LXR linux/drivers/infiniband/core/uverbs

   1/*
   2 * Copyright (c) 2017, Mellanox Technologies inc.  All rights reserved.
   3 *
   4 * This software is available to you under a choice of one of two
   5 * licenses.  You may choose to be licensed under the terms of the GNU
   6 * General Public License (GPL) Version 2, available from the file
   7 * COPYING in the main directory of this source tree, or the
   8 * OpenIB.org BSD license below:
   9 *
  10 *     Redistribution and use in source and binary forms, with or
  11 *     without modification, are permitted provided that the following
  12 *     conditions are met:
  13 *
  14 *      - Redistributions of source code must retain the above
  15 *        copyright notice, this list of conditions and the following
  16 *        disclaimer.
  17 *
  18 *      - Redistributions in binary form must reproduce the above
  19 *        copyright notice, this list of conditions and the following
  20 *        disclaimer in the documentation and/or other materials
  21 *        provided with the distribution.
  22 *
  23 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  24 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  25 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  26 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
  27 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
  28 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
  29 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  30 * SOFTWARE.
  31 */
  32
  33#include <rdma/rdma_user_ioctl.h>
  34#include <rdma/uverbs_ioctl.h>
  35#include "rdma_core.h"
  36#include "uverbs.h"
  37
  38static bool uverbs_is_attr_cleared(const struct ib_uverbs_attr *uattr,
  39                                   u16 len)
  40{
  41        if (uattr->len > sizeof(((struct ib_uverbs_attr *)0)->data))
  42                return ib_is_buffer_cleared(u64_to_user_ptr(uattr->data) + len,
  43                                            uattr->len - len);
  44
  45        return !memchr_inv((const void *)&uattr->data + len,
  46                           0, uattr->len - len);
  47}
  48
  49static int uverbs_process_attr(struct ib_device *ibdev,
  50                               struct ib_ucontext *ucontext,
  51                               const struct ib_uverbs_attr *uattr,
  52                               u16 attr_id,
  53                               const struct uverbs_attr_spec_hash *attr_spec_bucket,
  54                               struct uverbs_attr_bundle_hash *attr_bundle_h,
  55                               struct ib_uverbs_attr __user *uattr_ptr)
  56{
  57        const struct uverbs_attr_spec *spec;
  58        const struct uverbs_attr_spec *val_spec;
  59        struct uverbs_attr *e;
  60        const struct uverbs_object_spec *object;
  61        struct uverbs_obj_attr *o_attr;
  62        struct uverbs_attr *elements = attr_bundle_h->attrs;
  63
  64        if (attr_id >= attr_spec_bucket->num_attrs) {
  65                if (uattr->flags & UVERBS_ATTR_F_MANDATORY)
  66                        return -EINVAL;
  67                else
  68                        return 0;
  69        }
  70
  71        if (test_bit(attr_id, attr_bundle_h->valid_bitmap))
  72                return -EINVAL;
  73
  74        spec = &attr_spec_bucket->attrs[attr_id];
  75        val_spec = spec;
  76        e = &elements[attr_id];
  77        e->uattr = uattr_ptr;
  78
  79        switch (spec->type) {
  80        case UVERBS_ATTR_TYPE_ENUM_IN:
  81                if (uattr->attr_data.enum_data.elem_id >= spec->enum_def.num_elems)
  82                        return -EOPNOTSUPP;
  83
  84                if (uattr->attr_data.enum_data.reserved)
  85                        return -EINVAL;
  86
  87                val_spec = &spec->enum_def.ids[uattr->attr_data.enum_data.elem_id];
  88
  89                /* Currently we only support PTR_IN based enums */
  90                if (val_spec->type != UVERBS_ATTR_TYPE_PTR_IN)
  91                        return -EOPNOTSUPP;
  92
  93                e->ptr_attr.enum_id = uattr->attr_data.enum_data.elem_id;
  94        /* fall through */
  95        case UVERBS_ATTR_TYPE_PTR_IN:
  96                /* Ensure that any data provided by userspace beyond the known
  97                 * struct is zero. Userspace that knows how to use some future
  98                 * longer struct will fail here if used with an old kernel and
  99                 * non-zero content, making ABI compat/discovery simpler.
 100                 */
 101                if (uattr->len > val_spec->ptr.len &&
 102                    val_spec->flags & UVERBS_ATTR_SPEC_F_MIN_SZ_OR_ZERO &&
 103                    !uverbs_is_attr_cleared(uattr, val_spec->ptr.len))
 104                        return -EOPNOTSUPP;
 105
 106        /* fall through */
 107        case UVERBS_ATTR_TYPE_PTR_OUT:
 108                if (uattr->len < val_spec->ptr.min_len ||
 109                    (!(val_spec->flags & UVERBS_ATTR_SPEC_F_MIN_SZ_OR_ZERO) &&
 110                     uattr->len > val_spec->ptr.len))
 111                        return -EINVAL;
 112
 113                if (spec->type != UVERBS_ATTR_TYPE_ENUM_IN &&
 114                    uattr->attr_data.reserved)
 115                        return -EINVAL;
 116
 117                e->ptr_attr.data = uattr->data;
 118                e->ptr_attr.len = uattr->len;
 119                e->ptr_attr.flags = uattr->flags;
 120                break;
 121
 122        case UVERBS_ATTR_TYPE_IDR:
 123                if (uattr->data >> 32)
 124                        return -EINVAL;
 125        /* fall through */
 126        case UVERBS_ATTR_TYPE_FD:
 127                if (uattr->attr_data.reserved)
 128                        return -EINVAL;
 129
 130                if (uattr->len != 0 || !ucontext || uattr->data > INT_MAX)
 131                        return -EINVAL;
 132
 133                o_attr = &e->obj_attr;
 134                object = uverbs_get_object(ibdev, spec->obj.obj_type);
 135                if (!object)
 136                        return -EINVAL;
 137                o_attr->type = object->type_attrs;
 138
 139                o_attr->id = (int)uattr->data;
 140                o_attr->uobject = uverbs_get_uobject_from_context(
 141                                        o_attr->type,
 142                                        ucontext,
 143                                        spec->obj.access,
 144                                        o_attr->id);
 145
 146                if (IS_ERR(o_attr->uobject))
 147                        return PTR_ERR(o_attr->uobject);
 148
 149                if (spec->obj.access == UVERBS_ACCESS_NEW) {
 150                        u64 id = o_attr->uobject->id;
 151
 152                        /* Copy the allocated id to the user-space */
 153                        if (put_user(id, &e->uattr->data)) {
 154                                uverbs_finalize_object(o_attr->uobject,
 155                                                       UVERBS_ACCESS_NEW,
 156                                                       false);
 157                                return -EFAULT;
 158                        }
 159                }
 160
 161                break;
 162        default:
 163                return -EOPNOTSUPP;
 164        }
 165
 166        set_bit(attr_id, attr_bundle_h->valid_bitmap);
 167        return 0;
 168}
 169
 170static int uverbs_uattrs_process(struct ib_device *ibdev,
 171                                 struct ib_ucontext *ucontext,
 172                                 const struct ib_uverbs_attr *uattrs,
 173                                 size_t num_uattrs,
 174                                 const struct uverbs_method_spec *method,
 175                                 struct uverbs_attr_bundle *attr_bundle,
 176                                 struct ib_uverbs_attr __user *uattr_ptr)
 177{
 178        size_t i;
 179        int ret = 0;
 180        int num_given_buckets = 0;
 181
 182        for (i = 0; i < num_uattrs; i++) {
 183                const struct ib_uverbs_attr *uattr = &uattrs[i];
 184                u16 attr_id = uattr->attr_id;
 185                struct uverbs_attr_spec_hash *attr_spec_bucket;
 186
 187                ret = uverbs_ns_idx(&attr_id, method->num_buckets);
 188                if (ret < 0) {
 189                        if (uattr->flags & UVERBS_ATTR_F_MANDATORY) {
 190                                uverbs_finalize_objects(attr_bundle,
 191                                                        method->attr_buckets,
 192                                                        num_given_buckets,
 193                                                        false);
 194                                return ret;
 195                        }
 196                        continue;
 197                }
 198
 199                /*
 200                 * ret is the found ns, so increase num_given_buckets if
 201                 * necessary.
 202                 */
 203                if (ret >= num_given_buckets)
 204                        num_given_buckets = ret + 1;
 205
 206                attr_spec_bucket = method->attr_buckets[ret];
 207                ret = uverbs_process_attr(ibdev, ucontext, uattr, attr_id,
 208                                          attr_spec_bucket, &attr_bundle->hash[ret],
 209                                          uattr_ptr++);
 210                if (ret) {
 211                        uverbs_finalize_objects(attr_bundle,
 212                                                method->attr_buckets,
 213                                                num_given_buckets,
 214                                                false);
 215                        return ret;
 216                }
 217        }
 218
 219        return num_given_buckets;
 220}
 221
 222static int uverbs_validate_kernel_mandatory(const struct uverbs_method_spec *method_spec,
 223                                            struct uverbs_attr_bundle *attr_bundle)
 224{
 225        unsigned int i;
 226
 227        for (i = 0; i < attr_bundle->num_buckets; i++) {
 228                struct uverbs_attr_spec_hash *attr_spec_bucket =
 229                        method_spec->attr_buckets[i];
 230
 231                if (!bitmap_subset(attr_spec_bucket->mandatory_attrs_bitmask,
 232                                   attr_bundle->hash[i].valid_bitmap,
 233                                   attr_spec_bucket->num_attrs))
 234                        return -EINVAL;
 235        }
 236
 237        for (; i < method_spec->num_buckets; i++) {
 238                struct uverbs_attr_spec_hash *attr_spec_bucket =
 239                        method_spec->attr_buckets[i];
 240
 241                if (!bitmap_empty(attr_spec_bucket->mandatory_attrs_bitmask,
 242                                  attr_spec_bucket->num_attrs))
 243                        return -EINVAL;
 244        }
 245
 246        return 0;
 247}
 248
 249static int uverbs_handle_method(struct ib_uverbs_attr __user *uattr_ptr,
 250                                const struct ib_uverbs_attr *uattrs,
 251                                size_t num_uattrs,
 252                                struct ib_device *ibdev,
 253                                struct ib_uverbs_file *ufile,
 254                                const struct uverbs_method_spec *method_spec,
 255                                struct uverbs_attr_bundle *attr_bundle)
 256{
 257        int ret;
 258        int finalize_ret;
 259        int num_given_buckets;
 260
 261        num_given_buckets = uverbs_uattrs_process(ibdev, ufile->ucontext, uattrs,
 262                                                  num_uattrs, method_spec,
 263                                                  attr_bundle, uattr_ptr);
 264        if (num_given_buckets <= 0)
 265                return -EINVAL;
 266
 267        attr_bundle->num_buckets = num_given_buckets;
 268        ret = uverbs_validate_kernel_mandatory(method_spec, attr_bundle);
 269        if (ret)
 270                goto cleanup;
 271
 272        ret = method_spec->handler(ibdev, ufile, attr_bundle);
 273cleanup:
 274        finalize_ret = uverbs_finalize_objects(attr_bundle,
 275                                               method_spec->attr_buckets,
 276                                               attr_bundle->num_buckets,
 277                                               !ret);
 278
 279        return ret ? ret : finalize_ret;
 280}
 281
 282#define UVERBS_OPTIMIZE_USING_STACK_SZ  256
 283static long ib_uverbs_cmd_verbs(struct ib_device *ib_dev,
 284                                struct ib_uverbs_file *file,
 285                                struct ib_uverbs_ioctl_hdr *hdr,
 286                                void __user *buf)
 287{
 288        const struct uverbs_object_spec *object_spec;
 289        const struct uverbs_method_spec *method_spec;
 290        long err = 0;
 291        unsigned int i;
 292        struct {
 293                struct ib_uverbs_attr           *uattrs;
 294                struct uverbs_attr_bundle       *uverbs_attr_bundle;
 295        } *ctx = NULL;
 296        struct uverbs_attr *curr_attr;
 297        unsigned long *curr_bitmap;
 298        size_t ctx_size;
 299        uintptr_t data[UVERBS_OPTIMIZE_USING_STACK_SZ / sizeof(uintptr_t)];
 300
 301        if (hdr->driver_id != ib_dev->driver_id)
 302                return -EINVAL;
 303
 304        object_spec = uverbs_get_object(ib_dev, hdr->object_id);
 305        if (!object_spec)
 306                return -EPROTONOSUPPORT;
 307
 308        method_spec = uverbs_get_method(object_spec, hdr->method_id);
 309        if (!method_spec)
 310                return -EPROTONOSUPPORT;
 311
 312        if ((method_spec->flags & UVERBS_ACTION_FLAG_CREATE_ROOT) ^ !file->ucontext)
 313                return -EINVAL;
 314
 315        ctx_size = sizeof(*ctx) +
 316                   sizeof(struct uverbs_attr_bundle) +
 317                   sizeof(struct uverbs_attr_bundle_hash) * method_spec->num_buckets +
 318                   sizeof(*ctx->uattrs) * hdr->num_attrs +
 319                   sizeof(*ctx->uverbs_attr_bundle->hash[0].attrs) *
 320                   method_spec->num_child_attrs +
 321                   sizeof(*ctx->uverbs_attr_bundle->hash[0].valid_bitmap) *
 322                        (method_spec->num_child_attrs / BITS_PER_LONG +
 323                         method_spec->num_buckets);
 324
 325        if (ctx_size <= UVERBS_OPTIMIZE_USING_STACK_SZ)
 326                ctx = (void *)data;
 327        if (!ctx)
 328                ctx = kmalloc(ctx_size, GFP_KERNEL);
 329        if (!ctx)
 330                return -ENOMEM;
 331
 332        ctx->uverbs_attr_bundle = (void *)ctx + sizeof(*ctx);
 333        ctx->uattrs = (void *)(ctx->uverbs_attr_bundle + 1) +
 334                              (sizeof(ctx->uverbs_attr_bundle->hash[0]) *
 335                               method_spec->num_buckets);
 336        curr_attr = (void *)(ctx->uattrs + hdr->num_attrs);
 337        curr_bitmap = (void *)(curr_attr + method_spec->num_child_attrs);
 338
 339        /*
 340         * We just fill the pointers and num_attrs here. The data itself will be
 341         * filled at a later stage (uverbs_process_attr)
 342         */
 343        for (i = 0; i < method_spec->num_buckets; i++) {
 344                unsigned int curr_num_attrs = method_spec->attr_buckets[i]->num_attrs;
 345
 346                ctx->uverbs_attr_bundle->hash[i].attrs = curr_attr;
 347                curr_attr += curr_num_attrs;
 348                ctx->uverbs_attr_bundle->hash[i].num_attrs = curr_num_attrs;
 349                ctx->uverbs_attr_bundle->hash[i].valid_bitmap = curr_bitmap;
 350                bitmap_zero(curr_bitmap, curr_num_attrs);
 351                curr_bitmap += BITS_TO_LONGS(curr_num_attrs);
 352        }
 353
 354        err = copy_from_user(ctx->uattrs, buf,
 355                             sizeof(*ctx->uattrs) * hdr->num_attrs);
 356        if (err) {
 357                err = -EFAULT;
 358                goto out;
 359        }
 360
 361        err = uverbs_handle_method(buf, ctx->uattrs, hdr->num_attrs, ib_dev,
 362                                   file, method_spec, ctx->uverbs_attr_bundle);
 363
 364        /*
 365         * EPROTONOSUPPORT is ONLY to be returned if the ioctl framework can
 366         * not invoke the method because the request is not supported.  No
 367         * other cases should return this code.
 368        */
 369        if (unlikely(err == -EPROTONOSUPPORT)) {
 370                WARN_ON_ONCE(err == -EPROTONOSUPPORT);
 371                err = -EINVAL;
 372        }
 373out:
 374        if (ctx != (void *)data)
 375                kfree(ctx);
 376        return err;
 377}
 378
 379#define IB_UVERBS_MAX_CMD_SZ 4096
 380
 381long ib_uverbs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 382{
 383        struct ib_uverbs_file *file = filp->private_data;
 384        struct ib_uverbs_ioctl_hdr __user *user_hdr =
 385                (struct ib_uverbs_ioctl_hdr __user *)arg;
 386        struct ib_uverbs_ioctl_hdr hdr;
 387        struct ib_device *ib_dev;
 388        int srcu_key;
 389        long err;
 390
 391        srcu_key = srcu_read_lock(&file->device->disassociate_srcu);
 392        ib_dev = srcu_dereference(file->device->ib_dev,
 393                                  &file->device->disassociate_srcu);
 394        if (!ib_dev) {
 395                err = -EIO;
 396                goto out;
 397        }
 398
 399        if (cmd == RDMA_VERBS_IOCTL) {
 400                err = copy_from_user(&hdr, user_hdr, sizeof(hdr));
 401
 402                if (err || hdr.length > IB_UVERBS_MAX_CMD_SZ ||
 403                    hdr.length != sizeof(hdr) + hdr.num_attrs * sizeof(struct ib_uverbs_attr)) {
 404                        err = -EINVAL;
 405                        goto out;
 406                }
 407
 408                if (hdr.reserved1 || hdr.reserved2) {
 409                        err = -EPROTONOSUPPORT;
 410                        goto out;
 411                }
 412
 413                err = ib_uverbs_cmd_verbs(ib_dev, file, &hdr,
 414                                          (__user void *)arg + sizeof(hdr));
 415        } else {
 416                err = -ENOIOCTLCMD;
 417        }
 418out:
 419        srcu_read_unlock(&file->device->disassociate_srcu, srcu_key);
 420
 421        return err;
 422}
 423