2 * SPDX-License-Identifier: BSD-2-Clause OR GPL-2.0
4 * Copyright (c) 2005 Topspin Communications. All rights reserved.
5 * Copyright (c) 2005, 2006, 2007 Cisco Systems. All rights reserved.
6 * Copyright (c) 2005 PathScale, Inc. All rights reserved.
7 * Copyright (c) 2006 Mellanox Technologies. All rights reserved.
9 * This software is available to you under a choice of one of two
10 * licenses. You may choose to be licensed under the terms of the GNU
11 * General Public License (GPL) Version 2, available from the file
12 * COPYING in the main directory of this source tree, or the
13 * OpenIB.org BSD license below:
15 * Redistribution and use in source and binary forms, with or
16 * without modification, are permitted provided that the following
19 * - Redistributions of source code must retain the above
20 * copyright notice, this list of conditions and the following
23 * - Redistributions in binary form must reproduce the above
24 * copyright notice, this list of conditions and the following
25 * disclaimer in the documentation and/or other materials
26 * provided with the distribution.
28 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
29 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
30 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
31 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
32 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
33 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
34 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
38 #include <sys/cdefs.h>
39 __FBSDID("$FreeBSD$");
41 #define LINUXKPI_PARAM_PREFIX ibcore_
43 #include <linux/file.h>
45 #include <linux/slab.h>
46 #include <linux/sched.h>
47 #include <linux/rbtree.h>
49 #include <asm/uaccess.h>
52 #include "core_priv.h"
56 struct uverbs_lock_class {
60 static struct uverbs_lock_class pd_lock_class = { .name = "PD-uobj" };
61 static struct uverbs_lock_class mr_lock_class = { .name = "MR-uobj" };
62 static struct uverbs_lock_class mw_lock_class = { .name = "MW-uobj" };
63 static struct uverbs_lock_class cq_lock_class = { .name = "CQ-uobj" };
64 static struct uverbs_lock_class qp_lock_class = { .name = "QP-uobj" };
65 static struct uverbs_lock_class ah_lock_class = { .name = "AH-uobj" };
66 static struct uverbs_lock_class srq_lock_class = { .name = "SRQ-uobj" };
67 static struct uverbs_lock_class xrcd_lock_class = { .name = "XRCD-uobj" };
68 static struct uverbs_lock_class rule_lock_class = { .name = "RULE-uobj" };
69 static struct uverbs_lock_class wq_lock_class = { .name = "WQ-uobj" };
70 static struct uverbs_lock_class rwq_ind_table_lock_class = { .name = "IND_TBL-uobj" };
73 * The ib_uobject locking scheme is as follows:
75 * - ib_uverbs_idr_lock protects the uverbs idrs themselves, so it
76 * needs to be held during all idr write operations. When an object is
77 * looked up, a reference must be taken on the object's kref before
78 * dropping this lock. For read operations, the rcu_read_lock()
79 * and rcu_write_lock() but similarly the kref reference is grabbed
80 * before the rcu_read_unlock().
82 * - Each object also has an rwsem. This rwsem must be held for
83 * reading while an operation that uses the object is performed.
84 * For example, while registering an MR, the associated PD's
85 * uobject.mutex must be held for reading. The rwsem must be held
86 * for writing while initializing or destroying an object.
88 * - In addition, each object has a "live" flag. If this flag is not
89 * set, then lookups of the object will fail even if it is found in
90 * the idr. This handles a reader that blocks and does not acquire
91 * the rwsem until after the object is destroyed. The destroy
92 * operation will set the live flag to 0 and then drop the rwsem;
93 * this will allow the reader to acquire the rwsem, see that the
94 * live flag is 0, and then drop the rwsem and its reference to
95 * object. The underlying storage will not be freed until the last
96 * reference to the object is dropped.
99 static void init_uobj(struct ib_uobject *uobj, u64 user_handle,
100 struct ib_ucontext *context, struct uverbs_lock_class *c)
102 uobj->user_handle = user_handle;
103 uobj->context = context;
104 kref_init(&uobj->ref);
105 init_rwsem(&uobj->mutex);
109 static void release_uobj(struct kref *kref)
111 kfree_rcu(container_of(kref, struct ib_uobject, ref), rcu);
114 static void put_uobj(struct ib_uobject *uobj)
116 kref_put(&uobj->ref, release_uobj);
119 static void put_uobj_read(struct ib_uobject *uobj)
121 up_read(&uobj->mutex);
125 static void put_uobj_write(struct ib_uobject *uobj)
127 up_write(&uobj->mutex);
131 static int idr_add_uobj(struct idr *idr, struct ib_uobject *uobj)
135 idr_preload(GFP_KERNEL);
136 spin_lock(&ib_uverbs_idr_lock);
138 ret = idr_alloc(idr, uobj, 0, 0, GFP_NOWAIT);
142 spin_unlock(&ib_uverbs_idr_lock);
145 return ret < 0 ? ret : 0;
148 void idr_remove_uobj(struct idr *idr, struct ib_uobject *uobj)
150 spin_lock(&ib_uverbs_idr_lock);
151 idr_remove(idr, uobj->id);
152 spin_unlock(&ib_uverbs_idr_lock);
155 static struct ib_uobject *__idr_get_uobj(struct idr *idr, int id,
156 struct ib_ucontext *context)
158 struct ib_uobject *uobj;
161 uobj = idr_find(idr, id);
163 if (uobj->context == context)
164 kref_get(&uobj->ref);
173 static struct ib_uobject *idr_read_uobj(struct idr *idr, int id,
174 struct ib_ucontext *context, int nested)
176 struct ib_uobject *uobj;
178 uobj = __idr_get_uobj(idr, id, context);
183 down_read_nested(&uobj->mutex, SINGLE_DEPTH_NESTING);
185 down_read(&uobj->mutex);
194 static struct ib_uobject *idr_write_uobj(struct idr *idr, int id,
195 struct ib_ucontext *context)
197 struct ib_uobject *uobj;
199 uobj = __idr_get_uobj(idr, id, context);
203 down_write(&uobj->mutex);
205 put_uobj_write(uobj);
212 static void *idr_read_obj(struct idr *idr, int id, struct ib_ucontext *context,
215 struct ib_uobject *uobj;
217 uobj = idr_read_uobj(idr, id, context, nested);
218 return uobj ? uobj->object : NULL;
221 static struct ib_pd *idr_read_pd(int pd_handle, struct ib_ucontext *context)
223 return idr_read_obj(&ib_uverbs_pd_idr, pd_handle, context, 0);
226 static void put_pd_read(struct ib_pd *pd)
228 put_uobj_read(pd->uobject);
231 static struct ib_cq *idr_read_cq(int cq_handle, struct ib_ucontext *context, int nested)
233 return idr_read_obj(&ib_uverbs_cq_idr, cq_handle, context, nested);
236 static void put_cq_read(struct ib_cq *cq)
238 put_uobj_read(cq->uobject);
241 static struct ib_ah *idr_read_ah(int ah_handle, struct ib_ucontext *context)
243 return idr_read_obj(&ib_uverbs_ah_idr, ah_handle, context, 0);
246 static void put_ah_read(struct ib_ah *ah)
248 put_uobj_read(ah->uobject);
251 static struct ib_qp *idr_read_qp(int qp_handle, struct ib_ucontext *context)
253 return idr_read_obj(&ib_uverbs_qp_idr, qp_handle, context, 0);
256 static struct ib_wq *idr_read_wq(int wq_handle, struct ib_ucontext *context)
258 return idr_read_obj(&ib_uverbs_wq_idr, wq_handle, context, 0);
261 static void put_wq_read(struct ib_wq *wq)
263 put_uobj_read(wq->uobject);
266 static struct ib_rwq_ind_table *idr_read_rwq_indirection_table(int ind_table_handle,
267 struct ib_ucontext *context)
269 return idr_read_obj(&ib_uverbs_rwq_ind_tbl_idr, ind_table_handle, context, 0);
272 static void put_rwq_indirection_table_read(struct ib_rwq_ind_table *ind_table)
274 put_uobj_read(ind_table->uobject);
277 static struct ib_qp *idr_write_qp(int qp_handle, struct ib_ucontext *context)
279 struct ib_uobject *uobj;
281 uobj = idr_write_uobj(&ib_uverbs_qp_idr, qp_handle, context);
282 return uobj ? uobj->object : NULL;
285 static void put_qp_read(struct ib_qp *qp)
287 put_uobj_read(qp->uobject);
290 static void put_qp_write(struct ib_qp *qp)
292 put_uobj_write(qp->uobject);
295 static struct ib_srq *idr_read_srq(int srq_handle, struct ib_ucontext *context)
297 return idr_read_obj(&ib_uverbs_srq_idr, srq_handle, context, 0);
300 static void put_srq_read(struct ib_srq *srq)
302 put_uobj_read(srq->uobject);
305 static struct ib_xrcd *idr_read_xrcd(int xrcd_handle, struct ib_ucontext *context,
306 struct ib_uobject **uobj)
308 *uobj = idr_read_uobj(&ib_uverbs_xrcd_idr, xrcd_handle, context, 0);
309 return *uobj ? (*uobj)->object : NULL;
312 static void put_xrcd_read(struct ib_uobject *uobj)
317 ssize_t ib_uverbs_get_context(struct ib_uverbs_file *file,
318 struct ib_device *ib_dev,
319 const char __user *buf,
320 int in_len, int out_len)
322 struct ib_uverbs_get_context cmd;
323 struct ib_uverbs_get_context_resp resp;
324 struct ib_udata udata;
325 struct ib_ucontext *ucontext;
329 if (out_len < sizeof resp)
332 if (copy_from_user(&cmd, buf, sizeof cmd))
335 mutex_lock(&file->mutex);
337 if (file->ucontext) {
342 INIT_UDATA(&udata, buf + sizeof cmd,
343 (unsigned long) cmd.response + sizeof resp,
344 in_len - sizeof cmd, out_len - sizeof resp);
346 ucontext = ib_dev->alloc_ucontext(ib_dev, &udata);
347 if (IS_ERR(ucontext)) {
348 ret = PTR_ERR(ucontext);
352 ucontext->device = ib_dev;
353 INIT_LIST_HEAD(&ucontext->pd_list);
354 INIT_LIST_HEAD(&ucontext->mr_list);
355 INIT_LIST_HEAD(&ucontext->mw_list);
356 INIT_LIST_HEAD(&ucontext->cq_list);
357 INIT_LIST_HEAD(&ucontext->qp_list);
358 INIT_LIST_HEAD(&ucontext->srq_list);
359 INIT_LIST_HEAD(&ucontext->ah_list);
360 INIT_LIST_HEAD(&ucontext->wq_list);
361 INIT_LIST_HEAD(&ucontext->rwq_ind_tbl_list);
362 INIT_LIST_HEAD(&ucontext->xrcd_list);
363 INIT_LIST_HEAD(&ucontext->rule_list);
365 ucontext->tgid = get_pid(task_pid_group_leader(current));
367 ucontext->closing = 0;
369 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
370 ucontext->umem_tree = RB_ROOT;
371 init_rwsem(&ucontext->umem_rwsem);
372 ucontext->odp_mrs_count = 0;
373 INIT_LIST_HEAD(&ucontext->no_private_counters);
375 if (!(ib_dev->attrs.device_cap_flags & IB_DEVICE_ON_DEMAND_PAGING))
376 ucontext->invalidate_range = NULL;
380 resp.num_comp_vectors = file->device->num_comp_vectors;
382 ret = get_unused_fd_flags(O_CLOEXEC);
387 filp = ib_uverbs_alloc_event_file(file, ib_dev, 1);
393 if (copy_to_user((void __user *) (unsigned long) cmd.response,
394 &resp, sizeof resp)) {
399 file->ucontext = ucontext;
401 fd_install(resp.async_fd, filp);
403 mutex_unlock(&file->mutex);
408 ib_uverbs_free_async_event_file(file);
412 put_unused_fd(resp.async_fd);
415 put_pid(ucontext->tgid);
416 ib_dev->dealloc_ucontext(ucontext);
419 mutex_unlock(&file->mutex);
423 static void copy_query_dev_fields(struct ib_uverbs_file *file,
424 struct ib_device *ib_dev,
425 struct ib_uverbs_query_device_resp *resp,
426 struct ib_device_attr *attr)
428 resp->fw_ver = attr->fw_ver;
429 resp->node_guid = ib_dev->node_guid;
430 resp->sys_image_guid = attr->sys_image_guid;
431 resp->max_mr_size = attr->max_mr_size;
432 resp->page_size_cap = attr->page_size_cap;
433 resp->vendor_id = attr->vendor_id;
434 resp->vendor_part_id = attr->vendor_part_id;
435 resp->hw_ver = attr->hw_ver;
436 resp->max_qp = attr->max_qp;
437 resp->max_qp_wr = attr->max_qp_wr;
438 resp->device_cap_flags = (u32)(attr->device_cap_flags);
439 resp->max_sge = attr->max_sge;
440 resp->max_sge_rd = attr->max_sge_rd;
441 resp->max_cq = attr->max_cq;
442 resp->max_cqe = attr->max_cqe;
443 resp->max_mr = attr->max_mr;
444 resp->max_pd = attr->max_pd;
445 resp->max_qp_rd_atom = attr->max_qp_rd_atom;
446 resp->max_ee_rd_atom = attr->max_ee_rd_atom;
447 resp->max_res_rd_atom = attr->max_res_rd_atom;
448 resp->max_qp_init_rd_atom = attr->max_qp_init_rd_atom;
449 resp->max_ee_init_rd_atom = attr->max_ee_init_rd_atom;
450 resp->atomic_cap = attr->atomic_cap;
451 resp->max_ee = attr->max_ee;
452 resp->max_rdd = attr->max_rdd;
453 resp->max_mw = attr->max_mw;
454 resp->max_raw_ipv6_qp = attr->max_raw_ipv6_qp;
455 resp->max_raw_ethy_qp = attr->max_raw_ethy_qp;
456 resp->max_mcast_grp = attr->max_mcast_grp;
457 resp->max_mcast_qp_attach = attr->max_mcast_qp_attach;
458 resp->max_total_mcast_qp_attach = attr->max_total_mcast_qp_attach;
459 resp->max_ah = attr->max_ah;
460 resp->max_fmr = attr->max_fmr;
461 resp->max_map_per_fmr = attr->max_map_per_fmr;
462 resp->max_srq = attr->max_srq;
463 resp->max_srq_wr = attr->max_srq_wr;
464 resp->max_srq_sge = attr->max_srq_sge;
465 resp->max_pkeys = attr->max_pkeys;
466 resp->local_ca_ack_delay = attr->local_ca_ack_delay;
467 resp->phys_port_cnt = ib_dev->phys_port_cnt;
470 ssize_t ib_uverbs_query_device(struct ib_uverbs_file *file,
471 struct ib_device *ib_dev,
472 const char __user *buf,
473 int in_len, int out_len)
475 struct ib_uverbs_query_device cmd;
476 struct ib_uverbs_query_device_resp resp;
478 if (out_len < sizeof resp)
481 if (copy_from_user(&cmd, buf, sizeof cmd))
484 memset(&resp, 0, sizeof resp);
485 copy_query_dev_fields(file, ib_dev, &resp, &ib_dev->attrs);
487 if (copy_to_user((void __user *) (unsigned long) cmd.response,
494 ssize_t ib_uverbs_query_port(struct ib_uverbs_file *file,
495 struct ib_device *ib_dev,
496 const char __user *buf,
497 int in_len, int out_len)
499 struct ib_uverbs_query_port cmd;
500 struct ib_uverbs_query_port_resp resp;
501 struct ib_port_attr attr;
504 if (out_len < sizeof resp)
507 if (copy_from_user(&cmd, buf, sizeof cmd))
510 ret = ib_query_port(ib_dev, cmd.port_num, &attr);
514 memset(&resp, 0, sizeof resp);
516 resp.state = attr.state;
517 resp.max_mtu = attr.max_mtu;
518 resp.active_mtu = attr.active_mtu;
519 resp.gid_tbl_len = attr.gid_tbl_len;
520 resp.port_cap_flags = attr.port_cap_flags;
521 resp.max_msg_sz = attr.max_msg_sz;
522 resp.bad_pkey_cntr = attr.bad_pkey_cntr;
523 resp.qkey_viol_cntr = attr.qkey_viol_cntr;
524 resp.pkey_tbl_len = attr.pkey_tbl_len;
526 resp.sm_lid = attr.sm_lid;
528 resp.max_vl_num = attr.max_vl_num;
529 resp.sm_sl = attr.sm_sl;
530 resp.subnet_timeout = attr.subnet_timeout;
531 resp.init_type_reply = attr.init_type_reply;
532 resp.active_width = attr.active_width;
533 resp.active_speed = attr.active_speed;
534 resp.phys_state = attr.phys_state;
535 resp.link_layer = rdma_port_get_link_layer(ib_dev,
538 if (copy_to_user((void __user *) (unsigned long) cmd.response,
545 ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file,
546 struct ib_device *ib_dev,
547 const char __user *buf,
548 int in_len, int out_len)
550 struct ib_uverbs_alloc_pd cmd;
551 struct ib_uverbs_alloc_pd_resp resp;
552 struct ib_udata udata;
553 struct ib_uobject *uobj;
557 if (out_len < sizeof resp)
560 if (copy_from_user(&cmd, buf, sizeof cmd))
563 INIT_UDATA(&udata, buf + sizeof cmd,
564 (unsigned long) cmd.response + sizeof resp,
565 in_len - sizeof cmd, out_len - sizeof resp);
567 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
571 init_uobj(uobj, 0, file->ucontext, &pd_lock_class);
572 down_write(&uobj->mutex);
574 pd = ib_dev->alloc_pd(ib_dev, file->ucontext, &udata);
582 pd->__internal_mr = NULL;
583 atomic_set(&pd->usecnt, 0);
586 ret = idr_add_uobj(&ib_uverbs_pd_idr, uobj);
590 memset(&resp, 0, sizeof resp);
591 resp.pd_handle = uobj->id;
593 if (copy_to_user((void __user *) (unsigned long) cmd.response,
594 &resp, sizeof resp)) {
599 mutex_lock(&file->mutex);
600 list_add_tail(&uobj->list, &file->ucontext->pd_list);
601 mutex_unlock(&file->mutex);
605 up_write(&uobj->mutex);
610 idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
616 put_uobj_write(uobj);
620 ssize_t ib_uverbs_dealloc_pd(struct ib_uverbs_file *file,
621 struct ib_device *ib_dev,
622 const char __user *buf,
623 int in_len, int out_len)
625 struct ib_uverbs_dealloc_pd cmd;
626 struct ib_uobject *uobj;
630 if (copy_from_user(&cmd, buf, sizeof cmd))
633 uobj = idr_write_uobj(&ib_uverbs_pd_idr, cmd.pd_handle, file->ucontext);
638 if (atomic_read(&pd->usecnt)) {
643 ret = pd->device->dealloc_pd(uobj->object);
644 WARN_ONCE(ret, "Infiniband HW driver failed dealloc_pd");
649 put_uobj_write(uobj);
651 idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
653 mutex_lock(&file->mutex);
654 list_del(&uobj->list);
655 mutex_unlock(&file->mutex);
662 put_uobj_write(uobj);
666 struct xrcd_table_entry {
668 struct ib_xrcd *xrcd;
672 static int xrcd_table_insert(struct ib_uverbs_device *dev,
674 struct ib_xrcd *xrcd)
676 struct xrcd_table_entry *entry, *scan;
677 struct rb_node **p = &dev->xrcd_tree.rb_node;
678 struct rb_node *parent = NULL;
680 entry = kmalloc(sizeof *entry, GFP_KERNEL);
685 entry->inode = inode;
689 scan = rb_entry(parent, struct xrcd_table_entry, node);
691 if (inode < scan->inode) {
693 } else if (inode > scan->inode) {
701 rb_link_node(&entry->node, parent, p);
702 rb_insert_color(&entry->node, &dev->xrcd_tree);
707 static struct xrcd_table_entry *xrcd_table_search(struct ib_uverbs_device *dev,
710 struct xrcd_table_entry *entry;
711 struct rb_node *p = dev->xrcd_tree.rb_node;
714 entry = rb_entry(p, struct xrcd_table_entry, node);
716 if (inode < entry->inode)
718 else if (inode > entry->inode)
727 static struct ib_xrcd *find_xrcd(struct ib_uverbs_device *dev, struct inode *inode)
729 struct xrcd_table_entry *entry;
731 entry = xrcd_table_search(dev, inode);
738 static void xrcd_table_delete(struct ib_uverbs_device *dev,
741 struct xrcd_table_entry *entry;
743 entry = xrcd_table_search(dev, inode);
746 rb_erase(&entry->node, &dev->xrcd_tree);
751 ssize_t ib_uverbs_open_xrcd(struct ib_uverbs_file *file,
752 struct ib_device *ib_dev,
753 const char __user *buf, int in_len,
756 struct ib_uverbs_open_xrcd cmd;
757 struct ib_uverbs_open_xrcd_resp resp;
758 struct ib_udata udata;
759 struct ib_uxrcd_object *obj;
760 struct ib_xrcd *xrcd = NULL;
761 struct fd f = {NULL};
762 struct inode *inode = NULL;
766 if (out_len < sizeof resp)
769 if (copy_from_user(&cmd, buf, sizeof cmd))
772 INIT_UDATA(&udata, buf + sizeof cmd,
773 (unsigned long) cmd.response + sizeof resp,
774 in_len - sizeof cmd, out_len - sizeof resp);
776 mutex_lock(&file->device->xrcd_tree_mutex);
779 /* search for file descriptor */
783 goto err_tree_mutex_unlock;
786 inode = f.file->f_dentry->d_inode;
787 xrcd = find_xrcd(file->device, inode);
788 if (!xrcd && !(cmd.oflags & O_CREAT)) {
789 /* no file descriptor. Need CREATE flag */
791 goto err_tree_mutex_unlock;
794 if (xrcd && cmd.oflags & O_EXCL) {
796 goto err_tree_mutex_unlock;
800 obj = kmalloc(sizeof *obj, GFP_KERNEL);
803 goto err_tree_mutex_unlock;
806 init_uobj(&obj->uobject, 0, file->ucontext, &xrcd_lock_class);
808 down_write(&obj->uobject.mutex);
811 xrcd = ib_dev->alloc_xrcd(ib_dev, file->ucontext, &udata);
818 xrcd->device = ib_dev;
819 atomic_set(&xrcd->usecnt, 0);
820 mutex_init(&xrcd->tgt_qp_mutex);
821 INIT_LIST_HEAD(&xrcd->tgt_qp_list);
825 atomic_set(&obj->refcnt, 0);
826 obj->uobject.object = xrcd;
827 ret = idr_add_uobj(&ib_uverbs_xrcd_idr, &obj->uobject);
831 memset(&resp, 0, sizeof resp);
832 resp.xrcd_handle = obj->uobject.id;
836 /* create new inode/xrcd table entry */
837 ret = xrcd_table_insert(file->device, inode, xrcd);
839 goto err_insert_xrcd;
841 atomic_inc(&xrcd->usecnt);
844 if (copy_to_user((void __user *) (unsigned long) cmd.response,
845 &resp, sizeof resp)) {
853 mutex_lock(&file->mutex);
854 list_add_tail(&obj->uobject.list, &file->ucontext->xrcd_list);
855 mutex_unlock(&file->mutex);
857 obj->uobject.live = 1;
858 up_write(&obj->uobject.mutex);
860 mutex_unlock(&file->device->xrcd_tree_mutex);
866 xrcd_table_delete(file->device, inode);
867 atomic_dec(&xrcd->usecnt);
871 idr_remove_uobj(&ib_uverbs_xrcd_idr, &obj->uobject);
874 ib_dealloc_xrcd(xrcd);
877 put_uobj_write(&obj->uobject);
879 err_tree_mutex_unlock:
883 mutex_unlock(&file->device->xrcd_tree_mutex);
888 ssize_t ib_uverbs_close_xrcd(struct ib_uverbs_file *file,
889 struct ib_device *ib_dev,
890 const char __user *buf, int in_len,
893 struct ib_uverbs_close_xrcd cmd;
894 struct ib_uobject *uobj;
895 struct ib_xrcd *xrcd = NULL;
896 struct inode *inode = NULL;
897 struct ib_uxrcd_object *obj;
901 if (copy_from_user(&cmd, buf, sizeof cmd))
904 mutex_lock(&file->device->xrcd_tree_mutex);
905 uobj = idr_write_uobj(&ib_uverbs_xrcd_idr, cmd.xrcd_handle, file->ucontext);
913 obj = container_of(uobj, struct ib_uxrcd_object, uobject);
914 if (atomic_read(&obj->refcnt)) {
915 put_uobj_write(uobj);
920 if (!inode || atomic_dec_and_test(&xrcd->usecnt)) {
921 ret = ib_dealloc_xrcd(uobj->object);
928 atomic_inc(&xrcd->usecnt);
930 put_uobj_write(uobj);
936 xrcd_table_delete(file->device, inode);
938 idr_remove_uobj(&ib_uverbs_xrcd_idr, uobj);
939 mutex_lock(&file->mutex);
940 list_del(&uobj->list);
941 mutex_unlock(&file->mutex);
947 mutex_unlock(&file->device->xrcd_tree_mutex);
951 void ib_uverbs_dealloc_xrcd(struct ib_uverbs_device *dev,
952 struct ib_xrcd *xrcd)
957 if (inode && !atomic_dec_and_test(&xrcd->usecnt))
960 ib_dealloc_xrcd(xrcd);
963 xrcd_table_delete(dev, inode);
966 ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file,
967 struct ib_device *ib_dev,
968 const char __user *buf, int in_len,
971 struct ib_uverbs_reg_mr cmd;
972 struct ib_uverbs_reg_mr_resp resp;
973 struct ib_udata udata;
974 struct ib_uobject *uobj;
979 if (out_len < sizeof resp)
982 if (copy_from_user(&cmd, buf, sizeof cmd))
985 INIT_UDATA(&udata, buf + sizeof cmd,
986 (unsigned long) cmd.response + sizeof resp,
987 in_len - sizeof cmd, out_len - sizeof resp);
989 if ((cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK))
992 ret = ib_check_mr_access(cmd.access_flags);
996 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
1000 init_uobj(uobj, 0, file->ucontext, &mr_lock_class);
1001 down_write(&uobj->mutex);
1003 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1009 if (cmd.access_flags & IB_ACCESS_ON_DEMAND) {
1010 if (!(pd->device->attrs.device_cap_flags &
1011 IB_DEVICE_ON_DEMAND_PAGING)) {
1012 pr_debug("ODP support not available\n");
1018 mr = pd->device->reg_user_mr(pd, cmd.start, cmd.length, cmd.hca_va,
1019 cmd.access_flags, &udata);
1025 mr->device = pd->device;
1028 atomic_inc(&pd->usecnt);
1031 ret = idr_add_uobj(&ib_uverbs_mr_idr, uobj);
1035 memset(&resp, 0, sizeof resp);
1036 resp.lkey = mr->lkey;
1037 resp.rkey = mr->rkey;
1038 resp.mr_handle = uobj->id;
1040 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1041 &resp, sizeof resp)) {
1048 mutex_lock(&file->mutex);
1049 list_add_tail(&uobj->list, &file->ucontext->mr_list);
1050 mutex_unlock(&file->mutex);
1054 up_write(&uobj->mutex);
1059 idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
1068 put_uobj_write(uobj);
1072 ssize_t ib_uverbs_rereg_mr(struct ib_uverbs_file *file,
1073 struct ib_device *ib_dev,
1074 const char __user *buf, int in_len,
1077 struct ib_uverbs_rereg_mr cmd;
1078 struct ib_uverbs_rereg_mr_resp resp;
1079 struct ib_udata udata;
1080 struct ib_pd *pd = NULL;
1082 struct ib_pd *old_pd;
1084 struct ib_uobject *uobj;
1086 if (out_len < sizeof(resp))
1089 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1092 INIT_UDATA(&udata, buf + sizeof(cmd),
1093 (unsigned long) cmd.response + sizeof(resp),
1094 in_len - sizeof(cmd), out_len - sizeof(resp));
1096 if (cmd.flags & ~IB_MR_REREG_SUPPORTED || !cmd.flags)
1099 if ((cmd.flags & IB_MR_REREG_TRANS) &&
1100 (!cmd.start || !cmd.hca_va || 0 >= cmd.length ||
1101 (cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK)))
1104 uobj = idr_write_uobj(&ib_uverbs_mr_idr, cmd.mr_handle,
1112 if (cmd.flags & IB_MR_REREG_ACCESS) {
1113 ret = ib_check_mr_access(cmd.access_flags);
1118 if (cmd.flags & IB_MR_REREG_PD) {
1119 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1127 ret = mr->device->rereg_user_mr(mr, cmd.flags, cmd.start,
1128 cmd.length, cmd.hca_va,
1129 cmd.access_flags, pd, &udata);
1131 if (cmd.flags & IB_MR_REREG_PD) {
1132 atomic_inc(&pd->usecnt);
1134 atomic_dec(&old_pd->usecnt);
1140 memset(&resp, 0, sizeof(resp));
1141 resp.lkey = mr->lkey;
1142 resp.rkey = mr->rkey;
1144 if (copy_to_user((void __user *)(unsigned long)cmd.response,
1145 &resp, sizeof(resp)))
1151 if (cmd.flags & IB_MR_REREG_PD)
1156 put_uobj_write(mr->uobject);
1161 ssize_t ib_uverbs_dereg_mr(struct ib_uverbs_file *file,
1162 struct ib_device *ib_dev,
1163 const char __user *buf, int in_len,
1166 struct ib_uverbs_dereg_mr cmd;
1168 struct ib_uobject *uobj;
1171 if (copy_from_user(&cmd, buf, sizeof cmd))
1174 uobj = idr_write_uobj(&ib_uverbs_mr_idr, cmd.mr_handle, file->ucontext);
1180 ret = ib_dereg_mr(mr);
1184 put_uobj_write(uobj);
1189 idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
1191 mutex_lock(&file->mutex);
1192 list_del(&uobj->list);
1193 mutex_unlock(&file->mutex);
1200 ssize_t ib_uverbs_alloc_mw(struct ib_uverbs_file *file,
1201 struct ib_device *ib_dev,
1202 const char __user *buf, int in_len,
1205 struct ib_uverbs_alloc_mw cmd;
1206 struct ib_uverbs_alloc_mw_resp resp;
1207 struct ib_uobject *uobj;
1210 struct ib_udata udata;
1213 if (out_len < sizeof(resp))
1216 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1219 uobj = kmalloc(sizeof(*uobj), GFP_KERNEL);
1223 init_uobj(uobj, 0, file->ucontext, &mw_lock_class);
1224 down_write(&uobj->mutex);
1226 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1232 INIT_UDATA(&udata, buf + sizeof(cmd),
1233 (unsigned long)cmd.response + sizeof(resp),
1234 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr),
1235 out_len - sizeof(resp));
1237 mw = pd->device->alloc_mw(pd, cmd.mw_type, &udata);
1243 mw->device = pd->device;
1246 atomic_inc(&pd->usecnt);
1249 ret = idr_add_uobj(&ib_uverbs_mw_idr, uobj);
1253 memset(&resp, 0, sizeof(resp));
1254 resp.rkey = mw->rkey;
1255 resp.mw_handle = uobj->id;
1257 if (copy_to_user((void __user *)(unsigned long)cmd.response,
1258 &resp, sizeof(resp))) {
1265 mutex_lock(&file->mutex);
1266 list_add_tail(&uobj->list, &file->ucontext->mw_list);
1267 mutex_unlock(&file->mutex);
1271 up_write(&uobj->mutex);
1276 idr_remove_uobj(&ib_uverbs_mw_idr, uobj);
1279 uverbs_dealloc_mw(mw);
1285 put_uobj_write(uobj);
1289 ssize_t ib_uverbs_dealloc_mw(struct ib_uverbs_file *file,
1290 struct ib_device *ib_dev,
1291 const char __user *buf, int in_len,
1294 struct ib_uverbs_dealloc_mw cmd;
1296 struct ib_uobject *uobj;
1299 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1302 uobj = idr_write_uobj(&ib_uverbs_mw_idr, cmd.mw_handle, file->ucontext);
1308 ret = uverbs_dealloc_mw(mw);
1312 put_uobj_write(uobj);
1317 idr_remove_uobj(&ib_uverbs_mw_idr, uobj);
1319 mutex_lock(&file->mutex);
1320 list_del(&uobj->list);
1321 mutex_unlock(&file->mutex);
1328 ssize_t ib_uverbs_create_comp_channel(struct ib_uverbs_file *file,
1329 struct ib_device *ib_dev,
1330 const char __user *buf, int in_len,
1333 struct ib_uverbs_create_comp_channel cmd;
1334 struct ib_uverbs_create_comp_channel_resp resp;
1338 if (out_len < sizeof resp)
1341 if (copy_from_user(&cmd, buf, sizeof cmd))
1344 ret = get_unused_fd_flags(O_CLOEXEC);
1349 filp = ib_uverbs_alloc_event_file(file, ib_dev, 0);
1351 put_unused_fd(resp.fd);
1352 return PTR_ERR(filp);
1355 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1356 &resp, sizeof resp)) {
1357 put_unused_fd(resp.fd);
1362 fd_install(resp.fd, filp);
1366 static struct ib_ucq_object *create_cq(struct ib_uverbs_file *file,
1367 struct ib_device *ib_dev,
1368 struct ib_udata *ucore,
1369 struct ib_udata *uhw,
1370 struct ib_uverbs_ex_create_cq *cmd,
1372 int (*cb)(struct ib_uverbs_file *file,
1373 struct ib_ucq_object *obj,
1374 struct ib_uverbs_ex_create_cq_resp *resp,
1375 struct ib_udata *udata,
1379 struct ib_ucq_object *obj;
1380 struct ib_uverbs_event_file *ev_file = NULL;
1383 struct ib_uverbs_ex_create_cq_resp resp;
1384 struct ib_cq_init_attr attr = {};
1386 if (cmd->comp_vector >= file->device->num_comp_vectors)
1387 return ERR_PTR(-EINVAL);
1389 obj = kmalloc(sizeof *obj, GFP_KERNEL);
1391 return ERR_PTR(-ENOMEM);
1393 init_uobj(&obj->uobject, cmd->user_handle, file->ucontext, &cq_lock_class);
1394 down_write(&obj->uobject.mutex);
1396 if (cmd->comp_channel >= 0) {
1397 ev_file = ib_uverbs_lookup_comp_file(cmd->comp_channel);
1404 obj->uverbs_file = file;
1405 obj->comp_events_reported = 0;
1406 obj->async_events_reported = 0;
1407 INIT_LIST_HEAD(&obj->comp_list);
1408 INIT_LIST_HEAD(&obj->async_list);
1410 attr.cqe = cmd->cqe;
1411 attr.comp_vector = cmd->comp_vector;
1413 if (cmd_sz > offsetof(typeof(*cmd), flags) + sizeof(cmd->flags))
1414 attr.flags = cmd->flags;
1416 cq = ib_dev->create_cq(ib_dev, &attr,
1417 file->ucontext, uhw);
1423 cq->device = ib_dev;
1424 cq->uobject = &obj->uobject;
1425 cq->comp_handler = ib_uverbs_comp_handler;
1426 cq->event_handler = ib_uverbs_cq_event_handler;
1427 cq->cq_context = ev_file;
1428 atomic_set(&cq->usecnt, 0);
1430 obj->uobject.object = cq;
1431 ret = idr_add_uobj(&ib_uverbs_cq_idr, &obj->uobject);
1435 memset(&resp, 0, sizeof resp);
1436 resp.base.cq_handle = obj->uobject.id;
1437 resp.base.cqe = cq->cqe;
1439 resp.response_length = offsetof(typeof(resp), response_length) +
1440 sizeof(resp.response_length);
1442 ret = cb(file, obj, &resp, ucore, context);
1446 mutex_lock(&file->mutex);
1447 list_add_tail(&obj->uobject.list, &file->ucontext->cq_list);
1448 mutex_unlock(&file->mutex);
1450 obj->uobject.live = 1;
1452 up_write(&obj->uobject.mutex);
1457 idr_remove_uobj(&ib_uverbs_cq_idr, &obj->uobject);
1464 ib_uverbs_release_ucq(file, ev_file, obj);
1467 put_uobj_write(&obj->uobject);
1469 return ERR_PTR(ret);
1472 static int ib_uverbs_create_cq_cb(struct ib_uverbs_file *file,
1473 struct ib_ucq_object *obj,
1474 struct ib_uverbs_ex_create_cq_resp *resp,
1475 struct ib_udata *ucore, void *context)
1477 if (ib_copy_to_udata(ucore, &resp->base, sizeof(resp->base)))
1483 ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file,
1484 struct ib_device *ib_dev,
1485 const char __user *buf, int in_len,
1488 struct ib_uverbs_create_cq cmd;
1489 struct ib_uverbs_ex_create_cq cmd_ex;
1490 struct ib_uverbs_create_cq_resp resp;
1491 struct ib_udata ucore;
1492 struct ib_udata uhw;
1493 struct ib_ucq_object *obj;
1495 if (out_len < sizeof(resp))
1498 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1501 INIT_UDATA(&ucore, buf, (unsigned long)cmd.response, sizeof(cmd), sizeof(resp));
1503 INIT_UDATA(&uhw, buf + sizeof(cmd),
1504 (unsigned long)cmd.response + sizeof(resp),
1505 in_len - sizeof(cmd), out_len - sizeof(resp));
1507 memset(&cmd_ex, 0, sizeof(cmd_ex));
1508 cmd_ex.user_handle = cmd.user_handle;
1509 cmd_ex.cqe = cmd.cqe;
1510 cmd_ex.comp_vector = cmd.comp_vector;
1511 cmd_ex.comp_channel = cmd.comp_channel;
1513 obj = create_cq(file, ib_dev, &ucore, &uhw, &cmd_ex,
1514 offsetof(typeof(cmd_ex), comp_channel) +
1515 sizeof(cmd.comp_channel), ib_uverbs_create_cq_cb,
1519 return PTR_ERR(obj);
1524 static int ib_uverbs_ex_create_cq_cb(struct ib_uverbs_file *file,
1525 struct ib_ucq_object *obj,
1526 struct ib_uverbs_ex_create_cq_resp *resp,
1527 struct ib_udata *ucore, void *context)
1529 if (ib_copy_to_udata(ucore, resp, resp->response_length))
1535 int ib_uverbs_ex_create_cq(struct ib_uverbs_file *file,
1536 struct ib_device *ib_dev,
1537 struct ib_udata *ucore,
1538 struct ib_udata *uhw)
1540 struct ib_uverbs_ex_create_cq_resp resp;
1541 struct ib_uverbs_ex_create_cq cmd;
1542 struct ib_ucq_object *obj;
1545 if (ucore->inlen < sizeof(cmd))
1548 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
1558 if (ucore->outlen < (offsetof(typeof(resp), response_length) +
1559 sizeof(resp.response_length)))
1562 obj = create_cq(file, ib_dev, ucore, uhw, &cmd,
1563 min(ucore->inlen, sizeof(cmd)),
1564 ib_uverbs_ex_create_cq_cb, NULL);
1567 return PTR_ERR(obj);
1572 ssize_t ib_uverbs_resize_cq(struct ib_uverbs_file *file,
1573 struct ib_device *ib_dev,
1574 const char __user *buf, int in_len,
1577 struct ib_uverbs_resize_cq cmd;
1578 struct ib_uverbs_resize_cq_resp resp;
1579 struct ib_udata udata;
1583 if (copy_from_user(&cmd, buf, sizeof cmd))
1586 INIT_UDATA(&udata, buf + sizeof cmd,
1587 (unsigned long) cmd.response + sizeof resp,
1588 in_len - sizeof cmd, out_len - sizeof resp);
1590 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1594 ret = cq->device->resize_cq(cq, cmd.cqe, &udata);
1600 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1601 &resp, sizeof resp.cqe))
1607 return ret ? ret : in_len;
1610 static int copy_wc_to_user(void __user *dest, struct ib_wc *wc)
1612 struct ib_uverbs_wc tmp;
1614 tmp.wr_id = wc->wr_id;
1615 tmp.status = wc->status;
1616 tmp.opcode = wc->opcode;
1617 tmp.vendor_err = wc->vendor_err;
1618 tmp.byte_len = wc->byte_len;
1619 tmp.ex.imm_data = (__u32 __force) wc->ex.imm_data;
1620 tmp.qp_num = wc->qp->qp_num;
1621 tmp.src_qp = wc->src_qp;
1622 tmp.wc_flags = wc->wc_flags;
1623 tmp.pkey_index = wc->pkey_index;
1624 tmp.slid = wc->slid;
1626 tmp.dlid_path_bits = wc->dlid_path_bits;
1627 tmp.port_num = wc->port_num;
1630 if (copy_to_user(dest, &tmp, sizeof tmp))
1636 ssize_t ib_uverbs_poll_cq(struct ib_uverbs_file *file,
1637 struct ib_device *ib_dev,
1638 const char __user *buf, int in_len,
1641 struct ib_uverbs_poll_cq cmd;
1642 struct ib_uverbs_poll_cq_resp resp;
1643 u8 __user *header_ptr;
1644 u8 __user *data_ptr;
1649 if (copy_from_user(&cmd, buf, sizeof cmd))
1652 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1656 /* we copy a struct ib_uverbs_poll_cq_resp to user space */
1657 header_ptr = (void __user *)(unsigned long) cmd.response;
1658 data_ptr = header_ptr + sizeof resp;
1660 memset(&resp, 0, sizeof resp);
1661 while (resp.count < cmd.ne) {
1662 ret = ib_poll_cq(cq, 1, &wc);
1668 ret = copy_wc_to_user(data_ptr, &wc);
1672 data_ptr += sizeof(struct ib_uverbs_wc);
1676 if (copy_to_user(header_ptr, &resp, sizeof resp)) {
1688 ssize_t ib_uverbs_req_notify_cq(struct ib_uverbs_file *file,
1689 struct ib_device *ib_dev,
1690 const char __user *buf, int in_len,
1693 struct ib_uverbs_req_notify_cq cmd;
1697 if (copy_from_user(&cmd, buf, sizeof cmd))
1700 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1704 if (ib_req_notify_cq(cq, cmd.solicited_only ?
1705 IB_CQ_SOLICITED : IB_CQ_NEXT_COMP) < 0)
1715 ssize_t ib_uverbs_destroy_cq(struct ib_uverbs_file *file,
1716 struct ib_device *ib_dev,
1717 const char __user *buf, int in_len,
1720 struct ib_uverbs_destroy_cq cmd;
1721 struct ib_uverbs_destroy_cq_resp resp;
1722 struct ib_uobject *uobj;
1724 struct ib_ucq_object *obj;
1725 struct ib_uverbs_event_file *ev_file;
1728 if (copy_from_user(&cmd, buf, sizeof cmd))
1731 uobj = idr_write_uobj(&ib_uverbs_cq_idr, cmd.cq_handle, file->ucontext);
1735 ev_file = cq->cq_context;
1736 obj = container_of(cq->uobject, struct ib_ucq_object, uobject);
1738 ret = ib_destroy_cq(cq);
1742 put_uobj_write(uobj);
1747 idr_remove_uobj(&ib_uverbs_cq_idr, uobj);
1749 mutex_lock(&file->mutex);
1750 list_del(&uobj->list);
1751 mutex_unlock(&file->mutex);
1753 ib_uverbs_release_ucq(file, ev_file, obj);
1755 memset(&resp, 0, sizeof resp);
1756 resp.comp_events_reported = obj->comp_events_reported;
1757 resp.async_events_reported = obj->async_events_reported;
1761 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1762 &resp, sizeof resp))
1768 static int create_qp(struct ib_uverbs_file *file,
1769 struct ib_udata *ucore,
1770 struct ib_udata *uhw,
1771 struct ib_uverbs_ex_create_qp *cmd,
1773 int (*cb)(struct ib_uverbs_file *file,
1774 struct ib_uverbs_ex_create_qp_resp *resp,
1775 struct ib_udata *udata),
1778 struct ib_uqp_object *obj;
1779 struct ib_device *device;
1780 struct ib_pd *pd = NULL;
1781 struct ib_xrcd *xrcd = NULL;
1782 struct ib_uobject *uninitialized_var(xrcd_uobj);
1783 struct ib_cq *scq = NULL, *rcq = NULL;
1784 struct ib_srq *srq = NULL;
1787 struct ib_qp_init_attr attr = {};
1788 struct ib_uverbs_ex_create_qp_resp resp;
1790 struct ib_rwq_ind_table *ind_tbl = NULL;
1793 if (cmd->qp_type == IB_QPT_RAW_PACKET && priv_check(curthread, PRIV_NET_RAW) != 0)
1796 obj = kzalloc(sizeof *obj, GFP_KERNEL);
1800 init_uobj(&obj->uevent.uobject, cmd->user_handle, file->ucontext,
1802 mutex_init(&obj->mcast_lock);
1803 down_write(&obj->uevent.uobject.mutex);
1804 if (cmd_sz >= offsetof(typeof(*cmd), rwq_ind_tbl_handle) +
1805 sizeof(cmd->rwq_ind_tbl_handle) &&
1806 (cmd->comp_mask & IB_UVERBS_CREATE_QP_MASK_IND_TABLE)) {
1807 ind_tbl = idr_read_rwq_indirection_table(cmd->rwq_ind_tbl_handle,
1814 attr.rwq_ind_tbl = ind_tbl;
1817 if ((cmd_sz >= offsetof(typeof(*cmd), reserved1) +
1818 sizeof(cmd->reserved1)) && cmd->reserved1) {
1823 if (ind_tbl && (cmd->max_recv_wr || cmd->max_recv_sge || cmd->is_srq)) {
1828 if (ind_tbl && !cmd->max_send_wr)
1831 if (cmd->qp_type == IB_QPT_XRC_TGT) {
1832 xrcd = idr_read_xrcd(cmd->pd_handle, file->ucontext,
1838 device = xrcd->device;
1840 if (cmd->qp_type == IB_QPT_XRC_INI) {
1841 cmd->max_recv_wr = 0;
1842 cmd->max_recv_sge = 0;
1845 srq = idr_read_srq(cmd->srq_handle,
1847 if (!srq || srq->srq_type != IB_SRQT_BASIC) {
1854 if (cmd->recv_cq_handle != cmd->send_cq_handle) {
1855 rcq = idr_read_cq(cmd->recv_cq_handle,
1866 scq = idr_read_cq(cmd->send_cq_handle, file->ucontext, !!rcq);
1869 pd = idr_read_pd(cmd->pd_handle, file->ucontext);
1870 if (!pd || (!scq && has_sq)) {
1875 device = pd->device;
1878 attr.event_handler = ib_uverbs_qp_event_handler;
1879 attr.qp_context = file;
1884 attr.sq_sig_type = cmd->sq_sig_all ? IB_SIGNAL_ALL_WR :
1886 attr.qp_type = cmd->qp_type;
1887 attr.create_flags = 0;
1889 attr.cap.max_send_wr = cmd->max_send_wr;
1890 attr.cap.max_recv_wr = cmd->max_recv_wr;
1891 attr.cap.max_send_sge = cmd->max_send_sge;
1892 attr.cap.max_recv_sge = cmd->max_recv_sge;
1893 attr.cap.max_inline_data = cmd->max_inline_data;
1895 obj->uevent.events_reported = 0;
1896 INIT_LIST_HEAD(&obj->uevent.event_list);
1897 INIT_LIST_HEAD(&obj->mcast_list);
1899 if (cmd_sz >= offsetof(typeof(*cmd), create_flags) +
1900 sizeof(cmd->create_flags))
1901 attr.create_flags = cmd->create_flags;
1903 if (attr.create_flags & ~(IB_QP_CREATE_BLOCK_MULTICAST_LOOPBACK |
1904 IB_QP_CREATE_CROSS_CHANNEL |
1905 IB_QP_CREATE_MANAGED_SEND |
1906 IB_QP_CREATE_MANAGED_RECV |
1907 IB_QP_CREATE_SCATTER_FCS)) {
1912 buf = (char *)cmd + sizeof(*cmd);
1913 if (cmd_sz > sizeof(*cmd))
1914 if (!(buf[0] == 0 && !memcmp(buf, buf + 1,
1915 cmd_sz - sizeof(*cmd) - 1))) {
1920 if (cmd->qp_type == IB_QPT_XRC_TGT)
1921 qp = ib_create_qp(pd, &attr);
1923 qp = device->create_qp(pd, &attr, uhw);
1930 if (cmd->qp_type != IB_QPT_XRC_TGT) {
1932 qp->device = device;
1934 qp->send_cq = attr.send_cq;
1935 qp->recv_cq = attr.recv_cq;
1937 qp->rwq_ind_tbl = ind_tbl;
1938 qp->event_handler = attr.event_handler;
1939 qp->qp_context = attr.qp_context;
1940 qp->qp_type = attr.qp_type;
1941 atomic_set(&qp->usecnt, 0);
1942 atomic_inc(&pd->usecnt);
1944 atomic_inc(&attr.send_cq->usecnt);
1946 atomic_inc(&attr.recv_cq->usecnt);
1948 atomic_inc(&attr.srq->usecnt);
1950 atomic_inc(&ind_tbl->usecnt);
1952 /* It is done in _ib_create_qp for other QP types */
1953 qp->uobject = &obj->uevent.uobject;
1955 qp->uobject = &obj->uevent.uobject;
1957 obj->uevent.uobject.object = qp;
1958 ret = idr_add_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
1962 memset(&resp, 0, sizeof resp);
1963 resp.base.qpn = qp->qp_num;
1964 resp.base.qp_handle = obj->uevent.uobject.id;
1965 resp.base.max_recv_sge = attr.cap.max_recv_sge;
1966 resp.base.max_send_sge = attr.cap.max_send_sge;
1967 resp.base.max_recv_wr = attr.cap.max_recv_wr;
1968 resp.base.max_send_wr = attr.cap.max_send_wr;
1969 resp.base.max_inline_data = attr.cap.max_inline_data;
1971 resp.response_length = offsetof(typeof(resp), response_length) +
1972 sizeof(resp.response_length);
1974 ret = cb(file, &resp, ucore);
1979 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object,
1981 atomic_inc(&obj->uxrcd->refcnt);
1982 put_xrcd_read(xrcd_uobj);
1989 if (rcq && rcq != scq)
1994 put_rwq_indirection_table_read(ind_tbl);
1996 mutex_lock(&file->mutex);
1997 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->qp_list);
1998 mutex_unlock(&file->mutex);
2000 obj->uevent.uobject.live = 1;
2002 up_write(&obj->uevent.uobject.mutex);
2006 idr_remove_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
2013 put_xrcd_read(xrcd_uobj);
2018 if (rcq && rcq != scq)
2023 put_rwq_indirection_table_read(ind_tbl);
2025 put_uobj_write(&obj->uevent.uobject);
2029 static int ib_uverbs_create_qp_cb(struct ib_uverbs_file *file,
2030 struct ib_uverbs_ex_create_qp_resp *resp,
2031 struct ib_udata *ucore)
2033 if (ib_copy_to_udata(ucore, &resp->base, sizeof(resp->base)))
2039 ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
2040 struct ib_device *ib_dev,
2041 const char __user *buf, int in_len,
2044 struct ib_uverbs_create_qp cmd;
2045 struct ib_uverbs_ex_create_qp cmd_ex;
2046 struct ib_udata ucore;
2047 struct ib_udata uhw;
2048 ssize_t resp_size = sizeof(struct ib_uverbs_create_qp_resp);
2051 if (out_len < resp_size)
2054 if (copy_from_user(&cmd, buf, sizeof(cmd)))
2057 INIT_UDATA(&ucore, buf, (unsigned long)cmd.response, sizeof(cmd),
2059 INIT_UDATA(&uhw, buf + sizeof(cmd),
2060 (unsigned long)cmd.response + resp_size,
2061 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr),
2062 out_len - resp_size);
2064 memset(&cmd_ex, 0, sizeof(cmd_ex));
2065 cmd_ex.user_handle = cmd.user_handle;
2066 cmd_ex.pd_handle = cmd.pd_handle;
2067 cmd_ex.send_cq_handle = cmd.send_cq_handle;
2068 cmd_ex.recv_cq_handle = cmd.recv_cq_handle;
2069 cmd_ex.srq_handle = cmd.srq_handle;
2070 cmd_ex.max_send_wr = cmd.max_send_wr;
2071 cmd_ex.max_recv_wr = cmd.max_recv_wr;
2072 cmd_ex.max_send_sge = cmd.max_send_sge;
2073 cmd_ex.max_recv_sge = cmd.max_recv_sge;
2074 cmd_ex.max_inline_data = cmd.max_inline_data;
2075 cmd_ex.sq_sig_all = cmd.sq_sig_all;
2076 cmd_ex.qp_type = cmd.qp_type;
2077 cmd_ex.is_srq = cmd.is_srq;
2079 err = create_qp(file, &ucore, &uhw, &cmd_ex,
2080 offsetof(typeof(cmd_ex), is_srq) +
2081 sizeof(cmd.is_srq), ib_uverbs_create_qp_cb,
2090 static int ib_uverbs_ex_create_qp_cb(struct ib_uverbs_file *file,
2091 struct ib_uverbs_ex_create_qp_resp *resp,
2092 struct ib_udata *ucore)
2094 if (ib_copy_to_udata(ucore, resp, resp->response_length))
2100 int ib_uverbs_ex_create_qp(struct ib_uverbs_file *file,
2101 struct ib_device *ib_dev,
2102 struct ib_udata *ucore,
2103 struct ib_udata *uhw)
2105 struct ib_uverbs_ex_create_qp_resp resp;
2106 struct ib_uverbs_ex_create_qp cmd = {0};
2109 if (ucore->inlen < (offsetof(typeof(cmd), comp_mask) +
2110 sizeof(cmd.comp_mask)))
2113 err = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen));
2117 if (cmd.comp_mask & ~IB_UVERBS_CREATE_QP_SUP_COMP_MASK)
2123 if (ucore->outlen < (offsetof(typeof(resp), response_length) +
2124 sizeof(resp.response_length)))
2127 err = create_qp(file, ucore, uhw, &cmd,
2128 min(ucore->inlen, sizeof(cmd)),
2129 ib_uverbs_ex_create_qp_cb, NULL);
2137 ssize_t ib_uverbs_open_qp(struct ib_uverbs_file *file,
2138 struct ib_device *ib_dev,
2139 const char __user *buf, int in_len, int out_len)
2141 struct ib_uverbs_open_qp cmd;
2142 struct ib_uverbs_create_qp_resp resp;
2143 struct ib_udata udata;
2144 struct ib_uqp_object *obj;
2145 struct ib_xrcd *xrcd;
2146 struct ib_uobject *uninitialized_var(xrcd_uobj);
2148 struct ib_qp_open_attr attr;
2151 if (out_len < sizeof resp)
2154 if (copy_from_user(&cmd, buf, sizeof cmd))
2157 INIT_UDATA(&udata, buf + sizeof cmd,
2158 (unsigned long) cmd.response + sizeof resp,
2159 in_len - sizeof cmd, out_len - sizeof resp);
2161 obj = kmalloc(sizeof *obj, GFP_KERNEL);
2165 init_uobj(&obj->uevent.uobject, cmd.user_handle, file->ucontext, &qp_lock_class);
2166 down_write(&obj->uevent.uobject.mutex);
2168 xrcd = idr_read_xrcd(cmd.pd_handle, file->ucontext, &xrcd_uobj);
2174 attr.event_handler = ib_uverbs_qp_event_handler;
2175 attr.qp_context = file;
2176 attr.qp_num = cmd.qpn;
2177 attr.qp_type = cmd.qp_type;
2179 obj->uevent.events_reported = 0;
2180 INIT_LIST_HEAD(&obj->uevent.event_list);
2181 INIT_LIST_HEAD(&obj->mcast_list);
2183 qp = ib_open_qp(xrcd, &attr);
2189 qp->uobject = &obj->uevent.uobject;
2191 obj->uevent.uobject.object = qp;
2192 ret = idr_add_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
2196 memset(&resp, 0, sizeof resp);
2197 resp.qpn = qp->qp_num;
2198 resp.qp_handle = obj->uevent.uobject.id;
2200 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2201 &resp, sizeof resp)) {
2206 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object, uobject);
2207 atomic_inc(&obj->uxrcd->refcnt);
2208 put_xrcd_read(xrcd_uobj);
2210 mutex_lock(&file->mutex);
2211 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->qp_list);
2212 mutex_unlock(&file->mutex);
2214 obj->uevent.uobject.live = 1;
2216 up_write(&obj->uevent.uobject.mutex);
2221 idr_remove_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
2227 put_xrcd_read(xrcd_uobj);
2228 put_uobj_write(&obj->uevent.uobject);
2232 ssize_t ib_uverbs_query_qp(struct ib_uverbs_file *file,
2233 struct ib_device *ib_dev,
2234 const char __user *buf, int in_len,
2237 struct ib_uverbs_query_qp cmd;
2238 struct ib_uverbs_query_qp_resp resp;
2240 struct ib_qp_attr *attr;
2241 struct ib_qp_init_attr *init_attr;
2244 if (copy_from_user(&cmd, buf, sizeof cmd))
2247 attr = kmalloc(sizeof *attr, GFP_KERNEL);
2248 init_attr = kmalloc(sizeof *init_attr, GFP_KERNEL);
2249 if (!attr || !init_attr) {
2254 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2260 ret = ib_query_qp(qp, attr, cmd.attr_mask, init_attr);
2267 memset(&resp, 0, sizeof resp);
2269 resp.qp_state = attr->qp_state;
2270 resp.cur_qp_state = attr->cur_qp_state;
2271 resp.path_mtu = attr->path_mtu;
2272 resp.path_mig_state = attr->path_mig_state;
2273 resp.qkey = attr->qkey;
2274 resp.rq_psn = attr->rq_psn;
2275 resp.sq_psn = attr->sq_psn;
2276 resp.dest_qp_num = attr->dest_qp_num;
2277 resp.qp_access_flags = attr->qp_access_flags;
2278 resp.pkey_index = attr->pkey_index;
2279 resp.alt_pkey_index = attr->alt_pkey_index;
2280 resp.sq_draining = attr->sq_draining;
2281 resp.max_rd_atomic = attr->max_rd_atomic;
2282 resp.max_dest_rd_atomic = attr->max_dest_rd_atomic;
2283 resp.min_rnr_timer = attr->min_rnr_timer;
2284 resp.port_num = attr->port_num;
2285 resp.timeout = attr->timeout;
2286 resp.retry_cnt = attr->retry_cnt;
2287 resp.rnr_retry = attr->rnr_retry;
2288 resp.alt_port_num = attr->alt_port_num;
2289 resp.alt_timeout = attr->alt_timeout;
2291 memcpy(resp.dest.dgid, attr->ah_attr.grh.dgid.raw, 16);
2292 resp.dest.flow_label = attr->ah_attr.grh.flow_label;
2293 resp.dest.sgid_index = attr->ah_attr.grh.sgid_index;
2294 resp.dest.hop_limit = attr->ah_attr.grh.hop_limit;
2295 resp.dest.traffic_class = attr->ah_attr.grh.traffic_class;
2296 resp.dest.dlid = attr->ah_attr.dlid;
2297 resp.dest.sl = attr->ah_attr.sl;
2298 resp.dest.src_path_bits = attr->ah_attr.src_path_bits;
2299 resp.dest.static_rate = attr->ah_attr.static_rate;
2300 resp.dest.is_global = !!(attr->ah_attr.ah_flags & IB_AH_GRH);
2301 resp.dest.port_num = attr->ah_attr.port_num;
2303 memcpy(resp.alt_dest.dgid, attr->alt_ah_attr.grh.dgid.raw, 16);
2304 resp.alt_dest.flow_label = attr->alt_ah_attr.grh.flow_label;
2305 resp.alt_dest.sgid_index = attr->alt_ah_attr.grh.sgid_index;
2306 resp.alt_dest.hop_limit = attr->alt_ah_attr.grh.hop_limit;
2307 resp.alt_dest.traffic_class = attr->alt_ah_attr.grh.traffic_class;
2308 resp.alt_dest.dlid = attr->alt_ah_attr.dlid;
2309 resp.alt_dest.sl = attr->alt_ah_attr.sl;
2310 resp.alt_dest.src_path_bits = attr->alt_ah_attr.src_path_bits;
2311 resp.alt_dest.static_rate = attr->alt_ah_attr.static_rate;
2312 resp.alt_dest.is_global = !!(attr->alt_ah_attr.ah_flags & IB_AH_GRH);
2313 resp.alt_dest.port_num = attr->alt_ah_attr.port_num;
2315 resp.max_send_wr = init_attr->cap.max_send_wr;
2316 resp.max_recv_wr = init_attr->cap.max_recv_wr;
2317 resp.max_send_sge = init_attr->cap.max_send_sge;
2318 resp.max_recv_sge = init_attr->cap.max_recv_sge;
2319 resp.max_inline_data = init_attr->cap.max_inline_data;
2320 resp.sq_sig_all = init_attr->sq_sig_type == IB_SIGNAL_ALL_WR;
2322 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2323 &resp, sizeof resp))
2330 return ret ? ret : in_len;
2333 /* Remove ignored fields set in the attribute mask */
2334 static int modify_qp_mask(enum ib_qp_type qp_type, int mask)
2337 case IB_QPT_XRC_INI:
2338 return mask & ~(IB_QP_MAX_DEST_RD_ATOMIC | IB_QP_MIN_RNR_TIMER);
2339 case IB_QPT_XRC_TGT:
2340 return mask & ~(IB_QP_MAX_QP_RD_ATOMIC | IB_QP_RETRY_CNT |
2347 ssize_t ib_uverbs_modify_qp(struct ib_uverbs_file *file,
2348 struct ib_device *ib_dev,
2349 const char __user *buf, int in_len,
2352 struct ib_uverbs_modify_qp cmd;
2353 struct ib_udata udata;
2355 struct ib_qp_attr *attr;
2358 if (copy_from_user(&cmd, buf, sizeof cmd))
2361 INIT_UDATA(&udata, buf + sizeof cmd, NULL, in_len - sizeof cmd,
2364 attr = kmalloc(sizeof *attr, GFP_KERNEL);
2368 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2374 if ((cmd.attr_mask & IB_QP_PORT) &&
2375 !rdma_is_port_valid(qp->device, cmd.port_num)) {
2380 if ((cmd.attr_mask & IB_QP_AV) &&
2381 !rdma_is_port_valid(qp->device, cmd.dest.port_num)) {
2386 if ((cmd.attr_mask & IB_QP_ALT_PATH) &&
2387 (!rdma_is_port_valid(qp->device, cmd.alt_port_num) ||
2388 !rdma_is_port_valid(qp->device, cmd.alt_dest.port_num))) {
2393 attr->qp_state = cmd.qp_state;
2394 attr->cur_qp_state = cmd.cur_qp_state;
2395 attr->path_mtu = cmd.path_mtu;
2396 attr->path_mig_state = cmd.path_mig_state;
2397 attr->qkey = cmd.qkey;
2398 attr->rq_psn = cmd.rq_psn;
2399 attr->sq_psn = cmd.sq_psn;
2400 attr->dest_qp_num = cmd.dest_qp_num;
2401 attr->qp_access_flags = cmd.qp_access_flags;
2402 attr->pkey_index = cmd.pkey_index;
2403 attr->alt_pkey_index = cmd.alt_pkey_index;
2404 attr->en_sqd_async_notify = cmd.en_sqd_async_notify;
2405 attr->max_rd_atomic = cmd.max_rd_atomic;
2406 attr->max_dest_rd_atomic = cmd.max_dest_rd_atomic;
2407 attr->min_rnr_timer = cmd.min_rnr_timer;
2408 attr->port_num = cmd.port_num;
2409 attr->timeout = cmd.timeout;
2410 attr->retry_cnt = cmd.retry_cnt;
2411 attr->rnr_retry = cmd.rnr_retry;
2412 attr->alt_port_num = cmd.alt_port_num;
2413 attr->alt_timeout = cmd.alt_timeout;
2415 memcpy(attr->ah_attr.grh.dgid.raw, cmd.dest.dgid, 16);
2416 attr->ah_attr.grh.flow_label = cmd.dest.flow_label;
2417 attr->ah_attr.grh.sgid_index = cmd.dest.sgid_index;
2418 attr->ah_attr.grh.hop_limit = cmd.dest.hop_limit;
2419 attr->ah_attr.grh.traffic_class = cmd.dest.traffic_class;
2420 attr->ah_attr.dlid = cmd.dest.dlid;
2421 attr->ah_attr.sl = cmd.dest.sl;
2422 attr->ah_attr.src_path_bits = cmd.dest.src_path_bits;
2423 attr->ah_attr.static_rate = cmd.dest.static_rate;
2424 attr->ah_attr.ah_flags = cmd.dest.is_global ? IB_AH_GRH : 0;
2425 attr->ah_attr.port_num = cmd.dest.port_num;
2427 memcpy(attr->alt_ah_attr.grh.dgid.raw, cmd.alt_dest.dgid, 16);
2428 attr->alt_ah_attr.grh.flow_label = cmd.alt_dest.flow_label;
2429 attr->alt_ah_attr.grh.sgid_index = cmd.alt_dest.sgid_index;
2430 attr->alt_ah_attr.grh.hop_limit = cmd.alt_dest.hop_limit;
2431 attr->alt_ah_attr.grh.traffic_class = cmd.alt_dest.traffic_class;
2432 attr->alt_ah_attr.dlid = cmd.alt_dest.dlid;
2433 attr->alt_ah_attr.sl = cmd.alt_dest.sl;
2434 attr->alt_ah_attr.src_path_bits = cmd.alt_dest.src_path_bits;
2435 attr->alt_ah_attr.static_rate = cmd.alt_dest.static_rate;
2436 attr->alt_ah_attr.ah_flags = cmd.alt_dest.is_global ? IB_AH_GRH : 0;
2437 attr->alt_ah_attr.port_num = cmd.alt_dest.port_num;
2439 if (qp->real_qp == qp) {
2440 if (cmd.attr_mask & IB_QP_AV) {
2441 ret = ib_resolve_eth_dmac(qp->device, &attr->ah_attr);
2445 ret = qp->device->modify_qp(qp, attr,
2446 modify_qp_mask(qp->qp_type, cmd.attr_mask), &udata);
2448 ret = ib_modify_qp(qp, attr, modify_qp_mask(qp->qp_type, cmd.attr_mask));
2465 ssize_t ib_uverbs_destroy_qp(struct ib_uverbs_file *file,
2466 struct ib_device *ib_dev,
2467 const char __user *buf, int in_len,
2470 struct ib_uverbs_destroy_qp cmd;
2471 struct ib_uverbs_destroy_qp_resp resp;
2472 struct ib_uobject *uobj;
2474 struct ib_uqp_object *obj;
2477 if (copy_from_user(&cmd, buf, sizeof cmd))
2480 memset(&resp, 0, sizeof resp);
2482 uobj = idr_write_uobj(&ib_uverbs_qp_idr, cmd.qp_handle, file->ucontext);
2486 obj = container_of(uobj, struct ib_uqp_object, uevent.uobject);
2488 if (!list_empty(&obj->mcast_list)) {
2489 put_uobj_write(uobj);
2493 ret = ib_destroy_qp(qp);
2497 put_uobj_write(uobj);
2503 atomic_dec(&obj->uxrcd->refcnt);
2505 idr_remove_uobj(&ib_uverbs_qp_idr, uobj);
2507 mutex_lock(&file->mutex);
2508 list_del(&uobj->list);
2509 mutex_unlock(&file->mutex);
2511 ib_uverbs_release_uevent(file, &obj->uevent);
2513 resp.events_reported = obj->uevent.events_reported;
2517 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2518 &resp, sizeof resp))
2524 static void *alloc_wr(size_t wr_size, __u32 num_sge)
2526 return kmalloc(ALIGN(wr_size, sizeof (struct ib_sge)) +
2527 num_sge * sizeof (struct ib_sge), GFP_KERNEL);
2530 ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
2531 struct ib_device *ib_dev,
2532 const char __user *buf, int in_len,
2535 struct ib_uverbs_post_send cmd;
2536 struct ib_uverbs_post_send_resp resp;
2537 struct ib_uverbs_send_wr *user_wr;
2538 struct ib_send_wr *wr = NULL, *last, *next, *bad_wr;
2542 ssize_t ret = -EINVAL;
2545 if (copy_from_user(&cmd, buf, sizeof cmd))
2548 if (in_len < sizeof cmd + cmd.wqe_size * cmd.wr_count +
2549 cmd.sge_count * sizeof (struct ib_uverbs_sge))
2552 if (cmd.wqe_size < sizeof (struct ib_uverbs_send_wr))
2555 user_wr = kmalloc(cmd.wqe_size, GFP_KERNEL);
2559 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2563 is_ud = qp->qp_type == IB_QPT_UD;
2566 for (i = 0; i < cmd.wr_count; ++i) {
2567 if (copy_from_user(user_wr,
2568 buf + sizeof cmd + i * cmd.wqe_size,
2574 if (user_wr->num_sge + sg_ind > cmd.sge_count) {
2580 struct ib_ud_wr *ud;
2582 if (user_wr->opcode != IB_WR_SEND &&
2583 user_wr->opcode != IB_WR_SEND_WITH_IMM) {
2588 next_size = sizeof(*ud);
2589 ud = alloc_wr(next_size, user_wr->num_sge);
2595 ud->ah = idr_read_ah(user_wr->wr.ud.ah, file->ucontext);
2601 ud->remote_qpn = user_wr->wr.ud.remote_qpn;
2602 ud->remote_qkey = user_wr->wr.ud.remote_qkey;
2605 } else if (user_wr->opcode == IB_WR_RDMA_WRITE_WITH_IMM ||
2606 user_wr->opcode == IB_WR_RDMA_WRITE ||
2607 user_wr->opcode == IB_WR_RDMA_READ) {
2608 struct ib_rdma_wr *rdma;
2610 next_size = sizeof(*rdma);
2611 rdma = alloc_wr(next_size, user_wr->num_sge);
2617 rdma->remote_addr = user_wr->wr.rdma.remote_addr;
2618 rdma->rkey = user_wr->wr.rdma.rkey;
2621 } else if (user_wr->opcode == IB_WR_ATOMIC_CMP_AND_SWP ||
2622 user_wr->opcode == IB_WR_ATOMIC_FETCH_AND_ADD) {
2623 struct ib_atomic_wr *atomic;
2625 next_size = sizeof(*atomic);
2626 atomic = alloc_wr(next_size, user_wr->num_sge);
2632 atomic->remote_addr = user_wr->wr.atomic.remote_addr;
2633 atomic->compare_add = user_wr->wr.atomic.compare_add;
2634 atomic->swap = user_wr->wr.atomic.swap;
2635 atomic->rkey = user_wr->wr.atomic.rkey;
2638 } else if (user_wr->opcode == IB_WR_SEND ||
2639 user_wr->opcode == IB_WR_SEND_WITH_IMM ||
2640 user_wr->opcode == IB_WR_SEND_WITH_INV) {
2641 next_size = sizeof(*next);
2642 next = alloc_wr(next_size, user_wr->num_sge);
2652 if (user_wr->opcode == IB_WR_SEND_WITH_IMM ||
2653 user_wr->opcode == IB_WR_RDMA_WRITE_WITH_IMM) {
2655 (__be32 __force) user_wr->ex.imm_data;
2656 } else if (user_wr->opcode == IB_WR_SEND_WITH_INV) {
2657 next->ex.invalidate_rkey = user_wr->ex.invalidate_rkey;
2667 next->wr_id = user_wr->wr_id;
2668 next->num_sge = user_wr->num_sge;
2669 next->opcode = user_wr->opcode;
2670 next->send_flags = user_wr->send_flags;
2672 if (next->num_sge) {
2673 next->sg_list = (void *)((char *)next +
2674 ALIGN(next_size, sizeof(struct ib_sge)));
2675 if (copy_from_user(next->sg_list,
2676 (const char *)buf + sizeof cmd +
2677 cmd.wr_count * cmd.wqe_size +
2678 sg_ind * sizeof (struct ib_sge),
2679 next->num_sge * sizeof (struct ib_sge))) {
2683 sg_ind += next->num_sge;
2685 next->sg_list = NULL;
2689 ret = qp->device->post_send(qp->real_qp, wr, &bad_wr);
2691 for (next = wr; next; next = next->next) {
2697 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2698 &resp, sizeof resp))
2705 if (is_ud && ud_wr(wr)->ah)
2706 put_ah_read(ud_wr(wr)->ah);
2715 return ret ? ret : in_len;
2718 static struct ib_recv_wr *ib_uverbs_unmarshall_recv(const char __user *buf,
2724 struct ib_uverbs_recv_wr *user_wr;
2725 struct ib_recv_wr *wr = NULL, *last, *next;
2730 if (in_len < wqe_size * wr_count +
2731 sge_count * sizeof (struct ib_uverbs_sge))
2732 return ERR_PTR(-EINVAL);
2734 if (wqe_size < sizeof (struct ib_uverbs_recv_wr))
2735 return ERR_PTR(-EINVAL);
2737 user_wr = kmalloc(wqe_size, GFP_KERNEL);
2739 return ERR_PTR(-ENOMEM);
2743 for (i = 0; i < wr_count; ++i) {
2744 if (copy_from_user(user_wr, buf + i * wqe_size,
2750 if (user_wr->num_sge + sg_ind > sge_count) {
2755 next = kmalloc(ALIGN(sizeof *next, sizeof (struct ib_sge)) +
2756 user_wr->num_sge * sizeof (struct ib_sge),
2770 next->wr_id = user_wr->wr_id;
2771 next->num_sge = user_wr->num_sge;
2773 if (next->num_sge) {
2774 next->sg_list = (void *)((char *)next +
2775 ALIGN(sizeof *next, sizeof (struct ib_sge)));
2776 if (copy_from_user(next->sg_list,
2777 (const char *)buf + wr_count * wqe_size +
2778 sg_ind * sizeof (struct ib_sge),
2779 next->num_sge * sizeof (struct ib_sge))) {
2783 sg_ind += next->num_sge;
2785 next->sg_list = NULL;
2800 return ERR_PTR(ret);
2803 ssize_t ib_uverbs_post_recv(struct ib_uverbs_file *file,
2804 struct ib_device *ib_dev,
2805 const char __user *buf, int in_len,
2808 struct ib_uverbs_post_recv cmd;
2809 struct ib_uverbs_post_recv_resp resp;
2810 struct ib_recv_wr *wr, *next, *bad_wr;
2812 ssize_t ret = -EINVAL;
2814 if (copy_from_user(&cmd, buf, sizeof cmd))
2817 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd,
2818 in_len - sizeof cmd, cmd.wr_count,
2819 cmd.sge_count, cmd.wqe_size);
2823 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2828 ret = qp->device->post_recv(qp->real_qp, wr, &bad_wr);
2833 for (next = wr; next; next = next->next) {
2839 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2840 &resp, sizeof resp))
2850 return ret ? ret : in_len;
2853 ssize_t ib_uverbs_post_srq_recv(struct ib_uverbs_file *file,
2854 struct ib_device *ib_dev,
2855 const char __user *buf, int in_len,
2858 struct ib_uverbs_post_srq_recv cmd;
2859 struct ib_uverbs_post_srq_recv_resp resp;
2860 struct ib_recv_wr *wr, *next, *bad_wr;
2862 ssize_t ret = -EINVAL;
2864 if (copy_from_user(&cmd, buf, sizeof cmd))
2867 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd,
2868 in_len - sizeof cmd, cmd.wr_count,
2869 cmd.sge_count, cmd.wqe_size);
2873 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
2878 ret = srq->device->post_srq_recv(srq, wr, &bad_wr);
2883 for (next = wr; next; next = next->next) {
2889 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2890 &resp, sizeof resp))
2900 return ret ? ret : in_len;
2903 ssize_t ib_uverbs_create_ah(struct ib_uverbs_file *file,
2904 struct ib_device *ib_dev,
2905 const char __user *buf, int in_len,
2908 struct ib_uverbs_create_ah cmd;
2909 struct ib_uverbs_create_ah_resp resp;
2910 struct ib_uobject *uobj;
2913 struct ib_ah_attr attr;
2915 struct ib_udata udata;
2917 if (out_len < sizeof resp)
2920 if (copy_from_user(&cmd, buf, sizeof cmd))
2923 if (!rdma_is_port_valid(ib_dev, cmd.attr.port_num))
2926 INIT_UDATA(&udata, buf + sizeof(cmd),
2927 (unsigned long)cmd.response + sizeof(resp),
2928 in_len - sizeof(cmd), out_len - sizeof(resp));
2930 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
2934 init_uobj(uobj, cmd.user_handle, file->ucontext, &ah_lock_class);
2935 down_write(&uobj->mutex);
2937 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
2943 attr.dlid = cmd.attr.dlid;
2944 attr.sl = cmd.attr.sl;
2945 attr.src_path_bits = cmd.attr.src_path_bits;
2946 attr.static_rate = cmd.attr.static_rate;
2947 attr.ah_flags = cmd.attr.is_global ? IB_AH_GRH : 0;
2948 attr.port_num = cmd.attr.port_num;
2949 attr.grh.flow_label = cmd.attr.grh.flow_label;
2950 attr.grh.sgid_index = cmd.attr.grh.sgid_index;
2951 attr.grh.hop_limit = cmd.attr.grh.hop_limit;
2952 attr.grh.traffic_class = cmd.attr.grh.traffic_class;
2953 memset(&attr.dmac, 0, sizeof(attr.dmac));
2954 memcpy(attr.grh.dgid.raw, cmd.attr.grh.dgid, 16);
2956 ah = pd->device->create_ah(pd, &attr, &udata);
2963 ah->device = pd->device;
2965 atomic_inc(&pd->usecnt);
2969 ret = idr_add_uobj(&ib_uverbs_ah_idr, uobj);
2973 resp.ah_handle = uobj->id;
2975 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2976 &resp, sizeof resp)) {
2983 mutex_lock(&file->mutex);
2984 list_add_tail(&uobj->list, &file->ucontext->ah_list);
2985 mutex_unlock(&file->mutex);
2989 up_write(&uobj->mutex);
2994 idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
3003 put_uobj_write(uobj);
3007 ssize_t ib_uverbs_destroy_ah(struct ib_uverbs_file *file,
3008 struct ib_device *ib_dev,
3009 const char __user *buf, int in_len, int out_len)
3011 struct ib_uverbs_destroy_ah cmd;
3013 struct ib_uobject *uobj;
3016 if (copy_from_user(&cmd, buf, sizeof cmd))
3019 uobj = idr_write_uobj(&ib_uverbs_ah_idr, cmd.ah_handle, file->ucontext);
3024 ret = ib_destroy_ah(ah);
3028 put_uobj_write(uobj);
3033 idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
3035 mutex_lock(&file->mutex);
3036 list_del(&uobj->list);
3037 mutex_unlock(&file->mutex);
3044 ssize_t ib_uverbs_attach_mcast(struct ib_uverbs_file *file,
3045 struct ib_device *ib_dev,
3046 const char __user *buf, int in_len,
3049 struct ib_uverbs_attach_mcast cmd;
3051 struct ib_uqp_object *obj;
3052 struct ib_uverbs_mcast_entry *mcast;
3055 if (copy_from_user(&cmd, buf, sizeof cmd))
3058 qp = idr_write_qp(cmd.qp_handle, file->ucontext);
3062 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
3064 mutex_lock(&obj->mcast_lock);
3065 list_for_each_entry(mcast, &obj->mcast_list, list)
3066 if (cmd.mlid == mcast->lid &&
3067 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
3072 mcast = kmalloc(sizeof *mcast, GFP_KERNEL);
3078 mcast->lid = cmd.mlid;
3079 memcpy(mcast->gid.raw, cmd.gid, sizeof mcast->gid.raw);
3081 ret = ib_attach_mcast(qp, &mcast->gid, cmd.mlid);
3083 list_add_tail(&mcast->list, &obj->mcast_list);
3088 mutex_unlock(&obj->mcast_lock);
3091 return ret ? ret : in_len;
3094 ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *file,
3095 struct ib_device *ib_dev,
3096 const char __user *buf, int in_len,
3099 struct ib_uverbs_detach_mcast cmd;
3100 struct ib_uqp_object *obj;
3102 struct ib_uverbs_mcast_entry *mcast;
3106 if (copy_from_user(&cmd, buf, sizeof cmd))
3109 qp = idr_write_qp(cmd.qp_handle, file->ucontext);
3113 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
3114 mutex_lock(&obj->mcast_lock);
3116 list_for_each_entry(mcast, &obj->mcast_list, list)
3117 if (cmd.mlid == mcast->lid &&
3118 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
3119 list_del(&mcast->list);
3130 ret = ib_detach_mcast(qp, (union ib_gid *)cmd.gid, cmd.mlid);
3133 mutex_unlock(&obj->mcast_lock);
3136 return ret ? ret : in_len;
3139 static size_t kern_spec_filter_sz(struct ib_uverbs_flow_spec_hdr *spec)
3141 /* Returns user space filter size, includes padding */
3142 return (spec->size - sizeof(struct ib_uverbs_flow_spec_hdr)) / 2;
3145 static ssize_t spec_filter_size(void *kern_spec_filter, u16 kern_filter_size,
3146 u16 ib_real_filter_sz)
3149 * User space filter structures must be 64 bit aligned, otherwise this
3150 * may pass, but we won't handle additional new attributes.
3153 if (kern_filter_size > ib_real_filter_sz) {
3154 if (memchr_inv((char *)kern_spec_filter +
3155 ib_real_filter_sz, 0,
3156 kern_filter_size - ib_real_filter_sz))
3158 return ib_real_filter_sz;
3160 return kern_filter_size;
3163 static int kern_spec_to_ib_spec(struct ib_uverbs_flow_spec *kern_spec,
3164 union ib_flow_spec *ib_spec)
3166 ssize_t actual_filter_sz;
3167 ssize_t kern_filter_sz;
3168 ssize_t ib_filter_sz;
3169 void *kern_spec_mask;
3170 void *kern_spec_val;
3172 if (kern_spec->reserved)
3175 ib_spec->type = kern_spec->type;
3177 kern_filter_sz = kern_spec_filter_sz(&kern_spec->hdr);
3178 /* User flow spec size must be aligned to 4 bytes */
3179 if (kern_filter_sz != ALIGN(kern_filter_sz, 4))
3182 kern_spec_val = (char *)kern_spec +
3183 sizeof(struct ib_uverbs_flow_spec_hdr);
3184 kern_spec_mask = (char *)kern_spec_val + kern_filter_sz;
3186 switch (ib_spec->type) {
3187 case IB_FLOW_SPEC_ETH:
3188 ib_filter_sz = offsetof(struct ib_flow_eth_filter, real_sz);
3189 actual_filter_sz = spec_filter_size(kern_spec_mask,
3192 if (actual_filter_sz <= 0)
3194 ib_spec->size = sizeof(struct ib_flow_spec_eth);
3195 memcpy(&ib_spec->eth.val, kern_spec_val, actual_filter_sz);
3196 memcpy(&ib_spec->eth.mask, kern_spec_mask, actual_filter_sz);
3198 case IB_FLOW_SPEC_IPV4:
3199 ib_filter_sz = offsetof(struct ib_flow_ipv4_filter, real_sz);
3200 actual_filter_sz = spec_filter_size(kern_spec_mask,
3203 if (actual_filter_sz <= 0)
3205 ib_spec->size = sizeof(struct ib_flow_spec_ipv4);
3206 memcpy(&ib_spec->ipv4.val, kern_spec_val, actual_filter_sz);
3207 memcpy(&ib_spec->ipv4.mask, kern_spec_mask, actual_filter_sz);
3209 case IB_FLOW_SPEC_IPV6:
3210 ib_filter_sz = offsetof(struct ib_flow_ipv6_filter, real_sz);
3211 actual_filter_sz = spec_filter_size(kern_spec_mask,
3214 if (actual_filter_sz <= 0)
3216 ib_spec->size = sizeof(struct ib_flow_spec_ipv6);
3217 memcpy(&ib_spec->ipv6.val, kern_spec_val, actual_filter_sz);
3218 memcpy(&ib_spec->ipv6.mask, kern_spec_mask, actual_filter_sz);
3220 if ((ntohl(ib_spec->ipv6.mask.flow_label)) >= BIT(20) ||
3221 (ntohl(ib_spec->ipv6.val.flow_label)) >= BIT(20))
3224 case IB_FLOW_SPEC_TCP:
3225 case IB_FLOW_SPEC_UDP:
3226 ib_filter_sz = offsetof(struct ib_flow_tcp_udp_filter, real_sz);
3227 actual_filter_sz = spec_filter_size(kern_spec_mask,
3230 if (actual_filter_sz <= 0)
3232 ib_spec->size = sizeof(struct ib_flow_spec_tcp_udp);
3233 memcpy(&ib_spec->tcp_udp.val, kern_spec_val, actual_filter_sz);
3234 memcpy(&ib_spec->tcp_udp.mask, kern_spec_mask, actual_filter_sz);
3242 int ib_uverbs_ex_create_wq(struct ib_uverbs_file *file,
3243 struct ib_device *ib_dev,
3244 struct ib_udata *ucore,
3245 struct ib_udata *uhw)
3247 struct ib_uverbs_ex_create_wq cmd = {};
3248 struct ib_uverbs_ex_create_wq_resp resp = {};
3249 struct ib_uwq_object *obj;
3254 struct ib_wq_init_attr wq_init_attr = {};
3255 size_t required_cmd_sz;
3256 size_t required_resp_len;
3258 required_cmd_sz = offsetof(typeof(cmd), max_sge) + sizeof(cmd.max_sge);
3259 required_resp_len = offsetof(typeof(resp), wqn) + sizeof(resp.wqn);
3261 if (ucore->inlen < required_cmd_sz)
3264 if (ucore->outlen < required_resp_len)
3267 if (ucore->inlen > sizeof(cmd) &&
3268 !ib_is_udata_cleared(ucore, sizeof(cmd),
3269 ucore->inlen - sizeof(cmd)))
3272 err = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen));
3279 obj = kmalloc(sizeof(*obj), GFP_KERNEL);
3283 init_uobj(&obj->uevent.uobject, cmd.user_handle, file->ucontext,
3285 down_write(&obj->uevent.uobject.mutex);
3286 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
3292 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
3298 wq_init_attr.cq = cq;
3299 wq_init_attr.max_sge = cmd.max_sge;
3300 wq_init_attr.max_wr = cmd.max_wr;
3301 wq_init_attr.wq_context = file;
3302 wq_init_attr.wq_type = cmd.wq_type;
3303 wq_init_attr.event_handler = ib_uverbs_wq_event_handler;
3304 obj->uevent.events_reported = 0;
3305 INIT_LIST_HEAD(&obj->uevent.event_list);
3306 wq = pd->device->create_wq(pd, &wq_init_attr, uhw);
3312 wq->uobject = &obj->uevent.uobject;
3313 obj->uevent.uobject.object = wq;
3314 wq->wq_type = wq_init_attr.wq_type;
3317 wq->device = pd->device;
3318 wq->wq_context = wq_init_attr.wq_context;
3319 atomic_set(&wq->usecnt, 0);
3320 atomic_inc(&pd->usecnt);
3321 atomic_inc(&cq->usecnt);
3322 wq->uobject = &obj->uevent.uobject;
3323 obj->uevent.uobject.object = wq;
3324 err = idr_add_uobj(&ib_uverbs_wq_idr, &obj->uevent.uobject);
3328 memset(&resp, 0, sizeof(resp));
3329 resp.wq_handle = obj->uevent.uobject.id;
3330 resp.max_sge = wq_init_attr.max_sge;
3331 resp.max_wr = wq_init_attr.max_wr;
3332 resp.wqn = wq->wq_num;
3333 resp.response_length = required_resp_len;
3334 err = ib_copy_to_udata(ucore,
3335 &resp, resp.response_length);
3342 mutex_lock(&file->mutex);
3343 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->wq_list);
3344 mutex_unlock(&file->mutex);
3346 obj->uevent.uobject.live = 1;
3347 up_write(&obj->uevent.uobject.mutex);
3351 idr_remove_uobj(&ib_uverbs_wq_idr, &obj->uevent.uobject);
3359 put_uobj_write(&obj->uevent.uobject);
3364 int ib_uverbs_ex_destroy_wq(struct ib_uverbs_file *file,
3365 struct ib_device *ib_dev,
3366 struct ib_udata *ucore,
3367 struct ib_udata *uhw)
3369 struct ib_uverbs_ex_destroy_wq cmd = {};
3370 struct ib_uverbs_ex_destroy_wq_resp resp = {};
3372 struct ib_uobject *uobj;
3373 struct ib_uwq_object *obj;
3374 size_t required_cmd_sz;
3375 size_t required_resp_len;
3378 required_cmd_sz = offsetof(typeof(cmd), wq_handle) + sizeof(cmd.wq_handle);
3379 required_resp_len = offsetof(typeof(resp), reserved) + sizeof(resp.reserved);
3381 if (ucore->inlen < required_cmd_sz)
3384 if (ucore->outlen < required_resp_len)
3387 if (ucore->inlen > sizeof(cmd) &&
3388 !ib_is_udata_cleared(ucore, sizeof(cmd),
3389 ucore->inlen - sizeof(cmd)))
3392 ret = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen));
3399 resp.response_length = required_resp_len;
3400 uobj = idr_write_uobj(&ib_uverbs_wq_idr, cmd.wq_handle,
3406 obj = container_of(uobj, struct ib_uwq_object, uevent.uobject);
3407 ret = ib_destroy_wq(wq);
3411 put_uobj_write(uobj);
3415 idr_remove_uobj(&ib_uverbs_wq_idr, uobj);
3417 mutex_lock(&file->mutex);
3418 list_del(&uobj->list);
3419 mutex_unlock(&file->mutex);
3421 ib_uverbs_release_uevent(file, &obj->uevent);
3422 resp.events_reported = obj->uevent.events_reported;
3425 ret = ib_copy_to_udata(ucore, &resp, resp.response_length);
3432 int ib_uverbs_ex_modify_wq(struct ib_uverbs_file *file,
3433 struct ib_device *ib_dev,
3434 struct ib_udata *ucore,
3435 struct ib_udata *uhw)
3437 struct ib_uverbs_ex_modify_wq cmd = {};
3439 struct ib_wq_attr wq_attr = {};
3440 size_t required_cmd_sz;
3443 required_cmd_sz = offsetof(typeof(cmd), curr_wq_state) + sizeof(cmd.curr_wq_state);
3444 if (ucore->inlen < required_cmd_sz)
3447 if (ucore->inlen > sizeof(cmd) &&
3448 !ib_is_udata_cleared(ucore, sizeof(cmd),
3449 ucore->inlen - sizeof(cmd)))
3452 ret = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen));
3459 if (cmd.attr_mask > (IB_WQ_STATE | IB_WQ_CUR_STATE))
3462 wq = idr_read_wq(cmd.wq_handle, file->ucontext);
3466 wq_attr.curr_wq_state = cmd.curr_wq_state;
3467 wq_attr.wq_state = cmd.wq_state;
3468 ret = wq->device->modify_wq(wq, &wq_attr, cmd.attr_mask, uhw);
3473 int ib_uverbs_ex_create_rwq_ind_table(struct ib_uverbs_file *file,
3474 struct ib_device *ib_dev,
3475 struct ib_udata *ucore,
3476 struct ib_udata *uhw)
3478 struct ib_uverbs_ex_create_rwq_ind_table cmd = {};
3479 struct ib_uverbs_ex_create_rwq_ind_table_resp resp = {};
3480 struct ib_uobject *uobj;
3482 struct ib_rwq_ind_table_init_attr init_attr = {};
3483 struct ib_rwq_ind_table *rwq_ind_tbl;
3484 struct ib_wq **wqs = NULL;
3485 u32 *wqs_handles = NULL;
3486 struct ib_wq *wq = NULL;
3487 int i, j, num_read_wqs;
3489 u32 expected_in_size;
3490 size_t required_cmd_sz_header;
3491 size_t required_resp_len;
3493 required_cmd_sz_header = offsetof(typeof(cmd), log_ind_tbl_size) + sizeof(cmd.log_ind_tbl_size);
3494 required_resp_len = offsetof(typeof(resp), ind_tbl_num) + sizeof(resp.ind_tbl_num);
3496 if (ucore->inlen < required_cmd_sz_header)
3499 if (ucore->outlen < required_resp_len)
3502 err = ib_copy_from_udata(&cmd, ucore, required_cmd_sz_header);
3506 ucore->inbuf = (const char *)ucore->inbuf + required_cmd_sz_header;
3507 ucore->inlen -= required_cmd_sz_header;
3512 if (cmd.log_ind_tbl_size > IB_USER_VERBS_MAX_LOG_IND_TBL_SIZE)
3515 num_wq_handles = 1 << cmd.log_ind_tbl_size;
3516 expected_in_size = num_wq_handles * sizeof(__u32);
3517 if (num_wq_handles == 1)
3518 /* input size for wq handles is u64 aligned */
3519 expected_in_size += sizeof(__u32);
3521 if (ucore->inlen < expected_in_size)
3524 if (ucore->inlen > expected_in_size &&
3525 !ib_is_udata_cleared(ucore, expected_in_size,
3526 ucore->inlen - expected_in_size))
3529 wqs_handles = kcalloc(num_wq_handles, sizeof(*wqs_handles),
3534 err = ib_copy_from_udata(wqs_handles, ucore,
3535 num_wq_handles * sizeof(__u32));
3539 wqs = kcalloc(num_wq_handles, sizeof(*wqs), GFP_KERNEL);
3545 for (num_read_wqs = 0; num_read_wqs < num_wq_handles;
3547 wq = idr_read_wq(wqs_handles[num_read_wqs], file->ucontext);
3553 wqs[num_read_wqs] = wq;
3556 uobj = kmalloc(sizeof(*uobj), GFP_KERNEL);
3562 init_uobj(uobj, 0, file->ucontext, &rwq_ind_table_lock_class);
3563 down_write(&uobj->mutex);
3564 init_attr.log_ind_tbl_size = cmd.log_ind_tbl_size;
3565 init_attr.ind_tbl = wqs;
3566 rwq_ind_tbl = ib_dev->create_rwq_ind_table(ib_dev, &init_attr, uhw);
3568 if (IS_ERR(rwq_ind_tbl)) {
3569 err = PTR_ERR(rwq_ind_tbl);
3573 rwq_ind_tbl->ind_tbl = wqs;
3574 rwq_ind_tbl->log_ind_tbl_size = init_attr.log_ind_tbl_size;
3575 rwq_ind_tbl->uobject = uobj;
3576 uobj->object = rwq_ind_tbl;
3577 rwq_ind_tbl->device = ib_dev;
3578 atomic_set(&rwq_ind_tbl->usecnt, 0);
3580 for (i = 0; i < num_wq_handles; i++)
3581 atomic_inc(&wqs[i]->usecnt);
3583 err = idr_add_uobj(&ib_uverbs_rwq_ind_tbl_idr, uobj);
3585 goto destroy_ind_tbl;
3587 resp.ind_tbl_handle = uobj->id;
3588 resp.ind_tbl_num = rwq_ind_tbl->ind_tbl_num;
3589 resp.response_length = required_resp_len;
3591 err = ib_copy_to_udata(ucore,
3592 &resp, resp.response_length);
3598 for (j = 0; j < num_read_wqs; j++)
3599 put_wq_read(wqs[j]);
3601 mutex_lock(&file->mutex);
3602 list_add_tail(&uobj->list, &file->ucontext->rwq_ind_tbl_list);
3603 mutex_unlock(&file->mutex);
3607 up_write(&uobj->mutex);
3611 idr_remove_uobj(&ib_uverbs_rwq_ind_tbl_idr, uobj);
3613 ib_destroy_rwq_ind_table(rwq_ind_tbl);
3615 put_uobj_write(uobj);
3617 for (j = 0; j < num_read_wqs; j++)
3618 put_wq_read(wqs[j]);
3625 int ib_uverbs_ex_destroy_rwq_ind_table(struct ib_uverbs_file *file,
3626 struct ib_device *ib_dev,
3627 struct ib_udata *ucore,
3628 struct ib_udata *uhw)
3630 struct ib_uverbs_ex_destroy_rwq_ind_table cmd = {};
3631 struct ib_rwq_ind_table *rwq_ind_tbl;
3632 struct ib_uobject *uobj;
3634 struct ib_wq **ind_tbl;
3635 size_t required_cmd_sz;
3637 required_cmd_sz = offsetof(typeof(cmd), ind_tbl_handle) + sizeof(cmd.ind_tbl_handle);
3639 if (ucore->inlen < required_cmd_sz)
3642 if (ucore->inlen > sizeof(cmd) &&
3643 !ib_is_udata_cleared(ucore, sizeof(cmd),
3644 ucore->inlen - sizeof(cmd)))
3647 ret = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen));
3654 uobj = idr_write_uobj(&ib_uverbs_rwq_ind_tbl_idr, cmd.ind_tbl_handle,
3658 rwq_ind_tbl = uobj->object;
3659 ind_tbl = rwq_ind_tbl->ind_tbl;
3661 ret = ib_destroy_rwq_ind_table(rwq_ind_tbl);
3665 put_uobj_write(uobj);
3670 idr_remove_uobj(&ib_uverbs_rwq_ind_tbl_idr, uobj);
3672 mutex_lock(&file->mutex);
3673 list_del(&uobj->list);
3674 mutex_unlock(&file->mutex);
3681 int ib_uverbs_ex_create_flow(struct ib_uverbs_file *file,
3682 struct ib_device *ib_dev,
3683 struct ib_udata *ucore,
3684 struct ib_udata *uhw)
3686 struct ib_uverbs_create_flow cmd;
3687 struct ib_uverbs_create_flow_resp resp;
3688 struct ib_uobject *uobj;
3689 struct ib_flow *flow_id;
3690 struct ib_uverbs_flow_attr *kern_flow_attr;
3691 struct ib_flow_attr *flow_attr;
3698 if (ucore->inlen < sizeof(cmd))
3701 if (ucore->outlen < sizeof(resp))
3704 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
3708 ucore->inbuf = (const char *)ucore->inbuf + sizeof(cmd);
3709 ucore->inlen -= sizeof(cmd);
3714 if (priv_check(curthread, PRIV_NET_RAW) != 0)
3717 if (cmd.flow_attr.flags >= IB_FLOW_ATTR_FLAGS_RESERVED)
3720 if ((cmd.flow_attr.flags & IB_FLOW_ATTR_FLAGS_DONT_TRAP) &&
3721 ((cmd.flow_attr.type == IB_FLOW_ATTR_ALL_DEFAULT) ||
3722 (cmd.flow_attr.type == IB_FLOW_ATTR_MC_DEFAULT)))
3725 if (cmd.flow_attr.num_of_specs > IB_FLOW_SPEC_SUPPORT_LAYERS)
3728 if (cmd.flow_attr.size > ucore->inlen ||
3729 cmd.flow_attr.size >
3730 (cmd.flow_attr.num_of_specs * sizeof(struct ib_uverbs_flow_spec)))
3733 if (cmd.flow_attr.reserved[0] ||
3734 cmd.flow_attr.reserved[1])
3737 if (cmd.flow_attr.num_of_specs) {
3738 kern_flow_attr = kmalloc(sizeof(*kern_flow_attr) + cmd.flow_attr.size,
3740 if (!kern_flow_attr)
3743 memcpy(kern_flow_attr, &cmd.flow_attr, sizeof(*kern_flow_attr));
3744 err = ib_copy_from_udata(kern_flow_attr + 1, ucore,
3745 cmd.flow_attr.size);
3749 kern_flow_attr = &cmd.flow_attr;
3752 uobj = kmalloc(sizeof(*uobj), GFP_KERNEL);
3757 init_uobj(uobj, 0, file->ucontext, &rule_lock_class);
3758 down_write(&uobj->mutex);
3760 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
3766 flow_attr = kzalloc(sizeof(*flow_attr) + cmd.flow_attr.num_of_specs *
3767 sizeof(union ib_flow_spec), GFP_KERNEL);
3773 flow_attr->type = kern_flow_attr->type;
3774 flow_attr->priority = kern_flow_attr->priority;
3775 flow_attr->num_of_specs = kern_flow_attr->num_of_specs;
3776 flow_attr->port = kern_flow_attr->port;
3777 flow_attr->flags = kern_flow_attr->flags;
3778 flow_attr->size = sizeof(*flow_attr);
3780 kern_spec = kern_flow_attr + 1;
3781 ib_spec = flow_attr + 1;
3782 for (i = 0; i < flow_attr->num_of_specs &&
3783 cmd.flow_attr.size > offsetof(struct ib_uverbs_flow_spec, reserved) &&
3784 cmd.flow_attr.size >=
3785 ((struct ib_uverbs_flow_spec *)kern_spec)->size; i++) {
3786 err = kern_spec_to_ib_spec(kern_spec, ib_spec);
3790 ((union ib_flow_spec *) ib_spec)->size;
3791 cmd.flow_attr.size -= ((struct ib_uverbs_flow_spec *)kern_spec)->size;
3792 kern_spec = (char *)kern_spec + ((struct ib_uverbs_flow_spec *) kern_spec)->size;
3793 ib_spec = (char *)ib_spec + ((union ib_flow_spec *)ib_spec)->size;
3795 if (cmd.flow_attr.size || (i != flow_attr->num_of_specs)) {
3796 pr_warn("create flow failed, flow %d: %d bytes left from uverb cmd\n",
3797 i, cmd.flow_attr.size);
3801 flow_id = ib_create_flow(qp, flow_attr, IB_FLOW_DOMAIN_USER);
3802 if (IS_ERR(flow_id)) {
3803 err = PTR_ERR(flow_id);
3807 flow_id->uobject = uobj;
3808 uobj->object = flow_id;
3810 err = idr_add_uobj(&ib_uverbs_rule_idr, uobj);
3814 memset(&resp, 0, sizeof(resp));
3815 resp.flow_handle = uobj->id;
3817 err = ib_copy_to_udata(ucore,
3818 &resp, sizeof(resp));
3823 mutex_lock(&file->mutex);
3824 list_add_tail(&uobj->list, &file->ucontext->rule_list);
3825 mutex_unlock(&file->mutex);
3829 up_write(&uobj->mutex);
3831 if (cmd.flow_attr.num_of_specs)
3832 kfree(kern_flow_attr);
3835 idr_remove_uobj(&ib_uverbs_rule_idr, uobj);
3837 ib_destroy_flow(flow_id);
3843 put_uobj_write(uobj);
3845 if (cmd.flow_attr.num_of_specs)
3846 kfree(kern_flow_attr);
3850 int ib_uverbs_ex_destroy_flow(struct ib_uverbs_file *file,
3851 struct ib_device *ib_dev,
3852 struct ib_udata *ucore,
3853 struct ib_udata *uhw)
3855 struct ib_uverbs_destroy_flow cmd;
3856 struct ib_flow *flow_id;
3857 struct ib_uobject *uobj;
3860 if (ucore->inlen < sizeof(cmd))
3863 ret = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
3870 uobj = idr_write_uobj(&ib_uverbs_rule_idr, cmd.flow_handle,
3874 flow_id = uobj->object;
3876 ret = ib_destroy_flow(flow_id);
3880 put_uobj_write(uobj);
3882 idr_remove_uobj(&ib_uverbs_rule_idr, uobj);
3884 mutex_lock(&file->mutex);
3885 list_del(&uobj->list);
3886 mutex_unlock(&file->mutex);
3893 static int __uverbs_create_xsrq(struct ib_uverbs_file *file,
3894 struct ib_device *ib_dev,
3895 struct ib_uverbs_create_xsrq *cmd,
3896 struct ib_udata *udata)
3898 struct ib_uverbs_create_srq_resp resp;
3899 struct ib_usrq_object *obj;
3902 struct ib_uobject *uninitialized_var(xrcd_uobj);
3903 struct ib_srq_init_attr attr;
3906 obj = kmalloc(sizeof *obj, GFP_KERNEL);
3910 init_uobj(&obj->uevent.uobject, cmd->user_handle, file->ucontext, &srq_lock_class);
3911 down_write(&obj->uevent.uobject.mutex);
3913 if (cmd->srq_type == IB_SRQT_XRC) {
3914 attr.ext.xrc.xrcd = idr_read_xrcd(cmd->xrcd_handle, file->ucontext, &xrcd_uobj);
3915 if (!attr.ext.xrc.xrcd) {
3920 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object, uobject);
3921 atomic_inc(&obj->uxrcd->refcnt);
3923 attr.ext.xrc.cq = idr_read_cq(cmd->cq_handle, file->ucontext, 0);
3924 if (!attr.ext.xrc.cq) {
3930 pd = idr_read_pd(cmd->pd_handle, file->ucontext);
3936 attr.event_handler = ib_uverbs_srq_event_handler;
3937 attr.srq_context = file;
3938 attr.srq_type = cmd->srq_type;
3939 attr.attr.max_wr = cmd->max_wr;
3940 attr.attr.max_sge = cmd->max_sge;
3941 attr.attr.srq_limit = cmd->srq_limit;
3943 obj->uevent.events_reported = 0;
3944 INIT_LIST_HEAD(&obj->uevent.event_list);
3946 srq = pd->device->create_srq(pd, &attr, udata);
3952 srq->device = pd->device;
3954 srq->srq_type = cmd->srq_type;
3955 srq->uobject = &obj->uevent.uobject;
3956 srq->event_handler = attr.event_handler;
3957 srq->srq_context = attr.srq_context;
3959 if (cmd->srq_type == IB_SRQT_XRC) {
3960 srq->ext.xrc.cq = attr.ext.xrc.cq;
3961 srq->ext.xrc.xrcd = attr.ext.xrc.xrcd;
3962 atomic_inc(&attr.ext.xrc.cq->usecnt);
3963 atomic_inc(&attr.ext.xrc.xrcd->usecnt);
3966 atomic_inc(&pd->usecnt);
3967 atomic_set(&srq->usecnt, 0);
3969 obj->uevent.uobject.object = srq;
3970 ret = idr_add_uobj(&ib_uverbs_srq_idr, &obj->uevent.uobject);
3974 memset(&resp, 0, sizeof resp);
3975 resp.srq_handle = obj->uevent.uobject.id;
3976 resp.max_wr = attr.attr.max_wr;
3977 resp.max_sge = attr.attr.max_sge;
3978 if (cmd->srq_type == IB_SRQT_XRC)
3979 resp.srqn = srq->ext.xrc.srq_num;
3981 if (copy_to_user((void __user *) (unsigned long) cmd->response,
3982 &resp, sizeof resp)) {
3987 if (cmd->srq_type == IB_SRQT_XRC) {
3988 put_uobj_read(xrcd_uobj);
3989 put_cq_read(attr.ext.xrc.cq);
3993 mutex_lock(&file->mutex);
3994 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->srq_list);
3995 mutex_unlock(&file->mutex);
3997 obj->uevent.uobject.live = 1;
3999 up_write(&obj->uevent.uobject.mutex);
4004 idr_remove_uobj(&ib_uverbs_srq_idr, &obj->uevent.uobject);
4007 ib_destroy_srq(srq);
4013 if (cmd->srq_type == IB_SRQT_XRC)
4014 put_cq_read(attr.ext.xrc.cq);
4017 if (cmd->srq_type == IB_SRQT_XRC) {
4018 atomic_dec(&obj->uxrcd->refcnt);
4019 put_uobj_read(xrcd_uobj);
4023 put_uobj_write(&obj->uevent.uobject);
4027 ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file,
4028 struct ib_device *ib_dev,
4029 const char __user *buf, int in_len,
4032 struct ib_uverbs_create_srq cmd;
4033 struct ib_uverbs_create_xsrq xcmd;
4034 struct ib_uverbs_create_srq_resp resp;
4035 struct ib_udata udata;
4038 if (out_len < sizeof resp)
4041 if (copy_from_user(&cmd, buf, sizeof cmd))
4044 xcmd.response = cmd.response;
4045 xcmd.user_handle = cmd.user_handle;
4046 xcmd.srq_type = IB_SRQT_BASIC;
4047 xcmd.pd_handle = cmd.pd_handle;
4048 xcmd.max_wr = cmd.max_wr;
4049 xcmd.max_sge = cmd.max_sge;
4050 xcmd.srq_limit = cmd.srq_limit;
4052 INIT_UDATA(&udata, buf + sizeof cmd,
4053 (unsigned long) cmd.response + sizeof resp,
4054 in_len - sizeof cmd - sizeof(struct ib_uverbs_cmd_hdr),
4055 out_len - sizeof resp);
4057 ret = __uverbs_create_xsrq(file, ib_dev, &xcmd, &udata);
4064 ssize_t ib_uverbs_create_xsrq(struct ib_uverbs_file *file,
4065 struct ib_device *ib_dev,
4066 const char __user *buf, int in_len, int out_len)
4068 struct ib_uverbs_create_xsrq cmd;
4069 struct ib_uverbs_create_srq_resp resp;
4070 struct ib_udata udata;
4073 if (out_len < sizeof resp)
4076 if (copy_from_user(&cmd, buf, sizeof cmd))
4079 INIT_UDATA(&udata, buf + sizeof cmd,
4080 (unsigned long) cmd.response + sizeof resp,
4081 in_len - sizeof cmd - sizeof(struct ib_uverbs_cmd_hdr),
4082 out_len - sizeof resp);
4084 ret = __uverbs_create_xsrq(file, ib_dev, &cmd, &udata);
4091 ssize_t ib_uverbs_modify_srq(struct ib_uverbs_file *file,
4092 struct ib_device *ib_dev,
4093 const char __user *buf, int in_len,
4096 struct ib_uverbs_modify_srq cmd;
4097 struct ib_udata udata;
4099 struct ib_srq_attr attr;
4102 if (copy_from_user(&cmd, buf, sizeof cmd))
4105 INIT_UDATA(&udata, buf + sizeof cmd, NULL, in_len - sizeof cmd,
4108 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
4112 attr.max_wr = cmd.max_wr;
4113 attr.srq_limit = cmd.srq_limit;
4115 ret = srq->device->modify_srq(srq, &attr, cmd.attr_mask, &udata);
4119 return ret ? ret : in_len;
4122 ssize_t ib_uverbs_query_srq(struct ib_uverbs_file *file,
4123 struct ib_device *ib_dev,
4124 const char __user *buf,
4125 int in_len, int out_len)
4127 struct ib_uverbs_query_srq cmd;
4128 struct ib_uverbs_query_srq_resp resp;
4129 struct ib_srq_attr attr;
4133 if (out_len < sizeof resp)
4136 if (copy_from_user(&cmd, buf, sizeof cmd))
4139 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
4143 ret = ib_query_srq(srq, &attr);
4150 memset(&resp, 0, sizeof resp);
4152 resp.max_wr = attr.max_wr;
4153 resp.max_sge = attr.max_sge;
4154 resp.srq_limit = attr.srq_limit;
4156 if (copy_to_user((void __user *) (unsigned long) cmd.response,
4157 &resp, sizeof resp))
4163 ssize_t ib_uverbs_destroy_srq(struct ib_uverbs_file *file,
4164 struct ib_device *ib_dev,
4165 const char __user *buf, int in_len,
4168 struct ib_uverbs_destroy_srq cmd;
4169 struct ib_uverbs_destroy_srq_resp resp;
4170 struct ib_uobject *uobj;
4172 struct ib_uevent_object *obj;
4174 struct ib_usrq_object *us;
4175 enum ib_srq_type srq_type;
4177 if (copy_from_user(&cmd, buf, sizeof cmd))
4180 uobj = idr_write_uobj(&ib_uverbs_srq_idr, cmd.srq_handle, file->ucontext);
4184 obj = container_of(uobj, struct ib_uevent_object, uobject);
4185 srq_type = srq->srq_type;
4187 ret = ib_destroy_srq(srq);
4191 put_uobj_write(uobj);
4196 if (srq_type == IB_SRQT_XRC) {
4197 us = container_of(obj, struct ib_usrq_object, uevent);
4198 atomic_dec(&us->uxrcd->refcnt);
4201 idr_remove_uobj(&ib_uverbs_srq_idr, uobj);
4203 mutex_lock(&file->mutex);
4204 list_del(&uobj->list);
4205 mutex_unlock(&file->mutex);
4207 ib_uverbs_release_uevent(file, obj);
4209 memset(&resp, 0, sizeof resp);
4210 resp.events_reported = obj->events_reported;
4214 if (copy_to_user((void __user *) (unsigned long) cmd.response,
4215 &resp, sizeof resp))
4218 return ret ? ret : in_len;
4221 int ib_uverbs_ex_query_device(struct ib_uverbs_file *file,
4222 struct ib_device *ib_dev,
4223 struct ib_udata *ucore,
4224 struct ib_udata *uhw)
4226 struct ib_uverbs_ex_query_device_resp resp = { {0} };
4227 struct ib_uverbs_ex_query_device cmd;
4228 struct ib_device_attr attr = {0};
4231 if (ucore->inlen < sizeof(cmd))
4234 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
4244 resp.response_length = offsetof(typeof(resp), odp_caps);
4246 if (ucore->outlen < resp.response_length)
4249 err = ib_dev->query_device(ib_dev, &attr, uhw);
4253 copy_query_dev_fields(file, ib_dev, &resp.base, &attr);
4255 if (ucore->outlen < resp.response_length + sizeof(resp.odp_caps))
4258 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
4259 resp.odp_caps.general_caps = attr.odp_caps.general_caps;
4260 resp.odp_caps.per_transport_caps.rc_odp_caps =
4261 attr.odp_caps.per_transport_caps.rc_odp_caps;
4262 resp.odp_caps.per_transport_caps.uc_odp_caps =
4263 attr.odp_caps.per_transport_caps.uc_odp_caps;
4264 resp.odp_caps.per_transport_caps.ud_odp_caps =
4265 attr.odp_caps.per_transport_caps.ud_odp_caps;
4267 resp.response_length += sizeof(resp.odp_caps);
4269 if (ucore->outlen < resp.response_length + sizeof(resp.timestamp_mask))
4272 resp.timestamp_mask = attr.timestamp_mask;
4273 resp.response_length += sizeof(resp.timestamp_mask);
4275 if (ucore->outlen < resp.response_length + sizeof(resp.hca_core_clock))
4278 resp.hca_core_clock = attr.hca_core_clock;
4279 resp.response_length += sizeof(resp.hca_core_clock);
4281 if (ucore->outlen < resp.response_length + sizeof(resp.device_cap_flags_ex))
4284 resp.device_cap_flags_ex = attr.device_cap_flags;
4285 resp.response_length += sizeof(resp.device_cap_flags_ex);
4287 if (ucore->outlen < resp.response_length + sizeof(resp.rss_caps))
4290 resp.rss_caps.supported_qpts = attr.rss_caps.supported_qpts;
4291 resp.rss_caps.max_rwq_indirection_tables =
4292 attr.rss_caps.max_rwq_indirection_tables;
4293 resp.rss_caps.max_rwq_indirection_table_size =
4294 attr.rss_caps.max_rwq_indirection_table_size;
4296 resp.response_length += sizeof(resp.rss_caps);
4298 if (ucore->outlen < resp.response_length + sizeof(resp.max_wq_type_rq))
4301 resp.max_wq_type_rq = attr.max_wq_type_rq;
4302 resp.response_length += sizeof(resp.max_wq_type_rq);
4304 err = ib_copy_to_udata(ucore, &resp, resp.response_length);
projects / FreeBSD / FreeBSD.git / blob