Ido Schimmel
2022-Dec-05 07:42 UTC
[Bridge] [PATCH net-next 0/8] bridge: mcast: Preparations for EVPN extensions
This patchset was split from [1] and includes non-functional changes aimed at making it easier to add additional netlink attributes later on. Future extensions are available here [2]. The idea behind these patches is to create an MDB configuration structure into which netlink messages are parsed into. The structure is then passed in the entry creation / deletion call chain instead of passing the netlink attributes themselves. The same pattern is used by other rtnetlink objects such as routes and nexthops. I initially tried to extend the current code, but it proved to be too difficult, which is why I decided to refactor it to the extensible and familiar pattern used by other rtnetlink objects. Tested using existing selftests and using a new selftest that will be submitted together with the planned extensions. No changes since initial RFC. [1] https://lore.kernel.org/netdev/20221018120420.561846-1-idosch at nvidia.com/ [2] https://github.com/idosch/linux/commits/submit/mdb_v1 Ido Schimmel (8): bridge: mcast: Centralize netlink attribute parsing bridge: mcast: Remove redundant checks bridge: mcast: Use MDB configuration structure where possible bridge: mcast: Propagate MDB configuration structure further bridge: mcast: Use MDB group key from configuration structure bridge: mcast: Remove br_mdb_parse() bridge: mcast: Move checks out of critical section bridge: mcast: Remove redundant function arguments net/bridge/br_mdb.c | 312 +++++++++++++++++++--------------------- net/bridge/br_private.h | 7 + 2 files changed, 156 insertions(+), 163 deletions(-) -- 2.37.3
Ido Schimmel
2022-Dec-05 07:42 UTC
[Bridge] [PATCH net-next 1/8] bridge: mcast: Centralize netlink attribute parsing
Netlink attributes are currently passed deep in the MDB creation call
chain, making it difficult to add new attributes. In addition, some
validity checks are performed under the multicast lock although they can
be performed before it is ever acquired.
As a first step towards solving these issues, parse the RTM_{NEW,DEL}MDB
messages into a configuration structure, relieving other functions from
the need to handle raw netlink attributes.
Subsequent patches will convert the MDB code to use this configuration
structure.
This is consistent with how other rtnetlink objects are handled, such as
routes and nexthops.
Signed-off-by: Ido Schimmel <idosch at nvidia.com>
---
net/bridge/br_mdb.c | 120 ++++++++++++++++++++++++++++++++++++++++
net/bridge/br_private.h | 7 +++
2 files changed, 127 insertions(+)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 321be94c445a..c53050e47a0f 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -974,6 +974,116 @@ static int __br_mdb_add(struct net *net, struct net_bridge
*br,
return ret;
}
+static int br_mdb_config_attrs_init(struct nlattr *set_attrs,
+ struct br_mdb_config *cfg,
+ struct netlink_ext_ack *extack)
+{
+ struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1];
+ int err;
+
+ err = nla_parse_nested(mdb_attrs, MDBE_ATTR_MAX, set_attrs,
+ br_mdbe_attrs_pol, extack);
+ if (err)
+ return err;
+
+ if (mdb_attrs[MDBE_ATTR_SOURCE] &&
+ !is_valid_mdb_source(mdb_attrs[MDBE_ATTR_SOURCE],
+ cfg->entry->addr.proto, extack))
+ return -EINVAL;
+
+ __mdb_entry_to_br_ip(cfg->entry, &cfg->group, mdb_attrs);
+
+ return 0;
+}
+
+static int br_mdb_config_init(struct net *net, struct sk_buff *skb,
+ struct nlmsghdr *nlh, struct br_mdb_config *cfg,
+ struct netlink_ext_ack *extack)
+{
+ struct nlattr *tb[MDBA_SET_ENTRY_MAX + 1];
+ struct br_port_msg *bpm;
+ struct net_device *dev;
+ int err;
+
+ err = nlmsg_parse_deprecated(nlh, sizeof(*bpm), tb,
+ MDBA_SET_ENTRY_MAX, NULL, extack);
+ if (err)
+ return err;
+
+ memset(cfg, 0, sizeof(*cfg));
+
+ bpm = nlmsg_data(nlh);
+ if (!bpm->ifindex) {
+ NL_SET_ERR_MSG_MOD(extack, "Invalid bridge ifindex");
+ return -EINVAL;
+ }
+
+ dev = __dev_get_by_index(net, bpm->ifindex);
+ if (!dev) {
+ NL_SET_ERR_MSG_MOD(extack, "Bridge device doesn't exist");
+ return -ENODEV;
+ }
+
+ if (!netif_is_bridge_master(dev)) {
+ NL_SET_ERR_MSG_MOD(extack, "Device is not a bridge");
+ return -EOPNOTSUPP;
+ }
+
+ cfg->br = netdev_priv(dev);
+
+ if (!netif_running(cfg->br->dev)) {
+ NL_SET_ERR_MSG_MOD(extack, "Bridge device is not running");
+ return -EINVAL;
+ }
+
+ if (!br_opt_get(cfg->br, BROPT_MULTICAST_ENABLED)) {
+ NL_SET_ERR_MSG_MOD(extack, "Bridge's multicast processing is
disabled");
+ return -EINVAL;
+ }
+
+ if (NL_REQ_ATTR_CHECK(extack, NULL, tb, MDBA_SET_ENTRY)) {
+ NL_SET_ERR_MSG_MOD(extack, "Missing MDBA_SET_ENTRY attribute");
+ return -EINVAL;
+ }
+ if (nla_len(tb[MDBA_SET_ENTRY]) != sizeof(struct br_mdb_entry)) {
+ NL_SET_ERR_MSG_MOD(extack, "Invalid MDBA_SET_ENTRY attribute
length");
+ return -EINVAL;
+ }
+
+ cfg->entry = nla_data(tb[MDBA_SET_ENTRY]);
+ if (!is_valid_mdb_entry(cfg->entry, extack))
+ return -EINVAL;
+
+ if (cfg->entry->ifindex != cfg->br->dev->ifindex) {
+ struct net_device *pdev;
+
+ pdev = __dev_get_by_index(net, cfg->entry->ifindex);
+ if (!pdev) {
+ NL_SET_ERR_MSG_MOD(extack, "Port net device doesn't exist");
+ return -ENODEV;
+ }
+
+ cfg->p = br_port_get_rtnl(pdev);
+ if (!cfg->p) {
+ NL_SET_ERR_MSG_MOD(extack, "Net device is not a bridge port");
+ return -EINVAL;
+ }
+
+ if (cfg->p->br != cfg->br) {
+ NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge
device");
+ return -EINVAL;
+ }
+ }
+
+ if (tb[MDBA_SET_ENTRY_ATTRS])
+ return br_mdb_config_attrs_init(tb[MDBA_SET_ENTRY_ATTRS], cfg,
+ extack);
+ else
+ __mdb_entry_to_br_ip(cfg->entry, &cfg->group, NULL);
+
+ return 0;
+}
+
static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr *nlh,
struct netlink_ext_ack *extack)
{
@@ -984,9 +1094,14 @@ static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr
*nlh,
struct net_device *dev, *pdev;
struct br_mdb_entry *entry;
struct net_bridge_vlan *v;
+ struct br_mdb_config cfg;
struct net_bridge *br;
int err;
+ err = br_mdb_config_init(net, skb, nlh, &cfg, extack);
+ if (err)
+ return err;
+
err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack);
if (err < 0)
return err;
@@ -1101,9 +1216,14 @@ static int br_mdb_del(struct sk_buff *skb, struct
nlmsghdr *nlh,
struct net_device *dev, *pdev;
struct br_mdb_entry *entry;
struct net_bridge_vlan *v;
+ struct br_mdb_config cfg;
struct net_bridge *br;
int err;
+ err = br_mdb_config_init(net, skb, nlh, &cfg, extack);
+ if (err)
+ return err;
+
err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack);
if (err < 0)
return err;
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 4c4fda930068..0a09f10966dc 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -92,6 +92,13 @@ struct bridge_mcast_stats {
struct br_mcast_stats mstats;
struct u64_stats_sync syncp;
};
+
+struct br_mdb_config {
+ struct net_bridge *br;
+ struct net_bridge_port *p;
+ struct br_mdb_entry *entry;
+ struct br_ip group;
+};
#endif
/* net_bridge_mcast_port must be always defined due to forwarding stubs */
--
2.37.3
Ido Schimmel
2022-Dec-05 07:42 UTC
[Bridge] [PATCH net-next 2/8] bridge: mcast: Remove redundant checks
These checks are now redundant as they are performed by
br_mdb_config_init() while parsing the RTM_{NEW,DEL}MDB messages.
Remove them.
Signed-off-by: Ido Schimmel <idosch at nvidia.com>
---
net/bridge/br_mdb.c | 63 +++++++--------------------------------------
1 file changed, 9 insertions(+), 54 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index c53050e47a0f..68fd34161a40 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -1090,11 +1090,10 @@ static int br_mdb_add(struct sk_buff *skb, struct
nlmsghdr *nlh,
struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1];
struct net *net = sock_net(skb->sk);
struct net_bridge_vlan_group *vg;
- struct net_bridge_port *p = NULL;
- struct net_device *dev, *pdev;
struct br_mdb_entry *entry;
struct net_bridge_vlan *v;
struct br_mdb_config cfg;
+ struct net_device *dev;
struct net_bridge *br;
int err;
@@ -1108,38 +1107,12 @@ static int br_mdb_add(struct sk_buff *skb, struct
nlmsghdr *nlh,
br = netdev_priv(dev);
- if (!netif_running(br->dev)) {
- NL_SET_ERR_MSG_MOD(extack, "Bridge device is not running");
- return -EINVAL;
- }
-
- if (!br_opt_get(br, BROPT_MULTICAST_ENABLED)) {
- NL_SET_ERR_MSG_MOD(extack, "Bridge's multicast processing is
disabled");
- return -EINVAL;
- }
-
if (entry->ifindex != br->dev->ifindex) {
- pdev = __dev_get_by_index(net, entry->ifindex);
- if (!pdev) {
- NL_SET_ERR_MSG_MOD(extack, "Port net device doesn't exist");
- return -ENODEV;
- }
-
- p = br_port_get_rtnl(pdev);
- if (!p) {
- NL_SET_ERR_MSG_MOD(extack, "Net device is not a bridge port");
- return -EINVAL;
- }
-
- if (p->br != br) {
- NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge
device");
- return -EINVAL;
- }
- if (p->state == BR_STATE_DISABLED && entry->state !=
MDB_PERMANENT) {
+ if (cfg.p->state == BR_STATE_DISABLED && entry->state !=
MDB_PERMANENT) {
NL_SET_ERR_MSG_MOD(extack, "Port is in disabled state and entry is not
permanent");
return -EINVAL;
}
- vg = nbp_vlan_group(p);
+ vg = nbp_vlan_group(cfg.p);
} else {
vg = br_vlan_group(br);
}
@@ -1150,12 +1123,12 @@ static int br_mdb_add(struct sk_buff *skb, struct
nlmsghdr *nlh,
if (br_vlan_enabled(br->dev) && vg && entry->vid == 0) {
list_for_each_entry(v, &vg->vlan_list, vlist) {
entry->vid = v->vid;
- err = __br_mdb_add(net, br, p, entry, mdb_attrs, extack);
+ err = __br_mdb_add(net, br, cfg.p, entry, mdb_attrs, extack);
if (err)
break;
}
} else {
- err = __br_mdb_add(net, br, p, entry, mdb_attrs, extack);
+ err = __br_mdb_add(net, br, cfg.p, entry, mdb_attrs, extack);
}
return err;
@@ -1170,9 +1143,6 @@ static int __br_mdb_del(struct net_bridge *br, struct
br_mdb_entry *entry,
struct br_ip ip;
int err = -EINVAL;
- if (!netif_running(br->dev) || !br_opt_get(br, BROPT_MULTICAST_ENABLED))
- return -EINVAL;
-
__mdb_entry_to_br_ip(entry, &ip, mdb_attrs);
spin_lock_bh(&br->multicast_lock);
@@ -1212,11 +1182,10 @@ static int br_mdb_del(struct sk_buff *skb, struct
nlmsghdr *nlh,
struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1];
struct net *net = sock_net(skb->sk);
struct net_bridge_vlan_group *vg;
- struct net_bridge_port *p = NULL;
- struct net_device *dev, *pdev;
struct br_mdb_entry *entry;
struct net_bridge_vlan *v;
struct br_mdb_config cfg;
+ struct net_device *dev;
struct net_bridge *br;
int err;
@@ -1230,24 +1199,10 @@ static int br_mdb_del(struct sk_buff *skb, struct
nlmsghdr *nlh,
br = netdev_priv(dev);
- if (entry->ifindex != br->dev->ifindex) {
- pdev = __dev_get_by_index(net, entry->ifindex);
- if (!pdev)
- return -ENODEV;
-
- p = br_port_get_rtnl(pdev);
- if (!p) {
- NL_SET_ERR_MSG_MOD(extack, "Net device is not a bridge port");
- return -EINVAL;
- }
- if (p->br != br) {
- NL_SET_ERR_MSG_MOD(extack, "Port belongs to a different bridge
device");
- return -EINVAL;
- }
- vg = nbp_vlan_group(p);
- } else {
+ if (entry->ifindex != br->dev->ifindex)
+ vg = nbp_vlan_group(cfg.p);
+ else
vg = br_vlan_group(br);
- }
/* If vlan filtering is enabled and VLAN is not specified
* delete mdb entry on all vlans configured on the port.
--
2.37.3
Ido Schimmel
2022-Dec-05 07:42 UTC
[Bridge] [PATCH net-next 3/8] bridge: mcast: Use MDB configuration structure where possible
The MDB configuration structure (i.e., struct br_mdb_config) now
includes all the necessary information from the parsed RTM_{NEW,DEL}MDB
netlink messages, so use it.
This will later allow us to delete the calls to br_mdb_parse() from
br_mdb_add() and br_mdb_del().
No functional changes intended.
Signed-off-by: Ido Schimmel <idosch at nvidia.com>
---
net/bridge/br_mdb.c | 34 +++++++++++++++-------------------
1 file changed, 15 insertions(+), 19 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 68fd34161a40..cdc71516a51b 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -1094,7 +1094,6 @@ static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr
*nlh,
struct net_bridge_vlan *v;
struct br_mdb_config cfg;
struct net_device *dev;
- struct net_bridge *br;
int err;
err = br_mdb_config_init(net, skb, nlh, &cfg, extack);
@@ -1105,30 +1104,30 @@ static int br_mdb_add(struct sk_buff *skb, struct
nlmsghdr *nlh,
if (err < 0)
return err;
- br = netdev_priv(dev);
-
- if (entry->ifindex != br->dev->ifindex) {
- if (cfg.p->state == BR_STATE_DISABLED && entry->state !=
MDB_PERMANENT) {
+ if (cfg.p) {
+ if (cfg.p->state == BR_STATE_DISABLED && cfg.entry->state !=
MDB_PERMANENT) {
NL_SET_ERR_MSG_MOD(extack, "Port is in disabled state and entry is not
permanent");
return -EINVAL;
}
vg = nbp_vlan_group(cfg.p);
} else {
- vg = br_vlan_group(br);
+ vg = br_vlan_group(cfg.br);
}
/* If vlan filtering is enabled and VLAN is not specified
* install mdb entry on all vlans configured on the port.
*/
- if (br_vlan_enabled(br->dev) && vg && entry->vid == 0) {
+ if (br_vlan_enabled(cfg.br->dev) && vg && cfg.entry->vid
== 0) {
list_for_each_entry(v, &vg->vlan_list, vlist) {
- entry->vid = v->vid;
- err = __br_mdb_add(net, br, cfg.p, entry, mdb_attrs, extack);
+ cfg.entry->vid = v->vid;
+ err = __br_mdb_add(net, cfg.br, cfg.p, cfg.entry,
+ mdb_attrs, extack);
if (err)
break;
}
} else {
- err = __br_mdb_add(net, br, cfg.p, entry, mdb_attrs, extack);
+ err = __br_mdb_add(net, cfg.br, cfg.p, cfg.entry, mdb_attrs,
+ extack);
}
return err;
@@ -1186,7 +1185,6 @@ static int br_mdb_del(struct sk_buff *skb, struct nlmsghdr
*nlh,
struct net_bridge_vlan *v;
struct br_mdb_config cfg;
struct net_device *dev;
- struct net_bridge *br;
int err;
err = br_mdb_config_init(net, skb, nlh, &cfg, extack);
@@ -1197,23 +1195,21 @@ static int br_mdb_del(struct sk_buff *skb, struct
nlmsghdr *nlh,
if (err < 0)
return err;
- br = netdev_priv(dev);
-
- if (entry->ifindex != br->dev->ifindex)
+ if (cfg.p)
vg = nbp_vlan_group(cfg.p);
else
- vg = br_vlan_group(br);
+ vg = br_vlan_group(cfg.br);
/* If vlan filtering is enabled and VLAN is not specified
* delete mdb entry on all vlans configured on the port.
*/
- if (br_vlan_enabled(br->dev) && vg && entry->vid == 0) {
+ if (br_vlan_enabled(cfg.br->dev) && vg && cfg.entry->vid
== 0) {
list_for_each_entry(v, &vg->vlan_list, vlist) {
- entry->vid = v->vid;
- err = __br_mdb_del(br, entry, mdb_attrs);
+ cfg.entry->vid = v->vid;
+ err = __br_mdb_del(cfg.br, cfg.entry, mdb_attrs);
}
} else {
- err = __br_mdb_del(br, entry, mdb_attrs);
+ err = __br_mdb_del(cfg.br, cfg.entry, mdb_attrs);
}
return err;
--
2.37.3
Ido Schimmel
2022-Dec-05 07:42 UTC
[Bridge] [PATCH net-next 4/8] bridge: mcast: Propagate MDB configuration structure further
As an intermediate step towards only using the new MDB configuration
structure, pass it further in the control path instead of passing
individual attributes.
No functional changes intended.
Signed-off-by: Ido Schimmel <idosch at nvidia.com>
---
net/bridge/br_mdb.c | 24 +++++++++++-------------
1 file changed, 11 insertions(+), 13 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index cdc71516a51b..2f9b192500a3 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -959,17 +959,15 @@ static int br_mdb_add_group(struct net_bridge *br, struct
net_bridge_port *port,
return 0;
}
-static int __br_mdb_add(struct net *net, struct net_bridge *br,
- struct net_bridge_port *p,
- struct br_mdb_entry *entry,
+static int __br_mdb_add(struct br_mdb_config *cfg,
struct nlattr **mdb_attrs,
struct netlink_ext_ack *extack)
{
int ret;
- spin_lock_bh(&br->multicast_lock);
- ret = br_mdb_add_group(br, p, entry, mdb_attrs, extack);
- spin_unlock_bh(&br->multicast_lock);
+ spin_lock_bh(&cfg->br->multicast_lock);
+ ret = br_mdb_add_group(cfg->br, cfg->p, cfg->entry, mdb_attrs,
extack);
+ spin_unlock_bh(&cfg->br->multicast_lock);
return ret;
}
@@ -1120,22 +1118,22 @@ static int br_mdb_add(struct sk_buff *skb, struct
nlmsghdr *nlh,
if (br_vlan_enabled(cfg.br->dev) && vg && cfg.entry->vid
== 0) {
list_for_each_entry(v, &vg->vlan_list, vlist) {
cfg.entry->vid = v->vid;
- err = __br_mdb_add(net, cfg.br, cfg.p, cfg.entry,
- mdb_attrs, extack);
+ err = __br_mdb_add(&cfg, mdb_attrs, extack);
if (err)
break;
}
} else {
- err = __br_mdb_add(net, cfg.br, cfg.p, cfg.entry, mdb_attrs,
- extack);
+ err = __br_mdb_add(&cfg, mdb_attrs, extack);
}
return err;
}
-static int __br_mdb_del(struct net_bridge *br, struct br_mdb_entry *entry,
+static int __br_mdb_del(struct br_mdb_config *cfg,
struct nlattr **mdb_attrs)
{
+ struct br_mdb_entry *entry = cfg->entry;
+ struct net_bridge *br = cfg->br;
struct net_bridge_mdb_entry *mp;
struct net_bridge_port_group *p;
struct net_bridge_port_group __rcu **pp;
@@ -1206,10 +1204,10 @@ static int br_mdb_del(struct sk_buff *skb, struct
nlmsghdr *nlh,
if (br_vlan_enabled(cfg.br->dev) && vg && cfg.entry->vid
== 0) {
list_for_each_entry(v, &vg->vlan_list, vlist) {
cfg.entry->vid = v->vid;
- err = __br_mdb_del(cfg.br, cfg.entry, mdb_attrs);
+ err = __br_mdb_del(&cfg, mdb_attrs);
}
} else {
- err = __br_mdb_del(cfg.br, cfg.entry, mdb_attrs);
+ err = __br_mdb_del(&cfg, mdb_attrs);
}
return err;
--
2.37.3
Ido Schimmel
2022-Dec-05 07:42 UTC
[Bridge] [PATCH net-next 5/8] bridge: mcast: Use MDB group key from configuration structure
The MDB group key (i.e., {source, destination, protocol, VID}) is
currently determined under the multicast lock from the netlink
attributes. Instead, use the group key from the MDB configuration
structure that was prepared before acquiring the lock.
No functional changes intended.
Signed-off-by: Ido Schimmel <idosch at nvidia.com>
---
net/bridge/br_mdb.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 2f9b192500a3..cb4fd27f118f 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -855,20 +855,19 @@ __br_mdb_choose_context(struct net_bridge *br,
static int br_mdb_add_group(struct net_bridge *br, struct net_bridge_port
*port,
struct br_mdb_entry *entry,
- struct nlattr **mdb_attrs,
+ struct br_mdb_config *cfg,
struct netlink_ext_ack *extack)
{
struct net_bridge_mdb_entry *mp, *star_mp;
struct net_bridge_port_group __rcu **pp;
struct net_bridge_port_group *p;
struct net_bridge_mcast *brmctx;
- struct br_ip group, star_group;
+ struct br_ip group = cfg->group;
unsigned long now = jiffies;
unsigned char flags = 0;
+ struct br_ip star_group;
u8 filter_mode;
- __mdb_entry_to_br_ip(entry, &group, mdb_attrs);
-
brmctx = __br_mdb_choose_context(br, entry, extack);
if (!brmctx)
return -EINVAL;
@@ -966,7 +965,7 @@ static int __br_mdb_add(struct br_mdb_config *cfg,
int ret;
spin_lock_bh(&cfg->br->multicast_lock);
- ret = br_mdb_add_group(cfg->br, cfg->p, cfg->entry, mdb_attrs,
extack);
+ ret = br_mdb_add_group(cfg->br, cfg->p, cfg->entry, cfg, extack);
spin_unlock_bh(&cfg->br->multicast_lock);
return ret;
@@ -1118,6 +1117,7 @@ static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr
*nlh,
if (br_vlan_enabled(cfg.br->dev) && vg && cfg.entry->vid
== 0) {
list_for_each_entry(v, &vg->vlan_list, vlist) {
cfg.entry->vid = v->vid;
+ cfg.group.vid = v->vid;
err = __br_mdb_add(&cfg, mdb_attrs, extack);
if (err)
break;
@@ -1137,11 +1137,9 @@ static int __br_mdb_del(struct br_mdb_config *cfg,
struct net_bridge_mdb_entry *mp;
struct net_bridge_port_group *p;
struct net_bridge_port_group __rcu **pp;
- struct br_ip ip;
+ struct br_ip ip = cfg->group;
int err = -EINVAL;
- __mdb_entry_to_br_ip(entry, &ip, mdb_attrs);
-
spin_lock_bh(&br->multicast_lock);
mp = br_mdb_ip_get(br, &ip);
if (!mp)
@@ -1204,6 +1202,7 @@ static int br_mdb_del(struct sk_buff *skb, struct nlmsghdr
*nlh,
if (br_vlan_enabled(cfg.br->dev) && vg && cfg.entry->vid
== 0) {
list_for_each_entry(v, &vg->vlan_list, vlist) {
cfg.entry->vid = v->vid;
+ cfg.group.vid = v->vid;
err = __br_mdb_del(&cfg, mdb_attrs);
}
} else {
--
2.37.3
Ido Schimmel
2022-Dec-05 07:42 UTC
[Bridge] [PATCH net-next 6/8] bridge: mcast: Remove br_mdb_parse()
The parsing of the netlink messages and the validity checks are now
performed in br_mdb_config_init() so we can remove br_mdb_parse().
This finally allows us to stop passing netlink attributes deep in the
MDB control path and only use the MDB configuration structure.
Signed-off-by: Ido Schimmel <idosch at nvidia.com>
---
net/bridge/br_mdb.c | 93 +++------------------------------------------
1 file changed, 5 insertions(+), 88 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index cb4fd27f118f..67b6bc7272d3 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -754,73 +754,6 @@ static const struct nla_policy
br_mdbe_attrs_pol[MDBE_ATTR_MAX + 1] = {
sizeof(struct in6_addr)),
};
-static int br_mdb_parse(struct sk_buff *skb, struct nlmsghdr *nlh,
- struct net_device **pdev, struct br_mdb_entry **pentry,
- struct nlattr **mdb_attrs, struct netlink_ext_ack *extack)
-{
- struct net *net = sock_net(skb->sk);
- struct br_mdb_entry *entry;
- struct br_port_msg *bpm;
- struct nlattr *tb[MDBA_SET_ENTRY_MAX+1];
- struct net_device *dev;
- int err;
-
- err = nlmsg_parse_deprecated(nlh, sizeof(*bpm), tb,
- MDBA_SET_ENTRY_MAX, NULL, NULL);
- if (err < 0)
- return err;
-
- bpm = nlmsg_data(nlh);
- if (bpm->ifindex == 0) {
- NL_SET_ERR_MSG_MOD(extack, "Invalid bridge ifindex");
- return -EINVAL;
- }
-
- dev = __dev_get_by_index(net, bpm->ifindex);
- if (dev == NULL) {
- NL_SET_ERR_MSG_MOD(extack, "Bridge device doesn't exist");
- return -ENODEV;
- }
-
- if (!netif_is_bridge_master(dev)) {
- NL_SET_ERR_MSG_MOD(extack, "Device is not a bridge");
- return -EOPNOTSUPP;
- }
-
- *pdev = dev;
-
- if (!tb[MDBA_SET_ENTRY]) {
- NL_SET_ERR_MSG_MOD(extack, "Missing MDBA_SET_ENTRY attribute");
- return -EINVAL;
- }
- if (nla_len(tb[MDBA_SET_ENTRY]) != sizeof(struct br_mdb_entry)) {
- NL_SET_ERR_MSG_MOD(extack, "Invalid MDBA_SET_ENTRY attribute
length");
- return -EINVAL;
- }
-
- entry = nla_data(tb[MDBA_SET_ENTRY]);
- if (!is_valid_mdb_entry(entry, extack))
- return -EINVAL;
- *pentry = entry;
-
- if (tb[MDBA_SET_ENTRY_ATTRS]) {
- err = nla_parse_nested(mdb_attrs, MDBE_ATTR_MAX,
- tb[MDBA_SET_ENTRY_ATTRS],
- br_mdbe_attrs_pol, extack);
- if (err)
- return err;
- if (mdb_attrs[MDBE_ATTR_SOURCE] &&
- !is_valid_mdb_source(mdb_attrs[MDBE_ATTR_SOURCE],
- entry->addr.proto, extack))
- return -EINVAL;
- } else {
- memset(mdb_attrs, 0,
- sizeof(struct nlattr *) * (MDBE_ATTR_MAX + 1));
- }
-
- return 0;
-}
-
static struct net_bridge_mcast *
__br_mdb_choose_context(struct net_bridge *br,
const struct br_mdb_entry *entry,
@@ -959,7 +892,6 @@ static int br_mdb_add_group(struct net_bridge *br, struct
net_bridge_port *port,
}
static int __br_mdb_add(struct br_mdb_config *cfg,
- struct nlattr **mdb_attrs,
struct netlink_ext_ack *extack)
{
int ret;
@@ -1084,23 +1016,16 @@ static int br_mdb_config_init(struct net *net, struct
sk_buff *skb,
static int br_mdb_add(struct sk_buff *skb, struct nlmsghdr *nlh,
struct netlink_ext_ack *extack)
{
- struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1];
struct net *net = sock_net(skb->sk);
struct net_bridge_vlan_group *vg;
- struct br_mdb_entry *entry;
struct net_bridge_vlan *v;
struct br_mdb_config cfg;
- struct net_device *dev;
int err;
err = br_mdb_config_init(net, skb, nlh, &cfg, extack);
if (err)
return err;
- err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack);
- if (err < 0)
- return err;
-
if (cfg.p) {
if (cfg.p->state == BR_STATE_DISABLED && cfg.entry->state !=
MDB_PERMANENT) {
NL_SET_ERR_MSG_MOD(extack, "Port is in disabled state and entry is not
permanent");
@@ -1118,19 +1043,18 @@ static int br_mdb_add(struct sk_buff *skb, struct
nlmsghdr *nlh,
list_for_each_entry(v, &vg->vlan_list, vlist) {
cfg.entry->vid = v->vid;
cfg.group.vid = v->vid;
- err = __br_mdb_add(&cfg, mdb_attrs, extack);
+ err = __br_mdb_add(&cfg, extack);
if (err)
break;
}
} else {
- err = __br_mdb_add(&cfg, mdb_attrs, extack);
+ err = __br_mdb_add(&cfg, extack);
}
return err;
}
-static int __br_mdb_del(struct br_mdb_config *cfg,
- struct nlattr **mdb_attrs)
+static int __br_mdb_del(struct br_mdb_config *cfg)
{
struct br_mdb_entry *entry = cfg->entry;
struct net_bridge *br = cfg->br;
@@ -1174,23 +1098,16 @@ static int __br_mdb_del(struct br_mdb_config *cfg,
static int br_mdb_del(struct sk_buff *skb, struct nlmsghdr *nlh,
struct netlink_ext_ack *extack)
{
- struct nlattr *mdb_attrs[MDBE_ATTR_MAX + 1];
struct net *net = sock_net(skb->sk);
struct net_bridge_vlan_group *vg;
- struct br_mdb_entry *entry;
struct net_bridge_vlan *v;
struct br_mdb_config cfg;
- struct net_device *dev;
int err;
err = br_mdb_config_init(net, skb, nlh, &cfg, extack);
if (err)
return err;
- err = br_mdb_parse(skb, nlh, &dev, &entry, mdb_attrs, extack);
- if (err < 0)
- return err;
-
if (cfg.p)
vg = nbp_vlan_group(cfg.p);
else
@@ -1203,10 +1120,10 @@ static int br_mdb_del(struct sk_buff *skb, struct
nlmsghdr *nlh,
list_for_each_entry(v, &vg->vlan_list, vlist) {
cfg.entry->vid = v->vid;
cfg.group.vid = v->vid;
- err = __br_mdb_del(&cfg, mdb_attrs);
+ err = __br_mdb_del(&cfg);
}
} else {
- err = __br_mdb_del(&cfg, mdb_attrs);
+ err = __br_mdb_del(&cfg);
}
return err;
--
2.37.3
Ido Schimmel
2022-Dec-05 07:42 UTC
[Bridge] [PATCH net-next 7/8] bridge: mcast: Move checks out of critical section
The checks only require information parsed from the RTM_NEWMDB netlink
message and do not rely on any state stored in the bridge driver.
Therefore, there is no need to perform the checks in the critical
section under the multicast lock.
Move the checks out of the critical section.
Signed-off-by: Ido Schimmel <idosch at nvidia.com>
---
net/bridge/br_mdb.c | 36 ++++++++++++++++++------------------
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index 67b6bc7272d3..aa5faccf09f8 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -805,24 +805,6 @@ static int br_mdb_add_group(struct net_bridge *br, struct
net_bridge_port *port,
if (!brmctx)
return -EINVAL;
- /* host join errors which can happen before creating the group */
- if (!port && !br_group_is_l2(&group)) {
- /* don't allow any flags for host-joined IP groups */
- if (entry->state) {
- NL_SET_ERR_MSG_MOD(extack, "Flags are not allowed for host
groups");
- return -EINVAL;
- }
- if (!br_multicast_is_star_g(&group)) {
- NL_SET_ERR_MSG_MOD(extack, "Groups with sources cannot be manually host
joined");
- return -EINVAL;
- }
- }
-
- if (br_group_is_l2(&group) && entry->state != MDB_PERMANENT) {
- NL_SET_ERR_MSG_MOD(extack, "Only permanent L2 entries allowed");
- return -EINVAL;
- }
-
mp = br_multicast_new_group(br, &group);
if (IS_ERR(mp))
return PTR_ERR(mp);
@@ -1026,6 +1008,24 @@ static int br_mdb_add(struct sk_buff *skb, struct
nlmsghdr *nlh,
if (err)
return err;
+ /* host join errors which can happen before creating the group */
+ if (!cfg.p && !br_group_is_l2(&cfg.group)) {
+ /* don't allow any flags for host-joined IP groups */
+ if (cfg.entry->state) {
+ NL_SET_ERR_MSG_MOD(extack, "Flags are not allowed for host
groups");
+ return -EINVAL;
+ }
+ if (!br_multicast_is_star_g(&cfg.group)) {
+ NL_SET_ERR_MSG_MOD(extack, "Groups with sources cannot be manually host
joined");
+ return -EINVAL;
+ }
+ }
+
+ if (br_group_is_l2(&cfg.group) && cfg.entry->state !=
MDB_PERMANENT) {
+ NL_SET_ERR_MSG_MOD(extack, "Only permanent L2 entries allowed");
+ return -EINVAL;
+ }
+
if (cfg.p) {
if (cfg.p->state == BR_STATE_DISABLED && cfg.entry->state !=
MDB_PERMANENT) {
NL_SET_ERR_MSG_MOD(extack, "Port is in disabled state and entry is not
permanent");
--
2.37.3
Ido Schimmel
2022-Dec-05 07:42 UTC
[Bridge] [PATCH net-next 8/8] bridge: mcast: Remove redundant function arguments
Drop the first three arguments and instead extract them from the MDB
configuration structure.
Signed-off-by: Ido Schimmel <idosch at nvidia.com>
---
net/bridge/br_mdb.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
index aa5faccf09f8..850a04177c91 100644
--- a/net/bridge/br_mdb.c
+++ b/net/bridge/br_mdb.c
@@ -786,13 +786,14 @@ __br_mdb_choose_context(struct net_bridge *br,
return brmctx;
}
-static int br_mdb_add_group(struct net_bridge *br, struct net_bridge_port
*port,
- struct br_mdb_entry *entry,
- struct br_mdb_config *cfg,
+static int br_mdb_add_group(struct br_mdb_config *cfg,
struct netlink_ext_ack *extack)
{
struct net_bridge_mdb_entry *mp, *star_mp;
struct net_bridge_port_group __rcu **pp;
+ struct br_mdb_entry *entry = cfg->entry;
+ struct net_bridge_port *port = cfg->p;
+ struct net_bridge *br = cfg->br;
struct net_bridge_port_group *p;
struct net_bridge_mcast *brmctx;
struct br_ip group = cfg->group;
@@ -879,7 +880,7 @@ static int __br_mdb_add(struct br_mdb_config *cfg,
int ret;
spin_lock_bh(&cfg->br->multicast_lock);
- ret = br_mdb_add_group(cfg->br, cfg->p, cfg->entry, cfg, extack);
+ ret = br_mdb_add_group(cfg, extack);
spin_unlock_bh(&cfg->br->multicast_lock);
return ret;
--
2.37.3
Nikolay Aleksandrov
2022-Dec-05 11:55 UTC
[Bridge] [PATCH net-next 0/8] bridge: mcast: Preparations for EVPN extensions
On 05/12/2022 09:42, Ido Schimmel wrote:> This patchset was split from [1] and includes non-functional changes > aimed at making it easier to add additional netlink attributes later on. > Future extensions are available here [2]. > > The idea behind these patches is to create an MDB configuration > structure into which netlink messages are parsed into. The structure is > then passed in the entry creation / deletion call chain instead of > passing the netlink attributes themselves. The same pattern is used by > other rtnetlink objects such as routes and nexthops. > > I initially tried to extend the current code, but it proved to be too > difficult, which is why I decided to refactor it to the extensible and > familiar pattern used by other rtnetlink objects. > > Tested using existing selftests and using a new selftest that will be > submitted together with the planned extensions. > > No changes since initial RFC. > > [1] https://lore.kernel.org/netdev/20221018120420.561846-1-idosch at nvidia.com/ > [2] https://github.com/idosch/linux/commits/submit/mdb_v1 > > Ido Schimmel (8): > bridge: mcast: Centralize netlink attribute parsing > bridge: mcast: Remove redundant checks > bridge: mcast: Use MDB configuration structure where possible > bridge: mcast: Propagate MDB configuration structure further > bridge: mcast: Use MDB group key from configuration structure > bridge: mcast: Remove br_mdb_parse() > bridge: mcast: Move checks out of critical section > bridge: mcast: Remove redundant function arguments > > net/bridge/br_mdb.c | 312 +++++++++++++++++++--------------------- > net/bridge/br_private.h | 7 + > 2 files changed, 156 insertions(+), 163 deletions(-) >As I also commented on the RFC, nice work! Allowing user-space to manipulate and manually install such entries is a natural extension. One thought (not a big deal) but it would've been ideal if we could initialize the config struct once when parsing and then pass it around as a const argument. I know that its arguments are currently passed to functions that don't expect const, but I *think* it could be a small change. Thanks, Nik