xref: /freebsd/sys/ofed/drivers/infiniband/ulp/ipoib/ipoib_cm.c (revision 6f63e88c0166ed3e5f2805a9e667c7d24d304cf1)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause OR GPL-2.0
3  *
4  * Copyright (c) 2006 Mellanox Technologies. All rights reserved
5  *
6  * This software is available to you under a choice of one of two
7  * licenses.  You may choose to be licensed under the terms of the GNU
8  * General Public License (GPL) Version 2, available from the file
9  * COPYING in the main directory of this source tree, or the
10  * OpenIB.org BSD license below:
11  *
12  *     Redistribution and use in source and binary forms, with or
13  *     without modification, are permitted provided that the following
14  *     conditions are met:
15  *
16  *      - Redistributions of source code must retain the above
17  *        copyright notice, this list of conditions and the following
18  *        disclaimer.
19  *
20  *      - Redistributions in binary form must reproduce the above
21  *        copyright notice, this list of conditions and the following
22  *        disclaimer in the documentation and/or other materials
23  *        provided with the distribution.
24  *
25  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
29  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
30  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
31  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32  * SOFTWARE.
33  */
34 
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
37 
38 #include "ipoib.h"
39 
40 #ifdef CONFIG_INFINIBAND_IPOIB_CM
41 
42 #include <netinet/ip.h>
43 #include <netinet/ip_icmp.h>
44 #include <netinet/icmp6.h>
45 
46 #include <rdma/ib_cm.h>
47 #include <rdma/ib_cache.h>
48 #include <linux/delay.h>
49 
50 int ipoib_max_conn_qp = 128;
51 
52 module_param_named(max_nonsrq_conn_qp, ipoib_max_conn_qp, int, 0444);
53 MODULE_PARM_DESC(max_nonsrq_conn_qp,
54 		 "Max number of connected-mode QPs per interface "
55 		 "(applied only if shared receive queue is not available)");
56 
57 #ifdef CONFIG_INFINIBAND_IPOIB_DEBUG_DATA
58 static int data_debug_level;
59 
60 module_param_named(cm_data_debug_level, data_debug_level, int, 0644);
61 MODULE_PARM_DESC(cm_data_debug_level,
62 		 "Enable data path debug tracing for connected mode if > 0");
63 #endif
64 
65 #define IPOIB_CM_IETF_ID 0x1000000000000000ULL
66 
67 #define IPOIB_CM_RX_UPDATE_TIME (256 * HZ)
68 #define IPOIB_CM_RX_TIMEOUT     (2 * 256 * HZ)
69 #define IPOIB_CM_RX_DELAY       (3 * 256 * HZ)
70 #define IPOIB_CM_RX_UPDATE_MASK (0x3)
71 
72 static struct ib_qp_attr ipoib_cm_err_attr = {
73 	.qp_state = IB_QPS_ERR
74 };
75 
76 #define IPOIB_CM_RX_DRAIN_WRID 0xffffffff
77 
78 static struct ib_send_wr ipoib_cm_rx_drain_wr = {
79 	.wr_id = IPOIB_CM_RX_DRAIN_WRID,
80 	.opcode = IB_WR_SEND,
81 };
82 
83 static int ipoib_cm_tx_handler(struct ib_cm_id *cm_id,
84 			       struct ib_cm_event *event);
85 
86 static void ipoib_cm_dma_unmap_rx(struct ipoib_dev_priv *priv, struct ipoib_cm_rx_buf *rx_req)
87 {
88 
89 	ipoib_dma_unmap_rx(priv, (struct ipoib_rx_buf *)rx_req);
90 
91 }
92 
93 static int ipoib_cm_post_receive_srq(struct ipoib_dev_priv *priv, int id)
94 {
95 	struct ib_recv_wr *bad_wr;
96 	struct ipoib_rx_buf *rx_req;
97 	struct mbuf *m;
98 	int ret;
99 	int i;
100 
101 	rx_req = (struct ipoib_rx_buf *)&priv->cm.srq_ring[id];
102 	for (m = rx_req->mb, i = 0; m != NULL; m = m->m_next, i++) {
103 		priv->cm.rx_sge[i].addr = rx_req->mapping[i];
104 		priv->cm.rx_sge[i].length = m->m_len;
105 	}
106 
107 	priv->cm.rx_wr.num_sge = i;
108 	priv->cm.rx_wr.wr_id = id | IPOIB_OP_CM | IPOIB_OP_RECV;
109 
110 	ret = ib_post_srq_recv(priv->cm.srq, &priv->cm.rx_wr, &bad_wr);
111 	if (unlikely(ret)) {
112 		ipoib_warn(priv, "post srq failed for buf %d (%d)\n", id, ret);
113 		ipoib_dma_unmap_rx(priv, rx_req);
114 		m_freem(priv->cm.srq_ring[id].mb);
115 		priv->cm.srq_ring[id].mb = NULL;
116 	}
117 
118 	return ret;
119 }
120 
121 static int ipoib_cm_post_receive_nonsrq(struct ipoib_dev_priv *priv,
122 					struct ipoib_cm_rx *rx,
123 					struct ib_recv_wr *wr,
124 					struct ib_sge *sge, int id)
125 {
126 	struct ipoib_rx_buf *rx_req;
127 	struct ib_recv_wr *bad_wr;
128 	struct mbuf *m;
129 	int ret;
130 	int i;
131 
132 	rx_req = (struct ipoib_rx_buf *)&rx->rx_ring[id];
133 	for (m = rx_req->mb, i = 0; m != NULL; m = m->m_next, i++) {
134 		sge[i].addr = rx_req->mapping[i];
135 		sge[i].length = m->m_len;
136 	}
137 
138 	wr->num_sge = i;
139 	wr->wr_id = id | IPOIB_OP_CM | IPOIB_OP_RECV;
140 
141 	ret = ib_post_recv(rx->qp, wr, &bad_wr);
142 	if (unlikely(ret)) {
143 		ipoib_warn(priv, "post recv failed for buf %d (%d)\n", id, ret);
144 		ipoib_dma_unmap_rx(priv, rx_req);
145 		m_freem(rx->rx_ring[id].mb);
146 		rx->rx_ring[id].mb = NULL;
147 	}
148 
149 	return ret;
150 }
151 
152 static struct mbuf *
153 ipoib_cm_alloc_rx_mb(struct ipoib_dev_priv *priv, struct ipoib_cm_rx_buf *rx_req)
154 {
155 	return ipoib_alloc_map_mb(priv, (struct ipoib_rx_buf *)rx_req,
156 	    priv->cm.max_cm_mtu);
157 }
158 
159 static void ipoib_cm_free_rx_ring(struct ipoib_dev_priv *priv,
160 				  struct ipoib_cm_rx_buf *rx_ring)
161 {
162 	int i;
163 
164 	for (i = 0; i < ipoib_recvq_size; ++i)
165 		if (rx_ring[i].mb) {
166 			ipoib_cm_dma_unmap_rx(priv, &rx_ring[i]);
167 			m_freem(rx_ring[i].mb);
168 		}
169 
170 	kfree(rx_ring);
171 }
172 
173 static void ipoib_cm_start_rx_drain(struct ipoib_dev_priv *priv)
174 {
175 	struct ib_send_wr *bad_wr;
176 	struct ipoib_cm_rx *p;
177 
178 	/* We only reserved 1 extra slot in CQ for drain WRs, so
179 	 * make sure we have at most 1 outstanding WR. */
180 	if (list_empty(&priv->cm.rx_flush_list) ||
181 	    !list_empty(&priv->cm.rx_drain_list))
182 		return;
183 
184 	/*
185 	 * QPs on flush list are error state.  This way, a "flush
186 	 * error" WC will be immediately generated for each WR we post.
187 	 */
188 	p = list_entry(priv->cm.rx_flush_list.next, typeof(*p), list);
189 	if (ib_post_send(p->qp, &ipoib_cm_rx_drain_wr, &bad_wr))
190 		ipoib_warn(priv, "failed to post drain wr\n");
191 
192 	list_splice_init(&priv->cm.rx_flush_list, &priv->cm.rx_drain_list);
193 }
194 
195 static void ipoib_cm_rx_event_handler(struct ib_event *event, void *ctx)
196 {
197 	struct ipoib_cm_rx *p = ctx;
198 	struct ipoib_dev_priv *priv = p->priv;
199 	unsigned long flags;
200 
201 	if (event->event != IB_EVENT_QP_LAST_WQE_REACHED)
202 		return;
203 
204 	spin_lock_irqsave(&priv->lock, flags);
205 	list_move(&p->list, &priv->cm.rx_flush_list);
206 	p->state = IPOIB_CM_RX_FLUSH;
207 	ipoib_cm_start_rx_drain(priv);
208 	spin_unlock_irqrestore(&priv->lock, flags);
209 }
210 
211 static struct ib_qp *ipoib_cm_create_rx_qp(struct ipoib_dev_priv *priv,
212 					   struct ipoib_cm_rx *p)
213 {
214 	struct ib_qp_init_attr attr = {
215 		.event_handler = ipoib_cm_rx_event_handler,
216 		.send_cq = priv->recv_cq, /* For drain WR */
217 		.recv_cq = priv->recv_cq,
218 		.srq = priv->cm.srq,
219 		.cap.max_send_wr = 1, /* For drain WR */
220 		.cap.max_send_sge = 1,
221 		.sq_sig_type = IB_SIGNAL_ALL_WR,
222 		.qp_type = IB_QPT_RC,
223 		.qp_context = p,
224 	};
225 
226 	if (!ipoib_cm_has_srq(priv)) {
227 		attr.cap.max_recv_wr  = ipoib_recvq_size;
228 		attr.cap.max_recv_sge = priv->cm.num_frags;
229 	}
230 
231 	return ib_create_qp(priv->pd, &attr);
232 }
233 
234 static int ipoib_cm_modify_rx_qp(struct ipoib_dev_priv *priv,
235 				 struct ib_cm_id *cm_id, struct ib_qp *qp,
236 				 unsigned psn)
237 {
238 	struct ib_qp_attr qp_attr;
239 	int qp_attr_mask, ret;
240 
241 	qp_attr.qp_state = IB_QPS_INIT;
242 	ret = ib_cm_init_qp_attr(cm_id, &qp_attr, &qp_attr_mask);
243 	if (ret) {
244 		ipoib_warn(priv, "failed to init QP attr for INIT: %d\n", ret);
245 		return ret;
246 	}
247 	ret = ib_modify_qp(qp, &qp_attr, qp_attr_mask);
248 	if (ret) {
249 		ipoib_warn(priv, "failed to modify QP to INIT: %d\n", ret);
250 		return ret;
251 	}
252 	qp_attr.qp_state = IB_QPS_RTR;
253 	ret = ib_cm_init_qp_attr(cm_id, &qp_attr, &qp_attr_mask);
254 	if (ret) {
255 		ipoib_warn(priv, "failed to init QP attr for RTR: %d\n", ret);
256 		return ret;
257 	}
258 	qp_attr.rq_psn = psn;
259 	ret = ib_modify_qp(qp, &qp_attr, qp_attr_mask);
260 	if (ret) {
261 		ipoib_warn(priv, "failed to modify QP to RTR: %d\n", ret);
262 		return ret;
263 	}
264 
265 	/*
266 	 * Current Mellanox HCA firmware won't generate completions
267 	 * with error for drain WRs unless the QP has been moved to
268 	 * RTS first. This work-around leaves a window where a QP has
269 	 * moved to error asynchronously, but this will eventually get
270 	 * fixed in firmware, so let's not error out if modify QP
271 	 * fails.
272 	 */
273 	qp_attr.qp_state = IB_QPS_RTS;
274 	ret = ib_cm_init_qp_attr(cm_id, &qp_attr, &qp_attr_mask);
275 	if (ret) {
276 		ipoib_warn(priv, "failed to init QP attr for RTS: %d\n", ret);
277 		return 0;
278 	}
279 	ret = ib_modify_qp(qp, &qp_attr, qp_attr_mask);
280 	if (ret) {
281 		ipoib_warn(priv, "failed to modify QP to RTS: %d\n", ret);
282 		return 0;
283 	}
284 
285 	return 0;
286 }
287 
288 static void ipoib_cm_init_rx_wr(struct ipoib_dev_priv *priv,
289 				struct ib_recv_wr *wr,
290 				struct ib_sge *sge)
291 {
292 	int i;
293 
294 	for (i = 0; i < IPOIB_CM_RX_SG; i++)
295 		sge[i].lkey = priv->pd->local_dma_lkey;
296 
297 	wr->next    = NULL;
298 	wr->sg_list = sge;
299 	wr->num_sge = 1;
300 }
301 
302 static int ipoib_cm_nonsrq_init_rx(struct ipoib_dev_priv *priv,
303     struct ib_cm_id *cm_id, struct ipoib_cm_rx *rx)
304 {
305 	struct {
306 		struct ib_recv_wr wr;
307 		struct ib_sge sge[IPOIB_CM_RX_SG];
308 	} *t;
309 	int ret;
310 	int i;
311 
312 	rx->rx_ring = kzalloc(ipoib_recvq_size * sizeof *rx->rx_ring, GFP_KERNEL);
313 	if (!rx->rx_ring) {
314 		printk(KERN_WARNING "%s: failed to allocate CM non-SRQ ring (%d entries)\n",
315 		       priv->ca->name, ipoib_recvq_size);
316 		return -ENOMEM;
317 	}
318 
319 	memset(rx->rx_ring, 0, ipoib_recvq_size * sizeof *rx->rx_ring);
320 
321 	t = kmalloc(sizeof *t, GFP_KERNEL);
322 	if (!t) {
323 		ret = -ENOMEM;
324 		goto err_free;
325 	}
326 
327 	ipoib_cm_init_rx_wr(priv, &t->wr, t->sge);
328 
329 	spin_lock_irq(&priv->lock);
330 
331 	if (priv->cm.nonsrq_conn_qp >= ipoib_max_conn_qp) {
332 		spin_unlock_irq(&priv->lock);
333 		ib_send_cm_rej(cm_id, IB_CM_REJ_NO_QP, NULL, 0, NULL, 0);
334 		ret = -EINVAL;
335 		goto err_free;
336 	} else
337 		++priv->cm.nonsrq_conn_qp;
338 
339 	spin_unlock_irq(&priv->lock);
340 
341 	for (i = 0; i < ipoib_recvq_size; ++i) {
342 		if (!ipoib_cm_alloc_rx_mb(priv, &rx->rx_ring[i])) {
343 			ipoib_warn(priv, "failed to allocate receive buffer %d\n", i);
344 				ret = -ENOMEM;
345 				goto err_count;
346 		}
347 		ret = ipoib_cm_post_receive_nonsrq(priv, rx, &t->wr, t->sge, i);
348 		if (ret) {
349 			ipoib_warn(priv, "ipoib_cm_post_receive_nonsrq "
350 				   "failed for buf %d\n", i);
351 			ret = -EIO;
352 			goto err_count;
353 		}
354 	}
355 
356 	rx->recv_count = ipoib_recvq_size;
357 
358 	kfree(t);
359 
360 	return 0;
361 
362 err_count:
363 	spin_lock_irq(&priv->lock);
364 	--priv->cm.nonsrq_conn_qp;
365 	spin_unlock_irq(&priv->lock);
366 
367 err_free:
368 	kfree(t);
369 	ipoib_cm_free_rx_ring(priv, rx->rx_ring);
370 
371 	return ret;
372 }
373 
374 static int ipoib_cm_send_rep(struct ipoib_dev_priv *priv, struct ib_cm_id *cm_id,
375 			     struct ib_qp *qp, struct ib_cm_req_event_param *req,
376 			     unsigned psn)
377 {
378 	struct ipoib_cm_data data = {};
379 	struct ib_cm_rep_param rep = {};
380 
381 	data.qpn = cpu_to_be32(priv->qp->qp_num);
382 	data.mtu = cpu_to_be32(priv->cm.max_cm_mtu);
383 
384 	rep.private_data = &data;
385 	rep.private_data_len = sizeof data;
386 	rep.flow_control = 0;
387 	rep.rnr_retry_count = req->rnr_retry_count;
388 	rep.srq = ipoib_cm_has_srq(priv);
389 	rep.qp_num = qp->qp_num;
390 	rep.starting_psn = psn;
391 	return ib_send_cm_rep(cm_id, &rep);
392 }
393 
394 static int ipoib_cm_req_handler(struct ib_cm_id *cm_id, struct ib_cm_event *event)
395 {
396 	struct ipoib_dev_priv *priv = cm_id->context;
397 	struct ipoib_cm_rx *p;
398 	unsigned psn;
399 	int ret;
400 
401 	ipoib_dbg(priv, "REQ arrived\n");
402 	p = kzalloc(sizeof *p, GFP_KERNEL);
403 	if (!p)
404 		return -ENOMEM;
405 	p->priv = priv;
406 	p->id = cm_id;
407 	cm_id->context = p;
408 	p->state = IPOIB_CM_RX_LIVE;
409 	p->jiffies = jiffies;
410 	INIT_LIST_HEAD(&p->list);
411 
412 	p->qp = ipoib_cm_create_rx_qp(priv, p);
413 	if (IS_ERR(p->qp)) {
414 		ret = PTR_ERR(p->qp);
415 		goto err_qp;
416 	}
417 
418 	psn = random() & 0xffffff;
419 	ret = ipoib_cm_modify_rx_qp(priv, cm_id, p->qp, psn);
420 	if (ret)
421 		goto err_modify;
422 
423 	if (!ipoib_cm_has_srq(priv)) {
424 		ret = ipoib_cm_nonsrq_init_rx(priv, cm_id, p);
425 		if (ret)
426 			goto err_modify;
427 	}
428 
429 	spin_lock_irq(&priv->lock);
430 	queue_delayed_work(ipoib_workqueue,
431 			   &priv->cm.stale_task, IPOIB_CM_RX_DELAY);
432 	/* Add this entry to passive ids list head, but do not re-add it
433 	 * if IB_EVENT_QP_LAST_WQE_REACHED has moved it to flush list. */
434 	p->jiffies = jiffies;
435 	if (p->state == IPOIB_CM_RX_LIVE)
436 		list_move(&p->list, &priv->cm.passive_ids);
437 	spin_unlock_irq(&priv->lock);
438 
439 	ret = ipoib_cm_send_rep(priv, cm_id, p->qp, &event->param.req_rcvd, psn);
440 	if (ret) {
441 		ipoib_warn(priv, "failed to send REP: %d\n", ret);
442 		if (ib_modify_qp(p->qp, &ipoib_cm_err_attr, IB_QP_STATE))
443 			ipoib_warn(priv, "unable to move qp to error state\n");
444 	}
445 	return 0;
446 
447 err_modify:
448 	ib_destroy_qp(p->qp);
449 err_qp:
450 	kfree(p);
451 	return ret;
452 }
453 
454 static int ipoib_cm_rx_handler(struct ib_cm_id *cm_id,
455 			       struct ib_cm_event *event)
456 {
457 	struct ipoib_cm_rx *p;
458 	struct ipoib_dev_priv *priv;
459 
460 	switch (event->event) {
461 	case IB_CM_REQ_RECEIVED:
462 		return ipoib_cm_req_handler(cm_id, event);
463 	case IB_CM_DREQ_RECEIVED:
464 		p = cm_id->context;
465 		ib_send_cm_drep(cm_id, NULL, 0);
466 		/* Fall through */
467 	case IB_CM_REJ_RECEIVED:
468 		p = cm_id->context;
469 		priv = p->priv;
470 		if (ib_modify_qp(p->qp, &ipoib_cm_err_attr, IB_QP_STATE))
471 			ipoib_warn(priv, "unable to move qp to error state\n");
472 		/* Fall through */
473 	default:
474 		return 0;
475 	}
476 }
477 
478 void ipoib_cm_handle_rx_wc(struct ipoib_dev_priv *priv, struct ib_wc *wc)
479 {
480 	struct ipoib_cm_rx_buf saverx;
481 	struct ipoib_cm_rx_buf *rx_ring;
482 	unsigned int wr_id = wc->wr_id & ~(IPOIB_OP_CM | IPOIB_OP_RECV);
483 	struct ifnet *dev = priv->dev;
484 	struct mbuf *mb, *newmb;
485 	struct ipoib_cm_rx *p;
486 	int has_srq;
487 	u_short proto;
488 
489 	CURVNET_SET_QUIET(dev->if_vnet);
490 
491 	ipoib_dbg_data(priv, "cm recv completion: id %d, status: %d\n",
492 		       wr_id, wc->status);
493 
494 	if (unlikely(wr_id >= ipoib_recvq_size)) {
495 		if (wr_id == (IPOIB_CM_RX_DRAIN_WRID & ~(IPOIB_OP_CM | IPOIB_OP_RECV))) {
496 			spin_lock(&priv->lock);
497 			list_splice_init(&priv->cm.rx_drain_list, &priv->cm.rx_reap_list);
498 			ipoib_cm_start_rx_drain(priv);
499 			if (priv->cm.id != NULL)
500 				queue_work(ipoib_workqueue,
501 				    &priv->cm.rx_reap_task);
502 			spin_unlock(&priv->lock);
503 		} else
504 			ipoib_warn(priv, "cm recv completion event with wrid %d (> %d)\n",
505 				   wr_id, ipoib_recvq_size);
506 		goto done;
507 	}
508 
509 	p = wc->qp->qp_context;
510 
511 	has_srq = ipoib_cm_has_srq(priv);
512 	rx_ring = has_srq ? priv->cm.srq_ring : p->rx_ring;
513 
514 	mb = rx_ring[wr_id].mb;
515 
516 	if (unlikely(wc->status != IB_WC_SUCCESS)) {
517 		ipoib_dbg(priv, "cm recv error "
518 			   "(status=%d, wrid=%d vend_err %x)\n",
519 			   wc->status, wr_id, wc->vendor_err);
520 		if_inc_counter(dev, IFCOUNTER_IERRORS, 1);
521 		if (has_srq)
522 			goto repost;
523 		else {
524 			if (!--p->recv_count) {
525 				spin_lock(&priv->lock);
526 				list_move(&p->list, &priv->cm.rx_reap_list);
527 				queue_work(ipoib_workqueue, &priv->cm.rx_reap_task);
528 				spin_unlock(&priv->lock);
529 			}
530 			goto done;
531 		}
532 	}
533 
534 	if (unlikely(!(wr_id & IPOIB_CM_RX_UPDATE_MASK))) {
535 		if (p && time_after_eq(jiffies, p->jiffies + IPOIB_CM_RX_UPDATE_TIME)) {
536 			p->jiffies = jiffies;
537 			/* Move this entry to list head, but do not re-add it
538 			 * if it has been moved out of list. */
539 			if (p->state == IPOIB_CM_RX_LIVE)
540 				list_move(&p->list, &priv->cm.passive_ids);
541 		}
542 	}
543 
544 	memcpy(&saverx, &rx_ring[wr_id], sizeof(saverx));
545 	newmb = ipoib_cm_alloc_rx_mb(priv, &rx_ring[wr_id]);
546 	if (unlikely(!newmb)) {
547 		/*
548 		 * If we can't allocate a new RX buffer, dump
549 		 * this packet and reuse the old buffer.
550 		 */
551 		ipoib_dbg(priv, "failed to allocate receive buffer %d\n", wr_id);
552 		if_inc_counter(dev, IFCOUNTER_IERRORS, 1);
553 		memcpy(&rx_ring[wr_id], &saverx, sizeof(saverx));
554 		goto repost;
555 	}
556 
557 	ipoib_cm_dma_unmap_rx(priv, &saverx);
558 
559 	ipoib_dbg_data(priv, "received %d bytes, SLID 0x%04x\n",
560 		       wc->byte_len, wc->slid);
561 
562 	ipoib_dma_mb(priv, mb, wc->byte_len);
563 
564 	if_inc_counter(dev, IFCOUNTER_IPACKETS, 1);
565 	if_inc_counter(dev, IFCOUNTER_IBYTES, mb->m_pkthdr.len);
566 
567 	mb->m_pkthdr.rcvif = dev;
568 	proto = *mtod(mb, uint16_t *);
569 	m_adj(mb, IPOIB_ENCAP_LEN);
570 
571 	IPOIB_MTAP_PROTO(dev, mb, proto);
572 	ipoib_demux(dev, mb, ntohs(proto));
573 
574 repost:
575 	if (has_srq) {
576 		if (unlikely(ipoib_cm_post_receive_srq(priv, wr_id)))
577 			ipoib_warn(priv, "ipoib_cm_post_receive_srq failed "
578 				   "for buf %d\n", wr_id);
579 	} else {
580 		if (unlikely(ipoib_cm_post_receive_nonsrq(priv, p,
581 							  &priv->cm.rx_wr,
582 							  priv->cm.rx_sge,
583 							  wr_id))) {
584 			--p->recv_count;
585 			ipoib_warn(priv, "ipoib_cm_post_receive_nonsrq failed "
586 				   "for buf %d\n", wr_id);
587 		}
588 	}
589 done:
590 	CURVNET_RESTORE();
591 	return;
592 }
593 
594 static inline int post_send(struct ipoib_dev_priv *priv,
595 			    struct ipoib_cm_tx *tx,
596 			    struct ipoib_cm_tx_buf *tx_req,
597 			    unsigned int wr_id)
598 {
599 	struct ib_send_wr *bad_wr;
600 	struct mbuf *mb = tx_req->mb;
601 	u64 *mapping = tx_req->mapping;
602 	struct mbuf *m;
603 	int i;
604 
605 	for (m = mb, i = 0; m != NULL; m = m->m_next, i++) {
606 		priv->tx_sge[i].addr = mapping[i];
607 		priv->tx_sge[i].length = m->m_len;
608 	}
609 	priv->tx_wr.wr.num_sge = i;
610 	priv->tx_wr.wr.wr_id = wr_id | IPOIB_OP_CM;
611 	priv->tx_wr.wr.opcode = IB_WR_SEND;
612 
613 	return ib_post_send(tx->qp, &priv->tx_wr.wr, &bad_wr);
614 }
615 
616 void ipoib_cm_send(struct ipoib_dev_priv *priv, struct mbuf *mb, struct ipoib_cm_tx *tx)
617 {
618 	struct ipoib_cm_tx_buf *tx_req;
619 	struct ifnet *dev = priv->dev;
620 
621 	if (unlikely(priv->tx_outstanding > MAX_SEND_CQE)) {
622 		while (ipoib_poll_tx(priv, false))
623 			;	/* nothing */
624 	}
625 
626 	m_adj(mb, sizeof(struct ipoib_pseudoheader));
627 	if (unlikely(mb->m_pkthdr.len > tx->mtu)) {
628 		ipoib_warn(priv, "packet len %d (> %d) too long to send, dropping\n",
629 			   mb->m_pkthdr.len, tx->mtu);
630 		if_inc_counter(dev, IFCOUNTER_OERRORS, 1);
631 		ipoib_cm_mb_too_long(priv, mb, IPOIB_CM_MTU(tx->mtu));
632 		return;
633 	}
634 
635 	ipoib_dbg_data(priv, "sending packet: head 0x%x length %d connection 0x%x\n",
636 		       tx->tx_head, mb->m_pkthdr.len, tx->qp->qp_num);
637 
638 
639 	/*
640 	 * We put the mb into the tx_ring _before_ we call post_send()
641 	 * because it's entirely possible that the completion handler will
642 	 * run before we execute anything after the post_send().  That
643 	 * means we have to make sure everything is properly recorded and
644 	 * our state is consistent before we call post_send().
645 	 */
646 	tx_req = &tx->tx_ring[tx->tx_head & (ipoib_sendq_size - 1)];
647 	tx_req->mb = mb;
648 	if (unlikely(ipoib_dma_map_tx(priv->ca, (struct ipoib_tx_buf *)tx_req,
649 	    priv->cm.num_frags))) {
650 		if_inc_counter(dev, IFCOUNTER_OERRORS, 1);
651 		if (tx_req->mb)
652 			m_freem(tx_req->mb);
653 		return;
654 	}
655 
656 	if (unlikely(post_send(priv, tx, tx_req, tx->tx_head & (ipoib_sendq_size - 1)))) {
657 		ipoib_warn(priv, "post_send failed\n");
658 		if_inc_counter(dev, IFCOUNTER_OERRORS, 1);
659 		ipoib_dma_unmap_tx(priv->ca, (struct ipoib_tx_buf *)tx_req);
660 		m_freem(mb);
661 	} else {
662 		++tx->tx_head;
663 
664 		if (++priv->tx_outstanding == ipoib_sendq_size) {
665 			ipoib_dbg(priv, "TX ring 0x%x full, stopping kernel net queue\n",
666 				  tx->qp->qp_num);
667 			if (ib_req_notify_cq(priv->send_cq, IB_CQ_NEXT_COMP))
668 				ipoib_warn(priv, "request notify on send CQ failed\n");
669 			dev->if_drv_flags |= IFF_DRV_OACTIVE;
670 		}
671 	}
672 
673 }
674 
675 void ipoib_cm_handle_tx_wc(struct ipoib_dev_priv *priv, struct ib_wc *wc)
676 {
677 	struct ipoib_cm_tx *tx = wc->qp->qp_context;
678 	unsigned int wr_id = wc->wr_id & ~IPOIB_OP_CM;
679 	struct ifnet *dev = priv->dev;
680 	struct ipoib_cm_tx_buf *tx_req;
681 
682 	ipoib_dbg_data(priv, "cm send completion: id %d, status: %d\n",
683 		       wr_id, wc->status);
684 
685 	if (unlikely(wr_id >= ipoib_sendq_size)) {
686 		ipoib_warn(priv, "cm send completion event with wrid %d (> %d)\n",
687 			   wr_id, ipoib_sendq_size);
688 		return;
689 	}
690 
691 	tx_req = &tx->tx_ring[wr_id];
692 
693 	ipoib_dma_unmap_tx(priv->ca, (struct ipoib_tx_buf *)tx_req);
694 
695 	/* FIXME: is this right? Shouldn't we only increment on success? */
696 	if_inc_counter(dev, IFCOUNTER_OPACKETS, 1);
697 
698 	m_freem(tx_req->mb);
699 
700 	++tx->tx_tail;
701 	if (unlikely(--priv->tx_outstanding == ipoib_sendq_size >> 1) &&
702 	    (dev->if_drv_flags & IFF_DRV_OACTIVE) != 0 &&
703 	    test_bit(IPOIB_FLAG_ADMIN_UP, &priv->flags))
704 		dev->if_drv_flags &= ~IFF_DRV_OACTIVE;
705 
706 	if (wc->status != IB_WC_SUCCESS &&
707 	    wc->status != IB_WC_WR_FLUSH_ERR) {
708 		struct ipoib_path *path;
709 
710 		ipoib_dbg(priv, "failed cm send event "
711 			   "(status=%d, wrid=%d vend_err %x)\n",
712 			   wc->status, wr_id, wc->vendor_err);
713 
714 		path = tx->path;
715 
716 		if (path) {
717 			path->cm = NULL;
718 			rb_erase(&path->rb_node, &priv->path_tree);
719 			list_del(&path->list);
720 		}
721 
722 		if (test_and_clear_bit(IPOIB_FLAG_INITIALIZED, &tx->flags)) {
723 			list_move(&tx->list, &priv->cm.reap_list);
724 			queue_work(ipoib_workqueue, &priv->cm.reap_task);
725 		}
726 
727 		clear_bit(IPOIB_FLAG_OPER_UP, &tx->flags);
728 	}
729 
730 }
731 
732 int ipoib_cm_dev_open(struct ipoib_dev_priv *priv)
733 {
734 	int ret;
735 
736 	if (!IPOIB_CM_SUPPORTED(IF_LLADDR(priv->dev)))
737 		return 0;
738 
739 	priv->cm.id = ib_create_cm_id(priv->ca, ipoib_cm_rx_handler, priv);
740 	if (IS_ERR(priv->cm.id)) {
741 		printk(KERN_WARNING "%s: failed to create CM ID\n", priv->ca->name);
742 		ret = PTR_ERR(priv->cm.id);
743 		goto err_cm;
744 	}
745 
746 	ret = ib_cm_listen(priv->cm.id, cpu_to_be64(IPOIB_CM_IETF_ID | priv->qp->qp_num), 0);
747 	if (ret) {
748 		printk(KERN_WARNING "%s: failed to listen on ID 0x%llx\n", priv->ca->name,
749 		       IPOIB_CM_IETF_ID | priv->qp->qp_num);
750 		goto err_listen;
751 	}
752 
753 	return 0;
754 
755 err_listen:
756 	ib_destroy_cm_id(priv->cm.id);
757 err_cm:
758 	priv->cm.id = NULL;
759 	return ret;
760 }
761 
762 static void ipoib_cm_free_rx_reap_list(struct ipoib_dev_priv *priv)
763 {
764 	struct ipoib_cm_rx *rx, *n;
765 	LIST_HEAD(list);
766 
767 	spin_lock_irq(&priv->lock);
768 	list_splice_init(&priv->cm.rx_reap_list, &list);
769 	spin_unlock_irq(&priv->lock);
770 
771 	list_for_each_entry_safe(rx, n, &list, list) {
772 		ib_destroy_cm_id(rx->id);
773 		ib_destroy_qp(rx->qp);
774 		if (!ipoib_cm_has_srq(priv)) {
775 			ipoib_cm_free_rx_ring(priv, rx->rx_ring);
776 			spin_lock_irq(&priv->lock);
777 			--priv->cm.nonsrq_conn_qp;
778 			spin_unlock_irq(&priv->lock);
779 		}
780 		kfree(rx);
781 	}
782 }
783 
784 void ipoib_cm_dev_stop(struct ipoib_dev_priv *priv)
785 {
786 	struct ipoib_cm_rx *p;
787 	unsigned long begin;
788 	int ret;
789 
790 	if (!IPOIB_CM_SUPPORTED(IF_LLADDR(priv->dev)) || !priv->cm.id)
791 		return;
792 
793 	ib_destroy_cm_id(priv->cm.id);
794 	priv->cm.id = NULL;
795 
796 	cancel_work_sync(&priv->cm.rx_reap_task);
797 
798 	spin_lock_irq(&priv->lock);
799 	while (!list_empty(&priv->cm.passive_ids)) {
800 		p = list_entry(priv->cm.passive_ids.next, typeof(*p), list);
801 		list_move(&p->list, &priv->cm.rx_error_list);
802 		p->state = IPOIB_CM_RX_ERROR;
803 		spin_unlock_irq(&priv->lock);
804 		ret = ib_modify_qp(p->qp, &ipoib_cm_err_attr, IB_QP_STATE);
805 		if (ret)
806 			ipoib_warn(priv, "unable to move qp to error state: %d\n", ret);
807 		spin_lock_irq(&priv->lock);
808 	}
809 
810 	/* Wait for all RX to be drained */
811 	begin = jiffies;
812 
813 	while (!list_empty(&priv->cm.rx_error_list) ||
814 	       !list_empty(&priv->cm.rx_flush_list) ||
815 	       !list_empty(&priv->cm.rx_drain_list)) {
816 		if (time_after(jiffies, begin + 5 * HZ)) {
817 			ipoib_warn(priv, "RX drain timing out\n");
818 
819 			/*
820 			 * assume the HW is wedged and just free up everything.
821 			 */
822 			list_splice_init(&priv->cm.rx_flush_list,
823 					 &priv->cm.rx_reap_list);
824 			list_splice_init(&priv->cm.rx_error_list,
825 					 &priv->cm.rx_reap_list);
826 			list_splice_init(&priv->cm.rx_drain_list,
827 					 &priv->cm.rx_reap_list);
828 			break;
829 		}
830 		spin_unlock_irq(&priv->lock);
831 		msleep(1);
832 		ipoib_drain_cq(priv);
833 		spin_lock_irq(&priv->lock);
834 	}
835 
836 	spin_unlock_irq(&priv->lock);
837 
838 	ipoib_cm_free_rx_reap_list(priv);
839 
840 	cancel_delayed_work_sync(&priv->cm.stale_task);
841 }
842 
843 static int ipoib_cm_rep_handler(struct ib_cm_id *cm_id, struct ib_cm_event *event)
844 {
845 	struct ipoib_cm_tx *p = cm_id->context;
846 	struct ipoib_dev_priv *priv = p->priv;
847 	struct ipoib_cm_data *data = event->private_data;
848 	struct epoch_tracker et;
849 	struct ifqueue mbqueue;
850 	struct ib_qp_attr qp_attr;
851 	int qp_attr_mask, ret;
852 	struct mbuf *mb;
853 
854 	ipoib_dbg(priv, "cm rep handler\n");
855 	p->mtu = be32_to_cpu(data->mtu);
856 
857 	if (p->mtu <= IPOIB_ENCAP_LEN) {
858 		ipoib_warn(priv, "Rejecting connection: mtu %d <= %d\n",
859 			   p->mtu, IPOIB_ENCAP_LEN);
860 		return -EINVAL;
861 	}
862 
863 	qp_attr.qp_state = IB_QPS_RTR;
864 	ret = ib_cm_init_qp_attr(cm_id, &qp_attr, &qp_attr_mask);
865 	if (ret) {
866 		ipoib_warn(priv, "failed to init QP attr for RTR: %d\n", ret);
867 		return ret;
868 	}
869 
870 	qp_attr.rq_psn = 0 /* FIXME */;
871 	ret = ib_modify_qp(p->qp, &qp_attr, qp_attr_mask);
872 	if (ret) {
873 		ipoib_warn(priv, "failed to modify QP to RTR: %d\n", ret);
874 		return ret;
875 	}
876 
877 	qp_attr.qp_state = IB_QPS_RTS;
878 	ret = ib_cm_init_qp_attr(cm_id, &qp_attr, &qp_attr_mask);
879 	if (ret) {
880 		ipoib_warn(priv, "failed to init QP attr for RTS: %d\n", ret);
881 		return ret;
882 	}
883 	ret = ib_modify_qp(p->qp, &qp_attr, qp_attr_mask);
884 	if (ret) {
885 		ipoib_warn(priv, "failed to modify QP to RTS: %d\n", ret);
886 		return ret;
887 	}
888 
889 	bzero(&mbqueue, sizeof(mbqueue));
890 
891 	spin_lock_irq(&priv->lock);
892 	set_bit(IPOIB_FLAG_OPER_UP, &p->flags);
893 	if (p->path)
894 		for (;;) {
895 			_IF_DEQUEUE(&p->path->queue, mb);
896 			if (mb == NULL)
897 				break;
898 			_IF_ENQUEUE(&mbqueue, mb);
899 		}
900 	spin_unlock_irq(&priv->lock);
901 
902 	NET_EPOCH_ENTER(et);
903 	for (;;) {
904 		struct ifnet *dev = p->priv->dev;
905 		_IF_DEQUEUE(&mbqueue, mb);
906 		if (mb == NULL)
907 			break;
908 		mb->m_pkthdr.rcvif = dev;
909 		if (dev->if_transmit(dev, mb))
910 			ipoib_warn(priv, "dev_queue_xmit failed "
911 				   "to requeue packet\n");
912 	}
913 	NET_EPOCH_EXIT(et);
914 
915 	ret = ib_send_cm_rtu(cm_id, NULL, 0);
916 	if (ret) {
917 		ipoib_warn(priv, "failed to send RTU: %d\n", ret);
918 		return ret;
919 	}
920 	return 0;
921 }
922 
923 static struct ib_qp *ipoib_cm_create_tx_qp(struct ipoib_dev_priv *priv,
924     struct ipoib_cm_tx *tx)
925 {
926 	struct ib_qp_init_attr attr = {
927 		.send_cq		= priv->send_cq,
928 		.recv_cq		= priv->recv_cq,
929 		.srq			= priv->cm.srq,
930 		.cap.max_send_wr	= ipoib_sendq_size,
931 		.cap.max_send_sge	= priv->cm.num_frags,
932 		.sq_sig_type		= IB_SIGNAL_ALL_WR,
933 		.qp_type		= IB_QPT_RC,
934 		.qp_context		= tx
935 	};
936 
937 	return ib_create_qp(priv->pd, &attr);
938 }
939 
940 static int ipoib_cm_send_req(struct ipoib_dev_priv *priv,
941 			     struct ib_cm_id *id, struct ib_qp *qp,
942 			     u32 qpn,
943 			     struct ib_sa_path_rec *pathrec)
944 {
945 	struct ipoib_cm_data data = {};
946 	struct ib_cm_req_param req = {};
947 
948 	ipoib_dbg(priv, "cm send req\n");
949 
950 	data.qpn = cpu_to_be32(priv->qp->qp_num);
951 	data.mtu = cpu_to_be32(priv->cm.max_cm_mtu);
952 
953 	req.primary_path		= pathrec;
954 	req.alternate_path		= NULL;
955 	req.service_id			= cpu_to_be64(IPOIB_CM_IETF_ID | qpn);
956 	req.qp_num			= qp->qp_num;
957 	req.qp_type			= qp->qp_type;
958 	req.private_data		= &data;
959 	req.private_data_len		= sizeof data;
960 	req.flow_control		= 0;
961 
962 	req.starting_psn		= 0; /* FIXME */
963 
964 	/*
965 	 * Pick some arbitrary defaults here; we could make these
966 	 * module parameters if anyone cared about setting them.
967 	 */
968 	req.responder_resources		= 4;
969 	req.remote_cm_response_timeout	= 20;
970 	req.local_cm_response_timeout	= 20;
971 	req.retry_count			= 0; /* RFC draft warns against retries */
972 	req.rnr_retry_count		= 0; /* RFC draft warns against retries */
973 	req.max_cm_retries		= 15;
974 	req.srq				= ipoib_cm_has_srq(priv);
975 	return ib_send_cm_req(id, &req);
976 }
977 
978 static int ipoib_cm_modify_tx_init(struct ipoib_dev_priv *priv,
979 				  struct ib_cm_id *cm_id, struct ib_qp *qp)
980 {
981 	struct ib_qp_attr qp_attr;
982 	int qp_attr_mask, ret;
983 	ret = ib_find_pkey(priv->ca, priv->port, priv->pkey, &qp_attr.pkey_index);
984 	if (ret) {
985 		ipoib_warn(priv, "pkey 0x%x not found: %d\n", priv->pkey, ret);
986 		return ret;
987 	}
988 
989 	qp_attr.qp_state = IB_QPS_INIT;
990 	qp_attr.qp_access_flags = IB_ACCESS_LOCAL_WRITE;
991 	qp_attr.port_num = priv->port;
992 	qp_attr_mask = IB_QP_STATE | IB_QP_ACCESS_FLAGS | IB_QP_PKEY_INDEX | IB_QP_PORT;
993 
994 	ret = ib_modify_qp(qp, &qp_attr, qp_attr_mask);
995 	if (ret) {
996 		ipoib_warn(priv, "failed to modify tx QP to INIT: %d\n", ret);
997 		return ret;
998 	}
999 	return 0;
1000 }
1001 
1002 static int ipoib_cm_tx_init(struct ipoib_cm_tx *p, u32 qpn,
1003 			    struct ib_sa_path_rec *pathrec)
1004 {
1005 	struct ipoib_dev_priv *priv = p->priv;
1006 	int ret;
1007 
1008 	p->tx_ring = kzalloc(ipoib_sendq_size * sizeof *p->tx_ring, GFP_KERNEL);
1009 	if (!p->tx_ring) {
1010 		ipoib_warn(priv, "failed to allocate tx ring\n");
1011 		ret = -ENOMEM;
1012 		goto err_tx;
1013 	}
1014 	memset(p->tx_ring, 0, ipoib_sendq_size * sizeof *p->tx_ring);
1015 
1016 	p->qp = ipoib_cm_create_tx_qp(p->priv, p);
1017 	if (IS_ERR(p->qp)) {
1018 		ret = PTR_ERR(p->qp);
1019 		ipoib_warn(priv, "failed to allocate tx qp: %d\n", ret);
1020 		goto err_qp;
1021 	}
1022 
1023 	p->id = ib_create_cm_id(priv->ca, ipoib_cm_tx_handler, p);
1024 	if (IS_ERR(p->id)) {
1025 		ret = PTR_ERR(p->id);
1026 		ipoib_warn(priv, "failed to create tx cm id: %d\n", ret);
1027 		goto err_id;
1028 	}
1029 
1030 	ret = ipoib_cm_modify_tx_init(p->priv, p->id,  p->qp);
1031 	if (ret) {
1032 		ipoib_warn(priv, "failed to modify tx qp to rtr: %d\n", ret);
1033 		goto err_modify;
1034 	}
1035 
1036 	ret = ipoib_cm_send_req(p->priv, p->id, p->qp, qpn, pathrec);
1037 	if (ret) {
1038 		ipoib_warn(priv, "failed to send cm req: %d\n", ret);
1039 		goto err_send_cm;
1040 	}
1041 
1042 	ipoib_dbg(priv, "Request connection 0x%x for gid %pI6 qpn 0x%x\n",
1043 		  p->qp->qp_num, pathrec->dgid.raw, qpn);
1044 
1045 	return 0;
1046 
1047 err_send_cm:
1048 err_modify:
1049 	ib_destroy_cm_id(p->id);
1050 err_id:
1051 	p->id = NULL;
1052 	ib_destroy_qp(p->qp);
1053 err_qp:
1054 	p->qp = NULL;
1055 	kfree(p->tx_ring);
1056 err_tx:
1057 	return ret;
1058 }
1059 
1060 static void ipoib_cm_tx_destroy(struct ipoib_cm_tx *p)
1061 {
1062 	struct ipoib_dev_priv *priv = p->priv;
1063 	struct ifnet *dev = priv->dev;
1064 	struct ipoib_cm_tx_buf *tx_req;
1065 	unsigned long begin;
1066 
1067 	ipoib_dbg(priv, "Destroy active connection 0x%x head 0x%x tail 0x%x\n",
1068 		  p->qp ? p->qp->qp_num : 0, p->tx_head, p->tx_tail);
1069 
1070 	if (p->path)
1071 		ipoib_path_free(priv, p->path);
1072 
1073 	if (p->id)
1074 		ib_destroy_cm_id(p->id);
1075 
1076 	if (p->tx_ring) {
1077 		/* Wait for all sends to complete */
1078 		begin = jiffies;
1079 		while ((int) p->tx_tail - (int) p->tx_head < 0) {
1080 			if (time_after(jiffies, begin + 5 * HZ)) {
1081 				ipoib_warn(priv, "timing out; %d sends not completed\n",
1082 					   p->tx_head - p->tx_tail);
1083 				goto timeout;
1084 			}
1085 
1086 			msleep(1);
1087 		}
1088 	}
1089 
1090 timeout:
1091 
1092 	while ((int) p->tx_tail - (int) p->tx_head < 0) {
1093 		tx_req = &p->tx_ring[p->tx_tail & (ipoib_sendq_size - 1)];
1094 		ipoib_dma_unmap_tx(priv->ca, (struct ipoib_tx_buf *)tx_req);
1095 		m_freem(tx_req->mb);
1096 		++p->tx_tail;
1097 		if (unlikely(--priv->tx_outstanding == ipoib_sendq_size >> 1) &&
1098 		    (dev->if_drv_flags & IFF_DRV_OACTIVE) != 0 &&
1099 		    test_bit(IPOIB_FLAG_ADMIN_UP, &priv->flags))
1100 			dev->if_drv_flags &= ~IFF_DRV_OACTIVE;
1101 	}
1102 
1103 	if (p->qp)
1104 		ib_destroy_qp(p->qp);
1105 
1106 	kfree(p->tx_ring);
1107 	kfree(p);
1108 }
1109 
1110 static int ipoib_cm_tx_handler(struct ib_cm_id *cm_id,
1111 			       struct ib_cm_event *event)
1112 {
1113 	struct ipoib_cm_tx *tx = cm_id->context;
1114 	struct ipoib_dev_priv *priv = tx->priv;
1115 	struct ipoib_path *path;
1116 	unsigned long flags;
1117 	int ret;
1118 
1119 	switch (event->event) {
1120 	case IB_CM_DREQ_RECEIVED:
1121 		ipoib_dbg(priv, "DREQ received.\n");
1122 		ib_send_cm_drep(cm_id, NULL, 0);
1123 		break;
1124 	case IB_CM_REP_RECEIVED:
1125 		ipoib_dbg(priv, "REP received.\n");
1126 		ret = ipoib_cm_rep_handler(cm_id, event);
1127 		if (ret)
1128 			ib_send_cm_rej(cm_id, IB_CM_REJ_CONSUMER_DEFINED,
1129 				       NULL, 0, NULL, 0);
1130 		break;
1131 	case IB_CM_REQ_ERROR:
1132 	case IB_CM_REJ_RECEIVED:
1133 	case IB_CM_TIMEWAIT_EXIT:
1134 		ipoib_dbg(priv, "CM error %d.\n", event->event);
1135 		spin_lock_irqsave(&priv->lock, flags);
1136 		path = tx->path;
1137 
1138 		if (path) {
1139 			path->cm = NULL;
1140 			tx->path = NULL;
1141 			rb_erase(&path->rb_node, &priv->path_tree);
1142 			list_del(&path->list);
1143 		}
1144 
1145 		if (test_and_clear_bit(IPOIB_FLAG_INITIALIZED, &tx->flags)) {
1146 			list_move(&tx->list, &priv->cm.reap_list);
1147 			queue_work(ipoib_workqueue, &priv->cm.reap_task);
1148 		}
1149 
1150 		spin_unlock_irqrestore(&priv->lock, flags);
1151 		if (path)
1152 			ipoib_path_free(tx->priv, path);
1153 		break;
1154 	default:
1155 		break;
1156 	}
1157 
1158 	return 0;
1159 }
1160 
1161 struct ipoib_cm_tx *ipoib_cm_create_tx(struct ipoib_dev_priv *priv,
1162     struct ipoib_path *path)
1163 {
1164 	struct ipoib_cm_tx *tx;
1165 
1166 	tx = kzalloc(sizeof *tx, GFP_ATOMIC);
1167 	if (!tx)
1168 		return NULL;
1169 
1170 	ipoib_dbg(priv, "Creating cm tx\n");
1171 	path->cm = tx;
1172 	tx->path = path;
1173 	tx->priv = priv;
1174 	list_add(&tx->list, &priv->cm.start_list);
1175 	set_bit(IPOIB_FLAG_INITIALIZED, &tx->flags);
1176 	queue_work(ipoib_workqueue, &priv->cm.start_task);
1177 	return tx;
1178 }
1179 
1180 void ipoib_cm_destroy_tx(struct ipoib_cm_tx *tx)
1181 {
1182 	struct ipoib_dev_priv *priv = tx->priv;
1183 	if (test_and_clear_bit(IPOIB_FLAG_INITIALIZED, &tx->flags)) {
1184 		spin_lock(&priv->lock);
1185 		list_move(&tx->list, &priv->cm.reap_list);
1186 		spin_unlock(&priv->lock);
1187 		queue_work(ipoib_workqueue, &priv->cm.reap_task);
1188 		ipoib_dbg(priv, "Reap connection for gid %pI6\n",
1189 			  tx->path->pathrec.dgid.raw);
1190 		tx->path = NULL;
1191 	}
1192 }
1193 
1194 static void ipoib_cm_tx_start(struct work_struct *work)
1195 {
1196 	struct ipoib_dev_priv *priv = container_of(work, struct ipoib_dev_priv,
1197 						   cm.start_task);
1198 	struct ipoib_path *path;
1199 	struct ipoib_cm_tx *p;
1200 	unsigned long flags;
1201 	int ret;
1202 
1203 	struct ib_sa_path_rec pathrec;
1204 	u32 qpn;
1205 
1206 	ipoib_dbg(priv, "cm start task\n");
1207 	spin_lock_irqsave(&priv->lock, flags);
1208 
1209 	while (!list_empty(&priv->cm.start_list)) {
1210 		p = list_entry(priv->cm.start_list.next, typeof(*p), list);
1211 		list_del_init(&p->list);
1212 		path = p->path;
1213 		qpn = IPOIB_QPN(path->hwaddr);
1214 		memcpy(&pathrec, &p->path->pathrec, sizeof pathrec);
1215 
1216 		spin_unlock_irqrestore(&priv->lock, flags);
1217 
1218 		ret = ipoib_cm_tx_init(p, qpn, &pathrec);
1219 
1220 		spin_lock_irqsave(&priv->lock, flags);
1221 
1222 		if (ret) {
1223 			path = p->path;
1224 			if (path) {
1225 				path->cm = NULL;
1226 				rb_erase(&path->rb_node, &priv->path_tree);
1227 				list_del(&path->list);
1228 				ipoib_path_free(priv, path);
1229 			}
1230 			list_del(&p->list);
1231 			kfree(p);
1232 		}
1233 	}
1234 
1235 	spin_unlock_irqrestore(&priv->lock, flags);
1236 }
1237 
1238 static void ipoib_cm_tx_reap(struct work_struct *work)
1239 {
1240 	struct ipoib_dev_priv *priv = container_of(work, struct ipoib_dev_priv,
1241 						   cm.reap_task);
1242 	struct ipoib_cm_tx *p;
1243 	unsigned long flags;
1244 
1245 	spin_lock_irqsave(&priv->lock, flags);
1246 
1247 	while (!list_empty(&priv->cm.reap_list)) {
1248 		p = list_entry(priv->cm.reap_list.next, typeof(*p), list);
1249 		list_del(&p->list);
1250 		spin_unlock_irqrestore(&priv->lock, flags);
1251 		ipoib_cm_tx_destroy(p);
1252 		spin_lock_irqsave(&priv->lock, flags);
1253 	}
1254 
1255 	spin_unlock_irqrestore(&priv->lock, flags);
1256 }
1257 
1258 static void ipoib_cm_mb_reap(struct work_struct *work)
1259 {
1260 	struct ipoib_dev_priv *priv = container_of(work, struct ipoib_dev_priv,
1261 						   cm.mb_task);
1262 	struct mbuf *mb;
1263 	unsigned long flags;
1264 #if defined(INET) || defined(INET6)
1265 	unsigned mtu = priv->mcast_mtu;
1266 #endif
1267 	uint16_t proto;
1268 
1269 	spin_lock_irqsave(&priv->lock, flags);
1270 
1271 	CURVNET_SET_QUIET(priv->dev->if_vnet);
1272 
1273 	for (;;) {
1274 		IF_DEQUEUE(&priv->cm.mb_queue, mb);
1275 		if (mb == NULL)
1276 			break;
1277 		spin_unlock_irqrestore(&priv->lock, flags);
1278 
1279 		proto = htons(*mtod(mb, uint16_t *));
1280 		m_adj(mb, IPOIB_ENCAP_LEN);
1281 		switch (proto) {
1282 #if defined(INET)
1283 		case ETHERTYPE_IP:
1284 			icmp_error(mb, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG, 0, mtu);
1285 			break;
1286 #endif
1287 #if defined(INET6)
1288 		case ETHERTYPE_IPV6:
1289 			icmp6_error(mb, ICMP6_PACKET_TOO_BIG, 0, mtu);
1290 			break;
1291 #endif
1292 		default:
1293 			m_freem(mb);
1294 		}
1295 
1296 		spin_lock_irqsave(&priv->lock, flags);
1297 	}
1298 
1299 	CURVNET_RESTORE();
1300 
1301 	spin_unlock_irqrestore(&priv->lock, flags);
1302 }
1303 
1304 void
1305 ipoib_cm_mb_too_long(struct ipoib_dev_priv *priv, struct mbuf *mb, unsigned int mtu)
1306 {
1307 	int e = priv->cm.mb_queue.ifq_len;
1308 
1309 	IF_ENQUEUE(&priv->cm.mb_queue, mb);
1310 	if (e == 0)
1311 		queue_work(ipoib_workqueue, &priv->cm.mb_task);
1312 }
1313 
1314 static void ipoib_cm_rx_reap(struct work_struct *work)
1315 {
1316 	ipoib_cm_free_rx_reap_list(container_of(work, struct ipoib_dev_priv,
1317 						cm.rx_reap_task));
1318 }
1319 
1320 static void ipoib_cm_stale_task(struct work_struct *work)
1321 {
1322 	struct ipoib_dev_priv *priv = container_of(work, struct ipoib_dev_priv,
1323 						   cm.stale_task.work);
1324 	struct ipoib_cm_rx *p;
1325 	int ret;
1326 
1327 	spin_lock_irq(&priv->lock);
1328 	while (!list_empty(&priv->cm.passive_ids)) {
1329 		/* List is sorted by LRU, start from tail,
1330 		 * stop when we see a recently used entry */
1331 		p = list_entry(priv->cm.passive_ids.prev, typeof(*p), list);
1332 		if (time_before_eq(jiffies, p->jiffies + IPOIB_CM_RX_TIMEOUT))
1333 			break;
1334 		list_move(&p->list, &priv->cm.rx_error_list);
1335 		p->state = IPOIB_CM_RX_ERROR;
1336 		spin_unlock_irq(&priv->lock);
1337 		ret = ib_modify_qp(p->qp, &ipoib_cm_err_attr, IB_QP_STATE);
1338 		if (ret)
1339 			ipoib_warn(priv, "unable to move qp to error state: %d\n", ret);
1340 		spin_lock_irq(&priv->lock);
1341 	}
1342 
1343 	if (!list_empty(&priv->cm.passive_ids))
1344 		queue_delayed_work(ipoib_workqueue,
1345 				   &priv->cm.stale_task, IPOIB_CM_RX_DELAY);
1346 	spin_unlock_irq(&priv->lock);
1347 }
1348 
1349 
1350 static void ipoib_cm_create_srq(struct ipoib_dev_priv *priv, int max_sge)
1351 {
1352 	struct ib_srq_init_attr srq_init_attr = {
1353 		.attr = {
1354 			.max_wr  = ipoib_recvq_size,
1355 			.max_sge = max_sge
1356 		}
1357 	};
1358 
1359 	priv->cm.srq = ib_create_srq(priv->pd, &srq_init_attr);
1360 	if (IS_ERR(priv->cm.srq)) {
1361 		if (PTR_ERR(priv->cm.srq) != -ENOSYS)
1362 			printk(KERN_WARNING "%s: failed to allocate SRQ, error %ld\n",
1363 			       priv->ca->name, PTR_ERR(priv->cm.srq));
1364 		priv->cm.srq = NULL;
1365 		return;
1366 	}
1367 
1368 	priv->cm.srq_ring = kzalloc(ipoib_recvq_size * sizeof *priv->cm.srq_ring, GFP_KERNEL);
1369 	if (!priv->cm.srq_ring) {
1370 		printk(KERN_WARNING "%s: failed to allocate CM SRQ ring (%d entries)\n",
1371 		       priv->ca->name, ipoib_recvq_size);
1372 		ib_destroy_srq(priv->cm.srq);
1373 		priv->cm.srq = NULL;
1374 		return;
1375 	}
1376 
1377 	memset(priv->cm.srq_ring, 0, ipoib_recvq_size * sizeof *priv->cm.srq_ring);
1378 }
1379 
1380 int ipoib_cm_dev_init(struct ipoib_dev_priv *priv)
1381 {
1382 	struct ifnet *dev = priv->dev;
1383 	int i;
1384 	int max_srq_sge;
1385 
1386 	INIT_LIST_HEAD(&priv->cm.passive_ids);
1387 	INIT_LIST_HEAD(&priv->cm.reap_list);
1388 	INIT_LIST_HEAD(&priv->cm.start_list);
1389 	INIT_LIST_HEAD(&priv->cm.rx_error_list);
1390 	INIT_LIST_HEAD(&priv->cm.rx_flush_list);
1391 	INIT_LIST_HEAD(&priv->cm.rx_drain_list);
1392 	INIT_LIST_HEAD(&priv->cm.rx_reap_list);
1393 	INIT_WORK(&priv->cm.start_task, ipoib_cm_tx_start);
1394 	INIT_WORK(&priv->cm.reap_task, ipoib_cm_tx_reap);
1395 	INIT_WORK(&priv->cm.mb_task, ipoib_cm_mb_reap);
1396 	INIT_WORK(&priv->cm.rx_reap_task, ipoib_cm_rx_reap);
1397 	INIT_DELAYED_WORK(&priv->cm.stale_task, ipoib_cm_stale_task);
1398 
1399 	bzero(&priv->cm.mb_queue, sizeof(priv->cm.mb_queue));
1400 	mtx_init(&priv->cm.mb_queue.ifq_mtx,
1401 	    dev->if_xname, "if send queue", MTX_DEF);
1402 
1403 	max_srq_sge = priv->ca->attrs.max_srq_sge;
1404 
1405 	ipoib_dbg(priv, "max_srq_sge=%d\n", max_srq_sge);
1406 
1407 	max_srq_sge = min_t(int, IPOIB_CM_RX_SG, max_srq_sge);
1408 	ipoib_cm_create_srq(priv, max_srq_sge);
1409 	if (ipoib_cm_has_srq(priv)) {
1410 		priv->cm.max_cm_mtu = max_srq_sge * MJUMPAGESIZE;
1411 		priv->cm.num_frags  = max_srq_sge;
1412 		ipoib_dbg(priv, "max_cm_mtu = 0x%x, num_frags=%d\n",
1413 			  priv->cm.max_cm_mtu, priv->cm.num_frags);
1414 	} else {
1415 		priv->cm.max_cm_mtu = IPOIB_CM_MAX_MTU;
1416 		priv->cm.num_frags  = IPOIB_CM_RX_SG;
1417 	}
1418 
1419 	ipoib_cm_init_rx_wr(priv, &priv->cm.rx_wr, priv->cm.rx_sge);
1420 
1421 	if (ipoib_cm_has_srq(priv)) {
1422 		for (i = 0; i < ipoib_recvq_size; ++i) {
1423 			if (!ipoib_cm_alloc_rx_mb(priv, &priv->cm.srq_ring[i])) {
1424 				ipoib_warn(priv, "failed to allocate "
1425 					   "receive buffer %d\n", i);
1426 				ipoib_cm_dev_cleanup(priv);
1427 				return -ENOMEM;
1428 			}
1429 
1430 			if (ipoib_cm_post_receive_srq(priv, i)) {
1431 				ipoib_warn(priv, "ipoib_cm_post_receive_srq "
1432 					   "failed for buf %d\n", i);
1433 				ipoib_cm_dev_cleanup(priv);
1434 				return -EIO;
1435 			}
1436 		}
1437 	}
1438 
1439 	IF_LLADDR(priv->dev)[0] = IPOIB_FLAGS_RC;
1440 	return 0;
1441 }
1442 
1443 void ipoib_cm_dev_cleanup(struct ipoib_dev_priv *priv)
1444 {
1445 	int ret;
1446 
1447 	if (!priv->cm.srq)
1448 		return;
1449 
1450 	ipoib_dbg(priv, "Cleanup ipoib connected mode.\n");
1451 
1452 	ret = ib_destroy_srq(priv->cm.srq);
1453 	if (ret)
1454 		ipoib_warn(priv, "ib_destroy_srq failed: %d\n", ret);
1455 
1456 	priv->cm.srq = NULL;
1457 	if (!priv->cm.srq_ring)
1458 		return;
1459 
1460 	ipoib_cm_free_rx_ring(priv, priv->cm.srq_ring);
1461 	priv->cm.srq_ring = NULL;
1462 
1463 	mtx_destroy(&priv->cm.mb_queue.ifq_mtx);
1464 }
1465 
1466 #endif /* CONFIG_INFINIBAND_IPOIB_CM */
1467