2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2004 Topspin Communications. All rights reserved.
|
2006-09-23 06:22:46 +08:00
|
|
|
* Copyright (c) 2005 Voltaire, Inc. All rights reserved.
|
2005-07-28 02:45:42 +08:00
|
|
|
* Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved.
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
* Copyright (c) 2008 Cisco. All rights reserved.
|
2005-04-17 06:20:36 +08:00
|
|
|
*
|
|
|
|
|
* This software is available to you under a choice of one of two
|
|
|
|
|
* licenses. You may choose to be licensed under the terms of the GNU
|
|
|
|
|
* General Public License (GPL) Version 2, available from the file
|
|
|
|
|
* COPYING in the main directory of this source tree, or the
|
|
|
|
|
* OpenIB.org BSD license below:
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or
|
|
|
|
|
* without modification, are permitted provided that the following
|
|
|
|
|
* conditions are met:
|
|
|
|
|
*
|
|
|
|
|
* - Redistributions of source code must retain the above
|
|
|
|
|
* copyright notice, this list of conditions and the following
|
|
|
|
|
* disclaimer.
|
|
|
|
|
*
|
|
|
|
|
* - Redistributions in binary form must reproduce the above
|
|
|
|
|
* copyright notice, this list of conditions and the following
|
|
|
|
|
* disclaimer in the documentation and/or other materials
|
|
|
|
|
* provided with the distribution.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
|
|
|
|
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
|
|
|
|
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
|
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
|
|
|
* SOFTWARE.
|
|
|
|
|
*/
|
|
|
|
|
|
2014-08-09 07:00:52 +08:00
|
|
|
#define pr_fmt(fmt) "user_mad: " fmt
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/module.h>
|
|
|
|
|
#include <linux/init.h>
|
|
|
|
|
#include <linux/device.h>
|
|
|
|
|
#include <linux/err.h>
|
|
|
|
|
#include <linux/fs.h>
|
|
|
|
|
#include <linux/cdev.h>
|
|
|
|
|
#include <linux/dma-mapping.h>
|
|
|
|
|
#include <linux/poll.h>
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
#include <linux/mutex.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
#include <linux/kref.h>
|
2007-10-10 10:59:15 +08:00
|
|
|
#include <linux/compat.h>
|
2009-10-04 20:11:37 +08:00
|
|
|
#include <linux/sched.h>
|
2008-04-19 10:21:05 +08:00
|
|
|
#include <linux/semaphore.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 16:04:11 +08:00
|
|
|
#include <linux/slab.h>
|
2019-07-31 12:39:57 +08:00
|
|
|
#include <linux/nospec.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2016-12-25 03:46:01 +08:00
|
|
|
#include <linux/uaccess.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2005-08-26 04:40:04 +08:00
|
|
|
#include <rdma/ib_mad.h>
|
|
|
|
|
#include <rdma/ib_user_mad.h>
|
2019-06-14 08:38:19 +08:00
|
|
|
#include <rdma/rdma_netlink.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2018-01-08 18:15:38 +08:00
|
|
|
#include "core_priv.h"
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
MODULE_AUTHOR("Roland Dreier");
|
|
|
|
|
MODULE_DESCRIPTION("InfiniBand userspace MAD packet access");
|
|
|
|
|
MODULE_LICENSE("Dual BSD/GPL");
|
|
|
|
|
|
IB/core: Implement a limit on UMAD receive List
The existing behavior of ib_umad, which maintains received MAD
packets in an unbounded list, poses a risk of uncontrolled growth.
As user-space applications extract packets from this list, the rate
of extraction may not match the rate of incoming packets, leading
to potential list overflow.
To address this, we introduce a limit to the size of the list. After
considering typical scenarios, such as OpenSM processing, which can
handle approximately 100k packets per second, and the 1-second retry
timeout for most packets, we set the list size limit to 200k. Packets
received beyond this limit are dropped, assuming they are likely timed
out by the time they are handled by user-space.
Notably, packets queued on the receive list due to reasons like
timed-out sends are preserved even when the list is full.
Signed-off-by: Michael Guralnik <michaelgur@nvidia.com>
Reviewed-by: Mark Zhang <markzhang@nvidia.com>
Link: https://lore.kernel.org/r/7197cb58a7d9e78399008f25036205ceab07fbd5.1713268818.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2024-04-16 20:01:44 +08:00
|
|
|
#define MAX_UMAD_RECV_LIST_SIZE 200000
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
enum {
|
2018-01-08 18:15:38 +08:00
|
|
|
IB_UMAD_MAX_PORTS = RDMA_MAX_PORTS,
|
2005-04-17 06:20:36 +08:00
|
|
|
IB_UMAD_MAX_AGENTS = 32,
|
|
|
|
|
|
|
|
|
|
IB_UMAD_MAJOR = 231,
|
2018-01-08 18:15:38 +08:00
|
|
|
IB_UMAD_MINOR_BASE = 0,
|
|
|
|
|
IB_UMAD_NUM_FIXED_MINOR = 64,
|
|
|
|
|
IB_UMAD_NUM_DYNAMIC_MINOR = IB_UMAD_MAX_PORTS - IB_UMAD_NUM_FIXED_MINOR,
|
|
|
|
|
IB_ISSM_MINOR_BASE = IB_UMAD_NUM_FIXED_MINOR,
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
2005-10-29 06:37:23 +08:00
|
|
|
/*
|
2010-02-03 03:08:30 +08:00
|
|
|
* Our lifetime rules for these structs are the following:
|
|
|
|
|
* device special file is opened, we take a reference on the
|
|
|
|
|
* ib_umad_port's struct ib_umad_device. We drop these
|
2005-10-29 06:37:23 +08:00
|
|
|
* references in the corresponding close().
|
|
|
|
|
*
|
|
|
|
|
* In addition to references coming from open character devices, there
|
|
|
|
|
* is one more reference to each ib_umad_device representing the
|
|
|
|
|
* module's reference taken when allocating the ib_umad_device in
|
|
|
|
|
* ib_umad_add_one().
|
|
|
|
|
*
|
2010-02-03 03:08:30 +08:00
|
|
|
* When destroying an ib_umad_device, we drop the module's reference.
|
2005-10-29 06:37:23 +08:00
|
|
|
*/
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
struct ib_umad_port {
|
2010-02-03 03:08:25 +08:00
|
|
|
struct cdev cdev;
|
2018-12-21 22:19:25 +08:00
|
|
|
struct device dev;
|
2010-02-03 03:08:25 +08:00
|
|
|
struct cdev sm_cdev;
|
2018-12-21 22:19:25 +08:00
|
|
|
struct device sm_dev;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct semaphore sm_sem;
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
struct mutex file_mutex;
|
2005-11-04 04:01:18 +08:00
|
|
|
struct list_head file_list;
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
struct ib_device *ib_dev;
|
|
|
|
|
struct ib_umad_device *umad_dev;
|
2005-10-29 06:37:23 +08:00
|
|
|
int dev_num;
|
2021-03-01 15:04:20 +08:00
|
|
|
u32 port_num;
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct ib_umad_device {
|
2018-12-21 22:19:25 +08:00
|
|
|
struct kref kref;
|
|
|
|
|
struct ib_umad_port ports[];
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct ib_umad_file {
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
struct mutex mutex;
|
2005-11-11 02:18:23 +08:00
|
|
|
struct ib_umad_port *port;
|
|
|
|
|
struct list_head recv_list;
|
IB/core: Implement a limit on UMAD receive List
The existing behavior of ib_umad, which maintains received MAD
packets in an unbounded list, poses a risk of uncontrolled growth.
As user-space applications extract packets from this list, the rate
of extraction may not match the rate of incoming packets, leading
to potential list overflow.
To address this, we introduce a limit to the size of the list. After
considering typical scenarios, such as OpenSM processing, which can
handle approximately 100k packets per second, and the 1-second retry
timeout for most packets, we set the list size limit to 200k. Packets
received beyond this limit are dropped, assuming they are likely timed
out by the time they are handled by user-space.
Notably, packets queued on the receive list due to reasons like
timed-out sends are preserved even when the list is full.
Signed-off-by: Michael Guralnik <michaelgur@nvidia.com>
Reviewed-by: Mark Zhang <markzhang@nvidia.com>
Link: https://lore.kernel.org/r/7197cb58a7d9e78399008f25036205ceab07fbd5.1713268818.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2024-04-16 20:01:44 +08:00
|
|
|
atomic_t recv_list_size;
|
2006-07-20 16:25:50 +08:00
|
|
|
struct list_head send_list;
|
2005-11-11 02:18:23 +08:00
|
|
|
struct list_head port_list;
|
2006-07-20 16:25:50 +08:00
|
|
|
spinlock_t send_lock;
|
2005-11-11 02:18:23 +08:00
|
|
|
wait_queue_head_t recv_wait;
|
|
|
|
|
struct ib_mad_agent *agent[IB_UMAD_MAX_AGENTS];
|
|
|
|
|
int agents_dead;
|
2007-10-10 10:59:15 +08:00
|
|
|
u8 use_pkey_index;
|
|
|
|
|
u8 already_used;
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct ib_umad_packet {
|
2005-07-28 02:45:42 +08:00
|
|
|
struct ib_mad_send_buf *msg;
|
2006-03-04 13:54:13 +08:00
|
|
|
struct ib_mad_recv_wc *recv_wc;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct list_head list;
|
2005-07-28 02:45:42 +08:00
|
|
|
int length;
|
|
|
|
|
struct ib_user_mad mad;
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
RDMA/core: Fix multiple -Warray-bounds warnings
GCC-13 (and Clang)[1] does not like to access a partially allocated
object, since it cannot reason about it for bounds checking.
In this case 140 bytes are allocated for an object of type struct
ib_umad_packet:
packet = kzalloc(sizeof(*packet) + IB_MGMT_RMPP_HDR, GFP_KERNEL);
However, notice that sizeof(*packet) is only 104 bytes:
struct ib_umad_packet {
struct ib_mad_send_buf * msg; /* 0 8 */
struct ib_mad_recv_wc * recv_wc; /* 8 8 */
struct list_head list; /* 16 16 */
int length; /* 32 4 */
/* XXX 4 bytes hole, try to pack */
struct ib_user_mad mad __attribute__((__aligned__(8))); /* 40 64 */
/* size: 104, cachelines: 2, members: 5 */
/* sum members: 100, holes: 1, sum holes: 4 */
/* forced alignments: 1, forced holes: 1, sum forced holes: 4 */
/* last cacheline: 40 bytes */
} __attribute__((__aligned__(8)));
and 36 bytes extra bytes are allocated for a flexible-array member in
struct ib_user_mad:
include/rdma/ib_mad.h:
120 enum {
...
123 IB_MGMT_RMPP_HDR = 36,
... }
struct ib_user_mad {
struct ib_user_mad_hdr hdr; /* 0 64 */
/* --- cacheline 1 boundary (64 bytes) --- */
__u64 data[] __attribute__((__aligned__(8))); /* 64 0 */
/* size: 64, cachelines: 1, members: 2 */
/* forced alignments: 1 */
} __attribute__((__aligned__(8)));
So we have sizeof(*packet) + IB_MGMT_RMPP_HDR == 140 bytes
Then the address of the flex-array member (for which only 36 bytes were
allocated) is casted and copied into a pointer to struct ib_rmpp_mad,
which, in turn, is of size 256 bytes:
rmpp_mad = (struct ib_rmpp_mad *) packet->mad.data;
struct ib_rmpp_mad {
struct ib_mad_hdr mad_hdr; /* 0 24 */
struct ib_rmpp_hdr rmpp_hdr; /* 24 12 */
u8 data[220]; /* 36 220 */
/* size: 256, cachelines: 4, members: 3 */
};
The thing is that those 36 bytes allocated for flex-array member data
in struct ib_user_mad onlly account for the size of both struct ib_mad_hdr
and struct ib_rmpp_hdr, but nothing is left for array u8 data[220].
So, the compiler is legitimately complaining about accessing an object
for which not enough memory was allocated.
Apparently, the only members of struct ib_rmpp_mad that are relevant
(that are actually being used) in function ib_umad_write() are mad_hdr
and rmpp_hdr. So, instead of casting packet->mad.data to
(struct ib_rmpp_mad *) create a new structure
struct ib_rmpp_mad_hdr {
struct ib_mad_hdr mad_hdr;
struct ib_rmpp_hdr rmpp_hdr;
} __packed;
and cast packet->mad.data to (struct ib_rmpp_mad_hdr *).
Notice that
IB_MGMT_RMPP_HDR == sizeof(struct ib_rmpp_mad_hdr) == 36 bytes
Refactor the rest of the code, accordingly.
Fix the following warnings seen under GCC-13 and -Warray-bounds:
drivers/infiniband/core/user_mad.c:564:50: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:566:42: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:618:25: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:622:44: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
Link: https://github.com/KSPP/linux/issues/273
Link: https://godbolt.org/z/oYWaGM4Yb [1]
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/ZBpB91qQcB10m3Fw@work
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2023-03-22 07:47:03 +08:00
|
|
|
struct ib_rmpp_mad_hdr {
|
|
|
|
|
struct ib_mad_hdr mad_hdr;
|
|
|
|
|
struct ib_rmpp_hdr rmpp_hdr;
|
|
|
|
|
} __packed;
|
|
|
|
|
|
2019-03-20 05:11:47 +08:00
|
|
|
#define CREATE_TRACE_POINTS
|
|
|
|
|
#include <trace/events/ib_umad.h>
|
|
|
|
|
|
2018-01-08 18:15:38 +08:00
|
|
|
static const dev_t base_umad_dev = MKDEV(IB_UMAD_MAJOR, IB_UMAD_MINOR_BASE);
|
|
|
|
|
static const dev_t base_issm_dev = MKDEV(IB_UMAD_MAJOR, IB_UMAD_MINOR_BASE) +
|
|
|
|
|
IB_UMAD_NUM_FIXED_MINOR;
|
|
|
|
|
static dev_t dynamic_umad_dev;
|
|
|
|
|
static dev_t dynamic_issm_dev;
|
2005-10-29 06:37:23 +08:00
|
|
|
|
2018-10-02 16:13:30 +08:00
|
|
|
static DEFINE_IDA(umad_ida);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2020-04-22 01:24:40 +08:00
|
|
|
static int ib_umad_add_one(struct ib_device *device);
|
2015-07-30 22:50:14 +08:00
|
|
|
static void ib_umad_remove_one(struct ib_device *device, void *client_data);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2018-12-21 22:19:25 +08:00
|
|
|
static void ib_umad_dev_free(struct kref *kref)
|
2005-10-29 06:37:23 +08:00
|
|
|
{
|
|
|
|
|
struct ib_umad_device *dev =
|
2018-12-21 22:19:25 +08:00
|
|
|
container_of(kref, struct ib_umad_device, kref);
|
2005-10-29 06:37:23 +08:00
|
|
|
|
|
|
|
|
kfree(dev);
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-21 22:19:25 +08:00
|
|
|
static void ib_umad_dev_get(struct ib_umad_device *dev)
|
|
|
|
|
{
|
|
|
|
|
kref_get(&dev->kref);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void ib_umad_dev_put(struct ib_umad_device *dev)
|
|
|
|
|
{
|
|
|
|
|
kref_put(&dev->kref, ib_umad_dev_free);
|
|
|
|
|
}
|
2014-06-07 00:25:04 +08:00
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
static int hdr_size(struct ib_umad_file *file)
|
|
|
|
|
{
|
2021-04-07 16:15:50 +08:00
|
|
|
return file->use_pkey_index ? sizeof(struct ib_user_mad_hdr) :
|
|
|
|
|
sizeof(struct ib_user_mad_hdr_old);
|
2007-10-10 10:59:15 +08:00
|
|
|
}
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
/* caller must hold file->mutex */
|
2005-11-11 02:18:23 +08:00
|
|
|
static struct ib_mad_agent *__get_agent(struct ib_umad_file *file, int id)
|
|
|
|
|
{
|
|
|
|
|
return file->agents_dead ? NULL : file->agent[id];
|
|
|
|
|
}
|
|
|
|
|
|
IB/core: Implement a limit on UMAD receive List
The existing behavior of ib_umad, which maintains received MAD
packets in an unbounded list, poses a risk of uncontrolled growth.
As user-space applications extract packets from this list, the rate
of extraction may not match the rate of incoming packets, leading
to potential list overflow.
To address this, we introduce a limit to the size of the list. After
considering typical scenarios, such as OpenSM processing, which can
handle approximately 100k packets per second, and the 1-second retry
timeout for most packets, we set the list size limit to 200k. Packets
received beyond this limit are dropped, assuming they are likely timed
out by the time they are handled by user-space.
Notably, packets queued on the receive list due to reasons like
timed-out sends are preserved even when the list is full.
Signed-off-by: Michael Guralnik <michaelgur@nvidia.com>
Reviewed-by: Mark Zhang <markzhang@nvidia.com>
Link: https://lore.kernel.org/r/7197cb58a7d9e78399008f25036205ceab07fbd5.1713268818.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2024-04-16 20:01:44 +08:00
|
|
|
static int queue_packet(struct ib_umad_file *file, struct ib_mad_agent *agent,
|
|
|
|
|
struct ib_umad_packet *packet, bool is_recv_mad)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
|
int ret = 1;
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_lock(&file->mutex);
|
2005-11-11 02:18:23 +08:00
|
|
|
|
IB/core: Implement a limit on UMAD receive List
The existing behavior of ib_umad, which maintains received MAD
packets in an unbounded list, poses a risk of uncontrolled growth.
As user-space applications extract packets from this list, the rate
of extraction may not match the rate of incoming packets, leading
to potential list overflow.
To address this, we introduce a limit to the size of the list. After
considering typical scenarios, such as OpenSM processing, which can
handle approximately 100k packets per second, and the 1-second retry
timeout for most packets, we set the list size limit to 200k. Packets
received beyond this limit are dropped, assuming they are likely timed
out by the time they are handled by user-space.
Notably, packets queued on the receive list due to reasons like
timed-out sends are preserved even when the list is full.
Signed-off-by: Michael Guralnik <michaelgur@nvidia.com>
Reviewed-by: Mark Zhang <markzhang@nvidia.com>
Link: https://lore.kernel.org/r/7197cb58a7d9e78399008f25036205ceab07fbd5.1713268818.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2024-04-16 20:01:44 +08:00
|
|
|
if (is_recv_mad &&
|
|
|
|
|
atomic_read(&file->recv_list_size) > MAX_UMAD_RECV_LIST_SIZE)
|
|
|
|
|
goto unlock;
|
|
|
|
|
|
2005-07-28 02:45:42 +08:00
|
|
|
for (packet->mad.hdr.id = 0;
|
|
|
|
|
packet->mad.hdr.id < IB_UMAD_MAX_AGENTS;
|
|
|
|
|
packet->mad.hdr.id++)
|
2005-11-11 02:18:23 +08:00
|
|
|
if (agent == __get_agent(file, packet->mad.hdr.id)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
list_add_tail(&packet->list, &file->recv_list);
|
IB/core: Implement a limit on UMAD receive List
The existing behavior of ib_umad, which maintains received MAD
packets in an unbounded list, poses a risk of uncontrolled growth.
As user-space applications extract packets from this list, the rate
of extraction may not match the rate of incoming packets, leading
to potential list overflow.
To address this, we introduce a limit to the size of the list. After
considering typical scenarios, such as OpenSM processing, which can
handle approximately 100k packets per second, and the 1-second retry
timeout for most packets, we set the list size limit to 200k. Packets
received beyond this limit are dropped, assuming they are likely timed
out by the time they are handled by user-space.
Notably, packets queued on the receive list due to reasons like
timed-out sends are preserved even when the list is full.
Signed-off-by: Michael Guralnik <michaelgur@nvidia.com>
Reviewed-by: Mark Zhang <markzhang@nvidia.com>
Link: https://lore.kernel.org/r/7197cb58a7d9e78399008f25036205ceab07fbd5.1713268818.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2024-04-16 20:01:44 +08:00
|
|
|
atomic_inc(&file->recv_list_size);
|
2005-04-17 06:20:36 +08:00
|
|
|
wake_up_interruptible(&file->recv_wait);
|
|
|
|
|
ret = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
IB/core: Implement a limit on UMAD receive List
The existing behavior of ib_umad, which maintains received MAD
packets in an unbounded list, poses a risk of uncontrolled growth.
As user-space applications extract packets from this list, the rate
of extraction may not match the rate of incoming packets, leading
to potential list overflow.
To address this, we introduce a limit to the size of the list. After
considering typical scenarios, such as OpenSM processing, which can
handle approximately 100k packets per second, and the 1-second retry
timeout for most packets, we set the list size limit to 200k. Packets
received beyond this limit are dropped, assuming they are likely timed
out by the time they are handled by user-space.
Notably, packets queued on the receive list due to reasons like
timed-out sends are preserved even when the list is full.
Signed-off-by: Michael Guralnik <michaelgur@nvidia.com>
Reviewed-by: Mark Zhang <markzhang@nvidia.com>
Link: https://lore.kernel.org/r/7197cb58a7d9e78399008f25036205ceab07fbd5.1713268818.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2024-04-16 20:01:44 +08:00
|
|
|
unlock:
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&file->mutex);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2006-07-20 16:25:50 +08:00
|
|
|
static void dequeue_send(struct ib_umad_file *file,
|
|
|
|
|
struct ib_umad_packet *packet)
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
{
|
2006-07-20 16:25:50 +08:00
|
|
|
spin_lock_irq(&file->send_lock);
|
|
|
|
|
list_del(&packet->list);
|
|
|
|
|
spin_unlock_irq(&file->send_lock);
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
}
|
2006-07-20 16:25:50 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static void send_handler(struct ib_mad_agent *agent,
|
|
|
|
|
struct ib_mad_send_wc *send_wc)
|
|
|
|
|
{
|
|
|
|
|
struct ib_umad_file *file = agent->context;
|
2005-10-26 01:51:39 +08:00
|
|
|
struct ib_umad_packet *packet = send_wc->send_buf->context[0];
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-07-20 16:25:50 +08:00
|
|
|
dequeue_send(file, packet);
|
2018-12-12 17:09:06 +08:00
|
|
|
rdma_destroy_ah(packet->msg->ah, RDMA_DESTROY_AH_SLEEPABLE);
|
2005-07-28 02:45:42 +08:00
|
|
|
ib_free_send_mad(packet->msg);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
if (send_wc->status == IB_WC_RESP_TIMEOUT_ERR) {
|
2006-03-04 13:54:13 +08:00
|
|
|
packet->length = IB_MGMT_MAD_HDR;
|
|
|
|
|
packet->mad.hdr.status = ETIMEDOUT;
|
IB/core: Implement a limit on UMAD receive List
The existing behavior of ib_umad, which maintains received MAD
packets in an unbounded list, poses a risk of uncontrolled growth.
As user-space applications extract packets from this list, the rate
of extraction may not match the rate of incoming packets, leading
to potential list overflow.
To address this, we introduce a limit to the size of the list. After
considering typical scenarios, such as OpenSM processing, which can
handle approximately 100k packets per second, and the 1-second retry
timeout for most packets, we set the list size limit to 200k. Packets
received beyond this limit are dropped, assuming they are likely timed
out by the time they are handled by user-space.
Notably, packets queued on the receive list due to reasons like
timed-out sends are preserved even when the list is full.
Signed-off-by: Michael Guralnik <michaelgur@nvidia.com>
Reviewed-by: Mark Zhang <markzhang@nvidia.com>
Link: https://lore.kernel.org/r/7197cb58a7d9e78399008f25036205ceab07fbd5.1713268818.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2024-04-16 20:01:44 +08:00
|
|
|
if (!queue_packet(file, agent, packet, false))
|
2006-03-04 13:54:13 +08:00
|
|
|
return;
|
2005-07-28 02:45:42 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
kfree(packet);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void recv_handler(struct ib_mad_agent *agent,
|
2016-01-04 21:15:58 +08:00
|
|
|
struct ib_mad_send_buf *send_buf,
|
2005-04-17 06:20:36 +08:00
|
|
|
struct ib_mad_recv_wc *mad_recv_wc)
|
|
|
|
|
{
|
|
|
|
|
struct ib_umad_file *file = agent->context;
|
|
|
|
|
struct ib_umad_packet *packet;
|
|
|
|
|
|
|
|
|
|
if (mad_recv_wc->wc->status != IB_WC_SUCCESS)
|
2006-03-04 13:54:13 +08:00
|
|
|
goto err1;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-03-04 13:54:13 +08:00
|
|
|
packet = kzalloc(sizeof *packet, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!packet)
|
2006-03-04 13:54:13 +08:00
|
|
|
goto err1;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-03-04 13:54:13 +08:00
|
|
|
packet->length = mad_recv_wc->mad_len;
|
|
|
|
|
packet->recv_wc = mad_recv_wc;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
packet->mad.hdr.status = 0;
|
|
|
|
|
packet->mad.hdr.length = hdr_size(file) + mad_recv_wc->mad_len;
|
|
|
|
|
packet->mad.hdr.qpn = cpu_to_be32(mad_recv_wc->wc->src_qp);
|
2017-10-03 02:04:48 +08:00
|
|
|
/*
|
|
|
|
|
* On OPA devices it is okay to lose the upper 16 bits of LID as this
|
|
|
|
|
* information is obtained elsewhere. Mask off the upper 16 bits.
|
|
|
|
|
*/
|
2017-12-23 00:45:52 +08:00
|
|
|
if (rdma_cap_opa_mad(agent->device, agent->port_num))
|
2017-10-03 02:04:48 +08:00
|
|
|
packet->mad.hdr.lid = ib_lid_be16(0xFFFF &
|
|
|
|
|
mad_recv_wc->wc->slid);
|
|
|
|
|
else
|
|
|
|
|
packet->mad.hdr.lid = ib_lid_be16(mad_recv_wc->wc->slid);
|
2007-10-10 10:59:15 +08:00
|
|
|
packet->mad.hdr.sl = mad_recv_wc->wc->sl;
|
|
|
|
|
packet->mad.hdr.path_bits = mad_recv_wc->wc->dlid_path_bits;
|
|
|
|
|
packet->mad.hdr.pkey_index = mad_recv_wc->wc->pkey_index;
|
2005-07-28 02:45:42 +08:00
|
|
|
packet->mad.hdr.grh_present = !!(mad_recv_wc->wc->wc_flags & IB_WC_GRH);
|
|
|
|
|
if (packet->mad.hdr.grh_present) {
|
2017-04-30 02:41:18 +08:00
|
|
|
struct rdma_ah_attr ah_attr;
|
2017-04-30 02:41:28 +08:00
|
|
|
const struct ib_global_route *grh;
|
2017-11-14 20:52:13 +08:00
|
|
|
int ret;
|
2007-04-06 02:49:21 +08:00
|
|
|
|
2017-11-14 20:52:17 +08:00
|
|
|
ret = ib_init_ah_attr_from_wc(agent->device, agent->port_num,
|
|
|
|
|
mad_recv_wc->wc,
|
|
|
|
|
mad_recv_wc->recv_buf.grh,
|
|
|
|
|
&ah_attr);
|
2017-11-14 20:52:13 +08:00
|
|
|
if (ret)
|
|
|
|
|
goto err2;
|
2007-04-06 02:49:21 +08:00
|
|
|
|
2017-04-30 02:41:28 +08:00
|
|
|
grh = rdma_ah_read_grh(&ah_attr);
|
|
|
|
|
packet->mad.hdr.gid_index = grh->sgid_index;
|
|
|
|
|
packet->mad.hdr.hop_limit = grh->hop_limit;
|
|
|
|
|
packet->mad.hdr.traffic_class = grh->traffic_class;
|
|
|
|
|
memcpy(packet->mad.hdr.gid, &grh->dgid, 16);
|
|
|
|
|
packet->mad.hdr.flow_label = cpu_to_be32(grh->flow_label);
|
2018-06-19 15:59:14 +08:00
|
|
|
rdma_destroy_ah_attr(&ah_attr);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
IB/core: Implement a limit on UMAD receive List
The existing behavior of ib_umad, which maintains received MAD
packets in an unbounded list, poses a risk of uncontrolled growth.
As user-space applications extract packets from this list, the rate
of extraction may not match the rate of incoming packets, leading
to potential list overflow.
To address this, we introduce a limit to the size of the list. After
considering typical scenarios, such as OpenSM processing, which can
handle approximately 100k packets per second, and the 1-second retry
timeout for most packets, we set the list size limit to 200k. Packets
received beyond this limit are dropped, assuming they are likely timed
out by the time they are handled by user-space.
Notably, packets queued on the receive list due to reasons like
timed-out sends are preserved even when the list is full.
Signed-off-by: Michael Guralnik <michaelgur@nvidia.com>
Reviewed-by: Mark Zhang <markzhang@nvidia.com>
Link: https://lore.kernel.org/r/7197cb58a7d9e78399008f25036205ceab07fbd5.1713268818.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2024-04-16 20:01:44 +08:00
|
|
|
if (queue_packet(file, agent, packet, true))
|
2006-03-04 13:54:13 +08:00
|
|
|
goto err2;
|
|
|
|
|
return;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-03-04 13:54:13 +08:00
|
|
|
err2:
|
|
|
|
|
kfree(packet);
|
|
|
|
|
err1:
|
2005-04-17 06:20:36 +08:00
|
|
|
ib_free_recv_mad(mad_recv_wc);
|
|
|
|
|
}
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
static ssize_t copy_recv_mad(struct ib_umad_file *file, char __user *buf,
|
|
|
|
|
struct ib_umad_packet *packet, size_t count)
|
2006-03-04 13:54:13 +08:00
|
|
|
{
|
|
|
|
|
struct ib_mad_recv_buf *recv_buf;
|
|
|
|
|
int left, seg_payload, offset, max_seg_payload;
|
2015-06-11 04:16:48 +08:00
|
|
|
size_t seg_size;
|
2006-03-04 13:54:13 +08:00
|
|
|
|
|
|
|
|
recv_buf = &packet->recv_wc->recv_buf;
|
2015-06-11 04:16:48 +08:00
|
|
|
seg_size = packet->recv_wc->mad_seg_size;
|
|
|
|
|
|
|
|
|
|
/* We need enough room to copy the first (or only) MAD segment. */
|
|
|
|
|
if ((packet->length <= seg_size &&
|
2007-10-10 10:59:15 +08:00
|
|
|
count < hdr_size(file) + packet->length) ||
|
2015-06-11 04:16:48 +08:00
|
|
|
(packet->length > seg_size &&
|
|
|
|
|
count < hdr_size(file) + seg_size))
|
2006-03-04 13:54:13 +08:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
if (copy_to_user(buf, &packet->mad, hdr_size(file)))
|
2006-03-04 13:54:13 +08:00
|
|
|
return -EFAULT;
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
buf += hdr_size(file);
|
2015-06-11 04:16:48 +08:00
|
|
|
seg_payload = min_t(int, packet->length, seg_size);
|
2006-03-04 13:54:13 +08:00
|
|
|
if (copy_to_user(buf, recv_buf->mad, seg_payload))
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
|
|
if (seg_payload < packet->length) {
|
|
|
|
|
/*
|
|
|
|
|
* Multipacket RMPP MAD message. Copy remainder of message.
|
|
|
|
|
* Note that last segment may have a shorter payload.
|
|
|
|
|
*/
|
2007-10-10 10:59:15 +08:00
|
|
|
if (count < hdr_size(file) + packet->length) {
|
2006-03-04 13:54:13 +08:00
|
|
|
/*
|
|
|
|
|
* The buffer is too small, return the first RMPP segment,
|
|
|
|
|
* which includes the RMPP message length.
|
|
|
|
|
*/
|
|
|
|
|
return -ENOSPC;
|
|
|
|
|
}
|
2006-03-29 08:40:04 +08:00
|
|
|
offset = ib_get_mad_data_offset(recv_buf->mad->mad_hdr.mgmt_class);
|
2015-06-11 04:16:48 +08:00
|
|
|
max_seg_payload = seg_size - offset;
|
2006-03-04 13:54:13 +08:00
|
|
|
|
|
|
|
|
for (left = packet->length - seg_payload, buf += seg_payload;
|
|
|
|
|
left; left -= seg_payload, buf += seg_payload) {
|
|
|
|
|
recv_buf = container_of(recv_buf->list.next,
|
|
|
|
|
struct ib_mad_recv_buf, list);
|
|
|
|
|
seg_payload = min(left, max_seg_payload);
|
|
|
|
|
if (copy_to_user(buf, ((void *) recv_buf->mad) + offset,
|
|
|
|
|
seg_payload))
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-03-20 05:11:47 +08:00
|
|
|
|
|
|
|
|
trace_ib_umad_read_recv(file, &packet->mad.hdr, &recv_buf->mad->mad_hdr);
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
return hdr_size(file) + packet->length;
|
2006-03-04 13:54:13 +08:00
|
|
|
}
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
static ssize_t copy_send_mad(struct ib_umad_file *file, char __user *buf,
|
|
|
|
|
struct ib_umad_packet *packet, size_t count)
|
2006-03-04 13:54:13 +08:00
|
|
|
{
|
2007-10-10 10:59:15 +08:00
|
|
|
ssize_t size = hdr_size(file) + packet->length;
|
2006-03-04 13:54:13 +08:00
|
|
|
|
|
|
|
|
if (count < size)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
if (copy_to_user(buf, &packet->mad, hdr_size(file)))
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
|
|
buf += hdr_size(file);
|
|
|
|
|
|
|
|
|
|
if (copy_to_user(buf, packet->mad.data, packet->length))
|
2006-03-04 13:54:13 +08:00
|
|
|
return -EFAULT;
|
|
|
|
|
|
2019-03-20 05:11:47 +08:00
|
|
|
trace_ib_umad_read_send(file, &packet->mad.hdr,
|
|
|
|
|
(struct ib_mad_hdr *)&packet->mad.data);
|
|
|
|
|
|
2006-03-04 13:54:13 +08:00
|
|
|
return size;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static ssize_t ib_umad_read(struct file *filp, char __user *buf,
|
|
|
|
|
size_t count, loff_t *pos)
|
|
|
|
|
{
|
|
|
|
|
struct ib_umad_file *file = filp->private_data;
|
|
|
|
|
struct ib_umad_packet *packet;
|
|
|
|
|
ssize_t ret;
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
if (count < hdr_size(file))
|
2005-04-17 06:20:36 +08:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_lock(&file->mutex);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2021-01-25 20:13:38 +08:00
|
|
|
if (file->agents_dead) {
|
|
|
|
|
mutex_unlock(&file->mutex);
|
|
|
|
|
return -EIO;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
while (list_empty(&file->recv_list)) {
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&file->mutex);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
if (filp->f_flags & O_NONBLOCK)
|
|
|
|
|
return -EAGAIN;
|
|
|
|
|
|
|
|
|
|
if (wait_event_interruptible(file->recv_wait,
|
|
|
|
|
!list_empty(&file->recv_list)))
|
|
|
|
|
return -ERESTARTSYS;
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_lock(&file->mutex);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
2021-01-25 20:13:39 +08:00
|
|
|
if (file->agents_dead) {
|
|
|
|
|
mutex_unlock(&file->mutex);
|
|
|
|
|
return -EIO;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
packet = list_entry(file->recv_list.next, struct ib_umad_packet, list);
|
|
|
|
|
list_del(&packet->list);
|
IB/core: Implement a limit on UMAD receive List
The existing behavior of ib_umad, which maintains received MAD
packets in an unbounded list, poses a risk of uncontrolled growth.
As user-space applications extract packets from this list, the rate
of extraction may not match the rate of incoming packets, leading
to potential list overflow.
To address this, we introduce a limit to the size of the list. After
considering typical scenarios, such as OpenSM processing, which can
handle approximately 100k packets per second, and the 1-second retry
timeout for most packets, we set the list size limit to 200k. Packets
received beyond this limit are dropped, assuming they are likely timed
out by the time they are handled by user-space.
Notably, packets queued on the receive list due to reasons like
timed-out sends are preserved even when the list is full.
Signed-off-by: Michael Guralnik <michaelgur@nvidia.com>
Reviewed-by: Mark Zhang <markzhang@nvidia.com>
Link: https://lore.kernel.org/r/7197cb58a7d9e78399008f25036205ceab07fbd5.1713268818.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2024-04-16 20:01:44 +08:00
|
|
|
atomic_dec(&file->recv_list_size);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&file->mutex);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-03-04 13:54:13 +08:00
|
|
|
if (packet->recv_wc)
|
2007-10-10 10:59:15 +08:00
|
|
|
ret = copy_recv_mad(file, buf, packet, count);
|
2005-04-17 06:20:36 +08:00
|
|
|
else
|
2007-10-10 10:59:15 +08:00
|
|
|
ret = copy_send_mad(file, buf, packet, count);
|
2006-03-04 13:54:13 +08:00
|
|
|
|
2005-07-28 02:45:42 +08:00
|
|
|
if (ret < 0) {
|
|
|
|
|
/* Requeue packet */
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_lock(&file->mutex);
|
2005-07-28 02:45:42 +08:00
|
|
|
list_add(&packet->list, &file->recv_list);
|
IB/core: Implement a limit on UMAD receive List
The existing behavior of ib_umad, which maintains received MAD
packets in an unbounded list, poses a risk of uncontrolled growth.
As user-space applications extract packets from this list, the rate
of extraction may not match the rate of incoming packets, leading
to potential list overflow.
To address this, we introduce a limit to the size of the list. After
considering typical scenarios, such as OpenSM processing, which can
handle approximately 100k packets per second, and the 1-second retry
timeout for most packets, we set the list size limit to 200k. Packets
received beyond this limit are dropped, assuming they are likely timed
out by the time they are handled by user-space.
Notably, packets queued on the receive list due to reasons like
timed-out sends are preserved even when the list is full.
Signed-off-by: Michael Guralnik <michaelgur@nvidia.com>
Reviewed-by: Mark Zhang <markzhang@nvidia.com>
Link: https://lore.kernel.org/r/7197cb58a7d9e78399008f25036205ceab07fbd5.1713268818.git.leon@kernel.org
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2024-04-16 20:01:44 +08:00
|
|
|
atomic_inc(&file->recv_list_size);
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&file->mutex);
|
2006-03-04 13:54:13 +08:00
|
|
|
} else {
|
|
|
|
|
if (packet->recv_wc)
|
|
|
|
|
ib_free_recv_mad(packet->recv_wc);
|
2005-07-28 02:45:42 +08:00
|
|
|
kfree(packet);
|
2006-03-04 13:54:13 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2006-03-04 13:54:13 +08:00
|
|
|
static int copy_rmpp_mad(struct ib_mad_send_buf *msg, const char __user *buf)
|
|
|
|
|
{
|
|
|
|
|
int left, seg;
|
|
|
|
|
|
|
|
|
|
/* Copy class specific header */
|
|
|
|
|
if ((msg->hdr_len > IB_MGMT_RMPP_HDR) &&
|
|
|
|
|
copy_from_user(msg->mad + IB_MGMT_RMPP_HDR, buf + IB_MGMT_RMPP_HDR,
|
|
|
|
|
msg->hdr_len - IB_MGMT_RMPP_HDR))
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
|
|
|
|
|
/* All headers are in place. Copy data segments. */
|
|
|
|
|
for (seg = 1, left = msg->data_len, buf += msg->hdr_len; left > 0;
|
|
|
|
|
seg++, left -= msg->seg_size, buf += msg->seg_size) {
|
|
|
|
|
if (copy_from_user(ib_get_rmpp_segment(msg, seg), buf,
|
|
|
|
|
min(left, msg->seg_size)))
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2006-07-20 16:25:50 +08:00
|
|
|
static int same_destination(struct ib_user_mad_hdr *hdr1,
|
|
|
|
|
struct ib_user_mad_hdr *hdr2)
|
|
|
|
|
{
|
|
|
|
|
if (!hdr1->grh_present && !hdr2->grh_present)
|
|
|
|
|
return (hdr1->lid == hdr2->lid);
|
|
|
|
|
|
|
|
|
|
if (hdr1->grh_present && hdr2->grh_present)
|
|
|
|
|
return !memcmp(hdr1->gid, hdr2->gid, 16);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int is_duplicate(struct ib_umad_file *file,
|
|
|
|
|
struct ib_umad_packet *packet)
|
|
|
|
|
{
|
|
|
|
|
struct ib_umad_packet *sent_packet;
|
|
|
|
|
struct ib_mad_hdr *sent_hdr, *hdr;
|
|
|
|
|
|
|
|
|
|
hdr = (struct ib_mad_hdr *) packet->mad.data;
|
|
|
|
|
list_for_each_entry(sent_packet, &file->send_list, list) {
|
|
|
|
|
sent_hdr = (struct ib_mad_hdr *) sent_packet->mad.data;
|
|
|
|
|
|
|
|
|
|
if ((hdr->tid != sent_hdr->tid) ||
|
|
|
|
|
(hdr->mgmt_class != sent_hdr->mgmt_class))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* No need to be overly clever here. If two new operations have
|
|
|
|
|
* the same TID, reject the second as a duplicate. This is more
|
|
|
|
|
* restrictive than required by the spec.
|
|
|
|
|
*/
|
2015-05-09 02:27:22 +08:00
|
|
|
if (!ib_response_mad(hdr)) {
|
|
|
|
|
if (!ib_response_mad(sent_hdr))
|
2006-07-20 16:25:50 +08:00
|
|
|
return 1;
|
|
|
|
|
continue;
|
2015-05-09 02:27:22 +08:00
|
|
|
} else if (!ib_response_mad(sent_hdr))
|
2006-07-20 16:25:50 +08:00
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (same_destination(&packet->mad.hdr, &sent_packet->mad.hdr))
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static ssize_t ib_umad_write(struct file *filp, const char __user *buf,
|
|
|
|
|
size_t count, loff_t *pos)
|
|
|
|
|
{
|
|
|
|
|
struct ib_umad_file *file = filp->private_data;
|
RDMA/core: Fix multiple -Warray-bounds warnings
GCC-13 (and Clang)[1] does not like to access a partially allocated
object, since it cannot reason about it for bounds checking.
In this case 140 bytes are allocated for an object of type struct
ib_umad_packet:
packet = kzalloc(sizeof(*packet) + IB_MGMT_RMPP_HDR, GFP_KERNEL);
However, notice that sizeof(*packet) is only 104 bytes:
struct ib_umad_packet {
struct ib_mad_send_buf * msg; /* 0 8 */
struct ib_mad_recv_wc * recv_wc; /* 8 8 */
struct list_head list; /* 16 16 */
int length; /* 32 4 */
/* XXX 4 bytes hole, try to pack */
struct ib_user_mad mad __attribute__((__aligned__(8))); /* 40 64 */
/* size: 104, cachelines: 2, members: 5 */
/* sum members: 100, holes: 1, sum holes: 4 */
/* forced alignments: 1, forced holes: 1, sum forced holes: 4 */
/* last cacheline: 40 bytes */
} __attribute__((__aligned__(8)));
and 36 bytes extra bytes are allocated for a flexible-array member in
struct ib_user_mad:
include/rdma/ib_mad.h:
120 enum {
...
123 IB_MGMT_RMPP_HDR = 36,
... }
struct ib_user_mad {
struct ib_user_mad_hdr hdr; /* 0 64 */
/* --- cacheline 1 boundary (64 bytes) --- */
__u64 data[] __attribute__((__aligned__(8))); /* 64 0 */
/* size: 64, cachelines: 1, members: 2 */
/* forced alignments: 1 */
} __attribute__((__aligned__(8)));
So we have sizeof(*packet) + IB_MGMT_RMPP_HDR == 140 bytes
Then the address of the flex-array member (for which only 36 bytes were
allocated) is casted and copied into a pointer to struct ib_rmpp_mad,
which, in turn, is of size 256 bytes:
rmpp_mad = (struct ib_rmpp_mad *) packet->mad.data;
struct ib_rmpp_mad {
struct ib_mad_hdr mad_hdr; /* 0 24 */
struct ib_rmpp_hdr rmpp_hdr; /* 24 12 */
u8 data[220]; /* 36 220 */
/* size: 256, cachelines: 4, members: 3 */
};
The thing is that those 36 bytes allocated for flex-array member data
in struct ib_user_mad onlly account for the size of both struct ib_mad_hdr
and struct ib_rmpp_hdr, but nothing is left for array u8 data[220].
So, the compiler is legitimately complaining about accessing an object
for which not enough memory was allocated.
Apparently, the only members of struct ib_rmpp_mad that are relevant
(that are actually being used) in function ib_umad_write() are mad_hdr
and rmpp_hdr. So, instead of casting packet->mad.data to
(struct ib_rmpp_mad *) create a new structure
struct ib_rmpp_mad_hdr {
struct ib_mad_hdr mad_hdr;
struct ib_rmpp_hdr rmpp_hdr;
} __packed;
and cast packet->mad.data to (struct ib_rmpp_mad_hdr *).
Notice that
IB_MGMT_RMPP_HDR == sizeof(struct ib_rmpp_mad_hdr) == 36 bytes
Refactor the rest of the code, accordingly.
Fix the following warnings seen under GCC-13 and -Warray-bounds:
drivers/infiniband/core/user_mad.c:564:50: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:566:42: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:618:25: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:622:44: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
Link: https://github.com/KSPP/linux/issues/273
Link: https://godbolt.org/z/oYWaGM4Yb [1]
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/ZBpB91qQcB10m3Fw@work
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2023-03-22 07:47:03 +08:00
|
|
|
struct ib_rmpp_mad_hdr *rmpp_mad_hdr;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct ib_umad_packet *packet;
|
|
|
|
|
struct ib_mad_agent *agent;
|
2017-04-30 02:41:18 +08:00
|
|
|
struct rdma_ah_attr ah_attr;
|
2005-10-26 01:51:39 +08:00
|
|
|
struct ib_ah *ah;
|
2005-08-14 12:05:57 +08:00
|
|
|
__be64 *tid;
|
2006-03-04 13:54:13 +08:00
|
|
|
int ret, data_len, hdr_len, copy_offset, rmpp_active;
|
2015-06-11 04:16:48 +08:00
|
|
|
u8 base_version;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
if (count < hdr_size(file) + IB_MGMT_RMPP_HDR)
|
2005-04-17 06:20:36 +08:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
RDMA/core: Fix multiple -Warray-bounds warnings
GCC-13 (and Clang)[1] does not like to access a partially allocated
object, since it cannot reason about it for bounds checking.
In this case 140 bytes are allocated for an object of type struct
ib_umad_packet:
packet = kzalloc(sizeof(*packet) + IB_MGMT_RMPP_HDR, GFP_KERNEL);
However, notice that sizeof(*packet) is only 104 bytes:
struct ib_umad_packet {
struct ib_mad_send_buf * msg; /* 0 8 */
struct ib_mad_recv_wc * recv_wc; /* 8 8 */
struct list_head list; /* 16 16 */
int length; /* 32 4 */
/* XXX 4 bytes hole, try to pack */
struct ib_user_mad mad __attribute__((__aligned__(8))); /* 40 64 */
/* size: 104, cachelines: 2, members: 5 */
/* sum members: 100, holes: 1, sum holes: 4 */
/* forced alignments: 1, forced holes: 1, sum forced holes: 4 */
/* last cacheline: 40 bytes */
} __attribute__((__aligned__(8)));
and 36 bytes extra bytes are allocated for a flexible-array member in
struct ib_user_mad:
include/rdma/ib_mad.h:
120 enum {
...
123 IB_MGMT_RMPP_HDR = 36,
... }
struct ib_user_mad {
struct ib_user_mad_hdr hdr; /* 0 64 */
/* --- cacheline 1 boundary (64 bytes) --- */
__u64 data[] __attribute__((__aligned__(8))); /* 64 0 */
/* size: 64, cachelines: 1, members: 2 */
/* forced alignments: 1 */
} __attribute__((__aligned__(8)));
So we have sizeof(*packet) + IB_MGMT_RMPP_HDR == 140 bytes
Then the address of the flex-array member (for which only 36 bytes were
allocated) is casted and copied into a pointer to struct ib_rmpp_mad,
which, in turn, is of size 256 bytes:
rmpp_mad = (struct ib_rmpp_mad *) packet->mad.data;
struct ib_rmpp_mad {
struct ib_mad_hdr mad_hdr; /* 0 24 */
struct ib_rmpp_hdr rmpp_hdr; /* 24 12 */
u8 data[220]; /* 36 220 */
/* size: 256, cachelines: 4, members: 3 */
};
The thing is that those 36 bytes allocated for flex-array member data
in struct ib_user_mad onlly account for the size of both struct ib_mad_hdr
and struct ib_rmpp_hdr, but nothing is left for array u8 data[220].
So, the compiler is legitimately complaining about accessing an object
for which not enough memory was allocated.
Apparently, the only members of struct ib_rmpp_mad that are relevant
(that are actually being used) in function ib_umad_write() are mad_hdr
and rmpp_hdr. So, instead of casting packet->mad.data to
(struct ib_rmpp_mad *) create a new structure
struct ib_rmpp_mad_hdr {
struct ib_mad_hdr mad_hdr;
struct ib_rmpp_hdr rmpp_hdr;
} __packed;
and cast packet->mad.data to (struct ib_rmpp_mad_hdr *).
Notice that
IB_MGMT_RMPP_HDR == sizeof(struct ib_rmpp_mad_hdr) == 36 bytes
Refactor the rest of the code, accordingly.
Fix the following warnings seen under GCC-13 and -Warray-bounds:
drivers/infiniband/core/user_mad.c:564:50: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:566:42: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:618:25: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:622:44: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
Link: https://github.com/KSPP/linux/issues/273
Link: https://godbolt.org/z/oYWaGM4Yb [1]
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/ZBpB91qQcB10m3Fw@work
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2023-03-22 07:47:03 +08:00
|
|
|
packet = kzalloc(sizeof(*packet) + IB_MGMT_RMPP_HDR, GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!packet)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
if (copy_from_user(&packet->mad, buf, hdr_size(file))) {
|
2005-07-28 02:45:42 +08:00
|
|
|
ret = -EFAULT;
|
|
|
|
|
goto err;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
2011-10-07 00:33:05 +08:00
|
|
|
if (packet->mad.hdr.id >= IB_UMAD_MAX_AGENTS) {
|
2005-04-17 06:20:36 +08:00
|
|
|
ret = -EINVAL;
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
buf += hdr_size(file);
|
|
|
|
|
|
|
|
|
|
if (copy_from_user(packet->mad.data, buf, IB_MGMT_RMPP_HDR)) {
|
|
|
|
|
ret = -EFAULT;
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_lock(&file->mutex);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2019-03-20 05:11:47 +08:00
|
|
|
trace_ib_umad_write(file, &packet->mad.hdr,
|
|
|
|
|
(struct ib_mad_hdr *)&packet->mad.data);
|
|
|
|
|
|
2005-11-11 02:18:23 +08:00
|
|
|
agent = __get_agent(file, packet->mad.hdr.id);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!agent) {
|
2021-01-25 20:13:38 +08:00
|
|
|
ret = -EIO;
|
2005-04-17 06:20:36 +08:00
|
|
|
goto err_up;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memset(&ah_attr, 0, sizeof ah_attr);
|
2018-01-28 17:25:29 +08:00
|
|
|
ah_attr.type = rdma_ah_find_type(agent->device,
|
2017-04-30 02:41:29 +08:00
|
|
|
file->port->port_num);
|
2017-04-30 02:41:28 +08:00
|
|
|
rdma_ah_set_dlid(&ah_attr, be16_to_cpu(packet->mad.hdr.lid));
|
|
|
|
|
rdma_ah_set_sl(&ah_attr, packet->mad.hdr.sl);
|
|
|
|
|
rdma_ah_set_path_bits(&ah_attr, packet->mad.hdr.path_bits);
|
|
|
|
|
rdma_ah_set_port_num(&ah_attr, file->port->port_num);
|
2005-07-28 02:45:42 +08:00
|
|
|
if (packet->mad.hdr.grh_present) {
|
2017-04-30 02:41:28 +08:00
|
|
|
rdma_ah_set_grh(&ah_attr, NULL,
|
|
|
|
|
be32_to_cpu(packet->mad.hdr.flow_label),
|
|
|
|
|
packet->mad.hdr.gid_index,
|
|
|
|
|
packet->mad.hdr.hop_limit,
|
|
|
|
|
packet->mad.hdr.traffic_class);
|
|
|
|
|
rdma_ah_set_dgid_raw(&ah_attr, packet->mad.hdr.gid);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
2017-10-16 13:45:12 +08:00
|
|
|
ah = rdma_create_user_ah(agent->qp->pd, &ah_attr, NULL);
|
2005-10-26 01:51:39 +08:00
|
|
|
if (IS_ERR(ah)) {
|
|
|
|
|
ret = PTR_ERR(ah);
|
2005-04-17 06:20:36 +08:00
|
|
|
goto err_up;
|
|
|
|
|
}
|
|
|
|
|
|
RDMA/core: Fix multiple -Warray-bounds warnings
GCC-13 (and Clang)[1] does not like to access a partially allocated
object, since it cannot reason about it for bounds checking.
In this case 140 bytes are allocated for an object of type struct
ib_umad_packet:
packet = kzalloc(sizeof(*packet) + IB_MGMT_RMPP_HDR, GFP_KERNEL);
However, notice that sizeof(*packet) is only 104 bytes:
struct ib_umad_packet {
struct ib_mad_send_buf * msg; /* 0 8 */
struct ib_mad_recv_wc * recv_wc; /* 8 8 */
struct list_head list; /* 16 16 */
int length; /* 32 4 */
/* XXX 4 bytes hole, try to pack */
struct ib_user_mad mad __attribute__((__aligned__(8))); /* 40 64 */
/* size: 104, cachelines: 2, members: 5 */
/* sum members: 100, holes: 1, sum holes: 4 */
/* forced alignments: 1, forced holes: 1, sum forced holes: 4 */
/* last cacheline: 40 bytes */
} __attribute__((__aligned__(8)));
and 36 bytes extra bytes are allocated for a flexible-array member in
struct ib_user_mad:
include/rdma/ib_mad.h:
120 enum {
...
123 IB_MGMT_RMPP_HDR = 36,
... }
struct ib_user_mad {
struct ib_user_mad_hdr hdr; /* 0 64 */
/* --- cacheline 1 boundary (64 bytes) --- */
__u64 data[] __attribute__((__aligned__(8))); /* 64 0 */
/* size: 64, cachelines: 1, members: 2 */
/* forced alignments: 1 */
} __attribute__((__aligned__(8)));
So we have sizeof(*packet) + IB_MGMT_RMPP_HDR == 140 bytes
Then the address of the flex-array member (for which only 36 bytes were
allocated) is casted and copied into a pointer to struct ib_rmpp_mad,
which, in turn, is of size 256 bytes:
rmpp_mad = (struct ib_rmpp_mad *) packet->mad.data;
struct ib_rmpp_mad {
struct ib_mad_hdr mad_hdr; /* 0 24 */
struct ib_rmpp_hdr rmpp_hdr; /* 24 12 */
u8 data[220]; /* 36 220 */
/* size: 256, cachelines: 4, members: 3 */
};
The thing is that those 36 bytes allocated for flex-array member data
in struct ib_user_mad onlly account for the size of both struct ib_mad_hdr
and struct ib_rmpp_hdr, but nothing is left for array u8 data[220].
So, the compiler is legitimately complaining about accessing an object
for which not enough memory was allocated.
Apparently, the only members of struct ib_rmpp_mad that are relevant
(that are actually being used) in function ib_umad_write() are mad_hdr
and rmpp_hdr. So, instead of casting packet->mad.data to
(struct ib_rmpp_mad *) create a new structure
struct ib_rmpp_mad_hdr {
struct ib_mad_hdr mad_hdr;
struct ib_rmpp_hdr rmpp_hdr;
} __packed;
and cast packet->mad.data to (struct ib_rmpp_mad_hdr *).
Notice that
IB_MGMT_RMPP_HDR == sizeof(struct ib_rmpp_mad_hdr) == 36 bytes
Refactor the rest of the code, accordingly.
Fix the following warnings seen under GCC-13 and -Warray-bounds:
drivers/infiniband/core/user_mad.c:564:50: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:566:42: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:618:25: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:622:44: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
Link: https://github.com/KSPP/linux/issues/273
Link: https://godbolt.org/z/oYWaGM4Yb [1]
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/ZBpB91qQcB10m3Fw@work
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2023-03-22 07:47:03 +08:00
|
|
|
rmpp_mad_hdr = (struct ib_rmpp_mad_hdr *)packet->mad.data;
|
|
|
|
|
hdr_len = ib_get_mad_data_offset(rmpp_mad_hdr->mad_hdr.mgmt_class);
|
2014-08-09 07:00:56 +08:00
|
|
|
|
RDMA/core: Fix multiple -Warray-bounds warnings
GCC-13 (and Clang)[1] does not like to access a partially allocated
object, since it cannot reason about it for bounds checking.
In this case 140 bytes are allocated for an object of type struct
ib_umad_packet:
packet = kzalloc(sizeof(*packet) + IB_MGMT_RMPP_HDR, GFP_KERNEL);
However, notice that sizeof(*packet) is only 104 bytes:
struct ib_umad_packet {
struct ib_mad_send_buf * msg; /* 0 8 */
struct ib_mad_recv_wc * recv_wc; /* 8 8 */
struct list_head list; /* 16 16 */
int length; /* 32 4 */
/* XXX 4 bytes hole, try to pack */
struct ib_user_mad mad __attribute__((__aligned__(8))); /* 40 64 */
/* size: 104, cachelines: 2, members: 5 */
/* sum members: 100, holes: 1, sum holes: 4 */
/* forced alignments: 1, forced holes: 1, sum forced holes: 4 */
/* last cacheline: 40 bytes */
} __attribute__((__aligned__(8)));
and 36 bytes extra bytes are allocated for a flexible-array member in
struct ib_user_mad:
include/rdma/ib_mad.h:
120 enum {
...
123 IB_MGMT_RMPP_HDR = 36,
... }
struct ib_user_mad {
struct ib_user_mad_hdr hdr; /* 0 64 */
/* --- cacheline 1 boundary (64 bytes) --- */
__u64 data[] __attribute__((__aligned__(8))); /* 64 0 */
/* size: 64, cachelines: 1, members: 2 */
/* forced alignments: 1 */
} __attribute__((__aligned__(8)));
So we have sizeof(*packet) + IB_MGMT_RMPP_HDR == 140 bytes
Then the address of the flex-array member (for which only 36 bytes were
allocated) is casted and copied into a pointer to struct ib_rmpp_mad,
which, in turn, is of size 256 bytes:
rmpp_mad = (struct ib_rmpp_mad *) packet->mad.data;
struct ib_rmpp_mad {
struct ib_mad_hdr mad_hdr; /* 0 24 */
struct ib_rmpp_hdr rmpp_hdr; /* 24 12 */
u8 data[220]; /* 36 220 */
/* size: 256, cachelines: 4, members: 3 */
};
The thing is that those 36 bytes allocated for flex-array member data
in struct ib_user_mad onlly account for the size of both struct ib_mad_hdr
and struct ib_rmpp_hdr, but nothing is left for array u8 data[220].
So, the compiler is legitimately complaining about accessing an object
for which not enough memory was allocated.
Apparently, the only members of struct ib_rmpp_mad that are relevant
(that are actually being used) in function ib_umad_write() are mad_hdr
and rmpp_hdr. So, instead of casting packet->mad.data to
(struct ib_rmpp_mad *) create a new structure
struct ib_rmpp_mad_hdr {
struct ib_mad_hdr mad_hdr;
struct ib_rmpp_hdr rmpp_hdr;
} __packed;
and cast packet->mad.data to (struct ib_rmpp_mad_hdr *).
Notice that
IB_MGMT_RMPP_HDR == sizeof(struct ib_rmpp_mad_hdr) == 36 bytes
Refactor the rest of the code, accordingly.
Fix the following warnings seen under GCC-13 and -Warray-bounds:
drivers/infiniband/core/user_mad.c:564:50: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:566:42: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:618:25: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:622:44: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
Link: https://github.com/KSPP/linux/issues/273
Link: https://godbolt.org/z/oYWaGM4Yb [1]
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/ZBpB91qQcB10m3Fw@work
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2023-03-22 07:47:03 +08:00
|
|
|
if (ib_is_mad_class_rmpp(rmpp_mad_hdr->mad_hdr.mgmt_class)
|
2014-08-09 07:00:56 +08:00
|
|
|
&& ib_mad_kernel_rmpp_agent(agent)) {
|
2006-03-04 13:54:13 +08:00
|
|
|
copy_offset = IB_MGMT_RMPP_HDR;
|
RDMA/core: Fix multiple -Warray-bounds warnings
GCC-13 (and Clang)[1] does not like to access a partially allocated
object, since it cannot reason about it for bounds checking.
In this case 140 bytes are allocated for an object of type struct
ib_umad_packet:
packet = kzalloc(sizeof(*packet) + IB_MGMT_RMPP_HDR, GFP_KERNEL);
However, notice that sizeof(*packet) is only 104 bytes:
struct ib_umad_packet {
struct ib_mad_send_buf * msg; /* 0 8 */
struct ib_mad_recv_wc * recv_wc; /* 8 8 */
struct list_head list; /* 16 16 */
int length; /* 32 4 */
/* XXX 4 bytes hole, try to pack */
struct ib_user_mad mad __attribute__((__aligned__(8))); /* 40 64 */
/* size: 104, cachelines: 2, members: 5 */
/* sum members: 100, holes: 1, sum holes: 4 */
/* forced alignments: 1, forced holes: 1, sum forced holes: 4 */
/* last cacheline: 40 bytes */
} __attribute__((__aligned__(8)));
and 36 bytes extra bytes are allocated for a flexible-array member in
struct ib_user_mad:
include/rdma/ib_mad.h:
120 enum {
...
123 IB_MGMT_RMPP_HDR = 36,
... }
struct ib_user_mad {
struct ib_user_mad_hdr hdr; /* 0 64 */
/* --- cacheline 1 boundary (64 bytes) --- */
__u64 data[] __attribute__((__aligned__(8))); /* 64 0 */
/* size: 64, cachelines: 1, members: 2 */
/* forced alignments: 1 */
} __attribute__((__aligned__(8)));
So we have sizeof(*packet) + IB_MGMT_RMPP_HDR == 140 bytes
Then the address of the flex-array member (for which only 36 bytes were
allocated) is casted and copied into a pointer to struct ib_rmpp_mad,
which, in turn, is of size 256 bytes:
rmpp_mad = (struct ib_rmpp_mad *) packet->mad.data;
struct ib_rmpp_mad {
struct ib_mad_hdr mad_hdr; /* 0 24 */
struct ib_rmpp_hdr rmpp_hdr; /* 24 12 */
u8 data[220]; /* 36 220 */
/* size: 256, cachelines: 4, members: 3 */
};
The thing is that those 36 bytes allocated for flex-array member data
in struct ib_user_mad onlly account for the size of both struct ib_mad_hdr
and struct ib_rmpp_hdr, but nothing is left for array u8 data[220].
So, the compiler is legitimately complaining about accessing an object
for which not enough memory was allocated.
Apparently, the only members of struct ib_rmpp_mad that are relevant
(that are actually being used) in function ib_umad_write() are mad_hdr
and rmpp_hdr. So, instead of casting packet->mad.data to
(struct ib_rmpp_mad *) create a new structure
struct ib_rmpp_mad_hdr {
struct ib_mad_hdr mad_hdr;
struct ib_rmpp_hdr rmpp_hdr;
} __packed;
and cast packet->mad.data to (struct ib_rmpp_mad_hdr *).
Notice that
IB_MGMT_RMPP_HDR == sizeof(struct ib_rmpp_mad_hdr) == 36 bytes
Refactor the rest of the code, accordingly.
Fix the following warnings seen under GCC-13 and -Warray-bounds:
drivers/infiniband/core/user_mad.c:564:50: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:566:42: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:618:25: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:622:44: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
Link: https://github.com/KSPP/linux/issues/273
Link: https://godbolt.org/z/oYWaGM4Yb [1]
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/ZBpB91qQcB10m3Fw@work
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2023-03-22 07:47:03 +08:00
|
|
|
rmpp_active = ib_get_rmpp_flags(&rmpp_mad_hdr->rmpp_hdr) &
|
2014-08-09 07:00:56 +08:00
|
|
|
IB_MGMT_RMPP_FLAG_ACTIVE;
|
|
|
|
|
} else {
|
|
|
|
|
copy_offset = IB_MGMT_MAD_HDR;
|
|
|
|
|
rmpp_active = 0;
|
2005-07-28 02:45:42 +08:00
|
|
|
}
|
|
|
|
|
|
2015-06-11 04:16:48 +08:00
|
|
|
base_version = ((struct ib_mad_hdr *)&packet->mad.data)->base_version;
|
2007-10-10 10:59:15 +08:00
|
|
|
data_len = count - hdr_size(file) - hdr_len;
|
2005-07-28 02:45:42 +08:00
|
|
|
packet->msg = ib_create_send_mad(agent,
|
|
|
|
|
be32_to_cpu(packet->mad.hdr.qpn),
|
2007-10-10 10:59:15 +08:00
|
|
|
packet->mad.hdr.pkey_index, rmpp_active,
|
2015-06-07 02:38:28 +08:00
|
|
|
hdr_len, data_len, GFP_KERNEL,
|
2015-06-11 04:16:48 +08:00
|
|
|
base_version);
|
2005-07-28 02:45:42 +08:00
|
|
|
if (IS_ERR(packet->msg)) {
|
|
|
|
|
ret = PTR_ERR(packet->msg);
|
|
|
|
|
goto err_ah;
|
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2010-02-03 03:08:50 +08:00
|
|
|
packet->msg->ah = ah;
|
2005-10-26 01:51:39 +08:00
|
|
|
packet->msg->timeout_ms = packet->mad.hdr.timeout_ms;
|
2010-02-03 03:08:50 +08:00
|
|
|
packet->msg->retries = packet->mad.hdr.retries;
|
2005-10-26 01:51:39 +08:00
|
|
|
packet->msg->context[0] = packet;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-03-04 13:54:13 +08:00
|
|
|
/* Copy MAD header. Any RMPP header is already in place. */
|
2005-10-28 11:48:11 +08:00
|
|
|
memcpy(packet->msg->mad, packet->mad.data, IB_MGMT_MAD_HDR);
|
2006-03-04 13:54:13 +08:00
|
|
|
|
|
|
|
|
if (!rmpp_active) {
|
|
|
|
|
if (copy_from_user(packet->msg->mad + copy_offset,
|
|
|
|
|
buf + copy_offset,
|
|
|
|
|
hdr_len + data_len - copy_offset)) {
|
|
|
|
|
ret = -EFAULT;
|
|
|
|
|
goto err_msg;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
ret = copy_rmpp_mad(packet->msg, buf);
|
|
|
|
|
if (ret)
|
|
|
|
|
goto err_msg;
|
2005-07-28 02:45:42 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2006-07-20 16:25:50 +08:00
|
|
|
* Set the high-order part of the transaction ID to make MADs from
|
|
|
|
|
* different agents unique, and allow routing responses back to the
|
|
|
|
|
* original requestor.
|
2005-07-28 02:45:42 +08:00
|
|
|
*/
|
2006-07-20 16:25:50 +08:00
|
|
|
if (!ib_response_mad(packet->msg->mad)) {
|
2005-10-28 11:33:43 +08:00
|
|
|
tid = &((struct ib_mad_hdr *) packet->msg->mad)->tid;
|
2005-07-28 02:45:42 +08:00
|
|
|
*tid = cpu_to_be64(((u64) agent->hi_tid) << 32 |
|
|
|
|
|
(be64_to_cpup(tid) & 0xffffffff));
|
RDMA/core: Fix multiple -Warray-bounds warnings
GCC-13 (and Clang)[1] does not like to access a partially allocated
object, since it cannot reason about it for bounds checking.
In this case 140 bytes are allocated for an object of type struct
ib_umad_packet:
packet = kzalloc(sizeof(*packet) + IB_MGMT_RMPP_HDR, GFP_KERNEL);
However, notice that sizeof(*packet) is only 104 bytes:
struct ib_umad_packet {
struct ib_mad_send_buf * msg; /* 0 8 */
struct ib_mad_recv_wc * recv_wc; /* 8 8 */
struct list_head list; /* 16 16 */
int length; /* 32 4 */
/* XXX 4 bytes hole, try to pack */
struct ib_user_mad mad __attribute__((__aligned__(8))); /* 40 64 */
/* size: 104, cachelines: 2, members: 5 */
/* sum members: 100, holes: 1, sum holes: 4 */
/* forced alignments: 1, forced holes: 1, sum forced holes: 4 */
/* last cacheline: 40 bytes */
} __attribute__((__aligned__(8)));
and 36 bytes extra bytes are allocated for a flexible-array member in
struct ib_user_mad:
include/rdma/ib_mad.h:
120 enum {
...
123 IB_MGMT_RMPP_HDR = 36,
... }
struct ib_user_mad {
struct ib_user_mad_hdr hdr; /* 0 64 */
/* --- cacheline 1 boundary (64 bytes) --- */
__u64 data[] __attribute__((__aligned__(8))); /* 64 0 */
/* size: 64, cachelines: 1, members: 2 */
/* forced alignments: 1 */
} __attribute__((__aligned__(8)));
So we have sizeof(*packet) + IB_MGMT_RMPP_HDR == 140 bytes
Then the address of the flex-array member (for which only 36 bytes were
allocated) is casted and copied into a pointer to struct ib_rmpp_mad,
which, in turn, is of size 256 bytes:
rmpp_mad = (struct ib_rmpp_mad *) packet->mad.data;
struct ib_rmpp_mad {
struct ib_mad_hdr mad_hdr; /* 0 24 */
struct ib_rmpp_hdr rmpp_hdr; /* 24 12 */
u8 data[220]; /* 36 220 */
/* size: 256, cachelines: 4, members: 3 */
};
The thing is that those 36 bytes allocated for flex-array member data
in struct ib_user_mad onlly account for the size of both struct ib_mad_hdr
and struct ib_rmpp_hdr, but nothing is left for array u8 data[220].
So, the compiler is legitimately complaining about accessing an object
for which not enough memory was allocated.
Apparently, the only members of struct ib_rmpp_mad that are relevant
(that are actually being used) in function ib_umad_write() are mad_hdr
and rmpp_hdr. So, instead of casting packet->mad.data to
(struct ib_rmpp_mad *) create a new structure
struct ib_rmpp_mad_hdr {
struct ib_mad_hdr mad_hdr;
struct ib_rmpp_hdr rmpp_hdr;
} __packed;
and cast packet->mad.data to (struct ib_rmpp_mad_hdr *).
Notice that
IB_MGMT_RMPP_HDR == sizeof(struct ib_rmpp_mad_hdr) == 36 bytes
Refactor the rest of the code, accordingly.
Fix the following warnings seen under GCC-13 and -Warray-bounds:
drivers/infiniband/core/user_mad.c:564:50: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:566:42: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:618:25: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:622:44: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
Link: https://github.com/KSPP/linux/issues/273
Link: https://godbolt.org/z/oYWaGM4Yb [1]
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/ZBpB91qQcB10m3Fw@work
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2023-03-22 07:47:03 +08:00
|
|
|
rmpp_mad_hdr->mad_hdr.tid = *tid;
|
2006-07-20 16:25:50 +08:00
|
|
|
}
|
|
|
|
|
|
2014-08-09 07:00:56 +08:00
|
|
|
if (!ib_mad_kernel_rmpp_agent(agent)
|
RDMA/core: Fix multiple -Warray-bounds warnings
GCC-13 (and Clang)[1] does not like to access a partially allocated
object, since it cannot reason about it for bounds checking.
In this case 140 bytes are allocated for an object of type struct
ib_umad_packet:
packet = kzalloc(sizeof(*packet) + IB_MGMT_RMPP_HDR, GFP_KERNEL);
However, notice that sizeof(*packet) is only 104 bytes:
struct ib_umad_packet {
struct ib_mad_send_buf * msg; /* 0 8 */
struct ib_mad_recv_wc * recv_wc; /* 8 8 */
struct list_head list; /* 16 16 */
int length; /* 32 4 */
/* XXX 4 bytes hole, try to pack */
struct ib_user_mad mad __attribute__((__aligned__(8))); /* 40 64 */
/* size: 104, cachelines: 2, members: 5 */
/* sum members: 100, holes: 1, sum holes: 4 */
/* forced alignments: 1, forced holes: 1, sum forced holes: 4 */
/* last cacheline: 40 bytes */
} __attribute__((__aligned__(8)));
and 36 bytes extra bytes are allocated for a flexible-array member in
struct ib_user_mad:
include/rdma/ib_mad.h:
120 enum {
...
123 IB_MGMT_RMPP_HDR = 36,
... }
struct ib_user_mad {
struct ib_user_mad_hdr hdr; /* 0 64 */
/* --- cacheline 1 boundary (64 bytes) --- */
__u64 data[] __attribute__((__aligned__(8))); /* 64 0 */
/* size: 64, cachelines: 1, members: 2 */
/* forced alignments: 1 */
} __attribute__((__aligned__(8)));
So we have sizeof(*packet) + IB_MGMT_RMPP_HDR == 140 bytes
Then the address of the flex-array member (for which only 36 bytes were
allocated) is casted and copied into a pointer to struct ib_rmpp_mad,
which, in turn, is of size 256 bytes:
rmpp_mad = (struct ib_rmpp_mad *) packet->mad.data;
struct ib_rmpp_mad {
struct ib_mad_hdr mad_hdr; /* 0 24 */
struct ib_rmpp_hdr rmpp_hdr; /* 24 12 */
u8 data[220]; /* 36 220 */
/* size: 256, cachelines: 4, members: 3 */
};
The thing is that those 36 bytes allocated for flex-array member data
in struct ib_user_mad onlly account for the size of both struct ib_mad_hdr
and struct ib_rmpp_hdr, but nothing is left for array u8 data[220].
So, the compiler is legitimately complaining about accessing an object
for which not enough memory was allocated.
Apparently, the only members of struct ib_rmpp_mad that are relevant
(that are actually being used) in function ib_umad_write() are mad_hdr
and rmpp_hdr. So, instead of casting packet->mad.data to
(struct ib_rmpp_mad *) create a new structure
struct ib_rmpp_mad_hdr {
struct ib_mad_hdr mad_hdr;
struct ib_rmpp_hdr rmpp_hdr;
} __packed;
and cast packet->mad.data to (struct ib_rmpp_mad_hdr *).
Notice that
IB_MGMT_RMPP_HDR == sizeof(struct ib_rmpp_mad_hdr) == 36 bytes
Refactor the rest of the code, accordingly.
Fix the following warnings seen under GCC-13 and -Warray-bounds:
drivers/infiniband/core/user_mad.c:564:50: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:566:42: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:618:25: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
drivers/infiniband/core/user_mad.c:622:44: warning: array subscript ‘struct ib_rmpp_mad[0]’ is partly outside array bounds of ‘unsigned char[140]’ [-Warray-bounds=]
Link: https://github.com/KSPP/linux/issues/273
Link: https://godbolt.org/z/oYWaGM4Yb [1]
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/ZBpB91qQcB10m3Fw@work
Signed-off-by: Leon Romanovsky <leon@kernel.org>
2023-03-22 07:47:03 +08:00
|
|
|
&& ib_is_mad_class_rmpp(rmpp_mad_hdr->mad_hdr.mgmt_class)
|
|
|
|
|
&& (ib_get_rmpp_flags(&rmpp_mad_hdr->rmpp_hdr) & IB_MGMT_RMPP_FLAG_ACTIVE)) {
|
2014-08-09 07:00:56 +08:00
|
|
|
spin_lock_irq(&file->send_lock);
|
2006-07-20 16:25:50 +08:00
|
|
|
list_add_tail(&packet->list, &file->send_list);
|
2014-08-09 07:00:56 +08:00
|
|
|
spin_unlock_irq(&file->send_lock);
|
|
|
|
|
} else {
|
|
|
|
|
spin_lock_irq(&file->send_lock);
|
|
|
|
|
ret = is_duplicate(file, packet);
|
|
|
|
|
if (!ret)
|
|
|
|
|
list_add_tail(&packet->list, &file->send_list);
|
|
|
|
|
spin_unlock_irq(&file->send_lock);
|
|
|
|
|
if (ret) {
|
|
|
|
|
ret = -EINVAL;
|
|
|
|
|
goto err_msg;
|
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
2005-10-26 01:51:39 +08:00
|
|
|
ret = ib_post_send_mad(packet->msg, NULL);
|
2005-07-28 02:45:42 +08:00
|
|
|
if (ret)
|
2006-07-20 16:25:50 +08:00
|
|
|
goto err_send;
|
2005-07-28 02:45:42 +08:00
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&file->mutex);
|
2005-10-28 11:48:11 +08:00
|
|
|
return count;
|
2005-07-28 02:45:42 +08:00
|
|
|
|
2006-07-20 16:25:50 +08:00
|
|
|
err_send:
|
|
|
|
|
dequeue_send(file, packet);
|
2005-07-28 02:45:42 +08:00
|
|
|
err_msg:
|
|
|
|
|
ib_free_send_mad(packet->msg);
|
|
|
|
|
err_ah:
|
2018-12-12 17:09:06 +08:00
|
|
|
rdma_destroy_ah(ah, RDMA_DESTROY_AH_SLEEPABLE);
|
2005-04-17 06:20:36 +08:00
|
|
|
err_up:
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&file->mutex);
|
2005-04-17 06:20:36 +08:00
|
|
|
err:
|
|
|
|
|
kfree(packet);
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-03 18:39:46 +08:00
|
|
|
static __poll_t ib_umad_poll(struct file *filp, struct poll_table_struct *wait)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
|
struct ib_umad_file *file = filp->private_data;
|
|
|
|
|
|
|
|
|
|
/* we will always be able to post a MAD send */
|
2018-02-12 06:34:03 +08:00
|
|
|
__poll_t mask = EPOLLOUT | EPOLLWRNORM;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2021-01-25 20:13:39 +08:00
|
|
|
mutex_lock(&file->mutex);
|
2005-04-17 06:20:36 +08:00
|
|
|
poll_wait(filp, &file->recv_wait, wait);
|
|
|
|
|
|
|
|
|
|
if (!list_empty(&file->recv_list))
|
2018-02-12 06:34:03 +08:00
|
|
|
mask |= EPOLLIN | EPOLLRDNORM;
|
2021-01-25 20:13:39 +08:00
|
|
|
if (file->agents_dead)
|
|
|
|
|
mask = EPOLLERR;
|
|
|
|
|
mutex_unlock(&file->mutex);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
return mask;
|
|
|
|
|
}
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
static int ib_umad_reg_agent(struct ib_umad_file *file, void __user *arg,
|
|
|
|
|
int compat_method_mask)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
|
struct ib_user_mad_reg_req ureq;
|
|
|
|
|
struct ib_mad_reg_req req;
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
struct ib_mad_agent *agent = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
int agent_id;
|
|
|
|
|
int ret;
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_lock(&file->port->file_mutex);
|
|
|
|
|
mutex_lock(&file->mutex);
|
2005-11-04 04:01:18 +08:00
|
|
|
|
|
|
|
|
if (!file->port->ib_dev) {
|
2021-04-07 16:15:47 +08:00
|
|
|
dev_notice(&file->port->dev, "%s: invalid device\n", __func__);
|
2005-11-04 04:01:18 +08:00
|
|
|
ret = -EPIPE;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
if (copy_from_user(&ureq, arg, sizeof ureq)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
ret = -EFAULT;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ureq.qpn != 0 && ureq.qpn != 1) {
|
2018-12-21 22:19:25 +08:00
|
|
|
dev_notice(&file->port->dev,
|
2021-06-10 19:40:32 +08:00
|
|
|
"%s: invalid QPN %u specified\n", __func__,
|
2014-08-09 07:00:54 +08:00
|
|
|
ureq.qpn);
|
2005-04-17 06:20:36 +08:00
|
|
|
ret = -EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (agent_id = 0; agent_id < IB_UMAD_MAX_AGENTS; ++agent_id)
|
2005-11-11 02:18:23 +08:00
|
|
|
if (!__get_agent(file, agent_id))
|
2005-04-17 06:20:36 +08:00
|
|
|
goto found;
|
|
|
|
|
|
2021-04-07 16:15:47 +08:00
|
|
|
dev_notice(&file->port->dev, "%s: Max Agents (%u) reached\n", __func__,
|
2014-08-09 07:00:54 +08:00
|
|
|
IB_UMAD_MAX_AGENTS);
|
2021-04-07 16:15:47 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
ret = -ENOMEM;
|
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
found:
|
2005-04-17 06:26:11 +08:00
|
|
|
if (ureq.mgmt_class) {
|
2014-08-09 07:00:55 +08:00
|
|
|
memset(&req, 0, sizeof(req));
|
2005-04-17 06:26:11 +08:00
|
|
|
req.mgmt_class = ureq.mgmt_class;
|
|
|
|
|
req.mgmt_class_version = ureq.mgmt_class_version;
|
2007-10-10 10:59:15 +08:00
|
|
|
memcpy(req.oui, ureq.oui, sizeof req.oui);
|
|
|
|
|
|
|
|
|
|
if (compat_method_mask) {
|
|
|
|
|
u32 *umm = (u32 *) ureq.method_mask;
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < BITS_TO_LONGS(IB_MGMT_MAX_METHODS); ++i)
|
|
|
|
|
req.method_mask[i] =
|
|
|
|
|
umm[i * 2] | ((u64) umm[i * 2 + 1] << 32);
|
|
|
|
|
} else
|
|
|
|
|
memcpy(req.method_mask, ureq.method_mask,
|
|
|
|
|
sizeof req.method_mask);
|
2005-04-17 06:26:11 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
agent = ib_register_mad_agent(file->port->ib_dev, file->port->port_num,
|
|
|
|
|
ureq.qpn ? IB_QPT_GSI : IB_QPT_SMI,
|
2005-04-17 06:26:11 +08:00
|
|
|
ureq.mgmt_class ? &req : NULL,
|
2005-07-28 02:45:42 +08:00
|
|
|
ureq.rmpp_version,
|
2014-08-09 07:00:55 +08:00
|
|
|
send_handler, recv_handler, file, 0);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (IS_ERR(agent)) {
|
|
|
|
|
ret = PTR_ERR(agent);
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
agent = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (put_user(agent_id,
|
|
|
|
|
(u32 __user *) (arg + offsetof(struct ib_user_mad_reg_req, id)))) {
|
|
|
|
|
ret = -EFAULT;
|
2005-11-10 01:58:10 +08:00
|
|
|
goto out;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
if (!file->already_used) {
|
|
|
|
|
file->already_used = 1;
|
|
|
|
|
if (!file->use_pkey_index) {
|
2018-12-21 22:19:25 +08:00
|
|
|
dev_warn(&file->port->dev,
|
2014-08-09 07:00:52 +08:00
|
|
|
"process %s did not enable P_Key index support.\n",
|
|
|
|
|
current->comm);
|
2018-12-21 22:19:25 +08:00
|
|
|
dev_warn(&file->port->dev,
|
2019-06-09 10:27:03 +08:00
|
|
|
" Documentation/infiniband/user_mad.rst has info on the new ABI.\n");
|
2007-10-10 10:59:15 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2005-11-08 02:41:29 +08:00
|
|
|
file->agent[agent_id] = agent;
|
2005-04-17 06:20:36 +08:00
|
|
|
ret = 0;
|
2005-11-08 02:41:29 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
out:
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&file->mutex);
|
|
|
|
|
|
|
|
|
|
if (ret && agent)
|
|
|
|
|
ib_unregister_mad_agent(agent);
|
|
|
|
|
|
|
|
|
|
mutex_unlock(&file->port->file_mutex);
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-09 07:00:55 +08:00
|
|
|
static int ib_umad_reg_agent2(struct ib_umad_file *file, void __user *arg)
|
|
|
|
|
{
|
|
|
|
|
struct ib_user_mad_reg_req2 ureq;
|
|
|
|
|
struct ib_mad_reg_req req;
|
|
|
|
|
struct ib_mad_agent *agent = NULL;
|
|
|
|
|
int agent_id;
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
mutex_lock(&file->port->file_mutex);
|
|
|
|
|
mutex_lock(&file->mutex);
|
|
|
|
|
|
|
|
|
|
if (!file->port->ib_dev) {
|
2021-04-07 16:15:47 +08:00
|
|
|
dev_notice(&file->port->dev, "%s: invalid device\n", __func__);
|
2014-08-09 07:00:55 +08:00
|
|
|
ret = -EPIPE;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (copy_from_user(&ureq, arg, sizeof(ureq))) {
|
|
|
|
|
ret = -EFAULT;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ureq.qpn != 0 && ureq.qpn != 1) {
|
2021-06-10 19:40:32 +08:00
|
|
|
dev_notice(&file->port->dev, "%s: invalid QPN %u specified\n",
|
2021-04-07 16:15:47 +08:00
|
|
|
__func__, ureq.qpn);
|
2014-08-09 07:00:55 +08:00
|
|
|
ret = -EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ureq.flags & ~IB_USER_MAD_REG_FLAGS_CAP) {
|
2018-12-21 22:19:25 +08:00
|
|
|
dev_notice(&file->port->dev,
|
2021-04-07 16:15:47 +08:00
|
|
|
"%s failed: invalid registration flags specified 0x%x; supported 0x%x\n",
|
|
|
|
|
__func__, ureq.flags, IB_USER_MAD_REG_FLAGS_CAP);
|
2014-08-09 07:00:55 +08:00
|
|
|
ret = -EINVAL;
|
|
|
|
|
|
|
|
|
|
if (put_user((u32)IB_USER_MAD_REG_FLAGS_CAP,
|
|
|
|
|
(u32 __user *) (arg + offsetof(struct
|
|
|
|
|
ib_user_mad_reg_req2, flags))))
|
|
|
|
|
ret = -EFAULT;
|
|
|
|
|
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (agent_id = 0; agent_id < IB_UMAD_MAX_AGENTS; ++agent_id)
|
|
|
|
|
if (!__get_agent(file, agent_id))
|
|
|
|
|
goto found;
|
|
|
|
|
|
2021-04-07 16:15:47 +08:00
|
|
|
dev_notice(&file->port->dev, "%s: Max Agents (%u) reached\n", __func__,
|
2014-08-09 07:00:55 +08:00
|
|
|
IB_UMAD_MAX_AGENTS);
|
|
|
|
|
ret = -ENOMEM;
|
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
found:
|
|
|
|
|
if (ureq.mgmt_class) {
|
|
|
|
|
memset(&req, 0, sizeof(req));
|
|
|
|
|
req.mgmt_class = ureq.mgmt_class;
|
|
|
|
|
req.mgmt_class_version = ureq.mgmt_class_version;
|
|
|
|
|
if (ureq.oui & 0xff000000) {
|
2018-12-21 22:19:25 +08:00
|
|
|
dev_notice(&file->port->dev,
|
2021-04-07 16:15:47 +08:00
|
|
|
"%s failed: oui invalid 0x%08x\n", __func__,
|
2014-08-09 07:00:55 +08:00
|
|
|
ureq.oui);
|
|
|
|
|
ret = -EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
req.oui[2] = ureq.oui & 0x0000ff;
|
|
|
|
|
req.oui[1] = (ureq.oui & 0x00ff00) >> 8;
|
|
|
|
|
req.oui[0] = (ureq.oui & 0xff0000) >> 16;
|
|
|
|
|
memcpy(req.method_mask, ureq.method_mask,
|
|
|
|
|
sizeof(req.method_mask));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
agent = ib_register_mad_agent(file->port->ib_dev, file->port->port_num,
|
|
|
|
|
ureq.qpn ? IB_QPT_GSI : IB_QPT_SMI,
|
|
|
|
|
ureq.mgmt_class ? &req : NULL,
|
|
|
|
|
ureq.rmpp_version,
|
|
|
|
|
send_handler, recv_handler, file,
|
|
|
|
|
ureq.flags);
|
|
|
|
|
if (IS_ERR(agent)) {
|
|
|
|
|
ret = PTR_ERR(agent);
|
|
|
|
|
agent = NULL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (put_user(agent_id,
|
|
|
|
|
(u32 __user *)(arg +
|
|
|
|
|
offsetof(struct ib_user_mad_reg_req2, id)))) {
|
|
|
|
|
ret = -EFAULT;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!file->already_used) {
|
|
|
|
|
file->already_used = 1;
|
|
|
|
|
file->use_pkey_index = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file->agent[agent_id] = agent;
|
|
|
|
|
ret = 0;
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
mutex_unlock(&file->mutex);
|
|
|
|
|
|
|
|
|
|
if (ret && agent)
|
|
|
|
|
ib_unregister_mad_agent(agent);
|
|
|
|
|
|
|
|
|
|
mutex_unlock(&file->port->file_mutex);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
static int ib_umad_unreg_agent(struct ib_umad_file *file, u32 __user *arg)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2005-11-08 02:41:29 +08:00
|
|
|
struct ib_mad_agent *agent = NULL;
|
2005-04-17 06:20:36 +08:00
|
|
|
u32 id;
|
|
|
|
|
int ret = 0;
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
if (get_user(id, arg))
|
2005-11-08 02:41:29 +08:00
|
|
|
return -EFAULT;
|
2019-07-31 12:39:57 +08:00
|
|
|
if (id >= IB_UMAD_MAX_AGENTS)
|
|
|
|
|
return -EINVAL;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_lock(&file->port->file_mutex);
|
|
|
|
|
mutex_lock(&file->mutex);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2019-07-31 12:39:57 +08:00
|
|
|
id = array_index_nospec(id, IB_UMAD_MAX_AGENTS);
|
|
|
|
|
if (!__get_agent(file, id)) {
|
2005-04-17 06:20:36 +08:00
|
|
|
ret = -EINVAL;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2005-11-08 02:41:29 +08:00
|
|
|
agent = file->agent[id];
|
2005-04-17 06:20:36 +08:00
|
|
|
file->agent[id] = NULL;
|
|
|
|
|
|
|
|
|
|
out:
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&file->mutex);
|
2005-11-08 02:41:29 +08:00
|
|
|
|
2005-11-10 01:58:10 +08:00
|
|
|
if (agent)
|
2005-11-08 02:41:29 +08:00
|
|
|
ib_unregister_mad_agent(agent);
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&file->port->file_mutex);
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
static long ib_umad_enable_pkey(struct ib_umad_file *file)
|
|
|
|
|
{
|
|
|
|
|
int ret = 0;
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_lock(&file->mutex);
|
2007-10-10 10:59:15 +08:00
|
|
|
if (file->already_used)
|
|
|
|
|
ret = -EINVAL;
|
|
|
|
|
else
|
|
|
|
|
file->use_pkey_index = 1;
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&file->mutex);
|
2007-10-10 10:59:15 +08:00
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2005-07-28 02:45:42 +08:00
|
|
|
static long ib_umad_ioctl(struct file *filp, unsigned int cmd,
|
|
|
|
|
unsigned long arg)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
|
switch (cmd) {
|
|
|
|
|
case IB_USER_MAD_REGISTER_AGENT:
|
2007-10-10 10:59:15 +08:00
|
|
|
return ib_umad_reg_agent(filp->private_data, (void __user *) arg, 0);
|
2005-04-17 06:20:36 +08:00
|
|
|
case IB_USER_MAD_UNREGISTER_AGENT:
|
2007-10-10 10:59:15 +08:00
|
|
|
return ib_umad_unreg_agent(filp->private_data, (__u32 __user *) arg);
|
2007-10-10 10:59:15 +08:00
|
|
|
case IB_USER_MAD_ENABLE_PKEY:
|
|
|
|
|
return ib_umad_enable_pkey(filp->private_data);
|
2014-08-09 07:00:55 +08:00
|
|
|
case IB_USER_MAD_REGISTER_AGENT2:
|
|
|
|
|
return ib_umad_reg_agent2(filp->private_data, (void __user *) arg);
|
2005-04-17 06:20:36 +08:00
|
|
|
default:
|
|
|
|
|
return -ENOIOCTLCMD;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2007-10-10 10:59:15 +08:00
|
|
|
#ifdef CONFIG_COMPAT
|
|
|
|
|
static long ib_umad_compat_ioctl(struct file *filp, unsigned int cmd,
|
|
|
|
|
unsigned long arg)
|
|
|
|
|
{
|
|
|
|
|
switch (cmd) {
|
|
|
|
|
case IB_USER_MAD_REGISTER_AGENT:
|
|
|
|
|
return ib_umad_reg_agent(filp->private_data, compat_ptr(arg), 1);
|
|
|
|
|
case IB_USER_MAD_UNREGISTER_AGENT:
|
|
|
|
|
return ib_umad_unreg_agent(filp->private_data, compat_ptr(arg));
|
|
|
|
|
case IB_USER_MAD_ENABLE_PKEY:
|
|
|
|
|
return ib_umad_enable_pkey(filp->private_data);
|
2014-08-09 07:00:55 +08:00
|
|
|
case IB_USER_MAD_REGISTER_AGENT2:
|
|
|
|
|
return ib_umad_reg_agent2(filp->private_data, compat_ptr(arg));
|
2007-10-10 10:59:15 +08:00
|
|
|
default:
|
|
|
|
|
return -ENOIOCTLCMD;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2008-07-12 04:54:40 +08:00
|
|
|
/*
|
|
|
|
|
* ib_umad_open() does not need the BKL:
|
|
|
|
|
*
|
2010-02-03 03:08:30 +08:00
|
|
|
* - the ib_umad_port structures are properly reference counted, and
|
2008-07-12 04:54:40 +08:00
|
|
|
* everything else is purely local to the file being created, so
|
|
|
|
|
* races against other open calls are not a problem;
|
|
|
|
|
* - the ioctl method does not affect any global state outside of the
|
|
|
|
|
* file structure being operated on;
|
|
|
|
|
*/
|
2005-04-17 06:20:36 +08:00
|
|
|
static int ib_umad_open(struct inode *inode, struct file *filp)
|
|
|
|
|
{
|
2005-10-29 06:37:23 +08:00
|
|
|
struct ib_umad_port *port;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct ib_umad_file *file;
|
2019-01-22 14:31:20 +08:00
|
|
|
int ret = 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2010-02-03 03:08:30 +08:00
|
|
|
port = container_of(inode->i_cdev, struct ib_umad_port, cdev);
|
2005-10-29 06:37:23 +08:00
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_lock(&port->file_mutex);
|
2005-11-04 04:01:18 +08:00
|
|
|
|
2019-01-22 14:31:20 +08:00
|
|
|
if (!port->ib_dev) {
|
|
|
|
|
ret = -ENXIO;
|
2005-11-04 04:01:18 +08:00
|
|
|
goto out;
|
2019-01-22 14:31:20 +08:00
|
|
|
}
|
2005-11-04 04:01:18 +08:00
|
|
|
|
2019-02-26 20:01:46 +08:00
|
|
|
if (!rdma_dev_access_netns(port->ib_dev, current->nsproxy->net_ns)) {
|
|
|
|
|
ret = -EPERM;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-22 14:31:20 +08:00
|
|
|
file = kzalloc(sizeof(*file), GFP_KERNEL);
|
|
|
|
|
if (!file) {
|
|
|
|
|
ret = -ENOMEM;
|
2005-11-04 04:01:18 +08:00
|
|
|
goto out;
|
2019-01-22 14:31:20 +08:00
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_init(&file->mutex);
|
2006-07-20 16:25:50 +08:00
|
|
|
spin_lock_init(&file->send_lock);
|
2005-04-17 06:20:36 +08:00
|
|
|
INIT_LIST_HEAD(&file->recv_list);
|
2006-07-20 16:25:50 +08:00
|
|
|
INIT_LIST_HEAD(&file->send_list);
|
2005-04-17 06:20:36 +08:00
|
|
|
init_waitqueue_head(&file->recv_wait);
|
|
|
|
|
|
|
|
|
|
file->port = port;
|
|
|
|
|
filp->private_data = file;
|
|
|
|
|
|
2005-11-04 04:01:18 +08:00
|
|
|
list_add_tail(&file->port_list, &port->file_list);
|
|
|
|
|
|
2019-03-27 04:51:19 +08:00
|
|
|
stream_open(inode, filp);
|
2005-11-04 04:01:18 +08:00
|
|
|
out:
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&port->file_mutex);
|
2005-11-04 04:01:18 +08:00
|
|
|
return ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int ib_umad_close(struct inode *inode, struct file *filp)
|
|
|
|
|
{
|
|
|
|
|
struct ib_umad_file *file = filp->private_data;
|
2005-05-26 03:31:30 +08:00
|
|
|
struct ib_umad_packet *packet, *tmp;
|
2005-11-11 02:18:23 +08:00
|
|
|
int already_dead;
|
2005-04-17 06:20:36 +08:00
|
|
|
int i;
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_lock(&file->port->file_mutex);
|
|
|
|
|
mutex_lock(&file->mutex);
|
2005-11-11 02:18:23 +08:00
|
|
|
|
|
|
|
|
already_dead = file->agents_dead;
|
|
|
|
|
file->agents_dead = 1;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2006-03-04 13:54:13 +08:00
|
|
|
list_for_each_entry_safe(packet, tmp, &file->recv_list, list) {
|
|
|
|
|
if (packet->recv_wc)
|
|
|
|
|
ib_free_recv_mad(packet->recv_wc);
|
2005-05-26 03:31:30 +08:00
|
|
|
kfree(packet);
|
2006-03-04 13:54:13 +08:00
|
|
|
}
|
2005-05-26 03:31:30 +08:00
|
|
|
|
2005-11-04 04:01:18 +08:00
|
|
|
list_del(&file->port_list);
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&file->mutex);
|
2005-11-11 02:18:23 +08:00
|
|
|
|
|
|
|
|
if (!already_dead)
|
|
|
|
|
for (i = 0; i < IB_UMAD_MAX_AGENTS; ++i)
|
|
|
|
|
if (file->agent[i])
|
|
|
|
|
ib_unregister_mad_agent(file->agent[i]);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&file->port->file_mutex);
|
2019-07-23 14:57:24 +08:00
|
|
|
mutex_destroy(&file->mutex);
|
2005-11-11 02:18:23 +08:00
|
|
|
kfree(file);
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2007-02-12 16:55:32 +08:00
|
|
|
static const struct file_operations umad_fops = {
|
2010-02-03 03:08:50 +08:00
|
|
|
.owner = THIS_MODULE,
|
|
|
|
|
.read = ib_umad_read,
|
|
|
|
|
.write = ib_umad_write,
|
|
|
|
|
.poll = ib_umad_poll,
|
2005-04-17 06:20:36 +08:00
|
|
|
.unlocked_ioctl = ib_umad_ioctl,
|
2007-10-10 10:59:15 +08:00
|
|
|
#ifdef CONFIG_COMPAT
|
2010-02-03 03:08:50 +08:00
|
|
|
.compat_ioctl = ib_umad_compat_ioctl,
|
2007-10-10 10:59:15 +08:00
|
|
|
#endif
|
2010-02-03 03:08:50 +08:00
|
|
|
.open = ib_umad_open,
|
2010-04-10 08:13:50 +08:00
|
|
|
.release = ib_umad_close,
|
|
|
|
|
.llseek = no_llseek,
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int ib_umad_sm_open(struct inode *inode, struct file *filp)
|
|
|
|
|
{
|
2005-10-29 06:37:23 +08:00
|
|
|
struct ib_umad_port *port;
|
2005-04-17 06:20:36 +08:00
|
|
|
struct ib_port_modify props = {
|
|
|
|
|
.set_port_cap_mask = IB_PORT_SM
|
|
|
|
|
};
|
|
|
|
|
int ret;
|
|
|
|
|
|
2010-02-03 03:08:30 +08:00
|
|
|
port = container_of(inode->i_cdev, struct ib_umad_port, sm_cdev);
|
2005-10-29 06:37:23 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
if (filp->f_flags & O_NONBLOCK) {
|
2005-10-29 06:37:23 +08:00
|
|
|
if (down_trylock(&port->sm_sem)) {
|
|
|
|
|
ret = -EAGAIN;
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
} else {
|
2005-10-29 06:37:23 +08:00
|
|
|
if (down_interruptible(&port->sm_sem)) {
|
|
|
|
|
ret = -ERESTARTSYS;
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
2019-02-26 20:01:46 +08:00
|
|
|
if (!rdma_dev_access_netns(port->ib_dev, current->nsproxy->net_ns)) {
|
|
|
|
|
ret = -EPERM;
|
|
|
|
|
goto err_up_sem;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
ret = ib_modify_port(port->ib_dev, port->port_num, 0, &props);
|
2014-05-20 16:33:41 +08:00
|
|
|
if (ret)
|
|
|
|
|
goto err_up_sem;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
filp->private_data = port;
|
|
|
|
|
|
2019-01-22 14:31:20 +08:00
|
|
|
nonseekable_open(inode, filp);
|
2014-05-20 16:33:41 +08:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
err_up_sem:
|
|
|
|
|
up(&port->sm_sem);
|
2005-10-29 06:37:23 +08:00
|
|
|
|
|
|
|
|
fail:
|
|
|
|
|
return ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int ib_umad_sm_close(struct inode *inode, struct file *filp)
|
|
|
|
|
{
|
|
|
|
|
struct ib_umad_port *port = filp->private_data;
|
|
|
|
|
struct ib_port_modify props = {
|
|
|
|
|
.clr_port_cap_mask = IB_PORT_SM
|
|
|
|
|
};
|
2005-11-04 04:01:18 +08:00
|
|
|
int ret = 0;
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_lock(&port->file_mutex);
|
2005-11-04 04:01:18 +08:00
|
|
|
if (port->ib_dev)
|
|
|
|
|
ret = ib_modify_port(port->ib_dev, port->port_num, 0, &props);
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&port->file_mutex);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
up(&port->sm_sem);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2007-02-12 16:55:32 +08:00
|
|
|
static const struct file_operations umad_sm_fops = {
|
2010-02-03 03:08:50 +08:00
|
|
|
.owner = THIS_MODULE,
|
|
|
|
|
.open = ib_umad_sm_open,
|
2010-04-10 08:13:50 +08:00
|
|
|
.release = ib_umad_sm_close,
|
|
|
|
|
.llseek = no_llseek,
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
2020-03-10 15:53:39 +08:00
|
|
|
static struct ib_umad_port *get_port(struct ib_device *ibdev,
|
|
|
|
|
struct ib_umad_device *umad_dev,
|
2021-03-01 15:04:20 +08:00
|
|
|
u32 port)
|
2020-03-10 15:53:39 +08:00
|
|
|
{
|
|
|
|
|
if (!umad_dev)
|
|
|
|
|
return ERR_PTR(-EOPNOTSUPP);
|
|
|
|
|
if (!rdma_is_port_valid(ibdev, port))
|
|
|
|
|
return ERR_PTR(-EINVAL);
|
|
|
|
|
if (!rdma_cap_ib_mad(ibdev, port))
|
|
|
|
|
return ERR_PTR(-EOPNOTSUPP);
|
|
|
|
|
|
|
|
|
|
return &umad_dev->ports[port - rdma_start_port(ibdev)];
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-14 08:38:19 +08:00
|
|
|
static int ib_umad_get_nl_info(struct ib_device *ibdev, void *client_data,
|
|
|
|
|
struct ib_client_nl_info *res)
|
|
|
|
|
{
|
2020-03-10 15:53:39 +08:00
|
|
|
struct ib_umad_port *port = get_port(ibdev, client_data, res->port);
|
2019-06-14 08:38:19 +08:00
|
|
|
|
2020-03-10 15:53:39 +08:00
|
|
|
if (IS_ERR(port))
|
|
|
|
|
return PTR_ERR(port);
|
2019-06-14 08:38:19 +08:00
|
|
|
|
|
|
|
|
res->abi = IB_USER_MAD_ABI_VERSION;
|
2020-03-10 15:53:39 +08:00
|
|
|
res->cdev = &port->dev;
|
2019-06-14 08:38:19 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static struct ib_client umad_client = {
|
|
|
|
|
.name = "umad",
|
|
|
|
|
.add = ib_umad_add_one,
|
2019-06-14 08:38:19 +08:00
|
|
|
.remove = ib_umad_remove_one,
|
|
|
|
|
.get_nl_info = ib_umad_get_nl_info,
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
2019-06-14 08:38:19 +08:00
|
|
|
MODULE_ALIAS_RDMA_CLIENT("umad");
|
|
|
|
|
|
|
|
|
|
static int ib_issm_get_nl_info(struct ib_device *ibdev, void *client_data,
|
|
|
|
|
struct ib_client_nl_info *res)
|
|
|
|
|
{
|
2020-03-10 15:53:39 +08:00
|
|
|
struct ib_umad_port *port = get_port(ibdev, client_data, res->port);
|
2019-06-14 08:38:19 +08:00
|
|
|
|
2020-03-10 15:53:39 +08:00
|
|
|
if (IS_ERR(port))
|
|
|
|
|
return PTR_ERR(port);
|
2019-06-14 08:38:19 +08:00
|
|
|
|
|
|
|
|
res->abi = IB_USER_MAD_ABI_VERSION;
|
2020-03-10 15:53:39 +08:00
|
|
|
res->cdev = &port->sm_dev;
|
2019-06-14 08:38:19 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct ib_client issm_client = {
|
|
|
|
|
.name = "issm",
|
|
|
|
|
.get_nl_info = ib_issm_get_nl_info,
|
|
|
|
|
};
|
|
|
|
|
MODULE_ALIAS_RDMA_CLIENT("issm");
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2018-12-21 22:19:27 +08:00
|
|
|
static ssize_t ibdev_show(struct device *dev, struct device_attribute *attr,
|
2008-02-22 07:13:36 +08:00
|
|
|
char *buf)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2008-02-22 07:13:36 +08:00
|
|
|
struct ib_umad_port *port = dev_get_drvdata(dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2005-10-29 06:37:23 +08:00
|
|
|
if (!port)
|
|
|
|
|
return -ENODEV;
|
|
|
|
|
|
RDMA: Convert sysfs device * show functions to use sysfs_emit()
Done with cocci script:
@@
identifier d_show;
identifier dev, attr, buf;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
return
- sprintf(buf,
+ sysfs_emit(buf,
...);
...>
}
@@
identifier d_show;
identifier dev, attr, buf;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
return
- snprintf(buf, PAGE_SIZE,
+ sysfs_emit(buf,
...);
...>
}
@@
identifier d_show;
identifier dev, attr, buf;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
return
- scnprintf(buf, PAGE_SIZE,
+ sysfs_emit(buf,
...);
...>
}
@@
identifier d_show;
identifier dev, attr, buf;
expression chr;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
return
- strcpy(buf, chr);
+ sysfs_emit(buf, chr);
...>
}
@@
identifier d_show;
identifier dev, attr, buf;
identifier len;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
len =
- sprintf(buf,
+ sysfs_emit(buf,
...);
...>
return len;
}
@@
identifier d_show;
identifier dev, attr, buf;
identifier len;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
len =
- snprintf(buf, PAGE_SIZE,
+ sysfs_emit(buf,
...);
...>
return len;
}
@@
identifier d_show;
identifier dev, attr, buf;
identifier len;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
len =
- scnprintf(buf, PAGE_SIZE,
+ sysfs_emit(buf,
...);
...>
return len;
}
@@
identifier d_show;
identifier dev, attr, buf;
identifier len;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
- len += scnprintf(buf + len, PAGE_SIZE - len,
+ len += sysfs_emit_at(buf, len,
...);
...>
return len;
}
@@
identifier d_show;
identifier dev, attr, buf;
expression chr;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
...
- strcpy(buf, chr);
- return strlen(buf);
+ return sysfs_emit(buf, chr);
}
Link: https://lore.kernel.org/r/7f406fa8e3aa2552c022bec680f621e38d1fe414.1602122879.git.joe@perches.com
Signed-off-by: Joe Perches <joe@perches.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2020-10-08 10:36:24 +08:00
|
|
|
return sysfs_emit(buf, "%s\n", dev_name(&port->ib_dev->dev));
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2018-12-21 22:19:27 +08:00
|
|
|
static DEVICE_ATTR_RO(ibdev);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2018-12-21 22:19:27 +08:00
|
|
|
static ssize_t port_show(struct device *dev, struct device_attribute *attr,
|
2008-02-22 07:13:36 +08:00
|
|
|
char *buf)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2008-02-22 07:13:36 +08:00
|
|
|
struct ib_umad_port *port = dev_get_drvdata(dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2005-10-29 06:37:23 +08:00
|
|
|
if (!port)
|
|
|
|
|
return -ENODEV;
|
|
|
|
|
|
RDMA: Convert sysfs device * show functions to use sysfs_emit()
Done with cocci script:
@@
identifier d_show;
identifier dev, attr, buf;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
return
- sprintf(buf,
+ sysfs_emit(buf,
...);
...>
}
@@
identifier d_show;
identifier dev, attr, buf;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
return
- snprintf(buf, PAGE_SIZE,
+ sysfs_emit(buf,
...);
...>
}
@@
identifier d_show;
identifier dev, attr, buf;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
return
- scnprintf(buf, PAGE_SIZE,
+ sysfs_emit(buf,
...);
...>
}
@@
identifier d_show;
identifier dev, attr, buf;
expression chr;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
return
- strcpy(buf, chr);
+ sysfs_emit(buf, chr);
...>
}
@@
identifier d_show;
identifier dev, attr, buf;
identifier len;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
len =
- sprintf(buf,
+ sysfs_emit(buf,
...);
...>
return len;
}
@@
identifier d_show;
identifier dev, attr, buf;
identifier len;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
len =
- snprintf(buf, PAGE_SIZE,
+ sysfs_emit(buf,
...);
...>
return len;
}
@@
identifier d_show;
identifier dev, attr, buf;
identifier len;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
len =
- scnprintf(buf, PAGE_SIZE,
+ sysfs_emit(buf,
...);
...>
return len;
}
@@
identifier d_show;
identifier dev, attr, buf;
identifier len;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
<...
- len += scnprintf(buf + len, PAGE_SIZE - len,
+ len += sysfs_emit_at(buf, len,
...);
...>
return len;
}
@@
identifier d_show;
identifier dev, attr, buf;
expression chr;
@@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf)
{
...
- strcpy(buf, chr);
- return strlen(buf);
+ return sysfs_emit(buf, chr);
}
Link: https://lore.kernel.org/r/7f406fa8e3aa2552c022bec680f621e38d1fe414.1602122879.git.joe@perches.com
Signed-off-by: Joe Perches <joe@perches.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2020-10-08 10:36:24 +08:00
|
|
|
return sysfs_emit(buf, "%d\n", port->port_num);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
2018-12-21 22:19:27 +08:00
|
|
|
static DEVICE_ATTR_RO(port);
|
|
|
|
|
|
|
|
|
|
static struct attribute *umad_class_dev_attrs[] = {
|
|
|
|
|
&dev_attr_ibdev.attr,
|
|
|
|
|
&dev_attr_port.attr,
|
|
|
|
|
NULL,
|
|
|
|
|
};
|
|
|
|
|
ATTRIBUTE_GROUPS(umad_class_dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2022-11-23 20:25:20 +08:00
|
|
|
static char *umad_devnode(const struct device *dev, umode_t *mode)
|
2018-12-21 22:19:23 +08:00
|
|
|
{
|
|
|
|
|
return kasprintf(GFP_KERNEL, "infiniband/%s", dev_name(dev));
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-25 16:45:37 +08:00
|
|
|
static ssize_t abi_version_show(const struct class *class,
|
|
|
|
|
const struct class_attribute *attr, char *buf)
|
2018-12-21 22:19:26 +08:00
|
|
|
{
|
2020-10-08 10:36:27 +08:00
|
|
|
return sysfs_emit(buf, "%d\n", IB_USER_MAD_ABI_VERSION);
|
2018-12-21 22:19:26 +08:00
|
|
|
}
|
|
|
|
|
static CLASS_ATTR_RO(abi_version);
|
|
|
|
|
|
|
|
|
|
static struct attribute *umad_class_attrs[] = {
|
|
|
|
|
&class_attr_abi_version.attr,
|
|
|
|
|
NULL,
|
|
|
|
|
};
|
|
|
|
|
ATTRIBUTE_GROUPS(umad_class);
|
|
|
|
|
|
2018-12-21 22:19:23 +08:00
|
|
|
static struct class umad_class = {
|
|
|
|
|
.name = "infiniband_mad",
|
|
|
|
|
.devnode = umad_devnode,
|
2018-12-21 22:19:26 +08:00
|
|
|
.class_groups = umad_class_groups,
|
2018-12-21 22:19:27 +08:00
|
|
|
.dev_groups = umad_class_dev_groups,
|
2018-12-21 22:19:23 +08:00
|
|
|
};
|
|
|
|
|
|
2018-12-21 22:19:25 +08:00
|
|
|
static void ib_umad_release_port(struct device *device)
|
|
|
|
|
{
|
|
|
|
|
struct ib_umad_port *port = dev_get_drvdata(device);
|
|
|
|
|
struct ib_umad_device *umad_dev = port->umad_dev;
|
|
|
|
|
|
|
|
|
|
ib_umad_dev_put(umad_dev);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void ib_umad_init_port_dev(struct device *dev,
|
|
|
|
|
struct ib_umad_port *port,
|
|
|
|
|
const struct ib_device *device)
|
|
|
|
|
{
|
|
|
|
|
device_initialize(dev);
|
|
|
|
|
ib_umad_dev_get(port->umad_dev);
|
|
|
|
|
dev->class = &umad_class;
|
|
|
|
|
dev->parent = device->dev.parent;
|
|
|
|
|
dev_set_drvdata(dev, port);
|
|
|
|
|
dev->release = ib_umad_release_port;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
static int ib_umad_init_port(struct ib_device *device, int port_num,
|
2014-06-07 00:25:04 +08:00
|
|
|
struct ib_umad_device *umad_dev,
|
2005-04-17 06:20:36 +08:00
|
|
|
struct ib_umad_port *port)
|
|
|
|
|
{
|
2010-02-03 03:08:35 +08:00
|
|
|
int devnum;
|
2018-01-08 18:15:38 +08:00
|
|
|
dev_t base_umad;
|
|
|
|
|
dev_t base_issm;
|
2018-12-21 22:19:25 +08:00
|
|
|
int ret;
|
2010-02-03 03:08:35 +08:00
|
|
|
|
2018-10-02 16:13:30 +08:00
|
|
|
devnum = ida_alloc_max(&umad_ida, IB_UMAD_MAX_PORTS - 1, GFP_KERNEL);
|
|
|
|
|
if (devnum < 0)
|
2018-01-08 18:15:38 +08:00
|
|
|
return -1;
|
|
|
|
|
port->dev_num = devnum;
|
|
|
|
|
if (devnum >= IB_UMAD_NUM_FIXED_MINOR) {
|
|
|
|
|
base_umad = dynamic_umad_dev + devnum - IB_UMAD_NUM_FIXED_MINOR;
|
|
|
|
|
base_issm = dynamic_issm_dev + devnum - IB_UMAD_NUM_FIXED_MINOR;
|
2010-02-03 03:08:45 +08:00
|
|
|
} else {
|
2018-01-08 18:15:38 +08:00
|
|
|
base_umad = devnum + base_umad_dev;
|
|
|
|
|
base_issm = devnum + base_issm_dev;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
port->ib_dev = device;
|
2018-12-21 22:19:25 +08:00
|
|
|
port->umad_dev = umad_dev;
|
2005-04-17 06:20:36 +08:00
|
|
|
port->port_num = port_num;
|
2010-09-07 22:33:31 +08:00
|
|
|
sema_init(&port->sm_sem, 1);
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_init(&port->file_mutex);
|
2005-11-04 04:01:18 +08:00
|
|
|
INIT_LIST_HEAD(&port->file_list);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2018-12-21 22:19:25 +08:00
|
|
|
ib_umad_init_port_dev(&port->dev, port, device);
|
|
|
|
|
port->dev.devt = base_umad;
|
|
|
|
|
dev_set_name(&port->dev, "umad%d", port->dev_num);
|
2010-02-03 03:08:25 +08:00
|
|
|
cdev_init(&port->cdev, &umad_fops);
|
|
|
|
|
port->cdev.owner = THIS_MODULE;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2018-12-21 22:19:25 +08:00
|
|
|
ret = cdev_device_add(&port->cdev, &port->dev);
|
|
|
|
|
if (ret)
|
2005-10-29 06:37:23 +08:00
|
|
|
goto err_cdev;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2024-06-17 00:08:33 +08:00
|
|
|
if (rdma_cap_ib_smi(device, port_num)) {
|
|
|
|
|
ib_umad_init_port_dev(&port->sm_dev, port, device);
|
|
|
|
|
port->sm_dev.devt = base_issm;
|
|
|
|
|
dev_set_name(&port->sm_dev, "issm%d", port->dev_num);
|
|
|
|
|
cdev_init(&port->sm_cdev, &umad_sm_fops);
|
|
|
|
|
port->sm_cdev.owner = THIS_MODULE;
|
|
|
|
|
|
|
|
|
|
ret = cdev_device_add(&port->sm_cdev, &port->sm_dev);
|
|
|
|
|
if (ret)
|
|
|
|
|
goto err_dev;
|
|
|
|
|
}
|
2018-12-21 22:19:25 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
return 0;
|
|
|
|
|
|
2008-02-22 07:13:36 +08:00
|
|
|
err_dev:
|
2018-12-21 22:19:25 +08:00
|
|
|
put_device(&port->sm_dev);
|
|
|
|
|
cdev_device_del(&port->cdev, &port->dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
err_cdev:
|
2018-12-21 22:19:25 +08:00
|
|
|
put_device(&port->dev);
|
2018-10-02 16:13:30 +08:00
|
|
|
ida_free(&umad_ida, devnum);
|
2018-12-21 22:19:25 +08:00
|
|
|
return ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
2005-10-29 06:37:23 +08:00
|
|
|
static void ib_umad_kill_port(struct ib_umad_port *port)
|
|
|
|
|
{
|
2005-11-04 04:01:18 +08:00
|
|
|
struct ib_umad_file *file;
|
2024-06-17 00:08:33 +08:00
|
|
|
bool has_smi = false;
|
2005-11-04 04:01:18 +08:00
|
|
|
int id;
|
|
|
|
|
|
2024-06-17 00:08:33 +08:00
|
|
|
if (rdma_cap_ib_smi(port->ib_dev, port->port_num)) {
|
|
|
|
|
cdev_device_del(&port->sm_cdev, &port->sm_dev);
|
|
|
|
|
has_smi = true;
|
|
|
|
|
}
|
2020-02-12 15:26:34 +08:00
|
|
|
cdev_device_del(&port->cdev, &port->dev);
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_lock(&port->file_mutex);
|
2005-11-04 04:01:18 +08:00
|
|
|
|
2018-12-21 22:19:24 +08:00
|
|
|
/* Mark ib_dev NULL and block ioctl or other file ops to progress
|
|
|
|
|
* further.
|
|
|
|
|
*/
|
2005-11-04 04:01:18 +08:00
|
|
|
port->ib_dev = NULL;
|
|
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
list_for_each_entry(file, &port->file_list, port_list) {
|
|
|
|
|
mutex_lock(&file->mutex);
|
2005-11-11 02:18:23 +08:00
|
|
|
file->agents_dead = 1;
|
2021-01-25 20:13:39 +08:00
|
|
|
wake_up_interruptible(&file->recv_wait);
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&file->mutex);
|
2005-11-11 02:18:23 +08:00
|
|
|
|
|
|
|
|
for (id = 0; id < IB_UMAD_MAX_AGENTS; ++id)
|
|
|
|
|
if (file->agent[id])
|
|
|
|
|
ib_unregister_mad_agent(file->agent[id]);
|
|
|
|
|
}
|
2005-11-04 04:01:18 +08:00
|
|
|
|
IB/umad: Simplify and fix locking
In addition to being overly complex, the locking in user_mad.c is
broken: there were multiple reports of deadlocks and lockdep warnings.
In particular it seems that a single thread may end up trying to take
the same rwsem for reading more than once, which is explicitly
forbidden in the comments in <linux/rwsem.h>.
To solve this, we change the locking to use plain mutexes instead of
rwsems. There is one mutex per open file, which protects the contents
of the struct ib_umad_file, including the array of agents and list of
queued packets; and there is one mutex per struct ib_umad_port, which
protects the contents, including the list of open files. We never
hold the file mutex across calls to functions like ib_unregister_mad_agent(),
which can call back into other ib_umad code to queue a packet, and we
always hold the port mutex as long as we need to make sure that a
device is not hot-unplugged from under us.
This even makes things nicer for users of the -rt patch, since we
remove calls to downgrade_write() (which is not implemented in -rt).
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2008-01-26 06:15:42 +08:00
|
|
|
mutex_unlock(&port->file_mutex);
|
2018-12-21 22:19:24 +08:00
|
|
|
|
2019-01-22 14:31:20 +08:00
|
|
|
ida_free(&umad_ida, port->dev_num);
|
|
|
|
|
|
2019-01-22 14:33:00 +08:00
|
|
|
/* balances device_initialize() */
|
2024-06-17 00:08:33 +08:00
|
|
|
if (has_smi)
|
|
|
|
|
put_device(&port->sm_dev);
|
2018-12-21 22:19:25 +08:00
|
|
|
put_device(&port->dev);
|
2005-10-29 06:37:23 +08:00
|
|
|
}
|
|
|
|
|
|
2020-04-22 01:24:40 +08:00
|
|
|
static int ib_umad_add_one(struct ib_device *device)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
|
|
|
|
struct ib_umad_device *umad_dev;
|
|
|
|
|
int s, e, i;
|
2015-05-05 20:50:20 +08:00
|
|
|
int count = 0;
|
2020-04-22 01:24:40 +08:00
|
|
|
int ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2015-05-14 08:02:56 +08:00
|
|
|
s = rdma_start_port(device);
|
|
|
|
|
e = rdma_end_port(device);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2023-09-18 05:21:36 +08:00
|
|
|
umad_dev = kzalloc(struct_size(umad_dev, ports,
|
|
|
|
|
size_add(size_sub(e, s), 1)),
|
|
|
|
|
GFP_KERNEL);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (!umad_dev)
|
2020-04-22 01:24:40 +08:00
|
|
|
return -ENOMEM;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2018-12-21 22:19:25 +08:00
|
|
|
kref_init(&umad_dev->kref);
|
2005-04-17 06:20:36 +08:00
|
|
|
for (i = s; i <= e; ++i) {
|
2015-05-05 20:50:32 +08:00
|
|
|
if (!rdma_cap_ib_mad(device, i))
|
2015-05-05 20:50:20 +08:00
|
|
|
continue;
|
|
|
|
|
|
2020-04-22 01:24:40 +08:00
|
|
|
ret = ib_umad_init_port(device, i, umad_dev,
|
|
|
|
|
&umad_dev->ports[i - s]);
|
|
|
|
|
if (ret)
|
2005-04-17 06:20:36 +08:00
|
|
|
goto err;
|
2015-05-05 20:50:20 +08:00
|
|
|
|
|
|
|
|
count++;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
2020-04-22 01:24:40 +08:00
|
|
|
if (!count) {
|
|
|
|
|
ret = -EOPNOTSUPP;
|
2015-05-05 20:50:20 +08:00
|
|
|
goto free;
|
2020-04-22 01:24:40 +08:00
|
|
|
}
|
2015-05-05 20:50:20 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
ib_set_client_data(device, &umad_client, umad_dev);
|
|
|
|
|
|
2020-04-22 01:24:40 +08:00
|
|
|
return 0;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
err:
|
2015-05-05 20:50:20 +08:00
|
|
|
while (--i >= s) {
|
2015-05-05 20:50:32 +08:00
|
|
|
if (!rdma_cap_ib_mad(device, i))
|
2015-05-05 20:50:20 +08:00
|
|
|
continue;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2018-12-21 22:19:25 +08:00
|
|
|
ib_umad_kill_port(&umad_dev->ports[i - s]);
|
2015-05-05 20:50:20 +08:00
|
|
|
}
|
|
|
|
|
free:
|
2019-01-22 14:33:00 +08:00
|
|
|
/* balances kref_init */
|
2018-12-21 22:19:25 +08:00
|
|
|
ib_umad_dev_put(umad_dev);
|
2020-04-22 01:24:40 +08:00
|
|
|
return ret;
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
2015-07-30 22:50:14 +08:00
|
|
|
static void ib_umad_remove_one(struct ib_device *device, void *client_data)
|
2005-04-17 06:20:36 +08:00
|
|
|
{
|
2015-07-30 22:50:14 +08:00
|
|
|
struct ib_umad_device *umad_dev = client_data;
|
2019-02-13 12:12:47 +08:00
|
|
|
unsigned int i;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2019-02-13 12:12:47 +08:00
|
|
|
rdma_for_each_port (device, i) {
|
|
|
|
|
if (rdma_cap_ib_mad(device, i))
|
|
|
|
|
ib_umad_kill_port(
|
|
|
|
|
&umad_dev->ports[i - rdma_start_port(device)]);
|
2015-05-05 20:50:20 +08:00
|
|
|
}
|
2019-01-22 14:33:00 +08:00
|
|
|
/* balances kref_init() */
|
2018-12-21 22:19:25 +08:00
|
|
|
ib_umad_dev_put(umad_dev);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int __init ib_umad_init(void)
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
|
2018-01-08 18:15:38 +08:00
|
|
|
ret = register_chrdev_region(base_umad_dev,
|
|
|
|
|
IB_UMAD_NUM_FIXED_MINOR * 2,
|
2018-12-21 22:19:25 +08:00
|
|
|
umad_class.name);
|
2005-04-17 06:20:36 +08:00
|
|
|
if (ret) {
|
2014-08-09 07:00:52 +08:00
|
|
|
pr_err("couldn't register device number\n");
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-08 18:15:38 +08:00
|
|
|
ret = alloc_chrdev_region(&dynamic_umad_dev, 0,
|
|
|
|
|
IB_UMAD_NUM_DYNAMIC_MINOR * 2,
|
2018-12-21 22:19:25 +08:00
|
|
|
umad_class.name);
|
2018-01-08 18:15:38 +08:00
|
|
|
if (ret) {
|
|
|
|
|
pr_err("couldn't register dynamic device number\n");
|
|
|
|
|
goto out_alloc;
|
|
|
|
|
}
|
|
|
|
|
dynamic_issm_dev = dynamic_umad_dev + IB_UMAD_NUM_DYNAMIC_MINOR;
|
|
|
|
|
|
2018-12-21 22:19:23 +08:00
|
|
|
ret = class_register(&umad_class);
|
|
|
|
|
if (ret) {
|
2014-08-09 07:00:52 +08:00
|
|
|
pr_err("couldn't create class infiniband_mad\n");
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out_chrdev;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ret = ib_register_client(&umad_client);
|
2019-06-14 08:38:19 +08:00
|
|
|
if (ret)
|
2005-04-17 06:20:36 +08:00
|
|
|
goto out_class;
|
2019-06-14 08:38:19 +08:00
|
|
|
|
|
|
|
|
ret = ib_register_client(&issm_client);
|
|
|
|
|
if (ret)
|
|
|
|
|
goto out_client;
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
2019-06-14 08:38:19 +08:00
|
|
|
out_client:
|
|
|
|
|
ib_unregister_client(&umad_client);
|
2005-04-17 06:20:36 +08:00
|
|
|
out_class:
|
2018-12-21 22:19:23 +08:00
|
|
|
class_unregister(&umad_class);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
out_chrdev:
|
2018-01-08 18:15:38 +08:00
|
|
|
unregister_chrdev_region(dynamic_umad_dev,
|
|
|
|
|
IB_UMAD_NUM_DYNAMIC_MINOR * 2);
|
|
|
|
|
|
|
|
|
|
out_alloc:
|
|
|
|
|
unregister_chrdev_region(base_umad_dev,
|
|
|
|
|
IB_UMAD_NUM_FIXED_MINOR * 2);
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void __exit ib_umad_cleanup(void)
|
|
|
|
|
{
|
2019-06-14 08:38:19 +08:00
|
|
|
ib_unregister_client(&issm_client);
|
2005-04-17 06:20:36 +08:00
|
|
|
ib_unregister_client(&umad_client);
|
2018-12-21 22:19:23 +08:00
|
|
|
class_unregister(&umad_class);
|
2018-01-08 18:15:38 +08:00
|
|
|
unregister_chrdev_region(base_umad_dev,
|
|
|
|
|
IB_UMAD_NUM_FIXED_MINOR * 2);
|
|
|
|
|
unregister_chrdev_region(dynamic_umad_dev,
|
|
|
|
|
IB_UMAD_NUM_DYNAMIC_MINOR * 2);
|
2005-04-17 06:20:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module_init(ib_umad_init);
|
|
|
|
|
module_exit(ib_umad_cleanup);
|
