1 /*- 2 * Copyright (c) 2012 Chelsio Communications, Inc. 3 * All rights reserved. 4 * Written by: Navdeep Parhar <np@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 __FBSDID("$FreeBSD$"); 30 31 #include "opt_inet.h" 32 33 #include <sys/param.h> 34 #include <sys/aio.h> 35 #include <sys/file.h> 36 #include <sys/systm.h> 37 #include <sys/kernel.h> 38 #include <sys/ktr.h> 39 #include <sys/module.h> 40 #include <sys/protosw.h> 41 #include <sys/proc.h> 42 #include <sys/domain.h> 43 #include <sys/socket.h> 44 #include <sys/socketvar.h> 45 #include <sys/taskqueue.h> 46 #include <sys/uio.h> 47 #include <netinet/in.h> 48 #include <netinet/in_pcb.h> 49 #include <netinet/ip.h> 50 #include <netinet/tcp_var.h> 51 #define TCPSTATES 52 #include <netinet/tcp_fsm.h> 53 #include <netinet/toecore.h> 54 55 #include <vm/vm.h> 56 #include <vm/vm_extern.h> 57 #include <vm/vm_param.h> 58 #include <vm/pmap.h> 59 #include <vm/vm_map.h> 60 #include <vm/vm_page.h> 61 #include <vm/vm_object.h> 62 63 #ifdef TCP_OFFLOAD 64 #include "common/common.h" 65 #include "common/t4_msg.h" 66 #include "common/t4_regs.h" 67 #include "common/t4_tcb.h" 68 #include "tom/t4_tom.h" 69 70 VNET_DECLARE(int, tcp_do_autorcvbuf); 71 #define V_tcp_do_autorcvbuf VNET(tcp_do_autorcvbuf) 72 VNET_DECLARE(int, tcp_autorcvbuf_inc); 73 #define V_tcp_autorcvbuf_inc VNET(tcp_autorcvbuf_inc) 74 VNET_DECLARE(int, tcp_autorcvbuf_max); 75 #define V_tcp_autorcvbuf_max VNET(tcp_autorcvbuf_max) 76 77 static void aio_ddp_requeue_task(void *context, int pending); 78 static void ddp_complete_all(struct toepcb *toep, int error); 79 static void t4_aio_cancel_active(struct kaiocb *job); 80 static void t4_aio_cancel_queued(struct kaiocb *job); 81 82 #define PPOD_SZ(n) ((n) * sizeof(struct pagepod)) 83 #define PPOD_SIZE (PPOD_SZ(1)) 84 85 /* XXX: must match A_ULP_RX_TDDP_PSZ */ 86 static int t4_ddp_pgsz[] = {4096, 4096 << 2, 4096 << 4, 4096 << 6}; 87 88 static TAILQ_HEAD(, pageset) ddp_orphan_pagesets; 89 static struct mtx ddp_orphan_pagesets_lock; 90 static struct task ddp_orphan_task; 91 92 #define MAX_DDP_BUFFER_SIZE (M_TCB_RX_DDP_BUF0_LEN) 93 static int 94 alloc_ppods(struct tom_data *td, int n, u_int *ppod_addr) 95 { 96 vmem_addr_t v; 97 int rc; 98 99 MPASS(n > 0); 100 101 rc = vmem_alloc(td->ppod_arena, PPOD_SZ(n), M_NOWAIT | M_FIRSTFIT, &v); 102 *ppod_addr = (u_int)v; 103 104 return (rc); 105 } 106 107 static void 108 free_ppods(struct tom_data *td, u_int ppod_addr, int n) 109 { 110 111 MPASS(n > 0); 112 113 vmem_free(td->ppod_arena, (vmem_addr_t)ppod_addr, PPOD_SZ(n)); 114 } 115 116 static inline int 117 pages_to_nppods(int npages, int ddp_pgsz) 118 { 119 int nsegs = npages * PAGE_SIZE / ddp_pgsz; 120 121 return (howmany(nsegs, PPOD_PAGES)); 122 } 123 124 /* 125 * A page set holds information about a buffer used for DDP. The page 126 * set holds resources such as the VM pages backing the buffer (either 127 * held or wired) and the page pods associated with the buffer. 128 * Recently used page sets are cached to allow for efficient reuse of 129 * buffers (avoiding the need to re-fault in pages, hold them, etc.). 130 * Note that cached page sets keep the backing pages wired. The 131 * number of wired pages is capped by only allowing for two wired 132 * pagesets per connection. This is not a perfect cap, but is a 133 * trade-off for performance. 134 * 135 * If an application ping-pongs two buffers for a connection via 136 * aio_read(2) then those buffers should remain wired and expensive VM 137 * fault lookups should be avoided after each buffer has been used 138 * once. If an application uses more than two buffers then this will 139 * fall back to doing expensive VM fault lookups for each operation. 140 */ 141 static void 142 free_pageset(struct tom_data *td, struct pageset *ps) 143 { 144 vm_page_t p; 145 int i; 146 147 if (ps->nppods > 0) 148 free_ppods(td, ps->ppod_addr, ps->nppods); 149 150 if (ps->flags & PS_WIRED) { 151 for (i = 0; i < ps->npages; i++) { 152 p = ps->pages[i]; 153 vm_page_lock(p); 154 vm_page_unwire(p, PQ_INACTIVE); 155 vm_page_unlock(p); 156 } 157 } else 158 vm_page_unhold_pages(ps->pages, ps->npages); 159 mtx_lock(&ddp_orphan_pagesets_lock); 160 TAILQ_INSERT_TAIL(&ddp_orphan_pagesets, ps, link); 161 taskqueue_enqueue(taskqueue_thread, &ddp_orphan_task); 162 mtx_unlock(&ddp_orphan_pagesets_lock); 163 } 164 165 static void 166 ddp_free_orphan_pagesets(void *context, int pending) 167 { 168 struct pageset *ps; 169 170 mtx_lock(&ddp_orphan_pagesets_lock); 171 while (!TAILQ_EMPTY(&ddp_orphan_pagesets)) { 172 ps = TAILQ_FIRST(&ddp_orphan_pagesets); 173 TAILQ_REMOVE(&ddp_orphan_pagesets, ps, link); 174 mtx_unlock(&ddp_orphan_pagesets_lock); 175 if (ps->vm) 176 vmspace_free(ps->vm); 177 free(ps, M_CXGBE); 178 mtx_lock(&ddp_orphan_pagesets_lock); 179 } 180 mtx_unlock(&ddp_orphan_pagesets_lock); 181 } 182 183 static void 184 recycle_pageset(struct toepcb *toep, struct pageset *ps) 185 { 186 187 DDP_ASSERT_LOCKED(toep); 188 if (!(toep->ddp_flags & DDP_DEAD) && ps->flags & PS_WIRED) { 189 KASSERT(toep->ddp_cached_count + toep->ddp_active_count < 190 nitems(toep->db), ("too many wired pagesets")); 191 TAILQ_INSERT_HEAD(&toep->ddp_cached_pagesets, ps, link); 192 toep->ddp_cached_count++; 193 } else 194 free_pageset(toep->td, ps); 195 } 196 197 static void 198 ddp_complete_one(struct kaiocb *job, int error) 199 { 200 long copied; 201 202 /* 203 * If this job had copied data out of the socket buffer before 204 * it was cancelled, report it as a short read rather than an 205 * error. 206 */ 207 copied = job->uaiocb._aiocb_private.status; 208 if (copied != 0 || error == 0) 209 aio_complete(job, copied, 0); 210 else 211 aio_complete(job, -1, error); 212 } 213 214 static void 215 free_ddp_buffer(struct tom_data *td, struct ddp_buffer *db) 216 { 217 218 if (db->job) { 219 /* 220 * XXX: If we are un-offloading the socket then we 221 * should requeue these on the socket somehow. If we 222 * got a FIN from the remote end, then this completes 223 * any remaining requests with an EOF read. 224 */ 225 if (!aio_clear_cancel_function(db->job)) 226 ddp_complete_one(db->job, 0); 227 } 228 229 if (db->ps) 230 free_pageset(td, db->ps); 231 } 232 233 void 234 ddp_init_toep(struct toepcb *toep) 235 { 236 237 TAILQ_INIT(&toep->ddp_aiojobq); 238 TASK_INIT(&toep->ddp_requeue_task, 0, aio_ddp_requeue_task, toep); 239 toep->ddp_active_id = -1; 240 mtx_init(&toep->ddp_lock, "t4 ddp", NULL, MTX_DEF); 241 } 242 243 void 244 ddp_uninit_toep(struct toepcb *toep) 245 { 246 247 mtx_destroy(&toep->ddp_lock); 248 } 249 250 void 251 release_ddp_resources(struct toepcb *toep) 252 { 253 struct pageset *ps; 254 int i; 255 256 DDP_LOCK(toep); 257 toep->flags |= DDP_DEAD; 258 for (i = 0; i < nitems(toep->db); i++) { 259 free_ddp_buffer(toep->td, &toep->db[i]); 260 } 261 while ((ps = TAILQ_FIRST(&toep->ddp_cached_pagesets)) != NULL) { 262 TAILQ_REMOVE(&toep->ddp_cached_pagesets, ps, link); 263 free_pageset(toep->td, ps); 264 } 265 ddp_complete_all(toep, 0); 266 DDP_UNLOCK(toep); 267 } 268 269 #ifdef INVARIANTS 270 void 271 ddp_assert_empty(struct toepcb *toep) 272 { 273 int i; 274 275 MPASS(!(toep->ddp_flags & DDP_TASK_ACTIVE)); 276 for (i = 0; i < nitems(toep->db); i++) { 277 MPASS(toep->db[i].job == NULL); 278 MPASS(toep->db[i].ps == NULL); 279 } 280 MPASS(TAILQ_EMPTY(&toep->ddp_cached_pagesets)); 281 MPASS(TAILQ_EMPTY(&toep->ddp_aiojobq)); 282 } 283 #endif 284 285 static void 286 complete_ddp_buffer(struct toepcb *toep, struct ddp_buffer *db, 287 unsigned int db_idx) 288 { 289 unsigned int db_flag; 290 291 toep->ddp_active_count--; 292 if (toep->ddp_active_id == db_idx) { 293 if (toep->ddp_active_count == 0) { 294 KASSERT(toep->db[db_idx ^ 1].job == NULL, 295 ("%s: active_count mismatch", __func__)); 296 toep->ddp_active_id = -1; 297 } else 298 toep->ddp_active_id ^= 1; 299 #ifdef VERBOSE_TRACES 300 CTR2(KTR_CXGBE, "%s: ddp_active_id = %d", __func__, 301 toep->ddp_active_id); 302 #endif 303 } else { 304 KASSERT(toep->ddp_active_count != 0 && 305 toep->ddp_active_id != -1, 306 ("%s: active count mismatch", __func__)); 307 } 308 309 db->cancel_pending = 0; 310 db->job = NULL; 311 recycle_pageset(toep, db->ps); 312 db->ps = NULL; 313 314 db_flag = db_idx == 1 ? DDP_BUF1_ACTIVE : DDP_BUF0_ACTIVE; 315 KASSERT(toep->ddp_flags & db_flag, 316 ("%s: DDP buffer not active. toep %p, ddp_flags 0x%x", 317 __func__, toep, toep->ddp_flags)); 318 toep->ddp_flags &= ~db_flag; 319 } 320 321 /* XXX: handle_ddp_data code duplication */ 322 void 323 insert_ddp_data(struct toepcb *toep, uint32_t n) 324 { 325 struct inpcb *inp = toep->inp; 326 struct tcpcb *tp = intotcpcb(inp); 327 struct ddp_buffer *db; 328 struct kaiocb *job; 329 size_t placed; 330 long copied; 331 unsigned int db_flag, db_idx; 332 333 INP_WLOCK_ASSERT(inp); 334 DDP_ASSERT_LOCKED(toep); 335 336 tp->rcv_nxt += n; 337 #ifndef USE_DDP_RX_FLOW_CONTROL 338 KASSERT(tp->rcv_wnd >= n, ("%s: negative window size", __func__)); 339 tp->rcv_wnd -= n; 340 #endif 341 #ifndef USE_DDP_RX_FLOW_CONTROL 342 toep->rx_credits += n; 343 #endif 344 CTR2(KTR_CXGBE, "%s: placed %u bytes before falling out of DDP", 345 __func__, n); 346 while (toep->ddp_active_count > 0) { 347 MPASS(toep->ddp_active_id != -1); 348 db_idx = toep->ddp_active_id; 349 db_flag = db_idx == 1 ? DDP_BUF1_ACTIVE : DDP_BUF0_ACTIVE; 350 MPASS((toep->ddp_flags & db_flag) != 0); 351 db = &toep->db[db_idx]; 352 job = db->job; 353 copied = job->uaiocb._aiocb_private.status; 354 placed = n; 355 if (placed > job->uaiocb.aio_nbytes - copied) 356 placed = job->uaiocb.aio_nbytes - copied; 357 if (!aio_clear_cancel_function(job)) { 358 /* 359 * Update the copied length for when 360 * t4_aio_cancel_active() completes this 361 * request. 362 */ 363 job->uaiocb._aiocb_private.status += placed; 364 } else if (copied + placed != 0) { 365 CTR4(KTR_CXGBE, 366 "%s: completing %p (copied %ld, placed %lu)", 367 __func__, job, copied, placed); 368 /* XXX: This always completes if there is some data. */ 369 aio_complete(job, copied + placed, 0); 370 } else if (aio_set_cancel_function(job, t4_aio_cancel_queued)) { 371 TAILQ_INSERT_HEAD(&toep->ddp_aiojobq, job, list); 372 toep->ddp_waiting_count++; 373 } else 374 aio_cancel(job); 375 n -= placed; 376 complete_ddp_buffer(toep, db, db_idx); 377 } 378 379 MPASS(n == 0); 380 } 381 382 /* SET_TCB_FIELD sent as a ULP command looks like this */ 383 #define LEN__SET_TCB_FIELD_ULP (sizeof(struct ulp_txpkt) + \ 384 sizeof(struct ulptx_idata) + sizeof(struct cpl_set_tcb_field_core)) 385 386 /* RX_DATA_ACK sent as a ULP command looks like this */ 387 #define LEN__RX_DATA_ACK_ULP (sizeof(struct ulp_txpkt) + \ 388 sizeof(struct ulptx_idata) + sizeof(struct cpl_rx_data_ack_core)) 389 390 static inline void * 391 mk_set_tcb_field_ulp(struct ulp_txpkt *ulpmc, struct toepcb *toep, 392 uint64_t word, uint64_t mask, uint64_t val) 393 { 394 struct ulptx_idata *ulpsc; 395 struct cpl_set_tcb_field_core *req; 396 397 ulpmc->cmd_dest = htonl(V_ULPTX_CMD(ULP_TX_PKT) | V_ULP_TXPKT_DEST(0)); 398 ulpmc->len = htobe32(howmany(LEN__SET_TCB_FIELD_ULP, 16)); 399 400 ulpsc = (struct ulptx_idata *)(ulpmc + 1); 401 ulpsc->cmd_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_IMM)); 402 ulpsc->len = htobe32(sizeof(*req)); 403 404 req = (struct cpl_set_tcb_field_core *)(ulpsc + 1); 405 OPCODE_TID(req) = htobe32(MK_OPCODE_TID(CPL_SET_TCB_FIELD, toep->tid)); 406 req->reply_ctrl = htobe16(V_NO_REPLY(1) | 407 V_QUEUENO(toep->ofld_rxq->iq.abs_id)); 408 req->word_cookie = htobe16(V_WORD(word) | V_COOKIE(0)); 409 req->mask = htobe64(mask); 410 req->val = htobe64(val); 411 412 ulpsc = (struct ulptx_idata *)(req + 1); 413 if (LEN__SET_TCB_FIELD_ULP % 16) { 414 ulpsc->cmd_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_NOOP)); 415 ulpsc->len = htobe32(0); 416 return (ulpsc + 1); 417 } 418 return (ulpsc); 419 } 420 421 static inline void * 422 mk_rx_data_ack_ulp(struct ulp_txpkt *ulpmc, struct toepcb *toep) 423 { 424 struct ulptx_idata *ulpsc; 425 struct cpl_rx_data_ack_core *req; 426 427 ulpmc->cmd_dest = htonl(V_ULPTX_CMD(ULP_TX_PKT) | V_ULP_TXPKT_DEST(0)); 428 ulpmc->len = htobe32(howmany(LEN__RX_DATA_ACK_ULP, 16)); 429 430 ulpsc = (struct ulptx_idata *)(ulpmc + 1); 431 ulpsc->cmd_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_IMM)); 432 ulpsc->len = htobe32(sizeof(*req)); 433 434 req = (struct cpl_rx_data_ack_core *)(ulpsc + 1); 435 OPCODE_TID(req) = htobe32(MK_OPCODE_TID(CPL_RX_DATA_ACK, toep->tid)); 436 req->credit_dack = htobe32(F_RX_MODULATE_RX); 437 438 ulpsc = (struct ulptx_idata *)(req + 1); 439 if (LEN__RX_DATA_ACK_ULP % 16) { 440 ulpsc->cmd_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_NOOP)); 441 ulpsc->len = htobe32(0); 442 return (ulpsc + 1); 443 } 444 return (ulpsc); 445 } 446 447 static struct wrqe * 448 mk_update_tcb_for_ddp(struct adapter *sc, struct toepcb *toep, int db_idx, 449 struct pageset *ps, int offset, uint64_t ddp_flags, uint64_t ddp_flags_mask) 450 { 451 struct wrqe *wr; 452 struct work_request_hdr *wrh; 453 struct ulp_txpkt *ulpmc; 454 int len; 455 456 KASSERT(db_idx == 0 || db_idx == 1, 457 ("%s: bad DDP buffer index %d", __func__, db_idx)); 458 459 /* 460 * We'll send a compound work request that has 3 SET_TCB_FIELDs and an 461 * RX_DATA_ACK (with RX_MODULATE to speed up delivery). 462 * 463 * The work request header is 16B and always ends at a 16B boundary. 464 * The ULPTX master commands that follow must all end at 16B boundaries 465 * too so we round up the size to 16. 466 */ 467 len = sizeof(*wrh) + 3 * roundup2(LEN__SET_TCB_FIELD_ULP, 16) + 468 roundup2(LEN__RX_DATA_ACK_ULP, 16); 469 470 wr = alloc_wrqe(len, toep->ctrlq); 471 if (wr == NULL) 472 return (NULL); 473 wrh = wrtod(wr); 474 INIT_ULPTX_WRH(wrh, len, 1, 0); /* atomic */ 475 ulpmc = (struct ulp_txpkt *)(wrh + 1); 476 477 /* Write the buffer's tag */ 478 ulpmc = mk_set_tcb_field_ulp(ulpmc, toep, 479 W_TCB_RX_DDP_BUF0_TAG + db_idx, 480 V_TCB_RX_DDP_BUF0_TAG(M_TCB_RX_DDP_BUF0_TAG), 481 V_TCB_RX_DDP_BUF0_TAG(ps->tag)); 482 483 /* Update the current offset in the DDP buffer and its total length */ 484 if (db_idx == 0) 485 ulpmc = mk_set_tcb_field_ulp(ulpmc, toep, 486 W_TCB_RX_DDP_BUF0_OFFSET, 487 V_TCB_RX_DDP_BUF0_OFFSET(M_TCB_RX_DDP_BUF0_OFFSET) | 488 V_TCB_RX_DDP_BUF0_LEN(M_TCB_RX_DDP_BUF0_LEN), 489 V_TCB_RX_DDP_BUF0_OFFSET(offset) | 490 V_TCB_RX_DDP_BUF0_LEN(ps->len)); 491 else 492 ulpmc = mk_set_tcb_field_ulp(ulpmc, toep, 493 W_TCB_RX_DDP_BUF1_OFFSET, 494 V_TCB_RX_DDP_BUF1_OFFSET(M_TCB_RX_DDP_BUF1_OFFSET) | 495 V_TCB_RX_DDP_BUF1_LEN((u64)M_TCB_RX_DDP_BUF1_LEN << 32), 496 V_TCB_RX_DDP_BUF1_OFFSET(offset) | 497 V_TCB_RX_DDP_BUF1_LEN((u64)ps->len << 32)); 498 499 /* Update DDP flags */ 500 ulpmc = mk_set_tcb_field_ulp(ulpmc, toep, W_TCB_RX_DDP_FLAGS, 501 ddp_flags_mask, ddp_flags); 502 503 /* Gratuitous RX_DATA_ACK with RX_MODULATE set to speed up delivery. */ 504 ulpmc = mk_rx_data_ack_ulp(ulpmc, toep); 505 506 return (wr); 507 } 508 509 static int 510 handle_ddp_data(struct toepcb *toep, __be32 ddp_report, __be32 rcv_nxt, int len) 511 { 512 uint32_t report = be32toh(ddp_report); 513 unsigned int db_idx; 514 struct inpcb *inp = toep->inp; 515 struct ddp_buffer *db; 516 struct tcpcb *tp; 517 struct socket *so; 518 struct sockbuf *sb; 519 struct kaiocb *job; 520 long copied; 521 522 db_idx = report & F_DDP_BUF_IDX ? 1 : 0; 523 524 if (__predict_false(!(report & F_DDP_INV))) 525 CXGBE_UNIMPLEMENTED("DDP buffer still valid"); 526 527 INP_WLOCK(inp); 528 so = inp_inpcbtosocket(inp); 529 sb = &so->so_rcv; 530 DDP_LOCK(toep); 531 532 KASSERT(toep->ddp_active_id == db_idx, 533 ("completed DDP buffer (%d) != active_id (%d) for tid %d", db_idx, 534 toep->ddp_active_id, toep->tid)); 535 db = &toep->db[db_idx]; 536 job = db->job; 537 538 if (__predict_false(inp->inp_flags & (INP_DROPPED | INP_TIMEWAIT))) { 539 /* 540 * This can happen due to an administrative tcpdrop(8). 541 * Just fail the request with ECONNRESET. 542 */ 543 CTR5(KTR_CXGBE, "%s: tid %u, seq 0x%x, len %d, inp_flags 0x%x", 544 __func__, toep->tid, be32toh(rcv_nxt), len, inp->inp_flags); 545 if (aio_clear_cancel_function(job)) 546 ddp_complete_one(job, ECONNRESET); 547 goto completed; 548 } 549 550 tp = intotcpcb(inp); 551 552 /* 553 * For RX_DDP_COMPLETE, len will be zero and rcv_nxt is the 554 * sequence number of the next byte to receive. The length of 555 * the data received for this message must be computed by 556 * comparing the new and old values of rcv_nxt. 557 * 558 * For RX_DATA_DDP, len might be non-zero, but it is only the 559 * length of the most recent DMA. It does not include the 560 * total length of the data received since the previous update 561 * for this DDP buffer. rcv_nxt is the sequence number of the 562 * first received byte from the most recent DMA. 563 */ 564 len += be32toh(rcv_nxt) - tp->rcv_nxt; 565 tp->rcv_nxt += len; 566 tp->t_rcvtime = ticks; 567 #ifndef USE_DDP_RX_FLOW_CONTROL 568 KASSERT(tp->rcv_wnd >= len, ("%s: negative window size", __func__)); 569 tp->rcv_wnd -= len; 570 #endif 571 #ifdef VERBOSE_TRACES 572 CTR4(KTR_CXGBE, "%s: DDP[%d] placed %d bytes (%#x)", __func__, db_idx, 573 len, report); 574 #endif 575 576 /* receive buffer autosize */ 577 CURVNET_SET(so->so_vnet); 578 SOCKBUF_LOCK(sb); 579 if (sb->sb_flags & SB_AUTOSIZE && 580 V_tcp_do_autorcvbuf && 581 sb->sb_hiwat < V_tcp_autorcvbuf_max && 582 len > (sbspace(sb) / 8 * 7)) { 583 unsigned int hiwat = sb->sb_hiwat; 584 unsigned int newsize = min(hiwat + V_tcp_autorcvbuf_inc, 585 V_tcp_autorcvbuf_max); 586 587 if (!sbreserve_locked(sb, newsize, so, NULL)) 588 sb->sb_flags &= ~SB_AUTOSIZE; 589 else 590 toep->rx_credits += newsize - hiwat; 591 } 592 SOCKBUF_UNLOCK(sb); 593 CURVNET_RESTORE(); 594 595 #ifndef USE_DDP_RX_FLOW_CONTROL 596 toep->rx_credits += len; 597 #endif 598 599 if (db->cancel_pending) { 600 /* 601 * Update the job's length but defer completion to the 602 * TCB_RPL callback. 603 */ 604 job->uaiocb._aiocb_private.status += len; 605 goto out; 606 } else if (!aio_clear_cancel_function(job)) { 607 /* 608 * Update the copied length for when 609 * t4_aio_cancel_active() completes this request. 610 */ 611 job->uaiocb._aiocb_private.status += len; 612 } else { 613 copied = job->uaiocb._aiocb_private.status; 614 #ifdef VERBOSE_TRACES 615 CTR4(KTR_CXGBE, "%s: completing %p (copied %ld, placed %d)", 616 __func__, job, copied, len); 617 #endif 618 aio_complete(job, copied + len, 0); 619 t4_rcvd(&toep->td->tod, tp); 620 } 621 622 completed: 623 complete_ddp_buffer(toep, db, db_idx); 624 if (toep->ddp_waiting_count > 0) 625 ddp_queue_toep(toep); 626 out: 627 DDP_UNLOCK(toep); 628 INP_WUNLOCK(inp); 629 630 return (0); 631 } 632 633 void 634 handle_ddp_indicate(struct toepcb *toep) 635 { 636 637 DDP_ASSERT_LOCKED(toep); 638 MPASS(toep->ddp_active_count == 0); 639 MPASS((toep->ddp_flags & (DDP_BUF0_ACTIVE | DDP_BUF1_ACTIVE)) == 0); 640 if (toep->ddp_waiting_count == 0) { 641 /* 642 * The pending requests that triggered the request for an 643 * an indicate were cancelled. Those cancels should have 644 * already disabled DDP. Just ignore this as the data is 645 * going into the socket buffer anyway. 646 */ 647 return; 648 } 649 CTR3(KTR_CXGBE, "%s: tid %d indicated (%d waiting)", __func__, 650 toep->tid, toep->ddp_waiting_count); 651 ddp_queue_toep(toep); 652 } 653 654 enum { 655 DDP_BUF0_INVALIDATED = 0x2, 656 DDP_BUF1_INVALIDATED 657 }; 658 659 void 660 handle_ddp_tcb_rpl(struct toepcb *toep, const struct cpl_set_tcb_rpl *cpl) 661 { 662 unsigned int db_idx; 663 struct inpcb *inp = toep->inp; 664 struct ddp_buffer *db; 665 struct kaiocb *job; 666 long copied; 667 668 if (cpl->status != CPL_ERR_NONE) 669 panic("XXX: tcp_rpl failed: %d", cpl->status); 670 671 switch (cpl->cookie) { 672 case V_WORD(W_TCB_RX_DDP_FLAGS) | V_COOKIE(DDP_BUF0_INVALIDATED): 673 case V_WORD(W_TCB_RX_DDP_FLAGS) | V_COOKIE(DDP_BUF1_INVALIDATED): 674 /* 675 * XXX: This duplicates a lot of code with handle_ddp_data(). 676 */ 677 db_idx = G_COOKIE(cpl->cookie) - DDP_BUF0_INVALIDATED; 678 INP_WLOCK(inp); 679 DDP_LOCK(toep); 680 db = &toep->db[db_idx]; 681 682 /* 683 * handle_ddp_data() should leave the job around until 684 * this callback runs once a cancel is pending. 685 */ 686 MPASS(db != NULL); 687 MPASS(db->job != NULL); 688 MPASS(db->cancel_pending); 689 690 /* 691 * XXX: It's not clear what happens if there is data 692 * placed when the buffer is invalidated. I suspect we 693 * need to read the TCB to see how much data was placed. 694 * 695 * For now this just pretends like nothing was placed. 696 * 697 * XXX: Note that if we did check the PCB we would need to 698 * also take care of updating the tp, etc. 699 */ 700 job = db->job; 701 copied = job->uaiocb._aiocb_private.status; 702 if (copied == 0) { 703 CTR2(KTR_CXGBE, "%s: cancelling %p", __func__, job); 704 aio_cancel(job); 705 } else { 706 CTR3(KTR_CXGBE, "%s: completing %p (copied %ld)", 707 __func__, job, copied); 708 aio_complete(job, copied, 0); 709 t4_rcvd(&toep->td->tod, intotcpcb(inp)); 710 } 711 712 complete_ddp_buffer(toep, db, db_idx); 713 if (toep->ddp_waiting_count > 0) 714 ddp_queue_toep(toep); 715 DDP_UNLOCK(toep); 716 INP_WUNLOCK(inp); 717 break; 718 default: 719 panic("XXX: unknown tcb_rpl offset %#x, cookie %#x", 720 G_WORD(cpl->cookie), G_COOKIE(cpl->cookie)); 721 } 722 } 723 724 void 725 handle_ddp_close(struct toepcb *toep, struct tcpcb *tp, __be32 rcv_nxt) 726 { 727 struct ddp_buffer *db; 728 struct kaiocb *job; 729 long copied; 730 unsigned int db_flag, db_idx; 731 int len, placed; 732 733 INP_WLOCK_ASSERT(toep->inp); 734 DDP_ASSERT_LOCKED(toep); 735 len = be32toh(rcv_nxt) - tp->rcv_nxt; 736 737 tp->rcv_nxt += len; 738 #ifndef USE_DDP_RX_FLOW_CONTROL 739 toep->rx_credits += len; 740 #endif 741 742 while (toep->ddp_active_count > 0) { 743 MPASS(toep->ddp_active_id != -1); 744 db_idx = toep->ddp_active_id; 745 db_flag = db_idx == 1 ? DDP_BUF1_ACTIVE : DDP_BUF0_ACTIVE; 746 MPASS((toep->ddp_flags & db_flag) != 0); 747 db = &toep->db[db_idx]; 748 job = db->job; 749 copied = job->uaiocb._aiocb_private.status; 750 placed = len; 751 if (placed > job->uaiocb.aio_nbytes - copied) 752 placed = job->uaiocb.aio_nbytes - copied; 753 if (!aio_clear_cancel_function(job)) { 754 /* 755 * Update the copied length for when 756 * t4_aio_cancel_active() completes this 757 * request. 758 */ 759 job->uaiocb._aiocb_private.status += placed; 760 } else { 761 CTR4(KTR_CXGBE, "%s: tid %d completed buf %d len %d", 762 __func__, toep->tid, db_idx, placed); 763 aio_complete(job, copied + placed, 0); 764 } 765 len -= placed; 766 complete_ddp_buffer(toep, db, db_idx); 767 } 768 769 MPASS(len == 0); 770 ddp_complete_all(toep, 0); 771 } 772 773 #define DDP_ERR (F_DDP_PPOD_MISMATCH | F_DDP_LLIMIT_ERR | F_DDP_ULIMIT_ERR |\ 774 F_DDP_PPOD_PARITY_ERR | F_DDP_PADDING_ERR | F_DDP_OFFSET_ERR |\ 775 F_DDP_INVALID_TAG | F_DDP_COLOR_ERR | F_DDP_TID_MISMATCH |\ 776 F_DDP_INVALID_PPOD | F_DDP_HDRCRC_ERR | F_DDP_DATACRC_ERR) 777 778 static int 779 do_rx_data_ddp(struct sge_iq *iq, const struct rss_header *rss, struct mbuf *m) 780 { 781 struct adapter *sc = iq->adapter; 782 const struct cpl_rx_data_ddp *cpl = (const void *)(rss + 1); 783 unsigned int tid = GET_TID(cpl); 784 uint32_t vld; 785 struct toepcb *toep = lookup_tid(sc, tid); 786 787 KASSERT(m == NULL, ("%s: wasn't expecting payload", __func__)); 788 KASSERT(toep->tid == tid, ("%s: toep tid/atid mismatch", __func__)); 789 KASSERT(!(toep->flags & TPF_SYNQE), 790 ("%s: toep %p claims to be a synq entry", __func__, toep)); 791 792 vld = be32toh(cpl->ddpvld); 793 if (__predict_false(vld & DDP_ERR)) { 794 panic("%s: DDP error 0x%x (tid %d, toep %p)", 795 __func__, vld, tid, toep); 796 } 797 798 if (toep->ulp_mode == ULP_MODE_ISCSI) { 799 sc->cpl_handler[CPL_RX_ISCSI_DDP](iq, rss, m); 800 return (0); 801 } 802 803 handle_ddp_data(toep, cpl->u.ddp_report, cpl->seq, be16toh(cpl->len)); 804 805 return (0); 806 } 807 808 static int 809 do_rx_ddp_complete(struct sge_iq *iq, const struct rss_header *rss, 810 struct mbuf *m) 811 { 812 struct adapter *sc = iq->adapter; 813 const struct cpl_rx_ddp_complete *cpl = (const void *)(rss + 1); 814 unsigned int tid = GET_TID(cpl); 815 struct toepcb *toep = lookup_tid(sc, tid); 816 817 KASSERT(m == NULL, ("%s: wasn't expecting payload", __func__)); 818 KASSERT(toep->tid == tid, ("%s: toep tid/atid mismatch", __func__)); 819 KASSERT(!(toep->flags & TPF_SYNQE), 820 ("%s: toep %p claims to be a synq entry", __func__, toep)); 821 822 handle_ddp_data(toep, cpl->ddp_report, cpl->rcv_nxt, 0); 823 824 return (0); 825 } 826 827 static void 828 enable_ddp(struct adapter *sc, struct toepcb *toep) 829 { 830 831 KASSERT((toep->ddp_flags & (DDP_ON | DDP_OK | DDP_SC_REQ)) == DDP_OK, 832 ("%s: toep %p has bad ddp_flags 0x%x", 833 __func__, toep, toep->ddp_flags)); 834 835 CTR3(KTR_CXGBE, "%s: tid %u (time %u)", 836 __func__, toep->tid, time_uptime); 837 838 DDP_ASSERT_LOCKED(toep); 839 toep->ddp_flags |= DDP_SC_REQ; 840 t4_set_tcb_field(sc, toep, 1, W_TCB_RX_DDP_FLAGS, 841 V_TF_DDP_OFF(1) | V_TF_DDP_INDICATE_OUT(1) | 842 V_TF_DDP_BUF0_INDICATE(1) | V_TF_DDP_BUF1_INDICATE(1) | 843 V_TF_DDP_BUF0_VALID(1) | V_TF_DDP_BUF1_VALID(1), 844 V_TF_DDP_BUF0_INDICATE(1) | V_TF_DDP_BUF1_INDICATE(1)); 845 t4_set_tcb_field(sc, toep, 1, W_TCB_T_FLAGS, 846 V_TF_RCV_COALESCE_ENABLE(1), 0); 847 } 848 849 static int 850 calculate_hcf(int n1, int n2) 851 { 852 int a, b, t; 853 854 if (n1 <= n2) { 855 a = n1; 856 b = n2; 857 } else { 858 a = n2; 859 b = n1; 860 } 861 862 while (a != 0) { 863 t = a; 864 a = b % a; 865 b = t; 866 } 867 868 return (b); 869 } 870 871 static int 872 alloc_page_pods(struct tom_data *td, struct pageset *ps) 873 { 874 int i, hcf, seglen, idx, ppod, nppods; 875 u_int ppod_addr; 876 877 KASSERT(ps->nppods == 0, ("%s: page pods already allocated", __func__)); 878 879 /* 880 * The DDP page size is unrelated to the VM page size. We combine 881 * contiguous physical pages into larger segments to get the best DDP 882 * page size possible. This is the largest of the four sizes in 883 * A_ULP_RX_TDDP_PSZ that evenly divides the HCF of the segment sizes in 884 * the page list. 885 */ 886 hcf = 0; 887 for (i = 0; i < ps->npages; i++) { 888 seglen = PAGE_SIZE; 889 while (i < ps->npages - 1 && 890 ps->pages[i]->phys_addr + PAGE_SIZE == 891 ps->pages[i + 1]->phys_addr) { 892 seglen += PAGE_SIZE; 893 i++; 894 } 895 896 hcf = calculate_hcf(hcf, seglen); 897 if (hcf < t4_ddp_pgsz[1]) { 898 idx = 0; 899 goto have_pgsz; /* give up, short circuit */ 900 } 901 } 902 903 if (hcf % t4_ddp_pgsz[0] != 0) { 904 /* hmmm. This could only happen when PAGE_SIZE < 4K */ 905 KASSERT(PAGE_SIZE < 4096, 906 ("%s: PAGE_SIZE %d, hcf %d", __func__, PAGE_SIZE, hcf)); 907 CTR3(KTR_CXGBE, "%s: PAGE_SIZE %d, hcf %d", 908 __func__, PAGE_SIZE, hcf); 909 return (0); 910 } 911 912 for (idx = nitems(t4_ddp_pgsz) - 1; idx > 0; idx--) { 913 if (hcf % t4_ddp_pgsz[idx] == 0) 914 break; 915 } 916 have_pgsz: 917 MPASS(idx <= M_PPOD_PGSZ); 918 919 nppods = pages_to_nppods(ps->npages, t4_ddp_pgsz[idx]); 920 if (alloc_ppods(td, nppods, &ppod_addr) != 0) { 921 CTR4(KTR_CXGBE, "%s: no pods, nppods %d, npages %d, pgsz %d", 922 __func__, nppods, ps->npages, t4_ddp_pgsz[idx]); 923 return (0); 924 } 925 926 ppod = (ppod_addr - td->ppod_start) / PPOD_SIZE; 927 ps->tag = V_PPOD_PGSZ(idx) | V_PPOD_TAG(ppod); 928 ps->ppod_addr = ppod_addr; 929 ps->nppods = nppods; 930 931 CTR5(KTR_CXGBE, "New page pods. " 932 "ps %p, ddp_pgsz %d, ppod 0x%x, npages %d, nppods %d", 933 ps, t4_ddp_pgsz[idx], ppod, ps->npages, ps->nppods); 934 935 return (1); 936 } 937 938 #define NUM_ULP_TX_SC_IMM_PPODS (256 / PPOD_SIZE) 939 940 static int 941 write_page_pods(struct adapter *sc, struct toepcb *toep, struct pageset *ps) 942 { 943 struct wrqe *wr; 944 struct ulp_mem_io *ulpmc; 945 struct ulptx_idata *ulpsc; 946 struct pagepod *ppod; 947 int i, j, k, n, chunk, len, ddp_pgsz, idx; 948 u_int ppod_addr; 949 uint32_t cmd; 950 951 KASSERT(!(ps->flags & PS_PPODS_WRITTEN), 952 ("%s: page pods already written", __func__)); 953 954 cmd = htobe32(V_ULPTX_CMD(ULP_TX_MEM_WRITE)); 955 if (is_t4(sc)) 956 cmd |= htobe32(F_ULP_MEMIO_ORDER); 957 else 958 cmd |= htobe32(F_T5_ULP_MEMIO_IMM); 959 ddp_pgsz = t4_ddp_pgsz[G_PPOD_PGSZ(ps->tag)]; 960 ppod_addr = ps->ppod_addr; 961 for (i = 0; i < ps->nppods; ppod_addr += chunk) { 962 963 /* How many page pods are we writing in this cycle */ 964 n = min(ps->nppods - i, NUM_ULP_TX_SC_IMM_PPODS); 965 chunk = PPOD_SZ(n); 966 len = roundup2(sizeof(*ulpmc) + sizeof(*ulpsc) + chunk, 16); 967 968 wr = alloc_wrqe(len, toep->ctrlq); 969 if (wr == NULL) 970 return (ENOMEM); /* ok to just bail out */ 971 ulpmc = wrtod(wr); 972 973 INIT_ULPTX_WR(ulpmc, len, 0, 0); 974 ulpmc->cmd = cmd; 975 ulpmc->dlen = htobe32(V_ULP_MEMIO_DATA_LEN(chunk / 32)); 976 ulpmc->len16 = htobe32(howmany(len - sizeof(ulpmc->wr), 16)); 977 ulpmc->lock_addr = htobe32(V_ULP_MEMIO_ADDR(ppod_addr >> 5)); 978 979 ulpsc = (struct ulptx_idata *)(ulpmc + 1); 980 ulpsc->cmd_more = htobe32(V_ULPTX_CMD(ULP_TX_SC_IMM)); 981 ulpsc->len = htobe32(chunk); 982 983 ppod = (struct pagepod *)(ulpsc + 1); 984 for (j = 0; j < n; i++, j++, ppod++) { 985 ppod->vld_tid_pgsz_tag_color = htobe64(F_PPOD_VALID | 986 V_PPOD_TID(toep->tid) | ps->tag); 987 ppod->len_offset = htobe64(V_PPOD_LEN(ps->len) | 988 V_PPOD_OFST(ps->offset)); 989 ppod->rsvd = 0; 990 idx = i * PPOD_PAGES * (ddp_pgsz / PAGE_SIZE); 991 for (k = 0; k < nitems(ppod->addr); k++) { 992 if (idx < ps->npages) { 993 ppod->addr[k] = 994 htobe64(ps->pages[idx]->phys_addr); 995 idx += ddp_pgsz / PAGE_SIZE; 996 } else 997 ppod->addr[k] = 0; 998 #if 0 999 CTR5(KTR_CXGBE, 1000 "%s: tid %d ppod[%d]->addr[%d] = %p", 1001 __func__, toep->tid, i, k, 1002 htobe64(ppod->addr[k])); 1003 #endif 1004 } 1005 1006 } 1007 1008 t4_wrq_tx(sc, wr); 1009 } 1010 ps->flags |= PS_PPODS_WRITTEN; 1011 1012 return (0); 1013 } 1014 1015 static void 1016 wire_pageset(struct pageset *ps) 1017 { 1018 vm_page_t p; 1019 int i; 1020 1021 KASSERT(!(ps->flags & PS_WIRED), ("pageset already wired")); 1022 1023 for (i = 0; i < ps->npages; i++) { 1024 p = ps->pages[i]; 1025 vm_page_lock(p); 1026 vm_page_wire(p); 1027 vm_page_unhold(p); 1028 vm_page_unlock(p); 1029 } 1030 ps->flags |= PS_WIRED; 1031 } 1032 1033 /* 1034 * Prepare a pageset for DDP. This wires the pageset and sets up page 1035 * pods. 1036 */ 1037 static int 1038 prep_pageset(struct adapter *sc, struct toepcb *toep, struct pageset *ps) 1039 { 1040 struct tom_data *td = sc->tom_softc; 1041 1042 if (!(ps->flags & PS_WIRED)) 1043 wire_pageset(ps); 1044 if (ps->nppods == 0 && !alloc_page_pods(td, ps)) { 1045 return (0); 1046 } 1047 if (!(ps->flags & PS_PPODS_WRITTEN) && 1048 write_page_pods(sc, toep, ps) != 0) { 1049 return (0); 1050 } 1051 1052 return (1); 1053 } 1054 1055 void 1056 t4_init_ddp(struct adapter *sc, struct tom_data *td) 1057 { 1058 1059 td->ppod_start = sc->vres.ddp.start; 1060 td->ppod_arena = vmem_create("DDP page pods", sc->vres.ddp.start, 1061 sc->vres.ddp.size, 1, 32, M_FIRSTFIT | M_NOWAIT); 1062 1063 t4_register_cpl_handler(sc, CPL_RX_DATA_DDP, do_rx_data_ddp); 1064 t4_register_cpl_handler(sc, CPL_RX_DDP_COMPLETE, do_rx_ddp_complete); 1065 } 1066 1067 void 1068 t4_uninit_ddp(struct adapter *sc __unused, struct tom_data *td) 1069 { 1070 1071 if (td->ppod_arena != NULL) { 1072 vmem_destroy(td->ppod_arena); 1073 td->ppod_arena = NULL; 1074 } 1075 } 1076 1077 static int 1078 pscmp(struct pageset *ps, struct vmspace *vm, vm_offset_t start, int npages, 1079 int pgoff, int len) 1080 { 1081 1082 if (ps->npages != npages || ps->offset != pgoff || ps->len != len) 1083 return (1); 1084 1085 return (ps->vm != vm || ps->vm_timestamp != vm->vm_map.timestamp); 1086 } 1087 1088 static int 1089 hold_aio(struct toepcb *toep, struct kaiocb *job, struct pageset **pps) 1090 { 1091 struct vmspace *vm; 1092 vm_map_t map; 1093 vm_offset_t start, end, pgoff; 1094 struct pageset *ps; 1095 int n; 1096 1097 DDP_ASSERT_LOCKED(toep); 1098 1099 /* 1100 * The AIO subsystem will cancel and drain all requests before 1101 * permitting a process to exit or exec, so p_vmspace should 1102 * be stable here. 1103 */ 1104 vm = job->userproc->p_vmspace; 1105 map = &vm->vm_map; 1106 start = (uintptr_t)job->uaiocb.aio_buf; 1107 pgoff = start & PAGE_MASK; 1108 end = round_page(start + job->uaiocb.aio_nbytes); 1109 start = trunc_page(start); 1110 1111 if (end - start > MAX_DDP_BUFFER_SIZE) { 1112 /* 1113 * Truncate the request to a short read. 1114 * Alternatively, we could DDP in chunks to the larger 1115 * buffer, but that would be quite a bit more work. 1116 * 1117 * When truncating, round the request down to avoid 1118 * crossing a cache line on the final transaction. 1119 */ 1120 end = rounddown2(start + MAX_DDP_BUFFER_SIZE, CACHE_LINE_SIZE); 1121 #ifdef VERBOSE_TRACES 1122 CTR4(KTR_CXGBE, "%s: tid %d, truncating size from %lu to %lu", 1123 __func__, toep->tid, (unsigned long)job->uaiocb.aio_nbytes, 1124 (unsigned long)(end - (start + pgoff))); 1125 job->uaiocb.aio_nbytes = end - (start + pgoff); 1126 #endif 1127 end = round_page(end); 1128 } 1129 1130 n = atop(end - start); 1131 1132 /* 1133 * Try to reuse a cached pageset. 1134 */ 1135 TAILQ_FOREACH(ps, &toep->ddp_cached_pagesets, link) { 1136 if (pscmp(ps, vm, start, n, pgoff, 1137 job->uaiocb.aio_nbytes) == 0) { 1138 TAILQ_REMOVE(&toep->ddp_cached_pagesets, ps, link); 1139 toep->ddp_cached_count--; 1140 *pps = ps; 1141 return (0); 1142 } 1143 } 1144 1145 /* 1146 * If there are too many cached pagesets to create a new one, 1147 * free a pageset before creating a new one. 1148 */ 1149 KASSERT(toep->ddp_active_count + toep->ddp_cached_count <= 1150 nitems(toep->db), ("%s: too many wired pagesets", __func__)); 1151 if (toep->ddp_active_count + toep->ddp_cached_count == 1152 nitems(toep->db)) { 1153 KASSERT(toep->ddp_cached_count > 0, 1154 ("no cached pageset to free")); 1155 ps = TAILQ_LAST(&toep->ddp_cached_pagesets, pagesetq); 1156 TAILQ_REMOVE(&toep->ddp_cached_pagesets, ps, link); 1157 toep->ddp_cached_count--; 1158 free_pageset(toep->td, ps); 1159 } 1160 DDP_UNLOCK(toep); 1161 1162 /* Create a new pageset. */ 1163 ps = malloc(sizeof(*ps) + n * sizeof(vm_page_t), M_CXGBE, M_WAITOK | 1164 M_ZERO); 1165 ps->pages = (vm_page_t *)(ps + 1); 1166 ps->vm_timestamp = map->timestamp; 1167 ps->npages = vm_fault_quick_hold_pages(map, start, end - start, 1168 VM_PROT_WRITE, ps->pages, n); 1169 1170 DDP_LOCK(toep); 1171 if (ps->npages < 0) { 1172 free(ps, M_CXGBE); 1173 return (EFAULT); 1174 } 1175 1176 KASSERT(ps->npages == n, ("hold_aio: page count mismatch: %d vs %d", 1177 ps->npages, n)); 1178 1179 ps->offset = pgoff; 1180 ps->len = job->uaiocb.aio_nbytes; 1181 atomic_add_int(&vm->vm_refcnt, 1); 1182 ps->vm = vm; 1183 1184 CTR5(KTR_CXGBE, "%s: tid %d, new pageset %p for job %p, npages %d", 1185 __func__, toep->tid, ps, job, ps->npages); 1186 *pps = ps; 1187 return (0); 1188 } 1189 1190 static void 1191 ddp_complete_all(struct toepcb *toep, int error) 1192 { 1193 struct kaiocb *job; 1194 1195 DDP_ASSERT_LOCKED(toep); 1196 while (!TAILQ_EMPTY(&toep->ddp_aiojobq)) { 1197 job = TAILQ_FIRST(&toep->ddp_aiojobq); 1198 TAILQ_REMOVE(&toep->ddp_aiojobq, job, list); 1199 toep->ddp_waiting_count--; 1200 if (aio_clear_cancel_function(job)) 1201 ddp_complete_one(job, error); 1202 } 1203 } 1204 1205 static void 1206 aio_ddp_cancel_one(struct kaiocb *job) 1207 { 1208 long copied; 1209 1210 /* 1211 * If this job had copied data out of the socket buffer before 1212 * it was cancelled, report it as a short read rather than an 1213 * error. 1214 */ 1215 copied = job->uaiocb._aiocb_private.status; 1216 if (copied != 0) 1217 aio_complete(job, copied, 0); 1218 else 1219 aio_cancel(job); 1220 } 1221 1222 /* 1223 * Called when the main loop wants to requeue a job to retry it later. 1224 * Deals with the race of the job being cancelled while it was being 1225 * examined. 1226 */ 1227 static void 1228 aio_ddp_requeue_one(struct toepcb *toep, struct kaiocb *job) 1229 { 1230 1231 DDP_ASSERT_LOCKED(toep); 1232 if (!(toep->ddp_flags & DDP_DEAD) && 1233 aio_set_cancel_function(job, t4_aio_cancel_queued)) { 1234 TAILQ_INSERT_HEAD(&toep->ddp_aiojobq, job, list); 1235 toep->ddp_waiting_count++; 1236 } else 1237 aio_ddp_cancel_one(job); 1238 } 1239 1240 static void 1241 aio_ddp_requeue(struct toepcb *toep) 1242 { 1243 struct adapter *sc = td_adapter(toep->td); 1244 struct socket *so; 1245 struct sockbuf *sb; 1246 struct inpcb *inp; 1247 struct kaiocb *job; 1248 struct ddp_buffer *db; 1249 size_t copied, offset, resid; 1250 struct pageset *ps; 1251 struct mbuf *m; 1252 uint64_t ddp_flags, ddp_flags_mask; 1253 struct wrqe *wr; 1254 int buf_flag, db_idx, error; 1255 1256 DDP_ASSERT_LOCKED(toep); 1257 1258 restart: 1259 if (toep->ddp_flags & DDP_DEAD) { 1260 MPASS(toep->ddp_waiting_count == 0); 1261 MPASS(toep->ddp_active_count == 0); 1262 return; 1263 } 1264 1265 if (toep->ddp_waiting_count == 0 || 1266 toep->ddp_active_count == nitems(toep->db)) { 1267 return; 1268 } 1269 1270 job = TAILQ_FIRST(&toep->ddp_aiojobq); 1271 so = job->fd_file->f_data; 1272 sb = &so->so_rcv; 1273 SOCKBUF_LOCK(sb); 1274 1275 /* We will never get anything unless we are or were connected. */ 1276 if (!(so->so_state & (SS_ISCONNECTED|SS_ISDISCONNECTED))) { 1277 SOCKBUF_UNLOCK(sb); 1278 ddp_complete_all(toep, ENOTCONN); 1279 return; 1280 } 1281 1282 KASSERT(toep->ddp_active_count == 0 || sbavail(sb) == 0, 1283 ("%s: pending sockbuf data and DDP is active", __func__)); 1284 1285 /* Abort if socket has reported problems. */ 1286 /* XXX: Wait for any queued DDP's to finish and/or flush them? */ 1287 if (so->so_error && sbavail(sb) == 0) { 1288 toep->ddp_waiting_count--; 1289 TAILQ_REMOVE(&toep->ddp_aiojobq, job, list); 1290 if (!aio_clear_cancel_function(job)) { 1291 SOCKBUF_UNLOCK(sb); 1292 goto restart; 1293 } 1294 1295 /* 1296 * If this job has previously copied some data, report 1297 * a short read and leave the error to be reported by 1298 * a future request. 1299 */ 1300 copied = job->uaiocb._aiocb_private.status; 1301 if (copied != 0) { 1302 SOCKBUF_UNLOCK(sb); 1303 aio_complete(job, copied, 0); 1304 goto restart; 1305 } 1306 error = so->so_error; 1307 so->so_error = 0; 1308 SOCKBUF_UNLOCK(sb); 1309 aio_complete(job, -1, error); 1310 goto restart; 1311 } 1312 1313 /* 1314 * Door is closed. If there is pending data in the socket buffer, 1315 * deliver it. If there are pending DDP requests, wait for those 1316 * to complete. Once they have completed, return EOF reads. 1317 */ 1318 if (sb->sb_state & SBS_CANTRCVMORE && sbavail(sb) == 0) { 1319 SOCKBUF_UNLOCK(sb); 1320 if (toep->ddp_active_count != 0) 1321 return; 1322 ddp_complete_all(toep, 0); 1323 return; 1324 } 1325 1326 /* 1327 * If DDP is not enabled and there is no pending socket buffer 1328 * data, try to enable DDP. 1329 */ 1330 if (sbavail(sb) == 0 && (toep->ddp_flags & DDP_ON) == 0) { 1331 SOCKBUF_UNLOCK(sb); 1332 1333 /* 1334 * Wait for the card to ACK that DDP is enabled before 1335 * queueing any buffers. Currently this waits for an 1336 * indicate to arrive. This could use a TCB_SET_FIELD_RPL 1337 * message to know that DDP was enabled instead of waiting 1338 * for the indicate which would avoid copying the indicate 1339 * if no data is pending. 1340 * 1341 * XXX: Might want to limit the indicate size to the size 1342 * of the first queued request. 1343 */ 1344 if ((toep->ddp_flags & DDP_SC_REQ) == 0) 1345 enable_ddp(sc, toep); 1346 return; 1347 } 1348 SOCKBUF_UNLOCK(sb); 1349 1350 /* 1351 * If another thread is queueing a buffer for DDP, let it 1352 * drain any work and return. 1353 */ 1354 if (toep->ddp_queueing != NULL) 1355 return; 1356 1357 /* Take the next job to prep it for DDP. */ 1358 toep->ddp_waiting_count--; 1359 TAILQ_REMOVE(&toep->ddp_aiojobq, job, list); 1360 if (!aio_clear_cancel_function(job)) 1361 goto restart; 1362 toep->ddp_queueing = job; 1363 1364 /* NB: This drops DDP_LOCK while it holds the backing VM pages. */ 1365 error = hold_aio(toep, job, &ps); 1366 if (error != 0) { 1367 ddp_complete_one(job, error); 1368 toep->ddp_queueing = NULL; 1369 goto restart; 1370 } 1371 1372 SOCKBUF_LOCK(sb); 1373 if (so->so_error && sbavail(sb) == 0) { 1374 copied = job->uaiocb._aiocb_private.status; 1375 if (copied != 0) { 1376 SOCKBUF_UNLOCK(sb); 1377 recycle_pageset(toep, ps); 1378 aio_complete(job, copied, 0); 1379 toep->ddp_queueing = NULL; 1380 goto restart; 1381 } 1382 1383 error = so->so_error; 1384 so->so_error = 0; 1385 SOCKBUF_UNLOCK(sb); 1386 recycle_pageset(toep, ps); 1387 aio_complete(job, -1, error); 1388 toep->ddp_queueing = NULL; 1389 goto restart; 1390 } 1391 1392 if (sb->sb_state & SBS_CANTRCVMORE && sbavail(sb) == 0) { 1393 SOCKBUF_UNLOCK(sb); 1394 recycle_pageset(toep, ps); 1395 if (toep->ddp_active_count != 0) { 1396 /* 1397 * The door is closed, but there are still pending 1398 * DDP buffers. Requeue. These jobs will all be 1399 * completed once those buffers drain. 1400 */ 1401 aio_ddp_requeue_one(toep, job); 1402 toep->ddp_queueing = NULL; 1403 return; 1404 } 1405 ddp_complete_one(job, 0); 1406 ddp_complete_all(toep, 0); 1407 toep->ddp_queueing = NULL; 1408 return; 1409 } 1410 1411 sbcopy: 1412 /* 1413 * If the toep is dead, there shouldn't be any data in the socket 1414 * buffer, so the above case should have handled this. 1415 */ 1416 MPASS(!(toep->ddp_flags & DDP_DEAD)); 1417 1418 /* 1419 * If there is pending data in the socket buffer (either 1420 * from before the requests were queued or a DDP indicate), 1421 * copy those mbufs out directly. 1422 */ 1423 copied = 0; 1424 offset = ps->offset + job->uaiocb._aiocb_private.status; 1425 MPASS(job->uaiocb._aiocb_private.status <= job->uaiocb.aio_nbytes); 1426 resid = job->uaiocb.aio_nbytes - job->uaiocb._aiocb_private.status; 1427 m = sb->sb_mb; 1428 KASSERT(m == NULL || toep->ddp_active_count == 0, 1429 ("%s: sockbuf data with active DDP", __func__)); 1430 while (m != NULL && resid > 0) { 1431 struct iovec iov[1]; 1432 struct uio uio; 1433 int error; 1434 1435 iov[0].iov_base = mtod(m, void *); 1436 iov[0].iov_len = m->m_len; 1437 if (iov[0].iov_len > resid) 1438 iov[0].iov_len = resid; 1439 uio.uio_iov = iov; 1440 uio.uio_iovcnt = 1; 1441 uio.uio_offset = 0; 1442 uio.uio_resid = iov[0].iov_len; 1443 uio.uio_segflg = UIO_SYSSPACE; 1444 uio.uio_rw = UIO_WRITE; 1445 error = uiomove_fromphys(ps->pages, offset + copied, 1446 uio.uio_resid, &uio); 1447 MPASS(error == 0 && uio.uio_resid == 0); 1448 copied += uio.uio_offset; 1449 resid -= uio.uio_offset; 1450 m = m->m_next; 1451 } 1452 if (copied != 0) { 1453 sbdrop_locked(sb, copied); 1454 job->uaiocb._aiocb_private.status += copied; 1455 copied = job->uaiocb._aiocb_private.status; 1456 inp = sotoinpcb(so); 1457 if (!INP_TRY_WLOCK(inp)) { 1458 /* 1459 * The reference on the socket file descriptor in 1460 * the AIO job should keep 'sb' and 'inp' stable. 1461 * Our caller has a reference on the 'toep' that 1462 * keeps it stable. 1463 */ 1464 SOCKBUF_UNLOCK(sb); 1465 DDP_UNLOCK(toep); 1466 INP_WLOCK(inp); 1467 DDP_LOCK(toep); 1468 SOCKBUF_LOCK(sb); 1469 1470 /* 1471 * If the socket has been closed, we should detect 1472 * that and complete this request if needed on 1473 * the next trip around the loop. 1474 */ 1475 } 1476 t4_rcvd_locked(&toep->td->tod, intotcpcb(inp)); 1477 INP_WUNLOCK(inp); 1478 if (resid == 0 || toep->ddp_flags & DDP_DEAD) { 1479 /* 1480 * We filled the entire buffer with socket 1481 * data, DDP is not being used, or the socket 1482 * is being shut down, so complete the 1483 * request. 1484 */ 1485 SOCKBUF_UNLOCK(sb); 1486 recycle_pageset(toep, ps); 1487 aio_complete(job, copied, 0); 1488 toep->ddp_queueing = NULL; 1489 goto restart; 1490 } 1491 1492 /* 1493 * If DDP is not enabled, requeue this request and restart. 1494 * This will either enable DDP or wait for more data to 1495 * arrive on the socket buffer. 1496 */ 1497 if ((toep->ddp_flags & (DDP_ON | DDP_SC_REQ)) != DDP_ON) { 1498 SOCKBUF_UNLOCK(sb); 1499 recycle_pageset(toep, ps); 1500 aio_ddp_requeue_one(toep, job); 1501 toep->ddp_queueing = NULL; 1502 goto restart; 1503 } 1504 1505 /* 1506 * An indicate might have arrived and been added to 1507 * the socket buffer while it was unlocked after the 1508 * copy to lock the INP. If so, restart the copy. 1509 */ 1510 if (sbavail(sb) != 0) 1511 goto sbcopy; 1512 } 1513 SOCKBUF_UNLOCK(sb); 1514 1515 if (prep_pageset(sc, toep, ps) == 0) { 1516 recycle_pageset(toep, ps); 1517 aio_ddp_requeue_one(toep, job); 1518 toep->ddp_queueing = NULL; 1519 1520 /* 1521 * XXX: Need to retry this later. Mostly need a trigger 1522 * when page pods are freed up. 1523 */ 1524 printf("%s: prep_pageset failed\n", __func__); 1525 return; 1526 } 1527 1528 /* Determine which DDP buffer to use. */ 1529 if (toep->db[0].job == NULL) { 1530 db_idx = 0; 1531 } else { 1532 MPASS(toep->db[1].job == NULL); 1533 db_idx = 1; 1534 } 1535 1536 ddp_flags = 0; 1537 ddp_flags_mask = 0; 1538 if (db_idx == 0) { 1539 ddp_flags |= V_TF_DDP_BUF0_VALID(1); 1540 if (so->so_state & SS_NBIO) 1541 ddp_flags |= V_TF_DDP_BUF0_FLUSH(1); 1542 ddp_flags_mask |= V_TF_DDP_PSH_NO_INVALIDATE0(1) | 1543 V_TF_DDP_PUSH_DISABLE_0(1) | V_TF_DDP_PSHF_ENABLE_0(1) | 1544 V_TF_DDP_BUF0_FLUSH(1) | V_TF_DDP_BUF0_VALID(1); 1545 buf_flag = DDP_BUF0_ACTIVE; 1546 } else { 1547 ddp_flags |= V_TF_DDP_BUF1_VALID(1); 1548 if (so->so_state & SS_NBIO) 1549 ddp_flags |= V_TF_DDP_BUF1_FLUSH(1); 1550 ddp_flags_mask |= V_TF_DDP_PSH_NO_INVALIDATE1(1) | 1551 V_TF_DDP_PUSH_DISABLE_1(1) | V_TF_DDP_PSHF_ENABLE_1(1) | 1552 V_TF_DDP_BUF1_FLUSH(1) | V_TF_DDP_BUF1_VALID(1); 1553 buf_flag = DDP_BUF1_ACTIVE; 1554 } 1555 MPASS((toep->ddp_flags & buf_flag) == 0); 1556 if ((toep->ddp_flags & (DDP_BUF0_ACTIVE | DDP_BUF1_ACTIVE)) == 0) { 1557 MPASS(db_idx == 0); 1558 MPASS(toep->ddp_active_id == -1); 1559 MPASS(toep->ddp_active_count == 0); 1560 ddp_flags_mask |= V_TF_DDP_ACTIVE_BUF(1); 1561 } 1562 1563 /* 1564 * The TID for this connection should still be valid. If DDP_DEAD 1565 * is set, SBS_CANTRCVMORE should be set, so we shouldn't be 1566 * this far anyway. Even if the socket is closing on the other 1567 * end, the AIO job holds a reference on this end of the socket 1568 * which will keep it open and keep the TCP PCB attached until 1569 * after the job is completed. 1570 */ 1571 wr = mk_update_tcb_for_ddp(sc, toep, db_idx, ps, 1572 job->uaiocb._aiocb_private.status, ddp_flags, ddp_flags_mask); 1573 if (wr == NULL) { 1574 recycle_pageset(toep, ps); 1575 aio_ddp_requeue_one(toep, job); 1576 toep->ddp_queueing = NULL; 1577 1578 /* 1579 * XXX: Need a way to kick a retry here. 1580 * 1581 * XXX: We know the fixed size needed and could 1582 * preallocate this using a blocking request at the 1583 * start of the task to avoid having to handle this 1584 * edge case. 1585 */ 1586 printf("%s: mk_update_tcb_for_ddp failed\n", __func__); 1587 return; 1588 } 1589 1590 if (!aio_set_cancel_function(job, t4_aio_cancel_active)) { 1591 free_wrqe(wr); 1592 recycle_pageset(toep, ps); 1593 aio_ddp_cancel_one(job); 1594 toep->ddp_queueing = NULL; 1595 goto restart; 1596 } 1597 1598 #ifdef VERBOSE_TRACES 1599 CTR5(KTR_CXGBE, "%s: scheduling %p for DDP[%d] (flags %#lx/%#lx)", 1600 __func__, job, db_idx, ddp_flags, ddp_flags_mask); 1601 #endif 1602 /* Give the chip the go-ahead. */ 1603 t4_wrq_tx(sc, wr); 1604 db = &toep->db[db_idx]; 1605 db->cancel_pending = 0; 1606 db->job = job; 1607 db->ps = ps; 1608 toep->ddp_queueing = NULL; 1609 toep->ddp_flags |= buf_flag; 1610 toep->ddp_active_count++; 1611 if (toep->ddp_active_count == 1) { 1612 MPASS(toep->ddp_active_id == -1); 1613 toep->ddp_active_id = db_idx; 1614 CTR2(KTR_CXGBE, "%s: ddp_active_id = %d", __func__, 1615 toep->ddp_active_id); 1616 } 1617 goto restart; 1618 } 1619 1620 void 1621 ddp_queue_toep(struct toepcb *toep) 1622 { 1623 1624 DDP_ASSERT_LOCKED(toep); 1625 if (toep->ddp_flags & DDP_TASK_ACTIVE) 1626 return; 1627 toep->ddp_flags |= DDP_TASK_ACTIVE; 1628 hold_toepcb(toep); 1629 soaio_enqueue(&toep->ddp_requeue_task); 1630 } 1631 1632 static void 1633 aio_ddp_requeue_task(void *context, int pending) 1634 { 1635 struct toepcb *toep = context; 1636 1637 DDP_LOCK(toep); 1638 aio_ddp_requeue(toep); 1639 toep->ddp_flags &= ~DDP_TASK_ACTIVE; 1640 DDP_UNLOCK(toep); 1641 1642 free_toepcb(toep); 1643 } 1644 1645 static void 1646 t4_aio_cancel_active(struct kaiocb *job) 1647 { 1648 struct socket *so = job->fd_file->f_data; 1649 struct tcpcb *tp = so_sototcpcb(so); 1650 struct toepcb *toep = tp->t_toe; 1651 struct adapter *sc = td_adapter(toep->td); 1652 uint64_t valid_flag; 1653 int i; 1654 1655 DDP_LOCK(toep); 1656 if (aio_cancel_cleared(job)) { 1657 DDP_UNLOCK(toep); 1658 aio_ddp_cancel_one(job); 1659 return; 1660 } 1661 1662 for (i = 0; i < nitems(toep->db); i++) { 1663 if (toep->db[i].job == job) { 1664 /* Should only ever get one cancel request for a job. */ 1665 MPASS(toep->db[i].cancel_pending == 0); 1666 1667 /* 1668 * Invalidate this buffer. It will be 1669 * cancelled or partially completed once the 1670 * card ACKs the invalidate. 1671 */ 1672 valid_flag = i == 0 ? V_TF_DDP_BUF0_VALID(1) : 1673 V_TF_DDP_BUF1_VALID(1); 1674 t4_set_tcb_field_rpl(sc, toep, 1, W_TCB_RX_DDP_FLAGS, 1675 valid_flag, 0, i + DDP_BUF0_INVALIDATED); 1676 toep->db[i].cancel_pending = 1; 1677 CTR2(KTR_CXGBE, "%s: request %p marked pending", 1678 __func__, job); 1679 break; 1680 } 1681 } 1682 DDP_UNLOCK(toep); 1683 } 1684 1685 static void 1686 t4_aio_cancel_queued(struct kaiocb *job) 1687 { 1688 struct socket *so = job->fd_file->f_data; 1689 struct tcpcb *tp = so_sototcpcb(so); 1690 struct toepcb *toep = tp->t_toe; 1691 1692 DDP_LOCK(toep); 1693 if (!aio_cancel_cleared(job)) { 1694 TAILQ_REMOVE(&toep->ddp_aiojobq, job, list); 1695 toep->ddp_waiting_count--; 1696 if (toep->ddp_waiting_count == 0) 1697 ddp_queue_toep(toep); 1698 } 1699 CTR2(KTR_CXGBE, "%s: request %p cancelled", __func__, job); 1700 DDP_UNLOCK(toep); 1701 1702 aio_ddp_cancel_one(job); 1703 } 1704 1705 int 1706 t4_aio_queue_ddp(struct socket *so, struct kaiocb *job) 1707 { 1708 struct tcpcb *tp = so_sototcpcb(so); 1709 struct toepcb *toep = tp->t_toe; 1710 1711 1712 /* Ignore writes. */ 1713 if (job->uaiocb.aio_lio_opcode != LIO_READ) 1714 return (EOPNOTSUPP); 1715 1716 DDP_LOCK(toep); 1717 1718 /* 1719 * XXX: Think about possibly returning errors for ENOTCONN, 1720 * etc. Perhaps the caller would only queue the request 1721 * if it failed with EOPNOTSUPP? 1722 */ 1723 1724 #ifdef VERBOSE_TRACES 1725 CTR2(KTR_CXGBE, "%s: queueing %p", __func__, job); 1726 #endif 1727 if (!aio_set_cancel_function(job, t4_aio_cancel_queued)) 1728 panic("new job was cancelled"); 1729 TAILQ_INSERT_TAIL(&toep->ddp_aiojobq, job, list); 1730 job->uaiocb._aiocb_private.status = 0; 1731 toep->ddp_waiting_count++; 1732 toep->ddp_flags |= DDP_OK; 1733 1734 /* 1735 * Try to handle this request synchronously. If this has 1736 * to block because the task is running, it will just bail 1737 * and let the task handle it instead. 1738 */ 1739 aio_ddp_requeue(toep); 1740 DDP_UNLOCK(toep); 1741 return (0); 1742 } 1743 1744 int 1745 t4_ddp_mod_load(void) 1746 { 1747 1748 TAILQ_INIT(&ddp_orphan_pagesets); 1749 mtx_init(&ddp_orphan_pagesets_lock, "ddp orphans", NULL, MTX_DEF); 1750 TASK_INIT(&ddp_orphan_task, 0, ddp_free_orphan_pagesets, NULL); 1751 return (0); 1752 } 1753 1754 void 1755 t4_ddp_mod_unload(void) 1756 { 1757 1758 taskqueue_drain(taskqueue_thread, &ddp_orphan_task); 1759 MPASS(TAILQ_EMPTY(&ddp_orphan_pagesets)); 1760 mtx_destroy(&ddp_orphan_pagesets_lock); 1761 } 1762 #endif 1763