1 /* 2 * Copyright (c) 2004, 2005 Intel Corporation. All rights reserved. 3 * Copyright (c) 2004 Topspin Corporation. All rights reserved. 4 * Copyright (c) 2004, 2005 Voltaire Corporation. All rights reserved. 5 * Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved. 6 * Copyright (c) 2005 Open Grid Computing, Inc. All rights reserved. 7 * Copyright (c) 2005 Network Appliance, Inc. All rights reserved. 8 * 9 * This software is available to you under a choice of one of two 10 * licenses. You may choose to be licensed under the terms of the GNU 11 * General Public License (GPL) Version 2, available from the file 12 * COPYING in the main directory of this source tree, or the 13 * OpenIB.org BSD license below: 14 * 15 * Redistribution and use in source and binary forms, with or 16 * without modification, are permitted provided that the following 17 * conditions are met: 18 * 19 * - Redistributions of source code must retain the above 20 * copyright notice, this list of conditions and the following 21 * disclaimer. 22 * 23 * - Redistributions in binary form must reproduce the above 24 * copyright notice, this list of conditions and the following 25 * disclaimer in the documentation and/or other materials 26 * provided with the distribution. 27 * 28 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 29 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 30 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 31 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 32 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 33 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 34 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 35 * SOFTWARE. 36 * 37 */ 38 #include <linux/dma-mapping.h> 39 #include <linux/err.h> 40 #include <linux/idr.h> 41 #include <linux/interrupt.h> 42 #include <linux/rbtree.h> 43 #include <linux/sched.h> 44 #include <linux/spinlock.h> 45 #include <linux/workqueue.h> 46 #include <linux/completion.h> 47 #include <linux/slab.h> 48 #include <linux/module.h> 49 50 #include <rdma/iw_cm.h> 51 #include <rdma/ib_addr.h> 52 53 #include "iwcm.h" 54 55 MODULE_AUTHOR("Tom Tucker"); 56 MODULE_DESCRIPTION("iWARP CM"); 57 MODULE_LICENSE("Dual BSD/GPL"); 58 59 static struct workqueue_struct *iwcm_wq; 60 struct iwcm_work { 61 struct work_struct work; 62 struct iwcm_id_private *cm_id; 63 struct list_head list; 64 struct iw_cm_event event; 65 struct list_head free_list; 66 }; 67 68 /* 69 * The following services provide a mechanism for pre-allocating iwcm_work 70 * elements. The design pre-allocates them based on the cm_id type: 71 * LISTENING IDS: Get enough elements preallocated to handle the 72 * listen backlog. 73 * ACTIVE IDS: 4: CONNECT_REPLY, ESTABLISHED, DISCONNECT, CLOSE 74 * PASSIVE IDS: 3: ESTABLISHED, DISCONNECT, CLOSE 75 * 76 * Allocating them in connect and listen avoids having to deal 77 * with allocation failures on the event upcall from the provider (which 78 * is called in the interrupt context). 79 * 80 * One exception is when creating the cm_id for incoming connection requests. 81 * There are two cases: 82 * 1) in the event upcall, cm_event_handler(), for a listening cm_id. If 83 * the backlog is exceeded, then no more connection request events will 84 * be processed. cm_event_handler() returns -ENOMEM in this case. Its up 85 * to the provider to reject the connection request. 86 * 2) in the connection request workqueue handler, cm_conn_req_handler(). 87 * If work elements cannot be allocated for the new connect request cm_id, 88 * then IWCM will call the provider reject method. This is ok since 89 * cm_conn_req_handler() runs in the workqueue thread context. 90 */ 91 92 static struct iwcm_work *get_work(struct iwcm_id_private *cm_id_priv) 93 { 94 struct iwcm_work *work; 95 96 if (list_empty(&cm_id_priv->work_free_list)) 97 return NULL; 98 work = list_entry(cm_id_priv->work_free_list.next, struct iwcm_work, 99 free_list); 100 list_del_init(&work->free_list); 101 return work; 102 } 103 104 static void put_work(struct iwcm_work *work) 105 { 106 list_add(&work->free_list, &work->cm_id->work_free_list); 107 } 108 109 static void dealloc_work_entries(struct iwcm_id_private *cm_id_priv) 110 { 111 struct list_head *e, *tmp; 112 113 list_for_each_safe(e, tmp, &cm_id_priv->work_free_list) 114 kfree(list_entry(e, struct iwcm_work, free_list)); 115 } 116 117 static int alloc_work_entries(struct iwcm_id_private *cm_id_priv, int count) 118 { 119 struct iwcm_work *work; 120 121 BUG_ON(!list_empty(&cm_id_priv->work_free_list)); 122 while (count--) { 123 work = kmalloc(sizeof(struct iwcm_work), GFP_KERNEL); 124 if (!work) { 125 dealloc_work_entries(cm_id_priv); 126 return -ENOMEM; 127 } 128 work->cm_id = cm_id_priv; 129 INIT_LIST_HEAD(&work->list); 130 put_work(work); 131 } 132 return 0; 133 } 134 135 /* 136 * Save private data from incoming connection requests to 137 * iw_cm_event, so the low level driver doesn't have to. Adjust 138 * the event ptr to point to the local copy. 139 */ 140 static int copy_private_data(struct iw_cm_event *event) 141 { 142 void *p; 143 144 p = kmemdup(event->private_data, event->private_data_len, GFP_ATOMIC); 145 if (!p) 146 return -ENOMEM; 147 event->private_data = p; 148 return 0; 149 } 150 151 static void free_cm_id(struct iwcm_id_private *cm_id_priv) 152 { 153 dealloc_work_entries(cm_id_priv); 154 kfree(cm_id_priv); 155 } 156 157 /* 158 * Release a reference on cm_id. If the last reference is being 159 * released, enable the waiting thread (in iw_destroy_cm_id) to 160 * get woken up, and return 1 if a thread is already waiting. 161 */ 162 static int iwcm_deref_id(struct iwcm_id_private *cm_id_priv) 163 { 164 BUG_ON(atomic_read(&cm_id_priv->refcount)==0); 165 if (atomic_dec_and_test(&cm_id_priv->refcount)) { 166 BUG_ON(!list_empty(&cm_id_priv->work_list)); 167 complete(&cm_id_priv->destroy_comp); 168 return 1; 169 } 170 171 return 0; 172 } 173 174 static void add_ref(struct iw_cm_id *cm_id) 175 { 176 struct iwcm_id_private *cm_id_priv; 177 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 178 atomic_inc(&cm_id_priv->refcount); 179 } 180 181 static void rem_ref(struct iw_cm_id *cm_id) 182 { 183 struct iwcm_id_private *cm_id_priv; 184 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 185 if (iwcm_deref_id(cm_id_priv) && 186 test_bit(IWCM_F_CALLBACK_DESTROY, &cm_id_priv->flags)) { 187 BUG_ON(!list_empty(&cm_id_priv->work_list)); 188 free_cm_id(cm_id_priv); 189 } 190 } 191 192 static int cm_event_handler(struct iw_cm_id *cm_id, struct iw_cm_event *event); 193 194 struct iw_cm_id *iw_create_cm_id(struct ib_device *device, 195 iw_cm_handler cm_handler, 196 void *context) 197 { 198 struct iwcm_id_private *cm_id_priv; 199 200 cm_id_priv = kzalloc(sizeof(*cm_id_priv), GFP_KERNEL); 201 if (!cm_id_priv) 202 return ERR_PTR(-ENOMEM); 203 204 cm_id_priv->state = IW_CM_STATE_IDLE; 205 cm_id_priv->id.device = device; 206 cm_id_priv->id.cm_handler = cm_handler; 207 cm_id_priv->id.context = context; 208 cm_id_priv->id.event_handler = cm_event_handler; 209 cm_id_priv->id.add_ref = add_ref; 210 cm_id_priv->id.rem_ref = rem_ref; 211 spin_lock_init(&cm_id_priv->lock); 212 atomic_set(&cm_id_priv->refcount, 1); 213 init_waitqueue_head(&cm_id_priv->connect_wait); 214 init_completion(&cm_id_priv->destroy_comp); 215 INIT_LIST_HEAD(&cm_id_priv->work_list); 216 INIT_LIST_HEAD(&cm_id_priv->work_free_list); 217 218 return &cm_id_priv->id; 219 } 220 EXPORT_SYMBOL(iw_create_cm_id); 221 222 223 static int iwcm_modify_qp_err(struct ib_qp *qp) 224 { 225 struct ib_qp_attr qp_attr; 226 227 if (!qp) 228 return -EINVAL; 229 230 qp_attr.qp_state = IB_QPS_ERR; 231 return ib_modify_qp(qp, &qp_attr, IB_QP_STATE); 232 } 233 234 /* 235 * This is really the RDMAC CLOSING state. It is most similar to the 236 * IB SQD QP state. 237 */ 238 static int iwcm_modify_qp_sqd(struct ib_qp *qp) 239 { 240 struct ib_qp_attr qp_attr; 241 242 BUG_ON(qp == NULL); 243 qp_attr.qp_state = IB_QPS_SQD; 244 return ib_modify_qp(qp, &qp_attr, IB_QP_STATE); 245 } 246 247 /* 248 * CM_ID <-- CLOSING 249 * 250 * Block if a passive or active connection is currently being processed. Then 251 * process the event as follows: 252 * - If we are ESTABLISHED, move to CLOSING and modify the QP state 253 * based on the abrupt flag 254 * - If the connection is already in the CLOSING or IDLE state, the peer is 255 * disconnecting concurrently with us and we've already seen the 256 * DISCONNECT event -- ignore the request and return 0 257 * - Disconnect on a listening endpoint returns -EINVAL 258 */ 259 int iw_cm_disconnect(struct iw_cm_id *cm_id, int abrupt) 260 { 261 struct iwcm_id_private *cm_id_priv; 262 unsigned long flags; 263 int ret = 0; 264 struct ib_qp *qp = NULL; 265 266 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 267 /* Wait if we're currently in a connect or accept downcall */ 268 wait_event(cm_id_priv->connect_wait, 269 !test_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags)); 270 271 spin_lock_irqsave(&cm_id_priv->lock, flags); 272 switch (cm_id_priv->state) { 273 case IW_CM_STATE_ESTABLISHED: 274 cm_id_priv->state = IW_CM_STATE_CLOSING; 275 276 /* QP could be <nul> for user-mode client */ 277 if (cm_id_priv->qp) 278 qp = cm_id_priv->qp; 279 else 280 ret = -EINVAL; 281 break; 282 case IW_CM_STATE_LISTEN: 283 ret = -EINVAL; 284 break; 285 case IW_CM_STATE_CLOSING: 286 /* remote peer closed first */ 287 case IW_CM_STATE_IDLE: 288 /* accept or connect returned !0 */ 289 break; 290 case IW_CM_STATE_CONN_RECV: 291 /* 292 * App called disconnect before/without calling accept after 293 * connect_request event delivered. 294 */ 295 break; 296 case IW_CM_STATE_CONN_SENT: 297 /* Can only get here if wait above fails */ 298 default: 299 BUG(); 300 } 301 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 302 303 if (qp) { 304 if (abrupt) 305 ret = iwcm_modify_qp_err(qp); 306 else 307 ret = iwcm_modify_qp_sqd(qp); 308 309 /* 310 * If both sides are disconnecting the QP could 311 * already be in ERR or SQD states 312 */ 313 ret = 0; 314 } 315 316 return ret; 317 } 318 EXPORT_SYMBOL(iw_cm_disconnect); 319 320 /* 321 * CM_ID <-- DESTROYING 322 * 323 * Clean up all resources associated with the connection and release 324 * the initial reference taken by iw_create_cm_id. 325 */ 326 static void destroy_cm_id(struct iw_cm_id *cm_id) 327 { 328 struct iwcm_id_private *cm_id_priv; 329 unsigned long flags; 330 int ret; 331 332 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 333 /* 334 * Wait if we're currently in a connect or accept downcall. A 335 * listening endpoint should never block here. 336 */ 337 wait_event(cm_id_priv->connect_wait, 338 !test_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags)); 339 340 spin_lock_irqsave(&cm_id_priv->lock, flags); 341 switch (cm_id_priv->state) { 342 case IW_CM_STATE_LISTEN: 343 cm_id_priv->state = IW_CM_STATE_DESTROYING; 344 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 345 /* destroy the listening endpoint */ 346 ret = cm_id->device->iwcm->destroy_listen(cm_id); 347 spin_lock_irqsave(&cm_id_priv->lock, flags); 348 break; 349 case IW_CM_STATE_ESTABLISHED: 350 cm_id_priv->state = IW_CM_STATE_DESTROYING; 351 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 352 /* Abrupt close of the connection */ 353 (void)iwcm_modify_qp_err(cm_id_priv->qp); 354 spin_lock_irqsave(&cm_id_priv->lock, flags); 355 break; 356 case IW_CM_STATE_IDLE: 357 case IW_CM_STATE_CLOSING: 358 cm_id_priv->state = IW_CM_STATE_DESTROYING; 359 break; 360 case IW_CM_STATE_CONN_RECV: 361 /* 362 * App called destroy before/without calling accept after 363 * receiving connection request event notification or 364 * returned non zero from the event callback function. 365 * In either case, must tell the provider to reject. 366 */ 367 cm_id_priv->state = IW_CM_STATE_DESTROYING; 368 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 369 cm_id->device->iwcm->reject(cm_id, NULL, 0); 370 spin_lock_irqsave(&cm_id_priv->lock, flags); 371 break; 372 case IW_CM_STATE_CONN_SENT: 373 case IW_CM_STATE_DESTROYING: 374 default: 375 BUG(); 376 break; 377 } 378 if (cm_id_priv->qp) { 379 cm_id_priv->id.device->iwcm->rem_ref(cm_id_priv->qp); 380 cm_id_priv->qp = NULL; 381 } 382 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 383 384 (void)iwcm_deref_id(cm_id_priv); 385 } 386 387 /* 388 * This function is only called by the application thread and cannot 389 * be called by the event thread. The function will wait for all 390 * references to be released on the cm_id and then kfree the cm_id 391 * object. 392 */ 393 void iw_destroy_cm_id(struct iw_cm_id *cm_id) 394 { 395 struct iwcm_id_private *cm_id_priv; 396 397 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 398 BUG_ON(test_bit(IWCM_F_CALLBACK_DESTROY, &cm_id_priv->flags)); 399 400 destroy_cm_id(cm_id); 401 402 wait_for_completion(&cm_id_priv->destroy_comp); 403 404 free_cm_id(cm_id_priv); 405 } 406 EXPORT_SYMBOL(iw_destroy_cm_id); 407 408 /* 409 * CM_ID <-- LISTEN 410 * 411 * Start listening for connect requests. Generates one CONNECT_REQUEST 412 * event for each inbound connect request. 413 */ 414 int iw_cm_listen(struct iw_cm_id *cm_id, int backlog) 415 { 416 struct iwcm_id_private *cm_id_priv; 417 unsigned long flags; 418 int ret; 419 420 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 421 422 ret = alloc_work_entries(cm_id_priv, backlog); 423 if (ret) 424 return ret; 425 426 spin_lock_irqsave(&cm_id_priv->lock, flags); 427 switch (cm_id_priv->state) { 428 case IW_CM_STATE_IDLE: 429 cm_id_priv->state = IW_CM_STATE_LISTEN; 430 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 431 ret = cm_id->device->iwcm->create_listen(cm_id, backlog); 432 if (ret) 433 cm_id_priv->state = IW_CM_STATE_IDLE; 434 spin_lock_irqsave(&cm_id_priv->lock, flags); 435 break; 436 default: 437 ret = -EINVAL; 438 } 439 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 440 441 return ret; 442 } 443 EXPORT_SYMBOL(iw_cm_listen); 444 445 /* 446 * CM_ID <-- IDLE 447 * 448 * Rejects an inbound connection request. No events are generated. 449 */ 450 int iw_cm_reject(struct iw_cm_id *cm_id, 451 const void *private_data, 452 u8 private_data_len) 453 { 454 struct iwcm_id_private *cm_id_priv; 455 unsigned long flags; 456 int ret; 457 458 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 459 set_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 460 461 spin_lock_irqsave(&cm_id_priv->lock, flags); 462 if (cm_id_priv->state != IW_CM_STATE_CONN_RECV) { 463 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 464 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 465 wake_up_all(&cm_id_priv->connect_wait); 466 return -EINVAL; 467 } 468 cm_id_priv->state = IW_CM_STATE_IDLE; 469 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 470 471 ret = cm_id->device->iwcm->reject(cm_id, private_data, 472 private_data_len); 473 474 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 475 wake_up_all(&cm_id_priv->connect_wait); 476 477 return ret; 478 } 479 EXPORT_SYMBOL(iw_cm_reject); 480 481 /* 482 * CM_ID <-- ESTABLISHED 483 * 484 * Accepts an inbound connection request and generates an ESTABLISHED 485 * event. Callers of iw_cm_disconnect and iw_destroy_cm_id will block 486 * until the ESTABLISHED event is received from the provider. 487 */ 488 int iw_cm_accept(struct iw_cm_id *cm_id, 489 struct iw_cm_conn_param *iw_param) 490 { 491 struct iwcm_id_private *cm_id_priv; 492 struct ib_qp *qp; 493 unsigned long flags; 494 int ret; 495 496 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 497 set_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 498 499 spin_lock_irqsave(&cm_id_priv->lock, flags); 500 if (cm_id_priv->state != IW_CM_STATE_CONN_RECV) { 501 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 502 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 503 wake_up_all(&cm_id_priv->connect_wait); 504 return -EINVAL; 505 } 506 /* Get the ib_qp given the QPN */ 507 qp = cm_id->device->iwcm->get_qp(cm_id->device, iw_param->qpn); 508 if (!qp) { 509 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 510 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 511 wake_up_all(&cm_id_priv->connect_wait); 512 return -EINVAL; 513 } 514 cm_id->device->iwcm->add_ref(qp); 515 cm_id_priv->qp = qp; 516 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 517 518 ret = cm_id->device->iwcm->accept(cm_id, iw_param); 519 if (ret) { 520 /* An error on accept precludes provider events */ 521 BUG_ON(cm_id_priv->state != IW_CM_STATE_CONN_RECV); 522 cm_id_priv->state = IW_CM_STATE_IDLE; 523 spin_lock_irqsave(&cm_id_priv->lock, flags); 524 if (cm_id_priv->qp) { 525 cm_id->device->iwcm->rem_ref(qp); 526 cm_id_priv->qp = NULL; 527 } 528 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 529 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 530 wake_up_all(&cm_id_priv->connect_wait); 531 } 532 533 return ret; 534 } 535 EXPORT_SYMBOL(iw_cm_accept); 536 537 /* 538 * Active Side: CM_ID <-- CONN_SENT 539 * 540 * If successful, results in the generation of a CONNECT_REPLY 541 * event. iw_cm_disconnect and iw_cm_destroy will block until the 542 * CONNECT_REPLY event is received from the provider. 543 */ 544 int iw_cm_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *iw_param) 545 { 546 struct iwcm_id_private *cm_id_priv; 547 int ret; 548 unsigned long flags; 549 struct ib_qp *qp; 550 551 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 552 553 ret = alloc_work_entries(cm_id_priv, 4); 554 if (ret) 555 return ret; 556 557 set_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 558 spin_lock_irqsave(&cm_id_priv->lock, flags); 559 560 if (cm_id_priv->state != IW_CM_STATE_IDLE) { 561 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 562 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 563 wake_up_all(&cm_id_priv->connect_wait); 564 return -EINVAL; 565 } 566 567 /* Get the ib_qp given the QPN */ 568 qp = cm_id->device->iwcm->get_qp(cm_id->device, iw_param->qpn); 569 if (!qp) { 570 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 571 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 572 wake_up_all(&cm_id_priv->connect_wait); 573 return -EINVAL; 574 } 575 cm_id->device->iwcm->add_ref(qp); 576 cm_id_priv->qp = qp; 577 cm_id_priv->state = IW_CM_STATE_CONN_SENT; 578 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 579 580 ret = cm_id->device->iwcm->connect(cm_id, iw_param); 581 if (ret) { 582 spin_lock_irqsave(&cm_id_priv->lock, flags); 583 if (cm_id_priv->qp) { 584 cm_id->device->iwcm->rem_ref(qp); 585 cm_id_priv->qp = NULL; 586 } 587 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 588 BUG_ON(cm_id_priv->state != IW_CM_STATE_CONN_SENT); 589 cm_id_priv->state = IW_CM_STATE_IDLE; 590 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 591 wake_up_all(&cm_id_priv->connect_wait); 592 } 593 594 return ret; 595 } 596 EXPORT_SYMBOL(iw_cm_connect); 597 598 /* 599 * Passive Side: new CM_ID <-- CONN_RECV 600 * 601 * Handles an inbound connect request. The function creates a new 602 * iw_cm_id to represent the new connection and inherits the client 603 * callback function and other attributes from the listening parent. 604 * 605 * The work item contains a pointer to the listen_cm_id and the event. The 606 * listen_cm_id contains the client cm_handler, context and 607 * device. These are copied when the device is cloned. The event 608 * contains the new four tuple. 609 * 610 * An error on the child should not affect the parent, so this 611 * function does not return a value. 612 */ 613 static void cm_conn_req_handler(struct iwcm_id_private *listen_id_priv, 614 struct iw_cm_event *iw_event) 615 { 616 unsigned long flags; 617 struct iw_cm_id *cm_id; 618 struct iwcm_id_private *cm_id_priv; 619 int ret; 620 621 /* 622 * The provider should never generate a connection request 623 * event with a bad status. 624 */ 625 BUG_ON(iw_event->status); 626 627 cm_id = iw_create_cm_id(listen_id_priv->id.device, 628 listen_id_priv->id.cm_handler, 629 listen_id_priv->id.context); 630 /* If the cm_id could not be created, ignore the request */ 631 if (IS_ERR(cm_id)) 632 goto out; 633 634 cm_id->provider_data = iw_event->provider_data; 635 cm_id->local_addr = iw_event->local_addr; 636 cm_id->remote_addr = iw_event->remote_addr; 637 638 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 639 cm_id_priv->state = IW_CM_STATE_CONN_RECV; 640 641 /* 642 * We could be destroying the listening id. If so, ignore this 643 * upcall. 644 */ 645 spin_lock_irqsave(&listen_id_priv->lock, flags); 646 if (listen_id_priv->state != IW_CM_STATE_LISTEN) { 647 spin_unlock_irqrestore(&listen_id_priv->lock, flags); 648 iw_cm_reject(cm_id, NULL, 0); 649 iw_destroy_cm_id(cm_id); 650 goto out; 651 } 652 spin_unlock_irqrestore(&listen_id_priv->lock, flags); 653 654 ret = alloc_work_entries(cm_id_priv, 3); 655 if (ret) { 656 iw_cm_reject(cm_id, NULL, 0); 657 iw_destroy_cm_id(cm_id); 658 goto out; 659 } 660 661 /* Call the client CM handler */ 662 ret = cm_id->cm_handler(cm_id, iw_event); 663 if (ret) { 664 iw_cm_reject(cm_id, NULL, 0); 665 set_bit(IWCM_F_CALLBACK_DESTROY, &cm_id_priv->flags); 666 destroy_cm_id(cm_id); 667 if (atomic_read(&cm_id_priv->refcount)==0) 668 free_cm_id(cm_id_priv); 669 } 670 671 out: 672 if (iw_event->private_data_len) 673 kfree(iw_event->private_data); 674 } 675 676 /* 677 * Passive Side: CM_ID <-- ESTABLISHED 678 * 679 * The provider generated an ESTABLISHED event which means that 680 * the MPA negotion has completed successfully and we are now in MPA 681 * FPDU mode. 682 * 683 * This event can only be received in the CONN_RECV state. If the 684 * remote peer closed, the ESTABLISHED event would be received followed 685 * by the CLOSE event. If the app closes, it will block until we wake 686 * it up after processing this event. 687 */ 688 static int cm_conn_est_handler(struct iwcm_id_private *cm_id_priv, 689 struct iw_cm_event *iw_event) 690 { 691 unsigned long flags; 692 int ret; 693 694 spin_lock_irqsave(&cm_id_priv->lock, flags); 695 696 /* 697 * We clear the CONNECT_WAIT bit here to allow the callback 698 * function to call iw_cm_disconnect. Calling iw_destroy_cm_id 699 * from a callback handler is not allowed. 700 */ 701 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 702 BUG_ON(cm_id_priv->state != IW_CM_STATE_CONN_RECV); 703 cm_id_priv->state = IW_CM_STATE_ESTABLISHED; 704 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 705 ret = cm_id_priv->id.cm_handler(&cm_id_priv->id, iw_event); 706 wake_up_all(&cm_id_priv->connect_wait); 707 708 return ret; 709 } 710 711 /* 712 * Active Side: CM_ID <-- ESTABLISHED 713 * 714 * The app has called connect and is waiting for the established event to 715 * post it's requests to the server. This event will wake up anyone 716 * blocked in iw_cm_disconnect or iw_destroy_id. 717 */ 718 static int cm_conn_rep_handler(struct iwcm_id_private *cm_id_priv, 719 struct iw_cm_event *iw_event) 720 { 721 unsigned long flags; 722 int ret; 723 724 spin_lock_irqsave(&cm_id_priv->lock, flags); 725 /* 726 * Clear the connect wait bit so a callback function calling 727 * iw_cm_disconnect will not wait and deadlock this thread 728 */ 729 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 730 BUG_ON(cm_id_priv->state != IW_CM_STATE_CONN_SENT); 731 if (iw_event->status == 0) { 732 cm_id_priv->id.local_addr = iw_event->local_addr; 733 cm_id_priv->id.remote_addr = iw_event->remote_addr; 734 cm_id_priv->state = IW_CM_STATE_ESTABLISHED; 735 } else { 736 /* REJECTED or RESET */ 737 cm_id_priv->id.device->iwcm->rem_ref(cm_id_priv->qp); 738 cm_id_priv->qp = NULL; 739 cm_id_priv->state = IW_CM_STATE_IDLE; 740 } 741 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 742 ret = cm_id_priv->id.cm_handler(&cm_id_priv->id, iw_event); 743 744 if (iw_event->private_data_len) 745 kfree(iw_event->private_data); 746 747 /* Wake up waiters on connect complete */ 748 wake_up_all(&cm_id_priv->connect_wait); 749 750 return ret; 751 } 752 753 /* 754 * CM_ID <-- CLOSING 755 * 756 * If in the ESTABLISHED state, move to CLOSING. 757 */ 758 static void cm_disconnect_handler(struct iwcm_id_private *cm_id_priv, 759 struct iw_cm_event *iw_event) 760 { 761 unsigned long flags; 762 763 spin_lock_irqsave(&cm_id_priv->lock, flags); 764 if (cm_id_priv->state == IW_CM_STATE_ESTABLISHED) 765 cm_id_priv->state = IW_CM_STATE_CLOSING; 766 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 767 } 768 769 /* 770 * CM_ID <-- IDLE 771 * 772 * If in the ESTBLISHED or CLOSING states, the QP will have have been 773 * moved by the provider to the ERR state. Disassociate the CM_ID from 774 * the QP, move to IDLE, and remove the 'connected' reference. 775 * 776 * If in some other state, the cm_id was destroyed asynchronously. 777 * This is the last reference that will result in waking up 778 * the app thread blocked in iw_destroy_cm_id. 779 */ 780 static int cm_close_handler(struct iwcm_id_private *cm_id_priv, 781 struct iw_cm_event *iw_event) 782 { 783 unsigned long flags; 784 int ret = 0; 785 spin_lock_irqsave(&cm_id_priv->lock, flags); 786 787 if (cm_id_priv->qp) { 788 cm_id_priv->id.device->iwcm->rem_ref(cm_id_priv->qp); 789 cm_id_priv->qp = NULL; 790 } 791 switch (cm_id_priv->state) { 792 case IW_CM_STATE_ESTABLISHED: 793 case IW_CM_STATE_CLOSING: 794 cm_id_priv->state = IW_CM_STATE_IDLE; 795 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 796 ret = cm_id_priv->id.cm_handler(&cm_id_priv->id, iw_event); 797 spin_lock_irqsave(&cm_id_priv->lock, flags); 798 break; 799 case IW_CM_STATE_DESTROYING: 800 break; 801 default: 802 BUG(); 803 } 804 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 805 806 return ret; 807 } 808 809 static int process_event(struct iwcm_id_private *cm_id_priv, 810 struct iw_cm_event *iw_event) 811 { 812 int ret = 0; 813 814 switch (iw_event->event) { 815 case IW_CM_EVENT_CONNECT_REQUEST: 816 cm_conn_req_handler(cm_id_priv, iw_event); 817 break; 818 case IW_CM_EVENT_CONNECT_REPLY: 819 ret = cm_conn_rep_handler(cm_id_priv, iw_event); 820 break; 821 case IW_CM_EVENT_ESTABLISHED: 822 ret = cm_conn_est_handler(cm_id_priv, iw_event); 823 break; 824 case IW_CM_EVENT_DISCONNECT: 825 cm_disconnect_handler(cm_id_priv, iw_event); 826 break; 827 case IW_CM_EVENT_CLOSE: 828 ret = cm_close_handler(cm_id_priv, iw_event); 829 break; 830 default: 831 BUG(); 832 } 833 834 return ret; 835 } 836 837 /* 838 * Process events on the work_list for the cm_id. If the callback 839 * function requests that the cm_id be deleted, a flag is set in the 840 * cm_id flags to indicate that when the last reference is 841 * removed, the cm_id is to be destroyed. This is necessary to 842 * distinguish between an object that will be destroyed by the app 843 * thread asleep on the destroy_comp list vs. an object destroyed 844 * here synchronously when the last reference is removed. 845 */ 846 static void cm_work_handler(struct work_struct *_work) 847 { 848 struct iwcm_work *work = container_of(_work, struct iwcm_work, work); 849 struct iw_cm_event levent; 850 struct iwcm_id_private *cm_id_priv = work->cm_id; 851 unsigned long flags; 852 int empty; 853 int ret = 0; 854 int destroy_id; 855 856 spin_lock_irqsave(&cm_id_priv->lock, flags); 857 empty = list_empty(&cm_id_priv->work_list); 858 while (!empty) { 859 work = list_entry(cm_id_priv->work_list.next, 860 struct iwcm_work, list); 861 list_del_init(&work->list); 862 empty = list_empty(&cm_id_priv->work_list); 863 levent = work->event; 864 put_work(work); 865 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 866 867 ret = process_event(cm_id_priv, &levent); 868 if (ret) { 869 set_bit(IWCM_F_CALLBACK_DESTROY, &cm_id_priv->flags); 870 destroy_cm_id(&cm_id_priv->id); 871 } 872 BUG_ON(atomic_read(&cm_id_priv->refcount)==0); 873 destroy_id = test_bit(IWCM_F_CALLBACK_DESTROY, &cm_id_priv->flags); 874 if (iwcm_deref_id(cm_id_priv)) { 875 if (destroy_id) { 876 BUG_ON(!list_empty(&cm_id_priv->work_list)); 877 free_cm_id(cm_id_priv); 878 } 879 return; 880 } 881 spin_lock_irqsave(&cm_id_priv->lock, flags); 882 } 883 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 884 } 885 886 /* 887 * This function is called on interrupt context. Schedule events on 888 * the iwcm_wq thread to allow callback functions to downcall into 889 * the CM and/or block. Events are queued to a per-CM_ID 890 * work_list. If this is the first event on the work_list, the work 891 * element is also queued on the iwcm_wq thread. 892 * 893 * Each event holds a reference on the cm_id. Until the last posted 894 * event has been delivered and processed, the cm_id cannot be 895 * deleted. 896 * 897 * Returns: 898 * 0 - the event was handled. 899 * -ENOMEM - the event was not handled due to lack of resources. 900 */ 901 static int cm_event_handler(struct iw_cm_id *cm_id, 902 struct iw_cm_event *iw_event) 903 { 904 struct iwcm_work *work; 905 struct iwcm_id_private *cm_id_priv; 906 unsigned long flags; 907 int ret = 0; 908 909 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 910 911 spin_lock_irqsave(&cm_id_priv->lock, flags); 912 work = get_work(cm_id_priv); 913 if (!work) { 914 ret = -ENOMEM; 915 goto out; 916 } 917 918 INIT_WORK(&work->work, cm_work_handler); 919 work->cm_id = cm_id_priv; 920 work->event = *iw_event; 921 922 if ((work->event.event == IW_CM_EVENT_CONNECT_REQUEST || 923 work->event.event == IW_CM_EVENT_CONNECT_REPLY) && 924 work->event.private_data_len) { 925 ret = copy_private_data(&work->event); 926 if (ret) { 927 put_work(work); 928 goto out; 929 } 930 } 931 932 atomic_inc(&cm_id_priv->refcount); 933 if (list_empty(&cm_id_priv->work_list)) { 934 list_add_tail(&work->list, &cm_id_priv->work_list); 935 queue_work(iwcm_wq, &work->work); 936 } else 937 list_add_tail(&work->list, &cm_id_priv->work_list); 938 out: 939 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 940 return ret; 941 } 942 943 static int iwcm_init_qp_init_attr(struct iwcm_id_private *cm_id_priv, 944 struct ib_qp_attr *qp_attr, 945 int *qp_attr_mask) 946 { 947 unsigned long flags; 948 int ret; 949 950 spin_lock_irqsave(&cm_id_priv->lock, flags); 951 switch (cm_id_priv->state) { 952 case IW_CM_STATE_IDLE: 953 case IW_CM_STATE_CONN_SENT: 954 case IW_CM_STATE_CONN_RECV: 955 case IW_CM_STATE_ESTABLISHED: 956 *qp_attr_mask = IB_QP_STATE | IB_QP_ACCESS_FLAGS; 957 qp_attr->qp_access_flags = IB_ACCESS_REMOTE_WRITE| 958 IB_ACCESS_REMOTE_READ; 959 ret = 0; 960 break; 961 default: 962 ret = -EINVAL; 963 break; 964 } 965 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 966 return ret; 967 } 968 969 static int iwcm_init_qp_rts_attr(struct iwcm_id_private *cm_id_priv, 970 struct ib_qp_attr *qp_attr, 971 int *qp_attr_mask) 972 { 973 unsigned long flags; 974 int ret; 975 976 spin_lock_irqsave(&cm_id_priv->lock, flags); 977 switch (cm_id_priv->state) { 978 case IW_CM_STATE_IDLE: 979 case IW_CM_STATE_CONN_SENT: 980 case IW_CM_STATE_CONN_RECV: 981 case IW_CM_STATE_ESTABLISHED: 982 *qp_attr_mask = 0; 983 ret = 0; 984 break; 985 default: 986 ret = -EINVAL; 987 break; 988 } 989 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 990 return ret; 991 } 992 993 int iw_cm_init_qp_attr(struct iw_cm_id *cm_id, 994 struct ib_qp_attr *qp_attr, 995 int *qp_attr_mask) 996 { 997 struct iwcm_id_private *cm_id_priv; 998 int ret; 999 1000 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 1001 switch (qp_attr->qp_state) { 1002 case IB_QPS_INIT: 1003 case IB_QPS_RTR: 1004 ret = iwcm_init_qp_init_attr(cm_id_priv, 1005 qp_attr, qp_attr_mask); 1006 break; 1007 case IB_QPS_RTS: 1008 ret = iwcm_init_qp_rts_attr(cm_id_priv, 1009 qp_attr, qp_attr_mask); 1010 break; 1011 default: 1012 ret = -EINVAL; 1013 break; 1014 } 1015 return ret; 1016 } 1017 EXPORT_SYMBOL(iw_cm_init_qp_attr); 1018 1019 static int __init iw_cm_init(void) 1020 { 1021 iwcm_wq = create_singlethread_workqueue("iw_cm_wq"); 1022 if (!iwcm_wq) 1023 return -ENOMEM; 1024 1025 return 0; 1026 } 1027 1028 static void __exit iw_cm_cleanup(void) 1029 { 1030 destroy_workqueue(iwcm_wq); 1031 } 1032 1033 module_init(iw_cm_init); 1034 module_exit(iw_cm_cleanup); 1035