kernel/linux.git/net/bridge/br_vlan.c, branch linux-4.20.y

net: bridge: fix vlan stats use-after-free on destruction

2018-11-18T05:38:44+00:00

Syzbot reported a use-after-free of the global vlan context on port vlan destruction. When I added per-port vlan stats I missed the fact that the global vlan context can be freed before the per-port vlan rcu callback. There're a few different ways to deal with this, I've chosen to add a new private flag that is set only when per-port stats are allocated so we can directly check it on destruction without dereferencing the global context at all. The new field in net_bridge_vlan uses a hole. v2: cosmetic change, move the check to br_process_vlan_info where the other checks are done v3: add change log in the patch, add private (in-kernel only) flags in a hole in net_bridge_vlan struct and use that instead of mixing user-space flags with private flags Fixes: 9163a0fc1f0c ("net: bridge: add support for per-port vlan stats") Reported-by: syzbot+04681da557a0e49a52e5@syzkaller.appspotmail.com Signed-off-by: Nikolay Aleksandrov Signed-off-by: David S. Miller

net: bridge: fix a possible memory leak in __vlan_add

2018-10-16T05:53:52+00:00

After per-port vlan stats, vlan stats should be released when fail to add vlan Fixes: 9163a0fc1f0c0 ("net: bridge: add support for per-port vlan stats") CC: bridge@lists.linux-foundation.org cc: Nikolay Aleksandrov CC: Roopa Prabhu Signed-off-by: Zhang Yu Signed-off-by: Li RongQing Signed-off-by: Nikolay Aleksandrov Signed-off-by: David S. Miller

net: bridge: add support for per-port vlan stats

2018-10-12T17:18:58+00:00

This patch adds an option to have per-port vlan stats instead of the default global stats. The option can be set only when there are no port vlans in the bridge since we need to allocate the stats if it is set when vlans are being added to ports (and respectively free them when being deleted). Also bump RTNL_MAX_TYPE as the bridge is the largest user of options. The current stats design allows us to add these without any changes to the fast-path, it all comes down to the per-vlan stats pointer which, if this option is enabled, will be allocated for each port vlan instead of using the global bridge-wide one. CC: bridge@lists.linux-foundation.org CC: Roopa Prabhu Signed-off-by: Nikolay Aleksandrov Signed-off-by: David S. Miller

net: bridge: convert group_addr_set option to a bit

2018-09-26T17:04:23+00:00

Convert group_addr_set internal bridge opt to a bit. Signed-off-by: Nikolay Aleksandrov Reviewed-by: Stephen Hemminger Signed-off-by: David S. Miller

net: bridge: add bitfield for options and convert vlan opts

2018-09-26T17:04:22+00:00

Bridge options have usually been added as separate fields all over the net_bridge struct taking up space and ending up in different cache lines. Let's move them to a single bitfield to save up space and speedup lookups. This patch adds a simple API for option modifying and retrieving using bitops and converts the first user of the API - the bridge vlan options (vlan_enabled and vlan_stats_enabled). Signed-off-by: Nikolay Aleksandrov Reviewed-by: Stephen Hemminger Signed-off-by: David S. Miller

bridge: Switch to bitmap_zalloc()

2018-09-01T06:13:04+00:00

Switch to bitmap_zalloc() to show clearly what we are allocating. Besides that it returns pointer of bitmap type instead of opaque void *. Signed-off-by: Andy Shevchenko Signed-off-by: David S. Miller

net: bridge: Notify about bridge VLANs

2018-05-31T18:13:44+00:00

A driver might need to react to changes in settings of brentry VLANs. Therefore send switchdev port notifications for these as well. Reuse SWITCHDEV_OBJ_ID_PORT_VLAN for this purpose. Listeners should use netif_is_bridge_master() on orig_dev to determine whether the notification is about a bridge port or a bridge. Signed-off-by: Petr Machata Reviewed-by: Nikolay Aleksandrov Signed-off-by: David S. Miller

net: bridge: Extract br_vlan_add_existing()

2018-05-31T18:13:43+00:00

Extract the code that deals with adding a preexisting VLAN to bridge CPU port to a separate function. A follow-up patch introduces a need to roll back operations in this block due to an error, and this split will make the error-handling code clearer. Signed-off-by: Petr Machata Reviewed-by: Nikolay Aleksandrov Signed-off-by: David S. Miller

net: bridge: Extract boilerplate around switchdev_port_obj_*()

2018-05-31T18:13:42+00:00

A call to switchdev_port_obj_add() or switchdev_port_obj_del() involves initializing a struct switchdev_obj_port_vlan, a piece of code that repeats on each call site almost verbatim. While in the current codebase there is just one duplicated add call, the follow-up patches add more of both add and del calls. Thus to remove the duplication, extract the repetition into named functions and reuse. Signed-off-by: Petr Machata Reviewed-by: Vivien Didelot Reviewed-by: Nikolay Aleksandrov Signed-off-by: David S. Miller

net: bridge: Allow bridge master in br_vlan_get_info()

2018-05-10T21:50:51+00:00

Mirroring offload in mlxsw needs to check that a given VLAN is allowed to ingress the bridge device. br_vlan_get_info() is the function that is used for this, however currently it only supports bridge port devices. Extend it to support bridge masters as well. Signed-off-by: Petr Machata Signed-off-by: Ido Schimmel Acked-by: Nikolay Aleksandrov Signed-off-by: David S. Miller