]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - drivers/infiniband/core/ucm.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
IB/ucm: Fix Spectre v1 vulnerability
[mirror_ubuntu-bionic-kernel.git] / drivers / infiniband / core / ucm.c
CommitLineData
a5b74540
HR		 1/*
2 * Copyright (c) 2005 Topspin Communications. All rights reserved.
b9ef520f 3 * Copyright (c) 2005 Intel Corporation. All rights reserved.
a5b74540
HR		 4 *
5 * This software is available to you under a choice of one of two
6 * licenses. You may choose to be licensed under the terms of the GNU
7 * General Public License (GPL) Version 2, available from the file
8 * COPYING in the main directory of this source tree, or the
9 * OpenIB.org BSD license below:
10 *
11 * Redistribution and use in source and binary forms, with or
12 * without modification, are permitted provided that the following
13 * conditions are met:
14 *
15 * - Redistributions of source code must retain the above
16 * copyright notice, this list of conditions and the following
17 * disclaimer.
18 *
19 * - Redistributions in binary form must reproduce the above
20 * copyright notice, this list of conditions and the following
21 * disclaimer in the documentation and/or other materials
22 * provided with the distribution.
23 *
24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
27 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
28 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
29 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
30 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31 * SOFTWARE.
a5b74540 32 */
1b52fa98
SH		 33
34#include <linux/completion.h>
a5b74540
HR		 35#include <linux/init.h>
36#include <linux/fs.h>
37#include <linux/module.h>
38#include <linux/device.h>
39#include <linux/err.h>
40#include <linux/poll.h>
a99bbaf5 41#include <linux/sched.h>
a5b74540
HR		 42#include <linux/file.h>
43#include <linux/mount.h>
44#include <linux/cdev.h>
595e726a 45#include <linux/idr.h>
95ed644f 46#include <linux/mutex.h>
5a0e3ad6 47#include <linux/slab.h>
a5b74540 48
9e689dfc
GS		 49#include <linux/nospec.h>
50
7c0f6ba6 51#include <linux/uaccess.h>
a5b74540 52
e6bd18f5 53#include <rdma/ib.h>
595e726a
SH		 54#include <rdma/ib_cm.h>
55#include <rdma/ib_user_cm.h>
6a9af2e1 56#include <rdma/ib_marshall.h>
a5b74540
HR		 57
58MODULE_AUTHOR("Libor Michalek");
59MODULE_DESCRIPTION("InfiniBand userspace Connection Manager access");
60MODULE_LICENSE("Dual BSD/GPL");
61
07d357d0
SH		 62struct ib_ucm_device {
63 int devnum;
f4e91eb4
TJ		 64 struct cdev cdev;
65 struct device dev;
07d357d0
SH		 66 struct ib_device *ib_dev;
67};
68
595e726a 69struct ib_ucm_file {
4be10c1e 70 struct mutex file_mutex;
595e726a 71 struct file *filp;
07d357d0 72 struct ib_ucm_device *device;
79d81907 73
07d357d0
SH		 74 struct list_head ctxs;
75 struct list_head events;
595e726a
SH		 76 wait_queue_head_t poll_wait;
77};
78
79struct ib_ucm_context {
80 int id;
1b52fa98 81 struct completion comp;
595e726a
SH		 82 atomic_t ref;
83 int events_reported;
84
85 struct ib_ucm_file *file;
86 struct ib_cm_id *cm_id;
87 __u64 uid;
88
89 struct list_head events; /* list of pending events. */
90 struct list_head file_list; /* member in file ctx list */
91};
92
93struct ib_ucm_event {
94 struct ib_ucm_context *ctx;
95 struct list_head file_list; /* member in file event list */
96 struct list_head ctx_list; /* member in ctx event list */
97
98 struct ib_cm_id *cm_id;
99 struct ib_ucm_event_resp resp;
100 void *data;
101 void *info;
102 int data_len;
103 int info_len;
104};
79d81907 105
a5b74540
HR		 106enum {
107 IB_UCM_MAJOR = 231,
07d357d0
SH		 108 IB_UCM_BASE_MINOR = 224,
109 IB_UCM_MAX_DEVICES = 32
a5b74540
HR		 110};
111
07d357d0 112#define IB_UCM_BASE_DEV MKDEV(IB_UCM_MAJOR, IB_UCM_BASE_MINOR)
a5b74540 113
07d357d0 114static void ib_ucm_add_one(struct ib_device *device);
7c1eb45a 115static void ib_ucm_remove_one(struct ib_device *device, void *client_data);
a5b74540 116
07d357d0
SH		 117static struct ib_client ucm_client = {
118 .name = "ucm",
119 .add = ib_ucm_add_one,
120 .remove = ib_ucm_remove_one
121};
122
95ed644f 123static DEFINE_MUTEX(ctx_id_mutex);
762a03e2 124static DEFINE_IDR(ctx_id_table);
07d357d0 125static DECLARE_BITMAP(dev_map, IB_UCM_MAX_DEVICES);
595e726a 126
b9ef520f 127static struct ib_ucm_context *ib_ucm_ctx_get(struct ib_ucm_file *file, int id)
a5b74540
HR		 128{
129 struct ib_ucm_context *ctx;
130
95ed644f 131 mutex_lock(&ctx_id_mutex);
a5b74540 132 ctx = idr_find(&ctx_id_table, id);
b9ef520f
SH		 133 if (!ctx)
134 ctx = ERR_PTR(-ENOENT);
135 else if (ctx->file != file)
136 ctx = ERR_PTR(-EINVAL);
137 else
138 atomic_inc(&ctx->ref);
95ed644f 139 mutex_unlock(&ctx_id_mutex);
a5b74540
HR		 140
141 return ctx;
142}
143
144static void ib_ucm_ctx_put(struct ib_ucm_context *ctx)
145{
b9ef520f 146 if (atomic_dec_and_test(&ctx->ref))
1b52fa98 147 complete(&ctx->comp);
b9ef520f
SH		 148}
149
0b2b35f6 150static inline int ib_ucm_new_cm_id(int event)
b9ef520f 151{
0b2b35f6
SH		 152 return event == IB_CM_REQ_RECEIVED || event == IB_CM_SIDR_REQ_RECEIVED;
153}
b9ef520f 154
0b2b35f6
SH		 155static void ib_ucm_cleanup_events(struct ib_ucm_context *ctx)
156{
157 struct ib_ucm_event *uevent;
a5b74540 158
4be10c1e 159 mutex_lock(&ctx->file->file_mutex);
a5b74540
HR		 160 list_del(&ctx->file_list);
161 while (!list_empty(&ctx->events)) {
162
163 uevent = list_entry(ctx->events.next,
164 struct ib_ucm_event, ctx_list);
165 list_del(&uevent->file_list);
166 list_del(&uevent->ctx_list);
f469b262 167 mutex_unlock(&ctx->file->file_mutex);
a5b74540
HR		 168
169 /* clear incoming connections. */
0b2b35f6 170 if (ib_ucm_new_cm_id(uevent->resp.event))
a5b74540
HR		 171 ib_destroy_cm_id(uevent->cm_id);
172
173 kfree(uevent);
f469b262 174 mutex_lock(&ctx->file->file_mutex);
a5b74540 175 }
4be10c1e 176 mutex_unlock(&ctx->file->file_mutex);
a5b74540
HR		 177}
178
179static struct ib_ucm_context *ib_ucm_ctx_alloc(struct ib_ucm_file *file)
180{
181 struct ib_ucm_context *ctx;
a5b74540 182
de6eb66b 183 ctx = kzalloc(sizeof *ctx, GFP_KERNEL);
a5b74540
HR		 184 if (!ctx)
185 return NULL;
186
b9ef520f 187 atomic_set(&ctx->ref, 1);
1b52fa98 188 init_completion(&ctx->comp);
a5b74540 189 ctx->file = file;
a5b74540 190 INIT_LIST_HEAD(&ctx->events);
a5b74540 191
3b069c5d
TH		 192 mutex_lock(&ctx_id_mutex);
193 ctx->id = idr_alloc(&ctx_id_table, ctx, 0, 0, GFP_KERNEL);
194 mutex_unlock(&ctx_id_mutex);
195 if (ctx->id < 0)
a5b74540
HR		 196 goto error;
197
0b2b35f6 198 list_add_tail(&ctx->file_list, &file->ctxs);
a5b74540 199 return ctx;
0b2b35f6 200
a5b74540 201error:
a5b74540 202 kfree(ctx);
a5b74540
HR		 203 return NULL;
204}
07d357d0 205
0b2b35f6 206static void ib_ucm_event_req_get(struct ib_ucm_req_event_resp *ureq,
a5b74540
HR		 207 struct ib_cm_req_event_param *kreq)
208{
a5b74540
HR		 209 ureq->remote_ca_guid = kreq->remote_ca_guid;
210 ureq->remote_qkey = kreq->remote_qkey;
211 ureq->remote_qpn = kreq->remote_qpn;
212 ureq->qp_type = kreq->qp_type;
213 ureq->starting_psn = kreq->starting_psn;
214 ureq->responder_resources = kreq->responder_resources;
215 ureq->initiator_depth = kreq->initiator_depth;
216 ureq->local_cm_response_timeout = kreq->local_cm_response_timeout;
217 ureq->flow_control = kreq->flow_control;
218 ureq->remote_cm_response_timeout = kreq->remote_cm_response_timeout;
219 ureq->retry_count = kreq->retry_count;
220 ureq->rnr_retry_count = kreq->rnr_retry_count;
221 ureq->srq = kreq->srq;
07d357d0 222 ureq->port = kreq->port;
a5b74540 223
6a9af2e1
SH		 224 ib_copy_path_rec_to_user(&ureq->primary_path, kreq->primary_path);
225 if (kreq->alternate_path)
226 ib_copy_path_rec_to_user(&ureq->alternate_path,
227 kreq->alternate_path);
a5b74540
HR		 228}
229
230static void ib_ucm_event_rep_get(struct ib_ucm_rep_event_resp *urep,
231 struct ib_cm_rep_event_param *krep)
232{
233 urep->remote_ca_guid = krep->remote_ca_guid;
234 urep->remote_qkey = krep->remote_qkey;
235 urep->remote_qpn = krep->remote_qpn;
236 urep->starting_psn = krep->starting_psn;
237 urep->responder_resources = krep->responder_resources;
238 urep->initiator_depth = krep->initiator_depth;
239 urep->target_ack_delay = krep->target_ack_delay;
240 urep->failover_accepted = krep->failover_accepted;
241 urep->flow_control = krep->flow_control;
242 urep->rnr_retry_count = krep->rnr_retry_count;
243 urep->srq = krep->srq;
244}
245
a5b74540
HR		 246static void ib_ucm_event_sidr_rep_get(struct ib_ucm_sidr_rep_event_resp *urep,
247 struct ib_cm_sidr_rep_event_param *krep)
248{
249 urep->status = krep->status;
250 urep->qkey = krep->qkey;
251 urep->qpn = krep->qpn;
252};
253
0b2b35f6 254static int ib_ucm_event_process(struct ib_cm_event *evt,
a5b74540
HR		 255 struct ib_ucm_event *uvt)
256{
257 void *info = NULL;
a5b74540
HR		 258
259 switch (evt->event) {
260 case IB_CM_REQ_RECEIVED:
0b2b35f6 261 ib_ucm_event_req_get(&uvt->resp.u.req_resp,
a5b74540
HR		 262 &evt->param.req_rcvd);
263 uvt->data_len = IB_CM_REQ_PRIVATE_DATA_SIZE;
b9ef520f 264 uvt->resp.present = IB_UCM_PRES_PRIMARY;
a5b74540
HR		 265 uvt->resp.present |= (evt->param.req_rcvd.alternate_path ?
266 IB_UCM_PRES_ALTERNATE : 0);
267 break;
268 case IB_CM_REP_RECEIVED:
269 ib_ucm_event_rep_get(&uvt->resp.u.rep_resp,
270 &evt->param.rep_rcvd);
271 uvt->data_len = IB_CM_REP_PRIVATE_DATA_SIZE;
a5b74540
HR		 272 break;
273 case IB_CM_RTU_RECEIVED:
274 uvt->data_len = IB_CM_RTU_PRIVATE_DATA_SIZE;
275 uvt->resp.u.send_status = evt->param.send_status;
a5b74540
HR		 276 break;
277 case IB_CM_DREQ_RECEIVED:
278 uvt->data_len = IB_CM_DREQ_PRIVATE_DATA_SIZE;
279 uvt->resp.u.send_status = evt->param.send_status;
a5b74540
HR		 280 break;
281 case IB_CM_DREP_RECEIVED:
282 uvt->data_len = IB_CM_DREP_PRIVATE_DATA_SIZE;
283 uvt->resp.u.send_status = evt->param.send_status;
a5b74540
HR		 284 break;
285 case IB_CM_MRA_RECEIVED:
b9ef520f
SH		 286 uvt->resp.u.mra_resp.timeout =
287 evt->param.mra_rcvd.service_timeout;
a5b74540 288 uvt->data_len = IB_CM_MRA_PRIVATE_DATA_SIZE;
a5b74540
HR		 289 break;
290 case IB_CM_REJ_RECEIVED:
b9ef520f 291 uvt->resp.u.rej_resp.reason = evt->param.rej_rcvd.reason;
a5b74540
HR		 292 uvt->data_len = IB_CM_REJ_PRIVATE_DATA_SIZE;
293 uvt->info_len = evt->param.rej_rcvd.ari_length;
294 info = evt->param.rej_rcvd.ari;
a5b74540
HR		 295 break;
296 case IB_CM_LAP_RECEIVED:
6a9af2e1
SH		 297 ib_copy_path_rec_to_user(&uvt->resp.u.lap_resp.path,
298 evt->param.lap_rcvd.alternate_path);
a5b74540 299 uvt->data_len = IB_CM_LAP_PRIVATE_DATA_SIZE;
b9ef520f 300 uvt->resp.present = IB_UCM_PRES_ALTERNATE;
a5b74540
HR		 301 break;
302 case IB_CM_APR_RECEIVED:
b9ef520f 303 uvt->resp.u.apr_resp.status = evt->param.apr_rcvd.ap_status;
a5b74540
HR		 304 uvt->data_len = IB_CM_APR_PRIVATE_DATA_SIZE;
305 uvt->info_len = evt->param.apr_rcvd.info_len;
306 info = evt->param.apr_rcvd.apr_info;
a5b74540
HR		 307 break;
308 case IB_CM_SIDR_REQ_RECEIVED:
3cd96564 309 uvt->resp.u.sidr_req_resp.pkey =
0b2b35f6 310 evt->param.sidr_req_rcvd.pkey;
3cd96564 311 uvt->resp.u.sidr_req_resp.port =
07d357d0 312 evt->param.sidr_req_rcvd.port;
a5b74540 313 uvt->data_len = IB_CM_SIDR_REQ_PRIVATE_DATA_SIZE;
a5b74540
HR		 314 break;
315 case IB_CM_SIDR_REP_RECEIVED:
316 ib_ucm_event_sidr_rep_get(&uvt->resp.u.sidr_rep_resp,
317 &evt->param.sidr_rep_rcvd);
318 uvt->data_len = IB_CM_SIDR_REP_PRIVATE_DATA_SIZE;
319 uvt->info_len = evt->param.sidr_rep_rcvd.info_len;
320 info = evt->param.sidr_rep_rcvd.info;
a5b74540
HR		 321 break;
322 default:
323 uvt->resp.u.send_status = evt->param.send_status;
a5b74540
HR		 324 break;
325 }
326
b9ef520f 327 if (uvt->data_len) {
bed8bdfd 328 uvt->data = kmemdup(evt->private_data, uvt->data_len, GFP_KERNEL);
b9ef520f
SH		 329 if (!uvt->data)
330 goto err1;
a5b74540 331
a5b74540
HR		 332 uvt->resp.present |= IB_UCM_PRES_DATA;
333 }
334
b9ef520f 335 if (uvt->info_len) {
bed8bdfd 336 uvt->info = kmemdup(info, uvt->info_len, GFP_KERNEL);
b9ef520f
SH		 337 if (!uvt->info)
338 goto err2;
a5b74540 339
a5b74540
HR		 340 uvt->resp.present |= IB_UCM_PRES_INFO;
341 }
a5b74540 342 return 0;
b9ef520f
SH		 343
344err2:
79d81907 345 kfree(uvt->data);
b9ef520f
SH		 346err1:
347 return -ENOMEM;
a5b74540
HR		 348}
349
350static int ib_ucm_event_handler(struct ib_cm_id *cm_id,
351 struct ib_cm_event *event)
352{
353 struct ib_ucm_event *uevent;
354 struct ib_ucm_context *ctx;
355 int result = 0;
a5b74540 356
b9ef520f 357 ctx = cm_id->context;
a5b74540 358
de6eb66b 359 uevent = kzalloc(sizeof *uevent, GFP_KERNEL);
b9ef520f
SH		 360 if (!uevent)
361 goto err1;
a5b74540 362
0b2b35f6
SH		 363 uevent->ctx = ctx;
364 uevent->cm_id = cm_id;
365 uevent->resp.uid = ctx->uid;
366 uevent->resp.id = ctx->id;
a5b74540
HR		 367 uevent->resp.event = event->event;
368
0b2b35f6 369 result = ib_ucm_event_process(event, uevent);
a5b74540 370 if (result)
b9ef520f 371 goto err2;
a5b74540 372
4be10c1e 373 mutex_lock(&ctx->file->file_mutex);
a5b74540
HR		 374 list_add_tail(&uevent->file_list, &ctx->file->events);
375 list_add_tail(&uevent->ctx_list, &ctx->events);
a5b74540 376 wake_up_interruptible(&ctx->file->poll_wait);
4be10c1e 377 mutex_unlock(&ctx->file->file_mutex);
b9ef520f
SH		 378 return 0;
379
380err2:
381 kfree(uevent);
382err1:
383 /* Destroy new cm_id's */
0b2b35f6 384 return ib_ucm_new_cm_id(event->event);
a5b74540
HR		 385}
386
387static ssize_t ib_ucm_event(struct ib_ucm_file *file,
388 const char __user *inbuf,
389 int in_len, int out_len)
390{
391 struct ib_ucm_context *ctx;
392 struct ib_ucm_event_get cmd;
0b2b35f6 393 struct ib_ucm_event *uevent;
a5b74540 394 int result = 0;
a5b74540
HR		 395
396 if (out_len < sizeof(struct ib_ucm_event_resp))
397 return -ENOSPC;
398
399 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
400 return -EFAULT;
07d357d0 401
4be10c1e 402 mutex_lock(&file->file_mutex);
a5b74540 403 while (list_empty(&file->events)) {
9d41b7fd 404 mutex_unlock(&file->file_mutex);
a5b74540 405
9d41b7fd
SH		 406 if (file->filp->f_flags & O_NONBLOCK)
407 return -EAGAIN;
a5b74540 408
9d41b7fd
SH		 409 if (wait_event_interruptible(file->poll_wait,
410 !list_empty(&file->events)))
411 return -ERESTARTSYS;
a5b74540 412
4be10c1e 413 mutex_lock(&file->file_mutex);
a5b74540
HR		 414 }
415
a5b74540
HR		 416 uevent = list_entry(file->events.next, struct ib_ucm_event, file_list);
417
0b2b35f6
SH		 418 if (ib_ucm_new_cm_id(uevent->resp.event)) {
419 ctx = ib_ucm_ctx_alloc(file);
420 if (!ctx) {
421 result = -ENOMEM;
422 goto done;
423 }
a5b74540 424
0b2b35f6
SH		 425 ctx->cm_id = uevent->cm_id;
426 ctx->cm_id->context = ctx;
427 uevent->resp.id = ctx->id;
a5b74540
HR		 428 }
429
a5b74540
HR		 430 if (copy_to_user((void __user *)(unsigned long)cmd.response,
431 &uevent->resp, sizeof(uevent->resp))) {
432 result = -EFAULT;
433 goto done;
434 }
435
436 if (uevent->data) {
a5b74540
HR		 437 if (cmd.data_len < uevent->data_len) {
438 result = -ENOMEM;
439 goto done;
440 }
a5b74540
HR		 441 if (copy_to_user((void __user *)(unsigned long)cmd.data,
442 uevent->data, uevent->data_len)) {
443 result = -EFAULT;
444 goto done;
445 }
446 }
447
448 if (uevent->info) {
a5b74540
HR		 449 if (cmd.info_len < uevent->info_len) {
450 result = -ENOMEM;
451 goto done;
452 }
a5b74540
HR		 453 if (copy_to_user((void __user *)(unsigned long)cmd.info,
454 uevent->info, uevent->info_len)) {
455 result = -EFAULT;
456 goto done;
457 }
458 }
459
460 list_del(&uevent->file_list);
461 list_del(&uevent->ctx_list);
0b2b35f6 462 uevent->ctx->events_reported++;
a5b74540 463
79d81907
HR		 464 kfree(uevent->data);
465 kfree(uevent->info);
a5b74540
HR		 466 kfree(uevent);
467done:
4be10c1e 468 mutex_unlock(&file->file_mutex);
a5b74540
HR		 469 return result;
470}
471
a5b74540
HR		 472static ssize_t ib_ucm_create_id(struct ib_ucm_file *file,
473 const char __user *inbuf,
474 int in_len, int out_len)
475{
476 struct ib_ucm_create_id cmd;
477 struct ib_ucm_create_id_resp resp;
478 struct ib_ucm_context *ctx;
479 int result;
480
481 if (out_len < sizeof(resp))
482 return -ENOSPC;
483
484 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
485 return -EFAULT;
486
4be10c1e 487 mutex_lock(&file->file_mutex);
a5b74540 488 ctx = ib_ucm_ctx_alloc(file);
4be10c1e 489 mutex_unlock(&file->file_mutex);
a5b74540
HR		 490 if (!ctx)
491 return -ENOMEM;
492
0b2b35f6 493 ctx->uid = cmd.uid;
07d357d0
SH		 494 ctx->cm_id = ib_create_cm_id(file->device->ib_dev,
495 ib_ucm_event_handler, ctx);
b9ef520f
SH		 496 if (IS_ERR(ctx->cm_id)) {
497 result = PTR_ERR(ctx->cm_id);
07d357d0 498 goto err1;
a5b74540
HR		 499 }
500
501 resp.id = ctx->id;
502 if (copy_to_user((void __user *)(unsigned long)cmd.response,
503 &resp, sizeof(resp))) {
504 result = -EFAULT;
07d357d0 505 goto err2;
a5b74540 506 }
a5b74540 507 return 0;
a5b74540 508
07d357d0
SH		 509err2:
510 ib_destroy_cm_id(ctx->cm_id);
511err1:
95ed644f 512 mutex_lock(&ctx_id_mutex);
0b2b35f6 513 idr_remove(&ctx_id_table, ctx->id);
95ed644f 514 mutex_unlock(&ctx_id_mutex);
0b2b35f6 515 kfree(ctx);
a5b74540
HR		 516 return result;
517}
518
519static ssize_t ib_ucm_destroy_id(struct ib_ucm_file *file,
520 const char __user *inbuf,
521 int in_len, int out_len)
522{
523 struct ib_ucm_destroy_id cmd;
0b2b35f6
SH		 524 struct ib_ucm_destroy_id_resp resp;
525 struct ib_ucm_context *ctx;
526 int result = 0;
527
528 if (out_len < sizeof(resp))
529 return -ENOSPC;
a5b74540
HR		 530
531 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
532 return -EFAULT;
533
95ed644f 534 mutex_lock(&ctx_id_mutex);
0b2b35f6
SH		 535 ctx = idr_find(&ctx_id_table, cmd.id);
536 if (!ctx)
537 ctx = ERR_PTR(-ENOENT);
538 else if (ctx->file != file)
539 ctx = ERR_PTR(-EINVAL);
540 else
541 idr_remove(&ctx_id_table, ctx->id);
95ed644f 542 mutex_unlock(&ctx_id_mutex);
0b2b35f6
SH		 543
544 if (IS_ERR(ctx))
545 return PTR_ERR(ctx);
546
1b52fa98
SH		 547 ib_ucm_ctx_put(ctx);
548 wait_for_completion(&ctx->comp);
0b2b35f6
SH		 549
550 /* No new events will be generated after destroying the cm_id. */
551 ib_destroy_cm_id(ctx->cm_id);
552 /* Cleanup events not yet reported to the user. */
553 ib_ucm_cleanup_events(ctx);
554
555 resp.events_reported = ctx->events_reported;
556 if (copy_to_user((void __user *)(unsigned long)cmd.response,
557 &resp, sizeof(resp)))
558 result = -EFAULT;
559
560 kfree(ctx);
561 return result;
a5b74540
HR		 562}
563
564static ssize_t ib_ucm_attr_id(struct ib_ucm_file *file,
565 const char __user *inbuf,
566 int in_len, int out_len)
567{
568 struct ib_ucm_attr_id_resp resp;
569 struct ib_ucm_attr_id cmd;
570 struct ib_ucm_context *ctx;
571 int result = 0;
572
573 if (out_len < sizeof(resp))
574 return -ENOSPC;
575
576 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
577 return -EFAULT;
578
b9ef520f
SH		 579 ctx = ib_ucm_ctx_get(file, cmd.id);
580 if (IS_ERR(ctx))
581 return PTR_ERR(ctx);
a5b74540
HR		 582
583 resp.service_id = ctx->cm_id->service_id;
584 resp.service_mask = ctx->cm_id->service_mask;
585 resp.local_id = ctx->cm_id->local_id;
586 resp.remote_id = ctx->cm_id->remote_id;
587
588 if (copy_to_user((void __user *)(unsigned long)cmd.response,
589 &resp, sizeof(resp)))
590 result = -EFAULT;
591
b9ef520f 592 ib_ucm_ctx_put(ctx);
a5b74540
HR		 593 return result;
594}
595
0b2b35f6
SH		 596static ssize_t ib_ucm_init_qp_attr(struct ib_ucm_file *file,
597 const char __user *inbuf,
598 int in_len, int out_len)
599{
6a9af2e1 600 struct ib_uverbs_qp_attr resp;
0b2b35f6
SH		 601 struct ib_ucm_init_qp_attr cmd;
602 struct ib_ucm_context *ctx;
603 struct ib_qp_attr qp_attr;
604 int result = 0;
605
606 if (out_len < sizeof(resp))
607 return -ENOSPC;
608
609 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
610 return -EFAULT;
611
612 ctx = ib_ucm_ctx_get(file, cmd.id);
613 if (IS_ERR(ctx))
614 return PTR_ERR(ctx);
615
616 resp.qp_attr_mask = 0;
617 memset(&qp_attr, 0, sizeof qp_attr);
618 qp_attr.qp_state = cmd.qp_state;
619 result = ib_cm_init_qp_attr(ctx->cm_id, &qp_attr, &resp.qp_attr_mask);
620 if (result)
621 goto out;
622
d541e455 623 ib_copy_qp_attr_to_user(ctx->cm_id->device, &resp, &qp_attr);
0b2b35f6
SH		 624
625 if (copy_to_user((void __user *)(unsigned long)cmd.response,
626 &resp, sizeof(resp)))
627 result = -EFAULT;
628
629out:
630 ib_ucm_ctx_put(ctx);
631 return result;
632}
633
6e61d04f
SH		 634static int ucm_validate_listen(__be64 service_id, __be64 service_mask)
635{
636 service_id &= service_mask;
637
638 if (((service_id & IB_CMA_SERVICE_ID_MASK) == IB_CMA_SERVICE_ID) ||
639 ((service_id & IB_SDP_SERVICE_ID_MASK) == IB_SDP_SERVICE_ID))
640 return -EINVAL;
641
642 return 0;
643}
644
a5b74540
HR		 645static ssize_t ib_ucm_listen(struct ib_ucm_file *file,
646 const char __user *inbuf,
647 int in_len, int out_len)
648{
649 struct ib_ucm_listen cmd;
650 struct ib_ucm_context *ctx;
651 int result;
652
653 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
654 return -EFAULT;
655
b9ef520f
SH		 656 ctx = ib_ucm_ctx_get(file, cmd.id);
657 if (IS_ERR(ctx))
658 return PTR_ERR(ctx);
a5b74540 659
6e61d04f
SH		 660 result = ucm_validate_listen(cmd.service_id, cmd.service_mask);
661 if (result)
662 goto out;
663
73fec7fd 664 result = ib_cm_listen(ctx->cm_id, cmd.service_id, cmd.service_mask);
6e61d04f 665out:
b9ef520f 666 ib_ucm_ctx_put(ctx);
a5b74540
HR		 667 return result;
668}
669
e1444b5a
SH		 670static ssize_t ib_ucm_notify(struct ib_ucm_file *file,
671 const char __user *inbuf,
672 int in_len, int out_len)
a5b74540 673{
e1444b5a 674 struct ib_ucm_notify cmd;
a5b74540
HR		 675 struct ib_ucm_context *ctx;
676 int result;
677
678 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
679 return -EFAULT;
680
b9ef520f
SH		 681 ctx = ib_ucm_ctx_get(file, cmd.id);
682 if (IS_ERR(ctx))
683 return PTR_ERR(ctx);
a5b74540 684
e1444b5a 685 result = ib_cm_notify(ctx->cm_id, (enum ib_event_type) cmd.event);
b9ef520f 686 ib_ucm_ctx_put(ctx);
a5b74540
HR		 687 return result;
688}
689
690static int ib_ucm_alloc_data(const void **dest, u64 src, u32 len)
691{
692 void *data;
693
694 *dest = NULL;
695
696 if (!len)
697 return 0;
698
e642df6a
JL		 699 data = memdup_user((void __user *)(unsigned long)src, len);
700 if (IS_ERR(data))
701 return PTR_ERR(data);
a5b74540
HR		 702
703 *dest = data;
704 return 0;
705}
706
c2f8fc4e 707static int ib_ucm_path_get(struct sa_path_rec **path, u64 src)
a5b74540 708{
6a9af2e1 709 struct ib_user_path_rec upath;
c2f8fc4e 710 struct sa_path_rec *sa_path;
a5b74540
HR		 711
712 *path = NULL;
713
714 if (!src)
715 return 0;
716
717 sa_path = kmalloc(sizeof(*sa_path), GFP_KERNEL);
718 if (!sa_path)
719 return -ENOMEM;
720
6a9af2e1
SH		 721 if (copy_from_user(&upath, (void __user *)(unsigned long)src,
722 sizeof(upath))) {
a5b74540
HR		 723
724 kfree(sa_path);
725 return -EFAULT;
726 }
727
6a9af2e1 728 ib_copy_path_rec_from_user(sa_path, &upath);
a5b74540
HR		 729 *path = sa_path;
730 return 0;
731}
732
733static ssize_t ib_ucm_send_req(struct ib_ucm_file *file,
734 const char __user *inbuf,
735 int in_len, int out_len)
736{
737 struct ib_cm_req_param param;
738 struct ib_ucm_context *ctx;
739 struct ib_ucm_req cmd;
740 int result;
741
742 param.private_data = NULL;
743 param.primary_path = NULL;
744 param.alternate_path = NULL;
745
746 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
747 return -EFAULT;
748
749 result = ib_ucm_alloc_data(&param.private_data, cmd.data, cmd.len);
750 if (result)
751 goto done;
752
753 result = ib_ucm_path_get(&param.primary_path, cmd.primary_path);
754 if (result)
755 goto done;
756
757 result = ib_ucm_path_get(&param.alternate_path, cmd.alternate_path);
758 if (result)
759 goto done;
760
761 param.private_data_len = cmd.len;
762 param.service_id = cmd.sid;
763 param.qp_num = cmd.qpn;
764 param.qp_type = cmd.qp_type;
765 param.starting_psn = cmd.psn;
766 param.peer_to_peer = cmd.peer_to_peer;
767 param.responder_resources = cmd.responder_resources;
768 param.initiator_depth = cmd.initiator_depth;
769 param.remote_cm_response_timeout = cmd.remote_cm_response_timeout;
770 param.flow_control = cmd.flow_control;
771 param.local_cm_response_timeout = cmd.local_cm_response_timeout;
772 param.retry_count = cmd.retry_count;
773 param.rnr_retry_count = cmd.rnr_retry_count;
774 param.max_cm_retries = cmd.max_cm_retries;
775 param.srq = cmd.srq;
776
b9ef520f
SH		 777 ctx = ib_ucm_ctx_get(file, cmd.id);
778 if (!IS_ERR(ctx)) {
a5b74540 779 result = ib_send_cm_req(ctx->cm_id, &param);
b9ef520f
SH		 780 ib_ucm_ctx_put(ctx);
781 } else
782 result = PTR_ERR(ctx);
a5b74540 783
a5b74540 784done:
79d81907
HR		 785 kfree(param.private_data);
786 kfree(param.primary_path);
787 kfree(param.alternate_path);
a5b74540
HR		 788 return result;
789}
790
791static ssize_t ib_ucm_send_rep(struct ib_ucm_file *file,
792 const char __user *inbuf,
793 int in_len, int out_len)
794{
795 struct ib_cm_rep_param param;
796 struct ib_ucm_context *ctx;
797 struct ib_ucm_rep cmd;
798 int result;
799
800 param.private_data = NULL;
801
802 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
803 return -EFAULT;
804
805 result = ib_ucm_alloc_data(&param.private_data, cmd.data, cmd.len);
806 if (result)
807 return result;
808
809 param.qp_num = cmd.qpn;
810 param.starting_psn = cmd.psn;
811 param.private_data_len = cmd.len;
812 param.responder_resources = cmd.responder_resources;
813 param.initiator_depth = cmd.initiator_depth;
a5b74540
HR		 814 param.failover_accepted = cmd.failover_accepted;
815 param.flow_control = cmd.flow_control;
816 param.rnr_retry_count = cmd.rnr_retry_count;
817 param.srq = cmd.srq;
818
b9ef520f
SH		 819 ctx = ib_ucm_ctx_get(file, cmd.id);
820 if (!IS_ERR(ctx)) {
0b2b35f6 821 ctx->uid = cmd.uid;
a5b74540 822 result = ib_send_cm_rep(ctx->cm_id, &param);
b9ef520f
SH		 823 ib_ucm_ctx_put(ctx);
824 } else
825 result = PTR_ERR(ctx);
a5b74540 826
79d81907 827 kfree(param.private_data);
a5b74540
HR		 828 return result;
829}
830
831static ssize_t ib_ucm_send_private_data(struct ib_ucm_file *file,
832 const char __user *inbuf, int in_len,
833 int (*func)(struct ib_cm_id *cm_id,
834 const void *private_data,
835 u8 private_data_len))
836{
837 struct ib_ucm_private_data cmd;
838 struct ib_ucm_context *ctx;
839 const void *private_data = NULL;
840 int result;
841
842 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
843 return -EFAULT;
844
845 result = ib_ucm_alloc_data(&private_data, cmd.data, cmd.len);
846 if (result)
847 return result;
848
b9ef520f
SH		 849 ctx = ib_ucm_ctx_get(file, cmd.id);
850 if (!IS_ERR(ctx)) {
a5b74540 851 result = func(ctx->cm_id, private_data, cmd.len);
b9ef520f
SH		 852 ib_ucm_ctx_put(ctx);
853 } else
854 result = PTR_ERR(ctx);
a5b74540 855
79d81907 856 kfree(private_data);
a5b74540
HR		 857 return result;
858}
859
860static ssize_t ib_ucm_send_rtu(struct ib_ucm_file *file,
861 const char __user *inbuf,
862 int in_len, int out_len)
863{
864 return ib_ucm_send_private_data(file, inbuf, in_len, ib_send_cm_rtu);
865}
866
867static ssize_t ib_ucm_send_dreq(struct ib_ucm_file *file,
868 const char __user *inbuf,
869 int in_len, int out_len)
870{
871 return ib_ucm_send_private_data(file, inbuf, in_len, ib_send_cm_dreq);
872}
873
874static ssize_t ib_ucm_send_drep(struct ib_ucm_file *file,
875 const char __user *inbuf,
876 int in_len, int out_len)
877{
878 return ib_ucm_send_private_data(file, inbuf, in_len, ib_send_cm_drep);
879}
880
881static ssize_t ib_ucm_send_info(struct ib_ucm_file *file,
882 const char __user *inbuf, int in_len,
883 int (*func)(struct ib_cm_id *cm_id,
884 int status,
885 const void *info,
886 u8 info_len,
887 const void *data,
888 u8 data_len))
889{
890 struct ib_ucm_context *ctx;
891 struct ib_ucm_info cmd;
892 const void *data = NULL;
893 const void *info = NULL;
894 int result;
895
896 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
897 return -EFAULT;
898
899 result = ib_ucm_alloc_data(&data, cmd.data, cmd.data_len);
900 if (result)
901 goto done;
902
903 result = ib_ucm_alloc_data(&info, cmd.info, cmd.info_len);
904 if (result)
905 goto done;
906
b9ef520f
SH		 907 ctx = ib_ucm_ctx_get(file, cmd.id);
908 if (!IS_ERR(ctx)) {
909 result = func(ctx->cm_id, cmd.status, info, cmd.info_len,
a5b74540 910 data, cmd.data_len);
b9ef520f
SH		 911 ib_ucm_ctx_put(ctx);
912 } else
913 result = PTR_ERR(ctx);
a5b74540 914
a5b74540 915done:
79d81907
HR		 916 kfree(data);
917 kfree(info);
a5b74540
HR		 918 return result;
919}
920
921static ssize_t ib_ucm_send_rej(struct ib_ucm_file *file,
922 const char __user *inbuf,
923 int in_len, int out_len)
924{
925 return ib_ucm_send_info(file, inbuf, in_len, (void *)ib_send_cm_rej);
926}
927
928static ssize_t ib_ucm_send_apr(struct ib_ucm_file *file,
929 const char __user *inbuf,
930 int in_len, int out_len)
931{
932 return ib_ucm_send_info(file, inbuf, in_len, (void *)ib_send_cm_apr);
933}
934
935static ssize_t ib_ucm_send_mra(struct ib_ucm_file *file,
936 const char __user *inbuf,
937 int in_len, int out_len)
938{
939 struct ib_ucm_context *ctx;
940 struct ib_ucm_mra cmd;
941 const void *data = NULL;
942 int result;
943
944 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
945 return -EFAULT;
946
947 result = ib_ucm_alloc_data(&data, cmd.data, cmd.len);
948 if (result)
949 return result;
950
b9ef520f
SH		 951 ctx = ib_ucm_ctx_get(file, cmd.id);
952 if (!IS_ERR(ctx)) {
953 result = ib_send_cm_mra(ctx->cm_id, cmd.timeout, data, cmd.len);
954 ib_ucm_ctx_put(ctx);
955 } else
956 result = PTR_ERR(ctx);
a5b74540 957
79d81907 958 kfree(data);
a5b74540
HR		 959 return result;
960}
961
962static ssize_t ib_ucm_send_lap(struct ib_ucm_file *file,
963 const char __user *inbuf,
964 int in_len, int out_len)
965{
966 struct ib_ucm_context *ctx;
c2f8fc4e 967 struct sa_path_rec *path = NULL;
a5b74540
HR		 968 struct ib_ucm_lap cmd;
969 const void *data = NULL;
970 int result;
971
972 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
973 return -EFAULT;
974
975 result = ib_ucm_alloc_data(&data, cmd.data, cmd.len);
976 if (result)
977 goto done;
978
979 result = ib_ucm_path_get(&path, cmd.path);
980 if (result)
981 goto done;
982
b9ef520f
SH		 983 ctx = ib_ucm_ctx_get(file, cmd.id);
984 if (!IS_ERR(ctx)) {
a5b74540 985 result = ib_send_cm_lap(ctx->cm_id, path, data, cmd.len);
b9ef520f
SH		 986 ib_ucm_ctx_put(ctx);
987 } else
988 result = PTR_ERR(ctx);
a5b74540 989
a5b74540 990done:
79d81907
HR		 991 kfree(data);
992 kfree(path);
a5b74540
HR		 993 return result;
994}
995
996static ssize_t ib_ucm_send_sidr_req(struct ib_ucm_file *file,
997 const char __user *inbuf,
998 int in_len, int out_len)
999{
1000 struct ib_cm_sidr_req_param param;
1001 struct ib_ucm_context *ctx;
1002 struct ib_ucm_sidr_req cmd;
1003 int result;
1004
1005 param.private_data = NULL;
1006 param.path = NULL;
1007
1008 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1009 return -EFAULT;
1010
1011 result = ib_ucm_alloc_data(&param.private_data, cmd.data, cmd.len);
1012 if (result)
1013 goto done;
1014
1015 result = ib_ucm_path_get(&param.path, cmd.path);
1016 if (result)
1017 goto done;
1018
1019 param.private_data_len = cmd.len;
1020 param.service_id = cmd.sid;
1021 param.timeout_ms = cmd.timeout;
1022 param.max_cm_retries = cmd.max_cm_retries;
a5b74540 1023
b9ef520f
SH		 1024 ctx = ib_ucm_ctx_get(file, cmd.id);
1025 if (!IS_ERR(ctx)) {
a5b74540 1026 result = ib_send_cm_sidr_req(ctx->cm_id, &param);
b9ef520f
SH		 1027 ib_ucm_ctx_put(ctx);
1028 } else
1029 result = PTR_ERR(ctx);
a5b74540 1030
a5b74540 1031done:
79d81907
HR		 1032 kfree(param.private_data);
1033 kfree(param.path);
a5b74540
HR		 1034 return result;
1035}
1036
1037static ssize_t ib_ucm_send_sidr_rep(struct ib_ucm_file *file,
1038 const char __user *inbuf,
1039 int in_len, int out_len)
1040{
1041 struct ib_cm_sidr_rep_param param;
1042 struct ib_ucm_sidr_rep cmd;
1043 struct ib_ucm_context *ctx;
1044 int result;
1045
1046 param.info = NULL;
1047
1048 if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
1049 return -EFAULT;
1050
1051 result = ib_ucm_alloc_data(&param.private_data,
1052 cmd.data, cmd.data_len);
1053 if (result)
1054 goto done;
1055
1056 result = ib_ucm_alloc_data(&param.info, cmd.info, cmd.info_len);
1057 if (result)
1058 goto done;
1059
b9ef520f
SH		 1060 param.qp_num = cmd.qpn;
1061 param.qkey = cmd.qkey;
1062 param.status = cmd.status;
1063 param.info_length = cmd.info_len;
1064 param.private_data_len = cmd.data_len;
a5b74540 1065
b9ef520f
SH		 1066 ctx = ib_ucm_ctx_get(file, cmd.id);
1067 if (!IS_ERR(ctx)) {
a5b74540 1068 result = ib_send_cm_sidr_rep(ctx->cm_id, &param);
b9ef520f
SH		 1069 ib_ucm_ctx_put(ctx);
1070 } else
1071 result = PTR_ERR(ctx);
a5b74540 1072
a5b74540 1073done:
79d81907
HR		 1074 kfree(param.private_data);
1075 kfree(param.info);
a5b74540
HR		 1076 return result;
1077}
1078
1079static ssize_t (*ucm_cmd_table[])(struct ib_ucm_file *file,
1080 const char __user *inbuf,
1081 int in_len, int out_len) = {
1082 [IB_USER_CM_CMD_CREATE_ID] = ib_ucm_create_id,
1083 [IB_USER_CM_CMD_DESTROY_ID] = ib_ucm_destroy_id,
1084 [IB_USER_CM_CMD_ATTR_ID] = ib_ucm_attr_id,
1085 [IB_USER_CM_CMD_LISTEN] = ib_ucm_listen,
e1444b5a 1086 [IB_USER_CM_CMD_NOTIFY] = ib_ucm_notify,
a5b74540
HR		 1087 [IB_USER_CM_CMD_SEND_REQ] = ib_ucm_send_req,
1088 [IB_USER_CM_CMD_SEND_REP] = ib_ucm_send_rep,
1089 [IB_USER_CM_CMD_SEND_RTU] = ib_ucm_send_rtu,
1090 [IB_USER_CM_CMD_SEND_DREQ] = ib_ucm_send_dreq,
1091 [IB_USER_CM_CMD_SEND_DREP] = ib_ucm_send_drep,
1092 [IB_USER_CM_CMD_SEND_REJ] = ib_ucm_send_rej,
1093 [IB_USER_CM_CMD_SEND_MRA] = ib_ucm_send_mra,
1094 [IB_USER_CM_CMD_SEND_LAP] = ib_ucm_send_lap,
1095 [IB_USER_CM_CMD_SEND_APR] = ib_ucm_send_apr,
1096 [IB_USER_CM_CMD_SEND_SIDR_REQ] = ib_ucm_send_sidr_req,
1097 [IB_USER_CM_CMD_SEND_SIDR_REP] = ib_ucm_send_sidr_rep,
1098 [IB_USER_CM_CMD_EVENT] = ib_ucm_event,
0b2b35f6 1099 [IB_USER_CM_CMD_INIT_QP_ATTR] = ib_ucm_init_qp_attr,
a5b74540
HR		 1100};
1101
1102static ssize_t ib_ucm_write(struct file *filp, const char __user *buf,
1103 size_t len, loff_t *pos)
1104{
1105 struct ib_ucm_file *file = filp->private_data;
1106 struct ib_ucm_cmd_hdr hdr;
1107 ssize_t result;
1108
f73a1dbc
LR		 1109 if (!ib_safe_file_access(filp)) {
1110 pr_err_once("ucm_write: process %d (%s) changed security contexts after opening file descriptor, this is not allowed.\n",
1111 task_tgid_vnr(current), current->comm);
e6bd18f5 1112 return -EACCES;
f73a1dbc 1113 }
e6bd18f5 1114
a5b74540
HR		 1115 if (len < sizeof(hdr))
1116 return -EINVAL;
1117
1118 if (copy_from_user(&hdr, buf, sizeof(hdr)))
1119 return -EFAULT;
1120
caf6e3f2 1121 if (hdr.cmd >= ARRAY_SIZE(ucm_cmd_table))
a5b74540 1122 return -EINVAL;
9e689dfc 1123 hdr.cmd = array_index_nospec(hdr.cmd, ARRAY_SIZE(ucm_cmd_table));
a5b74540
HR		 1124
1125 if (hdr.in + sizeof(hdr) > len)
1126 return -EINVAL;
1127
1128 result = ucm_cmd_table[hdr.cmd](file, buf + sizeof(hdr),
1129 hdr.in, hdr.out);
1130 if (!result)
1131 result = len;
1132
1133 return result;
1134}
1135
1136static unsigned int ib_ucm_poll(struct file *filp,
1137 struct poll_table_struct *wait)
1138{
1139 struct ib_ucm_file *file = filp->private_data;
1140 unsigned int mask = 0;
1141
1142 poll_wait(filp, &file->poll_wait, wait);
1143
1144 if (!list_empty(&file->events))
1145 mask = POLLIN | POLLRDNORM;
1146
1147 return mask;
1148}
1149
5ba18b18
RD		 1150/*
1151 * ib_ucm_open() does not need the BKL:
1152 *
1153 * - no global state is referred to;
1154 * - there is no ioctl method to race against;
1155 * - no further module initialization is required for open to work
1156 * after the device is registered.
1157 */
a5b74540
HR		 1158static int ib_ucm_open(struct inode *inode, struct file *filp)
1159{
1160 struct ib_ucm_file *file;
1161
1162 file = kmalloc(sizeof(*file), GFP_KERNEL);
1163 if (!file)
1164 return -ENOMEM;
1165
1166 INIT_LIST_HEAD(&file->events);
1167 INIT_LIST_HEAD(&file->ctxs);
1168 init_waitqueue_head(&file->poll_wait);
1169
4be10c1e 1170 mutex_init(&file->file_mutex);
a5b74540
HR		 1171
1172 filp->private_data = file;
1173 file->filp = filp;
f4e91eb4 1174 file->device = container_of(inode->i_cdev, struct ib_ucm_device, cdev);
a5b74540 1175
bc1db9af 1176 return nonseekable_open(inode, filp);
a5b74540
HR		 1177}
1178
1179static int ib_ucm_close(struct inode *inode, struct file *filp)
1180{
1181 struct ib_ucm_file *file = filp->private_data;
1182 struct ib_ucm_context *ctx;
1183
4be10c1e 1184 mutex_lock(&file->file_mutex);
a5b74540 1185 while (!list_empty(&file->ctxs)) {
a5b74540
HR		 1186 ctx = list_entry(file->ctxs.next,
1187 struct ib_ucm_context, file_list);
4be10c1e 1188 mutex_unlock(&file->file_mutex);
0b2b35f6 1189
95ed644f 1190 mutex_lock(&ctx_id_mutex);
0b2b35f6 1191 idr_remove(&ctx_id_table, ctx->id);
95ed644f 1192 mutex_unlock(&ctx_id_mutex);
0b2b35f6
SH		 1193
1194 ib_destroy_cm_id(ctx->cm_id);
1195 ib_ucm_cleanup_events(ctx);
1196 kfree(ctx);
1197
4be10c1e 1198 mutex_lock(&file->file_mutex);
a5b74540 1199 }
4be10c1e 1200 mutex_unlock(&file->file_mutex);
a5b74540 1201 kfree(file);
a5b74540
HR		 1202 return 0;
1203}
1204
59d40dd9 1205static DECLARE_BITMAP(overflow_map, IB_UCM_MAX_DEVICES);
f4e91eb4 1206static void ib_ucm_release_dev(struct device *dev)
07d357d0 1207{
f4e91eb4 1208 struct ib_ucm_device *ucm_dev;
07d357d0 1209
f4e91eb4 1210 ucm_dev = container_of(dev, struct ib_ucm_device, dev);
a0d78193
JG		 1211 kfree(ucm_dev);
1212}
1213
1214static void ib_ucm_free_dev(struct ib_ucm_device *ucm_dev)
1215{
daa91358
AC		 1216 if (ucm_dev->devnum < IB_UCM_MAX_DEVICES)
1217 clear_bit(ucm_dev->devnum, dev_map);
1218 else
59d40dd9 1219 clear_bit(ucm_dev->devnum - IB_UCM_MAX_DEVICES, overflow_map);
07d357d0
SH		 1220}
1221
2b8693c0 1222static const struct file_operations ucm_fops = {
cdb8e438
AC		 1223 .owner = THIS_MODULE,
1224 .open = ib_ucm_open,
a5b74540 1225 .release = ib_ucm_close,
cdb8e438 1226 .write = ib_ucm_write,
a5b74540 1227 .poll = ib_ucm_poll,
bc1db9af 1228 .llseek = no_llseek,
a5b74540
HR		 1229};
1230
f4e91eb4
TJ		 1231static ssize_t show_ibdev(struct device *dev, struct device_attribute *attr,
1232 char *buf)
07d357d0 1233{
f4e91eb4 1234 struct ib_ucm_device *ucm_dev;
3cd96564 1235
f4e91eb4
TJ		 1236 ucm_dev = container_of(dev, struct ib_ucm_device, dev);
1237 return sprintf(buf, "%s\n", ucm_dev->ib_dev->name);
07d357d0 1238}
f4e91eb4 1239static DEVICE_ATTR(ibdev, S_IRUGO, show_ibdev, NULL);
a5b74540 1240
daa91358 1241static dev_t overflow_maj;
daa91358
AC		 1242static int find_overflow_devnum(void)
1243{
1244 int ret;
1245
1246 if (!overflow_maj) {
1247 ret = alloc_chrdev_region(&overflow_maj, 0, IB_UCM_MAX_DEVICES,
1248 "infiniband_cm");
1249 if (ret) {
aba25a3e 1250 pr_err("ucm: couldn't register dynamic device number\n");
daa91358
AC		 1251 return ret;
1252 }
1253 }
1254
1255 ret = find_first_zero_bit(overflow_map, IB_UCM_MAX_DEVICES);
1256 if (ret >= IB_UCM_MAX_DEVICES)
1257 return -1;
1258
1259 return ret;
1260}
1261
07d357d0 1262static void ib_ucm_add_one(struct ib_device *device)
a5b74540 1263{
dd08f702 1264 int devnum;
31d14b6e 1265 dev_t base;
07d357d0 1266 struct ib_ucm_device *ucm_dev;
a5b74540 1267
72219cea 1268 if (!device->alloc_ucontext || !rdma_cap_ib_cm(device, 1))
07d357d0
SH		 1269 return;
1270
de6eb66b 1271 ucm_dev = kzalloc(sizeof *ucm_dev, GFP_KERNEL);
07d357d0
SH		 1272 if (!ucm_dev)
1273 return;
a5b74540 1274
a0d78193 1275 device_initialize(&ucm_dev->dev);
07d357d0 1276 ucm_dev->ib_dev = device;
a0d78193 1277 ucm_dev->dev.release = ib_ucm_release_dev;
a5b74540 1278
dd08f702 1279 devnum = find_first_zero_bit(dev_map, IB_UCM_MAX_DEVICES);
daa91358
AC		 1280 if (devnum >= IB_UCM_MAX_DEVICES) {
1281 devnum = find_overflow_devnum();
1282 if (devnum < 0)
1283 goto err;
1284
1285 ucm_dev->devnum = devnum + IB_UCM_MAX_DEVICES;
1286 base = devnum + overflow_maj;
1287 set_bit(devnum, overflow_map);
1288 } else {
1289 ucm_dev->devnum = devnum;
1290 base = devnum + IB_UCM_BASE_DEV;
1291 set_bit(devnum, dev_map);
1292 }
07d357d0 1293
f4e91eb4
TJ		 1294 cdev_init(&ucm_dev->cdev, &ucm_fops);
1295 ucm_dev->cdev.owner = THIS_MODULE;
1296 kobject_set_name(&ucm_dev->cdev.kobj, "ucm%d", ucm_dev->devnum);
07d357d0 1297
f4e91eb4 1298 ucm_dev->dev.class = &cm_class;
1e35a088 1299 ucm_dev->dev.parent = device->dev.parent;
a0d78193
JG		 1300 ucm_dev->dev.devt = base;
1301
d927e38c 1302 dev_set_name(&ucm_dev->dev, "ucm%d", ucm_dev->devnum);
a0d78193
JG		 1303 if (cdev_device_add(&ucm_dev->cdev, &ucm_dev->dev))
1304 goto err_devnum;
a5b74540 1305
f4e91eb4
TJ		 1306 if (device_create_file(&ucm_dev->dev, &dev_attr_ibdev))
1307 goto err_dev;
07d357d0
SH		 1308
1309 ib_set_client_data(device, &ucm_client, ucm_dev);
1310 return;
1311
f4e91eb4 1312err_dev:
a0d78193
JG		 1313 cdev_device_del(&ucm_dev->cdev, &ucm_dev->dev);
1314err_devnum:
1315 ib_ucm_free_dev(ucm_dev);
07d357d0 1316err:
a0d78193 1317 put_device(&ucm_dev->dev);
07d357d0
SH		 1318 return;
1319}
1320
7c1eb45a 1321static void ib_ucm_remove_one(struct ib_device *device, void *client_data)
07d357d0 1322{
7c1eb45a 1323 struct ib_ucm_device *ucm_dev = client_data;
07d357d0
SH		 1324
1325 if (!ucm_dev)
1326 return;
1327
a0d78193
JG		 1328 cdev_device_del(&ucm_dev->cdev, &ucm_dev->dev);
1329 ib_ucm_free_dev(ucm_dev);
1330 put_device(&ucm_dev->dev);
07d357d0
SH		 1331}
1332
0933e2d9
AK		 1333static CLASS_ATTR_STRING(abi_version, S_IRUGO,
1334 __stringify(IB_USER_CM_ABI_VERSION));
07d357d0
SH		 1335
1336static int __init ib_ucm_init(void)
1337{
1338 int ret;
1339
1340 ret = register_chrdev_region(IB_UCM_BASE_DEV, IB_UCM_MAX_DEVICES,
1341 "infiniband_cm");
1342 if (ret) {
aba25a3e 1343 pr_err("ucm: couldn't register device number\n");
9af57b7a 1344 goto error1;
a5b74540
HR		 1345 }
1346
0933e2d9 1347 ret = class_create_file(&cm_class, &class_attr_abi_version.attr);
07d357d0 1348 if (ret) {
aba25a3e 1349 pr_err("ucm: couldn't create abi_version attribute\n");
9af57b7a 1350 goto error2;
07d357d0 1351 }
a5b74540 1352
07d357d0
SH		 1353 ret = ib_register_client(&ucm_client);
1354 if (ret) {
aba25a3e 1355 pr_err("ucm: couldn't register client\n");
9af57b7a 1356 goto error3;
07d357d0 1357 }
a5b74540 1358 return 0;
07d357d0 1359
9af57b7a 1360error3:
0933e2d9 1361 class_remove_file(&cm_class, &class_attr_abi_version.attr);
9af57b7a 1362error2:
07d357d0 1363 unregister_chrdev_region(IB_UCM_BASE_DEV, IB_UCM_MAX_DEVICES);
9af57b7a 1364error1:
07d357d0 1365 return ret;
a5b74540
HR		 1366}
1367
1368static void __exit ib_ucm_cleanup(void)
1369{
07d357d0 1370 ib_unregister_client(&ucm_client);
0933e2d9 1371 class_remove_file(&cm_class, &class_attr_abi_version.attr);
07d357d0 1372 unregister_chrdev_region(IB_UCM_BASE_DEV, IB_UCM_MAX_DEVICES);
daa91358
AC		 1373 if (overflow_maj)
1374 unregister_chrdev_region(overflow_maj, IB_UCM_MAX_DEVICES);
5d7edb3c 1375 idr_destroy(&ctx_id_table);
a5b74540
HR		 1376}
1377
1378module_init(ib_ucm_init);
1379module_exit(ib_ucm_cleanup);
ubuntu-bionic-kernel mirror