1 /* 2 * Copyright (c) 2004, 2005 Intel Corporation. All rights reserved. 3 * Copyright (c) 2004 Topspin Corporation. All rights reserved. 4 * Copyright (c) 2004, 2005 Voltaire Corporation. All rights reserved. 5 * Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved. 6 * Copyright (c) 2005 Open Grid Computing, Inc. All rights reserved. 7 * Copyright (c) 2005 Network Appliance, Inc. All rights reserved. 8 * 9 * This software is available to you under a choice of one of two 10 * licenses. You may choose to be licensed under the terms of the GNU 11 * General Public License (GPL) Version 2, available from the file 12 * COPYING in the main directory of this source tree, or the 13 * OpenIB.org BSD license below: 14 * 15 * Redistribution and use in source and binary forms, with or 16 * without modification, are permitted provided that the following 17 * conditions are met: 18 * 19 * - Redistributions of source code must retain the above 20 * copyright notice, this list of conditions and the following 21 * disclaimer. 22 * 23 * - Redistributions in binary form must reproduce the above 24 * copyright notice, this list of conditions and the following 25 * disclaimer in the documentation and/or other materials 26 * provided with the distribution. 27 * 28 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 29 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 30 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 31 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 32 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 33 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 34 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 35 * SOFTWARE. 36 * 37 */ 38 #include <linux/dma-mapping.h> 39 #include <linux/err.h> 40 #include <linux/idr.h> 41 #include <linux/interrupt.h> 42 #include <linux/rbtree.h> 43 #include <linux/spinlock.h> 44 #include <linux/workqueue.h> 45 #include <linux/completion.h> 46 47 #include <rdma/iw_cm.h> 48 #include <rdma/ib_addr.h> 49 50 #include "iwcm.h" 51 52 MODULE_AUTHOR("Tom Tucker"); 53 MODULE_DESCRIPTION("iWARP CM"); 54 MODULE_LICENSE("Dual BSD/GPL"); 55 56 static struct workqueue_struct *iwcm_wq; 57 struct iwcm_work { 58 struct work_struct work; 59 struct iwcm_id_private *cm_id; 60 struct list_head list; 61 struct iw_cm_event event; 62 struct list_head free_list; 63 }; 64 65 /* 66 * The following services provide a mechanism for pre-allocating iwcm_work 67 * elements. The design pre-allocates them based on the cm_id type: 68 * LISTENING IDS: Get enough elements preallocated to handle the 69 * listen backlog. 70 * ACTIVE IDS: 4: CONNECT_REPLY, ESTABLISHED, DISCONNECT, CLOSE 71 * PASSIVE IDS: 3: ESTABLISHED, DISCONNECT, CLOSE 72 * 73 * Allocating them in connect and listen avoids having to deal 74 * with allocation failures on the event upcall from the provider (which 75 * is called in the interrupt context). 76 * 77 * One exception is when creating the cm_id for incoming connection requests. 78 * There are two cases: 79 * 1) in the event upcall, cm_event_handler(), for a listening cm_id. If 80 * the backlog is exceeded, then no more connection request events will 81 * be processed. cm_event_handler() returns -ENOMEM in this case. Its up 82 * to the provider to reject the connection request. 83 * 2) in the connection request workqueue handler, cm_conn_req_handler(). 84 * If work elements cannot be allocated for the new connect request cm_id, 85 * then IWCM will call the provider reject method. This is ok since 86 * cm_conn_req_handler() runs in the workqueue thread context. 87 */ 88 89 static struct iwcm_work *get_work(struct iwcm_id_private *cm_id_priv) 90 { 91 struct iwcm_work *work; 92 93 if (list_empty(&cm_id_priv->work_free_list)) 94 return NULL; 95 work = list_entry(cm_id_priv->work_free_list.next, struct iwcm_work, 96 free_list); 97 list_del_init(&work->free_list); 98 return work; 99 } 100 101 static void put_work(struct iwcm_work *work) 102 { 103 list_add(&work->free_list, &work->cm_id->work_free_list); 104 } 105 106 static void dealloc_work_entries(struct iwcm_id_private *cm_id_priv) 107 { 108 struct list_head *e, *tmp; 109 110 list_for_each_safe(e, tmp, &cm_id_priv->work_free_list) 111 kfree(list_entry(e, struct iwcm_work, free_list)); 112 } 113 114 static int alloc_work_entries(struct iwcm_id_private *cm_id_priv, int count) 115 { 116 struct iwcm_work *work; 117 118 BUG_ON(!list_empty(&cm_id_priv->work_free_list)); 119 while (count--) { 120 work = kmalloc(sizeof(struct iwcm_work), GFP_KERNEL); 121 if (!work) { 122 dealloc_work_entries(cm_id_priv); 123 return -ENOMEM; 124 } 125 work->cm_id = cm_id_priv; 126 INIT_LIST_HEAD(&work->list); 127 put_work(work); 128 } 129 return 0; 130 } 131 132 /* 133 * Save private data from incoming connection requests to 134 * iw_cm_event, so the low level driver doesn't have to. Adjust 135 * the event ptr to point to the local copy. 136 */ 137 static int copy_private_data(struct iw_cm_event *event) 138 { 139 void *p; 140 141 p = kmemdup(event->private_data, event->private_data_len, GFP_ATOMIC); 142 if (!p) 143 return -ENOMEM; 144 event->private_data = p; 145 return 0; 146 } 147 148 static void free_cm_id(struct iwcm_id_private *cm_id_priv) 149 { 150 dealloc_work_entries(cm_id_priv); 151 kfree(cm_id_priv); 152 } 153 154 /* 155 * Release a reference on cm_id. If the last reference is being 156 * released, enable the waiting thread (in iw_destroy_cm_id) to 157 * get woken up, and return 1 if a thread is already waiting. 158 */ 159 static int iwcm_deref_id(struct iwcm_id_private *cm_id_priv) 160 { 161 BUG_ON(atomic_read(&cm_id_priv->refcount)==0); 162 if (atomic_dec_and_test(&cm_id_priv->refcount)) { 163 BUG_ON(!list_empty(&cm_id_priv->work_list)); 164 complete(&cm_id_priv->destroy_comp); 165 return 1; 166 } 167 168 return 0; 169 } 170 171 static void add_ref(struct iw_cm_id *cm_id) 172 { 173 struct iwcm_id_private *cm_id_priv; 174 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 175 atomic_inc(&cm_id_priv->refcount); 176 } 177 178 static void rem_ref(struct iw_cm_id *cm_id) 179 { 180 struct iwcm_id_private *cm_id_priv; 181 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 182 if (iwcm_deref_id(cm_id_priv) && 183 test_bit(IWCM_F_CALLBACK_DESTROY, &cm_id_priv->flags)) { 184 BUG_ON(!list_empty(&cm_id_priv->work_list)); 185 free_cm_id(cm_id_priv); 186 } 187 } 188 189 static int cm_event_handler(struct iw_cm_id *cm_id, struct iw_cm_event *event); 190 191 struct iw_cm_id *iw_create_cm_id(struct ib_device *device, 192 iw_cm_handler cm_handler, 193 void *context) 194 { 195 struct iwcm_id_private *cm_id_priv; 196 197 cm_id_priv = kzalloc(sizeof(*cm_id_priv), GFP_KERNEL); 198 if (!cm_id_priv) 199 return ERR_PTR(-ENOMEM); 200 201 cm_id_priv->state = IW_CM_STATE_IDLE; 202 cm_id_priv->id.device = device; 203 cm_id_priv->id.cm_handler = cm_handler; 204 cm_id_priv->id.context = context; 205 cm_id_priv->id.event_handler = cm_event_handler; 206 cm_id_priv->id.add_ref = add_ref; 207 cm_id_priv->id.rem_ref = rem_ref; 208 spin_lock_init(&cm_id_priv->lock); 209 atomic_set(&cm_id_priv->refcount, 1); 210 init_waitqueue_head(&cm_id_priv->connect_wait); 211 init_completion(&cm_id_priv->destroy_comp); 212 INIT_LIST_HEAD(&cm_id_priv->work_list); 213 INIT_LIST_HEAD(&cm_id_priv->work_free_list); 214 215 return &cm_id_priv->id; 216 } 217 EXPORT_SYMBOL(iw_create_cm_id); 218 219 220 static int iwcm_modify_qp_err(struct ib_qp *qp) 221 { 222 struct ib_qp_attr qp_attr; 223 224 if (!qp) 225 return -EINVAL; 226 227 qp_attr.qp_state = IB_QPS_ERR; 228 return ib_modify_qp(qp, &qp_attr, IB_QP_STATE); 229 } 230 231 /* 232 * This is really the RDMAC CLOSING state. It is most similar to the 233 * IB SQD QP state. 234 */ 235 static int iwcm_modify_qp_sqd(struct ib_qp *qp) 236 { 237 struct ib_qp_attr qp_attr; 238 239 BUG_ON(qp == NULL); 240 qp_attr.qp_state = IB_QPS_SQD; 241 return ib_modify_qp(qp, &qp_attr, IB_QP_STATE); 242 } 243 244 /* 245 * CM_ID <-- CLOSING 246 * 247 * Block if a passive or active connection is currently being processed. Then 248 * process the event as follows: 249 * - If we are ESTABLISHED, move to CLOSING and modify the QP state 250 * based on the abrupt flag 251 * - If the connection is already in the CLOSING or IDLE state, the peer is 252 * disconnecting concurrently with us and we've already seen the 253 * DISCONNECT event -- ignore the request and return 0 254 * - Disconnect on a listening endpoint returns -EINVAL 255 */ 256 int iw_cm_disconnect(struct iw_cm_id *cm_id, int abrupt) 257 { 258 struct iwcm_id_private *cm_id_priv; 259 unsigned long flags; 260 int ret = 0; 261 struct ib_qp *qp = NULL; 262 263 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 264 /* Wait if we're currently in a connect or accept downcall */ 265 wait_event(cm_id_priv->connect_wait, 266 !test_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags)); 267 268 spin_lock_irqsave(&cm_id_priv->lock, flags); 269 switch (cm_id_priv->state) { 270 case IW_CM_STATE_ESTABLISHED: 271 cm_id_priv->state = IW_CM_STATE_CLOSING; 272 273 /* QP could be <nul> for user-mode client */ 274 if (cm_id_priv->qp) 275 qp = cm_id_priv->qp; 276 else 277 ret = -EINVAL; 278 break; 279 case IW_CM_STATE_LISTEN: 280 ret = -EINVAL; 281 break; 282 case IW_CM_STATE_CLOSING: 283 /* remote peer closed first */ 284 case IW_CM_STATE_IDLE: 285 /* accept or connect returned !0 */ 286 break; 287 case IW_CM_STATE_CONN_RECV: 288 /* 289 * App called disconnect before/without calling accept after 290 * connect_request event delivered. 291 */ 292 break; 293 case IW_CM_STATE_CONN_SENT: 294 /* Can only get here if wait above fails */ 295 default: 296 BUG(); 297 } 298 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 299 300 if (qp) { 301 if (abrupt) 302 ret = iwcm_modify_qp_err(qp); 303 else 304 ret = iwcm_modify_qp_sqd(qp); 305 306 /* 307 * If both sides are disconnecting the QP could 308 * already be in ERR or SQD states 309 */ 310 ret = 0; 311 } 312 313 return ret; 314 } 315 EXPORT_SYMBOL(iw_cm_disconnect); 316 317 /* 318 * CM_ID <-- DESTROYING 319 * 320 * Clean up all resources associated with the connection and release 321 * the initial reference taken by iw_create_cm_id. 322 */ 323 static void destroy_cm_id(struct iw_cm_id *cm_id) 324 { 325 struct iwcm_id_private *cm_id_priv; 326 unsigned long flags; 327 int ret; 328 329 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 330 /* 331 * Wait if we're currently in a connect or accept downcall. A 332 * listening endpoint should never block here. 333 */ 334 wait_event(cm_id_priv->connect_wait, 335 !test_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags)); 336 337 spin_lock_irqsave(&cm_id_priv->lock, flags); 338 switch (cm_id_priv->state) { 339 case IW_CM_STATE_LISTEN: 340 cm_id_priv->state = IW_CM_STATE_DESTROYING; 341 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 342 /* destroy the listening endpoint */ 343 ret = cm_id->device->iwcm->destroy_listen(cm_id); 344 spin_lock_irqsave(&cm_id_priv->lock, flags); 345 break; 346 case IW_CM_STATE_ESTABLISHED: 347 cm_id_priv->state = IW_CM_STATE_DESTROYING; 348 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 349 /* Abrupt close of the connection */ 350 (void)iwcm_modify_qp_err(cm_id_priv->qp); 351 spin_lock_irqsave(&cm_id_priv->lock, flags); 352 break; 353 case IW_CM_STATE_IDLE: 354 case IW_CM_STATE_CLOSING: 355 cm_id_priv->state = IW_CM_STATE_DESTROYING; 356 break; 357 case IW_CM_STATE_CONN_RECV: 358 /* 359 * App called destroy before/without calling accept after 360 * receiving connection request event notification or 361 * returned non zero from the event callback function. 362 * In either case, must tell the provider to reject. 363 */ 364 cm_id_priv->state = IW_CM_STATE_DESTROYING; 365 break; 366 case IW_CM_STATE_CONN_SENT: 367 case IW_CM_STATE_DESTROYING: 368 default: 369 BUG(); 370 break; 371 } 372 if (cm_id_priv->qp) { 373 cm_id_priv->id.device->iwcm->rem_ref(cm_id_priv->qp); 374 cm_id_priv->qp = NULL; 375 } 376 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 377 378 (void)iwcm_deref_id(cm_id_priv); 379 } 380 381 /* 382 * This function is only called by the application thread and cannot 383 * be called by the event thread. The function will wait for all 384 * references to be released on the cm_id and then kfree the cm_id 385 * object. 386 */ 387 void iw_destroy_cm_id(struct iw_cm_id *cm_id) 388 { 389 struct iwcm_id_private *cm_id_priv; 390 391 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 392 BUG_ON(test_bit(IWCM_F_CALLBACK_DESTROY, &cm_id_priv->flags)); 393 394 destroy_cm_id(cm_id); 395 396 wait_for_completion(&cm_id_priv->destroy_comp); 397 398 free_cm_id(cm_id_priv); 399 } 400 EXPORT_SYMBOL(iw_destroy_cm_id); 401 402 /* 403 * CM_ID <-- LISTEN 404 * 405 * Start listening for connect requests. Generates one CONNECT_REQUEST 406 * event for each inbound connect request. 407 */ 408 int iw_cm_listen(struct iw_cm_id *cm_id, int backlog) 409 { 410 struct iwcm_id_private *cm_id_priv; 411 unsigned long flags; 412 int ret; 413 414 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 415 416 ret = alloc_work_entries(cm_id_priv, backlog); 417 if (ret) 418 return ret; 419 420 spin_lock_irqsave(&cm_id_priv->lock, flags); 421 switch (cm_id_priv->state) { 422 case IW_CM_STATE_IDLE: 423 cm_id_priv->state = IW_CM_STATE_LISTEN; 424 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 425 ret = cm_id->device->iwcm->create_listen(cm_id, backlog); 426 if (ret) 427 cm_id_priv->state = IW_CM_STATE_IDLE; 428 spin_lock_irqsave(&cm_id_priv->lock, flags); 429 break; 430 default: 431 ret = -EINVAL; 432 } 433 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 434 435 return ret; 436 } 437 EXPORT_SYMBOL(iw_cm_listen); 438 439 /* 440 * CM_ID <-- IDLE 441 * 442 * Rejects an inbound connection request. No events are generated. 443 */ 444 int iw_cm_reject(struct iw_cm_id *cm_id, 445 const void *private_data, 446 u8 private_data_len) 447 { 448 struct iwcm_id_private *cm_id_priv; 449 unsigned long flags; 450 int ret; 451 452 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 453 set_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 454 455 spin_lock_irqsave(&cm_id_priv->lock, flags); 456 if (cm_id_priv->state != IW_CM_STATE_CONN_RECV) { 457 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 458 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 459 wake_up_all(&cm_id_priv->connect_wait); 460 return -EINVAL; 461 } 462 cm_id_priv->state = IW_CM_STATE_IDLE; 463 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 464 465 ret = cm_id->device->iwcm->reject(cm_id, private_data, 466 private_data_len); 467 468 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 469 wake_up_all(&cm_id_priv->connect_wait); 470 471 return ret; 472 } 473 EXPORT_SYMBOL(iw_cm_reject); 474 475 /* 476 * CM_ID <-- ESTABLISHED 477 * 478 * Accepts an inbound connection request and generates an ESTABLISHED 479 * event. Callers of iw_cm_disconnect and iw_destroy_cm_id will block 480 * until the ESTABLISHED event is received from the provider. 481 */ 482 int iw_cm_accept(struct iw_cm_id *cm_id, 483 struct iw_cm_conn_param *iw_param) 484 { 485 struct iwcm_id_private *cm_id_priv; 486 struct ib_qp *qp; 487 unsigned long flags; 488 int ret; 489 490 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 491 set_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 492 493 spin_lock_irqsave(&cm_id_priv->lock, flags); 494 if (cm_id_priv->state != IW_CM_STATE_CONN_RECV) { 495 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 496 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 497 wake_up_all(&cm_id_priv->connect_wait); 498 return -EINVAL; 499 } 500 /* Get the ib_qp given the QPN */ 501 qp = cm_id->device->iwcm->get_qp(cm_id->device, iw_param->qpn); 502 if (!qp) { 503 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 504 return -EINVAL; 505 } 506 cm_id->device->iwcm->add_ref(qp); 507 cm_id_priv->qp = qp; 508 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 509 510 ret = cm_id->device->iwcm->accept(cm_id, iw_param); 511 if (ret) { 512 /* An error on accept precludes provider events */ 513 BUG_ON(cm_id_priv->state != IW_CM_STATE_CONN_RECV); 514 cm_id_priv->state = IW_CM_STATE_IDLE; 515 spin_lock_irqsave(&cm_id_priv->lock, flags); 516 if (cm_id_priv->qp) { 517 cm_id->device->iwcm->rem_ref(qp); 518 cm_id_priv->qp = NULL; 519 } 520 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 521 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 522 wake_up_all(&cm_id_priv->connect_wait); 523 } 524 525 return ret; 526 } 527 EXPORT_SYMBOL(iw_cm_accept); 528 529 /* 530 * Active Side: CM_ID <-- CONN_SENT 531 * 532 * If successful, results in the generation of a CONNECT_REPLY 533 * event. iw_cm_disconnect and iw_cm_destroy will block until the 534 * CONNECT_REPLY event is received from the provider. 535 */ 536 int iw_cm_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *iw_param) 537 { 538 struct iwcm_id_private *cm_id_priv; 539 int ret; 540 unsigned long flags; 541 struct ib_qp *qp; 542 543 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 544 545 ret = alloc_work_entries(cm_id_priv, 4); 546 if (ret) 547 return ret; 548 549 set_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 550 spin_lock_irqsave(&cm_id_priv->lock, flags); 551 552 if (cm_id_priv->state != IW_CM_STATE_IDLE) { 553 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 554 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 555 wake_up_all(&cm_id_priv->connect_wait); 556 return -EINVAL; 557 } 558 559 /* Get the ib_qp given the QPN */ 560 qp = cm_id->device->iwcm->get_qp(cm_id->device, iw_param->qpn); 561 if (!qp) { 562 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 563 return -EINVAL; 564 } 565 cm_id->device->iwcm->add_ref(qp); 566 cm_id_priv->qp = qp; 567 cm_id_priv->state = IW_CM_STATE_CONN_SENT; 568 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 569 570 ret = cm_id->device->iwcm->connect(cm_id, iw_param); 571 if (ret) { 572 spin_lock_irqsave(&cm_id_priv->lock, flags); 573 if (cm_id_priv->qp) { 574 cm_id->device->iwcm->rem_ref(qp); 575 cm_id_priv->qp = NULL; 576 } 577 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 578 BUG_ON(cm_id_priv->state != IW_CM_STATE_CONN_SENT); 579 cm_id_priv->state = IW_CM_STATE_IDLE; 580 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 581 wake_up_all(&cm_id_priv->connect_wait); 582 } 583 584 return ret; 585 } 586 EXPORT_SYMBOL(iw_cm_connect); 587 588 /* 589 * Passive Side: new CM_ID <-- CONN_RECV 590 * 591 * Handles an inbound connect request. The function creates a new 592 * iw_cm_id to represent the new connection and inherits the client 593 * callback function and other attributes from the listening parent. 594 * 595 * The work item contains a pointer to the listen_cm_id and the event. The 596 * listen_cm_id contains the client cm_handler, context and 597 * device. These are copied when the device is cloned. The event 598 * contains the new four tuple. 599 * 600 * An error on the child should not affect the parent, so this 601 * function does not return a value. 602 */ 603 static void cm_conn_req_handler(struct iwcm_id_private *listen_id_priv, 604 struct iw_cm_event *iw_event) 605 { 606 unsigned long flags; 607 struct iw_cm_id *cm_id; 608 struct iwcm_id_private *cm_id_priv; 609 int ret; 610 611 /* 612 * The provider should never generate a connection request 613 * event with a bad status. 614 */ 615 BUG_ON(iw_event->status); 616 617 /* 618 * We could be destroying the listening id. If so, ignore this 619 * upcall. 620 */ 621 spin_lock_irqsave(&listen_id_priv->lock, flags); 622 if (listen_id_priv->state != IW_CM_STATE_LISTEN) { 623 spin_unlock_irqrestore(&listen_id_priv->lock, flags); 624 goto out; 625 } 626 spin_unlock_irqrestore(&listen_id_priv->lock, flags); 627 628 cm_id = iw_create_cm_id(listen_id_priv->id.device, 629 listen_id_priv->id.cm_handler, 630 listen_id_priv->id.context); 631 /* If the cm_id could not be created, ignore the request */ 632 if (IS_ERR(cm_id)) 633 goto out; 634 635 cm_id->provider_data = iw_event->provider_data; 636 cm_id->local_addr = iw_event->local_addr; 637 cm_id->remote_addr = iw_event->remote_addr; 638 639 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 640 cm_id_priv->state = IW_CM_STATE_CONN_RECV; 641 642 ret = alloc_work_entries(cm_id_priv, 3); 643 if (ret) { 644 iw_cm_reject(cm_id, NULL, 0); 645 iw_destroy_cm_id(cm_id); 646 goto out; 647 } 648 649 /* Call the client CM handler */ 650 ret = cm_id->cm_handler(cm_id, iw_event); 651 if (ret) { 652 iw_cm_reject(cm_id, NULL, 0); 653 set_bit(IWCM_F_CALLBACK_DESTROY, &cm_id_priv->flags); 654 destroy_cm_id(cm_id); 655 if (atomic_read(&cm_id_priv->refcount)==0) 656 free_cm_id(cm_id_priv); 657 } 658 659 out: 660 if (iw_event->private_data_len) 661 kfree(iw_event->private_data); 662 } 663 664 /* 665 * Passive Side: CM_ID <-- ESTABLISHED 666 * 667 * The provider generated an ESTABLISHED event which means that 668 * the MPA negotion has completed successfully and we are now in MPA 669 * FPDU mode. 670 * 671 * This event can only be received in the CONN_RECV state. If the 672 * remote peer closed, the ESTABLISHED event would be received followed 673 * by the CLOSE event. If the app closes, it will block until we wake 674 * it up after processing this event. 675 */ 676 static int cm_conn_est_handler(struct iwcm_id_private *cm_id_priv, 677 struct iw_cm_event *iw_event) 678 { 679 unsigned long flags; 680 int ret; 681 682 spin_lock_irqsave(&cm_id_priv->lock, flags); 683 684 /* 685 * We clear the CONNECT_WAIT bit here to allow the callback 686 * function to call iw_cm_disconnect. Calling iw_destroy_cm_id 687 * from a callback handler is not allowed. 688 */ 689 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 690 BUG_ON(cm_id_priv->state != IW_CM_STATE_CONN_RECV); 691 cm_id_priv->state = IW_CM_STATE_ESTABLISHED; 692 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 693 ret = cm_id_priv->id.cm_handler(&cm_id_priv->id, iw_event); 694 wake_up_all(&cm_id_priv->connect_wait); 695 696 return ret; 697 } 698 699 /* 700 * Active Side: CM_ID <-- ESTABLISHED 701 * 702 * The app has called connect and is waiting for the established event to 703 * post it's requests to the server. This event will wake up anyone 704 * blocked in iw_cm_disconnect or iw_destroy_id. 705 */ 706 static int cm_conn_rep_handler(struct iwcm_id_private *cm_id_priv, 707 struct iw_cm_event *iw_event) 708 { 709 unsigned long flags; 710 int ret; 711 712 spin_lock_irqsave(&cm_id_priv->lock, flags); 713 /* 714 * Clear the connect wait bit so a callback function calling 715 * iw_cm_disconnect will not wait and deadlock this thread 716 */ 717 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 718 BUG_ON(cm_id_priv->state != IW_CM_STATE_CONN_SENT); 719 if (iw_event->status == IW_CM_EVENT_STATUS_ACCEPTED) { 720 cm_id_priv->id.local_addr = iw_event->local_addr; 721 cm_id_priv->id.remote_addr = iw_event->remote_addr; 722 cm_id_priv->state = IW_CM_STATE_ESTABLISHED; 723 } else { 724 /* REJECTED or RESET */ 725 cm_id_priv->id.device->iwcm->rem_ref(cm_id_priv->qp); 726 cm_id_priv->qp = NULL; 727 cm_id_priv->state = IW_CM_STATE_IDLE; 728 } 729 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 730 ret = cm_id_priv->id.cm_handler(&cm_id_priv->id, iw_event); 731 732 if (iw_event->private_data_len) 733 kfree(iw_event->private_data); 734 735 /* Wake up waiters on connect complete */ 736 wake_up_all(&cm_id_priv->connect_wait); 737 738 return ret; 739 } 740 741 /* 742 * CM_ID <-- CLOSING 743 * 744 * If in the ESTABLISHED state, move to CLOSING. 745 */ 746 static void cm_disconnect_handler(struct iwcm_id_private *cm_id_priv, 747 struct iw_cm_event *iw_event) 748 { 749 unsigned long flags; 750 751 spin_lock_irqsave(&cm_id_priv->lock, flags); 752 if (cm_id_priv->state == IW_CM_STATE_ESTABLISHED) 753 cm_id_priv->state = IW_CM_STATE_CLOSING; 754 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 755 } 756 757 /* 758 * CM_ID <-- IDLE 759 * 760 * If in the ESTBLISHED or CLOSING states, the QP will have have been 761 * moved by the provider to the ERR state. Disassociate the CM_ID from 762 * the QP, move to IDLE, and remove the 'connected' reference. 763 * 764 * If in some other state, the cm_id was destroyed asynchronously. 765 * This is the last reference that will result in waking up 766 * the app thread blocked in iw_destroy_cm_id. 767 */ 768 static int cm_close_handler(struct iwcm_id_private *cm_id_priv, 769 struct iw_cm_event *iw_event) 770 { 771 unsigned long flags; 772 int ret = 0; 773 spin_lock_irqsave(&cm_id_priv->lock, flags); 774 775 if (cm_id_priv->qp) { 776 cm_id_priv->id.device->iwcm->rem_ref(cm_id_priv->qp); 777 cm_id_priv->qp = NULL; 778 } 779 switch (cm_id_priv->state) { 780 case IW_CM_STATE_ESTABLISHED: 781 case IW_CM_STATE_CLOSING: 782 cm_id_priv->state = IW_CM_STATE_IDLE; 783 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 784 ret = cm_id_priv->id.cm_handler(&cm_id_priv->id, iw_event); 785 spin_lock_irqsave(&cm_id_priv->lock, flags); 786 break; 787 case IW_CM_STATE_DESTROYING: 788 break; 789 default: 790 BUG(); 791 } 792 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 793 794 return ret; 795 } 796 797 static int process_event(struct iwcm_id_private *cm_id_priv, 798 struct iw_cm_event *iw_event) 799 { 800 int ret = 0; 801 802 switch (iw_event->event) { 803 case IW_CM_EVENT_CONNECT_REQUEST: 804 cm_conn_req_handler(cm_id_priv, iw_event); 805 break; 806 case IW_CM_EVENT_CONNECT_REPLY: 807 ret = cm_conn_rep_handler(cm_id_priv, iw_event); 808 break; 809 case IW_CM_EVENT_ESTABLISHED: 810 ret = cm_conn_est_handler(cm_id_priv, iw_event); 811 break; 812 case IW_CM_EVENT_DISCONNECT: 813 cm_disconnect_handler(cm_id_priv, iw_event); 814 break; 815 case IW_CM_EVENT_CLOSE: 816 ret = cm_close_handler(cm_id_priv, iw_event); 817 break; 818 default: 819 BUG(); 820 } 821 822 return ret; 823 } 824 825 /* 826 * Process events on the work_list for the cm_id. If the callback 827 * function requests that the cm_id be deleted, a flag is set in the 828 * cm_id flags to indicate that when the last reference is 829 * removed, the cm_id is to be destroyed. This is necessary to 830 * distinguish between an object that will be destroyed by the app 831 * thread asleep on the destroy_comp list vs. an object destroyed 832 * here synchronously when the last reference is removed. 833 */ 834 static void cm_work_handler(struct work_struct *_work) 835 { 836 struct iwcm_work *work = container_of(_work, struct iwcm_work, work); 837 struct iw_cm_event levent; 838 struct iwcm_id_private *cm_id_priv = work->cm_id; 839 unsigned long flags; 840 int empty; 841 int ret = 0; 842 int destroy_id; 843 844 spin_lock_irqsave(&cm_id_priv->lock, flags); 845 empty = list_empty(&cm_id_priv->work_list); 846 while (!empty) { 847 work = list_entry(cm_id_priv->work_list.next, 848 struct iwcm_work, list); 849 list_del_init(&work->list); 850 empty = list_empty(&cm_id_priv->work_list); 851 levent = work->event; 852 put_work(work); 853 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 854 855 ret = process_event(cm_id_priv, &levent); 856 if (ret) { 857 set_bit(IWCM_F_CALLBACK_DESTROY, &cm_id_priv->flags); 858 destroy_cm_id(&cm_id_priv->id); 859 } 860 BUG_ON(atomic_read(&cm_id_priv->refcount)==0); 861 destroy_id = test_bit(IWCM_F_CALLBACK_DESTROY, &cm_id_priv->flags); 862 if (iwcm_deref_id(cm_id_priv)) { 863 if (destroy_id) { 864 BUG_ON(!list_empty(&cm_id_priv->work_list)); 865 free_cm_id(cm_id_priv); 866 } 867 return; 868 } 869 spin_lock_irqsave(&cm_id_priv->lock, flags); 870 } 871 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 872 } 873 874 /* 875 * This function is called on interrupt context. Schedule events on 876 * the iwcm_wq thread to allow callback functions to downcall into 877 * the CM and/or block. Events are queued to a per-CM_ID 878 * work_list. If this is the first event on the work_list, the work 879 * element is also queued on the iwcm_wq thread. 880 * 881 * Each event holds a reference on the cm_id. Until the last posted 882 * event has been delivered and processed, the cm_id cannot be 883 * deleted. 884 * 885 * Returns: 886 * 0 - the event was handled. 887 * -ENOMEM - the event was not handled due to lack of resources. 888 */ 889 static int cm_event_handler(struct iw_cm_id *cm_id, 890 struct iw_cm_event *iw_event) 891 { 892 struct iwcm_work *work; 893 struct iwcm_id_private *cm_id_priv; 894 unsigned long flags; 895 int ret = 0; 896 897 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 898 899 spin_lock_irqsave(&cm_id_priv->lock, flags); 900 work = get_work(cm_id_priv); 901 if (!work) { 902 ret = -ENOMEM; 903 goto out; 904 } 905 906 INIT_WORK(&work->work, cm_work_handler); 907 work->cm_id = cm_id_priv; 908 work->event = *iw_event; 909 910 if ((work->event.event == IW_CM_EVENT_CONNECT_REQUEST || 911 work->event.event == IW_CM_EVENT_CONNECT_REPLY) && 912 work->event.private_data_len) { 913 ret = copy_private_data(&work->event); 914 if (ret) { 915 put_work(work); 916 goto out; 917 } 918 } 919 920 atomic_inc(&cm_id_priv->refcount); 921 if (list_empty(&cm_id_priv->work_list)) { 922 list_add_tail(&work->list, &cm_id_priv->work_list); 923 queue_work(iwcm_wq, &work->work); 924 } else 925 list_add_tail(&work->list, &cm_id_priv->work_list); 926 out: 927 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 928 return ret; 929 } 930 931 static int iwcm_init_qp_init_attr(struct iwcm_id_private *cm_id_priv, 932 struct ib_qp_attr *qp_attr, 933 int *qp_attr_mask) 934 { 935 unsigned long flags; 936 int ret; 937 938 spin_lock_irqsave(&cm_id_priv->lock, flags); 939 switch (cm_id_priv->state) { 940 case IW_CM_STATE_IDLE: 941 case IW_CM_STATE_CONN_SENT: 942 case IW_CM_STATE_CONN_RECV: 943 case IW_CM_STATE_ESTABLISHED: 944 *qp_attr_mask = IB_QP_STATE | IB_QP_ACCESS_FLAGS; 945 qp_attr->qp_access_flags = IB_ACCESS_LOCAL_WRITE | 946 IB_ACCESS_REMOTE_WRITE| 947 IB_ACCESS_REMOTE_READ; 948 ret = 0; 949 break; 950 default: 951 ret = -EINVAL; 952 break; 953 } 954 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 955 return ret; 956 } 957 958 static int iwcm_init_qp_rts_attr(struct iwcm_id_private *cm_id_priv, 959 struct ib_qp_attr *qp_attr, 960 int *qp_attr_mask) 961 { 962 unsigned long flags; 963 int ret; 964 965 spin_lock_irqsave(&cm_id_priv->lock, flags); 966 switch (cm_id_priv->state) { 967 case IW_CM_STATE_IDLE: 968 case IW_CM_STATE_CONN_SENT: 969 case IW_CM_STATE_CONN_RECV: 970 case IW_CM_STATE_ESTABLISHED: 971 *qp_attr_mask = 0; 972 ret = 0; 973 break; 974 default: 975 ret = -EINVAL; 976 break; 977 } 978 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 979 return ret; 980 } 981 982 int iw_cm_init_qp_attr(struct iw_cm_id *cm_id, 983 struct ib_qp_attr *qp_attr, 984 int *qp_attr_mask) 985 { 986 struct iwcm_id_private *cm_id_priv; 987 int ret; 988 989 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 990 switch (qp_attr->qp_state) { 991 case IB_QPS_INIT: 992 case IB_QPS_RTR: 993 ret = iwcm_init_qp_init_attr(cm_id_priv, 994 qp_attr, qp_attr_mask); 995 break; 996 case IB_QPS_RTS: 997 ret = iwcm_init_qp_rts_attr(cm_id_priv, 998 qp_attr, qp_attr_mask); 999 break; 1000 default: 1001 ret = -EINVAL; 1002 break; 1003 } 1004 return ret; 1005 } 1006 EXPORT_SYMBOL(iw_cm_init_qp_attr); 1007 1008 static int __init iw_cm_init(void) 1009 { 1010 iwcm_wq = create_singlethread_workqueue("iw_cm_wq"); 1011 if (!iwcm_wq) 1012 return -ENOMEM; 1013 1014 return 0; 1015 } 1016 1017 static void __exit iw_cm_cleanup(void) 1018 { 1019 destroy_workqueue(iwcm_wq); 1020 } 1021 1022 module_init(iw_cm_init); 1023 module_exit(iw_cm_cleanup); 1024