xref: /linux/drivers/nvme/target/rdma.c (revision e58e871becec2d3b04ed91c0c16fe8deac9c9dfa)
1 /*
2  * NVMe over Fabrics RDMA target.
3  * Copyright (c) 2015-2016 HGST, a Western Digital Company.
4  *
5  * This program is free software; you can redistribute it and/or modify it
6  * under the terms and conditions of the GNU General Public License,
7  * version 2, as published by the Free Software Foundation.
8  *
9  * This program is distributed in the hope it will be useful, but WITHOUT
10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
12  * more details.
13  */
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15 #include <linux/atomic.h>
16 #include <linux/ctype.h>
17 #include <linux/delay.h>
18 #include <linux/err.h>
19 #include <linux/init.h>
20 #include <linux/module.h>
21 #include <linux/nvme.h>
22 #include <linux/slab.h>
23 #include <linux/string.h>
24 #include <linux/wait.h>
25 #include <linux/inet.h>
26 #include <asm/unaligned.h>
27 
28 #include <rdma/ib_verbs.h>
29 #include <rdma/rdma_cm.h>
30 #include <rdma/rw.h>
31 
32 #include <linux/nvme-rdma.h>
33 #include "nvmet.h"
34 
35 /*
36  * We allow up to a page of inline data to go with the SQE
37  */
38 #define NVMET_RDMA_INLINE_DATA_SIZE	PAGE_SIZE
39 
40 struct nvmet_rdma_cmd {
41 	struct ib_sge		sge[2];
42 	struct ib_cqe		cqe;
43 	struct ib_recv_wr	wr;
44 	struct scatterlist	inline_sg;
45 	struct page		*inline_page;
46 	struct nvme_command     *nvme_cmd;
47 	struct nvmet_rdma_queue	*queue;
48 };
49 
50 enum {
51 	NVMET_RDMA_REQ_INLINE_DATA	= (1 << 0),
52 	NVMET_RDMA_REQ_INVALIDATE_RKEY	= (1 << 1),
53 };
54 
55 struct nvmet_rdma_rsp {
56 	struct ib_sge		send_sge;
57 	struct ib_cqe		send_cqe;
58 	struct ib_send_wr	send_wr;
59 
60 	struct nvmet_rdma_cmd	*cmd;
61 	struct nvmet_rdma_queue	*queue;
62 
63 	struct ib_cqe		read_cqe;
64 	struct rdma_rw_ctx	rw;
65 
66 	struct nvmet_req	req;
67 
68 	u8			n_rdma;
69 	u32			flags;
70 	u32			invalidate_rkey;
71 
72 	struct list_head	wait_list;
73 	struct list_head	free_list;
74 };
75 
76 enum nvmet_rdma_queue_state {
77 	NVMET_RDMA_Q_CONNECTING,
78 	NVMET_RDMA_Q_LIVE,
79 	NVMET_RDMA_Q_DISCONNECTING,
80 	NVMET_RDMA_IN_DEVICE_REMOVAL,
81 };
82 
83 struct nvmet_rdma_queue {
84 	struct rdma_cm_id	*cm_id;
85 	struct nvmet_port	*port;
86 	struct ib_cq		*cq;
87 	atomic_t		sq_wr_avail;
88 	struct nvmet_rdma_device *dev;
89 	spinlock_t		state_lock;
90 	enum nvmet_rdma_queue_state state;
91 	struct nvmet_cq		nvme_cq;
92 	struct nvmet_sq		nvme_sq;
93 
94 	struct nvmet_rdma_rsp	*rsps;
95 	struct list_head	free_rsps;
96 	spinlock_t		rsps_lock;
97 	struct nvmet_rdma_cmd	*cmds;
98 
99 	struct work_struct	release_work;
100 	struct list_head	rsp_wait_list;
101 	struct list_head	rsp_wr_wait_list;
102 	spinlock_t		rsp_wr_wait_lock;
103 
104 	int			idx;
105 	int			host_qid;
106 	int			recv_queue_size;
107 	int			send_queue_size;
108 
109 	struct list_head	queue_list;
110 };
111 
112 struct nvmet_rdma_device {
113 	struct ib_device	*device;
114 	struct ib_pd		*pd;
115 	struct ib_srq		*srq;
116 	struct nvmet_rdma_cmd	*srq_cmds;
117 	size_t			srq_size;
118 	struct kref		ref;
119 	struct list_head	entry;
120 };
121 
122 static bool nvmet_rdma_use_srq;
123 module_param_named(use_srq, nvmet_rdma_use_srq, bool, 0444);
124 MODULE_PARM_DESC(use_srq, "Use shared receive queue.");
125 
126 static DEFINE_IDA(nvmet_rdma_queue_ida);
127 static LIST_HEAD(nvmet_rdma_queue_list);
128 static DEFINE_MUTEX(nvmet_rdma_queue_mutex);
129 
130 static LIST_HEAD(device_list);
131 static DEFINE_MUTEX(device_list_mutex);
132 
133 static bool nvmet_rdma_execute_command(struct nvmet_rdma_rsp *rsp);
134 static void nvmet_rdma_send_done(struct ib_cq *cq, struct ib_wc *wc);
135 static void nvmet_rdma_recv_done(struct ib_cq *cq, struct ib_wc *wc);
136 static void nvmet_rdma_read_data_done(struct ib_cq *cq, struct ib_wc *wc);
137 static void nvmet_rdma_qp_event(struct ib_event *event, void *priv);
138 static void nvmet_rdma_queue_disconnect(struct nvmet_rdma_queue *queue);
139 
140 static struct nvmet_fabrics_ops nvmet_rdma_ops;
141 
142 /* XXX: really should move to a generic header sooner or later.. */
143 static inline u32 get_unaligned_le24(const u8 *p)
144 {
145 	return (u32)p[0] | (u32)p[1] << 8 | (u32)p[2] << 16;
146 }
147 
148 static inline bool nvmet_rdma_need_data_in(struct nvmet_rdma_rsp *rsp)
149 {
150 	return nvme_is_write(rsp->req.cmd) &&
151 		rsp->req.data_len &&
152 		!(rsp->flags & NVMET_RDMA_REQ_INLINE_DATA);
153 }
154 
155 static inline bool nvmet_rdma_need_data_out(struct nvmet_rdma_rsp *rsp)
156 {
157 	return !nvme_is_write(rsp->req.cmd) &&
158 		rsp->req.data_len &&
159 		!rsp->req.rsp->status &&
160 		!(rsp->flags & NVMET_RDMA_REQ_INLINE_DATA);
161 }
162 
163 static inline struct nvmet_rdma_rsp *
164 nvmet_rdma_get_rsp(struct nvmet_rdma_queue *queue)
165 {
166 	struct nvmet_rdma_rsp *rsp;
167 	unsigned long flags;
168 
169 	spin_lock_irqsave(&queue->rsps_lock, flags);
170 	rsp = list_first_entry(&queue->free_rsps,
171 				struct nvmet_rdma_rsp, free_list);
172 	list_del(&rsp->free_list);
173 	spin_unlock_irqrestore(&queue->rsps_lock, flags);
174 
175 	return rsp;
176 }
177 
178 static inline void
179 nvmet_rdma_put_rsp(struct nvmet_rdma_rsp *rsp)
180 {
181 	unsigned long flags;
182 
183 	spin_lock_irqsave(&rsp->queue->rsps_lock, flags);
184 	list_add_tail(&rsp->free_list, &rsp->queue->free_rsps);
185 	spin_unlock_irqrestore(&rsp->queue->rsps_lock, flags);
186 }
187 
188 static void nvmet_rdma_free_sgl(struct scatterlist *sgl, unsigned int nents)
189 {
190 	struct scatterlist *sg;
191 	int count;
192 
193 	if (!sgl || !nents)
194 		return;
195 
196 	for_each_sg(sgl, sg, nents, count)
197 		__free_page(sg_page(sg));
198 	kfree(sgl);
199 }
200 
201 static int nvmet_rdma_alloc_sgl(struct scatterlist **sgl, unsigned int *nents,
202 		u32 length)
203 {
204 	struct scatterlist *sg;
205 	struct page *page;
206 	unsigned int nent;
207 	int i = 0;
208 
209 	nent = DIV_ROUND_UP(length, PAGE_SIZE);
210 	sg = kmalloc_array(nent, sizeof(struct scatterlist), GFP_KERNEL);
211 	if (!sg)
212 		goto out;
213 
214 	sg_init_table(sg, nent);
215 
216 	while (length) {
217 		u32 page_len = min_t(u32, length, PAGE_SIZE);
218 
219 		page = alloc_page(GFP_KERNEL);
220 		if (!page)
221 			goto out_free_pages;
222 
223 		sg_set_page(&sg[i], page, page_len, 0);
224 		length -= page_len;
225 		i++;
226 	}
227 	*sgl = sg;
228 	*nents = nent;
229 	return 0;
230 
231 out_free_pages:
232 	while (i > 0) {
233 		i--;
234 		__free_page(sg_page(&sg[i]));
235 	}
236 	kfree(sg);
237 out:
238 	return NVME_SC_INTERNAL;
239 }
240 
241 static int nvmet_rdma_alloc_cmd(struct nvmet_rdma_device *ndev,
242 			struct nvmet_rdma_cmd *c, bool admin)
243 {
244 	/* NVMe command / RDMA RECV */
245 	c->nvme_cmd = kmalloc(sizeof(*c->nvme_cmd), GFP_KERNEL);
246 	if (!c->nvme_cmd)
247 		goto out;
248 
249 	c->sge[0].addr = ib_dma_map_single(ndev->device, c->nvme_cmd,
250 			sizeof(*c->nvme_cmd), DMA_FROM_DEVICE);
251 	if (ib_dma_mapping_error(ndev->device, c->sge[0].addr))
252 		goto out_free_cmd;
253 
254 	c->sge[0].length = sizeof(*c->nvme_cmd);
255 	c->sge[0].lkey = ndev->pd->local_dma_lkey;
256 
257 	if (!admin) {
258 		c->inline_page = alloc_pages(GFP_KERNEL,
259 				get_order(NVMET_RDMA_INLINE_DATA_SIZE));
260 		if (!c->inline_page)
261 			goto out_unmap_cmd;
262 		c->sge[1].addr = ib_dma_map_page(ndev->device,
263 				c->inline_page, 0, NVMET_RDMA_INLINE_DATA_SIZE,
264 				DMA_FROM_DEVICE);
265 		if (ib_dma_mapping_error(ndev->device, c->sge[1].addr))
266 			goto out_free_inline_page;
267 		c->sge[1].length = NVMET_RDMA_INLINE_DATA_SIZE;
268 		c->sge[1].lkey = ndev->pd->local_dma_lkey;
269 	}
270 
271 	c->cqe.done = nvmet_rdma_recv_done;
272 
273 	c->wr.wr_cqe = &c->cqe;
274 	c->wr.sg_list = c->sge;
275 	c->wr.num_sge = admin ? 1 : 2;
276 
277 	return 0;
278 
279 out_free_inline_page:
280 	if (!admin) {
281 		__free_pages(c->inline_page,
282 				get_order(NVMET_RDMA_INLINE_DATA_SIZE));
283 	}
284 out_unmap_cmd:
285 	ib_dma_unmap_single(ndev->device, c->sge[0].addr,
286 			sizeof(*c->nvme_cmd), DMA_FROM_DEVICE);
287 out_free_cmd:
288 	kfree(c->nvme_cmd);
289 
290 out:
291 	return -ENOMEM;
292 }
293 
294 static void nvmet_rdma_free_cmd(struct nvmet_rdma_device *ndev,
295 		struct nvmet_rdma_cmd *c, bool admin)
296 {
297 	if (!admin) {
298 		ib_dma_unmap_page(ndev->device, c->sge[1].addr,
299 				NVMET_RDMA_INLINE_DATA_SIZE, DMA_FROM_DEVICE);
300 		__free_pages(c->inline_page,
301 				get_order(NVMET_RDMA_INLINE_DATA_SIZE));
302 	}
303 	ib_dma_unmap_single(ndev->device, c->sge[0].addr,
304 				sizeof(*c->nvme_cmd), DMA_FROM_DEVICE);
305 	kfree(c->nvme_cmd);
306 }
307 
308 static struct nvmet_rdma_cmd *
309 nvmet_rdma_alloc_cmds(struct nvmet_rdma_device *ndev,
310 		int nr_cmds, bool admin)
311 {
312 	struct nvmet_rdma_cmd *cmds;
313 	int ret = -EINVAL, i;
314 
315 	cmds = kcalloc(nr_cmds, sizeof(struct nvmet_rdma_cmd), GFP_KERNEL);
316 	if (!cmds)
317 		goto out;
318 
319 	for (i = 0; i < nr_cmds; i++) {
320 		ret = nvmet_rdma_alloc_cmd(ndev, cmds + i, admin);
321 		if (ret)
322 			goto out_free;
323 	}
324 
325 	return cmds;
326 
327 out_free:
328 	while (--i >= 0)
329 		nvmet_rdma_free_cmd(ndev, cmds + i, admin);
330 	kfree(cmds);
331 out:
332 	return ERR_PTR(ret);
333 }
334 
335 static void nvmet_rdma_free_cmds(struct nvmet_rdma_device *ndev,
336 		struct nvmet_rdma_cmd *cmds, int nr_cmds, bool admin)
337 {
338 	int i;
339 
340 	for (i = 0; i < nr_cmds; i++)
341 		nvmet_rdma_free_cmd(ndev, cmds + i, admin);
342 	kfree(cmds);
343 }
344 
345 static int nvmet_rdma_alloc_rsp(struct nvmet_rdma_device *ndev,
346 		struct nvmet_rdma_rsp *r)
347 {
348 	/* NVMe CQE / RDMA SEND */
349 	r->req.rsp = kmalloc(sizeof(*r->req.rsp), GFP_KERNEL);
350 	if (!r->req.rsp)
351 		goto out;
352 
353 	r->send_sge.addr = ib_dma_map_single(ndev->device, r->req.rsp,
354 			sizeof(*r->req.rsp), DMA_TO_DEVICE);
355 	if (ib_dma_mapping_error(ndev->device, r->send_sge.addr))
356 		goto out_free_rsp;
357 
358 	r->send_sge.length = sizeof(*r->req.rsp);
359 	r->send_sge.lkey = ndev->pd->local_dma_lkey;
360 
361 	r->send_cqe.done = nvmet_rdma_send_done;
362 
363 	r->send_wr.wr_cqe = &r->send_cqe;
364 	r->send_wr.sg_list = &r->send_sge;
365 	r->send_wr.num_sge = 1;
366 	r->send_wr.send_flags = IB_SEND_SIGNALED;
367 
368 	/* Data In / RDMA READ */
369 	r->read_cqe.done = nvmet_rdma_read_data_done;
370 	return 0;
371 
372 out_free_rsp:
373 	kfree(r->req.rsp);
374 out:
375 	return -ENOMEM;
376 }
377 
378 static void nvmet_rdma_free_rsp(struct nvmet_rdma_device *ndev,
379 		struct nvmet_rdma_rsp *r)
380 {
381 	ib_dma_unmap_single(ndev->device, r->send_sge.addr,
382 				sizeof(*r->req.rsp), DMA_TO_DEVICE);
383 	kfree(r->req.rsp);
384 }
385 
386 static int
387 nvmet_rdma_alloc_rsps(struct nvmet_rdma_queue *queue)
388 {
389 	struct nvmet_rdma_device *ndev = queue->dev;
390 	int nr_rsps = queue->recv_queue_size * 2;
391 	int ret = -EINVAL, i;
392 
393 	queue->rsps = kcalloc(nr_rsps, sizeof(struct nvmet_rdma_rsp),
394 			GFP_KERNEL);
395 	if (!queue->rsps)
396 		goto out;
397 
398 	for (i = 0; i < nr_rsps; i++) {
399 		struct nvmet_rdma_rsp *rsp = &queue->rsps[i];
400 
401 		ret = nvmet_rdma_alloc_rsp(ndev, rsp);
402 		if (ret)
403 			goto out_free;
404 
405 		list_add_tail(&rsp->free_list, &queue->free_rsps);
406 	}
407 
408 	return 0;
409 
410 out_free:
411 	while (--i >= 0) {
412 		struct nvmet_rdma_rsp *rsp = &queue->rsps[i];
413 
414 		list_del(&rsp->free_list);
415 		nvmet_rdma_free_rsp(ndev, rsp);
416 	}
417 	kfree(queue->rsps);
418 out:
419 	return ret;
420 }
421 
422 static void nvmet_rdma_free_rsps(struct nvmet_rdma_queue *queue)
423 {
424 	struct nvmet_rdma_device *ndev = queue->dev;
425 	int i, nr_rsps = queue->recv_queue_size * 2;
426 
427 	for (i = 0; i < nr_rsps; i++) {
428 		struct nvmet_rdma_rsp *rsp = &queue->rsps[i];
429 
430 		list_del(&rsp->free_list);
431 		nvmet_rdma_free_rsp(ndev, rsp);
432 	}
433 	kfree(queue->rsps);
434 }
435 
436 static int nvmet_rdma_post_recv(struct nvmet_rdma_device *ndev,
437 		struct nvmet_rdma_cmd *cmd)
438 {
439 	struct ib_recv_wr *bad_wr;
440 
441 	ib_dma_sync_single_for_device(ndev->device,
442 		cmd->sge[0].addr, cmd->sge[0].length,
443 		DMA_FROM_DEVICE);
444 
445 	if (ndev->srq)
446 		return ib_post_srq_recv(ndev->srq, &cmd->wr, &bad_wr);
447 	return ib_post_recv(cmd->queue->cm_id->qp, &cmd->wr, &bad_wr);
448 }
449 
450 static void nvmet_rdma_process_wr_wait_list(struct nvmet_rdma_queue *queue)
451 {
452 	spin_lock(&queue->rsp_wr_wait_lock);
453 	while (!list_empty(&queue->rsp_wr_wait_list)) {
454 		struct nvmet_rdma_rsp *rsp;
455 		bool ret;
456 
457 		rsp = list_entry(queue->rsp_wr_wait_list.next,
458 				struct nvmet_rdma_rsp, wait_list);
459 		list_del(&rsp->wait_list);
460 
461 		spin_unlock(&queue->rsp_wr_wait_lock);
462 		ret = nvmet_rdma_execute_command(rsp);
463 		spin_lock(&queue->rsp_wr_wait_lock);
464 
465 		if (!ret) {
466 			list_add(&rsp->wait_list, &queue->rsp_wr_wait_list);
467 			break;
468 		}
469 	}
470 	spin_unlock(&queue->rsp_wr_wait_lock);
471 }
472 
473 
474 static void nvmet_rdma_release_rsp(struct nvmet_rdma_rsp *rsp)
475 {
476 	struct nvmet_rdma_queue *queue = rsp->queue;
477 
478 	atomic_add(1 + rsp->n_rdma, &queue->sq_wr_avail);
479 
480 	if (rsp->n_rdma) {
481 		rdma_rw_ctx_destroy(&rsp->rw, queue->cm_id->qp,
482 				queue->cm_id->port_num, rsp->req.sg,
483 				rsp->req.sg_cnt, nvmet_data_dir(&rsp->req));
484 	}
485 
486 	if (rsp->req.sg != &rsp->cmd->inline_sg)
487 		nvmet_rdma_free_sgl(rsp->req.sg, rsp->req.sg_cnt);
488 
489 	if (unlikely(!list_empty_careful(&queue->rsp_wr_wait_list)))
490 		nvmet_rdma_process_wr_wait_list(queue);
491 
492 	nvmet_rdma_put_rsp(rsp);
493 }
494 
495 static void nvmet_rdma_error_comp(struct nvmet_rdma_queue *queue)
496 {
497 	if (queue->nvme_sq.ctrl) {
498 		nvmet_ctrl_fatal_error(queue->nvme_sq.ctrl);
499 	} else {
500 		/*
501 		 * we didn't setup the controller yet in case
502 		 * of admin connect error, just disconnect and
503 		 * cleanup the queue
504 		 */
505 		nvmet_rdma_queue_disconnect(queue);
506 	}
507 }
508 
509 static void nvmet_rdma_send_done(struct ib_cq *cq, struct ib_wc *wc)
510 {
511 	struct nvmet_rdma_rsp *rsp =
512 		container_of(wc->wr_cqe, struct nvmet_rdma_rsp, send_cqe);
513 
514 	nvmet_rdma_release_rsp(rsp);
515 
516 	if (unlikely(wc->status != IB_WC_SUCCESS &&
517 		     wc->status != IB_WC_WR_FLUSH_ERR)) {
518 		pr_err("SEND for CQE 0x%p failed with status %s (%d).\n",
519 			wc->wr_cqe, ib_wc_status_msg(wc->status), wc->status);
520 		nvmet_rdma_error_comp(rsp->queue);
521 	}
522 }
523 
524 static void nvmet_rdma_queue_response(struct nvmet_req *req)
525 {
526 	struct nvmet_rdma_rsp *rsp =
527 		container_of(req, struct nvmet_rdma_rsp, req);
528 	struct rdma_cm_id *cm_id = rsp->queue->cm_id;
529 	struct ib_send_wr *first_wr, *bad_wr;
530 
531 	if (rsp->flags & NVMET_RDMA_REQ_INVALIDATE_RKEY) {
532 		rsp->send_wr.opcode = IB_WR_SEND_WITH_INV;
533 		rsp->send_wr.ex.invalidate_rkey = rsp->invalidate_rkey;
534 	} else {
535 		rsp->send_wr.opcode = IB_WR_SEND;
536 	}
537 
538 	if (nvmet_rdma_need_data_out(rsp))
539 		first_wr = rdma_rw_ctx_wrs(&rsp->rw, cm_id->qp,
540 				cm_id->port_num, NULL, &rsp->send_wr);
541 	else
542 		first_wr = &rsp->send_wr;
543 
544 	nvmet_rdma_post_recv(rsp->queue->dev, rsp->cmd);
545 
546 	ib_dma_sync_single_for_device(rsp->queue->dev->device,
547 		rsp->send_sge.addr, rsp->send_sge.length,
548 		DMA_TO_DEVICE);
549 
550 	if (ib_post_send(cm_id->qp, first_wr, &bad_wr)) {
551 		pr_err("sending cmd response failed\n");
552 		nvmet_rdma_release_rsp(rsp);
553 	}
554 }
555 
556 static void nvmet_rdma_read_data_done(struct ib_cq *cq, struct ib_wc *wc)
557 {
558 	struct nvmet_rdma_rsp *rsp =
559 		container_of(wc->wr_cqe, struct nvmet_rdma_rsp, read_cqe);
560 	struct nvmet_rdma_queue *queue = cq->cq_context;
561 
562 	WARN_ON(rsp->n_rdma <= 0);
563 	atomic_add(rsp->n_rdma, &queue->sq_wr_avail);
564 	rdma_rw_ctx_destroy(&rsp->rw, queue->cm_id->qp,
565 			queue->cm_id->port_num, rsp->req.sg,
566 			rsp->req.sg_cnt, nvmet_data_dir(&rsp->req));
567 	rsp->n_rdma = 0;
568 
569 	if (unlikely(wc->status != IB_WC_SUCCESS)) {
570 		nvmet_req_uninit(&rsp->req);
571 		nvmet_rdma_release_rsp(rsp);
572 		if (wc->status != IB_WC_WR_FLUSH_ERR) {
573 			pr_info("RDMA READ for CQE 0x%p failed with status %s (%d).\n",
574 				wc->wr_cqe, ib_wc_status_msg(wc->status), wc->status);
575 			nvmet_rdma_error_comp(queue);
576 		}
577 		return;
578 	}
579 
580 	rsp->req.execute(&rsp->req);
581 }
582 
583 static void nvmet_rdma_use_inline_sg(struct nvmet_rdma_rsp *rsp, u32 len,
584 		u64 off)
585 {
586 	sg_init_table(&rsp->cmd->inline_sg, 1);
587 	sg_set_page(&rsp->cmd->inline_sg, rsp->cmd->inline_page, len, off);
588 	rsp->req.sg = &rsp->cmd->inline_sg;
589 	rsp->req.sg_cnt = 1;
590 }
591 
592 static u16 nvmet_rdma_map_sgl_inline(struct nvmet_rdma_rsp *rsp)
593 {
594 	struct nvme_sgl_desc *sgl = &rsp->req.cmd->common.dptr.sgl;
595 	u64 off = le64_to_cpu(sgl->addr);
596 	u32 len = le32_to_cpu(sgl->length);
597 
598 	if (!nvme_is_write(rsp->req.cmd))
599 		return NVME_SC_INVALID_FIELD | NVME_SC_DNR;
600 
601 	if (off + len > NVMET_RDMA_INLINE_DATA_SIZE) {
602 		pr_err("invalid inline data offset!\n");
603 		return NVME_SC_SGL_INVALID_OFFSET | NVME_SC_DNR;
604 	}
605 
606 	/* no data command? */
607 	if (!len)
608 		return 0;
609 
610 	nvmet_rdma_use_inline_sg(rsp, len, off);
611 	rsp->flags |= NVMET_RDMA_REQ_INLINE_DATA;
612 	return 0;
613 }
614 
615 static u16 nvmet_rdma_map_sgl_keyed(struct nvmet_rdma_rsp *rsp,
616 		struct nvme_keyed_sgl_desc *sgl, bool invalidate)
617 {
618 	struct rdma_cm_id *cm_id = rsp->queue->cm_id;
619 	u64 addr = le64_to_cpu(sgl->addr);
620 	u32 len = get_unaligned_le24(sgl->length);
621 	u32 key = get_unaligned_le32(sgl->key);
622 	int ret;
623 	u16 status;
624 
625 	/* no data command? */
626 	if (!len)
627 		return 0;
628 
629 	status = nvmet_rdma_alloc_sgl(&rsp->req.sg, &rsp->req.sg_cnt,
630 			len);
631 	if (status)
632 		return status;
633 
634 	ret = rdma_rw_ctx_init(&rsp->rw, cm_id->qp, cm_id->port_num,
635 			rsp->req.sg, rsp->req.sg_cnt, 0, addr, key,
636 			nvmet_data_dir(&rsp->req));
637 	if (ret < 0)
638 		return NVME_SC_INTERNAL;
639 	rsp->n_rdma += ret;
640 
641 	if (invalidate) {
642 		rsp->invalidate_rkey = key;
643 		rsp->flags |= NVMET_RDMA_REQ_INVALIDATE_RKEY;
644 	}
645 
646 	return 0;
647 }
648 
649 static u16 nvmet_rdma_map_sgl(struct nvmet_rdma_rsp *rsp)
650 {
651 	struct nvme_keyed_sgl_desc *sgl = &rsp->req.cmd->common.dptr.ksgl;
652 
653 	switch (sgl->type >> 4) {
654 	case NVME_SGL_FMT_DATA_DESC:
655 		switch (sgl->type & 0xf) {
656 		case NVME_SGL_FMT_OFFSET:
657 			return nvmet_rdma_map_sgl_inline(rsp);
658 		default:
659 			pr_err("invalid SGL subtype: %#x\n", sgl->type);
660 			return NVME_SC_INVALID_FIELD | NVME_SC_DNR;
661 		}
662 	case NVME_KEY_SGL_FMT_DATA_DESC:
663 		switch (sgl->type & 0xf) {
664 		case NVME_SGL_FMT_ADDRESS | NVME_SGL_FMT_INVALIDATE:
665 			return nvmet_rdma_map_sgl_keyed(rsp, sgl, true);
666 		case NVME_SGL_FMT_ADDRESS:
667 			return nvmet_rdma_map_sgl_keyed(rsp, sgl, false);
668 		default:
669 			pr_err("invalid SGL subtype: %#x\n", sgl->type);
670 			return NVME_SC_INVALID_FIELD | NVME_SC_DNR;
671 		}
672 	default:
673 		pr_err("invalid SGL type: %#x\n", sgl->type);
674 		return NVME_SC_SGL_INVALID_TYPE | NVME_SC_DNR;
675 	}
676 }
677 
678 static bool nvmet_rdma_execute_command(struct nvmet_rdma_rsp *rsp)
679 {
680 	struct nvmet_rdma_queue *queue = rsp->queue;
681 
682 	if (unlikely(atomic_sub_return(1 + rsp->n_rdma,
683 			&queue->sq_wr_avail) < 0)) {
684 		pr_debug("IB send queue full (needed %d): queue %u cntlid %u\n",
685 				1 + rsp->n_rdma, queue->idx,
686 				queue->nvme_sq.ctrl->cntlid);
687 		atomic_add(1 + rsp->n_rdma, &queue->sq_wr_avail);
688 		return false;
689 	}
690 
691 	if (nvmet_rdma_need_data_in(rsp)) {
692 		if (rdma_rw_ctx_post(&rsp->rw, queue->cm_id->qp,
693 				queue->cm_id->port_num, &rsp->read_cqe, NULL))
694 			nvmet_req_complete(&rsp->req, NVME_SC_DATA_XFER_ERROR);
695 	} else {
696 		rsp->req.execute(&rsp->req);
697 	}
698 
699 	return true;
700 }
701 
702 static void nvmet_rdma_handle_command(struct nvmet_rdma_queue *queue,
703 		struct nvmet_rdma_rsp *cmd)
704 {
705 	u16 status;
706 
707 	ib_dma_sync_single_for_cpu(queue->dev->device,
708 		cmd->cmd->sge[0].addr, cmd->cmd->sge[0].length,
709 		DMA_FROM_DEVICE);
710 	ib_dma_sync_single_for_cpu(queue->dev->device,
711 		cmd->send_sge.addr, cmd->send_sge.length,
712 		DMA_TO_DEVICE);
713 
714 	if (!nvmet_req_init(&cmd->req, &queue->nvme_cq,
715 			&queue->nvme_sq, &nvmet_rdma_ops))
716 		return;
717 
718 	status = nvmet_rdma_map_sgl(cmd);
719 	if (status)
720 		goto out_err;
721 
722 	if (unlikely(!nvmet_rdma_execute_command(cmd))) {
723 		spin_lock(&queue->rsp_wr_wait_lock);
724 		list_add_tail(&cmd->wait_list, &queue->rsp_wr_wait_list);
725 		spin_unlock(&queue->rsp_wr_wait_lock);
726 	}
727 
728 	return;
729 
730 out_err:
731 	nvmet_req_complete(&cmd->req, status);
732 }
733 
734 static void nvmet_rdma_recv_done(struct ib_cq *cq, struct ib_wc *wc)
735 {
736 	struct nvmet_rdma_cmd *cmd =
737 		container_of(wc->wr_cqe, struct nvmet_rdma_cmd, cqe);
738 	struct nvmet_rdma_queue *queue = cq->cq_context;
739 	struct nvmet_rdma_rsp *rsp;
740 
741 	if (unlikely(wc->status != IB_WC_SUCCESS)) {
742 		if (wc->status != IB_WC_WR_FLUSH_ERR) {
743 			pr_err("RECV for CQE 0x%p failed with status %s (%d)\n",
744 				wc->wr_cqe, ib_wc_status_msg(wc->status),
745 				wc->status);
746 			nvmet_rdma_error_comp(queue);
747 		}
748 		return;
749 	}
750 
751 	if (unlikely(wc->byte_len < sizeof(struct nvme_command))) {
752 		pr_err("Ctrl Fatal Error: capsule size less than 64 bytes\n");
753 		nvmet_rdma_error_comp(queue);
754 		return;
755 	}
756 
757 	cmd->queue = queue;
758 	rsp = nvmet_rdma_get_rsp(queue);
759 	rsp->queue = queue;
760 	rsp->cmd = cmd;
761 	rsp->flags = 0;
762 	rsp->req.cmd = cmd->nvme_cmd;
763 	rsp->req.port = queue->port;
764 	rsp->n_rdma = 0;
765 
766 	if (unlikely(queue->state != NVMET_RDMA_Q_LIVE)) {
767 		unsigned long flags;
768 
769 		spin_lock_irqsave(&queue->state_lock, flags);
770 		if (queue->state == NVMET_RDMA_Q_CONNECTING)
771 			list_add_tail(&rsp->wait_list, &queue->rsp_wait_list);
772 		else
773 			nvmet_rdma_put_rsp(rsp);
774 		spin_unlock_irqrestore(&queue->state_lock, flags);
775 		return;
776 	}
777 
778 	nvmet_rdma_handle_command(queue, rsp);
779 }
780 
781 static void nvmet_rdma_destroy_srq(struct nvmet_rdma_device *ndev)
782 {
783 	if (!ndev->srq)
784 		return;
785 
786 	nvmet_rdma_free_cmds(ndev, ndev->srq_cmds, ndev->srq_size, false);
787 	ib_destroy_srq(ndev->srq);
788 }
789 
790 static int nvmet_rdma_init_srq(struct nvmet_rdma_device *ndev)
791 {
792 	struct ib_srq_init_attr srq_attr = { NULL, };
793 	struct ib_srq *srq;
794 	size_t srq_size;
795 	int ret, i;
796 
797 	srq_size = 4095;	/* XXX: tune */
798 
799 	srq_attr.attr.max_wr = srq_size;
800 	srq_attr.attr.max_sge = 2;
801 	srq_attr.attr.srq_limit = 0;
802 	srq_attr.srq_type = IB_SRQT_BASIC;
803 	srq = ib_create_srq(ndev->pd, &srq_attr);
804 	if (IS_ERR(srq)) {
805 		/*
806 		 * If SRQs aren't supported we just go ahead and use normal
807 		 * non-shared receive queues.
808 		 */
809 		pr_info("SRQ requested but not supported.\n");
810 		return 0;
811 	}
812 
813 	ndev->srq_cmds = nvmet_rdma_alloc_cmds(ndev, srq_size, false);
814 	if (IS_ERR(ndev->srq_cmds)) {
815 		ret = PTR_ERR(ndev->srq_cmds);
816 		goto out_destroy_srq;
817 	}
818 
819 	ndev->srq = srq;
820 	ndev->srq_size = srq_size;
821 
822 	for (i = 0; i < srq_size; i++)
823 		nvmet_rdma_post_recv(ndev, &ndev->srq_cmds[i]);
824 
825 	return 0;
826 
827 out_destroy_srq:
828 	ib_destroy_srq(srq);
829 	return ret;
830 }
831 
832 static void nvmet_rdma_free_dev(struct kref *ref)
833 {
834 	struct nvmet_rdma_device *ndev =
835 		container_of(ref, struct nvmet_rdma_device, ref);
836 
837 	mutex_lock(&device_list_mutex);
838 	list_del(&ndev->entry);
839 	mutex_unlock(&device_list_mutex);
840 
841 	nvmet_rdma_destroy_srq(ndev);
842 	ib_dealloc_pd(ndev->pd);
843 
844 	kfree(ndev);
845 }
846 
847 static struct nvmet_rdma_device *
848 nvmet_rdma_find_get_device(struct rdma_cm_id *cm_id)
849 {
850 	struct nvmet_rdma_device *ndev;
851 	int ret;
852 
853 	mutex_lock(&device_list_mutex);
854 	list_for_each_entry(ndev, &device_list, entry) {
855 		if (ndev->device->node_guid == cm_id->device->node_guid &&
856 		    kref_get_unless_zero(&ndev->ref))
857 			goto out_unlock;
858 	}
859 
860 	ndev = kzalloc(sizeof(*ndev), GFP_KERNEL);
861 	if (!ndev)
862 		goto out_err;
863 
864 	ndev->device = cm_id->device;
865 	kref_init(&ndev->ref);
866 
867 	ndev->pd = ib_alloc_pd(ndev->device, 0);
868 	if (IS_ERR(ndev->pd))
869 		goto out_free_dev;
870 
871 	if (nvmet_rdma_use_srq) {
872 		ret = nvmet_rdma_init_srq(ndev);
873 		if (ret)
874 			goto out_free_pd;
875 	}
876 
877 	list_add(&ndev->entry, &device_list);
878 out_unlock:
879 	mutex_unlock(&device_list_mutex);
880 	pr_debug("added %s.\n", ndev->device->name);
881 	return ndev;
882 
883 out_free_pd:
884 	ib_dealloc_pd(ndev->pd);
885 out_free_dev:
886 	kfree(ndev);
887 out_err:
888 	mutex_unlock(&device_list_mutex);
889 	return NULL;
890 }
891 
892 static int nvmet_rdma_create_queue_ib(struct nvmet_rdma_queue *queue)
893 {
894 	struct ib_qp_init_attr qp_attr;
895 	struct nvmet_rdma_device *ndev = queue->dev;
896 	int comp_vector, nr_cqe, ret, i;
897 
898 	/*
899 	 * Spread the io queues across completion vectors,
900 	 * but still keep all admin queues on vector 0.
901 	 */
902 	comp_vector = !queue->host_qid ? 0 :
903 		queue->idx % ndev->device->num_comp_vectors;
904 
905 	/*
906 	 * Reserve CQ slots for RECV + RDMA_READ/RDMA_WRITE + RDMA_SEND.
907 	 */
908 	nr_cqe = queue->recv_queue_size + 2 * queue->send_queue_size;
909 
910 	queue->cq = ib_alloc_cq(ndev->device, queue,
911 			nr_cqe + 1, comp_vector,
912 			IB_POLL_WORKQUEUE);
913 	if (IS_ERR(queue->cq)) {
914 		ret = PTR_ERR(queue->cq);
915 		pr_err("failed to create CQ cqe= %d ret= %d\n",
916 		       nr_cqe + 1, ret);
917 		goto out;
918 	}
919 
920 	memset(&qp_attr, 0, sizeof(qp_attr));
921 	qp_attr.qp_context = queue;
922 	qp_attr.event_handler = nvmet_rdma_qp_event;
923 	qp_attr.send_cq = queue->cq;
924 	qp_attr.recv_cq = queue->cq;
925 	qp_attr.sq_sig_type = IB_SIGNAL_REQ_WR;
926 	qp_attr.qp_type = IB_QPT_RC;
927 	/* +1 for drain */
928 	qp_attr.cap.max_send_wr = queue->send_queue_size + 1;
929 	qp_attr.cap.max_rdma_ctxs = queue->send_queue_size;
930 	qp_attr.cap.max_send_sge = max(ndev->device->attrs.max_sge_rd,
931 					ndev->device->attrs.max_sge);
932 
933 	if (ndev->srq) {
934 		qp_attr.srq = ndev->srq;
935 	} else {
936 		/* +1 for drain */
937 		qp_attr.cap.max_recv_wr = 1 + queue->recv_queue_size;
938 		qp_attr.cap.max_recv_sge = 2;
939 	}
940 
941 	ret = rdma_create_qp(queue->cm_id, ndev->pd, &qp_attr);
942 	if (ret) {
943 		pr_err("failed to create_qp ret= %d\n", ret);
944 		goto err_destroy_cq;
945 	}
946 
947 	atomic_set(&queue->sq_wr_avail, qp_attr.cap.max_send_wr);
948 
949 	pr_debug("%s: max_cqe= %d max_sge= %d sq_size = %d cm_id= %p\n",
950 		 __func__, queue->cq->cqe, qp_attr.cap.max_send_sge,
951 		 qp_attr.cap.max_send_wr, queue->cm_id);
952 
953 	if (!ndev->srq) {
954 		for (i = 0; i < queue->recv_queue_size; i++) {
955 			queue->cmds[i].queue = queue;
956 			nvmet_rdma_post_recv(ndev, &queue->cmds[i]);
957 		}
958 	}
959 
960 out:
961 	return ret;
962 
963 err_destroy_cq:
964 	ib_free_cq(queue->cq);
965 	goto out;
966 }
967 
968 static void nvmet_rdma_destroy_queue_ib(struct nvmet_rdma_queue *queue)
969 {
970 	ib_drain_qp(queue->cm_id->qp);
971 	rdma_destroy_qp(queue->cm_id);
972 	ib_free_cq(queue->cq);
973 }
974 
975 static void nvmet_rdma_free_queue(struct nvmet_rdma_queue *queue)
976 {
977 	pr_info("freeing queue %d\n", queue->idx);
978 
979 	nvmet_sq_destroy(&queue->nvme_sq);
980 
981 	nvmet_rdma_destroy_queue_ib(queue);
982 	if (!queue->dev->srq) {
983 		nvmet_rdma_free_cmds(queue->dev, queue->cmds,
984 				queue->recv_queue_size,
985 				!queue->host_qid);
986 	}
987 	nvmet_rdma_free_rsps(queue);
988 	ida_simple_remove(&nvmet_rdma_queue_ida, queue->idx);
989 	kfree(queue);
990 }
991 
992 static void nvmet_rdma_release_queue_work(struct work_struct *w)
993 {
994 	struct nvmet_rdma_queue *queue =
995 		container_of(w, struct nvmet_rdma_queue, release_work);
996 	struct rdma_cm_id *cm_id = queue->cm_id;
997 	struct nvmet_rdma_device *dev = queue->dev;
998 	enum nvmet_rdma_queue_state state = queue->state;
999 
1000 	nvmet_rdma_free_queue(queue);
1001 
1002 	if (state != NVMET_RDMA_IN_DEVICE_REMOVAL)
1003 		rdma_destroy_id(cm_id);
1004 
1005 	kref_put(&dev->ref, nvmet_rdma_free_dev);
1006 }
1007 
1008 static int
1009 nvmet_rdma_parse_cm_connect_req(struct rdma_conn_param *conn,
1010 				struct nvmet_rdma_queue *queue)
1011 {
1012 	struct nvme_rdma_cm_req *req;
1013 
1014 	req = (struct nvme_rdma_cm_req *)conn->private_data;
1015 	if (!req || conn->private_data_len == 0)
1016 		return NVME_RDMA_CM_INVALID_LEN;
1017 
1018 	if (le16_to_cpu(req->recfmt) != NVME_RDMA_CM_FMT_1_0)
1019 		return NVME_RDMA_CM_INVALID_RECFMT;
1020 
1021 	queue->host_qid = le16_to_cpu(req->qid);
1022 
1023 	/*
1024 	 * req->hsqsize corresponds to our recv queue size plus 1
1025 	 * req->hrqsize corresponds to our send queue size
1026 	 */
1027 	queue->recv_queue_size = le16_to_cpu(req->hsqsize) + 1;
1028 	queue->send_queue_size = le16_to_cpu(req->hrqsize);
1029 
1030 	if (!queue->host_qid && queue->recv_queue_size > NVMF_AQ_DEPTH)
1031 		return NVME_RDMA_CM_INVALID_HSQSIZE;
1032 
1033 	/* XXX: Should we enforce some kind of max for IO queues? */
1034 
1035 	return 0;
1036 }
1037 
1038 static int nvmet_rdma_cm_reject(struct rdma_cm_id *cm_id,
1039 				enum nvme_rdma_cm_status status)
1040 {
1041 	struct nvme_rdma_cm_rej rej;
1042 
1043 	pr_debug("rejecting connect request: status %d (%s)\n",
1044 		 status, nvme_rdma_cm_msg(status));
1045 
1046 	rej.recfmt = cpu_to_le16(NVME_RDMA_CM_FMT_1_0);
1047 	rej.sts = cpu_to_le16(status);
1048 
1049 	return rdma_reject(cm_id, (void *)&rej, sizeof(rej));
1050 }
1051 
1052 static struct nvmet_rdma_queue *
1053 nvmet_rdma_alloc_queue(struct nvmet_rdma_device *ndev,
1054 		struct rdma_cm_id *cm_id,
1055 		struct rdma_cm_event *event)
1056 {
1057 	struct nvmet_rdma_queue *queue;
1058 	int ret;
1059 
1060 	queue = kzalloc(sizeof(*queue), GFP_KERNEL);
1061 	if (!queue) {
1062 		ret = NVME_RDMA_CM_NO_RSC;
1063 		goto out_reject;
1064 	}
1065 
1066 	ret = nvmet_sq_init(&queue->nvme_sq);
1067 	if (ret) {
1068 		ret = NVME_RDMA_CM_NO_RSC;
1069 		goto out_free_queue;
1070 	}
1071 
1072 	ret = nvmet_rdma_parse_cm_connect_req(&event->param.conn, queue);
1073 	if (ret)
1074 		goto out_destroy_sq;
1075 
1076 	/*
1077 	 * Schedules the actual release because calling rdma_destroy_id from
1078 	 * inside a CM callback would trigger a deadlock. (great API design..)
1079 	 */
1080 	INIT_WORK(&queue->release_work, nvmet_rdma_release_queue_work);
1081 	queue->dev = ndev;
1082 	queue->cm_id = cm_id;
1083 
1084 	spin_lock_init(&queue->state_lock);
1085 	queue->state = NVMET_RDMA_Q_CONNECTING;
1086 	INIT_LIST_HEAD(&queue->rsp_wait_list);
1087 	INIT_LIST_HEAD(&queue->rsp_wr_wait_list);
1088 	spin_lock_init(&queue->rsp_wr_wait_lock);
1089 	INIT_LIST_HEAD(&queue->free_rsps);
1090 	spin_lock_init(&queue->rsps_lock);
1091 	INIT_LIST_HEAD(&queue->queue_list);
1092 
1093 	queue->idx = ida_simple_get(&nvmet_rdma_queue_ida, 0, 0, GFP_KERNEL);
1094 	if (queue->idx < 0) {
1095 		ret = NVME_RDMA_CM_NO_RSC;
1096 		goto out_destroy_sq;
1097 	}
1098 
1099 	ret = nvmet_rdma_alloc_rsps(queue);
1100 	if (ret) {
1101 		ret = NVME_RDMA_CM_NO_RSC;
1102 		goto out_ida_remove;
1103 	}
1104 
1105 	if (!ndev->srq) {
1106 		queue->cmds = nvmet_rdma_alloc_cmds(ndev,
1107 				queue->recv_queue_size,
1108 				!queue->host_qid);
1109 		if (IS_ERR(queue->cmds)) {
1110 			ret = NVME_RDMA_CM_NO_RSC;
1111 			goto out_free_responses;
1112 		}
1113 	}
1114 
1115 	ret = nvmet_rdma_create_queue_ib(queue);
1116 	if (ret) {
1117 		pr_err("%s: creating RDMA queue failed (%d).\n",
1118 			__func__, ret);
1119 		ret = NVME_RDMA_CM_NO_RSC;
1120 		goto out_free_cmds;
1121 	}
1122 
1123 	return queue;
1124 
1125 out_free_cmds:
1126 	if (!ndev->srq) {
1127 		nvmet_rdma_free_cmds(queue->dev, queue->cmds,
1128 				queue->recv_queue_size,
1129 				!queue->host_qid);
1130 	}
1131 out_free_responses:
1132 	nvmet_rdma_free_rsps(queue);
1133 out_ida_remove:
1134 	ida_simple_remove(&nvmet_rdma_queue_ida, queue->idx);
1135 out_destroy_sq:
1136 	nvmet_sq_destroy(&queue->nvme_sq);
1137 out_free_queue:
1138 	kfree(queue);
1139 out_reject:
1140 	nvmet_rdma_cm_reject(cm_id, ret);
1141 	return NULL;
1142 }
1143 
1144 static void nvmet_rdma_qp_event(struct ib_event *event, void *priv)
1145 {
1146 	struct nvmet_rdma_queue *queue = priv;
1147 
1148 	switch (event->event) {
1149 	case IB_EVENT_COMM_EST:
1150 		rdma_notify(queue->cm_id, event->event);
1151 		break;
1152 	default:
1153 		pr_err("received IB QP event: %s (%d)\n",
1154 		       ib_event_msg(event->event), event->event);
1155 		break;
1156 	}
1157 }
1158 
1159 static int nvmet_rdma_cm_accept(struct rdma_cm_id *cm_id,
1160 		struct nvmet_rdma_queue *queue,
1161 		struct rdma_conn_param *p)
1162 {
1163 	struct rdma_conn_param  param = { };
1164 	struct nvme_rdma_cm_rep priv = { };
1165 	int ret = -ENOMEM;
1166 
1167 	param.rnr_retry_count = 7;
1168 	param.flow_control = 1;
1169 	param.initiator_depth = min_t(u8, p->initiator_depth,
1170 		queue->dev->device->attrs.max_qp_init_rd_atom);
1171 	param.private_data = &priv;
1172 	param.private_data_len = sizeof(priv);
1173 	priv.recfmt = cpu_to_le16(NVME_RDMA_CM_FMT_1_0);
1174 	priv.crqsize = cpu_to_le16(queue->recv_queue_size);
1175 
1176 	ret = rdma_accept(cm_id, &param);
1177 	if (ret)
1178 		pr_err("rdma_accept failed (error code = %d)\n", ret);
1179 
1180 	return ret;
1181 }
1182 
1183 static int nvmet_rdma_queue_connect(struct rdma_cm_id *cm_id,
1184 		struct rdma_cm_event *event)
1185 {
1186 	struct nvmet_rdma_device *ndev;
1187 	struct nvmet_rdma_queue *queue;
1188 	int ret = -EINVAL;
1189 
1190 	ndev = nvmet_rdma_find_get_device(cm_id);
1191 	if (!ndev) {
1192 		nvmet_rdma_cm_reject(cm_id, NVME_RDMA_CM_NO_RSC);
1193 		return -ECONNREFUSED;
1194 	}
1195 
1196 	queue = nvmet_rdma_alloc_queue(ndev, cm_id, event);
1197 	if (!queue) {
1198 		ret = -ENOMEM;
1199 		goto put_device;
1200 	}
1201 	queue->port = cm_id->context;
1202 
1203 	if (queue->host_qid == 0) {
1204 		/* Let inflight controller teardown complete */
1205 		flush_scheduled_work();
1206 	}
1207 
1208 	ret = nvmet_rdma_cm_accept(cm_id, queue, &event->param.conn);
1209 	if (ret)
1210 		goto release_queue;
1211 
1212 	mutex_lock(&nvmet_rdma_queue_mutex);
1213 	list_add_tail(&queue->queue_list, &nvmet_rdma_queue_list);
1214 	mutex_unlock(&nvmet_rdma_queue_mutex);
1215 
1216 	return 0;
1217 
1218 release_queue:
1219 	nvmet_rdma_free_queue(queue);
1220 put_device:
1221 	kref_put(&ndev->ref, nvmet_rdma_free_dev);
1222 
1223 	return ret;
1224 }
1225 
1226 static void nvmet_rdma_queue_established(struct nvmet_rdma_queue *queue)
1227 {
1228 	unsigned long flags;
1229 
1230 	spin_lock_irqsave(&queue->state_lock, flags);
1231 	if (queue->state != NVMET_RDMA_Q_CONNECTING) {
1232 		pr_warn("trying to establish a connected queue\n");
1233 		goto out_unlock;
1234 	}
1235 	queue->state = NVMET_RDMA_Q_LIVE;
1236 
1237 	while (!list_empty(&queue->rsp_wait_list)) {
1238 		struct nvmet_rdma_rsp *cmd;
1239 
1240 		cmd = list_first_entry(&queue->rsp_wait_list,
1241 					struct nvmet_rdma_rsp, wait_list);
1242 		list_del(&cmd->wait_list);
1243 
1244 		spin_unlock_irqrestore(&queue->state_lock, flags);
1245 		nvmet_rdma_handle_command(queue, cmd);
1246 		spin_lock_irqsave(&queue->state_lock, flags);
1247 	}
1248 
1249 out_unlock:
1250 	spin_unlock_irqrestore(&queue->state_lock, flags);
1251 }
1252 
1253 static void __nvmet_rdma_queue_disconnect(struct nvmet_rdma_queue *queue)
1254 {
1255 	bool disconnect = false;
1256 	unsigned long flags;
1257 
1258 	pr_debug("cm_id= %p queue->state= %d\n", queue->cm_id, queue->state);
1259 
1260 	spin_lock_irqsave(&queue->state_lock, flags);
1261 	switch (queue->state) {
1262 	case NVMET_RDMA_Q_CONNECTING:
1263 	case NVMET_RDMA_Q_LIVE:
1264 		queue->state = NVMET_RDMA_Q_DISCONNECTING;
1265 	case NVMET_RDMA_IN_DEVICE_REMOVAL:
1266 		disconnect = true;
1267 		break;
1268 	case NVMET_RDMA_Q_DISCONNECTING:
1269 		break;
1270 	}
1271 	spin_unlock_irqrestore(&queue->state_lock, flags);
1272 
1273 	if (disconnect) {
1274 		rdma_disconnect(queue->cm_id);
1275 		schedule_work(&queue->release_work);
1276 	}
1277 }
1278 
1279 static void nvmet_rdma_queue_disconnect(struct nvmet_rdma_queue *queue)
1280 {
1281 	bool disconnect = false;
1282 
1283 	mutex_lock(&nvmet_rdma_queue_mutex);
1284 	if (!list_empty(&queue->queue_list)) {
1285 		list_del_init(&queue->queue_list);
1286 		disconnect = true;
1287 	}
1288 	mutex_unlock(&nvmet_rdma_queue_mutex);
1289 
1290 	if (disconnect)
1291 		__nvmet_rdma_queue_disconnect(queue);
1292 }
1293 
1294 static void nvmet_rdma_queue_connect_fail(struct rdma_cm_id *cm_id,
1295 		struct nvmet_rdma_queue *queue)
1296 {
1297 	WARN_ON_ONCE(queue->state != NVMET_RDMA_Q_CONNECTING);
1298 
1299 	mutex_lock(&nvmet_rdma_queue_mutex);
1300 	if (!list_empty(&queue->queue_list))
1301 		list_del_init(&queue->queue_list);
1302 	mutex_unlock(&nvmet_rdma_queue_mutex);
1303 
1304 	pr_err("failed to connect queue %d\n", queue->idx);
1305 	schedule_work(&queue->release_work);
1306 }
1307 
1308 /**
1309  * nvme_rdma_device_removal() - Handle RDMA device removal
1310  * @queue:      nvmet rdma queue (cm id qp_context)
1311  * @addr:	nvmet address (cm_id context)
1312  *
1313  * DEVICE_REMOVAL event notifies us that the RDMA device is about
1314  * to unplug so we should take care of destroying our RDMA resources.
1315  * This event will be generated for each allocated cm_id.
1316  *
1317  * Note that this event can be generated on a normal queue cm_id
1318  * and/or a device bound listener cm_id (where in this case
1319  * queue will be null).
1320  *
1321  * we claim ownership on destroying the cm_id. For queues we move
1322  * the queue state to NVMET_RDMA_IN_DEVICE_REMOVAL and for port
1323  * we nullify the priv to prevent double cm_id destruction and destroying
1324  * the cm_id implicitely by returning a non-zero rc to the callout.
1325  */
1326 static int nvmet_rdma_device_removal(struct rdma_cm_id *cm_id,
1327 		struct nvmet_rdma_queue *queue)
1328 {
1329 	unsigned long flags;
1330 
1331 	if (!queue) {
1332 		struct nvmet_port *port = cm_id->context;
1333 
1334 		/*
1335 		 * This is a listener cm_id. Make sure that
1336 		 * future remove_port won't invoke a double
1337 		 * cm_id destroy. use atomic xchg to make sure
1338 		 * we don't compete with remove_port.
1339 		 */
1340 		if (xchg(&port->priv, NULL) != cm_id)
1341 			return 0;
1342 	} else {
1343 		/*
1344 		 * This is a queue cm_id. Make sure that
1345 		 * release queue will not destroy the cm_id
1346 		 * and schedule all ctrl queues removal (only
1347 		 * if the queue is not disconnecting already).
1348 		 */
1349 		spin_lock_irqsave(&queue->state_lock, flags);
1350 		if (queue->state != NVMET_RDMA_Q_DISCONNECTING)
1351 			queue->state = NVMET_RDMA_IN_DEVICE_REMOVAL;
1352 		spin_unlock_irqrestore(&queue->state_lock, flags);
1353 		nvmet_rdma_queue_disconnect(queue);
1354 		flush_scheduled_work();
1355 	}
1356 
1357 	/*
1358 	 * We need to return 1 so that the core will destroy
1359 	 * it's own ID.  What a great API design..
1360 	 */
1361 	return 1;
1362 }
1363 
1364 static int nvmet_rdma_cm_handler(struct rdma_cm_id *cm_id,
1365 		struct rdma_cm_event *event)
1366 {
1367 	struct nvmet_rdma_queue *queue = NULL;
1368 	int ret = 0;
1369 
1370 	if (cm_id->qp)
1371 		queue = cm_id->qp->qp_context;
1372 
1373 	pr_debug("%s (%d): status %d id %p\n",
1374 		rdma_event_msg(event->event), event->event,
1375 		event->status, cm_id);
1376 
1377 	switch (event->event) {
1378 	case RDMA_CM_EVENT_CONNECT_REQUEST:
1379 		ret = nvmet_rdma_queue_connect(cm_id, event);
1380 		break;
1381 	case RDMA_CM_EVENT_ESTABLISHED:
1382 		nvmet_rdma_queue_established(queue);
1383 		break;
1384 	case RDMA_CM_EVENT_ADDR_CHANGE:
1385 	case RDMA_CM_EVENT_DISCONNECTED:
1386 	case RDMA_CM_EVENT_TIMEWAIT_EXIT:
1387 		/*
1388 		 * We might end up here when we already freed the qp
1389 		 * which means queue release sequence is in progress,
1390 		 * so don't get in the way...
1391 		 */
1392 		if (queue)
1393 			nvmet_rdma_queue_disconnect(queue);
1394 		break;
1395 	case RDMA_CM_EVENT_DEVICE_REMOVAL:
1396 		ret = nvmet_rdma_device_removal(cm_id, queue);
1397 		break;
1398 	case RDMA_CM_EVENT_REJECTED:
1399 		pr_debug("Connection rejected: %s\n",
1400 			 rdma_reject_msg(cm_id, event->status));
1401 		/* FALLTHROUGH */
1402 	case RDMA_CM_EVENT_UNREACHABLE:
1403 	case RDMA_CM_EVENT_CONNECT_ERROR:
1404 		nvmet_rdma_queue_connect_fail(cm_id, queue);
1405 		break;
1406 	default:
1407 		pr_err("received unrecognized RDMA CM event %d\n",
1408 			event->event);
1409 		break;
1410 	}
1411 
1412 	return ret;
1413 }
1414 
1415 static void nvmet_rdma_delete_ctrl(struct nvmet_ctrl *ctrl)
1416 {
1417 	struct nvmet_rdma_queue *queue;
1418 
1419 restart:
1420 	mutex_lock(&nvmet_rdma_queue_mutex);
1421 	list_for_each_entry(queue, &nvmet_rdma_queue_list, queue_list) {
1422 		if (queue->nvme_sq.ctrl == ctrl) {
1423 			list_del_init(&queue->queue_list);
1424 			mutex_unlock(&nvmet_rdma_queue_mutex);
1425 
1426 			__nvmet_rdma_queue_disconnect(queue);
1427 			goto restart;
1428 		}
1429 	}
1430 	mutex_unlock(&nvmet_rdma_queue_mutex);
1431 }
1432 
1433 static int nvmet_rdma_add_port(struct nvmet_port *port)
1434 {
1435 	struct rdma_cm_id *cm_id;
1436 	struct sockaddr_storage addr = { };
1437 	__kernel_sa_family_t af;
1438 	int ret;
1439 
1440 	switch (port->disc_addr.adrfam) {
1441 	case NVMF_ADDR_FAMILY_IP4:
1442 		af = AF_INET;
1443 		break;
1444 	case NVMF_ADDR_FAMILY_IP6:
1445 		af = AF_INET6;
1446 		break;
1447 	default:
1448 		pr_err("address family %d not supported\n",
1449 				port->disc_addr.adrfam);
1450 		return -EINVAL;
1451 	}
1452 
1453 	ret = inet_pton_with_scope(&init_net, af, port->disc_addr.traddr,
1454 			port->disc_addr.trsvcid, &addr);
1455 	if (ret) {
1456 		pr_err("malformed ip/port passed: %s:%s\n",
1457 			port->disc_addr.traddr, port->disc_addr.trsvcid);
1458 		return ret;
1459 	}
1460 
1461 	cm_id = rdma_create_id(&init_net, nvmet_rdma_cm_handler, port,
1462 			RDMA_PS_TCP, IB_QPT_RC);
1463 	if (IS_ERR(cm_id)) {
1464 		pr_err("CM ID creation failed\n");
1465 		return PTR_ERR(cm_id);
1466 	}
1467 
1468 	/*
1469 	 * Allow both IPv4 and IPv6 sockets to bind a single port
1470 	 * at the same time.
1471 	 */
1472 	ret = rdma_set_afonly(cm_id, 1);
1473 	if (ret) {
1474 		pr_err("rdma_set_afonly failed (%d)\n", ret);
1475 		goto out_destroy_id;
1476 	}
1477 
1478 	ret = rdma_bind_addr(cm_id, (struct sockaddr *)&addr);
1479 	if (ret) {
1480 		pr_err("binding CM ID to %pISpcs failed (%d)\n",
1481 			(struct sockaddr *)&addr, ret);
1482 		goto out_destroy_id;
1483 	}
1484 
1485 	ret = rdma_listen(cm_id, 128);
1486 	if (ret) {
1487 		pr_err("listening to %pISpcs failed (%d)\n",
1488 			(struct sockaddr *)&addr, ret);
1489 		goto out_destroy_id;
1490 	}
1491 
1492 	pr_info("enabling port %d (%pISpcs)\n",
1493 		le16_to_cpu(port->disc_addr.portid), (struct sockaddr *)&addr);
1494 	port->priv = cm_id;
1495 	return 0;
1496 
1497 out_destroy_id:
1498 	rdma_destroy_id(cm_id);
1499 	return ret;
1500 }
1501 
1502 static void nvmet_rdma_remove_port(struct nvmet_port *port)
1503 {
1504 	struct rdma_cm_id *cm_id = xchg(&port->priv, NULL);
1505 
1506 	if (cm_id)
1507 		rdma_destroy_id(cm_id);
1508 }
1509 
1510 static struct nvmet_fabrics_ops nvmet_rdma_ops = {
1511 	.owner			= THIS_MODULE,
1512 	.type			= NVMF_TRTYPE_RDMA,
1513 	.sqe_inline_size	= NVMET_RDMA_INLINE_DATA_SIZE,
1514 	.msdbd			= 1,
1515 	.has_keyed_sgls		= 1,
1516 	.add_port		= nvmet_rdma_add_port,
1517 	.remove_port		= nvmet_rdma_remove_port,
1518 	.queue_response		= nvmet_rdma_queue_response,
1519 	.delete_ctrl		= nvmet_rdma_delete_ctrl,
1520 };
1521 
1522 static int __init nvmet_rdma_init(void)
1523 {
1524 	return nvmet_register_transport(&nvmet_rdma_ops);
1525 }
1526 
1527 static void __exit nvmet_rdma_exit(void)
1528 {
1529 	struct nvmet_rdma_queue *queue;
1530 
1531 	nvmet_unregister_transport(&nvmet_rdma_ops);
1532 
1533 	flush_scheduled_work();
1534 
1535 	mutex_lock(&nvmet_rdma_queue_mutex);
1536 	while ((queue = list_first_entry_or_null(&nvmet_rdma_queue_list,
1537 			struct nvmet_rdma_queue, queue_list))) {
1538 		list_del_init(&queue->queue_list);
1539 
1540 		mutex_unlock(&nvmet_rdma_queue_mutex);
1541 		__nvmet_rdma_queue_disconnect(queue);
1542 		mutex_lock(&nvmet_rdma_queue_mutex);
1543 	}
1544 	mutex_unlock(&nvmet_rdma_queue_mutex);
1545 
1546 	flush_scheduled_work();
1547 	ida_destroy(&nvmet_rdma_queue_ida);
1548 }
1549 
1550 module_init(nvmet_rdma_init);
1551 module_exit(nvmet_rdma_exit);
1552 
1553 MODULE_LICENSE("GPL v2");
1554 MODULE_ALIAS("nvmet-transport-1"); /* 1 == NVMF_TRTYPE_RDMA */
1555