1 /* 2 * Copyright(c) 2015, 2016 Intel Corporation. 3 * 4 * This file is provided under a dual BSD/GPLv2 license. When using or 5 * redistributing this file, you may do so under either license. 6 * 7 * GPL LICENSE SUMMARY 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of version 2 of the GNU General Public License as 11 * published by the Free Software Foundation. 12 * 13 * This program is distributed in the hope that it will be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * General Public License for more details. 17 * 18 * BSD LICENSE 19 * 20 * Redistribution and use in source and binary forms, with or without 21 * modification, are permitted provided that the following conditions 22 * are met: 23 * 24 * - Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * - Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in 28 * the documentation and/or other materials provided with the 29 * distribution. 30 * - Neither the name of Intel Corporation nor the names of its 31 * contributors may be used to endorse or promote products derived 32 * from this software without specific prior written permission. 33 * 34 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 35 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 36 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 37 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 38 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 39 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 40 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 41 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 42 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 43 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 44 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 45 * 46 */ 47 #include <linux/mm.h> 48 #include <linux/types.h> 49 #include <linux/device.h> 50 #include <linux/dmapool.h> 51 #include <linux/slab.h> 52 #include <linux/list.h> 53 #include <linux/highmem.h> 54 #include <linux/io.h> 55 #include <linux/uio.h> 56 #include <linux/rbtree.h> 57 #include <linux/spinlock.h> 58 #include <linux/delay.h> 59 #include <linux/kthread.h> 60 #include <linux/mmu_context.h> 61 #include <linux/module.h> 62 #include <linux/vmalloc.h> 63 64 #include "hfi.h" 65 #include "sdma.h" 66 #include "user_sdma.h" 67 #include "verbs.h" /* for the headers */ 68 #include "common.h" /* for struct hfi1_tid_info */ 69 #include "trace.h" 70 #include "mmu_rb.h" 71 72 static uint hfi1_sdma_comp_ring_size = 128; 73 module_param_named(sdma_comp_size, hfi1_sdma_comp_ring_size, uint, S_IRUGO); 74 MODULE_PARM_DESC(sdma_comp_size, "Size of User SDMA completion ring. Default: 128"); 75 76 /* The maximum number of Data io vectors per message/request */ 77 #define MAX_VECTORS_PER_REQ 8 78 /* 79 * Maximum number of packet to send from each message/request 80 * before moving to the next one. 81 */ 82 #define MAX_PKTS_PER_QUEUE 16 83 84 #define num_pages(x) (1 + ((((x) - 1) & PAGE_MASK) >> PAGE_SHIFT)) 85 86 #define req_opcode(x) \ 87 (((x) >> HFI1_SDMA_REQ_OPCODE_SHIFT) & HFI1_SDMA_REQ_OPCODE_MASK) 88 #define req_version(x) \ 89 (((x) >> HFI1_SDMA_REQ_VERSION_SHIFT) & HFI1_SDMA_REQ_OPCODE_MASK) 90 #define req_iovcnt(x) \ 91 (((x) >> HFI1_SDMA_REQ_IOVCNT_SHIFT) & HFI1_SDMA_REQ_IOVCNT_MASK) 92 93 /* Number of BTH.PSN bits used for sequence number in expected rcvs */ 94 #define BTH_SEQ_MASK 0x7ffull 95 96 /* 97 * Define fields in the KDETH header so we can update the header 98 * template. 99 */ 100 #define KDETH_OFFSET_SHIFT 0 101 #define KDETH_OFFSET_MASK 0x7fff 102 #define KDETH_OM_SHIFT 15 103 #define KDETH_OM_MASK 0x1 104 #define KDETH_TID_SHIFT 16 105 #define KDETH_TID_MASK 0x3ff 106 #define KDETH_TIDCTRL_SHIFT 26 107 #define KDETH_TIDCTRL_MASK 0x3 108 #define KDETH_INTR_SHIFT 28 109 #define KDETH_INTR_MASK 0x1 110 #define KDETH_SH_SHIFT 29 111 #define KDETH_SH_MASK 0x1 112 #define KDETH_HCRC_UPPER_SHIFT 16 113 #define KDETH_HCRC_UPPER_MASK 0xff 114 #define KDETH_HCRC_LOWER_SHIFT 24 115 #define KDETH_HCRC_LOWER_MASK 0xff 116 117 #define AHG_KDETH_INTR_SHIFT 12 118 119 #define PBC2LRH(x) ((((x) & 0xfff) << 2) - 4) 120 #define LRH2PBC(x) ((((x) >> 2) + 1) & 0xfff) 121 122 #define KDETH_GET(val, field) \ 123 (((le32_to_cpu((val))) >> KDETH_##field##_SHIFT) & KDETH_##field##_MASK) 124 #define KDETH_SET(dw, field, val) do { \ 125 u32 dwval = le32_to_cpu(dw); \ 126 dwval &= ~(KDETH_##field##_MASK << KDETH_##field##_SHIFT); \ 127 dwval |= (((val) & KDETH_##field##_MASK) << \ 128 KDETH_##field##_SHIFT); \ 129 dw = cpu_to_le32(dwval); \ 130 } while (0) 131 132 #define AHG_HEADER_SET(arr, idx, dw, bit, width, value) \ 133 do { \ 134 if ((idx) < ARRAY_SIZE((arr))) \ 135 (arr)[(idx++)] = sdma_build_ahg_descriptor( \ 136 (__force u16)(value), (dw), (bit), \ 137 (width)); \ 138 else \ 139 return -ERANGE; \ 140 } while (0) 141 142 /* KDETH OM multipliers and switch over point */ 143 #define KDETH_OM_SMALL 4 144 #define KDETH_OM_LARGE 64 145 #define KDETH_OM_MAX_SIZE (1 << ((KDETH_OM_LARGE / KDETH_OM_SMALL) + 1)) 146 147 /* Last packet in the request */ 148 #define TXREQ_FLAGS_REQ_LAST_PKT BIT(0) 149 150 /* SDMA request flag bits */ 151 #define SDMA_REQ_FOR_THREAD 1 152 #define SDMA_REQ_SEND_DONE 2 153 #define SDMA_REQ_HAVE_AHG 3 154 #define SDMA_REQ_HAS_ERROR 4 155 #define SDMA_REQ_DONE_ERROR 5 156 157 #define SDMA_PKT_Q_INACTIVE BIT(0) 158 #define SDMA_PKT_Q_ACTIVE BIT(1) 159 #define SDMA_PKT_Q_DEFERRED BIT(2) 160 161 /* 162 * Maximum retry attempts to submit a TX request 163 * before putting the process to sleep. 164 */ 165 #define MAX_DEFER_RETRY_COUNT 1 166 167 static unsigned initial_pkt_count = 8; 168 169 #define SDMA_IOWAIT_TIMEOUT 1000 /* in milliseconds */ 170 171 struct sdma_mmu_node; 172 173 struct user_sdma_iovec { 174 struct list_head list; 175 struct iovec iov; 176 /* number of pages in this vector */ 177 unsigned npages; 178 /* array of pinned pages for this vector */ 179 struct page **pages; 180 /* 181 * offset into the virtual address space of the vector at 182 * which we last left off. 183 */ 184 u64 offset; 185 struct sdma_mmu_node *node; 186 }; 187 188 struct sdma_mmu_node { 189 struct mmu_rb_node rb; 190 struct hfi1_user_sdma_pkt_q *pq; 191 atomic_t refcount; 192 struct page **pages; 193 unsigned npages; 194 }; 195 196 /* evict operation argument */ 197 struct evict_data { 198 u32 cleared; /* count evicted so far */ 199 u32 target; /* target count to evict */ 200 }; 201 202 struct user_sdma_request { 203 struct sdma_req_info info; 204 struct hfi1_user_sdma_pkt_q *pq; 205 struct hfi1_user_sdma_comp_q *cq; 206 /* This is the original header from user space */ 207 struct hfi1_pkt_header hdr; 208 /* 209 * Pointer to the SDMA engine for this request. 210 * Since different request could be on different VLs, 211 * each request will need it's own engine pointer. 212 */ 213 struct sdma_engine *sde; 214 u8 ahg_idx; 215 u32 ahg[9]; 216 /* 217 * KDETH.Offset (Eager) field 218 * We need to remember the initial value so the headers 219 * can be updated properly. 220 */ 221 u32 koffset; 222 /* 223 * KDETH.OFFSET (TID) field 224 * The offset can cover multiple packets, depending on the 225 * size of the TID entry. 226 */ 227 u32 tidoffset; 228 /* 229 * KDETH.OM 230 * Remember this because the header template always sets it 231 * to 0. 232 */ 233 u8 omfactor; 234 /* 235 * We copy the iovs for this request (based on 236 * info.iovcnt). These are only the data vectors 237 */ 238 unsigned data_iovs; 239 /* total length of the data in the request */ 240 u32 data_len; 241 /* progress index moving along the iovs array */ 242 unsigned iov_idx; 243 struct user_sdma_iovec iovs[MAX_VECTORS_PER_REQ]; 244 /* number of elements copied to the tids array */ 245 u16 n_tids; 246 /* TID array values copied from the tid_iov vector */ 247 u32 *tids; 248 u16 tididx; 249 u32 sent; 250 u64 seqnum; 251 u64 seqcomp; 252 u64 seqsubmitted; 253 struct list_head txps; 254 unsigned long flags; 255 /* status of the last txreq completed */ 256 int status; 257 }; 258 259 /* 260 * A single txreq could span up to 3 physical pages when the MTU 261 * is sufficiently large (> 4K). Each of the IOV pointers also 262 * needs it's own set of flags so the vector has been handled 263 * independently of each other. 264 */ 265 struct user_sdma_txreq { 266 /* Packet header for the txreq */ 267 struct hfi1_pkt_header hdr; 268 struct sdma_txreq txreq; 269 struct list_head list; 270 struct user_sdma_request *req; 271 u16 flags; 272 unsigned busycount; 273 u64 seqnum; 274 }; 275 276 #define SDMA_DBG(req, fmt, ...) \ 277 hfi1_cdbg(SDMA, "[%u:%u:%u:%u] " fmt, (req)->pq->dd->unit, \ 278 (req)->pq->ctxt, (req)->pq->subctxt, (req)->info.comp_idx, \ 279 ##__VA_ARGS__) 280 #define SDMA_Q_DBG(pq, fmt, ...) \ 281 hfi1_cdbg(SDMA, "[%u:%u:%u] " fmt, (pq)->dd->unit, (pq)->ctxt, \ 282 (pq)->subctxt, ##__VA_ARGS__) 283 284 static int user_sdma_send_pkts(struct user_sdma_request *, unsigned); 285 static int num_user_pages(const struct iovec *); 286 static void user_sdma_txreq_cb(struct sdma_txreq *, int); 287 static inline void pq_update(struct hfi1_user_sdma_pkt_q *); 288 static void user_sdma_free_request(struct user_sdma_request *, bool); 289 static int pin_vector_pages(struct user_sdma_request *, 290 struct user_sdma_iovec *); 291 static void unpin_vector_pages(struct mm_struct *, struct page **, unsigned, 292 unsigned); 293 static int check_header_template(struct user_sdma_request *, 294 struct hfi1_pkt_header *, u32, u32); 295 static int set_txreq_header(struct user_sdma_request *, 296 struct user_sdma_txreq *, u32); 297 static int set_txreq_header_ahg(struct user_sdma_request *, 298 struct user_sdma_txreq *, u32); 299 static inline void set_comp_state(struct hfi1_user_sdma_pkt_q *, 300 struct hfi1_user_sdma_comp_q *, 301 u16, enum hfi1_sdma_comp_state, int); 302 static inline u32 set_pkt_bth_psn(__be32, u8, u32); 303 static inline u32 get_lrh_len(struct hfi1_pkt_header, u32 len); 304 305 static int defer_packet_queue( 306 struct sdma_engine *, 307 struct iowait *, 308 struct sdma_txreq *, 309 unsigned seq); 310 static void activate_packet_queue(struct iowait *, int); 311 static bool sdma_rb_filter(struct mmu_rb_node *, unsigned long, unsigned long); 312 static int sdma_rb_insert(void *, struct mmu_rb_node *); 313 static int sdma_rb_evict(void *arg, struct mmu_rb_node *mnode, 314 void *arg2, bool *stop); 315 static void sdma_rb_remove(void *, struct mmu_rb_node *); 316 static int sdma_rb_invalidate(void *, struct mmu_rb_node *); 317 318 static struct mmu_rb_ops sdma_rb_ops = { 319 .filter = sdma_rb_filter, 320 .insert = sdma_rb_insert, 321 .evict = sdma_rb_evict, 322 .remove = sdma_rb_remove, 323 .invalidate = sdma_rb_invalidate 324 }; 325 326 static int defer_packet_queue( 327 struct sdma_engine *sde, 328 struct iowait *wait, 329 struct sdma_txreq *txreq, 330 unsigned seq) 331 { 332 struct hfi1_user_sdma_pkt_q *pq = 333 container_of(wait, struct hfi1_user_sdma_pkt_q, busy); 334 struct hfi1_ibdev *dev = &pq->dd->verbs_dev; 335 struct user_sdma_txreq *tx = 336 container_of(txreq, struct user_sdma_txreq, txreq); 337 338 if (sdma_progress(sde, seq, txreq)) { 339 if (tx->busycount++ < MAX_DEFER_RETRY_COUNT) 340 goto eagain; 341 } 342 /* 343 * We are assuming that if the list is enqueued somewhere, it 344 * is to the dmawait list since that is the only place where 345 * it is supposed to be enqueued. 346 */ 347 xchg(&pq->state, SDMA_PKT_Q_DEFERRED); 348 write_seqlock(&dev->iowait_lock); 349 if (list_empty(&pq->busy.list)) 350 list_add_tail(&pq->busy.list, &sde->dmawait); 351 write_sequnlock(&dev->iowait_lock); 352 return -EBUSY; 353 eagain: 354 return -EAGAIN; 355 } 356 357 static void activate_packet_queue(struct iowait *wait, int reason) 358 { 359 struct hfi1_user_sdma_pkt_q *pq = 360 container_of(wait, struct hfi1_user_sdma_pkt_q, busy); 361 xchg(&pq->state, SDMA_PKT_Q_ACTIVE); 362 wake_up(&wait->wait_dma); 363 }; 364 365 static void sdma_kmem_cache_ctor(void *obj) 366 { 367 struct user_sdma_txreq *tx = obj; 368 369 memset(tx, 0, sizeof(*tx)); 370 } 371 372 int hfi1_user_sdma_alloc_queues(struct hfi1_ctxtdata *uctxt, struct file *fp) 373 { 374 struct hfi1_filedata *fd; 375 int ret = 0; 376 unsigned memsize; 377 char buf[64]; 378 struct hfi1_devdata *dd; 379 struct hfi1_user_sdma_comp_q *cq; 380 struct hfi1_user_sdma_pkt_q *pq; 381 unsigned long flags; 382 383 if (!uctxt || !fp) { 384 ret = -EBADF; 385 goto done; 386 } 387 388 fd = fp->private_data; 389 390 if (!hfi1_sdma_comp_ring_size) { 391 ret = -EINVAL; 392 goto done; 393 } 394 395 dd = uctxt->dd; 396 397 pq = kzalloc(sizeof(*pq), GFP_KERNEL); 398 if (!pq) 399 goto pq_nomem; 400 401 memsize = sizeof(*pq->reqs) * hfi1_sdma_comp_ring_size; 402 pq->reqs = kzalloc(memsize, GFP_KERNEL); 403 if (!pq->reqs) 404 goto pq_reqs_nomem; 405 406 memsize = BITS_TO_LONGS(hfi1_sdma_comp_ring_size) * sizeof(long); 407 pq->req_in_use = kzalloc(memsize, GFP_KERNEL); 408 if (!pq->req_in_use) 409 goto pq_reqs_no_in_use; 410 411 INIT_LIST_HEAD(&pq->list); 412 pq->dd = dd; 413 pq->ctxt = uctxt->ctxt; 414 pq->subctxt = fd->subctxt; 415 pq->n_max_reqs = hfi1_sdma_comp_ring_size; 416 pq->state = SDMA_PKT_Q_INACTIVE; 417 atomic_set(&pq->n_reqs, 0); 418 init_waitqueue_head(&pq->wait); 419 atomic_set(&pq->n_locked, 0); 420 pq->mm = fd->mm; 421 422 iowait_init(&pq->busy, 0, NULL, defer_packet_queue, 423 activate_packet_queue, NULL); 424 pq->reqidx = 0; 425 snprintf(buf, 64, "txreq-kmem-cache-%u-%u-%u", dd->unit, uctxt->ctxt, 426 fd->subctxt); 427 pq->txreq_cache = kmem_cache_create(buf, 428 sizeof(struct user_sdma_txreq), 429 L1_CACHE_BYTES, 430 SLAB_HWCACHE_ALIGN, 431 sdma_kmem_cache_ctor); 432 if (!pq->txreq_cache) { 433 dd_dev_err(dd, "[%u] Failed to allocate TxReq cache\n", 434 uctxt->ctxt); 435 goto pq_txreq_nomem; 436 } 437 fd->pq = pq; 438 cq = kzalloc(sizeof(*cq), GFP_KERNEL); 439 if (!cq) 440 goto cq_nomem; 441 442 memsize = PAGE_ALIGN(sizeof(*cq->comps) * hfi1_sdma_comp_ring_size); 443 cq->comps = vmalloc_user(memsize); 444 if (!cq->comps) 445 goto cq_comps_nomem; 446 447 cq->nentries = hfi1_sdma_comp_ring_size; 448 fd->cq = cq; 449 450 ret = hfi1_mmu_rb_register(pq, pq->mm, &sdma_rb_ops, dd->pport->hfi1_wq, 451 &pq->handler); 452 if (ret) { 453 dd_dev_err(dd, "Failed to register with MMU %d", ret); 454 goto done; 455 } 456 457 spin_lock_irqsave(&uctxt->sdma_qlock, flags); 458 list_add(&pq->list, &uctxt->sdma_queues); 459 spin_unlock_irqrestore(&uctxt->sdma_qlock, flags); 460 goto done; 461 462 cq_comps_nomem: 463 kfree(cq); 464 cq_nomem: 465 kmem_cache_destroy(pq->txreq_cache); 466 pq_txreq_nomem: 467 kfree(pq->req_in_use); 468 pq_reqs_no_in_use: 469 kfree(pq->reqs); 470 pq_reqs_nomem: 471 kfree(pq); 472 fd->pq = NULL; 473 pq_nomem: 474 ret = -ENOMEM; 475 done: 476 return ret; 477 } 478 479 int hfi1_user_sdma_free_queues(struct hfi1_filedata *fd) 480 { 481 struct hfi1_ctxtdata *uctxt = fd->uctxt; 482 struct hfi1_user_sdma_pkt_q *pq; 483 unsigned long flags; 484 485 hfi1_cdbg(SDMA, "[%u:%u:%u] Freeing user SDMA queues", uctxt->dd->unit, 486 uctxt->ctxt, fd->subctxt); 487 pq = fd->pq; 488 if (pq) { 489 if (pq->handler) 490 hfi1_mmu_rb_unregister(pq->handler); 491 spin_lock_irqsave(&uctxt->sdma_qlock, flags); 492 if (!list_empty(&pq->list)) 493 list_del_init(&pq->list); 494 spin_unlock_irqrestore(&uctxt->sdma_qlock, flags); 495 iowait_sdma_drain(&pq->busy); 496 /* Wait until all requests have been freed. */ 497 wait_event_interruptible( 498 pq->wait, 499 (ACCESS_ONCE(pq->state) == SDMA_PKT_Q_INACTIVE)); 500 kfree(pq->reqs); 501 kfree(pq->req_in_use); 502 kmem_cache_destroy(pq->txreq_cache); 503 kfree(pq); 504 fd->pq = NULL; 505 } 506 if (fd->cq) { 507 vfree(fd->cq->comps); 508 kfree(fd->cq); 509 fd->cq = NULL; 510 } 511 return 0; 512 } 513 514 static u8 dlid_to_selector(u16 dlid) 515 { 516 static u8 mapping[256]; 517 static int initialized; 518 static u8 next; 519 int hash; 520 521 if (!initialized) { 522 memset(mapping, 0xFF, 256); 523 initialized = 1; 524 } 525 526 hash = ((dlid >> 8) ^ dlid) & 0xFF; 527 if (mapping[hash] == 0xFF) { 528 mapping[hash] = next; 529 next = (next + 1) & 0x7F; 530 } 531 532 return mapping[hash]; 533 } 534 535 int hfi1_user_sdma_process_request(struct file *fp, struct iovec *iovec, 536 unsigned long dim, unsigned long *count) 537 { 538 int ret = 0, i; 539 struct hfi1_filedata *fd = fp->private_data; 540 struct hfi1_ctxtdata *uctxt = fd->uctxt; 541 struct hfi1_user_sdma_pkt_q *pq = fd->pq; 542 struct hfi1_user_sdma_comp_q *cq = fd->cq; 543 struct hfi1_devdata *dd = pq->dd; 544 unsigned long idx = 0; 545 u8 pcount = initial_pkt_count; 546 struct sdma_req_info info; 547 struct user_sdma_request *req; 548 u8 opcode, sc, vl; 549 int req_queued = 0; 550 u16 dlid; 551 u8 selector; 552 553 if (iovec[idx].iov_len < sizeof(info) + sizeof(req->hdr)) { 554 hfi1_cdbg( 555 SDMA, 556 "[%u:%u:%u] First vector not big enough for header %lu/%lu", 557 dd->unit, uctxt->ctxt, fd->subctxt, 558 iovec[idx].iov_len, sizeof(info) + sizeof(req->hdr)); 559 return -EINVAL; 560 } 561 ret = copy_from_user(&info, iovec[idx].iov_base, sizeof(info)); 562 if (ret) { 563 hfi1_cdbg(SDMA, "[%u:%u:%u] Failed to copy info QW (%d)", 564 dd->unit, uctxt->ctxt, fd->subctxt, ret); 565 return -EFAULT; 566 } 567 568 trace_hfi1_sdma_user_reqinfo(dd, uctxt->ctxt, fd->subctxt, 569 (u16 *)&info); 570 571 if (info.comp_idx >= hfi1_sdma_comp_ring_size) { 572 hfi1_cdbg(SDMA, 573 "[%u:%u:%u:%u] Invalid comp index", 574 dd->unit, uctxt->ctxt, fd->subctxt, info.comp_idx); 575 return -EINVAL; 576 } 577 578 /* 579 * Sanity check the header io vector count. Need at least 1 vector 580 * (header) and cannot be larger than the actual io vector count. 581 */ 582 if (req_iovcnt(info.ctrl) < 1 || req_iovcnt(info.ctrl) > dim) { 583 hfi1_cdbg(SDMA, 584 "[%u:%u:%u:%u] Invalid iov count %d, dim %ld", 585 dd->unit, uctxt->ctxt, fd->subctxt, info.comp_idx, 586 req_iovcnt(info.ctrl), dim); 587 return -EINVAL; 588 } 589 590 if (!info.fragsize) { 591 hfi1_cdbg(SDMA, 592 "[%u:%u:%u:%u] Request does not specify fragsize", 593 dd->unit, uctxt->ctxt, fd->subctxt, info.comp_idx); 594 return -EINVAL; 595 } 596 597 /* Try to claim the request. */ 598 if (test_and_set_bit(info.comp_idx, pq->req_in_use)) { 599 hfi1_cdbg(SDMA, "[%u:%u:%u] Entry %u is in use", 600 dd->unit, uctxt->ctxt, fd->subctxt, 601 info.comp_idx); 602 return -EBADSLT; 603 } 604 /* 605 * All safety checks have been done and this request has been claimed. 606 */ 607 hfi1_cdbg(SDMA, "[%u:%u:%u] Using req/comp entry %u\n", dd->unit, 608 uctxt->ctxt, fd->subctxt, info.comp_idx); 609 req = pq->reqs + info.comp_idx; 610 memset(req, 0, sizeof(*req)); 611 req->data_iovs = req_iovcnt(info.ctrl) - 1; /* subtract header vector */ 612 req->pq = pq; 613 req->cq = cq; 614 req->status = -1; 615 INIT_LIST_HEAD(&req->txps); 616 617 memcpy(&req->info, &info, sizeof(info)); 618 619 if (req_opcode(info.ctrl) == EXPECTED) { 620 /* expected must have a TID info and at least one data vector */ 621 if (req->data_iovs < 2) { 622 SDMA_DBG(req, 623 "Not enough vectors for expected request"); 624 ret = -EINVAL; 625 goto free_req; 626 } 627 req->data_iovs--; 628 } 629 630 if (!info.npkts || req->data_iovs > MAX_VECTORS_PER_REQ) { 631 SDMA_DBG(req, "Too many vectors (%u/%u)", req->data_iovs, 632 MAX_VECTORS_PER_REQ); 633 ret = -EINVAL; 634 goto free_req; 635 } 636 /* Copy the header from the user buffer */ 637 ret = copy_from_user(&req->hdr, iovec[idx].iov_base + sizeof(info), 638 sizeof(req->hdr)); 639 if (ret) { 640 SDMA_DBG(req, "Failed to copy header template (%d)", ret); 641 ret = -EFAULT; 642 goto free_req; 643 } 644 645 /* If Static rate control is not enabled, sanitize the header. */ 646 if (!HFI1_CAP_IS_USET(STATIC_RATE_CTRL)) 647 req->hdr.pbc[2] = 0; 648 649 /* Validate the opcode. Do not trust packets from user space blindly. */ 650 opcode = (be32_to_cpu(req->hdr.bth[0]) >> 24) & 0xff; 651 if ((opcode & USER_OPCODE_CHECK_MASK) != 652 USER_OPCODE_CHECK_VAL) { 653 SDMA_DBG(req, "Invalid opcode (%d)", opcode); 654 ret = -EINVAL; 655 goto free_req; 656 } 657 /* 658 * Validate the vl. Do not trust packets from user space blindly. 659 * VL comes from PBC, SC comes from LRH, and the VL needs to 660 * match the SC look up. 661 */ 662 vl = (le16_to_cpu(req->hdr.pbc[0]) >> 12) & 0xF; 663 sc = (((be16_to_cpu(req->hdr.lrh[0]) >> 12) & 0xF) | 664 (((le16_to_cpu(req->hdr.pbc[1]) >> 14) & 0x1) << 4)); 665 if (vl >= dd->pport->vls_operational || 666 vl != sc_to_vlt(dd, sc)) { 667 SDMA_DBG(req, "Invalid SC(%u)/VL(%u)", sc, vl); 668 ret = -EINVAL; 669 goto free_req; 670 } 671 672 /* Checking P_KEY for requests from user-space */ 673 if (egress_pkey_check(dd->pport, req->hdr.lrh, req->hdr.bth, sc, 674 PKEY_CHECK_INVALID)) { 675 ret = -EINVAL; 676 goto free_req; 677 } 678 679 /* 680 * Also should check the BTH.lnh. If it says the next header is GRH then 681 * the RXE parsing will be off and will land in the middle of the KDETH 682 * or miss it entirely. 683 */ 684 if ((be16_to_cpu(req->hdr.lrh[0]) & 0x3) == HFI1_LRH_GRH) { 685 SDMA_DBG(req, "User tried to pass in a GRH"); 686 ret = -EINVAL; 687 goto free_req; 688 } 689 690 req->koffset = le32_to_cpu(req->hdr.kdeth.swdata[6]); 691 /* 692 * Calculate the initial TID offset based on the values of 693 * KDETH.OFFSET and KDETH.OM that are passed in. 694 */ 695 req->tidoffset = KDETH_GET(req->hdr.kdeth.ver_tid_offset, OFFSET) * 696 (KDETH_GET(req->hdr.kdeth.ver_tid_offset, OM) ? 697 KDETH_OM_LARGE : KDETH_OM_SMALL); 698 SDMA_DBG(req, "Initial TID offset %u", req->tidoffset); 699 idx++; 700 701 /* Save all the IO vector structures */ 702 for (i = 0; i < req->data_iovs; i++) { 703 INIT_LIST_HEAD(&req->iovs[i].list); 704 memcpy(&req->iovs[i].iov, iovec + idx++, sizeof(struct iovec)); 705 ret = pin_vector_pages(req, &req->iovs[i]); 706 if (ret) { 707 req->status = ret; 708 goto free_req; 709 } 710 req->data_len += req->iovs[i].iov.iov_len; 711 } 712 SDMA_DBG(req, "total data length %u", req->data_len); 713 714 if (pcount > req->info.npkts) 715 pcount = req->info.npkts; 716 /* 717 * Copy any TID info 718 * User space will provide the TID info only when the 719 * request type is EXPECTED. This is true even if there is 720 * only one packet in the request and the header is already 721 * setup. The reason for the singular TID case is that the 722 * driver needs to perform safety checks. 723 */ 724 if (req_opcode(req->info.ctrl) == EXPECTED) { 725 u16 ntids = iovec[idx].iov_len / sizeof(*req->tids); 726 727 if (!ntids || ntids > MAX_TID_PAIR_ENTRIES) { 728 ret = -EINVAL; 729 goto free_req; 730 } 731 req->tids = kcalloc(ntids, sizeof(*req->tids), GFP_KERNEL); 732 if (!req->tids) { 733 ret = -ENOMEM; 734 goto free_req; 735 } 736 /* 737 * We have to copy all of the tids because they may vary 738 * in size and, therefore, the TID count might not be 739 * equal to the pkt count. However, there is no way to 740 * tell at this point. 741 */ 742 ret = copy_from_user(req->tids, iovec[idx].iov_base, 743 ntids * sizeof(*req->tids)); 744 if (ret) { 745 SDMA_DBG(req, "Failed to copy %d TIDs (%d)", 746 ntids, ret); 747 ret = -EFAULT; 748 goto free_req; 749 } 750 req->n_tids = ntids; 751 idx++; 752 } 753 754 dlid = be16_to_cpu(req->hdr.lrh[1]); 755 selector = dlid_to_selector(dlid); 756 757 /* Have to select the engine */ 758 req->sde = sdma_select_engine_vl(dd, 759 (u32)(uctxt->ctxt + fd->subctxt + 760 selector), 761 vl); 762 if (!req->sde || !sdma_running(req->sde)) { 763 ret = -ECOMM; 764 goto free_req; 765 } 766 767 /* We don't need an AHG entry if the request contains only one packet */ 768 if (req->info.npkts > 1 && HFI1_CAP_IS_USET(SDMA_AHG)) { 769 int ahg = sdma_ahg_alloc(req->sde); 770 771 if (likely(ahg >= 0)) { 772 req->ahg_idx = (u8)ahg; 773 set_bit(SDMA_REQ_HAVE_AHG, &req->flags); 774 } 775 } 776 777 set_comp_state(pq, cq, info.comp_idx, QUEUED, 0); 778 atomic_inc(&pq->n_reqs); 779 req_queued = 1; 780 /* Send the first N packets in the request to buy us some time */ 781 ret = user_sdma_send_pkts(req, pcount); 782 if (unlikely(ret < 0 && ret != -EBUSY)) { 783 req->status = ret; 784 goto free_req; 785 } 786 787 /* 788 * It is possible that the SDMA engine would have processed all the 789 * submitted packets by the time we get here. Therefore, only set 790 * packet queue state to ACTIVE if there are still uncompleted 791 * requests. 792 */ 793 if (atomic_read(&pq->n_reqs)) 794 xchg(&pq->state, SDMA_PKT_Q_ACTIVE); 795 796 /* 797 * This is a somewhat blocking send implementation. 798 * The driver will block the caller until all packets of the 799 * request have been submitted to the SDMA engine. However, it 800 * will not wait for send completions. 801 */ 802 while (!test_bit(SDMA_REQ_SEND_DONE, &req->flags)) { 803 ret = user_sdma_send_pkts(req, pcount); 804 if (ret < 0) { 805 if (ret != -EBUSY) { 806 req->status = ret; 807 set_bit(SDMA_REQ_DONE_ERROR, &req->flags); 808 if (ACCESS_ONCE(req->seqcomp) == 809 req->seqsubmitted - 1) 810 goto free_req; 811 return ret; 812 } 813 wait_event_interruptible_timeout( 814 pq->busy.wait_dma, 815 (pq->state == SDMA_PKT_Q_ACTIVE), 816 msecs_to_jiffies( 817 SDMA_IOWAIT_TIMEOUT)); 818 } 819 } 820 *count += idx; 821 return 0; 822 free_req: 823 user_sdma_free_request(req, true); 824 if (req_queued) 825 pq_update(pq); 826 set_comp_state(pq, cq, info.comp_idx, ERROR, req->status); 827 return ret; 828 } 829 830 static inline u32 compute_data_length(struct user_sdma_request *req, 831 struct user_sdma_txreq *tx) 832 { 833 /* 834 * Determine the proper size of the packet data. 835 * The size of the data of the first packet is in the header 836 * template. However, it includes the header and ICRC, which need 837 * to be subtracted. 838 * The minimum representable packet data length in a header is 4 bytes, 839 * therefore, when the data length request is less than 4 bytes, there's 840 * only one packet, and the packet data length is equal to that of the 841 * request data length. 842 * The size of the remaining packets is the minimum of the frag 843 * size (MTU) or remaining data in the request. 844 */ 845 u32 len; 846 847 if (!req->seqnum) { 848 if (req->data_len < sizeof(u32)) 849 len = req->data_len; 850 else 851 len = ((be16_to_cpu(req->hdr.lrh[2]) << 2) - 852 (sizeof(tx->hdr) - 4)); 853 } else if (req_opcode(req->info.ctrl) == EXPECTED) { 854 u32 tidlen = EXP_TID_GET(req->tids[req->tididx], LEN) * 855 PAGE_SIZE; 856 /* 857 * Get the data length based on the remaining space in the 858 * TID pair. 859 */ 860 len = min(tidlen - req->tidoffset, (u32)req->info.fragsize); 861 /* If we've filled up the TID pair, move to the next one. */ 862 if (unlikely(!len) && ++req->tididx < req->n_tids && 863 req->tids[req->tididx]) { 864 tidlen = EXP_TID_GET(req->tids[req->tididx], 865 LEN) * PAGE_SIZE; 866 req->tidoffset = 0; 867 len = min_t(u32, tidlen, req->info.fragsize); 868 } 869 /* 870 * Since the TID pairs map entire pages, make sure that we 871 * are not going to try to send more data that we have 872 * remaining. 873 */ 874 len = min(len, req->data_len - req->sent); 875 } else { 876 len = min(req->data_len - req->sent, (u32)req->info.fragsize); 877 } 878 SDMA_DBG(req, "Data Length = %u", len); 879 return len; 880 } 881 882 static inline u32 pad_len(u32 len) 883 { 884 if (len & (sizeof(u32) - 1)) 885 len += sizeof(u32) - (len & (sizeof(u32) - 1)); 886 return len; 887 } 888 889 static inline u32 get_lrh_len(struct hfi1_pkt_header hdr, u32 len) 890 { 891 /* (Size of complete header - size of PBC) + 4B ICRC + data length */ 892 return ((sizeof(hdr) - sizeof(hdr.pbc)) + 4 + len); 893 } 894 895 static int user_sdma_send_pkts(struct user_sdma_request *req, unsigned maxpkts) 896 { 897 int ret = 0; 898 unsigned npkts = 0; 899 struct user_sdma_txreq *tx = NULL; 900 struct hfi1_user_sdma_pkt_q *pq = NULL; 901 struct user_sdma_iovec *iovec = NULL; 902 903 if (!req->pq) 904 return -EINVAL; 905 906 pq = req->pq; 907 908 /* If tx completion has reported an error, we are done. */ 909 if (test_bit(SDMA_REQ_HAS_ERROR, &req->flags)) { 910 set_bit(SDMA_REQ_DONE_ERROR, &req->flags); 911 return -EFAULT; 912 } 913 914 /* 915 * Check if we might have sent the entire request already 916 */ 917 if (unlikely(req->seqnum == req->info.npkts)) { 918 if (!list_empty(&req->txps)) 919 goto dosend; 920 return ret; 921 } 922 923 if (!maxpkts || maxpkts > req->info.npkts - req->seqnum) 924 maxpkts = req->info.npkts - req->seqnum; 925 926 while (npkts < maxpkts) { 927 u32 datalen = 0, queued = 0, data_sent = 0; 928 u64 iov_offset = 0; 929 930 /* 931 * Check whether any of the completions have come back 932 * with errors. If so, we are not going to process any 933 * more packets from this request. 934 */ 935 if (test_bit(SDMA_REQ_HAS_ERROR, &req->flags)) { 936 set_bit(SDMA_REQ_DONE_ERROR, &req->flags); 937 return -EFAULT; 938 } 939 940 tx = kmem_cache_alloc(pq->txreq_cache, GFP_KERNEL); 941 if (!tx) 942 return -ENOMEM; 943 944 tx->flags = 0; 945 tx->req = req; 946 tx->busycount = 0; 947 INIT_LIST_HEAD(&tx->list); 948 949 if (req->seqnum == req->info.npkts - 1) 950 tx->flags |= TXREQ_FLAGS_REQ_LAST_PKT; 951 952 /* 953 * Calculate the payload size - this is min of the fragment 954 * (MTU) size or the remaining bytes in the request but only 955 * if we have payload data. 956 */ 957 if (req->data_len) { 958 iovec = &req->iovs[req->iov_idx]; 959 if (ACCESS_ONCE(iovec->offset) == iovec->iov.iov_len) { 960 if (++req->iov_idx == req->data_iovs) { 961 ret = -EFAULT; 962 goto free_txreq; 963 } 964 iovec = &req->iovs[req->iov_idx]; 965 WARN_ON(iovec->offset); 966 } 967 968 datalen = compute_data_length(req, tx); 969 if (!datalen) { 970 SDMA_DBG(req, 971 "Request has data but pkt len is 0"); 972 ret = -EFAULT; 973 goto free_tx; 974 } 975 } 976 977 if (test_bit(SDMA_REQ_HAVE_AHG, &req->flags)) { 978 if (!req->seqnum) { 979 u16 pbclen = le16_to_cpu(req->hdr.pbc[0]); 980 u32 lrhlen = get_lrh_len(req->hdr, 981 pad_len(datalen)); 982 /* 983 * Copy the request header into the tx header 984 * because the HW needs a cacheline-aligned 985 * address. 986 * This copy can be optimized out if the hdr 987 * member of user_sdma_request were also 988 * cacheline aligned. 989 */ 990 memcpy(&tx->hdr, &req->hdr, sizeof(tx->hdr)); 991 if (PBC2LRH(pbclen) != lrhlen) { 992 pbclen = (pbclen & 0xf000) | 993 LRH2PBC(lrhlen); 994 tx->hdr.pbc[0] = cpu_to_le16(pbclen); 995 } 996 ret = sdma_txinit_ahg(&tx->txreq, 997 SDMA_TXREQ_F_AHG_COPY, 998 sizeof(tx->hdr) + datalen, 999 req->ahg_idx, 0, NULL, 0, 1000 user_sdma_txreq_cb); 1001 if (ret) 1002 goto free_tx; 1003 ret = sdma_txadd_kvaddr(pq->dd, &tx->txreq, 1004 &tx->hdr, 1005 sizeof(tx->hdr)); 1006 if (ret) 1007 goto free_txreq; 1008 } else { 1009 int changes; 1010 1011 changes = set_txreq_header_ahg(req, tx, 1012 datalen); 1013 if (changes < 0) 1014 goto free_tx; 1015 sdma_txinit_ahg(&tx->txreq, 1016 SDMA_TXREQ_F_USE_AHG, 1017 datalen, req->ahg_idx, changes, 1018 req->ahg, sizeof(req->hdr), 1019 user_sdma_txreq_cb); 1020 } 1021 } else { 1022 ret = sdma_txinit(&tx->txreq, 0, sizeof(req->hdr) + 1023 datalen, user_sdma_txreq_cb); 1024 if (ret) 1025 goto free_tx; 1026 /* 1027 * Modify the header for this packet. This only needs 1028 * to be done if we are not going to use AHG. Otherwise, 1029 * the HW will do it based on the changes we gave it 1030 * during sdma_txinit_ahg(). 1031 */ 1032 ret = set_txreq_header(req, tx, datalen); 1033 if (ret) 1034 goto free_txreq; 1035 } 1036 1037 /* 1038 * If the request contains any data vectors, add up to 1039 * fragsize bytes to the descriptor. 1040 */ 1041 while (queued < datalen && 1042 (req->sent + data_sent) < req->data_len) { 1043 unsigned long base, offset; 1044 unsigned pageidx, len; 1045 1046 base = (unsigned long)iovec->iov.iov_base; 1047 offset = offset_in_page(base + iovec->offset + 1048 iov_offset); 1049 pageidx = (((iovec->offset + iov_offset + 1050 base) - (base & PAGE_MASK)) >> PAGE_SHIFT); 1051 len = offset + req->info.fragsize > PAGE_SIZE ? 1052 PAGE_SIZE - offset : req->info.fragsize; 1053 len = min((datalen - queued), len); 1054 ret = sdma_txadd_page(pq->dd, &tx->txreq, 1055 iovec->pages[pageidx], 1056 offset, len); 1057 if (ret) { 1058 SDMA_DBG(req, "SDMA txreq add page failed %d\n", 1059 ret); 1060 goto free_txreq; 1061 } 1062 iov_offset += len; 1063 queued += len; 1064 data_sent += len; 1065 if (unlikely(queued < datalen && 1066 pageidx == iovec->npages && 1067 req->iov_idx < req->data_iovs - 1)) { 1068 iovec->offset += iov_offset; 1069 iovec = &req->iovs[++req->iov_idx]; 1070 iov_offset = 0; 1071 } 1072 } 1073 /* 1074 * The txreq was submitted successfully so we can update 1075 * the counters. 1076 */ 1077 req->koffset += datalen; 1078 if (req_opcode(req->info.ctrl) == EXPECTED) 1079 req->tidoffset += datalen; 1080 req->sent += data_sent; 1081 if (req->data_len) 1082 iovec->offset += iov_offset; 1083 list_add_tail(&tx->txreq.list, &req->txps); 1084 /* 1085 * It is important to increment this here as it is used to 1086 * generate the BTH.PSN and, therefore, can't be bulk-updated 1087 * outside of the loop. 1088 */ 1089 tx->seqnum = req->seqnum++; 1090 npkts++; 1091 } 1092 dosend: 1093 ret = sdma_send_txlist(req->sde, &pq->busy, &req->txps); 1094 if (list_empty(&req->txps)) { 1095 req->seqsubmitted = req->seqnum; 1096 if (req->seqnum == req->info.npkts) { 1097 set_bit(SDMA_REQ_SEND_DONE, &req->flags); 1098 /* 1099 * The txreq has already been submitted to the HW queue 1100 * so we can free the AHG entry now. Corruption will not 1101 * happen due to the sequential manner in which 1102 * descriptors are processed. 1103 */ 1104 if (test_bit(SDMA_REQ_HAVE_AHG, &req->flags)) 1105 sdma_ahg_free(req->sde, req->ahg_idx); 1106 } 1107 } else if (ret > 0) { 1108 req->seqsubmitted += ret; 1109 ret = 0; 1110 } 1111 return ret; 1112 1113 free_txreq: 1114 sdma_txclean(pq->dd, &tx->txreq); 1115 free_tx: 1116 kmem_cache_free(pq->txreq_cache, tx); 1117 return ret; 1118 } 1119 1120 /* 1121 * How many pages in this iovec element? 1122 */ 1123 static inline int num_user_pages(const struct iovec *iov) 1124 { 1125 const unsigned long addr = (unsigned long)iov->iov_base; 1126 const unsigned long len = iov->iov_len; 1127 const unsigned long spage = addr & PAGE_MASK; 1128 const unsigned long epage = (addr + len - 1) & PAGE_MASK; 1129 1130 return 1 + ((epage - spage) >> PAGE_SHIFT); 1131 } 1132 1133 static u32 sdma_cache_evict(struct hfi1_user_sdma_pkt_q *pq, u32 npages) 1134 { 1135 struct evict_data evict_data; 1136 1137 evict_data.cleared = 0; 1138 evict_data.target = npages; 1139 hfi1_mmu_rb_evict(pq->handler, &evict_data); 1140 return evict_data.cleared; 1141 } 1142 1143 static int pin_vector_pages(struct user_sdma_request *req, 1144 struct user_sdma_iovec *iovec) 1145 { 1146 int ret = 0, pinned, npages, cleared; 1147 struct page **pages; 1148 struct hfi1_user_sdma_pkt_q *pq = req->pq; 1149 struct sdma_mmu_node *node = NULL; 1150 struct mmu_rb_node *rb_node; 1151 1152 rb_node = hfi1_mmu_rb_extract(pq->handler, 1153 (unsigned long)iovec->iov.iov_base, 1154 iovec->iov.iov_len); 1155 if (rb_node && !IS_ERR(rb_node)) 1156 node = container_of(rb_node, struct sdma_mmu_node, rb); 1157 else 1158 rb_node = NULL; 1159 1160 if (!node) { 1161 node = kzalloc(sizeof(*node), GFP_KERNEL); 1162 if (!node) 1163 return -ENOMEM; 1164 1165 node->rb.addr = (unsigned long)iovec->iov.iov_base; 1166 node->pq = pq; 1167 atomic_set(&node->refcount, 0); 1168 } 1169 1170 npages = num_user_pages(&iovec->iov); 1171 if (node->npages < npages) { 1172 pages = kcalloc(npages, sizeof(*pages), GFP_KERNEL); 1173 if (!pages) { 1174 SDMA_DBG(req, "Failed page array alloc"); 1175 ret = -ENOMEM; 1176 goto bail; 1177 } 1178 memcpy(pages, node->pages, node->npages * sizeof(*pages)); 1179 1180 npages -= node->npages; 1181 1182 retry: 1183 if (!hfi1_can_pin_pages(pq->dd, pq->mm, 1184 atomic_read(&pq->n_locked), npages)) { 1185 cleared = sdma_cache_evict(pq, npages); 1186 if (cleared >= npages) 1187 goto retry; 1188 } 1189 pinned = hfi1_acquire_user_pages(pq->mm, 1190 ((unsigned long)iovec->iov.iov_base + 1191 (node->npages * PAGE_SIZE)), npages, 0, 1192 pages + node->npages); 1193 if (pinned < 0) { 1194 kfree(pages); 1195 ret = pinned; 1196 goto bail; 1197 } 1198 if (pinned != npages) { 1199 unpin_vector_pages(pq->mm, pages, node->npages, 1200 pinned); 1201 ret = -EFAULT; 1202 goto bail; 1203 } 1204 kfree(node->pages); 1205 node->rb.len = iovec->iov.iov_len; 1206 node->pages = pages; 1207 node->npages += pinned; 1208 npages = node->npages; 1209 atomic_add(pinned, &pq->n_locked); 1210 } 1211 iovec->pages = node->pages; 1212 iovec->npages = npages; 1213 iovec->node = node; 1214 1215 ret = hfi1_mmu_rb_insert(req->pq->handler, &node->rb); 1216 if (ret) { 1217 atomic_sub(node->npages, &pq->n_locked); 1218 iovec->node = NULL; 1219 goto bail; 1220 } 1221 return 0; 1222 bail: 1223 if (rb_node) 1224 unpin_vector_pages(pq->mm, node->pages, 0, node->npages); 1225 kfree(node); 1226 return ret; 1227 } 1228 1229 static void unpin_vector_pages(struct mm_struct *mm, struct page **pages, 1230 unsigned start, unsigned npages) 1231 { 1232 hfi1_release_user_pages(mm, pages + start, npages, false); 1233 kfree(pages); 1234 } 1235 1236 static int check_header_template(struct user_sdma_request *req, 1237 struct hfi1_pkt_header *hdr, u32 lrhlen, 1238 u32 datalen) 1239 { 1240 /* 1241 * Perform safety checks for any type of packet: 1242 * - transfer size is multiple of 64bytes 1243 * - packet length is multiple of 4 bytes 1244 * - packet length is not larger than MTU size 1245 * 1246 * These checks are only done for the first packet of the 1247 * transfer since the header is "given" to us by user space. 1248 * For the remainder of the packets we compute the values. 1249 */ 1250 if (req->info.fragsize % PIO_BLOCK_SIZE || lrhlen & 0x3 || 1251 lrhlen > get_lrh_len(*hdr, req->info.fragsize)) 1252 return -EINVAL; 1253 1254 if (req_opcode(req->info.ctrl) == EXPECTED) { 1255 /* 1256 * The header is checked only on the first packet. Furthermore, 1257 * we ensure that at least one TID entry is copied when the 1258 * request is submitted. Therefore, we don't have to verify that 1259 * tididx points to something sane. 1260 */ 1261 u32 tidval = req->tids[req->tididx], 1262 tidlen = EXP_TID_GET(tidval, LEN) * PAGE_SIZE, 1263 tididx = EXP_TID_GET(tidval, IDX), 1264 tidctrl = EXP_TID_GET(tidval, CTRL), 1265 tidoff; 1266 __le32 kval = hdr->kdeth.ver_tid_offset; 1267 1268 tidoff = KDETH_GET(kval, OFFSET) * 1269 (KDETH_GET(req->hdr.kdeth.ver_tid_offset, OM) ? 1270 KDETH_OM_LARGE : KDETH_OM_SMALL); 1271 /* 1272 * Expected receive packets have the following 1273 * additional checks: 1274 * - offset is not larger than the TID size 1275 * - TIDCtrl values match between header and TID array 1276 * - TID indexes match between header and TID array 1277 */ 1278 if ((tidoff + datalen > tidlen) || 1279 KDETH_GET(kval, TIDCTRL) != tidctrl || 1280 KDETH_GET(kval, TID) != tididx) 1281 return -EINVAL; 1282 } 1283 return 0; 1284 } 1285 1286 /* 1287 * Correctly set the BTH.PSN field based on type of 1288 * transfer - eager packets can just increment the PSN but 1289 * expected packets encode generation and sequence in the 1290 * BTH.PSN field so just incrementing will result in errors. 1291 */ 1292 static inline u32 set_pkt_bth_psn(__be32 bthpsn, u8 expct, u32 frags) 1293 { 1294 u32 val = be32_to_cpu(bthpsn), 1295 mask = (HFI1_CAP_IS_KSET(EXTENDED_PSN) ? 0x7fffffffull : 1296 0xffffffull), 1297 psn = val & mask; 1298 if (expct) 1299 psn = (psn & ~BTH_SEQ_MASK) | ((psn + frags) & BTH_SEQ_MASK); 1300 else 1301 psn = psn + frags; 1302 return psn & mask; 1303 } 1304 1305 static int set_txreq_header(struct user_sdma_request *req, 1306 struct user_sdma_txreq *tx, u32 datalen) 1307 { 1308 struct hfi1_user_sdma_pkt_q *pq = req->pq; 1309 struct hfi1_pkt_header *hdr = &tx->hdr; 1310 u16 pbclen; 1311 int ret; 1312 u32 tidval = 0, lrhlen = get_lrh_len(*hdr, pad_len(datalen)); 1313 1314 /* Copy the header template to the request before modification */ 1315 memcpy(hdr, &req->hdr, sizeof(*hdr)); 1316 1317 /* 1318 * Check if the PBC and LRH length are mismatched. If so 1319 * adjust both in the header. 1320 */ 1321 pbclen = le16_to_cpu(hdr->pbc[0]); 1322 if (PBC2LRH(pbclen) != lrhlen) { 1323 pbclen = (pbclen & 0xf000) | LRH2PBC(lrhlen); 1324 hdr->pbc[0] = cpu_to_le16(pbclen); 1325 hdr->lrh[2] = cpu_to_be16(lrhlen >> 2); 1326 /* 1327 * Third packet 1328 * This is the first packet in the sequence that has 1329 * a "static" size that can be used for the rest of 1330 * the packets (besides the last one). 1331 */ 1332 if (unlikely(req->seqnum == 2)) { 1333 /* 1334 * From this point on the lengths in both the 1335 * PBC and LRH are the same until the last 1336 * packet. 1337 * Adjust the template so we don't have to update 1338 * every packet 1339 */ 1340 req->hdr.pbc[0] = hdr->pbc[0]; 1341 req->hdr.lrh[2] = hdr->lrh[2]; 1342 } 1343 } 1344 /* 1345 * We only have to modify the header if this is not the 1346 * first packet in the request. Otherwise, we use the 1347 * header given to us. 1348 */ 1349 if (unlikely(!req->seqnum)) { 1350 ret = check_header_template(req, hdr, lrhlen, datalen); 1351 if (ret) 1352 return ret; 1353 goto done; 1354 } 1355 1356 hdr->bth[2] = cpu_to_be32( 1357 set_pkt_bth_psn(hdr->bth[2], 1358 (req_opcode(req->info.ctrl) == EXPECTED), 1359 req->seqnum)); 1360 1361 /* Set ACK request on last packet */ 1362 if (unlikely(tx->flags & TXREQ_FLAGS_REQ_LAST_PKT)) 1363 hdr->bth[2] |= cpu_to_be32(1UL << 31); 1364 1365 /* Set the new offset */ 1366 hdr->kdeth.swdata[6] = cpu_to_le32(req->koffset); 1367 /* Expected packets have to fill in the new TID information */ 1368 if (req_opcode(req->info.ctrl) == EXPECTED) { 1369 tidval = req->tids[req->tididx]; 1370 /* 1371 * If the offset puts us at the end of the current TID, 1372 * advance everything. 1373 */ 1374 if ((req->tidoffset) == (EXP_TID_GET(tidval, LEN) * 1375 PAGE_SIZE)) { 1376 req->tidoffset = 0; 1377 /* 1378 * Since we don't copy all the TIDs, all at once, 1379 * we have to check again. 1380 */ 1381 if (++req->tididx > req->n_tids - 1 || 1382 !req->tids[req->tididx]) { 1383 return -EINVAL; 1384 } 1385 tidval = req->tids[req->tididx]; 1386 } 1387 req->omfactor = EXP_TID_GET(tidval, LEN) * PAGE_SIZE >= 1388 KDETH_OM_MAX_SIZE ? KDETH_OM_LARGE : KDETH_OM_SMALL; 1389 /* Set KDETH.TIDCtrl based on value for this TID. */ 1390 KDETH_SET(hdr->kdeth.ver_tid_offset, TIDCTRL, 1391 EXP_TID_GET(tidval, CTRL)); 1392 /* Set KDETH.TID based on value for this TID */ 1393 KDETH_SET(hdr->kdeth.ver_tid_offset, TID, 1394 EXP_TID_GET(tidval, IDX)); 1395 /* Clear KDETH.SH only on the last packet */ 1396 if (unlikely(tx->flags & TXREQ_FLAGS_REQ_LAST_PKT)) 1397 KDETH_SET(hdr->kdeth.ver_tid_offset, SH, 0); 1398 /* 1399 * Set the KDETH.OFFSET and KDETH.OM based on size of 1400 * transfer. 1401 */ 1402 SDMA_DBG(req, "TID offset %ubytes %uunits om%u", 1403 req->tidoffset, req->tidoffset / req->omfactor, 1404 req->omfactor != KDETH_OM_SMALL); 1405 KDETH_SET(hdr->kdeth.ver_tid_offset, OFFSET, 1406 req->tidoffset / req->omfactor); 1407 KDETH_SET(hdr->kdeth.ver_tid_offset, OM, 1408 req->omfactor != KDETH_OM_SMALL); 1409 } 1410 done: 1411 trace_hfi1_sdma_user_header(pq->dd, pq->ctxt, pq->subctxt, 1412 req->info.comp_idx, hdr, tidval); 1413 return sdma_txadd_kvaddr(pq->dd, &tx->txreq, hdr, sizeof(*hdr)); 1414 } 1415 1416 static int set_txreq_header_ahg(struct user_sdma_request *req, 1417 struct user_sdma_txreq *tx, u32 len) 1418 { 1419 int diff = 0; 1420 struct hfi1_user_sdma_pkt_q *pq = req->pq; 1421 struct hfi1_pkt_header *hdr = &req->hdr; 1422 u16 pbclen = le16_to_cpu(hdr->pbc[0]); 1423 u32 val32, tidval = 0, lrhlen = get_lrh_len(*hdr, pad_len(len)); 1424 1425 if (PBC2LRH(pbclen) != lrhlen) { 1426 /* PBC.PbcLengthDWs */ 1427 AHG_HEADER_SET(req->ahg, diff, 0, 0, 12, 1428 cpu_to_le16(LRH2PBC(lrhlen))); 1429 /* LRH.PktLen (we need the full 16 bits due to byte swap) */ 1430 AHG_HEADER_SET(req->ahg, diff, 3, 0, 16, 1431 cpu_to_be16(lrhlen >> 2)); 1432 } 1433 1434 /* 1435 * Do the common updates 1436 */ 1437 /* BTH.PSN and BTH.A */ 1438 val32 = (be32_to_cpu(hdr->bth[2]) + req->seqnum) & 1439 (HFI1_CAP_IS_KSET(EXTENDED_PSN) ? 0x7fffffff : 0xffffff); 1440 if (unlikely(tx->flags & TXREQ_FLAGS_REQ_LAST_PKT)) 1441 val32 |= 1UL << 31; 1442 AHG_HEADER_SET(req->ahg, diff, 6, 0, 16, cpu_to_be16(val32 >> 16)); 1443 AHG_HEADER_SET(req->ahg, diff, 6, 16, 16, cpu_to_be16(val32 & 0xffff)); 1444 /* KDETH.Offset */ 1445 AHG_HEADER_SET(req->ahg, diff, 15, 0, 16, 1446 cpu_to_le16(req->koffset & 0xffff)); 1447 AHG_HEADER_SET(req->ahg, diff, 15, 16, 16, 1448 cpu_to_le16(req->koffset >> 16)); 1449 if (req_opcode(req->info.ctrl) == EXPECTED) { 1450 __le16 val; 1451 1452 tidval = req->tids[req->tididx]; 1453 1454 /* 1455 * If the offset puts us at the end of the current TID, 1456 * advance everything. 1457 */ 1458 if ((req->tidoffset) == (EXP_TID_GET(tidval, LEN) * 1459 PAGE_SIZE)) { 1460 req->tidoffset = 0; 1461 /* 1462 * Since we don't copy all the TIDs, all at once, 1463 * we have to check again. 1464 */ 1465 if (++req->tididx > req->n_tids - 1 || 1466 !req->tids[req->tididx]) { 1467 return -EINVAL; 1468 } 1469 tidval = req->tids[req->tididx]; 1470 } 1471 req->omfactor = ((EXP_TID_GET(tidval, LEN) * 1472 PAGE_SIZE) >= 1473 KDETH_OM_MAX_SIZE) ? KDETH_OM_LARGE : 1474 KDETH_OM_SMALL; 1475 /* KDETH.OM and KDETH.OFFSET (TID) */ 1476 AHG_HEADER_SET(req->ahg, diff, 7, 0, 16, 1477 ((!!(req->omfactor - KDETH_OM_SMALL)) << 15 | 1478 ((req->tidoffset / req->omfactor) & 0x7fff))); 1479 /* KDETH.TIDCtrl, KDETH.TID */ 1480 val = cpu_to_le16(((EXP_TID_GET(tidval, CTRL) & 0x3) << 10) | 1481 (EXP_TID_GET(tidval, IDX) & 0x3ff)); 1482 /* Clear KDETH.SH on last packet */ 1483 if (unlikely(tx->flags & TXREQ_FLAGS_REQ_LAST_PKT)) { 1484 val |= cpu_to_le16(KDETH_GET(hdr->kdeth.ver_tid_offset, 1485 INTR) << 1486 AHG_KDETH_INTR_SHIFT); 1487 val &= cpu_to_le16(~(1U << 13)); 1488 AHG_HEADER_SET(req->ahg, diff, 7, 16, 14, val); 1489 } else { 1490 AHG_HEADER_SET(req->ahg, diff, 7, 16, 12, val); 1491 } 1492 } 1493 1494 trace_hfi1_sdma_user_header_ahg(pq->dd, pq->ctxt, pq->subctxt, 1495 req->info.comp_idx, req->sde->this_idx, 1496 req->ahg_idx, req->ahg, diff, tidval); 1497 return diff; 1498 } 1499 1500 /* 1501 * SDMA tx request completion callback. Called when the SDMA progress 1502 * state machine gets notification that the SDMA descriptors for this 1503 * tx request have been processed by the DMA engine. Called in 1504 * interrupt context. 1505 */ 1506 static void user_sdma_txreq_cb(struct sdma_txreq *txreq, int status) 1507 { 1508 struct user_sdma_txreq *tx = 1509 container_of(txreq, struct user_sdma_txreq, txreq); 1510 struct user_sdma_request *req; 1511 struct hfi1_user_sdma_pkt_q *pq; 1512 struct hfi1_user_sdma_comp_q *cq; 1513 u16 idx; 1514 1515 if (!tx->req) 1516 return; 1517 1518 req = tx->req; 1519 pq = req->pq; 1520 cq = req->cq; 1521 1522 if (status != SDMA_TXREQ_S_OK) { 1523 SDMA_DBG(req, "SDMA completion with error %d", 1524 status); 1525 set_bit(SDMA_REQ_HAS_ERROR, &req->flags); 1526 } 1527 1528 req->seqcomp = tx->seqnum; 1529 kmem_cache_free(pq->txreq_cache, tx); 1530 tx = NULL; 1531 1532 idx = req->info.comp_idx; 1533 if (req->status == -1 && status == SDMA_TXREQ_S_OK) { 1534 if (req->seqcomp == req->info.npkts - 1) { 1535 req->status = 0; 1536 user_sdma_free_request(req, false); 1537 pq_update(pq); 1538 set_comp_state(pq, cq, idx, COMPLETE, 0); 1539 } 1540 } else { 1541 if (status != SDMA_TXREQ_S_OK) 1542 req->status = status; 1543 if (req->seqcomp == (ACCESS_ONCE(req->seqsubmitted) - 1) && 1544 (test_bit(SDMA_REQ_SEND_DONE, &req->flags) || 1545 test_bit(SDMA_REQ_DONE_ERROR, &req->flags))) { 1546 user_sdma_free_request(req, false); 1547 pq_update(pq); 1548 set_comp_state(pq, cq, idx, ERROR, req->status); 1549 } 1550 } 1551 } 1552 1553 static inline void pq_update(struct hfi1_user_sdma_pkt_q *pq) 1554 { 1555 if (atomic_dec_and_test(&pq->n_reqs)) { 1556 xchg(&pq->state, SDMA_PKT_Q_INACTIVE); 1557 wake_up(&pq->wait); 1558 } 1559 } 1560 1561 static void user_sdma_free_request(struct user_sdma_request *req, bool unpin) 1562 { 1563 if (!list_empty(&req->txps)) { 1564 struct sdma_txreq *t, *p; 1565 1566 list_for_each_entry_safe(t, p, &req->txps, list) { 1567 struct user_sdma_txreq *tx = 1568 container_of(t, struct user_sdma_txreq, txreq); 1569 list_del_init(&t->list); 1570 sdma_txclean(req->pq->dd, t); 1571 kmem_cache_free(req->pq->txreq_cache, tx); 1572 } 1573 } 1574 if (req->data_iovs) { 1575 struct sdma_mmu_node *node; 1576 int i; 1577 1578 for (i = 0; i < req->data_iovs; i++) { 1579 node = req->iovs[i].node; 1580 if (!node) 1581 continue; 1582 1583 if (unpin) 1584 hfi1_mmu_rb_remove(req->pq->handler, 1585 &node->rb); 1586 else 1587 atomic_dec(&node->refcount); 1588 } 1589 } 1590 kfree(req->tids); 1591 clear_bit(req->info.comp_idx, req->pq->req_in_use); 1592 } 1593 1594 static inline void set_comp_state(struct hfi1_user_sdma_pkt_q *pq, 1595 struct hfi1_user_sdma_comp_q *cq, 1596 u16 idx, enum hfi1_sdma_comp_state state, 1597 int ret) 1598 { 1599 hfi1_cdbg(SDMA, "[%u:%u:%u:%u] Setting completion status %u %d", 1600 pq->dd->unit, pq->ctxt, pq->subctxt, idx, state, ret); 1601 cq->comps[idx].status = state; 1602 if (state == ERROR) 1603 cq->comps[idx].errcode = -ret; 1604 trace_hfi1_sdma_user_completion(pq->dd, pq->ctxt, pq->subctxt, 1605 idx, state, ret); 1606 } 1607 1608 static bool sdma_rb_filter(struct mmu_rb_node *node, unsigned long addr, 1609 unsigned long len) 1610 { 1611 return (bool)(node->addr == addr); 1612 } 1613 1614 static int sdma_rb_insert(void *arg, struct mmu_rb_node *mnode) 1615 { 1616 struct sdma_mmu_node *node = 1617 container_of(mnode, struct sdma_mmu_node, rb); 1618 1619 atomic_inc(&node->refcount); 1620 return 0; 1621 } 1622 1623 /* 1624 * Return 1 to remove the node from the rb tree and call the remove op. 1625 * 1626 * Called with the rb tree lock held. 1627 */ 1628 static int sdma_rb_evict(void *arg, struct mmu_rb_node *mnode, 1629 void *evict_arg, bool *stop) 1630 { 1631 struct sdma_mmu_node *node = 1632 container_of(mnode, struct sdma_mmu_node, rb); 1633 struct evict_data *evict_data = evict_arg; 1634 1635 /* is this node still being used? */ 1636 if (atomic_read(&node->refcount)) 1637 return 0; /* keep this node */ 1638 1639 /* this node will be evicted, add its pages to our count */ 1640 evict_data->cleared += node->npages; 1641 1642 /* have enough pages been cleared? */ 1643 if (evict_data->cleared >= evict_data->target) 1644 *stop = true; 1645 1646 return 1; /* remove this node */ 1647 } 1648 1649 static void sdma_rb_remove(void *arg, struct mmu_rb_node *mnode) 1650 { 1651 struct sdma_mmu_node *node = 1652 container_of(mnode, struct sdma_mmu_node, rb); 1653 1654 atomic_sub(node->npages, &node->pq->n_locked); 1655 1656 unpin_vector_pages(node->pq->mm, node->pages, 0, node->npages); 1657 1658 kfree(node); 1659 } 1660 1661 static int sdma_rb_invalidate(void *arg, struct mmu_rb_node *mnode) 1662 { 1663 struct sdma_mmu_node *node = 1664 container_of(mnode, struct sdma_mmu_node, rb); 1665 1666 if (!atomic_read(&node->refcount)) 1667 return 1; 1668 return 0; 1669 } 1670