2 * Copyright (c) 2016, Mellanox Technologies inc. All rights reserved.
4 * This software is available to you under a choice of one of two
5 * licenses. You may choose to be licensed under the terms of the GNU
6 * General Public License (GPL) Version 2, available from the file
7 * COPYING in the main directory of this source tree, or the
8 * OpenIB.org BSD license below:
10 * Redistribution and use in source and binary forms, with or
11 * without modification, are permitted provided that the following
14 * - Redistributions of source code must retain the above
15 * copyright notice, this list of conditions and the following
18 * - Redistributions in binary form must reproduce the above
19 * copyright notice, this list of conditions and the following
20 * disclaimer in the documentation and/or other materials
21 * provided with the distribution.
23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
33 #include <linux/file.h>
34 #include <linux/anon_inodes.h>
35 #include <linux/sched/mm.h>
36 #include <rdma/ib_verbs.h>
37 #include <rdma/uverbs_types.h>
38 #include <linux/rcupdate.h>
39 #include <rdma/uverbs_ioctl.h>
40 #include <rdma/rdma_user_ioctl.h>
42 #include "core_priv.h"
43 #include "rdma_core.h"
45 static void uverbs_uobject_free(struct kref *ref)
47 kfree_rcu(container_of(ref, struct ib_uobject, ref), rcu);
51 * In order to indicate we no longer needs this uobject, uverbs_uobject_put
52 * is called. When the reference count is decreased, the uobject is freed.
53 * For example, this is used when attaching a completion channel to a CQ.
55 void uverbs_uobject_put(struct ib_uobject *uobject)
57 kref_put(&uobject->ref, uverbs_uobject_free);
59 EXPORT_SYMBOL(uverbs_uobject_put);
61 static int uverbs_try_lock_object(struct ib_uobject *uobj,
62 enum rdma_lookup_mode mode)
65 * When a shared access is required, we use a positive counter. Each
66 * shared access request checks that the value != -1 and increment it.
67 * Exclusive access is required for operations like write or destroy.
68 * In exclusive access mode, we check that the counter is zero (nobody
69 * claimed this object) and we set it to -1. Releasing a shared access
70 * lock is done simply by decreasing the counter. As for exclusive
71 * access locks, since only a single one of them is is allowed
72 * concurrently, setting the counter to zero is enough for releasing
76 case UVERBS_LOOKUP_READ:
77 return atomic_fetch_add_unless(&uobj->usecnt, 1, -1) == -1 ?
79 case UVERBS_LOOKUP_WRITE:
80 /* lock is exclusive */
81 return atomic_cmpxchg(&uobj->usecnt, 0, -1) == 0 ? 0 : -EBUSY;
82 case UVERBS_LOOKUP_DESTROY:
88 static void assert_uverbs_usecnt(struct ib_uobject *uobj,
89 enum rdma_lookup_mode mode)
93 case UVERBS_LOOKUP_READ:
94 WARN_ON(atomic_read(&uobj->usecnt) <= 0);
96 case UVERBS_LOOKUP_WRITE:
97 WARN_ON(atomic_read(&uobj->usecnt) != -1);
99 case UVERBS_LOOKUP_DESTROY:
106 * This must be called with the hw_destroy_rwsem locked for read or write,
107 * also the uobject itself must be locked for write.
109 * Upon return the HW object is guaranteed to be destroyed.
111 * For RDMA_REMOVE_ABORT, the hw_destroy_rwsem is not required to be held,
112 * however the type's allocat_commit function cannot have been called and the
113 * uobject cannot be on the uobjects_lists
115 * For RDMA_REMOVE_DESTROY the caller shold be holding a kref (eg via
116 * rdma_lookup_get_uobject) and the object is left in a state where the caller
117 * needs to call rdma_lookup_put_uobject.
119 * For all other destroy modes this function internally unlocks the uobject
120 * and consumes the kref on the uobj.
122 static int uverbs_destroy_uobject(struct ib_uobject *uobj,
123 enum rdma_remove_reason reason,
124 struct uverbs_attr_bundle *attrs)
126 struct ib_uverbs_file *ufile = attrs->ufile;
130 lockdep_assert_held(&ufile->hw_destroy_rwsem);
131 assert_uverbs_usecnt(uobj, UVERBS_LOOKUP_WRITE);
133 if (reason == RDMA_REMOVE_ABORT) {
134 WARN_ON(!list_empty(&uobj->list));
135 WARN_ON(!uobj->context);
136 uobj->uapi_object->type_class->alloc_abort(uobj);
137 } else if (uobj->object) {
138 ret = uobj->uapi_object->type_class->destroy_hw(uobj, reason,
141 if (ib_is_destroy_retryable(ret, reason, uobj))
144 /* Nothing to be done, dangle the memory and move on */
146 "ib_uverbs: failed to remove uobject id %d, driver err=%d",
153 uobj->context = NULL;
156 * For DESTROY the usecnt is not changed, the caller is expected to
157 * manage it via uobj_put_destroy(). Only DESTROY can remove the IDR
160 if (reason != RDMA_REMOVE_DESTROY)
161 atomic_set(&uobj->usecnt, 0);
163 uobj->uapi_object->type_class->remove_handle(uobj);
165 if (!list_empty(&uobj->list)) {
166 spin_lock_irqsave(&ufile->uobjects_lock, flags);
167 list_del_init(&uobj->list);
168 spin_unlock_irqrestore(&ufile->uobjects_lock, flags);
171 * Pairs with the get in rdma_alloc_commit_uobject(), could
174 uverbs_uobject_put(uobj);
178 * When aborting the stack kref remains owned by the core code, and is
179 * not transferred into the type. Pairs with the get in alloc_uobj
181 if (reason == RDMA_REMOVE_ABORT)
182 uverbs_uobject_put(uobj);
188 * This calls uverbs_destroy_uobject() using the RDMA_REMOVE_DESTROY
189 * sequence. It should only be used from command callbacks. On success the
190 * caller must pair this with uobj_put_destroy(). This
191 * version requires the caller to have already obtained an
192 * LOOKUP_DESTROY uobject kref.
194 int uobj_destroy(struct ib_uobject *uobj, struct uverbs_attr_bundle *attrs)
196 struct ib_uverbs_file *ufile = attrs->ufile;
199 down_read(&ufile->hw_destroy_rwsem);
202 * Once the uobject is destroyed by RDMA_REMOVE_DESTROY then it is left
203 * write locked as the callers put it back with UVERBS_LOOKUP_DESTROY.
204 * This is because any other concurrent thread can still see the object
205 * in the xarray due to RCU. Leaving it locked ensures nothing else will
208 ret = uverbs_try_lock_object(uobj, UVERBS_LOOKUP_WRITE);
212 ret = uverbs_destroy_uobject(uobj, RDMA_REMOVE_DESTROY, attrs);
214 atomic_set(&uobj->usecnt, 0);
219 up_read(&ufile->hw_destroy_rwsem);
224 * uobj_get_destroy destroys the HW object and returns a handle to the uobj
225 * with a NULL object pointer. The caller must pair this with
226 * uobj_put_destroy().
228 struct ib_uobject *__uobj_get_destroy(const struct uverbs_api_object *obj,
229 u32 id, struct uverbs_attr_bundle *attrs)
231 struct ib_uobject *uobj;
234 uobj = rdma_lookup_get_uobject(obj, attrs->ufile, id,
235 UVERBS_LOOKUP_DESTROY, attrs);
239 ret = uobj_destroy(uobj, attrs);
241 rdma_lookup_put_uobject(uobj, UVERBS_LOOKUP_DESTROY);
249 * Does both uobj_get_destroy() and uobj_put_destroy(). Returns 0 on success
250 * (negative errno on failure). For use by callers that do not need the uobj.
252 int __uobj_perform_destroy(const struct uverbs_api_object *obj, u32 id,
253 struct uverbs_attr_bundle *attrs)
255 struct ib_uobject *uobj;
257 uobj = __uobj_get_destroy(obj, id, attrs);
259 return PTR_ERR(uobj);
260 uobj_put_destroy(uobj);
264 /* alloc_uobj must be undone by uverbs_destroy_uobject() */
265 static struct ib_uobject *alloc_uobj(struct uverbs_attr_bundle *attrs,
266 const struct uverbs_api_object *obj)
268 struct ib_uverbs_file *ufile = attrs->ufile;
269 struct ib_uobject *uobj;
271 if (!attrs->context) {
272 struct ib_ucontext *ucontext =
273 ib_uverbs_get_ucontext_file(ufile);
275 if (IS_ERR(ucontext))
276 return ERR_CAST(ucontext);
277 attrs->context = ucontext;
280 uobj = kzalloc(obj->type_attrs->obj_size, GFP_KERNEL);
282 return ERR_PTR(-ENOMEM);
284 * user_handle should be filled by the handler,
285 * The object is added to the list in the commit stage.
288 uobj->context = attrs->context;
289 INIT_LIST_HEAD(&uobj->list);
290 uobj->uapi_object = obj;
292 * Allocated objects start out as write locked to deny any other
293 * syscalls from accessing them until they are committed. See
294 * rdma_alloc_commit_uobject
296 atomic_set(&uobj->usecnt, -1);
297 kref_init(&uobj->ref);
302 static int idr_add_uobj(struct ib_uobject *uobj)
305 * We start with allocating an idr pointing to NULL. This represents an
306 * object which isn't initialized yet. We'll replace it later on with
307 * the real object once we commit.
309 return xa_alloc(&uobj->ufile->idr, &uobj->id, NULL, xa_limit_32b,
313 /* Returns the ib_uobject or an error. The caller should check for IS_ERR. */
314 static struct ib_uobject *
315 lookup_get_idr_uobject(const struct uverbs_api_object *obj,
316 struct ib_uverbs_file *ufile, s64 id,
317 enum rdma_lookup_mode mode)
319 struct ib_uobject *uobj;
321 if (id < 0 || id > ULONG_MAX)
322 return ERR_PTR(-EINVAL);
326 * The idr_find is guaranteed to return a pointer to something that
327 * isn't freed yet, or NULL, as the free after idr_remove goes through
328 * kfree_rcu(). However the object may still have been released and
329 * kfree() could be called at any time.
331 uobj = xa_load(&ufile->idr, id);
332 if (!uobj || !kref_get_unless_zero(&uobj->ref))
333 uobj = ERR_PTR(-ENOENT);
338 static struct ib_uobject *
339 lookup_get_fd_uobject(const struct uverbs_api_object *obj,
340 struct ib_uverbs_file *ufile, s64 id,
341 enum rdma_lookup_mode mode)
343 const struct uverbs_obj_fd_type *fd_type;
345 struct ib_uobject *uobject;
349 return ERR_PTR(-EINVAL);
351 if (mode != UVERBS_LOOKUP_READ)
352 return ERR_PTR(-EOPNOTSUPP);
354 if (!obj->type_attrs)
355 return ERR_PTR(-EIO);
357 container_of(obj->type_attrs, struct uverbs_obj_fd_type, type);
361 return ERR_PTR(-EBADF);
363 uobject = f->private_data;
365 * fget(id) ensures we are not currently running
366 * uverbs_uobject_fd_release(), and the caller is expected to ensure
367 * that release is never done while a call to lookup is possible.
369 if (f->f_op != fd_type->fops || uobject->ufile != ufile) {
371 return ERR_PTR(-EBADF);
374 uverbs_uobject_get(uobject);
378 struct ib_uobject *rdma_lookup_get_uobject(const struct uverbs_api_object *obj,
379 struct ib_uverbs_file *ufile, s64 id,
380 enum rdma_lookup_mode mode,
381 struct uverbs_attr_bundle *attrs)
383 struct ib_uobject *uobj;
386 if (obj == ERR_PTR(-ENOMSG)) {
387 /* must be UVERBS_IDR_ANY_OBJECT, see uapi_get_object() */
388 uobj = lookup_get_idr_uobject(NULL, ufile, id, mode);
393 return ERR_PTR(-EINVAL);
395 uobj = obj->type_class->lookup_get(obj, ufile, id, mode);
399 if (uobj->uapi_object != obj) {
406 * If we have been disassociated block every command except for
407 * DESTROY based commands.
409 if (mode != UVERBS_LOOKUP_DESTROY &&
410 !srcu_dereference(ufile->device->ib_dev,
411 &ufile->device->disassociate_srcu)) {
416 ret = uverbs_try_lock_object(uobj, mode);
420 attrs->context = uobj->context;
424 uobj->uapi_object->type_class->lookup_put(uobj, mode);
425 uverbs_uobject_put(uobj);
429 static struct ib_uobject *
430 alloc_begin_idr_uobject(const struct uverbs_api_object *obj,
431 struct uverbs_attr_bundle *attrs)
434 struct ib_uobject *uobj;
436 uobj = alloc_uobj(attrs, obj);
440 ret = idr_add_uobj(uobj);
444 ret = ib_rdmacg_try_charge(&uobj->cg_obj, uobj->context->device,
445 RDMACG_RESOURCE_HCA_OBJECT);
452 xa_erase(&attrs->ufile->idr, uobj->id);
454 uverbs_uobject_put(uobj);
458 static struct ib_uobject *
459 alloc_begin_fd_uobject(const struct uverbs_api_object *obj,
460 struct uverbs_attr_bundle *attrs)
462 const struct uverbs_obj_fd_type *fd_type =
463 container_of(obj->type_attrs, struct uverbs_obj_fd_type, type);
465 struct ib_uobject *uobj;
468 if (WARN_ON(fd_type->fops->release != &uverbs_uobject_fd_release &&
469 fd_type->fops->release != &uverbs_async_event_release))
470 return ERR_PTR(-EINVAL);
472 new_fd = get_unused_fd_flags(O_CLOEXEC);
474 return ERR_PTR(new_fd);
476 uobj = alloc_uobj(attrs, obj);
480 /* Note that uverbs_uobject_fd_release() is called during abort */
481 filp = anon_inode_getfile(fd_type->name, fd_type->fops, NULL,
484 uverbs_uobject_put(uobj);
485 uobj = ERR_CAST(filp);
494 put_unused_fd(new_fd);
498 struct ib_uobject *rdma_alloc_begin_uobject(const struct uverbs_api_object *obj,
499 struct uverbs_attr_bundle *attrs)
501 struct ib_uverbs_file *ufile = attrs->ufile;
502 struct ib_uobject *ret;
505 return ERR_PTR(-EINVAL);
508 * The hw_destroy_rwsem is held across the entire object creation and
509 * released during rdma_alloc_commit_uobject or
510 * rdma_alloc_abort_uobject
512 if (!down_read_trylock(&ufile->hw_destroy_rwsem))
513 return ERR_PTR(-EIO);
515 ret = obj->type_class->alloc_begin(obj, attrs);
517 up_read(&ufile->hw_destroy_rwsem);
523 static void alloc_abort_idr_uobject(struct ib_uobject *uobj)
525 ib_rdmacg_uncharge(&uobj->cg_obj, uobj->context->device,
526 RDMACG_RESOURCE_HCA_OBJECT);
528 xa_erase(&uobj->ufile->idr, uobj->id);
531 static int __must_check destroy_hw_idr_uobject(struct ib_uobject *uobj,
532 enum rdma_remove_reason why,
533 struct uverbs_attr_bundle *attrs)
535 const struct uverbs_obj_idr_type *idr_type =
536 container_of(uobj->uapi_object->type_attrs,
537 struct uverbs_obj_idr_type, type);
538 int ret = idr_type->destroy_object(uobj, why, attrs);
541 * We can only fail gracefully if the user requested to destroy the
542 * object or when a retry may be called upon an error.
543 * In the rest of the cases, just remove whatever you can.
545 if (ib_is_destroy_retryable(ret, why, uobj))
548 if (why == RDMA_REMOVE_ABORT)
551 ib_rdmacg_uncharge(&uobj->cg_obj, uobj->context->device,
552 RDMACG_RESOURCE_HCA_OBJECT);
557 static void remove_handle_idr_uobject(struct ib_uobject *uobj)
559 xa_erase(&uobj->ufile->idr, uobj->id);
560 /* Matches the kref in alloc_commit_idr_uobject */
561 uverbs_uobject_put(uobj);
564 static void alloc_abort_fd_uobject(struct ib_uobject *uobj)
566 struct file *filp = uobj->object;
569 put_unused_fd(uobj->id);
572 static int __must_check destroy_hw_fd_uobject(struct ib_uobject *uobj,
573 enum rdma_remove_reason why,
574 struct uverbs_attr_bundle *attrs)
576 const struct uverbs_obj_fd_type *fd_type = container_of(
577 uobj->uapi_object->type_attrs, struct uverbs_obj_fd_type, type);
578 int ret = fd_type->destroy_object(uobj, why);
580 if (ib_is_destroy_retryable(ret, why, uobj))
586 static void remove_handle_fd_uobject(struct ib_uobject *uobj)
590 static void alloc_commit_idr_uobject(struct ib_uobject *uobj)
592 struct ib_uverbs_file *ufile = uobj->ufile;
596 * We already allocated this IDR with a NULL object, so
597 * this shouldn't fail.
599 * NOTE: Storing the uobj transfers our kref on uobj to the XArray.
600 * It will be put by remove_commit_idr_uobject()
602 old = xa_store(&ufile->idr, uobj->id, uobj, GFP_KERNEL);
603 WARN_ON(old != NULL);
606 static void alloc_commit_fd_uobject(struct ib_uobject *uobj)
609 struct file *filp = uobj->object;
611 /* Matching put will be done in uverbs_uobject_fd_release() */
612 kref_get(&uobj->ufile->ref);
614 /* This shouldn't be used anymore. Use the file object instead */
618 * NOTE: Once we install the file we loose ownership of our kref on
619 * uobj. It will be put by uverbs_uobject_fd_release()
621 filp->private_data = uobj;
622 fd_install(fd, filp);
626 * In all cases rdma_alloc_commit_uobject() consumes the kref to uobj and the
627 * caller can no longer assume uobj is valid. If this function fails it
628 * destroys the uboject, including the attached HW object.
630 void rdma_alloc_commit_uobject(struct ib_uobject *uobj,
631 struct uverbs_attr_bundle *attrs)
633 struct ib_uverbs_file *ufile = attrs->ufile;
635 /* alloc_commit consumes the uobj kref */
636 uobj->uapi_object->type_class->alloc_commit(uobj);
638 /* kref is held so long as the uobj is on the uobj list. */
639 uverbs_uobject_get(uobj);
640 spin_lock_irq(&ufile->uobjects_lock);
641 list_add(&uobj->list, &ufile->uobjects);
642 spin_unlock_irq(&ufile->uobjects_lock);
644 /* matches atomic_set(-1) in alloc_uobj */
645 atomic_set(&uobj->usecnt, 0);
647 /* Matches the down_read in rdma_alloc_begin_uobject */
648 up_read(&ufile->hw_destroy_rwsem);
652 * This consumes the kref for uobj. It is up to the caller to unwind the HW
653 * object and anything else connected to uobj before calling this.
655 void rdma_alloc_abort_uobject(struct ib_uobject *uobj,
656 struct uverbs_attr_bundle *attrs)
658 struct ib_uverbs_file *ufile = uobj->ufile;
660 uverbs_destroy_uobject(uobj, RDMA_REMOVE_ABORT, attrs);
662 /* Matches the down_read in rdma_alloc_begin_uobject */
663 up_read(&ufile->hw_destroy_rwsem);
666 static void lookup_put_idr_uobject(struct ib_uobject *uobj,
667 enum rdma_lookup_mode mode)
671 static void lookup_put_fd_uobject(struct ib_uobject *uobj,
672 enum rdma_lookup_mode mode)
674 struct file *filp = uobj->object;
676 WARN_ON(mode != UVERBS_LOOKUP_READ);
678 * This indirectly calls uverbs_uobject_fd_release() and free the
684 void rdma_lookup_put_uobject(struct ib_uobject *uobj,
685 enum rdma_lookup_mode mode)
687 assert_uverbs_usecnt(uobj, mode);
689 * In order to unlock an object, either decrease its usecnt for
690 * read access or zero it in case of exclusive access. See
691 * uverbs_try_lock_object for locking schema information.
694 case UVERBS_LOOKUP_READ:
695 atomic_dec(&uobj->usecnt);
697 case UVERBS_LOOKUP_WRITE:
698 atomic_set(&uobj->usecnt, 0);
700 case UVERBS_LOOKUP_DESTROY:
704 uobj->uapi_object->type_class->lookup_put(uobj, mode);
705 /* Pairs with the kref obtained by type->lookup_get */
706 uverbs_uobject_put(uobj);
709 void setup_ufile_idr_uobject(struct ib_uverbs_file *ufile)
711 xa_init_flags(&ufile->idr, XA_FLAGS_ALLOC);
714 void release_ufile_idr_uobject(struct ib_uverbs_file *ufile)
716 struct ib_uobject *entry;
720 * At this point uverbs_cleanup_ufile() is guaranteed to have run, and
721 * there are no HW objects left, however the xarray is still populated
722 * with anything that has not been cleaned up by userspace. Since the
723 * kref on ufile is 0, nothing is allowed to call lookup_get.
725 * This is an optimized equivalent to remove_handle_idr_uobject
727 xa_for_each(&ufile->idr, id, entry) {
728 WARN_ON(entry->object);
729 uverbs_uobject_put(entry);
732 xa_destroy(&ufile->idr);
735 const struct uverbs_obj_type_class uverbs_idr_class = {
736 .alloc_begin = alloc_begin_idr_uobject,
737 .lookup_get = lookup_get_idr_uobject,
738 .alloc_commit = alloc_commit_idr_uobject,
739 .alloc_abort = alloc_abort_idr_uobject,
740 .lookup_put = lookup_put_idr_uobject,
741 .destroy_hw = destroy_hw_idr_uobject,
742 .remove_handle = remove_handle_idr_uobject,
744 EXPORT_SYMBOL(uverbs_idr_class);
747 * Users of UVERBS_TYPE_ALLOC_FD should set this function as the struct
748 * file_operations release method.
750 int uverbs_uobject_fd_release(struct inode *inode, struct file *filp)
752 struct ib_uverbs_file *ufile;
753 struct ib_uobject *uobj;
756 * This can only happen if the fput came from alloc_abort_fd_uobject()
758 if (!filp->private_data)
760 uobj = filp->private_data;
763 if (down_read_trylock(&ufile->hw_destroy_rwsem)) {
764 struct uverbs_attr_bundle attrs = {
765 .context = uobj->context,
770 * lookup_get_fd_uobject holds the kref on the struct file any
771 * time a FD uobj is locked, which prevents this release
772 * method from being invoked. Meaning we can always get the
773 * write lock here, or we have a kernel bug.
775 WARN_ON(uverbs_try_lock_object(uobj, UVERBS_LOOKUP_WRITE));
776 uverbs_destroy_uobject(uobj, RDMA_REMOVE_CLOSE, &attrs);
777 up_read(&ufile->hw_destroy_rwsem);
780 /* Matches the get in alloc_commit_fd_uobject() */
781 kref_put(&ufile->ref, ib_uverbs_release_file);
783 /* Pairs with filp->private_data in alloc_begin_fd_uobject */
784 uverbs_uobject_put(uobj);
787 EXPORT_SYMBOL(uverbs_uobject_fd_release);
790 * Drop the ucontext off the ufile and completely disconnect it from the
793 static void ufile_destroy_ucontext(struct ib_uverbs_file *ufile,
794 enum rdma_remove_reason reason)
796 struct ib_ucontext *ucontext = ufile->ucontext;
797 struct ib_device *ib_dev = ucontext->device;
800 * If we are closing the FD then the user mmap VMAs must have
801 * already been destroyed as they hold on to the filep, otherwise
802 * they need to be zap'd.
804 if (reason == RDMA_REMOVE_DRIVER_REMOVE) {
805 uverbs_user_mmap_disassociate(ufile);
806 if (ib_dev->ops.disassociate_ucontext)
807 ib_dev->ops.disassociate_ucontext(ucontext);
810 ib_rdmacg_uncharge(&ucontext->cg_obj, ib_dev,
811 RDMACG_RESOURCE_HCA_HANDLE);
813 rdma_restrack_del(&ucontext->res);
815 ib_dev->ops.dealloc_ucontext(ucontext);
816 WARN_ON(!xa_empty(&ucontext->mmap_xa));
819 ufile->ucontext = NULL;
822 static int __uverbs_cleanup_ufile(struct ib_uverbs_file *ufile,
823 enum rdma_remove_reason reason)
825 struct ib_uobject *obj, *next_obj;
827 struct uverbs_attr_bundle attrs = { .ufile = ufile };
830 * This shouldn't run while executing other commands on this
831 * context. Thus, the only thing we should take care of is
832 * releasing a FD while traversing this list. The FD could be
833 * closed and released from the _release fop of this FD.
834 * In order to mitigate this, we add a lock.
835 * We take and release the lock per traversal in order to let
836 * other threads (which might still use the FDs) chance to run.
838 list_for_each_entry_safe(obj, next_obj, &ufile->uobjects, list) {
839 attrs.context = obj->context;
841 * if we hit this WARN_ON, that means we are
842 * racing with a lookup_get.
844 WARN_ON(uverbs_try_lock_object(obj, UVERBS_LOOKUP_WRITE));
845 if (!uverbs_destroy_uobject(obj, reason, &attrs))
848 atomic_set(&obj->usecnt, 0);
854 * Destroy the uncontext and every uobject associated with it.
856 * This is internally locked and can be called in parallel from multiple
859 void uverbs_destroy_ufile_hw(struct ib_uverbs_file *ufile,
860 enum rdma_remove_reason reason)
862 down_write(&ufile->hw_destroy_rwsem);
865 * If a ucontext was never created then we can't have any uobjects to
866 * cleanup, nothing to do.
868 if (!ufile->ucontext)
871 ufile->ucontext->closing = true;
872 ufile->ucontext->cleanup_retryable = true;
873 while (!list_empty(&ufile->uobjects))
874 if (__uverbs_cleanup_ufile(ufile, reason)) {
876 * No entry was cleaned-up successfully during this
882 ufile->ucontext->cleanup_retryable = false;
883 if (!list_empty(&ufile->uobjects))
884 __uverbs_cleanup_ufile(ufile, reason);
886 ufile_destroy_ucontext(ufile, reason);
889 up_write(&ufile->hw_destroy_rwsem);
892 const struct uverbs_obj_type_class uverbs_fd_class = {
893 .alloc_begin = alloc_begin_fd_uobject,
894 .lookup_get = lookup_get_fd_uobject,
895 .alloc_commit = alloc_commit_fd_uobject,
896 .alloc_abort = alloc_abort_fd_uobject,
897 .lookup_put = lookup_put_fd_uobject,
898 .destroy_hw = destroy_hw_fd_uobject,
899 .remove_handle = remove_handle_fd_uobject,
901 EXPORT_SYMBOL(uverbs_fd_class);
904 uverbs_get_uobject_from_file(u16 object_id, enum uverbs_obj_access access,
905 s64 id, struct uverbs_attr_bundle *attrs)
907 const struct uverbs_api_object *obj =
908 uapi_get_object(attrs->ufile->device->uapi, object_id);
911 case UVERBS_ACCESS_READ:
912 return rdma_lookup_get_uobject(obj, attrs->ufile, id,
913 UVERBS_LOOKUP_READ, attrs);
914 case UVERBS_ACCESS_DESTROY:
915 /* Actual destruction is done inside uverbs_handle_method */
916 return rdma_lookup_get_uobject(obj, attrs->ufile, id,
917 UVERBS_LOOKUP_DESTROY, attrs);
918 case UVERBS_ACCESS_WRITE:
919 return rdma_lookup_get_uobject(obj, attrs->ufile, id,
920 UVERBS_LOOKUP_WRITE, attrs);
921 case UVERBS_ACCESS_NEW:
922 return rdma_alloc_begin_uobject(obj, attrs);
925 return ERR_PTR(-EOPNOTSUPP);
929 void uverbs_finalize_object(struct ib_uobject *uobj,
930 enum uverbs_obj_access access, bool commit,
931 struct uverbs_attr_bundle *attrs)
934 * refcounts should be handled at the object level and not at the
935 * uobject level. Refcounts of the objects themselves are done in
940 case UVERBS_ACCESS_READ:
941 rdma_lookup_put_uobject(uobj, UVERBS_LOOKUP_READ);
943 case UVERBS_ACCESS_WRITE:
944 rdma_lookup_put_uobject(uobj, UVERBS_LOOKUP_WRITE);
946 case UVERBS_ACCESS_DESTROY:
948 rdma_lookup_put_uobject(uobj, UVERBS_LOOKUP_DESTROY);
950 case UVERBS_ACCESS_NEW:
952 rdma_alloc_commit_uobject(uobj, attrs);
954 rdma_alloc_abort_uobject(uobj, attrs);