1 /* 2 * Copyright (c) 2017, Mellanox Technologies inc. All rights reserved. 3 * 4 * This software is available to you under a choice of one of two 5 * licenses. You may choose to be licensed under the terms of the GNU 6 * General Public License (GPL) Version 2, available from the file 7 * COPYING in the main directory of this source tree, or the 8 * OpenIB.org BSD license below: 9 * 10 * Redistribution and use in source and binary forms, with or 11 * without modification, are permitted provided that the following 12 * conditions are met: 13 * 14 * - Redistributions of source code must retain the above 15 * copyright notice, this list of conditions and the following 16 * disclaimer. 17 * 18 * - Redistributions in binary form must reproduce the above 19 * copyright notice, this list of conditions and the following 20 * disclaimer in the documentation and/or other materials 21 * provided with the distribution. 22 * 23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 30 * SOFTWARE. 31 */ 32 33 #include <rdma/rdma_user_ioctl.h> 34 #include <rdma/uverbs_ioctl.h> 35 #include "rdma_core.h" 36 #include "uverbs.h" 37 38 struct bundle_alloc_head { 39 struct_group_tagged(bundle_alloc_head_hdr, hdr, 40 struct bundle_alloc_head *next; 41 ); 42 u8 data[]; 43 }; 44 45 struct bundle_priv { 46 /* Must be first */ 47 struct bundle_alloc_head_hdr alloc_head; 48 struct bundle_alloc_head *allocated_mem; 49 size_t internal_avail; 50 size_t internal_used; 51 52 struct radix_tree_root *radix; 53 const struct uverbs_api_ioctl_method *method_elm; 54 void __rcu **radix_slots; 55 unsigned long radix_slots_len; 56 u32 method_key; 57 58 struct ib_uverbs_attr __user *user_attrs; 59 struct ib_uverbs_attr *uattrs; 60 61 DECLARE_BITMAP(uobj_finalize, UVERBS_API_ATTR_BKEY_LEN); 62 DECLARE_BITMAP(spec_finalize, UVERBS_API_ATTR_BKEY_LEN); 63 DECLARE_BITMAP(uobj_hw_obj_valid, UVERBS_API_ATTR_BKEY_LEN); 64 65 /* 66 * Must be last. bundle ends in a flex array which overlaps 67 * internal_buffer. 68 */ 69 struct uverbs_attr_bundle_hdr bundle; 70 u64 internal_buffer[32]; 71 }; 72 73 uverbs_api_ioctl_handler_fn uverbs_get_handler_fn(struct ib_udata *udata) 74 { 75 struct uverbs_attr_bundle *bundle = 76 rdma_udata_to_uverbs_attr_bundle(udata); 77 struct bundle_priv *pbundle = 78 container_of(&bundle->hdr, struct bundle_priv, bundle); 79 80 lockdep_assert_held(&bundle->ufile->device->disassociate_srcu); 81 82 return srcu_dereference(pbundle->method_elm->handler, 83 &bundle->ufile->device->disassociate_srcu); 84 } 85 86 /* 87 * Each method has an absolute minimum amount of memory it needs to allocate, 88 * precompute that amount and determine if the onstack memory can be used or 89 * if allocation is need. 90 */ 91 void uapi_compute_bundle_size(struct uverbs_api_ioctl_method *method_elm, 92 unsigned int num_attrs) 93 { 94 struct bundle_priv *pbundle; 95 struct uverbs_attr_bundle *bundle; 96 size_t bundle_size = 97 offsetof(struct bundle_priv, internal_buffer) + 98 sizeof(*bundle->attrs) * method_elm->key_bitmap_len + 99 sizeof(*pbundle->uattrs) * num_attrs; 100 101 method_elm->use_stack = bundle_size <= sizeof(*pbundle); 102 method_elm->bundle_size = 103 ALIGN(bundle_size + 256, sizeof(*pbundle->internal_buffer)); 104 105 /* Do not want order-2 allocations for this. */ 106 WARN_ON_ONCE(method_elm->bundle_size > PAGE_SIZE); 107 } 108 109 /** 110 * _uverbs_alloc() - Quickly allocate memory for use with a bundle 111 * @bundle: The bundle 112 * @size: Number of bytes to allocate 113 * @flags: Allocator flags 114 * 115 * The bundle allocator is intended for allocations that are connected with 116 * processing the system call related to the bundle. The allocated memory is 117 * always freed once the system call completes, and cannot be freed any other 118 * way. 119 * 120 * This tries to use a small pool of pre-allocated memory for performance. 121 */ 122 __malloc void *_uverbs_alloc(struct uverbs_attr_bundle *bundle, size_t size, 123 gfp_t flags) 124 { 125 struct bundle_priv *pbundle = 126 container_of(&bundle->hdr, struct bundle_priv, bundle); 127 size_t new_used; 128 void *res; 129 130 if (check_add_overflow(size, pbundle->internal_used, &new_used)) 131 return ERR_PTR(-EOVERFLOW); 132 133 if (new_used > pbundle->internal_avail) { 134 struct bundle_alloc_head *buf; 135 136 buf = kvmalloc_flex(*buf, data, size, flags); 137 if (!buf) 138 return ERR_PTR(-ENOMEM); 139 buf->next = pbundle->allocated_mem; 140 pbundle->allocated_mem = buf; 141 return buf->data; 142 } 143 144 res = (void *)pbundle->internal_buffer + pbundle->internal_used; 145 pbundle->internal_used = 146 ALIGN(new_used, sizeof(*pbundle->internal_buffer)); 147 if (want_init_on_alloc(flags)) 148 memset(res, 0, size); 149 return res; 150 } 151 EXPORT_SYMBOL(_uverbs_alloc); 152 153 static bool uverbs_is_attr_cleared(const struct ib_uverbs_attr *uattr, 154 u16 len) 155 { 156 if (uattr->len > sizeof_field(struct ib_uverbs_attr, data)) 157 return ib_is_buffer_cleared(u64_to_user_ptr(uattr->data) + len, 158 uattr->len - len); 159 160 return !memchr_inv((const void *)&uattr->data + len, 161 0, uattr->len - len); 162 } 163 164 static int uverbs_set_output(const struct uverbs_attr_bundle *bundle, 165 const struct uverbs_attr *attr) 166 { 167 struct bundle_priv *pbundle = 168 container_of(&bundle->hdr, struct bundle_priv, bundle); 169 u16 flags; 170 171 flags = pbundle->uattrs[attr->ptr_attr.uattr_idx].flags | 172 UVERBS_ATTR_F_VALID_OUTPUT; 173 if (put_user(flags, 174 &pbundle->user_attrs[attr->ptr_attr.uattr_idx].flags)) 175 return -EFAULT; 176 return 0; 177 } 178 179 static int uverbs_process_idrs_array(struct bundle_priv *pbundle, 180 const struct uverbs_api_attr *attr_uapi, 181 struct uverbs_objs_arr_attr *attr, 182 struct ib_uverbs_attr *uattr, 183 u32 attr_bkey) 184 { 185 struct uverbs_attr_bundle *bundle = 186 container_of(&pbundle->bundle, struct uverbs_attr_bundle, hdr); 187 const struct uverbs_attr_spec *spec = &attr_uapi->spec; 188 size_t array_len; 189 u32 *idr_vals; 190 int ret = 0; 191 size_t i; 192 193 if (uattr->attr_data.reserved) 194 return -EINVAL; 195 196 if (uattr->len % sizeof(u32)) 197 return -EINVAL; 198 199 array_len = uattr->len / sizeof(u32); 200 if (array_len < spec->u2.objs_arr.min_len || 201 array_len > spec->u2.objs_arr.max_len) 202 return -EINVAL; 203 204 attr->uobjects = 205 uverbs_alloc(bundle, 206 array_size(array_len, sizeof(*attr->uobjects))); 207 if (IS_ERR(attr->uobjects)) 208 return PTR_ERR(attr->uobjects); 209 210 /* 211 * Since idr is 4B and *uobjects is >= 4B, we can use attr->uobjects 212 * to store idrs array and avoid additional memory allocation. The 213 * idrs array is offset to the end of the uobjects array so we will be 214 * able to read idr and replace with a pointer. 215 */ 216 idr_vals = (u32 *)(attr->uobjects + array_len) - array_len; 217 218 if (uattr->len > sizeof(uattr->data)) { 219 ret = copy_from_user(idr_vals, u64_to_user_ptr(uattr->data), 220 uattr->len); 221 if (ret) 222 return -EFAULT; 223 } else { 224 memcpy(idr_vals, &uattr->data, uattr->len); 225 } 226 227 for (i = 0; i != array_len; i++) { 228 attr->uobjects[i] = uverbs_get_uobject_from_file( 229 spec->u2.objs_arr.obj_type, spec->u2.objs_arr.access, 230 idr_vals[i], bundle); 231 if (IS_ERR(attr->uobjects[i])) { 232 ret = PTR_ERR(attr->uobjects[i]); 233 break; 234 } 235 } 236 237 attr->len = i; 238 __set_bit(attr_bkey, pbundle->spec_finalize); 239 return ret; 240 } 241 242 static void uverbs_free_idrs_array(const struct uverbs_api_attr *attr_uapi, 243 struct uverbs_objs_arr_attr *attr, 244 bool commit, 245 struct uverbs_attr_bundle *attrs) 246 { 247 const struct uverbs_attr_spec *spec = &attr_uapi->spec; 248 size_t i; 249 250 for (i = 0; i != attr->len; i++) 251 uverbs_finalize_object(attr->uobjects[i], 252 spec->u2.objs_arr.access, false, commit, 253 attrs); 254 } 255 256 static int uverbs_process_attr(struct bundle_priv *pbundle, 257 const struct uverbs_api_attr *attr_uapi, 258 struct ib_uverbs_attr *uattr, u32 attr_bkey) 259 { 260 const struct uverbs_attr_spec *spec = &attr_uapi->spec; 261 struct uverbs_attr_bundle *bundle = 262 container_of(&pbundle->bundle, struct uverbs_attr_bundle, hdr); 263 struct uverbs_attr *e = &bundle->attrs[attr_bkey]; 264 const struct uverbs_attr_spec *val_spec = spec; 265 struct uverbs_obj_attr *o_attr; 266 267 switch (spec->type) { 268 case UVERBS_ATTR_TYPE_ENUM_IN: 269 if (uattr->attr_data.enum_data.elem_id >= spec->u.enum_def.num_elems) 270 return -EOPNOTSUPP; 271 272 if (uattr->attr_data.enum_data.reserved) 273 return -EINVAL; 274 275 val_spec = &spec->u2.enum_def.ids[uattr->attr_data.enum_data.elem_id]; 276 277 /* Currently we only support PTR_IN based enums */ 278 if (val_spec->type != UVERBS_ATTR_TYPE_PTR_IN) 279 return -EOPNOTSUPP; 280 281 e->ptr_attr.enum_id = uattr->attr_data.enum_data.elem_id; 282 fallthrough; 283 case UVERBS_ATTR_TYPE_PTR_IN: 284 /* Ensure that any data provided by userspace beyond the known 285 * struct is zero. Userspace that knows how to use some future 286 * longer struct will fail here if used with an old kernel and 287 * non-zero content, making ABI compat/discovery simpler. 288 */ 289 if (uattr->len > val_spec->u.ptr.len && 290 val_spec->zero_trailing && 291 !uverbs_is_attr_cleared(uattr, val_spec->u.ptr.len)) 292 return -EOPNOTSUPP; 293 294 fallthrough; 295 case UVERBS_ATTR_TYPE_PTR_OUT: 296 if (uattr->len < val_spec->u.ptr.min_len || 297 (!val_spec->zero_trailing && 298 uattr->len > val_spec->u.ptr.len)) 299 return -EINVAL; 300 301 if (spec->type != UVERBS_ATTR_TYPE_ENUM_IN && 302 uattr->attr_data.reserved) 303 return -EINVAL; 304 305 e->ptr_attr.uattr_idx = uattr - pbundle->uattrs; 306 e->ptr_attr.len = uattr->len; 307 308 if (val_spec->alloc_and_copy && !uverbs_attr_ptr_is_inline(e)) { 309 void *p; 310 311 p = uverbs_alloc(bundle, uattr->len); 312 if (IS_ERR(p)) 313 return PTR_ERR(p); 314 315 e->ptr_attr.ptr = p; 316 317 if (copy_from_user(p, u64_to_user_ptr(uattr->data), 318 uattr->len)) 319 return -EFAULT; 320 } else { 321 e->ptr_attr.data = uattr->data; 322 } 323 break; 324 325 case UVERBS_ATTR_TYPE_IDR: 326 case UVERBS_ATTR_TYPE_FD: 327 if (uattr->attr_data.reserved) 328 return -EINVAL; 329 330 if (uattr->len != 0) 331 return -EINVAL; 332 333 o_attr = &e->obj_attr; 334 o_attr->attr_elm = attr_uapi; 335 336 /* 337 * The type of uattr->data is u64 for UVERBS_ATTR_TYPE_IDR and 338 * s64 for UVERBS_ATTR_TYPE_FD. We can cast the u64 to s64 339 * here without caring about truncation as we know that the 340 * IDR implementation today rejects negative IDs 341 */ 342 o_attr->uobject = uverbs_get_uobject_from_file( 343 spec->u.obj.obj_type, spec->u.obj.access, 344 uattr->data_s64, bundle); 345 if (IS_ERR(o_attr->uobject)) 346 return PTR_ERR(o_attr->uobject); 347 __set_bit(attr_bkey, pbundle->uobj_finalize); 348 349 if (spec->u.obj.access == UVERBS_ACCESS_NEW) { 350 unsigned int uattr_idx = uattr - pbundle->uattrs; 351 s64 id = o_attr->uobject->id; 352 353 /* Copy the allocated id to the user-space */ 354 if (put_user(id, &pbundle->user_attrs[uattr_idx].data)) 355 return -EFAULT; 356 } 357 358 break; 359 360 case UVERBS_ATTR_TYPE_RAW_FD: 361 if (uattr->attr_data.reserved || uattr->len != 0 || 362 uattr->data_s64 < INT_MIN || uattr->data_s64 > INT_MAX) 363 return -EINVAL; 364 /* _uverbs_get_const_signed() is the accessor */ 365 e->ptr_attr.data = uattr->data_s64; 366 break; 367 368 case UVERBS_ATTR_TYPE_IDRS_ARRAY: 369 return uverbs_process_idrs_array(pbundle, attr_uapi, 370 &e->objs_arr_attr, uattr, 371 attr_bkey); 372 default: 373 return -EOPNOTSUPP; 374 } 375 376 return 0; 377 } 378 379 /* 380 * We search the radix tree with the method prefix and now we want to fast 381 * search the suffix bits to get a particular attribute pointer. It is not 382 * totally clear to me if this breaks the radix tree encasulation or not, but 383 * it uses the iter data to determine if the method iter points at the same 384 * chunk that will store the attribute, if so it just derefs it directly. By 385 * construction in most kernel configs the method and attrs will all fit in a 386 * single radix chunk, so in most cases this will have no search. Other cases 387 * this falls back to a full search. 388 */ 389 static void __rcu **uapi_get_attr_for_method(struct bundle_priv *pbundle, 390 u32 attr_key) 391 { 392 void __rcu **slot; 393 394 if (likely(attr_key < pbundle->radix_slots_len)) { 395 void *entry; 396 397 slot = pbundle->radix_slots + attr_key; 398 entry = rcu_dereference_raw(*slot); 399 if (likely(!radix_tree_is_internal_node(entry) && entry)) 400 return slot; 401 } 402 403 return radix_tree_lookup_slot(pbundle->radix, 404 pbundle->method_key | attr_key); 405 } 406 407 static int uverbs_set_attr(struct bundle_priv *pbundle, 408 struct ib_uverbs_attr *uattr) 409 { 410 u32 attr_key = uapi_key_attr(uattr->attr_id); 411 u32 attr_bkey = uapi_bkey_attr(attr_key); 412 const struct uverbs_api_attr *attr; 413 void __rcu **slot; 414 int ret; 415 416 slot = uapi_get_attr_for_method(pbundle, attr_key); 417 if (!slot) { 418 /* 419 * Kernel does not support the attribute but user-space says it 420 * is mandatory 421 */ 422 if (uattr->flags & UVERBS_ATTR_F_MANDATORY) 423 return -EPROTONOSUPPORT; 424 return 0; 425 } 426 attr = rcu_dereference_protected(*slot, true); 427 428 /* Reject duplicate attributes from user-space */ 429 if (test_bit(attr_bkey, pbundle->bundle.attr_present)) 430 return -EINVAL; 431 432 ret = uverbs_process_attr(pbundle, attr, uattr, attr_bkey); 433 if (ret) 434 return ret; 435 436 __set_bit(attr_bkey, pbundle->bundle.attr_present); 437 438 return 0; 439 } 440 441 static int ib_uverbs_run_method(struct bundle_priv *pbundle, 442 unsigned int num_attrs) 443 { 444 int (*handler)(struct uverbs_attr_bundle *attrs); 445 struct uverbs_attr_bundle *bundle = 446 container_of(&pbundle->bundle, struct uverbs_attr_bundle, hdr); 447 size_t uattrs_size = array_size(sizeof(*pbundle->uattrs), num_attrs); 448 unsigned int destroy_bkey = pbundle->method_elm->destroy_bkey; 449 unsigned int i; 450 int ret; 451 452 /* See uverbs_disassociate_api() */ 453 handler = srcu_dereference( 454 pbundle->method_elm->handler, 455 &pbundle->bundle.ufile->device->disassociate_srcu); 456 if (!handler) 457 return -EIO; 458 459 pbundle->uattrs = uverbs_alloc(bundle, uattrs_size); 460 if (IS_ERR(pbundle->uattrs)) 461 return PTR_ERR(pbundle->uattrs); 462 if (copy_from_user(pbundle->uattrs, pbundle->user_attrs, uattrs_size)) 463 return -EFAULT; 464 465 for (i = 0; i != num_attrs; i++) { 466 ret = uverbs_set_attr(pbundle, &pbundle->uattrs[i]); 467 if (unlikely(ret)) 468 return ret; 469 } 470 471 /* User space did not provide all the mandatory attributes */ 472 if (unlikely(!bitmap_subset(pbundle->method_elm->attr_mandatory, 473 pbundle->bundle.attr_present, 474 pbundle->method_elm->key_bitmap_len))) 475 return -EINVAL; 476 477 if (pbundle->method_elm->has_udata) 478 uverbs_fill_udata(bundle, &pbundle->bundle.driver_udata, 479 UVERBS_ATTR_UHW_IN, UVERBS_ATTR_UHW_OUT); 480 else 481 pbundle->bundle.driver_udata = (struct ib_udata){}; 482 483 if (destroy_bkey != UVERBS_API_ATTR_BKEY_LEN) { 484 struct uverbs_obj_attr *destroy_attr = &bundle->attrs[destroy_bkey].obj_attr; 485 486 ret = uobj_destroy(destroy_attr->uobject, bundle); 487 if (ret) 488 return ret; 489 __clear_bit(destroy_bkey, pbundle->uobj_finalize); 490 491 ret = handler(bundle); 492 uobj_put_destroy(destroy_attr->uobject); 493 } else { 494 ret = handler(bundle); 495 } 496 497 /* 498 * Until the drivers are revised to use the bundle directly we have to 499 * assume that the driver wrote to its UHW_OUT and flag userspace 500 * appropriately. 501 */ 502 if (!ret && pbundle->method_elm->has_udata) { 503 const struct uverbs_attr *attr = 504 uverbs_attr_get(bundle, UVERBS_ATTR_UHW_OUT); 505 506 if (!IS_ERR(attr)) 507 ret = uverbs_set_output(bundle, attr); 508 } 509 510 /* 511 * EPROTONOSUPPORT is ONLY to be returned if the ioctl framework can 512 * not invoke the method because the request is not supported. No 513 * other cases should return this code. 514 */ 515 if (WARN_ON_ONCE(ret == -EPROTONOSUPPORT)) 516 return -EINVAL; 517 518 return ret; 519 } 520 521 static void bundle_destroy(struct bundle_priv *pbundle, bool commit) 522 { 523 unsigned int key_bitmap_len = pbundle->method_elm->key_bitmap_len; 524 struct uverbs_attr_bundle *bundle = 525 container_of(&pbundle->bundle, struct uverbs_attr_bundle, hdr); 526 struct bundle_alloc_head *memblock; 527 unsigned int i; 528 529 /* fast path for simple uobjects */ 530 i = -1; 531 while ((i = find_next_bit(pbundle->uobj_finalize, key_bitmap_len, 532 i + 1)) < key_bitmap_len) { 533 struct uverbs_attr *attr = &bundle->attrs[i]; 534 535 uverbs_finalize_object( 536 attr->obj_attr.uobject, 537 attr->obj_attr.attr_elm->spec.u.obj.access, 538 test_bit(i, pbundle->uobj_hw_obj_valid), 539 commit, bundle); 540 } 541 542 i = -1; 543 while ((i = find_next_bit(pbundle->spec_finalize, key_bitmap_len, 544 i + 1)) < key_bitmap_len) { 545 struct uverbs_attr *attr = &bundle->attrs[i]; 546 const struct uverbs_api_attr *attr_uapi; 547 void __rcu **slot; 548 549 slot = uapi_get_attr_for_method( 550 pbundle, 551 pbundle->method_key | uapi_bkey_to_key_attr(i)); 552 if (WARN_ON(!slot)) 553 continue; 554 555 attr_uapi = rcu_dereference_protected(*slot, true); 556 557 if (attr_uapi->spec.type == UVERBS_ATTR_TYPE_IDRS_ARRAY) { 558 uverbs_free_idrs_array(attr_uapi, &attr->objs_arr_attr, 559 commit, bundle); 560 } 561 } 562 563 for (memblock = pbundle->allocated_mem; memblock;) { 564 struct bundle_alloc_head *tmp = memblock; 565 566 memblock = memblock->next; 567 kvfree(tmp); 568 } 569 } 570 571 static int ib_uverbs_cmd_verbs(struct ib_uverbs_file *ufile, 572 struct ib_uverbs_ioctl_hdr *hdr, 573 struct ib_uverbs_attr __user *user_attrs) 574 { 575 const struct uverbs_api_ioctl_method *method_elm; 576 struct uverbs_api *uapi = ufile->device->uapi; 577 struct radix_tree_iter attrs_iter; 578 struct bundle_priv *pbundle; 579 struct bundle_priv onstack; 580 void __rcu **slot; 581 int ret; 582 583 if (unlikely(hdr->driver_id != uapi->driver_id)) 584 return -EINVAL; 585 586 slot = radix_tree_iter_lookup( 587 &uapi->radix, &attrs_iter, 588 uapi_key_obj(hdr->object_id) | 589 uapi_key_ioctl_method(hdr->method_id)); 590 if (unlikely(!slot)) 591 return -EPROTONOSUPPORT; 592 method_elm = rcu_dereference_protected(*slot, true); 593 594 if (!method_elm->use_stack) { 595 pbundle = kmalloc(method_elm->bundle_size, GFP_KERNEL); 596 if (!pbundle) 597 return -ENOMEM; 598 pbundle->internal_avail = 599 method_elm->bundle_size - 600 offsetof(struct bundle_priv, internal_buffer); 601 pbundle->alloc_head.next = NULL; 602 pbundle->allocated_mem = container_of(&pbundle->alloc_head, 603 struct bundle_alloc_head, hdr); 604 } else { 605 pbundle = &onstack; 606 pbundle->internal_avail = sizeof(pbundle->internal_buffer); 607 pbundle->allocated_mem = NULL; 608 } 609 610 /* Space for the pbundle->bundle.attrs flex array */ 611 pbundle->method_elm = method_elm; 612 pbundle->method_key = attrs_iter.index; 613 pbundle->bundle.ufile = ufile; 614 pbundle->bundle.context = NULL; /* only valid if bundle has uobject */ 615 pbundle->radix = &uapi->radix; 616 pbundle->radix_slots = slot; 617 pbundle->radix_slots_len = radix_tree_chunk_size(&attrs_iter); 618 pbundle->user_attrs = user_attrs; 619 620 pbundle->internal_used = ALIGN(pbundle->method_elm->key_bitmap_len * 621 sizeof(*container_of(&pbundle->bundle, 622 struct uverbs_attr_bundle, hdr)->attrs), 623 sizeof(*pbundle->internal_buffer)); 624 memset(pbundle->bundle.attr_present, 0, 625 sizeof(pbundle->bundle.attr_present)); 626 memset(pbundle->uobj_finalize, 0, sizeof(pbundle->uobj_finalize)); 627 memset(pbundle->spec_finalize, 0, sizeof(pbundle->spec_finalize)); 628 memset(pbundle->uobj_hw_obj_valid, 0, 629 sizeof(pbundle->uobj_hw_obj_valid)); 630 631 ret = ib_uverbs_run_method(pbundle, hdr->num_attrs); 632 bundle_destroy(pbundle, ret == 0); 633 return ret; 634 } 635 636 long ib_uverbs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 637 { 638 struct ib_uverbs_file *file = filp->private_data; 639 struct ib_uverbs_ioctl_hdr __user *user_hdr = 640 (struct ib_uverbs_ioctl_hdr __user *)arg; 641 struct ib_uverbs_ioctl_hdr hdr; 642 int srcu_key; 643 int err; 644 645 if (unlikely(cmd != RDMA_VERBS_IOCTL)) 646 return -ENOIOCTLCMD; 647 648 err = copy_from_user(&hdr, user_hdr, sizeof(hdr)); 649 if (err) 650 return -EFAULT; 651 652 if (hdr.length > PAGE_SIZE || 653 hdr.length != struct_size(&hdr, attrs, hdr.num_attrs)) 654 return -EINVAL; 655 656 if (hdr.reserved1 || hdr.reserved2) 657 return -EPROTONOSUPPORT; 658 659 srcu_key = srcu_read_lock(&file->device->disassociate_srcu); 660 err = ib_uverbs_cmd_verbs(file, &hdr, user_hdr->attrs); 661 srcu_read_unlock(&file->device->disassociate_srcu, srcu_key); 662 return err; 663 } 664 665 int uverbs_get_flags64(u64 *to, const struct uverbs_attr_bundle *attrs_bundle, 666 size_t idx, u64 allowed_bits) 667 { 668 const struct uverbs_attr *attr; 669 u64 flags; 670 671 attr = uverbs_attr_get(attrs_bundle, idx); 672 /* Missing attribute means 0 flags */ 673 if (IS_ERR(attr)) { 674 *to = 0; 675 return 0; 676 } 677 678 /* 679 * New userspace code should use 8 bytes to pass flags, but we 680 * transparently support old userspaces that were using 4 bytes as 681 * well. 682 */ 683 if (attr->ptr_attr.len == 8) 684 flags = attr->ptr_attr.data; 685 else if (attr->ptr_attr.len == 4) 686 flags = *(u32 *)&attr->ptr_attr.data; 687 else 688 return -EINVAL; 689 690 if (flags & ~allowed_bits) 691 return -EINVAL; 692 693 *to = flags; 694 return 0; 695 } 696 EXPORT_SYMBOL(uverbs_get_flags64); 697 698 int uverbs_get_flags32(u32 *to, const struct uverbs_attr_bundle *attrs_bundle, 699 size_t idx, u64 allowed_bits) 700 { 701 u64 flags; 702 int ret; 703 704 ret = uverbs_get_flags64(&flags, attrs_bundle, idx, allowed_bits); 705 if (ret) 706 return ret; 707 708 if (flags > U32_MAX) 709 return -EINVAL; 710 *to = flags; 711 712 return 0; 713 } 714 EXPORT_SYMBOL(uverbs_get_flags32); 715 716 /* 717 * Fill a ib_udata struct (core or uhw) using the given attribute IDs. 718 * This is primarily used to convert the UVERBS_ATTR_UHW() into the 719 * ib_udata format used by the drivers. 720 */ 721 void uverbs_fill_udata(struct uverbs_attr_bundle *bundle, 722 struct ib_udata *udata, unsigned int attr_in, 723 unsigned int attr_out) 724 { 725 struct bundle_priv *pbundle = 726 container_of(&bundle->hdr, struct bundle_priv, bundle); 727 struct uverbs_attr_bundle *bundle_aux = 728 container_of(&pbundle->bundle, struct uverbs_attr_bundle, hdr); 729 const struct uverbs_attr *in = 730 uverbs_attr_get(bundle_aux, attr_in); 731 const struct uverbs_attr *out = 732 uverbs_attr_get(bundle_aux, attr_out); 733 734 if (!IS_ERR(in)) { 735 udata->inlen = in->ptr_attr.len; 736 if (uverbs_attr_ptr_is_inline(in)) 737 udata->inbuf = 738 &pbundle->user_attrs[in->ptr_attr.uattr_idx] 739 .data; 740 else 741 udata->inbuf = u64_to_user_ptr(in->ptr_attr.data); 742 } else { 743 udata->inbuf = NULL; 744 udata->inlen = 0; 745 } 746 747 if (!IS_ERR(out)) { 748 udata->outbuf = u64_to_user_ptr(out->ptr_attr.data); 749 udata->outlen = out->ptr_attr.len; 750 } else { 751 udata->outbuf = NULL; 752 udata->outlen = 0; 753 } 754 } 755 756 int uverbs_copy_to(const struct uverbs_attr_bundle *bundle, size_t idx, 757 const void *from, size_t size) 758 { 759 const struct uverbs_attr *attr = uverbs_attr_get(bundle, idx); 760 size_t min_size; 761 762 if (IS_ERR(attr)) 763 return PTR_ERR(attr); 764 765 min_size = min_t(size_t, attr->ptr_attr.len, size); 766 if (copy_to_user(u64_to_user_ptr(attr->ptr_attr.data), from, min_size)) 767 return -EFAULT; 768 769 return uverbs_set_output(bundle, attr); 770 } 771 EXPORT_SYMBOL(uverbs_copy_to); 772 773 774 /* 775 * This is only used if the caller has directly used copy_to_use to write the 776 * data. It signals to user space that the buffer is filled in. 777 */ 778 int uverbs_output_written(const struct uverbs_attr_bundle *bundle, size_t idx) 779 { 780 const struct uverbs_attr *attr = uverbs_attr_get(bundle, idx); 781 782 if (IS_ERR(attr)) 783 return PTR_ERR(attr); 784 785 return uverbs_set_output(bundle, attr); 786 } 787 788 int _uverbs_get_const_signed(s64 *to, 789 const struct uverbs_attr_bundle *attrs_bundle, 790 size_t idx, s64 lower_bound, u64 upper_bound, 791 s64 *def_val) 792 { 793 const struct uverbs_attr *attr; 794 795 attr = uverbs_attr_get(attrs_bundle, idx); 796 if (IS_ERR(attr)) { 797 if ((PTR_ERR(attr) != -ENOENT) || !def_val) 798 return PTR_ERR(attr); 799 800 *to = *def_val; 801 } else { 802 *to = attr->ptr_attr.data; 803 } 804 805 if (*to < lower_bound || (*to > 0 && (u64)*to > upper_bound)) 806 return -EINVAL; 807 808 return 0; 809 } 810 EXPORT_SYMBOL(_uverbs_get_const_signed); 811 812 int _uverbs_get_const_unsigned(u64 *to, 813 const struct uverbs_attr_bundle *attrs_bundle, 814 size_t idx, u64 upper_bound, u64 *def_val) 815 { 816 const struct uverbs_attr *attr; 817 818 attr = uverbs_attr_get(attrs_bundle, idx); 819 if (IS_ERR(attr)) { 820 if ((PTR_ERR(attr) != -ENOENT) || !def_val) 821 return PTR_ERR(attr); 822 823 *to = *def_val; 824 } else { 825 *to = attr->ptr_attr.data; 826 } 827 828 if (*to > upper_bound) 829 return -EINVAL; 830 831 return 0; 832 } 833 EXPORT_SYMBOL(_uverbs_get_const_unsigned); 834 835 int uverbs_copy_to_struct_or_zero(const struct uverbs_attr_bundle *bundle, 836 size_t idx, const void *from, size_t size) 837 { 838 const struct uverbs_attr *attr = uverbs_attr_get(bundle, idx); 839 840 if (IS_ERR(attr)) 841 return PTR_ERR(attr); 842 843 if (size < attr->ptr_attr.len) { 844 if (clear_user(u64_to_user_ptr(attr->ptr_attr.data) + size, 845 attr->ptr_attr.len - size)) 846 return -EFAULT; 847 } 848 return uverbs_copy_to(bundle, idx, from, size); 849 } 850 EXPORT_SYMBOL(uverbs_copy_to_struct_or_zero); 851 852 /* Once called an abort will call through to the type's destroy_hw() */ 853 void uverbs_finalize_uobj_create(const struct uverbs_attr_bundle *bundle, 854 u16 idx) 855 { 856 struct bundle_priv *pbundle = 857 container_of(&bundle->hdr, struct bundle_priv, bundle); 858 859 __set_bit(uapi_bkey_attr(uapi_key_attr(idx)), 860 pbundle->uobj_hw_obj_valid); 861 } 862 EXPORT_SYMBOL(uverbs_finalize_uobj_create); 863 864 int _ib_copy_validate_udata_in(struct ib_udata *udata, void *req, 865 size_t kernel_size, size_t minimum_size) 866 { 867 int err; 868 869 if (udata->inlen < minimum_size) { 870 ibdev_dbg( 871 rdma_udata_to_dev(udata), 872 "System call driver input udata too small (%zu < %zu) for ioctl %ps called by %pSR\n", 873 udata->inlen, minimum_size, 874 uverbs_get_handler_fn(udata), 875 __builtin_return_address(0)); 876 return -EINVAL; 877 } 878 879 err = copy_struct_from_user(req, kernel_size, udata->inbuf, 880 udata->inlen); 881 if (err) { 882 if (err == -E2BIG) { 883 ibdev_dbg( 884 rdma_udata_to_dev(udata), 885 "System call driver input udata not zero from %zu -> %zu for ioctl %ps called by %pSR\n", 886 minimum_size, udata->inlen, 887 uverbs_get_handler_fn(udata), 888 __builtin_return_address(0)); 889 return -EOPNOTSUPP; 890 } 891 ibdev_dbg( 892 rdma_udata_to_dev(udata), 893 "System call driver input udata EFAULT for ioctl %ps called by %pSR\n", 894 uverbs_get_handler_fn(udata), 895 __builtin_return_address(0)); 896 return err; 897 } 898 return 0; 899 } 900 EXPORT_SYMBOL(_ib_copy_validate_udata_in); 901 902 int _ib_copy_validate_udata_cm_fail(struct ib_udata *udata, u64 req_cm, 903 u64 valid_cm) 904 { 905 ibdev_dbg( 906 rdma_udata_to_dev(udata), 907 "System call driver input udata has unsupported comp_mask %llx & ~%llx = %llx for ioctl %ps called by %pSR\n", 908 req_cm, valid_cm, req_cm & ~valid_cm, 909 uverbs_get_handler_fn(udata), __builtin_return_address(0)); 910 return -EOPNOTSUPP; 911 } 912 EXPORT_SYMBOL(_ib_copy_validate_udata_cm_fail); 913 914 int _ib_respond_udata(struct ib_udata *udata, const void *src, size_t len) 915 { 916 size_t copy_len; 917 918 /* 0 length copy_len is a NOP for copy_to_user() and doesn't fail. */ 919 copy_len = min(len, udata->outlen); 920 if (copy_to_user(udata->outbuf, src, copy_len)) 921 goto err_fault; 922 if (copy_len < udata->outlen) { 923 if (clear_user(udata->outbuf + copy_len, 924 udata->outlen - copy_len)) 925 goto err_fault; 926 } 927 return 0; 928 err_fault: 929 ibdev_dbg( 930 rdma_udata_to_dev(udata), 931 "System call driver out udata has EFAULT (%zu into %zu) for ioctl %ps called by %pSR\n", 932 len, udata->outlen, uverbs_get_handler_fn(udata), 933 __builtin_return_address(0)); 934 return -EFAULT; 935 } 936 EXPORT_SYMBOL(_ib_respond_udata); 937