1/* 2 * Copyright (c) 2005 Topspin Communications. All rights reserved. 3 * Copyright (c) 2005, 2006 Cisco Systems. All rights reserved. 4 * Copyright (c) 2005 Mellanox Technologies. All rights reserved. 5 * Copyright (c) 2005 Voltaire, Inc. All rights reserved. 6 * Copyright (c) 2005 PathScale, Inc. All rights reserved. 7 * 8 * This software is available to you under a choice of one of two 9 * licenses. You may choose to be licensed under the terms of the GNU 10 * General Public License (GPL) Version 2, available from the file 11 * COPYING in the main directory of this source tree, or the 12 * OpenIB.org BSD license below: 13 * 14 * Redistribution and use in source and binary forms, with or 15 * without modification, are permitted provided that the following 16 * conditions are met: 17 * 18 * - Redistributions of source code must retain the above 19 * copyright notice, this list of conditions and the following 20 * disclaimer. 21 * 22 * - Redistributions in binary form must reproduce the above 23 * copyright notice, this list of conditions and the following 24 * disclaimer in the documentation and/or other materials 25 * provided with the distribution. 26 * 27 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 28 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 29 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 30 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 31 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 32 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 33 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 34 * SOFTWARE. 35 */ 36 37#include <linux/module.h> 38#include <linux/init.h> 39#include <linux/device.h> 40#include <linux/err.h> 41#include <linux/fs.h> 42#include <linux/poll.h> 43#include <linux/sched.h> 44#include <linux/file.h> 45#include <linux/cdev.h> 46#include <linux/anon_inodes.h> 47#include <linux/slab.h> 48 49#include <asm/uaccess.h> 50 51#include <rdma/ib.h> 52 53#include "uverbs.h" 54 55MODULE_AUTHOR("Roland Dreier"); 56MODULE_DESCRIPTION("InfiniBand userspace verbs access"); 57MODULE_LICENSE("Dual BSD/GPL"); 58 59enum { 60 IB_UVERBS_MAJOR = 231, 61 IB_UVERBS_BASE_MINOR = 192, 62 IB_UVERBS_MAX_DEVICES = 32 63}; 64 65#define IB_UVERBS_BASE_DEV MKDEV(IB_UVERBS_MAJOR, IB_UVERBS_BASE_MINOR) 66 67static struct class *uverbs_class; 68 69DEFINE_SPINLOCK(ib_uverbs_idr_lock); 70DEFINE_IDR(ib_uverbs_pd_idr); 71DEFINE_IDR(ib_uverbs_mr_idr); 72DEFINE_IDR(ib_uverbs_mw_idr); 73DEFINE_IDR(ib_uverbs_ah_idr); 74DEFINE_IDR(ib_uverbs_cq_idr); 75DEFINE_IDR(ib_uverbs_qp_idr); 76DEFINE_IDR(ib_uverbs_srq_idr); 77DEFINE_IDR(ib_uverbs_xrcd_idr); 78DEFINE_IDR(ib_uverbs_rule_idr); 79 80static DEFINE_SPINLOCK(map_lock); 81static DECLARE_BITMAP(dev_map, IB_UVERBS_MAX_DEVICES); 82 83static ssize_t (*uverbs_cmd_table[])(struct ib_uverbs_file *file, 84 const char __user *buf, int in_len, 85 int out_len) = { 86 [IB_USER_VERBS_CMD_GET_CONTEXT] = ib_uverbs_get_context, 87 [IB_USER_VERBS_CMD_QUERY_DEVICE] = ib_uverbs_query_device, 88 [IB_USER_VERBS_CMD_QUERY_PORT] = ib_uverbs_query_port, 89 [IB_USER_VERBS_CMD_ALLOC_PD] = ib_uverbs_alloc_pd, 90 [IB_USER_VERBS_CMD_DEALLOC_PD] = ib_uverbs_dealloc_pd, 91 [IB_USER_VERBS_CMD_REG_MR] = ib_uverbs_reg_mr, 92 [IB_USER_VERBS_CMD_REREG_MR] = ib_uverbs_rereg_mr, 93 [IB_USER_VERBS_CMD_DEREG_MR] = ib_uverbs_dereg_mr, 94 [IB_USER_VERBS_CMD_ALLOC_MW] = ib_uverbs_alloc_mw, 95 [IB_USER_VERBS_CMD_DEALLOC_MW] = ib_uverbs_dealloc_mw, 96 [IB_USER_VERBS_CMD_CREATE_COMP_CHANNEL] = ib_uverbs_create_comp_channel, 97 [IB_USER_VERBS_CMD_CREATE_CQ] = ib_uverbs_create_cq, 98 [IB_USER_VERBS_CMD_RESIZE_CQ] = ib_uverbs_resize_cq, 99 [IB_USER_VERBS_CMD_POLL_CQ] = ib_uverbs_poll_cq, 100 [IB_USER_VERBS_CMD_REQ_NOTIFY_CQ] = ib_uverbs_req_notify_cq, 101 [IB_USER_VERBS_CMD_DESTROY_CQ] = ib_uverbs_destroy_cq, 102 [IB_USER_VERBS_CMD_CREATE_QP] = ib_uverbs_create_qp, 103 [IB_USER_VERBS_CMD_QUERY_QP] = ib_uverbs_query_qp, 104 [IB_USER_VERBS_CMD_MODIFY_QP] = ib_uverbs_modify_qp, 105 [IB_USER_VERBS_CMD_DESTROY_QP] = ib_uverbs_destroy_qp, 106 [IB_USER_VERBS_CMD_POST_SEND] = ib_uverbs_post_send, 107 [IB_USER_VERBS_CMD_POST_RECV] = ib_uverbs_post_recv, 108 [IB_USER_VERBS_CMD_POST_SRQ_RECV] = ib_uverbs_post_srq_recv, 109 [IB_USER_VERBS_CMD_CREATE_AH] = ib_uverbs_create_ah, 110 [IB_USER_VERBS_CMD_DESTROY_AH] = ib_uverbs_destroy_ah, 111 [IB_USER_VERBS_CMD_ATTACH_MCAST] = ib_uverbs_attach_mcast, 112 [IB_USER_VERBS_CMD_DETACH_MCAST] = ib_uverbs_detach_mcast, 113 [IB_USER_VERBS_CMD_CREATE_SRQ] = ib_uverbs_create_srq, 114 [IB_USER_VERBS_CMD_MODIFY_SRQ] = ib_uverbs_modify_srq, 115 [IB_USER_VERBS_CMD_QUERY_SRQ] = ib_uverbs_query_srq, 116 [IB_USER_VERBS_CMD_DESTROY_SRQ] = ib_uverbs_destroy_srq, 117 [IB_USER_VERBS_CMD_OPEN_XRCD] = ib_uverbs_open_xrcd, 118 [IB_USER_VERBS_CMD_CLOSE_XRCD] = ib_uverbs_close_xrcd, 119 [IB_USER_VERBS_CMD_CREATE_XSRQ] = ib_uverbs_create_xsrq, 120 [IB_USER_VERBS_CMD_OPEN_QP] = ib_uverbs_open_qp, 121}; 122 123static int (*uverbs_ex_cmd_table[])(struct ib_uverbs_file *file, 124 struct ib_udata *ucore, 125 struct ib_udata *uhw) = { 126 [IB_USER_VERBS_EX_CMD_CREATE_FLOW] = ib_uverbs_ex_create_flow, 127 [IB_USER_VERBS_EX_CMD_DESTROY_FLOW] = ib_uverbs_ex_destroy_flow, 128 [IB_USER_VERBS_EX_CMD_QUERY_DEVICE] = ib_uverbs_ex_query_device, 129}; 130 131static void ib_uverbs_add_one(struct ib_device *device); 132static void ib_uverbs_remove_one(struct ib_device *device); 133 134static void ib_uverbs_release_dev(struct kobject *kobj) 135{ 136 struct ib_uverbs_device *dev = 137 container_of(kobj, struct ib_uverbs_device, kobj); 138 139 kfree(dev); 140} 141 142static struct kobj_type ib_uverbs_dev_ktype = { 143 .release = ib_uverbs_release_dev, 144}; 145 146static void ib_uverbs_release_event_file(struct kref *ref) 147{ 148 struct ib_uverbs_event_file *file = 149 container_of(ref, struct ib_uverbs_event_file, ref); 150 151 kfree(file); 152} 153 154void ib_uverbs_release_ucq(struct ib_uverbs_file *file, 155 struct ib_uverbs_event_file *ev_file, 156 struct ib_ucq_object *uobj) 157{ 158 struct ib_uverbs_event *evt, *tmp; 159 160 if (ev_file) { 161 spin_lock_irq(&ev_file->lock); 162 list_for_each_entry_safe(evt, tmp, &uobj->comp_list, obj_list) { 163 list_del(&evt->list); 164 kfree(evt); 165 } 166 spin_unlock_irq(&ev_file->lock); 167 168 kref_put(&ev_file->ref, ib_uverbs_release_event_file); 169 } 170 171 spin_lock_irq(&file->async_file->lock); 172 list_for_each_entry_safe(evt, tmp, &uobj->async_list, obj_list) { 173 list_del(&evt->list); 174 kfree(evt); 175 } 176 spin_unlock_irq(&file->async_file->lock); 177} 178 179void ib_uverbs_release_uevent(struct ib_uverbs_file *file, 180 struct ib_uevent_object *uobj) 181{ 182 struct ib_uverbs_event *evt, *tmp; 183 184 spin_lock_irq(&file->async_file->lock); 185 list_for_each_entry_safe(evt, tmp, &uobj->event_list, obj_list) { 186 list_del(&evt->list); 187 kfree(evt); 188 } 189 spin_unlock_irq(&file->async_file->lock); 190} 191 192static void ib_uverbs_detach_umcast(struct ib_qp *qp, 193 struct ib_uqp_object *uobj) 194{ 195 struct ib_uverbs_mcast_entry *mcast, *tmp; 196 197 list_for_each_entry_safe(mcast, tmp, &uobj->mcast_list, list) { 198 ib_detach_mcast(qp, &mcast->gid, mcast->lid); 199 list_del(&mcast->list); 200 kfree(mcast); 201 } 202} 203 204static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file, 205 struct ib_ucontext *context) 206{ 207 struct ib_uobject *uobj, *tmp; 208 209 if (!context) 210 return 0; 211 212 context->closing = 1; 213 214 list_for_each_entry_safe(uobj, tmp, &context->ah_list, list) { 215 struct ib_ah *ah = uobj->object; 216 217 idr_remove_uobj(&ib_uverbs_ah_idr, uobj); 218 ib_destroy_ah(ah); 219 kfree(uobj); 220 } 221 222 /* Remove MWs before QPs, in order to support type 2A MWs. */ 223 list_for_each_entry_safe(uobj, tmp, &context->mw_list, list) { 224 struct ib_mw *mw = uobj->object; 225 226 idr_remove_uobj(&ib_uverbs_mw_idr, uobj); 227 ib_dealloc_mw(mw); 228 kfree(uobj); 229 } 230 231 list_for_each_entry_safe(uobj, tmp, &context->rule_list, list) { 232 struct ib_flow *flow_id = uobj->object; 233 234 idr_remove_uobj(&ib_uverbs_rule_idr, uobj); 235 ib_destroy_flow(flow_id); 236 kfree(uobj); 237 } 238 239 list_for_each_entry_safe(uobj, tmp, &context->qp_list, list) { 240 struct ib_qp *qp = uobj->object; 241 struct ib_uqp_object *uqp = 242 container_of(uobj, struct ib_uqp_object, uevent.uobject); 243 244 idr_remove_uobj(&ib_uverbs_qp_idr, uobj); 245 if (qp != qp->real_qp) { 246 ib_close_qp(qp); 247 } else { 248 ib_uverbs_detach_umcast(qp, uqp); 249 ib_destroy_qp(qp); 250 } 251 ib_uverbs_release_uevent(file, &uqp->uevent); 252 kfree(uqp); 253 } 254 255 list_for_each_entry_safe(uobj, tmp, &context->srq_list, list) { 256 struct ib_srq *srq = uobj->object; 257 struct ib_uevent_object *uevent = 258 container_of(uobj, struct ib_uevent_object, uobject); 259 260 idr_remove_uobj(&ib_uverbs_srq_idr, uobj); 261 ib_destroy_srq(srq); 262 ib_uverbs_release_uevent(file, uevent); 263 kfree(uevent); 264 } 265 266 list_for_each_entry_safe(uobj, tmp, &context->cq_list, list) { 267 struct ib_cq *cq = uobj->object; 268 struct ib_uverbs_event_file *ev_file = cq->cq_context; 269 struct ib_ucq_object *ucq = 270 container_of(uobj, struct ib_ucq_object, uobject); 271 272 idr_remove_uobj(&ib_uverbs_cq_idr, uobj); 273 ib_destroy_cq(cq); 274 ib_uverbs_release_ucq(file, ev_file, ucq); 275 kfree(ucq); 276 } 277 278 list_for_each_entry_safe(uobj, tmp, &context->mr_list, list) { 279 struct ib_mr *mr = uobj->object; 280 281 idr_remove_uobj(&ib_uverbs_mr_idr, uobj); 282 ib_dereg_mr(mr); 283 kfree(uobj); 284 } 285 286 mutex_lock(&file->device->xrcd_tree_mutex); 287 list_for_each_entry_safe(uobj, tmp, &context->xrcd_list, list) { 288 struct ib_xrcd *xrcd = uobj->object; 289 struct ib_uxrcd_object *uxrcd = 290 container_of(uobj, struct ib_uxrcd_object, uobject); 291 292 idr_remove_uobj(&ib_uverbs_xrcd_idr, uobj); 293 ib_uverbs_dealloc_xrcd(file->device, xrcd); 294 kfree(uxrcd); 295 } 296 mutex_unlock(&file->device->xrcd_tree_mutex); 297 298 list_for_each_entry_safe(uobj, tmp, &context->pd_list, list) { 299 struct ib_pd *pd = uobj->object; 300 301 idr_remove_uobj(&ib_uverbs_pd_idr, uobj); 302 ib_dealloc_pd(pd); 303 kfree(uobj); 304 } 305 306 put_pid(context->tgid); 307 308 return context->device->dealloc_ucontext(context); 309} 310 311static void ib_uverbs_comp_dev(struct ib_uverbs_device *dev) 312{ 313 complete(&dev->comp); 314} 315 316static void ib_uverbs_release_file(struct kref *ref) 317{ 318 struct ib_uverbs_file *file = 319 container_of(ref, struct ib_uverbs_file, ref); 320 321 module_put(file->device->ib_dev->owner); 322 if (atomic_dec_and_test(&file->device->refcount)) 323 ib_uverbs_comp_dev(file->device); 324 325 kfree(file); 326} 327 328static ssize_t ib_uverbs_event_read(struct file *filp, char __user *buf, 329 size_t count, loff_t *pos) 330{ 331 struct ib_uverbs_event_file *file = filp->private_data; 332 struct ib_uverbs_event *event; 333 int eventsz; 334 int ret = 0; 335 336 spin_lock_irq(&file->lock); 337 338 while (list_empty(&file->event_list)) { 339 spin_unlock_irq(&file->lock); 340 341 if (filp->f_flags & O_NONBLOCK) 342 return -EAGAIN; 343 344 if (wait_event_interruptible(file->poll_wait, 345 !list_empty(&file->event_list))) 346 return -ERESTARTSYS; 347 348 spin_lock_irq(&file->lock); 349 } 350 351 event = list_entry(file->event_list.next, struct ib_uverbs_event, list); 352 353 if (file->is_async) 354 eventsz = sizeof (struct ib_uverbs_async_event_desc); 355 else 356 eventsz = sizeof (struct ib_uverbs_comp_event_desc); 357 358 if (eventsz > count) { 359 ret = -EINVAL; 360 event = NULL; 361 } else { 362 list_del(file->event_list.next); 363 if (event->counter) { 364 ++(*event->counter); 365 list_del(&event->obj_list); 366 } 367 } 368 369 spin_unlock_irq(&file->lock); 370 371 if (event) { 372 if (copy_to_user(buf, event, eventsz)) 373 ret = -EFAULT; 374 else 375 ret = eventsz; 376 } 377 378 kfree(event); 379 380 return ret; 381} 382 383static unsigned int ib_uverbs_event_poll(struct file *filp, 384 struct poll_table_struct *wait) 385{ 386 unsigned int pollflags = 0; 387 struct ib_uverbs_event_file *file = filp->private_data; 388 389 poll_wait(filp, &file->poll_wait, wait); 390 391 spin_lock_irq(&file->lock); 392 if (!list_empty(&file->event_list)) 393 pollflags = POLLIN | POLLRDNORM; 394 spin_unlock_irq(&file->lock); 395 396 return pollflags; 397} 398 399static int ib_uverbs_event_fasync(int fd, struct file *filp, int on) 400{ 401 struct ib_uverbs_event_file *file = filp->private_data; 402 403 return fasync_helper(fd, filp, on, &file->async_queue); 404} 405 406static int ib_uverbs_event_close(struct inode *inode, struct file *filp) 407{ 408 struct ib_uverbs_event_file *file = filp->private_data; 409 struct ib_uverbs_event *entry, *tmp; 410 411 spin_lock_irq(&file->lock); 412 file->is_closed = 1; 413 list_for_each_entry_safe(entry, tmp, &file->event_list, list) { 414 if (entry->counter) 415 list_del(&entry->obj_list); 416 kfree(entry); 417 } 418 spin_unlock_irq(&file->lock); 419 420 if (file->is_async) { 421 ib_unregister_event_handler(&file->uverbs_file->event_handler); 422 kref_put(&file->uverbs_file->ref, ib_uverbs_release_file); 423 } 424 kref_put(&file->ref, ib_uverbs_release_event_file); 425 426 return 0; 427} 428 429static const struct file_operations uverbs_event_fops = { 430 .owner = THIS_MODULE, 431 .read = ib_uverbs_event_read, 432 .poll = ib_uverbs_event_poll, 433 .release = ib_uverbs_event_close, 434 .fasync = ib_uverbs_event_fasync, 435 .llseek = no_llseek, 436}; 437 438void ib_uverbs_comp_handler(struct ib_cq *cq, void *cq_context) 439{ 440 struct ib_uverbs_event_file *file = cq_context; 441 struct ib_ucq_object *uobj; 442 struct ib_uverbs_event *entry; 443 unsigned long flags; 444 445 if (!file) 446 return; 447 448 spin_lock_irqsave(&file->lock, flags); 449 if (file->is_closed) { 450 spin_unlock_irqrestore(&file->lock, flags); 451 return; 452 } 453 454 entry = kmalloc(sizeof *entry, GFP_ATOMIC); 455 if (!entry) { 456 spin_unlock_irqrestore(&file->lock, flags); 457 return; 458 } 459 460 uobj = container_of(cq->uobject, struct ib_ucq_object, uobject); 461 462 entry->desc.comp.cq_handle = cq->uobject->user_handle; 463 entry->counter = &uobj->comp_events_reported; 464 465 list_add_tail(&entry->list, &file->event_list); 466 list_add_tail(&entry->obj_list, &uobj->comp_list); 467 spin_unlock_irqrestore(&file->lock, flags); 468 469 wake_up_interruptible(&file->poll_wait); 470 kill_fasync(&file->async_queue, SIGIO, POLL_IN); 471} 472 473static void ib_uverbs_async_handler(struct ib_uverbs_file *file, 474 __u64 element, __u64 event, 475 struct list_head *obj_list, 476 u32 *counter) 477{ 478 struct ib_uverbs_event *entry; 479 unsigned long flags; 480 481 spin_lock_irqsave(&file->async_file->lock, flags); 482 if (file->async_file->is_closed) { 483 spin_unlock_irqrestore(&file->async_file->lock, flags); 484 return; 485 } 486 487 entry = kmalloc(sizeof *entry, GFP_ATOMIC); 488 if (!entry) { 489 spin_unlock_irqrestore(&file->async_file->lock, flags); 490 return; 491 } 492 493 entry->desc.async.element = element; 494 entry->desc.async.event_type = event; 495 entry->desc.async.reserved = 0; 496 entry->counter = counter; 497 498 list_add_tail(&entry->list, &file->async_file->event_list); 499 if (obj_list) 500 list_add_tail(&entry->obj_list, obj_list); 501 spin_unlock_irqrestore(&file->async_file->lock, flags); 502 503 wake_up_interruptible(&file->async_file->poll_wait); 504 kill_fasync(&file->async_file->async_queue, SIGIO, POLL_IN); 505} 506 507void ib_uverbs_cq_event_handler(struct ib_event *event, void *context_ptr) 508{ 509 struct ib_ucq_object *uobj = container_of(event->element.cq->uobject, 510 struct ib_ucq_object, uobject); 511 512 ib_uverbs_async_handler(uobj->uverbs_file, uobj->uobject.user_handle, 513 event->event, &uobj->async_list, 514 &uobj->async_events_reported); 515} 516 517void ib_uverbs_qp_event_handler(struct ib_event *event, void *context_ptr) 518{ 519 struct ib_uevent_object *uobj; 520 521 /* for XRC target qp's, check that qp is live */ 522 if (!event->element.qp->uobject || !event->element.qp->uobject->live) 523 return; 524 525 uobj = container_of(event->element.qp->uobject, 526 struct ib_uevent_object, uobject); 527 528 ib_uverbs_async_handler(context_ptr, uobj->uobject.user_handle, 529 event->event, &uobj->event_list, 530 &uobj->events_reported); 531} 532 533void ib_uverbs_srq_event_handler(struct ib_event *event, void *context_ptr) 534{ 535 struct ib_uevent_object *uobj; 536 537 uobj = container_of(event->element.srq->uobject, 538 struct ib_uevent_object, uobject); 539 540 ib_uverbs_async_handler(context_ptr, uobj->uobject.user_handle, 541 event->event, &uobj->event_list, 542 &uobj->events_reported); 543} 544 545void ib_uverbs_event_handler(struct ib_event_handler *handler, 546 struct ib_event *event) 547{ 548 struct ib_uverbs_file *file = 549 container_of(handler, struct ib_uverbs_file, event_handler); 550 551 ib_uverbs_async_handler(file, event->element.port_num, event->event, 552 NULL, NULL); 553} 554 555struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file, 556 int is_async) 557{ 558 struct ib_uverbs_event_file *ev_file; 559 struct file *filp; 560 561 ev_file = kmalloc(sizeof *ev_file, GFP_KERNEL); 562 if (!ev_file) 563 return ERR_PTR(-ENOMEM); 564 565 kref_init(&ev_file->ref); 566 spin_lock_init(&ev_file->lock); 567 INIT_LIST_HEAD(&ev_file->event_list); 568 init_waitqueue_head(&ev_file->poll_wait); 569 ev_file->uverbs_file = uverbs_file; 570 ev_file->async_queue = NULL; 571 ev_file->is_async = is_async; 572 ev_file->is_closed = 0; 573 574 filp = anon_inode_getfile("[infinibandevent]", &uverbs_event_fops, 575 ev_file, O_RDONLY); 576 if (IS_ERR(filp)) 577 kfree(ev_file); 578 579 return filp; 580} 581 582/* 583 * Look up a completion event file by FD. If lookup is successful, 584 * takes a ref to the event file struct that it returns; if 585 * unsuccessful, returns NULL. 586 */ 587struct ib_uverbs_event_file *ib_uverbs_lookup_comp_file(int fd) 588{ 589 struct ib_uverbs_event_file *ev_file = NULL; 590 struct fd f = fdget(fd); 591 592 if (!f.file) 593 return NULL; 594 595 if (f.file->f_op != &uverbs_event_fops) 596 goto out; 597 598 ev_file = f.file->private_data; 599 if (ev_file->is_async) { 600 ev_file = NULL; 601 goto out; 602 } 603 604 kref_get(&ev_file->ref); 605 606out: 607 fdput(f); 608 return ev_file; 609} 610 611static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf, 612 size_t count, loff_t *pos) 613{ 614 struct ib_uverbs_file *file = filp->private_data; 615 struct ib_uverbs_cmd_hdr hdr; 616 __u32 flags; 617 618 if (WARN_ON_ONCE(!ib_safe_file_access(filp))) 619 return -EACCES; 620 621 if (count < sizeof hdr) 622 return -EINVAL; 623 624 if (copy_from_user(&hdr, buf, sizeof hdr)) 625 return -EFAULT; 626 627 flags = (hdr.command & 628 IB_USER_VERBS_CMD_FLAGS_MASK) >> IB_USER_VERBS_CMD_FLAGS_SHIFT; 629 630 if (!flags) { 631 __u32 command; 632 633 if (hdr.command & ~(__u32)(IB_USER_VERBS_CMD_FLAGS_MASK | 634 IB_USER_VERBS_CMD_COMMAND_MASK)) 635 return -EINVAL; 636 637 command = hdr.command & IB_USER_VERBS_CMD_COMMAND_MASK; 638 639 if (command >= ARRAY_SIZE(uverbs_cmd_table) || 640 !uverbs_cmd_table[command]) 641 return -EINVAL; 642 643 if (!file->ucontext && 644 command != IB_USER_VERBS_CMD_GET_CONTEXT) 645 return -EINVAL; 646 647 if (!(file->device->ib_dev->uverbs_cmd_mask & (1ull << command))) 648 return -ENOSYS; 649 650 if (hdr.in_words * 4 != count) 651 return -EINVAL; 652 653 return uverbs_cmd_table[command](file, 654 buf + sizeof(hdr), 655 hdr.in_words * 4, 656 hdr.out_words * 4); 657 658 } else if (flags == IB_USER_VERBS_CMD_FLAG_EXTENDED) { 659 __u32 command; 660 661 struct ib_uverbs_ex_cmd_hdr ex_hdr; 662 struct ib_udata ucore; 663 struct ib_udata uhw; 664 int err; 665 size_t written_count = count; 666 667 if (hdr.command & ~(__u32)(IB_USER_VERBS_CMD_FLAGS_MASK | 668 IB_USER_VERBS_CMD_COMMAND_MASK)) 669 return -EINVAL; 670 671 command = hdr.command & IB_USER_VERBS_CMD_COMMAND_MASK; 672 673 if (command >= ARRAY_SIZE(uverbs_ex_cmd_table) || 674 !uverbs_ex_cmd_table[command]) 675 return -ENOSYS; 676 677 if (!file->ucontext) 678 return -EINVAL; 679 680 if (!(file->device->ib_dev->uverbs_ex_cmd_mask & (1ull << command))) 681 return -ENOSYS; 682 683 if (count < (sizeof(hdr) + sizeof(ex_hdr))) 684 return -EINVAL; 685 686 if (copy_from_user(&ex_hdr, buf + sizeof(hdr), sizeof(ex_hdr))) 687 return -EFAULT; 688 689 count -= sizeof(hdr) + sizeof(ex_hdr); 690 buf += sizeof(hdr) + sizeof(ex_hdr); 691 692 if ((hdr.in_words + ex_hdr.provider_in_words) * 8 != count) 693 return -EINVAL; 694 695 if (ex_hdr.cmd_hdr_reserved) 696 return -EINVAL; 697 698 if (ex_hdr.response) { 699 if (!hdr.out_words && !ex_hdr.provider_out_words) 700 return -EINVAL; 701 702 if (!access_ok(VERIFY_WRITE, 703 (void __user *) (unsigned long) ex_hdr.response, 704 (hdr.out_words + ex_hdr.provider_out_words) * 8)) 705 return -EFAULT; 706 } else { 707 if (hdr.out_words || ex_hdr.provider_out_words) 708 return -EINVAL; 709 } 710 711 INIT_UDATA_BUF_OR_NULL(&ucore, buf, (unsigned long) ex_hdr.response, 712 hdr.in_words * 8, hdr.out_words * 8); 713 714 INIT_UDATA_BUF_OR_NULL(&uhw, 715 buf + ucore.inlen, 716 (unsigned long) ex_hdr.response + ucore.outlen, 717 ex_hdr.provider_in_words * 8, 718 ex_hdr.provider_out_words * 8); 719 720 err = uverbs_ex_cmd_table[command](file, 721 &ucore, 722 &uhw); 723 724 if (err) 725 return err; 726 727 return written_count; 728 } 729 730 return -ENOSYS; 731} 732 733static int ib_uverbs_mmap(struct file *filp, struct vm_area_struct *vma) 734{ 735 struct ib_uverbs_file *file = filp->private_data; 736 737 if (!file->ucontext) 738 return -ENODEV; 739 else 740 return file->device->ib_dev->mmap(file->ucontext, vma); 741} 742 743/* 744 * ib_uverbs_open() does not need the BKL: 745 * 746 * - the ib_uverbs_device structures are properly reference counted and 747 * everything else is purely local to the file being created, so 748 * races against other open calls are not a problem; 749 * - there is no ioctl method to race against; 750 * - the open method will either immediately run -ENXIO, or all 751 * required initialization will be done. 752 */ 753static int ib_uverbs_open(struct inode *inode, struct file *filp) 754{ 755 struct ib_uverbs_device *dev; 756 struct ib_uverbs_file *file; 757 int ret; 758 759 dev = container_of(inode->i_cdev, struct ib_uverbs_device, cdev); 760 if (!atomic_inc_not_zero(&dev->refcount)) 761 return -ENXIO; 762 763 if (!try_module_get(dev->ib_dev->owner)) { 764 ret = -ENODEV; 765 goto err; 766 } 767 768 file = kmalloc(sizeof *file, GFP_KERNEL); 769 if (!file) { 770 ret = -ENOMEM; 771 goto err_module; 772 } 773 774 file->device = dev; 775 file->ucontext = NULL; 776 file->async_file = NULL; 777 kref_init(&file->ref); 778 mutex_init(&file->mutex); 779 780 filp->private_data = file; 781 kobject_get(&dev->kobj); 782 783 return nonseekable_open(inode, filp); 784 785err_module: 786 module_put(dev->ib_dev->owner); 787 788err: 789 if (atomic_dec_and_test(&dev->refcount)) 790 ib_uverbs_comp_dev(dev); 791 792 return ret; 793} 794 795static int ib_uverbs_close(struct inode *inode, struct file *filp) 796{ 797 struct ib_uverbs_file *file = filp->private_data; 798 struct ib_uverbs_device *dev = file->device; 799 800 ib_uverbs_cleanup_ucontext(file, file->ucontext); 801 802 if (file->async_file) 803 kref_put(&file->async_file->ref, ib_uverbs_release_event_file); 804 805 kref_put(&file->ref, ib_uverbs_release_file); 806 kobject_put(&dev->kobj); 807 808 return 0; 809} 810 811static const struct file_operations uverbs_fops = { 812 .owner = THIS_MODULE, 813 .write = ib_uverbs_write, 814 .open = ib_uverbs_open, 815 .release = ib_uverbs_close, 816 .llseek = no_llseek, 817}; 818 819static const struct file_operations uverbs_mmap_fops = { 820 .owner = THIS_MODULE, 821 .write = ib_uverbs_write, 822 .mmap = ib_uverbs_mmap, 823 .open = ib_uverbs_open, 824 .release = ib_uverbs_close, 825 .llseek = no_llseek, 826}; 827 828static struct ib_client uverbs_client = { 829 .name = "uverbs", 830 .add = ib_uverbs_add_one, 831 .remove = ib_uverbs_remove_one 832}; 833 834static ssize_t show_ibdev(struct device *device, struct device_attribute *attr, 835 char *buf) 836{ 837 struct ib_uverbs_device *dev = dev_get_drvdata(device); 838 839 if (!dev) 840 return -ENODEV; 841 842 return sprintf(buf, "%s\n", dev->ib_dev->name); 843} 844static DEVICE_ATTR(ibdev, S_IRUGO, show_ibdev, NULL); 845 846static ssize_t show_dev_abi_version(struct device *device, 847 struct device_attribute *attr, char *buf) 848{ 849 struct ib_uverbs_device *dev = dev_get_drvdata(device); 850 851 if (!dev) 852 return -ENODEV; 853 854 return sprintf(buf, "%d\n", dev->ib_dev->uverbs_abi_ver); 855} 856static DEVICE_ATTR(abi_version, S_IRUGO, show_dev_abi_version, NULL); 857 858static CLASS_ATTR_STRING(abi_version, S_IRUGO, 859 __stringify(IB_USER_VERBS_ABI_VERSION)); 860 861static dev_t overflow_maj; 862static DECLARE_BITMAP(overflow_map, IB_UVERBS_MAX_DEVICES); 863 864/* 865 * If we have more than IB_UVERBS_MAX_DEVICES, dynamically overflow by 866 * requesting a new major number and doubling the number of max devices we 867 * support. It's stupid, but simple. 868 */ 869static int find_overflow_devnum(void) 870{ 871 int ret; 872 873 if (!overflow_maj) { 874 ret = alloc_chrdev_region(&overflow_maj, 0, IB_UVERBS_MAX_DEVICES, 875 "infiniband_verbs"); 876 if (ret) { 877 printk(KERN_ERR "user_verbs: couldn't register dynamic device number\n"); 878 return ret; 879 } 880 } 881 882 ret = find_first_zero_bit(overflow_map, IB_UVERBS_MAX_DEVICES); 883 if (ret >= IB_UVERBS_MAX_DEVICES) 884 return -1; 885 886 return ret; 887} 888 889static void ib_uverbs_add_one(struct ib_device *device) 890{ 891 int devnum; 892 dev_t base; 893 struct ib_uverbs_device *uverbs_dev; 894 895 if (!device->alloc_ucontext) 896 return; 897 898 uverbs_dev = kzalloc(sizeof *uverbs_dev, GFP_KERNEL); 899 if (!uverbs_dev) 900 return; 901 902 atomic_set(&uverbs_dev->refcount, 1); 903 init_completion(&uverbs_dev->comp); 904 uverbs_dev->xrcd_tree = RB_ROOT; 905 mutex_init(&uverbs_dev->xrcd_tree_mutex); 906 kobject_init(&uverbs_dev->kobj, &ib_uverbs_dev_ktype); 907 908 spin_lock(&map_lock); 909 devnum = find_first_zero_bit(dev_map, IB_UVERBS_MAX_DEVICES); 910 if (devnum >= IB_UVERBS_MAX_DEVICES) { 911 spin_unlock(&map_lock); 912 devnum = find_overflow_devnum(); 913 if (devnum < 0) 914 goto err; 915 916 spin_lock(&map_lock); 917 uverbs_dev->devnum = devnum + IB_UVERBS_MAX_DEVICES; 918 base = devnum + overflow_maj; 919 set_bit(devnum, overflow_map); 920 } else { 921 uverbs_dev->devnum = devnum; 922 base = devnum + IB_UVERBS_BASE_DEV; 923 set_bit(devnum, dev_map); 924 } 925 spin_unlock(&map_lock); 926 927 uverbs_dev->ib_dev = device; 928 uverbs_dev->num_comp_vectors = device->num_comp_vectors; 929 930 cdev_init(&uverbs_dev->cdev, NULL); 931 uverbs_dev->cdev.owner = THIS_MODULE; 932 uverbs_dev->cdev.ops = device->mmap ? &uverbs_mmap_fops : &uverbs_fops; 933 uverbs_dev->cdev.kobj.parent = &uverbs_dev->kobj; 934 kobject_set_name(&uverbs_dev->cdev.kobj, "uverbs%d", uverbs_dev->devnum); 935 if (cdev_add(&uverbs_dev->cdev, base, 1)) 936 goto err_cdev; 937 938 uverbs_dev->dev = device_create(uverbs_class, device->dma_device, 939 uverbs_dev->cdev.dev, uverbs_dev, 940 "uverbs%d", uverbs_dev->devnum); 941 if (IS_ERR(uverbs_dev->dev)) 942 goto err_cdev; 943 944 if (device_create_file(uverbs_dev->dev, &dev_attr_ibdev)) 945 goto err_class; 946 if (device_create_file(uverbs_dev->dev, &dev_attr_abi_version)) 947 goto err_class; 948 949 ib_set_client_data(device, &uverbs_client, uverbs_dev); 950 951 return; 952 953err_class: 954 device_destroy(uverbs_class, uverbs_dev->cdev.dev); 955 956err_cdev: 957 cdev_del(&uverbs_dev->cdev); 958 if (uverbs_dev->devnum < IB_UVERBS_MAX_DEVICES) 959 clear_bit(devnum, dev_map); 960 else 961 clear_bit(devnum, overflow_map); 962 963err: 964 if (atomic_dec_and_test(&uverbs_dev->refcount)) 965 ib_uverbs_comp_dev(uverbs_dev); 966 wait_for_completion(&uverbs_dev->comp); 967 kobject_put(&uverbs_dev->kobj); 968 return; 969} 970 971static void ib_uverbs_remove_one(struct ib_device *device) 972{ 973 struct ib_uverbs_device *uverbs_dev = ib_get_client_data(device, &uverbs_client); 974 975 if (!uverbs_dev) 976 return; 977 978 dev_set_drvdata(uverbs_dev->dev, NULL); 979 device_destroy(uverbs_class, uverbs_dev->cdev.dev); 980 cdev_del(&uverbs_dev->cdev); 981 982 if (uverbs_dev->devnum < IB_UVERBS_MAX_DEVICES) 983 clear_bit(uverbs_dev->devnum, dev_map); 984 else 985 clear_bit(uverbs_dev->devnum - IB_UVERBS_MAX_DEVICES, overflow_map); 986 987 if (atomic_dec_and_test(&uverbs_dev->refcount)) 988 ib_uverbs_comp_dev(uverbs_dev); 989 wait_for_completion(&uverbs_dev->comp); 990 kobject_put(&uverbs_dev->kobj); 991} 992 993static char *uverbs_devnode(struct device *dev, umode_t *mode) 994{ 995 if (mode) 996 *mode = 0666; 997 return kasprintf(GFP_KERNEL, "infiniband/%s", dev_name(dev)); 998} 999 1000static int __init ib_uverbs_init(void) 1001{ 1002 int ret; 1003 1004 ret = register_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES, 1005 "infiniband_verbs"); 1006 if (ret) { 1007 printk(KERN_ERR "user_verbs: couldn't register device number\n"); 1008 goto out; 1009 } 1010 1011 uverbs_class = class_create(THIS_MODULE, "infiniband_verbs"); 1012 if (IS_ERR(uverbs_class)) { 1013 ret = PTR_ERR(uverbs_class); 1014 printk(KERN_ERR "user_verbs: couldn't create class infiniband_verbs\n"); 1015 goto out_chrdev; 1016 } 1017 1018 uverbs_class->devnode = uverbs_devnode; 1019 1020 ret = class_create_file(uverbs_class, &class_attr_abi_version.attr); 1021 if (ret) { 1022 printk(KERN_ERR "user_verbs: couldn't create abi_version attribute\n"); 1023 goto out_class; 1024 } 1025 1026 ret = ib_register_client(&uverbs_client); 1027 if (ret) { 1028 printk(KERN_ERR "user_verbs: couldn't register client\n"); 1029 goto out_class; 1030 } 1031 1032 return 0; 1033 1034out_class: 1035 class_destroy(uverbs_class); 1036 1037out_chrdev: 1038 unregister_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES); 1039 1040out: 1041 return ret; 1042} 1043 1044static void __exit ib_uverbs_cleanup(void) 1045{ 1046 ib_unregister_client(&uverbs_client); 1047 class_destroy(uverbs_class); 1048 unregister_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES); 1049 if (overflow_maj) 1050 unregister_chrdev_region(overflow_maj, IB_UVERBS_MAX_DEVICES); 1051 idr_destroy(&ib_uverbs_pd_idr); 1052 idr_destroy(&ib_uverbs_mr_idr); 1053 idr_destroy(&ib_uverbs_mw_idr); 1054 idr_destroy(&ib_uverbs_ah_idr); 1055 idr_destroy(&ib_uverbs_cq_idr); 1056 idr_destroy(&ib_uverbs_qp_idr); 1057 idr_destroy(&ib_uverbs_srq_idr); 1058} 1059 1060module_init(ib_uverbs_init); 1061module_exit(ib_uverbs_cleanup); 1062