nes_reg_user_mr() should fail if page_count becomes >= 1024 * 512
rather than just testing for strict >, because page_count is
essentially used as an index into an array with 1024 * 512 entries, so
allowing the loop to continue with page_count == 1024 * 512 means that
memory after the end of the array is corrupted.  This leads to a crash
triggerable by a userspace application that requests registration of a
too-big region.

Also get rid of the call to pci_free_consistent() here to avoid
corrupting state with a double free, since the same memory will be
freed in the code jumped to at reg_user_mr_err.
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Various cleanups:
	- Change // to /* .. */
	- Place whitespace around binary operators.
	- Trim down a few long lines.
	- Some minor alignment formatting for better readability.
	- Remove some silly tabs.
Signed-off-by: NGlenn Streiff <gstreiff@neteffect.com>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Add a new parameter, dmasync, to the ib_umem_get() prototype.  Use dmasync = 1
when mapping user-allocated CQs with ib_umem_get().
Signed-off-by: NArthur Kepner <akepner@sgi.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Cc: Jes Sorensen <jes@sgi.com>
Cc: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Roland Dreier <rdreier@cisco.com>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: David Miller <davem@davemloft.net>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Grant Grundler <grundler@parisc-linux.org>
Cc: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Remove the volatile qualifier from the cq_vbase member of struct
nes_hw_cq, and add an rmb() in the one place where it looks like
access order might make a difference.  As usual, removing a volatile
qualifier in a declaration is actually a bug fix, since a volatile
qualifier is not sufficient to make sure that aggressively
out-of-order CPUs don't reorder things and cause incorrect results.

For example, a CPU might speculatively execute reads of other cqe
fields before the NIC hardware has written those fields and before it
has set the NES_CQE_VALID bit (even though those reads come after the
test of the NES_CQE_VALID bit in program order), but then when the CPU
actually executes the conditional test of the NES_CQE_VALID, the bit
has been set, and the CPU will proceed with the results of the earlier
speculative execution and end up using bogus data.

This also gets rid of the warning:

    drivers/infiniband/hw/nes/nes_verbs.c: In function 'nes_destroy_cq':
    drivers/infiniband/hw/nes/nes_verbs.c:1978: warning: passing argument 3 of 'pci_free_consistent' discards qualifiers from pointer target type
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

This converts the main ib_device to use struct device instead of struct
class_device as class_device is going away.
Signed-off-by: NTony Jones <tonyj@suse.de>
Signed-off-by: NKay Sievers <kay.sievers@vrfy.org>
Cc: Roland Dreier <rolandd@cisco.com>
Cc: Sean Hefty <sean.hefty@intel.com>
Cc: Hal Rosenstock <hal.rosenstock@gmail.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>

Add a create_flags member to struct ib_qp_init_attr that will allow a
kernel verbs consumer to create a pass special flags when creating a QP.
Add a flag value for telling low-level drivers that a QP will be used
for IPoIB UD LSO.  The create_flags member will also be useful for XRC
and ehca low-latency QP support.

Since no create_flags handling is implemented yet, add code to all
low-level drivers to return -EINVAL if create_flags is non-zero.
Signed-off-by: NEli Cohen <eli@mellanox.co.il>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

__FUNCTION__ is gcc-specific, use __func__ instead.
Signed-off-by: NHarvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Avoid namespace pollution and allow the compiler to optimize better.
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

On some platforms, eg sparc64, dma_addr_t is not the same size as a
pointer, so printing dma_addr_t values by casting to void * and using
a %p format generates warnings.  Fix this by casting to unsigned long
and using %lx instead.  This fixes the warnings:

    drivers/infiniband/hw/nes/nes_verbs.c: In function 'nes_setup_virt_qp':
    drivers/infiniband/hw/nes/nes_verbs.c:1047: warning: cast to pointer from integer of different size
    drivers/infiniband/hw/nes/nes_verbs.c:1078: warning: cast to pointer from integer of different size
    drivers/infiniband/hw/nes/nes_verbs.c:1078: warning: cast to pointer from integer of different size
    drivers/infiniband/hw/nes/nes_verbs.c: In function 'nes_reg_user_mr':
    drivers/infiniband/hw/nes/nes_verbs.c:2657: warning: cast to pointer from integer of different size

Reported by Andrew Morton <akpm@linux-foundation.org>.
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

nes_unregister_ofa_device() dereferences the nesibdev pointer before
testing if it's NULL.  Also, the test is doubly redundant because the
only caller of nes_unregister_ofa_device() is nes_destroy_ofa_device(),
which already tests if nesibdev is NULL.  Remove the unnecessary test.

This was spotted by the Coverity checker (CID 2190).
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Just delete the debugging statement so we don't use cqp_request after
freeing it.  Adrian Bunk flagged this use-after-free issue spotted by
the Coverity checker.
Signed-off-by: NGlenn Streiff <gstreiff@neteffect.com>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Fix an off-by-one spotted by the Coverity checker.
Signed-off-by: NAdrian Bunk <bunk@kernel.org>
Signed-off-by: NGlenn Streiff <gstreiff@neteffect.com>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Adrian Bunk pointed out that a Coverity scan found some apparently
dead code in nes_verbs.c that really shouldn't have been dead.

The function nes_create_cq() was missing the assignment

	err = 1;

just prior to an iteration that conditionally set err = 0 if a PBL was
found for a given virtual CQ.  I also noticed we should have been
returning -EFAULT on a couple related error paths.
Signed-off-by: NChien Tung <ctung@neteffect.com>
Signed-off-by: NGlenn Streiff <gstreiff@neteffect.com>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

In nes_create_qp(), the test

	if (nesqp->mmap_sq_db_index > NES_MAX_USER_WQ_REGIONS) {

is used to error out if the db_index is too large; however, if the
test doesn't trigger, then the index is used as

	nes_ucontext->mmap_nesqp[nesqp->mmap_sq_db_index] = nesqp;

and mmap_nesqp is declared as

	struct nes_qp      *mmap_nesqp[NES_MAX_USER_WQ_REGIONS];

which leads to an array overrun if the index is exactly equal to
NES_MAX_USER_WQ_REGIONS.  Fix this by bailing out if the index is
greater than or equal to NES_MAX_USER_WQ_REGIONS.

This was spotted by the Coverity checker (CID 2162).
Acked-by: NGlenn Streiff <gstreiff@neteffect.com>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>

Add a standard NIC and RDMA/iWARP driver for NetEffect 1/10Gb ethernet adapters.
Signed-off-by: NGlenn Streiff <gstreiff@neteffect.com>
Signed-off-by: NRoland Dreier <rolandd@cisco.com>