1 /*
2  * Copyright (c) 2017, Mellanox Technologies inc.  All rights reserved.
3  *
4  * This software is available to you under a choice of one of two
5  * licenses.  You may choose to be licensed under the terms of the GNU
6  * General Public License (GPL) Version 2, available from the file
7  * COPYING in the main directory of this source tree, or the
8  * OpenIB.org BSD license below:
9  *
10  *     Redistribution and use in source and binary forms, with or
11  *     without modification, are permitted provided that the following
12  *     conditions are met:
13  *
14  *      - Redistributions of source code must retain the above
15  *        copyright notice, this list of conditions and the following
16  *        disclaimer.
17  *
18  *      - Redistributions in binary form must reproduce the above
19  *        copyright notice, this list of conditions and the following
20  *        disclaimer in the documentation and/or other materials
21  *        provided with the distribution.
22  *
23  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30  * SOFTWARE.
31  */
32 
33 #include <rdma/rdma_user_ioctl.h>
34 #include <rdma/uverbs_ioctl.h>
35 #include "rdma_core.h"
36 #include "uverbs.h"
37 
38 static int uverbs_process_attr(struct ib_device *ibdev,
39 			       struct ib_ucontext *ucontext,
40 			       const struct ib_uverbs_attr *uattr,
41 			       u16 attr_id,
42 			       const struct uverbs_attr_spec_hash *attr_spec_bucket,
43 			       struct uverbs_attr_bundle_hash *attr_bundle_h,
44 			       struct ib_uverbs_attr __user *uattr_ptr)
45 {
46 	const struct uverbs_attr_spec *spec;
47 	struct uverbs_attr *e;
48 	const struct uverbs_object_spec *object;
49 	struct uverbs_obj_attr *o_attr;
50 	struct uverbs_attr *elements = attr_bundle_h->attrs;
51 
52 	if (uattr->reserved)
53 		return -EINVAL;
54 
55 	if (attr_id >= attr_spec_bucket->num_attrs) {
56 		if (uattr->flags & UVERBS_ATTR_F_MANDATORY)
57 			return -EINVAL;
58 		else
59 			return 0;
60 	}
61 
62 	spec = &attr_spec_bucket->attrs[attr_id];
63 	e = &elements[attr_id];
64 	e->uattr = uattr_ptr;
65 
66 	switch (spec->type) {
67 	case UVERBS_ATTR_TYPE_PTR_IN:
68 	case UVERBS_ATTR_TYPE_PTR_OUT:
69 		if (uattr->len < spec->len ||
70 		    (!(spec->flags & UVERBS_ATTR_SPEC_F_MIN_SZ) &&
71 		     uattr->len > spec->len))
72 			return -EINVAL;
73 
74 		e->ptr_attr.data = uattr->data;
75 		e->ptr_attr.len = uattr->len;
76 		e->ptr_attr.flags = uattr->flags;
77 		break;
78 
79 	case UVERBS_ATTR_TYPE_IDR:
80 		if (uattr->data >> 32)
81 			return -EINVAL;
82 	/* fall through */
83 	case UVERBS_ATTR_TYPE_FD:
84 		if (uattr->len != 0 || !ucontext || uattr->data > INT_MAX)
85 			return -EINVAL;
86 
87 		o_attr = &e->obj_attr;
88 		object = uverbs_get_object(ibdev, spec->obj.obj_type);
89 		if (!object)
90 			return -EINVAL;
91 		o_attr->type = object->type_attrs;
92 
93 		o_attr->id = (int)uattr->data;
94 		o_attr->uobject = uverbs_get_uobject_from_context(
95 					o_attr->type,
96 					ucontext,
97 					spec->obj.access,
98 					o_attr->id);
99 
100 		if (IS_ERR(o_attr->uobject))
101 			return PTR_ERR(o_attr->uobject);
102 
103 		if (spec->obj.access == UVERBS_ACCESS_NEW) {
104 			u64 id = o_attr->uobject->id;
105 
106 			/* Copy the allocated id to the user-space */
107 			if (put_user(id, &e->uattr->data)) {
108 				uverbs_finalize_object(o_attr->uobject,
109 						       UVERBS_ACCESS_NEW,
110 						       false);
111 				return -EFAULT;
112 			}
113 		}
114 
115 		break;
116 	default:
117 		return -EOPNOTSUPP;
118 	}
119 
120 	set_bit(attr_id, attr_bundle_h->valid_bitmap);
121 	return 0;
122 }
123 
124 static int uverbs_uattrs_process(struct ib_device *ibdev,
125 				 struct ib_ucontext *ucontext,
126 				 const struct ib_uverbs_attr *uattrs,
127 				 size_t num_uattrs,
128 				 const struct uverbs_method_spec *method,
129 				 struct uverbs_attr_bundle *attr_bundle,
130 				 struct ib_uverbs_attr __user *uattr_ptr)
131 {
132 	size_t i;
133 	int ret = 0;
134 	int num_given_buckets = 0;
135 
136 	for (i = 0; i < num_uattrs; i++) {
137 		const struct ib_uverbs_attr *uattr = &uattrs[i];
138 		u16 attr_id = uattr->attr_id;
139 		struct uverbs_attr_spec_hash *attr_spec_bucket;
140 
141 		ret = uverbs_ns_idx(&attr_id, method->num_buckets);
142 		if (ret < 0) {
143 			if (uattr->flags & UVERBS_ATTR_F_MANDATORY) {
144 				uverbs_finalize_objects(attr_bundle,
145 							method->attr_buckets,
146 							num_given_buckets,
147 							false);
148 				return ret;
149 			}
150 			continue;
151 		}
152 
153 		/*
154 		 * ret is the found ns, so increase num_given_buckets if
155 		 * necessary.
156 		 */
157 		if (ret >= num_given_buckets)
158 			num_given_buckets = ret + 1;
159 
160 		attr_spec_bucket = method->attr_buckets[ret];
161 		ret = uverbs_process_attr(ibdev, ucontext, uattr, attr_id,
162 					  attr_spec_bucket, &attr_bundle->hash[ret],
163 					  uattr_ptr++);
164 		if (ret) {
165 			uverbs_finalize_objects(attr_bundle,
166 						method->attr_buckets,
167 						num_given_buckets,
168 						false);
169 			return ret;
170 		}
171 	}
172 
173 	return num_given_buckets;
174 }
175 
176 static int uverbs_validate_kernel_mandatory(const struct uverbs_method_spec *method_spec,
177 					    struct uverbs_attr_bundle *attr_bundle)
178 {
179 	unsigned int i;
180 
181 	for (i = 0; i < attr_bundle->num_buckets; i++) {
182 		struct uverbs_attr_spec_hash *attr_spec_bucket =
183 			method_spec->attr_buckets[i];
184 
185 		if (!bitmap_subset(attr_spec_bucket->mandatory_attrs_bitmask,
186 				   attr_bundle->hash[i].valid_bitmap,
187 				   attr_spec_bucket->num_attrs))
188 			return -EINVAL;
189 	}
190 
191 	return 0;
192 }
193 
194 static int uverbs_handle_method(struct ib_uverbs_attr __user *uattr_ptr,
195 				const struct ib_uverbs_attr *uattrs,
196 				size_t num_uattrs,
197 				struct ib_device *ibdev,
198 				struct ib_uverbs_file *ufile,
199 				const struct uverbs_method_spec *method_spec,
200 				struct uverbs_attr_bundle *attr_bundle)
201 {
202 	int ret;
203 	int finalize_ret;
204 	int num_given_buckets;
205 
206 	num_given_buckets = uverbs_uattrs_process(ibdev, ufile->ucontext, uattrs,
207 						  num_uattrs, method_spec,
208 						  attr_bundle, uattr_ptr);
209 	if (num_given_buckets <= 0)
210 		return -EINVAL;
211 
212 	attr_bundle->num_buckets = num_given_buckets;
213 	ret = uverbs_validate_kernel_mandatory(method_spec, attr_bundle);
214 	if (ret)
215 		goto cleanup;
216 
217 	ret = method_spec->handler(ibdev, ufile, attr_bundle);
218 cleanup:
219 	finalize_ret = uverbs_finalize_objects(attr_bundle,
220 					       method_spec->attr_buckets,
221 					       attr_bundle->num_buckets,
222 					       !ret);
223 
224 	return ret ? ret : finalize_ret;
225 }
226 
227 #define UVERBS_OPTIMIZE_USING_STACK_SZ  256
228 static long ib_uverbs_cmd_verbs(struct ib_device *ib_dev,
229 				struct ib_uverbs_file *file,
230 				struct ib_uverbs_ioctl_hdr *hdr,
231 				void __user *buf)
232 {
233 	const struct uverbs_object_spec *object_spec;
234 	const struct uverbs_method_spec *method_spec;
235 	long err = 0;
236 	unsigned int i;
237 	struct {
238 		struct ib_uverbs_attr		*uattrs;
239 		struct uverbs_attr_bundle	*uverbs_attr_bundle;
240 	} *ctx = NULL;
241 	struct uverbs_attr *curr_attr;
242 	unsigned long *curr_bitmap;
243 	size_t ctx_size;
244 #ifdef UVERBS_OPTIMIZE_USING_STACK_SZ
245 	uintptr_t data[UVERBS_OPTIMIZE_USING_STACK_SZ / sizeof(uintptr_t)];
246 #endif
247 
248 	if (hdr->reserved)
249 		return -EINVAL;
250 
251 	object_spec = uverbs_get_object(ib_dev, hdr->object_id);
252 	if (!object_spec)
253 		return -EOPNOTSUPP;
254 
255 	method_spec = uverbs_get_method(object_spec, hdr->method_id);
256 	if (!method_spec)
257 		return -EOPNOTSUPP;
258 
259 	if ((method_spec->flags & UVERBS_ACTION_FLAG_CREATE_ROOT) ^ !file->ucontext)
260 		return -EINVAL;
261 
262 	ctx_size = sizeof(*ctx) +
263 		   sizeof(struct uverbs_attr_bundle) +
264 		   sizeof(struct uverbs_attr_bundle_hash) * method_spec->num_buckets +
265 		   sizeof(*ctx->uattrs) * hdr->num_attrs +
266 		   sizeof(*ctx->uverbs_attr_bundle->hash[0].attrs) *
267 		   method_spec->num_child_attrs +
268 		   sizeof(*ctx->uverbs_attr_bundle->hash[0].valid_bitmap) *
269 			(method_spec->num_child_attrs / BITS_PER_LONG +
270 			 method_spec->num_buckets);
271 
272 #ifdef UVERBS_OPTIMIZE_USING_STACK_SZ
273 	if (ctx_size <= UVERBS_OPTIMIZE_USING_STACK_SZ)
274 		ctx = (void *)data;
275 
276 	if (!ctx)
277 #endif
278 	ctx = kmalloc(ctx_size, GFP_KERNEL);
279 	if (!ctx)
280 		return -ENOMEM;
281 
282 	ctx->uverbs_attr_bundle = (void *)ctx + sizeof(*ctx);
283 	ctx->uattrs = (void *)(ctx->uverbs_attr_bundle + 1) +
284 			      (sizeof(ctx->uverbs_attr_bundle->hash[0]) *
285 			       method_spec->num_buckets);
286 	curr_attr = (void *)(ctx->uattrs + hdr->num_attrs);
287 	curr_bitmap = (void *)(curr_attr + method_spec->num_child_attrs);
288 
289 	/*
290 	 * We just fill the pointers and num_attrs here. The data itself will be
291 	 * filled at a later stage (uverbs_process_attr)
292 	 */
293 	for (i = 0; i < method_spec->num_buckets; i++) {
294 		unsigned int curr_num_attrs = method_spec->attr_buckets[i]->num_attrs;
295 
296 		ctx->uverbs_attr_bundle->hash[i].attrs = curr_attr;
297 		curr_attr += curr_num_attrs;
298 		ctx->uverbs_attr_bundle->hash[i].num_attrs = curr_num_attrs;
299 		ctx->uverbs_attr_bundle->hash[i].valid_bitmap = curr_bitmap;
300 		bitmap_zero(curr_bitmap, curr_num_attrs);
301 		curr_bitmap += BITS_TO_LONGS(curr_num_attrs);
302 	}
303 
304 	err = copy_from_user(ctx->uattrs, buf,
305 			     sizeof(*ctx->uattrs) * hdr->num_attrs);
306 	if (err) {
307 		err = -EFAULT;
308 		goto out;
309 	}
310 
311 	err = uverbs_handle_method(buf, ctx->uattrs, hdr->num_attrs, ib_dev,
312 				   file, method_spec, ctx->uverbs_attr_bundle);
313 out:
314 #ifdef UVERBS_OPTIMIZE_USING_STACK_SZ
315 	if (ctx_size > UVERBS_OPTIMIZE_USING_STACK_SZ)
316 #endif
317 	kfree(ctx);
318 	return err;
319 }
320 
321 #define IB_UVERBS_MAX_CMD_SZ 4096
322 
323 long ib_uverbs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
324 {
325 	struct ib_uverbs_file *file = filp->private_data;
326 	struct ib_uverbs_ioctl_hdr __user *user_hdr =
327 		(struct ib_uverbs_ioctl_hdr __user *)arg;
328 	struct ib_uverbs_ioctl_hdr hdr;
329 	struct ib_device *ib_dev;
330 	int srcu_key;
331 	long err;
332 
333 	srcu_key = srcu_read_lock(&file->device->disassociate_srcu);
334 	ib_dev = srcu_dereference(file->device->ib_dev,
335 				  &file->device->disassociate_srcu);
336 	if (!ib_dev) {
337 		err = -EIO;
338 		goto out;
339 	}
340 
341 	if (cmd == RDMA_VERBS_IOCTL) {
342 		err = copy_from_user(&hdr, user_hdr, sizeof(hdr));
343 
344 		if (err || hdr.length > IB_UVERBS_MAX_CMD_SZ ||
345 		    hdr.length != sizeof(hdr) + hdr.num_attrs * sizeof(struct ib_uverbs_attr)) {
346 			err = -EINVAL;
347 			goto out;
348 		}
349 
350 		if (hdr.reserved) {
351 			err = -EOPNOTSUPP;
352 			goto out;
353 		}
354 
355 		err = ib_uverbs_cmd_verbs(ib_dev, file, &hdr,
356 					  (__user void *)arg + sizeof(hdr));
357 	} else {
358 		err = -ENOIOCTLCMD;
359 	}
360 out:
361 	srcu_read_unlock(&file->device->disassociate_srcu, srcu_key);
362 
363 	return err;
364 }
365