1/*- 2 * SPDX-License-Identifier: BSD-2-Clause OR GPL-2.0 3 * 4 * Copyright (c) 2004, 2005 Intel Corporation. All rights reserved. 5 * Copyright (c) 2004 Topspin Corporation. All rights reserved. 6 * Copyright (c) 2004, 2005 Voltaire Corporation. All rights reserved. 7 * Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved. 8 * Copyright (c) 2005 Open Grid Computing, Inc. All rights reserved. 9 * Copyright (c) 2005 Network Appliance, Inc. All rights reserved. 10 * 11 * This software is available to you under a choice of one of two 12 * licenses. You may choose to be licensed under the terms of the GNU 13 * General Public License (GPL) Version 2, available from the file 14 * COPYING in the main directory of this source tree, or the 15 * OpenIB.org BSD license below: 16 * 17 * Redistribution and use in source and binary forms, with or 18 * without modification, are permitted provided that the following 19 * conditions are met: 20 * 21 * - Redistributions of source code must retain the above 22 * copyright notice, this list of conditions and the following 23 * disclaimer. 24 * 25 * - Redistributions in binary form must reproduce the above 26 * copyright notice, this list of conditions and the following 27 * disclaimer in the documentation and/or other materials 28 * provided with the distribution. 29 * 30 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 31 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 32 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 33 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 34 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 35 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 36 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 37 * SOFTWARE. 38 */ 39 40#include <sys/cdefs.h> 41#include <linux/dma-mapping.h> 42#include <linux/err.h> 43#include <linux/idr.h> 44#include <linux/interrupt.h> 45#include <linux/rbtree.h> 46#include <linux/sched.h> 47#include <linux/spinlock.h> 48#include <linux/workqueue.h> 49#include <linux/completion.h> 50#include <linux/slab.h> 51#include <linux/module.h> 52#include <linux/wait.h> 53 54#include <rdma/iw_cm.h> 55#include <rdma/ib_addr.h> 56#include <rdma/iw_portmap.h> 57 58#include "iwcm.h" 59 60MODULE_AUTHOR("Tom Tucker"); 61MODULE_DESCRIPTION("iWARP CM"); 62MODULE_LICENSE("Dual BSD/GPL"); 63 64static const char * const iwcm_rej_reason_strs[] = { 65 [ECONNRESET] = "reset by remote host", 66 [ECONNREFUSED] = "refused by remote application", 67 [ETIMEDOUT] = "setup timeout", 68}; 69 70const char *__attribute_const__ iwcm_reject_msg(int reason) 71{ 72 size_t index; 73 74 /* iWARP uses negative errnos */ 75 index = -reason; 76 77 if (index < ARRAY_SIZE(iwcm_rej_reason_strs) && 78 iwcm_rej_reason_strs[index]) 79 return iwcm_rej_reason_strs[index]; 80 else 81 return "unrecognized reason"; 82} 83EXPORT_SYMBOL(iwcm_reject_msg); 84 85static struct workqueue_struct *iwcm_wq; 86struct iwcm_work { 87 struct work_struct work; 88 struct iwcm_id_private *cm_id; 89 struct list_head list; 90 struct iw_cm_event event; 91 struct list_head free_list; 92}; 93 94static unsigned int default_backlog = 256; 95 96/* 97 * The following services provide a mechanism for pre-allocating iwcm_work 98 * elements. The design pre-allocates them based on the cm_id type: 99 * LISTENING IDS: Get enough elements preallocated to handle the 100 * listen backlog. 101 * ACTIVE IDS: 4: CONNECT_REPLY, ESTABLISHED, DISCONNECT, CLOSE 102 * PASSIVE IDS: 3: ESTABLISHED, DISCONNECT, CLOSE 103 * 104 * Allocating them in connect and listen avoids having to deal 105 * with allocation failures on the event upcall from the provider (which 106 * is called in the interrupt context). 107 * 108 * One exception is when creating the cm_id for incoming connection requests. 109 * There are two cases: 110 * 1) in the event upcall, cm_event_handler(), for a listening cm_id. If 111 * the backlog is exceeded, then no more connection request events will 112 * be processed. cm_event_handler() returns -ENOMEM in this case. Its up 113 * to the provider to reject the connection request. 114 * 2) in the connection request workqueue handler, cm_conn_req_handler(). 115 * If work elements cannot be allocated for the new connect request cm_id, 116 * then IWCM will call the provider reject method. This is ok since 117 * cm_conn_req_handler() runs in the workqueue thread context. 118 */ 119 120static struct iwcm_work *get_work(struct iwcm_id_private *cm_id_priv) 121{ 122 struct iwcm_work *work; 123 124 if (list_empty(&cm_id_priv->work_free_list)) 125 return NULL; 126 work = list_entry(cm_id_priv->work_free_list.next, struct iwcm_work, 127 free_list); 128 list_del_init(&work->free_list); 129 return work; 130} 131 132static void put_work(struct iwcm_work *work) 133{ 134 list_add(&work->free_list, &work->cm_id->work_free_list); 135} 136 137static void dealloc_work_entries(struct iwcm_id_private *cm_id_priv) 138{ 139 struct list_head *e, *tmp; 140 141 list_for_each_safe(e, tmp, &cm_id_priv->work_free_list) 142 kfree(list_entry(e, struct iwcm_work, free_list)); 143} 144 145static int alloc_work_entries(struct iwcm_id_private *cm_id_priv, int count) 146{ 147 struct iwcm_work *work; 148 149 BUG_ON(!list_empty(&cm_id_priv->work_free_list)); 150 while (count--) { 151 work = kmalloc(sizeof(struct iwcm_work), GFP_KERNEL); 152 if (!work) { 153 dealloc_work_entries(cm_id_priv); 154 return -ENOMEM; 155 } 156 work->cm_id = cm_id_priv; 157 INIT_LIST_HEAD(&work->list); 158 put_work(work); 159 } 160 return 0; 161} 162 163/* 164 * Save private data from incoming connection requests to 165 * iw_cm_event, so the low level driver doesn't have to. Adjust 166 * the event ptr to point to the local copy. 167 */ 168static int copy_private_data(struct iw_cm_event *event) 169{ 170 void *p; 171 172 p = kmemdup(event->private_data, event->private_data_len, GFP_ATOMIC); 173 if (!p) 174 return -ENOMEM; 175 event->private_data = p; 176 return 0; 177} 178 179static void free_cm_id(struct iwcm_id_private *cm_id_priv) 180{ 181 dealloc_work_entries(cm_id_priv); 182 kfree(cm_id_priv); 183} 184 185/* 186 * Release a reference on cm_id. If the last reference is being 187 * released, free the cm_id and return 1. 188 */ 189static int iwcm_deref_id(struct iwcm_id_private *cm_id_priv) 190{ 191 BUG_ON(atomic_read(&cm_id_priv->refcount)==0); 192 if (atomic_dec_and_test(&cm_id_priv->refcount)) { 193 BUG_ON(!list_empty(&cm_id_priv->work_list)); 194 free_cm_id(cm_id_priv); 195 return 1; 196 } 197 198 return 0; 199} 200 201static void add_ref(struct iw_cm_id *cm_id) 202{ 203 struct iwcm_id_private *cm_id_priv; 204 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 205 atomic_inc(&cm_id_priv->refcount); 206} 207 208static void rem_ref(struct iw_cm_id *cm_id) 209{ 210 struct iwcm_id_private *cm_id_priv; 211 212 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 213 214 (void)iwcm_deref_id(cm_id_priv); 215} 216 217static int cm_event_handler(struct iw_cm_id *cm_id, struct iw_cm_event *event); 218 219struct iw_cm_id *iw_create_cm_id(struct ib_device *device, 220 iw_cm_handler cm_handler, 221 void *context) 222{ 223 struct iwcm_id_private *cm_id_priv; 224 225 cm_id_priv = kzalloc(sizeof(*cm_id_priv), GFP_KERNEL); 226 if (!cm_id_priv) 227 return ERR_PTR(-ENOMEM); 228 229 cm_id_priv->state = IW_CM_STATE_IDLE; 230 cm_id_priv->id.device = device; 231 cm_id_priv->id.cm_handler = cm_handler; 232 cm_id_priv->id.context = context; 233 cm_id_priv->id.event_handler = cm_event_handler; 234 cm_id_priv->id.add_ref = add_ref; 235 cm_id_priv->id.rem_ref = rem_ref; 236 spin_lock_init(&cm_id_priv->lock); 237 atomic_set(&cm_id_priv->refcount, 1); 238 init_waitqueue_head(&cm_id_priv->connect_wait); 239 init_completion(&cm_id_priv->destroy_comp); 240 INIT_LIST_HEAD(&cm_id_priv->work_list); 241 INIT_LIST_HEAD(&cm_id_priv->work_free_list); 242 243 return &cm_id_priv->id; 244} 245EXPORT_SYMBOL(iw_create_cm_id); 246 247 248static int iwcm_modify_qp_err(struct ib_qp *qp) 249{ 250 struct ib_qp_attr qp_attr; 251 252 if (!qp) 253 return -EINVAL; 254 255 qp_attr.qp_state = IB_QPS_ERR; 256 return ib_modify_qp(qp, &qp_attr, IB_QP_STATE); 257} 258 259/* 260 * This is really the RDMAC CLOSING state. It is most similar to the 261 * IB SQD QP state. 262 */ 263static int iwcm_modify_qp_sqd(struct ib_qp *qp) 264{ 265 struct ib_qp_attr qp_attr; 266 267 BUG_ON(qp == NULL); 268 qp_attr.qp_state = IB_QPS_SQD; 269 return ib_modify_qp(qp, &qp_attr, IB_QP_STATE); 270} 271 272/* 273 * CM_ID <-- CLOSING 274 * 275 * Block if a passive or active connection is currently being processed. Then 276 * process the event as follows: 277 * - If we are ESTABLISHED, move to CLOSING and modify the QP state 278 * based on the abrupt flag 279 * - If the connection is already in the CLOSING or IDLE state, the peer is 280 * disconnecting concurrently with us and we've already seen the 281 * DISCONNECT event -- ignore the request and return 0 282 * - Disconnect on a listening endpoint returns -EINVAL 283 */ 284int iw_cm_disconnect(struct iw_cm_id *cm_id, int abrupt) 285{ 286 struct iwcm_id_private *cm_id_priv; 287 unsigned long flags; 288 int ret = 0; 289 struct ib_qp *qp = NULL; 290 291 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 292 /* Wait if we're currently in a connect or accept downcall */ 293 wait_event(cm_id_priv->connect_wait, 294 !test_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags)); 295 296 spin_lock_irqsave(&cm_id_priv->lock, flags); 297 switch (cm_id_priv->state) { 298 case IW_CM_STATE_ESTABLISHED: 299 cm_id_priv->state = IW_CM_STATE_CLOSING; 300 301 /* QP could be <nul> for user-mode client */ 302 if (cm_id_priv->qp) 303 qp = cm_id_priv->qp; 304 else 305 ret = -EINVAL; 306 break; 307 case IW_CM_STATE_LISTEN: 308 ret = -EINVAL; 309 break; 310 case IW_CM_STATE_CLOSING: 311 /* remote peer closed first */ 312 case IW_CM_STATE_IDLE: 313 /* accept or connect returned !0 */ 314 break; 315 case IW_CM_STATE_CONN_RECV: 316 /* 317 * App called disconnect before/without calling accept after 318 * connect_request event delivered. 319 */ 320 break; 321 case IW_CM_STATE_CONN_SENT: 322 /* Can only get here if wait above fails */ 323 default: 324 BUG(); 325 } 326 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 327 328 if (qp) { 329 if (abrupt) 330 (void) iwcm_modify_qp_err(qp); 331 else 332 (void) iwcm_modify_qp_sqd(qp); 333 334 /* 335 * If both sides are disconnecting the QP could 336 * already be in ERR or SQD states 337 */ 338 ret = 0; 339 } 340 341 return ret; 342} 343EXPORT_SYMBOL(iw_cm_disconnect); 344 345/* 346 * CM_ID <-- DESTROYING 347 * 348 * Clean up all resources associated with the connection and release 349 * the initial reference taken by iw_create_cm_id. 350 */ 351static void destroy_cm_id(struct iw_cm_id *cm_id) 352{ 353 struct iwcm_id_private *cm_id_priv; 354 unsigned long flags; 355 356 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 357 /* 358 * Wait if we're currently in a connect or accept downcall. A 359 * listening endpoint should never block here. 360 */ 361 wait_event(cm_id_priv->connect_wait, 362 !test_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags)); 363 364 /* 365 * Since we're deleting the cm_id, drop any events that 366 * might arrive before the last dereference. 367 */ 368 set_bit(IWCM_F_DROP_EVENTS, &cm_id_priv->flags); 369 370 spin_lock_irqsave(&cm_id_priv->lock, flags); 371 switch (cm_id_priv->state) { 372 case IW_CM_STATE_LISTEN: 373 cm_id_priv->state = IW_CM_STATE_DESTROYING; 374 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 375 /* destroy the listening endpoint */ 376 cm_id->device->iwcm->destroy_listen(cm_id); 377 spin_lock_irqsave(&cm_id_priv->lock, flags); 378 break; 379 case IW_CM_STATE_ESTABLISHED: 380 cm_id_priv->state = IW_CM_STATE_DESTROYING; 381 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 382 /* Abrupt close of the connection */ 383 (void)iwcm_modify_qp_err(cm_id_priv->qp); 384 spin_lock_irqsave(&cm_id_priv->lock, flags); 385 break; 386 case IW_CM_STATE_IDLE: 387 case IW_CM_STATE_CLOSING: 388 cm_id_priv->state = IW_CM_STATE_DESTROYING; 389 break; 390 case IW_CM_STATE_CONN_RECV: 391 /* 392 * App called destroy before/without calling accept after 393 * receiving connection request event notification or 394 * returned non zero from the event callback function. 395 * In either case, must tell the provider to reject. 396 */ 397 cm_id_priv->state = IW_CM_STATE_DESTROYING; 398 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 399 cm_id->device->iwcm->reject(cm_id, NULL, 0); 400 spin_lock_irqsave(&cm_id_priv->lock, flags); 401 break; 402 case IW_CM_STATE_CONN_SENT: 403 case IW_CM_STATE_DESTROYING: 404 default: 405 BUG(); 406 break; 407 } 408 if (cm_id_priv->qp) { 409 cm_id_priv->id.device->iwcm->rem_ref(cm_id_priv->qp); 410 cm_id_priv->qp = NULL; 411 } 412 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 413 414 (void)iwcm_deref_id(cm_id_priv); 415} 416 417/* 418 * This function is only called by the application thread and cannot 419 * be called by the event thread. The function will wait for all 420 * references to be released on the cm_id and then kfree the cm_id 421 * object. 422 */ 423void iw_destroy_cm_id(struct iw_cm_id *cm_id) 424{ 425 destroy_cm_id(cm_id); 426} 427EXPORT_SYMBOL(iw_destroy_cm_id); 428 429/** 430 * iw_cm_map - Use portmapper to map the ports 431 * @cm_id: connection manager pointer 432 * @active: Indicates the active side when true 433 * returns nonzero for error only if iwpm_create_mapinfo() fails 434 * 435 * Tries to add a mapping for a port using the Portmapper. If 436 * successful in mapping the IP/Port it will check the remote 437 * mapped IP address for a wildcard IP address and replace the 438 * zero IP address with the remote_addr. 439 */ 440static int iw_cm_map(struct iw_cm_id *cm_id, bool active) 441{ 442 cm_id->m_local_addr = cm_id->local_addr; 443 cm_id->m_remote_addr = cm_id->remote_addr; 444 445 return 0; 446} 447 448/* 449 * CM_ID <-- LISTEN 450 * 451 * Start listening for connect requests. Generates one CONNECT_REQUEST 452 * event for each inbound connect request. 453 */ 454int iw_cm_listen(struct iw_cm_id *cm_id, int backlog) 455{ 456 struct iwcm_id_private *cm_id_priv; 457 unsigned long flags; 458 int ret; 459 460 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 461 462 if (!backlog) 463 backlog = default_backlog; 464 465 ret = alloc_work_entries(cm_id_priv, backlog); 466 if (ret) 467 return ret; 468 469 spin_lock_irqsave(&cm_id_priv->lock, flags); 470 switch (cm_id_priv->state) { 471 case IW_CM_STATE_IDLE: 472 cm_id_priv->state = IW_CM_STATE_LISTEN; 473 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 474 ret = iw_cm_map(cm_id, false); 475 if (!ret) 476 ret = cm_id->device->iwcm->create_listen(cm_id, backlog); 477 if (ret) 478 cm_id_priv->state = IW_CM_STATE_IDLE; 479 spin_lock_irqsave(&cm_id_priv->lock, flags); 480 break; 481 default: 482 ret = -EINVAL; 483 } 484 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 485 486 return ret; 487} 488EXPORT_SYMBOL(iw_cm_listen); 489 490/* 491 * CM_ID <-- IDLE 492 * 493 * Rejects an inbound connection request. No events are generated. 494 */ 495int iw_cm_reject(struct iw_cm_id *cm_id, 496 const void *private_data, 497 u8 private_data_len) 498{ 499 struct iwcm_id_private *cm_id_priv; 500 unsigned long flags; 501 int ret; 502 503 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 504 set_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 505 506 spin_lock_irqsave(&cm_id_priv->lock, flags); 507 if (cm_id_priv->state != IW_CM_STATE_CONN_RECV) { 508 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 509 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 510 wake_up_all(&cm_id_priv->connect_wait); 511 return -EINVAL; 512 } 513 cm_id_priv->state = IW_CM_STATE_IDLE; 514 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 515 516 ret = cm_id->device->iwcm->reject(cm_id, private_data, 517 private_data_len); 518 519 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 520 wake_up_all(&cm_id_priv->connect_wait); 521 522 return ret; 523} 524EXPORT_SYMBOL(iw_cm_reject); 525 526/* 527 * CM_ID <-- ESTABLISHED 528 * 529 * Accepts an inbound connection request and generates an ESTABLISHED 530 * event. Callers of iw_cm_disconnect and iw_destroy_cm_id will block 531 * until the ESTABLISHED event is received from the provider. 532 */ 533int iw_cm_accept(struct iw_cm_id *cm_id, 534 struct iw_cm_conn_param *iw_param) 535{ 536 struct iwcm_id_private *cm_id_priv; 537 struct ib_qp *qp; 538 unsigned long flags; 539 int ret; 540 541 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 542 set_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 543 544 spin_lock_irqsave(&cm_id_priv->lock, flags); 545 if (cm_id_priv->state != IW_CM_STATE_CONN_RECV) { 546 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 547 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 548 wake_up_all(&cm_id_priv->connect_wait); 549 return -EINVAL; 550 } 551 /* Get the ib_qp given the QPN */ 552 qp = cm_id->device->iwcm->get_qp(cm_id->device, iw_param->qpn); 553 if (!qp) { 554 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 555 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 556 wake_up_all(&cm_id_priv->connect_wait); 557 return -EINVAL; 558 } 559 cm_id->device->iwcm->add_ref(qp); 560 cm_id_priv->qp = qp; 561 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 562 563 ret = cm_id->device->iwcm->accept(cm_id, iw_param); 564 if (ret) { 565 /* An error on accept precludes provider events */ 566 BUG_ON(cm_id_priv->state != IW_CM_STATE_CONN_RECV); 567 cm_id_priv->state = IW_CM_STATE_IDLE; 568 spin_lock_irqsave(&cm_id_priv->lock, flags); 569 if (cm_id_priv->qp) { 570 cm_id->device->iwcm->rem_ref(qp); 571 cm_id_priv->qp = NULL; 572 } 573 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 574 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 575 wake_up_all(&cm_id_priv->connect_wait); 576 } 577 578 return ret; 579} 580EXPORT_SYMBOL(iw_cm_accept); 581 582/* 583 * Active Side: CM_ID <-- CONN_SENT 584 * 585 * If successful, results in the generation of a CONNECT_REPLY 586 * event. iw_cm_disconnect and iw_cm_destroy will block until the 587 * CONNECT_REPLY event is received from the provider. 588 */ 589int iw_cm_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *iw_param) 590{ 591 struct iwcm_id_private *cm_id_priv; 592 int ret; 593 unsigned long flags; 594 struct ib_qp *qp; 595 596 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 597 598 ret = alloc_work_entries(cm_id_priv, 4); 599 if (ret) 600 return ret; 601 602 set_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 603 spin_lock_irqsave(&cm_id_priv->lock, flags); 604 605 if (cm_id_priv->state != IW_CM_STATE_IDLE) { 606 ret = -EINVAL; 607 goto err; 608 } 609 610 /* Get the ib_qp given the QPN */ 611 qp = cm_id->device->iwcm->get_qp(cm_id->device, iw_param->qpn); 612 if (!qp) { 613 ret = -EINVAL; 614 goto err; 615 } 616 cm_id->device->iwcm->add_ref(qp); 617 cm_id_priv->qp = qp; 618 cm_id_priv->state = IW_CM_STATE_CONN_SENT; 619 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 620 621 ret = iw_cm_map(cm_id, true); 622 if (!ret) 623 ret = cm_id->device->iwcm->connect(cm_id, iw_param); 624 if (!ret) 625 return 0; /* success */ 626 627 spin_lock_irqsave(&cm_id_priv->lock, flags); 628 if (cm_id_priv->qp) { 629 cm_id->device->iwcm->rem_ref(qp); 630 cm_id_priv->qp = NULL; 631 } 632 cm_id_priv->state = IW_CM_STATE_IDLE; 633err: 634 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 635 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 636 wake_up_all(&cm_id_priv->connect_wait); 637 return ret; 638} 639EXPORT_SYMBOL(iw_cm_connect); 640 641/* 642 * Passive Side: new CM_ID <-- CONN_RECV 643 * 644 * Handles an inbound connect request. The function creates a new 645 * iw_cm_id to represent the new connection and inherits the client 646 * callback function and other attributes from the listening parent. 647 * 648 * The work item contains a pointer to the listen_cm_id and the event. The 649 * listen_cm_id contains the client cm_handler, context and 650 * device. These are copied when the device is cloned. The event 651 * contains the new four tuple. 652 * 653 * An error on the child should not affect the parent, so this 654 * function does not return a value. 655 */ 656static void cm_conn_req_handler(struct iwcm_id_private *listen_id_priv, 657 struct iw_cm_event *iw_event) 658{ 659 unsigned long flags; 660 struct iw_cm_id *cm_id; 661 struct iwcm_id_private *cm_id_priv; 662 int ret; 663 664 /* 665 * The provider should never generate a connection request 666 * event with a bad status. 667 */ 668 BUG_ON(iw_event->status); 669 670 cm_id = iw_create_cm_id(listen_id_priv->id.device, 671 listen_id_priv->id.cm_handler, 672 listen_id_priv->id.context); 673 /* If the cm_id could not be created, ignore the request */ 674 if (IS_ERR(cm_id)) 675 goto out; 676 677 cm_id->provider_data = iw_event->provider_data; 678 cm_id->m_local_addr = iw_event->local_addr; 679 cm_id->m_remote_addr = iw_event->remote_addr; 680 cm_id->local_addr = listen_id_priv->id.local_addr; 681 cm_id->remote_addr = iw_event->remote_addr; 682 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 683 cm_id_priv->state = IW_CM_STATE_CONN_RECV; 684 685 /* 686 * We could be destroying the listening id. If so, ignore this 687 * upcall. 688 */ 689 spin_lock_irqsave(&listen_id_priv->lock, flags); 690 if (listen_id_priv->state != IW_CM_STATE_LISTEN) { 691 spin_unlock_irqrestore(&listen_id_priv->lock, flags); 692 iw_cm_reject(cm_id, NULL, 0); 693 iw_destroy_cm_id(cm_id); 694 goto out; 695 } 696 spin_unlock_irqrestore(&listen_id_priv->lock, flags); 697 698 ret = alloc_work_entries(cm_id_priv, 3); 699 if (ret) { 700 iw_cm_reject(cm_id, NULL, 0); 701 iw_destroy_cm_id(cm_id); 702 goto out; 703 } 704 705 /* Call the client CM handler */ 706 ret = cm_id->cm_handler(cm_id, iw_event); 707 if (ret) { 708 iw_cm_reject(cm_id, NULL, 0); 709 iw_destroy_cm_id(cm_id); 710 } 711 712out: 713 if (iw_event->private_data_len) 714 kfree(iw_event->private_data); 715} 716 717/* 718 * Passive Side: CM_ID <-- ESTABLISHED 719 * 720 * The provider generated an ESTABLISHED event which means that 721 * the MPA negotion has completed successfully and we are now in MPA 722 * FPDU mode. 723 * 724 * This event can only be received in the CONN_RECV state. If the 725 * remote peer closed, the ESTABLISHED event would be received followed 726 * by the CLOSE event. If the app closes, it will block until we wake 727 * it up after processing this event. 728 */ 729static int cm_conn_est_handler(struct iwcm_id_private *cm_id_priv, 730 struct iw_cm_event *iw_event) 731{ 732 unsigned long flags; 733 int ret; 734 735 spin_lock_irqsave(&cm_id_priv->lock, flags); 736 737 /* 738 * We clear the CONNECT_WAIT bit here to allow the callback 739 * function to call iw_cm_disconnect. Calling iw_destroy_cm_id 740 * from a callback handler is not allowed. 741 */ 742 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 743 BUG_ON(cm_id_priv->state != IW_CM_STATE_CONN_RECV); 744 cm_id_priv->state = IW_CM_STATE_ESTABLISHED; 745 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 746 ret = cm_id_priv->id.cm_handler(&cm_id_priv->id, iw_event); 747 wake_up_all(&cm_id_priv->connect_wait); 748 749 return ret; 750} 751 752/* 753 * Active Side: CM_ID <-- ESTABLISHED 754 * 755 * The app has called connect and is waiting for the established event to 756 * post it's requests to the server. This event will wake up anyone 757 * blocked in iw_cm_disconnect or iw_destroy_id. 758 */ 759static int cm_conn_rep_handler(struct iwcm_id_private *cm_id_priv, 760 struct iw_cm_event *iw_event) 761{ 762 unsigned long flags; 763 int ret; 764 765 spin_lock_irqsave(&cm_id_priv->lock, flags); 766 /* 767 * Clear the connect wait bit so a callback function calling 768 * iw_cm_disconnect will not wait and deadlock this thread 769 */ 770 clear_bit(IWCM_F_CONNECT_WAIT, &cm_id_priv->flags); 771 BUG_ON(cm_id_priv->state != IW_CM_STATE_CONN_SENT); 772 if (iw_event->status == 0) { 773 cm_id_priv->id.m_local_addr = iw_event->local_addr; 774 cm_id_priv->id.m_remote_addr = iw_event->remote_addr; 775 iw_event->local_addr = cm_id_priv->id.local_addr; 776 iw_event->remote_addr = cm_id_priv->id.remote_addr; 777 cm_id_priv->state = IW_CM_STATE_ESTABLISHED; 778 } else { 779 /* REJECTED or RESET */ 780 cm_id_priv->id.device->iwcm->rem_ref(cm_id_priv->qp); 781 cm_id_priv->qp = NULL; 782 cm_id_priv->state = IW_CM_STATE_IDLE; 783 } 784 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 785 ret = cm_id_priv->id.cm_handler(&cm_id_priv->id, iw_event); 786 787 if (iw_event->private_data_len) 788 kfree(iw_event->private_data); 789 790 /* Wake up waiters on connect complete */ 791 wake_up_all(&cm_id_priv->connect_wait); 792 793 return ret; 794} 795 796/* 797 * CM_ID <-- CLOSING 798 * 799 * If in the ESTABLISHED state, move to CLOSING. 800 */ 801static void cm_disconnect_handler(struct iwcm_id_private *cm_id_priv, 802 struct iw_cm_event *iw_event) 803{ 804 unsigned long flags; 805 806 spin_lock_irqsave(&cm_id_priv->lock, flags); 807 if (cm_id_priv->state == IW_CM_STATE_ESTABLISHED) 808 cm_id_priv->state = IW_CM_STATE_CLOSING; 809 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 810} 811 812/* 813 * CM_ID <-- IDLE 814 * 815 * If in the ESTBLISHED or CLOSING states, the QP will have have been 816 * moved by the provider to the ERR state. Disassociate the CM_ID from 817 * the QP, move to IDLE, and remove the 'connected' reference. 818 * 819 * If in some other state, the cm_id was destroyed asynchronously. 820 * This is the last reference that will result in waking up 821 * the app thread blocked in iw_destroy_cm_id. 822 */ 823static int cm_close_handler(struct iwcm_id_private *cm_id_priv, 824 struct iw_cm_event *iw_event) 825{ 826 unsigned long flags; 827 int ret = 0; 828 spin_lock_irqsave(&cm_id_priv->lock, flags); 829 830 if (cm_id_priv->qp) { 831 cm_id_priv->id.device->iwcm->rem_ref(cm_id_priv->qp); 832 cm_id_priv->qp = NULL; 833 } 834 switch (cm_id_priv->state) { 835 case IW_CM_STATE_ESTABLISHED: 836 case IW_CM_STATE_CLOSING: 837 cm_id_priv->state = IW_CM_STATE_IDLE; 838 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 839 ret = cm_id_priv->id.cm_handler(&cm_id_priv->id, iw_event); 840 spin_lock_irqsave(&cm_id_priv->lock, flags); 841 break; 842 case IW_CM_STATE_DESTROYING: 843 break; 844 default: 845 BUG(); 846 } 847 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 848 849 return ret; 850} 851 852static int process_event(struct iwcm_id_private *cm_id_priv, 853 struct iw_cm_event *iw_event) 854{ 855 int ret = 0; 856 857 switch (iw_event->event) { 858 case IW_CM_EVENT_CONNECT_REQUEST: 859 cm_conn_req_handler(cm_id_priv, iw_event); 860 break; 861 case IW_CM_EVENT_CONNECT_REPLY: 862 ret = cm_conn_rep_handler(cm_id_priv, iw_event); 863 break; 864 case IW_CM_EVENT_ESTABLISHED: 865 ret = cm_conn_est_handler(cm_id_priv, iw_event); 866 break; 867 case IW_CM_EVENT_DISCONNECT: 868 cm_disconnect_handler(cm_id_priv, iw_event); 869 break; 870 case IW_CM_EVENT_CLOSE: 871 ret = cm_close_handler(cm_id_priv, iw_event); 872 break; 873 default: 874 BUG(); 875 } 876 877 return ret; 878} 879 880/* 881 * Process events on the work_list for the cm_id. If the callback 882 * function requests that the cm_id be deleted, a flag is set in the 883 * cm_id flags to indicate that when the last reference is 884 * removed, the cm_id is to be destroyed. This is necessary to 885 * distinguish between an object that will be destroyed by the app 886 * thread asleep on the destroy_comp list vs. an object destroyed 887 * here synchronously when the last reference is removed. 888 */ 889static void cm_work_handler(struct work_struct *_work) 890{ 891 struct iwcm_work *work = container_of(_work, struct iwcm_work, work); 892 struct iw_cm_event levent; 893 struct iwcm_id_private *cm_id_priv = work->cm_id; 894 unsigned long flags; 895 int empty; 896 int ret = 0; 897 898 spin_lock_irqsave(&cm_id_priv->lock, flags); 899 empty = list_empty(&cm_id_priv->work_list); 900 while (!empty) { 901 work = list_entry(cm_id_priv->work_list.next, 902 struct iwcm_work, list); 903 list_del_init(&work->list); 904 empty = list_empty(&cm_id_priv->work_list); 905 levent = work->event; 906 put_work(work); 907 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 908 909 if (!test_bit(IWCM_F_DROP_EVENTS, &cm_id_priv->flags)) { 910 ret = process_event(cm_id_priv, &levent); 911 if (ret) 912 destroy_cm_id(&cm_id_priv->id); 913 } else 914 pr_debug("dropping event %d\n", levent.event); 915 if (iwcm_deref_id(cm_id_priv)) 916 return; 917 if (empty) 918 return; 919 spin_lock_irqsave(&cm_id_priv->lock, flags); 920 } 921 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 922} 923 924/* 925 * This function is called on interrupt context. Schedule events on 926 * the iwcm_wq thread to allow callback functions to downcall into 927 * the CM and/or block. Events are queued to a per-CM_ID 928 * work_list. If this is the first event on the work_list, the work 929 * element is also queued on the iwcm_wq thread. 930 * 931 * Each event holds a reference on the cm_id. Until the last posted 932 * event has been delivered and processed, the cm_id cannot be 933 * deleted. 934 * 935 * Returns: 936 * 0 - the event was handled. 937 * -ENOMEM - the event was not handled due to lack of resources. 938 */ 939static int cm_event_handler(struct iw_cm_id *cm_id, 940 struct iw_cm_event *iw_event) 941{ 942 struct iwcm_work *work; 943 struct iwcm_id_private *cm_id_priv; 944 unsigned long flags; 945 int ret = 0; 946 947 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 948 949 spin_lock_irqsave(&cm_id_priv->lock, flags); 950 work = get_work(cm_id_priv); 951 if (!work) { 952 ret = -ENOMEM; 953 goto out; 954 } 955 956 INIT_WORK(&work->work, cm_work_handler); 957 work->cm_id = cm_id_priv; 958 work->event = *iw_event; 959 960 if ((work->event.event == IW_CM_EVENT_CONNECT_REQUEST || 961 work->event.event == IW_CM_EVENT_CONNECT_REPLY) && 962 work->event.private_data_len) { 963 ret = copy_private_data(&work->event); 964 if (ret) { 965 put_work(work); 966 goto out; 967 } 968 } 969 970 atomic_inc(&cm_id_priv->refcount); 971 if (list_empty(&cm_id_priv->work_list)) { 972 list_add_tail(&work->list, &cm_id_priv->work_list); 973 queue_work(iwcm_wq, &work->work); 974 } else 975 list_add_tail(&work->list, &cm_id_priv->work_list); 976out: 977 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 978 return ret; 979} 980 981static int iwcm_init_qp_init_attr(struct iwcm_id_private *cm_id_priv, 982 struct ib_qp_attr *qp_attr, 983 int *qp_attr_mask) 984{ 985 unsigned long flags; 986 int ret; 987 988 spin_lock_irqsave(&cm_id_priv->lock, flags); 989 switch (cm_id_priv->state) { 990 case IW_CM_STATE_IDLE: 991 case IW_CM_STATE_CONN_SENT: 992 case IW_CM_STATE_CONN_RECV: 993 case IW_CM_STATE_ESTABLISHED: 994 *qp_attr_mask = IB_QP_STATE | IB_QP_ACCESS_FLAGS; 995 qp_attr->qp_access_flags = IB_ACCESS_REMOTE_WRITE| 996 IB_ACCESS_REMOTE_READ; 997 ret = 0; 998 break; 999 default: 1000 ret = -EINVAL; 1001 break; 1002 } 1003 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 1004 return ret; 1005} 1006 1007static int iwcm_init_qp_rts_attr(struct iwcm_id_private *cm_id_priv, 1008 struct ib_qp_attr *qp_attr, 1009 int *qp_attr_mask) 1010{ 1011 unsigned long flags; 1012 int ret; 1013 1014 spin_lock_irqsave(&cm_id_priv->lock, flags); 1015 switch (cm_id_priv->state) { 1016 case IW_CM_STATE_IDLE: 1017 case IW_CM_STATE_CONN_SENT: 1018 case IW_CM_STATE_CONN_RECV: 1019 case IW_CM_STATE_ESTABLISHED: 1020 *qp_attr_mask = 0; 1021 ret = 0; 1022 break; 1023 default: 1024 ret = -EINVAL; 1025 break; 1026 } 1027 spin_unlock_irqrestore(&cm_id_priv->lock, flags); 1028 return ret; 1029} 1030 1031int iw_cm_init_qp_attr(struct iw_cm_id *cm_id, 1032 struct ib_qp_attr *qp_attr, 1033 int *qp_attr_mask) 1034{ 1035 struct iwcm_id_private *cm_id_priv; 1036 int ret; 1037 1038 cm_id_priv = container_of(cm_id, struct iwcm_id_private, id); 1039 switch (qp_attr->qp_state) { 1040 case IB_QPS_INIT: 1041 case IB_QPS_RTR: 1042 ret = iwcm_init_qp_init_attr(cm_id_priv, 1043 qp_attr, qp_attr_mask); 1044 break; 1045 case IB_QPS_RTS: 1046 ret = iwcm_init_qp_rts_attr(cm_id_priv, 1047 qp_attr, qp_attr_mask); 1048 break; 1049 default: 1050 ret = -EINVAL; 1051 break; 1052 } 1053 return ret; 1054} 1055EXPORT_SYMBOL(iw_cm_init_qp_attr); 1056 1057static int __init iw_cm_init(void) 1058{ 1059 iwcm_wq = alloc_ordered_workqueue("iw_cm_wq", WQ_MEM_RECLAIM); 1060 if (!iwcm_wq) 1061 return -ENOMEM; 1062 1063 return 0; 1064} 1065 1066static void __exit iw_cm_cleanup(void) 1067{ 1068 destroy_workqueue(iwcm_wq); 1069} 1070 1071module_init_order(iw_cm_init, SI_ORDER_FIRST); 1072module_exit_order(iw_cm_cleanup, SI_ORDER_FIRST); 1073