| 1 | /* |
| 2 | * Copyright (c) 2005 Topspin Communications. All rights reserved. |
| 3 | * Copyright (c) 2005 Cisco Systems. All rights reserved. |
| 4 | * Copyright (c) 2005 Mellanox Technologies. All rights reserved. |
| 5 | * |
| 6 | * This software is available to you under a choice of one of two |
| 7 | * licenses. You may choose to be licensed under the terms of the GNU |
| 8 | * General Public License (GPL) Version 2, available from the file |
| 9 | * COPYING in the main directory of this source tree, or the |
| 10 | * OpenIB.org BSD license below: |
| 11 | * |
| 12 | * Redistribution and use in source and binary forms, with or |
| 13 | * without modification, are permitted provided that the following |
| 14 | * conditions are met: |
| 15 | * |
| 16 | * - Redistributions of source code must retain the above |
| 17 | * copyright notice, this list of conditions and the following |
| 18 | * disclaimer. |
| 19 | * |
| 20 | * - Redistributions in binary form must reproduce the above |
| 21 | * copyright notice, this list of conditions and the following |
| 22 | * disclaimer in the documentation and/or other materials |
| 23 | * provided with the distribution. |
| 24 | * |
| 25 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
| 26 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
| 27 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
| 28 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
| 29 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
| 30 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
| 31 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
| 32 | * SOFTWARE. |
| 33 | */ |
| 34 | |
| 35 | #include <linux/mm.h> |
| 36 | #include <linux/dma-mapping.h> |
| 37 | #include <linux/sched.h> |
| 38 | #include <linux/export.h> |
| 39 | #include <linux/hugetlb.h> |
| 40 | #include <linux/dma-attrs.h> |
| 41 | #include <linux/slab.h> |
| 42 | #include <rdma/ib_umem_odp.h> |
| 43 | |
| 44 | #include "uverbs.h" |
| 45 | |
| 46 | |
| 47 | static void __ib_umem_release(struct ib_device *dev, struct ib_umem *umem, int dirty) |
| 48 | { |
| 49 | struct scatterlist *sg; |
| 50 | struct page *page; |
| 51 | int i; |
| 52 | |
| 53 | if (umem->nmap > 0) |
| 54 | ib_dma_unmap_sg(dev, umem->sg_head.sgl, |
| 55 | umem->nmap, |
| 56 | DMA_BIDIRECTIONAL); |
| 57 | |
| 58 | for_each_sg(umem->sg_head.sgl, sg, umem->npages, i) { |
| 59 | |
| 60 | page = sg_page(sg); |
| 61 | if (umem->writable && dirty) |
| 62 | set_page_dirty_lock(page); |
| 63 | put_page(page); |
| 64 | } |
| 65 | |
| 66 | sg_free_table(&umem->sg_head); |
| 67 | return; |
| 68 | |
| 69 | } |
| 70 | |
| 71 | /** |
| 72 | * ib_umem_get - Pin and DMA map userspace memory. |
| 73 | * |
| 74 | * If access flags indicate ODP memory, avoid pinning. Instead, stores |
| 75 | * the mm for future page fault handling in conjunction with MMU notifiers. |
| 76 | * |
| 77 | * @context: userspace context to pin memory for |
| 78 | * @addr: userspace virtual address to start at |
| 79 | * @size: length of region to pin |
| 80 | * @access: IB_ACCESS_xxx flags for memory being pinned |
| 81 | * @dmasync: flush in-flight DMA when the memory region is written |
| 82 | */ |
| 83 | struct ib_umem *ib_umem_get(struct ib_ucontext *context, unsigned long addr, |
| 84 | size_t size, int access, int dmasync) |
| 85 | { |
| 86 | struct ib_umem *umem; |
| 87 | struct page **page_list; |
| 88 | struct vm_area_struct **vma_list; |
| 89 | unsigned long locked; |
| 90 | unsigned long lock_limit; |
| 91 | unsigned long cur_base; |
| 92 | unsigned long npages; |
| 93 | int ret; |
| 94 | int i; |
| 95 | DEFINE_DMA_ATTRS(attrs); |
| 96 | struct scatterlist *sg, *sg_list_start; |
| 97 | int need_release = 0; |
| 98 | |
| 99 | if (dmasync) |
| 100 | dma_set_attr(DMA_ATTR_WRITE_BARRIER, &attrs); |
| 101 | |
| 102 | if (!size) |
| 103 | return ERR_PTR(-EINVAL); |
| 104 | |
| 105 | /* |
| 106 | * If the combination of the addr and size requested for this memory |
| 107 | * region causes an integer overflow, return error. |
| 108 | */ |
| 109 | if (((addr + size) < addr) || |
| 110 | PAGE_ALIGN(addr + size) < (addr + size)) |
| 111 | return ERR_PTR(-EINVAL); |
| 112 | |
| 113 | if (!can_do_mlock()) |
| 114 | return ERR_PTR(-EPERM); |
| 115 | |
| 116 | umem = kzalloc(sizeof *umem, GFP_KERNEL); |
| 117 | if (!umem) |
| 118 | return ERR_PTR(-ENOMEM); |
| 119 | |
| 120 | umem->context = context; |
| 121 | umem->length = size; |
| 122 | umem->address = addr; |
| 123 | umem->page_size = PAGE_SIZE; |
| 124 | umem->pid = get_task_pid(current, PIDTYPE_PID); |
| 125 | /* |
| 126 | * We ask for writable memory if any of the following |
| 127 | * access flags are set. "Local write" and "remote write" |
| 128 | * obviously require write access. "Remote atomic" can do |
| 129 | * things like fetch and add, which will modify memory, and |
| 130 | * "MW bind" can change permissions by binding a window. |
| 131 | */ |
| 132 | umem->writable = !!(access & |
| 133 | (IB_ACCESS_LOCAL_WRITE | IB_ACCESS_REMOTE_WRITE | |
| 134 | IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND)); |
| 135 | |
| 136 | if (access & IB_ACCESS_ON_DEMAND) { |
| 137 | ret = ib_umem_odp_get(context, umem); |
| 138 | if (ret) { |
| 139 | kfree(umem); |
| 140 | return ERR_PTR(ret); |
| 141 | } |
| 142 | return umem; |
| 143 | } |
| 144 | |
| 145 | umem->odp_data = NULL; |
| 146 | |
| 147 | /* We assume the memory is from hugetlb until proved otherwise */ |
| 148 | umem->hugetlb = 1; |
| 149 | |
| 150 | page_list = (struct page **) __get_free_page(GFP_KERNEL); |
| 151 | if (!page_list) { |
| 152 | kfree(umem); |
| 153 | return ERR_PTR(-ENOMEM); |
| 154 | } |
| 155 | |
| 156 | /* |
| 157 | * if we can't alloc the vma_list, it's not so bad; |
| 158 | * just assume the memory is not hugetlb memory |
| 159 | */ |
| 160 | vma_list = (struct vm_area_struct **) __get_free_page(GFP_KERNEL); |
| 161 | if (!vma_list) |
| 162 | umem->hugetlb = 0; |
| 163 | |
| 164 | npages = ib_umem_num_pages(umem); |
| 165 | |
| 166 | down_write(¤t->mm->mmap_sem); |
| 167 | |
| 168 | locked = npages + current->mm->pinned_vm; |
| 169 | lock_limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT; |
| 170 | |
| 171 | if ((locked > lock_limit) && !capable(CAP_IPC_LOCK)) { |
| 172 | ret = -ENOMEM; |
| 173 | goto out; |
| 174 | } |
| 175 | |
| 176 | cur_base = addr & PAGE_MASK; |
| 177 | |
| 178 | if (npages == 0) { |
| 179 | ret = -EINVAL; |
| 180 | goto out; |
| 181 | } |
| 182 | |
| 183 | ret = sg_alloc_table(&umem->sg_head, npages, GFP_KERNEL); |
| 184 | if (ret) |
| 185 | goto out; |
| 186 | |
| 187 | need_release = 1; |
| 188 | sg_list_start = umem->sg_head.sgl; |
| 189 | |
| 190 | while (npages) { |
| 191 | ret = get_user_pages(current, current->mm, cur_base, |
| 192 | min_t(unsigned long, npages, |
| 193 | PAGE_SIZE / sizeof (struct page *)), |
| 194 | 1, !umem->writable, page_list, vma_list); |
| 195 | |
| 196 | if (ret < 0) |
| 197 | goto out; |
| 198 | |
| 199 | umem->npages += ret; |
| 200 | cur_base += ret * PAGE_SIZE; |
| 201 | npages -= ret; |
| 202 | |
| 203 | for_each_sg(sg_list_start, sg, ret, i) { |
| 204 | if (vma_list && !is_vm_hugetlb_page(vma_list[i])) |
| 205 | umem->hugetlb = 0; |
| 206 | |
| 207 | sg_set_page(sg, page_list[i], PAGE_SIZE, 0); |
| 208 | } |
| 209 | |
| 210 | /* preparing for next loop */ |
| 211 | sg_list_start = sg; |
| 212 | } |
| 213 | |
| 214 | umem->nmap = ib_dma_map_sg_attrs(context->device, |
| 215 | umem->sg_head.sgl, |
| 216 | umem->npages, |
| 217 | DMA_BIDIRECTIONAL, |
| 218 | &attrs); |
| 219 | |
| 220 | if (umem->nmap <= 0) { |
| 221 | ret = -ENOMEM; |
| 222 | goto out; |
| 223 | } |
| 224 | |
| 225 | ret = 0; |
| 226 | |
| 227 | out: |
| 228 | if (ret < 0) { |
| 229 | if (need_release) |
| 230 | __ib_umem_release(context->device, umem, 0); |
| 231 | put_pid(umem->pid); |
| 232 | kfree(umem); |
| 233 | } else |
| 234 | current->mm->pinned_vm = locked; |
| 235 | |
| 236 | up_write(¤t->mm->mmap_sem); |
| 237 | if (vma_list) |
| 238 | free_page((unsigned long) vma_list); |
| 239 | free_page((unsigned long) page_list); |
| 240 | |
| 241 | return ret < 0 ? ERR_PTR(ret) : umem; |
| 242 | } |
| 243 | EXPORT_SYMBOL(ib_umem_get); |
| 244 | |
| 245 | static void ib_umem_account(struct work_struct *work) |
| 246 | { |
| 247 | struct ib_umem *umem = container_of(work, struct ib_umem, work); |
| 248 | |
| 249 | down_write(&umem->mm->mmap_sem); |
| 250 | umem->mm->pinned_vm -= umem->diff; |
| 251 | up_write(&umem->mm->mmap_sem); |
| 252 | mmput(umem->mm); |
| 253 | kfree(umem); |
| 254 | } |
| 255 | |
| 256 | /** |
| 257 | * ib_umem_release - release memory pinned with ib_umem_get |
| 258 | * @umem: umem struct to release |
| 259 | */ |
| 260 | void ib_umem_release(struct ib_umem *umem) |
| 261 | { |
| 262 | struct ib_ucontext *context = umem->context; |
| 263 | struct mm_struct *mm; |
| 264 | struct task_struct *task; |
| 265 | unsigned long diff; |
| 266 | |
| 267 | if (umem->odp_data) { |
| 268 | ib_umem_odp_release(umem); |
| 269 | return; |
| 270 | } |
| 271 | |
| 272 | __ib_umem_release(umem->context->device, umem, 1); |
| 273 | |
| 274 | task = get_pid_task(umem->pid, PIDTYPE_PID); |
| 275 | put_pid(umem->pid); |
| 276 | if (!task) |
| 277 | goto out; |
| 278 | mm = get_task_mm(task); |
| 279 | put_task_struct(task); |
| 280 | if (!mm) |
| 281 | goto out; |
| 282 | |
| 283 | diff = ib_umem_num_pages(umem); |
| 284 | |
| 285 | /* |
| 286 | * We may be called with the mm's mmap_sem already held. This |
| 287 | * can happen when a userspace munmap() is the call that drops |
| 288 | * the last reference to our file and calls our release |
| 289 | * method. If there are memory regions to destroy, we'll end |
| 290 | * up here and not be able to take the mmap_sem. In that case |
| 291 | * we defer the vm_locked accounting to the system workqueue. |
| 292 | */ |
| 293 | if (context->closing) { |
| 294 | if (!down_write_trylock(&mm->mmap_sem)) { |
| 295 | INIT_WORK(&umem->work, ib_umem_account); |
| 296 | umem->mm = mm; |
| 297 | umem->diff = diff; |
| 298 | |
| 299 | queue_work(ib_wq, &umem->work); |
| 300 | return; |
| 301 | } |
| 302 | } else |
| 303 | down_write(&mm->mmap_sem); |
| 304 | |
| 305 | mm->pinned_vm -= diff; |
| 306 | up_write(&mm->mmap_sem); |
| 307 | mmput(mm); |
| 308 | out: |
| 309 | kfree(umem); |
| 310 | } |
| 311 | EXPORT_SYMBOL(ib_umem_release); |
| 312 | |
| 313 | int ib_umem_page_count(struct ib_umem *umem) |
| 314 | { |
| 315 | int shift; |
| 316 | int i; |
| 317 | int n; |
| 318 | struct scatterlist *sg; |
| 319 | |
| 320 | if (umem->odp_data) |
| 321 | return ib_umem_num_pages(umem); |
| 322 | |
| 323 | shift = ilog2(umem->page_size); |
| 324 | |
| 325 | n = 0; |
| 326 | for_each_sg(umem->sg_head.sgl, sg, umem->nmap, i) |
| 327 | n += sg_dma_len(sg) >> shift; |
| 328 | |
| 329 | return n; |
| 330 | } |
| 331 | EXPORT_SYMBOL(ib_umem_page_count); |
| 332 | |
| 333 | /* |
| 334 | * Copy from the given ib_umem's pages to the given buffer. |
| 335 | * |
| 336 | * umem - the umem to copy from |
| 337 | * offset - offset to start copying from |
| 338 | * dst - destination buffer |
| 339 | * length - buffer length |
| 340 | * |
| 341 | * Returns 0 on success, or an error code. |
| 342 | */ |
| 343 | int ib_umem_copy_from(void *dst, struct ib_umem *umem, size_t offset, |
| 344 | size_t length) |
| 345 | { |
| 346 | size_t end = offset + length; |
| 347 | int ret; |
| 348 | |
| 349 | if (offset > umem->length || length > umem->length - offset) { |
| 350 | pr_err("ib_umem_copy_from not in range. offset: %zd umem length: %zd end: %zd\n", |
| 351 | offset, umem->length, end); |
| 352 | return -EINVAL; |
| 353 | } |
| 354 | |
| 355 | ret = sg_pcopy_to_buffer(umem->sg_head.sgl, umem->nmap, dst, length, |
| 356 | offset + ib_umem_offset(umem)); |
| 357 | |
| 358 | if (ret < 0) |
| 359 | return ret; |
| 360 | else if (ret != length) |
| 361 | return -EINVAL; |
| 362 | else |
| 363 | return 0; |
| 364 | } |
| 365 | EXPORT_SYMBOL(ib_umem_copy_from); |