]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - drivers/infiniband/core/ucma.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
RDMA/ucma: Fix Spectre v1 vulnerability
[mirror_ubuntu-bionic-kernel.git] / drivers / infiniband / core / ucma.c
1 /*
2 * Copyright (c) 2005-2006 Intel Corporation. All rights reserved.
3 *
4 * This software is available to you under a choice of one of two
5 * licenses. You may choose to be licensed under the terms of the GNU
6 * General Public License (GPL) Version 2, available from the file
7 * COPYING in the main directory of this source tree, or the
8 * OpenIB.org BSD license below:
9 *
10 * Redistribution and use in source and binary forms, with or
11 * without modification, are permitted provided that the following
12 * conditions are met:
13 *
14 * - Redistributions of source code must retain the above
15 * copyright notice, this list of conditions and the following
16 * disclaimer.
17 *
18 * - Redistributions in binary form must reproduce the above
19 * copyright notice, this list of conditions and the following
20 * disclaimer in the documentation and/or other materials
21 * provided with the distribution.
22 *
23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30 * SOFTWARE.
31 */
32
33 #include <linux/completion.h>
34 #include <linux/file.h>
35 #include <linux/mutex.h>
36 #include <linux/poll.h>
37 #include <linux/sched.h>
38 #include <linux/idr.h>
39 #include <linux/in.h>
40 #include <linux/in6.h>
41 #include <linux/miscdevice.h>
42 #include <linux/slab.h>
43 #include <linux/sysctl.h>
44 #include <linux/module.h>
45 #include <linux/nsproxy.h>
46
47 #include <linux/nospec.h>
48
49 #include <rdma/rdma_user_cm.h>
50 #include <rdma/ib_marshall.h>
51 #include <rdma/rdma_cm.h>
52 #include <rdma/rdma_cm_ib.h>
53 #include <rdma/ib_addr.h>
54 #include <rdma/ib.h>
55
56 MODULE_AUTHOR("Sean Hefty");
57 MODULE_DESCRIPTION("RDMA Userspace Connection Manager Access");
58 MODULE_LICENSE("Dual BSD/GPL");
59
60 static unsigned int max_backlog = 1024;
61
62 static struct ctl_table_header *ucma_ctl_table_hdr;
63 static struct ctl_table ucma_ctl_table[] = {
64 {
65 .procname = "max_backlog",
66 .data = &max_backlog,
67 .maxlen = sizeof max_backlog,
68 .mode = 0644,
69 .proc_handler = proc_dointvec,
70 },
71 { }
72 };
73
74 struct ucma_file {
75 struct mutex mut;
76 struct file *filp;
77 struct list_head ctx_list;
78 struct list_head event_list;
79 wait_queue_head_t poll_wait;
80 struct workqueue_struct *close_wq;
81 };
82
83 struct ucma_context {
84 int id;
85 struct completion comp;
86 atomic_t ref;
87 int events_reported;
88 int backlog;
89
90 struct ucma_file *file;
91 struct rdma_cm_id *cm_id;
92 u64 uid;
93
94 struct list_head list;
95 struct list_head mc_list;
96 /* mark that device is in process of destroying the internal HW
97 * resources, protected by the global mut
98 */
99 int closing;
100 /* sync between removal event and id destroy, protected by file mut */
101 int destroying;
102 struct work_struct close_work;
103 };
104
105 struct ucma_multicast {
106 struct ucma_context *ctx;
107 int id;
108 int events_reported;
109
110 u64 uid;
111 u8 join_state;
112 struct list_head list;
113 struct sockaddr_storage addr;
114 };
115
116 struct ucma_event {
117 struct ucma_context *ctx;
118 struct ucma_multicast *mc;
119 struct list_head list;
120 struct rdma_cm_id *cm_id;
121 struct rdma_ucm_event_resp resp;
122 struct work_struct close_work;
123 };
124
125 static DEFINE_MUTEX(mut);
126 static DEFINE_IDR(ctx_idr);
127 static DEFINE_IDR(multicast_idr);
128
129 static inline struct ucma_context *_ucma_find_context(int id,
130 struct ucma_file *file)
131 {
132 struct ucma_context *ctx;
133
134 ctx = idr_find(&ctx_idr, id);
135 if (!ctx)
136 ctx = ERR_PTR(-ENOENT);
137 else if (ctx->file != file || !ctx->cm_id)
138 ctx = ERR_PTR(-EINVAL);
139 return ctx;
140 }
141
142 static struct ucma_context *ucma_get_ctx(struct ucma_file *file, int id)
143 {
144 struct ucma_context *ctx;
145
146 mutex_lock(&mut);
147 ctx = _ucma_find_context(id, file);
148 if (!IS_ERR(ctx)) {
149 if (ctx->closing)
150 ctx = ERR_PTR(-EIO);
151 else
152 atomic_inc(&ctx->ref);
153 }
154 mutex_unlock(&mut);
155 return ctx;
156 }
157
158 static void ucma_put_ctx(struct ucma_context *ctx)
159 {
160 if (atomic_dec_and_test(&ctx->ref))
161 complete(&ctx->comp);
162 }
163
164 static void ucma_close_event_id(struct work_struct *work)
165 {
166 struct ucma_event *uevent_close = container_of(work, struct ucma_event, close_work);
167
168 rdma_destroy_id(uevent_close->cm_id);
169 kfree(uevent_close);
170 }
171
172 static void ucma_close_id(struct work_struct *work)
173 {
174 struct ucma_context *ctx = container_of(work, struct ucma_context, close_work);
175
176 /* once all inflight tasks are finished, we close all underlying
177 * resources. The context is still alive till its explicit destryoing
178 * by its creator.
179 */
180 ucma_put_ctx(ctx);
181 wait_for_completion(&ctx->comp);
182 /* No new events will be generated after destroying the id. */
183 rdma_destroy_id(ctx->cm_id);
184 }
185
186 static struct ucma_context *ucma_alloc_ctx(struct ucma_file *file)
187 {
188 struct ucma_context *ctx;
189
190 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
191 if (!ctx)
192 return NULL;
193
194 INIT_WORK(&ctx->close_work, ucma_close_id);
195 atomic_set(&ctx->ref, 1);
196 init_completion(&ctx->comp);
197 INIT_LIST_HEAD(&ctx->mc_list);
198 ctx->file = file;
199
200 mutex_lock(&mut);
201 ctx->id = idr_alloc(&ctx_idr, ctx, 0, 0, GFP_KERNEL);
202 mutex_unlock(&mut);
203 if (ctx->id < 0)
204 goto error;
205
206 list_add_tail(&ctx->list, &file->ctx_list);
207 return ctx;
208
209 error:
210 kfree(ctx);
211 return NULL;
212 }
213
214 static struct ucma_multicast* ucma_alloc_multicast(struct ucma_context *ctx)
215 {
216 struct ucma_multicast *mc;
217
218 mc = kzalloc(sizeof(*mc), GFP_KERNEL);
219 if (!mc)
220 return NULL;
221
222 mutex_lock(&mut);
223 mc->id = idr_alloc(&multicast_idr, NULL, 0, 0, GFP_KERNEL);
224 mutex_unlock(&mut);
225 if (mc->id < 0)
226 goto error;
227
228 mc->ctx = ctx;
229 list_add_tail(&mc->list, &ctx->mc_list);
230 return mc;
231
232 error:
233 kfree(mc);
234 return NULL;
235 }
236
237 static void ucma_copy_conn_event(struct rdma_ucm_conn_param *dst,
238 struct rdma_conn_param *src)
239 {
240 if (src->private_data_len)
241 memcpy(dst->private_data, src->private_data,
242 src->private_data_len);
243 dst->private_data_len = src->private_data_len;
244 dst->responder_resources =src->responder_resources;
245 dst->initiator_depth = src->initiator_depth;
246 dst->flow_control = src->flow_control;
247 dst->retry_count = src->retry_count;
248 dst->rnr_retry_count = src->rnr_retry_count;
249 dst->srq = src->srq;
250 dst->qp_num = src->qp_num;
251 }
252
253 static void ucma_copy_ud_event(struct ib_device *device,
254 struct rdma_ucm_ud_param *dst,
255 struct rdma_ud_param *src)
256 {
257 if (src->private_data_len)
258 memcpy(dst->private_data, src->private_data,
259 src->private_data_len);
260 dst->private_data_len = src->private_data_len;
261 ib_copy_ah_attr_to_user(device, &dst->ah_attr, &src->ah_attr);
262 dst->qp_num = src->qp_num;
263 dst->qkey = src->qkey;
264 }
265
266 static void ucma_set_event_context(struct ucma_context *ctx,
267 struct rdma_cm_event *event,
268 struct ucma_event *uevent)
269 {
270 uevent->ctx = ctx;
271 switch (event->event) {
272 case RDMA_CM_EVENT_MULTICAST_JOIN:
273 case RDMA_CM_EVENT_MULTICAST_ERROR:
274 uevent->mc = (struct ucma_multicast *)
275 event->param.ud.private_data;
276 uevent->resp.uid = uevent->mc->uid;
277 uevent->resp.id = uevent->mc->id;
278 break;
279 default:
280 uevent->resp.uid = ctx->uid;
281 uevent->resp.id = ctx->id;
282 break;
283 }
284 }
285
286 /* Called with file->mut locked for the relevant context. */
287 static void ucma_removal_event_handler(struct rdma_cm_id *cm_id)
288 {
289 struct ucma_context *ctx = cm_id->context;
290 struct ucma_event *con_req_eve;
291 int event_found = 0;
292
293 if (ctx->destroying)
294 return;
295
296 /* only if context is pointing to cm_id that it owns it and can be
297 * queued to be closed, otherwise that cm_id is an inflight one that
298 * is part of that context event list pending to be detached and
299 * reattached to its new context as part of ucma_get_event,
300 * handled separately below.
301 */
302 if (ctx->cm_id == cm_id) {
303 mutex_lock(&mut);
304 ctx->closing = 1;
305 mutex_unlock(&mut);
306 queue_work(ctx->file->close_wq, &ctx->close_work);
307 return;
308 }
309
310 list_for_each_entry(con_req_eve, &ctx->file->event_list, list) {
311 if (con_req_eve->cm_id == cm_id &&
312 con_req_eve->resp.event == RDMA_CM_EVENT_CONNECT_REQUEST) {
313 list_del(&con_req_eve->list);
314 INIT_WORK(&con_req_eve->close_work, ucma_close_event_id);
315 queue_work(ctx->file->close_wq, &con_req_eve->close_work);
316 event_found = 1;
317 break;
318 }
319 }
320 if (!event_found)
321 pr_err("ucma_removal_event_handler: warning: connect request event wasn't found\n");
322 }
323
324 static int ucma_event_handler(struct rdma_cm_id *cm_id,
325 struct rdma_cm_event *event)
326 {
327 struct ucma_event *uevent;
328 struct ucma_context *ctx = cm_id->context;
329 int ret = 0;
330
331 uevent = kzalloc(sizeof(*uevent), GFP_KERNEL);
332 if (!uevent)
333 return event->event == RDMA_CM_EVENT_CONNECT_REQUEST;
334
335 mutex_lock(&ctx->file->mut);
336 uevent->cm_id = cm_id;
337 ucma_set_event_context(ctx, event, uevent);
338 uevent->resp.event = event->event;
339 uevent->resp.status = event->status;
340 if (cm_id->qp_type == IB_QPT_UD)
341 ucma_copy_ud_event(cm_id->device, &uevent->resp.param.ud,
342 &event->param.ud);
343 else
344 ucma_copy_conn_event(&uevent->resp.param.conn,
345 &event->param.conn);
346
347 if (event->event == RDMA_CM_EVENT_CONNECT_REQUEST) {
348 if (!ctx->backlog) {
349 ret = -ENOMEM;
350 kfree(uevent);
351 goto out;
352 }
353 ctx->backlog--;
354 } else if (!ctx->uid || ctx->cm_id != cm_id) {
355 /*
356 * We ignore events for new connections until userspace has set
357 * their context. This can only happen if an error occurs on a
358 * new connection before the user accepts it. This is okay,
359 * since the accept will just fail later. However, we do need
360 * to release the underlying HW resources in case of a device
361 * removal event.
362 */
363 if (event->event == RDMA_CM_EVENT_DEVICE_REMOVAL)
364 ucma_removal_event_handler(cm_id);
365
366 kfree(uevent);
367 goto out;
368 }
369
370 list_add_tail(&uevent->list, &ctx->file->event_list);
371 wake_up_interruptible(&ctx->file->poll_wait);
372 if (event->event == RDMA_CM_EVENT_DEVICE_REMOVAL)
373 ucma_removal_event_handler(cm_id);
374 out:
375 mutex_unlock(&ctx->file->mut);
376 return ret;
377 }
378
379 static ssize_t ucma_get_event(struct ucma_file *file, const char __user *inbuf,
380 int in_len, int out_len)
381 {
382 struct ucma_context *ctx;
383 struct rdma_ucm_get_event cmd;
384 struct ucma_event *uevent;
385 int ret = 0;
386
387 if (out_len < sizeof uevent->resp)
388 return -ENOSPC;
389
390 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
391 return -EFAULT;
392
393 mutex_lock(&file->mut);
394 while (list_empty(&file->event_list)) {
395 mutex_unlock(&file->mut);
396
397 if (file->filp->f_flags & O_NONBLOCK)
398 return -EAGAIN;
399
400 if (wait_event_interruptible(file->poll_wait,
401 !list_empty(&file->event_list)))
402 return -ERESTARTSYS;
403
404 mutex_lock(&file->mut);
405 }
406
407 uevent = list_entry(file->event_list.next, struct ucma_event, list);
408
409 if (uevent->resp.event == RDMA_CM_EVENT_CONNECT_REQUEST) {
410 ctx = ucma_alloc_ctx(file);
411 if (!ctx) {
412 ret = -ENOMEM;
413 goto done;
414 }
415 uevent->ctx->backlog++;
416 ctx->cm_id = uevent->cm_id;
417 ctx->cm_id->context = ctx;
418 uevent->resp.id = ctx->id;
419 }
420
421 if (copy_to_user((void __user *)(unsigned long)cmd.response,
422 &uevent->resp, sizeof uevent->resp)) {
423 ret = -EFAULT;
424 goto done;
425 }
426
427 list_del(&uevent->list);
428 uevent->ctx->events_reported++;
429 if (uevent->mc)
430 uevent->mc->events_reported++;
431 kfree(uevent);
432 done:
433 mutex_unlock(&file->mut);
434 return ret;
435 }
436
437 static int ucma_get_qp_type(struct rdma_ucm_create_id *cmd, enum ib_qp_type *qp_type)
438 {
439 switch (cmd->ps) {
440 case RDMA_PS_TCP:
441 *qp_type = IB_QPT_RC;
442 return 0;
443 case RDMA_PS_UDP:
444 case RDMA_PS_IPOIB:
445 *qp_type = IB_QPT_UD;
446 return 0;
447 case RDMA_PS_IB:
448 *qp_type = cmd->qp_type;
449 return 0;
450 default:
451 return -EINVAL;
452 }
453 }
454
455 static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf,
456 int in_len, int out_len)
457 {
458 struct rdma_ucm_create_id cmd;
459 struct rdma_ucm_create_id_resp resp;
460 struct ucma_context *ctx;
461 struct rdma_cm_id *cm_id;
462 enum ib_qp_type qp_type;
463 int ret;
464
465 if (out_len < sizeof(resp))
466 return -ENOSPC;
467
468 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
469 return -EFAULT;
470
471 ret = ucma_get_qp_type(&cmd, &qp_type);
472 if (ret)
473 return ret;
474
475 mutex_lock(&file->mut);
476 ctx = ucma_alloc_ctx(file);
477 mutex_unlock(&file->mut);
478 if (!ctx)
479 return -ENOMEM;
480
481 ctx->uid = cmd.uid;
482 cm_id = rdma_create_id(current->nsproxy->net_ns,
483 ucma_event_handler, ctx, cmd.ps, qp_type);
484 if (IS_ERR(cm_id)) {
485 ret = PTR_ERR(cm_id);
486 goto err1;
487 }
488
489 resp.id = ctx->id;
490 if (copy_to_user((void __user *)(unsigned long)cmd.response,
491 &resp, sizeof(resp))) {
492 ret = -EFAULT;
493 goto err2;
494 }
495
496 ctx->cm_id = cm_id;
497 return 0;
498
499 err2:
500 rdma_destroy_id(cm_id);
501 err1:
502 mutex_lock(&mut);
503 idr_remove(&ctx_idr, ctx->id);
504 mutex_unlock(&mut);
505 mutex_lock(&file->mut);
506 list_del(&ctx->list);
507 mutex_unlock(&file->mut);
508 kfree(ctx);
509 return ret;
510 }
511
512 static void ucma_cleanup_multicast(struct ucma_context *ctx)
513 {
514 struct ucma_multicast *mc, *tmp;
515
516 mutex_lock(&mut);
517 list_for_each_entry_safe(mc, tmp, &ctx->mc_list, list) {
518 list_del(&mc->list);
519 idr_remove(&multicast_idr, mc->id);
520 kfree(mc);
521 }
522 mutex_unlock(&mut);
523 }
524
525 static void ucma_cleanup_mc_events(struct ucma_multicast *mc)
526 {
527 struct ucma_event *uevent, *tmp;
528
529 list_for_each_entry_safe(uevent, tmp, &mc->ctx->file->event_list, list) {
530 if (uevent->mc != mc)
531 continue;
532
533 list_del(&uevent->list);
534 kfree(uevent);
535 }
536 }
537
538 /*
539 * ucma_free_ctx is called after the underlying rdma CM-ID is destroyed. At
540 * this point, no new events will be reported from the hardware. However, we
541 * still need to cleanup the UCMA context for this ID. Specifically, there
542 * might be events that have not yet been consumed by the user space software.
543 * These might include pending connect requests which we have not completed
544 * processing. We cannot call rdma_destroy_id while holding the lock of the
545 * context (file->mut), as it might cause a deadlock. We therefore extract all
546 * relevant events from the context pending events list while holding the
547 * mutex. After that we release them as needed.
548 */
549 static int ucma_free_ctx(struct ucma_context *ctx)
550 {
551 int events_reported;
552 struct ucma_event *uevent, *tmp;
553 LIST_HEAD(list);
554
555
556 ucma_cleanup_multicast(ctx);
557
558 /* Cleanup events not yet reported to the user. */
559 mutex_lock(&ctx->file->mut);
560 list_for_each_entry_safe(uevent, tmp, &ctx->file->event_list, list) {
561 if (uevent->ctx == ctx)
562 list_move_tail(&uevent->list, &list);
563 }
564 list_del(&ctx->list);
565 mutex_unlock(&ctx->file->mut);
566
567 list_for_each_entry_safe(uevent, tmp, &list, list) {
568 list_del(&uevent->list);
569 if (uevent->resp.event == RDMA_CM_EVENT_CONNECT_REQUEST)
570 rdma_destroy_id(uevent->cm_id);
571 kfree(uevent);
572 }
573
574 events_reported = ctx->events_reported;
575 kfree(ctx);
576 return events_reported;
577 }
578
579 static ssize_t ucma_destroy_id(struct ucma_file *file, const char __user *inbuf,
580 int in_len, int out_len)
581 {
582 struct rdma_ucm_destroy_id cmd;
583 struct rdma_ucm_destroy_id_resp resp;
584 struct ucma_context *ctx;
585 int ret = 0;
586
587 if (out_len < sizeof(resp))
588 return -ENOSPC;
589
590 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
591 return -EFAULT;
592
593 mutex_lock(&mut);
594 ctx = _ucma_find_context(cmd.id, file);
595 if (!IS_ERR(ctx))
596 idr_remove(&ctx_idr, ctx->id);
597 mutex_unlock(&mut);
598
599 if (IS_ERR(ctx))
600 return PTR_ERR(ctx);
601
602 mutex_lock(&ctx->file->mut);
603 ctx->destroying = 1;
604 mutex_unlock(&ctx->file->mut);
605
606 flush_workqueue(ctx->file->close_wq);
607 /* At this point it's guaranteed that there is no inflight
608 * closing task */
609 mutex_lock(&mut);
610 if (!ctx->closing) {
611 mutex_unlock(&mut);
612 ucma_put_ctx(ctx);
613 wait_for_completion(&ctx->comp);
614 rdma_destroy_id(ctx->cm_id);
615 } else {
616 mutex_unlock(&mut);
617 }
618
619 resp.events_reported = ucma_free_ctx(ctx);
620 if (copy_to_user((void __user *)(unsigned long)cmd.response,
621 &resp, sizeof(resp)))
622 ret = -EFAULT;
623
624 return ret;
625 }
626
627 static ssize_t ucma_bind_ip(struct ucma_file *file, const char __user *inbuf,
628 int in_len, int out_len)
629 {
630 struct rdma_ucm_bind_ip cmd;
631 struct ucma_context *ctx;
632 int ret;
633
634 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
635 return -EFAULT;
636
637 if (!rdma_addr_size_in6(&cmd.addr))
638 return -EINVAL;
639
640 ctx = ucma_get_ctx(file, cmd.id);
641 if (IS_ERR(ctx))
642 return PTR_ERR(ctx);
643
644 ret = rdma_bind_addr(ctx->cm_id, (struct sockaddr *) &cmd.addr);
645 ucma_put_ctx(ctx);
646 return ret;
647 }
648
649 static ssize_t ucma_bind(struct ucma_file *file, const char __user *inbuf,
650 int in_len, int out_len)
651 {
652 struct rdma_ucm_bind cmd;
653 struct ucma_context *ctx;
654 int ret;
655
656 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
657 return -EFAULT;
658
659 if (cmd.reserved || !cmd.addr_size ||
660 cmd.addr_size != rdma_addr_size_kss(&cmd.addr))
661 return -EINVAL;
662
663 ctx = ucma_get_ctx(file, cmd.id);
664 if (IS_ERR(ctx))
665 return PTR_ERR(ctx);
666
667 ret = rdma_bind_addr(ctx->cm_id, (struct sockaddr *) &cmd.addr);
668 ucma_put_ctx(ctx);
669 return ret;
670 }
671
672 static ssize_t ucma_resolve_ip(struct ucma_file *file,
673 const char __user *inbuf,
674 int in_len, int out_len)
675 {
676 struct rdma_ucm_resolve_ip cmd;
677 struct ucma_context *ctx;
678 int ret;
679
680 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
681 return -EFAULT;
682
683 if ((cmd.src_addr.sin6_family && !rdma_addr_size_in6(&cmd.src_addr)) ||
684 !rdma_addr_size_in6(&cmd.dst_addr))
685 return -EINVAL;
686
687 ctx = ucma_get_ctx(file, cmd.id);
688 if (IS_ERR(ctx))
689 return PTR_ERR(ctx);
690
691 ret = rdma_resolve_addr(ctx->cm_id, (struct sockaddr *) &cmd.src_addr,
692 (struct sockaddr *) &cmd.dst_addr, cmd.timeout_ms);
693 ucma_put_ctx(ctx);
694 return ret;
695 }
696
697 static ssize_t ucma_resolve_addr(struct ucma_file *file,
698 const char __user *inbuf,
699 int in_len, int out_len)
700 {
701 struct rdma_ucm_resolve_addr cmd;
702 struct ucma_context *ctx;
703 int ret;
704
705 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
706 return -EFAULT;
707
708 if (cmd.reserved ||
709 (cmd.src_size && (cmd.src_size != rdma_addr_size_kss(&cmd.src_addr))) ||
710 !cmd.dst_size || (cmd.dst_size != rdma_addr_size_kss(&cmd.dst_addr)))
711 return -EINVAL;
712
713 ctx = ucma_get_ctx(file, cmd.id);
714 if (IS_ERR(ctx))
715 return PTR_ERR(ctx);
716
717 ret = rdma_resolve_addr(ctx->cm_id, (struct sockaddr *) &cmd.src_addr,
718 (struct sockaddr *) &cmd.dst_addr, cmd.timeout_ms);
719 ucma_put_ctx(ctx);
720 return ret;
721 }
722
723 static ssize_t ucma_resolve_route(struct ucma_file *file,
724 const char __user *inbuf,
725 int in_len, int out_len)
726 {
727 struct rdma_ucm_resolve_route cmd;
728 struct ucma_context *ctx;
729 int ret;
730
731 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
732 return -EFAULT;
733
734 ctx = ucma_get_ctx(file, cmd.id);
735 if (IS_ERR(ctx))
736 return PTR_ERR(ctx);
737
738 ret = rdma_resolve_route(ctx->cm_id, cmd.timeout_ms);
739 ucma_put_ctx(ctx);
740 return ret;
741 }
742
743 static void ucma_copy_ib_route(struct rdma_ucm_query_route_resp *resp,
744 struct rdma_route *route)
745 {
746 struct rdma_dev_addr *dev_addr;
747
748 resp->num_paths = route->num_paths;
749 switch (route->num_paths) {
750 case 0:
751 dev_addr = &route->addr.dev_addr;
752 rdma_addr_get_dgid(dev_addr,
753 (union ib_gid *) &resp->ib_route[0].dgid);
754 rdma_addr_get_sgid(dev_addr,
755 (union ib_gid *) &resp->ib_route[0].sgid);
756 resp->ib_route[0].pkey = cpu_to_be16(ib_addr_get_pkey(dev_addr));
757 break;
758 case 2:
759 ib_copy_path_rec_to_user(&resp->ib_route[1],
760 &route->path_rec[1]);
761 /* fall through */
762 case 1:
763 ib_copy_path_rec_to_user(&resp->ib_route[0],
764 &route->path_rec[0]);
765 break;
766 default:
767 break;
768 }
769 }
770
771 static void ucma_copy_iboe_route(struct rdma_ucm_query_route_resp *resp,
772 struct rdma_route *route)
773 {
774
775 resp->num_paths = route->num_paths;
776 switch (route->num_paths) {
777 case 0:
778 rdma_ip2gid((struct sockaddr *)&route->addr.dst_addr,
779 (union ib_gid *)&resp->ib_route[0].dgid);
780 rdma_ip2gid((struct sockaddr *)&route->addr.src_addr,
781 (union ib_gid *)&resp->ib_route[0].sgid);
782 resp->ib_route[0].pkey = cpu_to_be16(0xffff);
783 break;
784 case 2:
785 ib_copy_path_rec_to_user(&resp->ib_route[1],
786 &route->path_rec[1]);
787 /* fall through */
788 case 1:
789 ib_copy_path_rec_to_user(&resp->ib_route[0],
790 &route->path_rec[0]);
791 break;
792 default:
793 break;
794 }
795 }
796
797 static void ucma_copy_iw_route(struct rdma_ucm_query_route_resp *resp,
798 struct rdma_route *route)
799 {
800 struct rdma_dev_addr *dev_addr;
801
802 dev_addr = &route->addr.dev_addr;
803 rdma_addr_get_dgid(dev_addr, (union ib_gid *) &resp->ib_route[0].dgid);
804 rdma_addr_get_sgid(dev_addr, (union ib_gid *) &resp->ib_route[0].sgid);
805 }
806
807 static ssize_t ucma_query_route(struct ucma_file *file,
808 const char __user *inbuf,
809 int in_len, int out_len)
810 {
811 struct rdma_ucm_query cmd;
812 struct rdma_ucm_query_route_resp resp;
813 struct ucma_context *ctx;
814 struct sockaddr *addr;
815 int ret = 0;
816
817 if (out_len < sizeof(resp))
818 return -ENOSPC;
819
820 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
821 return -EFAULT;
822
823 ctx = ucma_get_ctx(file, cmd.id);
824 if (IS_ERR(ctx))
825 return PTR_ERR(ctx);
826
827 memset(&resp, 0, sizeof resp);
828 addr = (struct sockaddr *) &ctx->cm_id->route.addr.src_addr;
829 memcpy(&resp.src_addr, addr, addr->sa_family == AF_INET ?
830 sizeof(struct sockaddr_in) :
831 sizeof(struct sockaddr_in6));
832 addr = (struct sockaddr *) &ctx->cm_id->route.addr.dst_addr;
833 memcpy(&resp.dst_addr, addr, addr->sa_family == AF_INET ?
834 sizeof(struct sockaddr_in) :
835 sizeof(struct sockaddr_in6));
836 if (!ctx->cm_id->device)
837 goto out;
838
839 resp.node_guid = (__force __u64) ctx->cm_id->device->node_guid;
840 resp.port_num = ctx->cm_id->port_num;
841
842 if (rdma_cap_ib_sa(ctx->cm_id->device, ctx->cm_id->port_num))
843 ucma_copy_ib_route(&resp, &ctx->cm_id->route);
844 else if (rdma_protocol_roce(ctx->cm_id->device, ctx->cm_id->port_num))
845 ucma_copy_iboe_route(&resp, &ctx->cm_id->route);
846 else if (rdma_protocol_iwarp(ctx->cm_id->device, ctx->cm_id->port_num))
847 ucma_copy_iw_route(&resp, &ctx->cm_id->route);
848
849 out:
850 if (copy_to_user((void __user *)(unsigned long)cmd.response,
851 &resp, sizeof(resp)))
852 ret = -EFAULT;
853
854 ucma_put_ctx(ctx);
855 return ret;
856 }
857
858 static void ucma_query_device_addr(struct rdma_cm_id *cm_id,
859 struct rdma_ucm_query_addr_resp *resp)
860 {
861 if (!cm_id->device)
862 return;
863
864 resp->node_guid = (__force __u64) cm_id->device->node_guid;
865 resp->port_num = cm_id->port_num;
866 resp->pkey = (__force __u16) cpu_to_be16(
867 ib_addr_get_pkey(&cm_id->route.addr.dev_addr));
868 }
869
870 static ssize_t ucma_query_addr(struct ucma_context *ctx,
871 void __user *response, int out_len)
872 {
873 struct rdma_ucm_query_addr_resp resp;
874 struct sockaddr *addr;
875 int ret = 0;
876
877 if (out_len < sizeof(resp))
878 return -ENOSPC;
879
880 memset(&resp, 0, sizeof resp);
881
882 addr = (struct sockaddr *) &ctx->cm_id->route.addr.src_addr;
883 resp.src_size = rdma_addr_size(addr);
884 memcpy(&resp.src_addr, addr, resp.src_size);
885
886 addr = (struct sockaddr *) &ctx->cm_id->route.addr.dst_addr;
887 resp.dst_size = rdma_addr_size(addr);
888 memcpy(&resp.dst_addr, addr, resp.dst_size);
889
890 ucma_query_device_addr(ctx->cm_id, &resp);
891
892 if (copy_to_user(response, &resp, sizeof(resp)))
893 ret = -EFAULT;
894
895 return ret;
896 }
897
898 static ssize_t ucma_query_path(struct ucma_context *ctx,
899 void __user *response, int out_len)
900 {
901 struct rdma_ucm_query_path_resp *resp;
902 int i, ret = 0;
903
904 if (out_len < sizeof(*resp))
905 return -ENOSPC;
906
907 resp = kzalloc(out_len, GFP_KERNEL);
908 if (!resp)
909 return -ENOMEM;
910
911 resp->num_paths = ctx->cm_id->route.num_paths;
912 for (i = 0, out_len -= sizeof(*resp);
913 i < resp->num_paths && out_len > sizeof(struct ib_path_rec_data);
914 i++, out_len -= sizeof(struct ib_path_rec_data)) {
915 struct sa_path_rec *rec = &ctx->cm_id->route.path_rec[i];
916
917 resp->path_data[i].flags = IB_PATH_GMP | IB_PATH_PRIMARY |
918 IB_PATH_BIDIRECTIONAL;
919 if (rec->rec_type == SA_PATH_REC_TYPE_OPA) {
920 struct sa_path_rec ib;
921
922 sa_convert_path_opa_to_ib(&ib, rec);
923 ib_sa_pack_path(&ib, &resp->path_data[i].path_rec);
924
925 } else {
926 ib_sa_pack_path(rec, &resp->path_data[i].path_rec);
927 }
928 }
929
930 if (copy_to_user(response, resp,
931 sizeof(*resp) + (i * sizeof(struct ib_path_rec_data))))
932 ret = -EFAULT;
933
934 kfree(resp);
935 return ret;
936 }
937
938 static ssize_t ucma_query_gid(struct ucma_context *ctx,
939 void __user *response, int out_len)
940 {
941 struct rdma_ucm_query_addr_resp resp;
942 struct sockaddr_ib *addr;
943 int ret = 0;
944
945 if (out_len < sizeof(resp))
946 return -ENOSPC;
947
948 memset(&resp, 0, sizeof resp);
949
950 ucma_query_device_addr(ctx->cm_id, &resp);
951
952 addr = (struct sockaddr_ib *) &resp.src_addr;
953 resp.src_size = sizeof(*addr);
954 if (ctx->cm_id->route.addr.src_addr.ss_family == AF_IB) {
955 memcpy(addr, &ctx->cm_id->route.addr.src_addr, resp.src_size);
956 } else {
957 addr->sib_family = AF_IB;
958 addr->sib_pkey = (__force __be16) resp.pkey;
959 rdma_addr_get_sgid(&ctx->cm_id->route.addr.dev_addr,
960 (union ib_gid *) &addr->sib_addr);
961 addr->sib_sid = rdma_get_service_id(ctx->cm_id, (struct sockaddr *)
962 &ctx->cm_id->route.addr.src_addr);
963 }
964
965 addr = (struct sockaddr_ib *) &resp.dst_addr;
966 resp.dst_size = sizeof(*addr);
967 if (ctx->cm_id->route.addr.dst_addr.ss_family == AF_IB) {
968 memcpy(addr, &ctx->cm_id->route.addr.dst_addr, resp.dst_size);
969 } else {
970 addr->sib_family = AF_IB;
971 addr->sib_pkey = (__force __be16) resp.pkey;
972 rdma_addr_get_dgid(&ctx->cm_id->route.addr.dev_addr,
973 (union ib_gid *) &addr->sib_addr);
974 addr->sib_sid = rdma_get_service_id(ctx->cm_id, (struct sockaddr *)
975 &ctx->cm_id->route.addr.dst_addr);
976 }
977
978 if (copy_to_user(response, &resp, sizeof(resp)))
979 ret = -EFAULT;
980
981 return ret;
982 }
983
984 static ssize_t ucma_query(struct ucma_file *file,
985 const char __user *inbuf,
986 int in_len, int out_len)
987 {
988 struct rdma_ucm_query cmd;
989 struct ucma_context *ctx;
990 void __user *response;
991 int ret;
992
993 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
994 return -EFAULT;
995
996 response = (void __user *)(unsigned long) cmd.response;
997 ctx = ucma_get_ctx(file, cmd.id);
998 if (IS_ERR(ctx))
999 return PTR_ERR(ctx);
1000
1001 switch (cmd.option) {
1002 case RDMA_USER_CM_QUERY_ADDR:
1003 ret = ucma_query_addr(ctx, response, out_len);
1004 break;
1005 case RDMA_USER_CM_QUERY_PATH:
1006 ret = ucma_query_path(ctx, response, out_len);
1007 break;
1008 case RDMA_USER_CM_QUERY_GID:
1009 ret = ucma_query_gid(ctx, response, out_len);
1010 break;
1011 default:
1012 ret = -ENOSYS;
1013 break;
1014 }
1015
1016 ucma_put_ctx(ctx);
1017 return ret;
1018 }
1019
1020 static void ucma_copy_conn_param(struct rdma_cm_id *id,
1021 struct rdma_conn_param *dst,
1022 struct rdma_ucm_conn_param *src)
1023 {
1024 dst->private_data = src->private_data;
1025 dst->private_data_len = src->private_data_len;
1026 dst->responder_resources =src->responder_resources;
1027 dst->initiator_depth = src->initiator_depth;
1028 dst->flow_control = src->flow_control;
1029 dst->retry_count = src->retry_count;
1030 dst->rnr_retry_count = src->rnr_retry_count;
1031 dst->srq = src->srq;
1032 dst->qp_num = src->qp_num;
1033 dst->qkey = (id->route.addr.src_addr.ss_family == AF_IB) ? src->qkey : 0;
1034 }
1035
1036 static ssize_t ucma_connect(struct ucma_file *file, const char __user *inbuf,
1037 int in_len, int out_len)
1038 {
1039 struct rdma_ucm_connect cmd;
1040 struct rdma_conn_param conn_param;
1041 struct ucma_context *ctx;
1042 int ret;
1043
1044 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1045 return -EFAULT;
1046
1047 if (!cmd.conn_param.valid)
1048 return -EINVAL;
1049
1050 ctx = ucma_get_ctx(file, cmd.id);
1051 if (IS_ERR(ctx))
1052 return PTR_ERR(ctx);
1053
1054 ucma_copy_conn_param(ctx->cm_id, &conn_param, &cmd.conn_param);
1055 ret = rdma_connect(ctx->cm_id, &conn_param);
1056 ucma_put_ctx(ctx);
1057 return ret;
1058 }
1059
1060 static ssize_t ucma_listen(struct ucma_file *file, const char __user *inbuf,
1061 int in_len, int out_len)
1062 {
1063 struct rdma_ucm_listen cmd;
1064 struct ucma_context *ctx;
1065 int ret;
1066
1067 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1068 return -EFAULT;
1069
1070 ctx = ucma_get_ctx(file, cmd.id);
1071 if (IS_ERR(ctx))
1072 return PTR_ERR(ctx);
1073
1074 ctx->backlog = cmd.backlog > 0 && cmd.backlog < max_backlog ?
1075 cmd.backlog : max_backlog;
1076 ret = rdma_listen(ctx->cm_id, ctx->backlog);
1077 ucma_put_ctx(ctx);
1078 return ret;
1079 }
1080
1081 static ssize_t ucma_accept(struct ucma_file *file, const char __user *inbuf,
1082 int in_len, int out_len)
1083 {
1084 struct rdma_ucm_accept cmd;
1085 struct rdma_conn_param conn_param;
1086 struct ucma_context *ctx;
1087 int ret;
1088
1089 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1090 return -EFAULT;
1091
1092 ctx = ucma_get_ctx(file, cmd.id);
1093 if (IS_ERR(ctx))
1094 return PTR_ERR(ctx);
1095
1096 if (cmd.conn_param.valid) {
1097 ucma_copy_conn_param(ctx->cm_id, &conn_param, &cmd.conn_param);
1098 mutex_lock(&file->mut);
1099 ret = rdma_accept(ctx->cm_id, &conn_param);
1100 if (!ret)
1101 ctx->uid = cmd.uid;
1102 mutex_unlock(&file->mut);
1103 } else
1104 ret = rdma_accept(ctx->cm_id, NULL);
1105
1106 ucma_put_ctx(ctx);
1107 return ret;
1108 }
1109
1110 static ssize_t ucma_reject(struct ucma_file *file, const char __user *inbuf,
1111 int in_len, int out_len)
1112 {
1113 struct rdma_ucm_reject cmd;
1114 struct ucma_context *ctx;
1115 int ret;
1116
1117 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1118 return -EFAULT;
1119
1120 ctx = ucma_get_ctx(file, cmd.id);
1121 if (IS_ERR(ctx))
1122 return PTR_ERR(ctx);
1123
1124 ret = rdma_reject(ctx->cm_id, cmd.private_data, cmd.private_data_len);
1125 ucma_put_ctx(ctx);
1126 return ret;
1127 }
1128
1129 static ssize_t ucma_disconnect(struct ucma_file *file, const char __user *inbuf,
1130 int in_len, int out_len)
1131 {
1132 struct rdma_ucm_disconnect cmd;
1133 struct ucma_context *ctx;
1134 int ret;
1135
1136 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1137 return -EFAULT;
1138
1139 ctx = ucma_get_ctx(file, cmd.id);
1140 if (IS_ERR(ctx))
1141 return PTR_ERR(ctx);
1142
1143 ret = rdma_disconnect(ctx->cm_id);
1144 ucma_put_ctx(ctx);
1145 return ret;
1146 }
1147
1148 static ssize_t ucma_init_qp_attr(struct ucma_file *file,
1149 const char __user *inbuf,
1150 int in_len, int out_len)
1151 {
1152 struct rdma_ucm_init_qp_attr cmd;
1153 struct ib_uverbs_qp_attr resp;
1154 struct ucma_context *ctx;
1155 struct ib_qp_attr qp_attr;
1156 int ret;
1157
1158 if (out_len < sizeof(resp))
1159 return -ENOSPC;
1160
1161 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1162 return -EFAULT;
1163
1164 if (cmd.qp_state > IB_QPS_ERR)
1165 return -EINVAL;
1166
1167 ctx = ucma_get_ctx(file, cmd.id);
1168 if (IS_ERR(ctx))
1169 return PTR_ERR(ctx);
1170
1171 if (!ctx->cm_id->device) {
1172 ret = -EINVAL;
1173 goto out;
1174 }
1175
1176 resp.qp_attr_mask = 0;
1177 memset(&qp_attr, 0, sizeof qp_attr);
1178 qp_attr.qp_state = cmd.qp_state;
1179 ret = rdma_init_qp_attr(ctx->cm_id, &qp_attr, &resp.qp_attr_mask);
1180 if (ret)
1181 goto out;
1182
1183 ib_copy_qp_attr_to_user(ctx->cm_id->device, &resp, &qp_attr);
1184 if (copy_to_user((void __user *)(unsigned long)cmd.response,
1185 &resp, sizeof(resp)))
1186 ret = -EFAULT;
1187
1188 out:
1189 ucma_put_ctx(ctx);
1190 return ret;
1191 }
1192
1193 static int ucma_set_option_id(struct ucma_context *ctx, int optname,
1194 void *optval, size_t optlen)
1195 {
1196 int ret = 0;
1197
1198 switch (optname) {
1199 case RDMA_OPTION_ID_TOS:
1200 if (optlen != sizeof(u8)) {
1201 ret = -EINVAL;
1202 break;
1203 }
1204 rdma_set_service_type(ctx->cm_id, *((u8 *) optval));
1205 break;
1206 case RDMA_OPTION_ID_REUSEADDR:
1207 if (optlen != sizeof(int)) {
1208 ret = -EINVAL;
1209 break;
1210 }
1211 ret = rdma_set_reuseaddr(ctx->cm_id, *((int *) optval) ? 1 : 0);
1212 break;
1213 case RDMA_OPTION_ID_AFONLY:
1214 if (optlen != sizeof(int)) {
1215 ret = -EINVAL;
1216 break;
1217 }
1218 ret = rdma_set_afonly(ctx->cm_id, *((int *) optval) ? 1 : 0);
1219 break;
1220 default:
1221 ret = -ENOSYS;
1222 }
1223
1224 return ret;
1225 }
1226
1227 static int ucma_set_ib_path(struct ucma_context *ctx,
1228 struct ib_path_rec_data *path_data, size_t optlen)
1229 {
1230 struct sa_path_rec sa_path;
1231 struct rdma_cm_event event;
1232 int ret;
1233
1234 if (optlen % sizeof(*path_data))
1235 return -EINVAL;
1236
1237 for (; optlen; optlen -= sizeof(*path_data), path_data++) {
1238 if (path_data->flags == (IB_PATH_GMP | IB_PATH_PRIMARY |
1239 IB_PATH_BIDIRECTIONAL))
1240 break;
1241 }
1242
1243 if (!optlen)
1244 return -EINVAL;
1245
1246 if (!ctx->cm_id->device)
1247 return -EINVAL;
1248
1249 memset(&sa_path, 0, sizeof(sa_path));
1250
1251 sa_path.rec_type = SA_PATH_REC_TYPE_IB;
1252 ib_sa_unpack_path(path_data->path_rec, &sa_path);
1253
1254 if (rdma_cap_opa_ah(ctx->cm_id->device, ctx->cm_id->port_num)) {
1255 struct sa_path_rec opa;
1256
1257 sa_convert_path_ib_to_opa(&opa, &sa_path);
1258 ret = rdma_set_ib_paths(ctx->cm_id, &opa, 1);
1259 } else {
1260 ret = rdma_set_ib_paths(ctx->cm_id, &sa_path, 1);
1261 }
1262 if (ret)
1263 return ret;
1264
1265 memset(&event, 0, sizeof event);
1266 event.event = RDMA_CM_EVENT_ROUTE_RESOLVED;
1267 return ucma_event_handler(ctx->cm_id, &event);
1268 }
1269
1270 static int ucma_set_option_ib(struct ucma_context *ctx, int optname,
1271 void *optval, size_t optlen)
1272 {
1273 int ret;
1274
1275 switch (optname) {
1276 case RDMA_OPTION_IB_PATH:
1277 ret = ucma_set_ib_path(ctx, optval, optlen);
1278 break;
1279 default:
1280 ret = -ENOSYS;
1281 }
1282
1283 return ret;
1284 }
1285
1286 static int ucma_set_option_level(struct ucma_context *ctx, int level,
1287 int optname, void *optval, size_t optlen)
1288 {
1289 int ret;
1290
1291 switch (level) {
1292 case RDMA_OPTION_ID:
1293 ret = ucma_set_option_id(ctx, optname, optval, optlen);
1294 break;
1295 case RDMA_OPTION_IB:
1296 ret = ucma_set_option_ib(ctx, optname, optval, optlen);
1297 break;
1298 default:
1299 ret = -ENOSYS;
1300 }
1301
1302 return ret;
1303 }
1304
1305 static ssize_t ucma_set_option(struct ucma_file *file, const char __user *inbuf,
1306 int in_len, int out_len)
1307 {
1308 struct rdma_ucm_set_option cmd;
1309 struct ucma_context *ctx;
1310 void *optval;
1311 int ret;
1312
1313 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1314 return -EFAULT;
1315
1316 ctx = ucma_get_ctx(file, cmd.id);
1317 if (IS_ERR(ctx))
1318 return PTR_ERR(ctx);
1319
1320 if (unlikely(cmd.optlen > KMALLOC_MAX_SIZE))
1321 return -EINVAL;
1322
1323 optval = memdup_user((void __user *) (unsigned long) cmd.optval,
1324 cmd.optlen);
1325 if (IS_ERR(optval)) {
1326 ret = PTR_ERR(optval);
1327 goto out;
1328 }
1329
1330 ret = ucma_set_option_level(ctx, cmd.level, cmd.optname, optval,
1331 cmd.optlen);
1332 kfree(optval);
1333
1334 out:
1335 ucma_put_ctx(ctx);
1336 return ret;
1337 }
1338
1339 static ssize_t ucma_notify(struct ucma_file *file, const char __user *inbuf,
1340 int in_len, int out_len)
1341 {
1342 struct rdma_ucm_notify cmd;
1343 struct ucma_context *ctx;
1344 int ret = -EINVAL;
1345
1346 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1347 return -EFAULT;
1348
1349 ctx = ucma_get_ctx(file, cmd.id);
1350 if (IS_ERR(ctx))
1351 return PTR_ERR(ctx);
1352
1353 if (ctx->cm_id->device)
1354 ret = rdma_notify(ctx->cm_id, (enum ib_event_type)cmd.event);
1355
1356 ucma_put_ctx(ctx);
1357 return ret;
1358 }
1359
1360 static ssize_t ucma_process_join(struct ucma_file *file,
1361 struct rdma_ucm_join_mcast *cmd, int out_len)
1362 {
1363 struct rdma_ucm_create_id_resp resp;
1364 struct ucma_context *ctx;
1365 struct ucma_multicast *mc;
1366 struct sockaddr *addr;
1367 int ret;
1368 u8 join_state;
1369
1370 if (out_len < sizeof(resp))
1371 return -ENOSPC;
1372
1373 addr = (struct sockaddr *) &cmd->addr;
1374 if (cmd->addr_size != rdma_addr_size(addr))
1375 return -EINVAL;
1376
1377 if (cmd->join_flags == RDMA_MC_JOIN_FLAG_FULLMEMBER)
1378 join_state = BIT(FULLMEMBER_JOIN);
1379 else if (cmd->join_flags == RDMA_MC_JOIN_FLAG_SENDONLY_FULLMEMBER)
1380 join_state = BIT(SENDONLY_FULLMEMBER_JOIN);
1381 else
1382 return -EINVAL;
1383
1384 ctx = ucma_get_ctx(file, cmd->id);
1385 if (IS_ERR(ctx))
1386 return PTR_ERR(ctx);
1387
1388 mutex_lock(&file->mut);
1389 mc = ucma_alloc_multicast(ctx);
1390 if (!mc) {
1391 ret = -ENOMEM;
1392 goto err1;
1393 }
1394 mc->join_state = join_state;
1395 mc->uid = cmd->uid;
1396 memcpy(&mc->addr, addr, cmd->addr_size);
1397 ret = rdma_join_multicast(ctx->cm_id, (struct sockaddr *)&mc->addr,
1398 join_state, mc);
1399 if (ret)
1400 goto err2;
1401
1402 resp.id = mc->id;
1403 if (copy_to_user((void __user *)(unsigned long) cmd->response,
1404 &resp, sizeof(resp))) {
1405 ret = -EFAULT;
1406 goto err3;
1407 }
1408
1409 mutex_lock(&mut);
1410 idr_replace(&multicast_idr, mc, mc->id);
1411 mutex_unlock(&mut);
1412
1413 mutex_unlock(&file->mut);
1414 ucma_put_ctx(ctx);
1415 return 0;
1416
1417 err3:
1418 rdma_leave_multicast(ctx->cm_id, (struct sockaddr *) &mc->addr);
1419 ucma_cleanup_mc_events(mc);
1420 err2:
1421 mutex_lock(&mut);
1422 idr_remove(&multicast_idr, mc->id);
1423 mutex_unlock(&mut);
1424 list_del(&mc->list);
1425 kfree(mc);
1426 err1:
1427 mutex_unlock(&file->mut);
1428 ucma_put_ctx(ctx);
1429 return ret;
1430 }
1431
1432 static ssize_t ucma_join_ip_multicast(struct ucma_file *file,
1433 const char __user *inbuf,
1434 int in_len, int out_len)
1435 {
1436 struct rdma_ucm_join_ip_mcast cmd;
1437 struct rdma_ucm_join_mcast join_cmd;
1438
1439 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1440 return -EFAULT;
1441
1442 join_cmd.response = cmd.response;
1443 join_cmd.uid = cmd.uid;
1444 join_cmd.id = cmd.id;
1445 join_cmd.addr_size = rdma_addr_size_in6(&cmd.addr);
1446 if (!join_cmd.addr_size)
1447 return -EINVAL;
1448
1449 join_cmd.join_flags = RDMA_MC_JOIN_FLAG_FULLMEMBER;
1450 memcpy(&join_cmd.addr, &cmd.addr, join_cmd.addr_size);
1451
1452 return ucma_process_join(file, &join_cmd, out_len);
1453 }
1454
1455 static ssize_t ucma_join_multicast(struct ucma_file *file,
1456 const char __user *inbuf,
1457 int in_len, int out_len)
1458 {
1459 struct rdma_ucm_join_mcast cmd;
1460
1461 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1462 return -EFAULT;
1463
1464 if (!rdma_addr_size_kss(&cmd.addr))
1465 return -EINVAL;
1466
1467 return ucma_process_join(file, &cmd, out_len);
1468 }
1469
1470 static ssize_t ucma_leave_multicast(struct ucma_file *file,
1471 const char __user *inbuf,
1472 int in_len, int out_len)
1473 {
1474 struct rdma_ucm_destroy_id cmd;
1475 struct rdma_ucm_destroy_id_resp resp;
1476 struct ucma_multicast *mc;
1477 int ret = 0;
1478
1479 if (out_len < sizeof(resp))
1480 return -ENOSPC;
1481
1482 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1483 return -EFAULT;
1484
1485 mutex_lock(&mut);
1486 mc = idr_find(&multicast_idr, cmd.id);
1487 if (!mc)
1488 mc = ERR_PTR(-ENOENT);
1489 else if (mc->ctx->file != file)
1490 mc = ERR_PTR(-EINVAL);
1491 else if (!atomic_inc_not_zero(&mc->ctx->ref))
1492 mc = ERR_PTR(-ENXIO);
1493 else
1494 idr_remove(&multicast_idr, mc->id);
1495 mutex_unlock(&mut);
1496
1497 if (IS_ERR(mc)) {
1498 ret = PTR_ERR(mc);
1499 goto out;
1500 }
1501
1502 rdma_leave_multicast(mc->ctx->cm_id, (struct sockaddr *) &mc->addr);
1503 mutex_lock(&mc->ctx->file->mut);
1504 ucma_cleanup_mc_events(mc);
1505 list_del(&mc->list);
1506 mutex_unlock(&mc->ctx->file->mut);
1507
1508 ucma_put_ctx(mc->ctx);
1509 resp.events_reported = mc->events_reported;
1510 kfree(mc);
1511
1512 if (copy_to_user((void __user *)(unsigned long)cmd.response,
1513 &resp, sizeof(resp)))
1514 ret = -EFAULT;
1515 out:
1516 return ret;
1517 }
1518
1519 static void ucma_lock_files(struct ucma_file *file1, struct ucma_file *file2)
1520 {
1521 /* Acquire mutex's based on pointer comparison to prevent deadlock. */
1522 if (file1 < file2) {
1523 mutex_lock(&file1->mut);
1524 mutex_lock_nested(&file2->mut, SINGLE_DEPTH_NESTING);
1525 } else {
1526 mutex_lock(&file2->mut);
1527 mutex_lock_nested(&file1->mut, SINGLE_DEPTH_NESTING);
1528 }
1529 }
1530
1531 static void ucma_unlock_files(struct ucma_file *file1, struct ucma_file *file2)
1532 {
1533 if (file1 < file2) {
1534 mutex_unlock(&file2->mut);
1535 mutex_unlock(&file1->mut);
1536 } else {
1537 mutex_unlock(&file1->mut);
1538 mutex_unlock(&file2->mut);
1539 }
1540 }
1541
1542 static void ucma_move_events(struct ucma_context *ctx, struct ucma_file *file)
1543 {
1544 struct ucma_event *uevent, *tmp;
1545
1546 list_for_each_entry_safe(uevent, tmp, &ctx->file->event_list, list)
1547 if (uevent->ctx == ctx)
1548 list_move_tail(&uevent->list, &file->event_list);
1549 }
1550
1551 static ssize_t ucma_migrate_id(struct ucma_file *new_file,
1552 const char __user *inbuf,
1553 int in_len, int out_len)
1554 {
1555 struct rdma_ucm_migrate_id cmd;
1556 struct rdma_ucm_migrate_resp resp;
1557 struct ucma_context *ctx;
1558 struct fd f;
1559 struct ucma_file *cur_file;
1560 int ret = 0;
1561
1562 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1563 return -EFAULT;
1564
1565 /* Get current fd to protect against it being closed */
1566 f = fdget(cmd.fd);
1567 if (!f.file)
1568 return -ENOENT;
1569
1570 /* Validate current fd and prevent destruction of id. */
1571 ctx = ucma_get_ctx(f.file->private_data, cmd.id);
1572 if (IS_ERR(ctx)) {
1573 ret = PTR_ERR(ctx);
1574 goto file_put;
1575 }
1576
1577 cur_file = ctx->file;
1578 if (cur_file == new_file) {
1579 resp.events_reported = ctx->events_reported;
1580 goto response;
1581 }
1582
1583 /*
1584 * Migrate events between fd's, maintaining order, and avoiding new
1585 * events being added before existing events.
1586 */
1587 ucma_lock_files(cur_file, new_file);
1588 mutex_lock(&mut);
1589
1590 list_move_tail(&ctx->list, &new_file->ctx_list);
1591 ucma_move_events(ctx, new_file);
1592 ctx->file = new_file;
1593 resp.events_reported = ctx->events_reported;
1594
1595 mutex_unlock(&mut);
1596 ucma_unlock_files(cur_file, new_file);
1597
1598 response:
1599 if (copy_to_user((void __user *)(unsigned long)cmd.response,
1600 &resp, sizeof(resp)))
1601 ret = -EFAULT;
1602
1603 ucma_put_ctx(ctx);
1604 file_put:
1605 fdput(f);
1606 return ret;
1607 }
1608
1609 static ssize_t (*ucma_cmd_table[])(struct ucma_file *file,
1610 const char __user *inbuf,
1611 int in_len, int out_len) = {
1612 [RDMA_USER_CM_CMD_CREATE_ID] = ucma_create_id,
1613 [RDMA_USER_CM_CMD_DESTROY_ID] = ucma_destroy_id,
1614 [RDMA_USER_CM_CMD_BIND_IP] = ucma_bind_ip,
1615 [RDMA_USER_CM_CMD_RESOLVE_IP] = ucma_resolve_ip,
1616 [RDMA_USER_CM_CMD_RESOLVE_ROUTE] = ucma_resolve_route,
1617 [RDMA_USER_CM_CMD_QUERY_ROUTE] = ucma_query_route,
1618 [RDMA_USER_CM_CMD_CONNECT] = ucma_connect,
1619 [RDMA_USER_CM_CMD_LISTEN] = ucma_listen,
1620 [RDMA_USER_CM_CMD_ACCEPT] = ucma_accept,
1621 [RDMA_USER_CM_CMD_REJECT] = ucma_reject,
1622 [RDMA_USER_CM_CMD_DISCONNECT] = ucma_disconnect,
1623 [RDMA_USER_CM_CMD_INIT_QP_ATTR] = ucma_init_qp_attr,
1624 [RDMA_USER_CM_CMD_GET_EVENT] = ucma_get_event,
1625 [RDMA_USER_CM_CMD_GET_OPTION] = NULL,
1626 [RDMA_USER_CM_CMD_SET_OPTION] = ucma_set_option,
1627 [RDMA_USER_CM_CMD_NOTIFY] = ucma_notify,
1628 [RDMA_USER_CM_CMD_JOIN_IP_MCAST] = ucma_join_ip_multicast,
1629 [RDMA_USER_CM_CMD_LEAVE_MCAST] = ucma_leave_multicast,
1630 [RDMA_USER_CM_CMD_MIGRATE_ID] = ucma_migrate_id,
1631 [RDMA_USER_CM_CMD_QUERY] = ucma_query,
1632 [RDMA_USER_CM_CMD_BIND] = ucma_bind,
1633 [RDMA_USER_CM_CMD_RESOLVE_ADDR] = ucma_resolve_addr,
1634 [RDMA_USER_CM_CMD_JOIN_MCAST] = ucma_join_multicast
1635 };
1636
1637 static ssize_t ucma_write(struct file *filp, const char __user *buf,
1638 size_t len, loff_t *pos)
1639 {
1640 struct ucma_file *file = filp->private_data;
1641 struct rdma_ucm_cmd_hdr hdr;
1642 ssize_t ret;
1643
1644 if (!ib_safe_file_access(filp)) {
1645 pr_err_once("ucma_write: process %d (%s) changed security contexts after opening file descriptor, this is not allowed.\n",
1646 task_tgid_vnr(current), current->comm);
1647 return -EACCES;
1648 }
1649
1650 if (len < sizeof(hdr))
1651 return -EINVAL;
1652
1653 if (copy_from_user(&hdr, buf, sizeof(hdr)))
1654 return -EFAULT;
1655
1656 if (hdr.cmd >= ARRAY_SIZE(ucma_cmd_table))
1657 return -EINVAL;
1658 hdr.cmd = array_index_nospec(hdr.cmd, ARRAY_SIZE(ucma_cmd_table));
1659
1660 if (hdr.in + sizeof(hdr) > len)
1661 return -EINVAL;
1662
1663 if (!ucma_cmd_table[hdr.cmd])
1664 return -ENOSYS;
1665
1666 ret = ucma_cmd_table[hdr.cmd](file, buf + sizeof(hdr), hdr.in, hdr.out);
1667 if (!ret)
1668 ret = len;
1669
1670 return ret;
1671 }
1672
1673 static unsigned int ucma_poll(struct file *filp, struct poll_table_struct *wait)
1674 {
1675 struct ucma_file *file = filp->private_data;
1676 unsigned int mask = 0;
1677
1678 poll_wait(filp, &file->poll_wait, wait);
1679
1680 if (!list_empty(&file->event_list))
1681 mask = POLLIN | POLLRDNORM;
1682
1683 return mask;
1684 }
1685
1686 /*
1687 * ucma_open() does not need the BKL:
1688 *
1689 * - no global state is referred to;
1690 * - there is no ioctl method to race against;
1691 * - no further module initialization is required for open to work
1692 * after the device is registered.
1693 */
1694 static int ucma_open(struct inode *inode, struct file *filp)
1695 {
1696 struct ucma_file *file;
1697
1698 file = kmalloc(sizeof *file, GFP_KERNEL);
1699 if (!file)
1700 return -ENOMEM;
1701
1702 file->close_wq = alloc_ordered_workqueue("ucma_close_id",
1703 WQ_MEM_RECLAIM);
1704 if (!file->close_wq) {
1705 kfree(file);
1706 return -ENOMEM;
1707 }
1708
1709 INIT_LIST_HEAD(&file->event_list);
1710 INIT_LIST_HEAD(&file->ctx_list);
1711 init_waitqueue_head(&file->poll_wait);
1712 mutex_init(&file->mut);
1713
1714 filp->private_data = file;
1715 file->filp = filp;
1716
1717 return nonseekable_open(inode, filp);
1718 }
1719
1720 static int ucma_close(struct inode *inode, struct file *filp)
1721 {
1722 struct ucma_file *file = filp->private_data;
1723 struct ucma_context *ctx, *tmp;
1724
1725 mutex_lock(&file->mut);
1726 list_for_each_entry_safe(ctx, tmp, &file->ctx_list, list) {
1727 ctx->destroying = 1;
1728 mutex_unlock(&file->mut);
1729
1730 mutex_lock(&mut);
1731 idr_remove(&ctx_idr, ctx->id);
1732 mutex_unlock(&mut);
1733
1734 flush_workqueue(file->close_wq);
1735 /* At that step once ctx was marked as destroying and workqueue
1736 * was flushed we are safe from any inflights handlers that
1737 * might put other closing task.
1738 */
1739 mutex_lock(&mut);
1740 if (!ctx->closing) {
1741 mutex_unlock(&mut);
1742 /* rdma_destroy_id ensures that no event handlers are
1743 * inflight for that id before releasing it.
1744 */
1745 rdma_destroy_id(ctx->cm_id);
1746 } else {
1747 mutex_unlock(&mut);
1748 }
1749
1750 ucma_free_ctx(ctx);
1751 mutex_lock(&file->mut);
1752 }
1753 mutex_unlock(&file->mut);
1754 destroy_workqueue(file->close_wq);
1755 kfree(file);
1756 return 0;
1757 }
1758
1759 static const struct file_operations ucma_fops = {
1760 .owner = THIS_MODULE,
1761 .open = ucma_open,
1762 .release = ucma_close,
1763 .write = ucma_write,
1764 .poll = ucma_poll,
1765 .llseek = no_llseek,
1766 };
1767
1768 static struct miscdevice ucma_misc = {
1769 .minor = MISC_DYNAMIC_MINOR,
1770 .name = "rdma_cm",
1771 .nodename = "infiniband/rdma_cm",
1772 .mode = 0666,
1773 .fops = &ucma_fops,
1774 };
1775
1776 static ssize_t show_abi_version(struct device *dev,
1777 struct device_attribute *attr,
1778 char *buf)
1779 {
1780 return sprintf(buf, "%d\n", RDMA_USER_CM_ABI_VERSION);
1781 }
1782 static DEVICE_ATTR(abi_version, S_IRUGO, show_abi_version, NULL);
1783
1784 static int __init ucma_init(void)
1785 {
1786 int ret;
1787
1788 ret = misc_register(&ucma_misc);
1789 if (ret)
1790 return ret;
1791
1792 ret = device_create_file(ucma_misc.this_device, &dev_attr_abi_version);
1793 if (ret) {
1794 pr_err("rdma_ucm: couldn't create abi_version attr\n");
1795 goto err1;
1796 }
1797
1798 ucma_ctl_table_hdr = register_net_sysctl(&init_net, "net/rdma_ucm", ucma_ctl_table);
1799 if (!ucma_ctl_table_hdr) {
1800 pr_err("rdma_ucm: couldn't register sysctl paths\n");
1801 ret = -ENOMEM;
1802 goto err2;
1803 }
1804 return 0;
1805 err2:
1806 device_remove_file(ucma_misc.this_device, &dev_attr_abi_version);
1807 err1:
1808 misc_deregister(&ucma_misc);
1809 return ret;
1810 }
1811
1812 static void __exit ucma_cleanup(void)
1813 {
1814 unregister_net_sysctl_table(ucma_ctl_table_hdr);
1815 device_remove_file(ucma_misc.this_device, &dev_attr_abi_version);
1816 misc_deregister(&ucma_misc);
1817 idr_destroy(&ctx_idr);
1818 idr_destroy(&multicast_idr);
1819 }
1820
1821 module_init(ucma_init);
1822 module_exit(ucma_cleanup);
ubuntu-bionic-kernel mirror