1 /*
2  * Copyright (c) 2005 Topspin Communications.  All rights reserved.
3  * Copyright (c) 2005, 2006 Cisco Systems.  All rights reserved.
4  * Copyright (c) 2005 Mellanox Technologies. All rights reserved.
5  * Copyright (c) 2005 Voltaire, Inc. All rights reserved.
6  * Copyright (c) 2005 PathScale, Inc. All rights reserved.
7  *
8  * This software is available to you under a choice of one of two
9  * licenses.  You may choose to be licensed under the terms of the GNU
10  * General Public License (GPL) Version 2, available from the file
11  * COPYING in the main directory of this source tree, or the
12  * OpenIB.org BSD license below:
13  *
14  *     Redistribution and use in source and binary forms, with or
15  *     without modification, are permitted provided that the following
16  *     conditions are met:
17  *
18  *      - Redistributions of source code must retain the above
19  *        copyright notice, this list of conditions and the following
20  *        disclaimer.
21  *
22  *      - Redistributions in binary form must reproduce the above
23  *        copyright notice, this list of conditions and the following
24  *        disclaimer in the documentation and/or other materials
25  *        provided with the distribution.
26  *
27  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
28  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
29  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
30  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
31  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
32  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
33  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
34  * SOFTWARE.
35  */
36 
37 #include <linux/module.h>
38 #include <linux/init.h>
39 #include <linux/device.h>
40 #include <linux/err.h>
41 #include <linux/fs.h>
42 #include <linux/poll.h>
43 #include <linux/sched.h>
44 #include <linux/file.h>
45 #include <linux/cdev.h>
46 #include <linux/anon_inodes.h>
47 #include <linux/slab.h>
48 
49 #include <asm/uaccess.h>
50 
51 #include "uverbs.h"
52 
53 MODULE_AUTHOR("Roland Dreier");
54 MODULE_DESCRIPTION("InfiniBand userspace verbs access");
55 MODULE_LICENSE("Dual BSD/GPL");
56 
57 enum {
58 	IB_UVERBS_MAJOR       = 231,
59 	IB_UVERBS_BASE_MINOR  = 192,
60 	IB_UVERBS_MAX_DEVICES = 32
61 };
62 
63 #define IB_UVERBS_BASE_DEV	MKDEV(IB_UVERBS_MAJOR, IB_UVERBS_BASE_MINOR)
64 
65 static struct class *uverbs_class;
66 
67 DEFINE_SPINLOCK(ib_uverbs_idr_lock);
68 DEFINE_IDR(ib_uverbs_pd_idr);
69 DEFINE_IDR(ib_uverbs_mr_idr);
70 DEFINE_IDR(ib_uverbs_mw_idr);
71 DEFINE_IDR(ib_uverbs_ah_idr);
72 DEFINE_IDR(ib_uverbs_cq_idr);
73 DEFINE_IDR(ib_uverbs_qp_idr);
74 DEFINE_IDR(ib_uverbs_srq_idr);
75 DEFINE_IDR(ib_uverbs_xrcd_idr);
76 DEFINE_IDR(ib_uverbs_rule_idr);
77 
78 static DEFINE_SPINLOCK(map_lock);
79 static DECLARE_BITMAP(dev_map, IB_UVERBS_MAX_DEVICES);
80 
81 static ssize_t (*uverbs_cmd_table[])(struct ib_uverbs_file *file,
82 				     const char __user *buf, int in_len,
83 				     int out_len) = {
84 	[IB_USER_VERBS_CMD_GET_CONTEXT]		= ib_uverbs_get_context,
85 	[IB_USER_VERBS_CMD_QUERY_DEVICE]	= ib_uverbs_query_device,
86 	[IB_USER_VERBS_CMD_QUERY_PORT]		= ib_uverbs_query_port,
87 	[IB_USER_VERBS_CMD_ALLOC_PD]		= ib_uverbs_alloc_pd,
88 	[IB_USER_VERBS_CMD_DEALLOC_PD]		= ib_uverbs_dealloc_pd,
89 	[IB_USER_VERBS_CMD_REG_MR]		= ib_uverbs_reg_mr,
90 	[IB_USER_VERBS_CMD_DEREG_MR]		= ib_uverbs_dereg_mr,
91 	[IB_USER_VERBS_CMD_ALLOC_MW]		= ib_uverbs_alloc_mw,
92 	[IB_USER_VERBS_CMD_DEALLOC_MW]		= ib_uverbs_dealloc_mw,
93 	[IB_USER_VERBS_CMD_CREATE_COMP_CHANNEL] = ib_uverbs_create_comp_channel,
94 	[IB_USER_VERBS_CMD_CREATE_CQ]		= ib_uverbs_create_cq,
95 	[IB_USER_VERBS_CMD_RESIZE_CQ]		= ib_uverbs_resize_cq,
96 	[IB_USER_VERBS_CMD_POLL_CQ]		= ib_uverbs_poll_cq,
97 	[IB_USER_VERBS_CMD_REQ_NOTIFY_CQ]	= ib_uverbs_req_notify_cq,
98 	[IB_USER_VERBS_CMD_DESTROY_CQ]		= ib_uverbs_destroy_cq,
99 	[IB_USER_VERBS_CMD_CREATE_QP]		= ib_uverbs_create_qp,
100 	[IB_USER_VERBS_CMD_QUERY_QP]		= ib_uverbs_query_qp,
101 	[IB_USER_VERBS_CMD_MODIFY_QP]		= ib_uverbs_modify_qp,
102 	[IB_USER_VERBS_CMD_DESTROY_QP]		= ib_uverbs_destroy_qp,
103 	[IB_USER_VERBS_CMD_POST_SEND]		= ib_uverbs_post_send,
104 	[IB_USER_VERBS_CMD_POST_RECV]		= ib_uverbs_post_recv,
105 	[IB_USER_VERBS_CMD_POST_SRQ_RECV]	= ib_uverbs_post_srq_recv,
106 	[IB_USER_VERBS_CMD_CREATE_AH]		= ib_uverbs_create_ah,
107 	[IB_USER_VERBS_CMD_DESTROY_AH]		= ib_uverbs_destroy_ah,
108 	[IB_USER_VERBS_CMD_ATTACH_MCAST]	= ib_uverbs_attach_mcast,
109 	[IB_USER_VERBS_CMD_DETACH_MCAST]	= ib_uverbs_detach_mcast,
110 	[IB_USER_VERBS_CMD_CREATE_SRQ]		= ib_uverbs_create_srq,
111 	[IB_USER_VERBS_CMD_MODIFY_SRQ]		= ib_uverbs_modify_srq,
112 	[IB_USER_VERBS_CMD_QUERY_SRQ]		= ib_uverbs_query_srq,
113 	[IB_USER_VERBS_CMD_DESTROY_SRQ]		= ib_uverbs_destroy_srq,
114 	[IB_USER_VERBS_CMD_OPEN_XRCD]		= ib_uverbs_open_xrcd,
115 	[IB_USER_VERBS_CMD_CLOSE_XRCD]		= ib_uverbs_close_xrcd,
116 	[IB_USER_VERBS_CMD_CREATE_XSRQ]		= ib_uverbs_create_xsrq,
117 	[IB_USER_VERBS_CMD_OPEN_QP]		= ib_uverbs_open_qp,
118 	[IB_USER_VERBS_CMD_CREATE_FLOW]		= ib_uverbs_create_flow,
119 	[IB_USER_VERBS_CMD_DESTROY_FLOW]	= ib_uverbs_destroy_flow
120 };
121 
122 static void ib_uverbs_add_one(struct ib_device *device);
123 static void ib_uverbs_remove_one(struct ib_device *device);
124 
125 static void ib_uverbs_release_dev(struct kref *ref)
126 {
127 	struct ib_uverbs_device *dev =
128 		container_of(ref, struct ib_uverbs_device, ref);
129 
130 	complete(&dev->comp);
131 }
132 
133 static void ib_uverbs_release_event_file(struct kref *ref)
134 {
135 	struct ib_uverbs_event_file *file =
136 		container_of(ref, struct ib_uverbs_event_file, ref);
137 
138 	kfree(file);
139 }
140 
141 void ib_uverbs_release_ucq(struct ib_uverbs_file *file,
142 			  struct ib_uverbs_event_file *ev_file,
143 			  struct ib_ucq_object *uobj)
144 {
145 	struct ib_uverbs_event *evt, *tmp;
146 
147 	if (ev_file) {
148 		spin_lock_irq(&ev_file->lock);
149 		list_for_each_entry_safe(evt, tmp, &uobj->comp_list, obj_list) {
150 			list_del(&evt->list);
151 			kfree(evt);
152 		}
153 		spin_unlock_irq(&ev_file->lock);
154 
155 		kref_put(&ev_file->ref, ib_uverbs_release_event_file);
156 	}
157 
158 	spin_lock_irq(&file->async_file->lock);
159 	list_for_each_entry_safe(evt, tmp, &uobj->async_list, obj_list) {
160 		list_del(&evt->list);
161 		kfree(evt);
162 	}
163 	spin_unlock_irq(&file->async_file->lock);
164 }
165 
166 void ib_uverbs_release_uevent(struct ib_uverbs_file *file,
167 			      struct ib_uevent_object *uobj)
168 {
169 	struct ib_uverbs_event *evt, *tmp;
170 
171 	spin_lock_irq(&file->async_file->lock);
172 	list_for_each_entry_safe(evt, tmp, &uobj->event_list, obj_list) {
173 		list_del(&evt->list);
174 		kfree(evt);
175 	}
176 	spin_unlock_irq(&file->async_file->lock);
177 }
178 
179 static void ib_uverbs_detach_umcast(struct ib_qp *qp,
180 				    struct ib_uqp_object *uobj)
181 {
182 	struct ib_uverbs_mcast_entry *mcast, *tmp;
183 
184 	list_for_each_entry_safe(mcast, tmp, &uobj->mcast_list, list) {
185 		ib_detach_mcast(qp, &mcast->gid, mcast->lid);
186 		list_del(&mcast->list);
187 		kfree(mcast);
188 	}
189 }
190 
191 static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file,
192 				      struct ib_ucontext *context)
193 {
194 	struct ib_uobject *uobj, *tmp;
195 
196 	if (!context)
197 		return 0;
198 
199 	context->closing = 1;
200 
201 	list_for_each_entry_safe(uobj, tmp, &context->ah_list, list) {
202 		struct ib_ah *ah = uobj->object;
203 
204 		idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
205 		ib_destroy_ah(ah);
206 		kfree(uobj);
207 	}
208 
209 	/* Remove MWs before QPs, in order to support type 2A MWs. */
210 	list_for_each_entry_safe(uobj, tmp, &context->mw_list, list) {
211 		struct ib_mw *mw = uobj->object;
212 
213 		idr_remove_uobj(&ib_uverbs_mw_idr, uobj);
214 		ib_dealloc_mw(mw);
215 		kfree(uobj);
216 	}
217 
218 	list_for_each_entry_safe(uobj, tmp, &context->rule_list, list) {
219 		struct ib_flow *flow_id = uobj->object;
220 
221 		idr_remove_uobj(&ib_uverbs_rule_idr, uobj);
222 		ib_destroy_flow(flow_id);
223 		kfree(uobj);
224 	}
225 
226 	list_for_each_entry_safe(uobj, tmp, &context->qp_list, list) {
227 		struct ib_qp *qp = uobj->object;
228 		struct ib_uqp_object *uqp =
229 			container_of(uobj, struct ib_uqp_object, uevent.uobject);
230 
231 		idr_remove_uobj(&ib_uverbs_qp_idr, uobj);
232 		if (qp != qp->real_qp) {
233 			ib_close_qp(qp);
234 		} else {
235 			ib_uverbs_detach_umcast(qp, uqp);
236 			ib_destroy_qp(qp);
237 		}
238 		ib_uverbs_release_uevent(file, &uqp->uevent);
239 		kfree(uqp);
240 	}
241 
242 	list_for_each_entry_safe(uobj, tmp, &context->cq_list, list) {
243 		struct ib_cq *cq = uobj->object;
244 		struct ib_uverbs_event_file *ev_file = cq->cq_context;
245 		struct ib_ucq_object *ucq =
246 			container_of(uobj, struct ib_ucq_object, uobject);
247 
248 		idr_remove_uobj(&ib_uverbs_cq_idr, uobj);
249 		ib_destroy_cq(cq);
250 		ib_uverbs_release_ucq(file, ev_file, ucq);
251 		kfree(ucq);
252 	}
253 
254 	list_for_each_entry_safe(uobj, tmp, &context->srq_list, list) {
255 		struct ib_srq *srq = uobj->object;
256 		struct ib_uevent_object *uevent =
257 			container_of(uobj, struct ib_uevent_object, uobject);
258 
259 		idr_remove_uobj(&ib_uverbs_srq_idr, uobj);
260 		ib_destroy_srq(srq);
261 		ib_uverbs_release_uevent(file, uevent);
262 		kfree(uevent);
263 	}
264 
265 	list_for_each_entry_safe(uobj, tmp, &context->mr_list, list) {
266 		struct ib_mr *mr = uobj->object;
267 
268 		idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
269 		ib_dereg_mr(mr);
270 		kfree(uobj);
271 	}
272 
273 	mutex_lock(&file->device->xrcd_tree_mutex);
274 	list_for_each_entry_safe(uobj, tmp, &context->xrcd_list, list) {
275 		struct ib_xrcd *xrcd = uobj->object;
276 		struct ib_uxrcd_object *uxrcd =
277 			container_of(uobj, struct ib_uxrcd_object, uobject);
278 
279 		idr_remove_uobj(&ib_uverbs_xrcd_idr, uobj);
280 		ib_uverbs_dealloc_xrcd(file->device, xrcd);
281 		kfree(uxrcd);
282 	}
283 	mutex_unlock(&file->device->xrcd_tree_mutex);
284 
285 	list_for_each_entry_safe(uobj, tmp, &context->pd_list, list) {
286 		struct ib_pd *pd = uobj->object;
287 
288 		idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
289 		ib_dealloc_pd(pd);
290 		kfree(uobj);
291 	}
292 
293 	return context->device->dealloc_ucontext(context);
294 }
295 
296 static void ib_uverbs_release_file(struct kref *ref)
297 {
298 	struct ib_uverbs_file *file =
299 		container_of(ref, struct ib_uverbs_file, ref);
300 
301 	module_put(file->device->ib_dev->owner);
302 	kref_put(&file->device->ref, ib_uverbs_release_dev);
303 
304 	kfree(file);
305 }
306 
307 static ssize_t ib_uverbs_event_read(struct file *filp, char __user *buf,
308 				    size_t count, loff_t *pos)
309 {
310 	struct ib_uverbs_event_file *file = filp->private_data;
311 	struct ib_uverbs_event *event;
312 	int eventsz;
313 	int ret = 0;
314 
315 	spin_lock_irq(&file->lock);
316 
317 	while (list_empty(&file->event_list)) {
318 		spin_unlock_irq(&file->lock);
319 
320 		if (filp->f_flags & O_NONBLOCK)
321 			return -EAGAIN;
322 
323 		if (wait_event_interruptible(file->poll_wait,
324 					     !list_empty(&file->event_list)))
325 			return -ERESTARTSYS;
326 
327 		spin_lock_irq(&file->lock);
328 	}
329 
330 	event = list_entry(file->event_list.next, struct ib_uverbs_event, list);
331 
332 	if (file->is_async)
333 		eventsz = sizeof (struct ib_uverbs_async_event_desc);
334 	else
335 		eventsz = sizeof (struct ib_uverbs_comp_event_desc);
336 
337 	if (eventsz > count) {
338 		ret   = -EINVAL;
339 		event = NULL;
340 	} else {
341 		list_del(file->event_list.next);
342 		if (event->counter) {
343 			++(*event->counter);
344 			list_del(&event->obj_list);
345 		}
346 	}
347 
348 	spin_unlock_irq(&file->lock);
349 
350 	if (event) {
351 		if (copy_to_user(buf, event, eventsz))
352 			ret = -EFAULT;
353 		else
354 			ret = eventsz;
355 	}
356 
357 	kfree(event);
358 
359 	return ret;
360 }
361 
362 static unsigned int ib_uverbs_event_poll(struct file *filp,
363 					 struct poll_table_struct *wait)
364 {
365 	unsigned int pollflags = 0;
366 	struct ib_uverbs_event_file *file = filp->private_data;
367 
368 	poll_wait(filp, &file->poll_wait, wait);
369 
370 	spin_lock_irq(&file->lock);
371 	if (!list_empty(&file->event_list))
372 		pollflags = POLLIN | POLLRDNORM;
373 	spin_unlock_irq(&file->lock);
374 
375 	return pollflags;
376 }
377 
378 static int ib_uverbs_event_fasync(int fd, struct file *filp, int on)
379 {
380 	struct ib_uverbs_event_file *file = filp->private_data;
381 
382 	return fasync_helper(fd, filp, on, &file->async_queue);
383 }
384 
385 static int ib_uverbs_event_close(struct inode *inode, struct file *filp)
386 {
387 	struct ib_uverbs_event_file *file = filp->private_data;
388 	struct ib_uverbs_event *entry, *tmp;
389 
390 	spin_lock_irq(&file->lock);
391 	file->is_closed = 1;
392 	list_for_each_entry_safe(entry, tmp, &file->event_list, list) {
393 		if (entry->counter)
394 			list_del(&entry->obj_list);
395 		kfree(entry);
396 	}
397 	spin_unlock_irq(&file->lock);
398 
399 	if (file->is_async) {
400 		ib_unregister_event_handler(&file->uverbs_file->event_handler);
401 		kref_put(&file->uverbs_file->ref, ib_uverbs_release_file);
402 	}
403 	kref_put(&file->ref, ib_uverbs_release_event_file);
404 
405 	return 0;
406 }
407 
408 static const struct file_operations uverbs_event_fops = {
409 	.owner	 = THIS_MODULE,
410 	.read	 = ib_uverbs_event_read,
411 	.poll    = ib_uverbs_event_poll,
412 	.release = ib_uverbs_event_close,
413 	.fasync  = ib_uverbs_event_fasync,
414 	.llseek	 = no_llseek,
415 };
416 
417 void ib_uverbs_comp_handler(struct ib_cq *cq, void *cq_context)
418 {
419 	struct ib_uverbs_event_file    *file = cq_context;
420 	struct ib_ucq_object	       *uobj;
421 	struct ib_uverbs_event	       *entry;
422 	unsigned long			flags;
423 
424 	if (!file)
425 		return;
426 
427 	spin_lock_irqsave(&file->lock, flags);
428 	if (file->is_closed) {
429 		spin_unlock_irqrestore(&file->lock, flags);
430 		return;
431 	}
432 
433 	entry = kmalloc(sizeof *entry, GFP_ATOMIC);
434 	if (!entry) {
435 		spin_unlock_irqrestore(&file->lock, flags);
436 		return;
437 	}
438 
439 	uobj = container_of(cq->uobject, struct ib_ucq_object, uobject);
440 
441 	entry->desc.comp.cq_handle = cq->uobject->user_handle;
442 	entry->counter		   = &uobj->comp_events_reported;
443 
444 	list_add_tail(&entry->list, &file->event_list);
445 	list_add_tail(&entry->obj_list, &uobj->comp_list);
446 	spin_unlock_irqrestore(&file->lock, flags);
447 
448 	wake_up_interruptible(&file->poll_wait);
449 	kill_fasync(&file->async_queue, SIGIO, POLL_IN);
450 }
451 
452 static void ib_uverbs_async_handler(struct ib_uverbs_file *file,
453 				    __u64 element, __u64 event,
454 				    struct list_head *obj_list,
455 				    u32 *counter)
456 {
457 	struct ib_uverbs_event *entry;
458 	unsigned long flags;
459 
460 	spin_lock_irqsave(&file->async_file->lock, flags);
461 	if (file->async_file->is_closed) {
462 		spin_unlock_irqrestore(&file->async_file->lock, flags);
463 		return;
464 	}
465 
466 	entry = kmalloc(sizeof *entry, GFP_ATOMIC);
467 	if (!entry) {
468 		spin_unlock_irqrestore(&file->async_file->lock, flags);
469 		return;
470 	}
471 
472 	entry->desc.async.element    = element;
473 	entry->desc.async.event_type = event;
474 	entry->counter               = counter;
475 
476 	list_add_tail(&entry->list, &file->async_file->event_list);
477 	if (obj_list)
478 		list_add_tail(&entry->obj_list, obj_list);
479 	spin_unlock_irqrestore(&file->async_file->lock, flags);
480 
481 	wake_up_interruptible(&file->async_file->poll_wait);
482 	kill_fasync(&file->async_file->async_queue, SIGIO, POLL_IN);
483 }
484 
485 void ib_uverbs_cq_event_handler(struct ib_event *event, void *context_ptr)
486 {
487 	struct ib_ucq_object *uobj = container_of(event->element.cq->uobject,
488 						  struct ib_ucq_object, uobject);
489 
490 	ib_uverbs_async_handler(uobj->uverbs_file, uobj->uobject.user_handle,
491 				event->event, &uobj->async_list,
492 				&uobj->async_events_reported);
493 }
494 
495 void ib_uverbs_qp_event_handler(struct ib_event *event, void *context_ptr)
496 {
497 	struct ib_uevent_object *uobj;
498 
499 	uobj = container_of(event->element.qp->uobject,
500 			    struct ib_uevent_object, uobject);
501 
502 	ib_uverbs_async_handler(context_ptr, uobj->uobject.user_handle,
503 				event->event, &uobj->event_list,
504 				&uobj->events_reported);
505 }
506 
507 void ib_uverbs_srq_event_handler(struct ib_event *event, void *context_ptr)
508 {
509 	struct ib_uevent_object *uobj;
510 
511 	uobj = container_of(event->element.srq->uobject,
512 			    struct ib_uevent_object, uobject);
513 
514 	ib_uverbs_async_handler(context_ptr, uobj->uobject.user_handle,
515 				event->event, &uobj->event_list,
516 				&uobj->events_reported);
517 }
518 
519 void ib_uverbs_event_handler(struct ib_event_handler *handler,
520 			     struct ib_event *event)
521 {
522 	struct ib_uverbs_file *file =
523 		container_of(handler, struct ib_uverbs_file, event_handler);
524 
525 	ib_uverbs_async_handler(file, event->element.port_num, event->event,
526 				NULL, NULL);
527 }
528 
529 struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file,
530 					int is_async)
531 {
532 	struct ib_uverbs_event_file *ev_file;
533 	struct file *filp;
534 
535 	ev_file = kmalloc(sizeof *ev_file, GFP_KERNEL);
536 	if (!ev_file)
537 		return ERR_PTR(-ENOMEM);
538 
539 	kref_init(&ev_file->ref);
540 	spin_lock_init(&ev_file->lock);
541 	INIT_LIST_HEAD(&ev_file->event_list);
542 	init_waitqueue_head(&ev_file->poll_wait);
543 	ev_file->uverbs_file = uverbs_file;
544 	ev_file->async_queue = NULL;
545 	ev_file->is_async    = is_async;
546 	ev_file->is_closed   = 0;
547 
548 	filp = anon_inode_getfile("[infinibandevent]", &uverbs_event_fops,
549 				  ev_file, O_RDONLY);
550 	if (IS_ERR(filp))
551 		kfree(ev_file);
552 
553 	return filp;
554 }
555 
556 /*
557  * Look up a completion event file by FD.  If lookup is successful,
558  * takes a ref to the event file struct that it returns; if
559  * unsuccessful, returns NULL.
560  */
561 struct ib_uverbs_event_file *ib_uverbs_lookup_comp_file(int fd)
562 {
563 	struct ib_uverbs_event_file *ev_file = NULL;
564 	struct fd f = fdget(fd);
565 
566 	if (!f.file)
567 		return NULL;
568 
569 	if (f.file->f_op != &uverbs_event_fops)
570 		goto out;
571 
572 	ev_file = f.file->private_data;
573 	if (ev_file->is_async) {
574 		ev_file = NULL;
575 		goto out;
576 	}
577 
578 	kref_get(&ev_file->ref);
579 
580 out:
581 	fdput(f);
582 	return ev_file;
583 }
584 
585 static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf,
586 			     size_t count, loff_t *pos)
587 {
588 	struct ib_uverbs_file *file = filp->private_data;
589 	struct ib_uverbs_cmd_hdr hdr;
590 
591 	if (count < sizeof hdr)
592 		return -EINVAL;
593 
594 	if (copy_from_user(&hdr, buf, sizeof hdr))
595 		return -EFAULT;
596 
597 	if (hdr.command >= ARRAY_SIZE(uverbs_cmd_table) ||
598 	    !uverbs_cmd_table[hdr.command])
599 		return -EINVAL;
600 
601 	if (!file->ucontext &&
602 	    hdr.command != IB_USER_VERBS_CMD_GET_CONTEXT)
603 		return -EINVAL;
604 
605 	if (!(file->device->ib_dev->uverbs_cmd_mask & (1ull << hdr.command)))
606 		return -ENOSYS;
607 
608 	if (hdr.command >= IB_USER_VERBS_CMD_THRESHOLD) {
609 		struct ib_uverbs_cmd_hdr_ex hdr_ex;
610 
611 		if (copy_from_user(&hdr_ex, buf, sizeof(hdr_ex)))
612 			return -EFAULT;
613 
614 		if (((hdr_ex.in_words + hdr_ex.provider_in_words) * 4) != count)
615 			return -EINVAL;
616 
617 		return uverbs_cmd_table[hdr.command](file,
618 						     buf + sizeof(hdr_ex),
619 						     (hdr_ex.in_words +
620 						      hdr_ex.provider_in_words) * 4,
621 						     (hdr_ex.out_words +
622 						      hdr_ex.provider_out_words) * 4);
623 	} else {
624 		if (hdr.in_words * 4 != count)
625 			return -EINVAL;
626 
627 		return uverbs_cmd_table[hdr.command](file,
628 						     buf + sizeof(hdr),
629 						     hdr.in_words * 4,
630 						     hdr.out_words * 4);
631 	}
632 }
633 
634 static int ib_uverbs_mmap(struct file *filp, struct vm_area_struct *vma)
635 {
636 	struct ib_uverbs_file *file = filp->private_data;
637 
638 	if (!file->ucontext)
639 		return -ENODEV;
640 	else
641 		return file->device->ib_dev->mmap(file->ucontext, vma);
642 }
643 
644 /*
645  * ib_uverbs_open() does not need the BKL:
646  *
647  *  - the ib_uverbs_device structures are properly reference counted and
648  *    everything else is purely local to the file being created, so
649  *    races against other open calls are not a problem;
650  *  - there is no ioctl method to race against;
651  *  - the open method will either immediately run -ENXIO, or all
652  *    required initialization will be done.
653  */
654 static int ib_uverbs_open(struct inode *inode, struct file *filp)
655 {
656 	struct ib_uverbs_device *dev;
657 	struct ib_uverbs_file *file;
658 	int ret;
659 
660 	dev = container_of(inode->i_cdev, struct ib_uverbs_device, cdev);
661 	if (dev)
662 		kref_get(&dev->ref);
663 	else
664 		return -ENXIO;
665 
666 	if (!try_module_get(dev->ib_dev->owner)) {
667 		ret = -ENODEV;
668 		goto err;
669 	}
670 
671 	file = kmalloc(sizeof *file, GFP_KERNEL);
672 	if (!file) {
673 		ret = -ENOMEM;
674 		goto err_module;
675 	}
676 
677 	file->device	 = dev;
678 	file->ucontext	 = NULL;
679 	file->async_file = NULL;
680 	kref_init(&file->ref);
681 	mutex_init(&file->mutex);
682 
683 	filp->private_data = file;
684 
685 	return nonseekable_open(inode, filp);
686 
687 err_module:
688 	module_put(dev->ib_dev->owner);
689 
690 err:
691 	kref_put(&dev->ref, ib_uverbs_release_dev);
692 	return ret;
693 }
694 
695 static int ib_uverbs_close(struct inode *inode, struct file *filp)
696 {
697 	struct ib_uverbs_file *file = filp->private_data;
698 
699 	ib_uverbs_cleanup_ucontext(file, file->ucontext);
700 
701 	if (file->async_file)
702 		kref_put(&file->async_file->ref, ib_uverbs_release_event_file);
703 
704 	kref_put(&file->ref, ib_uverbs_release_file);
705 
706 	return 0;
707 }
708 
709 static const struct file_operations uverbs_fops = {
710 	.owner	 = THIS_MODULE,
711 	.write	 = ib_uverbs_write,
712 	.open	 = ib_uverbs_open,
713 	.release = ib_uverbs_close,
714 	.llseek	 = no_llseek,
715 };
716 
717 static const struct file_operations uverbs_mmap_fops = {
718 	.owner	 = THIS_MODULE,
719 	.write	 = ib_uverbs_write,
720 	.mmap    = ib_uverbs_mmap,
721 	.open	 = ib_uverbs_open,
722 	.release = ib_uverbs_close,
723 	.llseek	 = no_llseek,
724 };
725 
726 static struct ib_client uverbs_client = {
727 	.name   = "uverbs",
728 	.add    = ib_uverbs_add_one,
729 	.remove = ib_uverbs_remove_one
730 };
731 
732 static ssize_t show_ibdev(struct device *device, struct device_attribute *attr,
733 			  char *buf)
734 {
735 	struct ib_uverbs_device *dev = dev_get_drvdata(device);
736 
737 	if (!dev)
738 		return -ENODEV;
739 
740 	return sprintf(buf, "%s\n", dev->ib_dev->name);
741 }
742 static DEVICE_ATTR(ibdev, S_IRUGO, show_ibdev, NULL);
743 
744 static ssize_t show_dev_abi_version(struct device *device,
745 				    struct device_attribute *attr, char *buf)
746 {
747 	struct ib_uverbs_device *dev = dev_get_drvdata(device);
748 
749 	if (!dev)
750 		return -ENODEV;
751 
752 	return sprintf(buf, "%d\n", dev->ib_dev->uverbs_abi_ver);
753 }
754 static DEVICE_ATTR(abi_version, S_IRUGO, show_dev_abi_version, NULL);
755 
756 static CLASS_ATTR_STRING(abi_version, S_IRUGO,
757 			 __stringify(IB_USER_VERBS_ABI_VERSION));
758 
759 static dev_t overflow_maj;
760 static DECLARE_BITMAP(overflow_map, IB_UVERBS_MAX_DEVICES);
761 
762 /*
763  * If we have more than IB_UVERBS_MAX_DEVICES, dynamically overflow by
764  * requesting a new major number and doubling the number of max devices we
765  * support. It's stupid, but simple.
766  */
767 static int find_overflow_devnum(void)
768 {
769 	int ret;
770 
771 	if (!overflow_maj) {
772 		ret = alloc_chrdev_region(&overflow_maj, 0, IB_UVERBS_MAX_DEVICES,
773 					  "infiniband_verbs");
774 		if (ret) {
775 			printk(KERN_ERR "user_verbs: couldn't register dynamic device number\n");
776 			return ret;
777 		}
778 	}
779 
780 	ret = find_first_zero_bit(overflow_map, IB_UVERBS_MAX_DEVICES);
781 	if (ret >= IB_UVERBS_MAX_DEVICES)
782 		return -1;
783 
784 	return ret;
785 }
786 
787 static void ib_uverbs_add_one(struct ib_device *device)
788 {
789 	int devnum;
790 	dev_t base;
791 	struct ib_uverbs_device *uverbs_dev;
792 
793 	if (!device->alloc_ucontext)
794 		return;
795 
796 	uverbs_dev = kzalloc(sizeof *uverbs_dev, GFP_KERNEL);
797 	if (!uverbs_dev)
798 		return;
799 
800 	kref_init(&uverbs_dev->ref);
801 	init_completion(&uverbs_dev->comp);
802 	uverbs_dev->xrcd_tree = RB_ROOT;
803 	mutex_init(&uverbs_dev->xrcd_tree_mutex);
804 
805 	spin_lock(&map_lock);
806 	devnum = find_first_zero_bit(dev_map, IB_UVERBS_MAX_DEVICES);
807 	if (devnum >= IB_UVERBS_MAX_DEVICES) {
808 		spin_unlock(&map_lock);
809 		devnum = find_overflow_devnum();
810 		if (devnum < 0)
811 			goto err;
812 
813 		spin_lock(&map_lock);
814 		uverbs_dev->devnum = devnum + IB_UVERBS_MAX_DEVICES;
815 		base = devnum + overflow_maj;
816 		set_bit(devnum, overflow_map);
817 	} else {
818 		uverbs_dev->devnum = devnum;
819 		base = devnum + IB_UVERBS_BASE_DEV;
820 		set_bit(devnum, dev_map);
821 	}
822 	spin_unlock(&map_lock);
823 
824 	uverbs_dev->ib_dev           = device;
825 	uverbs_dev->num_comp_vectors = device->num_comp_vectors;
826 
827 	cdev_init(&uverbs_dev->cdev, NULL);
828 	uverbs_dev->cdev.owner = THIS_MODULE;
829 	uverbs_dev->cdev.ops = device->mmap ? &uverbs_mmap_fops : &uverbs_fops;
830 	kobject_set_name(&uverbs_dev->cdev.kobj, "uverbs%d", uverbs_dev->devnum);
831 	if (cdev_add(&uverbs_dev->cdev, base, 1))
832 		goto err_cdev;
833 
834 	uverbs_dev->dev = device_create(uverbs_class, device->dma_device,
835 					uverbs_dev->cdev.dev, uverbs_dev,
836 					"uverbs%d", uverbs_dev->devnum);
837 	if (IS_ERR(uverbs_dev->dev))
838 		goto err_cdev;
839 
840 	if (device_create_file(uverbs_dev->dev, &dev_attr_ibdev))
841 		goto err_class;
842 	if (device_create_file(uverbs_dev->dev, &dev_attr_abi_version))
843 		goto err_class;
844 
845 	ib_set_client_data(device, &uverbs_client, uverbs_dev);
846 
847 	return;
848 
849 err_class:
850 	device_destroy(uverbs_class, uverbs_dev->cdev.dev);
851 
852 err_cdev:
853 	cdev_del(&uverbs_dev->cdev);
854 	if (uverbs_dev->devnum < IB_UVERBS_MAX_DEVICES)
855 		clear_bit(devnum, dev_map);
856 	else
857 		clear_bit(devnum, overflow_map);
858 
859 err:
860 	kref_put(&uverbs_dev->ref, ib_uverbs_release_dev);
861 	wait_for_completion(&uverbs_dev->comp);
862 	kfree(uverbs_dev);
863 	return;
864 }
865 
866 static void ib_uverbs_remove_one(struct ib_device *device)
867 {
868 	struct ib_uverbs_device *uverbs_dev = ib_get_client_data(device, &uverbs_client);
869 
870 	if (!uverbs_dev)
871 		return;
872 
873 	dev_set_drvdata(uverbs_dev->dev, NULL);
874 	device_destroy(uverbs_class, uverbs_dev->cdev.dev);
875 	cdev_del(&uverbs_dev->cdev);
876 
877 	if (uverbs_dev->devnum < IB_UVERBS_MAX_DEVICES)
878 		clear_bit(uverbs_dev->devnum, dev_map);
879 	else
880 		clear_bit(uverbs_dev->devnum - IB_UVERBS_MAX_DEVICES, overflow_map);
881 
882 	kref_put(&uverbs_dev->ref, ib_uverbs_release_dev);
883 	wait_for_completion(&uverbs_dev->comp);
884 	kfree(uverbs_dev);
885 }
886 
887 static char *uverbs_devnode(struct device *dev, umode_t *mode)
888 {
889 	if (mode)
890 		*mode = 0666;
891 	return kasprintf(GFP_KERNEL, "infiniband/%s", dev_name(dev));
892 }
893 
894 static int __init ib_uverbs_init(void)
895 {
896 	int ret;
897 
898 	ret = register_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES,
899 				     "infiniband_verbs");
900 	if (ret) {
901 		printk(KERN_ERR "user_verbs: couldn't register device number\n");
902 		goto out;
903 	}
904 
905 	uverbs_class = class_create(THIS_MODULE, "infiniband_verbs");
906 	if (IS_ERR(uverbs_class)) {
907 		ret = PTR_ERR(uverbs_class);
908 		printk(KERN_ERR "user_verbs: couldn't create class infiniband_verbs\n");
909 		goto out_chrdev;
910 	}
911 
912 	uverbs_class->devnode = uverbs_devnode;
913 
914 	ret = class_create_file(uverbs_class, &class_attr_abi_version.attr);
915 	if (ret) {
916 		printk(KERN_ERR "user_verbs: couldn't create abi_version attribute\n");
917 		goto out_class;
918 	}
919 
920 	ret = ib_register_client(&uverbs_client);
921 	if (ret) {
922 		printk(KERN_ERR "user_verbs: couldn't register client\n");
923 		goto out_class;
924 	}
925 
926 	return 0;
927 
928 out_class:
929 	class_destroy(uverbs_class);
930 
931 out_chrdev:
932 	unregister_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES);
933 
934 out:
935 	return ret;
936 }
937 
938 static void __exit ib_uverbs_cleanup(void)
939 {
940 	ib_unregister_client(&uverbs_client);
941 	class_destroy(uverbs_class);
942 	unregister_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES);
943 	if (overflow_maj)
944 		unregister_chrdev_region(overflow_maj, IB_UVERBS_MAX_DEVICES);
945 	idr_destroy(&ib_uverbs_pd_idr);
946 	idr_destroy(&ib_uverbs_mr_idr);
947 	idr_destroy(&ib_uverbs_mw_idr);
948 	idr_destroy(&ib_uverbs_ah_idr);
949 	idr_destroy(&ib_uverbs_cq_idr);
950 	idr_destroy(&ib_uverbs_qp_idr);
951 	idr_destroy(&ib_uverbs_srq_idr);
952 }
953 
954 module_init(ib_uverbs_init);
955 module_exit(ib_uverbs_cleanup);
956