xref: /linux/drivers/infiniband/hw/mlx4/qp.c (revision a1c3be890440a1769ed6f822376a3e3ab0d42994)
1 /*
2  * Copyright (c) 2007 Cisco Systems, Inc. All rights reserved.
3  * Copyright (c) 2007, 2008 Mellanox Technologies. All rights reserved.
4  *
5  * This software is available to you under a choice of one of two
6  * licenses.  You may choose to be licensed under the terms of the GNU
7  * General Public License (GPL) Version 2, available from the file
8  * COPYING in the main directory of this source tree, or the
9  * OpenIB.org BSD license below:
10  *
11  *     Redistribution and use in source and binary forms, with or
12  *     without modification, are permitted provided that the following
13  *     conditions are met:
14  *
15  *      - Redistributions of source code must retain the above
16  *        copyright notice, this list of conditions and the following
17  *        disclaimer.
18  *
19  *      - Redistributions in binary form must reproduce the above
20  *        copyright notice, this list of conditions and the following
21  *        disclaimer in the documentation and/or other materials
22  *        provided with the distribution.
23  *
24  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
27  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
28  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
29  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
30  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
31  * SOFTWARE.
32  */
33 
34 #include <linux/log2.h>
35 #include <linux/etherdevice.h>
36 #include <net/ip.h>
37 #include <linux/slab.h>
38 #include <linux/netdevice.h>
39 
40 #include <rdma/ib_cache.h>
41 #include <rdma/ib_pack.h>
42 #include <rdma/ib_addr.h>
43 #include <rdma/ib_mad.h>
44 #include <rdma/uverbs_ioctl.h>
45 
46 #include <linux/mlx4/driver.h>
47 #include <linux/mlx4/qp.h>
48 
49 #include "mlx4_ib.h"
50 #include <rdma/mlx4-abi.h>
51 
52 static void mlx4_ib_lock_cqs(struct mlx4_ib_cq *send_cq,
53 			     struct mlx4_ib_cq *recv_cq);
54 static void mlx4_ib_unlock_cqs(struct mlx4_ib_cq *send_cq,
55 			       struct mlx4_ib_cq *recv_cq);
56 static int _mlx4_ib_modify_wq(struct ib_wq *ibwq, enum ib_wq_state new_state,
57 			      struct ib_udata *udata);
58 
59 enum {
60 	MLX4_IB_ACK_REQ_FREQ	= 8,
61 };
62 
63 enum {
64 	MLX4_IB_DEFAULT_SCHED_QUEUE	= 0x83,
65 	MLX4_IB_DEFAULT_QP0_SCHED_QUEUE	= 0x3f,
66 	MLX4_IB_LINK_TYPE_IB		= 0,
67 	MLX4_IB_LINK_TYPE_ETH		= 1
68 };
69 
70 enum {
71 	MLX4_IB_MIN_SQ_STRIDE	= 6,
72 	MLX4_IB_CACHE_LINE_SIZE	= 64,
73 };
74 
75 enum {
76 	MLX4_RAW_QP_MTU		= 7,
77 	MLX4_RAW_QP_MSGMAX	= 31,
78 };
79 
80 #ifndef ETH_ALEN
81 #define ETH_ALEN        6
82 #endif
83 
84 static const __be32 mlx4_ib_opcode[] = {
85 	[IB_WR_SEND]				= cpu_to_be32(MLX4_OPCODE_SEND),
86 	[IB_WR_LSO]				= cpu_to_be32(MLX4_OPCODE_LSO),
87 	[IB_WR_SEND_WITH_IMM]			= cpu_to_be32(MLX4_OPCODE_SEND_IMM),
88 	[IB_WR_RDMA_WRITE]			= cpu_to_be32(MLX4_OPCODE_RDMA_WRITE),
89 	[IB_WR_RDMA_WRITE_WITH_IMM]		= cpu_to_be32(MLX4_OPCODE_RDMA_WRITE_IMM),
90 	[IB_WR_RDMA_READ]			= cpu_to_be32(MLX4_OPCODE_RDMA_READ),
91 	[IB_WR_ATOMIC_CMP_AND_SWP]		= cpu_to_be32(MLX4_OPCODE_ATOMIC_CS),
92 	[IB_WR_ATOMIC_FETCH_AND_ADD]		= cpu_to_be32(MLX4_OPCODE_ATOMIC_FA),
93 	[IB_WR_SEND_WITH_INV]			= cpu_to_be32(MLX4_OPCODE_SEND_INVAL),
94 	[IB_WR_LOCAL_INV]			= cpu_to_be32(MLX4_OPCODE_LOCAL_INVAL),
95 	[IB_WR_REG_MR]				= cpu_to_be32(MLX4_OPCODE_FMR),
96 	[IB_WR_MASKED_ATOMIC_CMP_AND_SWP]	= cpu_to_be32(MLX4_OPCODE_MASKED_ATOMIC_CS),
97 	[IB_WR_MASKED_ATOMIC_FETCH_AND_ADD]	= cpu_to_be32(MLX4_OPCODE_MASKED_ATOMIC_FA),
98 };
99 
100 enum mlx4_ib_source_type {
101 	MLX4_IB_QP_SRC	= 0,
102 	MLX4_IB_RWQ_SRC	= 1,
103 };
104 
105 static int is_tunnel_qp(struct mlx4_ib_dev *dev, struct mlx4_ib_qp *qp)
106 {
107 	if (!mlx4_is_master(dev->dev))
108 		return 0;
109 
110 	return qp->mqp.qpn >= dev->dev->phys_caps.base_tunnel_sqpn &&
111 	       qp->mqp.qpn < dev->dev->phys_caps.base_tunnel_sqpn +
112 		8 * MLX4_MFUNC_MAX;
113 }
114 
115 static int is_sqp(struct mlx4_ib_dev *dev, struct mlx4_ib_qp *qp)
116 {
117 	int proxy_sqp = 0;
118 	int real_sqp = 0;
119 	int i;
120 	/* PPF or Native -- real SQP */
121 	real_sqp = ((mlx4_is_master(dev->dev) || !mlx4_is_mfunc(dev->dev)) &&
122 		    qp->mqp.qpn >= dev->dev->phys_caps.base_sqpn &&
123 		    qp->mqp.qpn <= dev->dev->phys_caps.base_sqpn + 3);
124 	if (real_sqp)
125 		return 1;
126 	/* VF or PF -- proxy SQP */
127 	if (mlx4_is_mfunc(dev->dev)) {
128 		for (i = 0; i < dev->dev->caps.num_ports; i++) {
129 			if (qp->mqp.qpn == dev->dev->caps.spec_qps[i].qp0_proxy ||
130 			    qp->mqp.qpn == dev->dev->caps.spec_qps[i].qp1_proxy) {
131 				proxy_sqp = 1;
132 				break;
133 			}
134 		}
135 	}
136 	if (proxy_sqp)
137 		return 1;
138 
139 	return !!(qp->flags & MLX4_IB_ROCE_V2_GSI_QP);
140 }
141 
142 /* used for INIT/CLOSE port logic */
143 static int is_qp0(struct mlx4_ib_dev *dev, struct mlx4_ib_qp *qp)
144 {
145 	int proxy_qp0 = 0;
146 	int real_qp0 = 0;
147 	int i;
148 	/* PPF or Native -- real QP0 */
149 	real_qp0 = ((mlx4_is_master(dev->dev) || !mlx4_is_mfunc(dev->dev)) &&
150 		    qp->mqp.qpn >= dev->dev->phys_caps.base_sqpn &&
151 		    qp->mqp.qpn <= dev->dev->phys_caps.base_sqpn + 1);
152 	if (real_qp0)
153 		return 1;
154 	/* VF or PF -- proxy QP0 */
155 	if (mlx4_is_mfunc(dev->dev)) {
156 		for (i = 0; i < dev->dev->caps.num_ports; i++) {
157 			if (qp->mqp.qpn == dev->dev->caps.spec_qps[i].qp0_proxy) {
158 				proxy_qp0 = 1;
159 				break;
160 			}
161 		}
162 	}
163 	return proxy_qp0;
164 }
165 
166 static void *get_wqe(struct mlx4_ib_qp *qp, int offset)
167 {
168 	return mlx4_buf_offset(&qp->buf, offset);
169 }
170 
171 static void *get_recv_wqe(struct mlx4_ib_qp *qp, int n)
172 {
173 	return get_wqe(qp, qp->rq.offset + (n << qp->rq.wqe_shift));
174 }
175 
176 static void *get_send_wqe(struct mlx4_ib_qp *qp, int n)
177 {
178 	return get_wqe(qp, qp->sq.offset + (n << qp->sq.wqe_shift));
179 }
180 
181 /*
182  * Stamp a SQ WQE so that it is invalid if prefetched by marking the
183  * first four bytes of every 64 byte chunk with 0xffffffff, except for
184  * the very first chunk of the WQE.
185  */
186 static void stamp_send_wqe(struct mlx4_ib_qp *qp, int n)
187 {
188 	__be32 *wqe;
189 	int i;
190 	int s;
191 	void *buf;
192 	struct mlx4_wqe_ctrl_seg *ctrl;
193 
194 	buf = get_send_wqe(qp, n & (qp->sq.wqe_cnt - 1));
195 	ctrl = (struct mlx4_wqe_ctrl_seg *)buf;
196 	s = (ctrl->qpn_vlan.fence_size & 0x3f) << 4;
197 	for (i = 64; i < s; i += 64) {
198 		wqe = buf + i;
199 		*wqe = cpu_to_be32(0xffffffff);
200 	}
201 }
202 
203 static void mlx4_ib_qp_event(struct mlx4_qp *qp, enum mlx4_event type)
204 {
205 	struct ib_event event;
206 	struct ib_qp *ibqp = &to_mibqp(qp)->ibqp;
207 
208 	if (type == MLX4_EVENT_TYPE_PATH_MIG)
209 		to_mibqp(qp)->port = to_mibqp(qp)->alt_port;
210 
211 	if (ibqp->event_handler) {
212 		event.device     = ibqp->device;
213 		event.element.qp = ibqp;
214 		switch (type) {
215 		case MLX4_EVENT_TYPE_PATH_MIG:
216 			event.event = IB_EVENT_PATH_MIG;
217 			break;
218 		case MLX4_EVENT_TYPE_COMM_EST:
219 			event.event = IB_EVENT_COMM_EST;
220 			break;
221 		case MLX4_EVENT_TYPE_SQ_DRAINED:
222 			event.event = IB_EVENT_SQ_DRAINED;
223 			break;
224 		case MLX4_EVENT_TYPE_SRQ_QP_LAST_WQE:
225 			event.event = IB_EVENT_QP_LAST_WQE_REACHED;
226 			break;
227 		case MLX4_EVENT_TYPE_WQ_CATAS_ERROR:
228 			event.event = IB_EVENT_QP_FATAL;
229 			break;
230 		case MLX4_EVENT_TYPE_PATH_MIG_FAILED:
231 			event.event = IB_EVENT_PATH_MIG_ERR;
232 			break;
233 		case MLX4_EVENT_TYPE_WQ_INVAL_REQ_ERROR:
234 			event.event = IB_EVENT_QP_REQ_ERR;
235 			break;
236 		case MLX4_EVENT_TYPE_WQ_ACCESS_ERROR:
237 			event.event = IB_EVENT_QP_ACCESS_ERR;
238 			break;
239 		default:
240 			pr_warn("Unexpected event type %d "
241 			       "on QP %06x\n", type, qp->qpn);
242 			return;
243 		}
244 
245 		ibqp->event_handler(&event, ibqp->qp_context);
246 	}
247 }
248 
249 static void mlx4_ib_wq_event(struct mlx4_qp *qp, enum mlx4_event type)
250 {
251 	pr_warn_ratelimited("Unexpected event type %d on WQ 0x%06x. Events are not supported for WQs\n",
252 			    type, qp->qpn);
253 }
254 
255 static int send_wqe_overhead(enum mlx4_ib_qp_type type, u32 flags)
256 {
257 	/*
258 	 * UD WQEs must have a datagram segment.
259 	 * RC and UC WQEs might have a remote address segment.
260 	 * MLX WQEs need two extra inline data segments (for the UD
261 	 * header and space for the ICRC).
262 	 */
263 	switch (type) {
264 	case MLX4_IB_QPT_UD:
265 		return sizeof (struct mlx4_wqe_ctrl_seg) +
266 			sizeof (struct mlx4_wqe_datagram_seg) +
267 			((flags & MLX4_IB_QP_LSO) ? MLX4_IB_LSO_HEADER_SPARE : 0);
268 	case MLX4_IB_QPT_PROXY_SMI_OWNER:
269 	case MLX4_IB_QPT_PROXY_SMI:
270 	case MLX4_IB_QPT_PROXY_GSI:
271 		return sizeof (struct mlx4_wqe_ctrl_seg) +
272 			sizeof (struct mlx4_wqe_datagram_seg) + 64;
273 	case MLX4_IB_QPT_TUN_SMI_OWNER:
274 	case MLX4_IB_QPT_TUN_GSI:
275 		return sizeof (struct mlx4_wqe_ctrl_seg) +
276 			sizeof (struct mlx4_wqe_datagram_seg);
277 
278 	case MLX4_IB_QPT_UC:
279 		return sizeof (struct mlx4_wqe_ctrl_seg) +
280 			sizeof (struct mlx4_wqe_raddr_seg);
281 	case MLX4_IB_QPT_RC:
282 		return sizeof (struct mlx4_wqe_ctrl_seg) +
283 			sizeof (struct mlx4_wqe_masked_atomic_seg) +
284 			sizeof (struct mlx4_wqe_raddr_seg);
285 	case MLX4_IB_QPT_SMI:
286 	case MLX4_IB_QPT_GSI:
287 		return sizeof (struct mlx4_wqe_ctrl_seg) +
288 			ALIGN(MLX4_IB_UD_HEADER_SIZE +
289 			      DIV_ROUND_UP(MLX4_IB_UD_HEADER_SIZE,
290 					   MLX4_INLINE_ALIGN) *
291 			      sizeof (struct mlx4_wqe_inline_seg),
292 			      sizeof (struct mlx4_wqe_data_seg)) +
293 			ALIGN(4 +
294 			      sizeof (struct mlx4_wqe_inline_seg),
295 			      sizeof (struct mlx4_wqe_data_seg));
296 	default:
297 		return sizeof (struct mlx4_wqe_ctrl_seg);
298 	}
299 }
300 
301 static int set_rq_size(struct mlx4_ib_dev *dev, struct ib_qp_cap *cap,
302 		       bool is_user, bool has_rq, struct mlx4_ib_qp *qp,
303 		       u32 inl_recv_sz)
304 {
305 	/* Sanity check RQ size before proceeding */
306 	if (cap->max_recv_wr > dev->dev->caps.max_wqes - MLX4_IB_SQ_MAX_SPARE ||
307 	    cap->max_recv_sge > min(dev->dev->caps.max_sq_sg, dev->dev->caps.max_rq_sg))
308 		return -EINVAL;
309 
310 	if (!has_rq) {
311 		if (cap->max_recv_wr || inl_recv_sz)
312 			return -EINVAL;
313 
314 		qp->rq.wqe_cnt = qp->rq.max_gs = 0;
315 	} else {
316 		u32 max_inl_recv_sz = dev->dev->caps.max_rq_sg *
317 			sizeof(struct mlx4_wqe_data_seg);
318 		u32 wqe_size;
319 
320 		/* HW requires >= 1 RQ entry with >= 1 gather entry */
321 		if (is_user && (!cap->max_recv_wr || !cap->max_recv_sge ||
322 				inl_recv_sz > max_inl_recv_sz))
323 			return -EINVAL;
324 
325 		qp->rq.wqe_cnt	 = roundup_pow_of_two(max(1U, cap->max_recv_wr));
326 		qp->rq.max_gs	 = roundup_pow_of_two(max(1U, cap->max_recv_sge));
327 		wqe_size = qp->rq.max_gs * sizeof(struct mlx4_wqe_data_seg);
328 		qp->rq.wqe_shift = ilog2(max_t(u32, wqe_size, inl_recv_sz));
329 	}
330 
331 	/* leave userspace return values as they were, so as not to break ABI */
332 	if (is_user) {
333 		cap->max_recv_wr  = qp->rq.max_post = qp->rq.wqe_cnt;
334 		cap->max_recv_sge = qp->rq.max_gs;
335 	} else {
336 		cap->max_recv_wr  = qp->rq.max_post =
337 			min(dev->dev->caps.max_wqes - MLX4_IB_SQ_MAX_SPARE, qp->rq.wqe_cnt);
338 		cap->max_recv_sge = min(qp->rq.max_gs,
339 					min(dev->dev->caps.max_sq_sg,
340 					    dev->dev->caps.max_rq_sg));
341 	}
342 
343 	return 0;
344 }
345 
346 static int set_kernel_sq_size(struct mlx4_ib_dev *dev, struct ib_qp_cap *cap,
347 			      enum mlx4_ib_qp_type type, struct mlx4_ib_qp *qp)
348 {
349 	int s;
350 
351 	/* Sanity check SQ size before proceeding */
352 	if (cap->max_send_wr  > (dev->dev->caps.max_wqes - MLX4_IB_SQ_MAX_SPARE) ||
353 	    cap->max_send_sge > min(dev->dev->caps.max_sq_sg, dev->dev->caps.max_rq_sg) ||
354 	    cap->max_inline_data + send_wqe_overhead(type, qp->flags) +
355 	    sizeof (struct mlx4_wqe_inline_seg) > dev->dev->caps.max_sq_desc_sz)
356 		return -EINVAL;
357 
358 	/*
359 	 * For MLX transport we need 2 extra S/G entries:
360 	 * one for the header and one for the checksum at the end
361 	 */
362 	if ((type == MLX4_IB_QPT_SMI || type == MLX4_IB_QPT_GSI ||
363 	     type & (MLX4_IB_QPT_PROXY_SMI_OWNER | MLX4_IB_QPT_TUN_SMI_OWNER)) &&
364 	    cap->max_send_sge + 2 > dev->dev->caps.max_sq_sg)
365 		return -EINVAL;
366 
367 	s = max(cap->max_send_sge * sizeof (struct mlx4_wqe_data_seg),
368 		cap->max_inline_data + sizeof (struct mlx4_wqe_inline_seg)) +
369 		send_wqe_overhead(type, qp->flags);
370 
371 	if (s > dev->dev->caps.max_sq_desc_sz)
372 		return -EINVAL;
373 
374 	qp->sq.wqe_shift = ilog2(roundup_pow_of_two(s));
375 
376 	/*
377 	 * We need to leave 2 KB + 1 WR of headroom in the SQ to
378 	 * allow HW to prefetch.
379 	 */
380 	qp->sq_spare_wqes = MLX4_IB_SQ_HEADROOM(qp->sq.wqe_shift);
381 	qp->sq.wqe_cnt = roundup_pow_of_two(cap->max_send_wr +
382 					    qp->sq_spare_wqes);
383 
384 	qp->sq.max_gs =
385 		(min(dev->dev->caps.max_sq_desc_sz,
386 		     (1 << qp->sq.wqe_shift)) -
387 		 send_wqe_overhead(type, qp->flags)) /
388 		sizeof (struct mlx4_wqe_data_seg);
389 
390 	qp->buf_size = (qp->rq.wqe_cnt << qp->rq.wqe_shift) +
391 		(qp->sq.wqe_cnt << qp->sq.wqe_shift);
392 	if (qp->rq.wqe_shift > qp->sq.wqe_shift) {
393 		qp->rq.offset = 0;
394 		qp->sq.offset = qp->rq.wqe_cnt << qp->rq.wqe_shift;
395 	} else {
396 		qp->rq.offset = qp->sq.wqe_cnt << qp->sq.wqe_shift;
397 		qp->sq.offset = 0;
398 	}
399 
400 	cap->max_send_wr  = qp->sq.max_post =
401 		qp->sq.wqe_cnt - qp->sq_spare_wqes;
402 	cap->max_send_sge = min(qp->sq.max_gs,
403 				min(dev->dev->caps.max_sq_sg,
404 				    dev->dev->caps.max_rq_sg));
405 	/* We don't support inline sends for kernel QPs (yet) */
406 	cap->max_inline_data = 0;
407 
408 	return 0;
409 }
410 
411 static int set_user_sq_size(struct mlx4_ib_dev *dev,
412 			    struct mlx4_ib_qp *qp,
413 			    struct mlx4_ib_create_qp *ucmd)
414 {
415 	/* Sanity check SQ size before proceeding */
416 	if ((1 << ucmd->log_sq_bb_count) > dev->dev->caps.max_wqes	 ||
417 	    ucmd->log_sq_stride >
418 		ilog2(roundup_pow_of_two(dev->dev->caps.max_sq_desc_sz)) ||
419 	    ucmd->log_sq_stride < MLX4_IB_MIN_SQ_STRIDE)
420 		return -EINVAL;
421 
422 	qp->sq.wqe_cnt   = 1 << ucmd->log_sq_bb_count;
423 	qp->sq.wqe_shift = ucmd->log_sq_stride;
424 
425 	qp->buf_size = (qp->rq.wqe_cnt << qp->rq.wqe_shift) +
426 		(qp->sq.wqe_cnt << qp->sq.wqe_shift);
427 
428 	return 0;
429 }
430 
431 static int alloc_proxy_bufs(struct ib_device *dev, struct mlx4_ib_qp *qp)
432 {
433 	int i;
434 
435 	qp->sqp_proxy_rcv =
436 		kmalloc_array(qp->rq.wqe_cnt, sizeof(struct mlx4_ib_buf),
437 			      GFP_KERNEL);
438 	if (!qp->sqp_proxy_rcv)
439 		return -ENOMEM;
440 	for (i = 0; i < qp->rq.wqe_cnt; i++) {
441 		qp->sqp_proxy_rcv[i].addr =
442 			kmalloc(sizeof (struct mlx4_ib_proxy_sqp_hdr),
443 				GFP_KERNEL);
444 		if (!qp->sqp_proxy_rcv[i].addr)
445 			goto err;
446 		qp->sqp_proxy_rcv[i].map =
447 			ib_dma_map_single(dev, qp->sqp_proxy_rcv[i].addr,
448 					  sizeof (struct mlx4_ib_proxy_sqp_hdr),
449 					  DMA_FROM_DEVICE);
450 		if (ib_dma_mapping_error(dev, qp->sqp_proxy_rcv[i].map)) {
451 			kfree(qp->sqp_proxy_rcv[i].addr);
452 			goto err;
453 		}
454 	}
455 	return 0;
456 
457 err:
458 	while (i > 0) {
459 		--i;
460 		ib_dma_unmap_single(dev, qp->sqp_proxy_rcv[i].map,
461 				    sizeof (struct mlx4_ib_proxy_sqp_hdr),
462 				    DMA_FROM_DEVICE);
463 		kfree(qp->sqp_proxy_rcv[i].addr);
464 	}
465 	kfree(qp->sqp_proxy_rcv);
466 	qp->sqp_proxy_rcv = NULL;
467 	return -ENOMEM;
468 }
469 
470 static void free_proxy_bufs(struct ib_device *dev, struct mlx4_ib_qp *qp)
471 {
472 	int i;
473 
474 	for (i = 0; i < qp->rq.wqe_cnt; i++) {
475 		ib_dma_unmap_single(dev, qp->sqp_proxy_rcv[i].map,
476 				    sizeof (struct mlx4_ib_proxy_sqp_hdr),
477 				    DMA_FROM_DEVICE);
478 		kfree(qp->sqp_proxy_rcv[i].addr);
479 	}
480 	kfree(qp->sqp_proxy_rcv);
481 }
482 
483 static bool qp_has_rq(struct ib_qp_init_attr *attr)
484 {
485 	if (attr->qp_type == IB_QPT_XRC_INI || attr->qp_type == IB_QPT_XRC_TGT)
486 		return false;
487 
488 	return !attr->srq;
489 }
490 
491 static int qp0_enabled_vf(struct mlx4_dev *dev, int qpn)
492 {
493 	int i;
494 	for (i = 0; i < dev->caps.num_ports; i++) {
495 		if (qpn == dev->caps.spec_qps[i].qp0_proxy)
496 			return !!dev->caps.spec_qps[i].qp0_qkey;
497 	}
498 	return 0;
499 }
500 
501 static void mlx4_ib_free_qp_counter(struct mlx4_ib_dev *dev,
502 				    struct mlx4_ib_qp *qp)
503 {
504 	mutex_lock(&dev->counters_table[qp->port - 1].mutex);
505 	mlx4_counter_free(dev->dev, qp->counter_index->index);
506 	list_del(&qp->counter_index->list);
507 	mutex_unlock(&dev->counters_table[qp->port - 1].mutex);
508 
509 	kfree(qp->counter_index);
510 	qp->counter_index = NULL;
511 }
512 
513 static int set_qp_rss(struct mlx4_ib_dev *dev, struct mlx4_ib_rss *rss_ctx,
514 		      struct ib_qp_init_attr *init_attr,
515 		      struct mlx4_ib_create_qp_rss *ucmd)
516 {
517 	rss_ctx->base_qpn_tbl_sz = init_attr->rwq_ind_tbl->ind_tbl[0]->wq_num |
518 		(init_attr->rwq_ind_tbl->log_ind_tbl_size << 24);
519 
520 	if ((ucmd->rx_hash_function == MLX4_IB_RX_HASH_FUNC_TOEPLITZ) &&
521 	    (dev->dev->caps.flags2 & MLX4_DEV_CAP_FLAG2_RSS_TOP)) {
522 		memcpy(rss_ctx->rss_key, ucmd->rx_hash_key,
523 		       MLX4_EN_RSS_KEY_SIZE);
524 	} else {
525 		pr_debug("RX Hash function is not supported\n");
526 		return (-EOPNOTSUPP);
527 	}
528 
529 	if (ucmd->rx_hash_fields_mask & ~(MLX4_IB_RX_HASH_SRC_IPV4	|
530 					  MLX4_IB_RX_HASH_DST_IPV4	|
531 					  MLX4_IB_RX_HASH_SRC_IPV6	|
532 					  MLX4_IB_RX_HASH_DST_IPV6	|
533 					  MLX4_IB_RX_HASH_SRC_PORT_TCP	|
534 					  MLX4_IB_RX_HASH_DST_PORT_TCP	|
535 					  MLX4_IB_RX_HASH_SRC_PORT_UDP	|
536 					  MLX4_IB_RX_HASH_DST_PORT_UDP  |
537 					  MLX4_IB_RX_HASH_INNER)) {
538 		pr_debug("RX Hash fields_mask has unsupported mask (0x%llx)\n",
539 			 ucmd->rx_hash_fields_mask);
540 		return (-EOPNOTSUPP);
541 	}
542 
543 	if ((ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_SRC_IPV4) &&
544 	    (ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_DST_IPV4)) {
545 		rss_ctx->flags = MLX4_RSS_IPV4;
546 	} else if ((ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_SRC_IPV4) ||
547 		   (ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_DST_IPV4)) {
548 		pr_debug("RX Hash fields_mask is not supported - both IPv4 SRC and DST must be set\n");
549 		return (-EOPNOTSUPP);
550 	}
551 
552 	if ((ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_SRC_IPV6) &&
553 	    (ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_DST_IPV6)) {
554 		rss_ctx->flags |= MLX4_RSS_IPV6;
555 	} else if ((ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_SRC_IPV6) ||
556 		   (ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_DST_IPV6)) {
557 		pr_debug("RX Hash fields_mask is not supported - both IPv6 SRC and DST must be set\n");
558 		return (-EOPNOTSUPP);
559 	}
560 
561 	if ((ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_SRC_PORT_UDP) &&
562 	    (ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_DST_PORT_UDP)) {
563 		if (!(dev->dev->caps.flags & MLX4_DEV_CAP_FLAG_UDP_RSS)) {
564 			pr_debug("RX Hash fields_mask for UDP is not supported\n");
565 			return (-EOPNOTSUPP);
566 		}
567 
568 		if (rss_ctx->flags & MLX4_RSS_IPV4)
569 			rss_ctx->flags |= MLX4_RSS_UDP_IPV4;
570 		if (rss_ctx->flags & MLX4_RSS_IPV6)
571 			rss_ctx->flags |= MLX4_RSS_UDP_IPV6;
572 		if (!(rss_ctx->flags & (MLX4_RSS_IPV6 | MLX4_RSS_IPV4))) {
573 			pr_debug("RX Hash fields_mask is not supported - UDP must be set with IPv4 or IPv6\n");
574 			return (-EOPNOTSUPP);
575 		}
576 	} else if ((ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_SRC_PORT_UDP) ||
577 		   (ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_DST_PORT_UDP)) {
578 		pr_debug("RX Hash fields_mask is not supported - both UDP SRC and DST must be set\n");
579 		return (-EOPNOTSUPP);
580 	}
581 
582 	if ((ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_SRC_PORT_TCP) &&
583 	    (ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_DST_PORT_TCP)) {
584 		if (rss_ctx->flags & MLX4_RSS_IPV4)
585 			rss_ctx->flags |= MLX4_RSS_TCP_IPV4;
586 		if (rss_ctx->flags & MLX4_RSS_IPV6)
587 			rss_ctx->flags |= MLX4_RSS_TCP_IPV6;
588 		if (!(rss_ctx->flags & (MLX4_RSS_IPV6 | MLX4_RSS_IPV4))) {
589 			pr_debug("RX Hash fields_mask is not supported - TCP must be set with IPv4 or IPv6\n");
590 			return (-EOPNOTSUPP);
591 		}
592 	} else if ((ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_SRC_PORT_TCP) ||
593 		   (ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_DST_PORT_TCP)) {
594 		pr_debug("RX Hash fields_mask is not supported - both TCP SRC and DST must be set\n");
595 		return (-EOPNOTSUPP);
596 	}
597 
598 	if (ucmd->rx_hash_fields_mask & MLX4_IB_RX_HASH_INNER) {
599 		if (dev->dev->caps.tunnel_offload_mode ==
600 		    MLX4_TUNNEL_OFFLOAD_MODE_VXLAN) {
601 			/*
602 			 * Hash according to inner headers if exist, otherwise
603 			 * according to outer headers.
604 			 */
605 			rss_ctx->flags |= MLX4_RSS_BY_INNER_HEADERS_IPONLY;
606 		} else {
607 			pr_debug("RSS Hash for inner headers isn't supported\n");
608 			return (-EOPNOTSUPP);
609 		}
610 	}
611 
612 	return 0;
613 }
614 
615 static int create_qp_rss(struct mlx4_ib_dev *dev,
616 			 struct ib_qp_init_attr *init_attr,
617 			 struct mlx4_ib_create_qp_rss *ucmd,
618 			 struct mlx4_ib_qp *qp)
619 {
620 	int qpn;
621 	int err;
622 
623 	qp->mqp.usage = MLX4_RES_USAGE_USER_VERBS;
624 
625 	err = mlx4_qp_reserve_range(dev->dev, 1, 1, &qpn, 0, qp->mqp.usage);
626 	if (err)
627 		return err;
628 
629 	err = mlx4_qp_alloc(dev->dev, qpn, &qp->mqp);
630 	if (err)
631 		goto err_qpn;
632 
633 	INIT_LIST_HEAD(&qp->gid_list);
634 	INIT_LIST_HEAD(&qp->steering_rules);
635 
636 	qp->mlx4_ib_qp_type = MLX4_IB_QPT_RAW_PACKET;
637 	qp->state = IB_QPS_RESET;
638 
639 	/* Set dummy send resources to be compatible with HV and PRM */
640 	qp->sq_no_prefetch = 1;
641 	qp->sq.wqe_cnt = 1;
642 	qp->sq.wqe_shift = MLX4_IB_MIN_SQ_STRIDE;
643 	qp->buf_size = qp->sq.wqe_cnt << MLX4_IB_MIN_SQ_STRIDE;
644 	qp->mtt = (to_mqp(
645 		   (struct ib_qp *)init_attr->rwq_ind_tbl->ind_tbl[0]))->mtt;
646 
647 	qp->rss_ctx = kzalloc(sizeof(*qp->rss_ctx), GFP_KERNEL);
648 	if (!qp->rss_ctx) {
649 		err = -ENOMEM;
650 		goto err_qp_alloc;
651 	}
652 
653 	err = set_qp_rss(dev, qp->rss_ctx, init_attr, ucmd);
654 	if (err)
655 		goto err;
656 
657 	return 0;
658 
659 err:
660 	kfree(qp->rss_ctx);
661 
662 err_qp_alloc:
663 	mlx4_qp_remove(dev->dev, &qp->mqp);
664 	mlx4_qp_free(dev->dev, &qp->mqp);
665 
666 err_qpn:
667 	mlx4_qp_release_range(dev->dev, qpn, 1);
668 	return err;
669 }
670 
671 static int _mlx4_ib_create_qp_rss(struct ib_pd *pd, struct mlx4_ib_qp *qp,
672 				  struct ib_qp_init_attr *init_attr,
673 				  struct ib_udata *udata)
674 {
675 	struct mlx4_ib_create_qp_rss ucmd = {};
676 	size_t required_cmd_sz;
677 	int err;
678 
679 	if (!udata) {
680 		pr_debug("RSS QP with NULL udata\n");
681 		return -EINVAL;
682 	}
683 
684 	if (udata->outlen)
685 		return -EOPNOTSUPP;
686 
687 	required_cmd_sz = offsetof(typeof(ucmd), reserved1) +
688 					sizeof(ucmd.reserved1);
689 	if (udata->inlen < required_cmd_sz) {
690 		pr_debug("invalid inlen\n");
691 		return -EINVAL;
692 	}
693 
694 	if (ib_copy_from_udata(&ucmd, udata, min(sizeof(ucmd), udata->inlen))) {
695 		pr_debug("copy failed\n");
696 		return -EFAULT;
697 	}
698 
699 	if (memchr_inv(ucmd.reserved, 0, sizeof(ucmd.reserved)))
700 		return -EOPNOTSUPP;
701 
702 	if (ucmd.comp_mask || ucmd.reserved1)
703 		return -EOPNOTSUPP;
704 
705 	if (udata->inlen > sizeof(ucmd) &&
706 	    !ib_is_udata_cleared(udata, sizeof(ucmd),
707 				 udata->inlen - sizeof(ucmd))) {
708 		pr_debug("inlen is not supported\n");
709 		return -EOPNOTSUPP;
710 	}
711 
712 	if (init_attr->qp_type != IB_QPT_RAW_PACKET) {
713 		pr_debug("RSS QP with unsupported QP type %d\n",
714 			 init_attr->qp_type);
715 		return -EOPNOTSUPP;
716 	}
717 
718 	if (init_attr->create_flags) {
719 		pr_debug("RSS QP doesn't support create flags\n");
720 		return -EOPNOTSUPP;
721 	}
722 
723 	if (init_attr->send_cq || init_attr->cap.max_send_wr) {
724 		pr_debug("RSS QP with unsupported send attributes\n");
725 		return -EOPNOTSUPP;
726 	}
727 
728 	qp->pri.vid = 0xFFFF;
729 	qp->alt.vid = 0xFFFF;
730 
731 	err = create_qp_rss(to_mdev(pd->device), init_attr, &ucmd, qp);
732 	if (err)
733 		return err;
734 
735 	qp->ibqp.qp_num = qp->mqp.qpn;
736 	return 0;
737 }
738 
739 /*
740  * This function allocates a WQN from a range which is consecutive and aligned
741  * to its size. In case the range is full, then it creates a new range and
742  * allocates WQN from it. The new range will be used for following allocations.
743  */
744 static int mlx4_ib_alloc_wqn(struct mlx4_ib_ucontext *context,
745 			     struct mlx4_ib_qp *qp, int range_size, int *wqn)
746 {
747 	struct mlx4_ib_dev *dev = to_mdev(context->ibucontext.device);
748 	struct mlx4_wqn_range *range;
749 	int err = 0;
750 
751 	mutex_lock(&context->wqn_ranges_mutex);
752 
753 	range = list_first_entry_or_null(&context->wqn_ranges_list,
754 					 struct mlx4_wqn_range, list);
755 
756 	if (!range || (range->refcount == range->size) || range->dirty) {
757 		range = kzalloc(sizeof(*range), GFP_KERNEL);
758 		if (!range) {
759 			err = -ENOMEM;
760 			goto out;
761 		}
762 
763 		err = mlx4_qp_reserve_range(dev->dev, range_size,
764 					    range_size, &range->base_wqn, 0,
765 					    qp->mqp.usage);
766 		if (err) {
767 			kfree(range);
768 			goto out;
769 		}
770 
771 		range->size = range_size;
772 		list_add(&range->list, &context->wqn_ranges_list);
773 	} else if (range_size != 1) {
774 		/*
775 		 * Requesting a new range (>1) when last range is still open, is
776 		 * not valid.
777 		 */
778 		err = -EINVAL;
779 		goto out;
780 	}
781 
782 	qp->wqn_range = range;
783 
784 	*wqn = range->base_wqn + range->refcount;
785 
786 	range->refcount++;
787 
788 out:
789 	mutex_unlock(&context->wqn_ranges_mutex);
790 
791 	return err;
792 }
793 
794 static void mlx4_ib_release_wqn(struct mlx4_ib_ucontext *context,
795 				struct mlx4_ib_qp *qp, bool dirty_release)
796 {
797 	struct mlx4_ib_dev *dev = to_mdev(context->ibucontext.device);
798 	struct mlx4_wqn_range *range;
799 
800 	mutex_lock(&context->wqn_ranges_mutex);
801 
802 	range = qp->wqn_range;
803 
804 	range->refcount--;
805 	if (!range->refcount) {
806 		mlx4_qp_release_range(dev->dev, range->base_wqn,
807 				      range->size);
808 		list_del(&range->list);
809 		kfree(range);
810 	} else if (dirty_release) {
811 	/*
812 	 * A range which one of its WQNs is destroyed, won't be able to be
813 	 * reused for further WQN allocations.
814 	 * The next created WQ will allocate a new range.
815 	 */
816 		range->dirty = true;
817 	}
818 
819 	mutex_unlock(&context->wqn_ranges_mutex);
820 }
821 
822 static int create_rq(struct ib_pd *pd, struct ib_qp_init_attr *init_attr,
823 		     struct ib_udata *udata, struct mlx4_ib_qp *qp)
824 {
825 	struct mlx4_ib_dev *dev = to_mdev(pd->device);
826 	int qpn;
827 	int err;
828 	struct mlx4_ib_ucontext *context = rdma_udata_to_drv_context(
829 		udata, struct mlx4_ib_ucontext, ibucontext);
830 	struct mlx4_ib_cq *mcq;
831 	unsigned long flags;
832 	int range_size;
833 	struct mlx4_ib_create_wq wq;
834 	size_t copy_len;
835 	int shift;
836 	int n;
837 
838 	qp->mlx4_ib_qp_type = MLX4_IB_QPT_RAW_PACKET;
839 
840 	spin_lock_init(&qp->sq.lock);
841 	spin_lock_init(&qp->rq.lock);
842 	INIT_LIST_HEAD(&qp->gid_list);
843 	INIT_LIST_HEAD(&qp->steering_rules);
844 
845 	qp->state = IB_QPS_RESET;
846 
847 	copy_len = min(sizeof(struct mlx4_ib_create_wq), udata->inlen);
848 
849 	if (ib_copy_from_udata(&wq, udata, copy_len)) {
850 		err = -EFAULT;
851 		goto err;
852 	}
853 
854 	if (wq.comp_mask || wq.reserved[0] || wq.reserved[1] ||
855 	    wq.reserved[2]) {
856 		pr_debug("user command isn't supported\n");
857 		err = -EOPNOTSUPP;
858 		goto err;
859 	}
860 
861 	if (wq.log_range_size > ilog2(dev->dev->caps.max_rss_tbl_sz)) {
862 		pr_debug("WQN range size must be equal or smaller than %d\n",
863 			 dev->dev->caps.max_rss_tbl_sz);
864 		err = -EOPNOTSUPP;
865 		goto err;
866 	}
867 	range_size = 1 << wq.log_range_size;
868 
869 	if (init_attr->create_flags & IB_QP_CREATE_SCATTER_FCS)
870 		qp->flags |= MLX4_IB_QP_SCATTER_FCS;
871 
872 	err = set_rq_size(dev, &init_attr->cap, true, true, qp, qp->inl_recv_sz);
873 	if (err)
874 		goto err;
875 
876 	qp->sq_no_prefetch = 1;
877 	qp->sq.wqe_cnt = 1;
878 	qp->sq.wqe_shift = MLX4_IB_MIN_SQ_STRIDE;
879 	qp->buf_size = (qp->rq.wqe_cnt << qp->rq.wqe_shift) +
880 		       (qp->sq.wqe_cnt << qp->sq.wqe_shift);
881 
882 	qp->umem = ib_umem_get(pd->device, wq.buf_addr, qp->buf_size, 0);
883 	if (IS_ERR(qp->umem)) {
884 		err = PTR_ERR(qp->umem);
885 		goto err;
886 	}
887 
888 	shift = mlx4_ib_umem_calc_optimal_mtt_size(qp->umem, 0, &n);
889 	err = mlx4_mtt_init(dev->dev, n, shift, &qp->mtt);
890 
891 	if (err)
892 		goto err_buf;
893 
894 	err = mlx4_ib_umem_write_mtt(dev, &qp->mtt, qp->umem);
895 	if (err)
896 		goto err_mtt;
897 
898 	err = mlx4_ib_db_map_user(udata, wq.db_addr, &qp->db);
899 	if (err)
900 		goto err_mtt;
901 	qp->mqp.usage = MLX4_RES_USAGE_USER_VERBS;
902 
903 	err = mlx4_ib_alloc_wqn(context, qp, range_size, &qpn);
904 	if (err)
905 		goto err_wrid;
906 
907 	err = mlx4_qp_alloc(dev->dev, qpn, &qp->mqp);
908 	if (err)
909 		goto err_qpn;
910 
911 	/*
912 	 * Hardware wants QPN written in big-endian order (after
913 	 * shifting) for send doorbell.  Precompute this value to save
914 	 * a little bit when posting sends.
915 	 */
916 	qp->doorbell_qpn = swab32(qp->mqp.qpn << 8);
917 
918 	qp->mqp.event = mlx4_ib_wq_event;
919 
920 	spin_lock_irqsave(&dev->reset_flow_resource_lock, flags);
921 	mlx4_ib_lock_cqs(to_mcq(init_attr->send_cq),
922 			 to_mcq(init_attr->recv_cq));
923 	/* Maintain device to QPs access, needed for further handling
924 	 * via reset flow
925 	 */
926 	list_add_tail(&qp->qps_list, &dev->qp_list);
927 	/* Maintain CQ to QPs access, needed for further handling
928 	 * via reset flow
929 	 */
930 	mcq = to_mcq(init_attr->send_cq);
931 	list_add_tail(&qp->cq_send_list, &mcq->send_qp_list);
932 	mcq = to_mcq(init_attr->recv_cq);
933 	list_add_tail(&qp->cq_recv_list, &mcq->recv_qp_list);
934 	mlx4_ib_unlock_cqs(to_mcq(init_attr->send_cq),
935 			   to_mcq(init_attr->recv_cq));
936 	spin_unlock_irqrestore(&dev->reset_flow_resource_lock, flags);
937 	return 0;
938 
939 err_qpn:
940 	mlx4_ib_release_wqn(context, qp, 0);
941 err_wrid:
942 	mlx4_ib_db_unmap_user(context, &qp->db);
943 
944 err_mtt:
945 	mlx4_mtt_cleanup(dev->dev, &qp->mtt);
946 err_buf:
947 	ib_umem_release(qp->umem);
948 err:
949 	return err;
950 }
951 
952 static int create_qp_common(struct ib_pd *pd, struct ib_qp_init_attr *init_attr,
953 			    struct ib_udata *udata, int sqpn,
954 			    struct mlx4_ib_qp *qp)
955 {
956 	struct mlx4_ib_dev *dev = to_mdev(pd->device);
957 	int qpn;
958 	int err;
959 	struct mlx4_ib_ucontext *context = rdma_udata_to_drv_context(
960 		udata, struct mlx4_ib_ucontext, ibucontext);
961 	enum mlx4_ib_qp_type qp_type = (enum mlx4_ib_qp_type) init_attr->qp_type;
962 	struct mlx4_ib_cq *mcq;
963 	unsigned long flags;
964 
965 	/* When tunneling special qps, we use a plain UD qp */
966 	if (sqpn) {
967 		if (mlx4_is_mfunc(dev->dev) &&
968 		    (!mlx4_is_master(dev->dev) ||
969 		     !(init_attr->create_flags & MLX4_IB_SRIOV_SQP))) {
970 			if (init_attr->qp_type == IB_QPT_GSI)
971 				qp_type = MLX4_IB_QPT_PROXY_GSI;
972 			else {
973 				if (mlx4_is_master(dev->dev) ||
974 				    qp0_enabled_vf(dev->dev, sqpn))
975 					qp_type = MLX4_IB_QPT_PROXY_SMI_OWNER;
976 				else
977 					qp_type = MLX4_IB_QPT_PROXY_SMI;
978 			}
979 		}
980 		qpn = sqpn;
981 		/* add extra sg entry for tunneling */
982 		init_attr->cap.max_recv_sge++;
983 	} else if (init_attr->create_flags & MLX4_IB_SRIOV_TUNNEL_QP) {
984 		struct mlx4_ib_qp_tunnel_init_attr *tnl_init =
985 			container_of(init_attr,
986 				     struct mlx4_ib_qp_tunnel_init_attr, init_attr);
987 		if ((tnl_init->proxy_qp_type != IB_QPT_SMI &&
988 		     tnl_init->proxy_qp_type != IB_QPT_GSI)   ||
989 		    !mlx4_is_master(dev->dev))
990 			return -EINVAL;
991 		if (tnl_init->proxy_qp_type == IB_QPT_GSI)
992 			qp_type = MLX4_IB_QPT_TUN_GSI;
993 		else if (tnl_init->slave == mlx4_master_func_num(dev->dev) ||
994 			 mlx4_vf_smi_enabled(dev->dev, tnl_init->slave,
995 					     tnl_init->port))
996 			qp_type = MLX4_IB_QPT_TUN_SMI_OWNER;
997 		else
998 			qp_type = MLX4_IB_QPT_TUN_SMI;
999 		/* we are definitely in the PPF here, since we are creating
1000 		 * tunnel QPs. base_tunnel_sqpn is therefore valid. */
1001 		qpn = dev->dev->phys_caps.base_tunnel_sqpn + 8 * tnl_init->slave
1002 			+ tnl_init->proxy_qp_type * 2 + tnl_init->port - 1;
1003 		sqpn = qpn;
1004 	}
1005 
1006 	if (init_attr->qp_type == IB_QPT_SMI ||
1007 	    init_attr->qp_type == IB_QPT_GSI || qp_type == MLX4_IB_QPT_SMI ||
1008 	    qp_type == MLX4_IB_QPT_GSI ||
1009 	    (qp_type & (MLX4_IB_QPT_PROXY_SMI | MLX4_IB_QPT_PROXY_SMI_OWNER |
1010 			MLX4_IB_QPT_PROXY_GSI | MLX4_IB_QPT_TUN_SMI_OWNER))) {
1011 		qp->sqp = kzalloc(sizeof(struct mlx4_ib_sqp), GFP_KERNEL);
1012 		if (!qp->sqp)
1013 			return -ENOMEM;
1014 	}
1015 
1016 	qp->mlx4_ib_qp_type = qp_type;
1017 
1018 	spin_lock_init(&qp->sq.lock);
1019 	spin_lock_init(&qp->rq.lock);
1020 	INIT_LIST_HEAD(&qp->gid_list);
1021 	INIT_LIST_HEAD(&qp->steering_rules);
1022 
1023 	qp->state = IB_QPS_RESET;
1024 	if (init_attr->sq_sig_type == IB_SIGNAL_ALL_WR)
1025 		qp->sq_signal_bits = cpu_to_be32(MLX4_WQE_CTRL_CQ_UPDATE);
1026 
1027 	if (udata) {
1028 		struct mlx4_ib_create_qp ucmd;
1029 		size_t copy_len;
1030 		int shift;
1031 		int n;
1032 
1033 		copy_len = sizeof(struct mlx4_ib_create_qp);
1034 
1035 		if (ib_copy_from_udata(&ucmd, udata, copy_len)) {
1036 			err = -EFAULT;
1037 			goto err;
1038 		}
1039 
1040 		qp->inl_recv_sz = ucmd.inl_recv_sz;
1041 
1042 		if (init_attr->create_flags & IB_QP_CREATE_SCATTER_FCS) {
1043 			if (!(dev->dev->caps.flags &
1044 			      MLX4_DEV_CAP_FLAG_FCS_KEEP)) {
1045 				pr_debug("scatter FCS is unsupported\n");
1046 				err = -EOPNOTSUPP;
1047 				goto err;
1048 			}
1049 
1050 			qp->flags |= MLX4_IB_QP_SCATTER_FCS;
1051 		}
1052 
1053 		err = set_rq_size(dev, &init_attr->cap, udata,
1054 				  qp_has_rq(init_attr), qp, qp->inl_recv_sz);
1055 		if (err)
1056 			goto err;
1057 
1058 		qp->sq_no_prefetch = ucmd.sq_no_prefetch;
1059 
1060 		err = set_user_sq_size(dev, qp, &ucmd);
1061 		if (err)
1062 			goto err;
1063 
1064 		qp->umem =
1065 			ib_umem_get(pd->device, ucmd.buf_addr, qp->buf_size, 0);
1066 		if (IS_ERR(qp->umem)) {
1067 			err = PTR_ERR(qp->umem);
1068 			goto err;
1069 		}
1070 
1071 		shift = mlx4_ib_umem_calc_optimal_mtt_size(qp->umem, 0, &n);
1072 		err = mlx4_mtt_init(dev->dev, n, shift, &qp->mtt);
1073 
1074 		if (err)
1075 			goto err_buf;
1076 
1077 		err = mlx4_ib_umem_write_mtt(dev, &qp->mtt, qp->umem);
1078 		if (err)
1079 			goto err_mtt;
1080 
1081 		if (qp_has_rq(init_attr)) {
1082 			err = mlx4_ib_db_map_user(udata, ucmd.db_addr, &qp->db);
1083 			if (err)
1084 				goto err_mtt;
1085 		}
1086 		qp->mqp.usage = MLX4_RES_USAGE_USER_VERBS;
1087 	} else {
1088 		err = set_rq_size(dev, &init_attr->cap, udata,
1089 				  qp_has_rq(init_attr), qp, 0);
1090 		if (err)
1091 			goto err;
1092 
1093 		qp->sq_no_prefetch = 0;
1094 
1095 		if (init_attr->create_flags & IB_QP_CREATE_IPOIB_UD_LSO)
1096 			qp->flags |= MLX4_IB_QP_LSO;
1097 
1098 		if (init_attr->create_flags & IB_QP_CREATE_NETIF_QP) {
1099 			if (dev->steering_support ==
1100 			    MLX4_STEERING_MODE_DEVICE_MANAGED)
1101 				qp->flags |= MLX4_IB_QP_NETIF;
1102 			else
1103 				goto err;
1104 		}
1105 
1106 		err = set_kernel_sq_size(dev, &init_attr->cap, qp_type, qp);
1107 		if (err)
1108 			goto err;
1109 
1110 		if (qp_has_rq(init_attr)) {
1111 			err = mlx4_db_alloc(dev->dev, &qp->db, 0);
1112 			if (err)
1113 				goto err;
1114 
1115 			*qp->db.db = 0;
1116 		}
1117 
1118 		if (mlx4_buf_alloc(dev->dev, qp->buf_size,  PAGE_SIZE * 2,
1119 				   &qp->buf)) {
1120 			err = -ENOMEM;
1121 			goto err_db;
1122 		}
1123 
1124 		err = mlx4_mtt_init(dev->dev, qp->buf.npages, qp->buf.page_shift,
1125 				    &qp->mtt);
1126 		if (err)
1127 			goto err_buf;
1128 
1129 		err = mlx4_buf_write_mtt(dev->dev, &qp->mtt, &qp->buf);
1130 		if (err)
1131 			goto err_mtt;
1132 
1133 		qp->sq.wrid = kvmalloc_array(qp->sq.wqe_cnt,
1134 					     sizeof(u64), GFP_KERNEL);
1135 		qp->rq.wrid = kvmalloc_array(qp->rq.wqe_cnt,
1136 					     sizeof(u64), GFP_KERNEL);
1137 		if (!qp->sq.wrid || !qp->rq.wrid) {
1138 			err = -ENOMEM;
1139 			goto err_wrid;
1140 		}
1141 		qp->mqp.usage = MLX4_RES_USAGE_DRIVER;
1142 	}
1143 
1144 	if (sqpn) {
1145 		if (qp->mlx4_ib_qp_type & (MLX4_IB_QPT_PROXY_SMI_OWNER |
1146 		    MLX4_IB_QPT_PROXY_SMI | MLX4_IB_QPT_PROXY_GSI)) {
1147 			if (alloc_proxy_bufs(pd->device, qp)) {
1148 				err = -ENOMEM;
1149 				goto err_wrid;
1150 			}
1151 		}
1152 	} else {
1153 		/* Raw packet QPNs may not have bits 6,7 set in their qp_num;
1154 		 * otherwise, the WQE BlueFlame setup flow wrongly causes
1155 		 * VLAN insertion. */
1156 		if (init_attr->qp_type == IB_QPT_RAW_PACKET)
1157 			err = mlx4_qp_reserve_range(dev->dev, 1, 1, &qpn,
1158 						    (init_attr->cap.max_send_wr ?
1159 						     MLX4_RESERVE_ETH_BF_QP : 0) |
1160 						    (init_attr->cap.max_recv_wr ?
1161 						     MLX4_RESERVE_A0_QP : 0),
1162 						    qp->mqp.usage);
1163 		else
1164 			if (qp->flags & MLX4_IB_QP_NETIF)
1165 				err = mlx4_ib_steer_qp_alloc(dev, 1, &qpn);
1166 			else
1167 				err = mlx4_qp_reserve_range(dev->dev, 1, 1,
1168 							    &qpn, 0, qp->mqp.usage);
1169 		if (err)
1170 			goto err_proxy;
1171 	}
1172 
1173 	if (init_attr->create_flags & IB_QP_CREATE_BLOCK_MULTICAST_LOOPBACK)
1174 		qp->flags |= MLX4_IB_QP_BLOCK_MULTICAST_LOOPBACK;
1175 
1176 	err = mlx4_qp_alloc(dev->dev, qpn, &qp->mqp);
1177 	if (err)
1178 		goto err_qpn;
1179 
1180 	if (init_attr->qp_type == IB_QPT_XRC_TGT)
1181 		qp->mqp.qpn |= (1 << 23);
1182 
1183 	/*
1184 	 * Hardware wants QPN written in big-endian order (after
1185 	 * shifting) for send doorbell.  Precompute this value to save
1186 	 * a little bit when posting sends.
1187 	 */
1188 	qp->doorbell_qpn = swab32(qp->mqp.qpn << 8);
1189 
1190 	qp->mqp.event = mlx4_ib_qp_event;
1191 
1192 	spin_lock_irqsave(&dev->reset_flow_resource_lock, flags);
1193 	mlx4_ib_lock_cqs(to_mcq(init_attr->send_cq),
1194 			 to_mcq(init_attr->recv_cq));
1195 	/* Maintain device to QPs access, needed for further handling
1196 	 * via reset flow
1197 	 */
1198 	list_add_tail(&qp->qps_list, &dev->qp_list);
1199 	/* Maintain CQ to QPs access, needed for further handling
1200 	 * via reset flow
1201 	 */
1202 	mcq = to_mcq(init_attr->send_cq);
1203 	list_add_tail(&qp->cq_send_list, &mcq->send_qp_list);
1204 	mcq = to_mcq(init_attr->recv_cq);
1205 	list_add_tail(&qp->cq_recv_list, &mcq->recv_qp_list);
1206 	mlx4_ib_unlock_cqs(to_mcq(init_attr->send_cq),
1207 			   to_mcq(init_attr->recv_cq));
1208 	spin_unlock_irqrestore(&dev->reset_flow_resource_lock, flags);
1209 	return 0;
1210 
1211 err_qpn:
1212 	if (!sqpn) {
1213 		if (qp->flags & MLX4_IB_QP_NETIF)
1214 			mlx4_ib_steer_qp_free(dev, qpn, 1);
1215 		else
1216 			mlx4_qp_release_range(dev->dev, qpn, 1);
1217 	}
1218 err_proxy:
1219 	if (qp->mlx4_ib_qp_type == MLX4_IB_QPT_PROXY_GSI)
1220 		free_proxy_bufs(pd->device, qp);
1221 err_wrid:
1222 	if (udata) {
1223 		if (qp_has_rq(init_attr))
1224 			mlx4_ib_db_unmap_user(context, &qp->db);
1225 	} else {
1226 		kvfree(qp->sq.wrid);
1227 		kvfree(qp->rq.wrid);
1228 	}
1229 
1230 err_mtt:
1231 	mlx4_mtt_cleanup(dev->dev, &qp->mtt);
1232 
1233 err_buf:
1234 	if (!qp->umem)
1235 		mlx4_buf_free(dev->dev, qp->buf_size, &qp->buf);
1236 	ib_umem_release(qp->umem);
1237 
1238 err_db:
1239 	if (!udata && qp_has_rq(init_attr))
1240 		mlx4_db_free(dev->dev, &qp->db);
1241 
1242 err:
1243 	kfree(qp->sqp);
1244 	return err;
1245 }
1246 
1247 static enum mlx4_qp_state to_mlx4_state(enum ib_qp_state state)
1248 {
1249 	switch (state) {
1250 	case IB_QPS_RESET:	return MLX4_QP_STATE_RST;
1251 	case IB_QPS_INIT:	return MLX4_QP_STATE_INIT;
1252 	case IB_QPS_RTR:	return MLX4_QP_STATE_RTR;
1253 	case IB_QPS_RTS:	return MLX4_QP_STATE_RTS;
1254 	case IB_QPS_SQD:	return MLX4_QP_STATE_SQD;
1255 	case IB_QPS_SQE:	return MLX4_QP_STATE_SQER;
1256 	case IB_QPS_ERR:	return MLX4_QP_STATE_ERR;
1257 	default:		return -1;
1258 	}
1259 }
1260 
1261 static void mlx4_ib_lock_cqs(struct mlx4_ib_cq *send_cq, struct mlx4_ib_cq *recv_cq)
1262 	__acquires(&send_cq->lock) __acquires(&recv_cq->lock)
1263 {
1264 	if (send_cq == recv_cq) {
1265 		spin_lock(&send_cq->lock);
1266 		__acquire(&recv_cq->lock);
1267 	} else if (send_cq->mcq.cqn < recv_cq->mcq.cqn) {
1268 		spin_lock(&send_cq->lock);
1269 		spin_lock_nested(&recv_cq->lock, SINGLE_DEPTH_NESTING);
1270 	} else {
1271 		spin_lock(&recv_cq->lock);
1272 		spin_lock_nested(&send_cq->lock, SINGLE_DEPTH_NESTING);
1273 	}
1274 }
1275 
1276 static void mlx4_ib_unlock_cqs(struct mlx4_ib_cq *send_cq, struct mlx4_ib_cq *recv_cq)
1277 	__releases(&send_cq->lock) __releases(&recv_cq->lock)
1278 {
1279 	if (send_cq == recv_cq) {
1280 		__release(&recv_cq->lock);
1281 		spin_unlock(&send_cq->lock);
1282 	} else if (send_cq->mcq.cqn < recv_cq->mcq.cqn) {
1283 		spin_unlock(&recv_cq->lock);
1284 		spin_unlock(&send_cq->lock);
1285 	} else {
1286 		spin_unlock(&send_cq->lock);
1287 		spin_unlock(&recv_cq->lock);
1288 	}
1289 }
1290 
1291 static void del_gid_entries(struct mlx4_ib_qp *qp)
1292 {
1293 	struct mlx4_ib_gid_entry *ge, *tmp;
1294 
1295 	list_for_each_entry_safe(ge, tmp, &qp->gid_list, list) {
1296 		list_del(&ge->list);
1297 		kfree(ge);
1298 	}
1299 }
1300 
1301 static struct mlx4_ib_pd *get_pd(struct mlx4_ib_qp *qp)
1302 {
1303 	if (qp->ibqp.qp_type == IB_QPT_XRC_TGT)
1304 		return to_mpd(to_mxrcd(qp->ibqp.xrcd)->pd);
1305 	else
1306 		return to_mpd(qp->ibqp.pd);
1307 }
1308 
1309 static void get_cqs(struct mlx4_ib_qp *qp, enum mlx4_ib_source_type src,
1310 		    struct mlx4_ib_cq **send_cq, struct mlx4_ib_cq **recv_cq)
1311 {
1312 	switch (qp->ibqp.qp_type) {
1313 	case IB_QPT_XRC_TGT:
1314 		*send_cq = to_mcq(to_mxrcd(qp->ibqp.xrcd)->cq);
1315 		*recv_cq = *send_cq;
1316 		break;
1317 	case IB_QPT_XRC_INI:
1318 		*send_cq = to_mcq(qp->ibqp.send_cq);
1319 		*recv_cq = *send_cq;
1320 		break;
1321 	default:
1322 		*recv_cq = (src == MLX4_IB_QP_SRC) ? to_mcq(qp->ibqp.recv_cq) :
1323 						     to_mcq(qp->ibwq.cq);
1324 		*send_cq = (src == MLX4_IB_QP_SRC) ? to_mcq(qp->ibqp.send_cq) :
1325 						     *recv_cq;
1326 		break;
1327 	}
1328 }
1329 
1330 static void destroy_qp_rss(struct mlx4_ib_dev *dev, struct mlx4_ib_qp *qp)
1331 {
1332 	if (qp->state != IB_QPS_RESET) {
1333 		int i;
1334 
1335 		for (i = 0; i < (1 << qp->ibqp.rwq_ind_tbl->log_ind_tbl_size);
1336 		     i++) {
1337 			struct ib_wq *ibwq = qp->ibqp.rwq_ind_tbl->ind_tbl[i];
1338 			struct mlx4_ib_qp *wq =	to_mqp((struct ib_qp *)ibwq);
1339 
1340 			mutex_lock(&wq->mutex);
1341 
1342 			wq->rss_usecnt--;
1343 
1344 			mutex_unlock(&wq->mutex);
1345 		}
1346 
1347 		if (mlx4_qp_modify(dev->dev, NULL, to_mlx4_state(qp->state),
1348 				   MLX4_QP_STATE_RST, NULL, 0, 0, &qp->mqp))
1349 			pr_warn("modify QP %06x to RESET failed.\n",
1350 				qp->mqp.qpn);
1351 	}
1352 
1353 	mlx4_qp_remove(dev->dev, &qp->mqp);
1354 	mlx4_qp_free(dev->dev, &qp->mqp);
1355 	mlx4_qp_release_range(dev->dev, qp->mqp.qpn, 1);
1356 	del_gid_entries(qp);
1357 }
1358 
1359 static void destroy_qp_common(struct mlx4_ib_dev *dev, struct mlx4_ib_qp *qp,
1360 			      enum mlx4_ib_source_type src,
1361 			      struct ib_udata *udata)
1362 {
1363 	struct mlx4_ib_cq *send_cq, *recv_cq;
1364 	unsigned long flags;
1365 
1366 	if (qp->state != IB_QPS_RESET) {
1367 		if (mlx4_qp_modify(dev->dev, NULL, to_mlx4_state(qp->state),
1368 				   MLX4_QP_STATE_RST, NULL, 0, 0, &qp->mqp))
1369 			pr_warn("modify QP %06x to RESET failed.\n",
1370 			       qp->mqp.qpn);
1371 		if (qp->pri.smac || (!qp->pri.smac && qp->pri.smac_port)) {
1372 			mlx4_unregister_mac(dev->dev, qp->pri.smac_port, qp->pri.smac);
1373 			qp->pri.smac = 0;
1374 			qp->pri.smac_port = 0;
1375 		}
1376 		if (qp->alt.smac) {
1377 			mlx4_unregister_mac(dev->dev, qp->alt.smac_port, qp->alt.smac);
1378 			qp->alt.smac = 0;
1379 		}
1380 		if (qp->pri.vid < 0x1000) {
1381 			mlx4_unregister_vlan(dev->dev, qp->pri.vlan_port, qp->pri.vid);
1382 			qp->pri.vid = 0xFFFF;
1383 			qp->pri.candidate_vid = 0xFFFF;
1384 			qp->pri.update_vid = 0;
1385 		}
1386 		if (qp->alt.vid < 0x1000) {
1387 			mlx4_unregister_vlan(dev->dev, qp->alt.vlan_port, qp->alt.vid);
1388 			qp->alt.vid = 0xFFFF;
1389 			qp->alt.candidate_vid = 0xFFFF;
1390 			qp->alt.update_vid = 0;
1391 		}
1392 	}
1393 
1394 	get_cqs(qp, src, &send_cq, &recv_cq);
1395 
1396 	spin_lock_irqsave(&dev->reset_flow_resource_lock, flags);
1397 	mlx4_ib_lock_cqs(send_cq, recv_cq);
1398 
1399 	/* del from lists under both locks above to protect reset flow paths */
1400 	list_del(&qp->qps_list);
1401 	list_del(&qp->cq_send_list);
1402 	list_del(&qp->cq_recv_list);
1403 	if (!udata) {
1404 		__mlx4_ib_cq_clean(recv_cq, qp->mqp.qpn,
1405 				 qp->ibqp.srq ? to_msrq(qp->ibqp.srq): NULL);
1406 		if (send_cq != recv_cq)
1407 			__mlx4_ib_cq_clean(send_cq, qp->mqp.qpn, NULL);
1408 	}
1409 
1410 	mlx4_qp_remove(dev->dev, &qp->mqp);
1411 
1412 	mlx4_ib_unlock_cqs(send_cq, recv_cq);
1413 	spin_unlock_irqrestore(&dev->reset_flow_resource_lock, flags);
1414 
1415 	mlx4_qp_free(dev->dev, &qp->mqp);
1416 
1417 	if (!is_sqp(dev, qp) && !is_tunnel_qp(dev, qp)) {
1418 		if (qp->flags & MLX4_IB_QP_NETIF)
1419 			mlx4_ib_steer_qp_free(dev, qp->mqp.qpn, 1);
1420 		else if (src == MLX4_IB_RWQ_SRC)
1421 			mlx4_ib_release_wqn(
1422 				rdma_udata_to_drv_context(
1423 					udata,
1424 					struct mlx4_ib_ucontext,
1425 					ibucontext),
1426 				qp, 1);
1427 		else
1428 			mlx4_qp_release_range(dev->dev, qp->mqp.qpn, 1);
1429 	}
1430 
1431 	mlx4_mtt_cleanup(dev->dev, &qp->mtt);
1432 
1433 	if (udata) {
1434 		if (qp->rq.wqe_cnt) {
1435 			struct mlx4_ib_ucontext *mcontext =
1436 				rdma_udata_to_drv_context(
1437 					udata,
1438 					struct mlx4_ib_ucontext,
1439 					ibucontext);
1440 
1441 			mlx4_ib_db_unmap_user(mcontext, &qp->db);
1442 		}
1443 	} else {
1444 		kvfree(qp->sq.wrid);
1445 		kvfree(qp->rq.wrid);
1446 		if (qp->mlx4_ib_qp_type & (MLX4_IB_QPT_PROXY_SMI_OWNER |
1447 		    MLX4_IB_QPT_PROXY_SMI | MLX4_IB_QPT_PROXY_GSI))
1448 			free_proxy_bufs(&dev->ib_dev, qp);
1449 		mlx4_buf_free(dev->dev, qp->buf_size, &qp->buf);
1450 		if (qp->rq.wqe_cnt)
1451 			mlx4_db_free(dev->dev, &qp->db);
1452 	}
1453 	ib_umem_release(qp->umem);
1454 
1455 	del_gid_entries(qp);
1456 }
1457 
1458 static u32 get_sqp_num(struct mlx4_ib_dev *dev, struct ib_qp_init_attr *attr)
1459 {
1460 	/* Native or PPF */
1461 	if (!mlx4_is_mfunc(dev->dev) ||
1462 	    (mlx4_is_master(dev->dev) &&
1463 	     attr->create_flags & MLX4_IB_SRIOV_SQP)) {
1464 		return  dev->dev->phys_caps.base_sqpn +
1465 			(attr->qp_type == IB_QPT_SMI ? 0 : 2) +
1466 			attr->port_num - 1;
1467 	}
1468 	/* PF or VF -- creating proxies */
1469 	if (attr->qp_type == IB_QPT_SMI)
1470 		return dev->dev->caps.spec_qps[attr->port_num - 1].qp0_proxy;
1471 	else
1472 		return dev->dev->caps.spec_qps[attr->port_num - 1].qp1_proxy;
1473 }
1474 
1475 static int _mlx4_ib_create_qp(struct ib_pd *pd, struct mlx4_ib_qp *qp,
1476 			      struct ib_qp_init_attr *init_attr,
1477 			      struct ib_udata *udata)
1478 {
1479 	int err;
1480 	int sup_u_create_flags = MLX4_IB_QP_BLOCK_MULTICAST_LOOPBACK;
1481 	u16 xrcdn = 0;
1482 
1483 	if (init_attr->rwq_ind_tbl)
1484 		return _mlx4_ib_create_qp_rss(pd, qp, init_attr, udata);
1485 
1486 	/*
1487 	 * We only support LSO, vendor flag1, and multicast loopback blocking,
1488 	 * and only for kernel UD QPs.
1489 	 */
1490 	if (init_attr->create_flags & ~(MLX4_IB_QP_LSO |
1491 					MLX4_IB_QP_BLOCK_MULTICAST_LOOPBACK |
1492 					MLX4_IB_SRIOV_TUNNEL_QP |
1493 					MLX4_IB_SRIOV_SQP |
1494 					MLX4_IB_QP_NETIF |
1495 					MLX4_IB_QP_CREATE_ROCE_V2_GSI))
1496 		return -EOPNOTSUPP;
1497 
1498 	if (init_attr->create_flags & IB_QP_CREATE_NETIF_QP) {
1499 		if (init_attr->qp_type != IB_QPT_UD)
1500 			return -EINVAL;
1501 	}
1502 
1503 	if (init_attr->create_flags) {
1504 		if (udata && init_attr->create_flags & ~(sup_u_create_flags))
1505 			return -EINVAL;
1506 
1507 		if ((init_attr->create_flags & ~(MLX4_IB_SRIOV_SQP |
1508 						 MLX4_IB_QP_CREATE_ROCE_V2_GSI  |
1509 						 MLX4_IB_QP_BLOCK_MULTICAST_LOOPBACK) &&
1510 		     init_attr->qp_type != IB_QPT_UD) ||
1511 		    (init_attr->create_flags & MLX4_IB_SRIOV_SQP &&
1512 		     init_attr->qp_type > IB_QPT_GSI) ||
1513 		    (init_attr->create_flags & MLX4_IB_QP_CREATE_ROCE_V2_GSI &&
1514 		     init_attr->qp_type != IB_QPT_GSI))
1515 			return -EINVAL;
1516 	}
1517 
1518 	switch (init_attr->qp_type) {
1519 	case IB_QPT_XRC_TGT:
1520 		pd = to_mxrcd(init_attr->xrcd)->pd;
1521 		xrcdn = to_mxrcd(init_attr->xrcd)->xrcdn;
1522 		init_attr->send_cq = to_mxrcd(init_attr->xrcd)->cq;
1523 		fallthrough;
1524 	case IB_QPT_XRC_INI:
1525 		if (!(to_mdev(pd->device)->dev->caps.flags & MLX4_DEV_CAP_FLAG_XRC))
1526 			return -ENOSYS;
1527 		init_attr->recv_cq = init_attr->send_cq;
1528 		fallthrough;
1529 	case IB_QPT_RC:
1530 	case IB_QPT_UC:
1531 	case IB_QPT_RAW_PACKET:
1532 	case IB_QPT_UD:
1533 		qp->pri.vid = 0xFFFF;
1534 		qp->alt.vid = 0xFFFF;
1535 		err = create_qp_common(pd, init_attr, udata, 0, qp);
1536 		if (err)
1537 			return err;
1538 
1539 		qp->ibqp.qp_num = qp->mqp.qpn;
1540 		qp->xrcdn = xrcdn;
1541 		break;
1542 	case IB_QPT_SMI:
1543 	case IB_QPT_GSI:
1544 	{
1545 		int sqpn;
1546 
1547 		if (init_attr->create_flags & MLX4_IB_QP_CREATE_ROCE_V2_GSI) {
1548 			int res = mlx4_qp_reserve_range(to_mdev(pd->device)->dev,
1549 							1, 1, &sqpn, 0,
1550 							MLX4_RES_USAGE_DRIVER);
1551 
1552 			if (res)
1553 				return res;
1554 		} else {
1555 			sqpn = get_sqp_num(to_mdev(pd->device), init_attr);
1556 		}
1557 
1558 		qp->pri.vid = 0xFFFF;
1559 		qp->alt.vid = 0xFFFF;
1560 		err = create_qp_common(pd, init_attr, udata, sqpn, qp);
1561 		if (err)
1562 			return err;
1563 
1564 		if (init_attr->create_flags &
1565 		    (MLX4_IB_SRIOV_SQP | MLX4_IB_SRIOV_TUNNEL_QP))
1566 			/* Internal QP created with ib_create_qp */
1567 			rdma_restrack_no_track(&qp->ibqp.res);
1568 
1569 		qp->port	= init_attr->port_num;
1570 		qp->ibqp.qp_num = init_attr->qp_type == IB_QPT_SMI ? 0 :
1571 			init_attr->create_flags & MLX4_IB_QP_CREATE_ROCE_V2_GSI ? sqpn : 1;
1572 		break;
1573 	}
1574 	default:
1575 		/* Don't support raw QPs */
1576 		return -EOPNOTSUPP;
1577 	}
1578 	return 0;
1579 }
1580 
1581 struct ib_qp *mlx4_ib_create_qp(struct ib_pd *pd,
1582 				struct ib_qp_init_attr *init_attr,
1583 				struct ib_udata *udata) {
1584 	struct ib_device *device = pd ? pd->device : init_attr->xrcd->device;
1585 	struct mlx4_ib_dev *dev = to_mdev(device);
1586 	struct mlx4_ib_qp *qp;
1587 	int ret;
1588 
1589 	qp = kzalloc(sizeof(*qp), GFP_KERNEL);
1590 	if (!qp)
1591 		return ERR_PTR(-ENOMEM);
1592 
1593 	mutex_init(&qp->mutex);
1594 	ret = _mlx4_ib_create_qp(pd, qp, init_attr, udata);
1595 	if (ret) {
1596 		kfree(qp);
1597 		return ERR_PTR(ret);
1598 	}
1599 
1600 	if (init_attr->qp_type == IB_QPT_GSI &&
1601 	    !(init_attr->create_flags & MLX4_IB_QP_CREATE_ROCE_V2_GSI)) {
1602 		struct mlx4_ib_sqp *sqp = qp->sqp;
1603 		int is_eth = rdma_cap_eth_ah(&dev->ib_dev, init_attr->port_num);
1604 
1605 		if (is_eth &&
1606 		    dev->dev->caps.flags2 & MLX4_DEV_CAP_FLAG2_ROCE_V1_V2) {
1607 			init_attr->create_flags |= MLX4_IB_QP_CREATE_ROCE_V2_GSI;
1608 			sqp->roce_v2_gsi = ib_create_qp(pd, init_attr);
1609 
1610 			if (IS_ERR(sqp->roce_v2_gsi)) {
1611 				pr_err("Failed to create GSI QP for RoCEv2 (%ld)\n", PTR_ERR(sqp->roce_v2_gsi));
1612 				sqp->roce_v2_gsi = NULL;
1613 			} else {
1614 				to_mqp(sqp->roce_v2_gsi)->flags |=
1615 					MLX4_IB_ROCE_V2_GSI_QP;
1616 			}
1617 
1618 			init_attr->create_flags &= ~MLX4_IB_QP_CREATE_ROCE_V2_GSI;
1619 		}
1620 	}
1621 	return &qp->ibqp;
1622 }
1623 
1624 static int _mlx4_ib_destroy_qp(struct ib_qp *qp, struct ib_udata *udata)
1625 {
1626 	struct mlx4_ib_dev *dev = to_mdev(qp->device);
1627 	struct mlx4_ib_qp *mqp = to_mqp(qp);
1628 
1629 	if (is_qp0(dev, mqp))
1630 		mlx4_CLOSE_PORT(dev->dev, mqp->port);
1631 
1632 	if (mqp->mlx4_ib_qp_type == MLX4_IB_QPT_PROXY_GSI &&
1633 	    dev->qp1_proxy[mqp->port - 1] == mqp) {
1634 		mutex_lock(&dev->qp1_proxy_lock[mqp->port - 1]);
1635 		dev->qp1_proxy[mqp->port - 1] = NULL;
1636 		mutex_unlock(&dev->qp1_proxy_lock[mqp->port - 1]);
1637 	}
1638 
1639 	if (mqp->counter_index)
1640 		mlx4_ib_free_qp_counter(dev, mqp);
1641 
1642 	if (qp->rwq_ind_tbl) {
1643 		destroy_qp_rss(dev, mqp);
1644 	} else {
1645 		destroy_qp_common(dev, mqp, MLX4_IB_QP_SRC, udata);
1646 	}
1647 
1648 	kfree(mqp->sqp);
1649 	kfree(mqp);
1650 
1651 	return 0;
1652 }
1653 
1654 int mlx4_ib_destroy_qp(struct ib_qp *qp, struct ib_udata *udata)
1655 {
1656 	struct mlx4_ib_qp *mqp = to_mqp(qp);
1657 
1658 	if (mqp->mlx4_ib_qp_type == MLX4_IB_QPT_GSI) {
1659 		struct mlx4_ib_sqp *sqp = mqp->sqp;
1660 
1661 		if (sqp->roce_v2_gsi)
1662 			ib_destroy_qp(sqp->roce_v2_gsi);
1663 	}
1664 
1665 	return _mlx4_ib_destroy_qp(qp, udata);
1666 }
1667 
1668 static int to_mlx4_st(struct mlx4_ib_dev *dev, enum mlx4_ib_qp_type type)
1669 {
1670 	switch (type) {
1671 	case MLX4_IB_QPT_RC:		return MLX4_QP_ST_RC;
1672 	case MLX4_IB_QPT_UC:		return MLX4_QP_ST_UC;
1673 	case MLX4_IB_QPT_UD:		return MLX4_QP_ST_UD;
1674 	case MLX4_IB_QPT_XRC_INI:
1675 	case MLX4_IB_QPT_XRC_TGT:	return MLX4_QP_ST_XRC;
1676 	case MLX4_IB_QPT_SMI:
1677 	case MLX4_IB_QPT_GSI:
1678 	case MLX4_IB_QPT_RAW_PACKET:	return MLX4_QP_ST_MLX;
1679 
1680 	case MLX4_IB_QPT_PROXY_SMI_OWNER:
1681 	case MLX4_IB_QPT_TUN_SMI_OWNER:	return (mlx4_is_mfunc(dev->dev) ?
1682 						MLX4_QP_ST_MLX : -1);
1683 	case MLX4_IB_QPT_PROXY_SMI:
1684 	case MLX4_IB_QPT_TUN_SMI:
1685 	case MLX4_IB_QPT_PROXY_GSI:
1686 	case MLX4_IB_QPT_TUN_GSI:	return (mlx4_is_mfunc(dev->dev) ?
1687 						MLX4_QP_ST_UD : -1);
1688 	default:			return -1;
1689 	}
1690 }
1691 
1692 static __be32 to_mlx4_access_flags(struct mlx4_ib_qp *qp, const struct ib_qp_attr *attr,
1693 				   int attr_mask)
1694 {
1695 	u8 dest_rd_atomic;
1696 	u32 access_flags;
1697 	u32 hw_access_flags = 0;
1698 
1699 	if (attr_mask & IB_QP_MAX_DEST_RD_ATOMIC)
1700 		dest_rd_atomic = attr->max_dest_rd_atomic;
1701 	else
1702 		dest_rd_atomic = qp->resp_depth;
1703 
1704 	if (attr_mask & IB_QP_ACCESS_FLAGS)
1705 		access_flags = attr->qp_access_flags;
1706 	else
1707 		access_flags = qp->atomic_rd_en;
1708 
1709 	if (!dest_rd_atomic)
1710 		access_flags &= IB_ACCESS_REMOTE_WRITE;
1711 
1712 	if (access_flags & IB_ACCESS_REMOTE_READ)
1713 		hw_access_flags |= MLX4_QP_BIT_RRE;
1714 	if (access_flags & IB_ACCESS_REMOTE_ATOMIC)
1715 		hw_access_flags |= MLX4_QP_BIT_RAE;
1716 	if (access_flags & IB_ACCESS_REMOTE_WRITE)
1717 		hw_access_flags |= MLX4_QP_BIT_RWE;
1718 
1719 	return cpu_to_be32(hw_access_flags);
1720 }
1721 
1722 static void store_sqp_attrs(struct mlx4_ib_sqp *sqp, const struct ib_qp_attr *attr,
1723 			    int attr_mask)
1724 {
1725 	if (attr_mask & IB_QP_PKEY_INDEX)
1726 		sqp->pkey_index = attr->pkey_index;
1727 	if (attr_mask & IB_QP_QKEY)
1728 		sqp->qkey = attr->qkey;
1729 	if (attr_mask & IB_QP_SQ_PSN)
1730 		sqp->send_psn = attr->sq_psn;
1731 }
1732 
1733 static void mlx4_set_sched(struct mlx4_qp_path *path, u8 port)
1734 {
1735 	path->sched_queue = (path->sched_queue & 0xbf) | ((port - 1) << 6);
1736 }
1737 
1738 static int _mlx4_set_path(struct mlx4_ib_dev *dev,
1739 			  const struct rdma_ah_attr *ah,
1740 			  u64 smac, u16 vlan_tag, struct mlx4_qp_path *path,
1741 			  struct mlx4_roce_smac_vlan_info *smac_info, u8 port)
1742 {
1743 	int vidx;
1744 	int smac_index;
1745 	int err;
1746 
1747 	path->grh_mylmc = rdma_ah_get_path_bits(ah) & 0x7f;
1748 	path->rlid = cpu_to_be16(rdma_ah_get_dlid(ah));
1749 	if (rdma_ah_get_static_rate(ah)) {
1750 		path->static_rate = rdma_ah_get_static_rate(ah) +
1751 				    MLX4_STAT_RATE_OFFSET;
1752 		while (path->static_rate > IB_RATE_2_5_GBPS + MLX4_STAT_RATE_OFFSET &&
1753 		       !(1 << path->static_rate & dev->dev->caps.stat_rate_support))
1754 			--path->static_rate;
1755 	} else
1756 		path->static_rate = 0;
1757 
1758 	if (rdma_ah_get_ah_flags(ah) & IB_AH_GRH) {
1759 		const struct ib_global_route *grh = rdma_ah_read_grh(ah);
1760 		int real_sgid_index =
1761 			mlx4_ib_gid_index_to_real_index(dev, grh->sgid_attr);
1762 
1763 		if (real_sgid_index < 0)
1764 			return real_sgid_index;
1765 		if (real_sgid_index >= dev->dev->caps.gid_table_len[port]) {
1766 			pr_err("sgid_index (%u) too large. max is %d\n",
1767 			       real_sgid_index, dev->dev->caps.gid_table_len[port] - 1);
1768 			return -1;
1769 		}
1770 
1771 		path->grh_mylmc |= 1 << 7;
1772 		path->mgid_index = real_sgid_index;
1773 		path->hop_limit  = grh->hop_limit;
1774 		path->tclass_flowlabel =
1775 			cpu_to_be32((grh->traffic_class << 20) |
1776 				    (grh->flow_label));
1777 		memcpy(path->rgid, grh->dgid.raw, 16);
1778 	}
1779 
1780 	if (ah->type == RDMA_AH_ATTR_TYPE_ROCE) {
1781 		if (!(rdma_ah_get_ah_flags(ah) & IB_AH_GRH))
1782 			return -1;
1783 
1784 		path->sched_queue = MLX4_IB_DEFAULT_SCHED_QUEUE |
1785 			((port - 1) << 6) | ((rdma_ah_get_sl(ah) & 7) << 3);
1786 
1787 		path->feup |= MLX4_FEUP_FORCE_ETH_UP;
1788 		if (vlan_tag < 0x1000) {
1789 			if (smac_info->vid < 0x1000) {
1790 				/* both valid vlan ids */
1791 				if (smac_info->vid != vlan_tag) {
1792 					/* different VIDs.  unreg old and reg new */
1793 					err = mlx4_register_vlan(dev->dev, port, vlan_tag, &vidx);
1794 					if (err)
1795 						return err;
1796 					smac_info->candidate_vid = vlan_tag;
1797 					smac_info->candidate_vlan_index = vidx;
1798 					smac_info->candidate_vlan_port = port;
1799 					smac_info->update_vid = 1;
1800 					path->vlan_index = vidx;
1801 				} else {
1802 					path->vlan_index = smac_info->vlan_index;
1803 				}
1804 			} else {
1805 				/* no current vlan tag in qp */
1806 				err = mlx4_register_vlan(dev->dev, port, vlan_tag, &vidx);
1807 				if (err)
1808 					return err;
1809 				smac_info->candidate_vid = vlan_tag;
1810 				smac_info->candidate_vlan_index = vidx;
1811 				smac_info->candidate_vlan_port = port;
1812 				smac_info->update_vid = 1;
1813 				path->vlan_index = vidx;
1814 			}
1815 			path->feup |= MLX4_FVL_FORCE_ETH_VLAN;
1816 			path->fl = 1 << 6;
1817 		} else {
1818 			/* have current vlan tag. unregister it at modify-qp success */
1819 			if (smac_info->vid < 0x1000) {
1820 				smac_info->candidate_vid = 0xFFFF;
1821 				smac_info->update_vid = 1;
1822 			}
1823 		}
1824 
1825 		/* get smac_index for RoCE use.
1826 		 * If no smac was yet assigned, register one.
1827 		 * If one was already assigned, but the new mac differs,
1828 		 * unregister the old one and register the new one.
1829 		*/
1830 		if ((!smac_info->smac && !smac_info->smac_port) ||
1831 		    smac_info->smac != smac) {
1832 			/* register candidate now, unreg if needed, after success */
1833 			smac_index = mlx4_register_mac(dev->dev, port, smac);
1834 			if (smac_index >= 0) {
1835 				smac_info->candidate_smac_index = smac_index;
1836 				smac_info->candidate_smac = smac;
1837 				smac_info->candidate_smac_port = port;
1838 			} else {
1839 				return -EINVAL;
1840 			}
1841 		} else {
1842 			smac_index = smac_info->smac_index;
1843 		}
1844 		memcpy(path->dmac, ah->roce.dmac, 6);
1845 		path->ackto = MLX4_IB_LINK_TYPE_ETH;
1846 		/* put MAC table smac index for IBoE */
1847 		path->grh_mylmc = (u8) (smac_index) | 0x80;
1848 	} else {
1849 		path->sched_queue = MLX4_IB_DEFAULT_SCHED_QUEUE |
1850 			((port - 1) << 6) | ((rdma_ah_get_sl(ah) & 0xf) << 2);
1851 	}
1852 
1853 	return 0;
1854 }
1855 
1856 static int mlx4_set_path(struct mlx4_ib_dev *dev, const struct ib_qp_attr *qp,
1857 			 enum ib_qp_attr_mask qp_attr_mask,
1858 			 struct mlx4_ib_qp *mqp,
1859 			 struct mlx4_qp_path *path, u8 port,
1860 			 u16 vlan_id, u8 *smac)
1861 {
1862 	return _mlx4_set_path(dev, &qp->ah_attr,
1863 			      mlx4_mac_to_u64(smac),
1864 			      vlan_id,
1865 			      path, &mqp->pri, port);
1866 }
1867 
1868 static int mlx4_set_alt_path(struct mlx4_ib_dev *dev,
1869 			     const struct ib_qp_attr *qp,
1870 			     enum ib_qp_attr_mask qp_attr_mask,
1871 			     struct mlx4_ib_qp *mqp,
1872 			     struct mlx4_qp_path *path, u8 port)
1873 {
1874 	return _mlx4_set_path(dev, &qp->alt_ah_attr,
1875 			      0,
1876 			      0xffff,
1877 			      path, &mqp->alt, port);
1878 }
1879 
1880 static void update_mcg_macs(struct mlx4_ib_dev *dev, struct mlx4_ib_qp *qp)
1881 {
1882 	struct mlx4_ib_gid_entry *ge, *tmp;
1883 
1884 	list_for_each_entry_safe(ge, tmp, &qp->gid_list, list) {
1885 		if (!ge->added && mlx4_ib_add_mc(dev, qp, &ge->gid)) {
1886 			ge->added = 1;
1887 			ge->port = qp->port;
1888 		}
1889 	}
1890 }
1891 
1892 static int handle_eth_ud_smac_index(struct mlx4_ib_dev *dev,
1893 				    struct mlx4_ib_qp *qp,
1894 				    struct mlx4_qp_context *context)
1895 {
1896 	u64 u64_mac;
1897 	int smac_index;
1898 
1899 	u64_mac = atomic64_read(&dev->iboe.mac[qp->port - 1]);
1900 
1901 	context->pri_path.sched_queue = MLX4_IB_DEFAULT_SCHED_QUEUE | ((qp->port - 1) << 6);
1902 	if (!qp->pri.smac && !qp->pri.smac_port) {
1903 		smac_index = mlx4_register_mac(dev->dev, qp->port, u64_mac);
1904 		if (smac_index >= 0) {
1905 			qp->pri.candidate_smac_index = smac_index;
1906 			qp->pri.candidate_smac = u64_mac;
1907 			qp->pri.candidate_smac_port = qp->port;
1908 			context->pri_path.grh_mylmc = 0x80 | (u8) smac_index;
1909 		} else {
1910 			return -ENOENT;
1911 		}
1912 	}
1913 	return 0;
1914 }
1915 
1916 static int create_qp_lb_counter(struct mlx4_ib_dev *dev, struct mlx4_ib_qp *qp)
1917 {
1918 	struct counter_index *new_counter_index;
1919 	int err;
1920 	u32 tmp_idx;
1921 
1922 	if (rdma_port_get_link_layer(&dev->ib_dev, qp->port) !=
1923 	    IB_LINK_LAYER_ETHERNET ||
1924 	    !(qp->flags & MLX4_IB_QP_BLOCK_MULTICAST_LOOPBACK) ||
1925 	    !(dev->dev->caps.flags2 & MLX4_DEV_CAP_FLAG2_LB_SRC_CHK))
1926 		return 0;
1927 
1928 	err = mlx4_counter_alloc(dev->dev, &tmp_idx, MLX4_RES_USAGE_DRIVER);
1929 	if (err)
1930 		return err;
1931 
1932 	new_counter_index = kmalloc(sizeof(*new_counter_index), GFP_KERNEL);
1933 	if (!new_counter_index) {
1934 		mlx4_counter_free(dev->dev, tmp_idx);
1935 		return -ENOMEM;
1936 	}
1937 
1938 	new_counter_index->index = tmp_idx;
1939 	new_counter_index->allocated = 1;
1940 	qp->counter_index = new_counter_index;
1941 
1942 	mutex_lock(&dev->counters_table[qp->port - 1].mutex);
1943 	list_add_tail(&new_counter_index->list,
1944 		      &dev->counters_table[qp->port - 1].counters_list);
1945 	mutex_unlock(&dev->counters_table[qp->port - 1].mutex);
1946 
1947 	return 0;
1948 }
1949 
1950 enum {
1951 	MLX4_QPC_ROCE_MODE_1 = 0,
1952 	MLX4_QPC_ROCE_MODE_2 = 2,
1953 	MLX4_QPC_ROCE_MODE_UNDEFINED = 0xff
1954 };
1955 
1956 static u8 gid_type_to_qpc(enum ib_gid_type gid_type)
1957 {
1958 	switch (gid_type) {
1959 	case IB_GID_TYPE_ROCE:
1960 		return MLX4_QPC_ROCE_MODE_1;
1961 	case IB_GID_TYPE_ROCE_UDP_ENCAP:
1962 		return MLX4_QPC_ROCE_MODE_2;
1963 	default:
1964 		return MLX4_QPC_ROCE_MODE_UNDEFINED;
1965 	}
1966 }
1967 
1968 /*
1969  * Go over all RSS QP's childes (WQs) and apply their HW state according to
1970  * their logic state if the RSS QP is the first RSS QP associated for the WQ.
1971  */
1972 static int bringup_rss_rwqs(struct ib_rwq_ind_table *ind_tbl, u8 port_num,
1973 			    struct ib_udata *udata)
1974 {
1975 	int err = 0;
1976 	int i;
1977 
1978 	for (i = 0; i < (1 << ind_tbl->log_ind_tbl_size); i++) {
1979 		struct ib_wq *ibwq = ind_tbl->ind_tbl[i];
1980 		struct mlx4_ib_qp *wq = to_mqp((struct ib_qp *)ibwq);
1981 
1982 		mutex_lock(&wq->mutex);
1983 
1984 		/* Mlx4_ib restrictions:
1985 		 * WQ's is associated to a port according to the RSS QP it is
1986 		 * associates to.
1987 		 * In case the WQ is associated to a different port by another
1988 		 * RSS QP, return a failure.
1989 		 */
1990 		if ((wq->rss_usecnt > 0) && (wq->port != port_num)) {
1991 			err = -EINVAL;
1992 			mutex_unlock(&wq->mutex);
1993 			break;
1994 		}
1995 		wq->port = port_num;
1996 		if ((wq->rss_usecnt == 0) && (ibwq->state == IB_WQS_RDY)) {
1997 			err = _mlx4_ib_modify_wq(ibwq, IB_WQS_RDY, udata);
1998 			if (err) {
1999 				mutex_unlock(&wq->mutex);
2000 				break;
2001 			}
2002 		}
2003 		wq->rss_usecnt++;
2004 
2005 		mutex_unlock(&wq->mutex);
2006 	}
2007 
2008 	if (i && err) {
2009 		int j;
2010 
2011 		for (j = (i - 1); j >= 0; j--) {
2012 			struct ib_wq *ibwq = ind_tbl->ind_tbl[j];
2013 			struct mlx4_ib_qp *wq = to_mqp((struct ib_qp *)ibwq);
2014 
2015 			mutex_lock(&wq->mutex);
2016 
2017 			if ((wq->rss_usecnt == 1) &&
2018 			    (ibwq->state == IB_WQS_RDY))
2019 				if (_mlx4_ib_modify_wq(ibwq, IB_WQS_RESET,
2020 						       udata))
2021 					pr_warn("failed to reverse WQN=0x%06x\n",
2022 						ibwq->wq_num);
2023 			wq->rss_usecnt--;
2024 
2025 			mutex_unlock(&wq->mutex);
2026 		}
2027 	}
2028 
2029 	return err;
2030 }
2031 
2032 static void bring_down_rss_rwqs(struct ib_rwq_ind_table *ind_tbl,
2033 				struct ib_udata *udata)
2034 {
2035 	int i;
2036 
2037 	for (i = 0; i < (1 << ind_tbl->log_ind_tbl_size); i++) {
2038 		struct ib_wq *ibwq = ind_tbl->ind_tbl[i];
2039 		struct mlx4_ib_qp *wq = to_mqp((struct ib_qp *)ibwq);
2040 
2041 		mutex_lock(&wq->mutex);
2042 
2043 		if ((wq->rss_usecnt == 1) && (ibwq->state == IB_WQS_RDY))
2044 			if (_mlx4_ib_modify_wq(ibwq, IB_WQS_RESET, udata))
2045 				pr_warn("failed to reverse WQN=%x\n",
2046 					ibwq->wq_num);
2047 		wq->rss_usecnt--;
2048 
2049 		mutex_unlock(&wq->mutex);
2050 	}
2051 }
2052 
2053 static void fill_qp_rss_context(struct mlx4_qp_context *context,
2054 				struct mlx4_ib_qp *qp)
2055 {
2056 	struct mlx4_rss_context *rss_context;
2057 
2058 	rss_context = (void *)context + offsetof(struct mlx4_qp_context,
2059 			pri_path) + MLX4_RSS_OFFSET_IN_QPC_PRI_PATH;
2060 
2061 	rss_context->base_qpn = cpu_to_be32(qp->rss_ctx->base_qpn_tbl_sz);
2062 	rss_context->default_qpn =
2063 		cpu_to_be32(qp->rss_ctx->base_qpn_tbl_sz & 0xffffff);
2064 	if (qp->rss_ctx->flags & (MLX4_RSS_UDP_IPV4 | MLX4_RSS_UDP_IPV6))
2065 		rss_context->base_qpn_udp = rss_context->default_qpn;
2066 	rss_context->flags = qp->rss_ctx->flags;
2067 	/* Currently support just toeplitz */
2068 	rss_context->hash_fn = MLX4_RSS_HASH_TOP;
2069 
2070 	memcpy(rss_context->rss_key, qp->rss_ctx->rss_key,
2071 	       MLX4_EN_RSS_KEY_SIZE);
2072 }
2073 
2074 static int __mlx4_ib_modify_qp(void *src, enum mlx4_ib_source_type src_type,
2075 			       const struct ib_qp_attr *attr, int attr_mask,
2076 			       enum ib_qp_state cur_state,
2077 			       enum ib_qp_state new_state,
2078 			       struct ib_udata *udata)
2079 {
2080 	struct ib_srq  *ibsrq;
2081 	const struct ib_gid_attr *gid_attr = NULL;
2082 	struct ib_rwq_ind_table *rwq_ind_tbl;
2083 	enum ib_qp_type qp_type;
2084 	struct mlx4_ib_dev *dev;
2085 	struct mlx4_ib_qp *qp;
2086 	struct mlx4_ib_pd *pd;
2087 	struct mlx4_ib_cq *send_cq, *recv_cq;
2088 	struct mlx4_ib_ucontext *ucontext = rdma_udata_to_drv_context(
2089 		udata, struct mlx4_ib_ucontext, ibucontext);
2090 	struct mlx4_qp_context *context;
2091 	enum mlx4_qp_optpar optpar = 0;
2092 	int sqd_event;
2093 	int steer_qp = 0;
2094 	int err = -EINVAL;
2095 	int counter_index;
2096 
2097 	if (src_type == MLX4_IB_RWQ_SRC) {
2098 		struct ib_wq *ibwq;
2099 
2100 		ibwq	    = (struct ib_wq *)src;
2101 		ibsrq	    = NULL;
2102 		rwq_ind_tbl = NULL;
2103 		qp_type     = IB_QPT_RAW_PACKET;
2104 		qp	    = to_mqp((struct ib_qp *)ibwq);
2105 		dev	    = to_mdev(ibwq->device);
2106 		pd	    = to_mpd(ibwq->pd);
2107 	} else {
2108 		struct ib_qp *ibqp;
2109 
2110 		ibqp	    = (struct ib_qp *)src;
2111 		ibsrq	    = ibqp->srq;
2112 		rwq_ind_tbl = ibqp->rwq_ind_tbl;
2113 		qp_type     = ibqp->qp_type;
2114 		qp	    = to_mqp(ibqp);
2115 		dev	    = to_mdev(ibqp->device);
2116 		pd	    = get_pd(qp);
2117 	}
2118 
2119 	/* APM is not supported under RoCE */
2120 	if (attr_mask & IB_QP_ALT_PATH &&
2121 	    rdma_port_get_link_layer(&dev->ib_dev, qp->port) ==
2122 	    IB_LINK_LAYER_ETHERNET)
2123 		return -ENOTSUPP;
2124 
2125 	context = kzalloc(sizeof *context, GFP_KERNEL);
2126 	if (!context)
2127 		return -ENOMEM;
2128 
2129 	context->flags = cpu_to_be32((to_mlx4_state(new_state) << 28) |
2130 				     (to_mlx4_st(dev, qp->mlx4_ib_qp_type) << 16));
2131 
2132 	if (!(attr_mask & IB_QP_PATH_MIG_STATE))
2133 		context->flags |= cpu_to_be32(MLX4_QP_PM_MIGRATED << 11);
2134 	else {
2135 		optpar |= MLX4_QP_OPTPAR_PM_STATE;
2136 		switch (attr->path_mig_state) {
2137 		case IB_MIG_MIGRATED:
2138 			context->flags |= cpu_to_be32(MLX4_QP_PM_MIGRATED << 11);
2139 			break;
2140 		case IB_MIG_REARM:
2141 			context->flags |= cpu_to_be32(MLX4_QP_PM_REARM << 11);
2142 			break;
2143 		case IB_MIG_ARMED:
2144 			context->flags |= cpu_to_be32(MLX4_QP_PM_ARMED << 11);
2145 			break;
2146 		}
2147 	}
2148 
2149 	if (qp->inl_recv_sz)
2150 		context->param3 |= cpu_to_be32(1 << 25);
2151 
2152 	if (qp->flags & MLX4_IB_QP_SCATTER_FCS)
2153 		context->param3 |= cpu_to_be32(1 << 29);
2154 
2155 	if (qp_type == IB_QPT_GSI || qp_type == IB_QPT_SMI)
2156 		context->mtu_msgmax = (IB_MTU_4096 << 5) | 11;
2157 	else if (qp_type == IB_QPT_RAW_PACKET)
2158 		context->mtu_msgmax = (MLX4_RAW_QP_MTU << 5) | MLX4_RAW_QP_MSGMAX;
2159 	else if (qp_type == IB_QPT_UD) {
2160 		if (qp->flags & MLX4_IB_QP_LSO)
2161 			context->mtu_msgmax = (IB_MTU_4096 << 5) |
2162 					      ilog2(dev->dev->caps.max_gso_sz);
2163 		else
2164 			context->mtu_msgmax = (IB_MTU_4096 << 5) | 13;
2165 	} else if (attr_mask & IB_QP_PATH_MTU) {
2166 		if (attr->path_mtu < IB_MTU_256 || attr->path_mtu > IB_MTU_4096) {
2167 			pr_err("path MTU (%u) is invalid\n",
2168 			       attr->path_mtu);
2169 			goto out;
2170 		}
2171 		context->mtu_msgmax = (attr->path_mtu << 5) |
2172 			ilog2(dev->dev->caps.max_msg_sz);
2173 	}
2174 
2175 	if (!rwq_ind_tbl) { /* PRM RSS receive side should be left zeros */
2176 		if (qp->rq.wqe_cnt)
2177 			context->rq_size_stride = ilog2(qp->rq.wqe_cnt) << 3;
2178 		context->rq_size_stride |= qp->rq.wqe_shift - 4;
2179 	}
2180 
2181 	if (qp->sq.wqe_cnt)
2182 		context->sq_size_stride = ilog2(qp->sq.wqe_cnt) << 3;
2183 	context->sq_size_stride |= qp->sq.wqe_shift - 4;
2184 
2185 	if (new_state == IB_QPS_RESET && qp->counter_index)
2186 		mlx4_ib_free_qp_counter(dev, qp);
2187 
2188 	if (cur_state == IB_QPS_RESET && new_state == IB_QPS_INIT) {
2189 		context->sq_size_stride |= !!qp->sq_no_prefetch << 7;
2190 		context->xrcd = cpu_to_be32((u32) qp->xrcdn);
2191 		if (qp_type == IB_QPT_RAW_PACKET)
2192 			context->param3 |= cpu_to_be32(1 << 30);
2193 	}
2194 
2195 	if (ucontext)
2196 		context->usr_page = cpu_to_be32(
2197 			mlx4_to_hw_uar_index(dev->dev, ucontext->uar.index));
2198 	else
2199 		context->usr_page = cpu_to_be32(
2200 			mlx4_to_hw_uar_index(dev->dev, dev->priv_uar.index));
2201 
2202 	if (attr_mask & IB_QP_DEST_QPN)
2203 		context->remote_qpn = cpu_to_be32(attr->dest_qp_num);
2204 
2205 	if (attr_mask & IB_QP_PORT) {
2206 		if (cur_state == IB_QPS_SQD && new_state == IB_QPS_SQD &&
2207 		    !(attr_mask & IB_QP_AV)) {
2208 			mlx4_set_sched(&context->pri_path, attr->port_num);
2209 			optpar |= MLX4_QP_OPTPAR_SCHED_QUEUE;
2210 		}
2211 	}
2212 
2213 	if (cur_state == IB_QPS_INIT && new_state == IB_QPS_RTR) {
2214 		err = create_qp_lb_counter(dev, qp);
2215 		if (err)
2216 			goto out;
2217 
2218 		counter_index =
2219 			dev->counters_table[qp->port - 1].default_counter;
2220 		if (qp->counter_index)
2221 			counter_index = qp->counter_index->index;
2222 
2223 		if (counter_index != -1) {
2224 			context->pri_path.counter_index = counter_index;
2225 			optpar |= MLX4_QP_OPTPAR_COUNTER_INDEX;
2226 			if (qp->counter_index) {
2227 				context->pri_path.fl |=
2228 					MLX4_FL_ETH_SRC_CHECK_MC_LB;
2229 				context->pri_path.vlan_control |=
2230 					MLX4_CTRL_ETH_SRC_CHECK_IF_COUNTER;
2231 			}
2232 		} else
2233 			context->pri_path.counter_index =
2234 				MLX4_SINK_COUNTER_INDEX(dev->dev);
2235 
2236 		if (qp->flags & MLX4_IB_QP_NETIF) {
2237 			mlx4_ib_steer_qp_reg(dev, qp, 1);
2238 			steer_qp = 1;
2239 		}
2240 
2241 		if (qp_type == IB_QPT_GSI) {
2242 			enum ib_gid_type gid_type = qp->flags & MLX4_IB_ROCE_V2_GSI_QP ?
2243 				IB_GID_TYPE_ROCE_UDP_ENCAP : IB_GID_TYPE_ROCE;
2244 			u8 qpc_roce_mode = gid_type_to_qpc(gid_type);
2245 
2246 			context->rlkey_roce_mode |= (qpc_roce_mode << 6);
2247 		}
2248 	}
2249 
2250 	if (attr_mask & IB_QP_PKEY_INDEX) {
2251 		if (qp->mlx4_ib_qp_type & MLX4_IB_QPT_ANY_SRIOV)
2252 			context->pri_path.disable_pkey_check = 0x40;
2253 		context->pri_path.pkey_index = attr->pkey_index;
2254 		optpar |= MLX4_QP_OPTPAR_PKEY_INDEX;
2255 	}
2256 
2257 	if (attr_mask & IB_QP_AV) {
2258 		u8 port_num = mlx4_is_bonded(dev->dev) ? 1 :
2259 			attr_mask & IB_QP_PORT ? attr->port_num : qp->port;
2260 		u16 vlan = 0xffff;
2261 		u8 smac[ETH_ALEN];
2262 		int is_eth =
2263 			rdma_cap_eth_ah(&dev->ib_dev, port_num) &&
2264 			rdma_ah_get_ah_flags(&attr->ah_attr) & IB_AH_GRH;
2265 
2266 		if (is_eth) {
2267 			gid_attr = attr->ah_attr.grh.sgid_attr;
2268 			err = rdma_read_gid_l2_fields(gid_attr, &vlan,
2269 						      &smac[0]);
2270 			if (err)
2271 				goto out;
2272 		}
2273 
2274 		if (mlx4_set_path(dev, attr, attr_mask, qp, &context->pri_path,
2275 				  port_num, vlan, smac))
2276 			goto out;
2277 
2278 		optpar |= (MLX4_QP_OPTPAR_PRIMARY_ADDR_PATH |
2279 			   MLX4_QP_OPTPAR_SCHED_QUEUE);
2280 
2281 		if (is_eth &&
2282 		    (cur_state == IB_QPS_INIT && new_state == IB_QPS_RTR)) {
2283 			u8 qpc_roce_mode = gid_type_to_qpc(gid_attr->gid_type);
2284 
2285 			if (qpc_roce_mode == MLX4_QPC_ROCE_MODE_UNDEFINED) {
2286 				err = -EINVAL;
2287 				goto out;
2288 			}
2289 			context->rlkey_roce_mode |= (qpc_roce_mode << 6);
2290 		}
2291 
2292 	}
2293 
2294 	if (attr_mask & IB_QP_TIMEOUT) {
2295 		context->pri_path.ackto |= attr->timeout << 3;
2296 		optpar |= MLX4_QP_OPTPAR_ACK_TIMEOUT;
2297 	}
2298 
2299 	if (attr_mask & IB_QP_ALT_PATH) {
2300 		if (attr->alt_port_num == 0 ||
2301 		    attr->alt_port_num > dev->dev->caps.num_ports)
2302 			goto out;
2303 
2304 		if (attr->alt_pkey_index >=
2305 		    dev->dev->caps.pkey_table_len[attr->alt_port_num])
2306 			goto out;
2307 
2308 		if (mlx4_set_alt_path(dev, attr, attr_mask, qp,
2309 				      &context->alt_path,
2310 				      attr->alt_port_num))
2311 			goto out;
2312 
2313 		context->alt_path.pkey_index = attr->alt_pkey_index;
2314 		context->alt_path.ackto = attr->alt_timeout << 3;
2315 		optpar |= MLX4_QP_OPTPAR_ALT_ADDR_PATH;
2316 	}
2317 
2318 	context->pd = cpu_to_be32(pd->pdn);
2319 
2320 	if (!rwq_ind_tbl) {
2321 		context->params1 = cpu_to_be32(MLX4_IB_ACK_REQ_FREQ << 28);
2322 		get_cqs(qp, src_type, &send_cq, &recv_cq);
2323 	} else { /* Set dummy CQs to be compatible with HV and PRM */
2324 		send_cq = to_mcq(rwq_ind_tbl->ind_tbl[0]->cq);
2325 		recv_cq = send_cq;
2326 	}
2327 	context->cqn_send = cpu_to_be32(send_cq->mcq.cqn);
2328 	context->cqn_recv = cpu_to_be32(recv_cq->mcq.cqn);
2329 
2330 	/* Set "fast registration enabled" for all kernel QPs */
2331 	if (!ucontext)
2332 		context->params1 |= cpu_to_be32(1 << 11);
2333 
2334 	if (attr_mask & IB_QP_RNR_RETRY) {
2335 		context->params1 |= cpu_to_be32(attr->rnr_retry << 13);
2336 		optpar |= MLX4_QP_OPTPAR_RNR_RETRY;
2337 	}
2338 
2339 	if (attr_mask & IB_QP_RETRY_CNT) {
2340 		context->params1 |= cpu_to_be32(attr->retry_cnt << 16);
2341 		optpar |= MLX4_QP_OPTPAR_RETRY_COUNT;
2342 	}
2343 
2344 	if (attr_mask & IB_QP_MAX_QP_RD_ATOMIC) {
2345 		if (attr->max_rd_atomic)
2346 			context->params1 |=
2347 				cpu_to_be32(fls(attr->max_rd_atomic - 1) << 21);
2348 		optpar |= MLX4_QP_OPTPAR_SRA_MAX;
2349 	}
2350 
2351 	if (attr_mask & IB_QP_SQ_PSN)
2352 		context->next_send_psn = cpu_to_be32(attr->sq_psn);
2353 
2354 	if (attr_mask & IB_QP_MAX_DEST_RD_ATOMIC) {
2355 		if (attr->max_dest_rd_atomic)
2356 			context->params2 |=
2357 				cpu_to_be32(fls(attr->max_dest_rd_atomic - 1) << 21);
2358 		optpar |= MLX4_QP_OPTPAR_RRA_MAX;
2359 	}
2360 
2361 	if (attr_mask & (IB_QP_ACCESS_FLAGS | IB_QP_MAX_DEST_RD_ATOMIC)) {
2362 		context->params2 |= to_mlx4_access_flags(qp, attr, attr_mask);
2363 		optpar |= MLX4_QP_OPTPAR_RWE | MLX4_QP_OPTPAR_RRE | MLX4_QP_OPTPAR_RAE;
2364 	}
2365 
2366 	if (ibsrq)
2367 		context->params2 |= cpu_to_be32(MLX4_QP_BIT_RIC);
2368 
2369 	if (attr_mask & IB_QP_MIN_RNR_TIMER) {
2370 		context->rnr_nextrecvpsn |= cpu_to_be32(attr->min_rnr_timer << 24);
2371 		optpar |= MLX4_QP_OPTPAR_RNR_TIMEOUT;
2372 	}
2373 	if (attr_mask & IB_QP_RQ_PSN)
2374 		context->rnr_nextrecvpsn |= cpu_to_be32(attr->rq_psn);
2375 
2376 	/* proxy and tunnel qp qkeys will be changed in modify-qp wrappers */
2377 	if (attr_mask & IB_QP_QKEY) {
2378 		if (qp->mlx4_ib_qp_type &
2379 		    (MLX4_IB_QPT_PROXY_SMI_OWNER | MLX4_IB_QPT_TUN_SMI_OWNER))
2380 			context->qkey = cpu_to_be32(IB_QP_SET_QKEY);
2381 		else {
2382 			if (mlx4_is_mfunc(dev->dev) &&
2383 			    !(qp->mlx4_ib_qp_type & MLX4_IB_QPT_ANY_SRIOV) &&
2384 			    (attr->qkey & MLX4_RESERVED_QKEY_MASK) ==
2385 			    MLX4_RESERVED_QKEY_BASE) {
2386 				pr_err("Cannot use reserved QKEY"
2387 				       " 0x%x (range 0xffff0000..0xffffffff"
2388 				       " is reserved)\n", attr->qkey);
2389 				err = -EINVAL;
2390 				goto out;
2391 			}
2392 			context->qkey = cpu_to_be32(attr->qkey);
2393 		}
2394 		optpar |= MLX4_QP_OPTPAR_Q_KEY;
2395 	}
2396 
2397 	if (ibsrq)
2398 		context->srqn = cpu_to_be32(1 << 24 |
2399 					    to_msrq(ibsrq)->msrq.srqn);
2400 
2401 	if (qp->rq.wqe_cnt &&
2402 	    cur_state == IB_QPS_RESET &&
2403 	    new_state == IB_QPS_INIT)
2404 		context->db_rec_addr = cpu_to_be64(qp->db.dma);
2405 
2406 	if (cur_state == IB_QPS_INIT &&
2407 	    new_state == IB_QPS_RTR  &&
2408 	    (qp_type == IB_QPT_GSI || qp_type == IB_QPT_SMI ||
2409 	     qp_type == IB_QPT_UD || qp_type == IB_QPT_RAW_PACKET)) {
2410 		context->pri_path.sched_queue = (qp->port - 1) << 6;
2411 		if (qp->mlx4_ib_qp_type == MLX4_IB_QPT_SMI ||
2412 		    qp->mlx4_ib_qp_type &
2413 		    (MLX4_IB_QPT_PROXY_SMI_OWNER | MLX4_IB_QPT_TUN_SMI_OWNER)) {
2414 			context->pri_path.sched_queue |= MLX4_IB_DEFAULT_QP0_SCHED_QUEUE;
2415 			if (qp->mlx4_ib_qp_type != MLX4_IB_QPT_SMI)
2416 				context->pri_path.fl = 0x80;
2417 		} else {
2418 			if (qp->mlx4_ib_qp_type & MLX4_IB_QPT_ANY_SRIOV)
2419 				context->pri_path.fl = 0x80;
2420 			context->pri_path.sched_queue |= MLX4_IB_DEFAULT_SCHED_QUEUE;
2421 		}
2422 		if (rdma_port_get_link_layer(&dev->ib_dev, qp->port) ==
2423 		    IB_LINK_LAYER_ETHERNET) {
2424 			if (qp->mlx4_ib_qp_type == MLX4_IB_QPT_TUN_GSI ||
2425 			    qp->mlx4_ib_qp_type == MLX4_IB_QPT_GSI)
2426 				context->pri_path.feup = 1 << 7; /* don't fsm */
2427 			/* handle smac_index */
2428 			if (qp->mlx4_ib_qp_type == MLX4_IB_QPT_UD ||
2429 			    qp->mlx4_ib_qp_type == MLX4_IB_QPT_PROXY_GSI ||
2430 			    qp->mlx4_ib_qp_type == MLX4_IB_QPT_TUN_GSI) {
2431 				err = handle_eth_ud_smac_index(dev, qp, context);
2432 				if (err) {
2433 					err = -EINVAL;
2434 					goto out;
2435 				}
2436 				if (qp->mlx4_ib_qp_type == MLX4_IB_QPT_PROXY_GSI)
2437 					dev->qp1_proxy[qp->port - 1] = qp;
2438 			}
2439 		}
2440 	}
2441 
2442 	if (qp_type == IB_QPT_RAW_PACKET) {
2443 		context->pri_path.ackto = (context->pri_path.ackto & 0xf8) |
2444 					MLX4_IB_LINK_TYPE_ETH;
2445 		if (dev->dev->caps.tunnel_offload_mode ==  MLX4_TUNNEL_OFFLOAD_MODE_VXLAN) {
2446 			/* set QP to receive both tunneled & non-tunneled packets */
2447 			if (!rwq_ind_tbl)
2448 				context->srqn = cpu_to_be32(7 << 28);
2449 		}
2450 	}
2451 
2452 	if (qp_type == IB_QPT_UD && (new_state == IB_QPS_RTR)) {
2453 		int is_eth = rdma_port_get_link_layer(
2454 				&dev->ib_dev, qp->port) ==
2455 				IB_LINK_LAYER_ETHERNET;
2456 		if (is_eth) {
2457 			context->pri_path.ackto = MLX4_IB_LINK_TYPE_ETH;
2458 			optpar |= MLX4_QP_OPTPAR_PRIMARY_ADDR_PATH;
2459 		}
2460 	}
2461 
2462 	if (cur_state == IB_QPS_RTS && new_state == IB_QPS_SQD	&&
2463 	    attr_mask & IB_QP_EN_SQD_ASYNC_NOTIFY && attr->en_sqd_async_notify)
2464 		sqd_event = 1;
2465 	else
2466 		sqd_event = 0;
2467 
2468 	if (!ucontext &&
2469 	    cur_state == IB_QPS_RESET &&
2470 	    new_state == IB_QPS_INIT)
2471 		context->rlkey_roce_mode |= (1 << 4);
2472 
2473 	/*
2474 	 * Before passing a kernel QP to the HW, make sure that the
2475 	 * ownership bits of the send queue are set and the SQ
2476 	 * headroom is stamped so that the hardware doesn't start
2477 	 * processing stale work requests.
2478 	 */
2479 	if (!ucontext &&
2480 	    cur_state == IB_QPS_RESET &&
2481 	    new_state == IB_QPS_INIT) {
2482 		struct mlx4_wqe_ctrl_seg *ctrl;
2483 		int i;
2484 
2485 		for (i = 0; i < qp->sq.wqe_cnt; ++i) {
2486 			ctrl = get_send_wqe(qp, i);
2487 			ctrl->owner_opcode = cpu_to_be32(1 << 31);
2488 			ctrl->qpn_vlan.fence_size =
2489 				1 << (qp->sq.wqe_shift - 4);
2490 			stamp_send_wqe(qp, i);
2491 		}
2492 	}
2493 
2494 	if (rwq_ind_tbl	&&
2495 	    cur_state == IB_QPS_RESET &&
2496 	    new_state == IB_QPS_INIT) {
2497 		fill_qp_rss_context(context, qp);
2498 		context->flags |= cpu_to_be32(1 << MLX4_RSS_QPC_FLAG_OFFSET);
2499 	}
2500 
2501 	err = mlx4_qp_modify(dev->dev, &qp->mtt, to_mlx4_state(cur_state),
2502 			     to_mlx4_state(new_state), context, optpar,
2503 			     sqd_event, &qp->mqp);
2504 	if (err)
2505 		goto out;
2506 
2507 	qp->state = new_state;
2508 
2509 	if (attr_mask & IB_QP_ACCESS_FLAGS)
2510 		qp->atomic_rd_en = attr->qp_access_flags;
2511 	if (attr_mask & IB_QP_MAX_DEST_RD_ATOMIC)
2512 		qp->resp_depth = attr->max_dest_rd_atomic;
2513 	if (attr_mask & IB_QP_PORT) {
2514 		qp->port = attr->port_num;
2515 		update_mcg_macs(dev, qp);
2516 	}
2517 	if (attr_mask & IB_QP_ALT_PATH)
2518 		qp->alt_port = attr->alt_port_num;
2519 
2520 	if (is_sqp(dev, qp))
2521 		store_sqp_attrs(qp->sqp, attr, attr_mask);
2522 
2523 	/*
2524 	 * If we moved QP0 to RTR, bring the IB link up; if we moved
2525 	 * QP0 to RESET or ERROR, bring the link back down.
2526 	 */
2527 	if (is_qp0(dev, qp)) {
2528 		if (cur_state != IB_QPS_RTR && new_state == IB_QPS_RTR)
2529 			if (mlx4_INIT_PORT(dev->dev, qp->port))
2530 				pr_warn("INIT_PORT failed for port %d\n",
2531 				       qp->port);
2532 
2533 		if (cur_state != IB_QPS_RESET && cur_state != IB_QPS_ERR &&
2534 		    (new_state == IB_QPS_RESET || new_state == IB_QPS_ERR))
2535 			mlx4_CLOSE_PORT(dev->dev, qp->port);
2536 	}
2537 
2538 	/*
2539 	 * If we moved a kernel QP to RESET, clean up all old CQ
2540 	 * entries and reinitialize the QP.
2541 	 */
2542 	if (new_state == IB_QPS_RESET) {
2543 		if (!ucontext) {
2544 			mlx4_ib_cq_clean(recv_cq, qp->mqp.qpn,
2545 					 ibsrq ? to_msrq(ibsrq) : NULL);
2546 			if (send_cq != recv_cq)
2547 				mlx4_ib_cq_clean(send_cq, qp->mqp.qpn, NULL);
2548 
2549 			qp->rq.head = 0;
2550 			qp->rq.tail = 0;
2551 			qp->sq.head = 0;
2552 			qp->sq.tail = 0;
2553 			qp->sq_next_wqe = 0;
2554 			if (qp->rq.wqe_cnt)
2555 				*qp->db.db  = 0;
2556 
2557 			if (qp->flags & MLX4_IB_QP_NETIF)
2558 				mlx4_ib_steer_qp_reg(dev, qp, 0);
2559 		}
2560 		if (qp->pri.smac || (!qp->pri.smac && qp->pri.smac_port)) {
2561 			mlx4_unregister_mac(dev->dev, qp->pri.smac_port, qp->pri.smac);
2562 			qp->pri.smac = 0;
2563 			qp->pri.smac_port = 0;
2564 		}
2565 		if (qp->alt.smac) {
2566 			mlx4_unregister_mac(dev->dev, qp->alt.smac_port, qp->alt.smac);
2567 			qp->alt.smac = 0;
2568 		}
2569 		if (qp->pri.vid < 0x1000) {
2570 			mlx4_unregister_vlan(dev->dev, qp->pri.vlan_port, qp->pri.vid);
2571 			qp->pri.vid = 0xFFFF;
2572 			qp->pri.candidate_vid = 0xFFFF;
2573 			qp->pri.update_vid = 0;
2574 		}
2575 
2576 		if (qp->alt.vid < 0x1000) {
2577 			mlx4_unregister_vlan(dev->dev, qp->alt.vlan_port, qp->alt.vid);
2578 			qp->alt.vid = 0xFFFF;
2579 			qp->alt.candidate_vid = 0xFFFF;
2580 			qp->alt.update_vid = 0;
2581 		}
2582 	}
2583 out:
2584 	if (err && qp->counter_index)
2585 		mlx4_ib_free_qp_counter(dev, qp);
2586 	if (err && steer_qp)
2587 		mlx4_ib_steer_qp_reg(dev, qp, 0);
2588 	kfree(context);
2589 	if (qp->pri.candidate_smac ||
2590 	    (!qp->pri.candidate_smac && qp->pri.candidate_smac_port)) {
2591 		if (err) {
2592 			mlx4_unregister_mac(dev->dev, qp->pri.candidate_smac_port, qp->pri.candidate_smac);
2593 		} else {
2594 			if (qp->pri.smac || (!qp->pri.smac && qp->pri.smac_port))
2595 				mlx4_unregister_mac(dev->dev, qp->pri.smac_port, qp->pri.smac);
2596 			qp->pri.smac = qp->pri.candidate_smac;
2597 			qp->pri.smac_index = qp->pri.candidate_smac_index;
2598 			qp->pri.smac_port = qp->pri.candidate_smac_port;
2599 		}
2600 		qp->pri.candidate_smac = 0;
2601 		qp->pri.candidate_smac_index = 0;
2602 		qp->pri.candidate_smac_port = 0;
2603 	}
2604 	if (qp->alt.candidate_smac) {
2605 		if (err) {
2606 			mlx4_unregister_mac(dev->dev, qp->alt.candidate_smac_port, qp->alt.candidate_smac);
2607 		} else {
2608 			if (qp->alt.smac)
2609 				mlx4_unregister_mac(dev->dev, qp->alt.smac_port, qp->alt.smac);
2610 			qp->alt.smac = qp->alt.candidate_smac;
2611 			qp->alt.smac_index = qp->alt.candidate_smac_index;
2612 			qp->alt.smac_port = qp->alt.candidate_smac_port;
2613 		}
2614 		qp->alt.candidate_smac = 0;
2615 		qp->alt.candidate_smac_index = 0;
2616 		qp->alt.candidate_smac_port = 0;
2617 	}
2618 
2619 	if (qp->pri.update_vid) {
2620 		if (err) {
2621 			if (qp->pri.candidate_vid < 0x1000)
2622 				mlx4_unregister_vlan(dev->dev, qp->pri.candidate_vlan_port,
2623 						     qp->pri.candidate_vid);
2624 		} else {
2625 			if (qp->pri.vid < 0x1000)
2626 				mlx4_unregister_vlan(dev->dev, qp->pri.vlan_port,
2627 						     qp->pri.vid);
2628 			qp->pri.vid = qp->pri.candidate_vid;
2629 			qp->pri.vlan_port = qp->pri.candidate_vlan_port;
2630 			qp->pri.vlan_index =  qp->pri.candidate_vlan_index;
2631 		}
2632 		qp->pri.candidate_vid = 0xFFFF;
2633 		qp->pri.update_vid = 0;
2634 	}
2635 
2636 	if (qp->alt.update_vid) {
2637 		if (err) {
2638 			if (qp->alt.candidate_vid < 0x1000)
2639 				mlx4_unregister_vlan(dev->dev, qp->alt.candidate_vlan_port,
2640 						     qp->alt.candidate_vid);
2641 		} else {
2642 			if (qp->alt.vid < 0x1000)
2643 				mlx4_unregister_vlan(dev->dev, qp->alt.vlan_port,
2644 						     qp->alt.vid);
2645 			qp->alt.vid = qp->alt.candidate_vid;
2646 			qp->alt.vlan_port = qp->alt.candidate_vlan_port;
2647 			qp->alt.vlan_index =  qp->alt.candidate_vlan_index;
2648 		}
2649 		qp->alt.candidate_vid = 0xFFFF;
2650 		qp->alt.update_vid = 0;
2651 	}
2652 
2653 	return err;
2654 }
2655 
2656 enum {
2657 	MLX4_IB_MODIFY_QP_RSS_SUP_ATTR_MSK = (IB_QP_STATE	|
2658 					      IB_QP_PORT),
2659 };
2660 
2661 static int _mlx4_ib_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr,
2662 			      int attr_mask, struct ib_udata *udata)
2663 {
2664 	struct mlx4_ib_dev *dev = to_mdev(ibqp->device);
2665 	struct mlx4_ib_qp *qp = to_mqp(ibqp);
2666 	enum ib_qp_state cur_state, new_state;
2667 	int err = -EINVAL;
2668 	mutex_lock(&qp->mutex);
2669 
2670 	cur_state = attr_mask & IB_QP_CUR_STATE ? attr->cur_qp_state : qp->state;
2671 	new_state = attr_mask & IB_QP_STATE ? attr->qp_state : cur_state;
2672 
2673 	if (!ib_modify_qp_is_ok(cur_state, new_state, ibqp->qp_type,
2674 				attr_mask)) {
2675 		pr_debug("qpn 0x%x: invalid attribute mask specified "
2676 			 "for transition %d to %d. qp_type %d,"
2677 			 " attr_mask 0x%x\n",
2678 			 ibqp->qp_num, cur_state, new_state,
2679 			 ibqp->qp_type, attr_mask);
2680 		goto out;
2681 	}
2682 
2683 	if (ibqp->rwq_ind_tbl) {
2684 		if (!(((cur_state == IB_QPS_RESET) &&
2685 		       (new_state == IB_QPS_INIT)) ||
2686 		      ((cur_state == IB_QPS_INIT)  &&
2687 		       (new_state == IB_QPS_RTR)))) {
2688 			pr_debug("qpn 0x%x: RSS QP unsupported transition %d to %d\n",
2689 				 ibqp->qp_num, cur_state, new_state);
2690 
2691 			err = -EOPNOTSUPP;
2692 			goto out;
2693 		}
2694 
2695 		if (attr_mask & ~MLX4_IB_MODIFY_QP_RSS_SUP_ATTR_MSK) {
2696 			pr_debug("qpn 0x%x: RSS QP unsupported attribute mask 0x%x for transition %d to %d\n",
2697 				 ibqp->qp_num, attr_mask, cur_state, new_state);
2698 
2699 			err = -EOPNOTSUPP;
2700 			goto out;
2701 		}
2702 	}
2703 
2704 	if (mlx4_is_bonded(dev->dev) && (attr_mask & IB_QP_PORT)) {
2705 		if ((cur_state == IB_QPS_RESET) && (new_state == IB_QPS_INIT)) {
2706 			if ((ibqp->qp_type == IB_QPT_RC) ||
2707 			    (ibqp->qp_type == IB_QPT_UD) ||
2708 			    (ibqp->qp_type == IB_QPT_UC) ||
2709 			    (ibqp->qp_type == IB_QPT_RAW_PACKET) ||
2710 			    (ibqp->qp_type == IB_QPT_XRC_INI)) {
2711 				attr->port_num = mlx4_ib_bond_next_port(dev);
2712 			}
2713 		} else {
2714 			/* no sense in changing port_num
2715 			 * when ports are bonded */
2716 			attr_mask &= ~IB_QP_PORT;
2717 		}
2718 	}
2719 
2720 	if ((attr_mask & IB_QP_PORT) &&
2721 	    (attr->port_num == 0 || attr->port_num > dev->num_ports)) {
2722 		pr_debug("qpn 0x%x: invalid port number (%d) specified "
2723 			 "for transition %d to %d. qp_type %d\n",
2724 			 ibqp->qp_num, attr->port_num, cur_state,
2725 			 new_state, ibqp->qp_type);
2726 		goto out;
2727 	}
2728 
2729 	if ((attr_mask & IB_QP_PORT) && (ibqp->qp_type == IB_QPT_RAW_PACKET) &&
2730 	    (rdma_port_get_link_layer(&dev->ib_dev, attr->port_num) !=
2731 	     IB_LINK_LAYER_ETHERNET))
2732 		goto out;
2733 
2734 	if (attr_mask & IB_QP_PKEY_INDEX) {
2735 		int p = attr_mask & IB_QP_PORT ? attr->port_num : qp->port;
2736 		if (attr->pkey_index >= dev->dev->caps.pkey_table_len[p]) {
2737 			pr_debug("qpn 0x%x: invalid pkey index (%d) specified "
2738 				 "for transition %d to %d. qp_type %d\n",
2739 				 ibqp->qp_num, attr->pkey_index, cur_state,
2740 				 new_state, ibqp->qp_type);
2741 			goto out;
2742 		}
2743 	}
2744 
2745 	if (attr_mask & IB_QP_MAX_QP_RD_ATOMIC &&
2746 	    attr->max_rd_atomic > dev->dev->caps.max_qp_init_rdma) {
2747 		pr_debug("qpn 0x%x: max_rd_atomic (%d) too large. "
2748 			 "Transition %d to %d. qp_type %d\n",
2749 			 ibqp->qp_num, attr->max_rd_atomic, cur_state,
2750 			 new_state, ibqp->qp_type);
2751 		goto out;
2752 	}
2753 
2754 	if (attr_mask & IB_QP_MAX_DEST_RD_ATOMIC &&
2755 	    attr->max_dest_rd_atomic > dev->dev->caps.max_qp_dest_rdma) {
2756 		pr_debug("qpn 0x%x: max_dest_rd_atomic (%d) too large. "
2757 			 "Transition %d to %d. qp_type %d\n",
2758 			 ibqp->qp_num, attr->max_dest_rd_atomic, cur_state,
2759 			 new_state, ibqp->qp_type);
2760 		goto out;
2761 	}
2762 
2763 	if (cur_state == new_state && cur_state == IB_QPS_RESET) {
2764 		err = 0;
2765 		goto out;
2766 	}
2767 
2768 	if (ibqp->rwq_ind_tbl && (new_state == IB_QPS_INIT)) {
2769 		err = bringup_rss_rwqs(ibqp->rwq_ind_tbl, attr->port_num,
2770 				       udata);
2771 		if (err)
2772 			goto out;
2773 	}
2774 
2775 	err = __mlx4_ib_modify_qp(ibqp, MLX4_IB_QP_SRC, attr, attr_mask,
2776 				  cur_state, new_state, udata);
2777 
2778 	if (ibqp->rwq_ind_tbl && err)
2779 		bring_down_rss_rwqs(ibqp->rwq_ind_tbl, udata);
2780 
2781 	if (mlx4_is_bonded(dev->dev) && (attr_mask & IB_QP_PORT))
2782 		attr->port_num = 1;
2783 
2784 out:
2785 	mutex_unlock(&qp->mutex);
2786 	return err;
2787 }
2788 
2789 int mlx4_ib_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr,
2790 		      int attr_mask, struct ib_udata *udata)
2791 {
2792 	struct mlx4_ib_qp *mqp = to_mqp(ibqp);
2793 	int ret;
2794 
2795 	if (attr_mask & ~IB_QP_ATTR_STANDARD_BITS)
2796 		return -EOPNOTSUPP;
2797 
2798 	ret = _mlx4_ib_modify_qp(ibqp, attr, attr_mask, udata);
2799 
2800 	if (mqp->mlx4_ib_qp_type == MLX4_IB_QPT_GSI) {
2801 		struct mlx4_ib_sqp *sqp = mqp->sqp;
2802 		int err = 0;
2803 
2804 		if (sqp->roce_v2_gsi)
2805 			err = ib_modify_qp(sqp->roce_v2_gsi, attr, attr_mask);
2806 		if (err)
2807 			pr_err("Failed to modify GSI QP for RoCEv2 (%d)\n",
2808 			       err);
2809 	}
2810 	return ret;
2811 }
2812 
2813 static int vf_get_qp0_qkey(struct mlx4_dev *dev, int qpn, u32 *qkey)
2814 {
2815 	int i;
2816 	for (i = 0; i < dev->caps.num_ports; i++) {
2817 		if (qpn == dev->caps.spec_qps[i].qp0_proxy ||
2818 		    qpn == dev->caps.spec_qps[i].qp0_tunnel) {
2819 			*qkey = dev->caps.spec_qps[i].qp0_qkey;
2820 			return 0;
2821 		}
2822 	}
2823 	return -EINVAL;
2824 }
2825 
2826 static int build_sriov_qp0_header(struct mlx4_ib_qp *qp,
2827 				  const struct ib_ud_wr *wr,
2828 				  void *wqe, unsigned *mlx_seg_len)
2829 {
2830 	struct mlx4_ib_dev *mdev = to_mdev(qp->ibqp.device);
2831 	struct mlx4_ib_sqp *sqp = qp->sqp;
2832 	struct ib_device *ib_dev = qp->ibqp.device;
2833 	struct mlx4_wqe_mlx_seg *mlx = wqe;
2834 	struct mlx4_wqe_inline_seg *inl = wqe + sizeof *mlx;
2835 	struct mlx4_ib_ah *ah = to_mah(wr->ah);
2836 	u16 pkey;
2837 	u32 qkey;
2838 	int send_size;
2839 	int header_size;
2840 	int spc;
2841 	int err;
2842 	int i;
2843 
2844 	if (wr->wr.opcode != IB_WR_SEND)
2845 		return -EINVAL;
2846 
2847 	send_size = 0;
2848 
2849 	for (i = 0; i < wr->wr.num_sge; ++i)
2850 		send_size += wr->wr.sg_list[i].length;
2851 
2852 	/* for proxy-qp0 sends, need to add in size of tunnel header */
2853 	/* for tunnel-qp0 sends, tunnel header is already in s/g list */
2854 	if (qp->mlx4_ib_qp_type == MLX4_IB_QPT_PROXY_SMI_OWNER)
2855 		send_size += sizeof (struct mlx4_ib_tunnel_header);
2856 
2857 	ib_ud_header_init(send_size, 1, 0, 0, 0, 0, 0, 0, &sqp->ud_header);
2858 
2859 	if (qp->mlx4_ib_qp_type == MLX4_IB_QPT_PROXY_SMI_OWNER) {
2860 		sqp->ud_header.lrh.service_level =
2861 			be32_to_cpu(ah->av.ib.sl_tclass_flowlabel) >> 28;
2862 		sqp->ud_header.lrh.destination_lid =
2863 			cpu_to_be16(ah->av.ib.g_slid & 0x7f);
2864 		sqp->ud_header.lrh.source_lid =
2865 			cpu_to_be16(ah->av.ib.g_slid & 0x7f);
2866 	}
2867 
2868 	mlx->flags &= cpu_to_be32(MLX4_WQE_CTRL_CQ_UPDATE);
2869 
2870 	/* force loopback */
2871 	mlx->flags |= cpu_to_be32(MLX4_WQE_MLX_VL15 | 0x1 | MLX4_WQE_MLX_SLR);
2872 	mlx->rlid = sqp->ud_header.lrh.destination_lid;
2873 
2874 	sqp->ud_header.lrh.virtual_lane    = 0;
2875 	sqp->ud_header.bth.solicited_event = !!(wr->wr.send_flags & IB_SEND_SOLICITED);
2876 	err = ib_get_cached_pkey(ib_dev, qp->port, 0, &pkey);
2877 	if (err)
2878 		return err;
2879 	sqp->ud_header.bth.pkey = cpu_to_be16(pkey);
2880 	if (qp->mlx4_ib_qp_type == MLX4_IB_QPT_TUN_SMI_OWNER)
2881 		sqp->ud_header.bth.destination_qpn = cpu_to_be32(wr->remote_qpn);
2882 	else
2883 		sqp->ud_header.bth.destination_qpn =
2884 			cpu_to_be32(mdev->dev->caps.spec_qps[qp->port - 1].qp0_tunnel);
2885 
2886 	sqp->ud_header.bth.psn = cpu_to_be32((sqp->send_psn++) & ((1 << 24) - 1));
2887 	if (mlx4_is_master(mdev->dev)) {
2888 		if (mlx4_get_parav_qkey(mdev->dev, qp->mqp.qpn, &qkey))
2889 			return -EINVAL;
2890 	} else {
2891 		if (vf_get_qp0_qkey(mdev->dev, qp->mqp.qpn, &qkey))
2892 			return -EINVAL;
2893 	}
2894 	sqp->ud_header.deth.qkey = cpu_to_be32(qkey);
2895 	sqp->ud_header.deth.source_qpn = cpu_to_be32(qp->mqp.qpn);
2896 
2897 	sqp->ud_header.bth.opcode        = IB_OPCODE_UD_SEND_ONLY;
2898 	sqp->ud_header.immediate_present = 0;
2899 
2900 	header_size = ib_ud_header_pack(&sqp->ud_header, sqp->header_buf);
2901 
2902 	/*
2903 	 * Inline data segments may not cross a 64 byte boundary.  If
2904 	 * our UD header is bigger than the space available up to the
2905 	 * next 64 byte boundary in the WQE, use two inline data
2906 	 * segments to hold the UD header.
2907 	 */
2908 	spc = MLX4_INLINE_ALIGN -
2909 	      ((unsigned long) (inl + 1) & (MLX4_INLINE_ALIGN - 1));
2910 	if (header_size <= spc) {
2911 		inl->byte_count = cpu_to_be32(1 << 31 | header_size);
2912 		memcpy(inl + 1, sqp->header_buf, header_size);
2913 		i = 1;
2914 	} else {
2915 		inl->byte_count = cpu_to_be32(1 << 31 | spc);
2916 		memcpy(inl + 1, sqp->header_buf, spc);
2917 
2918 		inl = (void *) (inl + 1) + spc;
2919 		memcpy(inl + 1, sqp->header_buf + spc, header_size - spc);
2920 		/*
2921 		 * Need a barrier here to make sure all the data is
2922 		 * visible before the byte_count field is set.
2923 		 * Otherwise the HCA prefetcher could grab the 64-byte
2924 		 * chunk with this inline segment and get a valid (!=
2925 		 * 0xffffffff) byte count but stale data, and end up
2926 		 * generating a packet with bad headers.
2927 		 *
2928 		 * The first inline segment's byte_count field doesn't
2929 		 * need a barrier, because it comes after a
2930 		 * control/MLX segment and therefore is at an offset
2931 		 * of 16 mod 64.
2932 		 */
2933 		wmb();
2934 		inl->byte_count = cpu_to_be32(1 << 31 | (header_size - spc));
2935 		i = 2;
2936 	}
2937 
2938 	*mlx_seg_len =
2939 	ALIGN(i * sizeof (struct mlx4_wqe_inline_seg) + header_size, 16);
2940 	return 0;
2941 }
2942 
2943 static u8 sl_to_vl(struct mlx4_ib_dev *dev, u8 sl, int port_num)
2944 {
2945 	union sl2vl_tbl_to_u64 tmp_vltab;
2946 	u8 vl;
2947 
2948 	if (sl > 15)
2949 		return 0xf;
2950 	tmp_vltab.sl64 = atomic64_read(&dev->sl2vl[port_num - 1]);
2951 	vl = tmp_vltab.sl8[sl >> 1];
2952 	if (sl & 1)
2953 		vl &= 0x0f;
2954 	else
2955 		vl >>= 4;
2956 	return vl;
2957 }
2958 
2959 static int fill_gid_by_hw_index(struct mlx4_ib_dev *ibdev, u8 port_num,
2960 				int index, union ib_gid *gid,
2961 				enum ib_gid_type *gid_type)
2962 {
2963 	struct mlx4_ib_iboe *iboe = &ibdev->iboe;
2964 	struct mlx4_port_gid_table *port_gid_table;
2965 	unsigned long flags;
2966 
2967 	port_gid_table = &iboe->gids[port_num - 1];
2968 	spin_lock_irqsave(&iboe->lock, flags);
2969 	memcpy(gid, &port_gid_table->gids[index].gid, sizeof(*gid));
2970 	*gid_type = port_gid_table->gids[index].gid_type;
2971 	spin_unlock_irqrestore(&iboe->lock, flags);
2972 	if (rdma_is_zero_gid(gid))
2973 		return -ENOENT;
2974 
2975 	return 0;
2976 }
2977 
2978 #define MLX4_ROCEV2_QP1_SPORT 0xC000
2979 static int build_mlx_header(struct mlx4_ib_qp *qp, const struct ib_ud_wr *wr,
2980 			    void *wqe, unsigned *mlx_seg_len)
2981 {
2982 	struct mlx4_ib_sqp *sqp = qp->sqp;
2983 	struct ib_device *ib_dev = qp->ibqp.device;
2984 	struct mlx4_ib_dev *ibdev = to_mdev(ib_dev);
2985 	struct mlx4_wqe_mlx_seg *mlx = wqe;
2986 	struct mlx4_wqe_ctrl_seg *ctrl = wqe;
2987 	struct mlx4_wqe_inline_seg *inl = wqe + sizeof *mlx;
2988 	struct mlx4_ib_ah *ah = to_mah(wr->ah);
2989 	union ib_gid sgid;
2990 	u16 pkey;
2991 	int send_size;
2992 	int header_size;
2993 	int spc;
2994 	int i;
2995 	int err = 0;
2996 	u16 vlan = 0xffff;
2997 	bool is_eth;
2998 	bool is_vlan = false;
2999 	bool is_grh;
3000 	bool is_udp = false;
3001 	int ip_version = 0;
3002 
3003 	send_size = 0;
3004 	for (i = 0; i < wr->wr.num_sge; ++i)
3005 		send_size += wr->wr.sg_list[i].length;
3006 
3007 	is_eth = rdma_port_get_link_layer(qp->ibqp.device, qp->port) == IB_LINK_LAYER_ETHERNET;
3008 	is_grh = mlx4_ib_ah_grh_present(ah);
3009 	if (is_eth) {
3010 		enum ib_gid_type gid_type;
3011 		if (mlx4_is_mfunc(to_mdev(ib_dev)->dev)) {
3012 			/* When multi-function is enabled, the ib_core gid
3013 			 * indexes don't necessarily match the hw ones, so
3014 			 * we must use our own cache */
3015 			err = mlx4_get_roce_gid_from_slave(to_mdev(ib_dev)->dev,
3016 							   be32_to_cpu(ah->av.ib.port_pd) >> 24,
3017 							   ah->av.ib.gid_index, &sgid.raw[0]);
3018 			if (err)
3019 				return err;
3020 		} else  {
3021 			err = fill_gid_by_hw_index(ibdev, qp->port,
3022 						   ah->av.ib.gid_index, &sgid,
3023 						   &gid_type);
3024 			if (!err) {
3025 				is_udp = gid_type == IB_GID_TYPE_ROCE_UDP_ENCAP;
3026 				if (is_udp) {
3027 					if (ipv6_addr_v4mapped((struct in6_addr *)&sgid))
3028 						ip_version = 4;
3029 					else
3030 						ip_version = 6;
3031 					is_grh = false;
3032 				}
3033 			} else {
3034 				return err;
3035 			}
3036 		}
3037 		if (ah->av.eth.vlan != cpu_to_be16(0xffff)) {
3038 			vlan = be16_to_cpu(ah->av.eth.vlan) & 0x0fff;
3039 			is_vlan = true;
3040 		}
3041 	}
3042 	err = ib_ud_header_init(send_size, !is_eth, is_eth, is_vlan, is_grh,
3043 			  ip_version, is_udp, 0, &sqp->ud_header);
3044 	if (err)
3045 		return err;
3046 
3047 	if (!is_eth) {
3048 		sqp->ud_header.lrh.service_level =
3049 			be32_to_cpu(ah->av.ib.sl_tclass_flowlabel) >> 28;
3050 		sqp->ud_header.lrh.destination_lid = ah->av.ib.dlid;
3051 		sqp->ud_header.lrh.source_lid = cpu_to_be16(ah->av.ib.g_slid & 0x7f);
3052 	}
3053 
3054 	if (is_grh || (ip_version == 6)) {
3055 		sqp->ud_header.grh.traffic_class =
3056 			(be32_to_cpu(ah->av.ib.sl_tclass_flowlabel) >> 20) & 0xff;
3057 		sqp->ud_header.grh.flow_label    =
3058 			ah->av.ib.sl_tclass_flowlabel & cpu_to_be32(0xfffff);
3059 		sqp->ud_header.grh.hop_limit     = ah->av.ib.hop_limit;
3060 		if (is_eth) {
3061 			memcpy(sqp->ud_header.grh.source_gid.raw, sgid.raw, 16);
3062 		} else {
3063 			if (mlx4_is_mfunc(to_mdev(ib_dev)->dev)) {
3064 				/* When multi-function is enabled, the ib_core gid
3065 				 * indexes don't necessarily match the hw ones, so
3066 				 * we must use our own cache
3067 				 */
3068 				sqp->ud_header.grh.source_gid.global
3069 					.subnet_prefix =
3070 					cpu_to_be64(atomic64_read(
3071 						&(to_mdev(ib_dev)
3072 							  ->sriov
3073 							  .demux[qp->port - 1]
3074 							  .subnet_prefix)));
3075 				sqp->ud_header.grh.source_gid.global
3076 					.interface_id =
3077 					to_mdev(ib_dev)
3078 						->sriov.demux[qp->port - 1]
3079 						.guid_cache[ah->av.ib.gid_index];
3080 			} else {
3081 				sqp->ud_header.grh.source_gid =
3082 					ah->ibah.sgid_attr->gid;
3083 			}
3084 		}
3085 		memcpy(sqp->ud_header.grh.destination_gid.raw,
3086 		       ah->av.ib.dgid, 16);
3087 	}
3088 
3089 	if (ip_version == 4) {
3090 		sqp->ud_header.ip4.tos =
3091 			(be32_to_cpu(ah->av.ib.sl_tclass_flowlabel) >> 20) & 0xff;
3092 		sqp->ud_header.ip4.id = 0;
3093 		sqp->ud_header.ip4.frag_off = htons(IP_DF);
3094 		sqp->ud_header.ip4.ttl = ah->av.eth.hop_limit;
3095 
3096 		memcpy(&sqp->ud_header.ip4.saddr,
3097 		       sgid.raw + 12, 4);
3098 		memcpy(&sqp->ud_header.ip4.daddr, ah->av.ib.dgid + 12, 4);
3099 		sqp->ud_header.ip4.check = ib_ud_ip4_csum(&sqp->ud_header);
3100 	}
3101 
3102 	if (is_udp) {
3103 		sqp->ud_header.udp.dport = htons(ROCE_V2_UDP_DPORT);
3104 		sqp->ud_header.udp.sport = htons(MLX4_ROCEV2_QP1_SPORT);
3105 		sqp->ud_header.udp.csum = 0;
3106 	}
3107 
3108 	mlx->flags &= cpu_to_be32(MLX4_WQE_CTRL_CQ_UPDATE);
3109 
3110 	if (!is_eth) {
3111 		mlx->flags |=
3112 			cpu_to_be32((!qp->ibqp.qp_num ? MLX4_WQE_MLX_VL15 : 0) |
3113 				    (sqp->ud_header.lrh.destination_lid ==
3114 						     IB_LID_PERMISSIVE ?
3115 					     MLX4_WQE_MLX_SLR :
3116 					     0) |
3117 				    (sqp->ud_header.lrh.service_level << 8));
3118 		if (ah->av.ib.port_pd & cpu_to_be32(0x80000000))
3119 			mlx->flags |= cpu_to_be32(0x1); /* force loopback */
3120 		mlx->rlid = sqp->ud_header.lrh.destination_lid;
3121 	}
3122 
3123 	switch (wr->wr.opcode) {
3124 	case IB_WR_SEND:
3125 		sqp->ud_header.bth.opcode	 = IB_OPCODE_UD_SEND_ONLY;
3126 		sqp->ud_header.immediate_present = 0;
3127 		break;
3128 	case IB_WR_SEND_WITH_IMM:
3129 		sqp->ud_header.bth.opcode	 = IB_OPCODE_UD_SEND_ONLY_WITH_IMMEDIATE;
3130 		sqp->ud_header.immediate_present = 1;
3131 		sqp->ud_header.immediate_data    = wr->wr.ex.imm_data;
3132 		break;
3133 	default:
3134 		return -EINVAL;
3135 	}
3136 
3137 	if (is_eth) {
3138 		struct in6_addr in6;
3139 		u16 ether_type;
3140 		u16 pcp = (be32_to_cpu(ah->av.ib.sl_tclass_flowlabel) >> 29) << 13;
3141 
3142 		ether_type = (!is_udp) ? ETH_P_IBOE:
3143 			(ip_version == 4 ? ETH_P_IP : ETH_P_IPV6);
3144 
3145 		mlx->sched_prio = cpu_to_be16(pcp);
3146 
3147 		ether_addr_copy(sqp->ud_header.eth.smac_h, ah->av.eth.s_mac);
3148 		memcpy(sqp->ud_header.eth.dmac_h, ah->av.eth.mac, 6);
3149 		memcpy(&ctrl->srcrb_flags16[0], ah->av.eth.mac, 2);
3150 		memcpy(&ctrl->imm, ah->av.eth.mac + 2, 4);
3151 		memcpy(&in6, sgid.raw, sizeof(in6));
3152 
3153 
3154 		if (!memcmp(sqp->ud_header.eth.smac_h, sqp->ud_header.eth.dmac_h, 6))
3155 			mlx->flags |= cpu_to_be32(MLX4_WQE_CTRL_FORCE_LOOPBACK);
3156 		if (!is_vlan) {
3157 			sqp->ud_header.eth.type = cpu_to_be16(ether_type);
3158 		} else {
3159 			sqp->ud_header.vlan.type = cpu_to_be16(ether_type);
3160 			sqp->ud_header.vlan.tag = cpu_to_be16(vlan | pcp);
3161 		}
3162 	} else {
3163 		sqp->ud_header.lrh.virtual_lane =
3164 			!qp->ibqp.qp_num ?
3165 				15 :
3166 				sl_to_vl(to_mdev(ib_dev),
3167 					 sqp->ud_header.lrh.service_level,
3168 					 qp->port);
3169 		if (qp->ibqp.qp_num && sqp->ud_header.lrh.virtual_lane == 15)
3170 			return -EINVAL;
3171 		if (sqp->ud_header.lrh.destination_lid == IB_LID_PERMISSIVE)
3172 			sqp->ud_header.lrh.source_lid = IB_LID_PERMISSIVE;
3173 	}
3174 	sqp->ud_header.bth.solicited_event = !!(wr->wr.send_flags & IB_SEND_SOLICITED);
3175 	if (!qp->ibqp.qp_num)
3176 		err = ib_get_cached_pkey(ib_dev, qp->port, sqp->pkey_index,
3177 					 &pkey);
3178 	else
3179 		err = ib_get_cached_pkey(ib_dev, qp->port, wr->pkey_index,
3180 					 &pkey);
3181 	if (err)
3182 		return err;
3183 
3184 	sqp->ud_header.bth.pkey = cpu_to_be16(pkey);
3185 	sqp->ud_header.bth.destination_qpn = cpu_to_be32(wr->remote_qpn);
3186 	sqp->ud_header.bth.psn = cpu_to_be32((sqp->send_psn++) & ((1 << 24) - 1));
3187 	sqp->ud_header.deth.qkey = cpu_to_be32(wr->remote_qkey & 0x80000000 ?
3188 					       sqp->qkey : wr->remote_qkey);
3189 	sqp->ud_header.deth.source_qpn = cpu_to_be32(qp->ibqp.qp_num);
3190 
3191 	header_size = ib_ud_header_pack(&sqp->ud_header, sqp->header_buf);
3192 
3193 	if (0) {
3194 		pr_err("built UD header of size %d:\n", header_size);
3195 		for (i = 0; i < header_size / 4; ++i) {
3196 			if (i % 8 == 0)
3197 				pr_err("  [%02x] ", i * 4);
3198 			pr_cont(" %08x",
3199 				be32_to_cpu(((__be32 *) sqp->header_buf)[i]));
3200 			if ((i + 1) % 8 == 0)
3201 				pr_cont("\n");
3202 		}
3203 		pr_err("\n");
3204 	}
3205 
3206 	/*
3207 	 * Inline data segments may not cross a 64 byte boundary.  If
3208 	 * our UD header is bigger than the space available up to the
3209 	 * next 64 byte boundary in the WQE, use two inline data
3210 	 * segments to hold the UD header.
3211 	 */
3212 	spc = MLX4_INLINE_ALIGN -
3213 		((unsigned long) (inl + 1) & (MLX4_INLINE_ALIGN - 1));
3214 	if (header_size <= spc) {
3215 		inl->byte_count = cpu_to_be32(1 << 31 | header_size);
3216 		memcpy(inl + 1, sqp->header_buf, header_size);
3217 		i = 1;
3218 	} else {
3219 		inl->byte_count = cpu_to_be32(1 << 31 | spc);
3220 		memcpy(inl + 1, sqp->header_buf, spc);
3221 
3222 		inl = (void *) (inl + 1) + spc;
3223 		memcpy(inl + 1, sqp->header_buf + spc, header_size - spc);
3224 		/*
3225 		 * Need a barrier here to make sure all the data is
3226 		 * visible before the byte_count field is set.
3227 		 * Otherwise the HCA prefetcher could grab the 64-byte
3228 		 * chunk with this inline segment and get a valid (!=
3229 		 * 0xffffffff) byte count but stale data, and end up
3230 		 * generating a packet with bad headers.
3231 		 *
3232 		 * The first inline segment's byte_count field doesn't
3233 		 * need a barrier, because it comes after a
3234 		 * control/MLX segment and therefore is at an offset
3235 		 * of 16 mod 64.
3236 		 */
3237 		wmb();
3238 		inl->byte_count = cpu_to_be32(1 << 31 | (header_size - spc));
3239 		i = 2;
3240 	}
3241 
3242 	*mlx_seg_len =
3243 		ALIGN(i * sizeof (struct mlx4_wqe_inline_seg) + header_size, 16);
3244 	return 0;
3245 }
3246 
3247 static int mlx4_wq_overflow(struct mlx4_ib_wq *wq, int nreq, struct ib_cq *ib_cq)
3248 {
3249 	unsigned cur;
3250 	struct mlx4_ib_cq *cq;
3251 
3252 	cur = wq->head - wq->tail;
3253 	if (likely(cur + nreq < wq->max_post))
3254 		return 0;
3255 
3256 	cq = to_mcq(ib_cq);
3257 	spin_lock(&cq->lock);
3258 	cur = wq->head - wq->tail;
3259 	spin_unlock(&cq->lock);
3260 
3261 	return cur + nreq >= wq->max_post;
3262 }
3263 
3264 static __be32 convert_access(int acc)
3265 {
3266 	return (acc & IB_ACCESS_REMOTE_ATOMIC ?
3267 		cpu_to_be32(MLX4_WQE_FMR_AND_BIND_PERM_ATOMIC)       : 0) |
3268 	       (acc & IB_ACCESS_REMOTE_WRITE  ?
3269 		cpu_to_be32(MLX4_WQE_FMR_AND_BIND_PERM_REMOTE_WRITE) : 0) |
3270 	       (acc & IB_ACCESS_REMOTE_READ   ?
3271 		cpu_to_be32(MLX4_WQE_FMR_AND_BIND_PERM_REMOTE_READ)  : 0) |
3272 	       (acc & IB_ACCESS_LOCAL_WRITE   ? cpu_to_be32(MLX4_WQE_FMR_PERM_LOCAL_WRITE)  : 0) |
3273 		cpu_to_be32(MLX4_WQE_FMR_PERM_LOCAL_READ);
3274 }
3275 
3276 static void set_reg_seg(struct mlx4_wqe_fmr_seg *fseg,
3277 			const struct ib_reg_wr *wr)
3278 {
3279 	struct mlx4_ib_mr *mr = to_mmr(wr->mr);
3280 
3281 	fseg->flags		= convert_access(wr->access);
3282 	fseg->mem_key		= cpu_to_be32(wr->key);
3283 	fseg->buf_list		= cpu_to_be64(mr->page_map);
3284 	fseg->start_addr	= cpu_to_be64(mr->ibmr.iova);
3285 	fseg->reg_len		= cpu_to_be64(mr->ibmr.length);
3286 	fseg->offset		= 0; /* XXX -- is this just for ZBVA? */
3287 	fseg->page_size		= cpu_to_be32(ilog2(mr->ibmr.page_size));
3288 	fseg->reserved[0]	= 0;
3289 	fseg->reserved[1]	= 0;
3290 }
3291 
3292 static void set_local_inv_seg(struct mlx4_wqe_local_inval_seg *iseg, u32 rkey)
3293 {
3294 	memset(iseg, 0, sizeof(*iseg));
3295 	iseg->mem_key = cpu_to_be32(rkey);
3296 }
3297 
3298 static __always_inline void set_raddr_seg(struct mlx4_wqe_raddr_seg *rseg,
3299 					  u64 remote_addr, u32 rkey)
3300 {
3301 	rseg->raddr    = cpu_to_be64(remote_addr);
3302 	rseg->rkey     = cpu_to_be32(rkey);
3303 	rseg->reserved = 0;
3304 }
3305 
3306 static void set_atomic_seg(struct mlx4_wqe_atomic_seg *aseg,
3307 			   const struct ib_atomic_wr *wr)
3308 {
3309 	if (wr->wr.opcode == IB_WR_ATOMIC_CMP_AND_SWP) {
3310 		aseg->swap_add = cpu_to_be64(wr->swap);
3311 		aseg->compare  = cpu_to_be64(wr->compare_add);
3312 	} else if (wr->wr.opcode == IB_WR_MASKED_ATOMIC_FETCH_AND_ADD) {
3313 		aseg->swap_add = cpu_to_be64(wr->compare_add);
3314 		aseg->compare  = cpu_to_be64(wr->compare_add_mask);
3315 	} else {
3316 		aseg->swap_add = cpu_to_be64(wr->compare_add);
3317 		aseg->compare  = 0;
3318 	}
3319 
3320 }
3321 
3322 static void set_masked_atomic_seg(struct mlx4_wqe_masked_atomic_seg *aseg,
3323 				  const struct ib_atomic_wr *wr)
3324 {
3325 	aseg->swap_add		= cpu_to_be64(wr->swap);
3326 	aseg->swap_add_mask	= cpu_to_be64(wr->swap_mask);
3327 	aseg->compare		= cpu_to_be64(wr->compare_add);
3328 	aseg->compare_mask	= cpu_to_be64(wr->compare_add_mask);
3329 }
3330 
3331 static void set_datagram_seg(struct mlx4_wqe_datagram_seg *dseg,
3332 			     const struct ib_ud_wr *wr)
3333 {
3334 	memcpy(dseg->av, &to_mah(wr->ah)->av, sizeof (struct mlx4_av));
3335 	dseg->dqpn = cpu_to_be32(wr->remote_qpn);
3336 	dseg->qkey = cpu_to_be32(wr->remote_qkey);
3337 	dseg->vlan = to_mah(wr->ah)->av.eth.vlan;
3338 	memcpy(dseg->mac, to_mah(wr->ah)->av.eth.mac, 6);
3339 }
3340 
3341 static void set_tunnel_datagram_seg(struct mlx4_ib_dev *dev,
3342 				    struct mlx4_wqe_datagram_seg *dseg,
3343 				    const struct ib_ud_wr *wr,
3344 				    enum mlx4_ib_qp_type qpt)
3345 {
3346 	union mlx4_ext_av *av = &to_mah(wr->ah)->av;
3347 	struct mlx4_av sqp_av = {0};
3348 	int port = *((u8 *) &av->ib.port_pd) & 0x3;
3349 
3350 	/* force loopback */
3351 	sqp_av.port_pd = av->ib.port_pd | cpu_to_be32(0x80000000);
3352 	sqp_av.g_slid = av->ib.g_slid & 0x7f; /* no GRH */
3353 	sqp_av.sl_tclass_flowlabel = av->ib.sl_tclass_flowlabel &
3354 			cpu_to_be32(0xf0000000);
3355 
3356 	memcpy(dseg->av, &sqp_av, sizeof (struct mlx4_av));
3357 	if (qpt == MLX4_IB_QPT_PROXY_GSI)
3358 		dseg->dqpn = cpu_to_be32(dev->dev->caps.spec_qps[port - 1].qp1_tunnel);
3359 	else
3360 		dseg->dqpn = cpu_to_be32(dev->dev->caps.spec_qps[port - 1].qp0_tunnel);
3361 	/* Use QKEY from the QP context, which is set by master */
3362 	dseg->qkey = cpu_to_be32(IB_QP_SET_QKEY);
3363 }
3364 
3365 static void build_tunnel_header(const struct ib_ud_wr *wr, void *wqe,
3366 				unsigned *mlx_seg_len)
3367 {
3368 	struct mlx4_wqe_inline_seg *inl = wqe;
3369 	struct mlx4_ib_tunnel_header hdr;
3370 	struct mlx4_ib_ah *ah = to_mah(wr->ah);
3371 	int spc;
3372 	int i;
3373 
3374 	memcpy(&hdr.av, &ah->av, sizeof hdr.av);
3375 	hdr.remote_qpn = cpu_to_be32(wr->remote_qpn);
3376 	hdr.pkey_index = cpu_to_be16(wr->pkey_index);
3377 	hdr.qkey = cpu_to_be32(wr->remote_qkey);
3378 	memcpy(hdr.mac, ah->av.eth.mac, 6);
3379 	hdr.vlan = ah->av.eth.vlan;
3380 
3381 	spc = MLX4_INLINE_ALIGN -
3382 		((unsigned long) (inl + 1) & (MLX4_INLINE_ALIGN - 1));
3383 	if (sizeof (hdr) <= spc) {
3384 		memcpy(inl + 1, &hdr, sizeof (hdr));
3385 		wmb();
3386 		inl->byte_count = cpu_to_be32(1 << 31 | sizeof (hdr));
3387 		i = 1;
3388 	} else {
3389 		memcpy(inl + 1, &hdr, spc);
3390 		wmb();
3391 		inl->byte_count = cpu_to_be32(1 << 31 | spc);
3392 
3393 		inl = (void *) (inl + 1) + spc;
3394 		memcpy(inl + 1, (void *) &hdr + spc, sizeof (hdr) - spc);
3395 		wmb();
3396 		inl->byte_count = cpu_to_be32(1 << 31 | (sizeof (hdr) - spc));
3397 		i = 2;
3398 	}
3399 
3400 	*mlx_seg_len =
3401 		ALIGN(i * sizeof (struct mlx4_wqe_inline_seg) + sizeof (hdr), 16);
3402 }
3403 
3404 static void set_mlx_icrc_seg(void *dseg)
3405 {
3406 	u32 *t = dseg;
3407 	struct mlx4_wqe_inline_seg *iseg = dseg;
3408 
3409 	t[1] = 0;
3410 
3411 	/*
3412 	 * Need a barrier here before writing the byte_count field to
3413 	 * make sure that all the data is visible before the
3414 	 * byte_count field is set.  Otherwise, if the segment begins
3415 	 * a new cacheline, the HCA prefetcher could grab the 64-byte
3416 	 * chunk and get a valid (!= * 0xffffffff) byte count but
3417 	 * stale data, and end up sending the wrong data.
3418 	 */
3419 	wmb();
3420 
3421 	iseg->byte_count = cpu_to_be32((1 << 31) | 4);
3422 }
3423 
3424 static void set_data_seg(struct mlx4_wqe_data_seg *dseg, struct ib_sge *sg)
3425 {
3426 	dseg->lkey       = cpu_to_be32(sg->lkey);
3427 	dseg->addr       = cpu_to_be64(sg->addr);
3428 
3429 	/*
3430 	 * Need a barrier here before writing the byte_count field to
3431 	 * make sure that all the data is visible before the
3432 	 * byte_count field is set.  Otherwise, if the segment begins
3433 	 * a new cacheline, the HCA prefetcher could grab the 64-byte
3434 	 * chunk and get a valid (!= * 0xffffffff) byte count but
3435 	 * stale data, and end up sending the wrong data.
3436 	 */
3437 	wmb();
3438 
3439 	dseg->byte_count = cpu_to_be32(sg->length);
3440 }
3441 
3442 static void __set_data_seg(struct mlx4_wqe_data_seg *dseg, struct ib_sge *sg)
3443 {
3444 	dseg->byte_count = cpu_to_be32(sg->length);
3445 	dseg->lkey       = cpu_to_be32(sg->lkey);
3446 	dseg->addr       = cpu_to_be64(sg->addr);
3447 }
3448 
3449 static int build_lso_seg(struct mlx4_wqe_lso_seg *wqe,
3450 			 const struct ib_ud_wr *wr, struct mlx4_ib_qp *qp,
3451 			 unsigned *lso_seg_len, __be32 *lso_hdr_sz, __be32 *blh)
3452 {
3453 	unsigned halign = ALIGN(sizeof *wqe + wr->hlen, 16);
3454 
3455 	if (unlikely(halign > MLX4_IB_CACHE_LINE_SIZE))
3456 		*blh = cpu_to_be32(1 << 6);
3457 
3458 	if (unlikely(!(qp->flags & MLX4_IB_QP_LSO) &&
3459 		     wr->wr.num_sge > qp->sq.max_gs - (halign >> 4)))
3460 		return -EINVAL;
3461 
3462 	memcpy(wqe->header, wr->header, wr->hlen);
3463 
3464 	*lso_hdr_sz  = cpu_to_be32(wr->mss << 16 | wr->hlen);
3465 	*lso_seg_len = halign;
3466 	return 0;
3467 }
3468 
3469 static __be32 send_ieth(const struct ib_send_wr *wr)
3470 {
3471 	switch (wr->opcode) {
3472 	case IB_WR_SEND_WITH_IMM:
3473 	case IB_WR_RDMA_WRITE_WITH_IMM:
3474 		return wr->ex.imm_data;
3475 
3476 	case IB_WR_SEND_WITH_INV:
3477 		return cpu_to_be32(wr->ex.invalidate_rkey);
3478 
3479 	default:
3480 		return 0;
3481 	}
3482 }
3483 
3484 static void add_zero_len_inline(void *wqe)
3485 {
3486 	struct mlx4_wqe_inline_seg *inl = wqe;
3487 	memset(wqe, 0, 16);
3488 	inl->byte_count = cpu_to_be32(1 << 31);
3489 }
3490 
3491 static int _mlx4_ib_post_send(struct ib_qp *ibqp, const struct ib_send_wr *wr,
3492 			      const struct ib_send_wr **bad_wr, bool drain)
3493 {
3494 	struct mlx4_ib_qp *qp = to_mqp(ibqp);
3495 	void *wqe;
3496 	struct mlx4_wqe_ctrl_seg *ctrl;
3497 	struct mlx4_wqe_data_seg *dseg;
3498 	unsigned long flags;
3499 	int nreq;
3500 	int err = 0;
3501 	unsigned ind;
3502 	int size;
3503 	unsigned seglen;
3504 	__be32 dummy;
3505 	__be32 *lso_wqe;
3506 	__be32 lso_hdr_sz;
3507 	__be32 blh;
3508 	int i;
3509 	struct mlx4_ib_dev *mdev = to_mdev(ibqp->device);
3510 
3511 	if (qp->mlx4_ib_qp_type == MLX4_IB_QPT_GSI) {
3512 		struct mlx4_ib_sqp *sqp = qp->sqp;
3513 
3514 		if (sqp->roce_v2_gsi) {
3515 			struct mlx4_ib_ah *ah = to_mah(ud_wr(wr)->ah);
3516 			enum ib_gid_type gid_type;
3517 			union ib_gid gid;
3518 
3519 			if (!fill_gid_by_hw_index(mdev, qp->port,
3520 					   ah->av.ib.gid_index,
3521 					   &gid, &gid_type))
3522 				qp = (gid_type == IB_GID_TYPE_ROCE_UDP_ENCAP) ?
3523 						to_mqp(sqp->roce_v2_gsi) : qp;
3524 			else
3525 				pr_err("Failed to get gid at index %d. RoCEv2 will not work properly\n",
3526 				       ah->av.ib.gid_index);
3527 		}
3528 	}
3529 
3530 	spin_lock_irqsave(&qp->sq.lock, flags);
3531 	if (mdev->dev->persist->state & MLX4_DEVICE_STATE_INTERNAL_ERROR &&
3532 	    !drain) {
3533 		err = -EIO;
3534 		*bad_wr = wr;
3535 		nreq = 0;
3536 		goto out;
3537 	}
3538 
3539 	ind = qp->sq_next_wqe;
3540 
3541 	for (nreq = 0; wr; ++nreq, wr = wr->next) {
3542 		lso_wqe = &dummy;
3543 		blh = 0;
3544 
3545 		if (mlx4_wq_overflow(&qp->sq, nreq, qp->ibqp.send_cq)) {
3546 			err = -ENOMEM;
3547 			*bad_wr = wr;
3548 			goto out;
3549 		}
3550 
3551 		if (unlikely(wr->num_sge > qp->sq.max_gs)) {
3552 			err = -EINVAL;
3553 			*bad_wr = wr;
3554 			goto out;
3555 		}
3556 
3557 		ctrl = wqe = get_send_wqe(qp, ind & (qp->sq.wqe_cnt - 1));
3558 		qp->sq.wrid[(qp->sq.head + nreq) & (qp->sq.wqe_cnt - 1)] = wr->wr_id;
3559 
3560 		ctrl->srcrb_flags =
3561 			(wr->send_flags & IB_SEND_SIGNALED ?
3562 			 cpu_to_be32(MLX4_WQE_CTRL_CQ_UPDATE) : 0) |
3563 			(wr->send_flags & IB_SEND_SOLICITED ?
3564 			 cpu_to_be32(MLX4_WQE_CTRL_SOLICITED) : 0) |
3565 			((wr->send_flags & IB_SEND_IP_CSUM) ?
3566 			 cpu_to_be32(MLX4_WQE_CTRL_IP_CSUM |
3567 				     MLX4_WQE_CTRL_TCP_UDP_CSUM) : 0) |
3568 			qp->sq_signal_bits;
3569 
3570 		ctrl->imm = send_ieth(wr);
3571 
3572 		wqe += sizeof *ctrl;
3573 		size = sizeof *ctrl / 16;
3574 
3575 		switch (qp->mlx4_ib_qp_type) {
3576 		case MLX4_IB_QPT_RC:
3577 		case MLX4_IB_QPT_UC:
3578 			switch (wr->opcode) {
3579 			case IB_WR_ATOMIC_CMP_AND_SWP:
3580 			case IB_WR_ATOMIC_FETCH_AND_ADD:
3581 			case IB_WR_MASKED_ATOMIC_FETCH_AND_ADD:
3582 				set_raddr_seg(wqe, atomic_wr(wr)->remote_addr,
3583 					      atomic_wr(wr)->rkey);
3584 				wqe  += sizeof (struct mlx4_wqe_raddr_seg);
3585 
3586 				set_atomic_seg(wqe, atomic_wr(wr));
3587 				wqe  += sizeof (struct mlx4_wqe_atomic_seg);
3588 
3589 				size += (sizeof (struct mlx4_wqe_raddr_seg) +
3590 					 sizeof (struct mlx4_wqe_atomic_seg)) / 16;
3591 
3592 				break;
3593 
3594 			case IB_WR_MASKED_ATOMIC_CMP_AND_SWP:
3595 				set_raddr_seg(wqe, atomic_wr(wr)->remote_addr,
3596 					      atomic_wr(wr)->rkey);
3597 				wqe  += sizeof (struct mlx4_wqe_raddr_seg);
3598 
3599 				set_masked_atomic_seg(wqe, atomic_wr(wr));
3600 				wqe  += sizeof (struct mlx4_wqe_masked_atomic_seg);
3601 
3602 				size += (sizeof (struct mlx4_wqe_raddr_seg) +
3603 					 sizeof (struct mlx4_wqe_masked_atomic_seg)) / 16;
3604 
3605 				break;
3606 
3607 			case IB_WR_RDMA_READ:
3608 			case IB_WR_RDMA_WRITE:
3609 			case IB_WR_RDMA_WRITE_WITH_IMM:
3610 				set_raddr_seg(wqe, rdma_wr(wr)->remote_addr,
3611 					      rdma_wr(wr)->rkey);
3612 				wqe  += sizeof (struct mlx4_wqe_raddr_seg);
3613 				size += sizeof (struct mlx4_wqe_raddr_seg) / 16;
3614 				break;
3615 
3616 			case IB_WR_LOCAL_INV:
3617 				ctrl->srcrb_flags |=
3618 					cpu_to_be32(MLX4_WQE_CTRL_STRONG_ORDER);
3619 				set_local_inv_seg(wqe, wr->ex.invalidate_rkey);
3620 				wqe  += sizeof (struct mlx4_wqe_local_inval_seg);
3621 				size += sizeof (struct mlx4_wqe_local_inval_seg) / 16;
3622 				break;
3623 
3624 			case IB_WR_REG_MR:
3625 				ctrl->srcrb_flags |=
3626 					cpu_to_be32(MLX4_WQE_CTRL_STRONG_ORDER);
3627 				set_reg_seg(wqe, reg_wr(wr));
3628 				wqe  += sizeof(struct mlx4_wqe_fmr_seg);
3629 				size += sizeof(struct mlx4_wqe_fmr_seg) / 16;
3630 				break;
3631 
3632 			default:
3633 				/* No extra segments required for sends */
3634 				break;
3635 			}
3636 			break;
3637 
3638 		case MLX4_IB_QPT_TUN_SMI_OWNER:
3639 			err = build_sriov_qp0_header(qp, ud_wr(wr), ctrl,
3640 						     &seglen);
3641 			if (unlikely(err)) {
3642 				*bad_wr = wr;
3643 				goto out;
3644 			}
3645 			wqe  += seglen;
3646 			size += seglen / 16;
3647 			break;
3648 		case MLX4_IB_QPT_TUN_SMI:
3649 		case MLX4_IB_QPT_TUN_GSI:
3650 			/* this is a UD qp used in MAD responses to slaves. */
3651 			set_datagram_seg(wqe, ud_wr(wr));
3652 			/* set the forced-loopback bit in the data seg av */
3653 			*(__be32 *) wqe |= cpu_to_be32(0x80000000);
3654 			wqe  += sizeof (struct mlx4_wqe_datagram_seg);
3655 			size += sizeof (struct mlx4_wqe_datagram_seg) / 16;
3656 			break;
3657 		case MLX4_IB_QPT_UD:
3658 			set_datagram_seg(wqe, ud_wr(wr));
3659 			wqe  += sizeof (struct mlx4_wqe_datagram_seg);
3660 			size += sizeof (struct mlx4_wqe_datagram_seg) / 16;
3661 
3662 			if (wr->opcode == IB_WR_LSO) {
3663 				err = build_lso_seg(wqe, ud_wr(wr), qp, &seglen,
3664 						&lso_hdr_sz, &blh);
3665 				if (unlikely(err)) {
3666 					*bad_wr = wr;
3667 					goto out;
3668 				}
3669 				lso_wqe = (__be32 *) wqe;
3670 				wqe  += seglen;
3671 				size += seglen / 16;
3672 			}
3673 			break;
3674 
3675 		case MLX4_IB_QPT_PROXY_SMI_OWNER:
3676 			err = build_sriov_qp0_header(qp, ud_wr(wr), ctrl,
3677 						     &seglen);
3678 			if (unlikely(err)) {
3679 				*bad_wr = wr;
3680 				goto out;
3681 			}
3682 			wqe  += seglen;
3683 			size += seglen / 16;
3684 			/* to start tunnel header on a cache-line boundary */
3685 			add_zero_len_inline(wqe);
3686 			wqe += 16;
3687 			size++;
3688 			build_tunnel_header(ud_wr(wr), wqe, &seglen);
3689 			wqe  += seglen;
3690 			size += seglen / 16;
3691 			break;
3692 		case MLX4_IB_QPT_PROXY_SMI:
3693 		case MLX4_IB_QPT_PROXY_GSI:
3694 			/* If we are tunneling special qps, this is a UD qp.
3695 			 * In this case we first add a UD segment targeting
3696 			 * the tunnel qp, and then add a header with address
3697 			 * information */
3698 			set_tunnel_datagram_seg(to_mdev(ibqp->device), wqe,
3699 						ud_wr(wr),
3700 						qp->mlx4_ib_qp_type);
3701 			wqe  += sizeof (struct mlx4_wqe_datagram_seg);
3702 			size += sizeof (struct mlx4_wqe_datagram_seg) / 16;
3703 			build_tunnel_header(ud_wr(wr), wqe, &seglen);
3704 			wqe  += seglen;
3705 			size += seglen / 16;
3706 			break;
3707 
3708 		case MLX4_IB_QPT_SMI:
3709 		case MLX4_IB_QPT_GSI:
3710 			err = build_mlx_header(qp, ud_wr(wr), ctrl, &seglen);
3711 			if (unlikely(err)) {
3712 				*bad_wr = wr;
3713 				goto out;
3714 			}
3715 			wqe  += seglen;
3716 			size += seglen / 16;
3717 			break;
3718 
3719 		default:
3720 			break;
3721 		}
3722 
3723 		/*
3724 		 * Write data segments in reverse order, so as to
3725 		 * overwrite cacheline stamp last within each
3726 		 * cacheline.  This avoids issues with WQE
3727 		 * prefetching.
3728 		 */
3729 
3730 		dseg = wqe;
3731 		dseg += wr->num_sge - 1;
3732 		size += wr->num_sge * (sizeof (struct mlx4_wqe_data_seg) / 16);
3733 
3734 		/* Add one more inline data segment for ICRC for MLX sends */
3735 		if (unlikely(qp->mlx4_ib_qp_type == MLX4_IB_QPT_SMI ||
3736 			     qp->mlx4_ib_qp_type == MLX4_IB_QPT_GSI ||
3737 			     qp->mlx4_ib_qp_type &
3738 			     (MLX4_IB_QPT_PROXY_SMI_OWNER | MLX4_IB_QPT_TUN_SMI_OWNER))) {
3739 			set_mlx_icrc_seg(dseg + 1);
3740 			size += sizeof (struct mlx4_wqe_data_seg) / 16;
3741 		}
3742 
3743 		for (i = wr->num_sge - 1; i >= 0; --i, --dseg)
3744 			set_data_seg(dseg, wr->sg_list + i);
3745 
3746 		/*
3747 		 * Possibly overwrite stamping in cacheline with LSO
3748 		 * segment only after making sure all data segments
3749 		 * are written.
3750 		 */
3751 		wmb();
3752 		*lso_wqe = lso_hdr_sz;
3753 
3754 		ctrl->qpn_vlan.fence_size = (wr->send_flags & IB_SEND_FENCE ?
3755 					     MLX4_WQE_CTRL_FENCE : 0) | size;
3756 
3757 		/*
3758 		 * Make sure descriptor is fully written before
3759 		 * setting ownership bit (because HW can start
3760 		 * executing as soon as we do).
3761 		 */
3762 		wmb();
3763 
3764 		if (wr->opcode < 0 || wr->opcode >= ARRAY_SIZE(mlx4_ib_opcode)) {
3765 			*bad_wr = wr;
3766 			err = -EINVAL;
3767 			goto out;
3768 		}
3769 
3770 		ctrl->owner_opcode = mlx4_ib_opcode[wr->opcode] |
3771 			(ind & qp->sq.wqe_cnt ? cpu_to_be32(1 << 31) : 0) | blh;
3772 
3773 		/*
3774 		 * We can improve latency by not stamping the last
3775 		 * send queue WQE until after ringing the doorbell, so
3776 		 * only stamp here if there are still more WQEs to post.
3777 		 */
3778 		if (wr->next)
3779 			stamp_send_wqe(qp, ind + qp->sq_spare_wqes);
3780 		ind++;
3781 	}
3782 
3783 out:
3784 	if (likely(nreq)) {
3785 		qp->sq.head += nreq;
3786 
3787 		/*
3788 		 * Make sure that descriptors are written before
3789 		 * doorbell record.
3790 		 */
3791 		wmb();
3792 
3793 		writel_relaxed(qp->doorbell_qpn,
3794 			to_mdev(ibqp->device)->uar_map + MLX4_SEND_DOORBELL);
3795 
3796 		stamp_send_wqe(qp, ind + qp->sq_spare_wqes - 1);
3797 
3798 		qp->sq_next_wqe = ind;
3799 	}
3800 
3801 	spin_unlock_irqrestore(&qp->sq.lock, flags);
3802 
3803 	return err;
3804 }
3805 
3806 int mlx4_ib_post_send(struct ib_qp *ibqp, const struct ib_send_wr *wr,
3807 		      const struct ib_send_wr **bad_wr)
3808 {
3809 	return _mlx4_ib_post_send(ibqp, wr, bad_wr, false);
3810 }
3811 
3812 static int _mlx4_ib_post_recv(struct ib_qp *ibqp, const struct ib_recv_wr *wr,
3813 			      const struct ib_recv_wr **bad_wr, bool drain)
3814 {
3815 	struct mlx4_ib_qp *qp = to_mqp(ibqp);
3816 	struct mlx4_wqe_data_seg *scat;
3817 	unsigned long flags;
3818 	int err = 0;
3819 	int nreq;
3820 	int ind;
3821 	int max_gs;
3822 	int i;
3823 	struct mlx4_ib_dev *mdev = to_mdev(ibqp->device);
3824 
3825 	max_gs = qp->rq.max_gs;
3826 	spin_lock_irqsave(&qp->rq.lock, flags);
3827 
3828 	if (mdev->dev->persist->state & MLX4_DEVICE_STATE_INTERNAL_ERROR &&
3829 	    !drain) {
3830 		err = -EIO;
3831 		*bad_wr = wr;
3832 		nreq = 0;
3833 		goto out;
3834 	}
3835 
3836 	ind = qp->rq.head & (qp->rq.wqe_cnt - 1);
3837 
3838 	for (nreq = 0; wr; ++nreq, wr = wr->next) {
3839 		if (mlx4_wq_overflow(&qp->rq, nreq, qp->ibqp.recv_cq)) {
3840 			err = -ENOMEM;
3841 			*bad_wr = wr;
3842 			goto out;
3843 		}
3844 
3845 		if (unlikely(wr->num_sge > qp->rq.max_gs)) {
3846 			err = -EINVAL;
3847 			*bad_wr = wr;
3848 			goto out;
3849 		}
3850 
3851 		scat = get_recv_wqe(qp, ind);
3852 
3853 		if (qp->mlx4_ib_qp_type & (MLX4_IB_QPT_PROXY_SMI_OWNER |
3854 		    MLX4_IB_QPT_PROXY_SMI | MLX4_IB_QPT_PROXY_GSI)) {
3855 			ib_dma_sync_single_for_device(ibqp->device,
3856 						      qp->sqp_proxy_rcv[ind].map,
3857 						      sizeof (struct mlx4_ib_proxy_sqp_hdr),
3858 						      DMA_FROM_DEVICE);
3859 			scat->byte_count =
3860 				cpu_to_be32(sizeof (struct mlx4_ib_proxy_sqp_hdr));
3861 			/* use dma lkey from upper layer entry */
3862 			scat->lkey = cpu_to_be32(wr->sg_list->lkey);
3863 			scat->addr = cpu_to_be64(qp->sqp_proxy_rcv[ind].map);
3864 			scat++;
3865 			max_gs--;
3866 		}
3867 
3868 		for (i = 0; i < wr->num_sge; ++i)
3869 			__set_data_seg(scat + i, wr->sg_list + i);
3870 
3871 		if (i < max_gs) {
3872 			scat[i].byte_count = 0;
3873 			scat[i].lkey       = cpu_to_be32(MLX4_INVALID_LKEY);
3874 			scat[i].addr       = 0;
3875 		}
3876 
3877 		qp->rq.wrid[ind] = wr->wr_id;
3878 
3879 		ind = (ind + 1) & (qp->rq.wqe_cnt - 1);
3880 	}
3881 
3882 out:
3883 	if (likely(nreq)) {
3884 		qp->rq.head += nreq;
3885 
3886 		/*
3887 		 * Make sure that descriptors are written before
3888 		 * doorbell record.
3889 		 */
3890 		wmb();
3891 
3892 		*qp->db.db = cpu_to_be32(qp->rq.head & 0xffff);
3893 	}
3894 
3895 	spin_unlock_irqrestore(&qp->rq.lock, flags);
3896 
3897 	return err;
3898 }
3899 
3900 int mlx4_ib_post_recv(struct ib_qp *ibqp, const struct ib_recv_wr *wr,
3901 		      const struct ib_recv_wr **bad_wr)
3902 {
3903 	return _mlx4_ib_post_recv(ibqp, wr, bad_wr, false);
3904 }
3905 
3906 static inline enum ib_qp_state to_ib_qp_state(enum mlx4_qp_state mlx4_state)
3907 {
3908 	switch (mlx4_state) {
3909 	case MLX4_QP_STATE_RST:      return IB_QPS_RESET;
3910 	case MLX4_QP_STATE_INIT:     return IB_QPS_INIT;
3911 	case MLX4_QP_STATE_RTR:      return IB_QPS_RTR;
3912 	case MLX4_QP_STATE_RTS:      return IB_QPS_RTS;
3913 	case MLX4_QP_STATE_SQ_DRAINING:
3914 	case MLX4_QP_STATE_SQD:      return IB_QPS_SQD;
3915 	case MLX4_QP_STATE_SQER:     return IB_QPS_SQE;
3916 	case MLX4_QP_STATE_ERR:      return IB_QPS_ERR;
3917 	default:		     return -1;
3918 	}
3919 }
3920 
3921 static inline enum ib_mig_state to_ib_mig_state(int mlx4_mig_state)
3922 {
3923 	switch (mlx4_mig_state) {
3924 	case MLX4_QP_PM_ARMED:		return IB_MIG_ARMED;
3925 	case MLX4_QP_PM_REARM:		return IB_MIG_REARM;
3926 	case MLX4_QP_PM_MIGRATED:	return IB_MIG_MIGRATED;
3927 	default: return -1;
3928 	}
3929 }
3930 
3931 static int to_ib_qp_access_flags(int mlx4_flags)
3932 {
3933 	int ib_flags = 0;
3934 
3935 	if (mlx4_flags & MLX4_QP_BIT_RRE)
3936 		ib_flags |= IB_ACCESS_REMOTE_READ;
3937 	if (mlx4_flags & MLX4_QP_BIT_RWE)
3938 		ib_flags |= IB_ACCESS_REMOTE_WRITE;
3939 	if (mlx4_flags & MLX4_QP_BIT_RAE)
3940 		ib_flags |= IB_ACCESS_REMOTE_ATOMIC;
3941 
3942 	return ib_flags;
3943 }
3944 
3945 static void to_rdma_ah_attr(struct mlx4_ib_dev *ibdev,
3946 			    struct rdma_ah_attr *ah_attr,
3947 			    struct mlx4_qp_path *path)
3948 {
3949 	struct mlx4_dev *dev = ibdev->dev;
3950 	u8 port_num = path->sched_queue & 0x40 ? 2 : 1;
3951 
3952 	memset(ah_attr, 0, sizeof(*ah_attr));
3953 	if (port_num == 0 || port_num > dev->caps.num_ports)
3954 		return;
3955 	ah_attr->type = rdma_ah_find_type(&ibdev->ib_dev, port_num);
3956 
3957 	if (ah_attr->type == RDMA_AH_ATTR_TYPE_ROCE)
3958 		rdma_ah_set_sl(ah_attr, ((path->sched_queue >> 3) & 0x7) |
3959 			       ((path->sched_queue & 4) << 1));
3960 	else
3961 		rdma_ah_set_sl(ah_attr, (path->sched_queue >> 2) & 0xf);
3962 	rdma_ah_set_port_num(ah_attr, port_num);
3963 
3964 	rdma_ah_set_dlid(ah_attr, be16_to_cpu(path->rlid));
3965 	rdma_ah_set_path_bits(ah_attr, path->grh_mylmc & 0x7f);
3966 	rdma_ah_set_static_rate(ah_attr,
3967 				path->static_rate ? path->static_rate - 5 : 0);
3968 	if (path->grh_mylmc & (1 << 7)) {
3969 		rdma_ah_set_grh(ah_attr, NULL,
3970 				be32_to_cpu(path->tclass_flowlabel) & 0xfffff,
3971 				path->mgid_index,
3972 				path->hop_limit,
3973 				(be32_to_cpu(path->tclass_flowlabel)
3974 				 >> 20) & 0xff);
3975 		rdma_ah_set_dgid_raw(ah_attr, path->rgid);
3976 	}
3977 }
3978 
3979 int mlx4_ib_query_qp(struct ib_qp *ibqp, struct ib_qp_attr *qp_attr, int qp_attr_mask,
3980 		     struct ib_qp_init_attr *qp_init_attr)
3981 {
3982 	struct mlx4_ib_dev *dev = to_mdev(ibqp->device);
3983 	struct mlx4_ib_qp *qp = to_mqp(ibqp);
3984 	struct mlx4_qp_context context;
3985 	int mlx4_state;
3986 	int err = 0;
3987 
3988 	if (ibqp->rwq_ind_tbl)
3989 		return -EOPNOTSUPP;
3990 
3991 	mutex_lock(&qp->mutex);
3992 
3993 	if (qp->state == IB_QPS_RESET) {
3994 		qp_attr->qp_state = IB_QPS_RESET;
3995 		goto done;
3996 	}
3997 
3998 	err = mlx4_qp_query(dev->dev, &qp->mqp, &context);
3999 	if (err) {
4000 		err = -EINVAL;
4001 		goto out;
4002 	}
4003 
4004 	mlx4_state = be32_to_cpu(context.flags) >> 28;
4005 
4006 	qp->state		     = to_ib_qp_state(mlx4_state);
4007 	qp_attr->qp_state	     = qp->state;
4008 	qp_attr->path_mtu	     = context.mtu_msgmax >> 5;
4009 	qp_attr->path_mig_state	     =
4010 		to_ib_mig_state((be32_to_cpu(context.flags) >> 11) & 0x3);
4011 	qp_attr->qkey		     = be32_to_cpu(context.qkey);
4012 	qp_attr->rq_psn		     = be32_to_cpu(context.rnr_nextrecvpsn) & 0xffffff;
4013 	qp_attr->sq_psn		     = be32_to_cpu(context.next_send_psn) & 0xffffff;
4014 	qp_attr->dest_qp_num	     = be32_to_cpu(context.remote_qpn) & 0xffffff;
4015 	qp_attr->qp_access_flags     =
4016 		to_ib_qp_access_flags(be32_to_cpu(context.params2));
4017 
4018 	if (qp->ibqp.qp_type == IB_QPT_RC || qp->ibqp.qp_type == IB_QPT_UC ||
4019 	    qp->ibqp.qp_type == IB_QPT_XRC_INI ||
4020 	    qp->ibqp.qp_type == IB_QPT_XRC_TGT) {
4021 		to_rdma_ah_attr(dev, &qp_attr->ah_attr, &context.pri_path);
4022 		to_rdma_ah_attr(dev, &qp_attr->alt_ah_attr, &context.alt_path);
4023 		qp_attr->alt_pkey_index = context.alt_path.pkey_index & 0x7f;
4024 		qp_attr->alt_port_num	=
4025 			rdma_ah_get_port_num(&qp_attr->alt_ah_attr);
4026 	}
4027 
4028 	qp_attr->pkey_index = context.pri_path.pkey_index & 0x7f;
4029 	if (qp_attr->qp_state == IB_QPS_INIT)
4030 		qp_attr->port_num = qp->port;
4031 	else
4032 		qp_attr->port_num = context.pri_path.sched_queue & 0x40 ? 2 : 1;
4033 
4034 	/* qp_attr->en_sqd_async_notify is only applicable in modify qp */
4035 	qp_attr->sq_draining = mlx4_state == MLX4_QP_STATE_SQ_DRAINING;
4036 
4037 	qp_attr->max_rd_atomic = 1 << ((be32_to_cpu(context.params1) >> 21) & 0x7);
4038 
4039 	qp_attr->max_dest_rd_atomic =
4040 		1 << ((be32_to_cpu(context.params2) >> 21) & 0x7);
4041 	qp_attr->min_rnr_timer	    =
4042 		(be32_to_cpu(context.rnr_nextrecvpsn) >> 24) & 0x1f;
4043 	qp_attr->timeout	    = context.pri_path.ackto >> 3;
4044 	qp_attr->retry_cnt	    = (be32_to_cpu(context.params1) >> 16) & 0x7;
4045 	qp_attr->rnr_retry	    = (be32_to_cpu(context.params1) >> 13) & 0x7;
4046 	qp_attr->alt_timeout	    = context.alt_path.ackto >> 3;
4047 
4048 done:
4049 	qp_attr->cur_qp_state	     = qp_attr->qp_state;
4050 	qp_attr->cap.max_recv_wr     = qp->rq.wqe_cnt;
4051 	qp_attr->cap.max_recv_sge    = qp->rq.max_gs;
4052 
4053 	if (!ibqp->uobject) {
4054 		qp_attr->cap.max_send_wr  = qp->sq.wqe_cnt;
4055 		qp_attr->cap.max_send_sge = qp->sq.max_gs;
4056 	} else {
4057 		qp_attr->cap.max_send_wr  = 0;
4058 		qp_attr->cap.max_send_sge = 0;
4059 	}
4060 
4061 	/*
4062 	 * We don't support inline sends for kernel QPs (yet), and we
4063 	 * don't know what userspace's value should be.
4064 	 */
4065 	qp_attr->cap.max_inline_data = 0;
4066 
4067 	qp_init_attr->cap	     = qp_attr->cap;
4068 
4069 	qp_init_attr->create_flags = 0;
4070 	if (qp->flags & MLX4_IB_QP_BLOCK_MULTICAST_LOOPBACK)
4071 		qp_init_attr->create_flags |= IB_QP_CREATE_BLOCK_MULTICAST_LOOPBACK;
4072 
4073 	if (qp->flags & MLX4_IB_QP_LSO)
4074 		qp_init_attr->create_flags |= IB_QP_CREATE_IPOIB_UD_LSO;
4075 
4076 	if (qp->flags & MLX4_IB_QP_NETIF)
4077 		qp_init_attr->create_flags |= IB_QP_CREATE_NETIF_QP;
4078 
4079 	qp_init_attr->sq_sig_type =
4080 		qp->sq_signal_bits == cpu_to_be32(MLX4_WQE_CTRL_CQ_UPDATE) ?
4081 		IB_SIGNAL_ALL_WR : IB_SIGNAL_REQ_WR;
4082 
4083 out:
4084 	mutex_unlock(&qp->mutex);
4085 	return err;
4086 }
4087 
4088 struct ib_wq *mlx4_ib_create_wq(struct ib_pd *pd,
4089 				struct ib_wq_init_attr *init_attr,
4090 				struct ib_udata *udata)
4091 {
4092 	struct mlx4_dev *dev = to_mdev(pd->device)->dev;
4093 	struct ib_qp_init_attr ib_qp_init_attr = {};
4094 	struct mlx4_ib_qp *qp;
4095 	struct mlx4_ib_create_wq ucmd;
4096 	int err, required_cmd_sz;
4097 
4098 	if (!udata)
4099 		return ERR_PTR(-EINVAL);
4100 
4101 	required_cmd_sz = offsetof(typeof(ucmd), comp_mask) +
4102 			  sizeof(ucmd.comp_mask);
4103 	if (udata->inlen < required_cmd_sz) {
4104 		pr_debug("invalid inlen\n");
4105 		return ERR_PTR(-EINVAL);
4106 	}
4107 
4108 	if (udata->inlen > sizeof(ucmd) &&
4109 	    !ib_is_udata_cleared(udata, sizeof(ucmd),
4110 				 udata->inlen - sizeof(ucmd))) {
4111 		pr_debug("inlen is not supported\n");
4112 		return ERR_PTR(-EOPNOTSUPP);
4113 	}
4114 
4115 	if (udata->outlen)
4116 		return ERR_PTR(-EOPNOTSUPP);
4117 
4118 	if (init_attr->wq_type != IB_WQT_RQ) {
4119 		pr_debug("unsupported wq type %d\n", init_attr->wq_type);
4120 		return ERR_PTR(-EOPNOTSUPP);
4121 	}
4122 
4123 	if (init_attr->create_flags & ~IB_WQ_FLAGS_SCATTER_FCS ||
4124 	    !(dev->caps.flags & MLX4_DEV_CAP_FLAG_FCS_KEEP)) {
4125 		pr_debug("unsupported create_flags %u\n",
4126 			 init_attr->create_flags);
4127 		return ERR_PTR(-EOPNOTSUPP);
4128 	}
4129 
4130 	qp = kzalloc(sizeof(*qp), GFP_KERNEL);
4131 	if (!qp)
4132 		return ERR_PTR(-ENOMEM);
4133 
4134 	mutex_init(&qp->mutex);
4135 	qp->pri.vid = 0xFFFF;
4136 	qp->alt.vid = 0xFFFF;
4137 
4138 	ib_qp_init_attr.qp_context = init_attr->wq_context;
4139 	ib_qp_init_attr.qp_type = IB_QPT_RAW_PACKET;
4140 	ib_qp_init_attr.cap.max_recv_wr = init_attr->max_wr;
4141 	ib_qp_init_attr.cap.max_recv_sge = init_attr->max_sge;
4142 	ib_qp_init_attr.recv_cq = init_attr->cq;
4143 	ib_qp_init_attr.send_cq = ib_qp_init_attr.recv_cq; /* Dummy CQ */
4144 
4145 	if (init_attr->create_flags & IB_WQ_FLAGS_SCATTER_FCS)
4146 		ib_qp_init_attr.create_flags |= IB_QP_CREATE_SCATTER_FCS;
4147 
4148 	err = create_rq(pd, &ib_qp_init_attr, udata, qp);
4149 	if (err) {
4150 		kfree(qp);
4151 		return ERR_PTR(err);
4152 	}
4153 
4154 	qp->ibwq.event_handler = init_attr->event_handler;
4155 	qp->ibwq.wq_num = qp->mqp.qpn;
4156 	qp->ibwq.state = IB_WQS_RESET;
4157 
4158 	return &qp->ibwq;
4159 }
4160 
4161 static int ib_wq2qp_state(enum ib_wq_state state)
4162 {
4163 	switch (state) {
4164 	case IB_WQS_RESET:
4165 		return IB_QPS_RESET;
4166 	case IB_WQS_RDY:
4167 		return IB_QPS_RTR;
4168 	default:
4169 		return IB_QPS_ERR;
4170 	}
4171 }
4172 
4173 static int _mlx4_ib_modify_wq(struct ib_wq *ibwq, enum ib_wq_state new_state,
4174 			      struct ib_udata *udata)
4175 {
4176 	struct mlx4_ib_qp *qp = to_mqp((struct ib_qp *)ibwq);
4177 	enum ib_qp_state qp_cur_state;
4178 	enum ib_qp_state qp_new_state;
4179 	int attr_mask;
4180 	int err;
4181 
4182 	/* ib_qp.state represents the WQ HW state while ib_wq.state represents
4183 	 * the WQ logic state.
4184 	 */
4185 	qp_cur_state = qp->state;
4186 	qp_new_state = ib_wq2qp_state(new_state);
4187 
4188 	if (ib_wq2qp_state(new_state) == qp_cur_state)
4189 		return 0;
4190 
4191 	if (new_state == IB_WQS_RDY) {
4192 		struct ib_qp_attr attr = {};
4193 
4194 		attr.port_num = qp->port;
4195 		attr_mask = IB_QP_PORT;
4196 
4197 		err = __mlx4_ib_modify_qp(ibwq, MLX4_IB_RWQ_SRC, &attr,
4198 					  attr_mask, IB_QPS_RESET, IB_QPS_INIT,
4199 					  udata);
4200 		if (err) {
4201 			pr_debug("WQN=0x%06x failed to apply RST->INIT on the HW QP\n",
4202 				 ibwq->wq_num);
4203 			return err;
4204 		}
4205 
4206 		qp_cur_state = IB_QPS_INIT;
4207 	}
4208 
4209 	attr_mask = 0;
4210 	err = __mlx4_ib_modify_qp(ibwq, MLX4_IB_RWQ_SRC, NULL, attr_mask,
4211 				  qp_cur_state,  qp_new_state, udata);
4212 
4213 	if (err && (qp_cur_state == IB_QPS_INIT)) {
4214 		qp_new_state = IB_QPS_RESET;
4215 		if (__mlx4_ib_modify_qp(ibwq, MLX4_IB_RWQ_SRC, NULL,
4216 					attr_mask, IB_QPS_INIT, IB_QPS_RESET,
4217 					udata)) {
4218 			pr_warn("WQN=0x%06x failed with reverting HW's resources failure\n",
4219 				ibwq->wq_num);
4220 			qp_new_state = IB_QPS_INIT;
4221 		}
4222 	}
4223 
4224 	qp->state = qp_new_state;
4225 
4226 	return err;
4227 }
4228 
4229 int mlx4_ib_modify_wq(struct ib_wq *ibwq, struct ib_wq_attr *wq_attr,
4230 		      u32 wq_attr_mask, struct ib_udata *udata)
4231 {
4232 	struct mlx4_ib_qp *qp = to_mqp((struct ib_qp *)ibwq);
4233 	struct mlx4_ib_modify_wq ucmd = {};
4234 	size_t required_cmd_sz;
4235 	enum ib_wq_state cur_state, new_state;
4236 	int err = 0;
4237 
4238 	required_cmd_sz = offsetof(typeof(ucmd), reserved) +
4239 				   sizeof(ucmd.reserved);
4240 	if (udata->inlen < required_cmd_sz)
4241 		return -EINVAL;
4242 
4243 	if (udata->inlen > sizeof(ucmd) &&
4244 	    !ib_is_udata_cleared(udata, sizeof(ucmd),
4245 				 udata->inlen - sizeof(ucmd)))
4246 		return -EOPNOTSUPP;
4247 
4248 	if (ib_copy_from_udata(&ucmd, udata, min(sizeof(ucmd), udata->inlen)))
4249 		return -EFAULT;
4250 
4251 	if (ucmd.comp_mask || ucmd.reserved)
4252 		return -EOPNOTSUPP;
4253 
4254 	if (wq_attr_mask & IB_WQ_FLAGS)
4255 		return -EOPNOTSUPP;
4256 
4257 	cur_state = wq_attr_mask & IB_WQ_CUR_STATE ? wq_attr->curr_wq_state :
4258 						     ibwq->state;
4259 	new_state = wq_attr_mask & IB_WQ_STATE ? wq_attr->wq_state : cur_state;
4260 
4261 	if (cur_state  < IB_WQS_RESET || cur_state  > IB_WQS_ERR ||
4262 	    new_state < IB_WQS_RESET || new_state > IB_WQS_ERR)
4263 		return -EINVAL;
4264 
4265 	if ((new_state == IB_WQS_RDY) && (cur_state == IB_WQS_ERR))
4266 		return -EINVAL;
4267 
4268 	if ((new_state == IB_WQS_ERR) && (cur_state == IB_WQS_RESET))
4269 		return -EINVAL;
4270 
4271 	/* Need to protect against the parent RSS which also may modify WQ
4272 	 * state.
4273 	 */
4274 	mutex_lock(&qp->mutex);
4275 
4276 	/* Can update HW state only if a RSS QP has already associated to this
4277 	 * WQ, so we can apply its port on the WQ.
4278 	 */
4279 	if (qp->rss_usecnt)
4280 		err = _mlx4_ib_modify_wq(ibwq, new_state, udata);
4281 
4282 	if (!err)
4283 		ibwq->state = new_state;
4284 
4285 	mutex_unlock(&qp->mutex);
4286 
4287 	return err;
4288 }
4289 
4290 int mlx4_ib_destroy_wq(struct ib_wq *ibwq, struct ib_udata *udata)
4291 {
4292 	struct mlx4_ib_dev *dev = to_mdev(ibwq->device);
4293 	struct mlx4_ib_qp *qp = to_mqp((struct ib_qp *)ibwq);
4294 
4295 	if (qp->counter_index)
4296 		mlx4_ib_free_qp_counter(dev, qp);
4297 
4298 	destroy_qp_common(dev, qp, MLX4_IB_RWQ_SRC, udata);
4299 
4300 	kfree(qp);
4301 	return 0;
4302 }
4303 
4304 int mlx4_ib_create_rwq_ind_table(struct ib_rwq_ind_table *rwq_ind_table,
4305 				 struct ib_rwq_ind_table_init_attr *init_attr,
4306 				 struct ib_udata *udata)
4307 {
4308 	struct mlx4_ib_create_rwq_ind_tbl_resp resp = {};
4309 	unsigned int ind_tbl_size = 1 << init_attr->log_ind_tbl_size;
4310 	struct ib_device *device = rwq_ind_table->device;
4311 	unsigned int base_wqn;
4312 	size_t min_resp_len;
4313 	int i, err = 0;
4314 
4315 	if (udata->inlen > 0 &&
4316 	    !ib_is_udata_cleared(udata, 0,
4317 				 udata->inlen))
4318 		return -EOPNOTSUPP;
4319 
4320 	min_resp_len = offsetof(typeof(resp), reserved) + sizeof(resp.reserved);
4321 	if (udata->outlen && udata->outlen < min_resp_len)
4322 		return -EINVAL;
4323 
4324 	if (ind_tbl_size >
4325 	    device->attrs.rss_caps.max_rwq_indirection_table_size) {
4326 		pr_debug("log_ind_tbl_size = %d is bigger than supported = %d\n",
4327 			 ind_tbl_size,
4328 			 device->attrs.rss_caps.max_rwq_indirection_table_size);
4329 		return -EINVAL;
4330 	}
4331 
4332 	base_wqn = init_attr->ind_tbl[0]->wq_num;
4333 
4334 	if (base_wqn % ind_tbl_size) {
4335 		pr_debug("WQN=0x%x isn't aligned with indirection table size\n",
4336 			 base_wqn);
4337 		return -EINVAL;
4338 	}
4339 
4340 	for (i = 1; i < ind_tbl_size; i++) {
4341 		if (++base_wqn != init_attr->ind_tbl[i]->wq_num) {
4342 			pr_debug("indirection table's WQNs aren't consecutive\n");
4343 			return -EINVAL;
4344 		}
4345 	}
4346 
4347 	if (udata->outlen) {
4348 		resp.response_length = offsetof(typeof(resp), response_length) +
4349 					sizeof(resp.response_length);
4350 		err = ib_copy_to_udata(udata, &resp, resp.response_length);
4351 	}
4352 
4353 	return err;
4354 }
4355 
4356 struct mlx4_ib_drain_cqe {
4357 	struct ib_cqe cqe;
4358 	struct completion done;
4359 };
4360 
4361 static void mlx4_ib_drain_qp_done(struct ib_cq *cq, struct ib_wc *wc)
4362 {
4363 	struct mlx4_ib_drain_cqe *cqe = container_of(wc->wr_cqe,
4364 						     struct mlx4_ib_drain_cqe,
4365 						     cqe);
4366 
4367 	complete(&cqe->done);
4368 }
4369 
4370 /* This function returns only once the drained WR was completed */
4371 static void handle_drain_completion(struct ib_cq *cq,
4372 				    struct mlx4_ib_drain_cqe *sdrain,
4373 				    struct mlx4_ib_dev *dev)
4374 {
4375 	struct mlx4_dev *mdev = dev->dev;
4376 
4377 	if (cq->poll_ctx == IB_POLL_DIRECT) {
4378 		while (wait_for_completion_timeout(&sdrain->done, HZ / 10) <= 0)
4379 			ib_process_cq_direct(cq, -1);
4380 		return;
4381 	}
4382 
4383 	if (mdev->persist->state == MLX4_DEVICE_STATE_INTERNAL_ERROR) {
4384 		struct mlx4_ib_cq *mcq = to_mcq(cq);
4385 		bool triggered = false;
4386 		unsigned long flags;
4387 
4388 		spin_lock_irqsave(&dev->reset_flow_resource_lock, flags);
4389 		/* Make sure that the CQ handler won't run if wasn't run yet */
4390 		if (!mcq->mcq.reset_notify_added)
4391 			mcq->mcq.reset_notify_added = 1;
4392 		else
4393 			triggered = true;
4394 		spin_unlock_irqrestore(&dev->reset_flow_resource_lock, flags);
4395 
4396 		if (triggered) {
4397 			/* Wait for any scheduled/running task to be ended */
4398 			switch (cq->poll_ctx) {
4399 			case IB_POLL_SOFTIRQ:
4400 				irq_poll_disable(&cq->iop);
4401 				irq_poll_enable(&cq->iop);
4402 				break;
4403 			case IB_POLL_WORKQUEUE:
4404 				cancel_work_sync(&cq->work);
4405 				break;
4406 			default:
4407 				WARN_ON_ONCE(1);
4408 			}
4409 		}
4410 
4411 		/* Run the CQ handler - this makes sure that the drain WR will
4412 		 * be processed if wasn't processed yet.
4413 		 */
4414 		mcq->mcq.comp(&mcq->mcq);
4415 	}
4416 
4417 	wait_for_completion(&sdrain->done);
4418 }
4419 
4420 void mlx4_ib_drain_sq(struct ib_qp *qp)
4421 {
4422 	struct ib_cq *cq = qp->send_cq;
4423 	struct ib_qp_attr attr = { .qp_state = IB_QPS_ERR };
4424 	struct mlx4_ib_drain_cqe sdrain;
4425 	const struct ib_send_wr *bad_swr;
4426 	struct ib_rdma_wr swr = {
4427 		.wr = {
4428 			.next = NULL,
4429 			{ .wr_cqe	= &sdrain.cqe, },
4430 			.opcode	= IB_WR_RDMA_WRITE,
4431 		},
4432 	};
4433 	int ret;
4434 	struct mlx4_ib_dev *dev = to_mdev(qp->device);
4435 	struct mlx4_dev *mdev = dev->dev;
4436 
4437 	ret = ib_modify_qp(qp, &attr, IB_QP_STATE);
4438 	if (ret && mdev->persist->state != MLX4_DEVICE_STATE_INTERNAL_ERROR) {
4439 		WARN_ONCE(ret, "failed to drain send queue: %d\n", ret);
4440 		return;
4441 	}
4442 
4443 	sdrain.cqe.done = mlx4_ib_drain_qp_done;
4444 	init_completion(&sdrain.done);
4445 
4446 	ret = _mlx4_ib_post_send(qp, &swr.wr, &bad_swr, true);
4447 	if (ret) {
4448 		WARN_ONCE(ret, "failed to drain send queue: %d\n", ret);
4449 		return;
4450 	}
4451 
4452 	handle_drain_completion(cq, &sdrain, dev);
4453 }
4454 
4455 void mlx4_ib_drain_rq(struct ib_qp *qp)
4456 {
4457 	struct ib_cq *cq = qp->recv_cq;
4458 	struct ib_qp_attr attr = { .qp_state = IB_QPS_ERR };
4459 	struct mlx4_ib_drain_cqe rdrain;
4460 	struct ib_recv_wr rwr = {};
4461 	const struct ib_recv_wr *bad_rwr;
4462 	int ret;
4463 	struct mlx4_ib_dev *dev = to_mdev(qp->device);
4464 	struct mlx4_dev *mdev = dev->dev;
4465 
4466 	ret = ib_modify_qp(qp, &attr, IB_QP_STATE);
4467 	if (ret && mdev->persist->state != MLX4_DEVICE_STATE_INTERNAL_ERROR) {
4468 		WARN_ONCE(ret, "failed to drain recv queue: %d\n", ret);
4469 		return;
4470 	}
4471 
4472 	rwr.wr_cqe = &rdrain.cqe;
4473 	rdrain.cqe.done = mlx4_ib_drain_qp_done;
4474 	init_completion(&rdrain.done);
4475 
4476 	ret = _mlx4_ib_post_recv(qp, &rwr, &bad_rwr, true);
4477 	if (ret) {
4478 		WARN_ONCE(ret, "failed to drain recv queue: %d\n", ret);
4479 		return;
4480 	}
4481 
4482 	handle_drain_completion(cq, &rdrain, dev);
4483 }
4484