net: dsa: convert denying bridge VLAN with existing 8021q upper to PRECHANGEUPPER
authorVladimir Oltean <vladimir.oltean@nxp.com>
Mon, 21 Sep 2020 00:10:26 +0000 (03:10 +0300)
committerDavid S. Miller <davem@davemloft.net>
Mon, 21 Sep 2020 02:01:33 +0000 (19:01 -0700)
This is checking for the following order of operations, and makes sure
to deny that configuration:

ip link add link swp2 name swp2.100 type vlan id 100
ip link add br0 type bridge vlan_filtering 1
ip link set swp2 master br0
bridge vlan add dev swp2 vid 100

Instead of using vlan_for_each(), which looks at the VLAN filters
installed with vlan_vid_add(), just track the 8021q uppers. This has the
advantage of freeing up the vlan_vid_add() call for actual VLAN
filtering.

There is another change in this patch. The check is moved in slave.c,
from switch.c. I don't think it makes sense to have this 8021q upper
check for each switch port that gets notified of that VLAN addition
(these include DSA links and CPU ports, we know those can't have 8021q
uppers because they don't have a net_device registered for them), so
just do it in slave.c, for that one slave interface.

Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/dsa/slave.c
net/dsa/switch.c

index 43763b22fbefaca2f2af8729551663110f4a1f96..89f03fde760e9276b8d37b8da4061aa32fdfdfde 100644 (file)
@@ -303,6 +303,28 @@ static int dsa_slave_port_attr_set(struct net_device *dev,
        return ret;
 }
 
+/* Must be called under rcu_read_lock() */
+static int
+dsa_slave_vlan_check_for_8021q_uppers(struct net_device *slave,
+                                     const struct switchdev_obj_port_vlan *vlan)
+{
+       struct net_device *upper_dev;
+       struct list_head *iter;
+
+       netdev_for_each_upper_dev_rcu(slave, upper_dev, iter) {
+               u16 vid;
+
+               if (!is_vlan_dev(upper_dev))
+                       continue;
+
+               vid = vlan_dev_vlan_id(upper_dev);
+               if (vid >= vlan->vid_begin && vid <= vlan->vid_end)
+                       return -EBUSY;
+       }
+
+       return 0;
+}
+
 static int dsa_slave_vlan_add(struct net_device *dev,
                              const struct switchdev_obj *obj,
                              struct switchdev_trans *trans)
@@ -319,6 +341,17 @@ static int dsa_slave_vlan_add(struct net_device *dev,
 
        vlan = *SWITCHDEV_OBJ_PORT_VLAN(obj);
 
+       /* Deny adding a bridge VLAN when there is already an 802.1Q upper with
+        * the same VID.
+        */
+       if (trans->ph_prepare) {
+               rcu_read_lock();
+               err = dsa_slave_vlan_check_for_8021q_uppers(dev, &vlan);
+               rcu_read_unlock();
+               if (err)
+                       return err;
+       }
+
        err = dsa_port_vlan_add(dp, &vlan, trans);
        if (err)
                return err;
index 86c8dc5c32a03881bd36999a77a070f70af8bceb..9afef6f0f9dfc3feb52270cd5698d2d86a37c6bb 100644 (file)
@@ -232,43 +232,6 @@ static int dsa_switch_mdb_del(struct dsa_switch *ds,
        return 0;
 }
 
-static int dsa_port_vlan_device_check(struct net_device *vlan_dev,
-                                     int vlan_dev_vid,
-                                     void *arg)
-{
-       struct switchdev_obj_port_vlan *vlan = arg;
-       u16 vid;
-
-       for (vid = vlan->vid_begin; vid <= vlan->vid_end; ++vid) {
-               if (vid == vlan_dev_vid)
-                       return -EBUSY;
-       }
-
-       return 0;
-}
-
-static int dsa_port_vlan_check(struct dsa_switch *ds, int port,
-                              const struct switchdev_obj_port_vlan *vlan)
-{
-       const struct dsa_port *dp = dsa_to_port(ds, port);
-       int err = 0;
-
-       /* Device is not bridged, let it proceed with the VLAN device
-        * creation.
-        */
-       if (!dp->bridge_dev)
-               return err;
-
-       /* dsa_slave_vlan_rx_{add,kill}_vid() cannot use the prepare phase and
-        * already checks whether there is an overlapping bridge VLAN entry
-        * with the same VID, so here we only need to check that if we are
-        * adding a bridge VLAN entry there is not an overlapping VLAN device
-        * claiming that VID.
-        */
-       return vlan_for_each(dp->slave, dsa_port_vlan_device_check,
-                            (void *)vlan);
-}
-
 static bool dsa_switch_vlan_match(struct dsa_switch *ds, int port,
                                  struct dsa_notifier_vlan_info *info)
 {
@@ -291,10 +254,6 @@ static int dsa_switch_vlan_prepare(struct dsa_switch *ds,
 
        for (port = 0; port < ds->num_ports; port++) {
                if (dsa_switch_vlan_match(ds, port, info)) {
-                       err = dsa_port_vlan_check(ds, port, info->vlan);
-                       if (err)
-                               return err;
-
                        err = ds->ops->port_vlan_prepare(ds, port, info->vlan);
                        if (err)
                                return err;