[IB] uverbs: Fix device lifetime problems
Move ib_uverbs module to using cdev_alloc() and class_device_create()
so that we can handle device lifetime properly. Now we can make sure
we keep all of our data structures around until the last way to reach
them is gone.
Signed-off-by: Roland Dreier <rolandd@cisco.com>
diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c
index 251c752..ac08d2c 100644
--- a/drivers/infiniband/core/uverbs_main.c
+++ b/drivers/infiniband/core/uverbs_main.c
@@ -44,6 +44,7 @@
#include <linux/poll.h>
#include <linux/file.h>
#include <linux/mount.h>
+#include <linux/cdev.h>
#include <asm/uaccess.h>
@@ -63,6 +64,8 @@
#define IB_UVERBS_BASE_DEV MKDEV(IB_UVERBS_MAJOR, IB_UVERBS_BASE_MINOR)
+static struct class *uverbs_class;
+
DECLARE_MUTEX(ib_uverbs_idr_mutex);
DEFINE_IDR(ib_uverbs_pd_idr);
DEFINE_IDR(ib_uverbs_mr_idr);
@@ -73,6 +76,7 @@
DEFINE_IDR(ib_uverbs_srq_idr);
static spinlock_t map_lock;
+static struct ib_uverbs_device *dev_table[IB_UVERBS_MAX_DEVICES];
static DECLARE_BITMAP(dev_map, IB_UVERBS_MAX_DEVICES);
static ssize_t (*uverbs_cmd_table[])(struct ib_uverbs_file *file,
@@ -110,7 +114,54 @@
static void ib_uverbs_add_one(struct ib_device *device);
static void ib_uverbs_remove_one(struct ib_device *device);
-static int ib_dealloc_ucontext(struct ib_ucontext *context)
+static void ib_uverbs_release_dev(struct kref *ref)
+{
+ struct ib_uverbs_device *dev =
+ container_of(ref, struct ib_uverbs_device, ref);
+
+ kfree(dev);
+}
+
+void ib_uverbs_release_ucq(struct ib_uverbs_file *file,
+ struct ib_uverbs_event_file *ev_file,
+ struct ib_ucq_object *uobj)
+{
+ struct ib_uverbs_event *evt, *tmp;
+
+ if (ev_file) {
+ spin_lock_irq(&ev_file->lock);
+ list_for_each_entry_safe(evt, tmp, &uobj->comp_list, obj_list) {
+ list_del(&evt->list);
+ kfree(evt);
+ }
+ spin_unlock_irq(&ev_file->lock);
+
+ kref_put(&ev_file->ref, ib_uverbs_release_event_file);
+ }
+
+ spin_lock_irq(&file->async_file->lock);
+ list_for_each_entry_safe(evt, tmp, &uobj->async_list, obj_list) {
+ list_del(&evt->list);
+ kfree(evt);
+ }
+ spin_unlock_irq(&file->async_file->lock);
+}
+
+void ib_uverbs_release_uevent(struct ib_uverbs_file *file,
+ struct ib_uevent_object *uobj)
+{
+ struct ib_uverbs_event *evt, *tmp;
+
+ spin_lock_irq(&file->async_file->lock);
+ list_for_each_entry_safe(evt, tmp, &uobj->event_list, obj_list) {
+ list_del(&evt->list);
+ kfree(evt);
+ }
+ spin_unlock_irq(&file->async_file->lock);
+}
+
+static int ib_uverbs_cleanup_ucontext(struct ib_uverbs_file *file,
+ struct ib_ucontext *context)
{
struct ib_uobject *uobj, *tmp;
@@ -129,26 +180,36 @@
list_for_each_entry_safe(uobj, tmp, &context->qp_list, list) {
struct ib_qp *qp = idr_find(&ib_uverbs_qp_idr, uobj->id);
+ struct ib_uevent_object *uevent =
+ container_of(uobj, struct ib_uevent_object, uobject);
idr_remove(&ib_uverbs_qp_idr, uobj->id);
ib_destroy_qp(qp);
list_del(&uobj->list);
- kfree(container_of(uobj, struct ib_uevent_object, uobject));
+ ib_uverbs_release_uevent(file, uevent);
+ kfree(uevent);
}
list_for_each_entry_safe(uobj, tmp, &context->cq_list, list) {
struct ib_cq *cq = idr_find(&ib_uverbs_cq_idr, uobj->id);
+ struct ib_uverbs_event_file *ev_file = cq->cq_context;
+ struct ib_ucq_object *ucq =
+ container_of(uobj, struct ib_ucq_object, uobject);
idr_remove(&ib_uverbs_cq_idr, uobj->id);
ib_destroy_cq(cq);
list_del(&uobj->list);
- kfree(container_of(uobj, struct ib_ucq_object, uobject));
+ ib_uverbs_release_ucq(file, ev_file, ucq);
+ kfree(ucq);
}
list_for_each_entry_safe(uobj, tmp, &context->srq_list, list) {
struct ib_srq *srq = idr_find(&ib_uverbs_srq_idr, uobj->id);
+ struct ib_uevent_object *uevent =
+ container_of(uobj, struct ib_uevent_object, uobject);
idr_remove(&ib_uverbs_srq_idr, uobj->id);
ib_destroy_srq(srq);
list_del(&uobj->list);
- kfree(container_of(uobj, struct ib_uevent_object, uobject));
+ ib_uverbs_release_uevent(file, uevent);
+ kfree(uevent);
}
/* XXX Free MWs */
@@ -187,6 +248,8 @@
container_of(ref, struct ib_uverbs_file, ref);
module_put(file->device->ib_dev->owner);
+ kref_put(&file->device->ref, ib_uverbs_release_dev);
+
kfree(file);
}
@@ -552,36 +615,58 @@
static int ib_uverbs_open(struct inode *inode, struct file *filp)
{
- struct ib_uverbs_device *dev =
- container_of(inode->i_cdev, struct ib_uverbs_device, dev);
+ struct ib_uverbs_device *dev;
struct ib_uverbs_file *file;
+ int ret;
- if (!try_module_get(dev->ib_dev->owner))
- return -ENODEV;
+ spin_lock(&map_lock);
+ dev = dev_table[iminor(inode) - IB_UVERBS_BASE_MINOR];
+ if (dev)
+ kref_get(&dev->ref);
+ spin_unlock(&map_lock);
+
+ if (!dev)
+ return -ENXIO;
+
+ if (!try_module_get(dev->ib_dev->owner)) {
+ ret = -ENODEV;
+ goto err;
+ }
file = kmalloc(sizeof *file, GFP_KERNEL);
if (!file) {
- module_put(dev->ib_dev->owner);
- return -ENOMEM;
+ ret = -ENOMEM;
+ goto err_module;
}
- file->device = dev;
- file->ucontext = NULL;
+ file->device = dev;
+ file->ucontext = NULL;
+ file->async_file = NULL;
kref_init(&file->ref);
init_MUTEX(&file->mutex);
filp->private_data = file;
return 0;
+
+err_module:
+ module_put(dev->ib_dev->owner);
+
+err:
+ kref_put(&dev->ref, ib_uverbs_release_dev);
+
+ return ret;
}
static int ib_uverbs_close(struct inode *inode, struct file *filp)
{
struct ib_uverbs_file *file = filp->private_data;
- ib_dealloc_ucontext(file->ucontext);
+ ib_uverbs_cleanup_ucontext(file, file->ucontext);
- kref_put(&file->async_file->ref, ib_uverbs_release_event_file);
+ if (file->async_file)
+ kref_put(&file->async_file->ref, ib_uverbs_release_event_file);
+
kref_put(&file->ref, ib_uverbs_release_file);
return 0;
@@ -610,8 +695,10 @@
static ssize_t show_ibdev(struct class_device *class_dev, char *buf)
{
- struct ib_uverbs_device *dev =
- container_of(class_dev, struct ib_uverbs_device, class_dev);
+ struct ib_uverbs_device *dev = class_get_devdata(class_dev);
+
+ if (!dev)
+ return -ENODEV;
return sprintf(buf, "%s\n", dev->ib_dev->name);
}
@@ -619,28 +706,15 @@
static ssize_t show_dev_abi_version(struct class_device *class_dev, char *buf)
{
- struct ib_uverbs_device *dev =
- container_of(class_dev, struct ib_uverbs_device, class_dev);
+ struct ib_uverbs_device *dev = class_get_devdata(class_dev);
+
+ if (!dev)
+ return -ENODEV;
return sprintf(buf, "%d\n", dev->ib_dev->uverbs_abi_ver);
}
static CLASS_DEVICE_ATTR(abi_version, S_IRUGO, show_dev_abi_version, NULL);
-static void ib_uverbs_release_class_dev(struct class_device *class_dev)
-{
- struct ib_uverbs_device *dev =
- container_of(class_dev, struct ib_uverbs_device, class_dev);
-
- cdev_del(&dev->dev);
- clear_bit(dev->devnum, dev_map);
- kfree(dev);
-}
-
-static struct class uverbs_class = {
- .name = "infiniband_verbs",
- .release = ib_uverbs_release_class_dev
-};
-
static ssize_t show_abi_version(struct class *class, char *buf)
{
return sprintf(buf, "%d\n", IB_USER_VERBS_ABI_VERSION);
@@ -660,6 +734,8 @@
memset(uverbs_dev, 0, sizeof *uverbs_dev);
+ kref_init(&uverbs_dev->ref);
+
spin_lock(&map_lock);
uverbs_dev->devnum = find_first_zero_bit(dev_map, IB_UVERBS_MAX_DEVICES);
if (uverbs_dev->devnum >= IB_UVERBS_MAX_DEVICES) {
@@ -672,40 +748,45 @@
uverbs_dev->ib_dev = device;
uverbs_dev->num_comp_vectors = 1;
- if (device->mmap)
- cdev_init(&uverbs_dev->dev, &uverbs_mmap_fops);
- else
- cdev_init(&uverbs_dev->dev, &uverbs_fops);
- uverbs_dev->dev.owner = THIS_MODULE;
- kobject_set_name(&uverbs_dev->dev.kobj, "uverbs%d", uverbs_dev->devnum);
- if (cdev_add(&uverbs_dev->dev, IB_UVERBS_BASE_DEV + uverbs_dev->devnum, 1))
+ uverbs_dev->dev = cdev_alloc();
+ if (!uverbs_dev->dev)
goto err;
-
- uverbs_dev->class_dev.class = &uverbs_class;
- uverbs_dev->class_dev.dev = device->dma_device;
- uverbs_dev->class_dev.devt = uverbs_dev->dev.dev;
- snprintf(uverbs_dev->class_dev.class_id, BUS_ID_SIZE, "uverbs%d", uverbs_dev->devnum);
- if (class_device_register(&uverbs_dev->class_dev))
+ uverbs_dev->dev->owner = THIS_MODULE;
+ uverbs_dev->dev->ops = device->mmap ? &uverbs_mmap_fops : &uverbs_fops;
+ kobject_set_name(&uverbs_dev->dev->kobj, "uverbs%d", uverbs_dev->devnum);
+ if (cdev_add(uverbs_dev->dev, IB_UVERBS_BASE_DEV + uverbs_dev->devnum, 1))
goto err_cdev;
- if (class_device_create_file(&uverbs_dev->class_dev, &class_device_attr_ibdev))
+ uverbs_dev->class_dev = class_device_create(uverbs_class, uverbs_dev->dev->dev,
+ device->dma_device,
+ "uverbs%d", uverbs_dev->devnum);
+ if (IS_ERR(uverbs_dev->class_dev))
+ goto err_cdev;
+
+ class_set_devdata(uverbs_dev->class_dev, uverbs_dev);
+
+ if (class_device_create_file(uverbs_dev->class_dev, &class_device_attr_ibdev))
goto err_class;
- if (class_device_create_file(&uverbs_dev->class_dev, &class_device_attr_abi_version))
+ if (class_device_create_file(uverbs_dev->class_dev, &class_device_attr_abi_version))
goto err_class;
+ spin_lock(&map_lock);
+ dev_table[uverbs_dev->devnum] = uverbs_dev;
+ spin_unlock(&map_lock);
+
ib_set_client_data(device, &uverbs_client, uverbs_dev);
return;
err_class:
- class_device_unregister(&uverbs_dev->class_dev);
+ class_device_destroy(uverbs_class, uverbs_dev->dev->dev);
err_cdev:
- cdev_del(&uverbs_dev->dev);
+ cdev_del(uverbs_dev->dev);
clear_bit(uverbs_dev->devnum, dev_map);
err:
- kfree(uverbs_dev);
+ kref_put(&uverbs_dev->ref, ib_uverbs_release_dev);
return;
}
@@ -716,7 +797,16 @@
if (!uverbs_dev)
return;
- class_device_unregister(&uverbs_dev->class_dev);
+ class_set_devdata(uverbs_dev->class_dev, NULL);
+ class_device_destroy(uverbs_class, uverbs_dev->dev->dev);
+ cdev_del(uverbs_dev->dev);
+
+ spin_lock(&map_lock);
+ dev_table[uverbs_dev->devnum] = NULL;
+ spin_unlock(&map_lock);
+
+ clear_bit(uverbs_dev->devnum, dev_map);
+ kref_put(&uverbs_dev->ref, ib_uverbs_release_dev);
}
static struct super_block *uverbs_event_get_sb(struct file_system_type *fs_type, int flags,
@@ -746,13 +836,14 @@
goto out;
}
- ret = class_register(&uverbs_class);
- if (ret) {
+ uverbs_class = class_create(THIS_MODULE, "infiniband_verbs");
+ if (IS_ERR(uverbs_class)) {
+ ret = PTR_ERR(uverbs_class);
printk(KERN_ERR "user_verbs: couldn't create class infiniband_verbs\n");
goto out_chrdev;
}
- ret = class_create_file(&uverbs_class, &class_attr_abi_version);
+ ret = class_create_file(uverbs_class, &class_attr_abi_version);
if (ret) {
printk(KERN_ERR "user_verbs: couldn't create abi_version attribute\n");
goto out_class;
@@ -786,7 +877,7 @@
unregister_filesystem(&uverbs_event_fs);
out_class:
- class_unregister(&uverbs_class);
+ class_destroy(uverbs_class);
out_chrdev:
unregister_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES);
@@ -800,7 +891,7 @@
ib_unregister_client(&uverbs_client);
mntput(uverbs_event_mnt);
unregister_filesystem(&uverbs_event_fs);
- class_unregister(&uverbs_class);
+ class_destroy(uverbs_class);
unregister_chrdev_region(IB_UVERBS_BASE_DEV, IB_UVERBS_MAX_DEVICES);
idr_destroy(&ib_uverbs_pd_idr);
idr_destroy(&ib_uverbs_mr_idr);