xref: /openbmc/linux/net/rds/ib_cm.c (revision b0e55fef624e511e060fa05e4ca96cae6d902f04)
1 /*
2  * Copyright (c) 2006, 2019 Oracle and/or its affiliates. All rights reserved.
3  *
4  * This software is available to you under a choice of one of two
5  * licenses.  You may choose to be licensed under the terms of the GNU
6  * General Public License (GPL) Version 2, available from the file
7  * COPYING in the main directory of this source tree, or the
8  * OpenIB.org BSD license below:
9  *
10  *     Redistribution and use in source and binary forms, with or
11  *     without modification, are permitted provided that the following
12  *     conditions are met:
13  *
14  *      - Redistributions of source code must retain the above
15  *        copyright notice, this list of conditions and the following
16  *        disclaimer.
17  *
18  *      - Redistributions in binary form must reproduce the above
19  *        copyright notice, this list of conditions and the following
20  *        disclaimer in the documentation and/or other materials
21  *        provided with the distribution.
22  *
23  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30  * SOFTWARE.
31  *
32  */
33 #include <linux/dmapool.h>
34 #include <linux/kernel.h>
35 #include <linux/in.h>
36 #include <linux/slab.h>
37 #include <linux/vmalloc.h>
38 #include <linux/ratelimit.h>
39 #include <net/addrconf.h>
40 
41 #include "rds_single_path.h"
42 #include "rds.h"
43 #include "ib.h"
44 #include "ib_mr.h"
45 
46 /*
47  * Set the selected protocol version
48  */
49 static void rds_ib_set_protocol(struct rds_connection *conn, unsigned int version)
50 {
51 	conn->c_version = version;
52 }
53 
54 /*
55  * Set up flow control
56  */
57 static void rds_ib_set_flow_control(struct rds_connection *conn, u32 credits)
58 {
59 	struct rds_ib_connection *ic = conn->c_transport_data;
60 
61 	if (rds_ib_sysctl_flow_control && credits != 0) {
62 		/* We're doing flow control */
63 		ic->i_flowctl = 1;
64 		rds_ib_send_add_credits(conn, credits);
65 	} else {
66 		ic->i_flowctl = 0;
67 	}
68 }
69 
70 /*
71  * Tune RNR behavior. Without flow control, we use a rather
72  * low timeout, but not the absolute minimum - this should
73  * be tunable.
74  *
75  * We already set the RNR retry count to 7 (which is the
76  * smallest infinite number :-) above.
77  * If flow control is off, we want to change this back to 0
78  * so that we learn quickly when our credit accounting is
79  * buggy.
80  *
81  * Caller passes in a qp_attr pointer - don't waste stack spacv
82  * by allocation this twice.
83  */
84 static void
85 rds_ib_tune_rnr(struct rds_ib_connection *ic, struct ib_qp_attr *attr)
86 {
87 	int ret;
88 
89 	attr->min_rnr_timer = IB_RNR_TIMER_000_32;
90 	ret = ib_modify_qp(ic->i_cm_id->qp, attr, IB_QP_MIN_RNR_TIMER);
91 	if (ret)
92 		printk(KERN_NOTICE "ib_modify_qp(IB_QP_MIN_RNR_TIMER): err=%d\n", -ret);
93 }
94 
95 /*
96  * Connection established.
97  * We get here for both outgoing and incoming connection.
98  */
99 void rds_ib_cm_connect_complete(struct rds_connection *conn, struct rdma_cm_event *event)
100 {
101 	struct rds_ib_connection *ic = conn->c_transport_data;
102 	const union rds_ib_conn_priv *dp = NULL;
103 	struct ib_qp_attr qp_attr;
104 	__be64 ack_seq = 0;
105 	__be32 credit = 0;
106 	u8 major = 0;
107 	u8 minor = 0;
108 	int err;
109 
110 	dp = event->param.conn.private_data;
111 	if (conn->c_isv6) {
112 		if (event->param.conn.private_data_len >=
113 		    sizeof(struct rds6_ib_connect_private)) {
114 			major = dp->ricp_v6.dp_protocol_major;
115 			minor = dp->ricp_v6.dp_protocol_minor;
116 			credit = dp->ricp_v6.dp_credit;
117 			/* dp structure start is not guaranteed to be 8 bytes
118 			 * aligned.  Since dp_ack_seq is 64-bit extended load
119 			 * operations can be used so go through get_unaligned
120 			 * to avoid unaligned errors.
121 			 */
122 			ack_seq = get_unaligned(&dp->ricp_v6.dp_ack_seq);
123 		}
124 	} else if (event->param.conn.private_data_len >=
125 		   sizeof(struct rds_ib_connect_private)) {
126 		major = dp->ricp_v4.dp_protocol_major;
127 		minor = dp->ricp_v4.dp_protocol_minor;
128 		credit = dp->ricp_v4.dp_credit;
129 		ack_seq = get_unaligned(&dp->ricp_v4.dp_ack_seq);
130 	}
131 
132 	/* make sure it isn't empty data */
133 	if (major) {
134 		rds_ib_set_protocol(conn, RDS_PROTOCOL(major, minor));
135 		rds_ib_set_flow_control(conn, be32_to_cpu(credit));
136 	}
137 
138 	if (conn->c_version < RDS_PROTOCOL_VERSION) {
139 		if (conn->c_version != RDS_PROTOCOL_COMPAT_VERSION) {
140 			pr_notice("RDS/IB: Connection <%pI6c,%pI6c> version %u.%u no longer supported\n",
141 				  &conn->c_laddr, &conn->c_faddr,
142 				  RDS_PROTOCOL_MAJOR(conn->c_version),
143 				  RDS_PROTOCOL_MINOR(conn->c_version));
144 			rds_conn_destroy(conn);
145 			return;
146 		}
147 	}
148 
149 	pr_notice("RDS/IB: %s conn connected <%pI6c,%pI6c,%d> version %u.%u%s\n",
150 		  ic->i_active_side ? "Active" : "Passive",
151 		  &conn->c_laddr, &conn->c_faddr, conn->c_tos,
152 		  RDS_PROTOCOL_MAJOR(conn->c_version),
153 		  RDS_PROTOCOL_MINOR(conn->c_version),
154 		  ic->i_flowctl ? ", flow control" : "");
155 
156 	/* receive sl from the peer */
157 	ic->i_sl = ic->i_cm_id->route.path_rec->sl;
158 
159 	atomic_set(&ic->i_cq_quiesce, 0);
160 
161 	/* Init rings and fill recv. this needs to wait until protocol
162 	 * negotiation is complete, since ring layout is different
163 	 * from 3.1 to 4.1.
164 	 */
165 	rds_ib_send_init_ring(ic);
166 	rds_ib_recv_init_ring(ic);
167 	/* Post receive buffers - as a side effect, this will update
168 	 * the posted credit count. */
169 	rds_ib_recv_refill(conn, 1, GFP_KERNEL);
170 
171 	/* Tune RNR behavior */
172 	rds_ib_tune_rnr(ic, &qp_attr);
173 
174 	qp_attr.qp_state = IB_QPS_RTS;
175 	err = ib_modify_qp(ic->i_cm_id->qp, &qp_attr, IB_QP_STATE);
176 	if (err)
177 		printk(KERN_NOTICE "ib_modify_qp(IB_QP_STATE, RTS): err=%d\n", err);
178 
179 	/* update ib_device with this local ipaddr */
180 	err = rds_ib_update_ipaddr(ic->rds_ibdev, &conn->c_laddr);
181 	if (err)
182 		printk(KERN_ERR "rds_ib_update_ipaddr failed (%d)\n",
183 			err);
184 
185 	/* If the peer gave us the last packet it saw, process this as if
186 	 * we had received a regular ACK. */
187 	if (dp) {
188 		if (ack_seq)
189 			rds_send_drop_acked(conn, be64_to_cpu(ack_seq),
190 					    NULL);
191 	}
192 
193 	conn->c_proposed_version = conn->c_version;
194 	rds_connect_complete(conn);
195 }
196 
197 static void rds_ib_cm_fill_conn_param(struct rds_connection *conn,
198 				      struct rdma_conn_param *conn_param,
199 				      union rds_ib_conn_priv *dp,
200 				      u32 protocol_version,
201 				      u32 max_responder_resources,
202 				      u32 max_initiator_depth,
203 				      bool isv6)
204 {
205 	struct rds_ib_connection *ic = conn->c_transport_data;
206 	struct rds_ib_device *rds_ibdev = ic->rds_ibdev;
207 
208 	memset(conn_param, 0, sizeof(struct rdma_conn_param));
209 
210 	conn_param->responder_resources =
211 		min_t(u32, rds_ibdev->max_responder_resources, max_responder_resources);
212 	conn_param->initiator_depth =
213 		min_t(u32, rds_ibdev->max_initiator_depth, max_initiator_depth);
214 	conn_param->retry_count = min_t(unsigned int, rds_ib_retry_count, 7);
215 	conn_param->rnr_retry_count = 7;
216 
217 	if (dp) {
218 		memset(dp, 0, sizeof(*dp));
219 		if (isv6) {
220 			dp->ricp_v6.dp_saddr = conn->c_laddr;
221 			dp->ricp_v6.dp_daddr = conn->c_faddr;
222 			dp->ricp_v6.dp_protocol_major =
223 			    RDS_PROTOCOL_MAJOR(protocol_version);
224 			dp->ricp_v6.dp_protocol_minor =
225 			    RDS_PROTOCOL_MINOR(protocol_version);
226 			dp->ricp_v6.dp_protocol_minor_mask =
227 			    cpu_to_be16(RDS_IB_SUPPORTED_PROTOCOLS);
228 			dp->ricp_v6.dp_ack_seq =
229 			    cpu_to_be64(rds_ib_piggyb_ack(ic));
230 			dp->ricp_v6.dp_cmn.ricpc_dp_toss = conn->c_tos;
231 
232 			conn_param->private_data = &dp->ricp_v6;
233 			conn_param->private_data_len = sizeof(dp->ricp_v6);
234 		} else {
235 			dp->ricp_v4.dp_saddr = conn->c_laddr.s6_addr32[3];
236 			dp->ricp_v4.dp_daddr = conn->c_faddr.s6_addr32[3];
237 			dp->ricp_v4.dp_protocol_major =
238 			    RDS_PROTOCOL_MAJOR(protocol_version);
239 			dp->ricp_v4.dp_protocol_minor =
240 			    RDS_PROTOCOL_MINOR(protocol_version);
241 			dp->ricp_v4.dp_protocol_minor_mask =
242 			    cpu_to_be16(RDS_IB_SUPPORTED_PROTOCOLS);
243 			dp->ricp_v4.dp_ack_seq =
244 			    cpu_to_be64(rds_ib_piggyb_ack(ic));
245 			dp->ricp_v4.dp_cmn.ricpc_dp_toss = conn->c_tos;
246 
247 			conn_param->private_data = &dp->ricp_v4;
248 			conn_param->private_data_len = sizeof(dp->ricp_v4);
249 		}
250 
251 		/* Advertise flow control */
252 		if (ic->i_flowctl) {
253 			unsigned int credits;
254 
255 			credits = IB_GET_POST_CREDITS
256 				(atomic_read(&ic->i_credits));
257 			if (isv6)
258 				dp->ricp_v6.dp_credit = cpu_to_be32(credits);
259 			else
260 				dp->ricp_v4.dp_credit = cpu_to_be32(credits);
261 			atomic_sub(IB_SET_POST_CREDITS(credits),
262 				   &ic->i_credits);
263 		}
264 	}
265 }
266 
267 static void rds_ib_cq_event_handler(struct ib_event *event, void *data)
268 {
269 	rdsdebug("event %u (%s) data %p\n",
270 		 event->event, ib_event_msg(event->event), data);
271 }
272 
273 /* Plucking the oldest entry from the ring can be done concurrently with
274  * the thread refilling the ring.  Each ring operation is protected by
275  * spinlocks and the transient state of refilling doesn't change the
276  * recording of which entry is oldest.
277  *
278  * This relies on IB only calling one cq comp_handler for each cq so that
279  * there will only be one caller of rds_recv_incoming() per RDS connection.
280  */
281 static void rds_ib_cq_comp_handler_recv(struct ib_cq *cq, void *context)
282 {
283 	struct rds_connection *conn = context;
284 	struct rds_ib_connection *ic = conn->c_transport_data;
285 
286 	rdsdebug("conn %p cq %p\n", conn, cq);
287 
288 	rds_ib_stats_inc(s_ib_evt_handler_call);
289 
290 	tasklet_schedule(&ic->i_recv_tasklet);
291 }
292 
293 static void poll_scq(struct rds_ib_connection *ic, struct ib_cq *cq,
294 		     struct ib_wc *wcs)
295 {
296 	int nr, i;
297 	struct ib_wc *wc;
298 
299 	while ((nr = ib_poll_cq(cq, RDS_IB_WC_MAX, wcs)) > 0) {
300 		for (i = 0; i < nr; i++) {
301 			wc = wcs + i;
302 			rdsdebug("wc wr_id 0x%llx status %u byte_len %u imm_data %u\n",
303 				 (unsigned long long)wc->wr_id, wc->status,
304 				 wc->byte_len, be32_to_cpu(wc->ex.imm_data));
305 
306 			if (wc->wr_id <= ic->i_send_ring.w_nr ||
307 			    wc->wr_id == RDS_IB_ACK_WR_ID)
308 				rds_ib_send_cqe_handler(ic, wc);
309 			else
310 				rds_ib_mr_cqe_handler(ic, wc);
311 
312 		}
313 	}
314 }
315 
316 static void rds_ib_tasklet_fn_send(unsigned long data)
317 {
318 	struct rds_ib_connection *ic = (struct rds_ib_connection *)data;
319 	struct rds_connection *conn = ic->conn;
320 
321 	rds_ib_stats_inc(s_ib_tasklet_call);
322 
323 	/* if cq has been already reaped, ignore incoming cq event */
324 	if (atomic_read(&ic->i_cq_quiesce))
325 		return;
326 
327 	poll_scq(ic, ic->i_send_cq, ic->i_send_wc);
328 	ib_req_notify_cq(ic->i_send_cq, IB_CQ_NEXT_COMP);
329 	poll_scq(ic, ic->i_send_cq, ic->i_send_wc);
330 
331 	if (rds_conn_up(conn) &&
332 	    (!test_bit(RDS_LL_SEND_FULL, &conn->c_flags) ||
333 	    test_bit(0, &conn->c_map_queued)))
334 		rds_send_xmit(&ic->conn->c_path[0]);
335 }
336 
337 static void poll_rcq(struct rds_ib_connection *ic, struct ib_cq *cq,
338 		     struct ib_wc *wcs,
339 		     struct rds_ib_ack_state *ack_state)
340 {
341 	int nr, i;
342 	struct ib_wc *wc;
343 
344 	while ((nr = ib_poll_cq(cq, RDS_IB_WC_MAX, wcs)) > 0) {
345 		for (i = 0; i < nr; i++) {
346 			wc = wcs + i;
347 			rdsdebug("wc wr_id 0x%llx status %u byte_len %u imm_data %u\n",
348 				 (unsigned long long)wc->wr_id, wc->status,
349 				 wc->byte_len, be32_to_cpu(wc->ex.imm_data));
350 
351 			rds_ib_recv_cqe_handler(ic, wc, ack_state);
352 		}
353 	}
354 }
355 
356 static void rds_ib_tasklet_fn_recv(unsigned long data)
357 {
358 	struct rds_ib_connection *ic = (struct rds_ib_connection *)data;
359 	struct rds_connection *conn = ic->conn;
360 	struct rds_ib_device *rds_ibdev = ic->rds_ibdev;
361 	struct rds_ib_ack_state state;
362 
363 	if (!rds_ibdev)
364 		rds_conn_drop(conn);
365 
366 	rds_ib_stats_inc(s_ib_tasklet_call);
367 
368 	/* if cq has been already reaped, ignore incoming cq event */
369 	if (atomic_read(&ic->i_cq_quiesce))
370 		return;
371 
372 	memset(&state, 0, sizeof(state));
373 	poll_rcq(ic, ic->i_recv_cq, ic->i_recv_wc, &state);
374 	ib_req_notify_cq(ic->i_recv_cq, IB_CQ_SOLICITED);
375 	poll_rcq(ic, ic->i_recv_cq, ic->i_recv_wc, &state);
376 
377 	if (state.ack_next_valid)
378 		rds_ib_set_ack(ic, state.ack_next, state.ack_required);
379 	if (state.ack_recv_valid && state.ack_recv > ic->i_ack_recv) {
380 		rds_send_drop_acked(conn, state.ack_recv, NULL);
381 		ic->i_ack_recv = state.ack_recv;
382 	}
383 
384 	if (rds_conn_up(conn))
385 		rds_ib_attempt_ack(ic);
386 }
387 
388 static void rds_ib_qp_event_handler(struct ib_event *event, void *data)
389 {
390 	struct rds_connection *conn = data;
391 	struct rds_ib_connection *ic = conn->c_transport_data;
392 
393 	rdsdebug("conn %p ic %p event %u (%s)\n", conn, ic, event->event,
394 		 ib_event_msg(event->event));
395 
396 	switch (event->event) {
397 	case IB_EVENT_COMM_EST:
398 		rdma_notify(ic->i_cm_id, IB_EVENT_COMM_EST);
399 		break;
400 	default:
401 		rdsdebug("Fatal QP Event %u (%s) - connection %pI6c->%pI6c, reconnecting\n",
402 			 event->event, ib_event_msg(event->event),
403 			 &conn->c_laddr, &conn->c_faddr);
404 		rds_conn_drop(conn);
405 		break;
406 	}
407 }
408 
409 static void rds_ib_cq_comp_handler_send(struct ib_cq *cq, void *context)
410 {
411 	struct rds_connection *conn = context;
412 	struct rds_ib_connection *ic = conn->c_transport_data;
413 
414 	rdsdebug("conn %p cq %p\n", conn, cq);
415 
416 	rds_ib_stats_inc(s_ib_evt_handler_call);
417 
418 	tasklet_schedule(&ic->i_send_tasklet);
419 }
420 
421 static inline int ibdev_get_unused_vector(struct rds_ib_device *rds_ibdev)
422 {
423 	int min = rds_ibdev->vector_load[rds_ibdev->dev->num_comp_vectors - 1];
424 	int index = rds_ibdev->dev->num_comp_vectors - 1;
425 	int i;
426 
427 	for (i = rds_ibdev->dev->num_comp_vectors - 1; i >= 0; i--) {
428 		if (rds_ibdev->vector_load[i] < min) {
429 			index = i;
430 			min = rds_ibdev->vector_load[i];
431 		}
432 	}
433 
434 	rds_ibdev->vector_load[index]++;
435 	return index;
436 }
437 
438 static inline void ibdev_put_vector(struct rds_ib_device *rds_ibdev, int index)
439 {
440 	rds_ibdev->vector_load[index]--;
441 }
442 
443 /* Allocate DMA coherent memory to be used to store struct rds_header for
444  * sending/receiving packets.  The pointers to the DMA memory and the
445  * associated DMA addresses are stored in two arrays.
446  *
447  * @ibdev: the IB device
448  * @pool: the DMA memory pool
449  * @dma_addrs: pointer to the array for storing DMA addresses
450  * @num_hdrs: number of headers to allocate
451  *
452  * It returns the pointer to the array storing the DMA memory pointers.  On
453  * error, NULL pointer is returned.
454  */
455 struct rds_header **rds_dma_hdrs_alloc(struct ib_device *ibdev,
456 				       struct dma_pool *pool,
457 				       dma_addr_t **dma_addrs, u32 num_hdrs)
458 {
459 	struct rds_header **hdrs;
460 	dma_addr_t *hdr_daddrs;
461 	u32 i;
462 
463 	hdrs = kvmalloc_node(sizeof(*hdrs) * num_hdrs, GFP_KERNEL,
464 			     ibdev_to_node(ibdev));
465 	if (!hdrs)
466 		return NULL;
467 
468 	hdr_daddrs = kvmalloc_node(sizeof(*hdr_daddrs) * num_hdrs, GFP_KERNEL,
469 				   ibdev_to_node(ibdev));
470 	if (!hdr_daddrs) {
471 		kvfree(hdrs);
472 		return NULL;
473 	}
474 
475 	for (i = 0; i < num_hdrs; i++) {
476 		hdrs[i] = dma_pool_zalloc(pool, GFP_KERNEL, &hdr_daddrs[i]);
477 		if (!hdrs[i]) {
478 			rds_dma_hdrs_free(pool, hdrs, hdr_daddrs, i);
479 			return NULL;
480 		}
481 	}
482 
483 	*dma_addrs = hdr_daddrs;
484 	return hdrs;
485 }
486 
487 /* Free the DMA memory used to store struct rds_header.
488  *
489  * @pool: the DMA memory pool
490  * @hdrs: pointer to the array storing DMA memory pointers
491  * @dma_addrs: pointer to the array storing DMA addresses
492  * @num_hdars: number of headers to free.
493  */
494 void rds_dma_hdrs_free(struct dma_pool *pool, struct rds_header **hdrs,
495 		       dma_addr_t *dma_addrs, u32 num_hdrs)
496 {
497 	u32 i;
498 
499 	for (i = 0; i < num_hdrs; i++)
500 		dma_pool_free(pool, hdrs[i], dma_addrs[i]);
501 	kvfree(hdrs);
502 	kvfree(dma_addrs);
503 }
504 
505 /*
506  * This needs to be very careful to not leave IS_ERR pointers around for
507  * cleanup to trip over.
508  */
509 static int rds_ib_setup_qp(struct rds_connection *conn)
510 {
511 	struct rds_ib_connection *ic = conn->c_transport_data;
512 	struct ib_device *dev = ic->i_cm_id->device;
513 	struct ib_qp_init_attr attr;
514 	struct ib_cq_init_attr cq_attr = {};
515 	struct rds_ib_device *rds_ibdev;
516 	unsigned long max_wrs;
517 	int ret, fr_queue_space;
518 	struct dma_pool *pool;
519 
520 	/*
521 	 * It's normal to see a null device if an incoming connection races
522 	 * with device removal, so we don't print a warning.
523 	 */
524 	rds_ibdev = rds_ib_get_client_data(dev);
525 	if (!rds_ibdev)
526 		return -EOPNOTSUPP;
527 
528 	/* The fr_queue_space is currently set to 512, to add extra space on
529 	 * completion queue and send queue. This extra space is used for FRMR
530 	 * registration and invalidation work requests
531 	 */
532 	fr_queue_space = (rds_ibdev->use_fastreg ? RDS_IB_DEFAULT_FR_WR : 0);
533 
534 	/* add the conn now so that connection establishment has the dev */
535 	rds_ib_add_conn(rds_ibdev, conn);
536 
537 	max_wrs = rds_ibdev->max_wrs < rds_ib_sysctl_max_send_wr + 1 ?
538 		rds_ibdev->max_wrs - 1 : rds_ib_sysctl_max_send_wr;
539 	if (ic->i_send_ring.w_nr != max_wrs)
540 		rds_ib_ring_resize(&ic->i_send_ring, max_wrs);
541 
542 	max_wrs = rds_ibdev->max_wrs < rds_ib_sysctl_max_recv_wr + 1 ?
543 		rds_ibdev->max_wrs - 1 : rds_ib_sysctl_max_recv_wr;
544 	if (ic->i_recv_ring.w_nr != max_wrs)
545 		rds_ib_ring_resize(&ic->i_recv_ring, max_wrs);
546 
547 	/* Protection domain and memory range */
548 	ic->i_pd = rds_ibdev->pd;
549 
550 	ic->i_scq_vector = ibdev_get_unused_vector(rds_ibdev);
551 	cq_attr.cqe = ic->i_send_ring.w_nr + fr_queue_space + 1;
552 	cq_attr.comp_vector = ic->i_scq_vector;
553 	ic->i_send_cq = ib_create_cq(dev, rds_ib_cq_comp_handler_send,
554 				     rds_ib_cq_event_handler, conn,
555 				     &cq_attr);
556 	if (IS_ERR(ic->i_send_cq)) {
557 		ret = PTR_ERR(ic->i_send_cq);
558 		ic->i_send_cq = NULL;
559 		ibdev_put_vector(rds_ibdev, ic->i_scq_vector);
560 		rdsdebug("ib_create_cq send failed: %d\n", ret);
561 		goto rds_ibdev_out;
562 	}
563 
564 	ic->i_rcq_vector = ibdev_get_unused_vector(rds_ibdev);
565 	cq_attr.cqe = ic->i_recv_ring.w_nr;
566 	cq_attr.comp_vector = ic->i_rcq_vector;
567 	ic->i_recv_cq = ib_create_cq(dev, rds_ib_cq_comp_handler_recv,
568 				     rds_ib_cq_event_handler, conn,
569 				     &cq_attr);
570 	if (IS_ERR(ic->i_recv_cq)) {
571 		ret = PTR_ERR(ic->i_recv_cq);
572 		ic->i_recv_cq = NULL;
573 		ibdev_put_vector(rds_ibdev, ic->i_rcq_vector);
574 		rdsdebug("ib_create_cq recv failed: %d\n", ret);
575 		goto send_cq_out;
576 	}
577 
578 	ret = ib_req_notify_cq(ic->i_send_cq, IB_CQ_NEXT_COMP);
579 	if (ret) {
580 		rdsdebug("ib_req_notify_cq send failed: %d\n", ret);
581 		goto recv_cq_out;
582 	}
583 
584 	ret = ib_req_notify_cq(ic->i_recv_cq, IB_CQ_SOLICITED);
585 	if (ret) {
586 		rdsdebug("ib_req_notify_cq recv failed: %d\n", ret);
587 		goto recv_cq_out;
588 	}
589 
590 	/* XXX negotiate max send/recv with remote? */
591 	memset(&attr, 0, sizeof(attr));
592 	attr.event_handler = rds_ib_qp_event_handler;
593 	attr.qp_context = conn;
594 	/* + 1 to allow for the single ack message */
595 	attr.cap.max_send_wr = ic->i_send_ring.w_nr + fr_queue_space + 1;
596 	attr.cap.max_recv_wr = ic->i_recv_ring.w_nr + 1;
597 	attr.cap.max_send_sge = rds_ibdev->max_sge;
598 	attr.cap.max_recv_sge = RDS_IB_RECV_SGE;
599 	attr.sq_sig_type = IB_SIGNAL_REQ_WR;
600 	attr.qp_type = IB_QPT_RC;
601 	attr.send_cq = ic->i_send_cq;
602 	attr.recv_cq = ic->i_recv_cq;
603 
604 	/*
605 	 * XXX this can fail if max_*_wr is too large?  Are we supposed
606 	 * to back off until we get a value that the hardware can support?
607 	 */
608 	ret = rdma_create_qp(ic->i_cm_id, ic->i_pd, &attr);
609 	if (ret) {
610 		rdsdebug("rdma_create_qp failed: %d\n", ret);
611 		goto recv_cq_out;
612 	}
613 
614 	pool = rds_ibdev->rid_hdrs_pool;
615 	ic->i_send_hdrs = rds_dma_hdrs_alloc(dev, pool, &ic->i_send_hdrs_dma,
616 					     ic->i_send_ring.w_nr);
617 	if (!ic->i_send_hdrs) {
618 		ret = -ENOMEM;
619 		rdsdebug("DMA send hdrs alloc failed\n");
620 		goto qp_out;
621 	}
622 
623 	ic->i_recv_hdrs = rds_dma_hdrs_alloc(dev, pool, &ic->i_recv_hdrs_dma,
624 					     ic->i_recv_ring.w_nr);
625 	if (!ic->i_recv_hdrs) {
626 		ret = -ENOMEM;
627 		rdsdebug("DMA recv hdrs alloc failed\n");
628 		goto send_hdrs_dma_out;
629 	}
630 
631 	ic->i_ack = dma_pool_zalloc(pool, GFP_KERNEL,
632 				    &ic->i_ack_dma);
633 	if (!ic->i_ack) {
634 		ret = -ENOMEM;
635 		rdsdebug("DMA ack header alloc failed\n");
636 		goto recv_hdrs_dma_out;
637 	}
638 
639 	ic->i_sends = vzalloc_node(array_size(sizeof(struct rds_ib_send_work),
640 					      ic->i_send_ring.w_nr),
641 				   ibdev_to_node(dev));
642 	if (!ic->i_sends) {
643 		ret = -ENOMEM;
644 		rdsdebug("send allocation failed\n");
645 		goto ack_dma_out;
646 	}
647 
648 	ic->i_recvs = vzalloc_node(array_size(sizeof(struct rds_ib_recv_work),
649 					      ic->i_recv_ring.w_nr),
650 				   ibdev_to_node(dev));
651 	if (!ic->i_recvs) {
652 		ret = -ENOMEM;
653 		rdsdebug("recv allocation failed\n");
654 		goto sends_out;
655 	}
656 
657 	rds_ib_recv_init_ack(ic);
658 
659 	rdsdebug("conn %p pd %p cq %p %p\n", conn, ic->i_pd,
660 		 ic->i_send_cq, ic->i_recv_cq);
661 
662 	goto out;
663 
664 sends_out:
665 	vfree(ic->i_sends);
666 
667 ack_dma_out:
668 	dma_pool_free(pool, ic->i_ack, ic->i_ack_dma);
669 	ic->i_ack = NULL;
670 
671 recv_hdrs_dma_out:
672 	rds_dma_hdrs_free(pool, ic->i_recv_hdrs, ic->i_recv_hdrs_dma,
673 			  ic->i_recv_ring.w_nr);
674 	ic->i_recv_hdrs = NULL;
675 	ic->i_recv_hdrs_dma = NULL;
676 
677 send_hdrs_dma_out:
678 	rds_dma_hdrs_free(pool, ic->i_send_hdrs, ic->i_send_hdrs_dma,
679 			  ic->i_send_ring.w_nr);
680 	ic->i_send_hdrs = NULL;
681 	ic->i_send_hdrs_dma = NULL;
682 
683 qp_out:
684 	rdma_destroy_qp(ic->i_cm_id);
685 recv_cq_out:
686 	ib_destroy_cq(ic->i_recv_cq);
687 	ic->i_recv_cq = NULL;
688 send_cq_out:
689 	ib_destroy_cq(ic->i_send_cq);
690 	ic->i_send_cq = NULL;
691 rds_ibdev_out:
692 	rds_ib_remove_conn(rds_ibdev, conn);
693 out:
694 	rds_ib_dev_put(rds_ibdev);
695 
696 	return ret;
697 }
698 
699 static u32 rds_ib_protocol_compatible(struct rdma_cm_event *event, bool isv6)
700 {
701 	const union rds_ib_conn_priv *dp = event->param.conn.private_data;
702 	u8 data_len, major, minor;
703 	u32 version = 0;
704 	__be16 mask;
705 	u16 common;
706 
707 	/*
708 	 * rdma_cm private data is odd - when there is any private data in the
709 	 * request, we will be given a pretty large buffer without telling us the
710 	 * original size. The only way to tell the difference is by looking at
711 	 * the contents, which are initialized to zero.
712 	 * If the protocol version fields aren't set, this is a connection attempt
713 	 * from an older version. This could could be 3.0 or 2.0 - we can't tell.
714 	 * We really should have changed this for OFED 1.3 :-(
715 	 */
716 
717 	/* Be paranoid. RDS always has privdata */
718 	if (!event->param.conn.private_data_len) {
719 		printk(KERN_NOTICE "RDS incoming connection has no private data, "
720 			"rejecting\n");
721 		return 0;
722 	}
723 
724 	if (isv6) {
725 		data_len = sizeof(struct rds6_ib_connect_private);
726 		major = dp->ricp_v6.dp_protocol_major;
727 		minor = dp->ricp_v6.dp_protocol_minor;
728 		mask = dp->ricp_v6.dp_protocol_minor_mask;
729 	} else {
730 		data_len = sizeof(struct rds_ib_connect_private);
731 		major = dp->ricp_v4.dp_protocol_major;
732 		minor = dp->ricp_v4.dp_protocol_minor;
733 		mask = dp->ricp_v4.dp_protocol_minor_mask;
734 	}
735 
736 	/* Even if len is crap *now* I still want to check it. -ASG */
737 	if (event->param.conn.private_data_len < data_len || major == 0)
738 		return RDS_PROTOCOL_4_0;
739 
740 	common = be16_to_cpu(mask) & RDS_IB_SUPPORTED_PROTOCOLS;
741 	if (major == 4 && common) {
742 		version = RDS_PROTOCOL_4_0;
743 		while ((common >>= 1) != 0)
744 			version++;
745 	} else if (RDS_PROTOCOL_COMPAT_VERSION ==
746 		   RDS_PROTOCOL(major, minor)) {
747 		version = RDS_PROTOCOL_COMPAT_VERSION;
748 	} else {
749 		if (isv6)
750 			printk_ratelimited(KERN_NOTICE "RDS: Connection from %pI6c using incompatible protocol version %u.%u\n",
751 					   &dp->ricp_v6.dp_saddr, major, minor);
752 		else
753 			printk_ratelimited(KERN_NOTICE "RDS: Connection from %pI4 using incompatible protocol version %u.%u\n",
754 					   &dp->ricp_v4.dp_saddr, major, minor);
755 	}
756 	return version;
757 }
758 
759 #if IS_ENABLED(CONFIG_IPV6)
760 /* Given an IPv6 address, find the net_device which hosts that address and
761  * return its index.  This is used by the rds_ib_cm_handle_connect() code to
762  * find the interface index of where an incoming request comes from when
763  * the request is using a link local address.
764  *
765  * Note one problem in this search.  It is possible that two interfaces have
766  * the same link local address.  Unfortunately, this cannot be solved unless
767  * the underlying layer gives us the interface which an incoming RDMA connect
768  * request comes from.
769  */
770 static u32 __rds_find_ifindex(struct net *net, const struct in6_addr *addr)
771 {
772 	struct net_device *dev;
773 	int idx = 0;
774 
775 	rcu_read_lock();
776 	for_each_netdev_rcu(net, dev) {
777 		if (ipv6_chk_addr(net, addr, dev, 1)) {
778 			idx = dev->ifindex;
779 			break;
780 		}
781 	}
782 	rcu_read_unlock();
783 
784 	return idx;
785 }
786 #endif
787 
788 int rds_ib_cm_handle_connect(struct rdma_cm_id *cm_id,
789 			     struct rdma_cm_event *event, bool isv6)
790 {
791 	__be64 lguid = cm_id->route.path_rec->sgid.global.interface_id;
792 	__be64 fguid = cm_id->route.path_rec->dgid.global.interface_id;
793 	const struct rds_ib_conn_priv_cmn *dp_cmn;
794 	struct rds_connection *conn = NULL;
795 	struct rds_ib_connection *ic = NULL;
796 	struct rdma_conn_param conn_param;
797 	const union rds_ib_conn_priv *dp;
798 	union rds_ib_conn_priv dp_rep;
799 	struct in6_addr s_mapped_addr;
800 	struct in6_addr d_mapped_addr;
801 	const struct in6_addr *saddr6;
802 	const struct in6_addr *daddr6;
803 	int destroy = 1;
804 	u32 ifindex = 0;
805 	u32 version;
806 	int err = 1;
807 
808 	/* Check whether the remote protocol version matches ours. */
809 	version = rds_ib_protocol_compatible(event, isv6);
810 	if (!version) {
811 		err = RDS_RDMA_REJ_INCOMPAT;
812 		goto out;
813 	}
814 
815 	dp = event->param.conn.private_data;
816 	if (isv6) {
817 #if IS_ENABLED(CONFIG_IPV6)
818 		dp_cmn = &dp->ricp_v6.dp_cmn;
819 		saddr6 = &dp->ricp_v6.dp_saddr;
820 		daddr6 = &dp->ricp_v6.dp_daddr;
821 		/* If either address is link local, need to find the
822 		 * interface index in order to create a proper RDS
823 		 * connection.
824 		 */
825 		if (ipv6_addr_type(daddr6) & IPV6_ADDR_LINKLOCAL) {
826 			/* Using init_net for now ..  */
827 			ifindex = __rds_find_ifindex(&init_net, daddr6);
828 			/* No index found...  Need to bail out. */
829 			if (ifindex == 0) {
830 				err = -EOPNOTSUPP;
831 				goto out;
832 			}
833 		} else if (ipv6_addr_type(saddr6) & IPV6_ADDR_LINKLOCAL) {
834 			/* Use our address to find the correct index. */
835 			ifindex = __rds_find_ifindex(&init_net, daddr6);
836 			/* No index found...  Need to bail out. */
837 			if (ifindex == 0) {
838 				err = -EOPNOTSUPP;
839 				goto out;
840 			}
841 		}
842 #else
843 		err = -EOPNOTSUPP;
844 		goto out;
845 #endif
846 	} else {
847 		dp_cmn = &dp->ricp_v4.dp_cmn;
848 		ipv6_addr_set_v4mapped(dp->ricp_v4.dp_saddr, &s_mapped_addr);
849 		ipv6_addr_set_v4mapped(dp->ricp_v4.dp_daddr, &d_mapped_addr);
850 		saddr6 = &s_mapped_addr;
851 		daddr6 = &d_mapped_addr;
852 	}
853 
854 	rdsdebug("saddr %pI6c daddr %pI6c RDSv%u.%u lguid 0x%llx fguid 0x%llx, tos:%d\n",
855 		 saddr6, daddr6, RDS_PROTOCOL_MAJOR(version),
856 		 RDS_PROTOCOL_MINOR(version),
857 		 (unsigned long long)be64_to_cpu(lguid),
858 		 (unsigned long long)be64_to_cpu(fguid), dp_cmn->ricpc_dp_toss);
859 
860 	/* RDS/IB is not currently netns aware, thus init_net */
861 	conn = rds_conn_create(&init_net, daddr6, saddr6,
862 			       &rds_ib_transport, dp_cmn->ricpc_dp_toss,
863 			       GFP_KERNEL, ifindex);
864 	if (IS_ERR(conn)) {
865 		rdsdebug("rds_conn_create failed (%ld)\n", PTR_ERR(conn));
866 		conn = NULL;
867 		goto out;
868 	}
869 
870 	/*
871 	 * The connection request may occur while the
872 	 * previous connection exist, e.g. in case of failover.
873 	 * But as connections may be initiated simultaneously
874 	 * by both hosts, we have a random backoff mechanism -
875 	 * see the comment above rds_queue_reconnect()
876 	 */
877 	mutex_lock(&conn->c_cm_lock);
878 	if (!rds_conn_transition(conn, RDS_CONN_DOWN, RDS_CONN_CONNECTING)) {
879 		if (rds_conn_state(conn) == RDS_CONN_UP) {
880 			rdsdebug("incoming connect while connecting\n");
881 			rds_conn_drop(conn);
882 			rds_ib_stats_inc(s_ib_listen_closed_stale);
883 		} else
884 		if (rds_conn_state(conn) == RDS_CONN_CONNECTING) {
885 			/* Wait and see - our connect may still be succeeding */
886 			rds_ib_stats_inc(s_ib_connect_raced);
887 		}
888 		goto out;
889 	}
890 
891 	ic = conn->c_transport_data;
892 
893 	rds_ib_set_protocol(conn, version);
894 	rds_ib_set_flow_control(conn, be32_to_cpu(dp_cmn->ricpc_credit));
895 
896 	/* If the peer gave us the last packet it saw, process this as if
897 	 * we had received a regular ACK. */
898 	if (dp_cmn->ricpc_ack_seq)
899 		rds_send_drop_acked(conn, be64_to_cpu(dp_cmn->ricpc_ack_seq),
900 				    NULL);
901 
902 	BUG_ON(cm_id->context);
903 	BUG_ON(ic->i_cm_id);
904 
905 	ic->i_cm_id = cm_id;
906 	cm_id->context = conn;
907 
908 	/* We got halfway through setting up the ib_connection, if we
909 	 * fail now, we have to take the long route out of this mess. */
910 	destroy = 0;
911 
912 	err = rds_ib_setup_qp(conn);
913 	if (err) {
914 		rds_ib_conn_error(conn, "rds_ib_setup_qp failed (%d)\n", err);
915 		goto out;
916 	}
917 
918 	rds_ib_cm_fill_conn_param(conn, &conn_param, &dp_rep, version,
919 				  event->param.conn.responder_resources,
920 				  event->param.conn.initiator_depth, isv6);
921 
922 	/* rdma_accept() calls rdma_reject() internally if it fails */
923 	if (rdma_accept(cm_id, &conn_param))
924 		rds_ib_conn_error(conn, "rdma_accept failed\n");
925 
926 out:
927 	if (conn)
928 		mutex_unlock(&conn->c_cm_lock);
929 	if (err)
930 		rdma_reject(cm_id, &err, sizeof(int));
931 	return destroy;
932 }
933 
934 
935 int rds_ib_cm_initiate_connect(struct rdma_cm_id *cm_id, bool isv6)
936 {
937 	struct rds_connection *conn = cm_id->context;
938 	struct rds_ib_connection *ic = conn->c_transport_data;
939 	struct rdma_conn_param conn_param;
940 	union rds_ib_conn_priv dp;
941 	int ret;
942 
943 	/* If the peer doesn't do protocol negotiation, we must
944 	 * default to RDSv3.0 */
945 	rds_ib_set_protocol(conn, RDS_PROTOCOL_4_1);
946 	ic->i_flowctl = rds_ib_sysctl_flow_control;	/* advertise flow control */
947 
948 	ret = rds_ib_setup_qp(conn);
949 	if (ret) {
950 		rds_ib_conn_error(conn, "rds_ib_setup_qp failed (%d)\n", ret);
951 		goto out;
952 	}
953 
954 	rds_ib_cm_fill_conn_param(conn, &conn_param, &dp,
955 				  conn->c_proposed_version,
956 				  UINT_MAX, UINT_MAX, isv6);
957 	ret = rdma_connect(cm_id, &conn_param);
958 	if (ret)
959 		rds_ib_conn_error(conn, "rdma_connect failed (%d)\n", ret);
960 
961 out:
962 	/* Beware - returning non-zero tells the rdma_cm to destroy
963 	 * the cm_id. We should certainly not do it as long as we still
964 	 * "own" the cm_id. */
965 	if (ret) {
966 		if (ic->i_cm_id == cm_id)
967 			ret = 0;
968 	}
969 	ic->i_active_side = true;
970 	return ret;
971 }
972 
973 int rds_ib_conn_path_connect(struct rds_conn_path *cp)
974 {
975 	struct rds_connection *conn = cp->cp_conn;
976 	struct sockaddr_storage src, dest;
977 	rdma_cm_event_handler handler;
978 	struct rds_ib_connection *ic;
979 	int ret;
980 
981 	ic = conn->c_transport_data;
982 
983 	/* XXX I wonder what affect the port space has */
984 	/* delegate cm event handler to rdma_transport */
985 #if IS_ENABLED(CONFIG_IPV6)
986 	if (conn->c_isv6)
987 		handler = rds6_rdma_cm_event_handler;
988 	else
989 #endif
990 		handler = rds_rdma_cm_event_handler;
991 	ic->i_cm_id = rdma_create_id(&init_net, handler, conn,
992 				     RDMA_PS_TCP, IB_QPT_RC);
993 	if (IS_ERR(ic->i_cm_id)) {
994 		ret = PTR_ERR(ic->i_cm_id);
995 		ic->i_cm_id = NULL;
996 		rdsdebug("rdma_create_id() failed: %d\n", ret);
997 		goto out;
998 	}
999 
1000 	rdsdebug("created cm id %p for conn %p\n", ic->i_cm_id, conn);
1001 
1002 	if (ipv6_addr_v4mapped(&conn->c_faddr)) {
1003 		struct sockaddr_in *sin;
1004 
1005 		sin = (struct sockaddr_in *)&src;
1006 		sin->sin_family = AF_INET;
1007 		sin->sin_addr.s_addr = conn->c_laddr.s6_addr32[3];
1008 		sin->sin_port = 0;
1009 
1010 		sin = (struct sockaddr_in *)&dest;
1011 		sin->sin_family = AF_INET;
1012 		sin->sin_addr.s_addr = conn->c_faddr.s6_addr32[3];
1013 		sin->sin_port = htons(RDS_PORT);
1014 	} else {
1015 		struct sockaddr_in6 *sin6;
1016 
1017 		sin6 = (struct sockaddr_in6 *)&src;
1018 		sin6->sin6_family = AF_INET6;
1019 		sin6->sin6_addr = conn->c_laddr;
1020 		sin6->sin6_port = 0;
1021 		sin6->sin6_scope_id = conn->c_dev_if;
1022 
1023 		sin6 = (struct sockaddr_in6 *)&dest;
1024 		sin6->sin6_family = AF_INET6;
1025 		sin6->sin6_addr = conn->c_faddr;
1026 		sin6->sin6_port = htons(RDS_CM_PORT);
1027 		sin6->sin6_scope_id = conn->c_dev_if;
1028 	}
1029 
1030 	ret = rdma_resolve_addr(ic->i_cm_id, (struct sockaddr *)&src,
1031 				(struct sockaddr *)&dest,
1032 				RDS_RDMA_RESOLVE_TIMEOUT_MS);
1033 	if (ret) {
1034 		rdsdebug("addr resolve failed for cm id %p: %d\n", ic->i_cm_id,
1035 			 ret);
1036 		rdma_destroy_id(ic->i_cm_id);
1037 		ic->i_cm_id = NULL;
1038 	}
1039 
1040 out:
1041 	return ret;
1042 }
1043 
1044 /*
1045  * This is so careful about only cleaning up resources that were built up
1046  * so that it can be called at any point during startup.  In fact it
1047  * can be called multiple times for a given connection.
1048  */
1049 void rds_ib_conn_path_shutdown(struct rds_conn_path *cp)
1050 {
1051 	struct rds_connection *conn = cp->cp_conn;
1052 	struct rds_ib_connection *ic = conn->c_transport_data;
1053 	int err = 0;
1054 
1055 	rdsdebug("cm %p pd %p cq %p %p qp %p\n", ic->i_cm_id,
1056 		 ic->i_pd, ic->i_send_cq, ic->i_recv_cq,
1057 		 ic->i_cm_id ? ic->i_cm_id->qp : NULL);
1058 
1059 	if (ic->i_cm_id) {
1060 		rdsdebug("disconnecting cm %p\n", ic->i_cm_id);
1061 		err = rdma_disconnect(ic->i_cm_id);
1062 		if (err) {
1063 			/* Actually this may happen quite frequently, when
1064 			 * an outgoing connect raced with an incoming connect.
1065 			 */
1066 			rdsdebug("failed to disconnect, cm: %p err %d\n",
1067 				ic->i_cm_id, err);
1068 		}
1069 
1070 		/* kick off "flush_worker" for all pools in order to reap
1071 		 * all FRMR registrations that are still marked "FRMR_IS_INUSE"
1072 		 */
1073 		rds_ib_flush_mrs();
1074 
1075 		/*
1076 		 * We want to wait for tx and rx completion to finish
1077 		 * before we tear down the connection, but we have to be
1078 		 * careful not to get stuck waiting on a send ring that
1079 		 * only has unsignaled sends in it.  We've shutdown new
1080 		 * sends before getting here so by waiting for signaled
1081 		 * sends to complete we're ensured that there will be no
1082 		 * more tx processing.
1083 		 */
1084 		wait_event(rds_ib_ring_empty_wait,
1085 			   rds_ib_ring_empty(&ic->i_recv_ring) &&
1086 			   (atomic_read(&ic->i_signaled_sends) == 0) &&
1087 			   (atomic_read(&ic->i_fastreg_inuse_count) == 0) &&
1088 			   (atomic_read(&ic->i_fastreg_wrs) == RDS_IB_DEFAULT_FR_WR));
1089 		tasklet_kill(&ic->i_send_tasklet);
1090 		tasklet_kill(&ic->i_recv_tasklet);
1091 
1092 		atomic_set(&ic->i_cq_quiesce, 1);
1093 
1094 		/* first destroy the ib state that generates callbacks */
1095 		if (ic->i_cm_id->qp)
1096 			rdma_destroy_qp(ic->i_cm_id);
1097 		if (ic->i_send_cq) {
1098 			if (ic->rds_ibdev)
1099 				ibdev_put_vector(ic->rds_ibdev, ic->i_scq_vector);
1100 			ib_destroy_cq(ic->i_send_cq);
1101 		}
1102 
1103 		if (ic->i_recv_cq) {
1104 			if (ic->rds_ibdev)
1105 				ibdev_put_vector(ic->rds_ibdev, ic->i_rcq_vector);
1106 			ib_destroy_cq(ic->i_recv_cq);
1107 		}
1108 
1109 		if (ic->rds_ibdev) {
1110 			struct dma_pool *pool;
1111 
1112 			pool = ic->rds_ibdev->rid_hdrs_pool;
1113 
1114 			/* then free the resources that ib callbacks use */
1115 			if (ic->i_send_hdrs) {
1116 				rds_dma_hdrs_free(pool, ic->i_send_hdrs,
1117 						  ic->i_send_hdrs_dma,
1118 						  ic->i_send_ring.w_nr);
1119 				ic->i_send_hdrs = NULL;
1120 				ic->i_send_hdrs_dma = NULL;
1121 			}
1122 
1123 			if (ic->i_recv_hdrs) {
1124 				rds_dma_hdrs_free(pool, ic->i_recv_hdrs,
1125 						  ic->i_recv_hdrs_dma,
1126 						  ic->i_recv_ring.w_nr);
1127 				ic->i_recv_hdrs = NULL;
1128 				ic->i_recv_hdrs_dma = NULL;
1129 			}
1130 
1131 			if (ic->i_ack) {
1132 				dma_pool_free(pool, ic->i_ack, ic->i_ack_dma);
1133 				ic->i_ack = NULL;
1134 			}
1135 		} else {
1136 			WARN_ON(ic->i_send_hdrs);
1137 			WARN_ON(ic->i_send_hdrs_dma);
1138 			WARN_ON(ic->i_recv_hdrs);
1139 			WARN_ON(ic->i_recv_hdrs_dma);
1140 			WARN_ON(ic->i_ack);
1141 		}
1142 
1143 		if (ic->i_sends)
1144 			rds_ib_send_clear_ring(ic);
1145 		if (ic->i_recvs)
1146 			rds_ib_recv_clear_ring(ic);
1147 
1148 		rdma_destroy_id(ic->i_cm_id);
1149 
1150 		/*
1151 		 * Move connection back to the nodev list.
1152 		 */
1153 		if (ic->rds_ibdev)
1154 			rds_ib_remove_conn(ic->rds_ibdev, conn);
1155 
1156 		ic->i_cm_id = NULL;
1157 		ic->i_pd = NULL;
1158 		ic->i_send_cq = NULL;
1159 		ic->i_recv_cq = NULL;
1160 	}
1161 	BUG_ON(ic->rds_ibdev);
1162 
1163 	/* Clear pending transmit */
1164 	if (ic->i_data_op) {
1165 		struct rds_message *rm;
1166 
1167 		rm = container_of(ic->i_data_op, struct rds_message, data);
1168 		rds_message_put(rm);
1169 		ic->i_data_op = NULL;
1170 	}
1171 
1172 	/* Clear the ACK state */
1173 	clear_bit(IB_ACK_IN_FLIGHT, &ic->i_ack_flags);
1174 #ifdef KERNEL_HAS_ATOMIC64
1175 	atomic64_set(&ic->i_ack_next, 0);
1176 #else
1177 	ic->i_ack_next = 0;
1178 #endif
1179 	ic->i_ack_recv = 0;
1180 
1181 	/* Clear flow control state */
1182 	ic->i_flowctl = 0;
1183 	atomic_set(&ic->i_credits, 0);
1184 
1185 	/* Re-init rings, but retain sizes. */
1186 	rds_ib_ring_init(&ic->i_send_ring, ic->i_send_ring.w_nr);
1187 	rds_ib_ring_init(&ic->i_recv_ring, ic->i_recv_ring.w_nr);
1188 
1189 	if (ic->i_ibinc) {
1190 		rds_inc_put(&ic->i_ibinc->ii_inc);
1191 		ic->i_ibinc = NULL;
1192 	}
1193 
1194 	vfree(ic->i_sends);
1195 	ic->i_sends = NULL;
1196 	vfree(ic->i_recvs);
1197 	ic->i_recvs = NULL;
1198 	ic->i_active_side = false;
1199 }
1200 
1201 int rds_ib_conn_alloc(struct rds_connection *conn, gfp_t gfp)
1202 {
1203 	struct rds_ib_connection *ic;
1204 	unsigned long flags;
1205 	int ret;
1206 
1207 	/* XXX too lazy? */
1208 	ic = kzalloc(sizeof(struct rds_ib_connection), gfp);
1209 	if (!ic)
1210 		return -ENOMEM;
1211 
1212 	ret = rds_ib_recv_alloc_caches(ic, gfp);
1213 	if (ret) {
1214 		kfree(ic);
1215 		return ret;
1216 	}
1217 
1218 	INIT_LIST_HEAD(&ic->ib_node);
1219 	tasklet_init(&ic->i_send_tasklet, rds_ib_tasklet_fn_send,
1220 		     (unsigned long)ic);
1221 	tasklet_init(&ic->i_recv_tasklet, rds_ib_tasklet_fn_recv,
1222 		     (unsigned long)ic);
1223 	mutex_init(&ic->i_recv_mutex);
1224 #ifndef KERNEL_HAS_ATOMIC64
1225 	spin_lock_init(&ic->i_ack_lock);
1226 #endif
1227 	atomic_set(&ic->i_signaled_sends, 0);
1228 	atomic_set(&ic->i_fastreg_wrs, RDS_IB_DEFAULT_FR_WR);
1229 
1230 	/*
1231 	 * rds_ib_conn_shutdown() waits for these to be emptied so they
1232 	 * must be initialized before it can be called.
1233 	 */
1234 	rds_ib_ring_init(&ic->i_send_ring, 0);
1235 	rds_ib_ring_init(&ic->i_recv_ring, 0);
1236 
1237 	ic->conn = conn;
1238 	conn->c_transport_data = ic;
1239 
1240 	spin_lock_irqsave(&ib_nodev_conns_lock, flags);
1241 	list_add_tail(&ic->ib_node, &ib_nodev_conns);
1242 	spin_unlock_irqrestore(&ib_nodev_conns_lock, flags);
1243 
1244 
1245 	rdsdebug("conn %p conn ic %p\n", conn, conn->c_transport_data);
1246 	return 0;
1247 }
1248 
1249 /*
1250  * Free a connection. Connection must be shut down and not set for reconnect.
1251  */
1252 void rds_ib_conn_free(void *arg)
1253 {
1254 	struct rds_ib_connection *ic = arg;
1255 	spinlock_t	*lock_ptr;
1256 
1257 	rdsdebug("ic %p\n", ic);
1258 
1259 	/*
1260 	 * Conn is either on a dev's list or on the nodev list.
1261 	 * A race with shutdown() or connect() would cause problems
1262 	 * (since rds_ibdev would change) but that should never happen.
1263 	 */
1264 	lock_ptr = ic->rds_ibdev ? &ic->rds_ibdev->spinlock : &ib_nodev_conns_lock;
1265 
1266 	spin_lock_irq(lock_ptr);
1267 	list_del(&ic->ib_node);
1268 	spin_unlock_irq(lock_ptr);
1269 
1270 	rds_ib_recv_free_caches(ic);
1271 
1272 	kfree(ic);
1273 }
1274 
1275 
1276 /*
1277  * An error occurred on the connection
1278  */
1279 void
1280 __rds_ib_conn_error(struct rds_connection *conn, const char *fmt, ...)
1281 {
1282 	va_list ap;
1283 
1284 	rds_conn_drop(conn);
1285 
1286 	va_start(ap, fmt);
1287 	vprintk(fmt, ap);
1288 	va_end(ap);
1289 }
1290