1 /*
2 * Copyright (c) 2005 Topspin Communications. All rights reserved.
3 * Copyright (c) 2005 Cisco Systems. All rights reserved.
4 * Copyright (c) 2005 Mellanox Technologies. All rights reserved.
5 *
6 * This software is available to you under a choice of one of two
7 * licenses. You may choose to be licensed under the terms of the GNU
8 * General Public License (GPL) Version 2, available from the file
9 * COPYING in the main directory of this source tree, or the
10 * OpenIB.org BSD license below:
11 *
12 * Redistribution and use in source and binary forms, with or
13 * without modification, are permitted provided that the following
14 * conditions are met:
15 *
16 * - Redistributions of source code must retain the above
17 * copyright notice, this list of conditions and the following
18 * disclaimer.
19 *
20 * - Redistributions in binary form must reproduce the above
21 * copyright notice, this list of conditions and the following
22 * disclaimer in the documentation and/or other materials
23 * provided with the distribution.
24 *
25 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
29 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
30 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
31 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32 * SOFTWARE.
33 */
34
35 #include <linux/mm.h>
36 #include <linux/dma-mapping.h>
37 #include <linux/sched.h>
38 #include <linux/export.h>
39 #include <linux/hugetlb.h>
40 #include <linux/slab.h>
41 #include <rdma/ib_umem_odp.h>
42
43 #include "uverbs.h"
44
45
__ib_umem_release(struct ib_device * dev,struct ib_umem * umem,int dirty)46 static void __ib_umem_release(struct ib_device *dev, struct ib_umem *umem, int dirty)
47 {
48 struct scatterlist *sg;
49 struct page *page;
50 int i;
51
52 if (umem->nmap > 0)
53 ib_dma_unmap_sg(dev, umem->sg_head.sgl,
54 umem->nmap,
55 DMA_BIDIRECTIONAL);
56
57 for_each_sg(umem->sg_head.sgl, sg, umem->npages, i) {
58
59 page = sg_page(sg);
60 if (umem->writable && dirty)
61 set_page_dirty_lock(page);
62 put_page(page);
63 }
64
65 sg_free_table(&umem->sg_head);
66 return;
67
68 }
69
70 /**
71 * ib_umem_get - Pin and DMA map userspace memory.
72 *
73 * If access flags indicate ODP memory, avoid pinning. Instead, stores
74 * the mm for future page fault handling in conjunction with MMU notifiers.
75 *
76 * @context: userspace context to pin memory for
77 * @addr: userspace virtual address to start at
78 * @size: length of region to pin
79 * @access: IB_ACCESS_xxx flags for memory being pinned
80 * @dmasync: flush in-flight DMA when the memory region is written
81 */
ib_umem_get(struct ib_ucontext * context,unsigned long addr,size_t size,int access,int dmasync)82 struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr,
83 size_t size, int access, int dmasync)
84 {
85 struct ib_umem *umem;
86 struct page **page_list;
87 struct vm_area_struct **vma_list;
88 unsigned long locked;
89 unsigned long lock_limit;
90 unsigned long cur_base;
91 unsigned long npages;
92 int ret;
93 int i;
94 unsigned long dma_attrs = 0;
95 struct scatterlist *sg, *sg_list_start;
96 int need_release = 0;
97 unsigned int gup_flags = FOLL_WRITE;
98
99 if (dmasync)
100 dma_attrs |= DMA_ATTR_WRITE_BARRIER;
101
102 if (!size)
103 return ERR_PTR(-EINVAL);
104
105 /*
106 * If the combination of the addr and size requested for this memory
107 * region causes an integer overflow, return error.
108 */
109 if (((addr + size) < addr) ||
110 PAGE_ALIGN(addr + size) < (addr + size))
111 return ERR_PTR(-EINVAL);
112
113 if (!can_do_mlock())
114 return ERR_PTR(-EPERM);
115
116 umem = kzalloc(sizeof *umem, GFP_KERNEL);
117 if (!umem)
118 return ERR_PTR(-ENOMEM);
119
120 umem->context = context;
121 umem->length = size;
122 umem->address = addr;
123 umem->page_size = PAGE_SIZE;
124 umem->pid = get_task_pid(current, PIDTYPE_PID);
125 /*
126 * We ask for writable memory if any of the following
127 * access flags are set. "Local write" and "remote write"
128 * obviously require write access. "Remote atomic" can do
129 * things like fetch and add, which will modify memory, and
130 * "MW bind" can change permissions by binding a window.
131 */
132 umem->writable = !!(access &
133 (IB_ACCESS_LOCAL_WRITE | IB_ACCESS_REMOTE_WRITE |
134 IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND));
135
136 if (access & IB_ACCESS_ON_DEMAND) {
137 put_pid(umem->pid);
138 ret = ib_umem_odp_get(context, umem);
139 if (ret) {
140 kfree(umem);
141 return ERR_PTR(ret);
142 }
143 return umem;
144 }
145
146 umem->odp_data = NULL;
147
148 /* We assume the memory is from hugetlb until proved otherwise */
149 umem->hugetlb = 1;
150
151 page_list = (struct page **) __get_free_page(GFP_KERNEL);
152 if (!page_list) {
153 put_pid(umem->pid);
154 kfree(umem);
155 return ERR_PTR(-ENOMEM);
156 }
157
158 /*
159 * if we can't alloc the vma_list, it's not so bad;
160 * just assume the memory is not hugetlb memory
161 */
162 vma_list = (struct vm_area_struct **) __get_free_page(GFP_KERNEL);
163 if (!vma_list)
164 umem->hugetlb = 0;
165
166 npages = ib_umem_num_pages(umem);
167
168 down_write(¤t->mm->mmap_sem);
169
170 locked = npages + current->mm->pinned_vm;
171 lock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
172
173 if ((locked > lock_limit) && !capable(CAP_IPC_LOCK)) {
174 ret = -ENOMEM;
175 goto out;
176 }
177
178 cur_base = addr & PAGE_MASK;
179
180 if (npages == 0 || npages > UINT_MAX) {
181 ret = -EINVAL;
182 goto out;
183 }
184
185 ret = sg_alloc_table(&umem->sg_head, npages, GFP_KERNEL);
186 if (ret)
187 goto out;
188
189 if (!umem->writable)
190 gup_flags |= FOLL_FORCE;
191
192 need_release = 1;
193 sg_list_start = umem->sg_head.sgl;
194
195 while (npages) {
196 ret = get_user_pages_longterm(cur_base,
197 min_t(unsigned long, npages,
198 PAGE_SIZE / sizeof (struct page *)),
199 gup_flags, page_list, vma_list);
200
201 if (ret < 0)
202 goto out;
203
204 umem->npages += ret;
205 cur_base += ret * PAGE_SIZE;
206 npages -= ret;
207
208 for_each_sg(sg_list_start, sg, ret, i) {
209 if (vma_list && !is_vm_hugetlb_page(vma_list[i]))
210 umem->hugetlb = 0;
211
212 sg_set_page(sg, page_list[i], PAGE_SIZE, 0);
213 }
214
215 /* preparing for next loop */
216 sg_list_start = sg;
217 }
218
219 umem->nmap = ib_dma_map_sg_attrs(context->device,
220 umem->sg_head.sgl,
221 umem->npages,
222 DMA_BIDIRECTIONAL,
223 dma_attrs);
224
225 if (umem->nmap <= 0) {
226 ret = -ENOMEM;
227 goto out;
228 }
229
230 ret = 0;
231
232 out:
233 if (ret < 0) {
234 if (need_release)
235 __ib_umem_release(context->device, umem, 0);
236 put_pid(umem->pid);
237 kfree(umem);
238 } else
239 current->mm->pinned_vm = locked;
240
241 up_write(¤t->mm->mmap_sem);
242 if (vma_list)
243 free_page((unsigned long) vma_list);
244 free_page((unsigned long) page_list);
245
246 return ret < 0 ? ERR_PTR(ret) : umem;
247 }
248 EXPORT_SYMBOL(ib_umem_get);
249
ib_umem_account(struct work_struct * work)250 static void ib_umem_account(struct work_struct *work)
251 {
252 struct ib_umem *umem = container_of(work, struct ib_umem, work);
253
254 down_write(&umem->mm->mmap_sem);
255 umem->mm->pinned_vm -= umem->diff;
256 up_write(&umem->mm->mmap_sem);
257 mmput(umem->mm);
258 kfree(umem);
259 }
260
261 /**
262 * ib_umem_release - release memory pinned with ib_umem_get
263 * @umem: umem struct to release
264 */
ib_umem_release(struct ib_umem * umem)265 void ib_umem_release(struct ib_umem *umem)
266 {
267 struct ib_ucontext *context = umem->context;
268 struct mm_struct *mm;
269 struct task_struct *task;
270 unsigned long diff;
271
272 if (umem->odp_data) {
273 ib_umem_odp_release(umem);
274 return;
275 }
276
277 __ib_umem_release(umem->context->device, umem, 1);
278
279 task = get_pid_task(umem->pid, PIDTYPE_PID);
280 put_pid(umem->pid);
281 if (!task)
282 goto out;
283 mm = get_task_mm(task);
284 put_task_struct(task);
285 if (!mm)
286 goto out;
287
288 diff = ib_umem_num_pages(umem);
289
290 /*
291 * We may be called with the mm's mmap_sem already held. This
292 * can happen when a userspace munmap() is the call that drops
293 * the last reference to our file and calls our release
294 * method. If there are memory regions to destroy, we'll end
295 * up here and not be able to take the mmap_sem. In that case
296 * we defer the vm_locked accounting to the system workqueue.
297 */
298 if (context->closing) {
299 if (!down_write_trylock(&mm->mmap_sem)) {
300 INIT_WORK(&umem->work, ib_umem_account);
301 umem->mm = mm;
302 umem->diff = diff;
303
304 queue_work(ib_wq, &umem->work);
305 return;
306 }
307 } else
308 down_write(&mm->mmap_sem);
309
310 mm->pinned_vm -= diff;
311 up_write(&mm->mmap_sem);
312 mmput(mm);
313 out:
314 kfree(umem);
315 }
316 EXPORT_SYMBOL(ib_umem_release);
317
ib_umem_page_count(struct ib_umem * umem)318 int ib_umem_page_count(struct ib_umem *umem)
319 {
320 int shift;
321 int i;
322 int n;
323 struct scatterlist *sg;
324
325 if (umem->odp_data)
326 return ib_umem_num_pages(umem);
327
328 shift = ilog2(umem->page_size);
329
330 n = 0;
331 for_each_sg(umem->sg_head.sgl, sg, umem->nmap, i)
332 n += sg_dma_len(sg) >> shift;
333
334 return n;
335 }
336 EXPORT_SYMBOL(ib_umem_page_count);
337
338 /*
339 * Copy from the given ib_umem's pages to the given buffer.
340 *
341 * umem - the umem to copy from
342 * offset - offset to start copying from
343 * dst - destination buffer
344 * length - buffer length
345 *
346 * Returns 0 on success, or an error code.
347 */
ib_umem_copy_from(void * dst,struct ib_umem * umem,size_t offset,size_t length)348 int ib_umem_copy_from(void *dst, struct ib_umem *umem, size_t offset,
349 size_t length)
350 {
351 size_t end = offset + length;
352 int ret;
353
354 if (offset > umem->length || length > umem->length - offset) {
355 pr_err("ib_umem_copy_from not in range. offset: %zd umem length: %zd end: %zd\n",
356 offset, umem->length, end);
357 return -EINVAL;
358 }
359
360 ret = sg_pcopy_to_buffer(umem->sg_head.sgl, umem->npages, dst, length,
361 offset + ib_umem_offset(umem));
362
363 if (ret < 0)
364 return ret;
365 else if (ret != length)
366 return -EINVAL;
367 else
368 return 0;
369 }
370 EXPORT_SYMBOL(ib_umem_copy_from);
371