xref: /openbmc/linux/net/rds/ib_recv.c (revision b6dcefde)
1 /*
2  * Copyright (c) 2006 Oracle.  All rights reserved.
3  *
4  * This software is available to you under a choice of one of two
5  * licenses.  You may choose to be licensed under the terms of the GNU
6  * General Public License (GPL) Version 2, available from the file
7  * COPYING in the main directory of this source tree, or the
8  * OpenIB.org BSD license below:
9  *
10  *     Redistribution and use in source and binary forms, with or
11  *     without modification, are permitted provided that the following
12  *     conditions are met:
13  *
14  *      - Redistributions of source code must retain the above
15  *        copyright notice, this list of conditions and the following
16  *        disclaimer.
17  *
18  *      - Redistributions in binary form must reproduce the above
19  *        copyright notice, this list of conditions and the following
20  *        disclaimer in the documentation and/or other materials
21  *        provided with the distribution.
22  *
23  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30  * SOFTWARE.
31  *
32  */
33 #include <linux/kernel.h>
34 #include <linux/pci.h>
35 #include <linux/dma-mapping.h>
36 #include <rdma/rdma_cm.h>
37 
38 #include "rds.h"
39 #include "ib.h"
40 
41 static struct kmem_cache *rds_ib_incoming_slab;
42 static struct kmem_cache *rds_ib_frag_slab;
43 static atomic_t	rds_ib_allocation = ATOMIC_INIT(0);
44 
45 static void rds_ib_frag_drop_page(struct rds_page_frag *frag)
46 {
47 	rdsdebug("frag %p page %p\n", frag, frag->f_page);
48 	__free_page(frag->f_page);
49 	frag->f_page = NULL;
50 }
51 
52 static void rds_ib_frag_free(struct rds_page_frag *frag)
53 {
54 	rdsdebug("frag %p page %p\n", frag, frag->f_page);
55 	BUG_ON(frag->f_page != NULL);
56 	kmem_cache_free(rds_ib_frag_slab, frag);
57 }
58 
59 /*
60  * We map a page at a time.  Its fragments are posted in order.  This
61  * is called in fragment order as the fragments get send completion events.
62  * Only the last frag in the page performs the unmapping.
63  *
64  * It's OK for ring cleanup to call this in whatever order it likes because
65  * DMA is not in flight and so we can unmap while other ring entries still
66  * hold page references in their frags.
67  */
68 static void rds_ib_recv_unmap_page(struct rds_ib_connection *ic,
69 				   struct rds_ib_recv_work *recv)
70 {
71 	struct rds_page_frag *frag = recv->r_frag;
72 
73 	rdsdebug("recv %p frag %p page %p\n", recv, frag, frag->f_page);
74 	if (frag->f_mapped)
75 		ib_dma_unmap_page(ic->i_cm_id->device,
76 			       frag->f_mapped,
77 			       RDS_FRAG_SIZE, DMA_FROM_DEVICE);
78 	frag->f_mapped = 0;
79 }
80 
81 void rds_ib_recv_init_ring(struct rds_ib_connection *ic)
82 {
83 	struct rds_ib_recv_work *recv;
84 	u32 i;
85 
86 	for (i = 0, recv = ic->i_recvs; i < ic->i_recv_ring.w_nr; i++, recv++) {
87 		struct ib_sge *sge;
88 
89 		recv->r_ibinc = NULL;
90 		recv->r_frag = NULL;
91 
92 		recv->r_wr.next = NULL;
93 		recv->r_wr.wr_id = i;
94 		recv->r_wr.sg_list = recv->r_sge;
95 		recv->r_wr.num_sge = RDS_IB_RECV_SGE;
96 
97 		sge = rds_ib_data_sge(ic, recv->r_sge);
98 		sge->addr = 0;
99 		sge->length = RDS_FRAG_SIZE;
100 		sge->lkey = ic->i_mr->lkey;
101 
102 		sge = rds_ib_header_sge(ic, recv->r_sge);
103 		sge->addr = ic->i_recv_hdrs_dma + (i * sizeof(struct rds_header));
104 		sge->length = sizeof(struct rds_header);
105 		sge->lkey = ic->i_mr->lkey;
106 	}
107 }
108 
109 static void rds_ib_recv_clear_one(struct rds_ib_connection *ic,
110 				  struct rds_ib_recv_work *recv)
111 {
112 	if (recv->r_ibinc) {
113 		rds_inc_put(&recv->r_ibinc->ii_inc);
114 		recv->r_ibinc = NULL;
115 	}
116 	if (recv->r_frag) {
117 		rds_ib_recv_unmap_page(ic, recv);
118 		if (recv->r_frag->f_page)
119 			rds_ib_frag_drop_page(recv->r_frag);
120 		rds_ib_frag_free(recv->r_frag);
121 		recv->r_frag = NULL;
122 	}
123 }
124 
125 void rds_ib_recv_clear_ring(struct rds_ib_connection *ic)
126 {
127 	u32 i;
128 
129 	for (i = 0; i < ic->i_recv_ring.w_nr; i++)
130 		rds_ib_recv_clear_one(ic, &ic->i_recvs[i]);
131 
132 	if (ic->i_frag.f_page)
133 		rds_ib_frag_drop_page(&ic->i_frag);
134 }
135 
136 static int rds_ib_recv_refill_one(struct rds_connection *conn,
137 				  struct rds_ib_recv_work *recv,
138 				  gfp_t kptr_gfp, gfp_t page_gfp)
139 {
140 	struct rds_ib_connection *ic = conn->c_transport_data;
141 	dma_addr_t dma_addr;
142 	struct ib_sge *sge;
143 	int ret = -ENOMEM;
144 
145 	if (recv->r_ibinc == NULL) {
146 		if (!atomic_add_unless(&rds_ib_allocation, 1, rds_ib_sysctl_max_recv_allocation)) {
147 			rds_ib_stats_inc(s_ib_rx_alloc_limit);
148 			goto out;
149 		}
150 		recv->r_ibinc = kmem_cache_alloc(rds_ib_incoming_slab,
151 						 kptr_gfp);
152 		if (recv->r_ibinc == NULL) {
153 			atomic_dec(&rds_ib_allocation);
154 			goto out;
155 		}
156 		INIT_LIST_HEAD(&recv->r_ibinc->ii_frags);
157 		rds_inc_init(&recv->r_ibinc->ii_inc, conn, conn->c_faddr);
158 	}
159 
160 	if (recv->r_frag == NULL) {
161 		recv->r_frag = kmem_cache_alloc(rds_ib_frag_slab, kptr_gfp);
162 		if (recv->r_frag == NULL)
163 			goto out;
164 		INIT_LIST_HEAD(&recv->r_frag->f_item);
165 		recv->r_frag->f_page = NULL;
166 	}
167 
168 	if (ic->i_frag.f_page == NULL) {
169 		ic->i_frag.f_page = alloc_page(page_gfp);
170 		if (ic->i_frag.f_page == NULL)
171 			goto out;
172 		ic->i_frag.f_offset = 0;
173 	}
174 
175 	dma_addr = ib_dma_map_page(ic->i_cm_id->device,
176 				  ic->i_frag.f_page,
177 				  ic->i_frag.f_offset,
178 				  RDS_FRAG_SIZE,
179 				  DMA_FROM_DEVICE);
180 	if (ib_dma_mapping_error(ic->i_cm_id->device, dma_addr))
181 		goto out;
182 
183 	/*
184 	 * Once we get the RDS_PAGE_LAST_OFF frag then rds_ib_frag_unmap()
185 	 * must be called on this recv.  This happens as completions hit
186 	 * in order or on connection shutdown.
187 	 */
188 	recv->r_frag->f_page = ic->i_frag.f_page;
189 	recv->r_frag->f_offset = ic->i_frag.f_offset;
190 	recv->r_frag->f_mapped = dma_addr;
191 
192 	sge = rds_ib_data_sge(ic, recv->r_sge);
193 	sge->addr = dma_addr;
194 	sge->length = RDS_FRAG_SIZE;
195 
196 	sge = rds_ib_header_sge(ic, recv->r_sge);
197 	sge->addr = ic->i_recv_hdrs_dma + (recv - ic->i_recvs) * sizeof(struct rds_header);
198 	sge->length = sizeof(struct rds_header);
199 
200 	get_page(recv->r_frag->f_page);
201 
202 	if (ic->i_frag.f_offset < RDS_PAGE_LAST_OFF) {
203 		ic->i_frag.f_offset += RDS_FRAG_SIZE;
204 	} else {
205 		put_page(ic->i_frag.f_page);
206 		ic->i_frag.f_page = NULL;
207 		ic->i_frag.f_offset = 0;
208 	}
209 
210 	ret = 0;
211 out:
212 	return ret;
213 }
214 
215 /*
216  * This tries to allocate and post unused work requests after making sure that
217  * they have all the allocations they need to queue received fragments into
218  * sockets.  The i_recv_mutex is held here so that ring_alloc and _unalloc
219  * pairs don't go unmatched.
220  *
221  * -1 is returned if posting fails due to temporary resource exhaustion.
222  */
223 int rds_ib_recv_refill(struct rds_connection *conn, gfp_t kptr_gfp,
224 		       gfp_t page_gfp, int prefill)
225 {
226 	struct rds_ib_connection *ic = conn->c_transport_data;
227 	struct rds_ib_recv_work *recv;
228 	struct ib_recv_wr *failed_wr;
229 	unsigned int posted = 0;
230 	int ret = 0;
231 	u32 pos;
232 
233 	while ((prefill || rds_conn_up(conn)) &&
234 	       rds_ib_ring_alloc(&ic->i_recv_ring, 1, &pos)) {
235 		if (pos >= ic->i_recv_ring.w_nr) {
236 			printk(KERN_NOTICE "Argh - ring alloc returned pos=%u\n",
237 					pos);
238 			ret = -EINVAL;
239 			break;
240 		}
241 
242 		recv = &ic->i_recvs[pos];
243 		ret = rds_ib_recv_refill_one(conn, recv, kptr_gfp, page_gfp);
244 		if (ret) {
245 			ret = -1;
246 			break;
247 		}
248 
249 		/* XXX when can this fail? */
250 		ret = ib_post_recv(ic->i_cm_id->qp, &recv->r_wr, &failed_wr);
251 		rdsdebug("recv %p ibinc %p page %p addr %lu ret %d\n", recv,
252 			 recv->r_ibinc, recv->r_frag->f_page,
253 			 (long) recv->r_frag->f_mapped, ret);
254 		if (ret) {
255 			rds_ib_conn_error(conn, "recv post on "
256 			       "%pI4 returned %d, disconnecting and "
257 			       "reconnecting\n", &conn->c_faddr,
258 			       ret);
259 			ret = -1;
260 			break;
261 		}
262 
263 		posted++;
264 	}
265 
266 	/* We're doing flow control - update the window. */
267 	if (ic->i_flowctl && posted)
268 		rds_ib_advertise_credits(conn, posted);
269 
270 	if (ret)
271 		rds_ib_ring_unalloc(&ic->i_recv_ring, 1);
272 	return ret;
273 }
274 
275 void rds_ib_inc_purge(struct rds_incoming *inc)
276 {
277 	struct rds_ib_incoming *ibinc;
278 	struct rds_page_frag *frag;
279 	struct rds_page_frag *pos;
280 
281 	ibinc = container_of(inc, struct rds_ib_incoming, ii_inc);
282 	rdsdebug("purging ibinc %p inc %p\n", ibinc, inc);
283 
284 	list_for_each_entry_safe(frag, pos, &ibinc->ii_frags, f_item) {
285 		list_del_init(&frag->f_item);
286 		rds_ib_frag_drop_page(frag);
287 		rds_ib_frag_free(frag);
288 	}
289 }
290 
291 void rds_ib_inc_free(struct rds_incoming *inc)
292 {
293 	struct rds_ib_incoming *ibinc;
294 
295 	ibinc = container_of(inc, struct rds_ib_incoming, ii_inc);
296 
297 	rds_ib_inc_purge(inc);
298 	rdsdebug("freeing ibinc %p inc %p\n", ibinc, inc);
299 	BUG_ON(!list_empty(&ibinc->ii_frags));
300 	kmem_cache_free(rds_ib_incoming_slab, ibinc);
301 	atomic_dec(&rds_ib_allocation);
302 	BUG_ON(atomic_read(&rds_ib_allocation) < 0);
303 }
304 
305 int rds_ib_inc_copy_to_user(struct rds_incoming *inc, struct iovec *first_iov,
306 			    size_t size)
307 {
308 	struct rds_ib_incoming *ibinc;
309 	struct rds_page_frag *frag;
310 	struct iovec *iov = first_iov;
311 	unsigned long to_copy;
312 	unsigned long frag_off = 0;
313 	unsigned long iov_off = 0;
314 	int copied = 0;
315 	int ret;
316 	u32 len;
317 
318 	ibinc = container_of(inc, struct rds_ib_incoming, ii_inc);
319 	frag = list_entry(ibinc->ii_frags.next, struct rds_page_frag, f_item);
320 	len = be32_to_cpu(inc->i_hdr.h_len);
321 
322 	while (copied < size && copied < len) {
323 		if (frag_off == RDS_FRAG_SIZE) {
324 			frag = list_entry(frag->f_item.next,
325 					  struct rds_page_frag, f_item);
326 			frag_off = 0;
327 		}
328 		while (iov_off == iov->iov_len) {
329 			iov_off = 0;
330 			iov++;
331 		}
332 
333 		to_copy = min(iov->iov_len - iov_off, RDS_FRAG_SIZE - frag_off);
334 		to_copy = min_t(size_t, to_copy, size - copied);
335 		to_copy = min_t(unsigned long, to_copy, len - copied);
336 
337 		rdsdebug("%lu bytes to user [%p, %zu] + %lu from frag "
338 			 "[%p, %lu] + %lu\n",
339 			 to_copy, iov->iov_base, iov->iov_len, iov_off,
340 			 frag->f_page, frag->f_offset, frag_off);
341 
342 		/* XXX needs + offset for multiple recvs per page */
343 		ret = rds_page_copy_to_user(frag->f_page,
344 					    frag->f_offset + frag_off,
345 					    iov->iov_base + iov_off,
346 					    to_copy);
347 		if (ret) {
348 			copied = ret;
349 			break;
350 		}
351 
352 		iov_off += to_copy;
353 		frag_off += to_copy;
354 		copied += to_copy;
355 	}
356 
357 	return copied;
358 }
359 
360 /* ic starts out kzalloc()ed */
361 void rds_ib_recv_init_ack(struct rds_ib_connection *ic)
362 {
363 	struct ib_send_wr *wr = &ic->i_ack_wr;
364 	struct ib_sge *sge = &ic->i_ack_sge;
365 
366 	sge->addr = ic->i_ack_dma;
367 	sge->length = sizeof(struct rds_header);
368 	sge->lkey = ic->i_mr->lkey;
369 
370 	wr->sg_list = sge;
371 	wr->num_sge = 1;
372 	wr->opcode = IB_WR_SEND;
373 	wr->wr_id = RDS_IB_ACK_WR_ID;
374 	wr->send_flags = IB_SEND_SIGNALED | IB_SEND_SOLICITED;
375 }
376 
377 /*
378  * You'd think that with reliable IB connections you wouldn't need to ack
379  * messages that have been received.  The problem is that IB hardware generates
380  * an ack message before it has DMAed the message into memory.  This creates a
381  * potential message loss if the HCA is disabled for any reason between when it
382  * sends the ack and before the message is DMAed and processed.  This is only a
383  * potential issue if another HCA is available for fail-over.
384  *
385  * When the remote host receives our ack they'll free the sent message from
386  * their send queue.  To decrease the latency of this we always send an ack
387  * immediately after we've received messages.
388  *
389  * For simplicity, we only have one ack in flight at a time.  This puts
390  * pressure on senders to have deep enough send queues to absorb the latency of
391  * a single ack frame being in flight.  This might not be good enough.
392  *
393  * This is implemented by have a long-lived send_wr and sge which point to a
394  * statically allocated ack frame.  This ack wr does not fall under the ring
395  * accounting that the tx and rx wrs do.  The QP attribute specifically makes
396  * room for it beyond the ring size.  Send completion notices its special
397  * wr_id and avoids working with the ring in that case.
398  */
399 #ifndef KERNEL_HAS_ATOMIC64
400 static void rds_ib_set_ack(struct rds_ib_connection *ic, u64 seq,
401 				int ack_required)
402 {
403 	unsigned long flags;
404 
405 	spin_lock_irqsave(&ic->i_ack_lock, flags);
406 	ic->i_ack_next = seq;
407 	if (ack_required)
408 		set_bit(IB_ACK_REQUESTED, &ic->i_ack_flags);
409 	spin_unlock_irqrestore(&ic->i_ack_lock, flags);
410 }
411 
412 static u64 rds_ib_get_ack(struct rds_ib_connection *ic)
413 {
414 	unsigned long flags;
415 	u64 seq;
416 
417 	clear_bit(IB_ACK_REQUESTED, &ic->i_ack_flags);
418 
419 	spin_lock_irqsave(&ic->i_ack_lock, flags);
420 	seq = ic->i_ack_next;
421 	spin_unlock_irqrestore(&ic->i_ack_lock, flags);
422 
423 	return seq;
424 }
425 #else
426 static void rds_ib_set_ack(struct rds_ib_connection *ic, u64 seq,
427 				int ack_required)
428 {
429 	atomic64_set(&ic->i_ack_next, seq);
430 	if (ack_required) {
431 		smp_mb__before_clear_bit();
432 		set_bit(IB_ACK_REQUESTED, &ic->i_ack_flags);
433 	}
434 }
435 
436 static u64 rds_ib_get_ack(struct rds_ib_connection *ic)
437 {
438 	clear_bit(IB_ACK_REQUESTED, &ic->i_ack_flags);
439 	smp_mb__after_clear_bit();
440 
441 	return atomic64_read(&ic->i_ack_next);
442 }
443 #endif
444 
445 
446 static void rds_ib_send_ack(struct rds_ib_connection *ic, unsigned int adv_credits)
447 {
448 	struct rds_header *hdr = ic->i_ack;
449 	struct ib_send_wr *failed_wr;
450 	u64 seq;
451 	int ret;
452 
453 	seq = rds_ib_get_ack(ic);
454 
455 	rdsdebug("send_ack: ic %p ack %llu\n", ic, (unsigned long long) seq);
456 	rds_message_populate_header(hdr, 0, 0, 0);
457 	hdr->h_ack = cpu_to_be64(seq);
458 	hdr->h_credit = adv_credits;
459 	rds_message_make_checksum(hdr);
460 	ic->i_ack_queued = jiffies;
461 
462 	ret = ib_post_send(ic->i_cm_id->qp, &ic->i_ack_wr, &failed_wr);
463 	if (unlikely(ret)) {
464 		/* Failed to send. Release the WR, and
465 		 * force another ACK.
466 		 */
467 		clear_bit(IB_ACK_IN_FLIGHT, &ic->i_ack_flags);
468 		set_bit(IB_ACK_REQUESTED, &ic->i_ack_flags);
469 
470 		rds_ib_stats_inc(s_ib_ack_send_failure);
471 		/* Need to finesse this later. */
472 		BUG();
473 	} else
474 		rds_ib_stats_inc(s_ib_ack_sent);
475 }
476 
477 /*
478  * There are 3 ways of getting acknowledgements to the peer:
479  *  1.	We call rds_ib_attempt_ack from the recv completion handler
480  *	to send an ACK-only frame.
481  *	However, there can be only one such frame in the send queue
482  *	at any time, so we may have to postpone it.
483  *  2.	When another (data) packet is transmitted while there's
484  *	an ACK in the queue, we piggyback the ACK sequence number
485  *	on the data packet.
486  *  3.	If the ACK WR is done sending, we get called from the
487  *	send queue completion handler, and check whether there's
488  *	another ACK pending (postponed because the WR was on the
489  *	queue). If so, we transmit it.
490  *
491  * We maintain 2 variables:
492  *  -	i_ack_flags, which keeps track of whether the ACK WR
493  *	is currently in the send queue or not (IB_ACK_IN_FLIGHT)
494  *  -	i_ack_next, which is the last sequence number we received
495  *
496  * Potentially, send queue and receive queue handlers can run concurrently.
497  * It would be nice to not have to use a spinlock to synchronize things,
498  * but the one problem that rules this out is that 64bit updates are
499  * not atomic on all platforms. Things would be a lot simpler if
500  * we had atomic64 or maybe cmpxchg64 everywhere.
501  *
502  * Reconnecting complicates this picture just slightly. When we
503  * reconnect, we may be seeing duplicate packets. The peer
504  * is retransmitting them, because it hasn't seen an ACK for
505  * them. It is important that we ACK these.
506  *
507  * ACK mitigation adds a header flag "ACK_REQUIRED"; any packet with
508  * this flag set *MUST* be acknowledged immediately.
509  */
510 
511 /*
512  * When we get here, we're called from the recv queue handler.
513  * Check whether we ought to transmit an ACK.
514  */
515 void rds_ib_attempt_ack(struct rds_ib_connection *ic)
516 {
517 	unsigned int adv_credits;
518 
519 	if (!test_bit(IB_ACK_REQUESTED, &ic->i_ack_flags))
520 		return;
521 
522 	if (test_and_set_bit(IB_ACK_IN_FLIGHT, &ic->i_ack_flags)) {
523 		rds_ib_stats_inc(s_ib_ack_send_delayed);
524 		return;
525 	}
526 
527 	/* Can we get a send credit? */
528 	if (!rds_ib_send_grab_credits(ic, 1, &adv_credits, 0, RDS_MAX_ADV_CREDIT)) {
529 		rds_ib_stats_inc(s_ib_tx_throttle);
530 		clear_bit(IB_ACK_IN_FLIGHT, &ic->i_ack_flags);
531 		return;
532 	}
533 
534 	clear_bit(IB_ACK_REQUESTED, &ic->i_ack_flags);
535 	rds_ib_send_ack(ic, adv_credits);
536 }
537 
538 /*
539  * We get here from the send completion handler, when the
540  * adapter tells us the ACK frame was sent.
541  */
542 void rds_ib_ack_send_complete(struct rds_ib_connection *ic)
543 {
544 	clear_bit(IB_ACK_IN_FLIGHT, &ic->i_ack_flags);
545 	rds_ib_attempt_ack(ic);
546 }
547 
548 /*
549  * This is called by the regular xmit code when it wants to piggyback
550  * an ACK on an outgoing frame.
551  */
552 u64 rds_ib_piggyb_ack(struct rds_ib_connection *ic)
553 {
554 	if (test_and_clear_bit(IB_ACK_REQUESTED, &ic->i_ack_flags))
555 		rds_ib_stats_inc(s_ib_ack_send_piggybacked);
556 	return rds_ib_get_ack(ic);
557 }
558 
559 static struct rds_header *rds_ib_get_header(struct rds_connection *conn,
560 					    struct rds_ib_recv_work *recv,
561 					    u32 data_len)
562 {
563 	struct rds_ib_connection *ic = conn->c_transport_data;
564 	void *hdr_buff = &ic->i_recv_hdrs[recv - ic->i_recvs];
565 	void *addr;
566 	u32 misplaced_hdr_bytes;
567 
568 	/*
569 	 * Support header at the front (RDS 3.1+) as well as header-at-end.
570 	 *
571 	 * Cases:
572 	 * 1) header all in header buff (great!)
573 	 * 2) header all in data page (copy all to header buff)
574 	 * 3) header split across hdr buf + data page
575 	 *    (move bit in hdr buff to end before copying other bit from data page)
576 	 */
577 	if (conn->c_version > RDS_PROTOCOL_3_0 || data_len == RDS_FRAG_SIZE)
578 	        return hdr_buff;
579 
580 	if (data_len <= (RDS_FRAG_SIZE - sizeof(struct rds_header))) {
581 		addr = kmap_atomic(recv->r_frag->f_page, KM_SOFTIRQ0);
582 		memcpy(hdr_buff,
583 		       addr + recv->r_frag->f_offset + data_len,
584 		       sizeof(struct rds_header));
585 		kunmap_atomic(addr, KM_SOFTIRQ0);
586 		return hdr_buff;
587 	}
588 
589 	misplaced_hdr_bytes = (sizeof(struct rds_header) - (RDS_FRAG_SIZE - data_len));
590 
591 	memmove(hdr_buff + misplaced_hdr_bytes, hdr_buff, misplaced_hdr_bytes);
592 
593 	addr = kmap_atomic(recv->r_frag->f_page, KM_SOFTIRQ0);
594 	memcpy(hdr_buff, addr + recv->r_frag->f_offset + data_len,
595 	       sizeof(struct rds_header) - misplaced_hdr_bytes);
596 	kunmap_atomic(addr, KM_SOFTIRQ0);
597 	return hdr_buff;
598 }
599 
600 /*
601  * It's kind of lame that we're copying from the posted receive pages into
602  * long-lived bitmaps.  We could have posted the bitmaps and rdma written into
603  * them.  But receiving new congestion bitmaps should be a *rare* event, so
604  * hopefully we won't need to invest that complexity in making it more
605  * efficient.  By copying we can share a simpler core with TCP which has to
606  * copy.
607  */
608 static void rds_ib_cong_recv(struct rds_connection *conn,
609 			      struct rds_ib_incoming *ibinc)
610 {
611 	struct rds_cong_map *map;
612 	unsigned int map_off;
613 	unsigned int map_page;
614 	struct rds_page_frag *frag;
615 	unsigned long frag_off;
616 	unsigned long to_copy;
617 	unsigned long copied;
618 	uint64_t uncongested = 0;
619 	void *addr;
620 
621 	/* catch completely corrupt packets */
622 	if (be32_to_cpu(ibinc->ii_inc.i_hdr.h_len) != RDS_CONG_MAP_BYTES)
623 		return;
624 
625 	map = conn->c_fcong;
626 	map_page = 0;
627 	map_off = 0;
628 
629 	frag = list_entry(ibinc->ii_frags.next, struct rds_page_frag, f_item);
630 	frag_off = 0;
631 
632 	copied = 0;
633 
634 	while (copied < RDS_CONG_MAP_BYTES) {
635 		uint64_t *src, *dst;
636 		unsigned int k;
637 
638 		to_copy = min(RDS_FRAG_SIZE - frag_off, PAGE_SIZE - map_off);
639 		BUG_ON(to_copy & 7); /* Must be 64bit aligned. */
640 
641 		addr = kmap_atomic(frag->f_page, KM_SOFTIRQ0);
642 
643 		src = addr + frag_off;
644 		dst = (void *)map->m_page_addrs[map_page] + map_off;
645 		for (k = 0; k < to_copy; k += 8) {
646 			/* Record ports that became uncongested, ie
647 			 * bits that changed from 0 to 1. */
648 			uncongested |= ~(*src) & *dst;
649 			*dst++ = *src++;
650 		}
651 		kunmap_atomic(addr, KM_SOFTIRQ0);
652 
653 		copied += to_copy;
654 
655 		map_off += to_copy;
656 		if (map_off == PAGE_SIZE) {
657 			map_off = 0;
658 			map_page++;
659 		}
660 
661 		frag_off += to_copy;
662 		if (frag_off == RDS_FRAG_SIZE) {
663 			frag = list_entry(frag->f_item.next,
664 					  struct rds_page_frag, f_item);
665 			frag_off = 0;
666 		}
667 	}
668 
669 	/* the congestion map is in little endian order */
670 	uncongested = le64_to_cpu(uncongested);
671 
672 	rds_cong_map_updated(map, uncongested);
673 }
674 
675 /*
676  * Rings are posted with all the allocations they'll need to queue the
677  * incoming message to the receiving socket so this can't fail.
678  * All fragments start with a header, so we can make sure we're not receiving
679  * garbage, and we can tell a small 8 byte fragment from an ACK frame.
680  */
681 struct rds_ib_ack_state {
682 	u64		ack_next;
683 	u64		ack_recv;
684 	unsigned int	ack_required:1;
685 	unsigned int	ack_next_valid:1;
686 	unsigned int	ack_recv_valid:1;
687 };
688 
689 static void rds_ib_process_recv(struct rds_connection *conn,
690 				struct rds_ib_recv_work *recv, u32 data_len,
691 				struct rds_ib_ack_state *state)
692 {
693 	struct rds_ib_connection *ic = conn->c_transport_data;
694 	struct rds_ib_incoming *ibinc = ic->i_ibinc;
695 	struct rds_header *ihdr, *hdr;
696 
697 	/* XXX shut down the connection if port 0,0 are seen? */
698 
699 	rdsdebug("ic %p ibinc %p recv %p byte len %u\n", ic, ibinc, recv,
700 		 data_len);
701 
702 	if (data_len < sizeof(struct rds_header)) {
703 		rds_ib_conn_error(conn, "incoming message "
704 		       "from %pI4 didn't inclue a "
705 		       "header, disconnecting and "
706 		       "reconnecting\n",
707 		       &conn->c_faddr);
708 		return;
709 	}
710 	data_len -= sizeof(struct rds_header);
711 
712 	ihdr = rds_ib_get_header(conn, recv, data_len);
713 
714 	/* Validate the checksum. */
715 	if (!rds_message_verify_checksum(ihdr)) {
716 		rds_ib_conn_error(conn, "incoming message "
717 		       "from %pI4 has corrupted header - "
718 		       "forcing a reconnect\n",
719 		       &conn->c_faddr);
720 		rds_stats_inc(s_recv_drop_bad_checksum);
721 		return;
722 	}
723 
724 	/* Process the ACK sequence which comes with every packet */
725 	state->ack_recv = be64_to_cpu(ihdr->h_ack);
726 	state->ack_recv_valid = 1;
727 
728 	/* Process the credits update if there was one */
729 	if (ihdr->h_credit)
730 		rds_ib_send_add_credits(conn, ihdr->h_credit);
731 
732 	if (ihdr->h_sport == 0 && ihdr->h_dport == 0 && data_len == 0) {
733 		/* This is an ACK-only packet. The fact that it gets
734 		 * special treatment here is that historically, ACKs
735 		 * were rather special beasts.
736 		 */
737 		rds_ib_stats_inc(s_ib_ack_received);
738 
739 		/*
740 		 * Usually the frags make their way on to incs and are then freed as
741 		 * the inc is freed.  We don't go that route, so we have to drop the
742 		 * page ref ourselves.  We can't just leave the page on the recv
743 		 * because that confuses the dma mapping of pages and each recv's use
744 		 * of a partial page.  We can leave the frag, though, it will be
745 		 * reused.
746 		 *
747 		 * FIXME: Fold this into the code path below.
748 		 */
749 		rds_ib_frag_drop_page(recv->r_frag);
750 		return;
751 	}
752 
753 	/*
754 	 * If we don't already have an inc on the connection then this
755 	 * fragment has a header and starts a message.. copy its header
756 	 * into the inc and save the inc so we can hang upcoming fragments
757 	 * off its list.
758 	 */
759 	if (ibinc == NULL) {
760 		ibinc = recv->r_ibinc;
761 		recv->r_ibinc = NULL;
762 		ic->i_ibinc = ibinc;
763 
764 		hdr = &ibinc->ii_inc.i_hdr;
765 		memcpy(hdr, ihdr, sizeof(*hdr));
766 		ic->i_recv_data_rem = be32_to_cpu(hdr->h_len);
767 
768 		rdsdebug("ic %p ibinc %p rem %u flag 0x%x\n", ic, ibinc,
769 			 ic->i_recv_data_rem, hdr->h_flags);
770 	} else {
771 		hdr = &ibinc->ii_inc.i_hdr;
772 		/* We can't just use memcmp here; fragments of a
773 		 * single message may carry different ACKs */
774 		if (hdr->h_sequence != ihdr->h_sequence ||
775 		    hdr->h_len != ihdr->h_len ||
776 		    hdr->h_sport != ihdr->h_sport ||
777 		    hdr->h_dport != ihdr->h_dport) {
778 			rds_ib_conn_error(conn,
779 				"fragment header mismatch; forcing reconnect\n");
780 			return;
781 		}
782 	}
783 
784 	list_add_tail(&recv->r_frag->f_item, &ibinc->ii_frags);
785 	recv->r_frag = NULL;
786 
787 	if (ic->i_recv_data_rem > RDS_FRAG_SIZE)
788 		ic->i_recv_data_rem -= RDS_FRAG_SIZE;
789 	else {
790 		ic->i_recv_data_rem = 0;
791 		ic->i_ibinc = NULL;
792 
793 		if (ibinc->ii_inc.i_hdr.h_flags == RDS_FLAG_CONG_BITMAP)
794 			rds_ib_cong_recv(conn, ibinc);
795 		else {
796 			rds_recv_incoming(conn, conn->c_faddr, conn->c_laddr,
797 					  &ibinc->ii_inc, GFP_ATOMIC,
798 					  KM_SOFTIRQ0);
799 			state->ack_next = be64_to_cpu(hdr->h_sequence);
800 			state->ack_next_valid = 1;
801 		}
802 
803 		/* Evaluate the ACK_REQUIRED flag *after* we received
804 		 * the complete frame, and after bumping the next_rx
805 		 * sequence. */
806 		if (hdr->h_flags & RDS_FLAG_ACK_REQUIRED) {
807 			rds_stats_inc(s_recv_ack_required);
808 			state->ack_required = 1;
809 		}
810 
811 		rds_inc_put(&ibinc->ii_inc);
812 	}
813 }
814 
815 /*
816  * Plucking the oldest entry from the ring can be done concurrently with
817  * the thread refilling the ring.  Each ring operation is protected by
818  * spinlocks and the transient state of refilling doesn't change the
819  * recording of which entry is oldest.
820  *
821  * This relies on IB only calling one cq comp_handler for each cq so that
822  * there will only be one caller of rds_recv_incoming() per RDS connection.
823  */
824 void rds_ib_recv_cq_comp_handler(struct ib_cq *cq, void *context)
825 {
826 	struct rds_connection *conn = context;
827 	struct rds_ib_connection *ic = conn->c_transport_data;
828 
829 	rdsdebug("conn %p cq %p\n", conn, cq);
830 
831 	rds_ib_stats_inc(s_ib_rx_cq_call);
832 
833 	tasklet_schedule(&ic->i_recv_tasklet);
834 }
835 
836 static inline void rds_poll_cq(struct rds_ib_connection *ic,
837 			       struct rds_ib_ack_state *state)
838 {
839 	struct rds_connection *conn = ic->conn;
840 	struct ib_wc wc;
841 	struct rds_ib_recv_work *recv;
842 
843 	while (ib_poll_cq(ic->i_recv_cq, 1, &wc) > 0) {
844 		rdsdebug("wc wr_id 0x%llx status %u byte_len %u imm_data %u\n",
845 			 (unsigned long long)wc.wr_id, wc.status, wc.byte_len,
846 			 be32_to_cpu(wc.ex.imm_data));
847 		rds_ib_stats_inc(s_ib_rx_cq_event);
848 
849 		recv = &ic->i_recvs[rds_ib_ring_oldest(&ic->i_recv_ring)];
850 
851 		rds_ib_recv_unmap_page(ic, recv);
852 
853 		/*
854 		 * Also process recvs in connecting state because it is possible
855 		 * to get a recv completion _before_ the rdmacm ESTABLISHED
856 		 * event is processed.
857 		 */
858 		if (rds_conn_up(conn) || rds_conn_connecting(conn)) {
859 			/* We expect errors as the qp is drained during shutdown */
860 			if (wc.status == IB_WC_SUCCESS) {
861 				rds_ib_process_recv(conn, recv, wc.byte_len, state);
862 			} else {
863 				rds_ib_conn_error(conn, "recv completion on "
864 				       "%pI4 had status %u, disconnecting and "
865 				       "reconnecting\n", &conn->c_faddr,
866 				       wc.status);
867 			}
868 		}
869 
870 		rds_ib_ring_free(&ic->i_recv_ring, 1);
871 	}
872 }
873 
874 void rds_ib_recv_tasklet_fn(unsigned long data)
875 {
876 	struct rds_ib_connection *ic = (struct rds_ib_connection *) data;
877 	struct rds_connection *conn = ic->conn;
878 	struct rds_ib_ack_state state = { 0, };
879 
880 	rds_poll_cq(ic, &state);
881 	ib_req_notify_cq(ic->i_recv_cq, IB_CQ_SOLICITED);
882 	rds_poll_cq(ic, &state);
883 
884 	if (state.ack_next_valid)
885 		rds_ib_set_ack(ic, state.ack_next, state.ack_required);
886 	if (state.ack_recv_valid && state.ack_recv > ic->i_ack_recv) {
887 		rds_send_drop_acked(conn, state.ack_recv, NULL);
888 		ic->i_ack_recv = state.ack_recv;
889 	}
890 	if (rds_conn_up(conn))
891 		rds_ib_attempt_ack(ic);
892 
893 	/* If we ever end up with a really empty receive ring, we're
894 	 * in deep trouble, as the sender will definitely see RNR
895 	 * timeouts. */
896 	if (rds_ib_ring_empty(&ic->i_recv_ring))
897 		rds_ib_stats_inc(s_ib_rx_ring_empty);
898 
899 	/*
900 	 * If the ring is running low, then schedule the thread to refill.
901 	 */
902 	if (rds_ib_ring_low(&ic->i_recv_ring))
903 		queue_delayed_work(rds_wq, &conn->c_recv_w, 0);
904 }
905 
906 int rds_ib_recv(struct rds_connection *conn)
907 {
908 	struct rds_ib_connection *ic = conn->c_transport_data;
909 	int ret = 0;
910 
911 	rdsdebug("conn %p\n", conn);
912 
913 	/*
914 	 * If we get a temporary posting failure in this context then
915 	 * we're really low and we want the caller to back off for a bit.
916 	 */
917 	mutex_lock(&ic->i_recv_mutex);
918 	if (rds_ib_recv_refill(conn, GFP_KERNEL, GFP_HIGHUSER, 0))
919 		ret = -ENOMEM;
920 	else
921 		rds_ib_stats_inc(s_ib_rx_refill_from_thread);
922 	mutex_unlock(&ic->i_recv_mutex);
923 
924 	if (rds_conn_up(conn))
925 		rds_ib_attempt_ack(ic);
926 
927 	return ret;
928 }
929 
930 int __init rds_ib_recv_init(void)
931 {
932 	struct sysinfo si;
933 	int ret = -ENOMEM;
934 
935 	/* Default to 30% of all available RAM for recv memory */
936 	si_meminfo(&si);
937 	rds_ib_sysctl_max_recv_allocation = si.totalram / 3 * PAGE_SIZE / RDS_FRAG_SIZE;
938 
939 	rds_ib_incoming_slab = kmem_cache_create("rds_ib_incoming",
940 					sizeof(struct rds_ib_incoming),
941 					0, 0, NULL);
942 	if (rds_ib_incoming_slab == NULL)
943 		goto out;
944 
945 	rds_ib_frag_slab = kmem_cache_create("rds_ib_frag",
946 					sizeof(struct rds_page_frag),
947 					0, 0, NULL);
948 	if (rds_ib_frag_slab == NULL)
949 		kmem_cache_destroy(rds_ib_incoming_slab);
950 	else
951 		ret = 0;
952 out:
953 	return ret;
954 }
955 
956 void rds_ib_recv_exit(void)
957 {
958 	kmem_cache_destroy(rds_ib_incoming_slab);
959 	kmem_cache_destroy(rds_ib_frag_slab);
960 }
961