1 | /* |
2 | * Copyright (c) 2016, Mellanox Technologies inc. All rights reserved. |
3 | * |
4 | * This software is available to you under a choice of one of two |
5 | * licenses. You may choose to be licensed under the terms of the GNU |
6 | * General Public License (GPL) Version 2, available from the file |
7 | * COPYING in the main directory of this source tree, or the |
8 | * OpenIB.org BSD license below: |
9 | * |
10 | * Redistribution and use in source and binary forms, with or |
11 | * without modification, are permitted provided that the following |
12 | * conditions are met: |
13 | * |
14 | * - Redistributions of source code must retain the above |
15 | * copyright notice, this list of conditions and the following |
16 | * disclaimer. |
17 | * |
18 | * - Redistributions in binary form must reproduce the above |
19 | * copyright notice, this list of conditions and the following |
20 | * disclaimer in the documentation and/or other materials |
21 | * provided with the distribution. |
22 | * |
23 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
24 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
25 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
26 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
27 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
28 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
29 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
30 | * SOFTWARE. |
31 | */ |
32 | |
33 | #include <linux/file.h> |
34 | #include <linux/anon_inodes.h> |
35 | #include <linux/sched/mm.h> |
36 | #include <rdma/ib_verbs.h> |
37 | #include <rdma/uverbs_types.h> |
38 | #include <linux/rcupdate.h> |
39 | #include <rdma/uverbs_ioctl.h> |
40 | #include <rdma/rdma_user_ioctl.h> |
41 | #include "uverbs.h" |
42 | #include "core_priv.h" |
43 | #include "rdma_core.h" |
44 | |
45 | static void uverbs_uobject_free(struct kref *ref) |
46 | { |
47 | kfree_rcu(container_of(ref, struct ib_uobject, ref), rcu); |
48 | } |
49 | |
50 | /* |
51 | * In order to indicate we no longer needs this uobject, uverbs_uobject_put |
52 | * is called. When the reference count is decreased, the uobject is freed. |
53 | * For example, this is used when attaching a completion channel to a CQ. |
54 | */ |
55 | void uverbs_uobject_put(struct ib_uobject *uobject) |
56 | { |
57 | kref_put(kref: &uobject->ref, release: uverbs_uobject_free); |
58 | } |
59 | EXPORT_SYMBOL(uverbs_uobject_put); |
60 | |
61 | static int uverbs_try_lock_object(struct ib_uobject *uobj, |
62 | enum rdma_lookup_mode mode) |
63 | { |
64 | /* |
65 | * When a shared access is required, we use a positive counter. Each |
66 | * shared access request checks that the value != -1 and increment it. |
67 | * Exclusive access is required for operations like write or destroy. |
68 | * In exclusive access mode, we check that the counter is zero (nobody |
69 | * claimed this object) and we set it to -1. Releasing a shared access |
70 | * lock is done simply by decreasing the counter. As for exclusive |
71 | * access locks, since only a single one of them is allowed |
72 | * concurrently, setting the counter to zero is enough for releasing |
73 | * this lock. |
74 | */ |
75 | switch (mode) { |
76 | case UVERBS_LOOKUP_READ: |
77 | return atomic_fetch_add_unless(v: &uobj->usecnt, a: 1, u: -1) == -1 ? |
78 | -EBUSY : 0; |
79 | case UVERBS_LOOKUP_WRITE: |
80 | /* lock is exclusive */ |
81 | return atomic_cmpxchg(v: &uobj->usecnt, old: 0, new: -1) == 0 ? 0 : -EBUSY; |
82 | case UVERBS_LOOKUP_DESTROY: |
83 | return 0; |
84 | } |
85 | return 0; |
86 | } |
87 | |
88 | static void assert_uverbs_usecnt(struct ib_uobject *uobj, |
89 | enum rdma_lookup_mode mode) |
90 | { |
91 | #ifdef CONFIG_LOCKDEP |
92 | switch (mode) { |
93 | case UVERBS_LOOKUP_READ: |
94 | WARN_ON(atomic_read(&uobj->usecnt) <= 0); |
95 | break; |
96 | case UVERBS_LOOKUP_WRITE: |
97 | WARN_ON(atomic_read(&uobj->usecnt) != -1); |
98 | break; |
99 | case UVERBS_LOOKUP_DESTROY: |
100 | break; |
101 | } |
102 | #endif |
103 | } |
104 | |
105 | /* |
106 | * This must be called with the hw_destroy_rwsem locked for read or write, |
107 | * also the uobject itself must be locked for write. |
108 | * |
109 | * Upon return the HW object is guaranteed to be destroyed. |
110 | * |
111 | * For RDMA_REMOVE_ABORT, the hw_destroy_rwsem is not required to be held, |
112 | * however the type's allocat_commit function cannot have been called and the |
113 | * uobject cannot be on the uobjects_lists |
114 | * |
115 | * For RDMA_REMOVE_DESTROY the caller should be holding a kref (eg via |
116 | * rdma_lookup_get_uobject) and the object is left in a state where the caller |
117 | * needs to call rdma_lookup_put_uobject. |
118 | * |
119 | * For all other destroy modes this function internally unlocks the uobject |
120 | * and consumes the kref on the uobj. |
121 | */ |
122 | static int uverbs_destroy_uobject(struct ib_uobject *uobj, |
123 | enum rdma_remove_reason reason, |
124 | struct uverbs_attr_bundle *attrs) |
125 | { |
126 | struct ib_uverbs_file *ufile = attrs->ufile; |
127 | unsigned long flags; |
128 | int ret; |
129 | |
130 | lockdep_assert_held(&ufile->hw_destroy_rwsem); |
131 | assert_uverbs_usecnt(uobj, mode: UVERBS_LOOKUP_WRITE); |
132 | |
133 | if (reason == RDMA_REMOVE_ABORT) { |
134 | WARN_ON(!list_empty(&uobj->list)); |
135 | WARN_ON(!uobj->context); |
136 | uobj->uapi_object->type_class->alloc_abort(uobj); |
137 | } else if (uobj->object) { |
138 | ret = uobj->uapi_object->type_class->destroy_hw(uobj, reason, |
139 | attrs); |
140 | if (ret) |
141 | /* Nothing to be done, wait till ucontext will clean it */ |
142 | return ret; |
143 | |
144 | uobj->object = NULL; |
145 | } |
146 | |
147 | uobj->context = NULL; |
148 | |
149 | /* |
150 | * For DESTROY the usecnt is not changed, the caller is expected to |
151 | * manage it via uobj_put_destroy(). Only DESTROY can remove the IDR |
152 | * handle. |
153 | */ |
154 | if (reason != RDMA_REMOVE_DESTROY) |
155 | atomic_set(v: &uobj->usecnt, i: 0); |
156 | else |
157 | uobj->uapi_object->type_class->remove_handle(uobj); |
158 | |
159 | if (!list_empty(head: &uobj->list)) { |
160 | spin_lock_irqsave(&ufile->uobjects_lock, flags); |
161 | list_del_init(entry: &uobj->list); |
162 | spin_unlock_irqrestore(lock: &ufile->uobjects_lock, flags); |
163 | |
164 | /* |
165 | * Pairs with the get in rdma_alloc_commit_uobject(), could |
166 | * destroy uobj. |
167 | */ |
168 | uverbs_uobject_put(uobj); |
169 | } |
170 | |
171 | /* |
172 | * When aborting the stack kref remains owned by the core code, and is |
173 | * not transferred into the type. Pairs with the get in alloc_uobj |
174 | */ |
175 | if (reason == RDMA_REMOVE_ABORT) |
176 | uverbs_uobject_put(uobj); |
177 | |
178 | return 0; |
179 | } |
180 | |
181 | /* |
182 | * This calls uverbs_destroy_uobject() using the RDMA_REMOVE_DESTROY |
183 | * sequence. It should only be used from command callbacks. On success the |
184 | * caller must pair this with uobj_put_destroy(). This |
185 | * version requires the caller to have already obtained an |
186 | * LOOKUP_DESTROY uobject kref. |
187 | */ |
188 | int uobj_destroy(struct ib_uobject *uobj, struct uverbs_attr_bundle *attrs) |
189 | { |
190 | struct ib_uverbs_file *ufile = attrs->ufile; |
191 | int ret; |
192 | |
193 | down_read(sem: &ufile->hw_destroy_rwsem); |
194 | |
195 | /* |
196 | * Once the uobject is destroyed by RDMA_REMOVE_DESTROY then it is left |
197 | * write locked as the callers put it back with UVERBS_LOOKUP_DESTROY. |
198 | * This is because any other concurrent thread can still see the object |
199 | * in the xarray due to RCU. Leaving it locked ensures nothing else will |
200 | * touch it. |
201 | */ |
202 | ret = uverbs_try_lock_object(uobj, mode: UVERBS_LOOKUP_WRITE); |
203 | if (ret) |
204 | goto out_unlock; |
205 | |
206 | ret = uverbs_destroy_uobject(uobj, reason: RDMA_REMOVE_DESTROY, attrs); |
207 | if (ret) { |
208 | atomic_set(v: &uobj->usecnt, i: 0); |
209 | goto out_unlock; |
210 | } |
211 | |
212 | out_unlock: |
213 | up_read(sem: &ufile->hw_destroy_rwsem); |
214 | return ret; |
215 | } |
216 | |
217 | /* |
218 | * uobj_get_destroy destroys the HW object and returns a handle to the uobj |
219 | * with a NULL object pointer. The caller must pair this with |
220 | * uobj_put_destroy(). |
221 | */ |
222 | struct ib_uobject *__uobj_get_destroy(const struct uverbs_api_object *obj, |
223 | u32 id, struct uverbs_attr_bundle *attrs) |
224 | { |
225 | struct ib_uobject *uobj; |
226 | int ret; |
227 | |
228 | uobj = rdma_lookup_get_uobject(obj, ufile: attrs->ufile, id, |
229 | mode: UVERBS_LOOKUP_DESTROY, attrs); |
230 | if (IS_ERR(ptr: uobj)) |
231 | return uobj; |
232 | |
233 | ret = uobj_destroy(uobj, attrs); |
234 | if (ret) { |
235 | rdma_lookup_put_uobject(uobj, mode: UVERBS_LOOKUP_DESTROY); |
236 | return ERR_PTR(error: ret); |
237 | } |
238 | |
239 | return uobj; |
240 | } |
241 | |
242 | /* |
243 | * Does both uobj_get_destroy() and uobj_put_destroy(). Returns 0 on success |
244 | * (negative errno on failure). For use by callers that do not need the uobj. |
245 | */ |
246 | int __uobj_perform_destroy(const struct uverbs_api_object *obj, u32 id, |
247 | struct uverbs_attr_bundle *attrs) |
248 | { |
249 | struct ib_uobject *uobj; |
250 | |
251 | uobj = __uobj_get_destroy(obj, id, attrs); |
252 | if (IS_ERR(ptr: uobj)) |
253 | return PTR_ERR(ptr: uobj); |
254 | uobj_put_destroy(uobj); |
255 | return 0; |
256 | } |
257 | |
258 | /* alloc_uobj must be undone by uverbs_destroy_uobject() */ |
259 | static struct ib_uobject *alloc_uobj(struct uverbs_attr_bundle *attrs, |
260 | const struct uverbs_api_object *obj) |
261 | { |
262 | struct ib_uverbs_file *ufile = attrs->ufile; |
263 | struct ib_uobject *uobj; |
264 | |
265 | if (!attrs->context) { |
266 | struct ib_ucontext *ucontext = |
267 | ib_uverbs_get_ucontext_file(ufile); |
268 | |
269 | if (IS_ERR(ptr: ucontext)) |
270 | return ERR_CAST(ptr: ucontext); |
271 | attrs->context = ucontext; |
272 | } |
273 | |
274 | uobj = kzalloc(size: obj->type_attrs->obj_size, GFP_KERNEL); |
275 | if (!uobj) |
276 | return ERR_PTR(error: -ENOMEM); |
277 | /* |
278 | * user_handle should be filled by the handler, |
279 | * The object is added to the list in the commit stage. |
280 | */ |
281 | uobj->ufile = ufile; |
282 | uobj->context = attrs->context; |
283 | INIT_LIST_HEAD(list: &uobj->list); |
284 | uobj->uapi_object = obj; |
285 | /* |
286 | * Allocated objects start out as write locked to deny any other |
287 | * syscalls from accessing them until they are committed. See |
288 | * rdma_alloc_commit_uobject |
289 | */ |
290 | atomic_set(v: &uobj->usecnt, i: -1); |
291 | kref_init(kref: &uobj->ref); |
292 | |
293 | return uobj; |
294 | } |
295 | |
296 | static int idr_add_uobj(struct ib_uobject *uobj) |
297 | { |
298 | /* |
299 | * We start with allocating an idr pointing to NULL. This represents an |
300 | * object which isn't initialized yet. We'll replace it later on with |
301 | * the real object once we commit. |
302 | */ |
303 | return xa_alloc(xa: &uobj->ufile->idr, id: &uobj->id, NULL, xa_limit_32b, |
304 | GFP_KERNEL); |
305 | } |
306 | |
307 | /* Returns the ib_uobject or an error. The caller should check for IS_ERR. */ |
308 | static struct ib_uobject * |
309 | lookup_get_idr_uobject(const struct uverbs_api_object *obj, |
310 | struct ib_uverbs_file *ufile, s64 id, |
311 | enum rdma_lookup_mode mode) |
312 | { |
313 | struct ib_uobject *uobj; |
314 | |
315 | if (id < 0 || id > ULONG_MAX) |
316 | return ERR_PTR(error: -EINVAL); |
317 | |
318 | rcu_read_lock(); |
319 | /* |
320 | * The idr_find is guaranteed to return a pointer to something that |
321 | * isn't freed yet, or NULL, as the free after idr_remove goes through |
322 | * kfree_rcu(). However the object may still have been released and |
323 | * kfree() could be called at any time. |
324 | */ |
325 | uobj = xa_load(&ufile->idr, index: id); |
326 | if (!uobj || !kref_get_unless_zero(kref: &uobj->ref)) |
327 | uobj = ERR_PTR(error: -ENOENT); |
328 | rcu_read_unlock(); |
329 | return uobj; |
330 | } |
331 | |
332 | static struct ib_uobject * |
333 | lookup_get_fd_uobject(const struct uverbs_api_object *obj, |
334 | struct ib_uverbs_file *ufile, s64 id, |
335 | enum rdma_lookup_mode mode) |
336 | { |
337 | const struct uverbs_obj_fd_type *fd_type; |
338 | struct file *f; |
339 | struct ib_uobject *uobject; |
340 | int fdno = id; |
341 | |
342 | if (fdno != id) |
343 | return ERR_PTR(error: -EINVAL); |
344 | |
345 | if (mode != UVERBS_LOOKUP_READ) |
346 | return ERR_PTR(error: -EOPNOTSUPP); |
347 | |
348 | if (!obj->type_attrs) |
349 | return ERR_PTR(error: -EIO); |
350 | fd_type = |
351 | container_of(obj->type_attrs, struct uverbs_obj_fd_type, type); |
352 | |
353 | f = fget(fd: fdno); |
354 | if (!f) |
355 | return ERR_PTR(error: -EBADF); |
356 | |
357 | uobject = f->private_data; |
358 | /* |
359 | * fget(id) ensures we are not currently running |
360 | * uverbs_uobject_fd_release(), and the caller is expected to ensure |
361 | * that release is never done while a call to lookup is possible. |
362 | */ |
363 | if (f->f_op != fd_type->fops || uobject->ufile != ufile) { |
364 | fput(f); |
365 | return ERR_PTR(error: -EBADF); |
366 | } |
367 | |
368 | uverbs_uobject_get(uobject); |
369 | return uobject; |
370 | } |
371 | |
372 | struct ib_uobject *rdma_lookup_get_uobject(const struct uverbs_api_object *obj, |
373 | struct ib_uverbs_file *ufile, s64 id, |
374 | enum rdma_lookup_mode mode, |
375 | struct uverbs_attr_bundle *attrs) |
376 | { |
377 | struct ib_uobject *uobj; |
378 | int ret; |
379 | |
380 | if (obj == ERR_PTR(error: -ENOMSG)) { |
381 | /* must be UVERBS_IDR_ANY_OBJECT, see uapi_get_object() */ |
382 | uobj = lookup_get_idr_uobject(NULL, ufile, id, mode); |
383 | if (IS_ERR(ptr: uobj)) |
384 | return uobj; |
385 | } else { |
386 | if (IS_ERR(ptr: obj)) |
387 | return ERR_PTR(error: -EINVAL); |
388 | |
389 | uobj = obj->type_class->lookup_get(obj, ufile, id, mode); |
390 | if (IS_ERR(ptr: uobj)) |
391 | return uobj; |
392 | |
393 | if (uobj->uapi_object != obj) { |
394 | ret = -EINVAL; |
395 | goto free; |
396 | } |
397 | } |
398 | |
399 | /* |
400 | * If we have been disassociated block every command except for |
401 | * DESTROY based commands. |
402 | */ |
403 | if (mode != UVERBS_LOOKUP_DESTROY && |
404 | !srcu_dereference(ufile->device->ib_dev, |
405 | &ufile->device->disassociate_srcu)) { |
406 | ret = -EIO; |
407 | goto free; |
408 | } |
409 | |
410 | ret = uverbs_try_lock_object(uobj, mode); |
411 | if (ret) |
412 | goto free; |
413 | if (attrs) |
414 | attrs->context = uobj->context; |
415 | |
416 | return uobj; |
417 | free: |
418 | uobj->uapi_object->type_class->lookup_put(uobj, mode); |
419 | uverbs_uobject_put(uobj); |
420 | return ERR_PTR(error: ret); |
421 | } |
422 | |
423 | static struct ib_uobject * |
424 | alloc_begin_idr_uobject(const struct uverbs_api_object *obj, |
425 | struct uverbs_attr_bundle *attrs) |
426 | { |
427 | int ret; |
428 | struct ib_uobject *uobj; |
429 | |
430 | uobj = alloc_uobj(attrs, obj); |
431 | if (IS_ERR(ptr: uobj)) |
432 | return uobj; |
433 | |
434 | ret = idr_add_uobj(uobj); |
435 | if (ret) |
436 | goto uobj_put; |
437 | |
438 | ret = ib_rdmacg_try_charge(cg_obj: &uobj->cg_obj, device: uobj->context->device, |
439 | resource_index: RDMACG_RESOURCE_HCA_OBJECT); |
440 | if (ret) |
441 | goto remove; |
442 | |
443 | return uobj; |
444 | |
445 | remove: |
446 | xa_erase(&attrs->ufile->idr, index: uobj->id); |
447 | uobj_put: |
448 | uverbs_uobject_put(uobj); |
449 | return ERR_PTR(error: ret); |
450 | } |
451 | |
452 | static struct ib_uobject * |
453 | alloc_begin_fd_uobject(const struct uverbs_api_object *obj, |
454 | struct uverbs_attr_bundle *attrs) |
455 | { |
456 | const struct uverbs_obj_fd_type *fd_type; |
457 | int new_fd; |
458 | struct ib_uobject *uobj, *ret; |
459 | struct file *filp; |
460 | |
461 | uobj = alloc_uobj(attrs, obj); |
462 | if (IS_ERR(ptr: uobj)) |
463 | return uobj; |
464 | |
465 | fd_type = |
466 | container_of(obj->type_attrs, struct uverbs_obj_fd_type, type); |
467 | if (WARN_ON(fd_type->fops->release != &uverbs_uobject_fd_release && |
468 | fd_type->fops->release != &uverbs_async_event_release)) { |
469 | ret = ERR_PTR(error: -EINVAL); |
470 | goto err_fd; |
471 | } |
472 | |
473 | new_fd = get_unused_fd_flags(O_CLOEXEC); |
474 | if (new_fd < 0) { |
475 | ret = ERR_PTR(error: new_fd); |
476 | goto err_fd; |
477 | } |
478 | |
479 | /* Note that uverbs_uobject_fd_release() is called during abort */ |
480 | filp = anon_inode_getfile(name: fd_type->name, fops: fd_type->fops, NULL, |
481 | flags: fd_type->flags); |
482 | if (IS_ERR(ptr: filp)) { |
483 | ret = ERR_CAST(ptr: filp); |
484 | goto err_getfile; |
485 | } |
486 | uobj->object = filp; |
487 | |
488 | uobj->id = new_fd; |
489 | return uobj; |
490 | |
491 | err_getfile: |
492 | put_unused_fd(fd: new_fd); |
493 | err_fd: |
494 | uverbs_uobject_put(uobj); |
495 | return ret; |
496 | } |
497 | |
498 | struct ib_uobject *rdma_alloc_begin_uobject(const struct uverbs_api_object *obj, |
499 | struct uverbs_attr_bundle *attrs) |
500 | { |
501 | struct ib_uverbs_file *ufile = attrs->ufile; |
502 | struct ib_uobject *ret; |
503 | |
504 | if (IS_ERR(ptr: obj)) |
505 | return ERR_PTR(error: -EINVAL); |
506 | |
507 | /* |
508 | * The hw_destroy_rwsem is held across the entire object creation and |
509 | * released during rdma_alloc_commit_uobject or |
510 | * rdma_alloc_abort_uobject |
511 | */ |
512 | if (!down_read_trylock(sem: &ufile->hw_destroy_rwsem)) |
513 | return ERR_PTR(error: -EIO); |
514 | |
515 | ret = obj->type_class->alloc_begin(obj, attrs); |
516 | if (IS_ERR(ptr: ret)) { |
517 | up_read(sem: &ufile->hw_destroy_rwsem); |
518 | return ret; |
519 | } |
520 | return ret; |
521 | } |
522 | |
523 | static void alloc_abort_idr_uobject(struct ib_uobject *uobj) |
524 | { |
525 | ib_rdmacg_uncharge(cg_obj: &uobj->cg_obj, device: uobj->context->device, |
526 | resource_index: RDMACG_RESOURCE_HCA_OBJECT); |
527 | |
528 | xa_erase(&uobj->ufile->idr, index: uobj->id); |
529 | } |
530 | |
531 | static int __must_check destroy_hw_idr_uobject(struct ib_uobject *uobj, |
532 | enum rdma_remove_reason why, |
533 | struct uverbs_attr_bundle *attrs) |
534 | { |
535 | const struct uverbs_obj_idr_type *idr_type = |
536 | container_of(uobj->uapi_object->type_attrs, |
537 | struct uverbs_obj_idr_type, type); |
538 | int ret = idr_type->destroy_object(uobj, why, attrs); |
539 | |
540 | if (ret) |
541 | return ret; |
542 | |
543 | if (why == RDMA_REMOVE_ABORT) |
544 | return 0; |
545 | |
546 | ib_rdmacg_uncharge(cg_obj: &uobj->cg_obj, device: uobj->context->device, |
547 | resource_index: RDMACG_RESOURCE_HCA_OBJECT); |
548 | |
549 | return 0; |
550 | } |
551 | |
552 | static void remove_handle_idr_uobject(struct ib_uobject *uobj) |
553 | { |
554 | xa_erase(&uobj->ufile->idr, index: uobj->id); |
555 | /* Matches the kref in alloc_commit_idr_uobject */ |
556 | uverbs_uobject_put(uobj); |
557 | } |
558 | |
559 | static void alloc_abort_fd_uobject(struct ib_uobject *uobj) |
560 | { |
561 | struct file *filp = uobj->object; |
562 | |
563 | fput(filp); |
564 | put_unused_fd(fd: uobj->id); |
565 | } |
566 | |
567 | static int __must_check destroy_hw_fd_uobject(struct ib_uobject *uobj, |
568 | enum rdma_remove_reason why, |
569 | struct uverbs_attr_bundle *attrs) |
570 | { |
571 | const struct uverbs_obj_fd_type *fd_type = container_of( |
572 | uobj->uapi_object->type_attrs, struct uverbs_obj_fd_type, type); |
573 | |
574 | fd_type->destroy_object(uobj, why); |
575 | return 0; |
576 | } |
577 | |
578 | static void remove_handle_fd_uobject(struct ib_uobject *uobj) |
579 | { |
580 | } |
581 | |
582 | static void alloc_commit_idr_uobject(struct ib_uobject *uobj) |
583 | { |
584 | struct ib_uverbs_file *ufile = uobj->ufile; |
585 | void *old; |
586 | |
587 | /* |
588 | * We already allocated this IDR with a NULL object, so |
589 | * this shouldn't fail. |
590 | * |
591 | * NOTE: Storing the uobj transfers our kref on uobj to the XArray. |
592 | * It will be put by remove_commit_idr_uobject() |
593 | */ |
594 | old = xa_store(&ufile->idr, index: uobj->id, entry: uobj, GFP_KERNEL); |
595 | WARN_ON(old != NULL); |
596 | } |
597 | |
598 | static void swap_idr_uobjects(struct ib_uobject *obj_old, |
599 | struct ib_uobject *obj_new) |
600 | { |
601 | struct ib_uverbs_file *ufile = obj_old->ufile; |
602 | void *old; |
603 | |
604 | /* |
605 | * New must be an object that been allocated but not yet committed, this |
606 | * moves the pre-committed state to obj_old, new still must be comitted. |
607 | */ |
608 | old = xa_cmpxchg(xa: &ufile->idr, index: obj_old->id, old: obj_old, XA_ZERO_ENTRY, |
609 | GFP_KERNEL); |
610 | if (WARN_ON(old != obj_old)) |
611 | return; |
612 | |
613 | swap(obj_old->id, obj_new->id); |
614 | |
615 | old = xa_cmpxchg(xa: &ufile->idr, index: obj_old->id, NULL, entry: obj_old, GFP_KERNEL); |
616 | WARN_ON(old != NULL); |
617 | } |
618 | |
619 | static void alloc_commit_fd_uobject(struct ib_uobject *uobj) |
620 | { |
621 | int fd = uobj->id; |
622 | struct file *filp = uobj->object; |
623 | |
624 | /* Matching put will be done in uverbs_uobject_fd_release() */ |
625 | kref_get(kref: &uobj->ufile->ref); |
626 | |
627 | /* This shouldn't be used anymore. Use the file object instead */ |
628 | uobj->id = 0; |
629 | |
630 | /* |
631 | * NOTE: Once we install the file we loose ownership of our kref on |
632 | * uobj. It will be put by uverbs_uobject_fd_release() |
633 | */ |
634 | filp->private_data = uobj; |
635 | fd_install(fd, file: filp); |
636 | } |
637 | |
638 | /* |
639 | * In all cases rdma_alloc_commit_uobject() consumes the kref to uobj and the |
640 | * caller can no longer assume uobj is valid. If this function fails it |
641 | * destroys the uboject, including the attached HW object. |
642 | */ |
643 | void rdma_alloc_commit_uobject(struct ib_uobject *uobj, |
644 | struct uverbs_attr_bundle *attrs) |
645 | { |
646 | struct ib_uverbs_file *ufile = attrs->ufile; |
647 | |
648 | /* kref is held so long as the uobj is on the uobj list. */ |
649 | uverbs_uobject_get(uobject: uobj); |
650 | spin_lock_irq(lock: &ufile->uobjects_lock); |
651 | list_add(new: &uobj->list, head: &ufile->uobjects); |
652 | spin_unlock_irq(lock: &ufile->uobjects_lock); |
653 | |
654 | /* matches atomic_set(-1) in alloc_uobj */ |
655 | atomic_set(v: &uobj->usecnt, i: 0); |
656 | |
657 | /* alloc_commit consumes the uobj kref */ |
658 | uobj->uapi_object->type_class->alloc_commit(uobj); |
659 | |
660 | /* Matches the down_read in rdma_alloc_begin_uobject */ |
661 | up_read(sem: &ufile->hw_destroy_rwsem); |
662 | } |
663 | |
664 | /* |
665 | * new_uobj will be assigned to the handle currently used by to_uobj, and |
666 | * to_uobj will be destroyed. |
667 | * |
668 | * Upon return the caller must do: |
669 | * rdma_alloc_commit_uobject(new_uobj) |
670 | * uobj_put_destroy(to_uobj) |
671 | * |
672 | * to_uobj must have a write get but the put mode switches to destroy once |
673 | * this is called. |
674 | */ |
675 | void rdma_assign_uobject(struct ib_uobject *to_uobj, struct ib_uobject *new_uobj, |
676 | struct uverbs_attr_bundle *attrs) |
677 | { |
678 | assert_uverbs_usecnt(uobj: new_uobj, mode: UVERBS_LOOKUP_WRITE); |
679 | |
680 | if (WARN_ON(to_uobj->uapi_object != new_uobj->uapi_object || |
681 | !to_uobj->uapi_object->type_class->swap_uobjects)) |
682 | return; |
683 | |
684 | to_uobj->uapi_object->type_class->swap_uobjects(to_uobj, new_uobj); |
685 | |
686 | /* |
687 | * If this fails then the uobject is still completely valid (though with |
688 | * a new ID) and we leak it until context close. |
689 | */ |
690 | uverbs_destroy_uobject(uobj: to_uobj, reason: RDMA_REMOVE_DESTROY, attrs); |
691 | } |
692 | |
693 | /* |
694 | * This consumes the kref for uobj. It is up to the caller to unwind the HW |
695 | * object and anything else connected to uobj before calling this. |
696 | */ |
697 | void rdma_alloc_abort_uobject(struct ib_uobject *uobj, |
698 | struct uverbs_attr_bundle *attrs, |
699 | bool hw_obj_valid) |
700 | { |
701 | struct ib_uverbs_file *ufile = uobj->ufile; |
702 | int ret; |
703 | |
704 | if (hw_obj_valid) { |
705 | ret = uobj->uapi_object->type_class->destroy_hw( |
706 | uobj, RDMA_REMOVE_ABORT, attrs); |
707 | /* |
708 | * If the driver couldn't destroy the object then go ahead and |
709 | * commit it. Leaking objects that can't be destroyed is only |
710 | * done during FD close after the driver has a few more tries to |
711 | * destroy it. |
712 | */ |
713 | if (WARN_ON(ret)) |
714 | return rdma_alloc_commit_uobject(uobj, attrs); |
715 | } |
716 | |
717 | uverbs_destroy_uobject(uobj, reason: RDMA_REMOVE_ABORT, attrs); |
718 | |
719 | /* Matches the down_read in rdma_alloc_begin_uobject */ |
720 | up_read(sem: &ufile->hw_destroy_rwsem); |
721 | } |
722 | |
723 | static void lookup_put_idr_uobject(struct ib_uobject *uobj, |
724 | enum rdma_lookup_mode mode) |
725 | { |
726 | } |
727 | |
728 | static void lookup_put_fd_uobject(struct ib_uobject *uobj, |
729 | enum rdma_lookup_mode mode) |
730 | { |
731 | struct file *filp = uobj->object; |
732 | |
733 | WARN_ON(mode != UVERBS_LOOKUP_READ); |
734 | /* |
735 | * This indirectly calls uverbs_uobject_fd_release() and free the |
736 | * object |
737 | */ |
738 | fput(filp); |
739 | } |
740 | |
741 | void rdma_lookup_put_uobject(struct ib_uobject *uobj, |
742 | enum rdma_lookup_mode mode) |
743 | { |
744 | assert_uverbs_usecnt(uobj, mode); |
745 | /* |
746 | * In order to unlock an object, either decrease its usecnt for |
747 | * read access or zero it in case of exclusive access. See |
748 | * uverbs_try_lock_object for locking schema information. |
749 | */ |
750 | switch (mode) { |
751 | case UVERBS_LOOKUP_READ: |
752 | atomic_dec(v: &uobj->usecnt); |
753 | break; |
754 | case UVERBS_LOOKUP_WRITE: |
755 | atomic_set(v: &uobj->usecnt, i: 0); |
756 | break; |
757 | case UVERBS_LOOKUP_DESTROY: |
758 | break; |
759 | } |
760 | |
761 | uobj->uapi_object->type_class->lookup_put(uobj, mode); |
762 | /* Pairs with the kref obtained by type->lookup_get */ |
763 | uverbs_uobject_put(uobj); |
764 | } |
765 | |
766 | void setup_ufile_idr_uobject(struct ib_uverbs_file *ufile) |
767 | { |
768 | xa_init_flags(xa: &ufile->idr, XA_FLAGS_ALLOC); |
769 | } |
770 | |
771 | void release_ufile_idr_uobject(struct ib_uverbs_file *ufile) |
772 | { |
773 | struct ib_uobject *entry; |
774 | unsigned long id; |
775 | |
776 | /* |
777 | * At this point uverbs_cleanup_ufile() is guaranteed to have run, and |
778 | * there are no HW objects left, however the xarray is still populated |
779 | * with anything that has not been cleaned up by userspace. Since the |
780 | * kref on ufile is 0, nothing is allowed to call lookup_get. |
781 | * |
782 | * This is an optimized equivalent to remove_handle_idr_uobject |
783 | */ |
784 | xa_for_each(&ufile->idr, id, entry) { |
785 | WARN_ON(entry->object); |
786 | uverbs_uobject_put(entry); |
787 | } |
788 | |
789 | xa_destroy(&ufile->idr); |
790 | } |
791 | |
792 | const struct uverbs_obj_type_class uverbs_idr_class = { |
793 | .alloc_begin = alloc_begin_idr_uobject, |
794 | .lookup_get = lookup_get_idr_uobject, |
795 | .alloc_commit = alloc_commit_idr_uobject, |
796 | .alloc_abort = alloc_abort_idr_uobject, |
797 | .lookup_put = lookup_put_idr_uobject, |
798 | .destroy_hw = destroy_hw_idr_uobject, |
799 | .remove_handle = remove_handle_idr_uobject, |
800 | .swap_uobjects = swap_idr_uobjects, |
801 | }; |
802 | EXPORT_SYMBOL(uverbs_idr_class); |
803 | |
804 | /* |
805 | * Users of UVERBS_TYPE_ALLOC_FD should set this function as the struct |
806 | * file_operations release method. |
807 | */ |
808 | int uverbs_uobject_fd_release(struct inode *inode, struct file *filp) |
809 | { |
810 | struct ib_uverbs_file *ufile; |
811 | struct ib_uobject *uobj; |
812 | |
813 | /* |
814 | * This can only happen if the fput came from alloc_abort_fd_uobject() |
815 | */ |
816 | if (!filp->private_data) |
817 | return 0; |
818 | uobj = filp->private_data; |
819 | ufile = uobj->ufile; |
820 | |
821 | if (down_read_trylock(sem: &ufile->hw_destroy_rwsem)) { |
822 | struct uverbs_attr_bundle attrs = { |
823 | .context = uobj->context, |
824 | .ufile = ufile, |
825 | }; |
826 | |
827 | /* |
828 | * lookup_get_fd_uobject holds the kref on the struct file any |
829 | * time a FD uobj is locked, which prevents this release |
830 | * method from being invoked. Meaning we can always get the |
831 | * write lock here, or we have a kernel bug. |
832 | */ |
833 | WARN_ON(uverbs_try_lock_object(uobj, UVERBS_LOOKUP_WRITE)); |
834 | uverbs_destroy_uobject(uobj, reason: RDMA_REMOVE_CLOSE, attrs: &attrs); |
835 | up_read(sem: &ufile->hw_destroy_rwsem); |
836 | } |
837 | |
838 | /* Matches the get in alloc_commit_fd_uobject() */ |
839 | kref_put(kref: &ufile->ref, release: ib_uverbs_release_file); |
840 | |
841 | /* Pairs with filp->private_data in alloc_begin_fd_uobject */ |
842 | uverbs_uobject_put(uobj); |
843 | return 0; |
844 | } |
845 | EXPORT_SYMBOL(uverbs_uobject_fd_release); |
846 | |
847 | /* |
848 | * Drop the ucontext off the ufile and completely disconnect it from the |
849 | * ib_device |
850 | */ |
851 | static void ufile_destroy_ucontext(struct ib_uverbs_file *ufile, |
852 | enum rdma_remove_reason reason) |
853 | { |
854 | struct ib_ucontext *ucontext = ufile->ucontext; |
855 | struct ib_device *ib_dev = ucontext->device; |
856 | |
857 | /* |
858 | * If we are closing the FD then the user mmap VMAs must have |
859 | * already been destroyed as they hold on to the filep, otherwise |
860 | * they need to be zap'd. |
861 | */ |
862 | if (reason == RDMA_REMOVE_DRIVER_REMOVE) { |
863 | uverbs_user_mmap_disassociate(ufile); |
864 | if (ib_dev->ops.disassociate_ucontext) |
865 | ib_dev->ops.disassociate_ucontext(ucontext); |
866 | } |
867 | |
868 | ib_rdmacg_uncharge(cg_obj: &ucontext->cg_obj, device: ib_dev, |
869 | resource_index: RDMACG_RESOURCE_HCA_HANDLE); |
870 | |
871 | rdma_restrack_del(res: &ucontext->res); |
872 | |
873 | ib_dev->ops.dealloc_ucontext(ucontext); |
874 | WARN_ON(!xa_empty(&ucontext->mmap_xa)); |
875 | kfree(objp: ucontext); |
876 | |
877 | ufile->ucontext = NULL; |
878 | } |
879 | |
880 | static int __uverbs_cleanup_ufile(struct ib_uverbs_file *ufile, |
881 | enum rdma_remove_reason reason) |
882 | { |
883 | struct ib_uobject *obj, *next_obj; |
884 | int ret = -EINVAL; |
885 | struct uverbs_attr_bundle attrs = { .ufile = ufile }; |
886 | |
887 | /* |
888 | * This shouldn't run while executing other commands on this |
889 | * context. Thus, the only thing we should take care of is |
890 | * releasing a FD while traversing this list. The FD could be |
891 | * closed and released from the _release fop of this FD. |
892 | * In order to mitigate this, we add a lock. |
893 | * We take and release the lock per traversal in order to let |
894 | * other threads (which might still use the FDs) chance to run. |
895 | */ |
896 | list_for_each_entry_safe(obj, next_obj, &ufile->uobjects, list) { |
897 | attrs.context = obj->context; |
898 | /* |
899 | * if we hit this WARN_ON, that means we are |
900 | * racing with a lookup_get. |
901 | */ |
902 | WARN_ON(uverbs_try_lock_object(obj, UVERBS_LOOKUP_WRITE)); |
903 | if (reason == RDMA_REMOVE_DRIVER_FAILURE) |
904 | obj->object = NULL; |
905 | if (!uverbs_destroy_uobject(uobj: obj, reason, attrs: &attrs)) |
906 | ret = 0; |
907 | else |
908 | atomic_set(v: &obj->usecnt, i: 0); |
909 | } |
910 | |
911 | if (reason == RDMA_REMOVE_DRIVER_FAILURE) { |
912 | WARN_ON(!list_empty(&ufile->uobjects)); |
913 | return 0; |
914 | } |
915 | return ret; |
916 | } |
917 | |
918 | /* |
919 | * Destroy the ucontext and every uobject associated with it. |
920 | * |
921 | * This is internally locked and can be called in parallel from multiple |
922 | * contexts. |
923 | */ |
924 | void uverbs_destroy_ufile_hw(struct ib_uverbs_file *ufile, |
925 | enum rdma_remove_reason reason) |
926 | { |
927 | down_write(sem: &ufile->hw_destroy_rwsem); |
928 | |
929 | /* |
930 | * If a ucontext was never created then we can't have any uobjects to |
931 | * cleanup, nothing to do. |
932 | */ |
933 | if (!ufile->ucontext) |
934 | goto done; |
935 | |
936 | while (!list_empty(head: &ufile->uobjects) && |
937 | !__uverbs_cleanup_ufile(ufile, reason)) { |
938 | } |
939 | |
940 | if (WARN_ON(!list_empty(&ufile->uobjects))) |
941 | __uverbs_cleanup_ufile(ufile, reason: RDMA_REMOVE_DRIVER_FAILURE); |
942 | ufile_destroy_ucontext(ufile, reason); |
943 | |
944 | done: |
945 | up_write(sem: &ufile->hw_destroy_rwsem); |
946 | } |
947 | |
948 | const struct uverbs_obj_type_class uverbs_fd_class = { |
949 | .alloc_begin = alloc_begin_fd_uobject, |
950 | .lookup_get = lookup_get_fd_uobject, |
951 | .alloc_commit = alloc_commit_fd_uobject, |
952 | .alloc_abort = alloc_abort_fd_uobject, |
953 | .lookup_put = lookup_put_fd_uobject, |
954 | .destroy_hw = destroy_hw_fd_uobject, |
955 | .remove_handle = remove_handle_fd_uobject, |
956 | }; |
957 | EXPORT_SYMBOL(uverbs_fd_class); |
958 | |
959 | struct ib_uobject * |
960 | uverbs_get_uobject_from_file(u16 object_id, enum uverbs_obj_access access, |
961 | s64 id, struct uverbs_attr_bundle *attrs) |
962 | { |
963 | const struct uverbs_api_object *obj = |
964 | uapi_get_object(uapi: attrs->ufile->device->uapi, object_id); |
965 | |
966 | switch (access) { |
967 | case UVERBS_ACCESS_READ: |
968 | return rdma_lookup_get_uobject(obj, ufile: attrs->ufile, id, |
969 | mode: UVERBS_LOOKUP_READ, attrs); |
970 | case UVERBS_ACCESS_DESTROY: |
971 | /* Actual destruction is done inside uverbs_handle_method */ |
972 | return rdma_lookup_get_uobject(obj, ufile: attrs->ufile, id, |
973 | mode: UVERBS_LOOKUP_DESTROY, attrs); |
974 | case UVERBS_ACCESS_WRITE: |
975 | return rdma_lookup_get_uobject(obj, ufile: attrs->ufile, id, |
976 | mode: UVERBS_LOOKUP_WRITE, attrs); |
977 | case UVERBS_ACCESS_NEW: |
978 | return rdma_alloc_begin_uobject(obj, attrs); |
979 | default: |
980 | WARN_ON(true); |
981 | return ERR_PTR(error: -EOPNOTSUPP); |
982 | } |
983 | } |
984 | |
985 | void uverbs_finalize_object(struct ib_uobject *uobj, |
986 | enum uverbs_obj_access access, bool hw_obj_valid, |
987 | bool commit, struct uverbs_attr_bundle *attrs) |
988 | { |
989 | /* |
990 | * refcounts should be handled at the object level and not at the |
991 | * uobject level. Refcounts of the objects themselves are done in |
992 | * handlers. |
993 | */ |
994 | |
995 | switch (access) { |
996 | case UVERBS_ACCESS_READ: |
997 | rdma_lookup_put_uobject(uobj, mode: UVERBS_LOOKUP_READ); |
998 | break; |
999 | case UVERBS_ACCESS_WRITE: |
1000 | rdma_lookup_put_uobject(uobj, mode: UVERBS_LOOKUP_WRITE); |
1001 | break; |
1002 | case UVERBS_ACCESS_DESTROY: |
1003 | if (uobj) |
1004 | rdma_lookup_put_uobject(uobj, mode: UVERBS_LOOKUP_DESTROY); |
1005 | break; |
1006 | case UVERBS_ACCESS_NEW: |
1007 | if (commit) |
1008 | rdma_alloc_commit_uobject(uobj, attrs); |
1009 | else |
1010 | rdma_alloc_abort_uobject(uobj, attrs, hw_obj_valid); |
1011 | break; |
1012 | default: |
1013 | WARN_ON(true); |
1014 | } |
1015 | } |
1016 | |