1#include <linux/kernel.h>
2#include <linux/netdevice.h>
3#include <linux/rtnetlink.h>
4#include <linux/slab.h>
5
6#include "br_private.h"
7
8static void __vlan_add_pvid(struct net_port_vlans *v, u16 vid)
9{
10	if (v->pvid == vid)
11		return;
12
13	smp_wmb();
14	v->pvid = vid;
15}
16
17static void __vlan_delete_pvid(struct net_port_vlans *v, u16 vid)
18{
19	if (v->pvid != vid)
20		return;
21
22	smp_wmb();
23	v->pvid = 0;
24}
25
26static void __vlan_add_flags(struct net_port_vlans *v, u16 vid, u16 flags)
27{
28	if (flags & BRIDGE_VLAN_INFO_PVID)
29		__vlan_add_pvid(v, vid);
30	else
31		__vlan_delete_pvid(v, vid);
32
33	if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
34		set_bit(vid, v->untagged_bitmap);
35	else
36		clear_bit(vid, v->untagged_bitmap);
37}
38
39static int __vlan_add(struct net_port_vlans *v, u16 vid, u16 flags)
40{
41	struct net_bridge_port *p = NULL;
42	struct net_bridge *br;
43	struct net_device *dev;
44	int err;
45
46	if (test_bit(vid, v->vlan_bitmap)) {
47		__vlan_add_flags(v, vid, flags);
48		return 0;
49	}
50
51	if (v->port_idx) {
52		p = v->parent.port;
53		br = p->br;
54		dev = p->dev;
55	} else {
56		br = v->parent.br;
57		dev = br->dev;
58	}
59
60	if (p) {
61		/* Add VLAN to the device filter if it is supported.
62		 * This ensures tagged traffic enters the bridge when
63		 * promiscuous mode is disabled by br_manage_promisc().
64		 */
65		err = vlan_vid_add(dev, br->vlan_proto, vid);
66		if (err)
67			return err;
68	}
69
70	err = br_fdb_insert(br, p, dev->dev_addr, vid);
71	if (err) {
72		br_err(br, "failed insert local address into bridge "
73		       "forwarding table\n");
74		goto out_filt;
75	}
76
77	set_bit(vid, v->vlan_bitmap);
78	v->num_vlans++;
79	__vlan_add_flags(v, vid, flags);
80
81	return 0;
82
83out_filt:
84	if (p)
85		vlan_vid_del(dev, br->vlan_proto, vid);
86	return err;
87}
88
89static int __vlan_del(struct net_port_vlans *v, u16 vid)
90{
91	if (!test_bit(vid, v->vlan_bitmap))
92		return -EINVAL;
93
94	__vlan_delete_pvid(v, vid);
95	clear_bit(vid, v->untagged_bitmap);
96
97	if (v->port_idx) {
98		struct net_bridge_port *p = v->parent.port;
99		vlan_vid_del(p->dev, p->br->vlan_proto, vid);
100	}
101
102	clear_bit(vid, v->vlan_bitmap);
103	v->num_vlans--;
104	if (bitmap_empty(v->vlan_bitmap, VLAN_N_VID)) {
105		if (v->port_idx)
106			RCU_INIT_POINTER(v->parent.port->vlan_info, NULL);
107		else
108			RCU_INIT_POINTER(v->parent.br->vlan_info, NULL);
109		kfree_rcu(v, rcu);
110	}
111	return 0;
112}
113
114static void __vlan_flush(struct net_port_vlans *v)
115{
116	smp_wmb();
117	v->pvid = 0;
118	bitmap_zero(v->vlan_bitmap, VLAN_N_VID);
119	if (v->port_idx)
120		RCU_INIT_POINTER(v->parent.port->vlan_info, NULL);
121	else
122		RCU_INIT_POINTER(v->parent.br->vlan_info, NULL);
123	kfree_rcu(v, rcu);
124}
125
126struct sk_buff *br_handle_vlan(struct net_bridge *br,
127			       const struct net_port_vlans *pv,
128			       struct sk_buff *skb)
129{
130	u16 vid;
131
132	/* If this packet was not filtered at input, let it pass */
133	if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
134		goto out;
135
136	/* Vlan filter table must be configured at this point.  The
137	 * only exception is the bridge is set in promisc mode and the
138	 * packet is destined for the bridge device.  In this case
139	 * pass the packet as is.
140	 */
141	if (!pv) {
142		if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
143			goto out;
144		} else {
145			kfree_skb(skb);
146			return NULL;
147		}
148	}
149
150	/* At this point, we know that the frame was filtered and contains
151	 * a valid vlan id.  If the vlan id is set in the untagged bitmap,
152	 * send untagged; otherwise, send tagged.
153	 */
154	br_vlan_get_tag(skb, &vid);
155	if (test_bit(vid, pv->untagged_bitmap))
156		skb->vlan_tci = 0;
157
158out:
159	return skb;
160}
161
162/* Called under RCU */
163bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
164			struct sk_buff *skb, u16 *vid)
165{
166	bool tagged;
167	__be16 proto;
168
169	/* If VLAN filtering is disabled on the bridge, all packets are
170	 * permitted.
171	 */
172	if (!br->vlan_enabled) {
173		BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
174		return true;
175	}
176
177	/* If there are no vlan in the permitted list, all packets are
178	 * rejected.
179	 */
180	if (!v)
181		goto drop;
182
183	BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
184	proto = br->vlan_proto;
185
186	/* If vlan tx offload is disabled on bridge device and frame was
187	 * sent from vlan device on the bridge device, it does not have
188	 * HW accelerated vlan tag.
189	 */
190	if (unlikely(!skb_vlan_tag_present(skb) &&
191		     skb->protocol == proto)) {
192		skb = skb_vlan_untag(skb);
193		if (unlikely(!skb))
194			return false;
195	}
196
197	if (!br_vlan_get_tag(skb, vid)) {
198		/* Tagged frame */
199		if (skb->vlan_proto != proto) {
200			/* Protocol-mismatch, empty out vlan_tci for new tag */
201			skb_push(skb, ETH_HLEN);
202			skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto,
203							skb_vlan_tag_get(skb));
204			if (unlikely(!skb))
205				return false;
206
207			skb_pull(skb, ETH_HLEN);
208			skb_reset_mac_len(skb);
209			*vid = 0;
210			tagged = false;
211		} else {
212			tagged = true;
213		}
214	} else {
215		/* Untagged frame */
216		tagged = false;
217	}
218
219	if (!*vid) {
220		u16 pvid = br_get_pvid(v);
221
222		/* Frame had a tag with VID 0 or did not have a tag.
223		 * See if pvid is set on this port.  That tells us which
224		 * vlan untagged or priority-tagged traffic belongs to.
225		 */
226		if (!pvid)
227			goto drop;
228
229		/* PVID is set on this port.  Any untagged or priority-tagged
230		 * ingress frame is considered to belong to this vlan.
231		 */
232		*vid = pvid;
233		if (likely(!tagged))
234			/* Untagged Frame. */
235			__vlan_hwaccel_put_tag(skb, proto, pvid);
236		else
237			/* Priority-tagged Frame.
238			 * At this point, We know that skb->vlan_tci had
239			 * VLAN_TAG_PRESENT bit and its VID field was 0x000.
240			 * We update only VID field and preserve PCP field.
241			 */
242			skb->vlan_tci |= pvid;
243
244		return true;
245	}
246
247	/* Frame had a valid vlan tag.  See if vlan is allowed */
248	if (test_bit(*vid, v->vlan_bitmap))
249		return true;
250drop:
251	kfree_skb(skb);
252	return false;
253}
254
255/* Called under RCU. */
256bool br_allowed_egress(struct net_bridge *br,
257		       const struct net_port_vlans *v,
258		       const struct sk_buff *skb)
259{
260	u16 vid;
261
262	/* If this packet was not filtered at input, let it pass */
263	if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
264		return true;
265
266	if (!v)
267		return false;
268
269	br_vlan_get_tag(skb, &vid);
270	if (test_bit(vid, v->vlan_bitmap))
271		return true;
272
273	return false;
274}
275
276/* Called under RCU */
277bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
278{
279	struct net_bridge *br = p->br;
280	struct net_port_vlans *v;
281
282	/* If filtering was disabled at input, let it pass. */
283	if (!br->vlan_enabled)
284		return true;
285
286	v = rcu_dereference(p->vlan_info);
287	if (!v)
288		return false;
289
290	if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
291		*vid = 0;
292
293	if (!*vid) {
294		*vid = br_get_pvid(v);
295		if (!*vid)
296			return false;
297
298		return true;
299	}
300
301	if (test_bit(*vid, v->vlan_bitmap))
302		return true;
303
304	return false;
305}
306
307/* Must be protected by RTNL.
308 * Must be called with vid in range from 1 to 4094 inclusive.
309 */
310int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
311{
312	struct net_port_vlans *pv = NULL;
313	int err;
314
315	ASSERT_RTNL();
316
317	pv = rtnl_dereference(br->vlan_info);
318	if (pv)
319		return __vlan_add(pv, vid, flags);
320
321	/* Create port vlan infomration
322	 */
323	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
324	if (!pv)
325		return -ENOMEM;
326
327	pv->parent.br = br;
328	err = __vlan_add(pv, vid, flags);
329	if (err)
330		goto out;
331
332	rcu_assign_pointer(br->vlan_info, pv);
333	return 0;
334out:
335	kfree(pv);
336	return err;
337}
338
339/* Must be protected by RTNL.
340 * Must be called with vid in range from 1 to 4094 inclusive.
341 */
342int br_vlan_delete(struct net_bridge *br, u16 vid)
343{
344	struct net_port_vlans *pv;
345
346	ASSERT_RTNL();
347
348	pv = rtnl_dereference(br->vlan_info);
349	if (!pv)
350		return -EINVAL;
351
352	br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
353
354	__vlan_del(pv, vid);
355	return 0;
356}
357
358void br_vlan_flush(struct net_bridge *br)
359{
360	struct net_port_vlans *pv;
361
362	ASSERT_RTNL();
363	pv = rtnl_dereference(br->vlan_info);
364	if (!pv)
365		return;
366
367	__vlan_flush(pv);
368}
369
370bool br_vlan_find(struct net_bridge *br, u16 vid)
371{
372	struct net_port_vlans *pv;
373	bool found = false;
374
375	rcu_read_lock();
376	pv = rcu_dereference(br->vlan_info);
377
378	if (!pv)
379		goto out;
380
381	if (test_bit(vid, pv->vlan_bitmap))
382		found = true;
383
384out:
385	rcu_read_unlock();
386	return found;
387}
388
389/* Must be protected by RTNL. */
390static void recalculate_group_addr(struct net_bridge *br)
391{
392	if (br->group_addr_set)
393		return;
394
395	spin_lock_bh(&br->lock);
396	if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) {
397		/* Bridge Group Address */
398		br->group_addr[5] = 0x00;
399	} else { /* vlan_enabled && ETH_P_8021AD */
400		/* Provider Bridge Group Address */
401		br->group_addr[5] = 0x08;
402	}
403	spin_unlock_bh(&br->lock);
404}
405
406/* Must be protected by RTNL. */
407void br_recalculate_fwd_mask(struct net_bridge *br)
408{
409	if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q))
410		br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
411	else /* vlan_enabled && ETH_P_8021AD */
412		br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
413					      ~(1u << br->group_addr[5]);
414}
415
416int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
417{
418	if (!rtnl_trylock())
419		return restart_syscall();
420
421	if (br->vlan_enabled == val)
422		goto unlock;
423
424	br->vlan_enabled = val;
425	br_manage_promisc(br);
426	recalculate_group_addr(br);
427	br_recalculate_fwd_mask(br);
428
429unlock:
430	rtnl_unlock();
431	return 0;
432}
433
434int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
435{
436	int err = 0;
437	struct net_bridge_port *p;
438	struct net_port_vlans *pv;
439	__be16 proto, oldproto;
440	u16 vid, errvid;
441
442	if (val != ETH_P_8021Q && val != ETH_P_8021AD)
443		return -EPROTONOSUPPORT;
444
445	if (!rtnl_trylock())
446		return restart_syscall();
447
448	proto = htons(val);
449	if (br->vlan_proto == proto)
450		goto unlock;
451
452	/* Add VLANs for the new proto to the device filter. */
453	list_for_each_entry(p, &br->port_list, list) {
454		pv = rtnl_dereference(p->vlan_info);
455		if (!pv)
456			continue;
457
458		for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID) {
459			err = vlan_vid_add(p->dev, proto, vid);
460			if (err)
461				goto err_filt;
462		}
463	}
464
465	oldproto = br->vlan_proto;
466	br->vlan_proto = proto;
467
468	recalculate_group_addr(br);
469	br_recalculate_fwd_mask(br);
470
471	/* Delete VLANs for the old proto from the device filter. */
472	list_for_each_entry(p, &br->port_list, list) {
473		pv = rtnl_dereference(p->vlan_info);
474		if (!pv)
475			continue;
476
477		for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID)
478			vlan_vid_del(p->dev, oldproto, vid);
479	}
480
481unlock:
482	rtnl_unlock();
483	return err;
484
485err_filt:
486	errvid = vid;
487	for_each_set_bit(vid, pv->vlan_bitmap, errvid)
488		vlan_vid_del(p->dev, proto, vid);
489
490	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
491		pv = rtnl_dereference(p->vlan_info);
492		if (!pv)
493			continue;
494
495		for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID)
496			vlan_vid_del(p->dev, proto, vid);
497	}
498
499	goto unlock;
500}
501
502static bool vlan_default_pvid(struct net_port_vlans *pv, u16 vid)
503{
504	return pv && vid == pv->pvid && test_bit(vid, pv->untagged_bitmap);
505}
506
507static void br_vlan_disable_default_pvid(struct net_bridge *br)
508{
509	struct net_bridge_port *p;
510	u16 pvid = br->default_pvid;
511
512	/* Disable default_pvid on all ports where it is still
513	 * configured.
514	 */
515	if (vlan_default_pvid(br_get_vlan_info(br), pvid))
516		br_vlan_delete(br, pvid);
517
518	list_for_each_entry(p, &br->port_list, list) {
519		if (vlan_default_pvid(nbp_get_vlan_info(p), pvid))
520			nbp_vlan_delete(p, pvid);
521	}
522
523	br->default_pvid = 0;
524}
525
526static int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid)
527{
528	struct net_bridge_port *p;
529	u16 old_pvid;
530	int err = 0;
531	unsigned long *changed;
532
533	changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long),
534			  GFP_KERNEL);
535	if (!changed)
536		return -ENOMEM;
537
538	old_pvid = br->default_pvid;
539
540	/* Update default_pvid config only if we do not conflict with
541	 * user configuration.
542	 */
543	if ((!old_pvid || vlan_default_pvid(br_get_vlan_info(br), old_pvid)) &&
544	    !br_vlan_find(br, pvid)) {
545		err = br_vlan_add(br, pvid,
546				  BRIDGE_VLAN_INFO_PVID |
547				  BRIDGE_VLAN_INFO_UNTAGGED);
548		if (err)
549			goto out;
550		br_vlan_delete(br, old_pvid);
551		set_bit(0, changed);
552	}
553
554	list_for_each_entry(p, &br->port_list, list) {
555		/* Update default_pvid config only if we do not conflict with
556		 * user configuration.
557		 */
558		if ((old_pvid &&
559		     !vlan_default_pvid(nbp_get_vlan_info(p), old_pvid)) ||
560		    nbp_vlan_find(p, pvid))
561			continue;
562
563		err = nbp_vlan_add(p, pvid,
564				   BRIDGE_VLAN_INFO_PVID |
565				   BRIDGE_VLAN_INFO_UNTAGGED);
566		if (err)
567			goto err_port;
568		nbp_vlan_delete(p, old_pvid);
569		set_bit(p->port_no, changed);
570	}
571
572	br->default_pvid = pvid;
573
574out:
575	kfree(changed);
576	return err;
577
578err_port:
579	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
580		if (!test_bit(p->port_no, changed))
581			continue;
582
583		if (old_pvid)
584			nbp_vlan_add(p, old_pvid,
585				     BRIDGE_VLAN_INFO_PVID |
586				     BRIDGE_VLAN_INFO_UNTAGGED);
587		nbp_vlan_delete(p, pvid);
588	}
589
590	if (test_bit(0, changed)) {
591		if (old_pvid)
592			br_vlan_add(br, old_pvid,
593				    BRIDGE_VLAN_INFO_PVID |
594				    BRIDGE_VLAN_INFO_UNTAGGED);
595		br_vlan_delete(br, pvid);
596	}
597	goto out;
598}
599
600int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val)
601{
602	u16 pvid = val;
603	int err = 0;
604
605	if (val >= VLAN_VID_MASK)
606		return -EINVAL;
607
608	if (!rtnl_trylock())
609		return restart_syscall();
610
611	if (pvid == br->default_pvid)
612		goto unlock;
613
614	/* Only allow default pvid change when filtering is disabled */
615	if (br->vlan_enabled) {
616		pr_info_once("Please disable vlan filtering to change default_pvid\n");
617		err = -EPERM;
618		goto unlock;
619	}
620
621	if (!pvid)
622		br_vlan_disable_default_pvid(br);
623	else
624		err = __br_vlan_set_default_pvid(br, pvid);
625
626unlock:
627	rtnl_unlock();
628	return err;
629}
630
631int br_vlan_init(struct net_bridge *br)
632{
633	br->vlan_proto = htons(ETH_P_8021Q);
634	br->default_pvid = 1;
635	return br_vlan_add(br, 1,
636			   BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED);
637}
638
639/* Must be protected by RTNL.
640 * Must be called with vid in range from 1 to 4094 inclusive.
641 */
642int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
643{
644	struct net_port_vlans *pv = NULL;
645	int err;
646
647	ASSERT_RTNL();
648
649	pv = rtnl_dereference(port->vlan_info);
650	if (pv)
651		return __vlan_add(pv, vid, flags);
652
653	/* Create port vlan infomration
654	 */
655	pv = kzalloc(sizeof(*pv), GFP_KERNEL);
656	if (!pv) {
657		err = -ENOMEM;
658		goto clean_up;
659	}
660
661	pv->port_idx = port->port_no;
662	pv->parent.port = port;
663	err = __vlan_add(pv, vid, flags);
664	if (err)
665		goto clean_up;
666
667	rcu_assign_pointer(port->vlan_info, pv);
668	return 0;
669
670clean_up:
671	kfree(pv);
672	return err;
673}
674
675/* Must be protected by RTNL.
676 * Must be called with vid in range from 1 to 4094 inclusive.
677 */
678int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
679{
680	struct net_port_vlans *pv;
681
682	ASSERT_RTNL();
683
684	pv = rtnl_dereference(port->vlan_info);
685	if (!pv)
686		return -EINVAL;
687
688	br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
689
690	return __vlan_del(pv, vid);
691}
692
693void nbp_vlan_flush(struct net_bridge_port *port)
694{
695	struct net_port_vlans *pv;
696	u16 vid;
697
698	ASSERT_RTNL();
699
700	pv = rtnl_dereference(port->vlan_info);
701	if (!pv)
702		return;
703
704	for_each_set_bit(vid, pv->vlan_bitmap, VLAN_N_VID)
705		vlan_vid_del(port->dev, port->br->vlan_proto, vid);
706
707	__vlan_flush(pv);
708}
709
710bool nbp_vlan_find(struct net_bridge_port *port, u16 vid)
711{
712	struct net_port_vlans *pv;
713	bool found = false;
714
715	rcu_read_lock();
716	pv = rcu_dereference(port->vlan_info);
717
718	if (!pv)
719		goto out;
720
721	if (test_bit(vid, pv->vlan_bitmap))
722		found = true;
723
724out:
725	rcu_read_unlock();
726	return found;
727}
728
729int nbp_vlan_init(struct net_bridge_port *p)
730{
731	return p->br->default_pvid ?
732			nbp_vlan_add(p, p->br->default_pvid,
733				     BRIDGE_VLAN_INFO_PVID |
734				     BRIDGE_VLAN_INFO_UNTAGGED) :
735			0;
736}
737