Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma

static inline struct ib_qp *_ib_create_qp(struct ib_device *dev,

					  struct ib_pd *pd,

					  struct ib_qp_init_attr *attr,

					  struct ib_udata *udata)

					  struct ib_udata *udata,

					  struct ib_uobject *uobj)

{

	struct ib_qp *qp;

	if (!dev->create_qp)

		return ERR_PTR(-EOPNOTSUPP);

	qp = dev->create_qp(pd, attr, udata);

	if (IS_ERR(qp))

		return qp;

	qp->device = dev;

	qp->pd = pd;

	qp->uobject = uobj;

	/*

	 * We don't track XRC QPs for now, because they don't have PD

	 * and more importantly they are created internaly by driver,

	 */

	uobj->context = context;

	uobj->type = type;

	atomic_set(&uobj->usecnt, 0);

	/*

	 * Allocated objects start out as write locked to deny any other

	 * syscalls from accessing them until they are committed. See

	 * rdma_alloc_commit_uobject

	 */

	atomic_set(&uobj->usecnt, -1);

	kref_init(&uobj->ref);

	return uobj;

		goto free;

	}

	uverbs_uobject_get(uobj);

	/*

	 * The idr_find is guaranteed to return a pointer to something that

	 * isn't freed yet, or NULL, as the free after idr_remove goes through

	 * kfree_rcu(). However the object may still have been released and

	 * kfree() could be called at any time.

	 */

	if (!kref_get_unless_zero(&uobj->ref))

		uobj = ERR_PTR(-ENOENT);

free:

	rcu_read_unlock();

	return uobj;

	return ret;

}

static void lockdep_check(struct ib_uobject *uobj, bool exclusive)

static void assert_uverbs_usecnt(struct ib_uobject *uobj, bool exclusive)

{

#ifdef CONFIG_LOCKDEP

	if (exclusive)

		WARN_ON(atomic_read(&uobj->usecnt) > 0);

		WARN_ON(atomic_read(&uobj->usecnt) != -1);

	else

		WARN_ON(atomic_read(&uobj->usecnt) == -1);

		WARN_ON(atomic_read(&uobj->usecnt) <= 0);

#endif

}

		WARN(true, "ib_uverbs: Cleanup is running while removing an uobject\n");

		return 0;

	}

	lockdep_check(uobj, true);

	assert_uverbs_usecnt(uobj, true);

	ret = _rdma_remove_commit_uobject(uobj, RDMA_REMOVE_DESTROY);

	up_read(&ucontext->cleanup_rwsem);

		WARN(true, "ib_uverbs: Cleanup is running while removing an uobject\n");

		return 0;

	}

	lockdep_check(uobject, true);

	assert_uverbs_usecnt(uobject, true);

	ret = uobject->type->type_class->remove_commit(uobject,

						       RDMA_REMOVE_DESTROY);

	if (ret)

		return ret;

		goto out;

	uobject->type = &null_obj_type;

out:

	up_read(&ucontext->cleanup_rwsem);

	return 0;

	return ret;

}

static void alloc_commit_idr_uobject(struct ib_uobject *uobj)

		return ret;

	}

	/* matches atomic_set(-1) in alloc_uobj */

	assert_uverbs_usecnt(uobj, true);

	atomic_set(&uobj->usecnt, 0);

	uobj->type->type_class->alloc_commit(uobj);

	up_read(&uobj->context->cleanup_rwsem);

void rdma_lookup_put_uobject(struct ib_uobject *uobj, bool exclusive)

{

	lockdep_check(uobj, exclusive);

	assert_uverbs_usecnt(uobj, exclusive);

	uobj->type->type_class->lookup_put(uobj, exclusive);

	/*

	 * In order to unlock an object, either decrease its usecnt for

#include <rdma/restrack.h>

#include <linux/mutex.h>

#include <linux/sched/task.h>

#include <linux/uaccess.h>

#include <linux/pid_namespace.h>

void rdma_restrack_init(struct rdma_restrack_root *res)

{

	enum rdma_restrack_type type = res->type;

	struct ib_device *dev;

	struct ib_xrcd *xrcd;

	struct ib_pd *pd;

	struct ib_cq *cq;

	struct ib_qp *qp;

		qp = container_of(res, struct ib_qp, res);

		dev = qp->device;

		break;

	case RDMA_RESTRACK_XRCD:

		xrcd = container_of(res, struct ib_xrcd, res);

		dev = xrcd->device;

		break;

	default:

		WARN_ONCE(true, "Wrong resource tracking type %u\n", type);

		return NULL;

	return dev;

}

static bool res_is_user(struct rdma_restrack_entry *res)

{

	switch (res->type) {

	case RDMA_RESTRACK_PD:

		return container_of(res, struct ib_pd, res)->uobject;

	case RDMA_RESTRACK_CQ:

		return container_of(res, struct ib_cq, res)->uobject;

	case RDMA_RESTRACK_QP:

		return container_of(res, struct ib_qp, res)->uobject;

	default:

		WARN_ONCE(true, "Wrong resource tracking type %u\n", res->type);

		return false;

	}

}

void rdma_restrack_add(struct rdma_restrack_entry *res)

{

	struct ib_device *dev = res_to_dev(res);

	if (!dev)

		return;

	if (!uaccess_kernel()) {

	if (res_is_user(res)) {

		get_task_struct(current);

		res->task = current;

		res->kern_name = NULL;

	if (f.file)

		fdput(f);

	mutex_unlock(&file->device->xrcd_tree_mutex);

	uobj_alloc_commit(&obj->uobject);

	mutex_unlock(&file->device->xrcd_tree_mutex);

	return in_len;

err_copy:

	uobj  = uobj_get_write(uobj_get_type(xrcd), cmd.xrcd_handle,

			       file->ucontext);

	if (IS_ERR(uobj)) {

		mutex_unlock(&file->device->xrcd_tree_mutex);

	if (IS_ERR(uobj))

		return PTR_ERR(uobj);

	}

	ret = uobj_remove_commit(uobj);

	return ret ?: in_len;

	struct ib_uverbs_ex_create_cq_resp resp;

	struct ib_cq_init_attr attr = {};

	if (!ib_dev->create_cq)

		return ERR_PTR(-EOPNOTSUPP);

	if (cmd->comp_vector >= file->device->num_comp_vectors)

		return ERR_PTR(-EINVAL);

	resp.response_length = offsetof(typeof(resp), response_length) +

		sizeof(resp.response_length);

	cq->res.type = RDMA_RESTRACK_CQ;

	rdma_restrack_add(&cq->res);

	ret = cb(file, obj, &resp, ucore, context);

	if (ret)

		goto err_cb;

	uobj_alloc_commit(&obj->uobject);

	cq->res.type = RDMA_RESTRACK_CQ;

	rdma_restrack_add(&cq->res);

	return obj;

err_cb:

	if (cmd->qp_type == IB_QPT_XRC_TGT)

		qp = ib_create_qp(pd, &attr);

	else

		qp = _ib_create_qp(device, pd, &attr, uhw);

		qp = _ib_create_qp(device, pd, &attr, uhw,

				   &obj->uevent.uobject);

	if (IS_ERR(qp)) {

		ret = PTR_ERR(qp);

			atomic_inc(&attr.srq->usecnt);

		if (ind_tbl)

			atomic_inc(&ind_tbl->usecnt);

	}

	} else {

		/* It is done in _ib_create_qp for other QP types */

		qp->uobject = &obj->uevent.uobject;

	}

	obj->uevent.uobject.object = qp;

		goto release_qp;

	}

	if ((cmd->base.attr_mask & IB_QP_AV) &&

	    !rdma_is_port_valid(qp->device, cmd->base.dest.port_num)) {

		ret = -EINVAL;

		goto release_qp;

	}

	if ((cmd->base.attr_mask & IB_QP_ALT_PATH) &&

	    !rdma_is_port_valid(qp->device, cmd->base.alt_port_num)) {

	    (!rdma_is_port_valid(qp->device, cmd->base.alt_port_num) ||

	    !rdma_is_port_valid(qp->device, cmd->base.alt_dest.port_num))) {

		ret = -EINVAL;

		goto release_qp;

	}

		wq_init_attr.create_flags = cmd.create_flags;

	obj->uevent.events_reported = 0;

	INIT_LIST_HEAD(&obj->uevent.event_list);

	if (!pd->device->create_wq) {

		err = -EOPNOTSUPP;

		goto err_put_cq;

	}

	wq = pd->device->create_wq(pd, &wq_init_attr, uhw);

	if (IS_ERR(wq)) {

		err = PTR_ERR(wq);

		wq_attr.flags = cmd.flags;

		wq_attr.flags_mask = cmd.flags_mask;

	}

	if (!wq->device->modify_wq) {

		ret = -EOPNOTSUPP;

		goto out;

	}

	ret = wq->device->modify_wq(wq, &wq_attr, cmd.attr_mask, uhw);

out:

	uobj_put_obj_read(wq);

	return ret;

}

	init_attr.log_ind_tbl_size = cmd.log_ind_tbl_size;

	init_attr.ind_tbl = wqs;

	if (!ib_dev->create_rwq_ind_table) {

		err = -EOPNOTSUPP;

		goto err_uobj;

	}

	rwq_ind_tbl = ib_dev->create_rwq_ind_table(ib_dev, &init_attr, uhw);

	if (IS_ERR(rwq_ind_tbl)) {

	struct ib_device_attr attr = {0};

	int err;

	if (!ib_dev->query_device)

		return -EOPNOTSUPP;

	if (ucore->inlen < sizeof(cmd))

		return -EINVAL;

			return 0;

	}

	if (test_bit(attr_id, attr_bundle_h->valid_bitmap))

		return -EINVAL;

	spec = &attr_spec_bucket->attrs[attr_id];

	e = &elements[attr_id];

	e->uattr = uattr_ptr;