rdma_core.c source code [linux/drivers/infiniband/core/rdma_core.c]

1	/*
2	* Copyright (c) 2016, Mellanox Technologies inc. All rights reserved.
3	*
4	* This software is available to you under a choice of one of two
5	* licenses. You may choose to be licensed under the terms of the GNU
6	* General Public License (GPL) Version 2, available from the file
7	* COPYING in the main directory of this source tree, or the
8	* OpenIB.org BSD license below:
9	*
10	* Redistribution and use in source and binary forms, with or
11	* without modification, are permitted provided that the following
12	* conditions are met:
13	*
14	* - Redistributions of source code must retain the above
15	* copyright notice, this list of conditions and the following
16	* disclaimer.
17	*
18	* - Redistributions in binary form must reproduce the above
19	* copyright notice, this list of conditions and the following
20	* disclaimer in the documentation and/or other materials
21	* provided with the distribution.
22	*
23	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24	* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25	* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26	* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27	* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28	* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29	* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
30	* SOFTWARE.
31	*/
32
33	#include <linux/file.h>
34	#include <linux/anon_inodes.h>
35	#include <linux/sched/mm.h>
36	#include <rdma/ib_verbs.h>
37	#include <rdma/uverbs_types.h>
38	#include <linux/rcupdate.h>
39	#include <rdma/uverbs_ioctl.h>
40	#include <rdma/rdma_user_ioctl.h>
41	#include "uverbs.h"
42	#include "core_priv.h"
43	#include "rdma_core.h"
44
45	static void uverbs_uobject_free(struct kref *ref)
46	{
47	kfree_rcu(container_of(ref, struct ib_uobject, ref), rcu);
48	}
49
50	/*
51	* In order to indicate we no longer needs this uobject, uverbs_uobject_put
52	* is called. When the reference count is decreased, the uobject is freed.
53	* For example, this is used when attaching a completion channel to a CQ.
54	*/
55	void uverbs_uobject_put(struct ib_uobject *uobject)
56	{
57	kref_put(kref: &uobject->ref, release: uverbs_uobject_free);
58	}
59	EXPORT_SYMBOL(uverbs_uobject_put);
60
61	static int uverbs_try_lock_object(struct ib_uobject *uobj,
62	enum rdma_lookup_mode mode)
63	{
64	/*
65	* When a shared access is required, we use a positive counter. Each
66	* shared access request checks that the value != -1 and increment it.
67	* Exclusive access is required for operations like write or destroy.
68	* In exclusive access mode, we check that the counter is zero (nobody
69	* claimed this object) and we set it to -1. Releasing a shared access
70	* lock is done simply by decreasing the counter. As for exclusive
71	* access locks, since only a single one of them is allowed
72	* concurrently, setting the counter to zero is enough for releasing
73	* this lock.
74	*/
75	switch (mode) {
76	case UVERBS_LOOKUP_READ:
77	return atomic_fetch_add_unless(v: &uobj->usecnt, a: `1`, u: -`1`) == -`1` ?
78	-EBUSY : `0`;
79	case UVERBS_LOOKUP_WRITE:
80	/ lock is exclusive /
81	return atomic_cmpxchg(v: &uobj->usecnt, old: `0`, new: -`1`) == `0` ? `0` : -EBUSY;
82	case UVERBS_LOOKUP_DESTROY:
83	return `0`;
84	}
85	return `0`;
86	}
87
88	static void assert_uverbs_usecnt(struct ib_uobject *uobj,
89	enum rdma_lookup_mode mode)
90	{
91	#ifdef CONFIG_LOCKDEP
92	switch (mode) {
93	case UVERBS_LOOKUP_READ:
94	WARN_ON(atomic_read(&uobj->usecnt) <= `0`);
95	break;
96	case UVERBS_LOOKUP_WRITE:
97	WARN_ON(atomic_read(&uobj->usecnt) != -`1`);
98	break;
99	case UVERBS_LOOKUP_DESTROY:
100	break;
101	}
102	#endif
103	}
104
105	/*
106	* This must be called with the hw_destroy_rwsem locked for read or write,
107	* also the uobject itself must be locked for write.
108	*
109	* Upon return the HW object is guaranteed to be destroyed.
110	*
111	* For RDMA_REMOVE_ABORT, the hw_destroy_rwsem is not required to be held,
112	* however the type's allocat_commit function cannot have been called and the
113	* uobject cannot be on the uobjects_lists
114	*
115	* For RDMA_REMOVE_DESTROY the caller should be holding a kref (eg via
116	* rdma_lookup_get_uobject) and the object is left in a state where the caller
117	* needs to call rdma_lookup_put_uobject.
118	*
119	* For all other destroy modes this function internally unlocks the uobject
120	* and consumes the kref on the uobj.
121	*/
122	static int uverbs_destroy_uobject(struct ib_uobject *uobj,
123	enum rdma_remove_reason reason,
124	struct uverbs_attr_bundle *attrs)
125	{
126	struct ib_uverbs_file *ufile = attrs->ufile;
127	unsigned long flags;
128	int ret;
129
130	lockdep_assert_held(&ufile->hw_destroy_rwsem);
131	assert_uverbs_usecnt(uobj, mode: UVERBS_LOOKUP_WRITE);
132
133	if (reason == RDMA_REMOVE_ABORT) {
134	WARN_ON(!list_empty(&uobj->list));
135	WARN_ON(!uobj->context);
136	uobj->uapi_object->type_class->alloc_abort(uobj);
137	} else if (uobj->object) {
138	ret = uobj->uapi_object->type_class->destroy_hw(uobj, reason,
139	attrs);
140	if (ret)
141	/ Nothing to be done, wait till ucontext will clean it /
142	return ret;
143
144	uobj->object = NULL;
145	}
146
147	uobj->context = NULL;
148
149	/*
150	* For DESTROY the usecnt is not changed, the caller is expected to
151	* manage it via uobj_put_destroy(). Only DESTROY can remove the IDR
152	* handle.
153	*/
154	if (reason != RDMA_REMOVE_DESTROY)
155	atomic_set(v: &uobj->usecnt, i: `0`);
156	else
157	uobj->uapi_object->type_class->remove_handle(uobj);
158
159	if (!list_empty(head: &uobj->list)) {
160	spin_lock_irqsave(&ufile->uobjects_lock, flags);
161	list_del_init(entry: &uobj->list);
162	spin_unlock_irqrestore(lock: &ufile->uobjects_lock, flags);
163
164	/*
165	* Pairs with the get in rdma_alloc_commit_uobject(), could
166	* destroy uobj.
167	*/
168	uverbs_uobject_put(uobj);
169	}
170
171	/*
172	* When aborting the stack kref remains owned by the core code, and is
173	* not transferred into the type. Pairs with the get in alloc_uobj
174	*/
175	if (reason == RDMA_REMOVE_ABORT)
176	uverbs_uobject_put(uobj);
177
178	return `0`;
179	}
180
181	/*
182	* This calls uverbs_destroy_uobject() using the RDMA_REMOVE_DESTROY
183	* sequence. It should only be used from command callbacks. On success the
184	* caller must pair this with uobj_put_destroy(). This
185	* version requires the caller to have already obtained an
186	* LOOKUP_DESTROY uobject kref.
187	*/
188	int uobj_destroy(struct ib_uobject uobj, struct* uverbs_attr_bundle *attrs)
189	{
190	struct ib_uverbs_file *ufile = attrs->ufile;
191	int ret;
192
193	down_read(sem: &ufile->hw_destroy_rwsem);
194
195	/*
196	* Once the uobject is destroyed by RDMA_REMOVE_DESTROY then it is left
197	* write locked as the callers put it back with UVERBS_LOOKUP_DESTROY.
198	* This is because any other concurrent thread can still see the object
199	* in the xarray due to RCU. Leaving it locked ensures nothing else will
200	* touch it.
201	*/
202	ret = uverbs_try_lock_object(uobj, mode: UVERBS_LOOKUP_WRITE);
203	if (ret)
204	goto out_unlock;
205
206	ret = uverbs_destroy_uobject(uobj, reason: RDMA_REMOVE_DESTROY, attrs);
207	if (ret) {
208	atomic_set(v: &uobj->usecnt, i: `0`);
209	goto out_unlock;
210	}
211
212	out_unlock:
213	up_read(sem: &ufile->hw_destroy_rwsem);
214	return ret;
215	}
216
217	/*
218	* uobj_get_destroy destroys the HW object and returns a handle to the uobj
219	* with a NULL object pointer. The caller must pair this with
220	* uobj_put_destroy().
221	*/
222	struct ib_uobject __uobj_get_destroy(const* struct uverbs_api_object *obj,
223	u32 id, struct uverbs_attr_bundle *attrs)
224	{
225	struct ib_uobject *uobj;
226	int ret;
227
228	uobj = rdma_lookup_get_uobject(obj, ufile: attrs->ufile, id,
229	mode: UVERBS_LOOKUP_DESTROY, attrs);
230	if (IS_ERR(ptr: uobj))
231	return uobj;
232
233	ret = uobj_destroy(uobj, attrs);
234	if (ret) {
235	rdma_lookup_put_uobject(uobj, mode: UVERBS_LOOKUP_DESTROY);
236	return ERR_PTR(error: ret);
237	}
238
239	return uobj;
240	}
241
242	/*
243	* Does both uobj_get_destroy() and uobj_put_destroy(). Returns 0 on success
244	* (negative errno on failure). For use by callers that do not need the uobj.
245	*/
246	int __uobj_perform_destroy(const struct uverbs_api_object *obj, u32 id,
247	struct uverbs_attr_bundle *attrs)
248	{
249	struct ib_uobject *uobj;
250
251	uobj = __uobj_get_destroy(obj, id, attrs);
252	if (IS_ERR(ptr: uobj))
253	return PTR_ERR(ptr: uobj);
254	uobj_put_destroy(uobj);
255	return `0`;
256	}
257
258	/ alloc_uobj must be undone by uverbs_destroy_uobject() /
259	static struct ib_uobject alloc_uobj(struct* uverbs_attr_bundle *attrs,
260	const struct uverbs_api_object *obj)
261	{
262	struct ib_uverbs_file *ufile = attrs->ufile;
263	struct ib_uobject *uobj;
264
265	if (!attrs->context) {
266	struct ib_ucontext *ucontext =
267	ib_uverbs_get_ucontext_file(ufile);
268
269	if (IS_ERR(ptr: ucontext))
270	return ERR_CAST(ptr: ucontext);
271	attrs->context = ucontext;
272	}
273
274	uobj = kzalloc(size: obj->type_attrs->obj_size, GFP_KERNEL);
275	if (!uobj)
276	return ERR_PTR(error: -ENOMEM);
277	/*
278	* user_handle should be filled by the handler,
279	* The object is added to the list in the commit stage.
280	*/
281	uobj->ufile = ufile;
282	uobj->context = attrs->context;
283	INIT_LIST_HEAD(list: &uobj->list);
284	uobj->uapi_object = obj;
285	/*
286	* Allocated objects start out as write locked to deny any other
287	* syscalls from accessing them until they are committed. See
288	* rdma_alloc_commit_uobject
289	*/
290	atomic_set(v: &uobj->usecnt, i: -`1`);
291	kref_init(kref: &uobj->ref);
292
293	return uobj;
294	}
295
296	static int idr_add_uobj(struct ib_uobject *uobj)
297	{
298	/*
299	* We start with allocating an idr pointing to NULL. This represents an
300	* object which isn't initialized yet. We'll replace it later on with
301	* the real object once we commit.
302	*/
303	return xa_alloc(xa: &uobj->ufile->idr, id: &uobj->id, NULL, xa_limit_32b,
304	GFP_KERNEL);
305	}
306
307	/ Returns the ib_uobject or an error. The caller should check for IS_ERR. /
308	static struct ib_uobject *
309	lookup_get_idr_uobject(const struct uverbs_api_object *obj,
310	struct ib_uverbs_file *ufile, s64 id,
311	enum rdma_lookup_mode mode)
312	{
313	struct ib_uobject *uobj;
314
315	if (id < `0` \|\| id > ULONG_MAX)
316	return ERR_PTR(error: -EINVAL);
317
318	rcu_read_lock();
319	/*
320	* The idr_find is guaranteed to return a pointer to something that
321	* isn't freed yet, or NULL, as the free after idr_remove goes through
322	* kfree_rcu(). However the object may still have been released and
323	* kfree() could be called at any time.
324	*/
325	uobj = xa_load(&ufile->idr, index: id);
326	if (!uobj \|\| !kref_get_unless_zero(kref: &uobj->ref))
327	uobj = ERR_PTR(error: -ENOENT);
328	rcu_read_unlock();
329	return uobj;
330	}
331
332	static struct ib_uobject *
333	lookup_get_fd_uobject(const struct uverbs_api_object *obj,
334	struct ib_uverbs_file *ufile, s64 id,
335	enum rdma_lookup_mode mode)
336	{
337	const struct uverbs_obj_fd_type *fd_type;
338	struct file *f;
339	struct ib_uobject *uobject;
340	int fdno = id;
341
342	if (fdno != id)
343	return ERR_PTR(error: -EINVAL);
344
345	if (mode != UVERBS_LOOKUP_READ)
346	return ERR_PTR(error: -EOPNOTSUPP);
347
348	if (!obj->type_attrs)
349	return ERR_PTR(error: -EIO);
350	fd_type =
351	container_of(obj->type_attrs, struct uverbs_obj_fd_type, type);
352
353	f = fget(fd: fdno);
354	if (!f)
355	return ERR_PTR(error: -EBADF);
356
357	uobject = f->private_data;
358	/*
359	* fget(id) ensures we are not currently running
360	* uverbs_uobject_fd_release(), and the caller is expected to ensure
361	* that release is never done while a call to lookup is possible.
362	*/
363	if (f->f_op != fd_type->fops \|\| uobject->ufile != ufile) {
364	fput(f);
365	return ERR_PTR(error: -EBADF);
366	}
367
368	uverbs_uobject_get(uobject);
369	return uobject;
370	}
371
372	struct ib_uobject rdma_lookup_get_uobject(const* struct uverbs_api_object *obj,
373	struct ib_uverbs_file *ufile, s64 id,
374	enum rdma_lookup_mode mode,
375	struct uverbs_attr_bundle *attrs)
376	{
377	struct ib_uobject *uobj;
378	int ret;
379
380	if (obj == ERR_PTR(error: -ENOMSG)) {
381	/ must be UVERBS_IDR_ANY_OBJECT, see uapi_get_object() /
382	uobj = lookup_get_idr_uobject(NULL, ufile, id, mode);
383	if (IS_ERR(ptr: uobj))
384	return uobj;
385	} else {
386	if (IS_ERR(ptr: obj))
387	return ERR_PTR(error: -EINVAL);
388
389	uobj = obj->type_class->lookup_get(obj, ufile, id, mode);
390	if (IS_ERR(ptr: uobj))
391	return uobj;
392
393	if (uobj->uapi_object != obj) {
394	ret = -EINVAL;
395	goto free;
396	}
397	}
398
399	/*
400	* If we have been disassociated block every command except for
401	* DESTROY based commands.
402	*/
403	if (mode != UVERBS_LOOKUP_DESTROY &&
404	!srcu_dereference(ufile->device->ib_dev,
405	&ufile->device->disassociate_srcu)) {
406	ret = -EIO;
407	goto free;
408	}
409
410	ret = uverbs_try_lock_object(uobj, mode);
411	if (ret)
412	goto free;
413	if (attrs)
414	attrs->context = uobj->context;
415
416	return uobj;
417	free:
418	uobj->uapi_object->type_class->lookup_put(uobj, mode);
419	uverbs_uobject_put(uobj);
420	return ERR_PTR(error: ret);
421	}
422
423	static struct ib_uobject *
424	alloc_begin_idr_uobject(const struct uverbs_api_object *obj,
425	struct uverbs_attr_bundle *attrs)
426	{
427	int ret;
428	struct ib_uobject *uobj;
429
430	uobj = alloc_uobj(attrs, obj);
431	if (IS_ERR(ptr: uobj))
432	return uobj;
433
434	ret = idr_add_uobj(uobj);
435	if (ret)
436	goto uobj_put;
437
438	ret = ib_rdmacg_try_charge(cg_obj: &uobj->cg_obj, device: uobj->context->device,
439	resource_index: RDMACG_RESOURCE_HCA_OBJECT);
440	if (ret)
441	goto remove;
442
443	return uobj;
444
445	remove:
446	xa_erase(&attrs->ufile->idr, index: uobj->id);
447	uobj_put:
448	uverbs_uobject_put(uobj);
449	return ERR_PTR(error: ret);
450	}
451
452	static struct ib_uobject *
453	alloc_begin_fd_uobject(const struct uverbs_api_object *obj,
454	struct uverbs_attr_bundle *attrs)
455	{
456	const struct uverbs_obj_fd_type *fd_type;
457	int new_fd;
458	struct ib_uobject uobj, ret;
459	struct file *filp;
460
461	uobj = alloc_uobj(attrs, obj);
462	if (IS_ERR(ptr: uobj))
463	return uobj;
464
465	fd_type =
466	container_of(obj->type_attrs, struct uverbs_obj_fd_type, type);
467	if (WARN_ON(fd_type->fops->release != &uverbs_uobject_fd_release &&
468	fd_type->fops->release != &uverbs_async_event_release)) {
469	ret = ERR_PTR(error: -EINVAL);
470	goto err_fd;
471	}
472
473	new_fd = get_unused_fd_flags(O_CLOEXEC);
474	if (new_fd < `0`) {
475	ret = ERR_PTR(error: new_fd);
476	goto err_fd;
477	}
478
479	/ Note that uverbs_uobject_fd_release() is called during abort /
480	filp = anon_inode_getfile(name: fd_type->name, fops: fd_type->fops, NULL,
481	flags: fd_type->flags);
482	if (IS_ERR(ptr: filp)) {
483	ret = ERR_CAST(ptr: filp);
484	goto err_getfile;
485	}
486	uobj->object = filp;
487
488	uobj->id = new_fd;
489	return uobj;
490
491	err_getfile:
492	put_unused_fd(fd: new_fd);
493	err_fd:
494	uverbs_uobject_put(uobj);
495	return ret;
496	}
497
498	struct ib_uobject rdma_alloc_begin_uobject(const* struct uverbs_api_object *obj,
499	struct uverbs_attr_bundle *attrs)
500	{
501	struct ib_uverbs_file *ufile = attrs->ufile;
502	struct ib_uobject *ret;
503
504	if (IS_ERR(ptr: obj))
505	return ERR_PTR(error: -EINVAL);
506
507	/*
508	* The hw_destroy_rwsem is held across the entire object creation and
509	* released during rdma_alloc_commit_uobject or
510	* rdma_alloc_abort_uobject
511	*/
512	if (!down_read_trylock(sem: &ufile->hw_destroy_rwsem))
513	return ERR_PTR(error: -EIO);
514
515	ret = obj->type_class->alloc_begin(obj, attrs);
516	if (IS_ERR(ptr: ret)) {
517	up_read(sem: &ufile->hw_destroy_rwsem);
518	return ret;
519	}
520	return ret;
521	}
522
523	static void alloc_abort_idr_uobject(struct ib_uobject *uobj)
524	{
525	ib_rdmacg_uncharge(cg_obj: &uobj->cg_obj, device: uobj->context->device,
526	resource_index: RDMACG_RESOURCE_HCA_OBJECT);
527
528	xa_erase(&uobj->ufile->idr, index: uobj->id);
529	}
530
531	static int __must_check destroy_hw_idr_uobject(struct ib_uobject *uobj,
532	enum rdma_remove_reason why,
533	struct uverbs_attr_bundle *attrs)
534	{
535	const struct uverbs_obj_idr_type *idr_type =
536	container_of(uobj->uapi_object->type_attrs,
537	struct uverbs_obj_idr_type, type);
538	int ret = idr_type->destroy_object(uobj, why, attrs);
539
540	if (ret)
541	return ret;
542
543	if (why == RDMA_REMOVE_ABORT)
544	return `0`;
545
546	ib_rdmacg_uncharge(cg_obj: &uobj->cg_obj, device: uobj->context->device,
547	resource_index: RDMACG_RESOURCE_HCA_OBJECT);
548
549	return `0`;
550	}
551
552	static void remove_handle_idr_uobject(struct ib_uobject *uobj)
553	{
554	xa_erase(&uobj->ufile->idr, index: uobj->id);
555	/ Matches the kref in alloc_commit_idr_uobject /
556	uverbs_uobject_put(uobj);
557	}
558
559	static void alloc_abort_fd_uobject(struct ib_uobject *uobj)
560	{
561	struct file *filp = uobj->object;
562
563	fput(filp);
564	put_unused_fd(fd: uobj->id);
565	}
566
567	static int __must_check destroy_hw_fd_uobject(struct ib_uobject *uobj,
568	enum rdma_remove_reason why,
569	struct uverbs_attr_bundle *attrs)
570	{
571	const struct uverbs_obj_fd_type *fd_type = container_of(
572	uobj->uapi_object->type_attrs, struct uverbs_obj_fd_type, type);
573
574	fd_type->destroy_object(uobj, why);
575	return `0`;
576	}
577
578	static void remove_handle_fd_uobject(struct ib_uobject *uobj)
579	{
580	}
581
582	static void alloc_commit_idr_uobject(struct ib_uobject *uobj)
583	{
584	struct ib_uverbs_file *ufile = uobj->ufile;
585	void *old;
586
587	/*
588	* We already allocated this IDR with a NULL object, so
589	* this shouldn't fail.
590	*
591	* NOTE: Storing the uobj transfers our kref on uobj to the XArray.
592	* It will be put by remove_commit_idr_uobject()
593	*/
594	old = xa_store(&ufile->idr, index: uobj->id, entry: uobj, GFP_KERNEL);
595	WARN_ON(old != NULL);
596	}
597
598	static void swap_idr_uobjects(struct ib_uobject *obj_old,
599	struct ib_uobject *obj_new)
600	{
601	struct ib_uverbs_file *ufile = obj_old->ufile;
602	void *old;
603
604	/*
605	* New must be an object that been allocated but not yet committed, this
606	* moves the pre-committed state to obj_old, new still must be comitted.
607	*/
608	old = xa_cmpxchg(xa: &ufile->idr, index: obj_old->id, old: obj_old, XA_ZERO_ENTRY,
609	GFP_KERNEL);
610	if (WARN_ON(old != obj_old))
611	return;
612
613	swap(obj_old->id, obj_new->id);
614
615	old = xa_cmpxchg(xa: &ufile->idr, index: obj_old->id, NULL, entry: obj_old, GFP_KERNEL);
616	WARN_ON(old != NULL);
617	}
618
619	static void alloc_commit_fd_uobject(struct ib_uobject *uobj)
620	{
621	int fd = uobj->id;
622	struct file *filp = uobj->object;
623
624	/ Matching put will be done in uverbs_uobject_fd_release() /
625	kref_get(kref: &uobj->ufile->ref);
626
627	/ This shouldn't be used anymore. Use the file object instead /
628	uobj->id = `0`;
629
630	/*
631	* NOTE: Once we install the file we loose ownership of our kref on
632	* uobj. It will be put by uverbs_uobject_fd_release()
633	*/
634	filp->private_data = uobj;
635	fd_install(fd, file: filp);
636	}
637
638	/*
639	* In all cases rdma_alloc_commit_uobject() consumes the kref to uobj and the
640	* caller can no longer assume uobj is valid. If this function fails it
641	* destroys the uboject, including the attached HW object.
642	*/
643	void rdma_alloc_commit_uobject(struct ib_uobject *uobj,
644	struct uverbs_attr_bundle *attrs)
645	{
646	struct ib_uverbs_file *ufile = attrs->ufile;
647
648	/ kref is held so long as the uobj is on the uobj list. /
649	uverbs_uobject_get(uobject: uobj);
650	spin_lock_irq(lock: &ufile->uobjects_lock);
651	list_add(new: &uobj->list, head: &ufile->uobjects);
652	spin_unlock_irq(lock: &ufile->uobjects_lock);
653
654	/ matches atomic_set(-1) in alloc_uobj /
655	atomic_set(v: &uobj->usecnt, i: `0`);
656
657	/ alloc_commit consumes the uobj kref /
658	uobj->uapi_object->type_class->alloc_commit(uobj);
659
660	/ Matches the down_read in rdma_alloc_begin_uobject /
661	up_read(sem: &ufile->hw_destroy_rwsem);
662	}
663
664	/*
665	* new_uobj will be assigned to the handle currently used by to_uobj, and
666	* to_uobj will be destroyed.
667	*
668	* Upon return the caller must do:
669	* rdma_alloc_commit_uobject(new_uobj)
670	* uobj_put_destroy(to_uobj)
671	*
672	* to_uobj must have a write get but the put mode switches to destroy once
673	* this is called.
674	*/
675	void rdma_assign_uobject(struct ib_uobject to_uobj, struct* ib_uobject *new_uobj,
676	struct uverbs_attr_bundle *attrs)
677	{
678	assert_uverbs_usecnt(uobj: new_uobj, mode: UVERBS_LOOKUP_WRITE);
679
680	if (WARN_ON(to_uobj->uapi_object != new_uobj->uapi_object \|\|
681	!to_uobj->uapi_object->type_class->swap_uobjects))
682	return;
683
684	to_uobj->uapi_object->type_class->swap_uobjects(to_uobj, new_uobj);
685
686	/*
687	* If this fails then the uobject is still completely valid (though with
688	* a new ID) and we leak it until context close.
689	*/
690	uverbs_destroy_uobject(uobj: to_uobj, reason: RDMA_REMOVE_DESTROY, attrs);
691	}
692
693	/*
694	* This consumes the kref for uobj. It is up to the caller to unwind the HW
695	* object and anything else connected to uobj before calling this.
696	*/
697	void rdma_alloc_abort_uobject(struct ib_uobject *uobj,
698	struct uverbs_attr_bundle *attrs,
699	bool hw_obj_valid)
700	{
701	struct ib_uverbs_file *ufile = uobj->ufile;
702	int ret;
703
704	if (hw_obj_valid) {
705	ret = uobj->uapi_object->type_class->destroy_hw(
706	uobj, RDMA_REMOVE_ABORT, attrs);
707	/*
708	* If the driver couldn't destroy the object then go ahead and
709	* commit it. Leaking objects that can't be destroyed is only
710	* done during FD close after the driver has a few more tries to
711	* destroy it.
712	*/
713	if (WARN_ON(ret))
714	return rdma_alloc_commit_uobject(uobj, attrs);
715	}
716
717	uverbs_destroy_uobject(uobj, reason: RDMA_REMOVE_ABORT, attrs);
718
719	/ Matches the down_read in rdma_alloc_begin_uobject /
720	up_read(sem: &ufile->hw_destroy_rwsem);
721	}
722
723	static void lookup_put_idr_uobject(struct ib_uobject *uobj,
724	enum rdma_lookup_mode mode)
725	{
726	}
727
728	static void lookup_put_fd_uobject(struct ib_uobject *uobj,
729	enum rdma_lookup_mode mode)
730	{
731	struct file *filp = uobj->object;
732
733	WARN_ON(mode != UVERBS_LOOKUP_READ);
734	/*
735	* This indirectly calls uverbs_uobject_fd_release() and free the
736	* object
737	*/
738	fput(filp);
739	}
740
741	void rdma_lookup_put_uobject(struct ib_uobject *uobj,
742	enum rdma_lookup_mode mode)
743	{
744	assert_uverbs_usecnt(uobj, mode);
745	/*
746	* In order to unlock an object, either decrease its usecnt for
747	* read access or zero it in case of exclusive access. See
748	* uverbs_try_lock_object for locking schema information.
749	*/
750	switch (mode) {
751	case UVERBS_LOOKUP_READ:
752	atomic_dec(v: &uobj->usecnt);
753	break;
754	case UVERBS_LOOKUP_WRITE:
755	atomic_set(v: &uobj->usecnt, i: `0`);
756	break;
757	case UVERBS_LOOKUP_DESTROY:
758	break;
759	}
760
761	uobj->uapi_object->type_class->lookup_put(uobj, mode);
762	/ Pairs with the kref obtained by type->lookup_get /
763	uverbs_uobject_put(uobj);
764	}
765
766	void setup_ufile_idr_uobject(struct ib_uverbs_file *ufile)
767	{
768	xa_init_flags(xa: &ufile->idr, XA_FLAGS_ALLOC);
769	}
770
771	void release_ufile_idr_uobject(struct ib_uverbs_file *ufile)
772	{
773	struct ib_uobject *entry;
774	unsigned long id;
775
776	/*
777	* At this point uverbs_cleanup_ufile() is guaranteed to have run, and
778	* there are no HW objects left, however the xarray is still populated
779	* with anything that has not been cleaned up by userspace. Since the
780	* kref on ufile is 0, nothing is allowed to call lookup_get.
781	*
782	* This is an optimized equivalent to remove_handle_idr_uobject
783	*/
784	xa_for_each(&ufile->idr, id, entry) {
785	WARN_ON(entry->object);
786	uverbs_uobject_put(entry);
787	}
788
789	xa_destroy(&ufile->idr);
790	}
791
792	const struct uverbs_obj_type_class uverbs_idr_class = {
793	.alloc_begin = alloc_begin_idr_uobject,
794	.lookup_get = lookup_get_idr_uobject,
795	.alloc_commit = alloc_commit_idr_uobject,
796	.alloc_abort = alloc_abort_idr_uobject,
797	.lookup_put = lookup_put_idr_uobject,
798	.destroy_hw = destroy_hw_idr_uobject,
799	.remove_handle = remove_handle_idr_uobject,
800	.swap_uobjects = swap_idr_uobjects,
801	};
802	EXPORT_SYMBOL(uverbs_idr_class);
803
804	/*
805	* Users of UVERBS_TYPE_ALLOC_FD should set this function as the struct
806	* file_operations release method.
807	*/
808	int uverbs_uobject_fd_release(struct inode inode, struct* file *filp)
809	{
810	struct ib_uverbs_file *ufile;
811	struct ib_uobject *uobj;
812
813	/*
814	* This can only happen if the fput came from alloc_abort_fd_uobject()
815	*/
816	if (!filp->private_data)
817	return `0`;
818	uobj = filp->private_data;
819	ufile = uobj->ufile;
820
821	if (down_read_trylock(sem: &ufile->hw_destroy_rwsem)) {
822	struct uverbs_attr_bundle attrs = {
823	.context = uobj->context,
824	.ufile = ufile,
825	};
826
827	/*
828	* lookup_get_fd_uobject holds the kref on the struct file any
829	* time a FD uobj is locked, which prevents this release
830	* method from being invoked. Meaning we can always get the
831	* write lock here, or we have a kernel bug.
832	*/
833	WARN_ON(uverbs_try_lock_object(uobj, UVERBS_LOOKUP_WRITE));
834	uverbs_destroy_uobject(uobj, reason: RDMA_REMOVE_CLOSE, attrs: &attrs);
835	up_read(sem: &ufile->hw_destroy_rwsem);
836	}
837
838	/ Matches the get in alloc_commit_fd_uobject() /
839	kref_put(kref: &ufile->ref, release: ib_uverbs_release_file);
840
841	/ Pairs with filp->private_data in alloc_begin_fd_uobject /
842	uverbs_uobject_put(uobj);
843	return `0`;
844	}
845	EXPORT_SYMBOL(uverbs_uobject_fd_release);
846
847	/*
848	* Drop the ucontext off the ufile and completely disconnect it from the
849	* ib_device
850	*/
851	static void ufile_destroy_ucontext(struct ib_uverbs_file *ufile,
852	enum rdma_remove_reason reason)
853	{
854	struct ib_ucontext *ucontext = ufile->ucontext;
855	struct ib_device *ib_dev = ucontext->device;
856
857	/*
858	* If we are closing the FD then the user mmap VMAs must have
859	* already been destroyed as they hold on to the filep, otherwise
860	* they need to be zap'd.
861	*/
862	if (reason == RDMA_REMOVE_DRIVER_REMOVE) {
863	uverbs_user_mmap_disassociate(ufile);
864	if (ib_dev->ops.disassociate_ucontext)
865	ib_dev->ops.disassociate_ucontext(ucontext);
866	}
867
868	ib_rdmacg_uncharge(cg_obj: &ucontext->cg_obj, device: ib_dev,
869	resource_index: RDMACG_RESOURCE_HCA_HANDLE);
870
871	rdma_restrack_del(res: &ucontext->res);
872
873	ib_dev->ops.dealloc_ucontext(ucontext);
874	WARN_ON(!xa_empty(&ucontext->mmap_xa));
875	kfree(objp: ucontext);
876
877	ufile->ucontext = NULL;
878	}
879
880	static int __uverbs_cleanup_ufile(struct ib_uverbs_file *ufile,
881	enum rdma_remove_reason reason)
882	{
883	struct ib_uobject obj, next_obj;
884	int ret = -EINVAL;
885	struct uverbs_attr_bundle attrs = { .ufile = ufile };
886
887	/*
888	* This shouldn't run while executing other commands on this
889	* context. Thus, the only thing we should take care of is
890	* releasing a FD while traversing this list. The FD could be
891	* closed and released from the _release fop of this FD.
892	* In order to mitigate this, we add a lock.
893	* We take and release the lock per traversal in order to let
894	* other threads (which might still use the FDs) chance to run.
895	*/
896	list_for_each_entry_safe(obj, next_obj, &ufile->uobjects, list) {
897	attrs.context = obj->context;
898	/*
899	* if we hit this WARN_ON, that means we are
900	* racing with a lookup_get.
901	*/
902	WARN_ON(uverbs_try_lock_object(obj, UVERBS_LOOKUP_WRITE));
903	if (reason == RDMA_REMOVE_DRIVER_FAILURE)
904	obj->object = NULL;
905	if (!uverbs_destroy_uobject(uobj: obj, reason, attrs: &attrs))
906	ret = `0`;
907	else
908	atomic_set(v: &obj->usecnt, i: `0`);
909	}
910
911	if (reason == RDMA_REMOVE_DRIVER_FAILURE) {
912	WARN_ON(!list_empty(&ufile->uobjects));
913	return `0`;
914	}
915	return ret;
916	}
917
918	/*
919	* Destroy the ucontext and every uobject associated with it.
920	*
921	* This is internally locked and can be called in parallel from multiple
922	* contexts.
923	*/
924	void uverbs_destroy_ufile_hw(struct ib_uverbs_file *ufile,
925	enum rdma_remove_reason reason)
926	{
927	down_write(sem: &ufile->hw_destroy_rwsem);
928
929	/*
930	* If a ucontext was never created then we can't have any uobjects to
931	* cleanup, nothing to do.
932	*/
933	if (!ufile->ucontext)
934	goto done;
935
936	while (!list_empty(head: &ufile->uobjects) &&
937	!__uverbs_cleanup_ufile(ufile, reason)) {
938	}
939
940	if (WARN_ON(!list_empty(&ufile->uobjects)))
941	__uverbs_cleanup_ufile(ufile, reason: RDMA_REMOVE_DRIVER_FAILURE);
942	ufile_destroy_ucontext(ufile, reason);
943
944	done:
945	up_write(sem: &ufile->hw_destroy_rwsem);
946	}
947
948	const struct uverbs_obj_type_class uverbs_fd_class = {
949	.alloc_begin = alloc_begin_fd_uobject,
950	.lookup_get = lookup_get_fd_uobject,
951	.alloc_commit = alloc_commit_fd_uobject,
952	.alloc_abort = alloc_abort_fd_uobject,
953	.lookup_put = lookup_put_fd_uobject,
954	.destroy_hw = destroy_hw_fd_uobject,
955	.remove_handle = remove_handle_fd_uobject,
956	};
957	EXPORT_SYMBOL(uverbs_fd_class);
958
959	struct ib_uobject *
960	uverbs_get_uobject_from_file(u16 object_id, enum uverbs_obj_access access,
961	s64 id, struct uverbs_attr_bundle *attrs)
962	{
963	const struct uverbs_api_object *obj =
964	uapi_get_object(uapi: attrs->ufile->device->uapi, object_id);
965
966	switch (access) {
967	case UVERBS_ACCESS_READ:
968	return rdma_lookup_get_uobject(obj, ufile: attrs->ufile, id,
969	mode: UVERBS_LOOKUP_READ, attrs);
970	case UVERBS_ACCESS_DESTROY:
971	/ Actual destruction is done inside uverbs_handle_method /
972	return rdma_lookup_get_uobject(obj, ufile: attrs->ufile, id,
973	mode: UVERBS_LOOKUP_DESTROY, attrs);
974	case UVERBS_ACCESS_WRITE:
975	return rdma_lookup_get_uobject(obj, ufile: attrs->ufile, id,
976	mode: UVERBS_LOOKUP_WRITE, attrs);
977	case UVERBS_ACCESS_NEW:
978	return rdma_alloc_begin_uobject(obj, attrs);
979	default:
980	WARN_ON(true);
981	return ERR_PTR(error: -EOPNOTSUPP);
982	}
983	}
984
985	void uverbs_finalize_object(struct ib_uobject *uobj,
986	enum uverbs_obj_access access, bool hw_obj_valid,
987	bool commit, struct uverbs_attr_bundle *attrs)
988	{
989	/*
990	* refcounts should be handled at the object level and not at the
991	* uobject level. Refcounts of the objects themselves are done in
992	* handlers.
993	*/
994
995	switch (access) {
996	case UVERBS_ACCESS_READ:
997	rdma_lookup_put_uobject(uobj, mode: UVERBS_LOOKUP_READ);
998	break;
999	case UVERBS_ACCESS_WRITE:
1000	rdma_lookup_put_uobject(uobj, mode: UVERBS_LOOKUP_WRITE);
1001	break;
1002	case UVERBS_ACCESS_DESTROY:
1003	if (uobj)
1004	rdma_lookup_put_uobject(uobj, mode: UVERBS_LOOKUP_DESTROY);
1005	break;
1006	case UVERBS_ACCESS_NEW:
1007	if (commit)
1008	rdma_alloc_commit_uobject(uobj, attrs);
1009	else
1010	rdma_alloc_abort_uobject(uobj, attrs, hw_obj_valid);
1011	break;
1012	default:
1013	WARN_ON(true);
1014	}
1015	}
1016

source code of linux/drivers/infiniband/core/rdma_core.c