1
// SPDX-License-Identifier: GPL-2.0-or-later
2
/*
3
 *	Forwarding database
4
 *	Linux ethernet bridge
5
 *
6
 *	Authors:
7
 *	Lennert Buytenhek		<[email protected]>
8
 */
9

10
#include <linux/kernel.h>
11
#include <linux/init.h>
12
#include <linux/rculist.h>
13
#include <linux/spinlock.h>
14
#include <linux/times.h>
15
#include <linux/netdevice.h>
16
#include <linux/etherdevice.h>
17
#include <linux/jhash.h>
18
#include <linux/random.h>
19
#include <linux/slab.h>
20
#include <linux/atomic.h>
21
#include <linux/unaligned.h>
22
#include <linux/if_vlan.h>
23
#include <net/switchdev.h>
24
#include <trace/events/bridge.h>
25
#include "br_private.h"
26

27
static const struct rhashtable_params br_fdb_rht_params = {
28
	.head_offset = offsetof(struct net_bridge_fdb_entry, rhnode),
29
	.key_offset = offsetof(struct net_bridge_fdb_entry, key),
30
	.key_len = sizeof(struct net_bridge_fdb_key),
31
	.automatic_shrinking = true,
32
};
33

34
static struct kmem_cache *br_fdb_cache __read_mostly;
35

36
int __init br_fdb_init(void)
37
{
38
	br_fdb_cache = KMEM_CACHE(net_bridge_fdb_entry, SLAB_HWCACHE_ALIGN);
39
	if (!br_fdb_cache)
40
		return -ENOMEM;
41

42
	return 0;
43
}
44

45
void br_fdb_fini(void)
46
{
47
	kmem_cache_destroy(br_fdb_cache);
48
}
49

50
int br_fdb_hash_init(struct net_bridge *br)
51
{
52
	return rhashtable_init(&br->fdb_hash_tbl, &br_fdb_rht_params);
53
}
54

55
void br_fdb_hash_fini(struct net_bridge *br)
56
{
57
	rhashtable_destroy(&br->fdb_hash_tbl);
58
}
59

60
/* if topology_changing then use forward_delay (default 15 sec)
61
 * otherwise keep longer (default 5 minutes)
62
 */
63
static inline unsigned long hold_time(const struct net_bridge *br)
64
{
65
	return br->topology_change ? br->forward_delay : br->ageing_time;
66
}
67

68
static inline int has_expired(const struct net_bridge *br,
69
				  const struct net_bridge_fdb_entry *fdb)
70
{
71
	return !test_bit(BR_FDB_STATIC, &fdb->flags) &&
72
	       !test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &fdb->flags) &&
73
	       time_before_eq(fdb->updated + hold_time(br), jiffies);
74
}
75

76
static int fdb_to_nud(const struct net_bridge *br,
77
		      const struct net_bridge_fdb_entry *fdb)
78
{
79
	if (test_bit(BR_FDB_LOCAL, &fdb->flags))
80
		return NUD_PERMANENT;
81
	else if (test_bit(BR_FDB_STATIC, &fdb->flags))
82
		return NUD_NOARP;
83
	else if (has_expired(br, fdb))
84
		return NUD_STALE;
85
	else
86
		return NUD_REACHABLE;
87
}
88

89
static int fdb_fill_info(struct sk_buff *skb, const struct net_bridge *br,
90
			 const struct net_bridge_fdb_entry *fdb,
91
			 u32 portid, u32 seq, int type, unsigned int flags)
92
{
93
	const struct net_bridge_port *dst = READ_ONCE(fdb->dst);
94
	unsigned long now = jiffies;
95
	struct nda_cacheinfo ci;
96
	struct nlmsghdr *nlh;
97
	struct ndmsg *ndm;
98
	u32 ext_flags = 0;
99

100
	nlh = nlmsg_put(skb, portid, seq, type, sizeof(*ndm), flags);
101
	if (nlh == NULL)
102
		return -EMSGSIZE;
103

104
	ndm = nlmsg_data(nlh);
105
	ndm->ndm_family	 = AF_BRIDGE;
106
	ndm->ndm_pad1    = 0;
107
	ndm->ndm_pad2    = 0;
108
	ndm->ndm_flags	 = 0;
109
	ndm->ndm_type	 = 0;
110
	ndm->ndm_ifindex = dst ? dst->dev->ifindex : br->dev->ifindex;
111
	ndm->ndm_state   = fdb_to_nud(br, fdb);
112

113
	if (test_bit(BR_FDB_OFFLOADED, &fdb->flags))
114
		ndm->ndm_flags |= NTF_OFFLOADED;
115
	if (test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &fdb->flags))
116
		ndm->ndm_flags |= NTF_EXT_LEARNED;
117
	if (test_bit(BR_FDB_STICKY, &fdb->flags))
118
		ndm->ndm_flags |= NTF_STICKY;
119
	if (test_bit(BR_FDB_LOCKED, &fdb->flags))
120
		ext_flags |= NTF_EXT_LOCKED;
121

122
	if (nla_put(skb, NDA_LLADDR, ETH_ALEN, &fdb->key.addr))
123
		goto nla_put_failure;
124
	if (nla_put_u32(skb, NDA_MASTER, br->dev->ifindex))
125
		goto nla_put_failure;
126
	if (nla_put_u32(skb, NDA_FLAGS_EXT, ext_flags))
127
		goto nla_put_failure;
128

129
	ci.ndm_used	 = jiffies_to_clock_t(now - fdb->used);
130
	ci.ndm_confirmed = 0;
131
	ci.ndm_updated	 = jiffies_to_clock_t(now - fdb->updated);
132
	ci.ndm_refcnt	 = 0;
133
	if (nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
134
		goto nla_put_failure;
135

136
	if (fdb->key.vlan_id && nla_put(skb, NDA_VLAN, sizeof(u16),
137
					&fdb->key.vlan_id))
138
		goto nla_put_failure;
139

140
	if (test_bit(BR_FDB_NOTIFY, &fdb->flags)) {
141
		struct nlattr *nest = nla_nest_start(skb, NDA_FDB_EXT_ATTRS);
142
		u8 notify_bits = FDB_NOTIFY_BIT;
143

144
		if (!nest)
145
			goto nla_put_failure;
146
		if (test_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags))
147
			notify_bits |= FDB_NOTIFY_INACTIVE_BIT;
148

149
		if (nla_put_u8(skb, NFEA_ACTIVITY_NOTIFY, notify_bits)) {
150
			nla_nest_cancel(skb, nest);
151
			goto nla_put_failure;
152
		}
153

154
		nla_nest_end(skb, nest);
155
	}
156

157
	nlmsg_end(skb, nlh);
158
	return 0;
159

160
nla_put_failure:
161
	nlmsg_cancel(skb, nlh);
162
	return -EMSGSIZE;
163
}
164

165
static inline size_t fdb_nlmsg_size(void)
166
{
167
	return NLMSG_ALIGN(sizeof(struct ndmsg))
168
		+ nla_total_size(ETH_ALEN) /* NDA_LLADDR */
169
		+ nla_total_size(sizeof(u32)) /* NDA_MASTER */
170
		+ nla_total_size(sizeof(u32)) /* NDA_FLAGS_EXT */
171
		+ nla_total_size(sizeof(u16)) /* NDA_VLAN */
172
		+ nla_total_size(sizeof(struct nda_cacheinfo))
173
		+ nla_total_size(0) /* NDA_FDB_EXT_ATTRS */
174
		+ nla_total_size(sizeof(u8)); /* NFEA_ACTIVITY_NOTIFY */
175
}
176

177
static void fdb_notify(struct net_bridge *br,
178
		       const struct net_bridge_fdb_entry *fdb, int type,
179
		       bool swdev_notify)
180
{
181
	struct net *net = dev_net(br->dev);
182
	struct sk_buff *skb;
183
	int err = -ENOBUFS;
184

185
	if (swdev_notify)
186
		br_switchdev_fdb_notify(br, fdb, type);
187

188
	skb = nlmsg_new(fdb_nlmsg_size(), GFP_ATOMIC);
189
	if (skb == NULL)
190
		goto errout;
191

192
	err = fdb_fill_info(skb, br, fdb, 0, 0, type, 0);
193
	if (err < 0) {
194
		/* -EMSGSIZE implies BUG in fdb_nlmsg_size() */
195
		WARN_ON(err == -EMSGSIZE);
196
		kfree_skb(skb);
197
		goto errout;
198
	}
199
	rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
200
	return;
201
errout:
202
	rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
203
}
204

205
static struct net_bridge_fdb_entry *fdb_find_rcu(struct rhashtable *tbl,
206
						 const unsigned char *addr,
207
						 __u16 vid)
208
{
209
	struct net_bridge_fdb_key key;
210

211
	WARN_ON_ONCE(!rcu_read_lock_held());
212

213
	key.vlan_id = vid;
214
	memcpy(key.addr.addr, addr, sizeof(key.addr.addr));
215

216
	return rhashtable_lookup(tbl, &key, br_fdb_rht_params);
217
}
218

219
/* requires bridge hash_lock */
220
static struct net_bridge_fdb_entry *br_fdb_find(struct net_bridge *br,
221
						const unsigned char *addr,
222
						__u16 vid)
223
{
224
	struct net_bridge_fdb_entry *fdb;
225

226
	lockdep_assert_held_once(&br->hash_lock);
227

228
	rcu_read_lock();
229
	fdb = fdb_find_rcu(&br->fdb_hash_tbl, addr, vid);
230
	rcu_read_unlock();
231

232
	return fdb;
233
}
234

235
struct net_device *br_fdb_find_port(const struct net_device *br_dev,
236
				    const unsigned char *addr,
237
				    __u16 vid)
238
{
239
	struct net_bridge_fdb_entry *f;
240
	struct net_device *dev = NULL;
241
	struct net_bridge *br;
242

243
	ASSERT_RTNL();
244

245
	if (!netif_is_bridge_master(br_dev))
246
		return NULL;
247

248
	br = netdev_priv(br_dev);
249
	rcu_read_lock();
250
	f = br_fdb_find_rcu(br, addr, vid);
251
	if (f && f->dst)
252
		dev = f->dst->dev;
253
	rcu_read_unlock();
254

255
	return dev;
256
}
257
EXPORT_SYMBOL_GPL(br_fdb_find_port);
258

259
struct net_bridge_fdb_entry *br_fdb_find_rcu(struct net_bridge *br,
260
					     const unsigned char *addr,
261
					     __u16 vid)
262
{
263
	return fdb_find_rcu(&br->fdb_hash_tbl, addr, vid);
264
}
265

266
/* When a static FDB entry is added, the mac address from the entry is
267
 * added to the bridge private HW address list and all required ports
268
 * are then updated with the new information.
269
 * Called under RTNL.
270
 */
271
static void fdb_add_hw_addr(struct net_bridge *br, const unsigned char *addr)
272
{
273
	int err;
274
	struct net_bridge_port *p;
275

276
	ASSERT_RTNL();
277

278
	list_for_each_entry(p, &br->port_list, list) {
279
		if (!br_promisc_port(p)) {
280
			err = dev_uc_add(p->dev, addr);
281
			if (err)
282
				goto undo;
283
		}
284
	}
285

286
	return;
287
undo:
288
	list_for_each_entry_continue_reverse(p, &br->port_list, list) {
289
		if (!br_promisc_port(p))
290
			dev_uc_del(p->dev, addr);
291
	}
292
}
293

294
/* When a static FDB entry is deleted, the HW address from that entry is
295
 * also removed from the bridge private HW address list and updates all
296
 * the ports with needed information.
297
 * Called under RTNL.
298
 */
299
static void fdb_del_hw_addr(struct net_bridge *br, const unsigned char *addr)
300
{
301
	struct net_bridge_port *p;
302

303
	ASSERT_RTNL();
304

305
	list_for_each_entry(p, &br->port_list, list) {
306
		if (!br_promisc_port(p))
307
			dev_uc_del(p->dev, addr);
308
	}
309
}
310

311
static void fdb_delete(struct net_bridge *br, struct net_bridge_fdb_entry *f,
312
		       bool swdev_notify)
313
{
314
	trace_fdb_delete(br, f);
315

316
	if (test_bit(BR_FDB_STATIC, &f->flags))
317
		fdb_del_hw_addr(br, f->key.addr.addr);
318

319
	hlist_del_init_rcu(&f->fdb_node);
320
	rhashtable_remove_fast(&br->fdb_hash_tbl, &f->rhnode,
321
			       br_fdb_rht_params);
322
	if (test_and_clear_bit(BR_FDB_DYNAMIC_LEARNED, &f->flags))
323
		atomic_dec(&br->fdb_n_learned);
324
	fdb_notify(br, f, RTM_DELNEIGH, swdev_notify);
325
	kfree_rcu(f, rcu);
326
}
327

328
/* Delete a local entry if no other port had the same address.
329
 *
330
 * This function should only be called on entries with BR_FDB_LOCAL set,
331
 * so even with BR_FDB_ADDED_BY_USER cleared we never need to increase
332
 * the accounting for dynamically learned entries again.
333
 */
334
static void fdb_delete_local(struct net_bridge *br,
335
			     const struct net_bridge_port *p,
336
			     struct net_bridge_fdb_entry *f)
337
{
338
	const unsigned char *addr = f->key.addr.addr;
339
	struct net_bridge_vlan_group *vg;
340
	const struct net_bridge_vlan *v;
341
	struct net_bridge_port *op;
342
	u16 vid = f->key.vlan_id;
343

344
	/* Maybe another port has same hw addr? */
345
	list_for_each_entry(op, &br->port_list, list) {
346
		vg = nbp_vlan_group(op);
347
		if (op != p && ether_addr_equal(op->dev->dev_addr, addr) &&
348
		    (!vid || br_vlan_find(vg, vid))) {
349
			f->dst = op;
350
			clear_bit(BR_FDB_ADDED_BY_USER, &f->flags);
351
			return;
352
		}
353
	}
354

355
	vg = br_vlan_group(br);
356
	v = br_vlan_find(vg, vid);
357
	/* Maybe bridge device has same hw addr? */
358
	if (p && ether_addr_equal(br->dev->dev_addr, addr) &&
359
	    (!vid || (v && br_vlan_should_use(v)))) {
360
		f->dst = NULL;
361
		clear_bit(BR_FDB_ADDED_BY_USER, &f->flags);
362
		return;
363
	}
364

365
	fdb_delete(br, f, true);
366
}
367

368
void br_fdb_find_delete_local(struct net_bridge *br,
369
			      const struct net_bridge_port *p,
370
			      const unsigned char *addr, u16 vid)
371
{
372
	struct net_bridge_fdb_entry *f;
373

374
	spin_lock_bh(&br->hash_lock);
375
	f = br_fdb_find(br, addr, vid);
376
	if (f && test_bit(BR_FDB_LOCAL, &f->flags) &&
377
	    !test_bit(BR_FDB_ADDED_BY_USER, &f->flags) && f->dst == p)
378
		fdb_delete_local(br, p, f);
379
	spin_unlock_bh(&br->hash_lock);
380
}
381

382
static struct net_bridge_fdb_entry *fdb_create(struct net_bridge *br,
383
					       struct net_bridge_port *source,
384
					       const unsigned char *addr,
385
					       __u16 vid,
386
					       unsigned long flags)
387
{
388
	bool learned = !test_bit(BR_FDB_ADDED_BY_USER, &flags) &&
389
		       !test_bit(BR_FDB_LOCAL, &flags);
390
	u32 max_learned = READ_ONCE(br->fdb_max_learned);
391
	struct net_bridge_fdb_entry *fdb;
392
	int err;
393

394
	if (likely(learned)) {
395
		int n_learned = atomic_read(&br->fdb_n_learned);
396

397
		if (unlikely(max_learned && n_learned >= max_learned))
398
			return NULL;
399
		__set_bit(BR_FDB_DYNAMIC_LEARNED, &flags);
400
	}
401

402
	fdb = kmem_cache_alloc(br_fdb_cache, GFP_ATOMIC);
403
	if (!fdb)
404
		return NULL;
405

406
	memcpy(fdb->key.addr.addr, addr, ETH_ALEN);
407
	WRITE_ONCE(fdb->dst, source);
408
	fdb->key.vlan_id = vid;
409
	fdb->flags = flags;
410
	fdb->updated = fdb->used = jiffies;
411
	err = rhashtable_lookup_insert_fast(&br->fdb_hash_tbl, &fdb->rhnode,
412
					    br_fdb_rht_params);
413
	if (err) {
414
		kmem_cache_free(br_fdb_cache, fdb);
415
		return NULL;
416
	}
417

418
	if (likely(learned))
419
		atomic_inc(&br->fdb_n_learned);
420

421
	hlist_add_head_rcu(&fdb->fdb_node, &br->fdb_list);
422

423
	return fdb;
424
}
425

426
static int fdb_add_local(struct net_bridge *br, struct net_bridge_port *source,
427
			 const unsigned char *addr, u16 vid)
428
{
429
	struct net_bridge_fdb_entry *fdb;
430

431
	if (!is_valid_ether_addr(addr))
432
		return -EINVAL;
433

434
	fdb = br_fdb_find(br, addr, vid);
435
	if (fdb) {
436
		/* it is okay to have multiple ports with same
437
		 * address, just use the first one.
438
		 */
439
		if (test_bit(BR_FDB_LOCAL, &fdb->flags))
440
			return 0;
441
		br_warn(br, "adding interface %s with same address as a received packet (addr:%pM, vlan:%u)\n",
442
			source ? source->dev->name : br->dev->name, addr, vid);
443
		fdb_delete(br, fdb, true);
444
	}
445

446
	fdb = fdb_create(br, source, addr, vid,
447
			 BIT(BR_FDB_LOCAL) | BIT(BR_FDB_STATIC));
448
	if (!fdb)
449
		return -ENOMEM;
450

451
	fdb_add_hw_addr(br, addr);
452
	fdb_notify(br, fdb, RTM_NEWNEIGH, true);
453
	return 0;
454
}
455

456
void br_fdb_changeaddr(struct net_bridge_port *p, const unsigned char *newaddr)
457
{
458
	struct net_bridge_vlan_group *vg;
459
	struct net_bridge_fdb_entry *f;
460
	struct net_bridge *br = p->br;
461
	struct net_bridge_vlan *v;
462

463
	spin_lock_bh(&br->hash_lock);
464
	vg = nbp_vlan_group(p);
465
	hlist_for_each_entry(f, &br->fdb_list, fdb_node) {
466
		if (f->dst == p && test_bit(BR_FDB_LOCAL, &f->flags) &&
467
		    !test_bit(BR_FDB_ADDED_BY_USER, &f->flags)) {
468
			/* delete old one */
469
			fdb_delete_local(br, p, f);
470

471
			/* if this port has no vlan information
472
			 * configured, we can safely be done at
473
			 * this point.
474
			 */
475
			if (!vg || !vg->num_vlans)
476
				goto insert;
477
		}
478
	}
479

480
insert:
481
	/* insert new address,  may fail if invalid address or dup. */
482
	fdb_add_local(br, p, newaddr, 0);
483

484
	if (!vg || !vg->num_vlans)
485
		goto done;
486

487
	/* Now add entries for every VLAN configured on the port.
488
	 * This function runs under RTNL so the bitmap will not change
489
	 * from under us.
490
	 */
491
	list_for_each_entry(v, &vg->vlan_list, vlist)
492
		fdb_add_local(br, p, newaddr, v->vid);
493

494
done:
495
	spin_unlock_bh(&br->hash_lock);
496
}
497

498
void br_fdb_change_mac_address(struct net_bridge *br, const u8 *newaddr)
499
{
500
	struct net_bridge_vlan_group *vg;
501
	struct net_bridge_fdb_entry *f;
502
	struct net_bridge_vlan *v;
503

504
	spin_lock_bh(&br->hash_lock);
505

506
	/* If old entry was unassociated with any port, then delete it. */
507
	f = br_fdb_find(br, br->dev->dev_addr, 0);
508
	if (f && test_bit(BR_FDB_LOCAL, &f->flags) &&
509
	    !f->dst && !test_bit(BR_FDB_ADDED_BY_USER, &f->flags))
510
		fdb_delete_local(br, NULL, f);
511

512
	fdb_add_local(br, NULL, newaddr, 0);
513
	vg = br_vlan_group(br);
514
	if (!vg || !vg->num_vlans)
515
		goto out;
516
	/* Now remove and add entries for every VLAN configured on the
517
	 * bridge.  This function runs under RTNL so the bitmap will not
518
	 * change from under us.
519
	 */
520
	list_for_each_entry(v, &vg->vlan_list, vlist) {
521
		if (!br_vlan_should_use(v))
522
			continue;
523
		f = br_fdb_find(br, br->dev->dev_addr, v->vid);
524
		if (f && test_bit(BR_FDB_LOCAL, &f->flags) &&
525
		    !f->dst && !test_bit(BR_FDB_ADDED_BY_USER, &f->flags))
526
			fdb_delete_local(br, NULL, f);
527
		fdb_add_local(br, NULL, newaddr, v->vid);
528
	}
529
out:
530
	spin_unlock_bh(&br->hash_lock);
531
}
532

533
void br_fdb_cleanup(struct work_struct *work)
534
{
535
	struct net_bridge *br = container_of(work, struct net_bridge,
536
					     gc_work.work);
537
	struct net_bridge_fdb_entry *f = NULL;
538
	unsigned long delay = hold_time(br);
539
	unsigned long work_delay = delay;
540
	unsigned long now = jiffies;
541

542
	/* this part is tricky, in order to avoid blocking learning and
543
	 * consequently forwarding, we rely on rcu to delete objects with
544
	 * delayed freeing allowing us to continue traversing
545
	 */
546
	rcu_read_lock();
547
	hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) {
548
		unsigned long this_timer = f->updated + delay;
549

550
		if (test_bit(BR_FDB_STATIC, &f->flags) ||
551
		    test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &f->flags)) {
552
			if (test_bit(BR_FDB_NOTIFY, &f->flags)) {
553
				if (time_after(this_timer, now))
554
					work_delay = min(work_delay,
555
							 this_timer - now);
556
				else if (!test_and_set_bit(BR_FDB_NOTIFY_INACTIVE,
557
							   &f->flags))
558
					fdb_notify(br, f, RTM_NEWNEIGH, false);
559
			}
560
			continue;
561
		}
562

563
		if (time_after(this_timer, now)) {
564
			work_delay = min(work_delay, this_timer - now);
565
		} else {
566
			spin_lock_bh(&br->hash_lock);
567
			if (!hlist_unhashed(&f->fdb_node))
568
				fdb_delete(br, f, true);
569
			spin_unlock_bh(&br->hash_lock);
570
		}
571
	}
572
	rcu_read_unlock();
573

574
	/* Cleanup minimum 10 milliseconds apart */
575
	work_delay = max_t(unsigned long, work_delay, msecs_to_jiffies(10));
576
	mod_delayed_work(system_long_wq, &br->gc_work, work_delay);
577
}
578

579
static bool __fdb_flush_matches(const struct net_bridge *br,
580
				const struct net_bridge_fdb_entry *f,
581
				const struct net_bridge_fdb_flush_desc *desc)
582
{
583
	const struct net_bridge_port *dst = READ_ONCE(f->dst);
584
	int port_ifidx = dst ? dst->dev->ifindex : br->dev->ifindex;
585

586
	if (desc->vlan_id && desc->vlan_id != f->key.vlan_id)
587
		return false;
588
	if (desc->port_ifindex && desc->port_ifindex != port_ifidx)
589
		return false;
590
	if (desc->flags_mask && (f->flags & desc->flags_mask) != desc->flags)
591
		return false;
592

593
	return true;
594
}
595

596
/* Flush forwarding database entries matching the description */
597
void br_fdb_flush(struct net_bridge *br,
598
		  const struct net_bridge_fdb_flush_desc *desc)
599
{
600
	struct net_bridge_fdb_entry *f;
601

602
	rcu_read_lock();
603
	hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) {
604
		if (!__fdb_flush_matches(br, f, desc))
605
			continue;
606

607
		spin_lock_bh(&br->hash_lock);
608
		if (!hlist_unhashed(&f->fdb_node))
609
			fdb_delete(br, f, true);
610
		spin_unlock_bh(&br->hash_lock);
611
	}
612
	rcu_read_unlock();
613
}
614

615
static unsigned long __ndm_state_to_fdb_flags(u16 ndm_state)
616
{
617
	unsigned long flags = 0;
618

619
	if (ndm_state & NUD_PERMANENT)
620
		__set_bit(BR_FDB_LOCAL, &flags);
621
	if (ndm_state & NUD_NOARP)
622
		__set_bit(BR_FDB_STATIC, &flags);
623

624
	return flags;
625
}
626

627
static unsigned long __ndm_flags_to_fdb_flags(u8 ndm_flags)
628
{
629
	unsigned long flags = 0;
630

631
	if (ndm_flags & NTF_USE)
632
		__set_bit(BR_FDB_ADDED_BY_USER, &flags);
633
	if (ndm_flags & NTF_EXT_LEARNED)
634
		__set_bit(BR_FDB_ADDED_BY_EXT_LEARN, &flags);
635
	if (ndm_flags & NTF_OFFLOADED)
636
		__set_bit(BR_FDB_OFFLOADED, &flags);
637
	if (ndm_flags & NTF_STICKY)
638
		__set_bit(BR_FDB_STICKY, &flags);
639

640
	return flags;
641
}
642

643
static int __fdb_flush_validate_ifindex(const struct net_bridge *br,
644
					int ifindex,
645
					struct netlink_ext_ack *extack)
646
{
647
	const struct net_device *dev;
648

649
	dev = __dev_get_by_index(dev_net(br->dev), ifindex);
650
	if (!dev) {
651
		NL_SET_ERR_MSG_MOD(extack, "Unknown flush device ifindex");
652
		return -ENODEV;
653
	}
654
	if (!netif_is_bridge_master(dev) && !netif_is_bridge_port(dev)) {
655
		NL_SET_ERR_MSG_MOD(extack, "Flush device is not a bridge or bridge port");
656
		return -EINVAL;
657
	}
658
	if (netif_is_bridge_master(dev) && dev != br->dev) {
659
		NL_SET_ERR_MSG_MOD(extack,
660
				   "Flush bridge device does not match target bridge device");
661
		return -EINVAL;
662
	}
663
	if (netif_is_bridge_port(dev)) {
664
		struct net_bridge_port *p = br_port_get_rtnl(dev);
665

666
		if (p->br != br) {
667
			NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge device");
668
			return -EINVAL;
669
		}
670
	}
671

672
	return 0;
673
}
674

675
static const struct nla_policy br_fdb_del_bulk_policy[NDA_MAX + 1] = {
676
	[NDA_VLAN]	= NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
677
	[NDA_IFINDEX]	= NLA_POLICY_MIN(NLA_S32, 1),
678
	[NDA_NDM_STATE_MASK]	= { .type = NLA_U16 },
679
	[NDA_NDM_FLAGS_MASK]	= { .type = NLA_U8 },
680
};
681

682
int br_fdb_delete_bulk(struct nlmsghdr *nlh, struct net_device *dev,
683
		       struct netlink_ext_ack *extack)
684
{
685
	struct net_bridge_fdb_flush_desc desc = {};
686
	struct ndmsg *ndm = nlmsg_data(nlh);
687
	struct net_bridge_port *p = NULL;
688
	struct nlattr *tb[NDA_MAX + 1];
689
	struct net_bridge *br;
690
	u8 ndm_flags;
691
	int err;
692

693
	ndm_flags = ndm->ndm_flags & ~FDB_FLUSH_IGNORED_NDM_FLAGS;
694

695
	err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX,
696
			  br_fdb_del_bulk_policy, extack);
697
	if (err)
698
		return err;
699

700
	if (netif_is_bridge_master(dev)) {
701
		br = netdev_priv(dev);
702
	} else {
703
		p = br_port_get_rtnl(dev);
704
		if (!p) {
705
			NL_SET_ERR_MSG_MOD(extack, "Device is not a bridge port");
706
			return -EINVAL;
707
		}
708
		br = p->br;
709
	}
710

711
	if (tb[NDA_VLAN])
712
		desc.vlan_id = nla_get_u16(tb[NDA_VLAN]);
713

714
	if (ndm_flags & ~FDB_FLUSH_ALLOWED_NDM_FLAGS) {
715
		NL_SET_ERR_MSG(extack, "Unsupported fdb flush ndm flag bits set");
716
		return -EINVAL;
717
	}
718
	if (ndm->ndm_state & ~FDB_FLUSH_ALLOWED_NDM_STATES) {
719
		NL_SET_ERR_MSG(extack, "Unsupported fdb flush ndm state bits set");
720
		return -EINVAL;
721
	}
722

723
	desc.flags |= __ndm_state_to_fdb_flags(ndm->ndm_state);
724
	desc.flags |= __ndm_flags_to_fdb_flags(ndm_flags);
725
	if (tb[NDA_NDM_STATE_MASK]) {
726
		u16 ndm_state_mask = nla_get_u16(tb[NDA_NDM_STATE_MASK]);
727

728
		desc.flags_mask |= __ndm_state_to_fdb_flags(ndm_state_mask);
729
	}
730
	if (tb[NDA_NDM_FLAGS_MASK]) {
731
		u8 ndm_flags_mask = nla_get_u8(tb[NDA_NDM_FLAGS_MASK]);
732

733
		desc.flags_mask |= __ndm_flags_to_fdb_flags(ndm_flags_mask);
734
	}
735
	if (tb[NDA_IFINDEX]) {
736
		int ifidx = nla_get_s32(tb[NDA_IFINDEX]);
737

738
		err = __fdb_flush_validate_ifindex(br, ifidx, extack);
739
		if (err)
740
			return err;
741
		desc.port_ifindex = ifidx;
742
	} else if (p) {
743
		/* flush was invoked with port device and NTF_MASTER */
744
		desc.port_ifindex = p->dev->ifindex;
745
	}
746

747
	br_debug(br, "flushing port ifindex: %d vlan id: %u flags: 0x%lx flags mask: 0x%lx\n",
748
		 desc.port_ifindex, desc.vlan_id, desc.flags, desc.flags_mask);
749

750
	br_fdb_flush(br, &desc);
751

752
	return 0;
753
}
754

755
/* Flush all entries referring to a specific port.
756
 * if do_all is set also flush static entries
757
 * if vid is set delete all entries that match the vlan_id
758
 */
759
void br_fdb_delete_by_port(struct net_bridge *br,
760
			   const struct net_bridge_port *p,
761
			   u16 vid,
762
			   int do_all)
763
{
764
	struct net_bridge_fdb_entry *f;
765
	struct hlist_node *tmp;
766

767
	spin_lock_bh(&br->hash_lock);
768
	hlist_for_each_entry_safe(f, tmp, &br->fdb_list, fdb_node) {
769
		if (f->dst != p)
770
			continue;
771

772
		if (!do_all)
773
			if (test_bit(BR_FDB_STATIC, &f->flags) ||
774
			    (test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &f->flags) &&
775
			     !test_bit(BR_FDB_OFFLOADED, &f->flags)) ||
776
			    (vid && f->key.vlan_id != vid))
777
				continue;
778

779
		if (test_bit(BR_FDB_LOCAL, &f->flags))
780
			fdb_delete_local(br, p, f);
781
		else
782
			fdb_delete(br, f, true);
783
	}
784
	spin_unlock_bh(&br->hash_lock);
785
}
786

787
#if IS_ENABLED(CONFIG_ATM_LANE)
788
/* Interface used by ATM LANE hook to test
789
 * if an addr is on some other bridge port */
790
int br_fdb_test_addr(struct net_device *dev, unsigned char *addr)
791
{
792
	struct net_bridge_fdb_entry *fdb;
793
	struct net_bridge_port *port;
794
	int ret;
795

796
	rcu_read_lock();
797
	port = br_port_get_rcu(dev);
798
	if (!port)
799
		ret = 0;
800
	else {
801
		const struct net_bridge_port *dst = NULL;
802

803
		fdb = br_fdb_find_rcu(port->br, addr, 0);
804
		if (fdb)
805
			dst = READ_ONCE(fdb->dst);
806

807
		ret = dst && dst->dev != dev &&
808
		      dst->state == BR_STATE_FORWARDING;
809
	}
810
	rcu_read_unlock();
811

812
	return ret;
813
}
814
#endif /* CONFIG_ATM_LANE */
815

816
/*
817
 * Fill buffer with forwarding table records in
818
 * the API format.
819
 */
820
int br_fdb_fillbuf(struct net_bridge *br, void *buf,
821
		   unsigned long maxnum, unsigned long skip)
822
{
823
	struct net_bridge_fdb_entry *f;
824
	struct __fdb_entry *fe = buf;
825
	int num = 0;
826

827
	memset(buf, 0, maxnum*sizeof(struct __fdb_entry));
828

829
	rcu_read_lock();
830
	hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) {
831
		if (num >= maxnum)
832
			break;
833

834
		if (has_expired(br, f))
835
			continue;
836

837
		/* ignore pseudo entry for local MAC address */
838
		if (!f->dst)
839
			continue;
840

841
		if (skip) {
842
			--skip;
843
			continue;
844
		}
845

846
		/* convert from internal format to API */
847
		memcpy(fe->mac_addr, f->key.addr.addr, ETH_ALEN);
848

849
		/* due to ABI compat need to split into hi/lo */
850
		fe->port_no = f->dst->port_no;
851
		fe->port_hi = f->dst->port_no >> 8;
852

853
		fe->is_local = test_bit(BR_FDB_LOCAL, &f->flags);
854
		if (!test_bit(BR_FDB_STATIC, &f->flags))
855
			fe->ageing_timer_value = jiffies_delta_to_clock_t(jiffies - f->updated);
856
		++fe;
857
		++num;
858
	}
859
	rcu_read_unlock();
860

861
	return num;
862
}
863

864
/* Add entry for local address of interface */
865
int br_fdb_add_local(struct net_bridge *br, struct net_bridge_port *source,
866
		     const unsigned char *addr, u16 vid)
867
{
868
	int ret;
869

870
	spin_lock_bh(&br->hash_lock);
871
	ret = fdb_add_local(br, source, addr, vid);
872
	spin_unlock_bh(&br->hash_lock);
873
	return ret;
874
}
875

876
/* returns true if the fdb was modified */
877
static bool __fdb_mark_active(struct net_bridge_fdb_entry *fdb)
878
{
879
	return !!(test_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags) &&
880
		  test_and_clear_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags));
881
}
882

883
void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source,
884
		   const unsigned char *addr, u16 vid, unsigned long flags)
885
{
886
	struct net_bridge_fdb_entry *fdb;
887

888
	/* some users want to always flood. */
889
	if (hold_time(br) == 0)
890
		return;
891

892
	fdb = fdb_find_rcu(&br->fdb_hash_tbl, addr, vid);
893
	if (likely(fdb)) {
894
		/* attempt to update an entry for a local interface */
895
		if (unlikely(test_bit(BR_FDB_LOCAL, &fdb->flags))) {
896
			if (net_ratelimit())
897
				br_warn(br, "received packet on %s with own address as source address (addr:%pM, vlan:%u)\n",
898
					source->dev->name, addr, vid);
899
		} else {
900
			unsigned long now = jiffies;
901
			bool fdb_modified = false;
902

903
			if (now != fdb->updated) {
904
				fdb->updated = now;
905
				fdb_modified = __fdb_mark_active(fdb);
906
			}
907

908
			/* fastpath: update of existing entry */
909
			if (unlikely(source != READ_ONCE(fdb->dst) &&
910
				     !test_bit(BR_FDB_STICKY, &fdb->flags))) {
911
				br_switchdev_fdb_notify(br, fdb, RTM_DELNEIGH);
912
				WRITE_ONCE(fdb->dst, source);
913
				fdb_modified = true;
914
				/* Take over HW learned entry */
915
				if (unlikely(test_bit(BR_FDB_ADDED_BY_EXT_LEARN,
916
						      &fdb->flags)))
917
					clear_bit(BR_FDB_ADDED_BY_EXT_LEARN,
918
						  &fdb->flags);
919
				/* Clear locked flag when roaming to an
920
				 * unlocked port.
921
				 */
922
				if (unlikely(test_bit(BR_FDB_LOCKED, &fdb->flags)))
923
					clear_bit(BR_FDB_LOCKED, &fdb->flags);
924
			}
925

926
			if (unlikely(test_bit(BR_FDB_ADDED_BY_USER, &flags))) {
927
				set_bit(BR_FDB_ADDED_BY_USER, &fdb->flags);
928
				if (test_and_clear_bit(BR_FDB_DYNAMIC_LEARNED,
929
						       &fdb->flags))
930
					atomic_dec(&br->fdb_n_learned);
931
			}
932
			if (unlikely(fdb_modified)) {
933
				trace_br_fdb_update(br, source, addr, vid, flags);
934
				fdb_notify(br, fdb, RTM_NEWNEIGH, true);
935
			}
936
		}
937
	} else {
938
		spin_lock(&br->hash_lock);
939
		fdb = fdb_create(br, source, addr, vid, flags);
940
		if (fdb) {
941
			trace_br_fdb_update(br, source, addr, vid, flags);
942
			fdb_notify(br, fdb, RTM_NEWNEIGH, true);
943
		}
944
		/* else  we lose race and someone else inserts
945
		 * it first, don't bother updating
946
		 */
947
		spin_unlock(&br->hash_lock);
948
	}
949
}
950

951
/* Dump information about entries, in response to GETNEIGH */
952
int br_fdb_dump(struct sk_buff *skb,
953
		struct netlink_callback *cb,
954
		struct net_device *dev,
955
		struct net_device *filter_dev,
956
		int *idx)
957
{
958
	struct ndo_fdb_dump_context *ctx = (void *)cb->ctx;
959
	struct net_bridge *br = netdev_priv(dev);
960
	struct net_bridge_fdb_entry *f;
961
	int err = 0;
962

963
	if (!netif_is_bridge_master(dev))
964
		return err;
965

966
	if (!filter_dev) {
967
		err = ndo_dflt_fdb_dump(skb, cb, dev, NULL, idx);
968
		if (err < 0)
969
			return err;
970
	}
971

972
	rcu_read_lock();
973
	hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) {
974
		if (*idx < ctx->fdb_idx)
975
			goto skip;
976
		if (filter_dev && (!f->dst || f->dst->dev != filter_dev)) {
977
			if (filter_dev != dev)
978
				goto skip;
979
			/* !f->dst is a special case for bridge
980
			 * It means the MAC belongs to the bridge
981
			 * Therefore need a little more filtering
982
			 * we only want to dump the !f->dst case
983
			 */
984
			if (f->dst)
985
				goto skip;
986
		}
987
		if (!filter_dev && f->dst)
988
			goto skip;
989

990
		err = fdb_fill_info(skb, br, f,
991
				    NETLINK_CB(cb->skb).portid,
992
				    cb->nlh->nlmsg_seq,
993
				    RTM_NEWNEIGH,
994
				    NLM_F_MULTI);
995
		if (err < 0)
996
			break;
997
skip:
998
		*idx += 1;
999
	}
1000
	rcu_read_unlock();
1001

1002
	return err;
1003
}
1004

1005
int br_fdb_get(struct sk_buff *skb,
1006
	       struct nlattr *tb[],
1007
	       struct net_device *dev,
1008
	       const unsigned char *addr,
1009
	       u16 vid, u32 portid, u32 seq,
1010
	       struct netlink_ext_ack *extack)
1011
{
1012
	struct net_bridge *br = netdev_priv(dev);
1013
	struct net_bridge_fdb_entry *f;
1014
	int err = 0;
1015

1016
	rcu_read_lock();
1017
	f = br_fdb_find_rcu(br, addr, vid);
1018
	if (!f) {
1019
		NL_SET_ERR_MSG(extack, "Fdb entry not found");
1020
		err = -ENOENT;
1021
		goto errout;
1022
	}
1023

1024
	err = fdb_fill_info(skb, br, f, portid, seq,
1025
			    RTM_NEWNEIGH, 0);
1026
errout:
1027
	rcu_read_unlock();
1028
	return err;
1029
}
1030

1031
/* returns true if the fdb is modified */
1032
static bool fdb_handle_notify(struct net_bridge_fdb_entry *fdb, u8 notify)
1033
{
1034
	bool modified = false;
1035

1036
	/* allow to mark an entry as inactive, usually done on creation */
1037
	if ((notify & FDB_NOTIFY_INACTIVE_BIT) &&
1038
	    !test_and_set_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags))
1039
		modified = true;
1040

1041
	if ((notify & FDB_NOTIFY_BIT) &&
1042
	    !test_and_set_bit(BR_FDB_NOTIFY, &fdb->flags)) {
1043
		/* enabled activity tracking */
1044
		modified = true;
1045
	} else if (!(notify & FDB_NOTIFY_BIT) &&
1046
		   test_and_clear_bit(BR_FDB_NOTIFY, &fdb->flags)) {
1047
		/* disabled activity tracking, clear notify state */
1048
		clear_bit(BR_FDB_NOTIFY_INACTIVE, &fdb->flags);
1049
		modified = true;
1050
	}
1051

1052
	return modified;
1053
}
1054

1055
/* Update (create or replace) forwarding database entry */
1056
static int fdb_add_entry(struct net_bridge *br, struct net_bridge_port *source,
1057
			 const u8 *addr, struct ndmsg *ndm, u16 flags, u16 vid,
1058
			 struct nlattr *nfea_tb[])
1059
{
1060
	bool is_sticky = !!(ndm->ndm_flags & NTF_STICKY);
1061
	bool refresh = !nfea_tb[NFEA_DONT_REFRESH];
1062
	struct net_bridge_fdb_entry *fdb;
1063
	u16 state = ndm->ndm_state;
1064
	bool modified = false;
1065
	u8 notify = 0;
1066

1067
	/* If the port cannot learn allow only local and static entries */
1068
	if (source && !(state & NUD_PERMANENT) && !(state & NUD_NOARP) &&
1069
	    !(source->state == BR_STATE_LEARNING ||
1070
	      source->state == BR_STATE_FORWARDING))
1071
		return -EPERM;
1072

1073
	if (!source && !(state & NUD_PERMANENT)) {
1074
		pr_info("bridge: RTM_NEWNEIGH %s without NUD_PERMANENT\n",
1075
			br->dev->name);
1076
		return -EINVAL;
1077
	}
1078

1079
	if (is_sticky && (state & NUD_PERMANENT))
1080
		return -EINVAL;
1081

1082
	if (nfea_tb[NFEA_ACTIVITY_NOTIFY]) {
1083
		notify = nla_get_u8(nfea_tb[NFEA_ACTIVITY_NOTIFY]);
1084
		if ((notify & ~BR_FDB_NOTIFY_SETTABLE_BITS) ||
1085
		    (notify & BR_FDB_NOTIFY_SETTABLE_BITS) == FDB_NOTIFY_INACTIVE_BIT)
1086
			return -EINVAL;
1087
	}
1088

1089
	fdb = br_fdb_find(br, addr, vid);
1090
	if (fdb == NULL) {
1091
		if (!(flags & NLM_F_CREATE))
1092
			return -ENOENT;
1093

1094
		fdb = fdb_create(br, source, addr, vid,
1095
				 BIT(BR_FDB_ADDED_BY_USER));
1096
		if (!fdb)
1097
			return -ENOMEM;
1098

1099
		modified = true;
1100
	} else {
1101
		if (flags & NLM_F_EXCL)
1102
			return -EEXIST;
1103

1104
		if (READ_ONCE(fdb->dst) != source) {
1105
			WRITE_ONCE(fdb->dst, source);
1106
			modified = true;
1107
		}
1108

1109
		set_bit(BR_FDB_ADDED_BY_USER, &fdb->flags);
1110
		if (test_and_clear_bit(BR_FDB_DYNAMIC_LEARNED, &fdb->flags))
1111
			atomic_dec(&br->fdb_n_learned);
1112
	}
1113

1114
	if (fdb_to_nud(br, fdb) != state) {
1115
		if (state & NUD_PERMANENT) {
1116
			set_bit(BR_FDB_LOCAL, &fdb->flags);
1117
			if (!test_and_set_bit(BR_FDB_STATIC, &fdb->flags))
1118
				fdb_add_hw_addr(br, addr);
1119
		} else if (state & NUD_NOARP) {
1120
			clear_bit(BR_FDB_LOCAL, &fdb->flags);
1121
			if (!test_and_set_bit(BR_FDB_STATIC, &fdb->flags))
1122
				fdb_add_hw_addr(br, addr);
1123
		} else {
1124
			clear_bit(BR_FDB_LOCAL, &fdb->flags);
1125
			if (test_and_clear_bit(BR_FDB_STATIC, &fdb->flags))
1126
				fdb_del_hw_addr(br, addr);
1127
		}
1128

1129
		modified = true;
1130
	}
1131

1132
	if (is_sticky != test_bit(BR_FDB_STICKY, &fdb->flags)) {
1133
		change_bit(BR_FDB_STICKY, &fdb->flags);
1134
		modified = true;
1135
	}
1136

1137
	if (test_and_clear_bit(BR_FDB_LOCKED, &fdb->flags))
1138
		modified = true;
1139

1140
	if (fdb_handle_notify(fdb, notify))
1141
		modified = true;
1142

1143
	fdb->used = jiffies;
1144
	if (modified) {
1145
		if (refresh)
1146
			fdb->updated = jiffies;
1147
		fdb_notify(br, fdb, RTM_NEWNEIGH, true);
1148
	}
1149

1150
	return 0;
1151
}
1152

1153
static int __br_fdb_add(struct ndmsg *ndm, struct net_bridge *br,
1154
			struct net_bridge_port *p, const unsigned char *addr,
1155
			u16 nlh_flags, u16 vid, struct nlattr *nfea_tb[],
1156
			bool *notified, struct netlink_ext_ack *extack)
1157
{
1158
	int err = 0;
1159

1160
	if (ndm->ndm_flags & NTF_USE) {
1161
		if (!p) {
1162
			pr_info("bridge: RTM_NEWNEIGH %s with NTF_USE is not supported\n",
1163
				br->dev->name);
1164
			return -EINVAL;
1165
		}
1166
		if (!nbp_state_should_learn(p))
1167
			return 0;
1168

1169
		local_bh_disable();
1170
		rcu_read_lock();
1171
		br_fdb_update(br, p, addr, vid, BIT(BR_FDB_ADDED_BY_USER));
1172
		rcu_read_unlock();
1173
		local_bh_enable();
1174
	} else if (ndm->ndm_flags & NTF_EXT_LEARNED) {
1175
		if (!p && !(ndm->ndm_state & NUD_PERMANENT)) {
1176
			NL_SET_ERR_MSG_MOD(extack,
1177
					   "FDB entry towards bridge must be permanent");
1178
			return -EINVAL;
1179
		}
1180
		err = br_fdb_external_learn_add(br, p, addr, vid, false, true);
1181
	} else {
1182
		spin_lock_bh(&br->hash_lock);
1183
		err = fdb_add_entry(br, p, addr, ndm, nlh_flags, vid, nfea_tb);
1184
		spin_unlock_bh(&br->hash_lock);
1185
	}
1186

1187
	if (!err)
1188
		*notified = true;
1189
	return err;
1190
}
1191

1192
static const struct nla_policy br_nda_fdb_pol[NFEA_MAX + 1] = {
1193
	[NFEA_ACTIVITY_NOTIFY]	= { .type = NLA_U8 },
1194
	[NFEA_DONT_REFRESH]	= { .type = NLA_FLAG },
1195
};
1196

1197
/* Add new permanent fdb entry with RTM_NEWNEIGH */
1198
int br_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
1199
	       struct net_device *dev,
1200
	       const unsigned char *addr, u16 vid, u16 nlh_flags,
1201
	       bool *notified, struct netlink_ext_ack *extack)
1202
{
1203
	struct nlattr *nfea_tb[NFEA_MAX + 1], *attr;
1204
	struct net_bridge_vlan_group *vg;
1205
	struct net_bridge_port *p = NULL;
1206
	struct net_bridge_vlan *v;
1207
	struct net_bridge *br = NULL;
1208
	u32 ext_flags = 0;
1209
	int err = 0;
1210

1211
	trace_br_fdb_add(ndm, dev, addr, vid, nlh_flags);
1212

1213
	if (!(ndm->ndm_state & (NUD_PERMANENT|NUD_NOARP|NUD_REACHABLE))) {
1214
		pr_info("bridge: RTM_NEWNEIGH with invalid state %#x\n", ndm->ndm_state);
1215
		return -EINVAL;
1216
	}
1217

1218
	if (is_zero_ether_addr(addr)) {
1219
		pr_info("bridge: RTM_NEWNEIGH with invalid ether address\n");
1220
		return -EINVAL;
1221
	}
1222

1223
	if (netif_is_bridge_master(dev)) {
1224
		br = netdev_priv(dev);
1225
		vg = br_vlan_group(br);
1226
	} else {
1227
		p = br_port_get_rtnl(dev);
1228
		if (!p) {
1229
			pr_info("bridge: RTM_NEWNEIGH %s not a bridge port\n",
1230
				dev->name);
1231
			return -EINVAL;
1232
		}
1233
		br = p->br;
1234
		vg = nbp_vlan_group(p);
1235
	}
1236

1237
	if (tb[NDA_FLAGS_EXT])
1238
		ext_flags = nla_get_u32(tb[NDA_FLAGS_EXT]);
1239

1240
	if (ext_flags & NTF_EXT_LOCKED) {
1241
		NL_SET_ERR_MSG_MOD(extack, "Cannot add FDB entry with \"locked\" flag set");
1242
		return -EINVAL;
1243
	}
1244

1245
	if (tb[NDA_FDB_EXT_ATTRS]) {
1246
		attr = tb[NDA_FDB_EXT_ATTRS];
1247
		err = nla_parse_nested(nfea_tb, NFEA_MAX, attr,
1248
				       br_nda_fdb_pol, extack);
1249
		if (err)
1250
			return err;
1251
	} else {
1252
		memset(nfea_tb, 0, sizeof(struct nlattr *) * (NFEA_MAX + 1));
1253
	}
1254

1255
	if (vid) {
1256
		v = br_vlan_find(vg, vid);
1257
		if (!v || !br_vlan_should_use(v)) {
1258
			pr_info("bridge: RTM_NEWNEIGH with unconfigured vlan %d on %s\n", vid, dev->name);
1259
			return -EINVAL;
1260
		}
1261

1262
		/* VID was specified, so use it. */
1263
		err = __br_fdb_add(ndm, br, p, addr, nlh_flags, vid, nfea_tb,
1264
				   notified, extack);
1265
	} else {
1266
		err = __br_fdb_add(ndm, br, p, addr, nlh_flags, 0, nfea_tb,
1267
				   notified, extack);
1268
		if (err || !vg || !vg->num_vlans)
1269
			goto out;
1270

1271
		/* We have vlans configured on this port and user didn't
1272
		 * specify a VLAN.  To be nice, add/update entry for every
1273
		 * vlan on this port.
1274
		 */
1275
		list_for_each_entry(v, &vg->vlan_list, vlist) {
1276
			if (!br_vlan_should_use(v))
1277
				continue;
1278
			err = __br_fdb_add(ndm, br, p, addr, nlh_flags, v->vid,
1279
					   nfea_tb, notified, extack);
1280
			if (err)
1281
				goto out;
1282
		}
1283
	}
1284

1285
out:
1286
	return err;
1287
}
1288

1289
static int fdb_delete_by_addr_and_port(struct net_bridge *br,
1290
				       const struct net_bridge_port *p,
1291
				       const u8 *addr, u16 vlan, bool *notified)
1292
{
1293
	struct net_bridge_fdb_entry *fdb;
1294

1295
	fdb = br_fdb_find(br, addr, vlan);
1296
	if (!fdb || READ_ONCE(fdb->dst) != p)
1297
		return -ENOENT;
1298

1299
	fdb_delete(br, fdb, true);
1300
	*notified = true;
1301

1302
	return 0;
1303
}
1304

1305
static int __br_fdb_delete(struct net_bridge *br,
1306
			   const struct net_bridge_port *p,
1307
			   const unsigned char *addr, u16 vid, bool *notified)
1308
{
1309
	int err;
1310

1311
	spin_lock_bh(&br->hash_lock);
1312
	err = fdb_delete_by_addr_and_port(br, p, addr, vid, notified);
1313
	spin_unlock_bh(&br->hash_lock);
1314

1315
	return err;
1316
}
1317

1318
/* Remove neighbor entry with RTM_DELNEIGH */
1319
int br_fdb_delete(struct ndmsg *ndm, struct nlattr *tb[],
1320
		  struct net_device *dev,
1321
		  const unsigned char *addr, u16 vid, bool *notified,
1322
		  struct netlink_ext_ack *extack)
1323
{
1324
	struct net_bridge_vlan_group *vg;
1325
	struct net_bridge_port *p = NULL;
1326
	struct net_bridge *br;
1327
	int err;
1328

1329
	if (netif_is_bridge_master(dev)) {
1330
		br = netdev_priv(dev);
1331
		vg = br_vlan_group(br);
1332
	} else {
1333
		p = br_port_get_rtnl(dev);
1334
		if (!p) {
1335
			pr_info("bridge: RTM_DELNEIGH %s not a bridge port\n",
1336
				dev->name);
1337
			return -EINVAL;
1338
		}
1339
		vg = nbp_vlan_group(p);
1340
		br = p->br;
1341
	}
1342

1343
	if (vid) {
1344
		err = __br_fdb_delete(br, p, addr, vid, notified);
1345
	} else {
1346
		struct net_bridge_vlan *v;
1347

1348
		err = -ENOENT;
1349
		err &= __br_fdb_delete(br, p, addr, 0, notified);
1350
		if (!vg || !vg->num_vlans)
1351
			return err;
1352

1353
		list_for_each_entry(v, &vg->vlan_list, vlist) {
1354
			if (!br_vlan_should_use(v))
1355
				continue;
1356
			err &= __br_fdb_delete(br, p, addr, v->vid, notified);
1357
		}
1358
	}
1359

1360
	return err;
1361
}
1362

1363
int br_fdb_sync_static(struct net_bridge *br, struct net_bridge_port *p)
1364
{
1365
	struct net_bridge_fdb_entry *f, *tmp;
1366
	int err = 0;
1367

1368
	ASSERT_RTNL();
1369

1370
	/* the key here is that static entries change only under rtnl */
1371
	rcu_read_lock();
1372
	hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) {
1373
		/* We only care for static entries */
1374
		if (!test_bit(BR_FDB_STATIC, &f->flags))
1375
			continue;
1376
		err = dev_uc_add(p->dev, f->key.addr.addr);
1377
		if (err)
1378
			goto rollback;
1379
	}
1380
done:
1381
	rcu_read_unlock();
1382

1383
	return err;
1384

1385
rollback:
1386
	hlist_for_each_entry_rcu(tmp, &br->fdb_list, fdb_node) {
1387
		/* We only care for static entries */
1388
		if (!test_bit(BR_FDB_STATIC, &tmp->flags))
1389
			continue;
1390
		if (tmp == f)
1391
			break;
1392
		dev_uc_del(p->dev, tmp->key.addr.addr);
1393
	}
1394

1395
	goto done;
1396
}
1397

1398
void br_fdb_unsync_static(struct net_bridge *br, struct net_bridge_port *p)
1399
{
1400
	struct net_bridge_fdb_entry *f;
1401

1402
	ASSERT_RTNL();
1403

1404
	rcu_read_lock();
1405
	hlist_for_each_entry_rcu(f, &br->fdb_list, fdb_node) {
1406
		/* We only care for static entries */
1407
		if (!test_bit(BR_FDB_STATIC, &f->flags))
1408
			continue;
1409

1410
		dev_uc_del(p->dev, f->key.addr.addr);
1411
	}
1412
	rcu_read_unlock();
1413
}
1414

1415
int br_fdb_external_learn_add(struct net_bridge *br, struct net_bridge_port *p,
1416
			      const unsigned char *addr, u16 vid, bool locked,
1417
			      bool swdev_notify)
1418
{
1419
	struct net_bridge_fdb_entry *fdb;
1420
	bool modified = false;
1421
	int err = 0;
1422

1423
	trace_br_fdb_external_learn_add(br, p, addr, vid);
1424

1425
	if (locked && (!p || !(p->flags & BR_PORT_MAB)))
1426
		return -EINVAL;
1427

1428
	spin_lock_bh(&br->hash_lock);
1429

1430
	fdb = br_fdb_find(br, addr, vid);
1431
	if (!fdb) {
1432
		unsigned long flags = BIT(BR_FDB_ADDED_BY_EXT_LEARN);
1433

1434
		if (swdev_notify)
1435
			flags |= BIT(BR_FDB_ADDED_BY_USER);
1436

1437
		if (!p)
1438
			flags |= BIT(BR_FDB_LOCAL);
1439

1440
		if (locked)
1441
			flags |= BIT(BR_FDB_LOCKED);
1442

1443
		fdb = fdb_create(br, p, addr, vid, flags);
1444
		if (!fdb) {
1445
			err = -ENOMEM;
1446
			goto err_unlock;
1447
		}
1448
		fdb_notify(br, fdb, RTM_NEWNEIGH, swdev_notify);
1449
	} else {
1450
		if (locked &&
1451
		    (!test_bit(BR_FDB_LOCKED, &fdb->flags) ||
1452
		     READ_ONCE(fdb->dst) != p)) {
1453
			err = -EINVAL;
1454
			goto err_unlock;
1455
		}
1456

1457
		fdb->updated = jiffies;
1458

1459
		if (READ_ONCE(fdb->dst) != p) {
1460
			WRITE_ONCE(fdb->dst, p);
1461
			modified = true;
1462
		}
1463

1464
		if (test_and_set_bit(BR_FDB_ADDED_BY_EXT_LEARN, &fdb->flags)) {
1465
			/* Refresh entry */
1466
			fdb->used = jiffies;
1467
		} else {
1468
			modified = true;
1469
		}
1470

1471
		if (locked != test_bit(BR_FDB_LOCKED, &fdb->flags)) {
1472
			change_bit(BR_FDB_LOCKED, &fdb->flags);
1473
			modified = true;
1474
		}
1475

1476
		if (swdev_notify)
1477
			set_bit(BR_FDB_ADDED_BY_USER, &fdb->flags);
1478

1479
		if (!p)
1480
			set_bit(BR_FDB_LOCAL, &fdb->flags);
1481

1482
		if ((swdev_notify || !p) &&
1483
		    test_and_clear_bit(BR_FDB_DYNAMIC_LEARNED, &fdb->flags))
1484
			atomic_dec(&br->fdb_n_learned);
1485

1486
		if (modified)
1487
			fdb_notify(br, fdb, RTM_NEWNEIGH, swdev_notify);
1488
	}
1489

1490
err_unlock:
1491
	spin_unlock_bh(&br->hash_lock);
1492

1493
	return err;
1494
}
1495

1496
int br_fdb_external_learn_del(struct net_bridge *br, struct net_bridge_port *p,
1497
			      const unsigned char *addr, u16 vid,
1498
			      bool swdev_notify)
1499
{
1500
	struct net_bridge_fdb_entry *fdb;
1501
	int err = 0;
1502

1503
	spin_lock_bh(&br->hash_lock);
1504

1505
	fdb = br_fdb_find(br, addr, vid);
1506
	if (fdb && test_bit(BR_FDB_ADDED_BY_EXT_LEARN, &fdb->flags))
1507
		fdb_delete(br, fdb, swdev_notify);
1508
	else
1509
		err = -ENOENT;
1510

1511
	spin_unlock_bh(&br->hash_lock);
1512

1513
	return err;
1514
}
1515

1516
void br_fdb_offloaded_set(struct net_bridge *br, struct net_bridge_port *p,
1517
			  const unsigned char *addr, u16 vid, bool offloaded)
1518
{
1519
	struct net_bridge_fdb_entry *fdb;
1520

1521
	spin_lock_bh(&br->hash_lock);
1522

1523
	fdb = br_fdb_find(br, addr, vid);
1524
	if (fdb && offloaded != test_bit(BR_FDB_OFFLOADED, &fdb->flags))
1525
		change_bit(BR_FDB_OFFLOADED, &fdb->flags);
1526

1527
	spin_unlock_bh(&br->hash_lock);
1528
}
1529

1530
void br_fdb_clear_offload(const struct net_device *dev, u16 vid)
1531
{
1532
	struct net_bridge_fdb_entry *f;
1533
	struct net_bridge_port *p;
1534

1535
	ASSERT_RTNL();
1536

1537
	p = br_port_get_rtnl(dev);
1538
	if (!p)
1539
		return;
1540

1541
	spin_lock_bh(&p->br->hash_lock);
1542
	hlist_for_each_entry(f, &p->br->fdb_list, fdb_node) {
1543
		if (f->dst == p && f->key.vlan_id == vid)
1544
			clear_bit(BR_FDB_OFFLOADED, &f->flags);
1545
	}
1546
	spin_unlock_bh(&p->br->hash_lock);
1547
}
1548
EXPORT_SYMBOL_GPL(br_fdb_clear_offload);
1549

1550