1 /* 2 * Copyright (c) 2013-2015, Mellanox Technologies. All rights reserved. 3 * 4 * This software is available to you under a choice of one of two 5 * licenses. You may choose to be licensed under the terms of the GNU 6 * General Public License (GPL) Version 2, available from the file 7 * COPYING in the main directory of this source tree, or the 8 * OpenIB.org BSD license below: 9 * 10 * Redistribution and use in source and binary forms, with or 11 * without modification, are permitted provided that the following 12 * conditions are met: 13 * 14 * - Redistributions of source code must retain the above 15 * copyright notice, this list of conditions and the following 16 * disclaimer. 17 * 18 * - Redistributions in binary form must reproduce the above 19 * copyright notice, this list of conditions and the following 20 * disclaimer in the documentation and/or other materials 21 * provided with the distribution. 22 * 23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 30 * SOFTWARE. 31 */ 32 33 #include <rdma/ib_umem_odp.h> 34 #include <linux/kernel.h> 35 #include <linux/dma-buf.h> 36 #include <linux/dma-resv.h> 37 38 #include "mlx5_ib.h" 39 #include "cmd.h" 40 #include "umr.h" 41 #include "qp.h" 42 43 #include <linux/mlx5/eq.h> 44 45 /* Contains the details of a pagefault. */ 46 struct mlx5_pagefault { 47 u32 bytes_committed; 48 u32 token; 49 u8 event_subtype; 50 u8 type; 51 union { 52 /* Initiator or send message responder pagefault details. */ 53 struct { 54 /* Received packet size, only valid for responders. */ 55 u32 packet_size; 56 /* 57 * Number of resource holding WQE, depends on type. 58 */ 59 u32 wq_num; 60 /* 61 * WQE index. Refers to either the send queue or 62 * receive queue, according to event_subtype. 63 */ 64 u16 wqe_index; 65 } wqe; 66 /* RDMA responder pagefault details */ 67 struct { 68 u32 r_key; 69 /* 70 * Received packet size, minimal size page fault 71 * resolution required for forward progress. 72 */ 73 u32 packet_size; 74 u32 rdma_op_len; 75 u64 rdma_va; 76 } rdma; 77 }; 78 79 struct mlx5_ib_pf_eq *eq; 80 struct work_struct work; 81 }; 82 83 #define MAX_PREFETCH_LEN (4*1024*1024U) 84 85 /* Timeout in ms to wait for an active mmu notifier to complete when handling 86 * a pagefault. */ 87 #define MMU_NOTIFIER_TIMEOUT 1000 88 89 #define MLX5_IMR_MTT_BITS (30 - PAGE_SHIFT) 90 #define MLX5_IMR_MTT_SHIFT (MLX5_IMR_MTT_BITS + PAGE_SHIFT) 91 #define MLX5_IMR_MTT_ENTRIES BIT_ULL(MLX5_IMR_MTT_BITS) 92 #define MLX5_IMR_MTT_SIZE BIT_ULL(MLX5_IMR_MTT_SHIFT) 93 #define MLX5_IMR_MTT_MASK (~(MLX5_IMR_MTT_SIZE - 1)) 94 95 #define MLX5_KSM_PAGE_SHIFT MLX5_IMR_MTT_SHIFT 96 97 static u64 mlx5_imr_ksm_entries; 98 99 static void populate_klm(struct mlx5_klm *pklm, size_t idx, size_t nentries, 100 struct mlx5_ib_mr *imr, int flags) 101 { 102 struct mlx5_klm *end = pklm + nentries; 103 104 if (flags & MLX5_IB_UPD_XLT_ZAP) { 105 for (; pklm != end; pklm++, idx++) { 106 pklm->bcount = cpu_to_be32(MLX5_IMR_MTT_SIZE); 107 pklm->key = mr_to_mdev(imr)->mkeys.null_mkey; 108 pklm->va = 0; 109 } 110 return; 111 } 112 113 /* 114 * The locking here is pretty subtle. Ideally the implicit_children 115 * xarray would be protected by the umem_mutex, however that is not 116 * possible. Instead this uses a weaker update-then-lock pattern: 117 * 118 * xa_store() 119 * mutex_lock(umem_mutex) 120 * mlx5r_umr_update_xlt() 121 * mutex_unlock(umem_mutex) 122 * destroy lkey 123 * 124 * ie any change the xarray must be followed by the locked update_xlt 125 * before destroying. 126 * 127 * The umem_mutex provides the acquire/release semantic needed to make 128 * the xa_store() visible to a racing thread. 129 */ 130 lockdep_assert_held(&to_ib_umem_odp(imr->umem)->umem_mutex); 131 132 for (; pklm != end; pklm++, idx++) { 133 struct mlx5_ib_mr *mtt = xa_load(&imr->implicit_children, idx); 134 135 pklm->bcount = cpu_to_be32(MLX5_IMR_MTT_SIZE); 136 if (mtt) { 137 pklm->key = cpu_to_be32(mtt->ibmr.lkey); 138 pklm->va = cpu_to_be64(idx * MLX5_IMR_MTT_SIZE); 139 } else { 140 pklm->key = mr_to_mdev(imr)->mkeys.null_mkey; 141 pklm->va = 0; 142 } 143 } 144 } 145 146 static u64 umem_dma_to_mtt(dma_addr_t umem_dma) 147 { 148 u64 mtt_entry = umem_dma & ODP_DMA_ADDR_MASK; 149 150 if (umem_dma & ODP_READ_ALLOWED_BIT) 151 mtt_entry |= MLX5_IB_MTT_READ; 152 if (umem_dma & ODP_WRITE_ALLOWED_BIT) 153 mtt_entry |= MLX5_IB_MTT_WRITE; 154 155 return mtt_entry; 156 } 157 158 static void populate_mtt(__be64 *pas, size_t idx, size_t nentries, 159 struct mlx5_ib_mr *mr, int flags) 160 { 161 struct ib_umem_odp *odp = to_ib_umem_odp(mr->umem); 162 dma_addr_t pa; 163 size_t i; 164 165 if (flags & MLX5_IB_UPD_XLT_ZAP) 166 return; 167 168 for (i = 0; i < nentries; i++) { 169 pa = odp->dma_list[idx + i]; 170 pas[i] = cpu_to_be64(umem_dma_to_mtt(pa)); 171 } 172 } 173 174 void mlx5_odp_populate_xlt(void *xlt, size_t idx, size_t nentries, 175 struct mlx5_ib_mr *mr, int flags) 176 { 177 if (flags & MLX5_IB_UPD_XLT_INDIRECT) { 178 populate_klm(xlt, idx, nentries, mr, flags); 179 } else { 180 populate_mtt(xlt, idx, nentries, mr, flags); 181 } 182 } 183 184 /* 185 * This must be called after the mr has been removed from implicit_children. 186 * NOTE: The MR does not necessarily have to be 187 * empty here, parallel page faults could have raced with the free process and 188 * added pages to it. 189 */ 190 static void free_implicit_child_mr_work(struct work_struct *work) 191 { 192 struct mlx5_ib_mr *mr = 193 container_of(work, struct mlx5_ib_mr, odp_destroy.work); 194 struct mlx5_ib_mr *imr = mr->parent; 195 struct ib_umem_odp *odp_imr = to_ib_umem_odp(imr->umem); 196 struct ib_umem_odp *odp = to_ib_umem_odp(mr->umem); 197 198 mlx5r_deref_wait_odp_mkey(&mr->mmkey); 199 200 mutex_lock(&odp_imr->umem_mutex); 201 mlx5r_umr_update_xlt(mr->parent, 202 ib_umem_start(odp) >> MLX5_IMR_MTT_SHIFT, 1, 0, 203 MLX5_IB_UPD_XLT_INDIRECT | MLX5_IB_UPD_XLT_ATOMIC); 204 mutex_unlock(&odp_imr->umem_mutex); 205 mlx5_ib_dereg_mr(&mr->ibmr, NULL); 206 207 mlx5r_deref_odp_mkey(&imr->mmkey); 208 } 209 210 static void destroy_unused_implicit_child_mr(struct mlx5_ib_mr *mr) 211 { 212 struct ib_umem_odp *odp = to_ib_umem_odp(mr->umem); 213 unsigned long idx = ib_umem_start(odp) >> MLX5_IMR_MTT_SHIFT; 214 struct mlx5_ib_mr *imr = mr->parent; 215 216 if (!refcount_inc_not_zero(&imr->mmkey.usecount)) 217 return; 218 219 xa_erase(&imr->implicit_children, idx); 220 221 /* Freeing a MR is a sleeping operation, so bounce to a work queue */ 222 INIT_WORK(&mr->odp_destroy.work, free_implicit_child_mr_work); 223 queue_work(system_unbound_wq, &mr->odp_destroy.work); 224 } 225 226 static bool mlx5_ib_invalidate_range(struct mmu_interval_notifier *mni, 227 const struct mmu_notifier_range *range, 228 unsigned long cur_seq) 229 { 230 struct ib_umem_odp *umem_odp = 231 container_of(mni, struct ib_umem_odp, notifier); 232 struct mlx5_ib_mr *mr; 233 const u64 umr_block_mask = MLX5_UMR_MTT_NUM_ENTRIES_ALIGNMENT - 1; 234 u64 idx = 0, blk_start_idx = 0; 235 u64 invalidations = 0; 236 unsigned long start; 237 unsigned long end; 238 int in_block = 0; 239 u64 addr; 240 241 if (!mmu_notifier_range_blockable(range)) 242 return false; 243 244 mutex_lock(&umem_odp->umem_mutex); 245 mmu_interval_set_seq(mni, cur_seq); 246 /* 247 * If npages is zero then umem_odp->private may not be setup yet. This 248 * does not complete until after the first page is mapped for DMA. 249 */ 250 if (!umem_odp->npages) 251 goto out; 252 mr = umem_odp->private; 253 254 start = max_t(u64, ib_umem_start(umem_odp), range->start); 255 end = min_t(u64, ib_umem_end(umem_odp), range->end); 256 257 /* 258 * Iteration one - zap the HW's MTTs. The notifiers_count ensures that 259 * while we are doing the invalidation, no page fault will attempt to 260 * overwrite the same MTTs. Concurent invalidations might race us, 261 * but they will write 0s as well, so no difference in the end result. 262 */ 263 for (addr = start; addr < end; addr += BIT(umem_odp->page_shift)) { 264 idx = (addr - ib_umem_start(umem_odp)) >> umem_odp->page_shift; 265 /* 266 * Strive to write the MTTs in chunks, but avoid overwriting 267 * non-existing MTTs. The huristic here can be improved to 268 * estimate the cost of another UMR vs. the cost of bigger 269 * UMR. 270 */ 271 if (umem_odp->dma_list[idx] & 272 (ODP_READ_ALLOWED_BIT | ODP_WRITE_ALLOWED_BIT)) { 273 if (!in_block) { 274 blk_start_idx = idx; 275 in_block = 1; 276 } 277 278 /* Count page invalidations */ 279 invalidations += idx - blk_start_idx + 1; 280 } else { 281 u64 umr_offset = idx & umr_block_mask; 282 283 if (in_block && umr_offset == 0) { 284 mlx5r_umr_update_xlt(mr, blk_start_idx, 285 idx - blk_start_idx, 0, 286 MLX5_IB_UPD_XLT_ZAP | 287 MLX5_IB_UPD_XLT_ATOMIC); 288 in_block = 0; 289 } 290 } 291 } 292 if (in_block) 293 mlx5r_umr_update_xlt(mr, blk_start_idx, 294 idx - blk_start_idx + 1, 0, 295 MLX5_IB_UPD_XLT_ZAP | 296 MLX5_IB_UPD_XLT_ATOMIC); 297 298 mlx5_update_odp_stats(mr, invalidations, invalidations); 299 300 /* 301 * We are now sure that the device will not access the 302 * memory. We can safely unmap it, and mark it as dirty if 303 * needed. 304 */ 305 306 ib_umem_odp_unmap_dma_pages(umem_odp, start, end); 307 308 if (unlikely(!umem_odp->npages && mr->parent)) 309 destroy_unused_implicit_child_mr(mr); 310 out: 311 mutex_unlock(&umem_odp->umem_mutex); 312 return true; 313 } 314 315 const struct mmu_interval_notifier_ops mlx5_mn_ops = { 316 .invalidate = mlx5_ib_invalidate_range, 317 }; 318 319 static void internal_fill_odp_caps(struct mlx5_ib_dev *dev) 320 { 321 struct ib_odp_caps *caps = &dev->odp_caps; 322 323 memset(caps, 0, sizeof(*caps)); 324 325 if (!MLX5_CAP_GEN(dev->mdev, pg) || !mlx5r_umr_can_load_pas(dev, 0)) 326 return; 327 328 caps->general_caps = IB_ODP_SUPPORT; 329 330 if (MLX5_CAP_GEN(dev->mdev, umr_extended_translation_offset)) 331 dev->odp_max_size = U64_MAX; 332 else 333 dev->odp_max_size = BIT_ULL(MLX5_MAX_UMR_SHIFT + PAGE_SHIFT); 334 335 if (MLX5_CAP_ODP(dev->mdev, ud_odp_caps.send)) 336 caps->per_transport_caps.ud_odp_caps |= IB_ODP_SUPPORT_SEND; 337 338 if (MLX5_CAP_ODP(dev->mdev, ud_odp_caps.srq_receive)) 339 caps->per_transport_caps.ud_odp_caps |= IB_ODP_SUPPORT_SRQ_RECV; 340 341 if (MLX5_CAP_ODP(dev->mdev, rc_odp_caps.send)) 342 caps->per_transport_caps.rc_odp_caps |= IB_ODP_SUPPORT_SEND; 343 344 if (MLX5_CAP_ODP(dev->mdev, rc_odp_caps.receive)) 345 caps->per_transport_caps.rc_odp_caps |= IB_ODP_SUPPORT_RECV; 346 347 if (MLX5_CAP_ODP(dev->mdev, rc_odp_caps.write)) 348 caps->per_transport_caps.rc_odp_caps |= IB_ODP_SUPPORT_WRITE; 349 350 if (MLX5_CAP_ODP(dev->mdev, rc_odp_caps.read)) 351 caps->per_transport_caps.rc_odp_caps |= IB_ODP_SUPPORT_READ; 352 353 if (MLX5_CAP_ODP(dev->mdev, rc_odp_caps.atomic)) 354 caps->per_transport_caps.rc_odp_caps |= IB_ODP_SUPPORT_ATOMIC; 355 356 if (MLX5_CAP_ODP(dev->mdev, rc_odp_caps.srq_receive)) 357 caps->per_transport_caps.rc_odp_caps |= IB_ODP_SUPPORT_SRQ_RECV; 358 359 if (MLX5_CAP_ODP(dev->mdev, xrc_odp_caps.send)) 360 caps->per_transport_caps.xrc_odp_caps |= IB_ODP_SUPPORT_SEND; 361 362 if (MLX5_CAP_ODP(dev->mdev, xrc_odp_caps.receive)) 363 caps->per_transport_caps.xrc_odp_caps |= IB_ODP_SUPPORT_RECV; 364 365 if (MLX5_CAP_ODP(dev->mdev, xrc_odp_caps.write)) 366 caps->per_transport_caps.xrc_odp_caps |= IB_ODP_SUPPORT_WRITE; 367 368 if (MLX5_CAP_ODP(dev->mdev, xrc_odp_caps.read)) 369 caps->per_transport_caps.xrc_odp_caps |= IB_ODP_SUPPORT_READ; 370 371 if (MLX5_CAP_ODP(dev->mdev, xrc_odp_caps.atomic)) 372 caps->per_transport_caps.xrc_odp_caps |= IB_ODP_SUPPORT_ATOMIC; 373 374 if (MLX5_CAP_ODP(dev->mdev, xrc_odp_caps.srq_receive)) 375 caps->per_transport_caps.xrc_odp_caps |= IB_ODP_SUPPORT_SRQ_RECV; 376 377 if (MLX5_CAP_GEN(dev->mdev, fixed_buffer_size) && 378 MLX5_CAP_GEN(dev->mdev, null_mkey) && 379 MLX5_CAP_GEN(dev->mdev, umr_extended_translation_offset) && 380 !MLX5_CAP_GEN(dev->mdev, umr_indirect_mkey_disabled)) 381 caps->general_caps |= IB_ODP_SUPPORT_IMPLICIT; 382 } 383 384 static void mlx5_ib_page_fault_resume(struct mlx5_ib_dev *dev, 385 struct mlx5_pagefault *pfault, 386 int error) 387 { 388 int wq_num = pfault->event_subtype == MLX5_PFAULT_SUBTYPE_WQE ? 389 pfault->wqe.wq_num : pfault->token; 390 u32 in[MLX5_ST_SZ_DW(page_fault_resume_in)] = {}; 391 int err; 392 393 MLX5_SET(page_fault_resume_in, in, opcode, MLX5_CMD_OP_PAGE_FAULT_RESUME); 394 MLX5_SET(page_fault_resume_in, in, page_fault_type, pfault->type); 395 MLX5_SET(page_fault_resume_in, in, token, pfault->token); 396 MLX5_SET(page_fault_resume_in, in, wq_number, wq_num); 397 MLX5_SET(page_fault_resume_in, in, error, !!error); 398 399 err = mlx5_cmd_exec_in(dev->mdev, page_fault_resume, in); 400 if (err) 401 mlx5_ib_err(dev, "Failed to resolve the page fault on WQ 0x%x err %d\n", 402 wq_num, err); 403 } 404 405 static struct mlx5_ib_mr *implicit_get_child_mr(struct mlx5_ib_mr *imr, 406 unsigned long idx) 407 { 408 struct mlx5_ib_dev *dev = mr_to_mdev(imr); 409 struct ib_umem_odp *odp; 410 struct mlx5_ib_mr *mr; 411 struct mlx5_ib_mr *ret; 412 int err; 413 414 odp = ib_umem_odp_alloc_child(to_ib_umem_odp(imr->umem), 415 idx * MLX5_IMR_MTT_SIZE, 416 MLX5_IMR_MTT_SIZE, &mlx5_mn_ops); 417 if (IS_ERR(odp)) 418 return ERR_CAST(odp); 419 420 mr = mlx5_mr_cache_alloc(dev, imr->access_flags, 421 MLX5_MKC_ACCESS_MODE_MTT, 422 MLX5_IMR_MTT_ENTRIES); 423 if (IS_ERR(mr)) { 424 ib_umem_odp_release(odp); 425 return mr; 426 } 427 428 mr->access_flags = imr->access_flags; 429 mr->ibmr.pd = imr->ibmr.pd; 430 mr->ibmr.device = &mr_to_mdev(imr)->ib_dev; 431 mr->umem = &odp->umem; 432 mr->ibmr.lkey = mr->mmkey.key; 433 mr->ibmr.rkey = mr->mmkey.key; 434 mr->ibmr.iova = idx * MLX5_IMR_MTT_SIZE; 435 mr->parent = imr; 436 odp->private = mr; 437 438 /* 439 * First refcount is owned by the xarray and second refconut 440 * is returned to the caller. 441 */ 442 refcount_set(&mr->mmkey.usecount, 2); 443 444 err = mlx5r_umr_update_xlt(mr, 0, 445 MLX5_IMR_MTT_ENTRIES, 446 PAGE_SHIFT, 447 MLX5_IB_UPD_XLT_ZAP | 448 MLX5_IB_UPD_XLT_ENABLE); 449 if (err) { 450 ret = ERR_PTR(err); 451 goto out_mr; 452 } 453 454 xa_lock(&imr->implicit_children); 455 ret = __xa_cmpxchg(&imr->implicit_children, idx, NULL, mr, 456 GFP_KERNEL); 457 if (unlikely(ret)) { 458 if (xa_is_err(ret)) { 459 ret = ERR_PTR(xa_err(ret)); 460 goto out_lock; 461 } 462 /* 463 * Another thread beat us to creating the child mr, use 464 * theirs. 465 */ 466 refcount_inc(&ret->mmkey.usecount); 467 goto out_lock; 468 } 469 xa_unlock(&imr->implicit_children); 470 471 mlx5_ib_dbg(mr_to_mdev(imr), "key %x mr %p\n", mr->mmkey.key, mr); 472 return mr; 473 474 out_lock: 475 xa_unlock(&imr->implicit_children); 476 out_mr: 477 mlx5_ib_dereg_mr(&mr->ibmr, NULL); 478 return ret; 479 } 480 481 struct mlx5_ib_mr *mlx5_ib_alloc_implicit_mr(struct mlx5_ib_pd *pd, 482 int access_flags) 483 { 484 struct mlx5_ib_dev *dev = to_mdev(pd->ibpd.device); 485 struct ib_umem_odp *umem_odp; 486 struct mlx5_ib_mr *imr; 487 int err; 488 489 if (!mlx5r_umr_can_load_pas(dev, MLX5_IMR_MTT_ENTRIES * PAGE_SIZE)) 490 return ERR_PTR(-EOPNOTSUPP); 491 492 umem_odp = ib_umem_odp_alloc_implicit(&dev->ib_dev, access_flags); 493 if (IS_ERR(umem_odp)) 494 return ERR_CAST(umem_odp); 495 496 imr = mlx5_mr_cache_alloc(dev, access_flags, MLX5_MKC_ACCESS_MODE_KSM, 497 mlx5_imr_ksm_entries); 498 if (IS_ERR(imr)) { 499 ib_umem_odp_release(umem_odp); 500 return imr; 501 } 502 503 imr->access_flags = access_flags; 504 imr->ibmr.pd = &pd->ibpd; 505 imr->ibmr.iova = 0; 506 imr->umem = &umem_odp->umem; 507 imr->ibmr.lkey = imr->mmkey.key; 508 imr->ibmr.rkey = imr->mmkey.key; 509 imr->ibmr.device = &dev->ib_dev; 510 imr->is_odp_implicit = true; 511 xa_init(&imr->implicit_children); 512 513 err = mlx5r_umr_update_xlt(imr, 0, 514 mlx5_imr_ksm_entries, 515 MLX5_KSM_PAGE_SHIFT, 516 MLX5_IB_UPD_XLT_INDIRECT | 517 MLX5_IB_UPD_XLT_ZAP | 518 MLX5_IB_UPD_XLT_ENABLE); 519 if (err) 520 goto out_mr; 521 522 err = mlx5r_store_odp_mkey(dev, &imr->mmkey); 523 if (err) 524 goto out_mr; 525 526 mlx5_ib_dbg(dev, "key %x mr %p\n", imr->mmkey.key, imr); 527 return imr; 528 out_mr: 529 mlx5_ib_err(dev, "Failed to register MKEY %d\n", err); 530 mlx5_ib_dereg_mr(&imr->ibmr, NULL); 531 return ERR_PTR(err); 532 } 533 534 void mlx5_ib_free_odp_mr(struct mlx5_ib_mr *mr) 535 { 536 struct mlx5_ib_mr *mtt; 537 unsigned long idx; 538 539 /* 540 * If this is an implicit MR it is already invalidated so we can just 541 * delete the children mkeys. 542 */ 543 xa_for_each(&mr->implicit_children, idx, mtt) { 544 xa_erase(&mr->implicit_children, idx); 545 mlx5_ib_dereg_mr(&mtt->ibmr, NULL); 546 } 547 } 548 549 #define MLX5_PF_FLAGS_DOWNGRADE BIT(1) 550 #define MLX5_PF_FLAGS_SNAPSHOT BIT(2) 551 #define MLX5_PF_FLAGS_ENABLE BIT(3) 552 static int pagefault_real_mr(struct mlx5_ib_mr *mr, struct ib_umem_odp *odp, 553 u64 user_va, size_t bcnt, u32 *bytes_mapped, 554 u32 flags) 555 { 556 int page_shift, ret, np; 557 bool downgrade = flags & MLX5_PF_FLAGS_DOWNGRADE; 558 u64 access_mask; 559 u64 start_idx; 560 bool fault = !(flags & MLX5_PF_FLAGS_SNAPSHOT); 561 u32 xlt_flags = MLX5_IB_UPD_XLT_ATOMIC; 562 563 if (flags & MLX5_PF_FLAGS_ENABLE) 564 xlt_flags |= MLX5_IB_UPD_XLT_ENABLE; 565 566 page_shift = odp->page_shift; 567 start_idx = (user_va - ib_umem_start(odp)) >> page_shift; 568 access_mask = ODP_READ_ALLOWED_BIT; 569 570 if (odp->umem.writable && !downgrade) 571 access_mask |= ODP_WRITE_ALLOWED_BIT; 572 573 np = ib_umem_odp_map_dma_and_lock(odp, user_va, bcnt, access_mask, fault); 574 if (np < 0) 575 return np; 576 577 /* 578 * No need to check whether the MTTs really belong to this MR, since 579 * ib_umem_odp_map_dma_and_lock already checks this. 580 */ 581 ret = mlx5r_umr_update_xlt(mr, start_idx, np, page_shift, xlt_flags); 582 mutex_unlock(&odp->umem_mutex); 583 584 if (ret < 0) { 585 if (ret != -EAGAIN) 586 mlx5_ib_err(mr_to_mdev(mr), 587 "Failed to update mkey page tables\n"); 588 goto out; 589 } 590 591 if (bytes_mapped) { 592 u32 new_mappings = (np << page_shift) - 593 (user_va - round_down(user_va, 1 << page_shift)); 594 595 *bytes_mapped += min_t(u32, new_mappings, bcnt); 596 } 597 598 return np << (page_shift - PAGE_SHIFT); 599 600 out: 601 return ret; 602 } 603 604 static int pagefault_implicit_mr(struct mlx5_ib_mr *imr, 605 struct ib_umem_odp *odp_imr, u64 user_va, 606 size_t bcnt, u32 *bytes_mapped, u32 flags) 607 { 608 unsigned long end_idx = (user_va + bcnt - 1) >> MLX5_IMR_MTT_SHIFT; 609 unsigned long upd_start_idx = end_idx + 1; 610 unsigned long upd_len = 0; 611 unsigned long npages = 0; 612 int err; 613 int ret; 614 615 if (unlikely(user_va >= mlx5_imr_ksm_entries * MLX5_IMR_MTT_SIZE || 616 mlx5_imr_ksm_entries * MLX5_IMR_MTT_SIZE - user_va < bcnt)) 617 return -EFAULT; 618 619 /* Fault each child mr that intersects with our interval. */ 620 while (bcnt) { 621 unsigned long idx = user_va >> MLX5_IMR_MTT_SHIFT; 622 struct ib_umem_odp *umem_odp; 623 struct mlx5_ib_mr *mtt; 624 u64 len; 625 626 xa_lock(&imr->implicit_children); 627 mtt = xa_load(&imr->implicit_children, idx); 628 if (unlikely(!mtt)) { 629 xa_unlock(&imr->implicit_children); 630 mtt = implicit_get_child_mr(imr, idx); 631 if (IS_ERR(mtt)) { 632 ret = PTR_ERR(mtt); 633 goto out; 634 } 635 upd_start_idx = min(upd_start_idx, idx); 636 upd_len = idx - upd_start_idx + 1; 637 } else { 638 refcount_inc(&mtt->mmkey.usecount); 639 xa_unlock(&imr->implicit_children); 640 } 641 642 umem_odp = to_ib_umem_odp(mtt->umem); 643 len = min_t(u64, user_va + bcnt, ib_umem_end(umem_odp)) - 644 user_va; 645 646 ret = pagefault_real_mr(mtt, umem_odp, user_va, len, 647 bytes_mapped, flags); 648 649 mlx5r_deref_odp_mkey(&mtt->mmkey); 650 651 if (ret < 0) 652 goto out; 653 user_va += len; 654 bcnt -= len; 655 npages += ret; 656 } 657 658 ret = npages; 659 660 /* 661 * Any time the implicit_children are changed we must perform an 662 * update of the xlt before exiting to ensure the HW and the 663 * implicit_children remains synchronized. 664 */ 665 out: 666 if (likely(!upd_len)) 667 return ret; 668 669 /* 670 * Notice this is not strictly ordered right, the KSM is updated after 671 * the implicit_children is updated, so a parallel page fault could 672 * see a MR that is not yet visible in the KSM. This is similar to a 673 * parallel page fault seeing a MR that is being concurrently removed 674 * from the KSM. Both of these improbable situations are resolved 675 * safely by resuming the HW and then taking another page fault. The 676 * next pagefault handler will see the new information. 677 */ 678 mutex_lock(&odp_imr->umem_mutex); 679 err = mlx5r_umr_update_xlt(imr, upd_start_idx, upd_len, 0, 680 MLX5_IB_UPD_XLT_INDIRECT | 681 MLX5_IB_UPD_XLT_ATOMIC); 682 mutex_unlock(&odp_imr->umem_mutex); 683 if (err) { 684 mlx5_ib_err(mr_to_mdev(imr), "Failed to update PAS\n"); 685 return err; 686 } 687 return ret; 688 } 689 690 static int pagefault_dmabuf_mr(struct mlx5_ib_mr *mr, size_t bcnt, 691 u32 *bytes_mapped, u32 flags) 692 { 693 struct ib_umem_dmabuf *umem_dmabuf = to_ib_umem_dmabuf(mr->umem); 694 u32 xlt_flags = 0; 695 int err; 696 unsigned int page_size; 697 698 if (flags & MLX5_PF_FLAGS_ENABLE) 699 xlt_flags |= MLX5_IB_UPD_XLT_ENABLE; 700 701 dma_resv_lock(umem_dmabuf->attach->dmabuf->resv, NULL); 702 err = ib_umem_dmabuf_map_pages(umem_dmabuf); 703 if (err) { 704 dma_resv_unlock(umem_dmabuf->attach->dmabuf->resv); 705 return err; 706 } 707 708 page_size = mlx5_umem_dmabuf_find_best_pgsz(umem_dmabuf); 709 if (!page_size) { 710 ib_umem_dmabuf_unmap_pages(umem_dmabuf); 711 err = -EINVAL; 712 } else { 713 err = mlx5r_umr_update_mr_pas(mr, xlt_flags); 714 } 715 dma_resv_unlock(umem_dmabuf->attach->dmabuf->resv); 716 717 if (err) 718 return err; 719 720 if (bytes_mapped) 721 *bytes_mapped += bcnt; 722 723 return ib_umem_num_pages(mr->umem); 724 } 725 726 /* 727 * Returns: 728 * -EFAULT: The io_virt->bcnt is not within the MR, it covers pages that are 729 * not accessible, or the MR is no longer valid. 730 * -EAGAIN/-ENOMEM: The operation should be retried 731 * 732 * -EINVAL/others: General internal malfunction 733 * >0: Number of pages mapped 734 */ 735 static int pagefault_mr(struct mlx5_ib_mr *mr, u64 io_virt, size_t bcnt, 736 u32 *bytes_mapped, u32 flags) 737 { 738 struct ib_umem_odp *odp = to_ib_umem_odp(mr->umem); 739 740 if (unlikely(io_virt < mr->ibmr.iova)) 741 return -EFAULT; 742 743 if (mr->umem->is_dmabuf) 744 return pagefault_dmabuf_mr(mr, bcnt, bytes_mapped, flags); 745 746 if (!odp->is_implicit_odp) { 747 u64 user_va; 748 749 if (check_add_overflow(io_virt - mr->ibmr.iova, 750 (u64)odp->umem.address, &user_va)) 751 return -EFAULT; 752 if (unlikely(user_va >= ib_umem_end(odp) || 753 ib_umem_end(odp) - user_va < bcnt)) 754 return -EFAULT; 755 return pagefault_real_mr(mr, odp, user_va, bcnt, bytes_mapped, 756 flags); 757 } 758 return pagefault_implicit_mr(mr, odp, io_virt, bcnt, bytes_mapped, 759 flags); 760 } 761 762 int mlx5_ib_init_odp_mr(struct mlx5_ib_mr *mr) 763 { 764 int ret; 765 766 ret = pagefault_real_mr(mr, to_ib_umem_odp(mr->umem), mr->umem->address, 767 mr->umem->length, NULL, 768 MLX5_PF_FLAGS_SNAPSHOT | MLX5_PF_FLAGS_ENABLE); 769 return ret >= 0 ? 0 : ret; 770 } 771 772 int mlx5_ib_init_dmabuf_mr(struct mlx5_ib_mr *mr) 773 { 774 int ret; 775 776 ret = pagefault_dmabuf_mr(mr, mr->umem->length, NULL, 777 MLX5_PF_FLAGS_ENABLE); 778 779 return ret >= 0 ? 0 : ret; 780 } 781 782 struct pf_frame { 783 struct pf_frame *next; 784 u32 key; 785 u64 io_virt; 786 size_t bcnt; 787 int depth; 788 }; 789 790 static bool mkey_is_eq(struct mlx5_ib_mkey *mmkey, u32 key) 791 { 792 if (!mmkey) 793 return false; 794 if (mmkey->type == MLX5_MKEY_MW || 795 mmkey->type == MLX5_MKEY_INDIRECT_DEVX) 796 return mlx5_base_mkey(mmkey->key) == mlx5_base_mkey(key); 797 return mmkey->key == key; 798 } 799 800 /* 801 * Handle a single data segment in a page-fault WQE or RDMA region. 802 * 803 * Returns number of OS pages retrieved on success. The caller may continue to 804 * the next data segment. 805 * Can return the following error codes: 806 * -EAGAIN to designate a temporary error. The caller will abort handling the 807 * page fault and resolve it. 808 * -EFAULT when there's an error mapping the requested pages. The caller will 809 * abort the page fault handling. 810 */ 811 static int pagefault_single_data_segment(struct mlx5_ib_dev *dev, 812 struct ib_pd *pd, u32 key, 813 u64 io_virt, size_t bcnt, 814 u32 *bytes_committed, 815 u32 *bytes_mapped) 816 { 817 int npages = 0, ret, i, outlen, cur_outlen = 0, depth = 0; 818 struct pf_frame *head = NULL, *frame; 819 struct mlx5_ib_mkey *mmkey; 820 struct mlx5_ib_mr *mr; 821 struct mlx5_klm *pklm; 822 u32 *out = NULL; 823 size_t offset; 824 825 io_virt += *bytes_committed; 826 bcnt -= *bytes_committed; 827 828 next_mr: 829 xa_lock(&dev->odp_mkeys); 830 mmkey = xa_load(&dev->odp_mkeys, mlx5_base_mkey(key)); 831 if (!mmkey) { 832 xa_unlock(&dev->odp_mkeys); 833 mlx5_ib_dbg( 834 dev, 835 "skipping non ODP MR (lkey=0x%06x) in page fault handler.\n", 836 key); 837 if (bytes_mapped) 838 *bytes_mapped += bcnt; 839 /* 840 * The user could specify a SGL with multiple lkeys and only 841 * some of them are ODP. Treat the non-ODP ones as fully 842 * faulted. 843 */ 844 ret = 0; 845 goto end; 846 } 847 refcount_inc(&mmkey->usecount); 848 xa_unlock(&dev->odp_mkeys); 849 850 if (!mkey_is_eq(mmkey, key)) { 851 mlx5_ib_dbg(dev, "failed to find mkey %x\n", key); 852 ret = -EFAULT; 853 goto end; 854 } 855 856 switch (mmkey->type) { 857 case MLX5_MKEY_MR: 858 mr = container_of(mmkey, struct mlx5_ib_mr, mmkey); 859 860 ret = pagefault_mr(mr, io_virt, bcnt, bytes_mapped, 0); 861 if (ret < 0) 862 goto end; 863 864 mlx5_update_odp_stats(mr, faults, ret); 865 866 npages += ret; 867 ret = 0; 868 break; 869 870 case MLX5_MKEY_MW: 871 case MLX5_MKEY_INDIRECT_DEVX: 872 if (depth >= MLX5_CAP_GEN(dev->mdev, max_indirection)) { 873 mlx5_ib_dbg(dev, "indirection level exceeded\n"); 874 ret = -EFAULT; 875 goto end; 876 } 877 878 outlen = MLX5_ST_SZ_BYTES(query_mkey_out) + 879 sizeof(*pklm) * (mmkey->ndescs - 2); 880 881 if (outlen > cur_outlen) { 882 kfree(out); 883 out = kzalloc(outlen, GFP_KERNEL); 884 if (!out) { 885 ret = -ENOMEM; 886 goto end; 887 } 888 cur_outlen = outlen; 889 } 890 891 pklm = (struct mlx5_klm *)MLX5_ADDR_OF(query_mkey_out, out, 892 bsf0_klm0_pas_mtt0_1); 893 894 ret = mlx5_core_query_mkey(dev->mdev, mmkey->key, out, outlen); 895 if (ret) 896 goto end; 897 898 offset = io_virt - MLX5_GET64(query_mkey_out, out, 899 memory_key_mkey_entry.start_addr); 900 901 for (i = 0; bcnt && i < mmkey->ndescs; i++, pklm++) { 902 if (offset >= be32_to_cpu(pklm->bcount)) { 903 offset -= be32_to_cpu(pklm->bcount); 904 continue; 905 } 906 907 frame = kzalloc(sizeof(*frame), GFP_KERNEL); 908 if (!frame) { 909 ret = -ENOMEM; 910 goto end; 911 } 912 913 frame->key = be32_to_cpu(pklm->key); 914 frame->io_virt = be64_to_cpu(pklm->va) + offset; 915 frame->bcnt = min_t(size_t, bcnt, 916 be32_to_cpu(pklm->bcount) - offset); 917 frame->depth = depth + 1; 918 frame->next = head; 919 head = frame; 920 921 bcnt -= frame->bcnt; 922 offset = 0; 923 } 924 break; 925 926 default: 927 mlx5_ib_dbg(dev, "wrong mkey type %d\n", mmkey->type); 928 ret = -EFAULT; 929 goto end; 930 } 931 932 if (head) { 933 frame = head; 934 head = frame->next; 935 936 key = frame->key; 937 io_virt = frame->io_virt; 938 bcnt = frame->bcnt; 939 depth = frame->depth; 940 kfree(frame); 941 942 mlx5r_deref_odp_mkey(mmkey); 943 goto next_mr; 944 } 945 946 end: 947 if (mmkey) 948 mlx5r_deref_odp_mkey(mmkey); 949 while (head) { 950 frame = head; 951 head = frame->next; 952 kfree(frame); 953 } 954 kfree(out); 955 956 *bytes_committed = 0; 957 return ret ? ret : npages; 958 } 959 960 /* 961 * Parse a series of data segments for page fault handling. 962 * 963 * @dev: Pointer to mlx5 IB device 964 * @pfault: contains page fault information. 965 * @wqe: points at the first data segment in the WQE. 966 * @wqe_end: points after the end of the WQE. 967 * @bytes_mapped: receives the number of bytes that the function was able to 968 * map. This allows the caller to decide intelligently whether 969 * enough memory was mapped to resolve the page fault 970 * successfully (e.g. enough for the next MTU, or the entire 971 * WQE). 972 * @total_wqe_bytes: receives the total data size of this WQE in bytes (minus 973 * the committed bytes). 974 * @receive_queue: receive WQE end of sg list 975 * 976 * Returns the number of pages loaded if positive, zero for an empty WQE, or a 977 * negative error code. 978 */ 979 static int pagefault_data_segments(struct mlx5_ib_dev *dev, 980 struct mlx5_pagefault *pfault, 981 void *wqe, 982 void *wqe_end, u32 *bytes_mapped, 983 u32 *total_wqe_bytes, bool receive_queue) 984 { 985 int ret = 0, npages = 0; 986 u64 io_virt; 987 __be32 key; 988 u32 byte_count; 989 size_t bcnt; 990 int inline_segment; 991 992 if (bytes_mapped) 993 *bytes_mapped = 0; 994 if (total_wqe_bytes) 995 *total_wqe_bytes = 0; 996 997 while (wqe < wqe_end) { 998 struct mlx5_wqe_data_seg *dseg = wqe; 999 1000 io_virt = be64_to_cpu(dseg->addr); 1001 key = dseg->lkey; 1002 byte_count = be32_to_cpu(dseg->byte_count); 1003 inline_segment = !!(byte_count & MLX5_INLINE_SEG); 1004 bcnt = byte_count & ~MLX5_INLINE_SEG; 1005 1006 if (inline_segment) { 1007 bcnt = bcnt & MLX5_WQE_INLINE_SEG_BYTE_COUNT_MASK; 1008 wqe += ALIGN(sizeof(struct mlx5_wqe_inline_seg) + bcnt, 1009 16); 1010 } else { 1011 wqe += sizeof(*dseg); 1012 } 1013 1014 /* receive WQE end of sg list. */ 1015 if (receive_queue && bcnt == 0 && 1016 key == dev->mkeys.terminate_scatter_list_mkey && 1017 io_virt == 0) 1018 break; 1019 1020 if (!inline_segment && total_wqe_bytes) { 1021 *total_wqe_bytes += bcnt - min_t(size_t, bcnt, 1022 pfault->bytes_committed); 1023 } 1024 1025 /* A zero length data segment designates a length of 2GB. */ 1026 if (bcnt == 0) 1027 bcnt = 1U << 31; 1028 1029 if (inline_segment || bcnt <= pfault->bytes_committed) { 1030 pfault->bytes_committed -= 1031 min_t(size_t, bcnt, 1032 pfault->bytes_committed); 1033 continue; 1034 } 1035 1036 ret = pagefault_single_data_segment(dev, NULL, be32_to_cpu(key), 1037 io_virt, bcnt, 1038 &pfault->bytes_committed, 1039 bytes_mapped); 1040 if (ret < 0) 1041 break; 1042 npages += ret; 1043 } 1044 1045 return ret < 0 ? ret : npages; 1046 } 1047 1048 /* 1049 * Parse initiator WQE. Advances the wqe pointer to point at the 1050 * scatter-gather list, and set wqe_end to the end of the WQE. 1051 */ 1052 static int mlx5_ib_mr_initiator_pfault_handler( 1053 struct mlx5_ib_dev *dev, struct mlx5_pagefault *pfault, 1054 struct mlx5_ib_qp *qp, void **wqe, void **wqe_end, int wqe_length) 1055 { 1056 struct mlx5_wqe_ctrl_seg *ctrl = *wqe; 1057 u16 wqe_index = pfault->wqe.wqe_index; 1058 struct mlx5_base_av *av; 1059 unsigned ds, opcode; 1060 u32 qpn = qp->trans_qp.base.mqp.qpn; 1061 1062 ds = be32_to_cpu(ctrl->qpn_ds) & MLX5_WQE_CTRL_DS_MASK; 1063 if (ds * MLX5_WQE_DS_UNITS > wqe_length) { 1064 mlx5_ib_err(dev, "Unable to read the complete WQE. ds = 0x%x, ret = 0x%x\n", 1065 ds, wqe_length); 1066 return -EFAULT; 1067 } 1068 1069 if (ds == 0) { 1070 mlx5_ib_err(dev, "Got WQE with zero DS. wqe_index=%x, qpn=%x\n", 1071 wqe_index, qpn); 1072 return -EFAULT; 1073 } 1074 1075 *wqe_end = *wqe + ds * MLX5_WQE_DS_UNITS; 1076 *wqe += sizeof(*ctrl); 1077 1078 opcode = be32_to_cpu(ctrl->opmod_idx_opcode) & 1079 MLX5_WQE_CTRL_OPCODE_MASK; 1080 1081 if (qp->type == IB_QPT_XRC_INI) 1082 *wqe += sizeof(struct mlx5_wqe_xrc_seg); 1083 1084 if (qp->type == IB_QPT_UD || qp->type == MLX5_IB_QPT_DCI) { 1085 av = *wqe; 1086 if (av->dqp_dct & cpu_to_be32(MLX5_EXTENDED_UD_AV)) 1087 *wqe += sizeof(struct mlx5_av); 1088 else 1089 *wqe += sizeof(struct mlx5_base_av); 1090 } 1091 1092 switch (opcode) { 1093 case MLX5_OPCODE_RDMA_WRITE: 1094 case MLX5_OPCODE_RDMA_WRITE_IMM: 1095 case MLX5_OPCODE_RDMA_READ: 1096 *wqe += sizeof(struct mlx5_wqe_raddr_seg); 1097 break; 1098 case MLX5_OPCODE_ATOMIC_CS: 1099 case MLX5_OPCODE_ATOMIC_FA: 1100 *wqe += sizeof(struct mlx5_wqe_raddr_seg); 1101 *wqe += sizeof(struct mlx5_wqe_atomic_seg); 1102 break; 1103 } 1104 1105 return 0; 1106 } 1107 1108 /* 1109 * Parse responder WQE and set wqe_end to the end of the WQE. 1110 */ 1111 static int mlx5_ib_mr_responder_pfault_handler_srq(struct mlx5_ib_dev *dev, 1112 struct mlx5_ib_srq *srq, 1113 void **wqe, void **wqe_end, 1114 int wqe_length) 1115 { 1116 int wqe_size = 1 << srq->msrq.wqe_shift; 1117 1118 if (wqe_size > wqe_length) { 1119 mlx5_ib_err(dev, "Couldn't read all of the receive WQE's content\n"); 1120 return -EFAULT; 1121 } 1122 1123 *wqe_end = *wqe + wqe_size; 1124 *wqe += sizeof(struct mlx5_wqe_srq_next_seg); 1125 1126 return 0; 1127 } 1128 1129 static int mlx5_ib_mr_responder_pfault_handler_rq(struct mlx5_ib_dev *dev, 1130 struct mlx5_ib_qp *qp, 1131 void *wqe, void **wqe_end, 1132 int wqe_length) 1133 { 1134 struct mlx5_ib_wq *wq = &qp->rq; 1135 int wqe_size = 1 << wq->wqe_shift; 1136 1137 if (qp->flags_en & MLX5_QP_FLAG_SIGNATURE) { 1138 mlx5_ib_err(dev, "ODP fault with WQE signatures is not supported\n"); 1139 return -EFAULT; 1140 } 1141 1142 if (wqe_size > wqe_length) { 1143 mlx5_ib_err(dev, "Couldn't read all of the receive WQE's content\n"); 1144 return -EFAULT; 1145 } 1146 1147 *wqe_end = wqe + wqe_size; 1148 1149 return 0; 1150 } 1151 1152 static inline struct mlx5_core_rsc_common *odp_get_rsc(struct mlx5_ib_dev *dev, 1153 u32 wq_num, int pf_type) 1154 { 1155 struct mlx5_core_rsc_common *common = NULL; 1156 struct mlx5_core_srq *srq; 1157 1158 switch (pf_type) { 1159 case MLX5_WQE_PF_TYPE_RMP: 1160 srq = mlx5_cmd_get_srq(dev, wq_num); 1161 if (srq) 1162 common = &srq->common; 1163 break; 1164 case MLX5_WQE_PF_TYPE_REQ_SEND_OR_WRITE: 1165 case MLX5_WQE_PF_TYPE_RESP: 1166 case MLX5_WQE_PF_TYPE_REQ_READ_OR_ATOMIC: 1167 common = mlx5_core_res_hold(dev, wq_num, MLX5_RES_QP); 1168 break; 1169 default: 1170 break; 1171 } 1172 1173 return common; 1174 } 1175 1176 static inline struct mlx5_ib_qp *res_to_qp(struct mlx5_core_rsc_common *res) 1177 { 1178 struct mlx5_core_qp *mqp = (struct mlx5_core_qp *)res; 1179 1180 return to_mibqp(mqp); 1181 } 1182 1183 static inline struct mlx5_ib_srq *res_to_srq(struct mlx5_core_rsc_common *res) 1184 { 1185 struct mlx5_core_srq *msrq = 1186 container_of(res, struct mlx5_core_srq, common); 1187 1188 return to_mibsrq(msrq); 1189 } 1190 1191 static void mlx5_ib_mr_wqe_pfault_handler(struct mlx5_ib_dev *dev, 1192 struct mlx5_pagefault *pfault) 1193 { 1194 bool sq = pfault->type & MLX5_PFAULT_REQUESTOR; 1195 u16 wqe_index = pfault->wqe.wqe_index; 1196 void *wqe, *wqe_start = NULL, *wqe_end = NULL; 1197 u32 bytes_mapped, total_wqe_bytes; 1198 struct mlx5_core_rsc_common *res; 1199 int resume_with_error = 1; 1200 struct mlx5_ib_qp *qp; 1201 size_t bytes_copied; 1202 int ret = 0; 1203 1204 res = odp_get_rsc(dev, pfault->wqe.wq_num, pfault->type); 1205 if (!res) { 1206 mlx5_ib_dbg(dev, "wqe page fault for missing resource %d\n", pfault->wqe.wq_num); 1207 return; 1208 } 1209 1210 if (res->res != MLX5_RES_QP && res->res != MLX5_RES_SRQ && 1211 res->res != MLX5_RES_XSRQ) { 1212 mlx5_ib_err(dev, "wqe page fault for unsupported type %d\n", 1213 pfault->type); 1214 goto resolve_page_fault; 1215 } 1216 1217 wqe_start = (void *)__get_free_page(GFP_KERNEL); 1218 if (!wqe_start) { 1219 mlx5_ib_err(dev, "Error allocating memory for IO page fault handling.\n"); 1220 goto resolve_page_fault; 1221 } 1222 1223 wqe = wqe_start; 1224 qp = (res->res == MLX5_RES_QP) ? res_to_qp(res) : NULL; 1225 if (qp && sq) { 1226 ret = mlx5_ib_read_wqe_sq(qp, wqe_index, wqe, PAGE_SIZE, 1227 &bytes_copied); 1228 if (ret) 1229 goto read_user; 1230 ret = mlx5_ib_mr_initiator_pfault_handler( 1231 dev, pfault, qp, &wqe, &wqe_end, bytes_copied); 1232 } else if (qp && !sq) { 1233 ret = mlx5_ib_read_wqe_rq(qp, wqe_index, wqe, PAGE_SIZE, 1234 &bytes_copied); 1235 if (ret) 1236 goto read_user; 1237 ret = mlx5_ib_mr_responder_pfault_handler_rq( 1238 dev, qp, wqe, &wqe_end, bytes_copied); 1239 } else if (!qp) { 1240 struct mlx5_ib_srq *srq = res_to_srq(res); 1241 1242 ret = mlx5_ib_read_wqe_srq(srq, wqe_index, wqe, PAGE_SIZE, 1243 &bytes_copied); 1244 if (ret) 1245 goto read_user; 1246 ret = mlx5_ib_mr_responder_pfault_handler_srq( 1247 dev, srq, &wqe, &wqe_end, bytes_copied); 1248 } 1249 1250 if (ret < 0 || wqe >= wqe_end) 1251 goto resolve_page_fault; 1252 1253 ret = pagefault_data_segments(dev, pfault, wqe, wqe_end, &bytes_mapped, 1254 &total_wqe_bytes, !sq); 1255 if (ret == -EAGAIN) 1256 goto out; 1257 1258 if (ret < 0 || total_wqe_bytes > bytes_mapped) 1259 goto resolve_page_fault; 1260 1261 out: 1262 ret = 0; 1263 resume_with_error = 0; 1264 1265 read_user: 1266 if (ret) 1267 mlx5_ib_err( 1268 dev, 1269 "Failed reading a WQE following page fault, error %d, wqe_index %x, qpn %x\n", 1270 ret, wqe_index, pfault->token); 1271 1272 resolve_page_fault: 1273 mlx5_ib_page_fault_resume(dev, pfault, resume_with_error); 1274 mlx5_ib_dbg(dev, "PAGE FAULT completed. QP 0x%x resume_with_error=%d, type: 0x%x\n", 1275 pfault->wqe.wq_num, resume_with_error, 1276 pfault->type); 1277 mlx5_core_res_put(res); 1278 free_page((unsigned long)wqe_start); 1279 } 1280 1281 static int pages_in_range(u64 address, u32 length) 1282 { 1283 return (ALIGN(address + length, PAGE_SIZE) - 1284 (address & PAGE_MASK)) >> PAGE_SHIFT; 1285 } 1286 1287 static void mlx5_ib_mr_rdma_pfault_handler(struct mlx5_ib_dev *dev, 1288 struct mlx5_pagefault *pfault) 1289 { 1290 u64 address; 1291 u32 length; 1292 u32 prefetch_len = pfault->bytes_committed; 1293 int prefetch_activated = 0; 1294 u32 rkey = pfault->rdma.r_key; 1295 int ret; 1296 1297 /* The RDMA responder handler handles the page fault in two parts. 1298 * First it brings the necessary pages for the current packet 1299 * (and uses the pfault context), and then (after resuming the QP) 1300 * prefetches more pages. The second operation cannot use the pfault 1301 * context and therefore uses the dummy_pfault context allocated on 1302 * the stack */ 1303 pfault->rdma.rdma_va += pfault->bytes_committed; 1304 pfault->rdma.rdma_op_len -= min(pfault->bytes_committed, 1305 pfault->rdma.rdma_op_len); 1306 pfault->bytes_committed = 0; 1307 1308 address = pfault->rdma.rdma_va; 1309 length = pfault->rdma.rdma_op_len; 1310 1311 /* For some operations, the hardware cannot tell the exact message 1312 * length, and in those cases it reports zero. Use prefetch 1313 * logic. */ 1314 if (length == 0) { 1315 prefetch_activated = 1; 1316 length = pfault->rdma.packet_size; 1317 prefetch_len = min(MAX_PREFETCH_LEN, prefetch_len); 1318 } 1319 1320 ret = pagefault_single_data_segment(dev, NULL, rkey, address, length, 1321 &pfault->bytes_committed, NULL); 1322 if (ret == -EAGAIN) { 1323 /* We're racing with an invalidation, don't prefetch */ 1324 prefetch_activated = 0; 1325 } else if (ret < 0 || pages_in_range(address, length) > ret) { 1326 mlx5_ib_page_fault_resume(dev, pfault, 1); 1327 if (ret != -ENOENT) 1328 mlx5_ib_dbg(dev, "PAGE FAULT error %d. QP 0x%x, type: 0x%x\n", 1329 ret, pfault->token, pfault->type); 1330 return; 1331 } 1332 1333 mlx5_ib_page_fault_resume(dev, pfault, 0); 1334 mlx5_ib_dbg(dev, "PAGE FAULT completed. QP 0x%x, type: 0x%x, prefetch_activated: %d\n", 1335 pfault->token, pfault->type, 1336 prefetch_activated); 1337 1338 /* At this point, there might be a new pagefault already arriving in 1339 * the eq, switch to the dummy pagefault for the rest of the 1340 * processing. We're still OK with the objects being alive as the 1341 * work-queue is being fenced. */ 1342 1343 if (prefetch_activated) { 1344 u32 bytes_committed = 0; 1345 1346 ret = pagefault_single_data_segment(dev, NULL, rkey, address, 1347 prefetch_len, 1348 &bytes_committed, NULL); 1349 if (ret < 0 && ret != -EAGAIN) { 1350 mlx5_ib_dbg(dev, "Prefetch failed. ret: %d, QP 0x%x, address: 0x%.16llx, length = 0x%.16x\n", 1351 ret, pfault->token, address, prefetch_len); 1352 } 1353 } 1354 } 1355 1356 static void mlx5_ib_pfault(struct mlx5_ib_dev *dev, struct mlx5_pagefault *pfault) 1357 { 1358 u8 event_subtype = pfault->event_subtype; 1359 1360 switch (event_subtype) { 1361 case MLX5_PFAULT_SUBTYPE_WQE: 1362 mlx5_ib_mr_wqe_pfault_handler(dev, pfault); 1363 break; 1364 case MLX5_PFAULT_SUBTYPE_RDMA: 1365 mlx5_ib_mr_rdma_pfault_handler(dev, pfault); 1366 break; 1367 default: 1368 mlx5_ib_err(dev, "Invalid page fault event subtype: 0x%x\n", 1369 event_subtype); 1370 mlx5_ib_page_fault_resume(dev, pfault, 1); 1371 } 1372 } 1373 1374 static void mlx5_ib_eqe_pf_action(struct work_struct *work) 1375 { 1376 struct mlx5_pagefault *pfault = container_of(work, 1377 struct mlx5_pagefault, 1378 work); 1379 struct mlx5_ib_pf_eq *eq = pfault->eq; 1380 1381 mlx5_ib_pfault(eq->dev, pfault); 1382 mempool_free(pfault, eq->pool); 1383 } 1384 1385 static void mlx5_ib_eq_pf_process(struct mlx5_ib_pf_eq *eq) 1386 { 1387 struct mlx5_eqe_page_fault *pf_eqe; 1388 struct mlx5_pagefault *pfault; 1389 struct mlx5_eqe *eqe; 1390 int cc = 0; 1391 1392 while ((eqe = mlx5_eq_get_eqe(eq->core, cc))) { 1393 pfault = mempool_alloc(eq->pool, GFP_ATOMIC); 1394 if (!pfault) { 1395 schedule_work(&eq->work); 1396 break; 1397 } 1398 1399 pf_eqe = &eqe->data.page_fault; 1400 pfault->event_subtype = eqe->sub_type; 1401 pfault->bytes_committed = be32_to_cpu(pf_eqe->bytes_committed); 1402 1403 mlx5_ib_dbg(eq->dev, 1404 "PAGE_FAULT: subtype: 0x%02x, bytes_committed: 0x%06x\n", 1405 eqe->sub_type, pfault->bytes_committed); 1406 1407 switch (eqe->sub_type) { 1408 case MLX5_PFAULT_SUBTYPE_RDMA: 1409 /* RDMA based event */ 1410 pfault->type = 1411 be32_to_cpu(pf_eqe->rdma.pftype_token) >> 24; 1412 pfault->token = 1413 be32_to_cpu(pf_eqe->rdma.pftype_token) & 1414 MLX5_24BIT_MASK; 1415 pfault->rdma.r_key = 1416 be32_to_cpu(pf_eqe->rdma.r_key); 1417 pfault->rdma.packet_size = 1418 be16_to_cpu(pf_eqe->rdma.packet_length); 1419 pfault->rdma.rdma_op_len = 1420 be32_to_cpu(pf_eqe->rdma.rdma_op_len); 1421 pfault->rdma.rdma_va = 1422 be64_to_cpu(pf_eqe->rdma.rdma_va); 1423 mlx5_ib_dbg(eq->dev, 1424 "PAGE_FAULT: type:0x%x, token: 0x%06x, r_key: 0x%08x\n", 1425 pfault->type, pfault->token, 1426 pfault->rdma.r_key); 1427 mlx5_ib_dbg(eq->dev, 1428 "PAGE_FAULT: rdma_op_len: 0x%08x, rdma_va: 0x%016llx\n", 1429 pfault->rdma.rdma_op_len, 1430 pfault->rdma.rdma_va); 1431 break; 1432 1433 case MLX5_PFAULT_SUBTYPE_WQE: 1434 /* WQE based event */ 1435 pfault->type = 1436 (be32_to_cpu(pf_eqe->wqe.pftype_wq) >> 24) & 0x7; 1437 pfault->token = 1438 be32_to_cpu(pf_eqe->wqe.token); 1439 pfault->wqe.wq_num = 1440 be32_to_cpu(pf_eqe->wqe.pftype_wq) & 1441 MLX5_24BIT_MASK; 1442 pfault->wqe.wqe_index = 1443 be16_to_cpu(pf_eqe->wqe.wqe_index); 1444 pfault->wqe.packet_size = 1445 be16_to_cpu(pf_eqe->wqe.packet_length); 1446 mlx5_ib_dbg(eq->dev, 1447 "PAGE_FAULT: type:0x%x, token: 0x%06x, wq_num: 0x%06x, wqe_index: 0x%04x\n", 1448 pfault->type, pfault->token, 1449 pfault->wqe.wq_num, 1450 pfault->wqe.wqe_index); 1451 break; 1452 1453 default: 1454 mlx5_ib_warn(eq->dev, 1455 "Unsupported page fault event sub-type: 0x%02hhx\n", 1456 eqe->sub_type); 1457 /* Unsupported page faults should still be 1458 * resolved by the page fault handler 1459 */ 1460 } 1461 1462 pfault->eq = eq; 1463 INIT_WORK(&pfault->work, mlx5_ib_eqe_pf_action); 1464 queue_work(eq->wq, &pfault->work); 1465 1466 cc = mlx5_eq_update_cc(eq->core, ++cc); 1467 } 1468 1469 mlx5_eq_update_ci(eq->core, cc, 1); 1470 } 1471 1472 static int mlx5_ib_eq_pf_int(struct notifier_block *nb, unsigned long type, 1473 void *data) 1474 { 1475 struct mlx5_ib_pf_eq *eq = 1476 container_of(nb, struct mlx5_ib_pf_eq, irq_nb); 1477 unsigned long flags; 1478 1479 if (spin_trylock_irqsave(&eq->lock, flags)) { 1480 mlx5_ib_eq_pf_process(eq); 1481 spin_unlock_irqrestore(&eq->lock, flags); 1482 } else { 1483 schedule_work(&eq->work); 1484 } 1485 1486 return IRQ_HANDLED; 1487 } 1488 1489 /* mempool_refill() was proposed but unfortunately wasn't accepted 1490 * http://lkml.iu.edu/hypermail/linux/kernel/1512.1/05073.html 1491 * Cheap workaround. 1492 */ 1493 static void mempool_refill(mempool_t *pool) 1494 { 1495 while (pool->curr_nr < pool->min_nr) 1496 mempool_free(mempool_alloc(pool, GFP_KERNEL), pool); 1497 } 1498 1499 static void mlx5_ib_eq_pf_action(struct work_struct *work) 1500 { 1501 struct mlx5_ib_pf_eq *eq = 1502 container_of(work, struct mlx5_ib_pf_eq, work); 1503 1504 mempool_refill(eq->pool); 1505 1506 spin_lock_irq(&eq->lock); 1507 mlx5_ib_eq_pf_process(eq); 1508 spin_unlock_irq(&eq->lock); 1509 } 1510 1511 enum { 1512 MLX5_IB_NUM_PF_EQE = 0x1000, 1513 MLX5_IB_NUM_PF_DRAIN = 64, 1514 }; 1515 1516 int mlx5r_odp_create_eq(struct mlx5_ib_dev *dev, struct mlx5_ib_pf_eq *eq) 1517 { 1518 struct mlx5_eq_param param = {}; 1519 int err = 0; 1520 1521 mutex_lock(&dev->odp_eq_mutex); 1522 if (eq->core) 1523 goto unlock; 1524 INIT_WORK(&eq->work, mlx5_ib_eq_pf_action); 1525 spin_lock_init(&eq->lock); 1526 eq->dev = dev; 1527 1528 eq->pool = mempool_create_kmalloc_pool(MLX5_IB_NUM_PF_DRAIN, 1529 sizeof(struct mlx5_pagefault)); 1530 if (!eq->pool) { 1531 err = -ENOMEM; 1532 goto unlock; 1533 } 1534 1535 eq->wq = alloc_workqueue("mlx5_ib_page_fault", 1536 WQ_HIGHPRI | WQ_UNBOUND | WQ_MEM_RECLAIM, 1537 MLX5_NUM_CMD_EQE); 1538 if (!eq->wq) { 1539 err = -ENOMEM; 1540 goto err_mempool; 1541 } 1542 1543 eq->irq_nb.notifier_call = mlx5_ib_eq_pf_int; 1544 param = (struct mlx5_eq_param) { 1545 .nent = MLX5_IB_NUM_PF_EQE, 1546 }; 1547 param.mask[0] = 1ull << MLX5_EVENT_TYPE_PAGE_FAULT; 1548 eq->core = mlx5_eq_create_generic(dev->mdev, ¶m); 1549 if (IS_ERR(eq->core)) { 1550 err = PTR_ERR(eq->core); 1551 goto err_wq; 1552 } 1553 err = mlx5_eq_enable(dev->mdev, eq->core, &eq->irq_nb); 1554 if (err) { 1555 mlx5_ib_err(dev, "failed to enable odp EQ %d\n", err); 1556 goto err_eq; 1557 } 1558 1559 mutex_unlock(&dev->odp_eq_mutex); 1560 return 0; 1561 err_eq: 1562 mlx5_eq_destroy_generic(dev->mdev, eq->core); 1563 err_wq: 1564 eq->core = NULL; 1565 destroy_workqueue(eq->wq); 1566 err_mempool: 1567 mempool_destroy(eq->pool); 1568 unlock: 1569 mutex_unlock(&dev->odp_eq_mutex); 1570 return err; 1571 } 1572 1573 static int 1574 mlx5_ib_odp_destroy_eq(struct mlx5_ib_dev *dev, struct mlx5_ib_pf_eq *eq) 1575 { 1576 int err; 1577 1578 if (!eq->core) 1579 return 0; 1580 mlx5_eq_disable(dev->mdev, eq->core, &eq->irq_nb); 1581 err = mlx5_eq_destroy_generic(dev->mdev, eq->core); 1582 cancel_work_sync(&eq->work); 1583 destroy_workqueue(eq->wq); 1584 mempool_destroy(eq->pool); 1585 1586 return err; 1587 } 1588 1589 int mlx5_odp_init_mkey_cache(struct mlx5_ib_dev *dev) 1590 { 1591 struct mlx5r_cache_rb_key rb_key = { 1592 .access_mode = MLX5_MKC_ACCESS_MODE_KSM, 1593 .ndescs = mlx5_imr_ksm_entries, 1594 }; 1595 struct mlx5_cache_ent *ent; 1596 1597 if (!(dev->odp_caps.general_caps & IB_ODP_SUPPORT_IMPLICIT)) 1598 return 0; 1599 1600 ent = mlx5r_cache_create_ent_locked(dev, rb_key, true); 1601 if (IS_ERR(ent)) 1602 return PTR_ERR(ent); 1603 1604 return 0; 1605 } 1606 1607 static const struct ib_device_ops mlx5_ib_dev_odp_ops = { 1608 .advise_mr = mlx5_ib_advise_mr, 1609 }; 1610 1611 int mlx5_ib_odp_init_one(struct mlx5_ib_dev *dev) 1612 { 1613 internal_fill_odp_caps(dev); 1614 1615 if (!(dev->odp_caps.general_caps & IB_ODP_SUPPORT)) 1616 return 0; 1617 1618 ib_set_device_ops(&dev->ib_dev, &mlx5_ib_dev_odp_ops); 1619 1620 mutex_init(&dev->odp_eq_mutex); 1621 return 0; 1622 } 1623 1624 void mlx5_ib_odp_cleanup_one(struct mlx5_ib_dev *dev) 1625 { 1626 if (!(dev->odp_caps.general_caps & IB_ODP_SUPPORT)) 1627 return; 1628 1629 mlx5_ib_odp_destroy_eq(dev, &dev->odp_pf_eq); 1630 } 1631 1632 int mlx5_ib_odp_init(void) 1633 { 1634 mlx5_imr_ksm_entries = BIT_ULL(get_order(TASK_SIZE) - 1635 MLX5_IMR_MTT_BITS); 1636 1637 return 0; 1638 } 1639 1640 struct prefetch_mr_work { 1641 struct work_struct work; 1642 u32 pf_flags; 1643 u32 num_sge; 1644 struct { 1645 u64 io_virt; 1646 struct mlx5_ib_mr *mr; 1647 size_t length; 1648 } frags[]; 1649 }; 1650 1651 static void destroy_prefetch_work(struct prefetch_mr_work *work) 1652 { 1653 u32 i; 1654 1655 for (i = 0; i < work->num_sge; ++i) 1656 mlx5r_deref_odp_mkey(&work->frags[i].mr->mmkey); 1657 1658 kvfree(work); 1659 } 1660 1661 static struct mlx5_ib_mr * 1662 get_prefetchable_mr(struct ib_pd *pd, enum ib_uverbs_advise_mr_advice advice, 1663 u32 lkey) 1664 { 1665 struct mlx5_ib_dev *dev = to_mdev(pd->device); 1666 struct mlx5_ib_mr *mr = NULL; 1667 struct mlx5_ib_mkey *mmkey; 1668 1669 xa_lock(&dev->odp_mkeys); 1670 mmkey = xa_load(&dev->odp_mkeys, mlx5_base_mkey(lkey)); 1671 if (!mmkey || mmkey->key != lkey) { 1672 mr = ERR_PTR(-ENOENT); 1673 goto end; 1674 } 1675 if (mmkey->type != MLX5_MKEY_MR) { 1676 mr = ERR_PTR(-EINVAL); 1677 goto end; 1678 } 1679 1680 mr = container_of(mmkey, struct mlx5_ib_mr, mmkey); 1681 1682 if (mr->ibmr.pd != pd) { 1683 mr = ERR_PTR(-EPERM); 1684 goto end; 1685 } 1686 1687 /* prefetch with write-access must be supported by the MR */ 1688 if (advice == IB_UVERBS_ADVISE_MR_ADVICE_PREFETCH_WRITE && 1689 !mr->umem->writable) { 1690 mr = ERR_PTR(-EPERM); 1691 goto end; 1692 } 1693 1694 refcount_inc(&mmkey->usecount); 1695 end: 1696 xa_unlock(&dev->odp_mkeys); 1697 return mr; 1698 } 1699 1700 static void mlx5_ib_prefetch_mr_work(struct work_struct *w) 1701 { 1702 struct prefetch_mr_work *work = 1703 container_of(w, struct prefetch_mr_work, work); 1704 u32 bytes_mapped = 0; 1705 int ret; 1706 u32 i; 1707 1708 /* We rely on IB/core that work is executed if we have num_sge != 0 only. */ 1709 WARN_ON(!work->num_sge); 1710 for (i = 0; i < work->num_sge; ++i) { 1711 ret = pagefault_mr(work->frags[i].mr, work->frags[i].io_virt, 1712 work->frags[i].length, &bytes_mapped, 1713 work->pf_flags); 1714 if (ret <= 0) 1715 continue; 1716 mlx5_update_odp_stats(work->frags[i].mr, prefetch, ret); 1717 } 1718 1719 destroy_prefetch_work(work); 1720 } 1721 1722 static int init_prefetch_work(struct ib_pd *pd, 1723 enum ib_uverbs_advise_mr_advice advice, 1724 u32 pf_flags, struct prefetch_mr_work *work, 1725 struct ib_sge *sg_list, u32 num_sge) 1726 { 1727 u32 i; 1728 1729 INIT_WORK(&work->work, mlx5_ib_prefetch_mr_work); 1730 work->pf_flags = pf_flags; 1731 1732 for (i = 0; i < num_sge; ++i) { 1733 struct mlx5_ib_mr *mr; 1734 1735 mr = get_prefetchable_mr(pd, advice, sg_list[i].lkey); 1736 if (IS_ERR(mr)) { 1737 work->num_sge = i; 1738 return PTR_ERR(mr); 1739 } 1740 work->frags[i].io_virt = sg_list[i].addr; 1741 work->frags[i].length = sg_list[i].length; 1742 work->frags[i].mr = mr; 1743 } 1744 work->num_sge = num_sge; 1745 return 0; 1746 } 1747 1748 static int mlx5_ib_prefetch_sg_list(struct ib_pd *pd, 1749 enum ib_uverbs_advise_mr_advice advice, 1750 u32 pf_flags, struct ib_sge *sg_list, 1751 u32 num_sge) 1752 { 1753 u32 bytes_mapped = 0; 1754 int ret = 0; 1755 u32 i; 1756 1757 for (i = 0; i < num_sge; ++i) { 1758 struct mlx5_ib_mr *mr; 1759 1760 mr = get_prefetchable_mr(pd, advice, sg_list[i].lkey); 1761 if (IS_ERR(mr)) 1762 return PTR_ERR(mr); 1763 ret = pagefault_mr(mr, sg_list[i].addr, sg_list[i].length, 1764 &bytes_mapped, pf_flags); 1765 if (ret < 0) { 1766 mlx5r_deref_odp_mkey(&mr->mmkey); 1767 return ret; 1768 } 1769 mlx5_update_odp_stats(mr, prefetch, ret); 1770 mlx5r_deref_odp_mkey(&mr->mmkey); 1771 } 1772 1773 return 0; 1774 } 1775 1776 int mlx5_ib_advise_mr_prefetch(struct ib_pd *pd, 1777 enum ib_uverbs_advise_mr_advice advice, 1778 u32 flags, struct ib_sge *sg_list, u32 num_sge) 1779 { 1780 u32 pf_flags = 0; 1781 struct prefetch_mr_work *work; 1782 int rc; 1783 1784 if (advice == IB_UVERBS_ADVISE_MR_ADVICE_PREFETCH) 1785 pf_flags |= MLX5_PF_FLAGS_DOWNGRADE; 1786 1787 if (advice == IB_UVERBS_ADVISE_MR_ADVICE_PREFETCH_NO_FAULT) 1788 pf_flags |= MLX5_PF_FLAGS_SNAPSHOT; 1789 1790 if (flags & IB_UVERBS_ADVISE_MR_FLAG_FLUSH) 1791 return mlx5_ib_prefetch_sg_list(pd, advice, pf_flags, sg_list, 1792 num_sge); 1793 1794 work = kvzalloc(struct_size(work, frags, num_sge), GFP_KERNEL); 1795 if (!work) 1796 return -ENOMEM; 1797 1798 rc = init_prefetch_work(pd, advice, pf_flags, work, sg_list, num_sge); 1799 if (rc) { 1800 destroy_prefetch_work(work); 1801 return rc; 1802 } 1803 queue_work(system_unbound_wq, &work->work); 1804 return 0; 1805 } 1806