2 * Copyright (c) 2005 Topspin Communications. All rights reserved.
3 * Copyright (c) 2005, 2006, 2007 Cisco Systems. All rights reserved.
4 * Copyright (c) 2005 PathScale, Inc. All rights reserved.
5 * Copyright (c) 2006 Mellanox Technologies. All rights reserved.
7 * This software is available to you under a choice of one of two
8 * licenses. You may choose to be licensed under the terms of the GNU
9 * General Public License (GPL) Version 2, available from the file
10 * COPYING in the main directory of this source tree, or the
11 * OpenIB.org BSD license below:
13 * Redistribution and use in source and binary forms, with or
14 * without modification, are permitted provided that the following
17 * - Redistributions of source code must retain the above
18 * copyright notice, this list of conditions and the following
21 * - Redistributions in binary form must reproduce the above
22 * copyright notice, this list of conditions and the following
23 * disclaimer in the documentation and/or other materials
24 * provided with the distribution.
26 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
27 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
28 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
29 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
30 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
31 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
32 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
36 #include <linux/file.h>
38 #include <linux/slab.h>
39 #include <linux/sched.h>
41 #include <asm/uaccess.h>
44 #include "core_priv.h"
46 struct uverbs_lock_class {
47 struct lock_class_key key;
51 static struct uverbs_lock_class pd_lock_class = { .name = "PD-uobj" };
52 static struct uverbs_lock_class mr_lock_class = { .name = "MR-uobj" };
53 static struct uverbs_lock_class mw_lock_class = { .name = "MW-uobj" };
54 static struct uverbs_lock_class cq_lock_class = { .name = "CQ-uobj" };
55 static struct uverbs_lock_class qp_lock_class = { .name = "QP-uobj" };
56 static struct uverbs_lock_class ah_lock_class = { .name = "AH-uobj" };
57 static struct uverbs_lock_class srq_lock_class = { .name = "SRQ-uobj" };
58 static struct uverbs_lock_class xrcd_lock_class = { .name = "XRCD-uobj" };
59 static struct uverbs_lock_class rule_lock_class = { .name = "RULE-uobj" };
62 * The ib_uobject locking scheme is as follows:
64 * - ib_uverbs_idr_lock protects the uverbs idrs themselves, so it
65 * needs to be held during all idr write operations. When an object is
66 * looked up, a reference must be taken on the object's kref before
67 * dropping this lock. For read operations, the rcu_read_lock()
68 * and rcu_write_lock() but similarly the kref reference is grabbed
69 * before the rcu_read_unlock().
71 * - Each object also has an rwsem. This rwsem must be held for
72 * reading while an operation that uses the object is performed.
73 * For example, while registering an MR, the associated PD's
74 * uobject.mutex must be held for reading. The rwsem must be held
75 * for writing while initializing or destroying an object.
77 * - In addition, each object has a "live" flag. If this flag is not
78 * set, then lookups of the object will fail even if it is found in
79 * the idr. This handles a reader that blocks and does not acquire
80 * the rwsem until after the object is destroyed. The destroy
81 * operation will set the live flag to 0 and then drop the rwsem;
82 * this will allow the reader to acquire the rwsem, see that the
83 * live flag is 0, and then drop the rwsem and its reference to
84 * object. The underlying storage will not be freed until the last
85 * reference to the object is dropped.
88 static void init_uobj(struct ib_uobject *uobj, u64 user_handle,
89 struct ib_ucontext *context, struct uverbs_lock_class *c)
91 uobj->user_handle = user_handle;
92 uobj->context = context;
93 kref_init(&uobj->ref);
94 init_rwsem(&uobj->mutex);
95 lockdep_set_class_and_name(&uobj->mutex, &c->key, c->name);
99 static void release_uobj(struct kref *kref)
101 kfree_rcu(container_of(kref, struct ib_uobject, ref), rcu);
104 static void put_uobj(struct ib_uobject *uobj)
106 kref_put(&uobj->ref, release_uobj);
109 static void put_uobj_read(struct ib_uobject *uobj)
111 up_read(&uobj->mutex);
115 static void put_uobj_write(struct ib_uobject *uobj)
117 up_write(&uobj->mutex);
121 static int idr_add_uobj(struct idr *idr, struct ib_uobject *uobj)
125 idr_preload(GFP_KERNEL);
126 spin_lock(&ib_uverbs_idr_lock);
128 ret = idr_alloc(idr, uobj, 0, 0, GFP_NOWAIT);
132 spin_unlock(&ib_uverbs_idr_lock);
135 return ret < 0 ? ret : 0;
138 void idr_remove_uobj(struct idr *idr, struct ib_uobject *uobj)
140 spin_lock(&ib_uverbs_idr_lock);
141 idr_remove(idr, uobj->id);
142 spin_unlock(&ib_uverbs_idr_lock);
145 static struct ib_uobject *__idr_get_uobj(struct idr *idr, int id,
146 struct ib_ucontext *context)
148 struct ib_uobject *uobj;
151 uobj = idr_find(idr, id);
153 if (uobj->context == context)
154 kref_get(&uobj->ref);
163 static struct ib_uobject *idr_read_uobj(struct idr *idr, int id,
164 struct ib_ucontext *context, int nested)
166 struct ib_uobject *uobj;
168 uobj = __idr_get_uobj(idr, id, context);
173 down_read_nested(&uobj->mutex, SINGLE_DEPTH_NESTING);
175 down_read(&uobj->mutex);
184 static struct ib_uobject *idr_write_uobj(struct idr *idr, int id,
185 struct ib_ucontext *context)
187 struct ib_uobject *uobj;
189 uobj = __idr_get_uobj(idr, id, context);
193 down_write(&uobj->mutex);
195 put_uobj_write(uobj);
202 static void *idr_read_obj(struct idr *idr, int id, struct ib_ucontext *context,
205 struct ib_uobject *uobj;
207 uobj = idr_read_uobj(idr, id, context, nested);
208 return uobj ? uobj->object : NULL;
211 static struct ib_pd *idr_read_pd(int pd_handle, struct ib_ucontext *context)
213 return idr_read_obj(&ib_uverbs_pd_idr, pd_handle, context, 0);
216 static void put_pd_read(struct ib_pd *pd)
218 put_uobj_read(pd->uobject);
221 static struct ib_cq *idr_read_cq(int cq_handle, struct ib_ucontext *context, int nested)
223 return idr_read_obj(&ib_uverbs_cq_idr, cq_handle, context, nested);
226 static void put_cq_read(struct ib_cq *cq)
228 put_uobj_read(cq->uobject);
231 static struct ib_ah *idr_read_ah(int ah_handle, struct ib_ucontext *context)
233 return idr_read_obj(&ib_uverbs_ah_idr, ah_handle, context, 0);
236 static void put_ah_read(struct ib_ah *ah)
238 put_uobj_read(ah->uobject);
241 static struct ib_qp *idr_read_qp(int qp_handle, struct ib_ucontext *context)
243 return idr_read_obj(&ib_uverbs_qp_idr, qp_handle, context, 0);
246 static struct ib_qp *idr_write_qp(int qp_handle, struct ib_ucontext *context)
248 struct ib_uobject *uobj;
250 uobj = idr_write_uobj(&ib_uverbs_qp_idr, qp_handle, context);
251 return uobj ? uobj->object : NULL;
254 static void put_qp_read(struct ib_qp *qp)
256 put_uobj_read(qp->uobject);
259 static void put_qp_write(struct ib_qp *qp)
261 put_uobj_write(qp->uobject);
264 static struct ib_srq *idr_read_srq(int srq_handle, struct ib_ucontext *context)
266 return idr_read_obj(&ib_uverbs_srq_idr, srq_handle, context, 0);
269 static void put_srq_read(struct ib_srq *srq)
271 put_uobj_read(srq->uobject);
274 static struct ib_xrcd *idr_read_xrcd(int xrcd_handle, struct ib_ucontext *context,
275 struct ib_uobject **uobj)
277 *uobj = idr_read_uobj(&ib_uverbs_xrcd_idr, xrcd_handle, context, 0);
278 return *uobj ? (*uobj)->object : NULL;
281 static void put_xrcd_read(struct ib_uobject *uobj)
286 ssize_t ib_uverbs_get_context(struct ib_uverbs_file *file,
287 struct ib_device *ib_dev,
288 const char __user *buf,
289 int in_len, int out_len)
291 struct ib_uverbs_get_context cmd;
292 struct ib_uverbs_get_context_resp resp;
293 struct ib_udata udata;
294 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
295 struct ib_device_attr dev_attr;
297 struct ib_ucontext *ucontext;
301 if (out_len < sizeof resp)
304 if (copy_from_user(&cmd, buf, sizeof cmd))
307 mutex_lock(&file->mutex);
309 if (file->ucontext) {
314 INIT_UDATA(&udata, buf + sizeof cmd,
315 (unsigned long) cmd.response + sizeof resp,
316 in_len - sizeof cmd, out_len - sizeof resp);
318 ucontext = ib_dev->alloc_ucontext(ib_dev, &udata);
319 if (IS_ERR(ucontext)) {
320 ret = PTR_ERR(ucontext);
324 ucontext->device = ib_dev;
325 INIT_LIST_HEAD(&ucontext->pd_list);
326 INIT_LIST_HEAD(&ucontext->mr_list);
327 INIT_LIST_HEAD(&ucontext->mw_list);
328 INIT_LIST_HEAD(&ucontext->cq_list);
329 INIT_LIST_HEAD(&ucontext->qp_list);
330 INIT_LIST_HEAD(&ucontext->srq_list);
331 INIT_LIST_HEAD(&ucontext->ah_list);
332 INIT_LIST_HEAD(&ucontext->xrcd_list);
333 INIT_LIST_HEAD(&ucontext->rule_list);
335 ucontext->tgid = get_task_pid(current->group_leader, PIDTYPE_PID);
337 ucontext->closing = 0;
339 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
340 ucontext->umem_tree = RB_ROOT;
341 init_rwsem(&ucontext->umem_rwsem);
342 ucontext->odp_mrs_count = 0;
343 INIT_LIST_HEAD(&ucontext->no_private_counters);
345 ret = ib_query_device(ib_dev, &dev_attr);
348 if (!(dev_attr.device_cap_flags & IB_DEVICE_ON_DEMAND_PAGING))
349 ucontext->invalidate_range = NULL;
353 resp.num_comp_vectors = file->device->num_comp_vectors;
355 ret = get_unused_fd_flags(O_CLOEXEC);
360 filp = ib_uverbs_alloc_event_file(file, ib_dev, 1);
366 if (copy_to_user((void __user *) (unsigned long) cmd.response,
367 &resp, sizeof resp)) {
372 file->ucontext = ucontext;
374 fd_install(resp.async_fd, filp);
376 mutex_unlock(&file->mutex);
381 ib_uverbs_free_async_event_file(file);
385 put_unused_fd(resp.async_fd);
388 put_pid(ucontext->tgid);
389 ib_dev->dealloc_ucontext(ucontext);
392 mutex_unlock(&file->mutex);
396 static void copy_query_dev_fields(struct ib_uverbs_file *file,
397 struct ib_device *ib_dev,
398 struct ib_uverbs_query_device_resp *resp,
399 struct ib_device_attr *attr)
401 resp->fw_ver = attr->fw_ver;
402 resp->node_guid = ib_dev->node_guid;
403 resp->sys_image_guid = attr->sys_image_guid;
404 resp->max_mr_size = attr->max_mr_size;
405 resp->page_size_cap = attr->page_size_cap;
406 resp->vendor_id = attr->vendor_id;
407 resp->vendor_part_id = attr->vendor_part_id;
408 resp->hw_ver = attr->hw_ver;
409 resp->max_qp = attr->max_qp;
410 resp->max_qp_wr = attr->max_qp_wr;
411 resp->device_cap_flags = attr->device_cap_flags;
412 resp->max_sge = attr->max_sge;
413 resp->max_sge_rd = attr->max_sge_rd;
414 resp->max_cq = attr->max_cq;
415 resp->max_cqe = attr->max_cqe;
416 resp->max_mr = attr->max_mr;
417 resp->max_pd = attr->max_pd;
418 resp->max_qp_rd_atom = attr->max_qp_rd_atom;
419 resp->max_ee_rd_atom = attr->max_ee_rd_atom;
420 resp->max_res_rd_atom = attr->max_res_rd_atom;
421 resp->max_qp_init_rd_atom = attr->max_qp_init_rd_atom;
422 resp->max_ee_init_rd_atom = attr->max_ee_init_rd_atom;
423 resp->atomic_cap = attr->atomic_cap;
424 resp->max_ee = attr->max_ee;
425 resp->max_rdd = attr->max_rdd;
426 resp->max_mw = attr->max_mw;
427 resp->max_raw_ipv6_qp = attr->max_raw_ipv6_qp;
428 resp->max_raw_ethy_qp = attr->max_raw_ethy_qp;
429 resp->max_mcast_grp = attr->max_mcast_grp;
430 resp->max_mcast_qp_attach = attr->max_mcast_qp_attach;
431 resp->max_total_mcast_qp_attach = attr->max_total_mcast_qp_attach;
432 resp->max_ah = attr->max_ah;
433 resp->max_fmr = attr->max_fmr;
434 resp->max_map_per_fmr = attr->max_map_per_fmr;
435 resp->max_srq = attr->max_srq;
436 resp->max_srq_wr = attr->max_srq_wr;
437 resp->max_srq_sge = attr->max_srq_sge;
438 resp->max_pkeys = attr->max_pkeys;
439 resp->local_ca_ack_delay = attr->local_ca_ack_delay;
440 resp->phys_port_cnt = ib_dev->phys_port_cnt;
443 ssize_t ib_uverbs_query_device(struct ib_uverbs_file *file,
444 struct ib_device *ib_dev,
445 const char __user *buf,
446 int in_len, int out_len)
448 struct ib_uverbs_query_device cmd;
449 struct ib_uverbs_query_device_resp resp;
450 struct ib_device_attr attr;
453 if (out_len < sizeof resp)
456 if (copy_from_user(&cmd, buf, sizeof cmd))
459 ret = ib_query_device(ib_dev, &attr);
463 memset(&resp, 0, sizeof resp);
464 copy_query_dev_fields(file, ib_dev, &resp, &attr);
466 if (copy_to_user((void __user *) (unsigned long) cmd.response,
473 ssize_t ib_uverbs_query_port(struct ib_uverbs_file *file,
474 struct ib_device *ib_dev,
475 const char __user *buf,
476 int in_len, int out_len)
478 struct ib_uverbs_query_port cmd;
479 struct ib_uverbs_query_port_resp resp;
480 struct ib_port_attr attr;
483 if (out_len < sizeof resp)
486 if (copy_from_user(&cmd, buf, sizeof cmd))
489 ret = ib_query_port(ib_dev, cmd.port_num, &attr);
493 memset(&resp, 0, sizeof resp);
495 resp.state = attr.state;
496 resp.max_mtu = attr.max_mtu;
497 resp.active_mtu = attr.active_mtu;
498 resp.gid_tbl_len = attr.gid_tbl_len;
499 resp.port_cap_flags = attr.port_cap_flags;
500 resp.max_msg_sz = attr.max_msg_sz;
501 resp.bad_pkey_cntr = attr.bad_pkey_cntr;
502 resp.qkey_viol_cntr = attr.qkey_viol_cntr;
503 resp.pkey_tbl_len = attr.pkey_tbl_len;
505 resp.sm_lid = attr.sm_lid;
507 resp.max_vl_num = attr.max_vl_num;
508 resp.sm_sl = attr.sm_sl;
509 resp.subnet_timeout = attr.subnet_timeout;
510 resp.init_type_reply = attr.init_type_reply;
511 resp.active_width = attr.active_width;
512 resp.active_speed = attr.active_speed;
513 resp.phys_state = attr.phys_state;
514 resp.link_layer = rdma_port_get_link_layer(ib_dev,
517 if (copy_to_user((void __user *) (unsigned long) cmd.response,
524 ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file,
525 struct ib_device *ib_dev,
526 const char __user *buf,
527 int in_len, int out_len)
529 struct ib_uverbs_alloc_pd cmd;
530 struct ib_uverbs_alloc_pd_resp resp;
531 struct ib_udata udata;
532 struct ib_uobject *uobj;
536 if (out_len < sizeof resp)
539 if (copy_from_user(&cmd, buf, sizeof cmd))
542 INIT_UDATA(&udata, buf + sizeof cmd,
543 (unsigned long) cmd.response + sizeof resp,
544 in_len - sizeof cmd, out_len - sizeof resp);
546 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
550 init_uobj(uobj, 0, file->ucontext, &pd_lock_class);
551 down_write(&uobj->mutex);
553 pd = ib_dev->alloc_pd(ib_dev, file->ucontext, &udata);
562 atomic_set(&pd->usecnt, 0);
565 ret = idr_add_uobj(&ib_uverbs_pd_idr, uobj);
569 memset(&resp, 0, sizeof resp);
570 resp.pd_handle = uobj->id;
572 if (copy_to_user((void __user *) (unsigned long) cmd.response,
573 &resp, sizeof resp)) {
578 mutex_lock(&file->mutex);
579 list_add_tail(&uobj->list, &file->ucontext->pd_list);
580 mutex_unlock(&file->mutex);
584 up_write(&uobj->mutex);
589 idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
595 put_uobj_write(uobj);
599 ssize_t ib_uverbs_dealloc_pd(struct ib_uverbs_file *file,
600 struct ib_device *ib_dev,
601 const char __user *buf,
602 int in_len, int out_len)
604 struct ib_uverbs_dealloc_pd cmd;
605 struct ib_uobject *uobj;
609 if (copy_from_user(&cmd, buf, sizeof cmd))
612 uobj = idr_write_uobj(&ib_uverbs_pd_idr, cmd.pd_handle, file->ucontext);
617 if (atomic_read(&pd->usecnt)) {
622 ret = pd->device->dealloc_pd(uobj->object);
623 WARN_ONCE(ret, "Infiniband HW driver failed dealloc_pd");
628 put_uobj_write(uobj);
630 idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
632 mutex_lock(&file->mutex);
633 list_del(&uobj->list);
634 mutex_unlock(&file->mutex);
641 put_uobj_write(uobj);
645 struct xrcd_table_entry {
647 struct ib_xrcd *xrcd;
651 static int xrcd_table_insert(struct ib_uverbs_device *dev,
653 struct ib_xrcd *xrcd)
655 struct xrcd_table_entry *entry, *scan;
656 struct rb_node **p = &dev->xrcd_tree.rb_node;
657 struct rb_node *parent = NULL;
659 entry = kmalloc(sizeof *entry, GFP_KERNEL);
664 entry->inode = inode;
668 scan = rb_entry(parent, struct xrcd_table_entry, node);
670 if (inode < scan->inode) {
672 } else if (inode > scan->inode) {
680 rb_link_node(&entry->node, parent, p);
681 rb_insert_color(&entry->node, &dev->xrcd_tree);
686 static struct xrcd_table_entry *xrcd_table_search(struct ib_uverbs_device *dev,
689 struct xrcd_table_entry *entry;
690 struct rb_node *p = dev->xrcd_tree.rb_node;
693 entry = rb_entry(p, struct xrcd_table_entry, node);
695 if (inode < entry->inode)
697 else if (inode > entry->inode)
706 static struct ib_xrcd *find_xrcd(struct ib_uverbs_device *dev, struct inode *inode)
708 struct xrcd_table_entry *entry;
710 entry = xrcd_table_search(dev, inode);
717 static void xrcd_table_delete(struct ib_uverbs_device *dev,
720 struct xrcd_table_entry *entry;
722 entry = xrcd_table_search(dev, inode);
725 rb_erase(&entry->node, &dev->xrcd_tree);
730 ssize_t ib_uverbs_open_xrcd(struct ib_uverbs_file *file,
731 struct ib_device *ib_dev,
732 const char __user *buf, int in_len,
735 struct ib_uverbs_open_xrcd cmd;
736 struct ib_uverbs_open_xrcd_resp resp;
737 struct ib_udata udata;
738 struct ib_uxrcd_object *obj;
739 struct ib_xrcd *xrcd = NULL;
740 struct fd f = {NULL, 0};
741 struct inode *inode = NULL;
745 if (out_len < sizeof resp)
748 if (copy_from_user(&cmd, buf, sizeof cmd))
751 INIT_UDATA(&udata, buf + sizeof cmd,
752 (unsigned long) cmd.response + sizeof resp,
753 in_len - sizeof cmd, out_len - sizeof resp);
755 mutex_lock(&file->device->xrcd_tree_mutex);
758 /* search for file descriptor */
762 goto err_tree_mutex_unlock;
765 inode = file_inode(f.file);
766 xrcd = find_xrcd(file->device, inode);
767 if (!xrcd && !(cmd.oflags & O_CREAT)) {
768 /* no file descriptor. Need CREATE flag */
770 goto err_tree_mutex_unlock;
773 if (xrcd && cmd.oflags & O_EXCL) {
775 goto err_tree_mutex_unlock;
779 obj = kmalloc(sizeof *obj, GFP_KERNEL);
782 goto err_tree_mutex_unlock;
785 init_uobj(&obj->uobject, 0, file->ucontext, &xrcd_lock_class);
787 down_write(&obj->uobject.mutex);
790 xrcd = ib_dev->alloc_xrcd(ib_dev, file->ucontext, &udata);
797 xrcd->device = ib_dev;
798 atomic_set(&xrcd->usecnt, 0);
799 mutex_init(&xrcd->tgt_qp_mutex);
800 INIT_LIST_HEAD(&xrcd->tgt_qp_list);
804 atomic_set(&obj->refcnt, 0);
805 obj->uobject.object = xrcd;
806 ret = idr_add_uobj(&ib_uverbs_xrcd_idr, &obj->uobject);
810 memset(&resp, 0, sizeof resp);
811 resp.xrcd_handle = obj->uobject.id;
815 /* create new inode/xrcd table entry */
816 ret = xrcd_table_insert(file->device, inode, xrcd);
818 goto err_insert_xrcd;
820 atomic_inc(&xrcd->usecnt);
823 if (copy_to_user((void __user *) (unsigned long) cmd.response,
824 &resp, sizeof resp)) {
832 mutex_lock(&file->mutex);
833 list_add_tail(&obj->uobject.list, &file->ucontext->xrcd_list);
834 mutex_unlock(&file->mutex);
836 obj->uobject.live = 1;
837 up_write(&obj->uobject.mutex);
839 mutex_unlock(&file->device->xrcd_tree_mutex);
845 xrcd_table_delete(file->device, inode);
846 atomic_dec(&xrcd->usecnt);
850 idr_remove_uobj(&ib_uverbs_xrcd_idr, &obj->uobject);
853 ib_dealloc_xrcd(xrcd);
856 put_uobj_write(&obj->uobject);
858 err_tree_mutex_unlock:
862 mutex_unlock(&file->device->xrcd_tree_mutex);
867 ssize_t ib_uverbs_close_xrcd(struct ib_uverbs_file *file,
868 struct ib_device *ib_dev,
869 const char __user *buf, int in_len,
872 struct ib_uverbs_close_xrcd cmd;
873 struct ib_uobject *uobj;
874 struct ib_xrcd *xrcd = NULL;
875 struct inode *inode = NULL;
876 struct ib_uxrcd_object *obj;
880 if (copy_from_user(&cmd, buf, sizeof cmd))
883 mutex_lock(&file->device->xrcd_tree_mutex);
884 uobj = idr_write_uobj(&ib_uverbs_xrcd_idr, cmd.xrcd_handle, file->ucontext);
892 obj = container_of(uobj, struct ib_uxrcd_object, uobject);
893 if (atomic_read(&obj->refcnt)) {
894 put_uobj_write(uobj);
899 if (!inode || atomic_dec_and_test(&xrcd->usecnt)) {
900 ret = ib_dealloc_xrcd(uobj->object);
907 atomic_inc(&xrcd->usecnt);
909 put_uobj_write(uobj);
915 xrcd_table_delete(file->device, inode);
917 idr_remove_uobj(&ib_uverbs_xrcd_idr, uobj);
918 mutex_lock(&file->mutex);
919 list_del(&uobj->list);
920 mutex_unlock(&file->mutex);
926 mutex_unlock(&file->device->xrcd_tree_mutex);
930 void ib_uverbs_dealloc_xrcd(struct ib_uverbs_device *dev,
931 struct ib_xrcd *xrcd)
936 if (inode && !atomic_dec_and_test(&xrcd->usecnt))
939 ib_dealloc_xrcd(xrcd);
942 xrcd_table_delete(dev, inode);
945 ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file,
946 struct ib_device *ib_dev,
947 const char __user *buf, int in_len,
950 struct ib_uverbs_reg_mr cmd;
951 struct ib_uverbs_reg_mr_resp resp;
952 struct ib_udata udata;
953 struct ib_uobject *uobj;
958 if (out_len < sizeof resp)
961 if (copy_from_user(&cmd, buf, sizeof cmd))
964 INIT_UDATA(&udata, buf + sizeof cmd,
965 (unsigned long) cmd.response + sizeof resp,
966 in_len - sizeof cmd, out_len - sizeof resp);
968 if ((cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK))
971 ret = ib_check_mr_access(cmd.access_flags);
975 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
979 init_uobj(uobj, 0, file->ucontext, &mr_lock_class);
980 down_write(&uobj->mutex);
982 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
988 if (cmd.access_flags & IB_ACCESS_ON_DEMAND) {
989 struct ib_device_attr attr;
991 ret = ib_query_device(pd->device, &attr);
992 if (ret || !(attr.device_cap_flags &
993 IB_DEVICE_ON_DEMAND_PAGING)) {
994 pr_debug("ODP support not available\n");
1000 mr = pd->device->reg_user_mr(pd, cmd.start, cmd.length, cmd.hca_va,
1001 cmd.access_flags, &udata);
1007 mr->device = pd->device;
1010 atomic_inc(&pd->usecnt);
1011 atomic_set(&mr->usecnt, 0);
1014 ret = idr_add_uobj(&ib_uverbs_mr_idr, uobj);
1018 memset(&resp, 0, sizeof resp);
1019 resp.lkey = mr->lkey;
1020 resp.rkey = mr->rkey;
1021 resp.mr_handle = uobj->id;
1023 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1024 &resp, sizeof resp)) {
1031 mutex_lock(&file->mutex);
1032 list_add_tail(&uobj->list, &file->ucontext->mr_list);
1033 mutex_unlock(&file->mutex);
1037 up_write(&uobj->mutex);
1042 idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
1051 put_uobj_write(uobj);
1055 ssize_t ib_uverbs_rereg_mr(struct ib_uverbs_file *file,
1056 struct ib_device *ib_dev,
1057 const char __user *buf, int in_len,
1060 struct ib_uverbs_rereg_mr cmd;
1061 struct ib_uverbs_rereg_mr_resp resp;
1062 struct ib_udata udata;
1063 struct ib_pd *pd = NULL;
1065 struct ib_pd *old_pd;
1067 struct ib_uobject *uobj;
1069 if (out_len < sizeof(resp))
1072 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1075 INIT_UDATA(&udata, buf + sizeof(cmd),
1076 (unsigned long) cmd.response + sizeof(resp),
1077 in_len - sizeof(cmd), out_len - sizeof(resp));
1079 if (cmd.flags & ~IB_MR_REREG_SUPPORTED || !cmd.flags)
1082 if ((cmd.flags & IB_MR_REREG_TRANS) &&
1083 (!cmd.start || !cmd.hca_va || 0 >= cmd.length ||
1084 (cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK)))
1087 uobj = idr_write_uobj(&ib_uverbs_mr_idr, cmd.mr_handle,
1095 if (cmd.flags & IB_MR_REREG_ACCESS) {
1096 ret = ib_check_mr_access(cmd.access_flags);
1101 if (cmd.flags & IB_MR_REREG_PD) {
1102 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1109 if (atomic_read(&mr->usecnt)) {
1115 ret = mr->device->rereg_user_mr(mr, cmd.flags, cmd.start,
1116 cmd.length, cmd.hca_va,
1117 cmd.access_flags, pd, &udata);
1119 if (cmd.flags & IB_MR_REREG_PD) {
1120 atomic_inc(&pd->usecnt);
1122 atomic_dec(&old_pd->usecnt);
1128 memset(&resp, 0, sizeof(resp));
1129 resp.lkey = mr->lkey;
1130 resp.rkey = mr->rkey;
1132 if (copy_to_user((void __user *)(unsigned long)cmd.response,
1133 &resp, sizeof(resp)))
1139 if (cmd.flags & IB_MR_REREG_PD)
1144 put_uobj_write(mr->uobject);
1149 ssize_t ib_uverbs_dereg_mr(struct ib_uverbs_file *file,
1150 struct ib_device *ib_dev,
1151 const char __user *buf, int in_len,
1154 struct ib_uverbs_dereg_mr cmd;
1156 struct ib_uobject *uobj;
1159 if (copy_from_user(&cmd, buf, sizeof cmd))
1162 uobj = idr_write_uobj(&ib_uverbs_mr_idr, cmd.mr_handle, file->ucontext);
1168 ret = ib_dereg_mr(mr);
1172 put_uobj_write(uobj);
1177 idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
1179 mutex_lock(&file->mutex);
1180 list_del(&uobj->list);
1181 mutex_unlock(&file->mutex);
1188 ssize_t ib_uverbs_alloc_mw(struct ib_uverbs_file *file,
1189 struct ib_device *ib_dev,
1190 const char __user *buf, int in_len,
1193 struct ib_uverbs_alloc_mw cmd;
1194 struct ib_uverbs_alloc_mw_resp resp;
1195 struct ib_uobject *uobj;
1200 if (out_len < sizeof(resp))
1203 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1206 uobj = kmalloc(sizeof(*uobj), GFP_KERNEL);
1210 init_uobj(uobj, 0, file->ucontext, &mw_lock_class);
1211 down_write(&uobj->mutex);
1213 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1219 mw = pd->device->alloc_mw(pd, cmd.mw_type);
1225 mw->device = pd->device;
1228 atomic_inc(&pd->usecnt);
1231 ret = idr_add_uobj(&ib_uverbs_mw_idr, uobj);
1235 memset(&resp, 0, sizeof(resp));
1236 resp.rkey = mw->rkey;
1237 resp.mw_handle = uobj->id;
1239 if (copy_to_user((void __user *)(unsigned long)cmd.response,
1240 &resp, sizeof(resp))) {
1247 mutex_lock(&file->mutex);
1248 list_add_tail(&uobj->list, &file->ucontext->mw_list);
1249 mutex_unlock(&file->mutex);
1253 up_write(&uobj->mutex);
1258 idr_remove_uobj(&ib_uverbs_mw_idr, uobj);
1267 put_uobj_write(uobj);
1271 ssize_t ib_uverbs_dealloc_mw(struct ib_uverbs_file *file,
1272 struct ib_device *ib_dev,
1273 const char __user *buf, int in_len,
1276 struct ib_uverbs_dealloc_mw cmd;
1278 struct ib_uobject *uobj;
1281 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1284 uobj = idr_write_uobj(&ib_uverbs_mw_idr, cmd.mw_handle, file->ucontext);
1290 ret = ib_dealloc_mw(mw);
1294 put_uobj_write(uobj);
1299 idr_remove_uobj(&ib_uverbs_mw_idr, uobj);
1301 mutex_lock(&file->mutex);
1302 list_del(&uobj->list);
1303 mutex_unlock(&file->mutex);
1310 ssize_t ib_uverbs_create_comp_channel(struct ib_uverbs_file *file,
1311 struct ib_device *ib_dev,
1312 const char __user *buf, int in_len,
1315 struct ib_uverbs_create_comp_channel cmd;
1316 struct ib_uverbs_create_comp_channel_resp resp;
1320 if (out_len < sizeof resp)
1323 if (copy_from_user(&cmd, buf, sizeof cmd))
1326 ret = get_unused_fd_flags(O_CLOEXEC);
1331 filp = ib_uverbs_alloc_event_file(file, ib_dev, 0);
1333 put_unused_fd(resp.fd);
1334 return PTR_ERR(filp);
1337 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1338 &resp, sizeof resp)) {
1339 put_unused_fd(resp.fd);
1344 fd_install(resp.fd, filp);
1348 static struct ib_ucq_object *create_cq(struct ib_uverbs_file *file,
1349 struct ib_device *ib_dev,
1350 struct ib_udata *ucore,
1351 struct ib_udata *uhw,
1352 struct ib_uverbs_ex_create_cq *cmd,
1354 int (*cb)(struct ib_uverbs_file *file,
1355 struct ib_ucq_object *obj,
1356 struct ib_uverbs_ex_create_cq_resp *resp,
1357 struct ib_udata *udata,
1361 struct ib_ucq_object *obj;
1362 struct ib_uverbs_event_file *ev_file = NULL;
1365 struct ib_uverbs_ex_create_cq_resp resp;
1366 struct ib_cq_init_attr attr = {};
1368 if (cmd->comp_vector >= file->device->num_comp_vectors)
1369 return ERR_PTR(-EINVAL);
1371 obj = kmalloc(sizeof *obj, GFP_KERNEL);
1373 return ERR_PTR(-ENOMEM);
1375 init_uobj(&obj->uobject, cmd->user_handle, file->ucontext, &cq_lock_class);
1376 down_write(&obj->uobject.mutex);
1378 if (cmd->comp_channel >= 0) {
1379 ev_file = ib_uverbs_lookup_comp_file(cmd->comp_channel);
1386 obj->uverbs_file = file;
1387 obj->comp_events_reported = 0;
1388 obj->async_events_reported = 0;
1389 INIT_LIST_HEAD(&obj->comp_list);
1390 INIT_LIST_HEAD(&obj->async_list);
1392 attr.cqe = cmd->cqe;
1393 attr.comp_vector = cmd->comp_vector;
1395 if (cmd_sz > offsetof(typeof(*cmd), flags) + sizeof(cmd->flags))
1396 attr.flags = cmd->flags;
1398 cq = ib_dev->create_cq(ib_dev, &attr,
1399 file->ucontext, uhw);
1405 cq->device = ib_dev;
1406 cq->uobject = &obj->uobject;
1407 cq->comp_handler = ib_uverbs_comp_handler;
1408 cq->event_handler = ib_uverbs_cq_event_handler;
1409 cq->cq_context = ev_file;
1410 atomic_set(&cq->usecnt, 0);
1412 obj->uobject.object = cq;
1413 ret = idr_add_uobj(&ib_uverbs_cq_idr, &obj->uobject);
1417 memset(&resp, 0, sizeof resp);
1418 resp.base.cq_handle = obj->uobject.id;
1419 resp.base.cqe = cq->cqe;
1421 resp.response_length = offsetof(typeof(resp), response_length) +
1422 sizeof(resp.response_length);
1424 ret = cb(file, obj, &resp, ucore, context);
1428 mutex_lock(&file->mutex);
1429 list_add_tail(&obj->uobject.list, &file->ucontext->cq_list);
1430 mutex_unlock(&file->mutex);
1432 obj->uobject.live = 1;
1434 up_write(&obj->uobject.mutex);
1439 idr_remove_uobj(&ib_uverbs_cq_idr, &obj->uobject);
1446 ib_uverbs_release_ucq(file, ev_file, obj);
1449 put_uobj_write(&obj->uobject);
1451 return ERR_PTR(ret);
1454 static int ib_uverbs_create_cq_cb(struct ib_uverbs_file *file,
1455 struct ib_ucq_object *obj,
1456 struct ib_uverbs_ex_create_cq_resp *resp,
1457 struct ib_udata *ucore, void *context)
1459 if (ib_copy_to_udata(ucore, &resp->base, sizeof(resp->base)))
1465 ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file,
1466 struct ib_device *ib_dev,
1467 const char __user *buf, int in_len,
1470 struct ib_uverbs_create_cq cmd;
1471 struct ib_uverbs_ex_create_cq cmd_ex;
1472 struct ib_uverbs_create_cq_resp resp;
1473 struct ib_udata ucore;
1474 struct ib_udata uhw;
1475 struct ib_ucq_object *obj;
1477 if (out_len < sizeof(resp))
1480 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1483 INIT_UDATA(&ucore, buf, (unsigned long)cmd.response, sizeof(cmd), sizeof(resp));
1485 INIT_UDATA(&uhw, buf + sizeof(cmd),
1486 (unsigned long)cmd.response + sizeof(resp),
1487 in_len - sizeof(cmd), out_len - sizeof(resp));
1489 memset(&cmd_ex, 0, sizeof(cmd_ex));
1490 cmd_ex.user_handle = cmd.user_handle;
1491 cmd_ex.cqe = cmd.cqe;
1492 cmd_ex.comp_vector = cmd.comp_vector;
1493 cmd_ex.comp_channel = cmd.comp_channel;
1495 obj = create_cq(file, ib_dev, &ucore, &uhw, &cmd_ex,
1496 offsetof(typeof(cmd_ex), comp_channel) +
1497 sizeof(cmd.comp_channel), ib_uverbs_create_cq_cb,
1501 return PTR_ERR(obj);
1506 static int ib_uverbs_ex_create_cq_cb(struct ib_uverbs_file *file,
1507 struct ib_ucq_object *obj,
1508 struct ib_uverbs_ex_create_cq_resp *resp,
1509 struct ib_udata *ucore, void *context)
1511 if (ib_copy_to_udata(ucore, resp, resp->response_length))
1517 int ib_uverbs_ex_create_cq(struct ib_uverbs_file *file,
1518 struct ib_device *ib_dev,
1519 struct ib_udata *ucore,
1520 struct ib_udata *uhw)
1522 struct ib_uverbs_ex_create_cq_resp resp;
1523 struct ib_uverbs_ex_create_cq cmd;
1524 struct ib_ucq_object *obj;
1527 if (ucore->inlen < sizeof(cmd))
1530 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
1540 if (ucore->outlen < (offsetof(typeof(resp), response_length) +
1541 sizeof(resp.response_length)))
1544 obj = create_cq(file, ib_dev, ucore, uhw, &cmd,
1545 min(ucore->inlen, sizeof(cmd)),
1546 ib_uverbs_ex_create_cq_cb, NULL);
1549 return PTR_ERR(obj);
1554 ssize_t ib_uverbs_resize_cq(struct ib_uverbs_file *file,
1555 struct ib_device *ib_dev,
1556 const char __user *buf, int in_len,
1559 struct ib_uverbs_resize_cq cmd;
1560 struct ib_uverbs_resize_cq_resp resp;
1561 struct ib_udata udata;
1565 if (copy_from_user(&cmd, buf, sizeof cmd))
1568 INIT_UDATA(&udata, buf + sizeof cmd,
1569 (unsigned long) cmd.response + sizeof resp,
1570 in_len - sizeof cmd, out_len - sizeof resp);
1572 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1576 ret = cq->device->resize_cq(cq, cmd.cqe, &udata);
1582 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1583 &resp, sizeof resp.cqe))
1589 return ret ? ret : in_len;
1592 static int copy_wc_to_user(void __user *dest, struct ib_wc *wc)
1594 struct ib_uverbs_wc tmp;
1596 tmp.wr_id = wc->wr_id;
1597 tmp.status = wc->status;
1598 tmp.opcode = wc->opcode;
1599 tmp.vendor_err = wc->vendor_err;
1600 tmp.byte_len = wc->byte_len;
1601 tmp.ex.imm_data = (__u32 __force) wc->ex.imm_data;
1602 tmp.qp_num = wc->qp->qp_num;
1603 tmp.src_qp = wc->src_qp;
1604 tmp.wc_flags = wc->wc_flags;
1605 tmp.pkey_index = wc->pkey_index;
1606 tmp.slid = wc->slid;
1608 tmp.dlid_path_bits = wc->dlid_path_bits;
1609 tmp.port_num = wc->port_num;
1612 if (copy_to_user(dest, &tmp, sizeof tmp))
1618 ssize_t ib_uverbs_poll_cq(struct ib_uverbs_file *file,
1619 struct ib_device *ib_dev,
1620 const char __user *buf, int in_len,
1623 struct ib_uverbs_poll_cq cmd;
1624 struct ib_uverbs_poll_cq_resp resp;
1625 u8 __user *header_ptr;
1626 u8 __user *data_ptr;
1631 if (copy_from_user(&cmd, buf, sizeof cmd))
1634 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1638 /* we copy a struct ib_uverbs_poll_cq_resp to user space */
1639 header_ptr = (void __user *)(unsigned long) cmd.response;
1640 data_ptr = header_ptr + sizeof resp;
1642 memset(&resp, 0, sizeof resp);
1643 while (resp.count < cmd.ne) {
1644 ret = ib_poll_cq(cq, 1, &wc);
1650 ret = copy_wc_to_user(data_ptr, &wc);
1654 data_ptr += sizeof(struct ib_uverbs_wc);
1658 if (copy_to_user(header_ptr, &resp, sizeof resp)) {
1670 ssize_t ib_uverbs_req_notify_cq(struct ib_uverbs_file *file,
1671 struct ib_device *ib_dev,
1672 const char __user *buf, int in_len,
1675 struct ib_uverbs_req_notify_cq cmd;
1678 if (copy_from_user(&cmd, buf, sizeof cmd))
1681 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1685 ib_req_notify_cq(cq, cmd.solicited_only ?
1686 IB_CQ_SOLICITED : IB_CQ_NEXT_COMP);
1693 ssize_t ib_uverbs_destroy_cq(struct ib_uverbs_file *file,
1694 struct ib_device *ib_dev,
1695 const char __user *buf, int in_len,
1698 struct ib_uverbs_destroy_cq cmd;
1699 struct ib_uverbs_destroy_cq_resp resp;
1700 struct ib_uobject *uobj;
1702 struct ib_ucq_object *obj;
1703 struct ib_uverbs_event_file *ev_file;
1706 if (copy_from_user(&cmd, buf, sizeof cmd))
1709 uobj = idr_write_uobj(&ib_uverbs_cq_idr, cmd.cq_handle, file->ucontext);
1713 ev_file = cq->cq_context;
1714 obj = container_of(cq->uobject, struct ib_ucq_object, uobject);
1716 ret = ib_destroy_cq(cq);
1720 put_uobj_write(uobj);
1725 idr_remove_uobj(&ib_uverbs_cq_idr, uobj);
1727 mutex_lock(&file->mutex);
1728 list_del(&uobj->list);
1729 mutex_unlock(&file->mutex);
1731 ib_uverbs_release_ucq(file, ev_file, obj);
1733 memset(&resp, 0, sizeof resp);
1734 resp.comp_events_reported = obj->comp_events_reported;
1735 resp.async_events_reported = obj->async_events_reported;
1739 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1740 &resp, sizeof resp))
1746 static int create_qp(struct ib_uverbs_file *file,
1747 struct ib_udata *ucore,
1748 struct ib_udata *uhw,
1749 struct ib_uverbs_ex_create_qp *cmd,
1751 int (*cb)(struct ib_uverbs_file *file,
1752 struct ib_uverbs_ex_create_qp_resp *resp,
1753 struct ib_udata *udata),
1756 struct ib_uqp_object *obj;
1757 struct ib_device *device;
1758 struct ib_pd *pd = NULL;
1759 struct ib_xrcd *xrcd = NULL;
1760 struct ib_uobject *uninitialized_var(xrcd_uobj);
1761 struct ib_cq *scq = NULL, *rcq = NULL;
1762 struct ib_srq *srq = NULL;
1765 struct ib_qp_init_attr attr;
1766 struct ib_uverbs_ex_create_qp_resp resp;
1769 if (cmd->qp_type == IB_QPT_RAW_PACKET && !capable(CAP_NET_RAW))
1772 obj = kzalloc(sizeof *obj, GFP_KERNEL);
1776 init_uobj(&obj->uevent.uobject, cmd->user_handle, file->ucontext,
1778 down_write(&obj->uevent.uobject.mutex);
1780 if (cmd->qp_type == IB_QPT_XRC_TGT) {
1781 xrcd = idr_read_xrcd(cmd->pd_handle, file->ucontext,
1787 device = xrcd->device;
1789 if (cmd->qp_type == IB_QPT_XRC_INI) {
1790 cmd->max_recv_wr = 0;
1791 cmd->max_recv_sge = 0;
1794 srq = idr_read_srq(cmd->srq_handle,
1796 if (!srq || srq->srq_type != IB_SRQT_BASIC) {
1802 if (cmd->recv_cq_handle != cmd->send_cq_handle) {
1803 rcq = idr_read_cq(cmd->recv_cq_handle,
1812 scq = idr_read_cq(cmd->send_cq_handle, file->ucontext, !!rcq);
1814 pd = idr_read_pd(cmd->pd_handle, file->ucontext);
1820 device = pd->device;
1823 attr.event_handler = ib_uverbs_qp_event_handler;
1824 attr.qp_context = file;
1829 attr.sq_sig_type = cmd->sq_sig_all ? IB_SIGNAL_ALL_WR :
1831 attr.qp_type = cmd->qp_type;
1832 attr.create_flags = 0;
1834 attr.cap.max_send_wr = cmd->max_send_wr;
1835 attr.cap.max_recv_wr = cmd->max_recv_wr;
1836 attr.cap.max_send_sge = cmd->max_send_sge;
1837 attr.cap.max_recv_sge = cmd->max_recv_sge;
1838 attr.cap.max_inline_data = cmd->max_inline_data;
1840 obj->uevent.events_reported = 0;
1841 INIT_LIST_HEAD(&obj->uevent.event_list);
1842 INIT_LIST_HEAD(&obj->mcast_list);
1844 if (cmd_sz >= offsetof(typeof(*cmd), create_flags) +
1845 sizeof(cmd->create_flags))
1846 attr.create_flags = cmd->create_flags;
1848 if (attr.create_flags & ~IB_QP_CREATE_BLOCK_MULTICAST_LOOPBACK) {
1853 buf = (void *)cmd + sizeof(*cmd);
1854 if (cmd_sz > sizeof(*cmd))
1855 if (!(buf[0] == 0 && !memcmp(buf, buf + 1,
1856 cmd_sz - sizeof(*cmd) - 1))) {
1861 if (cmd->qp_type == IB_QPT_XRC_TGT)
1862 qp = ib_create_qp(pd, &attr);
1864 qp = device->create_qp(pd, &attr, uhw);
1871 if (cmd->qp_type != IB_QPT_XRC_TGT) {
1873 qp->device = device;
1875 qp->send_cq = attr.send_cq;
1876 qp->recv_cq = attr.recv_cq;
1878 qp->event_handler = attr.event_handler;
1879 qp->qp_context = attr.qp_context;
1880 qp->qp_type = attr.qp_type;
1881 atomic_set(&qp->usecnt, 0);
1882 atomic_inc(&pd->usecnt);
1883 atomic_inc(&attr.send_cq->usecnt);
1885 atomic_inc(&attr.recv_cq->usecnt);
1887 atomic_inc(&attr.srq->usecnt);
1889 qp->uobject = &obj->uevent.uobject;
1891 obj->uevent.uobject.object = qp;
1892 ret = idr_add_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
1896 memset(&resp, 0, sizeof resp);
1897 resp.base.qpn = qp->qp_num;
1898 resp.base.qp_handle = obj->uevent.uobject.id;
1899 resp.base.max_recv_sge = attr.cap.max_recv_sge;
1900 resp.base.max_send_sge = attr.cap.max_send_sge;
1901 resp.base.max_recv_wr = attr.cap.max_recv_wr;
1902 resp.base.max_send_wr = attr.cap.max_send_wr;
1903 resp.base.max_inline_data = attr.cap.max_inline_data;
1905 resp.response_length = offsetof(typeof(resp), response_length) +
1906 sizeof(resp.response_length);
1908 ret = cb(file, &resp, ucore);
1913 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object,
1915 atomic_inc(&obj->uxrcd->refcnt);
1916 put_xrcd_read(xrcd_uobj);
1923 if (rcq && rcq != scq)
1928 mutex_lock(&file->mutex);
1929 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->qp_list);
1930 mutex_unlock(&file->mutex);
1932 obj->uevent.uobject.live = 1;
1934 up_write(&obj->uevent.uobject.mutex);
1938 idr_remove_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
1945 put_xrcd_read(xrcd_uobj);
1950 if (rcq && rcq != scq)
1955 put_uobj_write(&obj->uevent.uobject);
1959 static int ib_uverbs_create_qp_cb(struct ib_uverbs_file *file,
1960 struct ib_uverbs_ex_create_qp_resp *resp,
1961 struct ib_udata *ucore)
1963 if (ib_copy_to_udata(ucore, &resp->base, sizeof(resp->base)))
1969 ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
1970 struct ib_device *ib_dev,
1971 const char __user *buf, int in_len,
1974 struct ib_uverbs_create_qp cmd;
1975 struct ib_uverbs_ex_create_qp cmd_ex;
1976 struct ib_udata ucore;
1977 struct ib_udata uhw;
1978 ssize_t resp_size = sizeof(struct ib_uverbs_create_qp_resp);
1981 if (out_len < resp_size)
1984 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1987 INIT_UDATA(&ucore, buf, (unsigned long)cmd.response, sizeof(cmd),
1989 INIT_UDATA(&uhw, buf + sizeof(cmd),
1990 (unsigned long)cmd.response + resp_size,
1991 in_len - sizeof(cmd), out_len - resp_size);
1993 memset(&cmd_ex, 0, sizeof(cmd_ex));
1994 cmd_ex.user_handle = cmd.user_handle;
1995 cmd_ex.pd_handle = cmd.pd_handle;
1996 cmd_ex.send_cq_handle = cmd.send_cq_handle;
1997 cmd_ex.recv_cq_handle = cmd.recv_cq_handle;
1998 cmd_ex.srq_handle = cmd.srq_handle;
1999 cmd_ex.max_send_wr = cmd.max_send_wr;
2000 cmd_ex.max_recv_wr = cmd.max_recv_wr;
2001 cmd_ex.max_send_sge = cmd.max_send_sge;
2002 cmd_ex.max_recv_sge = cmd.max_recv_sge;
2003 cmd_ex.max_inline_data = cmd.max_inline_data;
2004 cmd_ex.sq_sig_all = cmd.sq_sig_all;
2005 cmd_ex.qp_type = cmd.qp_type;
2006 cmd_ex.is_srq = cmd.is_srq;
2008 err = create_qp(file, &ucore, &uhw, &cmd_ex,
2009 offsetof(typeof(cmd_ex), is_srq) +
2010 sizeof(cmd.is_srq), ib_uverbs_create_qp_cb,
2019 static int ib_uverbs_ex_create_qp_cb(struct ib_uverbs_file *file,
2020 struct ib_uverbs_ex_create_qp_resp *resp,
2021 struct ib_udata *ucore)
2023 if (ib_copy_to_udata(ucore, resp, resp->response_length))
2029 int ib_uverbs_ex_create_qp(struct ib_uverbs_file *file,
2030 struct ib_device *ib_dev,
2031 struct ib_udata *ucore,
2032 struct ib_udata *uhw)
2034 struct ib_uverbs_ex_create_qp_resp resp;
2035 struct ib_uverbs_ex_create_qp cmd = {0};
2038 if (ucore->inlen < (offsetof(typeof(cmd), comp_mask) +
2039 sizeof(cmd.comp_mask)))
2042 err = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen));
2052 if (ucore->outlen < (offsetof(typeof(resp), response_length) +
2053 sizeof(resp.response_length)))
2056 err = create_qp(file, ucore, uhw, &cmd,
2057 min(ucore->inlen, sizeof(cmd)),
2058 ib_uverbs_ex_create_qp_cb, NULL);
2066 ssize_t ib_uverbs_open_qp(struct ib_uverbs_file *file,
2067 struct ib_device *ib_dev,
2068 const char __user *buf, int in_len, int out_len)
2070 struct ib_uverbs_open_qp cmd;
2071 struct ib_uverbs_create_qp_resp resp;
2072 struct ib_udata udata;
2073 struct ib_uqp_object *obj;
2074 struct ib_xrcd *xrcd;
2075 struct ib_uobject *uninitialized_var(xrcd_uobj);
2077 struct ib_qp_open_attr attr;
2080 if (out_len < sizeof resp)
2083 if (copy_from_user(&cmd, buf, sizeof cmd))
2086 INIT_UDATA(&udata, buf + sizeof cmd,
2087 (unsigned long) cmd.response + sizeof resp,
2088 in_len - sizeof cmd, out_len - sizeof resp);
2090 obj = kmalloc(sizeof *obj, GFP_KERNEL);
2094 init_uobj(&obj->uevent.uobject, cmd.user_handle, file->ucontext, &qp_lock_class);
2095 down_write(&obj->uevent.uobject.mutex);
2097 xrcd = idr_read_xrcd(cmd.pd_handle, file->ucontext, &xrcd_uobj);
2103 attr.event_handler = ib_uverbs_qp_event_handler;
2104 attr.qp_context = file;
2105 attr.qp_num = cmd.qpn;
2106 attr.qp_type = cmd.qp_type;
2108 obj->uevent.events_reported = 0;
2109 INIT_LIST_HEAD(&obj->uevent.event_list);
2110 INIT_LIST_HEAD(&obj->mcast_list);
2112 qp = ib_open_qp(xrcd, &attr);
2118 qp->uobject = &obj->uevent.uobject;
2120 obj->uevent.uobject.object = qp;
2121 ret = idr_add_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
2125 memset(&resp, 0, sizeof resp);
2126 resp.qpn = qp->qp_num;
2127 resp.qp_handle = obj->uevent.uobject.id;
2129 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2130 &resp, sizeof resp)) {
2135 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object, uobject);
2136 atomic_inc(&obj->uxrcd->refcnt);
2137 put_xrcd_read(xrcd_uobj);
2139 mutex_lock(&file->mutex);
2140 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->qp_list);
2141 mutex_unlock(&file->mutex);
2143 obj->uevent.uobject.live = 1;
2145 up_write(&obj->uevent.uobject.mutex);
2150 idr_remove_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
2156 put_xrcd_read(xrcd_uobj);
2157 put_uobj_write(&obj->uevent.uobject);
2161 ssize_t ib_uverbs_query_qp(struct ib_uverbs_file *file,
2162 struct ib_device *ib_dev,
2163 const char __user *buf, int in_len,
2166 struct ib_uverbs_query_qp cmd;
2167 struct ib_uverbs_query_qp_resp resp;
2169 struct ib_qp_attr *attr;
2170 struct ib_qp_init_attr *init_attr;
2173 if (copy_from_user(&cmd, buf, sizeof cmd))
2176 attr = kmalloc(sizeof *attr, GFP_KERNEL);
2177 init_attr = kmalloc(sizeof *init_attr, GFP_KERNEL);
2178 if (!attr || !init_attr) {
2183 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2189 ret = ib_query_qp(qp, attr, cmd.attr_mask, init_attr);
2196 memset(&resp, 0, sizeof resp);
2198 resp.qp_state = attr->qp_state;
2199 resp.cur_qp_state = attr->cur_qp_state;
2200 resp.path_mtu = attr->path_mtu;
2201 resp.path_mig_state = attr->path_mig_state;
2202 resp.qkey = attr->qkey;
2203 resp.rq_psn = attr->rq_psn;
2204 resp.sq_psn = attr->sq_psn;
2205 resp.dest_qp_num = attr->dest_qp_num;
2206 resp.qp_access_flags = attr->qp_access_flags;
2207 resp.pkey_index = attr->pkey_index;
2208 resp.alt_pkey_index = attr->alt_pkey_index;
2209 resp.sq_draining = attr->sq_draining;
2210 resp.max_rd_atomic = attr->max_rd_atomic;
2211 resp.max_dest_rd_atomic = attr->max_dest_rd_atomic;
2212 resp.min_rnr_timer = attr->min_rnr_timer;
2213 resp.port_num = attr->port_num;
2214 resp.timeout = attr->timeout;
2215 resp.retry_cnt = attr->retry_cnt;
2216 resp.rnr_retry = attr->rnr_retry;
2217 resp.alt_port_num = attr->alt_port_num;
2218 resp.alt_timeout = attr->alt_timeout;
2220 memcpy(resp.dest.dgid, attr->ah_attr.grh.dgid.raw, 16);
2221 resp.dest.flow_label = attr->ah_attr.grh.flow_label;
2222 resp.dest.sgid_index = attr->ah_attr.grh.sgid_index;
2223 resp.dest.hop_limit = attr->ah_attr.grh.hop_limit;
2224 resp.dest.traffic_class = attr->ah_attr.grh.traffic_class;
2225 resp.dest.dlid = attr->ah_attr.dlid;
2226 resp.dest.sl = attr->ah_attr.sl;
2227 resp.dest.src_path_bits = attr->ah_attr.src_path_bits;
2228 resp.dest.static_rate = attr->ah_attr.static_rate;
2229 resp.dest.is_global = !!(attr->ah_attr.ah_flags & IB_AH_GRH);
2230 resp.dest.port_num = attr->ah_attr.port_num;
2232 memcpy(resp.alt_dest.dgid, attr->alt_ah_attr.grh.dgid.raw, 16);
2233 resp.alt_dest.flow_label = attr->alt_ah_attr.grh.flow_label;
2234 resp.alt_dest.sgid_index = attr->alt_ah_attr.grh.sgid_index;
2235 resp.alt_dest.hop_limit = attr->alt_ah_attr.grh.hop_limit;
2236 resp.alt_dest.traffic_class = attr->alt_ah_attr.grh.traffic_class;
2237 resp.alt_dest.dlid = attr->alt_ah_attr.dlid;
2238 resp.alt_dest.sl = attr->alt_ah_attr.sl;
2239 resp.alt_dest.src_path_bits = attr->alt_ah_attr.src_path_bits;
2240 resp.alt_dest.static_rate = attr->alt_ah_attr.static_rate;
2241 resp.alt_dest.is_global = !!(attr->alt_ah_attr.ah_flags & IB_AH_GRH);
2242 resp.alt_dest.port_num = attr->alt_ah_attr.port_num;
2244 resp.max_send_wr = init_attr->cap.max_send_wr;
2245 resp.max_recv_wr = init_attr->cap.max_recv_wr;
2246 resp.max_send_sge = init_attr->cap.max_send_sge;
2247 resp.max_recv_sge = init_attr->cap.max_recv_sge;
2248 resp.max_inline_data = init_attr->cap.max_inline_data;
2249 resp.sq_sig_all = init_attr->sq_sig_type == IB_SIGNAL_ALL_WR;
2251 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2252 &resp, sizeof resp))
2259 return ret ? ret : in_len;
2262 /* Remove ignored fields set in the attribute mask */
2263 static int modify_qp_mask(enum ib_qp_type qp_type, int mask)
2266 case IB_QPT_XRC_INI:
2267 return mask & ~(IB_QP_MAX_DEST_RD_ATOMIC | IB_QP_MIN_RNR_TIMER);
2268 case IB_QPT_XRC_TGT:
2269 return mask & ~(IB_QP_MAX_QP_RD_ATOMIC | IB_QP_RETRY_CNT |
2276 ssize_t ib_uverbs_modify_qp(struct ib_uverbs_file *file,
2277 struct ib_device *ib_dev,
2278 const char __user *buf, int in_len,
2281 struct ib_uverbs_modify_qp cmd;
2282 struct ib_udata udata;
2284 struct ib_qp_attr *attr;
2287 if (copy_from_user(&cmd, buf, sizeof cmd))
2290 if ((cmd.attr_mask & IB_QP_PORT) &&
2291 (cmd.port_num < rdma_start_port(ib_dev) ||
2292 cmd.port_num > rdma_end_port(ib_dev)))
2295 INIT_UDATA(&udata, buf + sizeof cmd, NULL, in_len - sizeof cmd,
2298 attr = kmalloc(sizeof *attr, GFP_KERNEL);
2302 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2308 attr->qp_state = cmd.qp_state;
2309 attr->cur_qp_state = cmd.cur_qp_state;
2310 attr->path_mtu = cmd.path_mtu;
2311 attr->path_mig_state = cmd.path_mig_state;
2312 attr->qkey = cmd.qkey;
2313 attr->rq_psn = cmd.rq_psn;
2314 attr->sq_psn = cmd.sq_psn;
2315 attr->dest_qp_num = cmd.dest_qp_num;
2316 attr->qp_access_flags = cmd.qp_access_flags;
2317 attr->pkey_index = cmd.pkey_index;
2318 attr->alt_pkey_index = cmd.alt_pkey_index;
2319 attr->en_sqd_async_notify = cmd.en_sqd_async_notify;
2320 attr->max_rd_atomic = cmd.max_rd_atomic;
2321 attr->max_dest_rd_atomic = cmd.max_dest_rd_atomic;
2322 attr->min_rnr_timer = cmd.min_rnr_timer;
2323 attr->port_num = cmd.port_num;
2324 attr->timeout = cmd.timeout;
2325 attr->retry_cnt = cmd.retry_cnt;
2326 attr->rnr_retry = cmd.rnr_retry;
2327 attr->alt_port_num = cmd.alt_port_num;
2328 attr->alt_timeout = cmd.alt_timeout;
2330 memcpy(attr->ah_attr.grh.dgid.raw, cmd.dest.dgid, 16);
2331 attr->ah_attr.grh.flow_label = cmd.dest.flow_label;
2332 attr->ah_attr.grh.sgid_index = cmd.dest.sgid_index;
2333 attr->ah_attr.grh.hop_limit = cmd.dest.hop_limit;
2334 attr->ah_attr.grh.traffic_class = cmd.dest.traffic_class;
2335 attr->ah_attr.dlid = cmd.dest.dlid;
2336 attr->ah_attr.sl = cmd.dest.sl;
2337 attr->ah_attr.src_path_bits = cmd.dest.src_path_bits;
2338 attr->ah_attr.static_rate = cmd.dest.static_rate;
2339 attr->ah_attr.ah_flags = cmd.dest.is_global ? IB_AH_GRH : 0;
2340 attr->ah_attr.port_num = cmd.dest.port_num;
2342 memcpy(attr->alt_ah_attr.grh.dgid.raw, cmd.alt_dest.dgid, 16);
2343 attr->alt_ah_attr.grh.flow_label = cmd.alt_dest.flow_label;
2344 attr->alt_ah_attr.grh.sgid_index = cmd.alt_dest.sgid_index;
2345 attr->alt_ah_attr.grh.hop_limit = cmd.alt_dest.hop_limit;
2346 attr->alt_ah_attr.grh.traffic_class = cmd.alt_dest.traffic_class;
2347 attr->alt_ah_attr.dlid = cmd.alt_dest.dlid;
2348 attr->alt_ah_attr.sl = cmd.alt_dest.sl;
2349 attr->alt_ah_attr.src_path_bits = cmd.alt_dest.src_path_bits;
2350 attr->alt_ah_attr.static_rate = cmd.alt_dest.static_rate;
2351 attr->alt_ah_attr.ah_flags = cmd.alt_dest.is_global ? IB_AH_GRH : 0;
2352 attr->alt_ah_attr.port_num = cmd.alt_dest.port_num;
2354 if (qp->real_qp == qp) {
2355 ret = ib_resolve_eth_dmac(qp, attr, &cmd.attr_mask);
2358 ret = qp->device->modify_qp(qp, attr,
2359 modify_qp_mask(qp->qp_type, cmd.attr_mask), &udata);
2361 ret = ib_modify_qp(qp, attr, modify_qp_mask(qp->qp_type, cmd.attr_mask));
2378 ssize_t ib_uverbs_destroy_qp(struct ib_uverbs_file *file,
2379 struct ib_device *ib_dev,
2380 const char __user *buf, int in_len,
2383 struct ib_uverbs_destroy_qp cmd;
2384 struct ib_uverbs_destroy_qp_resp resp;
2385 struct ib_uobject *uobj;
2387 struct ib_uqp_object *obj;
2390 if (copy_from_user(&cmd, buf, sizeof cmd))
2393 memset(&resp, 0, sizeof resp);
2395 uobj = idr_write_uobj(&ib_uverbs_qp_idr, cmd.qp_handle, file->ucontext);
2399 obj = container_of(uobj, struct ib_uqp_object, uevent.uobject);
2401 if (!list_empty(&obj->mcast_list)) {
2402 put_uobj_write(uobj);
2406 ret = ib_destroy_qp(qp);
2410 put_uobj_write(uobj);
2416 atomic_dec(&obj->uxrcd->refcnt);
2418 idr_remove_uobj(&ib_uverbs_qp_idr, uobj);
2420 mutex_lock(&file->mutex);
2421 list_del(&uobj->list);
2422 mutex_unlock(&file->mutex);
2424 ib_uverbs_release_uevent(file, &obj->uevent);
2426 resp.events_reported = obj->uevent.events_reported;
2430 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2431 &resp, sizeof resp))
2437 static void *alloc_wr(size_t wr_size, __u32 num_sge)
2439 if (num_sge >= (U32_MAX - ALIGN(wr_size, sizeof (struct ib_sge))) /
2440 sizeof (struct ib_sge))
2443 return kmalloc(ALIGN(wr_size, sizeof (struct ib_sge)) +
2444 num_sge * sizeof (struct ib_sge), GFP_KERNEL);
2447 ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
2448 struct ib_device *ib_dev,
2449 const char __user *buf, int in_len,
2452 struct ib_uverbs_post_send cmd;
2453 struct ib_uverbs_post_send_resp resp;
2454 struct ib_uverbs_send_wr *user_wr;
2455 struct ib_send_wr *wr = NULL, *last, *next, *bad_wr;
2459 ssize_t ret = -EINVAL;
2462 if (copy_from_user(&cmd, buf, sizeof cmd))
2465 if (in_len < sizeof cmd + cmd.wqe_size * cmd.wr_count +
2466 cmd.sge_count * sizeof (struct ib_uverbs_sge))
2469 if (cmd.wqe_size < sizeof (struct ib_uverbs_send_wr))
2472 user_wr = kmalloc(cmd.wqe_size, GFP_KERNEL);
2476 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2480 is_ud = qp->qp_type == IB_QPT_UD;
2483 for (i = 0; i < cmd.wr_count; ++i) {
2484 if (copy_from_user(user_wr,
2485 buf + sizeof cmd + i * cmd.wqe_size,
2491 if (user_wr->num_sge + sg_ind > cmd.sge_count) {
2497 struct ib_ud_wr *ud;
2499 if (user_wr->opcode != IB_WR_SEND &&
2500 user_wr->opcode != IB_WR_SEND_WITH_IMM) {
2505 next_size = sizeof(*ud);
2506 ud = alloc_wr(next_size, user_wr->num_sge);
2512 ud->ah = idr_read_ah(user_wr->wr.ud.ah, file->ucontext);
2518 ud->remote_qpn = user_wr->wr.ud.remote_qpn;
2519 ud->remote_qkey = user_wr->wr.ud.remote_qkey;
2522 } else if (user_wr->opcode == IB_WR_RDMA_WRITE_WITH_IMM ||
2523 user_wr->opcode == IB_WR_RDMA_WRITE ||
2524 user_wr->opcode == IB_WR_RDMA_READ) {
2525 struct ib_rdma_wr *rdma;
2527 next_size = sizeof(*rdma);
2528 rdma = alloc_wr(next_size, user_wr->num_sge);
2534 rdma->remote_addr = user_wr->wr.rdma.remote_addr;
2535 rdma->rkey = user_wr->wr.rdma.rkey;
2538 } else if (user_wr->opcode == IB_WR_ATOMIC_CMP_AND_SWP ||
2539 user_wr->opcode == IB_WR_ATOMIC_FETCH_AND_ADD) {
2540 struct ib_atomic_wr *atomic;
2542 next_size = sizeof(*atomic);
2543 atomic = alloc_wr(next_size, user_wr->num_sge);
2549 atomic->remote_addr = user_wr->wr.atomic.remote_addr;
2550 atomic->compare_add = user_wr->wr.atomic.compare_add;
2551 atomic->swap = user_wr->wr.atomic.swap;
2552 atomic->rkey = user_wr->wr.atomic.rkey;
2555 } else if (user_wr->opcode == IB_WR_SEND ||
2556 user_wr->opcode == IB_WR_SEND_WITH_IMM ||
2557 user_wr->opcode == IB_WR_SEND_WITH_INV) {
2558 next_size = sizeof(*next);
2559 next = alloc_wr(next_size, user_wr->num_sge);
2569 if (user_wr->opcode == IB_WR_SEND_WITH_IMM ||
2570 user_wr->opcode == IB_WR_RDMA_WRITE_WITH_IMM) {
2572 (__be32 __force) user_wr->ex.imm_data;
2573 } else if (user_wr->opcode == IB_WR_SEND_WITH_INV) {
2574 next->ex.invalidate_rkey = user_wr->ex.invalidate_rkey;
2584 next->wr_id = user_wr->wr_id;
2585 next->num_sge = user_wr->num_sge;
2586 next->opcode = user_wr->opcode;
2587 next->send_flags = user_wr->send_flags;
2589 if (next->num_sge) {
2590 next->sg_list = (void *) next +
2591 ALIGN(next_size, sizeof(struct ib_sge));
2592 if (copy_from_user(next->sg_list,
2594 cmd.wr_count * cmd.wqe_size +
2595 sg_ind * sizeof (struct ib_sge),
2596 next->num_sge * sizeof (struct ib_sge))) {
2600 sg_ind += next->num_sge;
2602 next->sg_list = NULL;
2606 ret = qp->device->post_send(qp->real_qp, wr, &bad_wr);
2608 for (next = wr; next; next = next->next) {
2614 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2615 &resp, sizeof resp))
2622 if (is_ud && ud_wr(wr)->ah)
2623 put_ah_read(ud_wr(wr)->ah);
2632 return ret ? ret : in_len;
2635 static struct ib_recv_wr *ib_uverbs_unmarshall_recv(const char __user *buf,
2641 struct ib_uverbs_recv_wr *user_wr;
2642 struct ib_recv_wr *wr = NULL, *last, *next;
2647 if (in_len < wqe_size * wr_count +
2648 sge_count * sizeof (struct ib_uverbs_sge))
2649 return ERR_PTR(-EINVAL);
2651 if (wqe_size < sizeof (struct ib_uverbs_recv_wr))
2652 return ERR_PTR(-EINVAL);
2654 user_wr = kmalloc(wqe_size, GFP_KERNEL);
2656 return ERR_PTR(-ENOMEM);
2660 for (i = 0; i < wr_count; ++i) {
2661 if (copy_from_user(user_wr, buf + i * wqe_size,
2667 if (user_wr->num_sge + sg_ind > sge_count) {
2672 if (user_wr->num_sge >=
2673 (U32_MAX - ALIGN(sizeof *next, sizeof (struct ib_sge))) /
2674 sizeof (struct ib_sge)) {
2679 next = kmalloc(ALIGN(sizeof *next, sizeof (struct ib_sge)) +
2680 user_wr->num_sge * sizeof (struct ib_sge),
2694 next->wr_id = user_wr->wr_id;
2695 next->num_sge = user_wr->num_sge;
2697 if (next->num_sge) {
2698 next->sg_list = (void *) next +
2699 ALIGN(sizeof *next, sizeof (struct ib_sge));
2700 if (copy_from_user(next->sg_list,
2701 buf + wr_count * wqe_size +
2702 sg_ind * sizeof (struct ib_sge),
2703 next->num_sge * sizeof (struct ib_sge))) {
2707 sg_ind += next->num_sge;
2709 next->sg_list = NULL;
2724 return ERR_PTR(ret);
2727 ssize_t ib_uverbs_post_recv(struct ib_uverbs_file *file,
2728 struct ib_device *ib_dev,
2729 const char __user *buf, int in_len,
2732 struct ib_uverbs_post_recv cmd;
2733 struct ib_uverbs_post_recv_resp resp;
2734 struct ib_recv_wr *wr, *next, *bad_wr;
2736 ssize_t ret = -EINVAL;
2738 if (copy_from_user(&cmd, buf, sizeof cmd))
2741 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd,
2742 in_len - sizeof cmd, cmd.wr_count,
2743 cmd.sge_count, cmd.wqe_size);
2747 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2752 ret = qp->device->post_recv(qp->real_qp, wr, &bad_wr);
2757 for (next = wr; next; next = next->next) {
2763 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2764 &resp, sizeof resp))
2774 return ret ? ret : in_len;
2777 ssize_t ib_uverbs_post_srq_recv(struct ib_uverbs_file *file,
2778 struct ib_device *ib_dev,
2779 const char __user *buf, int in_len,
2782 struct ib_uverbs_post_srq_recv cmd;
2783 struct ib_uverbs_post_srq_recv_resp resp;
2784 struct ib_recv_wr *wr, *next, *bad_wr;
2786 ssize_t ret = -EINVAL;
2788 if (copy_from_user(&cmd, buf, sizeof cmd))
2791 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd,
2792 in_len - sizeof cmd, cmd.wr_count,
2793 cmd.sge_count, cmd.wqe_size);
2797 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
2802 ret = srq->device->post_srq_recv(srq, wr, &bad_wr);
2807 for (next = wr; next; next = next->next) {
2813 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2814 &resp, sizeof resp))
2824 return ret ? ret : in_len;
2827 ssize_t ib_uverbs_create_ah(struct ib_uverbs_file *file,
2828 struct ib_device *ib_dev,
2829 const char __user *buf, int in_len,
2832 struct ib_uverbs_create_ah cmd;
2833 struct ib_uverbs_create_ah_resp resp;
2834 struct ib_uobject *uobj;
2837 struct ib_ah_attr attr;
2840 if (out_len < sizeof resp)
2843 if (copy_from_user(&cmd, buf, sizeof cmd))
2846 if (cmd.attr.port_num < rdma_start_port(ib_dev) ||
2847 cmd.attr.port_num > rdma_end_port(ib_dev))
2850 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
2854 init_uobj(uobj, cmd.user_handle, file->ucontext, &ah_lock_class);
2855 down_write(&uobj->mutex);
2857 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
2863 attr.dlid = cmd.attr.dlid;
2864 attr.sl = cmd.attr.sl;
2865 attr.src_path_bits = cmd.attr.src_path_bits;
2866 attr.static_rate = cmd.attr.static_rate;
2867 attr.ah_flags = cmd.attr.is_global ? IB_AH_GRH : 0;
2868 attr.port_num = cmd.attr.port_num;
2869 attr.grh.flow_label = cmd.attr.grh.flow_label;
2870 attr.grh.sgid_index = cmd.attr.grh.sgid_index;
2871 attr.grh.hop_limit = cmd.attr.grh.hop_limit;
2872 attr.grh.traffic_class = cmd.attr.grh.traffic_class;
2873 memset(&attr.dmac, 0, sizeof(attr.dmac));
2874 memcpy(attr.grh.dgid.raw, cmd.attr.grh.dgid, 16);
2876 ah = ib_create_ah(pd, &attr);
2885 ret = idr_add_uobj(&ib_uverbs_ah_idr, uobj);
2889 resp.ah_handle = uobj->id;
2891 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2892 &resp, sizeof resp)) {
2899 mutex_lock(&file->mutex);
2900 list_add_tail(&uobj->list, &file->ucontext->ah_list);
2901 mutex_unlock(&file->mutex);
2905 up_write(&uobj->mutex);
2910 idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
2919 put_uobj_write(uobj);
2923 ssize_t ib_uverbs_destroy_ah(struct ib_uverbs_file *file,
2924 struct ib_device *ib_dev,
2925 const char __user *buf, int in_len, int out_len)
2927 struct ib_uverbs_destroy_ah cmd;
2929 struct ib_uobject *uobj;
2932 if (copy_from_user(&cmd, buf, sizeof cmd))
2935 uobj = idr_write_uobj(&ib_uverbs_ah_idr, cmd.ah_handle, file->ucontext);
2940 ret = ib_destroy_ah(ah);
2944 put_uobj_write(uobj);
2949 idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
2951 mutex_lock(&file->mutex);
2952 list_del(&uobj->list);
2953 mutex_unlock(&file->mutex);
2960 ssize_t ib_uverbs_attach_mcast(struct ib_uverbs_file *file,
2961 struct ib_device *ib_dev,
2962 const char __user *buf, int in_len,
2965 struct ib_uverbs_attach_mcast cmd;
2967 struct ib_uqp_object *obj;
2968 struct ib_uverbs_mcast_entry *mcast;
2971 if (copy_from_user(&cmd, buf, sizeof cmd))
2974 qp = idr_write_qp(cmd.qp_handle, file->ucontext);
2978 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
2980 list_for_each_entry(mcast, &obj->mcast_list, list)
2981 if (cmd.mlid == mcast->lid &&
2982 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
2987 mcast = kmalloc(sizeof *mcast, GFP_KERNEL);
2993 mcast->lid = cmd.mlid;
2994 memcpy(mcast->gid.raw, cmd.gid, sizeof mcast->gid.raw);
2996 ret = ib_attach_mcast(qp, &mcast->gid, cmd.mlid);
2998 list_add_tail(&mcast->list, &obj->mcast_list);
3005 return ret ? ret : in_len;
3008 ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *file,
3009 struct ib_device *ib_dev,
3010 const char __user *buf, int in_len,
3013 struct ib_uverbs_detach_mcast cmd;
3014 struct ib_uqp_object *obj;
3016 struct ib_uverbs_mcast_entry *mcast;
3019 if (copy_from_user(&cmd, buf, sizeof cmd))
3022 qp = idr_write_qp(cmd.qp_handle, file->ucontext);
3026 ret = ib_detach_mcast(qp, (union ib_gid *) cmd.gid, cmd.mlid);
3030 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
3032 list_for_each_entry(mcast, &obj->mcast_list, list)
3033 if (cmd.mlid == mcast->lid &&
3034 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
3035 list_del(&mcast->list);
3043 return ret ? ret : in_len;
3046 static int kern_spec_to_ib_spec(struct ib_uverbs_flow_spec *kern_spec,
3047 union ib_flow_spec *ib_spec)
3049 if (kern_spec->reserved)
3052 ib_spec->type = kern_spec->type;
3054 switch (ib_spec->type) {
3055 case IB_FLOW_SPEC_ETH:
3056 ib_spec->eth.size = sizeof(struct ib_flow_spec_eth);
3057 if (ib_spec->eth.size != kern_spec->eth.size)
3059 memcpy(&ib_spec->eth.val, &kern_spec->eth.val,
3060 sizeof(struct ib_flow_eth_filter));
3061 memcpy(&ib_spec->eth.mask, &kern_spec->eth.mask,
3062 sizeof(struct ib_flow_eth_filter));
3064 case IB_FLOW_SPEC_IPV4:
3065 ib_spec->ipv4.size = sizeof(struct ib_flow_spec_ipv4);
3066 if (ib_spec->ipv4.size != kern_spec->ipv4.size)
3068 memcpy(&ib_spec->ipv4.val, &kern_spec->ipv4.val,
3069 sizeof(struct ib_flow_ipv4_filter));
3070 memcpy(&ib_spec->ipv4.mask, &kern_spec->ipv4.mask,
3071 sizeof(struct ib_flow_ipv4_filter));
3073 case IB_FLOW_SPEC_TCP:
3074 case IB_FLOW_SPEC_UDP:
3075 ib_spec->tcp_udp.size = sizeof(struct ib_flow_spec_tcp_udp);
3076 if (ib_spec->tcp_udp.size != kern_spec->tcp_udp.size)
3078 memcpy(&ib_spec->tcp_udp.val, &kern_spec->tcp_udp.val,
3079 sizeof(struct ib_flow_tcp_udp_filter));
3080 memcpy(&ib_spec->tcp_udp.mask, &kern_spec->tcp_udp.mask,
3081 sizeof(struct ib_flow_tcp_udp_filter));
3089 int ib_uverbs_ex_create_flow(struct ib_uverbs_file *file,
3090 struct ib_device *ib_dev,
3091 struct ib_udata *ucore,
3092 struct ib_udata *uhw)
3094 struct ib_uverbs_create_flow cmd;
3095 struct ib_uverbs_create_flow_resp resp;
3096 struct ib_uobject *uobj;
3097 struct ib_flow *flow_id;
3098 struct ib_uverbs_flow_attr *kern_flow_attr;
3099 struct ib_flow_attr *flow_attr;
3106 if (ucore->inlen < sizeof(cmd))
3109 if (ucore->outlen < sizeof(resp))
3112 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
3116 ucore->inbuf += sizeof(cmd);
3117 ucore->inlen -= sizeof(cmd);
3122 if ((cmd.flow_attr.type == IB_FLOW_ATTR_SNIFFER &&
3123 !capable(CAP_NET_ADMIN)) || !capable(CAP_NET_RAW))
3126 if (cmd.flow_attr.num_of_specs > IB_FLOW_SPEC_SUPPORT_LAYERS)
3129 if (cmd.flow_attr.size > ucore->inlen ||
3130 cmd.flow_attr.size >
3131 (cmd.flow_attr.num_of_specs * sizeof(struct ib_uverbs_flow_spec)))
3134 if (cmd.flow_attr.reserved[0] ||
3135 cmd.flow_attr.reserved[1])
3138 if (cmd.flow_attr.num_of_specs) {
3139 kern_flow_attr = kmalloc(sizeof(*kern_flow_attr) + cmd.flow_attr.size,
3141 if (!kern_flow_attr)
3144 memcpy(kern_flow_attr, &cmd.flow_attr, sizeof(*kern_flow_attr));
3145 err = ib_copy_from_udata(kern_flow_attr + 1, ucore,
3146 cmd.flow_attr.size);
3150 kern_flow_attr = &cmd.flow_attr;
3153 uobj = kmalloc(sizeof(*uobj), GFP_KERNEL);
3158 init_uobj(uobj, 0, file->ucontext, &rule_lock_class);
3159 down_write(&uobj->mutex);
3161 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
3167 flow_attr = kmalloc(sizeof(*flow_attr) + cmd.flow_attr.size, GFP_KERNEL);
3173 flow_attr->type = kern_flow_attr->type;
3174 flow_attr->priority = kern_flow_attr->priority;
3175 flow_attr->num_of_specs = kern_flow_attr->num_of_specs;
3176 flow_attr->port = kern_flow_attr->port;
3177 flow_attr->flags = kern_flow_attr->flags;
3178 flow_attr->size = sizeof(*flow_attr);
3180 kern_spec = kern_flow_attr + 1;
3181 ib_spec = flow_attr + 1;
3182 for (i = 0; i < flow_attr->num_of_specs &&
3183 cmd.flow_attr.size > offsetof(struct ib_uverbs_flow_spec, reserved) &&
3184 cmd.flow_attr.size >=
3185 ((struct ib_uverbs_flow_spec *)kern_spec)->size; i++) {
3186 err = kern_spec_to_ib_spec(kern_spec, ib_spec);
3190 ((union ib_flow_spec *) ib_spec)->size;
3191 cmd.flow_attr.size -= ((struct ib_uverbs_flow_spec *)kern_spec)->size;
3192 kern_spec += ((struct ib_uverbs_flow_spec *) kern_spec)->size;
3193 ib_spec += ((union ib_flow_spec *) ib_spec)->size;
3195 if (cmd.flow_attr.size || (i != flow_attr->num_of_specs)) {
3196 pr_warn("create flow failed, flow %d: %d bytes left from uverb cmd\n",
3197 i, cmd.flow_attr.size);
3201 flow_id = ib_create_flow(qp, flow_attr, IB_FLOW_DOMAIN_USER);
3202 if (IS_ERR(flow_id)) {
3203 err = PTR_ERR(flow_id);
3207 flow_id->uobject = uobj;
3208 uobj->object = flow_id;
3210 err = idr_add_uobj(&ib_uverbs_rule_idr, uobj);
3214 memset(&resp, 0, sizeof(resp));
3215 resp.flow_handle = uobj->id;
3217 err = ib_copy_to_udata(ucore,
3218 &resp, sizeof(resp));
3223 mutex_lock(&file->mutex);
3224 list_add_tail(&uobj->list, &file->ucontext->rule_list);
3225 mutex_unlock(&file->mutex);
3229 up_write(&uobj->mutex);
3231 if (cmd.flow_attr.num_of_specs)
3232 kfree(kern_flow_attr);
3235 idr_remove_uobj(&ib_uverbs_rule_idr, uobj);
3237 ib_destroy_flow(flow_id);
3243 put_uobj_write(uobj);
3245 if (cmd.flow_attr.num_of_specs)
3246 kfree(kern_flow_attr);
3250 int ib_uverbs_ex_destroy_flow(struct ib_uverbs_file *file,
3251 struct ib_device *ib_dev,
3252 struct ib_udata *ucore,
3253 struct ib_udata *uhw)
3255 struct ib_uverbs_destroy_flow cmd;
3256 struct ib_flow *flow_id;
3257 struct ib_uobject *uobj;
3260 if (ucore->inlen < sizeof(cmd))
3263 ret = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
3270 uobj = idr_write_uobj(&ib_uverbs_rule_idr, cmd.flow_handle,
3274 flow_id = uobj->object;
3276 ret = ib_destroy_flow(flow_id);
3280 put_uobj_write(uobj);
3282 idr_remove_uobj(&ib_uverbs_rule_idr, uobj);
3284 mutex_lock(&file->mutex);
3285 list_del(&uobj->list);
3286 mutex_unlock(&file->mutex);
3293 static int __uverbs_create_xsrq(struct ib_uverbs_file *file,
3294 struct ib_device *ib_dev,
3295 struct ib_uverbs_create_xsrq *cmd,
3296 struct ib_udata *udata)
3298 struct ib_uverbs_create_srq_resp resp;
3299 struct ib_usrq_object *obj;
3302 struct ib_uobject *uninitialized_var(xrcd_uobj);
3303 struct ib_srq_init_attr attr;
3306 obj = kmalloc(sizeof *obj, GFP_KERNEL);
3310 init_uobj(&obj->uevent.uobject, cmd->user_handle, file->ucontext, &srq_lock_class);
3311 down_write(&obj->uevent.uobject.mutex);
3313 if (cmd->srq_type == IB_SRQT_XRC) {
3314 attr.ext.xrc.xrcd = idr_read_xrcd(cmd->xrcd_handle, file->ucontext, &xrcd_uobj);
3315 if (!attr.ext.xrc.xrcd) {
3320 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object, uobject);
3321 atomic_inc(&obj->uxrcd->refcnt);
3323 attr.ext.xrc.cq = idr_read_cq(cmd->cq_handle, file->ucontext, 0);
3324 if (!attr.ext.xrc.cq) {
3330 pd = idr_read_pd(cmd->pd_handle, file->ucontext);
3336 attr.event_handler = ib_uverbs_srq_event_handler;
3337 attr.srq_context = file;
3338 attr.srq_type = cmd->srq_type;
3339 attr.attr.max_wr = cmd->max_wr;
3340 attr.attr.max_sge = cmd->max_sge;
3341 attr.attr.srq_limit = cmd->srq_limit;
3343 obj->uevent.events_reported = 0;
3344 INIT_LIST_HEAD(&obj->uevent.event_list);
3346 srq = pd->device->create_srq(pd, &attr, udata);
3352 srq->device = pd->device;
3354 srq->srq_type = cmd->srq_type;
3355 srq->uobject = &obj->uevent.uobject;
3356 srq->event_handler = attr.event_handler;
3357 srq->srq_context = attr.srq_context;
3359 if (cmd->srq_type == IB_SRQT_XRC) {
3360 srq->ext.xrc.cq = attr.ext.xrc.cq;
3361 srq->ext.xrc.xrcd = attr.ext.xrc.xrcd;
3362 atomic_inc(&attr.ext.xrc.cq->usecnt);
3363 atomic_inc(&attr.ext.xrc.xrcd->usecnt);
3366 atomic_inc(&pd->usecnt);
3367 atomic_set(&srq->usecnt, 0);
3369 obj->uevent.uobject.object = srq;
3370 ret = idr_add_uobj(&ib_uverbs_srq_idr, &obj->uevent.uobject);
3374 memset(&resp, 0, sizeof resp);
3375 resp.srq_handle = obj->uevent.uobject.id;
3376 resp.max_wr = attr.attr.max_wr;
3377 resp.max_sge = attr.attr.max_sge;
3378 if (cmd->srq_type == IB_SRQT_XRC)
3379 resp.srqn = srq->ext.xrc.srq_num;
3381 if (copy_to_user((void __user *) (unsigned long) cmd->response,
3382 &resp, sizeof resp)) {
3387 if (cmd->srq_type == IB_SRQT_XRC) {
3388 put_uobj_read(xrcd_uobj);
3389 put_cq_read(attr.ext.xrc.cq);
3393 mutex_lock(&file->mutex);
3394 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->srq_list);
3395 mutex_unlock(&file->mutex);
3397 obj->uevent.uobject.live = 1;
3399 up_write(&obj->uevent.uobject.mutex);
3404 idr_remove_uobj(&ib_uverbs_srq_idr, &obj->uevent.uobject);
3407 ib_destroy_srq(srq);
3413 if (cmd->srq_type == IB_SRQT_XRC)
3414 put_cq_read(attr.ext.xrc.cq);
3417 if (cmd->srq_type == IB_SRQT_XRC) {
3418 atomic_dec(&obj->uxrcd->refcnt);
3419 put_uobj_read(xrcd_uobj);
3423 put_uobj_write(&obj->uevent.uobject);
3427 ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file,
3428 struct ib_device *ib_dev,
3429 const char __user *buf, int in_len,
3432 struct ib_uverbs_create_srq cmd;
3433 struct ib_uverbs_create_xsrq xcmd;
3434 struct ib_uverbs_create_srq_resp resp;
3435 struct ib_udata udata;
3438 if (out_len < sizeof resp)
3441 if (copy_from_user(&cmd, buf, sizeof cmd))
3444 xcmd.response = cmd.response;
3445 xcmd.user_handle = cmd.user_handle;
3446 xcmd.srq_type = IB_SRQT_BASIC;
3447 xcmd.pd_handle = cmd.pd_handle;
3448 xcmd.max_wr = cmd.max_wr;
3449 xcmd.max_sge = cmd.max_sge;
3450 xcmd.srq_limit = cmd.srq_limit;
3452 INIT_UDATA(&udata, buf + sizeof cmd,
3453 (unsigned long) cmd.response + sizeof resp,
3454 in_len - sizeof cmd, out_len - sizeof resp);
3456 ret = __uverbs_create_xsrq(file, ib_dev, &xcmd, &udata);
3463 ssize_t ib_uverbs_create_xsrq(struct ib_uverbs_file *file,
3464 struct ib_device *ib_dev,
3465 const char __user *buf, int in_len, int out_len)
3467 struct ib_uverbs_create_xsrq cmd;
3468 struct ib_uverbs_create_srq_resp resp;
3469 struct ib_udata udata;
3472 if (out_len < sizeof resp)
3475 if (copy_from_user(&cmd, buf, sizeof cmd))
3478 INIT_UDATA(&udata, buf + sizeof cmd,
3479 (unsigned long) cmd.response + sizeof resp,
3480 in_len - sizeof cmd, out_len - sizeof resp);
3482 ret = __uverbs_create_xsrq(file, ib_dev, &cmd, &udata);
3489 ssize_t ib_uverbs_modify_srq(struct ib_uverbs_file *file,
3490 struct ib_device *ib_dev,
3491 const char __user *buf, int in_len,
3494 struct ib_uverbs_modify_srq cmd;
3495 struct ib_udata udata;
3497 struct ib_srq_attr attr;
3500 if (copy_from_user(&cmd, buf, sizeof cmd))
3503 INIT_UDATA(&udata, buf + sizeof cmd, NULL, in_len - sizeof cmd,
3506 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
3510 attr.max_wr = cmd.max_wr;
3511 attr.srq_limit = cmd.srq_limit;
3513 ret = srq->device->modify_srq(srq, &attr, cmd.attr_mask, &udata);
3517 return ret ? ret : in_len;
3520 ssize_t ib_uverbs_query_srq(struct ib_uverbs_file *file,
3521 struct ib_device *ib_dev,
3522 const char __user *buf,
3523 int in_len, int out_len)
3525 struct ib_uverbs_query_srq cmd;
3526 struct ib_uverbs_query_srq_resp resp;
3527 struct ib_srq_attr attr;
3531 if (out_len < sizeof resp)
3534 if (copy_from_user(&cmd, buf, sizeof cmd))
3537 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
3541 ret = ib_query_srq(srq, &attr);
3548 memset(&resp, 0, sizeof resp);
3550 resp.max_wr = attr.max_wr;
3551 resp.max_sge = attr.max_sge;
3552 resp.srq_limit = attr.srq_limit;
3554 if (copy_to_user((void __user *) (unsigned long) cmd.response,
3555 &resp, sizeof resp))
3561 ssize_t ib_uverbs_destroy_srq(struct ib_uverbs_file *file,
3562 struct ib_device *ib_dev,
3563 const char __user *buf, int in_len,
3566 struct ib_uverbs_destroy_srq cmd;
3567 struct ib_uverbs_destroy_srq_resp resp;
3568 struct ib_uobject *uobj;
3570 struct ib_uevent_object *obj;
3572 struct ib_usrq_object *us;
3573 enum ib_srq_type srq_type;
3575 if (copy_from_user(&cmd, buf, sizeof cmd))
3578 uobj = idr_write_uobj(&ib_uverbs_srq_idr, cmd.srq_handle, file->ucontext);
3582 obj = container_of(uobj, struct ib_uevent_object, uobject);
3583 srq_type = srq->srq_type;
3585 ret = ib_destroy_srq(srq);
3589 put_uobj_write(uobj);
3594 if (srq_type == IB_SRQT_XRC) {
3595 us = container_of(obj, struct ib_usrq_object, uevent);
3596 atomic_dec(&us->uxrcd->refcnt);
3599 idr_remove_uobj(&ib_uverbs_srq_idr, uobj);
3601 mutex_lock(&file->mutex);
3602 list_del(&uobj->list);
3603 mutex_unlock(&file->mutex);
3605 ib_uverbs_release_uevent(file, obj);
3607 memset(&resp, 0, sizeof resp);
3608 resp.events_reported = obj->events_reported;
3612 if (copy_to_user((void __user *) (unsigned long) cmd.response,
3613 &resp, sizeof resp))
3616 return ret ? ret : in_len;
3619 int ib_uverbs_ex_query_device(struct ib_uverbs_file *file,
3620 struct ib_device *ib_dev,
3621 struct ib_udata *ucore,
3622 struct ib_udata *uhw)
3624 struct ib_uverbs_ex_query_device_resp resp;
3625 struct ib_uverbs_ex_query_device cmd;
3626 struct ib_device_attr attr;
3629 if (ucore->inlen < sizeof(cmd))
3632 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
3642 resp.response_length = offsetof(typeof(resp), odp_caps);
3644 if (ucore->outlen < resp.response_length)
3647 memset(&attr, 0, sizeof(attr));
3649 err = ib_dev->query_device(ib_dev, &attr, uhw);
3653 copy_query_dev_fields(file, ib_dev, &resp.base, &attr);
3656 if (ucore->outlen < resp.response_length + sizeof(resp.odp_caps))
3659 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
3660 resp.odp_caps.general_caps = attr.odp_caps.general_caps;
3661 resp.odp_caps.per_transport_caps.rc_odp_caps =
3662 attr.odp_caps.per_transport_caps.rc_odp_caps;
3663 resp.odp_caps.per_transport_caps.uc_odp_caps =
3664 attr.odp_caps.per_transport_caps.uc_odp_caps;
3665 resp.odp_caps.per_transport_caps.ud_odp_caps =
3666 attr.odp_caps.per_transport_caps.ud_odp_caps;
3667 resp.odp_caps.reserved = 0;
3669 memset(&resp.odp_caps, 0, sizeof(resp.odp_caps));
3671 resp.response_length += sizeof(resp.odp_caps);
3673 if (ucore->outlen < resp.response_length + sizeof(resp.timestamp_mask))
3676 resp.timestamp_mask = attr.timestamp_mask;
3677 resp.response_length += sizeof(resp.timestamp_mask);
3679 if (ucore->outlen < resp.response_length + sizeof(resp.hca_core_clock))
3682 resp.hca_core_clock = attr.hca_core_clock;
3683 resp.response_length += sizeof(resp.hca_core_clock);
3686 err = ib_copy_to_udata(ucore, &resp, resp.response_length);
projects / releases.git / blob