ipvlan: disallow userns cap_net_admin to change global mode/flags
[sfrench/cifs-2.6.git] / drivers / net / ipvlan / ipvlan_main.c
1 /* Copyright (c) 2014 Mahesh Bandewar <maheshb@google.com>
2  *
3  * This program is free software; you can redistribute it and/or
4  * modify it under the terms of the GNU General Public License as
5  * published by the Free Software Foundation; either version 2 of
6  * the License, or (at your option) any later version.
7  *
8  */
9
10 #include "ipvlan.h"
11
12 static unsigned int ipvlan_netid __read_mostly;
13
14 struct ipvlan_netns {
15         unsigned int ipvl_nf_hook_refcnt;
16 };
17
18 static const struct nf_hook_ops ipvl_nfops[] = {
19         {
20                 .hook     = ipvlan_nf_input,
21                 .pf       = NFPROTO_IPV4,
22                 .hooknum  = NF_INET_LOCAL_IN,
23                 .priority = INT_MAX,
24         },
25 #if IS_ENABLED(CONFIG_IPV6)
26         {
27                 .hook     = ipvlan_nf_input,
28                 .pf       = NFPROTO_IPV6,
29                 .hooknum  = NF_INET_LOCAL_IN,
30                 .priority = INT_MAX,
31         },
32 #endif
33 };
34
35 static const struct l3mdev_ops ipvl_l3mdev_ops = {
36         .l3mdev_l3_rcv = ipvlan_l3_rcv,
37 };
38
39 static void ipvlan_adjust_mtu(struct ipvl_dev *ipvlan, struct net_device *dev)
40 {
41         ipvlan->dev->mtu = dev->mtu;
42 }
43
44 static int ipvlan_register_nf_hook(struct net *net)
45 {
46         struct ipvlan_netns *vnet = net_generic(net, ipvlan_netid);
47         int err = 0;
48
49         if (!vnet->ipvl_nf_hook_refcnt) {
50                 err = nf_register_net_hooks(net, ipvl_nfops,
51                                             ARRAY_SIZE(ipvl_nfops));
52                 if (!err)
53                         vnet->ipvl_nf_hook_refcnt = 1;
54         } else {
55                 vnet->ipvl_nf_hook_refcnt++;
56         }
57
58         return err;
59 }
60
61 static void ipvlan_unregister_nf_hook(struct net *net)
62 {
63         struct ipvlan_netns *vnet = net_generic(net, ipvlan_netid);
64
65         if (WARN_ON(!vnet->ipvl_nf_hook_refcnt))
66                 return;
67
68         vnet->ipvl_nf_hook_refcnt--;
69         if (!vnet->ipvl_nf_hook_refcnt)
70                 nf_unregister_net_hooks(net, ipvl_nfops,
71                                         ARRAY_SIZE(ipvl_nfops));
72 }
73
74 static int ipvlan_set_port_mode(struct ipvl_port *port, u16 nval,
75                                 struct netlink_ext_ack *extack)
76 {
77         struct ipvl_dev *ipvlan;
78         struct net_device *mdev = port->dev;
79         unsigned int flags;
80         int err;
81
82         ASSERT_RTNL();
83         if (port->mode != nval) {
84                 list_for_each_entry(ipvlan, &port->ipvlans, pnode) {
85                         flags = ipvlan->dev->flags;
86                         if (nval == IPVLAN_MODE_L3 || nval == IPVLAN_MODE_L3S) {
87                                 err = dev_change_flags(ipvlan->dev,
88                                                        flags | IFF_NOARP,
89                                                        extack);
90                         } else {
91                                 err = dev_change_flags(ipvlan->dev,
92                                                        flags & ~IFF_NOARP,
93                                                        extack);
94                         }
95                         if (unlikely(err))
96                                 goto fail;
97                 }
98                 if (nval == IPVLAN_MODE_L3S) {
99                         /* New mode is L3S */
100                         err = ipvlan_register_nf_hook(read_pnet(&port->pnet));
101                         if (!err) {
102                                 mdev->l3mdev_ops = &ipvl_l3mdev_ops;
103                                 mdev->priv_flags |= IFF_L3MDEV_RX_HANDLER;
104                         } else
105                                 goto fail;
106                 } else if (port->mode == IPVLAN_MODE_L3S) {
107                         /* Old mode was L3S */
108                         mdev->priv_flags &= ~IFF_L3MDEV_RX_HANDLER;
109                         ipvlan_unregister_nf_hook(read_pnet(&port->pnet));
110                         mdev->l3mdev_ops = NULL;
111                 }
112                 port->mode = nval;
113         }
114         return 0;
115
116 fail:
117         /* Undo the flags changes that have been done so far. */
118         list_for_each_entry_continue_reverse(ipvlan, &port->ipvlans, pnode) {
119                 flags = ipvlan->dev->flags;
120                 if (port->mode == IPVLAN_MODE_L3 ||
121                     port->mode == IPVLAN_MODE_L3S)
122                         dev_change_flags(ipvlan->dev, flags | IFF_NOARP,
123                                          NULL);
124                 else
125                         dev_change_flags(ipvlan->dev, flags & ~IFF_NOARP,
126                                          NULL);
127         }
128
129         return err;
130 }
131
132 static int ipvlan_port_create(struct net_device *dev)
133 {
134         struct ipvl_port *port;
135         int err, idx;
136
137         port = kzalloc(sizeof(struct ipvl_port), GFP_KERNEL);
138         if (!port)
139                 return -ENOMEM;
140
141         write_pnet(&port->pnet, dev_net(dev));
142         port->dev = dev;
143         port->mode = IPVLAN_MODE_L3;
144         INIT_LIST_HEAD(&port->ipvlans);
145         for (idx = 0; idx < IPVLAN_HASH_SIZE; idx++)
146                 INIT_HLIST_HEAD(&port->hlhead[idx]);
147
148         skb_queue_head_init(&port->backlog);
149         INIT_WORK(&port->wq, ipvlan_process_multicast);
150         ida_init(&port->ida);
151         port->dev_id_start = 1;
152
153         err = netdev_rx_handler_register(dev, ipvlan_handle_frame, port);
154         if (err)
155                 goto err;
156
157         return 0;
158
159 err:
160         kfree(port);
161         return err;
162 }
163
164 static void ipvlan_port_destroy(struct net_device *dev)
165 {
166         struct ipvl_port *port = ipvlan_port_get_rtnl(dev);
167         struct sk_buff *skb;
168
169         if (port->mode == IPVLAN_MODE_L3S) {
170                 dev->priv_flags &= ~IFF_L3MDEV_RX_HANDLER;
171                 ipvlan_unregister_nf_hook(dev_net(dev));
172                 dev->l3mdev_ops = NULL;
173         }
174         netdev_rx_handler_unregister(dev);
175         cancel_work_sync(&port->wq);
176         while ((skb = __skb_dequeue(&port->backlog)) != NULL) {
177                 if (skb->dev)
178                         dev_put(skb->dev);
179                 kfree_skb(skb);
180         }
181         ida_destroy(&port->ida);
182         kfree(port);
183 }
184
185 #define IPVLAN_FEATURES \
186         (NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_HIGHDMA | NETIF_F_FRAGLIST | \
187          NETIF_F_GSO | NETIF_F_TSO | NETIF_F_GSO_ROBUST | \
188          NETIF_F_TSO_ECN | NETIF_F_TSO6 | NETIF_F_GRO | NETIF_F_RXCSUM | \
189          NETIF_F_HW_VLAN_CTAG_FILTER | NETIF_F_HW_VLAN_STAG_FILTER)
190
191 #define IPVLAN_STATE_MASK \
192         ((1<<__LINK_STATE_NOCARRIER) | (1<<__LINK_STATE_DORMANT))
193
194 static int ipvlan_init(struct net_device *dev)
195 {
196         struct ipvl_dev *ipvlan = netdev_priv(dev);
197         struct net_device *phy_dev = ipvlan->phy_dev;
198         struct ipvl_port *port;
199         int err;
200
201         dev->state = (dev->state & ~IPVLAN_STATE_MASK) |
202                      (phy_dev->state & IPVLAN_STATE_MASK);
203         dev->features = phy_dev->features & IPVLAN_FEATURES;
204         dev->features |= NETIF_F_LLTX | NETIF_F_VLAN_CHALLENGED;
205         dev->gso_max_size = phy_dev->gso_max_size;
206         dev->gso_max_segs = phy_dev->gso_max_segs;
207         dev->hard_header_len = phy_dev->hard_header_len;
208
209         netdev_lockdep_set_classes(dev);
210
211         ipvlan->pcpu_stats = netdev_alloc_pcpu_stats(struct ipvl_pcpu_stats);
212         if (!ipvlan->pcpu_stats)
213                 return -ENOMEM;
214
215         if (!netif_is_ipvlan_port(phy_dev)) {
216                 err = ipvlan_port_create(phy_dev);
217                 if (err < 0) {
218                         free_percpu(ipvlan->pcpu_stats);
219                         return err;
220                 }
221         }
222         port = ipvlan_port_get_rtnl(phy_dev);
223         port->count += 1;
224         return 0;
225 }
226
227 static void ipvlan_uninit(struct net_device *dev)
228 {
229         struct ipvl_dev *ipvlan = netdev_priv(dev);
230         struct net_device *phy_dev = ipvlan->phy_dev;
231         struct ipvl_port *port;
232
233         free_percpu(ipvlan->pcpu_stats);
234
235         port = ipvlan_port_get_rtnl(phy_dev);
236         port->count -= 1;
237         if (!port->count)
238                 ipvlan_port_destroy(port->dev);
239 }
240
241 static int ipvlan_open(struct net_device *dev)
242 {
243         struct ipvl_dev *ipvlan = netdev_priv(dev);
244         struct net_device *phy_dev = ipvlan->phy_dev;
245         struct ipvl_addr *addr;
246
247         if (ipvlan->port->mode == IPVLAN_MODE_L3 ||
248             ipvlan->port->mode == IPVLAN_MODE_L3S)
249                 dev->flags |= IFF_NOARP;
250         else
251                 dev->flags &= ~IFF_NOARP;
252
253         rcu_read_lock();
254         list_for_each_entry_rcu(addr, &ipvlan->addrs, anode)
255                 ipvlan_ht_addr_add(ipvlan, addr);
256         rcu_read_unlock();
257
258         return dev_uc_add(phy_dev, phy_dev->dev_addr);
259 }
260
261 static int ipvlan_stop(struct net_device *dev)
262 {
263         struct ipvl_dev *ipvlan = netdev_priv(dev);
264         struct net_device *phy_dev = ipvlan->phy_dev;
265         struct ipvl_addr *addr;
266
267         dev_uc_unsync(phy_dev, dev);
268         dev_mc_unsync(phy_dev, dev);
269
270         dev_uc_del(phy_dev, phy_dev->dev_addr);
271
272         rcu_read_lock();
273         list_for_each_entry_rcu(addr, &ipvlan->addrs, anode)
274                 ipvlan_ht_addr_del(addr);
275         rcu_read_unlock();
276
277         return 0;
278 }
279
280 static netdev_tx_t ipvlan_start_xmit(struct sk_buff *skb,
281                                      struct net_device *dev)
282 {
283         const struct ipvl_dev *ipvlan = netdev_priv(dev);
284         int skblen = skb->len;
285         int ret;
286
287         ret = ipvlan_queue_xmit(skb, dev);
288         if (likely(ret == NET_XMIT_SUCCESS || ret == NET_XMIT_CN)) {
289                 struct ipvl_pcpu_stats *pcptr;
290
291                 pcptr = this_cpu_ptr(ipvlan->pcpu_stats);
292
293                 u64_stats_update_begin(&pcptr->syncp);
294                 pcptr->tx_pkts++;
295                 pcptr->tx_bytes += skblen;
296                 u64_stats_update_end(&pcptr->syncp);
297         } else {
298                 this_cpu_inc(ipvlan->pcpu_stats->tx_drps);
299         }
300         return ret;
301 }
302
303 static netdev_features_t ipvlan_fix_features(struct net_device *dev,
304                                              netdev_features_t features)
305 {
306         struct ipvl_dev *ipvlan = netdev_priv(dev);
307
308         return features & (ipvlan->sfeatures | ~IPVLAN_FEATURES);
309 }
310
311 static void ipvlan_change_rx_flags(struct net_device *dev, int change)
312 {
313         struct ipvl_dev *ipvlan = netdev_priv(dev);
314         struct net_device *phy_dev = ipvlan->phy_dev;
315
316         if (change & IFF_ALLMULTI)
317                 dev_set_allmulti(phy_dev, dev->flags & IFF_ALLMULTI? 1 : -1);
318 }
319
320 static void ipvlan_set_multicast_mac_filter(struct net_device *dev)
321 {
322         struct ipvl_dev *ipvlan = netdev_priv(dev);
323
324         if (dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) {
325                 bitmap_fill(ipvlan->mac_filters, IPVLAN_MAC_FILTER_SIZE);
326         } else {
327                 struct netdev_hw_addr *ha;
328                 DECLARE_BITMAP(mc_filters, IPVLAN_MAC_FILTER_SIZE);
329
330                 bitmap_zero(mc_filters, IPVLAN_MAC_FILTER_SIZE);
331                 netdev_for_each_mc_addr(ha, dev)
332                         __set_bit(ipvlan_mac_hash(ha->addr), mc_filters);
333
334                 /* Turn-on broadcast bit irrespective of address family,
335                  * since broadcast is deferred to a work-queue, hence no
336                  * impact on fast-path processing.
337                  */
338                 __set_bit(ipvlan_mac_hash(dev->broadcast), mc_filters);
339
340                 bitmap_copy(ipvlan->mac_filters, mc_filters,
341                             IPVLAN_MAC_FILTER_SIZE);
342         }
343         dev_uc_sync(ipvlan->phy_dev, dev);
344         dev_mc_sync(ipvlan->phy_dev, dev);
345 }
346
347 static void ipvlan_get_stats64(struct net_device *dev,
348                                struct rtnl_link_stats64 *s)
349 {
350         struct ipvl_dev *ipvlan = netdev_priv(dev);
351
352         if (ipvlan->pcpu_stats) {
353                 struct ipvl_pcpu_stats *pcptr;
354                 u64 rx_pkts, rx_bytes, rx_mcast, tx_pkts, tx_bytes;
355                 u32 rx_errs = 0, tx_drps = 0;
356                 u32 strt;
357                 int idx;
358
359                 for_each_possible_cpu(idx) {
360                         pcptr = per_cpu_ptr(ipvlan->pcpu_stats, idx);
361                         do {
362                                 strt= u64_stats_fetch_begin_irq(&pcptr->syncp);
363                                 rx_pkts = pcptr->rx_pkts;
364                                 rx_bytes = pcptr->rx_bytes;
365                                 rx_mcast = pcptr->rx_mcast;
366                                 tx_pkts = pcptr->tx_pkts;
367                                 tx_bytes = pcptr->tx_bytes;
368                         } while (u64_stats_fetch_retry_irq(&pcptr->syncp,
369                                                            strt));
370
371                         s->rx_packets += rx_pkts;
372                         s->rx_bytes += rx_bytes;
373                         s->multicast += rx_mcast;
374                         s->tx_packets += tx_pkts;
375                         s->tx_bytes += tx_bytes;
376
377                         /* u32 values are updated without syncp protection. */
378                         rx_errs += pcptr->rx_errs;
379                         tx_drps += pcptr->tx_drps;
380                 }
381                 s->rx_errors = rx_errs;
382                 s->rx_dropped = rx_errs;
383                 s->tx_dropped = tx_drps;
384         }
385 }
386
387 static int ipvlan_vlan_rx_add_vid(struct net_device *dev, __be16 proto, u16 vid)
388 {
389         struct ipvl_dev *ipvlan = netdev_priv(dev);
390         struct net_device *phy_dev = ipvlan->phy_dev;
391
392         return vlan_vid_add(phy_dev, proto, vid);
393 }
394
395 static int ipvlan_vlan_rx_kill_vid(struct net_device *dev, __be16 proto,
396                                    u16 vid)
397 {
398         struct ipvl_dev *ipvlan = netdev_priv(dev);
399         struct net_device *phy_dev = ipvlan->phy_dev;
400
401         vlan_vid_del(phy_dev, proto, vid);
402         return 0;
403 }
404
405 static int ipvlan_get_iflink(const struct net_device *dev)
406 {
407         struct ipvl_dev *ipvlan = netdev_priv(dev);
408
409         return ipvlan->phy_dev->ifindex;
410 }
411
412 static const struct net_device_ops ipvlan_netdev_ops = {
413         .ndo_init               = ipvlan_init,
414         .ndo_uninit             = ipvlan_uninit,
415         .ndo_open               = ipvlan_open,
416         .ndo_stop               = ipvlan_stop,
417         .ndo_start_xmit         = ipvlan_start_xmit,
418         .ndo_fix_features       = ipvlan_fix_features,
419         .ndo_change_rx_flags    = ipvlan_change_rx_flags,
420         .ndo_set_rx_mode        = ipvlan_set_multicast_mac_filter,
421         .ndo_get_stats64        = ipvlan_get_stats64,
422         .ndo_vlan_rx_add_vid    = ipvlan_vlan_rx_add_vid,
423         .ndo_vlan_rx_kill_vid   = ipvlan_vlan_rx_kill_vid,
424         .ndo_get_iflink         = ipvlan_get_iflink,
425 };
426
427 static int ipvlan_hard_header(struct sk_buff *skb, struct net_device *dev,
428                               unsigned short type, const void *daddr,
429                               const void *saddr, unsigned len)
430 {
431         const struct ipvl_dev *ipvlan = netdev_priv(dev);
432         struct net_device *phy_dev = ipvlan->phy_dev;
433
434         /* TODO Probably use a different field than dev_addr so that the
435          * mac-address on the virtual device is portable and can be carried
436          * while the packets use the mac-addr on the physical device.
437          */
438         return dev_hard_header(skb, phy_dev, type, daddr,
439                                saddr ? : phy_dev->dev_addr, len);
440 }
441
442 static const struct header_ops ipvlan_header_ops = {
443         .create         = ipvlan_hard_header,
444         .parse          = eth_header_parse,
445         .cache          = eth_header_cache,
446         .cache_update   = eth_header_cache_update,
447 };
448
449 static bool netif_is_ipvlan(const struct net_device *dev)
450 {
451         /* both ipvlan and ipvtap devices use the same netdev_ops */
452         return dev->netdev_ops == &ipvlan_netdev_ops;
453 }
454
455 static int ipvlan_ethtool_get_link_ksettings(struct net_device *dev,
456                                              struct ethtool_link_ksettings *cmd)
457 {
458         const struct ipvl_dev *ipvlan = netdev_priv(dev);
459
460         return __ethtool_get_link_ksettings(ipvlan->phy_dev, cmd);
461 }
462
463 static void ipvlan_ethtool_get_drvinfo(struct net_device *dev,
464                                        struct ethtool_drvinfo *drvinfo)
465 {
466         strlcpy(drvinfo->driver, IPVLAN_DRV, sizeof(drvinfo->driver));
467         strlcpy(drvinfo->version, IPV_DRV_VER, sizeof(drvinfo->version));
468 }
469
470 static u32 ipvlan_ethtool_get_msglevel(struct net_device *dev)
471 {
472         const struct ipvl_dev *ipvlan = netdev_priv(dev);
473
474         return ipvlan->msg_enable;
475 }
476
477 static void ipvlan_ethtool_set_msglevel(struct net_device *dev, u32 value)
478 {
479         struct ipvl_dev *ipvlan = netdev_priv(dev);
480
481         ipvlan->msg_enable = value;
482 }
483
484 static const struct ethtool_ops ipvlan_ethtool_ops = {
485         .get_link       = ethtool_op_get_link,
486         .get_link_ksettings     = ipvlan_ethtool_get_link_ksettings,
487         .get_drvinfo    = ipvlan_ethtool_get_drvinfo,
488         .get_msglevel   = ipvlan_ethtool_get_msglevel,
489         .set_msglevel   = ipvlan_ethtool_set_msglevel,
490 };
491
492 static int ipvlan_nl_changelink(struct net_device *dev,
493                                 struct nlattr *tb[], struct nlattr *data[],
494                                 struct netlink_ext_ack *extack)
495 {
496         struct ipvl_dev *ipvlan = netdev_priv(dev);
497         struct ipvl_port *port = ipvlan_port_get_rtnl(ipvlan->phy_dev);
498         int err = 0;
499
500         if (!data)
501                 return 0;
502         if (!ns_capable(dev_net(ipvlan->phy_dev)->user_ns, CAP_NET_ADMIN))
503                 return -EPERM;
504
505         if (data[IFLA_IPVLAN_MODE]) {
506                 u16 nmode = nla_get_u16(data[IFLA_IPVLAN_MODE]);
507
508                 err = ipvlan_set_port_mode(port, nmode, extack);
509         }
510
511         if (!err && data[IFLA_IPVLAN_FLAGS]) {
512                 u16 flags = nla_get_u16(data[IFLA_IPVLAN_FLAGS]);
513
514                 if (flags & IPVLAN_F_PRIVATE)
515                         ipvlan_mark_private(port);
516                 else
517                         ipvlan_clear_private(port);
518
519                 if (flags & IPVLAN_F_VEPA)
520                         ipvlan_mark_vepa(port);
521                 else
522                         ipvlan_clear_vepa(port);
523         }
524
525         return err;
526 }
527
528 static size_t ipvlan_nl_getsize(const struct net_device *dev)
529 {
530         return (0
531                 + nla_total_size(2) /* IFLA_IPVLAN_MODE */
532                 + nla_total_size(2) /* IFLA_IPVLAN_FLAGS */
533                 );
534 }
535
536 static int ipvlan_nl_validate(struct nlattr *tb[], struct nlattr *data[],
537                               struct netlink_ext_ack *extack)
538 {
539         if (!data)
540                 return 0;
541
542         if (data[IFLA_IPVLAN_MODE]) {
543                 u16 mode = nla_get_u16(data[IFLA_IPVLAN_MODE]);
544
545                 if (mode >= IPVLAN_MODE_MAX)
546                         return -EINVAL;
547         }
548         if (data[IFLA_IPVLAN_FLAGS]) {
549                 u16 flags = nla_get_u16(data[IFLA_IPVLAN_FLAGS]);
550
551                 /* Only two bits are used at this moment. */
552                 if (flags & ~(IPVLAN_F_PRIVATE | IPVLAN_F_VEPA))
553                         return -EINVAL;
554                 /* Also both flags can't be active at the same time. */
555                 if ((flags & (IPVLAN_F_PRIVATE | IPVLAN_F_VEPA)) ==
556                     (IPVLAN_F_PRIVATE | IPVLAN_F_VEPA))
557                         return -EINVAL;
558         }
559
560         return 0;
561 }
562
563 static int ipvlan_nl_fillinfo(struct sk_buff *skb,
564                               const struct net_device *dev)
565 {
566         struct ipvl_dev *ipvlan = netdev_priv(dev);
567         struct ipvl_port *port = ipvlan_port_get_rtnl(ipvlan->phy_dev);
568         int ret = -EINVAL;
569
570         if (!port)
571                 goto err;
572
573         ret = -EMSGSIZE;
574         if (nla_put_u16(skb, IFLA_IPVLAN_MODE, port->mode))
575                 goto err;
576         if (nla_put_u16(skb, IFLA_IPVLAN_FLAGS, port->flags))
577                 goto err;
578
579         return 0;
580
581 err:
582         return ret;
583 }
584
585 int ipvlan_link_new(struct net *src_net, struct net_device *dev,
586                     struct nlattr *tb[], struct nlattr *data[],
587                     struct netlink_ext_ack *extack)
588 {
589         struct ipvl_dev *ipvlan = netdev_priv(dev);
590         struct ipvl_port *port;
591         struct net_device *phy_dev;
592         int err;
593         u16 mode = IPVLAN_MODE_L3;
594
595         if (!tb[IFLA_LINK])
596                 return -EINVAL;
597
598         phy_dev = __dev_get_by_index(src_net, nla_get_u32(tb[IFLA_LINK]));
599         if (!phy_dev)
600                 return -ENODEV;
601
602         if (netif_is_ipvlan(phy_dev)) {
603                 struct ipvl_dev *tmp = netdev_priv(phy_dev);
604
605                 phy_dev = tmp->phy_dev;
606                 if (!ns_capable(dev_net(phy_dev)->user_ns, CAP_NET_ADMIN))
607                         return -EPERM;
608         } else if (!netif_is_ipvlan_port(phy_dev)) {
609                 /* Exit early if the underlying link is invalid or busy */
610                 if (phy_dev->type != ARPHRD_ETHER ||
611                     phy_dev->flags & IFF_LOOPBACK) {
612                         netdev_err(phy_dev,
613                                    "Master is either lo or non-ether device\n");
614                         return -EINVAL;
615                 }
616
617                 if (netdev_is_rx_handler_busy(phy_dev)) {
618                         netdev_err(phy_dev, "Device is already in use.\n");
619                         return -EBUSY;
620                 }
621         }
622
623         ipvlan->phy_dev = phy_dev;
624         ipvlan->dev = dev;
625         ipvlan->sfeatures = IPVLAN_FEATURES;
626         if (!tb[IFLA_MTU])
627                 ipvlan_adjust_mtu(ipvlan, phy_dev);
628         INIT_LIST_HEAD(&ipvlan->addrs);
629         spin_lock_init(&ipvlan->addrs_lock);
630
631         /* TODO Probably put random address here to be presented to the
632          * world but keep using the physical-dev address for the outgoing
633          * packets.
634          */
635         memcpy(dev->dev_addr, phy_dev->dev_addr, ETH_ALEN);
636
637         dev->priv_flags |= IFF_NO_RX_HANDLER;
638
639         err = register_netdevice(dev);
640         if (err < 0)
641                 return err;
642
643         /* ipvlan_init() would have created the port, if required */
644         port = ipvlan_port_get_rtnl(phy_dev);
645         ipvlan->port = port;
646
647         /* If the port-id base is at the MAX value, then wrap it around and
648          * begin from 0x1 again. This may be due to a busy system where lots
649          * of slaves are getting created and deleted.
650          */
651         if (port->dev_id_start == 0xFFFE)
652                 port->dev_id_start = 0x1;
653
654         /* Since L2 address is shared among all IPvlan slaves including
655          * master, use unique 16 bit dev-ids to diffentiate among them.
656          * Assign IDs between 0x1 and 0xFFFE (used by the master) to each
657          * slave link [see addrconf_ifid_eui48()].
658          */
659         err = ida_simple_get(&port->ida, port->dev_id_start, 0xFFFE,
660                              GFP_KERNEL);
661         if (err < 0)
662                 err = ida_simple_get(&port->ida, 0x1, port->dev_id_start,
663                                      GFP_KERNEL);
664         if (err < 0)
665                 goto unregister_netdev;
666         dev->dev_id = err;
667
668         /* Increment id-base to the next slot for the future assignment */
669         port->dev_id_start = err + 1;
670
671         err = netdev_upper_dev_link(phy_dev, dev, extack);
672         if (err)
673                 goto remove_ida;
674
675         /* Flags are per port and latest update overrides. User has
676          * to be consistent in setting it just like the mode attribute.
677          */
678         if (data && data[IFLA_IPVLAN_FLAGS])
679                 port->flags = nla_get_u16(data[IFLA_IPVLAN_FLAGS]);
680
681         if (data && data[IFLA_IPVLAN_MODE])
682                 mode = nla_get_u16(data[IFLA_IPVLAN_MODE]);
683
684         err = ipvlan_set_port_mode(port, mode, extack);
685         if (err)
686                 goto unlink_netdev;
687
688         list_add_tail_rcu(&ipvlan->pnode, &port->ipvlans);
689         netif_stacked_transfer_operstate(phy_dev, dev);
690         return 0;
691
692 unlink_netdev:
693         netdev_upper_dev_unlink(phy_dev, dev);
694 remove_ida:
695         ida_simple_remove(&port->ida, dev->dev_id);
696 unregister_netdev:
697         unregister_netdevice(dev);
698         return err;
699 }
700 EXPORT_SYMBOL_GPL(ipvlan_link_new);
701
702 void ipvlan_link_delete(struct net_device *dev, struct list_head *head)
703 {
704         struct ipvl_dev *ipvlan = netdev_priv(dev);
705         struct ipvl_addr *addr, *next;
706
707         spin_lock_bh(&ipvlan->addrs_lock);
708         list_for_each_entry_safe(addr, next, &ipvlan->addrs, anode) {
709                 ipvlan_ht_addr_del(addr);
710                 list_del_rcu(&addr->anode);
711                 kfree_rcu(addr, rcu);
712         }
713         spin_unlock_bh(&ipvlan->addrs_lock);
714
715         ida_simple_remove(&ipvlan->port->ida, dev->dev_id);
716         list_del_rcu(&ipvlan->pnode);
717         unregister_netdevice_queue(dev, head);
718         netdev_upper_dev_unlink(ipvlan->phy_dev, dev);
719 }
720 EXPORT_SYMBOL_GPL(ipvlan_link_delete);
721
722 void ipvlan_link_setup(struct net_device *dev)
723 {
724         ether_setup(dev);
725
726         dev->max_mtu = ETH_MAX_MTU;
727         dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_TX_SKB_SHARING);
728         dev->priv_flags |= IFF_UNICAST_FLT | IFF_NO_QUEUE;
729         dev->netdev_ops = &ipvlan_netdev_ops;
730         dev->needs_free_netdev = true;
731         dev->header_ops = &ipvlan_header_ops;
732         dev->ethtool_ops = &ipvlan_ethtool_ops;
733 }
734 EXPORT_SYMBOL_GPL(ipvlan_link_setup);
735
736 static const struct nla_policy ipvlan_nl_policy[IFLA_IPVLAN_MAX + 1] =
737 {
738         [IFLA_IPVLAN_MODE] = { .type = NLA_U16 },
739         [IFLA_IPVLAN_FLAGS] = { .type = NLA_U16 },
740 };
741
742 static struct rtnl_link_ops ipvlan_link_ops = {
743         .kind           = "ipvlan",
744         .priv_size      = sizeof(struct ipvl_dev),
745
746         .setup          = ipvlan_link_setup,
747         .newlink        = ipvlan_link_new,
748         .dellink        = ipvlan_link_delete,
749 };
750
751 int ipvlan_link_register(struct rtnl_link_ops *ops)
752 {
753         ops->get_size   = ipvlan_nl_getsize;
754         ops->policy     = ipvlan_nl_policy;
755         ops->validate   = ipvlan_nl_validate;
756         ops->fill_info  = ipvlan_nl_fillinfo;
757         ops->changelink = ipvlan_nl_changelink;
758         ops->maxtype    = IFLA_IPVLAN_MAX;
759         return rtnl_link_register(ops);
760 }
761 EXPORT_SYMBOL_GPL(ipvlan_link_register);
762
763 static int ipvlan_device_event(struct notifier_block *unused,
764                                unsigned long event, void *ptr)
765 {
766         struct netlink_ext_ack *extack = netdev_notifier_info_to_extack(ptr);
767         struct netdev_notifier_pre_changeaddr_info *prechaddr_info;
768         struct net_device *dev = netdev_notifier_info_to_dev(ptr);
769         struct ipvl_dev *ipvlan, *next;
770         struct ipvl_port *port;
771         LIST_HEAD(lst_kill);
772         int err;
773
774         if (!netif_is_ipvlan_port(dev))
775                 return NOTIFY_DONE;
776
777         port = ipvlan_port_get_rtnl(dev);
778
779         switch (event) {
780         case NETDEV_CHANGE:
781                 list_for_each_entry(ipvlan, &port->ipvlans, pnode)
782                         netif_stacked_transfer_operstate(ipvlan->phy_dev,
783                                                          ipvlan->dev);
784                 break;
785
786         case NETDEV_REGISTER: {
787                 struct net *oldnet, *newnet = dev_net(dev);
788                 struct ipvlan_netns *old_vnet;
789
790                 oldnet = read_pnet(&port->pnet);
791                 if (net_eq(newnet, oldnet))
792                         break;
793
794                 write_pnet(&port->pnet, newnet);
795
796                 old_vnet = net_generic(oldnet, ipvlan_netid);
797                 if (!old_vnet->ipvl_nf_hook_refcnt)
798                         break;
799
800                 ipvlan_register_nf_hook(newnet);
801                 ipvlan_unregister_nf_hook(oldnet);
802                 break;
803         }
804         case NETDEV_UNREGISTER:
805                 if (dev->reg_state != NETREG_UNREGISTERING)
806                         break;
807
808                 list_for_each_entry_safe(ipvlan, next, &port->ipvlans, pnode)
809                         ipvlan->dev->rtnl_link_ops->dellink(ipvlan->dev,
810                                                             &lst_kill);
811                 unregister_netdevice_many(&lst_kill);
812                 break;
813
814         case NETDEV_FEAT_CHANGE:
815                 list_for_each_entry(ipvlan, &port->ipvlans, pnode) {
816                         ipvlan->dev->features = dev->features & IPVLAN_FEATURES;
817                         ipvlan->dev->gso_max_size = dev->gso_max_size;
818                         ipvlan->dev->gso_max_segs = dev->gso_max_segs;
819                         netdev_features_change(ipvlan->dev);
820                 }
821                 break;
822
823         case NETDEV_CHANGEMTU:
824                 list_for_each_entry(ipvlan, &port->ipvlans, pnode)
825                         ipvlan_adjust_mtu(ipvlan, dev);
826                 break;
827
828         case NETDEV_PRE_CHANGEADDR:
829                 prechaddr_info = ptr;
830                 list_for_each_entry(ipvlan, &port->ipvlans, pnode) {
831                         err = dev_pre_changeaddr_notify(ipvlan->dev,
832                                                     prechaddr_info->dev_addr,
833                                                     extack);
834                         if (err)
835                                 return notifier_from_errno(err);
836                 }
837                 break;
838
839         case NETDEV_CHANGEADDR:
840                 list_for_each_entry(ipvlan, &port->ipvlans, pnode) {
841                         ether_addr_copy(ipvlan->dev->dev_addr, dev->dev_addr);
842                         call_netdevice_notifiers(NETDEV_CHANGEADDR, ipvlan->dev);
843                 }
844                 break;
845
846         case NETDEV_PRE_TYPE_CHANGE:
847                 /* Forbid underlying device to change its type. */
848                 return NOTIFY_BAD;
849         }
850         return NOTIFY_DONE;
851 }
852
853 /* the caller must held the addrs lock */
854 static int ipvlan_add_addr(struct ipvl_dev *ipvlan, void *iaddr, bool is_v6)
855 {
856         struct ipvl_addr *addr;
857
858         addr = kzalloc(sizeof(struct ipvl_addr), GFP_ATOMIC);
859         if (!addr)
860                 return -ENOMEM;
861
862         addr->master = ipvlan;
863         if (!is_v6) {
864                 memcpy(&addr->ip4addr, iaddr, sizeof(struct in_addr));
865                 addr->atype = IPVL_IPV4;
866 #if IS_ENABLED(CONFIG_IPV6)
867         } else {
868                 memcpy(&addr->ip6addr, iaddr, sizeof(struct in6_addr));
869                 addr->atype = IPVL_IPV6;
870 #endif
871         }
872
873         list_add_tail_rcu(&addr->anode, &ipvlan->addrs);
874
875         /* If the interface is not up, the address will be added to the hash
876          * list by ipvlan_open.
877          */
878         if (netif_running(ipvlan->dev))
879                 ipvlan_ht_addr_add(ipvlan, addr);
880
881         return 0;
882 }
883
884 static void ipvlan_del_addr(struct ipvl_dev *ipvlan, void *iaddr, bool is_v6)
885 {
886         struct ipvl_addr *addr;
887
888         spin_lock_bh(&ipvlan->addrs_lock);
889         addr = ipvlan_find_addr(ipvlan, iaddr, is_v6);
890         if (!addr) {
891                 spin_unlock_bh(&ipvlan->addrs_lock);
892                 return;
893         }
894
895         ipvlan_ht_addr_del(addr);
896         list_del_rcu(&addr->anode);
897         spin_unlock_bh(&ipvlan->addrs_lock);
898         kfree_rcu(addr, rcu);
899 }
900
901 static bool ipvlan_is_valid_dev(const struct net_device *dev)
902 {
903         struct ipvl_dev *ipvlan = netdev_priv(dev);
904
905         if (!netif_is_ipvlan(dev))
906                 return false;
907
908         if (!ipvlan || !ipvlan->port)
909                 return false;
910
911         return true;
912 }
913
914 #if IS_ENABLED(CONFIG_IPV6)
915 static int ipvlan_add_addr6(struct ipvl_dev *ipvlan, struct in6_addr *ip6_addr)
916 {
917         int ret = -EINVAL;
918
919         spin_lock_bh(&ipvlan->addrs_lock);
920         if (ipvlan_addr_busy(ipvlan->port, ip6_addr, true))
921                 netif_err(ipvlan, ifup, ipvlan->dev,
922                           "Failed to add IPv6=%pI6c addr for %s intf\n",
923                           ip6_addr, ipvlan->dev->name);
924         else
925                 ret = ipvlan_add_addr(ipvlan, ip6_addr, true);
926         spin_unlock_bh(&ipvlan->addrs_lock);
927         return ret;
928 }
929
930 static void ipvlan_del_addr6(struct ipvl_dev *ipvlan, struct in6_addr *ip6_addr)
931 {
932         return ipvlan_del_addr(ipvlan, ip6_addr, true);
933 }
934
935 static int ipvlan_addr6_event(struct notifier_block *unused,
936                               unsigned long event, void *ptr)
937 {
938         struct inet6_ifaddr *if6 = (struct inet6_ifaddr *)ptr;
939         struct net_device *dev = (struct net_device *)if6->idev->dev;
940         struct ipvl_dev *ipvlan = netdev_priv(dev);
941
942         if (!ipvlan_is_valid_dev(dev))
943                 return NOTIFY_DONE;
944
945         switch (event) {
946         case NETDEV_UP:
947                 if (ipvlan_add_addr6(ipvlan, &if6->addr))
948                         return NOTIFY_BAD;
949                 break;
950
951         case NETDEV_DOWN:
952                 ipvlan_del_addr6(ipvlan, &if6->addr);
953                 break;
954         }
955
956         return NOTIFY_OK;
957 }
958
959 static int ipvlan_addr6_validator_event(struct notifier_block *unused,
960                                         unsigned long event, void *ptr)
961 {
962         struct in6_validator_info *i6vi = (struct in6_validator_info *)ptr;
963         struct net_device *dev = (struct net_device *)i6vi->i6vi_dev->dev;
964         struct ipvl_dev *ipvlan = netdev_priv(dev);
965
966         if (!ipvlan_is_valid_dev(dev))
967                 return NOTIFY_DONE;
968
969         switch (event) {
970         case NETDEV_UP:
971                 if (ipvlan_addr_busy(ipvlan->port, &i6vi->i6vi_addr, true)) {
972                         NL_SET_ERR_MSG(i6vi->extack,
973                                        "Address already assigned to an ipvlan device");
974                         return notifier_from_errno(-EADDRINUSE);
975                 }
976                 break;
977         }
978
979         return NOTIFY_OK;
980 }
981 #endif
982
983 static int ipvlan_add_addr4(struct ipvl_dev *ipvlan, struct in_addr *ip4_addr)
984 {
985         int ret = -EINVAL;
986
987         spin_lock_bh(&ipvlan->addrs_lock);
988         if (ipvlan_addr_busy(ipvlan->port, ip4_addr, false))
989                 netif_err(ipvlan, ifup, ipvlan->dev,
990                           "Failed to add IPv4=%pI4 on %s intf.\n",
991                           ip4_addr, ipvlan->dev->name);
992         else
993                 ret = ipvlan_add_addr(ipvlan, ip4_addr, false);
994         spin_unlock_bh(&ipvlan->addrs_lock);
995         return ret;
996 }
997
998 static void ipvlan_del_addr4(struct ipvl_dev *ipvlan, struct in_addr *ip4_addr)
999 {
1000         return ipvlan_del_addr(ipvlan, ip4_addr, false);
1001 }
1002
1003 static int ipvlan_addr4_event(struct notifier_block *unused,
1004                               unsigned long event, void *ptr)
1005 {
1006         struct in_ifaddr *if4 = (struct in_ifaddr *)ptr;
1007         struct net_device *dev = (struct net_device *)if4->ifa_dev->dev;
1008         struct ipvl_dev *ipvlan = netdev_priv(dev);
1009         struct in_addr ip4_addr;
1010
1011         if (!ipvlan_is_valid_dev(dev))
1012                 return NOTIFY_DONE;
1013
1014         switch (event) {
1015         case NETDEV_UP:
1016                 ip4_addr.s_addr = if4->ifa_address;
1017                 if (ipvlan_add_addr4(ipvlan, &ip4_addr))
1018                         return NOTIFY_BAD;
1019                 break;
1020
1021         case NETDEV_DOWN:
1022                 ip4_addr.s_addr = if4->ifa_address;
1023                 ipvlan_del_addr4(ipvlan, &ip4_addr);
1024                 break;
1025         }
1026
1027         return NOTIFY_OK;
1028 }
1029
1030 static int ipvlan_addr4_validator_event(struct notifier_block *unused,
1031                                         unsigned long event, void *ptr)
1032 {
1033         struct in_validator_info *ivi = (struct in_validator_info *)ptr;
1034         struct net_device *dev = (struct net_device *)ivi->ivi_dev->dev;
1035         struct ipvl_dev *ipvlan = netdev_priv(dev);
1036
1037         if (!ipvlan_is_valid_dev(dev))
1038                 return NOTIFY_DONE;
1039
1040         switch (event) {
1041         case NETDEV_UP:
1042                 if (ipvlan_addr_busy(ipvlan->port, &ivi->ivi_addr, false)) {
1043                         NL_SET_ERR_MSG(ivi->extack,
1044                                        "Address already assigned to an ipvlan device");
1045                         return notifier_from_errno(-EADDRINUSE);
1046                 }
1047                 break;
1048         }
1049
1050         return NOTIFY_OK;
1051 }
1052
1053 static struct notifier_block ipvlan_addr4_notifier_block __read_mostly = {
1054         .notifier_call = ipvlan_addr4_event,
1055 };
1056
1057 static struct notifier_block ipvlan_addr4_vtor_notifier_block __read_mostly = {
1058         .notifier_call = ipvlan_addr4_validator_event,
1059 };
1060
1061 static struct notifier_block ipvlan_notifier_block __read_mostly = {
1062         .notifier_call = ipvlan_device_event,
1063 };
1064
1065 #if IS_ENABLED(CONFIG_IPV6)
1066 static struct notifier_block ipvlan_addr6_notifier_block __read_mostly = {
1067         .notifier_call = ipvlan_addr6_event,
1068 };
1069
1070 static struct notifier_block ipvlan_addr6_vtor_notifier_block __read_mostly = {
1071         .notifier_call = ipvlan_addr6_validator_event,
1072 };
1073 #endif
1074
1075 static void ipvlan_ns_exit(struct net *net)
1076 {
1077         struct ipvlan_netns *vnet = net_generic(net, ipvlan_netid);
1078
1079         if (WARN_ON_ONCE(vnet->ipvl_nf_hook_refcnt)) {
1080                 vnet->ipvl_nf_hook_refcnt = 0;
1081                 nf_unregister_net_hooks(net, ipvl_nfops,
1082                                         ARRAY_SIZE(ipvl_nfops));
1083         }
1084 }
1085
1086 static struct pernet_operations ipvlan_net_ops = {
1087         .id = &ipvlan_netid,
1088         .size = sizeof(struct ipvlan_netns),
1089         .exit = ipvlan_ns_exit,
1090 };
1091
1092 static int __init ipvlan_init_module(void)
1093 {
1094         int err;
1095
1096         ipvlan_init_secret();
1097         register_netdevice_notifier(&ipvlan_notifier_block);
1098 #if IS_ENABLED(CONFIG_IPV6)
1099         register_inet6addr_notifier(&ipvlan_addr6_notifier_block);
1100         register_inet6addr_validator_notifier(
1101             &ipvlan_addr6_vtor_notifier_block);
1102 #endif
1103         register_inetaddr_notifier(&ipvlan_addr4_notifier_block);
1104         register_inetaddr_validator_notifier(&ipvlan_addr4_vtor_notifier_block);
1105
1106         err = register_pernet_subsys(&ipvlan_net_ops);
1107         if (err < 0)
1108                 goto error;
1109
1110         err = ipvlan_link_register(&ipvlan_link_ops);
1111         if (err < 0) {
1112                 unregister_pernet_subsys(&ipvlan_net_ops);
1113                 goto error;
1114         }
1115
1116         return 0;
1117 error:
1118         unregister_inetaddr_notifier(&ipvlan_addr4_notifier_block);
1119         unregister_inetaddr_validator_notifier(
1120             &ipvlan_addr4_vtor_notifier_block);
1121 #if IS_ENABLED(CONFIG_IPV6)
1122         unregister_inet6addr_notifier(&ipvlan_addr6_notifier_block);
1123         unregister_inet6addr_validator_notifier(
1124             &ipvlan_addr6_vtor_notifier_block);
1125 #endif
1126         unregister_netdevice_notifier(&ipvlan_notifier_block);
1127         return err;
1128 }
1129
1130 static void __exit ipvlan_cleanup_module(void)
1131 {
1132         rtnl_link_unregister(&ipvlan_link_ops);
1133         unregister_pernet_subsys(&ipvlan_net_ops);
1134         unregister_netdevice_notifier(&ipvlan_notifier_block);
1135         unregister_inetaddr_notifier(&ipvlan_addr4_notifier_block);
1136         unregister_inetaddr_validator_notifier(
1137             &ipvlan_addr4_vtor_notifier_block);
1138 #if IS_ENABLED(CONFIG_IPV6)
1139         unregister_inet6addr_notifier(&ipvlan_addr6_notifier_block);
1140         unregister_inet6addr_validator_notifier(
1141             &ipvlan_addr6_vtor_notifier_block);
1142 #endif
1143 }
1144
1145 module_init(ipvlan_init_module);
1146 module_exit(ipvlan_cleanup_module);
1147
1148 MODULE_LICENSE("GPL");
1149 MODULE_AUTHOR("Mahesh Bandewar <maheshb@google.com>");
1150 MODULE_DESCRIPTION("Driver for L3 (IPv6/IPv4) based VLANs");
1151 MODULE_ALIAS_RTNL_LINK("ipvlan");