2 * Copyright (c) 2005 Topspin Communications. All rights reserved.
3 * Copyright (c) 2005, 2006, 2007 Cisco Systems. All rights reserved.
4 * Copyright (c) 2005 PathScale, Inc. All rights reserved.
5 * Copyright (c) 2006 Mellanox Technologies. All rights reserved.
7 * This software is available to you under a choice of one of two
8 * licenses. You may choose to be licensed under the terms of the GNU
9 * General Public License (GPL) Version 2, available from the file
10 * COPYING in the main directory of this source tree, or the
11 * OpenIB.org BSD license below:
13 * Redistribution and use in source and binary forms, with or
14 * without modification, are permitted provided that the following
17 * - Redistributions of source code must retain the above
18 * copyright notice, this list of conditions and the following
21 * - Redistributions in binary form must reproduce the above
22 * copyright notice, this list of conditions and the following
23 * disclaimer in the documentation and/or other materials
24 * provided with the distribution.
26 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
27 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
28 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
29 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
30 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
31 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
32 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
36 #include <linux/file.h>
38 #include <linux/slab.h>
39 #include <linux/sched.h>
41 #include <asm/uaccess.h>
44 #include "core_priv.h"
46 struct uverbs_lock_class {
47 struct lock_class_key key;
51 static struct uverbs_lock_class pd_lock_class = { .name = "PD-uobj" };
52 static struct uverbs_lock_class mr_lock_class = { .name = "MR-uobj" };
53 static struct uverbs_lock_class mw_lock_class = { .name = "MW-uobj" };
54 static struct uverbs_lock_class cq_lock_class = { .name = "CQ-uobj" };
55 static struct uverbs_lock_class qp_lock_class = { .name = "QP-uobj" };
56 static struct uverbs_lock_class ah_lock_class = { .name = "AH-uobj" };
57 static struct uverbs_lock_class srq_lock_class = { .name = "SRQ-uobj" };
58 static struct uverbs_lock_class xrcd_lock_class = { .name = "XRCD-uobj" };
59 static struct uverbs_lock_class rule_lock_class = { .name = "RULE-uobj" };
62 * The ib_uobject locking scheme is as follows:
64 * - ib_uverbs_idr_lock protects the uverbs idrs themselves, so it
65 * needs to be held during all idr operations. When an object is
66 * looked up, a reference must be taken on the object's kref before
69 * - Each object also has an rwsem. This rwsem must be held for
70 * reading while an operation that uses the object is performed.
71 * For example, while registering an MR, the associated PD's
72 * uobject.mutex must be held for reading. The rwsem must be held
73 * for writing while initializing or destroying an object.
75 * - In addition, each object has a "live" flag. If this flag is not
76 * set, then lookups of the object will fail even if it is found in
77 * the idr. This handles a reader that blocks and does not acquire
78 * the rwsem until after the object is destroyed. The destroy
79 * operation will set the live flag to 0 and then drop the rwsem;
80 * this will allow the reader to acquire the rwsem, see that the
81 * live flag is 0, and then drop the rwsem and its reference to
82 * object. The underlying storage will not be freed until the last
83 * reference to the object is dropped.
86 static void init_uobj(struct ib_uobject *uobj, u64 user_handle,
87 struct ib_ucontext *context, struct uverbs_lock_class *c)
89 uobj->user_handle = user_handle;
90 uobj->context = context;
91 kref_init(&uobj->ref);
92 init_rwsem(&uobj->mutex);
93 lockdep_set_class_and_name(&uobj->mutex, &c->key, c->name);
97 static void release_uobj(struct kref *kref)
99 kfree(container_of(kref, struct ib_uobject, ref));
102 static void put_uobj(struct ib_uobject *uobj)
104 kref_put(&uobj->ref, release_uobj);
107 static void put_uobj_read(struct ib_uobject *uobj)
109 up_read(&uobj->mutex);
113 static void put_uobj_write(struct ib_uobject *uobj)
115 up_write(&uobj->mutex);
119 static int idr_add_uobj(struct idr *idr, struct ib_uobject *uobj)
123 idr_preload(GFP_KERNEL);
124 spin_lock(&ib_uverbs_idr_lock);
126 ret = idr_alloc(idr, uobj, 0, 0, GFP_NOWAIT);
130 spin_unlock(&ib_uverbs_idr_lock);
133 return ret < 0 ? ret : 0;
136 void idr_remove_uobj(struct idr *idr, struct ib_uobject *uobj)
138 spin_lock(&ib_uverbs_idr_lock);
139 idr_remove(idr, uobj->id);
140 spin_unlock(&ib_uverbs_idr_lock);
143 static struct ib_uobject *__idr_get_uobj(struct idr *idr, int id,
144 struct ib_ucontext *context)
146 struct ib_uobject *uobj;
148 spin_lock(&ib_uverbs_idr_lock);
149 uobj = idr_find(idr, id);
151 if (uobj->context == context)
152 kref_get(&uobj->ref);
156 spin_unlock(&ib_uverbs_idr_lock);
161 static struct ib_uobject *idr_read_uobj(struct idr *idr, int id,
162 struct ib_ucontext *context, int nested)
164 struct ib_uobject *uobj;
166 uobj = __idr_get_uobj(idr, id, context);
171 down_read_nested(&uobj->mutex, SINGLE_DEPTH_NESTING);
173 down_read(&uobj->mutex);
182 static struct ib_uobject *idr_write_uobj(struct idr *idr, int id,
183 struct ib_ucontext *context)
185 struct ib_uobject *uobj;
187 uobj = __idr_get_uobj(idr, id, context);
191 down_write(&uobj->mutex);
193 put_uobj_write(uobj);
200 static void *idr_read_obj(struct idr *idr, int id, struct ib_ucontext *context,
203 struct ib_uobject *uobj;
205 uobj = idr_read_uobj(idr, id, context, nested);
206 return uobj ? uobj->object : NULL;
209 static struct ib_pd *idr_read_pd(int pd_handle, struct ib_ucontext *context)
211 return idr_read_obj(&ib_uverbs_pd_idr, pd_handle, context, 0);
214 static void put_pd_read(struct ib_pd *pd)
216 put_uobj_read(pd->uobject);
219 static struct ib_cq *idr_read_cq(int cq_handle, struct ib_ucontext *context, int nested)
221 return idr_read_obj(&ib_uverbs_cq_idr, cq_handle, context, nested);
224 static void put_cq_read(struct ib_cq *cq)
226 put_uobj_read(cq->uobject);
229 static struct ib_ah *idr_read_ah(int ah_handle, struct ib_ucontext *context)
231 return idr_read_obj(&ib_uverbs_ah_idr, ah_handle, context, 0);
234 static void put_ah_read(struct ib_ah *ah)
236 put_uobj_read(ah->uobject);
239 static struct ib_qp *idr_read_qp(int qp_handle, struct ib_ucontext *context)
241 return idr_read_obj(&ib_uverbs_qp_idr, qp_handle, context, 0);
244 static struct ib_qp *idr_write_qp(int qp_handle, struct ib_ucontext *context)
246 struct ib_uobject *uobj;
248 uobj = idr_write_uobj(&ib_uverbs_qp_idr, qp_handle, context);
249 return uobj ? uobj->object : NULL;
252 static void put_qp_read(struct ib_qp *qp)
254 put_uobj_read(qp->uobject);
257 static void put_qp_write(struct ib_qp *qp)
259 put_uobj_write(qp->uobject);
262 static struct ib_srq *idr_read_srq(int srq_handle, struct ib_ucontext *context)
264 return idr_read_obj(&ib_uverbs_srq_idr, srq_handle, context, 0);
267 static void put_srq_read(struct ib_srq *srq)
269 put_uobj_read(srq->uobject);
272 static struct ib_xrcd *idr_read_xrcd(int xrcd_handle, struct ib_ucontext *context,
273 struct ib_uobject **uobj)
275 *uobj = idr_read_uobj(&ib_uverbs_xrcd_idr, xrcd_handle, context, 0);
276 return *uobj ? (*uobj)->object : NULL;
279 static void put_xrcd_read(struct ib_uobject *uobj)
284 ssize_t ib_uverbs_get_context(struct ib_uverbs_file *file,
285 struct ib_device *ib_dev,
286 const char __user *buf,
287 int in_len, int out_len)
289 struct ib_uverbs_get_context cmd;
290 struct ib_uverbs_get_context_resp resp;
291 struct ib_udata udata;
292 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
293 struct ib_device_attr dev_attr;
295 struct ib_ucontext *ucontext;
299 if (out_len < sizeof resp)
302 if (copy_from_user(&cmd, buf, sizeof cmd))
305 mutex_lock(&file->mutex);
307 if (file->ucontext) {
312 INIT_UDATA(&udata, buf + sizeof cmd,
313 (unsigned long) cmd.response + sizeof resp,
314 in_len - sizeof cmd, out_len - sizeof resp);
316 ucontext = ib_dev->alloc_ucontext(ib_dev, &udata);
317 if (IS_ERR(ucontext)) {
318 ret = PTR_ERR(ucontext);
322 ucontext->device = ib_dev;
323 INIT_LIST_HEAD(&ucontext->pd_list);
324 INIT_LIST_HEAD(&ucontext->mr_list);
325 INIT_LIST_HEAD(&ucontext->mw_list);
326 INIT_LIST_HEAD(&ucontext->cq_list);
327 INIT_LIST_HEAD(&ucontext->qp_list);
328 INIT_LIST_HEAD(&ucontext->srq_list);
329 INIT_LIST_HEAD(&ucontext->ah_list);
330 INIT_LIST_HEAD(&ucontext->xrcd_list);
331 INIT_LIST_HEAD(&ucontext->rule_list);
333 ucontext->tgid = get_task_pid(current->group_leader, PIDTYPE_PID);
335 ucontext->closing = 0;
337 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
338 ucontext->umem_tree = RB_ROOT;
339 init_rwsem(&ucontext->umem_rwsem);
340 ucontext->odp_mrs_count = 0;
341 INIT_LIST_HEAD(&ucontext->no_private_counters);
343 ret = ib_query_device(ib_dev, &dev_attr);
346 if (!(dev_attr.device_cap_flags & IB_DEVICE_ON_DEMAND_PAGING))
347 ucontext->invalidate_range = NULL;
351 resp.num_comp_vectors = file->device->num_comp_vectors;
353 ret = get_unused_fd_flags(O_CLOEXEC);
358 filp = ib_uverbs_alloc_event_file(file, ib_dev, 1);
364 if (copy_to_user((void __user *) (unsigned long) cmd.response,
365 &resp, sizeof resp)) {
370 file->ucontext = ucontext;
372 fd_install(resp.async_fd, filp);
374 mutex_unlock(&file->mutex);
379 ib_uverbs_free_async_event_file(file);
383 put_unused_fd(resp.async_fd);
386 put_pid(ucontext->tgid);
387 ib_dev->dealloc_ucontext(ucontext);
390 mutex_unlock(&file->mutex);
394 static void copy_query_dev_fields(struct ib_uverbs_file *file,
395 struct ib_device *ib_dev,
396 struct ib_uverbs_query_device_resp *resp,
397 struct ib_device_attr *attr)
399 resp->fw_ver = attr->fw_ver;
400 resp->node_guid = ib_dev->node_guid;
401 resp->sys_image_guid = attr->sys_image_guid;
402 resp->max_mr_size = attr->max_mr_size;
403 resp->page_size_cap = attr->page_size_cap;
404 resp->vendor_id = attr->vendor_id;
405 resp->vendor_part_id = attr->vendor_part_id;
406 resp->hw_ver = attr->hw_ver;
407 resp->max_qp = attr->max_qp;
408 resp->max_qp_wr = attr->max_qp_wr;
409 resp->device_cap_flags = attr->device_cap_flags;
410 resp->max_sge = attr->max_sge;
411 resp->max_sge_rd = attr->max_sge_rd;
412 resp->max_cq = attr->max_cq;
413 resp->max_cqe = attr->max_cqe;
414 resp->max_mr = attr->max_mr;
415 resp->max_pd = attr->max_pd;
416 resp->max_qp_rd_atom = attr->max_qp_rd_atom;
417 resp->max_ee_rd_atom = attr->max_ee_rd_atom;
418 resp->max_res_rd_atom = attr->max_res_rd_atom;
419 resp->max_qp_init_rd_atom = attr->max_qp_init_rd_atom;
420 resp->max_ee_init_rd_atom = attr->max_ee_init_rd_atom;
421 resp->atomic_cap = attr->atomic_cap;
422 resp->max_ee = attr->max_ee;
423 resp->max_rdd = attr->max_rdd;
424 resp->max_mw = attr->max_mw;
425 resp->max_raw_ipv6_qp = attr->max_raw_ipv6_qp;
426 resp->max_raw_ethy_qp = attr->max_raw_ethy_qp;
427 resp->max_mcast_grp = attr->max_mcast_grp;
428 resp->max_mcast_qp_attach = attr->max_mcast_qp_attach;
429 resp->max_total_mcast_qp_attach = attr->max_total_mcast_qp_attach;
430 resp->max_ah = attr->max_ah;
431 resp->max_fmr = attr->max_fmr;
432 resp->max_map_per_fmr = attr->max_map_per_fmr;
433 resp->max_srq = attr->max_srq;
434 resp->max_srq_wr = attr->max_srq_wr;
435 resp->max_srq_sge = attr->max_srq_sge;
436 resp->max_pkeys = attr->max_pkeys;
437 resp->local_ca_ack_delay = attr->local_ca_ack_delay;
438 resp->phys_port_cnt = ib_dev->phys_port_cnt;
441 ssize_t ib_uverbs_query_device(struct ib_uverbs_file *file,
442 struct ib_device *ib_dev,
443 const char __user *buf,
444 int in_len, int out_len)
446 struct ib_uverbs_query_device cmd;
447 struct ib_uverbs_query_device_resp resp;
448 struct ib_device_attr attr;
451 if (out_len < sizeof resp)
454 if (copy_from_user(&cmd, buf, sizeof cmd))
457 ret = ib_query_device(ib_dev, &attr);
461 memset(&resp, 0, sizeof resp);
462 copy_query_dev_fields(file, ib_dev, &resp, &attr);
464 if (copy_to_user((void __user *) (unsigned long) cmd.response,
471 ssize_t ib_uverbs_query_port(struct ib_uverbs_file *file,
472 struct ib_device *ib_dev,
473 const char __user *buf,
474 int in_len, int out_len)
476 struct ib_uverbs_query_port cmd;
477 struct ib_uverbs_query_port_resp resp;
478 struct ib_port_attr attr;
481 if (out_len < sizeof resp)
484 if (copy_from_user(&cmd, buf, sizeof cmd))
487 ret = ib_query_port(ib_dev, cmd.port_num, &attr);
491 memset(&resp, 0, sizeof resp);
493 resp.state = attr.state;
494 resp.max_mtu = attr.max_mtu;
495 resp.active_mtu = attr.active_mtu;
496 resp.gid_tbl_len = attr.gid_tbl_len;
497 resp.port_cap_flags = attr.port_cap_flags;
498 resp.max_msg_sz = attr.max_msg_sz;
499 resp.bad_pkey_cntr = attr.bad_pkey_cntr;
500 resp.qkey_viol_cntr = attr.qkey_viol_cntr;
501 resp.pkey_tbl_len = attr.pkey_tbl_len;
503 resp.sm_lid = attr.sm_lid;
505 resp.max_vl_num = attr.max_vl_num;
506 resp.sm_sl = attr.sm_sl;
507 resp.subnet_timeout = attr.subnet_timeout;
508 resp.init_type_reply = attr.init_type_reply;
509 resp.active_width = attr.active_width;
510 resp.active_speed = attr.active_speed;
511 resp.phys_state = attr.phys_state;
512 resp.link_layer = rdma_port_get_link_layer(ib_dev,
515 if (copy_to_user((void __user *) (unsigned long) cmd.response,
522 ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file,
523 struct ib_device *ib_dev,
524 const char __user *buf,
525 int in_len, int out_len)
527 struct ib_uverbs_alloc_pd cmd;
528 struct ib_uverbs_alloc_pd_resp resp;
529 struct ib_udata udata;
530 struct ib_uobject *uobj;
534 if (out_len < sizeof resp)
537 if (copy_from_user(&cmd, buf, sizeof cmd))
540 INIT_UDATA(&udata, buf + sizeof cmd,
541 (unsigned long) cmd.response + sizeof resp,
542 in_len - sizeof cmd, out_len - sizeof resp);
544 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
548 init_uobj(uobj, 0, file->ucontext, &pd_lock_class);
549 down_write(&uobj->mutex);
551 pd = ib_dev->alloc_pd(ib_dev, file->ucontext, &udata);
560 atomic_set(&pd->usecnt, 0);
563 ret = idr_add_uobj(&ib_uverbs_pd_idr, uobj);
567 memset(&resp, 0, sizeof resp);
568 resp.pd_handle = uobj->id;
570 if (copy_to_user((void __user *) (unsigned long) cmd.response,
571 &resp, sizeof resp)) {
576 mutex_lock(&file->mutex);
577 list_add_tail(&uobj->list, &file->ucontext->pd_list);
578 mutex_unlock(&file->mutex);
582 up_write(&uobj->mutex);
587 idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
593 put_uobj_write(uobj);
597 ssize_t ib_uverbs_dealloc_pd(struct ib_uverbs_file *file,
598 struct ib_device *ib_dev,
599 const char __user *buf,
600 int in_len, int out_len)
602 struct ib_uverbs_dealloc_pd cmd;
603 struct ib_uobject *uobj;
607 if (copy_from_user(&cmd, buf, sizeof cmd))
610 uobj = idr_write_uobj(&ib_uverbs_pd_idr, cmd.pd_handle, file->ucontext);
615 if (atomic_read(&pd->usecnt)) {
620 ret = pd->device->dealloc_pd(uobj->object);
621 WARN_ONCE(ret, "Infiniband HW driver failed dealloc_pd");
626 put_uobj_write(uobj);
628 idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
630 mutex_lock(&file->mutex);
631 list_del(&uobj->list);
632 mutex_unlock(&file->mutex);
639 put_uobj_write(uobj);
643 struct xrcd_table_entry {
645 struct ib_xrcd *xrcd;
649 static int xrcd_table_insert(struct ib_uverbs_device *dev,
651 struct ib_xrcd *xrcd)
653 struct xrcd_table_entry *entry, *scan;
654 struct rb_node **p = &dev->xrcd_tree.rb_node;
655 struct rb_node *parent = NULL;
657 entry = kmalloc(sizeof *entry, GFP_KERNEL);
662 entry->inode = inode;
666 scan = rb_entry(parent, struct xrcd_table_entry, node);
668 if (inode < scan->inode) {
670 } else if (inode > scan->inode) {
678 rb_link_node(&entry->node, parent, p);
679 rb_insert_color(&entry->node, &dev->xrcd_tree);
684 static struct xrcd_table_entry *xrcd_table_search(struct ib_uverbs_device *dev,
687 struct xrcd_table_entry *entry;
688 struct rb_node *p = dev->xrcd_tree.rb_node;
691 entry = rb_entry(p, struct xrcd_table_entry, node);
693 if (inode < entry->inode)
695 else if (inode > entry->inode)
704 static struct ib_xrcd *find_xrcd(struct ib_uverbs_device *dev, struct inode *inode)
706 struct xrcd_table_entry *entry;
708 entry = xrcd_table_search(dev, inode);
715 static void xrcd_table_delete(struct ib_uverbs_device *dev,
718 struct xrcd_table_entry *entry;
720 entry = xrcd_table_search(dev, inode);
723 rb_erase(&entry->node, &dev->xrcd_tree);
728 ssize_t ib_uverbs_open_xrcd(struct ib_uverbs_file *file,
729 struct ib_device *ib_dev,
730 const char __user *buf, int in_len,
733 struct ib_uverbs_open_xrcd cmd;
734 struct ib_uverbs_open_xrcd_resp resp;
735 struct ib_udata udata;
736 struct ib_uxrcd_object *obj;
737 struct ib_xrcd *xrcd = NULL;
738 struct fd f = {NULL, 0};
739 struct inode *inode = NULL;
743 if (out_len < sizeof resp)
746 if (copy_from_user(&cmd, buf, sizeof cmd))
749 INIT_UDATA(&udata, buf + sizeof cmd,
750 (unsigned long) cmd.response + sizeof resp,
751 in_len - sizeof cmd, out_len - sizeof resp);
753 mutex_lock(&file->device->xrcd_tree_mutex);
756 /* search for file descriptor */
760 goto err_tree_mutex_unlock;
763 inode = file_inode(f.file);
764 xrcd = find_xrcd(file->device, inode);
765 if (!xrcd && !(cmd.oflags & O_CREAT)) {
766 /* no file descriptor. Need CREATE flag */
768 goto err_tree_mutex_unlock;
771 if (xrcd && cmd.oflags & O_EXCL) {
773 goto err_tree_mutex_unlock;
777 obj = kmalloc(sizeof *obj, GFP_KERNEL);
780 goto err_tree_mutex_unlock;
783 init_uobj(&obj->uobject, 0, file->ucontext, &xrcd_lock_class);
785 down_write(&obj->uobject.mutex);
788 xrcd = ib_dev->alloc_xrcd(ib_dev, file->ucontext, &udata);
795 xrcd->device = ib_dev;
796 atomic_set(&xrcd->usecnt, 0);
797 mutex_init(&xrcd->tgt_qp_mutex);
798 INIT_LIST_HEAD(&xrcd->tgt_qp_list);
802 atomic_set(&obj->refcnt, 0);
803 obj->uobject.object = xrcd;
804 ret = idr_add_uobj(&ib_uverbs_xrcd_idr, &obj->uobject);
808 memset(&resp, 0, sizeof resp);
809 resp.xrcd_handle = obj->uobject.id;
813 /* create new inode/xrcd table entry */
814 ret = xrcd_table_insert(file->device, inode, xrcd);
816 goto err_insert_xrcd;
818 atomic_inc(&xrcd->usecnt);
821 if (copy_to_user((void __user *) (unsigned long) cmd.response,
822 &resp, sizeof resp)) {
830 mutex_lock(&file->mutex);
831 list_add_tail(&obj->uobject.list, &file->ucontext->xrcd_list);
832 mutex_unlock(&file->mutex);
834 obj->uobject.live = 1;
835 up_write(&obj->uobject.mutex);
837 mutex_unlock(&file->device->xrcd_tree_mutex);
843 xrcd_table_delete(file->device, inode);
844 atomic_dec(&xrcd->usecnt);
848 idr_remove_uobj(&ib_uverbs_xrcd_idr, &obj->uobject);
851 ib_dealloc_xrcd(xrcd);
854 put_uobj_write(&obj->uobject);
856 err_tree_mutex_unlock:
860 mutex_unlock(&file->device->xrcd_tree_mutex);
865 ssize_t ib_uverbs_close_xrcd(struct ib_uverbs_file *file,
866 struct ib_device *ib_dev,
867 const char __user *buf, int in_len,
870 struct ib_uverbs_close_xrcd cmd;
871 struct ib_uobject *uobj;
872 struct ib_xrcd *xrcd = NULL;
873 struct inode *inode = NULL;
874 struct ib_uxrcd_object *obj;
878 if (copy_from_user(&cmd, buf, sizeof cmd))
881 mutex_lock(&file->device->xrcd_tree_mutex);
882 uobj = idr_write_uobj(&ib_uverbs_xrcd_idr, cmd.xrcd_handle, file->ucontext);
890 obj = container_of(uobj, struct ib_uxrcd_object, uobject);
891 if (atomic_read(&obj->refcnt)) {
892 put_uobj_write(uobj);
897 if (!inode || atomic_dec_and_test(&xrcd->usecnt)) {
898 ret = ib_dealloc_xrcd(uobj->object);
905 atomic_inc(&xrcd->usecnt);
907 put_uobj_write(uobj);
913 xrcd_table_delete(file->device, inode);
915 idr_remove_uobj(&ib_uverbs_xrcd_idr, uobj);
916 mutex_lock(&file->mutex);
917 list_del(&uobj->list);
918 mutex_unlock(&file->mutex);
924 mutex_unlock(&file->device->xrcd_tree_mutex);
928 void ib_uverbs_dealloc_xrcd(struct ib_uverbs_device *dev,
929 struct ib_xrcd *xrcd)
934 if (inode && !atomic_dec_and_test(&xrcd->usecnt))
937 ib_dealloc_xrcd(xrcd);
940 xrcd_table_delete(dev, inode);
943 ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file,
944 struct ib_device *ib_dev,
945 const char __user *buf, int in_len,
948 struct ib_uverbs_reg_mr cmd;
949 struct ib_uverbs_reg_mr_resp resp;
950 struct ib_udata udata;
951 struct ib_uobject *uobj;
956 if (out_len < sizeof resp)
959 if (copy_from_user(&cmd, buf, sizeof cmd))
962 INIT_UDATA(&udata, buf + sizeof cmd,
963 (unsigned long) cmd.response + sizeof resp,
964 in_len - sizeof cmd, out_len - sizeof resp);
966 if ((cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK))
969 ret = ib_check_mr_access(cmd.access_flags);
973 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
977 init_uobj(uobj, 0, file->ucontext, &mr_lock_class);
978 down_write(&uobj->mutex);
980 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
986 if (cmd.access_flags & IB_ACCESS_ON_DEMAND) {
987 struct ib_device_attr attr;
989 ret = ib_query_device(pd->device, &attr);
990 if (ret || !(attr.device_cap_flags &
991 IB_DEVICE_ON_DEMAND_PAGING)) {
992 pr_debug("ODP support not available\n");
998 mr = pd->device->reg_user_mr(pd, cmd.start, cmd.length, cmd.hca_va,
999 cmd.access_flags, &udata);
1005 mr->device = pd->device;
1008 atomic_inc(&pd->usecnt);
1009 atomic_set(&mr->usecnt, 0);
1012 ret = idr_add_uobj(&ib_uverbs_mr_idr, uobj);
1016 memset(&resp, 0, sizeof resp);
1017 resp.lkey = mr->lkey;
1018 resp.rkey = mr->rkey;
1019 resp.mr_handle = uobj->id;
1021 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1022 &resp, sizeof resp)) {
1029 mutex_lock(&file->mutex);
1030 list_add_tail(&uobj->list, &file->ucontext->mr_list);
1031 mutex_unlock(&file->mutex);
1035 up_write(&uobj->mutex);
1040 idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
1049 put_uobj_write(uobj);
1053 ssize_t ib_uverbs_rereg_mr(struct ib_uverbs_file *file,
1054 struct ib_device *ib_dev,
1055 const char __user *buf, int in_len,
1058 struct ib_uverbs_rereg_mr cmd;
1059 struct ib_uverbs_rereg_mr_resp resp;
1060 struct ib_udata udata;
1061 struct ib_pd *pd = NULL;
1063 struct ib_pd *old_pd;
1065 struct ib_uobject *uobj;
1067 if (out_len < sizeof(resp))
1070 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1073 INIT_UDATA(&udata, buf + sizeof(cmd),
1074 (unsigned long) cmd.response + sizeof(resp),
1075 in_len - sizeof(cmd), out_len - sizeof(resp));
1077 if (cmd.flags & ~IB_MR_REREG_SUPPORTED || !cmd.flags)
1080 if ((cmd.flags & IB_MR_REREG_TRANS) &&
1081 (!cmd.start || !cmd.hca_va || 0 >= cmd.length ||
1082 (cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK)))
1085 uobj = idr_write_uobj(&ib_uverbs_mr_idr, cmd.mr_handle,
1093 if (cmd.flags & IB_MR_REREG_ACCESS) {
1094 ret = ib_check_mr_access(cmd.access_flags);
1099 if (cmd.flags & IB_MR_REREG_PD) {
1100 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1107 if (atomic_read(&mr->usecnt)) {
1113 ret = mr->device->rereg_user_mr(mr, cmd.flags, cmd.start,
1114 cmd.length, cmd.hca_va,
1115 cmd.access_flags, pd, &udata);
1117 if (cmd.flags & IB_MR_REREG_PD) {
1118 atomic_inc(&pd->usecnt);
1120 atomic_dec(&old_pd->usecnt);
1126 memset(&resp, 0, sizeof(resp));
1127 resp.lkey = mr->lkey;
1128 resp.rkey = mr->rkey;
1130 if (copy_to_user((void __user *)(unsigned long)cmd.response,
1131 &resp, sizeof(resp)))
1137 if (cmd.flags & IB_MR_REREG_PD)
1142 put_uobj_write(mr->uobject);
1147 ssize_t ib_uverbs_dereg_mr(struct ib_uverbs_file *file,
1148 struct ib_device *ib_dev,
1149 const char __user *buf, int in_len,
1152 struct ib_uverbs_dereg_mr cmd;
1154 struct ib_uobject *uobj;
1157 if (copy_from_user(&cmd, buf, sizeof cmd))
1160 uobj = idr_write_uobj(&ib_uverbs_mr_idr, cmd.mr_handle, file->ucontext);
1166 ret = ib_dereg_mr(mr);
1170 put_uobj_write(uobj);
1175 idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
1177 mutex_lock(&file->mutex);
1178 list_del(&uobj->list);
1179 mutex_unlock(&file->mutex);
1186 ssize_t ib_uverbs_alloc_mw(struct ib_uverbs_file *file,
1187 struct ib_device *ib_dev,
1188 const char __user *buf, int in_len,
1191 struct ib_uverbs_alloc_mw cmd;
1192 struct ib_uverbs_alloc_mw_resp resp;
1193 struct ib_uobject *uobj;
1198 if (out_len < sizeof(resp))
1201 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1204 uobj = kmalloc(sizeof(*uobj), GFP_KERNEL);
1208 init_uobj(uobj, 0, file->ucontext, &mw_lock_class);
1209 down_write(&uobj->mutex);
1211 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
1217 mw = pd->device->alloc_mw(pd, cmd.mw_type);
1223 mw->device = pd->device;
1226 atomic_inc(&pd->usecnt);
1229 ret = idr_add_uobj(&ib_uverbs_mw_idr, uobj);
1233 memset(&resp, 0, sizeof(resp));
1234 resp.rkey = mw->rkey;
1235 resp.mw_handle = uobj->id;
1237 if (copy_to_user((void __user *)(unsigned long)cmd.response,
1238 &resp, sizeof(resp))) {
1245 mutex_lock(&file->mutex);
1246 list_add_tail(&uobj->list, &file->ucontext->mw_list);
1247 mutex_unlock(&file->mutex);
1251 up_write(&uobj->mutex);
1256 idr_remove_uobj(&ib_uverbs_mw_idr, uobj);
1265 put_uobj_write(uobj);
1269 ssize_t ib_uverbs_dealloc_mw(struct ib_uverbs_file *file,
1270 struct ib_device *ib_dev,
1271 const char __user *buf, int in_len,
1274 struct ib_uverbs_dealloc_mw cmd;
1276 struct ib_uobject *uobj;
1279 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1282 uobj = idr_write_uobj(&ib_uverbs_mw_idr, cmd.mw_handle, file->ucontext);
1288 ret = ib_dealloc_mw(mw);
1292 put_uobj_write(uobj);
1297 idr_remove_uobj(&ib_uverbs_mw_idr, uobj);
1299 mutex_lock(&file->mutex);
1300 list_del(&uobj->list);
1301 mutex_unlock(&file->mutex);
1308 ssize_t ib_uverbs_create_comp_channel(struct ib_uverbs_file *file,
1309 struct ib_device *ib_dev,
1310 const char __user *buf, int in_len,
1313 struct ib_uverbs_create_comp_channel cmd;
1314 struct ib_uverbs_create_comp_channel_resp resp;
1318 if (out_len < sizeof resp)
1321 if (copy_from_user(&cmd, buf, sizeof cmd))
1324 ret = get_unused_fd_flags(O_CLOEXEC);
1329 filp = ib_uverbs_alloc_event_file(file, ib_dev, 0);
1331 put_unused_fd(resp.fd);
1332 return PTR_ERR(filp);
1335 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1336 &resp, sizeof resp)) {
1337 put_unused_fd(resp.fd);
1342 fd_install(resp.fd, filp);
1346 static struct ib_ucq_object *create_cq(struct ib_uverbs_file *file,
1347 struct ib_device *ib_dev,
1348 struct ib_udata *ucore,
1349 struct ib_udata *uhw,
1350 struct ib_uverbs_ex_create_cq *cmd,
1352 int (*cb)(struct ib_uverbs_file *file,
1353 struct ib_ucq_object *obj,
1354 struct ib_uverbs_ex_create_cq_resp *resp,
1355 struct ib_udata *udata,
1359 struct ib_ucq_object *obj;
1360 struct ib_uverbs_event_file *ev_file = NULL;
1363 struct ib_uverbs_ex_create_cq_resp resp;
1364 struct ib_cq_init_attr attr = {};
1366 if (cmd->comp_vector >= file->device->num_comp_vectors)
1367 return ERR_PTR(-EINVAL);
1369 obj = kmalloc(sizeof *obj, GFP_KERNEL);
1371 return ERR_PTR(-ENOMEM);
1373 init_uobj(&obj->uobject, cmd->user_handle, file->ucontext, &cq_lock_class);
1374 down_write(&obj->uobject.mutex);
1376 if (cmd->comp_channel >= 0) {
1377 ev_file = ib_uverbs_lookup_comp_file(cmd->comp_channel);
1384 obj->uverbs_file = file;
1385 obj->comp_events_reported = 0;
1386 obj->async_events_reported = 0;
1387 INIT_LIST_HEAD(&obj->comp_list);
1388 INIT_LIST_HEAD(&obj->async_list);
1390 attr.cqe = cmd->cqe;
1391 attr.comp_vector = cmd->comp_vector;
1393 if (cmd_sz > offsetof(typeof(*cmd), flags) + sizeof(cmd->flags))
1394 attr.flags = cmd->flags;
1396 cq = ib_dev->create_cq(ib_dev, &attr,
1397 file->ucontext, uhw);
1403 cq->device = ib_dev;
1404 cq->uobject = &obj->uobject;
1405 cq->comp_handler = ib_uverbs_comp_handler;
1406 cq->event_handler = ib_uverbs_cq_event_handler;
1407 cq->cq_context = ev_file;
1408 atomic_set(&cq->usecnt, 0);
1410 obj->uobject.object = cq;
1411 ret = idr_add_uobj(&ib_uverbs_cq_idr, &obj->uobject);
1415 memset(&resp, 0, sizeof resp);
1416 resp.base.cq_handle = obj->uobject.id;
1417 resp.base.cqe = cq->cqe;
1419 resp.response_length = offsetof(typeof(resp), response_length) +
1420 sizeof(resp.response_length);
1422 ret = cb(file, obj, &resp, ucore, context);
1426 mutex_lock(&file->mutex);
1427 list_add_tail(&obj->uobject.list, &file->ucontext->cq_list);
1428 mutex_unlock(&file->mutex);
1430 obj->uobject.live = 1;
1432 up_write(&obj->uobject.mutex);
1437 idr_remove_uobj(&ib_uverbs_cq_idr, &obj->uobject);
1444 ib_uverbs_release_ucq(file, ev_file, obj);
1447 put_uobj_write(&obj->uobject);
1449 return ERR_PTR(ret);
1452 static int ib_uverbs_create_cq_cb(struct ib_uverbs_file *file,
1453 struct ib_ucq_object *obj,
1454 struct ib_uverbs_ex_create_cq_resp *resp,
1455 struct ib_udata *ucore, void *context)
1457 if (ib_copy_to_udata(ucore, &resp->base, sizeof(resp->base)))
1463 ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file,
1464 struct ib_device *ib_dev,
1465 const char __user *buf, int in_len,
1468 struct ib_uverbs_create_cq cmd;
1469 struct ib_uverbs_ex_create_cq cmd_ex;
1470 struct ib_uverbs_create_cq_resp resp;
1471 struct ib_udata ucore;
1472 struct ib_udata uhw;
1473 struct ib_ucq_object *obj;
1475 if (out_len < sizeof(resp))
1478 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1481 INIT_UDATA(&ucore, buf, (unsigned long)cmd.response, sizeof(cmd), sizeof(resp));
1483 INIT_UDATA(&uhw, buf + sizeof(cmd),
1484 (unsigned long)cmd.response + sizeof(resp),
1485 in_len - sizeof(cmd), out_len - sizeof(resp));
1487 memset(&cmd_ex, 0, sizeof(cmd_ex));
1488 cmd_ex.user_handle = cmd.user_handle;
1489 cmd_ex.cqe = cmd.cqe;
1490 cmd_ex.comp_vector = cmd.comp_vector;
1491 cmd_ex.comp_channel = cmd.comp_channel;
1493 obj = create_cq(file, ib_dev, &ucore, &uhw, &cmd_ex,
1494 offsetof(typeof(cmd_ex), comp_channel) +
1495 sizeof(cmd.comp_channel), ib_uverbs_create_cq_cb,
1499 return PTR_ERR(obj);
1504 static int ib_uverbs_ex_create_cq_cb(struct ib_uverbs_file *file,
1505 struct ib_ucq_object *obj,
1506 struct ib_uverbs_ex_create_cq_resp *resp,
1507 struct ib_udata *ucore, void *context)
1509 if (ib_copy_to_udata(ucore, resp, resp->response_length))
1515 int ib_uverbs_ex_create_cq(struct ib_uverbs_file *file,
1516 struct ib_device *ib_dev,
1517 struct ib_udata *ucore,
1518 struct ib_udata *uhw)
1520 struct ib_uverbs_ex_create_cq_resp resp;
1521 struct ib_uverbs_ex_create_cq cmd;
1522 struct ib_ucq_object *obj;
1525 if (ucore->inlen < sizeof(cmd))
1528 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
1538 if (ucore->outlen < (offsetof(typeof(resp), response_length) +
1539 sizeof(resp.response_length)))
1542 obj = create_cq(file, ib_dev, ucore, uhw, &cmd,
1543 min(ucore->inlen, sizeof(cmd)),
1544 ib_uverbs_ex_create_cq_cb, NULL);
1547 return PTR_ERR(obj);
1552 ssize_t ib_uverbs_resize_cq(struct ib_uverbs_file *file,
1553 struct ib_device *ib_dev,
1554 const char __user *buf, int in_len,
1557 struct ib_uverbs_resize_cq cmd;
1558 struct ib_uverbs_resize_cq_resp resp;
1559 struct ib_udata udata;
1563 if (copy_from_user(&cmd, buf, sizeof cmd))
1566 INIT_UDATA(&udata, buf + sizeof cmd,
1567 (unsigned long) cmd.response + sizeof resp,
1568 in_len - sizeof cmd, out_len - sizeof resp);
1570 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1574 ret = cq->device->resize_cq(cq, cmd.cqe, &udata);
1580 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1581 &resp, sizeof resp.cqe))
1587 return ret ? ret : in_len;
1590 static int copy_wc_to_user(void __user *dest, struct ib_wc *wc)
1592 struct ib_uverbs_wc tmp;
1594 tmp.wr_id = wc->wr_id;
1595 tmp.status = wc->status;
1596 tmp.opcode = wc->opcode;
1597 tmp.vendor_err = wc->vendor_err;
1598 tmp.byte_len = wc->byte_len;
1599 tmp.ex.imm_data = (__u32 __force) wc->ex.imm_data;
1600 tmp.qp_num = wc->qp->qp_num;
1601 tmp.src_qp = wc->src_qp;
1602 tmp.wc_flags = wc->wc_flags;
1603 tmp.pkey_index = wc->pkey_index;
1604 tmp.slid = wc->slid;
1606 tmp.dlid_path_bits = wc->dlid_path_bits;
1607 tmp.port_num = wc->port_num;
1610 if (copy_to_user(dest, &tmp, sizeof tmp))
1616 ssize_t ib_uverbs_poll_cq(struct ib_uverbs_file *file,
1617 struct ib_device *ib_dev,
1618 const char __user *buf, int in_len,
1621 struct ib_uverbs_poll_cq cmd;
1622 struct ib_uverbs_poll_cq_resp resp;
1623 u8 __user *header_ptr;
1624 u8 __user *data_ptr;
1629 if (copy_from_user(&cmd, buf, sizeof cmd))
1632 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1636 /* we copy a struct ib_uverbs_poll_cq_resp to user space */
1637 header_ptr = (void __user *)(unsigned long) cmd.response;
1638 data_ptr = header_ptr + sizeof resp;
1640 memset(&resp, 0, sizeof resp);
1641 while (resp.count < cmd.ne) {
1642 ret = ib_poll_cq(cq, 1, &wc);
1648 ret = copy_wc_to_user(data_ptr, &wc);
1652 data_ptr += sizeof(struct ib_uverbs_wc);
1656 if (copy_to_user(header_ptr, &resp, sizeof resp)) {
1668 ssize_t ib_uverbs_req_notify_cq(struct ib_uverbs_file *file,
1669 struct ib_device *ib_dev,
1670 const char __user *buf, int in_len,
1673 struct ib_uverbs_req_notify_cq cmd;
1676 if (copy_from_user(&cmd, buf, sizeof cmd))
1679 cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0);
1683 ib_req_notify_cq(cq, cmd.solicited_only ?
1684 IB_CQ_SOLICITED : IB_CQ_NEXT_COMP);
1691 ssize_t ib_uverbs_destroy_cq(struct ib_uverbs_file *file,
1692 struct ib_device *ib_dev,
1693 const char __user *buf, int in_len,
1696 struct ib_uverbs_destroy_cq cmd;
1697 struct ib_uverbs_destroy_cq_resp resp;
1698 struct ib_uobject *uobj;
1700 struct ib_ucq_object *obj;
1701 struct ib_uverbs_event_file *ev_file;
1704 if (copy_from_user(&cmd, buf, sizeof cmd))
1707 uobj = idr_write_uobj(&ib_uverbs_cq_idr, cmd.cq_handle, file->ucontext);
1711 ev_file = cq->cq_context;
1712 obj = container_of(cq->uobject, struct ib_ucq_object, uobject);
1714 ret = ib_destroy_cq(cq);
1718 put_uobj_write(uobj);
1723 idr_remove_uobj(&ib_uverbs_cq_idr, uobj);
1725 mutex_lock(&file->mutex);
1726 list_del(&uobj->list);
1727 mutex_unlock(&file->mutex);
1729 ib_uverbs_release_ucq(file, ev_file, obj);
1731 memset(&resp, 0, sizeof resp);
1732 resp.comp_events_reported = obj->comp_events_reported;
1733 resp.async_events_reported = obj->async_events_reported;
1737 if (copy_to_user((void __user *) (unsigned long) cmd.response,
1738 &resp, sizeof resp))
1744 static int create_qp(struct ib_uverbs_file *file,
1745 struct ib_udata *ucore,
1746 struct ib_udata *uhw,
1747 struct ib_uverbs_ex_create_qp *cmd,
1749 int (*cb)(struct ib_uverbs_file *file,
1750 struct ib_uverbs_ex_create_qp_resp *resp,
1751 struct ib_udata *udata),
1754 struct ib_uqp_object *obj;
1755 struct ib_device *device;
1756 struct ib_pd *pd = NULL;
1757 struct ib_xrcd *xrcd = NULL;
1758 struct ib_uobject *uninitialized_var(xrcd_uobj);
1759 struct ib_cq *scq = NULL, *rcq = NULL;
1760 struct ib_srq *srq = NULL;
1763 struct ib_qp_init_attr attr;
1764 struct ib_uverbs_ex_create_qp_resp resp;
1767 if (cmd->qp_type == IB_QPT_RAW_PACKET && !capable(CAP_NET_RAW))
1770 obj = kzalloc(sizeof *obj, GFP_KERNEL);
1774 init_uobj(&obj->uevent.uobject, cmd->user_handle, file->ucontext,
1776 down_write(&obj->uevent.uobject.mutex);
1778 if (cmd->qp_type == IB_QPT_XRC_TGT) {
1779 xrcd = idr_read_xrcd(cmd->pd_handle, file->ucontext,
1785 device = xrcd->device;
1787 if (cmd->qp_type == IB_QPT_XRC_INI) {
1788 cmd->max_recv_wr = 0;
1789 cmd->max_recv_sge = 0;
1792 srq = idr_read_srq(cmd->srq_handle,
1794 if (!srq || srq->srq_type != IB_SRQT_BASIC) {
1800 if (cmd->recv_cq_handle != cmd->send_cq_handle) {
1801 rcq = idr_read_cq(cmd->recv_cq_handle,
1810 scq = idr_read_cq(cmd->send_cq_handle, file->ucontext, !!rcq);
1812 pd = idr_read_pd(cmd->pd_handle, file->ucontext);
1818 device = pd->device;
1821 attr.event_handler = ib_uverbs_qp_event_handler;
1822 attr.qp_context = file;
1827 attr.sq_sig_type = cmd->sq_sig_all ? IB_SIGNAL_ALL_WR :
1829 attr.qp_type = cmd->qp_type;
1830 attr.create_flags = 0;
1832 attr.cap.max_send_wr = cmd->max_send_wr;
1833 attr.cap.max_recv_wr = cmd->max_recv_wr;
1834 attr.cap.max_send_sge = cmd->max_send_sge;
1835 attr.cap.max_recv_sge = cmd->max_recv_sge;
1836 attr.cap.max_inline_data = cmd->max_inline_data;
1838 obj->uevent.events_reported = 0;
1839 INIT_LIST_HEAD(&obj->uevent.event_list);
1840 INIT_LIST_HEAD(&obj->mcast_list);
1842 if (cmd_sz >= offsetof(typeof(*cmd), create_flags) +
1843 sizeof(cmd->create_flags))
1844 attr.create_flags = cmd->create_flags;
1846 if (attr.create_flags & ~IB_QP_CREATE_BLOCK_MULTICAST_LOOPBACK) {
1851 buf = (void *)cmd + sizeof(*cmd);
1852 if (cmd_sz > sizeof(*cmd))
1853 if (!(buf[0] == 0 && !memcmp(buf, buf + 1,
1854 cmd_sz - sizeof(*cmd) - 1))) {
1859 if (cmd->qp_type == IB_QPT_XRC_TGT)
1860 qp = ib_create_qp(pd, &attr);
1862 qp = device->create_qp(pd, &attr, uhw);
1869 if (cmd->qp_type != IB_QPT_XRC_TGT) {
1871 qp->device = device;
1873 qp->send_cq = attr.send_cq;
1874 qp->recv_cq = attr.recv_cq;
1876 qp->event_handler = attr.event_handler;
1877 qp->qp_context = attr.qp_context;
1878 qp->qp_type = attr.qp_type;
1879 atomic_set(&qp->usecnt, 0);
1880 atomic_inc(&pd->usecnt);
1881 atomic_inc(&attr.send_cq->usecnt);
1883 atomic_inc(&attr.recv_cq->usecnt);
1885 atomic_inc(&attr.srq->usecnt);
1887 qp->uobject = &obj->uevent.uobject;
1889 obj->uevent.uobject.object = qp;
1890 ret = idr_add_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
1894 memset(&resp, 0, sizeof resp);
1895 resp.base.qpn = qp->qp_num;
1896 resp.base.qp_handle = obj->uevent.uobject.id;
1897 resp.base.max_recv_sge = attr.cap.max_recv_sge;
1898 resp.base.max_send_sge = attr.cap.max_send_sge;
1899 resp.base.max_recv_wr = attr.cap.max_recv_wr;
1900 resp.base.max_send_wr = attr.cap.max_send_wr;
1901 resp.base.max_inline_data = attr.cap.max_inline_data;
1903 resp.response_length = offsetof(typeof(resp), response_length) +
1904 sizeof(resp.response_length);
1906 ret = cb(file, &resp, ucore);
1911 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object,
1913 atomic_inc(&obj->uxrcd->refcnt);
1914 put_xrcd_read(xrcd_uobj);
1921 if (rcq && rcq != scq)
1926 mutex_lock(&file->mutex);
1927 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->qp_list);
1928 mutex_unlock(&file->mutex);
1930 obj->uevent.uobject.live = 1;
1932 up_write(&obj->uevent.uobject.mutex);
1936 idr_remove_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
1943 put_xrcd_read(xrcd_uobj);
1948 if (rcq && rcq != scq)
1953 put_uobj_write(&obj->uevent.uobject);
1957 static int ib_uverbs_create_qp_cb(struct ib_uverbs_file *file,
1958 struct ib_uverbs_ex_create_qp_resp *resp,
1959 struct ib_udata *ucore)
1961 if (ib_copy_to_udata(ucore, &resp->base, sizeof(resp->base)))
1967 ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
1968 struct ib_device *ib_dev,
1969 const char __user *buf, int in_len,
1972 struct ib_uverbs_create_qp cmd;
1973 struct ib_uverbs_ex_create_qp cmd_ex;
1974 struct ib_udata ucore;
1975 struct ib_udata uhw;
1976 ssize_t resp_size = sizeof(struct ib_uverbs_create_qp_resp);
1979 if (out_len < resp_size)
1982 if (copy_from_user(&cmd, buf, sizeof(cmd)))
1985 INIT_UDATA(&ucore, buf, (unsigned long)cmd.response, sizeof(cmd),
1987 INIT_UDATA(&uhw, buf + sizeof(cmd),
1988 (unsigned long)cmd.response + resp_size,
1989 in_len - sizeof(cmd), out_len - resp_size);
1991 memset(&cmd_ex, 0, sizeof(cmd_ex));
1992 cmd_ex.user_handle = cmd.user_handle;
1993 cmd_ex.pd_handle = cmd.pd_handle;
1994 cmd_ex.send_cq_handle = cmd.send_cq_handle;
1995 cmd_ex.recv_cq_handle = cmd.recv_cq_handle;
1996 cmd_ex.srq_handle = cmd.srq_handle;
1997 cmd_ex.max_send_wr = cmd.max_send_wr;
1998 cmd_ex.max_recv_wr = cmd.max_recv_wr;
1999 cmd_ex.max_send_sge = cmd.max_send_sge;
2000 cmd_ex.max_recv_sge = cmd.max_recv_sge;
2001 cmd_ex.max_inline_data = cmd.max_inline_data;
2002 cmd_ex.sq_sig_all = cmd.sq_sig_all;
2003 cmd_ex.qp_type = cmd.qp_type;
2004 cmd_ex.is_srq = cmd.is_srq;
2006 err = create_qp(file, &ucore, &uhw, &cmd_ex,
2007 offsetof(typeof(cmd_ex), is_srq) +
2008 sizeof(cmd.is_srq), ib_uverbs_create_qp_cb,
2017 static int ib_uverbs_ex_create_qp_cb(struct ib_uverbs_file *file,
2018 struct ib_uverbs_ex_create_qp_resp *resp,
2019 struct ib_udata *ucore)
2021 if (ib_copy_to_udata(ucore, resp, resp->response_length))
2027 int ib_uverbs_ex_create_qp(struct ib_uverbs_file *file,
2028 struct ib_device *ib_dev,
2029 struct ib_udata *ucore,
2030 struct ib_udata *uhw)
2032 struct ib_uverbs_ex_create_qp_resp resp;
2033 struct ib_uverbs_ex_create_qp cmd = {0};
2036 if (ucore->inlen < (offsetof(typeof(cmd), comp_mask) +
2037 sizeof(cmd.comp_mask)))
2040 err = ib_copy_from_udata(&cmd, ucore, min(sizeof(cmd), ucore->inlen));
2050 if (ucore->outlen < (offsetof(typeof(resp), response_length) +
2051 sizeof(resp.response_length)))
2054 err = create_qp(file, ucore, uhw, &cmd,
2055 min(ucore->inlen, sizeof(cmd)),
2056 ib_uverbs_ex_create_qp_cb, NULL);
2064 ssize_t ib_uverbs_open_qp(struct ib_uverbs_file *file,
2065 struct ib_device *ib_dev,
2066 const char __user *buf, int in_len, int out_len)
2068 struct ib_uverbs_open_qp cmd;
2069 struct ib_uverbs_create_qp_resp resp;
2070 struct ib_udata udata;
2071 struct ib_uqp_object *obj;
2072 struct ib_xrcd *xrcd;
2073 struct ib_uobject *uninitialized_var(xrcd_uobj);
2075 struct ib_qp_open_attr attr;
2078 if (out_len < sizeof resp)
2081 if (copy_from_user(&cmd, buf, sizeof cmd))
2084 INIT_UDATA(&udata, buf + sizeof cmd,
2085 (unsigned long) cmd.response + sizeof resp,
2086 in_len - sizeof cmd, out_len - sizeof resp);
2088 obj = kmalloc(sizeof *obj, GFP_KERNEL);
2092 init_uobj(&obj->uevent.uobject, cmd.user_handle, file->ucontext, &qp_lock_class);
2093 down_write(&obj->uevent.uobject.mutex);
2095 xrcd = idr_read_xrcd(cmd.pd_handle, file->ucontext, &xrcd_uobj);
2101 attr.event_handler = ib_uverbs_qp_event_handler;
2102 attr.qp_context = file;
2103 attr.qp_num = cmd.qpn;
2104 attr.qp_type = cmd.qp_type;
2106 obj->uevent.events_reported = 0;
2107 INIT_LIST_HEAD(&obj->uevent.event_list);
2108 INIT_LIST_HEAD(&obj->mcast_list);
2110 qp = ib_open_qp(xrcd, &attr);
2116 qp->uobject = &obj->uevent.uobject;
2118 obj->uevent.uobject.object = qp;
2119 ret = idr_add_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
2123 memset(&resp, 0, sizeof resp);
2124 resp.qpn = qp->qp_num;
2125 resp.qp_handle = obj->uevent.uobject.id;
2127 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2128 &resp, sizeof resp)) {
2133 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object, uobject);
2134 atomic_inc(&obj->uxrcd->refcnt);
2135 put_xrcd_read(xrcd_uobj);
2137 mutex_lock(&file->mutex);
2138 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->qp_list);
2139 mutex_unlock(&file->mutex);
2141 obj->uevent.uobject.live = 1;
2143 up_write(&obj->uevent.uobject.mutex);
2148 idr_remove_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
2154 put_xrcd_read(xrcd_uobj);
2155 put_uobj_write(&obj->uevent.uobject);
2159 ssize_t ib_uverbs_query_qp(struct ib_uverbs_file *file,
2160 struct ib_device *ib_dev,
2161 const char __user *buf, int in_len,
2164 struct ib_uverbs_query_qp cmd;
2165 struct ib_uverbs_query_qp_resp resp;
2167 struct ib_qp_attr *attr;
2168 struct ib_qp_init_attr *init_attr;
2171 if (copy_from_user(&cmd, buf, sizeof cmd))
2174 attr = kmalloc(sizeof *attr, GFP_KERNEL);
2175 init_attr = kmalloc(sizeof *init_attr, GFP_KERNEL);
2176 if (!attr || !init_attr) {
2181 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2187 ret = ib_query_qp(qp, attr, cmd.attr_mask, init_attr);
2194 memset(&resp, 0, sizeof resp);
2196 resp.qp_state = attr->qp_state;
2197 resp.cur_qp_state = attr->cur_qp_state;
2198 resp.path_mtu = attr->path_mtu;
2199 resp.path_mig_state = attr->path_mig_state;
2200 resp.qkey = attr->qkey;
2201 resp.rq_psn = attr->rq_psn;
2202 resp.sq_psn = attr->sq_psn;
2203 resp.dest_qp_num = attr->dest_qp_num;
2204 resp.qp_access_flags = attr->qp_access_flags;
2205 resp.pkey_index = attr->pkey_index;
2206 resp.alt_pkey_index = attr->alt_pkey_index;
2207 resp.sq_draining = attr->sq_draining;
2208 resp.max_rd_atomic = attr->max_rd_atomic;
2209 resp.max_dest_rd_atomic = attr->max_dest_rd_atomic;
2210 resp.min_rnr_timer = attr->min_rnr_timer;
2211 resp.port_num = attr->port_num;
2212 resp.timeout = attr->timeout;
2213 resp.retry_cnt = attr->retry_cnt;
2214 resp.rnr_retry = attr->rnr_retry;
2215 resp.alt_port_num = attr->alt_port_num;
2216 resp.alt_timeout = attr->alt_timeout;
2218 memcpy(resp.dest.dgid, attr->ah_attr.grh.dgid.raw, 16);
2219 resp.dest.flow_label = attr->ah_attr.grh.flow_label;
2220 resp.dest.sgid_index = attr->ah_attr.grh.sgid_index;
2221 resp.dest.hop_limit = attr->ah_attr.grh.hop_limit;
2222 resp.dest.traffic_class = attr->ah_attr.grh.traffic_class;
2223 resp.dest.dlid = attr->ah_attr.dlid;
2224 resp.dest.sl = attr->ah_attr.sl;
2225 resp.dest.src_path_bits = attr->ah_attr.src_path_bits;
2226 resp.dest.static_rate = attr->ah_attr.static_rate;
2227 resp.dest.is_global = !!(attr->ah_attr.ah_flags & IB_AH_GRH);
2228 resp.dest.port_num = attr->ah_attr.port_num;
2230 memcpy(resp.alt_dest.dgid, attr->alt_ah_attr.grh.dgid.raw, 16);
2231 resp.alt_dest.flow_label = attr->alt_ah_attr.grh.flow_label;
2232 resp.alt_dest.sgid_index = attr->alt_ah_attr.grh.sgid_index;
2233 resp.alt_dest.hop_limit = attr->alt_ah_attr.grh.hop_limit;
2234 resp.alt_dest.traffic_class = attr->alt_ah_attr.grh.traffic_class;
2235 resp.alt_dest.dlid = attr->alt_ah_attr.dlid;
2236 resp.alt_dest.sl = attr->alt_ah_attr.sl;
2237 resp.alt_dest.src_path_bits = attr->alt_ah_attr.src_path_bits;
2238 resp.alt_dest.static_rate = attr->alt_ah_attr.static_rate;
2239 resp.alt_dest.is_global = !!(attr->alt_ah_attr.ah_flags & IB_AH_GRH);
2240 resp.alt_dest.port_num = attr->alt_ah_attr.port_num;
2242 resp.max_send_wr = init_attr->cap.max_send_wr;
2243 resp.max_recv_wr = init_attr->cap.max_recv_wr;
2244 resp.max_send_sge = init_attr->cap.max_send_sge;
2245 resp.max_recv_sge = init_attr->cap.max_recv_sge;
2246 resp.max_inline_data = init_attr->cap.max_inline_data;
2247 resp.sq_sig_all = init_attr->sq_sig_type == IB_SIGNAL_ALL_WR;
2249 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2250 &resp, sizeof resp))
2257 return ret ? ret : in_len;
2260 /* Remove ignored fields set in the attribute mask */
2261 static int modify_qp_mask(enum ib_qp_type qp_type, int mask)
2264 case IB_QPT_XRC_INI:
2265 return mask & ~(IB_QP_MAX_DEST_RD_ATOMIC | IB_QP_MIN_RNR_TIMER);
2266 case IB_QPT_XRC_TGT:
2267 return mask & ~(IB_QP_MAX_QP_RD_ATOMIC | IB_QP_RETRY_CNT |
2274 ssize_t ib_uverbs_modify_qp(struct ib_uverbs_file *file,
2275 struct ib_device *ib_dev,
2276 const char __user *buf, int in_len,
2279 struct ib_uverbs_modify_qp cmd;
2280 struct ib_udata udata;
2282 struct ib_qp_attr *attr;
2285 if (copy_from_user(&cmd, buf, sizeof cmd))
2288 INIT_UDATA(&udata, buf + sizeof cmd, NULL, in_len - sizeof cmd,
2291 attr = kmalloc(sizeof *attr, GFP_KERNEL);
2295 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2301 attr->qp_state = cmd.qp_state;
2302 attr->cur_qp_state = cmd.cur_qp_state;
2303 attr->path_mtu = cmd.path_mtu;
2304 attr->path_mig_state = cmd.path_mig_state;
2305 attr->qkey = cmd.qkey;
2306 attr->rq_psn = cmd.rq_psn;
2307 attr->sq_psn = cmd.sq_psn;
2308 attr->dest_qp_num = cmd.dest_qp_num;
2309 attr->qp_access_flags = cmd.qp_access_flags;
2310 attr->pkey_index = cmd.pkey_index;
2311 attr->alt_pkey_index = cmd.alt_pkey_index;
2312 attr->en_sqd_async_notify = cmd.en_sqd_async_notify;
2313 attr->max_rd_atomic = cmd.max_rd_atomic;
2314 attr->max_dest_rd_atomic = cmd.max_dest_rd_atomic;
2315 attr->min_rnr_timer = cmd.min_rnr_timer;
2316 attr->port_num = cmd.port_num;
2317 attr->timeout = cmd.timeout;
2318 attr->retry_cnt = cmd.retry_cnt;
2319 attr->rnr_retry = cmd.rnr_retry;
2320 attr->alt_port_num = cmd.alt_port_num;
2321 attr->alt_timeout = cmd.alt_timeout;
2323 memcpy(attr->ah_attr.grh.dgid.raw, cmd.dest.dgid, 16);
2324 attr->ah_attr.grh.flow_label = cmd.dest.flow_label;
2325 attr->ah_attr.grh.sgid_index = cmd.dest.sgid_index;
2326 attr->ah_attr.grh.hop_limit = cmd.dest.hop_limit;
2327 attr->ah_attr.grh.traffic_class = cmd.dest.traffic_class;
2328 attr->ah_attr.dlid = cmd.dest.dlid;
2329 attr->ah_attr.sl = cmd.dest.sl;
2330 attr->ah_attr.src_path_bits = cmd.dest.src_path_bits;
2331 attr->ah_attr.static_rate = cmd.dest.static_rate;
2332 attr->ah_attr.ah_flags = cmd.dest.is_global ? IB_AH_GRH : 0;
2333 attr->ah_attr.port_num = cmd.dest.port_num;
2335 memcpy(attr->alt_ah_attr.grh.dgid.raw, cmd.alt_dest.dgid, 16);
2336 attr->alt_ah_attr.grh.flow_label = cmd.alt_dest.flow_label;
2337 attr->alt_ah_attr.grh.sgid_index = cmd.alt_dest.sgid_index;
2338 attr->alt_ah_attr.grh.hop_limit = cmd.alt_dest.hop_limit;
2339 attr->alt_ah_attr.grh.traffic_class = cmd.alt_dest.traffic_class;
2340 attr->alt_ah_attr.dlid = cmd.alt_dest.dlid;
2341 attr->alt_ah_attr.sl = cmd.alt_dest.sl;
2342 attr->alt_ah_attr.src_path_bits = cmd.alt_dest.src_path_bits;
2343 attr->alt_ah_attr.static_rate = cmd.alt_dest.static_rate;
2344 attr->alt_ah_attr.ah_flags = cmd.alt_dest.is_global ? IB_AH_GRH : 0;
2345 attr->alt_ah_attr.port_num = cmd.alt_dest.port_num;
2347 if (qp->real_qp == qp) {
2348 ret = ib_resolve_eth_dmac(qp, attr, &cmd.attr_mask);
2351 ret = qp->device->modify_qp(qp, attr,
2352 modify_qp_mask(qp->qp_type, cmd.attr_mask), &udata);
2354 ret = ib_modify_qp(qp, attr, modify_qp_mask(qp->qp_type, cmd.attr_mask));
2371 ssize_t ib_uverbs_destroy_qp(struct ib_uverbs_file *file,
2372 struct ib_device *ib_dev,
2373 const char __user *buf, int in_len,
2376 struct ib_uverbs_destroy_qp cmd;
2377 struct ib_uverbs_destroy_qp_resp resp;
2378 struct ib_uobject *uobj;
2380 struct ib_uqp_object *obj;
2383 if (copy_from_user(&cmd, buf, sizeof cmd))
2386 memset(&resp, 0, sizeof resp);
2388 uobj = idr_write_uobj(&ib_uverbs_qp_idr, cmd.qp_handle, file->ucontext);
2392 obj = container_of(uobj, struct ib_uqp_object, uevent.uobject);
2394 if (!list_empty(&obj->mcast_list)) {
2395 put_uobj_write(uobj);
2399 ret = ib_destroy_qp(qp);
2403 put_uobj_write(uobj);
2409 atomic_dec(&obj->uxrcd->refcnt);
2411 idr_remove_uobj(&ib_uverbs_qp_idr, uobj);
2413 mutex_lock(&file->mutex);
2414 list_del(&uobj->list);
2415 mutex_unlock(&file->mutex);
2417 ib_uverbs_release_uevent(file, &obj->uevent);
2419 resp.events_reported = obj->uevent.events_reported;
2423 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2424 &resp, sizeof resp))
2430 static void *alloc_wr(size_t wr_size, __u32 num_sge)
2432 return kmalloc(ALIGN(wr_size, sizeof (struct ib_sge)) +
2433 num_sge * sizeof (struct ib_sge), GFP_KERNEL);
2436 ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
2437 struct ib_device *ib_dev,
2438 const char __user *buf, int in_len,
2441 struct ib_uverbs_post_send cmd;
2442 struct ib_uverbs_post_send_resp resp;
2443 struct ib_uverbs_send_wr *user_wr;
2444 struct ib_send_wr *wr = NULL, *last, *next, *bad_wr;
2448 ssize_t ret = -EINVAL;
2450 if (copy_from_user(&cmd, buf, sizeof cmd))
2453 if (in_len < sizeof cmd + cmd.wqe_size * cmd.wr_count +
2454 cmd.sge_count * sizeof (struct ib_uverbs_sge))
2457 if (cmd.wqe_size < sizeof (struct ib_uverbs_send_wr))
2460 user_wr = kmalloc(cmd.wqe_size, GFP_KERNEL);
2464 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2468 is_ud = qp->qp_type == IB_QPT_UD;
2471 for (i = 0; i < cmd.wr_count; ++i) {
2472 if (copy_from_user(user_wr,
2473 buf + sizeof cmd + i * cmd.wqe_size,
2479 if (user_wr->num_sge + sg_ind > cmd.sge_count) {
2485 struct ib_ud_wr *ud;
2487 if (user_wr->opcode != IB_WR_SEND &&
2488 user_wr->opcode != IB_WR_SEND_WITH_IMM) {
2493 ud = alloc_wr(sizeof(*ud), user_wr->num_sge);
2499 ud->ah = idr_read_ah(user_wr->wr.ud.ah, file->ucontext);
2505 ud->remote_qpn = user_wr->wr.ud.remote_qpn;
2506 ud->remote_qkey = user_wr->wr.ud.remote_qkey;
2509 } else if (user_wr->opcode == IB_WR_RDMA_WRITE_WITH_IMM ||
2510 user_wr->opcode == IB_WR_RDMA_WRITE ||
2511 user_wr->opcode == IB_WR_RDMA_READ) {
2512 struct ib_rdma_wr *rdma;
2514 rdma = alloc_wr(sizeof(*rdma), user_wr->num_sge);
2520 rdma->remote_addr = user_wr->wr.rdma.remote_addr;
2521 rdma->rkey = user_wr->wr.rdma.rkey;
2524 } else if (user_wr->opcode == IB_WR_ATOMIC_CMP_AND_SWP ||
2525 user_wr->opcode == IB_WR_ATOMIC_FETCH_AND_ADD) {
2526 struct ib_atomic_wr *atomic;
2528 atomic = alloc_wr(sizeof(*atomic), user_wr->num_sge);
2534 atomic->remote_addr = user_wr->wr.atomic.remote_addr;
2535 atomic->compare_add = user_wr->wr.atomic.compare_add;
2536 atomic->swap = user_wr->wr.atomic.swap;
2537 atomic->rkey = user_wr->wr.atomic.rkey;
2540 } else if (user_wr->opcode == IB_WR_SEND ||
2541 user_wr->opcode == IB_WR_SEND_WITH_IMM ||
2542 user_wr->opcode == IB_WR_SEND_WITH_INV) {
2543 next = alloc_wr(sizeof(*next), user_wr->num_sge);
2553 if (user_wr->opcode == IB_WR_SEND_WITH_IMM ||
2554 user_wr->opcode == IB_WR_RDMA_WRITE_WITH_IMM) {
2556 (__be32 __force) user_wr->ex.imm_data;
2557 } else if (user_wr->opcode == IB_WR_SEND_WITH_INV) {
2558 next->ex.invalidate_rkey = user_wr->ex.invalidate_rkey;
2568 next->wr_id = user_wr->wr_id;
2569 next->num_sge = user_wr->num_sge;
2570 next->opcode = user_wr->opcode;
2571 next->send_flags = user_wr->send_flags;
2573 if (next->num_sge) {
2574 next->sg_list = (void *) next +
2575 ALIGN(sizeof *next, sizeof (struct ib_sge));
2576 if (copy_from_user(next->sg_list,
2578 cmd.wr_count * cmd.wqe_size +
2579 sg_ind * sizeof (struct ib_sge),
2580 next->num_sge * sizeof (struct ib_sge))) {
2584 sg_ind += next->num_sge;
2586 next->sg_list = NULL;
2590 ret = qp->device->post_send(qp->real_qp, wr, &bad_wr);
2592 for (next = wr; next; next = next->next) {
2598 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2599 &resp, sizeof resp))
2606 if (is_ud && ud_wr(wr)->ah)
2607 put_ah_read(ud_wr(wr)->ah);
2616 return ret ? ret : in_len;
2619 static struct ib_recv_wr *ib_uverbs_unmarshall_recv(const char __user *buf,
2625 struct ib_uverbs_recv_wr *user_wr;
2626 struct ib_recv_wr *wr = NULL, *last, *next;
2631 if (in_len < wqe_size * wr_count +
2632 sge_count * sizeof (struct ib_uverbs_sge))
2633 return ERR_PTR(-EINVAL);
2635 if (wqe_size < sizeof (struct ib_uverbs_recv_wr))
2636 return ERR_PTR(-EINVAL);
2638 user_wr = kmalloc(wqe_size, GFP_KERNEL);
2640 return ERR_PTR(-ENOMEM);
2644 for (i = 0; i < wr_count; ++i) {
2645 if (copy_from_user(user_wr, buf + i * wqe_size,
2651 if (user_wr->num_sge + sg_ind > sge_count) {
2656 next = kmalloc(ALIGN(sizeof *next, sizeof (struct ib_sge)) +
2657 user_wr->num_sge * sizeof (struct ib_sge),
2671 next->wr_id = user_wr->wr_id;
2672 next->num_sge = user_wr->num_sge;
2674 if (next->num_sge) {
2675 next->sg_list = (void *) next +
2676 ALIGN(sizeof *next, sizeof (struct ib_sge));
2677 if (copy_from_user(next->sg_list,
2678 buf + wr_count * wqe_size +
2679 sg_ind * sizeof (struct ib_sge),
2680 next->num_sge * sizeof (struct ib_sge))) {
2684 sg_ind += next->num_sge;
2686 next->sg_list = NULL;
2701 return ERR_PTR(ret);
2704 ssize_t ib_uverbs_post_recv(struct ib_uverbs_file *file,
2705 struct ib_device *ib_dev,
2706 const char __user *buf, int in_len,
2709 struct ib_uverbs_post_recv cmd;
2710 struct ib_uverbs_post_recv_resp resp;
2711 struct ib_recv_wr *wr, *next, *bad_wr;
2713 ssize_t ret = -EINVAL;
2715 if (copy_from_user(&cmd, buf, sizeof cmd))
2718 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd,
2719 in_len - sizeof cmd, cmd.wr_count,
2720 cmd.sge_count, cmd.wqe_size);
2724 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
2729 ret = qp->device->post_recv(qp->real_qp, wr, &bad_wr);
2734 for (next = wr; next; next = next->next) {
2740 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2741 &resp, sizeof resp))
2751 return ret ? ret : in_len;
2754 ssize_t ib_uverbs_post_srq_recv(struct ib_uverbs_file *file,
2755 struct ib_device *ib_dev,
2756 const char __user *buf, int in_len,
2759 struct ib_uverbs_post_srq_recv cmd;
2760 struct ib_uverbs_post_srq_recv_resp resp;
2761 struct ib_recv_wr *wr, *next, *bad_wr;
2763 ssize_t ret = -EINVAL;
2765 if (copy_from_user(&cmd, buf, sizeof cmd))
2768 wr = ib_uverbs_unmarshall_recv(buf + sizeof cmd,
2769 in_len - sizeof cmd, cmd.wr_count,
2770 cmd.sge_count, cmd.wqe_size);
2774 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
2779 ret = srq->device->post_srq_recv(srq, wr, &bad_wr);
2784 for (next = wr; next; next = next->next) {
2790 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2791 &resp, sizeof resp))
2801 return ret ? ret : in_len;
2804 ssize_t ib_uverbs_create_ah(struct ib_uverbs_file *file,
2805 struct ib_device *ib_dev,
2806 const char __user *buf, int in_len,
2809 struct ib_uverbs_create_ah cmd;
2810 struct ib_uverbs_create_ah_resp resp;
2811 struct ib_uobject *uobj;
2814 struct ib_ah_attr attr;
2817 if (out_len < sizeof resp)
2820 if (copy_from_user(&cmd, buf, sizeof cmd))
2823 uobj = kmalloc(sizeof *uobj, GFP_KERNEL);
2827 init_uobj(uobj, cmd.user_handle, file->ucontext, &ah_lock_class);
2828 down_write(&uobj->mutex);
2830 pd = idr_read_pd(cmd.pd_handle, file->ucontext);
2836 attr.dlid = cmd.attr.dlid;
2837 attr.sl = cmd.attr.sl;
2838 attr.src_path_bits = cmd.attr.src_path_bits;
2839 attr.static_rate = cmd.attr.static_rate;
2840 attr.ah_flags = cmd.attr.is_global ? IB_AH_GRH : 0;
2841 attr.port_num = cmd.attr.port_num;
2842 attr.grh.flow_label = cmd.attr.grh.flow_label;
2843 attr.grh.sgid_index = cmd.attr.grh.sgid_index;
2844 attr.grh.hop_limit = cmd.attr.grh.hop_limit;
2845 attr.grh.traffic_class = cmd.attr.grh.traffic_class;
2846 memset(&attr.dmac, 0, sizeof(attr.dmac));
2847 memcpy(attr.grh.dgid.raw, cmd.attr.grh.dgid, 16);
2849 ah = ib_create_ah(pd, &attr);
2858 ret = idr_add_uobj(&ib_uverbs_ah_idr, uobj);
2862 resp.ah_handle = uobj->id;
2864 if (copy_to_user((void __user *) (unsigned long) cmd.response,
2865 &resp, sizeof resp)) {
2872 mutex_lock(&file->mutex);
2873 list_add_tail(&uobj->list, &file->ucontext->ah_list);
2874 mutex_unlock(&file->mutex);
2878 up_write(&uobj->mutex);
2883 idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
2892 put_uobj_write(uobj);
2896 ssize_t ib_uverbs_destroy_ah(struct ib_uverbs_file *file,
2897 struct ib_device *ib_dev,
2898 const char __user *buf, int in_len, int out_len)
2900 struct ib_uverbs_destroy_ah cmd;
2902 struct ib_uobject *uobj;
2905 if (copy_from_user(&cmd, buf, sizeof cmd))
2908 uobj = idr_write_uobj(&ib_uverbs_ah_idr, cmd.ah_handle, file->ucontext);
2913 ret = ib_destroy_ah(ah);
2917 put_uobj_write(uobj);
2922 idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
2924 mutex_lock(&file->mutex);
2925 list_del(&uobj->list);
2926 mutex_unlock(&file->mutex);
2933 ssize_t ib_uverbs_attach_mcast(struct ib_uverbs_file *file,
2934 struct ib_device *ib_dev,
2935 const char __user *buf, int in_len,
2938 struct ib_uverbs_attach_mcast cmd;
2940 struct ib_uqp_object *obj;
2941 struct ib_uverbs_mcast_entry *mcast;
2944 if (copy_from_user(&cmd, buf, sizeof cmd))
2947 qp = idr_write_qp(cmd.qp_handle, file->ucontext);
2951 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
2953 list_for_each_entry(mcast, &obj->mcast_list, list)
2954 if (cmd.mlid == mcast->lid &&
2955 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
2960 mcast = kmalloc(sizeof *mcast, GFP_KERNEL);
2966 mcast->lid = cmd.mlid;
2967 memcpy(mcast->gid.raw, cmd.gid, sizeof mcast->gid.raw);
2969 ret = ib_attach_mcast(qp, &mcast->gid, cmd.mlid);
2971 list_add_tail(&mcast->list, &obj->mcast_list);
2978 return ret ? ret : in_len;
2981 ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *file,
2982 struct ib_device *ib_dev,
2983 const char __user *buf, int in_len,
2986 struct ib_uverbs_detach_mcast cmd;
2987 struct ib_uqp_object *obj;
2989 struct ib_uverbs_mcast_entry *mcast;
2992 if (copy_from_user(&cmd, buf, sizeof cmd))
2995 qp = idr_write_qp(cmd.qp_handle, file->ucontext);
2999 ret = ib_detach_mcast(qp, (union ib_gid *) cmd.gid, cmd.mlid);
3003 obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
3005 list_for_each_entry(mcast, &obj->mcast_list, list)
3006 if (cmd.mlid == mcast->lid &&
3007 !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
3008 list_del(&mcast->list);
3016 return ret ? ret : in_len;
3019 static int kern_spec_to_ib_spec(struct ib_uverbs_flow_spec *kern_spec,
3020 union ib_flow_spec *ib_spec)
3022 if (kern_spec->reserved)
3025 ib_spec->type = kern_spec->type;
3027 switch (ib_spec->type) {
3028 case IB_FLOW_SPEC_ETH:
3029 ib_spec->eth.size = sizeof(struct ib_flow_spec_eth);
3030 if (ib_spec->eth.size != kern_spec->eth.size)
3032 memcpy(&ib_spec->eth.val, &kern_spec->eth.val,
3033 sizeof(struct ib_flow_eth_filter));
3034 memcpy(&ib_spec->eth.mask, &kern_spec->eth.mask,
3035 sizeof(struct ib_flow_eth_filter));
3037 case IB_FLOW_SPEC_IPV4:
3038 ib_spec->ipv4.size = sizeof(struct ib_flow_spec_ipv4);
3039 if (ib_spec->ipv4.size != kern_spec->ipv4.size)
3041 memcpy(&ib_spec->ipv4.val, &kern_spec->ipv4.val,
3042 sizeof(struct ib_flow_ipv4_filter));
3043 memcpy(&ib_spec->ipv4.mask, &kern_spec->ipv4.mask,
3044 sizeof(struct ib_flow_ipv4_filter));
3046 case IB_FLOW_SPEC_TCP:
3047 case IB_FLOW_SPEC_UDP:
3048 ib_spec->tcp_udp.size = sizeof(struct ib_flow_spec_tcp_udp);
3049 if (ib_spec->tcp_udp.size != kern_spec->tcp_udp.size)
3051 memcpy(&ib_spec->tcp_udp.val, &kern_spec->tcp_udp.val,
3052 sizeof(struct ib_flow_tcp_udp_filter));
3053 memcpy(&ib_spec->tcp_udp.mask, &kern_spec->tcp_udp.mask,
3054 sizeof(struct ib_flow_tcp_udp_filter));
3062 int ib_uverbs_ex_create_flow(struct ib_uverbs_file *file,
3063 struct ib_device *ib_dev,
3064 struct ib_udata *ucore,
3065 struct ib_udata *uhw)
3067 struct ib_uverbs_create_flow cmd;
3068 struct ib_uverbs_create_flow_resp resp;
3069 struct ib_uobject *uobj;
3070 struct ib_flow *flow_id;
3071 struct ib_uverbs_flow_attr *kern_flow_attr;
3072 struct ib_flow_attr *flow_attr;
3079 if (ucore->inlen < sizeof(cmd))
3082 if (ucore->outlen < sizeof(resp))
3085 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
3089 ucore->inbuf += sizeof(cmd);
3090 ucore->inlen -= sizeof(cmd);
3095 if ((cmd.flow_attr.type == IB_FLOW_ATTR_SNIFFER &&
3096 !capable(CAP_NET_ADMIN)) || !capable(CAP_NET_RAW))
3099 if (cmd.flow_attr.num_of_specs > IB_FLOW_SPEC_SUPPORT_LAYERS)
3102 if (cmd.flow_attr.size > ucore->inlen ||
3103 cmd.flow_attr.size >
3104 (cmd.flow_attr.num_of_specs * sizeof(struct ib_uverbs_flow_spec)))
3107 if (cmd.flow_attr.reserved[0] ||
3108 cmd.flow_attr.reserved[1])
3111 if (cmd.flow_attr.num_of_specs) {
3112 kern_flow_attr = kmalloc(sizeof(*kern_flow_attr) + cmd.flow_attr.size,
3114 if (!kern_flow_attr)
3117 memcpy(kern_flow_attr, &cmd.flow_attr, sizeof(*kern_flow_attr));
3118 err = ib_copy_from_udata(kern_flow_attr + 1, ucore,
3119 cmd.flow_attr.size);
3123 kern_flow_attr = &cmd.flow_attr;
3126 uobj = kmalloc(sizeof(*uobj), GFP_KERNEL);
3131 init_uobj(uobj, 0, file->ucontext, &rule_lock_class);
3132 down_write(&uobj->mutex);
3134 qp = idr_read_qp(cmd.qp_handle, file->ucontext);
3140 flow_attr = kmalloc(sizeof(*flow_attr) + cmd.flow_attr.size, GFP_KERNEL);
3146 flow_attr->type = kern_flow_attr->type;
3147 flow_attr->priority = kern_flow_attr->priority;
3148 flow_attr->num_of_specs = kern_flow_attr->num_of_specs;
3149 flow_attr->port = kern_flow_attr->port;
3150 flow_attr->flags = kern_flow_attr->flags;
3151 flow_attr->size = sizeof(*flow_attr);
3153 kern_spec = kern_flow_attr + 1;
3154 ib_spec = flow_attr + 1;
3155 for (i = 0; i < flow_attr->num_of_specs &&
3156 cmd.flow_attr.size > offsetof(struct ib_uverbs_flow_spec, reserved) &&
3157 cmd.flow_attr.size >=
3158 ((struct ib_uverbs_flow_spec *)kern_spec)->size; i++) {
3159 err = kern_spec_to_ib_spec(kern_spec, ib_spec);
3163 ((union ib_flow_spec *) ib_spec)->size;
3164 cmd.flow_attr.size -= ((struct ib_uverbs_flow_spec *)kern_spec)->size;
3165 kern_spec += ((struct ib_uverbs_flow_spec *) kern_spec)->size;
3166 ib_spec += ((union ib_flow_spec *) ib_spec)->size;
3168 if (cmd.flow_attr.size || (i != flow_attr->num_of_specs)) {
3169 pr_warn("create flow failed, flow %d: %d bytes left from uverb cmd\n",
3170 i, cmd.flow_attr.size);
3174 flow_id = ib_create_flow(qp, flow_attr, IB_FLOW_DOMAIN_USER);
3175 if (IS_ERR(flow_id)) {
3176 err = PTR_ERR(flow_id);
3180 flow_id->uobject = uobj;
3181 uobj->object = flow_id;
3183 err = idr_add_uobj(&ib_uverbs_rule_idr, uobj);
3187 memset(&resp, 0, sizeof(resp));
3188 resp.flow_handle = uobj->id;
3190 err = ib_copy_to_udata(ucore,
3191 &resp, sizeof(resp));
3196 mutex_lock(&file->mutex);
3197 list_add_tail(&uobj->list, &file->ucontext->rule_list);
3198 mutex_unlock(&file->mutex);
3202 up_write(&uobj->mutex);
3204 if (cmd.flow_attr.num_of_specs)
3205 kfree(kern_flow_attr);
3208 idr_remove_uobj(&ib_uverbs_rule_idr, uobj);
3210 ib_destroy_flow(flow_id);
3216 put_uobj_write(uobj);
3218 if (cmd.flow_attr.num_of_specs)
3219 kfree(kern_flow_attr);
3223 int ib_uverbs_ex_destroy_flow(struct ib_uverbs_file *file,
3224 struct ib_device *ib_dev,
3225 struct ib_udata *ucore,
3226 struct ib_udata *uhw)
3228 struct ib_uverbs_destroy_flow cmd;
3229 struct ib_flow *flow_id;
3230 struct ib_uobject *uobj;
3233 if (ucore->inlen < sizeof(cmd))
3236 ret = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
3243 uobj = idr_write_uobj(&ib_uverbs_rule_idr, cmd.flow_handle,
3247 flow_id = uobj->object;
3249 ret = ib_destroy_flow(flow_id);
3253 put_uobj_write(uobj);
3255 idr_remove_uobj(&ib_uverbs_rule_idr, uobj);
3257 mutex_lock(&file->mutex);
3258 list_del(&uobj->list);
3259 mutex_unlock(&file->mutex);
3266 static int __uverbs_create_xsrq(struct ib_uverbs_file *file,
3267 struct ib_device *ib_dev,
3268 struct ib_uverbs_create_xsrq *cmd,
3269 struct ib_udata *udata)
3271 struct ib_uverbs_create_srq_resp resp;
3272 struct ib_usrq_object *obj;
3275 struct ib_uobject *uninitialized_var(xrcd_uobj);
3276 struct ib_srq_init_attr attr;
3279 obj = kmalloc(sizeof *obj, GFP_KERNEL);
3283 init_uobj(&obj->uevent.uobject, cmd->user_handle, file->ucontext, &srq_lock_class);
3284 down_write(&obj->uevent.uobject.mutex);
3286 if (cmd->srq_type == IB_SRQT_XRC) {
3287 attr.ext.xrc.xrcd = idr_read_xrcd(cmd->xrcd_handle, file->ucontext, &xrcd_uobj);
3288 if (!attr.ext.xrc.xrcd) {
3293 obj->uxrcd = container_of(xrcd_uobj, struct ib_uxrcd_object, uobject);
3294 atomic_inc(&obj->uxrcd->refcnt);
3296 attr.ext.xrc.cq = idr_read_cq(cmd->cq_handle, file->ucontext, 0);
3297 if (!attr.ext.xrc.cq) {
3303 pd = idr_read_pd(cmd->pd_handle, file->ucontext);
3309 attr.event_handler = ib_uverbs_srq_event_handler;
3310 attr.srq_context = file;
3311 attr.srq_type = cmd->srq_type;
3312 attr.attr.max_wr = cmd->max_wr;
3313 attr.attr.max_sge = cmd->max_sge;
3314 attr.attr.srq_limit = cmd->srq_limit;
3316 obj->uevent.events_reported = 0;
3317 INIT_LIST_HEAD(&obj->uevent.event_list);
3319 srq = pd->device->create_srq(pd, &attr, udata);
3325 srq->device = pd->device;
3327 srq->srq_type = cmd->srq_type;
3328 srq->uobject = &obj->uevent.uobject;
3329 srq->event_handler = attr.event_handler;
3330 srq->srq_context = attr.srq_context;
3332 if (cmd->srq_type == IB_SRQT_XRC) {
3333 srq->ext.xrc.cq = attr.ext.xrc.cq;
3334 srq->ext.xrc.xrcd = attr.ext.xrc.xrcd;
3335 atomic_inc(&attr.ext.xrc.cq->usecnt);
3336 atomic_inc(&attr.ext.xrc.xrcd->usecnt);
3339 atomic_inc(&pd->usecnt);
3340 atomic_set(&srq->usecnt, 0);
3342 obj->uevent.uobject.object = srq;
3343 ret = idr_add_uobj(&ib_uverbs_srq_idr, &obj->uevent.uobject);
3347 memset(&resp, 0, sizeof resp);
3348 resp.srq_handle = obj->uevent.uobject.id;
3349 resp.max_wr = attr.attr.max_wr;
3350 resp.max_sge = attr.attr.max_sge;
3351 if (cmd->srq_type == IB_SRQT_XRC)
3352 resp.srqn = srq->ext.xrc.srq_num;
3354 if (copy_to_user((void __user *) (unsigned long) cmd->response,
3355 &resp, sizeof resp)) {
3360 if (cmd->srq_type == IB_SRQT_XRC) {
3361 put_uobj_read(xrcd_uobj);
3362 put_cq_read(attr.ext.xrc.cq);
3366 mutex_lock(&file->mutex);
3367 list_add_tail(&obj->uevent.uobject.list, &file->ucontext->srq_list);
3368 mutex_unlock(&file->mutex);
3370 obj->uevent.uobject.live = 1;
3372 up_write(&obj->uevent.uobject.mutex);
3377 idr_remove_uobj(&ib_uverbs_srq_idr, &obj->uevent.uobject);
3380 ib_destroy_srq(srq);
3386 if (cmd->srq_type == IB_SRQT_XRC)
3387 put_cq_read(attr.ext.xrc.cq);
3390 if (cmd->srq_type == IB_SRQT_XRC) {
3391 atomic_dec(&obj->uxrcd->refcnt);
3392 put_uobj_read(xrcd_uobj);
3396 put_uobj_write(&obj->uevent.uobject);
3400 ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file,
3401 struct ib_device *ib_dev,
3402 const char __user *buf, int in_len,
3405 struct ib_uverbs_create_srq cmd;
3406 struct ib_uverbs_create_xsrq xcmd;
3407 struct ib_uverbs_create_srq_resp resp;
3408 struct ib_udata udata;
3411 if (out_len < sizeof resp)
3414 if (copy_from_user(&cmd, buf, sizeof cmd))
3417 xcmd.response = cmd.response;
3418 xcmd.user_handle = cmd.user_handle;
3419 xcmd.srq_type = IB_SRQT_BASIC;
3420 xcmd.pd_handle = cmd.pd_handle;
3421 xcmd.max_wr = cmd.max_wr;
3422 xcmd.max_sge = cmd.max_sge;
3423 xcmd.srq_limit = cmd.srq_limit;
3425 INIT_UDATA(&udata, buf + sizeof cmd,
3426 (unsigned long) cmd.response + sizeof resp,
3427 in_len - sizeof cmd, out_len - sizeof resp);
3429 ret = __uverbs_create_xsrq(file, ib_dev, &xcmd, &udata);
3436 ssize_t ib_uverbs_create_xsrq(struct ib_uverbs_file *file,
3437 struct ib_device *ib_dev,
3438 const char __user *buf, int in_len, int out_len)
3440 struct ib_uverbs_create_xsrq cmd;
3441 struct ib_uverbs_create_srq_resp resp;
3442 struct ib_udata udata;
3445 if (out_len < sizeof resp)
3448 if (copy_from_user(&cmd, buf, sizeof cmd))
3451 INIT_UDATA(&udata, buf + sizeof cmd,
3452 (unsigned long) cmd.response + sizeof resp,
3453 in_len - sizeof cmd, out_len - sizeof resp);
3455 ret = __uverbs_create_xsrq(file, ib_dev, &cmd, &udata);
3462 ssize_t ib_uverbs_modify_srq(struct ib_uverbs_file *file,
3463 struct ib_device *ib_dev,
3464 const char __user *buf, int in_len,
3467 struct ib_uverbs_modify_srq cmd;
3468 struct ib_udata udata;
3470 struct ib_srq_attr attr;
3473 if (copy_from_user(&cmd, buf, sizeof cmd))
3476 INIT_UDATA(&udata, buf + sizeof cmd, NULL, in_len - sizeof cmd,
3479 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
3483 attr.max_wr = cmd.max_wr;
3484 attr.srq_limit = cmd.srq_limit;
3486 ret = srq->device->modify_srq(srq, &attr, cmd.attr_mask, &udata);
3490 return ret ? ret : in_len;
3493 ssize_t ib_uverbs_query_srq(struct ib_uverbs_file *file,
3494 struct ib_device *ib_dev,
3495 const char __user *buf,
3496 int in_len, int out_len)
3498 struct ib_uverbs_query_srq cmd;
3499 struct ib_uverbs_query_srq_resp resp;
3500 struct ib_srq_attr attr;
3504 if (out_len < sizeof resp)
3507 if (copy_from_user(&cmd, buf, sizeof cmd))
3510 srq = idr_read_srq(cmd.srq_handle, file->ucontext);
3514 ret = ib_query_srq(srq, &attr);
3521 memset(&resp, 0, sizeof resp);
3523 resp.max_wr = attr.max_wr;
3524 resp.max_sge = attr.max_sge;
3525 resp.srq_limit = attr.srq_limit;
3527 if (copy_to_user((void __user *) (unsigned long) cmd.response,
3528 &resp, sizeof resp))
3534 ssize_t ib_uverbs_destroy_srq(struct ib_uverbs_file *file,
3535 struct ib_device *ib_dev,
3536 const char __user *buf, int in_len,
3539 struct ib_uverbs_destroy_srq cmd;
3540 struct ib_uverbs_destroy_srq_resp resp;
3541 struct ib_uobject *uobj;
3543 struct ib_uevent_object *obj;
3545 struct ib_usrq_object *us;
3546 enum ib_srq_type srq_type;
3548 if (copy_from_user(&cmd, buf, sizeof cmd))
3551 uobj = idr_write_uobj(&ib_uverbs_srq_idr, cmd.srq_handle, file->ucontext);
3555 obj = container_of(uobj, struct ib_uevent_object, uobject);
3556 srq_type = srq->srq_type;
3558 ret = ib_destroy_srq(srq);
3562 put_uobj_write(uobj);
3567 if (srq_type == IB_SRQT_XRC) {
3568 us = container_of(obj, struct ib_usrq_object, uevent);
3569 atomic_dec(&us->uxrcd->refcnt);
3572 idr_remove_uobj(&ib_uverbs_srq_idr, uobj);
3574 mutex_lock(&file->mutex);
3575 list_del(&uobj->list);
3576 mutex_unlock(&file->mutex);
3578 ib_uverbs_release_uevent(file, obj);
3580 memset(&resp, 0, sizeof resp);
3581 resp.events_reported = obj->events_reported;
3585 if (copy_to_user((void __user *) (unsigned long) cmd.response,
3586 &resp, sizeof resp))
3589 return ret ? ret : in_len;
3592 int ib_uverbs_ex_query_device(struct ib_uverbs_file *file,
3593 struct ib_device *ib_dev,
3594 struct ib_udata *ucore,
3595 struct ib_udata *uhw)
3597 struct ib_uverbs_ex_query_device_resp resp;
3598 struct ib_uverbs_ex_query_device cmd;
3599 struct ib_device_attr attr;
3602 if (ucore->inlen < sizeof(cmd))
3605 err = ib_copy_from_udata(&cmd, ucore, sizeof(cmd));
3615 resp.response_length = offsetof(typeof(resp), odp_caps);
3617 if (ucore->outlen < resp.response_length)
3620 memset(&attr, 0, sizeof(attr));
3622 err = ib_dev->query_device(ib_dev, &attr, uhw);
3626 copy_query_dev_fields(file, ib_dev, &resp.base, &attr);
3629 if (ucore->outlen < resp.response_length + sizeof(resp.odp_caps))
3632 #ifdef CONFIG_INFINIBAND_ON_DEMAND_PAGING
3633 resp.odp_caps.general_caps = attr.odp_caps.general_caps;
3634 resp.odp_caps.per_transport_caps.rc_odp_caps =
3635 attr.odp_caps.per_transport_caps.rc_odp_caps;
3636 resp.odp_caps.per_transport_caps.uc_odp_caps =
3637 attr.odp_caps.per_transport_caps.uc_odp_caps;
3638 resp.odp_caps.per_transport_caps.ud_odp_caps =
3639 attr.odp_caps.per_transport_caps.ud_odp_caps;
3640 resp.odp_caps.reserved = 0;
3642 memset(&resp.odp_caps, 0, sizeof(resp.odp_caps));
3644 resp.response_length += sizeof(resp.odp_caps);
3646 if (ucore->outlen < resp.response_length + sizeof(resp.timestamp_mask))
3649 resp.timestamp_mask = attr.timestamp_mask;
3650 resp.response_length += sizeof(resp.timestamp_mask);
3652 if (ucore->outlen < resp.response_length + sizeof(resp.hca_core_clock))
3655 resp.hca_core_clock = attr.hca_core_clock;
3656 resp.response_length += sizeof(resp.hca_core_clock);
3659 err = ib_copy_to_udata(ucore, &resp, resp.response_length);
projects / linux-2.6-block.git / blob