xref: /openbmc/linux/drivers/infiniband/core/ucma.c (revision 29c37341)
1 /*
2  * Copyright (c) 2005-2006 Intel Corporation.  All rights reserved.
3  *
4  * This software is available to you under a choice of one of two
5  * licenses.  You may choose to be licensed under the terms of the GNU
6  * General Public License (GPL) Version 2, available from the file
7  * COPYING in the main directory of this source tree, or the
8  * OpenIB.org BSD license below:
9  *
10  *     Redistribution and use in source and binary forms, with or
11  *     without modification, are permitted provided that the following
12  *     conditions are met:
13  *
14  *      - Redistributions of source code must retain the above
15  *	copyright notice, this list of conditions and the following
16  *	disclaimer.
17  *
18  *      - Redistributions in binary form must reproduce the above
19  *	copyright notice, this list of conditions and the following
20  *	disclaimer in the documentation and/or other materials
21  *	provided with the distribution.
22  *
23  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30  * SOFTWARE.
31  */
32 
33 #include <linux/completion.h>
34 #include <linux/file.h>
35 #include <linux/mutex.h>
36 #include <linux/poll.h>
37 #include <linux/sched.h>
38 #include <linux/idr.h>
39 #include <linux/in.h>
40 #include <linux/in6.h>
41 #include <linux/miscdevice.h>
42 #include <linux/slab.h>
43 #include <linux/sysctl.h>
44 #include <linux/module.h>
45 #include <linux/nsproxy.h>
46 
47 #include <linux/nospec.h>
48 
49 #include <rdma/rdma_user_cm.h>
50 #include <rdma/ib_marshall.h>
51 #include <rdma/rdma_cm.h>
52 #include <rdma/rdma_cm_ib.h>
53 #include <rdma/ib_addr.h>
54 #include <rdma/ib.h>
55 #include <rdma/ib_cm.h>
56 #include <rdma/rdma_netlink.h>
57 #include "core_priv.h"
58 
59 MODULE_AUTHOR("Sean Hefty");
60 MODULE_DESCRIPTION("RDMA Userspace Connection Manager Access");
61 MODULE_LICENSE("Dual BSD/GPL");
62 
63 static unsigned int max_backlog = 1024;
64 
65 static struct ctl_table_header *ucma_ctl_table_hdr;
66 static struct ctl_table ucma_ctl_table[] = {
67 	{
68 		.procname	= "max_backlog",
69 		.data		= &max_backlog,
70 		.maxlen		= sizeof max_backlog,
71 		.mode		= 0644,
72 		.proc_handler	= proc_dointvec,
73 	},
74 	{ }
75 };
76 
77 struct ucma_file {
78 	struct mutex		mut;
79 	struct file		*filp;
80 	struct list_head	ctx_list;
81 	struct list_head	event_list;
82 	wait_queue_head_t	poll_wait;
83 	struct workqueue_struct	*close_wq;
84 };
85 
86 struct ucma_context {
87 	u32			id;
88 	struct completion	comp;
89 	refcount_t		ref;
90 	int			events_reported;
91 	int			backlog;
92 
93 	struct ucma_file	*file;
94 	struct rdma_cm_id	*cm_id;
95 	struct mutex		mutex;
96 	u64			uid;
97 
98 	struct list_head	list;
99 	struct list_head	mc_list;
100 	/* mark that device is in process of destroying the internal HW
101 	 * resources, protected by the ctx_table lock
102 	 */
103 	int			closing;
104 	/* sync between removal event and id destroy, protected by file mut */
105 	int			destroying;
106 	struct work_struct	close_work;
107 };
108 
109 struct ucma_multicast {
110 	struct ucma_context	*ctx;
111 	u32			id;
112 	int			events_reported;
113 
114 	u64			uid;
115 	u8			join_state;
116 	struct list_head	list;
117 	struct sockaddr_storage	addr;
118 };
119 
120 struct ucma_event {
121 	struct ucma_context	*ctx;
122 	struct ucma_multicast	*mc;
123 	struct list_head	list;
124 	struct rdma_cm_id	*cm_id;
125 	struct rdma_ucm_event_resp resp;
126 	struct work_struct	close_work;
127 };
128 
129 static DEFINE_XARRAY_ALLOC(ctx_table);
130 static DEFINE_XARRAY_ALLOC(multicast_table);
131 
132 static const struct file_operations ucma_fops;
133 
134 static inline struct ucma_context *_ucma_find_context(int id,
135 						      struct ucma_file *file)
136 {
137 	struct ucma_context *ctx;
138 
139 	ctx = xa_load(&ctx_table, id);
140 	if (!ctx)
141 		ctx = ERR_PTR(-ENOENT);
142 	else if (ctx->file != file || !ctx->cm_id)
143 		ctx = ERR_PTR(-EINVAL);
144 	return ctx;
145 }
146 
147 static struct ucma_context *ucma_get_ctx(struct ucma_file *file, int id)
148 {
149 	struct ucma_context *ctx;
150 
151 	xa_lock(&ctx_table);
152 	ctx = _ucma_find_context(id, file);
153 	if (!IS_ERR(ctx)) {
154 		if (ctx->closing)
155 			ctx = ERR_PTR(-EIO);
156 		else
157 			refcount_inc(&ctx->ref);
158 	}
159 	xa_unlock(&ctx_table);
160 	return ctx;
161 }
162 
163 static void ucma_put_ctx(struct ucma_context *ctx)
164 {
165 	if (refcount_dec_and_test(&ctx->ref))
166 		complete(&ctx->comp);
167 }
168 
169 /*
170  * Same as ucm_get_ctx but requires that ->cm_id->device is valid, eg that the
171  * CM_ID is bound.
172  */
173 static struct ucma_context *ucma_get_ctx_dev(struct ucma_file *file, int id)
174 {
175 	struct ucma_context *ctx = ucma_get_ctx(file, id);
176 
177 	if (IS_ERR(ctx))
178 		return ctx;
179 	if (!ctx->cm_id->device) {
180 		ucma_put_ctx(ctx);
181 		return ERR_PTR(-EINVAL);
182 	}
183 	return ctx;
184 }
185 
186 static void ucma_close_event_id(struct work_struct *work)
187 {
188 	struct ucma_event *uevent_close =  container_of(work, struct ucma_event, close_work);
189 
190 	rdma_destroy_id(uevent_close->cm_id);
191 	kfree(uevent_close);
192 }
193 
194 static void ucma_close_id(struct work_struct *work)
195 {
196 	struct ucma_context *ctx =  container_of(work, struct ucma_context, close_work);
197 
198 	/* once all inflight tasks are finished, we close all underlying
199 	 * resources. The context is still alive till its explicit destryoing
200 	 * by its creator.
201 	 */
202 	ucma_put_ctx(ctx);
203 	wait_for_completion(&ctx->comp);
204 	/* No new events will be generated after destroying the id. */
205 	rdma_destroy_id(ctx->cm_id);
206 }
207 
208 static struct ucma_context *ucma_alloc_ctx(struct ucma_file *file)
209 {
210 	struct ucma_context *ctx;
211 
212 	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
213 	if (!ctx)
214 		return NULL;
215 
216 	INIT_WORK(&ctx->close_work, ucma_close_id);
217 	refcount_set(&ctx->ref, 1);
218 	init_completion(&ctx->comp);
219 	INIT_LIST_HEAD(&ctx->mc_list);
220 	ctx->file = file;
221 	mutex_init(&ctx->mutex);
222 
223 	if (xa_alloc(&ctx_table, &ctx->id, ctx, xa_limit_32b, GFP_KERNEL))
224 		goto error;
225 
226 	list_add_tail(&ctx->list, &file->ctx_list);
227 	return ctx;
228 
229 error:
230 	kfree(ctx);
231 	return NULL;
232 }
233 
234 static struct ucma_multicast* ucma_alloc_multicast(struct ucma_context *ctx)
235 {
236 	struct ucma_multicast *mc;
237 
238 	mc = kzalloc(sizeof(*mc), GFP_KERNEL);
239 	if (!mc)
240 		return NULL;
241 
242 	mc->ctx = ctx;
243 	if (xa_alloc(&multicast_table, &mc->id, NULL, xa_limit_32b, GFP_KERNEL))
244 		goto error;
245 
246 	list_add_tail(&mc->list, &ctx->mc_list);
247 	return mc;
248 
249 error:
250 	kfree(mc);
251 	return NULL;
252 }
253 
254 static void ucma_copy_conn_event(struct rdma_ucm_conn_param *dst,
255 				 struct rdma_conn_param *src)
256 {
257 	if (src->private_data_len)
258 		memcpy(dst->private_data, src->private_data,
259 		       src->private_data_len);
260 	dst->private_data_len = src->private_data_len;
261 	dst->responder_resources =src->responder_resources;
262 	dst->initiator_depth = src->initiator_depth;
263 	dst->flow_control = src->flow_control;
264 	dst->retry_count = src->retry_count;
265 	dst->rnr_retry_count = src->rnr_retry_count;
266 	dst->srq = src->srq;
267 	dst->qp_num = src->qp_num;
268 }
269 
270 static void ucma_copy_ud_event(struct ib_device *device,
271 			       struct rdma_ucm_ud_param *dst,
272 			       struct rdma_ud_param *src)
273 {
274 	if (src->private_data_len)
275 		memcpy(dst->private_data, src->private_data,
276 		       src->private_data_len);
277 	dst->private_data_len = src->private_data_len;
278 	ib_copy_ah_attr_to_user(device, &dst->ah_attr, &src->ah_attr);
279 	dst->qp_num = src->qp_num;
280 	dst->qkey = src->qkey;
281 }
282 
283 static void ucma_set_event_context(struct ucma_context *ctx,
284 				   struct rdma_cm_event *event,
285 				   struct ucma_event *uevent)
286 {
287 	uevent->ctx = ctx;
288 	switch (event->event) {
289 	case RDMA_CM_EVENT_MULTICAST_JOIN:
290 	case RDMA_CM_EVENT_MULTICAST_ERROR:
291 		uevent->mc = (struct ucma_multicast *)
292 			     event->param.ud.private_data;
293 		uevent->resp.uid = uevent->mc->uid;
294 		uevent->resp.id = uevent->mc->id;
295 		break;
296 	default:
297 		uevent->resp.uid = ctx->uid;
298 		uevent->resp.id = ctx->id;
299 		break;
300 	}
301 }
302 
303 /* Called with file->mut locked for the relevant context. */
304 static void ucma_removal_event_handler(struct rdma_cm_id *cm_id)
305 {
306 	struct ucma_context *ctx = cm_id->context;
307 	struct ucma_event *con_req_eve;
308 	int event_found = 0;
309 
310 	if (ctx->destroying)
311 		return;
312 
313 	/* only if context is pointing to cm_id that it owns it and can be
314 	 * queued to be closed, otherwise that cm_id is an inflight one that
315 	 * is part of that context event list pending to be detached and
316 	 * reattached to its new context as part of ucma_get_event,
317 	 * handled separately below.
318 	 */
319 	if (ctx->cm_id == cm_id) {
320 		xa_lock(&ctx_table);
321 		ctx->closing = 1;
322 		xa_unlock(&ctx_table);
323 		queue_work(ctx->file->close_wq, &ctx->close_work);
324 		return;
325 	}
326 
327 	list_for_each_entry(con_req_eve, &ctx->file->event_list, list) {
328 		if (con_req_eve->cm_id == cm_id &&
329 		    con_req_eve->resp.event == RDMA_CM_EVENT_CONNECT_REQUEST) {
330 			list_del(&con_req_eve->list);
331 			INIT_WORK(&con_req_eve->close_work, ucma_close_event_id);
332 			queue_work(ctx->file->close_wq, &con_req_eve->close_work);
333 			event_found = 1;
334 			break;
335 		}
336 	}
337 	if (!event_found)
338 		pr_err("ucma_removal_event_handler: warning: connect request event wasn't found\n");
339 }
340 
341 static int ucma_event_handler(struct rdma_cm_id *cm_id,
342 			      struct rdma_cm_event *event)
343 {
344 	struct ucma_event *uevent;
345 	struct ucma_context *ctx = cm_id->context;
346 	int ret = 0;
347 
348 	uevent = kzalloc(sizeof(*uevent), GFP_KERNEL);
349 	if (!uevent)
350 		return event->event == RDMA_CM_EVENT_CONNECT_REQUEST;
351 
352 	mutex_lock(&ctx->file->mut);
353 	uevent->cm_id = cm_id;
354 	ucma_set_event_context(ctx, event, uevent);
355 	uevent->resp.event = event->event;
356 	uevent->resp.status = event->status;
357 	if (cm_id->qp_type == IB_QPT_UD)
358 		ucma_copy_ud_event(cm_id->device, &uevent->resp.param.ud,
359 				   &event->param.ud);
360 	else
361 		ucma_copy_conn_event(&uevent->resp.param.conn,
362 				     &event->param.conn);
363 
364 	uevent->resp.ece.vendor_id = event->ece.vendor_id;
365 	uevent->resp.ece.attr_mod = event->ece.attr_mod;
366 
367 	if (event->event == RDMA_CM_EVENT_CONNECT_REQUEST) {
368 		if (!ctx->backlog) {
369 			ret = -ENOMEM;
370 			kfree(uevent);
371 			goto out;
372 		}
373 		ctx->backlog--;
374 	} else if (!ctx->uid || ctx->cm_id != cm_id) {
375 		/*
376 		 * We ignore events for new connections until userspace has set
377 		 * their context.  This can only happen if an error occurs on a
378 		 * new connection before the user accepts it.  This is okay,
379 		 * since the accept will just fail later. However, we do need
380 		 * to release the underlying HW resources in case of a device
381 		 * removal event.
382 		 */
383 		if (event->event == RDMA_CM_EVENT_DEVICE_REMOVAL)
384 			ucma_removal_event_handler(cm_id);
385 
386 		kfree(uevent);
387 		goto out;
388 	}
389 
390 	list_add_tail(&uevent->list, &ctx->file->event_list);
391 	wake_up_interruptible(&ctx->file->poll_wait);
392 	if (event->event == RDMA_CM_EVENT_DEVICE_REMOVAL)
393 		ucma_removal_event_handler(cm_id);
394 out:
395 	mutex_unlock(&ctx->file->mut);
396 	return ret;
397 }
398 
399 static ssize_t ucma_get_event(struct ucma_file *file, const char __user *inbuf,
400 			      int in_len, int out_len)
401 {
402 	struct ucma_context *ctx;
403 	struct rdma_ucm_get_event cmd;
404 	struct ucma_event *uevent;
405 	int ret = 0;
406 
407 	/*
408 	 * Old 32 bit user space does not send the 4 byte padding in the
409 	 * reserved field. We don't care, allow it to keep working.
410 	 */
411 	if (out_len < sizeof(uevent->resp) - sizeof(uevent->resp.reserved) -
412 			      sizeof(uevent->resp.ece))
413 		return -ENOSPC;
414 
415 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
416 		return -EFAULT;
417 
418 	mutex_lock(&file->mut);
419 	while (list_empty(&file->event_list)) {
420 		mutex_unlock(&file->mut);
421 
422 		if (file->filp->f_flags & O_NONBLOCK)
423 			return -EAGAIN;
424 
425 		if (wait_event_interruptible(file->poll_wait,
426 					     !list_empty(&file->event_list)))
427 			return -ERESTARTSYS;
428 
429 		mutex_lock(&file->mut);
430 	}
431 
432 	uevent = list_entry(file->event_list.next, struct ucma_event, list);
433 
434 	if (uevent->resp.event == RDMA_CM_EVENT_CONNECT_REQUEST) {
435 		ctx = ucma_alloc_ctx(file);
436 		if (!ctx) {
437 			ret = -ENOMEM;
438 			goto done;
439 		}
440 		uevent->ctx->backlog++;
441 		ctx->cm_id = uevent->cm_id;
442 		ctx->cm_id->context = ctx;
443 		uevent->resp.id = ctx->id;
444 	}
445 
446 	if (copy_to_user(u64_to_user_ptr(cmd.response),
447 			 &uevent->resp,
448 			 min_t(size_t, out_len, sizeof(uevent->resp)))) {
449 		ret = -EFAULT;
450 		goto done;
451 	}
452 
453 	list_del(&uevent->list);
454 	uevent->ctx->events_reported++;
455 	if (uevent->mc)
456 		uevent->mc->events_reported++;
457 	kfree(uevent);
458 done:
459 	mutex_unlock(&file->mut);
460 	return ret;
461 }
462 
463 static int ucma_get_qp_type(struct rdma_ucm_create_id *cmd, enum ib_qp_type *qp_type)
464 {
465 	switch (cmd->ps) {
466 	case RDMA_PS_TCP:
467 		*qp_type = IB_QPT_RC;
468 		return 0;
469 	case RDMA_PS_UDP:
470 	case RDMA_PS_IPOIB:
471 		*qp_type = IB_QPT_UD;
472 		return 0;
473 	case RDMA_PS_IB:
474 		*qp_type = cmd->qp_type;
475 		return 0;
476 	default:
477 		return -EINVAL;
478 	}
479 }
480 
481 static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf,
482 			      int in_len, int out_len)
483 {
484 	struct rdma_ucm_create_id cmd;
485 	struct rdma_ucm_create_id_resp resp;
486 	struct ucma_context *ctx;
487 	struct rdma_cm_id *cm_id;
488 	enum ib_qp_type qp_type;
489 	int ret;
490 
491 	if (out_len < sizeof(resp))
492 		return -ENOSPC;
493 
494 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
495 		return -EFAULT;
496 
497 	ret = ucma_get_qp_type(&cmd, &qp_type);
498 	if (ret)
499 		return ret;
500 
501 	mutex_lock(&file->mut);
502 	ctx = ucma_alloc_ctx(file);
503 	mutex_unlock(&file->mut);
504 	if (!ctx)
505 		return -ENOMEM;
506 
507 	ctx->uid = cmd.uid;
508 	cm_id = __rdma_create_id(current->nsproxy->net_ns,
509 				 ucma_event_handler, ctx, cmd.ps, qp_type, NULL);
510 	if (IS_ERR(cm_id)) {
511 		ret = PTR_ERR(cm_id);
512 		goto err1;
513 	}
514 
515 	resp.id = ctx->id;
516 	if (copy_to_user(u64_to_user_ptr(cmd.response),
517 			 &resp, sizeof(resp))) {
518 		ret = -EFAULT;
519 		goto err2;
520 	}
521 
522 	ctx->cm_id = cm_id;
523 	return 0;
524 
525 err2:
526 	rdma_destroy_id(cm_id);
527 err1:
528 	xa_erase(&ctx_table, ctx->id);
529 	mutex_lock(&file->mut);
530 	list_del(&ctx->list);
531 	mutex_unlock(&file->mut);
532 	kfree(ctx);
533 	return ret;
534 }
535 
536 static void ucma_cleanup_multicast(struct ucma_context *ctx)
537 {
538 	struct ucma_multicast *mc, *tmp;
539 
540 	mutex_lock(&ctx->file->mut);
541 	list_for_each_entry_safe(mc, tmp, &ctx->mc_list, list) {
542 		list_del(&mc->list);
543 		xa_erase(&multicast_table, mc->id);
544 		kfree(mc);
545 	}
546 	mutex_unlock(&ctx->file->mut);
547 }
548 
549 static void ucma_cleanup_mc_events(struct ucma_multicast *mc)
550 {
551 	struct ucma_event *uevent, *tmp;
552 
553 	list_for_each_entry_safe(uevent, tmp, &mc->ctx->file->event_list, list) {
554 		if (uevent->mc != mc)
555 			continue;
556 
557 		list_del(&uevent->list);
558 		kfree(uevent);
559 	}
560 }
561 
562 /*
563  * ucma_free_ctx is called after the underlying rdma CM-ID is destroyed. At
564  * this point, no new events will be reported from the hardware. However, we
565  * still need to cleanup the UCMA context for this ID. Specifically, there
566  * might be events that have not yet been consumed by the user space software.
567  * These might include pending connect requests which we have not completed
568  * processing.  We cannot call rdma_destroy_id while holding the lock of the
569  * context (file->mut), as it might cause a deadlock. We therefore extract all
570  * relevant events from the context pending events list while holding the
571  * mutex. After that we release them as needed.
572  */
573 static int ucma_free_ctx(struct ucma_context *ctx)
574 {
575 	int events_reported;
576 	struct ucma_event *uevent, *tmp;
577 	LIST_HEAD(list);
578 
579 
580 	ucma_cleanup_multicast(ctx);
581 
582 	/* Cleanup events not yet reported to the user. */
583 	mutex_lock(&ctx->file->mut);
584 	list_for_each_entry_safe(uevent, tmp, &ctx->file->event_list, list) {
585 		if (uevent->ctx == ctx)
586 			list_move_tail(&uevent->list, &list);
587 	}
588 	list_del(&ctx->list);
589 	mutex_unlock(&ctx->file->mut);
590 
591 	list_for_each_entry_safe(uevent, tmp, &list, list) {
592 		list_del(&uevent->list);
593 		if (uevent->resp.event == RDMA_CM_EVENT_CONNECT_REQUEST)
594 			rdma_destroy_id(uevent->cm_id);
595 		kfree(uevent);
596 	}
597 
598 	events_reported = ctx->events_reported;
599 	mutex_destroy(&ctx->mutex);
600 	kfree(ctx);
601 	return events_reported;
602 }
603 
604 static ssize_t ucma_destroy_id(struct ucma_file *file, const char __user *inbuf,
605 			       int in_len, int out_len)
606 {
607 	struct rdma_ucm_destroy_id cmd;
608 	struct rdma_ucm_destroy_id_resp resp;
609 	struct ucma_context *ctx;
610 	int ret = 0;
611 
612 	if (out_len < sizeof(resp))
613 		return -ENOSPC;
614 
615 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
616 		return -EFAULT;
617 
618 	xa_lock(&ctx_table);
619 	ctx = _ucma_find_context(cmd.id, file);
620 	if (!IS_ERR(ctx))
621 		__xa_erase(&ctx_table, ctx->id);
622 	xa_unlock(&ctx_table);
623 
624 	if (IS_ERR(ctx))
625 		return PTR_ERR(ctx);
626 
627 	mutex_lock(&ctx->file->mut);
628 	ctx->destroying = 1;
629 	mutex_unlock(&ctx->file->mut);
630 
631 	flush_workqueue(ctx->file->close_wq);
632 	/* At this point it's guaranteed that there is no inflight
633 	 * closing task */
634 	xa_lock(&ctx_table);
635 	if (!ctx->closing) {
636 		xa_unlock(&ctx_table);
637 		ucma_put_ctx(ctx);
638 		wait_for_completion(&ctx->comp);
639 		rdma_destroy_id(ctx->cm_id);
640 	} else {
641 		xa_unlock(&ctx_table);
642 	}
643 
644 	resp.events_reported = ucma_free_ctx(ctx);
645 	if (copy_to_user(u64_to_user_ptr(cmd.response),
646 			 &resp, sizeof(resp)))
647 		ret = -EFAULT;
648 
649 	return ret;
650 }
651 
652 static ssize_t ucma_bind_ip(struct ucma_file *file, const char __user *inbuf,
653 			      int in_len, int out_len)
654 {
655 	struct rdma_ucm_bind_ip cmd;
656 	struct ucma_context *ctx;
657 	int ret;
658 
659 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
660 		return -EFAULT;
661 
662 	if (!rdma_addr_size_in6(&cmd.addr))
663 		return -EINVAL;
664 
665 	ctx = ucma_get_ctx(file, cmd.id);
666 	if (IS_ERR(ctx))
667 		return PTR_ERR(ctx);
668 
669 	mutex_lock(&ctx->mutex);
670 	ret = rdma_bind_addr(ctx->cm_id, (struct sockaddr *) &cmd.addr);
671 	mutex_unlock(&ctx->mutex);
672 
673 	ucma_put_ctx(ctx);
674 	return ret;
675 }
676 
677 static ssize_t ucma_bind(struct ucma_file *file, const char __user *inbuf,
678 			 int in_len, int out_len)
679 {
680 	struct rdma_ucm_bind cmd;
681 	struct ucma_context *ctx;
682 	int ret;
683 
684 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
685 		return -EFAULT;
686 
687 	if (cmd.reserved || !cmd.addr_size ||
688 	    cmd.addr_size != rdma_addr_size_kss(&cmd.addr))
689 		return -EINVAL;
690 
691 	ctx = ucma_get_ctx(file, cmd.id);
692 	if (IS_ERR(ctx))
693 		return PTR_ERR(ctx);
694 
695 	mutex_lock(&ctx->mutex);
696 	ret = rdma_bind_addr(ctx->cm_id, (struct sockaddr *) &cmd.addr);
697 	mutex_unlock(&ctx->mutex);
698 	ucma_put_ctx(ctx);
699 	return ret;
700 }
701 
702 static ssize_t ucma_resolve_ip(struct ucma_file *file,
703 			       const char __user *inbuf,
704 			       int in_len, int out_len)
705 {
706 	struct rdma_ucm_resolve_ip cmd;
707 	struct ucma_context *ctx;
708 	int ret;
709 
710 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
711 		return -EFAULT;
712 
713 	if ((cmd.src_addr.sin6_family && !rdma_addr_size_in6(&cmd.src_addr)) ||
714 	    !rdma_addr_size_in6(&cmd.dst_addr))
715 		return -EINVAL;
716 
717 	ctx = ucma_get_ctx(file, cmd.id);
718 	if (IS_ERR(ctx))
719 		return PTR_ERR(ctx);
720 
721 	mutex_lock(&ctx->mutex);
722 	ret = rdma_resolve_addr(ctx->cm_id, (struct sockaddr *) &cmd.src_addr,
723 				(struct sockaddr *) &cmd.dst_addr, cmd.timeout_ms);
724 	mutex_unlock(&ctx->mutex);
725 	ucma_put_ctx(ctx);
726 	return ret;
727 }
728 
729 static ssize_t ucma_resolve_addr(struct ucma_file *file,
730 				 const char __user *inbuf,
731 				 int in_len, int out_len)
732 {
733 	struct rdma_ucm_resolve_addr cmd;
734 	struct ucma_context *ctx;
735 	int ret;
736 
737 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
738 		return -EFAULT;
739 
740 	if (cmd.reserved ||
741 	    (cmd.src_size && (cmd.src_size != rdma_addr_size_kss(&cmd.src_addr))) ||
742 	    !cmd.dst_size || (cmd.dst_size != rdma_addr_size_kss(&cmd.dst_addr)))
743 		return -EINVAL;
744 
745 	ctx = ucma_get_ctx(file, cmd.id);
746 	if (IS_ERR(ctx))
747 		return PTR_ERR(ctx);
748 
749 	mutex_lock(&ctx->mutex);
750 	ret = rdma_resolve_addr(ctx->cm_id, (struct sockaddr *) &cmd.src_addr,
751 				(struct sockaddr *) &cmd.dst_addr, cmd.timeout_ms);
752 	mutex_unlock(&ctx->mutex);
753 	ucma_put_ctx(ctx);
754 	return ret;
755 }
756 
757 static ssize_t ucma_resolve_route(struct ucma_file *file,
758 				  const char __user *inbuf,
759 				  int in_len, int out_len)
760 {
761 	struct rdma_ucm_resolve_route cmd;
762 	struct ucma_context *ctx;
763 	int ret;
764 
765 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
766 		return -EFAULT;
767 
768 	ctx = ucma_get_ctx_dev(file, cmd.id);
769 	if (IS_ERR(ctx))
770 		return PTR_ERR(ctx);
771 
772 	mutex_lock(&ctx->mutex);
773 	ret = rdma_resolve_route(ctx->cm_id, cmd.timeout_ms);
774 	mutex_unlock(&ctx->mutex);
775 	ucma_put_ctx(ctx);
776 	return ret;
777 }
778 
779 static void ucma_copy_ib_route(struct rdma_ucm_query_route_resp *resp,
780 			       struct rdma_route *route)
781 {
782 	struct rdma_dev_addr *dev_addr;
783 
784 	resp->num_paths = route->num_paths;
785 	switch (route->num_paths) {
786 	case 0:
787 		dev_addr = &route->addr.dev_addr;
788 		rdma_addr_get_dgid(dev_addr,
789 				   (union ib_gid *) &resp->ib_route[0].dgid);
790 		rdma_addr_get_sgid(dev_addr,
791 				   (union ib_gid *) &resp->ib_route[0].sgid);
792 		resp->ib_route[0].pkey = cpu_to_be16(ib_addr_get_pkey(dev_addr));
793 		break;
794 	case 2:
795 		ib_copy_path_rec_to_user(&resp->ib_route[1],
796 					 &route->path_rec[1]);
797 		/* fall through */
798 	case 1:
799 		ib_copy_path_rec_to_user(&resp->ib_route[0],
800 					 &route->path_rec[0]);
801 		break;
802 	default:
803 		break;
804 	}
805 }
806 
807 static void ucma_copy_iboe_route(struct rdma_ucm_query_route_resp *resp,
808 				 struct rdma_route *route)
809 {
810 
811 	resp->num_paths = route->num_paths;
812 	switch (route->num_paths) {
813 	case 0:
814 		rdma_ip2gid((struct sockaddr *)&route->addr.dst_addr,
815 			    (union ib_gid *)&resp->ib_route[0].dgid);
816 		rdma_ip2gid((struct sockaddr *)&route->addr.src_addr,
817 			    (union ib_gid *)&resp->ib_route[0].sgid);
818 		resp->ib_route[0].pkey = cpu_to_be16(0xffff);
819 		break;
820 	case 2:
821 		ib_copy_path_rec_to_user(&resp->ib_route[1],
822 					 &route->path_rec[1]);
823 		/* fall through */
824 	case 1:
825 		ib_copy_path_rec_to_user(&resp->ib_route[0],
826 					 &route->path_rec[0]);
827 		break;
828 	default:
829 		break;
830 	}
831 }
832 
833 static void ucma_copy_iw_route(struct rdma_ucm_query_route_resp *resp,
834 			       struct rdma_route *route)
835 {
836 	struct rdma_dev_addr *dev_addr;
837 
838 	dev_addr = &route->addr.dev_addr;
839 	rdma_addr_get_dgid(dev_addr, (union ib_gid *) &resp->ib_route[0].dgid);
840 	rdma_addr_get_sgid(dev_addr, (union ib_gid *) &resp->ib_route[0].sgid);
841 }
842 
843 static ssize_t ucma_query_route(struct ucma_file *file,
844 				const char __user *inbuf,
845 				int in_len, int out_len)
846 {
847 	struct rdma_ucm_query cmd;
848 	struct rdma_ucm_query_route_resp resp;
849 	struct ucma_context *ctx;
850 	struct sockaddr *addr;
851 	int ret = 0;
852 
853 	if (out_len < offsetof(struct rdma_ucm_query_route_resp, ibdev_index))
854 		return -ENOSPC;
855 
856 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
857 		return -EFAULT;
858 
859 	ctx = ucma_get_ctx(file, cmd.id);
860 	if (IS_ERR(ctx))
861 		return PTR_ERR(ctx);
862 
863 	mutex_lock(&ctx->mutex);
864 	memset(&resp, 0, sizeof resp);
865 	addr = (struct sockaddr *) &ctx->cm_id->route.addr.src_addr;
866 	memcpy(&resp.src_addr, addr, addr->sa_family == AF_INET ?
867 				     sizeof(struct sockaddr_in) :
868 				     sizeof(struct sockaddr_in6));
869 	addr = (struct sockaddr *) &ctx->cm_id->route.addr.dst_addr;
870 	memcpy(&resp.dst_addr, addr, addr->sa_family == AF_INET ?
871 				     sizeof(struct sockaddr_in) :
872 				     sizeof(struct sockaddr_in6));
873 	if (!ctx->cm_id->device)
874 		goto out;
875 
876 	resp.node_guid = (__force __u64) ctx->cm_id->device->node_guid;
877 	resp.ibdev_index = ctx->cm_id->device->index;
878 	resp.port_num = ctx->cm_id->port_num;
879 
880 	if (rdma_cap_ib_sa(ctx->cm_id->device, ctx->cm_id->port_num))
881 		ucma_copy_ib_route(&resp, &ctx->cm_id->route);
882 	else if (rdma_protocol_roce(ctx->cm_id->device, ctx->cm_id->port_num))
883 		ucma_copy_iboe_route(&resp, &ctx->cm_id->route);
884 	else if (rdma_protocol_iwarp(ctx->cm_id->device, ctx->cm_id->port_num))
885 		ucma_copy_iw_route(&resp, &ctx->cm_id->route);
886 
887 out:
888 	mutex_unlock(&ctx->mutex);
889 	if (copy_to_user(u64_to_user_ptr(cmd.response), &resp,
890 			 min_t(size_t, out_len, sizeof(resp))))
891 		ret = -EFAULT;
892 
893 	ucma_put_ctx(ctx);
894 	return ret;
895 }
896 
897 static void ucma_query_device_addr(struct rdma_cm_id *cm_id,
898 				   struct rdma_ucm_query_addr_resp *resp)
899 {
900 	if (!cm_id->device)
901 		return;
902 
903 	resp->node_guid = (__force __u64) cm_id->device->node_guid;
904 	resp->ibdev_index = cm_id->device->index;
905 	resp->port_num = cm_id->port_num;
906 	resp->pkey = (__force __u16) cpu_to_be16(
907 		     ib_addr_get_pkey(&cm_id->route.addr.dev_addr));
908 }
909 
910 static ssize_t ucma_query_addr(struct ucma_context *ctx,
911 			       void __user *response, int out_len)
912 {
913 	struct rdma_ucm_query_addr_resp resp;
914 	struct sockaddr *addr;
915 	int ret = 0;
916 
917 	if (out_len < offsetof(struct rdma_ucm_query_addr_resp, ibdev_index))
918 		return -ENOSPC;
919 
920 	memset(&resp, 0, sizeof resp);
921 
922 	addr = (struct sockaddr *) &ctx->cm_id->route.addr.src_addr;
923 	resp.src_size = rdma_addr_size(addr);
924 	memcpy(&resp.src_addr, addr, resp.src_size);
925 
926 	addr = (struct sockaddr *) &ctx->cm_id->route.addr.dst_addr;
927 	resp.dst_size = rdma_addr_size(addr);
928 	memcpy(&resp.dst_addr, addr, resp.dst_size);
929 
930 	ucma_query_device_addr(ctx->cm_id, &resp);
931 
932 	if (copy_to_user(response, &resp, min_t(size_t, out_len, sizeof(resp))))
933 		ret = -EFAULT;
934 
935 	return ret;
936 }
937 
938 static ssize_t ucma_query_path(struct ucma_context *ctx,
939 			       void __user *response, int out_len)
940 {
941 	struct rdma_ucm_query_path_resp *resp;
942 	int i, ret = 0;
943 
944 	if (out_len < sizeof(*resp))
945 		return -ENOSPC;
946 
947 	resp = kzalloc(out_len, GFP_KERNEL);
948 	if (!resp)
949 		return -ENOMEM;
950 
951 	resp->num_paths = ctx->cm_id->route.num_paths;
952 	for (i = 0, out_len -= sizeof(*resp);
953 	     i < resp->num_paths && out_len > sizeof(struct ib_path_rec_data);
954 	     i++, out_len -= sizeof(struct ib_path_rec_data)) {
955 		struct sa_path_rec *rec = &ctx->cm_id->route.path_rec[i];
956 
957 		resp->path_data[i].flags = IB_PATH_GMP | IB_PATH_PRIMARY |
958 					   IB_PATH_BIDIRECTIONAL;
959 		if (rec->rec_type == SA_PATH_REC_TYPE_OPA) {
960 			struct sa_path_rec ib;
961 
962 			sa_convert_path_opa_to_ib(&ib, rec);
963 			ib_sa_pack_path(&ib, &resp->path_data[i].path_rec);
964 
965 		} else {
966 			ib_sa_pack_path(rec, &resp->path_data[i].path_rec);
967 		}
968 	}
969 
970 	if (copy_to_user(response, resp, struct_size(resp, path_data, i)))
971 		ret = -EFAULT;
972 
973 	kfree(resp);
974 	return ret;
975 }
976 
977 static ssize_t ucma_query_gid(struct ucma_context *ctx,
978 			      void __user *response, int out_len)
979 {
980 	struct rdma_ucm_query_addr_resp resp;
981 	struct sockaddr_ib *addr;
982 	int ret = 0;
983 
984 	if (out_len < offsetof(struct rdma_ucm_query_addr_resp, ibdev_index))
985 		return -ENOSPC;
986 
987 	memset(&resp, 0, sizeof resp);
988 
989 	ucma_query_device_addr(ctx->cm_id, &resp);
990 
991 	addr = (struct sockaddr_ib *) &resp.src_addr;
992 	resp.src_size = sizeof(*addr);
993 	if (ctx->cm_id->route.addr.src_addr.ss_family == AF_IB) {
994 		memcpy(addr, &ctx->cm_id->route.addr.src_addr, resp.src_size);
995 	} else {
996 		addr->sib_family = AF_IB;
997 		addr->sib_pkey = (__force __be16) resp.pkey;
998 		rdma_read_gids(ctx->cm_id, (union ib_gid *)&addr->sib_addr,
999 			       NULL);
1000 		addr->sib_sid = rdma_get_service_id(ctx->cm_id, (struct sockaddr *)
1001 						    &ctx->cm_id->route.addr.src_addr);
1002 	}
1003 
1004 	addr = (struct sockaddr_ib *) &resp.dst_addr;
1005 	resp.dst_size = sizeof(*addr);
1006 	if (ctx->cm_id->route.addr.dst_addr.ss_family == AF_IB) {
1007 		memcpy(addr, &ctx->cm_id->route.addr.dst_addr, resp.dst_size);
1008 	} else {
1009 		addr->sib_family = AF_IB;
1010 		addr->sib_pkey = (__force __be16) resp.pkey;
1011 		rdma_read_gids(ctx->cm_id, NULL,
1012 			       (union ib_gid *)&addr->sib_addr);
1013 		addr->sib_sid = rdma_get_service_id(ctx->cm_id, (struct sockaddr *)
1014 						    &ctx->cm_id->route.addr.dst_addr);
1015 	}
1016 
1017 	if (copy_to_user(response, &resp, min_t(size_t, out_len, sizeof(resp))))
1018 		ret = -EFAULT;
1019 
1020 	return ret;
1021 }
1022 
1023 static ssize_t ucma_query(struct ucma_file *file,
1024 			  const char __user *inbuf,
1025 			  int in_len, int out_len)
1026 {
1027 	struct rdma_ucm_query cmd;
1028 	struct ucma_context *ctx;
1029 	void __user *response;
1030 	int ret;
1031 
1032 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1033 		return -EFAULT;
1034 
1035 	response = u64_to_user_ptr(cmd.response);
1036 	ctx = ucma_get_ctx(file, cmd.id);
1037 	if (IS_ERR(ctx))
1038 		return PTR_ERR(ctx);
1039 
1040 	mutex_lock(&ctx->mutex);
1041 	switch (cmd.option) {
1042 	case RDMA_USER_CM_QUERY_ADDR:
1043 		ret = ucma_query_addr(ctx, response, out_len);
1044 		break;
1045 	case RDMA_USER_CM_QUERY_PATH:
1046 		ret = ucma_query_path(ctx, response, out_len);
1047 		break;
1048 	case RDMA_USER_CM_QUERY_GID:
1049 		ret = ucma_query_gid(ctx, response, out_len);
1050 		break;
1051 	default:
1052 		ret = -ENOSYS;
1053 		break;
1054 	}
1055 	mutex_unlock(&ctx->mutex);
1056 
1057 	ucma_put_ctx(ctx);
1058 	return ret;
1059 }
1060 
1061 static void ucma_copy_conn_param(struct rdma_cm_id *id,
1062 				 struct rdma_conn_param *dst,
1063 				 struct rdma_ucm_conn_param *src)
1064 {
1065 	dst->private_data = src->private_data;
1066 	dst->private_data_len = src->private_data_len;
1067 	dst->responder_resources =src->responder_resources;
1068 	dst->initiator_depth = src->initiator_depth;
1069 	dst->flow_control = src->flow_control;
1070 	dst->retry_count = src->retry_count;
1071 	dst->rnr_retry_count = src->rnr_retry_count;
1072 	dst->srq = src->srq;
1073 	dst->qp_num = src->qp_num & 0xFFFFFF;
1074 	dst->qkey = (id->route.addr.src_addr.ss_family == AF_IB) ? src->qkey : 0;
1075 }
1076 
1077 static ssize_t ucma_connect(struct ucma_file *file, const char __user *inbuf,
1078 			    int in_len, int out_len)
1079 {
1080 	struct rdma_conn_param conn_param;
1081 	struct rdma_ucm_ece ece = {};
1082 	struct rdma_ucm_connect cmd;
1083 	struct ucma_context *ctx;
1084 	size_t in_size;
1085 	int ret;
1086 
1087 	if (in_len < offsetofend(typeof(cmd), reserved))
1088 		return -EINVAL;
1089 	in_size = min_t(size_t, in_len, sizeof(cmd));
1090 	if (copy_from_user(&cmd, inbuf, in_size))
1091 		return -EFAULT;
1092 
1093 	if (!cmd.conn_param.valid)
1094 		return -EINVAL;
1095 
1096 	ctx = ucma_get_ctx_dev(file, cmd.id);
1097 	if (IS_ERR(ctx))
1098 		return PTR_ERR(ctx);
1099 
1100 	ucma_copy_conn_param(ctx->cm_id, &conn_param, &cmd.conn_param);
1101 	if (offsetofend(typeof(cmd), ece) <= in_size) {
1102 		ece.vendor_id = cmd.ece.vendor_id;
1103 		ece.attr_mod = cmd.ece.attr_mod;
1104 	}
1105 
1106 	mutex_lock(&ctx->mutex);
1107 	ret = rdma_connect_ece(ctx->cm_id, &conn_param, &ece);
1108 	mutex_unlock(&ctx->mutex);
1109 	ucma_put_ctx(ctx);
1110 	return ret;
1111 }
1112 
1113 static ssize_t ucma_listen(struct ucma_file *file, const char __user *inbuf,
1114 			   int in_len, int out_len)
1115 {
1116 	struct rdma_ucm_listen cmd;
1117 	struct ucma_context *ctx;
1118 	int ret;
1119 
1120 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1121 		return -EFAULT;
1122 
1123 	ctx = ucma_get_ctx(file, cmd.id);
1124 	if (IS_ERR(ctx))
1125 		return PTR_ERR(ctx);
1126 
1127 	ctx->backlog = cmd.backlog > 0 && cmd.backlog < max_backlog ?
1128 		       cmd.backlog : max_backlog;
1129 	mutex_lock(&ctx->mutex);
1130 	ret = rdma_listen(ctx->cm_id, ctx->backlog);
1131 	mutex_unlock(&ctx->mutex);
1132 	ucma_put_ctx(ctx);
1133 	return ret;
1134 }
1135 
1136 static ssize_t ucma_accept(struct ucma_file *file, const char __user *inbuf,
1137 			   int in_len, int out_len)
1138 {
1139 	struct rdma_ucm_accept cmd;
1140 	struct rdma_conn_param conn_param;
1141 	struct rdma_ucm_ece ece = {};
1142 	struct ucma_context *ctx;
1143 	size_t in_size;
1144 	int ret;
1145 
1146 	if (in_len < offsetofend(typeof(cmd), reserved))
1147 		return -EINVAL;
1148 	in_size = min_t(size_t, in_len, sizeof(cmd));
1149 	if (copy_from_user(&cmd, inbuf, in_size))
1150 		return -EFAULT;
1151 
1152 	ctx = ucma_get_ctx_dev(file, cmd.id);
1153 	if (IS_ERR(ctx))
1154 		return PTR_ERR(ctx);
1155 
1156 	if (offsetofend(typeof(cmd), ece) <= in_size) {
1157 		ece.vendor_id = cmd.ece.vendor_id;
1158 		ece.attr_mod = cmd.ece.attr_mod;
1159 	}
1160 
1161 	if (cmd.conn_param.valid) {
1162 		ucma_copy_conn_param(ctx->cm_id, &conn_param, &cmd.conn_param);
1163 		mutex_lock(&file->mut);
1164 		mutex_lock(&ctx->mutex);
1165 		ret = __rdma_accept_ece(ctx->cm_id, &conn_param, NULL, &ece);
1166 		mutex_unlock(&ctx->mutex);
1167 		if (!ret)
1168 			ctx->uid = cmd.uid;
1169 		mutex_unlock(&file->mut);
1170 	} else {
1171 		mutex_lock(&ctx->mutex);
1172 		ret = __rdma_accept_ece(ctx->cm_id, NULL, NULL, &ece);
1173 		mutex_unlock(&ctx->mutex);
1174 	}
1175 	ucma_put_ctx(ctx);
1176 	return ret;
1177 }
1178 
1179 static ssize_t ucma_reject(struct ucma_file *file, const char __user *inbuf,
1180 			   int in_len, int out_len)
1181 {
1182 	struct rdma_ucm_reject cmd;
1183 	struct ucma_context *ctx;
1184 	int ret;
1185 
1186 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1187 		return -EFAULT;
1188 
1189 	if (!cmd.reason)
1190 		cmd.reason = IB_CM_REJ_CONSUMER_DEFINED;
1191 
1192 	switch (cmd.reason) {
1193 	case IB_CM_REJ_CONSUMER_DEFINED:
1194 	case IB_CM_REJ_VENDOR_OPTION_NOT_SUPPORTED:
1195 		break;
1196 	default:
1197 		return -EINVAL;
1198 	}
1199 
1200 	ctx = ucma_get_ctx_dev(file, cmd.id);
1201 	if (IS_ERR(ctx))
1202 		return PTR_ERR(ctx);
1203 
1204 	mutex_lock(&ctx->mutex);
1205 	ret = rdma_reject(ctx->cm_id, cmd.private_data, cmd.private_data_len,
1206 			  cmd.reason);
1207 	mutex_unlock(&ctx->mutex);
1208 	ucma_put_ctx(ctx);
1209 	return ret;
1210 }
1211 
1212 static ssize_t ucma_disconnect(struct ucma_file *file, const char __user *inbuf,
1213 			       int in_len, int out_len)
1214 {
1215 	struct rdma_ucm_disconnect cmd;
1216 	struct ucma_context *ctx;
1217 	int ret;
1218 
1219 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1220 		return -EFAULT;
1221 
1222 	ctx = ucma_get_ctx_dev(file, cmd.id);
1223 	if (IS_ERR(ctx))
1224 		return PTR_ERR(ctx);
1225 
1226 	mutex_lock(&ctx->mutex);
1227 	ret = rdma_disconnect(ctx->cm_id);
1228 	mutex_unlock(&ctx->mutex);
1229 	ucma_put_ctx(ctx);
1230 	return ret;
1231 }
1232 
1233 static ssize_t ucma_init_qp_attr(struct ucma_file *file,
1234 				 const char __user *inbuf,
1235 				 int in_len, int out_len)
1236 {
1237 	struct rdma_ucm_init_qp_attr cmd;
1238 	struct ib_uverbs_qp_attr resp;
1239 	struct ucma_context *ctx;
1240 	struct ib_qp_attr qp_attr;
1241 	int ret;
1242 
1243 	if (out_len < sizeof(resp))
1244 		return -ENOSPC;
1245 
1246 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1247 		return -EFAULT;
1248 
1249 	if (cmd.qp_state > IB_QPS_ERR)
1250 		return -EINVAL;
1251 
1252 	ctx = ucma_get_ctx_dev(file, cmd.id);
1253 	if (IS_ERR(ctx))
1254 		return PTR_ERR(ctx);
1255 
1256 	resp.qp_attr_mask = 0;
1257 	memset(&qp_attr, 0, sizeof qp_attr);
1258 	qp_attr.qp_state = cmd.qp_state;
1259 	mutex_lock(&ctx->mutex);
1260 	ret = rdma_init_qp_attr(ctx->cm_id, &qp_attr, &resp.qp_attr_mask);
1261 	mutex_unlock(&ctx->mutex);
1262 	if (ret)
1263 		goto out;
1264 
1265 	ib_copy_qp_attr_to_user(ctx->cm_id->device, &resp, &qp_attr);
1266 	if (copy_to_user(u64_to_user_ptr(cmd.response),
1267 			 &resp, sizeof(resp)))
1268 		ret = -EFAULT;
1269 
1270 out:
1271 	ucma_put_ctx(ctx);
1272 	return ret;
1273 }
1274 
1275 static int ucma_set_option_id(struct ucma_context *ctx, int optname,
1276 			      void *optval, size_t optlen)
1277 {
1278 	int ret = 0;
1279 
1280 	switch (optname) {
1281 	case RDMA_OPTION_ID_TOS:
1282 		if (optlen != sizeof(u8)) {
1283 			ret = -EINVAL;
1284 			break;
1285 		}
1286 		rdma_set_service_type(ctx->cm_id, *((u8 *) optval));
1287 		break;
1288 	case RDMA_OPTION_ID_REUSEADDR:
1289 		if (optlen != sizeof(int)) {
1290 			ret = -EINVAL;
1291 			break;
1292 		}
1293 		ret = rdma_set_reuseaddr(ctx->cm_id, *((int *) optval) ? 1 : 0);
1294 		break;
1295 	case RDMA_OPTION_ID_AFONLY:
1296 		if (optlen != sizeof(int)) {
1297 			ret = -EINVAL;
1298 			break;
1299 		}
1300 		ret = rdma_set_afonly(ctx->cm_id, *((int *) optval) ? 1 : 0);
1301 		break;
1302 	case RDMA_OPTION_ID_ACK_TIMEOUT:
1303 		if (optlen != sizeof(u8)) {
1304 			ret = -EINVAL;
1305 			break;
1306 		}
1307 		ret = rdma_set_ack_timeout(ctx->cm_id, *((u8 *)optval));
1308 		break;
1309 	default:
1310 		ret = -ENOSYS;
1311 	}
1312 
1313 	return ret;
1314 }
1315 
1316 static int ucma_set_ib_path(struct ucma_context *ctx,
1317 			    struct ib_path_rec_data *path_data, size_t optlen)
1318 {
1319 	struct sa_path_rec sa_path;
1320 	struct rdma_cm_event event;
1321 	int ret;
1322 
1323 	if (optlen % sizeof(*path_data))
1324 		return -EINVAL;
1325 
1326 	for (; optlen; optlen -= sizeof(*path_data), path_data++) {
1327 		if (path_data->flags == (IB_PATH_GMP | IB_PATH_PRIMARY |
1328 					 IB_PATH_BIDIRECTIONAL))
1329 			break;
1330 	}
1331 
1332 	if (!optlen)
1333 		return -EINVAL;
1334 
1335 	if (!ctx->cm_id->device)
1336 		return -EINVAL;
1337 
1338 	memset(&sa_path, 0, sizeof(sa_path));
1339 
1340 	sa_path.rec_type = SA_PATH_REC_TYPE_IB;
1341 	ib_sa_unpack_path(path_data->path_rec, &sa_path);
1342 
1343 	if (rdma_cap_opa_ah(ctx->cm_id->device, ctx->cm_id->port_num)) {
1344 		struct sa_path_rec opa;
1345 
1346 		sa_convert_path_ib_to_opa(&opa, &sa_path);
1347 		mutex_lock(&ctx->mutex);
1348 		ret = rdma_set_ib_path(ctx->cm_id, &opa);
1349 		mutex_unlock(&ctx->mutex);
1350 	} else {
1351 		mutex_lock(&ctx->mutex);
1352 		ret = rdma_set_ib_path(ctx->cm_id, &sa_path);
1353 		mutex_unlock(&ctx->mutex);
1354 	}
1355 	if (ret)
1356 		return ret;
1357 
1358 	memset(&event, 0, sizeof event);
1359 	event.event = RDMA_CM_EVENT_ROUTE_RESOLVED;
1360 	return ucma_event_handler(ctx->cm_id, &event);
1361 }
1362 
1363 static int ucma_set_option_ib(struct ucma_context *ctx, int optname,
1364 			      void *optval, size_t optlen)
1365 {
1366 	int ret;
1367 
1368 	switch (optname) {
1369 	case RDMA_OPTION_IB_PATH:
1370 		ret = ucma_set_ib_path(ctx, optval, optlen);
1371 		break;
1372 	default:
1373 		ret = -ENOSYS;
1374 	}
1375 
1376 	return ret;
1377 }
1378 
1379 static int ucma_set_option_level(struct ucma_context *ctx, int level,
1380 				 int optname, void *optval, size_t optlen)
1381 {
1382 	int ret;
1383 
1384 	switch (level) {
1385 	case RDMA_OPTION_ID:
1386 		mutex_lock(&ctx->mutex);
1387 		ret = ucma_set_option_id(ctx, optname, optval, optlen);
1388 		mutex_unlock(&ctx->mutex);
1389 		break;
1390 	case RDMA_OPTION_IB:
1391 		ret = ucma_set_option_ib(ctx, optname, optval, optlen);
1392 		break;
1393 	default:
1394 		ret = -ENOSYS;
1395 	}
1396 
1397 	return ret;
1398 }
1399 
1400 static ssize_t ucma_set_option(struct ucma_file *file, const char __user *inbuf,
1401 			       int in_len, int out_len)
1402 {
1403 	struct rdma_ucm_set_option cmd;
1404 	struct ucma_context *ctx;
1405 	void *optval;
1406 	int ret;
1407 
1408 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1409 		return -EFAULT;
1410 
1411 	if (unlikely(cmd.optlen > KMALLOC_MAX_SIZE))
1412 		return -EINVAL;
1413 
1414 	ctx = ucma_get_ctx(file, cmd.id);
1415 	if (IS_ERR(ctx))
1416 		return PTR_ERR(ctx);
1417 
1418 	optval = memdup_user(u64_to_user_ptr(cmd.optval),
1419 			     cmd.optlen);
1420 	if (IS_ERR(optval)) {
1421 		ret = PTR_ERR(optval);
1422 		goto out;
1423 	}
1424 
1425 	ret = ucma_set_option_level(ctx, cmd.level, cmd.optname, optval,
1426 				    cmd.optlen);
1427 	kfree(optval);
1428 
1429 out:
1430 	ucma_put_ctx(ctx);
1431 	return ret;
1432 }
1433 
1434 static ssize_t ucma_notify(struct ucma_file *file, const char __user *inbuf,
1435 			   int in_len, int out_len)
1436 {
1437 	struct rdma_ucm_notify cmd;
1438 	struct ucma_context *ctx;
1439 	int ret = -EINVAL;
1440 
1441 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1442 		return -EFAULT;
1443 
1444 	ctx = ucma_get_ctx(file, cmd.id);
1445 	if (IS_ERR(ctx))
1446 		return PTR_ERR(ctx);
1447 
1448 	mutex_lock(&ctx->mutex);
1449 	if (ctx->cm_id->device)
1450 		ret = rdma_notify(ctx->cm_id, (enum ib_event_type)cmd.event);
1451 	mutex_unlock(&ctx->mutex);
1452 
1453 	ucma_put_ctx(ctx);
1454 	return ret;
1455 }
1456 
1457 static ssize_t ucma_process_join(struct ucma_file *file,
1458 				 struct rdma_ucm_join_mcast *cmd,  int out_len)
1459 {
1460 	struct rdma_ucm_create_id_resp resp;
1461 	struct ucma_context *ctx;
1462 	struct ucma_multicast *mc;
1463 	struct sockaddr *addr;
1464 	int ret;
1465 	u8 join_state;
1466 
1467 	if (out_len < sizeof(resp))
1468 		return -ENOSPC;
1469 
1470 	addr = (struct sockaddr *) &cmd->addr;
1471 	if (cmd->addr_size != rdma_addr_size(addr))
1472 		return -EINVAL;
1473 
1474 	if (cmd->join_flags == RDMA_MC_JOIN_FLAG_FULLMEMBER)
1475 		join_state = BIT(FULLMEMBER_JOIN);
1476 	else if (cmd->join_flags == RDMA_MC_JOIN_FLAG_SENDONLY_FULLMEMBER)
1477 		join_state = BIT(SENDONLY_FULLMEMBER_JOIN);
1478 	else
1479 		return -EINVAL;
1480 
1481 	ctx = ucma_get_ctx_dev(file, cmd->id);
1482 	if (IS_ERR(ctx))
1483 		return PTR_ERR(ctx);
1484 
1485 	mutex_lock(&file->mut);
1486 	mc = ucma_alloc_multicast(ctx);
1487 	if (!mc) {
1488 		ret = -ENOMEM;
1489 		goto err1;
1490 	}
1491 	mc->join_state = join_state;
1492 	mc->uid = cmd->uid;
1493 	memcpy(&mc->addr, addr, cmd->addr_size);
1494 	mutex_lock(&ctx->mutex);
1495 	ret = rdma_join_multicast(ctx->cm_id, (struct sockaddr *)&mc->addr,
1496 				  join_state, mc);
1497 	mutex_unlock(&ctx->mutex);
1498 	if (ret)
1499 		goto err2;
1500 
1501 	resp.id = mc->id;
1502 	if (copy_to_user(u64_to_user_ptr(cmd->response),
1503 			 &resp, sizeof(resp))) {
1504 		ret = -EFAULT;
1505 		goto err3;
1506 	}
1507 
1508 	xa_store(&multicast_table, mc->id, mc, 0);
1509 
1510 	mutex_unlock(&file->mut);
1511 	ucma_put_ctx(ctx);
1512 	return 0;
1513 
1514 err3:
1515 	rdma_leave_multicast(ctx->cm_id, (struct sockaddr *) &mc->addr);
1516 	ucma_cleanup_mc_events(mc);
1517 err2:
1518 	xa_erase(&multicast_table, mc->id);
1519 	list_del(&mc->list);
1520 	kfree(mc);
1521 err1:
1522 	mutex_unlock(&file->mut);
1523 	ucma_put_ctx(ctx);
1524 	return ret;
1525 }
1526 
1527 static ssize_t ucma_join_ip_multicast(struct ucma_file *file,
1528 				      const char __user *inbuf,
1529 				      int in_len, int out_len)
1530 {
1531 	struct rdma_ucm_join_ip_mcast cmd;
1532 	struct rdma_ucm_join_mcast join_cmd;
1533 
1534 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1535 		return -EFAULT;
1536 
1537 	join_cmd.response = cmd.response;
1538 	join_cmd.uid = cmd.uid;
1539 	join_cmd.id = cmd.id;
1540 	join_cmd.addr_size = rdma_addr_size_in6(&cmd.addr);
1541 	if (!join_cmd.addr_size)
1542 		return -EINVAL;
1543 
1544 	join_cmd.join_flags = RDMA_MC_JOIN_FLAG_FULLMEMBER;
1545 	memcpy(&join_cmd.addr, &cmd.addr, join_cmd.addr_size);
1546 
1547 	return ucma_process_join(file, &join_cmd, out_len);
1548 }
1549 
1550 static ssize_t ucma_join_multicast(struct ucma_file *file,
1551 				   const char __user *inbuf,
1552 				   int in_len, int out_len)
1553 {
1554 	struct rdma_ucm_join_mcast cmd;
1555 
1556 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1557 		return -EFAULT;
1558 
1559 	if (!rdma_addr_size_kss(&cmd.addr))
1560 		return -EINVAL;
1561 
1562 	return ucma_process_join(file, &cmd, out_len);
1563 }
1564 
1565 static ssize_t ucma_leave_multicast(struct ucma_file *file,
1566 				    const char __user *inbuf,
1567 				    int in_len, int out_len)
1568 {
1569 	struct rdma_ucm_destroy_id cmd;
1570 	struct rdma_ucm_destroy_id_resp resp;
1571 	struct ucma_multicast *mc;
1572 	int ret = 0;
1573 
1574 	if (out_len < sizeof(resp))
1575 		return -ENOSPC;
1576 
1577 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1578 		return -EFAULT;
1579 
1580 	xa_lock(&multicast_table);
1581 	mc = xa_load(&multicast_table, cmd.id);
1582 	if (!mc)
1583 		mc = ERR_PTR(-ENOENT);
1584 	else if (mc->ctx->file != file)
1585 		mc = ERR_PTR(-EINVAL);
1586 	else if (!refcount_inc_not_zero(&mc->ctx->ref))
1587 		mc = ERR_PTR(-ENXIO);
1588 	else
1589 		__xa_erase(&multicast_table, mc->id);
1590 	xa_unlock(&multicast_table);
1591 
1592 	if (IS_ERR(mc)) {
1593 		ret = PTR_ERR(mc);
1594 		goto out;
1595 	}
1596 
1597 	mutex_lock(&mc->ctx->mutex);
1598 	rdma_leave_multicast(mc->ctx->cm_id, (struct sockaddr *) &mc->addr);
1599 	mutex_unlock(&mc->ctx->mutex);
1600 
1601 	mutex_lock(&mc->ctx->file->mut);
1602 	ucma_cleanup_mc_events(mc);
1603 	list_del(&mc->list);
1604 	mutex_unlock(&mc->ctx->file->mut);
1605 
1606 	ucma_put_ctx(mc->ctx);
1607 	resp.events_reported = mc->events_reported;
1608 	kfree(mc);
1609 
1610 	if (copy_to_user(u64_to_user_ptr(cmd.response),
1611 			 &resp, sizeof(resp)))
1612 		ret = -EFAULT;
1613 out:
1614 	return ret;
1615 }
1616 
1617 static void ucma_lock_files(struct ucma_file *file1, struct ucma_file *file2)
1618 {
1619 	/* Acquire mutex's based on pointer comparison to prevent deadlock. */
1620 	if (file1 < file2) {
1621 		mutex_lock(&file1->mut);
1622 		mutex_lock_nested(&file2->mut, SINGLE_DEPTH_NESTING);
1623 	} else {
1624 		mutex_lock(&file2->mut);
1625 		mutex_lock_nested(&file1->mut, SINGLE_DEPTH_NESTING);
1626 	}
1627 }
1628 
1629 static void ucma_unlock_files(struct ucma_file *file1, struct ucma_file *file2)
1630 {
1631 	if (file1 < file2) {
1632 		mutex_unlock(&file2->mut);
1633 		mutex_unlock(&file1->mut);
1634 	} else {
1635 		mutex_unlock(&file1->mut);
1636 		mutex_unlock(&file2->mut);
1637 	}
1638 }
1639 
1640 static void ucma_move_events(struct ucma_context *ctx, struct ucma_file *file)
1641 {
1642 	struct ucma_event *uevent, *tmp;
1643 
1644 	list_for_each_entry_safe(uevent, tmp, &ctx->file->event_list, list)
1645 		if (uevent->ctx == ctx)
1646 			list_move_tail(&uevent->list, &file->event_list);
1647 }
1648 
1649 static ssize_t ucma_migrate_id(struct ucma_file *new_file,
1650 			       const char __user *inbuf,
1651 			       int in_len, int out_len)
1652 {
1653 	struct rdma_ucm_migrate_id cmd;
1654 	struct rdma_ucm_migrate_resp resp;
1655 	struct ucma_context *ctx;
1656 	struct fd f;
1657 	struct ucma_file *cur_file;
1658 	int ret = 0;
1659 
1660 	if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1661 		return -EFAULT;
1662 
1663 	/* Get current fd to protect against it being closed */
1664 	f = fdget(cmd.fd);
1665 	if (!f.file)
1666 		return -ENOENT;
1667 	if (f.file->f_op != &ucma_fops) {
1668 		ret = -EINVAL;
1669 		goto file_put;
1670 	}
1671 
1672 	/* Validate current fd and prevent destruction of id. */
1673 	ctx = ucma_get_ctx(f.file->private_data, cmd.id);
1674 	if (IS_ERR(ctx)) {
1675 		ret = PTR_ERR(ctx);
1676 		goto file_put;
1677 	}
1678 
1679 	cur_file = ctx->file;
1680 	if (cur_file == new_file) {
1681 		resp.events_reported = ctx->events_reported;
1682 		goto response;
1683 	}
1684 
1685 	/*
1686 	 * Migrate events between fd's, maintaining order, and avoiding new
1687 	 * events being added before existing events.
1688 	 */
1689 	ucma_lock_files(cur_file, new_file);
1690 	xa_lock(&ctx_table);
1691 
1692 	list_move_tail(&ctx->list, &new_file->ctx_list);
1693 	ucma_move_events(ctx, new_file);
1694 	ctx->file = new_file;
1695 	resp.events_reported = ctx->events_reported;
1696 
1697 	xa_unlock(&ctx_table);
1698 	ucma_unlock_files(cur_file, new_file);
1699 
1700 response:
1701 	if (copy_to_user(u64_to_user_ptr(cmd.response),
1702 			 &resp, sizeof(resp)))
1703 		ret = -EFAULT;
1704 
1705 	ucma_put_ctx(ctx);
1706 file_put:
1707 	fdput(f);
1708 	return ret;
1709 }
1710 
1711 static ssize_t (*ucma_cmd_table[])(struct ucma_file *file,
1712 				   const char __user *inbuf,
1713 				   int in_len, int out_len) = {
1714 	[RDMA_USER_CM_CMD_CREATE_ID] 	 = ucma_create_id,
1715 	[RDMA_USER_CM_CMD_DESTROY_ID]	 = ucma_destroy_id,
1716 	[RDMA_USER_CM_CMD_BIND_IP]	 = ucma_bind_ip,
1717 	[RDMA_USER_CM_CMD_RESOLVE_IP]	 = ucma_resolve_ip,
1718 	[RDMA_USER_CM_CMD_RESOLVE_ROUTE] = ucma_resolve_route,
1719 	[RDMA_USER_CM_CMD_QUERY_ROUTE]	 = ucma_query_route,
1720 	[RDMA_USER_CM_CMD_CONNECT]	 = ucma_connect,
1721 	[RDMA_USER_CM_CMD_LISTEN]	 = ucma_listen,
1722 	[RDMA_USER_CM_CMD_ACCEPT]	 = ucma_accept,
1723 	[RDMA_USER_CM_CMD_REJECT]	 = ucma_reject,
1724 	[RDMA_USER_CM_CMD_DISCONNECT]	 = ucma_disconnect,
1725 	[RDMA_USER_CM_CMD_INIT_QP_ATTR]	 = ucma_init_qp_attr,
1726 	[RDMA_USER_CM_CMD_GET_EVENT]	 = ucma_get_event,
1727 	[RDMA_USER_CM_CMD_GET_OPTION]	 = NULL,
1728 	[RDMA_USER_CM_CMD_SET_OPTION]	 = ucma_set_option,
1729 	[RDMA_USER_CM_CMD_NOTIFY]	 = ucma_notify,
1730 	[RDMA_USER_CM_CMD_JOIN_IP_MCAST] = ucma_join_ip_multicast,
1731 	[RDMA_USER_CM_CMD_LEAVE_MCAST]	 = ucma_leave_multicast,
1732 	[RDMA_USER_CM_CMD_MIGRATE_ID]	 = ucma_migrate_id,
1733 	[RDMA_USER_CM_CMD_QUERY]	 = ucma_query,
1734 	[RDMA_USER_CM_CMD_BIND]		 = ucma_bind,
1735 	[RDMA_USER_CM_CMD_RESOLVE_ADDR]	 = ucma_resolve_addr,
1736 	[RDMA_USER_CM_CMD_JOIN_MCAST]	 = ucma_join_multicast
1737 };
1738 
1739 static ssize_t ucma_write(struct file *filp, const char __user *buf,
1740 			  size_t len, loff_t *pos)
1741 {
1742 	struct ucma_file *file = filp->private_data;
1743 	struct rdma_ucm_cmd_hdr hdr;
1744 	ssize_t ret;
1745 
1746 	if (!ib_safe_file_access(filp)) {
1747 		pr_err_once("ucma_write: process %d (%s) changed security contexts after opening file descriptor, this is not allowed.\n",
1748 			    task_tgid_vnr(current), current->comm);
1749 		return -EACCES;
1750 	}
1751 
1752 	if (len < sizeof(hdr))
1753 		return -EINVAL;
1754 
1755 	if (copy_from_user(&hdr, buf, sizeof(hdr)))
1756 		return -EFAULT;
1757 
1758 	if (hdr.cmd >= ARRAY_SIZE(ucma_cmd_table))
1759 		return -EINVAL;
1760 	hdr.cmd = array_index_nospec(hdr.cmd, ARRAY_SIZE(ucma_cmd_table));
1761 
1762 	if (hdr.in + sizeof(hdr) > len)
1763 		return -EINVAL;
1764 
1765 	if (!ucma_cmd_table[hdr.cmd])
1766 		return -ENOSYS;
1767 
1768 	ret = ucma_cmd_table[hdr.cmd](file, buf + sizeof(hdr), hdr.in, hdr.out);
1769 	if (!ret)
1770 		ret = len;
1771 
1772 	return ret;
1773 }
1774 
1775 static __poll_t ucma_poll(struct file *filp, struct poll_table_struct *wait)
1776 {
1777 	struct ucma_file *file = filp->private_data;
1778 	__poll_t mask = 0;
1779 
1780 	poll_wait(filp, &file->poll_wait, wait);
1781 
1782 	if (!list_empty(&file->event_list))
1783 		mask = EPOLLIN | EPOLLRDNORM;
1784 
1785 	return mask;
1786 }
1787 
1788 /*
1789  * ucma_open() does not need the BKL:
1790  *
1791  *  - no global state is referred to;
1792  *  - there is no ioctl method to race against;
1793  *  - no further module initialization is required for open to work
1794  *    after the device is registered.
1795  */
1796 static int ucma_open(struct inode *inode, struct file *filp)
1797 {
1798 	struct ucma_file *file;
1799 
1800 	file = kmalloc(sizeof *file, GFP_KERNEL);
1801 	if (!file)
1802 		return -ENOMEM;
1803 
1804 	file->close_wq = alloc_ordered_workqueue("ucma_close_id",
1805 						 WQ_MEM_RECLAIM);
1806 	if (!file->close_wq) {
1807 		kfree(file);
1808 		return -ENOMEM;
1809 	}
1810 
1811 	INIT_LIST_HEAD(&file->event_list);
1812 	INIT_LIST_HEAD(&file->ctx_list);
1813 	init_waitqueue_head(&file->poll_wait);
1814 	mutex_init(&file->mut);
1815 
1816 	filp->private_data = file;
1817 	file->filp = filp;
1818 
1819 	return stream_open(inode, filp);
1820 }
1821 
1822 static int ucma_close(struct inode *inode, struct file *filp)
1823 {
1824 	struct ucma_file *file = filp->private_data;
1825 	struct ucma_context *ctx, *tmp;
1826 
1827 	mutex_lock(&file->mut);
1828 	list_for_each_entry_safe(ctx, tmp, &file->ctx_list, list) {
1829 		ctx->destroying = 1;
1830 		mutex_unlock(&file->mut);
1831 
1832 		xa_erase(&ctx_table, ctx->id);
1833 		flush_workqueue(file->close_wq);
1834 		/* At that step once ctx was marked as destroying and workqueue
1835 		 * was flushed we are safe from any inflights handlers that
1836 		 * might put other closing task.
1837 		 */
1838 		xa_lock(&ctx_table);
1839 		if (!ctx->closing) {
1840 			xa_unlock(&ctx_table);
1841 			ucma_put_ctx(ctx);
1842 			wait_for_completion(&ctx->comp);
1843 			/* rdma_destroy_id ensures that no event handlers are
1844 			 * inflight for that id before releasing it.
1845 			 */
1846 			rdma_destroy_id(ctx->cm_id);
1847 		} else {
1848 			xa_unlock(&ctx_table);
1849 		}
1850 
1851 		ucma_free_ctx(ctx);
1852 		mutex_lock(&file->mut);
1853 	}
1854 	mutex_unlock(&file->mut);
1855 	destroy_workqueue(file->close_wq);
1856 	kfree(file);
1857 	return 0;
1858 }
1859 
1860 static const struct file_operations ucma_fops = {
1861 	.owner 	 = THIS_MODULE,
1862 	.open 	 = ucma_open,
1863 	.release = ucma_close,
1864 	.write	 = ucma_write,
1865 	.poll    = ucma_poll,
1866 	.llseek	 = no_llseek,
1867 };
1868 
1869 static struct miscdevice ucma_misc = {
1870 	.minor		= MISC_DYNAMIC_MINOR,
1871 	.name		= "rdma_cm",
1872 	.nodename	= "infiniband/rdma_cm",
1873 	.mode		= 0666,
1874 	.fops		= &ucma_fops,
1875 };
1876 
1877 static int ucma_get_global_nl_info(struct ib_client_nl_info *res)
1878 {
1879 	res->abi = RDMA_USER_CM_ABI_VERSION;
1880 	res->cdev = ucma_misc.this_device;
1881 	return 0;
1882 }
1883 
1884 static struct ib_client rdma_cma_client = {
1885 	.name = "rdma_cm",
1886 	.get_global_nl_info = ucma_get_global_nl_info,
1887 };
1888 MODULE_ALIAS_RDMA_CLIENT("rdma_cm");
1889 
1890 static ssize_t show_abi_version(struct device *dev,
1891 				struct device_attribute *attr,
1892 				char *buf)
1893 {
1894 	return sprintf(buf, "%d\n", RDMA_USER_CM_ABI_VERSION);
1895 }
1896 static DEVICE_ATTR(abi_version, S_IRUGO, show_abi_version, NULL);
1897 
1898 static int __init ucma_init(void)
1899 {
1900 	int ret;
1901 
1902 	ret = misc_register(&ucma_misc);
1903 	if (ret)
1904 		return ret;
1905 
1906 	ret = device_create_file(ucma_misc.this_device, &dev_attr_abi_version);
1907 	if (ret) {
1908 		pr_err("rdma_ucm: couldn't create abi_version attr\n");
1909 		goto err1;
1910 	}
1911 
1912 	ucma_ctl_table_hdr = register_net_sysctl(&init_net, "net/rdma_ucm", ucma_ctl_table);
1913 	if (!ucma_ctl_table_hdr) {
1914 		pr_err("rdma_ucm: couldn't register sysctl paths\n");
1915 		ret = -ENOMEM;
1916 		goto err2;
1917 	}
1918 
1919 	ret = ib_register_client(&rdma_cma_client);
1920 	if (ret)
1921 		goto err3;
1922 
1923 	return 0;
1924 err3:
1925 	unregister_net_sysctl_table(ucma_ctl_table_hdr);
1926 err2:
1927 	device_remove_file(ucma_misc.this_device, &dev_attr_abi_version);
1928 err1:
1929 	misc_deregister(&ucma_misc);
1930 	return ret;
1931 }
1932 
1933 static void __exit ucma_cleanup(void)
1934 {
1935 	ib_unregister_client(&rdma_cma_client);
1936 	unregister_net_sysctl_table(ucma_ctl_table_hdr);
1937 	device_remove_file(ucma_misc.this_device, &dev_attr_abi_version);
1938 	misc_deregister(&ucma_misc);
1939 }
1940 
1941 module_init(ucma_init);
1942 module_exit(ucma_cleanup);
1943