must be protected by RTNL.
 * Must be called with vid in range from 1 to 4094 inclusive.
 */
561 562
int br_vlan_delete(struct net_bridge *br, u16 vid)
{
563
	struct net_bridge_vlan_group *vg;
564
	struct net_bridge_vlan *v;
565 566 567

	ASSERT_RTNL();

568 569
	vg = br_vlan_group(br);
	v = br_vlan_find(vg, vid);
570 571
	if (!v || !br_vlan_is_brentry(v))
		return -ENOENT;
572

573
	br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
574
	br_fdb_delete_by_port(br, NULL, vid, 0);
575

576
	return __vlan_del(v);
577 578 579 580
}

void br_vlan_flush(struct net_bridge *br)
{
581 582
	struct net_bridge_vlan_group *vg;

583 584
	ASSERT_RTNL();

585 586 587 588 589
	vg = br_vlan_group(br);
	__vlan_flush(vg);
	RCU_INIT_POINTER(br->vlgrp, NULL);
	synchronize_rcu();
	__vlan_group_free(vg);
590 591
}

592
struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid)
593
{
594 595
	if (!vg)
		return NULL;
596

597
	return br_vlan_lookup(&vg->vlan_hash, vid);
598 599
}

600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626
/* Must be protected by RTNL. */
static void recalculate_group_addr(struct net_bridge *br)
{
	if (br->group_addr_set)
		return;

	spin_lock_bh(&br->lock);
	if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) {
		/* Bridge Group Address */
		br->group_addr[5] = 0x00;
	} else { /* vlan_enabled && ETH_P_8021AD */
		/* Provider Bridge Group Address */
		br->group_addr[5] = 0x08;
	}
	spin_unlock_bh(&br->lock);
}

/* Must be protected by RTNL. */
void br_recalculate_fwd_mask(struct net_bridge *br)
{
	if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q))
		br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
	else /* vlan_enabled && ETH_P_8021AD */
		br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
					      ~(1u << br->group_addr[5]);
}

627
int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
628
{
629 630 631 632 633 634 635 636
	struct switchdev_attr attr = {
		.orig_dev = br->dev,
		.id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING,
		.flags = SWITCHDEV_F_SKIP_EOPNOTSUPP,
		.u.vlan_filtering = val,
	};
	int err;

637
	if (br->vlan_enabled == val)
638
		return 0;
639

640 641 642 643
	err = switchdev_port_attr_set(br->dev, &attr);
	if (err && err != -EOPNOTSUPP)
		return err;

644
	br->vlan_enabled = val;
645
	br_manage_promisc(br);
646 647
	recalculate_group_addr(br);
	br_recalculate_fwd_mask(br);
648

649 650 651 652 653
	return 0;
}

int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
{
654 655
	int err;

656 657 658
	if (!rtnl_trylock())
		return restart_syscall();

659
	err = __br_vlan_filter_toggle(br, val);
660
	rtnl_unlock();
661

662
	return err;
663 664
}

665
int __br_vlan_set_proto(struct net_bridge *br, __be16 proto)
666 667 668
{
	int err = 0;
	struct net_bridge_port *p;
669
	struct net_bridge_vlan *vlan;
670
	struct net_bridge_vlan_group *vg;
671
	__be16 oldproto;
672 673

	if (br->vlan_proto == proto)
674
		return 0;
675 676 677

	/* Add VLANs for the new proto to the device filter. */
	list_for_each_entry(p, &br->port_list, list) {
678 679
		vg = nbp_vlan_group(p);
		list_for_each_entry(vlan, &vg->vlan_list, vlist) {
680
			err = vlan_vid_add(p->dev, proto, vlan->vid);
681 682 683 684 685 686 687 688 689 690 691 692
			if (err)
				goto err_filt;
		}
	}

	oldproto = br->vlan_proto;
	br->vlan_proto = proto;

	recalculate_group_addr(br);
	br_recalculate_fwd_mask(br);

	/* Delete VLANs for the old proto from the device filter. */
693 694 695
	list_for_each_entry(p, &br->port_list, list) {
		vg = nbp_vlan_group(p);
		list_for_each_entry(vlan, &vg->vlan_list, vlist)
696
			vlan_vid_del(p->dev, oldproto, vlan->vid);
697
	}
698

699
	return 0;
700 701

err_filt:
702
	list_for_each_entry_continue_reverse(vlan, &vg->vlan_list, vlist)
703
		vlan_vid_del(p->dev, proto, vlan->vid);
704

705 706 707
	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
		vg = nbp_vlan_group(p);
		list_for_each_entry(vlan, &vg->vlan_list, vlist)
708
			vlan_vid_del(p->dev, proto, vlan->vid);
709
	}
710

711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727
	return err;
}

int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
{
	int err;

	if (val != ETH_P_8021Q && val != ETH_P_8021AD)
		return -EPROTONOSUPPORT;

	if (!rtnl_trylock())
		return restart_syscall();

	err = __br_vlan_set_proto(br, htons(val));
	rtnl_unlock();

	return err;
728 729
}

730
static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid)
731
{
732 733
	struct net_bridge_vlan *v;

734
	if (vid != vg->pvid)
735 736 737 738 739 740 741 742
		return false;

	v = br_vlan_lookup(&vg->vlan_hash, vid);
	if (v && br_vlan_should_use(v) &&
	    (v->flags & BRIDGE_VLAN_INFO_UNTAGGED))
		return true;

	return false;
743 744 745 746 747 748 749 750 751 752
}

static void br_vlan_disable_default_pvid(struct net_bridge *br)
{
	struct net_bridge_port *p;
	u16 pvid = br->default_pvid;

	/* Disable default_pvid on all ports where it is still
	 * configured.
	 */
753
	if (vlan_default_pvid(br_vlan_group(br), pvid))
754 755 756
		br_vlan_delete(br, pvid);

	list_for_each_entry(p, &br->port_list, list) {
757
		if (vlan_default_pvid(nbp_vlan_group(p), pvid))
758 759 760 761 762 763
			nbp_vlan_delete(p, pvid);
	}

	br->default_pvid = 0;
}

764
int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid)
765
{
766
	const struct net_bridge_vlan *pvent;
767
	struct net_bridge_vlan_group *vg;
768 769 770 771 772
	struct net_bridge_port *p;
	u16 old_pvid;
	int err = 0;
	unsigned long *changed;

773 774 775 776 777
	if (!pvid) {
		br_vlan_disable_default_pvid(br);
		return 0;
	}

778 779 780 781 782 783 784 785 786 787
	changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long),
			  GFP_KERNEL);
	if (!changed)
		return -ENOMEM;

	old_pvid = br->default_pvid;

	/* Update default_pvid config only if we do not conflict with
	 * user configuration.
	 */
788 789 790
	vg = br_vlan_group(br);
	pvent = br_vlan_find(vg, pvid);
	if ((!old_pvid || vlan_default_pvid(vg, old_pvid)) &&
791
	    (!pvent || !br_vlan_should_use(pvent))) {
792 793
		err = br_vlan_add(br, pvid,
				  BRIDGE_VLAN_INFO_PVID |
794 795
				  BRIDGE_VLAN_INFO_UNTAGGED |
				  BRIDGE_VLAN_INFO_BRENTRY);
796 797 798 799 800 801 802 803 804 805
		if (err)
			goto out;
		br_vlan_delete(br, old_pvid);
		set_bit(0, changed);
	}

	list_for_each_entry(p, &br->port_list, list) {
		/* Update default_pvid config only if we do not conflict with
		 * user configuration.
		 */
806
		vg = nbp_vlan_group(p);
807
		if ((old_pvid &&
808 809
		     !vlan_default_pvid(vg, old_pvid)) ||
		    br_vlan_find(vg, pvid))
810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842
			continue;

		err = nbp_vlan_add(p, pvid,
				   BRIDGE_VLAN_INFO_PVID |
				   BRIDGE_VLAN_INFO_UNTAGGED);
		if (err)
			goto err_port;
		nbp_vlan_delete(p, old_pvid);
		set_bit(p->port_no, changed);
	}

	br->default_pvid = pvid;

out:
	kfree(changed);
	return err;

err_port:
	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
		if (!test_bit(p->port_no, changed))
			continue;

		if (old_pvid)
			nbp_vlan_add(p, old_pvid,
				     BRIDGE_VLAN_INFO_PVID |
				     BRIDGE_VLAN_INFO_UNTAGGED);
		nbp_vlan_delete(p, pvid);
	}

	if (test_bit(0, changed)) {
		if (old_pvid)
			br_vlan_add(br, old_pvid,
				    BRIDGE_VLAN_INFO_PVID |
843 844
				    BRIDGE_VLAN_INFO_UNTAGGED |
				    BRIDGE_VLAN_INFO_BRENTRY);
845 846 847 848 849
		br_vlan_delete(br, pvid);
	}
	goto out;
}

850 851 852 853 854
int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val)
{
	u16 pvid = val;
	int err = 0;

855
	if (val >= VLAN_VID_MASK)
856 857 858 859 860 861 862 863 864 865 866 867 868 869
		return -EINVAL;

	if (!rtnl_trylock())
		return restart_syscall();

	if (pvid == br->default_pvid)
		goto unlock;

	/* Only allow default pvid change when filtering is disabled */
	if (br->vlan_enabled) {
		pr_info_once("Please disable vlan filtering to change default_pvid\n");
		err = -EPERM;
		goto unlock;
	}
870
	err = __br_vlan_set_default_pvid(br, pvid);
871 872 873 874 875
unlock:
	rtnl_unlock();
	return err;
}

876
int br_vlan_init(struct net_bridge *br)
877
{
878
	struct net_bridge_vlan_group *vg;
879 880
	int ret = -ENOMEM;

881 882
	vg = kzalloc(sizeof(*vg), GFP_KERNEL);
	if (!vg)
883
		goto out;
884
	ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
885 886
	if (ret)
		goto err_rhtbl;
887
	INIT_LIST_HEAD(&vg->vlan_list);
888
	br->vlan_proto = htons(ETH_P_8021Q);
889
	br->default_pvid = 1;
890
	rcu_assign_pointer(br->vlgrp, vg);
891 892 893 894 895 896 897 898 899 900
	ret = br_vlan_add(br, 1,
			  BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED |
			  BRIDGE_VLAN_INFO_BRENTRY);
	if (ret)
		goto err_vlan_add;

out:
	return ret;

err_vlan_add:
901
	rhashtable_destroy(&vg->vlan_hash);
902
err_rhtbl:
903
	kfree(vg);
904 905 906 907 908 909

	goto out;
}

int nbp_vlan_init(struct net_bridge_port *p)
{
910 911 912 913 914 915
	struct switchdev_attr attr = {
		.orig_dev = p->br->dev,
		.id = SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING,
		.flags = SWITCHDEV_F_SKIP_EOPNOTSUPP,
		.u.vlan_filtering = p->br->vlan_enabled,
	};
916
	struct net_bridge_vlan_group *vg;
917 918
	int ret = -ENOMEM;

919 920
	vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL);
	if (!vg)
921 922
		goto out;

923 924 925 926
	ret = switchdev_port_attr_set(p->dev, &attr);
	if (ret && ret != -EOPNOTSUPP)
		goto err_vlan_enabled;

927
	ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
928 929
	if (ret)
		goto err_rhtbl;
930
	INIT_LIST_HEAD(&vg->vlan_list);
931
	rcu_assign_pointer(p->vlgrp, vg);
932 933 934 935 936 937 938 939 940 941 942
	if (p->br->default_pvid) {
		ret = nbp_vlan_add(p, p->br->default_pvid,
				   BRIDGE_VLAN_INFO_PVID |
				   BRIDGE_VLAN_INFO_UNTAGGED);
		if (ret)
			goto err_vlan_add;
	}
out:
	return ret;

err_vlan_add:
943 944
	RCU_INIT_POINTER(p->vlgrp, NULL);
	synchronize_rcu();
945
	rhashtable_destroy(&vg->vlan_hash);
946
err_vlan_enabled:
947
err_rhtbl:
948
	kfree(vg);
949 950

	goto out;
951 952
}

953 954 955
/* Must be protected by RTNL.
 * Must be called with vid in range from 1 to 4094 inclusive.
 */
956
int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
957
{
958 959 960 961 962 963 964
	struct switchdev_obj_port_vlan v = {
		.obj.orig_dev = port->dev,
		.obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
		.flags = flags,
		.vid_begin = vid,
		.vid_end = vid,
	};
965 966
	struct net_bridge_vlan *vlan;
	int ret;
967 968 969

	ASSERT_RTNL();

970
	vlan = br_vlan_find(nbp_vlan_group(port), vid);
971
	if (vlan) {
972 973 974 975
		/* Pass the flags to the hardware bridge */
		ret = switchdev_port_obj_add(port->dev, &v.obj);
		if (ret && ret != -EOPNOTSUPP)
			return ret;
976 977
		__vlan_add_flags(vlan, flags);
		return 0;
978 979
	}

980 981 982
	vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
	if (!vlan)
		return -ENOMEM;
983

984 985 986 987 988
	vlan->vid = vid;
	vlan->port = port;
	ret = __vlan_add(vlan, flags);
	if (ret)
		kfree(vlan);
989

990
	return ret;
991 992
}

993 994 995
/* Must be protected by RTNL.
 * Must be called with vid in range from 1 to 4094 inclusive.
 */
996 997
int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
{
998
	struct net_bridge_vlan *v;
999 1000 1001

	ASSERT_RTNL();

1002
	v = br_vlan_find(nbp_vlan_group(port), vid);
1003 1004
	if (!v)
		return -ENOENT;
1005
	br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
1006
	br_fdb_delete_by_port(port->br, port, vid, 0);
1007

1008
	return __vlan_del(v);
1009 1010 1011 1012
}

void nbp_vlan_flush(struct net_bridge_port *port)
{
1013 1014
	struct net_bridge_vlan_group *vg;

1015 1016
	ASSERT_RTNL();

1017 1018 1019 1020 1021
	vg = nbp_vlan_group(port);
	__vlan_flush(vg);
	RCU_INIT_POINTER(port->vlgrp, NULL);
	synchronize_rcu();
	__vlan_group_free(vg);
1022
}