1 /* 2 * Copyright(c) 2016, 2017 Intel Corporation. 3 * 4 * This file is provided under a dual BSD/GPLv2 license. When using or 5 * redistributing this file, you may do so under either license. 6 * 7 * GPL LICENSE SUMMARY 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of version 2 of the GNU General Public License as 11 * published by the Free Software Foundation. 12 * 13 * This program is distributed in the hope that it will be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * General Public License for more details. 17 * 18 * BSD LICENSE 19 * 20 * Redistribution and use in source and binary forms, with or without 21 * modification, are permitted provided that the following conditions 22 * are met: 23 * 24 * - Redistributions of source code must retain the above copyright 25 * notice, this list of conditions and the following disclaimer. 26 * - Redistributions in binary form must reproduce the above copyright 27 * notice, this list of conditions and the following disclaimer in 28 * the documentation and/or other materials provided with the 29 * distribution. 30 * - Neither the name of Intel Corporation nor the names of its 31 * contributors may be used to endorse or promote products derived 32 * from this software without specific prior written permission. 33 * 34 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 35 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 36 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 37 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 38 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 39 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 40 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 41 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 42 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 43 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 44 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 45 * 46 */ 47 48 #include <linux/hash.h> 49 #include <linux/bitops.h> 50 #include <linux/lockdep.h> 51 #include <linux/vmalloc.h> 52 #include <linux/slab.h> 53 #include <rdma/ib_verbs.h> 54 #include <rdma/ib_hdrs.h> 55 #include <rdma/opa_addr.h> 56 #include "qp.h" 57 #include "vt.h" 58 #include "trace.h" 59 60 static void rvt_rc_timeout(struct timer_list *t); 61 62 /* 63 * Convert the AETH RNR timeout code into the number of microseconds. 64 */ 65 static const u32 ib_rvt_rnr_table[32] = { 66 655360, /* 00: 655.36 */ 67 10, /* 01: .01 */ 68 20, /* 02 .02 */ 69 30, /* 03: .03 */ 70 40, /* 04: .04 */ 71 60, /* 05: .06 */ 72 80, /* 06: .08 */ 73 120, /* 07: .12 */ 74 160, /* 08: .16 */ 75 240, /* 09: .24 */ 76 320, /* 0A: .32 */ 77 480, /* 0B: .48 */ 78 640, /* 0C: .64 */ 79 960, /* 0D: .96 */ 80 1280, /* 0E: 1.28 */ 81 1920, /* 0F: 1.92 */ 82 2560, /* 10: 2.56 */ 83 3840, /* 11: 3.84 */ 84 5120, /* 12: 5.12 */ 85 7680, /* 13: 7.68 */ 86 10240, /* 14: 10.24 */ 87 15360, /* 15: 15.36 */ 88 20480, /* 16: 20.48 */ 89 30720, /* 17: 30.72 */ 90 40960, /* 18: 40.96 */ 91 61440, /* 19: 61.44 */ 92 81920, /* 1A: 81.92 */ 93 122880, /* 1B: 122.88 */ 94 163840, /* 1C: 163.84 */ 95 245760, /* 1D: 245.76 */ 96 327680, /* 1E: 327.68 */ 97 491520 /* 1F: 491.52 */ 98 }; 99 100 /* 101 * Note that it is OK to post send work requests in the SQE and ERR 102 * states; rvt_do_send() will process them and generate error 103 * completions as per IB 1.2 C10-96. 104 */ 105 const int ib_rvt_state_ops[IB_QPS_ERR + 1] = { 106 [IB_QPS_RESET] = 0, 107 [IB_QPS_INIT] = RVT_POST_RECV_OK, 108 [IB_QPS_RTR] = RVT_POST_RECV_OK | RVT_PROCESS_RECV_OK, 109 [IB_QPS_RTS] = RVT_POST_RECV_OK | RVT_PROCESS_RECV_OK | 110 RVT_POST_SEND_OK | RVT_PROCESS_SEND_OK | 111 RVT_PROCESS_NEXT_SEND_OK, 112 [IB_QPS_SQD] = RVT_POST_RECV_OK | RVT_PROCESS_RECV_OK | 113 RVT_POST_SEND_OK | RVT_PROCESS_SEND_OK, 114 [IB_QPS_SQE] = RVT_POST_RECV_OK | RVT_PROCESS_RECV_OK | 115 RVT_POST_SEND_OK | RVT_FLUSH_SEND, 116 [IB_QPS_ERR] = RVT_POST_RECV_OK | RVT_FLUSH_RECV | 117 RVT_POST_SEND_OK | RVT_FLUSH_SEND, 118 }; 119 EXPORT_SYMBOL(ib_rvt_state_ops); 120 121 static void get_map_page(struct rvt_qpn_table *qpt, 122 struct rvt_qpn_map *map) 123 { 124 unsigned long page = get_zeroed_page(GFP_KERNEL); 125 126 /* 127 * Free the page if someone raced with us installing it. 128 */ 129 130 spin_lock(&qpt->lock); 131 if (map->page) 132 free_page(page); 133 else 134 map->page = (void *)page; 135 spin_unlock(&qpt->lock); 136 } 137 138 /** 139 * init_qpn_table - initialize the QP number table for a device 140 * @qpt: the QPN table 141 */ 142 static int init_qpn_table(struct rvt_dev_info *rdi, struct rvt_qpn_table *qpt) 143 { 144 u32 offset, i; 145 struct rvt_qpn_map *map; 146 int ret = 0; 147 148 if (!(rdi->dparms.qpn_res_end >= rdi->dparms.qpn_res_start)) 149 return -EINVAL; 150 151 spin_lock_init(&qpt->lock); 152 153 qpt->last = rdi->dparms.qpn_start; 154 qpt->incr = rdi->dparms.qpn_inc << rdi->dparms.qos_shift; 155 156 /* 157 * Drivers may want some QPs beyond what we need for verbs let them use 158 * our qpn table. No need for two. Lets go ahead and mark the bitmaps 159 * for those. The reserved range must be *after* the range which verbs 160 * will pick from. 161 */ 162 163 /* Figure out number of bit maps needed before reserved range */ 164 qpt->nmaps = rdi->dparms.qpn_res_start / RVT_BITS_PER_PAGE; 165 166 /* This should always be zero */ 167 offset = rdi->dparms.qpn_res_start & RVT_BITS_PER_PAGE_MASK; 168 169 /* Starting with the first reserved bit map */ 170 map = &qpt->map[qpt->nmaps]; 171 172 rvt_pr_info(rdi, "Reserving QPNs from 0x%x to 0x%x for non-verbs use\n", 173 rdi->dparms.qpn_res_start, rdi->dparms.qpn_res_end); 174 for (i = rdi->dparms.qpn_res_start; i <= rdi->dparms.qpn_res_end; i++) { 175 if (!map->page) { 176 get_map_page(qpt, map); 177 if (!map->page) { 178 ret = -ENOMEM; 179 break; 180 } 181 } 182 set_bit(offset, map->page); 183 offset++; 184 if (offset == RVT_BITS_PER_PAGE) { 185 /* next page */ 186 qpt->nmaps++; 187 map++; 188 offset = 0; 189 } 190 } 191 return ret; 192 } 193 194 /** 195 * free_qpn_table - free the QP number table for a device 196 * @qpt: the QPN table 197 */ 198 static void free_qpn_table(struct rvt_qpn_table *qpt) 199 { 200 int i; 201 202 for (i = 0; i < ARRAY_SIZE(qpt->map); i++) 203 free_page((unsigned long)qpt->map[i].page); 204 } 205 206 /** 207 * rvt_driver_qp_init - Init driver qp resources 208 * @rdi: rvt dev strucutre 209 * 210 * Return: 0 on success 211 */ 212 int rvt_driver_qp_init(struct rvt_dev_info *rdi) 213 { 214 int i; 215 int ret = -ENOMEM; 216 217 if (!rdi->dparms.qp_table_size) 218 return -EINVAL; 219 220 /* 221 * If driver is not doing any QP allocation then make sure it is 222 * providing the necessary QP functions. 223 */ 224 if (!rdi->driver_f.free_all_qps || 225 !rdi->driver_f.qp_priv_alloc || 226 !rdi->driver_f.qp_priv_free || 227 !rdi->driver_f.notify_qp_reset || 228 !rdi->driver_f.notify_restart_rc) 229 return -EINVAL; 230 231 /* allocate parent object */ 232 rdi->qp_dev = kzalloc_node(sizeof(*rdi->qp_dev), GFP_KERNEL, 233 rdi->dparms.node); 234 if (!rdi->qp_dev) 235 return -ENOMEM; 236 237 /* allocate hash table */ 238 rdi->qp_dev->qp_table_size = rdi->dparms.qp_table_size; 239 rdi->qp_dev->qp_table_bits = ilog2(rdi->dparms.qp_table_size); 240 rdi->qp_dev->qp_table = 241 kmalloc_array_node(rdi->qp_dev->qp_table_size, 242 sizeof(*rdi->qp_dev->qp_table), 243 GFP_KERNEL, rdi->dparms.node); 244 if (!rdi->qp_dev->qp_table) 245 goto no_qp_table; 246 247 for (i = 0; i < rdi->qp_dev->qp_table_size; i++) 248 RCU_INIT_POINTER(rdi->qp_dev->qp_table[i], NULL); 249 250 spin_lock_init(&rdi->qp_dev->qpt_lock); 251 252 /* initialize qpn map */ 253 if (init_qpn_table(rdi, &rdi->qp_dev->qpn_table)) 254 goto fail_table; 255 256 spin_lock_init(&rdi->n_qps_lock); 257 258 return 0; 259 260 fail_table: 261 kfree(rdi->qp_dev->qp_table); 262 free_qpn_table(&rdi->qp_dev->qpn_table); 263 264 no_qp_table: 265 kfree(rdi->qp_dev); 266 267 return ret; 268 } 269 270 /** 271 * free_all_qps - check for QPs still in use 272 * @rdi: rvt device info structure 273 * 274 * There should not be any QPs still in use. 275 * Free memory for table. 276 */ 277 static unsigned rvt_free_all_qps(struct rvt_dev_info *rdi) 278 { 279 unsigned long flags; 280 struct rvt_qp *qp; 281 unsigned n, qp_inuse = 0; 282 spinlock_t *ql; /* work around too long line below */ 283 284 if (rdi->driver_f.free_all_qps) 285 qp_inuse = rdi->driver_f.free_all_qps(rdi); 286 287 qp_inuse += rvt_mcast_tree_empty(rdi); 288 289 if (!rdi->qp_dev) 290 return qp_inuse; 291 292 ql = &rdi->qp_dev->qpt_lock; 293 spin_lock_irqsave(ql, flags); 294 for (n = 0; n < rdi->qp_dev->qp_table_size; n++) { 295 qp = rcu_dereference_protected(rdi->qp_dev->qp_table[n], 296 lockdep_is_held(ql)); 297 RCU_INIT_POINTER(rdi->qp_dev->qp_table[n], NULL); 298 299 for (; qp; qp = rcu_dereference_protected(qp->next, 300 lockdep_is_held(ql))) 301 qp_inuse++; 302 } 303 spin_unlock_irqrestore(ql, flags); 304 synchronize_rcu(); 305 return qp_inuse; 306 } 307 308 /** 309 * rvt_qp_exit - clean up qps on device exit 310 * @rdi: rvt dev structure 311 * 312 * Check for qp leaks and free resources. 313 */ 314 void rvt_qp_exit(struct rvt_dev_info *rdi) 315 { 316 u32 qps_inuse = rvt_free_all_qps(rdi); 317 318 if (qps_inuse) 319 rvt_pr_err(rdi, "QP memory leak! %u still in use\n", 320 qps_inuse); 321 if (!rdi->qp_dev) 322 return; 323 324 kfree(rdi->qp_dev->qp_table); 325 free_qpn_table(&rdi->qp_dev->qpn_table); 326 kfree(rdi->qp_dev); 327 } 328 329 static inline unsigned mk_qpn(struct rvt_qpn_table *qpt, 330 struct rvt_qpn_map *map, unsigned off) 331 { 332 return (map - qpt->map) * RVT_BITS_PER_PAGE + off; 333 } 334 335 /** 336 * alloc_qpn - Allocate the next available qpn or zero/one for QP type 337 * IB_QPT_SMI/IB_QPT_GSI 338 * @rdi: rvt device info structure 339 * @qpt: queue pair number table pointer 340 * @port_num: IB port number, 1 based, comes from core 341 * 342 * Return: The queue pair number 343 */ 344 static int alloc_qpn(struct rvt_dev_info *rdi, struct rvt_qpn_table *qpt, 345 enum ib_qp_type type, u8 port_num) 346 { 347 u32 i, offset, max_scan, qpn; 348 struct rvt_qpn_map *map; 349 u32 ret; 350 351 if (rdi->driver_f.alloc_qpn) 352 return rdi->driver_f.alloc_qpn(rdi, qpt, type, port_num); 353 354 if (type == IB_QPT_SMI || type == IB_QPT_GSI) { 355 unsigned n; 356 357 ret = type == IB_QPT_GSI; 358 n = 1 << (ret + 2 * (port_num - 1)); 359 spin_lock(&qpt->lock); 360 if (qpt->flags & n) 361 ret = -EINVAL; 362 else 363 qpt->flags |= n; 364 spin_unlock(&qpt->lock); 365 goto bail; 366 } 367 368 qpn = qpt->last + qpt->incr; 369 if (qpn >= RVT_QPN_MAX) 370 qpn = qpt->incr | ((qpt->last & 1) ^ 1); 371 /* offset carries bit 0 */ 372 offset = qpn & RVT_BITS_PER_PAGE_MASK; 373 map = &qpt->map[qpn / RVT_BITS_PER_PAGE]; 374 max_scan = qpt->nmaps - !offset; 375 for (i = 0;;) { 376 if (unlikely(!map->page)) { 377 get_map_page(qpt, map); 378 if (unlikely(!map->page)) 379 break; 380 } 381 do { 382 if (!test_and_set_bit(offset, map->page)) { 383 qpt->last = qpn; 384 ret = qpn; 385 goto bail; 386 } 387 offset += qpt->incr; 388 /* 389 * This qpn might be bogus if offset >= BITS_PER_PAGE. 390 * That is OK. It gets re-assigned below 391 */ 392 qpn = mk_qpn(qpt, map, offset); 393 } while (offset < RVT_BITS_PER_PAGE && qpn < RVT_QPN_MAX); 394 /* 395 * In order to keep the number of pages allocated to a 396 * minimum, we scan the all existing pages before increasing 397 * the size of the bitmap table. 398 */ 399 if (++i > max_scan) { 400 if (qpt->nmaps == RVT_QPNMAP_ENTRIES) 401 break; 402 map = &qpt->map[qpt->nmaps++]; 403 /* start at incr with current bit 0 */ 404 offset = qpt->incr | (offset & 1); 405 } else if (map < &qpt->map[qpt->nmaps]) { 406 ++map; 407 /* start at incr with current bit 0 */ 408 offset = qpt->incr | (offset & 1); 409 } else { 410 map = &qpt->map[0]; 411 /* wrap to first map page, invert bit 0 */ 412 offset = qpt->incr | ((offset & 1) ^ 1); 413 } 414 /* there can be no set bits in low-order QoS bits */ 415 WARN_ON(offset & (BIT(rdi->dparms.qos_shift) - 1)); 416 qpn = mk_qpn(qpt, map, offset); 417 } 418 419 ret = -ENOMEM; 420 421 bail: 422 return ret; 423 } 424 425 /** 426 * rvt_clear_mr_refs - Drop help mr refs 427 * @qp: rvt qp data structure 428 * @clr_sends: If shoudl clear send side or not 429 */ 430 static void rvt_clear_mr_refs(struct rvt_qp *qp, int clr_sends) 431 { 432 unsigned n; 433 struct rvt_dev_info *rdi = ib_to_rvt(qp->ibqp.device); 434 435 if (test_and_clear_bit(RVT_R_REWIND_SGE, &qp->r_aflags)) 436 rvt_put_ss(&qp->s_rdma_read_sge); 437 438 rvt_put_ss(&qp->r_sge); 439 440 if (clr_sends) { 441 while (qp->s_last != qp->s_head) { 442 struct rvt_swqe *wqe = rvt_get_swqe_ptr(qp, qp->s_last); 443 444 rvt_put_swqe(wqe); 445 446 if (qp->ibqp.qp_type == IB_QPT_UD || 447 qp->ibqp.qp_type == IB_QPT_SMI || 448 qp->ibqp.qp_type == IB_QPT_GSI) 449 atomic_dec(&ibah_to_rvtah( 450 wqe->ud_wr.ah)->refcount); 451 if (++qp->s_last >= qp->s_size) 452 qp->s_last = 0; 453 smp_wmb(); /* see qp_set_savail */ 454 } 455 if (qp->s_rdma_mr) { 456 rvt_put_mr(qp->s_rdma_mr); 457 qp->s_rdma_mr = NULL; 458 } 459 } 460 461 for (n = 0; qp->s_ack_queue && n < rvt_max_atomic(rdi); n++) { 462 struct rvt_ack_entry *e = &qp->s_ack_queue[n]; 463 464 if (e->rdma_sge.mr) { 465 rvt_put_mr(e->rdma_sge.mr); 466 e->rdma_sge.mr = NULL; 467 } 468 } 469 } 470 471 /** 472 * rvt_swqe_has_lkey - return true if lkey is used by swqe 473 * @wqe - the send wqe 474 * @lkey - the lkey 475 * 476 * Test the swqe for using lkey 477 */ 478 static bool rvt_swqe_has_lkey(struct rvt_swqe *wqe, u32 lkey) 479 { 480 int i; 481 482 for (i = 0; i < wqe->wr.num_sge; i++) { 483 struct rvt_sge *sge = &wqe->sg_list[i]; 484 485 if (rvt_mr_has_lkey(sge->mr, lkey)) 486 return true; 487 } 488 return false; 489 } 490 491 /** 492 * rvt_qp_sends_has_lkey - return true is qp sends use lkey 493 * @qp - the rvt_qp 494 * @lkey - the lkey 495 */ 496 static bool rvt_qp_sends_has_lkey(struct rvt_qp *qp, u32 lkey) 497 { 498 u32 s_last = qp->s_last; 499 500 while (s_last != qp->s_head) { 501 struct rvt_swqe *wqe = rvt_get_swqe_ptr(qp, s_last); 502 503 if (rvt_swqe_has_lkey(wqe, lkey)) 504 return true; 505 506 if (++s_last >= qp->s_size) 507 s_last = 0; 508 } 509 if (qp->s_rdma_mr) 510 if (rvt_mr_has_lkey(qp->s_rdma_mr, lkey)) 511 return true; 512 return false; 513 } 514 515 /** 516 * rvt_qp_acks_has_lkey - return true if acks have lkey 517 * @qp - the qp 518 * @lkey - the lkey 519 */ 520 static bool rvt_qp_acks_has_lkey(struct rvt_qp *qp, u32 lkey) 521 { 522 int i; 523 struct rvt_dev_info *rdi = ib_to_rvt(qp->ibqp.device); 524 525 for (i = 0; qp->s_ack_queue && i < rvt_max_atomic(rdi); i++) { 526 struct rvt_ack_entry *e = &qp->s_ack_queue[i]; 527 528 if (rvt_mr_has_lkey(e->rdma_sge.mr, lkey)) 529 return true; 530 } 531 return false; 532 } 533 534 /* 535 * rvt_qp_mr_clean - clean up remote ops for lkey 536 * @qp - the qp 537 * @lkey - the lkey that is being de-registered 538 * 539 * This routine checks if the lkey is being used by 540 * the qp. 541 * 542 * If so, the qp is put into an error state to elminate 543 * any references from the qp. 544 */ 545 void rvt_qp_mr_clean(struct rvt_qp *qp, u32 lkey) 546 { 547 bool lastwqe = false; 548 549 if (qp->ibqp.qp_type == IB_QPT_SMI || 550 qp->ibqp.qp_type == IB_QPT_GSI) 551 /* avoid special QPs */ 552 return; 553 spin_lock_irq(&qp->r_lock); 554 spin_lock(&qp->s_hlock); 555 spin_lock(&qp->s_lock); 556 557 if (qp->state == IB_QPS_ERR || qp->state == IB_QPS_RESET) 558 goto check_lwqe; 559 560 if (rvt_ss_has_lkey(&qp->r_sge, lkey) || 561 rvt_qp_sends_has_lkey(qp, lkey) || 562 rvt_qp_acks_has_lkey(qp, lkey)) 563 lastwqe = rvt_error_qp(qp, IB_WC_LOC_PROT_ERR); 564 check_lwqe: 565 spin_unlock(&qp->s_lock); 566 spin_unlock(&qp->s_hlock); 567 spin_unlock_irq(&qp->r_lock); 568 if (lastwqe) { 569 struct ib_event ev; 570 571 ev.device = qp->ibqp.device; 572 ev.element.qp = &qp->ibqp; 573 ev.event = IB_EVENT_QP_LAST_WQE_REACHED; 574 qp->ibqp.event_handler(&ev, qp->ibqp.qp_context); 575 } 576 } 577 578 /** 579 * rvt_remove_qp - remove qp form table 580 * @rdi: rvt dev struct 581 * @qp: qp to remove 582 * 583 * Remove the QP from the table so it can't be found asynchronously by 584 * the receive routine. 585 */ 586 static void rvt_remove_qp(struct rvt_dev_info *rdi, struct rvt_qp *qp) 587 { 588 struct rvt_ibport *rvp = rdi->ports[qp->port_num - 1]; 589 u32 n = hash_32(qp->ibqp.qp_num, rdi->qp_dev->qp_table_bits); 590 unsigned long flags; 591 int removed = 1; 592 593 spin_lock_irqsave(&rdi->qp_dev->qpt_lock, flags); 594 595 if (rcu_dereference_protected(rvp->qp[0], 596 lockdep_is_held(&rdi->qp_dev->qpt_lock)) == qp) { 597 RCU_INIT_POINTER(rvp->qp[0], NULL); 598 } else if (rcu_dereference_protected(rvp->qp[1], 599 lockdep_is_held(&rdi->qp_dev->qpt_lock)) == qp) { 600 RCU_INIT_POINTER(rvp->qp[1], NULL); 601 } else { 602 struct rvt_qp *q; 603 struct rvt_qp __rcu **qpp; 604 605 removed = 0; 606 qpp = &rdi->qp_dev->qp_table[n]; 607 for (; (q = rcu_dereference_protected(*qpp, 608 lockdep_is_held(&rdi->qp_dev->qpt_lock))) != NULL; 609 qpp = &q->next) { 610 if (q == qp) { 611 RCU_INIT_POINTER(*qpp, 612 rcu_dereference_protected(qp->next, 613 lockdep_is_held(&rdi->qp_dev->qpt_lock))); 614 removed = 1; 615 trace_rvt_qpremove(qp, n); 616 break; 617 } 618 } 619 } 620 621 spin_unlock_irqrestore(&rdi->qp_dev->qpt_lock, flags); 622 if (removed) { 623 synchronize_rcu(); 624 rvt_put_qp(qp); 625 } 626 } 627 628 /** 629 * rvt_init_qp - initialize the QP state to the reset state 630 * @qp: the QP to init or reinit 631 * @type: the QP type 632 * 633 * This function is called from both rvt_create_qp() and 634 * rvt_reset_qp(). The difference is that the reset 635 * patch the necessary locks to protect against concurent 636 * access. 637 */ 638 static void rvt_init_qp(struct rvt_dev_info *rdi, struct rvt_qp *qp, 639 enum ib_qp_type type) 640 { 641 qp->remote_qpn = 0; 642 qp->qkey = 0; 643 qp->qp_access_flags = 0; 644 qp->s_flags &= RVT_S_SIGNAL_REQ_WR; 645 qp->s_hdrwords = 0; 646 qp->s_wqe = NULL; 647 qp->s_draining = 0; 648 qp->s_next_psn = 0; 649 qp->s_last_psn = 0; 650 qp->s_sending_psn = 0; 651 qp->s_sending_hpsn = 0; 652 qp->s_psn = 0; 653 qp->r_psn = 0; 654 qp->r_msn = 0; 655 if (type == IB_QPT_RC) { 656 qp->s_state = IB_OPCODE_RC_SEND_LAST; 657 qp->r_state = IB_OPCODE_RC_SEND_LAST; 658 } else { 659 qp->s_state = IB_OPCODE_UC_SEND_LAST; 660 qp->r_state = IB_OPCODE_UC_SEND_LAST; 661 } 662 qp->s_ack_state = IB_OPCODE_RC_ACKNOWLEDGE; 663 qp->r_nak_state = 0; 664 qp->r_aflags = 0; 665 qp->r_flags = 0; 666 qp->s_head = 0; 667 qp->s_tail = 0; 668 qp->s_cur = 0; 669 qp->s_acked = 0; 670 qp->s_last = 0; 671 qp->s_ssn = 1; 672 qp->s_lsn = 0; 673 qp->s_mig_state = IB_MIG_MIGRATED; 674 qp->r_head_ack_queue = 0; 675 qp->s_tail_ack_queue = 0; 676 qp->s_num_rd_atomic = 0; 677 if (qp->r_rq.wq) { 678 qp->r_rq.wq->head = 0; 679 qp->r_rq.wq->tail = 0; 680 } 681 qp->r_sge.num_sge = 0; 682 atomic_set(&qp->s_reserved_used, 0); 683 } 684 685 /** 686 * rvt_reset_qp - initialize the QP state to the reset state 687 * @qp: the QP to reset 688 * @type: the QP type 689 * 690 * r_lock, s_hlock, and s_lock are required to be held by the caller 691 */ 692 static void rvt_reset_qp(struct rvt_dev_info *rdi, struct rvt_qp *qp, 693 enum ib_qp_type type) 694 __must_hold(&qp->s_lock) 695 __must_hold(&qp->s_hlock) 696 __must_hold(&qp->r_lock) 697 { 698 lockdep_assert_held(&qp->r_lock); 699 lockdep_assert_held(&qp->s_hlock); 700 lockdep_assert_held(&qp->s_lock); 701 if (qp->state != IB_QPS_RESET) { 702 qp->state = IB_QPS_RESET; 703 704 /* Let drivers flush their waitlist */ 705 rdi->driver_f.flush_qp_waiters(qp); 706 rvt_stop_rc_timers(qp); 707 qp->s_flags &= ~(RVT_S_TIMER | RVT_S_ANY_WAIT); 708 spin_unlock(&qp->s_lock); 709 spin_unlock(&qp->s_hlock); 710 spin_unlock_irq(&qp->r_lock); 711 712 /* Stop the send queue and the retry timer */ 713 rdi->driver_f.stop_send_queue(qp); 714 rvt_del_timers_sync(qp); 715 /* Wait for things to stop */ 716 rdi->driver_f.quiesce_qp(qp); 717 718 /* take qp out the hash and wait for it to be unused */ 719 rvt_remove_qp(rdi, qp); 720 721 /* grab the lock b/c it was locked at call time */ 722 spin_lock_irq(&qp->r_lock); 723 spin_lock(&qp->s_hlock); 724 spin_lock(&qp->s_lock); 725 726 rvt_clear_mr_refs(qp, 1); 727 /* 728 * Let the driver do any tear down or re-init it needs to for 729 * a qp that has been reset 730 */ 731 rdi->driver_f.notify_qp_reset(qp); 732 } 733 rvt_init_qp(rdi, qp, type); 734 lockdep_assert_held(&qp->r_lock); 735 lockdep_assert_held(&qp->s_hlock); 736 lockdep_assert_held(&qp->s_lock); 737 } 738 739 /** rvt_free_qpn - Free a qpn from the bit map 740 * @qpt: QP table 741 * @qpn: queue pair number to free 742 */ 743 static void rvt_free_qpn(struct rvt_qpn_table *qpt, u32 qpn) 744 { 745 struct rvt_qpn_map *map; 746 747 map = qpt->map + (qpn & RVT_QPN_MASK) / RVT_BITS_PER_PAGE; 748 if (map->page) 749 clear_bit(qpn & RVT_BITS_PER_PAGE_MASK, map->page); 750 } 751 752 /** 753 * rvt_create_qp - create a queue pair for a device 754 * @ibpd: the protection domain who's device we create the queue pair for 755 * @init_attr: the attributes of the queue pair 756 * @udata: user data for libibverbs.so 757 * 758 * Queue pair creation is mostly an rvt issue. However, drivers have their own 759 * unique idea of what queue pair numbers mean. For instance there is a reserved 760 * range for PSM. 761 * 762 * Return: the queue pair on success, otherwise returns an errno. 763 * 764 * Called by the ib_create_qp() core verbs function. 765 */ 766 struct ib_qp *rvt_create_qp(struct ib_pd *ibpd, 767 struct ib_qp_init_attr *init_attr, 768 struct ib_udata *udata) 769 { 770 struct rvt_qp *qp; 771 int err; 772 struct rvt_swqe *swq = NULL; 773 size_t sz; 774 size_t sg_list_sz; 775 struct ib_qp *ret = ERR_PTR(-ENOMEM); 776 struct rvt_dev_info *rdi = ib_to_rvt(ibpd->device); 777 void *priv = NULL; 778 size_t sqsize; 779 780 if (!rdi) 781 return ERR_PTR(-EINVAL); 782 783 if (init_attr->cap.max_send_sge > rdi->dparms.props.max_send_sge || 784 init_attr->cap.max_send_wr > rdi->dparms.props.max_qp_wr || 785 init_attr->create_flags) 786 return ERR_PTR(-EINVAL); 787 788 /* Check receive queue parameters if no SRQ is specified. */ 789 if (!init_attr->srq) { 790 if (init_attr->cap.max_recv_sge > 791 rdi->dparms.props.max_recv_sge || 792 init_attr->cap.max_recv_wr > rdi->dparms.props.max_qp_wr) 793 return ERR_PTR(-EINVAL); 794 795 if (init_attr->cap.max_send_sge + 796 init_attr->cap.max_send_wr + 797 init_attr->cap.max_recv_sge + 798 init_attr->cap.max_recv_wr == 0) 799 return ERR_PTR(-EINVAL); 800 } 801 sqsize = 802 init_attr->cap.max_send_wr + 1 + 803 rdi->dparms.reserved_operations; 804 switch (init_attr->qp_type) { 805 case IB_QPT_SMI: 806 case IB_QPT_GSI: 807 if (init_attr->port_num == 0 || 808 init_attr->port_num > ibpd->device->phys_port_cnt) 809 return ERR_PTR(-EINVAL); 810 /* fall through */ 811 case IB_QPT_UC: 812 case IB_QPT_RC: 813 case IB_QPT_UD: 814 sz = sizeof(struct rvt_sge) * 815 init_attr->cap.max_send_sge + 816 sizeof(struct rvt_swqe); 817 swq = vzalloc_node(array_size(sz, sqsize), rdi->dparms.node); 818 if (!swq) 819 return ERR_PTR(-ENOMEM); 820 821 sz = sizeof(*qp); 822 sg_list_sz = 0; 823 if (init_attr->srq) { 824 struct rvt_srq *srq = ibsrq_to_rvtsrq(init_attr->srq); 825 826 if (srq->rq.max_sge > 1) 827 sg_list_sz = sizeof(*qp->r_sg_list) * 828 (srq->rq.max_sge - 1); 829 } else if (init_attr->cap.max_recv_sge > 1) 830 sg_list_sz = sizeof(*qp->r_sg_list) * 831 (init_attr->cap.max_recv_sge - 1); 832 qp = kzalloc_node(sz + sg_list_sz, GFP_KERNEL, 833 rdi->dparms.node); 834 if (!qp) 835 goto bail_swq; 836 837 RCU_INIT_POINTER(qp->next, NULL); 838 if (init_attr->qp_type == IB_QPT_RC) { 839 qp->s_ack_queue = 840 kcalloc_node(rvt_max_atomic(rdi), 841 sizeof(*qp->s_ack_queue), 842 GFP_KERNEL, 843 rdi->dparms.node); 844 if (!qp->s_ack_queue) 845 goto bail_qp; 846 } 847 /* initialize timers needed for rc qp */ 848 timer_setup(&qp->s_timer, rvt_rc_timeout, 0); 849 hrtimer_init(&qp->s_rnr_timer, CLOCK_MONOTONIC, 850 HRTIMER_MODE_REL); 851 qp->s_rnr_timer.function = rvt_rc_rnr_retry; 852 853 /* 854 * Driver needs to set up it's private QP structure and do any 855 * initialization that is needed. 856 */ 857 priv = rdi->driver_f.qp_priv_alloc(rdi, qp); 858 if (IS_ERR(priv)) { 859 ret = priv; 860 goto bail_qp; 861 } 862 qp->priv = priv; 863 qp->timeout_jiffies = 864 usecs_to_jiffies((4096UL * (1UL << qp->timeout)) / 865 1000UL); 866 if (init_attr->srq) { 867 sz = 0; 868 } else { 869 qp->r_rq.size = init_attr->cap.max_recv_wr + 1; 870 qp->r_rq.max_sge = init_attr->cap.max_recv_sge; 871 sz = (sizeof(struct ib_sge) * qp->r_rq.max_sge) + 872 sizeof(struct rvt_rwqe); 873 if (udata) 874 qp->r_rq.wq = vmalloc_user( 875 sizeof(struct rvt_rwq) + 876 qp->r_rq.size * sz); 877 else 878 qp->r_rq.wq = vzalloc_node( 879 sizeof(struct rvt_rwq) + 880 qp->r_rq.size * sz, 881 rdi->dparms.node); 882 if (!qp->r_rq.wq) 883 goto bail_driver_priv; 884 } 885 886 /* 887 * ib_create_qp() will initialize qp->ibqp 888 * except for qp->ibqp.qp_num. 889 */ 890 spin_lock_init(&qp->r_lock); 891 spin_lock_init(&qp->s_hlock); 892 spin_lock_init(&qp->s_lock); 893 spin_lock_init(&qp->r_rq.lock); 894 atomic_set(&qp->refcount, 0); 895 atomic_set(&qp->local_ops_pending, 0); 896 init_waitqueue_head(&qp->wait); 897 INIT_LIST_HEAD(&qp->rspwait); 898 qp->state = IB_QPS_RESET; 899 qp->s_wq = swq; 900 qp->s_size = sqsize; 901 qp->s_avail = init_attr->cap.max_send_wr; 902 qp->s_max_sge = init_attr->cap.max_send_sge; 903 if (init_attr->sq_sig_type == IB_SIGNAL_REQ_WR) 904 qp->s_flags = RVT_S_SIGNAL_REQ_WR; 905 906 err = alloc_qpn(rdi, &rdi->qp_dev->qpn_table, 907 init_attr->qp_type, 908 init_attr->port_num); 909 if (err < 0) { 910 ret = ERR_PTR(err); 911 goto bail_rq_wq; 912 } 913 qp->ibqp.qp_num = err; 914 qp->port_num = init_attr->port_num; 915 rvt_init_qp(rdi, qp, init_attr->qp_type); 916 break; 917 918 default: 919 /* Don't support raw QPs */ 920 return ERR_PTR(-EINVAL); 921 } 922 923 init_attr->cap.max_inline_data = 0; 924 925 /* 926 * Return the address of the RWQ as the offset to mmap. 927 * See rvt_mmap() for details. 928 */ 929 if (udata && udata->outlen >= sizeof(__u64)) { 930 if (!qp->r_rq.wq) { 931 __u64 offset = 0; 932 933 err = ib_copy_to_udata(udata, &offset, 934 sizeof(offset)); 935 if (err) { 936 ret = ERR_PTR(err); 937 goto bail_qpn; 938 } 939 } else { 940 u32 s = sizeof(struct rvt_rwq) + qp->r_rq.size * sz; 941 942 qp->ip = rvt_create_mmap_info(rdi, s, 943 ibpd->uobject->context, 944 qp->r_rq.wq); 945 if (!qp->ip) { 946 ret = ERR_PTR(-ENOMEM); 947 goto bail_qpn; 948 } 949 950 err = ib_copy_to_udata(udata, &qp->ip->offset, 951 sizeof(qp->ip->offset)); 952 if (err) { 953 ret = ERR_PTR(err); 954 goto bail_ip; 955 } 956 } 957 qp->pid = current->pid; 958 } 959 960 spin_lock(&rdi->n_qps_lock); 961 if (rdi->n_qps_allocated == rdi->dparms.props.max_qp) { 962 spin_unlock(&rdi->n_qps_lock); 963 ret = ERR_PTR(-ENOMEM); 964 goto bail_ip; 965 } 966 967 rdi->n_qps_allocated++; 968 /* 969 * Maintain a busy_jiffies variable that will be added to the timeout 970 * period in mod_retry_timer and add_retry_timer. This busy jiffies 971 * is scaled by the number of rc qps created for the device to reduce 972 * the number of timeouts occurring when there is a large number of 973 * qps. busy_jiffies is incremented every rc qp scaling interval. 974 * The scaling interval is selected based on extensive performance 975 * evaluation of targeted workloads. 976 */ 977 if (init_attr->qp_type == IB_QPT_RC) { 978 rdi->n_rc_qps++; 979 rdi->busy_jiffies = rdi->n_rc_qps / RC_QP_SCALING_INTERVAL; 980 } 981 spin_unlock(&rdi->n_qps_lock); 982 983 if (qp->ip) { 984 spin_lock_irq(&rdi->pending_lock); 985 list_add(&qp->ip->pending_mmaps, &rdi->pending_mmaps); 986 spin_unlock_irq(&rdi->pending_lock); 987 } 988 989 ret = &qp->ibqp; 990 991 /* 992 * We have our QP and its good, now keep track of what types of opcodes 993 * can be processed on this QP. We do this by keeping track of what the 994 * 3 high order bits of the opcode are. 995 */ 996 switch (init_attr->qp_type) { 997 case IB_QPT_SMI: 998 case IB_QPT_GSI: 999 case IB_QPT_UD: 1000 qp->allowed_ops = IB_OPCODE_UD; 1001 break; 1002 case IB_QPT_RC: 1003 qp->allowed_ops = IB_OPCODE_RC; 1004 break; 1005 case IB_QPT_UC: 1006 qp->allowed_ops = IB_OPCODE_UC; 1007 break; 1008 default: 1009 ret = ERR_PTR(-EINVAL); 1010 goto bail_ip; 1011 } 1012 1013 return ret; 1014 1015 bail_ip: 1016 if (qp->ip) 1017 kref_put(&qp->ip->ref, rvt_release_mmap_info); 1018 1019 bail_qpn: 1020 rvt_free_qpn(&rdi->qp_dev->qpn_table, qp->ibqp.qp_num); 1021 1022 bail_rq_wq: 1023 if (!qp->ip) 1024 vfree(qp->r_rq.wq); 1025 1026 bail_driver_priv: 1027 rdi->driver_f.qp_priv_free(rdi, qp); 1028 1029 bail_qp: 1030 kfree(qp->s_ack_queue); 1031 kfree(qp); 1032 1033 bail_swq: 1034 vfree(swq); 1035 1036 return ret; 1037 } 1038 1039 /** 1040 * rvt_error_qp - put a QP into the error state 1041 * @qp: the QP to put into the error state 1042 * @err: the receive completion error to signal if a RWQE is active 1043 * 1044 * Flushes both send and receive work queues. 1045 * 1046 * Return: true if last WQE event should be generated. 1047 * The QP r_lock and s_lock should be held and interrupts disabled. 1048 * If we are already in error state, just return. 1049 */ 1050 int rvt_error_qp(struct rvt_qp *qp, enum ib_wc_status err) 1051 { 1052 struct ib_wc wc; 1053 int ret = 0; 1054 struct rvt_dev_info *rdi = ib_to_rvt(qp->ibqp.device); 1055 1056 lockdep_assert_held(&qp->r_lock); 1057 lockdep_assert_held(&qp->s_lock); 1058 if (qp->state == IB_QPS_ERR || qp->state == IB_QPS_RESET) 1059 goto bail; 1060 1061 qp->state = IB_QPS_ERR; 1062 1063 if (qp->s_flags & (RVT_S_TIMER | RVT_S_WAIT_RNR)) { 1064 qp->s_flags &= ~(RVT_S_TIMER | RVT_S_WAIT_RNR); 1065 del_timer(&qp->s_timer); 1066 } 1067 1068 if (qp->s_flags & RVT_S_ANY_WAIT_SEND) 1069 qp->s_flags &= ~RVT_S_ANY_WAIT_SEND; 1070 1071 rdi->driver_f.notify_error_qp(qp); 1072 1073 /* Schedule the sending tasklet to drain the send work queue. */ 1074 if (READ_ONCE(qp->s_last) != qp->s_head) 1075 rdi->driver_f.schedule_send(qp); 1076 1077 rvt_clear_mr_refs(qp, 0); 1078 1079 memset(&wc, 0, sizeof(wc)); 1080 wc.qp = &qp->ibqp; 1081 wc.opcode = IB_WC_RECV; 1082 1083 if (test_and_clear_bit(RVT_R_WRID_VALID, &qp->r_aflags)) { 1084 wc.wr_id = qp->r_wr_id; 1085 wc.status = err; 1086 rvt_cq_enter(ibcq_to_rvtcq(qp->ibqp.recv_cq), &wc, 1); 1087 } 1088 wc.status = IB_WC_WR_FLUSH_ERR; 1089 1090 if (qp->r_rq.wq) { 1091 struct rvt_rwq *wq; 1092 u32 head; 1093 u32 tail; 1094 1095 spin_lock(&qp->r_rq.lock); 1096 1097 /* sanity check pointers before trusting them */ 1098 wq = qp->r_rq.wq; 1099 head = wq->head; 1100 if (head >= qp->r_rq.size) 1101 head = 0; 1102 tail = wq->tail; 1103 if (tail >= qp->r_rq.size) 1104 tail = 0; 1105 while (tail != head) { 1106 wc.wr_id = rvt_get_rwqe_ptr(&qp->r_rq, tail)->wr_id; 1107 if (++tail >= qp->r_rq.size) 1108 tail = 0; 1109 rvt_cq_enter(ibcq_to_rvtcq(qp->ibqp.recv_cq), &wc, 1); 1110 } 1111 wq->tail = tail; 1112 1113 spin_unlock(&qp->r_rq.lock); 1114 } else if (qp->ibqp.event_handler) { 1115 ret = 1; 1116 } 1117 1118 bail: 1119 return ret; 1120 } 1121 EXPORT_SYMBOL(rvt_error_qp); 1122 1123 /* 1124 * Put the QP into the hash table. 1125 * The hash table holds a reference to the QP. 1126 */ 1127 static void rvt_insert_qp(struct rvt_dev_info *rdi, struct rvt_qp *qp) 1128 { 1129 struct rvt_ibport *rvp = rdi->ports[qp->port_num - 1]; 1130 unsigned long flags; 1131 1132 rvt_get_qp(qp); 1133 spin_lock_irqsave(&rdi->qp_dev->qpt_lock, flags); 1134 1135 if (qp->ibqp.qp_num <= 1) { 1136 rcu_assign_pointer(rvp->qp[qp->ibqp.qp_num], qp); 1137 } else { 1138 u32 n = hash_32(qp->ibqp.qp_num, rdi->qp_dev->qp_table_bits); 1139 1140 qp->next = rdi->qp_dev->qp_table[n]; 1141 rcu_assign_pointer(rdi->qp_dev->qp_table[n], qp); 1142 trace_rvt_qpinsert(qp, n); 1143 } 1144 1145 spin_unlock_irqrestore(&rdi->qp_dev->qpt_lock, flags); 1146 } 1147 1148 /** 1149 * rvt_modify_qp - modify the attributes of a queue pair 1150 * @ibqp: the queue pair who's attributes we're modifying 1151 * @attr: the new attributes 1152 * @attr_mask: the mask of attributes to modify 1153 * @udata: user data for libibverbs.so 1154 * 1155 * Return: 0 on success, otherwise returns an errno. 1156 */ 1157 int rvt_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, 1158 int attr_mask, struct ib_udata *udata) 1159 { 1160 struct rvt_dev_info *rdi = ib_to_rvt(ibqp->device); 1161 struct rvt_qp *qp = ibqp_to_rvtqp(ibqp); 1162 enum ib_qp_state cur_state, new_state; 1163 struct ib_event ev; 1164 int lastwqe = 0; 1165 int mig = 0; 1166 int pmtu = 0; /* for gcc warning only */ 1167 int opa_ah; 1168 1169 spin_lock_irq(&qp->r_lock); 1170 spin_lock(&qp->s_hlock); 1171 spin_lock(&qp->s_lock); 1172 1173 cur_state = attr_mask & IB_QP_CUR_STATE ? 1174 attr->cur_qp_state : qp->state; 1175 new_state = attr_mask & IB_QP_STATE ? attr->qp_state : cur_state; 1176 opa_ah = rdma_cap_opa_ah(ibqp->device, qp->port_num); 1177 1178 if (!ib_modify_qp_is_ok(cur_state, new_state, ibqp->qp_type, 1179 attr_mask)) 1180 goto inval; 1181 1182 if (rdi->driver_f.check_modify_qp && 1183 rdi->driver_f.check_modify_qp(qp, attr, attr_mask, udata)) 1184 goto inval; 1185 1186 if (attr_mask & IB_QP_AV) { 1187 if (opa_ah) { 1188 if (rdma_ah_get_dlid(&attr->ah_attr) >= 1189 opa_get_mcast_base(OPA_MCAST_NR)) 1190 goto inval; 1191 } else { 1192 if (rdma_ah_get_dlid(&attr->ah_attr) >= 1193 be16_to_cpu(IB_MULTICAST_LID_BASE)) 1194 goto inval; 1195 } 1196 1197 if (rvt_check_ah(qp->ibqp.device, &attr->ah_attr)) 1198 goto inval; 1199 } 1200 1201 if (attr_mask & IB_QP_ALT_PATH) { 1202 if (opa_ah) { 1203 if (rdma_ah_get_dlid(&attr->alt_ah_attr) >= 1204 opa_get_mcast_base(OPA_MCAST_NR)) 1205 goto inval; 1206 } else { 1207 if (rdma_ah_get_dlid(&attr->alt_ah_attr) >= 1208 be16_to_cpu(IB_MULTICAST_LID_BASE)) 1209 goto inval; 1210 } 1211 1212 if (rvt_check_ah(qp->ibqp.device, &attr->alt_ah_attr)) 1213 goto inval; 1214 if (attr->alt_pkey_index >= rvt_get_npkeys(rdi)) 1215 goto inval; 1216 } 1217 1218 if (attr_mask & IB_QP_PKEY_INDEX) 1219 if (attr->pkey_index >= rvt_get_npkeys(rdi)) 1220 goto inval; 1221 1222 if (attr_mask & IB_QP_MIN_RNR_TIMER) 1223 if (attr->min_rnr_timer > 31) 1224 goto inval; 1225 1226 if (attr_mask & IB_QP_PORT) 1227 if (qp->ibqp.qp_type == IB_QPT_SMI || 1228 qp->ibqp.qp_type == IB_QPT_GSI || 1229 attr->port_num == 0 || 1230 attr->port_num > ibqp->device->phys_port_cnt) 1231 goto inval; 1232 1233 if (attr_mask & IB_QP_DEST_QPN) 1234 if (attr->dest_qp_num > RVT_QPN_MASK) 1235 goto inval; 1236 1237 if (attr_mask & IB_QP_RETRY_CNT) 1238 if (attr->retry_cnt > 7) 1239 goto inval; 1240 1241 if (attr_mask & IB_QP_RNR_RETRY) 1242 if (attr->rnr_retry > 7) 1243 goto inval; 1244 1245 /* 1246 * Don't allow invalid path_mtu values. OK to set greater 1247 * than the active mtu (or even the max_cap, if we have tuned 1248 * that to a small mtu. We'll set qp->path_mtu 1249 * to the lesser of requested attribute mtu and active, 1250 * for packetizing messages. 1251 * Note that the QP port has to be set in INIT and MTU in RTR. 1252 */ 1253 if (attr_mask & IB_QP_PATH_MTU) { 1254 pmtu = rdi->driver_f.get_pmtu_from_attr(rdi, qp, attr); 1255 if (pmtu < 0) 1256 goto inval; 1257 } 1258 1259 if (attr_mask & IB_QP_PATH_MIG_STATE) { 1260 if (attr->path_mig_state == IB_MIG_REARM) { 1261 if (qp->s_mig_state == IB_MIG_ARMED) 1262 goto inval; 1263 if (new_state != IB_QPS_RTS) 1264 goto inval; 1265 } else if (attr->path_mig_state == IB_MIG_MIGRATED) { 1266 if (qp->s_mig_state == IB_MIG_REARM) 1267 goto inval; 1268 if (new_state != IB_QPS_RTS && new_state != IB_QPS_SQD) 1269 goto inval; 1270 if (qp->s_mig_state == IB_MIG_ARMED) 1271 mig = 1; 1272 } else { 1273 goto inval; 1274 } 1275 } 1276 1277 if (attr_mask & IB_QP_MAX_DEST_RD_ATOMIC) 1278 if (attr->max_dest_rd_atomic > rdi->dparms.max_rdma_atomic) 1279 goto inval; 1280 1281 switch (new_state) { 1282 case IB_QPS_RESET: 1283 if (qp->state != IB_QPS_RESET) 1284 rvt_reset_qp(rdi, qp, ibqp->qp_type); 1285 break; 1286 1287 case IB_QPS_RTR: 1288 /* Allow event to re-trigger if QP set to RTR more than once */ 1289 qp->r_flags &= ~RVT_R_COMM_EST; 1290 qp->state = new_state; 1291 break; 1292 1293 case IB_QPS_SQD: 1294 qp->s_draining = qp->s_last != qp->s_cur; 1295 qp->state = new_state; 1296 break; 1297 1298 case IB_QPS_SQE: 1299 if (qp->ibqp.qp_type == IB_QPT_RC) 1300 goto inval; 1301 qp->state = new_state; 1302 break; 1303 1304 case IB_QPS_ERR: 1305 lastwqe = rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR); 1306 break; 1307 1308 default: 1309 qp->state = new_state; 1310 break; 1311 } 1312 1313 if (attr_mask & IB_QP_PKEY_INDEX) 1314 qp->s_pkey_index = attr->pkey_index; 1315 1316 if (attr_mask & IB_QP_PORT) 1317 qp->port_num = attr->port_num; 1318 1319 if (attr_mask & IB_QP_DEST_QPN) 1320 qp->remote_qpn = attr->dest_qp_num; 1321 1322 if (attr_mask & IB_QP_SQ_PSN) { 1323 qp->s_next_psn = attr->sq_psn & rdi->dparms.psn_modify_mask; 1324 qp->s_psn = qp->s_next_psn; 1325 qp->s_sending_psn = qp->s_next_psn; 1326 qp->s_last_psn = qp->s_next_psn - 1; 1327 qp->s_sending_hpsn = qp->s_last_psn; 1328 } 1329 1330 if (attr_mask & IB_QP_RQ_PSN) 1331 qp->r_psn = attr->rq_psn & rdi->dparms.psn_modify_mask; 1332 1333 if (attr_mask & IB_QP_ACCESS_FLAGS) 1334 qp->qp_access_flags = attr->qp_access_flags; 1335 1336 if (attr_mask & IB_QP_AV) { 1337 rdma_replace_ah_attr(&qp->remote_ah_attr, &attr->ah_attr); 1338 qp->s_srate = rdma_ah_get_static_rate(&attr->ah_attr); 1339 qp->srate_mbps = ib_rate_to_mbps(qp->s_srate); 1340 } 1341 1342 if (attr_mask & IB_QP_ALT_PATH) { 1343 rdma_replace_ah_attr(&qp->alt_ah_attr, &attr->alt_ah_attr); 1344 qp->s_alt_pkey_index = attr->alt_pkey_index; 1345 } 1346 1347 if (attr_mask & IB_QP_PATH_MIG_STATE) { 1348 qp->s_mig_state = attr->path_mig_state; 1349 if (mig) { 1350 qp->remote_ah_attr = qp->alt_ah_attr; 1351 qp->port_num = rdma_ah_get_port_num(&qp->alt_ah_attr); 1352 qp->s_pkey_index = qp->s_alt_pkey_index; 1353 } 1354 } 1355 1356 if (attr_mask & IB_QP_PATH_MTU) { 1357 qp->pmtu = rdi->driver_f.mtu_from_qp(rdi, qp, pmtu); 1358 qp->log_pmtu = ilog2(qp->pmtu); 1359 } 1360 1361 if (attr_mask & IB_QP_RETRY_CNT) { 1362 qp->s_retry_cnt = attr->retry_cnt; 1363 qp->s_retry = attr->retry_cnt; 1364 } 1365 1366 if (attr_mask & IB_QP_RNR_RETRY) { 1367 qp->s_rnr_retry_cnt = attr->rnr_retry; 1368 qp->s_rnr_retry = attr->rnr_retry; 1369 } 1370 1371 if (attr_mask & IB_QP_MIN_RNR_TIMER) 1372 qp->r_min_rnr_timer = attr->min_rnr_timer; 1373 1374 if (attr_mask & IB_QP_TIMEOUT) { 1375 qp->timeout = attr->timeout; 1376 qp->timeout_jiffies = rvt_timeout_to_jiffies(qp->timeout); 1377 } 1378 1379 if (attr_mask & IB_QP_QKEY) 1380 qp->qkey = attr->qkey; 1381 1382 if (attr_mask & IB_QP_MAX_DEST_RD_ATOMIC) 1383 qp->r_max_rd_atomic = attr->max_dest_rd_atomic; 1384 1385 if (attr_mask & IB_QP_MAX_QP_RD_ATOMIC) 1386 qp->s_max_rd_atomic = attr->max_rd_atomic; 1387 1388 if (rdi->driver_f.modify_qp) 1389 rdi->driver_f.modify_qp(qp, attr, attr_mask, udata); 1390 1391 spin_unlock(&qp->s_lock); 1392 spin_unlock(&qp->s_hlock); 1393 spin_unlock_irq(&qp->r_lock); 1394 1395 if (cur_state == IB_QPS_RESET && new_state == IB_QPS_INIT) 1396 rvt_insert_qp(rdi, qp); 1397 1398 if (lastwqe) { 1399 ev.device = qp->ibqp.device; 1400 ev.element.qp = &qp->ibqp; 1401 ev.event = IB_EVENT_QP_LAST_WQE_REACHED; 1402 qp->ibqp.event_handler(&ev, qp->ibqp.qp_context); 1403 } 1404 if (mig) { 1405 ev.device = qp->ibqp.device; 1406 ev.element.qp = &qp->ibqp; 1407 ev.event = IB_EVENT_PATH_MIG; 1408 qp->ibqp.event_handler(&ev, qp->ibqp.qp_context); 1409 } 1410 return 0; 1411 1412 inval: 1413 spin_unlock(&qp->s_lock); 1414 spin_unlock(&qp->s_hlock); 1415 spin_unlock_irq(&qp->r_lock); 1416 return -EINVAL; 1417 } 1418 1419 /** 1420 * rvt_destroy_qp - destroy a queue pair 1421 * @ibqp: the queue pair to destroy 1422 * 1423 * Note that this can be called while the QP is actively sending or 1424 * receiving! 1425 * 1426 * Return: 0 on success. 1427 */ 1428 int rvt_destroy_qp(struct ib_qp *ibqp) 1429 { 1430 struct rvt_qp *qp = ibqp_to_rvtqp(ibqp); 1431 struct rvt_dev_info *rdi = ib_to_rvt(ibqp->device); 1432 1433 spin_lock_irq(&qp->r_lock); 1434 spin_lock(&qp->s_hlock); 1435 spin_lock(&qp->s_lock); 1436 rvt_reset_qp(rdi, qp, ibqp->qp_type); 1437 spin_unlock(&qp->s_lock); 1438 spin_unlock(&qp->s_hlock); 1439 spin_unlock_irq(&qp->r_lock); 1440 1441 wait_event(qp->wait, !atomic_read(&qp->refcount)); 1442 /* qpn is now available for use again */ 1443 rvt_free_qpn(&rdi->qp_dev->qpn_table, qp->ibqp.qp_num); 1444 1445 spin_lock(&rdi->n_qps_lock); 1446 rdi->n_qps_allocated--; 1447 if (qp->ibqp.qp_type == IB_QPT_RC) { 1448 rdi->n_rc_qps--; 1449 rdi->busy_jiffies = rdi->n_rc_qps / RC_QP_SCALING_INTERVAL; 1450 } 1451 spin_unlock(&rdi->n_qps_lock); 1452 1453 if (qp->ip) 1454 kref_put(&qp->ip->ref, rvt_release_mmap_info); 1455 else 1456 vfree(qp->r_rq.wq); 1457 vfree(qp->s_wq); 1458 rdi->driver_f.qp_priv_free(rdi, qp); 1459 kfree(qp->s_ack_queue); 1460 rdma_destroy_ah_attr(&qp->remote_ah_attr); 1461 rdma_destroy_ah_attr(&qp->alt_ah_attr); 1462 kfree(qp); 1463 return 0; 1464 } 1465 1466 /** 1467 * rvt_query_qp - query an ipbq 1468 * @ibqp: IB qp to query 1469 * @attr: attr struct to fill in 1470 * @attr_mask: attr mask ignored 1471 * @init_attr: struct to fill in 1472 * 1473 * Return: always 0 1474 */ 1475 int rvt_query_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, 1476 int attr_mask, struct ib_qp_init_attr *init_attr) 1477 { 1478 struct rvt_qp *qp = ibqp_to_rvtqp(ibqp); 1479 struct rvt_dev_info *rdi = ib_to_rvt(ibqp->device); 1480 1481 attr->qp_state = qp->state; 1482 attr->cur_qp_state = attr->qp_state; 1483 attr->path_mtu = rdi->driver_f.mtu_to_path_mtu(qp->pmtu); 1484 attr->path_mig_state = qp->s_mig_state; 1485 attr->qkey = qp->qkey; 1486 attr->rq_psn = qp->r_psn & rdi->dparms.psn_mask; 1487 attr->sq_psn = qp->s_next_psn & rdi->dparms.psn_mask; 1488 attr->dest_qp_num = qp->remote_qpn; 1489 attr->qp_access_flags = qp->qp_access_flags; 1490 attr->cap.max_send_wr = qp->s_size - 1 - 1491 rdi->dparms.reserved_operations; 1492 attr->cap.max_recv_wr = qp->ibqp.srq ? 0 : qp->r_rq.size - 1; 1493 attr->cap.max_send_sge = qp->s_max_sge; 1494 attr->cap.max_recv_sge = qp->r_rq.max_sge; 1495 attr->cap.max_inline_data = 0; 1496 attr->ah_attr = qp->remote_ah_attr; 1497 attr->alt_ah_attr = qp->alt_ah_attr; 1498 attr->pkey_index = qp->s_pkey_index; 1499 attr->alt_pkey_index = qp->s_alt_pkey_index; 1500 attr->en_sqd_async_notify = 0; 1501 attr->sq_draining = qp->s_draining; 1502 attr->max_rd_atomic = qp->s_max_rd_atomic; 1503 attr->max_dest_rd_atomic = qp->r_max_rd_atomic; 1504 attr->min_rnr_timer = qp->r_min_rnr_timer; 1505 attr->port_num = qp->port_num; 1506 attr->timeout = qp->timeout; 1507 attr->retry_cnt = qp->s_retry_cnt; 1508 attr->rnr_retry = qp->s_rnr_retry_cnt; 1509 attr->alt_port_num = 1510 rdma_ah_get_port_num(&qp->alt_ah_attr); 1511 attr->alt_timeout = qp->alt_timeout; 1512 1513 init_attr->event_handler = qp->ibqp.event_handler; 1514 init_attr->qp_context = qp->ibqp.qp_context; 1515 init_attr->send_cq = qp->ibqp.send_cq; 1516 init_attr->recv_cq = qp->ibqp.recv_cq; 1517 init_attr->srq = qp->ibqp.srq; 1518 init_attr->cap = attr->cap; 1519 if (qp->s_flags & RVT_S_SIGNAL_REQ_WR) 1520 init_attr->sq_sig_type = IB_SIGNAL_REQ_WR; 1521 else 1522 init_attr->sq_sig_type = IB_SIGNAL_ALL_WR; 1523 init_attr->qp_type = qp->ibqp.qp_type; 1524 init_attr->port_num = qp->port_num; 1525 return 0; 1526 } 1527 1528 /** 1529 * rvt_post_receive - post a receive on a QP 1530 * @ibqp: the QP to post the receive on 1531 * @wr: the WR to post 1532 * @bad_wr: the first bad WR is put here 1533 * 1534 * This may be called from interrupt context. 1535 * 1536 * Return: 0 on success otherwise errno 1537 */ 1538 int rvt_post_recv(struct ib_qp *ibqp, const struct ib_recv_wr *wr, 1539 const struct ib_recv_wr **bad_wr) 1540 { 1541 struct rvt_qp *qp = ibqp_to_rvtqp(ibqp); 1542 struct rvt_rwq *wq = qp->r_rq.wq; 1543 unsigned long flags; 1544 int qp_err_flush = (ib_rvt_state_ops[qp->state] & RVT_FLUSH_RECV) && 1545 !qp->ibqp.srq; 1546 1547 /* Check that state is OK to post receive. */ 1548 if (!(ib_rvt_state_ops[qp->state] & RVT_POST_RECV_OK) || !wq) { 1549 *bad_wr = wr; 1550 return -EINVAL; 1551 } 1552 1553 for (; wr; wr = wr->next) { 1554 struct rvt_rwqe *wqe; 1555 u32 next; 1556 int i; 1557 1558 if ((unsigned)wr->num_sge > qp->r_rq.max_sge) { 1559 *bad_wr = wr; 1560 return -EINVAL; 1561 } 1562 1563 spin_lock_irqsave(&qp->r_rq.lock, flags); 1564 next = wq->head + 1; 1565 if (next >= qp->r_rq.size) 1566 next = 0; 1567 if (next == wq->tail) { 1568 spin_unlock_irqrestore(&qp->r_rq.lock, flags); 1569 *bad_wr = wr; 1570 return -ENOMEM; 1571 } 1572 if (unlikely(qp_err_flush)) { 1573 struct ib_wc wc; 1574 1575 memset(&wc, 0, sizeof(wc)); 1576 wc.qp = &qp->ibqp; 1577 wc.opcode = IB_WC_RECV; 1578 wc.wr_id = wr->wr_id; 1579 wc.status = IB_WC_WR_FLUSH_ERR; 1580 rvt_cq_enter(ibcq_to_rvtcq(qp->ibqp.recv_cq), &wc, 1); 1581 } else { 1582 wqe = rvt_get_rwqe_ptr(&qp->r_rq, wq->head); 1583 wqe->wr_id = wr->wr_id; 1584 wqe->num_sge = wr->num_sge; 1585 for (i = 0; i < wr->num_sge; i++) 1586 wqe->sg_list[i] = wr->sg_list[i]; 1587 /* 1588 * Make sure queue entry is written 1589 * before the head index. 1590 */ 1591 smp_wmb(); 1592 wq->head = next; 1593 } 1594 spin_unlock_irqrestore(&qp->r_rq.lock, flags); 1595 } 1596 return 0; 1597 } 1598 1599 /** 1600 * rvt_qp_valid_operation - validate post send wr request 1601 * @qp - the qp 1602 * @post-parms - the post send table for the driver 1603 * @wr - the work request 1604 * 1605 * The routine validates the operation based on the 1606 * validation table an returns the length of the operation 1607 * which can extend beyond the ib_send_bw. Operation 1608 * dependent flags key atomic operation validation. 1609 * 1610 * There is an exception for UD qps that validates the pd and 1611 * overrides the length to include the additional UD specific 1612 * length. 1613 * 1614 * Returns a negative error or the length of the work request 1615 * for building the swqe. 1616 */ 1617 static inline int rvt_qp_valid_operation( 1618 struct rvt_qp *qp, 1619 const struct rvt_operation_params *post_parms, 1620 const struct ib_send_wr *wr) 1621 { 1622 int len; 1623 1624 if (wr->opcode >= RVT_OPERATION_MAX || !post_parms[wr->opcode].length) 1625 return -EINVAL; 1626 if (!(post_parms[wr->opcode].qpt_support & BIT(qp->ibqp.qp_type))) 1627 return -EINVAL; 1628 if ((post_parms[wr->opcode].flags & RVT_OPERATION_PRIV) && 1629 ibpd_to_rvtpd(qp->ibqp.pd)->user) 1630 return -EINVAL; 1631 if (post_parms[wr->opcode].flags & RVT_OPERATION_ATOMIC_SGE && 1632 (wr->num_sge == 0 || 1633 wr->sg_list[0].length < sizeof(u64) || 1634 wr->sg_list[0].addr & (sizeof(u64) - 1))) 1635 return -EINVAL; 1636 if (post_parms[wr->opcode].flags & RVT_OPERATION_ATOMIC && 1637 !qp->s_max_rd_atomic) 1638 return -EINVAL; 1639 len = post_parms[wr->opcode].length; 1640 /* UD specific */ 1641 if (qp->ibqp.qp_type != IB_QPT_UC && 1642 qp->ibqp.qp_type != IB_QPT_RC) { 1643 if (qp->ibqp.pd != ud_wr(wr)->ah->pd) 1644 return -EINVAL; 1645 len = sizeof(struct ib_ud_wr); 1646 } 1647 return len; 1648 } 1649 1650 /** 1651 * rvt_qp_is_avail - determine queue capacity 1652 * @qp: the qp 1653 * @rdi: the rdmavt device 1654 * @reserved_op: is reserved operation 1655 * 1656 * This assumes the s_hlock is held but the s_last 1657 * qp variable is uncontrolled. 1658 * 1659 * For non reserved operations, the qp->s_avail 1660 * may be changed. 1661 * 1662 * The return value is zero or a -ENOMEM. 1663 */ 1664 static inline int rvt_qp_is_avail( 1665 struct rvt_qp *qp, 1666 struct rvt_dev_info *rdi, 1667 bool reserved_op) 1668 { 1669 u32 slast; 1670 u32 avail; 1671 u32 reserved_used; 1672 1673 /* see rvt_qp_wqe_unreserve() */ 1674 smp_mb__before_atomic(); 1675 reserved_used = atomic_read(&qp->s_reserved_used); 1676 if (unlikely(reserved_op)) { 1677 /* see rvt_qp_wqe_unreserve() */ 1678 smp_mb__before_atomic(); 1679 if (reserved_used >= rdi->dparms.reserved_operations) 1680 return -ENOMEM; 1681 return 0; 1682 } 1683 /* non-reserved operations */ 1684 if (likely(qp->s_avail)) 1685 return 0; 1686 slast = READ_ONCE(qp->s_last); 1687 if (qp->s_head >= slast) 1688 avail = qp->s_size - (qp->s_head - slast); 1689 else 1690 avail = slast - qp->s_head; 1691 1692 /* see rvt_qp_wqe_unreserve() */ 1693 smp_mb__before_atomic(); 1694 reserved_used = atomic_read(&qp->s_reserved_used); 1695 avail = avail - 1 - 1696 (rdi->dparms.reserved_operations - reserved_used); 1697 /* insure we don't assign a negative s_avail */ 1698 if ((s32)avail <= 0) 1699 return -ENOMEM; 1700 qp->s_avail = avail; 1701 if (WARN_ON(qp->s_avail > 1702 (qp->s_size - 1 - rdi->dparms.reserved_operations))) 1703 rvt_pr_err(rdi, 1704 "More avail entries than QP RB size.\nQP: %u, size: %u, avail: %u\nhead: %u, tail: %u, cur: %u, acked: %u, last: %u", 1705 qp->ibqp.qp_num, qp->s_size, qp->s_avail, 1706 qp->s_head, qp->s_tail, qp->s_cur, 1707 qp->s_acked, qp->s_last); 1708 return 0; 1709 } 1710 1711 /** 1712 * rvt_post_one_wr - post one RC, UC, or UD send work request 1713 * @qp: the QP to post on 1714 * @wr: the work request to send 1715 */ 1716 static int rvt_post_one_wr(struct rvt_qp *qp, 1717 const struct ib_send_wr *wr, 1718 bool *call_send) 1719 { 1720 struct rvt_swqe *wqe; 1721 u32 next; 1722 int i; 1723 int j; 1724 int acc; 1725 struct rvt_lkey_table *rkt; 1726 struct rvt_pd *pd; 1727 struct rvt_dev_info *rdi = ib_to_rvt(qp->ibqp.device); 1728 u8 log_pmtu; 1729 int ret; 1730 size_t cplen; 1731 bool reserved_op; 1732 int local_ops_delayed = 0; 1733 1734 BUILD_BUG_ON(IB_QPT_MAX >= (sizeof(u32) * BITS_PER_BYTE)); 1735 1736 /* IB spec says that num_sge == 0 is OK. */ 1737 if (unlikely(wr->num_sge > qp->s_max_sge)) 1738 return -EINVAL; 1739 1740 ret = rvt_qp_valid_operation(qp, rdi->post_parms, wr); 1741 if (ret < 0) 1742 return ret; 1743 cplen = ret; 1744 1745 /* 1746 * Local operations include fast register and local invalidate. 1747 * Fast register needs to be processed immediately because the 1748 * registered lkey may be used by following work requests and the 1749 * lkey needs to be valid at the time those requests are posted. 1750 * Local invalidate can be processed immediately if fencing is 1751 * not required and no previous local invalidate ops are pending. 1752 * Signaled local operations that have been processed immediately 1753 * need to have requests with "completion only" flags set posted 1754 * to the send queue in order to generate completions. 1755 */ 1756 if ((rdi->post_parms[wr->opcode].flags & RVT_OPERATION_LOCAL)) { 1757 switch (wr->opcode) { 1758 case IB_WR_REG_MR: 1759 ret = rvt_fast_reg_mr(qp, 1760 reg_wr(wr)->mr, 1761 reg_wr(wr)->key, 1762 reg_wr(wr)->access); 1763 if (ret || !(wr->send_flags & IB_SEND_SIGNALED)) 1764 return ret; 1765 break; 1766 case IB_WR_LOCAL_INV: 1767 if ((wr->send_flags & IB_SEND_FENCE) || 1768 atomic_read(&qp->local_ops_pending)) { 1769 local_ops_delayed = 1; 1770 } else { 1771 ret = rvt_invalidate_rkey( 1772 qp, wr->ex.invalidate_rkey); 1773 if (ret || !(wr->send_flags & IB_SEND_SIGNALED)) 1774 return ret; 1775 } 1776 break; 1777 default: 1778 return -EINVAL; 1779 } 1780 } 1781 1782 reserved_op = rdi->post_parms[wr->opcode].flags & 1783 RVT_OPERATION_USE_RESERVE; 1784 /* check for avail */ 1785 ret = rvt_qp_is_avail(qp, rdi, reserved_op); 1786 if (ret) 1787 return ret; 1788 next = qp->s_head + 1; 1789 if (next >= qp->s_size) 1790 next = 0; 1791 1792 rkt = &rdi->lkey_table; 1793 pd = ibpd_to_rvtpd(qp->ibqp.pd); 1794 wqe = rvt_get_swqe_ptr(qp, qp->s_head); 1795 1796 /* cplen has length from above */ 1797 memcpy(&wqe->wr, wr, cplen); 1798 1799 wqe->length = 0; 1800 j = 0; 1801 if (wr->num_sge) { 1802 struct rvt_sge *last_sge = NULL; 1803 1804 acc = wr->opcode >= IB_WR_RDMA_READ ? 1805 IB_ACCESS_LOCAL_WRITE : 0; 1806 for (i = 0; i < wr->num_sge; i++) { 1807 u32 length = wr->sg_list[i].length; 1808 1809 if (length == 0) 1810 continue; 1811 ret = rvt_lkey_ok(rkt, pd, &wqe->sg_list[j], last_sge, 1812 &wr->sg_list[i], acc); 1813 if (unlikely(ret < 0)) 1814 goto bail_inval_free; 1815 wqe->length += length; 1816 if (ret) 1817 last_sge = &wqe->sg_list[j]; 1818 j += ret; 1819 } 1820 wqe->wr.num_sge = j; 1821 } 1822 1823 /* 1824 * Calculate and set SWQE PSN values prior to handing it off 1825 * to the driver's check routine. This give the driver the 1826 * opportunity to adjust PSN values based on internal checks. 1827 */ 1828 log_pmtu = qp->log_pmtu; 1829 if (qp->ibqp.qp_type != IB_QPT_UC && 1830 qp->ibqp.qp_type != IB_QPT_RC) { 1831 struct rvt_ah *ah = ibah_to_rvtah(wqe->ud_wr.ah); 1832 1833 log_pmtu = ah->log_pmtu; 1834 atomic_inc(&ibah_to_rvtah(ud_wr(wr)->ah)->refcount); 1835 } 1836 1837 if (rdi->post_parms[wr->opcode].flags & RVT_OPERATION_LOCAL) { 1838 if (local_ops_delayed) 1839 atomic_inc(&qp->local_ops_pending); 1840 else 1841 wqe->wr.send_flags |= RVT_SEND_COMPLETION_ONLY; 1842 wqe->ssn = 0; 1843 wqe->psn = 0; 1844 wqe->lpsn = 0; 1845 } else { 1846 wqe->ssn = qp->s_ssn++; 1847 wqe->psn = qp->s_next_psn; 1848 wqe->lpsn = wqe->psn + 1849 (wqe->length ? 1850 ((wqe->length - 1) >> log_pmtu) : 1851 0); 1852 } 1853 1854 /* general part of wqe valid - allow for driver checks */ 1855 if (rdi->driver_f.setup_wqe) { 1856 ret = rdi->driver_f.setup_wqe(qp, wqe, call_send); 1857 if (ret < 0) 1858 goto bail_inval_free_ref; 1859 } 1860 1861 if (!(rdi->post_parms[wr->opcode].flags & RVT_OPERATION_LOCAL)) 1862 qp->s_next_psn = wqe->lpsn + 1; 1863 1864 if (unlikely(reserved_op)) { 1865 wqe->wr.send_flags |= RVT_SEND_RESERVE_USED; 1866 rvt_qp_wqe_reserve(qp, wqe); 1867 } else { 1868 wqe->wr.send_flags &= ~RVT_SEND_RESERVE_USED; 1869 qp->s_avail--; 1870 } 1871 trace_rvt_post_one_wr(qp, wqe, wr->num_sge); 1872 smp_wmb(); /* see request builders */ 1873 qp->s_head = next; 1874 1875 return 0; 1876 1877 bail_inval_free_ref: 1878 if (qp->ibqp.qp_type != IB_QPT_UC && 1879 qp->ibqp.qp_type != IB_QPT_RC) 1880 atomic_dec(&ibah_to_rvtah(ud_wr(wr)->ah)->refcount); 1881 bail_inval_free: 1882 /* release mr holds */ 1883 while (j) { 1884 struct rvt_sge *sge = &wqe->sg_list[--j]; 1885 1886 rvt_put_mr(sge->mr); 1887 } 1888 return ret; 1889 } 1890 1891 /** 1892 * rvt_post_send - post a send on a QP 1893 * @ibqp: the QP to post the send on 1894 * @wr: the list of work requests to post 1895 * @bad_wr: the first bad WR is put here 1896 * 1897 * This may be called from interrupt context. 1898 * 1899 * Return: 0 on success else errno 1900 */ 1901 int rvt_post_send(struct ib_qp *ibqp, const struct ib_send_wr *wr, 1902 const struct ib_send_wr **bad_wr) 1903 { 1904 struct rvt_qp *qp = ibqp_to_rvtqp(ibqp); 1905 struct rvt_dev_info *rdi = ib_to_rvt(ibqp->device); 1906 unsigned long flags = 0; 1907 bool call_send; 1908 unsigned nreq = 0; 1909 int err = 0; 1910 1911 spin_lock_irqsave(&qp->s_hlock, flags); 1912 1913 /* 1914 * Ensure QP state is such that we can send. If not bail out early, 1915 * there is no need to do this every time we post a send. 1916 */ 1917 if (unlikely(!(ib_rvt_state_ops[qp->state] & RVT_POST_SEND_OK))) { 1918 spin_unlock_irqrestore(&qp->s_hlock, flags); 1919 return -EINVAL; 1920 } 1921 1922 /* 1923 * If the send queue is empty, and we only have a single WR then just go 1924 * ahead and kick the send engine into gear. Otherwise we will always 1925 * just schedule the send to happen later. 1926 */ 1927 call_send = qp->s_head == READ_ONCE(qp->s_last) && !wr->next; 1928 1929 for (; wr; wr = wr->next) { 1930 err = rvt_post_one_wr(qp, wr, &call_send); 1931 if (unlikely(err)) { 1932 *bad_wr = wr; 1933 goto bail; 1934 } 1935 nreq++; 1936 } 1937 bail: 1938 spin_unlock_irqrestore(&qp->s_hlock, flags); 1939 if (nreq) { 1940 /* 1941 * Only call do_send if there is exactly one packet, and the 1942 * driver said it was ok. 1943 */ 1944 if (nreq == 1 && call_send) 1945 rdi->driver_f.do_send(qp); 1946 else 1947 rdi->driver_f.schedule_send_no_lock(qp); 1948 } 1949 return err; 1950 } 1951 1952 /** 1953 * rvt_post_srq_receive - post a receive on a shared receive queue 1954 * @ibsrq: the SRQ to post the receive on 1955 * @wr: the list of work requests to post 1956 * @bad_wr: A pointer to the first WR to cause a problem is put here 1957 * 1958 * This may be called from interrupt context. 1959 * 1960 * Return: 0 on success else errno 1961 */ 1962 int rvt_post_srq_recv(struct ib_srq *ibsrq, const struct ib_recv_wr *wr, 1963 const struct ib_recv_wr **bad_wr) 1964 { 1965 struct rvt_srq *srq = ibsrq_to_rvtsrq(ibsrq); 1966 struct rvt_rwq *wq; 1967 unsigned long flags; 1968 1969 for (; wr; wr = wr->next) { 1970 struct rvt_rwqe *wqe; 1971 u32 next; 1972 int i; 1973 1974 if ((unsigned)wr->num_sge > srq->rq.max_sge) { 1975 *bad_wr = wr; 1976 return -EINVAL; 1977 } 1978 1979 spin_lock_irqsave(&srq->rq.lock, flags); 1980 wq = srq->rq.wq; 1981 next = wq->head + 1; 1982 if (next >= srq->rq.size) 1983 next = 0; 1984 if (next == wq->tail) { 1985 spin_unlock_irqrestore(&srq->rq.lock, flags); 1986 *bad_wr = wr; 1987 return -ENOMEM; 1988 } 1989 1990 wqe = rvt_get_rwqe_ptr(&srq->rq, wq->head); 1991 wqe->wr_id = wr->wr_id; 1992 wqe->num_sge = wr->num_sge; 1993 for (i = 0; i < wr->num_sge; i++) 1994 wqe->sg_list[i] = wr->sg_list[i]; 1995 /* Make sure queue entry is written before the head index. */ 1996 smp_wmb(); 1997 wq->head = next; 1998 spin_unlock_irqrestore(&srq->rq.lock, flags); 1999 } 2000 return 0; 2001 } 2002 2003 /* 2004 * Validate a RWQE and fill in the SGE state. 2005 * Return 1 if OK. 2006 */ 2007 static int init_sge(struct rvt_qp *qp, struct rvt_rwqe *wqe) 2008 { 2009 int i, j, ret; 2010 struct ib_wc wc; 2011 struct rvt_lkey_table *rkt; 2012 struct rvt_pd *pd; 2013 struct rvt_sge_state *ss; 2014 struct rvt_dev_info *rdi = ib_to_rvt(qp->ibqp.device); 2015 2016 rkt = &rdi->lkey_table; 2017 pd = ibpd_to_rvtpd(qp->ibqp.srq ? qp->ibqp.srq->pd : qp->ibqp.pd); 2018 ss = &qp->r_sge; 2019 ss->sg_list = qp->r_sg_list; 2020 qp->r_len = 0; 2021 for (i = j = 0; i < wqe->num_sge; i++) { 2022 if (wqe->sg_list[i].length == 0) 2023 continue; 2024 /* Check LKEY */ 2025 ret = rvt_lkey_ok(rkt, pd, j ? &ss->sg_list[j - 1] : &ss->sge, 2026 NULL, &wqe->sg_list[i], 2027 IB_ACCESS_LOCAL_WRITE); 2028 if (unlikely(ret <= 0)) 2029 goto bad_lkey; 2030 qp->r_len += wqe->sg_list[i].length; 2031 j++; 2032 } 2033 ss->num_sge = j; 2034 ss->total_len = qp->r_len; 2035 return 1; 2036 2037 bad_lkey: 2038 while (j) { 2039 struct rvt_sge *sge = --j ? &ss->sg_list[j - 1] : &ss->sge; 2040 2041 rvt_put_mr(sge->mr); 2042 } 2043 ss->num_sge = 0; 2044 memset(&wc, 0, sizeof(wc)); 2045 wc.wr_id = wqe->wr_id; 2046 wc.status = IB_WC_LOC_PROT_ERR; 2047 wc.opcode = IB_WC_RECV; 2048 wc.qp = &qp->ibqp; 2049 /* Signal solicited completion event. */ 2050 rvt_cq_enter(ibcq_to_rvtcq(qp->ibqp.recv_cq), &wc, 1); 2051 return 0; 2052 } 2053 2054 /** 2055 * rvt_get_rwqe - copy the next RWQE into the QP's RWQE 2056 * @qp: the QP 2057 * @wr_id_only: update qp->r_wr_id only, not qp->r_sge 2058 * 2059 * Return -1 if there is a local error, 0 if no RWQE is available, 2060 * otherwise return 1. 2061 * 2062 * Can be called from interrupt level. 2063 */ 2064 int rvt_get_rwqe(struct rvt_qp *qp, bool wr_id_only) 2065 { 2066 unsigned long flags; 2067 struct rvt_rq *rq; 2068 struct rvt_rwq *wq; 2069 struct rvt_srq *srq; 2070 struct rvt_rwqe *wqe; 2071 void (*handler)(struct ib_event *, void *); 2072 u32 tail; 2073 int ret; 2074 2075 if (qp->ibqp.srq) { 2076 srq = ibsrq_to_rvtsrq(qp->ibqp.srq); 2077 handler = srq->ibsrq.event_handler; 2078 rq = &srq->rq; 2079 } else { 2080 srq = NULL; 2081 handler = NULL; 2082 rq = &qp->r_rq; 2083 } 2084 2085 spin_lock_irqsave(&rq->lock, flags); 2086 if (!(ib_rvt_state_ops[qp->state] & RVT_PROCESS_RECV_OK)) { 2087 ret = 0; 2088 goto unlock; 2089 } 2090 2091 wq = rq->wq; 2092 tail = wq->tail; 2093 /* Validate tail before using it since it is user writable. */ 2094 if (tail >= rq->size) 2095 tail = 0; 2096 if (unlikely(tail == wq->head)) { 2097 ret = 0; 2098 goto unlock; 2099 } 2100 /* Make sure entry is read after head index is read. */ 2101 smp_rmb(); 2102 wqe = rvt_get_rwqe_ptr(rq, tail); 2103 /* 2104 * Even though we update the tail index in memory, the verbs 2105 * consumer is not supposed to post more entries until a 2106 * completion is generated. 2107 */ 2108 if (++tail >= rq->size) 2109 tail = 0; 2110 wq->tail = tail; 2111 if (!wr_id_only && !init_sge(qp, wqe)) { 2112 ret = -1; 2113 goto unlock; 2114 } 2115 qp->r_wr_id = wqe->wr_id; 2116 2117 ret = 1; 2118 set_bit(RVT_R_WRID_VALID, &qp->r_aflags); 2119 if (handler) { 2120 u32 n; 2121 2122 /* 2123 * Validate head pointer value and compute 2124 * the number of remaining WQEs. 2125 */ 2126 n = wq->head; 2127 if (n >= rq->size) 2128 n = 0; 2129 if (n < tail) 2130 n += rq->size - tail; 2131 else 2132 n -= tail; 2133 if (n < srq->limit) { 2134 struct ib_event ev; 2135 2136 srq->limit = 0; 2137 spin_unlock_irqrestore(&rq->lock, flags); 2138 ev.device = qp->ibqp.device; 2139 ev.element.srq = qp->ibqp.srq; 2140 ev.event = IB_EVENT_SRQ_LIMIT_REACHED; 2141 handler(&ev, srq->ibsrq.srq_context); 2142 goto bail; 2143 } 2144 } 2145 unlock: 2146 spin_unlock_irqrestore(&rq->lock, flags); 2147 bail: 2148 return ret; 2149 } 2150 EXPORT_SYMBOL(rvt_get_rwqe); 2151 2152 /** 2153 * qp_comm_est - handle trap with QP established 2154 * @qp: the QP 2155 */ 2156 void rvt_comm_est(struct rvt_qp *qp) 2157 { 2158 qp->r_flags |= RVT_R_COMM_EST; 2159 if (qp->ibqp.event_handler) { 2160 struct ib_event ev; 2161 2162 ev.device = qp->ibqp.device; 2163 ev.element.qp = &qp->ibqp; 2164 ev.event = IB_EVENT_COMM_EST; 2165 qp->ibqp.event_handler(&ev, qp->ibqp.qp_context); 2166 } 2167 } 2168 EXPORT_SYMBOL(rvt_comm_est); 2169 2170 void rvt_rc_error(struct rvt_qp *qp, enum ib_wc_status err) 2171 { 2172 unsigned long flags; 2173 int lastwqe; 2174 2175 spin_lock_irqsave(&qp->s_lock, flags); 2176 lastwqe = rvt_error_qp(qp, err); 2177 spin_unlock_irqrestore(&qp->s_lock, flags); 2178 2179 if (lastwqe) { 2180 struct ib_event ev; 2181 2182 ev.device = qp->ibqp.device; 2183 ev.element.qp = &qp->ibqp; 2184 ev.event = IB_EVENT_QP_LAST_WQE_REACHED; 2185 qp->ibqp.event_handler(&ev, qp->ibqp.qp_context); 2186 } 2187 } 2188 EXPORT_SYMBOL(rvt_rc_error); 2189 2190 /* 2191 * rvt_rnr_tbl_to_usec - return index into ib_rvt_rnr_table 2192 * @index - the index 2193 * return usec from an index into ib_rvt_rnr_table 2194 */ 2195 unsigned long rvt_rnr_tbl_to_usec(u32 index) 2196 { 2197 return ib_rvt_rnr_table[(index & IB_AETH_CREDIT_MASK)]; 2198 } 2199 EXPORT_SYMBOL(rvt_rnr_tbl_to_usec); 2200 2201 static inline unsigned long rvt_aeth_to_usec(u32 aeth) 2202 { 2203 return ib_rvt_rnr_table[(aeth >> IB_AETH_CREDIT_SHIFT) & 2204 IB_AETH_CREDIT_MASK]; 2205 } 2206 2207 /* 2208 * rvt_add_retry_timer - add/start a retry timer 2209 * @qp - the QP 2210 * add a retry timer on the QP 2211 */ 2212 void rvt_add_retry_timer(struct rvt_qp *qp) 2213 { 2214 struct ib_qp *ibqp = &qp->ibqp; 2215 struct rvt_dev_info *rdi = ib_to_rvt(ibqp->device); 2216 2217 lockdep_assert_held(&qp->s_lock); 2218 qp->s_flags |= RVT_S_TIMER; 2219 /* 4.096 usec. * (1 << qp->timeout) */ 2220 qp->s_timer.expires = jiffies + qp->timeout_jiffies + 2221 rdi->busy_jiffies; 2222 add_timer(&qp->s_timer); 2223 } 2224 EXPORT_SYMBOL(rvt_add_retry_timer); 2225 2226 /** 2227 * rvt_add_rnr_timer - add/start an rnr timer 2228 * @qp - the QP 2229 * @aeth - aeth of RNR timeout, simulated aeth for loopback 2230 * add an rnr timer on the QP 2231 */ 2232 void rvt_add_rnr_timer(struct rvt_qp *qp, u32 aeth) 2233 { 2234 u32 to; 2235 2236 lockdep_assert_held(&qp->s_lock); 2237 qp->s_flags |= RVT_S_WAIT_RNR; 2238 to = rvt_aeth_to_usec(aeth); 2239 trace_rvt_rnrnak_add(qp, to); 2240 hrtimer_start(&qp->s_rnr_timer, 2241 ns_to_ktime(1000 * to), HRTIMER_MODE_REL_PINNED); 2242 } 2243 EXPORT_SYMBOL(rvt_add_rnr_timer); 2244 2245 /** 2246 * rvt_stop_rc_timers - stop all timers 2247 * @qp - the QP 2248 * stop any pending timers 2249 */ 2250 void rvt_stop_rc_timers(struct rvt_qp *qp) 2251 { 2252 lockdep_assert_held(&qp->s_lock); 2253 /* Remove QP from all timers */ 2254 if (qp->s_flags & (RVT_S_TIMER | RVT_S_WAIT_RNR)) { 2255 qp->s_flags &= ~(RVT_S_TIMER | RVT_S_WAIT_RNR); 2256 del_timer(&qp->s_timer); 2257 hrtimer_try_to_cancel(&qp->s_rnr_timer); 2258 } 2259 } 2260 EXPORT_SYMBOL(rvt_stop_rc_timers); 2261 2262 /** 2263 * rvt_stop_rnr_timer - stop an rnr timer 2264 * @qp - the QP 2265 * 2266 * stop an rnr timer and return if the timer 2267 * had been pending. 2268 */ 2269 static void rvt_stop_rnr_timer(struct rvt_qp *qp) 2270 { 2271 lockdep_assert_held(&qp->s_lock); 2272 /* Remove QP from rnr timer */ 2273 if (qp->s_flags & RVT_S_WAIT_RNR) { 2274 qp->s_flags &= ~RVT_S_WAIT_RNR; 2275 trace_rvt_rnrnak_stop(qp, 0); 2276 } 2277 } 2278 2279 /** 2280 * rvt_del_timers_sync - wait for any timeout routines to exit 2281 * @qp - the QP 2282 */ 2283 void rvt_del_timers_sync(struct rvt_qp *qp) 2284 { 2285 del_timer_sync(&qp->s_timer); 2286 hrtimer_cancel(&qp->s_rnr_timer); 2287 } 2288 EXPORT_SYMBOL(rvt_del_timers_sync); 2289 2290 /** 2291 * This is called from s_timer for missing responses. 2292 */ 2293 static void rvt_rc_timeout(struct timer_list *t) 2294 { 2295 struct rvt_qp *qp = from_timer(qp, t, s_timer); 2296 struct rvt_dev_info *rdi = ib_to_rvt(qp->ibqp.device); 2297 unsigned long flags; 2298 2299 spin_lock_irqsave(&qp->r_lock, flags); 2300 spin_lock(&qp->s_lock); 2301 if (qp->s_flags & RVT_S_TIMER) { 2302 struct rvt_ibport *rvp = rdi->ports[qp->port_num - 1]; 2303 2304 qp->s_flags &= ~RVT_S_TIMER; 2305 rvp->n_rc_timeouts++; 2306 del_timer(&qp->s_timer); 2307 trace_rvt_rc_timeout(qp, qp->s_last_psn + 1); 2308 if (rdi->driver_f.notify_restart_rc) 2309 rdi->driver_f.notify_restart_rc(qp, 2310 qp->s_last_psn + 1, 2311 1); 2312 rdi->driver_f.schedule_send(qp); 2313 } 2314 spin_unlock(&qp->s_lock); 2315 spin_unlock_irqrestore(&qp->r_lock, flags); 2316 } 2317 2318 /* 2319 * This is called from s_timer for RNR timeouts. 2320 */ 2321 enum hrtimer_restart rvt_rc_rnr_retry(struct hrtimer *t) 2322 { 2323 struct rvt_qp *qp = container_of(t, struct rvt_qp, s_rnr_timer); 2324 struct rvt_dev_info *rdi = ib_to_rvt(qp->ibqp.device); 2325 unsigned long flags; 2326 2327 spin_lock_irqsave(&qp->s_lock, flags); 2328 rvt_stop_rnr_timer(qp); 2329 trace_rvt_rnrnak_timeout(qp, 0); 2330 rdi->driver_f.schedule_send(qp); 2331 spin_unlock_irqrestore(&qp->s_lock, flags); 2332 return HRTIMER_NORESTART; 2333 } 2334 EXPORT_SYMBOL(rvt_rc_rnr_retry); 2335 2336 /** 2337 * rvt_qp_iter_init - initial for QP iteration 2338 * @rdi: rvt devinfo 2339 * @v: u64 value 2340 * 2341 * This returns an iterator suitable for iterating QPs 2342 * in the system. 2343 * 2344 * The @cb is a user defined callback and @v is a 64 2345 * bit value passed to and relevant for processing in the 2346 * @cb. An example use case would be to alter QP processing 2347 * based on criteria not part of the rvt_qp. 2348 * 2349 * Use cases that require memory allocation to succeed 2350 * must preallocate appropriately. 2351 * 2352 * Return: a pointer to an rvt_qp_iter or NULL 2353 */ 2354 struct rvt_qp_iter *rvt_qp_iter_init(struct rvt_dev_info *rdi, 2355 u64 v, 2356 void (*cb)(struct rvt_qp *qp, u64 v)) 2357 { 2358 struct rvt_qp_iter *i; 2359 2360 i = kzalloc(sizeof(*i), GFP_KERNEL); 2361 if (!i) 2362 return NULL; 2363 2364 i->rdi = rdi; 2365 /* number of special QPs (SMI/GSI) for device */ 2366 i->specials = rdi->ibdev.phys_port_cnt * 2; 2367 i->v = v; 2368 i->cb = cb; 2369 2370 return i; 2371 } 2372 EXPORT_SYMBOL(rvt_qp_iter_init); 2373 2374 /** 2375 * rvt_qp_iter_next - return the next QP in iter 2376 * @iter - the iterator 2377 * 2378 * Fine grained QP iterator suitable for use 2379 * with debugfs seq_file mechanisms. 2380 * 2381 * Updates iter->qp with the current QP when the return 2382 * value is 0. 2383 * 2384 * Return: 0 - iter->qp is valid 1 - no more QPs 2385 */ 2386 int rvt_qp_iter_next(struct rvt_qp_iter *iter) 2387 __must_hold(RCU) 2388 { 2389 int n = iter->n; 2390 int ret = 1; 2391 struct rvt_qp *pqp = iter->qp; 2392 struct rvt_qp *qp; 2393 struct rvt_dev_info *rdi = iter->rdi; 2394 2395 /* 2396 * The approach is to consider the special qps 2397 * as additional table entries before the 2398 * real hash table. Since the qp code sets 2399 * the qp->next hash link to NULL, this works just fine. 2400 * 2401 * iter->specials is 2 * # ports 2402 * 2403 * n = 0..iter->specials is the special qp indices 2404 * 2405 * n = iter->specials..rdi->qp_dev->qp_table_size+iter->specials are 2406 * the potential hash bucket entries 2407 * 2408 */ 2409 for (; n < rdi->qp_dev->qp_table_size + iter->specials; n++) { 2410 if (pqp) { 2411 qp = rcu_dereference(pqp->next); 2412 } else { 2413 if (n < iter->specials) { 2414 struct rvt_ibport *rvp; 2415 int pidx; 2416 2417 pidx = n % rdi->ibdev.phys_port_cnt; 2418 rvp = rdi->ports[pidx]; 2419 qp = rcu_dereference(rvp->qp[n & 1]); 2420 } else { 2421 qp = rcu_dereference( 2422 rdi->qp_dev->qp_table[ 2423 (n - iter->specials)]); 2424 } 2425 } 2426 pqp = qp; 2427 if (qp) { 2428 iter->qp = qp; 2429 iter->n = n; 2430 return 0; 2431 } 2432 } 2433 return ret; 2434 } 2435 EXPORT_SYMBOL(rvt_qp_iter_next); 2436 2437 /** 2438 * rvt_qp_iter - iterate all QPs 2439 * @rdi - rvt devinfo 2440 * @v - a 64 bit value 2441 * @cb - a callback 2442 * 2443 * This provides a way for iterating all QPs. 2444 * 2445 * The @cb is a user defined callback and @v is a 64 2446 * bit value passed to and relevant for processing in the 2447 * cb. An example use case would be to alter QP processing 2448 * based on criteria not part of the rvt_qp. 2449 * 2450 * The code has an internal iterator to simplify 2451 * non seq_file use cases. 2452 */ 2453 void rvt_qp_iter(struct rvt_dev_info *rdi, 2454 u64 v, 2455 void (*cb)(struct rvt_qp *qp, u64 v)) 2456 { 2457 int ret; 2458 struct rvt_qp_iter i = { 2459 .rdi = rdi, 2460 .specials = rdi->ibdev.phys_port_cnt * 2, 2461 .v = v, 2462 .cb = cb 2463 }; 2464 2465 rcu_read_lock(); 2466 do { 2467 ret = rvt_qp_iter_next(&i); 2468 if (!ret) { 2469 rvt_get_qp(i.qp); 2470 rcu_read_unlock(); 2471 i.cb(i.qp, i.v); 2472 rcu_read_lock(); 2473 rvt_put_qp(i.qp); 2474 } 2475 } while (!ret); 2476 rcu_read_unlock(); 2477 } 2478 EXPORT_SYMBOL(rvt_qp_iter); 2479