1 /*
2  * Copyright (c) 2004-2007 Voltaire, Inc. All rights reserved.
3  * Copyright (c) 2005 Intel Corporation.  All rights reserved.
4  * Copyright (c) 2005 Mellanox Technologies Ltd.  All rights reserved.
5  * Copyright (c) 2009 HNR Consulting. All rights reserved.
6  * Copyright (c) 2014,2018 Intel Corporation.  All rights reserved.
7  *
8  * This software is available to you under a choice of one of two
9  * licenses.  You may choose to be licensed under the terms of the GNU
10  * General Public License (GPL) Version 2, available from the file
11  * COPYING in the main directory of this source tree, or the
12  * OpenIB.org BSD license below:
13  *
14  *     Redistribution and use in source and binary forms, with or
15  *     without modification, are permitted provided that the following
16  *     conditions are met:
17  *
18  *      - Redistributions of source code must retain the above
19  *        copyright notice, this list of conditions and the following
20  *        disclaimer.
21  *
22  *      - Redistributions in binary form must reproduce the above
23  *        copyright notice, this list of conditions and the following
24  *        disclaimer in the documentation and/or other materials
25  *        provided with the distribution.
26  *
27  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
28  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
29  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
30  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
31  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
32  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
33  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
34  * SOFTWARE.
35  *
36  */
37 
38 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
39 
40 #include <linux/dma-mapping.h>
41 #include <linux/slab.h>
42 #include <linux/module.h>
43 #include <linux/security.h>
44 #include <linux/xarray.h>
45 #include <rdma/ib_cache.h>
46 
47 #include "mad_priv.h"
48 #include "core_priv.h"
49 #include "mad_rmpp.h"
50 #include "smi.h"
51 #include "opa_smi.h"
52 #include "agent.h"
53 
54 #define CREATE_TRACE_POINTS
55 #include <trace/events/ib_mad.h>
56 
57 #ifdef CONFIG_TRACEPOINTS
create_mad_addr_info(struct ib_mad_send_wr_private * mad_send_wr,struct ib_mad_qp_info * qp_info,struct trace_event_raw_ib_mad_send_template * entry)58 static void create_mad_addr_info(struct ib_mad_send_wr_private *mad_send_wr,
59 			  struct ib_mad_qp_info *qp_info,
60 			  struct trace_event_raw_ib_mad_send_template *entry)
61 {
62 	u16 pkey;
63 	struct ib_device *dev = qp_info->port_priv->device;
64 	u8 pnum = qp_info->port_priv->port_num;
65 	struct ib_ud_wr *wr = &mad_send_wr->send_wr;
66 	struct rdma_ah_attr attr = {};
67 
68 	rdma_query_ah(wr->ah, &attr);
69 
70 	/* These are common */
71 	entry->sl = attr.sl;
72 	ib_query_pkey(dev, pnum, wr->pkey_index, &pkey);
73 	entry->pkey = pkey;
74 	entry->rqpn = wr->remote_qpn;
75 	entry->rqkey = wr->remote_qkey;
76 	entry->dlid = rdma_ah_get_dlid(&attr);
77 }
78 #endif
79 
80 static int mad_sendq_size = IB_MAD_QP_SEND_SIZE;
81 static int mad_recvq_size = IB_MAD_QP_RECV_SIZE;
82 
83 module_param_named(send_queue_size, mad_sendq_size, int, 0444);
84 MODULE_PARM_DESC(send_queue_size, "Size of send queue in number of work requests");
85 module_param_named(recv_queue_size, mad_recvq_size, int, 0444);
86 MODULE_PARM_DESC(recv_queue_size, "Size of receive queue in number of work requests");
87 
88 /* Client ID 0 is used for snoop-only clients */
89 static DEFINE_XARRAY_ALLOC1(ib_mad_clients);
90 static u32 ib_mad_client_next;
91 static struct list_head ib_mad_port_list;
92 
93 /* Port list lock */
94 static DEFINE_SPINLOCK(ib_mad_port_list_lock);
95 
96 /* Forward declarations */
97 static int method_in_use(struct ib_mad_mgmt_method_table **method,
98 			 struct ib_mad_reg_req *mad_reg_req);
99 static void remove_mad_reg_req(struct ib_mad_agent_private *priv);
100 static struct ib_mad_agent_private *find_mad_agent(
101 					struct ib_mad_port_private *port_priv,
102 					const struct ib_mad_hdr *mad);
103 static int ib_mad_post_receive_mads(struct ib_mad_qp_info *qp_info,
104 				    struct ib_mad_private *mad);
105 static void cancel_mads(struct ib_mad_agent_private *mad_agent_priv);
106 static void timeout_sends(struct work_struct *work);
107 static void local_completions(struct work_struct *work);
108 static int add_nonoui_reg_req(struct ib_mad_reg_req *mad_reg_req,
109 			      struct ib_mad_agent_private *agent_priv,
110 			      u8 mgmt_class);
111 static int add_oui_reg_req(struct ib_mad_reg_req *mad_reg_req,
112 			   struct ib_mad_agent_private *agent_priv);
113 static bool ib_mad_send_error(struct ib_mad_port_private *port_priv,
114 			      struct ib_wc *wc);
115 static void ib_mad_send_done(struct ib_cq *cq, struct ib_wc *wc);
116 
117 /*
118  * Returns a ib_mad_port_private structure or NULL for a device/port
119  * Assumes ib_mad_port_list_lock is being held
120  */
121 static inline struct ib_mad_port_private *
__ib_get_mad_port(struct ib_device * device,int port_num)122 __ib_get_mad_port(struct ib_device *device, int port_num)
123 {
124 	struct ib_mad_port_private *entry;
125 
126 	list_for_each_entry(entry, &ib_mad_port_list, port_list) {
127 		if (entry->device == device && entry->port_num == port_num)
128 			return entry;
129 	}
130 	return NULL;
131 }
132 
133 /*
134  * Wrapper function to return a ib_mad_port_private structure or NULL
135  * for a device/port
136  */
137 static inline struct ib_mad_port_private *
ib_get_mad_port(struct ib_device * device,int port_num)138 ib_get_mad_port(struct ib_device *device, int port_num)
139 {
140 	struct ib_mad_port_private *entry;
141 	unsigned long flags;
142 
143 	spin_lock_irqsave(&ib_mad_port_list_lock, flags);
144 	entry = __ib_get_mad_port(device, port_num);
145 	spin_unlock_irqrestore(&ib_mad_port_list_lock, flags);
146 
147 	return entry;
148 }
149 
convert_mgmt_class(u8 mgmt_class)150 static inline u8 convert_mgmt_class(u8 mgmt_class)
151 {
152 	/* Alias IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE to 0 */
153 	return mgmt_class == IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE ?
154 		0 : mgmt_class;
155 }
156 
get_spl_qp_index(enum ib_qp_type qp_type)157 static int get_spl_qp_index(enum ib_qp_type qp_type)
158 {
159 	switch (qp_type)
160 	{
161 	case IB_QPT_SMI:
162 		return 0;
163 	case IB_QPT_GSI:
164 		return 1;
165 	default:
166 		return -1;
167 	}
168 }
169 
vendor_class_index(u8 mgmt_class)170 static int vendor_class_index(u8 mgmt_class)
171 {
172 	return mgmt_class - IB_MGMT_CLASS_VENDOR_RANGE2_START;
173 }
174 
is_vendor_class(u8 mgmt_class)175 static int is_vendor_class(u8 mgmt_class)
176 {
177 	if ((mgmt_class < IB_MGMT_CLASS_VENDOR_RANGE2_START) ||
178 	    (mgmt_class > IB_MGMT_CLASS_VENDOR_RANGE2_END))
179 		return 0;
180 	return 1;
181 }
182 
is_vendor_oui(char * oui)183 static int is_vendor_oui(char *oui)
184 {
185 	if (oui[0] || oui[1] || oui[2])
186 		return 1;
187 	return 0;
188 }
189 
is_vendor_method_in_use(struct ib_mad_mgmt_vendor_class * vendor_class,struct ib_mad_reg_req * mad_reg_req)190 static int is_vendor_method_in_use(
191 		struct ib_mad_mgmt_vendor_class *vendor_class,
192 		struct ib_mad_reg_req *mad_reg_req)
193 {
194 	struct ib_mad_mgmt_method_table *method;
195 	int i;
196 
197 	for (i = 0; i < MAX_MGMT_OUI; i++) {
198 		if (!memcmp(vendor_class->oui[i], mad_reg_req->oui, 3)) {
199 			method = vendor_class->method_table[i];
200 			if (method) {
201 				if (method_in_use(&method, mad_reg_req))
202 					return 1;
203 				else
204 					break;
205 			}
206 		}
207 	}
208 	return 0;
209 }
210 
ib_response_mad(const struct ib_mad_hdr * hdr)211 int ib_response_mad(const struct ib_mad_hdr *hdr)
212 {
213 	return ((hdr->method & IB_MGMT_METHOD_RESP) ||
214 		(hdr->method == IB_MGMT_METHOD_TRAP_REPRESS) ||
215 		((hdr->mgmt_class == IB_MGMT_CLASS_BM) &&
216 		 (hdr->attr_mod & IB_BM_ATTR_MOD_RESP)));
217 }
218 EXPORT_SYMBOL(ib_response_mad);
219 
220 /*
221  * ib_register_mad_agent - Register to send/receive MADs
222  *
223  * Context: Process context.
224  */
ib_register_mad_agent(struct ib_device * device,u8 port_num,enum ib_qp_type qp_type,struct ib_mad_reg_req * mad_reg_req,u8 rmpp_version,ib_mad_send_handler send_handler,ib_mad_recv_handler recv_handler,void * context,u32 registration_flags)225 struct ib_mad_agent *ib_register_mad_agent(struct ib_device *device,
226 					   u8 port_num,
227 					   enum ib_qp_type qp_type,
228 					   struct ib_mad_reg_req *mad_reg_req,
229 					   u8 rmpp_version,
230 					   ib_mad_send_handler send_handler,
231 					   ib_mad_recv_handler recv_handler,
232 					   void *context,
233 					   u32 registration_flags)
234 {
235 	struct ib_mad_port_private *port_priv;
236 	struct ib_mad_agent *ret = ERR_PTR(-EINVAL);
237 	struct ib_mad_agent_private *mad_agent_priv;
238 	struct ib_mad_reg_req *reg_req = NULL;
239 	struct ib_mad_mgmt_class_table *class;
240 	struct ib_mad_mgmt_vendor_class_table *vendor;
241 	struct ib_mad_mgmt_vendor_class *vendor_class;
242 	struct ib_mad_mgmt_method_table *method;
243 	int ret2, qpn;
244 	u8 mgmt_class, vclass;
245 
246 	if ((qp_type == IB_QPT_SMI && !rdma_cap_ib_smi(device, port_num)) ||
247 	    (qp_type == IB_QPT_GSI && !rdma_cap_ib_cm(device, port_num)))
248 		return ERR_PTR(-EPROTONOSUPPORT);
249 
250 	/* Validate parameters */
251 	qpn = get_spl_qp_index(qp_type);
252 	if (qpn == -1) {
253 		dev_dbg_ratelimited(&device->dev, "%s: invalid QP Type %d\n",
254 				    __func__, qp_type);
255 		goto error1;
256 	}
257 
258 	if (rmpp_version && rmpp_version != IB_MGMT_RMPP_VERSION) {
259 		dev_dbg_ratelimited(&device->dev,
260 				    "%s: invalid RMPP Version %u\n",
261 				    __func__, rmpp_version);
262 		goto error1;
263 	}
264 
265 	/* Validate MAD registration request if supplied */
266 	if (mad_reg_req) {
267 		if (mad_reg_req->mgmt_class_version >= MAX_MGMT_VERSION) {
268 			dev_dbg_ratelimited(&device->dev,
269 					    "%s: invalid Class Version %u\n",
270 					    __func__,
271 					    mad_reg_req->mgmt_class_version);
272 			goto error1;
273 		}
274 		if (!recv_handler) {
275 			dev_dbg_ratelimited(&device->dev,
276 					    "%s: no recv_handler\n", __func__);
277 			goto error1;
278 		}
279 		if (mad_reg_req->mgmt_class >= MAX_MGMT_CLASS) {
280 			/*
281 			 * IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE is the only
282 			 * one in this range currently allowed
283 			 */
284 			if (mad_reg_req->mgmt_class !=
285 			    IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE) {
286 				dev_dbg_ratelimited(&device->dev,
287 					"%s: Invalid Mgmt Class 0x%x\n",
288 					__func__, mad_reg_req->mgmt_class);
289 				goto error1;
290 			}
291 		} else if (mad_reg_req->mgmt_class == 0) {
292 			/*
293 			 * Class 0 is reserved in IBA and is used for
294 			 * aliasing of IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE
295 			 */
296 			dev_dbg_ratelimited(&device->dev,
297 					    "%s: Invalid Mgmt Class 0\n",
298 					    __func__);
299 			goto error1;
300 		} else if (is_vendor_class(mad_reg_req->mgmt_class)) {
301 			/*
302 			 * If class is in "new" vendor range,
303 			 * ensure supplied OUI is not zero
304 			 */
305 			if (!is_vendor_oui(mad_reg_req->oui)) {
306 				dev_dbg_ratelimited(&device->dev,
307 					"%s: No OUI specified for class 0x%x\n",
308 					__func__,
309 					mad_reg_req->mgmt_class);
310 				goto error1;
311 			}
312 		}
313 		/* Make sure class supplied is consistent with RMPP */
314 		if (!ib_is_mad_class_rmpp(mad_reg_req->mgmt_class)) {
315 			if (rmpp_version) {
316 				dev_dbg_ratelimited(&device->dev,
317 					"%s: RMPP version for non-RMPP class 0x%x\n",
318 					__func__, mad_reg_req->mgmt_class);
319 				goto error1;
320 			}
321 		}
322 
323 		/* Make sure class supplied is consistent with QP type */
324 		if (qp_type == IB_QPT_SMI) {
325 			if ((mad_reg_req->mgmt_class !=
326 					IB_MGMT_CLASS_SUBN_LID_ROUTED) &&
327 			    (mad_reg_req->mgmt_class !=
328 					IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE)) {
329 				dev_dbg_ratelimited(&device->dev,
330 					"%s: Invalid SM QP type: class 0x%x\n",
331 					__func__, mad_reg_req->mgmt_class);
332 				goto error1;
333 			}
334 		} else {
335 			if ((mad_reg_req->mgmt_class ==
336 					IB_MGMT_CLASS_SUBN_LID_ROUTED) ||
337 			    (mad_reg_req->mgmt_class ==
338 					IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE)) {
339 				dev_dbg_ratelimited(&device->dev,
340 					"%s: Invalid GS QP type: class 0x%x\n",
341 					__func__, mad_reg_req->mgmt_class);
342 				goto error1;
343 			}
344 		}
345 	} else {
346 		/* No registration request supplied */
347 		if (!send_handler)
348 			goto error1;
349 		if (registration_flags & IB_MAD_USER_RMPP)
350 			goto error1;
351 	}
352 
353 	/* Validate device and port */
354 	port_priv = ib_get_mad_port(device, port_num);
355 	if (!port_priv) {
356 		dev_dbg_ratelimited(&device->dev, "%s: Invalid port %d\n",
357 				    __func__, port_num);
358 		ret = ERR_PTR(-ENODEV);
359 		goto error1;
360 	}
361 
362 	/* Verify the QP requested is supported. For example, Ethernet devices
363 	 * will not have QP0.
364 	 */
365 	if (!port_priv->qp_info[qpn].qp) {
366 		dev_dbg_ratelimited(&device->dev, "%s: QP %d not supported\n",
367 				    __func__, qpn);
368 		ret = ERR_PTR(-EPROTONOSUPPORT);
369 		goto error1;
370 	}
371 
372 	/* Allocate structures */
373 	mad_agent_priv = kzalloc(sizeof *mad_agent_priv, GFP_KERNEL);
374 	if (!mad_agent_priv) {
375 		ret = ERR_PTR(-ENOMEM);
376 		goto error1;
377 	}
378 
379 	if (mad_reg_req) {
380 		reg_req = kmemdup(mad_reg_req, sizeof *reg_req, GFP_KERNEL);
381 		if (!reg_req) {
382 			ret = ERR_PTR(-ENOMEM);
383 			goto error3;
384 		}
385 	}
386 
387 	/* Now, fill in the various structures */
388 	mad_agent_priv->qp_info = &port_priv->qp_info[qpn];
389 	mad_agent_priv->reg_req = reg_req;
390 	mad_agent_priv->agent.rmpp_version = rmpp_version;
391 	mad_agent_priv->agent.device = device;
392 	mad_agent_priv->agent.recv_handler = recv_handler;
393 	mad_agent_priv->agent.send_handler = send_handler;
394 	mad_agent_priv->agent.context = context;
395 	mad_agent_priv->agent.qp = port_priv->qp_info[qpn].qp;
396 	mad_agent_priv->agent.port_num = port_num;
397 	mad_agent_priv->agent.flags = registration_flags;
398 	spin_lock_init(&mad_agent_priv->lock);
399 	INIT_LIST_HEAD(&mad_agent_priv->send_list);
400 	INIT_LIST_HEAD(&mad_agent_priv->wait_list);
401 	INIT_LIST_HEAD(&mad_agent_priv->done_list);
402 	INIT_LIST_HEAD(&mad_agent_priv->rmpp_list);
403 	INIT_DELAYED_WORK(&mad_agent_priv->timed_work, timeout_sends);
404 	INIT_LIST_HEAD(&mad_agent_priv->local_list);
405 	INIT_WORK(&mad_agent_priv->local_work, local_completions);
406 	atomic_set(&mad_agent_priv->refcount, 1);
407 	init_completion(&mad_agent_priv->comp);
408 
409 	ret2 = ib_mad_agent_security_setup(&mad_agent_priv->agent, qp_type);
410 	if (ret2) {
411 		ret = ERR_PTR(ret2);
412 		goto error4;
413 	}
414 
415 	/*
416 	 * The mlx4 driver uses the top byte to distinguish which virtual
417 	 * function generated the MAD, so we must avoid using it.
418 	 */
419 	ret2 = xa_alloc_cyclic(&ib_mad_clients, &mad_agent_priv->agent.hi_tid,
420 			mad_agent_priv, XA_LIMIT(0, (1 << 24) - 1),
421 			&ib_mad_client_next, GFP_KERNEL);
422 	if (ret2 < 0) {
423 		ret = ERR_PTR(ret2);
424 		goto error5;
425 	}
426 
427 	/*
428 	 * Make sure MAD registration (if supplied)
429 	 * is non overlapping with any existing ones
430 	 */
431 	spin_lock_irq(&port_priv->reg_lock);
432 	if (mad_reg_req) {
433 		mgmt_class = convert_mgmt_class(mad_reg_req->mgmt_class);
434 		if (!is_vendor_class(mgmt_class)) {
435 			class = port_priv->version[mad_reg_req->
436 						   mgmt_class_version].class;
437 			if (class) {
438 				method = class->method_table[mgmt_class];
439 				if (method) {
440 					if (method_in_use(&method,
441 							   mad_reg_req))
442 						goto error6;
443 				}
444 			}
445 			ret2 = add_nonoui_reg_req(mad_reg_req, mad_agent_priv,
446 						  mgmt_class);
447 		} else {
448 			/* "New" vendor class range */
449 			vendor = port_priv->version[mad_reg_req->
450 						    mgmt_class_version].vendor;
451 			if (vendor) {
452 				vclass = vendor_class_index(mgmt_class);
453 				vendor_class = vendor->vendor_class[vclass];
454 				if (vendor_class) {
455 					if (is_vendor_method_in_use(
456 							vendor_class,
457 							mad_reg_req))
458 						goto error6;
459 				}
460 			}
461 			ret2 = add_oui_reg_req(mad_reg_req, mad_agent_priv);
462 		}
463 		if (ret2) {
464 			ret = ERR_PTR(ret2);
465 			goto error6;
466 		}
467 	}
468 	spin_unlock_irq(&port_priv->reg_lock);
469 
470 	trace_ib_mad_create_agent(mad_agent_priv);
471 	return &mad_agent_priv->agent;
472 error6:
473 	spin_unlock_irq(&port_priv->reg_lock);
474 	xa_erase(&ib_mad_clients, mad_agent_priv->agent.hi_tid);
475 error5:
476 	ib_mad_agent_security_cleanup(&mad_agent_priv->agent);
477 error4:
478 	kfree(reg_req);
479 error3:
480 	kfree(mad_agent_priv);
481 error1:
482 	return ret;
483 }
484 EXPORT_SYMBOL(ib_register_mad_agent);
485 
is_snooping_sends(int mad_snoop_flags)486 static inline int is_snooping_sends(int mad_snoop_flags)
487 {
488 	return (mad_snoop_flags &
489 		(/*IB_MAD_SNOOP_POSTED_SENDS |
490 		 IB_MAD_SNOOP_RMPP_SENDS |*/
491 		 IB_MAD_SNOOP_SEND_COMPLETIONS /*|
492 		 IB_MAD_SNOOP_RMPP_SEND_COMPLETIONS*/));
493 }
494 
is_snooping_recvs(int mad_snoop_flags)495 static inline int is_snooping_recvs(int mad_snoop_flags)
496 {
497 	return (mad_snoop_flags &
498 		(IB_MAD_SNOOP_RECVS /*|
499 		 IB_MAD_SNOOP_RMPP_RECVS*/));
500 }
501 
register_snoop_agent(struct ib_mad_qp_info * qp_info,struct ib_mad_snoop_private * mad_snoop_priv)502 static int register_snoop_agent(struct ib_mad_qp_info *qp_info,
503 				struct ib_mad_snoop_private *mad_snoop_priv)
504 {
505 	struct ib_mad_snoop_private **new_snoop_table;
506 	unsigned long flags;
507 	int i;
508 
509 	spin_lock_irqsave(&qp_info->snoop_lock, flags);
510 	/* Check for empty slot in array. */
511 	for (i = 0; i < qp_info->snoop_table_size; i++)
512 		if (!qp_info->snoop_table[i])
513 			break;
514 
515 	if (i == qp_info->snoop_table_size) {
516 		/* Grow table. */
517 		new_snoop_table = krealloc(qp_info->snoop_table,
518 					   sizeof mad_snoop_priv *
519 					   (qp_info->snoop_table_size + 1),
520 					   GFP_ATOMIC);
521 		if (!new_snoop_table) {
522 			i = -ENOMEM;
523 			goto out;
524 		}
525 
526 		qp_info->snoop_table = new_snoop_table;
527 		qp_info->snoop_table_size++;
528 	}
529 	qp_info->snoop_table[i] = mad_snoop_priv;
530 	atomic_inc(&qp_info->snoop_count);
531 out:
532 	spin_unlock_irqrestore(&qp_info->snoop_lock, flags);
533 	return i;
534 }
535 
ib_register_mad_snoop(struct ib_device * device,u8 port_num,enum ib_qp_type qp_type,int mad_snoop_flags,ib_mad_snoop_handler snoop_handler,ib_mad_recv_handler recv_handler,void * context)536 struct ib_mad_agent *ib_register_mad_snoop(struct ib_device *device,
537 					   u8 port_num,
538 					   enum ib_qp_type qp_type,
539 					   int mad_snoop_flags,
540 					   ib_mad_snoop_handler snoop_handler,
541 					   ib_mad_recv_handler recv_handler,
542 					   void *context)
543 {
544 	struct ib_mad_port_private *port_priv;
545 	struct ib_mad_agent *ret;
546 	struct ib_mad_snoop_private *mad_snoop_priv;
547 	int qpn;
548 	int err;
549 
550 	/* Validate parameters */
551 	if ((is_snooping_sends(mad_snoop_flags) && !snoop_handler) ||
552 	    (is_snooping_recvs(mad_snoop_flags) && !recv_handler)) {
553 		ret = ERR_PTR(-EINVAL);
554 		goto error1;
555 	}
556 	qpn = get_spl_qp_index(qp_type);
557 	if (qpn == -1) {
558 		ret = ERR_PTR(-EINVAL);
559 		goto error1;
560 	}
561 	port_priv = ib_get_mad_port(device, port_num);
562 	if (!port_priv) {
563 		ret = ERR_PTR(-ENODEV);
564 		goto error1;
565 	}
566 	/* Allocate structures */
567 	mad_snoop_priv = kzalloc(sizeof *mad_snoop_priv, GFP_KERNEL);
568 	if (!mad_snoop_priv) {
569 		ret = ERR_PTR(-ENOMEM);
570 		goto error1;
571 	}
572 
573 	/* Now, fill in the various structures */
574 	mad_snoop_priv->qp_info = &port_priv->qp_info[qpn];
575 	mad_snoop_priv->agent.device = device;
576 	mad_snoop_priv->agent.recv_handler = recv_handler;
577 	mad_snoop_priv->agent.snoop_handler = snoop_handler;
578 	mad_snoop_priv->agent.context = context;
579 	mad_snoop_priv->agent.qp = port_priv->qp_info[qpn].qp;
580 	mad_snoop_priv->agent.port_num = port_num;
581 	mad_snoop_priv->mad_snoop_flags = mad_snoop_flags;
582 	init_completion(&mad_snoop_priv->comp);
583 
584 	err = ib_mad_agent_security_setup(&mad_snoop_priv->agent, qp_type);
585 	if (err) {
586 		ret = ERR_PTR(err);
587 		goto error2;
588 	}
589 
590 	mad_snoop_priv->snoop_index = register_snoop_agent(
591 						&port_priv->qp_info[qpn],
592 						mad_snoop_priv);
593 	if (mad_snoop_priv->snoop_index < 0) {
594 		ret = ERR_PTR(mad_snoop_priv->snoop_index);
595 		goto error3;
596 	}
597 
598 	atomic_set(&mad_snoop_priv->refcount, 1);
599 	return &mad_snoop_priv->agent;
600 error3:
601 	ib_mad_agent_security_cleanup(&mad_snoop_priv->agent);
602 error2:
603 	kfree(mad_snoop_priv);
604 error1:
605 	return ret;
606 }
607 EXPORT_SYMBOL(ib_register_mad_snoop);
608 
deref_mad_agent(struct ib_mad_agent_private * mad_agent_priv)609 static inline void deref_mad_agent(struct ib_mad_agent_private *mad_agent_priv)
610 {
611 	if (atomic_dec_and_test(&mad_agent_priv->refcount))
612 		complete(&mad_agent_priv->comp);
613 }
614 
deref_snoop_agent(struct ib_mad_snoop_private * mad_snoop_priv)615 static inline void deref_snoop_agent(struct ib_mad_snoop_private *mad_snoop_priv)
616 {
617 	if (atomic_dec_and_test(&mad_snoop_priv->refcount))
618 		complete(&mad_snoop_priv->comp);
619 }
620 
unregister_mad_agent(struct ib_mad_agent_private * mad_agent_priv)621 static void unregister_mad_agent(struct ib_mad_agent_private *mad_agent_priv)
622 {
623 	struct ib_mad_port_private *port_priv;
624 
625 	/* Note that we could still be handling received MADs */
626 	trace_ib_mad_unregister_agent(mad_agent_priv);
627 
628 	/*
629 	 * Canceling all sends results in dropping received response
630 	 * MADs, preventing us from queuing additional work
631 	 */
632 	cancel_mads(mad_agent_priv);
633 	port_priv = mad_agent_priv->qp_info->port_priv;
634 	cancel_delayed_work(&mad_agent_priv->timed_work);
635 
636 	spin_lock_irq(&port_priv->reg_lock);
637 	remove_mad_reg_req(mad_agent_priv);
638 	spin_unlock_irq(&port_priv->reg_lock);
639 	xa_erase(&ib_mad_clients, mad_agent_priv->agent.hi_tid);
640 
641 	flush_workqueue(port_priv->wq);
642 	ib_cancel_rmpp_recvs(mad_agent_priv);
643 
644 	deref_mad_agent(mad_agent_priv);
645 	wait_for_completion(&mad_agent_priv->comp);
646 
647 	ib_mad_agent_security_cleanup(&mad_agent_priv->agent);
648 
649 	kfree(mad_agent_priv->reg_req);
650 	kfree_rcu(mad_agent_priv, rcu);
651 }
652 
unregister_mad_snoop(struct ib_mad_snoop_private * mad_snoop_priv)653 static void unregister_mad_snoop(struct ib_mad_snoop_private *mad_snoop_priv)
654 {
655 	struct ib_mad_qp_info *qp_info;
656 	unsigned long flags;
657 
658 	qp_info = mad_snoop_priv->qp_info;
659 	spin_lock_irqsave(&qp_info->snoop_lock, flags);
660 	qp_info->snoop_table[mad_snoop_priv->snoop_index] = NULL;
661 	atomic_dec(&qp_info->snoop_count);
662 	spin_unlock_irqrestore(&qp_info->snoop_lock, flags);
663 
664 	deref_snoop_agent(mad_snoop_priv);
665 	wait_for_completion(&mad_snoop_priv->comp);
666 
667 	ib_mad_agent_security_cleanup(&mad_snoop_priv->agent);
668 
669 	kfree(mad_snoop_priv);
670 }
671 
672 /*
673  * ib_unregister_mad_agent - Unregisters a client from using MAD services
674  *
675  * Context: Process context.
676  */
ib_unregister_mad_agent(struct ib_mad_agent * mad_agent)677 void ib_unregister_mad_agent(struct ib_mad_agent *mad_agent)
678 {
679 	struct ib_mad_agent_private *mad_agent_priv;
680 	struct ib_mad_snoop_private *mad_snoop_priv;
681 
682 	/* If the TID is zero, the agent can only snoop. */
683 	if (mad_agent->hi_tid) {
684 		mad_agent_priv = container_of(mad_agent,
685 					      struct ib_mad_agent_private,
686 					      agent);
687 		unregister_mad_agent(mad_agent_priv);
688 	} else {
689 		mad_snoop_priv = container_of(mad_agent,
690 					      struct ib_mad_snoop_private,
691 					      agent);
692 		unregister_mad_snoop(mad_snoop_priv);
693 	}
694 }
695 EXPORT_SYMBOL(ib_unregister_mad_agent);
696 
dequeue_mad(struct ib_mad_list_head * mad_list)697 static void dequeue_mad(struct ib_mad_list_head *mad_list)
698 {
699 	struct ib_mad_queue *mad_queue;
700 	unsigned long flags;
701 
702 	mad_queue = mad_list->mad_queue;
703 	spin_lock_irqsave(&mad_queue->lock, flags);
704 	list_del(&mad_list->list);
705 	mad_queue->count--;
706 	spin_unlock_irqrestore(&mad_queue->lock, flags);
707 }
708 
snoop_send(struct ib_mad_qp_info * qp_info,struct ib_mad_send_buf * send_buf,struct ib_mad_send_wc * mad_send_wc,int mad_snoop_flags)709 static void snoop_send(struct ib_mad_qp_info *qp_info,
710 		       struct ib_mad_send_buf *send_buf,
711 		       struct ib_mad_send_wc *mad_send_wc,
712 		       int mad_snoop_flags)
713 {
714 	struct ib_mad_snoop_private *mad_snoop_priv;
715 	unsigned long flags;
716 	int i;
717 
718 	spin_lock_irqsave(&qp_info->snoop_lock, flags);
719 	for (i = 0; i < qp_info->snoop_table_size; i++) {
720 		mad_snoop_priv = qp_info->snoop_table[i];
721 		if (!mad_snoop_priv ||
722 		    !(mad_snoop_priv->mad_snoop_flags & mad_snoop_flags))
723 			continue;
724 
725 		atomic_inc(&mad_snoop_priv->refcount);
726 		spin_unlock_irqrestore(&qp_info->snoop_lock, flags);
727 		mad_snoop_priv->agent.snoop_handler(&mad_snoop_priv->agent,
728 						    send_buf, mad_send_wc);
729 		deref_snoop_agent(mad_snoop_priv);
730 		spin_lock_irqsave(&qp_info->snoop_lock, flags);
731 	}
732 	spin_unlock_irqrestore(&qp_info->snoop_lock, flags);
733 }
734 
snoop_recv(struct ib_mad_qp_info * qp_info,struct ib_mad_recv_wc * mad_recv_wc,int mad_snoop_flags)735 static void snoop_recv(struct ib_mad_qp_info *qp_info,
736 		       struct ib_mad_recv_wc *mad_recv_wc,
737 		       int mad_snoop_flags)
738 {
739 	struct ib_mad_snoop_private *mad_snoop_priv;
740 	unsigned long flags;
741 	int i;
742 
743 	spin_lock_irqsave(&qp_info->snoop_lock, flags);
744 	for (i = 0; i < qp_info->snoop_table_size; i++) {
745 		mad_snoop_priv = qp_info->snoop_table[i];
746 		if (!mad_snoop_priv ||
747 		    !(mad_snoop_priv->mad_snoop_flags & mad_snoop_flags))
748 			continue;
749 
750 		atomic_inc(&mad_snoop_priv->refcount);
751 		spin_unlock_irqrestore(&qp_info->snoop_lock, flags);
752 		mad_snoop_priv->agent.recv_handler(&mad_snoop_priv->agent, NULL,
753 						   mad_recv_wc);
754 		deref_snoop_agent(mad_snoop_priv);
755 		spin_lock_irqsave(&qp_info->snoop_lock, flags);
756 	}
757 	spin_unlock_irqrestore(&qp_info->snoop_lock, flags);
758 }
759 
build_smp_wc(struct ib_qp * qp,struct ib_cqe * cqe,u16 slid,u16 pkey_index,u8 port_num,struct ib_wc * wc)760 static void build_smp_wc(struct ib_qp *qp, struct ib_cqe *cqe, u16 slid,
761 		u16 pkey_index, u8 port_num, struct ib_wc *wc)
762 {
763 	memset(wc, 0, sizeof *wc);
764 	wc->wr_cqe = cqe;
765 	wc->status = IB_WC_SUCCESS;
766 	wc->opcode = IB_WC_RECV;
767 	wc->pkey_index = pkey_index;
768 	wc->byte_len = sizeof(struct ib_mad) + sizeof(struct ib_grh);
769 	wc->src_qp = IB_QP0;
770 	wc->qp = qp;
771 	wc->slid = slid;
772 	wc->sl = 0;
773 	wc->dlid_path_bits = 0;
774 	wc->port_num = port_num;
775 }
776 
mad_priv_size(const struct ib_mad_private * mp)777 static size_t mad_priv_size(const struct ib_mad_private *mp)
778 {
779 	return sizeof(struct ib_mad_private) + mp->mad_size;
780 }
781 
alloc_mad_private(size_t mad_size,gfp_t flags)782 static struct ib_mad_private *alloc_mad_private(size_t mad_size, gfp_t flags)
783 {
784 	size_t size = sizeof(struct ib_mad_private) + mad_size;
785 	struct ib_mad_private *ret = kzalloc(size, flags);
786 
787 	if (ret)
788 		ret->mad_size = mad_size;
789 
790 	return ret;
791 }
792 
port_mad_size(const struct ib_mad_port_private * port_priv)793 static size_t port_mad_size(const struct ib_mad_port_private *port_priv)
794 {
795 	return rdma_max_mad_size(port_priv->device, port_priv->port_num);
796 }
797 
mad_priv_dma_size(const struct ib_mad_private * mp)798 static size_t mad_priv_dma_size(const struct ib_mad_private *mp)
799 {
800 	return sizeof(struct ib_grh) + mp->mad_size;
801 }
802 
803 /*
804  * Return 0 if SMP is to be sent
805  * Return 1 if SMP was consumed locally (whether or not solicited)
806  * Return < 0 if error
807  */
handle_outgoing_dr_smp(struct ib_mad_agent_private * mad_agent_priv,struct ib_mad_send_wr_private * mad_send_wr)808 static int handle_outgoing_dr_smp(struct ib_mad_agent_private *mad_agent_priv,
809 				  struct ib_mad_send_wr_private *mad_send_wr)
810 {
811 	int ret = 0;
812 	struct ib_smp *smp = mad_send_wr->send_buf.mad;
813 	struct opa_smp *opa_smp = (struct opa_smp *)smp;
814 	unsigned long flags;
815 	struct ib_mad_local_private *local;
816 	struct ib_mad_private *mad_priv;
817 	struct ib_mad_port_private *port_priv;
818 	struct ib_mad_agent_private *recv_mad_agent = NULL;
819 	struct ib_device *device = mad_agent_priv->agent.device;
820 	u8 port_num;
821 	struct ib_wc mad_wc;
822 	struct ib_ud_wr *send_wr = &mad_send_wr->send_wr;
823 	size_t mad_size = port_mad_size(mad_agent_priv->qp_info->port_priv);
824 	u16 out_mad_pkey_index = 0;
825 	u16 drslid;
826 	bool opa = rdma_cap_opa_mad(mad_agent_priv->qp_info->port_priv->device,
827 				    mad_agent_priv->qp_info->port_priv->port_num);
828 
829 	if (rdma_cap_ib_switch(device) &&
830 	    smp->mgmt_class == IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE)
831 		port_num = send_wr->port_num;
832 	else
833 		port_num = mad_agent_priv->agent.port_num;
834 
835 	/*
836 	 * Directed route handling starts if the initial LID routed part of
837 	 * a request or the ending LID routed part of a response is empty.
838 	 * If we are at the start of the LID routed part, don't update the
839 	 * hop_ptr or hop_cnt.  See section 14.2.2, Vol 1 IB spec.
840 	 */
841 	if (opa && smp->class_version == OPA_SM_CLASS_VERSION) {
842 		u32 opa_drslid;
843 
844 		trace_ib_mad_handle_out_opa_smi(opa_smp);
845 
846 		if ((opa_get_smp_direction(opa_smp)
847 		     ? opa_smp->route.dr.dr_dlid : opa_smp->route.dr.dr_slid) ==
848 		     OPA_LID_PERMISSIVE &&
849 		     opa_smi_handle_dr_smp_send(opa_smp,
850 						rdma_cap_ib_switch(device),
851 						port_num) == IB_SMI_DISCARD) {
852 			ret = -EINVAL;
853 			dev_err(&device->dev, "OPA Invalid directed route\n");
854 			goto out;
855 		}
856 		opa_drslid = be32_to_cpu(opa_smp->route.dr.dr_slid);
857 		if (opa_drslid != be32_to_cpu(OPA_LID_PERMISSIVE) &&
858 		    opa_drslid & 0xffff0000) {
859 			ret = -EINVAL;
860 			dev_err(&device->dev, "OPA Invalid dr_slid 0x%x\n",
861 			       opa_drslid);
862 			goto out;
863 		}
864 		drslid = (u16)(opa_drslid & 0x0000ffff);
865 
866 		/* Check to post send on QP or process locally */
867 		if (opa_smi_check_local_smp(opa_smp, device) == IB_SMI_DISCARD &&
868 		    opa_smi_check_local_returning_smp(opa_smp, device) == IB_SMI_DISCARD)
869 			goto out;
870 	} else {
871 		trace_ib_mad_handle_out_ib_smi(smp);
872 
873 		if ((ib_get_smp_direction(smp) ? smp->dr_dlid : smp->dr_slid) ==
874 		     IB_LID_PERMISSIVE &&
875 		     smi_handle_dr_smp_send(smp, rdma_cap_ib_switch(device), port_num) ==
876 		     IB_SMI_DISCARD) {
877 			ret = -EINVAL;
878 			dev_err(&device->dev, "Invalid directed route\n");
879 			goto out;
880 		}
881 		drslid = be16_to_cpu(smp->dr_slid);
882 
883 		/* Check to post send on QP or process locally */
884 		if (smi_check_local_smp(smp, device) == IB_SMI_DISCARD &&
885 		    smi_check_local_returning_smp(smp, device) == IB_SMI_DISCARD)
886 			goto out;
887 	}
888 
889 	local = kmalloc(sizeof *local, GFP_ATOMIC);
890 	if (!local) {
891 		ret = -ENOMEM;
892 		goto out;
893 	}
894 	local->mad_priv = NULL;
895 	local->recv_mad_agent = NULL;
896 	mad_priv = alloc_mad_private(mad_size, GFP_ATOMIC);
897 	if (!mad_priv) {
898 		ret = -ENOMEM;
899 		kfree(local);
900 		goto out;
901 	}
902 
903 	build_smp_wc(mad_agent_priv->agent.qp,
904 		     send_wr->wr.wr_cqe, drslid,
905 		     send_wr->pkey_index,
906 		     send_wr->port_num, &mad_wc);
907 
908 	if (opa && smp->base_version == OPA_MGMT_BASE_VERSION) {
909 		mad_wc.byte_len = mad_send_wr->send_buf.hdr_len
910 					+ mad_send_wr->send_buf.data_len
911 					+ sizeof(struct ib_grh);
912 	}
913 
914 	/* No GRH for DR SMP */
915 	ret = device->ops.process_mad(device, 0, port_num, &mad_wc, NULL,
916 				      (const struct ib_mad_hdr *)smp, mad_size,
917 				      (struct ib_mad_hdr *)mad_priv->mad,
918 				      &mad_size, &out_mad_pkey_index);
919 	switch (ret)
920 	{
921 	case IB_MAD_RESULT_SUCCESS | IB_MAD_RESULT_REPLY:
922 		if (ib_response_mad((const struct ib_mad_hdr *)mad_priv->mad) &&
923 		    mad_agent_priv->agent.recv_handler) {
924 			local->mad_priv = mad_priv;
925 			local->recv_mad_agent = mad_agent_priv;
926 			/*
927 			 * Reference MAD agent until receive
928 			 * side of local completion handled
929 			 */
930 			atomic_inc(&mad_agent_priv->refcount);
931 		} else
932 			kfree(mad_priv);
933 		break;
934 	case IB_MAD_RESULT_SUCCESS | IB_MAD_RESULT_CONSUMED:
935 		kfree(mad_priv);
936 		break;
937 	case IB_MAD_RESULT_SUCCESS:
938 		/* Treat like an incoming receive MAD */
939 		port_priv = ib_get_mad_port(mad_agent_priv->agent.device,
940 					    mad_agent_priv->agent.port_num);
941 		if (port_priv) {
942 			memcpy(mad_priv->mad, smp, mad_priv->mad_size);
943 			recv_mad_agent = find_mad_agent(port_priv,
944 						        (const struct ib_mad_hdr *)mad_priv->mad);
945 		}
946 		if (!port_priv || !recv_mad_agent) {
947 			/*
948 			 * No receiving agent so drop packet and
949 			 * generate send completion.
950 			 */
951 			kfree(mad_priv);
952 			break;
953 		}
954 		local->mad_priv = mad_priv;
955 		local->recv_mad_agent = recv_mad_agent;
956 		break;
957 	default:
958 		kfree(mad_priv);
959 		kfree(local);
960 		ret = -EINVAL;
961 		goto out;
962 	}
963 
964 	local->mad_send_wr = mad_send_wr;
965 	if (opa) {
966 		local->mad_send_wr->send_wr.pkey_index = out_mad_pkey_index;
967 		local->return_wc_byte_len = mad_size;
968 	}
969 	/* Reference MAD agent until send side of local completion handled */
970 	atomic_inc(&mad_agent_priv->refcount);
971 	/* Queue local completion to local list */
972 	spin_lock_irqsave(&mad_agent_priv->lock, flags);
973 	list_add_tail(&local->completion_list, &mad_agent_priv->local_list);
974 	spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
975 	queue_work(mad_agent_priv->qp_info->port_priv->wq,
976 		   &mad_agent_priv->local_work);
977 	ret = 1;
978 out:
979 	return ret;
980 }
981 
get_pad_size(int hdr_len,int data_len,size_t mad_size)982 static int get_pad_size(int hdr_len, int data_len, size_t mad_size)
983 {
984 	int seg_size, pad;
985 
986 	seg_size = mad_size - hdr_len;
987 	if (data_len && seg_size) {
988 		pad = seg_size - data_len % seg_size;
989 		return pad == seg_size ? 0 : pad;
990 	} else
991 		return seg_size;
992 }
993 
free_send_rmpp_list(struct ib_mad_send_wr_private * mad_send_wr)994 static void free_send_rmpp_list(struct ib_mad_send_wr_private *mad_send_wr)
995 {
996 	struct ib_rmpp_segment *s, *t;
997 
998 	list_for_each_entry_safe(s, t, &mad_send_wr->rmpp_list, list) {
999 		list_del(&s->list);
1000 		kfree(s);
1001 	}
1002 }
1003 
alloc_send_rmpp_list(struct ib_mad_send_wr_private * send_wr,size_t mad_size,gfp_t gfp_mask)1004 static int alloc_send_rmpp_list(struct ib_mad_send_wr_private *send_wr,
1005 				size_t mad_size, gfp_t gfp_mask)
1006 {
1007 	struct ib_mad_send_buf *send_buf = &send_wr->send_buf;
1008 	struct ib_rmpp_mad *rmpp_mad = send_buf->mad;
1009 	struct ib_rmpp_segment *seg = NULL;
1010 	int left, seg_size, pad;
1011 
1012 	send_buf->seg_size = mad_size - send_buf->hdr_len;
1013 	send_buf->seg_rmpp_size = mad_size - IB_MGMT_RMPP_HDR;
1014 	seg_size = send_buf->seg_size;
1015 	pad = send_wr->pad;
1016 
1017 	/* Allocate data segments. */
1018 	for (left = send_buf->data_len + pad; left > 0; left -= seg_size) {
1019 		seg = kmalloc(sizeof (*seg) + seg_size, gfp_mask);
1020 		if (!seg) {
1021 			free_send_rmpp_list(send_wr);
1022 			return -ENOMEM;
1023 		}
1024 		seg->num = ++send_buf->seg_count;
1025 		list_add_tail(&seg->list, &send_wr->rmpp_list);
1026 	}
1027 
1028 	/* Zero any padding */
1029 	if (pad)
1030 		memset(seg->data + seg_size - pad, 0, pad);
1031 
1032 	rmpp_mad->rmpp_hdr.rmpp_version = send_wr->mad_agent_priv->
1033 					  agent.rmpp_version;
1034 	rmpp_mad->rmpp_hdr.rmpp_type = IB_MGMT_RMPP_TYPE_DATA;
1035 	ib_set_rmpp_flags(&rmpp_mad->rmpp_hdr, IB_MGMT_RMPP_FLAG_ACTIVE);
1036 
1037 	send_wr->cur_seg = container_of(send_wr->rmpp_list.next,
1038 					struct ib_rmpp_segment, list);
1039 	send_wr->last_ack_seg = send_wr->cur_seg;
1040 	return 0;
1041 }
1042 
ib_mad_kernel_rmpp_agent(const struct ib_mad_agent * agent)1043 int ib_mad_kernel_rmpp_agent(const struct ib_mad_agent *agent)
1044 {
1045 	return agent->rmpp_version && !(agent->flags & IB_MAD_USER_RMPP);
1046 }
1047 EXPORT_SYMBOL(ib_mad_kernel_rmpp_agent);
1048 
ib_create_send_mad(struct ib_mad_agent * mad_agent,u32 remote_qpn,u16 pkey_index,int rmpp_active,int hdr_len,int data_len,gfp_t gfp_mask,u8 base_version)1049 struct ib_mad_send_buf * ib_create_send_mad(struct ib_mad_agent *mad_agent,
1050 					    u32 remote_qpn, u16 pkey_index,
1051 					    int rmpp_active,
1052 					    int hdr_len, int data_len,
1053 					    gfp_t gfp_mask,
1054 					    u8 base_version)
1055 {
1056 	struct ib_mad_agent_private *mad_agent_priv;
1057 	struct ib_mad_send_wr_private *mad_send_wr;
1058 	int pad, message_size, ret, size;
1059 	void *buf;
1060 	size_t mad_size;
1061 	bool opa;
1062 
1063 	mad_agent_priv = container_of(mad_agent, struct ib_mad_agent_private,
1064 				      agent);
1065 
1066 	opa = rdma_cap_opa_mad(mad_agent->device, mad_agent->port_num);
1067 
1068 	if (opa && base_version == OPA_MGMT_BASE_VERSION)
1069 		mad_size = sizeof(struct opa_mad);
1070 	else
1071 		mad_size = sizeof(struct ib_mad);
1072 
1073 	pad = get_pad_size(hdr_len, data_len, mad_size);
1074 	message_size = hdr_len + data_len + pad;
1075 
1076 	if (ib_mad_kernel_rmpp_agent(mad_agent)) {
1077 		if (!rmpp_active && message_size > mad_size)
1078 			return ERR_PTR(-EINVAL);
1079 	} else
1080 		if (rmpp_active || message_size > mad_size)
1081 			return ERR_PTR(-EINVAL);
1082 
1083 	size = rmpp_active ? hdr_len : mad_size;
1084 	buf = kzalloc(sizeof *mad_send_wr + size, gfp_mask);
1085 	if (!buf)
1086 		return ERR_PTR(-ENOMEM);
1087 
1088 	mad_send_wr = buf + size;
1089 	INIT_LIST_HEAD(&mad_send_wr->rmpp_list);
1090 	mad_send_wr->send_buf.mad = buf;
1091 	mad_send_wr->send_buf.hdr_len = hdr_len;
1092 	mad_send_wr->send_buf.data_len = data_len;
1093 	mad_send_wr->pad = pad;
1094 
1095 	mad_send_wr->mad_agent_priv = mad_agent_priv;
1096 	mad_send_wr->sg_list[0].length = hdr_len;
1097 	mad_send_wr->sg_list[0].lkey = mad_agent->qp->pd->local_dma_lkey;
1098 
1099 	/* OPA MADs don't have to be the full 2048 bytes */
1100 	if (opa && base_version == OPA_MGMT_BASE_VERSION &&
1101 	    data_len < mad_size - hdr_len)
1102 		mad_send_wr->sg_list[1].length = data_len;
1103 	else
1104 		mad_send_wr->sg_list[1].length = mad_size - hdr_len;
1105 
1106 	mad_send_wr->sg_list[1].lkey = mad_agent->qp->pd->local_dma_lkey;
1107 
1108 	mad_send_wr->mad_list.cqe.done = ib_mad_send_done;
1109 
1110 	mad_send_wr->send_wr.wr.wr_cqe = &mad_send_wr->mad_list.cqe;
1111 	mad_send_wr->send_wr.wr.sg_list = mad_send_wr->sg_list;
1112 	mad_send_wr->send_wr.wr.num_sge = 2;
1113 	mad_send_wr->send_wr.wr.opcode = IB_WR_SEND;
1114 	mad_send_wr->send_wr.wr.send_flags = IB_SEND_SIGNALED;
1115 	mad_send_wr->send_wr.remote_qpn = remote_qpn;
1116 	mad_send_wr->send_wr.remote_qkey = IB_QP_SET_QKEY;
1117 	mad_send_wr->send_wr.pkey_index = pkey_index;
1118 
1119 	if (rmpp_active) {
1120 		ret = alloc_send_rmpp_list(mad_send_wr, mad_size, gfp_mask);
1121 		if (ret) {
1122 			kfree(buf);
1123 			return ERR_PTR(ret);
1124 		}
1125 	}
1126 
1127 	mad_send_wr->send_buf.mad_agent = mad_agent;
1128 	atomic_inc(&mad_agent_priv->refcount);
1129 	return &mad_send_wr->send_buf;
1130 }
1131 EXPORT_SYMBOL(ib_create_send_mad);
1132 
ib_get_mad_data_offset(u8 mgmt_class)1133 int ib_get_mad_data_offset(u8 mgmt_class)
1134 {
1135 	if (mgmt_class == IB_MGMT_CLASS_SUBN_ADM)
1136 		return IB_MGMT_SA_HDR;
1137 	else if ((mgmt_class == IB_MGMT_CLASS_DEVICE_MGMT) ||
1138 		 (mgmt_class == IB_MGMT_CLASS_DEVICE_ADM) ||
1139 		 (mgmt_class == IB_MGMT_CLASS_BIS))
1140 		return IB_MGMT_DEVICE_HDR;
1141 	else if ((mgmt_class >= IB_MGMT_CLASS_VENDOR_RANGE2_START) &&
1142 		 (mgmt_class <= IB_MGMT_CLASS_VENDOR_RANGE2_END))
1143 		return IB_MGMT_VENDOR_HDR;
1144 	else
1145 		return IB_MGMT_MAD_HDR;
1146 }
1147 EXPORT_SYMBOL(ib_get_mad_data_offset);
1148 
ib_is_mad_class_rmpp(u8 mgmt_class)1149 int ib_is_mad_class_rmpp(u8 mgmt_class)
1150 {
1151 	if ((mgmt_class == IB_MGMT_CLASS_SUBN_ADM) ||
1152 	    (mgmt_class == IB_MGMT_CLASS_DEVICE_MGMT) ||
1153 	    (mgmt_class == IB_MGMT_CLASS_DEVICE_ADM) ||
1154 	    (mgmt_class == IB_MGMT_CLASS_BIS) ||
1155 	    ((mgmt_class >= IB_MGMT_CLASS_VENDOR_RANGE2_START) &&
1156 	     (mgmt_class <= IB_MGMT_CLASS_VENDOR_RANGE2_END)))
1157 		return 1;
1158 	return 0;
1159 }
1160 EXPORT_SYMBOL(ib_is_mad_class_rmpp);
1161 
ib_get_rmpp_segment(struct ib_mad_send_buf * send_buf,int seg_num)1162 void *ib_get_rmpp_segment(struct ib_mad_send_buf *send_buf, int seg_num)
1163 {
1164 	struct ib_mad_send_wr_private *mad_send_wr;
1165 	struct list_head *list;
1166 
1167 	mad_send_wr = container_of(send_buf, struct ib_mad_send_wr_private,
1168 				   send_buf);
1169 	list = &mad_send_wr->cur_seg->list;
1170 
1171 	if (mad_send_wr->cur_seg->num < seg_num) {
1172 		list_for_each_entry(mad_send_wr->cur_seg, list, list)
1173 			if (mad_send_wr->cur_seg->num == seg_num)
1174 				break;
1175 	} else if (mad_send_wr->cur_seg->num > seg_num) {
1176 		list_for_each_entry_reverse(mad_send_wr->cur_seg, list, list)
1177 			if (mad_send_wr->cur_seg->num == seg_num)
1178 				break;
1179 	}
1180 	return mad_send_wr->cur_seg->data;
1181 }
1182 EXPORT_SYMBOL(ib_get_rmpp_segment);
1183 
ib_get_payload(struct ib_mad_send_wr_private * mad_send_wr)1184 static inline void *ib_get_payload(struct ib_mad_send_wr_private *mad_send_wr)
1185 {
1186 	if (mad_send_wr->send_buf.seg_count)
1187 		return ib_get_rmpp_segment(&mad_send_wr->send_buf,
1188 					   mad_send_wr->seg_num);
1189 	else
1190 		return mad_send_wr->send_buf.mad +
1191 		       mad_send_wr->send_buf.hdr_len;
1192 }
1193 
ib_free_send_mad(struct ib_mad_send_buf * send_buf)1194 void ib_free_send_mad(struct ib_mad_send_buf *send_buf)
1195 {
1196 	struct ib_mad_agent_private *mad_agent_priv;
1197 	struct ib_mad_send_wr_private *mad_send_wr;
1198 
1199 	mad_agent_priv = container_of(send_buf->mad_agent,
1200 				      struct ib_mad_agent_private, agent);
1201 	mad_send_wr = container_of(send_buf, struct ib_mad_send_wr_private,
1202 				   send_buf);
1203 
1204 	free_send_rmpp_list(mad_send_wr);
1205 	kfree(send_buf->mad);
1206 	deref_mad_agent(mad_agent_priv);
1207 }
1208 EXPORT_SYMBOL(ib_free_send_mad);
1209 
ib_send_mad(struct ib_mad_send_wr_private * mad_send_wr)1210 int ib_send_mad(struct ib_mad_send_wr_private *mad_send_wr)
1211 {
1212 	struct ib_mad_qp_info *qp_info;
1213 	struct list_head *list;
1214 	struct ib_mad_agent *mad_agent;
1215 	struct ib_sge *sge;
1216 	unsigned long flags;
1217 	int ret;
1218 
1219 	/* Set WR ID to find mad_send_wr upon completion */
1220 	qp_info = mad_send_wr->mad_agent_priv->qp_info;
1221 	mad_send_wr->mad_list.mad_queue = &qp_info->send_queue;
1222 	mad_send_wr->mad_list.cqe.done = ib_mad_send_done;
1223 	mad_send_wr->send_wr.wr.wr_cqe = &mad_send_wr->mad_list.cqe;
1224 
1225 	mad_agent = mad_send_wr->send_buf.mad_agent;
1226 	sge = mad_send_wr->sg_list;
1227 	sge[0].addr = ib_dma_map_single(mad_agent->device,
1228 					mad_send_wr->send_buf.mad,
1229 					sge[0].length,
1230 					DMA_TO_DEVICE);
1231 	if (unlikely(ib_dma_mapping_error(mad_agent->device, sge[0].addr)))
1232 		return -ENOMEM;
1233 
1234 	mad_send_wr->header_mapping = sge[0].addr;
1235 
1236 	sge[1].addr = ib_dma_map_single(mad_agent->device,
1237 					ib_get_payload(mad_send_wr),
1238 					sge[1].length,
1239 					DMA_TO_DEVICE);
1240 	if (unlikely(ib_dma_mapping_error(mad_agent->device, sge[1].addr))) {
1241 		ib_dma_unmap_single(mad_agent->device,
1242 				    mad_send_wr->header_mapping,
1243 				    sge[0].length, DMA_TO_DEVICE);
1244 		return -ENOMEM;
1245 	}
1246 	mad_send_wr->payload_mapping = sge[1].addr;
1247 
1248 	spin_lock_irqsave(&qp_info->send_queue.lock, flags);
1249 	if (qp_info->send_queue.count < qp_info->send_queue.max_active) {
1250 		trace_ib_mad_ib_send_mad(mad_send_wr, qp_info);
1251 		ret = ib_post_send(mad_agent->qp, &mad_send_wr->send_wr.wr,
1252 				   NULL);
1253 		list = &qp_info->send_queue.list;
1254 	} else {
1255 		ret = 0;
1256 		list = &qp_info->overflow_list;
1257 	}
1258 
1259 	if (!ret) {
1260 		qp_info->send_queue.count++;
1261 		list_add_tail(&mad_send_wr->mad_list.list, list);
1262 	}
1263 	spin_unlock_irqrestore(&qp_info->send_queue.lock, flags);
1264 	if (ret) {
1265 		ib_dma_unmap_single(mad_agent->device,
1266 				    mad_send_wr->header_mapping,
1267 				    sge[0].length, DMA_TO_DEVICE);
1268 		ib_dma_unmap_single(mad_agent->device,
1269 				    mad_send_wr->payload_mapping,
1270 				    sge[1].length, DMA_TO_DEVICE);
1271 	}
1272 	return ret;
1273 }
1274 
1275 /*
1276  * ib_post_send_mad - Posts MAD(s) to the send queue of the QP associated
1277  *  with the registered client
1278  */
ib_post_send_mad(struct ib_mad_send_buf * send_buf,struct ib_mad_send_buf ** bad_send_buf)1279 int ib_post_send_mad(struct ib_mad_send_buf *send_buf,
1280 		     struct ib_mad_send_buf **bad_send_buf)
1281 {
1282 	struct ib_mad_agent_private *mad_agent_priv;
1283 	struct ib_mad_send_buf *next_send_buf;
1284 	struct ib_mad_send_wr_private *mad_send_wr;
1285 	unsigned long flags;
1286 	int ret = -EINVAL;
1287 
1288 	/* Walk list of send WRs and post each on send list */
1289 	for (; send_buf; send_buf = next_send_buf) {
1290 		mad_send_wr = container_of(send_buf,
1291 					   struct ib_mad_send_wr_private,
1292 					   send_buf);
1293 		mad_agent_priv = mad_send_wr->mad_agent_priv;
1294 
1295 		ret = ib_mad_enforce_security(mad_agent_priv,
1296 					      mad_send_wr->send_wr.pkey_index);
1297 		if (ret)
1298 			goto error;
1299 
1300 		if (!send_buf->mad_agent->send_handler ||
1301 		    (send_buf->timeout_ms &&
1302 		     !send_buf->mad_agent->recv_handler)) {
1303 			ret = -EINVAL;
1304 			goto error;
1305 		}
1306 
1307 		if (!ib_is_mad_class_rmpp(((struct ib_mad_hdr *) send_buf->mad)->mgmt_class)) {
1308 			if (mad_agent_priv->agent.rmpp_version) {
1309 				ret = -EINVAL;
1310 				goto error;
1311 			}
1312 		}
1313 
1314 		/*
1315 		 * Save pointer to next work request to post in case the
1316 		 * current one completes, and the user modifies the work
1317 		 * request associated with the completion
1318 		 */
1319 		next_send_buf = send_buf->next;
1320 		mad_send_wr->send_wr.ah = send_buf->ah;
1321 
1322 		if (((struct ib_mad_hdr *) send_buf->mad)->mgmt_class ==
1323 		    IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE) {
1324 			ret = handle_outgoing_dr_smp(mad_agent_priv,
1325 						     mad_send_wr);
1326 			if (ret < 0)		/* error */
1327 				goto error;
1328 			else if (ret == 1)	/* locally consumed */
1329 				continue;
1330 		}
1331 
1332 		mad_send_wr->tid = ((struct ib_mad_hdr *) send_buf->mad)->tid;
1333 		/* Timeout will be updated after send completes */
1334 		mad_send_wr->timeout = msecs_to_jiffies(send_buf->timeout_ms);
1335 		mad_send_wr->max_retries = send_buf->retries;
1336 		mad_send_wr->retries_left = send_buf->retries;
1337 		send_buf->retries = 0;
1338 		/* Reference for work request to QP + response */
1339 		mad_send_wr->refcount = 1 + (mad_send_wr->timeout > 0);
1340 		mad_send_wr->status = IB_WC_SUCCESS;
1341 
1342 		/* Reference MAD agent until send completes */
1343 		atomic_inc(&mad_agent_priv->refcount);
1344 		spin_lock_irqsave(&mad_agent_priv->lock, flags);
1345 		list_add_tail(&mad_send_wr->agent_list,
1346 			      &mad_agent_priv->send_list);
1347 		spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
1348 
1349 		if (ib_mad_kernel_rmpp_agent(&mad_agent_priv->agent)) {
1350 			ret = ib_send_rmpp_mad(mad_send_wr);
1351 			if (ret >= 0 && ret != IB_RMPP_RESULT_CONSUMED)
1352 				ret = ib_send_mad(mad_send_wr);
1353 		} else
1354 			ret = ib_send_mad(mad_send_wr);
1355 		if (ret < 0) {
1356 			/* Fail send request */
1357 			spin_lock_irqsave(&mad_agent_priv->lock, flags);
1358 			list_del(&mad_send_wr->agent_list);
1359 			spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
1360 			atomic_dec(&mad_agent_priv->refcount);
1361 			goto error;
1362 		}
1363 	}
1364 	return 0;
1365 error:
1366 	if (bad_send_buf)
1367 		*bad_send_buf = send_buf;
1368 	return ret;
1369 }
1370 EXPORT_SYMBOL(ib_post_send_mad);
1371 
1372 /*
1373  * ib_free_recv_mad - Returns data buffers used to receive
1374  *  a MAD to the access layer
1375  */
ib_free_recv_mad(struct ib_mad_recv_wc * mad_recv_wc)1376 void ib_free_recv_mad(struct ib_mad_recv_wc *mad_recv_wc)
1377 {
1378 	struct ib_mad_recv_buf *mad_recv_buf, *temp_recv_buf;
1379 	struct ib_mad_private_header *mad_priv_hdr;
1380 	struct ib_mad_private *priv;
1381 	struct list_head free_list;
1382 
1383 	INIT_LIST_HEAD(&free_list);
1384 	list_splice_init(&mad_recv_wc->rmpp_list, &free_list);
1385 
1386 	list_for_each_entry_safe(mad_recv_buf, temp_recv_buf,
1387 					&free_list, list) {
1388 		mad_recv_wc = container_of(mad_recv_buf, struct ib_mad_recv_wc,
1389 					   recv_buf);
1390 		mad_priv_hdr = container_of(mad_recv_wc,
1391 					    struct ib_mad_private_header,
1392 					    recv_wc);
1393 		priv = container_of(mad_priv_hdr, struct ib_mad_private,
1394 				    header);
1395 		kfree(priv);
1396 	}
1397 }
1398 EXPORT_SYMBOL(ib_free_recv_mad);
1399 
ib_redirect_mad_qp(struct ib_qp * qp,u8 rmpp_version,ib_mad_send_handler send_handler,ib_mad_recv_handler recv_handler,void * context)1400 struct ib_mad_agent *ib_redirect_mad_qp(struct ib_qp *qp,
1401 					u8 rmpp_version,
1402 					ib_mad_send_handler send_handler,
1403 					ib_mad_recv_handler recv_handler,
1404 					void *context)
1405 {
1406 	return ERR_PTR(-EINVAL);	/* XXX: for now */
1407 }
1408 EXPORT_SYMBOL(ib_redirect_mad_qp);
1409 
ib_process_mad_wc(struct ib_mad_agent * mad_agent,struct ib_wc * wc)1410 int ib_process_mad_wc(struct ib_mad_agent *mad_agent,
1411 		      struct ib_wc *wc)
1412 {
1413 	dev_err(&mad_agent->device->dev,
1414 		"ib_process_mad_wc() not implemented yet\n");
1415 	return 0;
1416 }
1417 EXPORT_SYMBOL(ib_process_mad_wc);
1418 
method_in_use(struct ib_mad_mgmt_method_table ** method,struct ib_mad_reg_req * mad_reg_req)1419 static int method_in_use(struct ib_mad_mgmt_method_table **method,
1420 			 struct ib_mad_reg_req *mad_reg_req)
1421 {
1422 	int i;
1423 
1424 	for_each_set_bit(i, mad_reg_req->method_mask, IB_MGMT_MAX_METHODS) {
1425 		if ((*method)->agent[i]) {
1426 			pr_err("Method %d already in use\n", i);
1427 			return -EINVAL;
1428 		}
1429 	}
1430 	return 0;
1431 }
1432 
allocate_method_table(struct ib_mad_mgmt_method_table ** method)1433 static int allocate_method_table(struct ib_mad_mgmt_method_table **method)
1434 {
1435 	/* Allocate management method table */
1436 	*method = kzalloc(sizeof **method, GFP_ATOMIC);
1437 	return (*method) ? 0 : (-ENOMEM);
1438 }
1439 
1440 /*
1441  * Check to see if there are any methods still in use
1442  */
check_method_table(struct ib_mad_mgmt_method_table * method)1443 static int check_method_table(struct ib_mad_mgmt_method_table *method)
1444 {
1445 	int i;
1446 
1447 	for (i = 0; i < IB_MGMT_MAX_METHODS; i++)
1448 		if (method->agent[i])
1449 			return 1;
1450 	return 0;
1451 }
1452 
1453 /*
1454  * Check to see if there are any method tables for this class still in use
1455  */
check_class_table(struct ib_mad_mgmt_class_table * class)1456 static int check_class_table(struct ib_mad_mgmt_class_table *class)
1457 {
1458 	int i;
1459 
1460 	for (i = 0; i < MAX_MGMT_CLASS; i++)
1461 		if (class->method_table[i])
1462 			return 1;
1463 	return 0;
1464 }
1465 
check_vendor_class(struct ib_mad_mgmt_vendor_class * vendor_class)1466 static int check_vendor_class(struct ib_mad_mgmt_vendor_class *vendor_class)
1467 {
1468 	int i;
1469 
1470 	for (i = 0; i < MAX_MGMT_OUI; i++)
1471 		if (vendor_class->method_table[i])
1472 			return 1;
1473 	return 0;
1474 }
1475 
find_vendor_oui(struct ib_mad_mgmt_vendor_class * vendor_class,const char * oui)1476 static int find_vendor_oui(struct ib_mad_mgmt_vendor_class *vendor_class,
1477 			   const char *oui)
1478 {
1479 	int i;
1480 
1481 	for (i = 0; i < MAX_MGMT_OUI; i++)
1482 		/* Is there matching OUI for this vendor class ? */
1483 		if (!memcmp(vendor_class->oui[i], oui, 3))
1484 			return i;
1485 
1486 	return -1;
1487 }
1488 
check_vendor_table(struct ib_mad_mgmt_vendor_class_table * vendor)1489 static int check_vendor_table(struct ib_mad_mgmt_vendor_class_table *vendor)
1490 {
1491 	int i;
1492 
1493 	for (i = 0; i < MAX_MGMT_VENDOR_RANGE2; i++)
1494 		if (vendor->vendor_class[i])
1495 			return 1;
1496 
1497 	return 0;
1498 }
1499 
remove_methods_mad_agent(struct ib_mad_mgmt_method_table * method,struct ib_mad_agent_private * agent)1500 static void remove_methods_mad_agent(struct ib_mad_mgmt_method_table *method,
1501 				     struct ib_mad_agent_private *agent)
1502 {
1503 	int i;
1504 
1505 	/* Remove any methods for this mad agent */
1506 	for (i = 0; i < IB_MGMT_MAX_METHODS; i++) {
1507 		if (method->agent[i] == agent) {
1508 			method->agent[i] = NULL;
1509 		}
1510 	}
1511 }
1512 
add_nonoui_reg_req(struct ib_mad_reg_req * mad_reg_req,struct ib_mad_agent_private * agent_priv,u8 mgmt_class)1513 static int add_nonoui_reg_req(struct ib_mad_reg_req *mad_reg_req,
1514 			      struct ib_mad_agent_private *agent_priv,
1515 			      u8 mgmt_class)
1516 {
1517 	struct ib_mad_port_private *port_priv;
1518 	struct ib_mad_mgmt_class_table **class;
1519 	struct ib_mad_mgmt_method_table **method;
1520 	int i, ret;
1521 
1522 	port_priv = agent_priv->qp_info->port_priv;
1523 	class = &port_priv->version[mad_reg_req->mgmt_class_version].class;
1524 	if (!*class) {
1525 		/* Allocate management class table for "new" class version */
1526 		*class = kzalloc(sizeof **class, GFP_ATOMIC);
1527 		if (!*class) {
1528 			ret = -ENOMEM;
1529 			goto error1;
1530 		}
1531 
1532 		/* Allocate method table for this management class */
1533 		method = &(*class)->method_table[mgmt_class];
1534 		if ((ret = allocate_method_table(method)))
1535 			goto error2;
1536 	} else {
1537 		method = &(*class)->method_table[mgmt_class];
1538 		if (!*method) {
1539 			/* Allocate method table for this management class */
1540 			if ((ret = allocate_method_table(method)))
1541 				goto error1;
1542 		}
1543 	}
1544 
1545 	/* Now, make sure methods are not already in use */
1546 	if (method_in_use(method, mad_reg_req))
1547 		goto error3;
1548 
1549 	/* Finally, add in methods being registered */
1550 	for_each_set_bit(i, mad_reg_req->method_mask, IB_MGMT_MAX_METHODS)
1551 		(*method)->agent[i] = agent_priv;
1552 
1553 	return 0;
1554 
1555 error3:
1556 	/* Remove any methods for this mad agent */
1557 	remove_methods_mad_agent(*method, agent_priv);
1558 	/* Now, check to see if there are any methods in use */
1559 	if (!check_method_table(*method)) {
1560 		/* If not, release management method table */
1561 		kfree(*method);
1562 		*method = NULL;
1563 	}
1564 	ret = -EINVAL;
1565 	goto error1;
1566 error2:
1567 	kfree(*class);
1568 	*class = NULL;
1569 error1:
1570 	return ret;
1571 }
1572 
add_oui_reg_req(struct ib_mad_reg_req * mad_reg_req,struct ib_mad_agent_private * agent_priv)1573 static int add_oui_reg_req(struct ib_mad_reg_req *mad_reg_req,
1574 			   struct ib_mad_agent_private *agent_priv)
1575 {
1576 	struct ib_mad_port_private *port_priv;
1577 	struct ib_mad_mgmt_vendor_class_table **vendor_table;
1578 	struct ib_mad_mgmt_vendor_class_table *vendor = NULL;
1579 	struct ib_mad_mgmt_vendor_class *vendor_class = NULL;
1580 	struct ib_mad_mgmt_method_table **method;
1581 	int i, ret = -ENOMEM;
1582 	u8 vclass;
1583 
1584 	/* "New" vendor (with OUI) class */
1585 	vclass = vendor_class_index(mad_reg_req->mgmt_class);
1586 	port_priv = agent_priv->qp_info->port_priv;
1587 	vendor_table = &port_priv->version[
1588 				mad_reg_req->mgmt_class_version].vendor;
1589 	if (!*vendor_table) {
1590 		/* Allocate mgmt vendor class table for "new" class version */
1591 		vendor = kzalloc(sizeof *vendor, GFP_ATOMIC);
1592 		if (!vendor)
1593 			goto error1;
1594 
1595 		*vendor_table = vendor;
1596 	}
1597 	if (!(*vendor_table)->vendor_class[vclass]) {
1598 		/* Allocate table for this management vendor class */
1599 		vendor_class = kzalloc(sizeof *vendor_class, GFP_ATOMIC);
1600 		if (!vendor_class)
1601 			goto error2;
1602 
1603 		(*vendor_table)->vendor_class[vclass] = vendor_class;
1604 	}
1605 	for (i = 0; i < MAX_MGMT_OUI; i++) {
1606 		/* Is there matching OUI for this vendor class ? */
1607 		if (!memcmp((*vendor_table)->vendor_class[vclass]->oui[i],
1608 			    mad_reg_req->oui, 3)) {
1609 			method = &(*vendor_table)->vendor_class[
1610 						vclass]->method_table[i];
1611 			if (!*method)
1612 				goto error3;
1613 			goto check_in_use;
1614 		}
1615 	}
1616 	for (i = 0; i < MAX_MGMT_OUI; i++) {
1617 		/* OUI slot available ? */
1618 		if (!is_vendor_oui((*vendor_table)->vendor_class[
1619 				vclass]->oui[i])) {
1620 			method = &(*vendor_table)->vendor_class[
1621 				vclass]->method_table[i];
1622 			/* Allocate method table for this OUI */
1623 			if (!*method) {
1624 				ret = allocate_method_table(method);
1625 				if (ret)
1626 					goto error3;
1627 			}
1628 			memcpy((*vendor_table)->vendor_class[vclass]->oui[i],
1629 			       mad_reg_req->oui, 3);
1630 			goto check_in_use;
1631 		}
1632 	}
1633 	dev_err(&agent_priv->agent.device->dev, "All OUI slots in use\n");
1634 	goto error3;
1635 
1636 check_in_use:
1637 	/* Now, make sure methods are not already in use */
1638 	if (method_in_use(method, mad_reg_req))
1639 		goto error4;
1640 
1641 	/* Finally, add in methods being registered */
1642 	for_each_set_bit(i, mad_reg_req->method_mask, IB_MGMT_MAX_METHODS)
1643 		(*method)->agent[i] = agent_priv;
1644 
1645 	return 0;
1646 
1647 error4:
1648 	/* Remove any methods for this mad agent */
1649 	remove_methods_mad_agent(*method, agent_priv);
1650 	/* Now, check to see if there are any methods in use */
1651 	if (!check_method_table(*method)) {
1652 		/* If not, release management method table */
1653 		kfree(*method);
1654 		*method = NULL;
1655 	}
1656 	ret = -EINVAL;
1657 error3:
1658 	if (vendor_class) {
1659 		(*vendor_table)->vendor_class[vclass] = NULL;
1660 		kfree(vendor_class);
1661 	}
1662 error2:
1663 	if (vendor) {
1664 		*vendor_table = NULL;
1665 		kfree(vendor);
1666 	}
1667 error1:
1668 	return ret;
1669 }
1670 
remove_mad_reg_req(struct ib_mad_agent_private * agent_priv)1671 static void remove_mad_reg_req(struct ib_mad_agent_private *agent_priv)
1672 {
1673 	struct ib_mad_port_private *port_priv;
1674 	struct ib_mad_mgmt_class_table *class;
1675 	struct ib_mad_mgmt_method_table *method;
1676 	struct ib_mad_mgmt_vendor_class_table *vendor;
1677 	struct ib_mad_mgmt_vendor_class *vendor_class;
1678 	int index;
1679 	u8 mgmt_class;
1680 
1681 	/*
1682 	 * Was MAD registration request supplied
1683 	 * with original registration ?
1684 	 */
1685 	if (!agent_priv->reg_req) {
1686 		goto out;
1687 	}
1688 
1689 	port_priv = agent_priv->qp_info->port_priv;
1690 	mgmt_class = convert_mgmt_class(agent_priv->reg_req->mgmt_class);
1691 	class = port_priv->version[
1692 			agent_priv->reg_req->mgmt_class_version].class;
1693 	if (!class)
1694 		goto vendor_check;
1695 
1696 	method = class->method_table[mgmt_class];
1697 	if (method) {
1698 		/* Remove any methods for this mad agent */
1699 		remove_methods_mad_agent(method, agent_priv);
1700 		/* Now, check to see if there are any methods still in use */
1701 		if (!check_method_table(method)) {
1702 			/* If not, release management method table */
1703 			kfree(method);
1704 			class->method_table[mgmt_class] = NULL;
1705 			/* Any management classes left ? */
1706 			if (!check_class_table(class)) {
1707 				/* If not, release management class table */
1708 				kfree(class);
1709 				port_priv->version[
1710 					agent_priv->reg_req->
1711 					mgmt_class_version].class = NULL;
1712 			}
1713 		}
1714 	}
1715 
1716 vendor_check:
1717 	if (!is_vendor_class(mgmt_class))
1718 		goto out;
1719 
1720 	/* normalize mgmt_class to vendor range 2 */
1721 	mgmt_class = vendor_class_index(agent_priv->reg_req->mgmt_class);
1722 	vendor = port_priv->version[
1723 			agent_priv->reg_req->mgmt_class_version].vendor;
1724 
1725 	if (!vendor)
1726 		goto out;
1727 
1728 	vendor_class = vendor->vendor_class[mgmt_class];
1729 	if (vendor_class) {
1730 		index = find_vendor_oui(vendor_class, agent_priv->reg_req->oui);
1731 		if (index < 0)
1732 			goto out;
1733 		method = vendor_class->method_table[index];
1734 		if (method) {
1735 			/* Remove any methods for this mad agent */
1736 			remove_methods_mad_agent(method, agent_priv);
1737 			/*
1738 			 * Now, check to see if there are
1739 			 * any methods still in use
1740 			 */
1741 			if (!check_method_table(method)) {
1742 				/* If not, release management method table */
1743 				kfree(method);
1744 				vendor_class->method_table[index] = NULL;
1745 				memset(vendor_class->oui[index], 0, 3);
1746 				/* Any OUIs left ? */
1747 				if (!check_vendor_class(vendor_class)) {
1748 					/* If not, release vendor class table */
1749 					kfree(vendor_class);
1750 					vendor->vendor_class[mgmt_class] = NULL;
1751 					/* Any other vendor classes left ? */
1752 					if (!check_vendor_table(vendor)) {
1753 						kfree(vendor);
1754 						port_priv->version[
1755 							agent_priv->reg_req->
1756 							mgmt_class_version].
1757 							vendor = NULL;
1758 					}
1759 				}
1760 			}
1761 		}
1762 	}
1763 
1764 out:
1765 	return;
1766 }
1767 
1768 static struct ib_mad_agent_private *
find_mad_agent(struct ib_mad_port_private * port_priv,const struct ib_mad_hdr * mad_hdr)1769 find_mad_agent(struct ib_mad_port_private *port_priv,
1770 	       const struct ib_mad_hdr *mad_hdr)
1771 {
1772 	struct ib_mad_agent_private *mad_agent = NULL;
1773 	unsigned long flags;
1774 
1775 	if (ib_response_mad(mad_hdr)) {
1776 		u32 hi_tid;
1777 
1778 		/*
1779 		 * Routing is based on high 32 bits of transaction ID
1780 		 * of MAD.
1781 		 */
1782 		hi_tid = be64_to_cpu(mad_hdr->tid) >> 32;
1783 		rcu_read_lock();
1784 		mad_agent = xa_load(&ib_mad_clients, hi_tid);
1785 		if (mad_agent && !atomic_inc_not_zero(&mad_agent->refcount))
1786 			mad_agent = NULL;
1787 		rcu_read_unlock();
1788 	} else {
1789 		struct ib_mad_mgmt_class_table *class;
1790 		struct ib_mad_mgmt_method_table *method;
1791 		struct ib_mad_mgmt_vendor_class_table *vendor;
1792 		struct ib_mad_mgmt_vendor_class *vendor_class;
1793 		const struct ib_vendor_mad *vendor_mad;
1794 		int index;
1795 
1796 		spin_lock_irqsave(&port_priv->reg_lock, flags);
1797 		/*
1798 		 * Routing is based on version, class, and method
1799 		 * For "newer" vendor MADs, also based on OUI
1800 		 */
1801 		if (mad_hdr->class_version >= MAX_MGMT_VERSION)
1802 			goto out;
1803 		if (!is_vendor_class(mad_hdr->mgmt_class)) {
1804 			class = port_priv->version[
1805 					mad_hdr->class_version].class;
1806 			if (!class)
1807 				goto out;
1808 			if (convert_mgmt_class(mad_hdr->mgmt_class) >=
1809 			    ARRAY_SIZE(class->method_table))
1810 				goto out;
1811 			method = class->method_table[convert_mgmt_class(
1812 							mad_hdr->mgmt_class)];
1813 			if (method)
1814 				mad_agent = method->agent[mad_hdr->method &
1815 							  ~IB_MGMT_METHOD_RESP];
1816 		} else {
1817 			vendor = port_priv->version[
1818 					mad_hdr->class_version].vendor;
1819 			if (!vendor)
1820 				goto out;
1821 			vendor_class = vendor->vendor_class[vendor_class_index(
1822 						mad_hdr->mgmt_class)];
1823 			if (!vendor_class)
1824 				goto out;
1825 			/* Find matching OUI */
1826 			vendor_mad = (const struct ib_vendor_mad *)mad_hdr;
1827 			index = find_vendor_oui(vendor_class, vendor_mad->oui);
1828 			if (index == -1)
1829 				goto out;
1830 			method = vendor_class->method_table[index];
1831 			if (method) {
1832 				mad_agent = method->agent[mad_hdr->method &
1833 							  ~IB_MGMT_METHOD_RESP];
1834 			}
1835 		}
1836 		if (mad_agent)
1837 			atomic_inc(&mad_agent->refcount);
1838 out:
1839 		spin_unlock_irqrestore(&port_priv->reg_lock, flags);
1840 	}
1841 
1842 	if (mad_agent && !mad_agent->agent.recv_handler) {
1843 		dev_notice(&port_priv->device->dev,
1844 			   "No receive handler for client %p on port %d\n",
1845 			   &mad_agent->agent, port_priv->port_num);
1846 		deref_mad_agent(mad_agent);
1847 		mad_agent = NULL;
1848 	}
1849 
1850 	return mad_agent;
1851 }
1852 
validate_mad(const struct ib_mad_hdr * mad_hdr,const struct ib_mad_qp_info * qp_info,bool opa)1853 static int validate_mad(const struct ib_mad_hdr *mad_hdr,
1854 			const struct ib_mad_qp_info *qp_info,
1855 			bool opa)
1856 {
1857 	int valid = 0;
1858 	u32 qp_num = qp_info->qp->qp_num;
1859 
1860 	/* Make sure MAD base version is understood */
1861 	if (mad_hdr->base_version != IB_MGMT_BASE_VERSION &&
1862 	    (!opa || mad_hdr->base_version != OPA_MGMT_BASE_VERSION)) {
1863 		pr_err("MAD received with unsupported base version %d %s\n",
1864 		       mad_hdr->base_version, opa ? "(opa)" : "");
1865 		goto out;
1866 	}
1867 
1868 	/* Filter SMI packets sent to other than QP0 */
1869 	if ((mad_hdr->mgmt_class == IB_MGMT_CLASS_SUBN_LID_ROUTED) ||
1870 	    (mad_hdr->mgmt_class == IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE)) {
1871 		if (qp_num == 0)
1872 			valid = 1;
1873 	} else {
1874 		/* CM attributes other than ClassPortInfo only use Send method */
1875 		if ((mad_hdr->mgmt_class == IB_MGMT_CLASS_CM) &&
1876 		    (mad_hdr->attr_id != IB_MGMT_CLASSPORTINFO_ATTR_ID) &&
1877 		    (mad_hdr->method != IB_MGMT_METHOD_SEND))
1878 			goto out;
1879 		/* Filter GSI packets sent to QP0 */
1880 		if (qp_num != 0)
1881 			valid = 1;
1882 	}
1883 
1884 out:
1885 	return valid;
1886 }
1887 
is_rmpp_data_mad(const struct ib_mad_agent_private * mad_agent_priv,const struct ib_mad_hdr * mad_hdr)1888 static int is_rmpp_data_mad(const struct ib_mad_agent_private *mad_agent_priv,
1889 			    const struct ib_mad_hdr *mad_hdr)
1890 {
1891 	struct ib_rmpp_mad *rmpp_mad;
1892 
1893 	rmpp_mad = (struct ib_rmpp_mad *)mad_hdr;
1894 	return !mad_agent_priv->agent.rmpp_version ||
1895 		!ib_mad_kernel_rmpp_agent(&mad_agent_priv->agent) ||
1896 		!(ib_get_rmpp_flags(&rmpp_mad->rmpp_hdr) &
1897 				    IB_MGMT_RMPP_FLAG_ACTIVE) ||
1898 		(rmpp_mad->rmpp_hdr.rmpp_type == IB_MGMT_RMPP_TYPE_DATA);
1899 }
1900 
rcv_has_same_class(const struct ib_mad_send_wr_private * wr,const struct ib_mad_recv_wc * rwc)1901 static inline int rcv_has_same_class(const struct ib_mad_send_wr_private *wr,
1902 				     const struct ib_mad_recv_wc *rwc)
1903 {
1904 	return ((struct ib_mad_hdr *)(wr->send_buf.mad))->mgmt_class ==
1905 		rwc->recv_buf.mad->mad_hdr.mgmt_class;
1906 }
1907 
rcv_has_same_gid(const struct ib_mad_agent_private * mad_agent_priv,const struct ib_mad_send_wr_private * wr,const struct ib_mad_recv_wc * rwc)1908 static inline int rcv_has_same_gid(const struct ib_mad_agent_private *mad_agent_priv,
1909 				   const struct ib_mad_send_wr_private *wr,
1910 				   const struct ib_mad_recv_wc *rwc )
1911 {
1912 	struct rdma_ah_attr attr;
1913 	u8 send_resp, rcv_resp;
1914 	union ib_gid sgid;
1915 	struct ib_device *device = mad_agent_priv->agent.device;
1916 	u8 port_num = mad_agent_priv->agent.port_num;
1917 	u8 lmc;
1918 	bool has_grh;
1919 
1920 	send_resp = ib_response_mad((struct ib_mad_hdr *)wr->send_buf.mad);
1921 	rcv_resp = ib_response_mad(&rwc->recv_buf.mad->mad_hdr);
1922 
1923 	if (send_resp == rcv_resp)
1924 		/* both requests, or both responses. GIDs different */
1925 		return 0;
1926 
1927 	if (rdma_query_ah(wr->send_buf.ah, &attr))
1928 		/* Assume not equal, to avoid false positives. */
1929 		return 0;
1930 
1931 	has_grh = !!(rdma_ah_get_ah_flags(&attr) & IB_AH_GRH);
1932 	if (has_grh != !!(rwc->wc->wc_flags & IB_WC_GRH))
1933 		/* one has GID, other does not.  Assume different */
1934 		return 0;
1935 
1936 	if (!send_resp && rcv_resp) {
1937 		/* is request/response. */
1938 		if (!has_grh) {
1939 			if (ib_get_cached_lmc(device, port_num, &lmc))
1940 				return 0;
1941 			return (!lmc || !((rdma_ah_get_path_bits(&attr) ^
1942 					   rwc->wc->dlid_path_bits) &
1943 					  ((1 << lmc) - 1)));
1944 		} else {
1945 			const struct ib_global_route *grh =
1946 					rdma_ah_read_grh(&attr);
1947 
1948 			if (rdma_query_gid(device, port_num,
1949 					   grh->sgid_index, &sgid))
1950 				return 0;
1951 			return !memcmp(sgid.raw, rwc->recv_buf.grh->dgid.raw,
1952 				       16);
1953 		}
1954 	}
1955 
1956 	if (!has_grh)
1957 		return rdma_ah_get_dlid(&attr) == rwc->wc->slid;
1958 	else
1959 		return !memcmp(rdma_ah_read_grh(&attr)->dgid.raw,
1960 			       rwc->recv_buf.grh->sgid.raw,
1961 			       16);
1962 }
1963 
is_direct(u8 class)1964 static inline int is_direct(u8 class)
1965 {
1966 	return (class == IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE);
1967 }
1968 
1969 struct ib_mad_send_wr_private*
ib_find_send_mad(const struct ib_mad_agent_private * mad_agent_priv,const struct ib_mad_recv_wc * wc)1970 ib_find_send_mad(const struct ib_mad_agent_private *mad_agent_priv,
1971 		 const struct ib_mad_recv_wc *wc)
1972 {
1973 	struct ib_mad_send_wr_private *wr;
1974 	const struct ib_mad_hdr *mad_hdr;
1975 
1976 	mad_hdr = &wc->recv_buf.mad->mad_hdr;
1977 
1978 	list_for_each_entry(wr, &mad_agent_priv->wait_list, agent_list) {
1979 		if ((wr->tid == mad_hdr->tid) &&
1980 		    rcv_has_same_class(wr, wc) &&
1981 		    /*
1982 		     * Don't check GID for direct routed MADs.
1983 		     * These might have permissive LIDs.
1984 		     */
1985 		    (is_direct(mad_hdr->mgmt_class) ||
1986 		     rcv_has_same_gid(mad_agent_priv, wr, wc)))
1987 			return (wr->status == IB_WC_SUCCESS) ? wr : NULL;
1988 	}
1989 
1990 	/*
1991 	 * It's possible to receive the response before we've
1992 	 * been notified that the send has completed
1993 	 */
1994 	list_for_each_entry(wr, &mad_agent_priv->send_list, agent_list) {
1995 		if (is_rmpp_data_mad(mad_agent_priv, wr->send_buf.mad) &&
1996 		    wr->tid == mad_hdr->tid &&
1997 		    wr->timeout &&
1998 		    rcv_has_same_class(wr, wc) &&
1999 		    /*
2000 		     * Don't check GID for direct routed MADs.
2001 		     * These might have permissive LIDs.
2002 		     */
2003 		    (is_direct(mad_hdr->mgmt_class) ||
2004 		     rcv_has_same_gid(mad_agent_priv, wr, wc)))
2005 			/* Verify request has not been canceled */
2006 			return (wr->status == IB_WC_SUCCESS) ? wr : NULL;
2007 	}
2008 	return NULL;
2009 }
2010 
ib_mark_mad_done(struct ib_mad_send_wr_private * mad_send_wr)2011 void ib_mark_mad_done(struct ib_mad_send_wr_private *mad_send_wr)
2012 {
2013 	mad_send_wr->timeout = 0;
2014 	if (mad_send_wr->refcount == 1)
2015 		list_move_tail(&mad_send_wr->agent_list,
2016 			      &mad_send_wr->mad_agent_priv->done_list);
2017 }
2018 
ib_mad_complete_recv(struct ib_mad_agent_private * mad_agent_priv,struct ib_mad_recv_wc * mad_recv_wc)2019 static void ib_mad_complete_recv(struct ib_mad_agent_private *mad_agent_priv,
2020 				 struct ib_mad_recv_wc *mad_recv_wc)
2021 {
2022 	struct ib_mad_send_wr_private *mad_send_wr;
2023 	struct ib_mad_send_wc mad_send_wc;
2024 	unsigned long flags;
2025 	int ret;
2026 
2027 	INIT_LIST_HEAD(&mad_recv_wc->rmpp_list);
2028 	ret = ib_mad_enforce_security(mad_agent_priv,
2029 				      mad_recv_wc->wc->pkey_index);
2030 	if (ret) {
2031 		ib_free_recv_mad(mad_recv_wc);
2032 		deref_mad_agent(mad_agent_priv);
2033 		return;
2034 	}
2035 
2036 	list_add(&mad_recv_wc->recv_buf.list, &mad_recv_wc->rmpp_list);
2037 	if (ib_mad_kernel_rmpp_agent(&mad_agent_priv->agent)) {
2038 		mad_recv_wc = ib_process_rmpp_recv_wc(mad_agent_priv,
2039 						      mad_recv_wc);
2040 		if (!mad_recv_wc) {
2041 			deref_mad_agent(mad_agent_priv);
2042 			return;
2043 		}
2044 	}
2045 
2046 	/* Complete corresponding request */
2047 	if (ib_response_mad(&mad_recv_wc->recv_buf.mad->mad_hdr)) {
2048 		spin_lock_irqsave(&mad_agent_priv->lock, flags);
2049 		mad_send_wr = ib_find_send_mad(mad_agent_priv, mad_recv_wc);
2050 		if (!mad_send_wr) {
2051 			spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
2052 			if (!ib_mad_kernel_rmpp_agent(&mad_agent_priv->agent)
2053 			   && ib_is_mad_class_rmpp(mad_recv_wc->recv_buf.mad->mad_hdr.mgmt_class)
2054 			   && (ib_get_rmpp_flags(&((struct ib_rmpp_mad *)mad_recv_wc->recv_buf.mad)->rmpp_hdr)
2055 					& IB_MGMT_RMPP_FLAG_ACTIVE)) {
2056 				/* user rmpp is in effect
2057 				 * and this is an active RMPP MAD
2058 				 */
2059 				mad_agent_priv->agent.recv_handler(
2060 						&mad_agent_priv->agent, NULL,
2061 						mad_recv_wc);
2062 				atomic_dec(&mad_agent_priv->refcount);
2063 			} else {
2064 				/* not user rmpp, revert to normal behavior and
2065 				 * drop the mad */
2066 				ib_free_recv_mad(mad_recv_wc);
2067 				deref_mad_agent(mad_agent_priv);
2068 				return;
2069 			}
2070 		} else {
2071 			ib_mark_mad_done(mad_send_wr);
2072 			spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
2073 
2074 			/* Defined behavior is to complete response before request */
2075 			mad_agent_priv->agent.recv_handler(
2076 					&mad_agent_priv->agent,
2077 					&mad_send_wr->send_buf,
2078 					mad_recv_wc);
2079 			atomic_dec(&mad_agent_priv->refcount);
2080 
2081 			mad_send_wc.status = IB_WC_SUCCESS;
2082 			mad_send_wc.vendor_err = 0;
2083 			mad_send_wc.send_buf = &mad_send_wr->send_buf;
2084 			ib_mad_complete_send_wr(mad_send_wr, &mad_send_wc);
2085 		}
2086 	} else {
2087 		mad_agent_priv->agent.recv_handler(&mad_agent_priv->agent, NULL,
2088 						   mad_recv_wc);
2089 		deref_mad_agent(mad_agent_priv);
2090 	}
2091 
2092 	return;
2093 }
2094 
handle_ib_smi(const struct ib_mad_port_private * port_priv,const struct ib_mad_qp_info * qp_info,const struct ib_wc * wc,int port_num,struct ib_mad_private * recv,struct ib_mad_private * response)2095 static enum smi_action handle_ib_smi(const struct ib_mad_port_private *port_priv,
2096 				     const struct ib_mad_qp_info *qp_info,
2097 				     const struct ib_wc *wc,
2098 				     int port_num,
2099 				     struct ib_mad_private *recv,
2100 				     struct ib_mad_private *response)
2101 {
2102 	enum smi_forward_action retsmi;
2103 	struct ib_smp *smp = (struct ib_smp *)recv->mad;
2104 
2105 	trace_ib_mad_handle_ib_smi(smp);
2106 
2107 	if (smi_handle_dr_smp_recv(smp,
2108 				   rdma_cap_ib_switch(port_priv->device),
2109 				   port_num,
2110 				   port_priv->device->phys_port_cnt) ==
2111 				   IB_SMI_DISCARD)
2112 		return IB_SMI_DISCARD;
2113 
2114 	retsmi = smi_check_forward_dr_smp(smp);
2115 	if (retsmi == IB_SMI_LOCAL)
2116 		return IB_SMI_HANDLE;
2117 
2118 	if (retsmi == IB_SMI_SEND) { /* don't forward */
2119 		if (smi_handle_dr_smp_send(smp,
2120 					   rdma_cap_ib_switch(port_priv->device),
2121 					   port_num) == IB_SMI_DISCARD)
2122 			return IB_SMI_DISCARD;
2123 
2124 		if (smi_check_local_smp(smp, port_priv->device) == IB_SMI_DISCARD)
2125 			return IB_SMI_DISCARD;
2126 	} else if (rdma_cap_ib_switch(port_priv->device)) {
2127 		/* forward case for switches */
2128 		memcpy(response, recv, mad_priv_size(response));
2129 		response->header.recv_wc.wc = &response->header.wc;
2130 		response->header.recv_wc.recv_buf.mad = (struct ib_mad *)response->mad;
2131 		response->header.recv_wc.recv_buf.grh = &response->grh;
2132 
2133 		agent_send_response((const struct ib_mad_hdr *)response->mad,
2134 				    &response->grh, wc,
2135 				    port_priv->device,
2136 				    smi_get_fwd_port(smp),
2137 				    qp_info->qp->qp_num,
2138 				    response->mad_size,
2139 				    false);
2140 
2141 		return IB_SMI_DISCARD;
2142 	}
2143 	return IB_SMI_HANDLE;
2144 }
2145 
generate_unmatched_resp(const struct ib_mad_private * recv,struct ib_mad_private * response,size_t * resp_len,bool opa)2146 static bool generate_unmatched_resp(const struct ib_mad_private *recv,
2147 				    struct ib_mad_private *response,
2148 				    size_t *resp_len, bool opa)
2149 {
2150 	const struct ib_mad_hdr *recv_hdr = (const struct ib_mad_hdr *)recv->mad;
2151 	struct ib_mad_hdr *resp_hdr = (struct ib_mad_hdr *)response->mad;
2152 
2153 	if (recv_hdr->method == IB_MGMT_METHOD_GET ||
2154 	    recv_hdr->method == IB_MGMT_METHOD_SET) {
2155 		memcpy(response, recv, mad_priv_size(response));
2156 		response->header.recv_wc.wc = &response->header.wc;
2157 		response->header.recv_wc.recv_buf.mad = (struct ib_mad *)response->mad;
2158 		response->header.recv_wc.recv_buf.grh = &response->grh;
2159 		resp_hdr->method = IB_MGMT_METHOD_GET_RESP;
2160 		resp_hdr->status = cpu_to_be16(IB_MGMT_MAD_STATUS_UNSUPPORTED_METHOD_ATTRIB);
2161 		if (recv_hdr->mgmt_class == IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE)
2162 			resp_hdr->status |= IB_SMP_DIRECTION;
2163 
2164 		if (opa && recv_hdr->base_version == OPA_MGMT_BASE_VERSION) {
2165 			if (recv_hdr->mgmt_class ==
2166 			    IB_MGMT_CLASS_SUBN_LID_ROUTED ||
2167 			    recv_hdr->mgmt_class ==
2168 			    IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE)
2169 				*resp_len = opa_get_smp_header_size(
2170 							(struct opa_smp *)recv->mad);
2171 			else
2172 				*resp_len = sizeof(struct ib_mad_hdr);
2173 		}
2174 
2175 		return true;
2176 	} else {
2177 		return false;
2178 	}
2179 }
2180 
2181 static enum smi_action
handle_opa_smi(struct ib_mad_port_private * port_priv,struct ib_mad_qp_info * qp_info,struct ib_wc * wc,int port_num,struct ib_mad_private * recv,struct ib_mad_private * response)2182 handle_opa_smi(struct ib_mad_port_private *port_priv,
2183 	       struct ib_mad_qp_info *qp_info,
2184 	       struct ib_wc *wc,
2185 	       int port_num,
2186 	       struct ib_mad_private *recv,
2187 	       struct ib_mad_private *response)
2188 {
2189 	enum smi_forward_action retsmi;
2190 	struct opa_smp *smp = (struct opa_smp *)recv->mad;
2191 
2192 	trace_ib_mad_handle_opa_smi(smp);
2193 
2194 	if (opa_smi_handle_dr_smp_recv(smp,
2195 				   rdma_cap_ib_switch(port_priv->device),
2196 				   port_num,
2197 				   port_priv->device->phys_port_cnt) ==
2198 				   IB_SMI_DISCARD)
2199 		return IB_SMI_DISCARD;
2200 
2201 	retsmi = opa_smi_check_forward_dr_smp(smp);
2202 	if (retsmi == IB_SMI_LOCAL)
2203 		return IB_SMI_HANDLE;
2204 
2205 	if (retsmi == IB_SMI_SEND) { /* don't forward */
2206 		if (opa_smi_handle_dr_smp_send(smp,
2207 					   rdma_cap_ib_switch(port_priv->device),
2208 					   port_num) == IB_SMI_DISCARD)
2209 			return IB_SMI_DISCARD;
2210 
2211 		if (opa_smi_check_local_smp(smp, port_priv->device) ==
2212 		    IB_SMI_DISCARD)
2213 			return IB_SMI_DISCARD;
2214 
2215 	} else if (rdma_cap_ib_switch(port_priv->device)) {
2216 		/* forward case for switches */
2217 		memcpy(response, recv, mad_priv_size(response));
2218 		response->header.recv_wc.wc = &response->header.wc;
2219 		response->header.recv_wc.recv_buf.opa_mad =
2220 				(struct opa_mad *)response->mad;
2221 		response->header.recv_wc.recv_buf.grh = &response->grh;
2222 
2223 		agent_send_response((const struct ib_mad_hdr *)response->mad,
2224 				    &response->grh, wc,
2225 				    port_priv->device,
2226 				    opa_smi_get_fwd_port(smp),
2227 				    qp_info->qp->qp_num,
2228 				    recv->header.wc.byte_len,
2229 				    true);
2230 
2231 		return IB_SMI_DISCARD;
2232 	}
2233 
2234 	return IB_SMI_HANDLE;
2235 }
2236 
2237 static enum smi_action
handle_smi(struct ib_mad_port_private * port_priv,struct ib_mad_qp_info * qp_info,struct ib_wc * wc,int port_num,struct ib_mad_private * recv,struct ib_mad_private * response,bool opa)2238 handle_smi(struct ib_mad_port_private *port_priv,
2239 	   struct ib_mad_qp_info *qp_info,
2240 	   struct ib_wc *wc,
2241 	   int port_num,
2242 	   struct ib_mad_private *recv,
2243 	   struct ib_mad_private *response,
2244 	   bool opa)
2245 {
2246 	struct ib_mad_hdr *mad_hdr = (struct ib_mad_hdr *)recv->mad;
2247 
2248 	if (opa && mad_hdr->base_version == OPA_MGMT_BASE_VERSION &&
2249 	    mad_hdr->class_version == OPA_SM_CLASS_VERSION)
2250 		return handle_opa_smi(port_priv, qp_info, wc, port_num, recv,
2251 				      response);
2252 
2253 	return handle_ib_smi(port_priv, qp_info, wc, port_num, recv, response);
2254 }
2255 
ib_mad_recv_done(struct ib_cq * cq,struct ib_wc * wc)2256 static void ib_mad_recv_done(struct ib_cq *cq, struct ib_wc *wc)
2257 {
2258 	struct ib_mad_port_private *port_priv = cq->cq_context;
2259 	struct ib_mad_list_head *mad_list =
2260 		container_of(wc->wr_cqe, struct ib_mad_list_head, cqe);
2261 	struct ib_mad_qp_info *qp_info;
2262 	struct ib_mad_private_header *mad_priv_hdr;
2263 	struct ib_mad_private *recv, *response = NULL;
2264 	struct ib_mad_agent_private *mad_agent;
2265 	int port_num;
2266 	int ret = IB_MAD_RESULT_SUCCESS;
2267 	size_t mad_size;
2268 	u16 resp_mad_pkey_index = 0;
2269 	bool opa;
2270 
2271 	if (list_empty_careful(&port_priv->port_list))
2272 		return;
2273 
2274 	if (wc->status != IB_WC_SUCCESS) {
2275 		/*
2276 		 * Receive errors indicate that the QP has entered the error
2277 		 * state - error handling/shutdown code will cleanup
2278 		 */
2279 		return;
2280 	}
2281 
2282 	qp_info = mad_list->mad_queue->qp_info;
2283 	dequeue_mad(mad_list);
2284 
2285 	opa = rdma_cap_opa_mad(qp_info->port_priv->device,
2286 			       qp_info->port_priv->port_num);
2287 
2288 	mad_priv_hdr = container_of(mad_list, struct ib_mad_private_header,
2289 				    mad_list);
2290 	recv = container_of(mad_priv_hdr, struct ib_mad_private, header);
2291 	ib_dma_unmap_single(port_priv->device,
2292 			    recv->header.mapping,
2293 			    mad_priv_dma_size(recv),
2294 			    DMA_FROM_DEVICE);
2295 
2296 	/* Setup MAD receive work completion from "normal" work completion */
2297 	recv->header.wc = *wc;
2298 	recv->header.recv_wc.wc = &recv->header.wc;
2299 
2300 	if (opa && ((struct ib_mad_hdr *)(recv->mad))->base_version == OPA_MGMT_BASE_VERSION) {
2301 		recv->header.recv_wc.mad_len = wc->byte_len - sizeof(struct ib_grh);
2302 		recv->header.recv_wc.mad_seg_size = sizeof(struct opa_mad);
2303 	} else {
2304 		recv->header.recv_wc.mad_len = sizeof(struct ib_mad);
2305 		recv->header.recv_wc.mad_seg_size = sizeof(struct ib_mad);
2306 	}
2307 
2308 	recv->header.recv_wc.recv_buf.mad = (struct ib_mad *)recv->mad;
2309 	recv->header.recv_wc.recv_buf.grh = &recv->grh;
2310 
2311 	if (atomic_read(&qp_info->snoop_count))
2312 		snoop_recv(qp_info, &recv->header.recv_wc, IB_MAD_SNOOP_RECVS);
2313 
2314 	/* Validate MAD */
2315 	if (!validate_mad((const struct ib_mad_hdr *)recv->mad, qp_info, opa))
2316 		goto out;
2317 
2318 	trace_ib_mad_recv_done_handler(qp_info, wc,
2319 				       (struct ib_mad_hdr *)recv->mad);
2320 
2321 	mad_size = recv->mad_size;
2322 	response = alloc_mad_private(mad_size, GFP_KERNEL);
2323 	if (!response)
2324 		goto out;
2325 
2326 	if (rdma_cap_ib_switch(port_priv->device))
2327 		port_num = wc->port_num;
2328 	else
2329 		port_num = port_priv->port_num;
2330 
2331 	if (((struct ib_mad_hdr *)recv->mad)->mgmt_class ==
2332 	    IB_MGMT_CLASS_SUBN_DIRECTED_ROUTE) {
2333 		if (handle_smi(port_priv, qp_info, wc, port_num, recv,
2334 			       response, opa)
2335 		    == IB_SMI_DISCARD)
2336 			goto out;
2337 	}
2338 
2339 	/* Give driver "right of first refusal" on incoming MAD */
2340 	if (port_priv->device->ops.process_mad) {
2341 		ret = port_priv->device->ops.process_mad(
2342 			port_priv->device, 0, port_priv->port_num, wc,
2343 			&recv->grh, (const struct ib_mad_hdr *)recv->mad,
2344 			recv->mad_size, (struct ib_mad_hdr *)response->mad,
2345 			&mad_size, &resp_mad_pkey_index);
2346 
2347 		if (opa)
2348 			wc->pkey_index = resp_mad_pkey_index;
2349 
2350 		if (ret & IB_MAD_RESULT_SUCCESS) {
2351 			if (ret & IB_MAD_RESULT_CONSUMED)
2352 				goto out;
2353 			if (ret & IB_MAD_RESULT_REPLY) {
2354 				agent_send_response((const struct ib_mad_hdr *)response->mad,
2355 						    &recv->grh, wc,
2356 						    port_priv->device,
2357 						    port_num,
2358 						    qp_info->qp->qp_num,
2359 						    mad_size, opa);
2360 				goto out;
2361 			}
2362 		}
2363 	}
2364 
2365 	mad_agent = find_mad_agent(port_priv, (const struct ib_mad_hdr *)recv->mad);
2366 	if (mad_agent) {
2367 		trace_ib_mad_recv_done_agent(mad_agent);
2368 		ib_mad_complete_recv(mad_agent, &recv->header.recv_wc);
2369 		/*
2370 		 * recv is freed up in error cases in ib_mad_complete_recv
2371 		 * or via recv_handler in ib_mad_complete_recv()
2372 		 */
2373 		recv = NULL;
2374 	} else if ((ret & IB_MAD_RESULT_SUCCESS) &&
2375 		   generate_unmatched_resp(recv, response, &mad_size, opa)) {
2376 		agent_send_response((const struct ib_mad_hdr *)response->mad, &recv->grh, wc,
2377 				    port_priv->device, port_num,
2378 				    qp_info->qp->qp_num, mad_size, opa);
2379 	}
2380 
2381 out:
2382 	/* Post another receive request for this QP */
2383 	if (response) {
2384 		ib_mad_post_receive_mads(qp_info, response);
2385 		kfree(recv);
2386 	} else
2387 		ib_mad_post_receive_mads(qp_info, recv);
2388 }
2389 
adjust_timeout(struct ib_mad_agent_private * mad_agent_priv)2390 static void adjust_timeout(struct ib_mad_agent_private *mad_agent_priv)
2391 {
2392 	struct ib_mad_send_wr_private *mad_send_wr;
2393 	unsigned long delay;
2394 
2395 	if (list_empty(&mad_agent_priv->wait_list)) {
2396 		cancel_delayed_work(&mad_agent_priv->timed_work);
2397 	} else {
2398 		mad_send_wr = list_entry(mad_agent_priv->wait_list.next,
2399 					 struct ib_mad_send_wr_private,
2400 					 agent_list);
2401 
2402 		if (time_after(mad_agent_priv->timeout,
2403 			       mad_send_wr->timeout)) {
2404 			mad_agent_priv->timeout = mad_send_wr->timeout;
2405 			delay = mad_send_wr->timeout - jiffies;
2406 			if ((long)delay <= 0)
2407 				delay = 1;
2408 			mod_delayed_work(mad_agent_priv->qp_info->port_priv->wq,
2409 					 &mad_agent_priv->timed_work, delay);
2410 		}
2411 	}
2412 }
2413 
wait_for_response(struct ib_mad_send_wr_private * mad_send_wr)2414 static void wait_for_response(struct ib_mad_send_wr_private *mad_send_wr)
2415 {
2416 	struct ib_mad_agent_private *mad_agent_priv;
2417 	struct ib_mad_send_wr_private *temp_mad_send_wr;
2418 	struct list_head *list_item;
2419 	unsigned long delay;
2420 
2421 	mad_agent_priv = mad_send_wr->mad_agent_priv;
2422 	list_del(&mad_send_wr->agent_list);
2423 
2424 	delay = mad_send_wr->timeout;
2425 	mad_send_wr->timeout += jiffies;
2426 
2427 	if (delay) {
2428 		list_for_each_prev(list_item, &mad_agent_priv->wait_list) {
2429 			temp_mad_send_wr = list_entry(list_item,
2430 						struct ib_mad_send_wr_private,
2431 						agent_list);
2432 			if (time_after(mad_send_wr->timeout,
2433 				       temp_mad_send_wr->timeout))
2434 				break;
2435 		}
2436 	}
2437 	else
2438 		list_item = &mad_agent_priv->wait_list;
2439 	list_add(&mad_send_wr->agent_list, list_item);
2440 
2441 	/* Reschedule a work item if we have a shorter timeout */
2442 	if (mad_agent_priv->wait_list.next == &mad_send_wr->agent_list)
2443 		mod_delayed_work(mad_agent_priv->qp_info->port_priv->wq,
2444 				 &mad_agent_priv->timed_work, delay);
2445 }
2446 
ib_reset_mad_timeout(struct ib_mad_send_wr_private * mad_send_wr,unsigned long timeout_ms)2447 void ib_reset_mad_timeout(struct ib_mad_send_wr_private *mad_send_wr,
2448 			  unsigned long timeout_ms)
2449 {
2450 	mad_send_wr->timeout = msecs_to_jiffies(timeout_ms);
2451 	wait_for_response(mad_send_wr);
2452 }
2453 
2454 /*
2455  * Process a send work completion
2456  */
ib_mad_complete_send_wr(struct ib_mad_send_wr_private * mad_send_wr,struct ib_mad_send_wc * mad_send_wc)2457 void ib_mad_complete_send_wr(struct ib_mad_send_wr_private *mad_send_wr,
2458 			     struct ib_mad_send_wc *mad_send_wc)
2459 {
2460 	struct ib_mad_agent_private	*mad_agent_priv;
2461 	unsigned long			flags;
2462 	int				ret;
2463 
2464 	mad_agent_priv = mad_send_wr->mad_agent_priv;
2465 	spin_lock_irqsave(&mad_agent_priv->lock, flags);
2466 	if (ib_mad_kernel_rmpp_agent(&mad_agent_priv->agent)) {
2467 		ret = ib_process_rmpp_send_wc(mad_send_wr, mad_send_wc);
2468 		if (ret == IB_RMPP_RESULT_CONSUMED)
2469 			goto done;
2470 	} else
2471 		ret = IB_RMPP_RESULT_UNHANDLED;
2472 
2473 	if (mad_send_wc->status != IB_WC_SUCCESS &&
2474 	    mad_send_wr->status == IB_WC_SUCCESS) {
2475 		mad_send_wr->status = mad_send_wc->status;
2476 		mad_send_wr->refcount -= (mad_send_wr->timeout > 0);
2477 	}
2478 
2479 	if (--mad_send_wr->refcount > 0) {
2480 		if (mad_send_wr->refcount == 1 && mad_send_wr->timeout &&
2481 		    mad_send_wr->status == IB_WC_SUCCESS) {
2482 			wait_for_response(mad_send_wr);
2483 		}
2484 		goto done;
2485 	}
2486 
2487 	/* Remove send from MAD agent and notify client of completion */
2488 	list_del(&mad_send_wr->agent_list);
2489 	adjust_timeout(mad_agent_priv);
2490 	spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
2491 
2492 	if (mad_send_wr->status != IB_WC_SUCCESS )
2493 		mad_send_wc->status = mad_send_wr->status;
2494 	if (ret == IB_RMPP_RESULT_INTERNAL)
2495 		ib_rmpp_send_handler(mad_send_wc);
2496 	else
2497 		mad_agent_priv->agent.send_handler(&mad_agent_priv->agent,
2498 						   mad_send_wc);
2499 
2500 	/* Release reference on agent taken when sending */
2501 	deref_mad_agent(mad_agent_priv);
2502 	return;
2503 done:
2504 	spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
2505 }
2506 
ib_mad_send_done(struct ib_cq * cq,struct ib_wc * wc)2507 static void ib_mad_send_done(struct ib_cq *cq, struct ib_wc *wc)
2508 {
2509 	struct ib_mad_port_private *port_priv = cq->cq_context;
2510 	struct ib_mad_list_head *mad_list =
2511 		container_of(wc->wr_cqe, struct ib_mad_list_head, cqe);
2512 	struct ib_mad_send_wr_private	*mad_send_wr, *queued_send_wr;
2513 	struct ib_mad_qp_info		*qp_info;
2514 	struct ib_mad_queue		*send_queue;
2515 	struct ib_mad_send_wc		mad_send_wc;
2516 	unsigned long flags;
2517 	int ret;
2518 
2519 	if (list_empty_careful(&port_priv->port_list))
2520 		return;
2521 
2522 	if (wc->status != IB_WC_SUCCESS) {
2523 		if (!ib_mad_send_error(port_priv, wc))
2524 			return;
2525 	}
2526 
2527 	mad_send_wr = container_of(mad_list, struct ib_mad_send_wr_private,
2528 				   mad_list);
2529 	send_queue = mad_list->mad_queue;
2530 	qp_info = send_queue->qp_info;
2531 
2532 	trace_ib_mad_send_done_agent(mad_send_wr->mad_agent_priv);
2533 	trace_ib_mad_send_done_handler(mad_send_wr, wc);
2534 
2535 retry:
2536 	ib_dma_unmap_single(mad_send_wr->send_buf.mad_agent->device,
2537 			    mad_send_wr->header_mapping,
2538 			    mad_send_wr->sg_list[0].length, DMA_TO_DEVICE);
2539 	ib_dma_unmap_single(mad_send_wr->send_buf.mad_agent->device,
2540 			    mad_send_wr->payload_mapping,
2541 			    mad_send_wr->sg_list[1].length, DMA_TO_DEVICE);
2542 	queued_send_wr = NULL;
2543 	spin_lock_irqsave(&send_queue->lock, flags);
2544 	list_del(&mad_list->list);
2545 
2546 	/* Move queued send to the send queue */
2547 	if (send_queue->count-- > send_queue->max_active) {
2548 		mad_list = container_of(qp_info->overflow_list.next,
2549 					struct ib_mad_list_head, list);
2550 		queued_send_wr = container_of(mad_list,
2551 					struct ib_mad_send_wr_private,
2552 					mad_list);
2553 		list_move_tail(&mad_list->list, &send_queue->list);
2554 	}
2555 	spin_unlock_irqrestore(&send_queue->lock, flags);
2556 
2557 	mad_send_wc.send_buf = &mad_send_wr->send_buf;
2558 	mad_send_wc.status = wc->status;
2559 	mad_send_wc.vendor_err = wc->vendor_err;
2560 	if (atomic_read(&qp_info->snoop_count))
2561 		snoop_send(qp_info, &mad_send_wr->send_buf, &mad_send_wc,
2562 			   IB_MAD_SNOOP_SEND_COMPLETIONS);
2563 	ib_mad_complete_send_wr(mad_send_wr, &mad_send_wc);
2564 
2565 	if (queued_send_wr) {
2566 		trace_ib_mad_send_done_resend(queued_send_wr, qp_info);
2567 		ret = ib_post_send(qp_info->qp, &queued_send_wr->send_wr.wr,
2568 				   NULL);
2569 		if (ret) {
2570 			dev_err(&port_priv->device->dev,
2571 				"ib_post_send failed: %d\n", ret);
2572 			mad_send_wr = queued_send_wr;
2573 			wc->status = IB_WC_LOC_QP_OP_ERR;
2574 			goto retry;
2575 		}
2576 	}
2577 }
2578 
mark_sends_for_retry(struct ib_mad_qp_info * qp_info)2579 static void mark_sends_for_retry(struct ib_mad_qp_info *qp_info)
2580 {
2581 	struct ib_mad_send_wr_private *mad_send_wr;
2582 	struct ib_mad_list_head *mad_list;
2583 	unsigned long flags;
2584 
2585 	spin_lock_irqsave(&qp_info->send_queue.lock, flags);
2586 	list_for_each_entry(mad_list, &qp_info->send_queue.list, list) {
2587 		mad_send_wr = container_of(mad_list,
2588 					   struct ib_mad_send_wr_private,
2589 					   mad_list);
2590 		mad_send_wr->retry = 1;
2591 	}
2592 	spin_unlock_irqrestore(&qp_info->send_queue.lock, flags);
2593 }
2594 
ib_mad_send_error(struct ib_mad_port_private * port_priv,struct ib_wc * wc)2595 static bool ib_mad_send_error(struct ib_mad_port_private *port_priv,
2596 		struct ib_wc *wc)
2597 {
2598 	struct ib_mad_list_head *mad_list =
2599 		container_of(wc->wr_cqe, struct ib_mad_list_head, cqe);
2600 	struct ib_mad_qp_info *qp_info = mad_list->mad_queue->qp_info;
2601 	struct ib_mad_send_wr_private *mad_send_wr;
2602 	int ret;
2603 
2604 	/*
2605 	 * Send errors will transition the QP to SQE - move
2606 	 * QP to RTS and repost flushed work requests
2607 	 */
2608 	mad_send_wr = container_of(mad_list, struct ib_mad_send_wr_private,
2609 				   mad_list);
2610 	if (wc->status == IB_WC_WR_FLUSH_ERR) {
2611 		if (mad_send_wr->retry) {
2612 			/* Repost send */
2613 			mad_send_wr->retry = 0;
2614 			trace_ib_mad_error_handler(mad_send_wr, qp_info);
2615 			ret = ib_post_send(qp_info->qp, &mad_send_wr->send_wr.wr,
2616 					   NULL);
2617 			if (!ret)
2618 				return false;
2619 		}
2620 	} else {
2621 		struct ib_qp_attr *attr;
2622 
2623 		/* Transition QP to RTS and fail offending send */
2624 		attr = kmalloc(sizeof *attr, GFP_KERNEL);
2625 		if (attr) {
2626 			attr->qp_state = IB_QPS_RTS;
2627 			attr->cur_qp_state = IB_QPS_SQE;
2628 			ret = ib_modify_qp(qp_info->qp, attr,
2629 					   IB_QP_STATE | IB_QP_CUR_STATE);
2630 			kfree(attr);
2631 			if (ret)
2632 				dev_err(&port_priv->device->dev,
2633 					"%s - ib_modify_qp to RTS: %d\n",
2634 					__func__, ret);
2635 			else
2636 				mark_sends_for_retry(qp_info);
2637 		}
2638 	}
2639 
2640 	return true;
2641 }
2642 
cancel_mads(struct ib_mad_agent_private * mad_agent_priv)2643 static void cancel_mads(struct ib_mad_agent_private *mad_agent_priv)
2644 {
2645 	unsigned long flags;
2646 	struct ib_mad_send_wr_private *mad_send_wr, *temp_mad_send_wr;
2647 	struct ib_mad_send_wc mad_send_wc;
2648 	struct list_head cancel_list;
2649 
2650 	INIT_LIST_HEAD(&cancel_list);
2651 
2652 	spin_lock_irqsave(&mad_agent_priv->lock, flags);
2653 	list_for_each_entry_safe(mad_send_wr, temp_mad_send_wr,
2654 				 &mad_agent_priv->send_list, agent_list) {
2655 		if (mad_send_wr->status == IB_WC_SUCCESS) {
2656 			mad_send_wr->status = IB_WC_WR_FLUSH_ERR;
2657 			mad_send_wr->refcount -= (mad_send_wr->timeout > 0);
2658 		}
2659 	}
2660 
2661 	/* Empty wait list to prevent receives from finding a request */
2662 	list_splice_init(&mad_agent_priv->wait_list, &cancel_list);
2663 	spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
2664 
2665 	/* Report all cancelled requests */
2666 	mad_send_wc.status = IB_WC_WR_FLUSH_ERR;
2667 	mad_send_wc.vendor_err = 0;
2668 
2669 	list_for_each_entry_safe(mad_send_wr, temp_mad_send_wr,
2670 				 &cancel_list, agent_list) {
2671 		mad_send_wc.send_buf = &mad_send_wr->send_buf;
2672 		list_del(&mad_send_wr->agent_list);
2673 		mad_agent_priv->agent.send_handler(&mad_agent_priv->agent,
2674 						   &mad_send_wc);
2675 		atomic_dec(&mad_agent_priv->refcount);
2676 	}
2677 }
2678 
2679 static struct ib_mad_send_wr_private*
find_send_wr(struct ib_mad_agent_private * mad_agent_priv,struct ib_mad_send_buf * send_buf)2680 find_send_wr(struct ib_mad_agent_private *mad_agent_priv,
2681 	     struct ib_mad_send_buf *send_buf)
2682 {
2683 	struct ib_mad_send_wr_private *mad_send_wr;
2684 
2685 	list_for_each_entry(mad_send_wr, &mad_agent_priv->wait_list,
2686 			    agent_list) {
2687 		if (&mad_send_wr->send_buf == send_buf)
2688 			return mad_send_wr;
2689 	}
2690 
2691 	list_for_each_entry(mad_send_wr, &mad_agent_priv->send_list,
2692 			    agent_list) {
2693 		if (is_rmpp_data_mad(mad_agent_priv,
2694 				     mad_send_wr->send_buf.mad) &&
2695 		    &mad_send_wr->send_buf == send_buf)
2696 			return mad_send_wr;
2697 	}
2698 	return NULL;
2699 }
2700 
ib_modify_mad(struct ib_mad_agent * mad_agent,struct ib_mad_send_buf * send_buf,u32 timeout_ms)2701 int ib_modify_mad(struct ib_mad_agent *mad_agent,
2702 		  struct ib_mad_send_buf *send_buf, u32 timeout_ms)
2703 {
2704 	struct ib_mad_agent_private *mad_agent_priv;
2705 	struct ib_mad_send_wr_private *mad_send_wr;
2706 	unsigned long flags;
2707 	int active;
2708 
2709 	mad_agent_priv = container_of(mad_agent, struct ib_mad_agent_private,
2710 				      agent);
2711 	spin_lock_irqsave(&mad_agent_priv->lock, flags);
2712 	mad_send_wr = find_send_wr(mad_agent_priv, send_buf);
2713 	if (!mad_send_wr || mad_send_wr->status != IB_WC_SUCCESS) {
2714 		spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
2715 		return -EINVAL;
2716 	}
2717 
2718 	active = (!mad_send_wr->timeout || mad_send_wr->refcount > 1);
2719 	if (!timeout_ms) {
2720 		mad_send_wr->status = IB_WC_WR_FLUSH_ERR;
2721 		mad_send_wr->refcount -= (mad_send_wr->timeout > 0);
2722 	}
2723 
2724 	mad_send_wr->send_buf.timeout_ms = timeout_ms;
2725 	if (active)
2726 		mad_send_wr->timeout = msecs_to_jiffies(timeout_ms);
2727 	else
2728 		ib_reset_mad_timeout(mad_send_wr, timeout_ms);
2729 
2730 	spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
2731 	return 0;
2732 }
2733 EXPORT_SYMBOL(ib_modify_mad);
2734 
ib_cancel_mad(struct ib_mad_agent * mad_agent,struct ib_mad_send_buf * send_buf)2735 void ib_cancel_mad(struct ib_mad_agent *mad_agent,
2736 		   struct ib_mad_send_buf *send_buf)
2737 {
2738 	ib_modify_mad(mad_agent, send_buf, 0);
2739 }
2740 EXPORT_SYMBOL(ib_cancel_mad);
2741 
local_completions(struct work_struct * work)2742 static void local_completions(struct work_struct *work)
2743 {
2744 	struct ib_mad_agent_private *mad_agent_priv;
2745 	struct ib_mad_local_private *local;
2746 	struct ib_mad_agent_private *recv_mad_agent;
2747 	unsigned long flags;
2748 	int free_mad;
2749 	struct ib_wc wc;
2750 	struct ib_mad_send_wc mad_send_wc;
2751 	bool opa;
2752 
2753 	mad_agent_priv =
2754 		container_of(work, struct ib_mad_agent_private, local_work);
2755 
2756 	opa = rdma_cap_opa_mad(mad_agent_priv->qp_info->port_priv->device,
2757 			       mad_agent_priv->qp_info->port_priv->port_num);
2758 
2759 	spin_lock_irqsave(&mad_agent_priv->lock, flags);
2760 	while (!list_empty(&mad_agent_priv->local_list)) {
2761 		local = list_entry(mad_agent_priv->local_list.next,
2762 				   struct ib_mad_local_private,
2763 				   completion_list);
2764 		list_del(&local->completion_list);
2765 		spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
2766 		free_mad = 0;
2767 		if (local->mad_priv) {
2768 			u8 base_version;
2769 			recv_mad_agent = local->recv_mad_agent;
2770 			if (!recv_mad_agent) {
2771 				dev_err(&mad_agent_priv->agent.device->dev,
2772 					"No receive MAD agent for local completion\n");
2773 				free_mad = 1;
2774 				goto local_send_completion;
2775 			}
2776 
2777 			/*
2778 			 * Defined behavior is to complete response
2779 			 * before request
2780 			 */
2781 			build_smp_wc(recv_mad_agent->agent.qp,
2782 				     local->mad_send_wr->send_wr.wr.wr_cqe,
2783 				     be16_to_cpu(IB_LID_PERMISSIVE),
2784 				     local->mad_send_wr->send_wr.pkey_index,
2785 				     recv_mad_agent->agent.port_num, &wc);
2786 
2787 			local->mad_priv->header.recv_wc.wc = &wc;
2788 
2789 			base_version = ((struct ib_mad_hdr *)(local->mad_priv->mad))->base_version;
2790 			if (opa && base_version == OPA_MGMT_BASE_VERSION) {
2791 				local->mad_priv->header.recv_wc.mad_len = local->return_wc_byte_len;
2792 				local->mad_priv->header.recv_wc.mad_seg_size = sizeof(struct opa_mad);
2793 			} else {
2794 				local->mad_priv->header.recv_wc.mad_len = sizeof(struct ib_mad);
2795 				local->mad_priv->header.recv_wc.mad_seg_size = sizeof(struct ib_mad);
2796 			}
2797 
2798 			INIT_LIST_HEAD(&local->mad_priv->header.recv_wc.rmpp_list);
2799 			list_add(&local->mad_priv->header.recv_wc.recv_buf.list,
2800 				 &local->mad_priv->header.recv_wc.rmpp_list);
2801 			local->mad_priv->header.recv_wc.recv_buf.grh = NULL;
2802 			local->mad_priv->header.recv_wc.recv_buf.mad =
2803 						(struct ib_mad *)local->mad_priv->mad;
2804 			if (atomic_read(&recv_mad_agent->qp_info->snoop_count))
2805 				snoop_recv(recv_mad_agent->qp_info,
2806 					  &local->mad_priv->header.recv_wc,
2807 					   IB_MAD_SNOOP_RECVS);
2808 			recv_mad_agent->agent.recv_handler(
2809 						&recv_mad_agent->agent,
2810 						&local->mad_send_wr->send_buf,
2811 						&local->mad_priv->header.recv_wc);
2812 			spin_lock_irqsave(&recv_mad_agent->lock, flags);
2813 			atomic_dec(&recv_mad_agent->refcount);
2814 			spin_unlock_irqrestore(&recv_mad_agent->lock, flags);
2815 		}
2816 
2817 local_send_completion:
2818 		/* Complete send */
2819 		mad_send_wc.status = IB_WC_SUCCESS;
2820 		mad_send_wc.vendor_err = 0;
2821 		mad_send_wc.send_buf = &local->mad_send_wr->send_buf;
2822 		if (atomic_read(&mad_agent_priv->qp_info->snoop_count))
2823 			snoop_send(mad_agent_priv->qp_info,
2824 				   &local->mad_send_wr->send_buf,
2825 				   &mad_send_wc, IB_MAD_SNOOP_SEND_COMPLETIONS);
2826 		mad_agent_priv->agent.send_handler(&mad_agent_priv->agent,
2827 						   &mad_send_wc);
2828 
2829 		spin_lock_irqsave(&mad_agent_priv->lock, flags);
2830 		atomic_dec(&mad_agent_priv->refcount);
2831 		if (free_mad)
2832 			kfree(local->mad_priv);
2833 		kfree(local);
2834 	}
2835 	spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
2836 }
2837 
retry_send(struct ib_mad_send_wr_private * mad_send_wr)2838 static int retry_send(struct ib_mad_send_wr_private *mad_send_wr)
2839 {
2840 	int ret;
2841 
2842 	if (!mad_send_wr->retries_left)
2843 		return -ETIMEDOUT;
2844 
2845 	mad_send_wr->retries_left--;
2846 	mad_send_wr->send_buf.retries++;
2847 
2848 	mad_send_wr->timeout = msecs_to_jiffies(mad_send_wr->send_buf.timeout_ms);
2849 
2850 	if (ib_mad_kernel_rmpp_agent(&mad_send_wr->mad_agent_priv->agent)) {
2851 		ret = ib_retry_rmpp(mad_send_wr);
2852 		switch (ret) {
2853 		case IB_RMPP_RESULT_UNHANDLED:
2854 			ret = ib_send_mad(mad_send_wr);
2855 			break;
2856 		case IB_RMPP_RESULT_CONSUMED:
2857 			ret = 0;
2858 			break;
2859 		default:
2860 			ret = -ECOMM;
2861 			break;
2862 		}
2863 	} else
2864 		ret = ib_send_mad(mad_send_wr);
2865 
2866 	if (!ret) {
2867 		mad_send_wr->refcount++;
2868 		list_add_tail(&mad_send_wr->agent_list,
2869 			      &mad_send_wr->mad_agent_priv->send_list);
2870 	}
2871 	return ret;
2872 }
2873 
timeout_sends(struct work_struct * work)2874 static void timeout_sends(struct work_struct *work)
2875 {
2876 	struct ib_mad_agent_private *mad_agent_priv;
2877 	struct ib_mad_send_wr_private *mad_send_wr;
2878 	struct ib_mad_send_wc mad_send_wc;
2879 	unsigned long flags, delay;
2880 
2881 	mad_agent_priv = container_of(work, struct ib_mad_agent_private,
2882 				      timed_work.work);
2883 	mad_send_wc.vendor_err = 0;
2884 
2885 	spin_lock_irqsave(&mad_agent_priv->lock, flags);
2886 	while (!list_empty(&mad_agent_priv->wait_list)) {
2887 		mad_send_wr = list_entry(mad_agent_priv->wait_list.next,
2888 					 struct ib_mad_send_wr_private,
2889 					 agent_list);
2890 
2891 		if (time_after(mad_send_wr->timeout, jiffies)) {
2892 			delay = mad_send_wr->timeout - jiffies;
2893 			if ((long)delay <= 0)
2894 				delay = 1;
2895 			queue_delayed_work(mad_agent_priv->qp_info->
2896 					   port_priv->wq,
2897 					   &mad_agent_priv->timed_work, delay);
2898 			break;
2899 		}
2900 
2901 		list_del(&mad_send_wr->agent_list);
2902 		if (mad_send_wr->status == IB_WC_SUCCESS &&
2903 		    !retry_send(mad_send_wr))
2904 			continue;
2905 
2906 		spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
2907 
2908 		if (mad_send_wr->status == IB_WC_SUCCESS)
2909 			mad_send_wc.status = IB_WC_RESP_TIMEOUT_ERR;
2910 		else
2911 			mad_send_wc.status = mad_send_wr->status;
2912 		mad_send_wc.send_buf = &mad_send_wr->send_buf;
2913 		mad_agent_priv->agent.send_handler(&mad_agent_priv->agent,
2914 						   &mad_send_wc);
2915 
2916 		atomic_dec(&mad_agent_priv->refcount);
2917 		spin_lock_irqsave(&mad_agent_priv->lock, flags);
2918 	}
2919 	spin_unlock_irqrestore(&mad_agent_priv->lock, flags);
2920 }
2921 
2922 /*
2923  * Allocate receive MADs and post receive WRs for them
2924  */
ib_mad_post_receive_mads(struct ib_mad_qp_info * qp_info,struct ib_mad_private * mad)2925 static int ib_mad_post_receive_mads(struct ib_mad_qp_info *qp_info,
2926 				    struct ib_mad_private *mad)
2927 {
2928 	unsigned long flags;
2929 	int post, ret;
2930 	struct ib_mad_private *mad_priv;
2931 	struct ib_sge sg_list;
2932 	struct ib_recv_wr recv_wr;
2933 	struct ib_mad_queue *recv_queue = &qp_info->recv_queue;
2934 
2935 	/* Initialize common scatter list fields */
2936 	sg_list.lkey = qp_info->port_priv->pd->local_dma_lkey;
2937 
2938 	/* Initialize common receive WR fields */
2939 	recv_wr.next = NULL;
2940 	recv_wr.sg_list = &sg_list;
2941 	recv_wr.num_sge = 1;
2942 
2943 	do {
2944 		/* Allocate and map receive buffer */
2945 		if (mad) {
2946 			mad_priv = mad;
2947 			mad = NULL;
2948 		} else {
2949 			mad_priv = alloc_mad_private(port_mad_size(qp_info->port_priv),
2950 						     GFP_ATOMIC);
2951 			if (!mad_priv) {
2952 				ret = -ENOMEM;
2953 				break;
2954 			}
2955 		}
2956 		sg_list.length = mad_priv_dma_size(mad_priv);
2957 		sg_list.addr = ib_dma_map_single(qp_info->port_priv->device,
2958 						 &mad_priv->grh,
2959 						 mad_priv_dma_size(mad_priv),
2960 						 DMA_FROM_DEVICE);
2961 		if (unlikely(ib_dma_mapping_error(qp_info->port_priv->device,
2962 						  sg_list.addr))) {
2963 			ret = -ENOMEM;
2964 			break;
2965 		}
2966 		mad_priv->header.mapping = sg_list.addr;
2967 		mad_priv->header.mad_list.mad_queue = recv_queue;
2968 		mad_priv->header.mad_list.cqe.done = ib_mad_recv_done;
2969 		recv_wr.wr_cqe = &mad_priv->header.mad_list.cqe;
2970 
2971 		/* Post receive WR */
2972 		spin_lock_irqsave(&recv_queue->lock, flags);
2973 		post = (++recv_queue->count < recv_queue->max_active);
2974 		list_add_tail(&mad_priv->header.mad_list.list, &recv_queue->list);
2975 		spin_unlock_irqrestore(&recv_queue->lock, flags);
2976 		ret = ib_post_recv(qp_info->qp, &recv_wr, NULL);
2977 		if (ret) {
2978 			spin_lock_irqsave(&recv_queue->lock, flags);
2979 			list_del(&mad_priv->header.mad_list.list);
2980 			recv_queue->count--;
2981 			spin_unlock_irqrestore(&recv_queue->lock, flags);
2982 			ib_dma_unmap_single(qp_info->port_priv->device,
2983 					    mad_priv->header.mapping,
2984 					    mad_priv_dma_size(mad_priv),
2985 					    DMA_FROM_DEVICE);
2986 			kfree(mad_priv);
2987 			dev_err(&qp_info->port_priv->device->dev,
2988 				"ib_post_recv failed: %d\n", ret);
2989 			break;
2990 		}
2991 	} while (post);
2992 
2993 	return ret;
2994 }
2995 
2996 /*
2997  * Return all the posted receive MADs
2998  */
cleanup_recv_queue(struct ib_mad_qp_info * qp_info)2999 static void cleanup_recv_queue(struct ib_mad_qp_info *qp_info)
3000 {
3001 	struct ib_mad_private_header *mad_priv_hdr;
3002 	struct ib_mad_private *recv;
3003 	struct ib_mad_list_head *mad_list;
3004 
3005 	if (!qp_info->qp)
3006 		return;
3007 
3008 	while (!list_empty(&qp_info->recv_queue.list)) {
3009 
3010 		mad_list = list_entry(qp_info->recv_queue.list.next,
3011 				      struct ib_mad_list_head, list);
3012 		mad_priv_hdr = container_of(mad_list,
3013 					    struct ib_mad_private_header,
3014 					    mad_list);
3015 		recv = container_of(mad_priv_hdr, struct ib_mad_private,
3016 				    header);
3017 
3018 		/* Remove from posted receive MAD list */
3019 		list_del(&mad_list->list);
3020 
3021 		ib_dma_unmap_single(qp_info->port_priv->device,
3022 				    recv->header.mapping,
3023 				    mad_priv_dma_size(recv),
3024 				    DMA_FROM_DEVICE);
3025 		kfree(recv);
3026 	}
3027 
3028 	qp_info->recv_queue.count = 0;
3029 }
3030 
3031 /*
3032  * Start the port
3033  */
ib_mad_port_start(struct ib_mad_port_private * port_priv)3034 static int ib_mad_port_start(struct ib_mad_port_private *port_priv)
3035 {
3036 	int ret, i;
3037 	struct ib_qp_attr *attr;
3038 	struct ib_qp *qp;
3039 	u16 pkey_index;
3040 
3041 	attr = kmalloc(sizeof *attr, GFP_KERNEL);
3042 	if (!attr)
3043 		return -ENOMEM;
3044 
3045 	ret = ib_find_pkey(port_priv->device, port_priv->port_num,
3046 			   IB_DEFAULT_PKEY_FULL, &pkey_index);
3047 	if (ret)
3048 		pkey_index = 0;
3049 
3050 	for (i = 0; i < IB_MAD_QPS_CORE; i++) {
3051 		qp = port_priv->qp_info[i].qp;
3052 		if (!qp)
3053 			continue;
3054 
3055 		/*
3056 		 * PKey index for QP1 is irrelevant but
3057 		 * one is needed for the Reset to Init transition
3058 		 */
3059 		attr->qp_state = IB_QPS_INIT;
3060 		attr->pkey_index = pkey_index;
3061 		attr->qkey = (qp->qp_num == 0) ? 0 : IB_QP1_QKEY;
3062 		ret = ib_modify_qp(qp, attr, IB_QP_STATE |
3063 					     IB_QP_PKEY_INDEX | IB_QP_QKEY);
3064 		if (ret) {
3065 			dev_err(&port_priv->device->dev,
3066 				"Couldn't change QP%d state to INIT: %d\n",
3067 				i, ret);
3068 			goto out;
3069 		}
3070 
3071 		attr->qp_state = IB_QPS_RTR;
3072 		ret = ib_modify_qp(qp, attr, IB_QP_STATE);
3073 		if (ret) {
3074 			dev_err(&port_priv->device->dev,
3075 				"Couldn't change QP%d state to RTR: %d\n",
3076 				i, ret);
3077 			goto out;
3078 		}
3079 
3080 		attr->qp_state = IB_QPS_RTS;
3081 		attr->sq_psn = IB_MAD_SEND_Q_PSN;
3082 		ret = ib_modify_qp(qp, attr, IB_QP_STATE | IB_QP_SQ_PSN);
3083 		if (ret) {
3084 			dev_err(&port_priv->device->dev,
3085 				"Couldn't change QP%d state to RTS: %d\n",
3086 				i, ret);
3087 			goto out;
3088 		}
3089 	}
3090 
3091 	ret = ib_req_notify_cq(port_priv->cq, IB_CQ_NEXT_COMP);
3092 	if (ret) {
3093 		dev_err(&port_priv->device->dev,
3094 			"Failed to request completion notification: %d\n",
3095 			ret);
3096 		goto out;
3097 	}
3098 
3099 	for (i = 0; i < IB_MAD_QPS_CORE; i++) {
3100 		if (!port_priv->qp_info[i].qp)
3101 			continue;
3102 
3103 		ret = ib_mad_post_receive_mads(&port_priv->qp_info[i], NULL);
3104 		if (ret) {
3105 			dev_err(&port_priv->device->dev,
3106 				"Couldn't post receive WRs\n");
3107 			goto out;
3108 		}
3109 	}
3110 out:
3111 	kfree(attr);
3112 	return ret;
3113 }
3114 
qp_event_handler(struct ib_event * event,void * qp_context)3115 static void qp_event_handler(struct ib_event *event, void *qp_context)
3116 {
3117 	struct ib_mad_qp_info	*qp_info = qp_context;
3118 
3119 	/* It's worse than that! He's dead, Jim! */
3120 	dev_err(&qp_info->port_priv->device->dev,
3121 		"Fatal error (%d) on MAD QP (%d)\n",
3122 		event->event, qp_info->qp->qp_num);
3123 }
3124 
init_mad_queue(struct ib_mad_qp_info * qp_info,struct ib_mad_queue * mad_queue)3125 static void init_mad_queue(struct ib_mad_qp_info *qp_info,
3126 			   struct ib_mad_queue *mad_queue)
3127 {
3128 	mad_queue->qp_info = qp_info;
3129 	mad_queue->count = 0;
3130 	spin_lock_init(&mad_queue->lock);
3131 	INIT_LIST_HEAD(&mad_queue->list);
3132 }
3133 
init_mad_qp(struct ib_mad_port_private * port_priv,struct ib_mad_qp_info * qp_info)3134 static void init_mad_qp(struct ib_mad_port_private *port_priv,
3135 			struct ib_mad_qp_info *qp_info)
3136 {
3137 	qp_info->port_priv = port_priv;
3138 	init_mad_queue(qp_info, &qp_info->send_queue);
3139 	init_mad_queue(qp_info, &qp_info->recv_queue);
3140 	INIT_LIST_HEAD(&qp_info->overflow_list);
3141 	spin_lock_init(&qp_info->snoop_lock);
3142 	qp_info->snoop_table = NULL;
3143 	qp_info->snoop_table_size = 0;
3144 	atomic_set(&qp_info->snoop_count, 0);
3145 }
3146 
create_mad_qp(struct ib_mad_qp_info * qp_info,enum ib_qp_type qp_type)3147 static int create_mad_qp(struct ib_mad_qp_info *qp_info,
3148 			 enum ib_qp_type qp_type)
3149 {
3150 	struct ib_qp_init_attr	qp_init_attr;
3151 	int ret;
3152 
3153 	memset(&qp_init_attr, 0, sizeof qp_init_attr);
3154 	qp_init_attr.send_cq = qp_info->port_priv->cq;
3155 	qp_init_attr.recv_cq = qp_info->port_priv->cq;
3156 	qp_init_attr.sq_sig_type = IB_SIGNAL_ALL_WR;
3157 	qp_init_attr.cap.max_send_wr = mad_sendq_size;
3158 	qp_init_attr.cap.max_recv_wr = mad_recvq_size;
3159 	qp_init_attr.cap.max_send_sge = IB_MAD_SEND_REQ_MAX_SG;
3160 	qp_init_attr.cap.max_recv_sge = IB_MAD_RECV_REQ_MAX_SG;
3161 	qp_init_attr.qp_type = qp_type;
3162 	qp_init_attr.port_num = qp_info->port_priv->port_num;
3163 	qp_init_attr.qp_context = qp_info;
3164 	qp_init_attr.event_handler = qp_event_handler;
3165 	qp_info->qp = ib_create_qp(qp_info->port_priv->pd, &qp_init_attr);
3166 	if (IS_ERR(qp_info->qp)) {
3167 		dev_err(&qp_info->port_priv->device->dev,
3168 			"Couldn't create ib_mad QP%d\n",
3169 			get_spl_qp_index(qp_type));
3170 		ret = PTR_ERR(qp_info->qp);
3171 		goto error;
3172 	}
3173 	/* Use minimum queue sizes unless the CQ is resized */
3174 	qp_info->send_queue.max_active = mad_sendq_size;
3175 	qp_info->recv_queue.max_active = mad_recvq_size;
3176 	return 0;
3177 
3178 error:
3179 	return ret;
3180 }
3181 
destroy_mad_qp(struct ib_mad_qp_info * qp_info)3182 static void destroy_mad_qp(struct ib_mad_qp_info *qp_info)
3183 {
3184 	if (!qp_info->qp)
3185 		return;
3186 
3187 	ib_destroy_qp(qp_info->qp);
3188 	kfree(qp_info->snoop_table);
3189 }
3190 
3191 /*
3192  * Open the port
3193  * Create the QP, PD, MR, and CQ if needed
3194  */
ib_mad_port_open(struct ib_device * device,int port_num)3195 static int ib_mad_port_open(struct ib_device *device,
3196 			    int port_num)
3197 {
3198 	int ret, cq_size;
3199 	struct ib_mad_port_private *port_priv;
3200 	unsigned long flags;
3201 	char name[sizeof "ib_mad123"];
3202 	int has_smi;
3203 
3204 	if (WARN_ON(rdma_max_mad_size(device, port_num) < IB_MGMT_MAD_SIZE))
3205 		return -EFAULT;
3206 
3207 	if (WARN_ON(rdma_cap_opa_mad(device, port_num) &&
3208 		    rdma_max_mad_size(device, port_num) < OPA_MGMT_MAD_SIZE))
3209 		return -EFAULT;
3210 
3211 	/* Create new device info */
3212 	port_priv = kzalloc(sizeof *port_priv, GFP_KERNEL);
3213 	if (!port_priv)
3214 		return -ENOMEM;
3215 
3216 	port_priv->device = device;
3217 	port_priv->port_num = port_num;
3218 	spin_lock_init(&port_priv->reg_lock);
3219 	init_mad_qp(port_priv, &port_priv->qp_info[0]);
3220 	init_mad_qp(port_priv, &port_priv->qp_info[1]);
3221 
3222 	cq_size = mad_sendq_size + mad_recvq_size;
3223 	has_smi = rdma_cap_ib_smi(device, port_num);
3224 	if (has_smi)
3225 		cq_size *= 2;
3226 
3227 	port_priv->pd = ib_alloc_pd(device, 0);
3228 	if (IS_ERR(port_priv->pd)) {
3229 		dev_err(&device->dev, "Couldn't create ib_mad PD\n");
3230 		ret = PTR_ERR(port_priv->pd);
3231 		goto error3;
3232 	}
3233 
3234 	port_priv->cq = ib_alloc_cq(port_priv->device, port_priv, cq_size, 0,
3235 			IB_POLL_UNBOUND_WORKQUEUE);
3236 	if (IS_ERR(port_priv->cq)) {
3237 		dev_err(&device->dev, "Couldn't create ib_mad CQ\n");
3238 		ret = PTR_ERR(port_priv->cq);
3239 		goto error4;
3240 	}
3241 
3242 	if (has_smi) {
3243 		ret = create_mad_qp(&port_priv->qp_info[0], IB_QPT_SMI);
3244 		if (ret)
3245 			goto error6;
3246 	}
3247 	ret = create_mad_qp(&port_priv->qp_info[1], IB_QPT_GSI);
3248 	if (ret)
3249 		goto error7;
3250 
3251 	snprintf(name, sizeof name, "ib_mad%d", port_num);
3252 	port_priv->wq = alloc_ordered_workqueue(name, WQ_MEM_RECLAIM);
3253 	if (!port_priv->wq) {
3254 		ret = -ENOMEM;
3255 		goto error8;
3256 	}
3257 
3258 	spin_lock_irqsave(&ib_mad_port_list_lock, flags);
3259 	list_add_tail(&port_priv->port_list, &ib_mad_port_list);
3260 	spin_unlock_irqrestore(&ib_mad_port_list_lock, flags);
3261 
3262 	ret = ib_mad_port_start(port_priv);
3263 	if (ret) {
3264 		dev_err(&device->dev, "Couldn't start port\n");
3265 		goto error9;
3266 	}
3267 
3268 	return 0;
3269 
3270 error9:
3271 	spin_lock_irqsave(&ib_mad_port_list_lock, flags);
3272 	list_del_init(&port_priv->port_list);
3273 	spin_unlock_irqrestore(&ib_mad_port_list_lock, flags);
3274 
3275 	destroy_workqueue(port_priv->wq);
3276 error8:
3277 	destroy_mad_qp(&port_priv->qp_info[1]);
3278 error7:
3279 	destroy_mad_qp(&port_priv->qp_info[0]);
3280 error6:
3281 	ib_free_cq(port_priv->cq);
3282 	cleanup_recv_queue(&port_priv->qp_info[1]);
3283 	cleanup_recv_queue(&port_priv->qp_info[0]);
3284 error4:
3285 	ib_dealloc_pd(port_priv->pd);
3286 error3:
3287 	kfree(port_priv);
3288 
3289 	return ret;
3290 }
3291 
3292 /*
3293  * Close the port
3294  * If there are no classes using the port, free the port
3295  * resources (CQ, MR, PD, QP) and remove the port's info structure
3296  */
ib_mad_port_close(struct ib_device * device,int port_num)3297 static int ib_mad_port_close(struct ib_device *device, int port_num)
3298 {
3299 	struct ib_mad_port_private *port_priv;
3300 	unsigned long flags;
3301 
3302 	spin_lock_irqsave(&ib_mad_port_list_lock, flags);
3303 	port_priv = __ib_get_mad_port(device, port_num);
3304 	if (port_priv == NULL) {
3305 		spin_unlock_irqrestore(&ib_mad_port_list_lock, flags);
3306 		dev_err(&device->dev, "Port %d not found\n", port_num);
3307 		return -ENODEV;
3308 	}
3309 	list_del_init(&port_priv->port_list);
3310 	spin_unlock_irqrestore(&ib_mad_port_list_lock, flags);
3311 
3312 	destroy_workqueue(port_priv->wq);
3313 	destroy_mad_qp(&port_priv->qp_info[1]);
3314 	destroy_mad_qp(&port_priv->qp_info[0]);
3315 	ib_free_cq(port_priv->cq);
3316 	ib_dealloc_pd(port_priv->pd);
3317 	cleanup_recv_queue(&port_priv->qp_info[1]);
3318 	cleanup_recv_queue(&port_priv->qp_info[0]);
3319 	/* XXX: Handle deallocation of MAD registration tables */
3320 
3321 	kfree(port_priv);
3322 
3323 	return 0;
3324 }
3325 
ib_mad_init_device(struct ib_device * device)3326 static void ib_mad_init_device(struct ib_device *device)
3327 {
3328 	int start, i;
3329 
3330 	start = rdma_start_port(device);
3331 
3332 	for (i = start; i <= rdma_end_port(device); i++) {
3333 		if (!rdma_cap_ib_mad(device, i))
3334 			continue;
3335 
3336 		if (ib_mad_port_open(device, i)) {
3337 			dev_err(&device->dev, "Couldn't open port %d\n", i);
3338 			goto error;
3339 		}
3340 		if (ib_agent_port_open(device, i)) {
3341 			dev_err(&device->dev,
3342 				"Couldn't open port %d for agents\n", i);
3343 			goto error_agent;
3344 		}
3345 	}
3346 	return;
3347 
3348 error_agent:
3349 	if (ib_mad_port_close(device, i))
3350 		dev_err(&device->dev, "Couldn't close port %d\n", i);
3351 
3352 error:
3353 	while (--i >= start) {
3354 		if (!rdma_cap_ib_mad(device, i))
3355 			continue;
3356 
3357 		if (ib_agent_port_close(device, i))
3358 			dev_err(&device->dev,
3359 				"Couldn't close port %d for agents\n", i);
3360 		if (ib_mad_port_close(device, i))
3361 			dev_err(&device->dev, "Couldn't close port %d\n", i);
3362 	}
3363 }
3364 
ib_mad_remove_device(struct ib_device * device,void * client_data)3365 static void ib_mad_remove_device(struct ib_device *device, void *client_data)
3366 {
3367 	unsigned int i;
3368 
3369 	rdma_for_each_port (device, i) {
3370 		if (!rdma_cap_ib_mad(device, i))
3371 			continue;
3372 
3373 		if (ib_agent_port_close(device, i))
3374 			dev_err(&device->dev,
3375 				"Couldn't close port %d for agents\n", i);
3376 		if (ib_mad_port_close(device, i))
3377 			dev_err(&device->dev, "Couldn't close port %d\n", i);
3378 	}
3379 }
3380 
3381 static struct ib_client mad_client = {
3382 	.name   = "mad",
3383 	.add = ib_mad_init_device,
3384 	.remove = ib_mad_remove_device
3385 };
3386 
ib_mad_init(void)3387 int ib_mad_init(void)
3388 {
3389 	mad_recvq_size = min(mad_recvq_size, IB_MAD_QP_MAX_SIZE);
3390 	mad_recvq_size = max(mad_recvq_size, IB_MAD_QP_MIN_SIZE);
3391 
3392 	mad_sendq_size = min(mad_sendq_size, IB_MAD_QP_MAX_SIZE);
3393 	mad_sendq_size = max(mad_sendq_size, IB_MAD_QP_MIN_SIZE);
3394 
3395 	INIT_LIST_HEAD(&ib_mad_port_list);
3396 
3397 	if (ib_register_client(&mad_client)) {
3398 		pr_err("Couldn't register ib_mad client\n");
3399 		return -EINVAL;
3400 	}
3401 
3402 	return 0;
3403 }
3404 
ib_mad_cleanup(void)3405 void ib_mad_cleanup(void)
3406 {
3407 	ib_unregister_client(&mad_client);
3408 }
3409