br_vlan.c 21.7 KB
Newer Older
1 2 3 4
#include <linux/kernel.h>
#include <linux/netdevice.h>
#include <linux/rtnetlink.h>
#include <linux/slab.h>
5
#include <net/switchdev.h>
6 7 8

#include "br_private.h"

9 10
static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg,
			      const void *ptr)
11
{
12 13 14 15 16 17 18 19 20 21
	const struct net_bridge_vlan *vle = ptr;
	u16 vid = *(u16 *)arg->key;

	return vle->vid != vid;
}

static const struct rhashtable_params br_vlan_rht_params = {
	.head_offset = offsetof(struct net_bridge_vlan, vnode),
	.key_offset = offsetof(struct net_bridge_vlan, vid),
	.key_len = sizeof(u16),
22 23
	.nelem_hint = 3,
	.locks_mul = 1,
24 25 26 27 28 29 30 31 32 33
	.max_size = VLAN_N_VID,
	.obj_cmpfn = br_vlan_cmp,
	.automatic_shrinking = true,
};

static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid)
{
	return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params);
}

34
static void __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid)
35
{
36
	if (vg->pvid == vid)
37 38 39
		return;

	smp_wmb();
40
	vg->pvid = vid;
41 42
}

43
static void __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid)
44
{
45
	if (vg->pvid != vid)
46 47 48
		return;

	smp_wmb();
49
	vg->pvid = 0;
50 51
}

52
static void __vlan_add_flags(struct net_bridge_vlan *v, u16 flags)
53
{
54 55 56
	struct net_bridge_vlan_group *vg;

	if (br_vlan_is_master(v))
57
		vg = br_vlan_group(v->br);
58
	else
59
		vg = nbp_vlan_group(v->port);
60 61 62 63 64

	if (flags & BRIDGE_VLAN_INFO_PVID)
		__vlan_add_pvid(vg, v->vid);
	else
		__vlan_delete_pvid(vg, v->vid);
65 66

	if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
67
		v->flags |= BRIDGE_VLAN_INFO_UNTAGGED;
68
	else
69
		v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED;
70 71
}

72 73 74
static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br,
			  u16 vid, u16 flags)
{
75
	struct switchdev_obj_port_vlan v = {
76
		.obj.orig_dev = dev,
77 78 79 80 81
		.obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
		.flags = flags,
		.vid_begin = vid,
		.vid_end = vid,
	};
82 83
	int err;

84 85
	/* Try switchdev op first. In case it is not supported, fallback to
	 * 8021q add.
86
	 */
87 88 89
	err = switchdev_port_obj_add(dev, &v.obj);
	if (err == -EOPNOTSUPP)
		return vlan_vid_add(dev, br->vlan_proto, vid);
90 91 92
	return err;
}

93
static void __vlan_add_list(struct net_bridge_vlan *v)
94
{
95
	struct net_bridge_vlan_group *vg;
96 97
	struct list_head *headp, *hpos;
	struct net_bridge_vlan *vent;
98

99 100 101 102 103 104
	if (br_vlan_is_master(v))
		vg = br_vlan_group(v->br);
	else
		vg = nbp_vlan_group(v->port);

	headp = &vg->vlan_list;
105 106 107 108 109 110
	list_for_each_prev(hpos, headp) {
		vent = list_entry(hpos, struct net_bridge_vlan, vlist);
		if (v->vid < vent->vid)
			continue;
		else
			break;
111
	}
112
	list_add_rcu(&v->vlist, hpos);
113
}
114

115 116
static void __vlan_del_list(struct net_bridge_vlan *v)
{
117
	list_del_rcu(&v->vlist);
118 119
}

120 121
static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br,
			  u16 vid)
122
{
123
	struct switchdev_obj_port_vlan v = {
124
		.obj.orig_dev = dev,
125 126 127 128 129
		.obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
		.vid_begin = vid,
		.vid_end = vid,
	};
	int err;
130

131 132
	/* Try switchdev op first. In case it is not supported, fallback to
	 * 8021q del.
133
	 */
134 135
	err = switchdev_port_obj_del(dev, &v.obj);
	if (err == -EOPNOTSUPP) {
136
		vlan_vid_del(dev, br->vlan_proto, vid);
137
		return 0;
138
	}
139
	return err;
140 141
}

142 143 144 145 146
/* Returns a master vlan, if it didn't exist it gets created. In all cases a
 * a reference is taken to the master vlan before returning.
 */
static struct net_bridge_vlan *br_vlan_get_master(struct net_bridge *br, u16 vid)
{
147
	struct net_bridge_vlan_group *vg;
148 149
	struct net_bridge_vlan *masterv;

150 151
	vg = br_vlan_group(br);
	masterv = br_vlan_find(vg, vid);
152 153 154 155
	if (!masterv) {
		/* missing global ctx, create it now */
		if (br_vlan_add(br, vid, 0))
			return NULL;
156
		masterv = br_vlan_find(vg, vid);
157 158 159 160 161 162 163 164 165 166
		if (WARN_ON(!masterv))
			return NULL;
	}
	atomic_inc(&masterv->refcnt);

	return masterv;
}

static void br_vlan_put_master(struct net_bridge_vlan *masterv)
{
167 168
	struct net_bridge_vlan_group *vg;

169 170 171
	if (!br_vlan_is_master(masterv))
		return;

172
	vg = br_vlan_group(masterv->br);
173
	if (atomic_dec_and_test(&masterv->refcnt)) {
174
		rhashtable_remove_fast(&vg->vlan_hash,
175 176 177 178 179 180
				       &masterv->vnode, br_vlan_rht_params);
		__vlan_del_list(masterv);
		kfree_rcu(masterv, rcu);
	}
}

181 182 183 184
/* This is the shared VLAN add function which works for both ports and bridge
 * devices. There are four possible calls to this function in terms of the
 * vlan entry type:
 * 1. vlan is being added on a port (no master flags, global entry exists)
185
 * 2. vlan is being added on a bridge (both master and brentry flags)
186
 * 3. vlan is being added on a port, but a global entry didn't exist which
187
 *    is being created right now (master flag set, brentry flag unset), the
188
 *    global entry is used for global per-vlan features, but not for filtering
189
 * 4. same as 3 but with both master and brentry flags set so the entry
190 191 192
 *    will be used for filtering in both the port and the bridge
 */
static int __vlan_add(struct net_bridge_vlan *v, u16 flags)
193
{
194 195
	struct net_bridge_vlan *masterv = NULL;
	struct net_bridge_port *p = NULL;
196
	struct net_bridge_vlan_group *vg;
197 198 199 200 201 202 203
	struct net_device *dev;
	struct net_bridge *br;
	int err;

	if (br_vlan_is_master(v)) {
		br = v->br;
		dev = br->dev;
204
		vg = br_vlan_group(br);
205 206 207 208
	} else {
		p = v->port;
		br = p->br;
		dev = p->dev;
209
		vg = nbp_vlan_group(p);
210 211 212 213 214 215 216 217 218 219 220 221 222
	}

	if (p) {
		/* Add VLAN to the device filter if it is supported.
		 * This ensures tagged traffic enters the bridge when
		 * promiscuous mode is disabled by br_manage_promisc().
		 */
		err = __vlan_vid_add(dev, br, v->vid, flags);
		if (err)
			goto out;

		/* need to work on the master vlan too */
		if (flags & BRIDGE_VLAN_INFO_MASTER) {
223 224
			err = br_vlan_add(br, v->vid, flags |
						      BRIDGE_VLAN_INFO_BRENTRY);
225 226 227 228
			if (err)
				goto out_filt;
		}

229 230 231
		masterv = br_vlan_get_master(br, v->vid);
		if (!masterv)
			goto out_filt;
232 233 234
		v->brvlan = masterv;
	}

235
	/* Add the dev mac and count the vlan only if it's usable */
236 237 238 239 240 241
	if (br_vlan_should_use(v)) {
		err = br_fdb_insert(br, p, dev->dev_addr, v->vid);
		if (err) {
			br_err(br, "failed insert local address into bridge forwarding table\n");
			goto out_filt;
		}
242
		vg->num_vlans++;
243 244
	}

245 246
	err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode,
					    br_vlan_rht_params);
247 248
	if (err)
		goto out_fdb_insert;
249

250 251 252 253 254 255
	__vlan_add_list(v);
	__vlan_add_flags(v, flags);
out:
	return err;

out_fdb_insert:
256 257 258 259
	if (br_vlan_should_use(v)) {
		br_fdb_find_delete_local(br, p, dev->dev_addr, v->vid);
		vg->num_vlans--;
	}
260 261 262 263 264

out_filt:
	if (p) {
		__vlan_vid_del(dev, br, v->vid);
		if (masterv) {
265
			br_vlan_put_master(masterv);
266 267 268 269 270 271 272 273 274 275
			v->brvlan = NULL;
		}
	}

	goto out;
}

static int __vlan_del(struct net_bridge_vlan *v)
{
	struct net_bridge_vlan *masterv = v;
276
	struct net_bridge_vlan_group *vg;
277 278
	struct net_bridge_port *p = NULL;
	int err = 0;
279

280
	if (br_vlan_is_master(v)) {
281
		vg = br_vlan_group(v->br);
282 283
	} else {
		p = v->port;
284
		vg = nbp_vlan_group(v->port);
285 286
		masterv = v->brvlan;
	}
287

288
	__vlan_delete_pvid(vg, v->vid);
289 290
	if (p) {
		err = __vlan_vid_del(p->dev, p->br, v->vid);
291
		if (err)
292
			goto out;
293
	}
294

295 296 297
	if (br_vlan_should_use(v)) {
		v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY;
		vg->num_vlans--;
298 299 300
	}

	if (masterv != v) {
301 302
		rhashtable_remove_fast(&vg->vlan_hash, &v->vnode,
				       br_vlan_rht_params);
303
		__vlan_del_list(v);
304 305
		kfree_rcu(v, rcu);
	}
306

307
	br_vlan_put_master(masterv);
308 309
out:
	return err;
310 311
}

312 313 314 315 316 317 318 319
static void __vlan_group_free(struct net_bridge_vlan_group *vg)
{
	WARN_ON(!list_empty(&vg->vlan_list));
	rhashtable_destroy(&vg->vlan_hash);
	kfree(vg);
}

static void __vlan_flush(struct net_bridge_vlan_group *vg)
320
{
321 322
	struct net_bridge_vlan *vlan, *tmp;

323 324
	__vlan_delete_pvid(vg, vg->pvid);
	list_for_each_entry_safe(vlan, tmp, &vg->vlan_list, vlist)
325
		__vlan_del(vlan);
326 327
}

328
struct sk_buff *br_handle_vlan(struct net_bridge *br,
329
			       struct net_bridge_vlan_group *vg,
330
			       struct sk_buff *skb)
331
{
332
	struct net_bridge_vlan *v;
333 334
	u16 vid;

335 336
	/* If this packet was not filtered at input, let it pass */
	if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
337 338
		goto out;

339 340 341 342 343 344 345
	/* At this point, we know that the frame was filtered and contains
	 * a valid vlan id.  If the vlan id has untagged flag set,
	 * send untagged; otherwise, send tagged.
	 */
	br_vlan_get_tag(skb, &vid);
	v = br_vlan_find(vg, vid);
	/* Vlan entry must be configured at this point.  The
346 347 348 349
	 * only exception is the bridge is set in promisc mode and the
	 * packet is destined for the bridge device.  In this case
	 * pass the packet as is.
	 */
350
	if (!v || !br_vlan_should_use(v)) {
351 352 353 354 355 356 357
		if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
			goto out;
		} else {
			kfree_skb(skb);
			return NULL;
		}
	}
358
	if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)
359
		skb->vlan_tci = 0;
360 361 362 363 364 365

out:
	return skb;
}

/* Called under RCU */
366
static bool __allowed_ingress(struct net_bridge_vlan_group *vg, __be16 proto,
367
			      struct sk_buff *skb, u16 *vid)
368
{
369
	const struct net_bridge_vlan *v;
370
	bool tagged;
371

372
	BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
373 374 375 376
	/* If vlan tx offload is disabled on bridge device and frame was
	 * sent from vlan device on the bridge device, it does not have
	 * HW accelerated vlan tag.
	 */
377
	if (unlikely(!skb_vlan_tag_present(skb) &&
378
		     skb->protocol == proto)) {
379
		skb = skb_vlan_untag(skb);
380 381 382 383
		if (unlikely(!skb))
			return false;
	}

384 385 386 387 388
	if (!br_vlan_get_tag(skb, vid)) {
		/* Tagged frame */
		if (skb->vlan_proto != proto) {
			/* Protocol-mismatch, empty out vlan_tci for new tag */
			skb_push(skb, ETH_HLEN);
389
			skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto,
390
							skb_vlan_tag_get(skb));
391 392 393 394 395 396 397 398 399 400 401 402 403 404 405
			if (unlikely(!skb))
				return false;

			skb_pull(skb, ETH_HLEN);
			skb_reset_mac_len(skb);
			*vid = 0;
			tagged = false;
		} else {
			tagged = true;
		}
	} else {
		/* Untagged frame */
		tagged = false;
	}

406
	if (!*vid) {
407 408
		u16 pvid = br_get_pvid(vg);

409 410 411
		/* Frame had a tag with VID 0 or did not have a tag.
		 * See if pvid is set on this port.  That tells us which
		 * vlan untagged or priority-tagged traffic belongs to.
412
		 */
V
Vlad Yasevich 已提交
413
		if (!pvid)
414
			goto drop;
415

416 417
		/* PVID is set on this port.  Any untagged or priority-tagged
		 * ingress frame is considered to belong to this vlan.
418
		 */
419
		*vid = pvid;
420
		if (likely(!tagged))
421
			/* Untagged Frame. */
422
			__vlan_hwaccel_put_tag(skb, proto, pvid);
423 424 425 426 427 428 429 430
		else
			/* Priority-tagged Frame.
			 * At this point, We know that skb->vlan_tci had
			 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
			 * We update only VID field and preserve PCP field.
			 */
			skb->vlan_tci |= pvid;

431 432 433 434
		return true;
	}

	/* Frame had a valid vlan tag.  See if vlan is allowed */
435
	v = br_vlan_find(vg, *vid);
436
	if (v && br_vlan_should_use(v))
437
		return true;
438 439
drop:
	kfree_skb(skb);
440 441 442
	return false;
}

443 444 445
bool br_allowed_ingress(const struct net_bridge *br,
			struct net_bridge_vlan_group *vg, struct sk_buff *skb,
			u16 *vid)
446 447 448 449 450 451 452 453 454
{
	/* If VLAN filtering is disabled on the bridge, all packets are
	 * permitted.
	 */
	if (!br->vlan_enabled) {
		BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
		return true;
	}

455
	return __allowed_ingress(vg, br->vlan_proto, skb, vid);
456 457
}

458
/* Called under RCU. */
459
bool br_allowed_egress(struct net_bridge_vlan_group *vg,
460 461
		       const struct sk_buff *skb)
{
462
	const struct net_bridge_vlan *v;
463 464
	u16 vid;

465 466
	/* If this packet was not filtered at input, let it pass */
	if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
467 468 469
		return true;

	br_vlan_get_tag(skb, &vid);
470 471
	v = br_vlan_find(vg, vid);
	if (v && br_vlan_should_use(v))
472 473 474 475 476
		return true;

	return false;
}

477 478 479
/* Called under RCU */
bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
{
480
	struct net_bridge_vlan_group *vg;
481 482
	struct net_bridge *br = p->br;

483
	/* If filtering was disabled at input, let it pass. */
484
	if (!br->vlan_enabled)
485 486
		return true;

487
	vg = nbp_vlan_group_rcu(p);
488
	if (!vg || !vg->num_vlans)
489 490
		return false;

491 492 493
	if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
		*vid = 0;

494
	if (!*vid) {
495
		*vid = br_get_pvid(vg);
V
Vlad Yasevich 已提交
496
		if (!*vid)
497 498 499 500 501
			return false;

		return true;
	}

502
	if (br_vlan_find(vg, *vid))
503 504 505 506 507
		return true;

	return false;
}

508 509 510
/* Must be protected by RTNL.
 * Must be called with vid in range from 1 to 4094 inclusive.
 */
511
int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
512
{
513
	struct net_bridge_vlan_group *vg;
514 515
	struct net_bridge_vlan *vlan;
	int ret;
516 517 518

	ASSERT_RTNL();

519 520
	vg = br_vlan_group(br);
	vlan = br_vlan_find(vg, vid);
521 522 523 524 525 526 527 528 529 530 531 532 533 534
	if (vlan) {
		if (!br_vlan_is_brentry(vlan)) {
			/* Trying to change flags of non-existent bridge vlan */
			if (!(flags & BRIDGE_VLAN_INFO_BRENTRY))
				return -EINVAL;
			/* It was only kept for port vlans, now make it real */
			ret = br_fdb_insert(br, NULL, br->dev->dev_addr,
					    vlan->vid);
			if (ret) {
				br_err(br, "failed insert local address into bridge forwarding table\n");
				return ret;
			}
			atomic_inc(&vlan->refcnt);
			vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY;
535
			vg->num_vlans++;
536 537 538 539
		}
		__vlan_add_flags(vlan, flags);
		return 0;
	}
540

541 542
	vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
	if (!vlan)
543 544
		return -ENOMEM;

545 546 547 548 549 550 551 552 553
	vlan->vid = vid;
	vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER;
	vlan->flags &= ~BRIDGE_VLAN_INFO_PVID;
	vlan->br = br;
	if (flags & BRIDGE_VLAN_INFO_BRENTRY)
		atomic_set(&vlan->refcnt, 1);
	ret = __vlan_add(vlan, flags);
	if (ret)
		kfree(vlan);
554

555
	return ret;
556 557
}

558 559 560
/* Must be protected by RTNL.
 * Must be called with vid in range from 1 to 4094 inclusive.
 */
561 562
int br_vlan_delete(struct net_bridge *br, u16 vid)
{
563
	struct net_bridge_vlan_group *vg;
564
	struct net_bridge_vlan *v;
565 566 567

	ASSERT_RTNL();

568 569
	vg = br_vlan_group(br);
	v = br_vlan_find(vg, vid);
570 571
	if (!v || !br_vlan_is_brentry(v))
		return -ENOENT;
572

573
	br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
574
	br_fdb_delete_by_port(br, NULL, vid, 0);
575

576
	return __vlan_del(v);
577 578 579 580
}

void br_vlan_flush(struct net_bridge *br)
{
581 582
	struct net_bridge_vlan_group *vg;

583 584
	ASSERT_RTNL();

585 586 587 588 589
	vg = br_vlan_group(br);
	__vlan_flush(vg);
	RCU_INIT_POINTER(br->vlgrp, NULL);
	synchronize_rcu();
	__vlan_group_free(vg);
590 591
}

592
struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid)
593
{
594 595
	if (!vg)
		return NULL;
596

597
	return br_vlan_lookup(&vg->vlan_hash, vid);
598 599
}

600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626
/* Must be protected by RTNL. */
static void recalculate_group_addr(struct net_bridge *br)
{
	if (br->group_addr_set)
		return;

	spin_lock_bh(&br->lock);
	if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) {
		/* Bridge Group Address */
		br->group_addr[5] = 0x00;
	} else { /* vlan_enabled && ETH_P_8021AD */
		/* Provider Bridge Group Address */
		br->group_addr[5] = 0x08;
	}
	spin_unlock_bh(&br->lock);
}

/* Must be protected by RTNL. */
void br_recalculate_fwd_mask(struct net_bridge *br)
{
	if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q))
		br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
	else /* vlan_enabled && ETH_P_8021AD */
		br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
					      ~(1u << br->group_addr[5]);
}

627
int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
628 629
{
	if (br->vlan_enabled == val)
630
		return 0;
631 632

	br->vlan_enabled = val;
633
	br_manage_promisc(br);
634 635
	recalculate_group_addr(br);
	br_recalculate_fwd_mask(br);
636

637 638 639 640 641 642 643 644 645
	return 0;
}

int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
{
	if (!rtnl_trylock())
		return restart_syscall();

	__br_vlan_filter_toggle(br, val);
646
	rtnl_unlock();
647

648 649 650
	return 0;
}

651
int __br_vlan_set_proto(struct net_bridge *br, __be16 proto)
652 653 654
{
	int err = 0;
	struct net_bridge_port *p;
655
	struct net_bridge_vlan *vlan;
656
	struct net_bridge_vlan_group *vg;
657
	__be16 oldproto;
658 659

	if (br->vlan_proto == proto)
660
		return 0;
661 662 663

	/* Add VLANs for the new proto to the device filter. */
	list_for_each_entry(p, &br->port_list, list) {
664 665
		vg = nbp_vlan_group(p);
		list_for_each_entry(vlan, &vg->vlan_list, vlist) {
666
			err = vlan_vid_add(p->dev, proto, vlan->vid);
667 668 669 670 671 672 673 674 675 676 677 678
			if (err)
				goto err_filt;
		}
	}

	oldproto = br->vlan_proto;
	br->vlan_proto = proto;

	recalculate_group_addr(br);
	br_recalculate_fwd_mask(br);

	/* Delete VLANs for the old proto from the device filter. */
679 680 681
	list_for_each_entry(p, &br->port_list, list) {
		vg = nbp_vlan_group(p);
		list_for_each_entry(vlan, &vg->vlan_list, vlist)
682
			vlan_vid_del(p->dev, oldproto, vlan->vid);
683
	}
684

685
	return 0;
686 687

err_filt:
688
	list_for_each_entry_continue_reverse(vlan, &vg->vlan_list, vlist)
689
		vlan_vid_del(p->dev, proto, vlan->vid);
690

691 692 693
	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
		vg = nbp_vlan_group(p);
		list_for_each_entry(vlan, &vg->vlan_list, vlist)
694
			vlan_vid_del(p->dev, proto, vlan->vid);
695
	}
696

697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713
	return err;
}

int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
{
	int err;

	if (val != ETH_P_8021Q && val != ETH_P_8021AD)
		return -EPROTONOSUPPORT;

	if (!rtnl_trylock())
		return restart_syscall();

	err = __br_vlan_set_proto(br, htons(val));
	rtnl_unlock();

	return err;
714 715
}

716
static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid)
717
{
718 719
	struct net_bridge_vlan *v;

720
	if (vid != vg->pvid)
721 722 723 724 725 726 727 728
		return false;

	v = br_vlan_lookup(&vg->vlan_hash, vid);
	if (v && br_vlan_should_use(v) &&
	    (v->flags & BRIDGE_VLAN_INFO_UNTAGGED))
		return true;

	return false;
729 730 731 732 733 734 735 736 737 738
}

static void br_vlan_disable_default_pvid(struct net_bridge *br)
{
	struct net_bridge_port *p;
	u16 pvid = br->default_pvid;

	/* Disable default_pvid on all ports where it is still
	 * configured.
	 */
739
	if (vlan_default_pvid(br_vlan_group(br), pvid))
740 741 742
		br_vlan_delete(br, pvid);

	list_for_each_entry(p, &br->port_list, list) {
743
		if (vlan_default_pvid(nbp_vlan_group(p), pvid))
744 745 746 747 748 749
			nbp_vlan_delete(p, pvid);
	}

	br->default_pvid = 0;
}

750
int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid)
751
{
752
	const struct net_bridge_vlan *pvent;
753
	struct net_bridge_vlan_group *vg;
754 755 756 757 758
	struct net_bridge_port *p;
	u16 old_pvid;
	int err = 0;
	unsigned long *changed;

759 760 761 762 763
	if (!pvid) {
		br_vlan_disable_default_pvid(br);
		return 0;
	}

764 765 766 767 768 769 770 771 772 773
	changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long),
			  GFP_KERNEL);
	if (!changed)
		return -ENOMEM;

	old_pvid = br->default_pvid;

	/* Update default_pvid config only if we do not conflict with
	 * user configuration.
	 */
774 775 776
	vg = br_vlan_group(br);
	pvent = br_vlan_find(vg, pvid);
	if ((!old_pvid || vlan_default_pvid(vg, old_pvid)) &&
777
	    (!pvent || !br_vlan_should_use(pvent))) {
778 779
		err = br_vlan_add(br, pvid,
				  BRIDGE_VLAN_INFO_PVID |
780 781
				  BRIDGE_VLAN_INFO_UNTAGGED |
				  BRIDGE_VLAN_INFO_BRENTRY);
782 783 784 785 786 787 788 789 790 791
		if (err)
			goto out;
		br_vlan_delete(br, old_pvid);
		set_bit(0, changed);
	}

	list_for_each_entry(p, &br->port_list, list) {
		/* Update default_pvid config only if we do not conflict with
		 * user configuration.
		 */
792
		vg = nbp_vlan_group(p);
793
		if ((old_pvid &&
794 795
		     !vlan_default_pvid(vg, old_pvid)) ||
		    br_vlan_find(vg, pvid))
796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828
			continue;

		err = nbp_vlan_add(p, pvid,
				   BRIDGE_VLAN_INFO_PVID |
				   BRIDGE_VLAN_INFO_UNTAGGED);
		if (err)
			goto err_port;
		nbp_vlan_delete(p, old_pvid);
		set_bit(p->port_no, changed);
	}

	br->default_pvid = pvid;

out:
	kfree(changed);
	return err;

err_port:
	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
		if (!test_bit(p->port_no, changed))
			continue;

		if (old_pvid)
			nbp_vlan_add(p, old_pvid,
				     BRIDGE_VLAN_INFO_PVID |
				     BRIDGE_VLAN_INFO_UNTAGGED);
		nbp_vlan_delete(p, pvid);
	}

	if (test_bit(0, changed)) {
		if (old_pvid)
			br_vlan_add(br, old_pvid,
				    BRIDGE_VLAN_INFO_PVID |
829 830
				    BRIDGE_VLAN_INFO_UNTAGGED |
				    BRIDGE_VLAN_INFO_BRENTRY);
831 832 833 834 835
		br_vlan_delete(br, pvid);
	}
	goto out;
}

836 837 838 839 840
int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val)
{
	u16 pvid = val;
	int err = 0;

841
	if (val >= VLAN_VID_MASK)
842 843 844 845 846 847 848 849 850 851 852 853 854 855
		return -EINVAL;

	if (!rtnl_trylock())
		return restart_syscall();

	if (pvid == br->default_pvid)
		goto unlock;

	/* Only allow default pvid change when filtering is disabled */
	if (br->vlan_enabled) {
		pr_info_once("Please disable vlan filtering to change default_pvid\n");
		err = -EPERM;
		goto unlock;
	}
856
	err = __br_vlan_set_default_pvid(br, pvid);
857 858 859 860 861
unlock:
	rtnl_unlock();
	return err;
}

862
int br_vlan_init(struct net_bridge *br)
863
{
864
	struct net_bridge_vlan_group *vg;
865 866
	int ret = -ENOMEM;

867 868
	vg = kzalloc(sizeof(*vg), GFP_KERNEL);
	if (!vg)
869
		goto out;
870
	ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
871 872
	if (ret)
		goto err_rhtbl;
873
	INIT_LIST_HEAD(&vg->vlan_list);
874
	br->vlan_proto = htons(ETH_P_8021Q);
875
	br->default_pvid = 1;
876
	rcu_assign_pointer(br->vlgrp, vg);
877 878 879 880 881 882 883 884 885 886
	ret = br_vlan_add(br, 1,
			  BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED |
			  BRIDGE_VLAN_INFO_BRENTRY);
	if (ret)
		goto err_vlan_add;

out:
	return ret;

err_vlan_add:
887
	rhashtable_destroy(&vg->vlan_hash);
888
err_rhtbl:
889
	kfree(vg);
890 891 892 893 894 895

	goto out;
}

int nbp_vlan_init(struct net_bridge_port *p)
{
896
	struct net_bridge_vlan_group *vg;
897 898
	int ret = -ENOMEM;

899 900
	vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL);
	if (!vg)
901 902
		goto out;

903
	ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
904 905
	if (ret)
		goto err_rhtbl;
906
	INIT_LIST_HEAD(&vg->vlan_list);
907
	rcu_assign_pointer(p->vlgrp, vg);
908 909 910 911 912 913 914 915 916 917 918
	if (p->br->default_pvid) {
		ret = nbp_vlan_add(p, p->br->default_pvid,
				   BRIDGE_VLAN_INFO_PVID |
				   BRIDGE_VLAN_INFO_UNTAGGED);
		if (ret)
			goto err_vlan_add;
	}
out:
	return ret;

err_vlan_add:
919 920
	RCU_INIT_POINTER(p->vlgrp, NULL);
	synchronize_rcu();
921
	rhashtable_destroy(&vg->vlan_hash);
922
err_rhtbl:
923
	kfree(vg);
924 925

	goto out;
926 927
}

928 929 930
/* Must be protected by RTNL.
 * Must be called with vid in range from 1 to 4094 inclusive.
 */
931
int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
932
{
933 934
	struct net_bridge_vlan *vlan;
	int ret;
935 936 937

	ASSERT_RTNL();

938
	vlan = br_vlan_find(nbp_vlan_group(port), vid);
939 940 941
	if (vlan) {
		__vlan_add_flags(vlan, flags);
		return 0;
942 943
	}

944 945 946
	vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
	if (!vlan)
		return -ENOMEM;
947

948 949 950 951 952
	vlan->vid = vid;
	vlan->port = port;
	ret = __vlan_add(vlan, flags);
	if (ret)
		kfree(vlan);
953

954
	return ret;
955 956
}

957 958 959
/* Must be protected by RTNL.
 * Must be called with vid in range from 1 to 4094 inclusive.
 */
960 961
int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
{
962
	struct net_bridge_vlan *v;
963 964 965

	ASSERT_RTNL();

966
	v = br_vlan_find(nbp_vlan_group(port), vid);
967 968
	if (!v)
		return -ENOENT;
969
	br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
970
	br_fdb_delete_by_port(port->br, port, vid, 0);
971

972
	return __vlan_del(v);
973 974 975 976
}

void nbp_vlan_flush(struct net_bridge_port *port)
{
977 978
	struct net_bridge_vlan_group *vg;

979 980
	ASSERT_RTNL();

981 982 983 984 985
	vg = nbp_vlan_group(port);
	__vlan_flush(vg);
	RCU_INIT_POINTER(port->vlgrp, NULL);
	synchronize_rcu();
	__vlan_group_free(vg);
986
}