1 /* 2 * Copyright (c) 2005 Topspin Communications. All rights reserved. 3 * Copyright (c) 2005, 2006, 2007 Cisco Systems. All rights reserved. 4 * Copyright (c) 2005 PathScale, Inc. All rights reserved. 5 * Copyright (c) 2006 Mellanox Technologies. All rights reserved. 6 * 7 * This software is available to you under a choice of one of two 8 * licenses. You may choose to be licensed under the terms of the GNU 9 * General Public License (GPL) Version 2, available from the file 10 * COPYING in the main directory of this source tree, or the 11 * OpenIB.org BSD license below: 12 * 13 * Redistribution and use in source and binary forms, with or 14 * without modification, are permitted provided that the following 15 * conditions are met: 16 * 17 * - Redistributions of source code must retain the above 18 * copyright notice, this list of conditions and the following 19 * disclaimer. 20 * 21 * - Redistributions in binary form must reproduce the above 22 * copyright notice, this list of conditions and the following 23 * disclaimer in the documentation and/or other materials 24 * provided with the distribution. 25 * 26 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 27 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 28 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 29 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 30 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 31 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 32 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 33 * SOFTWARE. 34 */ 35 36 #include <linux/file.h> 37 #include <linux/fs.h> 38 #include <linux/slab.h> 39 #include <linux/sched.h> 40 41 #include <linux/uaccess.h> 42 43 #include <rdma/uverbs_types.h> 44 #include <rdma/uverbs_std_types.h> 45 #include "rdma_core.h" 46 47 #include "uverbs.h" 48 #include "core_priv.h" 49 50 static struct ib_uverbs_completion_event_file * 51 _ib_uverbs_lookup_comp_file(s32 fd, struct ib_uverbs_file *ufile) 52 { 53 struct ib_uobject *uobj = ufd_get_read(UVERBS_OBJECT_COMP_CHANNEL, 54 fd, ufile); 55 56 if (IS_ERR(uobj)) 57 return (void *)uobj; 58 59 uverbs_uobject_get(uobj); 60 uobj_put_read(uobj); 61 62 return container_of(uobj, struct ib_uverbs_completion_event_file, 63 uobj); 64 } 65 #define ib_uverbs_lookup_comp_file(_fd, _ufile) \ 66 _ib_uverbs_lookup_comp_file((_fd)*typecheck(s32, _fd), _ufile) 67 68 ssize_t ib_uverbs_get_context(struct ib_uverbs_file *file, 69 const char __user *buf, 70 int in_len, int out_len) 71 { 72 struct ib_uverbs_get_context cmd; 73 struct ib_uverbs_get_context_resp resp; 74 struct ib_udata udata; 75 struct ib_ucontext *ucontext; 76 struct file *filp; 77 struct ib_rdmacg_object cg_obj; 78 struct ib_device *ib_dev; 79 int ret; 80 81 if (out_len < sizeof resp) 82 return -ENOSPC; 83 84 if (copy_from_user(&cmd, buf, sizeof cmd)) 85 return -EFAULT; 86 87 mutex_lock(&file->ucontext_lock); 88 ib_dev = srcu_dereference(file->device->ib_dev, 89 &file->device->disassociate_srcu); 90 if (!ib_dev) { 91 ret = -EIO; 92 goto err; 93 } 94 95 if (file->ucontext) { 96 ret = -EINVAL; 97 goto err; 98 } 99 100 ib_uverbs_init_udata(&udata, buf + sizeof(cmd), 101 u64_to_user_ptr(cmd.response) + sizeof(resp), 102 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr), 103 out_len - sizeof(resp)); 104 105 ret = ib_rdmacg_try_charge(&cg_obj, ib_dev, RDMACG_RESOURCE_HCA_HANDLE); 106 if (ret) 107 goto err; 108 109 ucontext = ib_dev->alloc_ucontext(ib_dev, &udata); 110 if (IS_ERR(ucontext)) { 111 ret = PTR_ERR(ucontext); 112 goto err_alloc; 113 } 114 115 ucontext->device = ib_dev; 116 ucontext->cg_obj = cg_obj; 117 /* ufile is required when some objects are released */ 118 ucontext->ufile = file; 119 120 ucontext->closing = false; 121 ucontext->cleanup_retryable = false; 122 123 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING 124 mutex_init(&ucontext->per_mm_list_lock); 125 INIT_LIST_HEAD(&ucontext->per_mm_list); 126 if (!(ib_dev->attrs.device_cap_flags & IB_DEVICE_ON_DEMAND_PAGING)) 127 ucontext->invalidate_range = NULL; 128 129 #endif 130 131 resp.num_comp_vectors = file->device->num_comp_vectors; 132 133 ret = get_unused_fd_flags(O_CLOEXEC); 134 if (ret < 0) 135 goto err_free; 136 resp.async_fd = ret; 137 138 filp = ib_uverbs_alloc_async_event_file(file, ib_dev); 139 if (IS_ERR(filp)) { 140 ret = PTR_ERR(filp); 141 goto err_fd; 142 } 143 144 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) { 145 ret = -EFAULT; 146 goto err_file; 147 } 148 149 fd_install(resp.async_fd, filp); 150 151 /* 152 * Make sure that ib_uverbs_get_ucontext() sees the pointer update 153 * only after all writes to setup the ucontext have completed 154 */ 155 smp_store_release(&file->ucontext, ucontext); 156 157 mutex_unlock(&file->ucontext_lock); 158 159 return in_len; 160 161 err_file: 162 ib_uverbs_free_async_event_file(file); 163 fput(filp); 164 165 err_fd: 166 put_unused_fd(resp.async_fd); 167 168 err_free: 169 ib_dev->dealloc_ucontext(ucontext); 170 171 err_alloc: 172 ib_rdmacg_uncharge(&cg_obj, ib_dev, RDMACG_RESOURCE_HCA_HANDLE); 173 174 err: 175 mutex_unlock(&file->ucontext_lock); 176 return ret; 177 } 178 179 static void copy_query_dev_fields(struct ib_ucontext *ucontext, 180 struct ib_uverbs_query_device_resp *resp, 181 struct ib_device_attr *attr) 182 { 183 struct ib_device *ib_dev = ucontext->device; 184 185 resp->fw_ver = attr->fw_ver; 186 resp->node_guid = ib_dev->node_guid; 187 resp->sys_image_guid = attr->sys_image_guid; 188 resp->max_mr_size = attr->max_mr_size; 189 resp->page_size_cap = attr->page_size_cap; 190 resp->vendor_id = attr->vendor_id; 191 resp->vendor_part_id = attr->vendor_part_id; 192 resp->hw_ver = attr->hw_ver; 193 resp->max_qp = attr->max_qp; 194 resp->max_qp_wr = attr->max_qp_wr; 195 resp->device_cap_flags = lower_32_bits(attr->device_cap_flags); 196 resp->max_sge = min(attr->max_send_sge, attr->max_recv_sge); 197 resp->max_sge_rd = attr->max_sge_rd; 198 resp->max_cq = attr->max_cq; 199 resp->max_cqe = attr->max_cqe; 200 resp->max_mr = attr->max_mr; 201 resp->max_pd = attr->max_pd; 202 resp->max_qp_rd_atom = attr->max_qp_rd_atom; 203 resp->max_ee_rd_atom = attr->max_ee_rd_atom; 204 resp->max_res_rd_atom = attr->max_res_rd_atom; 205 resp->max_qp_init_rd_atom = attr->max_qp_init_rd_atom; 206 resp->max_ee_init_rd_atom = attr->max_ee_init_rd_atom; 207 resp->atomic_cap = attr->atomic_cap; 208 resp->max_ee = attr->max_ee; 209 resp->max_rdd = attr->max_rdd; 210 resp->max_mw = attr->max_mw; 211 resp->max_raw_ipv6_qp = attr->max_raw_ipv6_qp; 212 resp->max_raw_ethy_qp = attr->max_raw_ethy_qp; 213 resp->max_mcast_grp = attr->max_mcast_grp; 214 resp->max_mcast_qp_attach = attr->max_mcast_qp_attach; 215 resp->max_total_mcast_qp_attach = attr->max_total_mcast_qp_attach; 216 resp->max_ah = attr->max_ah; 217 resp->max_fmr = attr->max_fmr; 218 resp->max_map_per_fmr = attr->max_map_per_fmr; 219 resp->max_srq = attr->max_srq; 220 resp->max_srq_wr = attr->max_srq_wr; 221 resp->max_srq_sge = attr->max_srq_sge; 222 resp->max_pkeys = attr->max_pkeys; 223 resp->local_ca_ack_delay = attr->local_ca_ack_delay; 224 resp->phys_port_cnt = ib_dev->phys_port_cnt; 225 } 226 227 ssize_t ib_uverbs_query_device(struct ib_uverbs_file *file, 228 const char __user *buf, 229 int in_len, int out_len) 230 { 231 struct ib_uverbs_query_device cmd; 232 struct ib_uverbs_query_device_resp resp; 233 struct ib_ucontext *ucontext; 234 235 ucontext = ib_uverbs_get_ucontext(file); 236 if (IS_ERR(ucontext)) 237 return PTR_ERR(ucontext); 238 239 if (out_len < sizeof resp) 240 return -ENOSPC; 241 242 if (copy_from_user(&cmd, buf, sizeof cmd)) 243 return -EFAULT; 244 245 memset(&resp, 0, sizeof resp); 246 copy_query_dev_fields(ucontext, &resp, &ucontext->device->attrs); 247 248 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) 249 return -EFAULT; 250 251 return in_len; 252 } 253 254 /* 255 * ib_uverbs_query_port_resp.port_cap_flags started out as just a copy of the 256 * PortInfo CapabilityMask, but was extended with unique bits. 257 */ 258 static u32 make_port_cap_flags(const struct ib_port_attr *attr) 259 { 260 u32 res; 261 262 /* All IBA CapabilityMask bits are passed through here, except bit 26, 263 * which is overridden with IP_BASED_GIDS. This is due to a historical 264 * mistake in the implementation of IP_BASED_GIDS. Otherwise all other 265 * bits match the IBA definition across all kernel versions. 266 */ 267 res = attr->port_cap_flags & ~(u32)IB_UVERBS_PCF_IP_BASED_GIDS; 268 269 if (attr->ip_gids) 270 res |= IB_UVERBS_PCF_IP_BASED_GIDS; 271 272 return res; 273 } 274 275 ssize_t ib_uverbs_query_port(struct ib_uverbs_file *file, 276 const char __user *buf, 277 int in_len, int out_len) 278 { 279 struct ib_uverbs_query_port cmd; 280 struct ib_uverbs_query_port_resp resp; 281 struct ib_port_attr attr; 282 int ret; 283 struct ib_ucontext *ucontext; 284 struct ib_device *ib_dev; 285 286 ucontext = ib_uverbs_get_ucontext(file); 287 if (IS_ERR(ucontext)) 288 return PTR_ERR(ucontext); 289 ib_dev = ucontext->device; 290 291 if (out_len < sizeof resp) 292 return -ENOSPC; 293 294 if (copy_from_user(&cmd, buf, sizeof cmd)) 295 return -EFAULT; 296 297 ret = ib_query_port(ib_dev, cmd.port_num, &attr); 298 if (ret) 299 return ret; 300 301 memset(&resp, 0, sizeof resp); 302 303 resp.state = attr.state; 304 resp.max_mtu = attr.max_mtu; 305 resp.active_mtu = attr.active_mtu; 306 resp.gid_tbl_len = attr.gid_tbl_len; 307 resp.port_cap_flags = make_port_cap_flags(&attr); 308 resp.max_msg_sz = attr.max_msg_sz; 309 resp.bad_pkey_cntr = attr.bad_pkey_cntr; 310 resp.qkey_viol_cntr = attr.qkey_viol_cntr; 311 resp.pkey_tbl_len = attr.pkey_tbl_len; 312 313 if (rdma_is_grh_required(ib_dev, cmd.port_num)) 314 resp.flags |= IB_UVERBS_QPF_GRH_REQUIRED; 315 316 if (rdma_cap_opa_ah(ib_dev, cmd.port_num)) { 317 resp.lid = OPA_TO_IB_UCAST_LID(attr.lid); 318 resp.sm_lid = OPA_TO_IB_UCAST_LID(attr.sm_lid); 319 } else { 320 resp.lid = ib_lid_cpu16(attr.lid); 321 resp.sm_lid = ib_lid_cpu16(attr.sm_lid); 322 } 323 resp.lmc = attr.lmc; 324 resp.max_vl_num = attr.max_vl_num; 325 resp.sm_sl = attr.sm_sl; 326 resp.subnet_timeout = attr.subnet_timeout; 327 resp.init_type_reply = attr.init_type_reply; 328 resp.active_width = attr.active_width; 329 resp.active_speed = attr.active_speed; 330 resp.phys_state = attr.phys_state; 331 resp.link_layer = rdma_port_get_link_layer(ib_dev, 332 cmd.port_num); 333 334 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) 335 return -EFAULT; 336 337 return in_len; 338 } 339 340 ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file, 341 const char __user *buf, 342 int in_len, int out_len) 343 { 344 struct ib_uverbs_alloc_pd cmd; 345 struct ib_uverbs_alloc_pd_resp resp; 346 struct ib_udata udata; 347 struct ib_uobject *uobj; 348 struct ib_pd *pd; 349 int ret; 350 struct ib_device *ib_dev; 351 352 if (out_len < sizeof resp) 353 return -ENOSPC; 354 355 if (copy_from_user(&cmd, buf, sizeof cmd)) 356 return -EFAULT; 357 358 ib_uverbs_init_udata(&udata, buf + sizeof(cmd), 359 u64_to_user_ptr(cmd.response) + sizeof(resp), 360 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr), 361 out_len - sizeof(resp)); 362 363 uobj = uobj_alloc(UVERBS_OBJECT_PD, file, &ib_dev); 364 if (IS_ERR(uobj)) 365 return PTR_ERR(uobj); 366 367 pd = ib_dev->alloc_pd(ib_dev, uobj->context, &udata); 368 if (IS_ERR(pd)) { 369 ret = PTR_ERR(pd); 370 goto err; 371 } 372 373 pd->device = ib_dev; 374 pd->uobject = uobj; 375 pd->__internal_mr = NULL; 376 atomic_set(&pd->usecnt, 0); 377 378 uobj->object = pd; 379 memset(&resp, 0, sizeof resp); 380 resp.pd_handle = uobj->id; 381 pd->res.type = RDMA_RESTRACK_PD; 382 rdma_restrack_add(&pd->res); 383 384 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) { 385 ret = -EFAULT; 386 goto err_copy; 387 } 388 389 return uobj_alloc_commit(uobj, in_len); 390 391 err_copy: 392 ib_dealloc_pd(pd); 393 394 err: 395 uobj_alloc_abort(uobj); 396 return ret; 397 } 398 399 ssize_t ib_uverbs_dealloc_pd(struct ib_uverbs_file *file, 400 const char __user *buf, 401 int in_len, int out_len) 402 { 403 struct ib_uverbs_dealloc_pd cmd; 404 405 if (copy_from_user(&cmd, buf, sizeof cmd)) 406 return -EFAULT; 407 408 return uobj_perform_destroy(UVERBS_OBJECT_PD, cmd.pd_handle, file, 409 in_len); 410 } 411 412 struct xrcd_table_entry { 413 struct rb_node node; 414 struct ib_xrcd *xrcd; 415 struct inode *inode; 416 }; 417 418 static int xrcd_table_insert(struct ib_uverbs_device *dev, 419 struct inode *inode, 420 struct ib_xrcd *xrcd) 421 { 422 struct xrcd_table_entry *entry, *scan; 423 struct rb_node **p = &dev->xrcd_tree.rb_node; 424 struct rb_node *parent = NULL; 425 426 entry = kmalloc(sizeof *entry, GFP_KERNEL); 427 if (!entry) 428 return -ENOMEM; 429 430 entry->xrcd = xrcd; 431 entry->inode = inode; 432 433 while (*p) { 434 parent = *p; 435 scan = rb_entry(parent, struct xrcd_table_entry, node); 436 437 if (inode < scan->inode) { 438 p = &(*p)->rb_left; 439 } else if (inode > scan->inode) { 440 p = &(*p)->rb_right; 441 } else { 442 kfree(entry); 443 return -EEXIST; 444 } 445 } 446 447 rb_link_node(&entry->node, parent, p); 448 rb_insert_color(&entry->node, &dev->xrcd_tree); 449 igrab(inode); 450 return 0; 451 } 452 453 static struct xrcd_table_entry *xrcd_table_search(struct ib_uverbs_device *dev, 454 struct inode *inode) 455 { 456 struct xrcd_table_entry *entry; 457 struct rb_node *p = dev->xrcd_tree.rb_node; 458 459 while (p) { 460 entry = rb_entry(p, struct xrcd_table_entry, node); 461 462 if (inode < entry->inode) 463 p = p->rb_left; 464 else if (inode > entry->inode) 465 p = p->rb_right; 466 else 467 return entry; 468 } 469 470 return NULL; 471 } 472 473 static struct ib_xrcd *find_xrcd(struct ib_uverbs_device *dev, struct inode *inode) 474 { 475 struct xrcd_table_entry *entry; 476 477 entry = xrcd_table_search(dev, inode); 478 if (!entry) 479 return NULL; 480 481 return entry->xrcd; 482 } 483 484 static void xrcd_table_delete(struct ib_uverbs_device *dev, 485 struct inode *inode) 486 { 487 struct xrcd_table_entry *entry; 488 489 entry = xrcd_table_search(dev, inode); 490 if (entry) { 491 iput(inode); 492 rb_erase(&entry->node, &dev->xrcd_tree); 493 kfree(entry); 494 } 495 } 496 497 ssize_t ib_uverbs_open_xrcd(struct ib_uverbs_file *file, 498 const char __user *buf, int in_len, 499 int out_len) 500 { 501 struct ib_uverbs_open_xrcd cmd; 502 struct ib_uverbs_open_xrcd_resp resp; 503 struct ib_udata udata; 504 struct ib_uxrcd_object *obj; 505 struct ib_xrcd *xrcd = NULL; 506 struct fd f = {NULL, 0}; 507 struct inode *inode = NULL; 508 int ret = 0; 509 int new_xrcd = 0; 510 struct ib_device *ib_dev; 511 512 if (out_len < sizeof resp) 513 return -ENOSPC; 514 515 if (copy_from_user(&cmd, buf, sizeof cmd)) 516 return -EFAULT; 517 518 ib_uverbs_init_udata(&udata, buf + sizeof(cmd), 519 u64_to_user_ptr(cmd.response) + sizeof(resp), 520 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr), 521 out_len - sizeof(resp)); 522 523 mutex_lock(&file->device->xrcd_tree_mutex); 524 525 if (cmd.fd != -1) { 526 /* search for file descriptor */ 527 f = fdget(cmd.fd); 528 if (!f.file) { 529 ret = -EBADF; 530 goto err_tree_mutex_unlock; 531 } 532 533 inode = file_inode(f.file); 534 xrcd = find_xrcd(file->device, inode); 535 if (!xrcd && !(cmd.oflags & O_CREAT)) { 536 /* no file descriptor. Need CREATE flag */ 537 ret = -EAGAIN; 538 goto err_tree_mutex_unlock; 539 } 540 541 if (xrcd && cmd.oflags & O_EXCL) { 542 ret = -EINVAL; 543 goto err_tree_mutex_unlock; 544 } 545 } 546 547 obj = (struct ib_uxrcd_object *)uobj_alloc(UVERBS_OBJECT_XRCD, file, 548 &ib_dev); 549 if (IS_ERR(obj)) { 550 ret = PTR_ERR(obj); 551 goto err_tree_mutex_unlock; 552 } 553 554 if (!xrcd) { 555 xrcd = ib_dev->alloc_xrcd(ib_dev, obj->uobject.context, &udata); 556 if (IS_ERR(xrcd)) { 557 ret = PTR_ERR(xrcd); 558 goto err; 559 } 560 561 xrcd->inode = inode; 562 xrcd->device = ib_dev; 563 atomic_set(&xrcd->usecnt, 0); 564 mutex_init(&xrcd->tgt_qp_mutex); 565 INIT_LIST_HEAD(&xrcd->tgt_qp_list); 566 new_xrcd = 1; 567 } 568 569 atomic_set(&obj->refcnt, 0); 570 obj->uobject.object = xrcd; 571 memset(&resp, 0, sizeof resp); 572 resp.xrcd_handle = obj->uobject.id; 573 574 if (inode) { 575 if (new_xrcd) { 576 /* create new inode/xrcd table entry */ 577 ret = xrcd_table_insert(file->device, inode, xrcd); 578 if (ret) 579 goto err_dealloc_xrcd; 580 } 581 atomic_inc(&xrcd->usecnt); 582 } 583 584 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) { 585 ret = -EFAULT; 586 goto err_copy; 587 } 588 589 if (f.file) 590 fdput(f); 591 592 mutex_unlock(&file->device->xrcd_tree_mutex); 593 594 return uobj_alloc_commit(&obj->uobject, in_len); 595 596 err_copy: 597 if (inode) { 598 if (new_xrcd) 599 xrcd_table_delete(file->device, inode); 600 atomic_dec(&xrcd->usecnt); 601 } 602 603 err_dealloc_xrcd: 604 ib_dealloc_xrcd(xrcd); 605 606 err: 607 uobj_alloc_abort(&obj->uobject); 608 609 err_tree_mutex_unlock: 610 if (f.file) 611 fdput(f); 612 613 mutex_unlock(&file->device->xrcd_tree_mutex); 614 615 return ret; 616 } 617 618 ssize_t ib_uverbs_close_xrcd(struct ib_uverbs_file *file, 619 const char __user *buf, int in_len, 620 int out_len) 621 { 622 struct ib_uverbs_close_xrcd cmd; 623 624 if (copy_from_user(&cmd, buf, sizeof cmd)) 625 return -EFAULT; 626 627 return uobj_perform_destroy(UVERBS_OBJECT_XRCD, cmd.xrcd_handle, file, 628 in_len); 629 } 630 631 int ib_uverbs_dealloc_xrcd(struct ib_uobject *uobject, 632 struct ib_xrcd *xrcd, 633 enum rdma_remove_reason why) 634 { 635 struct inode *inode; 636 int ret; 637 struct ib_uverbs_device *dev = uobject->context->ufile->device; 638 639 inode = xrcd->inode; 640 if (inode && !atomic_dec_and_test(&xrcd->usecnt)) 641 return 0; 642 643 ret = ib_dealloc_xrcd(xrcd); 644 645 if (ib_is_destroy_retryable(ret, why, uobject)) { 646 atomic_inc(&xrcd->usecnt); 647 return ret; 648 } 649 650 if (inode) 651 xrcd_table_delete(dev, inode); 652 653 return ret; 654 } 655 656 ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file, 657 const char __user *buf, int in_len, 658 int out_len) 659 { 660 struct ib_uverbs_reg_mr cmd; 661 struct ib_uverbs_reg_mr_resp resp; 662 struct ib_udata udata; 663 struct ib_uobject *uobj; 664 struct ib_pd *pd; 665 struct ib_mr *mr; 666 int ret; 667 struct ib_device *ib_dev; 668 669 if (out_len < sizeof resp) 670 return -ENOSPC; 671 672 if (copy_from_user(&cmd, buf, sizeof cmd)) 673 return -EFAULT; 674 675 ib_uverbs_init_udata(&udata, buf + sizeof(cmd), 676 u64_to_user_ptr(cmd.response) + sizeof(resp), 677 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr), 678 out_len - sizeof(resp)); 679 680 if ((cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK)) 681 return -EINVAL; 682 683 ret = ib_check_mr_access(cmd.access_flags); 684 if (ret) 685 return ret; 686 687 uobj = uobj_alloc(UVERBS_OBJECT_MR, file, &ib_dev); 688 if (IS_ERR(uobj)) 689 return PTR_ERR(uobj); 690 691 pd = uobj_get_obj_read(pd, UVERBS_OBJECT_PD, cmd.pd_handle, file); 692 if (!pd) { 693 ret = -EINVAL; 694 goto err_free; 695 } 696 697 if (cmd.access_flags & IB_ACCESS_ON_DEMAND) { 698 if (!(pd->device->attrs.device_cap_flags & 699 IB_DEVICE_ON_DEMAND_PAGING)) { 700 pr_debug("ODP support not available\n"); 701 ret = -EINVAL; 702 goto err_put; 703 } 704 } 705 706 mr = pd->device->reg_user_mr(pd, cmd.start, cmd.length, cmd.hca_va, 707 cmd.access_flags, &udata); 708 if (IS_ERR(mr)) { 709 ret = PTR_ERR(mr); 710 goto err_put; 711 } 712 713 mr->device = pd->device; 714 mr->pd = pd; 715 mr->dm = NULL; 716 mr->uobject = uobj; 717 atomic_inc(&pd->usecnt); 718 mr->res.type = RDMA_RESTRACK_MR; 719 rdma_restrack_add(&mr->res); 720 721 uobj->object = mr; 722 723 memset(&resp, 0, sizeof resp); 724 resp.lkey = mr->lkey; 725 resp.rkey = mr->rkey; 726 resp.mr_handle = uobj->id; 727 728 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) { 729 ret = -EFAULT; 730 goto err_copy; 731 } 732 733 uobj_put_obj_read(pd); 734 735 return uobj_alloc_commit(uobj, in_len); 736 737 err_copy: 738 ib_dereg_mr(mr); 739 740 err_put: 741 uobj_put_obj_read(pd); 742 743 err_free: 744 uobj_alloc_abort(uobj); 745 return ret; 746 } 747 748 ssize_t ib_uverbs_rereg_mr(struct ib_uverbs_file *file, 749 const char __user *buf, int in_len, 750 int out_len) 751 { 752 struct ib_uverbs_rereg_mr cmd; 753 struct ib_uverbs_rereg_mr_resp resp; 754 struct ib_udata udata; 755 struct ib_pd *pd = NULL; 756 struct ib_mr *mr; 757 struct ib_pd *old_pd; 758 int ret; 759 struct ib_uobject *uobj; 760 761 if (out_len < sizeof(resp)) 762 return -ENOSPC; 763 764 if (copy_from_user(&cmd, buf, sizeof(cmd))) 765 return -EFAULT; 766 767 ib_uverbs_init_udata(&udata, buf + sizeof(cmd), 768 u64_to_user_ptr(cmd.response) + sizeof(resp), 769 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr), 770 out_len - sizeof(resp)); 771 772 if (cmd.flags & ~IB_MR_REREG_SUPPORTED || !cmd.flags) 773 return -EINVAL; 774 775 if ((cmd.flags & IB_MR_REREG_TRANS) && 776 (!cmd.start || !cmd.hca_va || 0 >= cmd.length || 777 (cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK))) 778 return -EINVAL; 779 780 uobj = uobj_get_write(UVERBS_OBJECT_MR, cmd.mr_handle, file); 781 if (IS_ERR(uobj)) 782 return PTR_ERR(uobj); 783 784 mr = uobj->object; 785 786 if (mr->dm) { 787 ret = -EINVAL; 788 goto put_uobjs; 789 } 790 791 if (cmd.flags & IB_MR_REREG_ACCESS) { 792 ret = ib_check_mr_access(cmd.access_flags); 793 if (ret) 794 goto put_uobjs; 795 } 796 797 if (cmd.flags & IB_MR_REREG_PD) { 798 pd = uobj_get_obj_read(pd, UVERBS_OBJECT_PD, cmd.pd_handle, 799 file); 800 if (!pd) { 801 ret = -EINVAL; 802 goto put_uobjs; 803 } 804 } 805 806 old_pd = mr->pd; 807 ret = mr->device->rereg_user_mr(mr, cmd.flags, cmd.start, 808 cmd.length, cmd.hca_va, 809 cmd.access_flags, pd, &udata); 810 if (!ret) { 811 if (cmd.flags & IB_MR_REREG_PD) { 812 atomic_inc(&pd->usecnt); 813 mr->pd = pd; 814 atomic_dec(&old_pd->usecnt); 815 } 816 } else { 817 goto put_uobj_pd; 818 } 819 820 memset(&resp, 0, sizeof(resp)); 821 resp.lkey = mr->lkey; 822 resp.rkey = mr->rkey; 823 824 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof(resp))) 825 ret = -EFAULT; 826 else 827 ret = in_len; 828 829 put_uobj_pd: 830 if (cmd.flags & IB_MR_REREG_PD) 831 uobj_put_obj_read(pd); 832 833 put_uobjs: 834 uobj_put_write(uobj); 835 836 return ret; 837 } 838 839 ssize_t ib_uverbs_dereg_mr(struct ib_uverbs_file *file, 840 const char __user *buf, int in_len, 841 int out_len) 842 { 843 struct ib_uverbs_dereg_mr cmd; 844 845 if (copy_from_user(&cmd, buf, sizeof cmd)) 846 return -EFAULT; 847 848 return uobj_perform_destroy(UVERBS_OBJECT_MR, cmd.mr_handle, file, 849 in_len); 850 } 851 852 ssize_t ib_uverbs_alloc_mw(struct ib_uverbs_file *file, 853 const char __user *buf, int in_len, 854 int out_len) 855 { 856 struct ib_uverbs_alloc_mw cmd; 857 struct ib_uverbs_alloc_mw_resp resp; 858 struct ib_uobject *uobj; 859 struct ib_pd *pd; 860 struct ib_mw *mw; 861 struct ib_udata udata; 862 int ret; 863 struct ib_device *ib_dev; 864 865 if (out_len < sizeof(resp)) 866 return -ENOSPC; 867 868 if (copy_from_user(&cmd, buf, sizeof(cmd))) 869 return -EFAULT; 870 871 uobj = uobj_alloc(UVERBS_OBJECT_MW, file, &ib_dev); 872 if (IS_ERR(uobj)) 873 return PTR_ERR(uobj); 874 875 pd = uobj_get_obj_read(pd, UVERBS_OBJECT_PD, cmd.pd_handle, file); 876 if (!pd) { 877 ret = -EINVAL; 878 goto err_free; 879 } 880 881 ib_uverbs_init_udata(&udata, buf + sizeof(cmd), 882 u64_to_user_ptr(cmd.response) + sizeof(resp), 883 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr), 884 out_len - sizeof(resp)); 885 886 mw = pd->device->alloc_mw(pd, cmd.mw_type, &udata); 887 if (IS_ERR(mw)) { 888 ret = PTR_ERR(mw); 889 goto err_put; 890 } 891 892 mw->device = pd->device; 893 mw->pd = pd; 894 mw->uobject = uobj; 895 atomic_inc(&pd->usecnt); 896 897 uobj->object = mw; 898 899 memset(&resp, 0, sizeof(resp)); 900 resp.rkey = mw->rkey; 901 resp.mw_handle = uobj->id; 902 903 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof(resp))) { 904 ret = -EFAULT; 905 goto err_copy; 906 } 907 908 uobj_put_obj_read(pd); 909 return uobj_alloc_commit(uobj, in_len); 910 911 err_copy: 912 uverbs_dealloc_mw(mw); 913 err_put: 914 uobj_put_obj_read(pd); 915 err_free: 916 uobj_alloc_abort(uobj); 917 return ret; 918 } 919 920 ssize_t ib_uverbs_dealloc_mw(struct ib_uverbs_file *file, 921 const char __user *buf, int in_len, 922 int out_len) 923 { 924 struct ib_uverbs_dealloc_mw cmd; 925 926 if (copy_from_user(&cmd, buf, sizeof(cmd))) 927 return -EFAULT; 928 929 return uobj_perform_destroy(UVERBS_OBJECT_MW, cmd.mw_handle, file, 930 in_len); 931 } 932 933 ssize_t ib_uverbs_create_comp_channel(struct ib_uverbs_file *file, 934 const char __user *buf, int in_len, 935 int out_len) 936 { 937 struct ib_uverbs_create_comp_channel cmd; 938 struct ib_uverbs_create_comp_channel_resp resp; 939 struct ib_uobject *uobj; 940 struct ib_uverbs_completion_event_file *ev_file; 941 struct ib_device *ib_dev; 942 943 if (out_len < sizeof resp) 944 return -ENOSPC; 945 946 if (copy_from_user(&cmd, buf, sizeof cmd)) 947 return -EFAULT; 948 949 uobj = uobj_alloc(UVERBS_OBJECT_COMP_CHANNEL, file, &ib_dev); 950 if (IS_ERR(uobj)) 951 return PTR_ERR(uobj); 952 953 resp.fd = uobj->id; 954 955 ev_file = container_of(uobj, struct ib_uverbs_completion_event_file, 956 uobj); 957 ib_uverbs_init_event_queue(&ev_file->ev_queue); 958 959 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) { 960 uobj_alloc_abort(uobj); 961 return -EFAULT; 962 } 963 964 return uobj_alloc_commit(uobj, in_len); 965 } 966 967 static struct ib_ucq_object *create_cq(struct ib_uverbs_file *file, 968 struct ib_udata *ucore, 969 struct ib_udata *uhw, 970 struct ib_uverbs_ex_create_cq *cmd, 971 size_t cmd_sz, 972 int (*cb)(struct ib_uverbs_file *file, 973 struct ib_ucq_object *obj, 974 struct ib_uverbs_ex_create_cq_resp *resp, 975 struct ib_udata *udata, 976 void *context), 977 void *context) 978 { 979 struct ib_ucq_object *obj; 980 struct ib_uverbs_completion_event_file *ev_file = NULL; 981 struct ib_cq *cq; 982 int ret; 983 struct ib_uverbs_ex_create_cq_resp resp; 984 struct ib_cq_init_attr attr = {}; 985 struct ib_device *ib_dev; 986 987 if (cmd->comp_vector >= file->device->num_comp_vectors) 988 return ERR_PTR(-EINVAL); 989 990 obj = (struct ib_ucq_object *)uobj_alloc(UVERBS_OBJECT_CQ, file, 991 &ib_dev); 992 if (IS_ERR(obj)) 993 return obj; 994 995 if (!ib_dev->create_cq) { 996 ret = -EOPNOTSUPP; 997 goto err; 998 } 999 1000 if (cmd->comp_channel >= 0) { 1001 ev_file = ib_uverbs_lookup_comp_file(cmd->comp_channel, file); 1002 if (IS_ERR(ev_file)) { 1003 ret = PTR_ERR(ev_file); 1004 goto err; 1005 } 1006 } 1007 1008 obj->uobject.user_handle = cmd->user_handle; 1009 obj->comp_events_reported = 0; 1010 obj->async_events_reported = 0; 1011 INIT_LIST_HEAD(&obj->comp_list); 1012 INIT_LIST_HEAD(&obj->async_list); 1013 1014 attr.cqe = cmd->cqe; 1015 attr.comp_vector = cmd->comp_vector; 1016 1017 if (cmd_sz > offsetof(typeof(*cmd), flags) + sizeof(cmd->flags)) 1018 attr.flags = cmd->flags; 1019 1020 cq = ib_dev->create_cq(ib_dev, &attr, obj->uobject.context, uhw); 1021 if (IS_ERR(cq)) { 1022 ret = PTR_ERR(cq); 1023 goto err_file; 1024 } 1025 1026 cq->device = ib_dev; 1027 cq->uobject = &obj->uobject; 1028 cq->comp_handler = ib_uverbs_comp_handler; 1029 cq->event_handler = ib_uverbs_cq_event_handler; 1030 cq->cq_context = ev_file ? &ev_file->ev_queue : NULL; 1031 atomic_set(&cq->usecnt, 0); 1032 1033 obj->uobject.object = cq; 1034 memset(&resp, 0, sizeof resp); 1035 resp.base.cq_handle = obj->uobject.id; 1036 resp.base.cqe = cq->cqe; 1037 1038 resp.response_length = offsetof(typeof(resp), response_length) + 1039 sizeof(resp.response_length); 1040 1041 cq->res.type = RDMA_RESTRACK_CQ; 1042 rdma_restrack_add(&cq->res); 1043 1044 ret = cb(file, obj, &resp, ucore, context); 1045 if (ret) 1046 goto err_cb; 1047 1048 ret = uobj_alloc_commit(&obj->uobject, 0); 1049 if (ret) 1050 return ERR_PTR(ret); 1051 return obj; 1052 1053 err_cb: 1054 ib_destroy_cq(cq); 1055 1056 err_file: 1057 if (ev_file) 1058 ib_uverbs_release_ucq(file, ev_file, obj); 1059 1060 err: 1061 uobj_alloc_abort(&obj->uobject); 1062 1063 return ERR_PTR(ret); 1064 } 1065 1066 static int ib_uverbs_create_cq_cb(struct ib_uverbs_file *file, 1067 struct ib_ucq_object *obj, 1068 struct ib_uverbs_ex_create_cq_resp *resp, 1069 struct ib_udata *ucore, void *context) 1070 { 1071 if (ib_copy_to_udata(ucore, &resp->base, sizeof(resp->base))) 1072 return -EFAULT; 1073 1074 return 0; 1075 } 1076 1077 ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file, 1078 const char __user *buf, int in_len, 1079 int out_len) 1080 { 1081 struct ib_uverbs_create_cq cmd; 1082 struct ib_uverbs_ex_create_cq cmd_ex; 1083 struct ib_uverbs_create_cq_resp resp; 1084 struct ib_udata ucore; 1085 struct ib_udata uhw; 1086 struct ib_ucq_object *obj; 1087 1088 if (out_len < sizeof(resp)) 1089 return -ENOSPC; 1090 1091 if (copy_from_user(&cmd, buf, sizeof(cmd))) 1092 return -EFAULT; 1093 1094 ib_uverbs_init_udata(&ucore, buf, u64_to_user_ptr(cmd.response), 1095 sizeof(cmd), sizeof(resp)); 1096 1097 ib_uverbs_init_udata(&uhw, buf + sizeof(cmd), 1098 u64_to_user_ptr(cmd.response) + sizeof(resp), 1099 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr), 1100 out_len - sizeof(resp)); 1101 1102 memset(&cmd_ex, 0, sizeof(cmd_ex)); 1103 cmd_ex.user_handle = cmd.user_handle; 1104 cmd_ex.cqe = cmd.cqe; 1105 cmd_ex.comp_vector = cmd.comp_vector; 1106 cmd_ex.comp_channel = cmd.comp_channel; 1107 1108 obj = create_cq(file, &ucore, &uhw, &cmd_ex, 1109 offsetof(typeof(cmd_ex), comp_channel) + 1110 sizeof(cmd.comp_channel), ib_uverbs_create_cq_cb, 1111 NULL); 1112 1113 if (IS_ERR(obj)) 1114 return PTR_ERR(obj); 1115 1116 return in_len; 1117 } 1118 1119 static int ib_uverbs_ex_create_cq_cb(struct ib_uverbs_file *file, 1120 struct ib_ucq_object *obj, 1121 struct ib_uverbs_ex_create_cq_resp *resp, 1122 struct ib_udata *ucore, void *context) 1123 { 1124 if (ib_copy_to_udata(ucore, resp, resp->response_length)) 1125 return -EFAULT; 1126 1127 return 0; 1128 } 1129 1130 int ib_uverbs_ex_create_cq(struct ib_uverbs_file *file, 1131 struct ib_udata *ucore, 1132 struct ib_udata *uhw) 1133 { 1134 struct ib_uverbs_ex_create_cq_resp resp; 1135 struct ib_uverbs_ex_create_cq cmd; 1136 struct ib_ucq_object *obj; 1137 int err; 1138 1139 if (ucore->inlen < sizeof(cmd)) 1140 return -EINVAL; 1141 1142 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd)); 1143 if (err) 1144 return err; 1145 1146 if (cmd.comp_mask) 1147 return -EINVAL; 1148 1149 if (cmd.reserved) 1150 return -EINVAL; 1151 1152 if (ucore->outlen < (offsetof(typeof(resp), response_length) + 1153 sizeof(resp.response_length))) 1154 return -ENOSPC; 1155 1156 obj = create_cq(file, ucore, uhw, &cmd, 1157 min(ucore->inlen, sizeof(cmd)), 1158 ib_uverbs_ex_create_cq_cb, NULL); 1159 1160 return PTR_ERR_OR_ZERO(obj); 1161 } 1162 1163 ssize_t ib_uverbs_resize_cq(struct ib_uverbs_file *file, 1164 const char __user *buf, int in_len, 1165 int out_len) 1166 { 1167 struct ib_uverbs_resize_cq cmd; 1168 struct ib_uverbs_resize_cq_resp resp = {}; 1169 struct ib_udata udata; 1170 struct ib_cq *cq; 1171 int ret = -EINVAL; 1172 1173 if (copy_from_user(&cmd, buf, sizeof cmd)) 1174 return -EFAULT; 1175 1176 ib_uverbs_init_udata(&udata, buf + sizeof(cmd), 1177 u64_to_user_ptr(cmd.response) + sizeof(resp), 1178 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr), 1179 out_len - sizeof(resp)); 1180 1181 cq = uobj_get_obj_read(cq, UVERBS_OBJECT_CQ, cmd.cq_handle, file); 1182 if (!cq) 1183 return -EINVAL; 1184 1185 ret = cq->device->resize_cq(cq, cmd.cqe, &udata); 1186 if (ret) 1187 goto out; 1188 1189 resp.cqe = cq->cqe; 1190 1191 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp.cqe)) 1192 ret = -EFAULT; 1193 1194 out: 1195 uobj_put_obj_read(cq); 1196 1197 return ret ? ret : in_len; 1198 } 1199 1200 static int copy_wc_to_user(struct ib_device *ib_dev, void __user *dest, 1201 struct ib_wc *wc) 1202 { 1203 struct ib_uverbs_wc tmp; 1204 1205 tmp.wr_id = wc->wr_id; 1206 tmp.status = wc->status; 1207 tmp.opcode = wc->opcode; 1208 tmp.vendor_err = wc->vendor_err; 1209 tmp.byte_len = wc->byte_len; 1210 tmp.ex.imm_data = wc->ex.imm_data; 1211 tmp.qp_num = wc->qp->qp_num; 1212 tmp.src_qp = wc->src_qp; 1213 tmp.wc_flags = wc->wc_flags; 1214 tmp.pkey_index = wc->pkey_index; 1215 if (rdma_cap_opa_ah(ib_dev, wc->port_num)) 1216 tmp.slid = OPA_TO_IB_UCAST_LID(wc->slid); 1217 else 1218 tmp.slid = ib_lid_cpu16(wc->slid); 1219 tmp.sl = wc->sl; 1220 tmp.dlid_path_bits = wc->dlid_path_bits; 1221 tmp.port_num = wc->port_num; 1222 tmp.reserved = 0; 1223 1224 if (copy_to_user(dest, &tmp, sizeof tmp)) 1225 return -EFAULT; 1226 1227 return 0; 1228 } 1229 1230 ssize_t ib_uverbs_poll_cq(struct ib_uverbs_file *file, 1231 const char __user *buf, int in_len, 1232 int out_len) 1233 { 1234 struct ib_uverbs_poll_cq cmd; 1235 struct ib_uverbs_poll_cq_resp resp; 1236 u8 __user *header_ptr; 1237 u8 __user *data_ptr; 1238 struct ib_cq *cq; 1239 struct ib_wc wc; 1240 int ret; 1241 1242 if (copy_from_user(&cmd, buf, sizeof cmd)) 1243 return -EFAULT; 1244 1245 cq = uobj_get_obj_read(cq, UVERBS_OBJECT_CQ, cmd.cq_handle, file); 1246 if (!cq) 1247 return -EINVAL; 1248 1249 /* we copy a struct ib_uverbs_poll_cq_resp to user space */ 1250 header_ptr = u64_to_user_ptr(cmd.response); 1251 data_ptr = header_ptr + sizeof resp; 1252 1253 memset(&resp, 0, sizeof resp); 1254 while (resp.count < cmd.ne) { 1255 ret = ib_poll_cq(cq, 1, &wc); 1256 if (ret < 0) 1257 goto out_put; 1258 if (!ret) 1259 break; 1260 1261 ret = copy_wc_to_user(cq->device, data_ptr, &wc); 1262 if (ret) 1263 goto out_put; 1264 1265 data_ptr += sizeof(struct ib_uverbs_wc); 1266 ++resp.count; 1267 } 1268 1269 if (copy_to_user(header_ptr, &resp, sizeof resp)) { 1270 ret = -EFAULT; 1271 goto out_put; 1272 } 1273 1274 ret = in_len; 1275 1276 out_put: 1277 uobj_put_obj_read(cq); 1278 return ret; 1279 } 1280 1281 ssize_t ib_uverbs_req_notify_cq(struct ib_uverbs_file *file, 1282 const char __user *buf, int in_len, 1283 int out_len) 1284 { 1285 struct ib_uverbs_req_notify_cq cmd; 1286 struct ib_cq *cq; 1287 1288 if (copy_from_user(&cmd, buf, sizeof cmd)) 1289 return -EFAULT; 1290 1291 cq = uobj_get_obj_read(cq, UVERBS_OBJECT_CQ, cmd.cq_handle, file); 1292 if (!cq) 1293 return -EINVAL; 1294 1295 ib_req_notify_cq(cq, cmd.solicited_only ? 1296 IB_CQ_SOLICITED : IB_CQ_NEXT_COMP); 1297 1298 uobj_put_obj_read(cq); 1299 1300 return in_len; 1301 } 1302 1303 ssize_t ib_uverbs_destroy_cq(struct ib_uverbs_file *file, 1304 const char __user *buf, int in_len, 1305 int out_len) 1306 { 1307 struct ib_uverbs_destroy_cq cmd; 1308 struct ib_uverbs_destroy_cq_resp resp; 1309 struct ib_uobject *uobj; 1310 struct ib_ucq_object *obj; 1311 1312 if (copy_from_user(&cmd, buf, sizeof cmd)) 1313 return -EFAULT; 1314 1315 uobj = uobj_get_destroy(UVERBS_OBJECT_CQ, cmd.cq_handle, file); 1316 if (IS_ERR(uobj)) 1317 return PTR_ERR(uobj); 1318 1319 obj = container_of(uobj, struct ib_ucq_object, uobject); 1320 memset(&resp, 0, sizeof(resp)); 1321 resp.comp_events_reported = obj->comp_events_reported; 1322 resp.async_events_reported = obj->async_events_reported; 1323 1324 uobj_put_destroy(uobj); 1325 1326 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) 1327 return -EFAULT; 1328 1329 return in_len; 1330 } 1331 1332 static int create_qp(struct ib_uverbs_file *file, 1333 struct ib_udata *ucore, 1334 struct ib_udata *uhw, 1335 struct ib_uverbs_ex_create_qp *cmd, 1336 size_t cmd_sz, 1337 int (*cb)(struct ib_uverbs_file *file, 1338 struct ib_uverbs_ex_create_qp_resp *resp, 1339 struct ib_udata *udata), 1340 void *context) 1341 { 1342 struct ib_uqp_object *obj; 1343 struct ib_device *device; 1344 struct ib_pd *pd = NULL; 1345 struct ib_xrcd *xrcd = NULL; 1346 struct ib_uobject *xrcd_uobj = ERR_PTR(-ENOENT); 1347 struct ib_cq *scq = NULL, *rcq = NULL; 1348 struct ib_srq *srq = NULL; 1349 struct ib_qp *qp; 1350 char *buf; 1351 struct ib_qp_init_attr attr = {}; 1352 struct ib_uverbs_ex_create_qp_resp resp; 1353 int ret; 1354 struct ib_rwq_ind_table *ind_tbl = NULL; 1355 bool has_sq = true; 1356 struct ib_device *ib_dev; 1357 1358 if (cmd->qp_type == IB_QPT_RAW_PACKET && !capable(CAP_NET_RAW)) 1359 return -EPERM; 1360 1361 obj = (struct ib_uqp_object *)uobj_alloc(UVERBS_OBJECT_QP, file, 1362 &ib_dev); 1363 if (IS_ERR(obj)) 1364 return PTR_ERR(obj); 1365 obj->uxrcd = NULL; 1366 obj->uevent.uobject.user_handle = cmd->user_handle; 1367 mutex_init(&obj->mcast_lock); 1368 1369 if (cmd_sz >= offsetof(typeof(*cmd), rwq_ind_tbl_handle) + 1370 sizeof(cmd->rwq_ind_tbl_handle) && 1371 (cmd->comp_mask & IB_UVERBS_CREATE_QP_MASK_IND_TABLE)) { 1372 ind_tbl = uobj_get_obj_read(rwq_ind_table, 1373 UVERBS_OBJECT_RWQ_IND_TBL, 1374 cmd->rwq_ind_tbl_handle, file); 1375 if (!ind_tbl) { 1376 ret = -EINVAL; 1377 goto err_put; 1378 } 1379 1380 attr.rwq_ind_tbl = ind_tbl; 1381 } 1382 1383 if (cmd_sz > sizeof(*cmd) && 1384 !ib_is_udata_cleared(ucore, sizeof(*cmd), 1385 cmd_sz - sizeof(*cmd))) { 1386 ret = -EOPNOTSUPP; 1387 goto err_put; 1388 } 1389 1390 if (ind_tbl && (cmd->max_recv_wr || cmd->max_recv_sge || cmd->is_srq)) { 1391 ret = -EINVAL; 1392 goto err_put; 1393 } 1394 1395 if (ind_tbl && !cmd->max_send_wr) 1396 has_sq = false; 1397 1398 if (cmd->qp_type == IB_QPT_XRC_TGT) { 1399 xrcd_uobj = uobj_get_read(UVERBS_OBJECT_XRCD, cmd->pd_handle, 1400 file); 1401 1402 if (IS_ERR(xrcd_uobj)) { 1403 ret = -EINVAL; 1404 goto err_put; 1405 } 1406 1407 xrcd = (struct ib_xrcd *)xrcd_uobj->object; 1408 if (!xrcd) { 1409 ret = -EINVAL; 1410 goto err_put; 1411 } 1412 device = xrcd->device; 1413 } else { 1414 if (cmd->qp_type == IB_QPT_XRC_INI) { 1415 cmd->max_recv_wr = 0; 1416 cmd->max_recv_sge = 0; 1417 } else { 1418 if (cmd->is_srq) { 1419 srq = uobj_get_obj_read(srq, UVERBS_OBJECT_SRQ, 1420 cmd->srq_handle, file); 1421 if (!srq || srq->srq_type == IB_SRQT_XRC) { 1422 ret = -EINVAL; 1423 goto err_put; 1424 } 1425 } 1426 1427 if (!ind_tbl) { 1428 if (cmd->recv_cq_handle != cmd->send_cq_handle) { 1429 rcq = uobj_get_obj_read( 1430 cq, UVERBS_OBJECT_CQ, 1431 cmd->recv_cq_handle, file); 1432 if (!rcq) { 1433 ret = -EINVAL; 1434 goto err_put; 1435 } 1436 } 1437 } 1438 } 1439 1440 if (has_sq) 1441 scq = uobj_get_obj_read(cq, UVERBS_OBJECT_CQ, 1442 cmd->send_cq_handle, file); 1443 if (!ind_tbl) 1444 rcq = rcq ?: scq; 1445 pd = uobj_get_obj_read(pd, UVERBS_OBJECT_PD, cmd->pd_handle, 1446 file); 1447 if (!pd || (!scq && has_sq)) { 1448 ret = -EINVAL; 1449 goto err_put; 1450 } 1451 1452 device = pd->device; 1453 } 1454 1455 attr.event_handler = ib_uverbs_qp_event_handler; 1456 attr.qp_context = file; 1457 attr.send_cq = scq; 1458 attr.recv_cq = rcq; 1459 attr.srq = srq; 1460 attr.xrcd = xrcd; 1461 attr.sq_sig_type = cmd->sq_sig_all ? IB_SIGNAL_ALL_WR : 1462 IB_SIGNAL_REQ_WR; 1463 attr.qp_type = cmd->qp_type; 1464 attr.create_flags = 0; 1465 1466 attr.cap.max_send_wr = cmd->max_send_wr; 1467 attr.cap.max_recv_wr = cmd->max_recv_wr; 1468 attr.cap.max_send_sge = cmd->max_send_sge; 1469 attr.cap.max_recv_sge = cmd->max_recv_sge; 1470 attr.cap.max_inline_data = cmd->max_inline_data; 1471 1472 obj->uevent.events_reported = 0; 1473 INIT_LIST_HEAD(&obj->uevent.event_list); 1474 INIT_LIST_HEAD(&obj->mcast_list); 1475 1476 if (cmd_sz >= offsetof(typeof(*cmd), create_flags) + 1477 sizeof(cmd->create_flags)) 1478 attr.create_flags = cmd->create_flags; 1479 1480 if (attr.create_flags & ~(IB_QP_CREATE_BLOCK_MULTICAST_LOOPBACK | 1481 IB_QP_CREATE_CROSS_CHANNEL | 1482 IB_QP_CREATE_MANAGED_SEND | 1483 IB_QP_CREATE_MANAGED_RECV | 1484 IB_QP_CREATE_SCATTER_FCS | 1485 IB_QP_CREATE_CVLAN_STRIPPING | 1486 IB_QP_CREATE_SOURCE_QPN | 1487 IB_QP_CREATE_PCI_WRITE_END_PADDING)) { 1488 ret = -EINVAL; 1489 goto err_put; 1490 } 1491 1492 if (attr.create_flags & IB_QP_CREATE_SOURCE_QPN) { 1493 if (!capable(CAP_NET_RAW)) { 1494 ret = -EPERM; 1495 goto err_put; 1496 } 1497 1498 attr.source_qpn = cmd->source_qpn; 1499 } 1500 1501 buf = (void *)cmd + sizeof(*cmd); 1502 if (cmd_sz > sizeof(*cmd)) 1503 if (!(buf[0] == 0 && !memcmp(buf, buf + 1, 1504 cmd_sz - sizeof(*cmd) - 1))) { 1505 ret = -EINVAL; 1506 goto err_put; 1507 } 1508 1509 if (cmd->qp_type == IB_QPT_XRC_TGT) 1510 qp = ib_create_qp(pd, &attr); 1511 else 1512 qp = _ib_create_qp(device, pd, &attr, uhw, 1513 &obj->uevent.uobject); 1514 1515 if (IS_ERR(qp)) { 1516 ret = PTR_ERR(qp); 1517 goto err_put; 1518 } 1519 1520 if (cmd->qp_type != IB_QPT_XRC_TGT) { 1521 ret = ib_create_qp_security(qp, device); 1522 if (ret) 1523 goto err_cb; 1524 1525 qp->real_qp = qp; 1526 qp->pd = pd; 1527 qp->send_cq = attr.send_cq; 1528 qp->recv_cq = attr.recv_cq; 1529 qp->srq = attr.srq; 1530 qp->rwq_ind_tbl = ind_tbl; 1531 qp->event_handler = attr.event_handler; 1532 qp->qp_context = attr.qp_context; 1533 qp->qp_type = attr.qp_type; 1534 atomic_set(&qp->usecnt, 0); 1535 atomic_inc(&pd->usecnt); 1536 qp->port = 0; 1537 if (attr.send_cq) 1538 atomic_inc(&attr.send_cq->usecnt); 1539 if (attr.recv_cq) 1540 atomic_inc(&attr.recv_cq->usecnt); 1541 if (attr.srq) 1542 atomic_inc(&attr.srq->usecnt); 1543 if (ind_tbl) 1544 atomic_inc(&ind_tbl->usecnt); 1545 } else { 1546 /* It is done in _ib_create_qp for other QP types */ 1547 qp->uobject = &obj->uevent.uobject; 1548 } 1549 1550 obj->uevent.uobject.object = qp; 1551 1552 memset(&resp, 0, sizeof resp); 1553 resp.base.qpn = qp->qp_num; 1554 resp.base.qp_handle = obj->uevent.uobject.id; 1555 resp.base.max_recv_sge = attr.cap.max_recv_sge; 1556 resp.base.max_send_sge = attr.cap.max_send_sge; 1557 resp.base.max_recv_wr = attr.cap.max_recv_wr; 1558 resp.base.max_send_wr = attr.cap.max_send_wr; 1559 resp.base.max_inline_data = attr.cap.max_inline_data; 1560 1561 resp.response_length = offsetof(typeof(resp), response_length) + 1562 sizeof(resp.response_length); 1563 1564 ret = cb(file, &resp, ucore); 1565 if (ret) 1566 goto err_cb; 1567 1568 if (xrcd) { 1569 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object, 1570 uobject); 1571 atomic_inc(&obj->uxrcd->refcnt); 1572 uobj_put_read(xrcd_uobj); 1573 } 1574 1575 if (pd) 1576 uobj_put_obj_read(pd); 1577 if (scq) 1578 uobj_put_obj_read(scq); 1579 if (rcq && rcq != scq) 1580 uobj_put_obj_read(rcq); 1581 if (srq) 1582 uobj_put_obj_read(srq); 1583 if (ind_tbl) 1584 uobj_put_obj_read(ind_tbl); 1585 1586 return uobj_alloc_commit(&obj->uevent.uobject, 0); 1587 err_cb: 1588 ib_destroy_qp(qp); 1589 1590 err_put: 1591 if (!IS_ERR(xrcd_uobj)) 1592 uobj_put_read(xrcd_uobj); 1593 if (pd) 1594 uobj_put_obj_read(pd); 1595 if (scq) 1596 uobj_put_obj_read(scq); 1597 if (rcq && rcq != scq) 1598 uobj_put_obj_read(rcq); 1599 if (srq) 1600 uobj_put_obj_read(srq); 1601 if (ind_tbl) 1602 uobj_put_obj_read(ind_tbl); 1603 1604 uobj_alloc_abort(&obj->uevent.uobject); 1605 return ret; 1606 } 1607 1608 static int ib_uverbs_create_qp_cb(struct ib_uverbs_file *file, 1609 struct ib_uverbs_ex_create_qp_resp *resp, 1610 struct ib_udata *ucore) 1611 { 1612 if (ib_copy_to_udata(ucore, &resp->base, sizeof(resp->base))) 1613 return -EFAULT; 1614 1615 return 0; 1616 } 1617 1618 ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file, 1619 const char __user *buf, int in_len, 1620 int out_len) 1621 { 1622 struct ib_uverbs_create_qp cmd; 1623 struct ib_uverbs_ex_create_qp cmd_ex; 1624 struct ib_udata ucore; 1625 struct ib_udata uhw; 1626 ssize_t resp_size = sizeof(struct ib_uverbs_create_qp_resp); 1627 int err; 1628 1629 if (out_len < resp_size) 1630 return -ENOSPC; 1631 1632 if (copy_from_user(&cmd, buf, sizeof(cmd))) 1633 return -EFAULT; 1634 1635 ib_uverbs_init_udata(&ucore, buf, u64_to_user_ptr(cmd.response), 1636 sizeof(cmd), resp_size); 1637 ib_uverbs_init_udata(&uhw, buf + sizeof(cmd), 1638 u64_to_user_ptr(cmd.response) + resp_size, 1639 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr), 1640 out_len - resp_size); 1641 1642 memset(&cmd_ex, 0, sizeof(cmd_ex)); 1643 cmd_ex.user_handle = cmd.user_handle; 1644 cmd_ex.pd_handle = cmd.pd_handle; 1645 cmd_ex.send_cq_handle = cmd.send_cq_handle; 1646 cmd_ex.recv_cq_handle = cmd.recv_cq_handle; 1647 cmd_ex.srq_handle = cmd.srq_handle; 1648 cmd_ex.max_send_wr = cmd.max_send_wr; 1649 cmd_ex.max_recv_wr = cmd.max_recv_wr; 1650 cmd_ex.max_send_sge = cmd.max_send_sge; 1651 cmd_ex.max_recv_sge = cmd.max_recv_sge; 1652 cmd_ex.max_inline_data = cmd.max_inline_data; 1653 cmd_ex.sq_sig_all = cmd.sq_sig_all; 1654 cmd_ex.qp_type = cmd.qp_type; 1655 cmd_ex.is_srq = cmd.is_srq; 1656 1657 err = create_qp(file, &ucore, &uhw, &cmd_ex, 1658 offsetof(typeof(cmd_ex), is_srq) + 1659 sizeof(cmd.is_srq), ib_uverbs_create_qp_cb, 1660 NULL); 1661 1662 if (err) 1663 return err; 1664 1665 return in_len; 1666 } 1667 1668 static int ib_uverbs_ex_create_qp_cb(struct ib_uverbs_file *file, 1669 struct ib_uverbs_ex_create_qp_resp *resp, 1670 struct ib_udata *ucore) 1671 { 1672 if (ib_copy_to_udata(ucore, resp, resp->response_length)) 1673 return -EFAULT; 1674 1675 return 0; 1676 } 1677 1678 int ib_uverbs_ex_create_qp(struct ib_uverbs_file *file, 1679 struct ib_udata *ucore, 1680 struct ib_udata *uhw) 1681 { 1682 struct ib_uverbs_ex_create_qp_resp resp; 1683 struct ib_uverbs_ex_create_qp cmd = {0}; 1684 int err; 1685 1686 if (ucore->inlen < (offsetof(typeof(cmd), comp_mask) + 1687 sizeof(cmd.comp_mask))) 1688 return -EINVAL; 1689 1690 err = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen)); 1691 if (err) 1692 return err; 1693 1694 if (cmd.comp_mask & ~IB_UVERBS_CREATE_QP_SUP_COMP_MASK) 1695 return -EINVAL; 1696 1697 if (cmd.reserved) 1698 return -EINVAL; 1699 1700 if (ucore->outlen < (offsetof(typeof(resp), response_length) + 1701 sizeof(resp.response_length))) 1702 return -ENOSPC; 1703 1704 err = create_qp(file, ucore, uhw, &cmd, 1705 min(ucore->inlen, sizeof(cmd)), 1706 ib_uverbs_ex_create_qp_cb, NULL); 1707 1708 if (err) 1709 return err; 1710 1711 return 0; 1712 } 1713 1714 ssize_t ib_uverbs_open_qp(struct ib_uverbs_file *file, 1715 const char __user *buf, int in_len, int out_len) 1716 { 1717 struct ib_uverbs_open_qp cmd; 1718 struct ib_uverbs_create_qp_resp resp; 1719 struct ib_udata udata; 1720 struct ib_uqp_object *obj; 1721 struct ib_xrcd *xrcd; 1722 struct ib_uobject *uninitialized_var(xrcd_uobj); 1723 struct ib_qp *qp; 1724 struct ib_qp_open_attr attr; 1725 int ret; 1726 struct ib_device *ib_dev; 1727 1728 if (out_len < sizeof resp) 1729 return -ENOSPC; 1730 1731 if (copy_from_user(&cmd, buf, sizeof cmd)) 1732 return -EFAULT; 1733 1734 ib_uverbs_init_udata(&udata, buf + sizeof(cmd), 1735 u64_to_user_ptr(cmd.response) + sizeof(resp), 1736 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr), 1737 out_len - sizeof(resp)); 1738 1739 obj = (struct ib_uqp_object *)uobj_alloc(UVERBS_OBJECT_QP, file, 1740 &ib_dev); 1741 if (IS_ERR(obj)) 1742 return PTR_ERR(obj); 1743 1744 xrcd_uobj = uobj_get_read(UVERBS_OBJECT_XRCD, cmd.pd_handle, file); 1745 if (IS_ERR(xrcd_uobj)) { 1746 ret = -EINVAL; 1747 goto err_put; 1748 } 1749 1750 xrcd = (struct ib_xrcd *)xrcd_uobj->object; 1751 if (!xrcd) { 1752 ret = -EINVAL; 1753 goto err_xrcd; 1754 } 1755 1756 attr.event_handler = ib_uverbs_qp_event_handler; 1757 attr.qp_context = file; 1758 attr.qp_num = cmd.qpn; 1759 attr.qp_type = cmd.qp_type; 1760 1761 obj->uevent.events_reported = 0; 1762 INIT_LIST_HEAD(&obj->uevent.event_list); 1763 INIT_LIST_HEAD(&obj->mcast_list); 1764 1765 qp = ib_open_qp(xrcd, &attr); 1766 if (IS_ERR(qp)) { 1767 ret = PTR_ERR(qp); 1768 goto err_xrcd; 1769 } 1770 1771 obj->uevent.uobject.object = qp; 1772 obj->uevent.uobject.user_handle = cmd.user_handle; 1773 1774 memset(&resp, 0, sizeof resp); 1775 resp.qpn = qp->qp_num; 1776 resp.qp_handle = obj->uevent.uobject.id; 1777 1778 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) { 1779 ret = -EFAULT; 1780 goto err_destroy; 1781 } 1782 1783 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object, uobject); 1784 atomic_inc(&obj->uxrcd->refcnt); 1785 qp->uobject = &obj->uevent.uobject; 1786 uobj_put_read(xrcd_uobj); 1787 1788 return uobj_alloc_commit(&obj->uevent.uobject, in_len); 1789 1790 err_destroy: 1791 ib_destroy_qp(qp); 1792 err_xrcd: 1793 uobj_put_read(xrcd_uobj); 1794 err_put: 1795 uobj_alloc_abort(&obj->uevent.uobject); 1796 return ret; 1797 } 1798 1799 static void copy_ah_attr_to_uverbs(struct ib_uverbs_qp_dest *uverb_attr, 1800 struct rdma_ah_attr *rdma_attr) 1801 { 1802 const struct ib_global_route *grh; 1803 1804 uverb_attr->dlid = rdma_ah_get_dlid(rdma_attr); 1805 uverb_attr->sl = rdma_ah_get_sl(rdma_attr); 1806 uverb_attr->src_path_bits = rdma_ah_get_path_bits(rdma_attr); 1807 uverb_attr->static_rate = rdma_ah_get_static_rate(rdma_attr); 1808 uverb_attr->is_global = !!(rdma_ah_get_ah_flags(rdma_attr) & 1809 IB_AH_GRH); 1810 if (uverb_attr->is_global) { 1811 grh = rdma_ah_read_grh(rdma_attr); 1812 memcpy(uverb_attr->dgid, grh->dgid.raw, 16); 1813 uverb_attr->flow_label = grh->flow_label; 1814 uverb_attr->sgid_index = grh->sgid_index; 1815 uverb_attr->hop_limit = grh->hop_limit; 1816 uverb_attr->traffic_class = grh->traffic_class; 1817 } 1818 uverb_attr->port_num = rdma_ah_get_port_num(rdma_attr); 1819 } 1820 1821 ssize_t ib_uverbs_query_qp(struct ib_uverbs_file *file, 1822 const char __user *buf, int in_len, 1823 int out_len) 1824 { 1825 struct ib_uverbs_query_qp cmd; 1826 struct ib_uverbs_query_qp_resp resp; 1827 struct ib_qp *qp; 1828 struct ib_qp_attr *attr; 1829 struct ib_qp_init_attr *init_attr; 1830 int ret; 1831 1832 if (copy_from_user(&cmd, buf, sizeof cmd)) 1833 return -EFAULT; 1834 1835 attr = kmalloc(sizeof *attr, GFP_KERNEL); 1836 init_attr = kmalloc(sizeof *init_attr, GFP_KERNEL); 1837 if (!attr || !init_attr) { 1838 ret = -ENOMEM; 1839 goto out; 1840 } 1841 1842 qp = uobj_get_obj_read(qp, UVERBS_OBJECT_QP, cmd.qp_handle, file); 1843 if (!qp) { 1844 ret = -EINVAL; 1845 goto out; 1846 } 1847 1848 ret = ib_query_qp(qp, attr, cmd.attr_mask, init_attr); 1849 1850 uobj_put_obj_read(qp); 1851 1852 if (ret) 1853 goto out; 1854 1855 memset(&resp, 0, sizeof resp); 1856 1857 resp.qp_state = attr->qp_state; 1858 resp.cur_qp_state = attr->cur_qp_state; 1859 resp.path_mtu = attr->path_mtu; 1860 resp.path_mig_state = attr->path_mig_state; 1861 resp.qkey = attr->qkey; 1862 resp.rq_psn = attr->rq_psn; 1863 resp.sq_psn = attr->sq_psn; 1864 resp.dest_qp_num = attr->dest_qp_num; 1865 resp.qp_access_flags = attr->qp_access_flags; 1866 resp.pkey_index = attr->pkey_index; 1867 resp.alt_pkey_index = attr->alt_pkey_index; 1868 resp.sq_draining = attr->sq_draining; 1869 resp.max_rd_atomic = attr->max_rd_atomic; 1870 resp.max_dest_rd_atomic = attr->max_dest_rd_atomic; 1871 resp.min_rnr_timer = attr->min_rnr_timer; 1872 resp.port_num = attr->port_num; 1873 resp.timeout = attr->timeout; 1874 resp.retry_cnt = attr->retry_cnt; 1875 resp.rnr_retry = attr->rnr_retry; 1876 resp.alt_port_num = attr->alt_port_num; 1877 resp.alt_timeout = attr->alt_timeout; 1878 1879 copy_ah_attr_to_uverbs(&resp.dest, &attr->ah_attr); 1880 copy_ah_attr_to_uverbs(&resp.alt_dest, &attr->alt_ah_attr); 1881 1882 resp.max_send_wr = init_attr->cap.max_send_wr; 1883 resp.max_recv_wr = init_attr->cap.max_recv_wr; 1884 resp.max_send_sge = init_attr->cap.max_send_sge; 1885 resp.max_recv_sge = init_attr->cap.max_recv_sge; 1886 resp.max_inline_data = init_attr->cap.max_inline_data; 1887 resp.sq_sig_all = init_attr->sq_sig_type == IB_SIGNAL_ALL_WR; 1888 1889 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) 1890 ret = -EFAULT; 1891 1892 out: 1893 kfree(attr); 1894 kfree(init_attr); 1895 1896 return ret ? ret : in_len; 1897 } 1898 1899 /* Remove ignored fields set in the attribute mask */ 1900 static int modify_qp_mask(enum ib_qp_type qp_type, int mask) 1901 { 1902 switch (qp_type) { 1903 case IB_QPT_XRC_INI: 1904 return mask & ~(IB_QP_MAX_DEST_RD_ATOMIC | IB_QP_MIN_RNR_TIMER); 1905 case IB_QPT_XRC_TGT: 1906 return mask & ~(IB_QP_MAX_QP_RD_ATOMIC | IB_QP_RETRY_CNT | 1907 IB_QP_RNR_RETRY); 1908 default: 1909 return mask; 1910 } 1911 } 1912 1913 static void copy_ah_attr_from_uverbs(struct ib_device *dev, 1914 struct rdma_ah_attr *rdma_attr, 1915 struct ib_uverbs_qp_dest *uverb_attr) 1916 { 1917 rdma_attr->type = rdma_ah_find_type(dev, uverb_attr->port_num); 1918 if (uverb_attr->is_global) { 1919 rdma_ah_set_grh(rdma_attr, NULL, 1920 uverb_attr->flow_label, 1921 uverb_attr->sgid_index, 1922 uverb_attr->hop_limit, 1923 uverb_attr->traffic_class); 1924 rdma_ah_set_dgid_raw(rdma_attr, uverb_attr->dgid); 1925 } else { 1926 rdma_ah_set_ah_flags(rdma_attr, 0); 1927 } 1928 rdma_ah_set_dlid(rdma_attr, uverb_attr->dlid); 1929 rdma_ah_set_sl(rdma_attr, uverb_attr->sl); 1930 rdma_ah_set_path_bits(rdma_attr, uverb_attr->src_path_bits); 1931 rdma_ah_set_static_rate(rdma_attr, uverb_attr->static_rate); 1932 rdma_ah_set_port_num(rdma_attr, uverb_attr->port_num); 1933 rdma_ah_set_make_grd(rdma_attr, false); 1934 } 1935 1936 static int modify_qp(struct ib_uverbs_file *file, 1937 struct ib_uverbs_ex_modify_qp *cmd, struct ib_udata *udata) 1938 { 1939 struct ib_qp_attr *attr; 1940 struct ib_qp *qp; 1941 int ret; 1942 1943 attr = kzalloc(sizeof(*attr), GFP_KERNEL); 1944 if (!attr) 1945 return -ENOMEM; 1946 1947 qp = uobj_get_obj_read(qp, UVERBS_OBJECT_QP, cmd->base.qp_handle, file); 1948 if (!qp) { 1949 ret = -EINVAL; 1950 goto out; 1951 } 1952 1953 if ((cmd->base.attr_mask & IB_QP_PORT) && 1954 !rdma_is_port_valid(qp->device, cmd->base.port_num)) { 1955 ret = -EINVAL; 1956 goto release_qp; 1957 } 1958 1959 if ((cmd->base.attr_mask & IB_QP_AV)) { 1960 if (!rdma_is_port_valid(qp->device, cmd->base.dest.port_num)) { 1961 ret = -EINVAL; 1962 goto release_qp; 1963 } 1964 1965 if (cmd->base.attr_mask & IB_QP_STATE && 1966 cmd->base.qp_state == IB_QPS_RTR) { 1967 /* We are in INIT->RTR TRANSITION (if we are not, 1968 * this transition will be rejected in subsequent checks). 1969 * In the INIT->RTR transition, we cannot have IB_QP_PORT set, 1970 * but the IB_QP_STATE flag is required. 1971 * 1972 * Since kernel 3.14 (commit dbf727de7440), the uverbs driver, 1973 * when IB_QP_AV is set, has required inclusion of a valid 1974 * port number in the primary AV. (AVs are created and handled 1975 * differently for infiniband and ethernet (RoCE) ports). 1976 * 1977 * Check the port number included in the primary AV against 1978 * the port number in the qp struct, which was set (and saved) 1979 * in the RST->INIT transition. 1980 */ 1981 if (cmd->base.dest.port_num != qp->real_qp->port) { 1982 ret = -EINVAL; 1983 goto release_qp; 1984 } 1985 } else { 1986 /* We are in SQD->SQD. (If we are not, this transition will 1987 * be rejected later in the verbs layer checks). 1988 * Check for both IB_QP_PORT and IB_QP_AV, these can be set 1989 * together in the SQD->SQD transition. 1990 * 1991 * If only IP_QP_AV was set, add in IB_QP_PORT as well (the 1992 * verbs layer driver does not track primary port changes 1993 * resulting from path migration. Thus, in SQD, if the primary 1994 * AV is modified, the primary port should also be modified). 1995 * 1996 * Note that in this transition, the IB_QP_STATE flag 1997 * is not allowed. 1998 */ 1999 if (((cmd->base.attr_mask & (IB_QP_AV | IB_QP_PORT)) 2000 == (IB_QP_AV | IB_QP_PORT)) && 2001 cmd->base.port_num != cmd->base.dest.port_num) { 2002 ret = -EINVAL; 2003 goto release_qp; 2004 } 2005 if ((cmd->base.attr_mask & (IB_QP_AV | IB_QP_PORT)) 2006 == IB_QP_AV) { 2007 cmd->base.attr_mask |= IB_QP_PORT; 2008 cmd->base.port_num = cmd->base.dest.port_num; 2009 } 2010 } 2011 } 2012 2013 if ((cmd->base.attr_mask & IB_QP_ALT_PATH) && 2014 (!rdma_is_port_valid(qp->device, cmd->base.alt_port_num) || 2015 !rdma_is_port_valid(qp->device, cmd->base.alt_dest.port_num) || 2016 cmd->base.alt_port_num != cmd->base.alt_dest.port_num)) { 2017 ret = -EINVAL; 2018 goto release_qp; 2019 } 2020 2021 if ((cmd->base.attr_mask & IB_QP_CUR_STATE && 2022 cmd->base.cur_qp_state > IB_QPS_ERR) || 2023 (cmd->base.attr_mask & IB_QP_STATE && 2024 cmd->base.qp_state > IB_QPS_ERR)) { 2025 ret = -EINVAL; 2026 goto release_qp; 2027 } 2028 2029 if (cmd->base.attr_mask & IB_QP_STATE) 2030 attr->qp_state = cmd->base.qp_state; 2031 if (cmd->base.attr_mask & IB_QP_CUR_STATE) 2032 attr->cur_qp_state = cmd->base.cur_qp_state; 2033 if (cmd->base.attr_mask & IB_QP_PATH_MTU) 2034 attr->path_mtu = cmd->base.path_mtu; 2035 if (cmd->base.attr_mask & IB_QP_PATH_MIG_STATE) 2036 attr->path_mig_state = cmd->base.path_mig_state; 2037 if (cmd->base.attr_mask & IB_QP_QKEY) 2038 attr->qkey = cmd->base.qkey; 2039 if (cmd->base.attr_mask & IB_QP_RQ_PSN) 2040 attr->rq_psn = cmd->base.rq_psn; 2041 if (cmd->base.attr_mask & IB_QP_SQ_PSN) 2042 attr->sq_psn = cmd->base.sq_psn; 2043 if (cmd->base.attr_mask & IB_QP_DEST_QPN) 2044 attr->dest_qp_num = cmd->base.dest_qp_num; 2045 if (cmd->base.attr_mask & IB_QP_ACCESS_FLAGS) 2046 attr->qp_access_flags = cmd->base.qp_access_flags; 2047 if (cmd->base.attr_mask & IB_QP_PKEY_INDEX) 2048 attr->pkey_index = cmd->base.pkey_index; 2049 if (cmd->base.attr_mask & IB_QP_EN_SQD_ASYNC_NOTIFY) 2050 attr->en_sqd_async_notify = cmd->base.en_sqd_async_notify; 2051 if (cmd->base.attr_mask & IB_QP_MAX_QP_RD_ATOMIC) 2052 attr->max_rd_atomic = cmd->base.max_rd_atomic; 2053 if (cmd->base.attr_mask & IB_QP_MAX_DEST_RD_ATOMIC) 2054 attr->max_dest_rd_atomic = cmd->base.max_dest_rd_atomic; 2055 if (cmd->base.attr_mask & IB_QP_MIN_RNR_TIMER) 2056 attr->min_rnr_timer = cmd->base.min_rnr_timer; 2057 if (cmd->base.attr_mask & IB_QP_PORT) 2058 attr->port_num = cmd->base.port_num; 2059 if (cmd->base.attr_mask & IB_QP_TIMEOUT) 2060 attr->timeout = cmd->base.timeout; 2061 if (cmd->base.attr_mask & IB_QP_RETRY_CNT) 2062 attr->retry_cnt = cmd->base.retry_cnt; 2063 if (cmd->base.attr_mask & IB_QP_RNR_RETRY) 2064 attr->rnr_retry = cmd->base.rnr_retry; 2065 if (cmd->base.attr_mask & IB_QP_ALT_PATH) { 2066 attr->alt_port_num = cmd->base.alt_port_num; 2067 attr->alt_timeout = cmd->base.alt_timeout; 2068 attr->alt_pkey_index = cmd->base.alt_pkey_index; 2069 } 2070 if (cmd->base.attr_mask & IB_QP_RATE_LIMIT) 2071 attr->rate_limit = cmd->rate_limit; 2072 2073 if (cmd->base.attr_mask & IB_QP_AV) 2074 copy_ah_attr_from_uverbs(qp->device, &attr->ah_attr, 2075 &cmd->base.dest); 2076 2077 if (cmd->base.attr_mask & IB_QP_ALT_PATH) 2078 copy_ah_attr_from_uverbs(qp->device, &attr->alt_ah_attr, 2079 &cmd->base.alt_dest); 2080 2081 ret = ib_modify_qp_with_udata(qp, attr, 2082 modify_qp_mask(qp->qp_type, 2083 cmd->base.attr_mask), 2084 udata); 2085 2086 release_qp: 2087 uobj_put_obj_read(qp); 2088 out: 2089 kfree(attr); 2090 2091 return ret; 2092 } 2093 2094 ssize_t ib_uverbs_modify_qp(struct ib_uverbs_file *file, 2095 const char __user *buf, int in_len, 2096 int out_len) 2097 { 2098 struct ib_uverbs_ex_modify_qp cmd = {}; 2099 struct ib_udata udata; 2100 int ret; 2101 2102 if (copy_from_user(&cmd.base, buf, sizeof(cmd.base))) 2103 return -EFAULT; 2104 2105 if (cmd.base.attr_mask & 2106 ~((IB_USER_LEGACY_LAST_QP_ATTR_MASK << 1) - 1)) 2107 return -EOPNOTSUPP; 2108 2109 ib_uverbs_init_udata(&udata, buf + sizeof(cmd.base), NULL, 2110 in_len - sizeof(cmd.base) - sizeof(struct ib_uverbs_cmd_hdr), 2111 out_len); 2112 2113 ret = modify_qp(file, &cmd, &udata); 2114 if (ret) 2115 return ret; 2116 2117 return in_len; 2118 } 2119 2120 int ib_uverbs_ex_modify_qp(struct ib_uverbs_file *file, 2121 struct ib_udata *ucore, 2122 struct ib_udata *uhw) 2123 { 2124 struct ib_uverbs_ex_modify_qp cmd = {}; 2125 int ret; 2126 2127 /* 2128 * Last bit is reserved for extending the attr_mask by 2129 * using another field. 2130 */ 2131 BUILD_BUG_ON(IB_USER_LAST_QP_ATTR_MASK == (1 << 31)); 2132 2133 if (ucore->inlen < sizeof(cmd.base)) 2134 return -EINVAL; 2135 2136 ret = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen)); 2137 if (ret) 2138 return ret; 2139 2140 if (cmd.base.attr_mask & 2141 ~((IB_USER_LAST_QP_ATTR_MASK << 1) - 1)) 2142 return -EOPNOTSUPP; 2143 2144 if (ucore->inlen > sizeof(cmd)) { 2145 if (!ib_is_udata_cleared(ucore, sizeof(cmd), 2146 ucore->inlen - sizeof(cmd))) 2147 return -EOPNOTSUPP; 2148 } 2149 2150 ret = modify_qp(file, &cmd, uhw); 2151 2152 return ret; 2153 } 2154 2155 ssize_t ib_uverbs_destroy_qp(struct ib_uverbs_file *file, 2156 const char __user *buf, int in_len, 2157 int out_len) 2158 { 2159 struct ib_uverbs_destroy_qp cmd; 2160 struct ib_uverbs_destroy_qp_resp resp; 2161 struct ib_uobject *uobj; 2162 struct ib_uqp_object *obj; 2163 2164 if (copy_from_user(&cmd, buf, sizeof cmd)) 2165 return -EFAULT; 2166 2167 uobj = uobj_get_destroy(UVERBS_OBJECT_QP, cmd.qp_handle, file); 2168 if (IS_ERR(uobj)) 2169 return PTR_ERR(uobj); 2170 2171 obj = container_of(uobj, struct ib_uqp_object, uevent.uobject); 2172 memset(&resp, 0, sizeof(resp)); 2173 resp.events_reported = obj->uevent.events_reported; 2174 2175 uobj_put_destroy(uobj); 2176 2177 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) 2178 return -EFAULT; 2179 2180 return in_len; 2181 } 2182 2183 static void *alloc_wr(size_t wr_size, __u32 num_sge) 2184 { 2185 if (num_sge >= (U32_MAX - ALIGN(wr_size, sizeof (struct ib_sge))) / 2186 sizeof (struct ib_sge)) 2187 return NULL; 2188 2189 return kmalloc(ALIGN(wr_size, sizeof (struct ib_sge)) + 2190 num_sge * sizeof (struct ib_sge), GFP_KERNEL); 2191 } 2192 2193 ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file, 2194 const char __user *buf, int in_len, 2195 int out_len) 2196 { 2197 struct ib_uverbs_post_send cmd; 2198 struct ib_uverbs_post_send_resp resp; 2199 struct ib_uverbs_send_wr *user_wr; 2200 struct ib_send_wr *wr = NULL, *last, *next; 2201 const struct ib_send_wr *bad_wr; 2202 struct ib_qp *qp; 2203 int i, sg_ind; 2204 int is_ud; 2205 ssize_t ret = -EINVAL; 2206 size_t next_size; 2207 2208 if (copy_from_user(&cmd, buf, sizeof cmd)) 2209 return -EFAULT; 2210 2211 if (in_len < sizeof cmd + cmd.wqe_size * cmd.wr_count + 2212 cmd.sge_count * sizeof (struct ib_uverbs_sge)) 2213 return -EINVAL; 2214 2215 if (cmd.wqe_size < sizeof (struct ib_uverbs_send_wr)) 2216 return -EINVAL; 2217 2218 user_wr = kmalloc(cmd.wqe_size, GFP_KERNEL); 2219 if (!user_wr) 2220 return -ENOMEM; 2221 2222 qp = uobj_get_obj_read(qp, UVERBS_OBJECT_QP, cmd.qp_handle, file); 2223 if (!qp) 2224 goto out; 2225 2226 is_ud = qp->qp_type == IB_QPT_UD; 2227 sg_ind = 0; 2228 last = NULL; 2229 for (i = 0; i < cmd.wr_count; ++i) { 2230 if (copy_from_user(user_wr, 2231 buf + sizeof cmd + i * cmd.wqe_size, 2232 cmd.wqe_size)) { 2233 ret = -EFAULT; 2234 goto out_put; 2235 } 2236 2237 if (user_wr->num_sge + sg_ind > cmd.sge_count) { 2238 ret = -EINVAL; 2239 goto out_put; 2240 } 2241 2242 if (is_ud) { 2243 struct ib_ud_wr *ud; 2244 2245 if (user_wr->opcode != IB_WR_SEND && 2246 user_wr->opcode != IB_WR_SEND_WITH_IMM) { 2247 ret = -EINVAL; 2248 goto out_put; 2249 } 2250 2251 next_size = sizeof(*ud); 2252 ud = alloc_wr(next_size, user_wr->num_sge); 2253 if (!ud) { 2254 ret = -ENOMEM; 2255 goto out_put; 2256 } 2257 2258 ud->ah = uobj_get_obj_read(ah, UVERBS_OBJECT_AH, 2259 user_wr->wr.ud.ah, file); 2260 if (!ud->ah) { 2261 kfree(ud); 2262 ret = -EINVAL; 2263 goto out_put; 2264 } 2265 ud->remote_qpn = user_wr->wr.ud.remote_qpn; 2266 ud->remote_qkey = user_wr->wr.ud.remote_qkey; 2267 2268 next = &ud->wr; 2269 } else if (user_wr->opcode == IB_WR_RDMA_WRITE_WITH_IMM || 2270 user_wr->opcode == IB_WR_RDMA_WRITE || 2271 user_wr->opcode == IB_WR_RDMA_READ) { 2272 struct ib_rdma_wr *rdma; 2273 2274 next_size = sizeof(*rdma); 2275 rdma = alloc_wr(next_size, user_wr->num_sge); 2276 if (!rdma) { 2277 ret = -ENOMEM; 2278 goto out_put; 2279 } 2280 2281 rdma->remote_addr = user_wr->wr.rdma.remote_addr; 2282 rdma->rkey = user_wr->wr.rdma.rkey; 2283 2284 next = &rdma->wr; 2285 } else if (user_wr->opcode == IB_WR_ATOMIC_CMP_AND_SWP || 2286 user_wr->opcode == IB_WR_ATOMIC_FETCH_AND_ADD) { 2287 struct ib_atomic_wr *atomic; 2288 2289 next_size = sizeof(*atomic); 2290 atomic = alloc_wr(next_size, user_wr->num_sge); 2291 if (!atomic) { 2292 ret = -ENOMEM; 2293 goto out_put; 2294 } 2295 2296 atomic->remote_addr = user_wr->wr.atomic.remote_addr; 2297 atomic->compare_add = user_wr->wr.atomic.compare_add; 2298 atomic->swap = user_wr->wr.atomic.swap; 2299 atomic->rkey = user_wr->wr.atomic.rkey; 2300 2301 next = &atomic->wr; 2302 } else if (user_wr->opcode == IB_WR_SEND || 2303 user_wr->opcode == IB_WR_SEND_WITH_IMM || 2304 user_wr->opcode == IB_WR_SEND_WITH_INV) { 2305 next_size = sizeof(*next); 2306 next = alloc_wr(next_size, user_wr->num_sge); 2307 if (!next) { 2308 ret = -ENOMEM; 2309 goto out_put; 2310 } 2311 } else { 2312 ret = -EINVAL; 2313 goto out_put; 2314 } 2315 2316 if (user_wr->opcode == IB_WR_SEND_WITH_IMM || 2317 user_wr->opcode == IB_WR_RDMA_WRITE_WITH_IMM) { 2318 next->ex.imm_data = 2319 (__be32 __force) user_wr->ex.imm_data; 2320 } else if (user_wr->opcode == IB_WR_SEND_WITH_INV) { 2321 next->ex.invalidate_rkey = user_wr->ex.invalidate_rkey; 2322 } 2323 2324 if (!last) 2325 wr = next; 2326 else 2327 last->next = next; 2328 last = next; 2329 2330 next->next = NULL; 2331 next->wr_id = user_wr->wr_id; 2332 next->num_sge = user_wr->num_sge; 2333 next->opcode = user_wr->opcode; 2334 next->send_flags = user_wr->send_flags; 2335 2336 if (next->num_sge) { 2337 next->sg_list = (void *) next + 2338 ALIGN(next_size, sizeof(struct ib_sge)); 2339 if (copy_from_user(next->sg_list, 2340 buf + sizeof cmd + 2341 cmd.wr_count * cmd.wqe_size + 2342 sg_ind * sizeof (struct ib_sge), 2343 next->num_sge * sizeof (struct ib_sge))) { 2344 ret = -EFAULT; 2345 goto out_put; 2346 } 2347 sg_ind += next->num_sge; 2348 } else 2349 next->sg_list = NULL; 2350 } 2351 2352 resp.bad_wr = 0; 2353 ret = qp->device->post_send(qp->real_qp, wr, &bad_wr); 2354 if (ret) 2355 for (next = wr; next; next = next->next) { 2356 ++resp.bad_wr; 2357 if (next == bad_wr) 2358 break; 2359 } 2360 2361 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) 2362 ret = -EFAULT; 2363 2364 out_put: 2365 uobj_put_obj_read(qp); 2366 2367 while (wr) { 2368 if (is_ud && ud_wr(wr)->ah) 2369 uobj_put_obj_read(ud_wr(wr)->ah); 2370 next = wr->next; 2371 kfree(wr); 2372 wr = next; 2373 } 2374 2375 out: 2376 kfree(user_wr); 2377 2378 return ret ? ret : in_len; 2379 } 2380 2381 static struct ib_recv_wr *ib_uverbs_unmarshall_recv(const char __user *buf, 2382 int in_len, 2383 u32 wr_count, 2384 u32 sge_count, 2385 u32 wqe_size) 2386 { 2387 struct ib_uverbs_recv_wr *user_wr; 2388 struct ib_recv_wr *wr = NULL, *last, *next; 2389 int sg_ind; 2390 int i; 2391 int ret; 2392 2393 if (in_len < wqe_size * wr_count + 2394 sge_count * sizeof (struct ib_uverbs_sge)) 2395 return ERR_PTR(-EINVAL); 2396 2397 if (wqe_size < sizeof (struct ib_uverbs_recv_wr)) 2398 return ERR_PTR(-EINVAL); 2399 2400 user_wr = kmalloc(wqe_size, GFP_KERNEL); 2401 if (!user_wr) 2402 return ERR_PTR(-ENOMEM); 2403 2404 sg_ind = 0; 2405 last = NULL; 2406 for (i = 0; i < wr_count; ++i) { 2407 if (copy_from_user(user_wr, buf + i * wqe_size, 2408 wqe_size)) { 2409 ret = -EFAULT; 2410 goto err; 2411 } 2412 2413 if (user_wr->num_sge + sg_ind > sge_count) { 2414 ret = -EINVAL; 2415 goto err; 2416 } 2417 2418 if (user_wr->num_sge >= 2419 (U32_MAX - ALIGN(sizeof *next, sizeof (struct ib_sge))) / 2420 sizeof (struct ib_sge)) { 2421 ret = -EINVAL; 2422 goto err; 2423 } 2424 2425 next = kmalloc(ALIGN(sizeof *next, sizeof (struct ib_sge)) + 2426 user_wr->num_sge * sizeof (struct ib_sge), 2427 GFP_KERNEL); 2428 if (!next) { 2429 ret = -ENOMEM; 2430 goto err; 2431 } 2432 2433 if (!last) 2434 wr = next; 2435 else 2436 last->next = next; 2437 last = next; 2438 2439 next->next = NULL; 2440 next->wr_id = user_wr->wr_id; 2441 next->num_sge = user_wr->num_sge; 2442 2443 if (next->num_sge) { 2444 next->sg_list = (void *) next + 2445 ALIGN(sizeof *next, sizeof (struct ib_sge)); 2446 if (copy_from_user(next->sg_list, 2447 buf + wr_count * wqe_size + 2448 sg_ind * sizeof (struct ib_sge), 2449 next->num_sge * sizeof (struct ib_sge))) { 2450 ret = -EFAULT; 2451 goto err; 2452 } 2453 sg_ind += next->num_sge; 2454 } else 2455 next->sg_list = NULL; 2456 } 2457 2458 kfree(user_wr); 2459 return wr; 2460 2461 err: 2462 kfree(user_wr); 2463 2464 while (wr) { 2465 next = wr->next; 2466 kfree(wr); 2467 wr = next; 2468 } 2469 2470 return ERR_PTR(ret); 2471 } 2472 2473 ssize_t ib_uverbs_post_recv(struct ib_uverbs_file *file, 2474 const char __user *buf, int in_len, 2475 int out_len) 2476 { 2477 struct ib_uverbs_post_recv cmd; 2478 struct ib_uverbs_post_recv_resp resp; 2479 struct ib_recv_wr *wr, *next; 2480 const struct ib_recv_wr *bad_wr; 2481 struct ib_qp *qp; 2482 ssize_t ret = -EINVAL; 2483 2484 if (copy_from_user(&cmd, buf, sizeof cmd)) 2485 return -EFAULT; 2486 2487 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd, 2488 in_len - sizeof cmd, cmd.wr_count, 2489 cmd.sge_count, cmd.wqe_size); 2490 if (IS_ERR(wr)) 2491 return PTR_ERR(wr); 2492 2493 qp = uobj_get_obj_read(qp, UVERBS_OBJECT_QP, cmd.qp_handle, file); 2494 if (!qp) 2495 goto out; 2496 2497 resp.bad_wr = 0; 2498 ret = qp->device->post_recv(qp->real_qp, wr, &bad_wr); 2499 2500 uobj_put_obj_read(qp); 2501 if (ret) { 2502 for (next = wr; next; next = next->next) { 2503 ++resp.bad_wr; 2504 if (next == bad_wr) 2505 break; 2506 } 2507 } 2508 2509 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) 2510 ret = -EFAULT; 2511 2512 out: 2513 while (wr) { 2514 next = wr->next; 2515 kfree(wr); 2516 wr = next; 2517 } 2518 2519 return ret ? ret : in_len; 2520 } 2521 2522 ssize_t ib_uverbs_post_srq_recv(struct ib_uverbs_file *file, 2523 const char __user *buf, int in_len, 2524 int out_len) 2525 { 2526 struct ib_uverbs_post_srq_recv cmd; 2527 struct ib_uverbs_post_srq_recv_resp resp; 2528 struct ib_recv_wr *wr, *next; 2529 const struct ib_recv_wr *bad_wr; 2530 struct ib_srq *srq; 2531 ssize_t ret = -EINVAL; 2532 2533 if (copy_from_user(&cmd, buf, sizeof cmd)) 2534 return -EFAULT; 2535 2536 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd, 2537 in_len - sizeof cmd, cmd.wr_count, 2538 cmd.sge_count, cmd.wqe_size); 2539 if (IS_ERR(wr)) 2540 return PTR_ERR(wr); 2541 2542 srq = uobj_get_obj_read(srq, UVERBS_OBJECT_SRQ, cmd.srq_handle, file); 2543 if (!srq) 2544 goto out; 2545 2546 resp.bad_wr = 0; 2547 ret = srq->device->post_srq_recv ? 2548 srq->device->post_srq_recv(srq, wr, &bad_wr) : -EOPNOTSUPP; 2549 2550 uobj_put_obj_read(srq); 2551 2552 if (ret) 2553 for (next = wr; next; next = next->next) { 2554 ++resp.bad_wr; 2555 if (next == bad_wr) 2556 break; 2557 } 2558 2559 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) 2560 ret = -EFAULT; 2561 2562 out: 2563 while (wr) { 2564 next = wr->next; 2565 kfree(wr); 2566 wr = next; 2567 } 2568 2569 return ret ? ret : in_len; 2570 } 2571 2572 ssize_t ib_uverbs_create_ah(struct ib_uverbs_file *file, 2573 const char __user *buf, int in_len, 2574 int out_len) 2575 { 2576 struct ib_uverbs_create_ah cmd; 2577 struct ib_uverbs_create_ah_resp resp; 2578 struct ib_uobject *uobj; 2579 struct ib_pd *pd; 2580 struct ib_ah *ah; 2581 struct rdma_ah_attr attr = {}; 2582 int ret; 2583 struct ib_udata udata; 2584 struct ib_device *ib_dev; 2585 2586 if (out_len < sizeof resp) 2587 return -ENOSPC; 2588 2589 if (copy_from_user(&cmd, buf, sizeof cmd)) 2590 return -EFAULT; 2591 2592 ib_uverbs_init_udata(&udata, buf + sizeof(cmd), 2593 u64_to_user_ptr(cmd.response) + sizeof(resp), 2594 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr), 2595 out_len - sizeof(resp)); 2596 2597 uobj = uobj_alloc(UVERBS_OBJECT_AH, file, &ib_dev); 2598 if (IS_ERR(uobj)) 2599 return PTR_ERR(uobj); 2600 2601 if (!rdma_is_port_valid(ib_dev, cmd.attr.port_num)) { 2602 ret = -EINVAL; 2603 goto err; 2604 } 2605 2606 pd = uobj_get_obj_read(pd, UVERBS_OBJECT_PD, cmd.pd_handle, file); 2607 if (!pd) { 2608 ret = -EINVAL; 2609 goto err; 2610 } 2611 2612 attr.type = rdma_ah_find_type(ib_dev, cmd.attr.port_num); 2613 rdma_ah_set_make_grd(&attr, false); 2614 rdma_ah_set_dlid(&attr, cmd.attr.dlid); 2615 rdma_ah_set_sl(&attr, cmd.attr.sl); 2616 rdma_ah_set_path_bits(&attr, cmd.attr.src_path_bits); 2617 rdma_ah_set_static_rate(&attr, cmd.attr.static_rate); 2618 rdma_ah_set_port_num(&attr, cmd.attr.port_num); 2619 2620 if (cmd.attr.is_global) { 2621 rdma_ah_set_grh(&attr, NULL, cmd.attr.grh.flow_label, 2622 cmd.attr.grh.sgid_index, 2623 cmd.attr.grh.hop_limit, 2624 cmd.attr.grh.traffic_class); 2625 rdma_ah_set_dgid_raw(&attr, cmd.attr.grh.dgid); 2626 } else { 2627 rdma_ah_set_ah_flags(&attr, 0); 2628 } 2629 2630 ah = rdma_create_user_ah(pd, &attr, &udata); 2631 if (IS_ERR(ah)) { 2632 ret = PTR_ERR(ah); 2633 goto err_put; 2634 } 2635 2636 ah->uobject = uobj; 2637 uobj->user_handle = cmd.user_handle; 2638 uobj->object = ah; 2639 2640 resp.ah_handle = uobj->id; 2641 2642 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) { 2643 ret = -EFAULT; 2644 goto err_copy; 2645 } 2646 2647 uobj_put_obj_read(pd); 2648 return uobj_alloc_commit(uobj, in_len); 2649 2650 err_copy: 2651 rdma_destroy_ah(ah); 2652 2653 err_put: 2654 uobj_put_obj_read(pd); 2655 2656 err: 2657 uobj_alloc_abort(uobj); 2658 return ret; 2659 } 2660 2661 ssize_t ib_uverbs_destroy_ah(struct ib_uverbs_file *file, 2662 const char __user *buf, int in_len, int out_len) 2663 { 2664 struct ib_uverbs_destroy_ah cmd; 2665 2666 if (copy_from_user(&cmd, buf, sizeof cmd)) 2667 return -EFAULT; 2668 2669 return uobj_perform_destroy(UVERBS_OBJECT_AH, cmd.ah_handle, file, 2670 in_len); 2671 } 2672 2673 ssize_t ib_uverbs_attach_mcast(struct ib_uverbs_file *file, 2674 const char __user *buf, int in_len, 2675 int out_len) 2676 { 2677 struct ib_uverbs_attach_mcast cmd; 2678 struct ib_qp *qp; 2679 struct ib_uqp_object *obj; 2680 struct ib_uverbs_mcast_entry *mcast; 2681 int ret; 2682 2683 if (copy_from_user(&cmd, buf, sizeof cmd)) 2684 return -EFAULT; 2685 2686 qp = uobj_get_obj_read(qp, UVERBS_OBJECT_QP, cmd.qp_handle, file); 2687 if (!qp) 2688 return -EINVAL; 2689 2690 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject); 2691 2692 mutex_lock(&obj->mcast_lock); 2693 list_for_each_entry(mcast, &obj->mcast_list, list) 2694 if (cmd.mlid == mcast->lid && 2695 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) { 2696 ret = 0; 2697 goto out_put; 2698 } 2699 2700 mcast = kmalloc(sizeof *mcast, GFP_KERNEL); 2701 if (!mcast) { 2702 ret = -ENOMEM; 2703 goto out_put; 2704 } 2705 2706 mcast->lid = cmd.mlid; 2707 memcpy(mcast->gid.raw, cmd.gid, sizeof mcast->gid.raw); 2708 2709 ret = ib_attach_mcast(qp, &mcast->gid, cmd.mlid); 2710 if (!ret) 2711 list_add_tail(&mcast->list, &obj->mcast_list); 2712 else 2713 kfree(mcast); 2714 2715 out_put: 2716 mutex_unlock(&obj->mcast_lock); 2717 uobj_put_obj_read(qp); 2718 2719 return ret ? ret : in_len; 2720 } 2721 2722 ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *file, 2723 const char __user *buf, int in_len, 2724 int out_len) 2725 { 2726 struct ib_uverbs_detach_mcast cmd; 2727 struct ib_uqp_object *obj; 2728 struct ib_qp *qp; 2729 struct ib_uverbs_mcast_entry *mcast; 2730 int ret = -EINVAL; 2731 bool found = false; 2732 2733 if (copy_from_user(&cmd, buf, sizeof cmd)) 2734 return -EFAULT; 2735 2736 qp = uobj_get_obj_read(qp, UVERBS_OBJECT_QP, cmd.qp_handle, file); 2737 if (!qp) 2738 return -EINVAL; 2739 2740 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject); 2741 mutex_lock(&obj->mcast_lock); 2742 2743 list_for_each_entry(mcast, &obj->mcast_list, list) 2744 if (cmd.mlid == mcast->lid && 2745 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) { 2746 list_del(&mcast->list); 2747 kfree(mcast); 2748 found = true; 2749 break; 2750 } 2751 2752 if (!found) { 2753 ret = -EINVAL; 2754 goto out_put; 2755 } 2756 2757 ret = ib_detach_mcast(qp, (union ib_gid *)cmd.gid, cmd.mlid); 2758 2759 out_put: 2760 mutex_unlock(&obj->mcast_lock); 2761 uobj_put_obj_read(qp); 2762 return ret ? ret : in_len; 2763 } 2764 2765 struct ib_uflow_resources *flow_resources_alloc(size_t num_specs) 2766 { 2767 struct ib_uflow_resources *resources; 2768 2769 resources = kzalloc(sizeof(*resources), GFP_KERNEL); 2770 2771 if (!resources) 2772 return NULL; 2773 2774 if (!num_specs) 2775 goto out; 2776 2777 resources->counters = 2778 kcalloc(num_specs, sizeof(*resources->counters), GFP_KERNEL); 2779 resources->collection = 2780 kcalloc(num_specs, sizeof(*resources->collection), GFP_KERNEL); 2781 2782 if (!resources->counters || !resources->collection) 2783 goto err; 2784 2785 out: 2786 resources->max = num_specs; 2787 return resources; 2788 2789 err: 2790 kfree(resources->counters); 2791 kfree(resources); 2792 2793 return NULL; 2794 } 2795 EXPORT_SYMBOL(flow_resources_alloc); 2796 2797 void ib_uverbs_flow_resources_free(struct ib_uflow_resources *uflow_res) 2798 { 2799 unsigned int i; 2800 2801 if (!uflow_res) 2802 return; 2803 2804 for (i = 0; i < uflow_res->collection_num; i++) 2805 atomic_dec(&uflow_res->collection[i]->usecnt); 2806 2807 for (i = 0; i < uflow_res->counters_num; i++) 2808 atomic_dec(&uflow_res->counters[i]->usecnt); 2809 2810 kfree(uflow_res->collection); 2811 kfree(uflow_res->counters); 2812 kfree(uflow_res); 2813 } 2814 EXPORT_SYMBOL(ib_uverbs_flow_resources_free); 2815 2816 void flow_resources_add(struct ib_uflow_resources *uflow_res, 2817 enum ib_flow_spec_type type, 2818 void *ibobj) 2819 { 2820 WARN_ON(uflow_res->num >= uflow_res->max); 2821 2822 switch (type) { 2823 case IB_FLOW_SPEC_ACTION_HANDLE: 2824 atomic_inc(&((struct ib_flow_action *)ibobj)->usecnt); 2825 uflow_res->collection[uflow_res->collection_num++] = 2826 (struct ib_flow_action *)ibobj; 2827 break; 2828 case IB_FLOW_SPEC_ACTION_COUNT: 2829 atomic_inc(&((struct ib_counters *)ibobj)->usecnt); 2830 uflow_res->counters[uflow_res->counters_num++] = 2831 (struct ib_counters *)ibobj; 2832 break; 2833 default: 2834 WARN_ON(1); 2835 } 2836 2837 uflow_res->num++; 2838 } 2839 EXPORT_SYMBOL(flow_resources_add); 2840 2841 static int kern_spec_to_ib_spec_action(struct ib_uverbs_file *ufile, 2842 struct ib_uverbs_flow_spec *kern_spec, 2843 union ib_flow_spec *ib_spec, 2844 struct ib_uflow_resources *uflow_res) 2845 { 2846 ib_spec->type = kern_spec->type; 2847 switch (ib_spec->type) { 2848 case IB_FLOW_SPEC_ACTION_TAG: 2849 if (kern_spec->flow_tag.size != 2850 sizeof(struct ib_uverbs_flow_spec_action_tag)) 2851 return -EINVAL; 2852 2853 ib_spec->flow_tag.size = sizeof(struct ib_flow_spec_action_tag); 2854 ib_spec->flow_tag.tag_id = kern_spec->flow_tag.tag_id; 2855 break; 2856 case IB_FLOW_SPEC_ACTION_DROP: 2857 if (kern_spec->drop.size != 2858 sizeof(struct ib_uverbs_flow_spec_action_drop)) 2859 return -EINVAL; 2860 2861 ib_spec->drop.size = sizeof(struct ib_flow_spec_action_drop); 2862 break; 2863 case IB_FLOW_SPEC_ACTION_HANDLE: 2864 if (kern_spec->action.size != 2865 sizeof(struct ib_uverbs_flow_spec_action_handle)) 2866 return -EOPNOTSUPP; 2867 ib_spec->action.act = uobj_get_obj_read(flow_action, 2868 UVERBS_OBJECT_FLOW_ACTION, 2869 kern_spec->action.handle, 2870 ufile); 2871 if (!ib_spec->action.act) 2872 return -EINVAL; 2873 ib_spec->action.size = 2874 sizeof(struct ib_flow_spec_action_handle); 2875 flow_resources_add(uflow_res, 2876 IB_FLOW_SPEC_ACTION_HANDLE, 2877 ib_spec->action.act); 2878 uobj_put_obj_read(ib_spec->action.act); 2879 break; 2880 case IB_FLOW_SPEC_ACTION_COUNT: 2881 if (kern_spec->flow_count.size != 2882 sizeof(struct ib_uverbs_flow_spec_action_count)) 2883 return -EINVAL; 2884 ib_spec->flow_count.counters = 2885 uobj_get_obj_read(counters, 2886 UVERBS_OBJECT_COUNTERS, 2887 kern_spec->flow_count.handle, 2888 ufile); 2889 if (!ib_spec->flow_count.counters) 2890 return -EINVAL; 2891 ib_spec->flow_count.size = 2892 sizeof(struct ib_flow_spec_action_count); 2893 flow_resources_add(uflow_res, 2894 IB_FLOW_SPEC_ACTION_COUNT, 2895 ib_spec->flow_count.counters); 2896 uobj_put_obj_read(ib_spec->flow_count.counters); 2897 break; 2898 default: 2899 return -EINVAL; 2900 } 2901 return 0; 2902 } 2903 2904 static size_t kern_spec_filter_sz(const struct ib_uverbs_flow_spec_hdr *spec) 2905 { 2906 /* Returns user space filter size, includes padding */ 2907 return (spec->size - sizeof(struct ib_uverbs_flow_spec_hdr)) / 2; 2908 } 2909 2910 static ssize_t spec_filter_size(const void *kern_spec_filter, u16 kern_filter_size, 2911 u16 ib_real_filter_sz) 2912 { 2913 /* 2914 * User space filter structures must be 64 bit aligned, otherwise this 2915 * may pass, but we won't handle additional new attributes. 2916 */ 2917 2918 if (kern_filter_size > ib_real_filter_sz) { 2919 if (memchr_inv(kern_spec_filter + 2920 ib_real_filter_sz, 0, 2921 kern_filter_size - ib_real_filter_sz)) 2922 return -EINVAL; 2923 return ib_real_filter_sz; 2924 } 2925 return kern_filter_size; 2926 } 2927 2928 int ib_uverbs_kern_spec_to_ib_spec_filter(enum ib_flow_spec_type type, 2929 const void *kern_spec_mask, 2930 const void *kern_spec_val, 2931 size_t kern_filter_sz, 2932 union ib_flow_spec *ib_spec) 2933 { 2934 ssize_t actual_filter_sz; 2935 ssize_t ib_filter_sz; 2936 2937 /* User flow spec size must be aligned to 4 bytes */ 2938 if (kern_filter_sz != ALIGN(kern_filter_sz, 4)) 2939 return -EINVAL; 2940 2941 ib_spec->type = type; 2942 2943 if (ib_spec->type == (IB_FLOW_SPEC_INNER | IB_FLOW_SPEC_VXLAN_TUNNEL)) 2944 return -EINVAL; 2945 2946 switch (ib_spec->type & ~IB_FLOW_SPEC_INNER) { 2947 case IB_FLOW_SPEC_ETH: 2948 ib_filter_sz = offsetof(struct ib_flow_eth_filter, real_sz); 2949 actual_filter_sz = spec_filter_size(kern_spec_mask, 2950 kern_filter_sz, 2951 ib_filter_sz); 2952 if (actual_filter_sz <= 0) 2953 return -EINVAL; 2954 ib_spec->size = sizeof(struct ib_flow_spec_eth); 2955 memcpy(&ib_spec->eth.val, kern_spec_val, actual_filter_sz); 2956 memcpy(&ib_spec->eth.mask, kern_spec_mask, actual_filter_sz); 2957 break; 2958 case IB_FLOW_SPEC_IPV4: 2959 ib_filter_sz = offsetof(struct ib_flow_ipv4_filter, real_sz); 2960 actual_filter_sz = spec_filter_size(kern_spec_mask, 2961 kern_filter_sz, 2962 ib_filter_sz); 2963 if (actual_filter_sz <= 0) 2964 return -EINVAL; 2965 ib_spec->size = sizeof(struct ib_flow_spec_ipv4); 2966 memcpy(&ib_spec->ipv4.val, kern_spec_val, actual_filter_sz); 2967 memcpy(&ib_spec->ipv4.mask, kern_spec_mask, actual_filter_sz); 2968 break; 2969 case IB_FLOW_SPEC_IPV6: 2970 ib_filter_sz = offsetof(struct ib_flow_ipv6_filter, real_sz); 2971 actual_filter_sz = spec_filter_size(kern_spec_mask, 2972 kern_filter_sz, 2973 ib_filter_sz); 2974 if (actual_filter_sz <= 0) 2975 return -EINVAL; 2976 ib_spec->size = sizeof(struct ib_flow_spec_ipv6); 2977 memcpy(&ib_spec->ipv6.val, kern_spec_val, actual_filter_sz); 2978 memcpy(&ib_spec->ipv6.mask, kern_spec_mask, actual_filter_sz); 2979 2980 if ((ntohl(ib_spec->ipv6.mask.flow_label)) >= BIT(20) || 2981 (ntohl(ib_spec->ipv6.val.flow_label)) >= BIT(20)) 2982 return -EINVAL; 2983 break; 2984 case IB_FLOW_SPEC_TCP: 2985 case IB_FLOW_SPEC_UDP: 2986 ib_filter_sz = offsetof(struct ib_flow_tcp_udp_filter, real_sz); 2987 actual_filter_sz = spec_filter_size(kern_spec_mask, 2988 kern_filter_sz, 2989 ib_filter_sz); 2990 if (actual_filter_sz <= 0) 2991 return -EINVAL; 2992 ib_spec->size = sizeof(struct ib_flow_spec_tcp_udp); 2993 memcpy(&ib_spec->tcp_udp.val, kern_spec_val, actual_filter_sz); 2994 memcpy(&ib_spec->tcp_udp.mask, kern_spec_mask, actual_filter_sz); 2995 break; 2996 case IB_FLOW_SPEC_VXLAN_TUNNEL: 2997 ib_filter_sz = offsetof(struct ib_flow_tunnel_filter, real_sz); 2998 actual_filter_sz = spec_filter_size(kern_spec_mask, 2999 kern_filter_sz, 3000 ib_filter_sz); 3001 if (actual_filter_sz <= 0) 3002 return -EINVAL; 3003 ib_spec->tunnel.size = sizeof(struct ib_flow_spec_tunnel); 3004 memcpy(&ib_spec->tunnel.val, kern_spec_val, actual_filter_sz); 3005 memcpy(&ib_spec->tunnel.mask, kern_spec_mask, actual_filter_sz); 3006 3007 if ((ntohl(ib_spec->tunnel.mask.tunnel_id)) >= BIT(24) || 3008 (ntohl(ib_spec->tunnel.val.tunnel_id)) >= BIT(24)) 3009 return -EINVAL; 3010 break; 3011 case IB_FLOW_SPEC_ESP: 3012 ib_filter_sz = offsetof(struct ib_flow_esp_filter, real_sz); 3013 actual_filter_sz = spec_filter_size(kern_spec_mask, 3014 kern_filter_sz, 3015 ib_filter_sz); 3016 if (actual_filter_sz <= 0) 3017 return -EINVAL; 3018 ib_spec->esp.size = sizeof(struct ib_flow_spec_esp); 3019 memcpy(&ib_spec->esp.val, kern_spec_val, actual_filter_sz); 3020 memcpy(&ib_spec->esp.mask, kern_spec_mask, actual_filter_sz); 3021 break; 3022 case IB_FLOW_SPEC_GRE: 3023 ib_filter_sz = offsetof(struct ib_flow_gre_filter, real_sz); 3024 actual_filter_sz = spec_filter_size(kern_spec_mask, 3025 kern_filter_sz, 3026 ib_filter_sz); 3027 if (actual_filter_sz <= 0) 3028 return -EINVAL; 3029 ib_spec->gre.size = sizeof(struct ib_flow_spec_gre); 3030 memcpy(&ib_spec->gre.val, kern_spec_val, actual_filter_sz); 3031 memcpy(&ib_spec->gre.mask, kern_spec_mask, actual_filter_sz); 3032 break; 3033 case IB_FLOW_SPEC_MPLS: 3034 ib_filter_sz = offsetof(struct ib_flow_mpls_filter, real_sz); 3035 actual_filter_sz = spec_filter_size(kern_spec_mask, 3036 kern_filter_sz, 3037 ib_filter_sz); 3038 if (actual_filter_sz <= 0) 3039 return -EINVAL; 3040 ib_spec->mpls.size = sizeof(struct ib_flow_spec_mpls); 3041 memcpy(&ib_spec->mpls.val, kern_spec_val, actual_filter_sz); 3042 memcpy(&ib_spec->mpls.mask, kern_spec_mask, actual_filter_sz); 3043 break; 3044 default: 3045 return -EINVAL; 3046 } 3047 return 0; 3048 } 3049 3050 static int kern_spec_to_ib_spec_filter(struct ib_uverbs_flow_spec *kern_spec, 3051 union ib_flow_spec *ib_spec) 3052 { 3053 ssize_t kern_filter_sz; 3054 void *kern_spec_mask; 3055 void *kern_spec_val; 3056 3057 kern_filter_sz = kern_spec_filter_sz(&kern_spec->hdr); 3058 3059 kern_spec_val = (void *)kern_spec + 3060 sizeof(struct ib_uverbs_flow_spec_hdr); 3061 kern_spec_mask = kern_spec_val + kern_filter_sz; 3062 3063 return ib_uverbs_kern_spec_to_ib_spec_filter(kern_spec->type, 3064 kern_spec_mask, 3065 kern_spec_val, 3066 kern_filter_sz, ib_spec); 3067 } 3068 3069 static int kern_spec_to_ib_spec(struct ib_uverbs_file *ufile, 3070 struct ib_uverbs_flow_spec *kern_spec, 3071 union ib_flow_spec *ib_spec, 3072 struct ib_uflow_resources *uflow_res) 3073 { 3074 if (kern_spec->reserved) 3075 return -EINVAL; 3076 3077 if (kern_spec->type >= IB_FLOW_SPEC_ACTION_TAG) 3078 return kern_spec_to_ib_spec_action(ufile, kern_spec, ib_spec, 3079 uflow_res); 3080 else 3081 return kern_spec_to_ib_spec_filter(kern_spec, ib_spec); 3082 } 3083 3084 int ib_uverbs_ex_create_wq(struct ib_uverbs_file *file, 3085 struct ib_udata *ucore, 3086 struct ib_udata *uhw) 3087 { 3088 struct ib_uverbs_ex_create_wq cmd = {}; 3089 struct ib_uverbs_ex_create_wq_resp resp = {}; 3090 struct ib_uwq_object *obj; 3091 int err = 0; 3092 struct ib_cq *cq; 3093 struct ib_pd *pd; 3094 struct ib_wq *wq; 3095 struct ib_wq_init_attr wq_init_attr = {}; 3096 size_t required_cmd_sz; 3097 size_t required_resp_len; 3098 struct ib_device *ib_dev; 3099 3100 required_cmd_sz = offsetof(typeof(cmd), max_sge) + sizeof(cmd.max_sge); 3101 required_resp_len = offsetof(typeof(resp), wqn) + sizeof(resp.wqn); 3102 3103 if (ucore->inlen < required_cmd_sz) 3104 return -EINVAL; 3105 3106 if (ucore->outlen < required_resp_len) 3107 return -ENOSPC; 3108 3109 if (ucore->inlen > sizeof(cmd) && 3110 !ib_is_udata_cleared(ucore, sizeof(cmd), 3111 ucore->inlen - sizeof(cmd))) 3112 return -EOPNOTSUPP; 3113 3114 err = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen)); 3115 if (err) 3116 return err; 3117 3118 if (cmd.comp_mask) 3119 return -EOPNOTSUPP; 3120 3121 obj = (struct ib_uwq_object *)uobj_alloc(UVERBS_OBJECT_WQ, file, 3122 &ib_dev); 3123 if (IS_ERR(obj)) 3124 return PTR_ERR(obj); 3125 3126 pd = uobj_get_obj_read(pd, UVERBS_OBJECT_PD, cmd.pd_handle, file); 3127 if (!pd) { 3128 err = -EINVAL; 3129 goto err_uobj; 3130 } 3131 3132 cq = uobj_get_obj_read(cq, UVERBS_OBJECT_CQ, cmd.cq_handle, file); 3133 if (!cq) { 3134 err = -EINVAL; 3135 goto err_put_pd; 3136 } 3137 3138 wq_init_attr.cq = cq; 3139 wq_init_attr.max_sge = cmd.max_sge; 3140 wq_init_attr.max_wr = cmd.max_wr; 3141 wq_init_attr.wq_context = file; 3142 wq_init_attr.wq_type = cmd.wq_type; 3143 wq_init_attr.event_handler = ib_uverbs_wq_event_handler; 3144 if (ucore->inlen >= (offsetof(typeof(cmd), create_flags) + 3145 sizeof(cmd.create_flags))) 3146 wq_init_attr.create_flags = cmd.create_flags; 3147 obj->uevent.events_reported = 0; 3148 INIT_LIST_HEAD(&obj->uevent.event_list); 3149 3150 if (!pd->device->create_wq) { 3151 err = -EOPNOTSUPP; 3152 goto err_put_cq; 3153 } 3154 wq = pd->device->create_wq(pd, &wq_init_attr, uhw); 3155 if (IS_ERR(wq)) { 3156 err = PTR_ERR(wq); 3157 goto err_put_cq; 3158 } 3159 3160 wq->uobject = &obj->uevent.uobject; 3161 obj->uevent.uobject.object = wq; 3162 wq->wq_type = wq_init_attr.wq_type; 3163 wq->cq = cq; 3164 wq->pd = pd; 3165 wq->device = pd->device; 3166 wq->wq_context = wq_init_attr.wq_context; 3167 atomic_set(&wq->usecnt, 0); 3168 atomic_inc(&pd->usecnt); 3169 atomic_inc(&cq->usecnt); 3170 wq->uobject = &obj->uevent.uobject; 3171 obj->uevent.uobject.object = wq; 3172 3173 memset(&resp, 0, sizeof(resp)); 3174 resp.wq_handle = obj->uevent.uobject.id; 3175 resp.max_sge = wq_init_attr.max_sge; 3176 resp.max_wr = wq_init_attr.max_wr; 3177 resp.wqn = wq->wq_num; 3178 resp.response_length = required_resp_len; 3179 err = ib_copy_to_udata(ucore, 3180 &resp, resp.response_length); 3181 if (err) 3182 goto err_copy; 3183 3184 uobj_put_obj_read(pd); 3185 uobj_put_obj_read(cq); 3186 return uobj_alloc_commit(&obj->uevent.uobject, 0); 3187 3188 err_copy: 3189 ib_destroy_wq(wq); 3190 err_put_cq: 3191 uobj_put_obj_read(cq); 3192 err_put_pd: 3193 uobj_put_obj_read(pd); 3194 err_uobj: 3195 uobj_alloc_abort(&obj->uevent.uobject); 3196 3197 return err; 3198 } 3199 3200 int ib_uverbs_ex_destroy_wq(struct ib_uverbs_file *file, 3201 struct ib_udata *ucore, 3202 struct ib_udata *uhw) 3203 { 3204 struct ib_uverbs_ex_destroy_wq cmd = {}; 3205 struct ib_uverbs_ex_destroy_wq_resp resp = {}; 3206 struct ib_uobject *uobj; 3207 struct ib_uwq_object *obj; 3208 size_t required_cmd_sz; 3209 size_t required_resp_len; 3210 int ret; 3211 3212 required_cmd_sz = offsetof(typeof(cmd), wq_handle) + sizeof(cmd.wq_handle); 3213 required_resp_len = offsetof(typeof(resp), reserved) + sizeof(resp.reserved); 3214 3215 if (ucore->inlen < required_cmd_sz) 3216 return -EINVAL; 3217 3218 if (ucore->outlen < required_resp_len) 3219 return -ENOSPC; 3220 3221 if (ucore->inlen > sizeof(cmd) && 3222 !ib_is_udata_cleared(ucore, sizeof(cmd), 3223 ucore->inlen - sizeof(cmd))) 3224 return -EOPNOTSUPP; 3225 3226 ret = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen)); 3227 if (ret) 3228 return ret; 3229 3230 if (cmd.comp_mask) 3231 return -EOPNOTSUPP; 3232 3233 resp.response_length = required_resp_len; 3234 uobj = uobj_get_destroy(UVERBS_OBJECT_WQ, cmd.wq_handle, file); 3235 if (IS_ERR(uobj)) 3236 return PTR_ERR(uobj); 3237 3238 obj = container_of(uobj, struct ib_uwq_object, uevent.uobject); 3239 resp.events_reported = obj->uevent.events_reported; 3240 3241 uobj_put_destroy(uobj); 3242 3243 return ib_copy_to_udata(ucore, &resp, resp.response_length); 3244 } 3245 3246 int ib_uverbs_ex_modify_wq(struct ib_uverbs_file *file, 3247 struct ib_udata *ucore, 3248 struct ib_udata *uhw) 3249 { 3250 struct ib_uverbs_ex_modify_wq cmd = {}; 3251 struct ib_wq *wq; 3252 struct ib_wq_attr wq_attr = {}; 3253 size_t required_cmd_sz; 3254 int ret; 3255 3256 required_cmd_sz = offsetof(typeof(cmd), curr_wq_state) + sizeof(cmd.curr_wq_state); 3257 if (ucore->inlen < required_cmd_sz) 3258 return -EINVAL; 3259 3260 if (ucore->inlen > sizeof(cmd) && 3261 !ib_is_udata_cleared(ucore, sizeof(cmd), 3262 ucore->inlen - sizeof(cmd))) 3263 return -EOPNOTSUPP; 3264 3265 ret = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen)); 3266 if (ret) 3267 return ret; 3268 3269 if (!cmd.attr_mask) 3270 return -EINVAL; 3271 3272 if (cmd.attr_mask > (IB_WQ_STATE | IB_WQ_CUR_STATE | IB_WQ_FLAGS)) 3273 return -EINVAL; 3274 3275 wq = uobj_get_obj_read(wq, UVERBS_OBJECT_WQ, cmd.wq_handle, file); 3276 if (!wq) 3277 return -EINVAL; 3278 3279 wq_attr.curr_wq_state = cmd.curr_wq_state; 3280 wq_attr.wq_state = cmd.wq_state; 3281 if (cmd.attr_mask & IB_WQ_FLAGS) { 3282 wq_attr.flags = cmd.flags; 3283 wq_attr.flags_mask = cmd.flags_mask; 3284 } 3285 if (!wq->device->modify_wq) { 3286 ret = -EOPNOTSUPP; 3287 goto out; 3288 } 3289 ret = wq->device->modify_wq(wq, &wq_attr, cmd.attr_mask, uhw); 3290 out: 3291 uobj_put_obj_read(wq); 3292 return ret; 3293 } 3294 3295 int ib_uverbs_ex_create_rwq_ind_table(struct ib_uverbs_file *file, 3296 struct ib_udata *ucore, 3297 struct ib_udata *uhw) 3298 { 3299 struct ib_uverbs_ex_create_rwq_ind_table cmd = {}; 3300 struct ib_uverbs_ex_create_rwq_ind_table_resp resp = {}; 3301 struct ib_uobject *uobj; 3302 int err = 0; 3303 struct ib_rwq_ind_table_init_attr init_attr = {}; 3304 struct ib_rwq_ind_table *rwq_ind_tbl; 3305 struct ib_wq **wqs = NULL; 3306 u32 *wqs_handles = NULL; 3307 struct ib_wq *wq = NULL; 3308 int i, j, num_read_wqs; 3309 u32 num_wq_handles; 3310 u32 expected_in_size; 3311 size_t required_cmd_sz_header; 3312 size_t required_resp_len; 3313 struct ib_device *ib_dev; 3314 3315 required_cmd_sz_header = offsetof(typeof(cmd), log_ind_tbl_size) + sizeof(cmd.log_ind_tbl_size); 3316 required_resp_len = offsetof(typeof(resp), ind_tbl_num) + sizeof(resp.ind_tbl_num); 3317 3318 if (ucore->inlen < required_cmd_sz_header) 3319 return -EINVAL; 3320 3321 if (ucore->outlen < required_resp_len) 3322 return -ENOSPC; 3323 3324 err = ib_copy_from_udata(&cmd, ucore, required_cmd_sz_header); 3325 if (err) 3326 return err; 3327 3328 ucore->inbuf += required_cmd_sz_header; 3329 ucore->inlen -= required_cmd_sz_header; 3330 3331 if (cmd.comp_mask) 3332 return -EOPNOTSUPP; 3333 3334 if (cmd.log_ind_tbl_size > IB_USER_VERBS_MAX_LOG_IND_TBL_SIZE) 3335 return -EINVAL; 3336 3337 num_wq_handles = 1 << cmd.log_ind_tbl_size; 3338 expected_in_size = num_wq_handles * sizeof(__u32); 3339 if (num_wq_handles == 1) 3340 /* input size for wq handles is u64 aligned */ 3341 expected_in_size += sizeof(__u32); 3342 3343 if (ucore->inlen < expected_in_size) 3344 return -EINVAL; 3345 3346 if (ucore->inlen > expected_in_size && 3347 !ib_is_udata_cleared(ucore, expected_in_size, 3348 ucore->inlen - expected_in_size)) 3349 return -EOPNOTSUPP; 3350 3351 wqs_handles = kcalloc(num_wq_handles, sizeof(*wqs_handles), 3352 GFP_KERNEL); 3353 if (!wqs_handles) 3354 return -ENOMEM; 3355 3356 err = ib_copy_from_udata(wqs_handles, ucore, 3357 num_wq_handles * sizeof(__u32)); 3358 if (err) 3359 goto err_free; 3360 3361 wqs = kcalloc(num_wq_handles, sizeof(*wqs), GFP_KERNEL); 3362 if (!wqs) { 3363 err = -ENOMEM; 3364 goto err_free; 3365 } 3366 3367 for (num_read_wqs = 0; num_read_wqs < num_wq_handles; 3368 num_read_wqs++) { 3369 wq = uobj_get_obj_read(wq, UVERBS_OBJECT_WQ, 3370 wqs_handles[num_read_wqs], file); 3371 if (!wq) { 3372 err = -EINVAL; 3373 goto put_wqs; 3374 } 3375 3376 wqs[num_read_wqs] = wq; 3377 } 3378 3379 uobj = uobj_alloc(UVERBS_OBJECT_RWQ_IND_TBL, file, &ib_dev); 3380 if (IS_ERR(uobj)) { 3381 err = PTR_ERR(uobj); 3382 goto put_wqs; 3383 } 3384 3385 init_attr.log_ind_tbl_size = cmd.log_ind_tbl_size; 3386 init_attr.ind_tbl = wqs; 3387 3388 if (!ib_dev->create_rwq_ind_table) { 3389 err = -EOPNOTSUPP; 3390 goto err_uobj; 3391 } 3392 rwq_ind_tbl = ib_dev->create_rwq_ind_table(ib_dev, &init_attr, uhw); 3393 3394 if (IS_ERR(rwq_ind_tbl)) { 3395 err = PTR_ERR(rwq_ind_tbl); 3396 goto err_uobj; 3397 } 3398 3399 rwq_ind_tbl->ind_tbl = wqs; 3400 rwq_ind_tbl->log_ind_tbl_size = init_attr.log_ind_tbl_size; 3401 rwq_ind_tbl->uobject = uobj; 3402 uobj->object = rwq_ind_tbl; 3403 rwq_ind_tbl->device = ib_dev; 3404 atomic_set(&rwq_ind_tbl->usecnt, 0); 3405 3406 for (i = 0; i < num_wq_handles; i++) 3407 atomic_inc(&wqs[i]->usecnt); 3408 3409 resp.ind_tbl_handle = uobj->id; 3410 resp.ind_tbl_num = rwq_ind_tbl->ind_tbl_num; 3411 resp.response_length = required_resp_len; 3412 3413 err = ib_copy_to_udata(ucore, 3414 &resp, resp.response_length); 3415 if (err) 3416 goto err_copy; 3417 3418 kfree(wqs_handles); 3419 3420 for (j = 0; j < num_read_wqs; j++) 3421 uobj_put_obj_read(wqs[j]); 3422 3423 return uobj_alloc_commit(uobj, 0); 3424 3425 err_copy: 3426 ib_destroy_rwq_ind_table(rwq_ind_tbl); 3427 err_uobj: 3428 uobj_alloc_abort(uobj); 3429 put_wqs: 3430 for (j = 0; j < num_read_wqs; j++) 3431 uobj_put_obj_read(wqs[j]); 3432 err_free: 3433 kfree(wqs_handles); 3434 kfree(wqs); 3435 return err; 3436 } 3437 3438 int ib_uverbs_ex_destroy_rwq_ind_table(struct ib_uverbs_file *file, 3439 struct ib_udata *ucore, 3440 struct ib_udata *uhw) 3441 { 3442 struct ib_uverbs_ex_destroy_rwq_ind_table cmd = {}; 3443 int ret; 3444 size_t required_cmd_sz; 3445 3446 required_cmd_sz = offsetof(typeof(cmd), ind_tbl_handle) + sizeof(cmd.ind_tbl_handle); 3447 3448 if (ucore->inlen < required_cmd_sz) 3449 return -EINVAL; 3450 3451 if (ucore->inlen > sizeof(cmd) && 3452 !ib_is_udata_cleared(ucore, sizeof(cmd), 3453 ucore->inlen - sizeof(cmd))) 3454 return -EOPNOTSUPP; 3455 3456 ret = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen)); 3457 if (ret) 3458 return ret; 3459 3460 if (cmd.comp_mask) 3461 return -EOPNOTSUPP; 3462 3463 return uobj_perform_destroy(UVERBS_OBJECT_RWQ_IND_TBL, 3464 cmd.ind_tbl_handle, file, 0); 3465 } 3466 3467 int ib_uverbs_ex_create_flow(struct ib_uverbs_file *file, 3468 struct ib_udata *ucore, 3469 struct ib_udata *uhw) 3470 { 3471 struct ib_uverbs_create_flow cmd; 3472 struct ib_uverbs_create_flow_resp resp; 3473 struct ib_uobject *uobj; 3474 struct ib_flow *flow_id; 3475 struct ib_uverbs_flow_attr *kern_flow_attr; 3476 struct ib_flow_attr *flow_attr; 3477 struct ib_qp *qp; 3478 struct ib_uflow_resources *uflow_res; 3479 struct ib_uverbs_flow_spec_hdr *kern_spec; 3480 int err = 0; 3481 void *ib_spec; 3482 int i; 3483 struct ib_device *ib_dev; 3484 3485 if (ucore->inlen < sizeof(cmd)) 3486 return -EINVAL; 3487 3488 if (ucore->outlen < sizeof(resp)) 3489 return -ENOSPC; 3490 3491 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd)); 3492 if (err) 3493 return err; 3494 3495 ucore->inbuf += sizeof(cmd); 3496 ucore->inlen -= sizeof(cmd); 3497 3498 if (cmd.comp_mask) 3499 return -EINVAL; 3500 3501 if (!capable(CAP_NET_RAW)) 3502 return -EPERM; 3503 3504 if (cmd.flow_attr.flags >= IB_FLOW_ATTR_FLAGS_RESERVED) 3505 return -EINVAL; 3506 3507 if ((cmd.flow_attr.flags & IB_FLOW_ATTR_FLAGS_DONT_TRAP) && 3508 ((cmd.flow_attr.type == IB_FLOW_ATTR_ALL_DEFAULT) || 3509 (cmd.flow_attr.type == IB_FLOW_ATTR_MC_DEFAULT))) 3510 return -EINVAL; 3511 3512 if (cmd.flow_attr.num_of_specs > IB_FLOW_SPEC_SUPPORT_LAYERS) 3513 return -EINVAL; 3514 3515 if (cmd.flow_attr.size > ucore->inlen || 3516 cmd.flow_attr.size > 3517 (cmd.flow_attr.num_of_specs * sizeof(struct ib_uverbs_flow_spec))) 3518 return -EINVAL; 3519 3520 if (cmd.flow_attr.reserved[0] || 3521 cmd.flow_attr.reserved[1]) 3522 return -EINVAL; 3523 3524 if (cmd.flow_attr.num_of_specs) { 3525 kern_flow_attr = kmalloc(sizeof(*kern_flow_attr) + cmd.flow_attr.size, 3526 GFP_KERNEL); 3527 if (!kern_flow_attr) 3528 return -ENOMEM; 3529 3530 *kern_flow_attr = cmd.flow_attr; 3531 err = ib_copy_from_udata(&kern_flow_attr->flow_specs, ucore, 3532 cmd.flow_attr.size); 3533 if (err) 3534 goto err_free_attr; 3535 } else { 3536 kern_flow_attr = &cmd.flow_attr; 3537 } 3538 3539 uobj = uobj_alloc(UVERBS_OBJECT_FLOW, file, &ib_dev); 3540 if (IS_ERR(uobj)) { 3541 err = PTR_ERR(uobj); 3542 goto err_free_attr; 3543 } 3544 3545 qp = uobj_get_obj_read(qp, UVERBS_OBJECT_QP, cmd.qp_handle, file); 3546 if (!qp) { 3547 err = -EINVAL; 3548 goto err_uobj; 3549 } 3550 3551 if (qp->qp_type != IB_QPT_UD && qp->qp_type != IB_QPT_RAW_PACKET) { 3552 err = -EINVAL; 3553 goto err_put; 3554 } 3555 3556 if (!qp->device->create_flow) { 3557 err = -EOPNOTSUPP; 3558 goto err_put; 3559 } 3560 3561 flow_attr = kzalloc(struct_size(flow_attr, flows, 3562 cmd.flow_attr.num_of_specs), GFP_KERNEL); 3563 if (!flow_attr) { 3564 err = -ENOMEM; 3565 goto err_put; 3566 } 3567 uflow_res = flow_resources_alloc(cmd.flow_attr.num_of_specs); 3568 if (!uflow_res) { 3569 err = -ENOMEM; 3570 goto err_free_flow_attr; 3571 } 3572 3573 flow_attr->type = kern_flow_attr->type; 3574 flow_attr->priority = kern_flow_attr->priority; 3575 flow_attr->num_of_specs = kern_flow_attr->num_of_specs; 3576 flow_attr->port = kern_flow_attr->port; 3577 flow_attr->flags = kern_flow_attr->flags; 3578 flow_attr->size = sizeof(*flow_attr); 3579 3580 kern_spec = kern_flow_attr->flow_specs; 3581 ib_spec = flow_attr + 1; 3582 for (i = 0; i < flow_attr->num_of_specs && 3583 cmd.flow_attr.size >= sizeof(*kern_spec) && 3584 cmd.flow_attr.size >= kern_spec->size; 3585 i++) { 3586 err = kern_spec_to_ib_spec( 3587 file, (struct ib_uverbs_flow_spec *)kern_spec, 3588 ib_spec, uflow_res); 3589 if (err) 3590 goto err_free; 3591 3592 flow_attr->size += 3593 ((union ib_flow_spec *) ib_spec)->size; 3594 cmd.flow_attr.size -= kern_spec->size; 3595 kern_spec = ((void *)kern_spec) + kern_spec->size; 3596 ib_spec += ((union ib_flow_spec *) ib_spec)->size; 3597 } 3598 if (cmd.flow_attr.size || (i != flow_attr->num_of_specs)) { 3599 pr_warn("create flow failed, flow %d: %d bytes left from uverb cmd\n", 3600 i, cmd.flow_attr.size); 3601 err = -EINVAL; 3602 goto err_free; 3603 } 3604 3605 flow_id = qp->device->create_flow(qp, flow_attr, 3606 IB_FLOW_DOMAIN_USER, uhw); 3607 3608 if (IS_ERR(flow_id)) { 3609 err = PTR_ERR(flow_id); 3610 goto err_free; 3611 } 3612 3613 ib_set_flow(uobj, flow_id, qp, qp->device, uflow_res); 3614 3615 memset(&resp, 0, sizeof(resp)); 3616 resp.flow_handle = uobj->id; 3617 3618 err = ib_copy_to_udata(ucore, 3619 &resp, sizeof(resp)); 3620 if (err) 3621 goto err_copy; 3622 3623 uobj_put_obj_read(qp); 3624 kfree(flow_attr); 3625 if (cmd.flow_attr.num_of_specs) 3626 kfree(kern_flow_attr); 3627 return uobj_alloc_commit(uobj, 0); 3628 err_copy: 3629 if (!qp->device->destroy_flow(flow_id)) 3630 atomic_dec(&qp->usecnt); 3631 err_free: 3632 ib_uverbs_flow_resources_free(uflow_res); 3633 err_free_flow_attr: 3634 kfree(flow_attr); 3635 err_put: 3636 uobj_put_obj_read(qp); 3637 err_uobj: 3638 uobj_alloc_abort(uobj); 3639 err_free_attr: 3640 if (cmd.flow_attr.num_of_specs) 3641 kfree(kern_flow_attr); 3642 return err; 3643 } 3644 3645 int ib_uverbs_ex_destroy_flow(struct ib_uverbs_file *file, 3646 struct ib_udata *ucore, 3647 struct ib_udata *uhw) 3648 { 3649 struct ib_uverbs_destroy_flow cmd; 3650 int ret; 3651 3652 if (ucore->inlen < sizeof(cmd)) 3653 return -EINVAL; 3654 3655 ret = ib_copy_from_udata(&cmd, ucore, sizeof(cmd)); 3656 if (ret) 3657 return ret; 3658 3659 if (cmd.comp_mask) 3660 return -EINVAL; 3661 3662 return uobj_perform_destroy(UVERBS_OBJECT_FLOW, cmd.flow_handle, file, 3663 0); 3664 } 3665 3666 static int __uverbs_create_xsrq(struct ib_uverbs_file *file, 3667 struct ib_uverbs_create_xsrq *cmd, 3668 struct ib_udata *udata) 3669 { 3670 struct ib_uverbs_create_srq_resp resp; 3671 struct ib_usrq_object *obj; 3672 struct ib_pd *pd; 3673 struct ib_srq *srq; 3674 struct ib_uobject *uninitialized_var(xrcd_uobj); 3675 struct ib_srq_init_attr attr; 3676 int ret; 3677 struct ib_device *ib_dev; 3678 3679 obj = (struct ib_usrq_object *)uobj_alloc(UVERBS_OBJECT_SRQ, file, 3680 &ib_dev); 3681 if (IS_ERR(obj)) 3682 return PTR_ERR(obj); 3683 3684 if (cmd->srq_type == IB_SRQT_TM) 3685 attr.ext.tag_matching.max_num_tags = cmd->max_num_tags; 3686 3687 if (cmd->srq_type == IB_SRQT_XRC) { 3688 xrcd_uobj = uobj_get_read(UVERBS_OBJECT_XRCD, cmd->xrcd_handle, 3689 file); 3690 if (IS_ERR(xrcd_uobj)) { 3691 ret = -EINVAL; 3692 goto err; 3693 } 3694 3695 attr.ext.xrc.xrcd = (struct ib_xrcd *)xrcd_uobj->object; 3696 if (!attr.ext.xrc.xrcd) { 3697 ret = -EINVAL; 3698 goto err_put_xrcd; 3699 } 3700 3701 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object, uobject); 3702 atomic_inc(&obj->uxrcd->refcnt); 3703 } 3704 3705 if (ib_srq_has_cq(cmd->srq_type)) { 3706 attr.ext.cq = uobj_get_obj_read(cq, UVERBS_OBJECT_CQ, 3707 cmd->cq_handle, file); 3708 if (!attr.ext.cq) { 3709 ret = -EINVAL; 3710 goto err_put_xrcd; 3711 } 3712 } 3713 3714 pd = uobj_get_obj_read(pd, UVERBS_OBJECT_PD, cmd->pd_handle, file); 3715 if (!pd) { 3716 ret = -EINVAL; 3717 goto err_put_cq; 3718 } 3719 3720 attr.event_handler = ib_uverbs_srq_event_handler; 3721 attr.srq_context = file; 3722 attr.srq_type = cmd->srq_type; 3723 attr.attr.max_wr = cmd->max_wr; 3724 attr.attr.max_sge = cmd->max_sge; 3725 attr.attr.srq_limit = cmd->srq_limit; 3726 3727 obj->uevent.events_reported = 0; 3728 INIT_LIST_HEAD(&obj->uevent.event_list); 3729 3730 srq = pd->device->create_srq(pd, &attr, udata); 3731 if (IS_ERR(srq)) { 3732 ret = PTR_ERR(srq); 3733 goto err_put; 3734 } 3735 3736 srq->device = pd->device; 3737 srq->pd = pd; 3738 srq->srq_type = cmd->srq_type; 3739 srq->uobject = &obj->uevent.uobject; 3740 srq->event_handler = attr.event_handler; 3741 srq->srq_context = attr.srq_context; 3742 3743 if (ib_srq_has_cq(cmd->srq_type)) { 3744 srq->ext.cq = attr.ext.cq; 3745 atomic_inc(&attr.ext.cq->usecnt); 3746 } 3747 3748 if (cmd->srq_type == IB_SRQT_XRC) { 3749 srq->ext.xrc.xrcd = attr.ext.xrc.xrcd; 3750 atomic_inc(&attr.ext.xrc.xrcd->usecnt); 3751 } 3752 3753 atomic_inc(&pd->usecnt); 3754 atomic_set(&srq->usecnt, 0); 3755 3756 obj->uevent.uobject.object = srq; 3757 obj->uevent.uobject.user_handle = cmd->user_handle; 3758 3759 memset(&resp, 0, sizeof resp); 3760 resp.srq_handle = obj->uevent.uobject.id; 3761 resp.max_wr = attr.attr.max_wr; 3762 resp.max_sge = attr.attr.max_sge; 3763 if (cmd->srq_type == IB_SRQT_XRC) 3764 resp.srqn = srq->ext.xrc.srq_num; 3765 3766 if (copy_to_user(u64_to_user_ptr(cmd->response), 3767 &resp, sizeof resp)) { 3768 ret = -EFAULT; 3769 goto err_copy; 3770 } 3771 3772 if (cmd->srq_type == IB_SRQT_XRC) 3773 uobj_put_read(xrcd_uobj); 3774 3775 if (ib_srq_has_cq(cmd->srq_type)) 3776 uobj_put_obj_read(attr.ext.cq); 3777 3778 uobj_put_obj_read(pd); 3779 return uobj_alloc_commit(&obj->uevent.uobject, 0); 3780 3781 err_copy: 3782 ib_destroy_srq(srq); 3783 3784 err_put: 3785 uobj_put_obj_read(pd); 3786 3787 err_put_cq: 3788 if (ib_srq_has_cq(cmd->srq_type)) 3789 uobj_put_obj_read(attr.ext.cq); 3790 3791 err_put_xrcd: 3792 if (cmd->srq_type == IB_SRQT_XRC) { 3793 atomic_dec(&obj->uxrcd->refcnt); 3794 uobj_put_read(xrcd_uobj); 3795 } 3796 3797 err: 3798 uobj_alloc_abort(&obj->uevent.uobject); 3799 return ret; 3800 } 3801 3802 ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file, 3803 const char __user *buf, int in_len, 3804 int out_len) 3805 { 3806 struct ib_uverbs_create_srq cmd; 3807 struct ib_uverbs_create_xsrq xcmd; 3808 struct ib_uverbs_create_srq_resp resp; 3809 struct ib_udata udata; 3810 int ret; 3811 3812 if (out_len < sizeof resp) 3813 return -ENOSPC; 3814 3815 if (copy_from_user(&cmd, buf, sizeof cmd)) 3816 return -EFAULT; 3817 3818 memset(&xcmd, 0, sizeof(xcmd)); 3819 xcmd.response = cmd.response; 3820 xcmd.user_handle = cmd.user_handle; 3821 xcmd.srq_type = IB_SRQT_BASIC; 3822 xcmd.pd_handle = cmd.pd_handle; 3823 xcmd.max_wr = cmd.max_wr; 3824 xcmd.max_sge = cmd.max_sge; 3825 xcmd.srq_limit = cmd.srq_limit; 3826 3827 ib_uverbs_init_udata(&udata, buf + sizeof(cmd), 3828 u64_to_user_ptr(cmd.response) + sizeof(resp), 3829 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr), 3830 out_len - sizeof(resp)); 3831 3832 ret = __uverbs_create_xsrq(file, &xcmd, &udata); 3833 if (ret) 3834 return ret; 3835 3836 return in_len; 3837 } 3838 3839 ssize_t ib_uverbs_create_xsrq(struct ib_uverbs_file *file, 3840 const char __user *buf, int in_len, int out_len) 3841 { 3842 struct ib_uverbs_create_xsrq cmd; 3843 struct ib_uverbs_create_srq_resp resp; 3844 struct ib_udata udata; 3845 int ret; 3846 3847 if (out_len < sizeof resp) 3848 return -ENOSPC; 3849 3850 if (copy_from_user(&cmd, buf, sizeof cmd)) 3851 return -EFAULT; 3852 3853 ib_uverbs_init_udata(&udata, buf + sizeof(cmd), 3854 u64_to_user_ptr(cmd.response) + sizeof(resp), 3855 in_len - sizeof(cmd) - sizeof(struct ib_uverbs_cmd_hdr), 3856 out_len - sizeof(resp)); 3857 3858 ret = __uverbs_create_xsrq(file, &cmd, &udata); 3859 if (ret) 3860 return ret; 3861 3862 return in_len; 3863 } 3864 3865 ssize_t ib_uverbs_modify_srq(struct ib_uverbs_file *file, 3866 const char __user *buf, int in_len, 3867 int out_len) 3868 { 3869 struct ib_uverbs_modify_srq cmd; 3870 struct ib_udata udata; 3871 struct ib_srq *srq; 3872 struct ib_srq_attr attr; 3873 int ret; 3874 3875 if (copy_from_user(&cmd, buf, sizeof cmd)) 3876 return -EFAULT; 3877 3878 ib_uverbs_init_udata(&udata, buf + sizeof cmd, NULL, in_len - sizeof cmd, 3879 out_len); 3880 3881 srq = uobj_get_obj_read(srq, UVERBS_OBJECT_SRQ, cmd.srq_handle, file); 3882 if (!srq) 3883 return -EINVAL; 3884 3885 attr.max_wr = cmd.max_wr; 3886 attr.srq_limit = cmd.srq_limit; 3887 3888 ret = srq->device->modify_srq(srq, &attr, cmd.attr_mask, &udata); 3889 3890 uobj_put_obj_read(srq); 3891 3892 return ret ? ret : in_len; 3893 } 3894 3895 ssize_t ib_uverbs_query_srq(struct ib_uverbs_file *file, 3896 const char __user *buf, 3897 int in_len, int out_len) 3898 { 3899 struct ib_uverbs_query_srq cmd; 3900 struct ib_uverbs_query_srq_resp resp; 3901 struct ib_srq_attr attr; 3902 struct ib_srq *srq; 3903 int ret; 3904 3905 if (out_len < sizeof resp) 3906 return -ENOSPC; 3907 3908 if (copy_from_user(&cmd, buf, sizeof cmd)) 3909 return -EFAULT; 3910 3911 srq = uobj_get_obj_read(srq, UVERBS_OBJECT_SRQ, cmd.srq_handle, file); 3912 if (!srq) 3913 return -EINVAL; 3914 3915 ret = ib_query_srq(srq, &attr); 3916 3917 uobj_put_obj_read(srq); 3918 3919 if (ret) 3920 return ret; 3921 3922 memset(&resp, 0, sizeof resp); 3923 3924 resp.max_wr = attr.max_wr; 3925 resp.max_sge = attr.max_sge; 3926 resp.srq_limit = attr.srq_limit; 3927 3928 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof resp)) 3929 return -EFAULT; 3930 3931 return in_len; 3932 } 3933 3934 ssize_t ib_uverbs_destroy_srq(struct ib_uverbs_file *file, 3935 const char __user *buf, int in_len, 3936 int out_len) 3937 { 3938 struct ib_uverbs_destroy_srq cmd; 3939 struct ib_uverbs_destroy_srq_resp resp; 3940 struct ib_uobject *uobj; 3941 struct ib_uevent_object *obj; 3942 3943 if (copy_from_user(&cmd, buf, sizeof cmd)) 3944 return -EFAULT; 3945 3946 uobj = uobj_get_destroy(UVERBS_OBJECT_SRQ, cmd.srq_handle, file); 3947 if (IS_ERR(uobj)) 3948 return PTR_ERR(uobj); 3949 3950 obj = container_of(uobj, struct ib_uevent_object, uobject); 3951 memset(&resp, 0, sizeof(resp)); 3952 resp.events_reported = obj->events_reported; 3953 3954 uobj_put_destroy(uobj); 3955 3956 if (copy_to_user(u64_to_user_ptr(cmd.response), &resp, sizeof(resp))) 3957 return -EFAULT; 3958 3959 return in_len; 3960 } 3961 3962 int ib_uverbs_ex_query_device(struct ib_uverbs_file *file, 3963 struct ib_udata *ucore, 3964 struct ib_udata *uhw) 3965 { 3966 struct ib_uverbs_ex_query_device_resp resp = { {0} }; 3967 struct ib_uverbs_ex_query_device cmd; 3968 struct ib_device_attr attr = {0}; 3969 struct ib_ucontext *ucontext; 3970 struct ib_device *ib_dev; 3971 int err; 3972 3973 ucontext = ib_uverbs_get_ucontext(file); 3974 if (IS_ERR(ucontext)) 3975 return PTR_ERR(ucontext); 3976 ib_dev = ucontext->device; 3977 3978 if (!ib_dev->query_device) 3979 return -EOPNOTSUPP; 3980 3981 if (ucore->inlen < sizeof(cmd)) 3982 return -EINVAL; 3983 3984 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd)); 3985 if (err) 3986 return err; 3987 3988 if (cmd.comp_mask) 3989 return -EINVAL; 3990 3991 if (cmd.reserved) 3992 return -EINVAL; 3993 3994 resp.response_length = offsetof(typeof(resp), odp_caps); 3995 3996 if (ucore->outlen < resp.response_length) 3997 return -ENOSPC; 3998 3999 err = ib_dev->query_device(ib_dev, &attr, uhw); 4000 if (err) 4001 return err; 4002 4003 copy_query_dev_fields(ucontext, &resp.base, &attr); 4004 4005 if (ucore->outlen < resp.response_length + sizeof(resp.odp_caps)) 4006 goto end; 4007 4008 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING 4009 resp.odp_caps.general_caps = attr.odp_caps.general_caps; 4010 resp.odp_caps.per_transport_caps.rc_odp_caps = 4011 attr.odp_caps.per_transport_caps.rc_odp_caps; 4012 resp.odp_caps.per_transport_caps.uc_odp_caps = 4013 attr.odp_caps.per_transport_caps.uc_odp_caps; 4014 resp.odp_caps.per_transport_caps.ud_odp_caps = 4015 attr.odp_caps.per_transport_caps.ud_odp_caps; 4016 #endif 4017 resp.response_length += sizeof(resp.odp_caps); 4018 4019 if (ucore->outlen < resp.response_length + sizeof(resp.timestamp_mask)) 4020 goto end; 4021 4022 resp.timestamp_mask = attr.timestamp_mask; 4023 resp.response_length += sizeof(resp.timestamp_mask); 4024 4025 if (ucore->outlen < resp.response_length + sizeof(resp.hca_core_clock)) 4026 goto end; 4027 4028 resp.hca_core_clock = attr.hca_core_clock; 4029 resp.response_length += sizeof(resp.hca_core_clock); 4030 4031 if (ucore->outlen < resp.response_length + sizeof(resp.device_cap_flags_ex)) 4032 goto end; 4033 4034 resp.device_cap_flags_ex = attr.device_cap_flags; 4035 resp.response_length += sizeof(resp.device_cap_flags_ex); 4036 4037 if (ucore->outlen < resp.response_length + sizeof(resp.rss_caps)) 4038 goto end; 4039 4040 resp.rss_caps.supported_qpts = attr.rss_caps.supported_qpts; 4041 resp.rss_caps.max_rwq_indirection_tables = 4042 attr.rss_caps.max_rwq_indirection_tables; 4043 resp.rss_caps.max_rwq_indirection_table_size = 4044 attr.rss_caps.max_rwq_indirection_table_size; 4045 4046 resp.response_length += sizeof(resp.rss_caps); 4047 4048 if (ucore->outlen < resp.response_length + sizeof(resp.max_wq_type_rq)) 4049 goto end; 4050 4051 resp.max_wq_type_rq = attr.max_wq_type_rq; 4052 resp.response_length += sizeof(resp.max_wq_type_rq); 4053 4054 if (ucore->outlen < resp.response_length + sizeof(resp.raw_packet_caps)) 4055 goto end; 4056 4057 resp.raw_packet_caps = attr.raw_packet_caps; 4058 resp.response_length += sizeof(resp.raw_packet_caps); 4059 4060 if (ucore->outlen < resp.response_length + sizeof(resp.tm_caps)) 4061 goto end; 4062 4063 resp.tm_caps.max_rndv_hdr_size = attr.tm_caps.max_rndv_hdr_size; 4064 resp.tm_caps.max_num_tags = attr.tm_caps.max_num_tags; 4065 resp.tm_caps.max_ops = attr.tm_caps.max_ops; 4066 resp.tm_caps.max_sge = attr.tm_caps.max_sge; 4067 resp.tm_caps.flags = attr.tm_caps.flags; 4068 resp.response_length += sizeof(resp.tm_caps); 4069 4070 if (ucore->outlen < resp.response_length + sizeof(resp.cq_moderation_caps)) 4071 goto end; 4072 4073 resp.cq_moderation_caps.max_cq_moderation_count = 4074 attr.cq_caps.max_cq_moderation_count; 4075 resp.cq_moderation_caps.max_cq_moderation_period = 4076 attr.cq_caps.max_cq_moderation_period; 4077 resp.response_length += sizeof(resp.cq_moderation_caps); 4078 4079 if (ucore->outlen < resp.response_length + sizeof(resp.max_dm_size)) 4080 goto end; 4081 4082 resp.max_dm_size = attr.max_dm_size; 4083 resp.response_length += sizeof(resp.max_dm_size); 4084 end: 4085 err = ib_copy_to_udata(ucore, &resp, resp.response_length); 4086 return err; 4087 } 4088 4089 int ib_uverbs_ex_modify_cq(struct ib_uverbs_file *file, 4090 struct ib_udata *ucore, 4091 struct ib_udata *uhw) 4092 { 4093 struct ib_uverbs_ex_modify_cq cmd = {}; 4094 struct ib_cq *cq; 4095 size_t required_cmd_sz; 4096 int ret; 4097 4098 required_cmd_sz = offsetof(typeof(cmd), reserved) + 4099 sizeof(cmd.reserved); 4100 if (ucore->inlen < required_cmd_sz) 4101 return -EINVAL; 4102 4103 /* sanity checks */ 4104 if (ucore->inlen > sizeof(cmd) && 4105 !ib_is_udata_cleared(ucore, sizeof(cmd), 4106 ucore->inlen - sizeof(cmd))) 4107 return -EOPNOTSUPP; 4108 4109 ret = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen)); 4110 if (ret) 4111 return ret; 4112 4113 if (!cmd.attr_mask || cmd.reserved) 4114 return -EINVAL; 4115 4116 if (cmd.attr_mask > IB_CQ_MODERATE) 4117 return -EOPNOTSUPP; 4118 4119 cq = uobj_get_obj_read(cq, UVERBS_OBJECT_CQ, cmd.cq_handle, file); 4120 if (!cq) 4121 return -EINVAL; 4122 4123 ret = rdma_set_cq_moderation(cq, cmd.attr.cq_count, cmd.attr.cq_period); 4124 4125 uobj_put_obj_read(cq); 4126 4127 return ret; 4128 } 4129