xref: /freebsd/sys/dev/irdma/irdma_cm.c (revision 0b294a386d34f6584848ed52407687df7ae59861)
1 /*-
2  * SPDX-License-Identifier: GPL-2.0 or Linux-OpenIB
3  *
4  * Copyright (c) 2015 - 2023 Intel Corporation
5  *
6  * This software is available to you under a choice of one of two
7  * licenses.  You may choose to be licensed under the terms of the GNU
8  * General Public License (GPL) Version 2, available from the file
9  * COPYING in the main directory of this source tree, or the
10  * OpenFabrics.org BSD license below:
11  *
12  *   Redistribution and use in source and binary forms, with or
13  *   without modification, are permitted provided that the following
14  *   conditions are met:
15  *
16  *    - Redistributions of source code must retain the above
17  *	copyright notice, this list of conditions and the following
18  *	disclaimer.
19  *
20  *    - Redistributions in binary form must reproduce the above
21  *	copyright notice, this list of conditions and the following
22  *	disclaimer in the documentation and/or other materials
23  *	provided with the distribution.
24  *
25  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
29  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
30  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
31  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32  * SOFTWARE.
33  */
34 
35 #include "irdma_main.h"
36 
37 static void irdma_cm_post_event(struct irdma_cm_event *event);
38 static void irdma_disconnect_worker(struct work_struct *work);
39 
40 /**
41  * irdma_free_sqbuf - put back puda buffer if refcount is 0
42  * @vsi: The VSI structure of the device
43  * @bufp: puda buffer to free
44  */
45 void
46 irdma_free_sqbuf(struct irdma_sc_vsi *vsi, void *bufp)
47 {
48 	struct irdma_puda_buf *buf = bufp;
49 	struct irdma_puda_rsrc *ilq = vsi->ilq;
50 
51 	if (atomic_dec_and_test(&buf->refcount))
52 		irdma_puda_ret_bufpool(ilq, buf);
53 }
54 
55 /**
56  * irdma_record_ird_ord - Record IRD/ORD passed in
57  * @cm_node: connection's node
58  * @conn_ird: connection IRD
59  * @conn_ord: connection ORD
60  */
61 static void
62 irdma_record_ird_ord(struct irdma_cm_node *cm_node, u32 conn_ird,
63 		     u32 conn_ord)
64 {
65 	if (conn_ird > cm_node->dev->hw_attrs.max_hw_ird)
66 		conn_ird = cm_node->dev->hw_attrs.max_hw_ird;
67 
68 	if (conn_ord > cm_node->dev->hw_attrs.max_hw_ord)
69 		conn_ord = cm_node->dev->hw_attrs.max_hw_ord;
70 	else if (!conn_ord && cm_node->send_rdma0_op == SEND_RDMA_READ_ZERO)
71 		conn_ord = 1;
72 	cm_node->ird_size = conn_ird;
73 	cm_node->ord_size = conn_ord;
74 }
75 
76 /**
77  * irdma_copy_ip_ntohl - copy IP address from  network to host
78  * @dst: IP address in host order
79  * @src: IP address in network order (big endian)
80  */
81 void
82 irdma_copy_ip_ntohl(u32 *dst, __be32 *src)
83 {
84 	*dst++ = ntohl(*src++);
85 	*dst++ = ntohl(*src++);
86 	*dst++ = ntohl(*src++);
87 	*dst = ntohl(*src);
88 }
89 
90 /**
91  * irdma_copy_ip_htonl - copy IP address from host to network order
92  * @dst: IP address in network order (big endian)
93  * @src: IP address in host order
94  */
95 void
96 irdma_copy_ip_htonl(__be32 *dst, u32 *src)
97 {
98 	*dst++ = htonl(*src++);
99 	*dst++ = htonl(*src++);
100 	*dst++ = htonl(*src++);
101 	*dst = htonl(*src);
102 }
103 
104 /**
105  * irdma_get_addr_info
106  * @cm_node: contains ip/tcp info
107  * @cm_info: to get a copy of the cm_node ip/tcp info
108  */
109 static void
110 irdma_get_addr_info(struct irdma_cm_node *cm_node,
111 		    struct irdma_cm_info *cm_info)
112 {
113 	memset(cm_info, 0, sizeof(*cm_info));
114 	cm_info->ipv4 = cm_node->ipv4;
115 	cm_info->vlan_id = cm_node->vlan_id;
116 	memcpy(cm_info->loc_addr, cm_node->loc_addr, sizeof(cm_info->loc_addr));
117 	memcpy(cm_info->rem_addr, cm_node->rem_addr, sizeof(cm_info->rem_addr));
118 	cm_info->loc_port = cm_node->loc_port;
119 	cm_info->rem_port = cm_node->rem_port;
120 }
121 
122 /**
123  * irdma_fill_sockaddr4 - fill in addr info for IPv4 connection
124  * @cm_node: connection's node
125  * @event: upper layer's cm event
126  */
127 static inline void
128 irdma_fill_sockaddr4(struct irdma_cm_node *cm_node,
129 		     struct iw_cm_event *event)
130 {
131 	struct sockaddr_in *laddr = (struct sockaddr_in *)&event->local_addr;
132 	struct sockaddr_in *raddr = (struct sockaddr_in *)&event->remote_addr;
133 
134 	laddr->sin_family = AF_INET;
135 	raddr->sin_family = AF_INET;
136 
137 	laddr->sin_port = htons(cm_node->loc_port);
138 	raddr->sin_port = htons(cm_node->rem_port);
139 
140 	laddr->sin_addr.s_addr = htonl(cm_node->loc_addr[0]);
141 	raddr->sin_addr.s_addr = htonl(cm_node->rem_addr[0]);
142 }
143 
144 /**
145  * irdma_fill_sockaddr6 - fill in addr info for IPv6 connection
146  * @cm_node: connection's node
147  * @event: upper layer's cm event
148  */
149 static inline void
150 irdma_fill_sockaddr6(struct irdma_cm_node *cm_node,
151 		     struct iw_cm_event *event)
152 {
153 	struct sockaddr_in6 *laddr6 = (struct sockaddr_in6 *)&event->local_addr;
154 	struct sockaddr_in6 *raddr6 = (struct sockaddr_in6 *)&event->remote_addr;
155 
156 	laddr6->sin6_family = AF_INET6;
157 	raddr6->sin6_family = AF_INET6;
158 
159 	laddr6->sin6_port = htons(cm_node->loc_port);
160 	raddr6->sin6_port = htons(cm_node->rem_port);
161 
162 	irdma_copy_ip_htonl(laddr6->sin6_addr.__u6_addr.__u6_addr32,
163 			    cm_node->loc_addr);
164 	irdma_copy_ip_htonl(raddr6->sin6_addr.__u6_addr.__u6_addr32,
165 			    cm_node->rem_addr);
166 }
167 
168 /**
169  * irdma_get_cmevent_info - for cm event upcall
170  * @cm_node: connection's node
171  * @cm_id: upper layers cm struct for the event
172  * @event: upper layer's cm event
173  */
174 static inline void
175 irdma_get_cmevent_info(struct irdma_cm_node *cm_node,
176 		       struct iw_cm_id *cm_id,
177 		       struct iw_cm_event *event)
178 {
179 	memcpy(&event->local_addr, &cm_id->m_local_addr,
180 	       sizeof(event->local_addr));
181 	memcpy(&event->remote_addr, &cm_id->m_remote_addr,
182 	       sizeof(event->remote_addr));
183 	if (cm_node) {
184 		event->private_data = cm_node->pdata_buf;
185 		event->private_data_len = (u8)cm_node->pdata.size;
186 		event->ird = cm_node->ird_size;
187 		event->ord = cm_node->ord_size;
188 	}
189 }
190 
191 /**
192  * irdma_send_cm_event - upcall cm's event handler
193  * @cm_node: connection's node
194  * @cm_id: upper layer's cm info struct
195  * @type: Event type to indicate
196  * @status: status for the event type
197  */
198 static int
199 irdma_send_cm_event(struct irdma_cm_node *cm_node,
200 		    struct iw_cm_id *cm_id,
201 		    enum iw_cm_event_type type, int status)
202 {
203 	struct iw_cm_event event = {0};
204 
205 	event.event = type;
206 	event.status = status;
207 
208 	irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
209 		    "cm_node %p cm_id=%p state=%d accel=%d event_type=%d status=%d\n",
210 		    cm_node, cm_id, cm_node->accelerated, cm_node->state, type,
211 		    status);
212 
213 	switch (type) {
214 	case IW_CM_EVENT_CONNECT_REQUEST:
215 		if (cm_node->ipv4)
216 			irdma_fill_sockaddr4(cm_node, &event);
217 		else
218 			irdma_fill_sockaddr6(cm_node, &event);
219 		event.provider_data = cm_node;
220 		event.private_data = cm_node->pdata_buf;
221 		event.private_data_len = (u8)cm_node->pdata.size;
222 		event.ird = cm_node->ird_size;
223 		break;
224 	case IW_CM_EVENT_CONNECT_REPLY:
225 		irdma_get_cmevent_info(cm_node, cm_id, &event);
226 		break;
227 	case IW_CM_EVENT_ESTABLISHED:
228 		event.ird = cm_node->ird_size;
229 		event.ord = cm_node->ord_size;
230 		break;
231 	case IW_CM_EVENT_DISCONNECT:
232 	case IW_CM_EVENT_CLOSE:
233 		/* Wait if we are in RTS but havent issued the iwcm event upcall */
234 		if (!cm_node->accelerated)
235 			wait_for_completion(&cm_node->establish_comp);
236 		break;
237 	default:
238 		return -EINVAL;
239 	}
240 
241 	return cm_id->event_handler(cm_id, &event);
242 }
243 
244 /**
245  * irdma_timer_list_prep - add connection nodes to a list to perform timer tasks
246  * @cm_core: cm's core
247  * @timer_list: a timer list to which cm_node will be selected
248  */
249 static void
250 irdma_timer_list_prep(struct irdma_cm_core *cm_core,
251 		      struct list_head *timer_list)
252 {
253 	struct irdma_cm_node *cm_node;
254 	int bkt;
255 
256 	HASH_FOR_EACH_RCU(cm_core->cm_hash_tbl, bkt, cm_node, list) {
257 		if ((cm_node->close_entry || cm_node->send_entry) &&
258 		    atomic_inc_not_zero(&cm_node->refcnt))
259 			list_add(&cm_node->timer_entry, timer_list);
260 	}
261 }
262 
263 /**
264  * irdma_create_event - create cm event
265  * @cm_node: connection's node
266  * @type: Event type to generate
267  */
268 static struct irdma_cm_event *
269 irdma_create_event(struct irdma_cm_node *cm_node,
270 		   enum irdma_cm_event_type type)
271 {
272 	struct irdma_cm_event *event;
273 
274 	if (!cm_node->cm_id)
275 		return NULL;
276 
277 	event = kzalloc(sizeof(*event), GFP_ATOMIC);
278 
279 	if (!event)
280 		return NULL;
281 
282 	event->type = type;
283 	event->cm_node = cm_node;
284 	memcpy(event->cm_info.rem_addr, cm_node->rem_addr,
285 	       sizeof(event->cm_info.rem_addr));
286 	memcpy(event->cm_info.loc_addr, cm_node->loc_addr,
287 	       sizeof(event->cm_info.loc_addr));
288 	event->cm_info.rem_port = cm_node->rem_port;
289 	event->cm_info.loc_port = cm_node->loc_port;
290 	event->cm_info.cm_id = cm_node->cm_id;
291 	irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
292 		    "node=%p event=%p type=%u dst=%x src=%x\n", cm_node, event,
293 		    type, event->cm_info.loc_addr[0],
294 		    event->cm_info.rem_addr[0]);
295 	irdma_cm_post_event(event);
296 
297 	return event;
298 }
299 
300 /**
301  * irdma_free_retrans_entry - free send entry
302  * @cm_node: connection's node
303  */
304 static void
305 irdma_free_retrans_entry(struct irdma_cm_node *cm_node)
306 {
307 	struct irdma_device *iwdev = cm_node->iwdev;
308 	struct irdma_timer_entry *send_entry;
309 
310 	send_entry = cm_node->send_entry;
311 	if (!send_entry)
312 		return;
313 
314 	cm_node->send_entry = NULL;
315 	irdma_free_sqbuf(&iwdev->vsi, send_entry->sqbuf);
316 	kfree(send_entry);
317 	atomic_dec(&cm_node->refcnt);
318 }
319 
320 /**
321  * irdma_cleanup_retrans_entry - free send entry with lock
322  * @cm_node: connection's node
323  */
324 static void
325 irdma_cleanup_retrans_entry(struct irdma_cm_node *cm_node)
326 {
327 	unsigned long flags;
328 
329 	spin_lock_irqsave(&cm_node->retrans_list_lock, flags);
330 	irdma_free_retrans_entry(cm_node);
331 	spin_unlock_irqrestore(&cm_node->retrans_list_lock, flags);
332 }
333 
334 /**
335  * irdma_form_ah_cm_frame - get a free packet and build frame with address handle
336  * @cm_node: connection's node ionfo to use in frame
337  * @options: pointer to options info
338  * @hdr: pointer mpa header
339  * @pdata: pointer to private data
340  * @flags:  indicates FIN or ACK
341  */
342 static struct irdma_puda_buf *
343 irdma_form_ah_cm_frame(struct irdma_cm_node *cm_node,
344 		       struct irdma_kmem_info *options,
345 		       struct irdma_kmem_info *hdr,
346 		       struct irdma_mpa_priv_info *pdata,
347 		       u8 flags)
348 {
349 	struct irdma_puda_buf *sqbuf;
350 	struct irdma_sc_vsi *vsi = &cm_node->iwdev->vsi;
351 	u8 *buf;
352 	struct tcphdr *tcph;
353 	u16 pktsize;
354 	u32 opts_len = 0;
355 	u32 pd_len = 0;
356 	u32 hdr_len = 0;
357 
358 	if (!cm_node->ah || !cm_node->ah->ah_info.ah_valid) {
359 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM, "AH invalid\n");
360 		return NULL;
361 	}
362 
363 	sqbuf = irdma_puda_get_bufpool(vsi->ilq);
364 	if (!sqbuf) {
365 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM, "SQ buf NULL\n");
366 		return NULL;
367 	}
368 
369 	sqbuf->ah_id = cm_node->ah->ah_info.ah_idx;
370 	buf = sqbuf->mem.va;
371 	if (options)
372 		opts_len = (u32)options->size;
373 
374 	if (hdr)
375 		hdr_len = hdr->size;
376 
377 	if (pdata)
378 		pd_len = pdata->size;
379 
380 	pktsize = sizeof(*tcph) + opts_len + hdr_len + pd_len;
381 
382 	memset(buf, 0, pktsize);
383 
384 	sqbuf->totallen = pktsize;
385 	sqbuf->tcphlen = sizeof(*tcph) + opts_len;
386 	sqbuf->scratch = cm_node;
387 
388 	tcph = (struct tcphdr *)buf;
389 	buf += sizeof(*tcph);
390 
391 	tcph->th_sport = htons(cm_node->loc_port);
392 	tcph->th_dport = htons(cm_node->rem_port);
393 	tcph->th_seq = htonl(cm_node->tcp_cntxt.loc_seq_num);
394 
395 	if (flags & SET_ACK) {
396 		cm_node->tcp_cntxt.loc_ack_num = cm_node->tcp_cntxt.rcv_nxt;
397 		tcph->th_ack = htonl(cm_node->tcp_cntxt.loc_ack_num);
398 		tcph->th_flags |= TH_ACK;
399 	} else {
400 		tcph->th_ack = 0;
401 	}
402 
403 	if (flags & SET_SYN) {
404 		cm_node->tcp_cntxt.loc_seq_num++;
405 		tcph->th_flags |= TH_SYN;
406 	} else {
407 		cm_node->tcp_cntxt.loc_seq_num += hdr_len + pd_len;
408 	}
409 
410 	if (flags & SET_FIN) {
411 		cm_node->tcp_cntxt.loc_seq_num++;
412 		tcph->th_flags |= TH_FIN;
413 	}
414 
415 	if (flags & SET_RST)
416 		tcph->th_flags |= TH_RST;
417 
418 	tcph->th_off = (u16)((sizeof(*tcph) + opts_len + 3) >> 2);
419 	sqbuf->tcphlen = tcph->th_off << 2;
420 	tcph->th_win = htons(cm_node->tcp_cntxt.rcv_wnd);
421 	tcph->th_urp = 0;
422 
423 	if (opts_len) {
424 		memcpy(buf, options->addr, opts_len);
425 		buf += opts_len;
426 	}
427 
428 	if (hdr_len) {
429 		memcpy(buf, hdr->addr, hdr_len);
430 		buf += hdr_len;
431 	}
432 
433 	if (pdata && pdata->addr)
434 		memcpy(buf, pdata->addr, pdata->size);
435 
436 	atomic_set(&sqbuf->refcount, 1);
437 
438 	irdma_debug_buf(vsi->dev, IRDMA_DEBUG_ILQ, "TRANSMIT ILQ BUFFER",
439 			sqbuf->mem.va, sqbuf->totallen);
440 
441 	return sqbuf;
442 }
443 
444 /**
445  * irdma_form_uda_cm_frame - get a free packet and build frame full tcpip packet
446  * @cm_node: connection's node ionfo to use in frame
447  * @options: pointer to options info
448  * @hdr: pointer mpa header
449  * @pdata: pointer to private data
450  * @flags:  indicates FIN or ACK
451  */
452 static struct irdma_puda_buf *
453 irdma_form_uda_cm_frame(struct irdma_cm_node *cm_node,
454 			struct irdma_kmem_info *options,
455 			struct irdma_kmem_info *hdr,
456 			struct irdma_mpa_priv_info *pdata,
457 			u8 flags)
458 {
459 	struct irdma_puda_buf *sqbuf;
460 	struct irdma_sc_vsi *vsi = &cm_node->iwdev->vsi;
461 	u8 *buf;
462 
463 	struct tcphdr *tcph;
464 	struct ip *iph;
465 	struct ip6_hdr *ip6h;
466 	struct ether_header *ethh;
467 	u16 pktsize;
468 	u16 eth_hlen = ETH_HLEN;
469 	u32 opts_len = 0;
470 	u32 pd_len = 0;
471 	u32 hdr_len = 0;
472 
473 	u16 vtag;
474 
475 	sqbuf = irdma_puda_get_bufpool(vsi->ilq);
476 	if (!sqbuf)
477 		return NULL;
478 
479 	buf = sqbuf->mem.va;
480 
481 	if (options)
482 		opts_len = (u32)options->size;
483 
484 	if (hdr)
485 		hdr_len = hdr->size;
486 
487 	if (pdata)
488 		pd_len = pdata->size;
489 
490 	if (cm_node->vlan_id < VLAN_N_VID)
491 		eth_hlen += 4;
492 
493 	if (cm_node->ipv4)
494 		pktsize = sizeof(*iph) + sizeof(*tcph);
495 	else
496 		pktsize = sizeof(*ip6h) + sizeof(*tcph);
497 	pktsize += opts_len + hdr_len + pd_len;
498 
499 	memset(buf, 0, eth_hlen + pktsize);
500 
501 	sqbuf->totallen = pktsize + eth_hlen;
502 	sqbuf->maclen = eth_hlen;
503 	sqbuf->tcphlen = sizeof(*tcph) + opts_len;
504 	sqbuf->scratch = cm_node;
505 
506 	ethh = (struct ether_header *)buf;
507 	buf += eth_hlen;
508 
509 	if (cm_node->do_lpb)
510 		sqbuf->do_lpb = true;
511 
512 	if (cm_node->ipv4) {
513 		sqbuf->ipv4 = true;
514 
515 		iph = (struct ip *)buf;
516 		buf += sizeof(*iph);
517 		tcph = (struct tcphdr *)buf;
518 		buf += sizeof(*tcph);
519 
520 		ether_addr_copy(ethh->ether_dhost, cm_node->rem_mac);
521 		ether_addr_copy(ethh->ether_shost, cm_node->loc_mac);
522 		if (cm_node->vlan_id < VLAN_N_VID) {
523 			((struct ether_vlan_header *)ethh)->evl_proto =
524 			    htons(ETH_P_8021Q);
525 			vtag = (cm_node->user_pri << VLAN_PRIO_SHIFT) |
526 			    cm_node->vlan_id;
527 			((struct ether_vlan_header *)ethh)->evl_tag = htons(vtag);
528 
529 			((struct ether_vlan_header *)ethh)->evl_encap_proto =
530 			    htons(ETH_P_IP);
531 		} else {
532 			ethh->ether_type = htons(ETH_P_IP);
533 		}
534 
535 		iph->ip_v = IPVERSION;
536 		iph->ip_hl = 5;	/* 5 * 4Byte words, IP headr len */
537 		iph->ip_tos = cm_node->tos;
538 		iph->ip_len = htons(pktsize);
539 		iph->ip_id = htons(++cm_node->tcp_cntxt.loc_id);
540 
541 		iph->ip_off = htons(0x4000);
542 		iph->ip_ttl = 0x40;
543 		iph->ip_p = IPPROTO_TCP;
544 		iph->ip_src.s_addr = htonl(cm_node->loc_addr[0]);
545 		iph->ip_dst.s_addr = htonl(cm_node->rem_addr[0]);
546 	} else {
547 		sqbuf->ipv4 = false;
548 		ip6h = (struct ip6_hdr *)buf;
549 		buf += sizeof(*ip6h);
550 		tcph = (struct tcphdr *)buf;
551 		buf += sizeof(*tcph);
552 
553 		ether_addr_copy(ethh->ether_dhost, cm_node->rem_mac);
554 		ether_addr_copy(ethh->ether_shost, cm_node->loc_mac);
555 		if (cm_node->vlan_id < VLAN_N_VID) {
556 			((struct ether_vlan_header *)ethh)->evl_proto =
557 			    htons(ETH_P_8021Q);
558 			vtag = (cm_node->user_pri << VLAN_PRIO_SHIFT) |
559 			    cm_node->vlan_id;
560 			((struct ether_vlan_header *)ethh)->evl_tag = htons(vtag);
561 			((struct ether_vlan_header *)ethh)->evl_encap_proto =
562 			    htons(ETH_P_IPV6);
563 		} else {
564 			ethh->ether_type = htons(ETH_P_IPV6);
565 		}
566 		ip6h->ip6_vfc = 6 << 4;
567 		ip6h->ip6_vfc |= cm_node->tos >> 4;
568 		ip6h->ip6_flow = cm_node->tos << 20;
569 		ip6h->ip6_plen = htons(pktsize - sizeof(*ip6h));
570 		ip6h->ip6_nxt = 6;
571 		ip6h->ip6_hops = 128;
572 		irdma_copy_ip_htonl(ip6h->ip6_src.__u6_addr.__u6_addr32,
573 				    cm_node->loc_addr);
574 		irdma_copy_ip_htonl(ip6h->ip6_dst.__u6_addr.__u6_addr32,
575 				    cm_node->rem_addr);
576 	}
577 
578 	tcph->th_sport = htons(cm_node->loc_port);
579 	tcph->th_dport = htons(cm_node->rem_port);
580 	tcph->th_seq = htonl(cm_node->tcp_cntxt.loc_seq_num);
581 
582 	if (flags & SET_ACK) {
583 		cm_node->tcp_cntxt.loc_ack_num = cm_node->tcp_cntxt.rcv_nxt;
584 		tcph->th_ack = htonl(cm_node->tcp_cntxt.loc_ack_num);
585 		tcph->th_flags |= TH_ACK;
586 	} else {
587 		tcph->th_ack = 0;
588 	}
589 
590 	if (flags & SET_SYN) {
591 		cm_node->tcp_cntxt.loc_seq_num++;
592 		tcph->th_flags |= TH_SYN;
593 	} else {
594 		cm_node->tcp_cntxt.loc_seq_num += hdr_len + pd_len;
595 	}
596 
597 	if (flags & SET_FIN) {
598 		cm_node->tcp_cntxt.loc_seq_num++;
599 		tcph->th_flags |= TH_FIN;
600 	}
601 
602 	if (flags & SET_RST)
603 		tcph->th_flags |= TH_RST;
604 
605 	tcph->th_off = (u16)((sizeof(*tcph) + opts_len + 3) >> 2);
606 	sqbuf->tcphlen = tcph->th_off << 2;
607 	tcph->th_win = htons(cm_node->tcp_cntxt.rcv_wnd);
608 	tcph->th_urp = 0;
609 
610 	if (opts_len) {
611 		memcpy(buf, options->addr, opts_len);
612 		buf += opts_len;
613 	}
614 
615 	if (hdr_len) {
616 		memcpy(buf, hdr->addr, hdr_len);
617 		buf += hdr_len;
618 	}
619 
620 	if (pdata && pdata->addr)
621 		memcpy(buf, pdata->addr, pdata->size);
622 
623 	atomic_set(&sqbuf->refcount, 1);
624 
625 	irdma_debug_buf(vsi->dev, IRDMA_DEBUG_ILQ, "TRANSMIT ILQ BUFFER",
626 			sqbuf->mem.va, sqbuf->totallen);
627 
628 	return sqbuf;
629 }
630 
631 /**
632  * irdma_send_reset - Send RST packet
633  * @cm_node: connection's node
634  */
635 int
636 irdma_send_reset(struct irdma_cm_node *cm_node)
637 {
638 	struct irdma_puda_buf *sqbuf;
639 	int flags = SET_RST | SET_ACK;
640 
641 	sqbuf = cm_node->cm_core->form_cm_frame(cm_node, NULL, NULL, NULL,
642 						flags);
643 	if (!sqbuf)
644 		return -ENOMEM;
645 
646 	irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
647 		    "caller: %pS cm_node %p cm_id=%p accel=%d state=%d rem_port=0x%04x, loc_port=0x%04x rem_addr=%x loc_addr=%x\n",
648 		    __builtin_return_address(0), cm_node, cm_node->cm_id,
649 		    cm_node->accelerated, cm_node->state, cm_node->rem_port,
650 		    cm_node->loc_port, cm_node->rem_addr[0],
651 		    cm_node->loc_addr[0]);
652 
653 	return irdma_schedule_cm_timer(cm_node, sqbuf, IRDMA_TIMER_TYPE_SEND, 0,
654 				       1);
655 }
656 
657 /**
658  * irdma_active_open_err - send event for active side cm error
659  * @cm_node: connection's node
660  * @reset: Flag to send reset or not
661  */
662 static void
663 irdma_active_open_err(struct irdma_cm_node *cm_node, bool reset)
664 {
665 	irdma_cleanup_retrans_entry(cm_node);
666 	cm_node->cm_core->stats_connect_errs++;
667 	if (reset) {
668 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
669 			    "cm_node=%p state=%d\n", cm_node, cm_node->state);
670 		atomic_inc(&cm_node->refcnt);
671 		irdma_send_reset(cm_node);
672 	}
673 
674 	cm_node->state = IRDMA_CM_STATE_CLOSED;
675 	irdma_create_event(cm_node, IRDMA_CM_EVENT_ABORTED);
676 }
677 
678 /**
679  * irdma_passive_open_err - handle passive side cm error
680  * @cm_node: connection's node
681  * @reset: send reset or just free cm_node
682  */
683 static void
684 irdma_passive_open_err(struct irdma_cm_node *cm_node, bool reset)
685 {
686 	irdma_cleanup_retrans_entry(cm_node);
687 	cm_node->cm_core->stats_passive_errs++;
688 	cm_node->state = IRDMA_CM_STATE_CLOSED;
689 	irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
690 		    "cm_node=%p state=%d\n", cm_node, cm_node->state);
691 	if (reset)
692 		irdma_send_reset(cm_node);
693 	else
694 		irdma_rem_ref_cm_node(cm_node);
695 }
696 
697 /**
698  * irdma_event_connect_error - to create connect error event
699  * @event: cm information for connect event
700  */
701 static void
702 irdma_event_connect_error(struct irdma_cm_event *event)
703 {
704 	struct irdma_qp *iwqp;
705 	struct iw_cm_id *cm_id;
706 
707 	cm_id = event->cm_node->cm_id;
708 	if (!cm_id)
709 		return;
710 
711 	iwqp = cm_id->provider_data;
712 
713 	if (!iwqp || !iwqp->iwdev)
714 		return;
715 
716 	iwqp->cm_id = NULL;
717 	cm_id->provider_data = NULL;
718 	irdma_send_cm_event(event->cm_node, cm_id, IW_CM_EVENT_CONNECT_REPLY,
719 			    -ECONNRESET);
720 	irdma_rem_ref_cm_node(event->cm_node);
721 }
722 
723 /**
724  * irdma_process_options - process options from TCP header
725  * @cm_node: connection's node
726  * @optionsloc: point to start of options
727  * @optionsize: size of all options
728  * @syn_pkt: flag if syn packet
729  */
730 static int
731 irdma_process_options(struct irdma_cm_node *cm_node, u8 *optionsloc,
732 		      u32 optionsize, u32 syn_pkt)
733 {
734 	u32 tmp;
735 	u32 offset = 0;
736 	union all_known_options *all_options;
737 	char got_mss_option = 0;
738 
739 	while (offset < optionsize) {
740 		all_options = (union all_known_options *)(optionsloc + offset);
741 		switch (all_options->base.optionnum) {
742 		case OPTION_NUM_EOL:
743 			offset = optionsize;
744 			break;
745 		case OPTION_NUM_NONE:
746 			offset += 1;
747 			continue;
748 		case OPTION_NUM_MSS:
749 			irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
750 				    "MSS Length: %d Offset: %d Size: %d\n",
751 				    all_options->mss.len, offset, optionsize);
752 			got_mss_option = 1;
753 			if (all_options->mss.len != 4)
754 				return -EINVAL;
755 			tmp = ntohs(all_options->mss.mss);
756 			if ((cm_node->ipv4 &&
757 			     (tmp + IRDMA_MTU_TO_MSS_IPV4) < IRDMA_MIN_MTU_IPV4) ||
758 			    (!cm_node->ipv4 &&
759 			     (tmp + IRDMA_MTU_TO_MSS_IPV6) < IRDMA_MIN_MTU_IPV6))
760 				return -EINVAL;
761 			if (tmp < cm_node->tcp_cntxt.mss)
762 				cm_node->tcp_cntxt.mss = tmp;
763 			break;
764 		case OPTION_NUM_WINDOW_SCALE:
765 			cm_node->tcp_cntxt.snd_wscale =
766 			    all_options->windowscale.shiftcount;
767 			break;
768 		default:
769 			irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
770 				    "Unsupported TCP Option: %x\n",
771 				    all_options->base.optionnum);
772 			break;
773 		}
774 		offset += all_options->base.len;
775 	}
776 	if (!got_mss_option && syn_pkt)
777 		cm_node->tcp_cntxt.mss = IRDMA_CM_DEFAULT_MSS;
778 
779 	return 0;
780 }
781 
782 /**
783  * irdma_handle_tcp_options - setup TCP context info after parsing TCP options
784  * @cm_node: connection's node
785  * @tcph: pointer tcp header
786  * @optionsize: size of options rcvd
787  * @passive: active or passive flag
788  */
789 static int
790 irdma_handle_tcp_options(struct irdma_cm_node *cm_node,
791 			 struct tcphdr *tcph, int optionsize,
792 			 int passive)
793 {
794 	u8 *optionsloc = (u8 *)&tcph[1];
795 	int ret;
796 
797 	if (optionsize) {
798 		ret = irdma_process_options(cm_node, optionsloc, optionsize,
799 					    (u32)tcph->th_flags & TH_SYN);
800 		if (ret) {
801 			irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
802 				    "Node %p, Sending Reset\n", cm_node);
803 			if (passive)
804 				irdma_passive_open_err(cm_node, true);
805 			else
806 				irdma_active_open_err(cm_node, true);
807 			return ret;
808 		}
809 	}
810 
811 	cm_node->tcp_cntxt.snd_wnd = ntohs(tcph->th_win)
812 	    << cm_node->tcp_cntxt.snd_wscale;
813 
814 	if (cm_node->tcp_cntxt.snd_wnd > cm_node->tcp_cntxt.max_snd_wnd)
815 		cm_node->tcp_cntxt.max_snd_wnd = cm_node->tcp_cntxt.snd_wnd;
816 
817 	return 0;
818 }
819 
820 /**
821  * irdma_build_mpa_v1 - build a MPA V1 frame
822  * @cm_node: connection's node
823  * @start_addr: address where to build frame
824  * @mpa_key: to do read0 or write0
825  */
826 static void
827 irdma_build_mpa_v1(struct irdma_cm_node *cm_node, void *start_addr,
828 		   u8 mpa_key)
829 {
830 	struct ietf_mpa_v1 *mpa_frame = start_addr;
831 
832 	switch (mpa_key) {
833 	case MPA_KEY_REQUEST:
834 		memcpy(mpa_frame->key, IEFT_MPA_KEY_REQ, IETF_MPA_KEY_SIZE);
835 		break;
836 	case MPA_KEY_REPLY:
837 		memcpy(mpa_frame->key, IEFT_MPA_KEY_REP, IETF_MPA_KEY_SIZE);
838 		break;
839 	default:
840 		break;
841 	}
842 	mpa_frame->flags = IETF_MPA_FLAGS_CRC;
843 	mpa_frame->rev = cm_node->mpa_frame_rev;
844 	mpa_frame->priv_data_len = htons(cm_node->pdata.size);
845 }
846 
847 /**
848  * irdma_build_mpa_v2 - build a MPA V2 frame
849  * @cm_node: connection's node
850  * @start_addr: buffer start address
851  * @mpa_key: to do read0 or write0
852  */
853 static void
854 irdma_build_mpa_v2(struct irdma_cm_node *cm_node, void *start_addr,
855 		   u8 mpa_key)
856 {
857 	struct ietf_mpa_v2 *mpa_frame = start_addr;
858 	struct ietf_rtr_msg *rtr_msg = &mpa_frame->rtr_msg;
859 	u16 ctrl_ird, ctrl_ord;
860 
861 	/* initialize the upper 5 bytes of the frame */
862 	irdma_build_mpa_v1(cm_node, start_addr, mpa_key);
863 	mpa_frame->flags |= IETF_MPA_V2_FLAG;
864 	if (cm_node->iwdev->iw_ooo) {
865 		mpa_frame->flags |= IETF_MPA_FLAGS_MARKERS;
866 		cm_node->rcv_mark_en = true;
867 	}
868 	mpa_frame->priv_data_len = cpu_to_be16(be16_to_cpu(mpa_frame->priv_data_len) +
869 					       IETF_RTR_MSG_SIZE);
870 
871 	/* initialize RTR msg */
872 	if (cm_node->mpav2_ird_ord == IETF_NO_IRD_ORD) {
873 		ctrl_ird = IETF_NO_IRD_ORD;
874 		ctrl_ord = IETF_NO_IRD_ORD;
875 	} else {
876 		ctrl_ird = (cm_node->ird_size > IETF_NO_IRD_ORD) ?
877 		    IETF_NO_IRD_ORD :
878 		    cm_node->ird_size;
879 		ctrl_ord = (cm_node->ord_size > IETF_NO_IRD_ORD) ?
880 		    IETF_NO_IRD_ORD :
881 		    cm_node->ord_size;
882 	}
883 	ctrl_ird |= IETF_PEER_TO_PEER;
884 
885 	switch (mpa_key) {
886 	case MPA_KEY_REQUEST:
887 		ctrl_ord |= IETF_RDMA0_WRITE;
888 		ctrl_ord |= IETF_RDMA0_READ;
889 		break;
890 	case MPA_KEY_REPLY:
891 		switch (cm_node->send_rdma0_op) {
892 		case SEND_RDMA_WRITE_ZERO:
893 			ctrl_ord |= IETF_RDMA0_WRITE;
894 			break;
895 		case SEND_RDMA_READ_ZERO:
896 			ctrl_ord |= IETF_RDMA0_READ;
897 			break;
898 		}
899 		break;
900 	default:
901 		break;
902 	}
903 	rtr_msg->ctrl_ird = htons(ctrl_ird);
904 	rtr_msg->ctrl_ord = htons(ctrl_ord);
905 }
906 
907 /**
908  * irdma_cm_build_mpa_frame - build mpa frame for mpa version 1 or version 2
909  * @cm_node: connection's node
910  * @mpa: mpa: data buffer
911  * @mpa_key: to do read0 or write0
912  */
913 static int
914 irdma_cm_build_mpa_frame(struct irdma_cm_node *cm_node,
915 			 struct irdma_kmem_info *mpa, u8 mpa_key)
916 {
917 	int hdr_len = 0;
918 
919 	switch (cm_node->mpa_frame_rev) {
920 	case IETF_MPA_V1:
921 		hdr_len = sizeof(struct ietf_mpa_v1);
922 		irdma_build_mpa_v1(cm_node, mpa->addr, mpa_key);
923 		break;
924 	case IETF_MPA_V2:
925 		hdr_len = sizeof(struct ietf_mpa_v2);
926 		irdma_build_mpa_v2(cm_node, mpa->addr, mpa_key);
927 		break;
928 	default:
929 		break;
930 	}
931 
932 	return hdr_len;
933 }
934 
935 /**
936  * irdma_send_mpa_request - active node send mpa request to passive node
937  * @cm_node: connection's node
938  */
939 static int
940 irdma_send_mpa_request(struct irdma_cm_node *cm_node)
941 {
942 	struct irdma_puda_buf *sqbuf;
943 
944 	cm_node->mpa_hdr.addr = &cm_node->mpa_v2_frame;
945 	cm_node->mpa_hdr.size = irdma_cm_build_mpa_frame(cm_node,
946 							 &cm_node->mpa_hdr,
947 							 MPA_KEY_REQUEST);
948 	if (!cm_node->mpa_hdr.size) {
949 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
950 			    "mpa size = %d\n", cm_node->mpa_hdr.size);
951 		return -EINVAL;
952 	}
953 
954 	sqbuf = cm_node->cm_core->form_cm_frame(cm_node, NULL,
955 						&cm_node->mpa_hdr,
956 						&cm_node->pdata, SET_ACK);
957 	if (!sqbuf)
958 		return -ENOMEM;
959 
960 	return irdma_schedule_cm_timer(cm_node, sqbuf, IRDMA_TIMER_TYPE_SEND, 1,
961 				       0);
962 }
963 
964 /**
965  * irdma_send_mpa_reject -
966  * @cm_node: connection's node
967  * @pdata: reject data for connection
968  * @plen: length of reject data
969  */
970 static int
971 irdma_send_mpa_reject(struct irdma_cm_node *cm_node,
972 		      const void *pdata, u8 plen)
973 {
974 	struct irdma_puda_buf *sqbuf;
975 	struct irdma_mpa_priv_info priv_info;
976 
977 	cm_node->mpa_hdr.addr = &cm_node->mpa_v2_frame;
978 	cm_node->mpa_hdr.size = irdma_cm_build_mpa_frame(cm_node,
979 							 &cm_node->mpa_hdr,
980 							 MPA_KEY_REPLY);
981 
982 	cm_node->mpa_v2_frame.flags |= IETF_MPA_FLAGS_REJECT;
983 	priv_info.addr = pdata;
984 	priv_info.size = plen;
985 
986 	sqbuf = cm_node->cm_core->form_cm_frame(cm_node, NULL,
987 						&cm_node->mpa_hdr, &priv_info,
988 						SET_ACK | SET_FIN);
989 	if (!sqbuf)
990 		return -ENOMEM;
991 
992 	cm_node->state = IRDMA_CM_STATE_FIN_WAIT1;
993 
994 	return irdma_schedule_cm_timer(cm_node, sqbuf, IRDMA_TIMER_TYPE_SEND, 1,
995 				       0);
996 }
997 
998 /**
999  * irdma_negotiate_mpa_v2_ird_ord - negotiate MPAv2 IRD/ORD
1000  * @cm_node: connection's node
1001  * @buf: Data pointer
1002  */
1003 static int
1004 irdma_negotiate_mpa_v2_ird_ord(struct irdma_cm_node *cm_node,
1005 			       u8 *buf)
1006 {
1007 	struct ietf_mpa_v2 *mpa_v2_frame;
1008 	struct ietf_rtr_msg *rtr_msg;
1009 	u16 ird_size;
1010 	u16 ord_size;
1011 	u16 ctrl_ord;
1012 	u16 ctrl_ird;
1013 
1014 	mpa_v2_frame = (struct ietf_mpa_v2 *)buf;
1015 	rtr_msg = &mpa_v2_frame->rtr_msg;
1016 
1017 	/* parse rtr message */
1018 	ctrl_ord = ntohs(rtr_msg->ctrl_ord);
1019 	ctrl_ird = ntohs(rtr_msg->ctrl_ird);
1020 	ird_size = ctrl_ird & IETF_NO_IRD_ORD;
1021 	ord_size = ctrl_ord & IETF_NO_IRD_ORD;
1022 
1023 	if (!(ctrl_ird & IETF_PEER_TO_PEER))
1024 		return -EOPNOTSUPP;
1025 
1026 	if (ird_size == IETF_NO_IRD_ORD || ord_size == IETF_NO_IRD_ORD) {
1027 		cm_node->mpav2_ird_ord = IETF_NO_IRD_ORD;
1028 		goto negotiate_done;
1029 	}
1030 
1031 	if (cm_node->state != IRDMA_CM_STATE_MPAREQ_SENT) {
1032 		/* responder */
1033 		if (!ord_size && (ctrl_ord & IETF_RDMA0_READ))
1034 			cm_node->ird_size = 1;
1035 		if (cm_node->ord_size > ird_size)
1036 			cm_node->ord_size = ird_size;
1037 	} else {
1038 		/* initiator */
1039 		if (!ird_size && (ctrl_ord & IETF_RDMA0_READ))
1040 			/* Remote peer doesn't support RDMA0_READ */
1041 			return -EOPNOTSUPP;
1042 
1043 		if (cm_node->ord_size > ird_size)
1044 			cm_node->ord_size = ird_size;
1045 
1046 		if (cm_node->ird_size < ord_size)
1047 			/* no resources available */
1048 			return -EINVAL;
1049 	}
1050 
1051 negotiate_done:
1052 	if (ctrl_ord & IETF_RDMA0_READ)
1053 		cm_node->send_rdma0_op = SEND_RDMA_READ_ZERO;
1054 	else if (ctrl_ord & IETF_RDMA0_WRITE)
1055 		cm_node->send_rdma0_op = SEND_RDMA_WRITE_ZERO;
1056 	else
1057 		/* Not supported RDMA0 operation */
1058 		return -EOPNOTSUPP;
1059 
1060 	irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1061 		    "MPAV2 Negotiated ORD: %d, IRD: %d\n", cm_node->ord_size,
1062 		    cm_node->ird_size);
1063 	return 0;
1064 }
1065 
1066 /**
1067  * irdma_parse_mpa - process an IETF MPA frame
1068  * @cm_node: connection's node
1069  * @buf: Data pointer
1070  * @type: to return accept or reject
1071  * @len: Len of mpa buffer
1072  */
1073 static int
1074 irdma_parse_mpa(struct irdma_cm_node *cm_node, u8 *buf, u32 *type,
1075 		u32 len)
1076 {
1077 	struct ietf_mpa_v1 *mpa_frame;
1078 	int mpa_hdr_len, priv_data_len, ret;
1079 
1080 	*type = IRDMA_MPA_REQUEST_ACCEPT;
1081 
1082 	if (len < sizeof(struct ietf_mpa_v1)) {
1083 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1084 			    "ietf buffer small (%x)\n", len);
1085 		return -EINVAL;
1086 	}
1087 
1088 	mpa_frame = (struct ietf_mpa_v1 *)buf;
1089 	mpa_hdr_len = sizeof(struct ietf_mpa_v1);
1090 	priv_data_len = ntohs(mpa_frame->priv_data_len);
1091 
1092 	if (priv_data_len > IETF_MAX_PRIV_DATA_LEN) {
1093 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1094 			    "private_data too big %d\n", priv_data_len);
1095 		return -EOVERFLOW;
1096 	}
1097 
1098 	if (mpa_frame->rev != IETF_MPA_V1 && mpa_frame->rev != IETF_MPA_V2) {
1099 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1100 			    "unsupported mpa rev = %d\n", mpa_frame->rev);
1101 		return -EINVAL;
1102 	}
1103 
1104 	if (mpa_frame->rev > cm_node->mpa_frame_rev) {
1105 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1106 			    "rev %d\n", mpa_frame->rev);
1107 		return -EINVAL;
1108 	}
1109 
1110 	cm_node->mpa_frame_rev = mpa_frame->rev;
1111 	if (cm_node->state != IRDMA_CM_STATE_MPAREQ_SENT) {
1112 		if (memcmp(mpa_frame->key, IEFT_MPA_KEY_REQ,
1113 			   IETF_MPA_KEY_SIZE)) {
1114 			irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1115 				    "Unexpected MPA Key received\n");
1116 			return -EINVAL;
1117 		}
1118 	} else {
1119 		if (memcmp(mpa_frame->key, IEFT_MPA_KEY_REP,
1120 			   IETF_MPA_KEY_SIZE)) {
1121 			irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1122 				    "Unexpected MPA Key received\n");
1123 			return -EINVAL;
1124 		}
1125 	}
1126 
1127 	if (priv_data_len + mpa_hdr_len > len) {
1128 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1129 			    "ietf buffer len(%x + %x != %x)\n", priv_data_len,
1130 			    mpa_hdr_len, len);
1131 		return -EOVERFLOW;
1132 	}
1133 
1134 	if (len > IRDMA_MAX_CM_BUF) {
1135 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1136 			    "ietf buffer large len = %d\n", len);
1137 		return -EOVERFLOW;
1138 	}
1139 
1140 	switch (mpa_frame->rev) {
1141 	case IETF_MPA_V2:
1142 		mpa_hdr_len += IETF_RTR_MSG_SIZE;
1143 		ret = irdma_negotiate_mpa_v2_ird_ord(cm_node, buf);
1144 		if (ret)
1145 			return ret;
1146 		break;
1147 	case IETF_MPA_V1:
1148 	default:
1149 		break;
1150 	}
1151 
1152 	memcpy(cm_node->pdata_buf, buf + mpa_hdr_len, priv_data_len);
1153 	cm_node->pdata.size = priv_data_len;
1154 
1155 	if (mpa_frame->flags & IETF_MPA_FLAGS_REJECT)
1156 		*type = IRDMA_MPA_REQUEST_REJECT;
1157 
1158 	if (mpa_frame->flags & IETF_MPA_FLAGS_MARKERS)
1159 		cm_node->snd_mark_en = true;
1160 
1161 	return 0;
1162 }
1163 
1164 /**
1165  * irdma_schedule_cm_timer
1166  * @cm_node: connection's node
1167  * @sqbuf: buffer to send
1168  * @type: if it is send or close
1169  * @send_retrans: if rexmits to be done
1170  * @close_when_complete: is cm_node to be removed
1171  *
1172  * note - cm_node needs to be protected before calling this. Encase in:
1173  *		irdma_rem_ref_cm_node(cm_core, cm_node);
1174  *		irdma_schedule_cm_timer(...)
1175  *		atomic_inc(&cm_node->refcnt);
1176  */
1177 int
1178 irdma_schedule_cm_timer(struct irdma_cm_node *cm_node,
1179 			struct irdma_puda_buf *sqbuf,
1180 			enum irdma_timer_type type, int send_retrans,
1181 			int close_when_complete)
1182 {
1183 	struct irdma_sc_vsi *vsi = &cm_node->iwdev->vsi;
1184 	struct irdma_cm_core *cm_core = cm_node->cm_core;
1185 	struct irdma_timer_entry *new_send;
1186 	u32 was_timer_set;
1187 	unsigned long flags;
1188 
1189 	new_send = kzalloc(sizeof(*new_send), GFP_ATOMIC);
1190 	if (!new_send) {
1191 		if (type != IRDMA_TIMER_TYPE_CLOSE)
1192 			irdma_free_sqbuf(vsi, sqbuf);
1193 		return -ENOMEM;
1194 	}
1195 
1196 	new_send->retrycount = IRDMA_DEFAULT_RETRYS;
1197 	new_send->retranscount = IRDMA_DEFAULT_RETRANS;
1198 	new_send->sqbuf = sqbuf;
1199 	new_send->timetosend = jiffies;
1200 	new_send->type = type;
1201 	new_send->send_retrans = send_retrans;
1202 	new_send->close_when_complete = close_when_complete;
1203 
1204 	if (type == IRDMA_TIMER_TYPE_CLOSE) {
1205 		new_send->timetosend += (HZ / 10);
1206 		if (cm_node->close_entry) {
1207 			kfree(new_send);
1208 			irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1209 				    "already close entry\n");
1210 			return -EINVAL;
1211 		}
1212 
1213 		cm_node->close_entry = new_send;
1214 	} else {		/* type == IRDMA_TIMER_TYPE_SEND */
1215 		spin_lock_irqsave(&cm_node->retrans_list_lock, flags);
1216 		cm_node->send_entry = new_send;
1217 		atomic_inc(&cm_node->refcnt);
1218 		spin_unlock_irqrestore(&cm_node->retrans_list_lock, flags);
1219 		new_send->timetosend = jiffies + IRDMA_RETRY_TIMEOUT;
1220 
1221 		atomic_inc(&sqbuf->refcount);
1222 		irdma_puda_send_buf(vsi->ilq, sqbuf);
1223 		if (!send_retrans) {
1224 			irdma_cleanup_retrans_entry(cm_node);
1225 			if (close_when_complete)
1226 				irdma_rem_ref_cm_node(cm_node);
1227 			return 0;
1228 		}
1229 	}
1230 
1231 	spin_lock_irqsave(&cm_core->ht_lock, flags);
1232 	was_timer_set = timer_pending(&cm_core->tcp_timer);
1233 
1234 	if (!was_timer_set) {
1235 		cm_core->tcp_timer.expires = new_send->timetosend;
1236 		add_timer(&cm_core->tcp_timer);
1237 	}
1238 	spin_unlock_irqrestore(&cm_core->ht_lock, flags);
1239 
1240 	return 0;
1241 }
1242 
1243 /**
1244  * irdma_retrans_expired - Could not rexmit the packet
1245  * @cm_node: connection's node
1246  */
1247 static void
1248 irdma_retrans_expired(struct irdma_cm_node *cm_node)
1249 {
1250 	enum irdma_cm_node_state state = cm_node->state;
1251 
1252 	cm_node->state = IRDMA_CM_STATE_CLOSED;
1253 	switch (state) {
1254 	case IRDMA_CM_STATE_SYN_RCVD:
1255 	case IRDMA_CM_STATE_CLOSING:
1256 		irdma_rem_ref_cm_node(cm_node);
1257 		break;
1258 	case IRDMA_CM_STATE_FIN_WAIT1:
1259 	case IRDMA_CM_STATE_LAST_ACK:
1260 		irdma_send_reset(cm_node);
1261 		break;
1262 	default:
1263 		atomic_inc(&cm_node->refcnt);
1264 		irdma_send_reset(cm_node);
1265 		irdma_create_event(cm_node, IRDMA_CM_EVENT_ABORTED);
1266 		break;
1267 	}
1268 }
1269 
1270 /**
1271  * irdma_handle_close_entry - for handling retry/timeouts
1272  * @cm_node: connection's node
1273  * @rem_node: flag for remove cm_node
1274  */
1275 static void
1276 irdma_handle_close_entry(struct irdma_cm_node *cm_node,
1277 			 u32 rem_node)
1278 {
1279 	struct irdma_timer_entry *close_entry = cm_node->close_entry;
1280 	struct irdma_qp *iwqp;
1281 	unsigned long flags;
1282 
1283 	if (!close_entry)
1284 		return;
1285 	iwqp = (struct irdma_qp *)close_entry->sqbuf;
1286 	if (iwqp) {
1287 		spin_lock_irqsave(&iwqp->lock, flags);
1288 		if (iwqp->cm_id) {
1289 			iwqp->hw_tcp_state = IRDMA_TCP_STATE_CLOSED;
1290 			iwqp->hw_iwarp_state = IRDMA_QP_STATE_ERROR;
1291 			iwqp->last_aeq = IRDMA_AE_RESET_SENT;
1292 			iwqp->ibqp_state = IB_QPS_ERR;
1293 			spin_unlock_irqrestore(&iwqp->lock, flags);
1294 			irdma_cm_disconn(iwqp);
1295 		} else {
1296 			spin_unlock_irqrestore(&iwqp->lock, flags);
1297 		}
1298 	} else if (rem_node) {
1299 		/* TIME_WAIT state */
1300 		irdma_rem_ref_cm_node(cm_node);
1301 	}
1302 
1303 	kfree(close_entry);
1304 	cm_node->close_entry = NULL;
1305 }
1306 
1307 /**
1308  * irdma_cm_timer_tick - system's timer expired callback
1309  * @t: Pointer to timer_list
1310  */
1311 static void
1312 irdma_cm_timer_tick(struct timer_list *t)
1313 {
1314 	unsigned long nexttimeout = jiffies + IRDMA_LONG_TIME;
1315 	struct irdma_cm_node *cm_node;
1316 	struct irdma_timer_entry *send_entry, *close_entry;
1317 	struct list_head *list_core_temp;
1318 	struct list_head *list_node;
1319 	struct irdma_cm_core *cm_core = from_timer(cm_core, t, tcp_timer);
1320 	struct irdma_sc_vsi *vsi;
1321 	u32 settimer = 0;
1322 	unsigned long timetosend;
1323 	unsigned long flags;
1324 	struct list_head timer_list;
1325 
1326 	INIT_LIST_HEAD(&timer_list);
1327 
1328 	rcu_read_lock();
1329 	irdma_timer_list_prep(cm_core, &timer_list);
1330 	rcu_read_unlock();
1331 
1332 	list_for_each_safe(list_node, list_core_temp, &timer_list) {
1333 		cm_node = container_of(list_node, struct irdma_cm_node,
1334 				       timer_entry);
1335 		close_entry = cm_node->close_entry;
1336 
1337 		if (close_entry) {
1338 			if (time_after(close_entry->timetosend, jiffies)) {
1339 				if (nexttimeout > close_entry->timetosend ||
1340 				    !settimer) {
1341 					nexttimeout = close_entry->timetosend;
1342 					settimer = 1;
1343 				}
1344 			} else {
1345 				irdma_handle_close_entry(cm_node, 1);
1346 			}
1347 		}
1348 
1349 		spin_lock_irqsave(&cm_node->retrans_list_lock, flags);
1350 
1351 		send_entry = cm_node->send_entry;
1352 		if (!send_entry)
1353 			goto done;
1354 		if (time_after(send_entry->timetosend, jiffies)) {
1355 			if (cm_node->state != IRDMA_CM_STATE_OFFLOADED) {
1356 				if (nexttimeout > send_entry->timetosend ||
1357 				    !settimer) {
1358 					nexttimeout = send_entry->timetosend;
1359 					settimer = 1;
1360 				}
1361 			} else {
1362 				irdma_free_retrans_entry(cm_node);
1363 			}
1364 			goto done;
1365 		}
1366 
1367 		if (cm_node->state == IRDMA_CM_STATE_OFFLOADED ||
1368 		    cm_node->state == IRDMA_CM_STATE_CLOSED) {
1369 			irdma_free_retrans_entry(cm_node);
1370 			goto done;
1371 		}
1372 
1373 		if (!send_entry->retranscount || !send_entry->retrycount) {
1374 			irdma_free_retrans_entry(cm_node);
1375 
1376 			spin_unlock_irqrestore(&cm_node->retrans_list_lock,
1377 					       flags);
1378 			irdma_retrans_expired(cm_node);
1379 			cm_node->state = IRDMA_CM_STATE_CLOSED;
1380 			spin_lock_irqsave(&cm_node->retrans_list_lock, flags);
1381 			goto done;
1382 		}
1383 		spin_unlock_irqrestore(&cm_node->retrans_list_lock, flags);
1384 
1385 		vsi = &cm_node->iwdev->vsi;
1386 		if (!cm_node->ack_rcvd) {
1387 			atomic_inc(&send_entry->sqbuf->refcount);
1388 			irdma_puda_send_buf(vsi->ilq, send_entry->sqbuf);
1389 			cm_node->cm_core->stats_pkt_retrans++;
1390 		}
1391 
1392 		spin_lock_irqsave(&cm_node->retrans_list_lock, flags);
1393 		if (send_entry->send_retrans) {
1394 			send_entry->retranscount--;
1395 			timetosend = (IRDMA_RETRY_TIMEOUT <<
1396 				      (IRDMA_DEFAULT_RETRANS -
1397 				       send_entry->retranscount));
1398 
1399 			send_entry->timetosend = jiffies +
1400 			    min(timetosend, IRDMA_MAX_TIMEOUT);
1401 			if (nexttimeout > send_entry->timetosend || !settimer) {
1402 				nexttimeout = send_entry->timetosend;
1403 				settimer = 1;
1404 			}
1405 		} else {
1406 			int close_when_complete;
1407 
1408 			close_when_complete = send_entry->close_when_complete;
1409 			irdma_free_retrans_entry(cm_node);
1410 			if (close_when_complete)
1411 				irdma_rem_ref_cm_node(cm_node);
1412 		}
1413 done:
1414 		spin_unlock_irqrestore(&cm_node->retrans_list_lock, flags);
1415 		irdma_rem_ref_cm_node(cm_node);
1416 	}
1417 
1418 	if (settimer) {
1419 		spin_lock_irqsave(&cm_core->ht_lock, flags);
1420 		if (!timer_pending(&cm_core->tcp_timer)) {
1421 			cm_core->tcp_timer.expires = nexttimeout;
1422 			add_timer(&cm_core->tcp_timer);
1423 		}
1424 		spin_unlock_irqrestore(&cm_core->ht_lock, flags);
1425 	}
1426 }
1427 
1428 /**
1429  * irdma_send_syn - send SYN packet
1430  * @cm_node: connection's node
1431  * @sendack: flag to set ACK bit or not
1432  */
1433 int
1434 irdma_send_syn(struct irdma_cm_node *cm_node, u32 sendack)
1435 {
1436 	struct irdma_puda_buf *sqbuf;
1437 	int flags = SET_SYN;
1438 	char optionsbuf[sizeof(struct option_mss) +
1439 			sizeof(struct option_windowscale) +
1440 			sizeof(struct option_base) + TCP_OPTIONS_PADDING];
1441 	struct irdma_kmem_info opts;
1442 	int optionssize = 0;
1443 	/* Sending MSS option */
1444 	union all_known_options *options;
1445 
1446 	opts.addr = optionsbuf;
1447 	if (!cm_node)
1448 		return -EINVAL;
1449 
1450 	options = (union all_known_options *)&optionsbuf[optionssize];
1451 	options->mss.optionnum = OPTION_NUM_MSS;
1452 	options->mss.len = sizeof(struct option_mss);
1453 	options->mss.mss = htons(cm_node->tcp_cntxt.mss);
1454 	optionssize += sizeof(struct option_mss);
1455 
1456 	options = (union all_known_options *)&optionsbuf[optionssize];
1457 	options->windowscale.optionnum = OPTION_NUM_WINDOW_SCALE;
1458 	options->windowscale.len = sizeof(struct option_windowscale);
1459 	options->windowscale.shiftcount = cm_node->tcp_cntxt.rcv_wscale;
1460 	optionssize += sizeof(struct option_windowscale);
1461 	options = (union all_known_options *)&optionsbuf[optionssize];
1462 	options->eol = OPTION_NUM_EOL;
1463 	optionssize += 1;
1464 
1465 	if (sendack)
1466 		flags |= SET_ACK;
1467 
1468 	opts.size = optionssize;
1469 
1470 	sqbuf = cm_node->cm_core->form_cm_frame(cm_node, &opts, NULL, NULL,
1471 						flags);
1472 	if (!sqbuf)
1473 		return -ENOMEM;
1474 
1475 	return irdma_schedule_cm_timer(cm_node, sqbuf, IRDMA_TIMER_TYPE_SEND, 1,
1476 				       0);
1477 }
1478 
1479 /**
1480  * irdma_send_ack - Send ACK packet
1481  * @cm_node: connection's node
1482  */
1483 void
1484 irdma_send_ack(struct irdma_cm_node *cm_node)
1485 {
1486 	struct irdma_puda_buf *sqbuf;
1487 	struct irdma_sc_vsi *vsi = &cm_node->iwdev->vsi;
1488 
1489 	sqbuf = cm_node->cm_core->form_cm_frame(cm_node, NULL, NULL, NULL,
1490 						SET_ACK);
1491 	if (sqbuf)
1492 		irdma_puda_send_buf(vsi->ilq, sqbuf);
1493 }
1494 
1495 /**
1496  * irdma_send_fin - Send FIN pkt
1497  * @cm_node: connection's node
1498  */
1499 static int
1500 irdma_send_fin(struct irdma_cm_node *cm_node)
1501 {
1502 	struct irdma_puda_buf *sqbuf;
1503 
1504 	sqbuf = cm_node->cm_core->form_cm_frame(cm_node, NULL, NULL, NULL,
1505 						SET_ACK | SET_FIN);
1506 	if (!sqbuf)
1507 		return -ENOMEM;
1508 
1509 	return irdma_schedule_cm_timer(cm_node, sqbuf, IRDMA_TIMER_TYPE_SEND, 1,
1510 				       0);
1511 }
1512 
1513 /**
1514  * irdma_find_listener - find a cm node listening on this addr-port pair
1515  * @cm_core: cm's core
1516  * @dst_addr: listener ip addr
1517  * @ipv4: flag indicating IPv4 when true
1518  * @dst_port: listener tcp port num
1519  * @vlan_id: virtual LAN ID
1520  * @listener_state: state to match with listen node's
1521  */
1522 static struct irdma_cm_listener *
1523 irdma_find_listener(struct irdma_cm_core *cm_core, u32 *dst_addr, bool ipv4, u16 dst_port,
1524 		    u16 vlan_id, enum irdma_cm_listener_state listener_state)
1525 {
1526 	struct irdma_cm_listener *listen_node;
1527 	static const u32 ip_zero[4] = {0, 0, 0, 0};
1528 	u32 listen_addr[4];
1529 	u16 listen_port;
1530 	unsigned long flags;
1531 
1532 	/* walk list and find cm_node associated with this session ID */
1533 	spin_lock_irqsave(&cm_core->listen_list_lock, flags);
1534 	list_for_each_entry(listen_node, &cm_core->listen_list, list) {
1535 		memcpy(listen_addr, listen_node->loc_addr, sizeof(listen_addr));
1536 		listen_port = listen_node->loc_port;
1537 		if (listen_node->ipv4 != ipv4 || listen_port != dst_port ||
1538 		    !(listener_state & listen_node->listener_state))
1539 			continue;
1540 		/* compare node pair, return node handle if a match */
1541 		if (!memcmp(listen_addr, ip_zero, sizeof(listen_addr)) ||
1542 		    (!memcmp(listen_addr, dst_addr, sizeof(listen_addr)) &&
1543 		     vlan_id == listen_node->vlan_id)) {
1544 			atomic_inc(&listen_node->refcnt);
1545 			spin_unlock_irqrestore(&cm_core->listen_list_lock,
1546 					       flags);
1547 			return listen_node;
1548 		}
1549 	}
1550 	spin_unlock_irqrestore(&cm_core->listen_list_lock, flags);
1551 
1552 	return NULL;
1553 }
1554 
1555 /**
1556  * irdma_del_multiple_qhash - Remove qhash and child listens
1557  * @iwdev: iWarp device
1558  * @cm_info: CM info for parent listen node
1559  * @cm_parent_listen_node: The parent listen node
1560  */
1561 static int
1562 irdma_del_multiple_qhash(struct irdma_device *iwdev,
1563 			 struct irdma_cm_info *cm_info,
1564 			 struct irdma_cm_listener *cm_parent_listen_node)
1565 {
1566 	struct irdma_cm_listener *child_listen_node;
1567 	struct list_head *pos, *tpos;
1568 	unsigned long flags;
1569 	int ret = -EINVAL;
1570 
1571 	spin_lock_irqsave(&iwdev->cm_core.listen_list_lock, flags);
1572 	list_for_each_safe(pos, tpos,
1573 			   &cm_parent_listen_node->child_listen_list) {
1574 		child_listen_node = list_entry(pos, struct irdma_cm_listener,
1575 					       child_listen_list);
1576 		if (child_listen_node->ipv4)
1577 			irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1578 				    "removing child listen for IP=%x, port=%d, vlan=%d\n",
1579 				    child_listen_node->loc_addr[0],
1580 				    child_listen_node->loc_port,
1581 				    child_listen_node->vlan_id);
1582 		else
1583 			irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1584 				    "removing child listen for IP=%x:%x:%x:%x, port=%d, vlan=%d\n",
1585 				    IRDMA_PRINT_IP6(child_listen_node->loc_addr),
1586 				    child_listen_node->loc_port,
1587 				    child_listen_node->vlan_id);
1588 		list_del(pos);
1589 		memcpy(cm_info->loc_addr, child_listen_node->loc_addr,
1590 		       sizeof(cm_info->loc_addr));
1591 		cm_info->vlan_id = child_listen_node->vlan_id;
1592 		if (child_listen_node->qhash_set) {
1593 			ret = irdma_manage_qhash(iwdev, cm_info,
1594 						 IRDMA_QHASH_TYPE_TCP_SYN,
1595 						 IRDMA_QHASH_MANAGE_TYPE_DELETE,
1596 						 NULL, false);
1597 			child_listen_node->qhash_set = false;
1598 		} else {
1599 			ret = 0;
1600 		}
1601 		irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1602 			    "Child listen node freed = %p\n",
1603 			    child_listen_node);
1604 		kfree(child_listen_node);
1605 		cm_parent_listen_node->cm_core->stats_listen_nodes_destroyed++;
1606 	}
1607 	spin_unlock_irqrestore(&iwdev->cm_core.listen_list_lock, flags);
1608 
1609 	return ret;
1610 }
1611 
1612 static u8 irdma_iw_get_vlan_prio(u32 *loc_addr, u8 prio, bool ipv4)
1613 {
1614 	return prio;
1615 }
1616 
1617 /**
1618  * irdma_netdev_vlan_ipv6 - Gets the netdev and mac
1619  * @addr: local IPv6 address
1620  * @vlan_id: vlan id for the given IPv6 address
1621  * @mac: mac address for the given IPv6 address
1622  *
1623  * Returns the net_device of the IPv6 address and also sets the
1624  * vlan id and mac for that address.
1625  */
1626 if_t
1627 irdma_netdev_vlan_ipv6(u32 *addr, u16 *vlan_id, u8 *mac)
1628 {
1629 	if_t ip_dev = NULL;
1630 	struct in6_addr laddr6;
1631 	struct ifaddr *ifa;
1632 	u16 scope_id = 0;
1633 
1634 	irdma_copy_ip_htonl(laddr6.__u6_addr.__u6_addr32, addr);
1635 	if (vlan_id)
1636 		*vlan_id = 0xFFFF;	/* Match rdma_vlan_dev_vlan_id() */
1637 	if (mac)
1638 		eth_zero_addr(mac);
1639 
1640 	if (IN6_IS_SCOPE_LINKLOCAL(&laddr6) ||
1641 	    IN6_IS_ADDR_MC_INTFACELOCAL(&laddr6))
1642 		scope_id = ntohs(laddr6.__u6_addr.__u6_addr16[1]);
1643 
1644 	ip_dev = ip6_ifp_find(&init_net, laddr6, scope_id);
1645 	if (ip_dev) {
1646 		if (vlan_id)
1647 			*vlan_id = rdma_vlan_dev_vlan_id(ip_dev);
1648 		ifa = if_getifaddr(ip_dev);
1649 		if (ifa && ifa->ifa_addr && mac)
1650 			ether_addr_copy(mac, if_getlladdr(ip_dev));
1651 	}
1652 
1653 	return ip_dev;
1654 }
1655 
1656 /**
1657  * irdma_get_vlan_ipv4 - Returns the vlan_id for IPv4 address
1658  * @addr: local IPv4 address
1659  */
1660 u16
1661 irdma_get_vlan_ipv4(u32 *addr)
1662 {
1663 	if_t netdev;
1664 	u16 vlan_id = 0xFFFF;
1665 
1666 	netdev = ip_ifp_find(&init_net, htonl(addr[0]));
1667 	if (netdev) {
1668 		vlan_id = rdma_vlan_dev_vlan_id(netdev);
1669 		dev_put(netdev);
1670 	}
1671 
1672 	return vlan_id;
1673 }
1674 
1675 static int
1676 irdma_manage_qhash_wait(struct irdma_pci_f *rf, struct irdma_cm_info *cm_info)
1677 {
1678 	struct irdma_cqp_request *cqp_request = cm_info->cqp_request;
1679 	int cnt = rf->sc_dev.hw_attrs.max_cqp_compl_wait_time_ms * CQP_TIMEOUT_THRESHOLD;
1680 	u32 ret_val;
1681 
1682 	if (!cqp_request)
1683 		return -ENOMEM;
1684 	do {
1685 		irdma_cqp_ce_handler(rf, &rf->ccq.sc_cq);
1686 		mdelay(1);
1687 	} while (!READ_ONCE(cqp_request->request_done) && --cnt);
1688 
1689 	ret_val = cqp_request->compl_info.op_ret_val;
1690 	irdma_put_cqp_request(&rf->cqp, cqp_request);
1691 	if (cnt) {
1692 		if (!ret_val)
1693 			return 0;
1694 		return -EINVAL;
1695 	}
1696 
1697 	return -ETIMEDOUT;
1698 }
1699 
1700 /**
1701  * irdma_add_mqh_ifa_cb - Adds multiple qhashes for IPv4/IPv6
1702  * @arg: Calback argument structure from irdma_add_mqh
1703  * @ifa: Current address to compute against
1704  * @count: Current cumulative output of all callbacks in this iteration
1705  *
1706  * Adds a qhash and a child listen node for a single IPv4/IPv6 address
1707  * on the adapter and adds the associated qhash filter
1708  */
1709 static u_int
1710 irdma_add_mqh_ifa_cb(void *arg, struct ifaddr *ifa, u_int count)
1711 {
1712 	struct irdma_add_mqh_cbs *cbs = arg;
1713 	struct irdma_cm_listener *child_listen_node;
1714 	struct irdma_cm_info *cm_info = cbs->cm_info;
1715 	struct irdma_device *iwdev = cbs->iwdev;
1716 	struct irdma_cm_listener *cm_parent_listen_node = cbs->cm_listen_node;
1717 	if_t ip_dev = ifa->ifa_ifp;
1718 	unsigned long flags;
1719 	int ret;
1720 
1721 	if (count)
1722 		return 0;
1723 
1724 	child_listen_node = kzalloc(sizeof(*child_listen_node), GFP_ATOMIC);
1725 	if (!child_listen_node) {
1726 		irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1727 			    "listener memory allocation\n");
1728 		return -ENOMEM;
1729 	}
1730 
1731 	memcpy(child_listen_node, cm_parent_listen_node,
1732 	       sizeof(*child_listen_node));
1733 	cm_info->vlan_id = rdma_vlan_dev_vlan_id(ip_dev);
1734 	child_listen_node->vlan_id = cm_info->vlan_id;
1735 	if (cm_info->ipv4) {
1736 		irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1737 			    "Allocating child CM Listener forIP=%x, vlan_id=%d, MAC=%x:%x:%x:%x:%x:%x\n",
1738 			    ((struct sockaddr_in *)&ifa->ifa_addr)->sin_addr.s_addr,
1739 			    rdma_vlan_dev_vlan_id(ip_dev),
1740 			    if_getlladdr(ip_dev)[0], if_getlladdr(ip_dev)[1],
1741 			    if_getlladdr(ip_dev)[2], if_getlladdr(ip_dev)[3],
1742 			    if_getlladdr(ip_dev)[4], if_getlladdr(ip_dev)[5]);
1743 		child_listen_node->loc_addr[0] =
1744 		    ntohl(((struct sockaddr_in *)ifa->ifa_addr)->sin_addr.s_addr);
1745 	} else {
1746 		irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1747 			    "IP=%x:%x:%x:%x, vlan_id=%d, MAC=%x:%x:%x:%x:%x:%x\n",
1748 			    IRDMA_PRINT_IP6(&((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr),
1749 			    rdma_vlan_dev_vlan_id(ip_dev),
1750 			    if_getlladdr(ip_dev)[0], if_getlladdr(ip_dev)[1],
1751 			    if_getlladdr(ip_dev)[2], if_getlladdr(ip_dev)[3],
1752 			    if_getlladdr(ip_dev)[4], if_getlladdr(ip_dev)[5]);
1753 		irdma_copy_ip_ntohl(child_listen_node->loc_addr,
1754 				    ((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr.__u6_addr.__u6_addr32);
1755 	}
1756 	memcpy(cm_info->loc_addr, child_listen_node->loc_addr,
1757 	       sizeof(cm_info->loc_addr));
1758 	if (!iwdev->vsi.dscp_mode)
1759 		cm_info->user_pri =
1760 		    irdma_iw_get_vlan_prio(child_listen_node->loc_addr,
1761 					   cm_info->user_pri,
1762 					   cm_info->ipv4);
1763 	ret = irdma_manage_qhash(iwdev, cm_info,
1764 				 IRDMA_QHASH_TYPE_TCP_SYN,
1765 				 IRDMA_QHASH_MANAGE_TYPE_ADD,
1766 				 NULL, false);
1767 	if (ret) {
1768 		kfree(child_listen_node);
1769 		return ret;
1770 	}
1771 	/* wait for qhash finish */
1772 	ret = irdma_manage_qhash_wait(iwdev->rf, cm_info);
1773 	if (ret) {
1774 		kfree(child_listen_node);
1775 		return ret;
1776 	}
1777 
1778 	child_listen_node->qhash_set = true;
1779 	spin_lock_irqsave(&iwdev->cm_core.listen_list_lock, flags);
1780 	list_add(&child_listen_node->child_listen_list,
1781 		 &cm_parent_listen_node->child_listen_list);
1782 	spin_unlock_irqrestore(&iwdev->cm_core.listen_list_lock, flags);
1783 	cm_parent_listen_node->cm_core->stats_listen_nodes_created++;
1784 
1785 	return 0;
1786 }
1787 
1788 /**
1789  * irdma_add_mqh - Adds multiple qhashes
1790  * @iwdev: iWarp device
1791  * @cm_info: CM info for parent listen node
1792  * @cm_listen_node: The parent listen node
1793  */
1794 static int
1795 irdma_add_mqh(struct irdma_device *iwdev,
1796 	      struct irdma_cm_info *cm_info,
1797 	      struct irdma_cm_listener *cm_listen_node)
1798 {
1799 	struct epoch_tracker et;
1800 	struct irdma_add_mqh_cbs cbs;
1801 	struct if_iter iter;
1802 	if_t ifp;
1803 	int err = -ENOENT;
1804 
1805 	cbs.iwdev = iwdev;
1806 	cbs.cm_info = cm_info;
1807 	cbs.cm_listen_node = cm_listen_node;
1808 
1809 	VNET_ITERATOR_DECL(vnet_iter);
1810 
1811 	VNET_LIST_RLOCK();
1812 	NET_EPOCH_ENTER(et);
1813 	VNET_FOREACH(vnet_iter) {
1814 		CURVNET_SET_QUIET(vnet_iter);
1815 		for (ifp = if_iter_start(&iter); ifp != NULL; ifp = if_iter_next(&iter)) {
1816 			if (!(if_getflags(ifp) & IFF_UP))
1817 				continue;
1818 
1819 			if (((rdma_vlan_dev_vlan_id(ifp) >= VLAN_N_VID) ||
1820 			     (rdma_vlan_dev_real_dev(ifp) != iwdev->netdev)) &&
1821 			    ifp != iwdev->netdev)
1822 				continue;
1823 
1824 			if_addr_rlock(ifp);
1825 			if (cm_info->ipv4)
1826 				err = if_foreach_addr_type(ifp, AF_INET, irdma_add_mqh_ifa_cb, &cbs);
1827 			else
1828 				err = if_foreach_addr_type(ifp, AF_INET6, irdma_add_mqh_ifa_cb, &cbs);
1829 			if_addr_runlock(ifp);
1830 		}
1831 		if_iter_finish(&iter);
1832 		CURVNET_RESTORE();
1833 	}
1834 	NET_EPOCH_EXIT(et);
1835 	VNET_LIST_RUNLOCK();
1836 
1837 	return err;
1838 }
1839 
1840 /**
1841  * irdma_reset_list_prep - add connection nodes slated for reset to list
1842  * @cm_core: cm's core
1843  * @listener: pointer to listener node
1844  * @reset_list: a list to which cm_node will be selected
1845  */
1846 static void
1847 irdma_reset_list_prep(struct irdma_cm_core *cm_core,
1848 		      struct irdma_cm_listener *listener,
1849 		      struct list_head *reset_list)
1850 {
1851 	struct irdma_cm_node *cm_node;
1852 	int bkt;
1853 
1854 	HASH_FOR_EACH_RCU(cm_core->cm_hash_tbl, bkt, cm_node, list) {
1855 		if (cm_node->listener == listener &&
1856 		    !cm_node->accelerated &&
1857 		    atomic_inc_not_zero(&cm_node->refcnt))
1858 			list_add(&cm_node->reset_entry, reset_list);
1859 	}
1860 }
1861 
1862 /**
1863  * irdma_dec_refcnt_listen - delete listener and associated cm nodes
1864  * @cm_core: cm's core
1865  * @listener: pointer to listener node
1866  * @free_hanging_nodes: to free associated cm_nodes
1867  * @apbvt_del: flag to delete the apbvt
1868  */
1869 static int
1870 irdma_dec_refcnt_listen(struct irdma_cm_core *cm_core,
1871 			struct irdma_cm_listener *listener,
1872 			int free_hanging_nodes, bool apbvt_del)
1873 {
1874 	struct list_head *list_pos;
1875 	struct list_head *list_temp;
1876 	struct irdma_cm_node *cm_node;
1877 	struct list_head reset_list;
1878 	struct irdma_cm_info nfo;
1879 	enum irdma_cm_node_state old_state;
1880 	unsigned long flags;
1881 	int err;
1882 
1883 	/* free non-accelerated child nodes for this listener */
1884 	INIT_LIST_HEAD(&reset_list);
1885 	if (free_hanging_nodes) {
1886 		rcu_read_lock();
1887 		irdma_reset_list_prep(cm_core, listener, &reset_list);
1888 		rcu_read_unlock();
1889 	}
1890 
1891 	list_for_each_safe(list_pos, list_temp, &reset_list) {
1892 		cm_node = container_of(list_pos, struct irdma_cm_node,
1893 				       reset_entry);
1894 		if (cm_node->state >= IRDMA_CM_STATE_FIN_WAIT1) {
1895 			irdma_rem_ref_cm_node(cm_node);
1896 			continue;
1897 		}
1898 
1899 		irdma_cleanup_retrans_entry(cm_node);
1900 		err = irdma_send_reset(cm_node);
1901 		if (err) {
1902 			cm_node->state = IRDMA_CM_STATE_CLOSED;
1903 			irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1904 				    "send reset failed\n");
1905 		} else {
1906 			old_state = cm_node->state;
1907 			cm_node->state = IRDMA_CM_STATE_LISTENER_DESTROYED;
1908 			if (old_state != IRDMA_CM_STATE_MPAREQ_RCVD)
1909 				irdma_rem_ref_cm_node(cm_node);
1910 		}
1911 	}
1912 
1913 	if (atomic_dec_and_test(&listener->refcnt)) {
1914 		spin_lock_irqsave(&cm_core->listen_list_lock, flags);
1915 		list_del(&listener->list);
1916 		spin_unlock_irqrestore(&cm_core->listen_list_lock, flags);
1917 
1918 		if (apbvt_del)
1919 			irdma_del_apbvt(listener->iwdev,
1920 					listener->apbvt_entry);
1921 		memcpy(nfo.loc_addr, listener->loc_addr, sizeof(nfo.loc_addr));
1922 		nfo.loc_port = listener->loc_port;
1923 		nfo.ipv4 = listener->ipv4;
1924 		nfo.vlan_id = listener->vlan_id;
1925 		nfo.user_pri = listener->user_pri;
1926 		nfo.qh_qpid = listener->iwdev->vsi.ilq->qp_id;
1927 
1928 		if (!list_empty(&listener->child_listen_list)) {
1929 			irdma_del_multiple_qhash(listener->iwdev, &nfo,
1930 						 listener);
1931 		} else {
1932 			if (listener->qhash_set)
1933 				irdma_manage_qhash(listener->iwdev,
1934 						   &nfo,
1935 						   IRDMA_QHASH_TYPE_TCP_SYN,
1936 						   IRDMA_QHASH_MANAGE_TYPE_DELETE,
1937 						   NULL, false);
1938 		}
1939 
1940 		cm_core->stats_listen_destroyed++;
1941 		cm_core->stats_listen_nodes_destroyed++;
1942 		irdma_debug(&listener->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
1943 			    "loc_port=0x%04x loc_addr=%x cm_listen_node=%p cm_id=%p qhash_set=%d vlan_id=%d apbvt_del=%d\n",
1944 			    listener->loc_port, listener->loc_addr[0], listener,
1945 			    listener->cm_id, listener->qhash_set,
1946 			    listener->vlan_id, apbvt_del);
1947 		kfree(listener);
1948 		listener = NULL;
1949 		return 0;
1950 	}
1951 
1952 	return -EINVAL;
1953 }
1954 
1955 /**
1956  * irdma_cm_del_listen - delete a listener
1957  * @cm_core: cm's core
1958  * @listener: passive connection's listener
1959  * @apbvt_del: flag to delete apbvt
1960  */
1961 static int
1962 irdma_cm_del_listen(struct irdma_cm_core *cm_core,
1963 		    struct irdma_cm_listener *listener,
1964 		    bool apbvt_del)
1965 {
1966 	listener->listener_state = IRDMA_CM_LISTENER_PASSIVE_STATE;
1967 	listener->cm_id = NULL;
1968 
1969 	return irdma_dec_refcnt_listen(cm_core, listener, 1, apbvt_del);
1970 }
1971 
1972 /**
1973  * irdma_find_node - find a cm node that matches the reference cm node
1974  * @cm_core: cm's core
1975  * @rem_port: remote tcp port num
1976  * @rem_addr: remote ip addr
1977  * @loc_port: local tcp port num
1978  * @loc_addr: local ip addr
1979  * @vlan_id: local VLAN ID
1980  */
1981 struct irdma_cm_node *
1982 irdma_find_node(struct irdma_cm_core *cm_core,
1983 		u16 rem_port, u32 *rem_addr, u16 loc_port,
1984 		u32 *loc_addr, u16 vlan_id)
1985 {
1986 	struct irdma_cm_node *cm_node;
1987 	u32 key = (rem_port << 16) | loc_port;
1988 
1989 	rcu_read_lock();
1990 	HASH_FOR_EACH_POSSIBLE_RCU(cm_core->cm_hash_tbl, cm_node, list, key) {
1991 		if (cm_node->vlan_id == vlan_id &&
1992 		    cm_node->loc_port == loc_port && cm_node->rem_port == rem_port &&
1993 		    !memcmp(cm_node->loc_addr, loc_addr, sizeof(cm_node->loc_addr)) &&
1994 		    !memcmp(cm_node->rem_addr, rem_addr, sizeof(cm_node->rem_addr))) {
1995 			if (!atomic_inc_not_zero(&cm_node->refcnt))
1996 				goto exit;
1997 			rcu_read_unlock();
1998 			return cm_node;
1999 		}
2000 	}
2001 
2002 exit:
2003 	rcu_read_unlock();
2004 
2005 	/* no owner node */
2006 	return NULL;
2007 }
2008 
2009 /**
2010  * irdma_add_hte_node - add a cm node to the hash table
2011  * @cm_core: cm's core
2012  * @cm_node: connection's node
2013  */
2014 static void
2015 irdma_add_hte_node(struct irdma_cm_core *cm_core,
2016 		   struct irdma_cm_node *cm_node)
2017 {
2018 	unsigned long flags;
2019 	u32 key = (cm_node->rem_port << 16) | cm_node->loc_port;
2020 
2021 	spin_lock_irqsave(&cm_core->ht_lock, flags);
2022 	HASH_ADD_RCU(cm_core->cm_hash_tbl, &cm_node->list, key);
2023 	spin_unlock_irqrestore(&cm_core->ht_lock, flags);
2024 }
2025 
2026 /**
2027  * irdma_ipv4_is_lpb - check if loopback
2028  * @loc_addr: local addr to compare
2029  * @rem_addr: remote address
2030  */
2031 bool
2032 irdma_ipv4_is_lpb(u32 loc_addr, u32 rem_addr)
2033 {
2034 	return ipv4_is_loopback(htonl(rem_addr)) || (loc_addr == rem_addr);
2035 }
2036 
2037 /**
2038  * irdma_ipv6_is_lpb - check if loopback
2039  * @loc_addr: local addr to compare
2040  * @rem_addr: remote address
2041  */
2042 bool
2043 irdma_ipv6_is_lpb(u32 *loc_addr, u32 *rem_addr)
2044 {
2045 	struct in6_addr raddr6;
2046 
2047 	irdma_copy_ip_htonl(raddr6.__u6_addr.__u6_addr32, rem_addr);
2048 
2049 	return !memcmp(loc_addr, rem_addr, 16) || ipv6_addr_loopback(&raddr6);
2050 }
2051 
2052 /**
2053  * irdma_cm_create_ah - create a cm address handle
2054  * @cm_node: The connection manager node to create AH for
2055  * @wait: Provides option to wait for ah creation or not
2056  */
2057 static int
2058 irdma_cm_create_ah(struct irdma_cm_node *cm_node, bool wait)
2059 {
2060 	struct irdma_ah_info ah_info = {0};
2061 	struct irdma_device *iwdev = cm_node->iwdev;
2062 #ifdef VIMAGE
2063 	struct rdma_cm_id *rdma_id = (struct rdma_cm_id *)cm_node->cm_id->context;
2064 	struct vnet *vnet = rdma_id->route.addr.dev_addr.net;
2065 #endif
2066 
2067 	ether_addr_copy(ah_info.mac_addr, if_getlladdr(iwdev->netdev));
2068 
2069 	ah_info.hop_ttl = 0x40;
2070 	ah_info.tc_tos = cm_node->tos;
2071 	ah_info.vsi = &iwdev->vsi;
2072 
2073 	if (cm_node->ipv4) {
2074 		ah_info.ipv4_valid = true;
2075 		ah_info.dest_ip_addr[0] = cm_node->rem_addr[0];
2076 		ah_info.src_ip_addr[0] = cm_node->loc_addr[0];
2077 		CURVNET_SET_QUIET(vnet);
2078 		ah_info.do_lpbk = irdma_ipv4_is_lpb(ah_info.src_ip_addr[0],
2079 						    ah_info.dest_ip_addr[0]);
2080 		CURVNET_RESTORE();
2081 	} else {
2082 		memcpy(ah_info.dest_ip_addr, cm_node->rem_addr,
2083 		       sizeof(ah_info.dest_ip_addr));
2084 		memcpy(ah_info.src_ip_addr, cm_node->loc_addr,
2085 		       sizeof(ah_info.src_ip_addr));
2086 		ah_info.do_lpbk = irdma_ipv6_is_lpb(ah_info.src_ip_addr,
2087 						    ah_info.dest_ip_addr);
2088 	}
2089 
2090 	ah_info.vlan_tag = cm_node->vlan_id;
2091 	if (cm_node->vlan_id < VLAN_N_VID) {
2092 		ah_info.insert_vlan_tag = 1;
2093 		ah_info.vlan_tag |= cm_node->user_pri << VLAN_PRIO_SHIFT;
2094 	}
2095 
2096 	ah_info.dst_arpindex =
2097 	    irdma_arp_table(iwdev->rf, ah_info.dest_ip_addr,
2098 			    NULL, IRDMA_ARP_RESOLVE);
2099 
2100 	if (irdma_puda_create_ah(&iwdev->rf->sc_dev, &ah_info, wait,
2101 				 IRDMA_PUDA_RSRC_TYPE_ILQ, cm_node,
2102 				 &cm_node->ah))
2103 		return -ENOMEM;
2104 
2105 	return 0;
2106 }
2107 
2108 /**
2109  * irdma_cm_free_ah - free a cm address handle
2110  * @cm_node: The connection manager node to create AH for
2111  */
2112 static void
2113 irdma_cm_free_ah(struct irdma_cm_node *cm_node)
2114 {
2115 	struct irdma_device *iwdev = cm_node->iwdev;
2116 
2117 	irdma_puda_free_ah(&iwdev->rf->sc_dev, cm_node->ah);
2118 	cm_node->ah = NULL;
2119 }
2120 
2121 /**
2122  * irdma_make_cm_node - create a new instance of a cm node
2123  * @cm_core: cm's core
2124  * @iwdev: iwarp device structure
2125  * @cm_info: quad info for connection
2126  * @listener: passive connection's listener
2127  */
2128 static struct irdma_cm_node *
2129 irdma_make_cm_node(struct irdma_cm_core *cm_core, struct irdma_device *iwdev,
2130 		   struct irdma_cm_info *cm_info,
2131 		   struct irdma_cm_listener *listener)
2132 {
2133 	struct irdma_cm_node *cm_node;
2134 	int arpindex;
2135 	if_t netdev = iwdev->netdev;
2136 
2137 	/* create an hte and cm_node for this instance */
2138 	cm_node = kzalloc(sizeof(*cm_node), GFP_ATOMIC);
2139 	if (!cm_node)
2140 		return NULL;
2141 
2142 	/* set our node specific transport info */
2143 	cm_node->ipv4 = cm_info->ipv4;
2144 	cm_node->vlan_id = cm_info->vlan_id;
2145 	if (cm_node->vlan_id >= VLAN_N_VID && iwdev->dcb_vlan_mode)
2146 		cm_node->vlan_id = 0;
2147 	cm_node->tos = cm_info->tos;
2148 	cm_node->user_pri = cm_info->user_pri;
2149 	if (listener) {
2150 		if (listener->tos != cm_info->tos)
2151 			irdma_dev_warn(&iwdev->ibdev,
2152 				       "application TOS[%d] and remote client TOS[%d] mismatch\n",
2153 				       listener->tos, cm_info->tos);
2154 		if (iwdev->vsi.dscp_mode) {
2155 			cm_node->user_pri = listener->user_pri;
2156 		} else {
2157 			cm_node->tos = max(listener->tos, cm_info->tos);
2158 			cm_node->user_pri = rt_tos2priority(cm_node->tos);
2159 			cm_node->user_pri =
2160 			    irdma_iw_get_vlan_prio(cm_info->loc_addr,
2161 						   cm_node->user_pri,
2162 						   cm_info->ipv4);
2163 		}
2164 		irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_DCB,
2165 			    "listener: TOS:[%d] UP:[%d]\n", cm_node->tos,
2166 			    cm_node->user_pri);
2167 	}
2168 	memcpy(cm_node->loc_addr, cm_info->loc_addr, sizeof(cm_node->loc_addr));
2169 	memcpy(cm_node->rem_addr, cm_info->rem_addr, sizeof(cm_node->rem_addr));
2170 	cm_node->loc_port = cm_info->loc_port;
2171 	cm_node->rem_port = cm_info->rem_port;
2172 
2173 	cm_node->mpa_frame_rev = IRDMA_CM_DEFAULT_MPA_VER;
2174 	cm_node->send_rdma0_op = SEND_RDMA_READ_ZERO;
2175 	cm_node->iwdev = iwdev;
2176 	cm_node->dev = &iwdev->rf->sc_dev;
2177 
2178 	cm_node->ird_size = cm_node->dev->hw_attrs.max_hw_ird;
2179 	cm_node->ord_size = cm_node->dev->hw_attrs.max_hw_ord;
2180 
2181 	cm_node->listener = listener;
2182 	cm_node->cm_id = cm_info->cm_id;
2183 	ether_addr_copy(cm_node->loc_mac, if_getlladdr(netdev));
2184 	spin_lock_init(&cm_node->retrans_list_lock);
2185 	cm_node->ack_rcvd = false;
2186 
2187 	init_completion(&cm_node->establish_comp);
2188 	atomic_set(&cm_node->refcnt, 1);
2189 	/* associate our parent CM core */
2190 	cm_node->cm_core = cm_core;
2191 	cm_node->tcp_cntxt.loc_id = IRDMA_CM_DEFAULT_LOCAL_ID;
2192 	cm_node->tcp_cntxt.rcv_wscale = iwdev->rcv_wscale;
2193 	cm_node->tcp_cntxt.rcv_wnd = iwdev->rcv_wnd >> cm_node->tcp_cntxt.rcv_wscale;
2194 	kc_set_loc_seq_num_mss(cm_node);
2195 
2196 	arpindex = irdma_resolve_neigh_lpb_chk(iwdev, cm_node, cm_info);
2197 	if (arpindex < 0)
2198 		goto err;
2199 
2200 	ether_addr_copy(cm_node->rem_mac, iwdev->rf->arp_table[arpindex].mac_addr);
2201 	irdma_add_hte_node(cm_core, cm_node);
2202 	cm_core->stats_nodes_created++;
2203 	return cm_node;
2204 
2205 err:
2206 	kfree(cm_node);
2207 
2208 	return NULL;
2209 }
2210 
2211 static void
2212 irdma_destroy_connection(struct irdma_cm_node *cm_node)
2213 {
2214 	struct irdma_cm_core *cm_core = cm_node->cm_core;
2215 	struct irdma_qp *iwqp;
2216 	struct irdma_cm_info nfo;
2217 
2218 	/* if the node is destroyed before connection was accelerated */
2219 	if (!cm_node->accelerated && cm_node->accept_pend) {
2220 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
2221 			    "node destroyed before established\n");
2222 		atomic_dec(&cm_node->listener->pend_accepts_cnt);
2223 	}
2224 	if (cm_node->close_entry)
2225 		irdma_handle_close_entry(cm_node, 0);
2226 	if (cm_node->listener) {
2227 		irdma_dec_refcnt_listen(cm_core, cm_node->listener, 0, true);
2228 	} else {
2229 		if (cm_node->apbvt_set) {
2230 			irdma_del_apbvt(cm_node->iwdev, cm_node->apbvt_entry);
2231 			cm_node->apbvt_set = 0;
2232 		}
2233 		irdma_get_addr_info(cm_node, &nfo);
2234 		if (cm_node->qhash_set) {
2235 			nfo.qh_qpid = cm_node->iwdev->vsi.ilq->qp_id;
2236 			irdma_manage_qhash(cm_node->iwdev, &nfo,
2237 					   IRDMA_QHASH_TYPE_TCP_ESTABLISHED,
2238 					   IRDMA_QHASH_MANAGE_TYPE_DELETE, NULL,
2239 					   false);
2240 			cm_node->qhash_set = 0;
2241 		}
2242 	}
2243 
2244 	iwqp = cm_node->iwqp;
2245 	if (iwqp) {
2246 		cm_node->cm_id->rem_ref(cm_node->cm_id);
2247 		cm_node->cm_id = NULL;
2248 		iwqp->cm_id = NULL;
2249 		irdma_qp_rem_ref(&iwqp->ibqp);
2250 		cm_node->iwqp = NULL;
2251 	} else if (cm_node->qhash_set) {
2252 		irdma_get_addr_info(cm_node, &nfo);
2253 		nfo.qh_qpid = cm_node->iwdev->vsi.ilq->qp_id;
2254 		irdma_manage_qhash(cm_node->iwdev, &nfo,
2255 				   IRDMA_QHASH_TYPE_TCP_ESTABLISHED,
2256 				   IRDMA_QHASH_MANAGE_TYPE_DELETE, NULL, false);
2257 		cm_node->qhash_set = 0;
2258 	}
2259 
2260 	cm_core->cm_free_ah(cm_node);
2261 }
2262 
2263 /**
2264  * irdma_rem_ref_cm_node - destroy an instance of a cm node
2265  * @cm_node: connection's node
2266  */
2267 void
2268 irdma_rem_ref_cm_node(struct irdma_cm_node *cm_node)
2269 {
2270 	struct irdma_cm_core *cm_core = cm_node->cm_core;
2271 	unsigned long flags;
2272 
2273 	spin_lock_irqsave(&cm_core->ht_lock, flags);
2274 
2275 	if (!atomic_dec_and_test(&cm_node->refcnt)) {
2276 		spin_unlock_irqrestore(&cm_core->ht_lock, flags);
2277 		return;
2278 	}
2279 	if (cm_node->iwqp) {
2280 		cm_node->iwqp->cm_node = NULL;
2281 		cm_node->iwqp->cm_id = NULL;
2282 	}
2283 	HASH_DEL_RCU(cm_core->cm_hash_tbl, &cm_node->list);
2284 	cm_node->cm_core->stats_nodes_destroyed++;
2285 
2286 	spin_unlock_irqrestore(&cm_core->ht_lock, flags);
2287 
2288 	irdma_destroy_connection(cm_node);
2289 
2290 	kfree_rcu(cm_node, rcu_head);
2291 }
2292 
2293 /**
2294  * irdma_handle_fin_pkt - FIN packet received
2295  * @cm_node: connection's node
2296  */
2297 static void
2298 irdma_handle_fin_pkt(struct irdma_cm_node *cm_node)
2299 {
2300 	switch (cm_node->state) {
2301 	case IRDMA_CM_STATE_SYN_RCVD:
2302 	case IRDMA_CM_STATE_SYN_SENT:
2303 	case IRDMA_CM_STATE_ESTABLISHED:
2304 	case IRDMA_CM_STATE_MPAREJ_RCVD:
2305 		cm_node->tcp_cntxt.rcv_nxt++;
2306 		irdma_cleanup_retrans_entry(cm_node);
2307 		cm_node->state = IRDMA_CM_STATE_LAST_ACK;
2308 		irdma_send_fin(cm_node);
2309 		break;
2310 	case IRDMA_CM_STATE_MPAREQ_SENT:
2311 		irdma_create_event(cm_node, IRDMA_CM_EVENT_ABORTED);
2312 		cm_node->tcp_cntxt.rcv_nxt++;
2313 		irdma_cleanup_retrans_entry(cm_node);
2314 		cm_node->state = IRDMA_CM_STATE_CLOSED;
2315 		atomic_inc(&cm_node->refcnt);
2316 		irdma_send_reset(cm_node);
2317 		break;
2318 	case IRDMA_CM_STATE_FIN_WAIT1:
2319 		cm_node->tcp_cntxt.rcv_nxt++;
2320 		irdma_cleanup_retrans_entry(cm_node);
2321 		cm_node->state = IRDMA_CM_STATE_CLOSING;
2322 		irdma_send_ack(cm_node);
2323 		/*
2324 		 * Wait for ACK as this is simultaneous close. After we receive ACK, do not send anything. Just rm the
2325 		 * node.
2326 		 */
2327 		break;
2328 	case IRDMA_CM_STATE_FIN_WAIT2:
2329 		cm_node->tcp_cntxt.rcv_nxt++;
2330 		irdma_cleanup_retrans_entry(cm_node);
2331 		cm_node->state = IRDMA_CM_STATE_TIME_WAIT;
2332 		irdma_send_ack(cm_node);
2333 		irdma_schedule_cm_timer(cm_node, NULL, IRDMA_TIMER_TYPE_CLOSE,
2334 					1, 0);
2335 		break;
2336 	case IRDMA_CM_STATE_TIME_WAIT:
2337 		cm_node->tcp_cntxt.rcv_nxt++;
2338 		irdma_cleanup_retrans_entry(cm_node);
2339 		cm_node->state = IRDMA_CM_STATE_CLOSED;
2340 		irdma_rem_ref_cm_node(cm_node);
2341 		break;
2342 	case IRDMA_CM_STATE_OFFLOADED:
2343 	default:
2344 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
2345 			    "bad state node state = %d\n", cm_node->state);
2346 		break;
2347 	}
2348 }
2349 
2350 /**
2351  * irdma_handle_rst_pkt - process received RST packet
2352  * @cm_node: connection's node
2353  * @rbuf: receive buffer
2354  */
2355 static void
2356 irdma_handle_rst_pkt(struct irdma_cm_node *cm_node,
2357 		     struct irdma_puda_buf *rbuf)
2358 {
2359 	irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
2360 		    "caller: %pS cm_node=%p state=%d rem_port=0x%04x loc_port=0x%04x rem_addr=%x loc_addr=%x\n",
2361 		    __builtin_return_address(0), cm_node, cm_node->state,
2362 		    cm_node->rem_port, cm_node->loc_port, cm_node->rem_addr[0],
2363 		    cm_node->loc_addr[0]);
2364 
2365 	irdma_cleanup_retrans_entry(cm_node);
2366 	switch (cm_node->state) {
2367 	case IRDMA_CM_STATE_SYN_SENT:
2368 	case IRDMA_CM_STATE_MPAREQ_SENT:
2369 		switch (cm_node->mpa_frame_rev) {
2370 		case IETF_MPA_V2:
2371 			/* Drop down to MPA_V1 */
2372 			cm_node->mpa_frame_rev = IETF_MPA_V1;
2373 			/* send a syn and goto syn sent state */
2374 			cm_node->state = IRDMA_CM_STATE_SYN_SENT;
2375 			if (irdma_send_syn(cm_node, 0))
2376 				irdma_active_open_err(cm_node, false);
2377 			break;
2378 		case IETF_MPA_V1:
2379 		default:
2380 			irdma_active_open_err(cm_node, false);
2381 			break;
2382 		}
2383 		break;
2384 	case IRDMA_CM_STATE_MPAREQ_RCVD:
2385 		atomic_inc(&cm_node->passive_state);
2386 		break;
2387 	case IRDMA_CM_STATE_ESTABLISHED:
2388 	case IRDMA_CM_STATE_SYN_RCVD:
2389 	case IRDMA_CM_STATE_LISTENING:
2390 		irdma_passive_open_err(cm_node, false);
2391 		break;
2392 	case IRDMA_CM_STATE_OFFLOADED:
2393 		irdma_active_open_err(cm_node, false);
2394 		break;
2395 	case IRDMA_CM_STATE_CLOSED:
2396 		break;
2397 	case IRDMA_CM_STATE_FIN_WAIT2:
2398 	case IRDMA_CM_STATE_FIN_WAIT1:
2399 	case IRDMA_CM_STATE_LAST_ACK:
2400 	case IRDMA_CM_STATE_TIME_WAIT:
2401 		cm_node->state = IRDMA_CM_STATE_CLOSED;
2402 		irdma_rem_ref_cm_node(cm_node);
2403 		break;
2404 	default:
2405 		break;
2406 	}
2407 }
2408 
2409 /**
2410  * irdma_handle_rcv_mpa - Process a recv'd mpa buffer
2411  * @cm_node: connection's node
2412  * @rbuf: receive buffer
2413  */
2414 static void
2415 irdma_handle_rcv_mpa(struct irdma_cm_node *cm_node,
2416 		     struct irdma_puda_buf *rbuf)
2417 {
2418 	int err;
2419 	int datasize = rbuf->datalen;
2420 	u8 *dataloc = rbuf->data;
2421 
2422 	enum irdma_cm_event_type type = IRDMA_CM_EVENT_UNKNOWN;
2423 	u32 res_type;
2424 
2425 	err = irdma_parse_mpa(cm_node, dataloc, &res_type, datasize);
2426 	if (err) {
2427 		if (cm_node->state == IRDMA_CM_STATE_MPAREQ_SENT)
2428 			irdma_active_open_err(cm_node, true);
2429 		else
2430 			irdma_passive_open_err(cm_node, true);
2431 		return;
2432 	}
2433 
2434 	switch (cm_node->state) {
2435 	case IRDMA_CM_STATE_ESTABLISHED:
2436 		if (res_type == IRDMA_MPA_REQUEST_REJECT)
2437 			irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
2438 				    "state for reject\n");
2439 		cm_node->state = IRDMA_CM_STATE_MPAREQ_RCVD;
2440 		type = IRDMA_CM_EVENT_MPA_REQ;
2441 		irdma_send_ack(cm_node);	/* ACK received MPA request */
2442 		atomic_set(&cm_node->passive_state,
2443 			   IRDMA_PASSIVE_STATE_INDICATED);
2444 		break;
2445 	case IRDMA_CM_STATE_MPAREQ_SENT:
2446 		irdma_cleanup_retrans_entry(cm_node);
2447 		if (res_type == IRDMA_MPA_REQUEST_REJECT) {
2448 			type = IRDMA_CM_EVENT_MPA_REJECT;
2449 			cm_node->state = IRDMA_CM_STATE_MPAREJ_RCVD;
2450 		} else {
2451 			type = IRDMA_CM_EVENT_CONNECTED;
2452 			cm_node->state = IRDMA_CM_STATE_OFFLOADED;
2453 		}
2454 		irdma_send_ack(cm_node);
2455 		break;
2456 	default:
2457 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
2458 			    "wrong cm_node state=%d\n", cm_node->state);
2459 		break;
2460 	}
2461 	irdma_create_event(cm_node, type);
2462 }
2463 
2464 /**
2465  * irdma_check_syn - Check for error on received syn ack
2466  * @cm_node: connection's node
2467  * @tcph: pointer tcp header
2468  */
2469 static int
2470 irdma_check_syn(struct irdma_cm_node *cm_node, struct tcphdr *tcph)
2471 {
2472 	if (ntohl(tcph->th_ack) != cm_node->tcp_cntxt.loc_seq_num) {
2473 		irdma_active_open_err(cm_node, true);
2474 		return 1;
2475 	}
2476 
2477 	return 0;
2478 }
2479 
2480 /**
2481  * irdma_check_seq - check seq numbers if OK
2482  * @cm_node: connection's node
2483  * @tcph: pointer tcp header
2484  */
2485 static int
2486 irdma_check_seq(struct irdma_cm_node *cm_node, struct tcphdr *tcph)
2487 {
2488 	u32 seq;
2489 	u32 ack_seq;
2490 	u32 loc_seq_num = cm_node->tcp_cntxt.loc_seq_num;
2491 	u32 rcv_nxt = cm_node->tcp_cntxt.rcv_nxt;
2492 	u32 rcv_wnd;
2493 	int err = 0;
2494 
2495 	seq = ntohl(tcph->th_seq);
2496 	ack_seq = ntohl(tcph->th_ack);
2497 	rcv_wnd = cm_node->tcp_cntxt.rcv_wnd;
2498 	if (ack_seq != loc_seq_num ||
2499 	    !between(seq, rcv_nxt, (rcv_nxt + rcv_wnd)))
2500 		err = -1;
2501 	if (err)
2502 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
2503 			    "seq number err\n");
2504 
2505 	return err;
2506 }
2507 
2508 void
2509 irdma_add_conn_est_qh(struct irdma_cm_node *cm_node)
2510 {
2511 	struct irdma_cm_info nfo;
2512 
2513 	irdma_get_addr_info(cm_node, &nfo);
2514 	nfo.qh_qpid = cm_node->iwdev->vsi.ilq->qp_id;
2515 	irdma_manage_qhash(cm_node->iwdev, &nfo,
2516 			   IRDMA_QHASH_TYPE_TCP_ESTABLISHED,
2517 			   IRDMA_QHASH_MANAGE_TYPE_ADD,
2518 			   cm_node, false);
2519 	cm_node->qhash_set = true;
2520 }
2521 
2522 /**
2523  * irdma_handle_syn_pkt - is for Passive node
2524  * @cm_node: connection's node
2525  * @rbuf: receive buffer
2526  */
2527 static void
2528 irdma_handle_syn_pkt(struct irdma_cm_node *cm_node,
2529 		     struct irdma_puda_buf *rbuf)
2530 {
2531 	struct tcphdr *tcph = (struct tcphdr *)rbuf->tcph;
2532 	int err;
2533 	u32 inc_sequence;
2534 	int optionsize;
2535 
2536 	optionsize = (tcph->th_off << 2) - sizeof(struct tcphdr);
2537 	inc_sequence = ntohl(tcph->th_seq);
2538 
2539 	switch (cm_node->state) {
2540 	case IRDMA_CM_STATE_SYN_SENT:
2541 	case IRDMA_CM_STATE_MPAREQ_SENT:
2542 		/* Rcvd syn on active open connection */
2543 		irdma_active_open_err(cm_node, 1);
2544 		break;
2545 	case IRDMA_CM_STATE_LISTENING:
2546 		/* Passive OPEN */
2547 		if (atomic_read(&cm_node->listener->pend_accepts_cnt) >
2548 		    cm_node->listener->backlog) {
2549 			cm_node->cm_core->stats_backlog_drops++;
2550 			irdma_passive_open_err(cm_node, false);
2551 			break;
2552 		}
2553 		err = irdma_handle_tcp_options(cm_node, tcph, optionsize, 1);
2554 		if (err) {
2555 			irdma_passive_open_err(cm_node, false);
2556 			/* drop pkt */
2557 			break;
2558 		}
2559 		err = cm_node->cm_core->cm_create_ah(cm_node, false);
2560 		if (err) {
2561 			irdma_passive_open_err(cm_node, false);
2562 			/* drop pkt */
2563 			break;
2564 		}
2565 		cm_node->tcp_cntxt.rcv_nxt = inc_sequence + 1;
2566 		cm_node->accept_pend = 1;
2567 		atomic_inc(&cm_node->listener->pend_accepts_cnt);
2568 
2569 		cm_node->state = IRDMA_CM_STATE_SYN_RCVD;
2570 		break;
2571 	case IRDMA_CM_STATE_CLOSED:
2572 		irdma_cleanup_retrans_entry(cm_node);
2573 		atomic_inc(&cm_node->refcnt);
2574 		irdma_send_reset(cm_node);
2575 		break;
2576 	case IRDMA_CM_STATE_OFFLOADED:
2577 	case IRDMA_CM_STATE_ESTABLISHED:
2578 	case IRDMA_CM_STATE_FIN_WAIT1:
2579 	case IRDMA_CM_STATE_FIN_WAIT2:
2580 	case IRDMA_CM_STATE_MPAREQ_RCVD:
2581 	case IRDMA_CM_STATE_LAST_ACK:
2582 	case IRDMA_CM_STATE_CLOSING:
2583 	case IRDMA_CM_STATE_UNKNOWN:
2584 	default:
2585 		break;
2586 	}
2587 }
2588 
2589 /**
2590  * irdma_handle_synack_pkt - Process SYN+ACK packet (active side)
2591  * @cm_node: connection's node
2592  * @rbuf: receive buffer
2593  */
2594 static void
2595 irdma_handle_synack_pkt(struct irdma_cm_node *cm_node,
2596 			struct irdma_puda_buf *rbuf)
2597 {
2598 	struct tcphdr *tcph = (struct tcphdr *)rbuf->tcph;
2599 	int err;
2600 	u32 inc_sequence;
2601 	int optionsize;
2602 
2603 	optionsize = (tcph->th_off << 2) - sizeof(struct tcphdr);
2604 	inc_sequence = ntohl(tcph->th_seq);
2605 	switch (cm_node->state) {
2606 	case IRDMA_CM_STATE_SYN_SENT:
2607 		irdma_cleanup_retrans_entry(cm_node);
2608 		/* active open */
2609 		if (irdma_check_syn(cm_node, tcph)) {
2610 			irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
2611 				    "check syn fail\n");
2612 			return;
2613 		}
2614 		cm_node->tcp_cntxt.rem_ack_num = ntohl(tcph->th_ack);
2615 		/* setup options */
2616 		err = irdma_handle_tcp_options(cm_node, tcph, optionsize, 0);
2617 		if (err) {
2618 			irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
2619 				    "cm_node=%p tcp_options failed\n", cm_node);
2620 			break;
2621 		}
2622 		irdma_cleanup_retrans_entry(cm_node);
2623 		cm_node->tcp_cntxt.rcv_nxt = inc_sequence + 1;
2624 		irdma_send_ack(cm_node);	/* ACK  for the syn_ack */
2625 		err = irdma_send_mpa_request(cm_node);
2626 		if (err) {
2627 			irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
2628 				    "cm_node=%p irdma_send_mpa_request failed\n",
2629 				    cm_node);
2630 			break;
2631 		}
2632 		cm_node->state = IRDMA_CM_STATE_MPAREQ_SENT;
2633 		break;
2634 	case IRDMA_CM_STATE_MPAREQ_RCVD:
2635 		irdma_passive_open_err(cm_node, true);
2636 		break;
2637 	case IRDMA_CM_STATE_LISTENING:
2638 		cm_node->tcp_cntxt.loc_seq_num = ntohl(tcph->th_ack);
2639 		irdma_cleanup_retrans_entry(cm_node);
2640 		cm_node->state = IRDMA_CM_STATE_CLOSED;
2641 		irdma_send_reset(cm_node);
2642 		break;
2643 	case IRDMA_CM_STATE_CLOSED:
2644 		cm_node->tcp_cntxt.loc_seq_num = ntohl(tcph->th_ack);
2645 		irdma_cleanup_retrans_entry(cm_node);
2646 		atomic_inc(&cm_node->refcnt);
2647 		irdma_send_reset(cm_node);
2648 		break;
2649 	case IRDMA_CM_STATE_ESTABLISHED:
2650 	case IRDMA_CM_STATE_FIN_WAIT1:
2651 	case IRDMA_CM_STATE_FIN_WAIT2:
2652 	case IRDMA_CM_STATE_LAST_ACK:
2653 	case IRDMA_CM_STATE_OFFLOADED:
2654 	case IRDMA_CM_STATE_CLOSING:
2655 	case IRDMA_CM_STATE_UNKNOWN:
2656 	case IRDMA_CM_STATE_MPAREQ_SENT:
2657 	default:
2658 		break;
2659 	}
2660 }
2661 
2662 /**
2663  * irdma_handle_ack_pkt - process packet with ACK
2664  * @cm_node: connection's node
2665  * @rbuf: receive buffer
2666  */
2667 static int
2668 irdma_handle_ack_pkt(struct irdma_cm_node *cm_node,
2669 		     struct irdma_puda_buf *rbuf)
2670 {
2671 	struct tcphdr *tcph = (struct tcphdr *)rbuf->tcph;
2672 	u32 inc_sequence;
2673 	int ret;
2674 	int optionsize;
2675 	u32 datasize = rbuf->datalen;
2676 
2677 	optionsize = (tcph->th_off << 2) - sizeof(struct tcphdr);
2678 
2679 	if (irdma_check_seq(cm_node, tcph))
2680 		return -EINVAL;
2681 
2682 	inc_sequence = ntohl(tcph->th_seq);
2683 	switch (cm_node->state) {
2684 	case IRDMA_CM_STATE_SYN_RCVD:
2685 		irdma_cleanup_retrans_entry(cm_node);
2686 		ret = irdma_handle_tcp_options(cm_node, tcph, optionsize, 1);
2687 		if (ret)
2688 			return ret;
2689 		cm_node->tcp_cntxt.rem_ack_num = ntohl(tcph->th_ack);
2690 		cm_node->state = IRDMA_CM_STATE_ESTABLISHED;
2691 		if (datasize) {
2692 			cm_node->tcp_cntxt.rcv_nxt = inc_sequence + datasize;
2693 			irdma_handle_rcv_mpa(cm_node, rbuf);
2694 		}
2695 		break;
2696 	case IRDMA_CM_STATE_ESTABLISHED:
2697 		irdma_cleanup_retrans_entry(cm_node);
2698 		if (datasize) {
2699 			cm_node->tcp_cntxt.rcv_nxt = inc_sequence + datasize;
2700 			irdma_handle_rcv_mpa(cm_node, rbuf);
2701 		}
2702 		break;
2703 	case IRDMA_CM_STATE_MPAREQ_SENT:
2704 		cm_node->tcp_cntxt.rem_ack_num = ntohl(tcph->th_ack);
2705 		if (datasize) {
2706 			cm_node->tcp_cntxt.rcv_nxt = inc_sequence + datasize;
2707 			cm_node->ack_rcvd = false;
2708 			irdma_handle_rcv_mpa(cm_node, rbuf);
2709 		} else {
2710 			cm_node->ack_rcvd = true;
2711 		}
2712 		break;
2713 	case IRDMA_CM_STATE_LISTENING:
2714 		irdma_cleanup_retrans_entry(cm_node);
2715 		cm_node->state = IRDMA_CM_STATE_CLOSED;
2716 		irdma_send_reset(cm_node);
2717 		break;
2718 	case IRDMA_CM_STATE_CLOSED:
2719 		irdma_cleanup_retrans_entry(cm_node);
2720 		atomic_inc(&cm_node->refcnt);
2721 		irdma_send_reset(cm_node);
2722 		break;
2723 	case IRDMA_CM_STATE_LAST_ACK:
2724 	case IRDMA_CM_STATE_CLOSING:
2725 		irdma_cleanup_retrans_entry(cm_node);
2726 		cm_node->state = IRDMA_CM_STATE_CLOSED;
2727 		irdma_rem_ref_cm_node(cm_node);
2728 		break;
2729 	case IRDMA_CM_STATE_FIN_WAIT1:
2730 		irdma_cleanup_retrans_entry(cm_node);
2731 		cm_node->state = IRDMA_CM_STATE_FIN_WAIT2;
2732 		break;
2733 	case IRDMA_CM_STATE_SYN_SENT:
2734 	case IRDMA_CM_STATE_FIN_WAIT2:
2735 	case IRDMA_CM_STATE_OFFLOADED:
2736 	case IRDMA_CM_STATE_MPAREQ_RCVD:
2737 	case IRDMA_CM_STATE_UNKNOWN:
2738 	default:
2739 		irdma_cleanup_retrans_entry(cm_node);
2740 		break;
2741 	}
2742 
2743 	return 0;
2744 }
2745 
2746 /**
2747  * irdma_process_pkt - process cm packet
2748  * @cm_node: connection's node
2749  * @rbuf: receive buffer
2750  */
2751 static void
2752 irdma_process_pkt(struct irdma_cm_node *cm_node,
2753 		  struct irdma_puda_buf *rbuf)
2754 {
2755 	enum irdma_tcpip_pkt_type pkt_type = IRDMA_PKT_TYPE_UNKNOWN;
2756 	struct tcphdr *tcph = (struct tcphdr *)rbuf->tcph;
2757 	u32 fin_set = 0;
2758 	int err;
2759 
2760 	if (tcph->th_flags & TH_RST) {
2761 		pkt_type = IRDMA_PKT_TYPE_RST;
2762 	} else if (tcph->th_flags & TH_SYN) {
2763 		pkt_type = IRDMA_PKT_TYPE_SYN;
2764 		if (tcph->th_flags & TH_ACK)
2765 			pkt_type = IRDMA_PKT_TYPE_SYNACK;
2766 	} else if (tcph->th_flags & TH_ACK) {
2767 		pkt_type = IRDMA_PKT_TYPE_ACK;
2768 	}
2769 	if (tcph->th_flags & TH_FIN)
2770 		fin_set = 1;
2771 
2772 	switch (pkt_type) {
2773 	case IRDMA_PKT_TYPE_SYN:
2774 		irdma_handle_syn_pkt(cm_node, rbuf);
2775 		break;
2776 	case IRDMA_PKT_TYPE_SYNACK:
2777 		irdma_handle_synack_pkt(cm_node, rbuf);
2778 		break;
2779 	case IRDMA_PKT_TYPE_ACK:
2780 		err = irdma_handle_ack_pkt(cm_node, rbuf);
2781 		if (fin_set && !err)
2782 			irdma_handle_fin_pkt(cm_node);
2783 		break;
2784 	case IRDMA_PKT_TYPE_RST:
2785 		irdma_handle_rst_pkt(cm_node, rbuf);
2786 		break;
2787 	default:
2788 		if (fin_set &&
2789 		    (!irdma_check_seq(cm_node, (struct tcphdr *)rbuf->tcph)))
2790 			irdma_handle_fin_pkt(cm_node);
2791 		break;
2792 	}
2793 }
2794 
2795 /**
2796  * irdma_make_listen_node - create a listen node with params
2797  * @cm_core: cm's core
2798  * @iwdev: iwarp device structure
2799  * @cm_info: quad info for connection
2800  */
2801 static struct irdma_cm_listener *
2802 irdma_make_listen_node(struct irdma_cm_core *cm_core,
2803 		       struct irdma_device *iwdev,
2804 		       struct irdma_cm_info *cm_info)
2805 {
2806 	struct irdma_cm_listener *listener;
2807 	unsigned long flags;
2808 
2809 	/* cannot have multiple matching listeners */
2810 	listener = irdma_find_listener(cm_core, cm_info->loc_addr, cm_info->ipv4,
2811 				       cm_info->loc_port, cm_info->vlan_id,
2812 				       IRDMA_CM_LISTENER_EITHER_STATE);
2813 	if (listener &&
2814 	    listener->listener_state == IRDMA_CM_LISTENER_ACTIVE_STATE) {
2815 		atomic_dec(&listener->refcnt);
2816 		return NULL;
2817 	}
2818 
2819 	if (!listener) {
2820 		/*
2821 		 * create a CM listen node 1/2 node to compare incoming traffic to
2822 		 */
2823 		listener = kzalloc(sizeof(*listener), GFP_KERNEL);
2824 		if (!listener)
2825 			return NULL;
2826 		cm_core->stats_listen_nodes_created++;
2827 		memcpy(listener->loc_addr, cm_info->loc_addr,
2828 		       sizeof(listener->loc_addr));
2829 		listener->loc_port = cm_info->loc_port;
2830 
2831 		INIT_LIST_HEAD(&listener->child_listen_list);
2832 
2833 		atomic_set(&listener->refcnt, 1);
2834 	} else {
2835 		listener->reused_node = 1;
2836 	}
2837 
2838 	listener->cm_id = cm_info->cm_id;
2839 	listener->ipv4 = cm_info->ipv4;
2840 	listener->vlan_id = cm_info->vlan_id;
2841 	atomic_set(&listener->pend_accepts_cnt, 0);
2842 	listener->cm_core = cm_core;
2843 	listener->iwdev = iwdev;
2844 
2845 	listener->backlog = cm_info->backlog;
2846 	listener->listener_state = IRDMA_CM_LISTENER_ACTIVE_STATE;
2847 
2848 	if (!listener->reused_node) {
2849 		spin_lock_irqsave(&cm_core->listen_list_lock, flags);
2850 		list_add(&listener->list, &cm_core->listen_list);
2851 		spin_unlock_irqrestore(&cm_core->listen_list_lock, flags);
2852 	}
2853 
2854 	return listener;
2855 }
2856 
2857 /**
2858  * irdma_create_cm_node - make a connection node with params
2859  * @cm_core: cm's core
2860  * @iwdev: iwarp device structure
2861  * @conn_param: connection parameters
2862  * @cm_info: quad info for connection
2863  * @caller_cm_node: pointer to cm_node structure to return
2864  */
2865 static int
2866 irdma_create_cm_node(struct irdma_cm_core *cm_core,
2867 		     struct irdma_device *iwdev,
2868 		     struct iw_cm_conn_param *conn_param,
2869 		     struct irdma_cm_info *cm_info,
2870 		     struct irdma_cm_node **caller_cm_node)
2871 {
2872 	struct irdma_cm_node *cm_node;
2873 	u16 private_data_len = conn_param->private_data_len;
2874 	const void *private_data = conn_param->private_data;
2875 
2876 	/* create a CM connection node */
2877 	cm_node = irdma_make_cm_node(cm_core, iwdev, cm_info, NULL);
2878 	if (!cm_node)
2879 		return -ENOMEM;
2880 
2881 	/* set our node side to client (active) side */
2882 	cm_node->tcp_cntxt.client = 1;
2883 	cm_node->tcp_cntxt.rcv_wscale = IRDMA_CM_DEFAULT_RCV_WND_SCALE;
2884 
2885 	irdma_record_ird_ord(cm_node, conn_param->ird, conn_param->ord);
2886 
2887 	cm_node->pdata.size = private_data_len;
2888 	cm_node->pdata.addr = cm_node->pdata_buf;
2889 
2890 	memcpy(cm_node->pdata_buf, private_data, private_data_len);
2891 	*caller_cm_node = cm_node;
2892 
2893 	return 0;
2894 }
2895 
2896 /**
2897  * irdma_cm_reject - reject and teardown a connection
2898  * @cm_node: connection's node
2899  * @pdata: ptr to private data for reject
2900  * @plen: size of private data
2901  */
2902 static int
2903 irdma_cm_reject(struct irdma_cm_node *cm_node, const void *pdata,
2904 		u8 plen)
2905 {
2906 	int ret;
2907 	int passive_state;
2908 
2909 	if (cm_node->tcp_cntxt.client)
2910 		return 0;
2911 
2912 	irdma_cleanup_retrans_entry(cm_node);
2913 
2914 	passive_state = atomic_add_return(1, &cm_node->passive_state);
2915 	if (passive_state == IRDMA_SEND_RESET_EVENT) {
2916 		cm_node->state = IRDMA_CM_STATE_CLOSED;
2917 		irdma_rem_ref_cm_node(cm_node);
2918 		return 0;
2919 	}
2920 
2921 	if (cm_node->state == IRDMA_CM_STATE_LISTENER_DESTROYED) {
2922 		irdma_rem_ref_cm_node(cm_node);
2923 		return 0;
2924 	}
2925 
2926 	ret = irdma_send_mpa_reject(cm_node, pdata, plen);
2927 	if (!ret)
2928 		return 0;
2929 
2930 	cm_node->state = IRDMA_CM_STATE_CLOSED;
2931 	if (irdma_send_reset(cm_node))
2932 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
2933 			    "send reset failed\n");
2934 
2935 	return ret;
2936 }
2937 
2938 /**
2939  * irdma_cm_close - close of cm connection
2940  * @cm_node: connection's node
2941  */
2942 static int
2943 irdma_cm_close(struct irdma_cm_node *cm_node)
2944 {
2945 	switch (cm_node->state) {
2946 	case IRDMA_CM_STATE_SYN_RCVD:
2947 	case IRDMA_CM_STATE_SYN_SENT:
2948 	case IRDMA_CM_STATE_ONE_SIDE_ESTABLISHED:
2949 	case IRDMA_CM_STATE_ESTABLISHED:
2950 	case IRDMA_CM_STATE_ACCEPTING:
2951 	case IRDMA_CM_STATE_MPAREQ_SENT:
2952 	case IRDMA_CM_STATE_MPAREQ_RCVD:
2953 		irdma_cleanup_retrans_entry(cm_node);
2954 		irdma_send_reset(cm_node);
2955 		break;
2956 	case IRDMA_CM_STATE_CLOSE_WAIT:
2957 		cm_node->state = IRDMA_CM_STATE_LAST_ACK;
2958 		irdma_send_fin(cm_node);
2959 		break;
2960 	case IRDMA_CM_STATE_FIN_WAIT1:
2961 	case IRDMA_CM_STATE_FIN_WAIT2:
2962 	case IRDMA_CM_STATE_LAST_ACK:
2963 	case IRDMA_CM_STATE_TIME_WAIT:
2964 	case IRDMA_CM_STATE_CLOSING:
2965 		return -EINVAL;
2966 	case IRDMA_CM_STATE_LISTENING:
2967 		irdma_cleanup_retrans_entry(cm_node);
2968 		irdma_send_reset(cm_node);
2969 		break;
2970 	case IRDMA_CM_STATE_MPAREJ_RCVD:
2971 	case IRDMA_CM_STATE_UNKNOWN:
2972 	case IRDMA_CM_STATE_INITED:
2973 	case IRDMA_CM_STATE_CLOSED:
2974 	case IRDMA_CM_STATE_LISTENER_DESTROYED:
2975 		irdma_rem_ref_cm_node(cm_node);
2976 		break;
2977 	case IRDMA_CM_STATE_OFFLOADED:
2978 		if (cm_node->send_entry)
2979 			irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
2980 				    "CM send_entry in OFFLOADED state\n");
2981 		irdma_rem_ref_cm_node(cm_node);
2982 		break;
2983 	}
2984 
2985 	return 0;
2986 }
2987 
2988 /**
2989  * irdma_receive_ilq - recv an ETHERNET packet, and process it
2990  * through CM
2991  * @vsi: VSI structure of dev
2992  * @rbuf: receive buffer
2993  */
2994 void
2995 irdma_receive_ilq(struct irdma_sc_vsi *vsi, struct irdma_puda_buf *rbuf)
2996 {
2997 	struct irdma_cm_node *cm_node;
2998 	struct irdma_cm_listener *listener;
2999 	struct ip *iph;
3000 	struct ip6_hdr *ip6h;
3001 	struct tcphdr *tcph;
3002 	struct irdma_cm_info cm_info = {0};
3003 	struct irdma_device *iwdev = vsi->back_vsi;
3004 	struct irdma_cm_core *cm_core = &iwdev->cm_core;
3005 	struct ether_vlan_header *ethh;
3006 	u16 vtag;
3007 
3008 	/* if vlan, then maclen = 18 else 14 */
3009 	iph = (struct ip *)rbuf->iph;
3010 	irdma_debug_buf(vsi->dev, IRDMA_DEBUG_ILQ, "RECEIVE ILQ BUFFER",
3011 			rbuf->mem.va, rbuf->totallen);
3012 	if (iwdev->rf->sc_dev.hw_attrs.uk_attrs.hw_rev >= IRDMA_GEN_2) {
3013 		if (rbuf->vlan_valid) {
3014 			vtag = rbuf->vlan_id;
3015 			cm_info.user_pri = (vtag & EVL_PRI_MASK) >>
3016 			    VLAN_PRIO_SHIFT;
3017 			cm_info.vlan_id = vtag & EVL_VLID_MASK;
3018 		} else {
3019 			cm_info.vlan_id = 0xFFFF;
3020 		}
3021 	} else {
3022 		ethh = rbuf->mem.va;
3023 
3024 		if (ethh->evl_proto == htons(ETH_P_8021Q)) {
3025 			vtag = ntohs(ethh->evl_tag);
3026 			cm_info.user_pri = (vtag & EVL_PRI_MASK) >>
3027 			    VLAN_PRIO_SHIFT;
3028 			cm_info.vlan_id = vtag & EVL_VLID_MASK;
3029 			irdma_debug(&cm_core->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3030 				    "vlan_id=%d\n", cm_info.vlan_id);
3031 		} else {
3032 			cm_info.vlan_id = 0xFFFF;
3033 		}
3034 	}
3035 	tcph = (struct tcphdr *)rbuf->tcph;
3036 
3037 	if (rbuf->ipv4) {
3038 		cm_info.loc_addr[0] = ntohl(iph->ip_dst.s_addr);
3039 		cm_info.rem_addr[0] = ntohl(iph->ip_src.s_addr);
3040 		cm_info.ipv4 = true;
3041 		cm_info.tos = iph->ip_tos;
3042 	} else {
3043 		ip6h = (struct ip6_hdr *)rbuf->iph;
3044 		irdma_copy_ip_ntohl(cm_info.loc_addr,
3045 				    ip6h->ip6_dst.__u6_addr.__u6_addr32);
3046 		irdma_copy_ip_ntohl(cm_info.rem_addr,
3047 				    ip6h->ip6_src.__u6_addr.__u6_addr32);
3048 		cm_info.ipv4 = false;
3049 		cm_info.tos = (ip6h->ip6_vfc << 4) | ip6h->ip6_flow;
3050 	}
3051 	cm_info.loc_port = ntohs(tcph->th_dport);
3052 	cm_info.rem_port = ntohs(tcph->th_sport);
3053 	cm_node = irdma_find_node(cm_core, cm_info.rem_port, cm_info.rem_addr,
3054 				  cm_info.loc_port, cm_info.loc_addr, cm_info.vlan_id);
3055 
3056 	if (!cm_node) {
3057 		/*
3058 		 * Only type of packet accepted are for the PASSIVE open (syn only)
3059 		 */
3060 		if (!(tcph->th_flags & TH_SYN) || tcph->th_flags & TH_ACK)
3061 			return;
3062 
3063 		listener = irdma_find_listener(cm_core,
3064 					       cm_info.loc_addr,
3065 					       cm_info.ipv4,
3066 					       cm_info.loc_port,
3067 					       cm_info.vlan_id,
3068 					       IRDMA_CM_LISTENER_ACTIVE_STATE);
3069 		if (!listener) {
3070 			cm_info.cm_id = NULL;
3071 			irdma_debug(&cm_core->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3072 				    "no listener found\n");
3073 			return;
3074 		}
3075 
3076 		cm_info.cm_id = listener->cm_id;
3077 		cm_node = irdma_make_cm_node(cm_core, iwdev, &cm_info,
3078 					     listener);
3079 		if (!cm_node) {
3080 			irdma_debug(&cm_core->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3081 				    "allocate node failed\n");
3082 			atomic_dec(&listener->refcnt);
3083 			return;
3084 		}
3085 
3086 		if (!(tcph->th_flags & (TH_RST | TH_FIN))) {
3087 			cm_node->state = IRDMA_CM_STATE_LISTENING;
3088 		} else {
3089 			irdma_rem_ref_cm_node(cm_node);
3090 			return;
3091 		}
3092 
3093 		atomic_inc(&cm_node->refcnt);
3094 	} else if (cm_node->state == IRDMA_CM_STATE_OFFLOADED) {
3095 		irdma_rem_ref_cm_node(cm_node);
3096 		return;
3097 	}
3098 
3099 	irdma_process_pkt(cm_node, rbuf);
3100 	irdma_rem_ref_cm_node(cm_node);
3101 }
3102 
3103 static int
3104 irdma_add_qh(struct irdma_cm_node *cm_node, bool active)
3105 {
3106 	if (!active)
3107 		irdma_add_conn_est_qh(cm_node);
3108 	return 0;
3109 }
3110 
3111 static void
3112 irdma_cm_free_ah_nop(struct irdma_cm_node *cm_node)
3113 {
3114 }
3115 
3116 /**
3117  * irdma_setup_cm_core - setup top level instance of a cm core
3118  * @iwdev: iwarp device structure
3119  * @rdma_ver: HW version
3120  */
3121 int
3122 irdma_setup_cm_core(struct irdma_device *iwdev, u8 rdma_ver)
3123 {
3124 	struct irdma_cm_core *cm_core = &iwdev->cm_core;
3125 
3126 	cm_core->iwdev = iwdev;
3127 	cm_core->dev = &iwdev->rf->sc_dev;
3128 
3129 	/* Handles CM event work items send to Iwarp core */
3130 	cm_core->event_wq = alloc_ordered_workqueue("iwarp-event-wq", 0);
3131 	if (!cm_core->event_wq)
3132 		return -ENOMEM;
3133 
3134 	INIT_LIST_HEAD(&cm_core->listen_list);
3135 
3136 	timer_setup(&cm_core->tcp_timer, irdma_cm_timer_tick, 0);
3137 
3138 	spin_lock_init(&cm_core->ht_lock);
3139 	spin_lock_init(&cm_core->listen_list_lock);
3140 	spin_lock_init(&cm_core->apbvt_lock);
3141 	switch (rdma_ver) {
3142 	case IRDMA_GEN_1:
3143 		cm_core->form_cm_frame = irdma_form_uda_cm_frame;
3144 		cm_core->cm_create_ah = irdma_add_qh;
3145 		cm_core->cm_free_ah = irdma_cm_free_ah_nop;
3146 		break;
3147 	case IRDMA_GEN_2:
3148 	default:
3149 		cm_core->form_cm_frame = irdma_form_ah_cm_frame;
3150 		cm_core->cm_create_ah = irdma_cm_create_ah;
3151 		cm_core->cm_free_ah = irdma_cm_free_ah;
3152 	}
3153 
3154 	return 0;
3155 }
3156 
3157 /**
3158  * irdma_cleanup_cm_core - deallocate a top level instance of a
3159  * cm core
3160  * @cm_core: cm's core
3161  */
3162 void
3163 irdma_cleanup_cm_core(struct irdma_cm_core *cm_core)
3164 {
3165 	if (!cm_core)
3166 		return;
3167 
3168 	del_timer_sync(&cm_core->tcp_timer);
3169 
3170 	destroy_workqueue(cm_core->event_wq);
3171 	cm_core->dev->ws_reset(&cm_core->iwdev->vsi);
3172 }
3173 
3174 /**
3175  * irdma_init_tcp_ctx - setup qp context
3176  * @cm_node: connection's node
3177  * @tcp_info: offload info for tcp
3178  * @iwqp: associate qp for the connection
3179  */
3180 static void
3181 irdma_init_tcp_ctx(struct irdma_cm_node *cm_node,
3182 		   struct irdma_tcp_offload_info *tcp_info,
3183 		   struct irdma_qp *iwqp)
3184 {
3185 	tcp_info->ipv4 = cm_node->ipv4;
3186 	tcp_info->drop_ooo_seg = !iwqp->iwdev->iw_ooo;
3187 	tcp_info->wscale = true;
3188 	tcp_info->ignore_tcp_opt = true;
3189 	tcp_info->ignore_tcp_uns_opt = true;
3190 	tcp_info->no_nagle = false;
3191 
3192 	tcp_info->ttl = IRDMA_DEFAULT_TTL;
3193 	tcp_info->rtt_var = IRDMA_DEFAULT_RTT_VAR;
3194 	tcp_info->ss_thresh = IRDMA_DEFAULT_SS_THRESH;
3195 	tcp_info->rexmit_thresh = IRDMA_DEFAULT_REXMIT_THRESH;
3196 
3197 	tcp_info->tcp_state = IRDMA_TCP_STATE_ESTABLISHED;
3198 	tcp_info->snd_wscale = cm_node->tcp_cntxt.snd_wscale;
3199 	tcp_info->rcv_wscale = cm_node->tcp_cntxt.rcv_wscale;
3200 
3201 	tcp_info->snd_nxt = cm_node->tcp_cntxt.loc_seq_num;
3202 	tcp_info->snd_wnd = cm_node->tcp_cntxt.snd_wnd;
3203 	tcp_info->rcv_nxt = cm_node->tcp_cntxt.rcv_nxt;
3204 	tcp_info->snd_max = cm_node->tcp_cntxt.loc_seq_num;
3205 
3206 	tcp_info->snd_una = cm_node->tcp_cntxt.loc_seq_num;
3207 	tcp_info->cwnd = 2 * cm_node->tcp_cntxt.mss;
3208 	tcp_info->snd_wl1 = cm_node->tcp_cntxt.rcv_nxt;
3209 	tcp_info->snd_wl2 = cm_node->tcp_cntxt.loc_seq_num;
3210 	tcp_info->max_snd_window = cm_node->tcp_cntxt.max_snd_wnd;
3211 	tcp_info->rcv_wnd = cm_node->tcp_cntxt.rcv_wnd
3212 	    << cm_node->tcp_cntxt.rcv_wscale;
3213 
3214 	tcp_info->flow_label = 0;
3215 	tcp_info->snd_mss = (u32)cm_node->tcp_cntxt.mss;
3216 	tcp_info->tos = cm_node->tos;
3217 	if (cm_node->vlan_id < VLAN_N_VID) {
3218 		tcp_info->insert_vlan_tag = true;
3219 		tcp_info->vlan_tag = cm_node->vlan_id;
3220 		tcp_info->vlan_tag |= cm_node->user_pri << VLAN_PRIO_SHIFT;
3221 	}
3222 	tcp_info->src_port = cm_node->loc_port;
3223 	tcp_info->dst_port = cm_node->rem_port;
3224 	tcp_info->arp_idx = (u16)irdma_arp_table(iwqp->iwdev->rf,
3225 						  cm_node->rem_addr, NULL,
3226 						  IRDMA_ARP_RESOLVE);
3227 	if (cm_node->ipv4) {
3228 		tcp_info->dest_ip_addr[3] = cm_node->rem_addr[0];
3229 		tcp_info->local_ipaddr[3] = cm_node->loc_addr[0];
3230 	} else {
3231 		memcpy(tcp_info->dest_ip_addr, cm_node->rem_addr,
3232 		       sizeof(tcp_info->dest_ip_addr));
3233 		memcpy(tcp_info->local_ipaddr, cm_node->loc_addr,
3234 		       sizeof(tcp_info->local_ipaddr));
3235 	}
3236 }
3237 
3238 /**
3239  * irdma_cm_init_tsa_conn - setup qp for RTS
3240  * @iwqp: associate qp for the connection
3241  * @cm_node: connection's node
3242  */
3243 static void
3244 irdma_cm_init_tsa_conn(struct irdma_qp *iwqp,
3245 		       struct irdma_cm_node *cm_node)
3246 {
3247 	struct irdma_iwarp_offload_info *iwarp_info;
3248 	struct irdma_qp_host_ctx_info *ctx_info;
3249 
3250 	iwarp_info = &iwqp->iwarp_info;
3251 	ctx_info = &iwqp->ctx_info;
3252 
3253 	ctx_info->tcp_info = &iwqp->tcp_info;
3254 	ctx_info->send_cq_num = iwqp->iwscq->sc_cq.cq_uk.cq_id;
3255 	ctx_info->rcv_cq_num = iwqp->iwrcq->sc_cq.cq_uk.cq_id;
3256 
3257 	iwarp_info->ord_size = cm_node->ord_size;
3258 	iwarp_info->ird_size = cm_node->ird_size;
3259 	iwarp_info->rd_en = true;
3260 	iwarp_info->rdmap_ver = 1;
3261 	iwarp_info->ddp_ver = 1;
3262 	iwarp_info->pd_id = iwqp->iwpd->sc_pd.pd_id;
3263 
3264 	ctx_info->tcp_info_valid = true;
3265 	ctx_info->iwarp_info_valid = true;
3266 	ctx_info->user_pri = cm_node->user_pri;
3267 
3268 	irdma_init_tcp_ctx(cm_node, &iwqp->tcp_info, iwqp);
3269 	if (cm_node->snd_mark_en) {
3270 		iwarp_info->snd_mark_en = true;
3271 		iwarp_info->snd_mark_offset = (iwqp->tcp_info.snd_nxt & SNDMARKER_SEQNMASK) +
3272 		    cm_node->lsmm_size;
3273 	}
3274 
3275 	cm_node->state = IRDMA_CM_STATE_OFFLOADED;
3276 	iwqp->tcp_info.tcp_state = IRDMA_TCP_STATE_ESTABLISHED;
3277 	iwqp->tcp_info.src_mac_addr_idx = iwqp->iwdev->mac_ip_table_idx;
3278 
3279 	if (cm_node->rcv_mark_en) {
3280 		iwarp_info->rcv_mark_en = true;
3281 		iwarp_info->align_hdrs = true;
3282 	}
3283 
3284 	irdma_sc_qp_setctx(&iwqp->sc_qp, iwqp->host_ctx.va, ctx_info);
3285 
3286 	/* once tcp_info is set, no need to do it again */
3287 	ctx_info->tcp_info_valid = false;
3288 	ctx_info->iwarp_info_valid = false;
3289 }
3290 
3291 /**
3292  * irdma_cm_disconn - when a connection is being closed
3293  * @iwqp: associated qp for the connection
3294  */
3295 void
3296 irdma_cm_disconn(struct irdma_qp *iwqp)
3297 {
3298 	struct irdma_device *iwdev = iwqp->iwdev;
3299 	struct disconn_work *work;
3300 	unsigned long flags;
3301 
3302 	work = kzalloc(sizeof(*work), GFP_ATOMIC);
3303 	if (!work)
3304 		return;
3305 
3306 	spin_lock_irqsave(&iwdev->rf->qptable_lock, flags);
3307 	if (!iwdev->rf->qp_table[iwqp->ibqp.qp_num]) {
3308 		spin_unlock_irqrestore(&iwdev->rf->qptable_lock, flags);
3309 		irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3310 			    "qp_id %d is already freed\n", iwqp->ibqp.qp_num);
3311 		kfree(work);
3312 		return;
3313 	}
3314 	irdma_qp_add_ref(&iwqp->ibqp);
3315 	spin_unlock_irqrestore(&iwdev->rf->qptable_lock, flags);
3316 
3317 	work->iwqp = iwqp;
3318 	INIT_WORK(&work->work, irdma_disconnect_worker);
3319 	queue_work(iwdev->cleanup_wq, &work->work);
3320 }
3321 
3322 /**
3323  * irdma_qp_disconnect - free qp and close cm
3324  * @iwqp: associate qp for the connection
3325  */
3326 static void
3327 irdma_qp_disconnect(struct irdma_qp *iwqp)
3328 {
3329 	struct irdma_device *iwdev = iwqp->iwdev;
3330 
3331 	iwqp->active_conn = 0;
3332 	/* close the CM node down if it is still active */
3333 	irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM, "Call close API\n");
3334 	irdma_cm_close(iwqp->cm_node);
3335 }
3336 
3337 /**
3338  * irdma_cm_disconn_true - called by worker thread to disconnect qp
3339  * @iwqp: associate qp for the connection
3340  */
3341 static void
3342 irdma_cm_disconn_true(struct irdma_qp *iwqp)
3343 {
3344 	struct iw_cm_id *cm_id;
3345 	struct irdma_device *iwdev;
3346 	struct irdma_sc_qp *qp = &iwqp->sc_qp;
3347 	u16 last_ae;
3348 	u8 original_hw_tcp_state;
3349 	u8 original_ibqp_state;
3350 	int disconn_status = 0;
3351 	int issue_disconn = 0;
3352 	int issue_close = 0;
3353 	int issue_flush = 0;
3354 	unsigned long flags;
3355 	int err;
3356 
3357 	iwdev = iwqp->iwdev;
3358 	spin_lock_irqsave(&iwqp->lock, flags);
3359 	if (rdma_protocol_roce(&iwdev->ibdev, 1)) {
3360 		struct ib_qp_attr attr;
3361 
3362 		if (iwqp->flush_issued || iwqp->sc_qp.qp_uk.destroy_pending) {
3363 			spin_unlock_irqrestore(&iwqp->lock, flags);
3364 			return;
3365 		}
3366 
3367 		spin_unlock_irqrestore(&iwqp->lock, flags);
3368 
3369 		attr.qp_state = IB_QPS_ERR;
3370 		irdma_modify_qp_roce(&iwqp->ibqp, &attr, IB_QP_STATE, NULL);
3371 		irdma_ib_qp_event(iwqp, qp->event_type);
3372 		return;
3373 	}
3374 
3375 	cm_id = iwqp->cm_id;
3376 	original_hw_tcp_state = iwqp->hw_tcp_state;
3377 	original_ibqp_state = iwqp->ibqp_state;
3378 	last_ae = iwqp->last_aeq;
3379 
3380 	if (qp->term_flags) {
3381 		issue_disconn = 1;
3382 		issue_close = 1;
3383 		iwqp->cm_id = NULL;
3384 		irdma_terminate_del_timer(qp);
3385 		if (!iwqp->flush_issued) {
3386 			iwqp->flush_issued = 1;
3387 			issue_flush = 1;
3388 		}
3389 	} else if ((original_hw_tcp_state == IRDMA_TCP_STATE_CLOSE_WAIT) ||
3390 		   ((original_ibqp_state == IB_QPS_RTS) &&
3391 		    (last_ae == IRDMA_AE_LLP_CONNECTION_RESET))) {
3392 		issue_disconn = 1;
3393 		if (last_ae == IRDMA_AE_LLP_CONNECTION_RESET)
3394 			disconn_status = -ECONNRESET;
3395 	}
3396 
3397 	if (original_hw_tcp_state == IRDMA_TCP_STATE_CLOSED ||
3398 	    original_hw_tcp_state == IRDMA_TCP_STATE_TIME_WAIT ||
3399 	    last_ae == IRDMA_AE_RDMAP_ROE_BAD_LLP_CLOSE ||
3400 	    last_ae == IRDMA_AE_BAD_CLOSE ||
3401 	    last_ae == IRDMA_AE_LLP_CONNECTION_RESET || iwdev->rf->reset || !cm_id) {
3402 		issue_close = 1;
3403 		iwqp->cm_id = NULL;
3404 		qp->term_flags = 0;
3405 		if (!iwqp->flush_issued) {
3406 			iwqp->flush_issued = 1;
3407 			issue_flush = 1;
3408 		}
3409 	}
3410 
3411 	spin_unlock_irqrestore(&iwqp->lock, flags);
3412 	if (issue_flush && !iwqp->sc_qp.qp_uk.destroy_pending) {
3413 		irdma_flush_wqes(iwqp, IRDMA_FLUSH_SQ | IRDMA_FLUSH_RQ |
3414 				 IRDMA_FLUSH_WAIT);
3415 
3416 		if (qp->term_flags)
3417 			irdma_ib_qp_event(iwqp, qp->event_type);
3418 	}
3419 
3420 	if (!cm_id || !cm_id->event_handler)
3421 		return;
3422 
3423 	spin_lock_irqsave(&iwdev->cm_core.ht_lock, flags);
3424 	if (!iwqp->cm_node) {
3425 		spin_unlock_irqrestore(&iwdev->cm_core.ht_lock, flags);
3426 		return;
3427 	}
3428 	atomic_inc(&iwqp->cm_node->refcnt);
3429 
3430 	spin_unlock_irqrestore(&iwdev->cm_core.ht_lock, flags);
3431 
3432 	if (issue_disconn) {
3433 		err = irdma_send_cm_event(iwqp->cm_node, cm_id,
3434 					  IW_CM_EVENT_DISCONNECT,
3435 					  disconn_status);
3436 		if (err)
3437 			irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3438 				    "disconnect event failed: - cm_id = %p\n",
3439 				    cm_id);
3440 	}
3441 	if (issue_close) {
3442 		cm_id->provider_data = iwqp;
3443 		err = irdma_send_cm_event(iwqp->cm_node, cm_id,
3444 					  IW_CM_EVENT_CLOSE, 0);
3445 		if (err)
3446 			irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3447 				    "close event failed: - cm_id = %p\n",
3448 				    cm_id);
3449 		irdma_qp_disconnect(iwqp);
3450 	}
3451 	irdma_rem_ref_cm_node(iwqp->cm_node);
3452 }
3453 
3454 /**
3455  * irdma_disconnect_worker - worker for connection close
3456  * @work: points or disconn structure
3457  */
3458 static void
3459 irdma_disconnect_worker(struct work_struct *work)
3460 {
3461 	struct disconn_work *dwork = container_of(work, struct disconn_work, work);
3462 	struct irdma_qp *iwqp = dwork->iwqp;
3463 
3464 	kfree(dwork);
3465 	irdma_cm_disconn_true(iwqp);
3466 	irdma_qp_rem_ref(&iwqp->ibqp);
3467 }
3468 
3469 /**
3470  * irdma_free_lsmm_rsrc - free lsmm memory and deregister
3471  * @iwqp: associate qp for the connection
3472  */
3473 void
3474 irdma_free_lsmm_rsrc(struct irdma_qp *iwqp)
3475 {
3476 	struct irdma_device *iwdev;
3477 
3478 	iwdev = iwqp->iwdev;
3479 
3480 	if (iwqp->ietf_mem.va) {
3481 		if (iwqp->lsmm_mr)
3482 			iwdev->ibdev.dereg_mr(iwqp->lsmm_mr, NULL);
3483 		irdma_free_dma_mem(iwdev->rf->sc_dev.hw,
3484 				   &iwqp->ietf_mem);
3485 		iwqp->ietf_mem.va = NULL;
3486 	}
3487 }
3488 
3489 /**
3490  * irdma_accept - registered call for connection to be accepted
3491  * @cm_id: cm information for passive connection
3492  * @conn_param: accpet parameters
3493  */
3494 int
3495 irdma_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
3496 {
3497 	struct ib_qp *ibqp;
3498 	struct irdma_qp *iwqp;
3499 	struct irdma_device *iwdev;
3500 	struct irdma_sc_dev *dev;
3501 	struct irdma_cm_node *cm_node;
3502 	struct ib_qp_attr attr = {0};
3503 	int passive_state;
3504 	struct ib_mr *ibmr;
3505 	struct irdma_pd *iwpd;
3506 	u16 buf_len = 0;
3507 	struct irdma_kmem_info accept;
3508 	u64 tagged_offset;
3509 	int wait_ret;
3510 	int ret = 0;
3511 
3512 	ibqp = irdma_get_qp(cm_id->device, conn_param->qpn);
3513 	if (!ibqp)
3514 		return -EINVAL;
3515 
3516 	iwqp = to_iwqp(ibqp);
3517 	iwdev = iwqp->iwdev;
3518 	dev = &iwdev->rf->sc_dev;
3519 	cm_node = cm_id->provider_data;
3520 
3521 	if (((struct sockaddr_in *)&cm_id->local_addr)->sin_family == AF_INET) {
3522 		cm_node->ipv4 = true;
3523 		cm_node->vlan_id = irdma_get_vlan_ipv4(cm_node->loc_addr);
3524 	} else {
3525 		cm_node->ipv4 = false;
3526 		irdma_netdev_vlan_ipv6(cm_node->loc_addr, &cm_node->vlan_id,
3527 				       NULL);
3528 	}
3529 	irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM, "Accept vlan_id=%d\n",
3530 		    cm_node->vlan_id);
3531 
3532 	if (cm_node->state == IRDMA_CM_STATE_LISTENER_DESTROYED) {
3533 		ret = -EINVAL;
3534 		goto error;
3535 	}
3536 
3537 	passive_state = atomic_add_return(1, &cm_node->passive_state);
3538 	if (passive_state == IRDMA_SEND_RESET_EVENT) {
3539 		ret = -ECONNRESET;
3540 		goto error;
3541 	}
3542 
3543 	buf_len = conn_param->private_data_len + IRDMA_MAX_IETF_SIZE;
3544 	iwqp->ietf_mem.size = buf_len;
3545 	iwqp->ietf_mem.va = irdma_allocate_dma_mem(dev->hw, &iwqp->ietf_mem,
3546 						   iwqp->ietf_mem.size, 1);
3547 	if (!iwqp->ietf_mem.va) {
3548 		ret = -ENOMEM;
3549 		goto error;
3550 	}
3551 
3552 	cm_node->pdata.size = conn_param->private_data_len;
3553 	accept.addr = iwqp->ietf_mem.va;
3554 	accept.size = irdma_cm_build_mpa_frame(cm_node, &accept, MPA_KEY_REPLY);
3555 	memcpy((u8 *)accept.addr + accept.size, conn_param->private_data,
3556 	       conn_param->private_data_len);
3557 
3558 	if (cm_node->dev->ws_add(iwqp->sc_qp.vsi, cm_node->user_pri)) {
3559 		ret = -ENOMEM;
3560 		goto error;
3561 	}
3562 	iwqp->sc_qp.user_pri = cm_node->user_pri;
3563 	irdma_qp_add_qos(&iwqp->sc_qp);
3564 	if (cm_node->dev->hw_attrs.uk_attrs.hw_rev == IRDMA_GEN_2)
3565 		iwdev->rf->check_fc(&iwdev->vsi, &iwqp->sc_qp);
3566 	/* setup our first outgoing iWarp send WQE (the IETF frame response) */
3567 	iwpd = iwqp->iwpd;
3568 	tagged_offset = (uintptr_t)iwqp->ietf_mem.va;
3569 	ibmr = irdma_reg_phys_mr(&iwpd->ibpd, iwqp->ietf_mem.pa, buf_len,
3570 				 IB_ACCESS_LOCAL_WRITE, &tagged_offset);
3571 	if (IS_ERR(ibmr)) {
3572 		ret = -ENOMEM;
3573 		goto error;
3574 	}
3575 
3576 	ibmr->pd = &iwpd->ibpd;
3577 	ibmr->device = iwpd->ibpd.device;
3578 	iwqp->lsmm_mr = ibmr;
3579 	if (iwqp->page)
3580 		iwqp->sc_qp.qp_uk.sq_base = kmap_local_page(iwqp->page);
3581 
3582 	cm_node->lsmm_size = accept.size + conn_param->private_data_len;
3583 	irdma_sc_send_lsmm(&iwqp->sc_qp, iwqp->ietf_mem.va, cm_node->lsmm_size,
3584 			   ibmr->lkey);
3585 
3586 	if (iwqp->page)
3587 		kunmap_local(iwqp->sc_qp.qp_uk.sq_base);
3588 
3589 	iwqp->cm_id = cm_id;
3590 	cm_node->cm_id = cm_id;
3591 
3592 	cm_id->provider_data = iwqp;
3593 	iwqp->active_conn = 0;
3594 	iwqp->cm_node = cm_node;
3595 	cm_node->iwqp = iwqp;
3596 	irdma_cm_init_tsa_conn(iwqp, cm_node);
3597 	irdma_qp_add_ref(&iwqp->ibqp);
3598 	cm_id->add_ref(cm_id);
3599 
3600 	attr.qp_state = IB_QPS_RTS;
3601 	cm_node->qhash_set = false;
3602 	cm_node->cm_core->cm_free_ah(cm_node);
3603 
3604 	irdma_modify_qp(&iwqp->ibqp, &attr, IB_QP_STATE, NULL);
3605 	if (dev->hw_attrs.uk_attrs.feature_flags & IRDMA_FEATURE_RTS_AE) {
3606 		wait_ret = wait_event_interruptible_timeout(iwqp->waitq,
3607 							    iwqp->rts_ae_rcvd,
3608 							    IRDMA_MAX_TIMEOUT);
3609 		if (!wait_ret) {
3610 			irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3611 				    "Slow Connection: cm_node=%p, loc_port=%d, rem_port=%d, cm_id=%p\n",
3612 				    cm_node, cm_node->loc_port,
3613 				    cm_node->rem_port, cm_node->cm_id);
3614 			ret = -ECONNRESET;
3615 			goto error;
3616 		}
3617 	}
3618 
3619 	irdma_send_cm_event(cm_node, cm_id, IW_CM_EVENT_ESTABLISHED, 0);
3620 	cm_node->accelerated = true;
3621 	complete(&cm_node->establish_comp);
3622 
3623 	if (cm_node->accept_pend) {
3624 		atomic_dec(&cm_node->listener->pend_accepts_cnt);
3625 		cm_node->accept_pend = 0;
3626 	}
3627 
3628 	irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3629 		    "rem_port=0x%04x, loc_port=0x%04x rem_addr=%x loc_addr=%x cm_node=%p cm_id=%p qp_id=%d\n\n",
3630 		    cm_node->rem_port, cm_node->loc_port, cm_node->rem_addr[0],
3631 		    cm_node->loc_addr[0], cm_node, cm_id, ibqp->qp_num);
3632 	cm_node->cm_core->stats_accepts++;
3633 
3634 	return 0;
3635 error:
3636 	irdma_free_lsmm_rsrc(iwqp);
3637 	irdma_rem_ref_cm_node(cm_node);
3638 
3639 	return ret;
3640 }
3641 
3642 /**
3643  * irdma_reject - registered call for connection to be rejected
3644  * @cm_id: cm information for passive connection
3645  * @pdata: private data to be sent
3646  * @pdata_len: private data length
3647  */
3648 int
3649 irdma_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len)
3650 {
3651 	struct irdma_device *iwdev;
3652 	struct irdma_cm_node *cm_node;
3653 
3654 	cm_node = cm_id->provider_data;
3655 	cm_node->pdata.size = pdata_len;
3656 
3657 	iwdev = to_iwdev(cm_id->device);
3658 	if (!iwdev)
3659 		return -EINVAL;
3660 
3661 	cm_node->cm_core->stats_rejects++;
3662 
3663 	if (pdata_len + sizeof(struct ietf_mpa_v2) > IRDMA_MAX_CM_BUF)
3664 		return -EINVAL;
3665 
3666 	return irdma_cm_reject(cm_node, pdata, pdata_len);
3667 }
3668 
3669 /**
3670  * irdma_connect - registered call for connection to be established
3671  * @cm_id: cm information for passive connection
3672  * @conn_param: Information about the connection
3673  */
3674 int
3675 irdma_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
3676 {
3677 	struct ib_qp *ibqp;
3678 	struct irdma_qp *iwqp;
3679 	struct irdma_device *iwdev;
3680 	struct irdma_cm_node *cm_node;
3681 	struct irdma_cm_info cm_info;
3682 	struct sockaddr_in *laddr;
3683 	struct sockaddr_in *raddr;
3684 	struct sockaddr_in6 *laddr6;
3685 	struct sockaddr_in6 *raddr6;
3686 	int ret = 0;
3687 
3688 	ibqp = irdma_get_qp(cm_id->device, conn_param->qpn);
3689 	if (!ibqp)
3690 		return -EINVAL;
3691 	iwqp = to_iwqp(ibqp);
3692 	if (!iwqp)
3693 		return -EINVAL;
3694 	iwdev = iwqp->iwdev;
3695 	if (!iwdev)
3696 		return -EINVAL;
3697 
3698 	laddr = (struct sockaddr_in *)&cm_id->m_local_addr;
3699 	raddr = (struct sockaddr_in *)&cm_id->m_remote_addr;
3700 	laddr6 = (struct sockaddr_in6 *)&cm_id->m_local_addr;
3701 	raddr6 = (struct sockaddr_in6 *)&cm_id->m_remote_addr;
3702 
3703 	if (!(laddr->sin_port) || !(raddr->sin_port))
3704 		return -EINVAL;
3705 
3706 	iwqp->active_conn = 1;
3707 	iwqp->cm_id = NULL;
3708 	cm_id->provider_data = iwqp;
3709 
3710 	/* set up the connection params for the node */
3711 	if (cm_id->remote_addr.ss_family == AF_INET) {
3712 		if (iwdev->vsi.mtu < IRDMA_MIN_MTU_IPV4)
3713 			return -EINVAL;
3714 
3715 		cm_info.ipv4 = true;
3716 		memset(cm_info.loc_addr, 0, sizeof(cm_info.loc_addr));
3717 		memset(cm_info.rem_addr, 0, sizeof(cm_info.rem_addr));
3718 		cm_info.loc_addr[0] = ntohl(laddr->sin_addr.s_addr);
3719 		cm_info.rem_addr[0] = ntohl(raddr->sin_addr.s_addr);
3720 		cm_info.loc_port = ntohs(laddr->sin_port);
3721 		cm_info.rem_port = ntohs(raddr->sin_port);
3722 		cm_info.vlan_id = irdma_get_vlan_ipv4(cm_info.loc_addr);
3723 	} else {
3724 		if (iwdev->vsi.mtu < IRDMA_MIN_MTU_IPV6)
3725 			return -EINVAL;
3726 
3727 		cm_info.ipv4 = false;
3728 		irdma_copy_ip_ntohl(cm_info.loc_addr,
3729 				    laddr6->sin6_addr.__u6_addr.__u6_addr32);
3730 		irdma_copy_ip_ntohl(cm_info.rem_addr,
3731 				    raddr6->sin6_addr.__u6_addr.__u6_addr32);
3732 		cm_info.loc_port = ntohs(laddr6->sin6_port);
3733 		cm_info.rem_port = ntohs(raddr6->sin6_port);
3734 		irdma_netdev_vlan_ipv6(cm_info.loc_addr, &cm_info.vlan_id, NULL);
3735 	}
3736 	cm_info.cm_id = cm_id;
3737 	cm_info.qh_qpid = iwdev->vsi.ilq->qp_id;
3738 	cm_info.tos = cm_id->tos;
3739 	if (iwdev->vsi.dscp_mode) {
3740 		cm_info.user_pri =
3741 		    iwqp->sc_qp.vsi->dscp_map[irdma_tos2dscp(cm_info.tos)];
3742 	} else {
3743 		cm_info.user_pri = rt_tos2priority(cm_id->tos);
3744 		cm_info.user_pri =
3745 		    irdma_iw_get_vlan_prio(cm_info.loc_addr,
3746 					   cm_info.user_pri,
3747 					   cm_info.ipv4);
3748 	}
3749 
3750 	if (iwqp->sc_qp.dev->ws_add(iwqp->sc_qp.vsi, cm_info.user_pri))
3751 		return -ENOMEM;
3752 	iwqp->sc_qp.user_pri = cm_info.user_pri;
3753 	irdma_qp_add_qos(&iwqp->sc_qp);
3754 	if (iwdev->rf->sc_dev.hw_attrs.uk_attrs.hw_rev == IRDMA_GEN_2)
3755 		iwdev->rf->check_fc(&iwdev->vsi, &iwqp->sc_qp);
3756 	irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_DCB, "TOS:[%d] UP:[%d]\n",
3757 		    cm_id->tos, cm_info.user_pri);
3758 
3759 	ret = irdma_create_cm_node(&iwdev->cm_core, iwdev, conn_param, &cm_info,
3760 				   &cm_node);
3761 	if (ret)
3762 		return ret;
3763 	ret = cm_node->cm_core->cm_create_ah(cm_node, true);
3764 	if (ret)
3765 		goto err;
3766 	if (irdma_manage_qhash(iwdev, &cm_info,
3767 			       IRDMA_QHASH_TYPE_TCP_ESTABLISHED,
3768 			       IRDMA_QHASH_MANAGE_TYPE_ADD, NULL, true)) {
3769 		ret = -EINVAL;
3770 		goto err;
3771 	}
3772 	cm_node->qhash_set = true;
3773 
3774 	cm_node->apbvt_entry = irdma_add_apbvt(iwdev, cm_info.loc_port);
3775 	if (!cm_node->apbvt_entry) {
3776 		ret = -EINVAL;
3777 		goto err;
3778 	}
3779 
3780 	cm_node->apbvt_set = true;
3781 	iwqp->cm_node = cm_node;
3782 	cm_node->iwqp = iwqp;
3783 	iwqp->cm_id = cm_id;
3784 	irdma_qp_add_ref(&iwqp->ibqp);
3785 	cm_id->add_ref(cm_id);
3786 
3787 	if (cm_node->state != IRDMA_CM_STATE_OFFLOADED) {
3788 		cm_node->state = IRDMA_CM_STATE_SYN_SENT;
3789 		ret = irdma_send_syn(cm_node, 0);
3790 		if (ret)
3791 			goto err;
3792 	}
3793 
3794 	irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3795 		    "rem_port=0x%04x, loc_port=0x%04x rem_addr=%x loc_addr=%x cm_node=%p cm_id=%p qp_id = %d\n\n",
3796 		    cm_node->rem_port, cm_node->loc_port, cm_node->rem_addr[0],
3797 		    cm_node->loc_addr[0], cm_node, cm_id, ibqp->qp_num);
3798 
3799 	return 0;
3800 
3801 err:
3802 	if (cm_info.ipv4)
3803 		irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3804 			    "connect() FAILED: dest addr=%x",
3805 			    cm_info.rem_addr[0]);
3806 	else
3807 		irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3808 			    "connect() FAILED: dest addr=%x:%x:%x:%x",
3809 			    IRDMA_PRINT_IP6(cm_info.rem_addr));
3810 	irdma_rem_ref_cm_node(cm_node);
3811 	iwdev->cm_core.stats_connect_errs++;
3812 
3813 	return ret;
3814 }
3815 
3816 /**
3817  * irdma_create_listen - registered call creating listener
3818  * @cm_id: cm information for passive connection
3819  * @backlog: to max accept pending count
3820  */
3821 int
3822 irdma_create_listen(struct iw_cm_id *cm_id, int backlog)
3823 {
3824 	struct irdma_device *iwdev;
3825 	struct irdma_cm_listener *cm_listen_node;
3826 	struct irdma_cm_info cm_info = {0};
3827 	struct sockaddr_in *laddr;
3828 	struct sockaddr_in6 *laddr6;
3829 	bool wildcard = false;
3830 	int err;
3831 
3832 	iwdev = to_iwdev(cm_id->device);
3833 	if (!iwdev)
3834 		return -EINVAL;
3835 
3836 	laddr = (struct sockaddr_in *)&cm_id->m_local_addr;
3837 	laddr6 = (struct sockaddr_in6 *)&cm_id->m_local_addr;
3838 	cm_info.qh_qpid = iwdev->vsi.ilq->qp_id;
3839 
3840 	if (laddr->sin_family == AF_INET) {
3841 		if (iwdev->vsi.mtu < IRDMA_MIN_MTU_IPV4)
3842 			return -EINVAL;
3843 
3844 		cm_info.ipv4 = true;
3845 		cm_info.loc_addr[0] = ntohl(laddr->sin_addr.s_addr);
3846 		cm_info.loc_port = ntohs(laddr->sin_port);
3847 
3848 		if (laddr->sin_addr.s_addr != htonl(INADDR_ANY)) {
3849 			cm_info.vlan_id = irdma_get_vlan_ipv4(cm_info.loc_addr);
3850 		} else {
3851 			cm_info.vlan_id = 0xFFFF;
3852 			wildcard = true;
3853 		}
3854 	} else {
3855 		if (iwdev->vsi.mtu < IRDMA_MIN_MTU_IPV6)
3856 			return -EINVAL;
3857 
3858 		cm_info.ipv4 = false;
3859 		irdma_copy_ip_ntohl(cm_info.loc_addr,
3860 				    laddr6->sin6_addr.__u6_addr.__u6_addr32);
3861 		cm_info.loc_port = ntohs(laddr6->sin6_port);
3862 		if (!IN6_IS_ADDR_UNSPECIFIED(&laddr6->sin6_addr)) {
3863 			irdma_netdev_vlan_ipv6(cm_info.loc_addr,
3864 					       &cm_info.vlan_id, NULL);
3865 		} else {
3866 			cm_info.vlan_id = 0xFFFF;
3867 			wildcard = true;
3868 		}
3869 	}
3870 
3871 	if (cm_info.vlan_id >= VLAN_N_VID && iwdev->dcb_vlan_mode)
3872 		cm_info.vlan_id = 0;
3873 	cm_info.backlog = backlog;
3874 	cm_info.cm_id = cm_id;
3875 
3876 	cm_listen_node = irdma_make_listen_node(&iwdev->cm_core, iwdev,
3877 						&cm_info);
3878 	if (!cm_listen_node) {
3879 		irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3880 			    "cm_listen_node == NULL\n");
3881 		return -ENOMEM;
3882 	}
3883 
3884 	cm_id->provider_data = cm_listen_node;
3885 
3886 	cm_listen_node->tos = cm_id->tos;
3887 	if (iwdev->vsi.dscp_mode)
3888 		cm_listen_node->user_pri =
3889 		    iwdev->vsi.dscp_map[irdma_tos2dscp(cm_id->tos)];
3890 	else
3891 		cm_listen_node->user_pri = rt_tos2priority(cm_id->tos);
3892 	cm_info.user_pri = cm_listen_node->user_pri;
3893 	if (!cm_listen_node->reused_node) {
3894 		if (wildcard) {
3895 			err = irdma_add_mqh(iwdev, &cm_info, cm_listen_node);
3896 			if (err)
3897 				goto error;
3898 		} else {
3899 			if (!iwdev->vsi.dscp_mode)
3900 				cm_info.user_pri = cm_listen_node->user_pri =
3901 				    irdma_iw_get_vlan_prio(cm_info.loc_addr,
3902 							   cm_info.user_pri,
3903 							   cm_info.ipv4);
3904 			err = irdma_manage_qhash(iwdev, &cm_info,
3905 						 IRDMA_QHASH_TYPE_TCP_SYN,
3906 						 IRDMA_QHASH_MANAGE_TYPE_ADD,
3907 						 NULL, true);
3908 			if (err)
3909 				goto error;
3910 
3911 			cm_listen_node->qhash_set = true;
3912 		}
3913 
3914 		cm_listen_node->apbvt_entry = irdma_add_apbvt(iwdev,
3915 							      cm_info.loc_port);
3916 		if (!cm_listen_node->apbvt_entry)
3917 			goto error;
3918 	}
3919 	cm_id->add_ref(cm_id);
3920 	cm_listen_node->cm_core->stats_listen_created++;
3921 	irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3922 		    "loc_port=0x%04x loc_addr=%x cm_listen_node=%p cm_id=%p qhash_set=%d vlan_id=%d\n",
3923 		    cm_listen_node->loc_port, cm_listen_node->loc_addr[0],
3924 		    cm_listen_node, cm_listen_node->cm_id,
3925 		    cm_listen_node->qhash_set, cm_listen_node->vlan_id);
3926 
3927 	return 0;
3928 
3929 error:
3930 
3931 	irdma_cm_del_listen(&iwdev->cm_core, cm_listen_node, false);
3932 
3933 	return -EINVAL;
3934 }
3935 
3936 /**
3937  * irdma_destroy_listen - registered call to destroy listener
3938  * @cm_id: cm information for passive connection
3939  */
3940 int
3941 irdma_destroy_listen(struct iw_cm_id *cm_id)
3942 {
3943 	struct irdma_device *iwdev;
3944 
3945 	iwdev = to_iwdev(cm_id->device);
3946 	if (cm_id->provider_data)
3947 		irdma_cm_del_listen(&iwdev->cm_core, cm_id->provider_data,
3948 				    true);
3949 	else
3950 		irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
3951 			    "cm_id->provider_data was NULL\n");
3952 
3953 	cm_id->rem_ref(cm_id);
3954 
3955 	return 0;
3956 }
3957 
3958 /**
3959  * irdma_iw_teardown_list_prep - add conn nodes slated for tear
3960  * down to list
3961  * @cm_core: cm's core
3962  * @teardown_list: a list to which cm_node will be selected
3963  * @ipaddr: pointer to ip address
3964  * @nfo: pointer to cm_info structure instance
3965  * @disconnect_all: flag indicating disconnect all QPs
3966  */
3967 static void
3968 irdma_iw_teardown_list_prep(struct irdma_cm_core *cm_core,
3969 			    struct list_head *teardown_list,
3970 			    u32 *ipaddr,
3971 			    struct irdma_cm_info *nfo,
3972 			    bool disconnect_all)
3973 {
3974 	struct irdma_cm_node *cm_node;
3975 	int bkt;
3976 
3977 	HASH_FOR_EACH_RCU(cm_core->cm_hash_tbl, bkt, cm_node, list) {
3978 		if ((disconnect_all ||
3979 		     (nfo->vlan_id == cm_node->vlan_id &&
3980 		      !memcmp(cm_node->loc_addr, ipaddr, nfo->ipv4 ? 4 : 16))) &&
3981 		    atomic_inc_not_zero(&cm_node->refcnt))
3982 			list_add(&cm_node->teardown_entry, teardown_list);
3983 	}
3984 }
3985 
3986 static inline bool
3987 irdma_ip_vlan_match(u32 *ip1, u16 vlan_id1,
3988 		    bool check_vlan, u32 *ip2,
3989 		    u16 vlan_id2, bool ipv4)
3990 {
3991 	return (!check_vlan || vlan_id1 == vlan_id2) &&
3992 	    !memcmp(ip1, ip2, ipv4 ? 4 : 16);
3993 }
3994 
3995 /**
3996  * irdma_roce_teardown_list_prep - add conn nodes slated for
3997  * tear down to list
3998  * @iwdev: RDMA device
3999  * @teardown_list: a list to which cm_node will be selected
4000  * @ipaddr: pointer to ip address
4001  * @nfo: pointer to cm_info structure instance
4002  * @disconnect_all: flag indicating disconnect all QPs
4003  */
4004 static void
4005 irdma_roce_teardown_list_prep(struct irdma_device *iwdev,
4006 			      struct list_head *teardown_list,
4007 			      u32 *ipaddr,
4008 			      struct irdma_cm_info *nfo,
4009 			      bool disconnect_all)
4010 {
4011 	struct irdma_sc_vsi *vsi = &iwdev->vsi;
4012 	struct irdma_sc_qp *sc_qp;
4013 	struct list_head *list_node;
4014 	struct irdma_qp *qp;
4015 	unsigned long flags;
4016 	int i;
4017 
4018 	for (i = 0; i < IRDMA_MAX_USER_PRIORITY; i++) {
4019 		mutex_lock(&vsi->qos[i].qos_mutex);
4020 		list_for_each(list_node, &vsi->qos[i].qplist) {
4021 			u32 qp_ip[4];
4022 
4023 			sc_qp = container_of(list_node, struct irdma_sc_qp,
4024 					     list);
4025 			if (sc_qp->qp_uk.qp_type != IRDMA_QP_TYPE_ROCE_RC)
4026 				continue;
4027 
4028 			qp = sc_qp->qp_uk.back_qp;
4029 			if (!disconnect_all) {
4030 				if (nfo->ipv4)
4031 					qp_ip[0] = qp->udp_info.local_ipaddr[3];
4032 				else
4033 					memcpy(qp_ip,
4034 					       &qp->udp_info.local_ipaddr[0],
4035 					       sizeof(qp_ip));
4036 			}
4037 
4038 			if (disconnect_all ||
4039 			    irdma_ip_vlan_match(qp_ip,
4040 						qp->udp_info.vlan_tag & EVL_VLID_MASK,
4041 						qp->udp_info.insert_vlan_tag,
4042 						ipaddr, nfo->vlan_id, nfo->ipv4)) {
4043 				spin_lock_irqsave(&iwdev->rf->qptable_lock, flags);
4044 				if (iwdev->rf->qp_table[sc_qp->qp_uk.qp_id]) {
4045 					irdma_qp_add_ref(&qp->ibqp);
4046 					list_add(&qp->teardown_entry, teardown_list);
4047 				}
4048 				spin_unlock_irqrestore(&iwdev->rf->qptable_lock, flags);
4049 			}
4050 		}
4051 		mutex_unlock(&vsi->qos[i].qos_mutex);
4052 	}
4053 }
4054 
4055 /**
4056  * irdma_cm_event_connected - handle connected active node
4057  * @event: the info for cm_node of connection
4058  */
4059 static void
4060 irdma_cm_event_connected(struct irdma_cm_event *event)
4061 {
4062 	struct irdma_qp *iwqp;
4063 	struct irdma_device *iwdev;
4064 	struct irdma_cm_node *cm_node;
4065 	struct irdma_sc_dev *dev;
4066 	struct ib_qp_attr attr = {0};
4067 	struct iw_cm_id *cm_id;
4068 	int status;
4069 	bool read0;
4070 	int wait_ret = 0;
4071 
4072 	cm_node = event->cm_node;
4073 	cm_id = cm_node->cm_id;
4074 	iwqp = cm_id->provider_data;
4075 	iwdev = iwqp->iwdev;
4076 	dev = &iwdev->rf->sc_dev;
4077 	if (iwqp->sc_qp.qp_uk.destroy_pending) {
4078 		status = -ETIMEDOUT;
4079 		goto error;
4080 	}
4081 
4082 	irdma_cm_init_tsa_conn(iwqp, cm_node);
4083 	read0 = (cm_node->send_rdma0_op == SEND_RDMA_READ_ZERO);
4084 	if (iwqp->page)
4085 		iwqp->sc_qp.qp_uk.sq_base = kmap_local_page(iwqp->page);
4086 	irdma_sc_send_rtt(&iwqp->sc_qp, read0);
4087 	if (iwqp->page)
4088 		kunmap_local(iwqp->sc_qp.qp_uk.sq_base);
4089 
4090 	attr.qp_state = IB_QPS_RTS;
4091 	cm_node->qhash_set = false;
4092 	irdma_modify_qp(&iwqp->ibqp, &attr, IB_QP_STATE, NULL);
4093 	if (dev->hw_attrs.uk_attrs.feature_flags & IRDMA_FEATURE_RTS_AE) {
4094 		wait_ret = wait_event_interruptible_timeout(iwqp->waitq,
4095 							    iwqp->rts_ae_rcvd,
4096 							    IRDMA_MAX_TIMEOUT);
4097 		if (!wait_ret)
4098 			irdma_debug(&iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
4099 				    "Slow Connection: cm_node=%p, loc_port=%d, rem_port=%d, cm_id=%p\n",
4100 				    cm_node, cm_node->loc_port,
4101 				    cm_node->rem_port, cm_node->cm_id);
4102 	}
4103 
4104 	irdma_send_cm_event(cm_node, cm_id, IW_CM_EVENT_CONNECT_REPLY, 0);
4105 	cm_node->accelerated = true;
4106 	complete(&cm_node->establish_comp);
4107 	cm_node->cm_core->cm_free_ah(cm_node);
4108 	return;
4109 
4110 error:
4111 	iwqp->cm_id = NULL;
4112 	cm_id->provider_data = NULL;
4113 	irdma_send_cm_event(event->cm_node, cm_id, IW_CM_EVENT_CONNECT_REPLY,
4114 			    status);
4115 	irdma_rem_ref_cm_node(event->cm_node);
4116 }
4117 
4118 /**
4119  * irdma_cm_event_reset - handle reset
4120  * @event: the info for cm_node of connection
4121  */
4122 static void
4123 irdma_cm_event_reset(struct irdma_cm_event *event)
4124 {
4125 	struct irdma_cm_node *cm_node = event->cm_node;
4126 	struct iw_cm_id *cm_id = cm_node->cm_id;
4127 	struct irdma_qp *iwqp;
4128 
4129 	if (!cm_id)
4130 		return;
4131 
4132 	iwqp = cm_id->provider_data;
4133 	if (!iwqp)
4134 		return;
4135 
4136 	irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
4137 		    "reset event %p - cm_id = %p\n", event->cm_node, cm_id);
4138 	iwqp->cm_id = NULL;
4139 
4140 	irdma_send_cm_event(cm_node, cm_node->cm_id, IW_CM_EVENT_DISCONNECT,
4141 			    -ECONNRESET);
4142 	irdma_send_cm_event(cm_node, cm_node->cm_id, IW_CM_EVENT_CLOSE, 0);
4143 }
4144 
4145 /**
4146  * irdma_cm_event_handler - send event to cm upper layer
4147  * @work: pointer of cm event info.
4148  */
4149 static void
4150 irdma_cm_event_handler(struct work_struct *work)
4151 {
4152 	struct irdma_cm_event *event = container_of(work, struct irdma_cm_event, event_work);
4153 	struct irdma_cm_node *cm_node;
4154 
4155 	if (!event || !event->cm_node || !event->cm_node->cm_core)
4156 		return;
4157 
4158 	cm_node = event->cm_node;
4159 
4160 	switch (event->type) {
4161 	case IRDMA_CM_EVENT_MPA_REQ:
4162 		irdma_send_cm_event(cm_node, cm_node->cm_id,
4163 				    IW_CM_EVENT_CONNECT_REQUEST, 0);
4164 		break;
4165 	case IRDMA_CM_EVENT_RESET:
4166 		irdma_cm_event_reset(event);
4167 		break;
4168 	case IRDMA_CM_EVENT_CONNECTED:
4169 		if (!event->cm_node->cm_id ||
4170 		    event->cm_node->state != IRDMA_CM_STATE_OFFLOADED)
4171 			break;
4172 		irdma_cm_event_connected(event);
4173 		break;
4174 	case IRDMA_CM_EVENT_MPA_REJECT:
4175 		if (!event->cm_node->cm_id ||
4176 		    cm_node->state == IRDMA_CM_STATE_OFFLOADED)
4177 			break;
4178 		irdma_send_cm_event(cm_node, cm_node->cm_id,
4179 				    IW_CM_EVENT_CONNECT_REPLY, -ECONNREFUSED);
4180 		break;
4181 	case IRDMA_CM_EVENT_ABORTED:
4182 		if (!event->cm_node->cm_id ||
4183 		    event->cm_node->state == IRDMA_CM_STATE_OFFLOADED)
4184 			break;
4185 		irdma_event_connect_error(event);
4186 		break;
4187 	default:
4188 		irdma_debug(&cm_node->iwdev->rf->sc_dev, IRDMA_DEBUG_CM,
4189 			    "bad event type = %d\n", event->type);
4190 		break;
4191 	}
4192 
4193 	irdma_rem_ref_cm_node(event->cm_node);
4194 	kfree(event);
4195 }
4196 
4197 /**
4198  * irdma_cm_post_event - queue event request for worker thread
4199  * @event: cm node's info for up event call
4200  */
4201 static void
4202 irdma_cm_post_event(struct irdma_cm_event *event)
4203 {
4204 	atomic_inc(&event->cm_node->refcnt);
4205 	INIT_WORK(&event->event_work, irdma_cm_event_handler);
4206 	queue_work(event->cm_node->cm_core->event_wq, &event->event_work);
4207 }
4208 
4209 /**
4210  * irdma_cm_teardown_connections - teardown QPs
4211  * @iwdev: device pointer
4212  * @ipaddr: Pointer to IPv4 or IPv6 address
4213  * @nfo: Connection info
4214  * @disconnect_all: flag indicating disconnect all QPs
4215  *
4216  * teardown QPs where source or destination addr matches ip addr
4217  */
4218 static void __unused
4219 irdma_cm_teardown_connections(struct irdma_device *iwdev,
4220 			      u32 *ipaddr,
4221 			      struct irdma_cm_info *nfo,
4222 			      bool disconnect_all)
4223 {
4224 	struct irdma_cm_core *cm_core = &iwdev->cm_core;
4225 	struct list_head *list_core_temp;
4226 	struct list_head *list_node;
4227 	struct irdma_cm_node *cm_node;
4228 	struct list_head teardown_list;
4229 	struct ib_qp_attr attr;
4230 	struct irdma_qp *qp;
4231 
4232 	INIT_LIST_HEAD(&teardown_list);
4233 
4234 	rcu_read_lock();
4235 	irdma_iw_teardown_list_prep(cm_core, &teardown_list, ipaddr, nfo, disconnect_all);
4236 	rcu_read_unlock();
4237 
4238 	attr.qp_state = IB_QPS_ERR;
4239 	list_for_each_safe(list_node, list_core_temp, &teardown_list) {
4240 		cm_node = container_of(list_node, struct irdma_cm_node,
4241 				       teardown_entry);
4242 		irdma_modify_qp(&cm_node->iwqp->ibqp, &attr, IB_QP_STATE, NULL);
4243 		if (iwdev->rf->reset)
4244 			irdma_cm_disconn(cm_node->iwqp);
4245 		irdma_rem_ref_cm_node(cm_node);
4246 	}
4247 
4248 	if (!rdma_protocol_roce(&iwdev->ibdev, 1))
4249 		return;
4250 
4251 	INIT_LIST_HEAD(&teardown_list);
4252 	irdma_roce_teardown_list_prep(iwdev, &teardown_list, ipaddr, nfo, disconnect_all);
4253 
4254 	list_for_each_safe(list_node, list_core_temp, &teardown_list) {
4255 		qp = container_of(list_node, struct irdma_qp, teardown_entry);
4256 		irdma_modify_qp_roce(&qp->ibqp, &attr, IB_QP_STATE, NULL);
4257 		irdma_ib_qp_event(qp, IRDMA_QP_EVENT_CATASTROPHIC);
4258 		irdma_qp_rem_ref(&qp->ibqp);
4259 	}
4260 }
4261