1 /* 2 * Copyright (c) 2013-2015, Mellanox Technologies. All rights reserved. 3 * 4 * This software is available to you under a choice of one of two 5 * licenses. You may choose to be licensed under the terms of the GNU 6 * General Public License (GPL) Version 2, available from the file 7 * COPYING in the main directory of this source tree, or the 8 * OpenIB.org BSD license below: 9 * 10 * Redistribution and use in source and binary forms, with or 11 * without modification, are permitted provided that the following 12 * conditions are met: 13 * 14 * - Redistributions of source code must retain the above 15 * copyright notice, this list of conditions and the following 16 * disclaimer. 17 * 18 * - Redistributions in binary form must reproduce the above 19 * copyright notice, this list of conditions and the following 20 * disclaimer in the documentation and/or other materials 21 * provided with the distribution. 22 * 23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 30 * SOFTWARE. 31 */ 32 33 #include <rdma/ib_umem.h> 34 #include <rdma/ib_umem_odp.h> 35 #include <linux/kernel.h> 36 37 #include "mlx5_ib.h" 38 #include "cmd.h" 39 #include "qp.h" 40 41 #include <linux/mlx5/eq.h> 42 43 /* Contains the details of a pagefault. */ 44 struct mlx5_pagefault { 45 u32 bytes_committed; 46 u32 token; 47 u8 event_subtype; 48 u8 type; 49 union { 50 /* Initiator or send message responder pagefault details. */ 51 struct { 52 /* Received packet size, only valid for responders. */ 53 u32 packet_size; 54 /* 55 * Number of resource holding WQE, depends on type. 56 */ 57 u32 wq_num; 58 /* 59 * WQE index. Refers to either the send queue or 60 * receive queue, according to event_subtype. 61 */ 62 u16 wqe_index; 63 } wqe; 64 /* RDMA responder pagefault details */ 65 struct { 66 u32 r_key; 67 /* 68 * Received packet size, minimal size page fault 69 * resolution required for forward progress. 70 */ 71 u32 packet_size; 72 u32 rdma_op_len; 73 u64 rdma_va; 74 } rdma; 75 }; 76 77 struct mlx5_ib_pf_eq *eq; 78 struct work_struct work; 79 }; 80 81 #define MAX_PREFETCH_LEN (4*1024*1024U) 82 83 /* Timeout in ms to wait for an active mmu notifier to complete when handling 84 * a pagefault. */ 85 #define MMU_NOTIFIER_TIMEOUT 1000 86 87 #define MLX5_IMR_MTT_BITS (30 - PAGE_SHIFT) 88 #define MLX5_IMR_MTT_SHIFT (MLX5_IMR_MTT_BITS + PAGE_SHIFT) 89 #define MLX5_IMR_MTT_ENTRIES BIT_ULL(MLX5_IMR_MTT_BITS) 90 #define MLX5_IMR_MTT_SIZE BIT_ULL(MLX5_IMR_MTT_SHIFT) 91 #define MLX5_IMR_MTT_MASK (~(MLX5_IMR_MTT_SIZE - 1)) 92 93 #define MLX5_KSM_PAGE_SHIFT MLX5_IMR_MTT_SHIFT 94 95 static u64 mlx5_imr_ksm_entries; 96 97 static void populate_klm(struct mlx5_klm *pklm, size_t idx, size_t nentries, 98 struct mlx5_ib_mr *imr, int flags) 99 { 100 struct mlx5_klm *end = pklm + nentries; 101 102 if (flags & MLX5_IB_UPD_XLT_ZAP) { 103 for (; pklm != end; pklm++, idx++) { 104 pklm->bcount = cpu_to_be32(MLX5_IMR_MTT_SIZE); 105 pklm->key = cpu_to_be32(imr->dev->null_mkey); 106 pklm->va = 0; 107 } 108 return; 109 } 110 111 /* 112 * The locking here is pretty subtle. Ideally the implicit_children 113 * xarray would be protected by the umem_mutex, however that is not 114 * possible. Instead this uses a weaker update-then-lock pattern: 115 * 116 * srcu_read_lock() 117 * xa_store() 118 * mutex_lock(umem_mutex) 119 * mlx5_ib_update_xlt() 120 * mutex_unlock(umem_mutex) 121 * destroy lkey 122 * 123 * ie any change the xarray must be followed by the locked update_xlt 124 * before destroying. 125 * 126 * The umem_mutex provides the acquire/release semantic needed to make 127 * the xa_store() visible to a racing thread. While SRCU is not 128 * technically required, using it gives consistent use of the SRCU 129 * locking around the xarray. 130 */ 131 lockdep_assert_held(&to_ib_umem_odp(imr->umem)->umem_mutex); 132 lockdep_assert_held(&imr->dev->odp_srcu); 133 134 for (; pklm != end; pklm++, idx++) { 135 struct mlx5_ib_mr *mtt = xa_load(&imr->implicit_children, idx); 136 137 pklm->bcount = cpu_to_be32(MLX5_IMR_MTT_SIZE); 138 if (mtt) { 139 pklm->key = cpu_to_be32(mtt->ibmr.lkey); 140 pklm->va = cpu_to_be64(idx * MLX5_IMR_MTT_SIZE); 141 } else { 142 pklm->key = cpu_to_be32(imr->dev->null_mkey); 143 pklm->va = 0; 144 } 145 } 146 } 147 148 static u64 umem_dma_to_mtt(dma_addr_t umem_dma) 149 { 150 u64 mtt_entry = umem_dma & ODP_DMA_ADDR_MASK; 151 152 if (umem_dma & ODP_READ_ALLOWED_BIT) 153 mtt_entry |= MLX5_IB_MTT_READ; 154 if (umem_dma & ODP_WRITE_ALLOWED_BIT) 155 mtt_entry |= MLX5_IB_MTT_WRITE; 156 157 return mtt_entry; 158 } 159 160 static void populate_mtt(__be64 *pas, size_t idx, size_t nentries, 161 struct mlx5_ib_mr *mr, int flags) 162 { 163 struct ib_umem_odp *odp = to_ib_umem_odp(mr->umem); 164 dma_addr_t pa; 165 size_t i; 166 167 if (flags & MLX5_IB_UPD_XLT_ZAP) 168 return; 169 170 for (i = 0; i < nentries; i++) { 171 pa = odp->dma_list[idx + i]; 172 pas[i] = cpu_to_be64(umem_dma_to_mtt(pa)); 173 } 174 } 175 176 void mlx5_odp_populate_xlt(void *xlt, size_t idx, size_t nentries, 177 struct mlx5_ib_mr *mr, int flags) 178 { 179 if (flags & MLX5_IB_UPD_XLT_INDIRECT) { 180 populate_klm(xlt, idx, nentries, mr, flags); 181 } else { 182 populate_mtt(xlt, idx, nentries, mr, flags); 183 } 184 } 185 186 static void dma_fence_odp_mr(struct mlx5_ib_mr *mr) 187 { 188 struct ib_umem_odp *odp = to_ib_umem_odp(mr->umem); 189 190 /* Ensure mlx5_ib_invalidate_range() will not touch the MR any more */ 191 mutex_lock(&odp->umem_mutex); 192 if (odp->npages) { 193 mlx5_mr_cache_invalidate(mr); 194 ib_umem_odp_unmap_dma_pages(odp, ib_umem_start(odp), 195 ib_umem_end(odp)); 196 WARN_ON(odp->npages); 197 } 198 odp->private = NULL; 199 mutex_unlock(&odp->umem_mutex); 200 201 if (!mr->cache_ent) { 202 mlx5_core_destroy_mkey(mr->dev->mdev, &mr->mmkey); 203 WARN_ON(mr->descs); 204 } 205 } 206 207 /* 208 * This must be called after the mr has been removed from implicit_children 209 * and the SRCU synchronized. NOTE: The MR does not necessarily have to be 210 * empty here, parallel page faults could have raced with the free process and 211 * added pages to it. 212 */ 213 static void free_implicit_child_mr(struct mlx5_ib_mr *mr, bool need_imr_xlt) 214 { 215 struct mlx5_ib_mr *imr = mr->parent; 216 struct ib_umem_odp *odp_imr = to_ib_umem_odp(imr->umem); 217 struct ib_umem_odp *odp = to_ib_umem_odp(mr->umem); 218 unsigned long idx = ib_umem_start(odp) >> MLX5_IMR_MTT_SHIFT; 219 int srcu_key; 220 221 /* implicit_child_mr's are not allowed to have deferred work */ 222 WARN_ON(atomic_read(&mr->num_deferred_work)); 223 224 if (need_imr_xlt) { 225 srcu_key = srcu_read_lock(&mr->dev->odp_srcu); 226 mutex_lock(&odp_imr->umem_mutex); 227 mlx5_ib_update_xlt(mr->parent, idx, 1, 0, 228 MLX5_IB_UPD_XLT_INDIRECT | 229 MLX5_IB_UPD_XLT_ATOMIC); 230 mutex_unlock(&odp_imr->umem_mutex); 231 srcu_read_unlock(&mr->dev->odp_srcu, srcu_key); 232 } 233 234 dma_fence_odp_mr(mr); 235 236 mr->parent = NULL; 237 mlx5_mr_cache_free(mr->dev, mr); 238 ib_umem_odp_release(odp); 239 if (atomic_dec_and_test(&imr->num_deferred_work)) 240 wake_up(&imr->q_deferred_work); 241 } 242 243 static void free_implicit_child_mr_work(struct work_struct *work) 244 { 245 struct mlx5_ib_mr *mr = 246 container_of(work, struct mlx5_ib_mr, odp_destroy.work); 247 248 free_implicit_child_mr(mr, true); 249 } 250 251 static void free_implicit_child_mr_rcu(struct rcu_head *head) 252 { 253 struct mlx5_ib_mr *mr = 254 container_of(head, struct mlx5_ib_mr, odp_destroy.rcu); 255 256 /* Freeing a MR is a sleeping operation, so bounce to a work queue */ 257 INIT_WORK(&mr->odp_destroy.work, free_implicit_child_mr_work); 258 queue_work(system_unbound_wq, &mr->odp_destroy.work); 259 } 260 261 static void destroy_unused_implicit_child_mr(struct mlx5_ib_mr *mr) 262 { 263 struct ib_umem_odp *odp = to_ib_umem_odp(mr->umem); 264 unsigned long idx = ib_umem_start(odp) >> MLX5_IMR_MTT_SHIFT; 265 struct mlx5_ib_mr *imr = mr->parent; 266 267 xa_lock(&imr->implicit_children); 268 /* 269 * This can race with mlx5_ib_free_implicit_mr(), the first one to 270 * reach the xa lock wins the race and destroys the MR. 271 */ 272 if (__xa_cmpxchg(&imr->implicit_children, idx, mr, NULL, GFP_ATOMIC) != 273 mr) 274 goto out_unlock; 275 276 atomic_inc(&imr->num_deferred_work); 277 call_srcu(&mr->dev->odp_srcu, &mr->odp_destroy.rcu, 278 free_implicit_child_mr_rcu); 279 280 out_unlock: 281 xa_unlock(&imr->implicit_children); 282 } 283 284 static bool mlx5_ib_invalidate_range(struct mmu_interval_notifier *mni, 285 const struct mmu_notifier_range *range, 286 unsigned long cur_seq) 287 { 288 struct ib_umem_odp *umem_odp = 289 container_of(mni, struct ib_umem_odp, notifier); 290 struct mlx5_ib_mr *mr; 291 const u64 umr_block_mask = (MLX5_UMR_MTT_ALIGNMENT / 292 sizeof(struct mlx5_mtt)) - 1; 293 u64 idx = 0, blk_start_idx = 0; 294 u64 invalidations = 0; 295 unsigned long start; 296 unsigned long end; 297 int in_block = 0; 298 u64 addr; 299 300 if (!mmu_notifier_range_blockable(range)) 301 return false; 302 303 mutex_lock(&umem_odp->umem_mutex); 304 mmu_interval_set_seq(mni, cur_seq); 305 /* 306 * If npages is zero then umem_odp->private may not be setup yet. This 307 * does not complete until after the first page is mapped for DMA. 308 */ 309 if (!umem_odp->npages) 310 goto out; 311 mr = umem_odp->private; 312 313 start = max_t(u64, ib_umem_start(umem_odp), range->start); 314 end = min_t(u64, ib_umem_end(umem_odp), range->end); 315 316 /* 317 * Iteration one - zap the HW's MTTs. The notifiers_count ensures that 318 * while we are doing the invalidation, no page fault will attempt to 319 * overwrite the same MTTs. Concurent invalidations might race us, 320 * but they will write 0s as well, so no difference in the end result. 321 */ 322 for (addr = start; addr < end; addr += BIT(umem_odp->page_shift)) { 323 idx = (addr - ib_umem_start(umem_odp)) >> umem_odp->page_shift; 324 /* 325 * Strive to write the MTTs in chunks, but avoid overwriting 326 * non-existing MTTs. The huristic here can be improved to 327 * estimate the cost of another UMR vs. the cost of bigger 328 * UMR. 329 */ 330 if (umem_odp->dma_list[idx] & 331 (ODP_READ_ALLOWED_BIT | ODP_WRITE_ALLOWED_BIT)) { 332 if (!in_block) { 333 blk_start_idx = idx; 334 in_block = 1; 335 } 336 337 /* Count page invalidations */ 338 invalidations += idx - blk_start_idx + 1; 339 } else { 340 u64 umr_offset = idx & umr_block_mask; 341 342 if (in_block && umr_offset == 0) { 343 mlx5_ib_update_xlt(mr, blk_start_idx, 344 idx - blk_start_idx, 0, 345 MLX5_IB_UPD_XLT_ZAP | 346 MLX5_IB_UPD_XLT_ATOMIC); 347 in_block = 0; 348 } 349 } 350 } 351 if (in_block) 352 mlx5_ib_update_xlt(mr, blk_start_idx, 353 idx - blk_start_idx + 1, 0, 354 MLX5_IB_UPD_XLT_ZAP | 355 MLX5_IB_UPD_XLT_ATOMIC); 356 357 mlx5_update_odp_stats(mr, invalidations, invalidations); 358 359 /* 360 * We are now sure that the device will not access the 361 * memory. We can safely unmap it, and mark it as dirty if 362 * needed. 363 */ 364 365 ib_umem_odp_unmap_dma_pages(umem_odp, start, end); 366 367 if (unlikely(!umem_odp->npages && mr->parent)) 368 destroy_unused_implicit_child_mr(mr); 369 out: 370 mutex_unlock(&umem_odp->umem_mutex); 371 return true; 372 } 373 374 const struct mmu_interval_notifier_ops mlx5_mn_ops = { 375 .invalidate = mlx5_ib_invalidate_range, 376 }; 377 378 void mlx5_ib_internal_fill_odp_caps(struct mlx5_ib_dev *dev) 379 { 380 struct ib_odp_caps *caps = &dev->odp_caps; 381 382 memset(caps, 0, sizeof(*caps)); 383 384 if (!MLX5_CAP_GEN(dev->mdev, pg) || 385 !mlx5_ib_can_use_umr(dev, true, 0)) 386 return; 387 388 caps->general_caps = IB_ODP_SUPPORT; 389 390 if (MLX5_CAP_GEN(dev->mdev, umr_extended_translation_offset)) 391 dev->odp_max_size = U64_MAX; 392 else 393 dev->odp_max_size = BIT_ULL(MLX5_MAX_UMR_SHIFT + PAGE_SHIFT); 394 395 if (MLX5_CAP_ODP(dev->mdev, ud_odp_caps.send)) 396 caps->per_transport_caps.ud_odp_caps |= IB_ODP_SUPPORT_SEND; 397 398 if (MLX5_CAP_ODP(dev->mdev, ud_odp_caps.srq_receive)) 399 caps->per_transport_caps.ud_odp_caps |= IB_ODP_SUPPORT_SRQ_RECV; 400 401 if (MLX5_CAP_ODP(dev->mdev, rc_odp_caps.send)) 402 caps->per_transport_caps.rc_odp_caps |= IB_ODP_SUPPORT_SEND; 403 404 if (MLX5_CAP_ODP(dev->mdev, rc_odp_caps.receive)) 405 caps->per_transport_caps.rc_odp_caps |= IB_ODP_SUPPORT_RECV; 406 407 if (MLX5_CAP_ODP(dev->mdev, rc_odp_caps.write)) 408 caps->per_transport_caps.rc_odp_caps |= IB_ODP_SUPPORT_WRITE; 409 410 if (MLX5_CAP_ODP(dev->mdev, rc_odp_caps.read)) 411 caps->per_transport_caps.rc_odp_caps |= IB_ODP_SUPPORT_READ; 412 413 if (MLX5_CAP_ODP(dev->mdev, rc_odp_caps.atomic)) 414 caps->per_transport_caps.rc_odp_caps |= IB_ODP_SUPPORT_ATOMIC; 415 416 if (MLX5_CAP_ODP(dev->mdev, rc_odp_caps.srq_receive)) 417 caps->per_transport_caps.rc_odp_caps |= IB_ODP_SUPPORT_SRQ_RECV; 418 419 if (MLX5_CAP_ODP(dev->mdev, xrc_odp_caps.send)) 420 caps->per_transport_caps.xrc_odp_caps |= IB_ODP_SUPPORT_SEND; 421 422 if (MLX5_CAP_ODP(dev->mdev, xrc_odp_caps.receive)) 423 caps->per_transport_caps.xrc_odp_caps |= IB_ODP_SUPPORT_RECV; 424 425 if (MLX5_CAP_ODP(dev->mdev, xrc_odp_caps.write)) 426 caps->per_transport_caps.xrc_odp_caps |= IB_ODP_SUPPORT_WRITE; 427 428 if (MLX5_CAP_ODP(dev->mdev, xrc_odp_caps.read)) 429 caps->per_transport_caps.xrc_odp_caps |= IB_ODP_SUPPORT_READ; 430 431 if (MLX5_CAP_ODP(dev->mdev, xrc_odp_caps.atomic)) 432 caps->per_transport_caps.xrc_odp_caps |= IB_ODP_SUPPORT_ATOMIC; 433 434 if (MLX5_CAP_ODP(dev->mdev, xrc_odp_caps.srq_receive)) 435 caps->per_transport_caps.xrc_odp_caps |= IB_ODP_SUPPORT_SRQ_RECV; 436 437 if (MLX5_CAP_GEN(dev->mdev, fixed_buffer_size) && 438 MLX5_CAP_GEN(dev->mdev, null_mkey) && 439 MLX5_CAP_GEN(dev->mdev, umr_extended_translation_offset) && 440 !MLX5_CAP_GEN(dev->mdev, umr_indirect_mkey_disabled)) 441 caps->general_caps |= IB_ODP_SUPPORT_IMPLICIT; 442 } 443 444 static void mlx5_ib_page_fault_resume(struct mlx5_ib_dev *dev, 445 struct mlx5_pagefault *pfault, 446 int error) 447 { 448 int wq_num = pfault->event_subtype == MLX5_PFAULT_SUBTYPE_WQE ? 449 pfault->wqe.wq_num : pfault->token; 450 u32 in[MLX5_ST_SZ_DW(page_fault_resume_in)] = {}; 451 int err; 452 453 MLX5_SET(page_fault_resume_in, in, opcode, MLX5_CMD_OP_PAGE_FAULT_RESUME); 454 MLX5_SET(page_fault_resume_in, in, page_fault_type, pfault->type); 455 MLX5_SET(page_fault_resume_in, in, token, pfault->token); 456 MLX5_SET(page_fault_resume_in, in, wq_number, wq_num); 457 MLX5_SET(page_fault_resume_in, in, error, !!error); 458 459 err = mlx5_cmd_exec_in(dev->mdev, page_fault_resume, in); 460 if (err) 461 mlx5_ib_err(dev, "Failed to resolve the page fault on WQ 0x%x err %d\n", 462 wq_num, err); 463 } 464 465 static struct mlx5_ib_mr *implicit_get_child_mr(struct mlx5_ib_mr *imr, 466 unsigned long idx) 467 { 468 struct ib_umem_odp *odp; 469 struct mlx5_ib_mr *mr; 470 struct mlx5_ib_mr *ret; 471 int err; 472 473 odp = ib_umem_odp_alloc_child(to_ib_umem_odp(imr->umem), 474 idx * MLX5_IMR_MTT_SIZE, 475 MLX5_IMR_MTT_SIZE, &mlx5_mn_ops); 476 if (IS_ERR(odp)) 477 return ERR_CAST(odp); 478 479 ret = mr = mlx5_mr_cache_alloc(imr->dev, MLX5_IMR_MTT_CACHE_ENTRY); 480 if (IS_ERR(mr)) 481 goto out_umem; 482 483 mr->ibmr.pd = imr->ibmr.pd; 484 mr->access_flags = imr->access_flags; 485 mr->umem = &odp->umem; 486 mr->ibmr.lkey = mr->mmkey.key; 487 mr->ibmr.rkey = mr->mmkey.key; 488 mr->mmkey.iova = idx * MLX5_IMR_MTT_SIZE; 489 mr->parent = imr; 490 odp->private = mr; 491 492 err = mlx5_ib_update_xlt(mr, 0, 493 MLX5_IMR_MTT_ENTRIES, 494 PAGE_SHIFT, 495 MLX5_IB_UPD_XLT_ZAP | 496 MLX5_IB_UPD_XLT_ENABLE); 497 if (err) { 498 ret = ERR_PTR(err); 499 goto out_mr; 500 } 501 502 /* 503 * Once the store to either xarray completes any error unwind has to 504 * use synchronize_srcu(). Avoid this with xa_reserve() 505 */ 506 ret = xa_cmpxchg(&imr->implicit_children, idx, NULL, mr, 507 GFP_KERNEL); 508 if (unlikely(ret)) { 509 if (xa_is_err(ret)) { 510 ret = ERR_PTR(xa_err(ret)); 511 goto out_mr; 512 } 513 /* 514 * Another thread beat us to creating the child mr, use 515 * theirs. 516 */ 517 goto out_mr; 518 } 519 520 mlx5_ib_dbg(imr->dev, "key %x mr %p\n", mr->mmkey.key, mr); 521 return mr; 522 523 out_mr: 524 mlx5_mr_cache_free(imr->dev, mr); 525 out_umem: 526 ib_umem_odp_release(odp); 527 return ret; 528 } 529 530 struct mlx5_ib_mr *mlx5_ib_alloc_implicit_mr(struct mlx5_ib_pd *pd, 531 struct ib_udata *udata, 532 int access_flags) 533 { 534 struct mlx5_ib_dev *dev = to_mdev(pd->ibpd.device); 535 struct ib_umem_odp *umem_odp; 536 struct mlx5_ib_mr *imr; 537 int err; 538 539 umem_odp = ib_umem_odp_alloc_implicit(&dev->ib_dev, access_flags); 540 if (IS_ERR(umem_odp)) 541 return ERR_CAST(umem_odp); 542 543 imr = mlx5_mr_cache_alloc(dev, MLX5_IMR_KSM_CACHE_ENTRY); 544 if (IS_ERR(imr)) { 545 err = PTR_ERR(imr); 546 goto out_umem; 547 } 548 549 imr->ibmr.pd = &pd->ibpd; 550 imr->access_flags = access_flags; 551 imr->mmkey.iova = 0; 552 imr->umem = &umem_odp->umem; 553 imr->ibmr.lkey = imr->mmkey.key; 554 imr->ibmr.rkey = imr->mmkey.key; 555 imr->umem = &umem_odp->umem; 556 imr->is_odp_implicit = true; 557 atomic_set(&imr->num_deferred_work, 0); 558 init_waitqueue_head(&imr->q_deferred_work); 559 xa_init(&imr->implicit_children); 560 561 err = mlx5_ib_update_xlt(imr, 0, 562 mlx5_imr_ksm_entries, 563 MLX5_KSM_PAGE_SHIFT, 564 MLX5_IB_UPD_XLT_INDIRECT | 565 MLX5_IB_UPD_XLT_ZAP | 566 MLX5_IB_UPD_XLT_ENABLE); 567 if (err) 568 goto out_mr; 569 570 err = xa_err(xa_store(&dev->odp_mkeys, mlx5_base_mkey(imr->mmkey.key), 571 &imr->mmkey, GFP_KERNEL)); 572 if (err) 573 goto out_mr; 574 575 mlx5_ib_dbg(dev, "key %x mr %p\n", imr->mmkey.key, imr); 576 return imr; 577 out_mr: 578 mlx5_ib_err(dev, "Failed to register MKEY %d\n", err); 579 mlx5_mr_cache_free(dev, imr); 580 out_umem: 581 ib_umem_odp_release(umem_odp); 582 return ERR_PTR(err); 583 } 584 585 void mlx5_ib_free_implicit_mr(struct mlx5_ib_mr *imr) 586 { 587 struct ib_umem_odp *odp_imr = to_ib_umem_odp(imr->umem); 588 struct mlx5_ib_dev *dev = imr->dev; 589 struct list_head destroy_list; 590 struct mlx5_ib_mr *mtt; 591 struct mlx5_ib_mr *tmp; 592 unsigned long idx; 593 594 INIT_LIST_HEAD(&destroy_list); 595 596 xa_erase(&dev->odp_mkeys, mlx5_base_mkey(imr->mmkey.key)); 597 /* 598 * This stops the SRCU protected page fault path from touching either 599 * the imr or any children. The page fault path can only reach the 600 * children xarray via the imr. 601 */ 602 synchronize_srcu(&dev->odp_srcu); 603 604 /* 605 * All work on the prefetch list must be completed, xa_erase() prevented 606 * new work from being created. 607 */ 608 wait_event(imr->q_deferred_work, !atomic_read(&imr->num_deferred_work)); 609 610 /* 611 * At this point it is forbidden for any other thread to enter 612 * pagefault_mr() on this imr. It is already forbidden to call 613 * pagefault_mr() on an implicit child. Due to this additions to 614 * implicit_children are prevented. 615 */ 616 617 /* 618 * Block destroy_unused_implicit_child_mr() from incrementing 619 * num_deferred_work. 620 */ 621 xa_lock(&imr->implicit_children); 622 xa_for_each (&imr->implicit_children, idx, mtt) { 623 __xa_erase(&imr->implicit_children, idx); 624 list_add(&mtt->odp_destroy.elm, &destroy_list); 625 } 626 xa_unlock(&imr->implicit_children); 627 628 /* 629 * Wait for any concurrent destroy_unused_implicit_child_mr() to 630 * complete. 631 */ 632 wait_event(imr->q_deferred_work, !atomic_read(&imr->num_deferred_work)); 633 634 /* 635 * Fence the imr before we destroy the children. This allows us to 636 * skip updating the XLT of the imr during destroy of the child mkey 637 * the imr points to. 638 */ 639 mlx5_mr_cache_invalidate(imr); 640 641 list_for_each_entry_safe (mtt, tmp, &destroy_list, odp_destroy.elm) 642 free_implicit_child_mr(mtt, false); 643 644 mlx5_mr_cache_free(dev, imr); 645 ib_umem_odp_release(odp_imr); 646 } 647 648 /** 649 * mlx5_ib_fence_odp_mr - Stop all access to the ODP MR 650 * @mr: to fence 651 * 652 * On return no parallel threads will be touching this MR and no DMA will be 653 * active. 654 */ 655 void mlx5_ib_fence_odp_mr(struct mlx5_ib_mr *mr) 656 { 657 /* Prevent new page faults and prefetch requests from succeeding */ 658 xa_erase(&mr->dev->odp_mkeys, mlx5_base_mkey(mr->mmkey.key)); 659 660 /* Wait for all running page-fault handlers to finish. */ 661 synchronize_srcu(&mr->dev->odp_srcu); 662 663 wait_event(mr->q_deferred_work, !atomic_read(&mr->num_deferred_work)); 664 665 dma_fence_odp_mr(mr); 666 } 667 668 #define MLX5_PF_FLAGS_DOWNGRADE BIT(1) 669 static int pagefault_real_mr(struct mlx5_ib_mr *mr, struct ib_umem_odp *odp, 670 u64 user_va, size_t bcnt, u32 *bytes_mapped, 671 u32 flags) 672 { 673 int page_shift, ret, np; 674 bool downgrade = flags & MLX5_PF_FLAGS_DOWNGRADE; 675 unsigned long current_seq; 676 u64 access_mask; 677 u64 start_idx; 678 679 page_shift = odp->page_shift; 680 start_idx = (user_va - ib_umem_start(odp)) >> page_shift; 681 access_mask = ODP_READ_ALLOWED_BIT; 682 683 if (odp->umem.writable && !downgrade) 684 access_mask |= ODP_WRITE_ALLOWED_BIT; 685 686 current_seq = mmu_interval_read_begin(&odp->notifier); 687 688 np = ib_umem_odp_map_dma_pages(odp, user_va, bcnt, access_mask, 689 current_seq); 690 if (np < 0) 691 return np; 692 693 mutex_lock(&odp->umem_mutex); 694 if (!mmu_interval_read_retry(&odp->notifier, current_seq)) { 695 /* 696 * No need to check whether the MTTs really belong to 697 * this MR, since ib_umem_odp_map_dma_pages already 698 * checks this. 699 */ 700 ret = mlx5_ib_update_xlt(mr, start_idx, np, 701 page_shift, MLX5_IB_UPD_XLT_ATOMIC); 702 } else { 703 ret = -EAGAIN; 704 } 705 mutex_unlock(&odp->umem_mutex); 706 707 if (ret < 0) { 708 if (ret != -EAGAIN) 709 mlx5_ib_err(mr->dev, 710 "Failed to update mkey page tables\n"); 711 goto out; 712 } 713 714 if (bytes_mapped) { 715 u32 new_mappings = (np << page_shift) - 716 (user_va - round_down(user_va, 1 << page_shift)); 717 718 *bytes_mapped += min_t(u32, new_mappings, bcnt); 719 } 720 721 return np << (page_shift - PAGE_SHIFT); 722 723 out: 724 return ret; 725 } 726 727 static int pagefault_implicit_mr(struct mlx5_ib_mr *imr, 728 struct ib_umem_odp *odp_imr, u64 user_va, 729 size_t bcnt, u32 *bytes_mapped, u32 flags) 730 { 731 unsigned long end_idx = (user_va + bcnt - 1) >> MLX5_IMR_MTT_SHIFT; 732 unsigned long upd_start_idx = end_idx + 1; 733 unsigned long upd_len = 0; 734 unsigned long npages = 0; 735 int err; 736 int ret; 737 738 if (unlikely(user_va >= mlx5_imr_ksm_entries * MLX5_IMR_MTT_SIZE || 739 mlx5_imr_ksm_entries * MLX5_IMR_MTT_SIZE - user_va < bcnt)) 740 return -EFAULT; 741 742 /* Fault each child mr that intersects with our interval. */ 743 while (bcnt) { 744 unsigned long idx = user_va >> MLX5_IMR_MTT_SHIFT; 745 struct ib_umem_odp *umem_odp; 746 struct mlx5_ib_mr *mtt; 747 u64 len; 748 749 mtt = xa_load(&imr->implicit_children, idx); 750 if (unlikely(!mtt)) { 751 mtt = implicit_get_child_mr(imr, idx); 752 if (IS_ERR(mtt)) { 753 ret = PTR_ERR(mtt); 754 goto out; 755 } 756 upd_start_idx = min(upd_start_idx, idx); 757 upd_len = idx - upd_start_idx + 1; 758 } 759 760 umem_odp = to_ib_umem_odp(mtt->umem); 761 len = min_t(u64, user_va + bcnt, ib_umem_end(umem_odp)) - 762 user_va; 763 764 ret = pagefault_real_mr(mtt, umem_odp, user_va, len, 765 bytes_mapped, flags); 766 if (ret < 0) 767 goto out; 768 user_va += len; 769 bcnt -= len; 770 npages += ret; 771 } 772 773 ret = npages; 774 775 /* 776 * Any time the implicit_children are changed we must perform an 777 * update of the xlt before exiting to ensure the HW and the 778 * implicit_children remains synchronized. 779 */ 780 out: 781 if (likely(!upd_len)) 782 return ret; 783 784 /* 785 * Notice this is not strictly ordered right, the KSM is updated after 786 * the implicit_children is updated, so a parallel page fault could 787 * see a MR that is not yet visible in the KSM. This is similar to a 788 * parallel page fault seeing a MR that is being concurrently removed 789 * from the KSM. Both of these improbable situations are resolved 790 * safely by resuming the HW and then taking another page fault. The 791 * next pagefault handler will see the new information. 792 */ 793 mutex_lock(&odp_imr->umem_mutex); 794 err = mlx5_ib_update_xlt(imr, upd_start_idx, upd_len, 0, 795 MLX5_IB_UPD_XLT_INDIRECT | 796 MLX5_IB_UPD_XLT_ATOMIC); 797 mutex_unlock(&odp_imr->umem_mutex); 798 if (err) { 799 mlx5_ib_err(imr->dev, "Failed to update PAS\n"); 800 return err; 801 } 802 return ret; 803 } 804 805 /* 806 * Returns: 807 * -EFAULT: The io_virt->bcnt is not within the MR, it covers pages that are 808 * not accessible, or the MR is no longer valid. 809 * -EAGAIN/-ENOMEM: The operation should be retried 810 * 811 * -EINVAL/others: General internal malfunction 812 * >0: Number of pages mapped 813 */ 814 static int pagefault_mr(struct mlx5_ib_mr *mr, u64 io_virt, size_t bcnt, 815 u32 *bytes_mapped, u32 flags) 816 { 817 struct ib_umem_odp *odp = to_ib_umem_odp(mr->umem); 818 819 lockdep_assert_held(&mr->dev->odp_srcu); 820 if (unlikely(io_virt < mr->mmkey.iova)) 821 return -EFAULT; 822 823 if (!odp->is_implicit_odp) { 824 u64 user_va; 825 826 if (check_add_overflow(io_virt - mr->mmkey.iova, 827 (u64)odp->umem.address, &user_va)) 828 return -EFAULT; 829 if (unlikely(user_va >= ib_umem_end(odp) || 830 ib_umem_end(odp) - user_va < bcnt)) 831 return -EFAULT; 832 return pagefault_real_mr(mr, odp, user_va, bcnt, bytes_mapped, 833 flags); 834 } 835 return pagefault_implicit_mr(mr, odp, io_virt, bcnt, bytes_mapped, 836 flags); 837 } 838 839 struct pf_frame { 840 struct pf_frame *next; 841 u32 key; 842 u64 io_virt; 843 size_t bcnt; 844 int depth; 845 }; 846 847 static bool mkey_is_eq(struct mlx5_core_mkey *mmkey, u32 key) 848 { 849 if (!mmkey) 850 return false; 851 if (mmkey->type == MLX5_MKEY_MW) 852 return mlx5_base_mkey(mmkey->key) == mlx5_base_mkey(key); 853 return mmkey->key == key; 854 } 855 856 static int get_indirect_num_descs(struct mlx5_core_mkey *mmkey) 857 { 858 struct mlx5_ib_mw *mw; 859 struct mlx5_ib_devx_mr *devx_mr; 860 861 if (mmkey->type == MLX5_MKEY_MW) { 862 mw = container_of(mmkey, struct mlx5_ib_mw, mmkey); 863 return mw->ndescs; 864 } 865 866 devx_mr = container_of(mmkey, struct mlx5_ib_devx_mr, 867 mmkey); 868 return devx_mr->ndescs; 869 } 870 871 /* 872 * Handle a single data segment in a page-fault WQE or RDMA region. 873 * 874 * Returns number of OS pages retrieved on success. The caller may continue to 875 * the next data segment. 876 * Can return the following error codes: 877 * -EAGAIN to designate a temporary error. The caller will abort handling the 878 * page fault and resolve it. 879 * -EFAULT when there's an error mapping the requested pages. The caller will 880 * abort the page fault handling. 881 */ 882 static int pagefault_single_data_segment(struct mlx5_ib_dev *dev, 883 struct ib_pd *pd, u32 key, 884 u64 io_virt, size_t bcnt, 885 u32 *bytes_committed, 886 u32 *bytes_mapped) 887 { 888 int npages = 0, srcu_key, ret, i, outlen, cur_outlen = 0, depth = 0; 889 struct pf_frame *head = NULL, *frame; 890 struct mlx5_core_mkey *mmkey; 891 struct mlx5_ib_mr *mr; 892 struct mlx5_klm *pklm; 893 u32 *out = NULL; 894 size_t offset; 895 int ndescs; 896 897 srcu_key = srcu_read_lock(&dev->odp_srcu); 898 899 io_virt += *bytes_committed; 900 bcnt -= *bytes_committed; 901 902 next_mr: 903 mmkey = xa_load(&dev->odp_mkeys, mlx5_base_mkey(key)); 904 if (!mmkey) { 905 mlx5_ib_dbg( 906 dev, 907 "skipping non ODP MR (lkey=0x%06x) in page fault handler.\n", 908 key); 909 if (bytes_mapped) 910 *bytes_mapped += bcnt; 911 /* 912 * The user could specify a SGL with multiple lkeys and only 913 * some of them are ODP. Treat the non-ODP ones as fully 914 * faulted. 915 */ 916 ret = 0; 917 goto srcu_unlock; 918 } 919 if (!mkey_is_eq(mmkey, key)) { 920 mlx5_ib_dbg(dev, "failed to find mkey %x\n", key); 921 ret = -EFAULT; 922 goto srcu_unlock; 923 } 924 925 switch (mmkey->type) { 926 case MLX5_MKEY_MR: 927 mr = container_of(mmkey, struct mlx5_ib_mr, mmkey); 928 929 ret = pagefault_mr(mr, io_virt, bcnt, bytes_mapped, 0); 930 if (ret < 0) 931 goto srcu_unlock; 932 933 mlx5_update_odp_stats(mr, faults, ret); 934 935 npages += ret; 936 ret = 0; 937 break; 938 939 case MLX5_MKEY_MW: 940 case MLX5_MKEY_INDIRECT_DEVX: 941 ndescs = get_indirect_num_descs(mmkey); 942 943 if (depth >= MLX5_CAP_GEN(dev->mdev, max_indirection)) { 944 mlx5_ib_dbg(dev, "indirection level exceeded\n"); 945 ret = -EFAULT; 946 goto srcu_unlock; 947 } 948 949 outlen = MLX5_ST_SZ_BYTES(query_mkey_out) + 950 sizeof(*pklm) * (ndescs - 2); 951 952 if (outlen > cur_outlen) { 953 kfree(out); 954 out = kzalloc(outlen, GFP_KERNEL); 955 if (!out) { 956 ret = -ENOMEM; 957 goto srcu_unlock; 958 } 959 cur_outlen = outlen; 960 } 961 962 pklm = (struct mlx5_klm *)MLX5_ADDR_OF(query_mkey_out, out, 963 bsf0_klm0_pas_mtt0_1); 964 965 ret = mlx5_core_query_mkey(dev->mdev, mmkey, out, outlen); 966 if (ret) 967 goto srcu_unlock; 968 969 offset = io_virt - MLX5_GET64(query_mkey_out, out, 970 memory_key_mkey_entry.start_addr); 971 972 for (i = 0; bcnt && i < ndescs; i++, pklm++) { 973 if (offset >= be32_to_cpu(pklm->bcount)) { 974 offset -= be32_to_cpu(pklm->bcount); 975 continue; 976 } 977 978 frame = kzalloc(sizeof(*frame), GFP_KERNEL); 979 if (!frame) { 980 ret = -ENOMEM; 981 goto srcu_unlock; 982 } 983 984 frame->key = be32_to_cpu(pklm->key); 985 frame->io_virt = be64_to_cpu(pklm->va) + offset; 986 frame->bcnt = min_t(size_t, bcnt, 987 be32_to_cpu(pklm->bcount) - offset); 988 frame->depth = depth + 1; 989 frame->next = head; 990 head = frame; 991 992 bcnt -= frame->bcnt; 993 offset = 0; 994 } 995 break; 996 997 default: 998 mlx5_ib_dbg(dev, "wrong mkey type %d\n", mmkey->type); 999 ret = -EFAULT; 1000 goto srcu_unlock; 1001 } 1002 1003 if (head) { 1004 frame = head; 1005 head = frame->next; 1006 1007 key = frame->key; 1008 io_virt = frame->io_virt; 1009 bcnt = frame->bcnt; 1010 depth = frame->depth; 1011 kfree(frame); 1012 1013 goto next_mr; 1014 } 1015 1016 srcu_unlock: 1017 while (head) { 1018 frame = head; 1019 head = frame->next; 1020 kfree(frame); 1021 } 1022 kfree(out); 1023 1024 srcu_read_unlock(&dev->odp_srcu, srcu_key); 1025 *bytes_committed = 0; 1026 return ret ? ret : npages; 1027 } 1028 1029 /** 1030 * Parse a series of data segments for page fault handling. 1031 * 1032 * @pfault contains page fault information. 1033 * @wqe points at the first data segment in the WQE. 1034 * @wqe_end points after the end of the WQE. 1035 * @bytes_mapped receives the number of bytes that the function was able to 1036 * map. This allows the caller to decide intelligently whether 1037 * enough memory was mapped to resolve the page fault 1038 * successfully (e.g. enough for the next MTU, or the entire 1039 * WQE). 1040 * @total_wqe_bytes receives the total data size of this WQE in bytes (minus 1041 * the committed bytes). 1042 * 1043 * Returns the number of pages loaded if positive, zero for an empty WQE, or a 1044 * negative error code. 1045 */ 1046 static int pagefault_data_segments(struct mlx5_ib_dev *dev, 1047 struct mlx5_pagefault *pfault, 1048 void *wqe, 1049 void *wqe_end, u32 *bytes_mapped, 1050 u32 *total_wqe_bytes, bool receive_queue) 1051 { 1052 int ret = 0, npages = 0; 1053 u64 io_virt; 1054 u32 key; 1055 u32 byte_count; 1056 size_t bcnt; 1057 int inline_segment; 1058 1059 if (bytes_mapped) 1060 *bytes_mapped = 0; 1061 if (total_wqe_bytes) 1062 *total_wqe_bytes = 0; 1063 1064 while (wqe < wqe_end) { 1065 struct mlx5_wqe_data_seg *dseg = wqe; 1066 1067 io_virt = be64_to_cpu(dseg->addr); 1068 key = be32_to_cpu(dseg->lkey); 1069 byte_count = be32_to_cpu(dseg->byte_count); 1070 inline_segment = !!(byte_count & MLX5_INLINE_SEG); 1071 bcnt = byte_count & ~MLX5_INLINE_SEG; 1072 1073 if (inline_segment) { 1074 bcnt = bcnt & MLX5_WQE_INLINE_SEG_BYTE_COUNT_MASK; 1075 wqe += ALIGN(sizeof(struct mlx5_wqe_inline_seg) + bcnt, 1076 16); 1077 } else { 1078 wqe += sizeof(*dseg); 1079 } 1080 1081 /* receive WQE end of sg list. */ 1082 if (receive_queue && bcnt == 0 && key == MLX5_INVALID_LKEY && 1083 io_virt == 0) 1084 break; 1085 1086 if (!inline_segment && total_wqe_bytes) { 1087 *total_wqe_bytes += bcnt - min_t(size_t, bcnt, 1088 pfault->bytes_committed); 1089 } 1090 1091 /* A zero length data segment designates a length of 2GB. */ 1092 if (bcnt == 0) 1093 bcnt = 1U << 31; 1094 1095 if (inline_segment || bcnt <= pfault->bytes_committed) { 1096 pfault->bytes_committed -= 1097 min_t(size_t, bcnt, 1098 pfault->bytes_committed); 1099 continue; 1100 } 1101 1102 ret = pagefault_single_data_segment(dev, NULL, key, 1103 io_virt, bcnt, 1104 &pfault->bytes_committed, 1105 bytes_mapped); 1106 if (ret < 0) 1107 break; 1108 npages += ret; 1109 } 1110 1111 return ret < 0 ? ret : npages; 1112 } 1113 1114 /* 1115 * Parse initiator WQE. Advances the wqe pointer to point at the 1116 * scatter-gather list, and set wqe_end to the end of the WQE. 1117 */ 1118 static int mlx5_ib_mr_initiator_pfault_handler( 1119 struct mlx5_ib_dev *dev, struct mlx5_pagefault *pfault, 1120 struct mlx5_ib_qp *qp, void **wqe, void **wqe_end, int wqe_length) 1121 { 1122 struct mlx5_wqe_ctrl_seg *ctrl = *wqe; 1123 u16 wqe_index = pfault->wqe.wqe_index; 1124 struct mlx5_base_av *av; 1125 unsigned ds, opcode; 1126 u32 qpn = qp->trans_qp.base.mqp.qpn; 1127 1128 ds = be32_to_cpu(ctrl->qpn_ds) & MLX5_WQE_CTRL_DS_MASK; 1129 if (ds * MLX5_WQE_DS_UNITS > wqe_length) { 1130 mlx5_ib_err(dev, "Unable to read the complete WQE. ds = 0x%x, ret = 0x%x\n", 1131 ds, wqe_length); 1132 return -EFAULT; 1133 } 1134 1135 if (ds == 0) { 1136 mlx5_ib_err(dev, "Got WQE with zero DS. wqe_index=%x, qpn=%x\n", 1137 wqe_index, qpn); 1138 return -EFAULT; 1139 } 1140 1141 *wqe_end = *wqe + ds * MLX5_WQE_DS_UNITS; 1142 *wqe += sizeof(*ctrl); 1143 1144 opcode = be32_to_cpu(ctrl->opmod_idx_opcode) & 1145 MLX5_WQE_CTRL_OPCODE_MASK; 1146 1147 if (qp->ibqp.qp_type == IB_QPT_XRC_INI) 1148 *wqe += sizeof(struct mlx5_wqe_xrc_seg); 1149 1150 if (qp->type == IB_QPT_UD || qp->type == MLX5_IB_QPT_DCI) { 1151 av = *wqe; 1152 if (av->dqp_dct & cpu_to_be32(MLX5_EXTENDED_UD_AV)) 1153 *wqe += sizeof(struct mlx5_av); 1154 else 1155 *wqe += sizeof(struct mlx5_base_av); 1156 } 1157 1158 switch (opcode) { 1159 case MLX5_OPCODE_RDMA_WRITE: 1160 case MLX5_OPCODE_RDMA_WRITE_IMM: 1161 case MLX5_OPCODE_RDMA_READ: 1162 *wqe += sizeof(struct mlx5_wqe_raddr_seg); 1163 break; 1164 case MLX5_OPCODE_ATOMIC_CS: 1165 case MLX5_OPCODE_ATOMIC_FA: 1166 *wqe += sizeof(struct mlx5_wqe_raddr_seg); 1167 *wqe += sizeof(struct mlx5_wqe_atomic_seg); 1168 break; 1169 } 1170 1171 return 0; 1172 } 1173 1174 /* 1175 * Parse responder WQE and set wqe_end to the end of the WQE. 1176 */ 1177 static int mlx5_ib_mr_responder_pfault_handler_srq(struct mlx5_ib_dev *dev, 1178 struct mlx5_ib_srq *srq, 1179 void **wqe, void **wqe_end, 1180 int wqe_length) 1181 { 1182 int wqe_size = 1 << srq->msrq.wqe_shift; 1183 1184 if (wqe_size > wqe_length) { 1185 mlx5_ib_err(dev, "Couldn't read all of the receive WQE's content\n"); 1186 return -EFAULT; 1187 } 1188 1189 *wqe_end = *wqe + wqe_size; 1190 *wqe += sizeof(struct mlx5_wqe_srq_next_seg); 1191 1192 return 0; 1193 } 1194 1195 static int mlx5_ib_mr_responder_pfault_handler_rq(struct mlx5_ib_dev *dev, 1196 struct mlx5_ib_qp *qp, 1197 void *wqe, void **wqe_end, 1198 int wqe_length) 1199 { 1200 struct mlx5_ib_wq *wq = &qp->rq; 1201 int wqe_size = 1 << wq->wqe_shift; 1202 1203 if (qp->flags_en & MLX5_QP_FLAG_SIGNATURE) { 1204 mlx5_ib_err(dev, "ODP fault with WQE signatures is not supported\n"); 1205 return -EFAULT; 1206 } 1207 1208 if (wqe_size > wqe_length) { 1209 mlx5_ib_err(dev, "Couldn't read all of the receive WQE's content\n"); 1210 return -EFAULT; 1211 } 1212 1213 *wqe_end = wqe + wqe_size; 1214 1215 return 0; 1216 } 1217 1218 static inline struct mlx5_core_rsc_common *odp_get_rsc(struct mlx5_ib_dev *dev, 1219 u32 wq_num, int pf_type) 1220 { 1221 struct mlx5_core_rsc_common *common = NULL; 1222 struct mlx5_core_srq *srq; 1223 1224 switch (pf_type) { 1225 case MLX5_WQE_PF_TYPE_RMP: 1226 srq = mlx5_cmd_get_srq(dev, wq_num); 1227 if (srq) 1228 common = &srq->common; 1229 break; 1230 case MLX5_WQE_PF_TYPE_REQ_SEND_OR_WRITE: 1231 case MLX5_WQE_PF_TYPE_RESP: 1232 case MLX5_WQE_PF_TYPE_REQ_READ_OR_ATOMIC: 1233 common = mlx5_core_res_hold(dev, wq_num, MLX5_RES_QP); 1234 break; 1235 default: 1236 break; 1237 } 1238 1239 return common; 1240 } 1241 1242 static inline struct mlx5_ib_qp *res_to_qp(struct mlx5_core_rsc_common *res) 1243 { 1244 struct mlx5_core_qp *mqp = (struct mlx5_core_qp *)res; 1245 1246 return to_mibqp(mqp); 1247 } 1248 1249 static inline struct mlx5_ib_srq *res_to_srq(struct mlx5_core_rsc_common *res) 1250 { 1251 struct mlx5_core_srq *msrq = 1252 container_of(res, struct mlx5_core_srq, common); 1253 1254 return to_mibsrq(msrq); 1255 } 1256 1257 static void mlx5_ib_mr_wqe_pfault_handler(struct mlx5_ib_dev *dev, 1258 struct mlx5_pagefault *pfault) 1259 { 1260 bool sq = pfault->type & MLX5_PFAULT_REQUESTOR; 1261 u16 wqe_index = pfault->wqe.wqe_index; 1262 void *wqe, *wqe_start = NULL, *wqe_end = NULL; 1263 u32 bytes_mapped, total_wqe_bytes; 1264 struct mlx5_core_rsc_common *res; 1265 int resume_with_error = 1; 1266 struct mlx5_ib_qp *qp; 1267 size_t bytes_copied; 1268 int ret = 0; 1269 1270 res = odp_get_rsc(dev, pfault->wqe.wq_num, pfault->type); 1271 if (!res) { 1272 mlx5_ib_dbg(dev, "wqe page fault for missing resource %d\n", pfault->wqe.wq_num); 1273 return; 1274 } 1275 1276 if (res->res != MLX5_RES_QP && res->res != MLX5_RES_SRQ && 1277 res->res != MLX5_RES_XSRQ) { 1278 mlx5_ib_err(dev, "wqe page fault for unsupported type %d\n", 1279 pfault->type); 1280 goto resolve_page_fault; 1281 } 1282 1283 wqe_start = (void *)__get_free_page(GFP_KERNEL); 1284 if (!wqe_start) { 1285 mlx5_ib_err(dev, "Error allocating memory for IO page fault handling.\n"); 1286 goto resolve_page_fault; 1287 } 1288 1289 wqe = wqe_start; 1290 qp = (res->res == MLX5_RES_QP) ? res_to_qp(res) : NULL; 1291 if (qp && sq) { 1292 ret = mlx5_ib_read_wqe_sq(qp, wqe_index, wqe, PAGE_SIZE, 1293 &bytes_copied); 1294 if (ret) 1295 goto read_user; 1296 ret = mlx5_ib_mr_initiator_pfault_handler( 1297 dev, pfault, qp, &wqe, &wqe_end, bytes_copied); 1298 } else if (qp && !sq) { 1299 ret = mlx5_ib_read_wqe_rq(qp, wqe_index, wqe, PAGE_SIZE, 1300 &bytes_copied); 1301 if (ret) 1302 goto read_user; 1303 ret = mlx5_ib_mr_responder_pfault_handler_rq( 1304 dev, qp, wqe, &wqe_end, bytes_copied); 1305 } else if (!qp) { 1306 struct mlx5_ib_srq *srq = res_to_srq(res); 1307 1308 ret = mlx5_ib_read_wqe_srq(srq, wqe_index, wqe, PAGE_SIZE, 1309 &bytes_copied); 1310 if (ret) 1311 goto read_user; 1312 ret = mlx5_ib_mr_responder_pfault_handler_srq( 1313 dev, srq, &wqe, &wqe_end, bytes_copied); 1314 } 1315 1316 if (ret < 0 || wqe >= wqe_end) 1317 goto resolve_page_fault; 1318 1319 ret = pagefault_data_segments(dev, pfault, wqe, wqe_end, &bytes_mapped, 1320 &total_wqe_bytes, !sq); 1321 if (ret == -EAGAIN) 1322 goto out; 1323 1324 if (ret < 0 || total_wqe_bytes > bytes_mapped) 1325 goto resolve_page_fault; 1326 1327 out: 1328 ret = 0; 1329 resume_with_error = 0; 1330 1331 read_user: 1332 if (ret) 1333 mlx5_ib_err( 1334 dev, 1335 "Failed reading a WQE following page fault, error %d, wqe_index %x, qpn %x\n", 1336 ret, wqe_index, pfault->token); 1337 1338 resolve_page_fault: 1339 mlx5_ib_page_fault_resume(dev, pfault, resume_with_error); 1340 mlx5_ib_dbg(dev, "PAGE FAULT completed. QP 0x%x resume_with_error=%d, type: 0x%x\n", 1341 pfault->wqe.wq_num, resume_with_error, 1342 pfault->type); 1343 mlx5_core_res_put(res); 1344 free_page((unsigned long)wqe_start); 1345 } 1346 1347 static int pages_in_range(u64 address, u32 length) 1348 { 1349 return (ALIGN(address + length, PAGE_SIZE) - 1350 (address & PAGE_MASK)) >> PAGE_SHIFT; 1351 } 1352 1353 static void mlx5_ib_mr_rdma_pfault_handler(struct mlx5_ib_dev *dev, 1354 struct mlx5_pagefault *pfault) 1355 { 1356 u64 address; 1357 u32 length; 1358 u32 prefetch_len = pfault->bytes_committed; 1359 int prefetch_activated = 0; 1360 u32 rkey = pfault->rdma.r_key; 1361 int ret; 1362 1363 /* The RDMA responder handler handles the page fault in two parts. 1364 * First it brings the necessary pages for the current packet 1365 * (and uses the pfault context), and then (after resuming the QP) 1366 * prefetches more pages. The second operation cannot use the pfault 1367 * context and therefore uses the dummy_pfault context allocated on 1368 * the stack */ 1369 pfault->rdma.rdma_va += pfault->bytes_committed; 1370 pfault->rdma.rdma_op_len -= min(pfault->bytes_committed, 1371 pfault->rdma.rdma_op_len); 1372 pfault->bytes_committed = 0; 1373 1374 address = pfault->rdma.rdma_va; 1375 length = pfault->rdma.rdma_op_len; 1376 1377 /* For some operations, the hardware cannot tell the exact message 1378 * length, and in those cases it reports zero. Use prefetch 1379 * logic. */ 1380 if (length == 0) { 1381 prefetch_activated = 1; 1382 length = pfault->rdma.packet_size; 1383 prefetch_len = min(MAX_PREFETCH_LEN, prefetch_len); 1384 } 1385 1386 ret = pagefault_single_data_segment(dev, NULL, rkey, address, length, 1387 &pfault->bytes_committed, NULL); 1388 if (ret == -EAGAIN) { 1389 /* We're racing with an invalidation, don't prefetch */ 1390 prefetch_activated = 0; 1391 } else if (ret < 0 || pages_in_range(address, length) > ret) { 1392 mlx5_ib_page_fault_resume(dev, pfault, 1); 1393 if (ret != -ENOENT) 1394 mlx5_ib_dbg(dev, "PAGE FAULT error %d. QP 0x%x, type: 0x%x\n", 1395 ret, pfault->token, pfault->type); 1396 return; 1397 } 1398 1399 mlx5_ib_page_fault_resume(dev, pfault, 0); 1400 mlx5_ib_dbg(dev, "PAGE FAULT completed. QP 0x%x, type: 0x%x, prefetch_activated: %d\n", 1401 pfault->token, pfault->type, 1402 prefetch_activated); 1403 1404 /* At this point, there might be a new pagefault already arriving in 1405 * the eq, switch to the dummy pagefault for the rest of the 1406 * processing. We're still OK with the objects being alive as the 1407 * work-queue is being fenced. */ 1408 1409 if (prefetch_activated) { 1410 u32 bytes_committed = 0; 1411 1412 ret = pagefault_single_data_segment(dev, NULL, rkey, address, 1413 prefetch_len, 1414 &bytes_committed, NULL); 1415 if (ret < 0 && ret != -EAGAIN) { 1416 mlx5_ib_dbg(dev, "Prefetch failed. ret: %d, QP 0x%x, address: 0x%.16llx, length = 0x%.16x\n", 1417 ret, pfault->token, address, prefetch_len); 1418 } 1419 } 1420 } 1421 1422 static void mlx5_ib_pfault(struct mlx5_ib_dev *dev, struct mlx5_pagefault *pfault) 1423 { 1424 u8 event_subtype = pfault->event_subtype; 1425 1426 switch (event_subtype) { 1427 case MLX5_PFAULT_SUBTYPE_WQE: 1428 mlx5_ib_mr_wqe_pfault_handler(dev, pfault); 1429 break; 1430 case MLX5_PFAULT_SUBTYPE_RDMA: 1431 mlx5_ib_mr_rdma_pfault_handler(dev, pfault); 1432 break; 1433 default: 1434 mlx5_ib_err(dev, "Invalid page fault event subtype: 0x%x\n", 1435 event_subtype); 1436 mlx5_ib_page_fault_resume(dev, pfault, 1); 1437 } 1438 } 1439 1440 static void mlx5_ib_eqe_pf_action(struct work_struct *work) 1441 { 1442 struct mlx5_pagefault *pfault = container_of(work, 1443 struct mlx5_pagefault, 1444 work); 1445 struct mlx5_ib_pf_eq *eq = pfault->eq; 1446 1447 mlx5_ib_pfault(eq->dev, pfault); 1448 mempool_free(pfault, eq->pool); 1449 } 1450 1451 static void mlx5_ib_eq_pf_process(struct mlx5_ib_pf_eq *eq) 1452 { 1453 struct mlx5_eqe_page_fault *pf_eqe; 1454 struct mlx5_pagefault *pfault; 1455 struct mlx5_eqe *eqe; 1456 int cc = 0; 1457 1458 while ((eqe = mlx5_eq_get_eqe(eq->core, cc))) { 1459 pfault = mempool_alloc(eq->pool, GFP_ATOMIC); 1460 if (!pfault) { 1461 schedule_work(&eq->work); 1462 break; 1463 } 1464 1465 pf_eqe = &eqe->data.page_fault; 1466 pfault->event_subtype = eqe->sub_type; 1467 pfault->bytes_committed = be32_to_cpu(pf_eqe->bytes_committed); 1468 1469 mlx5_ib_dbg(eq->dev, 1470 "PAGE_FAULT: subtype: 0x%02x, bytes_committed: 0x%06x\n", 1471 eqe->sub_type, pfault->bytes_committed); 1472 1473 switch (eqe->sub_type) { 1474 case MLX5_PFAULT_SUBTYPE_RDMA: 1475 /* RDMA based event */ 1476 pfault->type = 1477 be32_to_cpu(pf_eqe->rdma.pftype_token) >> 24; 1478 pfault->token = 1479 be32_to_cpu(pf_eqe->rdma.pftype_token) & 1480 MLX5_24BIT_MASK; 1481 pfault->rdma.r_key = 1482 be32_to_cpu(pf_eqe->rdma.r_key); 1483 pfault->rdma.packet_size = 1484 be16_to_cpu(pf_eqe->rdma.packet_length); 1485 pfault->rdma.rdma_op_len = 1486 be32_to_cpu(pf_eqe->rdma.rdma_op_len); 1487 pfault->rdma.rdma_va = 1488 be64_to_cpu(pf_eqe->rdma.rdma_va); 1489 mlx5_ib_dbg(eq->dev, 1490 "PAGE_FAULT: type:0x%x, token: 0x%06x, r_key: 0x%08x\n", 1491 pfault->type, pfault->token, 1492 pfault->rdma.r_key); 1493 mlx5_ib_dbg(eq->dev, 1494 "PAGE_FAULT: rdma_op_len: 0x%08x, rdma_va: 0x%016llx\n", 1495 pfault->rdma.rdma_op_len, 1496 pfault->rdma.rdma_va); 1497 break; 1498 1499 case MLX5_PFAULT_SUBTYPE_WQE: 1500 /* WQE based event */ 1501 pfault->type = 1502 (be32_to_cpu(pf_eqe->wqe.pftype_wq) >> 24) & 0x7; 1503 pfault->token = 1504 be32_to_cpu(pf_eqe->wqe.token); 1505 pfault->wqe.wq_num = 1506 be32_to_cpu(pf_eqe->wqe.pftype_wq) & 1507 MLX5_24BIT_MASK; 1508 pfault->wqe.wqe_index = 1509 be16_to_cpu(pf_eqe->wqe.wqe_index); 1510 pfault->wqe.packet_size = 1511 be16_to_cpu(pf_eqe->wqe.packet_length); 1512 mlx5_ib_dbg(eq->dev, 1513 "PAGE_FAULT: type:0x%x, token: 0x%06x, wq_num: 0x%06x, wqe_index: 0x%04x\n", 1514 pfault->type, pfault->token, 1515 pfault->wqe.wq_num, 1516 pfault->wqe.wqe_index); 1517 break; 1518 1519 default: 1520 mlx5_ib_warn(eq->dev, 1521 "Unsupported page fault event sub-type: 0x%02hhx\n", 1522 eqe->sub_type); 1523 /* Unsupported page faults should still be 1524 * resolved by the page fault handler 1525 */ 1526 } 1527 1528 pfault->eq = eq; 1529 INIT_WORK(&pfault->work, mlx5_ib_eqe_pf_action); 1530 queue_work(eq->wq, &pfault->work); 1531 1532 cc = mlx5_eq_update_cc(eq->core, ++cc); 1533 } 1534 1535 mlx5_eq_update_ci(eq->core, cc, 1); 1536 } 1537 1538 static int mlx5_ib_eq_pf_int(struct notifier_block *nb, unsigned long type, 1539 void *data) 1540 { 1541 struct mlx5_ib_pf_eq *eq = 1542 container_of(nb, struct mlx5_ib_pf_eq, irq_nb); 1543 unsigned long flags; 1544 1545 if (spin_trylock_irqsave(&eq->lock, flags)) { 1546 mlx5_ib_eq_pf_process(eq); 1547 spin_unlock_irqrestore(&eq->lock, flags); 1548 } else { 1549 schedule_work(&eq->work); 1550 } 1551 1552 return IRQ_HANDLED; 1553 } 1554 1555 /* mempool_refill() was proposed but unfortunately wasn't accepted 1556 * http://lkml.iu.edu/hypermail/linux/kernel/1512.1/05073.html 1557 * Cheap workaround. 1558 */ 1559 static void mempool_refill(mempool_t *pool) 1560 { 1561 while (pool->curr_nr < pool->min_nr) 1562 mempool_free(mempool_alloc(pool, GFP_KERNEL), pool); 1563 } 1564 1565 static void mlx5_ib_eq_pf_action(struct work_struct *work) 1566 { 1567 struct mlx5_ib_pf_eq *eq = 1568 container_of(work, struct mlx5_ib_pf_eq, work); 1569 1570 mempool_refill(eq->pool); 1571 1572 spin_lock_irq(&eq->lock); 1573 mlx5_ib_eq_pf_process(eq); 1574 spin_unlock_irq(&eq->lock); 1575 } 1576 1577 enum { 1578 MLX5_IB_NUM_PF_EQE = 0x1000, 1579 MLX5_IB_NUM_PF_DRAIN = 64, 1580 }; 1581 1582 static int 1583 mlx5_ib_create_pf_eq(struct mlx5_ib_dev *dev, struct mlx5_ib_pf_eq *eq) 1584 { 1585 struct mlx5_eq_param param = {}; 1586 int err; 1587 1588 INIT_WORK(&eq->work, mlx5_ib_eq_pf_action); 1589 spin_lock_init(&eq->lock); 1590 eq->dev = dev; 1591 1592 eq->pool = mempool_create_kmalloc_pool(MLX5_IB_NUM_PF_DRAIN, 1593 sizeof(struct mlx5_pagefault)); 1594 if (!eq->pool) 1595 return -ENOMEM; 1596 1597 eq->wq = alloc_workqueue("mlx5_ib_page_fault", 1598 WQ_HIGHPRI | WQ_UNBOUND | WQ_MEM_RECLAIM, 1599 MLX5_NUM_CMD_EQE); 1600 if (!eq->wq) { 1601 err = -ENOMEM; 1602 goto err_mempool; 1603 } 1604 1605 eq->irq_nb.notifier_call = mlx5_ib_eq_pf_int; 1606 param = (struct mlx5_eq_param) { 1607 .irq_index = 0, 1608 .nent = MLX5_IB_NUM_PF_EQE, 1609 }; 1610 param.mask[0] = 1ull << MLX5_EVENT_TYPE_PAGE_FAULT; 1611 eq->core = mlx5_eq_create_generic(dev->mdev, ¶m); 1612 if (IS_ERR(eq->core)) { 1613 err = PTR_ERR(eq->core); 1614 goto err_wq; 1615 } 1616 err = mlx5_eq_enable(dev->mdev, eq->core, &eq->irq_nb); 1617 if (err) { 1618 mlx5_ib_err(dev, "failed to enable odp EQ %d\n", err); 1619 goto err_eq; 1620 } 1621 1622 return 0; 1623 err_eq: 1624 mlx5_eq_destroy_generic(dev->mdev, eq->core); 1625 err_wq: 1626 destroy_workqueue(eq->wq); 1627 err_mempool: 1628 mempool_destroy(eq->pool); 1629 return err; 1630 } 1631 1632 static int 1633 mlx5_ib_destroy_pf_eq(struct mlx5_ib_dev *dev, struct mlx5_ib_pf_eq *eq) 1634 { 1635 int err; 1636 1637 mlx5_eq_disable(dev->mdev, eq->core, &eq->irq_nb); 1638 err = mlx5_eq_destroy_generic(dev->mdev, eq->core); 1639 cancel_work_sync(&eq->work); 1640 destroy_workqueue(eq->wq); 1641 mempool_destroy(eq->pool); 1642 1643 return err; 1644 } 1645 1646 void mlx5_odp_init_mr_cache_entry(struct mlx5_cache_ent *ent) 1647 { 1648 if (!(ent->dev->odp_caps.general_caps & IB_ODP_SUPPORT_IMPLICIT)) 1649 return; 1650 1651 switch (ent->order - 2) { 1652 case MLX5_IMR_MTT_CACHE_ENTRY: 1653 ent->page = PAGE_SHIFT; 1654 ent->xlt = MLX5_IMR_MTT_ENTRIES * 1655 sizeof(struct mlx5_mtt) / 1656 MLX5_IB_UMR_OCTOWORD; 1657 ent->access_mode = MLX5_MKC_ACCESS_MODE_MTT; 1658 ent->limit = 0; 1659 break; 1660 1661 case MLX5_IMR_KSM_CACHE_ENTRY: 1662 ent->page = MLX5_KSM_PAGE_SHIFT; 1663 ent->xlt = mlx5_imr_ksm_entries * 1664 sizeof(struct mlx5_klm) / 1665 MLX5_IB_UMR_OCTOWORD; 1666 ent->access_mode = MLX5_MKC_ACCESS_MODE_KSM; 1667 ent->limit = 0; 1668 break; 1669 } 1670 } 1671 1672 static const struct ib_device_ops mlx5_ib_dev_odp_ops = { 1673 .advise_mr = mlx5_ib_advise_mr, 1674 }; 1675 1676 int mlx5_ib_odp_init_one(struct mlx5_ib_dev *dev) 1677 { 1678 int ret = 0; 1679 1680 if (!(dev->odp_caps.general_caps & IB_ODP_SUPPORT)) 1681 return ret; 1682 1683 ib_set_device_ops(&dev->ib_dev, &mlx5_ib_dev_odp_ops); 1684 1685 if (dev->odp_caps.general_caps & IB_ODP_SUPPORT_IMPLICIT) { 1686 ret = mlx5_cmd_null_mkey(dev->mdev, &dev->null_mkey); 1687 if (ret) { 1688 mlx5_ib_err(dev, "Error getting null_mkey %d\n", ret); 1689 return ret; 1690 } 1691 } 1692 1693 ret = mlx5_ib_create_pf_eq(dev, &dev->odp_pf_eq); 1694 1695 return ret; 1696 } 1697 1698 void mlx5_ib_odp_cleanup_one(struct mlx5_ib_dev *dev) 1699 { 1700 if (!(dev->odp_caps.general_caps & IB_ODP_SUPPORT)) 1701 return; 1702 1703 mlx5_ib_destroy_pf_eq(dev, &dev->odp_pf_eq); 1704 } 1705 1706 int mlx5_ib_odp_init(void) 1707 { 1708 mlx5_imr_ksm_entries = BIT_ULL(get_order(TASK_SIZE) - 1709 MLX5_IMR_MTT_BITS); 1710 1711 return 0; 1712 } 1713 1714 struct prefetch_mr_work { 1715 struct work_struct work; 1716 u32 pf_flags; 1717 u32 num_sge; 1718 struct { 1719 u64 io_virt; 1720 struct mlx5_ib_mr *mr; 1721 size_t length; 1722 } frags[]; 1723 }; 1724 1725 static void destroy_prefetch_work(struct prefetch_mr_work *work) 1726 { 1727 u32 i; 1728 1729 for (i = 0; i < work->num_sge; ++i) 1730 if (atomic_dec_and_test(&work->frags[i].mr->num_deferred_work)) 1731 wake_up(&work->frags[i].mr->q_deferred_work); 1732 kvfree(work); 1733 } 1734 1735 static struct mlx5_ib_mr * 1736 get_prefetchable_mr(struct ib_pd *pd, enum ib_uverbs_advise_mr_advice advice, 1737 u32 lkey) 1738 { 1739 struct mlx5_ib_dev *dev = to_mdev(pd->device); 1740 struct mlx5_core_mkey *mmkey; 1741 struct ib_umem_odp *odp; 1742 struct mlx5_ib_mr *mr; 1743 1744 lockdep_assert_held(&dev->odp_srcu); 1745 1746 mmkey = xa_load(&dev->odp_mkeys, mlx5_base_mkey(lkey)); 1747 if (!mmkey || mmkey->key != lkey || mmkey->type != MLX5_MKEY_MR) 1748 return NULL; 1749 1750 mr = container_of(mmkey, struct mlx5_ib_mr, mmkey); 1751 1752 if (mr->ibmr.pd != pd) 1753 return NULL; 1754 1755 odp = to_ib_umem_odp(mr->umem); 1756 1757 /* prefetch with write-access must be supported by the MR */ 1758 if (advice == IB_UVERBS_ADVISE_MR_ADVICE_PREFETCH_WRITE && 1759 !odp->umem.writable) 1760 return NULL; 1761 1762 return mr; 1763 } 1764 1765 static void mlx5_ib_prefetch_mr_work(struct work_struct *w) 1766 { 1767 struct prefetch_mr_work *work = 1768 container_of(w, struct prefetch_mr_work, work); 1769 struct mlx5_ib_dev *dev; 1770 u32 bytes_mapped = 0; 1771 int srcu_key; 1772 int ret; 1773 u32 i; 1774 1775 /* We rely on IB/core that work is executed if we have num_sge != 0 only. */ 1776 WARN_ON(!work->num_sge); 1777 dev = work->frags[0].mr->dev; 1778 /* SRCU should be held when calling to mlx5_odp_populate_xlt() */ 1779 srcu_key = srcu_read_lock(&dev->odp_srcu); 1780 for (i = 0; i < work->num_sge; ++i) { 1781 ret = pagefault_mr(work->frags[i].mr, work->frags[i].io_virt, 1782 work->frags[i].length, &bytes_mapped, 1783 work->pf_flags); 1784 if (ret <= 0) 1785 continue; 1786 mlx5_update_odp_stats(work->frags[i].mr, prefetch, ret); 1787 } 1788 srcu_read_unlock(&dev->odp_srcu, srcu_key); 1789 1790 destroy_prefetch_work(work); 1791 } 1792 1793 static bool init_prefetch_work(struct ib_pd *pd, 1794 enum ib_uverbs_advise_mr_advice advice, 1795 u32 pf_flags, struct prefetch_mr_work *work, 1796 struct ib_sge *sg_list, u32 num_sge) 1797 { 1798 u32 i; 1799 1800 INIT_WORK(&work->work, mlx5_ib_prefetch_mr_work); 1801 work->pf_flags = pf_flags; 1802 1803 for (i = 0; i < num_sge; ++i) { 1804 work->frags[i].io_virt = sg_list[i].addr; 1805 work->frags[i].length = sg_list[i].length; 1806 work->frags[i].mr = 1807 get_prefetchable_mr(pd, advice, sg_list[i].lkey); 1808 if (!work->frags[i].mr) { 1809 work->num_sge = i; 1810 return false; 1811 } 1812 1813 /* Keep the MR pointer will valid outside the SRCU */ 1814 atomic_inc(&work->frags[i].mr->num_deferred_work); 1815 } 1816 work->num_sge = num_sge; 1817 return true; 1818 } 1819 1820 static int mlx5_ib_prefetch_sg_list(struct ib_pd *pd, 1821 enum ib_uverbs_advise_mr_advice advice, 1822 u32 pf_flags, struct ib_sge *sg_list, 1823 u32 num_sge) 1824 { 1825 struct mlx5_ib_dev *dev = to_mdev(pd->device); 1826 u32 bytes_mapped = 0; 1827 int srcu_key; 1828 int ret = 0; 1829 u32 i; 1830 1831 srcu_key = srcu_read_lock(&dev->odp_srcu); 1832 for (i = 0; i < num_sge; ++i) { 1833 struct mlx5_ib_mr *mr; 1834 1835 mr = get_prefetchable_mr(pd, advice, sg_list[i].lkey); 1836 if (!mr) { 1837 ret = -ENOENT; 1838 goto out; 1839 } 1840 ret = pagefault_mr(mr, sg_list[i].addr, sg_list[i].length, 1841 &bytes_mapped, pf_flags); 1842 if (ret < 0) 1843 goto out; 1844 mlx5_update_odp_stats(mr, prefetch, ret); 1845 } 1846 ret = 0; 1847 1848 out: 1849 srcu_read_unlock(&dev->odp_srcu, srcu_key); 1850 return ret; 1851 } 1852 1853 int mlx5_ib_advise_mr_prefetch(struct ib_pd *pd, 1854 enum ib_uverbs_advise_mr_advice advice, 1855 u32 flags, struct ib_sge *sg_list, u32 num_sge) 1856 { 1857 struct mlx5_ib_dev *dev = to_mdev(pd->device); 1858 u32 pf_flags = 0; 1859 struct prefetch_mr_work *work; 1860 int srcu_key; 1861 1862 if (advice == IB_UVERBS_ADVISE_MR_ADVICE_PREFETCH) 1863 pf_flags |= MLX5_PF_FLAGS_DOWNGRADE; 1864 1865 if (flags & IB_UVERBS_ADVISE_MR_FLAG_FLUSH) 1866 return mlx5_ib_prefetch_sg_list(pd, advice, pf_flags, sg_list, 1867 num_sge); 1868 1869 work = kvzalloc(struct_size(work, frags, num_sge), GFP_KERNEL); 1870 if (!work) 1871 return -ENOMEM; 1872 1873 srcu_key = srcu_read_lock(&dev->odp_srcu); 1874 if (!init_prefetch_work(pd, advice, pf_flags, work, sg_list, num_sge)) { 1875 srcu_read_unlock(&dev->odp_srcu, srcu_key); 1876 destroy_prefetch_work(work); 1877 return -EINVAL; 1878 } 1879 queue_work(system_unbound_wq, &work->work); 1880 srcu_read_unlock(&dev->odp_srcu, srcu_key); 1881 return 0; 1882 } 1883