1/*
2 * Copyright (c) 2005 Topspin Communications.  All rights reserved.
3 * Copyright (c) 2005 Cisco Systems.  All rights reserved.
4 * Copyright (c) 2005 Mellanox Technologies. All rights reserved.
5 *
6 * This software is available to you under a choice of one of two
7 * licenses.  You may choose to be licensed under the terms of the GNU
8 * General Public License (GPL) Version 2, available from the file
9 * COPYING in the main directory of this source tree, or the
10 * OpenIB.org BSD license below:
11 *
12 *     Redistribution and use in source and binary forms, with or
13 *     without modification, are permitted provided that the following
14 *     conditions are met:
15 *
16 *      - Redistributions of source code must retain the above
17 *        copyright notice, this list of conditions and the following
18 *        disclaimer.
19 *
20 *      - Redistributions in binary form must reproduce the above
21 *        copyright notice, this list of conditions and the following
22 *        disclaimer in the documentation and/or other materials
23 *        provided with the distribution.
24 *
25 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
29 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
30 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
31 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32 * SOFTWARE.
33 */
34
35#include <linux/mm.h>
36#include <linux/dma-mapping.h>
37#include <linux/sched.h>
38#include <linux/export.h>
39#include <linux/hugetlb.h>
40#include <linux/dma-attrs.h>
41#include <linux/slab.h>
42#include <rdma/ib_umem_odp.h>
43
44#include "uverbs.h"
45
46
47static void __ib_umem_release(struct ib_device *dev, struct ib_umem *umem, int dirty)
48{
49	struct scatterlist *sg;
50	struct page *page;
51	int i;
52
53	if (umem->nmap > 0)
54		ib_dma_unmap_sg(dev, umem->sg_head.sgl,
55				umem->nmap,
56				DMA_BIDIRECTIONAL);
57
58	for_each_sg(umem->sg_head.sgl, sg, umem->npages, i) {
59
60		page = sg_page(sg);
61		if (umem->writable && dirty)
62			set_page_dirty_lock(page);
63		put_page(page);
64	}
65
66	sg_free_table(&umem->sg_head);
67	return;
68
69}
70
71/**
72 * ib_umem_get - Pin and DMA map userspace memory.
73 *
74 * If access flags indicate ODP memory, avoid pinning. Instead, stores
75 * the mm for future page fault handling in conjunction with MMU notifiers.
76 *
77 * @context: userspace context to pin memory for
78 * @addr: userspace virtual address to start at
79 * @size: length of region to pin
80 * @access: IB_ACCESS_xxx flags for memory being pinned
81 * @dmasync: flush in-flight DMA when the memory region is written
82 */
83struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr,
84			    size_t size, int access, int dmasync)
85{
86	struct ib_umem *umem;
87	struct page **page_list;
88	struct vm_area_struct **vma_list;
89	unsigned long locked;
90	unsigned long lock_limit;
91	unsigned long cur_base;
92	unsigned long npages;
93	int ret;
94	int i;
95	DEFINE_DMA_ATTRS(attrs);
96	struct scatterlist *sg, *sg_list_start;
97	int need_release = 0;
98
99	if (dmasync)
100		dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs);
101
102	if (!size)
103		return ERR_PTR(-EINVAL);
104
105	/*
106	 * If the combination of the addr and size requested for this memory
107	 * region causes an integer overflow, return error.
108	 */
109	if (((addr + size) < addr) ||
110	    PAGE_ALIGN(addr + size) < (addr + size))
111		return ERR_PTR(-EINVAL);
112
113	if (!can_do_mlock())
114		return ERR_PTR(-EPERM);
115
116	umem = kzalloc(sizeof *umem, GFP_KERNEL);
117	if (!umem)
118		return ERR_PTR(-ENOMEM);
119
120	umem->context   = context;
121	umem->length    = size;
122	umem->address   = addr;
123	umem->page_size = PAGE_SIZE;
124	umem->pid       = get_task_pid(current, PIDTYPE_PID);
125	/*
126	 * We ask for writable memory if any of the following
127	 * access flags are set.  "Local write" and "remote write"
128	 * obviously require write access.  "Remote atomic" can do
129	 * things like fetch and add, which will modify memory, and
130	 * "MW bind" can change permissions by binding a window.
131	 */
132	umem->writable  = !!(access &
133		(IB_ACCESS_LOCAL_WRITE   | IB_ACCESS_REMOTE_WRITE |
134		 IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND));
135
136	if (access & IB_ACCESS_ON_DEMAND) {
137		ret = ib_umem_odp_get(context, umem);
138		if (ret) {
139			kfree(umem);
140			return ERR_PTR(ret);
141		}
142		return umem;
143	}
144
145	umem->odp_data = NULL;
146
147	/* We assume the memory is from hugetlb until proved otherwise */
148	umem->hugetlb   = 1;
149
150	page_list = (struct page **) __get_free_page(GFP_KERNEL);
151	if (!page_list) {
152		kfree(umem);
153		return ERR_PTR(-ENOMEM);
154	}
155
156	/*
157	 * if we can't alloc the vma_list, it's not so bad;
158	 * just assume the memory is not hugetlb memory
159	 */
160	vma_list = (struct vm_area_struct **) __get_free_page(GFP_KERNEL);
161	if (!vma_list)
162		umem->hugetlb = 0;
163
164	npages = ib_umem_num_pages(umem);
165
166	down_write(&current->mm->mmap_sem);
167
168	locked     = npages + current->mm->pinned_vm;
169	lock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
170
171	if ((locked > lock_limit) && !capable(CAP_IPC_LOCK)) {
172		ret = -ENOMEM;
173		goto out;
174	}
175
176	cur_base = addr & PAGE_MASK;
177
178	if (npages == 0) {
179		ret = -EINVAL;
180		goto out;
181	}
182
183	ret = sg_alloc_table(&umem->sg_head, npages, GFP_KERNEL);
184	if (ret)
185		goto out;
186
187	need_release = 1;
188	sg_list_start = umem->sg_head.sgl;
189
190	while (npages) {
191		ret = get_user_pages(current, current->mm, cur_base,
192				     min_t(unsigned long, npages,
193					   PAGE_SIZE / sizeof (struct page *)),
194				     1, !umem->writable, page_list, vma_list);
195
196		if (ret < 0)
197			goto out;
198
199		umem->npages += ret;
200		cur_base += ret * PAGE_SIZE;
201		npages   -= ret;
202
203		for_each_sg(sg_list_start, sg, ret, i) {
204			if (vma_list && !is_vm_hugetlb_page(vma_list[i]))
205				umem->hugetlb = 0;
206
207			sg_set_page(sg, page_list[i], PAGE_SIZE, 0);
208		}
209
210		/* preparing for next loop */
211		sg_list_start = sg;
212	}
213
214	umem->nmap = ib_dma_map_sg_attrs(context->device,
215				  umem->sg_head.sgl,
216				  umem->npages,
217				  DMA_BIDIRECTIONAL,
218				  &attrs);
219
220	if (umem->nmap <= 0) {
221		ret = -ENOMEM;
222		goto out;
223	}
224
225	ret = 0;
226
227out:
228	if (ret < 0) {
229		if (need_release)
230			__ib_umem_release(context->device, umem, 0);
231		put_pid(umem->pid);
232		kfree(umem);
233	} else
234		current->mm->pinned_vm = locked;
235
236	up_write(&current->mm->mmap_sem);
237	if (vma_list)
238		free_page((unsigned long) vma_list);
239	free_page((unsigned long) page_list);
240
241	return ret < 0 ? ERR_PTR(ret) : umem;
242}
243EXPORT_SYMBOL(ib_umem_get);
244
245static void ib_umem_account(struct work_struct *work)
246{
247	struct ib_umem *umem = container_of(work, struct ib_umem, work);
248
249	down_write(&umem->mm->mmap_sem);
250	umem->mm->pinned_vm -= umem->diff;
251	up_write(&umem->mm->mmap_sem);
252	mmput(umem->mm);
253	kfree(umem);
254}
255
256/**
257 * ib_umem_release - release memory pinned with ib_umem_get
258 * @umem: umem struct to release
259 */
260void ib_umem_release(struct ib_umem *umem)
261{
262	struct ib_ucontext *context = umem->context;
263	struct mm_struct *mm;
264	struct task_struct *task;
265	unsigned long diff;
266
267	if (umem->odp_data) {
268		ib_umem_odp_release(umem);
269		return;
270	}
271
272	__ib_umem_release(umem->context->device, umem, 1);
273
274	task = get_pid_task(umem->pid, PIDTYPE_PID);
275	put_pid(umem->pid);
276	if (!task)
277		goto out;
278	mm = get_task_mm(task);
279	put_task_struct(task);
280	if (!mm)
281		goto out;
282
283	diff = ib_umem_num_pages(umem);
284
285	/*
286	 * We may be called with the mm's mmap_sem already held.  This
287	 * can happen when a userspace munmap() is the call that drops
288	 * the last reference to our file and calls our release
289	 * method.  If there are memory regions to destroy, we'll end
290	 * up here and not be able to take the mmap_sem.  In that case
291	 * we defer the vm_locked accounting to the system workqueue.
292	 */
293	if (context->closing) {
294		if (!down_write_trylock(&mm->mmap_sem)) {
295			INIT_WORK(&umem->work, ib_umem_account);
296			umem->mm   = mm;
297			umem->diff = diff;
298
299			queue_work(ib_wq, &umem->work);
300			return;
301		}
302	} else
303		down_write(&mm->mmap_sem);
304
305	mm->pinned_vm -= diff;
306	up_write(&mm->mmap_sem);
307	mmput(mm);
308out:
309	kfree(umem);
310}
311EXPORT_SYMBOL(ib_umem_release);
312
313int ib_umem_page_count(struct ib_umem *umem)
314{
315	int shift;
316	int i;
317	int n;
318	struct scatterlist *sg;
319
320	if (umem->odp_data)
321		return ib_umem_num_pages(umem);
322
323	shift = ilog2(umem->page_size);
324
325	n = 0;
326	for_each_sg(umem->sg_head.sgl, sg, umem->nmap, i)
327		n += sg_dma_len(sg) >> shift;
328
329	return n;
330}
331EXPORT_SYMBOL(ib_umem_page_count);
332
333/*
334 * Copy from the given ib_umem's pages to the given buffer.
335 *
336 * umem - the umem to copy from
337 * offset - offset to start copying from
338 * dst - destination buffer
339 * length - buffer length
340 *
341 * Returns 0 on success, or an error code.
342 */
343int ib_umem_copy_from(void *dst, struct ib_umem *umem, size_t offset,
344		      size_t length)
345{
346	size_t end = offset + length;
347	int ret;
348
349	if (offset > umem->length || length > umem->length - offset) {
350		pr_err("ib_umem_copy_from not in range. offset: %zd umem length: %zd end: %zd\n",
351		       offset, umem->length, end);
352		return -EINVAL;
353	}
354
355	ret = sg_pcopy_to_buffer(umem->sg_head.sgl, umem->nmap, dst, length,
356				 offset + ib_umem_offset(umem));
357
358	if (ret < 0)
359		return ret;
360	else if (ret != length)
361		return -EINVAL;
362	else
363		return 0;
364}
365EXPORT_SYMBOL(ib_umem_copy_from);
366