1 /*
2  * Copyright (c) 2004, 2005, 2006 Voltaire, Inc. All rights reserved.
3  * Copyright (c) 2005, 2006 Cisco Systems.  All rights reserved.
4  * Copyright (c) 2013-2014 Mellanox Technologies. All rights reserved.
5  *
6  * This software is available to you under a choice of one of two
7  * licenses.  You may choose to be licensed under the terms of the GNU
8  * General Public License (GPL) Version 2, available from the file
9  * COPYING in the main directory of this source tree, or the
10  * OpenIB.org BSD license below:
11  *
12  *     Redistribution and use in source and binary forms, with or
13  *     without modification, are permitted provided that the following
14  *     conditions are met:
15  *
16  *	- Redistributions of source code must retain the above
17  *	  copyright notice, this list of conditions and the following
18  *	  disclaimer.
19  *
20  *	- Redistributions in binary form must reproduce the above
21  *	  copyright notice, this list of conditions and the following
22  *	  disclaimer in the documentation and/or other materials
23  *	  provided with the distribution.
24  *
25  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
29  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
30  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
31  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32  * SOFTWARE.
33  */
34 #include <linux/kernel.h>
35 #include <linux/module.h>
36 #include <linux/slab.h>
37 #include <linux/delay.h>
38 
39 #include "iscsi_iser.h"
40 
41 #define ISCSI_ISER_MAX_CONN	8
42 #define ISER_MAX_RX_LEN		(ISER_QP_MAX_RECV_DTOS * ISCSI_ISER_MAX_CONN)
43 #define ISER_MAX_TX_LEN		(ISER_QP_MAX_REQ_DTOS  * ISCSI_ISER_MAX_CONN)
44 #define ISER_MAX_CQ_LEN		(ISER_MAX_RX_LEN + ISER_MAX_TX_LEN + \
45 				 ISCSI_ISER_MAX_CONN)
46 
47 static int iser_cq_poll_limit = 512;
48 
49 static void iser_cq_tasklet_fn(unsigned long data);
50 static void iser_cq_callback(struct ib_cq *cq, void *cq_context);
51 
52 static void iser_cq_event_callback(struct ib_event *cause, void *context)
53 {
54 	iser_err("got cq event %d \n", cause->event);
55 }
56 
57 static void iser_qp_event_callback(struct ib_event *cause, void *context)
58 {
59 	iser_err("got qp event %d\n",cause->event);
60 }
61 
62 static void iser_event_handler(struct ib_event_handler *handler,
63 				struct ib_event *event)
64 {
65 	iser_err("async event %d on device %s port %d\n", event->event,
66 		event->device->name, event->element.port_num);
67 }
68 
69 /**
70  * iser_create_device_ib_res - creates Protection Domain (PD), Completion
71  * Queue (CQ), DMA Memory Region (DMA MR) with the device associated with
72  * the adapator.
73  *
74  * returns 0 on success, -1 on failure
75  */
76 static int iser_create_device_ib_res(struct iser_device *device)
77 {
78 	struct ib_device_attr *dev_attr = &device->dev_attr;
79 	int ret, i, max_cqe;
80 
81 	ret = ib_query_device(device->ib_device, dev_attr);
82 	if (ret) {
83 		pr_warn("Query device failed for %s\n", device->ib_device->name);
84 		return ret;
85 	}
86 
87 	/* Assign function handles  - based on FMR support */
88 	if (device->ib_device->alloc_fmr && device->ib_device->dealloc_fmr &&
89 	    device->ib_device->map_phys_fmr && device->ib_device->unmap_fmr) {
90 		iser_info("FMR supported, using FMR for registration\n");
91 		device->iser_alloc_rdma_reg_res = iser_create_fmr_pool;
92 		device->iser_free_rdma_reg_res = iser_free_fmr_pool;
93 		device->iser_reg_rdma_mem = iser_reg_rdma_mem_fmr;
94 		device->iser_unreg_rdma_mem = iser_unreg_mem_fmr;
95 	} else
96 	if (dev_attr->device_cap_flags & IB_DEVICE_MEM_MGT_EXTENSIONS) {
97 		iser_info("FastReg supported, using FastReg for registration\n");
98 		device->iser_alloc_rdma_reg_res = iser_create_fastreg_pool;
99 		device->iser_free_rdma_reg_res = iser_free_fastreg_pool;
100 		device->iser_reg_rdma_mem = iser_reg_rdma_mem_fastreg;
101 		device->iser_unreg_rdma_mem = iser_unreg_mem_fastreg;
102 	} else {
103 		iser_err("IB device does not support FMRs nor FastRegs, can't register memory\n");
104 		return -1;
105 	}
106 
107 	device->comps_used = min_t(int, num_online_cpus(),
108 				 device->ib_device->num_comp_vectors);
109 
110 	device->comps = kcalloc(device->comps_used, sizeof(*device->comps),
111 				GFP_KERNEL);
112 	if (!device->comps)
113 		goto comps_err;
114 
115 	max_cqe = min(ISER_MAX_CQ_LEN, dev_attr->max_cqe);
116 
117 	iser_info("using %d CQs, device %s supports %d vectors max_cqe %d\n",
118 		  device->comps_used, device->ib_device->name,
119 		  device->ib_device->num_comp_vectors, max_cqe);
120 
121 	device->pd = ib_alloc_pd(device->ib_device);
122 	if (IS_ERR(device->pd))
123 		goto pd_err;
124 
125 	for (i = 0; i < device->comps_used; i++) {
126 		struct iser_comp *comp = &device->comps[i];
127 
128 		comp->device = device;
129 		comp->cq = ib_create_cq(device->ib_device,
130 					iser_cq_callback,
131 					iser_cq_event_callback,
132 					(void *)comp,
133 					max_cqe, i);
134 		if (IS_ERR(comp->cq)) {
135 			comp->cq = NULL;
136 			goto cq_err;
137 		}
138 
139 		if (ib_req_notify_cq(comp->cq, IB_CQ_NEXT_COMP))
140 			goto cq_err;
141 
142 		tasklet_init(&comp->tasklet, iser_cq_tasklet_fn,
143 			     (unsigned long)comp);
144 	}
145 
146 	device->mr = ib_get_dma_mr(device->pd, IB_ACCESS_LOCAL_WRITE |
147 				   IB_ACCESS_REMOTE_WRITE |
148 				   IB_ACCESS_REMOTE_READ);
149 	if (IS_ERR(device->mr))
150 		goto dma_mr_err;
151 
152 	INIT_IB_EVENT_HANDLER(&device->event_handler, device->ib_device,
153 				iser_event_handler);
154 	if (ib_register_event_handler(&device->event_handler))
155 		goto handler_err;
156 
157 	return 0;
158 
159 handler_err:
160 	ib_dereg_mr(device->mr);
161 dma_mr_err:
162 	for (i = 0; i < device->comps_used; i++)
163 		tasklet_kill(&device->comps[i].tasklet);
164 cq_err:
165 	for (i = 0; i < device->comps_used; i++) {
166 		struct iser_comp *comp = &device->comps[i];
167 
168 		if (comp->cq)
169 			ib_destroy_cq(comp->cq);
170 	}
171 	ib_dealloc_pd(device->pd);
172 pd_err:
173 	kfree(device->comps);
174 comps_err:
175 	iser_err("failed to allocate an IB resource\n");
176 	return -1;
177 }
178 
179 /**
180  * iser_free_device_ib_res - destroy/dealloc/dereg the DMA MR,
181  * CQ and PD created with the device associated with the adapator.
182  */
183 static void iser_free_device_ib_res(struct iser_device *device)
184 {
185 	int i;
186 	BUG_ON(device->mr == NULL);
187 
188 	for (i = 0; i < device->comps_used; i++) {
189 		struct iser_comp *comp = &device->comps[i];
190 
191 		tasklet_kill(&comp->tasklet);
192 		ib_destroy_cq(comp->cq);
193 		comp->cq = NULL;
194 	}
195 
196 	(void)ib_unregister_event_handler(&device->event_handler);
197 	(void)ib_dereg_mr(device->mr);
198 	(void)ib_dealloc_pd(device->pd);
199 
200 	kfree(device->comps);
201 	device->comps = NULL;
202 
203 	device->mr = NULL;
204 	device->pd = NULL;
205 }
206 
207 /**
208  * iser_create_fmr_pool - Creates FMR pool and page_vector
209  *
210  * returns 0 on success, or errno code on failure
211  */
212 int iser_create_fmr_pool(struct ib_conn *ib_conn, unsigned cmds_max)
213 {
214 	struct iser_device *device = ib_conn->device;
215 	struct ib_fmr_pool_param params;
216 	int ret = -ENOMEM;
217 
218 	ib_conn->fmr.page_vec = kmalloc(sizeof(*ib_conn->fmr.page_vec) +
219 					(sizeof(u64)*(ISCSI_ISER_SG_TABLESIZE + 1)),
220 					GFP_KERNEL);
221 	if (!ib_conn->fmr.page_vec)
222 		return ret;
223 
224 	ib_conn->fmr.page_vec->pages = (u64 *)(ib_conn->fmr.page_vec + 1);
225 
226 	params.page_shift        = SHIFT_4K;
227 	/* when the first/last SG element are not start/end *
228 	 * page aligned, the map whould be of N+1 pages     */
229 	params.max_pages_per_fmr = ISCSI_ISER_SG_TABLESIZE + 1;
230 	/* make the pool size twice the max number of SCSI commands *
231 	 * the ML is expected to queue, watermark for unmap at 50%  */
232 	params.pool_size	 = cmds_max * 2;
233 	params.dirty_watermark	 = cmds_max;
234 	params.cache		 = 0;
235 	params.flush_function	 = NULL;
236 	params.access		 = (IB_ACCESS_LOCAL_WRITE  |
237 				    IB_ACCESS_REMOTE_WRITE |
238 				    IB_ACCESS_REMOTE_READ);
239 
240 	ib_conn->fmr.pool = ib_create_fmr_pool(device->pd, &params);
241 	if (!IS_ERR(ib_conn->fmr.pool))
242 		return 0;
243 
244 	/* no FMR => no need for page_vec */
245 	kfree(ib_conn->fmr.page_vec);
246 	ib_conn->fmr.page_vec = NULL;
247 
248 	ret = PTR_ERR(ib_conn->fmr.pool);
249 	ib_conn->fmr.pool = NULL;
250 	if (ret != -ENOSYS) {
251 		iser_err("FMR allocation failed, err %d\n", ret);
252 		return ret;
253 	} else {
254 		iser_warn("FMRs are not supported, using unaligned mode\n");
255 		return 0;
256 	}
257 }
258 
259 /**
260  * iser_free_fmr_pool - releases the FMR pool and page vec
261  */
262 void iser_free_fmr_pool(struct ib_conn *ib_conn)
263 {
264 	iser_info("freeing conn %p fmr pool %p\n",
265 		  ib_conn, ib_conn->fmr.pool);
266 
267 	if (ib_conn->fmr.pool != NULL)
268 		ib_destroy_fmr_pool(ib_conn->fmr.pool);
269 
270 	ib_conn->fmr.pool = NULL;
271 
272 	kfree(ib_conn->fmr.page_vec);
273 	ib_conn->fmr.page_vec = NULL;
274 }
275 
276 static int
277 iser_create_fastreg_desc(struct ib_device *ib_device, struct ib_pd *pd,
278 			 bool pi_enable, struct fast_reg_descriptor *desc)
279 {
280 	int ret;
281 
282 	desc->data_frpl = ib_alloc_fast_reg_page_list(ib_device,
283 						      ISCSI_ISER_SG_TABLESIZE + 1);
284 	if (IS_ERR(desc->data_frpl)) {
285 		ret = PTR_ERR(desc->data_frpl);
286 		iser_err("Failed to allocate ib_fast_reg_page_list err=%d\n",
287 			 ret);
288 		return PTR_ERR(desc->data_frpl);
289 	}
290 
291 	desc->data_mr = ib_alloc_fast_reg_mr(pd, ISCSI_ISER_SG_TABLESIZE + 1);
292 	if (IS_ERR(desc->data_mr)) {
293 		ret = PTR_ERR(desc->data_mr);
294 		iser_err("Failed to allocate ib_fast_reg_mr err=%d\n", ret);
295 		goto fast_reg_mr_failure;
296 	}
297 	desc->reg_indicators |= ISER_DATA_KEY_VALID;
298 
299 	if (pi_enable) {
300 		struct ib_mr_init_attr mr_init_attr = {0};
301 		struct iser_pi_context *pi_ctx = NULL;
302 
303 		desc->pi_ctx = kzalloc(sizeof(*desc->pi_ctx), GFP_KERNEL);
304 		if (!desc->pi_ctx) {
305 			iser_err("Failed to allocate pi context\n");
306 			ret = -ENOMEM;
307 			goto pi_ctx_alloc_failure;
308 		}
309 		pi_ctx = desc->pi_ctx;
310 
311 		pi_ctx->prot_frpl = ib_alloc_fast_reg_page_list(ib_device,
312 						    ISCSI_ISER_SG_TABLESIZE);
313 		if (IS_ERR(pi_ctx->prot_frpl)) {
314 			ret = PTR_ERR(pi_ctx->prot_frpl);
315 			iser_err("Failed to allocate prot frpl ret=%d\n",
316 				 ret);
317 			goto prot_frpl_failure;
318 		}
319 
320 		pi_ctx->prot_mr = ib_alloc_fast_reg_mr(pd,
321 						ISCSI_ISER_SG_TABLESIZE + 1);
322 		if (IS_ERR(pi_ctx->prot_mr)) {
323 			ret = PTR_ERR(pi_ctx->prot_mr);
324 			iser_err("Failed to allocate prot frmr ret=%d\n",
325 				 ret);
326 			goto prot_mr_failure;
327 		}
328 		desc->reg_indicators |= ISER_PROT_KEY_VALID;
329 
330 		mr_init_attr.max_reg_descriptors = 2;
331 		mr_init_attr.flags |= IB_MR_SIGNATURE_EN;
332 		pi_ctx->sig_mr = ib_create_mr(pd, &mr_init_attr);
333 		if (IS_ERR(pi_ctx->sig_mr)) {
334 			ret = PTR_ERR(pi_ctx->sig_mr);
335 			iser_err("Failed to allocate signature enabled mr err=%d\n",
336 				 ret);
337 			goto sig_mr_failure;
338 		}
339 		desc->reg_indicators |= ISER_SIG_KEY_VALID;
340 	}
341 	desc->reg_indicators &= ~ISER_FASTREG_PROTECTED;
342 
343 	iser_dbg("Create fr_desc %p page_list %p\n",
344 		 desc, desc->data_frpl->page_list);
345 
346 	return 0;
347 sig_mr_failure:
348 	ib_dereg_mr(desc->pi_ctx->prot_mr);
349 prot_mr_failure:
350 	ib_free_fast_reg_page_list(desc->pi_ctx->prot_frpl);
351 prot_frpl_failure:
352 	kfree(desc->pi_ctx);
353 pi_ctx_alloc_failure:
354 	ib_dereg_mr(desc->data_mr);
355 fast_reg_mr_failure:
356 	ib_free_fast_reg_page_list(desc->data_frpl);
357 
358 	return ret;
359 }
360 
361 /**
362  * iser_create_fastreg_pool - Creates pool of fast_reg descriptors
363  * for fast registration work requests.
364  * returns 0 on success, or errno code on failure
365  */
366 int iser_create_fastreg_pool(struct ib_conn *ib_conn, unsigned cmds_max)
367 {
368 	struct iser_device *device = ib_conn->device;
369 	struct fast_reg_descriptor *desc;
370 	int i, ret;
371 
372 	INIT_LIST_HEAD(&ib_conn->fastreg.pool);
373 	ib_conn->fastreg.pool_size = 0;
374 	for (i = 0; i < cmds_max; i++) {
375 		desc = kzalloc(sizeof(*desc), GFP_KERNEL);
376 		if (!desc) {
377 			iser_err("Failed to allocate a new fast_reg descriptor\n");
378 			ret = -ENOMEM;
379 			goto err;
380 		}
381 
382 		ret = iser_create_fastreg_desc(device->ib_device, device->pd,
383 					       ib_conn->pi_support, desc);
384 		if (ret) {
385 			iser_err("Failed to create fastreg descriptor err=%d\n",
386 				 ret);
387 			kfree(desc);
388 			goto err;
389 		}
390 
391 		list_add_tail(&desc->list, &ib_conn->fastreg.pool);
392 		ib_conn->fastreg.pool_size++;
393 	}
394 
395 	return 0;
396 
397 err:
398 	iser_free_fastreg_pool(ib_conn);
399 	return ret;
400 }
401 
402 /**
403  * iser_free_fastreg_pool - releases the pool of fast_reg descriptors
404  */
405 void iser_free_fastreg_pool(struct ib_conn *ib_conn)
406 {
407 	struct fast_reg_descriptor *desc, *tmp;
408 	int i = 0;
409 
410 	if (list_empty(&ib_conn->fastreg.pool))
411 		return;
412 
413 	iser_info("freeing conn %p fr pool\n", ib_conn);
414 
415 	list_for_each_entry_safe(desc, tmp, &ib_conn->fastreg.pool, list) {
416 		list_del(&desc->list);
417 		ib_free_fast_reg_page_list(desc->data_frpl);
418 		ib_dereg_mr(desc->data_mr);
419 		if (desc->pi_ctx) {
420 			ib_free_fast_reg_page_list(desc->pi_ctx->prot_frpl);
421 			ib_dereg_mr(desc->pi_ctx->prot_mr);
422 			ib_destroy_mr(desc->pi_ctx->sig_mr);
423 			kfree(desc->pi_ctx);
424 		}
425 		kfree(desc);
426 		++i;
427 	}
428 
429 	if (i < ib_conn->fastreg.pool_size)
430 		iser_warn("pool still has %d regions registered\n",
431 			  ib_conn->fastreg.pool_size - i);
432 }
433 
434 /**
435  * iser_create_ib_conn_res - Queue-Pair (QP)
436  *
437  * returns 0 on success, -1 on failure
438  */
439 static int iser_create_ib_conn_res(struct ib_conn *ib_conn)
440 {
441 	struct iser_conn *iser_conn = container_of(ib_conn, struct iser_conn,
442 						   ib_conn);
443 	struct iser_device	*device;
444 	struct ib_device_attr *dev_attr;
445 	struct ib_qp_init_attr	init_attr;
446 	int			ret = -ENOMEM;
447 	int index, min_index = 0;
448 
449 	BUG_ON(ib_conn->device == NULL);
450 
451 	device = ib_conn->device;
452 	dev_attr = &device->dev_attr;
453 
454 	memset(&init_attr, 0, sizeof init_attr);
455 
456 	mutex_lock(&ig.connlist_mutex);
457 	/* select the CQ with the minimal number of usages */
458 	for (index = 0; index < device->comps_used; index++) {
459 		if (device->comps[index].active_qps <
460 		    device->comps[min_index].active_qps)
461 			min_index = index;
462 	}
463 	ib_conn->comp = &device->comps[min_index];
464 	ib_conn->comp->active_qps++;
465 	mutex_unlock(&ig.connlist_mutex);
466 	iser_info("cq index %d used for ib_conn %p\n", min_index, ib_conn);
467 
468 	init_attr.event_handler = iser_qp_event_callback;
469 	init_attr.qp_context	= (void *)ib_conn;
470 	init_attr.send_cq	= ib_conn->comp->cq;
471 	init_attr.recv_cq	= ib_conn->comp->cq;
472 	init_attr.cap.max_recv_wr  = ISER_QP_MAX_RECV_DTOS;
473 	init_attr.cap.max_send_sge = 2;
474 	init_attr.cap.max_recv_sge = 1;
475 	init_attr.sq_sig_type	= IB_SIGNAL_REQ_WR;
476 	init_attr.qp_type	= IB_QPT_RC;
477 	if (ib_conn->pi_support) {
478 		init_attr.cap.max_send_wr = ISER_QP_SIG_MAX_REQ_DTOS + 1;
479 		init_attr.create_flags |= IB_QP_CREATE_SIGNATURE_EN;
480 		iser_conn->max_cmds =
481 			ISER_GET_MAX_XMIT_CMDS(ISER_QP_SIG_MAX_REQ_DTOS);
482 	} else {
483 		if (dev_attr->max_qp_wr > ISER_QP_MAX_REQ_DTOS) {
484 			init_attr.cap.max_send_wr  = ISER_QP_MAX_REQ_DTOS + 1;
485 			iser_conn->max_cmds =
486 				ISER_GET_MAX_XMIT_CMDS(ISER_QP_MAX_REQ_DTOS);
487 		} else {
488 			init_attr.cap.max_send_wr = dev_attr->max_qp_wr;
489 			iser_conn->max_cmds =
490 				ISER_GET_MAX_XMIT_CMDS(dev_attr->max_qp_wr);
491 			iser_dbg("device %s supports max_send_wr %d\n",
492 				 device->ib_device->name, dev_attr->max_qp_wr);
493 		}
494 	}
495 
496 	ret = rdma_create_qp(ib_conn->cma_id, device->pd, &init_attr);
497 	if (ret)
498 		goto out_err;
499 
500 	ib_conn->qp = ib_conn->cma_id->qp;
501 	iser_info("setting conn %p cma_id %p qp %p\n",
502 		  ib_conn, ib_conn->cma_id,
503 		  ib_conn->cma_id->qp);
504 	return ret;
505 
506 out_err:
507 	mutex_lock(&ig.connlist_mutex);
508 	ib_conn->comp->active_qps--;
509 	mutex_unlock(&ig.connlist_mutex);
510 	iser_err("unable to alloc mem or create resource, err %d\n", ret);
511 
512 	return ret;
513 }
514 
515 /**
516  * based on the resolved device node GUID see if there already allocated
517  * device for this device. If there's no such, create one.
518  */
519 static
520 struct iser_device *iser_device_find_by_ib_device(struct rdma_cm_id *cma_id)
521 {
522 	struct iser_device *device;
523 
524 	mutex_lock(&ig.device_list_mutex);
525 
526 	list_for_each_entry(device, &ig.device_list, ig_list)
527 		/* find if there's a match using the node GUID */
528 		if (device->ib_device->node_guid == cma_id->device->node_guid)
529 			goto inc_refcnt;
530 
531 	device = kzalloc(sizeof *device, GFP_KERNEL);
532 	if (device == NULL)
533 		goto out;
534 
535 	/* assign this device to the device */
536 	device->ib_device = cma_id->device;
537 	/* init the device and link it into ig device list */
538 	if (iser_create_device_ib_res(device)) {
539 		kfree(device);
540 		device = NULL;
541 		goto out;
542 	}
543 	list_add(&device->ig_list, &ig.device_list);
544 
545 inc_refcnt:
546 	device->refcount++;
547 out:
548 	mutex_unlock(&ig.device_list_mutex);
549 	return device;
550 }
551 
552 /* if there's no demand for this device, release it */
553 static void iser_device_try_release(struct iser_device *device)
554 {
555 	mutex_lock(&ig.device_list_mutex);
556 	device->refcount--;
557 	iser_info("device %p refcount %d\n", device, device->refcount);
558 	if (!device->refcount) {
559 		iser_free_device_ib_res(device);
560 		list_del(&device->ig_list);
561 		kfree(device);
562 	}
563 	mutex_unlock(&ig.device_list_mutex);
564 }
565 
566 /**
567  * Called with state mutex held
568  **/
569 static int iser_conn_state_comp_exch(struct iser_conn *iser_conn,
570 				     enum iser_conn_state comp,
571 				     enum iser_conn_state exch)
572 {
573 	int ret;
574 
575 	ret = (iser_conn->state == comp);
576 	if (ret)
577 		iser_conn->state = exch;
578 
579 	return ret;
580 }
581 
582 void iser_release_work(struct work_struct *work)
583 {
584 	struct iser_conn *iser_conn;
585 
586 	iser_conn = container_of(work, struct iser_conn, release_work);
587 
588 	/* Wait for conn_stop to complete */
589 	wait_for_completion(&iser_conn->stop_completion);
590 	/* Wait for IB resouces cleanup to complete */
591 	wait_for_completion(&iser_conn->ib_completion);
592 
593 	mutex_lock(&iser_conn->state_mutex);
594 	iser_conn->state = ISER_CONN_DOWN;
595 	mutex_unlock(&iser_conn->state_mutex);
596 
597 	iser_conn_release(iser_conn);
598 }
599 
600 /**
601  * iser_free_ib_conn_res - release IB related resources
602  * @iser_conn: iser connection struct
603  * @destroy: indicator if we need to try to release the
604  *     iser device and memory regoins pool (only iscsi
605  *     shutdown and DEVICE_REMOVAL will use this).
606  *
607  * This routine is called with the iser state mutex held
608  * so the cm_id removal is out of here. It is Safe to
609  * be invoked multiple times.
610  */
611 static void iser_free_ib_conn_res(struct iser_conn *iser_conn,
612 				  bool destroy)
613 {
614 	struct ib_conn *ib_conn = &iser_conn->ib_conn;
615 	struct iser_device *device = ib_conn->device;
616 
617 	iser_info("freeing conn %p cma_id %p qp %p\n",
618 		  iser_conn, ib_conn->cma_id, ib_conn->qp);
619 
620 	if (ib_conn->qp != NULL) {
621 		ib_conn->comp->active_qps--;
622 		rdma_destroy_qp(ib_conn->cma_id);
623 		ib_conn->qp = NULL;
624 	}
625 
626 	if (destroy) {
627 		if (iser_conn->rx_descs)
628 			iser_free_rx_descriptors(iser_conn);
629 
630 		if (device != NULL) {
631 			iser_device_try_release(device);
632 			ib_conn->device = NULL;
633 		}
634 	}
635 }
636 
637 /**
638  * Frees all conn objects and deallocs conn descriptor
639  */
640 void iser_conn_release(struct iser_conn *iser_conn)
641 {
642 	struct ib_conn *ib_conn = &iser_conn->ib_conn;
643 
644 	mutex_lock(&ig.connlist_mutex);
645 	list_del(&iser_conn->conn_list);
646 	mutex_unlock(&ig.connlist_mutex);
647 
648 	mutex_lock(&iser_conn->state_mutex);
649 	/* In case we endup here without ep_disconnect being invoked. */
650 	if (iser_conn->state != ISER_CONN_DOWN) {
651 		iser_warn("iser conn %p state %d, expected state down.\n",
652 			  iser_conn, iser_conn->state);
653 		iscsi_destroy_endpoint(iser_conn->ep);
654 		iser_conn->state = ISER_CONN_DOWN;
655 	}
656 	/*
657 	 * In case we never got to bind stage, we still need to
658 	 * release IB resources (which is safe to call more than once).
659 	 */
660 	iser_free_ib_conn_res(iser_conn, true);
661 	mutex_unlock(&iser_conn->state_mutex);
662 
663 	if (ib_conn->cma_id != NULL) {
664 		rdma_destroy_id(ib_conn->cma_id);
665 		ib_conn->cma_id = NULL;
666 	}
667 
668 	kfree(iser_conn);
669 }
670 
671 /**
672  * triggers start of the disconnect procedures and wait for them to be done
673  * Called with state mutex held
674  */
675 int iser_conn_terminate(struct iser_conn *iser_conn)
676 {
677 	struct ib_conn *ib_conn = &iser_conn->ib_conn;
678 	struct ib_send_wr *bad_wr;
679 	int err = 0;
680 
681 	/* terminate the iser conn only if the conn state is UP */
682 	if (!iser_conn_state_comp_exch(iser_conn, ISER_CONN_UP,
683 				       ISER_CONN_TERMINATING))
684 		return 0;
685 
686 	iser_info("iser_conn %p state %d\n", iser_conn, iser_conn->state);
687 
688 	/* suspend queuing of new iscsi commands */
689 	if (iser_conn->iscsi_conn)
690 		iscsi_suspend_queue(iser_conn->iscsi_conn);
691 
692 	/*
693 	 * In case we didn't already clean up the cma_id (peer initiated
694 	 * a disconnection), we need to Cause the CMA to change the QP
695 	 * state to ERROR.
696 	 */
697 	if (ib_conn->cma_id) {
698 		err = rdma_disconnect(ib_conn->cma_id);
699 		if (err)
700 			iser_err("Failed to disconnect, conn: 0x%p err %d\n",
701 				 iser_conn, err);
702 
703 		/* post an indication that all flush errors were consumed */
704 		err = ib_post_send(ib_conn->qp, &ib_conn->beacon, &bad_wr);
705 		if (err) {
706 			iser_err("conn %p failed to post beacon", ib_conn);
707 			return 1;
708 		}
709 
710 		wait_for_completion(&ib_conn->flush_comp);
711 	}
712 
713 	return 1;
714 }
715 
716 /**
717  * Called with state mutex held
718  **/
719 static void iser_connect_error(struct rdma_cm_id *cma_id)
720 {
721 	struct iser_conn *iser_conn;
722 
723 	iser_conn = (struct iser_conn *)cma_id->context;
724 	iser_conn->state = ISER_CONN_DOWN;
725 }
726 
727 /**
728  * Called with state mutex held
729  **/
730 static void iser_addr_handler(struct rdma_cm_id *cma_id)
731 {
732 	struct iser_device *device;
733 	struct iser_conn   *iser_conn;
734 	struct ib_conn   *ib_conn;
735 	int    ret;
736 
737 	iser_conn = (struct iser_conn *)cma_id->context;
738 	if (iser_conn->state != ISER_CONN_PENDING)
739 		/* bailout */
740 		return;
741 
742 	ib_conn = &iser_conn->ib_conn;
743 	device = iser_device_find_by_ib_device(cma_id);
744 	if (!device) {
745 		iser_err("device lookup/creation failed\n");
746 		iser_connect_error(cma_id);
747 		return;
748 	}
749 
750 	ib_conn->device = device;
751 
752 	/* connection T10-PI support */
753 	if (iser_pi_enable) {
754 		if (!(device->dev_attr.device_cap_flags &
755 		      IB_DEVICE_SIGNATURE_HANDOVER)) {
756 			iser_warn("T10-PI requested but not supported on %s, "
757 				  "continue without T10-PI\n",
758 				  ib_conn->device->ib_device->name);
759 			ib_conn->pi_support = false;
760 		} else {
761 			ib_conn->pi_support = true;
762 		}
763 	}
764 
765 	ret = rdma_resolve_route(cma_id, 1000);
766 	if (ret) {
767 		iser_err("resolve route failed: %d\n", ret);
768 		iser_connect_error(cma_id);
769 		return;
770 	}
771 }
772 
773 /**
774  * Called with state mutex held
775  **/
776 static void iser_route_handler(struct rdma_cm_id *cma_id)
777 {
778 	struct rdma_conn_param conn_param;
779 	int    ret;
780 	struct iser_cm_hdr req_hdr;
781 	struct iser_conn *iser_conn = (struct iser_conn *)cma_id->context;
782 	struct ib_conn *ib_conn = &iser_conn->ib_conn;
783 	struct iser_device *device = ib_conn->device;
784 
785 	if (iser_conn->state != ISER_CONN_PENDING)
786 		/* bailout */
787 		return;
788 
789 	ret = iser_create_ib_conn_res(ib_conn);
790 	if (ret)
791 		goto failure;
792 
793 	memset(&conn_param, 0, sizeof conn_param);
794 	conn_param.responder_resources = device->dev_attr.max_qp_rd_atom;
795 	conn_param.initiator_depth     = 1;
796 	conn_param.retry_count	       = 7;
797 	conn_param.rnr_retry_count     = 6;
798 
799 	memset(&req_hdr, 0, sizeof(req_hdr));
800 	req_hdr.flags = (ISER_ZBVA_NOT_SUPPORTED |
801 			ISER_SEND_W_INV_NOT_SUPPORTED);
802 	conn_param.private_data		= (void *)&req_hdr;
803 	conn_param.private_data_len	= sizeof(struct iser_cm_hdr);
804 
805 	ret = rdma_connect(cma_id, &conn_param);
806 	if (ret) {
807 		iser_err("failure connecting: %d\n", ret);
808 		goto failure;
809 	}
810 
811 	return;
812 failure:
813 	iser_connect_error(cma_id);
814 }
815 
816 static void iser_connected_handler(struct rdma_cm_id *cma_id)
817 {
818 	struct iser_conn *iser_conn;
819 	struct ib_qp_attr attr;
820 	struct ib_qp_init_attr init_attr;
821 
822 	iser_conn = (struct iser_conn *)cma_id->context;
823 	if (iser_conn->state != ISER_CONN_PENDING)
824 		/* bailout */
825 		return;
826 
827 	(void)ib_query_qp(cma_id->qp, &attr, ~0, &init_attr);
828 	iser_info("remote qpn:%x my qpn:%x\n", attr.dest_qp_num, cma_id->qp->qp_num);
829 
830 	iser_conn->state = ISER_CONN_UP;
831 	complete(&iser_conn->up_completion);
832 }
833 
834 static void iser_disconnected_handler(struct rdma_cm_id *cma_id)
835 {
836 	struct iser_conn *iser_conn = (struct iser_conn *)cma_id->context;
837 
838 	if (iser_conn_terminate(iser_conn)) {
839 		if (iser_conn->iscsi_conn)
840 			iscsi_conn_failure(iser_conn->iscsi_conn,
841 					   ISCSI_ERR_CONN_FAILED);
842 		else
843 			iser_err("iscsi_iser connection isn't bound\n");
844 	}
845 }
846 
847 static void iser_cleanup_handler(struct rdma_cm_id *cma_id,
848 				 bool destroy)
849 {
850 	struct iser_conn *iser_conn = (struct iser_conn *)cma_id->context;
851 
852 	/*
853 	 * We are not guaranteed that we visited disconnected_handler
854 	 * by now, call it here to be safe that we handle CM drep
855 	 * and flush errors.
856 	 */
857 	iser_disconnected_handler(cma_id);
858 	iser_free_ib_conn_res(iser_conn, destroy);
859 	complete(&iser_conn->ib_completion);
860 };
861 
862 static int iser_cma_handler(struct rdma_cm_id *cma_id, struct rdma_cm_event *event)
863 {
864 	struct iser_conn *iser_conn;
865 	int ret = 0;
866 
867 	iser_conn = (struct iser_conn *)cma_id->context;
868 	iser_info("event %d status %d conn %p id %p\n",
869 		  event->event, event->status, cma_id->context, cma_id);
870 
871 	mutex_lock(&iser_conn->state_mutex);
872 	switch (event->event) {
873 	case RDMA_CM_EVENT_ADDR_RESOLVED:
874 		iser_addr_handler(cma_id);
875 		break;
876 	case RDMA_CM_EVENT_ROUTE_RESOLVED:
877 		iser_route_handler(cma_id);
878 		break;
879 	case RDMA_CM_EVENT_ESTABLISHED:
880 		iser_connected_handler(cma_id);
881 		break;
882 	case RDMA_CM_EVENT_ADDR_ERROR:
883 	case RDMA_CM_EVENT_ROUTE_ERROR:
884 	case RDMA_CM_EVENT_CONNECT_ERROR:
885 	case RDMA_CM_EVENT_UNREACHABLE:
886 	case RDMA_CM_EVENT_REJECTED:
887 		iser_connect_error(cma_id);
888 		break;
889 	case RDMA_CM_EVENT_DISCONNECTED:
890 	case RDMA_CM_EVENT_ADDR_CHANGE:
891 	case RDMA_CM_EVENT_TIMEWAIT_EXIT:
892 		iser_cleanup_handler(cma_id, false);
893 		break;
894 	case RDMA_CM_EVENT_DEVICE_REMOVAL:
895 		/*
896 		 * we *must* destroy the device as we cannot rely
897 		 * on iscsid to be around to initiate error handling.
898 		 * also if we are not in state DOWN implicitly destroy
899 		 * the cma_id.
900 		 */
901 		iser_cleanup_handler(cma_id, true);
902 		if (iser_conn->state != ISER_CONN_DOWN) {
903 			iser_conn->ib_conn.cma_id = NULL;
904 			ret = 1;
905 		}
906 		break;
907 	default:
908 		iser_err("Unexpected RDMA CM event (%d)\n", event->event);
909 		break;
910 	}
911 	mutex_unlock(&iser_conn->state_mutex);
912 
913 	return ret;
914 }
915 
916 void iser_conn_init(struct iser_conn *iser_conn)
917 {
918 	iser_conn->state = ISER_CONN_INIT;
919 	iser_conn->ib_conn.post_recv_buf_count = 0;
920 	init_completion(&iser_conn->ib_conn.flush_comp);
921 	init_completion(&iser_conn->stop_completion);
922 	init_completion(&iser_conn->ib_completion);
923 	init_completion(&iser_conn->up_completion);
924 	INIT_LIST_HEAD(&iser_conn->conn_list);
925 	spin_lock_init(&iser_conn->ib_conn.lock);
926 	mutex_init(&iser_conn->state_mutex);
927 }
928 
929  /**
930  * starts the process of connecting to the target
931  * sleeps until the connection is established or rejected
932  */
933 int iser_connect(struct iser_conn   *iser_conn,
934 		 struct sockaddr    *src_addr,
935 		 struct sockaddr    *dst_addr,
936 		 int                 non_blocking)
937 {
938 	struct ib_conn *ib_conn = &iser_conn->ib_conn;
939 	int err = 0;
940 
941 	mutex_lock(&iser_conn->state_mutex);
942 
943 	sprintf(iser_conn->name, "%pISp", dst_addr);
944 
945 	iser_info("connecting to: %s\n", iser_conn->name);
946 
947 	/* the device is known only --after-- address resolution */
948 	ib_conn->device = NULL;
949 
950 	iser_conn->state = ISER_CONN_PENDING;
951 
952 	ib_conn->beacon.wr_id = ISER_BEACON_WRID;
953 	ib_conn->beacon.opcode = IB_WR_SEND;
954 
955 	ib_conn->cma_id = rdma_create_id(iser_cma_handler,
956 					 (void *)iser_conn,
957 					 RDMA_PS_TCP, IB_QPT_RC);
958 	if (IS_ERR(ib_conn->cma_id)) {
959 		err = PTR_ERR(ib_conn->cma_id);
960 		iser_err("rdma_create_id failed: %d\n", err);
961 		goto id_failure;
962 	}
963 
964 	err = rdma_resolve_addr(ib_conn->cma_id, src_addr, dst_addr, 1000);
965 	if (err) {
966 		iser_err("rdma_resolve_addr failed: %d\n", err);
967 		goto addr_failure;
968 	}
969 
970 	if (!non_blocking) {
971 		wait_for_completion_interruptible(&iser_conn->up_completion);
972 
973 		if (iser_conn->state != ISER_CONN_UP) {
974 			err =  -EIO;
975 			goto connect_failure;
976 		}
977 	}
978 	mutex_unlock(&iser_conn->state_mutex);
979 
980 	mutex_lock(&ig.connlist_mutex);
981 	list_add(&iser_conn->conn_list, &ig.connlist);
982 	mutex_unlock(&ig.connlist_mutex);
983 	return 0;
984 
985 id_failure:
986 	ib_conn->cma_id = NULL;
987 addr_failure:
988 	iser_conn->state = ISER_CONN_DOWN;
989 connect_failure:
990 	mutex_unlock(&iser_conn->state_mutex);
991 	iser_conn_release(iser_conn);
992 	return err;
993 }
994 
995 /**
996  * iser_reg_page_vec - Register physical memory
997  *
998  * returns: 0 on success, errno code on failure
999  */
1000 int iser_reg_page_vec(struct ib_conn *ib_conn,
1001 		      struct iser_page_vec *page_vec,
1002 		      struct iser_mem_reg  *mem_reg)
1003 {
1004 	struct ib_pool_fmr *mem;
1005 	u64		   io_addr;
1006 	u64		   *page_list;
1007 	int		   status;
1008 
1009 	page_list = page_vec->pages;
1010 	io_addr	  = page_list[0];
1011 
1012 	mem  = ib_fmr_pool_map_phys(ib_conn->fmr.pool,
1013 				    page_list,
1014 				    page_vec->length,
1015 				    io_addr);
1016 
1017 	if (IS_ERR(mem)) {
1018 		status = (int)PTR_ERR(mem);
1019 		iser_err("ib_fmr_pool_map_phys failed: %d\n", status);
1020 		return status;
1021 	}
1022 
1023 	mem_reg->lkey  = mem->fmr->lkey;
1024 	mem_reg->rkey  = mem->fmr->rkey;
1025 	mem_reg->len   = page_vec->length * SIZE_4K;
1026 	mem_reg->va    = io_addr;
1027 	mem_reg->mem_h = (void *)mem;
1028 
1029 	mem_reg->va   += page_vec->offset;
1030 	mem_reg->len   = page_vec->data_size;
1031 
1032 	iser_dbg("PHYSICAL Mem.register, [PHYS p_array: 0x%p, sz: %d, "
1033 		 "entry[0]: (0x%08lx,%ld)] -> "
1034 		 "[lkey: 0x%08X mem_h: 0x%p va: 0x%08lX sz: %ld]\n",
1035 		 page_vec, page_vec->length,
1036 		 (unsigned long)page_vec->pages[0],
1037 		 (unsigned long)page_vec->data_size,
1038 		 (unsigned int)mem_reg->lkey, mem_reg->mem_h,
1039 		 (unsigned long)mem_reg->va, (unsigned long)mem_reg->len);
1040 	return 0;
1041 }
1042 
1043 /**
1044  * Unregister (previosuly registered using FMR) memory.
1045  * If memory is non-FMR does nothing.
1046  */
1047 void iser_unreg_mem_fmr(struct iscsi_iser_task *iser_task,
1048 			enum iser_data_dir cmd_dir)
1049 {
1050 	struct iser_mem_reg *reg = &iser_task->rdma_regd[cmd_dir].reg;
1051 	int ret;
1052 
1053 	if (!reg->mem_h)
1054 		return;
1055 
1056 	iser_dbg("PHYSICAL Mem.Unregister mem_h %p\n",reg->mem_h);
1057 
1058 	ret = ib_fmr_pool_unmap((struct ib_pool_fmr *)reg->mem_h);
1059 	if (ret)
1060 		iser_err("ib_fmr_pool_unmap failed %d\n", ret);
1061 
1062 	reg->mem_h = NULL;
1063 }
1064 
1065 void iser_unreg_mem_fastreg(struct iscsi_iser_task *iser_task,
1066 			    enum iser_data_dir cmd_dir)
1067 {
1068 	struct iser_mem_reg *reg = &iser_task->rdma_regd[cmd_dir].reg;
1069 	struct iser_conn *iser_conn = iser_task->iser_conn;
1070 	struct ib_conn *ib_conn = &iser_conn->ib_conn;
1071 	struct fast_reg_descriptor *desc = reg->mem_h;
1072 
1073 	if (!desc)
1074 		return;
1075 
1076 	reg->mem_h = NULL;
1077 	spin_lock_bh(&ib_conn->lock);
1078 	list_add_tail(&desc->list, &ib_conn->fastreg.pool);
1079 	spin_unlock_bh(&ib_conn->lock);
1080 }
1081 
1082 int iser_post_recvl(struct iser_conn *iser_conn)
1083 {
1084 	struct ib_recv_wr rx_wr, *rx_wr_failed;
1085 	struct ib_conn *ib_conn = &iser_conn->ib_conn;
1086 	struct ib_sge	  sge;
1087 	int ib_ret;
1088 
1089 	sge.addr   = iser_conn->login_resp_dma;
1090 	sge.length = ISER_RX_LOGIN_SIZE;
1091 	sge.lkey   = ib_conn->device->mr->lkey;
1092 
1093 	rx_wr.wr_id   = (uintptr_t)iser_conn->login_resp_buf;
1094 	rx_wr.sg_list = &sge;
1095 	rx_wr.num_sge = 1;
1096 	rx_wr.next    = NULL;
1097 
1098 	ib_conn->post_recv_buf_count++;
1099 	ib_ret	= ib_post_recv(ib_conn->qp, &rx_wr, &rx_wr_failed);
1100 	if (ib_ret) {
1101 		iser_err("ib_post_recv failed ret=%d\n", ib_ret);
1102 		ib_conn->post_recv_buf_count--;
1103 	}
1104 	return ib_ret;
1105 }
1106 
1107 int iser_post_recvm(struct iser_conn *iser_conn, int count)
1108 {
1109 	struct ib_recv_wr *rx_wr, *rx_wr_failed;
1110 	int i, ib_ret;
1111 	struct ib_conn *ib_conn = &iser_conn->ib_conn;
1112 	unsigned int my_rx_head = iser_conn->rx_desc_head;
1113 	struct iser_rx_desc *rx_desc;
1114 
1115 	for (rx_wr = ib_conn->rx_wr, i = 0; i < count; i++, rx_wr++) {
1116 		rx_desc		= &iser_conn->rx_descs[my_rx_head];
1117 		rx_wr->wr_id	= (uintptr_t)rx_desc;
1118 		rx_wr->sg_list	= &rx_desc->rx_sg;
1119 		rx_wr->num_sge	= 1;
1120 		rx_wr->next	= rx_wr + 1;
1121 		my_rx_head = (my_rx_head + 1) & iser_conn->qp_max_recv_dtos_mask;
1122 	}
1123 
1124 	rx_wr--;
1125 	rx_wr->next = NULL; /* mark end of work requests list */
1126 
1127 	ib_conn->post_recv_buf_count += count;
1128 	ib_ret	= ib_post_recv(ib_conn->qp, ib_conn->rx_wr, &rx_wr_failed);
1129 	if (ib_ret) {
1130 		iser_err("ib_post_recv failed ret=%d\n", ib_ret);
1131 		ib_conn->post_recv_buf_count -= count;
1132 	} else
1133 		iser_conn->rx_desc_head = my_rx_head;
1134 	return ib_ret;
1135 }
1136 
1137 
1138 /**
1139  * iser_start_send - Initiate a Send DTO operation
1140  *
1141  * returns 0 on success, -1 on failure
1142  */
1143 int iser_post_send(struct ib_conn *ib_conn, struct iser_tx_desc *tx_desc,
1144 		   bool signal)
1145 {
1146 	int		  ib_ret;
1147 	struct ib_send_wr send_wr, *send_wr_failed;
1148 
1149 	ib_dma_sync_single_for_device(ib_conn->device->ib_device,
1150 				      tx_desc->dma_addr, ISER_HEADERS_LEN,
1151 				      DMA_TO_DEVICE);
1152 
1153 	send_wr.next	   = NULL;
1154 	send_wr.wr_id	   = (uintptr_t)tx_desc;
1155 	send_wr.sg_list	   = tx_desc->tx_sg;
1156 	send_wr.num_sge	   = tx_desc->num_sge;
1157 	send_wr.opcode	   = IB_WR_SEND;
1158 	send_wr.send_flags = signal ? IB_SEND_SIGNALED : 0;
1159 
1160 	ib_ret = ib_post_send(ib_conn->qp, &send_wr, &send_wr_failed);
1161 	if (ib_ret)
1162 		iser_err("ib_post_send failed, ret:%d\n", ib_ret);
1163 
1164 	return ib_ret;
1165 }
1166 
1167 /**
1168  * is_iser_tx_desc - Indicate if the completion wr_id
1169  *     is a TX descriptor or not.
1170  * @iser_conn: iser connection
1171  * @wr_id: completion WR identifier
1172  *
1173  * Since we cannot rely on wc opcode in FLUSH errors
1174  * we must work around it by checking if the wr_id address
1175  * falls in the iser connection rx_descs buffer. If so
1176  * it is an RX descriptor, otherwize it is a TX.
1177  */
1178 static inline bool
1179 is_iser_tx_desc(struct iser_conn *iser_conn, void *wr_id)
1180 {
1181 	void *start = iser_conn->rx_descs;
1182 	int len = iser_conn->num_rx_descs * sizeof(*iser_conn->rx_descs);
1183 
1184 	if (wr_id >= start && wr_id < start + len)
1185 		return false;
1186 
1187 	return true;
1188 }
1189 
1190 /**
1191  * iser_handle_comp_error() - Handle error completion
1192  * @ib_conn:   connection RDMA resources
1193  * @wc:        work completion
1194  *
1195  * Notes: We may handle a FLUSH error completion and in this case
1196  *        we only cleanup in case TX type was DATAOUT. For non-FLUSH
1197  *        error completion we should also notify iscsi layer that
1198  *        connection is failed (in case we passed bind stage).
1199  */
1200 static void
1201 iser_handle_comp_error(struct ib_conn *ib_conn,
1202 		       struct ib_wc *wc)
1203 {
1204 	void *wr_id = (void *)(uintptr_t)wc->wr_id;
1205 	struct iser_conn *iser_conn = container_of(ib_conn, struct iser_conn,
1206 						   ib_conn);
1207 
1208 	if (wc->status != IB_WC_WR_FLUSH_ERR)
1209 		if (iser_conn->iscsi_conn)
1210 			iscsi_conn_failure(iser_conn->iscsi_conn,
1211 					   ISCSI_ERR_CONN_FAILED);
1212 
1213 	if (is_iser_tx_desc(iser_conn, wr_id)) {
1214 		struct iser_tx_desc *desc = wr_id;
1215 
1216 		if (desc->type == ISCSI_TX_DATAOUT)
1217 			kmem_cache_free(ig.desc_cache, desc);
1218 	} else {
1219 		ib_conn->post_recv_buf_count--;
1220 	}
1221 }
1222 
1223 /**
1224  * iser_handle_wc - handle a single work completion
1225  * @wc: work completion
1226  *
1227  * Soft-IRQ context, work completion can be either
1228  * SEND or RECV, and can turn out successful or
1229  * with error (or flush error).
1230  */
1231 static void iser_handle_wc(struct ib_wc *wc)
1232 {
1233 	struct ib_conn *ib_conn;
1234 	struct iser_tx_desc *tx_desc;
1235 	struct iser_rx_desc *rx_desc;
1236 
1237 	ib_conn = wc->qp->qp_context;
1238 	if (likely(wc->status == IB_WC_SUCCESS)) {
1239 		if (wc->opcode == IB_WC_RECV) {
1240 			rx_desc = (struct iser_rx_desc *)(uintptr_t)wc->wr_id;
1241 			iser_rcv_completion(rx_desc, wc->byte_len,
1242 					    ib_conn);
1243 		} else
1244 		if (wc->opcode == IB_WC_SEND) {
1245 			tx_desc = (struct iser_tx_desc *)(uintptr_t)wc->wr_id;
1246 			iser_snd_completion(tx_desc, ib_conn);
1247 		} else {
1248 			iser_err("Unknown wc opcode %d\n", wc->opcode);
1249 		}
1250 	} else {
1251 		if (wc->status != IB_WC_WR_FLUSH_ERR)
1252 			iser_err("wr id %llx status %d vend_err %x\n",
1253 				 wc->wr_id, wc->status, wc->vendor_err);
1254 		else
1255 			iser_dbg("flush error: wr id %llx\n", wc->wr_id);
1256 
1257 		if (wc->wr_id != ISER_FASTREG_LI_WRID &&
1258 		    wc->wr_id != ISER_BEACON_WRID)
1259 			iser_handle_comp_error(ib_conn, wc);
1260 
1261 		/* complete in case all flush errors were consumed */
1262 		if (wc->wr_id == ISER_BEACON_WRID)
1263 			complete(&ib_conn->flush_comp);
1264 	}
1265 }
1266 
1267 /**
1268  * iser_cq_tasklet_fn - iSER completion polling loop
1269  * @data: iSER completion context
1270  *
1271  * Soft-IRQ context, polling connection CQ until
1272  * either CQ was empty or we exausted polling budget
1273  */
1274 static void iser_cq_tasklet_fn(unsigned long data)
1275 {
1276 	struct iser_comp *comp = (struct iser_comp *)data;
1277 	struct ib_cq *cq = comp->cq;
1278 	struct ib_wc *const wcs = comp->wcs;
1279 	int i, n, completed = 0;
1280 
1281 	while ((n = ib_poll_cq(cq, ARRAY_SIZE(comp->wcs), wcs)) > 0) {
1282 		for (i = 0; i < n; i++)
1283 			iser_handle_wc(&wcs[i]);
1284 
1285 		completed += n;
1286 		if (completed >= iser_cq_poll_limit)
1287 			break;
1288 	}
1289 
1290 	/*
1291 	 * It is assumed here that arming CQ only once its empty
1292 	 * would not cause interrupts to be missed.
1293 	 */
1294 	ib_req_notify_cq(cq, IB_CQ_NEXT_COMP);
1295 
1296 	iser_dbg("got %d completions\n", completed);
1297 }
1298 
1299 static void iser_cq_callback(struct ib_cq *cq, void *cq_context)
1300 {
1301 	struct iser_comp *comp = cq_context;
1302 
1303 	tasklet_schedule(&comp->tasklet);
1304 }
1305 
1306 u8 iser_check_task_pi_status(struct iscsi_iser_task *iser_task,
1307 			     enum iser_data_dir cmd_dir, sector_t *sector)
1308 {
1309 	struct iser_mem_reg *reg = &iser_task->rdma_regd[cmd_dir].reg;
1310 	struct fast_reg_descriptor *desc = reg->mem_h;
1311 	unsigned long sector_size = iser_task->sc->device->sector_size;
1312 	struct ib_mr_status mr_status;
1313 	int ret;
1314 
1315 	if (desc && desc->reg_indicators & ISER_FASTREG_PROTECTED) {
1316 		desc->reg_indicators &= ~ISER_FASTREG_PROTECTED;
1317 		ret = ib_check_mr_status(desc->pi_ctx->sig_mr,
1318 					 IB_MR_CHECK_SIG_STATUS, &mr_status);
1319 		if (ret) {
1320 			pr_err("ib_check_mr_status failed, ret %d\n", ret);
1321 			goto err;
1322 		}
1323 
1324 		if (mr_status.fail_status & IB_MR_CHECK_SIG_STATUS) {
1325 			sector_t sector_off = mr_status.sig_err.sig_err_offset;
1326 
1327 			do_div(sector_off, sector_size + 8);
1328 			*sector = scsi_get_lba(iser_task->sc) + sector_off;
1329 
1330 			pr_err("PI error found type %d at sector %llx "
1331 			       "expected %x vs actual %x\n",
1332 			       mr_status.sig_err.err_type,
1333 			       (unsigned long long)*sector,
1334 			       mr_status.sig_err.expected,
1335 			       mr_status.sig_err.actual);
1336 
1337 			switch (mr_status.sig_err.err_type) {
1338 			case IB_SIG_BAD_GUARD:
1339 				return 0x1;
1340 			case IB_SIG_BAD_REFTAG:
1341 				return 0x3;
1342 			case IB_SIG_BAD_APPTAG:
1343 				return 0x2;
1344 			}
1345 		}
1346 	}
1347 
1348 	return 0;
1349 err:
1350 	/* Not alot we can do here, return ambiguous guard error */
1351 	return 0x1;
1352 }
1353