2 * Copyright (c) 2005 Topspin Communications. All rights reserved.
3 * Copyright (c) 2005, 2006, 2007 Cisco Systems. All rights reserved.
4 * Copyright (c) 2005 PathScale, Inc. All rights reserved.
5 * Copyright (c) 2006 Mellanox Technologies. All rights reserved.
7 * This software is available to you under a choice of one of two
8 * licenses. You may choose to be licensed under the terms of the GNU
9 * General Public License (GPL) Version 2, available from the file
10 * COPYING in the main directory of this source tree, or the
11 * OpenIB.org BSD license below:
13 * Redistribution and use in source and binary forms, with or
14 * without modification, are permitted provided that the following
17 * - Redistributions of source code must retain the above
18 * copyright notice, this list of conditions and the following
21 * - Redistributions in binary form must reproduce the above
22 * copyright notice, this list of conditions and the following
23 * disclaimer in the documentation and/or other materials
24 * provided with the distribution.
26 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
27 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
28 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
29 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
30 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
31 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
32 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
36 #include <linux/file.h>
38 #include <linux/slab.h>
39 #include <linux/sched.h>
41 #include <asm/uaccess.h>
44 #include "core_priv.h"
46 struct uverbs_lock_class {
47 struct lock_class_key key;
51 static struct uverbs_lock_class pd_lock_class = { .name = "PD-uobj" };
52 static struct uverbs_lock_class mr_lock_class = { .name = "MR-uobj" };
53 static struct uverbs_lock_class mw_lock_class = { .name = "MW-uobj" };
54 static struct uverbs_lock_class cq_lock_class = { .name = "CQ-uobj" };
55 static struct uverbs_lock_class qp_lock_class = { .name = "QP-uobj" };
56 static struct uverbs_lock_class ah_lock_class = { .name = "AH-uobj" };
57 static struct uverbs_lock_class srq_lock_class = { .name = "SRQ-uobj" };
58 static struct uverbs_lock_class xrcd_lock_class = { .name = "XRCD-uobj" };
59 static struct uverbs_lock_class rule_lock_class = { .name = "RULE-uobj" };
62 * The ib_uobject locking scheme is as follows:
64 * - ib_uverbs_idr_lock protects the uverbs idrs themselves, so it
65 * needs to be held during all idr operations. When an object is
66 * looked up, a reference must be taken on the object's kref before
69 * - Each object also has an rwsem. This rwsem must be held for
70 * reading while an operation that uses the object is performed.
71 * For example, while registering an MR, the associated PD's
72 * uobject.mutex must be held for reading. The rwsem must be held
73 * for writing while initializing or destroying an object.
75 * - In addition, each object has a "live" flag. If this flag is not
76 * set, then lookups of the object will fail even if it is found in
77 * the idr. This handles a reader that blocks and does not acquire
78 * the rwsem until after the object is destroyed. The destroy
79 * operation will set the live flag to 0 and then drop the rwsem;
80 * this will allow the reader to acquire the rwsem, see that the
81 * live flag is 0, and then drop the rwsem and its reference to
82 * object. The underlying storage will not be freed until the last
83 * reference to the object is dropped.
86 static void init_uobj(struct ib_uobject *uobj, u64 user_handle,
87 struct ib_ucontext *context, struct uverbs_lock_class *c)
89 uobj->user_handle = user_handle;
90 uobj->context = context;
91 kref_init(&uobj->ref);
92 init_rwsem(&uobj->mutex);
93 lockdep_set_class_and_name(&uobj->mutex, &c->key, c->name);
97 static void release_uobj(struct kref *kref)
99 kfree(container_of(kref, struct ib_uobject, ref));
102 static void put_uobj(struct ib_uobject *uobj)
104 kref_put(&uobj->ref, release_uobj);
107 static void put_uobj_read(struct ib_uobject *uobj)
109 up_read(&uobj->mutex);
113 static void put_uobj_write(struct ib_uobject *uobj)
115 up_write(&uobj->mutex);
119 static int idr_add_uobj(struct idr *idr, struct ib_uobject *uobj)
123 idr_preload(GFP_KERNEL);
124 spin_lock(&ib_uverbs_idr_lock);
126 ret = idr_alloc(idr, uobj, 0, 0, GFP_NOWAIT);
130 spin_unlock(&ib_uverbs_idr_lock);
133 return ret < 0 ? ret : 0;
136 void idr_remove_uobj(struct idr *idr, struct ib_uobject *uobj)
138 spin_lock(&ib_uverbs_idr_lock);
139 idr_remove(idr, uobj->id);
140 spin_unlock(&ib_uverbs_idr_lock);
143 static struct ib_uobject *__idr_get_uobj(struct idr *idr, int id,
144 struct ib_ucontext *context)
146 struct ib_uobject *uobj;
148 spin_lock(&ib_uverbs_idr_lock);
149 uobj = idr_find(idr, id);
151 if (uobj->context == context)
152 kref_get(&uobj->ref);
156 spin_unlock(&ib_uverbs_idr_lock);
161 static struct ib_uobject *idr_read_uobj(struct idr *idr, int id,
162 struct ib_ucontext *context, int nested)
164 struct ib_uobject *uobj;
166 uobj = __idr_get_uobj(idr, id, context);
171 down_read_nested(&uobj->mutex, SINGLE_DEPTH_NESTING);
173 down_read(&uobj->mutex);
182 static struct ib_uobject *idr_write_uobj(struct idr *idr, int id,
183 struct ib_ucontext *context)
185 struct ib_uobject *uobj;
187 uobj = __idr_get_uobj(idr, id, context);
191 down_write(&uobj->mutex);
193 put_uobj_write(uobj);
200 static void *idr_read_obj(struct idr *idr, int id, struct ib_ucontext *context,
203 struct ib_uobject *uobj;
205 uobj = idr_read_uobj(idr, id, context, nested);
206 return uobj ? uobj->object : NULL;
209 static struct ib_pd *idr_read_pd(int pd_handle, struct ib_ucontext *context)
211 return idr_read_obj(&ib_uverbs_pd_idr, pd_handle, context, 0);
214 static void put_pd_read(struct ib_pd *pd)
216 put_uobj_read(pd->uobject);
219 static struct ib_cq *idr_read_cq(int cq_handle, struct ib_ucontext *context, int nested)
221 return idr_read_obj(&ib_uverbs_cq_idr, cq_handle, context, nested);
224 static void put_cq_read(struct ib_cq *cq)
226 put_uobj_read(cq->uobject);
229 static struct ib_ah *idr_read_ah(int ah_handle, struct ib_ucontext *context)
231 return idr_read_obj(&ib_uverbs_ah_idr, ah_handle, context, 0);
234 static void put_ah_read(struct ib_ah *ah)
236 put_uobj_read(ah->uobject);
239 static struct ib_qp *idr_read_qp(int qp_handle, struct ib_ucontext *context)
241 return idr_read_obj(&ib_uverbs_qp_idr, qp_handle, context, 0);
244 static struct ib_qp *idr_write_qp(int qp_handle, struct ib_ucontext *context)
246 struct ib_uobject *uobj;
248 uobj = idr_write_uobj(&ib_uverbs_qp_idr, qp_handle, context);
249 return uobj ? uobj->object : NULL;
252 static void put_qp_read(struct ib_qp *qp)
254 put_uobj_read(qp->uobject);
257 static void put_qp_write(struct ib_qp *qp)
259 put_uobj_write(qp->uobject);
262 static struct ib_srq *idr_read_srq(int srq_handle, struct ib_ucontext *context)
264 return idr_read_obj(&ib_uverbs_srq_idr, srq_handle, context, 0);
267 static void put_srq_read(struct ib_srq *srq)
269 put_uobj_read(srq->uobject);
272 static struct ib_xrcd *idr_read_xrcd(int xrcd_handle, struct ib_ucontext *context,
273 struct ib_uobject **uobj)
275 *uobj = idr_read_uobj(&ib_uverbs_xrcd_idr, xrcd_handle, context, 0);
276 return *uobj ? (*uobj)->object : NULL;
279 static void put_xrcd_read(struct ib_uobject *uobj)
284 ssize_t ib_uverbs_get_context(struct ib_uverbs_file *file,
285 const char __user *buf,
286 int in_len, int out_len)
288 struct ib_uverbs_get_context cmd;
289 struct ib_uverbs_get_context_resp resp;
290 struct ib_udata udata;
291 struct ib_device *ibdev = file->device->ib_dev;
292 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
293 struct ib_device_attr dev_attr;
295 struct ib_ucontext *ucontext;
299 if (out_len < sizeof resp)
302 if (copy_from_user(&cmd, buf, sizeof cmd))
305 mutex_lock(&file->mutex);
307 if (file->ucontext) {
312 INIT_UDATA(&udata, buf + sizeof cmd,
313 (unsigned long) cmd.response + sizeof resp,
314 in_len - sizeof cmd, out_len - sizeof resp);
316 ucontext = ibdev->alloc_ucontext(ibdev, &udata);
317 if (IS_ERR(ucontext)) {
318 ret = PTR_ERR(ucontext);
322 ucontext->device = ibdev;
323 INIT_LIST_HEAD(&ucontext->pd_list);
324 INIT_LIST_HEAD(&ucontext->mr_list);
325 INIT_LIST_HEAD(&ucontext->mw_list);
326 INIT_LIST_HEAD(&ucontext->cq_list);
327 INIT_LIST_HEAD(&ucontext->qp_list);
328 INIT_LIST_HEAD(&ucontext->srq_list);
329 INIT_LIST_HEAD(&ucontext->ah_list);
330 INIT_LIST_HEAD(&ucontext->xrcd_list);
331 INIT_LIST_HEAD(&ucontext->rule_list);
333 ucontext->tgid = get_task_pid(current->group_leader, PIDTYPE_PID);
335 ucontext->closing = 0;
337 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
338 ucontext->umem_tree = RB_ROOT;
339 init_rwsem(&ucontext->umem_rwsem);
340 ucontext->odp_mrs_count = 0;
341 INIT_LIST_HEAD(&ucontext->no_private_counters);
343 ret = ib_query_device(ibdev, &dev_attr);
346 if (!(dev_attr.device_cap_flags & IB_DEVICE_ON_DEMAND_PAGING))
347 ucontext->invalidate_range = NULL;
351 resp.num_comp_vectors = file->device->num_comp_vectors;
353 ret = get_unused_fd_flags(O_CLOEXEC);
358 filp = ib_uverbs_alloc_event_file(file, 1);
364 if (copy_to_user((void __user *) (unsigned long) cmd.response,
365 &resp, sizeof resp)) {
370 file->async_file = filp->private_data;
372 INIT_IB_EVENT_HANDLER(&file->event_handler, file->device->ib_dev,
373 ib_uverbs_event_handler);
374 ret = ib_register_event_handler(&file->event_handler);
378 kref_get(&file->async_file->ref);
379 kref_get(&file->ref);
380 file->ucontext = ucontext;
382 fd_install(resp.async_fd, filp);
384 mutex_unlock(&file->mutex);
392 put_unused_fd(resp.async_fd);
395 put_pid(ucontext->tgid);
396 ibdev->dealloc_ucontext(ucontext);
399 mutex_unlock(&file->mutex);
403 static void copy_query_dev_fields(struct ib_uverbs_file *file,
404 struct ib_uverbs_query_device_resp *resp,
405 struct ib_device_attr *attr)
407 resp->fw_ver = attr->fw_ver;
408 resp->node_guid = file->device->ib_dev->node_guid;
409 resp->sys_image_guid = attr->sys_image_guid;
410 resp->max_mr_size = attr->max_mr_size;
411 resp->page_size_cap = attr->page_size_cap;
412 resp->vendor_id = attr->vendor_id;
413 resp->vendor_part_id = attr->vendor_part_id;
414 resp->hw_ver = attr->hw_ver;
415 resp->max_qp = attr->max_qp;
416 resp->max_qp_wr = attr->max_qp_wr;
417 resp->device_cap_flags = attr->device_cap_flags;
418 resp->max_sge = attr->max_sge;
419 resp->max_sge_rd = attr->max_sge_rd;
420 resp->max_cq = attr->max_cq;
421 resp->max_cqe = attr->max_cqe;
422 resp->max_mr = attr->max_mr;
423 resp->max_pd = attr->max_pd;
424 resp->max_qp_rd_atom = attr->max_qp_rd_atom;
425 resp->max_ee_rd_atom = attr->max_ee_rd_atom;
426 resp->max_res_rd_atom = attr->max_res_rd_atom;
427 resp->max_qp_init_rd_atom = attr->max_qp_init_rd_atom;
428 resp->max_ee_init_rd_atom = attr->max_ee_init_rd_atom;
429 resp->atomic_cap = attr->atomic_cap;
430 resp->max_ee = attr->max_ee;
431 resp->max_rdd = attr->max_rdd;
432 resp->max_mw = attr->max_mw;
433 resp->max_raw_ipv6_qp = attr->max_raw_ipv6_qp;
434 resp->max_raw_ethy_qp = attr->max_raw_ethy_qp;
435 resp->max_mcast_grp = attr->max_mcast_grp;
436 resp->max_mcast_qp_attach = attr->max_mcast_qp_attach;
437 resp->max_total_mcast_qp_attach = attr->max_total_mcast_qp_attach;
438 resp->max_ah = attr->max_ah;
439 resp->max_fmr = attr->max_fmr;
440 resp->max_map_per_fmr = attr->max_map_per_fmr;
441 resp->max_srq = attr->max_srq;
442 resp->max_srq_wr = attr->max_srq_wr;
443 resp->max_srq_sge = attr->max_srq_sge;
444 resp->max_pkeys = attr->max_pkeys;
445 resp->local_ca_ack_delay = attr->local_ca_ack_delay;
446 resp->phys_port_cnt = file->device->ib_dev->phys_port_cnt;
449 ssize_t ib_uverbs_query_device(struct ib_uverbs_file *file,
450 const char __user *buf,
451 int in_len, int out_len)
453 struct ib_uverbs_query_device cmd;
454 struct ib_uverbs_query_device_resp resp;
455 struct ib_device_attr attr;
458 if (out_len < sizeof resp)
461 if (copy_from_user(&cmd, buf, sizeof cmd))
464 ret = ib_query_device(file->device->ib_dev, &attr);
468 memset(&resp, 0, sizeof resp);
469 copy_query_dev_fields(file, &resp, &attr);
471 if (copy_to_user((void __user *) (unsigned long) cmd.response,
478 ssize_t ib_uverbs_query_port(struct ib_uverbs_file *file,
479 const char __user *buf,
480 int in_len, int out_len)
482 struct ib_uverbs_query_port cmd;
483 struct ib_uverbs_query_port_resp resp;
484 struct ib_port_attr attr;
487 if (out_len < sizeof resp)
490 if (copy_from_user(&cmd, buf, sizeof cmd))
493 ret = ib_query_port(file->device->ib_dev, cmd.port_num, &attr);
497 memset(&resp, 0, sizeof resp);
499 resp.state = attr.state;
500 resp.max_mtu = attr.max_mtu;
501 resp.active_mtu = attr.active_mtu;
502 resp.gid_tbl_len = attr.gid_tbl_len;
503 resp.port_cap_flags = attr.port_cap_flags;
504 resp.max_msg_sz = attr.max_msg_sz;
505 resp.bad_pkey_cntr = attr.bad_pkey_cntr;
506 resp.qkey_viol_cntr = attr.qkey_viol_cntr;
507 resp.pkey_tbl_len = attr.pkey_tbl_len;
509 resp.sm_lid = attr.sm_lid;
511 resp.max_vl_num = attr.max_vl_num;
512 resp.sm_sl = attr.sm_sl;
513 resp.subnet_timeout = attr.subnet_timeout;
514 resp.init_type_reply = attr.init_type_reply;
515 resp.active_width = attr.active_width;
516 resp.active_speed = attr.active_speed;
517 resp.phys_state = attr.phys_state;
518 resp.link_layer = rdma_port_get_link_layer(file->device->ib_dev,
521 if (copy_to_user((void __user *) (unsigned long) cmd.response,
528 ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file,
529 const char __user *buf,
530 int in_len, int out_len)
532 struct ib_uverbs_alloc_pd cmd;
533 struct ib_uverbs_alloc_pd_resp resp;
534 struct ib_udata udata;
535 struct ib_uobject *uobj;
539 if (out_len < sizeof resp)
542 if (copy_from_user(&cmd, buf, sizeof cmd))
545 INIT_UDATA(&udata, buf + sizeof cmd,
546 (unsigned long) cmd.response + sizeof resp,
547 in_len - sizeof cmd, out_len - sizeof resp);
549 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
553 init_uobj(uobj, 0, file->ucontext, &pd_lock_class);
554 down_write(&uobj->mutex);
556 pd = file->device->ib_dev->alloc_pd(file->device->ib_dev,
557 file->ucontext, &udata);
563 pd->device = file->device->ib_dev;
565 atomic_set(&pd->usecnt, 0);
568 ret = idr_add_uobj(&ib_uverbs_pd_idr, uobj);
572 memset(&resp, 0, sizeof resp);
573 resp.pd_handle = uobj->id;
575 if (copy_to_user((void __user *) (unsigned long) cmd.response,
576 &resp, sizeof resp)) {
581 mutex_lock(&file->mutex);
582 list_add_tail(&uobj->list, &file->ucontext->pd_list);
583 mutex_unlock(&file->mutex);
587 up_write(&uobj->mutex);
592 idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
598 put_uobj_write(uobj);
602 ssize_t ib_uverbs_dealloc_pd(struct ib_uverbs_file *file,
603 const char __user *buf,
604 int in_len, int out_len)
606 struct ib_uverbs_dealloc_pd cmd;
607 struct ib_uobject *uobj;
610 if (copy_from_user(&cmd, buf, sizeof cmd))
613 uobj = idr_write_uobj(&ib_uverbs_pd_idr, cmd.pd_handle, file->ucontext);
617 ret = ib_dealloc_pd(uobj->object);
621 put_uobj_write(uobj);
626 idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
628 mutex_lock(&file->mutex);
629 list_del(&uobj->list);
630 mutex_unlock(&file->mutex);
637 struct xrcd_table_entry {
639 struct ib_xrcd *xrcd;
643 static int xrcd_table_insert(struct ib_uverbs_device *dev,
645 struct ib_xrcd *xrcd)
647 struct xrcd_table_entry *entry, *scan;
648 struct rb_node **p = &dev->xrcd_tree.rb_node;
649 struct rb_node *parent = NULL;
651 entry = kmalloc(sizeof *entry, GFP_KERNEL);
656 entry->inode = inode;
660 scan = rb_entry(parent, struct xrcd_table_entry, node);
662 if (inode < scan->inode) {
664 } else if (inode > scan->inode) {
672 rb_link_node(&entry->node, parent, p);
673 rb_insert_color(&entry->node, &dev->xrcd_tree);
678 static struct xrcd_table_entry *xrcd_table_search(struct ib_uverbs_device *dev,
681 struct xrcd_table_entry *entry;
682 struct rb_node *p = dev->xrcd_tree.rb_node;
685 entry = rb_entry(p, struct xrcd_table_entry, node);
687 if (inode < entry->inode)
689 else if (inode > entry->inode)
698 static struct ib_xrcd *find_xrcd(struct ib_uverbs_device *dev, struct inode *inode)
700 struct xrcd_table_entry *entry;
702 entry = xrcd_table_search(dev, inode);
709 static void xrcd_table_delete(struct ib_uverbs_device *dev,
712 struct xrcd_table_entry *entry;
714 entry = xrcd_table_search(dev, inode);
717 rb_erase(&entry->node, &dev->xrcd_tree);
722 ssize_t ib_uverbs_open_xrcd(struct ib_uverbs_file *file,
723 const char __user *buf, int in_len,
726 struct ib_uverbs_open_xrcd cmd;
727 struct ib_uverbs_open_xrcd_resp resp;
728 struct ib_udata udata;
729 struct ib_uxrcd_object *obj;
730 struct ib_xrcd *xrcd = NULL;
731 struct fd f = {NULL, 0};
732 struct inode *inode = NULL;
736 if (out_len < sizeof resp)
739 if (copy_from_user(&cmd, buf, sizeof cmd))
742 INIT_UDATA(&udata, buf + sizeof cmd,
743 (unsigned long) cmd.response + sizeof resp,
744 in_len - sizeof cmd, out_len - sizeof resp);
746 mutex_lock(&file->device->xrcd_tree_mutex);
749 /* search for file descriptor */
753 goto err_tree_mutex_unlock;
756 inode = file_inode(f.file);
757 xrcd = find_xrcd(file->device, inode);
758 if (!xrcd && !(cmd.oflags & O_CREAT)) {
759 /* no file descriptor. Need CREATE flag */
761 goto err_tree_mutex_unlock;
764 if (xrcd && cmd.oflags & O_EXCL) {
766 goto err_tree_mutex_unlock;
770 obj = kmalloc(sizeof *obj, GFP_KERNEL);
773 goto err_tree_mutex_unlock;
776 init_uobj(&obj->uobject, 0, file->ucontext, &xrcd_lock_class);
778 down_write(&obj->uobject.mutex);
781 xrcd = file->device->ib_dev->alloc_xrcd(file->device->ib_dev,
782 file->ucontext, &udata);
789 xrcd->device = file->device->ib_dev;
790 atomic_set(&xrcd->usecnt, 0);
791 mutex_init(&xrcd->tgt_qp_mutex);
792 INIT_LIST_HEAD(&xrcd->tgt_qp_list);
796 atomic_set(&obj->refcnt, 0);
797 obj->uobject.object = xrcd;
798 ret = idr_add_uobj(&ib_uverbs_xrcd_idr, &obj->uobject);
802 memset(&resp, 0, sizeof resp);
803 resp.xrcd_handle = obj->uobject.id;
807 /* create new inode/xrcd table entry */
808 ret = xrcd_table_insert(file->device, inode, xrcd);
810 goto err_insert_xrcd;
812 atomic_inc(&xrcd->usecnt);
815 if (copy_to_user((void __user *) (unsigned long) cmd.response,
816 &resp, sizeof resp)) {
824 mutex_lock(&file->mutex);
825 list_add_tail(&obj->uobject.list, &file->ucontext->xrcd_list);
826 mutex_unlock(&file->mutex);
828 obj->uobject.live = 1;
829 up_write(&obj->uobject.mutex);
831 mutex_unlock(&file->device->xrcd_tree_mutex);
837 xrcd_table_delete(file->device, inode);
838 atomic_dec(&xrcd->usecnt);
842 idr_remove_uobj(&ib_uverbs_xrcd_idr, &obj->uobject);
845 ib_dealloc_xrcd(xrcd);
848 put_uobj_write(&obj->uobject);
850 err_tree_mutex_unlock:
854 mutex_unlock(&file->device->xrcd_tree_mutex);
859 ssize_t ib_uverbs_close_xrcd(struct ib_uverbs_file *file,
860 const char __user *buf, int in_len,
863 struct ib_uverbs_close_xrcd cmd;
864 struct ib_uobject *uobj;
865 struct ib_xrcd *xrcd = NULL;
866 struct inode *inode = NULL;
867 struct ib_uxrcd_object *obj;
871 if (copy_from_user(&cmd, buf, sizeof cmd))
874 mutex_lock(&file->device->xrcd_tree_mutex);
875 uobj = idr_write_uobj(&ib_uverbs_xrcd_idr, cmd.xrcd_handle, file->ucontext);
883 obj = container_of(uobj, struct ib_uxrcd_object, uobject);
884 if (atomic_read(&obj->refcnt)) {
885 put_uobj_write(uobj);
890 if (!inode || atomic_dec_and_test(&xrcd->usecnt)) {
891 ret = ib_dealloc_xrcd(uobj->object);
898 atomic_inc(&xrcd->usecnt);
900 put_uobj_write(uobj);
906 xrcd_table_delete(file->device, inode);
908 idr_remove_uobj(&ib_uverbs_xrcd_idr, uobj);
909 mutex_lock(&file->mutex);
910 list_del(&uobj->list);
911 mutex_unlock(&file->mutex);
917 mutex_unlock(&file->device->xrcd_tree_mutex);
921 void ib_uverbs_dealloc_xrcd(struct ib_uverbs_device *dev,
922 struct ib_xrcd *xrcd)
927 if (inode && !atomic_dec_and_test(&xrcd->usecnt))
930 ib_dealloc_xrcd(xrcd);
933 xrcd_table_delete(dev, inode);
936 ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file,
937 const char __user *buf, int in_len,
940 struct ib_uverbs_reg_mr cmd;
941 struct ib_uverbs_reg_mr_resp resp;
942 struct ib_udata udata;
943 struct ib_uobject *uobj;
948 if (out_len < sizeof resp)
951 if (copy_from_user(&cmd, buf, sizeof cmd))
954 INIT_UDATA(&udata, buf + sizeof cmd,
955 (unsigned long) cmd.response + sizeof resp,
956 in_len - sizeof cmd, out_len - sizeof resp);
958 if ((cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK))
961 ret = ib_check_mr_access(cmd.access_flags);
965 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
969 init_uobj(uobj, 0, file->ucontext, &mr_lock_class);
970 down_write(&uobj->mutex);
972 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
978 if (cmd.access_flags & IB_ACCESS_ON_DEMAND) {
979 struct ib_device_attr attr;
981 ret = ib_query_device(pd->device, &attr);
982 if (ret || !(attr.device_cap_flags &
983 IB_DEVICE_ON_DEMAND_PAGING)) {
984 pr_debug("ODP support not available\n");
990 mr = pd->device->reg_user_mr(pd, cmd.start, cmd.length, cmd.hca_va,
991 cmd.access_flags, &udata);
997 mr->device = pd->device;
1000 atomic_inc(&pd->usecnt);
1001 atomic_set(&mr->usecnt, 0);
1004 ret = idr_add_uobj(&ib_uverbs_mr_idr, uobj);
1008 memset(&resp, 0, sizeof resp);
1009 resp.lkey = mr->lkey;
1010 resp.rkey = mr->rkey;
1011 resp.mr_handle = uobj->id;
1013 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1014 &resp, sizeof resp)) {
1021 mutex_lock(&file->mutex);
1022 list_add_tail(&uobj->list, &file->ucontext->mr_list);
1023 mutex_unlock(&file->mutex);
1027 up_write(&uobj->mutex);
1032 idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
1041 put_uobj_write(uobj);
1045 ssize_t ib_uverbs_rereg_mr(struct ib_uverbs_file *file,
1046 const char __user *buf, int in_len,
1049 struct ib_uverbs_rereg_mr cmd;
1050 struct ib_uverbs_rereg_mr_resp resp;
1051 struct ib_udata udata;
1052 struct ib_pd *pd = NULL;
1054 struct ib_pd *old_pd;
1056 struct ib_uobject *uobj;
1058 if (out_len < sizeof(resp))
1061 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1064 INIT_UDATA(&udata, buf + sizeof(cmd),
1065 (unsigned long) cmd.response + sizeof(resp),
1066 in_len - sizeof(cmd), out_len - sizeof(resp));
1068 if (cmd.flags & ~IB_MR_REREG_SUPPORTED || !cmd.flags)
1071 if ((cmd.flags & IB_MR_REREG_TRANS) &&
1072 (!cmd.start || !cmd.hca_va || 0 >= cmd.length ||
1073 (cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK)))
1076 uobj = idr_write_uobj(&ib_uverbs_mr_idr, cmd.mr_handle,
1084 if (cmd.flags & IB_MR_REREG_ACCESS) {
1085 ret = ib_check_mr_access(cmd.access_flags);
1090 if (cmd.flags & IB_MR_REREG_PD) {
1091 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1098 if (atomic_read(&mr->usecnt)) {
1104 ret = mr->device->rereg_user_mr(mr, cmd.flags, cmd.start,
1105 cmd.length, cmd.hca_va,
1106 cmd.access_flags, pd, &udata);
1108 if (cmd.flags & IB_MR_REREG_PD) {
1109 atomic_inc(&pd->usecnt);
1111 atomic_dec(&old_pd->usecnt);
1117 memset(&resp, 0, sizeof(resp));
1118 resp.lkey = mr->lkey;
1119 resp.rkey = mr->rkey;
1121 if (copy_to_user((void __user *)(unsigned long)cmd.response,
1122 &resp, sizeof(resp)))
1128 if (cmd.flags & IB_MR_REREG_PD)
1133 put_uobj_write(mr->uobject);
1138 ssize_t ib_uverbs_dereg_mr(struct ib_uverbs_file *file,
1139 const char __user *buf, int in_len,
1142 struct ib_uverbs_dereg_mr cmd;
1144 struct ib_uobject *uobj;
1147 if (copy_from_user(&cmd, buf, sizeof cmd))
1150 uobj = idr_write_uobj(&ib_uverbs_mr_idr, cmd.mr_handle, file->ucontext);
1156 ret = ib_dereg_mr(mr);
1160 put_uobj_write(uobj);
1165 idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
1167 mutex_lock(&file->mutex);
1168 list_del(&uobj->list);
1169 mutex_unlock(&file->mutex);
1176 ssize_t ib_uverbs_alloc_mw(struct ib_uverbs_file *file,
1177 const char __user *buf, int in_len,
1180 struct ib_uverbs_alloc_mw cmd;
1181 struct ib_uverbs_alloc_mw_resp resp;
1182 struct ib_uobject *uobj;
1187 if (out_len < sizeof(resp))
1190 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1193 uobj = kmalloc(sizeof(*uobj), GFP_KERNEL);
1197 init_uobj(uobj, 0, file->ucontext, &mw_lock_class);
1198 down_write(&uobj->mutex);
1200 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1206 mw = pd->device->alloc_mw(pd, cmd.mw_type);
1212 mw->device = pd->device;
1215 atomic_inc(&pd->usecnt);
1218 ret = idr_add_uobj(&ib_uverbs_mw_idr, uobj);
1222 memset(&resp, 0, sizeof(resp));
1223 resp.rkey = mw->rkey;
1224 resp.mw_handle = uobj->id;
1226 if (copy_to_user((void __user *)(unsigned long)cmd.response,
1227 &resp, sizeof(resp))) {
1234 mutex_lock(&file->mutex);
1235 list_add_tail(&uobj->list, &file->ucontext->mw_list);
1236 mutex_unlock(&file->mutex);
1240 up_write(&uobj->mutex);
1245 idr_remove_uobj(&ib_uverbs_mw_idr, uobj);
1254 put_uobj_write(uobj);
1258 ssize_t ib_uverbs_dealloc_mw(struct ib_uverbs_file *file,
1259 const char __user *buf, int in_len,
1262 struct ib_uverbs_dealloc_mw cmd;
1264 struct ib_uobject *uobj;
1267 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1270 uobj = idr_write_uobj(&ib_uverbs_mw_idr, cmd.mw_handle, file->ucontext);
1276 ret = ib_dealloc_mw(mw);
1280 put_uobj_write(uobj);
1285 idr_remove_uobj(&ib_uverbs_mw_idr, uobj);
1287 mutex_lock(&file->mutex);
1288 list_del(&uobj->list);
1289 mutex_unlock(&file->mutex);
1296 ssize_t ib_uverbs_create_comp_channel(struct ib_uverbs_file *file,
1297 const char __user *buf, int in_len,
1300 struct ib_uverbs_create_comp_channel cmd;
1301 struct ib_uverbs_create_comp_channel_resp resp;
1305 if (out_len < sizeof resp)
1308 if (copy_from_user(&cmd, buf, sizeof cmd))
1311 ret = get_unused_fd_flags(O_CLOEXEC);
1316 filp = ib_uverbs_alloc_event_file(file, 0);
1318 put_unused_fd(resp.fd);
1319 return PTR_ERR(filp);
1322 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1323 &resp, sizeof resp)) {
1324 put_unused_fd(resp.fd);
1329 fd_install(resp.fd, filp);
1333 ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file,
1334 const char __user *buf, int in_len,
1337 struct ib_uverbs_create_cq cmd;
1338 struct ib_uverbs_create_cq_resp resp;
1339 struct ib_udata udata;
1340 struct ib_ucq_object *obj;
1341 struct ib_uverbs_event_file *ev_file = NULL;
1344 struct ib_cq_init_attr attr = {};
1346 if (out_len < sizeof resp)
1349 if (copy_from_user(&cmd, buf, sizeof cmd))
1352 INIT_UDATA(&udata, buf + sizeof cmd,
1353 (unsigned long) cmd.response + sizeof resp,
1354 in_len - sizeof cmd, out_len - sizeof resp);
1356 if (cmd.comp_vector >= file->device->num_comp_vectors)
1359 obj = kmalloc(sizeof *obj, GFP_KERNEL);
1363 init_uobj(&obj->uobject, cmd.user_handle, file->ucontext, &cq_lock_class);
1364 down_write(&obj->uobject.mutex);
1366 if (cmd.comp_channel >= 0) {
1367 ev_file = ib_uverbs_lookup_comp_file(cmd.comp_channel);
1374 obj->uverbs_file = file;
1375 obj->comp_events_reported = 0;
1376 obj->async_events_reported = 0;
1377 INIT_LIST_HEAD(&obj->comp_list);
1378 INIT_LIST_HEAD(&obj->async_list);
1381 attr.comp_vector = cmd.comp_vector;
1382 cq = file->device->ib_dev->create_cq(file->device->ib_dev, &attr,
1383 file->ucontext, &udata);
1389 cq->device = file->device->ib_dev;
1390 cq->uobject = &obj->uobject;
1391 cq->comp_handler = ib_uverbs_comp_handler;
1392 cq->event_handler = ib_uverbs_cq_event_handler;
1393 cq->cq_context = ev_file;
1394 atomic_set(&cq->usecnt, 0);
1396 obj->uobject.object = cq;
1397 ret = idr_add_uobj(&ib_uverbs_cq_idr, &obj->uobject);
1401 memset(&resp, 0, sizeof resp);
1402 resp.cq_handle = obj->uobject.id;
1405 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1406 &resp, sizeof resp)) {
1411 mutex_lock(&file->mutex);
1412 list_add_tail(&obj->uobject.list, &file->ucontext->cq_list);
1413 mutex_unlock(&file->mutex);
1415 obj->uobject.live = 1;
1417 up_write(&obj->uobject.mutex);
1422 idr_remove_uobj(&ib_uverbs_cq_idr, &obj->uobject);
1429 ib_uverbs_release_ucq(file, ev_file, obj);
1432 put_uobj_write(&obj->uobject);
1436 ssize_t ib_uverbs_resize_cq(struct ib_uverbs_file *file,
1437 const char __user *buf, int in_len,
1440 struct ib_uverbs_resize_cq cmd;
1441 struct ib_uverbs_resize_cq_resp resp;
1442 struct ib_udata udata;
1446 if (copy_from_user(&cmd, buf, sizeof cmd))
1449 INIT_UDATA(&udata, buf + sizeof cmd,
1450 (unsigned long) cmd.response + sizeof resp,
1451 in_len - sizeof cmd, out_len - sizeof resp);
1453 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1457 ret = cq->device->resize_cq(cq, cmd.cqe, &udata);
1463 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1464 &resp, sizeof resp.cqe))
1470 return ret ? ret : in_len;
1473 static int copy_wc_to_user(void __user *dest, struct ib_wc *wc)
1475 struct ib_uverbs_wc tmp;
1477 tmp.wr_id = wc->wr_id;
1478 tmp.status = wc->status;
1479 tmp.opcode = wc->opcode;
1480 tmp.vendor_err = wc->vendor_err;
1481 tmp.byte_len = wc->byte_len;
1482 tmp.ex.imm_data = (__u32 __force) wc->ex.imm_data;
1483 tmp.qp_num = wc->qp->qp_num;
1484 tmp.src_qp = wc->src_qp;
1485 tmp.wc_flags = wc->wc_flags;
1486 tmp.pkey_index = wc->pkey_index;
1487 tmp.slid = wc->slid;
1489 tmp.dlid_path_bits = wc->dlid_path_bits;
1490 tmp.port_num = wc->port_num;
1493 if (copy_to_user(dest, &tmp, sizeof tmp))
1499 ssize_t ib_uverbs_poll_cq(struct ib_uverbs_file *file,
1500 const char __user *buf, int in_len,
1503 struct ib_uverbs_poll_cq cmd;
1504 struct ib_uverbs_poll_cq_resp resp;
1505 u8 __user *header_ptr;
1506 u8 __user *data_ptr;
1511 if (copy_from_user(&cmd, buf, sizeof cmd))
1514 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1518 /* we copy a struct ib_uverbs_poll_cq_resp to user space */
1519 header_ptr = (void __user *)(unsigned long) cmd.response;
1520 data_ptr = header_ptr + sizeof resp;
1522 memset(&resp, 0, sizeof resp);
1523 while (resp.count < cmd.ne) {
1524 ret = ib_poll_cq(cq, 1, &wc);
1530 ret = copy_wc_to_user(data_ptr, &wc);
1534 data_ptr += sizeof(struct ib_uverbs_wc);
1538 if (copy_to_user(header_ptr, &resp, sizeof resp)) {
1550 ssize_t ib_uverbs_req_notify_cq(struct ib_uverbs_file *file,
1551 const char __user *buf, int in_len,
1554 struct ib_uverbs_req_notify_cq cmd;
1557 if (copy_from_user(&cmd, buf, sizeof cmd))
1560 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1564 ib_req_notify_cq(cq, cmd.solicited_only ?
1565 IB_CQ_SOLICITED : IB_CQ_NEXT_COMP);
1572 ssize_t ib_uverbs_destroy_cq(struct ib_uverbs_file *file,
1573 const char __user *buf, int in_len,
1576 struct ib_uverbs_destroy_cq cmd;
1577 struct ib_uverbs_destroy_cq_resp resp;
1578 struct ib_uobject *uobj;
1580 struct ib_ucq_object *obj;
1581 struct ib_uverbs_event_file *ev_file;
1584 if (copy_from_user(&cmd, buf, sizeof cmd))
1587 uobj = idr_write_uobj(&ib_uverbs_cq_idr, cmd.cq_handle, file->ucontext);
1591 ev_file = cq->cq_context;
1592 obj = container_of(cq->uobject, struct ib_ucq_object, uobject);
1594 ret = ib_destroy_cq(cq);
1598 put_uobj_write(uobj);
1603 idr_remove_uobj(&ib_uverbs_cq_idr, uobj);
1605 mutex_lock(&file->mutex);
1606 list_del(&uobj->list);
1607 mutex_unlock(&file->mutex);
1609 ib_uverbs_release_ucq(file, ev_file, obj);
1611 memset(&resp, 0, sizeof resp);
1612 resp.comp_events_reported = obj->comp_events_reported;
1613 resp.async_events_reported = obj->async_events_reported;
1617 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1618 &resp, sizeof resp))
1624 ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
1625 const char __user *buf, int in_len,
1628 struct ib_uverbs_create_qp cmd;
1629 struct ib_uverbs_create_qp_resp resp;
1630 struct ib_udata udata;
1631 struct ib_uqp_object *obj;
1632 struct ib_device *device;
1633 struct ib_pd *pd = NULL;
1634 struct ib_xrcd *xrcd = NULL;
1635 struct ib_uobject *uninitialized_var(xrcd_uobj);
1636 struct ib_cq *scq = NULL, *rcq = NULL;
1637 struct ib_srq *srq = NULL;
1639 struct ib_qp_init_attr attr;
1642 if (out_len < sizeof resp)
1645 if (copy_from_user(&cmd, buf, sizeof cmd))
1648 if (cmd.qp_type == IB_QPT_RAW_PACKET && !capable(CAP_NET_RAW))
1651 INIT_UDATA(&udata, buf + sizeof cmd,
1652 (unsigned long) cmd.response + sizeof resp,
1653 in_len - sizeof cmd, out_len - sizeof resp);
1655 obj = kzalloc(sizeof *obj, GFP_KERNEL);
1659 init_uobj(&obj->uevent.uobject, cmd.user_handle, file->ucontext, &qp_lock_class);
1660 down_write(&obj->uevent.uobject.mutex);
1662 if (cmd.qp_type == IB_QPT_XRC_TGT) {
1663 xrcd = idr_read_xrcd(cmd.pd_handle, file->ucontext, &xrcd_uobj);
1668 device = xrcd->device;
1670 if (cmd.qp_type == IB_QPT_XRC_INI) {
1671 cmd.max_recv_wr = cmd.max_recv_sge = 0;
1674 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
1675 if (!srq || srq->srq_type != IB_SRQT_BASIC) {
1681 if (cmd.recv_cq_handle != cmd.send_cq_handle) {
1682 rcq = idr_read_cq(cmd.recv_cq_handle, file->ucontext, 0);
1690 scq = idr_read_cq(cmd.send_cq_handle, file->ucontext, !!rcq);
1692 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1698 device = pd->device;
1701 attr.event_handler = ib_uverbs_qp_event_handler;
1702 attr.qp_context = file;
1707 attr.sq_sig_type = cmd.sq_sig_all ? IB_SIGNAL_ALL_WR : IB_SIGNAL_REQ_WR;
1708 attr.qp_type = cmd.qp_type;
1709 attr.create_flags = 0;
1711 attr.cap.max_send_wr = cmd.max_send_wr;
1712 attr.cap.max_recv_wr = cmd.max_recv_wr;
1713 attr.cap.max_send_sge = cmd.max_send_sge;
1714 attr.cap.max_recv_sge = cmd.max_recv_sge;
1715 attr.cap.max_inline_data = cmd.max_inline_data;
1717 obj->uevent.events_reported = 0;
1718 INIT_LIST_HEAD(&obj->uevent.event_list);
1719 INIT_LIST_HEAD(&obj->mcast_list);
1721 if (cmd.qp_type == IB_QPT_XRC_TGT)
1722 qp = ib_create_qp(pd, &attr);
1724 qp = device->create_qp(pd, &attr, &udata);
1731 if (cmd.qp_type != IB_QPT_XRC_TGT) {
1733 qp->device = device;
1735 qp->send_cq = attr.send_cq;
1736 qp->recv_cq = attr.recv_cq;
1738 qp->event_handler = attr.event_handler;
1739 qp->qp_context = attr.qp_context;
1740 qp->qp_type = attr.qp_type;
1741 atomic_set(&qp->usecnt, 0);
1742 atomic_inc(&pd->usecnt);
1743 atomic_inc(&attr.send_cq->usecnt);
1745 atomic_inc(&attr.recv_cq->usecnt);
1747 atomic_inc(&attr.srq->usecnt);
1749 qp->uobject = &obj->uevent.uobject;
1751 obj->uevent.uobject.object = qp;
1752 ret = idr_add_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
1756 memset(&resp, 0, sizeof resp);
1757 resp.qpn = qp->qp_num;
1758 resp.qp_handle = obj->uevent.uobject.id;
1759 resp.max_recv_sge = attr.cap.max_recv_sge;
1760 resp.max_send_sge = attr.cap.max_send_sge;
1761 resp.max_recv_wr = attr.cap.max_recv_wr;
1762 resp.max_send_wr = attr.cap.max_send_wr;
1763 resp.max_inline_data = attr.cap.max_inline_data;
1765 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1766 &resp, sizeof resp)) {
1772 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object,
1774 atomic_inc(&obj->uxrcd->refcnt);
1775 put_xrcd_read(xrcd_uobj);
1782 if (rcq && rcq != scq)
1787 mutex_lock(&file->mutex);
1788 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->qp_list);
1789 mutex_unlock(&file->mutex);
1791 obj->uevent.uobject.live = 1;
1793 up_write(&obj->uevent.uobject.mutex);
1798 idr_remove_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
1805 put_xrcd_read(xrcd_uobj);
1810 if (rcq && rcq != scq)
1815 put_uobj_write(&obj->uevent.uobject);
1819 ssize_t ib_uverbs_open_qp(struct ib_uverbs_file *file,
1820 const char __user *buf, int in_len, int out_len)
1822 struct ib_uverbs_open_qp cmd;
1823 struct ib_uverbs_create_qp_resp resp;
1824 struct ib_udata udata;
1825 struct ib_uqp_object *obj;
1826 struct ib_xrcd *xrcd;
1827 struct ib_uobject *uninitialized_var(xrcd_uobj);
1829 struct ib_qp_open_attr attr;
1832 if (out_len < sizeof resp)
1835 if (copy_from_user(&cmd, buf, sizeof cmd))
1838 INIT_UDATA(&udata, buf + sizeof cmd,
1839 (unsigned long) cmd.response + sizeof resp,
1840 in_len - sizeof cmd, out_len - sizeof resp);
1842 obj = kmalloc(sizeof *obj, GFP_KERNEL);
1846 init_uobj(&obj->uevent.uobject, cmd.user_handle, file->ucontext, &qp_lock_class);
1847 down_write(&obj->uevent.uobject.mutex);
1849 xrcd = idr_read_xrcd(cmd.pd_handle, file->ucontext, &xrcd_uobj);
1855 attr.event_handler = ib_uverbs_qp_event_handler;
1856 attr.qp_context = file;
1857 attr.qp_num = cmd.qpn;
1858 attr.qp_type = cmd.qp_type;
1860 obj->uevent.events_reported = 0;
1861 INIT_LIST_HEAD(&obj->uevent.event_list);
1862 INIT_LIST_HEAD(&obj->mcast_list);
1864 qp = ib_open_qp(xrcd, &attr);
1870 qp->uobject = &obj->uevent.uobject;
1872 obj->uevent.uobject.object = qp;
1873 ret = idr_add_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
1877 memset(&resp, 0, sizeof resp);
1878 resp.qpn = qp->qp_num;
1879 resp.qp_handle = obj->uevent.uobject.id;
1881 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1882 &resp, sizeof resp)) {
1887 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object, uobject);
1888 atomic_inc(&obj->uxrcd->refcnt);
1889 put_xrcd_read(xrcd_uobj);
1891 mutex_lock(&file->mutex);
1892 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->qp_list);
1893 mutex_unlock(&file->mutex);
1895 obj->uevent.uobject.live = 1;
1897 up_write(&obj->uevent.uobject.mutex);
1902 idr_remove_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
1908 put_xrcd_read(xrcd_uobj);
1909 put_uobj_write(&obj->uevent.uobject);
1913 ssize_t ib_uverbs_query_qp(struct ib_uverbs_file *file,
1914 const char __user *buf, int in_len,
1917 struct ib_uverbs_query_qp cmd;
1918 struct ib_uverbs_query_qp_resp resp;
1920 struct ib_qp_attr *attr;
1921 struct ib_qp_init_attr *init_attr;
1924 if (copy_from_user(&cmd, buf, sizeof cmd))
1927 attr = kmalloc(sizeof *attr, GFP_KERNEL);
1928 init_attr = kmalloc(sizeof *init_attr, GFP_KERNEL);
1929 if (!attr || !init_attr) {
1934 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
1940 ret = ib_query_qp(qp, attr, cmd.attr_mask, init_attr);
1947 memset(&resp, 0, sizeof resp);
1949 resp.qp_state = attr->qp_state;
1950 resp.cur_qp_state = attr->cur_qp_state;
1951 resp.path_mtu = attr->path_mtu;
1952 resp.path_mig_state = attr->path_mig_state;
1953 resp.qkey = attr->qkey;
1954 resp.rq_psn = attr->rq_psn;
1955 resp.sq_psn = attr->sq_psn;
1956 resp.dest_qp_num = attr->dest_qp_num;
1957 resp.qp_access_flags = attr->qp_access_flags;
1958 resp.pkey_index = attr->pkey_index;
1959 resp.alt_pkey_index = attr->alt_pkey_index;
1960 resp.sq_draining = attr->sq_draining;
1961 resp.max_rd_atomic = attr->max_rd_atomic;
1962 resp.max_dest_rd_atomic = attr->max_dest_rd_atomic;
1963 resp.min_rnr_timer = attr->min_rnr_timer;
1964 resp.port_num = attr->port_num;
1965 resp.timeout = attr->timeout;
1966 resp.retry_cnt = attr->retry_cnt;
1967 resp.rnr_retry = attr->rnr_retry;
1968 resp.alt_port_num = attr->alt_port_num;
1969 resp.alt_timeout = attr->alt_timeout;
1971 memcpy(resp.dest.dgid, attr->ah_attr.grh.dgid.raw, 16);
1972 resp.dest.flow_label = attr->ah_attr.grh.flow_label;
1973 resp.dest.sgid_index = attr->ah_attr.grh.sgid_index;
1974 resp.dest.hop_limit = attr->ah_attr.grh.hop_limit;
1975 resp.dest.traffic_class = attr->ah_attr.grh.traffic_class;
1976 resp.dest.dlid = attr->ah_attr.dlid;
1977 resp.dest.sl = attr->ah_attr.sl;
1978 resp.dest.src_path_bits = attr->ah_attr.src_path_bits;
1979 resp.dest.static_rate = attr->ah_attr.static_rate;
1980 resp.dest.is_global = !!(attr->ah_attr.ah_flags & IB_AH_GRH);
1981 resp.dest.port_num = attr->ah_attr.port_num;
1983 memcpy(resp.alt_dest.dgid, attr->alt_ah_attr.grh.dgid.raw, 16);
1984 resp.alt_dest.flow_label = attr->alt_ah_attr.grh.flow_label;
1985 resp.alt_dest.sgid_index = attr->alt_ah_attr.grh.sgid_index;
1986 resp.alt_dest.hop_limit = attr->alt_ah_attr.grh.hop_limit;
1987 resp.alt_dest.traffic_class = attr->alt_ah_attr.grh.traffic_class;
1988 resp.alt_dest.dlid = attr->alt_ah_attr.dlid;
1989 resp.alt_dest.sl = attr->alt_ah_attr.sl;
1990 resp.alt_dest.src_path_bits = attr->alt_ah_attr.src_path_bits;
1991 resp.alt_dest.static_rate = attr->alt_ah_attr.static_rate;
1992 resp.alt_dest.is_global = !!(attr->alt_ah_attr.ah_flags & IB_AH_GRH);
1993 resp.alt_dest.port_num = attr->alt_ah_attr.port_num;
1995 resp.max_send_wr = init_attr->cap.max_send_wr;
1996 resp.max_recv_wr = init_attr->cap.max_recv_wr;
1997 resp.max_send_sge = init_attr->cap.max_send_sge;
1998 resp.max_recv_sge = init_attr->cap.max_recv_sge;
1999 resp.max_inline_data = init_attr->cap.max_inline_data;
2000 resp.sq_sig_all = init_attr->sq_sig_type == IB_SIGNAL_ALL_WR;
2002 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2003 &resp, sizeof resp))
2010 return ret ? ret : in_len;
2013 /* Remove ignored fields set in the attribute mask */
2014 static int modify_qp_mask(enum ib_qp_type qp_type, int mask)
2017 case IB_QPT_XRC_INI:
2018 return mask & ~(IB_QP_MAX_DEST_RD_ATOMIC | IB_QP_MIN_RNR_TIMER);
2019 case IB_QPT_XRC_TGT:
2020 return mask & ~(IB_QP_MAX_QP_RD_ATOMIC | IB_QP_RETRY_CNT |
2027 ssize_t ib_uverbs_modify_qp(struct ib_uverbs_file *file,
2028 const char __user *buf, int in_len,
2031 struct ib_uverbs_modify_qp cmd;
2032 struct ib_udata udata;
2034 struct ib_qp_attr *attr;
2037 if (copy_from_user(&cmd, buf, sizeof cmd))
2040 INIT_UDATA(&udata, buf + sizeof cmd, NULL, in_len - sizeof cmd,
2043 attr = kmalloc(sizeof *attr, GFP_KERNEL);
2047 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2053 attr->qp_state = cmd.qp_state;
2054 attr->cur_qp_state = cmd.cur_qp_state;
2055 attr->path_mtu = cmd.path_mtu;
2056 attr->path_mig_state = cmd.path_mig_state;
2057 attr->qkey = cmd.qkey;
2058 attr->rq_psn = cmd.rq_psn;
2059 attr->sq_psn = cmd.sq_psn;
2060 attr->dest_qp_num = cmd.dest_qp_num;
2061 attr->qp_access_flags = cmd.qp_access_flags;
2062 attr->pkey_index = cmd.pkey_index;
2063 attr->alt_pkey_index = cmd.alt_pkey_index;
2064 attr->en_sqd_async_notify = cmd.en_sqd_async_notify;
2065 attr->max_rd_atomic = cmd.max_rd_atomic;
2066 attr->max_dest_rd_atomic = cmd.max_dest_rd_atomic;
2067 attr->min_rnr_timer = cmd.min_rnr_timer;
2068 attr->port_num = cmd.port_num;
2069 attr->timeout = cmd.timeout;
2070 attr->retry_cnt = cmd.retry_cnt;
2071 attr->rnr_retry = cmd.rnr_retry;
2072 attr->alt_port_num = cmd.alt_port_num;
2073 attr->alt_timeout = cmd.alt_timeout;
2075 memcpy(attr->ah_attr.grh.dgid.raw, cmd.dest.dgid, 16);
2076 attr->ah_attr.grh.flow_label = cmd.dest.flow_label;
2077 attr->ah_attr.grh.sgid_index = cmd.dest.sgid_index;
2078 attr->ah_attr.grh.hop_limit = cmd.dest.hop_limit;
2079 attr->ah_attr.grh.traffic_class = cmd.dest.traffic_class;
2080 attr->ah_attr.dlid = cmd.dest.dlid;
2081 attr->ah_attr.sl = cmd.dest.sl;
2082 attr->ah_attr.src_path_bits = cmd.dest.src_path_bits;
2083 attr->ah_attr.static_rate = cmd.dest.static_rate;
2084 attr->ah_attr.ah_flags = cmd.dest.is_global ? IB_AH_GRH : 0;
2085 attr->ah_attr.port_num = cmd.dest.port_num;
2087 memcpy(attr->alt_ah_attr.grh.dgid.raw, cmd.alt_dest.dgid, 16);
2088 attr->alt_ah_attr.grh.flow_label = cmd.alt_dest.flow_label;
2089 attr->alt_ah_attr.grh.sgid_index = cmd.alt_dest.sgid_index;
2090 attr->alt_ah_attr.grh.hop_limit = cmd.alt_dest.hop_limit;
2091 attr->alt_ah_attr.grh.traffic_class = cmd.alt_dest.traffic_class;
2092 attr->alt_ah_attr.dlid = cmd.alt_dest.dlid;
2093 attr->alt_ah_attr.sl = cmd.alt_dest.sl;
2094 attr->alt_ah_attr.src_path_bits = cmd.alt_dest.src_path_bits;
2095 attr->alt_ah_attr.static_rate = cmd.alt_dest.static_rate;
2096 attr->alt_ah_attr.ah_flags = cmd.alt_dest.is_global ? IB_AH_GRH : 0;
2097 attr->alt_ah_attr.port_num = cmd.alt_dest.port_num;
2099 if (qp->real_qp == qp) {
2100 ret = ib_resolve_eth_l2_attrs(qp, attr, &cmd.attr_mask);
2103 ret = qp->device->modify_qp(qp, attr,
2104 modify_qp_mask(qp->qp_type, cmd.attr_mask), &udata);
2106 ret = ib_modify_qp(qp, attr, modify_qp_mask(qp->qp_type, cmd.attr_mask));
2123 ssize_t ib_uverbs_destroy_qp(struct ib_uverbs_file *file,
2124 const char __user *buf, int in_len,
2127 struct ib_uverbs_destroy_qp cmd;
2128 struct ib_uverbs_destroy_qp_resp resp;
2129 struct ib_uobject *uobj;
2131 struct ib_uqp_object *obj;
2134 if (copy_from_user(&cmd, buf, sizeof cmd))
2137 memset(&resp, 0, sizeof resp);
2139 uobj = idr_write_uobj(&ib_uverbs_qp_idr, cmd.qp_handle, file->ucontext);
2143 obj = container_of(uobj, struct ib_uqp_object, uevent.uobject);
2145 if (!list_empty(&obj->mcast_list)) {
2146 put_uobj_write(uobj);
2150 ret = ib_destroy_qp(qp);
2154 put_uobj_write(uobj);
2160 atomic_dec(&obj->uxrcd->refcnt);
2162 idr_remove_uobj(&ib_uverbs_qp_idr, uobj);
2164 mutex_lock(&file->mutex);
2165 list_del(&uobj->list);
2166 mutex_unlock(&file->mutex);
2168 ib_uverbs_release_uevent(file, &obj->uevent);
2170 resp.events_reported = obj->uevent.events_reported;
2174 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2175 &resp, sizeof resp))
2181 ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
2182 const char __user *buf, int in_len,
2185 struct ib_uverbs_post_send cmd;
2186 struct ib_uverbs_post_send_resp resp;
2187 struct ib_uverbs_send_wr *user_wr;
2188 struct ib_send_wr *wr = NULL, *last, *next, *bad_wr;
2192 ssize_t ret = -EINVAL;
2194 if (copy_from_user(&cmd, buf, sizeof cmd))
2197 if (in_len < sizeof cmd + cmd.wqe_size * cmd.wr_count +
2198 cmd.sge_count * sizeof (struct ib_uverbs_sge))
2201 if (cmd.wqe_size < sizeof (struct ib_uverbs_send_wr))
2204 user_wr = kmalloc(cmd.wqe_size, GFP_KERNEL);
2208 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2212 is_ud = qp->qp_type == IB_QPT_UD;
2215 for (i = 0; i < cmd.wr_count; ++i) {
2216 if (copy_from_user(user_wr,
2217 buf + sizeof cmd + i * cmd.wqe_size,
2223 if (user_wr->num_sge + sg_ind > cmd.sge_count) {
2228 next = kmalloc(ALIGN(sizeof *next, sizeof (struct ib_sge)) +
2229 user_wr->num_sge * sizeof (struct ib_sge),
2243 next->wr_id = user_wr->wr_id;
2244 next->num_sge = user_wr->num_sge;
2245 next->opcode = user_wr->opcode;
2246 next->send_flags = user_wr->send_flags;
2249 next->wr.ud.ah = idr_read_ah(user_wr->wr.ud.ah,
2251 if (!next->wr.ud.ah) {
2255 next->wr.ud.remote_qpn = user_wr->wr.ud.remote_qpn;
2256 next->wr.ud.remote_qkey = user_wr->wr.ud.remote_qkey;
2257 if (next->opcode == IB_WR_SEND_WITH_IMM)
2259 (__be32 __force) user_wr->ex.imm_data;
2261 switch (next->opcode) {
2262 case IB_WR_RDMA_WRITE_WITH_IMM:
2264 (__be32 __force) user_wr->ex.imm_data;
2265 case IB_WR_RDMA_WRITE:
2266 case IB_WR_RDMA_READ:
2267 next->wr.rdma.remote_addr =
2268 user_wr->wr.rdma.remote_addr;
2269 next->wr.rdma.rkey =
2270 user_wr->wr.rdma.rkey;
2272 case IB_WR_SEND_WITH_IMM:
2274 (__be32 __force) user_wr->ex.imm_data;
2276 case IB_WR_SEND_WITH_INV:
2277 next->ex.invalidate_rkey =
2278 user_wr->ex.invalidate_rkey;
2280 case IB_WR_ATOMIC_CMP_AND_SWP:
2281 case IB_WR_ATOMIC_FETCH_AND_ADD:
2282 next->wr.atomic.remote_addr =
2283 user_wr->wr.atomic.remote_addr;
2284 next->wr.atomic.compare_add =
2285 user_wr->wr.atomic.compare_add;
2286 next->wr.atomic.swap = user_wr->wr.atomic.swap;
2287 next->wr.atomic.rkey = user_wr->wr.atomic.rkey;
2294 if (next->num_sge) {
2295 next->sg_list = (void *) next +
2296 ALIGN(sizeof *next, sizeof (struct ib_sge));
2297 if (copy_from_user(next->sg_list,
2299 cmd.wr_count * cmd.wqe_size +
2300 sg_ind * sizeof (struct ib_sge),
2301 next->num_sge * sizeof (struct ib_sge))) {
2305 sg_ind += next->num_sge;
2307 next->sg_list = NULL;
2311 ret = qp->device->post_send(qp->real_qp, wr, &bad_wr);
2313 for (next = wr; next; next = next->next) {
2319 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2320 &resp, sizeof resp))
2327 if (is_ud && wr->wr.ud.ah)
2328 put_ah_read(wr->wr.ud.ah);
2337 return ret ? ret : in_len;
2340 static struct ib_recv_wr *ib_uverbs_unmarshall_recv(const char __user *buf,
2346 struct ib_uverbs_recv_wr *user_wr;
2347 struct ib_recv_wr *wr = NULL, *last, *next;
2352 if (in_len < wqe_size * wr_count +
2353 sge_count * sizeof (struct ib_uverbs_sge))
2354 return ERR_PTR(-EINVAL);
2356 if (wqe_size < sizeof (struct ib_uverbs_recv_wr))
2357 return ERR_PTR(-EINVAL);
2359 user_wr = kmalloc(wqe_size, GFP_KERNEL);
2361 return ERR_PTR(-ENOMEM);
2365 for (i = 0; i < wr_count; ++i) {
2366 if (copy_from_user(user_wr, buf + i * wqe_size,
2372 if (user_wr->num_sge + sg_ind > sge_count) {
2377 next = kmalloc(ALIGN(sizeof *next, sizeof (struct ib_sge)) +
2378 user_wr->num_sge * sizeof (struct ib_sge),
2392 next->wr_id = user_wr->wr_id;
2393 next->num_sge = user_wr->num_sge;
2395 if (next->num_sge) {
2396 next->sg_list = (void *) next +
2397 ALIGN(sizeof *next, sizeof (struct ib_sge));
2398 if (copy_from_user(next->sg_list,
2399 buf + wr_count * wqe_size +
2400 sg_ind * sizeof (struct ib_sge),
2401 next->num_sge * sizeof (struct ib_sge))) {
2405 sg_ind += next->num_sge;
2407 next->sg_list = NULL;
2422 return ERR_PTR(ret);
2425 ssize_t ib_uverbs_post_recv(struct ib_uverbs_file *file,
2426 const char __user *buf, int in_len,
2429 struct ib_uverbs_post_recv cmd;
2430 struct ib_uverbs_post_recv_resp resp;
2431 struct ib_recv_wr *wr, *next, *bad_wr;
2433 ssize_t ret = -EINVAL;
2435 if (copy_from_user(&cmd, buf, sizeof cmd))
2438 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd,
2439 in_len - sizeof cmd, cmd.wr_count,
2440 cmd.sge_count, cmd.wqe_size);
2444 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2449 ret = qp->device->post_recv(qp->real_qp, wr, &bad_wr);
2454 for (next = wr; next; next = next->next) {
2460 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2461 &resp, sizeof resp))
2471 return ret ? ret : in_len;
2474 ssize_t ib_uverbs_post_srq_recv(struct ib_uverbs_file *file,
2475 const char __user *buf, int in_len,
2478 struct ib_uverbs_post_srq_recv cmd;
2479 struct ib_uverbs_post_srq_recv_resp resp;
2480 struct ib_recv_wr *wr, *next, *bad_wr;
2482 ssize_t ret = -EINVAL;
2484 if (copy_from_user(&cmd, buf, sizeof cmd))
2487 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd,
2488 in_len - sizeof cmd, cmd.wr_count,
2489 cmd.sge_count, cmd.wqe_size);
2493 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
2498 ret = srq->device->post_srq_recv(srq, wr, &bad_wr);
2503 for (next = wr; next; next = next->next) {
2509 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2510 &resp, sizeof resp))
2520 return ret ? ret : in_len;
2523 ssize_t ib_uverbs_create_ah(struct ib_uverbs_file *file,
2524 const char __user *buf, int in_len,
2527 struct ib_uverbs_create_ah cmd;
2528 struct ib_uverbs_create_ah_resp resp;
2529 struct ib_uobject *uobj;
2532 struct ib_ah_attr attr;
2535 if (out_len < sizeof resp)
2538 if (copy_from_user(&cmd, buf, sizeof cmd))
2541 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
2545 init_uobj(uobj, cmd.user_handle, file->ucontext, &ah_lock_class);
2546 down_write(&uobj->mutex);
2548 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
2554 attr.dlid = cmd.attr.dlid;
2555 attr.sl = cmd.attr.sl;
2556 attr.src_path_bits = cmd.attr.src_path_bits;
2557 attr.static_rate = cmd.attr.static_rate;
2558 attr.ah_flags = cmd.attr.is_global ? IB_AH_GRH : 0;
2559 attr.port_num = cmd.attr.port_num;
2560 attr.grh.flow_label = cmd.attr.grh.flow_label;
2561 attr.grh.sgid_index = cmd.attr.grh.sgid_index;
2562 attr.grh.hop_limit = cmd.attr.grh.hop_limit;
2563 attr.grh.traffic_class = cmd.attr.grh.traffic_class;
2565 memset(&attr.dmac, 0, sizeof(attr.dmac));
2566 memcpy(attr.grh.dgid.raw, cmd.attr.grh.dgid, 16);
2568 ah = ib_create_ah(pd, &attr);
2577 ret = idr_add_uobj(&ib_uverbs_ah_idr, uobj);
2581 resp.ah_handle = uobj->id;
2583 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2584 &resp, sizeof resp)) {
2591 mutex_lock(&file->mutex);
2592 list_add_tail(&uobj->list, &file->ucontext->ah_list);
2593 mutex_unlock(&file->mutex);
2597 up_write(&uobj->mutex);
2602 idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
2611 put_uobj_write(uobj);
2615 ssize_t ib_uverbs_destroy_ah(struct ib_uverbs_file *file,
2616 const char __user *buf, int in_len, int out_len)
2618 struct ib_uverbs_destroy_ah cmd;
2620 struct ib_uobject *uobj;
2623 if (copy_from_user(&cmd, buf, sizeof cmd))
2626 uobj = idr_write_uobj(&ib_uverbs_ah_idr, cmd.ah_handle, file->ucontext);
2631 ret = ib_destroy_ah(ah);
2635 put_uobj_write(uobj);
2640 idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
2642 mutex_lock(&file->mutex);
2643 list_del(&uobj->list);
2644 mutex_unlock(&file->mutex);
2651 ssize_t ib_uverbs_attach_mcast(struct ib_uverbs_file *file,
2652 const char __user *buf, int in_len,
2655 struct ib_uverbs_attach_mcast cmd;
2657 struct ib_uqp_object *obj;
2658 struct ib_uverbs_mcast_entry *mcast;
2661 if (copy_from_user(&cmd, buf, sizeof cmd))
2664 qp = idr_write_qp(cmd.qp_handle, file->ucontext);
2668 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
2670 list_for_each_entry(mcast, &obj->mcast_list, list)
2671 if (cmd.mlid == mcast->lid &&
2672 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
2677 mcast = kmalloc(sizeof *mcast, GFP_KERNEL);
2683 mcast->lid = cmd.mlid;
2684 memcpy(mcast->gid.raw, cmd.gid, sizeof mcast->gid.raw);
2686 ret = ib_attach_mcast(qp, &mcast->gid, cmd.mlid);
2688 list_add_tail(&mcast->list, &obj->mcast_list);
2695 return ret ? ret : in_len;
2698 ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *file,
2699 const char __user *buf, int in_len,
2702 struct ib_uverbs_detach_mcast cmd;
2703 struct ib_uqp_object *obj;
2705 struct ib_uverbs_mcast_entry *mcast;
2708 if (copy_from_user(&cmd, buf, sizeof cmd))
2711 qp = idr_write_qp(cmd.qp_handle, file->ucontext);
2715 ret = ib_detach_mcast(qp, (union ib_gid *) cmd.gid, cmd.mlid);
2719 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
2721 list_for_each_entry(mcast, &obj->mcast_list, list)
2722 if (cmd.mlid == mcast->lid &&
2723 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
2724 list_del(&mcast->list);
2732 return ret ? ret : in_len;
2735 static int kern_spec_to_ib_spec(struct ib_uverbs_flow_spec *kern_spec,
2736 union ib_flow_spec *ib_spec)
2738 if (kern_spec->reserved)
2741 ib_spec->type = kern_spec->type;
2743 switch (ib_spec->type) {
2744 case IB_FLOW_SPEC_ETH:
2745 ib_spec->eth.size = sizeof(struct ib_flow_spec_eth);
2746 if (ib_spec->eth.size != kern_spec->eth.size)
2748 memcpy(&ib_spec->eth.val, &kern_spec->eth.val,
2749 sizeof(struct ib_flow_eth_filter));
2750 memcpy(&ib_spec->eth.mask, &kern_spec->eth.mask,
2751 sizeof(struct ib_flow_eth_filter));
2753 case IB_FLOW_SPEC_IPV4:
2754 ib_spec->ipv4.size = sizeof(struct ib_flow_spec_ipv4);
2755 if (ib_spec->ipv4.size != kern_spec->ipv4.size)
2757 memcpy(&ib_spec->ipv4.val, &kern_spec->ipv4.val,
2758 sizeof(struct ib_flow_ipv4_filter));
2759 memcpy(&ib_spec->ipv4.mask, &kern_spec->ipv4.mask,
2760 sizeof(struct ib_flow_ipv4_filter));
2762 case IB_FLOW_SPEC_TCP:
2763 case IB_FLOW_SPEC_UDP:
2764 ib_spec->tcp_udp.size = sizeof(struct ib_flow_spec_tcp_udp);
2765 if (ib_spec->tcp_udp.size != kern_spec->tcp_udp.size)
2767 memcpy(&ib_spec->tcp_udp.val, &kern_spec->tcp_udp.val,
2768 sizeof(struct ib_flow_tcp_udp_filter));
2769 memcpy(&ib_spec->tcp_udp.mask, &kern_spec->tcp_udp.mask,
2770 sizeof(struct ib_flow_tcp_udp_filter));
2778 int ib_uverbs_ex_create_flow(struct ib_uverbs_file *file,
2779 struct ib_udata *ucore,
2780 struct ib_udata *uhw)
2782 struct ib_uverbs_create_flow cmd;
2783 struct ib_uverbs_create_flow_resp resp;
2784 struct ib_uobject *uobj;
2785 struct ib_flow *flow_id;
2786 struct ib_uverbs_flow_attr *kern_flow_attr;
2787 struct ib_flow_attr *flow_attr;
2794 if (ucore->inlen < sizeof(cmd))
2797 if (ucore->outlen < sizeof(resp))
2800 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
2804 ucore->inbuf += sizeof(cmd);
2805 ucore->inlen -= sizeof(cmd);
2810 if ((cmd.flow_attr.type == IB_FLOW_ATTR_SNIFFER &&
2811 !capable(CAP_NET_ADMIN)) || !capable(CAP_NET_RAW))
2814 if (cmd.flow_attr.num_of_specs > IB_FLOW_SPEC_SUPPORT_LAYERS)
2817 if (cmd.flow_attr.size > ucore->inlen ||
2818 cmd.flow_attr.size >
2819 (cmd.flow_attr.num_of_specs * sizeof(struct ib_uverbs_flow_spec)))
2822 if (cmd.flow_attr.reserved[0] ||
2823 cmd.flow_attr.reserved[1])
2826 if (cmd.flow_attr.num_of_specs) {
2827 kern_flow_attr = kmalloc(sizeof(*kern_flow_attr) + cmd.flow_attr.size,
2829 if (!kern_flow_attr)
2832 memcpy(kern_flow_attr, &cmd.flow_attr, sizeof(*kern_flow_attr));
2833 err = ib_copy_from_udata(kern_flow_attr + 1, ucore,
2834 cmd.flow_attr.size);
2838 kern_flow_attr = &cmd.flow_attr;
2841 uobj = kmalloc(sizeof(*uobj), GFP_KERNEL);
2846 init_uobj(uobj, 0, file->ucontext, &rule_lock_class);
2847 down_write(&uobj->mutex);
2849 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2855 flow_attr = kmalloc(sizeof(*flow_attr) + cmd.flow_attr.size, GFP_KERNEL);
2861 flow_attr->type = kern_flow_attr->type;
2862 flow_attr->priority = kern_flow_attr->priority;
2863 flow_attr->num_of_specs = kern_flow_attr->num_of_specs;
2864 flow_attr->port = kern_flow_attr->port;
2865 flow_attr->flags = kern_flow_attr->flags;
2866 flow_attr->size = sizeof(*flow_attr);
2868 kern_spec = kern_flow_attr + 1;
2869 ib_spec = flow_attr + 1;
2870 for (i = 0; i < flow_attr->num_of_specs &&
2871 cmd.flow_attr.size > offsetof(struct ib_uverbs_flow_spec, reserved) &&
2872 cmd.flow_attr.size >=
2873 ((struct ib_uverbs_flow_spec *)kern_spec)->size; i++) {
2874 err = kern_spec_to_ib_spec(kern_spec, ib_spec);
2878 ((union ib_flow_spec *) ib_spec)->size;
2879 cmd.flow_attr.size -= ((struct ib_uverbs_flow_spec *)kern_spec)->size;
2880 kern_spec += ((struct ib_uverbs_flow_spec *) kern_spec)->size;
2881 ib_spec += ((union ib_flow_spec *) ib_spec)->size;
2883 if (cmd.flow_attr.size || (i != flow_attr->num_of_specs)) {
2884 pr_warn("create flow failed, flow %d: %d bytes left from uverb cmd\n",
2885 i, cmd.flow_attr.size);
2889 flow_id = ib_create_flow(qp, flow_attr, IB_FLOW_DOMAIN_USER);
2890 if (IS_ERR(flow_id)) {
2891 err = PTR_ERR(flow_id);
2895 flow_id->uobject = uobj;
2896 uobj->object = flow_id;
2898 err = idr_add_uobj(&ib_uverbs_rule_idr, uobj);
2902 memset(&resp, 0, sizeof(resp));
2903 resp.flow_handle = uobj->id;
2905 err = ib_copy_to_udata(ucore,
2906 &resp, sizeof(resp));
2911 mutex_lock(&file->mutex);
2912 list_add_tail(&uobj->list, &file->ucontext->rule_list);
2913 mutex_unlock(&file->mutex);
2917 up_write(&uobj->mutex);
2919 if (cmd.flow_attr.num_of_specs)
2920 kfree(kern_flow_attr);
2923 idr_remove_uobj(&ib_uverbs_rule_idr, uobj);
2925 ib_destroy_flow(flow_id);
2931 put_uobj_write(uobj);
2933 if (cmd.flow_attr.num_of_specs)
2934 kfree(kern_flow_attr);
2938 int ib_uverbs_ex_destroy_flow(struct ib_uverbs_file *file,
2939 struct ib_udata *ucore,
2940 struct ib_udata *uhw)
2942 struct ib_uverbs_destroy_flow cmd;
2943 struct ib_flow *flow_id;
2944 struct ib_uobject *uobj;
2947 if (ucore->inlen < sizeof(cmd))
2950 ret = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
2957 uobj = idr_write_uobj(&ib_uverbs_rule_idr, cmd.flow_handle,
2961 flow_id = uobj->object;
2963 ret = ib_destroy_flow(flow_id);
2967 put_uobj_write(uobj);
2969 idr_remove_uobj(&ib_uverbs_rule_idr, uobj);
2971 mutex_lock(&file->mutex);
2972 list_del(&uobj->list);
2973 mutex_unlock(&file->mutex);
2980 static int __uverbs_create_xsrq(struct ib_uverbs_file *file,
2981 struct ib_uverbs_create_xsrq *cmd,
2982 struct ib_udata *udata)
2984 struct ib_uverbs_create_srq_resp resp;
2985 struct ib_usrq_object *obj;
2988 struct ib_uobject *uninitialized_var(xrcd_uobj);
2989 struct ib_srq_init_attr attr;
2992 obj = kmalloc(sizeof *obj, GFP_KERNEL);
2996 init_uobj(&obj->uevent.uobject, cmd->user_handle, file->ucontext, &srq_lock_class);
2997 down_write(&obj->uevent.uobject.mutex);
2999 if (cmd->srq_type == IB_SRQT_XRC) {
3000 attr.ext.xrc.xrcd = idr_read_xrcd(cmd->xrcd_handle, file->ucontext, &xrcd_uobj);
3001 if (!attr.ext.xrc.xrcd) {
3006 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object, uobject);
3007 atomic_inc(&obj->uxrcd->refcnt);
3009 attr.ext.xrc.cq = idr_read_cq(cmd->cq_handle, file->ucontext, 0);
3010 if (!attr.ext.xrc.cq) {
3016 pd = idr_read_pd(cmd->pd_handle, file->ucontext);
3022 attr.event_handler = ib_uverbs_srq_event_handler;
3023 attr.srq_context = file;
3024 attr.srq_type = cmd->srq_type;
3025 attr.attr.max_wr = cmd->max_wr;
3026 attr.attr.max_sge = cmd->max_sge;
3027 attr.attr.srq_limit = cmd->srq_limit;
3029 obj->uevent.events_reported = 0;
3030 INIT_LIST_HEAD(&obj->uevent.event_list);
3032 srq = pd->device->create_srq(pd, &attr, udata);
3038 srq->device = pd->device;
3040 srq->srq_type = cmd->srq_type;
3041 srq->uobject = &obj->uevent.uobject;
3042 srq->event_handler = attr.event_handler;
3043 srq->srq_context = attr.srq_context;
3045 if (cmd->srq_type == IB_SRQT_XRC) {
3046 srq->ext.xrc.cq = attr.ext.xrc.cq;
3047 srq->ext.xrc.xrcd = attr.ext.xrc.xrcd;
3048 atomic_inc(&attr.ext.xrc.cq->usecnt);
3049 atomic_inc(&attr.ext.xrc.xrcd->usecnt);
3052 atomic_inc(&pd->usecnt);
3053 atomic_set(&srq->usecnt, 0);
3055 obj->uevent.uobject.object = srq;
3056 ret = idr_add_uobj(&ib_uverbs_srq_idr, &obj->uevent.uobject);
3060 memset(&resp, 0, sizeof resp);
3061 resp.srq_handle = obj->uevent.uobject.id;
3062 resp.max_wr = attr.attr.max_wr;
3063 resp.max_sge = attr.attr.max_sge;
3064 if (cmd->srq_type == IB_SRQT_XRC)
3065 resp.srqn = srq->ext.xrc.srq_num;
3067 if (copy_to_user((void __user *) (unsigned long) cmd->response,
3068 &resp, sizeof resp)) {
3073 if (cmd->srq_type == IB_SRQT_XRC) {
3074 put_uobj_read(xrcd_uobj);
3075 put_cq_read(attr.ext.xrc.cq);
3079 mutex_lock(&file->mutex);
3080 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->srq_list);
3081 mutex_unlock(&file->mutex);
3083 obj->uevent.uobject.live = 1;
3085 up_write(&obj->uevent.uobject.mutex);
3090 idr_remove_uobj(&ib_uverbs_srq_idr, &obj->uevent.uobject);
3093 ib_destroy_srq(srq);
3099 if (cmd->srq_type == IB_SRQT_XRC)
3100 put_cq_read(attr.ext.xrc.cq);
3103 if (cmd->srq_type == IB_SRQT_XRC) {
3104 atomic_dec(&obj->uxrcd->refcnt);
3105 put_uobj_read(xrcd_uobj);
3109 put_uobj_write(&obj->uevent.uobject);
3113 ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file,
3114 const char __user *buf, int in_len,
3117 struct ib_uverbs_create_srq cmd;
3118 struct ib_uverbs_create_xsrq xcmd;
3119 struct ib_uverbs_create_srq_resp resp;
3120 struct ib_udata udata;
3123 if (out_len < sizeof resp)
3126 if (copy_from_user(&cmd, buf, sizeof cmd))
3129 xcmd.response = cmd.response;
3130 xcmd.user_handle = cmd.user_handle;
3131 xcmd.srq_type = IB_SRQT_BASIC;
3132 xcmd.pd_handle = cmd.pd_handle;
3133 xcmd.max_wr = cmd.max_wr;
3134 xcmd.max_sge = cmd.max_sge;
3135 xcmd.srq_limit = cmd.srq_limit;
3137 INIT_UDATA(&udata, buf + sizeof cmd,
3138 (unsigned long) cmd.response + sizeof resp,
3139 in_len - sizeof cmd, out_len - sizeof resp);
3141 ret = __uverbs_create_xsrq(file, &xcmd, &udata);
3148 ssize_t ib_uverbs_create_xsrq(struct ib_uverbs_file *file,
3149 const char __user *buf, int in_len, int out_len)
3151 struct ib_uverbs_create_xsrq cmd;
3152 struct ib_uverbs_create_srq_resp resp;
3153 struct ib_udata udata;
3156 if (out_len < sizeof resp)
3159 if (copy_from_user(&cmd, buf, sizeof cmd))
3162 INIT_UDATA(&udata, buf + sizeof cmd,
3163 (unsigned long) cmd.response + sizeof resp,
3164 in_len - sizeof cmd, out_len - sizeof resp);
3166 ret = __uverbs_create_xsrq(file, &cmd, &udata);
3173 ssize_t ib_uverbs_modify_srq(struct ib_uverbs_file *file,
3174 const char __user *buf, int in_len,
3177 struct ib_uverbs_modify_srq cmd;
3178 struct ib_udata udata;
3180 struct ib_srq_attr attr;
3183 if (copy_from_user(&cmd, buf, sizeof cmd))
3186 INIT_UDATA(&udata, buf + sizeof cmd, NULL, in_len - sizeof cmd,
3189 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
3193 attr.max_wr = cmd.max_wr;
3194 attr.srq_limit = cmd.srq_limit;
3196 ret = srq->device->modify_srq(srq, &attr, cmd.attr_mask, &udata);
3200 return ret ? ret : in_len;
3203 ssize_t ib_uverbs_query_srq(struct ib_uverbs_file *file,
3204 const char __user *buf,
3205 int in_len, int out_len)
3207 struct ib_uverbs_query_srq cmd;
3208 struct ib_uverbs_query_srq_resp resp;
3209 struct ib_srq_attr attr;
3213 if (out_len < sizeof resp)
3216 if (copy_from_user(&cmd, buf, sizeof cmd))
3219 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
3223 ret = ib_query_srq(srq, &attr);
3230 memset(&resp, 0, sizeof resp);
3232 resp.max_wr = attr.max_wr;
3233 resp.max_sge = attr.max_sge;
3234 resp.srq_limit = attr.srq_limit;
3236 if (copy_to_user((void __user *) (unsigned long) cmd.response,
3237 &resp, sizeof resp))
3243 ssize_t ib_uverbs_destroy_srq(struct ib_uverbs_file *file,
3244 const char __user *buf, int in_len,
3247 struct ib_uverbs_destroy_srq cmd;
3248 struct ib_uverbs_destroy_srq_resp resp;
3249 struct ib_uobject *uobj;
3251 struct ib_uevent_object *obj;
3253 struct ib_usrq_object *us;
3254 enum ib_srq_type srq_type;
3256 if (copy_from_user(&cmd, buf, sizeof cmd))
3259 uobj = idr_write_uobj(&ib_uverbs_srq_idr, cmd.srq_handle, file->ucontext);
3263 obj = container_of(uobj, struct ib_uevent_object, uobject);
3264 srq_type = srq->srq_type;
3266 ret = ib_destroy_srq(srq);
3270 put_uobj_write(uobj);
3275 if (srq_type == IB_SRQT_XRC) {
3276 us = container_of(obj, struct ib_usrq_object, uevent);
3277 atomic_dec(&us->uxrcd->refcnt);
3280 idr_remove_uobj(&ib_uverbs_srq_idr, uobj);
3282 mutex_lock(&file->mutex);
3283 list_del(&uobj->list);
3284 mutex_unlock(&file->mutex);
3286 ib_uverbs_release_uevent(file, obj);
3288 memset(&resp, 0, sizeof resp);
3289 resp.events_reported = obj->events_reported;
3293 if (copy_to_user((void __user *) (unsigned long) cmd.response,
3294 &resp, sizeof resp))
3297 return ret ? ret : in_len;
3300 int ib_uverbs_ex_query_device(struct ib_uverbs_file *file,
3301 struct ib_udata *ucore,
3302 struct ib_udata *uhw)
3304 struct ib_uverbs_ex_query_device_resp resp;
3305 struct ib_uverbs_ex_query_device cmd;
3306 struct ib_device_attr attr;
3307 struct ib_device *device;
3310 device = file->device->ib_dev;
3311 if (ucore->inlen < sizeof(cmd))
3314 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
3324 resp.response_length = offsetof(typeof(resp), odp_caps);
3326 if (ucore->outlen < resp.response_length)
3329 err = device->query_device(device, &attr);
3333 copy_query_dev_fields(file, &resp.base, &attr);
3336 if (ucore->outlen < resp.response_length + sizeof(resp.odp_caps))
3339 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
3340 resp.odp_caps.general_caps = attr.odp_caps.general_caps;
3341 resp.odp_caps.per_transport_caps.rc_odp_caps =
3342 attr.odp_caps.per_transport_caps.rc_odp_caps;
3343 resp.odp_caps.per_transport_caps.uc_odp_caps =
3344 attr.odp_caps.per_transport_caps.uc_odp_caps;
3345 resp.odp_caps.per_transport_caps.ud_odp_caps =
3346 attr.odp_caps.per_transport_caps.ud_odp_caps;
3347 resp.odp_caps.reserved = 0;
3349 memset(&resp.odp_caps, 0, sizeof(resp.odp_caps));
3351 resp.response_length += sizeof(resp.odp_caps);
3354 err = ib_copy_to_udata(ucore, &resp, resp.response_length);
projects / karo-tx-linux.git / blob