xref: /openbmc/linux/drivers/infiniband/core/user_mad.c (revision 96de0e252cedffad61b3cb5e05662c591898e69a)
1 /*
2  * Copyright (c) 2004 Topspin Communications.  All rights reserved.
3  * Copyright (c) 2005 Voltaire, Inc. All rights reserved.
4  * Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved.
5  *
6  * This software is available to you under a choice of one of two
7  * licenses.  You may choose to be licensed under the terms of the GNU
8  * General Public License (GPL) Version 2, available from the file
9  * COPYING in the main directory of this source tree, or the
10  * OpenIB.org BSD license below:
11  *
12  *     Redistribution and use in source and binary forms, with or
13  *     without modification, are permitted provided that the following
14  *     conditions are met:
15  *
16  *      - Redistributions of source code must retain the above
17  *        copyright notice, this list of conditions and the following
18  *        disclaimer.
19  *
20  *      - Redistributions in binary form must reproduce the above
21  *        copyright notice, this list of conditions and the following
22  *        disclaimer in the documentation and/or other materials
23  *        provided with the distribution.
24  *
25  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
29  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
30  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
31  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32  * SOFTWARE.
33  *
34  * $Id: user_mad.c 5596 2006-03-03 01:00:07Z sean.hefty $
35  */
36 
37 #include <linux/module.h>
38 #include <linux/init.h>
39 #include <linux/device.h>
40 #include <linux/err.h>
41 #include <linux/fs.h>
42 #include <linux/cdev.h>
43 #include <linux/dma-mapping.h>
44 #include <linux/poll.h>
45 #include <linux/rwsem.h>
46 #include <linux/kref.h>
47 #include <linux/compat.h>
48 
49 #include <asm/uaccess.h>
50 #include <asm/semaphore.h>
51 
52 #include <rdma/ib_mad.h>
53 #include <rdma/ib_user_mad.h>
54 
55 MODULE_AUTHOR("Roland Dreier");
56 MODULE_DESCRIPTION("InfiniBand userspace MAD packet access");
57 MODULE_LICENSE("Dual BSD/GPL");
58 
59 enum {
60 	IB_UMAD_MAX_PORTS  = 64,
61 	IB_UMAD_MAX_AGENTS = 32,
62 
63 	IB_UMAD_MAJOR      = 231,
64 	IB_UMAD_MINOR_BASE = 0
65 };
66 
67 /*
68  * Our lifetime rules for these structs are the following: each time a
69  * device special file is opened, we look up the corresponding struct
70  * ib_umad_port by minor in the umad_port[] table while holding the
71  * port_lock.  If this lookup succeeds, we take a reference on the
72  * ib_umad_port's struct ib_umad_device while still holding the
73  * port_lock; if the lookup fails, we fail the open().  We drop these
74  * references in the corresponding close().
75  *
76  * In addition to references coming from open character devices, there
77  * is one more reference to each ib_umad_device representing the
78  * module's reference taken when allocating the ib_umad_device in
79  * ib_umad_add_one().
80  *
81  * When destroying an ib_umad_device, we clear all of its
82  * ib_umad_ports from umad_port[] while holding port_lock before
83  * dropping the module's reference to the ib_umad_device.  This is
84  * always safe because any open() calls will either succeed and obtain
85  * a reference before we clear the umad_port[] entries, or fail after
86  * we clear the umad_port[] entries.
87  */
88 
89 struct ib_umad_port {
90 	struct cdev           *dev;
91 	struct class_device   *class_dev;
92 
93 	struct cdev           *sm_dev;
94 	struct class_device   *sm_class_dev;
95 	struct semaphore       sm_sem;
96 
97 	struct rw_semaphore    mutex;
98 	struct list_head       file_list;
99 
100 	struct ib_device      *ib_dev;
101 	struct ib_umad_device *umad_dev;
102 	int                    dev_num;
103 	u8                     port_num;
104 };
105 
106 struct ib_umad_device {
107 	int                  start_port, end_port;
108 	struct kref          ref;
109 	struct ib_umad_port  port[0];
110 };
111 
112 struct ib_umad_file {
113 	struct ib_umad_port    *port;
114 	struct list_head	recv_list;
115 	struct list_head	send_list;
116 	struct list_head	port_list;
117 	spinlock_t		recv_lock;
118 	spinlock_t		send_lock;
119 	wait_queue_head_t	recv_wait;
120 	struct ib_mad_agent    *agent[IB_UMAD_MAX_AGENTS];
121 	int			agents_dead;
122 	u8			use_pkey_index;
123 	u8			already_used;
124 };
125 
126 struct ib_umad_packet {
127 	struct ib_mad_send_buf *msg;
128 	struct ib_mad_recv_wc  *recv_wc;
129 	struct list_head   list;
130 	int		   length;
131 	struct ib_user_mad mad;
132 };
133 
134 static struct class *umad_class;
135 
136 static const dev_t base_dev = MKDEV(IB_UMAD_MAJOR, IB_UMAD_MINOR_BASE);
137 
138 static DEFINE_SPINLOCK(port_lock);
139 static struct ib_umad_port *umad_port[IB_UMAD_MAX_PORTS];
140 static DECLARE_BITMAP(dev_map, IB_UMAD_MAX_PORTS);
141 
142 static void ib_umad_add_one(struct ib_device *device);
143 static void ib_umad_remove_one(struct ib_device *device);
144 
145 static void ib_umad_release_dev(struct kref *ref)
146 {
147 	struct ib_umad_device *dev =
148 		container_of(ref, struct ib_umad_device, ref);
149 
150 	kfree(dev);
151 }
152 
153 static int hdr_size(struct ib_umad_file *file)
154 {
155 	return file->use_pkey_index ? sizeof (struct ib_user_mad_hdr) :
156 		sizeof (struct ib_user_mad_hdr_old);
157 }
158 
159 /* caller must hold port->mutex at least for reading */
160 static struct ib_mad_agent *__get_agent(struct ib_umad_file *file, int id)
161 {
162 	return file->agents_dead ? NULL : file->agent[id];
163 }
164 
165 static int queue_packet(struct ib_umad_file *file,
166 			struct ib_mad_agent *agent,
167 			struct ib_umad_packet *packet)
168 {
169 	int ret = 1;
170 
171 	down_read(&file->port->mutex);
172 
173 	for (packet->mad.hdr.id = 0;
174 	     packet->mad.hdr.id < IB_UMAD_MAX_AGENTS;
175 	     packet->mad.hdr.id++)
176 		if (agent == __get_agent(file, packet->mad.hdr.id)) {
177 			spin_lock_irq(&file->recv_lock);
178 			list_add_tail(&packet->list, &file->recv_list);
179 			spin_unlock_irq(&file->recv_lock);
180 			wake_up_interruptible(&file->recv_wait);
181 			ret = 0;
182 			break;
183 		}
184 
185 	up_read(&file->port->mutex);
186 
187 	return ret;
188 }
189 
190 static void dequeue_send(struct ib_umad_file *file,
191 			 struct ib_umad_packet *packet)
192  {
193 	spin_lock_irq(&file->send_lock);
194 	list_del(&packet->list);
195 	spin_unlock_irq(&file->send_lock);
196  }
197 
198 static void send_handler(struct ib_mad_agent *agent,
199 			 struct ib_mad_send_wc *send_wc)
200 {
201 	struct ib_umad_file *file = agent->context;
202 	struct ib_umad_packet *packet = send_wc->send_buf->context[0];
203 
204 	dequeue_send(file, packet);
205 	ib_destroy_ah(packet->msg->ah);
206 	ib_free_send_mad(packet->msg);
207 
208 	if (send_wc->status == IB_WC_RESP_TIMEOUT_ERR) {
209 		packet->length = IB_MGMT_MAD_HDR;
210 		packet->mad.hdr.status = ETIMEDOUT;
211 		if (!queue_packet(file, agent, packet))
212 			return;
213 	}
214 	kfree(packet);
215 }
216 
217 static void recv_handler(struct ib_mad_agent *agent,
218 			 struct ib_mad_recv_wc *mad_recv_wc)
219 {
220 	struct ib_umad_file *file = agent->context;
221 	struct ib_umad_packet *packet;
222 
223 	if (mad_recv_wc->wc->status != IB_WC_SUCCESS)
224 		goto err1;
225 
226 	packet = kzalloc(sizeof *packet, GFP_KERNEL);
227 	if (!packet)
228 		goto err1;
229 
230 	packet->length = mad_recv_wc->mad_len;
231 	packet->recv_wc = mad_recv_wc;
232 
233 	packet->mad.hdr.status	   = 0;
234 	packet->mad.hdr.length	   = hdr_size(file) + mad_recv_wc->mad_len;
235 	packet->mad.hdr.qpn	   = cpu_to_be32(mad_recv_wc->wc->src_qp);
236 	packet->mad.hdr.lid	   = cpu_to_be16(mad_recv_wc->wc->slid);
237 	packet->mad.hdr.sl	   = mad_recv_wc->wc->sl;
238 	packet->mad.hdr.path_bits  = mad_recv_wc->wc->dlid_path_bits;
239 	packet->mad.hdr.pkey_index = mad_recv_wc->wc->pkey_index;
240 	packet->mad.hdr.grh_present = !!(mad_recv_wc->wc->wc_flags & IB_WC_GRH);
241 	if (packet->mad.hdr.grh_present) {
242 		struct ib_ah_attr ah_attr;
243 
244 		ib_init_ah_from_wc(agent->device, agent->port_num,
245 				   mad_recv_wc->wc, mad_recv_wc->recv_buf.grh,
246 				   &ah_attr);
247 
248 		packet->mad.hdr.gid_index = ah_attr.grh.sgid_index;
249 		packet->mad.hdr.hop_limit = ah_attr.grh.hop_limit;
250 		packet->mad.hdr.traffic_class = ah_attr.grh.traffic_class;
251 		memcpy(packet->mad.hdr.gid, &ah_attr.grh.dgid, 16);
252 		packet->mad.hdr.flow_label = cpu_to_be32(ah_attr.grh.flow_label);
253 	}
254 
255 	if (queue_packet(file, agent, packet))
256 		goto err2;
257 	return;
258 
259 err2:
260 	kfree(packet);
261 err1:
262 	ib_free_recv_mad(mad_recv_wc);
263 }
264 
265 static ssize_t copy_recv_mad(struct ib_umad_file *file, char __user *buf,
266 			     struct ib_umad_packet *packet, size_t count)
267 {
268 	struct ib_mad_recv_buf *recv_buf;
269 	int left, seg_payload, offset, max_seg_payload;
270 
271 	/* We need enough room to copy the first (or only) MAD segment. */
272 	recv_buf = &packet->recv_wc->recv_buf;
273 	if ((packet->length <= sizeof (*recv_buf->mad) &&
274 	     count < hdr_size(file) + packet->length) ||
275 	    (packet->length > sizeof (*recv_buf->mad) &&
276 	     count < hdr_size(file) + sizeof (*recv_buf->mad)))
277 		return -EINVAL;
278 
279 	if (copy_to_user(buf, &packet->mad, hdr_size(file)))
280 		return -EFAULT;
281 
282 	buf += hdr_size(file);
283 	seg_payload = min_t(int, packet->length, sizeof (*recv_buf->mad));
284 	if (copy_to_user(buf, recv_buf->mad, seg_payload))
285 		return -EFAULT;
286 
287 	if (seg_payload < packet->length) {
288 		/*
289 		 * Multipacket RMPP MAD message. Copy remainder of message.
290 		 * Note that last segment may have a shorter payload.
291 		 */
292 		if (count < hdr_size(file) + packet->length) {
293 			/*
294 			 * The buffer is too small, return the first RMPP segment,
295 			 * which includes the RMPP message length.
296 			 */
297 			return -ENOSPC;
298 		}
299 		offset = ib_get_mad_data_offset(recv_buf->mad->mad_hdr.mgmt_class);
300 		max_seg_payload = sizeof (struct ib_mad) - offset;
301 
302 		for (left = packet->length - seg_payload, buf += seg_payload;
303 		     left; left -= seg_payload, buf += seg_payload) {
304 			recv_buf = container_of(recv_buf->list.next,
305 						struct ib_mad_recv_buf, list);
306 			seg_payload = min(left, max_seg_payload);
307 			if (copy_to_user(buf, ((void *) recv_buf->mad) + offset,
308 					 seg_payload))
309 				return -EFAULT;
310 		}
311 	}
312 	return hdr_size(file) + packet->length;
313 }
314 
315 static ssize_t copy_send_mad(struct ib_umad_file *file, char __user *buf,
316 			     struct ib_umad_packet *packet, size_t count)
317 {
318 	ssize_t size = hdr_size(file) + packet->length;
319 
320 	if (count < size)
321 		return -EINVAL;
322 
323 	if (copy_to_user(buf, &packet->mad, hdr_size(file)))
324 		return -EFAULT;
325 
326 	buf += hdr_size(file);
327 
328 	if (copy_to_user(buf, packet->mad.data, packet->length))
329 		return -EFAULT;
330 
331 	return size;
332 }
333 
334 static ssize_t ib_umad_read(struct file *filp, char __user *buf,
335 			    size_t count, loff_t *pos)
336 {
337 	struct ib_umad_file *file = filp->private_data;
338 	struct ib_umad_packet *packet;
339 	ssize_t ret;
340 
341 	if (count < hdr_size(file))
342 		return -EINVAL;
343 
344 	spin_lock_irq(&file->recv_lock);
345 
346 	while (list_empty(&file->recv_list)) {
347 		spin_unlock_irq(&file->recv_lock);
348 
349 		if (filp->f_flags & O_NONBLOCK)
350 			return -EAGAIN;
351 
352 		if (wait_event_interruptible(file->recv_wait,
353 					     !list_empty(&file->recv_list)))
354 			return -ERESTARTSYS;
355 
356 		spin_lock_irq(&file->recv_lock);
357 	}
358 
359 	packet = list_entry(file->recv_list.next, struct ib_umad_packet, list);
360 	list_del(&packet->list);
361 
362 	spin_unlock_irq(&file->recv_lock);
363 
364 	if (packet->recv_wc)
365 		ret = copy_recv_mad(file, buf, packet, count);
366 	else
367 		ret = copy_send_mad(file, buf, packet, count);
368 
369 	if (ret < 0) {
370 		/* Requeue packet */
371 		spin_lock_irq(&file->recv_lock);
372 		list_add(&packet->list, &file->recv_list);
373 		spin_unlock_irq(&file->recv_lock);
374 	} else {
375 		if (packet->recv_wc)
376 			ib_free_recv_mad(packet->recv_wc);
377 		kfree(packet);
378 	}
379 	return ret;
380 }
381 
382 static int copy_rmpp_mad(struct ib_mad_send_buf *msg, const char __user *buf)
383 {
384 	int left, seg;
385 
386 	/* Copy class specific header */
387 	if ((msg->hdr_len > IB_MGMT_RMPP_HDR) &&
388 	    copy_from_user(msg->mad + IB_MGMT_RMPP_HDR, buf + IB_MGMT_RMPP_HDR,
389 			   msg->hdr_len - IB_MGMT_RMPP_HDR))
390 		return -EFAULT;
391 
392 	/* All headers are in place.  Copy data segments. */
393 	for (seg = 1, left = msg->data_len, buf += msg->hdr_len; left > 0;
394 	     seg++, left -= msg->seg_size, buf += msg->seg_size) {
395 		if (copy_from_user(ib_get_rmpp_segment(msg, seg), buf,
396 				   min(left, msg->seg_size)))
397 			return -EFAULT;
398 	}
399 	return 0;
400 }
401 
402 static int same_destination(struct ib_user_mad_hdr *hdr1,
403 			    struct ib_user_mad_hdr *hdr2)
404 {
405 	if (!hdr1->grh_present && !hdr2->grh_present)
406 	   return (hdr1->lid == hdr2->lid);
407 
408 	if (hdr1->grh_present && hdr2->grh_present)
409 	   return !memcmp(hdr1->gid, hdr2->gid, 16);
410 
411 	return 0;
412 }
413 
414 static int is_duplicate(struct ib_umad_file *file,
415 			struct ib_umad_packet *packet)
416 {
417 	struct ib_umad_packet *sent_packet;
418 	struct ib_mad_hdr *sent_hdr, *hdr;
419 
420 	hdr = (struct ib_mad_hdr *) packet->mad.data;
421 	list_for_each_entry(sent_packet, &file->send_list, list) {
422 		sent_hdr = (struct ib_mad_hdr *) sent_packet->mad.data;
423 
424 		if ((hdr->tid != sent_hdr->tid) ||
425 		    (hdr->mgmt_class != sent_hdr->mgmt_class))
426 			continue;
427 
428 		/*
429 		 * No need to be overly clever here.  If two new operations have
430 		 * the same TID, reject the second as a duplicate.  This is more
431 		 * restrictive than required by the spec.
432 		 */
433 		if (!ib_response_mad((struct ib_mad *) hdr)) {
434 			if (!ib_response_mad((struct ib_mad *) sent_hdr))
435 				return 1;
436 			continue;
437 		} else if (!ib_response_mad((struct ib_mad *) sent_hdr))
438 			continue;
439 
440 		if (same_destination(&packet->mad.hdr, &sent_packet->mad.hdr))
441 			return 1;
442 	}
443 
444 	return 0;
445 }
446 
447 static ssize_t ib_umad_write(struct file *filp, const char __user *buf,
448 			     size_t count, loff_t *pos)
449 {
450 	struct ib_umad_file *file = filp->private_data;
451 	struct ib_umad_packet *packet;
452 	struct ib_mad_agent *agent;
453 	struct ib_ah_attr ah_attr;
454 	struct ib_ah *ah;
455 	struct ib_rmpp_mad *rmpp_mad;
456 	__be64 *tid;
457 	int ret, data_len, hdr_len, copy_offset, rmpp_active;
458 
459 	if (count < hdr_size(file) + IB_MGMT_RMPP_HDR)
460 		return -EINVAL;
461 
462 	packet = kzalloc(sizeof *packet + IB_MGMT_RMPP_HDR, GFP_KERNEL);
463 	if (!packet)
464 		return -ENOMEM;
465 
466 	if (copy_from_user(&packet->mad, buf, hdr_size(file))) {
467 		ret = -EFAULT;
468 		goto err;
469 	}
470 
471 	if (packet->mad.hdr.id < 0 ||
472 	    packet->mad.hdr.id >= IB_UMAD_MAX_AGENTS) {
473 		ret = -EINVAL;
474 		goto err;
475 	}
476 
477 	buf += hdr_size(file);
478 
479 	if (copy_from_user(packet->mad.data, buf, IB_MGMT_RMPP_HDR)) {
480 		ret = -EFAULT;
481 		goto err;
482 	}
483 
484 	down_read(&file->port->mutex);
485 
486 	agent = __get_agent(file, packet->mad.hdr.id);
487 	if (!agent) {
488 		ret = -EINVAL;
489 		goto err_up;
490 	}
491 
492 	memset(&ah_attr, 0, sizeof ah_attr);
493 	ah_attr.dlid          = be16_to_cpu(packet->mad.hdr.lid);
494 	ah_attr.sl            = packet->mad.hdr.sl;
495 	ah_attr.src_path_bits = packet->mad.hdr.path_bits;
496 	ah_attr.port_num      = file->port->port_num;
497 	if (packet->mad.hdr.grh_present) {
498 		ah_attr.ah_flags = IB_AH_GRH;
499 		memcpy(ah_attr.grh.dgid.raw, packet->mad.hdr.gid, 16);
500 		ah_attr.grh.sgid_index	   = packet->mad.hdr.gid_index;
501 		ah_attr.grh.flow_label 	   = be32_to_cpu(packet->mad.hdr.flow_label);
502 		ah_attr.grh.hop_limit  	   = packet->mad.hdr.hop_limit;
503 		ah_attr.grh.traffic_class  = packet->mad.hdr.traffic_class;
504 	}
505 
506 	ah = ib_create_ah(agent->qp->pd, &ah_attr);
507 	if (IS_ERR(ah)) {
508 		ret = PTR_ERR(ah);
509 		goto err_up;
510 	}
511 
512 	rmpp_mad = (struct ib_rmpp_mad *) packet->mad.data;
513 	hdr_len = ib_get_mad_data_offset(rmpp_mad->mad_hdr.mgmt_class);
514 	if (!ib_is_mad_class_rmpp(rmpp_mad->mad_hdr.mgmt_class)) {
515 		copy_offset = IB_MGMT_MAD_HDR;
516 		rmpp_active = 0;
517 	} else {
518 		copy_offset = IB_MGMT_RMPP_HDR;
519 		rmpp_active = ib_get_rmpp_flags(&rmpp_mad->rmpp_hdr) &
520 			      IB_MGMT_RMPP_FLAG_ACTIVE;
521 	}
522 
523 	data_len = count - hdr_size(file) - hdr_len;
524 	packet->msg = ib_create_send_mad(agent,
525 					 be32_to_cpu(packet->mad.hdr.qpn),
526 					 packet->mad.hdr.pkey_index, rmpp_active,
527 					 hdr_len, data_len, GFP_KERNEL);
528 	if (IS_ERR(packet->msg)) {
529 		ret = PTR_ERR(packet->msg);
530 		goto err_ah;
531 	}
532 
533 	packet->msg->ah 	= ah;
534 	packet->msg->timeout_ms = packet->mad.hdr.timeout_ms;
535 	packet->msg->retries 	= packet->mad.hdr.retries;
536 	packet->msg->context[0] = packet;
537 
538 	/* Copy MAD header.  Any RMPP header is already in place. */
539 	memcpy(packet->msg->mad, packet->mad.data, IB_MGMT_MAD_HDR);
540 
541 	if (!rmpp_active) {
542 		if (copy_from_user(packet->msg->mad + copy_offset,
543 				   buf + copy_offset,
544 				   hdr_len + data_len - copy_offset)) {
545 			ret = -EFAULT;
546 			goto err_msg;
547 		}
548 	} else {
549 		ret = copy_rmpp_mad(packet->msg, buf);
550 		if (ret)
551 			goto err_msg;
552 	}
553 
554 	/*
555 	 * Set the high-order part of the transaction ID to make MADs from
556 	 * different agents unique, and allow routing responses back to the
557 	 * original requestor.
558 	 */
559 	if (!ib_response_mad(packet->msg->mad)) {
560 		tid = &((struct ib_mad_hdr *) packet->msg->mad)->tid;
561 		*tid = cpu_to_be64(((u64) agent->hi_tid) << 32 |
562 				   (be64_to_cpup(tid) & 0xffffffff));
563 		rmpp_mad->mad_hdr.tid = *tid;
564 	}
565 
566 	spin_lock_irq(&file->send_lock);
567 	ret = is_duplicate(file, packet);
568 	if (!ret)
569 		list_add_tail(&packet->list, &file->send_list);
570 	spin_unlock_irq(&file->send_lock);
571 	if (ret) {
572 		ret = -EINVAL;
573 		goto err_msg;
574 	}
575 
576 	ret = ib_post_send_mad(packet->msg, NULL);
577 	if (ret)
578 		goto err_send;
579 
580 	up_read(&file->port->mutex);
581 	return count;
582 
583 err_send:
584 	dequeue_send(file, packet);
585 err_msg:
586 	ib_free_send_mad(packet->msg);
587 err_ah:
588 	ib_destroy_ah(ah);
589 err_up:
590 	up_read(&file->port->mutex);
591 err:
592 	kfree(packet);
593 	return ret;
594 }
595 
596 static unsigned int ib_umad_poll(struct file *filp, struct poll_table_struct *wait)
597 {
598 	struct ib_umad_file *file = filp->private_data;
599 
600 	/* we will always be able to post a MAD send */
601 	unsigned int mask = POLLOUT | POLLWRNORM;
602 
603 	poll_wait(filp, &file->recv_wait, wait);
604 
605 	if (!list_empty(&file->recv_list))
606 		mask |= POLLIN | POLLRDNORM;
607 
608 	return mask;
609 }
610 
611 static int ib_umad_reg_agent(struct ib_umad_file *file, void __user *arg,
612 			     int compat_method_mask)
613 {
614 	struct ib_user_mad_reg_req ureq;
615 	struct ib_mad_reg_req req;
616 	struct ib_mad_agent *agent;
617 	int agent_id;
618 	int ret;
619 
620 	down_write(&file->port->mutex);
621 
622 	if (!file->port->ib_dev) {
623 		ret = -EPIPE;
624 		goto out;
625 	}
626 
627 	if (copy_from_user(&ureq, arg, sizeof ureq)) {
628 		ret = -EFAULT;
629 		goto out;
630 	}
631 
632 	if (ureq.qpn != 0 && ureq.qpn != 1) {
633 		ret = -EINVAL;
634 		goto out;
635 	}
636 
637 	for (agent_id = 0; agent_id < IB_UMAD_MAX_AGENTS; ++agent_id)
638 		if (!__get_agent(file, agent_id))
639 			goto found;
640 
641 	ret = -ENOMEM;
642 	goto out;
643 
644 found:
645 	if (ureq.mgmt_class) {
646 		req.mgmt_class         = ureq.mgmt_class;
647 		req.mgmt_class_version = ureq.mgmt_class_version;
648 		memcpy(req.oui, ureq.oui, sizeof req.oui);
649 
650 		if (compat_method_mask) {
651 			u32 *umm = (u32 *) ureq.method_mask;
652 			int i;
653 
654 			for (i = 0; i < BITS_TO_LONGS(IB_MGMT_MAX_METHODS); ++i)
655 				req.method_mask[i] =
656 					umm[i * 2] | ((u64) umm[i * 2 + 1] << 32);
657 		} else
658 			memcpy(req.method_mask, ureq.method_mask,
659 			       sizeof req.method_mask);
660 	}
661 
662 	agent = ib_register_mad_agent(file->port->ib_dev, file->port->port_num,
663 				      ureq.qpn ? IB_QPT_GSI : IB_QPT_SMI,
664 				      ureq.mgmt_class ? &req : NULL,
665 				      ureq.rmpp_version,
666 				      send_handler, recv_handler, file);
667 	if (IS_ERR(agent)) {
668 		ret = PTR_ERR(agent);
669 		goto out;
670 	}
671 
672 	if (put_user(agent_id,
673 		     (u32 __user *) (arg + offsetof(struct ib_user_mad_reg_req, id)))) {
674 		ret = -EFAULT;
675 		ib_unregister_mad_agent(agent);
676 		goto out;
677 	}
678 
679 	if (!file->already_used) {
680 		file->already_used = 1;
681 		if (!file->use_pkey_index) {
682 			printk(KERN_WARNING "user_mad: process %s did not enable "
683 			       "P_Key index support.\n", current->comm);
684 			printk(KERN_WARNING "user_mad:   Documentation/infiniband/user_mad.txt "
685 			       "has info on the new ABI.\n");
686 		}
687 	}
688 
689 	file->agent[agent_id] = agent;
690 	ret = 0;
691 
692 out:
693 	up_write(&file->port->mutex);
694 	return ret;
695 }
696 
697 static int ib_umad_unreg_agent(struct ib_umad_file *file, u32 __user *arg)
698 {
699 	struct ib_mad_agent *agent = NULL;
700 	u32 id;
701 	int ret = 0;
702 
703 	if (get_user(id, arg))
704 		return -EFAULT;
705 
706 	down_write(&file->port->mutex);
707 
708 	if (id < 0 || id >= IB_UMAD_MAX_AGENTS || !__get_agent(file, id)) {
709 		ret = -EINVAL;
710 		goto out;
711 	}
712 
713 	agent = file->agent[id];
714 	file->agent[id] = NULL;
715 
716 out:
717 	up_write(&file->port->mutex);
718 
719 	if (agent)
720 		ib_unregister_mad_agent(agent);
721 
722 	return ret;
723 }
724 
725 static long ib_umad_enable_pkey(struct ib_umad_file *file)
726 {
727 	int ret = 0;
728 
729 	down_write(&file->port->mutex);
730 	if (file->already_used)
731 		ret = -EINVAL;
732 	else
733 		file->use_pkey_index = 1;
734 	up_write(&file->port->mutex);
735 
736 	return ret;
737 }
738 
739 static long ib_umad_ioctl(struct file *filp, unsigned int cmd,
740 			  unsigned long arg)
741 {
742 	switch (cmd) {
743 	case IB_USER_MAD_REGISTER_AGENT:
744 		return ib_umad_reg_agent(filp->private_data, (void __user *) arg, 0);
745 	case IB_USER_MAD_UNREGISTER_AGENT:
746 		return ib_umad_unreg_agent(filp->private_data, (__u32 __user *) arg);
747 	case IB_USER_MAD_ENABLE_PKEY:
748 		return ib_umad_enable_pkey(filp->private_data);
749 	default:
750 		return -ENOIOCTLCMD;
751 	}
752 }
753 
754 #ifdef CONFIG_COMPAT
755 static long ib_umad_compat_ioctl(struct file *filp, unsigned int cmd,
756 				 unsigned long arg)
757 {
758 	switch (cmd) {
759 	case IB_USER_MAD_REGISTER_AGENT:
760 		return ib_umad_reg_agent(filp->private_data, compat_ptr(arg), 1);
761 	case IB_USER_MAD_UNREGISTER_AGENT:
762 		return ib_umad_unreg_agent(filp->private_data, compat_ptr(arg));
763 	case IB_USER_MAD_ENABLE_PKEY:
764 		return ib_umad_enable_pkey(filp->private_data);
765 	default:
766 		return -ENOIOCTLCMD;
767 	}
768 }
769 #endif
770 
771 static int ib_umad_open(struct inode *inode, struct file *filp)
772 {
773 	struct ib_umad_port *port;
774 	struct ib_umad_file *file;
775 	int ret = 0;
776 
777 	spin_lock(&port_lock);
778 	port = umad_port[iminor(inode) - IB_UMAD_MINOR_BASE];
779 	if (port)
780 		kref_get(&port->umad_dev->ref);
781 	spin_unlock(&port_lock);
782 
783 	if (!port)
784 		return -ENXIO;
785 
786 	down_write(&port->mutex);
787 
788 	if (!port->ib_dev) {
789 		ret = -ENXIO;
790 		goto out;
791 	}
792 
793 	file = kzalloc(sizeof *file, GFP_KERNEL);
794 	if (!file) {
795 		kref_put(&port->umad_dev->ref, ib_umad_release_dev);
796 		ret = -ENOMEM;
797 		goto out;
798 	}
799 
800 	spin_lock_init(&file->recv_lock);
801 	spin_lock_init(&file->send_lock);
802 	INIT_LIST_HEAD(&file->recv_list);
803 	INIT_LIST_HEAD(&file->send_list);
804 	init_waitqueue_head(&file->recv_wait);
805 
806 	file->port = port;
807 	filp->private_data = file;
808 
809 	list_add_tail(&file->port_list, &port->file_list);
810 
811 out:
812 	up_write(&port->mutex);
813 	return ret;
814 }
815 
816 static int ib_umad_close(struct inode *inode, struct file *filp)
817 {
818 	struct ib_umad_file *file = filp->private_data;
819 	struct ib_umad_device *dev = file->port->umad_dev;
820 	struct ib_umad_packet *packet, *tmp;
821 	int already_dead;
822 	int i;
823 
824 	down_write(&file->port->mutex);
825 
826 	already_dead = file->agents_dead;
827 	file->agents_dead = 1;
828 
829 	list_for_each_entry_safe(packet, tmp, &file->recv_list, list) {
830 		if (packet->recv_wc)
831 			ib_free_recv_mad(packet->recv_wc);
832 		kfree(packet);
833 	}
834 
835 	list_del(&file->port_list);
836 
837 	downgrade_write(&file->port->mutex);
838 
839 	if (!already_dead)
840 		for (i = 0; i < IB_UMAD_MAX_AGENTS; ++i)
841 			if (file->agent[i])
842 				ib_unregister_mad_agent(file->agent[i]);
843 
844 	up_read(&file->port->mutex);
845 
846 	kfree(file);
847 	kref_put(&dev->ref, ib_umad_release_dev);
848 
849 	return 0;
850 }
851 
852 static const struct file_operations umad_fops = {
853 	.owner 	 	= THIS_MODULE,
854 	.read 	 	= ib_umad_read,
855 	.write 	 	= ib_umad_write,
856 	.poll 	 	= ib_umad_poll,
857 	.unlocked_ioctl = ib_umad_ioctl,
858 #ifdef CONFIG_COMPAT
859 	.compat_ioctl 	= ib_umad_compat_ioctl,
860 #endif
861 	.open 	 	= ib_umad_open,
862 	.release 	= ib_umad_close
863 };
864 
865 static int ib_umad_sm_open(struct inode *inode, struct file *filp)
866 {
867 	struct ib_umad_port *port;
868 	struct ib_port_modify props = {
869 		.set_port_cap_mask = IB_PORT_SM
870 	};
871 	int ret;
872 
873 	spin_lock(&port_lock);
874 	port = umad_port[iminor(inode) - IB_UMAD_MINOR_BASE - IB_UMAD_MAX_PORTS];
875 	if (port)
876 		kref_get(&port->umad_dev->ref);
877 	spin_unlock(&port_lock);
878 
879 	if (!port)
880 		return -ENXIO;
881 
882 	if (filp->f_flags & O_NONBLOCK) {
883 		if (down_trylock(&port->sm_sem)) {
884 			ret = -EAGAIN;
885 			goto fail;
886 		}
887 	} else {
888 		if (down_interruptible(&port->sm_sem)) {
889 			ret = -ERESTARTSYS;
890 			goto fail;
891 		}
892 	}
893 
894 	ret = ib_modify_port(port->ib_dev, port->port_num, 0, &props);
895 	if (ret) {
896 		up(&port->sm_sem);
897 		goto fail;
898 	}
899 
900 	filp->private_data = port;
901 
902 	return 0;
903 
904 fail:
905 	kref_put(&port->umad_dev->ref, ib_umad_release_dev);
906 	return ret;
907 }
908 
909 static int ib_umad_sm_close(struct inode *inode, struct file *filp)
910 {
911 	struct ib_umad_port *port = filp->private_data;
912 	struct ib_port_modify props = {
913 		.clr_port_cap_mask = IB_PORT_SM
914 	};
915 	int ret = 0;
916 
917 	down_write(&port->mutex);
918 	if (port->ib_dev)
919 		ret = ib_modify_port(port->ib_dev, port->port_num, 0, &props);
920 	up_write(&port->mutex);
921 
922 	up(&port->sm_sem);
923 
924 	kref_put(&port->umad_dev->ref, ib_umad_release_dev);
925 
926 	return ret;
927 }
928 
929 static const struct file_operations umad_sm_fops = {
930 	.owner 	 = THIS_MODULE,
931 	.open 	 = ib_umad_sm_open,
932 	.release = ib_umad_sm_close
933 };
934 
935 static struct ib_client umad_client = {
936 	.name   = "umad",
937 	.add    = ib_umad_add_one,
938 	.remove = ib_umad_remove_one
939 };
940 
941 static ssize_t show_ibdev(struct class_device *class_dev, char *buf)
942 {
943 	struct ib_umad_port *port = class_get_devdata(class_dev);
944 
945 	if (!port)
946 		return -ENODEV;
947 
948 	return sprintf(buf, "%s\n", port->ib_dev->name);
949 }
950 static CLASS_DEVICE_ATTR(ibdev, S_IRUGO, show_ibdev, NULL);
951 
952 static ssize_t show_port(struct class_device *class_dev, char *buf)
953 {
954 	struct ib_umad_port *port = class_get_devdata(class_dev);
955 
956 	if (!port)
957 		return -ENODEV;
958 
959 	return sprintf(buf, "%d\n", port->port_num);
960 }
961 static CLASS_DEVICE_ATTR(port, S_IRUGO, show_port, NULL);
962 
963 static ssize_t show_abi_version(struct class *class, char *buf)
964 {
965 	return sprintf(buf, "%d\n", IB_USER_MAD_ABI_VERSION);
966 }
967 static CLASS_ATTR(abi_version, S_IRUGO, show_abi_version, NULL);
968 
969 static int ib_umad_init_port(struct ib_device *device, int port_num,
970 			     struct ib_umad_port *port)
971 {
972 	spin_lock(&port_lock);
973 	port->dev_num = find_first_zero_bit(dev_map, IB_UMAD_MAX_PORTS);
974 	if (port->dev_num >= IB_UMAD_MAX_PORTS) {
975 		spin_unlock(&port_lock);
976 		return -1;
977 	}
978 	set_bit(port->dev_num, dev_map);
979 	spin_unlock(&port_lock);
980 
981 	port->ib_dev   = device;
982 	port->port_num = port_num;
983 	init_MUTEX(&port->sm_sem);
984 	init_rwsem(&port->mutex);
985 	INIT_LIST_HEAD(&port->file_list);
986 
987 	port->dev = cdev_alloc();
988 	if (!port->dev)
989 		return -1;
990 	port->dev->owner = THIS_MODULE;
991 	port->dev->ops   = &umad_fops;
992 	kobject_set_name(&port->dev->kobj, "umad%d", port->dev_num);
993 	if (cdev_add(port->dev, base_dev + port->dev_num, 1))
994 		goto err_cdev;
995 
996 	port->class_dev = class_device_create(umad_class, NULL, port->dev->dev,
997 					      device->dma_device,
998 					      "umad%d", port->dev_num);
999 	if (IS_ERR(port->class_dev))
1000 		goto err_cdev;
1001 
1002 	if (class_device_create_file(port->class_dev, &class_device_attr_ibdev))
1003 		goto err_class;
1004 	if (class_device_create_file(port->class_dev, &class_device_attr_port))
1005 		goto err_class;
1006 
1007 	port->sm_dev = cdev_alloc();
1008 	if (!port->sm_dev)
1009 		goto err_class;
1010 	port->sm_dev->owner = THIS_MODULE;
1011 	port->sm_dev->ops   = &umad_sm_fops;
1012 	kobject_set_name(&port->sm_dev->kobj, "issm%d", port->dev_num);
1013 	if (cdev_add(port->sm_dev, base_dev + port->dev_num + IB_UMAD_MAX_PORTS, 1))
1014 		goto err_sm_cdev;
1015 
1016 	port->sm_class_dev = class_device_create(umad_class, NULL, port->sm_dev->dev,
1017 						 device->dma_device,
1018 						 "issm%d", port->dev_num);
1019 	if (IS_ERR(port->sm_class_dev))
1020 		goto err_sm_cdev;
1021 
1022 	class_set_devdata(port->class_dev,    port);
1023 	class_set_devdata(port->sm_class_dev, port);
1024 
1025 	if (class_device_create_file(port->sm_class_dev, &class_device_attr_ibdev))
1026 		goto err_sm_class;
1027 	if (class_device_create_file(port->sm_class_dev, &class_device_attr_port))
1028 		goto err_sm_class;
1029 
1030 	spin_lock(&port_lock);
1031 	umad_port[port->dev_num] = port;
1032 	spin_unlock(&port_lock);
1033 
1034 	return 0;
1035 
1036 err_sm_class:
1037 	class_device_destroy(umad_class, port->sm_dev->dev);
1038 
1039 err_sm_cdev:
1040 	cdev_del(port->sm_dev);
1041 
1042 err_class:
1043 	class_device_destroy(umad_class, port->dev->dev);
1044 
1045 err_cdev:
1046 	cdev_del(port->dev);
1047 	clear_bit(port->dev_num, dev_map);
1048 
1049 	return -1;
1050 }
1051 
1052 static void ib_umad_kill_port(struct ib_umad_port *port)
1053 {
1054 	struct ib_umad_file *file;
1055 	int id;
1056 
1057 	class_set_devdata(port->class_dev,    NULL);
1058 	class_set_devdata(port->sm_class_dev, NULL);
1059 
1060 	class_device_destroy(umad_class, port->dev->dev);
1061 	class_device_destroy(umad_class, port->sm_dev->dev);
1062 
1063 	cdev_del(port->dev);
1064 	cdev_del(port->sm_dev);
1065 
1066 	spin_lock(&port_lock);
1067 	umad_port[port->dev_num] = NULL;
1068 	spin_unlock(&port_lock);
1069 
1070 	down_write(&port->mutex);
1071 
1072 	port->ib_dev = NULL;
1073 
1074 	/*
1075 	 * Now go through the list of files attached to this port and
1076 	 * unregister all of their MAD agents.  We need to hold
1077 	 * port->mutex while doing this to avoid racing with
1078 	 * ib_umad_close(), but we can't hold the mutex for writing
1079 	 * while calling ib_unregister_mad_agent(), since that might
1080 	 * deadlock by calling back into queue_packet().  So we
1081 	 * downgrade our lock to a read lock, and then drop and
1082 	 * reacquire the write lock for the next iteration.
1083 	 *
1084 	 * We do list_del_init() on the file's list_head so that the
1085 	 * list_del in ib_umad_close() is still OK, even after the
1086 	 * file is removed from the list.
1087 	 */
1088 	while (!list_empty(&port->file_list)) {
1089 		file = list_entry(port->file_list.next, struct ib_umad_file,
1090 				  port_list);
1091 
1092 		file->agents_dead = 1;
1093 		list_del_init(&file->port_list);
1094 
1095 		downgrade_write(&port->mutex);
1096 
1097 		for (id = 0; id < IB_UMAD_MAX_AGENTS; ++id)
1098 			if (file->agent[id])
1099 				ib_unregister_mad_agent(file->agent[id]);
1100 
1101 		up_read(&port->mutex);
1102 		down_write(&port->mutex);
1103 	}
1104 
1105 	up_write(&port->mutex);
1106 
1107 	clear_bit(port->dev_num, dev_map);
1108 }
1109 
1110 static void ib_umad_add_one(struct ib_device *device)
1111 {
1112 	struct ib_umad_device *umad_dev;
1113 	int s, e, i;
1114 
1115 	if (rdma_node_get_transport(device->node_type) != RDMA_TRANSPORT_IB)
1116 		return;
1117 
1118 	if (device->node_type == RDMA_NODE_IB_SWITCH)
1119 		s = e = 0;
1120 	else {
1121 		s = 1;
1122 		e = device->phys_port_cnt;
1123 	}
1124 
1125 	umad_dev = kzalloc(sizeof *umad_dev +
1126 			   (e - s + 1) * sizeof (struct ib_umad_port),
1127 			   GFP_KERNEL);
1128 	if (!umad_dev)
1129 		return;
1130 
1131 	kref_init(&umad_dev->ref);
1132 
1133 	umad_dev->start_port = s;
1134 	umad_dev->end_port   = e;
1135 
1136 	for (i = s; i <= e; ++i) {
1137 		umad_dev->port[i - s].umad_dev = umad_dev;
1138 
1139 		if (ib_umad_init_port(device, i, &umad_dev->port[i - s]))
1140 			goto err;
1141 	}
1142 
1143 	ib_set_client_data(device, &umad_client, umad_dev);
1144 
1145 	return;
1146 
1147 err:
1148 	while (--i >= s)
1149 		ib_umad_kill_port(&umad_dev->port[i - s]);
1150 
1151 	kref_put(&umad_dev->ref, ib_umad_release_dev);
1152 }
1153 
1154 static void ib_umad_remove_one(struct ib_device *device)
1155 {
1156 	struct ib_umad_device *umad_dev = ib_get_client_data(device, &umad_client);
1157 	int i;
1158 
1159 	if (!umad_dev)
1160 		return;
1161 
1162 	for (i = 0; i <= umad_dev->end_port - umad_dev->start_port; ++i)
1163 		ib_umad_kill_port(&umad_dev->port[i]);
1164 
1165 	kref_put(&umad_dev->ref, ib_umad_release_dev);
1166 }
1167 
1168 static int __init ib_umad_init(void)
1169 {
1170 	int ret;
1171 
1172 	ret = register_chrdev_region(base_dev, IB_UMAD_MAX_PORTS * 2,
1173 				     "infiniband_mad");
1174 	if (ret) {
1175 		printk(KERN_ERR "user_mad: couldn't register device number\n");
1176 		goto out;
1177 	}
1178 
1179 	umad_class = class_create(THIS_MODULE, "infiniband_mad");
1180 	if (IS_ERR(umad_class)) {
1181 		ret = PTR_ERR(umad_class);
1182 		printk(KERN_ERR "user_mad: couldn't create class infiniband_mad\n");
1183 		goto out_chrdev;
1184 	}
1185 
1186 	ret = class_create_file(umad_class, &class_attr_abi_version);
1187 	if (ret) {
1188 		printk(KERN_ERR "user_mad: couldn't create abi_version attribute\n");
1189 		goto out_class;
1190 	}
1191 
1192 	ret = ib_register_client(&umad_client);
1193 	if (ret) {
1194 		printk(KERN_ERR "user_mad: couldn't register ib_umad client\n");
1195 		goto out_class;
1196 	}
1197 
1198 	return 0;
1199 
1200 out_class:
1201 	class_destroy(umad_class);
1202 
1203 out_chrdev:
1204 	unregister_chrdev_region(base_dev, IB_UMAD_MAX_PORTS * 2);
1205 
1206 out:
1207 	return ret;
1208 }
1209 
1210 static void __exit ib_umad_cleanup(void)
1211 {
1212 	ib_unregister_client(&umad_client);
1213 	class_destroy(umad_class);
1214 	unregister_chrdev_region(base_dev, IB_UMAD_MAX_PORTS * 2);
1215 }
1216 
1217 module_init(ib_umad_init);
1218 module_exit(ib_umad_cleanup);
1219