xref: /openbmc/linux/drivers/infiniband/sw/siw/siw_cm.c (revision 8795a739)
1 // SPDX-License-Identifier: GPL-2.0 or BSD-3-Clause
2 
3 /* Authors: Bernard Metzler <bmt@zurich.ibm.com> */
4 /*          Fredy Neeser */
5 /*          Greg Joyce <greg@opengridcomputing.com> */
6 /* Copyright (c) 2008-2019, IBM Corporation */
7 /* Copyright (c) 2017, Open Grid Computing, Inc. */
8 
9 #include <linux/errno.h>
10 #include <linux/types.h>
11 #include <linux/net.h>
12 #include <linux/inetdevice.h>
13 #include <net/addrconf.h>
14 #include <linux/workqueue.h>
15 #include <net/sock.h>
16 #include <net/tcp.h>
17 #include <linux/inet.h>
18 #include <linux/tcp.h>
19 
20 #include <rdma/iw_cm.h>
21 #include <rdma/ib_verbs.h>
22 #include <rdma/ib_user_verbs.h>
23 
24 #include "siw.h"
25 #include "siw_cm.h"
26 
27 /*
28  * Set to any combination of
29  * MPA_V2_RDMA_NO_RTR, MPA_V2_RDMA_READ_RTR, MPA_V2_RDMA_WRITE_RTR
30  */
31 static __be16 rtr_type = MPA_V2_RDMA_READ_RTR | MPA_V2_RDMA_WRITE_RTR;
32 static const bool relaxed_ird_negotiation = 1;
33 
34 static void siw_cm_llp_state_change(struct sock *s);
35 static void siw_cm_llp_data_ready(struct sock *s);
36 static void siw_cm_llp_write_space(struct sock *s);
37 static void siw_cm_llp_error_report(struct sock *s);
38 static int siw_cm_upcall(struct siw_cep *cep, enum iw_cm_event_type reason,
39 			 int status);
40 
41 static void siw_sk_assign_cm_upcalls(struct sock *sk)
42 {
43 	write_lock_bh(&sk->sk_callback_lock);
44 	sk->sk_state_change = siw_cm_llp_state_change;
45 	sk->sk_data_ready = siw_cm_llp_data_ready;
46 	sk->sk_write_space = siw_cm_llp_write_space;
47 	sk->sk_error_report = siw_cm_llp_error_report;
48 	write_unlock_bh(&sk->sk_callback_lock);
49 }
50 
51 static void siw_sk_save_upcalls(struct sock *sk)
52 {
53 	struct siw_cep *cep = sk_to_cep(sk);
54 
55 	write_lock_bh(&sk->sk_callback_lock);
56 	cep->sk_state_change = sk->sk_state_change;
57 	cep->sk_data_ready = sk->sk_data_ready;
58 	cep->sk_write_space = sk->sk_write_space;
59 	cep->sk_error_report = sk->sk_error_report;
60 	write_unlock_bh(&sk->sk_callback_lock);
61 }
62 
63 static void siw_sk_restore_upcalls(struct sock *sk, struct siw_cep *cep)
64 {
65 	sk->sk_state_change = cep->sk_state_change;
66 	sk->sk_data_ready = cep->sk_data_ready;
67 	sk->sk_write_space = cep->sk_write_space;
68 	sk->sk_error_report = cep->sk_error_report;
69 	sk->sk_user_data = NULL;
70 }
71 
72 static void siw_qp_socket_assoc(struct siw_cep *cep, struct siw_qp *qp)
73 {
74 	struct socket *s = cep->sock;
75 	struct sock *sk = s->sk;
76 
77 	write_lock_bh(&sk->sk_callback_lock);
78 
79 	qp->attrs.sk = s;
80 	sk->sk_data_ready = siw_qp_llp_data_ready;
81 	sk->sk_write_space = siw_qp_llp_write_space;
82 
83 	write_unlock_bh(&sk->sk_callback_lock);
84 }
85 
86 static void siw_socket_disassoc(struct socket *s)
87 {
88 	struct sock *sk = s->sk;
89 	struct siw_cep *cep;
90 
91 	if (sk) {
92 		write_lock_bh(&sk->sk_callback_lock);
93 		cep = sk_to_cep(sk);
94 		if (cep) {
95 			siw_sk_restore_upcalls(sk, cep);
96 			siw_cep_put(cep);
97 		} else {
98 			pr_warn("siw: cannot restore sk callbacks: no ep\n");
99 		}
100 		write_unlock_bh(&sk->sk_callback_lock);
101 	} else {
102 		pr_warn("siw: cannot restore sk callbacks: no sk\n");
103 	}
104 }
105 
106 static void siw_rtr_data_ready(struct sock *sk)
107 {
108 	struct siw_cep *cep;
109 	struct siw_qp *qp = NULL;
110 	read_descriptor_t rd_desc;
111 
112 	read_lock(&sk->sk_callback_lock);
113 
114 	cep = sk_to_cep(sk);
115 	if (!cep) {
116 		WARN(1, "No connection endpoint\n");
117 		goto out;
118 	}
119 	qp = sk_to_qp(sk);
120 
121 	memset(&rd_desc, 0, sizeof(rd_desc));
122 	rd_desc.arg.data = qp;
123 	rd_desc.count = 1;
124 
125 	tcp_read_sock(sk, &rd_desc, siw_tcp_rx_data);
126 	/*
127 	 * Check if first frame was successfully processed.
128 	 * Signal connection full establishment if yes.
129 	 * Failed data processing would have already scheduled
130 	 * connection drop.
131 	 */
132 	if (!qp->rx_stream.rx_suspend)
133 		siw_cm_upcall(cep, IW_CM_EVENT_ESTABLISHED, 0);
134 out:
135 	read_unlock(&sk->sk_callback_lock);
136 	if (qp)
137 		siw_qp_socket_assoc(cep, qp);
138 }
139 
140 static void siw_sk_assign_rtr_upcalls(struct siw_cep *cep)
141 {
142 	struct sock *sk = cep->sock->sk;
143 
144 	write_lock_bh(&sk->sk_callback_lock);
145 	sk->sk_data_ready = siw_rtr_data_ready;
146 	sk->sk_write_space = siw_qp_llp_write_space;
147 	write_unlock_bh(&sk->sk_callback_lock);
148 }
149 
150 static void siw_cep_socket_assoc(struct siw_cep *cep, struct socket *s)
151 {
152 	cep->sock = s;
153 	siw_cep_get(cep);
154 	s->sk->sk_user_data = cep;
155 
156 	siw_sk_save_upcalls(s->sk);
157 	siw_sk_assign_cm_upcalls(s->sk);
158 }
159 
160 static struct siw_cep *siw_cep_alloc(struct siw_device *sdev)
161 {
162 	struct siw_cep *cep = kzalloc(sizeof(*cep), GFP_KERNEL);
163 	unsigned long flags;
164 
165 	if (!cep)
166 		return NULL;
167 
168 	INIT_LIST_HEAD(&cep->listenq);
169 	INIT_LIST_HEAD(&cep->devq);
170 	INIT_LIST_HEAD(&cep->work_freelist);
171 
172 	kref_init(&cep->ref);
173 	cep->state = SIW_EPSTATE_IDLE;
174 	init_waitqueue_head(&cep->waitq);
175 	spin_lock_init(&cep->lock);
176 	cep->sdev = sdev;
177 	cep->enhanced_rdma_conn_est = false;
178 
179 	spin_lock_irqsave(&sdev->lock, flags);
180 	list_add_tail(&cep->devq, &sdev->cep_list);
181 	spin_unlock_irqrestore(&sdev->lock, flags);
182 
183 	siw_dbg_cep(cep, "new endpoint\n");
184 	return cep;
185 }
186 
187 static void siw_cm_free_work(struct siw_cep *cep)
188 {
189 	struct list_head *w, *tmp;
190 	struct siw_cm_work *work;
191 
192 	list_for_each_safe(w, tmp, &cep->work_freelist) {
193 		work = list_entry(w, struct siw_cm_work, list);
194 		list_del(&work->list);
195 		kfree(work);
196 	}
197 }
198 
199 static void siw_cancel_mpatimer(struct siw_cep *cep)
200 {
201 	spin_lock_bh(&cep->lock);
202 	if (cep->mpa_timer) {
203 		if (cancel_delayed_work(&cep->mpa_timer->work)) {
204 			siw_cep_put(cep);
205 			kfree(cep->mpa_timer); /* not needed again */
206 		}
207 		cep->mpa_timer = NULL;
208 	}
209 	spin_unlock_bh(&cep->lock);
210 }
211 
212 static void siw_put_work(struct siw_cm_work *work)
213 {
214 	INIT_LIST_HEAD(&work->list);
215 	spin_lock_bh(&work->cep->lock);
216 	list_add(&work->list, &work->cep->work_freelist);
217 	spin_unlock_bh(&work->cep->lock);
218 }
219 
220 static void siw_cep_set_inuse(struct siw_cep *cep)
221 {
222 	unsigned long flags;
223 retry:
224 	spin_lock_irqsave(&cep->lock, flags);
225 
226 	if (cep->in_use) {
227 		spin_unlock_irqrestore(&cep->lock, flags);
228 		wait_event_interruptible(cep->waitq, !cep->in_use);
229 		if (signal_pending(current))
230 			flush_signals(current);
231 		goto retry;
232 	} else {
233 		cep->in_use = 1;
234 		spin_unlock_irqrestore(&cep->lock, flags);
235 	}
236 }
237 
238 static void siw_cep_set_free(struct siw_cep *cep)
239 {
240 	unsigned long flags;
241 
242 	spin_lock_irqsave(&cep->lock, flags);
243 	cep->in_use = 0;
244 	spin_unlock_irqrestore(&cep->lock, flags);
245 
246 	wake_up(&cep->waitq);
247 }
248 
249 static void __siw_cep_dealloc(struct kref *ref)
250 {
251 	struct siw_cep *cep = container_of(ref, struct siw_cep, ref);
252 	struct siw_device *sdev = cep->sdev;
253 	unsigned long flags;
254 
255 	WARN_ON(cep->listen_cep);
256 
257 	/* kfree(NULL) is safe */
258 	kfree(cep->mpa.pdata);
259 	spin_lock_bh(&cep->lock);
260 	if (!list_empty(&cep->work_freelist))
261 		siw_cm_free_work(cep);
262 	spin_unlock_bh(&cep->lock);
263 
264 	spin_lock_irqsave(&sdev->lock, flags);
265 	list_del(&cep->devq);
266 	spin_unlock_irqrestore(&sdev->lock, flags);
267 
268 	siw_dbg_cep(cep, "free endpoint\n");
269 	kfree(cep);
270 }
271 
272 static struct siw_cm_work *siw_get_work(struct siw_cep *cep)
273 {
274 	struct siw_cm_work *work = NULL;
275 
276 	spin_lock_bh(&cep->lock);
277 	if (!list_empty(&cep->work_freelist)) {
278 		work = list_entry(cep->work_freelist.next, struct siw_cm_work,
279 				  list);
280 		list_del_init(&work->list);
281 	}
282 	spin_unlock_bh(&cep->lock);
283 	return work;
284 }
285 
286 static int siw_cm_alloc_work(struct siw_cep *cep, int num)
287 {
288 	struct siw_cm_work *work;
289 
290 	while (num--) {
291 		work = kmalloc(sizeof(*work), GFP_KERNEL);
292 		if (!work) {
293 			if (!(list_empty(&cep->work_freelist)))
294 				siw_cm_free_work(cep);
295 			return -ENOMEM;
296 		}
297 		work->cep = cep;
298 		INIT_LIST_HEAD(&work->list);
299 		list_add(&work->list, &cep->work_freelist);
300 	}
301 	return 0;
302 }
303 
304 /*
305  * siw_cm_upcall()
306  *
307  * Upcall to IWCM to inform about async connection events
308  */
309 static int siw_cm_upcall(struct siw_cep *cep, enum iw_cm_event_type reason,
310 			 int status)
311 {
312 	struct iw_cm_event event;
313 	struct iw_cm_id *id;
314 
315 	memset(&event, 0, sizeof(event));
316 	event.status = status;
317 	event.event = reason;
318 
319 	if (reason == IW_CM_EVENT_CONNECT_REQUEST) {
320 		event.provider_data = cep;
321 		id = cep->listen_cep->cm_id;
322 	} else {
323 		id = cep->cm_id;
324 	}
325 	/* Signal IRD and ORD */
326 	if (reason == IW_CM_EVENT_ESTABLISHED ||
327 	    reason == IW_CM_EVENT_CONNECT_REPLY) {
328 		/* Signal negotiated IRD/ORD values we will use */
329 		event.ird = cep->ird;
330 		event.ord = cep->ord;
331 	} else if (reason == IW_CM_EVENT_CONNECT_REQUEST) {
332 		event.ird = cep->ord;
333 		event.ord = cep->ird;
334 	}
335 	/* Signal private data and address information */
336 	if (reason == IW_CM_EVENT_CONNECT_REQUEST ||
337 	    reason == IW_CM_EVENT_CONNECT_REPLY) {
338 		u16 pd_len = be16_to_cpu(cep->mpa.hdr.params.pd_len);
339 
340 		if (pd_len) {
341 			/*
342 			 * hand over MPA private data
343 			 */
344 			event.private_data_len = pd_len;
345 			event.private_data = cep->mpa.pdata;
346 
347 			/* Hide MPA V2 IRD/ORD control */
348 			if (cep->enhanced_rdma_conn_est) {
349 				event.private_data_len -=
350 					sizeof(struct mpa_v2_data);
351 				event.private_data +=
352 					sizeof(struct mpa_v2_data);
353 			}
354 		}
355 		getname_local(cep->sock, &event.local_addr);
356 		getname_peer(cep->sock, &event.remote_addr);
357 	}
358 	siw_dbg_cep(cep, "[QP %u]: reason=%d, status=%d\n",
359 		    cep->qp ? qp_id(cep->qp) : UINT_MAX, reason, status);
360 
361 	return id->event_handler(id, &event);
362 }
363 
364 /*
365  * siw_qp_cm_drop()
366  *
367  * Drops established LLP connection if present and not already
368  * scheduled for dropping. Called from user context, SQ workqueue
369  * or receive IRQ. Caller signals if socket can be immediately
370  * closed (basically, if not in IRQ).
371  */
372 void siw_qp_cm_drop(struct siw_qp *qp, int schedule)
373 {
374 	struct siw_cep *cep = qp->cep;
375 
376 	qp->rx_stream.rx_suspend = 1;
377 	qp->tx_ctx.tx_suspend = 1;
378 
379 	if (!qp->cep)
380 		return;
381 
382 	if (schedule) {
383 		siw_cm_queue_work(cep, SIW_CM_WORK_CLOSE_LLP);
384 	} else {
385 		siw_cep_set_inuse(cep);
386 
387 		if (cep->state == SIW_EPSTATE_CLOSED) {
388 			siw_dbg_cep(cep, "already closed\n");
389 			goto out;
390 		}
391 		siw_dbg_cep(cep, "immediate close, state %d\n", cep->state);
392 
393 		if (qp->term_info.valid)
394 			siw_send_terminate(qp);
395 
396 		if (cep->cm_id) {
397 			switch (cep->state) {
398 			case SIW_EPSTATE_AWAIT_MPAREP:
399 				siw_cm_upcall(cep, IW_CM_EVENT_CONNECT_REPLY,
400 					      -EINVAL);
401 				break;
402 
403 			case SIW_EPSTATE_RDMA_MODE:
404 				siw_cm_upcall(cep, IW_CM_EVENT_CLOSE, 0);
405 				break;
406 
407 			case SIW_EPSTATE_IDLE:
408 			case SIW_EPSTATE_LISTENING:
409 			case SIW_EPSTATE_CONNECTING:
410 			case SIW_EPSTATE_AWAIT_MPAREQ:
411 			case SIW_EPSTATE_RECVD_MPAREQ:
412 			case SIW_EPSTATE_CLOSED:
413 			default:
414 				break;
415 			}
416 			cep->cm_id->rem_ref(cep->cm_id);
417 			cep->cm_id = NULL;
418 			siw_cep_put(cep);
419 		}
420 		cep->state = SIW_EPSTATE_CLOSED;
421 
422 		if (cep->sock) {
423 			siw_socket_disassoc(cep->sock);
424 			/*
425 			 * Immediately close socket
426 			 */
427 			sock_release(cep->sock);
428 			cep->sock = NULL;
429 		}
430 		if (cep->qp) {
431 			cep->qp = NULL;
432 			siw_qp_put(qp);
433 		}
434 out:
435 		siw_cep_set_free(cep);
436 	}
437 }
438 
439 void siw_cep_put(struct siw_cep *cep)
440 {
441 	WARN_ON(kref_read(&cep->ref) < 1);
442 	kref_put(&cep->ref, __siw_cep_dealloc);
443 }
444 
445 void siw_cep_get(struct siw_cep *cep)
446 {
447 	kref_get(&cep->ref);
448 }
449 
450 /*
451  * Expects params->pd_len in host byte order
452  */
453 static int siw_send_mpareqrep(struct siw_cep *cep, const void *pdata, u8 pd_len)
454 {
455 	struct socket *s = cep->sock;
456 	struct mpa_rr *rr = &cep->mpa.hdr;
457 	struct kvec iov[3];
458 	struct msghdr msg;
459 	int rv;
460 	int iovec_num = 0;
461 	int mpa_len;
462 
463 	memset(&msg, 0, sizeof(msg));
464 
465 	iov[iovec_num].iov_base = rr;
466 	iov[iovec_num].iov_len = sizeof(*rr);
467 	mpa_len = sizeof(*rr);
468 
469 	if (cep->enhanced_rdma_conn_est) {
470 		iovec_num++;
471 		iov[iovec_num].iov_base = &cep->mpa.v2_ctrl;
472 		iov[iovec_num].iov_len = sizeof(cep->mpa.v2_ctrl);
473 		mpa_len += sizeof(cep->mpa.v2_ctrl);
474 	}
475 	if (pd_len) {
476 		iovec_num++;
477 		iov[iovec_num].iov_base = (char *)pdata;
478 		iov[iovec_num].iov_len = pd_len;
479 		mpa_len += pd_len;
480 	}
481 	if (cep->enhanced_rdma_conn_est)
482 		pd_len += sizeof(cep->mpa.v2_ctrl);
483 
484 	rr->params.pd_len = cpu_to_be16(pd_len);
485 
486 	rv = kernel_sendmsg(s, &msg, iov, iovec_num + 1, mpa_len);
487 
488 	return rv < 0 ? rv : 0;
489 }
490 
491 /*
492  * Receive MPA Request/Reply header.
493  *
494  * Returns 0 if complete MPA Request/Reply header including
495  * eventual private data was received. Returns -EAGAIN if
496  * header was partially received or negative error code otherwise.
497  *
498  * Context: May be called in process context only
499  */
500 static int siw_recv_mpa_rr(struct siw_cep *cep)
501 {
502 	struct mpa_rr *hdr = &cep->mpa.hdr;
503 	struct socket *s = cep->sock;
504 	u16 pd_len;
505 	int rcvd, to_rcv;
506 
507 	if (cep->mpa.bytes_rcvd < sizeof(struct mpa_rr)) {
508 		rcvd = ksock_recv(s, (char *)hdr + cep->mpa.bytes_rcvd,
509 				  sizeof(struct mpa_rr) - cep->mpa.bytes_rcvd,
510 				  0);
511 		if (rcvd <= 0)
512 			return -ECONNABORTED;
513 
514 		cep->mpa.bytes_rcvd += rcvd;
515 
516 		if (cep->mpa.bytes_rcvd < sizeof(struct mpa_rr))
517 			return -EAGAIN;
518 
519 		if (be16_to_cpu(hdr->params.pd_len) > MPA_MAX_PRIVDATA)
520 			return -EPROTO;
521 	}
522 	pd_len = be16_to_cpu(hdr->params.pd_len);
523 
524 	/*
525 	 * At least the MPA Request/Reply header (frame not including
526 	 * private data) has been received.
527 	 * Receive (or continue receiving) any private data.
528 	 */
529 	to_rcv = pd_len - (cep->mpa.bytes_rcvd - sizeof(struct mpa_rr));
530 
531 	if (!to_rcv) {
532 		/*
533 		 * We must have hdr->params.pd_len == 0 and thus received a
534 		 * complete MPA Request/Reply frame.
535 		 * Check against peer protocol violation.
536 		 */
537 		u32 word;
538 
539 		rcvd = ksock_recv(s, (char *)&word, sizeof(word), MSG_DONTWAIT);
540 		if (rcvd == -EAGAIN)
541 			return 0;
542 
543 		if (rcvd == 0) {
544 			siw_dbg_cep(cep, "peer EOF\n");
545 			return -EPIPE;
546 		}
547 		if (rcvd < 0) {
548 			siw_dbg_cep(cep, "error: %d\n", rcvd);
549 			return rcvd;
550 		}
551 		siw_dbg_cep(cep, "peer sent extra data: %d\n", rcvd);
552 
553 		return -EPROTO;
554 	}
555 
556 	/*
557 	 * At this point, we must have hdr->params.pd_len != 0.
558 	 * A private data buffer gets allocated if hdr->params.pd_len != 0.
559 	 */
560 	if (!cep->mpa.pdata) {
561 		cep->mpa.pdata = kmalloc(pd_len + 4, GFP_KERNEL);
562 		if (!cep->mpa.pdata)
563 			return -ENOMEM;
564 	}
565 	rcvd = ksock_recv(
566 		s, cep->mpa.pdata + cep->mpa.bytes_rcvd - sizeof(struct mpa_rr),
567 		to_rcv + 4, MSG_DONTWAIT);
568 
569 	if (rcvd < 0)
570 		return rcvd;
571 
572 	if (rcvd > to_rcv)
573 		return -EPROTO;
574 
575 	cep->mpa.bytes_rcvd += rcvd;
576 
577 	if (to_rcv == rcvd) {
578 		siw_dbg_cep(cep, "%d bytes private data received\n", pd_len);
579 		return 0;
580 	}
581 	return -EAGAIN;
582 }
583 
584 /*
585  * siw_proc_mpareq()
586  *
587  * Read MPA Request from socket and signal new connection to IWCM
588  * if success. Caller must hold lock on corresponding listening CEP.
589  */
590 static int siw_proc_mpareq(struct siw_cep *cep)
591 {
592 	struct mpa_rr *req;
593 	int version, rv;
594 	u16 pd_len;
595 
596 	rv = siw_recv_mpa_rr(cep);
597 	if (rv)
598 		return rv;
599 
600 	req = &cep->mpa.hdr;
601 
602 	version = __mpa_rr_revision(req->params.bits);
603 	pd_len = be16_to_cpu(req->params.pd_len);
604 
605 	if (version > MPA_REVISION_2)
606 		/* allow for 0, 1, and 2 only */
607 		return -EPROTO;
608 
609 	if (memcmp(req->key, MPA_KEY_REQ, 16))
610 		return -EPROTO;
611 
612 	/* Prepare for sending MPA reply */
613 	memcpy(req->key, MPA_KEY_REP, 16);
614 
615 	if (version == MPA_REVISION_2 &&
616 	    (req->params.bits & MPA_RR_FLAG_ENHANCED)) {
617 		/*
618 		 * MPA version 2 must signal IRD/ORD values and P2P mode
619 		 * in private data if header flag MPA_RR_FLAG_ENHANCED
620 		 * is set.
621 		 */
622 		if (pd_len < sizeof(struct mpa_v2_data))
623 			goto reject_conn;
624 
625 		cep->enhanced_rdma_conn_est = true;
626 	}
627 
628 	/* MPA Markers: currently not supported. Marker TX to be added. */
629 	if (req->params.bits & MPA_RR_FLAG_MARKERS)
630 		goto reject_conn;
631 
632 	if (req->params.bits & MPA_RR_FLAG_CRC) {
633 		/*
634 		 * RFC 5044, page 27: CRC MUST be used if peer requests it.
635 		 * siw specific: 'mpa_crc_strict' parameter to reject
636 		 * connection with CRC if local CRC off enforced by
637 		 * 'mpa_crc_strict' module parameter.
638 		 */
639 		if (!mpa_crc_required && mpa_crc_strict)
640 			goto reject_conn;
641 
642 		/* Enable CRC if requested by module parameter */
643 		if (mpa_crc_required)
644 			req->params.bits |= MPA_RR_FLAG_CRC;
645 	}
646 	if (cep->enhanced_rdma_conn_est) {
647 		struct mpa_v2_data *v2 = (struct mpa_v2_data *)cep->mpa.pdata;
648 
649 		/*
650 		 * Peer requested ORD becomes requested local IRD,
651 		 * peer requested IRD becomes requested local ORD.
652 		 * IRD and ORD get limited by global maximum values.
653 		 */
654 		cep->ord = ntohs(v2->ird) & MPA_IRD_ORD_MASK;
655 		cep->ord = min(cep->ord, SIW_MAX_ORD_QP);
656 		cep->ird = ntohs(v2->ord) & MPA_IRD_ORD_MASK;
657 		cep->ird = min(cep->ird, SIW_MAX_IRD_QP);
658 
659 		/* May get overwritten by locally negotiated values */
660 		cep->mpa.v2_ctrl.ird = htons(cep->ird);
661 		cep->mpa.v2_ctrl.ord = htons(cep->ord);
662 
663 		/*
664 		 * Support for peer sent zero length Write or Read to
665 		 * let local side enter RTS. Writes are preferred.
666 		 * Sends would require pre-posting a Receive and are
667 		 * not supported.
668 		 * Propose zero length Write if none of Read and Write
669 		 * is indicated.
670 		 */
671 		if (v2->ird & MPA_V2_PEER_TO_PEER) {
672 			cep->mpa.v2_ctrl.ird |= MPA_V2_PEER_TO_PEER;
673 
674 			if (v2->ord & MPA_V2_RDMA_WRITE_RTR)
675 				cep->mpa.v2_ctrl.ord |= MPA_V2_RDMA_WRITE_RTR;
676 			else if (v2->ord & MPA_V2_RDMA_READ_RTR)
677 				cep->mpa.v2_ctrl.ord |= MPA_V2_RDMA_READ_RTR;
678 			else
679 				cep->mpa.v2_ctrl.ord |= MPA_V2_RDMA_WRITE_RTR;
680 		}
681 	}
682 
683 	cep->state = SIW_EPSTATE_RECVD_MPAREQ;
684 
685 	/* Keep reference until IWCM accepts/rejects */
686 	siw_cep_get(cep);
687 	rv = siw_cm_upcall(cep, IW_CM_EVENT_CONNECT_REQUEST, 0);
688 	if (rv)
689 		siw_cep_put(cep);
690 
691 	return rv;
692 
693 reject_conn:
694 	siw_dbg_cep(cep, "reject: crc %d:%d:%d, m %d:%d\n",
695 		    req->params.bits & MPA_RR_FLAG_CRC ? 1 : 0,
696 		    mpa_crc_required, mpa_crc_strict,
697 		    req->params.bits & MPA_RR_FLAG_MARKERS ? 1 : 0, 0);
698 
699 	req->params.bits &= ~MPA_RR_FLAG_MARKERS;
700 	req->params.bits |= MPA_RR_FLAG_REJECT;
701 
702 	if (!mpa_crc_required && mpa_crc_strict)
703 		req->params.bits &= ~MPA_RR_FLAG_CRC;
704 
705 	if (pd_len)
706 		kfree(cep->mpa.pdata);
707 
708 	cep->mpa.pdata = NULL;
709 
710 	siw_send_mpareqrep(cep, NULL, 0);
711 
712 	return -EOPNOTSUPP;
713 }
714 
715 static int siw_proc_mpareply(struct siw_cep *cep)
716 {
717 	struct siw_qp_attrs qp_attrs;
718 	enum siw_qp_attr_mask qp_attr_mask;
719 	struct siw_qp *qp = cep->qp;
720 	struct mpa_rr *rep;
721 	int rv;
722 	u16 rep_ord;
723 	u16 rep_ird;
724 	bool ird_insufficient = false;
725 	enum mpa_v2_ctrl mpa_p2p_mode = MPA_V2_RDMA_NO_RTR;
726 
727 	rv = siw_recv_mpa_rr(cep);
728 	if (rv != -EAGAIN)
729 		siw_cancel_mpatimer(cep);
730 	if (rv)
731 		goto out_err;
732 
733 	rep = &cep->mpa.hdr;
734 
735 	if (__mpa_rr_revision(rep->params.bits) > MPA_REVISION_2) {
736 		/* allow for 0, 1,  and 2 only */
737 		rv = -EPROTO;
738 		goto out_err;
739 	}
740 	if (memcmp(rep->key, MPA_KEY_REP, 16)) {
741 		siw_init_terminate(qp, TERM_ERROR_LAYER_LLP, LLP_ETYPE_MPA,
742 				   LLP_ECODE_INVALID_REQ_RESP, 0);
743 		siw_send_terminate(qp);
744 		rv = -EPROTO;
745 		goto out_err;
746 	}
747 	if (rep->params.bits & MPA_RR_FLAG_REJECT) {
748 		siw_dbg_cep(cep, "got mpa reject\n");
749 		siw_cm_upcall(cep, IW_CM_EVENT_CONNECT_REPLY, -ECONNRESET);
750 
751 		return -ECONNRESET;
752 	}
753 	if (try_gso && rep->params.bits & MPA_RR_FLAG_GSO_EXP) {
754 		siw_dbg_cep(cep, "peer allows GSO on TX\n");
755 		qp->tx_ctx.gso_seg_limit = 0;
756 	}
757 	if ((rep->params.bits & MPA_RR_FLAG_MARKERS) ||
758 	    (mpa_crc_required && !(rep->params.bits & MPA_RR_FLAG_CRC)) ||
759 	    (mpa_crc_strict && !mpa_crc_required &&
760 	     (rep->params.bits & MPA_RR_FLAG_CRC))) {
761 		siw_dbg_cep(cep, "reply unsupp: crc %d:%d:%d, m %d:%d\n",
762 			    rep->params.bits & MPA_RR_FLAG_CRC ? 1 : 0,
763 			    mpa_crc_required, mpa_crc_strict,
764 			    rep->params.bits & MPA_RR_FLAG_MARKERS ? 1 : 0, 0);
765 
766 		siw_cm_upcall(cep, IW_CM_EVENT_CONNECT_REPLY, -ECONNREFUSED);
767 
768 		return -EINVAL;
769 	}
770 	if (cep->enhanced_rdma_conn_est) {
771 		struct mpa_v2_data *v2;
772 
773 		if (__mpa_rr_revision(rep->params.bits) < MPA_REVISION_2 ||
774 		    !(rep->params.bits & MPA_RR_FLAG_ENHANCED)) {
775 			/*
776 			 * Protocol failure: The responder MUST reply with
777 			 * MPA version 2 and MUST set MPA_RR_FLAG_ENHANCED.
778 			 */
779 			siw_dbg_cep(cep, "mpa reply error: vers %d, enhcd %d\n",
780 				    __mpa_rr_revision(rep->params.bits),
781 				    rep->params.bits & MPA_RR_FLAG_ENHANCED ?
782 					    1 :
783 					    0);
784 
785 			siw_cm_upcall(cep, IW_CM_EVENT_CONNECT_REPLY,
786 				      -ECONNRESET);
787 			return -EINVAL;
788 		}
789 		v2 = (struct mpa_v2_data *)cep->mpa.pdata;
790 		rep_ird = ntohs(v2->ird) & MPA_IRD_ORD_MASK;
791 		rep_ord = ntohs(v2->ord) & MPA_IRD_ORD_MASK;
792 
793 		if (cep->ird < rep_ord &&
794 		    (relaxed_ird_negotiation == false ||
795 		     rep_ord > cep->sdev->attrs.max_ird)) {
796 			siw_dbg_cep(cep, "ird %d, rep_ord %d, max_ord %d\n",
797 				    cep->ird, rep_ord,
798 				    cep->sdev->attrs.max_ord);
799 			ird_insufficient = true;
800 		}
801 		if (cep->ord > rep_ird && relaxed_ird_negotiation == false) {
802 			siw_dbg_cep(cep, "ord %d, rep_ird %d\n", cep->ord,
803 				    rep_ird);
804 			ird_insufficient = true;
805 		}
806 		/*
807 		 * Always report negotiated peer values to user,
808 		 * even if IRD/ORD negotiation failed
809 		 */
810 		cep->ird = rep_ord;
811 		cep->ord = rep_ird;
812 
813 		if (ird_insufficient) {
814 			/*
815 			 * If the initiator IRD is insuffient for the
816 			 * responder ORD, send a TERM.
817 			 */
818 			siw_init_terminate(qp, TERM_ERROR_LAYER_LLP,
819 					   LLP_ETYPE_MPA,
820 					   LLP_ECODE_INSUFFICIENT_IRD, 0);
821 			siw_send_terminate(qp);
822 			rv = -ENOMEM;
823 			goto out_err;
824 		}
825 		if (cep->mpa.v2_ctrl_req.ird & MPA_V2_PEER_TO_PEER)
826 			mpa_p2p_mode =
827 				cep->mpa.v2_ctrl_req.ord &
828 				(MPA_V2_RDMA_WRITE_RTR | MPA_V2_RDMA_READ_RTR);
829 
830 		/*
831 		 * Check if we requested P2P mode, and if peer agrees
832 		 */
833 		if (mpa_p2p_mode != MPA_V2_RDMA_NO_RTR) {
834 			if ((mpa_p2p_mode & v2->ord) == 0) {
835 				/*
836 				 * We requested RTR mode(s), but the peer
837 				 * did not pick any mode we support.
838 				 */
839 				siw_dbg_cep(cep,
840 					    "rtr mode:  req %2x, got %2x\n",
841 					    mpa_p2p_mode,
842 					    v2->ord & (MPA_V2_RDMA_WRITE_RTR |
843 						       MPA_V2_RDMA_READ_RTR));
844 
845 				siw_init_terminate(qp, TERM_ERROR_LAYER_LLP,
846 						   LLP_ETYPE_MPA,
847 						   LLP_ECODE_NO_MATCHING_RTR,
848 						   0);
849 				siw_send_terminate(qp);
850 				rv = -EPROTO;
851 				goto out_err;
852 			}
853 			mpa_p2p_mode = v2->ord & (MPA_V2_RDMA_WRITE_RTR |
854 						  MPA_V2_RDMA_READ_RTR);
855 		}
856 	}
857 	memset(&qp_attrs, 0, sizeof(qp_attrs));
858 
859 	if (rep->params.bits & MPA_RR_FLAG_CRC)
860 		qp_attrs.flags = SIW_MPA_CRC;
861 
862 	qp_attrs.irq_size = cep->ird;
863 	qp_attrs.orq_size = cep->ord;
864 	qp_attrs.sk = cep->sock;
865 	qp_attrs.state = SIW_QP_STATE_RTS;
866 
867 	qp_attr_mask = SIW_QP_ATTR_STATE | SIW_QP_ATTR_LLP_HANDLE |
868 		       SIW_QP_ATTR_ORD | SIW_QP_ATTR_IRD | SIW_QP_ATTR_MPA;
869 
870 	/* Move socket RX/TX under QP control */
871 	down_write(&qp->state_lock);
872 	if (qp->attrs.state > SIW_QP_STATE_RTR) {
873 		rv = -EINVAL;
874 		up_write(&qp->state_lock);
875 		goto out_err;
876 	}
877 	rv = siw_qp_modify(qp, &qp_attrs, qp_attr_mask);
878 
879 	siw_qp_socket_assoc(cep, qp);
880 
881 	up_write(&qp->state_lock);
882 
883 	/* Send extra RDMA frame to trigger peer RTS if negotiated */
884 	if (mpa_p2p_mode != MPA_V2_RDMA_NO_RTR) {
885 		rv = siw_qp_mpa_rts(qp, mpa_p2p_mode);
886 		if (rv)
887 			goto out_err;
888 	}
889 	if (!rv) {
890 		rv = siw_cm_upcall(cep, IW_CM_EVENT_CONNECT_REPLY, 0);
891 		if (!rv)
892 			cep->state = SIW_EPSTATE_RDMA_MODE;
893 
894 		return 0;
895 	}
896 
897 out_err:
898 	siw_cm_upcall(cep, IW_CM_EVENT_CONNECT_REPLY, -EINVAL);
899 
900 	return rv;
901 }
902 
903 /*
904  * siw_accept_newconn - accept an incoming pending connection
905  *
906  */
907 static void siw_accept_newconn(struct siw_cep *cep)
908 {
909 	struct socket *s = cep->sock;
910 	struct socket *new_s = NULL;
911 	struct siw_cep *new_cep = NULL;
912 	int rv = 0; /* debug only. should disappear */
913 
914 	if (cep->state != SIW_EPSTATE_LISTENING)
915 		goto error;
916 
917 	new_cep = siw_cep_alloc(cep->sdev);
918 	if (!new_cep)
919 		goto error;
920 
921 	/*
922 	 * 4: Allocate a sufficient number of work elements
923 	 * to allow concurrent handling of local + peer close
924 	 * events, MPA header processing + MPA timeout.
925 	 */
926 	if (siw_cm_alloc_work(new_cep, 4) != 0)
927 		goto error;
928 
929 	/*
930 	 * Copy saved socket callbacks from listening CEP
931 	 * and assign new socket with new CEP
932 	 */
933 	new_cep->sk_state_change = cep->sk_state_change;
934 	new_cep->sk_data_ready = cep->sk_data_ready;
935 	new_cep->sk_write_space = cep->sk_write_space;
936 	new_cep->sk_error_report = cep->sk_error_report;
937 
938 	rv = kernel_accept(s, &new_s, O_NONBLOCK);
939 	if (rv != 0) {
940 		/*
941 		 * Connection already aborted by peer..?
942 		 */
943 		siw_dbg_cep(cep, "kernel_accept() error: %d\n", rv);
944 		goto error;
945 	}
946 	new_cep->sock = new_s;
947 	siw_cep_get(new_cep);
948 	new_s->sk->sk_user_data = new_cep;
949 
950 	if (siw_tcp_nagle == false) {
951 		int val = 1;
952 
953 		rv = kernel_setsockopt(new_s, SOL_TCP, TCP_NODELAY,
954 				       (char *)&val, sizeof(val));
955 		if (rv) {
956 			siw_dbg_cep(cep, "setsockopt NODELAY error: %d\n", rv);
957 			goto error;
958 		}
959 	}
960 	new_cep->state = SIW_EPSTATE_AWAIT_MPAREQ;
961 
962 	rv = siw_cm_queue_work(new_cep, SIW_CM_WORK_MPATIMEOUT);
963 	if (rv)
964 		goto error;
965 	/*
966 	 * See siw_proc_mpareq() etc. for the use of new_cep->listen_cep.
967 	 */
968 	new_cep->listen_cep = cep;
969 	siw_cep_get(cep);
970 
971 	if (atomic_read(&new_s->sk->sk_rmem_alloc)) {
972 		/*
973 		 * MPA REQ already queued
974 		 */
975 		siw_dbg_cep(cep, "immediate mpa request\n");
976 
977 		siw_cep_set_inuse(new_cep);
978 		rv = siw_proc_mpareq(new_cep);
979 		siw_cep_set_free(new_cep);
980 
981 		if (rv != -EAGAIN) {
982 			siw_cep_put(cep);
983 			new_cep->listen_cep = NULL;
984 			if (rv)
985 				goto error;
986 		}
987 	}
988 	return;
989 
990 error:
991 	if (new_cep)
992 		siw_cep_put(new_cep);
993 
994 	if (new_s) {
995 		siw_socket_disassoc(new_s);
996 		sock_release(new_s);
997 		new_cep->sock = NULL;
998 	}
999 	siw_dbg_cep(cep, "error %d\n", rv);
1000 }
1001 
1002 static void siw_cm_work_handler(struct work_struct *w)
1003 {
1004 	struct siw_cm_work *work;
1005 	struct siw_cep *cep;
1006 	int release_cep = 0, rv = 0;
1007 
1008 	work = container_of(w, struct siw_cm_work, work.work);
1009 	cep = work->cep;
1010 
1011 	siw_dbg_cep(cep, "[QP %u]: work type: %d, state %d\n",
1012 		    cep->qp ? qp_id(cep->qp) : UINT_MAX,
1013 		    work->type, cep->state);
1014 
1015 	siw_cep_set_inuse(cep);
1016 
1017 	switch (work->type) {
1018 	case SIW_CM_WORK_ACCEPT:
1019 		siw_accept_newconn(cep);
1020 		break;
1021 
1022 	case SIW_CM_WORK_READ_MPAHDR:
1023 		if (cep->state == SIW_EPSTATE_AWAIT_MPAREQ) {
1024 			if (cep->listen_cep) {
1025 				siw_cep_set_inuse(cep->listen_cep);
1026 
1027 				if (cep->listen_cep->state ==
1028 				    SIW_EPSTATE_LISTENING)
1029 					rv = siw_proc_mpareq(cep);
1030 				else
1031 					rv = -EFAULT;
1032 
1033 				siw_cep_set_free(cep->listen_cep);
1034 
1035 				if (rv != -EAGAIN) {
1036 					siw_cep_put(cep->listen_cep);
1037 					cep->listen_cep = NULL;
1038 					if (rv)
1039 						siw_cep_put(cep);
1040 				}
1041 			}
1042 		} else if (cep->state == SIW_EPSTATE_AWAIT_MPAREP) {
1043 			rv = siw_proc_mpareply(cep);
1044 		} else {
1045 			/*
1046 			 * CEP already moved out of MPA handshake.
1047 			 * any connection management already done.
1048 			 * silently ignore the mpa packet.
1049 			 */
1050 			if (cep->state == SIW_EPSTATE_RDMA_MODE) {
1051 				cep->sock->sk->sk_data_ready(cep->sock->sk);
1052 				siw_dbg_cep(cep, "already in RDMA mode");
1053 			} else {
1054 				siw_dbg_cep(cep, "out of state: %d\n",
1055 					    cep->state);
1056 			}
1057 		}
1058 		if (rv && rv != EAGAIN)
1059 			release_cep = 1;
1060 		break;
1061 
1062 	case SIW_CM_WORK_CLOSE_LLP:
1063 		/*
1064 		 * QP scheduled LLP close
1065 		 */
1066 		if (cep->qp && cep->qp->term_info.valid)
1067 			siw_send_terminate(cep->qp);
1068 
1069 		if (cep->cm_id)
1070 			siw_cm_upcall(cep, IW_CM_EVENT_CLOSE, 0);
1071 
1072 		release_cep = 1;
1073 		break;
1074 
1075 	case SIW_CM_WORK_PEER_CLOSE:
1076 		if (cep->cm_id) {
1077 			if (cep->state == SIW_EPSTATE_AWAIT_MPAREP) {
1078 				/*
1079 				 * MPA reply not received, but connection drop
1080 				 */
1081 				siw_cm_upcall(cep, IW_CM_EVENT_CONNECT_REPLY,
1082 					      -ECONNRESET);
1083 			} else if (cep->state == SIW_EPSTATE_RDMA_MODE) {
1084 				/*
1085 				 * NOTE: IW_CM_EVENT_DISCONNECT is given just
1086 				 *       to transition IWCM into CLOSING.
1087 				 */
1088 				siw_cm_upcall(cep, IW_CM_EVENT_DISCONNECT, 0);
1089 				siw_cm_upcall(cep, IW_CM_EVENT_CLOSE, 0);
1090 			}
1091 			/*
1092 			 * for other states there is no connection
1093 			 * known to the IWCM.
1094 			 */
1095 		} else {
1096 			if (cep->state == SIW_EPSTATE_RECVD_MPAREQ) {
1097 				/*
1098 				 * Wait for the ulp/CM to call accept/reject
1099 				 */
1100 				siw_dbg_cep(cep,
1101 					    "mpa req recvd, wait for ULP\n");
1102 			} else if (cep->state == SIW_EPSTATE_AWAIT_MPAREQ) {
1103 				/*
1104 				 * Socket close before MPA request received.
1105 				 */
1106 				siw_dbg_cep(cep, "no mpareq: drop listener\n");
1107 				siw_cep_put(cep->listen_cep);
1108 				cep->listen_cep = NULL;
1109 			}
1110 		}
1111 		release_cep = 1;
1112 		break;
1113 
1114 	case SIW_CM_WORK_MPATIMEOUT:
1115 		cep->mpa_timer = NULL;
1116 
1117 		if (cep->state == SIW_EPSTATE_AWAIT_MPAREP) {
1118 			/*
1119 			 * MPA request timed out:
1120 			 * Hide any partially received private data and signal
1121 			 * timeout
1122 			 */
1123 			cep->mpa.hdr.params.pd_len = 0;
1124 
1125 			if (cep->cm_id)
1126 				siw_cm_upcall(cep, IW_CM_EVENT_CONNECT_REPLY,
1127 					      -ETIMEDOUT);
1128 			release_cep = 1;
1129 
1130 		} else if (cep->state == SIW_EPSTATE_AWAIT_MPAREQ) {
1131 			/*
1132 			 * No MPA request received after peer TCP stream setup.
1133 			 */
1134 			if (cep->listen_cep) {
1135 				siw_cep_put(cep->listen_cep);
1136 				cep->listen_cep = NULL;
1137 			}
1138 			release_cep = 1;
1139 		}
1140 		break;
1141 
1142 	default:
1143 		WARN(1, "Undefined CM work type: %d\n", work->type);
1144 	}
1145 	if (release_cep) {
1146 		siw_dbg_cep(cep,
1147 			    "release: timer=%s, QP[%u]\n",
1148 			    cep->mpa_timer ? "y" : "n",
1149 			    cep->qp ? qp_id(cep->qp) : UINT_MAX);
1150 
1151 		siw_cancel_mpatimer(cep);
1152 
1153 		cep->state = SIW_EPSTATE_CLOSED;
1154 
1155 		if (cep->qp) {
1156 			struct siw_qp *qp = cep->qp;
1157 			/*
1158 			 * Serialize a potential race with application
1159 			 * closing the QP and calling siw_qp_cm_drop()
1160 			 */
1161 			siw_qp_get(qp);
1162 			siw_cep_set_free(cep);
1163 
1164 			siw_qp_llp_close(qp);
1165 			siw_qp_put(qp);
1166 
1167 			siw_cep_set_inuse(cep);
1168 			cep->qp = NULL;
1169 			siw_qp_put(qp);
1170 		}
1171 		if (cep->sock) {
1172 			siw_socket_disassoc(cep->sock);
1173 			sock_release(cep->sock);
1174 			cep->sock = NULL;
1175 		}
1176 		if (cep->cm_id) {
1177 			cep->cm_id->rem_ref(cep->cm_id);
1178 			cep->cm_id = NULL;
1179 			siw_cep_put(cep);
1180 		}
1181 	}
1182 	siw_cep_set_free(cep);
1183 	siw_put_work(work);
1184 	siw_cep_put(cep);
1185 }
1186 
1187 static struct workqueue_struct *siw_cm_wq;
1188 
1189 int siw_cm_queue_work(struct siw_cep *cep, enum siw_work_type type)
1190 {
1191 	struct siw_cm_work *work = siw_get_work(cep);
1192 	unsigned long delay = 0;
1193 
1194 	if (!work) {
1195 		siw_dbg_cep(cep, "failed with no work available\n");
1196 		return -ENOMEM;
1197 	}
1198 	work->type = type;
1199 	work->cep = cep;
1200 
1201 	siw_cep_get(cep);
1202 
1203 	INIT_DELAYED_WORK(&work->work, siw_cm_work_handler);
1204 
1205 	if (type == SIW_CM_WORK_MPATIMEOUT) {
1206 		cep->mpa_timer = work;
1207 
1208 		if (cep->state == SIW_EPSTATE_AWAIT_MPAREP)
1209 			delay = MPAREQ_TIMEOUT;
1210 		else
1211 			delay = MPAREP_TIMEOUT;
1212 	}
1213 	siw_dbg_cep(cep, "[QP %u]: work type: %d, timeout %lu\n",
1214 		    cep->qp ? qp_id(cep->qp) : -1, type, delay);
1215 
1216 	queue_delayed_work(siw_cm_wq, &work->work, delay);
1217 
1218 	return 0;
1219 }
1220 
1221 static void siw_cm_llp_data_ready(struct sock *sk)
1222 {
1223 	struct siw_cep *cep;
1224 
1225 	read_lock(&sk->sk_callback_lock);
1226 
1227 	cep = sk_to_cep(sk);
1228 	if (!cep) {
1229 		WARN_ON(1);
1230 		goto out;
1231 	}
1232 	siw_dbg_cep(cep, "state: %d\n", cep->state);
1233 
1234 	switch (cep->state) {
1235 	case SIW_EPSTATE_RDMA_MODE:
1236 		/* fall through */
1237 	case SIW_EPSTATE_LISTENING:
1238 		break;
1239 
1240 	case SIW_EPSTATE_AWAIT_MPAREQ:
1241 		/* fall through */
1242 	case SIW_EPSTATE_AWAIT_MPAREP:
1243 		siw_cm_queue_work(cep, SIW_CM_WORK_READ_MPAHDR);
1244 		break;
1245 
1246 	default:
1247 		siw_dbg_cep(cep, "unexpected data, state %d\n", cep->state);
1248 		break;
1249 	}
1250 out:
1251 	read_unlock(&sk->sk_callback_lock);
1252 }
1253 
1254 static void siw_cm_llp_write_space(struct sock *sk)
1255 {
1256 	struct siw_cep *cep = sk_to_cep(sk);
1257 
1258 	if (cep)
1259 		siw_dbg_cep(cep, "state: %d\n", cep->state);
1260 }
1261 
1262 static void siw_cm_llp_error_report(struct sock *sk)
1263 {
1264 	struct siw_cep *cep = sk_to_cep(sk);
1265 
1266 	if (cep) {
1267 		siw_dbg_cep(cep, "error %d, socket state: %d, cep state: %d\n",
1268 			    sk->sk_err, sk->sk_state, cep->state);
1269 		cep->sk_error_report(sk);
1270 	}
1271 }
1272 
1273 static void siw_cm_llp_state_change(struct sock *sk)
1274 {
1275 	struct siw_cep *cep;
1276 	void (*orig_state_change)(struct sock *s);
1277 
1278 	read_lock(&sk->sk_callback_lock);
1279 
1280 	cep = sk_to_cep(sk);
1281 	if (!cep) {
1282 		/* endpoint already disassociated */
1283 		read_unlock(&sk->sk_callback_lock);
1284 		return;
1285 	}
1286 	orig_state_change = cep->sk_state_change;
1287 
1288 	siw_dbg_cep(cep, "state: %d\n", cep->state);
1289 
1290 	switch (sk->sk_state) {
1291 	case TCP_ESTABLISHED:
1292 		/*
1293 		 * handle accepting socket as special case where only
1294 		 * new connection is possible
1295 		 */
1296 		siw_cm_queue_work(cep, SIW_CM_WORK_ACCEPT);
1297 		break;
1298 
1299 	case TCP_CLOSE:
1300 	case TCP_CLOSE_WAIT:
1301 		if (cep->qp)
1302 			cep->qp->tx_ctx.tx_suspend = 1;
1303 		siw_cm_queue_work(cep, SIW_CM_WORK_PEER_CLOSE);
1304 		break;
1305 
1306 	default:
1307 		siw_dbg_cep(cep, "unexpected socket state %d\n", sk->sk_state);
1308 	}
1309 	read_unlock(&sk->sk_callback_lock);
1310 	orig_state_change(sk);
1311 }
1312 
1313 static int kernel_bindconnect(struct socket *s, struct sockaddr *laddr,
1314 			      struct sockaddr *raddr)
1315 {
1316 	int rv, flags = 0, s_val = 1;
1317 	size_t size = laddr->sa_family == AF_INET ?
1318 		sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6);
1319 
1320 	/*
1321 	 * Make address available again asap.
1322 	 */
1323 	rv = kernel_setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&s_val,
1324 			       sizeof(s_val));
1325 	if (rv < 0)
1326 		return rv;
1327 
1328 	rv = s->ops->bind(s, laddr, size);
1329 	if (rv < 0)
1330 		return rv;
1331 
1332 	rv = s->ops->connect(s, raddr, size, flags);
1333 
1334 	return rv < 0 ? rv : 0;
1335 }
1336 
1337 int siw_connect(struct iw_cm_id *id, struct iw_cm_conn_param *params)
1338 {
1339 	struct siw_device *sdev = to_siw_dev(id->device);
1340 	struct siw_qp *qp;
1341 	struct siw_cep *cep = NULL;
1342 	struct socket *s = NULL;
1343 	struct sockaddr *laddr = (struct sockaddr *)&id->local_addr,
1344 			*raddr = (struct sockaddr *)&id->remote_addr;
1345 	bool p2p_mode = peer_to_peer, v4 = true;
1346 	u16 pd_len = params->private_data_len;
1347 	int version = mpa_version, rv;
1348 
1349 	if (pd_len > MPA_MAX_PRIVDATA)
1350 		return -EINVAL;
1351 
1352 	if (params->ird > sdev->attrs.max_ird ||
1353 	    params->ord > sdev->attrs.max_ord)
1354 		return -ENOMEM;
1355 
1356 	if (laddr->sa_family == AF_INET6)
1357 		v4 = false;
1358 	else if (laddr->sa_family != AF_INET)
1359 		return -EAFNOSUPPORT;
1360 
1361 	/*
1362 	 * Respect any iwarp port mapping: Use mapped remote address
1363 	 * if valid. Local address must not be mapped, since siw
1364 	 * uses kernel TCP stack.
1365 	 */
1366 	if ((v4 && to_sockaddr_in(id->remote_addr).sin_port != 0) ||
1367 	     to_sockaddr_in6(id->remote_addr).sin6_port != 0)
1368 		raddr = (struct sockaddr *)&id->m_remote_addr;
1369 
1370 	qp = siw_qp_id2obj(sdev, params->qpn);
1371 	if (!qp) {
1372 		WARN(1, "[QP %u] does not exist\n", params->qpn);
1373 		rv = -EINVAL;
1374 		goto error;
1375 	}
1376 	if (v4)
1377 		siw_dbg_qp(qp,
1378 			   "pd_len %d, laddr %pI4 %d, raddr %pI4 %d\n",
1379 			   pd_len,
1380 			   &((struct sockaddr_in *)(laddr))->sin_addr,
1381 			   ntohs(((struct sockaddr_in *)(laddr))->sin_port),
1382 			   &((struct sockaddr_in *)(raddr))->sin_addr,
1383 			   ntohs(((struct sockaddr_in *)(raddr))->sin_port));
1384 	else
1385 		siw_dbg_qp(qp,
1386 			   "pd_len %d, laddr %pI6 %d, raddr %pI6 %d\n",
1387 			   pd_len,
1388 			   &((struct sockaddr_in6 *)(laddr))->sin6_addr,
1389 			   ntohs(((struct sockaddr_in6 *)(laddr))->sin6_port),
1390 			   &((struct sockaddr_in6 *)(raddr))->sin6_addr,
1391 			   ntohs(((struct sockaddr_in6 *)(raddr))->sin6_port));
1392 
1393 	rv = sock_create(v4 ? AF_INET : AF_INET6, SOCK_STREAM, IPPROTO_TCP, &s);
1394 	if (rv < 0)
1395 		goto error;
1396 
1397 	/*
1398 	 * NOTE: For simplification, connect() is called in blocking
1399 	 * mode. Might be reconsidered for async connection setup at
1400 	 * TCP level.
1401 	 */
1402 	rv = kernel_bindconnect(s, laddr, raddr);
1403 	if (rv != 0) {
1404 		siw_dbg_qp(qp, "kernel_bindconnect: error %d\n", rv);
1405 		goto error;
1406 	}
1407 	if (siw_tcp_nagle == false) {
1408 		int val = 1;
1409 
1410 		rv = kernel_setsockopt(s, SOL_TCP, TCP_NODELAY, (char *)&val,
1411 				       sizeof(val));
1412 		if (rv) {
1413 			siw_dbg_qp(qp, "setsockopt NODELAY error: %d\n", rv);
1414 			goto error;
1415 		}
1416 	}
1417 	cep = siw_cep_alloc(sdev);
1418 	if (!cep) {
1419 		rv = -ENOMEM;
1420 		goto error;
1421 	}
1422 	siw_cep_set_inuse(cep);
1423 
1424 	/* Associate QP with CEP */
1425 	siw_cep_get(cep);
1426 	qp->cep = cep;
1427 
1428 	/* siw_qp_get(qp) already done by QP lookup */
1429 	cep->qp = qp;
1430 
1431 	id->add_ref(id);
1432 	cep->cm_id = id;
1433 
1434 	/*
1435 	 * 4: Allocate a sufficient number of work elements
1436 	 * to allow concurrent handling of local + peer close
1437 	 * events, MPA header processing + MPA timeout.
1438 	 */
1439 	rv = siw_cm_alloc_work(cep, 4);
1440 	if (rv != 0) {
1441 		rv = -ENOMEM;
1442 		goto error;
1443 	}
1444 	cep->ird = params->ird;
1445 	cep->ord = params->ord;
1446 
1447 	if (p2p_mode && cep->ord == 0)
1448 		cep->ord = 1;
1449 
1450 	cep->state = SIW_EPSTATE_CONNECTING;
1451 
1452 	/*
1453 	 * Associate CEP with socket
1454 	 */
1455 	siw_cep_socket_assoc(cep, s);
1456 
1457 	cep->state = SIW_EPSTATE_AWAIT_MPAREP;
1458 
1459 	/*
1460 	 * Set MPA Request bits: CRC if required, no MPA Markers,
1461 	 * MPA Rev. according to module parameter 'mpa_version', Key 'Request'.
1462 	 */
1463 	cep->mpa.hdr.params.bits = 0;
1464 	if (version > MPA_REVISION_2) {
1465 		pr_warn("Setting MPA version to %u\n", MPA_REVISION_2);
1466 		version = MPA_REVISION_2;
1467 		/* Adjust also module parameter */
1468 		mpa_version = MPA_REVISION_2;
1469 	}
1470 	__mpa_rr_set_revision(&cep->mpa.hdr.params.bits, version);
1471 
1472 	if (try_gso)
1473 		cep->mpa.hdr.params.bits |= MPA_RR_FLAG_GSO_EXP;
1474 
1475 	if (mpa_crc_required)
1476 		cep->mpa.hdr.params.bits |= MPA_RR_FLAG_CRC;
1477 
1478 	/*
1479 	 * If MPA version == 2:
1480 	 * o Include ORD and IRD.
1481 	 * o Indicate peer-to-peer mode, if required by module
1482 	 *   parameter 'peer_to_peer'.
1483 	 */
1484 	if (version == MPA_REVISION_2) {
1485 		cep->enhanced_rdma_conn_est = true;
1486 		cep->mpa.hdr.params.bits |= MPA_RR_FLAG_ENHANCED;
1487 
1488 		cep->mpa.v2_ctrl.ird = htons(cep->ird);
1489 		cep->mpa.v2_ctrl.ord = htons(cep->ord);
1490 
1491 		if (p2p_mode) {
1492 			cep->mpa.v2_ctrl.ird |= MPA_V2_PEER_TO_PEER;
1493 			cep->mpa.v2_ctrl.ord |= rtr_type;
1494 		}
1495 		/* Remember own P2P mode requested */
1496 		cep->mpa.v2_ctrl_req.ird = cep->mpa.v2_ctrl.ird;
1497 		cep->mpa.v2_ctrl_req.ord = cep->mpa.v2_ctrl.ord;
1498 	}
1499 	memcpy(cep->mpa.hdr.key, MPA_KEY_REQ, 16);
1500 
1501 	rv = siw_send_mpareqrep(cep, params->private_data, pd_len);
1502 	/*
1503 	 * Reset private data.
1504 	 */
1505 	cep->mpa.hdr.params.pd_len = 0;
1506 
1507 	if (rv >= 0) {
1508 		rv = siw_cm_queue_work(cep, SIW_CM_WORK_MPATIMEOUT);
1509 		if (!rv) {
1510 			siw_dbg_cep(cep, "[QP %u]: exit\n", qp_id(qp));
1511 			siw_cep_set_free(cep);
1512 			return 0;
1513 		}
1514 	}
1515 error:
1516 	siw_dbg(id->device, "failed: %d\n", rv);
1517 
1518 	if (cep) {
1519 		siw_socket_disassoc(s);
1520 		sock_release(s);
1521 		cep->sock = NULL;
1522 
1523 		cep->qp = NULL;
1524 
1525 		cep->cm_id = NULL;
1526 		id->rem_ref(id);
1527 		siw_cep_put(cep);
1528 
1529 		qp->cep = NULL;
1530 		siw_cep_put(cep);
1531 
1532 		cep->state = SIW_EPSTATE_CLOSED;
1533 
1534 		siw_cep_set_free(cep);
1535 
1536 		siw_cep_put(cep);
1537 
1538 	} else if (s) {
1539 		sock_release(s);
1540 	}
1541 	if (qp)
1542 		siw_qp_put(qp);
1543 
1544 	return rv;
1545 }
1546 
1547 /*
1548  * siw_accept - Let SoftiWARP accept an RDMA connection request
1549  *
1550  * @id:		New connection management id to be used for accepted
1551  *		connection request
1552  * @params:	Connection parameters provided by ULP for accepting connection
1553  *
1554  * Transition QP to RTS state, associate new CM id @id with accepted CEP
1555  * and get prepared for TCP input by installing socket callbacks.
1556  * Then send MPA Reply and generate the "connection established" event.
1557  * Socket callbacks must be installed before sending MPA Reply, because
1558  * the latter may cause a first RDMA message to arrive from the RDMA Initiator
1559  * side very quickly, at which time the socket callbacks must be ready.
1560  */
1561 int siw_accept(struct iw_cm_id *id, struct iw_cm_conn_param *params)
1562 {
1563 	struct siw_device *sdev = to_siw_dev(id->device);
1564 	struct siw_cep *cep = (struct siw_cep *)id->provider_data;
1565 	struct siw_qp *qp;
1566 	struct siw_qp_attrs qp_attrs;
1567 	int rv, max_priv_data = MPA_MAX_PRIVDATA;
1568 	bool wait_for_peer_rts = false;
1569 
1570 	siw_cep_set_inuse(cep);
1571 	siw_cep_put(cep);
1572 
1573 	/* Free lingering inbound private data */
1574 	if (cep->mpa.hdr.params.pd_len) {
1575 		cep->mpa.hdr.params.pd_len = 0;
1576 		kfree(cep->mpa.pdata);
1577 		cep->mpa.pdata = NULL;
1578 	}
1579 	siw_cancel_mpatimer(cep);
1580 
1581 	if (cep->state != SIW_EPSTATE_RECVD_MPAREQ) {
1582 		siw_dbg_cep(cep, "out of state\n");
1583 
1584 		siw_cep_set_free(cep);
1585 		siw_cep_put(cep);
1586 
1587 		return -ECONNRESET;
1588 	}
1589 	qp = siw_qp_id2obj(sdev, params->qpn);
1590 	if (!qp) {
1591 		WARN(1, "[QP %d] does not exist\n", params->qpn);
1592 		siw_cep_set_free(cep);
1593 		siw_cep_put(cep);
1594 
1595 		return -EINVAL;
1596 	}
1597 	down_write(&qp->state_lock);
1598 	if (qp->attrs.state > SIW_QP_STATE_RTR) {
1599 		rv = -EINVAL;
1600 		up_write(&qp->state_lock);
1601 		goto error;
1602 	}
1603 	siw_dbg_cep(cep, "[QP %d]\n", params->qpn);
1604 
1605 	if (try_gso && cep->mpa.hdr.params.bits & MPA_RR_FLAG_GSO_EXP) {
1606 		siw_dbg_cep(cep, "peer allows GSO on TX\n");
1607 		qp->tx_ctx.gso_seg_limit = 0;
1608 	}
1609 	if (params->ord > sdev->attrs.max_ord ||
1610 	    params->ird > sdev->attrs.max_ird) {
1611 		siw_dbg_cep(
1612 			cep,
1613 			"[QP %u]: ord %d (max %d), ird %d (max %d)\n",
1614 			qp_id(qp), params->ord, sdev->attrs.max_ord,
1615 			params->ird, sdev->attrs.max_ird);
1616 		rv = -EINVAL;
1617 		up_write(&qp->state_lock);
1618 		goto error;
1619 	}
1620 	if (cep->enhanced_rdma_conn_est)
1621 		max_priv_data -= sizeof(struct mpa_v2_data);
1622 
1623 	if (params->private_data_len > max_priv_data) {
1624 		siw_dbg_cep(
1625 			cep,
1626 			"[QP %u]: private data length: %d (max %d)\n",
1627 			qp_id(qp), params->private_data_len, max_priv_data);
1628 		rv = -EINVAL;
1629 		up_write(&qp->state_lock);
1630 		goto error;
1631 	}
1632 	if (cep->enhanced_rdma_conn_est) {
1633 		if (params->ord > cep->ord) {
1634 			if (relaxed_ird_negotiation) {
1635 				params->ord = cep->ord;
1636 			} else {
1637 				cep->ird = params->ird;
1638 				cep->ord = params->ord;
1639 				rv = -EINVAL;
1640 				up_write(&qp->state_lock);
1641 				goto error;
1642 			}
1643 		}
1644 		if (params->ird < cep->ird) {
1645 			if (relaxed_ird_negotiation &&
1646 			    cep->ird <= sdev->attrs.max_ird)
1647 				params->ird = cep->ird;
1648 			else {
1649 				rv = -ENOMEM;
1650 				up_write(&qp->state_lock);
1651 				goto error;
1652 			}
1653 		}
1654 		if (cep->mpa.v2_ctrl.ord &
1655 		    (MPA_V2_RDMA_WRITE_RTR | MPA_V2_RDMA_READ_RTR))
1656 			wait_for_peer_rts = true;
1657 		/*
1658 		 * Signal back negotiated IRD and ORD values
1659 		 */
1660 		cep->mpa.v2_ctrl.ord =
1661 			htons(params->ord & MPA_IRD_ORD_MASK) |
1662 			(cep->mpa.v2_ctrl.ord & ~MPA_V2_MASK_IRD_ORD);
1663 		cep->mpa.v2_ctrl.ird =
1664 			htons(params->ird & MPA_IRD_ORD_MASK) |
1665 			(cep->mpa.v2_ctrl.ird & ~MPA_V2_MASK_IRD_ORD);
1666 	}
1667 	cep->ird = params->ird;
1668 	cep->ord = params->ord;
1669 
1670 	cep->cm_id = id;
1671 	id->add_ref(id);
1672 
1673 	memset(&qp_attrs, 0, sizeof(qp_attrs));
1674 	qp_attrs.orq_size = cep->ord;
1675 	qp_attrs.irq_size = cep->ird;
1676 	qp_attrs.sk = cep->sock;
1677 	if (cep->mpa.hdr.params.bits & MPA_RR_FLAG_CRC)
1678 		qp_attrs.flags = SIW_MPA_CRC;
1679 	qp_attrs.state = SIW_QP_STATE_RTS;
1680 
1681 	siw_dbg_cep(cep, "[QP%u]: moving to rts\n", qp_id(qp));
1682 
1683 	/* Associate QP with CEP */
1684 	siw_cep_get(cep);
1685 	qp->cep = cep;
1686 
1687 	/* siw_qp_get(qp) already done by QP lookup */
1688 	cep->qp = qp;
1689 
1690 	cep->state = SIW_EPSTATE_RDMA_MODE;
1691 
1692 	/* Move socket RX/TX under QP control */
1693 	rv = siw_qp_modify(qp, &qp_attrs,
1694 			   SIW_QP_ATTR_STATE | SIW_QP_ATTR_LLP_HANDLE |
1695 				   SIW_QP_ATTR_ORD | SIW_QP_ATTR_IRD |
1696 				   SIW_QP_ATTR_MPA);
1697 	up_write(&qp->state_lock);
1698 
1699 	if (rv)
1700 		goto error;
1701 
1702 	siw_dbg_cep(cep, "[QP %u]: send mpa reply, %d byte pdata\n",
1703 		    qp_id(qp), params->private_data_len);
1704 
1705 	rv = siw_send_mpareqrep(cep, params->private_data,
1706 				params->private_data_len);
1707 	if (rv != 0)
1708 		goto error;
1709 
1710 	if (wait_for_peer_rts) {
1711 		siw_sk_assign_rtr_upcalls(cep);
1712 	} else {
1713 		siw_qp_socket_assoc(cep, qp);
1714 		rv = siw_cm_upcall(cep, IW_CM_EVENT_ESTABLISHED, 0);
1715 		if (rv)
1716 			goto error;
1717 	}
1718 	siw_cep_set_free(cep);
1719 
1720 	return 0;
1721 error:
1722 	siw_socket_disassoc(cep->sock);
1723 	sock_release(cep->sock);
1724 	cep->sock = NULL;
1725 
1726 	cep->state = SIW_EPSTATE_CLOSED;
1727 
1728 	if (cep->cm_id) {
1729 		cep->cm_id->rem_ref(id);
1730 		cep->cm_id = NULL;
1731 	}
1732 	if (qp->cep) {
1733 		siw_cep_put(cep);
1734 		qp->cep = NULL;
1735 	}
1736 	cep->qp = NULL;
1737 	siw_qp_put(qp);
1738 
1739 	siw_cep_set_free(cep);
1740 	siw_cep_put(cep);
1741 
1742 	return rv;
1743 }
1744 
1745 /*
1746  * siw_reject()
1747  *
1748  * Local connection reject case. Send private data back to peer,
1749  * close connection and dereference connection id.
1750  */
1751 int siw_reject(struct iw_cm_id *id, const void *pdata, u8 pd_len)
1752 {
1753 	struct siw_cep *cep = (struct siw_cep *)id->provider_data;
1754 
1755 	siw_cep_set_inuse(cep);
1756 	siw_cep_put(cep);
1757 
1758 	siw_cancel_mpatimer(cep);
1759 
1760 	if (cep->state != SIW_EPSTATE_RECVD_MPAREQ) {
1761 		siw_dbg_cep(cep, "out of state\n");
1762 
1763 		siw_cep_set_free(cep);
1764 		siw_cep_put(cep); /* put last reference */
1765 
1766 		return -ECONNRESET;
1767 	}
1768 	siw_dbg_cep(cep, "cep->state %d, pd_len %d\n", cep->state,
1769 		    pd_len);
1770 
1771 	if (__mpa_rr_revision(cep->mpa.hdr.params.bits) >= MPA_REVISION_1) {
1772 		cep->mpa.hdr.params.bits |= MPA_RR_FLAG_REJECT; /* reject */
1773 		siw_send_mpareqrep(cep, pdata, pd_len);
1774 	}
1775 	siw_socket_disassoc(cep->sock);
1776 	sock_release(cep->sock);
1777 	cep->sock = NULL;
1778 
1779 	cep->state = SIW_EPSTATE_CLOSED;
1780 
1781 	siw_cep_set_free(cep);
1782 	siw_cep_put(cep);
1783 
1784 	return 0;
1785 }
1786 
1787 static int siw_listen_address(struct iw_cm_id *id, int backlog,
1788 			      struct sockaddr *laddr, int addr_family)
1789 {
1790 	struct socket *s;
1791 	struct siw_cep *cep = NULL;
1792 	struct siw_device *sdev = to_siw_dev(id->device);
1793 	int rv = 0, s_val;
1794 
1795 	rv = sock_create(addr_family, SOCK_STREAM, IPPROTO_TCP, &s);
1796 	if (rv < 0)
1797 		return rv;
1798 
1799 	/*
1800 	 * Allow binding local port when still in TIME_WAIT from last close.
1801 	 */
1802 	s_val = 1;
1803 	rv = kernel_setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&s_val,
1804 			       sizeof(s_val));
1805 	if (rv) {
1806 		siw_dbg(id->device, "setsockopt error: %d\n", rv);
1807 		goto error;
1808 	}
1809 	rv = s->ops->bind(s, laddr, addr_family == AF_INET ?
1810 				    sizeof(struct sockaddr_in) :
1811 				    sizeof(struct sockaddr_in6));
1812 	if (rv) {
1813 		siw_dbg(id->device, "socket bind error: %d\n", rv);
1814 		goto error;
1815 	}
1816 	cep = siw_cep_alloc(sdev);
1817 	if (!cep) {
1818 		rv = -ENOMEM;
1819 		goto error;
1820 	}
1821 	siw_cep_socket_assoc(cep, s);
1822 
1823 	rv = siw_cm_alloc_work(cep, backlog);
1824 	if (rv) {
1825 		siw_dbg(id->device,
1826 			"alloc_work error %d, backlog %d\n",
1827 			rv, backlog);
1828 		goto error;
1829 	}
1830 	rv = s->ops->listen(s, backlog);
1831 	if (rv) {
1832 		siw_dbg(id->device, "listen error %d\n", rv);
1833 		goto error;
1834 	}
1835 	cep->cm_id = id;
1836 	id->add_ref(id);
1837 
1838 	/*
1839 	 * In case of a wildcard rdma_listen on a multi-homed device,
1840 	 * a listener's IWCM id is associated with more than one listening CEP.
1841 	 *
1842 	 * We currently use id->provider_data in three different ways:
1843 	 *
1844 	 * o For a listener's IWCM id, id->provider_data points to
1845 	 *   the list_head of the list of listening CEPs.
1846 	 *   Uses: siw_create_listen(), siw_destroy_listen()
1847 	 *
1848 	 * o For each accepted passive-side IWCM id, id->provider_data
1849 	 *   points to the CEP itself. This is a consequence of
1850 	 *   - siw_cm_upcall() setting event.provider_data = cep and
1851 	 *   - the IWCM's cm_conn_req_handler() setting provider_data of the
1852 	 *     new passive-side IWCM id equal to event.provider_data
1853 	 *   Uses: siw_accept(), siw_reject()
1854 	 *
1855 	 * o For an active-side IWCM id, id->provider_data is not used at all.
1856 	 *
1857 	 */
1858 	if (!id->provider_data) {
1859 		id->provider_data =
1860 			kmalloc(sizeof(struct list_head), GFP_KERNEL);
1861 		if (!id->provider_data) {
1862 			rv = -ENOMEM;
1863 			goto error;
1864 		}
1865 		INIT_LIST_HEAD((struct list_head *)id->provider_data);
1866 	}
1867 	list_add_tail(&cep->listenq, (struct list_head *)id->provider_data);
1868 	cep->state = SIW_EPSTATE_LISTENING;
1869 
1870 	if (addr_family == AF_INET)
1871 		siw_dbg(id->device, "Listen at laddr %pI4 %u\n",
1872 			&(((struct sockaddr_in *)laddr)->sin_addr),
1873 			((struct sockaddr_in *)laddr)->sin_port);
1874 	else
1875 		siw_dbg(id->device, "Listen at laddr %pI6 %u\n",
1876 			&(((struct sockaddr_in6 *)laddr)->sin6_addr),
1877 			((struct sockaddr_in6 *)laddr)->sin6_port);
1878 
1879 	return 0;
1880 
1881 error:
1882 	siw_dbg(id->device, "failed: %d\n", rv);
1883 
1884 	if (cep) {
1885 		siw_cep_set_inuse(cep);
1886 
1887 		if (cep->cm_id) {
1888 			cep->cm_id->rem_ref(cep->cm_id);
1889 			cep->cm_id = NULL;
1890 		}
1891 		cep->sock = NULL;
1892 		siw_socket_disassoc(s);
1893 		cep->state = SIW_EPSTATE_CLOSED;
1894 
1895 		siw_cep_set_free(cep);
1896 		siw_cep_put(cep);
1897 	}
1898 	sock_release(s);
1899 
1900 	return rv;
1901 }
1902 
1903 static void siw_drop_listeners(struct iw_cm_id *id)
1904 {
1905 	struct list_head *p, *tmp;
1906 
1907 	/*
1908 	 * In case of a wildcard rdma_listen on a multi-homed device,
1909 	 * a listener's IWCM id is associated with more than one listening CEP.
1910 	 */
1911 	list_for_each_safe(p, tmp, (struct list_head *)id->provider_data) {
1912 		struct siw_cep *cep = list_entry(p, struct siw_cep, listenq);
1913 
1914 		list_del(p);
1915 
1916 		siw_dbg_cep(cep, "drop cep, state %d\n", cep->state);
1917 
1918 		siw_cep_set_inuse(cep);
1919 
1920 		if (cep->cm_id) {
1921 			cep->cm_id->rem_ref(cep->cm_id);
1922 			cep->cm_id = NULL;
1923 		}
1924 		if (cep->sock) {
1925 			siw_socket_disassoc(cep->sock);
1926 			sock_release(cep->sock);
1927 			cep->sock = NULL;
1928 		}
1929 		cep->state = SIW_EPSTATE_CLOSED;
1930 		siw_cep_set_free(cep);
1931 		siw_cep_put(cep);
1932 	}
1933 }
1934 
1935 /*
1936  * siw_create_listen - Create resources for a listener's IWCM ID @id
1937  *
1938  * Listens on the socket addresses id->local_addr and id->remote_addr.
1939  *
1940  * If the listener's @id provides a specific local IP address, at most one
1941  * listening socket is created and associated with @id.
1942  *
1943  * If the listener's @id provides the wildcard (zero) local IP address,
1944  * a separate listen is performed for each local IP address of the device
1945  * by creating a listening socket and binding to that local IP address.
1946  *
1947  */
1948 int siw_create_listen(struct iw_cm_id *id, int backlog)
1949 {
1950 	struct net_device *dev = to_siw_dev(id->device)->netdev;
1951 	int rv = 0, listeners = 0;
1952 
1953 	siw_dbg(id->device, "backlog %d\n", backlog);
1954 
1955 	/*
1956 	 * For each attached address of the interface, create a
1957 	 * listening socket, if id->local_addr is the wildcard
1958 	 * IP address or matches the IP address.
1959 	 */
1960 	if (id->local_addr.ss_family == AF_INET) {
1961 		struct in_device *in_dev = in_dev_get(dev);
1962 		struct sockaddr_in s_laddr, *s_raddr;
1963 		const struct in_ifaddr *ifa;
1964 
1965 		if (!in_dev) {
1966 			rv = -ENODEV;
1967 			goto out;
1968 		}
1969 		memcpy(&s_laddr, &id->local_addr, sizeof(s_laddr));
1970 		s_raddr = (struct sockaddr_in *)&id->remote_addr;
1971 
1972 		siw_dbg(id->device,
1973 			"laddr %pI4:%d, raddr %pI4:%d\n",
1974 			&s_laddr.sin_addr, ntohs(s_laddr.sin_port),
1975 			&s_raddr->sin_addr, ntohs(s_raddr->sin_port));
1976 
1977 		rtnl_lock();
1978 		in_dev_for_each_ifa_rtnl(ifa, in_dev) {
1979 			if (ipv4_is_zeronet(s_laddr.sin_addr.s_addr) ||
1980 			    s_laddr.sin_addr.s_addr == ifa->ifa_address) {
1981 				s_laddr.sin_addr.s_addr = ifa->ifa_address;
1982 
1983 				rv = siw_listen_address(id, backlog,
1984 						(struct sockaddr *)&s_laddr,
1985 						AF_INET);
1986 				if (!rv)
1987 					listeners++;
1988 			}
1989 		}
1990 		rtnl_unlock();
1991 		in_dev_put(in_dev);
1992 	} else if (id->local_addr.ss_family == AF_INET6) {
1993 		struct inet6_dev *in6_dev = in6_dev_get(dev);
1994 		struct inet6_ifaddr *ifp;
1995 		struct sockaddr_in6 *s_laddr = &to_sockaddr_in6(id->local_addr),
1996 			*s_raddr = &to_sockaddr_in6(id->remote_addr);
1997 
1998 		if (!in6_dev) {
1999 			rv = -ENODEV;
2000 			goto out;
2001 		}
2002 		siw_dbg(id->device,
2003 			"laddr %pI6:%d, raddr %pI6:%d\n",
2004 			&s_laddr->sin6_addr, ntohs(s_laddr->sin6_port),
2005 			&s_raddr->sin6_addr, ntohs(s_raddr->sin6_port));
2006 
2007 		rtnl_lock();
2008 		list_for_each_entry(ifp, &in6_dev->addr_list, if_list) {
2009 			if (ifp->flags & (IFA_F_TENTATIVE | IFA_F_DEPRECATED))
2010 				continue;
2011 			if (ipv6_addr_any(&s_laddr->sin6_addr) ||
2012 			    ipv6_addr_equal(&s_laddr->sin6_addr, &ifp->addr)) {
2013 				struct sockaddr_in6 bind_addr  = {
2014 					.sin6_family = AF_INET6,
2015 					.sin6_port = s_laddr->sin6_port,
2016 					.sin6_flowinfo = 0,
2017 					.sin6_addr = ifp->addr,
2018 					.sin6_scope_id = dev->ifindex };
2019 
2020 				rv = siw_listen_address(id, backlog,
2021 						(struct sockaddr *)&bind_addr,
2022 						AF_INET6);
2023 				if (!rv)
2024 					listeners++;
2025 			}
2026 		}
2027 		rtnl_unlock();
2028 		in6_dev_put(in6_dev);
2029 	} else {
2030 		rv = -EAFNOSUPPORT;
2031 	}
2032 out:
2033 	if (listeners)
2034 		rv = 0;
2035 	else if (!rv)
2036 		rv = -EINVAL;
2037 
2038 	siw_dbg(id->device, "%s\n", rv ? "FAIL" : "OK");
2039 
2040 	return rv;
2041 }
2042 
2043 int siw_destroy_listen(struct iw_cm_id *id)
2044 {
2045 	if (!id->provider_data) {
2046 		siw_dbg(id->device, "no cep(s)\n");
2047 		return 0;
2048 	}
2049 	siw_drop_listeners(id);
2050 	kfree(id->provider_data);
2051 	id->provider_data = NULL;
2052 
2053 	return 0;
2054 }
2055 
2056 int siw_cm_init(void)
2057 {
2058 	/*
2059 	 * create_single_workqueue for strict ordering
2060 	 */
2061 	siw_cm_wq = create_singlethread_workqueue("siw_cm_wq");
2062 	if (!siw_cm_wq)
2063 		return -ENOMEM;
2064 
2065 	return 0;
2066 }
2067 
2068 void siw_cm_exit(void)
2069 {
2070 	if (siw_cm_wq) {
2071 		flush_workqueue(siw_cm_wq);
2072 		destroy_workqueue(siw_cm_wq);
2073 	}
2074 }
2075