2021-02-17 00:42:03 +03:00
// SPDX-License-Identifier: (GPL-2.0 OR MIT)
/* Microsemi Ocelot Switch driver
*
* Copyright ( c ) 2017 , 2019 Microsemi Corporation
2021-09-17 14:17:35 +03:00
* Copyright 2020 - 2021 NXP
2021-02-17 00:42:03 +03:00
*/
# include <linux/if_bridge.h>
# include <linux/mrp_bridge.h>
# include <soc/mscc/ocelot_vcap.h>
# include <uapi/linux/mrp_bridge.h>
# include "ocelot.h"
# include "ocelot_vcap.h"
2021-03-16 23:10:18 +03:00
static const u8 mrp_test_dmac [ ] = { 0x01 , 0x15 , 0x4e , 0x00 , 0x00 , 0x01 } ;
static const u8 mrp_control_dmac [ ] = { 0x01 , 0x15 , 0x4e , 0x00 , 0x00 , 0x02 } ;
static int ocelot_mrp_find_partner_port ( struct ocelot * ocelot ,
struct ocelot_port * p )
{
int i ;
for ( i = 0 ; i < ocelot - > num_phys_ports ; + + i ) {
struct ocelot_port * ocelot_port = ocelot - > ports [ i ] ;
if ( ! ocelot_port | | p = = ocelot_port )
continue ;
if ( ocelot_port - > mrp_ring_id = = p - > mrp_ring_id )
return i ;
}
return - 1 ;
}
static int ocelot_mrp_del_vcap ( struct ocelot * ocelot , int id )
2021-02-17 00:42:03 +03:00
{
struct ocelot_vcap_block * block_vcap_is2 ;
struct ocelot_vcap_filter * filter ;
block_vcap_is2 = & ocelot - > block [ VCAP_IS2 ] ;
2021-03-16 23:10:18 +03:00
filter = ocelot_vcap_block_find_filter_by_id ( block_vcap_is2 , id ,
2021-02-17 00:42:03 +03:00
false ) ;
if ( ! filter )
return 0 ;
return ocelot_vcap_filter_del ( ocelot , filter ) ;
}
2021-03-16 23:10:18 +03:00
static int ocelot_mrp_redirect_add_vcap ( struct ocelot * ocelot , int src_port ,
int dst_port )
{
const u8 mrp_test_mask [ ] = { 0xff , 0xff , 0xff , 0xff , 0xff , 0xff } ;
struct ocelot_vcap_filter * filter ;
int err ;
filter = kzalloc ( sizeof ( * filter ) , GFP_KERNEL ) ;
if ( ! filter )
return - ENOMEM ;
filter - > key_type = OCELOT_VCAP_KEY_ETYPE ;
filter - > prio = 1 ;
2022-02-16 17:30:05 +03:00
filter - > id . cookie = OCELOT_VCAP_IS2_MRP_REDIRECT ( ocelot , src_port ) ;
2021-03-16 23:10:18 +03:00
filter - > id . tc_offload = false ;
filter - > block_id = VCAP_IS2 ;
filter - > type = OCELOT_VCAP_FILTER_OFFLOAD ;
filter - > ingress_port_mask = BIT ( src_port ) ;
ether_addr_copy ( filter - > key . etype . dmac . value , mrp_test_dmac ) ;
ether_addr_copy ( filter - > key . etype . dmac . mask , mrp_test_mask ) ;
filter - > action . mask_mode = OCELOT_MASK_MODE_REDIRECT ;
filter - > action . port_mask = BIT ( dst_port ) ;
err = ocelot_vcap_filter_add ( ocelot , filter , NULL ) ;
if ( err )
kfree ( filter ) ;
return err ;
}
2022-02-16 17:30:07 +03:00
static void ocelot_populate_mrp_trap_key ( struct ocelot_vcap_filter * filter )
2021-03-16 23:10:18 +03:00
{
const u8 mrp_mask [ ] = { 0xff , 0xff , 0xff , 0xff , 0xff , 0x00 } ;
/* Here is possible to use control or test dmac because the mask
* doesn ' t cover the LSB
*/
ether_addr_copy ( filter - > key . etype . dmac . value , mrp_test_dmac ) ;
ether_addr_copy ( filter - > key . etype . dmac . mask , mrp_mask ) ;
2022-02-16 17:30:07 +03:00
}
2021-03-16 23:10:18 +03:00
2022-02-16 17:30:07 +03:00
static int ocelot_mrp_trap_add ( struct ocelot * ocelot , int port )
{
unsigned long cookie = OCELOT_VCAP_IS2_MRP_TRAP ( ocelot ) ;
2021-03-16 23:10:18 +03:00
2022-02-16 17:30:11 +03:00
return ocelot_trap_add ( ocelot , port , cookie , false ,
2022-02-16 17:30:07 +03:00
ocelot_populate_mrp_trap_key ) ;
}
static int ocelot_mrp_trap_del ( struct ocelot * ocelot , int port )
{
unsigned long cookie = OCELOT_VCAP_IS2_MRP_TRAP ( ocelot ) ;
return ocelot_trap_del ( ocelot , port , cookie ) ;
2021-03-16 23:10:18 +03:00
}
static void ocelot_mrp_save_mac ( struct ocelot * ocelot ,
struct ocelot_port * port )
{
ocelot_mact_learn ( ocelot , PGID_BLACKHOLE , mrp_test_dmac ,
net: mscc: ocelot: enforce FDB isolation when VLAN-unaware
Currently ocelot uses a pvid of 0 for standalone ports and ports under a
VLAN-unaware bridge, and the pvid of the bridge for ports under a
VLAN-aware bridge. Standalone ports do not perform learning, but packets
received on them are still subject to FDB lookups. So if the MAC DA that
a standalone port receives has been also learned on a VLAN-unaware
bridge port, ocelot will attempt to forward to that port, even though it
can't, so it will drop packets.
So there is a desire to avoid that, and isolate the FDBs of different
bridges from one another, and from standalone ports.
The ocelot switch library has two distinct entry points: the felix DSA
driver and the ocelot switchdev driver.
We need to code up a minimal bridge_num allocation in the ocelot
switchdev driver too, this is copied from DSA with the exception that
ocelot does not care about DSA trees, cross-chip bridging etc. So it
only looks at its own ports that are already in the same bridge.
The ocelot switchdev driver uses the bridge_num it has allocated itself,
while the felix driver uses the bridge_num allocated by DSA. They are
both stored inside ocelot_port->bridge_num by the common function
ocelot_port_bridge_join() which receives the bridge_num passed by value.
Once we have a bridge_num, we can only use it to enforce isolation
between VLAN-unaware bridges. As far as I can see, ocelot does not have
anything like a FID that further makes VLAN 100 from a port be different
to VLAN 100 from another port with regard to FDB lookup. So we simply
deny multiple VLAN-aware bridges.
For VLAN-unaware bridges, we crop the 4000-4095 VLAN region and we
allocate a VLAN for each bridge_num. This will be used as the pvid of
each port that is under that VLAN-unaware bridge, for as long as that
bridge is VLAN-unaware.
VID 0 remains only for standalone ports. It is okay if all standalone
ports use the same VID 0, since they perform no address learning, the
FDB will contain no entry in VLAN 0, so the packets will always be
flooded to the only possible destination, the CPU port.
The CPU port module doesn't need to be member of the VLANs to receive
packets, but if we use the DSA tag_8021q protocol, those packets are
part of the data plane as far as ocelot is concerned, so there it needs
to. Just ensure that the DSA tag_8021q CPU port is a member of all
reserved VLANs when it is created, and is removed when it is deleted.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-02-25 12:22:25 +03:00
OCELOT_STANDALONE_PVID , ENTRYTYPE_LOCKED ) ;
2021-03-16 23:10:18 +03:00
ocelot_mact_learn ( ocelot , PGID_BLACKHOLE , mrp_control_dmac ,
net: mscc: ocelot: enforce FDB isolation when VLAN-unaware
Currently ocelot uses a pvid of 0 for standalone ports and ports under a
VLAN-unaware bridge, and the pvid of the bridge for ports under a
VLAN-aware bridge. Standalone ports do not perform learning, but packets
received on them are still subject to FDB lookups. So if the MAC DA that
a standalone port receives has been also learned on a VLAN-unaware
bridge port, ocelot will attempt to forward to that port, even though it
can't, so it will drop packets.
So there is a desire to avoid that, and isolate the FDBs of different
bridges from one another, and from standalone ports.
The ocelot switch library has two distinct entry points: the felix DSA
driver and the ocelot switchdev driver.
We need to code up a minimal bridge_num allocation in the ocelot
switchdev driver too, this is copied from DSA with the exception that
ocelot does not care about DSA trees, cross-chip bridging etc. So it
only looks at its own ports that are already in the same bridge.
The ocelot switchdev driver uses the bridge_num it has allocated itself,
while the felix driver uses the bridge_num allocated by DSA. They are
both stored inside ocelot_port->bridge_num by the common function
ocelot_port_bridge_join() which receives the bridge_num passed by value.
Once we have a bridge_num, we can only use it to enforce isolation
between VLAN-unaware bridges. As far as I can see, ocelot does not have
anything like a FID that further makes VLAN 100 from a port be different
to VLAN 100 from another port with regard to FDB lookup. So we simply
deny multiple VLAN-aware bridges.
For VLAN-unaware bridges, we crop the 4000-4095 VLAN region and we
allocate a VLAN for each bridge_num. This will be used as the pvid of
each port that is under that VLAN-unaware bridge, for as long as that
bridge is VLAN-unaware.
VID 0 remains only for standalone ports. It is okay if all standalone
ports use the same VID 0, since they perform no address learning, the
FDB will contain no entry in VLAN 0, so the packets will always be
flooded to the only possible destination, the CPU port.
The CPU port module doesn't need to be member of the VLANs to receive
packets, but if we use the DSA tag_8021q protocol, those packets are
part of the data plane as far as ocelot is concerned, so there it needs
to. Just ensure that the DSA tag_8021q CPU port is a member of all
reserved VLANs when it is created, and is removed when it is deleted.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-02-25 12:22:25 +03:00
OCELOT_STANDALONE_PVID , ENTRYTYPE_LOCKED ) ;
2021-03-16 23:10:18 +03:00
}
static void ocelot_mrp_del_mac ( struct ocelot * ocelot ,
struct ocelot_port * port )
{
net: mscc: ocelot: enforce FDB isolation when VLAN-unaware
Currently ocelot uses a pvid of 0 for standalone ports and ports under a
VLAN-unaware bridge, and the pvid of the bridge for ports under a
VLAN-aware bridge. Standalone ports do not perform learning, but packets
received on them are still subject to FDB lookups. So if the MAC DA that
a standalone port receives has been also learned on a VLAN-unaware
bridge port, ocelot will attempt to forward to that port, even though it
can't, so it will drop packets.
So there is a desire to avoid that, and isolate the FDBs of different
bridges from one another, and from standalone ports.
The ocelot switch library has two distinct entry points: the felix DSA
driver and the ocelot switchdev driver.
We need to code up a minimal bridge_num allocation in the ocelot
switchdev driver too, this is copied from DSA with the exception that
ocelot does not care about DSA trees, cross-chip bridging etc. So it
only looks at its own ports that are already in the same bridge.
The ocelot switchdev driver uses the bridge_num it has allocated itself,
while the felix driver uses the bridge_num allocated by DSA. They are
both stored inside ocelot_port->bridge_num by the common function
ocelot_port_bridge_join() which receives the bridge_num passed by value.
Once we have a bridge_num, we can only use it to enforce isolation
between VLAN-unaware bridges. As far as I can see, ocelot does not have
anything like a FID that further makes VLAN 100 from a port be different
to VLAN 100 from another port with regard to FDB lookup. So we simply
deny multiple VLAN-aware bridges.
For VLAN-unaware bridges, we crop the 4000-4095 VLAN region and we
allocate a VLAN for each bridge_num. This will be used as the pvid of
each port that is under that VLAN-unaware bridge, for as long as that
bridge is VLAN-unaware.
VID 0 remains only for standalone ports. It is okay if all standalone
ports use the same VID 0, since they perform no address learning, the
FDB will contain no entry in VLAN 0, so the packets will always be
flooded to the only possible destination, the CPU port.
The CPU port module doesn't need to be member of the VLANs to receive
packets, but if we use the DSA tag_8021q protocol, those packets are
part of the data plane as far as ocelot is concerned, so there it needs
to. Just ensure that the DSA tag_8021q CPU port is a member of all
reserved VLANs when it is created, and is removed when it is deleted.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-02-25 12:22:25 +03:00
ocelot_mact_forget ( ocelot , mrp_test_dmac , OCELOT_STANDALONE_PVID ) ;
ocelot_mact_forget ( ocelot , mrp_control_dmac , OCELOT_STANDALONE_PVID ) ;
2021-03-16 23:10:18 +03:00
}
2021-02-17 00:42:03 +03:00
int ocelot_mrp_add ( struct ocelot * ocelot , int port ,
const struct switchdev_obj_mrp * mrp )
{
struct ocelot_port * ocelot_port = ocelot - > ports [ port ] ;
struct ocelot_port_private * priv ;
struct net_device * dev ;
if ( ! ocelot_port )
return - EOPNOTSUPP ;
priv = container_of ( ocelot_port , struct ocelot_port_private , port ) ;
dev = priv - > dev ;
if ( mrp - > p_port ! = dev & & mrp - > s_port ! = dev )
return 0 ;
2021-03-16 23:10:18 +03:00
ocelot_port - > mrp_ring_id = mrp - > ring_id ;
2021-02-17 00:42:03 +03:00
return 0 ;
}
EXPORT_SYMBOL ( ocelot_mrp_add ) ;
int ocelot_mrp_del ( struct ocelot * ocelot , int port ,
const struct switchdev_obj_mrp * mrp )
{
struct ocelot_port * ocelot_port = ocelot - > ports [ port ] ;
if ( ! ocelot_port )
return - EOPNOTSUPP ;
2021-03-16 23:10:18 +03:00
if ( ocelot_port - > mrp_ring_id ! = mrp - > ring_id )
2021-02-17 00:42:03 +03:00
return 0 ;
2021-03-16 23:10:18 +03:00
ocelot_port - > mrp_ring_id = 0 ;
2021-02-17 00:42:03 +03:00
return 0 ;
}
EXPORT_SYMBOL ( ocelot_mrp_del ) ;
int ocelot_mrp_add_ring_role ( struct ocelot * ocelot , int port ,
const struct switchdev_obj_ring_role_mrp * mrp )
{
struct ocelot_port * ocelot_port = ocelot - > ports [ port ] ;
2021-03-16 23:10:18 +03:00
int dst_port ;
2021-02-17 00:42:03 +03:00
int err ;
if ( ! ocelot_port )
return - EOPNOTSUPP ;
2021-03-16 23:10:18 +03:00
if ( mrp - > ring_role ! = BR_MRP_RING_ROLE_MRC & & ! mrp - > sw_backup )
2021-02-17 00:42:03 +03:00
return - EOPNOTSUPP ;
2021-03-16 23:10:18 +03:00
if ( ocelot_port - > mrp_ring_id ! = mrp - > ring_id )
2021-02-17 00:42:03 +03:00
return 0 ;
2021-03-16 23:10:18 +03:00
ocelot_mrp_save_mac ( ocelot , ocelot_port ) ;
2021-02-17 00:42:03 +03:00
2021-03-16 23:10:18 +03:00
if ( mrp - > ring_role ! = BR_MRP_RING_ROLE_MRC )
2022-02-16 17:30:07 +03:00
return ocelot_mrp_trap_add ( ocelot , port ) ;
2021-02-17 00:42:03 +03:00
2021-03-16 23:10:18 +03:00
dst_port = ocelot_mrp_find_partner_port ( ocelot , ocelot_port ) ;
if ( dst_port = = - 1 )
return - EINVAL ;
err = ocelot_mrp_redirect_add_vcap ( ocelot , port , dst_port ) ;
2021-02-17 00:42:03 +03:00
if ( err )
2021-03-16 23:10:18 +03:00
return err ;
2021-02-17 00:42:03 +03:00
2022-02-16 17:30:07 +03:00
err = ocelot_mrp_trap_add ( ocelot , port ) ;
2021-03-16 23:10:18 +03:00
if ( err ) {
2022-02-16 17:30:05 +03:00
ocelot_mrp_del_vcap ( ocelot ,
OCELOT_VCAP_IS2_MRP_REDIRECT ( ocelot , port ) ) ;
2021-03-16 23:10:18 +03:00
return err ;
}
return 0 ;
2021-02-17 00:42:03 +03:00
}
EXPORT_SYMBOL ( ocelot_mrp_add_ring_role ) ;
int ocelot_mrp_del_ring_role ( struct ocelot * ocelot , int port ,
const struct switchdev_obj_ring_role_mrp * mrp )
{
struct ocelot_port * ocelot_port = ocelot - > ports [ port ] ;
2022-02-16 17:30:07 +03:00
int err , i ;
2021-02-17 00:42:03 +03:00
if ( ! ocelot_port )
return - EOPNOTSUPP ;
2021-03-16 23:10:18 +03:00
if ( mrp - > ring_role ! = BR_MRP_RING_ROLE_MRC & & ! mrp - > sw_backup )
2021-02-17 00:42:03 +03:00
return - EOPNOTSUPP ;
2021-03-16 23:10:18 +03:00
if ( ocelot_port - > mrp_ring_id ! = mrp - > ring_id )
2021-02-17 00:42:03 +03:00
return 0 ;
2022-02-16 17:30:07 +03:00
err = ocelot_mrp_trap_del ( ocelot , port ) ;
if ( err )
return err ;
2022-02-16 17:30:05 +03:00
ocelot_mrp_del_vcap ( ocelot , OCELOT_VCAP_IS2_MRP_REDIRECT ( ocelot , port ) ) ;
2021-03-16 23:10:18 +03:00
for ( i = 0 ; i < ocelot - > num_phys_ports ; + + i ) {
ocelot_port = ocelot - > ports [ i ] ;
if ( ! ocelot_port )
continue ;
if ( ocelot_port - > mrp_ring_id ! = 0 )
goto out ;
}
2021-03-18 22:29:38 +03:00
ocelot_mrp_del_mac ( ocelot , ocelot - > ports [ port ] ) ;
2021-03-16 23:10:18 +03:00
out :
return 0 ;
2021-02-17 00:42:03 +03:00
}
EXPORT_SYMBOL ( ocelot_mrp_del_ring_role ) ;
