]> nv-tegra.nvidia Code Review - linux-2.6.git/blob - net/bridge/br_if.c
bridge: Fix double-free in br_add_if.
[linux-2.6.git] / net / bridge / br_if.c
1 /*
2  *      Userspace interface
3  *      Linux ethernet bridge
4  *
5  *      Authors:
6  *      Lennert Buytenhek               <buytenh@gnu.org>
7  *
8  *      This program is free software; you can redistribute it and/or
9  *      modify it under the terms of the GNU General Public License
10  *      as published by the Free Software Foundation; either version
11  *      2 of the License, or (at your option) any later version.
12  */
13
14 #include <linux/kernel.h>
15 #include <linux/netdevice.h>
16 #include <linux/ethtool.h>
17 #include <linux/if_arp.h>
18 #include <linux/module.h>
19 #include <linux/init.h>
20 #include <linux/rtnetlink.h>
21 #include <linux/if_ether.h>
22 #include <net/sock.h>
23
24 #include "br_private.h"
25
26 /*
27  * Determine initial path cost based on speed.
28  * using recommendations from 802.1d standard
29  *
30  * Since driver might sleep need to not be holding any locks.
31  */
32 static int port_cost(struct net_device *dev)
33 {
34         if (dev->ethtool_ops && dev->ethtool_ops->get_settings) {
35                 struct ethtool_cmd ecmd = { .cmd = ETHTOOL_GSET, };
36
37                 if (!dev->ethtool_ops->get_settings(dev, &ecmd)) {
38                         switch(ecmd.speed) {
39                         case SPEED_10000:
40                                 return 2;
41                         case SPEED_1000:
42                                 return 4;
43                         case SPEED_100:
44                                 return 19;
45                         case SPEED_10:
46                                 return 100;
47                         }
48                 }
49         }
50
51         /* Old silly heuristics based on name */
52         if (!strncmp(dev->name, "lec", 3))
53                 return 7;
54
55         if (!strncmp(dev->name, "plip", 4))
56                 return 2500;
57
58         return 100;     /* assume old 10Mbps */
59 }
60
61
62 /*
63  * Check for port carrier transistions.
64  * Called from work queue to allow for calling functions that
65  * might sleep (such as speed check), and to debounce.
66  */
67 void br_port_carrier_check(struct net_bridge_port *p)
68 {
69         struct net_device *dev = p->dev;
70         struct net_bridge *br = p->br;
71
72         if (netif_carrier_ok(dev))
73                 p->path_cost = port_cost(dev);
74
75         if (netif_running(br->dev)) {
76                 spin_lock_bh(&br->lock);
77                 if (netif_carrier_ok(dev)) {
78                         if (p->state == BR_STATE_DISABLED)
79                                 br_stp_enable_port(p);
80                 } else {
81                         if (p->state != BR_STATE_DISABLED)
82                                 br_stp_disable_port(p);
83                 }
84                 spin_unlock_bh(&br->lock);
85         }
86 }
87
88 static void release_nbp(struct kobject *kobj)
89 {
90         struct net_bridge_port *p
91                 = container_of(kobj, struct net_bridge_port, kobj);
92         kfree(p);
93 }
94
95 static struct kobj_type brport_ktype = {
96 #ifdef CONFIG_SYSFS
97         .sysfs_ops = &brport_sysfs_ops,
98 #endif
99         .release = release_nbp,
100 };
101
102 static void destroy_nbp(struct net_bridge_port *p)
103 {
104         struct net_device *dev = p->dev;
105
106         p->br = NULL;
107         p->dev = NULL;
108         dev_put(dev);
109
110         kobject_put(&p->kobj);
111 }
112
113 static void destroy_nbp_rcu(struct rcu_head *head)
114 {
115         struct net_bridge_port *p =
116                         container_of(head, struct net_bridge_port, rcu);
117         destroy_nbp(p);
118 }
119
120 /* Delete port(interface) from bridge is done in two steps.
121  * via RCU. First step, marks device as down. That deletes
122  * all the timers and stops new packets from flowing through.
123  *
124  * Final cleanup doesn't occur until after all CPU's finished
125  * processing packets.
126  *
127  * Protected from multiple admin operations by RTNL mutex
128  */
129 static void del_nbp(struct net_bridge_port *p)
130 {
131         struct net_bridge *br = p->br;
132         struct net_device *dev = p->dev;
133
134         sysfs_remove_link(br->ifobj, dev->name);
135
136         dev_set_promiscuity(dev, -1);
137
138         spin_lock_bh(&br->lock);
139         br_stp_disable_port(p);
140         spin_unlock_bh(&br->lock);
141
142         br_ifinfo_notify(RTM_DELLINK, p);
143
144         br_fdb_delete_by_port(br, p, 1);
145
146         list_del_rcu(&p->list);
147
148         rcu_assign_pointer(dev->br_port, NULL);
149
150         kobject_uevent(&p->kobj, KOBJ_REMOVE);
151         kobject_del(&p->kobj);
152
153         call_rcu(&p->rcu, destroy_nbp_rcu);
154 }
155
156 /* called with RTNL */
157 static void del_br(struct net_bridge *br)
158 {
159         struct net_bridge_port *p, *n;
160
161         list_for_each_entry_safe(p, n, &br->port_list, list) {
162                 del_nbp(p);
163         }
164
165         del_timer_sync(&br->gc_timer);
166
167         br_sysfs_delbr(br->dev);
168         unregister_netdevice(br->dev);
169 }
170
171 static struct net_device *new_bridge_dev(struct net *net, const char *name)
172 {
173         struct net_bridge *br;
174         struct net_device *dev;
175
176         dev = alloc_netdev(sizeof(struct net_bridge), name,
177                            br_dev_setup);
178
179         if (!dev)
180                 return NULL;
181         dev_net_set(dev, net);
182
183         br = netdev_priv(dev);
184         br->dev = dev;
185
186         spin_lock_init(&br->lock);
187         INIT_LIST_HEAD(&br->port_list);
188         spin_lock_init(&br->hash_lock);
189
190         br->bridge_id.prio[0] = 0x80;
191         br->bridge_id.prio[1] = 0x00;
192
193         memcpy(br->group_addr, br_group_address, ETH_ALEN);
194
195         br->feature_mask = dev->features;
196         br->stp_enabled = BR_NO_STP;
197         br->designated_root = br->bridge_id;
198         br->root_path_cost = 0;
199         br->root_port = 0;
200         br->bridge_max_age = br->max_age = 20 * HZ;
201         br->bridge_hello_time = br->hello_time = 2 * HZ;
202         br->bridge_forward_delay = br->forward_delay = 15 * HZ;
203         br->topology_change = 0;
204         br->topology_change_detected = 0;
205         br->ageing_time = 300 * HZ;
206
207         br_netfilter_rtable_init(br);
208
209         INIT_LIST_HEAD(&br->age_list);
210
211         br_stp_timer_init(br);
212
213         return dev;
214 }
215
216 /* find an available port number */
217 static int find_portno(struct net_bridge *br)
218 {
219         int index;
220         struct net_bridge_port *p;
221         unsigned long *inuse;
222
223         inuse = kcalloc(BITS_TO_LONGS(BR_MAX_PORTS), sizeof(unsigned long),
224                         GFP_KERNEL);
225         if (!inuse)
226                 return -ENOMEM;
227
228         set_bit(0, inuse);      /* zero is reserved */
229         list_for_each_entry(p, &br->port_list, list) {
230                 set_bit(p->port_no, inuse);
231         }
232         index = find_first_zero_bit(inuse, BR_MAX_PORTS);
233         kfree(inuse);
234
235         return (index >= BR_MAX_PORTS) ? -EXFULL : index;
236 }
237
238 /* called with RTNL but without bridge lock */
239 static struct net_bridge_port *new_nbp(struct net_bridge *br,
240                                        struct net_device *dev)
241 {
242         int index;
243         struct net_bridge_port *p;
244
245         index = find_portno(br);
246         if (index < 0)
247                 return ERR_PTR(index);
248
249         p = kzalloc(sizeof(*p), GFP_KERNEL);
250         if (p == NULL)
251                 return ERR_PTR(-ENOMEM);
252
253         p->br = br;
254         dev_hold(dev);
255         p->dev = dev;
256         p->path_cost = port_cost(dev);
257         p->priority = 0x8000 >> BR_PORT_BITS;
258         p->port_no = index;
259         p->flags = 0;
260         br_init_port(p);
261         p->state = BR_STATE_DISABLED;
262         br_stp_port_timer_init(p);
263
264         return p;
265 }
266
267 static struct device_type br_type = {
268         .name   = "bridge",
269 };
270
271 int br_add_bridge(struct net *net, const char *name)
272 {
273         struct net_device *dev;
274         int ret;
275
276         dev = new_bridge_dev(net, name);
277         if (!dev)
278                 return -ENOMEM;
279
280         rtnl_lock();
281         if (strchr(dev->name, '%')) {
282                 ret = dev_alloc_name(dev, dev->name);
283                 if (ret < 0)
284                         goto out_free;
285         }
286
287         SET_NETDEV_DEVTYPE(dev, &br_type);
288
289         ret = register_netdevice(dev);
290         if (ret)
291                 goto out_free;
292
293         ret = br_sysfs_addbr(dev);
294         if (ret)
295                 unregister_netdevice(dev);
296  out:
297         rtnl_unlock();
298         return ret;
299
300 out_free:
301         free_netdev(dev);
302         goto out;
303 }
304
305 int br_del_bridge(struct net *net, const char *name)
306 {
307         struct net_device *dev;
308         int ret = 0;
309
310         rtnl_lock();
311         dev = __dev_get_by_name(net, name);
312         if (dev == NULL)
313                 ret =  -ENXIO;  /* Could not find device */
314
315         else if (!(dev->priv_flags & IFF_EBRIDGE)) {
316                 /* Attempt to delete non bridge device! */
317                 ret = -EPERM;
318         }
319
320         else if (dev->flags & IFF_UP) {
321                 /* Not shutdown yet. */
322                 ret = -EBUSY;
323         }
324
325         else
326                 del_br(netdev_priv(dev));
327
328         rtnl_unlock();
329         return ret;
330 }
331
332 /* MTU of the bridge pseudo-device: ETH_DATA_LEN or the minimum of the ports */
333 int br_min_mtu(const struct net_bridge *br)
334 {
335         const struct net_bridge_port *p;
336         int mtu = 0;
337
338         ASSERT_RTNL();
339
340         if (list_empty(&br->port_list))
341                 mtu = ETH_DATA_LEN;
342         else {
343                 list_for_each_entry(p, &br->port_list, list) {
344                         if (!mtu  || p->dev->mtu < mtu)
345                                 mtu = p->dev->mtu;
346                 }
347         }
348         return mtu;
349 }
350
351 /*
352  * Recomputes features using slave's features
353  */
354 void br_features_recompute(struct net_bridge *br)
355 {
356         struct net_bridge_port *p;
357         unsigned long features, mask;
358
359         features = mask = br->feature_mask;
360         if (list_empty(&br->port_list))
361                 goto done;
362
363         features &= ~NETIF_F_ONE_FOR_ALL;
364
365         list_for_each_entry(p, &br->port_list, list) {
366                 features = netdev_increment_features(features,
367                                                      p->dev->features, mask);
368         }
369
370 done:
371         br->dev->features = netdev_fix_features(features, NULL);
372 }
373
374 /* called with RTNL */
375 int br_add_if(struct net_bridge *br, struct net_device *dev)
376 {
377         struct net_bridge_port *p;
378         int err = 0;
379
380         if (dev->flags & IFF_LOOPBACK || dev->type != ARPHRD_ETHER)
381                 return -EINVAL;
382
383         if (dev->netdev_ops->ndo_start_xmit == br_dev_xmit)
384                 return -ELOOP;
385
386         if (dev->br_port != NULL)
387                 return -EBUSY;
388
389         p = new_nbp(br, dev);
390         if (IS_ERR(p))
391                 return PTR_ERR(p);
392
393         err = dev_set_promiscuity(dev, 1);
394         if (err)
395                 goto put_back;
396
397         err = kobject_init_and_add(&p->kobj, &brport_ktype, &(dev->dev.kobj),
398                                    SYSFS_BRIDGE_PORT_ATTR);
399         if (err)
400                 goto err0;
401
402         err = br_fdb_insert(br, p, dev->dev_addr);
403         if (err)
404                 goto err1;
405
406         err = br_sysfs_addif(p);
407         if (err)
408                 goto err2;
409
410         rcu_assign_pointer(dev->br_port, p);
411         dev_disable_lro(dev);
412
413         list_add_rcu(&p->list, &br->port_list);
414
415         spin_lock_bh(&br->lock);
416         br_stp_recalculate_bridge_id(br);
417         br_features_recompute(br);
418
419         if ((dev->flags & IFF_UP) && netif_carrier_ok(dev) &&
420             (br->dev->flags & IFF_UP))
421                 br_stp_enable_port(p);
422         spin_unlock_bh(&br->lock);
423
424         br_ifinfo_notify(RTM_NEWLINK, p);
425
426         dev_set_mtu(br->dev, br_min_mtu(br));
427
428         kobject_uevent(&p->kobj, KOBJ_ADD);
429
430         return 0;
431 err2:
432         br_fdb_delete_by_port(br, p, 1);
433 err1:
434         kobject_put(&p->kobj);
435         p = NULL; /* kobject_put frees */
436 err0:
437         dev_set_promiscuity(dev, -1);
438 put_back:
439         dev_put(dev);
440         kfree(p);
441         return err;
442 }
443
444 /* called with RTNL */
445 int br_del_if(struct net_bridge *br, struct net_device *dev)
446 {
447         struct net_bridge_port *p = dev->br_port;
448
449         if (!p || p->br != br)
450                 return -EINVAL;
451
452         del_nbp(p);
453
454         spin_lock_bh(&br->lock);
455         br_stp_recalculate_bridge_id(br);
456         br_features_recompute(br);
457         spin_unlock_bh(&br->lock);
458
459         return 0;
460 }
461
462 void br_net_exit(struct net *net)
463 {
464         struct net_device *dev;
465
466         rtnl_lock();
467 restart:
468         for_each_netdev(net, dev) {
469                 if (dev->priv_flags & IFF_EBRIDGE) {
470                         del_br(netdev_priv(dev));
471                         goto restart;
472                 }
473         }
474         rtnl_unlock();
475
476 }