projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[IB] uverbs: Avoid NULL pointer deref on CQ async event
[linux-2.6-block.git] / drivers / infiniband / hw / mthca / mthca_srq.c
CommitLineData
ec34a922
RD		 1/*
2 * Copyright (c) 2005 Cisco Systems. All rights reserved.
3 *
4 * This software is available to you under a choice of one of two
5 * licenses. You may choose to be licensed under the terms of the GNU
6 * General Public License (GPL) Version 2, available from the file
7 * COPYING in the main directory of this source tree, or the
8 * OpenIB.org BSD license below:
9 *
10 * Redistribution and use in source and binary forms, with or
11 * without modification, are permitted provided that the following
12 * conditions are met:
13 *
14 * - Redistributions of source code must retain the above
15 * copyright notice, this list of conditions and the following
16 * disclaimer.
17 *
18 * - Redistributions in binary form must reproduce the above
19 * copyright notice, this list of conditions and the following
20 * disclaimer in the documentation and/or other materials
21 * provided with the distribution.
22 *
23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30 * SOFTWARE.
31 *
32 * $Id: mthca_srq.c 3047 2005-08-10 03:59:35Z roland $
33 */
34
35#include "mthca_dev.h"
36#include "mthca_cmd.h"
37#include "mthca_memfree.h"
38#include "mthca_wqe.h"
39
40enum {
41 MTHCA_MAX_DIRECT_SRQ_SIZE = 4 * PAGE_SIZE
42};
43
44struct mthca_tavor_srq_context {
45 __be64 wqe_base_ds; /* low 6 bits is descriptor size */
46 __be32 state_pd;
47 __be32 lkey;
48 __be32 uar;
49 __be32 wqe_cnt;
50 u32 reserved[2];
51};
52
53struct mthca_arbel_srq_context {
54 __be32 state_logsize_srqn;
55 __be32 lkey;
56 __be32 db_index;
57 __be32 logstride_usrpage;
58 __be64 wqe_base;
59 __be32 eq_pd;
60 __be16 limit_watermark;
61 __be16 wqe_cnt;
62 u16 reserved1;
63 __be16 wqe_counter;
64 u32 reserved2[3];
65};
66
67static void *get_wqe(struct mthca_srq *srq, int n)
68{
69 if (srq->is_direct)
70 return srq->queue.direct.buf + (n << srq->wqe_shift);
71 else
72 return srq->queue.page_list[(n << srq->wqe_shift) >> PAGE_SHIFT].buf +
73 ((n << srq->wqe_shift) & (PAGE_SIZE - 1));
74}
75
76/*
77 * Return a pointer to the location within a WQE that we're using as a
78 * link when the WQE is in the free list. We use an offset of 4
79 * because in the Tavor case, posting a WQE may overwrite the first
80 * four bytes of the previous WQE. The offset avoids corrupting our
81 * free list if the WQE has already completed and been put on the free
82 * list when we post the next WQE.
83 */
84static inline int *wqe_to_link(void *wqe)
85{
86 return (int *) (wqe + 4);
87}
88
89static void mthca_tavor_init_srq_context(struct mthca_dev *dev,
90 struct mthca_pd *pd,
91 struct mthca_srq *srq,
92 struct mthca_tavor_srq_context *context)
93{
94 memset(context, 0, sizeof *context);
95
96 context->wqe_base_ds = cpu_to_be64(1 << (srq->wqe_shift - 4));
97 context->state_pd = cpu_to_be32(pd->pd_num);
98 context->lkey = cpu_to_be32(srq->mr.ibmr.lkey);
99
100 if (pd->ibpd.uobject)
101 context->uar =
102 cpu_to_be32(to_mucontext(pd->ibpd.uobject->context)->uar.index);
103 else
104 context->uar = cpu_to_be32(dev->driver_uar.index);
105}
106
107static void mthca_arbel_init_srq_context(struct mthca_dev *dev,
108 struct mthca_pd *pd,
109 struct mthca_srq *srq,
110 struct mthca_arbel_srq_context *context)
111{
112 int logsize;
113
114 memset(context, 0, sizeof *context);
115
116 logsize = long_log2(srq->max) + srq->wqe_shift;
117 context->state_logsize_srqn = cpu_to_be32(logsize << 24 | srq->srqn);
118 context->lkey = cpu_to_be32(srq->mr.ibmr.lkey);
119 context->db_index = cpu_to_be32(srq->db_index);
120 context->logstride_usrpage = cpu_to_be32((srq->wqe_shift - 4) << 29);
121 if (pd->ibpd.uobject)
122 context->logstride_usrpage |=
123 cpu_to_be32(to_mucontext(pd->ibpd.uobject->context)->uar.index);
124 else
125 context->logstride_usrpage |= cpu_to_be32(dev->driver_uar.index);
126 context->eq_pd = cpu_to_be32(MTHCA_EQ_ASYNC << 24 | pd->pd_num);
127}
128
129static void mthca_free_srq_buf(struct mthca_dev *dev, struct mthca_srq *srq)
130{
131 mthca_buf_free(dev, srq->max << srq->wqe_shift, &srq->queue,
132 srq->is_direct, &srq->mr);
133 kfree(srq->wrid);
134}
135
136static int mthca_alloc_srq_buf(struct mthca_dev *dev, struct mthca_pd *pd,
137 struct mthca_srq *srq)
138{
139 struct mthca_data_seg *scatter;
140 void *wqe;
141 int err;
142 int i;
143
144 if (pd->ibpd.uobject)
145 return 0;
146
147 srq->wrid = kmalloc(srq->max * sizeof (u64), GFP_KERNEL);
148 if (!srq->wrid)
149 return -ENOMEM;
150
151 err = mthca_buf_alloc(dev, srq->max << srq->wqe_shift,
152 MTHCA_MAX_DIRECT_SRQ_SIZE,
153 &srq->queue, &srq->is_direct, pd, 1, &srq->mr);
154 if (err) {
155 kfree(srq->wrid);
156 return err;
157 }
158
159 /*
160 * Now initialize the SRQ buffer so that all of the WQEs are
161 * linked into the list of free WQEs. In addition, set the
162 * scatter list L_Keys to the sentry value of 0x100.
163 */
164 for (i = 0; i < srq->max; ++i) {
165 wqe = get_wqe(srq, i);
166
167 *wqe_to_link(wqe) = i < srq->max - 1 ? i + 1 : -1;
168
169 for (scatter = wqe + sizeof (struct mthca_next_seg);
170 (void *) scatter < wqe + (1 << srq->wqe_shift);
171 ++scatter)
172 scatter->lkey = cpu_to_be32(MTHCA_INVAL_LKEY);
173 }
174
6577ae51
RD		 175 srq->last = get_wqe(srq, srq->max - 1);
176
ec34a922
RD		 177 return 0;
178}
179
180int mthca_alloc_srq(struct mthca_dev *dev, struct mthca_pd *pd,
181 struct ib_srq_attr *attr, struct mthca_srq *srq)
182{
183 struct mthca_mailbox *mailbox;
184 u8 status;
185 int ds;
186 int err;
187
188 /* Sanity check SRQ size before proceeding */
efaae8f7
JM		 189 if (attr->max_wr > dev->limits.max_srq_wqes ||
190 attr->max_sge > dev->limits.max_sg)
ec34a922
RD		 191 return -EINVAL;
192
193 srq->max = attr->max_wr;
194 srq->max_gs = attr->max_sge;
ec34a922
RD		 195 srq->counter = 0;
196
197 if (mthca_is_memfree(dev))
198 srq->max = roundup_pow_of_two(srq->max + 1);
199
200 ds = min(64UL,
201 roundup_pow_of_two(sizeof (struct mthca_next_seg) +
202 srq->max_gs * sizeof (struct mthca_data_seg)));
203 srq->wqe_shift = long_log2(ds);
204
205 srq->srqn = mthca_alloc(&dev->srq_table.alloc);
206 if (srq->srqn == -1)
207 return -ENOMEM;
208
209 if (mthca_is_memfree(dev)) {
210 err = mthca_table_get(dev, dev->srq_table.table, srq->srqn);
211 if (err)
212 goto err_out;
213
214 if (!pd->ibpd.uobject) {
215 srq->db_index = mthca_alloc_db(dev, MTHCA_DB_TYPE_SRQ,
216 srq->srqn, &srq->db);
217 if (srq->db_index < 0) {
218 err = -ENOMEM;
219 goto err_out_icm;
220 }
221 }
222 }
223
224 mailbox = mthca_alloc_mailbox(dev, GFP_KERNEL);
225 if (IS_ERR(mailbox)) {
226 err = PTR_ERR(mailbox);
227 goto err_out_db;
228 }
229
230 err = mthca_alloc_srq_buf(dev, pd, srq);
231 if (err)
232 goto err_out_mailbox;
233
234 spin_lock_init(&srq->lock);
235 atomic_set(&srq->refcount, 1);
236 init_waitqueue_head(&srq->wait);
237
238 if (mthca_is_memfree(dev))
239 mthca_arbel_init_srq_context(dev, pd, srq, mailbox->buf);
240 else
241 mthca_tavor_init_srq_context(dev, pd, srq, mailbox->buf);
242
243 err = mthca_SW2HW_SRQ(dev, mailbox, srq->srqn, &status);
244
245 if (err) {
246 mthca_warn(dev, "SW2HW_SRQ failed (%d)\n", err);
247 goto err_out_free_buf;
248 }
249 if (status) {
250 mthca_warn(dev, "SW2HW_SRQ returned status 0x%02x\n",
251 status);
252 err = -EINVAL;
253 goto err_out_free_buf;
254 }
255
256 spin_lock_irq(&dev->srq_table.lock);
257 if (mthca_array_set(&dev->srq_table.srq,
258 srq->srqn & (dev->limits.num_srqs - 1),
259 srq)) {
260 spin_unlock_irq(&dev->srq_table.lock);
261 goto err_out_free_srq;
262 }
263 spin_unlock_irq(&dev->srq_table.lock);
264
265 mthca_free_mailbox(dev, mailbox);
266
267 srq->first_free = 0;
268 srq->last_free = srq->max - 1;
269
270 return 0;
271
272err_out_free_srq:
273 err = mthca_HW2SW_SRQ(dev, mailbox, srq->srqn, &status);
274 if (err)
275 mthca_warn(dev, "HW2SW_SRQ failed (%d)\n", err);
276 else if (status)
277 mthca_warn(dev, "HW2SW_SRQ returned status 0x%02x\n", status);
278
279err_out_free_buf:
280 if (!pd->ibpd.uobject)
281 mthca_free_srq_buf(dev, srq);
282
283err_out_mailbox:
284 mthca_free_mailbox(dev, mailbox);
285
286err_out_db:
287 if (!pd->ibpd.uobject && mthca_is_memfree(dev))
288 mthca_free_db(dev, MTHCA_DB_TYPE_SRQ, srq->db_index);
289
290err_out_icm:
291 mthca_table_put(dev, dev->srq_table.table, srq->srqn);
292
293err_out:
294 mthca_free(&dev->srq_table.alloc, srq->srqn);
295
296 return err;
297}
298
299void mthca_free_srq(struct mthca_dev *dev, struct mthca_srq *srq)
300{
301 struct mthca_mailbox *mailbox;
302 int err;
303 u8 status;
304
305 mailbox = mthca_alloc_mailbox(dev, GFP_KERNEL);
306 if (IS_ERR(mailbox)) {
307 mthca_warn(dev, "No memory for mailbox to free SRQ.\n");
308 return;
309 }
310
311 err = mthca_HW2SW_SRQ(dev, mailbox, srq->srqn, &status);
312 if (err)
313 mthca_warn(dev, "HW2SW_SRQ failed (%d)\n", err);
314 else if (status)
315 mthca_warn(dev, "HW2SW_SRQ returned status 0x%02x\n", status);
316
317 spin_lock_irq(&dev->srq_table.lock);
318 mthca_array_clear(&dev->srq_table.srq,
319 srq->srqn & (dev->limits.num_srqs - 1));
320 spin_unlock_irq(&dev->srq_table.lock);
321
322 atomic_dec(&srq->refcount);
323 wait_event(srq->wait, !atomic_read(&srq->refcount));
324
325 if (!srq->ibsrq.uobject) {
326 mthca_free_srq_buf(dev, srq);
327 if (mthca_is_memfree(dev))
328 mthca_free_db(dev, MTHCA_DB_TYPE_SRQ, srq->db_index);
329 }
330
331 mthca_table_put(dev, dev->srq_table.table, srq->srqn);
332 mthca_free(&dev->srq_table.alloc, srq->srqn);
333 mthca_free_mailbox(dev, mailbox);
334}
335
90f104da
RD		 336int mthca_modify_srq(struct ib_srq *ibsrq, struct ib_srq_attr *attr,
337 enum ib_srq_attr_mask attr_mask)
338{
339 struct mthca_dev *dev = to_mdev(ibsrq->device);
340 struct mthca_srq *srq = to_msrq(ibsrq);
341 int ret;
342 u8 status;
343
344 /* We don't support resizing SRQs (yet?) */
345 if (attr_mask & IB_SRQ_MAX_WR)
346 return -EINVAL;
347
348 if (attr_mask & IB_SRQ_LIMIT) {
349 ret = mthca_ARM_SRQ(dev, srq->srqn, attr->srq_limit, &status);
350 if (ret)
351 return ret;
352 if (status)
353 return -EINVAL;
354 }
355
356 return 0;
357}
358
ec34a922
RD		 359void mthca_srq_event(struct mthca_dev *dev, u32 srqn,
360 enum ib_event_type event_type)
361{
362 struct mthca_srq *srq;
363 struct ib_event event;
364
365 spin_lock(&dev->srq_table.lock);
366 srq = mthca_array_get(&dev->srq_table.srq, srqn & (dev->limits.num_srqs - 1));
367 if (srq)
368 atomic_inc(&srq->refcount);
369 spin_unlock(&dev->srq_table.lock);
370
371 if (!srq) {
372 mthca_warn(dev, "Async event for bogus SRQ %08x\n", srqn);
373 return;
374 }
375
376 if (!srq->ibsrq.event_handler)
377 goto out;
378
379 event.device = &dev->ib_dev;
380 event.event = event_type;
90f104da 381 event.element.srq = &srq->ibsrq;
ec34a922
RD		 382 srq->ibsrq.event_handler(&event, srq->ibsrq.srq_context);
383
384out:
385 if (atomic_dec_and_test(&srq->refcount))
386 wake_up(&srq->wait);
387}
388
389/*
390 * This function must be called with IRQs disabled.
391 */
392void mthca_free_srq_wqe(struct mthca_srq *srq, u32 wqe_addr)
393{
394 int ind;
395
396 ind = wqe_addr >> srq->wqe_shift;
397
398 spin_lock(&srq->lock);
399
400 if (likely(srq->first_free >= 0))
401 *wqe_to_link(get_wqe(srq, srq->last_free)) = ind;
402 else
403 srq->first_free = ind;
404
405 *wqe_to_link(get_wqe(srq, ind)) = -1;
406 srq->last_free = ind;
407
408 spin_unlock(&srq->lock);
409}
410
411int mthca_tavor_post_srq_recv(struct ib_srq *ibsrq, struct ib_recv_wr *wr,
412 struct ib_recv_wr **bad_wr)
413{
414 struct mthca_dev *dev = to_mdev(ibsrq->device);
415 struct mthca_srq *srq = to_msrq(ibsrq);
416 unsigned long flags;
417 int err = 0;
418 int first_ind;
419 int ind;
420 int next_ind;
421 int nreq;
422 int i;
423 void *wqe;
424 void *prev_wqe;
425
426 spin_lock_irqsave(&srq->lock, flags);
427
428 first_ind = srq->first_free;
429
430 for (nreq = 0; wr; ++nreq, wr = wr->next) {
431 ind = srq->first_free;
432
433 if (ind < 0) {
434 mthca_err(dev, "SRQ %06x full\n", srq->srqn);
435 err = -ENOMEM;
436 *bad_wr = wr;
3853194c 437 break;
ec34a922
RD		 438 }
439
440 wqe = get_wqe(srq, ind);
441 next_ind = *wqe_to_link(wqe);
e23d6d2b
RD		 442
443 if (next_ind < 0) {
444 mthca_err(dev, "SRQ %06x full\n", srq->srqn);
445 err = -ENOMEM;
446 *bad_wr = wr;
447 break;
448 }
449
ec34a922
RD		 450 prev_wqe = srq->last;
451 srq->last = wqe;
452
453 ((struct mthca_next_seg *) wqe)->nda_op = 0;
454 ((struct mthca_next_seg *) wqe)->ee_nds = 0;
455 /* flags field will always remain 0 */
456
457 wqe += sizeof (struct mthca_next_seg);
458
459 if (unlikely(wr->num_sge > srq->max_gs)) {
460 err = -EINVAL;
461 *bad_wr = wr;
462 srq->last = prev_wqe;
3853194c 463 break;
ec34a922
RD		 464 }
465
466 for (i = 0; i < wr->num_sge; ++i) {
467 ((struct mthca_data_seg *) wqe)->byte_count =
468 cpu_to_be32(wr->sg_list[i].length);
469 ((struct mthca_data_seg *) wqe)->lkey =
470 cpu_to_be32(wr->sg_list[i].lkey);
471 ((struct mthca_data_seg *) wqe)->addr =
472 cpu_to_be64(wr->sg_list[i].addr);
473 wqe += sizeof (struct mthca_data_seg);
474 }
475
476 if (i < srq->max_gs) {
477 ((struct mthca_data_seg *) wqe)->byte_count = 0;
478 ((struct mthca_data_seg *) wqe)->lkey = cpu_to_be32(MTHCA_INVAL_LKEY);
479 ((struct mthca_data_seg *) wqe)->addr = 0;
480 }
481
d6cff021
RD		 482 ((struct mthca_next_seg *) prev_wqe)->nda_op =
483 cpu_to_be32((ind << srq->wqe_shift) | 1);
484 wmb();
485 ((struct mthca_next_seg *) prev_wqe)->ee_nds =
486 cpu_to_be32(MTHCA_NEXT_DBD);
ec34a922
RD		 487
488 srq->wrid[ind] = wr->wr_id;
489 srq->first_free = next_ind;
490 }
491
ec34a922
RD		 492 if (likely(nreq)) {
493 __be32 doorbell[2];
494
495 doorbell[0] = cpu_to_be32(first_ind << srq->wqe_shift);
496 doorbell[1] = cpu_to_be32((srq->srqn << 8) | nreq);
497
498 /*
499 * Make sure that descriptors are written before
500 * doorbell is rung.
501 */
502 wmb();
503
504 mthca_write64(doorbell,
505 dev->kar + MTHCA_RECEIVE_DOORBELL,
506 MTHCA_GET_DOORBELL_LOCK(&dev->doorbell_lock));
507 }
508
509 spin_unlock_irqrestore(&srq->lock, flags);
510 return err;
511}
512
513int mthca_arbel_post_srq_recv(struct ib_srq *ibsrq, struct ib_recv_wr *wr,
514 struct ib_recv_wr **bad_wr)
515{
516 struct mthca_dev *dev = to_mdev(ibsrq->device);
517 struct mthca_srq *srq = to_msrq(ibsrq);
518 unsigned long flags;
519 int err = 0;
520 int ind;
521 int next_ind;
522 int nreq;
523 int i;
524 void *wqe;
525
526 spin_lock_irqsave(&srq->lock, flags);
527
528 for (nreq = 0; wr; ++nreq, wr = wr->next) {
529 ind = srq->first_free;
530
531 if (ind < 0) {
532 mthca_err(dev, "SRQ %06x full\n", srq->srqn);
533 err = -ENOMEM;
534 *bad_wr = wr;
3853194c 535 break;
ec34a922
RD		 536 }
537
538 wqe = get_wqe(srq, ind);
539 next_ind = *wqe_to_link(wqe);
540
e23d6d2b
RD		 541 if (next_ind < 0) {
542 mthca_err(dev, "SRQ %06x full\n", srq->srqn);
543 err = -ENOMEM;
544 *bad_wr = wr;
545 break;
546 }
547
ec34a922
RD		 548 ((struct mthca_next_seg *) wqe)->nda_op =
549 cpu_to_be32((next_ind << srq->wqe_shift) | 1);
550 ((struct mthca_next_seg *) wqe)->ee_nds = 0;
551 /* flags field will always remain 0 */
552
553 wqe += sizeof (struct mthca_next_seg);
554
555 if (unlikely(wr->num_sge > srq->max_gs)) {
556 err = -EINVAL;
557 *bad_wr = wr;
3853194c 558 break;
ec34a922
RD		 559 }
560
561 for (i = 0; i < wr->num_sge; ++i) {
562 ((struct mthca_data_seg *) wqe)->byte_count =
563 cpu_to_be32(wr->sg_list[i].length);
564 ((struct mthca_data_seg *) wqe)->lkey =
565 cpu_to_be32(wr->sg_list[i].lkey);
566 ((struct mthca_data_seg *) wqe)->addr =
567 cpu_to_be64(wr->sg_list[i].addr);
568 wqe += sizeof (struct mthca_data_seg);
569 }
570
571 if (i < srq->max_gs) {
572 ((struct mthca_data_seg *) wqe)->byte_count = 0;
573 ((struct mthca_data_seg *) wqe)->lkey = cpu_to_be32(MTHCA_INVAL_LKEY);
574 ((struct mthca_data_seg *) wqe)->addr = 0;
575 }
576
577 srq->wrid[ind] = wr->wr_id;
578 srq->first_free = next_ind;
579 }
580
581 if (likely(nreq)) {
582 srq->counter += nreq;
583
584 /*
585 * Make sure that descriptors are written before
586 * we write doorbell record.
587 */
588 wmb();
589 *srq->db = cpu_to_be32(srq->counter);
590 }
591
592 spin_unlock_irqrestore(&srq->lock, flags);
593 return err;
594}
595
596int __devinit mthca_init_srq_table(struct mthca_dev *dev)
597{
598 int err;
599
600 if (!(dev->mthca_flags & MTHCA_FLAG_SRQ))
601 return 0;
602
603 spin_lock_init(&dev->srq_table.lock);
604
605 err = mthca_alloc_init(&dev->srq_table.alloc,
606 dev->limits.num_srqs,
607 dev->limits.num_srqs - 1,
608 dev->limits.reserved_srqs);
609 if (err)
610 return err;
611
612 err = mthca_array_init(&dev->srq_table.srq,
613 dev->limits.num_srqs);
614 if (err)
615 mthca_alloc_cleanup(&dev->srq_table.alloc);
616
617 return err;
618}
619
620void __devexit mthca_cleanup_srq_table(struct mthca_dev *dev)
621{
622 if (!(dev->mthca_flags & MTHCA_FLAG_SRQ))
623 return;
624
625 mthca_array_cleanup(&dev->srq_table.srq, dev->limits.num_srqs);
626 mthca_alloc_cleanup(&dev->srq_table.alloc);
627}
Linux 6.x block layer and io_uring tree(s)