1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause OR GPL-2.0
3  *
4  * Copyright (c) 2005 Topspin Communications.  All rights reserved.
5  * Copyright (c) 2005, 2006 Cisco Systems.  All rights reserved.
6  * Copyright (c) 2005 Mellanox Technologies. All rights reserved.
7  * Copyright (c) 2005 Voltaire, Inc. All rights reserved.
8  * Copyright (c) 2005 PathScale, Inc. All rights reserved.
9  *
10  * This software is available to you under a choice of one of two
11  * licenses.  You may choose to be licensed under the terms of the GNU
12  * General Public License (GPL) Version 2, available from the file
13  * COPYING in the main directory of this source tree, or the
14  * OpenIB.org BSD license below:
15  *
16  *     Redistribution and use in source and binary forms, with or
17  *     without modification, are permitted provided that the following
18  *     conditions are met:
19  *
20  *      - Redistributions of source code must retain the above
21  *        copyright notice, this list of conditions and the following
22  *        disclaimer.
23  *
24  *      - Redistributions in binary form must reproduce the above
25  *        copyright notice, this list of conditions and the following
26  *        disclaimer in the documentation and/or other materials
27  *        provided with the distribution.
28  *
29  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
30  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
31  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
32  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
33  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
34  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
35  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
36  * SOFTWARE.
37  */
38 
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
41 
42 #include <linux/module.h>
43 #include <linux/device.h>
44 #include <linux/err.h>
45 #include <linux/fs.h>
46 #include <linux/poll.h>
47 #include <linux/sched.h>
48 #include <linux/file.h>
49 #include <linux/cdev.h>
50 #include <linux/slab.h>
51 #include <linux/pci.h>
52 
53 #include <asm/uaccess.h>
54 
55 #include <rdma/ib.h>
56 
57 #include "uverbs.h"
58 
59 MODULE_AUTHOR("Roland Dreier");
60 MODULE_DESCRIPTION("InfiniBand userspace verbs access");
61 MODULE_LICENSE("Dual BSD/GPL");
62 
63 enum {
64 	IB_UVERBS_MAJOR       = 231,
65 	IB_UVERBS_BASE_MINOR  = 192,
66 	IB_UVERBS_MAX_DEVICES = 32
67 };
68 
69 #define IB_UVERBS_BASE_DEV	MKDEV(IB_UVERBS_MAJOR, IB_UVERBS_BASE_MINOR)
70 
71 static struct class *uverbs_class;
72 
73 DEFINE_SPINLOCK(ib_uverbs_idr_lock);
74 DEFINE_IDR(ib_uverbs_pd_idr);
75 DEFINE_IDR(ib_uverbs_mr_idr);
76 DEFINE_IDR(ib_uverbs_mw_idr);
77 DEFINE_IDR(ib_uverbs_ah_idr);
78 DEFINE_IDR(ib_uverbs_cq_idr);
79 DEFINE_IDR(ib_uverbs_qp_idr);
80 DEFINE_IDR(ib_uverbs_srq_idr);
81 DEFINE_IDR(ib_uverbs_xrcd_idr);
82 DEFINE_IDR(ib_uverbs_rule_idr);
83 DEFINE_IDR(ib_uverbs_wq_idr);
84 DEFINE_IDR(ib_uverbs_rwq_ind_tbl_idr);
85 
86 static DEFINE_SPINLOCK(map_lock);
87 static DECLARE_BITMAP(dev_map, IB_UVERBS_MAX_DEVICES);
88 
89 static ssize_t (*uverbs_cmd_table[])(struct ib_uverbs_file *file,
90 				     struct ib_device *ib_dev,
91 				     const char __user *buf, int in_len,
92 				     int out_len) = {
93 	[IB_USER_VERBS_CMD_GET_CONTEXT]		= ib_uverbs_get_context,
94 	[IB_USER_VERBS_CMD_QUERY_DEVICE]	= ib_uverbs_query_device,
95 	[IB_USER_VERBS_CMD_QUERY_PORT]		= ib_uverbs_query_port,
96 	[IB_USER_VERBS_CMD_ALLOC_PD]		= ib_uverbs_alloc_pd,
97 	[IB_USER_VERBS_CMD_DEALLOC_PD]		= ib_uverbs_dealloc_pd,
98 	[IB_USER_VERBS_CMD_REG_MR]		= ib_uverbs_reg_mr,
99 	[IB_USER_VERBS_CMD_REREG_MR]		= ib_uverbs_rereg_mr,
100 	[IB_USER_VERBS_CMD_DEREG_MR]		= ib_uverbs_dereg_mr,
101 	[IB_USER_VERBS_CMD_ALLOC_MW]		= ib_uverbs_alloc_mw,
102 	[IB_USER_VERBS_CMD_DEALLOC_MW]		= ib_uverbs_dealloc_mw,
103 	[IB_USER_VERBS_CMD_CREATE_COMP_CHANNEL] = ib_uverbs_create_comp_channel,
104 	[IB_USER_VERBS_CMD_CREATE_CQ]		= ib_uverbs_create_cq,
105 	[IB_USER_VERBS_CMD_RESIZE_CQ]		= ib_uverbs_resize_cq,
106 	[IB_USER_VERBS_CMD_POLL_CQ]		= ib_uverbs_poll_cq,
107 	[IB_USER_VERBS_CMD_REQ_NOTIFY_CQ]	= ib_uverbs_req_notify_cq,
108 	[IB_USER_VERBS_CMD_DESTROY_CQ]		= ib_uverbs_destroy_cq,
109 	[IB_USER_VERBS_CMD_CREATE_QP]		= ib_uverbs_create_qp,
110 	[IB_USER_VERBS_CMD_QUERY_QP]		= ib_uverbs_query_qp,
111 	[IB_USER_VERBS_CMD_MODIFY_QP]		= ib_uverbs_modify_qp,
112 	[IB_USER_VERBS_CMD_DESTROY_QP]		= ib_uverbs_destroy_qp,
113 	[IB_USER_VERBS_CMD_POST_SEND]		= ib_uverbs_post_send,
114 	[IB_USER_VERBS_CMD_POST_RECV]		= ib_uverbs_post_recv,
115 	[IB_USER_VERBS_CMD_POST_SRQ_RECV]	= ib_uverbs_post_srq_recv,
116 	[IB_USER_VERBS_CMD_CREATE_AH]		= ib_uverbs_create_ah,
117 	[IB_USER_VERBS_CMD_DESTROY_AH]		= ib_uverbs_destroy_ah,
118 	[IB_USER_VERBS_CMD_ATTACH_MCAST]	= ib_uverbs_attach_mcast,
119 	[IB_USER_VERBS_CMD_DETACH_MCAST]	= ib_uverbs_detach_mcast,
120 	[IB_USER_VERBS_CMD_CREATE_SRQ]		= ib_uverbs_create_srq,
121 	[IB_USER_VERBS_CMD_MODIFY_SRQ]		= ib_uverbs_modify_srq,
122 	[IB_USER_VERBS_CMD_QUERY_SRQ]		= ib_uverbs_query_srq,
123 	[IB_USER_VERBS_CMD_DESTROY_SRQ]		= ib_uverbs_destroy_srq,
124 	[IB_USER_VERBS_CMD_OPEN_XRCD]		= ib_uverbs_open_xrcd,
125 	[IB_USER_VERBS_CMD_CLOSE_XRCD]		= ib_uverbs_close_xrcd,
126 	[IB_USER_VERBS_CMD_CREATE_XSRQ]		= ib_uverbs_create_xsrq,
127 	[IB_USER_VERBS_CMD_OPEN_QP]		= ib_uverbs_open_qp,
128 };
129 
130 static int (*uverbs_ex_cmd_table[])(struct ib_uverbs_file *file,
131 				    struct ib_device *ib_dev,
132 				    struct ib_udata *ucore,
133 				    struct ib_udata *uhw) = {
134 	[IB_USER_VERBS_EX_CMD_CREATE_FLOW]	= ib_uverbs_ex_create_flow,
135 	[IB_USER_VERBS_EX_CMD_DESTROY_FLOW]	= ib_uverbs_ex_destroy_flow,
136 	[IB_USER_VERBS_EX_CMD_QUERY_DEVICE]	= ib_uverbs_ex_query_device,
137 	[IB_USER_VERBS_EX_CMD_CREATE_CQ]	= ib_uverbs_ex_create_cq,
138 	[IB_USER_VERBS_EX_CMD_CREATE_QP]        = ib_uverbs_ex_create_qp,
139 	[IB_USER_VERBS_EX_CMD_CREATE_WQ]        = ib_uverbs_ex_create_wq,
140 	[IB_USER_VERBS_EX_CMD_MODIFY_WQ]        = ib_uverbs_ex_modify_wq,
141 	[IB_USER_VERBS_EX_CMD_DESTROY_WQ]       = ib_uverbs_ex_destroy_wq,
142 	[IB_USER_VERBS_EX_CMD_CREATE_RWQ_IND_TBL] = ib_uverbs_ex_create_rwq_ind_table,
143 	[IB_USER_VERBS_EX_CMD_DESTROY_RWQ_IND_TBL] = ib_uverbs_ex_destroy_rwq_ind_table,
144 };
145 
146 static void ib_uverbs_add_one(struct ib_device *device);
147 static void ib_uverbs_remove_one(struct ib_device *device, void *client_data);
148 
149 /*
150  * Must be called with the ufile->device->disassociate_srcu held, and the lock
151  * must be held until use of the ucontext is finished.
152  */
ib_uverbs_get_ucontext_file(struct ib_uverbs_file * ufile)153 struct ib_ucontext *ib_uverbs_get_ucontext_file(struct ib_uverbs_file *ufile)
154 {
155 	/*
156 	 * We do not hold the hw_destroy_rwsem lock for this flow, instead
157 	 * srcu is used. It does not matter if someone races this with
158 	 * get_context, we get NULL or valid ucontext.
159 	 */
160 	struct ib_ucontext *ucontext = READ_ONCE(ufile->ucontext);
161 
162 	if (!srcu_dereference(ufile->device->ib_dev,
163 			      &ufile->device->disassociate_srcu))
164 		return ERR_PTR(-EIO);
165 
166 	if (!ucontext)
167 		return ERR_PTR(-EINVAL);
168 
169 	return ucontext;
170 }
171 EXPORT_SYMBOL(ib_uverbs_get_ucontext_file);
172 
uverbs_dealloc_mw(struct ib_mw * mw)173 int uverbs_dealloc_mw(struct ib_mw *mw)
174 {
175 	struct ib_pd *pd = mw->pd;
176 	int ret;
177 
178 	ret = mw->device->dealloc_mw(mw);
179 	if (!ret)
180 		atomic_dec(&pd->usecnt);
181 	return ret;
182 }
183 
ib_uverbs_release_dev(struct kobject * kobj)184 static void ib_uverbs_release_dev(struct kobject *kobj)
185 {
186 	struct ib_uverbs_device *dev =
187 		container_of(kobj, struct ib_uverbs_device, kobj);
188 
189 	cleanup_srcu_struct(&dev->disassociate_srcu);
190 	kfree(dev);
191 }
192 
193 static struct kobj_type ib_uverbs_dev_ktype = {
194 	.release = ib_uverbs_release_dev,
195 };
196 
ib_uverbs_release_event_file(struct kref * ref)197 static void ib_uverbs_release_event_file(struct kref *ref)
198 {
199 	struct ib_uverbs_event_file *file =
200 		container_of(ref, struct ib_uverbs_event_file, ref);
201 
202 	kfree(file);
203 }
204 
ib_uverbs_release_ucq(struct ib_uverbs_file * file,struct ib_uverbs_event_file * ev_file,struct ib_ucq_object * uobj)205 void ib_uverbs_release_ucq(struct ib_uverbs_file *file,
206 			  struct ib_uverbs_event_file *ev_file,
207 			  struct ib_ucq_object *uobj)
208 {
209 	struct ib_uverbs_event *evt, *tmp;
210 
211 	if (ev_file) {
212 		spin_lock_irq(&ev_file->lock);
213 		list_for_each_entry_safe(evt, tmp, &uobj->comp_list, obj_list) {
214 			list_del(&evt->list);
215 			kfree(evt);
216 		}
217 		spin_unlock_irq(&ev_file->lock);
218 
219 		kref_put(&ev_file->ref, ib_uverbs_release_event_file);
220 	}
221 
222 	spin_lock_irq(&file->async_file->lock);
223 	list_for_each_entry_safe(evt, tmp, &uobj->async_list, obj_list) {
224 		list_del(&evt->list);
225 		kfree(evt);
226 	}
227 	spin_unlock_irq(&file->async_file->lock);
228 }
229 
ib_uverbs_release_uevent(struct ib_uverbs_file * file,struct ib_uevent_object * uobj)230 void ib_uverbs_release_uevent(struct ib_uverbs_file *file,
231 			      struct ib_uevent_object *uobj)
232 {
233 	struct ib_uverbs_event *evt, *tmp;
234 
235 	spin_lock_irq(&file->async_file->lock);
236 	list_for_each_entry_safe(evt, tmp, &uobj->event_list, obj_list) {
237 		list_del(&evt->list);
238 		kfree(evt);
239 	}
240 	spin_unlock_irq(&file->async_file->lock);
241 }
242 
ib_uverbs_detach_umcast(struct ib_qp * qp,struct ib_uqp_object * uobj)243 static void ib_uverbs_detach_umcast(struct ib_qp *qp,
244 				    struct ib_uqp_object *uobj)
245 {
246 	struct ib_uverbs_mcast_entry *mcast, *tmp;
247 
248 	list_for_each_entry_safe(mcast, tmp, &uobj->mcast_list, list) {
249 		ib_detach_mcast(qp, &mcast->gid, mcast->lid);
250 		list_del(&mcast->list);
251 		kfree(mcast);
252 	}
253 }
254 
ib_uverbs_cleanup_ucontext(struct ib_uverbs_file * file,struct ib_ucontext * context)255 static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file,
256 				      struct ib_ucontext *context)
257 {
258 	struct ib_uobject *uobj, *tmp;
259 
260 	context->closing = 1;
261 
262 	list_for_each_entry_safe(uobj, tmp, &context->ah_list, list) {
263 		struct ib_ah *ah = uobj->object;
264 
265 		idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
266 		ib_destroy_ah(ah);
267 		kfree(uobj);
268 	}
269 
270 	/* Remove MWs before QPs, in order to support type 2A MWs. */
271 	list_for_each_entry_safe(uobj, tmp, &context->mw_list, list) {
272 		struct ib_mw *mw = uobj->object;
273 
274 		idr_remove_uobj(&ib_uverbs_mw_idr, uobj);
275 		uverbs_dealloc_mw(mw);
276 		kfree(uobj);
277 	}
278 
279 	list_for_each_entry_safe(uobj, tmp, &context->rule_list, list) {
280 		struct ib_flow *flow_id = uobj->object;
281 
282 		idr_remove_uobj(&ib_uverbs_rule_idr, uobj);
283 		ib_destroy_flow(flow_id);
284 		kfree(uobj);
285 	}
286 
287 	list_for_each_entry_safe(uobj, tmp, &context->qp_list, list) {
288 		struct ib_qp *qp = uobj->object;
289 		struct ib_uqp_object *uqp =
290 			container_of(uobj, struct ib_uqp_object, uevent.uobject);
291 
292 		idr_remove_uobj(&ib_uverbs_qp_idr, uobj);
293 		if (qp == qp->real_qp)
294 			ib_uverbs_detach_umcast(qp, uqp);
295 		ib_destroy_qp(qp);
296 		ib_uverbs_release_uevent(file, &uqp->uevent);
297 		kfree(uqp);
298 	}
299 
300 	list_for_each_entry_safe(uobj, tmp, &context->rwq_ind_tbl_list, list) {
301 		struct ib_rwq_ind_table *rwq_ind_tbl = uobj->object;
302 		struct ib_wq **ind_tbl = rwq_ind_tbl->ind_tbl;
303 
304 		idr_remove_uobj(&ib_uverbs_rwq_ind_tbl_idr, uobj);
305 		ib_destroy_rwq_ind_table(rwq_ind_tbl);
306 		kfree(ind_tbl);
307 		kfree(uobj);
308 	}
309 
310 	list_for_each_entry_safe(uobj, tmp, &context->wq_list, list) {
311 		struct ib_wq *wq = uobj->object;
312 		struct ib_uwq_object *uwq =
313 			container_of(uobj, struct ib_uwq_object, uevent.uobject);
314 
315 		idr_remove_uobj(&ib_uverbs_wq_idr, uobj);
316 		ib_destroy_wq(wq);
317 		ib_uverbs_release_uevent(file, &uwq->uevent);
318 		kfree(uwq);
319 	}
320 
321 	list_for_each_entry_safe(uobj, tmp, &context->srq_list, list) {
322 		struct ib_srq *srq = uobj->object;
323 		struct ib_uevent_object *uevent =
324 			container_of(uobj, struct ib_uevent_object, uobject);
325 
326 		idr_remove_uobj(&ib_uverbs_srq_idr, uobj);
327 		ib_destroy_srq(srq);
328 		ib_uverbs_release_uevent(file, uevent);
329 		kfree(uevent);
330 	}
331 
332 	list_for_each_entry_safe(uobj, tmp, &context->cq_list, list) {
333 		struct ib_cq *cq = uobj->object;
334 		struct ib_uverbs_event_file *ev_file = cq->cq_context;
335 		struct ib_ucq_object *ucq =
336 			container_of(uobj, struct ib_ucq_object, uobject);
337 
338 		idr_remove_uobj(&ib_uverbs_cq_idr, uobj);
339 		ib_destroy_cq(cq);
340 		ib_uverbs_release_ucq(file, ev_file, ucq);
341 		kfree(ucq);
342 	}
343 
344 	list_for_each_entry_safe(uobj, tmp, &context->mr_list, list) {
345 		struct ib_mr *mr = uobj->object;
346 
347 		idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
348 		ib_dereg_mr(mr);
349 		kfree(uobj);
350 	}
351 
352 	mutex_lock(&file->device->xrcd_tree_mutex);
353 	list_for_each_entry_safe(uobj, tmp, &context->xrcd_list, list) {
354 		struct ib_xrcd *xrcd = uobj->object;
355 		struct ib_uxrcd_object *uxrcd =
356 			container_of(uobj, struct ib_uxrcd_object, uobject);
357 
358 		idr_remove_uobj(&ib_uverbs_xrcd_idr, uobj);
359 		ib_uverbs_dealloc_xrcd(file->device, xrcd);
360 		kfree(uxrcd);
361 	}
362 	mutex_unlock(&file->device->xrcd_tree_mutex);
363 
364 	list_for_each_entry_safe(uobj, tmp, &context->pd_list, list) {
365 		struct ib_pd *pd = uobj->object;
366 
367 		idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
368 		ib_dealloc_pd(pd);
369 		kfree(uobj);
370 	}
371 
372 	put_pid(context->tgid);
373 
374 	return context->device->dealloc_ucontext(context);
375 }
376 
ib_uverbs_comp_dev(struct ib_uverbs_device * dev)377 static void ib_uverbs_comp_dev(struct ib_uverbs_device *dev)
378 {
379 	complete(&dev->comp);
380 }
381 
ib_uverbs_release_file(struct kref * ref)382 static void ib_uverbs_release_file(struct kref *ref)
383 {
384 	struct ib_uverbs_file *file =
385 		container_of(ref, struct ib_uverbs_file, ref);
386 	struct ib_device *ib_dev;
387 	int srcu_key;
388 
389 	srcu_key = srcu_read_lock(&file->device->disassociate_srcu);
390 	ib_dev = srcu_dereference(file->device->ib_dev,
391 				  &file->device->disassociate_srcu);
392 	if (ib_dev && !ib_dev->disassociate_ucontext)
393 		module_put(ib_dev->owner);
394 	srcu_read_unlock(&file->device->disassociate_srcu, srcu_key);
395 
396 	if (atomic_dec_and_test(&file->device->refcount))
397 		ib_uverbs_comp_dev(file->device);
398 
399 	kfree(file);
400 }
401 
ib_uverbs_event_read(struct file * filp,char __user * buf,size_t count,loff_t * pos)402 static ssize_t ib_uverbs_event_read(struct file *filp, char __user *buf,
403 				    size_t count, loff_t *pos)
404 {
405 	struct ib_uverbs_event_file *file = filp->private_data;
406 	struct ib_uverbs_event *event;
407 	int eventsz;
408 	int ret = 0;
409 
410 	spin_lock_irq(&file->lock);
411 
412 	while (list_empty(&file->event_list)) {
413 		spin_unlock_irq(&file->lock);
414 
415 		if (filp->f_flags & O_NONBLOCK)
416 			return -EAGAIN;
417 
418 		if (wait_event_interruptible(file->poll_wait,
419 					     (!list_empty(&file->event_list) ||
420 			/* The barriers built into wait_event_interruptible()
421 			 * and wake_up() guarentee this will see the null set
422 			 * without using RCU
423 			 */
424 					     !file->uverbs_file->device->ib_dev)))
425 			return -ERESTARTSYS;
426 
427 		/* If device was disassociated and no event exists set an error */
428 		if (list_empty(&file->event_list) &&
429 		    !file->uverbs_file->device->ib_dev)
430 			return -EIO;
431 
432 		spin_lock_irq(&file->lock);
433 	}
434 
435 	event = list_entry(file->event_list.next, struct ib_uverbs_event, list);
436 
437 	if (file->is_async)
438 		eventsz = sizeof (struct ib_uverbs_async_event_desc);
439 	else
440 		eventsz = sizeof (struct ib_uverbs_comp_event_desc);
441 
442 	if (eventsz > count) {
443 		ret   = -EINVAL;
444 		event = NULL;
445 	} else {
446 		list_del(file->event_list.next);
447 		if (event->counter) {
448 			++(*event->counter);
449 			list_del(&event->obj_list);
450 		}
451 	}
452 
453 	spin_unlock_irq(&file->lock);
454 
455 	if (event) {
456 		if (copy_to_user(buf, event, eventsz))
457 			ret = -EFAULT;
458 		else
459 			ret = eventsz;
460 	}
461 
462 	kfree(event);
463 
464 	return ret;
465 }
466 
ib_uverbs_event_poll(struct file * filp,struct poll_table_struct * wait)467 static unsigned int ib_uverbs_event_poll(struct file *filp,
468 					 struct poll_table_struct *wait)
469 {
470 	unsigned int pollflags = 0;
471 	struct ib_uverbs_event_file *file = filp->private_data;
472 
473 	poll_wait(filp, &file->poll_wait, wait);
474 
475 	spin_lock_irq(&file->lock);
476 	if (!list_empty(&file->event_list))
477 		pollflags = POLLIN | POLLRDNORM;
478 	spin_unlock_irq(&file->lock);
479 
480 	return pollflags;
481 }
482 
ib_uverbs_event_fasync(int fd,struct file * filp,int on)483 static int ib_uverbs_event_fasync(int fd, struct file *filp, int on)
484 {
485 	struct ib_uverbs_event_file *file = filp->private_data;
486 
487 	return fasync_helper(fd, filp, on, &file->async_queue);
488 }
489 
ib_uverbs_event_close(struct inode * inode,struct file * filp)490 static int ib_uverbs_event_close(struct inode *inode, struct file *filp)
491 {
492 	struct ib_uverbs_event_file *file = filp->private_data;
493 	struct ib_uverbs_event *entry, *tmp;
494 	int closed_already = 0;
495 
496 	mutex_lock(&file->uverbs_file->device->lists_mutex);
497 	spin_lock_irq(&file->lock);
498 	closed_already = file->is_closed;
499 	file->is_closed = 1;
500 	list_for_each_entry_safe(entry, tmp, &file->event_list, list) {
501 		if (entry->counter)
502 			list_del(&entry->obj_list);
503 		kfree(entry);
504 	}
505 	spin_unlock_irq(&file->lock);
506 	if (!closed_already) {
507 		list_del(&file->list);
508 		if (file->is_async)
509 			ib_unregister_event_handler(&file->uverbs_file->
510 				event_handler);
511 	}
512 	mutex_unlock(&file->uverbs_file->device->lists_mutex);
513 
514 	kref_put(&file->uverbs_file->ref, ib_uverbs_release_file);
515 	kref_put(&file->ref, ib_uverbs_release_event_file);
516 
517 	return 0;
518 }
519 
520 static const struct file_operations uverbs_event_fops = {
521 	.owner	 = THIS_MODULE,
522 	.read	 = ib_uverbs_event_read,
523 	.poll    = ib_uverbs_event_poll,
524 	.release = ib_uverbs_event_close,
525 	.fasync  = ib_uverbs_event_fasync,
526 	.llseek	 = no_llseek,
527 };
528 
ib_uverbs_comp_handler(struct ib_cq * cq,void * cq_context)529 void ib_uverbs_comp_handler(struct ib_cq *cq, void *cq_context)
530 {
531 	struct ib_uverbs_event_file    *file = cq_context;
532 	struct ib_ucq_object	       *uobj;
533 	struct ib_uverbs_event	       *entry;
534 	unsigned long			flags;
535 
536 	if (!file)
537 		return;
538 
539 	spin_lock_irqsave(&file->lock, flags);
540 	if (file->is_closed) {
541 		spin_unlock_irqrestore(&file->lock, flags);
542 		return;
543 	}
544 
545 	entry = kmalloc(sizeof *entry, GFP_ATOMIC);
546 	if (!entry) {
547 		spin_unlock_irqrestore(&file->lock, flags);
548 		return;
549 	}
550 
551 	uobj = container_of(cq->uobject, struct ib_ucq_object, uobject);
552 
553 	entry->desc.comp.cq_handle = cq->uobject->user_handle;
554 	entry->counter		   = &uobj->comp_events_reported;
555 
556 	list_add_tail(&entry->list, &file->event_list);
557 	list_add_tail(&entry->obj_list, &uobj->comp_list);
558 	spin_unlock_irqrestore(&file->lock, flags);
559 
560 	wake_up_interruptible(&file->poll_wait);
561 	kill_fasync(&file->async_queue, SIGIO, POLL_IN);
562 }
563 
ib_uverbs_async_handler(struct ib_uverbs_file * file,__u64 element,__u64 event,struct list_head * obj_list,u32 * counter)564 static void ib_uverbs_async_handler(struct ib_uverbs_file *file,
565 				    __u64 element, __u64 event,
566 				    struct list_head *obj_list,
567 				    u32 *counter)
568 {
569 	struct ib_uverbs_event *entry;
570 	unsigned long flags;
571 
572 	spin_lock_irqsave(&file->async_file->lock, flags);
573 	if (file->async_file->is_closed) {
574 		spin_unlock_irqrestore(&file->async_file->lock, flags);
575 		return;
576 	}
577 
578 	entry = kmalloc(sizeof *entry, GFP_ATOMIC);
579 	if (!entry) {
580 		spin_unlock_irqrestore(&file->async_file->lock, flags);
581 		return;
582 	}
583 
584 	entry->desc.async.element    = element;
585 	entry->desc.async.event_type = event;
586 	entry->desc.async.reserved   = 0;
587 	entry->counter               = counter;
588 
589 	list_add_tail(&entry->list, &file->async_file->event_list);
590 	if (obj_list)
591 		list_add_tail(&entry->obj_list, obj_list);
592 	spin_unlock_irqrestore(&file->async_file->lock, flags);
593 
594 	wake_up_interruptible(&file->async_file->poll_wait);
595 	kill_fasync(&file->async_file->async_queue, SIGIO, POLL_IN);
596 }
597 
ib_uverbs_cq_event_handler(struct ib_event * event,void * context_ptr)598 void ib_uverbs_cq_event_handler(struct ib_event *event, void *context_ptr)
599 {
600 	struct ib_ucq_object *uobj = container_of(event->element.cq->uobject,
601 						  struct ib_ucq_object, uobject);
602 
603 	ib_uverbs_async_handler(uobj->uverbs_file, uobj->uobject.user_handle,
604 				event->event, &uobj->async_list,
605 				&uobj->async_events_reported);
606 }
607 
ib_uverbs_qp_event_handler(struct ib_event * event,void * context_ptr)608 void ib_uverbs_qp_event_handler(struct ib_event *event, void *context_ptr)
609 {
610 	struct ib_uevent_object *uobj;
611 
612 	/* for XRC target qp's, check that qp is live */
613 	if (!event->element.qp->uobject || !event->element.qp->uobject->live)
614 		return;
615 
616 	uobj = container_of(event->element.qp->uobject,
617 			    struct ib_uevent_object, uobject);
618 
619 	ib_uverbs_async_handler(context_ptr, uobj->uobject.user_handle,
620 				event->event, &uobj->event_list,
621 				&uobj->events_reported);
622 }
623 
ib_uverbs_wq_event_handler(struct ib_event * event,void * context_ptr)624 void ib_uverbs_wq_event_handler(struct ib_event *event, void *context_ptr)
625 {
626 	struct ib_uevent_object *uobj = container_of(event->element.wq->uobject,
627 						  struct ib_uevent_object, uobject);
628 
629 	ib_uverbs_async_handler(context_ptr, uobj->uobject.user_handle,
630 				event->event, &uobj->event_list,
631 				&uobj->events_reported);
632 }
633 
ib_uverbs_srq_event_handler(struct ib_event * event,void * context_ptr)634 void ib_uverbs_srq_event_handler(struct ib_event *event, void *context_ptr)
635 {
636 	struct ib_uevent_object *uobj;
637 
638 	uobj = container_of(event->element.srq->uobject,
639 			    struct ib_uevent_object, uobject);
640 
641 	ib_uverbs_async_handler(context_ptr, uobj->uobject.user_handle,
642 				event->event, &uobj->event_list,
643 				&uobj->events_reported);
644 }
645 
ib_uverbs_event_handler(struct ib_event_handler * handler,struct ib_event * event)646 void ib_uverbs_event_handler(struct ib_event_handler *handler,
647 			     struct ib_event *event)
648 {
649 	struct ib_uverbs_file *file =
650 		container_of(handler, struct ib_uverbs_file, event_handler);
651 
652 	ib_uverbs_async_handler(file, event->element.port_num, event->event,
653 				NULL, NULL);
654 }
655 
ib_uverbs_free_async_event_file(struct ib_uverbs_file * file)656 void ib_uverbs_free_async_event_file(struct ib_uverbs_file *file)
657 {
658 	kref_put(&file->async_file->ref, ib_uverbs_release_event_file);
659 	file->async_file = NULL;
660 }
661 
ib_uverbs_alloc_event_file(struct ib_uverbs_file * uverbs_file,struct ib_device * ib_dev,int is_async)662 struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file,
663 					struct ib_device	*ib_dev,
664 					int is_async)
665 {
666 	struct ib_uverbs_event_file *ev_file;
667 	struct file *filp;
668 	int ret;
669 
670 	ev_file = kzalloc(sizeof(*ev_file), GFP_KERNEL);
671 	if (!ev_file)
672 		return ERR_PTR(-ENOMEM);
673 
674 	kref_init(&ev_file->ref);
675 	spin_lock_init(&ev_file->lock);
676 	INIT_LIST_HEAD(&ev_file->event_list);
677 	init_waitqueue_head(&ev_file->poll_wait);
678 	ev_file->uverbs_file = uverbs_file;
679 	kref_get(&ev_file->uverbs_file->ref);
680 	ev_file->async_queue = NULL;
681 	ev_file->is_closed   = 0;
682 
683 	/*
684 	 * fops_get() can't fail here, because we're coming from a
685 	 * system call on a uverbs file, which will already have a
686 	 * module reference.
687 	 */
688 	filp = alloc_file(FMODE_READ, fops_get(&uverbs_event_fops));
689 	if (IS_ERR(filp))
690 		goto err_put_refs;
691 	filp->private_data = ev_file;
692 
693 	mutex_lock(&uverbs_file->device->lists_mutex);
694 	list_add_tail(&ev_file->list,
695 		      &uverbs_file->device->uverbs_events_file_list);
696 	mutex_unlock(&uverbs_file->device->lists_mutex);
697 
698 	if (is_async) {
699 		WARN_ON(uverbs_file->async_file);
700 		uverbs_file->async_file = ev_file;
701 		kref_get(&uverbs_file->async_file->ref);
702 		INIT_IB_EVENT_HANDLER(&uverbs_file->event_handler,
703 				      ib_dev,
704 				      ib_uverbs_event_handler);
705 		ret = ib_register_event_handler(&uverbs_file->event_handler);
706 		if (ret)
707 			goto err_put_file;
708 
709 		/* At that point async file stuff was fully set */
710 		ev_file->is_async = 1;
711 	}
712 
713 	return filp;
714 
715 err_put_file:
716 	fput(filp);
717 	kref_put(&uverbs_file->async_file->ref, ib_uverbs_release_event_file);
718 	uverbs_file->async_file = NULL;
719 	return ERR_PTR(ret);
720 
721 err_put_refs:
722 	kref_put(&ev_file->uverbs_file->ref, ib_uverbs_release_file);
723 	kref_put(&ev_file->ref, ib_uverbs_release_event_file);
724 	return filp;
725 }
726 
727 /*
728  * Look up a completion event file by FD.  If lookup is successful,
729  * takes a ref to the event file struct that it returns; if
730  * unsuccessful, returns NULL.
731  */
ib_uverbs_lookup_comp_file(int fd)732 struct ib_uverbs_event_file *ib_uverbs_lookup_comp_file(int fd)
733 {
734 	struct ib_uverbs_event_file *ev_file = NULL;
735 	struct fd f = fdget(fd);
736 
737 	if (!f.file)
738 		return NULL;
739 
740 	if (f.file->f_op != &uverbs_event_fops)
741 		goto out;
742 
743 	ev_file = f.file->private_data;
744 	if (ev_file->is_async) {
745 		ev_file = NULL;
746 		goto out;
747 	}
748 
749 	kref_get(&ev_file->ref);
750 
751 out:
752 	fdput(f);
753 	return ev_file;
754 }
755 
verify_command_mask(struct ib_device * ib_dev,__u32 command)756 static int verify_command_mask(struct ib_device *ib_dev, __u32 command)
757 {
758 	u64 mask;
759 
760 	if (command <= IB_USER_VERBS_CMD_OPEN_QP)
761 		mask = ib_dev->uverbs_cmd_mask;
762 	else
763 		mask = ib_dev->uverbs_ex_cmd_mask;
764 
765 	if (mask & ((u64)1 << command))
766 		return 0;
767 
768 	return -1;
769 }
770 
ib_uverbs_write(struct file * filp,const char __user * buf,size_t count,loff_t * pos)771 static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf,
772 			     size_t count, loff_t *pos)
773 {
774 	struct ib_uverbs_file *file = filp->private_data;
775 	struct ib_device *ib_dev;
776 	struct ib_uverbs_cmd_hdr hdr;
777 	__u32 command;
778 	__u32 flags;
779 	int srcu_key;
780 	ssize_t ret;
781 
782 	if (WARN_ON_ONCE(!ib_safe_file_access(filp)))
783 		return -EACCES;
784 
785 	if (count < sizeof hdr)
786 		return -EINVAL;
787 
788 	if (copy_from_user(&hdr, buf, sizeof hdr))
789 		return -EFAULT;
790 
791 	srcu_key = srcu_read_lock(&file->device->disassociate_srcu);
792 	ib_dev = srcu_dereference(file->device->ib_dev,
793 				  &file->device->disassociate_srcu);
794 	if (!ib_dev) {
795 		ret = -EIO;
796 		goto out;
797 	}
798 
799 	if (hdr.command & ~(__u32)(IB_USER_VERBS_CMD_FLAGS_MASK |
800 				   IB_USER_VERBS_CMD_COMMAND_MASK)) {
801 		ret = -EINVAL;
802 		goto out;
803 	}
804 
805 	command = hdr.command & IB_USER_VERBS_CMD_COMMAND_MASK;
806 	if (verify_command_mask(ib_dev, command)) {
807 		ret = -EOPNOTSUPP;
808 		goto out;
809 	}
810 
811 	if (!file->ucontext &&
812 	    command != IB_USER_VERBS_CMD_GET_CONTEXT) {
813 		ret = -EINVAL;
814 		goto out;
815 	}
816 
817 	flags = (hdr.command &
818 		 IB_USER_VERBS_CMD_FLAGS_MASK) >> IB_USER_VERBS_CMD_FLAGS_SHIFT;
819 
820 	if (!flags) {
821 		if (command >= ARRAY_SIZE(uverbs_cmd_table) ||
822 		    !uverbs_cmd_table[command]) {
823 			ret = -EINVAL;
824 			goto out;
825 		}
826 
827 		if (hdr.in_words * 4 != count) {
828 			ret = -EINVAL;
829 			goto out;
830 		}
831 
832 		ret = uverbs_cmd_table[command](file, ib_dev,
833 						 buf + sizeof(hdr),
834 						 hdr.in_words * 4,
835 						 hdr.out_words * 4);
836 
837 	} else if (flags == IB_USER_VERBS_CMD_FLAG_EXTENDED) {
838 		struct ib_uverbs_ex_cmd_hdr ex_hdr;
839 		struct ib_udata ucore;
840 		struct ib_udata uhw;
841 		size_t written_count = count;
842 
843 		if (command >= ARRAY_SIZE(uverbs_ex_cmd_table) ||
844 		    !uverbs_ex_cmd_table[command]) {
845 			ret = -ENOSYS;
846 			goto out;
847 		}
848 
849 		if (!file->ucontext) {
850 			ret = -EINVAL;
851 			goto out;
852 		}
853 
854 		if (count < (sizeof(hdr) + sizeof(ex_hdr))) {
855 			ret = -EINVAL;
856 			goto out;
857 		}
858 
859 		if (copy_from_user(&ex_hdr, buf + sizeof(hdr), sizeof(ex_hdr))) {
860 			ret = -EFAULT;
861 			goto out;
862 		}
863 
864 		count -= sizeof(hdr) + sizeof(ex_hdr);
865 		buf += sizeof(hdr) + sizeof(ex_hdr);
866 
867 		if ((hdr.in_words + ex_hdr.provider_in_words) * 8 != count) {
868 			ret = -EINVAL;
869 			goto out;
870 		}
871 
872 		if (ex_hdr.cmd_hdr_reserved) {
873 			ret = -EINVAL;
874 			goto out;
875 		}
876 
877 		if (ex_hdr.response) {
878 			if (!hdr.out_words && !ex_hdr.provider_out_words) {
879 				ret = -EINVAL;
880 				goto out;
881 			}
882 
883 			if (!access_ok((void __user *) (unsigned long) ex_hdr.response,
884 				       (hdr.out_words + ex_hdr.provider_out_words) * 8)) {
885 				ret = -EFAULT;
886 				goto out;
887 			}
888 		} else {
889 			if (hdr.out_words || ex_hdr.provider_out_words) {
890 				ret = -EINVAL;
891 				goto out;
892 			}
893 		}
894 
895 		ib_uverbs_init_udata_buf_or_null(&ucore, buf,
896 				       u64_to_user_ptr(ex_hdr.response),
897 				       hdr.in_words * 8, hdr.out_words * 8);
898 
899 		ib_uverbs_init_udata_buf_or_null(&uhw,
900 				       buf + ucore.inlen,
901 				       u64_to_user_ptr(ex_hdr.response + ucore.outlen),
902 				       ex_hdr.provider_in_words * 8,
903 				       ex_hdr.provider_out_words * 8);
904 
905 		ret = uverbs_ex_cmd_table[command](file,
906 						   ib_dev,
907 						   &ucore,
908 						   &uhw);
909 		if (!ret)
910 			ret = written_count;
911 	} else {
912 		ret = -ENOSYS;
913 	}
914 
915 out:
916 	srcu_read_unlock(&file->device->disassociate_srcu, srcu_key);
917 	return ret;
918 }
919 
ib_uverbs_mmap(struct file * filp,struct vm_area_struct * vma)920 static int ib_uverbs_mmap(struct file *filp, struct vm_area_struct *vma)
921 {
922 	struct ib_uverbs_file *file = filp->private_data;
923 	struct ib_device *ib_dev;
924 	int ret = 0;
925 	int srcu_key;
926 
927 	srcu_key = srcu_read_lock(&file->device->disassociate_srcu);
928 	ib_dev = srcu_dereference(file->device->ib_dev,
929 				  &file->device->disassociate_srcu);
930 	if (!ib_dev) {
931 		ret = -EIO;
932 		goto out;
933 	}
934 
935 	if (!file->ucontext)
936 		ret = -ENODEV;
937 	else
938 		ret = ib_dev->mmap(file->ucontext, vma);
939 out:
940 	srcu_read_unlock(&file->device->disassociate_srcu, srcu_key);
941 	return ret;
942 }
943 
944 /*
945  * ib_uverbs_open() does not need the BKL:
946  *
947  *  - the ib_uverbs_device structures are properly reference counted and
948  *    everything else is purely local to the file being created, so
949  *    races against other open calls are not a problem;
950  *  - there is no ioctl method to race against;
951  *  - the open method will either immediately run -ENXIO, or all
952  *    required initialization will be done.
953  */
ib_uverbs_open(struct inode * inode,struct file * filp)954 static int ib_uverbs_open(struct inode *inode, struct file *filp)
955 {
956 	struct ib_uverbs_device *dev;
957 	struct ib_uverbs_file *file;
958 	struct ib_device *ib_dev;
959 	int ret;
960 	int module_dependent;
961 	int srcu_key;
962 
963 	dev = container_of(inode->i_cdev->si_drv1, struct ib_uverbs_device, cdev);
964 	if (!atomic_inc_not_zero(&dev->refcount))
965 		return -ENXIO;
966 
967 	srcu_key = srcu_read_lock(&dev->disassociate_srcu);
968 	mutex_lock(&dev->lists_mutex);
969 	ib_dev = srcu_dereference(dev->ib_dev,
970 				  &dev->disassociate_srcu);
971 	if (!ib_dev) {
972 		ret = -EIO;
973 		goto err;
974 	}
975 
976 	/* In case IB device supports disassociate ucontext, there is no hard
977 	 * dependency between uverbs device and its low level device.
978 	 */
979 	module_dependent = !(ib_dev->disassociate_ucontext);
980 
981 	if (module_dependent) {
982 		if (!try_module_get(ib_dev->owner)) {
983 			ret = -ENODEV;
984 			goto err;
985 		}
986 	}
987 
988 	file = kzalloc(sizeof(*file), GFP_KERNEL);
989 	if (!file) {
990 		ret = -ENOMEM;
991 		if (module_dependent)
992 			goto err_module;
993 
994 		goto err;
995 	}
996 
997 	file->device	 = dev;
998 	file->ucontext	 = NULL;
999 	file->async_file = NULL;
1000 	kref_init(&file->ref);
1001 	mutex_init(&file->mutex);
1002 	mutex_init(&file->cleanup_mutex);
1003 
1004 	filp->private_data = file;
1005 	kobject_get(&dev->kobj);
1006 	list_add_tail(&file->list, &dev->uverbs_file_list);
1007 	mutex_unlock(&dev->lists_mutex);
1008 	srcu_read_unlock(&dev->disassociate_srcu, srcu_key);
1009 
1010 	return nonseekable_open(inode, filp);
1011 
1012 err_module:
1013 	module_put(ib_dev->owner);
1014 
1015 err:
1016 	mutex_unlock(&dev->lists_mutex);
1017 	srcu_read_unlock(&dev->disassociate_srcu, srcu_key);
1018 	if (atomic_dec_and_test(&dev->refcount))
1019 		ib_uverbs_comp_dev(dev);
1020 
1021 	return ret;
1022 }
1023 
ib_uverbs_close(struct inode * inode,struct file * filp)1024 static int ib_uverbs_close(struct inode *inode, struct file *filp)
1025 {
1026 	struct ib_uverbs_file *file = filp->private_data;
1027 	struct ib_uverbs_device *dev = file->device;
1028 
1029 	mutex_lock(&file->cleanup_mutex);
1030 	if (file->ucontext) {
1031 		ib_uverbs_cleanup_ucontext(file, file->ucontext);
1032 		file->ucontext = NULL;
1033 	}
1034 	mutex_unlock(&file->cleanup_mutex);
1035 
1036 	mutex_lock(&file->device->lists_mutex);
1037 	if (!file->is_closed) {
1038 		list_del(&file->list);
1039 		file->is_closed = 1;
1040 	}
1041 	mutex_unlock(&file->device->lists_mutex);
1042 
1043 	if (file->async_file)
1044 		kref_put(&file->async_file->ref, ib_uverbs_release_event_file);
1045 
1046 	kref_put(&file->ref, ib_uverbs_release_file);
1047 	kobject_put(&dev->kobj);
1048 
1049 	return 0;
1050 }
1051 
1052 static const struct file_operations uverbs_fops = {
1053 	.owner	 = THIS_MODULE,
1054 	.write	 = ib_uverbs_write,
1055 	.open	 = ib_uverbs_open,
1056 	.release = ib_uverbs_close,
1057 	.llseek	 = no_llseek,
1058 };
1059 
1060 static const struct file_operations uverbs_mmap_fops = {
1061 	.owner	 = THIS_MODULE,
1062 	.write	 = ib_uverbs_write,
1063 	.mmap    = ib_uverbs_mmap,
1064 	.open	 = ib_uverbs_open,
1065 	.release = ib_uverbs_close,
1066 	.llseek	 = no_llseek,
1067 };
1068 
1069 static struct ib_client uverbs_client = {
1070 	.name   = "uverbs",
1071 	.add    = ib_uverbs_add_one,
1072 	.remove = ib_uverbs_remove_one
1073 };
1074 
show_ibdev(struct device * device,struct device_attribute * attr,char * buf)1075 static ssize_t show_ibdev(struct device *device, struct device_attribute *attr,
1076 			  char *buf)
1077 {
1078 	int ret = -ENODEV;
1079 	int srcu_key;
1080 	struct ib_uverbs_device *dev = dev_get_drvdata(device);
1081 	struct ib_device *ib_dev;
1082 
1083 	if (!dev)
1084 		return -ENODEV;
1085 
1086 	srcu_key = srcu_read_lock(&dev->disassociate_srcu);
1087 	ib_dev = srcu_dereference(dev->ib_dev, &dev->disassociate_srcu);
1088 	if (ib_dev)
1089 		ret = sprintf(buf, "%s\n", ib_dev->name);
1090 	srcu_read_unlock(&dev->disassociate_srcu, srcu_key);
1091 
1092 	return ret;
1093 }
1094 static DEVICE_ATTR(ibdev, S_IRUGO, show_ibdev, NULL);
1095 
show_dev_abi_version(struct device * device,struct device_attribute * attr,char * buf)1096 static ssize_t show_dev_abi_version(struct device *device,
1097 				    struct device_attribute *attr, char *buf)
1098 {
1099 	struct ib_uverbs_device *dev = dev_get_drvdata(device);
1100 	int ret = -ENODEV;
1101 	int srcu_key;
1102 	struct ib_device *ib_dev;
1103 
1104 	if (!dev)
1105 		return -ENODEV;
1106 	srcu_key = srcu_read_lock(&dev->disassociate_srcu);
1107 	ib_dev = srcu_dereference(dev->ib_dev, &dev->disassociate_srcu);
1108 	if (ib_dev)
1109 		ret = sprintf(buf, "%d\n", ib_dev->uverbs_abi_ver);
1110 	srcu_read_unlock(&dev->disassociate_srcu, srcu_key);
1111 
1112 	return ret;
1113 }
1114 static DEVICE_ATTR(abi_version, S_IRUGO, show_dev_abi_version, NULL);
1115 
1116 static CLASS_ATTR_STRING(abi_version, S_IRUGO,
1117 			 __stringify(IB_USER_VERBS_ABI_VERSION));
1118 
1119 static dev_t overflow_maj;
1120 static DECLARE_BITMAP(overflow_map, IB_UVERBS_MAX_DEVICES);
1121 
1122 /*
1123  * If we have more than IB_UVERBS_MAX_DEVICES, dynamically overflow by
1124  * requesting a new major number and doubling the number of max devices we
1125  * support. It's stupid, but simple.
1126  */
find_overflow_devnum(void)1127 static int find_overflow_devnum(void)
1128 {
1129 	int ret;
1130 
1131 	if (!overflow_maj) {
1132 		ret = alloc_chrdev_region(&overflow_maj, 0, IB_UVERBS_MAX_DEVICES,
1133 					  "infiniband_verbs");
1134 		if (ret) {
1135 			pr_err("user_verbs: couldn't register dynamic device number\n");
1136 			return ret;
1137 		}
1138 	}
1139 
1140 	ret = find_first_zero_bit(overflow_map, IB_UVERBS_MAX_DEVICES);
1141 	if (ret >= IB_UVERBS_MAX_DEVICES)
1142 		return -1;
1143 
1144 	return ret;
1145 }
1146 
1147 static ssize_t
show_dev_device(struct device * device,struct device_attribute * attr,char * buf)1148 show_dev_device(struct device *device, struct device_attribute *attr, char *buf)
1149 {
1150 	struct ib_uverbs_device *dev = dev_get_drvdata(device);
1151 
1152 	if (!dev || !dev->ib_dev->dma_device)
1153 		return -ENODEV;
1154 
1155 	return sprintf(buf, "0x%04x\n",
1156 	    ((struct pci_dev *)dev->ib_dev->dma_device)->device);
1157 }
1158 static DEVICE_ATTR(device, S_IRUGO, show_dev_device, NULL);
1159 
1160 static ssize_t
show_dev_vendor(struct device * device,struct device_attribute * attr,char * buf)1161 show_dev_vendor(struct device *device, struct device_attribute *attr, char *buf)
1162 {
1163 	struct ib_uverbs_device *dev = dev_get_drvdata(device);
1164 
1165 	if (!dev || !dev->ib_dev->dma_device)
1166 		return -ENODEV;
1167 
1168 	return sprintf(buf, "0x%04x\n",
1169 	    ((struct pci_dev *)dev->ib_dev->dma_device)->vendor);
1170 }
1171 static DEVICE_ATTR(vendor, S_IRUGO, show_dev_vendor, NULL);
1172 
1173 struct attribute *device_attrs[] =
1174 {
1175 	&dev_attr_device.attr,
1176 	&dev_attr_vendor.attr,
1177 	NULL
1178 };
1179 
1180 static struct attribute_group device_group = {
1181         .name  = "device",
1182         .attrs  = device_attrs
1183 };
1184 
ib_uverbs_add_one(struct ib_device * device)1185 static void ib_uverbs_add_one(struct ib_device *device)
1186 {
1187 	int devnum;
1188 	dev_t base;
1189 	struct ib_uverbs_device *uverbs_dev;
1190 	int ret;
1191 
1192 	if (!device->alloc_ucontext)
1193 		return;
1194 
1195 	uverbs_dev = kzalloc(sizeof *uverbs_dev, GFP_KERNEL);
1196 	if (!uverbs_dev)
1197 		return;
1198 
1199 	ret = init_srcu_struct(&uverbs_dev->disassociate_srcu);
1200 	if (ret) {
1201 		kfree(uverbs_dev);
1202 		return;
1203 	}
1204 
1205 	atomic_set(&uverbs_dev->refcount, 1);
1206 	init_completion(&uverbs_dev->comp);
1207 	uverbs_dev->xrcd_tree = RB_ROOT;
1208 	mutex_init(&uverbs_dev->xrcd_tree_mutex);
1209 	kobject_init(&uverbs_dev->kobj, &ib_uverbs_dev_ktype);
1210 	mutex_init(&uverbs_dev->lists_mutex);
1211 	INIT_LIST_HEAD(&uverbs_dev->uverbs_file_list);
1212 	INIT_LIST_HEAD(&uverbs_dev->uverbs_events_file_list);
1213 
1214 	spin_lock(&map_lock);
1215 	devnum = find_first_zero_bit(dev_map, IB_UVERBS_MAX_DEVICES);
1216 	if (devnum >= IB_UVERBS_MAX_DEVICES) {
1217 		spin_unlock(&map_lock);
1218 		devnum = find_overflow_devnum();
1219 		if (devnum < 0)
1220 			goto err;
1221 
1222 		spin_lock(&map_lock);
1223 		uverbs_dev->devnum = devnum + IB_UVERBS_MAX_DEVICES;
1224 		base = devnum + overflow_maj;
1225 		set_bit(devnum, overflow_map);
1226 	} else {
1227 		uverbs_dev->devnum = devnum;
1228 		base = devnum + IB_UVERBS_BASE_DEV;
1229 		set_bit(devnum, dev_map);
1230 	}
1231 	spin_unlock(&map_lock);
1232 
1233 	rcu_assign_pointer(uverbs_dev->ib_dev, device);
1234 	uverbs_dev->num_comp_vectors = device->num_comp_vectors;
1235 
1236 	cdev_init(&uverbs_dev->cdev, NULL);
1237 	uverbs_dev->cdev.owner = THIS_MODULE;
1238 	uverbs_dev->cdev.ops = device->mmap ? &uverbs_mmap_fops : &uverbs_fops;
1239 	uverbs_dev->cdev.kobj.parent = &uverbs_dev->kobj;
1240 	kobject_set_name(&uverbs_dev->cdev.kobj, "uverbs%d", uverbs_dev->devnum);
1241 	if (cdev_add(&uverbs_dev->cdev, base, 1))
1242 		goto err_cdev;
1243 
1244 	uverbs_dev->dev = device_create(uverbs_class, device->dma_device,
1245 					uverbs_dev->cdev.dev, uverbs_dev,
1246 					"uverbs%d", uverbs_dev->devnum);
1247 	if (IS_ERR(uverbs_dev->dev))
1248 		goto err_cdev;
1249 
1250 	if (device_create_file(uverbs_dev->dev, &dev_attr_ibdev))
1251 		goto err_class;
1252 	if (device_create_file(uverbs_dev->dev, &dev_attr_abi_version))
1253 		goto err_class;
1254 	if (sysfs_create_group(&uverbs_dev->dev->kobj, &device_group))
1255 		goto err_class;
1256 
1257 	ib_set_client_data(device, &uverbs_client, uverbs_dev);
1258 
1259 	return;
1260 
1261 err_class:
1262 	device_destroy(uverbs_class, uverbs_dev->cdev.dev);
1263 
1264 err_cdev:
1265 	cdev_del(&uverbs_dev->cdev);
1266 	if (uverbs_dev->devnum < IB_UVERBS_MAX_DEVICES)
1267 		clear_bit(devnum, dev_map);
1268 	else
1269 		clear_bit(devnum, overflow_map);
1270 
1271 err:
1272 	if (atomic_dec_and_test(&uverbs_dev->refcount))
1273 		ib_uverbs_comp_dev(uverbs_dev);
1274 	wait_for_completion(&uverbs_dev->comp);
1275 	kobject_put(&uverbs_dev->kobj);
1276 	return;
1277 }
1278 
ib_uverbs_free_hw_resources(struct ib_uverbs_device * uverbs_dev,struct ib_device * ib_dev)1279 static void ib_uverbs_free_hw_resources(struct ib_uverbs_device *uverbs_dev,
1280 					struct ib_device *ib_dev)
1281 {
1282 	struct ib_uverbs_file *file;
1283 	struct ib_uverbs_event_file *event_file;
1284 	struct ib_event event;
1285 
1286 	/* Pending running commands to terminate */
1287 	synchronize_srcu(&uverbs_dev->disassociate_srcu);
1288 	event.event = IB_EVENT_DEVICE_FATAL;
1289 	event.element.port_num = 0;
1290 	event.device = ib_dev;
1291 
1292 	mutex_lock(&uverbs_dev->lists_mutex);
1293 	while (!list_empty(&uverbs_dev->uverbs_file_list)) {
1294 		struct ib_ucontext *ucontext;
1295 		file = list_first_entry(&uverbs_dev->uverbs_file_list,
1296 					struct ib_uverbs_file, list);
1297 		file->is_closed = 1;
1298 		list_del(&file->list);
1299 		kref_get(&file->ref);
1300 		mutex_unlock(&uverbs_dev->lists_mutex);
1301 
1302 
1303 		mutex_lock(&file->cleanup_mutex);
1304 		ucontext = file->ucontext;
1305 		file->ucontext = NULL;
1306 		mutex_unlock(&file->cleanup_mutex);
1307 
1308 		/* At this point ib_uverbs_close cannot be running
1309 		 * ib_uverbs_cleanup_ucontext
1310 		 */
1311 		if (ucontext) {
1312 			/* We must release the mutex before going ahead and
1313 			 * calling disassociate_ucontext. disassociate_ucontext
1314 			 * might end up indirectly calling uverbs_close,
1315 			 * for example due to freeing the resources
1316 			 * (e.g mmput).
1317 			 */
1318 			ib_uverbs_event_handler(&file->event_handler, &event);
1319 			ib_dev->disassociate_ucontext(ucontext);
1320 			ib_uverbs_cleanup_ucontext(file, ucontext);
1321 		}
1322 
1323 		mutex_lock(&uverbs_dev->lists_mutex);
1324 		kref_put(&file->ref, ib_uverbs_release_file);
1325 	}
1326 
1327 	while (!list_empty(&uverbs_dev->uverbs_events_file_list)) {
1328 		event_file = list_first_entry(&uverbs_dev->
1329 					      uverbs_events_file_list,
1330 					      struct ib_uverbs_event_file,
1331 					      list);
1332 		spin_lock_irq(&event_file->lock);
1333 		event_file->is_closed = 1;
1334 		spin_unlock_irq(&event_file->lock);
1335 
1336 		list_del(&event_file->list);
1337 		if (event_file->is_async) {
1338 			ib_unregister_event_handler(&event_file->uverbs_file->
1339 						    event_handler);
1340 			event_file->uverbs_file->event_handler.device = NULL;
1341 		}
1342 
1343 		wake_up_interruptible(&event_file->poll_wait);
1344 		kill_fasync(&event_file->async_queue, SIGIO, POLL_IN);
1345 	}
1346 	mutex_unlock(&uverbs_dev->lists_mutex);
1347 }
1348 
ib_uverbs_remove_one(struct ib_device * device,void * client_data)1349 static void ib_uverbs_remove_one(struct ib_device *device, void *client_data)
1350 {
1351 	struct ib_uverbs_device *uverbs_dev = client_data;
1352 	int wait_clients = 1;
1353 
1354 	if (!uverbs_dev)
1355 		return;
1356 
1357 	sysfs_remove_group(&uverbs_dev->dev->kobj, &device_group);
1358 	dev_set_drvdata(uverbs_dev->dev, NULL);
1359 	device_destroy(uverbs_class, uverbs_dev->cdev.dev);
1360 	cdev_del(&uverbs_dev->cdev);
1361 
1362 	if (uverbs_dev->devnum < IB_UVERBS_MAX_DEVICES)
1363 		clear_bit(uverbs_dev->devnum, dev_map);
1364 	else
1365 		clear_bit(uverbs_dev->devnum - IB_UVERBS_MAX_DEVICES, overflow_map);
1366 
1367 	if (device->disassociate_ucontext) {
1368 		/* We disassociate HW resources and immediately return.
1369 		 * Userspace will see a EIO errno for all future access.
1370 		 * Upon returning, ib_device may be freed internally and is not
1371 		 * valid any more.
1372 		 * uverbs_device is still available until all clients close
1373 		 * their files, then the uverbs device ref count will be zero
1374 		 * and its resources will be freed.
1375 		 * Note: At this point no more files can be opened since the
1376 		 * cdev was deleted, however active clients can still issue
1377 		 * commands and close their open files.
1378 		 */
1379 		rcu_assign_pointer(uverbs_dev->ib_dev, NULL);
1380 		ib_uverbs_free_hw_resources(uverbs_dev, device);
1381 		wait_clients = 0;
1382 	}
1383 
1384 	if (atomic_dec_and_test(&uverbs_dev->refcount))
1385 		ib_uverbs_comp_dev(uverbs_dev);
1386 	if (wait_clients)
1387 		wait_for_completion(&uverbs_dev->comp);
1388 	kobject_put(&uverbs_dev->kobj);
1389 }
1390 
uverbs_devnode(struct device * dev,umode_t * mode)1391 static char *uverbs_devnode(struct device *dev, umode_t *mode)
1392 {
1393 	if (mode)
1394 		*mode = 0666;
1395 	return kasprintf(GFP_KERNEL, "infiniband/%s", dev_name(dev));
1396 }
1397 
ib_uverbs_init(void)1398 static int __init ib_uverbs_init(void)
1399 {
1400 	int ret;
1401 
1402 	ret = register_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES,
1403 				     "infiniband_verbs");
1404 	if (ret) {
1405 		pr_err("user_verbs: couldn't register device number\n");
1406 		goto out;
1407 	}
1408 
1409 	uverbs_class = class_create(THIS_MODULE, "infiniband_verbs");
1410 	if (IS_ERR(uverbs_class)) {
1411 		ret = PTR_ERR(uverbs_class);
1412 		pr_err("user_verbs: couldn't create class infiniband_verbs\n");
1413 		goto out_chrdev;
1414 	}
1415 
1416 	uverbs_class->devnode = uverbs_devnode;
1417 
1418 	ret = class_create_file(uverbs_class, &class_attr_abi_version.attr);
1419 	if (ret) {
1420 		pr_err("user_verbs: couldn't create abi_version attribute\n");
1421 		goto out_class;
1422 	}
1423 
1424 	ret = ib_register_client(&uverbs_client);
1425 	if (ret) {
1426 		pr_err("user_verbs: couldn't register client\n");
1427 		goto out_class;
1428 	}
1429 
1430 	return 0;
1431 
1432 out_class:
1433 	class_destroy(uverbs_class);
1434 
1435 out_chrdev:
1436 	unregister_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES);
1437 
1438 out:
1439 	return ret;
1440 }
1441 
ib_uverbs_cleanup(void)1442 static void __exit ib_uverbs_cleanup(void)
1443 {
1444 	ib_unregister_client(&uverbs_client);
1445 	class_destroy(uverbs_class);
1446 	unregister_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES);
1447 	if (overflow_maj)
1448 		unregister_chrdev_region(overflow_maj, IB_UVERBS_MAX_DEVICES);
1449 	idr_destroy(&ib_uverbs_pd_idr);
1450 	idr_destroy(&ib_uverbs_mr_idr);
1451 	idr_destroy(&ib_uverbs_mw_idr);
1452 	idr_destroy(&ib_uverbs_ah_idr);
1453 	idr_destroy(&ib_uverbs_cq_idr);
1454 	idr_destroy(&ib_uverbs_qp_idr);
1455 	idr_destroy(&ib_uverbs_srq_idr);
1456 }
1457 
1458 module_init_order(ib_uverbs_init, SI_ORDER_FIFTH);
1459 module_exit_order(ib_uverbs_cleanup, SI_ORDER_FIFTH);
1460