1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (C) 2017, Microsoft Corporation. 4 * 5 * Author(s): Long Li <longli@microsoft.com> 6 */ 7 #include <linux/module.h> 8 #include <linux/highmem.h> 9 #include <linux/folio_queue.h> 10 #include "../common/smbdirect/smbdirect_pdu.h" 11 #include "smbdirect.h" 12 #include "cifs_debug.h" 13 #include "cifsproto.h" 14 #include "smb2proto.h" 15 16 static struct smbd_response *get_empty_queue_buffer( 17 struct smbd_connection *info); 18 static struct smbd_response *get_receive_buffer( 19 struct smbd_connection *info); 20 static void put_receive_buffer( 21 struct smbd_connection *info, 22 struct smbd_response *response); 23 static int allocate_receive_buffers(struct smbd_connection *info, int num_buf); 24 static void destroy_receive_buffers(struct smbd_connection *info); 25 26 static void put_empty_packet( 27 struct smbd_connection *info, struct smbd_response *response); 28 static void enqueue_reassembly( 29 struct smbd_connection *info, 30 struct smbd_response *response, int data_length); 31 static struct smbd_response *_get_first_reassembly( 32 struct smbd_connection *info); 33 34 static int smbd_post_recv( 35 struct smbd_connection *info, 36 struct smbd_response *response); 37 38 static int smbd_post_send_empty(struct smbd_connection *info); 39 40 static void destroy_mr_list(struct smbd_connection *info); 41 static int allocate_mr_list(struct smbd_connection *info); 42 43 struct smb_extract_to_rdma { 44 struct ib_sge *sge; 45 unsigned int nr_sge; 46 unsigned int max_sge; 47 struct ib_device *device; 48 u32 local_dma_lkey; 49 enum dma_data_direction direction; 50 }; 51 static ssize_t smb_extract_iter_to_rdma(struct iov_iter *iter, size_t len, 52 struct smb_extract_to_rdma *rdma); 53 54 /* Port numbers for SMBD transport */ 55 #define SMB_PORT 445 56 #define SMBD_PORT 5445 57 58 /* Address lookup and resolve timeout in ms */ 59 #define RDMA_RESOLVE_TIMEOUT 5000 60 61 /* SMBD negotiation timeout in seconds */ 62 #define SMBD_NEGOTIATE_TIMEOUT 120 63 64 /* SMBD minimum receive size and fragmented sized defined in [MS-SMBD] */ 65 #define SMBD_MIN_RECEIVE_SIZE 128 66 #define SMBD_MIN_FRAGMENTED_SIZE 131072 67 68 /* 69 * Default maximum number of RDMA read/write outstanding on this connection 70 * This value is possibly decreased during QP creation on hardware limit 71 */ 72 #define SMBD_CM_RESPONDER_RESOURCES 32 73 74 /* Maximum number of retries on data transfer operations */ 75 #define SMBD_CM_RETRY 6 76 /* No need to retry on Receiver Not Ready since SMBD manages credits */ 77 #define SMBD_CM_RNR_RETRY 0 78 79 /* 80 * User configurable initial values per SMBD transport connection 81 * as defined in [MS-SMBD] 3.1.1.1 82 * Those may change after a SMBD negotiation 83 */ 84 /* The local peer's maximum number of credits to grant to the peer */ 85 int smbd_receive_credit_max = 255; 86 87 /* The remote peer's credit request of local peer */ 88 int smbd_send_credit_target = 255; 89 90 /* The maximum single message size can be sent to remote peer */ 91 int smbd_max_send_size = 1364; 92 93 /* The maximum fragmented upper-layer payload receive size supported */ 94 int smbd_max_fragmented_recv_size = 1024 * 1024; 95 96 /* The maximum single-message size which can be received */ 97 int smbd_max_receive_size = 1364; 98 99 /* The timeout to initiate send of a keepalive message on idle */ 100 int smbd_keep_alive_interval = 120; 101 102 /* 103 * User configurable initial values for RDMA transport 104 * The actual values used may be lower and are limited to hardware capabilities 105 */ 106 /* Default maximum number of pages in a single RDMA write/read */ 107 int smbd_max_frmr_depth = 2048; 108 109 /* If payload is less than this byte, use RDMA send/recv not read/write */ 110 int rdma_readwrite_threshold = 4096; 111 112 /* Transport logging functions 113 * Logging are defined as classes. They can be OR'ed to define the actual 114 * logging level via module parameter smbd_logging_class 115 * e.g. cifs.smbd_logging_class=0xa0 will log all log_rdma_recv() and 116 * log_rdma_event() 117 */ 118 #define LOG_OUTGOING 0x1 119 #define LOG_INCOMING 0x2 120 #define LOG_READ 0x4 121 #define LOG_WRITE 0x8 122 #define LOG_RDMA_SEND 0x10 123 #define LOG_RDMA_RECV 0x20 124 #define LOG_KEEP_ALIVE 0x40 125 #define LOG_RDMA_EVENT 0x80 126 #define LOG_RDMA_MR 0x100 127 static unsigned int smbd_logging_class; 128 module_param(smbd_logging_class, uint, 0644); 129 MODULE_PARM_DESC(smbd_logging_class, 130 "Logging class for SMBD transport 0x0 to 0x100"); 131 132 #define ERR 0x0 133 #define INFO 0x1 134 static unsigned int smbd_logging_level = ERR; 135 module_param(smbd_logging_level, uint, 0644); 136 MODULE_PARM_DESC(smbd_logging_level, 137 "Logging level for SMBD transport, 0 (default): error, 1: info"); 138 139 #define log_rdma(level, class, fmt, args...) \ 140 do { \ 141 if (level <= smbd_logging_level || class & smbd_logging_class) \ 142 cifs_dbg(VFS, "%s:%d " fmt, __func__, __LINE__, ##args);\ 143 } while (0) 144 145 #define log_outgoing(level, fmt, args...) \ 146 log_rdma(level, LOG_OUTGOING, fmt, ##args) 147 #define log_incoming(level, fmt, args...) \ 148 log_rdma(level, LOG_INCOMING, fmt, ##args) 149 #define log_read(level, fmt, args...) log_rdma(level, LOG_READ, fmt, ##args) 150 #define log_write(level, fmt, args...) log_rdma(level, LOG_WRITE, fmt, ##args) 151 #define log_rdma_send(level, fmt, args...) \ 152 log_rdma(level, LOG_RDMA_SEND, fmt, ##args) 153 #define log_rdma_recv(level, fmt, args...) \ 154 log_rdma(level, LOG_RDMA_RECV, fmt, ##args) 155 #define log_keep_alive(level, fmt, args...) \ 156 log_rdma(level, LOG_KEEP_ALIVE, fmt, ##args) 157 #define log_rdma_event(level, fmt, args...) \ 158 log_rdma(level, LOG_RDMA_EVENT, fmt, ##args) 159 #define log_rdma_mr(level, fmt, args...) \ 160 log_rdma(level, LOG_RDMA_MR, fmt, ##args) 161 162 static void smbd_disconnect_rdma_work(struct work_struct *work) 163 { 164 struct smbd_connection *info = 165 container_of(work, struct smbd_connection, disconnect_work); 166 struct smbdirect_socket *sc = &info->socket; 167 168 if (sc->status == SMBDIRECT_SOCKET_CONNECTED) { 169 sc->status = SMBDIRECT_SOCKET_DISCONNECTING; 170 rdma_disconnect(sc->rdma.cm_id); 171 } 172 } 173 174 static void smbd_disconnect_rdma_connection(struct smbd_connection *info) 175 { 176 queue_work(info->workqueue, &info->disconnect_work); 177 } 178 179 /* Upcall from RDMA CM */ 180 static int smbd_conn_upcall( 181 struct rdma_cm_id *id, struct rdma_cm_event *event) 182 { 183 struct smbd_connection *info = id->context; 184 struct smbdirect_socket *sc = &info->socket; 185 186 log_rdma_event(INFO, "event=%d status=%d\n", 187 event->event, event->status); 188 189 switch (event->event) { 190 case RDMA_CM_EVENT_ADDR_RESOLVED: 191 case RDMA_CM_EVENT_ROUTE_RESOLVED: 192 info->ri_rc = 0; 193 complete(&info->ri_done); 194 break; 195 196 case RDMA_CM_EVENT_ADDR_ERROR: 197 info->ri_rc = -EHOSTUNREACH; 198 complete(&info->ri_done); 199 break; 200 201 case RDMA_CM_EVENT_ROUTE_ERROR: 202 info->ri_rc = -ENETUNREACH; 203 complete(&info->ri_done); 204 break; 205 206 case RDMA_CM_EVENT_ESTABLISHED: 207 log_rdma_event(INFO, "connected event=%d\n", event->event); 208 sc->status = SMBDIRECT_SOCKET_CONNECTED; 209 wake_up_interruptible(&info->conn_wait); 210 break; 211 212 case RDMA_CM_EVENT_CONNECT_ERROR: 213 case RDMA_CM_EVENT_UNREACHABLE: 214 case RDMA_CM_EVENT_REJECTED: 215 log_rdma_event(INFO, "connecting failed event=%d\n", event->event); 216 sc->status = SMBDIRECT_SOCKET_DISCONNECTED; 217 wake_up_interruptible(&info->conn_wait); 218 break; 219 220 case RDMA_CM_EVENT_DEVICE_REMOVAL: 221 case RDMA_CM_EVENT_DISCONNECTED: 222 /* This happens when we fail the negotiation */ 223 if (sc->status == SMBDIRECT_SOCKET_NEGOTIATE_FAILED) { 224 sc->status = SMBDIRECT_SOCKET_DISCONNECTED; 225 wake_up(&info->conn_wait); 226 break; 227 } 228 229 sc->status = SMBDIRECT_SOCKET_DISCONNECTED; 230 wake_up_interruptible(&info->disconn_wait); 231 wake_up_interruptible(&info->wait_reassembly_queue); 232 wake_up_interruptible_all(&info->wait_send_queue); 233 break; 234 235 default: 236 break; 237 } 238 239 return 0; 240 } 241 242 /* Upcall from RDMA QP */ 243 static void 244 smbd_qp_async_error_upcall(struct ib_event *event, void *context) 245 { 246 struct smbd_connection *info = context; 247 248 log_rdma_event(ERR, "%s on device %s info %p\n", 249 ib_event_msg(event->event), event->device->name, info); 250 251 switch (event->event) { 252 case IB_EVENT_CQ_ERR: 253 case IB_EVENT_QP_FATAL: 254 smbd_disconnect_rdma_connection(info); 255 break; 256 257 default: 258 break; 259 } 260 } 261 262 static inline void *smbd_request_payload(struct smbd_request *request) 263 { 264 return (void *)request->packet; 265 } 266 267 static inline void *smbd_response_payload(struct smbd_response *response) 268 { 269 return (void *)response->packet; 270 } 271 272 /* Called when a RDMA send is done */ 273 static void send_done(struct ib_cq *cq, struct ib_wc *wc) 274 { 275 int i; 276 struct smbd_request *request = 277 container_of(wc->wr_cqe, struct smbd_request, cqe); 278 struct smbd_connection *info = request->info; 279 struct smbdirect_socket *sc = &info->socket; 280 281 log_rdma_send(INFO, "smbd_request 0x%p completed wc->status=%d\n", 282 request, wc->status); 283 284 if (wc->status != IB_WC_SUCCESS || wc->opcode != IB_WC_SEND) { 285 log_rdma_send(ERR, "wc->status=%d wc->opcode=%d\n", 286 wc->status, wc->opcode); 287 smbd_disconnect_rdma_connection(request->info); 288 } 289 290 for (i = 0; i < request->num_sge; i++) 291 ib_dma_unmap_single(sc->ib.dev, 292 request->sge[i].addr, 293 request->sge[i].length, 294 DMA_TO_DEVICE); 295 296 if (atomic_dec_and_test(&request->info->send_pending)) 297 wake_up(&request->info->wait_send_pending); 298 299 wake_up(&request->info->wait_post_send); 300 301 mempool_free(request, request->info->request_mempool); 302 } 303 304 static void dump_smbdirect_negotiate_resp(struct smbdirect_negotiate_resp *resp) 305 { 306 log_rdma_event(INFO, "resp message min_version %u max_version %u negotiated_version %u credits_requested %u credits_granted %u status %u max_readwrite_size %u preferred_send_size %u max_receive_size %u max_fragmented_size %u\n", 307 resp->min_version, resp->max_version, 308 resp->negotiated_version, resp->credits_requested, 309 resp->credits_granted, resp->status, 310 resp->max_readwrite_size, resp->preferred_send_size, 311 resp->max_receive_size, resp->max_fragmented_size); 312 } 313 314 /* 315 * Process a negotiation response message, according to [MS-SMBD]3.1.5.7 316 * response, packet_length: the negotiation response message 317 * return value: true if negotiation is a success, false if failed 318 */ 319 static bool process_negotiation_response( 320 struct smbd_response *response, int packet_length) 321 { 322 struct smbd_connection *info = response->info; 323 struct smbdirect_socket *sc = &info->socket; 324 struct smbdirect_socket_parameters *sp = &sc->parameters; 325 struct smbdirect_negotiate_resp *packet = smbd_response_payload(response); 326 327 if (packet_length < sizeof(struct smbdirect_negotiate_resp)) { 328 log_rdma_event(ERR, 329 "error: packet_length=%d\n", packet_length); 330 return false; 331 } 332 333 if (le16_to_cpu(packet->negotiated_version) != SMBDIRECT_V1) { 334 log_rdma_event(ERR, "error: negotiated_version=%x\n", 335 le16_to_cpu(packet->negotiated_version)); 336 return false; 337 } 338 info->protocol = le16_to_cpu(packet->negotiated_version); 339 340 if (packet->credits_requested == 0) { 341 log_rdma_event(ERR, "error: credits_requested==0\n"); 342 return false; 343 } 344 info->receive_credit_target = le16_to_cpu(packet->credits_requested); 345 346 if (packet->credits_granted == 0) { 347 log_rdma_event(ERR, "error: credits_granted==0\n"); 348 return false; 349 } 350 atomic_set(&info->send_credits, le16_to_cpu(packet->credits_granted)); 351 352 atomic_set(&info->receive_credits, 0); 353 354 if (le32_to_cpu(packet->preferred_send_size) > sp->max_recv_size) { 355 log_rdma_event(ERR, "error: preferred_send_size=%d\n", 356 le32_to_cpu(packet->preferred_send_size)); 357 return false; 358 } 359 sp->max_recv_size = le32_to_cpu(packet->preferred_send_size); 360 361 if (le32_to_cpu(packet->max_receive_size) < SMBD_MIN_RECEIVE_SIZE) { 362 log_rdma_event(ERR, "error: max_receive_size=%d\n", 363 le32_to_cpu(packet->max_receive_size)); 364 return false; 365 } 366 sp->max_send_size = min_t(u32, sp->max_send_size, 367 le32_to_cpu(packet->max_receive_size)); 368 369 if (le32_to_cpu(packet->max_fragmented_size) < 370 SMBD_MIN_FRAGMENTED_SIZE) { 371 log_rdma_event(ERR, "error: max_fragmented_size=%d\n", 372 le32_to_cpu(packet->max_fragmented_size)); 373 return false; 374 } 375 sp->max_fragmented_send_size = 376 le32_to_cpu(packet->max_fragmented_size); 377 info->rdma_readwrite_threshold = 378 rdma_readwrite_threshold > sp->max_fragmented_send_size ? 379 sp->max_fragmented_send_size : 380 rdma_readwrite_threshold; 381 382 383 sp->max_read_write_size = min_t(u32, 384 le32_to_cpu(packet->max_readwrite_size), 385 info->max_frmr_depth * PAGE_SIZE); 386 info->max_frmr_depth = sp->max_read_write_size / PAGE_SIZE; 387 388 return true; 389 } 390 391 static void smbd_post_send_credits(struct work_struct *work) 392 { 393 int ret = 0; 394 int use_receive_queue = 1; 395 int rc; 396 struct smbd_response *response; 397 struct smbd_connection *info = 398 container_of(work, struct smbd_connection, 399 post_send_credits_work); 400 struct smbdirect_socket *sc = &info->socket; 401 402 if (sc->status != SMBDIRECT_SOCKET_CONNECTED) { 403 wake_up(&info->wait_receive_queues); 404 return; 405 } 406 407 if (info->receive_credit_target > 408 atomic_read(&info->receive_credits)) { 409 while (true) { 410 if (use_receive_queue) 411 response = get_receive_buffer(info); 412 else 413 response = get_empty_queue_buffer(info); 414 if (!response) { 415 /* now switch to empty packet queue */ 416 if (use_receive_queue) { 417 use_receive_queue = 0; 418 continue; 419 } else 420 break; 421 } 422 423 response->type = SMBD_TRANSFER_DATA; 424 response->first_segment = false; 425 rc = smbd_post_recv(info, response); 426 if (rc) { 427 log_rdma_recv(ERR, 428 "post_recv failed rc=%d\n", rc); 429 put_receive_buffer(info, response); 430 break; 431 } 432 433 ret++; 434 } 435 } 436 437 spin_lock(&info->lock_new_credits_offered); 438 info->new_credits_offered += ret; 439 spin_unlock(&info->lock_new_credits_offered); 440 441 /* Promptly send an immediate packet as defined in [MS-SMBD] 3.1.1.1 */ 442 info->send_immediate = true; 443 if (atomic_read(&info->receive_credits) < 444 info->receive_credit_target - 1) { 445 if (info->keep_alive_requested == KEEP_ALIVE_PENDING || 446 info->send_immediate) { 447 log_keep_alive(INFO, "send an empty message\n"); 448 smbd_post_send_empty(info); 449 } 450 } 451 } 452 453 /* Called from softirq, when recv is done */ 454 static void recv_done(struct ib_cq *cq, struct ib_wc *wc) 455 { 456 struct smbdirect_data_transfer *data_transfer; 457 struct smbd_response *response = 458 container_of(wc->wr_cqe, struct smbd_response, cqe); 459 struct smbd_connection *info = response->info; 460 int data_length = 0; 461 462 log_rdma_recv(INFO, "response=0x%p type=%d wc status=%d wc opcode %d byte_len=%d pkey_index=%u\n", 463 response, response->type, wc->status, wc->opcode, 464 wc->byte_len, wc->pkey_index); 465 466 if (wc->status != IB_WC_SUCCESS || wc->opcode != IB_WC_RECV) { 467 log_rdma_recv(INFO, "wc->status=%d opcode=%d\n", 468 wc->status, wc->opcode); 469 smbd_disconnect_rdma_connection(info); 470 goto error; 471 } 472 473 ib_dma_sync_single_for_cpu( 474 wc->qp->device, 475 response->sge.addr, 476 response->sge.length, 477 DMA_FROM_DEVICE); 478 479 switch (response->type) { 480 /* SMBD negotiation response */ 481 case SMBD_NEGOTIATE_RESP: 482 dump_smbdirect_negotiate_resp(smbd_response_payload(response)); 483 info->full_packet_received = true; 484 info->negotiate_done = 485 process_negotiation_response(response, wc->byte_len); 486 complete(&info->negotiate_completion); 487 break; 488 489 /* SMBD data transfer packet */ 490 case SMBD_TRANSFER_DATA: 491 data_transfer = smbd_response_payload(response); 492 data_length = le32_to_cpu(data_transfer->data_length); 493 494 /* 495 * If this is a packet with data playload place the data in 496 * reassembly queue and wake up the reading thread 497 */ 498 if (data_length) { 499 if (info->full_packet_received) 500 response->first_segment = true; 501 502 if (le32_to_cpu(data_transfer->remaining_data_length)) 503 info->full_packet_received = false; 504 else 505 info->full_packet_received = true; 506 507 enqueue_reassembly( 508 info, 509 response, 510 data_length); 511 } else 512 put_empty_packet(info, response); 513 514 if (data_length) 515 wake_up_interruptible(&info->wait_reassembly_queue); 516 517 atomic_dec(&info->receive_credits); 518 info->receive_credit_target = 519 le16_to_cpu(data_transfer->credits_requested); 520 if (le16_to_cpu(data_transfer->credits_granted)) { 521 atomic_add(le16_to_cpu(data_transfer->credits_granted), 522 &info->send_credits); 523 /* 524 * We have new send credits granted from remote peer 525 * If any sender is waiting for credits, unblock it 526 */ 527 wake_up_interruptible(&info->wait_send_queue); 528 } 529 530 log_incoming(INFO, "data flags %d data_offset %d data_length %d remaining_data_length %d\n", 531 le16_to_cpu(data_transfer->flags), 532 le32_to_cpu(data_transfer->data_offset), 533 le32_to_cpu(data_transfer->data_length), 534 le32_to_cpu(data_transfer->remaining_data_length)); 535 536 /* Send a KEEP_ALIVE response right away if requested */ 537 info->keep_alive_requested = KEEP_ALIVE_NONE; 538 if (le16_to_cpu(data_transfer->flags) & 539 SMBDIRECT_FLAG_RESPONSE_REQUESTED) { 540 info->keep_alive_requested = KEEP_ALIVE_PENDING; 541 } 542 543 return; 544 545 default: 546 log_rdma_recv(ERR, 547 "unexpected response type=%d\n", response->type); 548 } 549 550 error: 551 put_receive_buffer(info, response); 552 } 553 554 static struct rdma_cm_id *smbd_create_id( 555 struct smbd_connection *info, 556 struct sockaddr *dstaddr, int port) 557 { 558 struct rdma_cm_id *id; 559 int rc; 560 __be16 *sport; 561 562 id = rdma_create_id(&init_net, smbd_conn_upcall, info, 563 RDMA_PS_TCP, IB_QPT_RC); 564 if (IS_ERR(id)) { 565 rc = PTR_ERR(id); 566 log_rdma_event(ERR, "rdma_create_id() failed %i\n", rc); 567 return id; 568 } 569 570 if (dstaddr->sa_family == AF_INET6) 571 sport = &((struct sockaddr_in6 *)dstaddr)->sin6_port; 572 else 573 sport = &((struct sockaddr_in *)dstaddr)->sin_port; 574 575 *sport = htons(port); 576 577 init_completion(&info->ri_done); 578 info->ri_rc = -ETIMEDOUT; 579 580 rc = rdma_resolve_addr(id, NULL, (struct sockaddr *)dstaddr, 581 RDMA_RESOLVE_TIMEOUT); 582 if (rc) { 583 log_rdma_event(ERR, "rdma_resolve_addr() failed %i\n", rc); 584 goto out; 585 } 586 rc = wait_for_completion_interruptible_timeout( 587 &info->ri_done, msecs_to_jiffies(RDMA_RESOLVE_TIMEOUT)); 588 /* e.g. if interrupted returns -ERESTARTSYS */ 589 if (rc < 0) { 590 log_rdma_event(ERR, "rdma_resolve_addr timeout rc: %i\n", rc); 591 goto out; 592 } 593 rc = info->ri_rc; 594 if (rc) { 595 log_rdma_event(ERR, "rdma_resolve_addr() completed %i\n", rc); 596 goto out; 597 } 598 599 info->ri_rc = -ETIMEDOUT; 600 rc = rdma_resolve_route(id, RDMA_RESOLVE_TIMEOUT); 601 if (rc) { 602 log_rdma_event(ERR, "rdma_resolve_route() failed %i\n", rc); 603 goto out; 604 } 605 rc = wait_for_completion_interruptible_timeout( 606 &info->ri_done, msecs_to_jiffies(RDMA_RESOLVE_TIMEOUT)); 607 /* e.g. if interrupted returns -ERESTARTSYS */ 608 if (rc < 0) { 609 log_rdma_event(ERR, "rdma_resolve_addr timeout rc: %i\n", rc); 610 goto out; 611 } 612 rc = info->ri_rc; 613 if (rc) { 614 log_rdma_event(ERR, "rdma_resolve_route() completed %i\n", rc); 615 goto out; 616 } 617 618 return id; 619 620 out: 621 rdma_destroy_id(id); 622 return ERR_PTR(rc); 623 } 624 625 /* 626 * Test if FRWR (Fast Registration Work Requests) is supported on the device 627 * This implementation requires FRWR on RDMA read/write 628 * return value: true if it is supported 629 */ 630 static bool frwr_is_supported(struct ib_device_attr *attrs) 631 { 632 if (!(attrs->device_cap_flags & IB_DEVICE_MEM_MGT_EXTENSIONS)) 633 return false; 634 if (attrs->max_fast_reg_page_list_len == 0) 635 return false; 636 return true; 637 } 638 639 static int smbd_ia_open( 640 struct smbd_connection *info, 641 struct sockaddr *dstaddr, int port) 642 { 643 struct smbdirect_socket *sc = &info->socket; 644 int rc; 645 646 sc->rdma.cm_id = smbd_create_id(info, dstaddr, port); 647 if (IS_ERR(sc->rdma.cm_id)) { 648 rc = PTR_ERR(sc->rdma.cm_id); 649 goto out1; 650 } 651 sc->ib.dev = sc->rdma.cm_id->device; 652 653 if (!frwr_is_supported(&sc->ib.dev->attrs)) { 654 log_rdma_event(ERR, "Fast Registration Work Requests (FRWR) is not supported\n"); 655 log_rdma_event(ERR, "Device capability flags = %llx max_fast_reg_page_list_len = %u\n", 656 sc->ib.dev->attrs.device_cap_flags, 657 sc->ib.dev->attrs.max_fast_reg_page_list_len); 658 rc = -EPROTONOSUPPORT; 659 goto out2; 660 } 661 info->max_frmr_depth = min_t(int, 662 smbd_max_frmr_depth, 663 sc->ib.dev->attrs.max_fast_reg_page_list_len); 664 info->mr_type = IB_MR_TYPE_MEM_REG; 665 if (sc->ib.dev->attrs.kernel_cap_flags & IBK_SG_GAPS_REG) 666 info->mr_type = IB_MR_TYPE_SG_GAPS; 667 668 sc->ib.pd = ib_alloc_pd(sc->ib.dev, 0); 669 if (IS_ERR(sc->ib.pd)) { 670 rc = PTR_ERR(sc->ib.pd); 671 log_rdma_event(ERR, "ib_alloc_pd() returned %d\n", rc); 672 goto out2; 673 } 674 675 return 0; 676 677 out2: 678 rdma_destroy_id(sc->rdma.cm_id); 679 sc->rdma.cm_id = NULL; 680 681 out1: 682 return rc; 683 } 684 685 /* 686 * Send a negotiation request message to the peer 687 * The negotiation procedure is in [MS-SMBD] 3.1.5.2 and 3.1.5.3 688 * After negotiation, the transport is connected and ready for 689 * carrying upper layer SMB payload 690 */ 691 static int smbd_post_send_negotiate_req(struct smbd_connection *info) 692 { 693 struct smbdirect_socket *sc = &info->socket; 694 struct smbdirect_socket_parameters *sp = &sc->parameters; 695 struct ib_send_wr send_wr; 696 int rc = -ENOMEM; 697 struct smbd_request *request; 698 struct smbdirect_negotiate_req *packet; 699 700 request = mempool_alloc(info->request_mempool, GFP_KERNEL); 701 if (!request) 702 return rc; 703 704 request->info = info; 705 706 packet = smbd_request_payload(request); 707 packet->min_version = cpu_to_le16(SMBDIRECT_V1); 708 packet->max_version = cpu_to_le16(SMBDIRECT_V1); 709 packet->reserved = 0; 710 packet->credits_requested = cpu_to_le16(sp->send_credit_target); 711 packet->preferred_send_size = cpu_to_le32(sp->max_send_size); 712 packet->max_receive_size = cpu_to_le32(sp->max_recv_size); 713 packet->max_fragmented_size = 714 cpu_to_le32(sp->max_fragmented_recv_size); 715 716 request->num_sge = 1; 717 request->sge[0].addr = ib_dma_map_single( 718 sc->ib.dev, (void *)packet, 719 sizeof(*packet), DMA_TO_DEVICE); 720 if (ib_dma_mapping_error(sc->ib.dev, request->sge[0].addr)) { 721 rc = -EIO; 722 goto dma_mapping_failed; 723 } 724 725 request->sge[0].length = sizeof(*packet); 726 request->sge[0].lkey = sc->ib.pd->local_dma_lkey; 727 728 ib_dma_sync_single_for_device( 729 sc->ib.dev, request->sge[0].addr, 730 request->sge[0].length, DMA_TO_DEVICE); 731 732 request->cqe.done = send_done; 733 734 send_wr.next = NULL; 735 send_wr.wr_cqe = &request->cqe; 736 send_wr.sg_list = request->sge; 737 send_wr.num_sge = request->num_sge; 738 send_wr.opcode = IB_WR_SEND; 739 send_wr.send_flags = IB_SEND_SIGNALED; 740 741 log_rdma_send(INFO, "sge addr=0x%llx length=%u lkey=0x%x\n", 742 request->sge[0].addr, 743 request->sge[0].length, request->sge[0].lkey); 744 745 atomic_inc(&info->send_pending); 746 rc = ib_post_send(sc->ib.qp, &send_wr, NULL); 747 if (!rc) 748 return 0; 749 750 /* if we reach here, post send failed */ 751 log_rdma_send(ERR, "ib_post_send failed rc=%d\n", rc); 752 atomic_dec(&info->send_pending); 753 ib_dma_unmap_single(sc->ib.dev, request->sge[0].addr, 754 request->sge[0].length, DMA_TO_DEVICE); 755 756 smbd_disconnect_rdma_connection(info); 757 758 dma_mapping_failed: 759 mempool_free(request, info->request_mempool); 760 return rc; 761 } 762 763 /* 764 * Extend the credits to remote peer 765 * This implements [MS-SMBD] 3.1.5.9 766 * The idea is that we should extend credits to remote peer as quickly as 767 * it's allowed, to maintain data flow. We allocate as much receive 768 * buffer as possible, and extend the receive credits to remote peer 769 * return value: the new credtis being granted. 770 */ 771 static int manage_credits_prior_sending(struct smbd_connection *info) 772 { 773 int new_credits; 774 775 spin_lock(&info->lock_new_credits_offered); 776 new_credits = info->new_credits_offered; 777 info->new_credits_offered = 0; 778 spin_unlock(&info->lock_new_credits_offered); 779 780 return new_credits; 781 } 782 783 /* 784 * Check if we need to send a KEEP_ALIVE message 785 * The idle connection timer triggers a KEEP_ALIVE message when expires 786 * SMBDIRECT_FLAG_RESPONSE_REQUESTED is set in the message flag to have peer send 787 * back a response. 788 * return value: 789 * 1 if SMBDIRECT_FLAG_RESPONSE_REQUESTED needs to be set 790 * 0: otherwise 791 */ 792 static int manage_keep_alive_before_sending(struct smbd_connection *info) 793 { 794 if (info->keep_alive_requested == KEEP_ALIVE_PENDING) { 795 info->keep_alive_requested = KEEP_ALIVE_SENT; 796 return 1; 797 } 798 return 0; 799 } 800 801 /* Post the send request */ 802 static int smbd_post_send(struct smbd_connection *info, 803 struct smbd_request *request) 804 { 805 struct smbdirect_socket *sc = &info->socket; 806 struct smbdirect_socket_parameters *sp = &sc->parameters; 807 struct ib_send_wr send_wr; 808 int rc, i; 809 810 for (i = 0; i < request->num_sge; i++) { 811 log_rdma_send(INFO, 812 "rdma_request sge[%d] addr=0x%llx length=%u\n", 813 i, request->sge[i].addr, request->sge[i].length); 814 ib_dma_sync_single_for_device( 815 sc->ib.dev, 816 request->sge[i].addr, 817 request->sge[i].length, 818 DMA_TO_DEVICE); 819 } 820 821 request->cqe.done = send_done; 822 823 send_wr.next = NULL; 824 send_wr.wr_cqe = &request->cqe; 825 send_wr.sg_list = request->sge; 826 send_wr.num_sge = request->num_sge; 827 send_wr.opcode = IB_WR_SEND; 828 send_wr.send_flags = IB_SEND_SIGNALED; 829 830 rc = ib_post_send(sc->ib.qp, &send_wr, NULL); 831 if (rc) { 832 log_rdma_send(ERR, "ib_post_send failed rc=%d\n", rc); 833 smbd_disconnect_rdma_connection(info); 834 rc = -EAGAIN; 835 } else 836 /* Reset timer for idle connection after packet is sent */ 837 mod_delayed_work(info->workqueue, &info->idle_timer_work, 838 msecs_to_jiffies(sp->keepalive_interval_msec)); 839 840 return rc; 841 } 842 843 static int smbd_post_send_iter(struct smbd_connection *info, 844 struct iov_iter *iter, 845 int *_remaining_data_length) 846 { 847 struct smbdirect_socket *sc = &info->socket; 848 struct smbdirect_socket_parameters *sp = &sc->parameters; 849 int i, rc; 850 int header_length; 851 int data_length; 852 struct smbd_request *request; 853 struct smbdirect_data_transfer *packet; 854 int new_credits = 0; 855 856 wait_credit: 857 /* Wait for send credits. A SMBD packet needs one credit */ 858 rc = wait_event_interruptible(info->wait_send_queue, 859 atomic_read(&info->send_credits) > 0 || 860 sc->status != SMBDIRECT_SOCKET_CONNECTED); 861 if (rc) 862 goto err_wait_credit; 863 864 if (sc->status != SMBDIRECT_SOCKET_CONNECTED) { 865 log_outgoing(ERR, "disconnected not sending on wait_credit\n"); 866 rc = -EAGAIN; 867 goto err_wait_credit; 868 } 869 if (unlikely(atomic_dec_return(&info->send_credits) < 0)) { 870 atomic_inc(&info->send_credits); 871 goto wait_credit; 872 } 873 874 wait_send_queue: 875 wait_event(info->wait_post_send, 876 atomic_read(&info->send_pending) < sp->send_credit_target || 877 sc->status != SMBDIRECT_SOCKET_CONNECTED); 878 879 if (sc->status != SMBDIRECT_SOCKET_CONNECTED) { 880 log_outgoing(ERR, "disconnected not sending on wait_send_queue\n"); 881 rc = -EAGAIN; 882 goto err_wait_send_queue; 883 } 884 885 if (unlikely(atomic_inc_return(&info->send_pending) > 886 sp->send_credit_target)) { 887 atomic_dec(&info->send_pending); 888 goto wait_send_queue; 889 } 890 891 request = mempool_alloc(info->request_mempool, GFP_KERNEL); 892 if (!request) { 893 rc = -ENOMEM; 894 goto err_alloc; 895 } 896 897 request->info = info; 898 memset(request->sge, 0, sizeof(request->sge)); 899 900 /* Fill in the data payload to find out how much data we can add */ 901 if (iter) { 902 struct smb_extract_to_rdma extract = { 903 .nr_sge = 1, 904 .max_sge = SMBDIRECT_MAX_SEND_SGE, 905 .sge = request->sge, 906 .device = sc->ib.dev, 907 .local_dma_lkey = sc->ib.pd->local_dma_lkey, 908 .direction = DMA_TO_DEVICE, 909 }; 910 911 rc = smb_extract_iter_to_rdma(iter, *_remaining_data_length, 912 &extract); 913 if (rc < 0) 914 goto err_dma; 915 data_length = rc; 916 request->num_sge = extract.nr_sge; 917 *_remaining_data_length -= data_length; 918 } else { 919 data_length = 0; 920 request->num_sge = 1; 921 } 922 923 /* Fill in the packet header */ 924 packet = smbd_request_payload(request); 925 packet->credits_requested = cpu_to_le16(sp->send_credit_target); 926 927 new_credits = manage_credits_prior_sending(info); 928 atomic_add(new_credits, &info->receive_credits); 929 packet->credits_granted = cpu_to_le16(new_credits); 930 931 info->send_immediate = false; 932 933 packet->flags = 0; 934 if (manage_keep_alive_before_sending(info)) 935 packet->flags |= cpu_to_le16(SMBDIRECT_FLAG_RESPONSE_REQUESTED); 936 937 packet->reserved = 0; 938 if (!data_length) 939 packet->data_offset = 0; 940 else 941 packet->data_offset = cpu_to_le32(24); 942 packet->data_length = cpu_to_le32(data_length); 943 packet->remaining_data_length = cpu_to_le32(*_remaining_data_length); 944 packet->padding = 0; 945 946 log_outgoing(INFO, "credits_requested=%d credits_granted=%d data_offset=%d data_length=%d remaining_data_length=%d\n", 947 le16_to_cpu(packet->credits_requested), 948 le16_to_cpu(packet->credits_granted), 949 le32_to_cpu(packet->data_offset), 950 le32_to_cpu(packet->data_length), 951 le32_to_cpu(packet->remaining_data_length)); 952 953 /* Map the packet to DMA */ 954 header_length = sizeof(struct smbdirect_data_transfer); 955 /* If this is a packet without payload, don't send padding */ 956 if (!data_length) 957 header_length = offsetof(struct smbdirect_data_transfer, padding); 958 959 request->sge[0].addr = ib_dma_map_single(sc->ib.dev, 960 (void *)packet, 961 header_length, 962 DMA_TO_DEVICE); 963 if (ib_dma_mapping_error(sc->ib.dev, request->sge[0].addr)) { 964 rc = -EIO; 965 request->sge[0].addr = 0; 966 goto err_dma; 967 } 968 969 request->sge[0].length = header_length; 970 request->sge[0].lkey = sc->ib.pd->local_dma_lkey; 971 972 rc = smbd_post_send(info, request); 973 if (!rc) 974 return 0; 975 976 err_dma: 977 for (i = 0; i < request->num_sge; i++) 978 if (request->sge[i].addr) 979 ib_dma_unmap_single(sc->ib.dev, 980 request->sge[i].addr, 981 request->sge[i].length, 982 DMA_TO_DEVICE); 983 mempool_free(request, info->request_mempool); 984 985 /* roll back receive credits and credits to be offered */ 986 spin_lock(&info->lock_new_credits_offered); 987 info->new_credits_offered += new_credits; 988 spin_unlock(&info->lock_new_credits_offered); 989 atomic_sub(new_credits, &info->receive_credits); 990 991 err_alloc: 992 if (atomic_dec_and_test(&info->send_pending)) 993 wake_up(&info->wait_send_pending); 994 995 err_wait_send_queue: 996 /* roll back send credits and pending */ 997 atomic_inc(&info->send_credits); 998 999 err_wait_credit: 1000 return rc; 1001 } 1002 1003 /* 1004 * Send an empty message 1005 * Empty message is used to extend credits to peer to for keep live 1006 * while there is no upper layer payload to send at the time 1007 */ 1008 static int smbd_post_send_empty(struct smbd_connection *info) 1009 { 1010 int remaining_data_length = 0; 1011 1012 info->count_send_empty++; 1013 return smbd_post_send_iter(info, NULL, &remaining_data_length); 1014 } 1015 1016 /* 1017 * Post a receive request to the transport 1018 * The remote peer can only send data when a receive request is posted 1019 * The interaction is controlled by send/receive credit system 1020 */ 1021 static int smbd_post_recv( 1022 struct smbd_connection *info, struct smbd_response *response) 1023 { 1024 struct smbdirect_socket *sc = &info->socket; 1025 struct smbdirect_socket_parameters *sp = &sc->parameters; 1026 struct ib_recv_wr recv_wr; 1027 int rc = -EIO; 1028 1029 response->sge.addr = ib_dma_map_single( 1030 sc->ib.dev, response->packet, 1031 sp->max_recv_size, DMA_FROM_DEVICE); 1032 if (ib_dma_mapping_error(sc->ib.dev, response->sge.addr)) 1033 return rc; 1034 1035 response->sge.length = sp->max_recv_size; 1036 response->sge.lkey = sc->ib.pd->local_dma_lkey; 1037 1038 response->cqe.done = recv_done; 1039 1040 recv_wr.wr_cqe = &response->cqe; 1041 recv_wr.next = NULL; 1042 recv_wr.sg_list = &response->sge; 1043 recv_wr.num_sge = 1; 1044 1045 rc = ib_post_recv(sc->ib.qp, &recv_wr, NULL); 1046 if (rc) { 1047 ib_dma_unmap_single(sc->ib.dev, response->sge.addr, 1048 response->sge.length, DMA_FROM_DEVICE); 1049 smbd_disconnect_rdma_connection(info); 1050 log_rdma_recv(ERR, "ib_post_recv failed rc=%d\n", rc); 1051 } 1052 1053 return rc; 1054 } 1055 1056 /* Perform SMBD negotiate according to [MS-SMBD] 3.1.5.2 */ 1057 static int smbd_negotiate(struct smbd_connection *info) 1058 { 1059 int rc; 1060 struct smbd_response *response = get_receive_buffer(info); 1061 1062 response->type = SMBD_NEGOTIATE_RESP; 1063 rc = smbd_post_recv(info, response); 1064 log_rdma_event(INFO, "smbd_post_recv rc=%d iov.addr=0x%llx iov.length=%u iov.lkey=0x%x\n", 1065 rc, response->sge.addr, 1066 response->sge.length, response->sge.lkey); 1067 if (rc) 1068 return rc; 1069 1070 init_completion(&info->negotiate_completion); 1071 info->negotiate_done = false; 1072 rc = smbd_post_send_negotiate_req(info); 1073 if (rc) 1074 return rc; 1075 1076 rc = wait_for_completion_interruptible_timeout( 1077 &info->negotiate_completion, SMBD_NEGOTIATE_TIMEOUT * HZ); 1078 log_rdma_event(INFO, "wait_for_completion_timeout rc=%d\n", rc); 1079 1080 if (info->negotiate_done) 1081 return 0; 1082 1083 if (rc == 0) 1084 rc = -ETIMEDOUT; 1085 else if (rc == -ERESTARTSYS) 1086 rc = -EINTR; 1087 else 1088 rc = -ENOTCONN; 1089 1090 return rc; 1091 } 1092 1093 static void put_empty_packet( 1094 struct smbd_connection *info, struct smbd_response *response) 1095 { 1096 spin_lock(&info->empty_packet_queue_lock); 1097 list_add_tail(&response->list, &info->empty_packet_queue); 1098 info->count_empty_packet_queue++; 1099 spin_unlock(&info->empty_packet_queue_lock); 1100 1101 queue_work(info->workqueue, &info->post_send_credits_work); 1102 } 1103 1104 /* 1105 * Implement Connection.FragmentReassemblyBuffer defined in [MS-SMBD] 3.1.1.1 1106 * This is a queue for reassembling upper layer payload and present to upper 1107 * layer. All the inncoming payload go to the reassembly queue, regardless of 1108 * if reassembly is required. The uuper layer code reads from the queue for all 1109 * incoming payloads. 1110 * Put a received packet to the reassembly queue 1111 * response: the packet received 1112 * data_length: the size of payload in this packet 1113 */ 1114 static void enqueue_reassembly( 1115 struct smbd_connection *info, 1116 struct smbd_response *response, 1117 int data_length) 1118 { 1119 spin_lock(&info->reassembly_queue_lock); 1120 list_add_tail(&response->list, &info->reassembly_queue); 1121 info->reassembly_queue_length++; 1122 /* 1123 * Make sure reassembly_data_length is updated after list and 1124 * reassembly_queue_length are updated. On the dequeue side 1125 * reassembly_data_length is checked without a lock to determine 1126 * if reassembly_queue_length and list is up to date 1127 */ 1128 virt_wmb(); 1129 info->reassembly_data_length += data_length; 1130 spin_unlock(&info->reassembly_queue_lock); 1131 info->count_reassembly_queue++; 1132 info->count_enqueue_reassembly_queue++; 1133 } 1134 1135 /* 1136 * Get the first entry at the front of reassembly queue 1137 * Caller is responsible for locking 1138 * return value: the first entry if any, NULL if queue is empty 1139 */ 1140 static struct smbd_response *_get_first_reassembly(struct smbd_connection *info) 1141 { 1142 struct smbd_response *ret = NULL; 1143 1144 if (!list_empty(&info->reassembly_queue)) { 1145 ret = list_first_entry( 1146 &info->reassembly_queue, 1147 struct smbd_response, list); 1148 } 1149 return ret; 1150 } 1151 1152 static struct smbd_response *get_empty_queue_buffer( 1153 struct smbd_connection *info) 1154 { 1155 struct smbd_response *ret = NULL; 1156 unsigned long flags; 1157 1158 spin_lock_irqsave(&info->empty_packet_queue_lock, flags); 1159 if (!list_empty(&info->empty_packet_queue)) { 1160 ret = list_first_entry( 1161 &info->empty_packet_queue, 1162 struct smbd_response, list); 1163 list_del(&ret->list); 1164 info->count_empty_packet_queue--; 1165 } 1166 spin_unlock_irqrestore(&info->empty_packet_queue_lock, flags); 1167 1168 return ret; 1169 } 1170 1171 /* 1172 * Get a receive buffer 1173 * For each remote send, we need to post a receive. The receive buffers are 1174 * pre-allocated in advance. 1175 * return value: the receive buffer, NULL if none is available 1176 */ 1177 static struct smbd_response *get_receive_buffer(struct smbd_connection *info) 1178 { 1179 struct smbd_response *ret = NULL; 1180 unsigned long flags; 1181 1182 spin_lock_irqsave(&info->receive_queue_lock, flags); 1183 if (!list_empty(&info->receive_queue)) { 1184 ret = list_first_entry( 1185 &info->receive_queue, 1186 struct smbd_response, list); 1187 list_del(&ret->list); 1188 info->count_receive_queue--; 1189 info->count_get_receive_buffer++; 1190 } 1191 spin_unlock_irqrestore(&info->receive_queue_lock, flags); 1192 1193 return ret; 1194 } 1195 1196 /* 1197 * Return a receive buffer 1198 * Upon returning of a receive buffer, we can post new receive and extend 1199 * more receive credits to remote peer. This is done immediately after a 1200 * receive buffer is returned. 1201 */ 1202 static void put_receive_buffer( 1203 struct smbd_connection *info, struct smbd_response *response) 1204 { 1205 struct smbdirect_socket *sc = &info->socket; 1206 unsigned long flags; 1207 1208 ib_dma_unmap_single(sc->ib.dev, response->sge.addr, 1209 response->sge.length, DMA_FROM_DEVICE); 1210 1211 spin_lock_irqsave(&info->receive_queue_lock, flags); 1212 list_add_tail(&response->list, &info->receive_queue); 1213 info->count_receive_queue++; 1214 info->count_put_receive_buffer++; 1215 spin_unlock_irqrestore(&info->receive_queue_lock, flags); 1216 1217 queue_work(info->workqueue, &info->post_send_credits_work); 1218 } 1219 1220 /* Preallocate all receive buffer on transport establishment */ 1221 static int allocate_receive_buffers(struct smbd_connection *info, int num_buf) 1222 { 1223 int i; 1224 struct smbd_response *response; 1225 1226 INIT_LIST_HEAD(&info->reassembly_queue); 1227 spin_lock_init(&info->reassembly_queue_lock); 1228 info->reassembly_data_length = 0; 1229 info->reassembly_queue_length = 0; 1230 1231 INIT_LIST_HEAD(&info->receive_queue); 1232 spin_lock_init(&info->receive_queue_lock); 1233 info->count_receive_queue = 0; 1234 1235 INIT_LIST_HEAD(&info->empty_packet_queue); 1236 spin_lock_init(&info->empty_packet_queue_lock); 1237 info->count_empty_packet_queue = 0; 1238 1239 init_waitqueue_head(&info->wait_receive_queues); 1240 1241 for (i = 0; i < num_buf; i++) { 1242 response = mempool_alloc(info->response_mempool, GFP_KERNEL); 1243 if (!response) 1244 goto allocate_failed; 1245 1246 response->info = info; 1247 list_add_tail(&response->list, &info->receive_queue); 1248 info->count_receive_queue++; 1249 } 1250 1251 return 0; 1252 1253 allocate_failed: 1254 while (!list_empty(&info->receive_queue)) { 1255 response = list_first_entry( 1256 &info->receive_queue, 1257 struct smbd_response, list); 1258 list_del(&response->list); 1259 info->count_receive_queue--; 1260 1261 mempool_free(response, info->response_mempool); 1262 } 1263 return -ENOMEM; 1264 } 1265 1266 static void destroy_receive_buffers(struct smbd_connection *info) 1267 { 1268 struct smbd_response *response; 1269 1270 while ((response = get_receive_buffer(info))) 1271 mempool_free(response, info->response_mempool); 1272 1273 while ((response = get_empty_queue_buffer(info))) 1274 mempool_free(response, info->response_mempool); 1275 } 1276 1277 /* Implement idle connection timer [MS-SMBD] 3.1.6.2 */ 1278 static void idle_connection_timer(struct work_struct *work) 1279 { 1280 struct smbd_connection *info = container_of( 1281 work, struct smbd_connection, 1282 idle_timer_work.work); 1283 struct smbdirect_socket *sc = &info->socket; 1284 struct smbdirect_socket_parameters *sp = &sc->parameters; 1285 1286 if (info->keep_alive_requested != KEEP_ALIVE_NONE) { 1287 log_keep_alive(ERR, 1288 "error status info->keep_alive_requested=%d\n", 1289 info->keep_alive_requested); 1290 smbd_disconnect_rdma_connection(info); 1291 return; 1292 } 1293 1294 log_keep_alive(INFO, "about to send an empty idle message\n"); 1295 smbd_post_send_empty(info); 1296 1297 /* Setup the next idle timeout work */ 1298 queue_delayed_work(info->workqueue, &info->idle_timer_work, 1299 msecs_to_jiffies(sp->keepalive_interval_msec)); 1300 } 1301 1302 /* 1303 * Destroy the transport and related RDMA and memory resources 1304 * Need to go through all the pending counters and make sure on one is using 1305 * the transport while it is destroyed 1306 */ 1307 void smbd_destroy(struct TCP_Server_Info *server) 1308 { 1309 struct smbd_connection *info = server->smbd_conn; 1310 struct smbdirect_socket *sc; 1311 struct smbdirect_socket_parameters *sp; 1312 struct smbd_response *response; 1313 unsigned long flags; 1314 1315 if (!info) { 1316 log_rdma_event(INFO, "rdma session already destroyed\n"); 1317 return; 1318 } 1319 sc = &info->socket; 1320 sp = &sc->parameters; 1321 1322 log_rdma_event(INFO, "destroying rdma session\n"); 1323 if (sc->status != SMBDIRECT_SOCKET_DISCONNECTED) { 1324 rdma_disconnect(sc->rdma.cm_id); 1325 log_rdma_event(INFO, "wait for transport being disconnected\n"); 1326 wait_event_interruptible( 1327 info->disconn_wait, 1328 sc->status == SMBDIRECT_SOCKET_DISCONNECTED); 1329 } 1330 1331 log_rdma_event(INFO, "destroying qp\n"); 1332 ib_drain_qp(sc->ib.qp); 1333 rdma_destroy_qp(sc->rdma.cm_id); 1334 sc->ib.qp = NULL; 1335 1336 log_rdma_event(INFO, "cancelling idle timer\n"); 1337 cancel_delayed_work_sync(&info->idle_timer_work); 1338 1339 log_rdma_event(INFO, "wait for all send posted to IB to finish\n"); 1340 wait_event(info->wait_send_pending, 1341 atomic_read(&info->send_pending) == 0); 1342 1343 /* It's not possible for upper layer to get to reassembly */ 1344 log_rdma_event(INFO, "drain the reassembly queue\n"); 1345 do { 1346 spin_lock_irqsave(&info->reassembly_queue_lock, flags); 1347 response = _get_first_reassembly(info); 1348 if (response) { 1349 list_del(&response->list); 1350 spin_unlock_irqrestore( 1351 &info->reassembly_queue_lock, flags); 1352 put_receive_buffer(info, response); 1353 } else 1354 spin_unlock_irqrestore( 1355 &info->reassembly_queue_lock, flags); 1356 } while (response); 1357 info->reassembly_data_length = 0; 1358 1359 log_rdma_event(INFO, "free receive buffers\n"); 1360 wait_event(info->wait_receive_queues, 1361 info->count_receive_queue + info->count_empty_packet_queue 1362 == sp->recv_credit_max); 1363 destroy_receive_buffers(info); 1364 1365 /* 1366 * For performance reasons, memory registration and deregistration 1367 * are not locked by srv_mutex. It is possible some processes are 1368 * blocked on transport srv_mutex while holding memory registration. 1369 * Release the transport srv_mutex to allow them to hit the failure 1370 * path when sending data, and then release memory registrations. 1371 */ 1372 log_rdma_event(INFO, "freeing mr list\n"); 1373 wake_up_interruptible_all(&info->wait_mr); 1374 while (atomic_read(&info->mr_used_count)) { 1375 cifs_server_unlock(server); 1376 msleep(1000); 1377 cifs_server_lock(server); 1378 } 1379 destroy_mr_list(info); 1380 1381 ib_free_cq(sc->ib.send_cq); 1382 ib_free_cq(sc->ib.recv_cq); 1383 ib_dealloc_pd(sc->ib.pd); 1384 rdma_destroy_id(sc->rdma.cm_id); 1385 1386 /* free mempools */ 1387 mempool_destroy(info->request_mempool); 1388 kmem_cache_destroy(info->request_cache); 1389 1390 mempool_destroy(info->response_mempool); 1391 kmem_cache_destroy(info->response_cache); 1392 1393 sc->status = SMBDIRECT_SOCKET_DESTROYED; 1394 1395 destroy_workqueue(info->workqueue); 1396 log_rdma_event(INFO, "rdma session destroyed\n"); 1397 kfree(info); 1398 server->smbd_conn = NULL; 1399 } 1400 1401 /* 1402 * Reconnect this SMBD connection, called from upper layer 1403 * return value: 0 on success, or actual error code 1404 */ 1405 int smbd_reconnect(struct TCP_Server_Info *server) 1406 { 1407 log_rdma_event(INFO, "reconnecting rdma session\n"); 1408 1409 if (!server->smbd_conn) { 1410 log_rdma_event(INFO, "rdma session already destroyed\n"); 1411 goto create_conn; 1412 } 1413 1414 /* 1415 * This is possible if transport is disconnected and we haven't received 1416 * notification from RDMA, but upper layer has detected timeout 1417 */ 1418 if (server->smbd_conn->socket.status == SMBDIRECT_SOCKET_CONNECTED) { 1419 log_rdma_event(INFO, "disconnecting transport\n"); 1420 smbd_destroy(server); 1421 } 1422 1423 create_conn: 1424 log_rdma_event(INFO, "creating rdma session\n"); 1425 server->smbd_conn = smbd_get_connection( 1426 server, (struct sockaddr *) &server->dstaddr); 1427 1428 if (server->smbd_conn) { 1429 cifs_dbg(VFS, "RDMA transport re-established\n"); 1430 trace_smb3_smbd_connect_done(server->hostname, server->conn_id, &server->dstaddr); 1431 return 0; 1432 } 1433 trace_smb3_smbd_connect_err(server->hostname, server->conn_id, &server->dstaddr); 1434 return -ENOENT; 1435 } 1436 1437 static void destroy_caches_and_workqueue(struct smbd_connection *info) 1438 { 1439 destroy_receive_buffers(info); 1440 destroy_workqueue(info->workqueue); 1441 mempool_destroy(info->response_mempool); 1442 kmem_cache_destroy(info->response_cache); 1443 mempool_destroy(info->request_mempool); 1444 kmem_cache_destroy(info->request_cache); 1445 } 1446 1447 #define MAX_NAME_LEN 80 1448 static int allocate_caches_and_workqueue(struct smbd_connection *info) 1449 { 1450 struct smbdirect_socket *sc = &info->socket; 1451 struct smbdirect_socket_parameters *sp = &sc->parameters; 1452 char name[MAX_NAME_LEN]; 1453 int rc; 1454 1455 scnprintf(name, MAX_NAME_LEN, "smbd_request_%p", info); 1456 info->request_cache = 1457 kmem_cache_create( 1458 name, 1459 sizeof(struct smbd_request) + 1460 sizeof(struct smbdirect_data_transfer), 1461 0, SLAB_HWCACHE_ALIGN, NULL); 1462 if (!info->request_cache) 1463 return -ENOMEM; 1464 1465 info->request_mempool = 1466 mempool_create(sp->send_credit_target, mempool_alloc_slab, 1467 mempool_free_slab, info->request_cache); 1468 if (!info->request_mempool) 1469 goto out1; 1470 1471 scnprintf(name, MAX_NAME_LEN, "smbd_response_%p", info); 1472 info->response_cache = 1473 kmem_cache_create( 1474 name, 1475 sizeof(struct smbd_response) + 1476 sp->max_recv_size, 1477 0, SLAB_HWCACHE_ALIGN, NULL); 1478 if (!info->response_cache) 1479 goto out2; 1480 1481 info->response_mempool = 1482 mempool_create(sp->recv_credit_max, mempool_alloc_slab, 1483 mempool_free_slab, info->response_cache); 1484 if (!info->response_mempool) 1485 goto out3; 1486 1487 scnprintf(name, MAX_NAME_LEN, "smbd_%p", info); 1488 info->workqueue = create_workqueue(name); 1489 if (!info->workqueue) 1490 goto out4; 1491 1492 rc = allocate_receive_buffers(info, sp->recv_credit_max); 1493 if (rc) { 1494 log_rdma_event(ERR, "failed to allocate receive buffers\n"); 1495 goto out5; 1496 } 1497 1498 return 0; 1499 1500 out5: 1501 destroy_workqueue(info->workqueue); 1502 out4: 1503 mempool_destroy(info->response_mempool); 1504 out3: 1505 kmem_cache_destroy(info->response_cache); 1506 out2: 1507 mempool_destroy(info->request_mempool); 1508 out1: 1509 kmem_cache_destroy(info->request_cache); 1510 return -ENOMEM; 1511 } 1512 1513 /* Create a SMBD connection, called by upper layer */ 1514 static struct smbd_connection *_smbd_get_connection( 1515 struct TCP_Server_Info *server, struct sockaddr *dstaddr, int port) 1516 { 1517 int rc; 1518 struct smbd_connection *info; 1519 struct smbdirect_socket *sc; 1520 struct smbdirect_socket_parameters *sp; 1521 struct rdma_conn_param conn_param; 1522 struct ib_qp_init_attr qp_attr; 1523 struct sockaddr_in *addr_in = (struct sockaddr_in *) dstaddr; 1524 struct ib_port_immutable port_immutable; 1525 u32 ird_ord_hdr[2]; 1526 1527 info = kzalloc(sizeof(struct smbd_connection), GFP_KERNEL); 1528 if (!info) 1529 return NULL; 1530 sc = &info->socket; 1531 sp = &sc->parameters; 1532 1533 sc->status = SMBDIRECT_SOCKET_CONNECTING; 1534 rc = smbd_ia_open(info, dstaddr, port); 1535 if (rc) { 1536 log_rdma_event(INFO, "smbd_ia_open rc=%d\n", rc); 1537 goto create_id_failed; 1538 } 1539 1540 if (smbd_send_credit_target > sc->ib.dev->attrs.max_cqe || 1541 smbd_send_credit_target > sc->ib.dev->attrs.max_qp_wr) { 1542 log_rdma_event(ERR, "consider lowering send_credit_target = %d. Possible CQE overrun, device reporting max_cqe %d max_qp_wr %d\n", 1543 smbd_send_credit_target, 1544 sc->ib.dev->attrs.max_cqe, 1545 sc->ib.dev->attrs.max_qp_wr); 1546 goto config_failed; 1547 } 1548 1549 if (smbd_receive_credit_max > sc->ib.dev->attrs.max_cqe || 1550 smbd_receive_credit_max > sc->ib.dev->attrs.max_qp_wr) { 1551 log_rdma_event(ERR, "consider lowering receive_credit_max = %d. Possible CQE overrun, device reporting max_cqe %d max_qp_wr %d\n", 1552 smbd_receive_credit_max, 1553 sc->ib.dev->attrs.max_cqe, 1554 sc->ib.dev->attrs.max_qp_wr); 1555 goto config_failed; 1556 } 1557 1558 sp->recv_credit_max = smbd_receive_credit_max; 1559 sp->send_credit_target = smbd_send_credit_target; 1560 sp->max_send_size = smbd_max_send_size; 1561 sp->max_fragmented_recv_size = smbd_max_fragmented_recv_size; 1562 sp->max_recv_size = smbd_max_receive_size; 1563 sp->keepalive_interval_msec = smbd_keep_alive_interval * 1000; 1564 1565 if (sc->ib.dev->attrs.max_send_sge < SMBDIRECT_MAX_SEND_SGE || 1566 sc->ib.dev->attrs.max_recv_sge < SMBDIRECT_MAX_RECV_SGE) { 1567 log_rdma_event(ERR, 1568 "device %.*s max_send_sge/max_recv_sge = %d/%d too small\n", 1569 IB_DEVICE_NAME_MAX, 1570 sc->ib.dev->name, 1571 sc->ib.dev->attrs.max_send_sge, 1572 sc->ib.dev->attrs.max_recv_sge); 1573 goto config_failed; 1574 } 1575 1576 sc->ib.send_cq = 1577 ib_alloc_cq_any(sc->ib.dev, info, 1578 sp->send_credit_target, IB_POLL_SOFTIRQ); 1579 if (IS_ERR(sc->ib.send_cq)) { 1580 sc->ib.send_cq = NULL; 1581 goto alloc_cq_failed; 1582 } 1583 1584 sc->ib.recv_cq = 1585 ib_alloc_cq_any(sc->ib.dev, info, 1586 sp->recv_credit_max, IB_POLL_SOFTIRQ); 1587 if (IS_ERR(sc->ib.recv_cq)) { 1588 sc->ib.recv_cq = NULL; 1589 goto alloc_cq_failed; 1590 } 1591 1592 memset(&qp_attr, 0, sizeof(qp_attr)); 1593 qp_attr.event_handler = smbd_qp_async_error_upcall; 1594 qp_attr.qp_context = info; 1595 qp_attr.cap.max_send_wr = sp->send_credit_target; 1596 qp_attr.cap.max_recv_wr = sp->recv_credit_max; 1597 qp_attr.cap.max_send_sge = SMBDIRECT_MAX_SEND_SGE; 1598 qp_attr.cap.max_recv_sge = SMBDIRECT_MAX_RECV_SGE; 1599 qp_attr.cap.max_inline_data = 0; 1600 qp_attr.sq_sig_type = IB_SIGNAL_REQ_WR; 1601 qp_attr.qp_type = IB_QPT_RC; 1602 qp_attr.send_cq = sc->ib.send_cq; 1603 qp_attr.recv_cq = sc->ib.recv_cq; 1604 qp_attr.port_num = ~0; 1605 1606 rc = rdma_create_qp(sc->rdma.cm_id, sc->ib.pd, &qp_attr); 1607 if (rc) { 1608 log_rdma_event(ERR, "rdma_create_qp failed %i\n", rc); 1609 goto create_qp_failed; 1610 } 1611 sc->ib.qp = sc->rdma.cm_id->qp; 1612 1613 memset(&conn_param, 0, sizeof(conn_param)); 1614 conn_param.initiator_depth = 0; 1615 1616 conn_param.responder_resources = 1617 min(sc->ib.dev->attrs.max_qp_rd_atom, 1618 SMBD_CM_RESPONDER_RESOURCES); 1619 info->responder_resources = conn_param.responder_resources; 1620 log_rdma_mr(INFO, "responder_resources=%d\n", 1621 info->responder_resources); 1622 1623 /* Need to send IRD/ORD in private data for iWARP */ 1624 sc->ib.dev->ops.get_port_immutable( 1625 sc->ib.dev, sc->rdma.cm_id->port_num, &port_immutable); 1626 if (port_immutable.core_cap_flags & RDMA_CORE_PORT_IWARP) { 1627 ird_ord_hdr[0] = info->responder_resources; 1628 ird_ord_hdr[1] = 1; 1629 conn_param.private_data = ird_ord_hdr; 1630 conn_param.private_data_len = sizeof(ird_ord_hdr); 1631 } else { 1632 conn_param.private_data = NULL; 1633 conn_param.private_data_len = 0; 1634 } 1635 1636 conn_param.retry_count = SMBD_CM_RETRY; 1637 conn_param.rnr_retry_count = SMBD_CM_RNR_RETRY; 1638 conn_param.flow_control = 0; 1639 1640 log_rdma_event(INFO, "connecting to IP %pI4 port %d\n", 1641 &addr_in->sin_addr, port); 1642 1643 init_waitqueue_head(&info->conn_wait); 1644 init_waitqueue_head(&info->disconn_wait); 1645 init_waitqueue_head(&info->wait_reassembly_queue); 1646 rc = rdma_connect(sc->rdma.cm_id, &conn_param); 1647 if (rc) { 1648 log_rdma_event(ERR, "rdma_connect() failed with %i\n", rc); 1649 goto rdma_connect_failed; 1650 } 1651 1652 wait_event_interruptible( 1653 info->conn_wait, sc->status != SMBDIRECT_SOCKET_CONNECTING); 1654 1655 if (sc->status != SMBDIRECT_SOCKET_CONNECTED) { 1656 log_rdma_event(ERR, "rdma_connect failed port=%d\n", port); 1657 goto rdma_connect_failed; 1658 } 1659 1660 log_rdma_event(INFO, "rdma_connect connected\n"); 1661 1662 rc = allocate_caches_and_workqueue(info); 1663 if (rc) { 1664 log_rdma_event(ERR, "cache allocation failed\n"); 1665 goto allocate_cache_failed; 1666 } 1667 1668 init_waitqueue_head(&info->wait_send_queue); 1669 INIT_DELAYED_WORK(&info->idle_timer_work, idle_connection_timer); 1670 queue_delayed_work(info->workqueue, &info->idle_timer_work, 1671 msecs_to_jiffies(sp->keepalive_interval_msec)); 1672 1673 init_waitqueue_head(&info->wait_send_pending); 1674 atomic_set(&info->send_pending, 0); 1675 1676 init_waitqueue_head(&info->wait_post_send); 1677 1678 INIT_WORK(&info->disconnect_work, smbd_disconnect_rdma_work); 1679 INIT_WORK(&info->post_send_credits_work, smbd_post_send_credits); 1680 info->new_credits_offered = 0; 1681 spin_lock_init(&info->lock_new_credits_offered); 1682 1683 rc = smbd_negotiate(info); 1684 if (rc) { 1685 log_rdma_event(ERR, "smbd_negotiate rc=%d\n", rc); 1686 goto negotiation_failed; 1687 } 1688 1689 rc = allocate_mr_list(info); 1690 if (rc) { 1691 log_rdma_mr(ERR, "memory registration allocation failed\n"); 1692 goto allocate_mr_failed; 1693 } 1694 1695 return info; 1696 1697 allocate_mr_failed: 1698 /* At this point, need to a full transport shutdown */ 1699 server->smbd_conn = info; 1700 smbd_destroy(server); 1701 return NULL; 1702 1703 negotiation_failed: 1704 cancel_delayed_work_sync(&info->idle_timer_work); 1705 destroy_caches_and_workqueue(info); 1706 sc->status = SMBDIRECT_SOCKET_NEGOTIATE_FAILED; 1707 init_waitqueue_head(&info->conn_wait); 1708 rdma_disconnect(sc->rdma.cm_id); 1709 wait_event(info->conn_wait, 1710 sc->status == SMBDIRECT_SOCKET_DISCONNECTED); 1711 1712 allocate_cache_failed: 1713 rdma_connect_failed: 1714 rdma_destroy_qp(sc->rdma.cm_id); 1715 1716 create_qp_failed: 1717 alloc_cq_failed: 1718 if (sc->ib.send_cq) 1719 ib_free_cq(sc->ib.send_cq); 1720 if (sc->ib.recv_cq) 1721 ib_free_cq(sc->ib.recv_cq); 1722 1723 config_failed: 1724 ib_dealloc_pd(sc->ib.pd); 1725 rdma_destroy_id(sc->rdma.cm_id); 1726 1727 create_id_failed: 1728 kfree(info); 1729 return NULL; 1730 } 1731 1732 struct smbd_connection *smbd_get_connection( 1733 struct TCP_Server_Info *server, struct sockaddr *dstaddr) 1734 { 1735 struct smbd_connection *ret; 1736 int port = SMBD_PORT; 1737 1738 try_again: 1739 ret = _smbd_get_connection(server, dstaddr, port); 1740 1741 /* Try SMB_PORT if SMBD_PORT doesn't work */ 1742 if (!ret && port == SMBD_PORT) { 1743 port = SMB_PORT; 1744 goto try_again; 1745 } 1746 return ret; 1747 } 1748 1749 /* 1750 * Receive data from receive reassembly queue 1751 * All the incoming data packets are placed in reassembly queue 1752 * buf: the buffer to read data into 1753 * size: the length of data to read 1754 * return value: actual data read 1755 * Note: this implementation copies the data from reassebmly queue to receive 1756 * buffers used by upper layer. This is not the optimal code path. A better way 1757 * to do it is to not have upper layer allocate its receive buffers but rather 1758 * borrow the buffer from reassembly queue, and return it after data is 1759 * consumed. But this will require more changes to upper layer code, and also 1760 * need to consider packet boundaries while they still being reassembled. 1761 */ 1762 static int smbd_recv_buf(struct smbd_connection *info, char *buf, 1763 unsigned int size) 1764 { 1765 struct smbdirect_socket *sc = &info->socket; 1766 struct smbd_response *response; 1767 struct smbdirect_data_transfer *data_transfer; 1768 int to_copy, to_read, data_read, offset; 1769 u32 data_length, remaining_data_length, data_offset; 1770 int rc; 1771 1772 again: 1773 /* 1774 * No need to hold the reassembly queue lock all the time as we are 1775 * the only one reading from the front of the queue. The transport 1776 * may add more entries to the back of the queue at the same time 1777 */ 1778 log_read(INFO, "size=%d info->reassembly_data_length=%d\n", size, 1779 info->reassembly_data_length); 1780 if (info->reassembly_data_length >= size) { 1781 int queue_length; 1782 int queue_removed = 0; 1783 1784 /* 1785 * Need to make sure reassembly_data_length is read before 1786 * reading reassembly_queue_length and calling 1787 * _get_first_reassembly. This call is lock free 1788 * as we never read at the end of the queue which are being 1789 * updated in SOFTIRQ as more data is received 1790 */ 1791 virt_rmb(); 1792 queue_length = info->reassembly_queue_length; 1793 data_read = 0; 1794 to_read = size; 1795 offset = info->first_entry_offset; 1796 while (data_read < size) { 1797 response = _get_first_reassembly(info); 1798 data_transfer = smbd_response_payload(response); 1799 data_length = le32_to_cpu(data_transfer->data_length); 1800 remaining_data_length = 1801 le32_to_cpu( 1802 data_transfer->remaining_data_length); 1803 data_offset = le32_to_cpu(data_transfer->data_offset); 1804 1805 /* 1806 * The upper layer expects RFC1002 length at the 1807 * beginning of the payload. Return it to indicate 1808 * the total length of the packet. This minimize the 1809 * change to upper layer packet processing logic. This 1810 * will be eventually remove when an intermediate 1811 * transport layer is added 1812 */ 1813 if (response->first_segment && size == 4) { 1814 unsigned int rfc1002_len = 1815 data_length + remaining_data_length; 1816 *((__be32 *)buf) = cpu_to_be32(rfc1002_len); 1817 data_read = 4; 1818 response->first_segment = false; 1819 log_read(INFO, "returning rfc1002 length %d\n", 1820 rfc1002_len); 1821 goto read_rfc1002_done; 1822 } 1823 1824 to_copy = min_t(int, data_length - offset, to_read); 1825 memcpy( 1826 buf + data_read, 1827 (char *)data_transfer + data_offset + offset, 1828 to_copy); 1829 1830 /* move on to the next buffer? */ 1831 if (to_copy == data_length - offset) { 1832 queue_length--; 1833 /* 1834 * No need to lock if we are not at the 1835 * end of the queue 1836 */ 1837 if (queue_length) 1838 list_del(&response->list); 1839 else { 1840 spin_lock_irq( 1841 &info->reassembly_queue_lock); 1842 list_del(&response->list); 1843 spin_unlock_irq( 1844 &info->reassembly_queue_lock); 1845 } 1846 queue_removed++; 1847 info->count_reassembly_queue--; 1848 info->count_dequeue_reassembly_queue++; 1849 put_receive_buffer(info, response); 1850 offset = 0; 1851 log_read(INFO, "put_receive_buffer offset=0\n"); 1852 } else 1853 offset += to_copy; 1854 1855 to_read -= to_copy; 1856 data_read += to_copy; 1857 1858 log_read(INFO, "_get_first_reassembly memcpy %d bytes data_transfer_length-offset=%d after that to_read=%d data_read=%d offset=%d\n", 1859 to_copy, data_length - offset, 1860 to_read, data_read, offset); 1861 } 1862 1863 spin_lock_irq(&info->reassembly_queue_lock); 1864 info->reassembly_data_length -= data_read; 1865 info->reassembly_queue_length -= queue_removed; 1866 spin_unlock_irq(&info->reassembly_queue_lock); 1867 1868 info->first_entry_offset = offset; 1869 log_read(INFO, "returning to thread data_read=%d reassembly_data_length=%d first_entry_offset=%d\n", 1870 data_read, info->reassembly_data_length, 1871 info->first_entry_offset); 1872 read_rfc1002_done: 1873 return data_read; 1874 } 1875 1876 log_read(INFO, "wait_event on more data\n"); 1877 rc = wait_event_interruptible( 1878 info->wait_reassembly_queue, 1879 info->reassembly_data_length >= size || 1880 sc->status != SMBDIRECT_SOCKET_CONNECTED); 1881 /* Don't return any data if interrupted */ 1882 if (rc) 1883 return rc; 1884 1885 if (sc->status != SMBDIRECT_SOCKET_CONNECTED) { 1886 log_read(ERR, "disconnected\n"); 1887 return -ECONNABORTED; 1888 } 1889 1890 goto again; 1891 } 1892 1893 /* 1894 * Receive a page from receive reassembly queue 1895 * page: the page to read data into 1896 * to_read: the length of data to read 1897 * return value: actual data read 1898 */ 1899 static int smbd_recv_page(struct smbd_connection *info, 1900 struct page *page, unsigned int page_offset, 1901 unsigned int to_read) 1902 { 1903 struct smbdirect_socket *sc = &info->socket; 1904 int ret; 1905 char *to_address; 1906 void *page_address; 1907 1908 /* make sure we have the page ready for read */ 1909 ret = wait_event_interruptible( 1910 info->wait_reassembly_queue, 1911 info->reassembly_data_length >= to_read || 1912 sc->status != SMBDIRECT_SOCKET_CONNECTED); 1913 if (ret) 1914 return ret; 1915 1916 /* now we can read from reassembly queue and not sleep */ 1917 page_address = kmap_atomic(page); 1918 to_address = (char *) page_address + page_offset; 1919 1920 log_read(INFO, "reading from page=%p address=%p to_read=%d\n", 1921 page, to_address, to_read); 1922 1923 ret = smbd_recv_buf(info, to_address, to_read); 1924 kunmap_atomic(page_address); 1925 1926 return ret; 1927 } 1928 1929 /* 1930 * Receive data from transport 1931 * msg: a msghdr point to the buffer, can be ITER_KVEC or ITER_BVEC 1932 * return: total bytes read, or 0. SMB Direct will not do partial read. 1933 */ 1934 int smbd_recv(struct smbd_connection *info, struct msghdr *msg) 1935 { 1936 char *buf; 1937 struct page *page; 1938 unsigned int to_read, page_offset; 1939 int rc; 1940 1941 if (iov_iter_rw(&msg->msg_iter) == WRITE) { 1942 /* It's a bug in upper layer to get there */ 1943 cifs_dbg(VFS, "Invalid msg iter dir %u\n", 1944 iov_iter_rw(&msg->msg_iter)); 1945 rc = -EINVAL; 1946 goto out; 1947 } 1948 1949 switch (iov_iter_type(&msg->msg_iter)) { 1950 case ITER_KVEC: 1951 buf = msg->msg_iter.kvec->iov_base; 1952 to_read = msg->msg_iter.kvec->iov_len; 1953 rc = smbd_recv_buf(info, buf, to_read); 1954 break; 1955 1956 case ITER_BVEC: 1957 page = msg->msg_iter.bvec->bv_page; 1958 page_offset = msg->msg_iter.bvec->bv_offset; 1959 to_read = msg->msg_iter.bvec->bv_len; 1960 rc = smbd_recv_page(info, page, page_offset, to_read); 1961 break; 1962 1963 default: 1964 /* It's a bug in upper layer to get there */ 1965 cifs_dbg(VFS, "Invalid msg type %d\n", 1966 iov_iter_type(&msg->msg_iter)); 1967 rc = -EINVAL; 1968 } 1969 1970 out: 1971 /* SMBDirect will read it all or nothing */ 1972 if (rc > 0) 1973 msg->msg_iter.count = 0; 1974 return rc; 1975 } 1976 1977 /* 1978 * Send data to transport 1979 * Each rqst is transported as a SMBDirect payload 1980 * rqst: the data to write 1981 * return value: 0 if successfully write, otherwise error code 1982 */ 1983 int smbd_send(struct TCP_Server_Info *server, 1984 int num_rqst, struct smb_rqst *rqst_array) 1985 { 1986 struct smbd_connection *info = server->smbd_conn; 1987 struct smbdirect_socket *sc = &info->socket; 1988 struct smbdirect_socket_parameters *sp = &sc->parameters; 1989 struct smb_rqst *rqst; 1990 struct iov_iter iter; 1991 unsigned int remaining_data_length, klen; 1992 int rc, i, rqst_idx; 1993 1994 if (sc->status != SMBDIRECT_SOCKET_CONNECTED) 1995 return -EAGAIN; 1996 1997 /* 1998 * Add in the page array if there is one. The caller needs to set 1999 * rq_tailsz to PAGE_SIZE when the buffer has multiple pages and 2000 * ends at page boundary 2001 */ 2002 remaining_data_length = 0; 2003 for (i = 0; i < num_rqst; i++) 2004 remaining_data_length += smb_rqst_len(server, &rqst_array[i]); 2005 2006 if (unlikely(remaining_data_length > sp->max_fragmented_send_size)) { 2007 /* assertion: payload never exceeds negotiated maximum */ 2008 log_write(ERR, "payload size %d > max size %d\n", 2009 remaining_data_length, sp->max_fragmented_send_size); 2010 return -EINVAL; 2011 } 2012 2013 log_write(INFO, "num_rqst=%d total length=%u\n", 2014 num_rqst, remaining_data_length); 2015 2016 rqst_idx = 0; 2017 do { 2018 rqst = &rqst_array[rqst_idx]; 2019 2020 cifs_dbg(FYI, "Sending smb (RDMA): idx=%d smb_len=%lu\n", 2021 rqst_idx, smb_rqst_len(server, rqst)); 2022 for (i = 0; i < rqst->rq_nvec; i++) 2023 dump_smb(rqst->rq_iov[i].iov_base, rqst->rq_iov[i].iov_len); 2024 2025 log_write(INFO, "RDMA-WR[%u] nvec=%d len=%u iter=%zu rqlen=%lu\n", 2026 rqst_idx, rqst->rq_nvec, remaining_data_length, 2027 iov_iter_count(&rqst->rq_iter), smb_rqst_len(server, rqst)); 2028 2029 /* Send the metadata pages. */ 2030 klen = 0; 2031 for (i = 0; i < rqst->rq_nvec; i++) 2032 klen += rqst->rq_iov[i].iov_len; 2033 iov_iter_kvec(&iter, ITER_SOURCE, rqst->rq_iov, rqst->rq_nvec, klen); 2034 2035 rc = smbd_post_send_iter(info, &iter, &remaining_data_length); 2036 if (rc < 0) 2037 break; 2038 2039 if (iov_iter_count(&rqst->rq_iter) > 0) { 2040 /* And then the data pages if there are any */ 2041 rc = smbd_post_send_iter(info, &rqst->rq_iter, 2042 &remaining_data_length); 2043 if (rc < 0) 2044 break; 2045 } 2046 2047 } while (++rqst_idx < num_rqst); 2048 2049 /* 2050 * As an optimization, we don't wait for individual I/O to finish 2051 * before sending the next one. 2052 * Send them all and wait for pending send count to get to 0 2053 * that means all the I/Os have been out and we are good to return 2054 */ 2055 2056 wait_event(info->wait_send_pending, 2057 atomic_read(&info->send_pending) == 0); 2058 2059 return rc; 2060 } 2061 2062 static void register_mr_done(struct ib_cq *cq, struct ib_wc *wc) 2063 { 2064 struct smbd_mr *mr; 2065 struct ib_cqe *cqe; 2066 2067 if (wc->status) { 2068 log_rdma_mr(ERR, "status=%d\n", wc->status); 2069 cqe = wc->wr_cqe; 2070 mr = container_of(cqe, struct smbd_mr, cqe); 2071 smbd_disconnect_rdma_connection(mr->conn); 2072 } 2073 } 2074 2075 /* 2076 * The work queue function that recovers MRs 2077 * We need to call ib_dereg_mr() and ib_alloc_mr() before this MR can be used 2078 * again. Both calls are slow, so finish them in a workqueue. This will not 2079 * block I/O path. 2080 * There is one workqueue that recovers MRs, there is no need to lock as the 2081 * I/O requests calling smbd_register_mr will never update the links in the 2082 * mr_list. 2083 */ 2084 static void smbd_mr_recovery_work(struct work_struct *work) 2085 { 2086 struct smbd_connection *info = 2087 container_of(work, struct smbd_connection, mr_recovery_work); 2088 struct smbdirect_socket *sc = &info->socket; 2089 struct smbd_mr *smbdirect_mr; 2090 int rc; 2091 2092 list_for_each_entry(smbdirect_mr, &info->mr_list, list) { 2093 if (smbdirect_mr->state == MR_ERROR) { 2094 2095 /* recover this MR entry */ 2096 rc = ib_dereg_mr(smbdirect_mr->mr); 2097 if (rc) { 2098 log_rdma_mr(ERR, 2099 "ib_dereg_mr failed rc=%x\n", 2100 rc); 2101 smbd_disconnect_rdma_connection(info); 2102 continue; 2103 } 2104 2105 smbdirect_mr->mr = ib_alloc_mr( 2106 sc->ib.pd, info->mr_type, 2107 info->max_frmr_depth); 2108 if (IS_ERR(smbdirect_mr->mr)) { 2109 log_rdma_mr(ERR, "ib_alloc_mr failed mr_type=%x max_frmr_depth=%x\n", 2110 info->mr_type, 2111 info->max_frmr_depth); 2112 smbd_disconnect_rdma_connection(info); 2113 continue; 2114 } 2115 } else 2116 /* This MR is being used, don't recover it */ 2117 continue; 2118 2119 smbdirect_mr->state = MR_READY; 2120 2121 /* smbdirect_mr->state is updated by this function 2122 * and is read and updated by I/O issuing CPUs trying 2123 * to get a MR, the call to atomic_inc_return 2124 * implicates a memory barrier and guarantees this 2125 * value is updated before waking up any calls to 2126 * get_mr() from the I/O issuing CPUs 2127 */ 2128 if (atomic_inc_return(&info->mr_ready_count) == 1) 2129 wake_up_interruptible(&info->wait_mr); 2130 } 2131 } 2132 2133 static void destroy_mr_list(struct smbd_connection *info) 2134 { 2135 struct smbdirect_socket *sc = &info->socket; 2136 struct smbd_mr *mr, *tmp; 2137 2138 cancel_work_sync(&info->mr_recovery_work); 2139 list_for_each_entry_safe(mr, tmp, &info->mr_list, list) { 2140 if (mr->state == MR_INVALIDATED) 2141 ib_dma_unmap_sg(sc->ib.dev, mr->sgt.sgl, 2142 mr->sgt.nents, mr->dir); 2143 ib_dereg_mr(mr->mr); 2144 kfree(mr->sgt.sgl); 2145 kfree(mr); 2146 } 2147 } 2148 2149 /* 2150 * Allocate MRs used for RDMA read/write 2151 * The number of MRs will not exceed hardware capability in responder_resources 2152 * All MRs are kept in mr_list. The MR can be recovered after it's used 2153 * Recovery is done in smbd_mr_recovery_work. The content of list entry changes 2154 * as MRs are used and recovered for I/O, but the list links will not change 2155 */ 2156 static int allocate_mr_list(struct smbd_connection *info) 2157 { 2158 struct smbdirect_socket *sc = &info->socket; 2159 int i; 2160 struct smbd_mr *smbdirect_mr, *tmp; 2161 2162 INIT_LIST_HEAD(&info->mr_list); 2163 init_waitqueue_head(&info->wait_mr); 2164 spin_lock_init(&info->mr_list_lock); 2165 atomic_set(&info->mr_ready_count, 0); 2166 atomic_set(&info->mr_used_count, 0); 2167 init_waitqueue_head(&info->wait_for_mr_cleanup); 2168 INIT_WORK(&info->mr_recovery_work, smbd_mr_recovery_work); 2169 /* Allocate more MRs (2x) than hardware responder_resources */ 2170 for (i = 0; i < info->responder_resources * 2; i++) { 2171 smbdirect_mr = kzalloc(sizeof(*smbdirect_mr), GFP_KERNEL); 2172 if (!smbdirect_mr) 2173 goto cleanup_entries; 2174 smbdirect_mr->mr = ib_alloc_mr(sc->ib.pd, info->mr_type, 2175 info->max_frmr_depth); 2176 if (IS_ERR(smbdirect_mr->mr)) { 2177 log_rdma_mr(ERR, "ib_alloc_mr failed mr_type=%x max_frmr_depth=%x\n", 2178 info->mr_type, info->max_frmr_depth); 2179 goto out; 2180 } 2181 smbdirect_mr->sgt.sgl = kcalloc(info->max_frmr_depth, 2182 sizeof(struct scatterlist), 2183 GFP_KERNEL); 2184 if (!smbdirect_mr->sgt.sgl) { 2185 log_rdma_mr(ERR, "failed to allocate sgl\n"); 2186 ib_dereg_mr(smbdirect_mr->mr); 2187 goto out; 2188 } 2189 smbdirect_mr->state = MR_READY; 2190 smbdirect_mr->conn = info; 2191 2192 list_add_tail(&smbdirect_mr->list, &info->mr_list); 2193 atomic_inc(&info->mr_ready_count); 2194 } 2195 return 0; 2196 2197 out: 2198 kfree(smbdirect_mr); 2199 cleanup_entries: 2200 list_for_each_entry_safe(smbdirect_mr, tmp, &info->mr_list, list) { 2201 list_del(&smbdirect_mr->list); 2202 ib_dereg_mr(smbdirect_mr->mr); 2203 kfree(smbdirect_mr->sgt.sgl); 2204 kfree(smbdirect_mr); 2205 } 2206 return -ENOMEM; 2207 } 2208 2209 /* 2210 * Get a MR from mr_list. This function waits until there is at least one 2211 * MR available in the list. It may access the list while the 2212 * smbd_mr_recovery_work is recovering the MR list. This doesn't need a lock 2213 * as they never modify the same places. However, there may be several CPUs 2214 * issuing I/O trying to get MR at the same time, mr_list_lock is used to 2215 * protect this situation. 2216 */ 2217 static struct smbd_mr *get_mr(struct smbd_connection *info) 2218 { 2219 struct smbdirect_socket *sc = &info->socket; 2220 struct smbd_mr *ret; 2221 int rc; 2222 again: 2223 rc = wait_event_interruptible(info->wait_mr, 2224 atomic_read(&info->mr_ready_count) || 2225 sc->status != SMBDIRECT_SOCKET_CONNECTED); 2226 if (rc) { 2227 log_rdma_mr(ERR, "wait_event_interruptible rc=%x\n", rc); 2228 return NULL; 2229 } 2230 2231 if (sc->status != SMBDIRECT_SOCKET_CONNECTED) { 2232 log_rdma_mr(ERR, "sc->status=%x\n", sc->status); 2233 return NULL; 2234 } 2235 2236 spin_lock(&info->mr_list_lock); 2237 list_for_each_entry(ret, &info->mr_list, list) { 2238 if (ret->state == MR_READY) { 2239 ret->state = MR_REGISTERED; 2240 spin_unlock(&info->mr_list_lock); 2241 atomic_dec(&info->mr_ready_count); 2242 atomic_inc(&info->mr_used_count); 2243 return ret; 2244 } 2245 } 2246 2247 spin_unlock(&info->mr_list_lock); 2248 /* 2249 * It is possible that we could fail to get MR because other processes may 2250 * try to acquire a MR at the same time. If this is the case, retry it. 2251 */ 2252 goto again; 2253 } 2254 2255 /* 2256 * Transcribe the pages from an iterator into an MR scatterlist. 2257 */ 2258 static int smbd_iter_to_mr(struct smbd_connection *info, 2259 struct iov_iter *iter, 2260 struct sg_table *sgt, 2261 unsigned int max_sg) 2262 { 2263 int ret; 2264 2265 memset(sgt->sgl, 0, max_sg * sizeof(struct scatterlist)); 2266 2267 ret = extract_iter_to_sg(iter, iov_iter_count(iter), sgt, max_sg, 0); 2268 WARN_ON(ret < 0); 2269 if (sgt->nents > 0) 2270 sg_mark_end(&sgt->sgl[sgt->nents - 1]); 2271 return ret; 2272 } 2273 2274 /* 2275 * Register memory for RDMA read/write 2276 * iter: the buffer to register memory with 2277 * writing: true if this is a RDMA write (SMB read), false for RDMA read 2278 * need_invalidate: true if this MR needs to be locally invalidated after I/O 2279 * return value: the MR registered, NULL if failed. 2280 */ 2281 struct smbd_mr *smbd_register_mr(struct smbd_connection *info, 2282 struct iov_iter *iter, 2283 bool writing, bool need_invalidate) 2284 { 2285 struct smbdirect_socket *sc = &info->socket; 2286 struct smbd_mr *smbdirect_mr; 2287 int rc, num_pages; 2288 enum dma_data_direction dir; 2289 struct ib_reg_wr *reg_wr; 2290 2291 num_pages = iov_iter_npages(iter, info->max_frmr_depth + 1); 2292 if (num_pages > info->max_frmr_depth) { 2293 log_rdma_mr(ERR, "num_pages=%d max_frmr_depth=%d\n", 2294 num_pages, info->max_frmr_depth); 2295 WARN_ON_ONCE(1); 2296 return NULL; 2297 } 2298 2299 smbdirect_mr = get_mr(info); 2300 if (!smbdirect_mr) { 2301 log_rdma_mr(ERR, "get_mr returning NULL\n"); 2302 return NULL; 2303 } 2304 2305 dir = writing ? DMA_FROM_DEVICE : DMA_TO_DEVICE; 2306 smbdirect_mr->dir = dir; 2307 smbdirect_mr->need_invalidate = need_invalidate; 2308 smbdirect_mr->sgt.nents = 0; 2309 smbdirect_mr->sgt.orig_nents = 0; 2310 2311 log_rdma_mr(INFO, "num_pages=0x%x count=0x%zx depth=%u\n", 2312 num_pages, iov_iter_count(iter), info->max_frmr_depth); 2313 smbd_iter_to_mr(info, iter, &smbdirect_mr->sgt, info->max_frmr_depth); 2314 2315 rc = ib_dma_map_sg(sc->ib.dev, smbdirect_mr->sgt.sgl, 2316 smbdirect_mr->sgt.nents, dir); 2317 if (!rc) { 2318 log_rdma_mr(ERR, "ib_dma_map_sg num_pages=%x dir=%x rc=%x\n", 2319 num_pages, dir, rc); 2320 goto dma_map_error; 2321 } 2322 2323 rc = ib_map_mr_sg(smbdirect_mr->mr, smbdirect_mr->sgt.sgl, 2324 smbdirect_mr->sgt.nents, NULL, PAGE_SIZE); 2325 if (rc != smbdirect_mr->sgt.nents) { 2326 log_rdma_mr(ERR, 2327 "ib_map_mr_sg failed rc = %d nents = %x\n", 2328 rc, smbdirect_mr->sgt.nents); 2329 goto map_mr_error; 2330 } 2331 2332 ib_update_fast_reg_key(smbdirect_mr->mr, 2333 ib_inc_rkey(smbdirect_mr->mr->rkey)); 2334 reg_wr = &smbdirect_mr->wr; 2335 reg_wr->wr.opcode = IB_WR_REG_MR; 2336 smbdirect_mr->cqe.done = register_mr_done; 2337 reg_wr->wr.wr_cqe = &smbdirect_mr->cqe; 2338 reg_wr->wr.num_sge = 0; 2339 reg_wr->wr.send_flags = IB_SEND_SIGNALED; 2340 reg_wr->mr = smbdirect_mr->mr; 2341 reg_wr->key = smbdirect_mr->mr->rkey; 2342 reg_wr->access = writing ? 2343 IB_ACCESS_REMOTE_WRITE | IB_ACCESS_LOCAL_WRITE : 2344 IB_ACCESS_REMOTE_READ; 2345 2346 /* 2347 * There is no need for waiting for complemtion on ib_post_send 2348 * on IB_WR_REG_MR. Hardware enforces a barrier and order of execution 2349 * on the next ib_post_send when we actually send I/O to remote peer 2350 */ 2351 rc = ib_post_send(sc->ib.qp, ®_wr->wr, NULL); 2352 if (!rc) 2353 return smbdirect_mr; 2354 2355 log_rdma_mr(ERR, "ib_post_send failed rc=%x reg_wr->key=%x\n", 2356 rc, reg_wr->key); 2357 2358 /* If all failed, attempt to recover this MR by setting it MR_ERROR*/ 2359 map_mr_error: 2360 ib_dma_unmap_sg(sc->ib.dev, smbdirect_mr->sgt.sgl, 2361 smbdirect_mr->sgt.nents, smbdirect_mr->dir); 2362 2363 dma_map_error: 2364 smbdirect_mr->state = MR_ERROR; 2365 if (atomic_dec_and_test(&info->mr_used_count)) 2366 wake_up(&info->wait_for_mr_cleanup); 2367 2368 smbd_disconnect_rdma_connection(info); 2369 2370 return NULL; 2371 } 2372 2373 static void local_inv_done(struct ib_cq *cq, struct ib_wc *wc) 2374 { 2375 struct smbd_mr *smbdirect_mr; 2376 struct ib_cqe *cqe; 2377 2378 cqe = wc->wr_cqe; 2379 smbdirect_mr = container_of(cqe, struct smbd_mr, cqe); 2380 smbdirect_mr->state = MR_INVALIDATED; 2381 if (wc->status != IB_WC_SUCCESS) { 2382 log_rdma_mr(ERR, "invalidate failed status=%x\n", wc->status); 2383 smbdirect_mr->state = MR_ERROR; 2384 } 2385 complete(&smbdirect_mr->invalidate_done); 2386 } 2387 2388 /* 2389 * Deregister a MR after I/O is done 2390 * This function may wait if remote invalidation is not used 2391 * and we have to locally invalidate the buffer to prevent data is being 2392 * modified by remote peer after upper layer consumes it 2393 */ 2394 int smbd_deregister_mr(struct smbd_mr *smbdirect_mr) 2395 { 2396 struct ib_send_wr *wr; 2397 struct smbd_connection *info = smbdirect_mr->conn; 2398 struct smbdirect_socket *sc = &info->socket; 2399 int rc = 0; 2400 2401 if (smbdirect_mr->need_invalidate) { 2402 /* Need to finish local invalidation before returning */ 2403 wr = &smbdirect_mr->inv_wr; 2404 wr->opcode = IB_WR_LOCAL_INV; 2405 smbdirect_mr->cqe.done = local_inv_done; 2406 wr->wr_cqe = &smbdirect_mr->cqe; 2407 wr->num_sge = 0; 2408 wr->ex.invalidate_rkey = smbdirect_mr->mr->rkey; 2409 wr->send_flags = IB_SEND_SIGNALED; 2410 2411 init_completion(&smbdirect_mr->invalidate_done); 2412 rc = ib_post_send(sc->ib.qp, wr, NULL); 2413 if (rc) { 2414 log_rdma_mr(ERR, "ib_post_send failed rc=%x\n", rc); 2415 smbd_disconnect_rdma_connection(info); 2416 goto done; 2417 } 2418 wait_for_completion(&smbdirect_mr->invalidate_done); 2419 smbdirect_mr->need_invalidate = false; 2420 } else 2421 /* 2422 * For remote invalidation, just set it to MR_INVALIDATED 2423 * and defer to mr_recovery_work to recover the MR for next use 2424 */ 2425 smbdirect_mr->state = MR_INVALIDATED; 2426 2427 if (smbdirect_mr->state == MR_INVALIDATED) { 2428 ib_dma_unmap_sg( 2429 sc->ib.dev, smbdirect_mr->sgt.sgl, 2430 smbdirect_mr->sgt.nents, 2431 smbdirect_mr->dir); 2432 smbdirect_mr->state = MR_READY; 2433 if (atomic_inc_return(&info->mr_ready_count) == 1) 2434 wake_up_interruptible(&info->wait_mr); 2435 } else 2436 /* 2437 * Schedule the work to do MR recovery for future I/Os MR 2438 * recovery is slow and don't want it to block current I/O 2439 */ 2440 queue_work(info->workqueue, &info->mr_recovery_work); 2441 2442 done: 2443 if (atomic_dec_and_test(&info->mr_used_count)) 2444 wake_up(&info->wait_for_mr_cleanup); 2445 2446 return rc; 2447 } 2448 2449 static bool smb_set_sge(struct smb_extract_to_rdma *rdma, 2450 struct page *lowest_page, size_t off, size_t len) 2451 { 2452 struct ib_sge *sge = &rdma->sge[rdma->nr_sge]; 2453 u64 addr; 2454 2455 addr = ib_dma_map_page(rdma->device, lowest_page, 2456 off, len, rdma->direction); 2457 if (ib_dma_mapping_error(rdma->device, addr)) 2458 return false; 2459 2460 sge->addr = addr; 2461 sge->length = len; 2462 sge->lkey = rdma->local_dma_lkey; 2463 rdma->nr_sge++; 2464 return true; 2465 } 2466 2467 /* 2468 * Extract page fragments from a BVEC-class iterator and add them to an RDMA 2469 * element list. The pages are not pinned. 2470 */ 2471 static ssize_t smb_extract_bvec_to_rdma(struct iov_iter *iter, 2472 struct smb_extract_to_rdma *rdma, 2473 ssize_t maxsize) 2474 { 2475 const struct bio_vec *bv = iter->bvec; 2476 unsigned long start = iter->iov_offset; 2477 unsigned int i; 2478 ssize_t ret = 0; 2479 2480 for (i = 0; i < iter->nr_segs; i++) { 2481 size_t off, len; 2482 2483 len = bv[i].bv_len; 2484 if (start >= len) { 2485 start -= len; 2486 continue; 2487 } 2488 2489 len = min_t(size_t, maxsize, len - start); 2490 off = bv[i].bv_offset + start; 2491 2492 if (!smb_set_sge(rdma, bv[i].bv_page, off, len)) 2493 return -EIO; 2494 2495 ret += len; 2496 maxsize -= len; 2497 if (rdma->nr_sge >= rdma->max_sge || maxsize <= 0) 2498 break; 2499 start = 0; 2500 } 2501 2502 if (ret > 0) 2503 iov_iter_advance(iter, ret); 2504 return ret; 2505 } 2506 2507 /* 2508 * Extract fragments from a KVEC-class iterator and add them to an RDMA list. 2509 * This can deal with vmalloc'd buffers as well as kmalloc'd or static buffers. 2510 * The pages are not pinned. 2511 */ 2512 static ssize_t smb_extract_kvec_to_rdma(struct iov_iter *iter, 2513 struct smb_extract_to_rdma *rdma, 2514 ssize_t maxsize) 2515 { 2516 const struct kvec *kv = iter->kvec; 2517 unsigned long start = iter->iov_offset; 2518 unsigned int i; 2519 ssize_t ret = 0; 2520 2521 for (i = 0; i < iter->nr_segs; i++) { 2522 struct page *page; 2523 unsigned long kaddr; 2524 size_t off, len, seg; 2525 2526 len = kv[i].iov_len; 2527 if (start >= len) { 2528 start -= len; 2529 continue; 2530 } 2531 2532 kaddr = (unsigned long)kv[i].iov_base + start; 2533 off = kaddr & ~PAGE_MASK; 2534 len = min_t(size_t, maxsize, len - start); 2535 kaddr &= PAGE_MASK; 2536 2537 maxsize -= len; 2538 do { 2539 seg = min_t(size_t, len, PAGE_SIZE - off); 2540 2541 if (is_vmalloc_or_module_addr((void *)kaddr)) 2542 page = vmalloc_to_page((void *)kaddr); 2543 else 2544 page = virt_to_page((void *)kaddr); 2545 2546 if (!smb_set_sge(rdma, page, off, seg)) 2547 return -EIO; 2548 2549 ret += seg; 2550 len -= seg; 2551 kaddr += PAGE_SIZE; 2552 off = 0; 2553 } while (len > 0 && rdma->nr_sge < rdma->max_sge); 2554 2555 if (rdma->nr_sge >= rdma->max_sge || maxsize <= 0) 2556 break; 2557 start = 0; 2558 } 2559 2560 if (ret > 0) 2561 iov_iter_advance(iter, ret); 2562 return ret; 2563 } 2564 2565 /* 2566 * Extract folio fragments from a FOLIOQ-class iterator and add them to an RDMA 2567 * list. The folios are not pinned. 2568 */ 2569 static ssize_t smb_extract_folioq_to_rdma(struct iov_iter *iter, 2570 struct smb_extract_to_rdma *rdma, 2571 ssize_t maxsize) 2572 { 2573 const struct folio_queue *folioq = iter->folioq; 2574 unsigned int slot = iter->folioq_slot; 2575 ssize_t ret = 0; 2576 size_t offset = iter->iov_offset; 2577 2578 BUG_ON(!folioq); 2579 2580 if (slot >= folioq_nr_slots(folioq)) { 2581 folioq = folioq->next; 2582 if (WARN_ON_ONCE(!folioq)) 2583 return -EIO; 2584 slot = 0; 2585 } 2586 2587 do { 2588 struct folio *folio = folioq_folio(folioq, slot); 2589 size_t fsize = folioq_folio_size(folioq, slot); 2590 2591 if (offset < fsize) { 2592 size_t part = umin(maxsize, fsize - offset); 2593 2594 if (!smb_set_sge(rdma, folio_page(folio, 0), offset, part)) 2595 return -EIO; 2596 2597 offset += part; 2598 ret += part; 2599 maxsize -= part; 2600 } 2601 2602 if (offset >= fsize) { 2603 offset = 0; 2604 slot++; 2605 if (slot >= folioq_nr_slots(folioq)) { 2606 if (!folioq->next) { 2607 WARN_ON_ONCE(ret < iter->count); 2608 break; 2609 } 2610 folioq = folioq->next; 2611 slot = 0; 2612 } 2613 } 2614 } while (rdma->nr_sge < rdma->max_sge && maxsize > 0); 2615 2616 iter->folioq = folioq; 2617 iter->folioq_slot = slot; 2618 iter->iov_offset = offset; 2619 iter->count -= ret; 2620 return ret; 2621 } 2622 2623 /* 2624 * Extract page fragments from up to the given amount of the source iterator 2625 * and build up an RDMA list that refers to all of those bits. The RDMA list 2626 * is appended to, up to the maximum number of elements set in the parameter 2627 * block. 2628 * 2629 * The extracted page fragments are not pinned or ref'd in any way; if an 2630 * IOVEC/UBUF-type iterator is to be used, it should be converted to a 2631 * BVEC-type iterator and the pages pinned, ref'd or otherwise held in some 2632 * way. 2633 */ 2634 static ssize_t smb_extract_iter_to_rdma(struct iov_iter *iter, size_t len, 2635 struct smb_extract_to_rdma *rdma) 2636 { 2637 ssize_t ret; 2638 int before = rdma->nr_sge; 2639 2640 switch (iov_iter_type(iter)) { 2641 case ITER_BVEC: 2642 ret = smb_extract_bvec_to_rdma(iter, rdma, len); 2643 break; 2644 case ITER_KVEC: 2645 ret = smb_extract_kvec_to_rdma(iter, rdma, len); 2646 break; 2647 case ITER_FOLIOQ: 2648 ret = smb_extract_folioq_to_rdma(iter, rdma, len); 2649 break; 2650 default: 2651 WARN_ON_ONCE(1); 2652 return -EIO; 2653 } 2654 2655 if (ret < 0) { 2656 while (rdma->nr_sge > before) { 2657 struct ib_sge *sge = &rdma->sge[rdma->nr_sge--]; 2658 2659 ib_dma_unmap_single(rdma->device, sge->addr, sge->length, 2660 rdma->direction); 2661 sge->addr = 0; 2662 } 2663 } 2664 2665 return ret; 2666 } 2667