1 /*
2  * Copyright (c) 2005 Topspin Communications.  All rights reserved.
3  * Copyright (c) 2005, 2006 Cisco Systems.  All rights reserved.
4  * Copyright (c) 2005 Mellanox Technologies. All rights reserved.
5  * Copyright (c) 2005 Voltaire, Inc. All rights reserved.
6  * Copyright (c) 2005 PathScale, Inc. All rights reserved.
7  *
8  * This software is available to you under a choice of one of two
9  * licenses.  You may choose to be licensed under the terms of the GNU
10  * General Public License (GPL) Version 2, available from the file
11  * COPYING in the main directory of this source tree, or the
12  * OpenIB.org BSD license below:
13  *
14  *     Redistribution and use in source and binary forms, with or
15  *     without modification, are permitted provided that the following
16  *     conditions are met:
17  *
18  *      - Redistributions of source code must retain the above
19  *        copyright notice, this list of conditions and the following
20  *        disclaimer.
21  *
22  *      - Redistributions in binary form must reproduce the above
23  *        copyright notice, this list of conditions and the following
24  *        disclaimer in the documentation and/or other materials
25  *        provided with the distribution.
26  *
27  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
28  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
29  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
30  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
31  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
32  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
33  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
34  * SOFTWARE.
35  */
36 
37 #include <linux/module.h>
38 #include <linux/init.h>
39 #include <linux/device.h>
40 #include <linux/err.h>
41 #include <linux/fs.h>
42 #include <linux/poll.h>
43 #include <linux/sched.h>
44 #include <linux/file.h>
45 #include <linux/cdev.h>
46 #include <linux/anon_inodes.h>
47 #include <linux/slab.h>
48 
49 #include <asm/uaccess.h>
50 
51 #include "uverbs.h"
52 
53 MODULE_AUTHOR("Roland Dreier");
54 MODULE_DESCRIPTION("InfiniBand userspace verbs access");
55 MODULE_LICENSE("Dual BSD/GPL");
56 
57 enum {
58 	IB_UVERBS_MAJOR       = 231,
59 	IB_UVERBS_BASE_MINOR  = 192,
60 	IB_UVERBS_MAX_DEVICES = 32
61 };
62 
63 #define IB_UVERBS_BASE_DEV	MKDEV(IB_UVERBS_MAJOR, IB_UVERBS_BASE_MINOR)
64 
65 static struct class *uverbs_class;
66 
67 DEFINE_SPINLOCK(ib_uverbs_idr_lock);
68 DEFINE_IDR(ib_uverbs_pd_idr);
69 DEFINE_IDR(ib_uverbs_mr_idr);
70 DEFINE_IDR(ib_uverbs_mw_idr);
71 DEFINE_IDR(ib_uverbs_ah_idr);
72 DEFINE_IDR(ib_uverbs_cq_idr);
73 DEFINE_IDR(ib_uverbs_qp_idr);
74 DEFINE_IDR(ib_uverbs_srq_idr);
75 DEFINE_IDR(ib_uverbs_xrcd_idr);
76 DEFINE_IDR(ib_uverbs_rule_idr);
77 
78 static DEFINE_SPINLOCK(map_lock);
79 static DECLARE_BITMAP(dev_map, IB_UVERBS_MAX_DEVICES);
80 
81 static ssize_t (*uverbs_cmd_table[])(struct ib_uverbs_file *file,
82 				     const char __user *buf, int in_len,
83 				     int out_len) = {
84 	[IB_USER_VERBS_CMD_GET_CONTEXT]		= ib_uverbs_get_context,
85 	[IB_USER_VERBS_CMD_QUERY_DEVICE]	= ib_uverbs_query_device,
86 	[IB_USER_VERBS_CMD_QUERY_PORT]		= ib_uverbs_query_port,
87 	[IB_USER_VERBS_CMD_ALLOC_PD]		= ib_uverbs_alloc_pd,
88 	[IB_USER_VERBS_CMD_DEALLOC_PD]		= ib_uverbs_dealloc_pd,
89 	[IB_USER_VERBS_CMD_REG_MR]		= ib_uverbs_reg_mr,
90 	[IB_USER_VERBS_CMD_REREG_MR]		= ib_uverbs_rereg_mr,
91 	[IB_USER_VERBS_CMD_DEREG_MR]		= ib_uverbs_dereg_mr,
92 	[IB_USER_VERBS_CMD_ALLOC_MW]		= ib_uverbs_alloc_mw,
93 	[IB_USER_VERBS_CMD_DEALLOC_MW]		= ib_uverbs_dealloc_mw,
94 	[IB_USER_VERBS_CMD_CREATE_COMP_CHANNEL] = ib_uverbs_create_comp_channel,
95 	[IB_USER_VERBS_CMD_CREATE_CQ]		= ib_uverbs_create_cq,
96 	[IB_USER_VERBS_CMD_RESIZE_CQ]		= ib_uverbs_resize_cq,
97 	[IB_USER_VERBS_CMD_POLL_CQ]		= ib_uverbs_poll_cq,
98 	[IB_USER_VERBS_CMD_REQ_NOTIFY_CQ]	= ib_uverbs_req_notify_cq,
99 	[IB_USER_VERBS_CMD_DESTROY_CQ]		= ib_uverbs_destroy_cq,
100 	[IB_USER_VERBS_CMD_CREATE_QP]		= ib_uverbs_create_qp,
101 	[IB_USER_VERBS_CMD_QUERY_QP]		= ib_uverbs_query_qp,
102 	[IB_USER_VERBS_CMD_MODIFY_QP]		= ib_uverbs_modify_qp,
103 	[IB_USER_VERBS_CMD_DESTROY_QP]		= ib_uverbs_destroy_qp,
104 	[IB_USER_VERBS_CMD_POST_SEND]		= ib_uverbs_post_send,
105 	[IB_USER_VERBS_CMD_POST_RECV]		= ib_uverbs_post_recv,
106 	[IB_USER_VERBS_CMD_POST_SRQ_RECV]	= ib_uverbs_post_srq_recv,
107 	[IB_USER_VERBS_CMD_CREATE_AH]		= ib_uverbs_create_ah,
108 	[IB_USER_VERBS_CMD_DESTROY_AH]		= ib_uverbs_destroy_ah,
109 	[IB_USER_VERBS_CMD_ATTACH_MCAST]	= ib_uverbs_attach_mcast,
110 	[IB_USER_VERBS_CMD_DETACH_MCAST]	= ib_uverbs_detach_mcast,
111 	[IB_USER_VERBS_CMD_CREATE_SRQ]		= ib_uverbs_create_srq,
112 	[IB_USER_VERBS_CMD_MODIFY_SRQ]		= ib_uverbs_modify_srq,
113 	[IB_USER_VERBS_CMD_QUERY_SRQ]		= ib_uverbs_query_srq,
114 	[IB_USER_VERBS_CMD_DESTROY_SRQ]		= ib_uverbs_destroy_srq,
115 	[IB_USER_VERBS_CMD_OPEN_XRCD]		= ib_uverbs_open_xrcd,
116 	[IB_USER_VERBS_CMD_CLOSE_XRCD]		= ib_uverbs_close_xrcd,
117 	[IB_USER_VERBS_CMD_CREATE_XSRQ]		= ib_uverbs_create_xsrq,
118 	[IB_USER_VERBS_CMD_OPEN_QP]		= ib_uverbs_open_qp,
119 };
120 
121 static int (*uverbs_ex_cmd_table[])(struct ib_uverbs_file *file,
122 				    struct ib_udata *ucore,
123 				    struct ib_udata *uhw) = {
124 	[IB_USER_VERBS_EX_CMD_CREATE_FLOW]	= ib_uverbs_ex_create_flow,
125 	[IB_USER_VERBS_EX_CMD_DESTROY_FLOW]	= ib_uverbs_ex_destroy_flow,
126 	[IB_USER_VERBS_EX_CMD_QUERY_DEVICE]	= ib_uverbs_ex_query_device,
127 };
128 
129 static void ib_uverbs_add_one(struct ib_device *device);
130 static void ib_uverbs_remove_one(struct ib_device *device);
131 
132 static void ib_uverbs_release_dev(struct kref *ref)
133 {
134 	struct ib_uverbs_device *dev =
135 		container_of(ref, struct ib_uverbs_device, ref);
136 
137 	complete(&dev->comp);
138 }
139 
140 static void ib_uverbs_release_event_file(struct kref *ref)
141 {
142 	struct ib_uverbs_event_file *file =
143 		container_of(ref, struct ib_uverbs_event_file, ref);
144 
145 	kfree(file);
146 }
147 
148 void ib_uverbs_release_ucq(struct ib_uverbs_file *file,
149 			  struct ib_uverbs_event_file *ev_file,
150 			  struct ib_ucq_object *uobj)
151 {
152 	struct ib_uverbs_event *evt, *tmp;
153 
154 	if (ev_file) {
155 		spin_lock_irq(&ev_file->lock);
156 		list_for_each_entry_safe(evt, tmp, &uobj->comp_list, obj_list) {
157 			list_del(&evt->list);
158 			kfree(evt);
159 		}
160 		spin_unlock_irq(&ev_file->lock);
161 
162 		kref_put(&ev_file->ref, ib_uverbs_release_event_file);
163 	}
164 
165 	spin_lock_irq(&file->async_file->lock);
166 	list_for_each_entry_safe(evt, tmp, &uobj->async_list, obj_list) {
167 		list_del(&evt->list);
168 		kfree(evt);
169 	}
170 	spin_unlock_irq(&file->async_file->lock);
171 }
172 
173 void ib_uverbs_release_uevent(struct ib_uverbs_file *file,
174 			      struct ib_uevent_object *uobj)
175 {
176 	struct ib_uverbs_event *evt, *tmp;
177 
178 	spin_lock_irq(&file->async_file->lock);
179 	list_for_each_entry_safe(evt, tmp, &uobj->event_list, obj_list) {
180 		list_del(&evt->list);
181 		kfree(evt);
182 	}
183 	spin_unlock_irq(&file->async_file->lock);
184 }
185 
186 static void ib_uverbs_detach_umcast(struct ib_qp *qp,
187 				    struct ib_uqp_object *uobj)
188 {
189 	struct ib_uverbs_mcast_entry *mcast, *tmp;
190 
191 	list_for_each_entry_safe(mcast, tmp, &uobj->mcast_list, list) {
192 		ib_detach_mcast(qp, &mcast->gid, mcast->lid);
193 		list_del(&mcast->list);
194 		kfree(mcast);
195 	}
196 }
197 
198 static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file,
199 				      struct ib_ucontext *context)
200 {
201 	struct ib_uobject *uobj, *tmp;
202 
203 	if (!context)
204 		return 0;
205 
206 	context->closing = 1;
207 
208 	list_for_each_entry_safe(uobj, tmp, &context->ah_list, list) {
209 		struct ib_ah *ah = uobj->object;
210 
211 		idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
212 		ib_destroy_ah(ah);
213 		kfree(uobj);
214 	}
215 
216 	/* Remove MWs before QPs, in order to support type 2A MWs. */
217 	list_for_each_entry_safe(uobj, tmp, &context->mw_list, list) {
218 		struct ib_mw *mw = uobj->object;
219 
220 		idr_remove_uobj(&ib_uverbs_mw_idr, uobj);
221 		ib_dealloc_mw(mw);
222 		kfree(uobj);
223 	}
224 
225 	list_for_each_entry_safe(uobj, tmp, &context->rule_list, list) {
226 		struct ib_flow *flow_id = uobj->object;
227 
228 		idr_remove_uobj(&ib_uverbs_rule_idr, uobj);
229 		ib_destroy_flow(flow_id);
230 		kfree(uobj);
231 	}
232 
233 	list_for_each_entry_safe(uobj, tmp, &context->qp_list, list) {
234 		struct ib_qp *qp = uobj->object;
235 		struct ib_uqp_object *uqp =
236 			container_of(uobj, struct ib_uqp_object, uevent.uobject);
237 
238 		idr_remove_uobj(&ib_uverbs_qp_idr, uobj);
239 		if (qp != qp->real_qp) {
240 			ib_close_qp(qp);
241 		} else {
242 			ib_uverbs_detach_umcast(qp, uqp);
243 			ib_destroy_qp(qp);
244 		}
245 		ib_uverbs_release_uevent(file, &uqp->uevent);
246 		kfree(uqp);
247 	}
248 
249 	list_for_each_entry_safe(uobj, tmp, &context->srq_list, list) {
250 		struct ib_srq *srq = uobj->object;
251 		struct ib_uevent_object *uevent =
252 			container_of(uobj, struct ib_uevent_object, uobject);
253 
254 		idr_remove_uobj(&ib_uverbs_srq_idr, uobj);
255 		ib_destroy_srq(srq);
256 		ib_uverbs_release_uevent(file, uevent);
257 		kfree(uevent);
258 	}
259 
260 	list_for_each_entry_safe(uobj, tmp, &context->cq_list, list) {
261 		struct ib_cq *cq = uobj->object;
262 		struct ib_uverbs_event_file *ev_file = cq->cq_context;
263 		struct ib_ucq_object *ucq =
264 			container_of(uobj, struct ib_ucq_object, uobject);
265 
266 		idr_remove_uobj(&ib_uverbs_cq_idr, uobj);
267 		ib_destroy_cq(cq);
268 		ib_uverbs_release_ucq(file, ev_file, ucq);
269 		kfree(ucq);
270 	}
271 
272 	list_for_each_entry_safe(uobj, tmp, &context->mr_list, list) {
273 		struct ib_mr *mr = uobj->object;
274 
275 		idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
276 		ib_dereg_mr(mr);
277 		kfree(uobj);
278 	}
279 
280 	mutex_lock(&file->device->xrcd_tree_mutex);
281 	list_for_each_entry_safe(uobj, tmp, &context->xrcd_list, list) {
282 		struct ib_xrcd *xrcd = uobj->object;
283 		struct ib_uxrcd_object *uxrcd =
284 			container_of(uobj, struct ib_uxrcd_object, uobject);
285 
286 		idr_remove_uobj(&ib_uverbs_xrcd_idr, uobj);
287 		ib_uverbs_dealloc_xrcd(file->device, xrcd);
288 		kfree(uxrcd);
289 	}
290 	mutex_unlock(&file->device->xrcd_tree_mutex);
291 
292 	list_for_each_entry_safe(uobj, tmp, &context->pd_list, list) {
293 		struct ib_pd *pd = uobj->object;
294 
295 		idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
296 		ib_dealloc_pd(pd);
297 		kfree(uobj);
298 	}
299 
300 	put_pid(context->tgid);
301 
302 	return context->device->dealloc_ucontext(context);
303 }
304 
305 static void ib_uverbs_release_file(struct kref *ref)
306 {
307 	struct ib_uverbs_file *file =
308 		container_of(ref, struct ib_uverbs_file, ref);
309 
310 	module_put(file->device->ib_dev->owner);
311 	kref_put(&file->device->ref, ib_uverbs_release_dev);
312 
313 	kfree(file);
314 }
315 
316 static ssize_t ib_uverbs_event_read(struct file *filp, char __user *buf,
317 				    size_t count, loff_t *pos)
318 {
319 	struct ib_uverbs_event_file *file = filp->private_data;
320 	struct ib_uverbs_event *event;
321 	int eventsz;
322 	int ret = 0;
323 
324 	spin_lock_irq(&file->lock);
325 
326 	while (list_empty(&file->event_list)) {
327 		spin_unlock_irq(&file->lock);
328 
329 		if (filp->f_flags & O_NONBLOCK)
330 			return -EAGAIN;
331 
332 		if (wait_event_interruptible(file->poll_wait,
333 					     !list_empty(&file->event_list)))
334 			return -ERESTARTSYS;
335 
336 		spin_lock_irq(&file->lock);
337 	}
338 
339 	event = list_entry(file->event_list.next, struct ib_uverbs_event, list);
340 
341 	if (file->is_async)
342 		eventsz = sizeof (struct ib_uverbs_async_event_desc);
343 	else
344 		eventsz = sizeof (struct ib_uverbs_comp_event_desc);
345 
346 	if (eventsz > count) {
347 		ret   = -EINVAL;
348 		event = NULL;
349 	} else {
350 		list_del(file->event_list.next);
351 		if (event->counter) {
352 			++(*event->counter);
353 			list_del(&event->obj_list);
354 		}
355 	}
356 
357 	spin_unlock_irq(&file->lock);
358 
359 	if (event) {
360 		if (copy_to_user(buf, event, eventsz))
361 			ret = -EFAULT;
362 		else
363 			ret = eventsz;
364 	}
365 
366 	kfree(event);
367 
368 	return ret;
369 }
370 
371 static unsigned int ib_uverbs_event_poll(struct file *filp,
372 					 struct poll_table_struct *wait)
373 {
374 	unsigned int pollflags = 0;
375 	struct ib_uverbs_event_file *file = filp->private_data;
376 
377 	poll_wait(filp, &file->poll_wait, wait);
378 
379 	spin_lock_irq(&file->lock);
380 	if (!list_empty(&file->event_list))
381 		pollflags = POLLIN | POLLRDNORM;
382 	spin_unlock_irq(&file->lock);
383 
384 	return pollflags;
385 }
386 
387 static int ib_uverbs_event_fasync(int fd, struct file *filp, int on)
388 {
389 	struct ib_uverbs_event_file *file = filp->private_data;
390 
391 	return fasync_helper(fd, filp, on, &file->async_queue);
392 }
393 
394 static int ib_uverbs_event_close(struct inode *inode, struct file *filp)
395 {
396 	struct ib_uverbs_event_file *file = filp->private_data;
397 	struct ib_uverbs_event *entry, *tmp;
398 
399 	spin_lock_irq(&file->lock);
400 	file->is_closed = 1;
401 	list_for_each_entry_safe(entry, tmp, &file->event_list, list) {
402 		if (entry->counter)
403 			list_del(&entry->obj_list);
404 		kfree(entry);
405 	}
406 	spin_unlock_irq(&file->lock);
407 
408 	if (file->is_async) {
409 		ib_unregister_event_handler(&file->uverbs_file->event_handler);
410 		kref_put(&file->uverbs_file->ref, ib_uverbs_release_file);
411 	}
412 	kref_put(&file->ref, ib_uverbs_release_event_file);
413 
414 	return 0;
415 }
416 
417 static const struct file_operations uverbs_event_fops = {
418 	.owner	 = THIS_MODULE,
419 	.read	 = ib_uverbs_event_read,
420 	.poll    = ib_uverbs_event_poll,
421 	.release = ib_uverbs_event_close,
422 	.fasync  = ib_uverbs_event_fasync,
423 	.llseek	 = no_llseek,
424 };
425 
426 void ib_uverbs_comp_handler(struct ib_cq *cq, void *cq_context)
427 {
428 	struct ib_uverbs_event_file    *file = cq_context;
429 	struct ib_ucq_object	       *uobj;
430 	struct ib_uverbs_event	       *entry;
431 	unsigned long			flags;
432 
433 	if (!file)
434 		return;
435 
436 	spin_lock_irqsave(&file->lock, flags);
437 	if (file->is_closed) {
438 		spin_unlock_irqrestore(&file->lock, flags);
439 		return;
440 	}
441 
442 	entry = kmalloc(sizeof *entry, GFP_ATOMIC);
443 	if (!entry) {
444 		spin_unlock_irqrestore(&file->lock, flags);
445 		return;
446 	}
447 
448 	uobj = container_of(cq->uobject, struct ib_ucq_object, uobject);
449 
450 	entry->desc.comp.cq_handle = cq->uobject->user_handle;
451 	entry->counter		   = &uobj->comp_events_reported;
452 
453 	list_add_tail(&entry->list, &file->event_list);
454 	list_add_tail(&entry->obj_list, &uobj->comp_list);
455 	spin_unlock_irqrestore(&file->lock, flags);
456 
457 	wake_up_interruptible(&file->poll_wait);
458 	kill_fasync(&file->async_queue, SIGIO, POLL_IN);
459 }
460 
461 static void ib_uverbs_async_handler(struct ib_uverbs_file *file,
462 				    __u64 element, __u64 event,
463 				    struct list_head *obj_list,
464 				    u32 *counter)
465 {
466 	struct ib_uverbs_event *entry;
467 	unsigned long flags;
468 
469 	spin_lock_irqsave(&file->async_file->lock, flags);
470 	if (file->async_file->is_closed) {
471 		spin_unlock_irqrestore(&file->async_file->lock, flags);
472 		return;
473 	}
474 
475 	entry = kmalloc(sizeof *entry, GFP_ATOMIC);
476 	if (!entry) {
477 		spin_unlock_irqrestore(&file->async_file->lock, flags);
478 		return;
479 	}
480 
481 	entry->desc.async.element    = element;
482 	entry->desc.async.event_type = event;
483 	entry->desc.async.reserved   = 0;
484 	entry->counter               = counter;
485 
486 	list_add_tail(&entry->list, &file->async_file->event_list);
487 	if (obj_list)
488 		list_add_tail(&entry->obj_list, obj_list);
489 	spin_unlock_irqrestore(&file->async_file->lock, flags);
490 
491 	wake_up_interruptible(&file->async_file->poll_wait);
492 	kill_fasync(&file->async_file->async_queue, SIGIO, POLL_IN);
493 }
494 
495 void ib_uverbs_cq_event_handler(struct ib_event *event, void *context_ptr)
496 {
497 	struct ib_ucq_object *uobj = container_of(event->element.cq->uobject,
498 						  struct ib_ucq_object, uobject);
499 
500 	ib_uverbs_async_handler(uobj->uverbs_file, uobj->uobject.user_handle,
501 				event->event, &uobj->async_list,
502 				&uobj->async_events_reported);
503 }
504 
505 void ib_uverbs_qp_event_handler(struct ib_event *event, void *context_ptr)
506 {
507 	struct ib_uevent_object *uobj;
508 
509 	/* for XRC target qp's, check that qp is live */
510 	if (!event->element.qp->uobject || !event->element.qp->uobject->live)
511 		return;
512 
513 	uobj = container_of(event->element.qp->uobject,
514 			    struct ib_uevent_object, uobject);
515 
516 	ib_uverbs_async_handler(context_ptr, uobj->uobject.user_handle,
517 				event->event, &uobj->event_list,
518 				&uobj->events_reported);
519 }
520 
521 void ib_uverbs_srq_event_handler(struct ib_event *event, void *context_ptr)
522 {
523 	struct ib_uevent_object *uobj;
524 
525 	uobj = container_of(event->element.srq->uobject,
526 			    struct ib_uevent_object, uobject);
527 
528 	ib_uverbs_async_handler(context_ptr, uobj->uobject.user_handle,
529 				event->event, &uobj->event_list,
530 				&uobj->events_reported);
531 }
532 
533 void ib_uverbs_event_handler(struct ib_event_handler *handler,
534 			     struct ib_event *event)
535 {
536 	struct ib_uverbs_file *file =
537 		container_of(handler, struct ib_uverbs_file, event_handler);
538 
539 	ib_uverbs_async_handler(file, event->element.port_num, event->event,
540 				NULL, NULL);
541 }
542 
543 struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file,
544 					int is_async)
545 {
546 	struct ib_uverbs_event_file *ev_file;
547 	struct file *filp;
548 
549 	ev_file = kmalloc(sizeof *ev_file, GFP_KERNEL);
550 	if (!ev_file)
551 		return ERR_PTR(-ENOMEM);
552 
553 	kref_init(&ev_file->ref);
554 	spin_lock_init(&ev_file->lock);
555 	INIT_LIST_HEAD(&ev_file->event_list);
556 	init_waitqueue_head(&ev_file->poll_wait);
557 	ev_file->uverbs_file = uverbs_file;
558 	ev_file->async_queue = NULL;
559 	ev_file->is_async    = is_async;
560 	ev_file->is_closed   = 0;
561 
562 	filp = anon_inode_getfile("[infinibandevent]", &uverbs_event_fops,
563 				  ev_file, O_RDONLY);
564 	if (IS_ERR(filp))
565 		kfree(ev_file);
566 
567 	return filp;
568 }
569 
570 /*
571  * Look up a completion event file by FD.  If lookup is successful,
572  * takes a ref to the event file struct that it returns; if
573  * unsuccessful, returns NULL.
574  */
575 struct ib_uverbs_event_file *ib_uverbs_lookup_comp_file(int fd)
576 {
577 	struct ib_uverbs_event_file *ev_file = NULL;
578 	struct fd f = fdget(fd);
579 
580 	if (!f.file)
581 		return NULL;
582 
583 	if (f.file->f_op != &uverbs_event_fops)
584 		goto out;
585 
586 	ev_file = f.file->private_data;
587 	if (ev_file->is_async) {
588 		ev_file = NULL;
589 		goto out;
590 	}
591 
592 	kref_get(&ev_file->ref);
593 
594 out:
595 	fdput(f);
596 	return ev_file;
597 }
598 
599 static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf,
600 			     size_t count, loff_t *pos)
601 {
602 	struct ib_uverbs_file *file = filp->private_data;
603 	struct ib_uverbs_cmd_hdr hdr;
604 	__u32 flags;
605 
606 	if (count < sizeof hdr)
607 		return -EINVAL;
608 
609 	if (copy_from_user(&hdr, buf, sizeof hdr))
610 		return -EFAULT;
611 
612 	flags = (hdr.command &
613 		 IB_USER_VERBS_CMD_FLAGS_MASK) >> IB_USER_VERBS_CMD_FLAGS_SHIFT;
614 
615 	if (!flags) {
616 		__u32 command;
617 
618 		if (hdr.command & ~(__u32)(IB_USER_VERBS_CMD_FLAGS_MASK |
619 					   IB_USER_VERBS_CMD_COMMAND_MASK))
620 			return -EINVAL;
621 
622 		command = hdr.command & IB_USER_VERBS_CMD_COMMAND_MASK;
623 
624 		if (command >= ARRAY_SIZE(uverbs_cmd_table) ||
625 		    !uverbs_cmd_table[command])
626 			return -EINVAL;
627 
628 		if (!file->ucontext &&
629 		    command != IB_USER_VERBS_CMD_GET_CONTEXT)
630 			return -EINVAL;
631 
632 		if (!(file->device->ib_dev->uverbs_cmd_mask & (1ull << command)))
633 			return -ENOSYS;
634 
635 		if (hdr.in_words * 4 != count)
636 			return -EINVAL;
637 
638 		return uverbs_cmd_table[command](file,
639 						 buf + sizeof(hdr),
640 						 hdr.in_words * 4,
641 						 hdr.out_words * 4);
642 
643 	} else if (flags == IB_USER_VERBS_CMD_FLAG_EXTENDED) {
644 		__u32 command;
645 
646 		struct ib_uverbs_ex_cmd_hdr ex_hdr;
647 		struct ib_udata ucore;
648 		struct ib_udata uhw;
649 		int err;
650 		size_t written_count = count;
651 
652 		if (hdr.command & ~(__u32)(IB_USER_VERBS_CMD_FLAGS_MASK |
653 					   IB_USER_VERBS_CMD_COMMAND_MASK))
654 			return -EINVAL;
655 
656 		command = hdr.command & IB_USER_VERBS_CMD_COMMAND_MASK;
657 
658 		if (command >= ARRAY_SIZE(uverbs_ex_cmd_table) ||
659 		    !uverbs_ex_cmd_table[command])
660 			return -ENOSYS;
661 
662 		if (!file->ucontext)
663 			return -EINVAL;
664 
665 		if (!(file->device->ib_dev->uverbs_ex_cmd_mask & (1ull << command)))
666 			return -ENOSYS;
667 
668 		if (count < (sizeof(hdr) + sizeof(ex_hdr)))
669 			return -EINVAL;
670 
671 		if (copy_from_user(&ex_hdr, buf + sizeof(hdr), sizeof(ex_hdr)))
672 			return -EFAULT;
673 
674 		count -= sizeof(hdr) + sizeof(ex_hdr);
675 		buf += sizeof(hdr) + sizeof(ex_hdr);
676 
677 		if ((hdr.in_words + ex_hdr.provider_in_words) * 8 != count)
678 			return -EINVAL;
679 
680 		if (ex_hdr.cmd_hdr_reserved)
681 			return -EINVAL;
682 
683 		if (ex_hdr.response) {
684 			if (!hdr.out_words && !ex_hdr.provider_out_words)
685 				return -EINVAL;
686 
687 			if (!access_ok(VERIFY_WRITE,
688 				       (void __user *) (unsigned long) ex_hdr.response,
689 				       (hdr.out_words + ex_hdr.provider_out_words) * 8))
690 				return -EFAULT;
691 		} else {
692 			if (hdr.out_words || ex_hdr.provider_out_words)
693 				return -EINVAL;
694 		}
695 
696 		INIT_UDATA_BUF_OR_NULL(&ucore, buf, (unsigned long) ex_hdr.response,
697 				       hdr.in_words * 8, hdr.out_words * 8);
698 
699 		INIT_UDATA_BUF_OR_NULL(&uhw,
700 				       buf + ucore.inlen,
701 				       (unsigned long) ex_hdr.response + ucore.outlen,
702 				       ex_hdr.provider_in_words * 8,
703 				       ex_hdr.provider_out_words * 8);
704 
705 		err = uverbs_ex_cmd_table[command](file,
706 						   &ucore,
707 						   &uhw);
708 
709 		if (err)
710 			return err;
711 
712 		return written_count;
713 	}
714 
715 	return -ENOSYS;
716 }
717 
718 static int ib_uverbs_mmap(struct file *filp, struct vm_area_struct *vma)
719 {
720 	struct ib_uverbs_file *file = filp->private_data;
721 
722 	if (!file->ucontext)
723 		return -ENODEV;
724 	else
725 		return file->device->ib_dev->mmap(file->ucontext, vma);
726 }
727 
728 /*
729  * ib_uverbs_open() does not need the BKL:
730  *
731  *  - the ib_uverbs_device structures are properly reference counted and
732  *    everything else is purely local to the file being created, so
733  *    races against other open calls are not a problem;
734  *  - there is no ioctl method to race against;
735  *  - the open method will either immediately run -ENXIO, or all
736  *    required initialization will be done.
737  */
738 static int ib_uverbs_open(struct inode *inode, struct file *filp)
739 {
740 	struct ib_uverbs_device *dev;
741 	struct ib_uverbs_file *file;
742 	int ret;
743 
744 	dev = container_of(inode->i_cdev, struct ib_uverbs_device, cdev);
745 	if (dev)
746 		kref_get(&dev->ref);
747 	else
748 		return -ENXIO;
749 
750 	if (!try_module_get(dev->ib_dev->owner)) {
751 		ret = -ENODEV;
752 		goto err;
753 	}
754 
755 	file = kmalloc(sizeof *file, GFP_KERNEL);
756 	if (!file) {
757 		ret = -ENOMEM;
758 		goto err_module;
759 	}
760 
761 	file->device	 = dev;
762 	file->ucontext	 = NULL;
763 	file->async_file = NULL;
764 	kref_init(&file->ref);
765 	mutex_init(&file->mutex);
766 
767 	filp->private_data = file;
768 
769 	return nonseekable_open(inode, filp);
770 
771 err_module:
772 	module_put(dev->ib_dev->owner);
773 
774 err:
775 	kref_put(&dev->ref, ib_uverbs_release_dev);
776 	return ret;
777 }
778 
779 static int ib_uverbs_close(struct inode *inode, struct file *filp)
780 {
781 	struct ib_uverbs_file *file = filp->private_data;
782 
783 	ib_uverbs_cleanup_ucontext(file, file->ucontext);
784 
785 	if (file->async_file)
786 		kref_put(&file->async_file->ref, ib_uverbs_release_event_file);
787 
788 	kref_put(&file->ref, ib_uverbs_release_file);
789 
790 	return 0;
791 }
792 
793 static const struct file_operations uverbs_fops = {
794 	.owner	 = THIS_MODULE,
795 	.write	 = ib_uverbs_write,
796 	.open	 = ib_uverbs_open,
797 	.release = ib_uverbs_close,
798 	.llseek	 = no_llseek,
799 };
800 
801 static const struct file_operations uverbs_mmap_fops = {
802 	.owner	 = THIS_MODULE,
803 	.write	 = ib_uverbs_write,
804 	.mmap    = ib_uverbs_mmap,
805 	.open	 = ib_uverbs_open,
806 	.release = ib_uverbs_close,
807 	.llseek	 = no_llseek,
808 };
809 
810 static struct ib_client uverbs_client = {
811 	.name   = "uverbs",
812 	.add    = ib_uverbs_add_one,
813 	.remove = ib_uverbs_remove_one
814 };
815 
816 static ssize_t show_ibdev(struct device *device, struct device_attribute *attr,
817 			  char *buf)
818 {
819 	struct ib_uverbs_device *dev = dev_get_drvdata(device);
820 
821 	if (!dev)
822 		return -ENODEV;
823 
824 	return sprintf(buf, "%s\n", dev->ib_dev->name);
825 }
826 static DEVICE_ATTR(ibdev, S_IRUGO, show_ibdev, NULL);
827 
828 static ssize_t show_dev_abi_version(struct device *device,
829 				    struct device_attribute *attr, char *buf)
830 {
831 	struct ib_uverbs_device *dev = dev_get_drvdata(device);
832 
833 	if (!dev)
834 		return -ENODEV;
835 
836 	return sprintf(buf, "%d\n", dev->ib_dev->uverbs_abi_ver);
837 }
838 static DEVICE_ATTR(abi_version, S_IRUGO, show_dev_abi_version, NULL);
839 
840 static CLASS_ATTR_STRING(abi_version, S_IRUGO,
841 			 __stringify(IB_USER_VERBS_ABI_VERSION));
842 
843 static dev_t overflow_maj;
844 static DECLARE_BITMAP(overflow_map, IB_UVERBS_MAX_DEVICES);
845 
846 /*
847  * If we have more than IB_UVERBS_MAX_DEVICES, dynamically overflow by
848  * requesting a new major number and doubling the number of max devices we
849  * support. It's stupid, but simple.
850  */
851 static int find_overflow_devnum(void)
852 {
853 	int ret;
854 
855 	if (!overflow_maj) {
856 		ret = alloc_chrdev_region(&overflow_maj, 0, IB_UVERBS_MAX_DEVICES,
857 					  "infiniband_verbs");
858 		if (ret) {
859 			printk(KERN_ERR "user_verbs: couldn't register dynamic device number\n");
860 			return ret;
861 		}
862 	}
863 
864 	ret = find_first_zero_bit(overflow_map, IB_UVERBS_MAX_DEVICES);
865 	if (ret >= IB_UVERBS_MAX_DEVICES)
866 		return -1;
867 
868 	return ret;
869 }
870 
871 static void ib_uverbs_add_one(struct ib_device *device)
872 {
873 	int devnum;
874 	dev_t base;
875 	struct ib_uverbs_device *uverbs_dev;
876 
877 	if (!device->alloc_ucontext)
878 		return;
879 
880 	uverbs_dev = kzalloc(sizeof *uverbs_dev, GFP_KERNEL);
881 	if (!uverbs_dev)
882 		return;
883 
884 	kref_init(&uverbs_dev->ref);
885 	init_completion(&uverbs_dev->comp);
886 	uverbs_dev->xrcd_tree = RB_ROOT;
887 	mutex_init(&uverbs_dev->xrcd_tree_mutex);
888 
889 	spin_lock(&map_lock);
890 	devnum = find_first_zero_bit(dev_map, IB_UVERBS_MAX_DEVICES);
891 	if (devnum >= IB_UVERBS_MAX_DEVICES) {
892 		spin_unlock(&map_lock);
893 		devnum = find_overflow_devnum();
894 		if (devnum < 0)
895 			goto err;
896 
897 		spin_lock(&map_lock);
898 		uverbs_dev->devnum = devnum + IB_UVERBS_MAX_DEVICES;
899 		base = devnum + overflow_maj;
900 		set_bit(devnum, overflow_map);
901 	} else {
902 		uverbs_dev->devnum = devnum;
903 		base = devnum + IB_UVERBS_BASE_DEV;
904 		set_bit(devnum, dev_map);
905 	}
906 	spin_unlock(&map_lock);
907 
908 	uverbs_dev->ib_dev           = device;
909 	uverbs_dev->num_comp_vectors = device->num_comp_vectors;
910 
911 	cdev_init(&uverbs_dev->cdev, NULL);
912 	uverbs_dev->cdev.owner = THIS_MODULE;
913 	uverbs_dev->cdev.ops = device->mmap ? &uverbs_mmap_fops : &uverbs_fops;
914 	kobject_set_name(&uverbs_dev->cdev.kobj, "uverbs%d", uverbs_dev->devnum);
915 	if (cdev_add(&uverbs_dev->cdev, base, 1))
916 		goto err_cdev;
917 
918 	uverbs_dev->dev = device_create(uverbs_class, device->dma_device,
919 					uverbs_dev->cdev.dev, uverbs_dev,
920 					"uverbs%d", uverbs_dev->devnum);
921 	if (IS_ERR(uverbs_dev->dev))
922 		goto err_cdev;
923 
924 	if (device_create_file(uverbs_dev->dev, &dev_attr_ibdev))
925 		goto err_class;
926 	if (device_create_file(uverbs_dev->dev, &dev_attr_abi_version))
927 		goto err_class;
928 
929 	ib_set_client_data(device, &uverbs_client, uverbs_dev);
930 
931 	return;
932 
933 err_class:
934 	device_destroy(uverbs_class, uverbs_dev->cdev.dev);
935 
936 err_cdev:
937 	cdev_del(&uverbs_dev->cdev);
938 	if (uverbs_dev->devnum < IB_UVERBS_MAX_DEVICES)
939 		clear_bit(devnum, dev_map);
940 	else
941 		clear_bit(devnum, overflow_map);
942 
943 err:
944 	kref_put(&uverbs_dev->ref, ib_uverbs_release_dev);
945 	wait_for_completion(&uverbs_dev->comp);
946 	kfree(uverbs_dev);
947 	return;
948 }
949 
950 static void ib_uverbs_remove_one(struct ib_device *device)
951 {
952 	struct ib_uverbs_device *uverbs_dev = ib_get_client_data(device, &uverbs_client);
953 
954 	if (!uverbs_dev)
955 		return;
956 
957 	dev_set_drvdata(uverbs_dev->dev, NULL);
958 	device_destroy(uverbs_class, uverbs_dev->cdev.dev);
959 	cdev_del(&uverbs_dev->cdev);
960 
961 	if (uverbs_dev->devnum < IB_UVERBS_MAX_DEVICES)
962 		clear_bit(uverbs_dev->devnum, dev_map);
963 	else
964 		clear_bit(uverbs_dev->devnum - IB_UVERBS_MAX_DEVICES, overflow_map);
965 
966 	kref_put(&uverbs_dev->ref, ib_uverbs_release_dev);
967 	wait_for_completion(&uverbs_dev->comp);
968 	kfree(uverbs_dev);
969 }
970 
971 static char *uverbs_devnode(struct device *dev, umode_t *mode)
972 {
973 	if (mode)
974 		*mode = 0666;
975 	return kasprintf(GFP_KERNEL, "infiniband/%s", dev_name(dev));
976 }
977 
978 static int __init ib_uverbs_init(void)
979 {
980 	int ret;
981 
982 	ret = register_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES,
983 				     "infiniband_verbs");
984 	if (ret) {
985 		printk(KERN_ERR "user_verbs: couldn't register device number\n");
986 		goto out;
987 	}
988 
989 	uverbs_class = class_create(THIS_MODULE, "infiniband_verbs");
990 	if (IS_ERR(uverbs_class)) {
991 		ret = PTR_ERR(uverbs_class);
992 		printk(KERN_ERR "user_verbs: couldn't create class infiniband_verbs\n");
993 		goto out_chrdev;
994 	}
995 
996 	uverbs_class->devnode = uverbs_devnode;
997 
998 	ret = class_create_file(uverbs_class, &class_attr_abi_version.attr);
999 	if (ret) {
1000 		printk(KERN_ERR "user_verbs: couldn't create abi_version attribute\n");
1001 		goto out_class;
1002 	}
1003 
1004 	ret = ib_register_client(&uverbs_client);
1005 	if (ret) {
1006 		printk(KERN_ERR "user_verbs: couldn't register client\n");
1007 		goto out_class;
1008 	}
1009 
1010 	return 0;
1011 
1012 out_class:
1013 	class_destroy(uverbs_class);
1014 
1015 out_chrdev:
1016 	unregister_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES);
1017 
1018 out:
1019 	return ret;
1020 }
1021 
1022 static void __exit ib_uverbs_cleanup(void)
1023 {
1024 	ib_unregister_client(&uverbs_client);
1025 	class_destroy(uverbs_class);
1026 	unregister_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES);
1027 	if (overflow_maj)
1028 		unregister_chrdev_region(overflow_maj, IB_UVERBS_MAX_DEVICES);
1029 	idr_destroy(&ib_uverbs_pd_idr);
1030 	idr_destroy(&ib_uverbs_mr_idr);
1031 	idr_destroy(&ib_uverbs_mw_idr);
1032 	idr_destroy(&ib_uverbs_ah_idr);
1033 	idr_destroy(&ib_uverbs_cq_idr);
1034 	idr_destroy(&ib_uverbs_qp_idr);
1035 	idr_destroy(&ib_uverbs_srq_idr);
1036 }
1037 
1038 module_init(ib_uverbs_init);
1039 module_exit(ib_uverbs_cleanup);
1040