fix use-after-free when an interface event is pending while the interface is being...
[project/netifd.git] / bridge.c
1 #include <string.h>
2 #include <stdlib.h>
3 #include <stdio.h>
4 #include <assert.h>
5 #include <errno.h>
6
7 #include "netifd.h"
8 #include "device.h"
9 #include "interface.h"
10 #include "system.h"
11
12 enum {
13         BRIDGE_ATTR_IFNAME,
14         BRIDGE_ATTR_STP,
15         BRIDGE_ATTR_FORWARD_DELAY,
16         BRIDGE_ATTR_IGMP_SNOOP,
17         BRIDGE_ATTR_AGEING_TIME,
18         BRIDGE_ATTR_HELLO_TIME,
19         BRIDGE_ATTR_MAX_AGE,
20         __BRIDGE_ATTR_MAX
21 };
22
23 static const struct blobmsg_policy bridge_attrs[__BRIDGE_ATTR_MAX] = {
24         [BRIDGE_ATTR_IFNAME] = { "ifname", BLOBMSG_TYPE_ARRAY },
25         [BRIDGE_ATTR_STP] = { "stp", BLOBMSG_TYPE_BOOL },
26         [BRIDGE_ATTR_FORWARD_DELAY] = { "forward_delay", BLOBMSG_TYPE_INT32 },
27         [BRIDGE_ATTR_AGEING_TIME] = { "ageing_time", BLOBMSG_TYPE_INT32 },
28         [BRIDGE_ATTR_HELLO_TIME] = { "hello_time", BLOBMSG_TYPE_INT32 },
29         [BRIDGE_ATTR_MAX_AGE] = { "max_age", BLOBMSG_TYPE_INT32 },
30         [BRIDGE_ATTR_IGMP_SNOOP] = { "igmp_snooping", BLOBMSG_TYPE_BOOL },
31 };
32
33 static const union config_param_info bridge_attr_info[__BRIDGE_ATTR_MAX] = {
34         [BRIDGE_ATTR_IFNAME] = { .type = BLOBMSG_TYPE_STRING },
35 };
36
37 static const struct config_param_list bridge_attr_list = {
38         .n_params = __BRIDGE_ATTR_MAX,
39         .params = bridge_attrs,
40         .info = bridge_attr_info,
41
42         .n_next = 1,
43         .next = { &device_attr_list },
44 };
45
46 static struct device *bridge_create(const char *name, struct blob_attr *attr);
47 static void bridge_config_init(struct device *dev);
48 static void bridge_free(struct device *dev);
49 static void bridge_dump_info(struct device *dev, struct blob_buf *b);
50 enum dev_change_type
51 bridge_reload(struct device *dev, struct blob_attr *attr);
52
53 const struct device_type bridge_device_type = {
54         .name = "Bridge",
55         .config_params = &bridge_attr_list,
56
57         .create = bridge_create,
58         .config_init = bridge_config_init,
59         .reload = bridge_reload,
60         .free = bridge_free,
61         .dump_info = bridge_dump_info,
62 };
63
64 struct bridge_state {
65         struct device dev;
66         device_state_cb set_state;
67
68         struct blob_attr *config_data;
69         struct bridge_config config;
70         struct blob_attr *ifnames;
71         bool active;
72         bool force_active;
73
74         struct vlist_tree members;
75         int n_present;
76 };
77
78 struct bridge_member {
79         struct vlist_node node;
80         struct bridge_state *bst;
81         struct device_user dev;
82         bool present;
83         char name[];
84 };
85
86 static int
87 bridge_disable_member(struct bridge_member *bm)
88 {
89         struct bridge_state *bst = bm->bst;
90
91         if (!bm->present)
92                 return 0;
93
94         system_bridge_delif(&bst->dev, bm->dev.dev);
95         device_release(&bm->dev);
96
97         return 0;
98 }
99
100 static int
101 bridge_enable_member(struct bridge_member *bm)
102 {
103         struct bridge_state *bst = bm->bst;
104         int ret;
105
106         if (!bm->present)
107                 return 0;
108
109         ret = device_claim(&bm->dev);
110         if (ret < 0)
111                 goto error;
112
113         ret = system_bridge_addif(&bst->dev, bm->dev.dev);
114         if (ret < 0) {
115                 D(DEVICE, "Bridge device %s could not be added\n", bm->dev.dev->ifname);
116                 goto error;
117         }
118
119         return 0;
120
121 error:
122         bm->present = false;
123         bst->n_present--;
124         return ret;
125 }
126
127 static void
128 bridge_remove_member(struct bridge_member *bm)
129 {
130         struct bridge_state *bst = bm->bst;
131
132         if (!bm->present)
133                 return;
134
135         if (bst->dev.active)
136                 bridge_disable_member(bm);
137
138         bm->present = false;
139         bm->bst->n_present--;
140
141         bst->force_active = false;
142         if (bst->n_present == 0)
143                 device_set_present(&bst->dev, false);
144 }
145
146 static void
147 bridge_member_cb(struct device_user *dev, enum device_event ev)
148 {
149         struct bridge_member *bm = container_of(dev, struct bridge_member, dev);
150         struct bridge_state *bst = bm->bst;
151
152         switch (ev) {
153         case DEV_EVENT_ADD:
154                 assert(!bm->present);
155
156                 bm->present = true;
157                 bst->n_present++;
158
159                 if (bst->dev.active)
160                         bridge_enable_member(bm);
161                 else if (bst->n_present == 1)
162                         device_set_present(&bst->dev, true);
163
164                 break;
165         case DEV_EVENT_REMOVE:
166                 if (dev->hotplug) {
167                         vlist_delete(&bst->members, &bm->node);
168                         return;
169                 }
170
171                 if (bm->present)
172                         bridge_remove_member(bm);
173
174                 break;
175         default:
176                 return;
177         }
178 }
179
180 static int
181 bridge_set_down(struct bridge_state *bst)
182 {
183         struct bridge_member *bm;
184
185         bst->set_state(&bst->dev, false);
186
187         vlist_for_each_element(&bst->members, bm, node)
188                 bridge_disable_member(bm);
189
190         system_bridge_delbr(&bst->dev);
191
192         return 0;
193 }
194
195 static int
196 bridge_set_up(struct bridge_state *bst)
197 {
198         struct bridge_member *bm;
199         int ret;
200
201         if (!bst->force_active && !bst->n_present)
202                 return -ENOENT;
203
204         ret = system_bridge_addbr(&bst->dev, &bst->config);
205         if (ret < 0)
206                 goto out;
207
208         vlist_for_each_element(&bst->members, bm, node)
209                 bridge_enable_member(bm);
210
211         if (!bst->force_active && !bst->n_present) {
212                 /* initialization of all member interfaces failed */
213                 system_bridge_delbr(&bst->dev);
214                 device_set_present(&bst->dev, false);
215                 return -ENOENT;
216         }
217
218         ret = bst->set_state(&bst->dev, true);
219         if (ret < 0)
220                 bridge_set_down(bst);
221
222 out:
223         return ret;
224 }
225
226 static int
227 bridge_set_state(struct device *dev, bool up)
228 {
229         struct bridge_state *bst;
230
231         bst = container_of(dev, struct bridge_state, dev);
232
233         if (up)
234                 return bridge_set_up(bst);
235         else
236                 return bridge_set_down(bst);
237 }
238
239 static struct bridge_member *
240 bridge_create_member(struct bridge_state *bst, struct device *dev, bool hotplug)
241 {
242         struct bridge_member *bm;
243
244         bm = calloc(1, sizeof(*bm) + strlen(dev->ifname) + 1);
245         bm->bst = bst;
246         bm->dev.cb = bridge_member_cb;
247         bm->dev.hotplug = hotplug;
248         strcpy(bm->name, dev->ifname);
249         bm->dev.dev = dev;
250         vlist_add(&bst->members, &bm->node, bm->name);
251         if (hotplug)
252                 bm->node.version = -1;
253
254         return bm;
255 }
256
257 static void
258 bridge_member_update(struct vlist_tree *tree, struct vlist_node *node_new,
259                      struct vlist_node *node_old)
260 {
261         struct bridge_member *bm;
262         struct device *dev;
263
264         if (node_new) {
265                 bm = container_of(node_new, struct bridge_member, node);
266
267                 if (node_old) {
268                         free(bm);
269                         return;
270                 }
271
272                 dev = bm->dev.dev;
273                 bm->dev.dev = NULL;
274                 device_add_user(&bm->dev, dev);
275         }
276
277
278         if (node_old) {
279                 bm = container_of(node_old, struct bridge_member, node);
280                 bridge_remove_member(bm);
281                 device_remove_user(&bm->dev);
282                 free(bm);
283         }
284 }
285
286
287 static void
288 bridge_add_member(struct bridge_state *bst, const char *name)
289 {
290         struct device *dev;
291
292         dev = device_get(name, true);
293         if (!dev)
294                 return;
295
296         bridge_create_member(bst, dev, false);
297 }
298
299 static int
300 bridge_hotplug_add(struct device *dev, struct device *member)
301 {
302         struct bridge_state *bst = container_of(dev, struct bridge_state, dev);
303
304         bridge_create_member(bst, member, true);
305
306         return 0;
307 }
308
309 static int
310 bridge_hotplug_del(struct device *dev, struct device *member)
311 {
312         struct bridge_state *bst = container_of(dev, struct bridge_state, dev);
313         struct bridge_member *bm;
314
315         bm = vlist_find(&bst->members, member->ifname, bm, node);
316         if (!bm)
317                 return UBUS_STATUS_NOT_FOUND;
318
319         vlist_delete(&bst->members, &bm->node);
320         return 0;
321 }
322
323 static int
324 bridge_hotplug_prepare(struct device *dev)
325 {
326         struct bridge_state *bst;
327
328         bst = container_of(dev, struct bridge_state, dev);
329         bst->force_active = true;
330         device_set_present(&bst->dev, true);
331
332         return 0;
333 }
334
335 static const struct device_hotplug_ops bridge_ops = {
336         .prepare = bridge_hotplug_prepare,
337         .add = bridge_hotplug_add,
338         .del = bridge_hotplug_del
339 };
340
341 static void
342 bridge_free(struct device *dev)
343 {
344         struct bridge_state *bst;
345
346         bst = container_of(dev, struct bridge_state, dev);
347         vlist_flush_all(&bst->members);
348         free(bst);
349 }
350
351 static void
352 bridge_dump_info(struct device *dev, struct blob_buf *b)
353 {
354         struct bridge_state *bst;
355         struct bridge_member *bm;
356         void *list;
357
358         bst = container_of(dev, struct bridge_state, dev);
359
360         system_if_dump_info(dev, b);
361         list = blobmsg_open_array(b, "bridge-members");
362
363         vlist_for_each_element(&bst->members, bm, node)
364                 blobmsg_add_string(b, NULL, bm->dev.dev->ifname);
365
366         blobmsg_close_array(b, list);
367 }
368
369 static void
370 bridge_config_init(struct device *dev)
371 {
372         struct bridge_state *bst;
373         struct blob_attr *cur;
374         int rem;
375
376         bst = container_of(dev, struct bridge_state, dev);
377
378         if (!bst->ifnames)
379                 return;
380
381         vlist_update(&bst->members);
382         blobmsg_for_each_attr(cur, bst->ifnames, rem) {
383                 bridge_add_member(bst, blobmsg_data(cur));
384         }
385         vlist_flush(&bst->members);
386 }
387
388 static void
389 bridge_apply_settings(struct bridge_state *bst, struct blob_attr **tb)
390 {
391         struct bridge_config *cfg = &bst->config;
392         struct blob_attr *cur;
393
394         /* defaults */
395         cfg->stp = false;
396         cfg->forward_delay = 2;
397         cfg->igmp_snoop = true;
398
399         if ((cur = tb[BRIDGE_ATTR_STP]))
400                 cfg->stp = blobmsg_get_bool(cur);
401
402         if ((cur = tb[BRIDGE_ATTR_FORWARD_DELAY]))
403                 cfg->forward_delay = blobmsg_get_u32(cur);
404
405         if ((cur = tb[BRIDGE_ATTR_IGMP_SNOOP]))
406                 cfg->igmp_snoop = blobmsg_get_bool(cur);
407
408         if ((cur = tb[BRIDGE_ATTR_AGEING_TIME])) {
409                 cfg->ageing_time = blobmsg_get_u32(cur);
410                 cfg->flags |= BRIDGE_OPT_AGEING_TIME;
411         }
412
413         if ((cur = tb[BRIDGE_ATTR_HELLO_TIME])) {
414                 cfg->hello_time = blobmsg_get_u32(cur);
415                 cfg->flags |= BRIDGE_OPT_HELLO_TIME;
416         }
417
418         if ((cur = tb[BRIDGE_ATTR_MAX_AGE])) {
419                 cfg->max_age = blobmsg_get_u32(cur);
420                 cfg->flags |= BRIDGE_OPT_MAX_AGE;
421         }
422 }
423
424 enum dev_change_type
425 bridge_reload(struct device *dev, struct blob_attr *attr)
426 {
427         struct blob_attr *tb_dev[__DEV_ATTR_MAX];
428         struct blob_attr *tb_br[__BRIDGE_ATTR_MAX];
429         enum dev_change_type ret = DEV_CONFIG_APPLIED;
430         unsigned long diff;
431         struct bridge_state *bst;
432
433         BUILD_BUG_ON(sizeof(diff) < __BRIDGE_ATTR_MAX / 8);
434         BUILD_BUG_ON(sizeof(diff) < __DEV_ATTR_MAX / 8);
435
436         bst = container_of(dev, struct bridge_state, dev);
437
438         blobmsg_parse(device_attr_list.params, __DEV_ATTR_MAX, tb_dev,
439                 blob_data(attr), blob_len(attr));
440         blobmsg_parse(bridge_attrs, __BRIDGE_ATTR_MAX, tb_br,
441                 blob_data(attr), blob_len(attr));
442
443         bst->ifnames = tb_br[BRIDGE_ATTR_IFNAME];
444         device_init_settings(dev, tb_dev);
445         bridge_apply_settings(bst, tb_br);
446
447         if (bst->config_data) {
448                 struct blob_attr *otb_dev[__DEV_ATTR_MAX];
449                 struct blob_attr *otb_br[__BRIDGE_ATTR_MAX];
450
451                 blobmsg_parse(device_attr_list.params, __DEV_ATTR_MAX, otb_dev,
452                         blob_data(bst->config_data), blob_len(bst->config_data));
453
454                 diff = 0;
455                 config_diff(tb_dev, otb_dev, &device_attr_list, &diff);
456                 if (diff & ~(1 << DEV_ATTR_IFNAME))
457                     ret = DEV_CONFIG_RESTART;
458
459                 blobmsg_parse(bridge_attrs, __BRIDGE_ATTR_MAX, otb_br,
460                         blob_data(bst->config_data), blob_len(bst->config_data));
461
462                 diff = 0;
463                 config_diff(tb_br, otb_br, &bridge_attr_list, &diff);
464                 if (diff & ~(1 << BRIDGE_ATTR_IFNAME))
465                     ret = DEV_CONFIG_RESTART;
466
467                 bridge_config_init(dev);
468         }
469
470         bst->config_data = attr;
471         return ret;
472 }
473
474 static struct device *
475 bridge_create(const char *name, struct blob_attr *attr)
476 {
477         struct bridge_state *bst;
478         struct device *dev = NULL;
479
480         bst = calloc(1, sizeof(*bst));
481         if (!bst)
482                 return NULL;
483
484         dev = &bst->dev;
485         device_init(dev, &bridge_device_type, name);
486         dev->config_pending = true;
487
488         bst->set_state = dev->set_state;
489         dev->set_state = bridge_set_state;
490
491         dev->hotplug_ops = &bridge_ops;
492
493         vlist_init(&bst->members, avl_strcmp, bridge_member_update);
494         bst->members.keep_old = true;
495         bridge_reload(dev, attr);
496
497         return dev;
498 }
499
500