net: bridge: vlan: check early for lack of BRENTRY flag in br_vlan_add_existing

When a VLAN is added to a bridge port, a master VLAN gets created on the
bridge for context, but it doesn't have the BRENTRY flag.

Then, when the same VLAN is added to the bridge itself, that enters
through the br_vlan_add_existing() code path and gains the BRENTRY flag,
thus it becomes "existing".

It seems natural to check for this condition early, because the current
code flow is to notify switchdev of the addition of a VLAN that isn't a
brentry, just to delete it immediately afterwards.

Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
index 6315e43a7a3eff8f53b77fc38c334504a8a0e53a..7e99f84afb87c60b6cf5197afdeec2a7b46d2783 100644 (file)
--- a/net/bridge/br_vlan.c
+++ b/net/bridge/br_vlan.c
@@ -679,16 +679,15 @@ static int br_vlan_add_existing(struct net_bridge *br,
 {
        int err;
 
+       /* Trying to change flags of non-existent bridge vlan */
+       if (!br_vlan_is_brentry(vlan) && !(flags & BRIDGE_VLAN_INFO_BRENTRY))
+               return -EINVAL;
+
        err = br_switchdev_port_vlan_add(br->dev, vlan->vid, flags, extack);
        if (err && err != -EOPNOTSUPP)
                return err;
 
        if (!br_vlan_is_brentry(vlan)) {
-               /* Trying to change flags of non-existent bridge vlan */
-               if (!(flags & BRIDGE_VLAN_INFO_BRENTRY)) {
-                       err = -EINVAL;
-                       goto err_flags;
-               }
                /* It was only kept for port vlans, now make it real */
                err = br_fdb_add_local(br, NULL, br->dev->dev_addr, vlan->vid);
                if (err) {
@@ -709,7 +708,6 @@ static int br_vlan_add_existing(struct net_bridge *br,
        return 0;
 
 err_fdb_insert:
-err_flags:
        br_switchdev_port_vlan_del(br->dev, vlan->vid);
        return err;
 }