1 /*
2  * Copyright(c) 2020 Cornelis Networks, Inc.
3  * Copyright(c) 2015-2020 Intel Corporation.
4  *
5  * This file is provided under a dual BSD/GPLv2 license.  When using or
6  * redistributing this file, you may do so under either license.
7  *
8  * GPL LICENSE SUMMARY
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of version 2 of the GNU General Public License as
12  * published by the Free Software Foundation.
13  *
14  * This program is distributed in the hope that it will be useful, but
15  * WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  * General Public License for more details.
18  *
19  * BSD LICENSE
20  *
21  * Redistribution and use in source and binary forms, with or without
22  * modification, are permitted provided that the following conditions
23  * are met:
24  *
25  *  - Redistributions of source code must retain the above copyright
26  *    notice, this list of conditions and the following disclaimer.
27  *  - Redistributions in binary form must reproduce the above copyright
28  *    notice, this list of conditions and the following disclaimer in
29  *    the documentation and/or other materials provided with the
30  *    distribution.
31  *  - Neither the name of Intel Corporation nor the names of its
32  *    contributors may be used to endorse or promote products derived
33  *    from this software without specific prior written permission.
34  *
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
36  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
38  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
39  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
42  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
43  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
44  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
45  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
46  *
47  */
48 #include <linux/poll.h>
49 #include <linux/cdev.h>
50 #include <linux/vmalloc.h>
51 #include <linux/io.h>
52 #include <linux/sched/mm.h>
53 #include <linux/bitmap.h>
54 
55 #include <rdma/ib.h>
56 
57 #include "hfi.h"
58 #include "pio.h"
59 #include "device.h"
60 #include "common.h"
61 #include "trace.h"
62 #include "mmu_rb.h"
63 #include "user_sdma.h"
64 #include "user_exp_rcv.h"
65 #include "aspm.h"
66 
67 #undef pr_fmt
68 #define pr_fmt(fmt) DRIVER_NAME ": " fmt
69 
70 #define SEND_CTXT_HALT_TIMEOUT 1000 /* msecs */
71 
72 /*
73  * File operation functions
74  */
75 static int hfi1_file_open(struct inode *inode, struct file *fp);
76 static int hfi1_file_close(struct inode *inode, struct file *fp);
77 static ssize_t hfi1_write_iter(struct kiocb *kiocb, struct iov_iter *from);
78 static __poll_t hfi1_poll(struct file *fp, struct poll_table_struct *pt);
79 static int hfi1_file_mmap(struct file *fp, struct vm_area_struct *vma);
80 
81 static u64 kvirt_to_phys(void *addr);
82 static int assign_ctxt(struct hfi1_filedata *fd, unsigned long arg, u32 len);
83 static void init_subctxts(struct hfi1_ctxtdata *uctxt,
84 			  const struct hfi1_user_info *uinfo);
85 static int init_user_ctxt(struct hfi1_filedata *fd,
86 			  struct hfi1_ctxtdata *uctxt);
87 static void user_init(struct hfi1_ctxtdata *uctxt);
88 static int get_ctxt_info(struct hfi1_filedata *fd, unsigned long arg, u32 len);
89 static int get_base_info(struct hfi1_filedata *fd, unsigned long arg, u32 len);
90 static int user_exp_rcv_setup(struct hfi1_filedata *fd, unsigned long arg,
91 			      u32 len);
92 static int user_exp_rcv_clear(struct hfi1_filedata *fd, unsigned long arg,
93 			      u32 len);
94 static int user_exp_rcv_invalid(struct hfi1_filedata *fd, unsigned long arg,
95 				u32 len);
96 static int setup_base_ctxt(struct hfi1_filedata *fd,
97 			   struct hfi1_ctxtdata *uctxt);
98 static int setup_subctxt(struct hfi1_ctxtdata *uctxt);
99 
100 static int find_sub_ctxt(struct hfi1_filedata *fd,
101 			 const struct hfi1_user_info *uinfo);
102 static int allocate_ctxt(struct hfi1_filedata *fd, struct hfi1_devdata *dd,
103 			 struct hfi1_user_info *uinfo,
104 			 struct hfi1_ctxtdata **cd);
105 static void deallocate_ctxt(struct hfi1_ctxtdata *uctxt);
106 static __poll_t poll_urgent(struct file *fp, struct poll_table_struct *pt);
107 static __poll_t poll_next(struct file *fp, struct poll_table_struct *pt);
108 static int user_event_ack(struct hfi1_ctxtdata *uctxt, u16 subctxt,
109 			  unsigned long arg);
110 static int set_ctxt_pkey(struct hfi1_ctxtdata *uctxt, unsigned long arg);
111 static int ctxt_reset(struct hfi1_ctxtdata *uctxt);
112 static int manage_rcvq(struct hfi1_ctxtdata *uctxt, u16 subctxt,
113 		       unsigned long arg);
114 static vm_fault_t vma_fault(struct vm_fault *vmf);
115 static long hfi1_file_ioctl(struct file *fp, unsigned int cmd,
116 			    unsigned long arg);
117 
118 static const struct file_operations hfi1_file_ops = {
119 	.owner = THIS_MODULE,
120 	.write_iter = hfi1_write_iter,
121 	.open = hfi1_file_open,
122 	.release = hfi1_file_close,
123 	.unlocked_ioctl = hfi1_file_ioctl,
124 	.poll = hfi1_poll,
125 	.mmap = hfi1_file_mmap,
126 	.llseek = noop_llseek,
127 };
128 
129 static const struct vm_operations_struct vm_ops = {
130 	.fault = vma_fault,
131 };
132 
133 /*
134  * Types of memories mapped into user processes' space
135  */
136 enum mmap_types {
137 	PIO_BUFS = 1,
138 	PIO_BUFS_SOP,
139 	PIO_CRED,
140 	RCV_HDRQ,
141 	RCV_EGRBUF,
142 	UREGS,
143 	EVENTS,
144 	STATUS,
145 	RTAIL,
146 	SUBCTXT_UREGS,
147 	SUBCTXT_RCV_HDRQ,
148 	SUBCTXT_EGRBUF,
149 	SDMA_COMP
150 };
151 
152 /*
153  * Masks and offsets defining the mmap tokens
154  */
155 #define HFI1_MMAP_OFFSET_MASK   0xfffULL
156 #define HFI1_MMAP_OFFSET_SHIFT  0
157 #define HFI1_MMAP_SUBCTXT_MASK  0xfULL
158 #define HFI1_MMAP_SUBCTXT_SHIFT 12
159 #define HFI1_MMAP_CTXT_MASK     0xffULL
160 #define HFI1_MMAP_CTXT_SHIFT    16
161 #define HFI1_MMAP_TYPE_MASK     0xfULL
162 #define HFI1_MMAP_TYPE_SHIFT    24
163 #define HFI1_MMAP_MAGIC_MASK    0xffffffffULL
164 #define HFI1_MMAP_MAGIC_SHIFT   32
165 
166 #define HFI1_MMAP_MAGIC         0xdabbad00
167 
168 #define HFI1_MMAP_TOKEN_SET(field, val)	\
169 	(((val) & HFI1_MMAP_##field##_MASK) << HFI1_MMAP_##field##_SHIFT)
170 #define HFI1_MMAP_TOKEN_GET(field, token) \
171 	(((token) >> HFI1_MMAP_##field##_SHIFT) & HFI1_MMAP_##field##_MASK)
172 #define HFI1_MMAP_TOKEN(type, ctxt, subctxt, addr)   \
173 	(HFI1_MMAP_TOKEN_SET(MAGIC, HFI1_MMAP_MAGIC) | \
174 	HFI1_MMAP_TOKEN_SET(TYPE, type) | \
175 	HFI1_MMAP_TOKEN_SET(CTXT, ctxt) | \
176 	HFI1_MMAP_TOKEN_SET(SUBCTXT, subctxt) | \
177 	HFI1_MMAP_TOKEN_SET(OFFSET, (offset_in_page(addr))))
178 
179 #define dbg(fmt, ...)				\
180 	pr_info(fmt, ##__VA_ARGS__)
181 
182 static inline int is_valid_mmap(u64 token)
183 {
184 	return (HFI1_MMAP_TOKEN_GET(MAGIC, token) == HFI1_MMAP_MAGIC);
185 }
186 
187 static int hfi1_file_open(struct inode *inode, struct file *fp)
188 {
189 	struct hfi1_filedata *fd;
190 	struct hfi1_devdata *dd = container_of(inode->i_cdev,
191 					       struct hfi1_devdata,
192 					       user_cdev);
193 
194 	if (!((dd->flags & HFI1_PRESENT) && dd->kregbase1))
195 		return -EINVAL;
196 
197 	if (!atomic_inc_not_zero(&dd->user_refcount))
198 		return -ENXIO;
199 
200 	/* The real work is performed later in assign_ctxt() */
201 
202 	fd = kzalloc(sizeof(*fd), GFP_KERNEL);
203 
204 	if (!fd || init_srcu_struct(&fd->pq_srcu))
205 		goto nomem;
206 	spin_lock_init(&fd->pq_rcu_lock);
207 	spin_lock_init(&fd->tid_lock);
208 	spin_lock_init(&fd->invalid_lock);
209 	fd->rec_cpu_num = -1; /* no cpu affinity by default */
210 	fd->dd = dd;
211 	fp->private_data = fd;
212 	return 0;
213 nomem:
214 	kfree(fd);
215 	fp->private_data = NULL;
216 	if (atomic_dec_and_test(&dd->user_refcount))
217 		complete(&dd->user_comp);
218 	return -ENOMEM;
219 }
220 
221 static long hfi1_file_ioctl(struct file *fp, unsigned int cmd,
222 			    unsigned long arg)
223 {
224 	struct hfi1_filedata *fd = fp->private_data;
225 	struct hfi1_ctxtdata *uctxt = fd->uctxt;
226 	int ret = 0;
227 	int uval = 0;
228 
229 	hfi1_cdbg(IOCTL, "IOCTL recv: 0x%x", cmd);
230 	if (cmd != HFI1_IOCTL_ASSIGN_CTXT &&
231 	    cmd != HFI1_IOCTL_GET_VERS &&
232 	    !uctxt)
233 		return -EINVAL;
234 
235 	switch (cmd) {
236 	case HFI1_IOCTL_ASSIGN_CTXT:
237 		ret = assign_ctxt(fd, arg, _IOC_SIZE(cmd));
238 		break;
239 
240 	case HFI1_IOCTL_CTXT_INFO:
241 		ret = get_ctxt_info(fd, arg, _IOC_SIZE(cmd));
242 		break;
243 
244 	case HFI1_IOCTL_USER_INFO:
245 		ret = get_base_info(fd, arg, _IOC_SIZE(cmd));
246 		break;
247 
248 	case HFI1_IOCTL_CREDIT_UPD:
249 		if (uctxt)
250 			sc_return_credits(uctxt->sc);
251 		break;
252 
253 	case HFI1_IOCTL_TID_UPDATE:
254 		ret = user_exp_rcv_setup(fd, arg, _IOC_SIZE(cmd));
255 		break;
256 
257 	case HFI1_IOCTL_TID_FREE:
258 		ret = user_exp_rcv_clear(fd, arg, _IOC_SIZE(cmd));
259 		break;
260 
261 	case HFI1_IOCTL_TID_INVAL_READ:
262 		ret = user_exp_rcv_invalid(fd, arg, _IOC_SIZE(cmd));
263 		break;
264 
265 	case HFI1_IOCTL_RECV_CTRL:
266 		ret = manage_rcvq(uctxt, fd->subctxt, arg);
267 		break;
268 
269 	case HFI1_IOCTL_POLL_TYPE:
270 		if (get_user(uval, (int __user *)arg))
271 			return -EFAULT;
272 		uctxt->poll_type = (typeof(uctxt->poll_type))uval;
273 		break;
274 
275 	case HFI1_IOCTL_ACK_EVENT:
276 		ret = user_event_ack(uctxt, fd->subctxt, arg);
277 		break;
278 
279 	case HFI1_IOCTL_SET_PKEY:
280 		ret = set_ctxt_pkey(uctxt, arg);
281 		break;
282 
283 	case HFI1_IOCTL_CTXT_RESET:
284 		ret = ctxt_reset(uctxt);
285 		break;
286 
287 	case HFI1_IOCTL_GET_VERS:
288 		uval = HFI1_USER_SWVERSION;
289 		if (put_user(uval, (int __user *)arg))
290 			return -EFAULT;
291 		break;
292 
293 	default:
294 		return -EINVAL;
295 	}
296 
297 	return ret;
298 }
299 
300 static ssize_t hfi1_write_iter(struct kiocb *kiocb, struct iov_iter *from)
301 {
302 	struct hfi1_filedata *fd = kiocb->ki_filp->private_data;
303 	struct hfi1_user_sdma_pkt_q *pq;
304 	struct hfi1_user_sdma_comp_q *cq = fd->cq;
305 	int done = 0, reqs = 0;
306 	unsigned long dim = from->nr_segs;
307 	int idx;
308 
309 	idx = srcu_read_lock(&fd->pq_srcu);
310 	pq = srcu_dereference(fd->pq, &fd->pq_srcu);
311 	if (!cq || !pq) {
312 		srcu_read_unlock(&fd->pq_srcu, idx);
313 		return -EIO;
314 	}
315 
316 	if (!iter_is_iovec(from) || !dim) {
317 		srcu_read_unlock(&fd->pq_srcu, idx);
318 		return -EINVAL;
319 	}
320 
321 	trace_hfi1_sdma_request(fd->dd, fd->uctxt->ctxt, fd->subctxt, dim);
322 
323 	if (atomic_read(&pq->n_reqs) == pq->n_max_reqs) {
324 		srcu_read_unlock(&fd->pq_srcu, idx);
325 		return -ENOSPC;
326 	}
327 
328 	while (dim) {
329 		int ret;
330 		unsigned long count = 0;
331 
332 		ret = hfi1_user_sdma_process_request(
333 			fd, (struct iovec *)(from->iov + done),
334 			dim, &count);
335 		if (ret) {
336 			reqs = ret;
337 			break;
338 		}
339 		dim -= count;
340 		done += count;
341 		reqs++;
342 	}
343 
344 	srcu_read_unlock(&fd->pq_srcu, idx);
345 	return reqs;
346 }
347 
348 static int hfi1_file_mmap(struct file *fp, struct vm_area_struct *vma)
349 {
350 	struct hfi1_filedata *fd = fp->private_data;
351 	struct hfi1_ctxtdata *uctxt = fd->uctxt;
352 	struct hfi1_devdata *dd;
353 	unsigned long flags;
354 	u64 token = vma->vm_pgoff << PAGE_SHIFT,
355 		memaddr = 0;
356 	void *memvirt = NULL;
357 	u8 subctxt, mapio = 0, vmf = 0, type;
358 	ssize_t memlen = 0;
359 	int ret = 0;
360 	u16 ctxt;
361 
362 	if (!is_valid_mmap(token) || !uctxt ||
363 	    !(vma->vm_flags & VM_SHARED)) {
364 		ret = -EINVAL;
365 		goto done;
366 	}
367 	dd = uctxt->dd;
368 	ctxt = HFI1_MMAP_TOKEN_GET(CTXT, token);
369 	subctxt = HFI1_MMAP_TOKEN_GET(SUBCTXT, token);
370 	type = HFI1_MMAP_TOKEN_GET(TYPE, token);
371 	if (ctxt != uctxt->ctxt || subctxt != fd->subctxt) {
372 		ret = -EINVAL;
373 		goto done;
374 	}
375 
376 	flags = vma->vm_flags;
377 
378 	switch (type) {
379 	case PIO_BUFS:
380 	case PIO_BUFS_SOP:
381 		memaddr = ((dd->physaddr + TXE_PIO_SEND) +
382 				/* chip pio base */
383 			   (uctxt->sc->hw_context * BIT(16))) +
384 				/* 64K PIO space / ctxt */
385 			(type == PIO_BUFS_SOP ?
386 				(TXE_PIO_SIZE / 2) : 0); /* sop? */
387 		/*
388 		 * Map only the amount allocated to the context, not the
389 		 * entire available context's PIO space.
390 		 */
391 		memlen = PAGE_ALIGN(uctxt->sc->credits * PIO_BLOCK_SIZE);
392 		flags &= ~VM_MAYREAD;
393 		flags |= VM_DONTCOPY | VM_DONTEXPAND;
394 		vma->vm_page_prot = pgprot_writecombine(vma->vm_page_prot);
395 		mapio = 1;
396 		break;
397 	case PIO_CRED:
398 		if (flags & VM_WRITE) {
399 			ret = -EPERM;
400 			goto done;
401 		}
402 		/*
403 		 * The credit return location for this context could be on the
404 		 * second or third page allocated for credit returns (if number
405 		 * of enabled contexts > 64 and 128 respectively).
406 		 */
407 		memvirt = dd->cr_base[uctxt->numa_id].va;
408 		memaddr = virt_to_phys(memvirt) +
409 			(((u64)uctxt->sc->hw_free -
410 			  (u64)dd->cr_base[uctxt->numa_id].va) & PAGE_MASK);
411 		memlen = PAGE_SIZE;
412 		flags &= ~VM_MAYWRITE;
413 		flags |= VM_DONTCOPY | VM_DONTEXPAND;
414 		/*
415 		 * The driver has already allocated memory for credit
416 		 * returns and programmed it into the chip. Has that
417 		 * memory been flagged as non-cached?
418 		 */
419 		/* vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); */
420 		mapio = 1;
421 		break;
422 	case RCV_HDRQ:
423 		memlen = rcvhdrq_size(uctxt);
424 		memvirt = uctxt->rcvhdrq;
425 		break;
426 	case RCV_EGRBUF: {
427 		unsigned long addr;
428 		int i;
429 		/*
430 		 * The RcvEgr buffer need to be handled differently
431 		 * as multiple non-contiguous pages need to be mapped
432 		 * into the user process.
433 		 */
434 		memlen = uctxt->egrbufs.size;
435 		if ((vma->vm_end - vma->vm_start) != memlen) {
436 			dd_dev_err(dd, "Eager buffer map size invalid (%lu != %lu)\n",
437 				   (vma->vm_end - vma->vm_start), memlen);
438 			ret = -EINVAL;
439 			goto done;
440 		}
441 		if (vma->vm_flags & VM_WRITE) {
442 			ret = -EPERM;
443 			goto done;
444 		}
445 		vma->vm_flags &= ~VM_MAYWRITE;
446 		addr = vma->vm_start;
447 		for (i = 0 ; i < uctxt->egrbufs.numbufs; i++) {
448 			memlen = uctxt->egrbufs.buffers[i].len;
449 			memvirt = uctxt->egrbufs.buffers[i].addr;
450 			ret = remap_pfn_range(
451 				vma, addr,
452 				/*
453 				 * virt_to_pfn() does the same, but
454 				 * it's not available on x86_64
455 				 * when CONFIG_MMU is enabled.
456 				 */
457 				PFN_DOWN(__pa(memvirt)),
458 				memlen,
459 				vma->vm_page_prot);
460 			if (ret < 0)
461 				goto done;
462 			addr += memlen;
463 		}
464 		ret = 0;
465 		goto done;
466 	}
467 	case UREGS:
468 		/*
469 		 * Map only the page that contains this context's user
470 		 * registers.
471 		 */
472 		memaddr = (unsigned long)
473 			(dd->physaddr + RXE_PER_CONTEXT_USER)
474 			+ (uctxt->ctxt * RXE_PER_CONTEXT_SIZE);
475 		/*
476 		 * TidFlow table is on the same page as the rest of the
477 		 * user registers.
478 		 */
479 		memlen = PAGE_SIZE;
480 		flags |= VM_DONTCOPY | VM_DONTEXPAND;
481 		vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
482 		mapio = 1;
483 		break;
484 	case EVENTS:
485 		/*
486 		 * Use the page where this context's flags are. User level
487 		 * knows where it's own bitmap is within the page.
488 		 */
489 		memaddr = (unsigned long)
490 			(dd->events + uctxt_offset(uctxt)) & PAGE_MASK;
491 		memlen = PAGE_SIZE;
492 		/*
493 		 * v3.7 removes VM_RESERVED but the effect is kept by
494 		 * using VM_IO.
495 		 */
496 		flags |= VM_IO | VM_DONTEXPAND;
497 		vmf = 1;
498 		break;
499 	case STATUS:
500 		if (flags & VM_WRITE) {
501 			ret = -EPERM;
502 			goto done;
503 		}
504 		memaddr = kvirt_to_phys((void *)dd->status);
505 		memlen = PAGE_SIZE;
506 		flags |= VM_IO | VM_DONTEXPAND;
507 		break;
508 	case RTAIL:
509 		if (!HFI1_CAP_IS_USET(DMA_RTAIL)) {
510 			/*
511 			 * If the memory allocation failed, the context alloc
512 			 * also would have failed, so we would never get here
513 			 */
514 			ret = -EINVAL;
515 			goto done;
516 		}
517 		if ((flags & VM_WRITE) || !hfi1_rcvhdrtail_kvaddr(uctxt)) {
518 			ret = -EPERM;
519 			goto done;
520 		}
521 		memlen = PAGE_SIZE;
522 		memvirt = (void *)hfi1_rcvhdrtail_kvaddr(uctxt);
523 		flags &= ~VM_MAYWRITE;
524 		break;
525 	case SUBCTXT_UREGS:
526 		memaddr = (u64)uctxt->subctxt_uregbase;
527 		memlen = PAGE_SIZE;
528 		flags |= VM_IO | VM_DONTEXPAND;
529 		vmf = 1;
530 		break;
531 	case SUBCTXT_RCV_HDRQ:
532 		memaddr = (u64)uctxt->subctxt_rcvhdr_base;
533 		memlen = rcvhdrq_size(uctxt) * uctxt->subctxt_cnt;
534 		flags |= VM_IO | VM_DONTEXPAND;
535 		vmf = 1;
536 		break;
537 	case SUBCTXT_EGRBUF:
538 		memaddr = (u64)uctxt->subctxt_rcvegrbuf;
539 		memlen = uctxt->egrbufs.size * uctxt->subctxt_cnt;
540 		flags |= VM_IO | VM_DONTEXPAND;
541 		flags &= ~VM_MAYWRITE;
542 		vmf = 1;
543 		break;
544 	case SDMA_COMP: {
545 		struct hfi1_user_sdma_comp_q *cq = fd->cq;
546 
547 		if (!cq) {
548 			ret = -EFAULT;
549 			goto done;
550 		}
551 		memaddr = (u64)cq->comps;
552 		memlen = PAGE_ALIGN(sizeof(*cq->comps) * cq->nentries);
553 		flags |= VM_IO | VM_DONTEXPAND;
554 		vmf = 1;
555 		break;
556 	}
557 	default:
558 		ret = -EINVAL;
559 		break;
560 	}
561 
562 	if ((vma->vm_end - vma->vm_start) != memlen) {
563 		hfi1_cdbg(PROC, "%u:%u Memory size mismatch %lu:%lu",
564 			  uctxt->ctxt, fd->subctxt,
565 			  (vma->vm_end - vma->vm_start), memlen);
566 		ret = -EINVAL;
567 		goto done;
568 	}
569 
570 	vma->vm_flags = flags;
571 	hfi1_cdbg(PROC,
572 		  "%u:%u type:%u io/vf:%d/%d, addr:0x%llx, len:%lu(%lu), flags:0x%lx\n",
573 		    ctxt, subctxt, type, mapio, vmf, memaddr, memlen,
574 		    vma->vm_end - vma->vm_start, vma->vm_flags);
575 	if (vmf) {
576 		vma->vm_pgoff = PFN_DOWN(memaddr);
577 		vma->vm_ops = &vm_ops;
578 		ret = 0;
579 	} else if (mapio) {
580 		ret = io_remap_pfn_range(vma, vma->vm_start,
581 					 PFN_DOWN(memaddr),
582 					 memlen,
583 					 vma->vm_page_prot);
584 	} else if (memvirt) {
585 		ret = remap_pfn_range(vma, vma->vm_start,
586 				      PFN_DOWN(__pa(memvirt)),
587 				      memlen,
588 				      vma->vm_page_prot);
589 	} else {
590 		ret = remap_pfn_range(vma, vma->vm_start,
591 				      PFN_DOWN(memaddr),
592 				      memlen,
593 				      vma->vm_page_prot);
594 	}
595 done:
596 	return ret;
597 }
598 
599 /*
600  * Local (non-chip) user memory is not mapped right away but as it is
601  * accessed by the user-level code.
602  */
603 static vm_fault_t vma_fault(struct vm_fault *vmf)
604 {
605 	struct page *page;
606 
607 	page = vmalloc_to_page((void *)(vmf->pgoff << PAGE_SHIFT));
608 	if (!page)
609 		return VM_FAULT_SIGBUS;
610 
611 	get_page(page);
612 	vmf->page = page;
613 
614 	return 0;
615 }
616 
617 static __poll_t hfi1_poll(struct file *fp, struct poll_table_struct *pt)
618 {
619 	struct hfi1_ctxtdata *uctxt;
620 	__poll_t pollflag;
621 
622 	uctxt = ((struct hfi1_filedata *)fp->private_data)->uctxt;
623 	if (!uctxt)
624 		pollflag = EPOLLERR;
625 	else if (uctxt->poll_type == HFI1_POLL_TYPE_URGENT)
626 		pollflag = poll_urgent(fp, pt);
627 	else  if (uctxt->poll_type == HFI1_POLL_TYPE_ANYRCV)
628 		pollflag = poll_next(fp, pt);
629 	else /* invalid */
630 		pollflag = EPOLLERR;
631 
632 	return pollflag;
633 }
634 
635 static int hfi1_file_close(struct inode *inode, struct file *fp)
636 {
637 	struct hfi1_filedata *fdata = fp->private_data;
638 	struct hfi1_ctxtdata *uctxt = fdata->uctxt;
639 	struct hfi1_devdata *dd = container_of(inode->i_cdev,
640 					       struct hfi1_devdata,
641 					       user_cdev);
642 	unsigned long flags, *ev;
643 
644 	fp->private_data = NULL;
645 
646 	if (!uctxt)
647 		goto done;
648 
649 	hfi1_cdbg(PROC, "closing ctxt %u:%u", uctxt->ctxt, fdata->subctxt);
650 
651 	flush_wc();
652 	/* drain user sdma queue */
653 	hfi1_user_sdma_free_queues(fdata, uctxt);
654 
655 	/* release the cpu */
656 	hfi1_put_proc_affinity(fdata->rec_cpu_num);
657 
658 	/* clean up rcv side */
659 	hfi1_user_exp_rcv_free(fdata);
660 
661 	/*
662 	 * fdata->uctxt is used in the above cleanup.  It is not ready to be
663 	 * removed until here.
664 	 */
665 	fdata->uctxt = NULL;
666 	hfi1_rcd_put(uctxt);
667 
668 	/*
669 	 * Clear any left over, unhandled events so the next process that
670 	 * gets this context doesn't get confused.
671 	 */
672 	ev = dd->events + uctxt_offset(uctxt) + fdata->subctxt;
673 	*ev = 0;
674 
675 	spin_lock_irqsave(&dd->uctxt_lock, flags);
676 	__clear_bit(fdata->subctxt, uctxt->in_use_ctxts);
677 	if (!bitmap_empty(uctxt->in_use_ctxts, HFI1_MAX_SHARED_CTXTS)) {
678 		spin_unlock_irqrestore(&dd->uctxt_lock, flags);
679 		goto done;
680 	}
681 	spin_unlock_irqrestore(&dd->uctxt_lock, flags);
682 
683 	/*
684 	 * Disable receive context and interrupt available, reset all
685 	 * RcvCtxtCtrl bits to default values.
686 	 */
687 	hfi1_rcvctrl(dd, HFI1_RCVCTRL_CTXT_DIS |
688 		     HFI1_RCVCTRL_TIDFLOW_DIS |
689 		     HFI1_RCVCTRL_INTRAVAIL_DIS |
690 		     HFI1_RCVCTRL_TAILUPD_DIS |
691 		     HFI1_RCVCTRL_ONE_PKT_EGR_DIS |
692 		     HFI1_RCVCTRL_NO_RHQ_DROP_DIS |
693 		     HFI1_RCVCTRL_NO_EGR_DROP_DIS |
694 		     HFI1_RCVCTRL_URGENT_DIS, uctxt);
695 	/* Clear the context's J_KEY */
696 	hfi1_clear_ctxt_jkey(dd, uctxt);
697 	/*
698 	 * If a send context is allocated, reset context integrity
699 	 * checks to default and disable the send context.
700 	 */
701 	if (uctxt->sc) {
702 		sc_disable(uctxt->sc);
703 		set_pio_integrity(uctxt->sc);
704 	}
705 
706 	hfi1_free_ctxt_rcv_groups(uctxt);
707 	hfi1_clear_ctxt_pkey(dd, uctxt);
708 
709 	uctxt->event_flags = 0;
710 
711 	deallocate_ctxt(uctxt);
712 done:
713 
714 	if (atomic_dec_and_test(&dd->user_refcount))
715 		complete(&dd->user_comp);
716 
717 	cleanup_srcu_struct(&fdata->pq_srcu);
718 	kfree(fdata);
719 	return 0;
720 }
721 
722 /*
723  * Convert kernel *virtual* addresses to physical addresses.
724  * This is used to vmalloc'ed addresses.
725  */
726 static u64 kvirt_to_phys(void *addr)
727 {
728 	struct page *page;
729 	u64 paddr = 0;
730 
731 	page = vmalloc_to_page(addr);
732 	if (page)
733 		paddr = page_to_pfn(page) << PAGE_SHIFT;
734 
735 	return paddr;
736 }
737 
738 /**
739  * complete_subctxt
740  * @fd: valid filedata pointer
741  *
742  * Sub-context info can only be set up after the base context
743  * has been completed.  This is indicated by the clearing of the
744  * HFI1_CTXT_BASE_UINIT bit.
745  *
746  * Wait for the bit to be cleared, and then complete the subcontext
747  * initialization.
748  *
749  */
750 static int complete_subctxt(struct hfi1_filedata *fd)
751 {
752 	int ret;
753 	unsigned long flags;
754 
755 	/*
756 	 * sub-context info can only be set up after the base context
757 	 * has been completed.
758 	 */
759 	ret = wait_event_interruptible(
760 		fd->uctxt->wait,
761 		!test_bit(HFI1_CTXT_BASE_UNINIT, &fd->uctxt->event_flags));
762 
763 	if (test_bit(HFI1_CTXT_BASE_FAILED, &fd->uctxt->event_flags))
764 		ret = -ENOMEM;
765 
766 	/* Finish the sub-context init */
767 	if (!ret) {
768 		fd->rec_cpu_num = hfi1_get_proc_affinity(fd->uctxt->numa_id);
769 		ret = init_user_ctxt(fd, fd->uctxt);
770 	}
771 
772 	if (ret) {
773 		spin_lock_irqsave(&fd->dd->uctxt_lock, flags);
774 		__clear_bit(fd->subctxt, fd->uctxt->in_use_ctxts);
775 		spin_unlock_irqrestore(&fd->dd->uctxt_lock, flags);
776 		hfi1_rcd_put(fd->uctxt);
777 		fd->uctxt = NULL;
778 	}
779 
780 	return ret;
781 }
782 
783 static int assign_ctxt(struct hfi1_filedata *fd, unsigned long arg, u32 len)
784 {
785 	int ret;
786 	unsigned int swmajor;
787 	struct hfi1_ctxtdata *uctxt = NULL;
788 	struct hfi1_user_info uinfo;
789 
790 	if (fd->uctxt)
791 		return -EINVAL;
792 
793 	if (sizeof(uinfo) != len)
794 		return -EINVAL;
795 
796 	if (copy_from_user(&uinfo, (void __user *)arg, sizeof(uinfo)))
797 		return -EFAULT;
798 
799 	swmajor = uinfo.userversion >> 16;
800 	if (swmajor != HFI1_USER_SWMAJOR)
801 		return -ENODEV;
802 
803 	if (uinfo.subctxt_cnt > HFI1_MAX_SHARED_CTXTS)
804 		return -EINVAL;
805 
806 	/*
807 	 * Acquire the mutex to protect against multiple creations of what
808 	 * could be a shared base context.
809 	 */
810 	mutex_lock(&hfi1_mutex);
811 	/*
812 	 * Get a sub context if available  (fd->uctxt will be set).
813 	 * ret < 0 error, 0 no context, 1 sub-context found
814 	 */
815 	ret = find_sub_ctxt(fd, &uinfo);
816 
817 	/*
818 	 * Allocate a base context if context sharing is not required or a
819 	 * sub context wasn't found.
820 	 */
821 	if (!ret)
822 		ret = allocate_ctxt(fd, fd->dd, &uinfo, &uctxt);
823 
824 	mutex_unlock(&hfi1_mutex);
825 
826 	/* Depending on the context type, finish the appropriate init */
827 	switch (ret) {
828 	case 0:
829 		ret = setup_base_ctxt(fd, uctxt);
830 		if (ret)
831 			deallocate_ctxt(uctxt);
832 		break;
833 	case 1:
834 		ret = complete_subctxt(fd);
835 		break;
836 	default:
837 		break;
838 	}
839 
840 	return ret;
841 }
842 
843 /**
844  * match_ctxt
845  * @fd: valid filedata pointer
846  * @uinfo: user info to compare base context with
847  * @uctxt: context to compare uinfo to.
848  *
849  * Compare the given context with the given information to see if it
850  * can be used for a sub context.
851  */
852 static int match_ctxt(struct hfi1_filedata *fd,
853 		      const struct hfi1_user_info *uinfo,
854 		      struct hfi1_ctxtdata *uctxt)
855 {
856 	struct hfi1_devdata *dd = fd->dd;
857 	unsigned long flags;
858 	u16 subctxt;
859 
860 	/* Skip dynamically allocated kernel contexts */
861 	if (uctxt->sc && (uctxt->sc->type == SC_KERNEL))
862 		return 0;
863 
864 	/* Skip ctxt if it doesn't match the requested one */
865 	if (memcmp(uctxt->uuid, uinfo->uuid, sizeof(uctxt->uuid)) ||
866 	    uctxt->jkey != generate_jkey(current_uid()) ||
867 	    uctxt->subctxt_id != uinfo->subctxt_id ||
868 	    uctxt->subctxt_cnt != uinfo->subctxt_cnt)
869 		return 0;
870 
871 	/* Verify the sharing process matches the base */
872 	if (uctxt->userversion != uinfo->userversion)
873 		return -EINVAL;
874 
875 	/* Find an unused sub context */
876 	spin_lock_irqsave(&dd->uctxt_lock, flags);
877 	if (bitmap_empty(uctxt->in_use_ctxts, HFI1_MAX_SHARED_CTXTS)) {
878 		/* context is being closed, do not use */
879 		spin_unlock_irqrestore(&dd->uctxt_lock, flags);
880 		return 0;
881 	}
882 
883 	subctxt = find_first_zero_bit(uctxt->in_use_ctxts,
884 				      HFI1_MAX_SHARED_CTXTS);
885 	if (subctxt >= uctxt->subctxt_cnt) {
886 		spin_unlock_irqrestore(&dd->uctxt_lock, flags);
887 		return -EBUSY;
888 	}
889 
890 	fd->subctxt = subctxt;
891 	__set_bit(fd->subctxt, uctxt->in_use_ctxts);
892 	spin_unlock_irqrestore(&dd->uctxt_lock, flags);
893 
894 	fd->uctxt = uctxt;
895 	hfi1_rcd_get(uctxt);
896 
897 	return 1;
898 }
899 
900 /**
901  * find_sub_ctxt
902  * @fd: valid filedata pointer
903  * @uinfo: matching info to use to find a possible context to share.
904  *
905  * The hfi1_mutex must be held when this function is called.  It is
906  * necessary to ensure serialized creation of shared contexts.
907  *
908  * Return:
909  *    0      No sub-context found
910  *    1      Subcontext found and allocated
911  *    errno  EINVAL (incorrect parameters)
912  *           EBUSY (all sub contexts in use)
913  */
914 static int find_sub_ctxt(struct hfi1_filedata *fd,
915 			 const struct hfi1_user_info *uinfo)
916 {
917 	struct hfi1_ctxtdata *uctxt;
918 	struct hfi1_devdata *dd = fd->dd;
919 	u16 i;
920 	int ret;
921 
922 	if (!uinfo->subctxt_cnt)
923 		return 0;
924 
925 	for (i = dd->first_dyn_alloc_ctxt; i < dd->num_rcv_contexts; i++) {
926 		uctxt = hfi1_rcd_get_by_index(dd, i);
927 		if (uctxt) {
928 			ret = match_ctxt(fd, uinfo, uctxt);
929 			hfi1_rcd_put(uctxt);
930 			/* value of != 0 will return */
931 			if (ret)
932 				return ret;
933 		}
934 	}
935 
936 	return 0;
937 }
938 
939 static int allocate_ctxt(struct hfi1_filedata *fd, struct hfi1_devdata *dd,
940 			 struct hfi1_user_info *uinfo,
941 			 struct hfi1_ctxtdata **rcd)
942 {
943 	struct hfi1_ctxtdata *uctxt;
944 	int ret, numa;
945 
946 	if (dd->flags & HFI1_FROZEN) {
947 		/*
948 		 * Pick an error that is unique from all other errors
949 		 * that are returned so the user process knows that
950 		 * it tried to allocate while the SPC was frozen.  It
951 		 * it should be able to retry with success in a short
952 		 * while.
953 		 */
954 		return -EIO;
955 	}
956 
957 	if (!dd->freectxts)
958 		return -EBUSY;
959 
960 	/*
961 	 * If we don't have a NUMA node requested, preference is towards
962 	 * device NUMA node.
963 	 */
964 	fd->rec_cpu_num = hfi1_get_proc_affinity(dd->node);
965 	if (fd->rec_cpu_num != -1)
966 		numa = cpu_to_node(fd->rec_cpu_num);
967 	else
968 		numa = numa_node_id();
969 	ret = hfi1_create_ctxtdata(dd->pport, numa, &uctxt);
970 	if (ret < 0) {
971 		dd_dev_err(dd, "user ctxtdata allocation failed\n");
972 		return ret;
973 	}
974 	hfi1_cdbg(PROC, "[%u:%u] pid %u assigned to CPU %d (NUMA %u)",
975 		  uctxt->ctxt, fd->subctxt, current->pid, fd->rec_cpu_num,
976 		  uctxt->numa_id);
977 
978 	/*
979 	 * Allocate and enable a PIO send context.
980 	 */
981 	uctxt->sc = sc_alloc(dd, SC_USER, uctxt->rcvhdrqentsize, dd->node);
982 	if (!uctxt->sc) {
983 		ret = -ENOMEM;
984 		goto ctxdata_free;
985 	}
986 	hfi1_cdbg(PROC, "allocated send context %u(%u)\n", uctxt->sc->sw_index,
987 		  uctxt->sc->hw_context);
988 	ret = sc_enable(uctxt->sc);
989 	if (ret)
990 		goto ctxdata_free;
991 
992 	/*
993 	 * Setup sub context information if the user-level has requested
994 	 * sub contexts.
995 	 * This has to be done here so the rest of the sub-contexts find the
996 	 * proper base context.
997 	 * NOTE: _set_bit() can be used here because the context creation is
998 	 * protected by the mutex (rather than the spin_lock), and will be the
999 	 * very first instance of this context.
1000 	 */
1001 	__set_bit(0, uctxt->in_use_ctxts);
1002 	if (uinfo->subctxt_cnt)
1003 		init_subctxts(uctxt, uinfo);
1004 	uctxt->userversion = uinfo->userversion;
1005 	uctxt->flags = hfi1_cap_mask; /* save current flag state */
1006 	init_waitqueue_head(&uctxt->wait);
1007 	strlcpy(uctxt->comm, current->comm, sizeof(uctxt->comm));
1008 	memcpy(uctxt->uuid, uinfo->uuid, sizeof(uctxt->uuid));
1009 	uctxt->jkey = generate_jkey(current_uid());
1010 	hfi1_stats.sps_ctxts++;
1011 	/*
1012 	 * Disable ASPM when there are open user/PSM contexts to avoid
1013 	 * issues with ASPM L1 exit latency
1014 	 */
1015 	if (dd->freectxts-- == dd->num_user_contexts)
1016 		aspm_disable_all(dd);
1017 
1018 	*rcd = uctxt;
1019 
1020 	return 0;
1021 
1022 ctxdata_free:
1023 	hfi1_free_ctxt(uctxt);
1024 	return ret;
1025 }
1026 
1027 static void deallocate_ctxt(struct hfi1_ctxtdata *uctxt)
1028 {
1029 	mutex_lock(&hfi1_mutex);
1030 	hfi1_stats.sps_ctxts--;
1031 	if (++uctxt->dd->freectxts == uctxt->dd->num_user_contexts)
1032 		aspm_enable_all(uctxt->dd);
1033 	mutex_unlock(&hfi1_mutex);
1034 
1035 	hfi1_free_ctxt(uctxt);
1036 }
1037 
1038 static void init_subctxts(struct hfi1_ctxtdata *uctxt,
1039 			  const struct hfi1_user_info *uinfo)
1040 {
1041 	uctxt->subctxt_cnt = uinfo->subctxt_cnt;
1042 	uctxt->subctxt_id = uinfo->subctxt_id;
1043 	set_bit(HFI1_CTXT_BASE_UNINIT, &uctxt->event_flags);
1044 }
1045 
1046 static int setup_subctxt(struct hfi1_ctxtdata *uctxt)
1047 {
1048 	int ret = 0;
1049 	u16 num_subctxts = uctxt->subctxt_cnt;
1050 
1051 	uctxt->subctxt_uregbase = vmalloc_user(PAGE_SIZE);
1052 	if (!uctxt->subctxt_uregbase)
1053 		return -ENOMEM;
1054 
1055 	/* We can take the size of the RcvHdr Queue from the master */
1056 	uctxt->subctxt_rcvhdr_base = vmalloc_user(rcvhdrq_size(uctxt) *
1057 						  num_subctxts);
1058 	if (!uctxt->subctxt_rcvhdr_base) {
1059 		ret = -ENOMEM;
1060 		goto bail_ureg;
1061 	}
1062 
1063 	uctxt->subctxt_rcvegrbuf = vmalloc_user(uctxt->egrbufs.size *
1064 						num_subctxts);
1065 	if (!uctxt->subctxt_rcvegrbuf) {
1066 		ret = -ENOMEM;
1067 		goto bail_rhdr;
1068 	}
1069 
1070 	return 0;
1071 
1072 bail_rhdr:
1073 	vfree(uctxt->subctxt_rcvhdr_base);
1074 	uctxt->subctxt_rcvhdr_base = NULL;
1075 bail_ureg:
1076 	vfree(uctxt->subctxt_uregbase);
1077 	uctxt->subctxt_uregbase = NULL;
1078 
1079 	return ret;
1080 }
1081 
1082 static void user_init(struct hfi1_ctxtdata *uctxt)
1083 {
1084 	unsigned int rcvctrl_ops = 0;
1085 
1086 	/* initialize poll variables... */
1087 	uctxt->urgent = 0;
1088 	uctxt->urgent_poll = 0;
1089 
1090 	/*
1091 	 * Now enable the ctxt for receive.
1092 	 * For chips that are set to DMA the tail register to memory
1093 	 * when they change (and when the update bit transitions from
1094 	 * 0 to 1.  So for those chips, we turn it off and then back on.
1095 	 * This will (very briefly) affect any other open ctxts, but the
1096 	 * duration is very short, and therefore isn't an issue.  We
1097 	 * explicitly set the in-memory tail copy to 0 beforehand, so we
1098 	 * don't have to wait to be sure the DMA update has happened
1099 	 * (chip resets head/tail to 0 on transition to enable).
1100 	 */
1101 	if (hfi1_rcvhdrtail_kvaddr(uctxt))
1102 		clear_rcvhdrtail(uctxt);
1103 
1104 	/* Setup J_KEY before enabling the context */
1105 	hfi1_set_ctxt_jkey(uctxt->dd, uctxt, uctxt->jkey);
1106 
1107 	rcvctrl_ops = HFI1_RCVCTRL_CTXT_ENB;
1108 	rcvctrl_ops |= HFI1_RCVCTRL_URGENT_ENB;
1109 	if (HFI1_CAP_UGET_MASK(uctxt->flags, HDRSUPP))
1110 		rcvctrl_ops |= HFI1_RCVCTRL_TIDFLOW_ENB;
1111 	/*
1112 	 * Ignore the bit in the flags for now until proper
1113 	 * support for multiple packet per rcv array entry is
1114 	 * added.
1115 	 */
1116 	if (!HFI1_CAP_UGET_MASK(uctxt->flags, MULTI_PKT_EGR))
1117 		rcvctrl_ops |= HFI1_RCVCTRL_ONE_PKT_EGR_ENB;
1118 	if (HFI1_CAP_UGET_MASK(uctxt->flags, NODROP_EGR_FULL))
1119 		rcvctrl_ops |= HFI1_RCVCTRL_NO_EGR_DROP_ENB;
1120 	if (HFI1_CAP_UGET_MASK(uctxt->flags, NODROP_RHQ_FULL))
1121 		rcvctrl_ops |= HFI1_RCVCTRL_NO_RHQ_DROP_ENB;
1122 	/*
1123 	 * The RcvCtxtCtrl.TailUpd bit has to be explicitly written.
1124 	 * We can't rely on the correct value to be set from prior
1125 	 * uses of the chip or ctxt. Therefore, add the rcvctrl op
1126 	 * for both cases.
1127 	 */
1128 	if (HFI1_CAP_UGET_MASK(uctxt->flags, DMA_RTAIL))
1129 		rcvctrl_ops |= HFI1_RCVCTRL_TAILUPD_ENB;
1130 	else
1131 		rcvctrl_ops |= HFI1_RCVCTRL_TAILUPD_DIS;
1132 	hfi1_rcvctrl(uctxt->dd, rcvctrl_ops, uctxt);
1133 }
1134 
1135 static int get_ctxt_info(struct hfi1_filedata *fd, unsigned long arg, u32 len)
1136 {
1137 	struct hfi1_ctxt_info cinfo;
1138 	struct hfi1_ctxtdata *uctxt = fd->uctxt;
1139 
1140 	if (sizeof(cinfo) != len)
1141 		return -EINVAL;
1142 
1143 	memset(&cinfo, 0, sizeof(cinfo));
1144 	cinfo.runtime_flags = (((uctxt->flags >> HFI1_CAP_MISC_SHIFT) &
1145 				HFI1_CAP_MISC_MASK) << HFI1_CAP_USER_SHIFT) |
1146 			HFI1_CAP_UGET_MASK(uctxt->flags, MASK) |
1147 			HFI1_CAP_KGET_MASK(uctxt->flags, K2U);
1148 	/* adjust flag if this fd is not able to cache */
1149 	if (!fd->use_mn)
1150 		cinfo.runtime_flags |= HFI1_CAP_TID_UNMAP; /* no caching */
1151 
1152 	cinfo.num_active = hfi1_count_active_units();
1153 	cinfo.unit = uctxt->dd->unit;
1154 	cinfo.ctxt = uctxt->ctxt;
1155 	cinfo.subctxt = fd->subctxt;
1156 	cinfo.rcvtids = roundup(uctxt->egrbufs.alloced,
1157 				uctxt->dd->rcv_entries.group_size) +
1158 		uctxt->expected_count;
1159 	cinfo.credits = uctxt->sc->credits;
1160 	cinfo.numa_node = uctxt->numa_id;
1161 	cinfo.rec_cpu = fd->rec_cpu_num;
1162 	cinfo.send_ctxt = uctxt->sc->hw_context;
1163 
1164 	cinfo.egrtids = uctxt->egrbufs.alloced;
1165 	cinfo.rcvhdrq_cnt = get_hdrq_cnt(uctxt);
1166 	cinfo.rcvhdrq_entsize = get_hdrqentsize(uctxt) << 2;
1167 	cinfo.sdma_ring_size = fd->cq->nentries;
1168 	cinfo.rcvegr_size = uctxt->egrbufs.rcvtid_size;
1169 
1170 	trace_hfi1_ctxt_info(uctxt->dd, uctxt->ctxt, fd->subctxt, &cinfo);
1171 	if (copy_to_user((void __user *)arg, &cinfo, len))
1172 		return -EFAULT;
1173 
1174 	return 0;
1175 }
1176 
1177 static int init_user_ctxt(struct hfi1_filedata *fd,
1178 			  struct hfi1_ctxtdata *uctxt)
1179 {
1180 	int ret;
1181 
1182 	ret = hfi1_user_sdma_alloc_queues(uctxt, fd);
1183 	if (ret)
1184 		return ret;
1185 
1186 	ret = hfi1_user_exp_rcv_init(fd, uctxt);
1187 	if (ret)
1188 		hfi1_user_sdma_free_queues(fd, uctxt);
1189 
1190 	return ret;
1191 }
1192 
1193 static int setup_base_ctxt(struct hfi1_filedata *fd,
1194 			   struct hfi1_ctxtdata *uctxt)
1195 {
1196 	struct hfi1_devdata *dd = uctxt->dd;
1197 	int ret = 0;
1198 
1199 	hfi1_init_ctxt(uctxt->sc);
1200 
1201 	/* Now allocate the RcvHdr queue and eager buffers. */
1202 	ret = hfi1_create_rcvhdrq(dd, uctxt);
1203 	if (ret)
1204 		goto done;
1205 
1206 	ret = hfi1_setup_eagerbufs(uctxt);
1207 	if (ret)
1208 		goto done;
1209 
1210 	/* If sub-contexts are enabled, do the appropriate setup */
1211 	if (uctxt->subctxt_cnt)
1212 		ret = setup_subctxt(uctxt);
1213 	if (ret)
1214 		goto done;
1215 
1216 	ret = hfi1_alloc_ctxt_rcv_groups(uctxt);
1217 	if (ret)
1218 		goto done;
1219 
1220 	ret = init_user_ctxt(fd, uctxt);
1221 	if (ret)
1222 		goto done;
1223 
1224 	user_init(uctxt);
1225 
1226 	/* Now that the context is set up, the fd can get a reference. */
1227 	fd->uctxt = uctxt;
1228 	hfi1_rcd_get(uctxt);
1229 
1230 done:
1231 	if (uctxt->subctxt_cnt) {
1232 		/*
1233 		 * On error, set the failed bit so sub-contexts will clean up
1234 		 * correctly.
1235 		 */
1236 		if (ret)
1237 			set_bit(HFI1_CTXT_BASE_FAILED, &uctxt->event_flags);
1238 
1239 		/*
1240 		 * Base context is done (successfully or not), notify anybody
1241 		 * using a sub-context that is waiting for this completion.
1242 		 */
1243 		clear_bit(HFI1_CTXT_BASE_UNINIT, &uctxt->event_flags);
1244 		wake_up(&uctxt->wait);
1245 	}
1246 
1247 	return ret;
1248 }
1249 
1250 static int get_base_info(struct hfi1_filedata *fd, unsigned long arg, u32 len)
1251 {
1252 	struct hfi1_base_info binfo;
1253 	struct hfi1_ctxtdata *uctxt = fd->uctxt;
1254 	struct hfi1_devdata *dd = uctxt->dd;
1255 	unsigned offset;
1256 
1257 	trace_hfi1_uctxtdata(uctxt->dd, uctxt, fd->subctxt);
1258 
1259 	if (sizeof(binfo) != len)
1260 		return -EINVAL;
1261 
1262 	memset(&binfo, 0, sizeof(binfo));
1263 	binfo.hw_version = dd->revision;
1264 	binfo.sw_version = HFI1_KERN_SWVERSION;
1265 	binfo.bthqp = RVT_KDETH_QP_PREFIX;
1266 	binfo.jkey = uctxt->jkey;
1267 	/*
1268 	 * If more than 64 contexts are enabled the allocated credit
1269 	 * return will span two or three contiguous pages. Since we only
1270 	 * map the page containing the context's credit return address,
1271 	 * we need to calculate the offset in the proper page.
1272 	 */
1273 	offset = ((u64)uctxt->sc->hw_free -
1274 		  (u64)dd->cr_base[uctxt->numa_id].va) % PAGE_SIZE;
1275 	binfo.sc_credits_addr = HFI1_MMAP_TOKEN(PIO_CRED, uctxt->ctxt,
1276 						fd->subctxt, offset);
1277 	binfo.pio_bufbase = HFI1_MMAP_TOKEN(PIO_BUFS, uctxt->ctxt,
1278 					    fd->subctxt,
1279 					    uctxt->sc->base_addr);
1280 	binfo.pio_bufbase_sop = HFI1_MMAP_TOKEN(PIO_BUFS_SOP,
1281 						uctxt->ctxt,
1282 						fd->subctxt,
1283 						uctxt->sc->base_addr);
1284 	binfo.rcvhdr_bufbase = HFI1_MMAP_TOKEN(RCV_HDRQ, uctxt->ctxt,
1285 					       fd->subctxt,
1286 					       uctxt->rcvhdrq);
1287 	binfo.rcvegr_bufbase = HFI1_MMAP_TOKEN(RCV_EGRBUF, uctxt->ctxt,
1288 					       fd->subctxt,
1289 					       uctxt->egrbufs.rcvtids[0].dma);
1290 	binfo.sdma_comp_bufbase = HFI1_MMAP_TOKEN(SDMA_COMP, uctxt->ctxt,
1291 						  fd->subctxt, 0);
1292 	/*
1293 	 * user regs are at
1294 	 * (RXE_PER_CONTEXT_USER + (ctxt * RXE_PER_CONTEXT_SIZE))
1295 	 */
1296 	binfo.user_regbase = HFI1_MMAP_TOKEN(UREGS, uctxt->ctxt,
1297 					     fd->subctxt, 0);
1298 	offset = offset_in_page((uctxt_offset(uctxt) + fd->subctxt) *
1299 				sizeof(*dd->events));
1300 	binfo.events_bufbase = HFI1_MMAP_TOKEN(EVENTS, uctxt->ctxt,
1301 					       fd->subctxt,
1302 					       offset);
1303 	binfo.status_bufbase = HFI1_MMAP_TOKEN(STATUS, uctxt->ctxt,
1304 					       fd->subctxt,
1305 					       dd->status);
1306 	if (HFI1_CAP_IS_USET(DMA_RTAIL))
1307 		binfo.rcvhdrtail_base = HFI1_MMAP_TOKEN(RTAIL, uctxt->ctxt,
1308 							fd->subctxt, 0);
1309 	if (uctxt->subctxt_cnt) {
1310 		binfo.subctxt_uregbase = HFI1_MMAP_TOKEN(SUBCTXT_UREGS,
1311 							 uctxt->ctxt,
1312 							 fd->subctxt, 0);
1313 		binfo.subctxt_rcvhdrbuf = HFI1_MMAP_TOKEN(SUBCTXT_RCV_HDRQ,
1314 							  uctxt->ctxt,
1315 							  fd->subctxt, 0);
1316 		binfo.subctxt_rcvegrbuf = HFI1_MMAP_TOKEN(SUBCTXT_EGRBUF,
1317 							  uctxt->ctxt,
1318 							  fd->subctxt, 0);
1319 	}
1320 
1321 	if (copy_to_user((void __user *)arg, &binfo, len))
1322 		return -EFAULT;
1323 
1324 	return 0;
1325 }
1326 
1327 /**
1328  * user_exp_rcv_setup - Set up the given tid rcv list
1329  * @fd: file data of the current driver instance
1330  * @arg: ioctl argumnent for user space information
1331  * @len: length of data structure associated with ioctl command
1332  *
1333  * Wrapper to validate ioctl information before doing _rcv_setup.
1334  *
1335  */
1336 static int user_exp_rcv_setup(struct hfi1_filedata *fd, unsigned long arg,
1337 			      u32 len)
1338 {
1339 	int ret;
1340 	unsigned long addr;
1341 	struct hfi1_tid_info tinfo;
1342 
1343 	if (sizeof(tinfo) != len)
1344 		return -EINVAL;
1345 
1346 	if (copy_from_user(&tinfo, (void __user *)arg, (sizeof(tinfo))))
1347 		return -EFAULT;
1348 
1349 	ret = hfi1_user_exp_rcv_setup(fd, &tinfo);
1350 	if (!ret) {
1351 		/*
1352 		 * Copy the number of tidlist entries we used
1353 		 * and the length of the buffer we registered.
1354 		 */
1355 		addr = arg + offsetof(struct hfi1_tid_info, tidcnt);
1356 		if (copy_to_user((void __user *)addr, &tinfo.tidcnt,
1357 				 sizeof(tinfo.tidcnt)))
1358 			return -EFAULT;
1359 
1360 		addr = arg + offsetof(struct hfi1_tid_info, length);
1361 		if (copy_to_user((void __user *)addr, &tinfo.length,
1362 				 sizeof(tinfo.length)))
1363 			ret = -EFAULT;
1364 	}
1365 
1366 	return ret;
1367 }
1368 
1369 /**
1370  * user_exp_rcv_clear - Clear the given tid rcv list
1371  * @fd: file data of the current driver instance
1372  * @arg: ioctl argumnent for user space information
1373  * @len: length of data structure associated with ioctl command
1374  *
1375  * The hfi1_user_exp_rcv_clear() can be called from the error path.  Because
1376  * of this, we need to use this wrapper to copy the user space information
1377  * before doing the clear.
1378  */
1379 static int user_exp_rcv_clear(struct hfi1_filedata *fd, unsigned long arg,
1380 			      u32 len)
1381 {
1382 	int ret;
1383 	unsigned long addr;
1384 	struct hfi1_tid_info tinfo;
1385 
1386 	if (sizeof(tinfo) != len)
1387 		return -EINVAL;
1388 
1389 	if (copy_from_user(&tinfo, (void __user *)arg, (sizeof(tinfo))))
1390 		return -EFAULT;
1391 
1392 	ret = hfi1_user_exp_rcv_clear(fd, &tinfo);
1393 	if (!ret) {
1394 		addr = arg + offsetof(struct hfi1_tid_info, tidcnt);
1395 		if (copy_to_user((void __user *)addr, &tinfo.tidcnt,
1396 				 sizeof(tinfo.tidcnt)))
1397 			return -EFAULT;
1398 	}
1399 
1400 	return ret;
1401 }
1402 
1403 /**
1404  * user_exp_rcv_invalid - Invalidate the given tid rcv list
1405  * @fd: file data of the current driver instance
1406  * @arg: ioctl argumnent for user space information
1407  * @len: length of data structure associated with ioctl command
1408  *
1409  * Wrapper to validate ioctl information before doing _rcv_invalid.
1410  *
1411  */
1412 static int user_exp_rcv_invalid(struct hfi1_filedata *fd, unsigned long arg,
1413 				u32 len)
1414 {
1415 	int ret;
1416 	unsigned long addr;
1417 	struct hfi1_tid_info tinfo;
1418 
1419 	if (sizeof(tinfo) != len)
1420 		return -EINVAL;
1421 
1422 	if (!fd->invalid_tids)
1423 		return -EINVAL;
1424 
1425 	if (copy_from_user(&tinfo, (void __user *)arg, (sizeof(tinfo))))
1426 		return -EFAULT;
1427 
1428 	ret = hfi1_user_exp_rcv_invalid(fd, &tinfo);
1429 	if (ret)
1430 		return ret;
1431 
1432 	addr = arg + offsetof(struct hfi1_tid_info, tidcnt);
1433 	if (copy_to_user((void __user *)addr, &tinfo.tidcnt,
1434 			 sizeof(tinfo.tidcnt)))
1435 		ret = -EFAULT;
1436 
1437 	return ret;
1438 }
1439 
1440 static __poll_t poll_urgent(struct file *fp,
1441 				struct poll_table_struct *pt)
1442 {
1443 	struct hfi1_filedata *fd = fp->private_data;
1444 	struct hfi1_ctxtdata *uctxt = fd->uctxt;
1445 	struct hfi1_devdata *dd = uctxt->dd;
1446 	__poll_t pollflag;
1447 
1448 	poll_wait(fp, &uctxt->wait, pt);
1449 
1450 	spin_lock_irq(&dd->uctxt_lock);
1451 	if (uctxt->urgent != uctxt->urgent_poll) {
1452 		pollflag = EPOLLIN | EPOLLRDNORM;
1453 		uctxt->urgent_poll = uctxt->urgent;
1454 	} else {
1455 		pollflag = 0;
1456 		set_bit(HFI1_CTXT_WAITING_URG, &uctxt->event_flags);
1457 	}
1458 	spin_unlock_irq(&dd->uctxt_lock);
1459 
1460 	return pollflag;
1461 }
1462 
1463 static __poll_t poll_next(struct file *fp,
1464 			      struct poll_table_struct *pt)
1465 {
1466 	struct hfi1_filedata *fd = fp->private_data;
1467 	struct hfi1_ctxtdata *uctxt = fd->uctxt;
1468 	struct hfi1_devdata *dd = uctxt->dd;
1469 	__poll_t pollflag;
1470 
1471 	poll_wait(fp, &uctxt->wait, pt);
1472 
1473 	spin_lock_irq(&dd->uctxt_lock);
1474 	if (hdrqempty(uctxt)) {
1475 		set_bit(HFI1_CTXT_WAITING_RCV, &uctxt->event_flags);
1476 		hfi1_rcvctrl(dd, HFI1_RCVCTRL_INTRAVAIL_ENB, uctxt);
1477 		pollflag = 0;
1478 	} else {
1479 		pollflag = EPOLLIN | EPOLLRDNORM;
1480 	}
1481 	spin_unlock_irq(&dd->uctxt_lock);
1482 
1483 	return pollflag;
1484 }
1485 
1486 /*
1487  * Find all user contexts in use, and set the specified bit in their
1488  * event mask.
1489  * See also find_ctxt() for a similar use, that is specific to send buffers.
1490  */
1491 int hfi1_set_uevent_bits(struct hfi1_pportdata *ppd, const int evtbit)
1492 {
1493 	struct hfi1_ctxtdata *uctxt;
1494 	struct hfi1_devdata *dd = ppd->dd;
1495 	u16 ctxt;
1496 
1497 	if (!dd->events)
1498 		return -EINVAL;
1499 
1500 	for (ctxt = dd->first_dyn_alloc_ctxt; ctxt < dd->num_rcv_contexts;
1501 	     ctxt++) {
1502 		uctxt = hfi1_rcd_get_by_index(dd, ctxt);
1503 		if (uctxt) {
1504 			unsigned long *evs;
1505 			int i;
1506 			/*
1507 			 * subctxt_cnt is 0 if not shared, so do base
1508 			 * separately, first, then remaining subctxt, if any
1509 			 */
1510 			evs = dd->events + uctxt_offset(uctxt);
1511 			set_bit(evtbit, evs);
1512 			for (i = 1; i < uctxt->subctxt_cnt; i++)
1513 				set_bit(evtbit, evs + i);
1514 			hfi1_rcd_put(uctxt);
1515 		}
1516 	}
1517 
1518 	return 0;
1519 }
1520 
1521 /**
1522  * manage_rcvq - manage a context's receive queue
1523  * @uctxt: the context
1524  * @subctxt: the sub-context
1525  * @start_stop: action to carry out
1526  *
1527  * start_stop == 0 disables receive on the context, for use in queue
1528  * overflow conditions.  start_stop==1 re-enables, to be used to
1529  * re-init the software copy of the head register
1530  */
1531 static int manage_rcvq(struct hfi1_ctxtdata *uctxt, u16 subctxt,
1532 		       unsigned long arg)
1533 {
1534 	struct hfi1_devdata *dd = uctxt->dd;
1535 	unsigned int rcvctrl_op;
1536 	int start_stop;
1537 
1538 	if (subctxt)
1539 		return 0;
1540 
1541 	if (get_user(start_stop, (int __user *)arg))
1542 		return -EFAULT;
1543 
1544 	/* atomically clear receive enable ctxt. */
1545 	if (start_stop) {
1546 		/*
1547 		 * On enable, force in-memory copy of the tail register to
1548 		 * 0, so that protocol code doesn't have to worry about
1549 		 * whether or not the chip has yet updated the in-memory
1550 		 * copy or not on return from the system call. The chip
1551 		 * always resets it's tail register back to 0 on a
1552 		 * transition from disabled to enabled.
1553 		 */
1554 		if (hfi1_rcvhdrtail_kvaddr(uctxt))
1555 			clear_rcvhdrtail(uctxt);
1556 		rcvctrl_op = HFI1_RCVCTRL_CTXT_ENB;
1557 	} else {
1558 		rcvctrl_op = HFI1_RCVCTRL_CTXT_DIS;
1559 	}
1560 	hfi1_rcvctrl(dd, rcvctrl_op, uctxt);
1561 	/* always; new head should be equal to new tail; see above */
1562 
1563 	return 0;
1564 }
1565 
1566 /*
1567  * clear the event notifier events for this context.
1568  * User process then performs actions appropriate to bit having been
1569  * set, if desired, and checks again in future.
1570  */
1571 static int user_event_ack(struct hfi1_ctxtdata *uctxt, u16 subctxt,
1572 			  unsigned long arg)
1573 {
1574 	int i;
1575 	struct hfi1_devdata *dd = uctxt->dd;
1576 	unsigned long *evs;
1577 	unsigned long events;
1578 
1579 	if (!dd->events)
1580 		return 0;
1581 
1582 	if (get_user(events, (unsigned long __user *)arg))
1583 		return -EFAULT;
1584 
1585 	evs = dd->events + uctxt_offset(uctxt) + subctxt;
1586 
1587 	for (i = 0; i <= _HFI1_MAX_EVENT_BIT; i++) {
1588 		if (!test_bit(i, &events))
1589 			continue;
1590 		clear_bit(i, evs);
1591 	}
1592 	return 0;
1593 }
1594 
1595 static int set_ctxt_pkey(struct hfi1_ctxtdata *uctxt, unsigned long arg)
1596 {
1597 	int i;
1598 	struct hfi1_pportdata *ppd = uctxt->ppd;
1599 	struct hfi1_devdata *dd = uctxt->dd;
1600 	u16 pkey;
1601 
1602 	if (!HFI1_CAP_IS_USET(PKEY_CHECK))
1603 		return -EPERM;
1604 
1605 	if (get_user(pkey, (u16 __user *)arg))
1606 		return -EFAULT;
1607 
1608 	if (pkey == LIM_MGMT_P_KEY || pkey == FULL_MGMT_P_KEY)
1609 		return -EINVAL;
1610 
1611 	for (i = 0; i < ARRAY_SIZE(ppd->pkeys); i++)
1612 		if (pkey == ppd->pkeys[i])
1613 			return hfi1_set_ctxt_pkey(dd, uctxt, pkey);
1614 
1615 	return -ENOENT;
1616 }
1617 
1618 /**
1619  * ctxt_reset - Reset the user context
1620  * @uctxt: valid user context
1621  */
1622 static int ctxt_reset(struct hfi1_ctxtdata *uctxt)
1623 {
1624 	struct send_context *sc;
1625 	struct hfi1_devdata *dd;
1626 	int ret = 0;
1627 
1628 	if (!uctxt || !uctxt->dd || !uctxt->sc)
1629 		return -EINVAL;
1630 
1631 	/*
1632 	 * There is no protection here. User level has to guarantee that
1633 	 * no one will be writing to the send context while it is being
1634 	 * re-initialized.  If user level breaks that guarantee, it will
1635 	 * break it's own context and no one else's.
1636 	 */
1637 	dd = uctxt->dd;
1638 	sc = uctxt->sc;
1639 
1640 	/*
1641 	 * Wait until the interrupt handler has marked the context as
1642 	 * halted or frozen. Report error if we time out.
1643 	 */
1644 	wait_event_interruptible_timeout(
1645 		sc->halt_wait, (sc->flags & SCF_HALTED),
1646 		msecs_to_jiffies(SEND_CTXT_HALT_TIMEOUT));
1647 	if (!(sc->flags & SCF_HALTED))
1648 		return -ENOLCK;
1649 
1650 	/*
1651 	 * If the send context was halted due to a Freeze, wait until the
1652 	 * device has been "unfrozen" before resetting the context.
1653 	 */
1654 	if (sc->flags & SCF_FROZEN) {
1655 		wait_event_interruptible_timeout(
1656 			dd->event_queue,
1657 			!(READ_ONCE(dd->flags) & HFI1_FROZEN),
1658 			msecs_to_jiffies(SEND_CTXT_HALT_TIMEOUT));
1659 		if (dd->flags & HFI1_FROZEN)
1660 			return -ENOLCK;
1661 
1662 		if (dd->flags & HFI1_FORCED_FREEZE)
1663 			/*
1664 			 * Don't allow context reset if we are into
1665 			 * forced freeze
1666 			 */
1667 			return -ENODEV;
1668 
1669 		sc_disable(sc);
1670 		ret = sc_enable(sc);
1671 		hfi1_rcvctrl(dd, HFI1_RCVCTRL_CTXT_ENB, uctxt);
1672 	} else {
1673 		ret = sc_restart(sc);
1674 	}
1675 	if (!ret)
1676 		sc_return_credits(sc);
1677 
1678 	return ret;
1679 }
1680 
1681 static void user_remove(struct hfi1_devdata *dd)
1682 {
1683 
1684 	hfi1_cdev_cleanup(&dd->user_cdev, &dd->user_device);
1685 }
1686 
1687 static int user_add(struct hfi1_devdata *dd)
1688 {
1689 	char name[10];
1690 	int ret;
1691 
1692 	snprintf(name, sizeof(name), "%s_%d", class_name(), dd->unit);
1693 	ret = hfi1_cdev_init(dd->unit, name, &hfi1_file_ops,
1694 			     &dd->user_cdev, &dd->user_device,
1695 			     true, &dd->verbs_dev.rdi.ibdev.dev.kobj);
1696 	if (ret)
1697 		user_remove(dd);
1698 
1699 	return ret;
1700 }
1701 
1702 /*
1703  * Create per-unit files in /dev
1704  */
1705 int hfi1_device_create(struct hfi1_devdata *dd)
1706 {
1707 	return user_add(dd);
1708 }
1709 
1710 /*
1711  * Remove per-unit files in /dev
1712  * void, core kernel returns no errors for this stuff
1713  */
1714 void hfi1_device_remove(struct hfi1_devdata *dd)
1715 {
1716 	user_remove(dd);
1717 }
1718