2 * Copyright (c) 2005 Topspin Communications. All rights reserved.
3 * Copyright (c) 2005, 2006, 2007 Cisco Systems. All rights reserved.
4 * Copyright (c) 2005 PathScale, Inc. All rights reserved.
5 * Copyright (c) 2006 Mellanox Technologies. All rights reserved.
7 * This software is available to you under a choice of one of two
8 * licenses. You may choose to be licensed under the terms of the GNU
9 * General Public License (GPL) Version 2, available from the file
10 * COPYING in the main directory of this source tree, or the
11 * OpenIB.org BSD license below:
13 * Redistribution and use in source and binary forms, with or
14 * without modification, are permitted provided that the following
17 * - Redistributions of source code must retain the above
18 * copyright notice, this list of conditions and the following
21 * - Redistributions in binary form must reproduce the above
22 * copyright notice, this list of conditions and the following
23 * disclaimer in the documentation and/or other materials
24 * provided with the distribution.
26 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
27 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
28 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
29 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
30 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
31 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
32 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
36 #include <linux/file.h>
38 #include <linux/slab.h>
39 #include <linux/sched.h>
41 #include <asm/uaccess.h>
44 #include "core_priv.h"
46 struct uverbs_lock_class
{
47 struct lock_class_key key
;
51 static struct uverbs_lock_class pd_lock_class
= { .name
= "PD-uobj" };
52 static struct uverbs_lock_class mr_lock_class
= { .name
= "MR-uobj" };
53 static struct uverbs_lock_class mw_lock_class
= { .name
= "MW-uobj" };
54 static struct uverbs_lock_class cq_lock_class
= { .name
= "CQ-uobj" };
55 static struct uverbs_lock_class qp_lock_class
= { .name
= "QP-uobj" };
56 static struct uverbs_lock_class ah_lock_class
= { .name
= "AH-uobj" };
57 static struct uverbs_lock_class srq_lock_class
= { .name
= "SRQ-uobj" };
58 static struct uverbs_lock_class xrcd_lock_class
= { .name
= "XRCD-uobj" };
59 static struct uverbs_lock_class rule_lock_class
= { .name
= "RULE-uobj" };
62 * The ib_uobject locking scheme is as follows:
64 * - ib_uverbs_idr_lock protects the uverbs idrs themselves, so it
65 * needs to be held during all idr operations. When an object is
66 * looked up, a reference must be taken on the object's kref before
69 * - Each object also has an rwsem. This rwsem must be held for
70 * reading while an operation that uses the object is performed.
71 * For example, while registering an MR, the associated PD's
72 * uobject.mutex must be held for reading. The rwsem must be held
73 * for writing while initializing or destroying an object.
75 * - In addition, each object has a "live" flag. If this flag is not
76 * set, then lookups of the object will fail even if it is found in
77 * the idr. This handles a reader that blocks and does not acquire
78 * the rwsem until after the object is destroyed. The destroy
79 * operation will set the live flag to 0 and then drop the rwsem;
80 * this will allow the reader to acquire the rwsem, see that the
81 * live flag is 0, and then drop the rwsem and its reference to
82 * object. The underlying storage will not be freed until the last
83 * reference to the object is dropped.
86 static void init_uobj(struct ib_uobject
*uobj
, u64 user_handle
,
87 struct ib_ucontext
*context
, struct uverbs_lock_class
*c
)
89 uobj
->user_handle
= user_handle
;
90 uobj
->context
= context
;
91 kref_init(&uobj
->ref
);
92 init_rwsem(&uobj
->mutex
);
93 lockdep_set_class_and_name(&uobj
->mutex
, &c
->key
, c
->name
);
97 static void release_uobj(struct kref
*kref
)
99 kfree(container_of(kref
, struct ib_uobject
, ref
));
102 static void put_uobj(struct ib_uobject
*uobj
)
104 kref_put(&uobj
->ref
, release_uobj
);
107 static void put_uobj_read(struct ib_uobject
*uobj
)
109 up_read(&uobj
->mutex
);
113 static void put_uobj_write(struct ib_uobject
*uobj
)
115 up_write(&uobj
->mutex
);
119 static int idr_add_uobj(struct idr
*idr
, struct ib_uobject
*uobj
)
123 idr_preload(GFP_KERNEL
);
124 spin_lock(&ib_uverbs_idr_lock
);
126 ret
= idr_alloc(idr
, uobj
, 0, 0, GFP_NOWAIT
);
130 spin_unlock(&ib_uverbs_idr_lock
);
133 return ret
< 0 ? ret
: 0;
136 void idr_remove_uobj(struct idr
*idr
, struct ib_uobject
*uobj
)
138 spin_lock(&ib_uverbs_idr_lock
);
139 idr_remove(idr
, uobj
->id
);
140 spin_unlock(&ib_uverbs_idr_lock
);
143 static struct ib_uobject
*__idr_get_uobj(struct idr
*idr
, int id
,
144 struct ib_ucontext
*context
)
146 struct ib_uobject
*uobj
;
148 spin_lock(&ib_uverbs_idr_lock
);
149 uobj
= idr_find(idr
, id
);
151 if (uobj
->context
== context
)
152 kref_get(&uobj
->ref
);
156 spin_unlock(&ib_uverbs_idr_lock
);
161 static struct ib_uobject
*idr_read_uobj(struct idr
*idr
, int id
,
162 struct ib_ucontext
*context
, int nested
)
164 struct ib_uobject
*uobj
;
166 uobj
= __idr_get_uobj(idr
, id
, context
);
171 down_read_nested(&uobj
->mutex
, SINGLE_DEPTH_NESTING
);
173 down_read(&uobj
->mutex
);
182 static struct ib_uobject
*idr_write_uobj(struct idr
*idr
, int id
,
183 struct ib_ucontext
*context
)
185 struct ib_uobject
*uobj
;
187 uobj
= __idr_get_uobj(idr
, id
, context
);
191 down_write(&uobj
->mutex
);
193 put_uobj_write(uobj
);
200 static void *idr_read_obj(struct idr
*idr
, int id
, struct ib_ucontext
*context
,
203 struct ib_uobject
*uobj
;
205 uobj
= idr_read_uobj(idr
, id
, context
, nested
);
206 return uobj
? uobj
->object
: NULL
;
209 static struct ib_pd
*idr_read_pd(int pd_handle
, struct ib_ucontext
*context
)
211 return idr_read_obj(&ib_uverbs_pd_idr
, pd_handle
, context
, 0);
214 static void put_pd_read(struct ib_pd
*pd
)
216 put_uobj_read(pd
->uobject
);
219 static struct ib_cq
*idr_read_cq(int cq_handle
, struct ib_ucontext
*context
, int nested
)
221 return idr_read_obj(&ib_uverbs_cq_idr
, cq_handle
, context
, nested
);
224 static void put_cq_read(struct ib_cq
*cq
)
226 put_uobj_read(cq
->uobject
);
229 static struct ib_ah
*idr_read_ah(int ah_handle
, struct ib_ucontext
*context
)
231 return idr_read_obj(&ib_uverbs_ah_idr
, ah_handle
, context
, 0);
234 static void put_ah_read(struct ib_ah
*ah
)
236 put_uobj_read(ah
->uobject
);
239 static struct ib_qp
*idr_read_qp(int qp_handle
, struct ib_ucontext
*context
)
241 return idr_read_obj(&ib_uverbs_qp_idr
, qp_handle
, context
, 0);
244 static struct ib_qp
*idr_write_qp(int qp_handle
, struct ib_ucontext
*context
)
246 struct ib_uobject
*uobj
;
248 uobj
= idr_write_uobj(&ib_uverbs_qp_idr
, qp_handle
, context
);
249 return uobj
? uobj
->object
: NULL
;
252 static void put_qp_read(struct ib_qp
*qp
)
254 put_uobj_read(qp
->uobject
);
257 static void put_qp_write(struct ib_qp
*qp
)
259 put_uobj_write(qp
->uobject
);
262 static struct ib_srq
*idr_read_srq(int srq_handle
, struct ib_ucontext
*context
)
264 return idr_read_obj(&ib_uverbs_srq_idr
, srq_handle
, context
, 0);
267 static void put_srq_read(struct ib_srq
*srq
)
269 put_uobj_read(srq
->uobject
);
272 static struct ib_xrcd
*idr_read_xrcd(int xrcd_handle
, struct ib_ucontext
*context
,
273 struct ib_uobject
**uobj
)
275 *uobj
= idr_read_uobj(&ib_uverbs_xrcd_idr
, xrcd_handle
, context
, 0);
276 return *uobj
? (*uobj
)->object
: NULL
;
279 static void put_xrcd_read(struct ib_uobject
*uobj
)
284 ssize_t
ib_uverbs_get_context(struct ib_uverbs_file
*file
,
285 struct ib_device
*ib_dev
,
286 const char __user
*buf
,
287 int in_len
, int out_len
)
289 struct ib_uverbs_get_context cmd
;
290 struct ib_uverbs_get_context_resp resp
;
291 struct ib_udata udata
;
292 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
293 struct ib_device_attr dev_attr
;
295 struct ib_ucontext
*ucontext
;
299 if (out_len
< sizeof resp
)
302 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
305 mutex_lock(&file
->mutex
);
307 if (file
->ucontext
) {
312 INIT_UDATA(&udata
, buf
+ sizeof cmd
,
313 (unsigned long) cmd
.response
+ sizeof resp
,
314 in_len
- sizeof cmd
, out_len
- sizeof resp
);
316 ucontext
= ib_dev
->alloc_ucontext(ib_dev
, &udata
);
317 if (IS_ERR(ucontext
)) {
318 ret
= PTR_ERR(ucontext
);
322 ucontext
->device
= ib_dev
;
323 INIT_LIST_HEAD(&ucontext
->pd_list
);
324 INIT_LIST_HEAD(&ucontext
->mr_list
);
325 INIT_LIST_HEAD(&ucontext
->mw_list
);
326 INIT_LIST_HEAD(&ucontext
->cq_list
);
327 INIT_LIST_HEAD(&ucontext
->qp_list
);
328 INIT_LIST_HEAD(&ucontext
->srq_list
);
329 INIT_LIST_HEAD(&ucontext
->ah_list
);
330 INIT_LIST_HEAD(&ucontext
->xrcd_list
);
331 INIT_LIST_HEAD(&ucontext
->rule_list
);
333 ucontext
->tgid
= get_task_pid(current
->group_leader
, PIDTYPE_PID
);
335 ucontext
->closing
= 0;
337 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
338 ucontext
->umem_tree
= RB_ROOT
;
339 init_rwsem(&ucontext
->umem_rwsem
);
340 ucontext
->odp_mrs_count
= 0;
341 INIT_LIST_HEAD(&ucontext
->no_private_counters
);
343 ret
= ib_query_device(ib_dev
, &dev_attr
);
346 if (!(dev_attr
.device_cap_flags
& IB_DEVICE_ON_DEMAND_PAGING
))
347 ucontext
->invalidate_range
= NULL
;
351 resp
.num_comp_vectors
= file
->device
->num_comp_vectors
;
353 ret
= get_unused_fd_flags(O_CLOEXEC
);
358 filp
= ib_uverbs_alloc_event_file(file
, ib_dev
, 1);
364 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
365 &resp
, sizeof resp
)) {
370 file
->ucontext
= ucontext
;
372 fd_install(resp
.async_fd
, filp
);
374 mutex_unlock(&file
->mutex
);
379 ib_uverbs_free_async_event_file(file
);
383 put_unused_fd(resp
.async_fd
);
386 put_pid(ucontext
->tgid
);
387 ib_dev
->dealloc_ucontext(ucontext
);
390 mutex_unlock(&file
->mutex
);
394 static void copy_query_dev_fields(struct ib_uverbs_file
*file
,
395 struct ib_device
*ib_dev
,
396 struct ib_uverbs_query_device_resp
*resp
,
397 struct ib_device_attr
*attr
)
399 resp
->fw_ver
= attr
->fw_ver
;
400 resp
->node_guid
= ib_dev
->node_guid
;
401 resp
->sys_image_guid
= attr
->sys_image_guid
;
402 resp
->max_mr_size
= attr
->max_mr_size
;
403 resp
->page_size_cap
= attr
->page_size_cap
;
404 resp
->vendor_id
= attr
->vendor_id
;
405 resp
->vendor_part_id
= attr
->vendor_part_id
;
406 resp
->hw_ver
= attr
->hw_ver
;
407 resp
->max_qp
= attr
->max_qp
;
408 resp
->max_qp_wr
= attr
->max_qp_wr
;
409 resp
->device_cap_flags
= attr
->device_cap_flags
;
410 resp
->max_sge
= attr
->max_sge
;
411 resp
->max_sge_rd
= attr
->max_sge_rd
;
412 resp
->max_cq
= attr
->max_cq
;
413 resp
->max_cqe
= attr
->max_cqe
;
414 resp
->max_mr
= attr
->max_mr
;
415 resp
->max_pd
= attr
->max_pd
;
416 resp
->max_qp_rd_atom
= attr
->max_qp_rd_atom
;
417 resp
->max_ee_rd_atom
= attr
->max_ee_rd_atom
;
418 resp
->max_res_rd_atom
= attr
->max_res_rd_atom
;
419 resp
->max_qp_init_rd_atom
= attr
->max_qp_init_rd_atom
;
420 resp
->max_ee_init_rd_atom
= attr
->max_ee_init_rd_atom
;
421 resp
->atomic_cap
= attr
->atomic_cap
;
422 resp
->max_ee
= attr
->max_ee
;
423 resp
->max_rdd
= attr
->max_rdd
;
424 resp
->max_mw
= attr
->max_mw
;
425 resp
->max_raw_ipv6_qp
= attr
->max_raw_ipv6_qp
;
426 resp
->max_raw_ethy_qp
= attr
->max_raw_ethy_qp
;
427 resp
->max_mcast_grp
= attr
->max_mcast_grp
;
428 resp
->max_mcast_qp_attach
= attr
->max_mcast_qp_attach
;
429 resp
->max_total_mcast_qp_attach
= attr
->max_total_mcast_qp_attach
;
430 resp
->max_ah
= attr
->max_ah
;
431 resp
->max_fmr
= attr
->max_fmr
;
432 resp
->max_map_per_fmr
= attr
->max_map_per_fmr
;
433 resp
->max_srq
= attr
->max_srq
;
434 resp
->max_srq_wr
= attr
->max_srq_wr
;
435 resp
->max_srq_sge
= attr
->max_srq_sge
;
436 resp
->max_pkeys
= attr
->max_pkeys
;
437 resp
->local_ca_ack_delay
= attr
->local_ca_ack_delay
;
438 resp
->phys_port_cnt
= ib_dev
->phys_port_cnt
;
441 ssize_t
ib_uverbs_query_device(struct ib_uverbs_file
*file
,
442 struct ib_device
*ib_dev
,
443 const char __user
*buf
,
444 int in_len
, int out_len
)
446 struct ib_uverbs_query_device cmd
;
447 struct ib_uverbs_query_device_resp resp
;
448 struct ib_device_attr attr
;
451 if (out_len
< sizeof resp
)
454 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
457 ret
= ib_query_device(ib_dev
, &attr
);
461 memset(&resp
, 0, sizeof resp
);
462 copy_query_dev_fields(file
, ib_dev
, &resp
, &attr
);
464 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
471 ssize_t
ib_uverbs_query_port(struct ib_uverbs_file
*file
,
472 struct ib_device
*ib_dev
,
473 const char __user
*buf
,
474 int in_len
, int out_len
)
476 struct ib_uverbs_query_port cmd
;
477 struct ib_uverbs_query_port_resp resp
;
478 struct ib_port_attr attr
;
481 if (out_len
< sizeof resp
)
484 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
487 ret
= ib_query_port(ib_dev
, cmd
.port_num
, &attr
);
491 memset(&resp
, 0, sizeof resp
);
493 resp
.state
= attr
.state
;
494 resp
.max_mtu
= attr
.max_mtu
;
495 resp
.active_mtu
= attr
.active_mtu
;
496 resp
.gid_tbl_len
= attr
.gid_tbl_len
;
497 resp
.port_cap_flags
= attr
.port_cap_flags
;
498 resp
.max_msg_sz
= attr
.max_msg_sz
;
499 resp
.bad_pkey_cntr
= attr
.bad_pkey_cntr
;
500 resp
.qkey_viol_cntr
= attr
.qkey_viol_cntr
;
501 resp
.pkey_tbl_len
= attr
.pkey_tbl_len
;
503 resp
.sm_lid
= attr
.sm_lid
;
505 resp
.max_vl_num
= attr
.max_vl_num
;
506 resp
.sm_sl
= attr
.sm_sl
;
507 resp
.subnet_timeout
= attr
.subnet_timeout
;
508 resp
.init_type_reply
= attr
.init_type_reply
;
509 resp
.active_width
= attr
.active_width
;
510 resp
.active_speed
= attr
.active_speed
;
511 resp
.phys_state
= attr
.phys_state
;
512 resp
.link_layer
= rdma_port_get_link_layer(ib_dev
,
515 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
522 ssize_t
ib_uverbs_alloc_pd(struct ib_uverbs_file
*file
,
523 struct ib_device
*ib_dev
,
524 const char __user
*buf
,
525 int in_len
, int out_len
)
527 struct ib_uverbs_alloc_pd cmd
;
528 struct ib_uverbs_alloc_pd_resp resp
;
529 struct ib_udata udata
;
530 struct ib_uobject
*uobj
;
534 if (out_len
< sizeof resp
)
537 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
540 INIT_UDATA(&udata
, buf
+ sizeof cmd
,
541 (unsigned long) cmd
.response
+ sizeof resp
,
542 in_len
- sizeof cmd
, out_len
- sizeof resp
);
544 uobj
= kmalloc(sizeof *uobj
, GFP_KERNEL
);
548 init_uobj(uobj
, 0, file
->ucontext
, &pd_lock_class
);
549 down_write(&uobj
->mutex
);
551 pd
= ib_dev
->alloc_pd(ib_dev
, file
->ucontext
, &udata
);
560 atomic_set(&pd
->usecnt
, 0);
563 ret
= idr_add_uobj(&ib_uverbs_pd_idr
, uobj
);
567 memset(&resp
, 0, sizeof resp
);
568 resp
.pd_handle
= uobj
->id
;
570 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
571 &resp
, sizeof resp
)) {
576 mutex_lock(&file
->mutex
);
577 list_add_tail(&uobj
->list
, &file
->ucontext
->pd_list
);
578 mutex_unlock(&file
->mutex
);
582 up_write(&uobj
->mutex
);
587 idr_remove_uobj(&ib_uverbs_pd_idr
, uobj
);
593 put_uobj_write(uobj
);
597 ssize_t
ib_uverbs_dealloc_pd(struct ib_uverbs_file
*file
,
598 struct ib_device
*ib_dev
,
599 const char __user
*buf
,
600 int in_len
, int out_len
)
602 struct ib_uverbs_dealloc_pd cmd
;
603 struct ib_uobject
*uobj
;
607 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
610 uobj
= idr_write_uobj(&ib_uverbs_pd_idr
, cmd
.pd_handle
, file
->ucontext
);
615 if (atomic_read(&pd
->usecnt
)) {
620 ret
= pd
->device
->dealloc_pd(uobj
->object
);
621 WARN_ONCE(ret
, "Infiniband HW driver failed dealloc_pd");
626 put_uobj_write(uobj
);
628 idr_remove_uobj(&ib_uverbs_pd_idr
, uobj
);
630 mutex_lock(&file
->mutex
);
631 list_del(&uobj
->list
);
632 mutex_unlock(&file
->mutex
);
639 put_uobj_write(uobj
);
643 struct xrcd_table_entry
{
645 struct ib_xrcd
*xrcd
;
649 static int xrcd_table_insert(struct ib_uverbs_device
*dev
,
651 struct ib_xrcd
*xrcd
)
653 struct xrcd_table_entry
*entry
, *scan
;
654 struct rb_node
**p
= &dev
->xrcd_tree
.rb_node
;
655 struct rb_node
*parent
= NULL
;
657 entry
= kmalloc(sizeof *entry
, GFP_KERNEL
);
662 entry
->inode
= inode
;
666 scan
= rb_entry(parent
, struct xrcd_table_entry
, node
);
668 if (inode
< scan
->inode
) {
670 } else if (inode
> scan
->inode
) {
678 rb_link_node(&entry
->node
, parent
, p
);
679 rb_insert_color(&entry
->node
, &dev
->xrcd_tree
);
684 static struct xrcd_table_entry
*xrcd_table_search(struct ib_uverbs_device
*dev
,
687 struct xrcd_table_entry
*entry
;
688 struct rb_node
*p
= dev
->xrcd_tree
.rb_node
;
691 entry
= rb_entry(p
, struct xrcd_table_entry
, node
);
693 if (inode
< entry
->inode
)
695 else if (inode
> entry
->inode
)
704 static struct ib_xrcd
*find_xrcd(struct ib_uverbs_device
*dev
, struct inode
*inode
)
706 struct xrcd_table_entry
*entry
;
708 entry
= xrcd_table_search(dev
, inode
);
715 static void xrcd_table_delete(struct ib_uverbs_device
*dev
,
718 struct xrcd_table_entry
*entry
;
720 entry
= xrcd_table_search(dev
, inode
);
723 rb_erase(&entry
->node
, &dev
->xrcd_tree
);
728 ssize_t
ib_uverbs_open_xrcd(struct ib_uverbs_file
*file
,
729 struct ib_device
*ib_dev
,
730 const char __user
*buf
, int in_len
,
733 struct ib_uverbs_open_xrcd cmd
;
734 struct ib_uverbs_open_xrcd_resp resp
;
735 struct ib_udata udata
;
736 struct ib_uxrcd_object
*obj
;
737 struct ib_xrcd
*xrcd
= NULL
;
738 struct fd f
= {NULL
, 0};
739 struct inode
*inode
= NULL
;
743 if (out_len
< sizeof resp
)
746 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
749 INIT_UDATA(&udata
, buf
+ sizeof cmd
,
750 (unsigned long) cmd
.response
+ sizeof resp
,
751 in_len
- sizeof cmd
, out_len
- sizeof resp
);
753 mutex_lock(&file
->device
->xrcd_tree_mutex
);
756 /* search for file descriptor */
760 goto err_tree_mutex_unlock
;
763 inode
= file_inode(f
.file
);
764 xrcd
= find_xrcd(file
->device
, inode
);
765 if (!xrcd
&& !(cmd
.oflags
& O_CREAT
)) {
766 /* no file descriptor. Need CREATE flag */
768 goto err_tree_mutex_unlock
;
771 if (xrcd
&& cmd
.oflags
& O_EXCL
) {
773 goto err_tree_mutex_unlock
;
777 obj
= kmalloc(sizeof *obj
, GFP_KERNEL
);
780 goto err_tree_mutex_unlock
;
783 init_uobj(&obj
->uobject
, 0, file
->ucontext
, &xrcd_lock_class
);
785 down_write(&obj
->uobject
.mutex
);
788 xrcd
= ib_dev
->alloc_xrcd(ib_dev
, file
->ucontext
, &udata
);
795 xrcd
->device
= ib_dev
;
796 atomic_set(&xrcd
->usecnt
, 0);
797 mutex_init(&xrcd
->tgt_qp_mutex
);
798 INIT_LIST_HEAD(&xrcd
->tgt_qp_list
);
802 atomic_set(&obj
->refcnt
, 0);
803 obj
->uobject
.object
= xrcd
;
804 ret
= idr_add_uobj(&ib_uverbs_xrcd_idr
, &obj
->uobject
);
808 memset(&resp
, 0, sizeof resp
);
809 resp
.xrcd_handle
= obj
->uobject
.id
;
813 /* create new inode/xrcd table entry */
814 ret
= xrcd_table_insert(file
->device
, inode
, xrcd
);
816 goto err_insert_xrcd
;
818 atomic_inc(&xrcd
->usecnt
);
821 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
822 &resp
, sizeof resp
)) {
830 mutex_lock(&file
->mutex
);
831 list_add_tail(&obj
->uobject
.list
, &file
->ucontext
->xrcd_list
);
832 mutex_unlock(&file
->mutex
);
834 obj
->uobject
.live
= 1;
835 up_write(&obj
->uobject
.mutex
);
837 mutex_unlock(&file
->device
->xrcd_tree_mutex
);
843 xrcd_table_delete(file
->device
, inode
);
844 atomic_dec(&xrcd
->usecnt
);
848 idr_remove_uobj(&ib_uverbs_xrcd_idr
, &obj
->uobject
);
851 ib_dealloc_xrcd(xrcd
);
854 put_uobj_write(&obj
->uobject
);
856 err_tree_mutex_unlock
:
860 mutex_unlock(&file
->device
->xrcd_tree_mutex
);
865 ssize_t
ib_uverbs_close_xrcd(struct ib_uverbs_file
*file
,
866 struct ib_device
*ib_dev
,
867 const char __user
*buf
, int in_len
,
870 struct ib_uverbs_close_xrcd cmd
;
871 struct ib_uobject
*uobj
;
872 struct ib_xrcd
*xrcd
= NULL
;
873 struct inode
*inode
= NULL
;
874 struct ib_uxrcd_object
*obj
;
878 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
881 mutex_lock(&file
->device
->xrcd_tree_mutex
);
882 uobj
= idr_write_uobj(&ib_uverbs_xrcd_idr
, cmd
.xrcd_handle
, file
->ucontext
);
890 obj
= container_of(uobj
, struct ib_uxrcd_object
, uobject
);
891 if (atomic_read(&obj
->refcnt
)) {
892 put_uobj_write(uobj
);
897 if (!inode
|| atomic_dec_and_test(&xrcd
->usecnt
)) {
898 ret
= ib_dealloc_xrcd(uobj
->object
);
905 atomic_inc(&xrcd
->usecnt
);
907 put_uobj_write(uobj
);
913 xrcd_table_delete(file
->device
, inode
);
915 idr_remove_uobj(&ib_uverbs_xrcd_idr
, uobj
);
916 mutex_lock(&file
->mutex
);
917 list_del(&uobj
->list
);
918 mutex_unlock(&file
->mutex
);
924 mutex_unlock(&file
->device
->xrcd_tree_mutex
);
928 void ib_uverbs_dealloc_xrcd(struct ib_uverbs_device
*dev
,
929 struct ib_xrcd
*xrcd
)
934 if (inode
&& !atomic_dec_and_test(&xrcd
->usecnt
))
937 ib_dealloc_xrcd(xrcd
);
940 xrcd_table_delete(dev
, inode
);
943 ssize_t
ib_uverbs_reg_mr(struct ib_uverbs_file
*file
,
944 struct ib_device
*ib_dev
,
945 const char __user
*buf
, int in_len
,
948 struct ib_uverbs_reg_mr cmd
;
949 struct ib_uverbs_reg_mr_resp resp
;
950 struct ib_udata udata
;
951 struct ib_uobject
*uobj
;
956 if (out_len
< sizeof resp
)
959 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
962 INIT_UDATA(&udata
, buf
+ sizeof cmd
,
963 (unsigned long) cmd
.response
+ sizeof resp
,
964 in_len
- sizeof cmd
, out_len
- sizeof resp
);
966 if ((cmd
.start
& ~PAGE_MASK
) != (cmd
.hca_va
& ~PAGE_MASK
))
969 ret
= ib_check_mr_access(cmd
.access_flags
);
973 uobj
= kmalloc(sizeof *uobj
, GFP_KERNEL
);
977 init_uobj(uobj
, 0, file
->ucontext
, &mr_lock_class
);
978 down_write(&uobj
->mutex
);
980 pd
= idr_read_pd(cmd
.pd_handle
, file
->ucontext
);
986 if (cmd
.access_flags
& IB_ACCESS_ON_DEMAND
) {
987 struct ib_device_attr attr
;
989 ret
= ib_query_device(pd
->device
, &attr
);
990 if (ret
|| !(attr
.device_cap_flags
&
991 IB_DEVICE_ON_DEMAND_PAGING
)) {
992 pr_debug("ODP support not available\n");
998 mr
= pd
->device
->reg_user_mr(pd
, cmd
.start
, cmd
.length
, cmd
.hca_va
,
999 cmd
.access_flags
, &udata
);
1005 mr
->device
= pd
->device
;
1008 atomic_inc(&pd
->usecnt
);
1009 atomic_set(&mr
->usecnt
, 0);
1012 ret
= idr_add_uobj(&ib_uverbs_mr_idr
, uobj
);
1016 memset(&resp
, 0, sizeof resp
);
1017 resp
.lkey
= mr
->lkey
;
1018 resp
.rkey
= mr
->rkey
;
1019 resp
.mr_handle
= uobj
->id
;
1021 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
1022 &resp
, sizeof resp
)) {
1029 mutex_lock(&file
->mutex
);
1030 list_add_tail(&uobj
->list
, &file
->ucontext
->mr_list
);
1031 mutex_unlock(&file
->mutex
);
1035 up_write(&uobj
->mutex
);
1040 idr_remove_uobj(&ib_uverbs_mr_idr
, uobj
);
1049 put_uobj_write(uobj
);
1053 ssize_t
ib_uverbs_rereg_mr(struct ib_uverbs_file
*file
,
1054 struct ib_device
*ib_dev
,
1055 const char __user
*buf
, int in_len
,
1058 struct ib_uverbs_rereg_mr cmd
;
1059 struct ib_uverbs_rereg_mr_resp resp
;
1060 struct ib_udata udata
;
1061 struct ib_pd
*pd
= NULL
;
1063 struct ib_pd
*old_pd
;
1065 struct ib_uobject
*uobj
;
1067 if (out_len
< sizeof(resp
))
1070 if (copy_from_user(&cmd
, buf
, sizeof(cmd
)))
1073 INIT_UDATA(&udata
, buf
+ sizeof(cmd
),
1074 (unsigned long) cmd
.response
+ sizeof(resp
),
1075 in_len
- sizeof(cmd
), out_len
- sizeof(resp
));
1077 if (cmd
.flags
& ~IB_MR_REREG_SUPPORTED
|| !cmd
.flags
)
1080 if ((cmd
.flags
& IB_MR_REREG_TRANS
) &&
1081 (!cmd
.start
|| !cmd
.hca_va
|| 0 >= cmd
.length
||
1082 (cmd
.start
& ~PAGE_MASK
) != (cmd
.hca_va
& ~PAGE_MASK
)))
1085 uobj
= idr_write_uobj(&ib_uverbs_mr_idr
, cmd
.mr_handle
,
1093 if (cmd
.flags
& IB_MR_REREG_ACCESS
) {
1094 ret
= ib_check_mr_access(cmd
.access_flags
);
1099 if (cmd
.flags
& IB_MR_REREG_PD
) {
1100 pd
= idr_read_pd(cmd
.pd_handle
, file
->ucontext
);
1107 if (atomic_read(&mr
->usecnt
)) {
1113 ret
= mr
->device
->rereg_user_mr(mr
, cmd
.flags
, cmd
.start
,
1114 cmd
.length
, cmd
.hca_va
,
1115 cmd
.access_flags
, pd
, &udata
);
1117 if (cmd
.flags
& IB_MR_REREG_PD
) {
1118 atomic_inc(&pd
->usecnt
);
1120 atomic_dec(&old_pd
->usecnt
);
1126 memset(&resp
, 0, sizeof(resp
));
1127 resp
.lkey
= mr
->lkey
;
1128 resp
.rkey
= mr
->rkey
;
1130 if (copy_to_user((void __user
*)(unsigned long)cmd
.response
,
1131 &resp
, sizeof(resp
)))
1137 if (cmd
.flags
& IB_MR_REREG_PD
)
1142 put_uobj_write(mr
->uobject
);
1147 ssize_t
ib_uverbs_dereg_mr(struct ib_uverbs_file
*file
,
1148 struct ib_device
*ib_dev
,
1149 const char __user
*buf
, int in_len
,
1152 struct ib_uverbs_dereg_mr cmd
;
1154 struct ib_uobject
*uobj
;
1157 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
1160 uobj
= idr_write_uobj(&ib_uverbs_mr_idr
, cmd
.mr_handle
, file
->ucontext
);
1166 ret
= ib_dereg_mr(mr
);
1170 put_uobj_write(uobj
);
1175 idr_remove_uobj(&ib_uverbs_mr_idr
, uobj
);
1177 mutex_lock(&file
->mutex
);
1178 list_del(&uobj
->list
);
1179 mutex_unlock(&file
->mutex
);
1186 ssize_t
ib_uverbs_alloc_mw(struct ib_uverbs_file
*file
,
1187 struct ib_device
*ib_dev
,
1188 const char __user
*buf
, int in_len
,
1191 struct ib_uverbs_alloc_mw cmd
;
1192 struct ib_uverbs_alloc_mw_resp resp
;
1193 struct ib_uobject
*uobj
;
1198 if (out_len
< sizeof(resp
))
1201 if (copy_from_user(&cmd
, buf
, sizeof(cmd
)))
1204 uobj
= kmalloc(sizeof(*uobj
), GFP_KERNEL
);
1208 init_uobj(uobj
, 0, file
->ucontext
, &mw_lock_class
);
1209 down_write(&uobj
->mutex
);
1211 pd
= idr_read_pd(cmd
.pd_handle
, file
->ucontext
);
1217 mw
= pd
->device
->alloc_mw(pd
, cmd
.mw_type
);
1223 mw
->device
= pd
->device
;
1226 atomic_inc(&pd
->usecnt
);
1229 ret
= idr_add_uobj(&ib_uverbs_mw_idr
, uobj
);
1233 memset(&resp
, 0, sizeof(resp
));
1234 resp
.rkey
= mw
->rkey
;
1235 resp
.mw_handle
= uobj
->id
;
1237 if (copy_to_user((void __user
*)(unsigned long)cmd
.response
,
1238 &resp
, sizeof(resp
))) {
1245 mutex_lock(&file
->mutex
);
1246 list_add_tail(&uobj
->list
, &file
->ucontext
->mw_list
);
1247 mutex_unlock(&file
->mutex
);
1251 up_write(&uobj
->mutex
);
1256 idr_remove_uobj(&ib_uverbs_mw_idr
, uobj
);
1265 put_uobj_write(uobj
);
1269 ssize_t
ib_uverbs_dealloc_mw(struct ib_uverbs_file
*file
,
1270 struct ib_device
*ib_dev
,
1271 const char __user
*buf
, int in_len
,
1274 struct ib_uverbs_dealloc_mw cmd
;
1276 struct ib_uobject
*uobj
;
1279 if (copy_from_user(&cmd
, buf
, sizeof(cmd
)))
1282 uobj
= idr_write_uobj(&ib_uverbs_mw_idr
, cmd
.mw_handle
, file
->ucontext
);
1288 ret
= ib_dealloc_mw(mw
);
1292 put_uobj_write(uobj
);
1297 idr_remove_uobj(&ib_uverbs_mw_idr
, uobj
);
1299 mutex_lock(&file
->mutex
);
1300 list_del(&uobj
->list
);
1301 mutex_unlock(&file
->mutex
);
1308 ssize_t
ib_uverbs_create_comp_channel(struct ib_uverbs_file
*file
,
1309 struct ib_device
*ib_dev
,
1310 const char __user
*buf
, int in_len
,
1313 struct ib_uverbs_create_comp_channel cmd
;
1314 struct ib_uverbs_create_comp_channel_resp resp
;
1318 if (out_len
< sizeof resp
)
1321 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
1324 ret
= get_unused_fd_flags(O_CLOEXEC
);
1329 filp
= ib_uverbs_alloc_event_file(file
, ib_dev
, 0);
1331 put_unused_fd(resp
.fd
);
1332 return PTR_ERR(filp
);
1335 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
1336 &resp
, sizeof resp
)) {
1337 put_unused_fd(resp
.fd
);
1342 fd_install(resp
.fd
, filp
);
1346 static struct ib_ucq_object
*create_cq(struct ib_uverbs_file
*file
,
1347 struct ib_device
*ib_dev
,
1348 struct ib_udata
*ucore
,
1349 struct ib_udata
*uhw
,
1350 struct ib_uverbs_ex_create_cq
*cmd
,
1352 int (*cb
)(struct ib_uverbs_file
*file
,
1353 struct ib_ucq_object
*obj
,
1354 struct ib_uverbs_ex_create_cq_resp
*resp
,
1355 struct ib_udata
*udata
,
1359 struct ib_ucq_object
*obj
;
1360 struct ib_uverbs_event_file
*ev_file
= NULL
;
1363 struct ib_uverbs_ex_create_cq_resp resp
;
1364 struct ib_cq_init_attr attr
= {};
1366 if (cmd
->comp_vector
>= file
->device
->num_comp_vectors
)
1367 return ERR_PTR(-EINVAL
);
1369 obj
= kmalloc(sizeof *obj
, GFP_KERNEL
);
1371 return ERR_PTR(-ENOMEM
);
1373 init_uobj(&obj
->uobject
, cmd
->user_handle
, file
->ucontext
, &cq_lock_class
);
1374 down_write(&obj
->uobject
.mutex
);
1376 if (cmd
->comp_channel
>= 0) {
1377 ev_file
= ib_uverbs_lookup_comp_file(cmd
->comp_channel
);
1384 obj
->uverbs_file
= file
;
1385 obj
->comp_events_reported
= 0;
1386 obj
->async_events_reported
= 0;
1387 INIT_LIST_HEAD(&obj
->comp_list
);
1388 INIT_LIST_HEAD(&obj
->async_list
);
1390 attr
.cqe
= cmd
->cqe
;
1391 attr
.comp_vector
= cmd
->comp_vector
;
1393 if (cmd_sz
> offsetof(typeof(*cmd
), flags
) + sizeof(cmd
->flags
))
1394 attr
.flags
= cmd
->flags
;
1396 cq
= ib_dev
->create_cq(ib_dev
, &attr
,
1397 file
->ucontext
, uhw
);
1403 cq
->device
= ib_dev
;
1404 cq
->uobject
= &obj
->uobject
;
1405 cq
->comp_handler
= ib_uverbs_comp_handler
;
1406 cq
->event_handler
= ib_uverbs_cq_event_handler
;
1407 cq
->cq_context
= ev_file
;
1408 atomic_set(&cq
->usecnt
, 0);
1410 obj
->uobject
.object
= cq
;
1411 ret
= idr_add_uobj(&ib_uverbs_cq_idr
, &obj
->uobject
);
1415 memset(&resp
, 0, sizeof resp
);
1416 resp
.base
.cq_handle
= obj
->uobject
.id
;
1417 resp
.base
.cqe
= cq
->cqe
;
1419 resp
.response_length
= offsetof(typeof(resp
), response_length
) +
1420 sizeof(resp
.response_length
);
1422 ret
= cb(file
, obj
, &resp
, ucore
, context
);
1426 mutex_lock(&file
->mutex
);
1427 list_add_tail(&obj
->uobject
.list
, &file
->ucontext
->cq_list
);
1428 mutex_unlock(&file
->mutex
);
1430 obj
->uobject
.live
= 1;
1432 up_write(&obj
->uobject
.mutex
);
1437 idr_remove_uobj(&ib_uverbs_cq_idr
, &obj
->uobject
);
1444 ib_uverbs_release_ucq(file
, ev_file
, obj
);
1447 put_uobj_write(&obj
->uobject
);
1449 return ERR_PTR(ret
);
1452 static int ib_uverbs_create_cq_cb(struct ib_uverbs_file
*file
,
1453 struct ib_ucq_object
*obj
,
1454 struct ib_uverbs_ex_create_cq_resp
*resp
,
1455 struct ib_udata
*ucore
, void *context
)
1457 if (ib_copy_to_udata(ucore
, &resp
->base
, sizeof(resp
->base
)))
1463 ssize_t
ib_uverbs_create_cq(struct ib_uverbs_file
*file
,
1464 struct ib_device
*ib_dev
,
1465 const char __user
*buf
, int in_len
,
1468 struct ib_uverbs_create_cq cmd
;
1469 struct ib_uverbs_ex_create_cq cmd_ex
;
1470 struct ib_uverbs_create_cq_resp resp
;
1471 struct ib_udata ucore
;
1472 struct ib_udata uhw
;
1473 struct ib_ucq_object
*obj
;
1475 if (out_len
< sizeof(resp
))
1478 if (copy_from_user(&cmd
, buf
, sizeof(cmd
)))
1481 INIT_UDATA(&ucore
, buf
, cmd
.response
, sizeof(cmd
), sizeof(resp
));
1483 INIT_UDATA(&uhw
, buf
+ sizeof(cmd
),
1484 (unsigned long)cmd
.response
+ sizeof(resp
),
1485 in_len
- sizeof(cmd
), out_len
- sizeof(resp
));
1487 memset(&cmd_ex
, 0, sizeof(cmd_ex
));
1488 cmd_ex
.user_handle
= cmd
.user_handle
;
1489 cmd_ex
.cqe
= cmd
.cqe
;
1490 cmd_ex
.comp_vector
= cmd
.comp_vector
;
1491 cmd_ex
.comp_channel
= cmd
.comp_channel
;
1493 obj
= create_cq(file
, ib_dev
, &ucore
, &uhw
, &cmd_ex
,
1494 offsetof(typeof(cmd_ex
), comp_channel
) +
1495 sizeof(cmd
.comp_channel
), ib_uverbs_create_cq_cb
,
1499 return PTR_ERR(obj
);
1504 static int ib_uverbs_ex_create_cq_cb(struct ib_uverbs_file
*file
,
1505 struct ib_ucq_object
*obj
,
1506 struct ib_uverbs_ex_create_cq_resp
*resp
,
1507 struct ib_udata
*ucore
, void *context
)
1509 if (ib_copy_to_udata(ucore
, resp
, resp
->response_length
))
1515 int ib_uverbs_ex_create_cq(struct ib_uverbs_file
*file
,
1516 struct ib_device
*ib_dev
,
1517 struct ib_udata
*ucore
,
1518 struct ib_udata
*uhw
)
1520 struct ib_uverbs_ex_create_cq_resp resp
;
1521 struct ib_uverbs_ex_create_cq cmd
;
1522 struct ib_ucq_object
*obj
;
1525 if (ucore
->inlen
< sizeof(cmd
))
1528 err
= ib_copy_from_udata(&cmd
, ucore
, sizeof(cmd
));
1538 if (ucore
->outlen
< (offsetof(typeof(resp
), response_length
) +
1539 sizeof(resp
.response_length
)))
1542 obj
= create_cq(file
, ib_dev
, ucore
, uhw
, &cmd
,
1543 min(ucore
->inlen
, sizeof(cmd
)),
1544 ib_uverbs_ex_create_cq_cb
, NULL
);
1547 return PTR_ERR(obj
);
1552 ssize_t
ib_uverbs_resize_cq(struct ib_uverbs_file
*file
,
1553 struct ib_device
*ib_dev
,
1554 const char __user
*buf
, int in_len
,
1557 struct ib_uverbs_resize_cq cmd
;
1558 struct ib_uverbs_resize_cq_resp resp
;
1559 struct ib_udata udata
;
1563 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
1566 INIT_UDATA(&udata
, buf
+ sizeof cmd
,
1567 (unsigned long) cmd
.response
+ sizeof resp
,
1568 in_len
- sizeof cmd
, out_len
- sizeof resp
);
1570 cq
= idr_read_cq(cmd
.cq_handle
, file
->ucontext
, 0);
1574 ret
= cq
->device
->resize_cq(cq
, cmd
.cqe
, &udata
);
1580 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
1581 &resp
, sizeof resp
.cqe
))
1587 return ret
? ret
: in_len
;
1590 static int copy_wc_to_user(void __user
*dest
, struct ib_wc
*wc
)
1592 struct ib_uverbs_wc tmp
;
1594 tmp
.wr_id
= wc
->wr_id
;
1595 tmp
.status
= wc
->status
;
1596 tmp
.opcode
= wc
->opcode
;
1597 tmp
.vendor_err
= wc
->vendor_err
;
1598 tmp
.byte_len
= wc
->byte_len
;
1599 tmp
.ex
.imm_data
= (__u32 __force
) wc
->ex
.imm_data
;
1600 tmp
.qp_num
= wc
->qp
->qp_num
;
1601 tmp
.src_qp
= wc
->src_qp
;
1602 tmp
.wc_flags
= wc
->wc_flags
;
1603 tmp
.pkey_index
= wc
->pkey_index
;
1604 tmp
.slid
= wc
->slid
;
1606 tmp
.dlid_path_bits
= wc
->dlid_path_bits
;
1607 tmp
.port_num
= wc
->port_num
;
1610 if (copy_to_user(dest
, &tmp
, sizeof tmp
))
1616 ssize_t
ib_uverbs_poll_cq(struct ib_uverbs_file
*file
,
1617 struct ib_device
*ib_dev
,
1618 const char __user
*buf
, int in_len
,
1621 struct ib_uverbs_poll_cq cmd
;
1622 struct ib_uverbs_poll_cq_resp resp
;
1623 u8 __user
*header_ptr
;
1624 u8 __user
*data_ptr
;
1629 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
1632 cq
= idr_read_cq(cmd
.cq_handle
, file
->ucontext
, 0);
1636 /* we copy a struct ib_uverbs_poll_cq_resp to user space */
1637 header_ptr
= (void __user
*)(unsigned long) cmd
.response
;
1638 data_ptr
= header_ptr
+ sizeof resp
;
1640 memset(&resp
, 0, sizeof resp
);
1641 while (resp
.count
< cmd
.ne
) {
1642 ret
= ib_poll_cq(cq
, 1, &wc
);
1648 ret
= copy_wc_to_user(data_ptr
, &wc
);
1652 data_ptr
+= sizeof(struct ib_uverbs_wc
);
1656 if (copy_to_user(header_ptr
, &resp
, sizeof resp
)) {
1668 ssize_t
ib_uverbs_req_notify_cq(struct ib_uverbs_file
*file
,
1669 struct ib_device
*ib_dev
,
1670 const char __user
*buf
, int in_len
,
1673 struct ib_uverbs_req_notify_cq cmd
;
1676 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
1679 cq
= idr_read_cq(cmd
.cq_handle
, file
->ucontext
, 0);
1683 ib_req_notify_cq(cq
, cmd
.solicited_only
?
1684 IB_CQ_SOLICITED
: IB_CQ_NEXT_COMP
);
1691 ssize_t
ib_uverbs_destroy_cq(struct ib_uverbs_file
*file
,
1692 struct ib_device
*ib_dev
,
1693 const char __user
*buf
, int in_len
,
1696 struct ib_uverbs_destroy_cq cmd
;
1697 struct ib_uverbs_destroy_cq_resp resp
;
1698 struct ib_uobject
*uobj
;
1700 struct ib_ucq_object
*obj
;
1701 struct ib_uverbs_event_file
*ev_file
;
1704 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
1707 uobj
= idr_write_uobj(&ib_uverbs_cq_idr
, cmd
.cq_handle
, file
->ucontext
);
1711 ev_file
= cq
->cq_context
;
1712 obj
= container_of(cq
->uobject
, struct ib_ucq_object
, uobject
);
1714 ret
= ib_destroy_cq(cq
);
1718 put_uobj_write(uobj
);
1723 idr_remove_uobj(&ib_uverbs_cq_idr
, uobj
);
1725 mutex_lock(&file
->mutex
);
1726 list_del(&uobj
->list
);
1727 mutex_unlock(&file
->mutex
);
1729 ib_uverbs_release_ucq(file
, ev_file
, obj
);
1731 memset(&resp
, 0, sizeof resp
);
1732 resp
.comp_events_reported
= obj
->comp_events_reported
;
1733 resp
.async_events_reported
= obj
->async_events_reported
;
1737 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
1738 &resp
, sizeof resp
))
1744 ssize_t
ib_uverbs_create_qp(struct ib_uverbs_file
*file
,
1745 struct ib_device
*ib_dev
,
1746 const char __user
*buf
, int in_len
,
1749 struct ib_uverbs_create_qp cmd
;
1750 struct ib_uverbs_create_qp_resp resp
;
1751 struct ib_udata udata
;
1752 struct ib_uqp_object
*obj
;
1753 struct ib_device
*device
;
1754 struct ib_pd
*pd
= NULL
;
1755 struct ib_xrcd
*xrcd
= NULL
;
1756 struct ib_uobject
*uninitialized_var(xrcd_uobj
);
1757 struct ib_cq
*scq
= NULL
, *rcq
= NULL
;
1758 struct ib_srq
*srq
= NULL
;
1760 struct ib_qp_init_attr attr
;
1763 if (out_len
< sizeof resp
)
1766 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
1769 if (cmd
.qp_type
== IB_QPT_RAW_PACKET
&& !capable(CAP_NET_RAW
))
1772 INIT_UDATA(&udata
, buf
+ sizeof cmd
,
1773 (unsigned long) cmd
.response
+ sizeof resp
,
1774 in_len
- sizeof cmd
, out_len
- sizeof resp
);
1776 obj
= kzalloc(sizeof *obj
, GFP_KERNEL
);
1780 init_uobj(&obj
->uevent
.uobject
, cmd
.user_handle
, file
->ucontext
, &qp_lock_class
);
1781 down_write(&obj
->uevent
.uobject
.mutex
);
1783 if (cmd
.qp_type
== IB_QPT_XRC_TGT
) {
1784 xrcd
= idr_read_xrcd(cmd
.pd_handle
, file
->ucontext
, &xrcd_uobj
);
1789 device
= xrcd
->device
;
1791 if (cmd
.qp_type
== IB_QPT_XRC_INI
) {
1792 cmd
.max_recv_wr
= cmd
.max_recv_sge
= 0;
1795 srq
= idr_read_srq(cmd
.srq_handle
, file
->ucontext
);
1796 if (!srq
|| srq
->srq_type
!= IB_SRQT_BASIC
) {
1802 if (cmd
.recv_cq_handle
!= cmd
.send_cq_handle
) {
1803 rcq
= idr_read_cq(cmd
.recv_cq_handle
, file
->ucontext
, 0);
1811 scq
= idr_read_cq(cmd
.send_cq_handle
, file
->ucontext
, !!rcq
);
1813 pd
= idr_read_pd(cmd
.pd_handle
, file
->ucontext
);
1819 device
= pd
->device
;
1822 attr
.event_handler
= ib_uverbs_qp_event_handler
;
1823 attr
.qp_context
= file
;
1828 attr
.sq_sig_type
= cmd
.sq_sig_all
? IB_SIGNAL_ALL_WR
: IB_SIGNAL_REQ_WR
;
1829 attr
.qp_type
= cmd
.qp_type
;
1830 attr
.create_flags
= 0;
1832 attr
.cap
.max_send_wr
= cmd
.max_send_wr
;
1833 attr
.cap
.max_recv_wr
= cmd
.max_recv_wr
;
1834 attr
.cap
.max_send_sge
= cmd
.max_send_sge
;
1835 attr
.cap
.max_recv_sge
= cmd
.max_recv_sge
;
1836 attr
.cap
.max_inline_data
= cmd
.max_inline_data
;
1838 obj
->uevent
.events_reported
= 0;
1839 INIT_LIST_HEAD(&obj
->uevent
.event_list
);
1840 INIT_LIST_HEAD(&obj
->mcast_list
);
1842 if (cmd
.qp_type
== IB_QPT_XRC_TGT
)
1843 qp
= ib_create_qp(pd
, &attr
);
1845 qp
= device
->create_qp(pd
, &attr
, &udata
);
1852 if (cmd
.qp_type
!= IB_QPT_XRC_TGT
) {
1854 qp
->device
= device
;
1856 qp
->send_cq
= attr
.send_cq
;
1857 qp
->recv_cq
= attr
.recv_cq
;
1859 qp
->event_handler
= attr
.event_handler
;
1860 qp
->qp_context
= attr
.qp_context
;
1861 qp
->qp_type
= attr
.qp_type
;
1862 atomic_set(&qp
->usecnt
, 0);
1863 atomic_inc(&pd
->usecnt
);
1864 atomic_inc(&attr
.send_cq
->usecnt
);
1866 atomic_inc(&attr
.recv_cq
->usecnt
);
1868 atomic_inc(&attr
.srq
->usecnt
);
1870 qp
->uobject
= &obj
->uevent
.uobject
;
1872 obj
->uevent
.uobject
.object
= qp
;
1873 ret
= idr_add_uobj(&ib_uverbs_qp_idr
, &obj
->uevent
.uobject
);
1877 memset(&resp
, 0, sizeof resp
);
1878 resp
.qpn
= qp
->qp_num
;
1879 resp
.qp_handle
= obj
->uevent
.uobject
.id
;
1880 resp
.max_recv_sge
= attr
.cap
.max_recv_sge
;
1881 resp
.max_send_sge
= attr
.cap
.max_send_sge
;
1882 resp
.max_recv_wr
= attr
.cap
.max_recv_wr
;
1883 resp
.max_send_wr
= attr
.cap
.max_send_wr
;
1884 resp
.max_inline_data
= attr
.cap
.max_inline_data
;
1886 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
1887 &resp
, sizeof resp
)) {
1893 obj
->uxrcd
= container_of(xrcd_uobj
, struct ib_uxrcd_object
,
1895 atomic_inc(&obj
->uxrcd
->refcnt
);
1896 put_xrcd_read(xrcd_uobj
);
1903 if (rcq
&& rcq
!= scq
)
1908 mutex_lock(&file
->mutex
);
1909 list_add_tail(&obj
->uevent
.uobject
.list
, &file
->ucontext
->qp_list
);
1910 mutex_unlock(&file
->mutex
);
1912 obj
->uevent
.uobject
.live
= 1;
1914 up_write(&obj
->uevent
.uobject
.mutex
);
1919 idr_remove_uobj(&ib_uverbs_qp_idr
, &obj
->uevent
.uobject
);
1926 put_xrcd_read(xrcd_uobj
);
1931 if (rcq
&& rcq
!= scq
)
1936 put_uobj_write(&obj
->uevent
.uobject
);
1940 ssize_t
ib_uverbs_open_qp(struct ib_uverbs_file
*file
,
1941 struct ib_device
*ib_dev
,
1942 const char __user
*buf
, int in_len
, int out_len
)
1944 struct ib_uverbs_open_qp cmd
;
1945 struct ib_uverbs_create_qp_resp resp
;
1946 struct ib_udata udata
;
1947 struct ib_uqp_object
*obj
;
1948 struct ib_xrcd
*xrcd
;
1949 struct ib_uobject
*uninitialized_var(xrcd_uobj
);
1951 struct ib_qp_open_attr attr
;
1954 if (out_len
< sizeof resp
)
1957 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
1960 INIT_UDATA(&udata
, buf
+ sizeof cmd
,
1961 (unsigned long) cmd
.response
+ sizeof resp
,
1962 in_len
- sizeof cmd
, out_len
- sizeof resp
);
1964 obj
= kmalloc(sizeof *obj
, GFP_KERNEL
);
1968 init_uobj(&obj
->uevent
.uobject
, cmd
.user_handle
, file
->ucontext
, &qp_lock_class
);
1969 down_write(&obj
->uevent
.uobject
.mutex
);
1971 xrcd
= idr_read_xrcd(cmd
.pd_handle
, file
->ucontext
, &xrcd_uobj
);
1977 attr
.event_handler
= ib_uverbs_qp_event_handler
;
1978 attr
.qp_context
= file
;
1979 attr
.qp_num
= cmd
.qpn
;
1980 attr
.qp_type
= cmd
.qp_type
;
1982 obj
->uevent
.events_reported
= 0;
1983 INIT_LIST_HEAD(&obj
->uevent
.event_list
);
1984 INIT_LIST_HEAD(&obj
->mcast_list
);
1986 qp
= ib_open_qp(xrcd
, &attr
);
1992 qp
->uobject
= &obj
->uevent
.uobject
;
1994 obj
->uevent
.uobject
.object
= qp
;
1995 ret
= idr_add_uobj(&ib_uverbs_qp_idr
, &obj
->uevent
.uobject
);
1999 memset(&resp
, 0, sizeof resp
);
2000 resp
.qpn
= qp
->qp_num
;
2001 resp
.qp_handle
= obj
->uevent
.uobject
.id
;
2003 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
2004 &resp
, sizeof resp
)) {
2009 obj
->uxrcd
= container_of(xrcd_uobj
, struct ib_uxrcd_object
, uobject
);
2010 atomic_inc(&obj
->uxrcd
->refcnt
);
2011 put_xrcd_read(xrcd_uobj
);
2013 mutex_lock(&file
->mutex
);
2014 list_add_tail(&obj
->uevent
.uobject
.list
, &file
->ucontext
->qp_list
);
2015 mutex_unlock(&file
->mutex
);
2017 obj
->uevent
.uobject
.live
= 1;
2019 up_write(&obj
->uevent
.uobject
.mutex
);
2024 idr_remove_uobj(&ib_uverbs_qp_idr
, &obj
->uevent
.uobject
);
2030 put_xrcd_read(xrcd_uobj
);
2031 put_uobj_write(&obj
->uevent
.uobject
);
2035 ssize_t
ib_uverbs_query_qp(struct ib_uverbs_file
*file
,
2036 struct ib_device
*ib_dev
,
2037 const char __user
*buf
, int in_len
,
2040 struct ib_uverbs_query_qp cmd
;
2041 struct ib_uverbs_query_qp_resp resp
;
2043 struct ib_qp_attr
*attr
;
2044 struct ib_qp_init_attr
*init_attr
;
2047 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
2050 attr
= kmalloc(sizeof *attr
, GFP_KERNEL
);
2051 init_attr
= kmalloc(sizeof *init_attr
, GFP_KERNEL
);
2052 if (!attr
|| !init_attr
) {
2057 qp
= idr_read_qp(cmd
.qp_handle
, file
->ucontext
);
2063 ret
= ib_query_qp(qp
, attr
, cmd
.attr_mask
, init_attr
);
2070 memset(&resp
, 0, sizeof resp
);
2072 resp
.qp_state
= attr
->qp_state
;
2073 resp
.cur_qp_state
= attr
->cur_qp_state
;
2074 resp
.path_mtu
= attr
->path_mtu
;
2075 resp
.path_mig_state
= attr
->path_mig_state
;
2076 resp
.qkey
= attr
->qkey
;
2077 resp
.rq_psn
= attr
->rq_psn
;
2078 resp
.sq_psn
= attr
->sq_psn
;
2079 resp
.dest_qp_num
= attr
->dest_qp_num
;
2080 resp
.qp_access_flags
= attr
->qp_access_flags
;
2081 resp
.pkey_index
= attr
->pkey_index
;
2082 resp
.alt_pkey_index
= attr
->alt_pkey_index
;
2083 resp
.sq_draining
= attr
->sq_draining
;
2084 resp
.max_rd_atomic
= attr
->max_rd_atomic
;
2085 resp
.max_dest_rd_atomic
= attr
->max_dest_rd_atomic
;
2086 resp
.min_rnr_timer
= attr
->min_rnr_timer
;
2087 resp
.port_num
= attr
->port_num
;
2088 resp
.timeout
= attr
->timeout
;
2089 resp
.retry_cnt
= attr
->retry_cnt
;
2090 resp
.rnr_retry
= attr
->rnr_retry
;
2091 resp
.alt_port_num
= attr
->alt_port_num
;
2092 resp
.alt_timeout
= attr
->alt_timeout
;
2094 memcpy(resp
.dest
.dgid
, attr
->ah_attr
.grh
.dgid
.raw
, 16);
2095 resp
.dest
.flow_label
= attr
->ah_attr
.grh
.flow_label
;
2096 resp
.dest
.sgid_index
= attr
->ah_attr
.grh
.sgid_index
;
2097 resp
.dest
.hop_limit
= attr
->ah_attr
.grh
.hop_limit
;
2098 resp
.dest
.traffic_class
= attr
->ah_attr
.grh
.traffic_class
;
2099 resp
.dest
.dlid
= attr
->ah_attr
.dlid
;
2100 resp
.dest
.sl
= attr
->ah_attr
.sl
;
2101 resp
.dest
.src_path_bits
= attr
->ah_attr
.src_path_bits
;
2102 resp
.dest
.static_rate
= attr
->ah_attr
.static_rate
;
2103 resp
.dest
.is_global
= !!(attr
->ah_attr
.ah_flags
& IB_AH_GRH
);
2104 resp
.dest
.port_num
= attr
->ah_attr
.port_num
;
2106 memcpy(resp
.alt_dest
.dgid
, attr
->alt_ah_attr
.grh
.dgid
.raw
, 16);
2107 resp
.alt_dest
.flow_label
= attr
->alt_ah_attr
.grh
.flow_label
;
2108 resp
.alt_dest
.sgid_index
= attr
->alt_ah_attr
.grh
.sgid_index
;
2109 resp
.alt_dest
.hop_limit
= attr
->alt_ah_attr
.grh
.hop_limit
;
2110 resp
.alt_dest
.traffic_class
= attr
->alt_ah_attr
.grh
.traffic_class
;
2111 resp
.alt_dest
.dlid
= attr
->alt_ah_attr
.dlid
;
2112 resp
.alt_dest
.sl
= attr
->alt_ah_attr
.sl
;
2113 resp
.alt_dest
.src_path_bits
= attr
->alt_ah_attr
.src_path_bits
;
2114 resp
.alt_dest
.static_rate
= attr
->alt_ah_attr
.static_rate
;
2115 resp
.alt_dest
.is_global
= !!(attr
->alt_ah_attr
.ah_flags
& IB_AH_GRH
);
2116 resp
.alt_dest
.port_num
= attr
->alt_ah_attr
.port_num
;
2118 resp
.max_send_wr
= init_attr
->cap
.max_send_wr
;
2119 resp
.max_recv_wr
= init_attr
->cap
.max_recv_wr
;
2120 resp
.max_send_sge
= init_attr
->cap
.max_send_sge
;
2121 resp
.max_recv_sge
= init_attr
->cap
.max_recv_sge
;
2122 resp
.max_inline_data
= init_attr
->cap
.max_inline_data
;
2123 resp
.sq_sig_all
= init_attr
->sq_sig_type
== IB_SIGNAL_ALL_WR
;
2125 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
2126 &resp
, sizeof resp
))
2133 return ret
? ret
: in_len
;
2136 /* Remove ignored fields set in the attribute mask */
2137 static int modify_qp_mask(enum ib_qp_type qp_type
, int mask
)
2140 case IB_QPT_XRC_INI
:
2141 return mask
& ~(IB_QP_MAX_DEST_RD_ATOMIC
| IB_QP_MIN_RNR_TIMER
);
2142 case IB_QPT_XRC_TGT
:
2143 return mask
& ~(IB_QP_MAX_QP_RD_ATOMIC
| IB_QP_RETRY_CNT
|
2150 ssize_t
ib_uverbs_modify_qp(struct ib_uverbs_file
*file
,
2151 struct ib_device
*ib_dev
,
2152 const char __user
*buf
, int in_len
,
2155 struct ib_uverbs_modify_qp cmd
;
2156 struct ib_udata udata
;
2158 struct ib_qp_attr
*attr
;
2161 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
2164 INIT_UDATA(&udata
, buf
+ sizeof cmd
, NULL
, in_len
- sizeof cmd
,
2167 attr
= kmalloc(sizeof *attr
, GFP_KERNEL
);
2171 qp
= idr_read_qp(cmd
.qp_handle
, file
->ucontext
);
2177 attr
->qp_state
= cmd
.qp_state
;
2178 attr
->cur_qp_state
= cmd
.cur_qp_state
;
2179 attr
->path_mtu
= cmd
.path_mtu
;
2180 attr
->path_mig_state
= cmd
.path_mig_state
;
2181 attr
->qkey
= cmd
.qkey
;
2182 attr
->rq_psn
= cmd
.rq_psn
;
2183 attr
->sq_psn
= cmd
.sq_psn
;
2184 attr
->dest_qp_num
= cmd
.dest_qp_num
;
2185 attr
->qp_access_flags
= cmd
.qp_access_flags
;
2186 attr
->pkey_index
= cmd
.pkey_index
;
2187 attr
->alt_pkey_index
= cmd
.alt_pkey_index
;
2188 attr
->en_sqd_async_notify
= cmd
.en_sqd_async_notify
;
2189 attr
->max_rd_atomic
= cmd
.max_rd_atomic
;
2190 attr
->max_dest_rd_atomic
= cmd
.max_dest_rd_atomic
;
2191 attr
->min_rnr_timer
= cmd
.min_rnr_timer
;
2192 attr
->port_num
= cmd
.port_num
;
2193 attr
->timeout
= cmd
.timeout
;
2194 attr
->retry_cnt
= cmd
.retry_cnt
;
2195 attr
->rnr_retry
= cmd
.rnr_retry
;
2196 attr
->alt_port_num
= cmd
.alt_port_num
;
2197 attr
->alt_timeout
= cmd
.alt_timeout
;
2199 memcpy(attr
->ah_attr
.grh
.dgid
.raw
, cmd
.dest
.dgid
, 16);
2200 attr
->ah_attr
.grh
.flow_label
= cmd
.dest
.flow_label
;
2201 attr
->ah_attr
.grh
.sgid_index
= cmd
.dest
.sgid_index
;
2202 attr
->ah_attr
.grh
.hop_limit
= cmd
.dest
.hop_limit
;
2203 attr
->ah_attr
.grh
.traffic_class
= cmd
.dest
.traffic_class
;
2204 attr
->ah_attr
.dlid
= cmd
.dest
.dlid
;
2205 attr
->ah_attr
.sl
= cmd
.dest
.sl
;
2206 attr
->ah_attr
.src_path_bits
= cmd
.dest
.src_path_bits
;
2207 attr
->ah_attr
.static_rate
= cmd
.dest
.static_rate
;
2208 attr
->ah_attr
.ah_flags
= cmd
.dest
.is_global
? IB_AH_GRH
: 0;
2209 attr
->ah_attr
.port_num
= cmd
.dest
.port_num
;
2211 memcpy(attr
->alt_ah_attr
.grh
.dgid
.raw
, cmd
.alt_dest
.dgid
, 16);
2212 attr
->alt_ah_attr
.grh
.flow_label
= cmd
.alt_dest
.flow_label
;
2213 attr
->alt_ah_attr
.grh
.sgid_index
= cmd
.alt_dest
.sgid_index
;
2214 attr
->alt_ah_attr
.grh
.hop_limit
= cmd
.alt_dest
.hop_limit
;
2215 attr
->alt_ah_attr
.grh
.traffic_class
= cmd
.alt_dest
.traffic_class
;
2216 attr
->alt_ah_attr
.dlid
= cmd
.alt_dest
.dlid
;
2217 attr
->alt_ah_attr
.sl
= cmd
.alt_dest
.sl
;
2218 attr
->alt_ah_attr
.src_path_bits
= cmd
.alt_dest
.src_path_bits
;
2219 attr
->alt_ah_attr
.static_rate
= cmd
.alt_dest
.static_rate
;
2220 attr
->alt_ah_attr
.ah_flags
= cmd
.alt_dest
.is_global
? IB_AH_GRH
: 0;
2221 attr
->alt_ah_attr
.port_num
= cmd
.alt_dest
.port_num
;
2223 if (qp
->real_qp
== qp
) {
2224 ret
= ib_resolve_eth_l2_attrs(qp
, attr
, &cmd
.attr_mask
);
2227 ret
= qp
->device
->modify_qp(qp
, attr
,
2228 modify_qp_mask(qp
->qp_type
, cmd
.attr_mask
), &udata
);
2230 ret
= ib_modify_qp(qp
, attr
, modify_qp_mask(qp
->qp_type
, cmd
.attr_mask
));
2247 ssize_t
ib_uverbs_destroy_qp(struct ib_uverbs_file
*file
,
2248 struct ib_device
*ib_dev
,
2249 const char __user
*buf
, int in_len
,
2252 struct ib_uverbs_destroy_qp cmd
;
2253 struct ib_uverbs_destroy_qp_resp resp
;
2254 struct ib_uobject
*uobj
;
2256 struct ib_uqp_object
*obj
;
2259 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
2262 memset(&resp
, 0, sizeof resp
);
2264 uobj
= idr_write_uobj(&ib_uverbs_qp_idr
, cmd
.qp_handle
, file
->ucontext
);
2268 obj
= container_of(uobj
, struct ib_uqp_object
, uevent
.uobject
);
2270 if (!list_empty(&obj
->mcast_list
)) {
2271 put_uobj_write(uobj
);
2275 ret
= ib_destroy_qp(qp
);
2279 put_uobj_write(uobj
);
2285 atomic_dec(&obj
->uxrcd
->refcnt
);
2287 idr_remove_uobj(&ib_uverbs_qp_idr
, uobj
);
2289 mutex_lock(&file
->mutex
);
2290 list_del(&uobj
->list
);
2291 mutex_unlock(&file
->mutex
);
2293 ib_uverbs_release_uevent(file
, &obj
->uevent
);
2295 resp
.events_reported
= obj
->uevent
.events_reported
;
2299 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
2300 &resp
, sizeof resp
))
2306 ssize_t
ib_uverbs_post_send(struct ib_uverbs_file
*file
,
2307 struct ib_device
*ib_dev
,
2308 const char __user
*buf
, int in_len
,
2311 struct ib_uverbs_post_send cmd
;
2312 struct ib_uverbs_post_send_resp resp
;
2313 struct ib_uverbs_send_wr
*user_wr
;
2314 struct ib_send_wr
*wr
= NULL
, *last
, *next
, *bad_wr
;
2318 ssize_t ret
= -EINVAL
;
2320 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
2323 if (in_len
< sizeof cmd
+ cmd
.wqe_size
* cmd
.wr_count
+
2324 cmd
.sge_count
* sizeof (struct ib_uverbs_sge
))
2327 if (cmd
.wqe_size
< sizeof (struct ib_uverbs_send_wr
))
2330 user_wr
= kmalloc(cmd
.wqe_size
, GFP_KERNEL
);
2334 qp
= idr_read_qp(cmd
.qp_handle
, file
->ucontext
);
2338 is_ud
= qp
->qp_type
== IB_QPT_UD
;
2341 for (i
= 0; i
< cmd
.wr_count
; ++i
) {
2342 if (copy_from_user(user_wr
,
2343 buf
+ sizeof cmd
+ i
* cmd
.wqe_size
,
2349 if (user_wr
->num_sge
+ sg_ind
> cmd
.sge_count
) {
2354 next
= kmalloc(ALIGN(sizeof *next
, sizeof (struct ib_sge
)) +
2355 user_wr
->num_sge
* sizeof (struct ib_sge
),
2369 next
->wr_id
= user_wr
->wr_id
;
2370 next
->num_sge
= user_wr
->num_sge
;
2371 next
->opcode
= user_wr
->opcode
;
2372 next
->send_flags
= user_wr
->send_flags
;
2375 if (next
->opcode
!= IB_WR_SEND
&&
2376 next
->opcode
!= IB_WR_SEND_WITH_IMM
) {
2381 next
->wr
.ud
.ah
= idr_read_ah(user_wr
->wr
.ud
.ah
,
2383 if (!next
->wr
.ud
.ah
) {
2387 next
->wr
.ud
.remote_qpn
= user_wr
->wr
.ud
.remote_qpn
;
2388 next
->wr
.ud
.remote_qkey
= user_wr
->wr
.ud
.remote_qkey
;
2389 if (next
->opcode
== IB_WR_SEND_WITH_IMM
)
2391 (__be32 __force
) user_wr
->ex
.imm_data
;
2393 switch (next
->opcode
) {
2394 case IB_WR_RDMA_WRITE_WITH_IMM
:
2396 (__be32 __force
) user_wr
->ex
.imm_data
;
2397 case IB_WR_RDMA_WRITE
:
2398 case IB_WR_RDMA_READ
:
2399 next
->wr
.rdma
.remote_addr
=
2400 user_wr
->wr
.rdma
.remote_addr
;
2401 next
->wr
.rdma
.rkey
=
2402 user_wr
->wr
.rdma
.rkey
;
2404 case IB_WR_SEND_WITH_IMM
:
2406 (__be32 __force
) user_wr
->ex
.imm_data
;
2408 case IB_WR_SEND_WITH_INV
:
2409 next
->ex
.invalidate_rkey
=
2410 user_wr
->ex
.invalidate_rkey
;
2412 case IB_WR_ATOMIC_CMP_AND_SWP
:
2413 case IB_WR_ATOMIC_FETCH_AND_ADD
:
2414 next
->wr
.atomic
.remote_addr
=
2415 user_wr
->wr
.atomic
.remote_addr
;
2416 next
->wr
.atomic
.compare_add
=
2417 user_wr
->wr
.atomic
.compare_add
;
2418 next
->wr
.atomic
.swap
= user_wr
->wr
.atomic
.swap
;
2419 next
->wr
.atomic
.rkey
= user_wr
->wr
.atomic
.rkey
;
2428 if (next
->num_sge
) {
2429 next
->sg_list
= (void *) next
+
2430 ALIGN(sizeof *next
, sizeof (struct ib_sge
));
2431 if (copy_from_user(next
->sg_list
,
2433 cmd
.wr_count
* cmd
.wqe_size
+
2434 sg_ind
* sizeof (struct ib_sge
),
2435 next
->num_sge
* sizeof (struct ib_sge
))) {
2439 sg_ind
+= next
->num_sge
;
2441 next
->sg_list
= NULL
;
2445 ret
= qp
->device
->post_send(qp
->real_qp
, wr
, &bad_wr
);
2447 for (next
= wr
; next
; next
= next
->next
) {
2453 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
2454 &resp
, sizeof resp
))
2461 if (is_ud
&& wr
->wr
.ud
.ah
)
2462 put_ah_read(wr
->wr
.ud
.ah
);
2471 return ret
? ret
: in_len
;
2474 static struct ib_recv_wr
*ib_uverbs_unmarshall_recv(const char __user
*buf
,
2480 struct ib_uverbs_recv_wr
*user_wr
;
2481 struct ib_recv_wr
*wr
= NULL
, *last
, *next
;
2486 if (in_len
< wqe_size
* wr_count
+
2487 sge_count
* sizeof (struct ib_uverbs_sge
))
2488 return ERR_PTR(-EINVAL
);
2490 if (wqe_size
< sizeof (struct ib_uverbs_recv_wr
))
2491 return ERR_PTR(-EINVAL
);
2493 user_wr
= kmalloc(wqe_size
, GFP_KERNEL
);
2495 return ERR_PTR(-ENOMEM
);
2499 for (i
= 0; i
< wr_count
; ++i
) {
2500 if (copy_from_user(user_wr
, buf
+ i
* wqe_size
,
2506 if (user_wr
->num_sge
+ sg_ind
> sge_count
) {
2511 next
= kmalloc(ALIGN(sizeof *next
, sizeof (struct ib_sge
)) +
2512 user_wr
->num_sge
* sizeof (struct ib_sge
),
2526 next
->wr_id
= user_wr
->wr_id
;
2527 next
->num_sge
= user_wr
->num_sge
;
2529 if (next
->num_sge
) {
2530 next
->sg_list
= (void *) next
+
2531 ALIGN(sizeof *next
, sizeof (struct ib_sge
));
2532 if (copy_from_user(next
->sg_list
,
2533 buf
+ wr_count
* wqe_size
+
2534 sg_ind
* sizeof (struct ib_sge
),
2535 next
->num_sge
* sizeof (struct ib_sge
))) {
2539 sg_ind
+= next
->num_sge
;
2541 next
->sg_list
= NULL
;
2556 return ERR_PTR(ret
);
2559 ssize_t
ib_uverbs_post_recv(struct ib_uverbs_file
*file
,
2560 struct ib_device
*ib_dev
,
2561 const char __user
*buf
, int in_len
,
2564 struct ib_uverbs_post_recv cmd
;
2565 struct ib_uverbs_post_recv_resp resp
;
2566 struct ib_recv_wr
*wr
, *next
, *bad_wr
;
2568 ssize_t ret
= -EINVAL
;
2570 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
2573 wr
= ib_uverbs_unmarshall_recv(buf
+ sizeof cmd
,
2574 in_len
- sizeof cmd
, cmd
.wr_count
,
2575 cmd
.sge_count
, cmd
.wqe_size
);
2579 qp
= idr_read_qp(cmd
.qp_handle
, file
->ucontext
);
2584 ret
= qp
->device
->post_recv(qp
->real_qp
, wr
, &bad_wr
);
2589 for (next
= wr
; next
; next
= next
->next
) {
2595 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
2596 &resp
, sizeof resp
))
2606 return ret
? ret
: in_len
;
2609 ssize_t
ib_uverbs_post_srq_recv(struct ib_uverbs_file
*file
,
2610 struct ib_device
*ib_dev
,
2611 const char __user
*buf
, int in_len
,
2614 struct ib_uverbs_post_srq_recv cmd
;
2615 struct ib_uverbs_post_srq_recv_resp resp
;
2616 struct ib_recv_wr
*wr
, *next
, *bad_wr
;
2618 ssize_t ret
= -EINVAL
;
2620 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
2623 wr
= ib_uverbs_unmarshall_recv(buf
+ sizeof cmd
,
2624 in_len
- sizeof cmd
, cmd
.wr_count
,
2625 cmd
.sge_count
, cmd
.wqe_size
);
2629 srq
= idr_read_srq(cmd
.srq_handle
, file
->ucontext
);
2634 ret
= srq
->device
->post_srq_recv(srq
, wr
, &bad_wr
);
2639 for (next
= wr
; next
; next
= next
->next
) {
2645 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
2646 &resp
, sizeof resp
))
2656 return ret
? ret
: in_len
;
2659 ssize_t
ib_uverbs_create_ah(struct ib_uverbs_file
*file
,
2660 struct ib_device
*ib_dev
,
2661 const char __user
*buf
, int in_len
,
2664 struct ib_uverbs_create_ah cmd
;
2665 struct ib_uverbs_create_ah_resp resp
;
2666 struct ib_uobject
*uobj
;
2669 struct ib_ah_attr attr
;
2672 if (out_len
< sizeof resp
)
2675 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
2678 uobj
= kmalloc(sizeof *uobj
, GFP_KERNEL
);
2682 init_uobj(uobj
, cmd
.user_handle
, file
->ucontext
, &ah_lock_class
);
2683 down_write(&uobj
->mutex
);
2685 pd
= idr_read_pd(cmd
.pd_handle
, file
->ucontext
);
2691 attr
.dlid
= cmd
.attr
.dlid
;
2692 attr
.sl
= cmd
.attr
.sl
;
2693 attr
.src_path_bits
= cmd
.attr
.src_path_bits
;
2694 attr
.static_rate
= cmd
.attr
.static_rate
;
2695 attr
.ah_flags
= cmd
.attr
.is_global
? IB_AH_GRH
: 0;
2696 attr
.port_num
= cmd
.attr
.port_num
;
2697 attr
.grh
.flow_label
= cmd
.attr
.grh
.flow_label
;
2698 attr
.grh
.sgid_index
= cmd
.attr
.grh
.sgid_index
;
2699 attr
.grh
.hop_limit
= cmd
.attr
.grh
.hop_limit
;
2700 attr
.grh
.traffic_class
= cmd
.attr
.grh
.traffic_class
;
2702 memset(&attr
.dmac
, 0, sizeof(attr
.dmac
));
2703 memcpy(attr
.grh
.dgid
.raw
, cmd
.attr
.grh
.dgid
, 16);
2705 ah
= ib_create_ah(pd
, &attr
);
2714 ret
= idr_add_uobj(&ib_uverbs_ah_idr
, uobj
);
2718 resp
.ah_handle
= uobj
->id
;
2720 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
2721 &resp
, sizeof resp
)) {
2728 mutex_lock(&file
->mutex
);
2729 list_add_tail(&uobj
->list
, &file
->ucontext
->ah_list
);
2730 mutex_unlock(&file
->mutex
);
2734 up_write(&uobj
->mutex
);
2739 idr_remove_uobj(&ib_uverbs_ah_idr
, uobj
);
2748 put_uobj_write(uobj
);
2752 ssize_t
ib_uverbs_destroy_ah(struct ib_uverbs_file
*file
,
2753 struct ib_device
*ib_dev
,
2754 const char __user
*buf
, int in_len
, int out_len
)
2756 struct ib_uverbs_destroy_ah cmd
;
2758 struct ib_uobject
*uobj
;
2761 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
2764 uobj
= idr_write_uobj(&ib_uverbs_ah_idr
, cmd
.ah_handle
, file
->ucontext
);
2769 ret
= ib_destroy_ah(ah
);
2773 put_uobj_write(uobj
);
2778 idr_remove_uobj(&ib_uverbs_ah_idr
, uobj
);
2780 mutex_lock(&file
->mutex
);
2781 list_del(&uobj
->list
);
2782 mutex_unlock(&file
->mutex
);
2789 ssize_t
ib_uverbs_attach_mcast(struct ib_uverbs_file
*file
,
2790 struct ib_device
*ib_dev
,
2791 const char __user
*buf
, int in_len
,
2794 struct ib_uverbs_attach_mcast cmd
;
2796 struct ib_uqp_object
*obj
;
2797 struct ib_uverbs_mcast_entry
*mcast
;
2800 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
2803 qp
= idr_write_qp(cmd
.qp_handle
, file
->ucontext
);
2807 obj
= container_of(qp
->uobject
, struct ib_uqp_object
, uevent
.uobject
);
2809 list_for_each_entry(mcast
, &obj
->mcast_list
, list
)
2810 if (cmd
.mlid
== mcast
->lid
&&
2811 !memcmp(cmd
.gid
, mcast
->gid
.raw
, sizeof mcast
->gid
.raw
)) {
2816 mcast
= kmalloc(sizeof *mcast
, GFP_KERNEL
);
2822 mcast
->lid
= cmd
.mlid
;
2823 memcpy(mcast
->gid
.raw
, cmd
.gid
, sizeof mcast
->gid
.raw
);
2825 ret
= ib_attach_mcast(qp
, &mcast
->gid
, cmd
.mlid
);
2827 list_add_tail(&mcast
->list
, &obj
->mcast_list
);
2834 return ret
? ret
: in_len
;
2837 ssize_t
ib_uverbs_detach_mcast(struct ib_uverbs_file
*file
,
2838 struct ib_device
*ib_dev
,
2839 const char __user
*buf
, int in_len
,
2842 struct ib_uverbs_detach_mcast cmd
;
2843 struct ib_uqp_object
*obj
;
2845 struct ib_uverbs_mcast_entry
*mcast
;
2848 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
2851 qp
= idr_write_qp(cmd
.qp_handle
, file
->ucontext
);
2855 ret
= ib_detach_mcast(qp
, (union ib_gid
*) cmd
.gid
, cmd
.mlid
);
2859 obj
= container_of(qp
->uobject
, struct ib_uqp_object
, uevent
.uobject
);
2861 list_for_each_entry(mcast
, &obj
->mcast_list
, list
)
2862 if (cmd
.mlid
== mcast
->lid
&&
2863 !memcmp(cmd
.gid
, mcast
->gid
.raw
, sizeof mcast
->gid
.raw
)) {
2864 list_del(&mcast
->list
);
2872 return ret
? ret
: in_len
;
2875 static int kern_spec_to_ib_spec(struct ib_uverbs_flow_spec
*kern_spec
,
2876 union ib_flow_spec
*ib_spec
)
2878 if (kern_spec
->reserved
)
2881 ib_spec
->type
= kern_spec
->type
;
2883 switch (ib_spec
->type
) {
2884 case IB_FLOW_SPEC_ETH
:
2885 ib_spec
->eth
.size
= sizeof(struct ib_flow_spec_eth
);
2886 if (ib_spec
->eth
.size
!= kern_spec
->eth
.size
)
2888 memcpy(&ib_spec
->eth
.val
, &kern_spec
->eth
.val
,
2889 sizeof(struct ib_flow_eth_filter
));
2890 memcpy(&ib_spec
->eth
.mask
, &kern_spec
->eth
.mask
,
2891 sizeof(struct ib_flow_eth_filter
));
2893 case IB_FLOW_SPEC_IPV4
:
2894 ib_spec
->ipv4
.size
= sizeof(struct ib_flow_spec_ipv4
);
2895 if (ib_spec
->ipv4
.size
!= kern_spec
->ipv4
.size
)
2897 memcpy(&ib_spec
->ipv4
.val
, &kern_spec
->ipv4
.val
,
2898 sizeof(struct ib_flow_ipv4_filter
));
2899 memcpy(&ib_spec
->ipv4
.mask
, &kern_spec
->ipv4
.mask
,
2900 sizeof(struct ib_flow_ipv4_filter
));
2902 case IB_FLOW_SPEC_TCP
:
2903 case IB_FLOW_SPEC_UDP
:
2904 ib_spec
->tcp_udp
.size
= sizeof(struct ib_flow_spec_tcp_udp
);
2905 if (ib_spec
->tcp_udp
.size
!= kern_spec
->tcp_udp
.size
)
2907 memcpy(&ib_spec
->tcp_udp
.val
, &kern_spec
->tcp_udp
.val
,
2908 sizeof(struct ib_flow_tcp_udp_filter
));
2909 memcpy(&ib_spec
->tcp_udp
.mask
, &kern_spec
->tcp_udp
.mask
,
2910 sizeof(struct ib_flow_tcp_udp_filter
));
2918 int ib_uverbs_ex_create_flow(struct ib_uverbs_file
*file
,
2919 struct ib_device
*ib_dev
,
2920 struct ib_udata
*ucore
,
2921 struct ib_udata
*uhw
)
2923 struct ib_uverbs_create_flow cmd
;
2924 struct ib_uverbs_create_flow_resp resp
;
2925 struct ib_uobject
*uobj
;
2926 struct ib_flow
*flow_id
;
2927 struct ib_uverbs_flow_attr
*kern_flow_attr
;
2928 struct ib_flow_attr
*flow_attr
;
2935 if (ucore
->inlen
< sizeof(cmd
))
2938 if (ucore
->outlen
< sizeof(resp
))
2941 err
= ib_copy_from_udata(&cmd
, ucore
, sizeof(cmd
));
2945 ucore
->inbuf
+= sizeof(cmd
);
2946 ucore
->inlen
-= sizeof(cmd
);
2951 if ((cmd
.flow_attr
.type
== IB_FLOW_ATTR_SNIFFER
&&
2952 !capable(CAP_NET_ADMIN
)) || !capable(CAP_NET_RAW
))
2955 if (cmd
.flow_attr
.num_of_specs
> IB_FLOW_SPEC_SUPPORT_LAYERS
)
2958 if (cmd
.flow_attr
.size
> ucore
->inlen
||
2959 cmd
.flow_attr
.size
>
2960 (cmd
.flow_attr
.num_of_specs
* sizeof(struct ib_uverbs_flow_spec
)))
2963 if (cmd
.flow_attr
.reserved
[0] ||
2964 cmd
.flow_attr
.reserved
[1])
2967 if (cmd
.flow_attr
.num_of_specs
) {
2968 kern_flow_attr
= kmalloc(sizeof(*kern_flow_attr
) + cmd
.flow_attr
.size
,
2970 if (!kern_flow_attr
)
2973 memcpy(kern_flow_attr
, &cmd
.flow_attr
, sizeof(*kern_flow_attr
));
2974 err
= ib_copy_from_udata(kern_flow_attr
+ 1, ucore
,
2975 cmd
.flow_attr
.size
);
2979 kern_flow_attr
= &cmd
.flow_attr
;
2982 uobj
= kmalloc(sizeof(*uobj
), GFP_KERNEL
);
2987 init_uobj(uobj
, 0, file
->ucontext
, &rule_lock_class
);
2988 down_write(&uobj
->mutex
);
2990 qp
= idr_read_qp(cmd
.qp_handle
, file
->ucontext
);
2996 flow_attr
= kmalloc(sizeof(*flow_attr
) + cmd
.flow_attr
.size
, GFP_KERNEL
);
3002 flow_attr
->type
= kern_flow_attr
->type
;
3003 flow_attr
->priority
= kern_flow_attr
->priority
;
3004 flow_attr
->num_of_specs
= kern_flow_attr
->num_of_specs
;
3005 flow_attr
->port
= kern_flow_attr
->port
;
3006 flow_attr
->flags
= kern_flow_attr
->flags
;
3007 flow_attr
->size
= sizeof(*flow_attr
);
3009 kern_spec
= kern_flow_attr
+ 1;
3010 ib_spec
= flow_attr
+ 1;
3011 for (i
= 0; i
< flow_attr
->num_of_specs
&&
3012 cmd
.flow_attr
.size
> offsetof(struct ib_uverbs_flow_spec
, reserved
) &&
3013 cmd
.flow_attr
.size
>=
3014 ((struct ib_uverbs_flow_spec
*)kern_spec
)->size
; i
++) {
3015 err
= kern_spec_to_ib_spec(kern_spec
, ib_spec
);
3019 ((union ib_flow_spec
*) ib_spec
)->size
;
3020 cmd
.flow_attr
.size
-= ((struct ib_uverbs_flow_spec
*)kern_spec
)->size
;
3021 kern_spec
+= ((struct ib_uverbs_flow_spec
*) kern_spec
)->size
;
3022 ib_spec
+= ((union ib_flow_spec
*) ib_spec
)->size
;
3024 if (cmd
.flow_attr
.size
|| (i
!= flow_attr
->num_of_specs
)) {
3025 pr_warn("create flow failed, flow %d: %d bytes left from uverb cmd\n",
3026 i
, cmd
.flow_attr
.size
);
3030 flow_id
= ib_create_flow(qp
, flow_attr
, IB_FLOW_DOMAIN_USER
);
3031 if (IS_ERR(flow_id
)) {
3032 err
= PTR_ERR(flow_id
);
3036 flow_id
->uobject
= uobj
;
3037 uobj
->object
= flow_id
;
3039 err
= idr_add_uobj(&ib_uverbs_rule_idr
, uobj
);
3043 memset(&resp
, 0, sizeof(resp
));
3044 resp
.flow_handle
= uobj
->id
;
3046 err
= ib_copy_to_udata(ucore
,
3047 &resp
, sizeof(resp
));
3052 mutex_lock(&file
->mutex
);
3053 list_add_tail(&uobj
->list
, &file
->ucontext
->rule_list
);
3054 mutex_unlock(&file
->mutex
);
3058 up_write(&uobj
->mutex
);
3060 if (cmd
.flow_attr
.num_of_specs
)
3061 kfree(kern_flow_attr
);
3064 idr_remove_uobj(&ib_uverbs_rule_idr
, uobj
);
3066 ib_destroy_flow(flow_id
);
3072 put_uobj_write(uobj
);
3074 if (cmd
.flow_attr
.num_of_specs
)
3075 kfree(kern_flow_attr
);
3079 int ib_uverbs_ex_destroy_flow(struct ib_uverbs_file
*file
,
3080 struct ib_device
*ib_dev
,
3081 struct ib_udata
*ucore
,
3082 struct ib_udata
*uhw
)
3084 struct ib_uverbs_destroy_flow cmd
;
3085 struct ib_flow
*flow_id
;
3086 struct ib_uobject
*uobj
;
3089 if (ucore
->inlen
< sizeof(cmd
))
3092 ret
= ib_copy_from_udata(&cmd
, ucore
, sizeof(cmd
));
3099 uobj
= idr_write_uobj(&ib_uverbs_rule_idr
, cmd
.flow_handle
,
3103 flow_id
= uobj
->object
;
3105 ret
= ib_destroy_flow(flow_id
);
3109 put_uobj_write(uobj
);
3111 idr_remove_uobj(&ib_uverbs_rule_idr
, uobj
);
3113 mutex_lock(&file
->mutex
);
3114 list_del(&uobj
->list
);
3115 mutex_unlock(&file
->mutex
);
3122 static int __uverbs_create_xsrq(struct ib_uverbs_file
*file
,
3123 struct ib_device
*ib_dev
,
3124 struct ib_uverbs_create_xsrq
*cmd
,
3125 struct ib_udata
*udata
)
3127 struct ib_uverbs_create_srq_resp resp
;
3128 struct ib_usrq_object
*obj
;
3131 struct ib_uobject
*uninitialized_var(xrcd_uobj
);
3132 struct ib_srq_init_attr attr
;
3135 obj
= kmalloc(sizeof *obj
, GFP_KERNEL
);
3139 init_uobj(&obj
->uevent
.uobject
, cmd
->user_handle
, file
->ucontext
, &srq_lock_class
);
3140 down_write(&obj
->uevent
.uobject
.mutex
);
3142 if (cmd
->srq_type
== IB_SRQT_XRC
) {
3143 attr
.ext
.xrc
.xrcd
= idr_read_xrcd(cmd
->xrcd_handle
, file
->ucontext
, &xrcd_uobj
);
3144 if (!attr
.ext
.xrc
.xrcd
) {
3149 obj
->uxrcd
= container_of(xrcd_uobj
, struct ib_uxrcd_object
, uobject
);
3150 atomic_inc(&obj
->uxrcd
->refcnt
);
3152 attr
.ext
.xrc
.cq
= idr_read_cq(cmd
->cq_handle
, file
->ucontext
, 0);
3153 if (!attr
.ext
.xrc
.cq
) {
3159 pd
= idr_read_pd(cmd
->pd_handle
, file
->ucontext
);
3165 attr
.event_handler
= ib_uverbs_srq_event_handler
;
3166 attr
.srq_context
= file
;
3167 attr
.srq_type
= cmd
->srq_type
;
3168 attr
.attr
.max_wr
= cmd
->max_wr
;
3169 attr
.attr
.max_sge
= cmd
->max_sge
;
3170 attr
.attr
.srq_limit
= cmd
->srq_limit
;
3172 obj
->uevent
.events_reported
= 0;
3173 INIT_LIST_HEAD(&obj
->uevent
.event_list
);
3175 srq
= pd
->device
->create_srq(pd
, &attr
, udata
);
3181 srq
->device
= pd
->device
;
3183 srq
->srq_type
= cmd
->srq_type
;
3184 srq
->uobject
= &obj
->uevent
.uobject
;
3185 srq
->event_handler
= attr
.event_handler
;
3186 srq
->srq_context
= attr
.srq_context
;
3188 if (cmd
->srq_type
== IB_SRQT_XRC
) {
3189 srq
->ext
.xrc
.cq
= attr
.ext
.xrc
.cq
;
3190 srq
->ext
.xrc
.xrcd
= attr
.ext
.xrc
.xrcd
;
3191 atomic_inc(&attr
.ext
.xrc
.cq
->usecnt
);
3192 atomic_inc(&attr
.ext
.xrc
.xrcd
->usecnt
);
3195 atomic_inc(&pd
->usecnt
);
3196 atomic_set(&srq
->usecnt
, 0);
3198 obj
->uevent
.uobject
.object
= srq
;
3199 ret
= idr_add_uobj(&ib_uverbs_srq_idr
, &obj
->uevent
.uobject
);
3203 memset(&resp
, 0, sizeof resp
);
3204 resp
.srq_handle
= obj
->uevent
.uobject
.id
;
3205 resp
.max_wr
= attr
.attr
.max_wr
;
3206 resp
.max_sge
= attr
.attr
.max_sge
;
3207 if (cmd
->srq_type
== IB_SRQT_XRC
)
3208 resp
.srqn
= srq
->ext
.xrc
.srq_num
;
3210 if (copy_to_user((void __user
*) (unsigned long) cmd
->response
,
3211 &resp
, sizeof resp
)) {
3216 if (cmd
->srq_type
== IB_SRQT_XRC
) {
3217 put_uobj_read(xrcd_uobj
);
3218 put_cq_read(attr
.ext
.xrc
.cq
);
3222 mutex_lock(&file
->mutex
);
3223 list_add_tail(&obj
->uevent
.uobject
.list
, &file
->ucontext
->srq_list
);
3224 mutex_unlock(&file
->mutex
);
3226 obj
->uevent
.uobject
.live
= 1;
3228 up_write(&obj
->uevent
.uobject
.mutex
);
3233 idr_remove_uobj(&ib_uverbs_srq_idr
, &obj
->uevent
.uobject
);
3236 ib_destroy_srq(srq
);
3242 if (cmd
->srq_type
== IB_SRQT_XRC
)
3243 put_cq_read(attr
.ext
.xrc
.cq
);
3246 if (cmd
->srq_type
== IB_SRQT_XRC
) {
3247 atomic_dec(&obj
->uxrcd
->refcnt
);
3248 put_uobj_read(xrcd_uobj
);
3252 put_uobj_write(&obj
->uevent
.uobject
);
3256 ssize_t
ib_uverbs_create_srq(struct ib_uverbs_file
*file
,
3257 struct ib_device
*ib_dev
,
3258 const char __user
*buf
, int in_len
,
3261 struct ib_uverbs_create_srq cmd
;
3262 struct ib_uverbs_create_xsrq xcmd
;
3263 struct ib_uverbs_create_srq_resp resp
;
3264 struct ib_udata udata
;
3267 if (out_len
< sizeof resp
)
3270 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
3273 xcmd
.response
= cmd
.response
;
3274 xcmd
.user_handle
= cmd
.user_handle
;
3275 xcmd
.srq_type
= IB_SRQT_BASIC
;
3276 xcmd
.pd_handle
= cmd
.pd_handle
;
3277 xcmd
.max_wr
= cmd
.max_wr
;
3278 xcmd
.max_sge
= cmd
.max_sge
;
3279 xcmd
.srq_limit
= cmd
.srq_limit
;
3281 INIT_UDATA(&udata
, buf
+ sizeof cmd
,
3282 (unsigned long) cmd
.response
+ sizeof resp
,
3283 in_len
- sizeof cmd
, out_len
- sizeof resp
);
3285 ret
= __uverbs_create_xsrq(file
, ib_dev
, &xcmd
, &udata
);
3292 ssize_t
ib_uverbs_create_xsrq(struct ib_uverbs_file
*file
,
3293 struct ib_device
*ib_dev
,
3294 const char __user
*buf
, int in_len
, int out_len
)
3296 struct ib_uverbs_create_xsrq cmd
;
3297 struct ib_uverbs_create_srq_resp resp
;
3298 struct ib_udata udata
;
3301 if (out_len
< sizeof resp
)
3304 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
3307 INIT_UDATA(&udata
, buf
+ sizeof cmd
,
3308 (unsigned long) cmd
.response
+ sizeof resp
,
3309 in_len
- sizeof cmd
, out_len
- sizeof resp
);
3311 ret
= __uverbs_create_xsrq(file
, ib_dev
, &cmd
, &udata
);
3318 ssize_t
ib_uverbs_modify_srq(struct ib_uverbs_file
*file
,
3319 struct ib_device
*ib_dev
,
3320 const char __user
*buf
, int in_len
,
3323 struct ib_uverbs_modify_srq cmd
;
3324 struct ib_udata udata
;
3326 struct ib_srq_attr attr
;
3329 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
3332 INIT_UDATA(&udata
, buf
+ sizeof cmd
, NULL
, in_len
- sizeof cmd
,
3335 srq
= idr_read_srq(cmd
.srq_handle
, file
->ucontext
);
3339 attr
.max_wr
= cmd
.max_wr
;
3340 attr
.srq_limit
= cmd
.srq_limit
;
3342 ret
= srq
->device
->modify_srq(srq
, &attr
, cmd
.attr_mask
, &udata
);
3346 return ret
? ret
: in_len
;
3349 ssize_t
ib_uverbs_query_srq(struct ib_uverbs_file
*file
,
3350 struct ib_device
*ib_dev
,
3351 const char __user
*buf
,
3352 int in_len
, int out_len
)
3354 struct ib_uverbs_query_srq cmd
;
3355 struct ib_uverbs_query_srq_resp resp
;
3356 struct ib_srq_attr attr
;
3360 if (out_len
< sizeof resp
)
3363 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
3366 srq
= idr_read_srq(cmd
.srq_handle
, file
->ucontext
);
3370 ret
= ib_query_srq(srq
, &attr
);
3377 memset(&resp
, 0, sizeof resp
);
3379 resp
.max_wr
= attr
.max_wr
;
3380 resp
.max_sge
= attr
.max_sge
;
3381 resp
.srq_limit
= attr
.srq_limit
;
3383 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
3384 &resp
, sizeof resp
))
3390 ssize_t
ib_uverbs_destroy_srq(struct ib_uverbs_file
*file
,
3391 struct ib_device
*ib_dev
,
3392 const char __user
*buf
, int in_len
,
3395 struct ib_uverbs_destroy_srq cmd
;
3396 struct ib_uverbs_destroy_srq_resp resp
;
3397 struct ib_uobject
*uobj
;
3399 struct ib_uevent_object
*obj
;
3401 struct ib_usrq_object
*us
;
3402 enum ib_srq_type srq_type
;
3404 if (copy_from_user(&cmd
, buf
, sizeof cmd
))
3407 uobj
= idr_write_uobj(&ib_uverbs_srq_idr
, cmd
.srq_handle
, file
->ucontext
);
3411 obj
= container_of(uobj
, struct ib_uevent_object
, uobject
);
3412 srq_type
= srq
->srq_type
;
3414 ret
= ib_destroy_srq(srq
);
3418 put_uobj_write(uobj
);
3423 if (srq_type
== IB_SRQT_XRC
) {
3424 us
= container_of(obj
, struct ib_usrq_object
, uevent
);
3425 atomic_dec(&us
->uxrcd
->refcnt
);
3428 idr_remove_uobj(&ib_uverbs_srq_idr
, uobj
);
3430 mutex_lock(&file
->mutex
);
3431 list_del(&uobj
->list
);
3432 mutex_unlock(&file
->mutex
);
3434 ib_uverbs_release_uevent(file
, obj
);
3436 memset(&resp
, 0, sizeof resp
);
3437 resp
.events_reported
= obj
->events_reported
;
3441 if (copy_to_user((void __user
*) (unsigned long) cmd
.response
,
3442 &resp
, sizeof resp
))
3445 return ret
? ret
: in_len
;
3448 int ib_uverbs_ex_query_device(struct ib_uverbs_file
*file
,
3449 struct ib_device
*ib_dev
,
3450 struct ib_udata
*ucore
,
3451 struct ib_udata
*uhw
)
3453 struct ib_uverbs_ex_query_device_resp resp
;
3454 struct ib_uverbs_ex_query_device cmd
;
3455 struct ib_device_attr attr
;
3458 if (ucore
->inlen
< sizeof(cmd
))
3461 err
= ib_copy_from_udata(&cmd
, ucore
, sizeof(cmd
));
3471 resp
.response_length
= offsetof(typeof(resp
), odp_caps
);
3473 if (ucore
->outlen
< resp
.response_length
)
3476 memset(&attr
, 0, sizeof(attr
));
3478 err
= ib_dev
->query_device(ib_dev
, &attr
, uhw
);
3482 copy_query_dev_fields(file
, ib_dev
, &resp
.base
, &attr
);
3485 if (ucore
->outlen
< resp
.response_length
+ sizeof(resp
.odp_caps
))
3488 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
3489 resp
.odp_caps
.general_caps
= attr
.odp_caps
.general_caps
;
3490 resp
.odp_caps
.per_transport_caps
.rc_odp_caps
=
3491 attr
.odp_caps
.per_transport_caps
.rc_odp_caps
;
3492 resp
.odp_caps
.per_transport_caps
.uc_odp_caps
=
3493 attr
.odp_caps
.per_transport_caps
.uc_odp_caps
;
3494 resp
.odp_caps
.per_transport_caps
.ud_odp_caps
=
3495 attr
.odp_caps
.per_transport_caps
.ud_odp_caps
;
3496 resp
.odp_caps
.reserved
= 0;
3498 memset(&resp
.odp_caps
, 0, sizeof(resp
.odp_caps
));
3500 resp
.response_length
+= sizeof(resp
.odp_caps
);
3502 if (ucore
->outlen
< resp
.response_length
+ sizeof(resp
.timestamp_mask
))
3505 resp
.timestamp_mask
= attr
.timestamp_mask
;
3506 resp
.response_length
+= sizeof(resp
.timestamp_mask
);
3508 if (ucore
->outlen
< resp
.response_length
+ sizeof(resp
.hca_core_clock
))
3511 resp
.hca_core_clock
= attr
.hca_core_clock
;
3512 resp
.response_length
+= sizeof(resp
.hca_core_clock
);
3515 err
= ib_copy_to_udata(ucore
, &resp
, resp
.response_length
);