1 /*
2  * Copyright (c) 2012, 2013 Intel Corporation.  All rights reserved.
3  * Copyright (c) 2006 - 2012 QLogic Corporation. All rights reserved.
4  * Copyright (c) 2005, 2006 PathScale, Inc. All rights reserved.
5  *
6  * This software is available to you under a choice of one of two
7  * licenses.  You may choose to be licensed under the terms of the GNU
8  * General Public License (GPL) Version 2, available from the file
9  * COPYING in the main directory of this source tree, or the
10  * OpenIB.org BSD license below:
11  *
12  *     Redistribution and use in source and binary forms, with or
13  *     without modification, are permitted provided that the following
14  *     conditions are met:
15  *
16  *      - Redistributions of source code must retain the above
17  *        copyright notice, this list of conditions and the following
18  *        disclaimer.
19  *
20  *      - Redistributions in binary form must reproduce the above
21  *        copyright notice, this list of conditions and the following
22  *        disclaimer in the documentation and/or other materials
23  *        provided with the distribution.
24  *
25  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
29  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
30  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
31  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32  * SOFTWARE.
33  */
34 
35 #include <rdma/ib_mad.h>
36 #include <rdma/ib_user_verbs.h>
37 #include <linux/io.h>
38 #include <linux/module.h>
39 #include <linux/utsname.h>
40 #include <linux/rculist.h>
41 #include <linux/mm.h>
42 #include <linux/random.h>
43 
44 #include "qib.h"
45 #include "qib_common.h"
46 
47 static unsigned int ib_qib_qp_table_size = 256;
48 module_param_named(qp_table_size, ib_qib_qp_table_size, uint, S_IRUGO);
49 MODULE_PARM_DESC(qp_table_size, "QP table size");
50 
51 unsigned int ib_qib_lkey_table_size = 16;
52 module_param_named(lkey_table_size, ib_qib_lkey_table_size, uint,
53 		   S_IRUGO);
54 MODULE_PARM_DESC(lkey_table_size,
55 		 "LKEY table size in bits (2^n, 1 <= n <= 23)");
56 
57 static unsigned int ib_qib_max_pds = 0xFFFF;
58 module_param_named(max_pds, ib_qib_max_pds, uint, S_IRUGO);
59 MODULE_PARM_DESC(max_pds,
60 		 "Maximum number of protection domains to support");
61 
62 static unsigned int ib_qib_max_ahs = 0xFFFF;
63 module_param_named(max_ahs, ib_qib_max_ahs, uint, S_IRUGO);
64 MODULE_PARM_DESC(max_ahs, "Maximum number of address handles to support");
65 
66 unsigned int ib_qib_max_cqes = 0x2FFFF;
67 module_param_named(max_cqes, ib_qib_max_cqes, uint, S_IRUGO);
68 MODULE_PARM_DESC(max_cqes,
69 		 "Maximum number of completion queue entries to support");
70 
71 unsigned int ib_qib_max_cqs = 0x1FFFF;
72 module_param_named(max_cqs, ib_qib_max_cqs, uint, S_IRUGO);
73 MODULE_PARM_DESC(max_cqs, "Maximum number of completion queues to support");
74 
75 unsigned int ib_qib_max_qp_wrs = 0x3FFF;
76 module_param_named(max_qp_wrs, ib_qib_max_qp_wrs, uint, S_IRUGO);
77 MODULE_PARM_DESC(max_qp_wrs, "Maximum number of QP WRs to support");
78 
79 unsigned int ib_qib_max_qps = 16384;
80 module_param_named(max_qps, ib_qib_max_qps, uint, S_IRUGO);
81 MODULE_PARM_DESC(max_qps, "Maximum number of QPs to support");
82 
83 unsigned int ib_qib_max_sges = 0x60;
84 module_param_named(max_sges, ib_qib_max_sges, uint, S_IRUGO);
85 MODULE_PARM_DESC(max_sges, "Maximum number of SGEs to support");
86 
87 unsigned int ib_qib_max_mcast_grps = 16384;
88 module_param_named(max_mcast_grps, ib_qib_max_mcast_grps, uint, S_IRUGO);
89 MODULE_PARM_DESC(max_mcast_grps,
90 		 "Maximum number of multicast groups to support");
91 
92 unsigned int ib_qib_max_mcast_qp_attached = 16;
93 module_param_named(max_mcast_qp_attached, ib_qib_max_mcast_qp_attached,
94 		   uint, S_IRUGO);
95 MODULE_PARM_DESC(max_mcast_qp_attached,
96 		 "Maximum number of attached QPs to support");
97 
98 unsigned int ib_qib_max_srqs = 1024;
99 module_param_named(max_srqs, ib_qib_max_srqs, uint, S_IRUGO);
100 MODULE_PARM_DESC(max_srqs, "Maximum number of SRQs to support");
101 
102 unsigned int ib_qib_max_srq_sges = 128;
103 module_param_named(max_srq_sges, ib_qib_max_srq_sges, uint, S_IRUGO);
104 MODULE_PARM_DESC(max_srq_sges, "Maximum number of SRQ SGEs to support");
105 
106 unsigned int ib_qib_max_srq_wrs = 0x1FFFF;
107 module_param_named(max_srq_wrs, ib_qib_max_srq_wrs, uint, S_IRUGO);
108 MODULE_PARM_DESC(max_srq_wrs, "Maximum number of SRQ WRs support");
109 
110 static unsigned int ib_qib_disable_sma;
111 module_param_named(disable_sma, ib_qib_disable_sma, uint, S_IWUSR | S_IRUGO);
112 MODULE_PARM_DESC(disable_sma, "Disable the SMA");
113 
114 /*
115  * Note that it is OK to post send work requests in the SQE and ERR
116  * states; qib_do_send() will process them and generate error
117  * completions as per IB 1.2 C10-96.
118  */
119 const int ib_qib_state_ops[IB_QPS_ERR + 1] = {
120 	[IB_QPS_RESET] = 0,
121 	[IB_QPS_INIT] = QIB_POST_RECV_OK,
122 	[IB_QPS_RTR] = QIB_POST_RECV_OK | QIB_PROCESS_RECV_OK,
123 	[IB_QPS_RTS] = QIB_POST_RECV_OK | QIB_PROCESS_RECV_OK |
124 	    QIB_POST_SEND_OK | QIB_PROCESS_SEND_OK |
125 	    QIB_PROCESS_NEXT_SEND_OK,
126 	[IB_QPS_SQD] = QIB_POST_RECV_OK | QIB_PROCESS_RECV_OK |
127 	    QIB_POST_SEND_OK | QIB_PROCESS_SEND_OK,
128 	[IB_QPS_SQE] = QIB_POST_RECV_OK | QIB_PROCESS_RECV_OK |
129 	    QIB_POST_SEND_OK | QIB_FLUSH_SEND,
130 	[IB_QPS_ERR] = QIB_POST_RECV_OK | QIB_FLUSH_RECV |
131 	    QIB_POST_SEND_OK | QIB_FLUSH_SEND,
132 };
133 
134 struct qib_ucontext {
135 	struct ib_ucontext ibucontext;
136 };
137 
138 static inline struct qib_ucontext *to_iucontext(struct ib_ucontext
139 						  *ibucontext)
140 {
141 	return container_of(ibucontext, struct qib_ucontext, ibucontext);
142 }
143 
144 /*
145  * Translate ib_wr_opcode into ib_wc_opcode.
146  */
147 const enum ib_wc_opcode ib_qib_wc_opcode[] = {
148 	[IB_WR_RDMA_WRITE] = IB_WC_RDMA_WRITE,
149 	[IB_WR_RDMA_WRITE_WITH_IMM] = IB_WC_RDMA_WRITE,
150 	[IB_WR_SEND] = IB_WC_SEND,
151 	[IB_WR_SEND_WITH_IMM] = IB_WC_SEND,
152 	[IB_WR_RDMA_READ] = IB_WC_RDMA_READ,
153 	[IB_WR_ATOMIC_CMP_AND_SWP] = IB_WC_COMP_SWAP,
154 	[IB_WR_ATOMIC_FETCH_AND_ADD] = IB_WC_FETCH_ADD
155 };
156 
157 /*
158  * System image GUID.
159  */
160 __be64 ib_qib_sys_image_guid;
161 
162 /**
163  * qib_copy_sge - copy data to SGE memory
164  * @ss: the SGE state
165  * @data: the data to copy
166  * @length: the length of the data
167  */
168 void qib_copy_sge(struct qib_sge_state *ss, void *data, u32 length, int release)
169 {
170 	struct qib_sge *sge = &ss->sge;
171 
172 	while (length) {
173 		u32 len = sge->length;
174 
175 		if (len > length)
176 			len = length;
177 		if (len > sge->sge_length)
178 			len = sge->sge_length;
179 		BUG_ON(len == 0);
180 		memcpy(sge->vaddr, data, len);
181 		sge->vaddr += len;
182 		sge->length -= len;
183 		sge->sge_length -= len;
184 		if (sge->sge_length == 0) {
185 			if (release)
186 				qib_put_mr(sge->mr);
187 			if (--ss->num_sge)
188 				*sge = *ss->sg_list++;
189 		} else if (sge->length == 0 && sge->mr->lkey) {
190 			if (++sge->n >= QIB_SEGSZ) {
191 				if (++sge->m >= sge->mr->mapsz)
192 					break;
193 				sge->n = 0;
194 			}
195 			sge->vaddr =
196 				sge->mr->map[sge->m]->segs[sge->n].vaddr;
197 			sge->length =
198 				sge->mr->map[sge->m]->segs[sge->n].length;
199 		}
200 		data += len;
201 		length -= len;
202 	}
203 }
204 
205 /**
206  * qib_skip_sge - skip over SGE memory - XXX almost dup of prev func
207  * @ss: the SGE state
208  * @length: the number of bytes to skip
209  */
210 void qib_skip_sge(struct qib_sge_state *ss, u32 length, int release)
211 {
212 	struct qib_sge *sge = &ss->sge;
213 
214 	while (length) {
215 		u32 len = sge->length;
216 
217 		if (len > length)
218 			len = length;
219 		if (len > sge->sge_length)
220 			len = sge->sge_length;
221 		BUG_ON(len == 0);
222 		sge->vaddr += len;
223 		sge->length -= len;
224 		sge->sge_length -= len;
225 		if (sge->sge_length == 0) {
226 			if (release)
227 				qib_put_mr(sge->mr);
228 			if (--ss->num_sge)
229 				*sge = *ss->sg_list++;
230 		} else if (sge->length == 0 && sge->mr->lkey) {
231 			if (++sge->n >= QIB_SEGSZ) {
232 				if (++sge->m >= sge->mr->mapsz)
233 					break;
234 				sge->n = 0;
235 			}
236 			sge->vaddr =
237 				sge->mr->map[sge->m]->segs[sge->n].vaddr;
238 			sge->length =
239 				sge->mr->map[sge->m]->segs[sge->n].length;
240 		}
241 		length -= len;
242 	}
243 }
244 
245 /*
246  * Count the number of DMA descriptors needed to send length bytes of data.
247  * Don't modify the qib_sge_state to get the count.
248  * Return zero if any of the segments is not aligned.
249  */
250 static u32 qib_count_sge(struct qib_sge_state *ss, u32 length)
251 {
252 	struct qib_sge *sg_list = ss->sg_list;
253 	struct qib_sge sge = ss->sge;
254 	u8 num_sge = ss->num_sge;
255 	u32 ndesc = 1;  /* count the header */
256 
257 	while (length) {
258 		u32 len = sge.length;
259 
260 		if (len > length)
261 			len = length;
262 		if (len > sge.sge_length)
263 			len = sge.sge_length;
264 		BUG_ON(len == 0);
265 		if (((long) sge.vaddr & (sizeof(u32) - 1)) ||
266 		    (len != length && (len & (sizeof(u32) - 1)))) {
267 			ndesc = 0;
268 			break;
269 		}
270 		ndesc++;
271 		sge.vaddr += len;
272 		sge.length -= len;
273 		sge.sge_length -= len;
274 		if (sge.sge_length == 0) {
275 			if (--num_sge)
276 				sge = *sg_list++;
277 		} else if (sge.length == 0 && sge.mr->lkey) {
278 			if (++sge.n >= QIB_SEGSZ) {
279 				if (++sge.m >= sge.mr->mapsz)
280 					break;
281 				sge.n = 0;
282 			}
283 			sge.vaddr =
284 				sge.mr->map[sge.m]->segs[sge.n].vaddr;
285 			sge.length =
286 				sge.mr->map[sge.m]->segs[sge.n].length;
287 		}
288 		length -= len;
289 	}
290 	return ndesc;
291 }
292 
293 /*
294  * Copy from the SGEs to the data buffer.
295  */
296 static void qib_copy_from_sge(void *data, struct qib_sge_state *ss, u32 length)
297 {
298 	struct qib_sge *sge = &ss->sge;
299 
300 	while (length) {
301 		u32 len = sge->length;
302 
303 		if (len > length)
304 			len = length;
305 		if (len > sge->sge_length)
306 			len = sge->sge_length;
307 		BUG_ON(len == 0);
308 		memcpy(data, sge->vaddr, len);
309 		sge->vaddr += len;
310 		sge->length -= len;
311 		sge->sge_length -= len;
312 		if (sge->sge_length == 0) {
313 			if (--ss->num_sge)
314 				*sge = *ss->sg_list++;
315 		} else if (sge->length == 0 && sge->mr->lkey) {
316 			if (++sge->n >= QIB_SEGSZ) {
317 				if (++sge->m >= sge->mr->mapsz)
318 					break;
319 				sge->n = 0;
320 			}
321 			sge->vaddr =
322 				sge->mr->map[sge->m]->segs[sge->n].vaddr;
323 			sge->length =
324 				sge->mr->map[sge->m]->segs[sge->n].length;
325 		}
326 		data += len;
327 		length -= len;
328 	}
329 }
330 
331 /**
332  * qib_post_one_send - post one RC, UC, or UD send work request
333  * @qp: the QP to post on
334  * @wr: the work request to send
335  */
336 static int qib_post_one_send(struct qib_qp *qp, struct ib_send_wr *wr,
337 	int *scheduled)
338 {
339 	struct qib_swqe *wqe;
340 	u32 next;
341 	int i;
342 	int j;
343 	int acc;
344 	int ret;
345 	unsigned long flags;
346 	struct qib_lkey_table *rkt;
347 	struct qib_pd *pd;
348 
349 	spin_lock_irqsave(&qp->s_lock, flags);
350 
351 	/* Check that state is OK to post send. */
352 	if (unlikely(!(ib_qib_state_ops[qp->state] & QIB_POST_SEND_OK)))
353 		goto bail_inval;
354 
355 	/* IB spec says that num_sge == 0 is OK. */
356 	if (wr->num_sge > qp->s_max_sge)
357 		goto bail_inval;
358 
359 	/*
360 	 * Don't allow RDMA reads or atomic operations on UC or
361 	 * undefined operations.
362 	 * Make sure buffer is large enough to hold the result for atomics.
363 	 */
364 	if (wr->opcode == IB_WR_FAST_REG_MR) {
365 		if (qib_fast_reg_mr(qp, wr))
366 			goto bail_inval;
367 	} else if (qp->ibqp.qp_type == IB_QPT_UC) {
368 		if ((unsigned) wr->opcode >= IB_WR_RDMA_READ)
369 			goto bail_inval;
370 	} else if (qp->ibqp.qp_type != IB_QPT_RC) {
371 		/* Check IB_QPT_SMI, IB_QPT_GSI, IB_QPT_UD opcode */
372 		if (wr->opcode != IB_WR_SEND &&
373 		    wr->opcode != IB_WR_SEND_WITH_IMM)
374 			goto bail_inval;
375 		/* Check UD destination address PD */
376 		if (qp->ibqp.pd != wr->wr.ud.ah->pd)
377 			goto bail_inval;
378 	} else if ((unsigned) wr->opcode > IB_WR_ATOMIC_FETCH_AND_ADD)
379 		goto bail_inval;
380 	else if (wr->opcode >= IB_WR_ATOMIC_CMP_AND_SWP &&
381 		   (wr->num_sge == 0 ||
382 		    wr->sg_list[0].length < sizeof(u64) ||
383 		    wr->sg_list[0].addr & (sizeof(u64) - 1)))
384 		goto bail_inval;
385 	else if (wr->opcode >= IB_WR_RDMA_READ && !qp->s_max_rd_atomic)
386 		goto bail_inval;
387 
388 	next = qp->s_head + 1;
389 	if (next >= qp->s_size)
390 		next = 0;
391 	if (next == qp->s_last) {
392 		ret = -ENOMEM;
393 		goto bail;
394 	}
395 
396 	rkt = &to_idev(qp->ibqp.device)->lk_table;
397 	pd = to_ipd(qp->ibqp.pd);
398 	wqe = get_swqe_ptr(qp, qp->s_head);
399 	wqe->wr = *wr;
400 	wqe->length = 0;
401 	j = 0;
402 	if (wr->num_sge) {
403 		acc = wr->opcode >= IB_WR_RDMA_READ ?
404 			IB_ACCESS_LOCAL_WRITE : 0;
405 		for (i = 0; i < wr->num_sge; i++) {
406 			u32 length = wr->sg_list[i].length;
407 			int ok;
408 
409 			if (length == 0)
410 				continue;
411 			ok = qib_lkey_ok(rkt, pd, &wqe->sg_list[j],
412 					 &wr->sg_list[i], acc);
413 			if (!ok)
414 				goto bail_inval_free;
415 			wqe->length += length;
416 			j++;
417 		}
418 		wqe->wr.num_sge = j;
419 	}
420 	if (qp->ibqp.qp_type == IB_QPT_UC ||
421 	    qp->ibqp.qp_type == IB_QPT_RC) {
422 		if (wqe->length > 0x80000000U)
423 			goto bail_inval_free;
424 	} else if (wqe->length > (dd_from_ibdev(qp->ibqp.device)->pport +
425 				  qp->port_num - 1)->ibmtu)
426 		goto bail_inval_free;
427 	else
428 		atomic_inc(&to_iah(wr->wr.ud.ah)->refcount);
429 	wqe->ssn = qp->s_ssn++;
430 	qp->s_head = next;
431 
432 	ret = 0;
433 	goto bail;
434 
435 bail_inval_free:
436 	while (j) {
437 		struct qib_sge *sge = &wqe->sg_list[--j];
438 
439 		qib_put_mr(sge->mr);
440 	}
441 bail_inval:
442 	ret = -EINVAL;
443 bail:
444 	if (!ret && !wr->next &&
445 	 !qib_sdma_empty(
446 	   dd_from_ibdev(qp->ibqp.device)->pport + qp->port_num - 1)) {
447 		qib_schedule_send(qp);
448 		*scheduled = 1;
449 	}
450 	spin_unlock_irqrestore(&qp->s_lock, flags);
451 	return ret;
452 }
453 
454 /**
455  * qib_post_send - post a send on a QP
456  * @ibqp: the QP to post the send on
457  * @wr: the list of work requests to post
458  * @bad_wr: the first bad WR is put here
459  *
460  * This may be called from interrupt context.
461  */
462 static int qib_post_send(struct ib_qp *ibqp, struct ib_send_wr *wr,
463 			 struct ib_send_wr **bad_wr)
464 {
465 	struct qib_qp *qp = to_iqp(ibqp);
466 	int err = 0;
467 	int scheduled = 0;
468 
469 	for (; wr; wr = wr->next) {
470 		err = qib_post_one_send(qp, wr, &scheduled);
471 		if (err) {
472 			*bad_wr = wr;
473 			goto bail;
474 		}
475 	}
476 
477 	/* Try to do the send work in the caller's context. */
478 	if (!scheduled)
479 		qib_do_send(&qp->s_work);
480 
481 bail:
482 	return err;
483 }
484 
485 /**
486  * qib_post_receive - post a receive on a QP
487  * @ibqp: the QP to post the receive on
488  * @wr: the WR to post
489  * @bad_wr: the first bad WR is put here
490  *
491  * This may be called from interrupt context.
492  */
493 static int qib_post_receive(struct ib_qp *ibqp, struct ib_recv_wr *wr,
494 			    struct ib_recv_wr **bad_wr)
495 {
496 	struct qib_qp *qp = to_iqp(ibqp);
497 	struct qib_rwq *wq = qp->r_rq.wq;
498 	unsigned long flags;
499 	int ret;
500 
501 	/* Check that state is OK to post receive. */
502 	if (!(ib_qib_state_ops[qp->state] & QIB_POST_RECV_OK) || !wq) {
503 		*bad_wr = wr;
504 		ret = -EINVAL;
505 		goto bail;
506 	}
507 
508 	for (; wr; wr = wr->next) {
509 		struct qib_rwqe *wqe;
510 		u32 next;
511 		int i;
512 
513 		if ((unsigned) wr->num_sge > qp->r_rq.max_sge) {
514 			*bad_wr = wr;
515 			ret = -EINVAL;
516 			goto bail;
517 		}
518 
519 		spin_lock_irqsave(&qp->r_rq.lock, flags);
520 		next = wq->head + 1;
521 		if (next >= qp->r_rq.size)
522 			next = 0;
523 		if (next == wq->tail) {
524 			spin_unlock_irqrestore(&qp->r_rq.lock, flags);
525 			*bad_wr = wr;
526 			ret = -ENOMEM;
527 			goto bail;
528 		}
529 
530 		wqe = get_rwqe_ptr(&qp->r_rq, wq->head);
531 		wqe->wr_id = wr->wr_id;
532 		wqe->num_sge = wr->num_sge;
533 		for (i = 0; i < wr->num_sge; i++)
534 			wqe->sg_list[i] = wr->sg_list[i];
535 		/* Make sure queue entry is written before the head index. */
536 		smp_wmb();
537 		wq->head = next;
538 		spin_unlock_irqrestore(&qp->r_rq.lock, flags);
539 	}
540 	ret = 0;
541 
542 bail:
543 	return ret;
544 }
545 
546 /**
547  * qib_qp_rcv - processing an incoming packet on a QP
548  * @rcd: the context pointer
549  * @hdr: the packet header
550  * @has_grh: true if the packet has a GRH
551  * @data: the packet data
552  * @tlen: the packet length
553  * @qp: the QP the packet came on
554  *
555  * This is called from qib_ib_rcv() to process an incoming packet
556  * for the given QP.
557  * Called at interrupt level.
558  */
559 static void qib_qp_rcv(struct qib_ctxtdata *rcd, struct qib_ib_header *hdr,
560 		       int has_grh, void *data, u32 tlen, struct qib_qp *qp)
561 {
562 	struct qib_ibport *ibp = &rcd->ppd->ibport_data;
563 
564 	spin_lock(&qp->r_lock);
565 
566 	/* Check for valid receive state. */
567 	if (!(ib_qib_state_ops[qp->state] & QIB_PROCESS_RECV_OK)) {
568 		ibp->n_pkt_drops++;
569 		goto unlock;
570 	}
571 
572 	switch (qp->ibqp.qp_type) {
573 	case IB_QPT_SMI:
574 	case IB_QPT_GSI:
575 		if (ib_qib_disable_sma)
576 			break;
577 		/* FALLTHROUGH */
578 	case IB_QPT_UD:
579 		qib_ud_rcv(ibp, hdr, has_grh, data, tlen, qp);
580 		break;
581 
582 	case IB_QPT_RC:
583 		qib_rc_rcv(rcd, hdr, has_grh, data, tlen, qp);
584 		break;
585 
586 	case IB_QPT_UC:
587 		qib_uc_rcv(ibp, hdr, has_grh, data, tlen, qp);
588 		break;
589 
590 	default:
591 		break;
592 	}
593 
594 unlock:
595 	spin_unlock(&qp->r_lock);
596 }
597 
598 /**
599  * qib_ib_rcv - process an incoming packet
600  * @rcd: the context pointer
601  * @rhdr: the header of the packet
602  * @data: the packet payload
603  * @tlen: the packet length
604  *
605  * This is called from qib_kreceive() to process an incoming packet at
606  * interrupt level. Tlen is the length of the header + data + CRC in bytes.
607  */
608 void qib_ib_rcv(struct qib_ctxtdata *rcd, void *rhdr, void *data, u32 tlen)
609 {
610 	struct qib_pportdata *ppd = rcd->ppd;
611 	struct qib_ibport *ibp = &ppd->ibport_data;
612 	struct qib_ib_header *hdr = rhdr;
613 	struct qib_other_headers *ohdr;
614 	struct qib_qp *qp;
615 	u32 qp_num;
616 	int lnh;
617 	u8 opcode;
618 	u16 lid;
619 
620 	/* 24 == LRH+BTH+CRC */
621 	if (unlikely(tlen < 24))
622 		goto drop;
623 
624 	/* Check for a valid destination LID (see ch. 7.11.1). */
625 	lid = be16_to_cpu(hdr->lrh[1]);
626 	if (lid < QIB_MULTICAST_LID_BASE) {
627 		lid &= ~((1 << ppd->lmc) - 1);
628 		if (unlikely(lid != ppd->lid))
629 			goto drop;
630 	}
631 
632 	/* Check for GRH */
633 	lnh = be16_to_cpu(hdr->lrh[0]) & 3;
634 	if (lnh == QIB_LRH_BTH)
635 		ohdr = &hdr->u.oth;
636 	else if (lnh == QIB_LRH_GRH) {
637 		u32 vtf;
638 
639 		ohdr = &hdr->u.l.oth;
640 		if (hdr->u.l.grh.next_hdr != IB_GRH_NEXT_HDR)
641 			goto drop;
642 		vtf = be32_to_cpu(hdr->u.l.grh.version_tclass_flow);
643 		if ((vtf >> IB_GRH_VERSION_SHIFT) != IB_GRH_VERSION)
644 			goto drop;
645 	} else
646 		goto drop;
647 
648 	opcode = (be32_to_cpu(ohdr->bth[0]) >> 24) & 0x7f;
649 #ifdef CONFIG_DEBUG_FS
650 	rcd->opstats->stats[opcode].n_bytes += tlen;
651 	rcd->opstats->stats[opcode].n_packets++;
652 #endif
653 
654 	/* Get the destination QP number. */
655 	qp_num = be32_to_cpu(ohdr->bth[1]) & QIB_QPN_MASK;
656 	if (qp_num == QIB_MULTICAST_QPN) {
657 		struct qib_mcast *mcast;
658 		struct qib_mcast_qp *p;
659 
660 		if (lnh != QIB_LRH_GRH)
661 			goto drop;
662 		mcast = qib_mcast_find(ibp, &hdr->u.l.grh.dgid);
663 		if (mcast == NULL)
664 			goto drop;
665 		this_cpu_inc(ibp->pmastats->n_multicast_rcv);
666 		list_for_each_entry_rcu(p, &mcast->qp_list, list)
667 			qib_qp_rcv(rcd, hdr, 1, data, tlen, p->qp);
668 		/*
669 		 * Notify qib_multicast_detach() if it is waiting for us
670 		 * to finish.
671 		 */
672 		if (atomic_dec_return(&mcast->refcount) <= 1)
673 			wake_up(&mcast->wait);
674 	} else {
675 		if (rcd->lookaside_qp) {
676 			if (rcd->lookaside_qpn != qp_num) {
677 				if (atomic_dec_and_test(
678 					&rcd->lookaside_qp->refcount))
679 					wake_up(
680 					 &rcd->lookaside_qp->wait);
681 				rcd->lookaside_qp = NULL;
682 			}
683 		}
684 		if (!rcd->lookaside_qp) {
685 			qp = qib_lookup_qpn(ibp, qp_num);
686 			if (!qp)
687 				goto drop;
688 			rcd->lookaside_qp = qp;
689 			rcd->lookaside_qpn = qp_num;
690 		} else
691 			qp = rcd->lookaside_qp;
692 		this_cpu_inc(ibp->pmastats->n_unicast_rcv);
693 		qib_qp_rcv(rcd, hdr, lnh == QIB_LRH_GRH, data, tlen, qp);
694 	}
695 	return;
696 
697 drop:
698 	ibp->n_pkt_drops++;
699 }
700 
701 /*
702  * This is called from a timer to check for QPs
703  * which need kernel memory in order to send a packet.
704  */
705 static void mem_timer(unsigned long data)
706 {
707 	struct qib_ibdev *dev = (struct qib_ibdev *) data;
708 	struct list_head *list = &dev->memwait;
709 	struct qib_qp *qp = NULL;
710 	unsigned long flags;
711 
712 	spin_lock_irqsave(&dev->pending_lock, flags);
713 	if (!list_empty(list)) {
714 		qp = list_entry(list->next, struct qib_qp, iowait);
715 		list_del_init(&qp->iowait);
716 		atomic_inc(&qp->refcount);
717 		if (!list_empty(list))
718 			mod_timer(&dev->mem_timer, jiffies + 1);
719 	}
720 	spin_unlock_irqrestore(&dev->pending_lock, flags);
721 
722 	if (qp) {
723 		spin_lock_irqsave(&qp->s_lock, flags);
724 		if (qp->s_flags & QIB_S_WAIT_KMEM) {
725 			qp->s_flags &= ~QIB_S_WAIT_KMEM;
726 			qib_schedule_send(qp);
727 		}
728 		spin_unlock_irqrestore(&qp->s_lock, flags);
729 		if (atomic_dec_and_test(&qp->refcount))
730 			wake_up(&qp->wait);
731 	}
732 }
733 
734 static void update_sge(struct qib_sge_state *ss, u32 length)
735 {
736 	struct qib_sge *sge = &ss->sge;
737 
738 	sge->vaddr += length;
739 	sge->length -= length;
740 	sge->sge_length -= length;
741 	if (sge->sge_length == 0) {
742 		if (--ss->num_sge)
743 			*sge = *ss->sg_list++;
744 	} else if (sge->length == 0 && sge->mr->lkey) {
745 		if (++sge->n >= QIB_SEGSZ) {
746 			if (++sge->m >= sge->mr->mapsz)
747 				return;
748 			sge->n = 0;
749 		}
750 		sge->vaddr = sge->mr->map[sge->m]->segs[sge->n].vaddr;
751 		sge->length = sge->mr->map[sge->m]->segs[sge->n].length;
752 	}
753 }
754 
755 #ifdef __LITTLE_ENDIAN
756 static inline u32 get_upper_bits(u32 data, u32 shift)
757 {
758 	return data >> shift;
759 }
760 
761 static inline u32 set_upper_bits(u32 data, u32 shift)
762 {
763 	return data << shift;
764 }
765 
766 static inline u32 clear_upper_bytes(u32 data, u32 n, u32 off)
767 {
768 	data <<= ((sizeof(u32) - n) * BITS_PER_BYTE);
769 	data >>= ((sizeof(u32) - n - off) * BITS_PER_BYTE);
770 	return data;
771 }
772 #else
773 static inline u32 get_upper_bits(u32 data, u32 shift)
774 {
775 	return data << shift;
776 }
777 
778 static inline u32 set_upper_bits(u32 data, u32 shift)
779 {
780 	return data >> shift;
781 }
782 
783 static inline u32 clear_upper_bytes(u32 data, u32 n, u32 off)
784 {
785 	data >>= ((sizeof(u32) - n) * BITS_PER_BYTE);
786 	data <<= ((sizeof(u32) - n - off) * BITS_PER_BYTE);
787 	return data;
788 }
789 #endif
790 
791 static void copy_io(u32 __iomem *piobuf, struct qib_sge_state *ss,
792 		    u32 length, unsigned flush_wc)
793 {
794 	u32 extra = 0;
795 	u32 data = 0;
796 	u32 last;
797 
798 	while (1) {
799 		u32 len = ss->sge.length;
800 		u32 off;
801 
802 		if (len > length)
803 			len = length;
804 		if (len > ss->sge.sge_length)
805 			len = ss->sge.sge_length;
806 		BUG_ON(len == 0);
807 		/* If the source address is not aligned, try to align it. */
808 		off = (unsigned long)ss->sge.vaddr & (sizeof(u32) - 1);
809 		if (off) {
810 			u32 *addr = (u32 *)((unsigned long)ss->sge.vaddr &
811 					    ~(sizeof(u32) - 1));
812 			u32 v = get_upper_bits(*addr, off * BITS_PER_BYTE);
813 			u32 y;
814 
815 			y = sizeof(u32) - off;
816 			if (len > y)
817 				len = y;
818 			if (len + extra >= sizeof(u32)) {
819 				data |= set_upper_bits(v, extra *
820 						       BITS_PER_BYTE);
821 				len = sizeof(u32) - extra;
822 				if (len == length) {
823 					last = data;
824 					break;
825 				}
826 				__raw_writel(data, piobuf);
827 				piobuf++;
828 				extra = 0;
829 				data = 0;
830 			} else {
831 				/* Clear unused upper bytes */
832 				data |= clear_upper_bytes(v, len, extra);
833 				if (len == length) {
834 					last = data;
835 					break;
836 				}
837 				extra += len;
838 			}
839 		} else if (extra) {
840 			/* Source address is aligned. */
841 			u32 *addr = (u32 *) ss->sge.vaddr;
842 			int shift = extra * BITS_PER_BYTE;
843 			int ushift = 32 - shift;
844 			u32 l = len;
845 
846 			while (l >= sizeof(u32)) {
847 				u32 v = *addr;
848 
849 				data |= set_upper_bits(v, shift);
850 				__raw_writel(data, piobuf);
851 				data = get_upper_bits(v, ushift);
852 				piobuf++;
853 				addr++;
854 				l -= sizeof(u32);
855 			}
856 			/*
857 			 * We still have 'extra' number of bytes leftover.
858 			 */
859 			if (l) {
860 				u32 v = *addr;
861 
862 				if (l + extra >= sizeof(u32)) {
863 					data |= set_upper_bits(v, shift);
864 					len -= l + extra - sizeof(u32);
865 					if (len == length) {
866 						last = data;
867 						break;
868 					}
869 					__raw_writel(data, piobuf);
870 					piobuf++;
871 					extra = 0;
872 					data = 0;
873 				} else {
874 					/* Clear unused upper bytes */
875 					data |= clear_upper_bytes(v, l, extra);
876 					if (len == length) {
877 						last = data;
878 						break;
879 					}
880 					extra += l;
881 				}
882 			} else if (len == length) {
883 				last = data;
884 				break;
885 			}
886 		} else if (len == length) {
887 			u32 w;
888 
889 			/*
890 			 * Need to round up for the last dword in the
891 			 * packet.
892 			 */
893 			w = (len + 3) >> 2;
894 			qib_pio_copy(piobuf, ss->sge.vaddr, w - 1);
895 			piobuf += w - 1;
896 			last = ((u32 *) ss->sge.vaddr)[w - 1];
897 			break;
898 		} else {
899 			u32 w = len >> 2;
900 
901 			qib_pio_copy(piobuf, ss->sge.vaddr, w);
902 			piobuf += w;
903 
904 			extra = len & (sizeof(u32) - 1);
905 			if (extra) {
906 				u32 v = ((u32 *) ss->sge.vaddr)[w];
907 
908 				/* Clear unused upper bytes */
909 				data = clear_upper_bytes(v, extra, 0);
910 			}
911 		}
912 		update_sge(ss, len);
913 		length -= len;
914 	}
915 	/* Update address before sending packet. */
916 	update_sge(ss, length);
917 	if (flush_wc) {
918 		/* must flush early everything before trigger word */
919 		qib_flush_wc();
920 		__raw_writel(last, piobuf);
921 		/* be sure trigger word is written */
922 		qib_flush_wc();
923 	} else
924 		__raw_writel(last, piobuf);
925 }
926 
927 static noinline struct qib_verbs_txreq *__get_txreq(struct qib_ibdev *dev,
928 					   struct qib_qp *qp)
929 {
930 	struct qib_verbs_txreq *tx;
931 	unsigned long flags;
932 
933 	spin_lock_irqsave(&qp->s_lock, flags);
934 	spin_lock(&dev->pending_lock);
935 
936 	if (!list_empty(&dev->txreq_free)) {
937 		struct list_head *l = dev->txreq_free.next;
938 
939 		list_del(l);
940 		spin_unlock(&dev->pending_lock);
941 		spin_unlock_irqrestore(&qp->s_lock, flags);
942 		tx = list_entry(l, struct qib_verbs_txreq, txreq.list);
943 	} else {
944 		if (ib_qib_state_ops[qp->state] & QIB_PROCESS_RECV_OK &&
945 		    list_empty(&qp->iowait)) {
946 			dev->n_txwait++;
947 			qp->s_flags |= QIB_S_WAIT_TX;
948 			list_add_tail(&qp->iowait, &dev->txwait);
949 		}
950 		qp->s_flags &= ~QIB_S_BUSY;
951 		spin_unlock(&dev->pending_lock);
952 		spin_unlock_irqrestore(&qp->s_lock, flags);
953 		tx = ERR_PTR(-EBUSY);
954 	}
955 	return tx;
956 }
957 
958 static inline struct qib_verbs_txreq *get_txreq(struct qib_ibdev *dev,
959 					 struct qib_qp *qp)
960 {
961 	struct qib_verbs_txreq *tx;
962 	unsigned long flags;
963 
964 	spin_lock_irqsave(&dev->pending_lock, flags);
965 	/* assume the list non empty */
966 	if (likely(!list_empty(&dev->txreq_free))) {
967 		struct list_head *l = dev->txreq_free.next;
968 
969 		list_del(l);
970 		spin_unlock_irqrestore(&dev->pending_lock, flags);
971 		tx = list_entry(l, struct qib_verbs_txreq, txreq.list);
972 	} else {
973 		/* call slow path to get the extra lock */
974 		spin_unlock_irqrestore(&dev->pending_lock, flags);
975 		tx =  __get_txreq(dev, qp);
976 	}
977 	return tx;
978 }
979 
980 void qib_put_txreq(struct qib_verbs_txreq *tx)
981 {
982 	struct qib_ibdev *dev;
983 	struct qib_qp *qp;
984 	unsigned long flags;
985 
986 	qp = tx->qp;
987 	dev = to_idev(qp->ibqp.device);
988 
989 	if (atomic_dec_and_test(&qp->refcount))
990 		wake_up(&qp->wait);
991 	if (tx->mr) {
992 		qib_put_mr(tx->mr);
993 		tx->mr = NULL;
994 	}
995 	if (tx->txreq.flags & QIB_SDMA_TXREQ_F_FREEBUF) {
996 		tx->txreq.flags &= ~QIB_SDMA_TXREQ_F_FREEBUF;
997 		dma_unmap_single(&dd_from_dev(dev)->pcidev->dev,
998 				 tx->txreq.addr, tx->hdr_dwords << 2,
999 				 DMA_TO_DEVICE);
1000 		kfree(tx->align_buf);
1001 	}
1002 
1003 	spin_lock_irqsave(&dev->pending_lock, flags);
1004 
1005 	/* Put struct back on free list */
1006 	list_add(&tx->txreq.list, &dev->txreq_free);
1007 
1008 	if (!list_empty(&dev->txwait)) {
1009 		/* Wake up first QP wanting a free struct */
1010 		qp = list_entry(dev->txwait.next, struct qib_qp, iowait);
1011 		list_del_init(&qp->iowait);
1012 		atomic_inc(&qp->refcount);
1013 		spin_unlock_irqrestore(&dev->pending_lock, flags);
1014 
1015 		spin_lock_irqsave(&qp->s_lock, flags);
1016 		if (qp->s_flags & QIB_S_WAIT_TX) {
1017 			qp->s_flags &= ~QIB_S_WAIT_TX;
1018 			qib_schedule_send(qp);
1019 		}
1020 		spin_unlock_irqrestore(&qp->s_lock, flags);
1021 
1022 		if (atomic_dec_and_test(&qp->refcount))
1023 			wake_up(&qp->wait);
1024 	} else
1025 		spin_unlock_irqrestore(&dev->pending_lock, flags);
1026 }
1027 
1028 /*
1029  * This is called when there are send DMA descriptors that might be
1030  * available.
1031  *
1032  * This is called with ppd->sdma_lock held.
1033  */
1034 void qib_verbs_sdma_desc_avail(struct qib_pportdata *ppd, unsigned avail)
1035 {
1036 	struct qib_qp *qp, *nqp;
1037 	struct qib_qp *qps[20];
1038 	struct qib_ibdev *dev;
1039 	unsigned i, n;
1040 
1041 	n = 0;
1042 	dev = &ppd->dd->verbs_dev;
1043 	spin_lock(&dev->pending_lock);
1044 
1045 	/* Search wait list for first QP wanting DMA descriptors. */
1046 	list_for_each_entry_safe(qp, nqp, &dev->dmawait, iowait) {
1047 		if (qp->port_num != ppd->port)
1048 			continue;
1049 		if (n == ARRAY_SIZE(qps))
1050 			break;
1051 		if (qp->s_tx->txreq.sg_count > avail)
1052 			break;
1053 		avail -= qp->s_tx->txreq.sg_count;
1054 		list_del_init(&qp->iowait);
1055 		atomic_inc(&qp->refcount);
1056 		qps[n++] = qp;
1057 	}
1058 
1059 	spin_unlock(&dev->pending_lock);
1060 
1061 	for (i = 0; i < n; i++) {
1062 		qp = qps[i];
1063 		spin_lock(&qp->s_lock);
1064 		if (qp->s_flags & QIB_S_WAIT_DMA_DESC) {
1065 			qp->s_flags &= ~QIB_S_WAIT_DMA_DESC;
1066 			qib_schedule_send(qp);
1067 		}
1068 		spin_unlock(&qp->s_lock);
1069 		if (atomic_dec_and_test(&qp->refcount))
1070 			wake_up(&qp->wait);
1071 	}
1072 }
1073 
1074 /*
1075  * This is called with ppd->sdma_lock held.
1076  */
1077 static void sdma_complete(struct qib_sdma_txreq *cookie, int status)
1078 {
1079 	struct qib_verbs_txreq *tx =
1080 		container_of(cookie, struct qib_verbs_txreq, txreq);
1081 	struct qib_qp *qp = tx->qp;
1082 
1083 	spin_lock(&qp->s_lock);
1084 	if (tx->wqe)
1085 		qib_send_complete(qp, tx->wqe, IB_WC_SUCCESS);
1086 	else if (qp->ibqp.qp_type == IB_QPT_RC) {
1087 		struct qib_ib_header *hdr;
1088 
1089 		if (tx->txreq.flags & QIB_SDMA_TXREQ_F_FREEBUF)
1090 			hdr = &tx->align_buf->hdr;
1091 		else {
1092 			struct qib_ibdev *dev = to_idev(qp->ibqp.device);
1093 
1094 			hdr = &dev->pio_hdrs[tx->hdr_inx].hdr;
1095 		}
1096 		qib_rc_send_complete(qp, hdr);
1097 	}
1098 	if (atomic_dec_and_test(&qp->s_dma_busy)) {
1099 		if (qp->state == IB_QPS_RESET)
1100 			wake_up(&qp->wait_dma);
1101 		else if (qp->s_flags & QIB_S_WAIT_DMA) {
1102 			qp->s_flags &= ~QIB_S_WAIT_DMA;
1103 			qib_schedule_send(qp);
1104 		}
1105 	}
1106 	spin_unlock(&qp->s_lock);
1107 
1108 	qib_put_txreq(tx);
1109 }
1110 
1111 static int wait_kmem(struct qib_ibdev *dev, struct qib_qp *qp)
1112 {
1113 	unsigned long flags;
1114 	int ret = 0;
1115 
1116 	spin_lock_irqsave(&qp->s_lock, flags);
1117 	if (ib_qib_state_ops[qp->state] & QIB_PROCESS_RECV_OK) {
1118 		spin_lock(&dev->pending_lock);
1119 		if (list_empty(&qp->iowait)) {
1120 			if (list_empty(&dev->memwait))
1121 				mod_timer(&dev->mem_timer, jiffies + 1);
1122 			qp->s_flags |= QIB_S_WAIT_KMEM;
1123 			list_add_tail(&qp->iowait, &dev->memwait);
1124 		}
1125 		spin_unlock(&dev->pending_lock);
1126 		qp->s_flags &= ~QIB_S_BUSY;
1127 		ret = -EBUSY;
1128 	}
1129 	spin_unlock_irqrestore(&qp->s_lock, flags);
1130 
1131 	return ret;
1132 }
1133 
1134 static int qib_verbs_send_dma(struct qib_qp *qp, struct qib_ib_header *hdr,
1135 			      u32 hdrwords, struct qib_sge_state *ss, u32 len,
1136 			      u32 plen, u32 dwords)
1137 {
1138 	struct qib_ibdev *dev = to_idev(qp->ibqp.device);
1139 	struct qib_devdata *dd = dd_from_dev(dev);
1140 	struct qib_ibport *ibp = to_iport(qp->ibqp.device, qp->port_num);
1141 	struct qib_pportdata *ppd = ppd_from_ibp(ibp);
1142 	struct qib_verbs_txreq *tx;
1143 	struct qib_pio_header *phdr;
1144 	u32 control;
1145 	u32 ndesc;
1146 	int ret;
1147 
1148 	tx = qp->s_tx;
1149 	if (tx) {
1150 		qp->s_tx = NULL;
1151 		/* resend previously constructed packet */
1152 		ret = qib_sdma_verbs_send(ppd, tx->ss, tx->dwords, tx);
1153 		goto bail;
1154 	}
1155 
1156 	tx = get_txreq(dev, qp);
1157 	if (IS_ERR(tx))
1158 		goto bail_tx;
1159 
1160 	control = dd->f_setpbc_control(ppd, plen, qp->s_srate,
1161 				       be16_to_cpu(hdr->lrh[0]) >> 12);
1162 	tx->qp = qp;
1163 	atomic_inc(&qp->refcount);
1164 	tx->wqe = qp->s_wqe;
1165 	tx->mr = qp->s_rdma_mr;
1166 	if (qp->s_rdma_mr)
1167 		qp->s_rdma_mr = NULL;
1168 	tx->txreq.callback = sdma_complete;
1169 	if (dd->flags & QIB_HAS_SDMA_TIMEOUT)
1170 		tx->txreq.flags = QIB_SDMA_TXREQ_F_HEADTOHOST;
1171 	else
1172 		tx->txreq.flags = QIB_SDMA_TXREQ_F_INTREQ;
1173 	if (plen + 1 > dd->piosize2kmax_dwords)
1174 		tx->txreq.flags |= QIB_SDMA_TXREQ_F_USELARGEBUF;
1175 
1176 	if (len) {
1177 		/*
1178 		 * Don't try to DMA if it takes more descriptors than
1179 		 * the queue holds.
1180 		 */
1181 		ndesc = qib_count_sge(ss, len);
1182 		if (ndesc >= ppd->sdma_descq_cnt)
1183 			ndesc = 0;
1184 	} else
1185 		ndesc = 1;
1186 	if (ndesc) {
1187 		phdr = &dev->pio_hdrs[tx->hdr_inx];
1188 		phdr->pbc[0] = cpu_to_le32(plen);
1189 		phdr->pbc[1] = cpu_to_le32(control);
1190 		memcpy(&phdr->hdr, hdr, hdrwords << 2);
1191 		tx->txreq.flags |= QIB_SDMA_TXREQ_F_FREEDESC;
1192 		tx->txreq.sg_count = ndesc;
1193 		tx->txreq.addr = dev->pio_hdrs_phys +
1194 			tx->hdr_inx * sizeof(struct qib_pio_header);
1195 		tx->hdr_dwords = hdrwords + 2; /* add PBC length */
1196 		ret = qib_sdma_verbs_send(ppd, ss, dwords, tx);
1197 		goto bail;
1198 	}
1199 
1200 	/* Allocate a buffer and copy the header and payload to it. */
1201 	tx->hdr_dwords = plen + 1;
1202 	phdr = kmalloc(tx->hdr_dwords << 2, GFP_ATOMIC);
1203 	if (!phdr)
1204 		goto err_tx;
1205 	phdr->pbc[0] = cpu_to_le32(plen);
1206 	phdr->pbc[1] = cpu_to_le32(control);
1207 	memcpy(&phdr->hdr, hdr, hdrwords << 2);
1208 	qib_copy_from_sge((u32 *) &phdr->hdr + hdrwords, ss, len);
1209 
1210 	tx->txreq.addr = dma_map_single(&dd->pcidev->dev, phdr,
1211 					tx->hdr_dwords << 2, DMA_TO_DEVICE);
1212 	if (dma_mapping_error(&dd->pcidev->dev, tx->txreq.addr))
1213 		goto map_err;
1214 	tx->align_buf = phdr;
1215 	tx->txreq.flags |= QIB_SDMA_TXREQ_F_FREEBUF;
1216 	tx->txreq.sg_count = 1;
1217 	ret = qib_sdma_verbs_send(ppd, NULL, 0, tx);
1218 	goto unaligned;
1219 
1220 map_err:
1221 	kfree(phdr);
1222 err_tx:
1223 	qib_put_txreq(tx);
1224 	ret = wait_kmem(dev, qp);
1225 unaligned:
1226 	ibp->n_unaligned++;
1227 bail:
1228 	return ret;
1229 bail_tx:
1230 	ret = PTR_ERR(tx);
1231 	goto bail;
1232 }
1233 
1234 /*
1235  * If we are now in the error state, return zero to flush the
1236  * send work request.
1237  */
1238 static int no_bufs_available(struct qib_qp *qp)
1239 {
1240 	struct qib_ibdev *dev = to_idev(qp->ibqp.device);
1241 	struct qib_devdata *dd;
1242 	unsigned long flags;
1243 	int ret = 0;
1244 
1245 	/*
1246 	 * Note that as soon as want_buffer() is called and
1247 	 * possibly before it returns, qib_ib_piobufavail()
1248 	 * could be called. Therefore, put QP on the I/O wait list before
1249 	 * enabling the PIO avail interrupt.
1250 	 */
1251 	spin_lock_irqsave(&qp->s_lock, flags);
1252 	if (ib_qib_state_ops[qp->state] & QIB_PROCESS_RECV_OK) {
1253 		spin_lock(&dev->pending_lock);
1254 		if (list_empty(&qp->iowait)) {
1255 			dev->n_piowait++;
1256 			qp->s_flags |= QIB_S_WAIT_PIO;
1257 			list_add_tail(&qp->iowait, &dev->piowait);
1258 			dd = dd_from_dev(dev);
1259 			dd->f_wantpiobuf_intr(dd, 1);
1260 		}
1261 		spin_unlock(&dev->pending_lock);
1262 		qp->s_flags &= ~QIB_S_BUSY;
1263 		ret = -EBUSY;
1264 	}
1265 	spin_unlock_irqrestore(&qp->s_lock, flags);
1266 	return ret;
1267 }
1268 
1269 static int qib_verbs_send_pio(struct qib_qp *qp, struct qib_ib_header *ibhdr,
1270 			      u32 hdrwords, struct qib_sge_state *ss, u32 len,
1271 			      u32 plen, u32 dwords)
1272 {
1273 	struct qib_devdata *dd = dd_from_ibdev(qp->ibqp.device);
1274 	struct qib_pportdata *ppd = dd->pport + qp->port_num - 1;
1275 	u32 *hdr = (u32 *) ibhdr;
1276 	u32 __iomem *piobuf_orig;
1277 	u32 __iomem *piobuf;
1278 	u64 pbc;
1279 	unsigned long flags;
1280 	unsigned flush_wc;
1281 	u32 control;
1282 	u32 pbufn;
1283 
1284 	control = dd->f_setpbc_control(ppd, plen, qp->s_srate,
1285 		be16_to_cpu(ibhdr->lrh[0]) >> 12);
1286 	pbc = ((u64) control << 32) | plen;
1287 	piobuf = dd->f_getsendbuf(ppd, pbc, &pbufn);
1288 	if (unlikely(piobuf == NULL))
1289 		return no_bufs_available(qp);
1290 
1291 	/*
1292 	 * Write the pbc.
1293 	 * We have to flush after the PBC for correctness on some cpus
1294 	 * or WC buffer can be written out of order.
1295 	 */
1296 	writeq(pbc, piobuf);
1297 	piobuf_orig = piobuf;
1298 	piobuf += 2;
1299 
1300 	flush_wc = dd->flags & QIB_PIO_FLUSH_WC;
1301 	if (len == 0) {
1302 		/*
1303 		 * If there is just the header portion, must flush before
1304 		 * writing last word of header for correctness, and after
1305 		 * the last header word (trigger word).
1306 		 */
1307 		if (flush_wc) {
1308 			qib_flush_wc();
1309 			qib_pio_copy(piobuf, hdr, hdrwords - 1);
1310 			qib_flush_wc();
1311 			__raw_writel(hdr[hdrwords - 1], piobuf + hdrwords - 1);
1312 			qib_flush_wc();
1313 		} else
1314 			qib_pio_copy(piobuf, hdr, hdrwords);
1315 		goto done;
1316 	}
1317 
1318 	if (flush_wc)
1319 		qib_flush_wc();
1320 	qib_pio_copy(piobuf, hdr, hdrwords);
1321 	piobuf += hdrwords;
1322 
1323 	/* The common case is aligned and contained in one segment. */
1324 	if (likely(ss->num_sge == 1 && len <= ss->sge.length &&
1325 		   !((unsigned long)ss->sge.vaddr & (sizeof(u32) - 1)))) {
1326 		u32 *addr = (u32 *) ss->sge.vaddr;
1327 
1328 		/* Update address before sending packet. */
1329 		update_sge(ss, len);
1330 		if (flush_wc) {
1331 			qib_pio_copy(piobuf, addr, dwords - 1);
1332 			/* must flush early everything before trigger word */
1333 			qib_flush_wc();
1334 			__raw_writel(addr[dwords - 1], piobuf + dwords - 1);
1335 			/* be sure trigger word is written */
1336 			qib_flush_wc();
1337 		} else
1338 			qib_pio_copy(piobuf, addr, dwords);
1339 		goto done;
1340 	}
1341 	copy_io(piobuf, ss, len, flush_wc);
1342 done:
1343 	if (dd->flags & QIB_USE_SPCL_TRIG) {
1344 		u32 spcl_off = (pbufn >= dd->piobcnt2k) ? 2047 : 1023;
1345 
1346 		qib_flush_wc();
1347 		__raw_writel(0xaebecede, piobuf_orig + spcl_off);
1348 	}
1349 	qib_sendbuf_done(dd, pbufn);
1350 	if (qp->s_rdma_mr) {
1351 		qib_put_mr(qp->s_rdma_mr);
1352 		qp->s_rdma_mr = NULL;
1353 	}
1354 	if (qp->s_wqe) {
1355 		spin_lock_irqsave(&qp->s_lock, flags);
1356 		qib_send_complete(qp, qp->s_wqe, IB_WC_SUCCESS);
1357 		spin_unlock_irqrestore(&qp->s_lock, flags);
1358 	} else if (qp->ibqp.qp_type == IB_QPT_RC) {
1359 		spin_lock_irqsave(&qp->s_lock, flags);
1360 		qib_rc_send_complete(qp, ibhdr);
1361 		spin_unlock_irqrestore(&qp->s_lock, flags);
1362 	}
1363 	return 0;
1364 }
1365 
1366 /**
1367  * qib_verbs_send - send a packet
1368  * @qp: the QP to send on
1369  * @hdr: the packet header
1370  * @hdrwords: the number of 32-bit words in the header
1371  * @ss: the SGE to send
1372  * @len: the length of the packet in bytes
1373  *
1374  * Return zero if packet is sent or queued OK.
1375  * Return non-zero and clear qp->s_flags QIB_S_BUSY otherwise.
1376  */
1377 int qib_verbs_send(struct qib_qp *qp, struct qib_ib_header *hdr,
1378 		   u32 hdrwords, struct qib_sge_state *ss, u32 len)
1379 {
1380 	struct qib_devdata *dd = dd_from_ibdev(qp->ibqp.device);
1381 	u32 plen;
1382 	int ret;
1383 	u32 dwords = (len + 3) >> 2;
1384 
1385 	/*
1386 	 * Calculate the send buffer trigger address.
1387 	 * The +1 counts for the pbc control dword following the pbc length.
1388 	 */
1389 	plen = hdrwords + dwords + 1;
1390 
1391 	/*
1392 	 * VL15 packets (IB_QPT_SMI) will always use PIO, so we
1393 	 * can defer SDMA restart until link goes ACTIVE without
1394 	 * worrying about just how we got there.
1395 	 */
1396 	if (qp->ibqp.qp_type == IB_QPT_SMI ||
1397 	    !(dd->flags & QIB_HAS_SEND_DMA))
1398 		ret = qib_verbs_send_pio(qp, hdr, hdrwords, ss, len,
1399 					 plen, dwords);
1400 	else
1401 		ret = qib_verbs_send_dma(qp, hdr, hdrwords, ss, len,
1402 					 plen, dwords);
1403 
1404 	return ret;
1405 }
1406 
1407 int qib_snapshot_counters(struct qib_pportdata *ppd, u64 *swords,
1408 			  u64 *rwords, u64 *spkts, u64 *rpkts,
1409 			  u64 *xmit_wait)
1410 {
1411 	int ret;
1412 	struct qib_devdata *dd = ppd->dd;
1413 
1414 	if (!(dd->flags & QIB_PRESENT)) {
1415 		/* no hardware, freeze, etc. */
1416 		ret = -EINVAL;
1417 		goto bail;
1418 	}
1419 	*swords = dd->f_portcntr(ppd, QIBPORTCNTR_WORDSEND);
1420 	*rwords = dd->f_portcntr(ppd, QIBPORTCNTR_WORDRCV);
1421 	*spkts = dd->f_portcntr(ppd, QIBPORTCNTR_PKTSEND);
1422 	*rpkts = dd->f_portcntr(ppd, QIBPORTCNTR_PKTRCV);
1423 	*xmit_wait = dd->f_portcntr(ppd, QIBPORTCNTR_SENDSTALL);
1424 
1425 	ret = 0;
1426 
1427 bail:
1428 	return ret;
1429 }
1430 
1431 /**
1432  * qib_get_counters - get various chip counters
1433  * @dd: the qlogic_ib device
1434  * @cntrs: counters are placed here
1435  *
1436  * Return the counters needed by recv_pma_get_portcounters().
1437  */
1438 int qib_get_counters(struct qib_pportdata *ppd,
1439 		     struct qib_verbs_counters *cntrs)
1440 {
1441 	int ret;
1442 
1443 	if (!(ppd->dd->flags & QIB_PRESENT)) {
1444 		/* no hardware, freeze, etc. */
1445 		ret = -EINVAL;
1446 		goto bail;
1447 	}
1448 	cntrs->symbol_error_counter =
1449 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_IBSYMBOLERR);
1450 	cntrs->link_error_recovery_counter =
1451 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_IBLINKERRRECOV);
1452 	/*
1453 	 * The link downed counter counts when the other side downs the
1454 	 * connection.  We add in the number of times we downed the link
1455 	 * due to local link integrity errors to compensate.
1456 	 */
1457 	cntrs->link_downed_counter =
1458 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_IBLINKDOWN);
1459 	cntrs->port_rcv_errors =
1460 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_RXDROPPKT) +
1461 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_RCVOVFL) +
1462 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_ERR_RLEN) +
1463 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_INVALIDRLEN) +
1464 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_ERRLINK) +
1465 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_ERRICRC) +
1466 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_ERRVCRC) +
1467 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_ERRLPCRC) +
1468 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_BADFORMAT);
1469 	cntrs->port_rcv_errors +=
1470 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_RXLOCALPHYERR);
1471 	cntrs->port_rcv_errors +=
1472 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_RXVLERR);
1473 	cntrs->port_rcv_remphys_errors =
1474 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_RCVEBP);
1475 	cntrs->port_xmit_discards =
1476 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_UNSUPVL);
1477 	cntrs->port_xmit_data = ppd->dd->f_portcntr(ppd,
1478 			QIBPORTCNTR_WORDSEND);
1479 	cntrs->port_rcv_data = ppd->dd->f_portcntr(ppd,
1480 			QIBPORTCNTR_WORDRCV);
1481 	cntrs->port_xmit_packets = ppd->dd->f_portcntr(ppd,
1482 			QIBPORTCNTR_PKTSEND);
1483 	cntrs->port_rcv_packets = ppd->dd->f_portcntr(ppd,
1484 			QIBPORTCNTR_PKTRCV);
1485 	cntrs->local_link_integrity_errors =
1486 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_LLI);
1487 	cntrs->excessive_buffer_overrun_errors =
1488 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_EXCESSBUFOVFL);
1489 	cntrs->vl15_dropped =
1490 		ppd->dd->f_portcntr(ppd, QIBPORTCNTR_VL15PKTDROP);
1491 
1492 	ret = 0;
1493 
1494 bail:
1495 	return ret;
1496 }
1497 
1498 /**
1499  * qib_ib_piobufavail - callback when a PIO buffer is available
1500  * @dd: the device pointer
1501  *
1502  * This is called from qib_intr() at interrupt level when a PIO buffer is
1503  * available after qib_verbs_send() returned an error that no buffers were
1504  * available. Disable the interrupt if there are no more QPs waiting.
1505  */
1506 void qib_ib_piobufavail(struct qib_devdata *dd)
1507 {
1508 	struct qib_ibdev *dev = &dd->verbs_dev;
1509 	struct list_head *list;
1510 	struct qib_qp *qps[5];
1511 	struct qib_qp *qp;
1512 	unsigned long flags;
1513 	unsigned i, n;
1514 
1515 	list = &dev->piowait;
1516 	n = 0;
1517 
1518 	/*
1519 	 * Note: checking that the piowait list is empty and clearing
1520 	 * the buffer available interrupt needs to be atomic or we
1521 	 * could end up with QPs on the wait list with the interrupt
1522 	 * disabled.
1523 	 */
1524 	spin_lock_irqsave(&dev->pending_lock, flags);
1525 	while (!list_empty(list)) {
1526 		if (n == ARRAY_SIZE(qps))
1527 			goto full;
1528 		qp = list_entry(list->next, struct qib_qp, iowait);
1529 		list_del_init(&qp->iowait);
1530 		atomic_inc(&qp->refcount);
1531 		qps[n++] = qp;
1532 	}
1533 	dd->f_wantpiobuf_intr(dd, 0);
1534 full:
1535 	spin_unlock_irqrestore(&dev->pending_lock, flags);
1536 
1537 	for (i = 0; i < n; i++) {
1538 		qp = qps[i];
1539 
1540 		spin_lock_irqsave(&qp->s_lock, flags);
1541 		if (qp->s_flags & QIB_S_WAIT_PIO) {
1542 			qp->s_flags &= ~QIB_S_WAIT_PIO;
1543 			qib_schedule_send(qp);
1544 		}
1545 		spin_unlock_irqrestore(&qp->s_lock, flags);
1546 
1547 		/* Notify qib_destroy_qp() if it is waiting. */
1548 		if (atomic_dec_and_test(&qp->refcount))
1549 			wake_up(&qp->wait);
1550 	}
1551 }
1552 
1553 static int qib_query_device(struct ib_device *ibdev, struct ib_device_attr *props,
1554 			    struct ib_udata *uhw)
1555 {
1556 	struct qib_devdata *dd = dd_from_ibdev(ibdev);
1557 	struct qib_ibdev *dev = to_idev(ibdev);
1558 
1559 	if (uhw->inlen || uhw->outlen)
1560 		return -EINVAL;
1561 	memset(props, 0, sizeof(*props));
1562 
1563 	props->device_cap_flags = IB_DEVICE_BAD_PKEY_CNTR |
1564 		IB_DEVICE_BAD_QKEY_CNTR | IB_DEVICE_SHUTDOWN_PORT |
1565 		IB_DEVICE_SYS_IMAGE_GUID | IB_DEVICE_RC_RNR_NAK_GEN |
1566 		IB_DEVICE_PORT_ACTIVE_EVENT | IB_DEVICE_SRQ_RESIZE;
1567 	props->page_size_cap = PAGE_SIZE;
1568 	props->vendor_id =
1569 		QIB_SRC_OUI_1 << 16 | QIB_SRC_OUI_2 << 8 | QIB_SRC_OUI_3;
1570 	props->vendor_part_id = dd->deviceid;
1571 	props->hw_ver = dd->minrev;
1572 	props->sys_image_guid = ib_qib_sys_image_guid;
1573 	props->max_mr_size = ~0ULL;
1574 	props->max_qp = ib_qib_max_qps;
1575 	props->max_qp_wr = ib_qib_max_qp_wrs;
1576 	props->max_sge = ib_qib_max_sges;
1577 	props->max_cq = ib_qib_max_cqs;
1578 	props->max_ah = ib_qib_max_ahs;
1579 	props->max_cqe = ib_qib_max_cqes;
1580 	props->max_mr = dev->lk_table.max;
1581 	props->max_fmr = dev->lk_table.max;
1582 	props->max_map_per_fmr = 32767;
1583 	props->max_pd = ib_qib_max_pds;
1584 	props->max_qp_rd_atom = QIB_MAX_RDMA_ATOMIC;
1585 	props->max_qp_init_rd_atom = 255;
1586 	/* props->max_res_rd_atom */
1587 	props->max_srq = ib_qib_max_srqs;
1588 	props->max_srq_wr = ib_qib_max_srq_wrs;
1589 	props->max_srq_sge = ib_qib_max_srq_sges;
1590 	/* props->local_ca_ack_delay */
1591 	props->atomic_cap = IB_ATOMIC_GLOB;
1592 	props->max_pkeys = qib_get_npkeys(dd);
1593 	props->max_mcast_grp = ib_qib_max_mcast_grps;
1594 	props->max_mcast_qp_attach = ib_qib_max_mcast_qp_attached;
1595 	props->max_total_mcast_qp_attach = props->max_mcast_qp_attach *
1596 		props->max_mcast_grp;
1597 
1598 	return 0;
1599 }
1600 
1601 static int qib_query_port(struct ib_device *ibdev, u8 port,
1602 			  struct ib_port_attr *props)
1603 {
1604 	struct qib_devdata *dd = dd_from_ibdev(ibdev);
1605 	struct qib_ibport *ibp = to_iport(ibdev, port);
1606 	struct qib_pportdata *ppd = ppd_from_ibp(ibp);
1607 	enum ib_mtu mtu;
1608 	u16 lid = ppd->lid;
1609 
1610 	memset(props, 0, sizeof(*props));
1611 	props->lid = lid ? lid : be16_to_cpu(IB_LID_PERMISSIVE);
1612 	props->lmc = ppd->lmc;
1613 	props->sm_lid = ibp->sm_lid;
1614 	props->sm_sl = ibp->sm_sl;
1615 	props->state = dd->f_iblink_state(ppd->lastibcstat);
1616 	props->phys_state = dd->f_ibphys_portstate(ppd->lastibcstat);
1617 	props->port_cap_flags = ibp->port_cap_flags;
1618 	props->gid_tbl_len = QIB_GUIDS_PER_PORT;
1619 	props->max_msg_sz = 0x80000000;
1620 	props->pkey_tbl_len = qib_get_npkeys(dd);
1621 	props->bad_pkey_cntr = ibp->pkey_violations;
1622 	props->qkey_viol_cntr = ibp->qkey_violations;
1623 	props->active_width = ppd->link_width_active;
1624 	/* See rate_show() */
1625 	props->active_speed = ppd->link_speed_active;
1626 	props->max_vl_num = qib_num_vls(ppd->vls_supported);
1627 	props->init_type_reply = 0;
1628 
1629 	props->max_mtu = qib_ibmtu ? qib_ibmtu : IB_MTU_4096;
1630 	switch (ppd->ibmtu) {
1631 	case 4096:
1632 		mtu = IB_MTU_4096;
1633 		break;
1634 	case 2048:
1635 		mtu = IB_MTU_2048;
1636 		break;
1637 	case 1024:
1638 		mtu = IB_MTU_1024;
1639 		break;
1640 	case 512:
1641 		mtu = IB_MTU_512;
1642 		break;
1643 	case 256:
1644 		mtu = IB_MTU_256;
1645 		break;
1646 	default:
1647 		mtu = IB_MTU_2048;
1648 	}
1649 	props->active_mtu = mtu;
1650 	props->subnet_timeout = ibp->subnet_timeout;
1651 
1652 	return 0;
1653 }
1654 
1655 static int qib_modify_device(struct ib_device *device,
1656 			     int device_modify_mask,
1657 			     struct ib_device_modify *device_modify)
1658 {
1659 	struct qib_devdata *dd = dd_from_ibdev(device);
1660 	unsigned i;
1661 	int ret;
1662 
1663 	if (device_modify_mask & ~(IB_DEVICE_MODIFY_SYS_IMAGE_GUID |
1664 				   IB_DEVICE_MODIFY_NODE_DESC)) {
1665 		ret = -EOPNOTSUPP;
1666 		goto bail;
1667 	}
1668 
1669 	if (device_modify_mask & IB_DEVICE_MODIFY_NODE_DESC) {
1670 		memcpy(device->node_desc, device_modify->node_desc, 64);
1671 		for (i = 0; i < dd->num_pports; i++) {
1672 			struct qib_ibport *ibp = &dd->pport[i].ibport_data;
1673 
1674 			qib_node_desc_chg(ibp);
1675 		}
1676 	}
1677 
1678 	if (device_modify_mask & IB_DEVICE_MODIFY_SYS_IMAGE_GUID) {
1679 		ib_qib_sys_image_guid =
1680 			cpu_to_be64(device_modify->sys_image_guid);
1681 		for (i = 0; i < dd->num_pports; i++) {
1682 			struct qib_ibport *ibp = &dd->pport[i].ibport_data;
1683 
1684 			qib_sys_guid_chg(ibp);
1685 		}
1686 	}
1687 
1688 	ret = 0;
1689 
1690 bail:
1691 	return ret;
1692 }
1693 
1694 static int qib_modify_port(struct ib_device *ibdev, u8 port,
1695 			   int port_modify_mask, struct ib_port_modify *props)
1696 {
1697 	struct qib_ibport *ibp = to_iport(ibdev, port);
1698 	struct qib_pportdata *ppd = ppd_from_ibp(ibp);
1699 
1700 	ibp->port_cap_flags |= props->set_port_cap_mask;
1701 	ibp->port_cap_flags &= ~props->clr_port_cap_mask;
1702 	if (props->set_port_cap_mask || props->clr_port_cap_mask)
1703 		qib_cap_mask_chg(ibp);
1704 	if (port_modify_mask & IB_PORT_SHUTDOWN)
1705 		qib_set_linkstate(ppd, QIB_IB_LINKDOWN);
1706 	if (port_modify_mask & IB_PORT_RESET_QKEY_CNTR)
1707 		ibp->qkey_violations = 0;
1708 	return 0;
1709 }
1710 
1711 static int qib_query_gid(struct ib_device *ibdev, u8 port,
1712 			 int index, union ib_gid *gid)
1713 {
1714 	struct qib_devdata *dd = dd_from_ibdev(ibdev);
1715 	int ret = 0;
1716 
1717 	if (!port || port > dd->num_pports)
1718 		ret = -EINVAL;
1719 	else {
1720 		struct qib_ibport *ibp = to_iport(ibdev, port);
1721 		struct qib_pportdata *ppd = ppd_from_ibp(ibp);
1722 
1723 		gid->global.subnet_prefix = ibp->gid_prefix;
1724 		if (index == 0)
1725 			gid->global.interface_id = ppd->guid;
1726 		else if (index < QIB_GUIDS_PER_PORT)
1727 			gid->global.interface_id = ibp->guids[index - 1];
1728 		else
1729 			ret = -EINVAL;
1730 	}
1731 
1732 	return ret;
1733 }
1734 
1735 static struct ib_pd *qib_alloc_pd(struct ib_device *ibdev,
1736 				  struct ib_ucontext *context,
1737 				  struct ib_udata *udata)
1738 {
1739 	struct qib_ibdev *dev = to_idev(ibdev);
1740 	struct qib_pd *pd;
1741 	struct ib_pd *ret;
1742 
1743 	/*
1744 	 * This is actually totally arbitrary.  Some correctness tests
1745 	 * assume there's a maximum number of PDs that can be allocated.
1746 	 * We don't actually have this limit, but we fail the test if
1747 	 * we allow allocations of more than we report for this value.
1748 	 */
1749 
1750 	pd = kmalloc(sizeof(*pd), GFP_KERNEL);
1751 	if (!pd) {
1752 		ret = ERR_PTR(-ENOMEM);
1753 		goto bail;
1754 	}
1755 
1756 	spin_lock(&dev->n_pds_lock);
1757 	if (dev->n_pds_allocated == ib_qib_max_pds) {
1758 		spin_unlock(&dev->n_pds_lock);
1759 		kfree(pd);
1760 		ret = ERR_PTR(-ENOMEM);
1761 		goto bail;
1762 	}
1763 
1764 	dev->n_pds_allocated++;
1765 	spin_unlock(&dev->n_pds_lock);
1766 
1767 	/* ib_alloc_pd() will initialize pd->ibpd. */
1768 	pd->user = udata != NULL;
1769 
1770 	ret = &pd->ibpd;
1771 
1772 bail:
1773 	return ret;
1774 }
1775 
1776 static int qib_dealloc_pd(struct ib_pd *ibpd)
1777 {
1778 	struct qib_pd *pd = to_ipd(ibpd);
1779 	struct qib_ibdev *dev = to_idev(ibpd->device);
1780 
1781 	spin_lock(&dev->n_pds_lock);
1782 	dev->n_pds_allocated--;
1783 	spin_unlock(&dev->n_pds_lock);
1784 
1785 	kfree(pd);
1786 
1787 	return 0;
1788 }
1789 
1790 int qib_check_ah(struct ib_device *ibdev, struct ib_ah_attr *ah_attr)
1791 {
1792 	/* A multicast address requires a GRH (see ch. 8.4.1). */
1793 	if (ah_attr->dlid >= QIB_MULTICAST_LID_BASE &&
1794 	    ah_attr->dlid != QIB_PERMISSIVE_LID &&
1795 	    !(ah_attr->ah_flags & IB_AH_GRH))
1796 		goto bail;
1797 	if ((ah_attr->ah_flags & IB_AH_GRH) &&
1798 	    ah_attr->grh.sgid_index >= QIB_GUIDS_PER_PORT)
1799 		goto bail;
1800 	if (ah_attr->dlid == 0)
1801 		goto bail;
1802 	if (ah_attr->port_num < 1 ||
1803 	    ah_attr->port_num > ibdev->phys_port_cnt)
1804 		goto bail;
1805 	if (ah_attr->static_rate != IB_RATE_PORT_CURRENT &&
1806 	    ib_rate_to_mult(ah_attr->static_rate) < 0)
1807 		goto bail;
1808 	if (ah_attr->sl > 15)
1809 		goto bail;
1810 	return 0;
1811 bail:
1812 	return -EINVAL;
1813 }
1814 
1815 /**
1816  * qib_create_ah - create an address handle
1817  * @pd: the protection domain
1818  * @ah_attr: the attributes of the AH
1819  *
1820  * This may be called from interrupt context.
1821  */
1822 static struct ib_ah *qib_create_ah(struct ib_pd *pd,
1823 				   struct ib_ah_attr *ah_attr)
1824 {
1825 	struct qib_ah *ah;
1826 	struct ib_ah *ret;
1827 	struct qib_ibdev *dev = to_idev(pd->device);
1828 	unsigned long flags;
1829 
1830 	if (qib_check_ah(pd->device, ah_attr)) {
1831 		ret = ERR_PTR(-EINVAL);
1832 		goto bail;
1833 	}
1834 
1835 	ah = kmalloc(sizeof(*ah), GFP_ATOMIC);
1836 	if (!ah) {
1837 		ret = ERR_PTR(-ENOMEM);
1838 		goto bail;
1839 	}
1840 
1841 	spin_lock_irqsave(&dev->n_ahs_lock, flags);
1842 	if (dev->n_ahs_allocated == ib_qib_max_ahs) {
1843 		spin_unlock_irqrestore(&dev->n_ahs_lock, flags);
1844 		kfree(ah);
1845 		ret = ERR_PTR(-ENOMEM);
1846 		goto bail;
1847 	}
1848 
1849 	dev->n_ahs_allocated++;
1850 	spin_unlock_irqrestore(&dev->n_ahs_lock, flags);
1851 
1852 	/* ib_create_ah() will initialize ah->ibah. */
1853 	ah->attr = *ah_attr;
1854 	atomic_set(&ah->refcount, 0);
1855 
1856 	ret = &ah->ibah;
1857 
1858 bail:
1859 	return ret;
1860 }
1861 
1862 struct ib_ah *qib_create_qp0_ah(struct qib_ibport *ibp, u16 dlid)
1863 {
1864 	struct ib_ah_attr attr;
1865 	struct ib_ah *ah = ERR_PTR(-EINVAL);
1866 	struct qib_qp *qp0;
1867 
1868 	memset(&attr, 0, sizeof(attr));
1869 	attr.dlid = dlid;
1870 	attr.port_num = ppd_from_ibp(ibp)->port;
1871 	rcu_read_lock();
1872 	qp0 = rcu_dereference(ibp->qp0);
1873 	if (qp0)
1874 		ah = ib_create_ah(qp0->ibqp.pd, &attr);
1875 	rcu_read_unlock();
1876 	return ah;
1877 }
1878 
1879 /**
1880  * qib_destroy_ah - destroy an address handle
1881  * @ibah: the AH to destroy
1882  *
1883  * This may be called from interrupt context.
1884  */
1885 static int qib_destroy_ah(struct ib_ah *ibah)
1886 {
1887 	struct qib_ibdev *dev = to_idev(ibah->device);
1888 	struct qib_ah *ah = to_iah(ibah);
1889 	unsigned long flags;
1890 
1891 	if (atomic_read(&ah->refcount) != 0)
1892 		return -EBUSY;
1893 
1894 	spin_lock_irqsave(&dev->n_ahs_lock, flags);
1895 	dev->n_ahs_allocated--;
1896 	spin_unlock_irqrestore(&dev->n_ahs_lock, flags);
1897 
1898 	kfree(ah);
1899 
1900 	return 0;
1901 }
1902 
1903 static int qib_modify_ah(struct ib_ah *ibah, struct ib_ah_attr *ah_attr)
1904 {
1905 	struct qib_ah *ah = to_iah(ibah);
1906 
1907 	if (qib_check_ah(ibah->device, ah_attr))
1908 		return -EINVAL;
1909 
1910 	ah->attr = *ah_attr;
1911 
1912 	return 0;
1913 }
1914 
1915 static int qib_query_ah(struct ib_ah *ibah, struct ib_ah_attr *ah_attr)
1916 {
1917 	struct qib_ah *ah = to_iah(ibah);
1918 
1919 	*ah_attr = ah->attr;
1920 
1921 	return 0;
1922 }
1923 
1924 /**
1925  * qib_get_npkeys - return the size of the PKEY table for context 0
1926  * @dd: the qlogic_ib device
1927  */
1928 unsigned qib_get_npkeys(struct qib_devdata *dd)
1929 {
1930 	return ARRAY_SIZE(dd->rcd[0]->pkeys);
1931 }
1932 
1933 /*
1934  * Return the indexed PKEY from the port PKEY table.
1935  * No need to validate rcd[ctxt]; the port is setup if we are here.
1936  */
1937 unsigned qib_get_pkey(struct qib_ibport *ibp, unsigned index)
1938 {
1939 	struct qib_pportdata *ppd = ppd_from_ibp(ibp);
1940 	struct qib_devdata *dd = ppd->dd;
1941 	unsigned ctxt = ppd->hw_pidx;
1942 	unsigned ret;
1943 
1944 	/* dd->rcd null if mini_init or some init failures */
1945 	if (!dd->rcd || index >= ARRAY_SIZE(dd->rcd[ctxt]->pkeys))
1946 		ret = 0;
1947 	else
1948 		ret = dd->rcd[ctxt]->pkeys[index];
1949 
1950 	return ret;
1951 }
1952 
1953 static int qib_query_pkey(struct ib_device *ibdev, u8 port, u16 index,
1954 			  u16 *pkey)
1955 {
1956 	struct qib_devdata *dd = dd_from_ibdev(ibdev);
1957 	int ret;
1958 
1959 	if (index >= qib_get_npkeys(dd)) {
1960 		ret = -EINVAL;
1961 		goto bail;
1962 	}
1963 
1964 	*pkey = qib_get_pkey(to_iport(ibdev, port), index);
1965 	ret = 0;
1966 
1967 bail:
1968 	return ret;
1969 }
1970 
1971 /**
1972  * qib_alloc_ucontext - allocate a ucontest
1973  * @ibdev: the infiniband device
1974  * @udata: not used by the QLogic_IB driver
1975  */
1976 
1977 static struct ib_ucontext *qib_alloc_ucontext(struct ib_device *ibdev,
1978 					      struct ib_udata *udata)
1979 {
1980 	struct qib_ucontext *context;
1981 	struct ib_ucontext *ret;
1982 
1983 	context = kmalloc(sizeof(*context), GFP_KERNEL);
1984 	if (!context) {
1985 		ret = ERR_PTR(-ENOMEM);
1986 		goto bail;
1987 	}
1988 
1989 	ret = &context->ibucontext;
1990 
1991 bail:
1992 	return ret;
1993 }
1994 
1995 static int qib_dealloc_ucontext(struct ib_ucontext *context)
1996 {
1997 	kfree(to_iucontext(context));
1998 	return 0;
1999 }
2000 
2001 static void init_ibport(struct qib_pportdata *ppd)
2002 {
2003 	struct qib_verbs_counters cntrs;
2004 	struct qib_ibport *ibp = &ppd->ibport_data;
2005 
2006 	spin_lock_init(&ibp->lock);
2007 	/* Set the prefix to the default value (see ch. 4.1.1) */
2008 	ibp->gid_prefix = IB_DEFAULT_GID_PREFIX;
2009 	ibp->sm_lid = be16_to_cpu(IB_LID_PERMISSIVE);
2010 	ibp->port_cap_flags = IB_PORT_SYS_IMAGE_GUID_SUP |
2011 		IB_PORT_CLIENT_REG_SUP | IB_PORT_SL_MAP_SUP |
2012 		IB_PORT_TRAP_SUP | IB_PORT_AUTO_MIGR_SUP |
2013 		IB_PORT_DR_NOTICE_SUP | IB_PORT_CAP_MASK_NOTICE_SUP |
2014 		IB_PORT_OTHER_LOCAL_CHANGES_SUP;
2015 	if (ppd->dd->flags & QIB_HAS_LINK_LATENCY)
2016 		ibp->port_cap_flags |= IB_PORT_LINK_LATENCY_SUP;
2017 	ibp->pma_counter_select[0] = IB_PMA_PORT_XMIT_DATA;
2018 	ibp->pma_counter_select[1] = IB_PMA_PORT_RCV_DATA;
2019 	ibp->pma_counter_select[2] = IB_PMA_PORT_XMIT_PKTS;
2020 	ibp->pma_counter_select[3] = IB_PMA_PORT_RCV_PKTS;
2021 	ibp->pma_counter_select[4] = IB_PMA_PORT_XMIT_WAIT;
2022 
2023 	/* Snapshot current HW counters to "clear" them. */
2024 	qib_get_counters(ppd, &cntrs);
2025 	ibp->z_symbol_error_counter = cntrs.symbol_error_counter;
2026 	ibp->z_link_error_recovery_counter =
2027 		cntrs.link_error_recovery_counter;
2028 	ibp->z_link_downed_counter = cntrs.link_downed_counter;
2029 	ibp->z_port_rcv_errors = cntrs.port_rcv_errors;
2030 	ibp->z_port_rcv_remphys_errors = cntrs.port_rcv_remphys_errors;
2031 	ibp->z_port_xmit_discards = cntrs.port_xmit_discards;
2032 	ibp->z_port_xmit_data = cntrs.port_xmit_data;
2033 	ibp->z_port_rcv_data = cntrs.port_rcv_data;
2034 	ibp->z_port_xmit_packets = cntrs.port_xmit_packets;
2035 	ibp->z_port_rcv_packets = cntrs.port_rcv_packets;
2036 	ibp->z_local_link_integrity_errors =
2037 		cntrs.local_link_integrity_errors;
2038 	ibp->z_excessive_buffer_overrun_errors =
2039 		cntrs.excessive_buffer_overrun_errors;
2040 	ibp->z_vl15_dropped = cntrs.vl15_dropped;
2041 	RCU_INIT_POINTER(ibp->qp0, NULL);
2042 	RCU_INIT_POINTER(ibp->qp1, NULL);
2043 }
2044 
2045 static int qib_port_immutable(struct ib_device *ibdev, u8 port_num,
2046 			      struct ib_port_immutable *immutable)
2047 {
2048 	struct ib_port_attr attr;
2049 	int err;
2050 
2051 	err = qib_query_port(ibdev, port_num, &attr);
2052 	if (err)
2053 		return err;
2054 
2055 	immutable->pkey_tbl_len = attr.pkey_tbl_len;
2056 	immutable->gid_tbl_len = attr.gid_tbl_len;
2057 	immutable->core_cap_flags = RDMA_CORE_PORT_IBA_IB;
2058 	immutable->max_mad_size = IB_MGMT_MAD_SIZE;
2059 
2060 	return 0;
2061 }
2062 
2063 /**
2064  * qib_register_ib_device - register our device with the infiniband core
2065  * @dd: the device data structure
2066  * Return the allocated qib_ibdev pointer or NULL on error.
2067  */
2068 int qib_register_ib_device(struct qib_devdata *dd)
2069 {
2070 	struct qib_ibdev *dev = &dd->verbs_dev;
2071 	struct ib_device *ibdev = &dev->ibdev;
2072 	struct qib_pportdata *ppd = dd->pport;
2073 	unsigned i, lk_tab_size;
2074 	int ret;
2075 
2076 	dev->qp_table_size = ib_qib_qp_table_size;
2077 	get_random_bytes(&dev->qp_rnd, sizeof(dev->qp_rnd));
2078 	dev->qp_table = kmalloc_array(
2079 				dev->qp_table_size,
2080 				sizeof(*dev->qp_table),
2081 				GFP_KERNEL);
2082 	if (!dev->qp_table) {
2083 		ret = -ENOMEM;
2084 		goto err_qpt;
2085 	}
2086 	for (i = 0; i < dev->qp_table_size; i++)
2087 		RCU_INIT_POINTER(dev->qp_table[i], NULL);
2088 
2089 	for (i = 0; i < dd->num_pports; i++)
2090 		init_ibport(ppd + i);
2091 
2092 	/* Only need to initialize non-zero fields. */
2093 	spin_lock_init(&dev->qpt_lock);
2094 	spin_lock_init(&dev->n_pds_lock);
2095 	spin_lock_init(&dev->n_ahs_lock);
2096 	spin_lock_init(&dev->n_cqs_lock);
2097 	spin_lock_init(&dev->n_qps_lock);
2098 	spin_lock_init(&dev->n_srqs_lock);
2099 	spin_lock_init(&dev->n_mcast_grps_lock);
2100 	init_timer(&dev->mem_timer);
2101 	dev->mem_timer.function = mem_timer;
2102 	dev->mem_timer.data = (unsigned long) dev;
2103 
2104 	qib_init_qpn_table(dd, &dev->qpn_table);
2105 
2106 	/*
2107 	 * The top ib_qib_lkey_table_size bits are used to index the
2108 	 * table.  The lower 8 bits can be owned by the user (copied from
2109 	 * the LKEY).  The remaining bits act as a generation number or tag.
2110 	 */
2111 	spin_lock_init(&dev->lk_table.lock);
2112 	dev->lk_table.max = 1 << ib_qib_lkey_table_size;
2113 	lk_tab_size = dev->lk_table.max * sizeof(*dev->lk_table.table);
2114 	dev->lk_table.table = (struct qib_mregion __rcu **)
2115 		__get_free_pages(GFP_KERNEL, get_order(lk_tab_size));
2116 	if (dev->lk_table.table == NULL) {
2117 		ret = -ENOMEM;
2118 		goto err_lk;
2119 	}
2120 	RCU_INIT_POINTER(dev->dma_mr, NULL);
2121 	for (i = 0; i < dev->lk_table.max; i++)
2122 		RCU_INIT_POINTER(dev->lk_table.table[i], NULL);
2123 	INIT_LIST_HEAD(&dev->pending_mmaps);
2124 	spin_lock_init(&dev->pending_lock);
2125 	dev->mmap_offset = PAGE_SIZE;
2126 	spin_lock_init(&dev->mmap_offset_lock);
2127 	INIT_LIST_HEAD(&dev->piowait);
2128 	INIT_LIST_HEAD(&dev->dmawait);
2129 	INIT_LIST_HEAD(&dev->txwait);
2130 	INIT_LIST_HEAD(&dev->memwait);
2131 	INIT_LIST_HEAD(&dev->txreq_free);
2132 
2133 	if (ppd->sdma_descq_cnt) {
2134 		dev->pio_hdrs = dma_alloc_coherent(&dd->pcidev->dev,
2135 						ppd->sdma_descq_cnt *
2136 						sizeof(struct qib_pio_header),
2137 						&dev->pio_hdrs_phys,
2138 						GFP_KERNEL);
2139 		if (!dev->pio_hdrs) {
2140 			ret = -ENOMEM;
2141 			goto err_hdrs;
2142 		}
2143 	}
2144 
2145 	for (i = 0; i < ppd->sdma_descq_cnt; i++) {
2146 		struct qib_verbs_txreq *tx;
2147 
2148 		tx = kzalloc(sizeof(*tx), GFP_KERNEL);
2149 		if (!tx) {
2150 			ret = -ENOMEM;
2151 			goto err_tx;
2152 		}
2153 		tx->hdr_inx = i;
2154 		list_add(&tx->txreq.list, &dev->txreq_free);
2155 	}
2156 
2157 	/*
2158 	 * The system image GUID is supposed to be the same for all
2159 	 * IB HCAs in a single system but since there can be other
2160 	 * device types in the system, we can't be sure this is unique.
2161 	 */
2162 	if (!ib_qib_sys_image_guid)
2163 		ib_qib_sys_image_guid = ppd->guid;
2164 
2165 	strlcpy(ibdev->name, "qib%d", IB_DEVICE_NAME_MAX);
2166 	ibdev->owner = THIS_MODULE;
2167 	ibdev->node_guid = ppd->guid;
2168 	ibdev->uverbs_abi_ver = QIB_UVERBS_ABI_VERSION;
2169 	ibdev->uverbs_cmd_mask =
2170 		(1ull << IB_USER_VERBS_CMD_GET_CONTEXT)         |
2171 		(1ull << IB_USER_VERBS_CMD_QUERY_DEVICE)        |
2172 		(1ull << IB_USER_VERBS_CMD_QUERY_PORT)          |
2173 		(1ull << IB_USER_VERBS_CMD_ALLOC_PD)            |
2174 		(1ull << IB_USER_VERBS_CMD_DEALLOC_PD)          |
2175 		(1ull << IB_USER_VERBS_CMD_CREATE_AH)           |
2176 		(1ull << IB_USER_VERBS_CMD_MODIFY_AH)           |
2177 		(1ull << IB_USER_VERBS_CMD_QUERY_AH)            |
2178 		(1ull << IB_USER_VERBS_CMD_DESTROY_AH)          |
2179 		(1ull << IB_USER_VERBS_CMD_REG_MR)              |
2180 		(1ull << IB_USER_VERBS_CMD_DEREG_MR)            |
2181 		(1ull << IB_USER_VERBS_CMD_CREATE_COMP_CHANNEL) |
2182 		(1ull << IB_USER_VERBS_CMD_CREATE_CQ)           |
2183 		(1ull << IB_USER_VERBS_CMD_RESIZE_CQ)           |
2184 		(1ull << IB_USER_VERBS_CMD_DESTROY_CQ)          |
2185 		(1ull << IB_USER_VERBS_CMD_POLL_CQ)             |
2186 		(1ull << IB_USER_VERBS_CMD_REQ_NOTIFY_CQ)       |
2187 		(1ull << IB_USER_VERBS_CMD_CREATE_QP)           |
2188 		(1ull << IB_USER_VERBS_CMD_QUERY_QP)            |
2189 		(1ull << IB_USER_VERBS_CMD_MODIFY_QP)           |
2190 		(1ull << IB_USER_VERBS_CMD_DESTROY_QP)          |
2191 		(1ull << IB_USER_VERBS_CMD_POST_SEND)           |
2192 		(1ull << IB_USER_VERBS_CMD_POST_RECV)           |
2193 		(1ull << IB_USER_VERBS_CMD_ATTACH_MCAST)        |
2194 		(1ull << IB_USER_VERBS_CMD_DETACH_MCAST)        |
2195 		(1ull << IB_USER_VERBS_CMD_CREATE_SRQ)          |
2196 		(1ull << IB_USER_VERBS_CMD_MODIFY_SRQ)          |
2197 		(1ull << IB_USER_VERBS_CMD_QUERY_SRQ)           |
2198 		(1ull << IB_USER_VERBS_CMD_DESTROY_SRQ)         |
2199 		(1ull << IB_USER_VERBS_CMD_POST_SRQ_RECV);
2200 	ibdev->node_type = RDMA_NODE_IB_CA;
2201 	ibdev->phys_port_cnt = dd->num_pports;
2202 	ibdev->num_comp_vectors = 1;
2203 	ibdev->dma_device = &dd->pcidev->dev;
2204 	ibdev->query_device = qib_query_device;
2205 	ibdev->modify_device = qib_modify_device;
2206 	ibdev->query_port = qib_query_port;
2207 	ibdev->modify_port = qib_modify_port;
2208 	ibdev->query_pkey = qib_query_pkey;
2209 	ibdev->query_gid = qib_query_gid;
2210 	ibdev->alloc_ucontext = qib_alloc_ucontext;
2211 	ibdev->dealloc_ucontext = qib_dealloc_ucontext;
2212 	ibdev->alloc_pd = qib_alloc_pd;
2213 	ibdev->dealloc_pd = qib_dealloc_pd;
2214 	ibdev->create_ah = qib_create_ah;
2215 	ibdev->destroy_ah = qib_destroy_ah;
2216 	ibdev->modify_ah = qib_modify_ah;
2217 	ibdev->query_ah = qib_query_ah;
2218 	ibdev->create_srq = qib_create_srq;
2219 	ibdev->modify_srq = qib_modify_srq;
2220 	ibdev->query_srq = qib_query_srq;
2221 	ibdev->destroy_srq = qib_destroy_srq;
2222 	ibdev->create_qp = qib_create_qp;
2223 	ibdev->modify_qp = qib_modify_qp;
2224 	ibdev->query_qp = qib_query_qp;
2225 	ibdev->destroy_qp = qib_destroy_qp;
2226 	ibdev->post_send = qib_post_send;
2227 	ibdev->post_recv = qib_post_receive;
2228 	ibdev->post_srq_recv = qib_post_srq_receive;
2229 	ibdev->create_cq = qib_create_cq;
2230 	ibdev->destroy_cq = qib_destroy_cq;
2231 	ibdev->resize_cq = qib_resize_cq;
2232 	ibdev->poll_cq = qib_poll_cq;
2233 	ibdev->req_notify_cq = qib_req_notify_cq;
2234 	ibdev->get_dma_mr = qib_get_dma_mr;
2235 	ibdev->reg_phys_mr = qib_reg_phys_mr;
2236 	ibdev->reg_user_mr = qib_reg_user_mr;
2237 	ibdev->dereg_mr = qib_dereg_mr;
2238 	ibdev->alloc_fast_reg_mr = qib_alloc_fast_reg_mr;
2239 	ibdev->alloc_fast_reg_page_list = qib_alloc_fast_reg_page_list;
2240 	ibdev->free_fast_reg_page_list = qib_free_fast_reg_page_list;
2241 	ibdev->alloc_fmr = qib_alloc_fmr;
2242 	ibdev->map_phys_fmr = qib_map_phys_fmr;
2243 	ibdev->unmap_fmr = qib_unmap_fmr;
2244 	ibdev->dealloc_fmr = qib_dealloc_fmr;
2245 	ibdev->attach_mcast = qib_multicast_attach;
2246 	ibdev->detach_mcast = qib_multicast_detach;
2247 	ibdev->process_mad = qib_process_mad;
2248 	ibdev->mmap = qib_mmap;
2249 	ibdev->dma_ops = &qib_dma_mapping_ops;
2250 	ibdev->get_port_immutable = qib_port_immutable;
2251 
2252 	snprintf(ibdev->node_desc, sizeof(ibdev->node_desc),
2253 		 "Intel Infiniband HCA %s", init_utsname()->nodename);
2254 
2255 	ret = ib_register_device(ibdev, qib_create_port_files);
2256 	if (ret)
2257 		goto err_reg;
2258 
2259 	ret = qib_create_agents(dev);
2260 	if (ret)
2261 		goto err_agents;
2262 
2263 	ret = qib_verbs_register_sysfs(dd);
2264 	if (ret)
2265 		goto err_class;
2266 
2267 	goto bail;
2268 
2269 err_class:
2270 	qib_free_agents(dev);
2271 err_agents:
2272 	ib_unregister_device(ibdev);
2273 err_reg:
2274 err_tx:
2275 	while (!list_empty(&dev->txreq_free)) {
2276 		struct list_head *l = dev->txreq_free.next;
2277 		struct qib_verbs_txreq *tx;
2278 
2279 		list_del(l);
2280 		tx = list_entry(l, struct qib_verbs_txreq, txreq.list);
2281 		kfree(tx);
2282 	}
2283 	if (ppd->sdma_descq_cnt)
2284 		dma_free_coherent(&dd->pcidev->dev,
2285 				  ppd->sdma_descq_cnt *
2286 					sizeof(struct qib_pio_header),
2287 				  dev->pio_hdrs, dev->pio_hdrs_phys);
2288 err_hdrs:
2289 	free_pages((unsigned long) dev->lk_table.table, get_order(lk_tab_size));
2290 err_lk:
2291 	kfree(dev->qp_table);
2292 err_qpt:
2293 	qib_dev_err(dd, "cannot register verbs: %d!\n", -ret);
2294 bail:
2295 	return ret;
2296 }
2297 
2298 void qib_unregister_ib_device(struct qib_devdata *dd)
2299 {
2300 	struct qib_ibdev *dev = &dd->verbs_dev;
2301 	struct ib_device *ibdev = &dev->ibdev;
2302 	u32 qps_inuse;
2303 	unsigned lk_tab_size;
2304 
2305 	qib_verbs_unregister_sysfs(dd);
2306 
2307 	qib_free_agents(dev);
2308 
2309 	ib_unregister_device(ibdev);
2310 
2311 	if (!list_empty(&dev->piowait))
2312 		qib_dev_err(dd, "piowait list not empty!\n");
2313 	if (!list_empty(&dev->dmawait))
2314 		qib_dev_err(dd, "dmawait list not empty!\n");
2315 	if (!list_empty(&dev->txwait))
2316 		qib_dev_err(dd, "txwait list not empty!\n");
2317 	if (!list_empty(&dev->memwait))
2318 		qib_dev_err(dd, "memwait list not empty!\n");
2319 	if (dev->dma_mr)
2320 		qib_dev_err(dd, "DMA MR not NULL!\n");
2321 
2322 	qps_inuse = qib_free_all_qps(dd);
2323 	if (qps_inuse)
2324 		qib_dev_err(dd, "QP memory leak! %u still in use\n",
2325 			    qps_inuse);
2326 
2327 	del_timer_sync(&dev->mem_timer);
2328 	qib_free_qpn_table(&dev->qpn_table);
2329 	while (!list_empty(&dev->txreq_free)) {
2330 		struct list_head *l = dev->txreq_free.next;
2331 		struct qib_verbs_txreq *tx;
2332 
2333 		list_del(l);
2334 		tx = list_entry(l, struct qib_verbs_txreq, txreq.list);
2335 		kfree(tx);
2336 	}
2337 	if (dd->pport->sdma_descq_cnt)
2338 		dma_free_coherent(&dd->pcidev->dev,
2339 				  dd->pport->sdma_descq_cnt *
2340 					sizeof(struct qib_pio_header),
2341 				  dev->pio_hdrs, dev->pio_hdrs_phys);
2342 	lk_tab_size = dev->lk_table.max * sizeof(*dev->lk_table.table);
2343 	free_pages((unsigned long) dev->lk_table.table,
2344 		   get_order(lk_tab_size));
2345 	kfree(dev->qp_table);
2346 }
2347 
2348 /*
2349  * This must be called with s_lock held.
2350  */
2351 void qib_schedule_send(struct qib_qp *qp)
2352 {
2353 	if (qib_send_ok(qp)) {
2354 		struct qib_ibport *ibp =
2355 			to_iport(qp->ibqp.device, qp->port_num);
2356 		struct qib_pportdata *ppd = ppd_from_ibp(ibp);
2357 
2358 		queue_work(ppd->qib_wq, &qp->s_work);
2359 	}
2360 }
2361