This hang was a result of a missing command put when
a DIF error occurred during a rdma read (and we sent
an CHECK_CONDITION error without passing it to the
backend).
Signed-off-by: NSagi Grimberg <sagig@mellanox.com>
Cc: <stable@vger.kernel.org> # v3.14+
Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>

Upstream checkpatch now requires this.
Reviewed-by: NDennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: NMike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Signed-off-by: NMike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Code that does this:

	if (!(d_unhashed(tmp) && tmp->d_inode)) {
		...
		simple_unlink(parent->d_inode, tmp);
	}

is broken because:

	!(d_unhashed(tmp) && tmp->d_inode)

is equivalent to:

	!d_unhashed(tmp) || !tmp->d_inode

so it is possible to get into simple_unlink() with tmp->d_inode == NULL.

simple_unlink(), however, assumes tmp->d_inode cannot be NULL.

I think that what was meant is this:

	!d_unhashed(tmp) && tmp->d_inode

and that the logical-not operator or the final close-bracket was misplaced.
Signed-off-by: NDavid Howells <dhowells@redhat.com>
cc: Bryan O'Sullivan <bos@pathscale.com>
cc: Roland Dreier <rolandd@cisco.com>
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>

Re-enable the on-demand paging capability query through the
extended query device verb.
Signed-off-by: NHaggai Eran <haggaie@mellanox.com>
Reviewed-by: NYann Droneaud <ydroneaud@opteya.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Add on-demand paging capabilities reporting to the extended query device verb.

Yann Droneaud writes:

    Note: as offsetof() is used to retrieve the size of the lower chunk
    of the response, beware that it only works if the upper chunk
    is right after, without any implicit padding. And, as the size of
    the latter chunk is added to the base size, implicit padding at the
    end of the structure is not taken in account. Both point must be
    taken in account when extending the uverbs functionalities.
Signed-off-by: NHaggai Eran <haggaie@mellanox.com>
Reviewed-by: NYann Droneaud <ydroneaud@opteya.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Add extensible query device capabilities verb to allow adding new features.
ib_uverbs_ex_query_device is added and copy_query_dev_fields is used to copy
capability fields to be used by both ib_uverbs_query_device and
ib_uverbs_ex_query_device.

Following the discussion about this patch [1], the code now validates
the command's comp_mask is zero, returning -EINVAL for unknown values,
in order to allow extending the verb in the future.

The verb also checks the user-space provided response buffer size and
only fills in capabilities that will fit in the buffer. In attempt to
follow the spirit of presentation [2] by Tzahi Oved that was presented
during OpenFabrics Alliance International Developer Workshop 2013, the
comp_mask bits will only describe which fields are valid.  Furthermore,
fields that can simply be cleared when they are not supported, do not
require a comp_mask bit at all.  The verb returns a response_length
field containing the actual number of bytes written by the kernel, so
that a newer version running on an older kernel can tell which fields
were actually returned.

[1] [PATCH v1 0/5] IB/core: extended query device caps cleanup for v3.19
    http://thread.gmane.org/gmane.linux.kernel.api/7889/

[2] https://www.openfabrics.org/images/docs/2013_Dev_Workshop/Tues_0423/2013_Workshop_Tues_0830_Tzahi_Oved-verbs_extensions_ofa_2013-tzahio.pdfSigned-off-by: NEli Cohen <eli@mellanox.com>
Signed-off-by: NHaggai Eran <haggaie@mellanox.com>
Reviewed-by: NYann Droneaud <ydroneaud@opteya.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

In c4iw_wait_for_reply(), if a FW6_MSG WR reply is not received after
C4IW_WR_TO seconds, fail the WR operation and mark the device as fatally
dead.  Further, if the device is marked fatally dead, then fail the WR
wait immediately.

Also change the timeout to 60 seconds.
Signed-off-by: NSteve Wise <swise@opengridcomputing.com>
Signed-off-by: NHariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

The ->sgid_tbl[] array has OCRDMA_MAX_SGID number of elements so this
test is off by one.  ->sgid_tbl is allocated in ocrdma_alloc_resources().
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Acked-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

In the expressions idx/32 and idx%32, both idx and 32 have signed
type, and unfortunately the C standard prescribes rounding to 0, so
unless gcc can prove that idx is non-negative, these cannot be
implemented as simple shift respectively mask operations. Help gcc by
changing the type of idx to unsigned - this cuts another few
instructions from the generated code.
Signed-off-by: NRasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

gcc emits a surprising amount of code in order to flip a bit. One
would think that a single instruction is enough.

$ scripts/bloat-o-meter /tmp/ocrdma_verbs.o drivers/infiniband/hw/ocrdma/ocrdma_verbs.o
add/remove: 0/0 grow/shrink: 0/3 up/down: 0/-142 (-142)
function                                     old     new   delta
ocrdma_post_srq_recv                         498     460     -38
ocrdma_poll_cq                              2010    1962     -48
ocrdma_discard_cqes                          495     439     -56

All three calls of ocrdma_srq_toggle_bit happen within spinlocks, so
saving a few useless instructions might be worthwhile.
Signed-off-by: NRasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

For the AH that describs a VLAN interface details, vlan present bit
needs to be set during posting a WQE. This patch adds the code to
allow it happening.
Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Use get_ocrdma_dev(ocrdma_qp->ibqp.device) function to access ocrdma
device pointer.
Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Add support for interrupt moderation for ocrdma device.  Thresholds
for high interrupt rates are static values derived based on experimental
results.
Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Check for return value for ocrdma_resolve_dmac while setting AV params.
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

If the SQ and RQ of the QP in error state uses separate CQs, traverse
the list of QPs using each CQs and invoke the buddy CQ handler for
both SQ and RQ.
Signed-off-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Remove support for RDMA-READ-WITH-INVALIDATE from ocrdma driver.
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

1. Cleanup sequence in ocrdma_remove(). The device should be
   unregistered from IB stack before any device specific cleanup.
2. Always return success in the resource destroy path. In case destroy
   command returns error, IB stack will trigger cleanup again while
   closing the uverbs device causing kernel panic BUG_ON().
Signed-off-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Fix ocrdma_query_qp to refelect correct qp state based on FW.
Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NPadmanabh Ratnakar <padmanabh.ratnakar@emulex.com>
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

1. Add statistics counters for error cqes.
2. Add file ("reset_stats") to reset rdma stats in Debugfs.
Signed-off-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Fix ocrdma_register_device to initialize correct number of interrupt
vectors in device pointer.
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Move PD allocation and deallocation from firmware to driver.  At
driver load time all the PDs will be requested from firmware and their
management will be handled by driver to reduce mailbox commands
overhead at runtime.
Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Increase the GID table size from 8 to 16 enteries.
Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Add the following per-port sysfs traffic counters for RoCE:

        port_xmit_packets
        port_rcv_packets
        port_rcv_data
        port_xmit_data
Signed-off-by: NMitesh Ahuja <mitesh.ahuja@emulex.com>
Signed-off-by: NDevesh Sharma <devesh.sharma@emulex.com>
Signed-off-by: NSelvin Xavier <selvin.xavier@emulex.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

When the last on-demand paging MR is released the notifier count is
left non-zero so that concurrent page faults will have to abort. If a
new MR is then registered, the counter is reset. However, the decision
is made to put the new MR in the list waiting for the notifier count
to reach zero, before the counter is reset. An invalidation or another
MR registration can release the MR to handle page faults, but without
such an event the MR can wait forever.

The patch fixes this issue by adding a check whether the MR is the
first on-demand paging MR when deciding whether it is ready to handle
page faults. If it is the first MR, we know that there are no mmu
notifiers running in parallel to the registration.

Fixes: 882214e2 ("IB/core: Implement support for MMU notifiers regarding on demand paging regions")
Signed-off-by: NHaggai Eran <haggaie@mellanox.com>
Signed-off-by: NShachar Raindel <raindel@mellanox.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

When we create an MR using reg_create, the mlx5_ib_dev pointer is not
updated on the new MR. This results in a kernel panics for ODP MRs
while handling page faults, when the mlx5_ib_update_mtt function uses
the invalid device pointer.
Signed-off-by: NMajd Dibbiny <majd@mellanox.com>
Signed-off-by: NHaggai Eran <haggaie@mellanox.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

If a GUID is not found, the 64-bit GUID printed in the message log
warning should converted to host-endian order for printing.

Found by Doug Ledford and Hal Rosenstock. Fix suggested by Hal.
Signed-off-by: NHal Rosenstock <hal@dev.mellanox.co.il>
Signed-off-by: NJack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

1. Before the entries alignment, we need to check that the entries
doesn't exceed the device's max cqe.

2. After the alignment, we need to make sure that the aligned number
doesn't exceed the max cqes+1. The additional cqe is used to denote
that the resizing operation has completed.

3. If the users asks to resize the CQ with entries less than the
oustanding cqes we should fail instead of returning 0.
Signed-off-by: NMajd Dibbiny <majd@mellanox.com>
Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

In case handle_eth_ud_smac_index fails, we need to free the allocated resources.

Fixes: 2f5bb473 ("mlx4: Add ref counting to port MAC table for RoCE")
Signed-off-by: NMajd Dibbiny <majd@mellanox.com>
Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

The deadlock occurs in __uverbs_modify_qp: we take a lock (idr_read_qp)
and in case of failure in ib_resolve_eth_l2_attrs we don't release
it (put_qp_read).  Fix that.

Fixes: ed4c54e5 ("IB/core: Resolve Ethernet L2 addresses when modifying QP")
Signed-off-by: NMoshe Lazer <moshel@mellanox.com>
Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

When marshaling a user path to the kernel struct ib_sa_path, we need
to zero smac and dmac and set the vlan id to the "no vlan" value.

This is to ensure that Ethernet attributes are not used with
InfiniBand QPs.

Fixes: dd5f03be ("IB/core: Ethernet L2 attributes in verbs/cm structures")
Signed-off-by: NIlya Nelkenbaum <ilyan@mellanox.com>
Signed-off-by: NOr Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

In some cases, we might reach the iser connection termination without
ep_disconnect being invoked (for example if user-space daemon doesn't
exists. In this case, we need to free the iscsi endpoint when we
remove the iser connection.
Signed-off-by: NAriel Nahum <arieln@mellanox.com>
Signed-off-by: NSagi Grimberg <sagig@mellanox.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

When teardown process starts during live IO, we need to keep the
memory regions pool (frmr/fmr) until all in-flight tasks are properly
released, since each task may return a memory region to the pool. In
order to do this, we pass a destroy flag to iser_free_ib_conn_res to
indicate we can destroy the device and the memory regions
pool. iser_conn_release will pass it as true and also DEVICE_REMOVAL
event (we need to let the device to properly remove).

Also, Since we conditionally call iser_free_rx_descriptors,
remove the extra check on iser_conn->rx_descs.

Fixes: 5426b171 ("IB/iser: Collapse cleanup and disconnect handlers")
Reported-by: NOr Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: NSagi Grimberg <sagig@mellanox.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Reviewed-by: NDennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: NMike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

The uses of "rcu_assign_pointer()" are NULLing out the pointers.
According to RCU_INIT_POINTER()'s block comment:
"1.   This use of RCU_INIT_POINTER() is NULLing out the pointer"
it is better to use it instead of rcu_assign_pointer() because it has a
smaller overhead.

The following Coccinelle semantic patch was used:
@@
@@

- rcu_assign_pointer
+ RCU_INIT_POINTER
  (..., NULL)

[Derived from http://marc.info/?l=linux-rdma&m=140836519219236&w=2]
Tested-by: NMike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: NAndreea-Cristina Bernat <bernat.ada@gmail.com>
Signed-off-by: NMike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

According to RCU_INIT_POINTER()'s block comment 3.a, it can be used if
"1.   This use of RCU_INIT_POINTER() is NULLing out the pointer"
it is better to use it instead of rcu_assign_pointer() because it has a
smaller overhead.

"3.   The referenced data structure has already been exposed to readers either
at compile time or via rcu_assign_pointer() -and-
 a.   You have not made -any- reader-visible changes to this structure since
then".

These cases fulfill the conditions above because between the
rcu_dereference_protected() call and the rcu_assign_pointer() call
there is no update of that value.  Therefore, this patch makes the
replacement.

The following Coccinelle semantic patch was used:
@@
@@

- rcu_assign_pointer
+ RCU_INIT_POINTER
  (...,
(
 rtnl_dereference(...)
|
 rcu_dereference_protected(...)
) )

[consolidated from http://marc.info/?l=linux-rdma&m=140836578119485&w=2 and
 http://marc.info/?l=linux-rdma&m=140906361403047&w=2]
Tested-by: NMike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: NAndreea-Cristina Bernat <bernat.ada@gmail.com>
Signed-off-by: NMike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

The current code returns success when kmalloc() fails.  It should
return an error code, -ENOMEM.

Fixes: e126ba97 ("mlx5: Add driver for Mellanox Connect-IB adapters")
Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>

Provide a file creation function that also takes an initial size so that the
caller doesn't have to set i_size, thus meaning that we don't have to call
deal with ->d_inode in the callers.
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>

Add support to recognize another board variation named QMH7360.
Reviewed-by: NMike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: NVinit Agnihotri <vinit.abhay.agnihotri@intel.com>
Signed-off-by: NMike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: NRoland Dreier <roland@purestorage.com>