net/bridge/br_vlan.c

   1 #include <linux/kernel.h>
   2 #include <linux/netdevice.h>
   3 #include <linux/rtnetlink.h>
   4 #include <linux/slab.h>
   5 #include <net/switchdev.h>
   6
   7 #include "br_private.h"
   8
   9 static inline int br_vlan_cmp(struct rhashtable_compare_arg *arg,
  10                               const void *ptr)
  11 {
  12         const struct net_bridge_vlan *vle = ptr;
  13         u16 vid = *(u16 *)arg->key;
  14
  15         return vle->vid != vid;
  16 }
  17
  18 static const struct rhashtable_params br_vlan_rht_params = {
  19         .head_offset = offsetof(struct net_bridge_vlan, vnode),
  20         .key_offset = offsetof(struct net_bridge_vlan, vid),
  21         .key_len = sizeof(u16),
  22         .nelem_hint = 3,
  23         .locks_mul = 1,
  24         .max_size = VLAN_N_VID,
  25         .obj_cmpfn = br_vlan_cmp,
  26         .automatic_shrinking = true,
  27 };
  28
  29 static struct net_bridge_vlan *br_vlan_lookup(struct rhashtable *tbl, u16 vid)
  30 {
  31         return rhashtable_lookup_fast(tbl, &vid, br_vlan_rht_params);
  32 }
  33
  34 static void __vlan_add_pvid(struct net_bridge_vlan_group *vg, u16 vid)
  35 {
  36         if (vg->pvid == vid)
  37                 return;
  38
  39         smp_wmb();
  40         vg->pvid = vid;
  41 }
  42
  43 static void __vlan_delete_pvid(struct net_bridge_vlan_group *vg, u16 vid)
  44 {
  45         if (vg->pvid != vid)
  46                 return;
  47
  48         smp_wmb();
  49         vg->pvid = 0;
  50 }
  51
  52 static void __vlan_add_flags(struct net_bridge_vlan *v, u16 flags)
  53 {
  54         struct net_bridge_vlan_group *vg;
  55
  56         if (br_vlan_is_master(v))
  57                 vg = v->br->vlgrp;
  58         else
  59                 vg = v->port->vlgrp;
  60
  61         if (flags & BRIDGE_VLAN_INFO_PVID)
  62                 __vlan_add_pvid(vg, v->vid);
  63         else
  64                 __vlan_delete_pvid(vg, v->vid);
  65
  66         if (flags & BRIDGE_VLAN_INFO_UNTAGGED)
  67                 v->flags |= BRIDGE_VLAN_INFO_UNTAGGED;
  68         else
  69                 v->flags &= ~BRIDGE_VLAN_INFO_UNTAGGED;
  70 }
  71
  72 static int __vlan_vid_add(struct net_device *dev, struct net_bridge *br,
  73                           u16 vid, u16 flags)
  74 {
  75         const struct net_device_ops *ops = dev->netdev_ops;
  76         int err;
  77
  78         /* If driver uses VLAN ndo ops, use 8021q to install vid
  79          * on device, otherwise try switchdev ops to install vid.
  80          */
  81
  82         if (ops->ndo_vlan_rx_add_vid) {
  83                 err = vlan_vid_add(dev, br->vlan_proto, vid);
  84         } else {
  85                 struct switchdev_obj_port_vlan v = {
  86                         .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
  87                         .flags = flags,
  88                         .vid_begin = vid,
  89                         .vid_end = vid,
  90                 };
  91
  92                 err = switchdev_port_obj_add(dev, &v.obj);
  93                 if (err == -EOPNOTSUPP)
  94                         err = 0;
  95         }
  96
  97         return err;
  98 }
  99
 100 static void __vlan_add_list(struct net_bridge_vlan *v)
 101 {
 102         struct list_head *headp, *hpos;
 103         struct net_bridge_vlan *vent;
 104
 105         headp = br_vlan_is_master(v) ? &v->br->vlgrp->vlan_list :
 106                                        &v->port->vlgrp->vlan_list;
 107         list_for_each_prev(hpos, headp) {
 108                 vent = list_entry(hpos, struct net_bridge_vlan, vlist);
 109                 if (v->vid < vent->vid)
 110                         continue;
 111                 else
 112                         break;
 113         }
 114         list_add_rcu(&v->vlist, hpos);
 115 }
 116
 117 static void __vlan_del_list(struct net_bridge_vlan *v)
 118 {
 119         list_del_rcu(&v->vlist);
 120 }
 121
 122 static int __vlan_vid_del(struct net_device *dev, struct net_bridge *br,
 123                           u16 vid)
 124 {
 125         const struct net_device_ops *ops = dev->netdev_ops;
 126         int err = 0;
 127
 128         /* If driver uses VLAN ndo ops, use 8021q to delete vid
 129          * on device, otherwise try switchdev ops to delete vid.
 130          */
 131
 132         if (ops->ndo_vlan_rx_kill_vid) {
 133                 vlan_vid_del(dev, br->vlan_proto, vid);
 134         } else {
 135                 struct switchdev_obj_port_vlan v = {
 136                         .obj.id = SWITCHDEV_OBJ_ID_PORT_VLAN,
 137                         .vid_begin = vid,
 138                         .vid_end = vid,
 139                 };
 140
 141                 err = switchdev_port_obj_del(dev, &v.obj);
 142                 if (err == -EOPNOTSUPP)
 143                         err = 0;
 144         }
 145
 146         return err;
 147 }
 148
 149 /* Returns a master vlan, if it didn't exist it gets created. In all cases a
 150  * a reference is taken to the master vlan before returning.
 151  */
 152 static struct net_bridge_vlan *br_vlan_get_master(struct net_bridge *br, u16 vid)
 153 {
 154         struct net_bridge_vlan *masterv;
 155
 156         masterv = br_vlan_find(br->vlgrp, vid);
 157         if (!masterv) {
 158                 /* missing global ctx, create it now */
 159                 if (br_vlan_add(br, vid, 0))
 160                         return NULL;
 161                 masterv = br_vlan_find(br->vlgrp, vid);
 162                 if (WARN_ON(!masterv))
 163                         return NULL;
 164         }
 165         atomic_inc(&masterv->refcnt);
 166
 167         return masterv;
 168 }
 169
 170 static void br_vlan_put_master(struct net_bridge_vlan *masterv)
 171 {
 172         if (!br_vlan_is_master(masterv))
 173                 return;
 174
 175         if (atomic_dec_and_test(&masterv->refcnt)) {
 176                 rhashtable_remove_fast(&masterv->br->vlgrp->vlan_hash,
 177                                        &masterv->vnode, br_vlan_rht_params);
 178                 __vlan_del_list(masterv);
 179                 kfree_rcu(masterv, rcu);
 180         }
 181 }
 182
 183 /* This is the shared VLAN add function which works for both ports and bridge
 184  * devices. There are four possible calls to this function in terms of the
 185  * vlan entry type:
 186  * 1. vlan is being added on a port (no master flags, global entry exists)
 187  * 2. vlan is being added on a bridge (both master and brvlan flags)
 188  * 3. vlan is being added on a port, but a global entry didn't exist which
 189  *    is being created right now (master flag set, brvlan flag unset), the
 190  *    global entry is used for global per-vlan features, but not for filtering
 191  * 4. same as 3 but with both master and brvlan flags set so the entry
 192  *    will be used for filtering in both the port and the bridge
 193  */
 194 static int __vlan_add(struct net_bridge_vlan *v, u16 flags)
 195 {
 196         struct net_bridge_vlan *masterv = NULL;
 197         struct net_bridge_port *p = NULL;
 198         struct net_bridge_vlan_group *vg;
 199         struct net_device *dev;
 200         struct net_bridge *br;
 201         int err;
 202
 203         if (br_vlan_is_master(v)) {
 204                 br = v->br;
 205                 dev = br->dev;
 206                 vg = br->vlgrp;
 207         } else {
 208                 p = v->port;
 209                 br = p->br;
 210                 dev = p->dev;
 211                 vg = p->vlgrp;
 212         }
 213
 214         if (p) {
 215                 /* Add VLAN to the device filter if it is supported.
 216                  * This ensures tagged traffic enters the bridge when
 217                  * promiscuous mode is disabled by br_manage_promisc().
 218                  */
 219                 err = __vlan_vid_add(dev, br, v->vid, flags);
 220                 if (err)
 221                         goto out;
 222
 223                 /* need to work on the master vlan too */
 224                 if (flags & BRIDGE_VLAN_INFO_MASTER) {
 225                         err = br_vlan_add(br, v->vid, flags |
 226                                                       BRIDGE_VLAN_INFO_BRENTRY);
 227                         if (err)
 228                                 goto out_filt;
 229                 }
 230
 231                 masterv = br_vlan_get_master(br, v->vid);
 232                 if (!masterv)
 233                         goto out_filt;
 234                 v->brvlan = masterv;
 235         }
 236
 237         /* Add the dev mac and count the vlan only if it's usable */
 238         if (br_vlan_should_use(v)) {
 239                 err = br_fdb_insert(br, p, dev->dev_addr, v->vid);
 240                 if (err) {
 241                         br_err(br, "failed insert local address into bridge forwarding table\n");
 242                         goto out_filt;
 243                 }
 244                 vg->num_vlans++;
 245         }
 246
 247         err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode,
 248                                             br_vlan_rht_params);
 249         if (err)
 250                 goto out_fdb_insert;
 251
 252         __vlan_add_list(v);
 253         __vlan_add_flags(v, flags);
 254 out:
 255         return err;
 256
 257 out_fdb_insert:
 258         if (br_vlan_should_use(v)) {
 259                 br_fdb_find_delete_local(br, p, dev->dev_addr, v->vid);
 260                 vg->num_vlans--;
 261         }
 262
 263 out_filt:
 264         if (p) {
 265                 __vlan_vid_del(dev, br, v->vid);
 266                 if (masterv) {
 267                         br_vlan_put_master(masterv);
 268                         v->brvlan = NULL;
 269                 }
 270         }
 271
 272         goto out;
 273 }
 274
 275 static int __vlan_del(struct net_bridge_vlan *v)
 276 {
 277         struct net_bridge_vlan *masterv = v;
 278         struct net_bridge_vlan_group *vg;
 279         struct net_bridge_port *p = NULL;
 280         int err = 0;
 281
 282         if (br_vlan_is_master(v)) {
 283                 vg = v->br->vlgrp;
 284         } else {
 285                 p = v->port;
 286                 vg = v->port->vlgrp;
 287                 masterv = v->brvlan;
 288         }
 289
 290         __vlan_delete_pvid(vg, v->vid);
 291         if (p) {
 292                 err = __vlan_vid_del(p->dev, p->br, v->vid);
 293                 if (err)
 294                         goto out;
 295         }
 296
 297         if (br_vlan_should_use(v)) {
 298                 v->flags &= ~BRIDGE_VLAN_INFO_BRENTRY;
 299                 vg->num_vlans--;
 300         }
 301
 302         if (masterv != v) {
 303                 rhashtable_remove_fast(&vg->vlan_hash, &v->vnode,
 304                                        br_vlan_rht_params);
 305                 __vlan_del_list(v);
 306                 kfree_rcu(v, rcu);
 307         }
 308
 309         br_vlan_put_master(masterv);
 310 out:
 311         return err;
 312 }
 313
 314 static void __vlan_flush(struct net_bridge_vlan_group *vlgrp)
 315 {
 316         struct net_bridge_vlan *vlan, *tmp;
 317
 318         __vlan_delete_pvid(vlgrp, vlgrp->pvid);
 319         list_for_each_entry_safe(vlan, tmp, &vlgrp->vlan_list, vlist)
 320                 __vlan_del(vlan);
 321         rhashtable_destroy(&vlgrp->vlan_hash);
 322         kfree(vlgrp);
 323 }
 324
 325 struct sk_buff *br_handle_vlan(struct net_bridge *br,
 326                                struct net_bridge_vlan_group *vg,
 327                                struct sk_buff *skb)
 328 {
 329         struct net_bridge_vlan *v;
 330         u16 vid;
 331
 332         /* If this packet was not filtered at input, let it pass */
 333         if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
 334                 goto out;
 335
 336         /* At this point, we know that the frame was filtered and contains
 337          * a valid vlan id.  If the vlan id has untagged flag set,
 338          * send untagged; otherwise, send tagged.
 339          */
 340         br_vlan_get_tag(skb, &vid);
 341         v = br_vlan_find(vg, vid);
 342         /* Vlan entry must be configured at this point.  The
 343          * only exception is the bridge is set in promisc mode and the
 344          * packet is destined for the bridge device.  In this case
 345          * pass the packet as is.
 346          */
 347         if (!v || !br_vlan_should_use(v)) {
 348                 if ((br->dev->flags & IFF_PROMISC) && skb->dev == br->dev) {
 349                         goto out;
 350                 } else {
 351                         kfree_skb(skb);
 352                         return NULL;
 353                 }
 354         }
 355         if (v->flags & BRIDGE_VLAN_INFO_UNTAGGED)
 356                 skb->vlan_tci = 0;
 357
 358 out:
 359         return skb;
 360 }
 361
 362 /* Called under RCU */
 363 static bool __allowed_ingress(struct net_bridge_vlan_group *vg, __be16 proto,
 364                               struct sk_buff *skb, u16 *vid)
 365 {
 366         const struct net_bridge_vlan *v;
 367         bool tagged;
 368
 369         BR_INPUT_SKB_CB(skb)->vlan_filtered = true;
 370         /* If vlan tx offload is disabled on bridge device and frame was
 371          * sent from vlan device on the bridge device, it does not have
 372          * HW accelerated vlan tag.
 373          */
 374         if (unlikely(!skb_vlan_tag_present(skb) &&
 375                      skb->protocol == proto)) {
 376                 skb = skb_vlan_untag(skb);
 377                 if (unlikely(!skb))
 378                         return false;
 379         }
 380
 381         if (!br_vlan_get_tag(skb, vid)) {
 382                 /* Tagged frame */
 383                 if (skb->vlan_proto != proto) {
 384                         /* Protocol-mismatch, empty out vlan_tci for new tag */
 385                         skb_push(skb, ETH_HLEN);
 386                         skb = vlan_insert_tag_set_proto(skb, skb->vlan_proto,
 387                                                         skb_vlan_tag_get(skb));
 388                         if (unlikely(!skb))
 389                                 return false;
 390
 391                         skb_pull(skb, ETH_HLEN);
 392                         skb_reset_mac_len(skb);
 393                         *vid = 0;
 394                         tagged = false;
 395                 } else {
 396                         tagged = true;
 397                 }
 398         } else {
 399                 /* Untagged frame */
 400                 tagged = false;
 401         }
 402
 403         if (!*vid) {
 404                 u16 pvid = br_get_pvid(vg);
 405
 406                 /* Frame had a tag with VID 0 or did not have a tag.
 407                  * See if pvid is set on this port.  That tells us which
 408                  * vlan untagged or priority-tagged traffic belongs to.
 409                  */
 410                 if (!pvid)
 411                         goto drop;
 412
 413                 /* PVID is set on this port.  Any untagged or priority-tagged
 414                  * ingress frame is considered to belong to this vlan.
 415                  */
 416                 *vid = pvid;
 417                 if (likely(!tagged))
 418                         /* Untagged Frame. */
 419                         __vlan_hwaccel_put_tag(skb, proto, pvid);
 420                 else
 421                         /* Priority-tagged Frame.
 422                          * At this point, We know that skb->vlan_tci had
 423                          * VLAN_TAG_PRESENT bit and its VID field was 0x000.
 424                          * We update only VID field and preserve PCP field.
 425                          */
 426                         skb->vlan_tci |= pvid;
 427
 428                 return true;
 429         }
 430
 431         /* Frame had a valid vlan tag.  See if vlan is allowed */
 432         v = br_vlan_find(vg, *vid);
 433         if (v && br_vlan_should_use(v))
 434                 return true;
 435 drop:
 436         kfree_skb(skb);
 437         return false;
 438 }
 439
 440 bool br_allowed_ingress(const struct net_bridge *br,
 441                         struct net_bridge_vlan_group *vg, struct sk_buff *skb,
 442                         u16 *vid)
 443 {
 444         /* If VLAN filtering is disabled on the bridge, all packets are
 445          * permitted.
 446          */
 447         if (!br->vlan_enabled) {
 448                 BR_INPUT_SKB_CB(skb)->vlan_filtered = false;
 449                 return true;
 450         }
 451
 452         return __allowed_ingress(vg, br->vlan_proto, skb, vid);
 453 }
 454
 455 /* Called under RCU. */
 456 bool br_allowed_egress(struct net_bridge_vlan_group *vg,
 457                        const struct sk_buff *skb)
 458 {
 459         const struct net_bridge_vlan *v;
 460         u16 vid;
 461
 462         /* If this packet was not filtered at input, let it pass */
 463         if (!BR_INPUT_SKB_CB(skb)->vlan_filtered)
 464                 return true;
 465
 466         br_vlan_get_tag(skb, &vid);
 467         v = br_vlan_find(vg, vid);
 468         if (v && br_vlan_should_use(v))
 469                 return true;
 470
 471         return false;
 472 }
 473
 474 /* Called under RCU */
 475 bool br_should_learn(struct net_bridge_port *p, struct sk_buff *skb, u16 *vid)
 476 {
 477         struct net_bridge_vlan_group *vg;
 478         struct net_bridge *br = p->br;
 479
 480         /* If filtering was disabled at input, let it pass. */
 481         if (!br->vlan_enabled)
 482                 return true;
 483
 484         vg = p->vlgrp;
 485         if (!vg || !vg->num_vlans)
 486                 return false;
 487
 488         if (!br_vlan_get_tag(skb, vid) && skb->vlan_proto != br->vlan_proto)
 489                 *vid = 0;
 490
 491         if (!*vid) {
 492                 *vid = br_get_pvid(vg);
 493                 if (!*vid)
 494                         return false;
 495
 496                 return true;
 497         }
 498
 499         if (br_vlan_find(vg, *vid))
 500                 return true;
 501
 502         return false;
 503 }
 504
 505 /* Must be protected by RTNL.
 506  * Must be called with vid in range from 1 to 4094 inclusive.
 507  */
 508 int br_vlan_add(struct net_bridge *br, u16 vid, u16 flags)
 509 {
 510         struct net_bridge_vlan *vlan;
 511         int ret;
 512
 513         ASSERT_RTNL();
 514
 515         vlan = br_vlan_find(br->vlgrp, vid);
 516         if (vlan) {
 517                 if (!br_vlan_is_brentry(vlan)) {
 518                         /* Trying to change flags of non-existent bridge vlan */
 519                         if (!(flags & BRIDGE_VLAN_INFO_BRENTRY))
 520                                 return -EINVAL;
 521                         /* It was only kept for port vlans, now make it real */
 522                         ret = br_fdb_insert(br, NULL, br->dev->dev_addr,
 523                                             vlan->vid);
 524                         if (ret) {
 525                                 br_err(br, "failed insert local address into bridge forwarding table\n");
 526                                 return ret;
 527                         }
 528                         atomic_inc(&vlan->refcnt);
 529                         vlan->flags |= BRIDGE_VLAN_INFO_BRENTRY;
 530                         br->vlgrp->num_vlans++;
 531                 }
 532                 __vlan_add_flags(vlan, flags);
 533                 return 0;
 534         }
 535
 536         vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
 537         if (!vlan)
 538                 return -ENOMEM;
 539
 540         vlan->vid = vid;
 541         vlan->flags = flags | BRIDGE_VLAN_INFO_MASTER;
 542         vlan->flags &= ~BRIDGE_VLAN_INFO_PVID;
 543         vlan->br = br;
 544         if (flags & BRIDGE_VLAN_INFO_BRENTRY)
 545                 atomic_set(&vlan->refcnt, 1);
 546         ret = __vlan_add(vlan, flags);
 547         if (ret)
 548                 kfree(vlan);
 549
 550         return ret;
 551 }
 552
 553 /* Must be protected by RTNL.
 554  * Must be called with vid in range from 1 to 4094 inclusive.
 555  */
 556 int br_vlan_delete(struct net_bridge *br, u16 vid)
 557 {
 558         struct net_bridge_vlan *v;
 559
 560         ASSERT_RTNL();
 561
 562         v = br_vlan_find(br->vlgrp, vid);
 563         if (!v || !br_vlan_is_brentry(v))
 564                 return -ENOENT;
 565
 566         br_fdb_find_delete_local(br, NULL, br->dev->dev_addr, vid);
 567
 568         return __vlan_del(v);
 569 }
 570
 571 void br_vlan_flush(struct net_bridge *br)
 572 {
 573         ASSERT_RTNL();
 574
 575         __vlan_flush(br_vlan_group(br));
 576 }
 577
 578 struct net_bridge_vlan *br_vlan_find(struct net_bridge_vlan_group *vg, u16 vid)
 579 {
 580         if (!vg)
 581                 return NULL;
 582
 583         return br_vlan_lookup(&vg->vlan_hash, vid);
 584 }
 585
 586 /* Must be protected by RTNL. */
 587 static void recalculate_group_addr(struct net_bridge *br)
 588 {
 589         if (br->group_addr_set)
 590                 return;
 591
 592         spin_lock_bh(&br->lock);
 593         if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q)) {
 594                 /* Bridge Group Address */
 595                 br->group_addr[5] = 0x00;
 596         } else { /* vlan_enabled && ETH_P_8021AD */
 597                 /* Provider Bridge Group Address */
 598                 br->group_addr[5] = 0x08;
 599         }
 600         spin_unlock_bh(&br->lock);
 601 }
 602
 603 /* Must be protected by RTNL. */
 604 void br_recalculate_fwd_mask(struct net_bridge *br)
 605 {
 606         if (!br->vlan_enabled || br->vlan_proto == htons(ETH_P_8021Q))
 607                 br->group_fwd_mask_required = BR_GROUPFWD_DEFAULT;
 608         else /* vlan_enabled && ETH_P_8021AD */
 609                 br->group_fwd_mask_required = BR_GROUPFWD_8021AD &
 610                                               ~(1u << br->group_addr[5]);
 611 }
 612
 613 int __br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
 614 {
 615         if (br->vlan_enabled == val)
 616                 return 0;
 617
 618         br->vlan_enabled = val;
 619         br_manage_promisc(br);
 620         recalculate_group_addr(br);
 621         br_recalculate_fwd_mask(br);
 622
 623         return 0;
 624 }
 625
 626 int br_vlan_filter_toggle(struct net_bridge *br, unsigned long val)
 627 {
 628         if (!rtnl_trylock())
 629                 return restart_syscall();
 630
 631         __br_vlan_filter_toggle(br, val);
 632         rtnl_unlock();
 633
 634         return 0;
 635 }
 636
 637 int __br_vlan_set_proto(struct net_bridge *br, __be16 proto)
 638 {
 639         int err = 0;
 640         struct net_bridge_port *p;
 641         struct net_bridge_vlan *vlan;
 642         __be16 oldproto;
 643
 644         if (br->vlan_proto == proto)
 645                 return 0;
 646
 647         /* Add VLANs for the new proto to the device filter. */
 648         list_for_each_entry(p, &br->port_list, list) {
 649                 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist) {
 650                         err = vlan_vid_add(p->dev, proto, vlan->vid);
 651                         if (err)
 652                                 goto err_filt;
 653                 }
 654         }
 655
 656         oldproto = br->vlan_proto;
 657         br->vlan_proto = proto;
 658
 659         recalculate_group_addr(br);
 660         br_recalculate_fwd_mask(br);
 661
 662         /* Delete VLANs for the old proto from the device filter. */
 663         list_for_each_entry(p, &br->port_list, list)
 664                 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist)
 665                         vlan_vid_del(p->dev, oldproto, vlan->vid);
 666
 667         return 0;
 668
 669 err_filt:
 670         list_for_each_entry_continue_reverse(vlan, &p->vlgrp->vlan_list, vlist)
 671                 vlan_vid_del(p->dev, proto, vlan->vid);
 672
 673         list_for_each_entry_continue_reverse(p, &br->port_list, list)
 674                 list_for_each_entry(vlan, &p->vlgrp->vlan_list, vlist)
 675                         vlan_vid_del(p->dev, proto, vlan->vid);
 676
 677         return err;
 678 }
 679
 680 int br_vlan_set_proto(struct net_bridge *br, unsigned long val)
 681 {
 682         int err;
 683
 684         if (val != ETH_P_8021Q && val != ETH_P_8021AD)
 685                 return -EPROTONOSUPPORT;
 686
 687         if (!rtnl_trylock())
 688                 return restart_syscall();
 689
 690         err = __br_vlan_set_proto(br, htons(val));
 691         rtnl_unlock();
 692
 693         return err;
 694 }
 695
 696 static bool vlan_default_pvid(struct net_bridge_vlan_group *vg, u16 vid)
 697 {
 698         struct net_bridge_vlan *v;
 699
 700         if (vid != vg->pvid)
 701                 return false;
 702
 703         v = br_vlan_lookup(&vg->vlan_hash, vid);
 704         if (v && br_vlan_should_use(v) &&
 705             (v->flags & BRIDGE_VLAN_INFO_UNTAGGED))
 706                 return true;
 707
 708         return false;
 709 }
 710
 711 static void br_vlan_disable_default_pvid(struct net_bridge *br)
 712 {
 713         struct net_bridge_port *p;
 714         u16 pvid = br->default_pvid;
 715
 716         /* Disable default_pvid on all ports where it is still
 717          * configured.
 718          */
 719         if (vlan_default_pvid(br->vlgrp, pvid))
 720                 br_vlan_delete(br, pvid);
 721
 722         list_for_each_entry(p, &br->port_list, list) {
 723                 if (vlan_default_pvid(p->vlgrp, pvid))
 724                         nbp_vlan_delete(p, pvid);
 725         }
 726
 727         br->default_pvid = 0;
 728 }
 729
 730 int __br_vlan_set_default_pvid(struct net_bridge *br, u16 pvid)
 731 {
 732         const struct net_bridge_vlan *pvent;
 733         struct net_bridge_port *p;
 734         u16 old_pvid;
 735         int err = 0;
 736         unsigned long *changed;
 737
 738         if (!pvid) {
 739                 br_vlan_disable_default_pvid(br);
 740                 return 0;
 741         }
 742
 743         changed = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long),
 744                           GFP_KERNEL);
 745         if (!changed)
 746                 return -ENOMEM;
 747
 748         old_pvid = br->default_pvid;
 749
 750         /* Update default_pvid config only if we do not conflict with
 751          * user configuration.
 752          */
 753         pvent = br_vlan_find(br->vlgrp, pvid);
 754         if ((!old_pvid || vlan_default_pvid(br->vlgrp, old_pvid)) &&
 755             (!pvent || !br_vlan_should_use(pvent))) {
 756                 err = br_vlan_add(br, pvid,
 757                                   BRIDGE_VLAN_INFO_PVID |
 758                                   BRIDGE_VLAN_INFO_UNTAGGED |
 759                                   BRIDGE_VLAN_INFO_BRENTRY);
 760                 if (err)
 761                         goto out;
 762                 br_vlan_delete(br, old_pvid);
 763                 set_bit(0, changed);
 764         }
 765
 766         list_for_each_entry(p, &br->port_list, list) {
 767                 /* Update default_pvid config only if we do not conflict with
 768                  * user configuration.
 769                  */
 770                 if ((old_pvid &&
 771                      !vlan_default_pvid(p->vlgrp, old_pvid)) ||
 772                     br_vlan_find(p->vlgrp, pvid))
 773                         continue;
 774
 775                 err = nbp_vlan_add(p, pvid,
 776                                    BRIDGE_VLAN_INFO_PVID |
 777                                    BRIDGE_VLAN_INFO_UNTAGGED);
 778                 if (err)
 779                         goto err_port;
 780                 nbp_vlan_delete(p, old_pvid);
 781                 set_bit(p->port_no, changed);
 782         }
 783
 784         br->default_pvid = pvid;
 785
 786 out:
 787         kfree(changed);
 788         return err;
 789
 790 err_port:
 791         list_for_each_entry_continue_reverse(p, &br->port_list, list) {
 792                 if (!test_bit(p->port_no, changed))
 793                         continue;
 794
 795                 if (old_pvid)
 796                         nbp_vlan_add(p, old_pvid,
 797                                      BRIDGE_VLAN_INFO_PVID |
 798                                      BRIDGE_VLAN_INFO_UNTAGGED);
 799                 nbp_vlan_delete(p, pvid);
 800         }
 801
 802         if (test_bit(0, changed)) {
 803                 if (old_pvid)
 804                         br_vlan_add(br, old_pvid,
 805                                     BRIDGE_VLAN_INFO_PVID |
 806                                     BRIDGE_VLAN_INFO_UNTAGGED |
 807                                     BRIDGE_VLAN_INFO_BRENTRY);
 808                 br_vlan_delete(br, pvid);
 809         }
 810         goto out;
 811 }
 812
 813 int br_vlan_set_default_pvid(struct net_bridge *br, unsigned long val)
 814 {
 815         u16 pvid = val;
 816         int err = 0;
 817
 818         if (val >= VLAN_VID_MASK)
 819                 return -EINVAL;
 820
 821         if (!rtnl_trylock())
 822                 return restart_syscall();
 823
 824         if (pvid == br->default_pvid)
 825                 goto unlock;
 826
 827         /* Only allow default pvid change when filtering is disabled */
 828         if (br->vlan_enabled) {
 829                 pr_info_once("Please disable vlan filtering to change default_pvid\n");
 830                 err = -EPERM;
 831                 goto unlock;
 832         }
 833         err = __br_vlan_set_default_pvid(br, pvid);
 834 unlock:
 835         rtnl_unlock();
 836         return err;
 837 }
 838
 839 int br_vlan_init(struct net_bridge *br)
 840 {
 841         int ret = -ENOMEM;
 842
 843         br->vlgrp = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL);
 844         if (!br->vlgrp)
 845                 goto out;
 846         ret = rhashtable_init(&br->vlgrp->vlan_hash, &br_vlan_rht_params);
 847         if (ret)
 848                 goto err_rhtbl;
 849         INIT_LIST_HEAD(&br->vlgrp->vlan_list);
 850         br->vlan_proto = htons(ETH_P_8021Q);
 851         br->default_pvid = 1;
 852         ret = br_vlan_add(br, 1,
 853                           BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED |
 854                           BRIDGE_VLAN_INFO_BRENTRY);
 855         if (ret)
 856                 goto err_vlan_add;
 857
 858 out:
 859         return ret;
 860
 861 err_vlan_add:
 862         rhashtable_destroy(&br->vlgrp->vlan_hash);
 863 err_rhtbl:
 864         kfree(br->vlgrp);
 865
 866         goto out;
 867 }
 868
 869 int nbp_vlan_init(struct net_bridge_port *p)
 870 {
 871         struct net_bridge_vlan_group *vg;
 872         int ret = -ENOMEM;
 873
 874         vg = kzalloc(sizeof(struct net_bridge_vlan_group), GFP_KERNEL);
 875         if (!vg)
 876                 goto out;
 877
 878         ret = rhashtable_init(&vg->vlan_hash, &br_vlan_rht_params);
 879         if (ret)
 880                 goto err_rhtbl;
 881         INIT_LIST_HEAD(&vg->vlan_list);
 882         /* Make sure everything's committed before publishing vg */
 883         smp_wmb();
 884         p->vlgrp = vg;
 885         if (p->br->default_pvid) {
 886                 ret = nbp_vlan_add(p, p->br->default_pvid,
 887                                    BRIDGE_VLAN_INFO_PVID |
 888                                    BRIDGE_VLAN_INFO_UNTAGGED);
 889                 if (ret)
 890                         goto err_vlan_add;
 891         }
 892 out:
 893         return ret;
 894
 895 err_vlan_add:
 896         rhashtable_destroy(&vg->vlan_hash);
 897 err_rhtbl:
 898         kfree(vg);
 899
 900         goto out;
 901 }
 902
 903 /* Must be protected by RTNL.
 904  * Must be called with vid in range from 1 to 4094 inclusive.
 905  */
 906 int nbp_vlan_add(struct net_bridge_port *port, u16 vid, u16 flags)
 907 {
 908         struct net_bridge_vlan *vlan;
 909         int ret;
 910
 911         ASSERT_RTNL();
 912
 913         vlan = br_vlan_find(port->vlgrp, vid);
 914         if (vlan) {
 915                 __vlan_add_flags(vlan, flags);
 916                 return 0;
 917         }
 918
 919         vlan = kzalloc(sizeof(*vlan), GFP_KERNEL);
 920         if (!vlan)
 921                 return -ENOMEM;
 922
 923         vlan->vid = vid;
 924         vlan->port = port;
 925         ret = __vlan_add(vlan, flags);
 926         if (ret)
 927                 kfree(vlan);
 928
 929         return ret;
 930 }
 931
 932 /* Must be protected by RTNL.
 933  * Must be called with vid in range from 1 to 4094 inclusive.
 934  */
 935 int nbp_vlan_delete(struct net_bridge_port *port, u16 vid)
 936 {
 937         struct net_bridge_vlan *v;
 938
 939         ASSERT_RTNL();
 940
 941         v = br_vlan_find(port->vlgrp, vid);
 942         if (!v)
 943                 return -ENOENT;
 944         br_fdb_find_delete_local(port->br, port, port->dev->dev_addr, vid);
 945         br_fdb_delete_by_port(port->br, port, vid, 0);
 946
 947         return __vlan_del(v);
 948 }
 949
 950 void nbp_vlan_flush(struct net_bridge_port *port)
 951 {
 952         struct net_bridge_vlan *vlan;
 953
 954         ASSERT_RTNL();
 955
 956         list_for_each_entry(vlan, &port->vlgrp->vlan_list, vlist)
 957                 vlan_vid_del(port->dev, port->br->vlan_proto, vlan->vid);
 958
 959         __vlan_flush(nbp_vlan_group(port));
 960 }