tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/*
2 * Copyright (c) 2005 Topspin Communications. All rights reserved.
3 * Copyright (c) 2005, 2006, 2007 Cisco Systems. All rights reserved.
4 * Copyright (c) 2005 PathScale, Inc. All rights reserved.
5 * Copyright (c) 2006 Mellanox Technologies. All rights reserved.
6 *
7 * This software is available to you under a choice of one of two
8 * licenses. You may choose to be licensed under the terms of the GNU
9 * General Public License (GPL) Version 2, available from the file
10 * COPYING in the main directory of this source tree, or the
11 * OpenIB.org BSD license below:
12 *
13 * Redistribution and use in source and binary forms, with or
14 * without modification, are permitted provided that the following
15 * conditions are met:
16 *
17 * - Redistributions of source code must retain the above
18 * copyright notice, this list of conditions and the following
19 * disclaimer.
20 *
21 * - Redistributions in binary form must reproduce the above
22 * copyright notice, this list of conditions and the following
23 * disclaimer in the documentation and/or other materials
24 * provided with the distribution.
25 *
26 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
27 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
28 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
29 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
30 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
31 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
32 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
33 * SOFTWARE.
34 *
35 * $Id: uverbs_cmd.c 2708 2005-06-24 17:27:21Z roland $
36 */
37
38#include <linux/file.h>
39#include <linux/fs.h>
40
41#include <asm/uaccess.h>
42
43#include "uverbs.h"
44
45static struct lock_class_key pd_lock_key;
46static struct lock_class_key mr_lock_key;
47static struct lock_class_key cq_lock_key;
48static struct lock_class_key qp_lock_key;
49static struct lock_class_key ah_lock_key;
50static struct lock_class_key srq_lock_key;
51
52#define INIT_UDATA(udata, ibuf, obuf, ilen, olen) \
53 do { \
54 (udata)->inbuf = (void __user *) (ibuf); \
55 (udata)->outbuf = (void __user *) (obuf); \
56 (udata)->inlen = (ilen); \
57 (udata)->outlen = (olen); \
58 } while (0)
59
60/*
61 * The ib_uobject locking scheme is as follows:
62 *
63 * - ib_uverbs_idr_lock protects the uverbs idrs themselves, so it
64 * needs to be held during all idr operations. When an object is
65 * looked up, a reference must be taken on the object's kref before
66 * dropping this lock.
67 *
68 * - Each object also has an rwsem. This rwsem must be held for
69 * reading while an operation that uses the object is performed.
70 * For example, while registering an MR, the associated PD's
71 * uobject.mutex must be held for reading. The rwsem must be held
72 * for writing while initializing or destroying an object.
73 *
74 * - In addition, each object has a "live" flag. If this flag is not
75 * set, then lookups of the object will fail even if it is found in
76 * the idr. This handles a reader that blocks and does not acquire
77 * the rwsem until after the object is destroyed. The destroy
78 * operation will set the live flag to 0 and then drop the rwsem;
79 * this will allow the reader to acquire the rwsem, see that the
80 * live flag is 0, and then drop the rwsem and its reference to
81 * object. The underlying storage will not be freed until the last
82 * reference to the object is dropped.
83 */
84
85static void init_uobj(struct ib_uobject *uobj, u64 user_handle,
86 struct ib_ucontext *context, struct lock_class_key *key)
87{
88 uobj->user_handle = user_handle;
89 uobj->context = context;
90 kref_init(&uobj->ref);
91 init_rwsem(&uobj->mutex);
92 lockdep_set_class(&uobj->mutex, key);
93 uobj->live = 0;
94}
95
96static void release_uobj(struct kref *kref)
97{
98 kfree(container_of(kref, struct ib_uobject, ref));
99}
100
101static void put_uobj(struct ib_uobject *uobj)
102{
103 kref_put(&uobj->ref, release_uobj);
104}
105
106static void put_uobj_read(struct ib_uobject *uobj)
107{
108 up_read(&uobj->mutex);
109 put_uobj(uobj);
110}
111
112static void put_uobj_write(struct ib_uobject *uobj)
113{
114 up_write(&uobj->mutex);
115 put_uobj(uobj);
116}
117
118static int idr_add_uobj(struct idr *idr, struct ib_uobject *uobj)
119{
120 int ret;
121
122retry:
123 if (!idr_pre_get(idr, GFP_KERNEL))
124 return -ENOMEM;
125
126 spin_lock(&ib_uverbs_idr_lock);
127 ret = idr_get_new(idr, uobj, &uobj->id);
128 spin_unlock(&ib_uverbs_idr_lock);
129
130 if (ret == -EAGAIN)
131 goto retry;
132
133 return ret;
134}
135
136void idr_remove_uobj(struct idr *idr, struct ib_uobject *uobj)
137{
138 spin_lock(&ib_uverbs_idr_lock);
139 idr_remove(idr, uobj->id);
140 spin_unlock(&ib_uverbs_idr_lock);
141}
142
143static struct ib_uobject *__idr_get_uobj(struct idr *idr, int id,
144 struct ib_ucontext *context)
145{
146 struct ib_uobject *uobj;
147
148 spin_lock(&ib_uverbs_idr_lock);
149 uobj = idr_find(idr, id);
150 if (uobj) {
151 if (uobj->context == context)
152 kref_get(&uobj->ref);
153 else
154 uobj = NULL;
155 }
156 spin_unlock(&ib_uverbs_idr_lock);
157
158 return uobj;
159}
160
161static struct ib_uobject *idr_read_uobj(struct idr *idr, int id,
162 struct ib_ucontext *context, int nested)
163{
164 struct ib_uobject *uobj;
165
166 uobj = __idr_get_uobj(idr, id, context);
167 if (!uobj)
168 return NULL;
169
170 if (nested)
171 down_read_nested(&uobj->mutex, SINGLE_DEPTH_NESTING);
172 else
173 down_read(&uobj->mutex);
174 if (!uobj->live) {
175 put_uobj_read(uobj);
176 return NULL;
177 }
178
179 return uobj;
180}
181
182static struct ib_uobject *idr_write_uobj(struct idr *idr, int id,
183 struct ib_ucontext *context)
184{
185 struct ib_uobject *uobj;
186
187 uobj = __idr_get_uobj(idr, id, context);
188 if (!uobj)
189 return NULL;
190
191 down_write(&uobj->mutex);
192 if (!uobj->live) {
193 put_uobj_write(uobj);
194 return NULL;
195 }
196
197 return uobj;
198}
199
200static void *idr_read_obj(struct idr *idr, int id, struct ib_ucontext *context,
201 int nested)
202{
203 struct ib_uobject *uobj;
204
205 uobj = idr_read_uobj(idr, id, context, nested);
206 return uobj ? uobj->object : NULL;
207}
208
209static struct ib_pd *idr_read_pd(int pd_handle, struct ib_ucontext *context)
210{
211 return idr_read_obj(&ib_uverbs_pd_idr, pd_handle, context, 0);
212}
213
214static void put_pd_read(struct ib_pd *pd)
215{
216 put_uobj_read(pd->uobject);
217}
218
219static struct ib_cq *idr_read_cq(int cq_handle, struct ib_ucontext *context, int nested)
220{
221 return idr_read_obj(&ib_uverbs_cq_idr, cq_handle, context, nested);
222}
223
224static void put_cq_read(struct ib_cq *cq)
225{
226 put_uobj_read(cq->uobject);
227}
228
229static struct ib_ah *idr_read_ah(int ah_handle, struct ib_ucontext *context)
230{
231 return idr_read_obj(&ib_uverbs_ah_idr, ah_handle, context, 0);
232}
233
234static void put_ah_read(struct ib_ah *ah)
235{
236 put_uobj_read(ah->uobject);
237}
238
239static struct ib_qp *idr_read_qp(int qp_handle, struct ib_ucontext *context)
240{
241 return idr_read_obj(&ib_uverbs_qp_idr, qp_handle, context, 0);
242}
243
244static void put_qp_read(struct ib_qp *qp)
245{
246 put_uobj_read(qp->uobject);
247}
248
249static struct ib_srq *idr_read_srq(int srq_handle, struct ib_ucontext *context)
250{
251 return idr_read_obj(&ib_uverbs_srq_idr, srq_handle, context, 0);
252}
253
254static void put_srq_read(struct ib_srq *srq)
255{
256 put_uobj_read(srq->uobject);
257}
258
259ssize_t ib_uverbs_get_context(struct ib_uverbs_file *file,
260 const char __user *buf,
261 int in_len, int out_len)
262{
263 struct ib_uverbs_get_context cmd;
264 struct ib_uverbs_get_context_resp resp;
265 struct ib_udata udata;
266 struct ib_device *ibdev = file->device->ib_dev;
267 struct ib_ucontext *ucontext;
268 struct file *filp;
269 int ret;
270
271 if (out_len < sizeof resp)
272 return -ENOSPC;
273
274 if (copy_from_user(&cmd, buf, sizeof cmd))
275 return -EFAULT;
276
277 mutex_lock(&file->mutex);
278
279 if (file->ucontext) {
280 ret = -EINVAL;
281 goto err;
282 }
283
284 INIT_UDATA(&udata, buf + sizeof cmd,
285 (unsigned long) cmd.response + sizeof resp,
286 in_len - sizeof cmd, out_len - sizeof resp);
287
288 ucontext = ibdev->alloc_ucontext(ibdev, &udata);
289 if (IS_ERR(ucontext)) {
290 ret = PTR_ERR(file->ucontext);
291 goto err;
292 }
293
294 ucontext->device = ibdev;
295 INIT_LIST_HEAD(&ucontext->pd_list);
296 INIT_LIST_HEAD(&ucontext->mr_list);
297 INIT_LIST_HEAD(&ucontext->mw_list);
298 INIT_LIST_HEAD(&ucontext->cq_list);
299 INIT_LIST_HEAD(&ucontext->qp_list);
300 INIT_LIST_HEAD(&ucontext->srq_list);
301 INIT_LIST_HEAD(&ucontext->ah_list);
302 ucontext->closing = 0;
303
304 resp.num_comp_vectors = file->device->num_comp_vectors;
305
306 filp = ib_uverbs_alloc_event_file(file, 1, &resp.async_fd);
307 if (IS_ERR(filp)) {
308 ret = PTR_ERR(filp);
309 goto err_free;
310 }
311
312 if (copy_to_user((void __user *) (unsigned long) cmd.response,
313 &resp, sizeof resp)) {
314 ret = -EFAULT;
315 goto err_file;
316 }
317
318 file->async_file = filp->private_data;
319
320 INIT_IB_EVENT_HANDLER(&file->event_handler, file->device->ib_dev,
321 ib_uverbs_event_handler);
322 ret = ib_register_event_handler(&file->event_handler);
323 if (ret)
324 goto err_file;
325
326 kref_get(&file->async_file->ref);
327 kref_get(&file->ref);
328 file->ucontext = ucontext;
329
330 fd_install(resp.async_fd, filp);
331
332 mutex_unlock(&file->mutex);
333
334 return in_len;
335
336err_file:
337 put_unused_fd(resp.async_fd);
338 fput(filp);
339
340err_free:
341 ibdev->dealloc_ucontext(ucontext);
342
343err:
344 mutex_unlock(&file->mutex);
345 return ret;
346}
347
348ssize_t ib_uverbs_query_device(struct ib_uverbs_file *file,
349 const char __user *buf,
350 int in_len, int out_len)
351{
352 struct ib_uverbs_query_device cmd;
353 struct ib_uverbs_query_device_resp resp;
354 struct ib_device_attr attr;
355 int ret;
356
357 if (out_len < sizeof resp)
358 return -ENOSPC;
359
360 if (copy_from_user(&cmd, buf, sizeof cmd))
361 return -EFAULT;
362
363 ret = ib_query_device(file->device->ib_dev, &attr);
364 if (ret)
365 return ret;
366
367 memset(&resp, 0, sizeof resp);
368
369 resp.fw_ver = attr.fw_ver;
370 resp.node_guid = file->device->ib_dev->node_guid;
371 resp.sys_image_guid = attr.sys_image_guid;
372 resp.max_mr_size = attr.max_mr_size;
373 resp.page_size_cap = attr.page_size_cap;
374 resp.vendor_id = attr.vendor_id;
375 resp.vendor_part_id = attr.vendor_part_id;
376 resp.hw_ver = attr.hw_ver;
377 resp.max_qp = attr.max_qp;
378 resp.max_qp_wr = attr.max_qp_wr;
379 resp.device_cap_flags = attr.device_cap_flags;
380 resp.max_sge = attr.max_sge;
381 resp.max_sge_rd = attr.max_sge_rd;
382 resp.max_cq = attr.max_cq;
383 resp.max_cqe = attr.max_cqe;
384 resp.max_mr = attr.max_mr;
385 resp.max_pd = attr.max_pd;
386 resp.max_qp_rd_atom = attr.max_qp_rd_atom;
387 resp.max_ee_rd_atom = attr.max_ee_rd_atom;
388 resp.max_res_rd_atom = attr.max_res_rd_atom;
389 resp.max_qp_init_rd_atom = attr.max_qp_init_rd_atom;
390 resp.max_ee_init_rd_atom = attr.max_ee_init_rd_atom;
391 resp.atomic_cap = attr.atomic_cap;
392 resp.max_ee = attr.max_ee;
393 resp.max_rdd = attr.max_rdd;
394 resp.max_mw = attr.max_mw;
395 resp.max_raw_ipv6_qp = attr.max_raw_ipv6_qp;
396 resp.max_raw_ethy_qp = attr.max_raw_ethy_qp;
397 resp.max_mcast_grp = attr.max_mcast_grp;
398 resp.max_mcast_qp_attach = attr.max_mcast_qp_attach;
399 resp.max_total_mcast_qp_attach = attr.max_total_mcast_qp_attach;
400 resp.max_ah = attr.max_ah;
401 resp.max_fmr = attr.max_fmr;
402 resp.max_map_per_fmr = attr.max_map_per_fmr;
403 resp.max_srq = attr.max_srq;
404 resp.max_srq_wr = attr.max_srq_wr;
405 resp.max_srq_sge = attr.max_srq_sge;
406 resp.max_pkeys = attr.max_pkeys;
407 resp.local_ca_ack_delay = attr.local_ca_ack_delay;
408 resp.phys_port_cnt = file->device->ib_dev->phys_port_cnt;
409
410 if (copy_to_user((void __user *) (unsigned long) cmd.response,
411 &resp, sizeof resp))
412 return -EFAULT;
413
414 return in_len;
415}
416
417ssize_t ib_uverbs_query_port(struct ib_uverbs_file *file,
418 const char __user *buf,
419 int in_len, int out_len)
420{
421 struct ib_uverbs_query_port cmd;
422 struct ib_uverbs_query_port_resp resp;
423 struct ib_port_attr attr;
424 int ret;
425
426 if (out_len < sizeof resp)
427 return -ENOSPC;
428
429 if (copy_from_user(&cmd, buf, sizeof cmd))
430 return -EFAULT;
431
432 ret = ib_query_port(file->device->ib_dev, cmd.port_num, &attr);
433 if (ret)
434 return ret;
435
436 memset(&resp, 0, sizeof resp);
437
438 resp.state = attr.state;
439 resp.max_mtu = attr.max_mtu;
440 resp.active_mtu = attr.active_mtu;
441 resp.gid_tbl_len = attr.gid_tbl_len;
442 resp.port_cap_flags = attr.port_cap_flags;
443 resp.max_msg_sz = attr.max_msg_sz;
444 resp.bad_pkey_cntr = attr.bad_pkey_cntr;
445 resp.qkey_viol_cntr = attr.qkey_viol_cntr;
446 resp.pkey_tbl_len = attr.pkey_tbl_len;
447 resp.lid = attr.lid;
448 resp.sm_lid = attr.sm_lid;
449 resp.lmc = attr.lmc;
450 resp.max_vl_num = attr.max_vl_num;
451 resp.sm_sl = attr.sm_sl;
452 resp.subnet_timeout = attr.subnet_timeout;
453 resp.init_type_reply = attr.init_type_reply;
454 resp.active_width = attr.active_width;
455 resp.active_speed = attr.active_speed;
456 resp.phys_state = attr.phys_state;
457
458 if (copy_to_user((void __user *) (unsigned long) cmd.response,
459 &resp, sizeof resp))
460 return -EFAULT;
461
462 return in_len;
463}
464
465ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file,
466 const char __user *buf,
467 int in_len, int out_len)
468{
469 struct ib_uverbs_alloc_pd cmd;
470 struct ib_uverbs_alloc_pd_resp resp;
471 struct ib_udata udata;
472 struct ib_uobject *uobj;
473 struct ib_pd *pd;
474 int ret;
475
476 if (out_len < sizeof resp)
477 return -ENOSPC;
478
479 if (copy_from_user(&cmd, buf, sizeof cmd))
480 return -EFAULT;
481
482 INIT_UDATA(&udata, buf + sizeof cmd,
483 (unsigned long) cmd.response + sizeof resp,
484 in_len - sizeof cmd, out_len - sizeof resp);
485
486 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
487 if (!uobj)
488 return -ENOMEM;
489
490 init_uobj(uobj, 0, file->ucontext, &pd_lock_key);
491 down_write(&uobj->mutex);
492
493 pd = file->device->ib_dev->alloc_pd(file->device->ib_dev,
494 file->ucontext, &udata);
495 if (IS_ERR(pd)) {
496 ret = PTR_ERR(pd);
497 goto err;
498 }
499
500 pd->device = file->device->ib_dev;
501 pd->uobject = uobj;
502 atomic_set(&pd->usecnt, 0);
503
504 uobj->object = pd;
505 ret = idr_add_uobj(&ib_uverbs_pd_idr, uobj);
506 if (ret)
507 goto err_idr;
508
509 memset(&resp, 0, sizeof resp);
510 resp.pd_handle = uobj->id;
511
512 if (copy_to_user((void __user *) (unsigned long) cmd.response,
513 &resp, sizeof resp)) {
514 ret = -EFAULT;
515 goto err_copy;
516 }
517
518 mutex_lock(&file->mutex);
519 list_add_tail(&uobj->list, &file->ucontext->pd_list);
520 mutex_unlock(&file->mutex);
521
522 uobj->live = 1;
523
524 up_write(&uobj->mutex);
525
526 return in_len;
527
528err_copy:
529 idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
530
531err_idr:
532 ib_dealloc_pd(pd);
533
534err:
535 put_uobj_write(uobj);
536 return ret;
537}
538
539ssize_t ib_uverbs_dealloc_pd(struct ib_uverbs_file *file,
540 const char __user *buf,
541 int in_len, int out_len)
542{
543 struct ib_uverbs_dealloc_pd cmd;
544 struct ib_uobject *uobj;
545 int ret;
546
547 if (copy_from_user(&cmd, buf, sizeof cmd))
548 return -EFAULT;
549
550 uobj = idr_write_uobj(&ib_uverbs_pd_idr, cmd.pd_handle, file->ucontext);
551 if (!uobj)
552 return -EINVAL;
553
554 ret = ib_dealloc_pd(uobj->object);
555 if (!ret)
556 uobj->live = 0;
557
558 put_uobj_write(uobj);
559
560 if (ret)
561 return ret;
562
563 idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
564
565 mutex_lock(&file->mutex);
566 list_del(&uobj->list);
567 mutex_unlock(&file->mutex);
568
569 put_uobj(uobj);
570
571 return in_len;
572}
573
574ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file,
575 const char __user *buf, int in_len,
576 int out_len)
577{
578 struct ib_uverbs_reg_mr cmd;
579 struct ib_uverbs_reg_mr_resp resp;
580 struct ib_udata udata;
581 struct ib_uobject *uobj;
582 struct ib_pd *pd;
583 struct ib_mr *mr;
584 int ret;
585
586 if (out_len < sizeof resp)
587 return -ENOSPC;
588
589 if (copy_from_user(&cmd, buf, sizeof cmd))
590 return -EFAULT;
591
592 INIT_UDATA(&udata, buf + sizeof cmd,
593 (unsigned long) cmd.response + sizeof resp,
594 in_len - sizeof cmd, out_len - sizeof resp);
595
596 if ((cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK))
597 return -EINVAL;
598
599 /*
600 * Local write permission is required if remote write or
601 * remote atomic permission is also requested.
602 */
603 if (cmd.access_flags & (IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_REMOTE_WRITE) &&
604 !(cmd.access_flags & IB_ACCESS_LOCAL_WRITE))
605 return -EINVAL;
606
607 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
608 if (!uobj)
609 return -ENOMEM;
610
611 init_uobj(uobj, 0, file->ucontext, &mr_lock_key);
612 down_write(&uobj->mutex);
613
614 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
615 if (!pd) {
616 ret = -EINVAL;
617 goto err_free;
618 }
619
620 mr = pd->device->reg_user_mr(pd, cmd.start, cmd.length, cmd.hca_va,
621 cmd.access_flags, &udata);
622 if (IS_ERR(mr)) {
623 ret = PTR_ERR(mr);
624 goto err_put;
625 }
626
627 mr->device = pd->device;
628 mr->pd = pd;
629 mr->uobject = uobj;
630 atomic_inc(&pd->usecnt);
631 atomic_set(&mr->usecnt, 0);
632
633 uobj->object = mr;
634 ret = idr_add_uobj(&ib_uverbs_mr_idr, uobj);
635 if (ret)
636 goto err_unreg;
637
638 memset(&resp, 0, sizeof resp);
639 resp.lkey = mr->lkey;
640 resp.rkey = mr->rkey;
641 resp.mr_handle = uobj->id;
642
643 if (copy_to_user((void __user *) (unsigned long) cmd.response,
644 &resp, sizeof resp)) {
645 ret = -EFAULT;
646 goto err_copy;
647 }
648
649 put_pd_read(pd);
650
651 mutex_lock(&file->mutex);
652 list_add_tail(&uobj->list, &file->ucontext->mr_list);
653 mutex_unlock(&file->mutex);
654
655 uobj->live = 1;
656
657 up_write(&uobj->mutex);
658
659 return in_len;
660
661err_copy:
662 idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
663
664err_unreg:
665 ib_dereg_mr(mr);
666
667err_put:
668 put_pd_read(pd);
669
670err_free:
671 put_uobj_write(uobj);
672 return ret;
673}
674
675ssize_t ib_uverbs_dereg_mr(struct ib_uverbs_file *file,
676 const char __user *buf, int in_len,
677 int out_len)
678{
679 struct ib_uverbs_dereg_mr cmd;
680 struct ib_mr *mr;
681 struct ib_uobject *uobj;
682 int ret = -EINVAL;
683
684 if (copy_from_user(&cmd, buf, sizeof cmd))
685 return -EFAULT;
686
687 uobj = idr_write_uobj(&ib_uverbs_mr_idr, cmd.mr_handle, file->ucontext);
688 if (!uobj)
689 return -EINVAL;
690
691 mr = uobj->object;
692
693 ret = ib_dereg_mr(mr);
694 if (!ret)
695 uobj->live = 0;
696
697 put_uobj_write(uobj);
698
699 if (ret)
700 return ret;
701
702 idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
703
704 mutex_lock(&file->mutex);
705 list_del(&uobj->list);
706 mutex_unlock(&file->mutex);
707
708 put_uobj(uobj);
709
710 return in_len;
711}
712
713ssize_t ib_uverbs_create_comp_channel(struct ib_uverbs_file *file,
714 const char __user *buf, int in_len,
715 int out_len)
716{
717 struct ib_uverbs_create_comp_channel cmd;
718 struct ib_uverbs_create_comp_channel_resp resp;
719 struct file *filp;
720
721 if (out_len < sizeof resp)
722 return -ENOSPC;
723
724 if (copy_from_user(&cmd, buf, sizeof cmd))
725 return -EFAULT;
726
727 filp = ib_uverbs_alloc_event_file(file, 0, &resp.fd);
728 if (IS_ERR(filp))
729 return PTR_ERR(filp);
730
731 if (copy_to_user((void __user *) (unsigned long) cmd.response,
732 &resp, sizeof resp)) {
733 put_unused_fd(resp.fd);
734 fput(filp);
735 return -EFAULT;
736 }
737
738 fd_install(resp.fd, filp);
739 return in_len;
740}
741
742ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file,
743 const char __user *buf, int in_len,
744 int out_len)
745{
746 struct ib_uverbs_create_cq cmd;
747 struct ib_uverbs_create_cq_resp resp;
748 struct ib_udata udata;
749 struct ib_ucq_object *obj;
750 struct ib_uverbs_event_file *ev_file = NULL;
751 struct ib_cq *cq;
752 int ret;
753
754 if (out_len < sizeof resp)
755 return -ENOSPC;
756
757 if (copy_from_user(&cmd, buf, sizeof cmd))
758 return -EFAULT;
759
760 INIT_UDATA(&udata, buf + sizeof cmd,
761 (unsigned long) cmd.response + sizeof resp,
762 in_len - sizeof cmd, out_len - sizeof resp);
763
764 if (cmd.comp_vector >= file->device->num_comp_vectors)
765 return -EINVAL;
766
767 obj = kmalloc(sizeof *obj, GFP_KERNEL);
768 if (!obj)
769 return -ENOMEM;
770
771 init_uobj(&obj->uobject, cmd.user_handle, file->ucontext, &cq_lock_key);
772 down_write(&obj->uobject.mutex);
773
774 if (cmd.comp_channel >= 0) {
775 ev_file = ib_uverbs_lookup_comp_file(cmd.comp_channel);
776 if (!ev_file) {
777 ret = -EINVAL;
778 goto err;
779 }
780 }
781
782 obj->uverbs_file = file;
783 obj->comp_events_reported = 0;
784 obj->async_events_reported = 0;
785 INIT_LIST_HEAD(&obj->comp_list);
786 INIT_LIST_HEAD(&obj->async_list);
787
788 cq = file->device->ib_dev->create_cq(file->device->ib_dev, cmd.cqe,
789 cmd.comp_vector,
790 file->ucontext, &udata);
791 if (IS_ERR(cq)) {
792 ret = PTR_ERR(cq);
793 goto err_file;
794 }
795
796 cq->device = file->device->ib_dev;
797 cq->uobject = &obj->uobject;
798 cq->comp_handler = ib_uverbs_comp_handler;
799 cq->event_handler = ib_uverbs_cq_event_handler;
800 cq->cq_context = ev_file;
801 atomic_set(&cq->usecnt, 0);
802
803 obj->uobject.object = cq;
804 ret = idr_add_uobj(&ib_uverbs_cq_idr, &obj->uobject);
805 if (ret)
806 goto err_free;
807
808 memset(&resp, 0, sizeof resp);
809 resp.cq_handle = obj->uobject.id;
810 resp.cqe = cq->cqe;
811
812 if (copy_to_user((void __user *) (unsigned long) cmd.response,
813 &resp, sizeof resp)) {
814 ret = -EFAULT;
815 goto err_copy;
816 }
817
818 mutex_lock(&file->mutex);
819 list_add_tail(&obj->uobject.list, &file->ucontext->cq_list);
820 mutex_unlock(&file->mutex);
821
822 obj->uobject.live = 1;
823
824 up_write(&obj->uobject.mutex);
825
826 return in_len;
827
828err_copy:
829 idr_remove_uobj(&ib_uverbs_cq_idr, &obj->uobject);
830
831err_free:
832 ib_destroy_cq(cq);
833
834err_file:
835 if (ev_file)
836 ib_uverbs_release_ucq(file, ev_file, obj);
837
838err:
839 put_uobj_write(&obj->uobject);
840 return ret;
841}
842
843ssize_t ib_uverbs_resize_cq(struct ib_uverbs_file *file,
844 const char __user *buf, int in_len,
845 int out_len)
846{
847 struct ib_uverbs_resize_cq cmd;
848 struct ib_uverbs_resize_cq_resp resp;
849 struct ib_udata udata;
850 struct ib_cq *cq;
851 int ret = -EINVAL;
852
853 if (copy_from_user(&cmd, buf, sizeof cmd))
854 return -EFAULT;
855
856 INIT_UDATA(&udata, buf + sizeof cmd,
857 (unsigned long) cmd.response + sizeof resp,
858 in_len - sizeof cmd, out_len - sizeof resp);
859
860 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
861 if (!cq)
862 return -EINVAL;
863
864 ret = cq->device->resize_cq(cq, cmd.cqe, &udata);
865 if (ret)
866 goto out;
867
868 resp.cqe = cq->cqe;
869
870 if (copy_to_user((void __user *) (unsigned long) cmd.response,
871 &resp, sizeof resp.cqe))
872 ret = -EFAULT;
873
874out:
875 put_cq_read(cq);
876
877 return ret ? ret : in_len;
878}
879
880ssize_t ib_uverbs_poll_cq(struct ib_uverbs_file *file,
881 const char __user *buf, int in_len,
882 int out_len)
883{
884 struct ib_uverbs_poll_cq cmd;
885 struct ib_uverbs_poll_cq_resp *resp;
886 struct ib_cq *cq;
887 struct ib_wc *wc;
888 int ret = 0;
889 int i;
890 int rsize;
891
892 if (copy_from_user(&cmd, buf, sizeof cmd))
893 return -EFAULT;
894
895 wc = kmalloc(cmd.ne * sizeof *wc, GFP_KERNEL);
896 if (!wc)
897 return -ENOMEM;
898
899 rsize = sizeof *resp + cmd.ne * sizeof(struct ib_uverbs_wc);
900 resp = kmalloc(rsize, GFP_KERNEL);
901 if (!resp) {
902 ret = -ENOMEM;
903 goto out_wc;
904 }
905
906 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
907 if (!cq) {
908 ret = -EINVAL;
909 goto out;
910 }
911
912 resp->count = ib_poll_cq(cq, cmd.ne, wc);
913
914 put_cq_read(cq);
915
916 for (i = 0; i < resp->count; i++) {
917 resp->wc[i].wr_id = wc[i].wr_id;
918 resp->wc[i].status = wc[i].status;
919 resp->wc[i].opcode = wc[i].opcode;
920 resp->wc[i].vendor_err = wc[i].vendor_err;
921 resp->wc[i].byte_len = wc[i].byte_len;
922 resp->wc[i].imm_data = (__u32 __force) wc[i].imm_data;
923 resp->wc[i].qp_num = wc[i].qp->qp_num;
924 resp->wc[i].src_qp = wc[i].src_qp;
925 resp->wc[i].wc_flags = wc[i].wc_flags;
926 resp->wc[i].pkey_index = wc[i].pkey_index;
927 resp->wc[i].slid = wc[i].slid;
928 resp->wc[i].sl = wc[i].sl;
929 resp->wc[i].dlid_path_bits = wc[i].dlid_path_bits;
930 resp->wc[i].port_num = wc[i].port_num;
931 }
932
933 if (copy_to_user((void __user *) (unsigned long) cmd.response, resp, rsize))
934 ret = -EFAULT;
935
936out:
937 kfree(resp);
938
939out_wc:
940 kfree(wc);
941 return ret ? ret : in_len;
942}
943
944ssize_t ib_uverbs_req_notify_cq(struct ib_uverbs_file *file,
945 const char __user *buf, int in_len,
946 int out_len)
947{
948 struct ib_uverbs_req_notify_cq cmd;
949 struct ib_cq *cq;
950
951 if (copy_from_user(&cmd, buf, sizeof cmd))
952 return -EFAULT;
953
954 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
955 if (!cq)
956 return -EINVAL;
957
958 ib_req_notify_cq(cq, cmd.solicited_only ?
959 IB_CQ_SOLICITED : IB_CQ_NEXT_COMP);
960
961 put_cq_read(cq);
962
963 return in_len;
964}
965
966ssize_t ib_uverbs_destroy_cq(struct ib_uverbs_file *file,
967 const char __user *buf, int in_len,
968 int out_len)
969{
970 struct ib_uverbs_destroy_cq cmd;
971 struct ib_uverbs_destroy_cq_resp resp;
972 struct ib_uobject *uobj;
973 struct ib_cq *cq;
974 struct ib_ucq_object *obj;
975 struct ib_uverbs_event_file *ev_file;
976 int ret = -EINVAL;
977
978 if (copy_from_user(&cmd, buf, sizeof cmd))
979 return -EFAULT;
980
981 uobj = idr_write_uobj(&ib_uverbs_cq_idr, cmd.cq_handle, file->ucontext);
982 if (!uobj)
983 return -EINVAL;
984 cq = uobj->object;
985 ev_file = cq->cq_context;
986 obj = container_of(cq->uobject, struct ib_ucq_object, uobject);
987
988 ret = ib_destroy_cq(cq);
989 if (!ret)
990 uobj->live = 0;
991
992 put_uobj_write(uobj);
993
994 if (ret)
995 return ret;
996
997 idr_remove_uobj(&ib_uverbs_cq_idr, uobj);
998
999 mutex_lock(&file->mutex);
1000 list_del(&uobj->list);
1001 mutex_unlock(&file->mutex);
1002
1003 ib_uverbs_release_ucq(file, ev_file, obj);
1004
1005 memset(&resp, 0, sizeof resp);
1006 resp.comp_events_reported = obj->comp_events_reported;
1007 resp.async_events_reported = obj->async_events_reported;
1008
1009 put_uobj(uobj);
1010
1011 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1012 &resp, sizeof resp))
1013 return -EFAULT;
1014
1015 return in_len;
1016}
1017
1018ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
1019 const char __user *buf, int in_len,
1020 int out_len)
1021{
1022 struct ib_uverbs_create_qp cmd;
1023 struct ib_uverbs_create_qp_resp resp;
1024 struct ib_udata udata;
1025 struct ib_uqp_object *obj;
1026 struct ib_pd *pd;
1027 struct ib_cq *scq, *rcq;
1028 struct ib_srq *srq;
1029 struct ib_qp *qp;
1030 struct ib_qp_init_attr attr;
1031 int ret;
1032
1033 if (out_len < sizeof resp)
1034 return -ENOSPC;
1035
1036 if (copy_from_user(&cmd, buf, sizeof cmd))
1037 return -EFAULT;
1038
1039 INIT_UDATA(&udata, buf + sizeof cmd,
1040 (unsigned long) cmd.response + sizeof resp,
1041 in_len - sizeof cmd, out_len - sizeof resp);
1042
1043 obj = kmalloc(sizeof *obj, GFP_KERNEL);
1044 if (!obj)
1045 return -ENOMEM;
1046
1047 init_uobj(&obj->uevent.uobject, cmd.user_handle, file->ucontext, &qp_lock_key);
1048 down_write(&obj->uevent.uobject.mutex);
1049
1050 srq = cmd.is_srq ? idr_read_srq(cmd.srq_handle, file->ucontext) : NULL;
1051 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1052 scq = idr_read_cq(cmd.send_cq_handle, file->ucontext, 0);
1053 rcq = cmd.recv_cq_handle == cmd.send_cq_handle ?
1054 scq : idr_read_cq(cmd.recv_cq_handle, file->ucontext, 1);
1055
1056 if (!pd || !scq || !rcq || (cmd.is_srq && !srq)) {
1057 ret = -EINVAL;
1058 goto err_put;
1059 }
1060
1061 attr.event_handler = ib_uverbs_qp_event_handler;
1062 attr.qp_context = file;
1063 attr.send_cq = scq;
1064 attr.recv_cq = rcq;
1065 attr.srq = srq;
1066 attr.sq_sig_type = cmd.sq_sig_all ? IB_SIGNAL_ALL_WR : IB_SIGNAL_REQ_WR;
1067 attr.qp_type = cmd.qp_type;
1068 attr.create_flags = 0;
1069
1070 attr.cap.max_send_wr = cmd.max_send_wr;
1071 attr.cap.max_recv_wr = cmd.max_recv_wr;
1072 attr.cap.max_send_sge = cmd.max_send_sge;
1073 attr.cap.max_recv_sge = cmd.max_recv_sge;
1074 attr.cap.max_inline_data = cmd.max_inline_data;
1075
1076 obj->uevent.events_reported = 0;
1077 INIT_LIST_HEAD(&obj->uevent.event_list);
1078 INIT_LIST_HEAD(&obj->mcast_list);
1079
1080 qp = pd->device->create_qp(pd, &attr, &udata);
1081 if (IS_ERR(qp)) {
1082 ret = PTR_ERR(qp);
1083 goto err_put;
1084 }
1085
1086 qp->device = pd->device;
1087 qp->pd = pd;
1088 qp->send_cq = attr.send_cq;
1089 qp->recv_cq = attr.recv_cq;
1090 qp->srq = attr.srq;
1091 qp->uobject = &obj->uevent.uobject;
1092 qp->event_handler = attr.event_handler;
1093 qp->qp_context = attr.qp_context;
1094 qp->qp_type = attr.qp_type;
1095 atomic_inc(&pd->usecnt);
1096 atomic_inc(&attr.send_cq->usecnt);
1097 atomic_inc(&attr.recv_cq->usecnt);
1098 if (attr.srq)
1099 atomic_inc(&attr.srq->usecnt);
1100
1101 obj->uevent.uobject.object = qp;
1102 ret = idr_add_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
1103 if (ret)
1104 goto err_destroy;
1105
1106 memset(&resp, 0, sizeof resp);
1107 resp.qpn = qp->qp_num;
1108 resp.qp_handle = obj->uevent.uobject.id;
1109 resp.max_recv_sge = attr.cap.max_recv_sge;
1110 resp.max_send_sge = attr.cap.max_send_sge;
1111 resp.max_recv_wr = attr.cap.max_recv_wr;
1112 resp.max_send_wr = attr.cap.max_send_wr;
1113 resp.max_inline_data = attr.cap.max_inline_data;
1114
1115 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1116 &resp, sizeof resp)) {
1117 ret = -EFAULT;
1118 goto err_copy;
1119 }
1120
1121 put_pd_read(pd);
1122 put_cq_read(scq);
1123 if (rcq != scq)
1124 put_cq_read(rcq);
1125 if (srq)
1126 put_srq_read(srq);
1127
1128 mutex_lock(&file->mutex);
1129 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->qp_list);
1130 mutex_unlock(&file->mutex);
1131
1132 obj->uevent.uobject.live = 1;
1133
1134 up_write(&obj->uevent.uobject.mutex);
1135
1136 return in_len;
1137
1138err_copy:
1139 idr_remove_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
1140
1141err_destroy:
1142 ib_destroy_qp(qp);
1143
1144err_put:
1145 if (pd)
1146 put_pd_read(pd);
1147 if (scq)
1148 put_cq_read(scq);
1149 if (rcq && rcq != scq)
1150 put_cq_read(rcq);
1151 if (srq)
1152 put_srq_read(srq);
1153
1154 put_uobj_write(&obj->uevent.uobject);
1155 return ret;
1156}
1157
1158ssize_t ib_uverbs_query_qp(struct ib_uverbs_file *file,
1159 const char __user *buf, int in_len,
1160 int out_len)
1161{
1162 struct ib_uverbs_query_qp cmd;
1163 struct ib_uverbs_query_qp_resp resp;
1164 struct ib_qp *qp;
1165 struct ib_qp_attr *attr;
1166 struct ib_qp_init_attr *init_attr;
1167 int ret;
1168
1169 if (copy_from_user(&cmd, buf, sizeof cmd))
1170 return -EFAULT;
1171
1172 attr = kmalloc(sizeof *attr, GFP_KERNEL);
1173 init_attr = kmalloc(sizeof *init_attr, GFP_KERNEL);
1174 if (!attr || !init_attr) {
1175 ret = -ENOMEM;
1176 goto out;
1177 }
1178
1179 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
1180 if (!qp) {
1181 ret = -EINVAL;
1182 goto out;
1183 }
1184
1185 ret = ib_query_qp(qp, attr, cmd.attr_mask, init_attr);
1186
1187 put_qp_read(qp);
1188
1189 if (ret)
1190 goto out;
1191
1192 memset(&resp, 0, sizeof resp);
1193
1194 resp.qp_state = attr->qp_state;
1195 resp.cur_qp_state = attr->cur_qp_state;
1196 resp.path_mtu = attr->path_mtu;
1197 resp.path_mig_state = attr->path_mig_state;
1198 resp.qkey = attr->qkey;
1199 resp.rq_psn = attr->rq_psn;
1200 resp.sq_psn = attr->sq_psn;
1201 resp.dest_qp_num = attr->dest_qp_num;
1202 resp.qp_access_flags = attr->qp_access_flags;
1203 resp.pkey_index = attr->pkey_index;
1204 resp.alt_pkey_index = attr->alt_pkey_index;
1205 resp.sq_draining = attr->sq_draining;
1206 resp.max_rd_atomic = attr->max_rd_atomic;
1207 resp.max_dest_rd_atomic = attr->max_dest_rd_atomic;
1208 resp.min_rnr_timer = attr->min_rnr_timer;
1209 resp.port_num = attr->port_num;
1210 resp.timeout = attr->timeout;
1211 resp.retry_cnt = attr->retry_cnt;
1212 resp.rnr_retry = attr->rnr_retry;
1213 resp.alt_port_num = attr->alt_port_num;
1214 resp.alt_timeout = attr->alt_timeout;
1215
1216 memcpy(resp.dest.dgid, attr->ah_attr.grh.dgid.raw, 16);
1217 resp.dest.flow_label = attr->ah_attr.grh.flow_label;
1218 resp.dest.sgid_index = attr->ah_attr.grh.sgid_index;
1219 resp.dest.hop_limit = attr->ah_attr.grh.hop_limit;
1220 resp.dest.traffic_class = attr->ah_attr.grh.traffic_class;
1221 resp.dest.dlid = attr->ah_attr.dlid;
1222 resp.dest.sl = attr->ah_attr.sl;
1223 resp.dest.src_path_bits = attr->ah_attr.src_path_bits;
1224 resp.dest.static_rate = attr->ah_attr.static_rate;
1225 resp.dest.is_global = !!(attr->ah_attr.ah_flags & IB_AH_GRH);
1226 resp.dest.port_num = attr->ah_attr.port_num;
1227
1228 memcpy(resp.alt_dest.dgid, attr->alt_ah_attr.grh.dgid.raw, 16);
1229 resp.alt_dest.flow_label = attr->alt_ah_attr.grh.flow_label;
1230 resp.alt_dest.sgid_index = attr->alt_ah_attr.grh.sgid_index;
1231 resp.alt_dest.hop_limit = attr->alt_ah_attr.grh.hop_limit;
1232 resp.alt_dest.traffic_class = attr->alt_ah_attr.grh.traffic_class;
1233 resp.alt_dest.dlid = attr->alt_ah_attr.dlid;
1234 resp.alt_dest.sl = attr->alt_ah_attr.sl;
1235 resp.alt_dest.src_path_bits = attr->alt_ah_attr.src_path_bits;
1236 resp.alt_dest.static_rate = attr->alt_ah_attr.static_rate;
1237 resp.alt_dest.is_global = !!(attr->alt_ah_attr.ah_flags & IB_AH_GRH);
1238 resp.alt_dest.port_num = attr->alt_ah_attr.port_num;
1239
1240 resp.max_send_wr = init_attr->cap.max_send_wr;
1241 resp.max_recv_wr = init_attr->cap.max_recv_wr;
1242 resp.max_send_sge = init_attr->cap.max_send_sge;
1243 resp.max_recv_sge = init_attr->cap.max_recv_sge;
1244 resp.max_inline_data = init_attr->cap.max_inline_data;
1245 resp.sq_sig_all = init_attr->sq_sig_type == IB_SIGNAL_ALL_WR;
1246
1247 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1248 &resp, sizeof resp))
1249 ret = -EFAULT;
1250
1251out:
1252 kfree(attr);
1253 kfree(init_attr);
1254
1255 return ret ? ret : in_len;
1256}
1257
1258ssize_t ib_uverbs_modify_qp(struct ib_uverbs_file *file,
1259 const char __user *buf, int in_len,
1260 int out_len)
1261{
1262 struct ib_uverbs_modify_qp cmd;
1263 struct ib_udata udata;
1264 struct ib_qp *qp;
1265 struct ib_qp_attr *attr;
1266 int ret;
1267
1268 if (copy_from_user(&cmd, buf, sizeof cmd))
1269 return -EFAULT;
1270
1271 INIT_UDATA(&udata, buf + sizeof cmd, NULL, in_len - sizeof cmd,
1272 out_len);
1273
1274 attr = kmalloc(sizeof *attr, GFP_KERNEL);
1275 if (!attr)
1276 return -ENOMEM;
1277
1278 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
1279 if (!qp) {
1280 ret = -EINVAL;
1281 goto out;
1282 }
1283
1284 attr->qp_state = cmd.qp_state;
1285 attr->cur_qp_state = cmd.cur_qp_state;
1286 attr->path_mtu = cmd.path_mtu;
1287 attr->path_mig_state = cmd.path_mig_state;
1288 attr->qkey = cmd.qkey;
1289 attr->rq_psn = cmd.rq_psn;
1290 attr->sq_psn = cmd.sq_psn;
1291 attr->dest_qp_num = cmd.dest_qp_num;
1292 attr->qp_access_flags = cmd.qp_access_flags;
1293 attr->pkey_index = cmd.pkey_index;
1294 attr->alt_pkey_index = cmd.alt_pkey_index;
1295 attr->en_sqd_async_notify = cmd.en_sqd_async_notify;
1296 attr->max_rd_atomic = cmd.max_rd_atomic;
1297 attr->max_dest_rd_atomic = cmd.max_dest_rd_atomic;
1298 attr->min_rnr_timer = cmd.min_rnr_timer;
1299 attr->port_num = cmd.port_num;
1300 attr->timeout = cmd.timeout;
1301 attr->retry_cnt = cmd.retry_cnt;
1302 attr->rnr_retry = cmd.rnr_retry;
1303 attr->alt_port_num = cmd.alt_port_num;
1304 attr->alt_timeout = cmd.alt_timeout;
1305
1306 memcpy(attr->ah_attr.grh.dgid.raw, cmd.dest.dgid, 16);
1307 attr->ah_attr.grh.flow_label = cmd.dest.flow_label;
1308 attr->ah_attr.grh.sgid_index = cmd.dest.sgid_index;
1309 attr->ah_attr.grh.hop_limit = cmd.dest.hop_limit;
1310 attr->ah_attr.grh.traffic_class = cmd.dest.traffic_class;
1311 attr->ah_attr.dlid = cmd.dest.dlid;
1312 attr->ah_attr.sl = cmd.dest.sl;
1313 attr->ah_attr.src_path_bits = cmd.dest.src_path_bits;
1314 attr->ah_attr.static_rate = cmd.dest.static_rate;
1315 attr->ah_attr.ah_flags = cmd.dest.is_global ? IB_AH_GRH : 0;
1316 attr->ah_attr.port_num = cmd.dest.port_num;
1317
1318 memcpy(attr->alt_ah_attr.grh.dgid.raw, cmd.alt_dest.dgid, 16);
1319 attr->alt_ah_attr.grh.flow_label = cmd.alt_dest.flow_label;
1320 attr->alt_ah_attr.grh.sgid_index = cmd.alt_dest.sgid_index;
1321 attr->alt_ah_attr.grh.hop_limit = cmd.alt_dest.hop_limit;
1322 attr->alt_ah_attr.grh.traffic_class = cmd.alt_dest.traffic_class;
1323 attr->alt_ah_attr.dlid = cmd.alt_dest.dlid;
1324 attr->alt_ah_attr.sl = cmd.alt_dest.sl;
1325 attr->alt_ah_attr.src_path_bits = cmd.alt_dest.src_path_bits;
1326 attr->alt_ah_attr.static_rate = cmd.alt_dest.static_rate;
1327 attr->alt_ah_attr.ah_flags = cmd.alt_dest.is_global ? IB_AH_GRH : 0;
1328 attr->alt_ah_attr.port_num = cmd.alt_dest.port_num;
1329
1330 ret = qp->device->modify_qp(qp, attr, cmd.attr_mask, &udata);
1331
1332 put_qp_read(qp);
1333
1334 if (ret)
1335 goto out;
1336
1337 ret = in_len;
1338
1339out:
1340 kfree(attr);
1341
1342 return ret;
1343}
1344
1345ssize_t ib_uverbs_destroy_qp(struct ib_uverbs_file *file,
1346 const char __user *buf, int in_len,
1347 int out_len)
1348{
1349 struct ib_uverbs_destroy_qp cmd;
1350 struct ib_uverbs_destroy_qp_resp resp;
1351 struct ib_uobject *uobj;
1352 struct ib_qp *qp;
1353 struct ib_uqp_object *obj;
1354 int ret = -EINVAL;
1355
1356 if (copy_from_user(&cmd, buf, sizeof cmd))
1357 return -EFAULT;
1358
1359 memset(&resp, 0, sizeof resp);
1360
1361 uobj = idr_write_uobj(&ib_uverbs_qp_idr, cmd.qp_handle, file->ucontext);
1362 if (!uobj)
1363 return -EINVAL;
1364 qp = uobj->object;
1365 obj = container_of(uobj, struct ib_uqp_object, uevent.uobject);
1366
1367 if (!list_empty(&obj->mcast_list)) {
1368 put_uobj_write(uobj);
1369 return -EBUSY;
1370 }
1371
1372 ret = ib_destroy_qp(qp);
1373 if (!ret)
1374 uobj->live = 0;
1375
1376 put_uobj_write(uobj);
1377
1378 if (ret)
1379 return ret;
1380
1381 idr_remove_uobj(&ib_uverbs_qp_idr, uobj);
1382
1383 mutex_lock(&file->mutex);
1384 list_del(&uobj->list);
1385 mutex_unlock(&file->mutex);
1386
1387 ib_uverbs_release_uevent(file, &obj->uevent);
1388
1389 resp.events_reported = obj->uevent.events_reported;
1390
1391 put_uobj(uobj);
1392
1393 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1394 &resp, sizeof resp))
1395 return -EFAULT;
1396
1397 return in_len;
1398}
1399
1400ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
1401 const char __user *buf, int in_len,
1402 int out_len)
1403{
1404 struct ib_uverbs_post_send cmd;
1405 struct ib_uverbs_post_send_resp resp;
1406 struct ib_uverbs_send_wr *user_wr;
1407 struct ib_send_wr *wr = NULL, *last, *next, *bad_wr;
1408 struct ib_qp *qp;
1409 int i, sg_ind;
1410 int is_ud;
1411 ssize_t ret = -EINVAL;
1412
1413 if (copy_from_user(&cmd, buf, sizeof cmd))
1414 return -EFAULT;
1415
1416 if (in_len < sizeof cmd + cmd.wqe_size * cmd.wr_count +
1417 cmd.sge_count * sizeof (struct ib_uverbs_sge))
1418 return -EINVAL;
1419
1420 if (cmd.wqe_size < sizeof (struct ib_uverbs_send_wr))
1421 return -EINVAL;
1422
1423 user_wr = kmalloc(cmd.wqe_size, GFP_KERNEL);
1424 if (!user_wr)
1425 return -ENOMEM;
1426
1427 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
1428 if (!qp)
1429 goto out;
1430
1431 is_ud = qp->qp_type == IB_QPT_UD;
1432 sg_ind = 0;
1433 last = NULL;
1434 for (i = 0; i < cmd.wr_count; ++i) {
1435 if (copy_from_user(user_wr,
1436 buf + sizeof cmd + i * cmd.wqe_size,
1437 cmd.wqe_size)) {
1438 ret = -EFAULT;
1439 goto out_put;
1440 }
1441
1442 if (user_wr->num_sge + sg_ind > cmd.sge_count) {
1443 ret = -EINVAL;
1444 goto out_put;
1445 }
1446
1447 next = kmalloc(ALIGN(sizeof *next, sizeof (struct ib_sge)) +
1448 user_wr->num_sge * sizeof (struct ib_sge),
1449 GFP_KERNEL);
1450 if (!next) {
1451 ret = -ENOMEM;
1452 goto out_put;
1453 }
1454
1455 if (!last)
1456 wr = next;
1457 else
1458 last->next = next;
1459 last = next;
1460
1461 next->next = NULL;
1462 next->wr_id = user_wr->wr_id;
1463 next->num_sge = user_wr->num_sge;
1464 next->opcode = user_wr->opcode;
1465 next->send_flags = user_wr->send_flags;
1466
1467 if (is_ud) {
1468 next->wr.ud.ah = idr_read_ah(user_wr->wr.ud.ah,
1469 file->ucontext);
1470 if (!next->wr.ud.ah) {
1471 ret = -EINVAL;
1472 goto out_put;
1473 }
1474 next->wr.ud.remote_qpn = user_wr->wr.ud.remote_qpn;
1475 next->wr.ud.remote_qkey = user_wr->wr.ud.remote_qkey;
1476 } else {
1477 switch (next->opcode) {
1478 case IB_WR_RDMA_WRITE_WITH_IMM:
1479 next->ex.imm_data =
1480 (__be32 __force) user_wr->ex.imm_data;
1481 case IB_WR_RDMA_WRITE:
1482 case IB_WR_RDMA_READ:
1483 next->wr.rdma.remote_addr =
1484 user_wr->wr.rdma.remote_addr;
1485 next->wr.rdma.rkey =
1486 user_wr->wr.rdma.rkey;
1487 break;
1488 case IB_WR_SEND_WITH_IMM:
1489 next->ex.imm_data =
1490 (__be32 __force) user_wr->ex.imm_data;
1491 break;
1492 case IB_WR_SEND_WITH_INV:
1493 next->ex.invalidate_rkey =
1494 user_wr->ex.invalidate_rkey;
1495 break;
1496 case IB_WR_ATOMIC_CMP_AND_SWP:
1497 case IB_WR_ATOMIC_FETCH_AND_ADD:
1498 next->wr.atomic.remote_addr =
1499 user_wr->wr.atomic.remote_addr;
1500 next->wr.atomic.compare_add =
1501 user_wr->wr.atomic.compare_add;
1502 next->wr.atomic.swap = user_wr->wr.atomic.swap;
1503 next->wr.atomic.rkey = user_wr->wr.atomic.rkey;
1504 break;
1505 default:
1506 break;
1507 }
1508 }
1509
1510 if (next->num_sge) {
1511 next->sg_list = (void *) next +
1512 ALIGN(sizeof *next, sizeof (struct ib_sge));
1513 if (copy_from_user(next->sg_list,
1514 buf + sizeof cmd +
1515 cmd.wr_count * cmd.wqe_size +
1516 sg_ind * sizeof (struct ib_sge),
1517 next->num_sge * sizeof (struct ib_sge))) {
1518 ret = -EFAULT;
1519 goto out_put;
1520 }
1521 sg_ind += next->num_sge;
1522 } else
1523 next->sg_list = NULL;
1524 }
1525
1526 resp.bad_wr = 0;
1527 ret = qp->device->post_send(qp, wr, &bad_wr);
1528 if (ret)
1529 for (next = wr; next; next = next->next) {
1530 ++resp.bad_wr;
1531 if (next == bad_wr)
1532 break;
1533 }
1534
1535 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1536 &resp, sizeof resp))
1537 ret = -EFAULT;
1538
1539out_put:
1540 put_qp_read(qp);
1541
1542 while (wr) {
1543 if (is_ud && wr->wr.ud.ah)
1544 put_ah_read(wr->wr.ud.ah);
1545 next = wr->next;
1546 kfree(wr);
1547 wr = next;
1548 }
1549
1550out:
1551 kfree(user_wr);
1552
1553 return ret ? ret : in_len;
1554}
1555
1556static struct ib_recv_wr *ib_uverbs_unmarshall_recv(const char __user *buf,
1557 int in_len,
1558 u32 wr_count,
1559 u32 sge_count,
1560 u32 wqe_size)
1561{
1562 struct ib_uverbs_recv_wr *user_wr;
1563 struct ib_recv_wr *wr = NULL, *last, *next;
1564 int sg_ind;
1565 int i;
1566 int ret;
1567
1568 if (in_len < wqe_size * wr_count +
1569 sge_count * sizeof (struct ib_uverbs_sge))
1570 return ERR_PTR(-EINVAL);
1571
1572 if (wqe_size < sizeof (struct ib_uverbs_recv_wr))
1573 return ERR_PTR(-EINVAL);
1574
1575 user_wr = kmalloc(wqe_size, GFP_KERNEL);
1576 if (!user_wr)
1577 return ERR_PTR(-ENOMEM);
1578
1579 sg_ind = 0;
1580 last = NULL;
1581 for (i = 0; i < wr_count; ++i) {
1582 if (copy_from_user(user_wr, buf + i * wqe_size,
1583 wqe_size)) {
1584 ret = -EFAULT;
1585 goto err;
1586 }
1587
1588 if (user_wr->num_sge + sg_ind > sge_count) {
1589 ret = -EINVAL;
1590 goto err;
1591 }
1592
1593 next = kmalloc(ALIGN(sizeof *next, sizeof (struct ib_sge)) +
1594 user_wr->num_sge * sizeof (struct ib_sge),
1595 GFP_KERNEL);
1596 if (!next) {
1597 ret = -ENOMEM;
1598 goto err;
1599 }
1600
1601 if (!last)
1602 wr = next;
1603 else
1604 last->next = next;
1605 last = next;
1606
1607 next->next = NULL;
1608 next->wr_id = user_wr->wr_id;
1609 next->num_sge = user_wr->num_sge;
1610
1611 if (next->num_sge) {
1612 next->sg_list = (void *) next +
1613 ALIGN(sizeof *next, sizeof (struct ib_sge));
1614 if (copy_from_user(next->sg_list,
1615 buf + wr_count * wqe_size +
1616 sg_ind * sizeof (struct ib_sge),
1617 next->num_sge * sizeof (struct ib_sge))) {
1618 ret = -EFAULT;
1619 goto err;
1620 }
1621 sg_ind += next->num_sge;
1622 } else
1623 next->sg_list = NULL;
1624 }
1625
1626 kfree(user_wr);
1627 return wr;
1628
1629err:
1630 kfree(user_wr);
1631
1632 while (wr) {
1633 next = wr->next;
1634 kfree(wr);
1635 wr = next;
1636 }
1637
1638 return ERR_PTR(ret);
1639}
1640
1641ssize_t ib_uverbs_post_recv(struct ib_uverbs_file *file,
1642 const char __user *buf, int in_len,
1643 int out_len)
1644{
1645 struct ib_uverbs_post_recv cmd;
1646 struct ib_uverbs_post_recv_resp resp;
1647 struct ib_recv_wr *wr, *next, *bad_wr;
1648 struct ib_qp *qp;
1649 ssize_t ret = -EINVAL;
1650
1651 if (copy_from_user(&cmd, buf, sizeof cmd))
1652 return -EFAULT;
1653
1654 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd,
1655 in_len - sizeof cmd, cmd.wr_count,
1656 cmd.sge_count, cmd.wqe_size);
1657 if (IS_ERR(wr))
1658 return PTR_ERR(wr);
1659
1660 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
1661 if (!qp)
1662 goto out;
1663
1664 resp.bad_wr = 0;
1665 ret = qp->device->post_recv(qp, wr, &bad_wr);
1666
1667 put_qp_read(qp);
1668
1669 if (ret)
1670 for (next = wr; next; next = next->next) {
1671 ++resp.bad_wr;
1672 if (next == bad_wr)
1673 break;
1674 }
1675
1676 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1677 &resp, sizeof resp))
1678 ret = -EFAULT;
1679
1680out:
1681 while (wr) {
1682 next = wr->next;
1683 kfree(wr);
1684 wr = next;
1685 }
1686
1687 return ret ? ret : in_len;
1688}
1689
1690ssize_t ib_uverbs_post_srq_recv(struct ib_uverbs_file *file,
1691 const char __user *buf, int in_len,
1692 int out_len)
1693{
1694 struct ib_uverbs_post_srq_recv cmd;
1695 struct ib_uverbs_post_srq_recv_resp resp;
1696 struct ib_recv_wr *wr, *next, *bad_wr;
1697 struct ib_srq *srq;
1698 ssize_t ret = -EINVAL;
1699
1700 if (copy_from_user(&cmd, buf, sizeof cmd))
1701 return -EFAULT;
1702
1703 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd,
1704 in_len - sizeof cmd, cmd.wr_count,
1705 cmd.sge_count, cmd.wqe_size);
1706 if (IS_ERR(wr))
1707 return PTR_ERR(wr);
1708
1709 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
1710 if (!srq)
1711 goto out;
1712
1713 resp.bad_wr = 0;
1714 ret = srq->device->post_srq_recv(srq, wr, &bad_wr);
1715
1716 put_srq_read(srq);
1717
1718 if (ret)
1719 for (next = wr; next; next = next->next) {
1720 ++resp.bad_wr;
1721 if (next == bad_wr)
1722 break;
1723 }
1724
1725 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1726 &resp, sizeof resp))
1727 ret = -EFAULT;
1728
1729out:
1730 while (wr) {
1731 next = wr->next;
1732 kfree(wr);
1733 wr = next;
1734 }
1735
1736 return ret ? ret : in_len;
1737}
1738
1739ssize_t ib_uverbs_create_ah(struct ib_uverbs_file *file,
1740 const char __user *buf, int in_len,
1741 int out_len)
1742{
1743 struct ib_uverbs_create_ah cmd;
1744 struct ib_uverbs_create_ah_resp resp;
1745 struct ib_uobject *uobj;
1746 struct ib_pd *pd;
1747 struct ib_ah *ah;
1748 struct ib_ah_attr attr;
1749 int ret;
1750
1751 if (out_len < sizeof resp)
1752 return -ENOSPC;
1753
1754 if (copy_from_user(&cmd, buf, sizeof cmd))
1755 return -EFAULT;
1756
1757 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
1758 if (!uobj)
1759 return -ENOMEM;
1760
1761 init_uobj(uobj, cmd.user_handle, file->ucontext, &ah_lock_key);
1762 down_write(&uobj->mutex);
1763
1764 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1765 if (!pd) {
1766 ret = -EINVAL;
1767 goto err;
1768 }
1769
1770 attr.dlid = cmd.attr.dlid;
1771 attr.sl = cmd.attr.sl;
1772 attr.src_path_bits = cmd.attr.src_path_bits;
1773 attr.static_rate = cmd.attr.static_rate;
1774 attr.ah_flags = cmd.attr.is_global ? IB_AH_GRH : 0;
1775 attr.port_num = cmd.attr.port_num;
1776 attr.grh.flow_label = cmd.attr.grh.flow_label;
1777 attr.grh.sgid_index = cmd.attr.grh.sgid_index;
1778 attr.grh.hop_limit = cmd.attr.grh.hop_limit;
1779 attr.grh.traffic_class = cmd.attr.grh.traffic_class;
1780 memcpy(attr.grh.dgid.raw, cmd.attr.grh.dgid, 16);
1781
1782 ah = ib_create_ah(pd, &attr);
1783 if (IS_ERR(ah)) {
1784 ret = PTR_ERR(ah);
1785 goto err_put;
1786 }
1787
1788 ah->uobject = uobj;
1789 uobj->object = ah;
1790
1791 ret = idr_add_uobj(&ib_uverbs_ah_idr, uobj);
1792 if (ret)
1793 goto err_destroy;
1794
1795 resp.ah_handle = uobj->id;
1796
1797 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1798 &resp, sizeof resp)) {
1799 ret = -EFAULT;
1800 goto err_copy;
1801 }
1802
1803 put_pd_read(pd);
1804
1805 mutex_lock(&file->mutex);
1806 list_add_tail(&uobj->list, &file->ucontext->ah_list);
1807 mutex_unlock(&file->mutex);
1808
1809 uobj->live = 1;
1810
1811 up_write(&uobj->mutex);
1812
1813 return in_len;
1814
1815err_copy:
1816 idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
1817
1818err_destroy:
1819 ib_destroy_ah(ah);
1820
1821err_put:
1822 put_pd_read(pd);
1823
1824err:
1825 put_uobj_write(uobj);
1826 return ret;
1827}
1828
1829ssize_t ib_uverbs_destroy_ah(struct ib_uverbs_file *file,
1830 const char __user *buf, int in_len, int out_len)
1831{
1832 struct ib_uverbs_destroy_ah cmd;
1833 struct ib_ah *ah;
1834 struct ib_uobject *uobj;
1835 int ret;
1836
1837 if (copy_from_user(&cmd, buf, sizeof cmd))
1838 return -EFAULT;
1839
1840 uobj = idr_write_uobj(&ib_uverbs_ah_idr, cmd.ah_handle, file->ucontext);
1841 if (!uobj)
1842 return -EINVAL;
1843 ah = uobj->object;
1844
1845 ret = ib_destroy_ah(ah);
1846 if (!ret)
1847 uobj->live = 0;
1848
1849 put_uobj_write(uobj);
1850
1851 if (ret)
1852 return ret;
1853
1854 idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
1855
1856 mutex_lock(&file->mutex);
1857 list_del(&uobj->list);
1858 mutex_unlock(&file->mutex);
1859
1860 put_uobj(uobj);
1861
1862 return in_len;
1863}
1864
1865ssize_t ib_uverbs_attach_mcast(struct ib_uverbs_file *file,
1866 const char __user *buf, int in_len,
1867 int out_len)
1868{
1869 struct ib_uverbs_attach_mcast cmd;
1870 struct ib_qp *qp;
1871 struct ib_uqp_object *obj;
1872 struct ib_uverbs_mcast_entry *mcast;
1873 int ret;
1874
1875 if (copy_from_user(&cmd, buf, sizeof cmd))
1876 return -EFAULT;
1877
1878 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
1879 if (!qp)
1880 return -EINVAL;
1881
1882 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
1883
1884 list_for_each_entry(mcast, &obj->mcast_list, list)
1885 if (cmd.mlid == mcast->lid &&
1886 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
1887 ret = 0;
1888 goto out_put;
1889 }
1890
1891 mcast = kmalloc(sizeof *mcast, GFP_KERNEL);
1892 if (!mcast) {
1893 ret = -ENOMEM;
1894 goto out_put;
1895 }
1896
1897 mcast->lid = cmd.mlid;
1898 memcpy(mcast->gid.raw, cmd.gid, sizeof mcast->gid.raw);
1899
1900 ret = ib_attach_mcast(qp, &mcast->gid, cmd.mlid);
1901 if (!ret)
1902 list_add_tail(&mcast->list, &obj->mcast_list);
1903 else
1904 kfree(mcast);
1905
1906out_put:
1907 put_qp_read(qp);
1908
1909 return ret ? ret : in_len;
1910}
1911
1912ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *file,
1913 const char __user *buf, int in_len,
1914 int out_len)
1915{
1916 struct ib_uverbs_detach_mcast cmd;
1917 struct ib_uqp_object *obj;
1918 struct ib_qp *qp;
1919 struct ib_uverbs_mcast_entry *mcast;
1920 int ret = -EINVAL;
1921
1922 if (copy_from_user(&cmd, buf, sizeof cmd))
1923 return -EFAULT;
1924
1925 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
1926 if (!qp)
1927 return -EINVAL;
1928
1929 ret = ib_detach_mcast(qp, (union ib_gid *) cmd.gid, cmd.mlid);
1930 if (ret)
1931 goto out_put;
1932
1933 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
1934
1935 list_for_each_entry(mcast, &obj->mcast_list, list)
1936 if (cmd.mlid == mcast->lid &&
1937 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
1938 list_del(&mcast->list);
1939 kfree(mcast);
1940 break;
1941 }
1942
1943out_put:
1944 put_qp_read(qp);
1945
1946 return ret ? ret : in_len;
1947}
1948
1949ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file,
1950 const char __user *buf, int in_len,
1951 int out_len)
1952{
1953 struct ib_uverbs_create_srq cmd;
1954 struct ib_uverbs_create_srq_resp resp;
1955 struct ib_udata udata;
1956 struct ib_uevent_object *obj;
1957 struct ib_pd *pd;
1958 struct ib_srq *srq;
1959 struct ib_srq_init_attr attr;
1960 int ret;
1961
1962 if (out_len < sizeof resp)
1963 return -ENOSPC;
1964
1965 if (copy_from_user(&cmd, buf, sizeof cmd))
1966 return -EFAULT;
1967
1968 INIT_UDATA(&udata, buf + sizeof cmd,
1969 (unsigned long) cmd.response + sizeof resp,
1970 in_len - sizeof cmd, out_len - sizeof resp);
1971
1972 obj = kmalloc(sizeof *obj, GFP_KERNEL);
1973 if (!obj)
1974 return -ENOMEM;
1975
1976 init_uobj(&obj->uobject, cmd.user_handle, file->ucontext, &srq_lock_key);
1977 down_write(&obj->uobject.mutex);
1978
1979 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1980 if (!pd) {
1981 ret = -EINVAL;
1982 goto err;
1983 }
1984
1985 attr.event_handler = ib_uverbs_srq_event_handler;
1986 attr.srq_context = file;
1987 attr.attr.max_wr = cmd.max_wr;
1988 attr.attr.max_sge = cmd.max_sge;
1989 attr.attr.srq_limit = cmd.srq_limit;
1990
1991 obj->events_reported = 0;
1992 INIT_LIST_HEAD(&obj->event_list);
1993
1994 srq = pd->device->create_srq(pd, &attr, &udata);
1995 if (IS_ERR(srq)) {
1996 ret = PTR_ERR(srq);
1997 goto err_put;
1998 }
1999
2000 srq->device = pd->device;
2001 srq->pd = pd;
2002 srq->uobject = &obj->uobject;
2003 srq->event_handler = attr.event_handler;
2004 srq->srq_context = attr.srq_context;
2005 atomic_inc(&pd->usecnt);
2006 atomic_set(&srq->usecnt, 0);
2007
2008 obj->uobject.object = srq;
2009 ret = idr_add_uobj(&ib_uverbs_srq_idr, &obj->uobject);
2010 if (ret)
2011 goto err_destroy;
2012
2013 memset(&resp, 0, sizeof resp);
2014 resp.srq_handle = obj->uobject.id;
2015 resp.max_wr = attr.attr.max_wr;
2016 resp.max_sge = attr.attr.max_sge;
2017
2018 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2019 &resp, sizeof resp)) {
2020 ret = -EFAULT;
2021 goto err_copy;
2022 }
2023
2024 put_pd_read(pd);
2025
2026 mutex_lock(&file->mutex);
2027 list_add_tail(&obj->uobject.list, &file->ucontext->srq_list);
2028 mutex_unlock(&file->mutex);
2029
2030 obj->uobject.live = 1;
2031
2032 up_write(&obj->uobject.mutex);
2033
2034 return in_len;
2035
2036err_copy:
2037 idr_remove_uobj(&ib_uverbs_srq_idr, &obj->uobject);
2038
2039err_destroy:
2040 ib_destroy_srq(srq);
2041
2042err_put:
2043 put_pd_read(pd);
2044
2045err:
2046 put_uobj_write(&obj->uobject);
2047 return ret;
2048}
2049
2050ssize_t ib_uverbs_modify_srq(struct ib_uverbs_file *file,
2051 const char __user *buf, int in_len,
2052 int out_len)
2053{
2054 struct ib_uverbs_modify_srq cmd;
2055 struct ib_udata udata;
2056 struct ib_srq *srq;
2057 struct ib_srq_attr attr;
2058 int ret;
2059
2060 if (copy_from_user(&cmd, buf, sizeof cmd))
2061 return -EFAULT;
2062
2063 INIT_UDATA(&udata, buf + sizeof cmd, NULL, in_len - sizeof cmd,
2064 out_len);
2065
2066 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
2067 if (!srq)
2068 return -EINVAL;
2069
2070 attr.max_wr = cmd.max_wr;
2071 attr.srq_limit = cmd.srq_limit;
2072
2073 ret = srq->device->modify_srq(srq, &attr, cmd.attr_mask, &udata);
2074
2075 put_srq_read(srq);
2076
2077 return ret ? ret : in_len;
2078}
2079
2080ssize_t ib_uverbs_query_srq(struct ib_uverbs_file *file,
2081 const char __user *buf,
2082 int in_len, int out_len)
2083{
2084 struct ib_uverbs_query_srq cmd;
2085 struct ib_uverbs_query_srq_resp resp;
2086 struct ib_srq_attr attr;
2087 struct ib_srq *srq;
2088 int ret;
2089
2090 if (out_len < sizeof resp)
2091 return -ENOSPC;
2092
2093 if (copy_from_user(&cmd, buf, sizeof cmd))
2094 return -EFAULT;
2095
2096 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
2097 if (!srq)
2098 return -EINVAL;
2099
2100 ret = ib_query_srq(srq, &attr);
2101
2102 put_srq_read(srq);
2103
2104 if (ret)
2105 return ret;
2106
2107 memset(&resp, 0, sizeof resp);
2108
2109 resp.max_wr = attr.max_wr;
2110 resp.max_sge = attr.max_sge;
2111 resp.srq_limit = attr.srq_limit;
2112
2113 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2114 &resp, sizeof resp))
2115 return -EFAULT;
2116
2117 return in_len;
2118}
2119
2120ssize_t ib_uverbs_destroy_srq(struct ib_uverbs_file *file,
2121 const char __user *buf, int in_len,
2122 int out_len)
2123{
2124 struct ib_uverbs_destroy_srq cmd;
2125 struct ib_uverbs_destroy_srq_resp resp;
2126 struct ib_uobject *uobj;
2127 struct ib_srq *srq;
2128 struct ib_uevent_object *obj;
2129 int ret = -EINVAL;
2130
2131 if (copy_from_user(&cmd, buf, sizeof cmd))
2132 return -EFAULT;
2133
2134 uobj = idr_write_uobj(&ib_uverbs_srq_idr, cmd.srq_handle, file->ucontext);
2135 if (!uobj)
2136 return -EINVAL;
2137 srq = uobj->object;
2138 obj = container_of(uobj, struct ib_uevent_object, uobject);
2139
2140 ret = ib_destroy_srq(srq);
2141 if (!ret)
2142 uobj->live = 0;
2143
2144 put_uobj_write(uobj);
2145
2146 if (ret)
2147 return ret;
2148
2149 idr_remove_uobj(&ib_uverbs_srq_idr, uobj);
2150
2151 mutex_lock(&file->mutex);
2152 list_del(&uobj->list);
2153 mutex_unlock(&file->mutex);
2154
2155 ib_uverbs_release_uevent(file, obj);
2156
2157 memset(&resp, 0, sizeof resp);
2158 resp.events_reported = obj->events_reported;
2159
2160 put_uobj(uobj);
2161
2162 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2163 &resp, sizeof resp))
2164 ret = -EFAULT;
2165
2166 return ret ? ret : in_len;
2167}