Commit 9ead190b authored by Roland Dreier's avatar Roland Dreier

IB/uverbs: Don't serialize with ib_uverbs_idr_mutex

Currently, all userspace verbs operations that call into the kernel
are serialized by ib_uverbs_idr_mutex.  This can be a scalability
issue for some workloads, especially for devices driven by the ipath
driver, which needs to call into the kernel even for datapath
operations.

Fix this by adding reference counts to the userspace objects, and then
converting ib_uverbs_idr_mutex into a spinlock that only protects the
idrs long enough to take a reference on the object being looked up.
Because remove operations may fail, we have to do a slightly funky
two-step deletion, which is described in the comments at the top of
uverbs_cmd.c.

This also still leaves ib_uverbs_idr_lock as a single lock that is
possibly subject to contention.  However, the lock hold time will only
be a single idr operation, so multiple threads should still be able to
make progress, even if ib_uverbs_idr_lock is being ping-ponged.

Surprisingly, these changes even shrink the object code:

add/remove: 23/5 grow/shrink: 4/21 up/down: 633/-693 (-60)
Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
parent c93b6fba
...@@ -132,7 +132,7 @@ struct ib_ucq_object { ...@@ -132,7 +132,7 @@ struct ib_ucq_object {
u32 async_events_reported; u32 async_events_reported;
}; };
extern struct mutex ib_uverbs_idr_mutex; extern spinlock_t ib_uverbs_idr_lock;
extern struct idr ib_uverbs_pd_idr; extern struct idr ib_uverbs_pd_idr;
extern struct idr ib_uverbs_mr_idr; extern struct idr ib_uverbs_mr_idr;
extern struct idr ib_uverbs_mw_idr; extern struct idr ib_uverbs_mw_idr;
...@@ -141,6 +141,8 @@ extern struct idr ib_uverbs_cq_idr; ...@@ -141,6 +141,8 @@ extern struct idr ib_uverbs_cq_idr;
extern struct idr ib_uverbs_qp_idr; extern struct idr ib_uverbs_qp_idr;
extern struct idr ib_uverbs_srq_idr; extern struct idr ib_uverbs_srq_idr;
void idr_remove_uobj(struct idr *idp, struct ib_uobject *uobj);
struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file, struct file *ib_uverbs_alloc_event_file(struct ib_uverbs_file *uverbs_file,
int is_async, int *fd); int is_async, int *fd);
void ib_uverbs_release_event_file(struct kref *ref); void ib_uverbs_release_event_file(struct kref *ref);
......
...@@ -50,7 +50,64 @@ ...@@ -50,7 +50,64 @@
(udata)->outlen = (olen); \ (udata)->outlen = (olen); \
} while (0) } while (0)
static int idr_add_uobj(struct idr *idr, void *obj, struct ib_uobject *uobj) /*
* The ib_uobject locking scheme is as follows:
*
* - ib_uverbs_idr_lock protects the uverbs idrs themselves, so it
* needs to be held during all idr operations. When an object is
* looked up, a reference must be taken on the object's kref before
* dropping this lock.
*
* - Each object also has an rwsem. This rwsem must be held for
* reading while an operation that uses the object is performed.
* For example, while registering an MR, the associated PD's
* uobject.mutex must be held for reading. The rwsem must be held
* for writing while initializing or destroying an object.
*
* - In addition, each object has a "live" flag. If this flag is not
* set, then lookups of the object will fail even if it is found in
* the idr. This handles a reader that blocks and does not acquire
* the rwsem until after the object is destroyed. The destroy
* operation will set the live flag to 0 and then drop the rwsem;
* this will allow the reader to acquire the rwsem, see that the
* live flag is 0, and then drop the rwsem and its reference to
* object. The underlying storage will not be freed until the last
* reference to the object is dropped.
*/
static void init_uobj(struct ib_uobject *uobj, u64 user_handle,
struct ib_ucontext *context)
{
uobj->user_handle = user_handle;
uobj->context = context;
kref_init(&uobj->ref);
init_rwsem(&uobj->mutex);
uobj->live = 0;
}
static void release_uobj(struct kref *kref)
{
kfree(container_of(kref, struct ib_uobject, ref));
}
static void put_uobj(struct ib_uobject *uobj)
{
kref_put(&uobj->ref, release_uobj);
}
static void put_uobj_read(struct ib_uobject *uobj)
{
up_read(&uobj->mutex);
put_uobj(uobj);
}
static void put_uobj_write(struct ib_uobject *uobj)
{
up_write(&uobj->mutex);
put_uobj(uobj);
}
static int idr_add_uobj(struct idr *idr, struct ib_uobject *uobj)
{ {
int ret; int ret;
...@@ -58,7 +115,9 @@ static int idr_add_uobj(struct idr *idr, void *obj, struct ib_uobject *uobj) ...@@ -58,7 +115,9 @@ static int idr_add_uobj(struct idr *idr, void *obj, struct ib_uobject *uobj)
if (!idr_pre_get(idr, GFP_KERNEL)) if (!idr_pre_get(idr, GFP_KERNEL))
return -ENOMEM; return -ENOMEM;
spin_lock(&ib_uverbs_idr_lock);
ret = idr_get_new(idr, uobj, &uobj->id); ret = idr_get_new(idr, uobj, &uobj->id);
spin_unlock(&ib_uverbs_idr_lock);
if (ret == -EAGAIN) if (ret == -EAGAIN)
goto retry; goto retry;
...@@ -66,6 +125,121 @@ static int idr_add_uobj(struct idr *idr, void *obj, struct ib_uobject *uobj) ...@@ -66,6 +125,121 @@ static int idr_add_uobj(struct idr *idr, void *obj, struct ib_uobject *uobj)
return ret; return ret;
} }
void idr_remove_uobj(struct idr *idr, struct ib_uobject *uobj)
{
spin_lock(&ib_uverbs_idr_lock);
idr_remove(idr, uobj->id);
spin_unlock(&ib_uverbs_idr_lock);
}
static struct ib_uobject *__idr_get_uobj(struct idr *idr, int id,
struct ib_ucontext *context)
{
struct ib_uobject *uobj;
spin_lock(&ib_uverbs_idr_lock);
uobj = idr_find(idr, id);
if (uobj)
kref_get(&uobj->ref);
spin_unlock(&ib_uverbs_idr_lock);
return uobj;
}
static struct ib_uobject *idr_read_uobj(struct idr *idr, int id,
struct ib_ucontext *context)
{
struct ib_uobject *uobj;
uobj = __idr_get_uobj(idr, id, context);
if (!uobj)
return NULL;
down_read(&uobj->mutex);
if (!uobj->live) {
put_uobj_read(uobj);
return NULL;
}
return uobj;
}
static struct ib_uobject *idr_write_uobj(struct idr *idr, int id,
struct ib_ucontext *context)
{
struct ib_uobject *uobj;
uobj = __idr_get_uobj(idr, id, context);
if (!uobj)
return NULL;
down_write(&uobj->mutex);
if (!uobj->live) {
put_uobj_write(uobj);
return NULL;
}
return uobj;
}
static void *idr_read_obj(struct idr *idr, int id, struct ib_ucontext *context)
{
struct ib_uobject *uobj;
uobj = idr_read_uobj(idr, id, context);
return uobj ? uobj->object : NULL;
}
static struct ib_pd *idr_read_pd(int pd_handle, struct ib_ucontext *context)
{
return idr_read_obj(&ib_uverbs_pd_idr, pd_handle, context);
}
static void put_pd_read(struct ib_pd *pd)
{
put_uobj_read(pd->uobject);
}
static struct ib_cq *idr_read_cq(int cq_handle, struct ib_ucontext *context)
{
return idr_read_obj(&ib_uverbs_cq_idr, cq_handle, context);
}
static void put_cq_read(struct ib_cq *cq)
{
put_uobj_read(cq->uobject);
}
static struct ib_ah *idr_read_ah(int ah_handle, struct ib_ucontext *context)
{
return idr_read_obj(&ib_uverbs_ah_idr, ah_handle, context);
}
static void put_ah_read(struct ib_ah *ah)
{
put_uobj_read(ah->uobject);
}
static struct ib_qp *idr_read_qp(int qp_handle, struct ib_ucontext *context)
{
return idr_read_obj(&ib_uverbs_qp_idr, qp_handle, context);
}
static void put_qp_read(struct ib_qp *qp)
{
put_uobj_read(qp->uobject);
}
static struct ib_srq *idr_read_srq(int srq_handle, struct ib_ucontext *context)
{
return idr_read_obj(&ib_uverbs_srq_idr, srq_handle, context);
}
static void put_srq_read(struct ib_srq *srq)
{
put_uobj_read(srq->uobject);
}
ssize_t ib_uverbs_get_context(struct ib_uverbs_file *file, ssize_t ib_uverbs_get_context(struct ib_uverbs_file *file,
const char __user *buf, const char __user *buf,
int in_len, int out_len) int in_len, int out_len)
...@@ -296,7 +470,8 @@ ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file, ...@@ -296,7 +470,8 @@ ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file,
if (!uobj) if (!uobj)
return -ENOMEM; return -ENOMEM;
uobj->context = file->ucontext; init_uobj(uobj, 0, file->ucontext);
down_write(&uobj->mutex);
pd = file->device->ib_dev->alloc_pd(file->device->ib_dev, pd = file->device->ib_dev->alloc_pd(file->device->ib_dev,
file->ucontext, &udata); file->ucontext, &udata);
...@@ -309,11 +484,10 @@ ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file, ...@@ -309,11 +484,10 @@ ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file,
pd->uobject = uobj; pd->uobject = uobj;
atomic_set(&pd->usecnt, 0); atomic_set(&pd->usecnt, 0);
mutex_lock(&ib_uverbs_idr_mutex); uobj->object = pd;
ret = idr_add_uobj(&ib_uverbs_pd_idr, uobj);
ret = idr_add_uobj(&ib_uverbs_pd_idr, pd, uobj);
if (ret) if (ret)
goto err_up; goto err_idr;
memset(&resp, 0, sizeof resp); memset(&resp, 0, sizeof resp);
resp.pd_handle = uobj->id; resp.pd_handle = uobj->id;
...@@ -321,26 +495,27 @@ ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file, ...@@ -321,26 +495,27 @@ ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file,
if (copy_to_user((void __user *) (unsigned long) cmd.response, if (copy_to_user((void __user *) (unsigned long) cmd.response,
&resp, sizeof resp)) { &resp, sizeof resp)) {
ret = -EFAULT; ret = -EFAULT;
goto err_idr; goto err_copy;
} }
mutex_lock(&file->mutex); mutex_lock(&file->mutex);
list_add_tail(&uobj->list, &file->ucontext->pd_list); list_add_tail(&uobj->list, &file->ucontext->pd_list);
mutex_unlock(&file->mutex); mutex_unlock(&file->mutex);
mutex_unlock(&ib_uverbs_idr_mutex); uobj->live = 1;
up_write(&uobj->mutex);
return in_len; return in_len;
err_idr: err_copy:
idr_remove(&ib_uverbs_pd_idr, uobj->id); idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
err_up: err_idr:
mutex_unlock(&ib_uverbs_idr_mutex);
ib_dealloc_pd(pd); ib_dealloc_pd(pd);
err: err:
kfree(uobj); put_uobj_write(uobj);
return ret; return ret;
} }
...@@ -349,37 +524,34 @@ ssize_t ib_uverbs_dealloc_pd(struct ib_uverbs_file *file, ...@@ -349,37 +524,34 @@ ssize_t ib_uverbs_dealloc_pd(struct ib_uverbs_file *file,
int in_len, int out_len) int in_len, int out_len)
{ {
struct ib_uverbs_dealloc_pd cmd; struct ib_uverbs_dealloc_pd cmd;
struct ib_pd *pd;
struct ib_uobject *uobj; struct ib_uobject *uobj;
int ret = -EINVAL; int ret;
if (copy_from_user(&cmd, buf, sizeof cmd)) if (copy_from_user(&cmd, buf, sizeof cmd))
return -EFAULT; return -EFAULT;
mutex_lock(&ib_uverbs_idr_mutex); uobj = idr_write_uobj(&ib_uverbs_pd_idr, cmd.pd_handle, file->ucontext);
if (!uobj)
return -EINVAL;
pd = idr_find(&ib_uverbs_pd_idr, cmd.pd_handle); ret = ib_dealloc_pd(uobj->object);
if (!pd || pd->uobject->context != file->ucontext) if (!ret)
goto out; uobj->live = 0;
uobj = pd->uobject; put_uobj_write(uobj);
ret = ib_dealloc_pd(pd);
if (ret) if (ret)
goto out; return ret;
idr_remove(&ib_uverbs_pd_idr, cmd.pd_handle); idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
mutex_lock(&file->mutex); mutex_lock(&file->mutex);
list_del(&uobj->list); list_del(&uobj->list);
mutex_unlock(&file->mutex); mutex_unlock(&file->mutex);
kfree(uobj); put_uobj(uobj);
out:
mutex_unlock(&ib_uverbs_idr_mutex);
return ret ? ret : in_len; return in_len;
} }
ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file, ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file,
...@@ -419,7 +591,8 @@ ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file, ...@@ -419,7 +591,8 @@ ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file,
if (!obj) if (!obj)
return -ENOMEM; return -ENOMEM;
obj->uobject.context = file->ucontext; init_uobj(&obj->uobject, 0, file->ucontext);
down_write(&obj->uobject.mutex);
/* /*
* We ask for writable memory if any access flags other than * We ask for writable memory if any access flags other than
...@@ -436,23 +609,14 @@ ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file, ...@@ -436,23 +609,14 @@ ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file,
obj->umem.virt_base = cmd.hca_va; obj->umem.virt_base = cmd.hca_va;
mutex_lock(&ib_uverbs_idr_mutex); pd = idr_read_pd(cmd.pd_handle, file->ucontext);
if (!pd)
pd = idr_find(&ib_uverbs_pd_idr, cmd.pd_handle); goto err_release;
if (!pd || pd->uobject->context != file->ucontext) {
ret = -EINVAL;
goto err_up;
}
if (!pd->device->reg_user_mr) {
ret = -ENOSYS;
goto err_up;
}
mr = pd->device->reg_user_mr(pd, &obj->umem, cmd.access_flags, &udata); mr = pd->device->reg_user_mr(pd, &obj->umem, cmd.access_flags, &udata);
if (IS_ERR(mr)) { if (IS_ERR(mr)) {
ret = PTR_ERR(mr); ret = PTR_ERR(mr);
goto err_up; goto err_put;
} }
mr->device = pd->device; mr->device = pd->device;
...@@ -461,43 +625,48 @@ ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file, ...@@ -461,43 +625,48 @@ ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file,
atomic_inc(&pd->usecnt); atomic_inc(&pd->usecnt);
atomic_set(&mr->usecnt, 0); atomic_set(&mr->usecnt, 0);
memset(&resp, 0, sizeof resp); obj->uobject.object = mr;
resp.lkey = mr->lkey; ret = idr_add_uobj(&ib_uverbs_mr_idr, &obj->uobject);
resp.rkey = mr->rkey;
ret = idr_add_uobj(&ib_uverbs_mr_idr, mr, &obj->uobject);
if (ret) if (ret)
goto err_unreg; goto err_unreg;
memset(&resp, 0, sizeof resp);
resp.lkey = mr->lkey;
resp.rkey = mr->rkey;
resp.mr_handle = obj->uobject.id; resp.mr_handle = obj->uobject.id;
if (copy_to_user((void __user *) (unsigned long) cmd.response, if (copy_to_user((void __user *) (unsigned long) cmd.response,
&resp, sizeof resp)) { &resp, sizeof resp)) {
ret = -EFAULT; ret = -EFAULT;
goto err_idr; goto err_copy;
} }
put_pd_read(pd);
mutex_lock(&file->mutex); mutex_lock(&file->mutex);
list_add_tail(&obj->uobject.list, &file->ucontext->mr_list); list_add_tail(&obj->uobject.list, &file->ucontext->mr_list);
mutex_unlock(&file->mutex); mutex_unlock(&file->mutex);
mutex_unlock(&ib_uverbs_idr_mutex); obj->uobject.live = 1;
up_write(&obj->uobject.mutex);
return in_len; return in_len;
err_idr: err_copy:
idr_remove(&ib_uverbs_mr_idr, obj->uobject.id); idr_remove_uobj(&ib_uverbs_mr_idr, &obj->uobject);
err_unreg: err_unreg:
ib_dereg_mr(mr); ib_dereg_mr(mr);
err_up: err_put:
mutex_unlock(&ib_uverbs_idr_mutex); put_pd_read(pd);
err_release:
ib_umem_release(file->device->ib_dev, &obj->umem); ib_umem_release(file->device->ib_dev, &obj->umem);
err_free: err_free:
kfree(obj); put_uobj_write(&obj->uobject);
return ret; return ret;
} }
...@@ -507,37 +676,40 @@ ssize_t ib_uverbs_dereg_mr(struct ib_uverbs_file *file, ...@@ -507,37 +676,40 @@ ssize_t ib_uverbs_dereg_mr(struct ib_uverbs_file *file,
{ {
struct ib_uverbs_dereg_mr cmd; struct ib_uverbs_dereg_mr cmd;
struct ib_mr *mr; struct ib_mr *mr;
struct ib_uobject *uobj;
struct ib_umem_object *memobj; struct ib_umem_object *memobj;
int ret = -EINVAL; int ret = -EINVAL;
if (copy_from_user(&cmd, buf, sizeof cmd)) if (copy_from_user(&cmd, buf, sizeof cmd))
return -EFAULT; return -EFAULT;
mutex_lock(&ib_uverbs_idr_mutex); uobj = idr_write_uobj(&ib_uverbs_mr_idr, cmd.mr_handle, file->ucontext);
if (!uobj)
mr = idr_find(&ib_uverbs_mr_idr, cmd.mr_handle); return -EINVAL;
if (!mr || mr->uobject->context != file->ucontext)
goto out;
memobj = container_of(mr->uobject, struct ib_umem_object, uobject); memobj = container_of(uobj, struct ib_umem_object, uobject);
mr = uobj->object;
ret = ib_dereg_mr(mr); ret = ib_dereg_mr(mr);
if (!ret)
uobj->live = 0;
put_uobj_write(uobj);
if (ret) if (ret)
goto out; return ret;
idr_remove(&ib_uverbs_mr_idr, cmd.mr_handle); idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
mutex_lock(&file->mutex); mutex_lock(&file->mutex);
list_del(&memobj->uobject.list); list_del(&uobj->list);
mutex_unlock(&file->mutex); mutex_unlock(&file->mutex);
ib_umem_release(file->device->ib_dev, &memobj->umem); ib_umem_release(file->device->ib_dev, &memobj->umem);
kfree(memobj);
out: put_uobj(uobj);
mutex_unlock(&ib_uverbs_idr_mutex);
return ret ? ret : in_len; return in_len;
} }
ssize_t ib_uverbs_create_comp_channel(struct ib_uverbs_file *file, ssize_t ib_uverbs_create_comp_channel(struct ib_uverbs_file *file,
...@@ -576,7 +748,7 @@ ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file, ...@@ -576,7 +748,7 @@ ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file,
struct ib_uverbs_create_cq cmd; struct ib_uverbs_create_cq cmd;
struct ib_uverbs_create_cq_resp resp; struct ib_uverbs_create_cq_resp resp;
struct ib_udata udata; struct ib_udata udata;
struct ib_ucq_object *uobj; struct ib_ucq_object *obj;
struct ib_uverbs_event_file *ev_file = NULL; struct ib_uverbs_event_file *ev_file = NULL;
struct ib_cq *cq; struct ib_cq *cq;
int ret; int ret;
...@@ -594,10 +766,13 @@ ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file, ...@@ -594,10 +766,13 @@ ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file,
if (cmd.comp_vector >= file->device->num_comp_vectors) if (cmd.comp_vector >= file->device->num_comp_vectors)
return -EINVAL; return -EINVAL;
uobj = kmalloc(sizeof *uobj, GFP_KERNEL); obj = kmalloc(sizeof *obj, GFP_KERNEL);
if (!uobj) if (!obj)
return -ENOMEM; return -ENOMEM;
init_uobj(&obj->uobject, cmd.user_handle, file->ucontext);
down_write(&obj->uobject.mutex);
if (cmd.comp_channel >= 0) { if (cmd.comp_channel >= 0) {
ev_file = ib_uverbs_lookup_comp_file(cmd.comp_channel); ev_file = ib_uverbs_lookup_comp_file(cmd.comp_channel);
if (!ev_file) { if (!ev_file) {
...@@ -606,63 +781,64 @@ ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file, ...@@ -606,63 +781,64 @@ ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file,
} }
} }
uobj->uobject.user_handle = cmd.user_handle; obj->uverbs_file = file;
uobj->uobject.context = file->ucontext; obj->comp_events_reported = 0;
uobj->uverbs_file = file; obj->async_events_reported = 0;
uobj->comp_events_reported = 0; INIT_LIST_HEAD(&obj->comp_list);
uobj->async_events_reported = 0; INIT_LIST_HEAD(&obj->async_list);
INIT_LIST_HEAD(&uobj->comp_list);
INIT_LIST_HEAD(&uobj->async_list);
cq = file->device->ib_dev->create_cq(file->device->ib_dev, cmd.cqe, cq = file->device->ib_dev->create_cq(file->device->ib_dev, cmd.cqe,
file->ucontext, &udata); file->ucontext, &udata);
if (IS_ERR(cq)) { if (IS_ERR(cq)) {
ret = PTR_ERR(cq); ret = PTR_ERR(cq);
goto err; goto err_file;
} }
cq->device = file->device->ib_dev; cq->device = file->device->ib_dev;
cq->uobject = &uobj->uobject; cq->uobject = &obj->uobject;
cq->comp_handler = ib_uverbs_comp_handler; cq->comp_handler = ib_uverbs_comp_handler;
cq->event_handler = ib_uverbs_cq_event_handler; cq->event_handler = ib_uverbs_cq_event_handler;
cq->cq_context = ev_file; cq->cq_context = ev_file;
atomic_set(&cq->usecnt, 0); atomic_set(&cq->usecnt, 0);
mutex_lock(&ib_uverbs_idr_mutex); obj->uobject.object = cq;
ret = idr_add_uobj(&ib_uverbs_cq_idr, &obj->uobject);
ret = idr_add_uobj(&ib_uverbs_cq_idr, cq, &uobj->uobject);
if (ret) if (ret)
goto err_up; goto err_free;
memset(&resp, 0, sizeof resp); memset(&resp, 0, sizeof resp);
resp.cq_handle = uobj->uobject.id; resp.cq_handle = obj->uobject.id;
resp.cqe = cq->cqe; resp.cqe = cq->cqe;
if (copy_to_user((void __user *) (unsigned long) cmd.response, if (copy_to_user((void __user *) (unsigned long) cmd.response,
&resp, sizeof resp)) { &resp, sizeof resp)) {
ret = -EFAULT; ret = -EFAULT;
goto err_idr; goto err_copy;
} }
mutex_lock(&file->mutex); mutex_lock(&file->mutex);
list_add_tail(&uobj->uobject.list, &file->ucontext->cq_list); list_add_tail(&obj->uobject.list, &file->ucontext->cq_list);
mutex_unlock(&file->mutex); mutex_unlock(&file->mutex);
mutex_unlock(&ib_uverbs_idr_mutex); obj->uobject.live = 1;
up_write(&obj->uobject.mutex);
return in_len; return in_len;
err_idr: err_copy:
idr_remove(&ib_uverbs_cq_idr, uobj->uobject.id); idr_remove_uobj(&ib_uverbs_cq_idr, &obj->uobject);
err_up: err_free:
mutex_unlock(&ib_uverbs_idr_mutex);
ib_destroy_cq(cq); ib_destroy_cq(cq);
err: err_file:
if (ev_file) if (ev_file)
ib_uverbs_release_ucq(file, ev_file, uobj); ib_uverbs_release_ucq(file, ev_file, obj);
kfree(uobj);
err:
put_uobj_write(&obj->uobject);
return ret; return ret;
} }
...@@ -683,11 +859,9 @@ ssize_t ib_uverbs_resize_cq(struct ib_uverbs_file *file, ...@@ -683,11 +859,9 @@ ssize_t ib_uverbs_resize_cq(struct ib_uverbs_file *file,
(unsigned long) cmd.response + sizeof resp, (unsigned long) cmd.response + sizeof resp,
in_len - sizeof cmd, out_len - sizeof resp); in_len - sizeof cmd, out_len - sizeof resp);
mutex_lock(&ib_uverbs_idr_mutex); cq = idr_read_cq(cmd.cq_handle, file->ucontext);
if (!cq)
cq = idr_find(&ib_uverbs_cq_idr, cmd.cq_handle); return -EINVAL;
if (!cq || cq->uobject->context != file->ucontext || !cq->device->resize_cq)
goto out;
ret = cq->device->resize_cq(cq, cmd.cqe, &udata); ret = cq->device->resize_cq(cq, cmd.cqe, &udata);
if (ret) if (ret)
...@@ -701,7 +875,7 @@ ssize_t ib_uverbs_resize_cq(struct ib_uverbs_file *file, ...@@ -701,7 +875,7 @@ ssize_t ib_uverbs_resize_cq(struct ib_uverbs_file *file,
ret = -EFAULT; ret = -EFAULT;
out: out:
mutex_unlock(&ib_uverbs_idr_mutex); put_cq_read(cq);
return ret ? ret : in_len; return ret ? ret : in_len;
} }
...@@ -712,6 +886,7 @@ ssize_t ib_uverbs_poll_cq(struct ib_uverbs_file *file, ...@@ -712,6 +886,7 @@ ssize_t ib_uverbs_poll_cq(struct ib_uverbs_file *file,
{ {
struct ib_uverbs_poll_cq cmd; struct ib_uverbs_poll_cq cmd;
struct ib_uverbs_poll_cq_resp *resp; struct ib_uverbs_poll_cq_resp *resp;
struct ib_uobject *uobj;
struct ib_cq *cq; struct ib_cq *cq;
struct ib_wc *wc; struct ib_wc *wc;
int ret = 0; int ret = 0;
...@@ -732,15 +907,17 @@ ssize_t ib_uverbs_poll_cq(struct ib_uverbs_file *file, ...@@ -732,15 +907,17 @@ ssize_t ib_uverbs_poll_cq(struct ib_uverbs_file *file,
goto out_wc; goto out_wc;
} }
mutex_lock(&ib_uverbs_idr_mutex); uobj = idr_read_uobj(&ib_uverbs_cq_idr, cmd.cq_handle, file->ucontext);
cq = idr_find(&ib_uverbs_cq_idr, cmd.cq_handle); if (!uobj) {
if (!cq || cq->uobject->context != file->ucontext) {
ret = -EINVAL; ret = -EINVAL;
goto out; goto out;
} }
cq = uobj->object;
resp->count = ib_poll_cq(cq, cmd.ne, wc); resp->count = ib_poll_cq(cq, cmd.ne, wc);
put_uobj_read(uobj);
for (i = 0; i < resp->count; i++) { for (i = 0; i < resp->count; i++) {
resp->wc[i].wr_id = wc[i].wr_id; resp->wc[i].wr_id = wc[i].wr_id;
resp->wc[i].status = wc[i].status; resp->wc[i].status = wc[i].status;
...@@ -762,7 +939,6 @@ ssize_t ib_uverbs_poll_cq(struct ib_uverbs_file *file, ...@@ -762,7 +939,6 @@ ssize_t ib_uverbs_poll_cq(struct ib_uverbs_file *file,
ret = -EFAULT; ret = -EFAULT;
out: out:
mutex_unlock(&ib_uverbs_idr_mutex);
kfree(resp); kfree(resp);
out_wc: out_wc:
...@@ -775,22 +951,23 @@ ssize_t ib_uverbs_req_notify_cq(struct ib_uverbs_file *file, ...@@ -775,22 +951,23 @@ ssize_t ib_uverbs_req_notify_cq(struct ib_uverbs_file *file,
int out_len) int out_len)
{ {
struct ib_uverbs_req_notify_cq cmd; struct ib_uverbs_req_notify_cq cmd;
struct ib_uobject *uobj;
struct ib_cq *cq; struct ib_cq *cq;
int ret = -EINVAL;
if (copy_from_user(&cmd, buf, sizeof cmd)) if (copy_from_user(&cmd, buf, sizeof cmd))
return -EFAULT; return -EFAULT;
mutex_lock(&ib_uverbs_idr_mutex); uobj = idr_read_uobj(&ib_uverbs_cq_idr, cmd.cq_handle, file->ucontext);
cq = idr_find(&ib_uverbs_cq_idr, cmd.cq_handle); if (!uobj)
if (cq && cq->uobject->context == file->ucontext) { return -EINVAL;
cq = uobj->object;
ib_req_notify_cq(cq, cmd.solicited_only ? ib_req_notify_cq(cq, cmd.solicited_only ?
IB_CQ_SOLICITED : IB_CQ_NEXT_COMP); IB_CQ_SOLICITED : IB_CQ_NEXT_COMP);
ret = in_len;
}
mutex_unlock(&ib_uverbs_idr_mutex);
return ret; put_uobj_read(uobj);
return in_len;
} }
ssize_t ib_uverbs_destroy_cq(struct ib_uverbs_file *file, ssize_t ib_uverbs_destroy_cq(struct ib_uverbs_file *file,
...@@ -799,52 +976,50 @@ ssize_t ib_uverbs_destroy_cq(struct ib_uverbs_file *file, ...@@ -799,52 +976,50 @@ ssize_t ib_uverbs_destroy_cq(struct ib_uverbs_file *file,
{ {
struct ib_uverbs_destroy_cq cmd; struct ib_uverbs_destroy_cq cmd;
struct ib_uverbs_destroy_cq_resp resp; struct ib_uverbs_destroy_cq_resp resp;
struct ib_uobject *uobj;
struct ib_cq *cq; struct ib_cq *cq;
struct ib_ucq_object *uobj; struct ib_ucq_object *obj;
struct ib_uverbs_event_file *ev_file; struct ib_uverbs_event_file *ev_file;
u64 user_handle;
int ret = -EINVAL; int ret = -EINVAL;
if (copy_from_user(&cmd, buf, sizeof cmd)) if (copy_from_user(&cmd, buf, sizeof cmd))
return -EFAULT; return -EFAULT;
memset(&resp, 0, sizeof resp); uobj = idr_write_uobj(&ib_uverbs_cq_idr, cmd.cq_handle, file->ucontext);
if (!uobj)
mutex_lock(&ib_uverbs_idr_mutex); return -EINVAL;
cq = uobj->object;
cq = idr_find(&ib_uverbs_cq_idr, cmd.cq_handle);
if (!cq || cq->uobject->context != file->ucontext)
goto out;
user_handle = cq->uobject->user_handle;
uobj = container_of(cq->uobject, struct ib_ucq_object, uobject);
ev_file = cq->cq_context; ev_file = cq->cq_context;
obj = container_of(cq->uobject, struct ib_ucq_object, uobject);
ret = ib_destroy_cq(cq); ret = ib_destroy_cq(cq);
if (!ret)
uobj->live = 0;
put_uobj_write(uobj);
if (ret) if (ret)
goto out; return ret;
idr_remove(&ib_uverbs_cq_idr, cmd.cq_handle); idr_remove_uobj(&ib_uverbs_cq_idr, uobj);
mutex_lock(&file->mutex); mutex_lock(&file->mutex);
list_del(&uobj->uobject.list); list_del(&uobj->list);
mutex_unlock(&file->mutex); mutex_unlock(&file->mutex);
ib_uverbs_release_ucq(file, ev_file, uobj); ib_uverbs_release_ucq(file, ev_file, obj);
resp.comp_events_reported = uobj->comp_events_reported; memset(&resp, 0, sizeof resp);
resp.async_events_reported = uobj->async_events_reported; resp.comp_events_reported = obj->comp_events_reported;
resp.async_events_reported = obj->async_events_reported;
kfree(uobj); put_uobj(uobj);
if (copy_to_user((void __user *) (unsigned long) cmd.response, if (copy_to_user((void __user *) (unsigned long) cmd.response,
&resp, sizeof resp)) &resp, sizeof resp))
ret = -EFAULT; return -EFAULT;
out:
mutex_unlock(&ib_uverbs_idr_mutex);
return ret ? ret : in_len; return in_len;
} }
ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file, ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
...@@ -854,7 +1029,7 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file, ...@@ -854,7 +1029,7 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
struct ib_uverbs_create_qp cmd; struct ib_uverbs_create_qp cmd;
struct ib_uverbs_create_qp_resp resp; struct ib_uverbs_create_qp_resp resp;
struct ib_udata udata; struct ib_udata udata;
struct ib_uqp_object *uobj; struct ib_uqp_object *obj;
struct ib_pd *pd; struct ib_pd *pd;
struct ib_cq *scq, *rcq; struct ib_cq *scq, *rcq;
struct ib_srq *srq; struct ib_srq *srq;
...@@ -872,23 +1047,21 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file, ...@@ -872,23 +1047,21 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
(unsigned long) cmd.response + sizeof resp, (unsigned long) cmd.response + sizeof resp,
in_len - sizeof cmd, out_len - sizeof resp); in_len - sizeof cmd, out_len - sizeof resp);
uobj = kmalloc(sizeof *uobj, GFP_KERNEL); obj = kmalloc(sizeof *obj, GFP_KERNEL);
if (!uobj) if (!obj)
return -ENOMEM; return -ENOMEM;
mutex_lock(&ib_uverbs_idr_mutex); init_uobj(&obj->uevent.uobject, cmd.user_handle, file->ucontext);
down_write(&obj->uevent.uobject.mutex);
pd = idr_find(&ib_uverbs_pd_idr, cmd.pd_handle); pd = idr_read_pd(cmd.pd_handle, file->ucontext);
scq = idr_find(&ib_uverbs_cq_idr, cmd.send_cq_handle); scq = idr_read_cq(cmd.send_cq_handle, file->ucontext);
rcq = idr_find(&ib_uverbs_cq_idr, cmd.recv_cq_handle); rcq = idr_read_cq(cmd.recv_cq_handle, file->ucontext);
srq = cmd.is_srq ? idr_find(&ib_uverbs_srq_idr, cmd.srq_handle) : NULL; srq = cmd.is_srq ? idr_read_srq(cmd.srq_handle, file->ucontext) : NULL;
if (!pd || pd->uobject->context != file->ucontext || if (!pd || !scq || !rcq || (cmd.is_srq && !srq)) {
!scq || scq->uobject->context != file->ucontext ||
!rcq || rcq->uobject->context != file->ucontext ||
(cmd.is_srq && (!srq || srq->uobject->context != file->ucontext))) {
ret = -EINVAL; ret = -EINVAL;
goto err_up; goto err_put;
} }
attr.event_handler = ib_uverbs_qp_event_handler; attr.event_handler = ib_uverbs_qp_event_handler;
...@@ -905,16 +1078,14 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file, ...@@ -905,16 +1078,14 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
attr.cap.max_recv_sge = cmd.max_recv_sge; attr.cap.max_recv_sge = cmd.max_recv_sge;
attr.cap.max_inline_data = cmd.max_inline_data; attr.cap.max_inline_data = cmd.max_inline_data;
uobj->uevent.uobject.user_handle = cmd.user_handle; obj->uevent.events_reported = 0;
uobj->uevent.uobject.context = file->ucontext; INIT_LIST_HEAD(&obj->uevent.event_list);
uobj->uevent.events_reported = 0; INIT_LIST_HEAD(&obj->mcast_list);
INIT_LIST_HEAD(&uobj->uevent.event_list);
INIT_LIST_HEAD(&uobj->mcast_list);
qp = pd->device->create_qp(pd, &attr, &udata); qp = pd->device->create_qp(pd, &attr, &udata);
if (IS_ERR(qp)) { if (IS_ERR(qp)) {
ret = PTR_ERR(qp); ret = PTR_ERR(qp);
goto err_up; goto err_put;
} }
qp->device = pd->device; qp->device = pd->device;
...@@ -922,7 +1093,7 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file, ...@@ -922,7 +1093,7 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
qp->send_cq = attr.send_cq; qp->send_cq = attr.send_cq;
qp->recv_cq = attr.recv_cq; qp->recv_cq = attr.recv_cq;
qp->srq = attr.srq; qp->srq = attr.srq;
qp->uobject = &uobj->uevent.uobject; qp->uobject = &obj->uevent.uobject;
qp->event_handler = attr.event_handler; qp->event_handler = attr.event_handler;
qp->qp_context = attr.qp_context; qp->qp_context = attr.qp_context;
qp->qp_type = attr.qp_type; qp->qp_type = attr.qp_type;
...@@ -932,14 +1103,14 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file, ...@@ -932,14 +1103,14 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
if (attr.srq) if (attr.srq)
atomic_inc(&attr.srq->usecnt); atomic_inc(&attr.srq->usecnt);
memset(&resp, 0, sizeof resp); obj->uevent.uobject.object = qp;
resp.qpn = qp->qp_num; ret = idr_add_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
ret = idr_add_uobj(&ib_uverbs_qp_idr, qp, &uobj->uevent.uobject);
if (ret) if (ret)
goto err_destroy; goto err_destroy;
resp.qp_handle = uobj->uevent.uobject.id; memset(&resp, 0, sizeof resp);
resp.qpn = qp->qp_num;
resp.qp_handle = obj->uevent.uobject.id;
resp.max_recv_sge = attr.cap.max_recv_sge; resp.max_recv_sge = attr.cap.max_recv_sge;
resp.max_send_sge = attr.cap.max_send_sge; resp.max_send_sge = attr.cap.max_send_sge;
resp.max_recv_wr = attr.cap.max_recv_wr; resp.max_recv_wr = attr.cap.max_recv_wr;
...@@ -949,27 +1120,42 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file, ...@@ -949,27 +1120,42 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file,
if (copy_to_user((void __user *) (unsigned long) cmd.response, if (copy_to_user((void __user *) (unsigned long) cmd.response,
&resp, sizeof resp)) { &resp, sizeof resp)) {
ret = -EFAULT; ret = -EFAULT;
goto err_idr; goto err_copy;
} }
put_pd_read(pd);
put_cq_read(scq);
put_cq_read(rcq);
if (srq)
put_srq_read(srq);
mutex_lock(&file->mutex); mutex_lock(&file->mutex);
list_add_tail(&uobj->uevent.uobject.list, &file->ucontext->qp_list); list_add_tail(&obj->uevent.uobject.list, &file->ucontext->qp_list);
mutex_unlock(&file->mutex); mutex_unlock(&file->mutex);
mutex_unlock(&ib_uverbs_idr_mutex); obj->uevent.uobject.live = 1;
up_write(&obj->uevent.uobject.mutex);
return in_len; return in_len;
err_idr: err_copy:
idr_remove(&ib_uverbs_qp_idr, uobj->uevent.uobject.id); idr_remove_uobj(&ib_uverbs_qp_idr, &obj->uevent.uobject);
err_destroy: err_destroy:
ib_destroy_qp(qp); ib_destroy_qp(qp);
err_up: err_put:
mutex_unlock(&ib_uverbs_idr_mutex); if (pd)
put_pd_read(pd);
kfree(uobj); if (scq)
put_cq_read(scq);
if (rcq)
put_cq_read(rcq);
if (srq)
put_srq_read(srq);
put_uobj_write(&obj->uevent.uobject);
return ret; return ret;
} }
...@@ -994,15 +1180,15 @@ ssize_t ib_uverbs_query_qp(struct ib_uverbs_file *file, ...@@ -994,15 +1180,15 @@ ssize_t ib_uverbs_query_qp(struct ib_uverbs_file *file,
goto out; goto out;
} }
mutex_lock(&ib_uverbs_idr_mutex); qp = idr_read_qp(cmd.qp_handle, file->ucontext);
if (!qp) {
ret = -EINVAL;
goto out;
}
qp = idr_find(&ib_uverbs_qp_idr, cmd.qp_handle);
if (qp && qp->uobject->context == file->ucontext)
ret = ib_query_qp(qp, attr, cmd.attr_mask, init_attr); ret = ib_query_qp(qp, attr, cmd.attr_mask, init_attr);
else
ret = -EINVAL;
mutex_unlock(&ib_uverbs_idr_mutex); put_qp_read(qp);
if (ret) if (ret)
goto out; goto out;
...@@ -1089,10 +1275,8 @@ ssize_t ib_uverbs_modify_qp(struct ib_uverbs_file *file, ...@@ -1089,10 +1275,8 @@ ssize_t ib_uverbs_modify_qp(struct ib_uverbs_file *file,
if (!attr) if (!attr)
return -ENOMEM; return -ENOMEM;
mutex_lock(&ib_uverbs_idr_mutex); qp = idr_read_qp(cmd.qp_handle, file->ucontext);
if (!qp) {
qp = idr_find(&ib_uverbs_qp_idr, cmd.qp_handle);
if (!qp || qp->uobject->context != file->ucontext) {
ret = -EINVAL; ret = -EINVAL;
goto out; goto out;
} }
...@@ -1144,13 +1328,15 @@ ssize_t ib_uverbs_modify_qp(struct ib_uverbs_file *file, ...@@ -1144,13 +1328,15 @@ ssize_t ib_uverbs_modify_qp(struct ib_uverbs_file *file,
attr->alt_ah_attr.port_num = cmd.alt_dest.port_num; attr->alt_ah_attr.port_num = cmd.alt_dest.port_num;
ret = ib_modify_qp(qp, attr, cmd.attr_mask); ret = ib_modify_qp(qp, attr, cmd.attr_mask);
put_qp_read(qp);
if (ret) if (ret)
goto out; goto out;
ret = in_len; ret = in_len;
out: out:
mutex_unlock(&ib_uverbs_idr_mutex);
kfree(attr); kfree(attr);
return ret; return ret;
...@@ -1162,8 +1348,9 @@ ssize_t ib_uverbs_destroy_qp(struct ib_uverbs_file *file, ...@@ -1162,8 +1348,9 @@ ssize_t ib_uverbs_destroy_qp(struct ib_uverbs_file *file,
{ {
struct ib_uverbs_destroy_qp cmd; struct ib_uverbs_destroy_qp cmd;
struct ib_uverbs_destroy_qp_resp resp; struct ib_uverbs_destroy_qp_resp resp;
struct ib_uobject *uobj;
struct ib_qp *qp; struct ib_qp *qp;
struct ib_uqp_object *uobj; struct ib_uqp_object *obj;
int ret = -EINVAL; int ret = -EINVAL;
if (copy_from_user(&cmd, buf, sizeof cmd)) if (copy_from_user(&cmd, buf, sizeof cmd))
...@@ -1171,43 +1358,43 @@ ssize_t ib_uverbs_destroy_qp(struct ib_uverbs_file *file, ...@@ -1171,43 +1358,43 @@ ssize_t ib_uverbs_destroy_qp(struct ib_uverbs_file *file,
memset(&resp, 0, sizeof resp); memset(&resp, 0, sizeof resp);
mutex_lock(&ib_uverbs_idr_mutex); uobj = idr_write_uobj(&ib_uverbs_qp_idr, cmd.qp_handle, file->ucontext);
if (!uobj)
qp = idr_find(&ib_uverbs_qp_idr, cmd.qp_handle); return -EINVAL;
if (!qp || qp->uobject->context != file->ucontext) qp = uobj->object;
goto out; obj = container_of(uobj, struct ib_uqp_object, uevent.uobject);
uobj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
if (!list_empty(&uobj->mcast_list)) { if (!list_empty(&obj->mcast_list)) {
ret = -EBUSY; put_uobj_write(uobj);
goto out; return -EBUSY;
} }
ret = ib_destroy_qp(qp); ret = ib_destroy_qp(qp);
if (!ret)
uobj->live = 0;
put_uobj_write(uobj);
if (ret) if (ret)
goto out; return ret;
idr_remove(&ib_uverbs_qp_idr, cmd.qp_handle); idr_remove_uobj(&ib_uverbs_qp_idr, uobj);
mutex_lock(&file->mutex); mutex_lock(&file->mutex);
list_del(&uobj->uevent.uobject.list); list_del(&uobj->list);
mutex_unlock(&file->mutex); mutex_unlock(&file->mutex);
ib_uverbs_release_uevent(file, &uobj->uevent); ib_uverbs_release_uevent(file, &obj->uevent);
resp.events_reported = uobj->uevent.events_reported; resp.events_reported = obj->uevent.events_reported;
kfree(uobj); put_uobj(uobj);
if (copy_to_user((void __user *) (unsigned long) cmd.response, if (copy_to_user((void __user *) (unsigned long) cmd.response,
&resp, sizeof resp)) &resp, sizeof resp))
ret = -EFAULT; return -EFAULT;
out:
mutex_unlock(&ib_uverbs_idr_mutex);
return ret ? ret : in_len; return in_len;
} }
ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file, ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
...@@ -1220,6 +1407,7 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file, ...@@ -1220,6 +1407,7 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
struct ib_send_wr *wr = NULL, *last, *next, *bad_wr; struct ib_send_wr *wr = NULL, *last, *next, *bad_wr;
struct ib_qp *qp; struct ib_qp *qp;
int i, sg_ind; int i, sg_ind;
int is_ud;
ssize_t ret = -EINVAL; ssize_t ret = -EINVAL;
if (copy_from_user(&cmd, buf, sizeof cmd)) if (copy_from_user(&cmd, buf, sizeof cmd))
...@@ -1236,12 +1424,11 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file, ...@@ -1236,12 +1424,11 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
if (!user_wr) if (!user_wr)
return -ENOMEM; return -ENOMEM;
mutex_lock(&ib_uverbs_idr_mutex); qp = idr_read_qp(cmd.qp_handle, file->ucontext);
if (!qp)
qp = idr_find(&ib_uverbs_qp_idr, cmd.qp_handle);
if (!qp || qp->uobject->context != file->ucontext)
goto out; goto out;
is_ud = qp->qp_type == IB_QPT_UD;
sg_ind = 0; sg_ind = 0;
last = NULL; last = NULL;
for (i = 0; i < cmd.wr_count; ++i) { for (i = 0; i < cmd.wr_count; ++i) {
...@@ -1249,12 +1436,12 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file, ...@@ -1249,12 +1436,12 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
buf + sizeof cmd + i * cmd.wqe_size, buf + sizeof cmd + i * cmd.wqe_size,
cmd.wqe_size)) { cmd.wqe_size)) {
ret = -EFAULT; ret = -EFAULT;
goto out; goto out_put;
} }
if (user_wr->num_sge + sg_ind > cmd.sge_count) { if (user_wr->num_sge + sg_ind > cmd.sge_count) {
ret = -EINVAL; ret = -EINVAL;
goto out; goto out_put;
} }
next = kmalloc(ALIGN(sizeof *next, sizeof (struct ib_sge)) + next = kmalloc(ALIGN(sizeof *next, sizeof (struct ib_sge)) +
...@@ -1262,7 +1449,7 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file, ...@@ -1262,7 +1449,7 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
GFP_KERNEL); GFP_KERNEL);
if (!next) { if (!next) {
ret = -ENOMEM; ret = -ENOMEM;
goto out; goto out_put;
} }
if (!last) if (!last)
...@@ -1278,12 +1465,12 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file, ...@@ -1278,12 +1465,12 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
next->send_flags = user_wr->send_flags; next->send_flags = user_wr->send_flags;
next->imm_data = (__be32 __force) user_wr->imm_data; next->imm_data = (__be32 __force) user_wr->imm_data;
if (qp->qp_type == IB_QPT_UD) { if (is_ud) {
next->wr.ud.ah = idr_find(&ib_uverbs_ah_idr, next->wr.ud.ah = idr_read_ah(user_wr->wr.ud.ah,
user_wr->wr.ud.ah); file->ucontext);
if (!next->wr.ud.ah) { if (!next->wr.ud.ah) {
ret = -EINVAL; ret = -EINVAL;
goto out; goto out_put;
} }
next->wr.ud.remote_qpn = user_wr->wr.ud.remote_qpn; next->wr.ud.remote_qpn = user_wr->wr.ud.remote_qpn;
next->wr.ud.remote_qkey = user_wr->wr.ud.remote_qkey; next->wr.ud.remote_qkey = user_wr->wr.ud.remote_qkey;
...@@ -1320,7 +1507,7 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file, ...@@ -1320,7 +1507,7 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
sg_ind * sizeof (struct ib_sge), sg_ind * sizeof (struct ib_sge),
next->num_sge * sizeof (struct ib_sge))) { next->num_sge * sizeof (struct ib_sge))) {
ret = -EFAULT; ret = -EFAULT;
goto out; goto out_put;
} }
sg_ind += next->num_sge; sg_ind += next->num_sge;
} else } else
...@@ -1340,10 +1527,13 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file, ...@@ -1340,10 +1527,13 @@ ssize_t ib_uverbs_post_send(struct ib_uverbs_file *file,
&resp, sizeof resp)) &resp, sizeof resp))
ret = -EFAULT; ret = -EFAULT;
out: out_put:
mutex_unlock(&ib_uverbs_idr_mutex); put_qp_read(qp);
out:
while (wr) { while (wr) {
if (is_ud && wr->wr.ud.ah)
put_ah_read(wr->wr.ud.ah);
next = wr->next; next = wr->next;
kfree(wr); kfree(wr);
wr = next; wr = next;
...@@ -1458,14 +1648,15 @@ ssize_t ib_uverbs_post_recv(struct ib_uverbs_file *file, ...@@ -1458,14 +1648,15 @@ ssize_t ib_uverbs_post_recv(struct ib_uverbs_file *file,
if (IS_ERR(wr)) if (IS_ERR(wr))
return PTR_ERR(wr); return PTR_ERR(wr);
mutex_lock(&ib_uverbs_idr_mutex); qp = idr_read_qp(cmd.qp_handle, file->ucontext);
if (!qp)
qp = idr_find(&ib_uverbs_qp_idr, cmd.qp_handle);
if (!qp || qp->uobject->context != file->ucontext)
goto out; goto out;
resp.bad_wr = 0; resp.bad_wr = 0;
ret = qp->device->post_recv(qp, wr, &bad_wr); ret = qp->device->post_recv(qp, wr, &bad_wr);
put_qp_read(qp);
if (ret) if (ret)
for (next = wr; next; next = next->next) { for (next = wr; next; next = next->next) {
++resp.bad_wr; ++resp.bad_wr;
...@@ -1479,8 +1670,6 @@ ssize_t ib_uverbs_post_recv(struct ib_uverbs_file *file, ...@@ -1479,8 +1670,6 @@ ssize_t ib_uverbs_post_recv(struct ib_uverbs_file *file,
ret = -EFAULT; ret = -EFAULT;
out: out:
mutex_unlock(&ib_uverbs_idr_mutex);
while (wr) { while (wr) {
next = wr->next; next = wr->next;
kfree(wr); kfree(wr);
...@@ -1509,14 +1698,15 @@ ssize_t ib_uverbs_post_srq_recv(struct ib_uverbs_file *file, ...@@ -1509,14 +1698,15 @@ ssize_t ib_uverbs_post_srq_recv(struct ib_uverbs_file *file,
if (IS_ERR(wr)) if (IS_ERR(wr))
return PTR_ERR(wr); return PTR_ERR(wr);
mutex_lock(&ib_uverbs_idr_mutex); srq = idr_read_srq(cmd.srq_handle, file->ucontext);
if (!srq)
srq = idr_find(&ib_uverbs_srq_idr, cmd.srq_handle);
if (!srq || srq->uobject->context != file->ucontext)
goto out; goto out;
resp.bad_wr = 0; resp.bad_wr = 0;
ret = srq->device->post_srq_recv(srq, wr, &bad_wr); ret = srq->device->post_srq_recv(srq, wr, &bad_wr);
put_srq_read(srq);
if (ret) if (ret)
for (next = wr; next; next = next->next) { for (next = wr; next; next = next->next) {
++resp.bad_wr; ++resp.bad_wr;
...@@ -1530,8 +1720,6 @@ ssize_t ib_uverbs_post_srq_recv(struct ib_uverbs_file *file, ...@@ -1530,8 +1720,6 @@ ssize_t ib_uverbs_post_srq_recv(struct ib_uverbs_file *file,
ret = -EFAULT; ret = -EFAULT;
out: out:
mutex_unlock(&ib_uverbs_idr_mutex);
while (wr) { while (wr) {
next = wr->next; next = wr->next;
kfree(wr); kfree(wr);
...@@ -1563,17 +1751,15 @@ ssize_t ib_uverbs_create_ah(struct ib_uverbs_file *file, ...@@ -1563,17 +1751,15 @@ ssize_t ib_uverbs_create_ah(struct ib_uverbs_file *file,
if (!uobj) if (!uobj)
return -ENOMEM; return -ENOMEM;
mutex_lock(&ib_uverbs_idr_mutex); init_uobj(uobj, cmd.user_handle, file->ucontext);
down_write(&uobj->mutex);
pd = idr_find(&ib_uverbs_pd_idr, cmd.pd_handle); pd = idr_read_pd(cmd.pd_handle, file->ucontext);
if (!pd || pd->uobject->context != file->ucontext) { if (!pd) {
ret = -EINVAL; ret = -EINVAL;
goto err_up; goto err;
} }
uobj->user_handle = cmd.user_handle;
uobj->context = file->ucontext;
attr.dlid = cmd.attr.dlid; attr.dlid = cmd.attr.dlid;
attr.sl = cmd.attr.sl; attr.sl = cmd.attr.sl;
attr.src_path_bits = cmd.attr.src_path_bits; attr.src_path_bits = cmd.attr.src_path_bits;
...@@ -1589,12 +1775,13 @@ ssize_t ib_uverbs_create_ah(struct ib_uverbs_file *file, ...@@ -1589,12 +1775,13 @@ ssize_t ib_uverbs_create_ah(struct ib_uverbs_file *file,
ah = ib_create_ah(pd, &attr); ah = ib_create_ah(pd, &attr);
if (IS_ERR(ah)) { if (IS_ERR(ah)) {
ret = PTR_ERR(ah); ret = PTR_ERR(ah);
goto err_up; goto err;
} }
ah->uobject = uobj; ah->uobject = uobj;
uobj->object = ah;
ret = idr_add_uobj(&ib_uverbs_ah_idr, ah, uobj); ret = idr_add_uobj(&ib_uverbs_ah_idr, uobj);
if (ret) if (ret)
goto err_destroy; goto err_destroy;
...@@ -1603,27 +1790,29 @@ ssize_t ib_uverbs_create_ah(struct ib_uverbs_file *file, ...@@ -1603,27 +1790,29 @@ ssize_t ib_uverbs_create_ah(struct ib_uverbs_file *file,
if (copy_to_user((void __user *) (unsigned long) cmd.response, if (copy_to_user((void __user *) (unsigned long) cmd.response,
&resp, sizeof resp)) { &resp, sizeof resp)) {
ret = -EFAULT; ret = -EFAULT;
goto err_idr; goto err_copy;
} }
put_pd_read(pd);
mutex_lock(&file->mutex); mutex_lock(&file->mutex);
list_add_tail(&uobj->list, &file->ucontext->ah_list); list_add_tail(&uobj->list, &file->ucontext->ah_list);
mutex_unlock(&file->mutex); mutex_unlock(&file->mutex);
mutex_unlock(&ib_uverbs_idr_mutex); uobj->live = 1;
up_write(&uobj->mutex);
return in_len; return in_len;
err_idr: err_copy:
idr_remove(&ib_uverbs_ah_idr, uobj->id); idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
err_destroy: err_destroy:
ib_destroy_ah(ah); ib_destroy_ah(ah);
err_up: err:
mutex_unlock(&ib_uverbs_idr_mutex); put_uobj_write(uobj);
kfree(uobj);
return ret; return ret;
} }
...@@ -1633,35 +1822,34 @@ ssize_t ib_uverbs_destroy_ah(struct ib_uverbs_file *file, ...@@ -1633,35 +1822,34 @@ ssize_t ib_uverbs_destroy_ah(struct ib_uverbs_file *file,
struct ib_uverbs_destroy_ah cmd; struct ib_uverbs_destroy_ah cmd;
struct ib_ah *ah; struct ib_ah *ah;
struct ib_uobject *uobj; struct ib_uobject *uobj;
int ret = -EINVAL; int ret;
if (copy_from_user(&cmd, buf, sizeof cmd)) if (copy_from_user(&cmd, buf, sizeof cmd))
return -EFAULT; return -EFAULT;
mutex_lock(&ib_uverbs_idr_mutex); uobj = idr_write_uobj(&ib_uverbs_ah_idr, cmd.ah_handle, file->ucontext);
if (!uobj)
return -EINVAL;
ah = uobj->object;
ah = idr_find(&ib_uverbs_ah_idr, cmd.ah_handle); ret = ib_destroy_ah(ah);
if (!ah || ah->uobject->context != file->ucontext) if (!ret)
goto out; uobj->live = 0;
uobj = ah->uobject; put_uobj_write(uobj);
ret = ib_destroy_ah(ah);
if (ret) if (ret)
goto out; return ret;
idr_remove(&ib_uverbs_ah_idr, cmd.ah_handle); idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
mutex_lock(&file->mutex); mutex_lock(&file->mutex);
list_del(&uobj->list); list_del(&uobj->list);
mutex_unlock(&file->mutex); mutex_unlock(&file->mutex);
kfree(uobj); put_uobj(uobj);
out: return in_len;
mutex_unlock(&ib_uverbs_idr_mutex);
return ret ? ret : in_len;
} }
ssize_t ib_uverbs_attach_mcast(struct ib_uverbs_file *file, ssize_t ib_uverbs_attach_mcast(struct ib_uverbs_file *file,
...@@ -1670,47 +1858,43 @@ ssize_t ib_uverbs_attach_mcast(struct ib_uverbs_file *file, ...@@ -1670,47 +1858,43 @@ ssize_t ib_uverbs_attach_mcast(struct ib_uverbs_file *file,
{ {
struct ib_uverbs_attach_mcast cmd; struct ib_uverbs_attach_mcast cmd;
struct ib_qp *qp; struct ib_qp *qp;
struct ib_uqp_object *uobj; struct ib_uqp_object *obj;
struct ib_uverbs_mcast_entry *mcast; struct ib_uverbs_mcast_entry *mcast;
int ret = -EINVAL; int ret;
if (copy_from_user(&cmd, buf, sizeof cmd)) if (copy_from_user(&cmd, buf, sizeof cmd))
return -EFAULT; return -EFAULT;
mutex_lock(&ib_uverbs_idr_mutex); qp = idr_read_qp(cmd.qp_handle, file->ucontext);
if (!qp)
qp = idr_find(&ib_uverbs_qp_idr, cmd.qp_handle); return -EINVAL;
if (!qp || qp->uobject->context != file->ucontext)
goto out;
uobj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject); obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
list_for_each_entry(mcast, &uobj->mcast_list, list) list_for_each_entry(mcast, &obj->mcast_list, list)
if (cmd.mlid == mcast->lid && if (cmd.mlid == mcast->lid &&
!memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) { !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
ret = 0; ret = 0;
goto out; goto out_put;
} }
mcast = kmalloc(sizeof *mcast, GFP_KERNEL); mcast = kmalloc(sizeof *mcast, GFP_KERNEL);
if (!mcast) { if (!mcast) {
ret = -ENOMEM; ret = -ENOMEM;
goto out; goto out_put;
} }
mcast->lid = cmd.mlid; mcast->lid = cmd.mlid;
memcpy(mcast->gid.raw, cmd.gid, sizeof mcast->gid.raw); memcpy(mcast->gid.raw, cmd.gid, sizeof mcast->gid.raw);
ret = ib_attach_mcast(qp, &mcast->gid, cmd.mlid); ret = ib_attach_mcast(qp, &mcast->gid, cmd.mlid);
if (!ret) { if (!ret)
uobj = container_of(qp->uobject, struct ib_uqp_object, list_add_tail(&mcast->list, &obj->mcast_list);
uevent.uobject); else
list_add_tail(&mcast->list, &uobj->mcast_list);
} else
kfree(mcast); kfree(mcast);
out: out_put:
mutex_unlock(&ib_uverbs_idr_mutex); put_qp_read(qp);
return ret ? ret : in_len; return ret ? ret : in_len;
} }
...@@ -1720,7 +1904,7 @@ ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *file, ...@@ -1720,7 +1904,7 @@ ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *file,
int out_len) int out_len)
{ {
struct ib_uverbs_detach_mcast cmd; struct ib_uverbs_detach_mcast cmd;
struct ib_uqp_object *uobj; struct ib_uqp_object *obj;
struct ib_qp *qp; struct ib_qp *qp;
struct ib_uverbs_mcast_entry *mcast; struct ib_uverbs_mcast_entry *mcast;
int ret = -EINVAL; int ret = -EINVAL;
...@@ -1728,19 +1912,17 @@ ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *file, ...@@ -1728,19 +1912,17 @@ ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *file,
if (copy_from_user(&cmd, buf, sizeof cmd)) if (copy_from_user(&cmd, buf, sizeof cmd))
return -EFAULT; return -EFAULT;
mutex_lock(&ib_uverbs_idr_mutex); qp = idr_read_qp(cmd.qp_handle, file->ucontext);
if (!qp)
qp = idr_find(&ib_uverbs_qp_idr, cmd.qp_handle); return -EINVAL;
if (!qp || qp->uobject->context != file->ucontext)
goto out;
ret = ib_detach_mcast(qp, (union ib_gid *) cmd.gid, cmd.mlid); ret = ib_detach_mcast(qp, (union ib_gid *) cmd.gid, cmd.mlid);
if (ret) if (ret)
goto out; goto out_put;
uobj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject); obj = container_of(qp->uobject, struct ib_uqp_object, uevent.uobject);
list_for_each_entry(mcast, &uobj->mcast_list, list) list_for_each_entry(mcast, &obj->mcast_list, list)
if (cmd.mlid == mcast->lid && if (cmd.mlid == mcast->lid &&
!memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) { !memcmp(cmd.gid, mcast->gid.raw, sizeof mcast->gid.raw)) {
list_del(&mcast->list); list_del(&mcast->list);
...@@ -1748,8 +1930,8 @@ ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *file, ...@@ -1748,8 +1930,8 @@ ssize_t ib_uverbs_detach_mcast(struct ib_uverbs_file *file,
break; break;
} }
out: out_put:
mutex_unlock(&ib_uverbs_idr_mutex); put_qp_read(qp);
return ret ? ret : in_len; return ret ? ret : in_len;
} }
...@@ -1761,7 +1943,7 @@ ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file, ...@@ -1761,7 +1943,7 @@ ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file,
struct ib_uverbs_create_srq cmd; struct ib_uverbs_create_srq cmd;
struct ib_uverbs_create_srq_resp resp; struct ib_uverbs_create_srq_resp resp;
struct ib_udata udata; struct ib_udata udata;
struct ib_uevent_object *uobj; struct ib_uevent_object *obj;
struct ib_pd *pd; struct ib_pd *pd;
struct ib_srq *srq; struct ib_srq *srq;
struct ib_srq_init_attr attr; struct ib_srq_init_attr attr;
...@@ -1777,17 +1959,17 @@ ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file, ...@@ -1777,17 +1959,17 @@ ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file,
(unsigned long) cmd.response + sizeof resp, (unsigned long) cmd.response + sizeof resp,
in_len - sizeof cmd, out_len - sizeof resp); in_len - sizeof cmd, out_len - sizeof resp);
uobj = kmalloc(sizeof *uobj, GFP_KERNEL); obj = kmalloc(sizeof *obj, GFP_KERNEL);
if (!uobj) if (!obj)
return -ENOMEM; return -ENOMEM;
mutex_lock(&ib_uverbs_idr_mutex); init_uobj(&obj->uobject, 0, file->ucontext);
down_write(&obj->uobject.mutex);
pd = idr_find(&ib_uverbs_pd_idr, cmd.pd_handle); pd = idr_read_pd(cmd.pd_handle, file->ucontext);
if (!pd) {
if (!pd || pd->uobject->context != file->ucontext) {
ret = -EINVAL; ret = -EINVAL;
goto err_up; goto err;
} }
attr.event_handler = ib_uverbs_srq_event_handler; attr.event_handler = ib_uverbs_srq_event_handler;
...@@ -1796,59 +1978,59 @@ ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file, ...@@ -1796,59 +1978,59 @@ ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file,
attr.attr.max_sge = cmd.max_sge; attr.attr.max_sge = cmd.max_sge;
attr.attr.srq_limit = cmd.srq_limit; attr.attr.srq_limit = cmd.srq_limit;
uobj->uobject.user_handle = cmd.user_handle; obj->events_reported = 0;
uobj->uobject.context = file->ucontext; INIT_LIST_HEAD(&obj->event_list);
uobj->events_reported = 0;
INIT_LIST_HEAD(&uobj->event_list);
srq = pd->device->create_srq(pd, &attr, &udata); srq = pd->device->create_srq(pd, &attr, &udata);
if (IS_ERR(srq)) { if (IS_ERR(srq)) {
ret = PTR_ERR(srq); ret = PTR_ERR(srq);
goto err_up; goto err;
} }
srq->device = pd->device; srq->device = pd->device;
srq->pd = pd; srq->pd = pd;
srq->uobject = &uobj->uobject; srq->uobject = &obj->uobject;
srq->event_handler = attr.event_handler; srq->event_handler = attr.event_handler;
srq->srq_context = attr.srq_context; srq->srq_context = attr.srq_context;
atomic_inc(&pd->usecnt); atomic_inc(&pd->usecnt);
atomic_set(&srq->usecnt, 0); atomic_set(&srq->usecnt, 0);
memset(&resp, 0, sizeof resp); obj->uobject.object = srq;
ret = idr_add_uobj(&ib_uverbs_srq_idr, &obj->uobject);
ret = idr_add_uobj(&ib_uverbs_srq_idr, srq, &uobj->uobject);
if (ret) if (ret)
goto err_destroy; goto err_destroy;
resp.srq_handle = uobj->uobject.id; memset(&resp, 0, sizeof resp);
resp.srq_handle = obj->uobject.id;
resp.max_wr = attr.attr.max_wr; resp.max_wr = attr.attr.max_wr;
resp.max_sge = attr.attr.max_sge; resp.max_sge = attr.attr.max_sge;
if (copy_to_user((void __user *) (unsigned long) cmd.response, if (copy_to_user((void __user *) (unsigned long) cmd.response,
&resp, sizeof resp)) { &resp, sizeof resp)) {
ret = -EFAULT; ret = -EFAULT;
goto err_idr; goto err_copy;
} }
put_pd_read(pd);
mutex_lock(&file->mutex); mutex_lock(&file->mutex);
list_add_tail(&uobj->uobject.list, &file->ucontext->srq_list); list_add_tail(&obj->uobject.list, &file->ucontext->srq_list);
mutex_unlock(&file->mutex); mutex_unlock(&file->mutex);
mutex_unlock(&ib_uverbs_idr_mutex); obj->uobject.live = 1;
up_write(&obj->uobject.mutex);
return in_len; return in_len;
err_idr: err_copy:
idr_remove(&ib_uverbs_srq_idr, uobj->uobject.id); idr_remove_uobj(&ib_uverbs_srq_idr, &obj->uobject);
err_destroy: err_destroy:
ib_destroy_srq(srq); ib_destroy_srq(srq);
err_up: err:
mutex_unlock(&ib_uverbs_idr_mutex); put_uobj_write(&obj->uobject);
kfree(uobj);
return ret; return ret;
} }
...@@ -1864,21 +2046,16 @@ ssize_t ib_uverbs_modify_srq(struct ib_uverbs_file *file, ...@@ -1864,21 +2046,16 @@ ssize_t ib_uverbs_modify_srq(struct ib_uverbs_file *file,
if (copy_from_user(&cmd, buf, sizeof cmd)) if (copy_from_user(&cmd, buf, sizeof cmd))
return -EFAULT; return -EFAULT;
mutex_lock(&ib_uverbs_idr_mutex); srq = idr_read_srq(cmd.srq_handle, file->ucontext);
if (!srq)
srq = idr_find(&ib_uverbs_srq_idr, cmd.srq_handle); return -EINVAL;
if (!srq || srq->uobject->context != file->ucontext) {
ret = -EINVAL;
goto out;
}
attr.max_wr = cmd.max_wr; attr.max_wr = cmd.max_wr;
attr.srq_limit = cmd.srq_limit; attr.srq_limit = cmd.srq_limit;
ret = ib_modify_srq(srq, &attr, cmd.attr_mask); ret = ib_modify_srq(srq, &attr, cmd.attr_mask);
out: put_srq_read(srq);
mutex_unlock(&ib_uverbs_idr_mutex);
return ret ? ret : in_len; return ret ? ret : in_len;
} }
...@@ -1899,18 +2076,16 @@ ssize_t ib_uverbs_query_srq(struct ib_uverbs_file *file, ...@@ -1899,18 +2076,16 @@ ssize_t ib_uverbs_query_srq(struct ib_uverbs_file *file,
if (copy_from_user(&cmd, buf, sizeof cmd)) if (copy_from_user(&cmd, buf, sizeof cmd))
return -EFAULT; return -EFAULT;
mutex_lock(&ib_uverbs_idr_mutex); srq = idr_read_srq(cmd.srq_handle, file->ucontext);
if (!srq)
return -EINVAL;
srq = idr_find(&ib_uverbs_srq_idr, cmd.srq_handle);
if (srq && srq->uobject->context == file->ucontext)
ret = ib_query_srq(srq, &attr); ret = ib_query_srq(srq, &attr);
else
ret = -EINVAL;
mutex_unlock(&ib_uverbs_idr_mutex); put_srq_read(srq);
if (ret) if (ret)
goto out; return ret;
memset(&resp, 0, sizeof resp); memset(&resp, 0, sizeof resp);
...@@ -1920,10 +2095,9 @@ ssize_t ib_uverbs_query_srq(struct ib_uverbs_file *file, ...@@ -1920,10 +2095,9 @@ ssize_t ib_uverbs_query_srq(struct ib_uverbs_file *file,
if (copy_to_user((void __user *) (unsigned long) cmd.response, if (copy_to_user((void __user *) (unsigned long) cmd.response,
&resp, sizeof resp)) &resp, sizeof resp))
ret = -EFAULT; return -EFAULT;
out: return in_len;
return ret ? ret : in_len;
} }
ssize_t ib_uverbs_destroy_srq(struct ib_uverbs_file *file, ssize_t ib_uverbs_destroy_srq(struct ib_uverbs_file *file,
...@@ -1932,45 +2106,45 @@ ssize_t ib_uverbs_destroy_srq(struct ib_uverbs_file *file, ...@@ -1932,45 +2106,45 @@ ssize_t ib_uverbs_destroy_srq(struct ib_uverbs_file *file,
{ {
struct ib_uverbs_destroy_srq cmd; struct ib_uverbs_destroy_srq cmd;
struct ib_uverbs_destroy_srq_resp resp; struct ib_uverbs_destroy_srq_resp resp;
struct ib_uobject *uobj;
struct ib_srq *srq; struct ib_srq *srq;
struct ib_uevent_object *uobj; struct ib_uevent_object *obj;
int ret = -EINVAL; int ret = -EINVAL;
if (copy_from_user(&cmd, buf, sizeof cmd)) if (copy_from_user(&cmd, buf, sizeof cmd))
return -EFAULT; return -EFAULT;
mutex_lock(&ib_uverbs_idr_mutex); uobj = idr_write_uobj(&ib_uverbs_srq_idr, cmd.srq_handle, file->ucontext);
if (!uobj)
memset(&resp, 0, sizeof resp); return -EINVAL;
srq = uobj->object;
obj = container_of(uobj, struct ib_uevent_object, uobject);
srq = idr_find(&ib_uverbs_srq_idr, cmd.srq_handle); ret = ib_destroy_srq(srq);
if (!srq || srq->uobject->context != file->ucontext) if (!ret)
goto out; uobj->live = 0;
uobj = container_of(srq->uobject, struct ib_uevent_object, uobject); put_uobj_write(uobj);
ret = ib_destroy_srq(srq);
if (ret) if (ret)
goto out; return ret;
idr_remove(&ib_uverbs_srq_idr, cmd.srq_handle); idr_remove_uobj(&ib_uverbs_srq_idr, uobj);
mutex_lock(&file->mutex); mutex_lock(&file->mutex);
list_del(&uobj->uobject.list); list_del(&uobj->list);
mutex_unlock(&file->mutex); mutex_unlock(&file->mutex);
ib_uverbs_release_uevent(file, uobj); ib_uverbs_release_uevent(file, obj);
resp.events_reported = uobj->events_reported; memset(&resp, 0, sizeof resp);
resp.events_reported = obj->events_reported;
kfree(uobj); put_uobj(uobj);
if (copy_to_user((void __user *) (unsigned long) cmd.response, if (copy_to_user((void __user *) (unsigned long) cmd.response,
&resp, sizeof resp)) &resp, sizeof resp))
ret = -EFAULT; ret = -EFAULT;
out:
mutex_unlock(&ib_uverbs_idr_mutex);
return ret ? ret : in_len; return ret ? ret : in_len;
} }
...@@ -66,7 +66,7 @@ enum { ...@@ -66,7 +66,7 @@ enum {
static struct class *uverbs_class; static struct class *uverbs_class;
DEFINE_MUTEX(ib_uverbs_idr_mutex); DEFINE_SPINLOCK(ib_uverbs_idr_lock);
DEFINE_IDR(ib_uverbs_pd_idr); DEFINE_IDR(ib_uverbs_pd_idr);
DEFINE_IDR(ib_uverbs_mr_idr); DEFINE_IDR(ib_uverbs_mr_idr);
DEFINE_IDR(ib_uverbs_mw_idr); DEFINE_IDR(ib_uverbs_mw_idr);
...@@ -183,21 +183,21 @@ static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file, ...@@ -183,21 +183,21 @@ static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file,
if (!context) if (!context)
return 0; return 0;
mutex_lock(&ib_uverbs_idr_mutex);
list_for_each_entry_safe(uobj, tmp, &context->ah_list, list) { list_for_each_entry_safe(uobj, tmp, &context->ah_list, list) {
struct ib_ah *ah = idr_find(&ib_uverbs_ah_idr, uobj->id); struct ib_ah *ah = uobj->object;
idr_remove(&ib_uverbs_ah_idr, uobj->id);
idr_remove_uobj(&ib_uverbs_ah_idr, uobj);
ib_destroy_ah(ah); ib_destroy_ah(ah);
list_del(&uobj->list); list_del(&uobj->list);
kfree(uobj); kfree(uobj);
} }
list_for_each_entry_safe(uobj, tmp, &context->qp_list, list) { list_for_each_entry_safe(uobj, tmp, &context->qp_list, list) {
struct ib_qp *qp = idr_find(&ib_uverbs_qp_idr, uobj->id); struct ib_qp *qp = uobj->object;
struct ib_uqp_object *uqp = struct ib_uqp_object *uqp =
container_of(uobj, struct ib_uqp_object, uevent.uobject); container_of(uobj, struct ib_uqp_object, uevent.uobject);
idr_remove(&ib_uverbs_qp_idr, uobj->id);
idr_remove_uobj(&ib_uverbs_qp_idr, uobj);
ib_uverbs_detach_umcast(qp, uqp); ib_uverbs_detach_umcast(qp, uqp);
ib_destroy_qp(qp); ib_destroy_qp(qp);
list_del(&uobj->list); list_del(&uobj->list);
...@@ -206,11 +206,12 @@ static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file, ...@@ -206,11 +206,12 @@ static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file,
} }
list_for_each_entry_safe(uobj, tmp, &context->cq_list, list) { list_for_each_entry_safe(uobj, tmp, &context->cq_list, list) {
struct ib_cq *cq = idr_find(&ib_uverbs_cq_idr, uobj->id); struct ib_cq *cq = uobj->object;
struct ib_uverbs_event_file *ev_file = cq->cq_context; struct ib_uverbs_event_file *ev_file = cq->cq_context;
struct ib_ucq_object *ucq = struct ib_ucq_object *ucq =
container_of(uobj, struct ib_ucq_object, uobject); container_of(uobj, struct ib_ucq_object, uobject);
idr_remove(&ib_uverbs_cq_idr, uobj->id);
idr_remove_uobj(&ib_uverbs_cq_idr, uobj);
ib_destroy_cq(cq); ib_destroy_cq(cq);
list_del(&uobj->list); list_del(&uobj->list);
ib_uverbs_release_ucq(file, ev_file, ucq); ib_uverbs_release_ucq(file, ev_file, ucq);
...@@ -218,10 +219,11 @@ static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file, ...@@ -218,10 +219,11 @@ static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file,
} }
list_for_each_entry_safe(uobj, tmp, &context->srq_list, list) { list_for_each_entry_safe(uobj, tmp, &context->srq_list, list) {
struct ib_srq *srq = idr_find(&ib_uverbs_srq_idr, uobj->id); struct ib_srq *srq = uobj->object;
struct ib_uevent_object *uevent = struct ib_uevent_object *uevent =
container_of(uobj, struct ib_uevent_object, uobject); container_of(uobj, struct ib_uevent_object, uobject);
idr_remove(&ib_uverbs_srq_idr, uobj->id);
idr_remove_uobj(&ib_uverbs_srq_idr, uobj);
ib_destroy_srq(srq); ib_destroy_srq(srq);
list_del(&uobj->list); list_del(&uobj->list);
ib_uverbs_release_uevent(file, uevent); ib_uverbs_release_uevent(file, uevent);
...@@ -231,11 +233,11 @@ static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file, ...@@ -231,11 +233,11 @@ static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file,
/* XXX Free MWs */ /* XXX Free MWs */
list_for_each_entry_safe(uobj, tmp, &context->mr_list, list) { list_for_each_entry_safe(uobj, tmp, &context->mr_list, list) {
struct ib_mr *mr = idr_find(&ib_uverbs_mr_idr, uobj->id); struct ib_mr *mr = uobj->object;
struct ib_device *mrdev = mr->device; struct ib_device *mrdev = mr->device;
struct ib_umem_object *memobj; struct ib_umem_object *memobj;
idr_remove(&ib_uverbs_mr_idr, uobj->id); idr_remove_uobj(&ib_uverbs_mr_idr, uobj);
ib_dereg_mr(mr); ib_dereg_mr(mr);
memobj = container_of(uobj, struct ib_umem_object, uobject); memobj = container_of(uobj, struct ib_umem_object, uobject);
...@@ -246,15 +248,14 @@ static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file, ...@@ -246,15 +248,14 @@ static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file,
} }
list_for_each_entry_safe(uobj, tmp, &context->pd_list, list) { list_for_each_entry_safe(uobj, tmp, &context->pd_list, list) {
struct ib_pd *pd = idr_find(&ib_uverbs_pd_idr, uobj->id); struct ib_pd *pd = uobj->object;
idr_remove(&ib_uverbs_pd_idr, uobj->id);
idr_remove_uobj(&ib_uverbs_pd_idr, uobj);
ib_dealloc_pd(pd); ib_dealloc_pd(pd);
list_del(&uobj->list); list_del(&uobj->list);
kfree(uobj); kfree(uobj);
} }
mutex_unlock(&ib_uverbs_idr_mutex);
return context->device->dealloc_ucontext(context); return context->device->dealloc_ucontext(context);
} }
......
...@@ -697,8 +697,12 @@ struct ib_ucontext { ...@@ -697,8 +697,12 @@ struct ib_ucontext {
struct ib_uobject { struct ib_uobject {
u64 user_handle; /* handle given to us by userspace */ u64 user_handle; /* handle given to us by userspace */
struct ib_ucontext *context; /* associated user context */ struct ib_ucontext *context; /* associated user context */
void *object; /* containing object */
struct list_head list; /* link to context's list */ struct list_head list; /* link to context's list */
u32 id; /* index into kernel idr */ u32 id; /* index into kernel idr */
struct kref ref;
struct rw_semaphore mutex; /* protects .live */
int live;
}; };
struct ib_umem { struct ib_umem {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment