diff mbox series

[v2,net-next,01/10] net: bridge: mst: Multiple Spanning Tree (MST) mode

Message ID 20220301100321.951175-2-tobias@waldekranz.com (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series net: bridge: Multiple Spanning Trees | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for net-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Series has a cover letter
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit fail Errors and warnings before: 4829 this patch: 4831
netdev/cc_maintainers success CCed 6 of 6 maintainers
netdev/build_clang fail Errors and warnings before: 824 this patch: 826
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn fail Errors and warnings before: 4984 this patch: 4986
netdev/checkpatch warning WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? WARNING: line length of 99 exceeds 80 columns
netdev/kdoc success Errors and warnings before: 3 this patch: 3
netdev/source_inline success Was 0 now: 0

Commit Message

Tobias Waldekranz March 1, 2022, 10:03 a.m. UTC
Allow the user to switch from the current per-VLAN STP mode to an MST
mode.

Up to this point, per-VLAN STP states where always isolated from each
other. This is in contrast to the MSTP standard (802.1Q-2018, Clause
13.5), where VLANs are grouped into MST instances (MSTIs), and the
state is managed on a per-MSTI level, rather that at the per-VLAN
level.

Perhaps due to the prevalence of the standard, many switching ASICs
are built after the same model. Therefore, add a corresponding MST
mode to the bridge, which we can later add offloading support for in a
straight-forward way.

For now, all VLANs are fixed to MSTI 0, also called the Common
Spanning Tree (CST). That is, all VLANs will follow the port-global
state.

Upcoming changes will make this actually useful by allowing VLANs to
be mapped to arbitrary MSTIs and allow individual MSTI states to be
changed.

Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
---
 include/uapi/linux/if_link.h |  1 +
 net/bridge/Makefile          |  2 +-
 net/bridge/br_input.c        | 17 +++++++-
 net/bridge/br_mst.c          | 83 ++++++++++++++++++++++++++++++++++++
 net/bridge/br_netlink.c      | 14 +++++-
 net/bridge/br_private.h      | 26 +++++++++++
 net/bridge/br_stp.c          |  3 ++
 net/bridge/br_vlan.c         | 20 ++++++++-
 net/bridge/br_vlan_options.c |  5 +++
 9 files changed, 166 insertions(+), 5 deletions(-)
 create mode 100644 net/bridge/br_mst.c

Comments

Nikolay Aleksandrov March 1, 2022, 11:01 p.m. UTC | #1
On 1 March 2022 11:03:12 CET, Tobias Waldekranz <tobias@waldekranz.com> wrote:
>Allow the user to switch from the current per-VLAN STP mode to an MST
>mode.
>
>Up to this point, per-VLAN STP states where always isolated from each
>other. This is in contrast to the MSTP standard (802.1Q-2018, Clause
>13.5), where VLANs are grouped into MST instances (MSTIs), and the
>state is managed on a per-MSTI level, rather that at the per-VLAN
>level.
>
>Perhaps due to the prevalence of the standard, many switching ASICs
>are built after the same model. Therefore, add a corresponding MST
>mode to the bridge, which we can later add offloading support for in a
>straight-forward way.
>
>For now, all VLANs are fixed to MSTI 0, also called the Common
>Spanning Tree (CST). That is, all VLANs will follow the port-global
>state.
>
>Upcoming changes will make this actually useful by allowing VLANs to
>be mapped to arbitrary MSTIs and allow individual MSTI states to be
>changed.
>
>Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
>---
> include/uapi/linux/if_link.h |  1 +
> net/bridge/Makefile          |  2 +-
> net/bridge/br_input.c        | 17 +++++++-
> net/bridge/br_mst.c          | 83 ++++++++++++++++++++++++++++++++++++
> net/bridge/br_netlink.c      | 14 +++++-
> net/bridge/br_private.h      | 26 +++++++++++
> net/bridge/br_stp.c          |  3 ++
> net/bridge/br_vlan.c         | 20 ++++++++-
> net/bridge/br_vlan_options.c |  5 +++
> 9 files changed, 166 insertions(+), 5 deletions(-)
> create mode 100644 net/bridge/br_mst.c
>

Hi,
As I mentioned in another review, I'm currently traveling and will have pc access
end of this week (Sun), I'll try to review the set as much as I can through my phone in the
meantime. Thanks for reworking it, generally looks good.
A few comments below,


>diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
>index e315e53125f4..7e0a653aafa3 100644
>--- a/include/uapi/linux/if_link.h
>+++ b/include/uapi/linux/if_link.h
>@@ -482,6 +482,7 @@ enum {
> 	IFLA_BR_VLAN_STATS_PER_PORT,
> 	IFLA_BR_MULTI_BOOLOPT,
> 	IFLA_BR_MCAST_QUERIER_STATE,
>+	IFLA_BR_MST_ENABLED,

Please use the boolopt api for new bridge boolean options like this one.

> 	__IFLA_BR_MAX,
> };
> 
>diff --git a/net/bridge/Makefile b/net/bridge/Makefile
>index 7fb9a021873b..24bd1c0a9a5a 100644
>--- a/net/bridge/Makefile
>+++ b/net/bridge/Makefile
>@@ -20,7 +20,7 @@ obj-$(CONFIG_BRIDGE_NETFILTER) += br_netfilter.o
> 
> bridge-$(CONFIG_BRIDGE_IGMP_SNOOPING) += br_multicast.o br_mdb.o br_multicast_eht.o
> 
>-bridge-$(CONFIG_BRIDGE_VLAN_FILTERING) += br_vlan.o br_vlan_tunnel.o br_vlan_options.o
>+bridge-$(CONFIG_BRIDGE_VLAN_FILTERING) += br_vlan.o br_vlan_tunnel.o br_vlan_options.o br_mst.o
> 
> bridge-$(CONFIG_NET_SWITCHDEV) += br_switchdev.o
> 
>diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
>index e0c13fcc50ed..196417859c4a 100644
>--- a/net/bridge/br_input.c
>+++ b/net/bridge/br_input.c
>@@ -78,13 +78,22 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb
> 	u16 vid = 0;
> 	u8 state;
> 
>-	if (!p || p->state == BR_STATE_DISABLED)
>+	if (!p)
> 		goto drop;
> 
> 	br = p->br;
>+
>+	if (br_mst_is_enabled(br)) {
>+		state = BR_STATE_FORWARDING;
>+	} else {
>+		if (p->state == BR_STATE_DISABLED)
>+			goto drop;
>+
>+		state = p->state;
>+	}
>+
> 	brmctx = &p->br->multicast_ctx;
> 	pmctx = &p->multicast_ctx;
>-	state = p->state;
> 	if (!br_allowed_ingress(p->br, nbp_vlan_group_rcu(p), skb, &vid,
> 				&state, &vlan))
> 		goto out;
>@@ -370,9 +379,13 @@ static rx_handler_result_t br_handle_frame(struct sk_buff **pskb)
> 		return RX_HANDLER_PASS;
> 
> forward:
>+	if (br_mst_is_enabled(p->br))
>+		goto defer_stp_filtering;
>+
> 	switch (p->state) {
> 	case BR_STATE_FORWARDING:
> 	case BR_STATE_LEARNING:
>+defer_stp_filtering:
> 		if (ether_addr_equal(p->br->dev->dev_addr, dest))
> 			skb->pkt_type = PACKET_HOST;
> 
>diff --git a/net/bridge/br_mst.c b/net/bridge/br_mst.c
>new file mode 100644
>index 000000000000..ad6e91670fa8
>--- /dev/null
>+++ b/net/bridge/br_mst.c
>@@ -0,0 +1,83 @@
>+// SPDX-License-Identifier: GPL-2.0-or-later
>+/*
>+ *	Bridge Multiple Spanning Tree Support
>+ *
>+ *	Authors:
>+ *	Tobias Waldekranz		<tobias@waldekranz.com>
>+ */
>+
>+#include <linux/kernel.h>
>+
>+#include "br_private.h"
>+
>+DEFINE_STATIC_KEY_FALSE(br_mst_used);
>+
>+void br_mst_vlan_set_state(struct net_bridge_port *p, struct net_bridge_vlan *v,
>+			   u8 state)
>+{
>+	struct net_bridge_vlan_group *vg = nbp_vlan_group(p);
>+
>+	if (v->state == state)
>+		return;
>+
>+	br_vlan_set_state(v, state);
>+
>+	if (v->vid == vg->pvid)
>+		br_vlan_set_pvid_state(vg, state);
>+}
>+
>+void br_mst_set_state(struct net_bridge_port *p, u16 msti, u8 state)
>+{
>+	struct net_bridge_vlan_group *vg;
>+	struct net_bridge_vlan *v;
>+
>+	vg = nbp_vlan_group(p);
>+	if (!vg)
>+		return;
>+
>+	list_for_each_entry(v, &vg->vlan_list, vlist) {
>+		if (v->brvlan->msti != msti)
>+			continue;
>+
>+		br_mst_vlan_set_state(p, v, state);
>+	}
>+}
>+
>+void br_mst_vlan_init_state(struct net_bridge_vlan *v)
>+{
>+	/* VLANs always start out in MSTI 0 (CST) */
>+	v->msti = 0;
>+
>+	if (br_vlan_is_master(v))
>+		v->state = BR_STATE_FORWARDING;
>+	else
>+		v->state = v->port->state;
>+}
>+
>+int br_mst_set_enabled(struct net_bridge *br, unsigned long val)
>+{
>+	struct net_bridge_vlan_group *vg;
>+	struct net_bridge_port *p;
>+
>+	/* Mode may only be changed when there are no port VLANs. */
>+	list_for_each_entry(p, &br->port_list, list) {
>+		vg = nbp_vlan_group(p);
>+
>+		if (vg->num_vlans)
>+			return -EBUSY;
>+	}
>+
>+	if (val > 1)
>+		return -EINVAL;
>+
>+	if (!!val == br_opt_get(br, BROPT_MST_ENABLED))
>+		return 0;
>+
>+	if (val)
>+		static_branch_enable(&br_mst_used);
>+	else
>+		static_branch_disable(&br_mst_used);
>+
>+	br_opt_toggle(br, BROPT_MST_ENABLED, !!val);
>+	return 0;
>+}
>diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
>index 7d4432ca9a20..a17a0fe25a58 100644
>--- a/net/bridge/br_netlink.c
>+++ b/net/bridge/br_netlink.c
>@@ -1163,6 +1163,7 @@ static const struct nla_policy br_policy[IFLA_BR_MAX + 1] = {
> 	[IFLA_BR_MCAST_IGMP_VERSION] = { .type = NLA_U8 },
> 	[IFLA_BR_MCAST_MLD_VERSION] = { .type = NLA_U8 },
> 	[IFLA_BR_VLAN_STATS_PER_PORT] = { .type = NLA_U8 },
>+	[IFLA_BR_MST_ENABLED] = { .type = NLA_U8 },
> 	[IFLA_BR_MULTI_BOOLOPT] =
> 		NLA_POLICY_EXACT_LEN(sizeof(struct br_boolopt_multi)),
> };
>@@ -1255,6 +1256,14 @@ static int br_changelink(struct net_device *brdev, struct nlattr *tb[],
> 		if (err)
> 			return err;
> 	}
>+
>+	if (data[IFLA_BR_MST_ENABLED]) {
>+		__u8 mst = nla_get_u8(data[IFLA_BR_MST_ENABLED]);
>+
>+		err = br_mst_set_enabled(br, mst);
>+		if (err)
>+			return err;
>+	}
> #endif
> 
> 	if (data[IFLA_BR_GROUP_FWD_MASK]) {
>@@ -1475,6 +1484,7 @@ static size_t br_get_size(const struct net_device *brdev)
> 	       nla_total_size(sizeof(u16)) +    /* IFLA_BR_VLAN_DEFAULT_PVID */
> 	       nla_total_size(sizeof(u8)) +     /* IFLA_BR_VLAN_STATS_ENABLED */
> 	       nla_total_size(sizeof(u8)) +	/* IFLA_BR_VLAN_STATS_PER_PORT */
>+	       nla_total_size(sizeof(u8)) +	/* IFLA_BR_MST_ENABLED */
> #endif
> 	       nla_total_size(sizeof(u16)) +    /* IFLA_BR_GROUP_FWD_MASK */
> 	       nla_total_size(sizeof(struct ifla_bridge_id)) +   /* IFLA_BR_ROOT_ID */
>@@ -1572,7 +1582,9 @@ static int br_fill_info(struct sk_buff *skb, const struct net_device *brdev)
> 	    nla_put_u8(skb, IFLA_BR_VLAN_STATS_ENABLED,
> 		       br_opt_get(br, BROPT_VLAN_STATS_ENABLED)) ||
> 	    nla_put_u8(skb, IFLA_BR_VLAN_STATS_PER_PORT,
>-		       br_opt_get(br, BROPT_VLAN_STATS_PER_PORT)))
>+		       br_opt_get(br, BROPT_VLAN_STATS_PER_PORT)) ||
>+	    nla_put_u8(skb, IFLA_BR_MST_ENABLED,
>+		       br_opt_get(br, BROPT_MST_ENABLED)))
> 		return -EMSGSIZE;
> #endif
> #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
>diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
>index 48bc61ebc211..af50ad036b06 100644
>--- a/net/bridge/br_private.h
>+++ b/net/bridge/br_private.h
>@@ -178,6 +178,7 @@ enum {
>  * @br_mcast_ctx: if MASTER flag set, this is the global vlan multicast context
>  * @port_mcast_ctx: if MASTER flag unset, this is the per-port/vlan multicast
>  *                  context
>+ * @msti: if MASTER flag set, this holds the VLANs MST instance
>  * @vlist: sorted list of VLAN entries
>  * @rcu: used for entry destruction
>  *
>@@ -210,6 +211,8 @@ struct net_bridge_vlan {
> 		struct net_bridge_mcast_port	port_mcast_ctx;
> 	};
> 
>+	u16				msti;
>+
> 	struct list_head		vlist;
> 
> 	struct rcu_head			rcu;
>@@ -445,6 +448,7 @@ enum net_bridge_opts {
> 	BROPT_NO_LL_LEARN,
> 	BROPT_VLAN_BRIDGE_BINDING,
> 	BROPT_MCAST_VLAN_SNOOPING_ENABLED,
>+	BROPT_MST_ENABLED,
> };
> 
> struct net_bridge {
>@@ -1765,6 +1769,28 @@ static inline bool br_vlan_state_allowed(u8 state, bool learn_allow)
> }
> #endif
> 
>+/* br_mst.c */
>+#ifdef CONFIG_BRIDGE_VLAN_FILTERING
>+DECLARE_STATIC_KEY_FALSE(br_mst_used);
>+static inline bool br_mst_is_enabled(struct net_bridge *br)
>+{
>+	return static_branch_unlikely(&br_mst_used) &&
>+		br_opt_get(br, BROPT_MST_ENABLED);
>+}
>+
>+void br_mst_set_state(struct net_bridge_port *p, u16 msti, u8 state);
>+void br_mst_vlan_init_state(struct net_bridge_vlan *v);
>+int br_mst_set_enabled(struct net_bridge *br, unsigned long val);
>+#else
>+static inline bool br_mst_is_enabled(struct net_bridge *br)
>+{
>+	return false;
>+}
>+
>+static inline void br_mst_set_state(struct net_bridge_port *p,
>+				    u16 msti, u8 state) {}
>+#endif
>+
> struct nf_br_ops {
> 	int (*br_dev_xmit_hook)(struct sk_buff *skb);
> };
>diff --git a/net/bridge/br_stp.c b/net/bridge/br_stp.c
>index 1d80f34a139c..82a97a021a57 100644
>--- a/net/bridge/br_stp.c
>+++ b/net/bridge/br_stp.c
>@@ -43,6 +43,9 @@ void br_set_state(struct net_bridge_port *p, unsigned int state)
> 		return;
> 
> 	p->state = state;
>+	if (br_opt_get(p->br, BROPT_MST_ENABLED))
>+		br_mst_set_state(p, 0, state);
>+
> 	err = switchdev_port_attr_set(p->dev, &attr, NULL);
> 	if (err && err != -EOPNOTSUPP)
> 		br_warn(p->br, "error setting offload STP state on port %u(%s)\n",
>diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
>index 7557e90b60e1..0f5e75ccac79 100644
>--- a/net/bridge/br_vlan.c
>+++ b/net/bridge/br_vlan.c
>@@ -226,6 +226,24 @@ static void nbp_vlan_rcu_free(struct rcu_head *rcu)
> 	kfree(v);
> }
> 
>+static void br_vlan_init_state(struct net_bridge_vlan *v)
>+{
>+	struct net_bridge *br;
>+
>+	if (br_vlan_is_master(v))
>+		br = v->br;
>+	else
>+		br = v->port->br;
>+
>+	if (br_opt_get(br, BROPT_MST_ENABLED)) {
>+		br_mst_vlan_init_state(v);
>+		return;
>+	}
>+
>+	v->state = BR_STATE_FORWARDING;
>+	v->msti = 0;
>+}
>+
> /* This is the shared VLAN add function which works for both ports and bridge
>  * devices. There are four possible calls to this function in terms of the
>  * vlan entry type:
>@@ -322,7 +340,7 @@ static int __vlan_add(struct net_bridge_vlan *v, u16 flags,
> 	}
> 
> 	/* set the state before publishing */
>-	v->state = BR_STATE_FORWARDING;
>+	br_vlan_init_state(v);
> 
> 	err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode,
> 					    br_vlan_rht_params);
>diff --git a/net/bridge/br_vlan_options.c b/net/bridge/br_vlan_options.c
>index a6382973b3e7..09112b56e79c 100644
>--- a/net/bridge/br_vlan_options.c
>+++ b/net/bridge/br_vlan_options.c
>@@ -99,6 +99,11 @@ static int br_vlan_modify_state(struct net_bridge_vlan_group *vg,
> 		return -EBUSY;
> 	}
> 
>+	if (br_opt_get(br, BROPT_MST_ENABLED)) {
>+		NL_SET_ERR_MSG_MOD(extack, "Can't modify vlan state directly when MST is enabled");
>+		return -EBUSY;
>+	}
>+
> 	if (v->state == state)
> 		return 0;
>
Vladimir Oltean March 3, 2022, 10:28 p.m. UTC | #2
On Tue, Mar 01, 2022 at 11:03:12AM +0100, Tobias Waldekranz wrote:
> Allow the user to switch from the current per-VLAN STP mode to an MST
> mode.
> 
> Up to this point, per-VLAN STP states where always isolated from each
> other. This is in contrast to the MSTP standard (802.1Q-2018, Clause
> 13.5), where VLANs are grouped into MST instances (MSTIs), and the
> state is managed on a per-MSTI level, rather that at the per-VLAN
> level.
> 
> Perhaps due to the prevalence of the standard, many switching ASICs
> are built after the same model. Therefore, add a corresponding MST
> mode to the bridge, which we can later add offloading support for in a
> straight-forward way.
> 
> For now, all VLANs are fixed to MSTI 0, also called the Common
> Spanning Tree (CST). That is, all VLANs will follow the port-global
> state.
> 
> Upcoming changes will make this actually useful by allowing VLANs to
> be mapped to arbitrary MSTIs and allow individual MSTI states to be
> changed.
> 
> Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
> ---
> +void br_mst_vlan_set_state(struct net_bridge_port *p, struct net_bridge_vlan *v,
> +			   u8 state)

Function can be static.

> +{
> +	struct net_bridge_vlan_group *vg = nbp_vlan_group(p);
> +
> +	if (v->state == state)
> +		return;
> +
> +	br_vlan_set_state(v, state);
> +
> +	if (v->vid == vg->pvid)
> +		br_vlan_set_pvid_state(vg, state);
> +}
Tobias Waldekranz March 7, 2022, 2:53 p.m. UTC | #3
On Wed, Mar 02, 2022 at 00:01, Nikolay Aleksandrov <razor@blackwall.org> wrote:
> On 1 March 2022 11:03:12 CET, Tobias Waldekranz <tobias@waldekranz.com> wrote:
>>Allow the user to switch from the current per-VLAN STP mode to an MST
>>mode.
>>
>>Up to this point, per-VLAN STP states where always isolated from each
>>other. This is in contrast to the MSTP standard (802.1Q-2018, Clause
>>13.5), where VLANs are grouped into MST instances (MSTIs), and the
>>state is managed on a per-MSTI level, rather that at the per-VLAN
>>level.
>>
>>Perhaps due to the prevalence of the standard, many switching ASICs
>>are built after the same model. Therefore, add a corresponding MST
>>mode to the bridge, which we can later add offloading support for in a
>>straight-forward way.
>>
>>For now, all VLANs are fixed to MSTI 0, also called the Common
>>Spanning Tree (CST). That is, all VLANs will follow the port-global
>>state.
>>
>>Upcoming changes will make this actually useful by allowing VLANs to
>>be mapped to arbitrary MSTIs and allow individual MSTI states to be
>>changed.
>>
>>Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
>>---
>> include/uapi/linux/if_link.h |  1 +
>> net/bridge/Makefile          |  2 +-
>> net/bridge/br_input.c        | 17 +++++++-
>> net/bridge/br_mst.c          | 83 ++++++++++++++++++++++++++++++++++++
>> net/bridge/br_netlink.c      | 14 +++++-
>> net/bridge/br_private.h      | 26 +++++++++++
>> net/bridge/br_stp.c          |  3 ++
>> net/bridge/br_vlan.c         | 20 ++++++++-
>> net/bridge/br_vlan_options.c |  5 +++
>> 9 files changed, 166 insertions(+), 5 deletions(-)
>> create mode 100644 net/bridge/br_mst.c
>>
>
> Hi,
> As I mentioned in another review, I'm currently traveling and will have pc access
> end of this week (Sun), I'll try to review the set as much as I can through my phone in the
> meantime. Thanks for reworking it, generally looks good.
> A few comments below,
>
>
>>diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
>>index e315e53125f4..7e0a653aafa3 100644
>>--- a/include/uapi/linux/if_link.h
>>+++ b/include/uapi/linux/if_link.h
>>@@ -482,6 +482,7 @@ enum {
>> 	IFLA_BR_VLAN_STATS_PER_PORT,
>> 	IFLA_BR_MULTI_BOOLOPT,
>> 	IFLA_BR_MCAST_QUERIER_STATE,
>>+	IFLA_BR_MST_ENABLED,
>
> Please use the boolopt api for new bridge boolean options like this one.

Ahh, I was not aware of that. Will change it in v3. Thanks.
diff mbox series

Patch

diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index e315e53125f4..7e0a653aafa3 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -482,6 +482,7 @@  enum {
 	IFLA_BR_VLAN_STATS_PER_PORT,
 	IFLA_BR_MULTI_BOOLOPT,
 	IFLA_BR_MCAST_QUERIER_STATE,
+	IFLA_BR_MST_ENABLED,
 	__IFLA_BR_MAX,
 };
 
diff --git a/net/bridge/Makefile b/net/bridge/Makefile
index 7fb9a021873b..24bd1c0a9a5a 100644
--- a/net/bridge/Makefile
+++ b/net/bridge/Makefile
@@ -20,7 +20,7 @@  obj-$(CONFIG_BRIDGE_NETFILTER) += br_netfilter.o
 
 bridge-$(CONFIG_BRIDGE_IGMP_SNOOPING) += br_multicast.o br_mdb.o br_multicast_eht.o
 
-bridge-$(CONFIG_BRIDGE_VLAN_FILTERING) += br_vlan.o br_vlan_tunnel.o br_vlan_options.o
+bridge-$(CONFIG_BRIDGE_VLAN_FILTERING) += br_vlan.o br_vlan_tunnel.o br_vlan_options.o br_mst.o
 
 bridge-$(CONFIG_NET_SWITCHDEV) += br_switchdev.o
 
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index e0c13fcc50ed..196417859c4a 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -78,13 +78,22 @@  int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb
 	u16 vid = 0;
 	u8 state;
 
-	if (!p || p->state == BR_STATE_DISABLED)
+	if (!p)
 		goto drop;
 
 	br = p->br;
+
+	if (br_mst_is_enabled(br)) {
+		state = BR_STATE_FORWARDING;
+	} else {
+		if (p->state == BR_STATE_DISABLED)
+			goto drop;
+
+		state = p->state;
+	}
+
 	brmctx = &p->br->multicast_ctx;
 	pmctx = &p->multicast_ctx;
-	state = p->state;
 	if (!br_allowed_ingress(p->br, nbp_vlan_group_rcu(p), skb, &vid,
 				&state, &vlan))
 		goto out;
@@ -370,9 +379,13 @@  static rx_handler_result_t br_handle_frame(struct sk_buff **pskb)
 		return RX_HANDLER_PASS;
 
 forward:
+	if (br_mst_is_enabled(p->br))
+		goto defer_stp_filtering;
+
 	switch (p->state) {
 	case BR_STATE_FORWARDING:
 	case BR_STATE_LEARNING:
+defer_stp_filtering:
 		if (ether_addr_equal(p->br->dev->dev_addr, dest))
 			skb->pkt_type = PACKET_HOST;
 
diff --git a/net/bridge/br_mst.c b/net/bridge/br_mst.c
new file mode 100644
index 000000000000..ad6e91670fa8
--- /dev/null
+++ b/net/bridge/br_mst.c
@@ -0,0 +1,83 @@ 
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ *	Bridge Multiple Spanning Tree Support
+ *
+ *	Authors:
+ *	Tobias Waldekranz		<tobias@waldekranz.com>
+ */
+
+#include <linux/kernel.h>
+
+#include "br_private.h"
+
+DEFINE_STATIC_KEY_FALSE(br_mst_used);
+
+void br_mst_vlan_set_state(struct net_bridge_port *p, struct net_bridge_vlan *v,
+			   u8 state)
+{
+	struct net_bridge_vlan_group *vg = nbp_vlan_group(p);
+
+	if (v->state == state)
+		return;
+
+	br_vlan_set_state(v, state);
+
+	if (v->vid == vg->pvid)
+		br_vlan_set_pvid_state(vg, state);
+}
+
+void br_mst_set_state(struct net_bridge_port *p, u16 msti, u8 state)
+{
+	struct net_bridge_vlan_group *vg;
+	struct net_bridge_vlan *v;
+
+	vg = nbp_vlan_group(p);
+	if (!vg)
+		return;
+
+	list_for_each_entry(v, &vg->vlan_list, vlist) {
+		if (v->brvlan->msti != msti)
+			continue;
+
+		br_mst_vlan_set_state(p, v, state);
+	}
+}
+
+void br_mst_vlan_init_state(struct net_bridge_vlan *v)
+{
+	/* VLANs always start out in MSTI 0 (CST) */
+	v->msti = 0;
+
+	if (br_vlan_is_master(v))
+		v->state = BR_STATE_FORWARDING;
+	else
+		v->state = v->port->state;
+}
+
+int br_mst_set_enabled(struct net_bridge *br, unsigned long val)
+{
+	struct net_bridge_vlan_group *vg;
+	struct net_bridge_port *p;
+
+	/* Mode may only be changed when there are no port VLANs. */
+	list_for_each_entry(p, &br->port_list, list) {
+		vg = nbp_vlan_group(p);
+
+		if (vg->num_vlans)
+			return -EBUSY;
+	}
+
+	if (val > 1)
+		return -EINVAL;
+
+	if (!!val == br_opt_get(br, BROPT_MST_ENABLED))
+		return 0;
+
+	if (val)
+		static_branch_enable(&br_mst_used);
+	else
+		static_branch_disable(&br_mst_used);
+
+	br_opt_toggle(br, BROPT_MST_ENABLED, !!val);
+	return 0;
+}
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 7d4432ca9a20..a17a0fe25a58 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -1163,6 +1163,7 @@  static const struct nla_policy br_policy[IFLA_BR_MAX + 1] = {
 	[IFLA_BR_MCAST_IGMP_VERSION] = { .type = NLA_U8 },
 	[IFLA_BR_MCAST_MLD_VERSION] = { .type = NLA_U8 },
 	[IFLA_BR_VLAN_STATS_PER_PORT] = { .type = NLA_U8 },
+	[IFLA_BR_MST_ENABLED] = { .type = NLA_U8 },
 	[IFLA_BR_MULTI_BOOLOPT] =
 		NLA_POLICY_EXACT_LEN(sizeof(struct br_boolopt_multi)),
 };
@@ -1255,6 +1256,14 @@  static int br_changelink(struct net_device *brdev, struct nlattr *tb[],
 		if (err)
 			return err;
 	}
+
+	if (data[IFLA_BR_MST_ENABLED]) {
+		__u8 mst = nla_get_u8(data[IFLA_BR_MST_ENABLED]);
+
+		err = br_mst_set_enabled(br, mst);
+		if (err)
+			return err;
+	}
 #endif
 
 	if (data[IFLA_BR_GROUP_FWD_MASK]) {
@@ -1475,6 +1484,7 @@  static size_t br_get_size(const struct net_device *brdev)
 	       nla_total_size(sizeof(u16)) +    /* IFLA_BR_VLAN_DEFAULT_PVID */
 	       nla_total_size(sizeof(u8)) +     /* IFLA_BR_VLAN_STATS_ENABLED */
 	       nla_total_size(sizeof(u8)) +	/* IFLA_BR_VLAN_STATS_PER_PORT */
+	       nla_total_size(sizeof(u8)) +	/* IFLA_BR_MST_ENABLED */
 #endif
 	       nla_total_size(sizeof(u16)) +    /* IFLA_BR_GROUP_FWD_MASK */
 	       nla_total_size(sizeof(struct ifla_bridge_id)) +   /* IFLA_BR_ROOT_ID */
@@ -1572,7 +1582,9 @@  static int br_fill_info(struct sk_buff *skb, const struct net_device *brdev)
 	    nla_put_u8(skb, IFLA_BR_VLAN_STATS_ENABLED,
 		       br_opt_get(br, BROPT_VLAN_STATS_ENABLED)) ||
 	    nla_put_u8(skb, IFLA_BR_VLAN_STATS_PER_PORT,
-		       br_opt_get(br, BROPT_VLAN_STATS_PER_PORT)))
+		       br_opt_get(br, BROPT_VLAN_STATS_PER_PORT)) ||
+	    nla_put_u8(skb, IFLA_BR_MST_ENABLED,
+		       br_opt_get(br, BROPT_MST_ENABLED)))
 		return -EMSGSIZE;
 #endif
 #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 48bc61ebc211..af50ad036b06 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -178,6 +178,7 @@  enum {
  * @br_mcast_ctx: if MASTER flag set, this is the global vlan multicast context
  * @port_mcast_ctx: if MASTER flag unset, this is the per-port/vlan multicast
  *                  context
+ * @msti: if MASTER flag set, this holds the VLANs MST instance
  * @vlist: sorted list of VLAN entries
  * @rcu: used for entry destruction
  *
@@ -210,6 +211,8 @@  struct net_bridge_vlan {
 		struct net_bridge_mcast_port	port_mcast_ctx;
 	};
 
+	u16				msti;
+
 	struct list_head		vlist;
 
 	struct rcu_head			rcu;
@@ -445,6 +448,7 @@  enum net_bridge_opts {
 	BROPT_NO_LL_LEARN,
 	BROPT_VLAN_BRIDGE_BINDING,
 	BROPT_MCAST_VLAN_SNOOPING_ENABLED,
+	BROPT_MST_ENABLED,
 };
 
 struct net_bridge {
@@ -1765,6 +1769,28 @@  static inline bool br_vlan_state_allowed(u8 state, bool learn_allow)
 }
 #endif
 
+/* br_mst.c */
+#ifdef CONFIG_BRIDGE_VLAN_FILTERING
+DECLARE_STATIC_KEY_FALSE(br_mst_used);
+static inline bool br_mst_is_enabled(struct net_bridge *br)
+{
+	return static_branch_unlikely(&br_mst_used) &&
+		br_opt_get(br, BROPT_MST_ENABLED);
+}
+
+void br_mst_set_state(struct net_bridge_port *p, u16 msti, u8 state);
+void br_mst_vlan_init_state(struct net_bridge_vlan *v);
+int br_mst_set_enabled(struct net_bridge *br, unsigned long val);
+#else
+static inline bool br_mst_is_enabled(struct net_bridge *br)
+{
+	return false;
+}
+
+static inline void br_mst_set_state(struct net_bridge_port *p,
+				    u16 msti, u8 state) {}
+#endif
+
 struct nf_br_ops {
 	int (*br_dev_xmit_hook)(struct sk_buff *skb);
 };
diff --git a/net/bridge/br_stp.c b/net/bridge/br_stp.c
index 1d80f34a139c..82a97a021a57 100644
--- a/net/bridge/br_stp.c
+++ b/net/bridge/br_stp.c
@@ -43,6 +43,9 @@  void br_set_state(struct net_bridge_port *p, unsigned int state)
 		return;
 
 	p->state = state;
+	if (br_opt_get(p->br, BROPT_MST_ENABLED))
+		br_mst_set_state(p, 0, state);
+
 	err = switchdev_port_attr_set(p->dev, &attr, NULL);
 	if (err && err != -EOPNOTSUPP)
 		br_warn(p->br, "error setting offload STP state on port %u(%s)\n",
diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
index 7557e90b60e1..0f5e75ccac79 100644
--- a/net/bridge/br_vlan.c
+++ b/net/bridge/br_vlan.c
@@ -226,6 +226,24 @@  static void nbp_vlan_rcu_free(struct rcu_head *rcu)
 	kfree(v);
 }
 
+static void br_vlan_init_state(struct net_bridge_vlan *v)
+{
+	struct net_bridge *br;
+
+	if (br_vlan_is_master(v))
+		br = v->br;
+	else
+		br = v->port->br;
+
+	if (br_opt_get(br, BROPT_MST_ENABLED)) {
+		br_mst_vlan_init_state(v);
+		return;
+	}
+
+	v->state = BR_STATE_FORWARDING;
+	v->msti = 0;
+}
+
 /* This is the shared VLAN add function which works for both ports and bridge
  * devices. There are four possible calls to this function in terms of the
  * vlan entry type:
@@ -322,7 +340,7 @@  static int __vlan_add(struct net_bridge_vlan *v, u16 flags,
 	}
 
 	/* set the state before publishing */
-	v->state = BR_STATE_FORWARDING;
+	br_vlan_init_state(v);
 
 	err = rhashtable_lookup_insert_fast(&vg->vlan_hash, &v->vnode,
 					    br_vlan_rht_params);
diff --git a/net/bridge/br_vlan_options.c b/net/bridge/br_vlan_options.c
index a6382973b3e7..09112b56e79c 100644
--- a/net/bridge/br_vlan_options.c
+++ b/net/bridge/br_vlan_options.c
@@ -99,6 +99,11 @@  static int br_vlan_modify_state(struct net_bridge_vlan_group *vg,
 		return -EBUSY;
 	}
 
+	if (br_opt_get(br, BROPT_MST_ENABLED)) {
+		NL_SET_ERR_MSG_MOD(extack, "Can't modify vlan state directly when MST is enabled");
+		return -EBUSY;
+	}
+
 	if (v->state == state)
 		return 0;