2 * Copyright (c) 2005 Topspin Communications. All rights reserved.
3 * Copyright (c) 2005, 2006, 2007 Cisco Systems. All rights reserved.
4 * Copyright (c) 2005 PathScale, Inc. All rights reserved.
5 * Copyright (c) 2006 Mellanox Technologies. All rights reserved.
7 * This software is available to you under a choice of one of two
8 * licenses. You may choose to be licensed under the terms of the GNU
9 * General Public License (GPL) Version 2, available from the file
10 * COPYING in the main directory of this source tree, or the
11 * OpenIB.org BSD license below:
13 * Redistribution and use in source and binary forms, with or
14 * without modification, are permitted provided that the following
17 * - Redistributions of source code must retain the above
18 * copyright notice, this list of conditions and the following
21 * - Redistributions in binary form must reproduce the above
22 * copyright notice, this list of conditions and the following
23 * disclaimer in the documentation and/or other materials
24 * provided with the distribution.
26 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
27 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
28 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
29 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
30 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
31 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
32 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
36 #include <linux/file.h>
38 #include <linux/slab.h>
39 #include <linux/sched.h>
41 #include <linux/uaccess.h>
44 #include "core_priv.h"
46 struct uverbs_lock_class {
47 struct lock_class_key key;
51 static struct uverbs_lock_class pd_lock_class = { .name = "PD-uobj" };
52 static struct uverbs_lock_class mr_lock_class = { .name = "MR-uobj" };
53 static struct uverbs_lock_class mw_lock_class = { .name = "MW-uobj" };
54 static struct uverbs_lock_class cq_lock_class = { .name = "CQ-uobj" };
55 static struct uverbs_lock_class qp_lock_class = { .name = "QP-uobj" };
56 static struct uverbs_lock_class ah_lock_class = { .name = "AH-uobj" };
57 static struct uverbs_lock_class srq_lock_class = { .name = "SRQ-uobj" };
58 static struct uverbs_lock_class xrcd_lock_class = { .name = "XRCD-uobj" };
59 static struct uverbs_lock_class rule_lock_class = { .name = "RULE-uobj" };
60 static struct uverbs_lock_class wq_lock_class = { .name = "WQ-uobj" };
61 static struct uverbs_lock_class rwq_ind_table_lock_class = { .name = "IND_TBL-uobj" };
64 * The ib_uobject locking scheme is as follows:
66 * - ib_uverbs_idr_lock protects the uverbs idrs themselves, so it
67 * needs to be held during all idr write operations. When an object is
68 * looked up, a reference must be taken on the object's kref before
69 * dropping this lock. For read operations, the rcu_read_lock()
70 * and rcu_write_lock() but similarly the kref reference is grabbed
71 * before the rcu_read_unlock().
73 * - Each object also has an rwsem. This rwsem must be held for
74 * reading while an operation that uses the object is performed.
75 * For example, while registering an MR, the associated PD's
76 * uobject.mutex must be held for reading. The rwsem must be held
77 * for writing while initializing or destroying an object.
79 * - In addition, each object has a "live" flag. If this flag is not
80 * set, then lookups of the object will fail even if it is found in
81 * the idr. This handles a reader that blocks and does not acquire
82 * the rwsem until after the object is destroyed. The destroy
83 * operation will set the live flag to 0 and then drop the rwsem;
84 * this will allow the reader to acquire the rwsem, see that the
85 * live flag is 0, and then drop the rwsem and its reference to
86 * object. The underlying storage will not be freed until the last
87 * reference to the object is dropped.
90 static void init_uobj(struct ib_uobject *uobj, u64 user_handle,
91 struct ib_ucontext *context, struct uverbs_lock_class *c)
93 uobj->user_handle = user_handle;
94 uobj->context = context;
95 kref_init(&uobj->ref);
96 init_rwsem(&uobj->mutex);
97 lockdep_set_class_and_name(&uobj->mutex, &c->key, c->name);
101 static void release_uobj(struct kref *kref)
103 kfree_rcu(container_of(kref, struct ib_uobject, ref), rcu);
106 static void put_uobj(struct ib_uobject *uobj)
108 kref_put(&uobj->ref, release_uobj);
111 static void put_uobj_read(struct ib_uobject *uobj)
113 up_read(&uobj->mutex);
117 static void put_uobj_write(struct ib_uobject *uobj)
119 up_write(&uobj->mutex);
123 static int idr_add_uobj(struct idr *idr, struct ib_uobject *uobj)
127 idr_preload(GFP_KERNEL);
128 spin_lock(&ib_uverbs_idr_lock);
130 ret = idr_alloc(idr, uobj, 0, 0, GFP_NOWAIT);
134 spin_unlock(&ib_uverbs_idr_lock);
137 return ret < 0 ? ret : 0;
140 void idr_remove_uobj(struct idr *idr, struct ib_uobject *uobj)
142 spin_lock(&ib_uverbs_idr_lock);
143 idr_remove(idr, uobj->id);
144 spin_unlock(&ib_uverbs_idr_lock);
147 static struct ib_uobject *__idr_get_uobj(struct idr *idr, int id,
148 struct ib_ucontext *context)
150 struct ib_uobject *uobj;
153 uobj = idr_find(idr, id);
155 if (uobj->context == context)
156 kref_get(&uobj->ref);
165 static struct ib_uobject *idr_read_uobj(struct idr *idr, int id,
166 struct ib_ucontext *context, int nested)
168 struct ib_uobject *uobj;
170 uobj = __idr_get_uobj(idr, id, context);
175 down_read_nested(&uobj->mutex, SINGLE_DEPTH_NESTING);
177 down_read(&uobj->mutex);
186 static struct ib_uobject *idr_write_uobj(struct idr *idr, int id,
187 struct ib_ucontext *context)
189 struct ib_uobject *uobj;
191 uobj = __idr_get_uobj(idr, id, context);
195 down_write(&uobj->mutex);
197 put_uobj_write(uobj);
204 static void *idr_read_obj(struct idr *idr, int id, struct ib_ucontext *context,
207 struct ib_uobject *uobj;
209 uobj = idr_read_uobj(idr, id, context, nested);
210 return uobj ? uobj->object : NULL;
213 static struct ib_pd *idr_read_pd(int pd_handle, struct ib_ucontext *context)
215 return idr_read_obj(&ib_uverbs_pd_idr, pd_handle, context, 0);
218 static void put_pd_read(struct ib_pd *pd)
220 put_uobj_read(pd->uobject);
223 static struct ib_cq *idr_read_cq(int cq_handle, struct ib_ucontext *context, int nested)
225 return idr_read_obj(&ib_uverbs_cq_idr, cq_handle, context, nested);
228 static void put_cq_read(struct ib_cq *cq)
230 put_uobj_read(cq->uobject);
233 static struct ib_ah *idr_read_ah(int ah_handle, struct ib_ucontext *context)
235 return idr_read_obj(&ib_uverbs_ah_idr, ah_handle, context, 0);
238 static void put_ah_read(struct ib_ah *ah)
240 put_uobj_read(ah->uobject);
243 static struct ib_qp *idr_read_qp(int qp_handle, struct ib_ucontext *context)
245 return idr_read_obj(&ib_uverbs_qp_idr, qp_handle, context, 0);
248 static struct ib_wq *idr_read_wq(int wq_handle, struct ib_ucontext *context)
250 return idr_read_obj(&ib_uverbs_wq_idr, wq_handle, context, 0);
253 static void put_wq_read(struct ib_wq *wq)
255 put_uobj_read(wq->uobject);
258 static struct ib_rwq_ind_table *idr_read_rwq_indirection_table(int ind_table_handle,
259 struct ib_ucontext *context)
261 return idr_read_obj(&ib_uverbs_rwq_ind_tbl_idr, ind_table_handle, context, 0);
264 static void put_rwq_indirection_table_read(struct ib_rwq_ind_table *ind_table)
266 put_uobj_read(ind_table->uobject);
269 static struct ib_qp *idr_write_qp(int qp_handle, struct ib_ucontext *context)
271 struct ib_uobject *uobj;
273 uobj = idr_write_uobj(&ib_uverbs_qp_idr, qp_handle, context);
274 return uobj ? uobj->object : NULL;
277 static void put_qp_read(struct ib_qp *qp)
279 put_uobj_read(qp->uobject);
282 static void put_qp_write(struct ib_qp *qp)
284 put_uobj_write(qp->uobject);
287 static struct ib_srq *idr_read_srq(int srq_handle, struct ib_ucontext *context)
289 return idr_read_obj(&ib_uverbs_srq_idr, srq_handle, context, 0);
292 static void put_srq_read(struct ib_srq *srq)
294 put_uobj_read(srq->uobject);
297 static struct ib_xrcd *idr_read_xrcd(int xrcd_handle, struct ib_ucontext *context,
298 struct ib_uobject **uobj)
300 *uobj = idr_read_uobj(&ib_uverbs_xrcd_idr, xrcd_handle, context, 0);
301 return *uobj ? (*uobj)->object : NULL;
304 static void put_xrcd_read(struct ib_uobject *uobj)
309 ssize_t ib_uverbs_get_context(struct ib_uverbs_file *file,
310 struct ib_device *ib_dev,
311 const char __user *buf,
312 int in_len, int out_len)
314 struct ib_uverbs_get_context cmd;
315 struct ib_uverbs_get_context_resp resp;
316 struct ib_udata udata;
317 struct ib_ucontext *ucontext;
319 struct ib_rdmacg_object cg_obj;
322 if (out_len < sizeof resp)
325 if (copy_from_user(&cmd, buf, sizeof cmd))
328 mutex_lock(&file->mutex);
330 if (file->ucontext) {
335 INIT_UDATA(&udata, buf + sizeof cmd,
336 (unsigned long) cmd.response + sizeof resp,
337 in_len - sizeof cmd, out_len - sizeof resp);
339 ret = ib_rdmacg_try_charge(&cg_obj, ib_dev, RDMACG_RESOURCE_HCA_HANDLE);
343 ucontext = ib_dev->alloc_ucontext(ib_dev, &udata);
344 if (IS_ERR(ucontext)) {
345 ret = PTR_ERR(ucontext);
349 ucontext->device = ib_dev;
350 ucontext->cg_obj = cg_obj;
351 INIT_LIST_HEAD(&ucontext->pd_list);
352 INIT_LIST_HEAD(&ucontext->mr_list);
353 INIT_LIST_HEAD(&ucontext->mw_list);
354 INIT_LIST_HEAD(&ucontext->cq_list);
355 INIT_LIST_HEAD(&ucontext->qp_list);
356 INIT_LIST_HEAD(&ucontext->srq_list);
357 INIT_LIST_HEAD(&ucontext->ah_list);
358 INIT_LIST_HEAD(&ucontext->wq_list);
359 INIT_LIST_HEAD(&ucontext->rwq_ind_tbl_list);
360 INIT_LIST_HEAD(&ucontext->xrcd_list);
361 INIT_LIST_HEAD(&ucontext->rule_list);
363 ucontext->tgid = get_task_pid(current->group_leader, PIDTYPE_PID);
365 ucontext->closing = 0;
367 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
368 ucontext->umem_tree = RB_ROOT;
369 init_rwsem(&ucontext->umem_rwsem);
370 ucontext->odp_mrs_count = 0;
371 INIT_LIST_HEAD(&ucontext->no_private_counters);
373 if (!(ib_dev->attrs.device_cap_flags & IB_DEVICE_ON_DEMAND_PAGING))
374 ucontext->invalidate_range = NULL;
378 resp.num_comp_vectors = file->device->num_comp_vectors;
380 ret = get_unused_fd_flags(O_CLOEXEC);
385 filp = ib_uverbs_alloc_event_file(file, ib_dev, 1);
391 if (copy_to_user((void __user *) (unsigned long) cmd.response,
392 &resp, sizeof resp)) {
397 file->ucontext = ucontext;
399 fd_install(resp.async_fd, filp);
401 mutex_unlock(&file->mutex);
406 ib_uverbs_free_async_event_file(file);
410 put_unused_fd(resp.async_fd);
413 put_pid(ucontext->tgid);
414 ib_dev->dealloc_ucontext(ucontext);
417 ib_rdmacg_uncharge(&cg_obj, ib_dev, RDMACG_RESOURCE_HCA_HANDLE);
420 mutex_unlock(&file->mutex);
424 static void copy_query_dev_fields(struct ib_uverbs_file *file,
425 struct ib_device *ib_dev,
426 struct ib_uverbs_query_device_resp *resp,
427 struct ib_device_attr *attr)
429 resp->fw_ver = attr->fw_ver;
430 resp->node_guid = ib_dev->node_guid;
431 resp->sys_image_guid = attr->sys_image_guid;
432 resp->max_mr_size = attr->max_mr_size;
433 resp->page_size_cap = attr->page_size_cap;
434 resp->vendor_id = attr->vendor_id;
435 resp->vendor_part_id = attr->vendor_part_id;
436 resp->hw_ver = attr->hw_ver;
437 resp->max_qp = attr->max_qp;
438 resp->max_qp_wr = attr->max_qp_wr;
439 resp->device_cap_flags = lower_32_bits(attr->device_cap_flags);
440 resp->max_sge = attr->max_sge;
441 resp->max_sge_rd = attr->max_sge_rd;
442 resp->max_cq = attr->max_cq;
443 resp->max_cqe = attr->max_cqe;
444 resp->max_mr = attr->max_mr;
445 resp->max_pd = attr->max_pd;
446 resp->max_qp_rd_atom = attr->max_qp_rd_atom;
447 resp->max_ee_rd_atom = attr->max_ee_rd_atom;
448 resp->max_res_rd_atom = attr->max_res_rd_atom;
449 resp->max_qp_init_rd_atom = attr->max_qp_init_rd_atom;
450 resp->max_ee_init_rd_atom = attr->max_ee_init_rd_atom;
451 resp->atomic_cap = attr->atomic_cap;
452 resp->max_ee = attr->max_ee;
453 resp->max_rdd = attr->max_rdd;
454 resp->max_mw = attr->max_mw;
455 resp->max_raw_ipv6_qp = attr->max_raw_ipv6_qp;
456 resp->max_raw_ethy_qp = attr->max_raw_ethy_qp;
457 resp->max_mcast_grp = attr->max_mcast_grp;
458 resp->max_mcast_qp_attach = attr->max_mcast_qp_attach;
459 resp->max_total_mcast_qp_attach = attr->max_total_mcast_qp_attach;
460 resp->max_ah = attr->max_ah;
461 resp->max_fmr = attr->max_fmr;
462 resp->max_map_per_fmr = attr->max_map_per_fmr;
463 resp->max_srq = attr->max_srq;
464 resp->max_srq_wr = attr->max_srq_wr;
465 resp->max_srq_sge = attr->max_srq_sge;
466 resp->max_pkeys = attr->max_pkeys;
467 resp->local_ca_ack_delay = attr->local_ca_ack_delay;
468 resp->phys_port_cnt = ib_dev->phys_port_cnt;
471 ssize_t ib_uverbs_query_device(struct ib_uverbs_file *file,
472 struct ib_device *ib_dev,
473 const char __user *buf,
474 int in_len, int out_len)
476 struct ib_uverbs_query_device cmd;
477 struct ib_uverbs_query_device_resp resp;
479 if (out_len < sizeof resp)
482 if (copy_from_user(&cmd, buf, sizeof cmd))
485 memset(&resp, 0, sizeof resp);
486 copy_query_dev_fields(file, ib_dev, &resp, &ib_dev->attrs);
488 if (copy_to_user((void __user *) (unsigned long) cmd.response,
495 ssize_t ib_uverbs_query_port(struct ib_uverbs_file *file,
496 struct ib_device *ib_dev,
497 const char __user *buf,
498 int in_len, int out_len)
500 struct ib_uverbs_query_port cmd;
501 struct ib_uverbs_query_port_resp resp;
502 struct ib_port_attr attr;
505 if (out_len < sizeof resp)
508 if (copy_from_user(&cmd, buf, sizeof cmd))
511 ret = ib_query_port(ib_dev, cmd.port_num, &attr);
515 memset(&resp, 0, sizeof resp);
517 resp.state = attr.state;
518 resp.max_mtu = attr.max_mtu;
519 resp.active_mtu = attr.active_mtu;
520 resp.gid_tbl_len = attr.gid_tbl_len;
521 resp.port_cap_flags = attr.port_cap_flags;
522 resp.max_msg_sz = attr.max_msg_sz;
523 resp.bad_pkey_cntr = attr.bad_pkey_cntr;
524 resp.qkey_viol_cntr = attr.qkey_viol_cntr;
525 resp.pkey_tbl_len = attr.pkey_tbl_len;
527 resp.sm_lid = attr.sm_lid;
529 resp.max_vl_num = attr.max_vl_num;
530 resp.sm_sl = attr.sm_sl;
531 resp.subnet_timeout = attr.subnet_timeout;
532 resp.init_type_reply = attr.init_type_reply;
533 resp.active_width = attr.active_width;
534 resp.active_speed = attr.active_speed;
535 resp.phys_state = attr.phys_state;
536 resp.link_layer = rdma_port_get_link_layer(ib_dev,
539 if (copy_to_user((void __user *) (unsigned long) cmd.response,
546 ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file,
547 struct ib_device *ib_dev,
548 const char __user *buf,
549 int in_len, int out_len)
551 struct ib_uverbs_alloc_pd cmd;
552 struct ib_uverbs_alloc_pd_resp resp;
553 struct ib_udata udata;
554 struct ib_uobject *uobj;
558 if (out_len < sizeof resp)
561 if (copy_from_user(&cmd, buf, sizeof cmd))
564 INIT_UDATA(&udata, buf + sizeof cmd,
565 (unsigned long) cmd.response + sizeof resp,
566 in_len - sizeof cmd, out_len - sizeof resp);
568 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
572 init_uobj(uobj, 0, file->ucontext, &pd_lock_class);
573 ret = ib_rdmacg_try_charge(&uobj->cg_obj, ib_dev,
574 RDMACG_RESOURCE_HCA_OBJECT);
580 down_write(&uobj->mutex);
582 pd = ib_dev->alloc_pd(ib_dev, file->ucontext, &udata);
590 pd->__internal_mr = NULL;
591 atomic_set(&pd->usecnt, 0);
594 ret = idr_add_uobj(&ib_uverbs_pd_idr, uobj);
598 memset(&resp, 0, sizeof resp);
599 resp.pd_handle = uobj->id;
601 if (copy_to_user((void __user *) (unsigned long) cmd.response,
602 &resp, sizeof resp)) {
607 mutex_lock(&file->mutex);
608 list_add_tail(&uobj->list, &file->ucontext->pd_list);
609 mutex_unlock(&file->mutex);
613 up_write(&uobj->mutex);
618 idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
624 ib_rdmacg_uncharge(&uobj->cg_obj, ib_dev, RDMACG_RESOURCE_HCA_OBJECT);
625 put_uobj_write(uobj);
629 ssize_t ib_uverbs_dealloc_pd(struct ib_uverbs_file *file,
630 struct ib_device *ib_dev,
631 const char __user *buf,
632 int in_len, int out_len)
634 struct ib_uverbs_dealloc_pd cmd;
635 struct ib_uobject *uobj;
639 if (copy_from_user(&cmd, buf, sizeof cmd))
642 uobj = idr_write_uobj(&ib_uverbs_pd_idr, cmd.pd_handle, file->ucontext);
647 if (atomic_read(&pd->usecnt)) {
652 ret = pd->device->dealloc_pd(uobj->object);
653 WARN_ONCE(ret, "Infiniband HW driver failed dealloc_pd");
657 ib_rdmacg_uncharge(&uobj->cg_obj, ib_dev, RDMACG_RESOURCE_HCA_OBJECT);
660 put_uobj_write(uobj);
662 idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
664 mutex_lock(&file->mutex);
665 list_del(&uobj->list);
666 mutex_unlock(&file->mutex);
673 put_uobj_write(uobj);
677 struct xrcd_table_entry {
679 struct ib_xrcd *xrcd;
683 static int xrcd_table_insert(struct ib_uverbs_device *dev,
685 struct ib_xrcd *xrcd)
687 struct xrcd_table_entry *entry, *scan;
688 struct rb_node **p = &dev->xrcd_tree.rb_node;
689 struct rb_node *parent = NULL;
691 entry = kmalloc(sizeof *entry, GFP_KERNEL);
696 entry->inode = inode;
700 scan = rb_entry(parent, struct xrcd_table_entry, node);
702 if (inode < scan->inode) {
704 } else if (inode > scan->inode) {
712 rb_link_node(&entry->node, parent, p);
713 rb_insert_color(&entry->node, &dev->xrcd_tree);
718 static struct xrcd_table_entry *xrcd_table_search(struct ib_uverbs_device *dev,
721 struct xrcd_table_entry *entry;
722 struct rb_node *p = dev->xrcd_tree.rb_node;
725 entry = rb_entry(p, struct xrcd_table_entry, node);
727 if (inode < entry->inode)
729 else if (inode > entry->inode)
738 static struct ib_xrcd *find_xrcd(struct ib_uverbs_device *dev, struct inode *inode)
740 struct xrcd_table_entry *entry;
742 entry = xrcd_table_search(dev, inode);
749 static void xrcd_table_delete(struct ib_uverbs_device *dev,
752 struct xrcd_table_entry *entry;
754 entry = xrcd_table_search(dev, inode);
757 rb_erase(&entry->node, &dev->xrcd_tree);
762 ssize_t ib_uverbs_open_xrcd(struct ib_uverbs_file *file,
763 struct ib_device *ib_dev,
764 const char __user *buf, int in_len,
767 struct ib_uverbs_open_xrcd cmd;
768 struct ib_uverbs_open_xrcd_resp resp;
769 struct ib_udata udata;
770 struct ib_uxrcd_object *obj;
771 struct ib_xrcd *xrcd = NULL;
772 struct fd f = {NULL, 0};
773 struct inode *inode = NULL;
777 if (out_len < sizeof resp)
780 if (copy_from_user(&cmd, buf, sizeof cmd))
783 INIT_UDATA(&udata, buf + sizeof cmd,
784 (unsigned long) cmd.response + sizeof resp,
785 in_len - sizeof cmd, out_len - sizeof resp);
787 mutex_lock(&file->device->xrcd_tree_mutex);
790 /* search for file descriptor */
794 goto err_tree_mutex_unlock;
797 inode = file_inode(f.file);
798 xrcd = find_xrcd(file->device, inode);
799 if (!xrcd && !(cmd.oflags & O_CREAT)) {
800 /* no file descriptor. Need CREATE flag */
802 goto err_tree_mutex_unlock;
805 if (xrcd && cmd.oflags & O_EXCL) {
807 goto err_tree_mutex_unlock;
811 obj = kmalloc(sizeof *obj, GFP_KERNEL);
814 goto err_tree_mutex_unlock;
817 init_uobj(&obj->uobject, 0, file->ucontext, &xrcd_lock_class);
819 down_write(&obj->uobject.mutex);
822 xrcd = ib_dev->alloc_xrcd(ib_dev, file->ucontext, &udata);
829 xrcd->device = ib_dev;
830 atomic_set(&xrcd->usecnt, 0);
831 mutex_init(&xrcd->tgt_qp_mutex);
832 INIT_LIST_HEAD(&xrcd->tgt_qp_list);
836 atomic_set(&obj->refcnt, 0);
837 obj->uobject.object = xrcd;
838 ret = idr_add_uobj(&ib_uverbs_xrcd_idr, &obj->uobject);
842 memset(&resp, 0, sizeof resp);
843 resp.xrcd_handle = obj->uobject.id;
847 /* create new inode/xrcd table entry */
848 ret = xrcd_table_insert(file->device, inode, xrcd);
850 goto err_insert_xrcd;
852 atomic_inc(&xrcd->usecnt);
855 if (copy_to_user((void __user *) (unsigned long) cmd.response,
856 &resp, sizeof resp)) {
864 mutex_lock(&file->mutex);
865 list_add_tail(&obj->uobject.list, &file->ucontext->xrcd_list);
866 mutex_unlock(&file->mutex);
868 obj->uobject.live = 1;
869 up_write(&obj->uobject.mutex);
871 mutex_unlock(&file->device->xrcd_tree_mutex);
877 xrcd_table_delete(file->device, inode);
878 atomic_dec(&xrcd->usecnt);
882 idr_remove_uobj(&ib_uverbs_xrcd_idr, &obj->uobject);
885 ib_dealloc_xrcd(xrcd);
888 put_uobj_write(&obj->uobject);
890 err_tree_mutex_unlock:
894 mutex_unlock(&file->device->xrcd_tree_mutex);
899 ssize_t ib_uverbs_close_xrcd(struct ib_uverbs_file *file,
900 struct ib_device *ib_dev,
901 const char __user *buf, int in_len,
904 struct ib_uverbs_close_xrcd cmd;
905 struct ib_uobject *uobj;
906 struct ib_xrcd *xrcd = NULL;
907 struct inode *inode = NULL;
908 struct ib_uxrcd_object *obj;
912 if (copy_from_user(&cmd, buf, sizeof cmd))
915 mutex_lock(&file->device->xrcd_tree_mutex);
916 uobj = idr_write_uobj(&ib_uverbs_xrcd_idr, cmd.xrcd_handle, file->ucontext);
924 obj = container_of(uobj, struct ib_uxrcd_object, uobject);
925 if (atomic_read(&obj->refcnt)) {
926 put_uobj_write(uobj);
931 if (!inode || atomic_dec_and_test(&xrcd->usecnt)) {
932 ret = ib_dealloc_xrcd(uobj->object);
939 atomic_inc(&xrcd->usecnt);
941 put_uobj_write(uobj);
947 xrcd_table_delete(file->device, inode);
949 idr_remove_uobj(&ib_uverbs_xrcd_idr, uobj);
950 mutex_lock(&file->mutex);
951 list_del(&uobj->list);
952 mutex_unlock(&file->mutex);
958 mutex_unlock(&file->device->xrcd_tree_mutex);
962 void ib_uverbs_dealloc_xrcd(struct ib_uverbs_device *dev,
963 struct ib_xrcd *xrcd)
968 if (inode && !atomic_dec_and_test(&xrcd->usecnt))
971 ib_dealloc_xrcd(xrcd);
974 xrcd_table_delete(dev, inode);
977 ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file,
978 struct ib_device *ib_dev,
979 const char __user *buf, int in_len,
982 struct ib_uverbs_reg_mr cmd;
983 struct ib_uverbs_reg_mr_resp resp;
984 struct ib_udata udata;
985 struct ib_uobject *uobj;
990 if (out_len < sizeof resp)
993 if (copy_from_user(&cmd, buf, sizeof cmd))
996 INIT_UDATA(&udata, buf + sizeof cmd,
997 (unsigned long) cmd.response + sizeof resp,
998 in_len - sizeof cmd, out_len - sizeof resp);
1000 if ((cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK))
1003 ret = ib_check_mr_access(cmd.access_flags);
1007 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
1011 init_uobj(uobj, 0, file->ucontext, &mr_lock_class);
1012 down_write(&uobj->mutex);
1014 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1020 if (cmd.access_flags & IB_ACCESS_ON_DEMAND) {
1021 if (!(pd->device->attrs.device_cap_flags &
1022 IB_DEVICE_ON_DEMAND_PAGING)) {
1023 pr_debug("ODP support not available\n");
1028 ret = ib_rdmacg_try_charge(&uobj->cg_obj, ib_dev,
1029 RDMACG_RESOURCE_HCA_OBJECT);
1033 mr = pd->device->reg_user_mr(pd, cmd.start, cmd.length, cmd.hca_va,
1034 cmd.access_flags, &udata);
1040 mr->device = pd->device;
1043 atomic_inc(&pd->usecnt);
1046 ret = idr_add_uobj(&ib_uverbs_mr_idr, uobj);
1050 memset(&resp, 0, sizeof resp);
1051 resp.lkey = mr->lkey;
1052 resp.rkey = mr->rkey;
1053 resp.mr_handle = uobj->id;
1055 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1056 &resp, sizeof resp)) {
1063 mutex_lock(&file->mutex);
1064 list_add_tail(&uobj->list, &file->ucontext->mr_list);
1065 mutex_unlock(&file->mutex);
1069 up_write(&uobj->mutex);
1074 idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
1080 ib_rdmacg_uncharge(&uobj->cg_obj, ib_dev, RDMACG_RESOURCE_HCA_OBJECT);
1086 put_uobj_write(uobj);
1090 ssize_t ib_uverbs_rereg_mr(struct ib_uverbs_file *file,
1091 struct ib_device *ib_dev,
1092 const char __user *buf, int in_len,
1095 struct ib_uverbs_rereg_mr cmd;
1096 struct ib_uverbs_rereg_mr_resp resp;
1097 struct ib_udata udata;
1098 struct ib_pd *pd = NULL;
1100 struct ib_pd *old_pd;
1102 struct ib_uobject *uobj;
1104 if (out_len < sizeof(resp))
1107 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1110 INIT_UDATA(&udata, buf + sizeof(cmd),
1111 (unsigned long) cmd.response + sizeof(resp),
1112 in_len - sizeof(cmd), out_len - sizeof(resp));
1114 if (cmd.flags & ~IB_MR_REREG_SUPPORTED || !cmd.flags)
1117 if ((cmd.flags & IB_MR_REREG_TRANS) &&
1118 (!cmd.start || !cmd.hca_va || 0 >= cmd.length ||
1119 (cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK)))
1122 uobj = idr_write_uobj(&ib_uverbs_mr_idr, cmd.mr_handle,
1130 if (cmd.flags & IB_MR_REREG_ACCESS) {
1131 ret = ib_check_mr_access(cmd.access_flags);
1136 if (cmd.flags & IB_MR_REREG_PD) {
1137 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1145 ret = mr->device->rereg_user_mr(mr, cmd.flags, cmd.start,
1146 cmd.length, cmd.hca_va,
1147 cmd.access_flags, pd, &udata);
1149 if (cmd.flags & IB_MR_REREG_PD) {
1150 atomic_inc(&pd->usecnt);
1152 atomic_dec(&old_pd->usecnt);
1158 memset(&resp, 0, sizeof(resp));
1159 resp.lkey = mr->lkey;
1160 resp.rkey = mr->rkey;
1162 if (copy_to_user((void __user *)(unsigned long)cmd.response,
1163 &resp, sizeof(resp)))
1169 if (cmd.flags & IB_MR_REREG_PD)
1174 put_uobj_write(mr->uobject);
1179 ssize_t ib_uverbs_dereg_mr(struct ib_uverbs_file *file,
1180 struct ib_device *ib_dev,
1181 const char __user *buf, int in_len,
1184 struct ib_uverbs_dereg_mr cmd;
1186 struct ib_uobject *uobj;
1189 if (copy_from_user(&cmd, buf, sizeof cmd))
1192 uobj = idr_write_uobj(&ib_uverbs_mr_idr, cmd.mr_handle, file->ucontext);
1198 ret = ib_dereg_mr(mr);
1202 put_uobj_write(uobj);
1207 ib_rdmacg_uncharge(&uobj->cg_obj, ib_dev, RDMACG_RESOURCE_HCA_OBJECT);
1209 idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
1211 mutex_lock(&file->mutex);
1212 list_del(&uobj->list);
1213 mutex_unlock(&file->mutex);
1220 ssize_t ib_uverbs_alloc_mw(struct ib_uverbs_file *file,
1221 struct ib_device *ib_dev,
1222 const char __user *buf, int in_len,
1225 struct ib_uverbs_alloc_mw cmd;
1226 struct ib_uverbs_alloc_mw_resp resp;
1227 struct ib_uobject *uobj;
1230 struct ib_udata udata;
1233 if (out_len < sizeof(resp))
1236 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1239 uobj = kmalloc(sizeof(*uobj), GFP_KERNEL);
1243 init_uobj(uobj, 0, file->ucontext, &mw_lock_class);
1244 down_write(&uobj->mutex);
1246 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1252 INIT_UDATA(&udata, buf + sizeof(cmd),
1253 (unsigned long)cmd.response + sizeof(resp),
1254 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr),
1255 out_len - sizeof(resp));
1257 ret = ib_rdmacg_try_charge(&uobj->cg_obj, ib_dev,
1258 RDMACG_RESOURCE_HCA_OBJECT);
1262 mw = pd->device->alloc_mw(pd, cmd.mw_type, &udata);
1268 mw->device = pd->device;
1271 atomic_inc(&pd->usecnt);
1274 ret = idr_add_uobj(&ib_uverbs_mw_idr, uobj);
1278 memset(&resp, 0, sizeof(resp));
1279 resp.rkey = mw->rkey;
1280 resp.mw_handle = uobj->id;
1282 if (copy_to_user((void __user *)(unsigned long)cmd.response,
1283 &resp, sizeof(resp))) {
1290 mutex_lock(&file->mutex);
1291 list_add_tail(&uobj->list, &file->ucontext->mw_list);
1292 mutex_unlock(&file->mutex);
1296 up_write(&uobj->mutex);
1301 idr_remove_uobj(&ib_uverbs_mw_idr, uobj);
1304 uverbs_dealloc_mw(mw);
1307 ib_rdmacg_uncharge(&uobj->cg_obj, ib_dev, RDMACG_RESOURCE_HCA_OBJECT);
1313 put_uobj_write(uobj);
1317 ssize_t ib_uverbs_dealloc_mw(struct ib_uverbs_file *file,
1318 struct ib_device *ib_dev,
1319 const char __user *buf, int in_len,
1322 struct ib_uverbs_dealloc_mw cmd;
1324 struct ib_uobject *uobj;
1327 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1330 uobj = idr_write_uobj(&ib_uverbs_mw_idr, cmd.mw_handle, file->ucontext);
1336 ret = uverbs_dealloc_mw(mw);
1340 put_uobj_write(uobj);
1345 ib_rdmacg_uncharge(&uobj->cg_obj, ib_dev, RDMACG_RESOURCE_HCA_OBJECT);
1347 idr_remove_uobj(&ib_uverbs_mw_idr, uobj);
1349 mutex_lock(&file->mutex);
1350 list_del(&uobj->list);
1351 mutex_unlock(&file->mutex);
1358 ssize_t ib_uverbs_create_comp_channel(struct ib_uverbs_file *file,
1359 struct ib_device *ib_dev,
1360 const char __user *buf, int in_len,
1363 struct ib_uverbs_create_comp_channel cmd;
1364 struct ib_uverbs_create_comp_channel_resp resp;
1368 if (out_len < sizeof resp)
1371 if (copy_from_user(&cmd, buf, sizeof cmd))
1374 ret = get_unused_fd_flags(O_CLOEXEC);
1379 filp = ib_uverbs_alloc_event_file(file, ib_dev, 0);
1381 put_unused_fd(resp.fd);
1382 return PTR_ERR(filp);
1385 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1386 &resp, sizeof resp)) {
1387 put_unused_fd(resp.fd);
1392 fd_install(resp.fd, filp);
1396 static struct ib_ucq_object *create_cq(struct ib_uverbs_file *file,
1397 struct ib_device *ib_dev,
1398 struct ib_udata *ucore,
1399 struct ib_udata *uhw,
1400 struct ib_uverbs_ex_create_cq *cmd,
1402 int (*cb)(struct ib_uverbs_file *file,
1403 struct ib_ucq_object *obj,
1404 struct ib_uverbs_ex_create_cq_resp *resp,
1405 struct ib_udata *udata,
1409 struct ib_ucq_object *obj;
1410 struct ib_uverbs_event_file *ev_file = NULL;
1413 struct ib_uverbs_ex_create_cq_resp resp;
1414 struct ib_cq_init_attr attr = {};
1416 if (cmd->comp_vector >= file->device->num_comp_vectors)
1417 return ERR_PTR(-EINVAL);
1419 obj = kmalloc(sizeof *obj, GFP_KERNEL);
1421 return ERR_PTR(-ENOMEM);
1423 init_uobj(&obj->uobject, cmd->user_handle, file->ucontext, &cq_lock_class);
1424 down_write(&obj->uobject.mutex);
1426 if (cmd->comp_channel >= 0) {
1427 ev_file = ib_uverbs_lookup_comp_file(cmd->comp_channel);
1434 obj->uverbs_file = file;
1435 obj->comp_events_reported = 0;
1436 obj->async_events_reported = 0;
1437 INIT_LIST_HEAD(&obj->comp_list);
1438 INIT_LIST_HEAD(&obj->async_list);
1440 attr.cqe = cmd->cqe;
1441 attr.comp_vector = cmd->comp_vector;
1443 if (cmd_sz > offsetof(typeof(*cmd), flags) + sizeof(cmd->flags))
1444 attr.flags = cmd->flags;
1446 ret = ib_rdmacg_try_charge(&obj->uobject.cg_obj, ib_dev,
1447 RDMACG_RESOURCE_HCA_OBJECT);
1451 cq = ib_dev->create_cq(ib_dev, &attr,
1452 file->ucontext, uhw);
1458 cq->device = ib_dev;
1459 cq->uobject = &obj->uobject;
1460 cq->comp_handler = ib_uverbs_comp_handler;
1461 cq->event_handler = ib_uverbs_cq_event_handler;
1462 cq->cq_context = ev_file;
1463 atomic_set(&cq->usecnt, 0);
1465 obj->uobject.object = cq;
1466 ret = idr_add_uobj(&ib_uverbs_cq_idr, &obj->uobject);
1470 memset(&resp, 0, sizeof resp);
1471 resp.base.cq_handle = obj->uobject.id;
1472 resp.base.cqe = cq->cqe;
1474 resp.response_length = offsetof(typeof(resp), response_length) +
1475 sizeof(resp.response_length);
1477 ret = cb(file, obj, &resp, ucore, context);
1481 mutex_lock(&file->mutex);
1482 list_add_tail(&obj->uobject.list, &file->ucontext->cq_list);
1483 mutex_unlock(&file->mutex);
1485 obj->uobject.live = 1;
1487 up_write(&obj->uobject.mutex);
1492 idr_remove_uobj(&ib_uverbs_cq_idr, &obj->uobject);
1498 ib_rdmacg_uncharge(&obj->uobject.cg_obj, ib_dev,
1499 RDMACG_RESOURCE_HCA_OBJECT);
1503 ib_uverbs_release_ucq(file, ev_file, obj);
1506 put_uobj_write(&obj->uobject);
1508 return ERR_PTR(ret);
1511 static int ib_uverbs_create_cq_cb(struct ib_uverbs_file *file,
1512 struct ib_ucq_object *obj,
1513 struct ib_uverbs_ex_create_cq_resp *resp,
1514 struct ib_udata *ucore, void *context)
1516 if (ib_copy_to_udata(ucore, &resp->base, sizeof(resp->base)))
1522 ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file,
1523 struct ib_device *ib_dev,
1524 const char __user *buf, int in_len,
1527 struct ib_uverbs_create_cq cmd;
1528 struct ib_uverbs_ex_create_cq cmd_ex;
1529 struct ib_uverbs_create_cq_resp resp;
1530 struct ib_udata ucore;
1531 struct ib_udata uhw;
1532 struct ib_ucq_object *obj;
1534 if (out_len < sizeof(resp))
1537 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1540 INIT_UDATA(&ucore, buf, (unsigned long)cmd.response, sizeof(cmd), sizeof(resp));
1542 INIT_UDATA(&uhw, buf + sizeof(cmd),
1543 (unsigned long)cmd.response + sizeof(resp),
1544 in_len - sizeof(cmd), out_len - sizeof(resp));
1546 memset(&cmd_ex, 0, sizeof(cmd_ex));
1547 cmd_ex.user_handle = cmd.user_handle;
1548 cmd_ex.cqe = cmd.cqe;
1549 cmd_ex.comp_vector = cmd.comp_vector;
1550 cmd_ex.comp_channel = cmd.comp_channel;
1552 obj = create_cq(file, ib_dev, &ucore, &uhw, &cmd_ex,
1553 offsetof(typeof(cmd_ex), comp_channel) +
1554 sizeof(cmd.comp_channel), ib_uverbs_create_cq_cb,
1558 return PTR_ERR(obj);
1563 static int ib_uverbs_ex_create_cq_cb(struct ib_uverbs_file *file,
1564 struct ib_ucq_object *obj,
1565 struct ib_uverbs_ex_create_cq_resp *resp,
1566 struct ib_udata *ucore, void *context)
1568 if (ib_copy_to_udata(ucore, resp, resp->response_length))
1574 int ib_uverbs_ex_create_cq(struct ib_uverbs_file *file,
1575 struct ib_device *ib_dev,
1576 struct ib_udata *ucore,
1577 struct ib_udata *uhw)
1579 struct ib_uverbs_ex_create_cq_resp resp;
1580 struct ib_uverbs_ex_create_cq cmd;
1581 struct ib_ucq_object *obj;
1584 if (ucore->inlen < sizeof(cmd))
1587 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
1597 if (ucore->outlen < (offsetof(typeof(resp), response_length) +
1598 sizeof(resp.response_length)))
1601 obj = create_cq(file, ib_dev, ucore, uhw, &cmd,
1602 min(ucore->inlen, sizeof(cmd)),
1603 ib_uverbs_ex_create_cq_cb, NULL);
1606 return PTR_ERR(obj);
1611 ssize_t ib_uverbs_resize_cq(struct ib_uverbs_file *file,
1612 struct ib_device *ib_dev,
1613 const char __user *buf, int in_len,
1616 struct ib_uverbs_resize_cq cmd;
1617 struct ib_uverbs_resize_cq_resp resp;
1618 struct ib_udata udata;
1622 if (copy_from_user(&cmd, buf, sizeof cmd))
1625 INIT_UDATA(&udata, buf + sizeof cmd,
1626 (unsigned long) cmd.response + sizeof resp,
1627 in_len - sizeof cmd, out_len - sizeof resp);
1629 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1633 ret = cq->device->resize_cq(cq, cmd.cqe, &udata);
1639 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1640 &resp, sizeof resp.cqe))
1646 return ret ? ret : in_len;
1649 static int copy_wc_to_user(void __user *dest, struct ib_wc *wc)
1651 struct ib_uverbs_wc tmp;
1653 tmp.wr_id = wc->wr_id;
1654 tmp.status = wc->status;
1655 tmp.opcode = wc->opcode;
1656 tmp.vendor_err = wc->vendor_err;
1657 tmp.byte_len = wc->byte_len;
1658 tmp.ex.imm_data = (__u32 __force) wc->ex.imm_data;
1659 tmp.qp_num = wc->qp->qp_num;
1660 tmp.src_qp = wc->src_qp;
1661 tmp.wc_flags = wc->wc_flags;
1662 tmp.pkey_index = wc->pkey_index;
1663 tmp.slid = wc->slid;
1665 tmp.dlid_path_bits = wc->dlid_path_bits;
1666 tmp.port_num = wc->port_num;
1669 if (copy_to_user(dest, &tmp, sizeof tmp))
1675 ssize_t ib_uverbs_poll_cq(struct ib_uverbs_file *file,
1676 struct ib_device *ib_dev,
1677 const char __user *buf, int in_len,
1680 struct ib_uverbs_poll_cq cmd;
1681 struct ib_uverbs_poll_cq_resp resp;
1682 u8 __user *header_ptr;
1683 u8 __user *data_ptr;
1688 if (copy_from_user(&cmd, buf, sizeof cmd))
1691 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1695 /* we copy a struct ib_uverbs_poll_cq_resp to user space */
1696 header_ptr = (void __user *)(unsigned long) cmd.response;
1697 data_ptr = header_ptr + sizeof resp;
1699 memset(&resp, 0, sizeof resp);
1700 while (resp.count < cmd.ne) {
1701 ret = ib_poll_cq(cq, 1, &wc);
1707 ret = copy_wc_to_user(data_ptr, &wc);
1711 data_ptr += sizeof(struct ib_uverbs_wc);
1715 if (copy_to_user(header_ptr, &resp, sizeof resp)) {
1727 ssize_t ib_uverbs_req_notify_cq(struct ib_uverbs_file *file,
1728 struct ib_device *ib_dev,
1729 const char __user *buf, int in_len,
1732 struct ib_uverbs_req_notify_cq cmd;
1735 if (copy_from_user(&cmd, buf, sizeof cmd))
1738 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1742 ib_req_notify_cq(cq, cmd.solicited_only ?
1743 IB_CQ_SOLICITED : IB_CQ_NEXT_COMP);
1750 ssize_t ib_uverbs_destroy_cq(struct ib_uverbs_file *file,
1751 struct ib_device *ib_dev,
1752 const char __user *buf, int in_len,
1755 struct ib_uverbs_destroy_cq cmd;
1756 struct ib_uverbs_destroy_cq_resp resp;
1757 struct ib_uobject *uobj;
1759 struct ib_ucq_object *obj;
1760 struct ib_uverbs_event_file *ev_file;
1763 if (copy_from_user(&cmd, buf, sizeof cmd))
1766 uobj = idr_write_uobj(&ib_uverbs_cq_idr, cmd.cq_handle, file->ucontext);
1770 ev_file = cq->cq_context;
1771 obj = container_of(cq->uobject, struct ib_ucq_object, uobject);
1773 ret = ib_destroy_cq(cq);
1777 put_uobj_write(uobj);
1782 ib_rdmacg_uncharge(&uobj->cg_obj, ib_dev, RDMACG_RESOURCE_HCA_OBJECT);
1784 idr_remove_uobj(&ib_uverbs_cq_idr, uobj);
1786 mutex_lock(&file->mutex);
1787 list_del(&uobj->list);
1788 mutex_unlock(&file->mutex);
1790 ib_uverbs_release_ucq(file, ev_file, obj);
1792 memset(&resp, 0, sizeof resp);
1793 resp.comp_events_reported = obj->comp_events_reported;
1794 resp.async_events_reported = obj->async_events_reported;
1798 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1799 &resp, sizeof resp))
1805 static int create_qp(struct ib_uverbs_file *file,
1806 struct ib_udata *ucore,
1807 struct ib_udata *uhw,
1808 struct ib_uverbs_ex_create_qp *cmd,
1810 int (*cb)(struct ib_uverbs_file *file,
1811 struct ib_uverbs_ex_create_qp_resp *resp,
1812 struct ib_udata *udata),
1815 struct ib_uqp_object *obj;
1816 struct ib_device *device;
1817 struct ib_pd *pd = NULL;
1818 struct ib_xrcd *xrcd = NULL;
1819 struct ib_uobject *uninitialized_var(xrcd_uobj);
1820 struct ib_cq *scq = NULL, *rcq = NULL;
1821 struct ib_srq *srq = NULL;
1824 struct ib_qp_init_attr attr = {};
1825 struct ib_uverbs_ex_create_qp_resp resp;
1827 struct ib_rwq_ind_table *ind_tbl = NULL;
1830 if (cmd->qp_type == IB_QPT_RAW_PACKET && !capable(CAP_NET_RAW))
1833 obj = kzalloc(sizeof *obj, GFP_KERNEL);
1837 init_uobj(&obj->uevent.uobject, cmd->user_handle, file->ucontext,
1839 down_write(&obj->uevent.uobject.mutex);
1840 if (cmd_sz >= offsetof(typeof(*cmd), rwq_ind_tbl_handle) +
1841 sizeof(cmd->rwq_ind_tbl_handle) &&
1842 (cmd->comp_mask & IB_UVERBS_CREATE_QP_MASK_IND_TABLE)) {
1843 ind_tbl = idr_read_rwq_indirection_table(cmd->rwq_ind_tbl_handle,
1850 attr.rwq_ind_tbl = ind_tbl;
1853 if ((cmd_sz >= offsetof(typeof(*cmd), reserved1) +
1854 sizeof(cmd->reserved1)) && cmd->reserved1) {
1859 if (ind_tbl && (cmd->max_recv_wr || cmd->max_recv_sge || cmd->is_srq)) {
1864 if (ind_tbl && !cmd->max_send_wr)
1867 if (cmd->qp_type == IB_QPT_XRC_TGT) {
1868 xrcd = idr_read_xrcd(cmd->pd_handle, file->ucontext,
1874 device = xrcd->device;
1876 if (cmd->qp_type == IB_QPT_XRC_INI) {
1877 cmd->max_recv_wr = 0;
1878 cmd->max_recv_sge = 0;
1881 srq = idr_read_srq(cmd->srq_handle,
1883 if (!srq || srq->srq_type != IB_SRQT_BASIC) {
1890 if (cmd->recv_cq_handle != cmd->send_cq_handle) {
1891 rcq = idr_read_cq(cmd->recv_cq_handle,
1902 scq = idr_read_cq(cmd->send_cq_handle, file->ucontext, !!rcq);
1905 pd = idr_read_pd(cmd->pd_handle, file->ucontext);
1906 if (!pd || (!scq && has_sq)) {
1911 device = pd->device;
1914 attr.event_handler = ib_uverbs_qp_event_handler;
1915 attr.qp_context = file;
1920 attr.sq_sig_type = cmd->sq_sig_all ? IB_SIGNAL_ALL_WR :
1922 attr.qp_type = cmd->qp_type;
1923 attr.create_flags = 0;
1925 attr.cap.max_send_wr = cmd->max_send_wr;
1926 attr.cap.max_recv_wr = cmd->max_recv_wr;
1927 attr.cap.max_send_sge = cmd->max_send_sge;
1928 attr.cap.max_recv_sge = cmd->max_recv_sge;
1929 attr.cap.max_inline_data = cmd->max_inline_data;
1931 obj->uevent.events_reported = 0;
1932 INIT_LIST_HEAD(&obj->uevent.event_list);
1933 INIT_LIST_HEAD(&obj->mcast_list);
1935 if (cmd_sz >= offsetof(typeof(*cmd), create_flags) +
1936 sizeof(cmd->create_flags))
1937 attr.create_flags = cmd->create_flags;
1939 if (attr.create_flags & ~(IB_QP_CREATE_BLOCK_MULTICAST_LOOPBACK |
1940 IB_QP_CREATE_CROSS_CHANNEL |
1941 IB_QP_CREATE_MANAGED_SEND |
1942 IB_QP_CREATE_MANAGED_RECV |
1943 IB_QP_CREATE_SCATTER_FCS |
1944 IB_QP_CREATE_CVLAN_STRIPPING)) {
1949 buf = (void *)cmd + sizeof(*cmd);
1950 if (cmd_sz > sizeof(*cmd))
1951 if (!(buf[0] == 0 && !memcmp(buf, buf + 1,
1952 cmd_sz - sizeof(*cmd) - 1))) {
1957 ret = ib_rdmacg_try_charge(&obj->uevent.uobject.cg_obj, device,
1958 RDMACG_RESOURCE_HCA_OBJECT);
1962 if (cmd->qp_type == IB_QPT_XRC_TGT)
1963 qp = ib_create_qp(pd, &attr);
1965 qp = device->create_qp(pd, &attr, uhw);
1972 if (cmd->qp_type != IB_QPT_XRC_TGT) {
1974 qp->device = device;
1976 qp->send_cq = attr.send_cq;
1977 qp->recv_cq = attr.recv_cq;
1979 qp->rwq_ind_tbl = ind_tbl;
1980 qp->event_handler = attr.event_handler;
1981 qp->qp_context = attr.qp_context;
1982 qp->qp_type = attr.qp_type;
1983 atomic_set(&qp->usecnt, 0);
1984 atomic_inc(&pd->usecnt);
1986 atomic_inc(&attr.send_cq->usecnt);
1988 atomic_inc(&attr.recv_cq->usecnt);
1990 atomic_inc(&attr.srq->usecnt);
1992 atomic_inc(&ind_tbl->usecnt);
1994 qp->uobject = &obj->uevent.uobject;
1996 obj->uevent.uobject.object = qp;
1997 ret = idr_add_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
2001 memset(&resp, 0, sizeof resp);
2002 resp.base.qpn = qp->qp_num;
2003 resp.base.qp_handle = obj->uevent.uobject.id;
2004 resp.base.max_recv_sge = attr.cap.max_recv_sge;
2005 resp.base.max_send_sge = attr.cap.max_send_sge;
2006 resp.base.max_recv_wr = attr.cap.max_recv_wr;
2007 resp.base.max_send_wr = attr.cap.max_send_wr;
2008 resp.base.max_inline_data = attr.cap.max_inline_data;
2010 resp.response_length = offsetof(typeof(resp), response_length) +
2011 sizeof(resp.response_length);
2013 ret = cb(file, &resp, ucore);
2018 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object,
2020 atomic_inc(&obj->uxrcd->refcnt);
2021 put_xrcd_read(xrcd_uobj);
2028 if (rcq && rcq != scq)
2033 put_rwq_indirection_table_read(ind_tbl);
2035 mutex_lock(&file->mutex);
2036 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->qp_list);
2037 mutex_unlock(&file->mutex);
2039 obj->uevent.uobject.live = 1;
2041 up_write(&obj->uevent.uobject.mutex);
2045 idr_remove_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
2051 ib_rdmacg_uncharge(&obj->uevent.uobject.cg_obj, device,
2052 RDMACG_RESOURCE_HCA_OBJECT);
2056 put_xrcd_read(xrcd_uobj);
2061 if (rcq && rcq != scq)
2066 put_rwq_indirection_table_read(ind_tbl);
2068 put_uobj_write(&obj->uevent.uobject);
2072 static int ib_uverbs_create_qp_cb(struct ib_uverbs_file *file,
2073 struct ib_uverbs_ex_create_qp_resp *resp,
2074 struct ib_udata *ucore)
2076 if (ib_copy_to_udata(ucore, &resp->base, sizeof(resp->base)))
2082 ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
2083 struct ib_device *ib_dev,
2084 const char __user *buf, int in_len,
2087 struct ib_uverbs_create_qp cmd;
2088 struct ib_uverbs_ex_create_qp cmd_ex;
2089 struct ib_udata ucore;
2090 struct ib_udata uhw;
2091 ssize_t resp_size = sizeof(struct ib_uverbs_create_qp_resp);
2094 if (out_len < resp_size)
2097 if (copy_from_user(&cmd, buf, sizeof(cmd)))
2100 INIT_UDATA(&ucore, buf, (unsigned long)cmd.response, sizeof(cmd),
2102 INIT_UDATA(&uhw, buf + sizeof(cmd),
2103 (unsigned long)cmd.response + resp_size,
2104 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr),
2105 out_len - resp_size);
2107 memset(&cmd_ex, 0, sizeof(cmd_ex));
2108 cmd_ex.user_handle = cmd.user_handle;
2109 cmd_ex.pd_handle = cmd.pd_handle;
2110 cmd_ex.send_cq_handle = cmd.send_cq_handle;
2111 cmd_ex.recv_cq_handle = cmd.recv_cq_handle;
2112 cmd_ex.srq_handle = cmd.srq_handle;
2113 cmd_ex.max_send_wr = cmd.max_send_wr;
2114 cmd_ex.max_recv_wr = cmd.max_recv_wr;
2115 cmd_ex.max_send_sge = cmd.max_send_sge;
2116 cmd_ex.max_recv_sge = cmd.max_recv_sge;
2117 cmd_ex.max_inline_data = cmd.max_inline_data;
2118 cmd_ex.sq_sig_all = cmd.sq_sig_all;
2119 cmd_ex.qp_type = cmd.qp_type;
2120 cmd_ex.is_srq = cmd.is_srq;
2122 err = create_qp(file, &ucore, &uhw, &cmd_ex,
2123 offsetof(typeof(cmd_ex), is_srq) +
2124 sizeof(cmd.is_srq), ib_uverbs_create_qp_cb,
2133 static int ib_uverbs_ex_create_qp_cb(struct ib_uverbs_file *file,
2134 struct ib_uverbs_ex_create_qp_resp *resp,
2135 struct ib_udata *ucore)
2137 if (ib_copy_to_udata(ucore, resp, resp->response_length))
2143 int ib_uverbs_ex_create_qp(struct ib_uverbs_file *file,
2144 struct ib_device *ib_dev,
2145 struct ib_udata *ucore,
2146 struct ib_udata *uhw)
2148 struct ib_uverbs_ex_create_qp_resp resp;
2149 struct ib_uverbs_ex_create_qp cmd = {0};
2152 if (ucore->inlen < (offsetof(typeof(cmd), comp_mask) +
2153 sizeof(cmd.comp_mask)))
2156 err = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen));
2160 if (cmd.comp_mask & ~IB_UVERBS_CREATE_QP_SUP_COMP_MASK)
2166 if (ucore->outlen < (offsetof(typeof(resp), response_length) +
2167 sizeof(resp.response_length)))
2170 err = create_qp(file, ucore, uhw, &cmd,
2171 min(ucore->inlen, sizeof(cmd)),
2172 ib_uverbs_ex_create_qp_cb, NULL);
2180 ssize_t ib_uverbs_open_qp(struct ib_uverbs_file *file,
2181 struct ib_device *ib_dev,
2182 const char __user *buf, int in_len, int out_len)
2184 struct ib_uverbs_open_qp cmd;
2185 struct ib_uverbs_create_qp_resp resp;
2186 struct ib_udata udata;
2187 struct ib_uqp_object *obj;
2188 struct ib_xrcd *xrcd;
2189 struct ib_uobject *uninitialized_var(xrcd_uobj);
2191 struct ib_qp_open_attr attr;
2194 if (out_len < sizeof resp)
2197 if (copy_from_user(&cmd, buf, sizeof cmd))
2200 INIT_UDATA(&udata, buf + sizeof cmd,
2201 (unsigned long) cmd.response + sizeof resp,
2202 in_len - sizeof cmd, out_len - sizeof resp);
2204 obj = kmalloc(sizeof *obj, GFP_KERNEL);
2208 init_uobj(&obj->uevent.uobject, cmd.user_handle, file->ucontext, &qp_lock_class);
2209 down_write(&obj->uevent.uobject.mutex);
2211 xrcd = idr_read_xrcd(cmd.pd_handle, file->ucontext, &xrcd_uobj);
2217 attr.event_handler = ib_uverbs_qp_event_handler;
2218 attr.qp_context = file;
2219 attr.qp_num = cmd.qpn;
2220 attr.qp_type = cmd.qp_type;
2222 obj->uevent.events_reported = 0;
2223 INIT_LIST_HEAD(&obj->uevent.event_list);
2224 INIT_LIST_HEAD(&obj->mcast_list);
2226 qp = ib_open_qp(xrcd, &attr);
2232 qp->uobject = &obj->uevent.uobject;
2234 obj->uevent.uobject.object = qp;
2235 ret = idr_add_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
2239 memset(&resp, 0, sizeof resp);
2240 resp.qpn = qp->qp_num;
2241 resp.qp_handle = obj->uevent.uobject.id;
2243 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2244 &resp, sizeof resp)) {
2249 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object, uobject);
2250 atomic_inc(&obj->uxrcd->refcnt);
2251 put_xrcd_read(xrcd_uobj);
2253 mutex_lock(&file->mutex);
2254 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->qp_list);
2255 mutex_unlock(&file->mutex);
2257 obj->uevent.uobject.live = 1;
2259 up_write(&obj->uevent.uobject.mutex);
2264 idr_remove_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
2270 put_xrcd_read(xrcd_uobj);
2271 put_uobj_write(&obj->uevent.uobject);
2275 ssize_t ib_uverbs_query_qp(struct ib_uverbs_file *file,
2276 struct ib_device *ib_dev,
2277 const char __user *buf, int in_len,
2280 struct ib_uverbs_query_qp cmd;
2281 struct ib_uverbs_query_qp_resp resp;
2283 struct ib_qp_attr *attr;
2284 struct ib_qp_init_attr *init_attr;
2287 if (copy_from_user(&cmd, buf, sizeof cmd))
2290 attr = kmalloc(sizeof *attr, GFP_KERNEL);
2291 init_attr = kmalloc(sizeof *init_attr, GFP_KERNEL);
2292 if (!attr || !init_attr) {
2297 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2303 ret = ib_query_qp(qp, attr, cmd.attr_mask, init_attr);
2310 memset(&resp, 0, sizeof resp);
2312 resp.qp_state = attr->qp_state;
2313 resp.cur_qp_state = attr->cur_qp_state;
2314 resp.path_mtu = attr->path_mtu;
2315 resp.path_mig_state = attr->path_mig_state;
2316 resp.qkey = attr->qkey;
2317 resp.rq_psn = attr->rq_psn;
2318 resp.sq_psn = attr->sq_psn;
2319 resp.dest_qp_num = attr->dest_qp_num;
2320 resp.qp_access_flags = attr->qp_access_flags;
2321 resp.pkey_index = attr->pkey_index;
2322 resp.alt_pkey_index = attr->alt_pkey_index;
2323 resp.sq_draining = attr->sq_draining;
2324 resp.max_rd_atomic = attr->max_rd_atomic;
2325 resp.max_dest_rd_atomic = attr->max_dest_rd_atomic;
2326 resp.min_rnr_timer = attr->min_rnr_timer;
2327 resp.port_num = attr->port_num;
2328 resp.timeout = attr->timeout;
2329 resp.retry_cnt = attr->retry_cnt;
2330 resp.rnr_retry = attr->rnr_retry;
2331 resp.alt_port_num = attr->alt_port_num;
2332 resp.alt_timeout = attr->alt_timeout;
2334 memcpy(resp.dest.dgid, attr->ah_attr.grh.dgid.raw, 16);
2335 resp.dest.flow_label = attr->ah_attr.grh.flow_label;
2336 resp.dest.sgid_index = attr->ah_attr.grh.sgid_index;
2337 resp.dest.hop_limit = attr->ah_attr.grh.hop_limit;
2338 resp.dest.traffic_class = attr->ah_attr.grh.traffic_class;
2339 resp.dest.dlid = attr->ah_attr.dlid;
2340 resp.dest.sl = attr->ah_attr.sl;
2341 resp.dest.src_path_bits = attr->ah_attr.src_path_bits;
2342 resp.dest.static_rate = attr->ah_attr.static_rate;
2343 resp.dest.is_global = !!(attr->ah_attr.ah_flags & IB_AH_GRH);
2344 resp.dest.port_num = attr->ah_attr.port_num;
2346 memcpy(resp.alt_dest.dgid, attr->alt_ah_attr.grh.dgid.raw, 16);
2347 resp.alt_dest.flow_label = attr->alt_ah_attr.grh.flow_label;
2348 resp.alt_dest.sgid_index = attr->alt_ah_attr.grh.sgid_index;
2349 resp.alt_dest.hop_limit = attr->alt_ah_attr.grh.hop_limit;
2350 resp.alt_dest.traffic_class = attr->alt_ah_attr.grh.traffic_class;
2351 resp.alt_dest.dlid = attr->alt_ah_attr.dlid;
2352 resp.alt_dest.sl = attr->alt_ah_attr.sl;
2353 resp.alt_dest.src_path_bits = attr->alt_ah_attr.src_path_bits;
2354 resp.alt_dest.static_rate = attr->alt_ah_attr.static_rate;
2355 resp.alt_dest.is_global = !!(attr->alt_ah_attr.ah_flags & IB_AH_GRH);
2356 resp.alt_dest.port_num = attr->alt_ah_attr.port_num;
2358 resp.max_send_wr = init_attr->cap.max_send_wr;
2359 resp.max_recv_wr = init_attr->cap.max_recv_wr;
2360 resp.max_send_sge = init_attr->cap.max_send_sge;
2361 resp.max_recv_sge = init_attr->cap.max_recv_sge;
2362 resp.max_inline_data = init_attr->cap.max_inline_data;
2363 resp.sq_sig_all = init_attr->sq_sig_type == IB_SIGNAL_ALL_WR;
2365 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2366 &resp, sizeof resp))
2373 return ret ? ret : in_len;
2376 /* Remove ignored fields set in the attribute mask */
2377 static int modify_qp_mask(enum ib_qp_type qp_type, int mask)
2380 case IB_QPT_XRC_INI:
2381 return mask & ~(IB_QP_MAX_DEST_RD_ATOMIC | IB_QP_MIN_RNR_TIMER);
2382 case IB_QPT_XRC_TGT:
2383 return mask & ~(IB_QP_MAX_QP_RD_ATOMIC | IB_QP_RETRY_CNT |
2390 static int modify_qp(struct ib_uverbs_file *file,
2391 struct ib_uverbs_ex_modify_qp *cmd, struct ib_udata *udata)
2393 struct ib_qp_attr *attr;
2397 attr = kmalloc(sizeof *attr, GFP_KERNEL);
2401 qp = idr_read_qp(cmd->base.qp_handle, file->ucontext);
2407 attr->qp_state = cmd->base.qp_state;
2408 attr->cur_qp_state = cmd->base.cur_qp_state;
2409 attr->path_mtu = cmd->base.path_mtu;
2410 attr->path_mig_state = cmd->base.path_mig_state;
2411 attr->qkey = cmd->base.qkey;
2412 attr->rq_psn = cmd->base.rq_psn;
2413 attr->sq_psn = cmd->base.sq_psn;
2414 attr->dest_qp_num = cmd->base.dest_qp_num;
2415 attr->qp_access_flags = cmd->base.qp_access_flags;
2416 attr->pkey_index = cmd->base.pkey_index;
2417 attr->alt_pkey_index = cmd->base.alt_pkey_index;
2418 attr->en_sqd_async_notify = cmd->base.en_sqd_async_notify;
2419 attr->max_rd_atomic = cmd->base.max_rd_atomic;
2420 attr->max_dest_rd_atomic = cmd->base.max_dest_rd_atomic;
2421 attr->min_rnr_timer = cmd->base.min_rnr_timer;
2422 attr->port_num = cmd->base.port_num;
2423 attr->timeout = cmd->base.timeout;
2424 attr->retry_cnt = cmd->base.retry_cnt;
2425 attr->rnr_retry = cmd->base.rnr_retry;
2426 attr->alt_port_num = cmd->base.alt_port_num;
2427 attr->alt_timeout = cmd->base.alt_timeout;
2428 attr->rate_limit = cmd->rate_limit;
2430 memcpy(attr->ah_attr.grh.dgid.raw, cmd->base.dest.dgid, 16);
2431 attr->ah_attr.grh.flow_label = cmd->base.dest.flow_label;
2432 attr->ah_attr.grh.sgid_index = cmd->base.dest.sgid_index;
2433 attr->ah_attr.grh.hop_limit = cmd->base.dest.hop_limit;
2434 attr->ah_attr.grh.traffic_class = cmd->base.dest.traffic_class;
2435 attr->ah_attr.dlid = cmd->base.dest.dlid;
2436 attr->ah_attr.sl = cmd->base.dest.sl;
2437 attr->ah_attr.src_path_bits = cmd->base.dest.src_path_bits;
2438 attr->ah_attr.static_rate = cmd->base.dest.static_rate;
2439 attr->ah_attr.ah_flags = cmd->base.dest.is_global ?
2441 attr->ah_attr.port_num = cmd->base.dest.port_num;
2443 memcpy(attr->alt_ah_attr.grh.dgid.raw, cmd->base.alt_dest.dgid, 16);
2444 attr->alt_ah_attr.grh.flow_label = cmd->base.alt_dest.flow_label;
2445 attr->alt_ah_attr.grh.sgid_index = cmd->base.alt_dest.sgid_index;
2446 attr->alt_ah_attr.grh.hop_limit = cmd->base.alt_dest.hop_limit;
2447 attr->alt_ah_attr.grh.traffic_class = cmd->base.alt_dest.traffic_class;
2448 attr->alt_ah_attr.dlid = cmd->base.alt_dest.dlid;
2449 attr->alt_ah_attr.sl = cmd->base.alt_dest.sl;
2450 attr->alt_ah_attr.src_path_bits = cmd->base.alt_dest.src_path_bits;
2451 attr->alt_ah_attr.static_rate = cmd->base.alt_dest.static_rate;
2452 attr->alt_ah_attr.ah_flags = cmd->base.alt_dest.is_global ?
2454 attr->alt_ah_attr.port_num = cmd->base.alt_dest.port_num;
2456 if (qp->real_qp == qp) {
2457 if (cmd->base.attr_mask & IB_QP_AV) {
2458 ret = ib_resolve_eth_dmac(qp->device, &attr->ah_attr);
2462 ret = qp->device->modify_qp(qp, attr,
2463 modify_qp_mask(qp->qp_type,
2464 cmd->base.attr_mask),
2467 ret = ib_modify_qp(qp, attr,
2468 modify_qp_mask(qp->qp_type,
2469 cmd->base.attr_mask));
2481 ssize_t ib_uverbs_modify_qp(struct ib_uverbs_file *file,
2482 struct ib_device *ib_dev,
2483 const char __user *buf, int in_len,
2486 struct ib_uverbs_ex_modify_qp cmd = {};
2487 struct ib_udata udata;
2490 if (copy_from_user(&cmd.base, buf, sizeof(cmd.base)))
2493 if (cmd.base.attr_mask &
2494 ~((IB_USER_LEGACY_LAST_QP_ATTR_MASK << 1) - 1))
2497 INIT_UDATA(&udata, buf + sizeof(cmd.base), NULL,
2498 in_len - sizeof(cmd.base), out_len);
2500 ret = modify_qp(file, &cmd, &udata);
2507 int ib_uverbs_ex_modify_qp(struct ib_uverbs_file *file,
2508 struct ib_device *ib_dev,
2509 struct ib_udata *ucore,
2510 struct ib_udata *uhw)
2512 struct ib_uverbs_ex_modify_qp cmd = {};
2516 * Last bit is reserved for extending the attr_mask by
2517 * using another field.
2519 BUILD_BUG_ON(IB_USER_LAST_QP_ATTR_MASK == (1 << 31));
2521 if (ucore->inlen < sizeof(cmd.base))
2524 ret = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen));
2528 if (cmd.base.attr_mask &
2529 ~((IB_USER_LAST_QP_ATTR_MASK << 1) - 1))
2532 if (ucore->inlen > sizeof(cmd)) {
2533 if (ib_is_udata_cleared(ucore, sizeof(cmd),
2534 ucore->inlen - sizeof(cmd)))
2538 ret = modify_qp(file, &cmd, uhw);
2543 ssize_t ib_uverbs_destroy_qp(struct ib_uverbs_file *file,
2544 struct ib_device *ib_dev,
2545 const char __user *buf, int in_len,
2548 struct ib_uverbs_destroy_qp cmd;
2549 struct ib_uverbs_destroy_qp_resp resp;
2550 struct ib_uobject *uobj;
2552 struct ib_uqp_object *obj;
2555 if (copy_from_user(&cmd, buf, sizeof cmd))
2558 memset(&resp, 0, sizeof resp);
2560 uobj = idr_write_uobj(&ib_uverbs_qp_idr, cmd.qp_handle, file->ucontext);
2564 obj = container_of(uobj, struct ib_uqp_object, uevent.uobject);
2566 if (!list_empty(&obj->mcast_list)) {
2567 put_uobj_write(uobj);
2571 ret = ib_destroy_qp(qp);
2575 put_uobj_write(uobj);
2580 ib_rdmacg_uncharge(&uobj->cg_obj, ib_dev, RDMACG_RESOURCE_HCA_OBJECT);
2583 atomic_dec(&obj->uxrcd->refcnt);
2585 idr_remove_uobj(&ib_uverbs_qp_idr, uobj);
2587 mutex_lock(&file->mutex);
2588 list_del(&uobj->list);
2589 mutex_unlock(&file->mutex);
2591 ib_uverbs_release_uevent(file, &obj->uevent);
2593 resp.events_reported = obj->uevent.events_reported;
2597 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2598 &resp, sizeof resp))
2604 static void *alloc_wr(size_t wr_size, __u32 num_sge)
2606 return kmalloc(ALIGN(wr_size, sizeof (struct ib_sge)) +
2607 num_sge * sizeof (struct ib_sge), GFP_KERNEL);
2610 ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
2611 struct ib_device *ib_dev,
2612 const char __user *buf, int in_len,
2615 struct ib_uverbs_post_send cmd;
2616 struct ib_uverbs_post_send_resp resp;
2617 struct ib_uverbs_send_wr *user_wr;
2618 struct ib_send_wr *wr = NULL, *last, *next, *bad_wr;
2622 ssize_t ret = -EINVAL;
2625 if (copy_from_user(&cmd, buf, sizeof cmd))
2628 if (in_len < sizeof cmd + cmd.wqe_size * cmd.wr_count +
2629 cmd.sge_count * sizeof (struct ib_uverbs_sge))
2632 if (cmd.wqe_size < sizeof (struct ib_uverbs_send_wr))
2635 user_wr = kmalloc(cmd.wqe_size, GFP_KERNEL);
2639 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2643 is_ud = qp->qp_type == IB_QPT_UD;
2646 for (i = 0; i < cmd.wr_count; ++i) {
2647 if (copy_from_user(user_wr,
2648 buf + sizeof cmd + i * cmd.wqe_size,
2654 if (user_wr->num_sge + sg_ind > cmd.sge_count) {
2660 struct ib_ud_wr *ud;
2662 if (user_wr->opcode != IB_WR_SEND &&
2663 user_wr->opcode != IB_WR_SEND_WITH_IMM) {
2668 next_size = sizeof(*ud);
2669 ud = alloc_wr(next_size, user_wr->num_sge);
2675 ud->ah = idr_read_ah(user_wr->wr.ud.ah, file->ucontext);
2681 ud->remote_qpn = user_wr->wr.ud.remote_qpn;
2682 ud->remote_qkey = user_wr->wr.ud.remote_qkey;
2685 } else if (user_wr->opcode == IB_WR_RDMA_WRITE_WITH_IMM ||
2686 user_wr->opcode == IB_WR_RDMA_WRITE ||
2687 user_wr->opcode == IB_WR_RDMA_READ) {
2688 struct ib_rdma_wr *rdma;
2690 next_size = sizeof(*rdma);
2691 rdma = alloc_wr(next_size, user_wr->num_sge);
2697 rdma->remote_addr = user_wr->wr.rdma.remote_addr;
2698 rdma->rkey = user_wr->wr.rdma.rkey;
2701 } else if (user_wr->opcode == IB_WR_ATOMIC_CMP_AND_SWP ||
2702 user_wr->opcode == IB_WR_ATOMIC_FETCH_AND_ADD) {
2703 struct ib_atomic_wr *atomic;
2705 next_size = sizeof(*atomic);
2706 atomic = alloc_wr(next_size, user_wr->num_sge);
2712 atomic->remote_addr = user_wr->wr.atomic.remote_addr;
2713 atomic->compare_add = user_wr->wr.atomic.compare_add;
2714 atomic->swap = user_wr->wr.atomic.swap;
2715 atomic->rkey = user_wr->wr.atomic.rkey;
2718 } else if (user_wr->opcode == IB_WR_SEND ||
2719 user_wr->opcode == IB_WR_SEND_WITH_IMM ||
2720 user_wr->opcode == IB_WR_SEND_WITH_INV) {
2721 next_size = sizeof(*next);
2722 next = alloc_wr(next_size, user_wr->num_sge);
2732 if (user_wr->opcode == IB_WR_SEND_WITH_IMM ||
2733 user_wr->opcode == IB_WR_RDMA_WRITE_WITH_IMM) {
2735 (__be32 __force) user_wr->ex.imm_data;
2736 } else if (user_wr->opcode == IB_WR_SEND_WITH_INV) {
2737 next->ex.invalidate_rkey = user_wr->ex.invalidate_rkey;
2747 next->wr_id = user_wr->wr_id;
2748 next->num_sge = user_wr->num_sge;
2749 next->opcode = user_wr->opcode;
2750 next->send_flags = user_wr->send_flags;
2752 if (next->num_sge) {
2753 next->sg_list = (void *) next +
2754 ALIGN(next_size, sizeof(struct ib_sge));
2755 if (copy_from_user(next->sg_list,
2757 cmd.wr_count * cmd.wqe_size +
2758 sg_ind * sizeof (struct ib_sge),
2759 next->num_sge * sizeof (struct ib_sge))) {
2763 sg_ind += next->num_sge;
2765 next->sg_list = NULL;
2769 ret = qp->device->post_send(qp->real_qp, wr, &bad_wr);
2771 for (next = wr; next; next = next->next) {
2777 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2778 &resp, sizeof resp))
2785 if (is_ud && ud_wr(wr)->ah)
2786 put_ah_read(ud_wr(wr)->ah);
2795 return ret ? ret : in_len;
2798 static struct ib_recv_wr *ib_uverbs_unmarshall_recv(const char __user *buf,
2804 struct ib_uverbs_recv_wr *user_wr;
2805 struct ib_recv_wr *wr = NULL, *last, *next;
2810 if (in_len < wqe_size * wr_count +
2811 sge_count * sizeof (struct ib_uverbs_sge))
2812 return ERR_PTR(-EINVAL);
2814 if (wqe_size < sizeof (struct ib_uverbs_recv_wr))
2815 return ERR_PTR(-EINVAL);
2817 user_wr = kmalloc(wqe_size, GFP_KERNEL);
2819 return ERR_PTR(-ENOMEM);
2823 for (i = 0; i < wr_count; ++i) {
2824 if (copy_from_user(user_wr, buf + i * wqe_size,
2830 if (user_wr->num_sge + sg_ind > sge_count) {
2835 next = kmalloc(ALIGN(sizeof *next, sizeof (struct ib_sge)) +
2836 user_wr->num_sge * sizeof (struct ib_sge),
2850 next->wr_id = user_wr->wr_id;
2851 next->num_sge = user_wr->num_sge;
2853 if (next->num_sge) {
2854 next->sg_list = (void *) next +
2855 ALIGN(sizeof *next, sizeof (struct ib_sge));
2856 if (copy_from_user(next->sg_list,
2857 buf + wr_count * wqe_size +
2858 sg_ind * sizeof (struct ib_sge),
2859 next->num_sge * sizeof (struct ib_sge))) {
2863 sg_ind += next->num_sge;
2865 next->sg_list = NULL;
2880 return ERR_PTR(ret);
2883 ssize_t ib_uverbs_post_recv(struct ib_uverbs_file *file,
2884 struct ib_device *ib_dev,
2885 const char __user *buf, int in_len,
2888 struct ib_uverbs_post_recv cmd;
2889 struct ib_uverbs_post_recv_resp resp;
2890 struct ib_recv_wr *wr, *next, *bad_wr;
2892 ssize_t ret = -EINVAL;
2894 if (copy_from_user(&cmd, buf, sizeof cmd))
2897 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd,
2898 in_len - sizeof cmd, cmd.wr_count,
2899 cmd.sge_count, cmd.wqe_size);
2903 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2908 ret = qp->device->post_recv(qp->real_qp, wr, &bad_wr);
2913 for (next = wr; next; next = next->next) {
2919 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2920 &resp, sizeof resp))
2930 return ret ? ret : in_len;
2933 ssize_t ib_uverbs_post_srq_recv(struct ib_uverbs_file *file,
2934 struct ib_device *ib_dev,
2935 const char __user *buf, int in_len,
2938 struct ib_uverbs_post_srq_recv cmd;
2939 struct ib_uverbs_post_srq_recv_resp resp;
2940 struct ib_recv_wr *wr, *next, *bad_wr;
2942 ssize_t ret = -EINVAL;
2944 if (copy_from_user(&cmd, buf, sizeof cmd))
2947 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd,
2948 in_len - sizeof cmd, cmd.wr_count,
2949 cmd.sge_count, cmd.wqe_size);
2953 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
2958 ret = srq->device->post_srq_recv(srq, wr, &bad_wr);
2963 for (next = wr; next; next = next->next) {
2969 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2970 &resp, sizeof resp))
2980 return ret ? ret : in_len;
2983 ssize_t ib_uverbs_create_ah(struct ib_uverbs_file *file,
2984 struct ib_device *ib_dev,
2985 const char __user *buf, int in_len,
2988 struct ib_uverbs_create_ah cmd;
2989 struct ib_uverbs_create_ah_resp resp;
2990 struct ib_uobject *uobj;
2993 struct ib_ah_attr attr;
2995 struct ib_udata udata;
2997 if (out_len < sizeof resp)
3000 if (copy_from_user(&cmd, buf, sizeof cmd))
3003 INIT_UDATA(&udata, buf + sizeof(cmd),
3004 (unsigned long)cmd.response + sizeof(resp),
3005 in_len - sizeof(cmd), out_len - sizeof(resp));
3007 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
3011 init_uobj(uobj, cmd.user_handle, file->ucontext, &ah_lock_class);
3012 down_write(&uobj->mutex);
3014 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
3020 attr.dlid = cmd.attr.dlid;
3021 attr.sl = cmd.attr.sl;
3022 attr.src_path_bits = cmd.attr.src_path_bits;
3023 attr.static_rate = cmd.attr.static_rate;
3024 attr.ah_flags = cmd.attr.is_global ? IB_AH_GRH : 0;
3025 attr.port_num = cmd.attr.port_num;
3026 attr.grh.flow_label = cmd.attr.grh.flow_label;
3027 attr.grh.sgid_index = cmd.attr.grh.sgid_index;
3028 attr.grh.hop_limit = cmd.attr.grh.hop_limit;
3029 attr.grh.traffic_class = cmd.attr.grh.traffic_class;
3030 memset(&attr.dmac, 0, sizeof(attr.dmac));
3031 memcpy(attr.grh.dgid.raw, cmd.attr.grh.dgid, 16);
3033 ret = ib_rdmacg_try_charge(&uobj->cg_obj, ib_dev,
3034 RDMACG_RESOURCE_HCA_OBJECT);
3038 ah = pd->device->create_ah(pd, &attr, &udata);
3045 ah->device = pd->device;
3047 atomic_inc(&pd->usecnt);
3051 ret = idr_add_uobj(&ib_uverbs_ah_idr, uobj);
3055 resp.ah_handle = uobj->id;
3057 if (copy_to_user((void __user *) (unsigned long) cmd.response,
3058 &resp, sizeof resp)) {
3065 mutex_lock(&file->mutex);
3066 list_add_tail(&uobj->list, &file->ucontext->ah_list);
3067 mutex_unlock(&file->mutex);
3071 up_write(&uobj->mutex);
3076 idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
3082 ib_rdmacg_uncharge(&uobj->cg_obj, ib_dev, RDMACG_RESOURCE_HCA_OBJECT);
3088 put_uobj_write(uobj);
3092 ssize_t ib_uverbs_destroy_ah(struct ib_uverbs_file *file,
3093 struct ib_device *ib_dev,
3094 const char __user *buf, int in_len, int out_len)
3096 struct ib_uverbs_destroy_ah cmd;
3098 struct ib_uobject *uobj;
3101 if (copy_from_user(&cmd, buf, sizeof cmd))
3104 uobj = idr_write_uobj(&ib_uverbs_ah_idr, cmd.ah_handle, file->ucontext);
3109 ret = ib_destroy_ah(ah);
3113 put_uobj_write(uobj);
3118 ib_rdmacg_uncharge(&uobj->cg_obj, ib_dev, RDMACG_RESOURCE_HCA_OBJECT);
3120 idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
3122 mutex_lock(&file->mutex);
3123 list_del(&uobj->list);
3124 mutex_unlock(&file->mutex);
3131 ssize_t ib_uverbs_attach_mcast(struct ib_uverbs_file *file,
3132 struct ib_device *ib_dev,
3133 const char __user *buf, int in_len,
3136 struct ib_uverbs_attach_mcast cmd;
3138 struct ib_uqp_object *obj;
3139 struct ib_uverbs_mcast_entry *mcast;
3142 if (copy_from_user(&cmd, buf, sizeof cmd))
3145 qp = idr_write_qp(cmd.qp_handle, file->ucontext);
3149 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
3151 list_for_each_entry(mcast, &obj->mcast_list, list)
3152 if (cmd.mlid == mcast->lid &&
3153 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
3158 mcast = kmalloc(sizeof *mcast, GFP_KERNEL);
3164 mcast->lid = cmd.mlid;
3165 memcpy(mcast->gid.raw, cmd.gid, sizeof mcast->gid.raw);
3167 ret = ib_attach_mcast(qp, &mcast->gid, cmd.mlid);
3169 list_add_tail(&mcast->list, &obj->mcast_list);
3176 return ret ? ret : in_len;
3179 ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *file,
3180 struct ib_device *ib_dev,
3181 const char __user *buf, int in_len,
3184 struct ib_uverbs_detach_mcast cmd;
3185 struct ib_uqp_object *obj;
3187 struct ib_uverbs_mcast_entry *mcast;
3190 if (copy_from_user(&cmd, buf, sizeof cmd))
3193 qp = idr_write_qp(cmd.qp_handle, file->ucontext);
3197 ret = ib_detach_mcast(qp, (union ib_gid *) cmd.gid, cmd.mlid);
3201 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
3203 list_for_each_entry(mcast, &obj->mcast_list, list)
3204 if (cmd.mlid == mcast->lid &&
3205 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
3206 list_del(&mcast->list);
3214 return ret ? ret : in_len;
3217 static int kern_spec_to_ib_spec_action(struct ib_uverbs_flow_spec *kern_spec,
3218 union ib_flow_spec *ib_spec)
3220 ib_spec->type = kern_spec->type;
3221 switch (ib_spec->type) {
3222 case IB_FLOW_SPEC_ACTION_TAG:
3223 if (kern_spec->flow_tag.size !=
3224 sizeof(struct ib_uverbs_flow_spec_action_tag))
3227 ib_spec->flow_tag.size = sizeof(struct ib_flow_spec_action_tag);
3228 ib_spec->flow_tag.tag_id = kern_spec->flow_tag.tag_id;
3236 static size_t kern_spec_filter_sz(struct ib_uverbs_flow_spec_hdr *spec)
3238 /* Returns user space filter size, includes padding */
3239 return (spec->size - sizeof(struct ib_uverbs_flow_spec_hdr)) / 2;
3242 static ssize_t spec_filter_size(void *kern_spec_filter, u16 kern_filter_size,
3243 u16 ib_real_filter_sz)
3246 * User space filter structures must be 64 bit aligned, otherwise this
3247 * may pass, but we won't handle additional new attributes.
3250 if (kern_filter_size > ib_real_filter_sz) {
3251 if (memchr_inv(kern_spec_filter +
3252 ib_real_filter_sz, 0,
3253 kern_filter_size - ib_real_filter_sz))
3255 return ib_real_filter_sz;
3257 return kern_filter_size;
3260 static int kern_spec_to_ib_spec_filter(struct ib_uverbs_flow_spec *kern_spec,
3261 union ib_flow_spec *ib_spec)
3263 ssize_t actual_filter_sz;
3264 ssize_t kern_filter_sz;
3265 ssize_t ib_filter_sz;
3266 void *kern_spec_mask;
3267 void *kern_spec_val;
3269 if (kern_spec->reserved)
3272 ib_spec->type = kern_spec->type;
3274 kern_filter_sz = kern_spec_filter_sz(&kern_spec->hdr);
3275 /* User flow spec size must be aligned to 4 bytes */
3276 if (kern_filter_sz != ALIGN(kern_filter_sz, 4))
3279 kern_spec_val = (void *)kern_spec +
3280 sizeof(struct ib_uverbs_flow_spec_hdr);
3281 kern_spec_mask = kern_spec_val + kern_filter_sz;
3282 if (ib_spec->type == (IB_FLOW_SPEC_INNER | IB_FLOW_SPEC_VXLAN_TUNNEL))
3285 switch (ib_spec->type & ~IB_FLOW_SPEC_INNER) {
3286 case IB_FLOW_SPEC_ETH:
3287 ib_filter_sz = offsetof(struct ib_flow_eth_filter, real_sz);
3288 actual_filter_sz = spec_filter_size(kern_spec_mask,
3291 if (actual_filter_sz <= 0)
3293 ib_spec->size = sizeof(struct ib_flow_spec_eth);
3294 memcpy(&ib_spec->eth.val, kern_spec_val, actual_filter_sz);
3295 memcpy(&ib_spec->eth.mask, kern_spec_mask, actual_filter_sz);
3297 case IB_FLOW_SPEC_IPV4:
3298 ib_filter_sz = offsetof(struct ib_flow_ipv4_filter, real_sz);
3299 actual_filter_sz = spec_filter_size(kern_spec_mask,
3302 if (actual_filter_sz <= 0)
3304 ib_spec->size = sizeof(struct ib_flow_spec_ipv4);
3305 memcpy(&ib_spec->ipv4.val, kern_spec_val, actual_filter_sz);
3306 memcpy(&ib_spec->ipv4.mask, kern_spec_mask, actual_filter_sz);
3308 case IB_FLOW_SPEC_IPV6:
3309 ib_filter_sz = offsetof(struct ib_flow_ipv6_filter, real_sz);
3310 actual_filter_sz = spec_filter_size(kern_spec_mask,
3313 if (actual_filter_sz <= 0)
3315 ib_spec->size = sizeof(struct ib_flow_spec_ipv6);
3316 memcpy(&ib_spec->ipv6.val, kern_spec_val, actual_filter_sz);
3317 memcpy(&ib_spec->ipv6.mask, kern_spec_mask, actual_filter_sz);
3319 if ((ntohl(ib_spec->ipv6.mask.flow_label)) >= BIT(20) ||
3320 (ntohl(ib_spec->ipv6.val.flow_label)) >= BIT(20))
3323 case IB_FLOW_SPEC_TCP:
3324 case IB_FLOW_SPEC_UDP:
3325 ib_filter_sz = offsetof(struct ib_flow_tcp_udp_filter, real_sz);
3326 actual_filter_sz = spec_filter_size(kern_spec_mask,
3329 if (actual_filter_sz <= 0)
3331 ib_spec->size = sizeof(struct ib_flow_spec_tcp_udp);
3332 memcpy(&ib_spec->tcp_udp.val, kern_spec_val, actual_filter_sz);
3333 memcpy(&ib_spec->tcp_udp.mask, kern_spec_mask, actual_filter_sz);
3335 case IB_FLOW_SPEC_VXLAN_TUNNEL:
3336 ib_filter_sz = offsetof(struct ib_flow_tunnel_filter, real_sz);
3337 actual_filter_sz = spec_filter_size(kern_spec_mask,
3340 if (actual_filter_sz <= 0)
3342 ib_spec->tunnel.size = sizeof(struct ib_flow_spec_tunnel);
3343 memcpy(&ib_spec->tunnel.val, kern_spec_val, actual_filter_sz);
3344 memcpy(&ib_spec->tunnel.mask, kern_spec_mask, actual_filter_sz);
3346 if ((ntohl(ib_spec->tunnel.mask.tunnel_id)) >= BIT(24) ||
3347 (ntohl(ib_spec->tunnel.val.tunnel_id)) >= BIT(24))
3356 static int kern_spec_to_ib_spec(struct ib_uverbs_flow_spec *kern_spec,
3357 union ib_flow_spec *ib_spec)
3359 if (kern_spec->reserved)
3362 if (kern_spec->type >= IB_FLOW_SPEC_ACTION_TAG)
3363 return kern_spec_to_ib_spec_action(kern_spec, ib_spec);
3365 return kern_spec_to_ib_spec_filter(kern_spec, ib_spec);
3368 int ib_uverbs_ex_create_wq(struct ib_uverbs_file *file,
3369 struct ib_device *ib_dev,
3370 struct ib_udata *ucore,
3371 struct ib_udata *uhw)
3373 struct ib_uverbs_ex_create_wq cmd = {};
3374 struct ib_uverbs_ex_create_wq_resp resp = {};
3375 struct ib_uwq_object *obj;
3380 struct ib_wq_init_attr wq_init_attr = {};
3381 size_t required_cmd_sz;
3382 size_t required_resp_len;
3384 required_cmd_sz = offsetof(typeof(cmd), max_sge) + sizeof(cmd.max_sge);
3385 required_resp_len = offsetof(typeof(resp), wqn) + sizeof(resp.wqn);
3387 if (ucore->inlen < required_cmd_sz)
3390 if (ucore->outlen < required_resp_len)
3393 if (ucore->inlen > sizeof(cmd) &&
3394 !ib_is_udata_cleared(ucore, sizeof(cmd),
3395 ucore->inlen - sizeof(cmd)))
3398 err = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen));
3405 obj = kmalloc(sizeof(*obj), GFP_KERNEL);
3409 init_uobj(&obj->uevent.uobject, cmd.user_handle, file->ucontext,
3411 down_write(&obj->uevent.uobject.mutex);
3412 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
3418 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
3424 wq_init_attr.cq = cq;
3425 wq_init_attr.max_sge = cmd.max_sge;
3426 wq_init_attr.max_wr = cmd.max_wr;
3427 wq_init_attr.wq_context = file;
3428 wq_init_attr.wq_type = cmd.wq_type;
3429 wq_init_attr.event_handler = ib_uverbs_wq_event_handler;
3430 if (ucore->inlen >= (offsetof(typeof(cmd), create_flags) +
3431 sizeof(cmd.create_flags)))
3432 wq_init_attr.create_flags = cmd.create_flags;
3433 obj->uevent.events_reported = 0;
3434 INIT_LIST_HEAD(&obj->uevent.event_list);
3435 wq = pd->device->create_wq(pd, &wq_init_attr, uhw);
3441 wq->uobject = &obj->uevent.uobject;
3442 obj->uevent.uobject.object = wq;
3443 wq->wq_type = wq_init_attr.wq_type;
3446 wq->device = pd->device;
3447 wq->wq_context = wq_init_attr.wq_context;
3448 atomic_set(&wq->usecnt, 0);
3449 atomic_inc(&pd->usecnt);
3450 atomic_inc(&cq->usecnt);
3451 wq->uobject = &obj->uevent.uobject;
3452 obj->uevent.uobject.object = wq;
3453 err = idr_add_uobj(&ib_uverbs_wq_idr, &obj->uevent.uobject);
3457 memset(&resp, 0, sizeof(resp));
3458 resp.wq_handle = obj->uevent.uobject.id;
3459 resp.max_sge = wq_init_attr.max_sge;
3460 resp.max_wr = wq_init_attr.max_wr;
3461 resp.wqn = wq->wq_num;
3462 resp.response_length = required_resp_len;
3463 err = ib_copy_to_udata(ucore,
3464 &resp, resp.response_length);
3471 mutex_lock(&file->mutex);
3472 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->wq_list);
3473 mutex_unlock(&file->mutex);
3475 obj->uevent.uobject.live = 1;
3476 up_write(&obj->uevent.uobject.mutex);
3480 idr_remove_uobj(&ib_uverbs_wq_idr, &obj->uevent.uobject);
3488 put_uobj_write(&obj->uevent.uobject);
3493 int ib_uverbs_ex_destroy_wq(struct ib_uverbs_file *file,
3494 struct ib_device *ib_dev,
3495 struct ib_udata *ucore,
3496 struct ib_udata *uhw)
3498 struct ib_uverbs_ex_destroy_wq cmd = {};
3499 struct ib_uverbs_ex_destroy_wq_resp resp = {};
3501 struct ib_uobject *uobj;
3502 struct ib_uwq_object *obj;
3503 size_t required_cmd_sz;
3504 size_t required_resp_len;
3507 required_cmd_sz = offsetof(typeof(cmd), wq_handle) + sizeof(cmd.wq_handle);
3508 required_resp_len = offsetof(typeof(resp), reserved) + sizeof(resp.reserved);
3510 if (ucore->inlen < required_cmd_sz)
3513 if (ucore->outlen < required_resp_len)
3516 if (ucore->inlen > sizeof(cmd) &&
3517 !ib_is_udata_cleared(ucore, sizeof(cmd),
3518 ucore->inlen - sizeof(cmd)))
3521 ret = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen));
3528 resp.response_length = required_resp_len;
3529 uobj = idr_write_uobj(&ib_uverbs_wq_idr, cmd.wq_handle,
3535 obj = container_of(uobj, struct ib_uwq_object, uevent.uobject);
3536 ret = ib_destroy_wq(wq);
3540 put_uobj_write(uobj);
3544 idr_remove_uobj(&ib_uverbs_wq_idr, uobj);
3546 mutex_lock(&file->mutex);
3547 list_del(&uobj->list);
3548 mutex_unlock(&file->mutex);
3550 ib_uverbs_release_uevent(file, &obj->uevent);
3551 resp.events_reported = obj->uevent.events_reported;
3554 ret = ib_copy_to_udata(ucore, &resp, resp.response_length);
3561 int ib_uverbs_ex_modify_wq(struct ib_uverbs_file *file,
3562 struct ib_device *ib_dev,
3563 struct ib_udata *ucore,
3564 struct ib_udata *uhw)
3566 struct ib_uverbs_ex_modify_wq cmd = {};
3568 struct ib_wq_attr wq_attr = {};
3569 size_t required_cmd_sz;
3572 required_cmd_sz = offsetof(typeof(cmd), curr_wq_state) + sizeof(cmd.curr_wq_state);
3573 if (ucore->inlen < required_cmd_sz)
3576 if (ucore->inlen > sizeof(cmd) &&
3577 !ib_is_udata_cleared(ucore, sizeof(cmd),
3578 ucore->inlen - sizeof(cmd)))
3581 ret = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen));
3588 if (cmd.attr_mask > (IB_WQ_STATE | IB_WQ_CUR_STATE | IB_WQ_FLAGS))
3591 wq = idr_read_wq(cmd.wq_handle, file->ucontext);
3595 wq_attr.curr_wq_state = cmd.curr_wq_state;
3596 wq_attr.wq_state = cmd.wq_state;
3597 if (cmd.attr_mask & IB_WQ_FLAGS) {
3598 wq_attr.flags = cmd.flags;
3599 wq_attr.flags_mask = cmd.flags_mask;
3601 ret = wq->device->modify_wq(wq, &wq_attr, cmd.attr_mask, uhw);
3606 int ib_uverbs_ex_create_rwq_ind_table(struct ib_uverbs_file *file,
3607 struct ib_device *ib_dev,
3608 struct ib_udata *ucore,
3609 struct ib_udata *uhw)
3611 struct ib_uverbs_ex_create_rwq_ind_table cmd = {};
3612 struct ib_uverbs_ex_create_rwq_ind_table_resp resp = {};
3613 struct ib_uobject *uobj;
3615 struct ib_rwq_ind_table_init_attr init_attr = {};
3616 struct ib_rwq_ind_table *rwq_ind_tbl;
3617 struct ib_wq **wqs = NULL;
3618 u32 *wqs_handles = NULL;
3619 struct ib_wq *wq = NULL;
3620 int i, j, num_read_wqs;
3622 u32 expected_in_size;
3623 size_t required_cmd_sz_header;
3624 size_t required_resp_len;
3626 required_cmd_sz_header = offsetof(typeof(cmd), log_ind_tbl_size) + sizeof(cmd.log_ind_tbl_size);
3627 required_resp_len = offsetof(typeof(resp), ind_tbl_num) + sizeof(resp.ind_tbl_num);
3629 if (ucore->inlen < required_cmd_sz_header)
3632 if (ucore->outlen < required_resp_len)
3635 err = ib_copy_from_udata(&cmd, ucore, required_cmd_sz_header);
3639 ucore->inbuf += required_cmd_sz_header;
3640 ucore->inlen -= required_cmd_sz_header;
3645 if (cmd.log_ind_tbl_size > IB_USER_VERBS_MAX_LOG_IND_TBL_SIZE)
3648 num_wq_handles = 1 << cmd.log_ind_tbl_size;
3649 expected_in_size = num_wq_handles * sizeof(__u32);
3650 if (num_wq_handles == 1)
3651 /* input size for wq handles is u64 aligned */
3652 expected_in_size += sizeof(__u32);
3654 if (ucore->inlen < expected_in_size)
3657 if (ucore->inlen > expected_in_size &&
3658 !ib_is_udata_cleared(ucore, expected_in_size,
3659 ucore->inlen - expected_in_size))
3662 wqs_handles = kcalloc(num_wq_handles, sizeof(*wqs_handles),
3667 err = ib_copy_from_udata(wqs_handles, ucore,
3668 num_wq_handles * sizeof(__u32));
3672 wqs = kcalloc(num_wq_handles, sizeof(*wqs), GFP_KERNEL);
3678 for (num_read_wqs = 0; num_read_wqs < num_wq_handles;
3680 wq = idr_read_wq(wqs_handles[num_read_wqs], file->ucontext);
3686 wqs[num_read_wqs] = wq;
3689 uobj = kmalloc(sizeof(*uobj), GFP_KERNEL);
3695 init_uobj(uobj, 0, file->ucontext, &rwq_ind_table_lock_class);
3696 down_write(&uobj->mutex);
3697 init_attr.log_ind_tbl_size = cmd.log_ind_tbl_size;
3698 init_attr.ind_tbl = wqs;
3699 rwq_ind_tbl = ib_dev->create_rwq_ind_table(ib_dev, &init_attr, uhw);
3701 if (IS_ERR(rwq_ind_tbl)) {
3702 err = PTR_ERR(rwq_ind_tbl);
3706 rwq_ind_tbl->ind_tbl = wqs;
3707 rwq_ind_tbl->log_ind_tbl_size = init_attr.log_ind_tbl_size;
3708 rwq_ind_tbl->uobject = uobj;
3709 uobj->object = rwq_ind_tbl;
3710 rwq_ind_tbl->device = ib_dev;
3711 atomic_set(&rwq_ind_tbl->usecnt, 0);
3713 for (i = 0; i < num_wq_handles; i++)
3714 atomic_inc(&wqs[i]->usecnt);
3716 err = idr_add_uobj(&ib_uverbs_rwq_ind_tbl_idr, uobj);
3718 goto destroy_ind_tbl;
3720 resp.ind_tbl_handle = uobj->id;
3721 resp.ind_tbl_num = rwq_ind_tbl->ind_tbl_num;
3722 resp.response_length = required_resp_len;
3724 err = ib_copy_to_udata(ucore,
3725 &resp, resp.response_length);
3731 for (j = 0; j < num_read_wqs; j++)
3732 put_wq_read(wqs[j]);
3734 mutex_lock(&file->mutex);
3735 list_add_tail(&uobj->list, &file->ucontext->rwq_ind_tbl_list);
3736 mutex_unlock(&file->mutex);
3740 up_write(&uobj->mutex);
3744 idr_remove_uobj(&ib_uverbs_rwq_ind_tbl_idr, uobj);
3746 ib_destroy_rwq_ind_table(rwq_ind_tbl);
3748 put_uobj_write(uobj);
3750 for (j = 0; j < num_read_wqs; j++)
3751 put_wq_read(wqs[j]);
3758 int ib_uverbs_ex_destroy_rwq_ind_table(struct ib_uverbs_file *file,
3759 struct ib_device *ib_dev,
3760 struct ib_udata *ucore,
3761 struct ib_udata *uhw)
3763 struct ib_uverbs_ex_destroy_rwq_ind_table cmd = {};
3764 struct ib_rwq_ind_table *rwq_ind_tbl;
3765 struct ib_uobject *uobj;
3767 struct ib_wq **ind_tbl;
3768 size_t required_cmd_sz;
3770 required_cmd_sz = offsetof(typeof(cmd), ind_tbl_handle) + sizeof(cmd.ind_tbl_handle);
3772 if (ucore->inlen < required_cmd_sz)
3775 if (ucore->inlen > sizeof(cmd) &&
3776 !ib_is_udata_cleared(ucore, sizeof(cmd),
3777 ucore->inlen - sizeof(cmd)))
3780 ret = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen));
3787 uobj = idr_write_uobj(&ib_uverbs_rwq_ind_tbl_idr, cmd.ind_tbl_handle,
3791 rwq_ind_tbl = uobj->object;
3792 ind_tbl = rwq_ind_tbl->ind_tbl;
3794 ret = ib_destroy_rwq_ind_table(rwq_ind_tbl);
3798 put_uobj_write(uobj);
3803 idr_remove_uobj(&ib_uverbs_rwq_ind_tbl_idr, uobj);
3805 mutex_lock(&file->mutex);
3806 list_del(&uobj->list);
3807 mutex_unlock(&file->mutex);
3814 int ib_uverbs_ex_create_flow(struct ib_uverbs_file *file,
3815 struct ib_device *ib_dev,
3816 struct ib_udata *ucore,
3817 struct ib_udata *uhw)
3819 struct ib_uverbs_create_flow cmd;
3820 struct ib_uverbs_create_flow_resp resp;
3821 struct ib_uobject *uobj;
3822 struct ib_flow *flow_id;
3823 struct ib_uverbs_flow_attr *kern_flow_attr;
3824 struct ib_flow_attr *flow_attr;
3831 if (ucore->inlen < sizeof(cmd))
3834 if (ucore->outlen < sizeof(resp))
3837 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
3841 ucore->inbuf += sizeof(cmd);
3842 ucore->inlen -= sizeof(cmd);
3847 if (!capable(CAP_NET_RAW))
3850 if (cmd.flow_attr.flags >= IB_FLOW_ATTR_FLAGS_RESERVED)
3853 if ((cmd.flow_attr.flags & IB_FLOW_ATTR_FLAGS_DONT_TRAP) &&
3854 ((cmd.flow_attr.type == IB_FLOW_ATTR_ALL_DEFAULT) ||
3855 (cmd.flow_attr.type == IB_FLOW_ATTR_MC_DEFAULT)))
3858 if (cmd.flow_attr.num_of_specs > IB_FLOW_SPEC_SUPPORT_LAYERS)
3861 if (cmd.flow_attr.size > ucore->inlen ||
3862 cmd.flow_attr.size >
3863 (cmd.flow_attr.num_of_specs * sizeof(struct ib_uverbs_flow_spec)))
3866 if (cmd.flow_attr.reserved[0] ||
3867 cmd.flow_attr.reserved[1])
3870 if (cmd.flow_attr.num_of_specs) {
3871 kern_flow_attr = kmalloc(sizeof(*kern_flow_attr) + cmd.flow_attr.size,
3873 if (!kern_flow_attr)
3876 memcpy(kern_flow_attr, &cmd.flow_attr, sizeof(*kern_flow_attr));
3877 err = ib_copy_from_udata(kern_flow_attr + 1, ucore,
3878 cmd.flow_attr.size);
3882 kern_flow_attr = &cmd.flow_attr;
3885 uobj = kmalloc(sizeof(*uobj), GFP_KERNEL);
3890 init_uobj(uobj, 0, file->ucontext, &rule_lock_class);
3891 down_write(&uobj->mutex);
3893 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
3899 flow_attr = kzalloc(sizeof(*flow_attr) + cmd.flow_attr.num_of_specs *
3900 sizeof(union ib_flow_spec), GFP_KERNEL);
3906 flow_attr->type = kern_flow_attr->type;
3907 flow_attr->priority = kern_flow_attr->priority;
3908 flow_attr->num_of_specs = kern_flow_attr->num_of_specs;
3909 flow_attr->port = kern_flow_attr->port;
3910 flow_attr->flags = kern_flow_attr->flags;
3911 flow_attr->size = sizeof(*flow_attr);
3913 kern_spec = kern_flow_attr + 1;
3914 ib_spec = flow_attr + 1;
3915 for (i = 0; i < flow_attr->num_of_specs &&
3916 cmd.flow_attr.size > offsetof(struct ib_uverbs_flow_spec, reserved) &&
3917 cmd.flow_attr.size >=
3918 ((struct ib_uverbs_flow_spec *)kern_spec)->size; i++) {
3919 err = kern_spec_to_ib_spec(kern_spec, ib_spec);
3923 ((union ib_flow_spec *) ib_spec)->size;
3924 cmd.flow_attr.size -= ((struct ib_uverbs_flow_spec *)kern_spec)->size;
3925 kern_spec += ((struct ib_uverbs_flow_spec *) kern_spec)->size;
3926 ib_spec += ((union ib_flow_spec *) ib_spec)->size;
3928 if (cmd.flow_attr.size || (i != flow_attr->num_of_specs)) {
3929 pr_warn("create flow failed, flow %d: %d bytes left from uverb cmd\n",
3930 i, cmd.flow_attr.size);
3935 err = ib_rdmacg_try_charge(&uobj->cg_obj, ib_dev,
3936 RDMACG_RESOURCE_HCA_OBJECT);
3940 flow_id = ib_create_flow(qp, flow_attr, IB_FLOW_DOMAIN_USER);
3941 if (IS_ERR(flow_id)) {
3942 err = PTR_ERR(flow_id);
3945 flow_id->uobject = uobj;
3946 uobj->object = flow_id;
3948 err = idr_add_uobj(&ib_uverbs_rule_idr, uobj);
3952 memset(&resp, 0, sizeof(resp));
3953 resp.flow_handle = uobj->id;
3955 err = ib_copy_to_udata(ucore,
3956 &resp, sizeof(resp));
3961 mutex_lock(&file->mutex);
3962 list_add_tail(&uobj->list, &file->ucontext->rule_list);
3963 mutex_unlock(&file->mutex);
3967 up_write(&uobj->mutex);
3969 if (cmd.flow_attr.num_of_specs)
3970 kfree(kern_flow_attr);
3973 idr_remove_uobj(&ib_uverbs_rule_idr, uobj);
3975 ib_destroy_flow(flow_id);
3977 ib_rdmacg_uncharge(&uobj->cg_obj, ib_dev, RDMACG_RESOURCE_HCA_OBJECT);
3983 put_uobj_write(uobj);
3985 if (cmd.flow_attr.num_of_specs)
3986 kfree(kern_flow_attr);
3990 int ib_uverbs_ex_destroy_flow(struct ib_uverbs_file *file,
3991 struct ib_device *ib_dev,
3992 struct ib_udata *ucore,
3993 struct ib_udata *uhw)
3995 struct ib_uverbs_destroy_flow cmd;
3996 struct ib_flow *flow_id;
3997 struct ib_uobject *uobj;
4000 if (ucore->inlen < sizeof(cmd))
4003 ret = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
4010 uobj = idr_write_uobj(&ib_uverbs_rule_idr, cmd.flow_handle,
4014 flow_id = uobj->object;
4016 ret = ib_destroy_flow(flow_id);
4018 ib_rdmacg_uncharge(&uobj->cg_obj, ib_dev,
4019 RDMACG_RESOURCE_HCA_OBJECT);
4023 put_uobj_write(uobj);
4025 idr_remove_uobj(&ib_uverbs_rule_idr, uobj);
4027 mutex_lock(&file->mutex);
4028 list_del(&uobj->list);
4029 mutex_unlock(&file->mutex);
4036 static int __uverbs_create_xsrq(struct ib_uverbs_file *file,
4037 struct ib_device *ib_dev,
4038 struct ib_uverbs_create_xsrq *cmd,
4039 struct ib_udata *udata)
4041 struct ib_uverbs_create_srq_resp resp;
4042 struct ib_usrq_object *obj;
4045 struct ib_uobject *uninitialized_var(xrcd_uobj);
4046 struct ib_srq_init_attr attr;
4049 obj = kmalloc(sizeof *obj, GFP_KERNEL);
4053 init_uobj(&obj->uevent.uobject, cmd->user_handle, file->ucontext, &srq_lock_class);
4054 down_write(&obj->uevent.uobject.mutex);
4056 if (cmd->srq_type == IB_SRQT_XRC) {
4057 attr.ext.xrc.xrcd = idr_read_xrcd(cmd->xrcd_handle, file->ucontext, &xrcd_uobj);
4058 if (!attr.ext.xrc.xrcd) {
4063 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object, uobject);
4064 atomic_inc(&obj->uxrcd->refcnt);
4066 attr.ext.xrc.cq = idr_read_cq(cmd->cq_handle, file->ucontext, 0);
4067 if (!attr.ext.xrc.cq) {
4073 pd = idr_read_pd(cmd->pd_handle, file->ucontext);
4079 attr.event_handler = ib_uverbs_srq_event_handler;
4080 attr.srq_context = file;
4081 attr.srq_type = cmd->srq_type;
4082 attr.attr.max_wr = cmd->max_wr;
4083 attr.attr.max_sge = cmd->max_sge;
4084 attr.attr.srq_limit = cmd->srq_limit;
4086 obj->uevent.events_reported = 0;
4087 INIT_LIST_HEAD(&obj->uevent.event_list);
4089 ret = ib_rdmacg_try_charge(&obj->uevent.uobject.cg_obj, ib_dev,
4090 RDMACG_RESOURCE_HCA_OBJECT);
4094 srq = pd->device->create_srq(pd, &attr, udata);
4100 srq->device = pd->device;
4102 srq->srq_type = cmd->srq_type;
4103 srq->uobject = &obj->uevent.uobject;
4104 srq->event_handler = attr.event_handler;
4105 srq->srq_context = attr.srq_context;
4107 if (cmd->srq_type == IB_SRQT_XRC) {
4108 srq->ext.xrc.cq = attr.ext.xrc.cq;
4109 srq->ext.xrc.xrcd = attr.ext.xrc.xrcd;
4110 atomic_inc(&attr.ext.xrc.cq->usecnt);
4111 atomic_inc(&attr.ext.xrc.xrcd->usecnt);
4114 atomic_inc(&pd->usecnt);
4115 atomic_set(&srq->usecnt, 0);
4117 obj->uevent.uobject.object = srq;
4118 ret = idr_add_uobj(&ib_uverbs_srq_idr, &obj->uevent.uobject);
4122 memset(&resp, 0, sizeof resp);
4123 resp.srq_handle = obj->uevent.uobject.id;
4124 resp.max_wr = attr.attr.max_wr;
4125 resp.max_sge = attr.attr.max_sge;
4126 if (cmd->srq_type == IB_SRQT_XRC)
4127 resp.srqn = srq->ext.xrc.srq_num;
4129 if (copy_to_user((void __user *) (unsigned long) cmd->response,
4130 &resp, sizeof resp)) {
4135 if (cmd->srq_type == IB_SRQT_XRC) {
4136 put_uobj_read(xrcd_uobj);
4137 put_cq_read(attr.ext.xrc.cq);
4141 mutex_lock(&file->mutex);
4142 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->srq_list);
4143 mutex_unlock(&file->mutex);
4145 obj->uevent.uobject.live = 1;
4147 up_write(&obj->uevent.uobject.mutex);
4152 idr_remove_uobj(&ib_uverbs_srq_idr, &obj->uevent.uobject);
4155 ib_destroy_srq(srq);
4158 ib_rdmacg_uncharge(&obj->uevent.uobject.cg_obj, ib_dev,
4159 RDMACG_RESOURCE_HCA_OBJECT);
4163 if (cmd->srq_type == IB_SRQT_XRC)
4164 put_cq_read(attr.ext.xrc.cq);
4167 if (cmd->srq_type == IB_SRQT_XRC) {
4168 atomic_dec(&obj->uxrcd->refcnt);
4169 put_uobj_read(xrcd_uobj);
4173 put_uobj_write(&obj->uevent.uobject);
4177 ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file,
4178 struct ib_device *ib_dev,
4179 const char __user *buf, int in_len,
4182 struct ib_uverbs_create_srq cmd;
4183 struct ib_uverbs_create_xsrq xcmd;
4184 struct ib_uverbs_create_srq_resp resp;
4185 struct ib_udata udata;
4188 if (out_len < sizeof resp)
4191 if (copy_from_user(&cmd, buf, sizeof cmd))
4194 xcmd.response = cmd.response;
4195 xcmd.user_handle = cmd.user_handle;
4196 xcmd.srq_type = IB_SRQT_BASIC;
4197 xcmd.pd_handle = cmd.pd_handle;
4198 xcmd.max_wr = cmd.max_wr;
4199 xcmd.max_sge = cmd.max_sge;
4200 xcmd.srq_limit = cmd.srq_limit;
4202 INIT_UDATA(&udata, buf + sizeof cmd,
4203 (unsigned long) cmd.response + sizeof resp,
4204 in_len - sizeof cmd - sizeof(struct ib_uverbs_cmd_hdr),
4205 out_len - sizeof resp);
4207 ret = __uverbs_create_xsrq(file, ib_dev, &xcmd, &udata);
4214 ssize_t ib_uverbs_create_xsrq(struct ib_uverbs_file *file,
4215 struct ib_device *ib_dev,
4216 const char __user *buf, int in_len, int out_len)
4218 struct ib_uverbs_create_xsrq cmd;
4219 struct ib_uverbs_create_srq_resp resp;
4220 struct ib_udata udata;
4223 if (out_len < sizeof resp)
4226 if (copy_from_user(&cmd, buf, sizeof cmd))
4229 INIT_UDATA(&udata, buf + sizeof cmd,
4230 (unsigned long) cmd.response + sizeof resp,
4231 in_len - sizeof cmd - sizeof(struct ib_uverbs_cmd_hdr),
4232 out_len - sizeof resp);
4234 ret = __uverbs_create_xsrq(file, ib_dev, &cmd, &udata);
4241 ssize_t ib_uverbs_modify_srq(struct ib_uverbs_file *file,
4242 struct ib_device *ib_dev,
4243 const char __user *buf, int in_len,
4246 struct ib_uverbs_modify_srq cmd;
4247 struct ib_udata udata;
4249 struct ib_srq_attr attr;
4252 if (copy_from_user(&cmd, buf, sizeof cmd))
4255 INIT_UDATA(&udata, buf + sizeof cmd, NULL, in_len - sizeof cmd,
4258 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
4262 attr.max_wr = cmd.max_wr;
4263 attr.srq_limit = cmd.srq_limit;
4265 ret = srq->device->modify_srq(srq, &attr, cmd.attr_mask, &udata);
4269 return ret ? ret : in_len;
4272 ssize_t ib_uverbs_query_srq(struct ib_uverbs_file *file,
4273 struct ib_device *ib_dev,
4274 const char __user *buf,
4275 int in_len, int out_len)
4277 struct ib_uverbs_query_srq cmd;
4278 struct ib_uverbs_query_srq_resp resp;
4279 struct ib_srq_attr attr;
4283 if (out_len < sizeof resp)
4286 if (copy_from_user(&cmd, buf, sizeof cmd))
4289 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
4293 ret = ib_query_srq(srq, &attr);
4300 memset(&resp, 0, sizeof resp);
4302 resp.max_wr = attr.max_wr;
4303 resp.max_sge = attr.max_sge;
4304 resp.srq_limit = attr.srq_limit;
4306 if (copy_to_user((void __user *) (unsigned long) cmd.response,
4307 &resp, sizeof resp))
4313 ssize_t ib_uverbs_destroy_srq(struct ib_uverbs_file *file,
4314 struct ib_device *ib_dev,
4315 const char __user *buf, int in_len,
4318 struct ib_uverbs_destroy_srq cmd;
4319 struct ib_uverbs_destroy_srq_resp resp;
4320 struct ib_uobject *uobj;
4322 struct ib_uevent_object *obj;
4324 struct ib_usrq_object *us;
4325 enum ib_srq_type srq_type;
4327 if (copy_from_user(&cmd, buf, sizeof cmd))
4330 uobj = idr_write_uobj(&ib_uverbs_srq_idr, cmd.srq_handle, file->ucontext);
4334 obj = container_of(uobj, struct ib_uevent_object, uobject);
4335 srq_type = srq->srq_type;
4337 ret = ib_destroy_srq(srq);
4341 put_uobj_write(uobj);
4346 ib_rdmacg_uncharge(&uobj->cg_obj, ib_dev, RDMACG_RESOURCE_HCA_OBJECT);
4348 if (srq_type == IB_SRQT_XRC) {
4349 us = container_of(obj, struct ib_usrq_object, uevent);
4350 atomic_dec(&us->uxrcd->refcnt);
4353 idr_remove_uobj(&ib_uverbs_srq_idr, uobj);
4355 mutex_lock(&file->mutex);
4356 list_del(&uobj->list);
4357 mutex_unlock(&file->mutex);
4359 ib_uverbs_release_uevent(file, obj);
4361 memset(&resp, 0, sizeof resp);
4362 resp.events_reported = obj->events_reported;
4366 if (copy_to_user((void __user *) (unsigned long) cmd.response,
4367 &resp, sizeof resp))
4370 return ret ? ret : in_len;
4373 int ib_uverbs_ex_query_device(struct ib_uverbs_file *file,
4374 struct ib_device *ib_dev,
4375 struct ib_udata *ucore,
4376 struct ib_udata *uhw)
4378 struct ib_uverbs_ex_query_device_resp resp = { {0} };
4379 struct ib_uverbs_ex_query_device cmd;
4380 struct ib_device_attr attr = {0};
4383 if (ucore->inlen < sizeof(cmd))
4386 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
4396 resp.response_length = offsetof(typeof(resp), odp_caps);
4398 if (ucore->outlen < resp.response_length)
4401 err = ib_dev->query_device(ib_dev, &attr, uhw);
4405 copy_query_dev_fields(file, ib_dev, &resp.base, &attr);
4407 if (ucore->outlen < resp.response_length + sizeof(resp.odp_caps))
4410 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
4411 resp.odp_caps.general_caps = attr.odp_caps.general_caps;
4412 resp.odp_caps.per_transport_caps.rc_odp_caps =
4413 attr.odp_caps.per_transport_caps.rc_odp_caps;
4414 resp.odp_caps.per_transport_caps.uc_odp_caps =
4415 attr.odp_caps.per_transport_caps.uc_odp_caps;
4416 resp.odp_caps.per_transport_caps.ud_odp_caps =
4417 attr.odp_caps.per_transport_caps.ud_odp_caps;
4419 resp.response_length += sizeof(resp.odp_caps);
4421 if (ucore->outlen < resp.response_length + sizeof(resp.timestamp_mask))
4424 resp.timestamp_mask = attr.timestamp_mask;
4425 resp.response_length += sizeof(resp.timestamp_mask);
4427 if (ucore->outlen < resp.response_length + sizeof(resp.hca_core_clock))
4430 resp.hca_core_clock = attr.hca_core_clock;
4431 resp.response_length += sizeof(resp.hca_core_clock);
4433 if (ucore->outlen < resp.response_length + sizeof(resp.device_cap_flags_ex))
4436 resp.device_cap_flags_ex = attr.device_cap_flags;
4437 resp.response_length += sizeof(resp.device_cap_flags_ex);
4439 if (ucore->outlen < resp.response_length + sizeof(resp.rss_caps))
4442 resp.rss_caps.supported_qpts = attr.rss_caps.supported_qpts;
4443 resp.rss_caps.max_rwq_indirection_tables =
4444 attr.rss_caps.max_rwq_indirection_tables;
4445 resp.rss_caps.max_rwq_indirection_table_size =
4446 attr.rss_caps.max_rwq_indirection_table_size;
4448 resp.response_length += sizeof(resp.rss_caps);
4450 if (ucore->outlen < resp.response_length + sizeof(resp.max_wq_type_rq))
4453 resp.max_wq_type_rq = attr.max_wq_type_rq;
4454 resp.response_length += sizeof(resp.max_wq_type_rq);
4456 if (ucore->outlen < resp.response_length + sizeof(resp.raw_packet_caps))
4459 resp.raw_packet_caps = attr.raw_packet_caps;
4460 resp.response_length += sizeof(resp.raw_packet_caps);
4462 err = ib_copy_to_udata(ucore, &resp, resp.response_length);
projects / linux.git / blob