ipmi_msghandler.c 128.0 KB
Newer Older
1
// SPDX-License-Identifier: GPL-2.0+
L
Linus Torvalds 已提交
2 3 4 5 6 7 8 9 10 11 12 13
/*
 * ipmi_msghandler.c
 *
 * Incoming and outgoing message routing for an IPMI interface.
 *
 * Author: MontaVista Software, Inc.
 *         Corey Minyard <minyard@mvista.com>
 *         source@mvista.com
 *
 * Copyright 2002 MontaVista Software Inc.
 */

14 15 16
#define pr_fmt(fmt) "%s" fmt, "IPMI message handler: "
#define dev_fmt pr_fmt

L
Linus Torvalds 已提交
17 18 19
#include <linux/module.h>
#include <linux/errno.h>
#include <linux/poll.h>
20
#include <linux/sched.h>
21
#include <linux/seq_file.h>
L
Linus Torvalds 已提交
22
#include <linux/spinlock.h>
23
#include <linux/mutex.h>
L
Linus Torvalds 已提交
24 25 26 27 28 29
#include <linux/slab.h>
#include <linux/ipmi.h>
#include <linux/ipmi_smi.h>
#include <linux/notifier.h>
#include <linux/init.h>
#include <linux/proc_fs.h>
30
#include <linux/rcupdate.h>
31
#include <linux/interrupt.h>
32
#include <linux/moduleparam.h>
33
#include <linux/workqueue.h>
34
#include <linux/uuid.h>
35
#include <linux/nospec.h>
L
Linus Torvalds 已提交
36

C
Corey Minyard 已提交
37
#define IPMI_DRIVER_VERSION "39.2"
L
Linus Torvalds 已提交
38 39 40

static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void);
static int ipmi_init_msghandler(void);
41
static void smi_recv_tasklet(unsigned long);
42 43 44
static void handle_new_recv_msgs(struct ipmi_smi *intf);
static void need_waiter(struct ipmi_smi *intf);
static int handle_one_recv_msg(struct ipmi_smi *intf,
45
			       struct ipmi_smi_msg *msg);
L
Linus Torvalds 已提交
46

C
Corey Minyard 已提交
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
#ifdef DEBUG
static void ipmi_debug_msg(const char *title, unsigned char *data,
			   unsigned int len)
{
	int i, pos;
	char buf[100];

	pos = snprintf(buf, sizeof(buf), "%s: ", title);
	for (i = 0; i < len; i++)
		pos += snprintf(buf + pos, sizeof(buf) - pos,
				" %2.2x", data[i]);
	pr_debug("%s\n", buf);
}
#else
static void ipmi_debug_msg(const char *title, unsigned char *data,
			   unsigned int len)
{ }
#endif

R
Randy Dunlap 已提交
66
static int initialized;
L
Linus Torvalds 已提交
67

68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87
enum ipmi_panic_event_op {
	IPMI_SEND_PANIC_EVENT_NONE,
	IPMI_SEND_PANIC_EVENT,
	IPMI_SEND_PANIC_EVENT_STRING
};
#ifdef CONFIG_IPMI_PANIC_STRING
#define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT_STRING
#elif defined(CONFIG_IPMI_PANIC_EVENT)
#define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT
#else
#define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT_NONE
#endif
static enum ipmi_panic_event_op ipmi_send_panic_event = IPMI_PANIC_DEFAULT;

static int panic_op_write_handler(const char *val,
				  const struct kernel_param *kp)
{
	char valcp[16];
	char *s;

X
Xiongfeng Wang 已提交
88
	strncpy(valcp, val, 15);
89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135
	valcp[15] = '\0';

	s = strstrip(valcp);

	if (strcmp(s, "none") == 0)
		ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT_NONE;
	else if (strcmp(s, "event") == 0)
		ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT;
	else if (strcmp(s, "string") == 0)
		ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT_STRING;
	else
		return -EINVAL;

	return 0;
}

static int panic_op_read_handler(char *buffer, const struct kernel_param *kp)
{
	switch (ipmi_send_panic_event) {
	case IPMI_SEND_PANIC_EVENT_NONE:
		strcpy(buffer, "none");
		break;

	case IPMI_SEND_PANIC_EVENT:
		strcpy(buffer, "event");
		break;

	case IPMI_SEND_PANIC_EVENT_STRING:
		strcpy(buffer, "string");
		break;

	default:
		strcpy(buffer, "???");
		break;
	}

	return strlen(buffer);
}

static const struct kernel_param_ops panic_op_ops = {
	.set = panic_op_write_handler,
	.get = panic_op_read_handler
};
module_param_cb(panic_op, &panic_op_ops, NULL, 0600);
MODULE_PARM_DESC(panic_op, "Sets if the IPMI driver will attempt to store panic information in the event log in the event of a panic.  Set to 'none' for no, 'event' for a single event, or 'string' for a generic event and the panic string in IPMI OEM events.");


L
Linus Torvalds 已提交
136 137
#define MAX_EVENTS_IN_QUEUE	25

138 139 140 141 142 143
/* Remain in auto-maintenance mode for this amount of time (in ms). */
static unsigned long maintenance_mode_timeout_ms = 30000;
module_param(maintenance_mode_timeout_ms, ulong, 0644);
MODULE_PARM_DESC(maintenance_mode_timeout_ms,
		 "The time (milliseconds) after the last maintenance message that the connection stays in maintenance mode.");

144 145 146 147
/*
 * Don't let a message sit in a queue forever, always time it with at lest
 * the max message timer.  This is in milliseconds.
 */
L
Linus Torvalds 已提交
148 149
#define MAX_MSG_TIMEOUT		60000

150 151 152 153 154 155 156 157 158 159 160 161 162
/*
 * Timeout times below are in milliseconds, and are done off a 1
 * second timer.  So setting the value to 1000 would mean anything
 * between 0 and 1000ms.  So really the only reasonable minimum
 * setting it 2000ms, which is between 1 and 2 seconds.
 */

/* The default timeout for message retries. */
static unsigned long default_retry_ms = 2000;
module_param(default_retry_ms, ulong, 0644);
MODULE_PARM_DESC(default_retry_ms,
		 "The time (milliseconds) between retry sends");

163 164 165 166 167 168
/* The default timeout for maintenance mode message retries. */
static unsigned long default_maintenance_retry_ms = 3000;
module_param(default_maintenance_retry_ms, ulong, 0644);
MODULE_PARM_DESC(default_maintenance_retry_ms,
		 "The time (milliseconds) between retry sends in maintenance mode");

169 170 171 172 173 174
/* The default maximum number of retries */
static unsigned int default_max_retries = 4;
module_param(default_max_retries, uint, 0644);
MODULE_PARM_DESC(default_max_retries,
		 "The time (milliseconds) between retry sends in maintenance mode");

175 176 177 178 179 180 181 182 183 184 185 186 187 188
/* Call every ~1000 ms. */
#define IPMI_TIMEOUT_TIME	1000

/* How many jiffies does it take to get to the timeout time. */
#define IPMI_TIMEOUT_JIFFIES	((IPMI_TIMEOUT_TIME * HZ) / 1000)

/*
 * Request events from the queue every second (this is the number of
 * IPMI_TIMEOUT_TIMES between event requests).  Hopefully, in the
 * future, IPMI will add a way to know immediately if an event is in
 * the queue and this silliness can go away.
 */
#define IPMI_REQUEST_EV_TIME	(1000 / (IPMI_TIMEOUT_TIME))

189 190 191
/* How long should we cache dynamic device IDs? */
#define IPMI_DYN_DEV_ID_EXPIRY	(10 * HZ)

192 193 194
/*
 * The main "user" data structure.
 */
195
struct ipmi_user {
L
Linus Torvalds 已提交
196 197
	struct list_head link;

198 199 200 201 202 203
	/*
	 * Set to NULL when the user is destroyed, a pointer to myself
	 * so srcu_dereference can be used on it.
	 */
	struct ipmi_user *self;
	struct srcu_struct release_barrier;
204 205 206

	struct kref refcount;

L
Linus Torvalds 已提交
207
	/* The upper layer that handles receive messages. */
C
Corey Minyard 已提交
208
	const struct ipmi_user_hndl *handler;
L
Linus Torvalds 已提交
209 210 211
	void             *handler_data;

	/* The interface this user is bound to. */
212
	struct ipmi_smi *intf;
L
Linus Torvalds 已提交
213 214

	/* Does this interface receive IPMI events? */
215
	bool gets_events;
L
Linus Torvalds 已提交
216 217
};

218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234
static struct ipmi_user *acquire_ipmi_user(struct ipmi_user *user, int *index)
	__acquires(user->release_barrier)
{
	struct ipmi_user *ruser;

	*index = srcu_read_lock(&user->release_barrier);
	ruser = srcu_dereference(user->self, &user->release_barrier);
	if (!ruser)
		srcu_read_unlock(&user->release_barrier, *index);
	return ruser;
}

static void release_ipmi_user(struct ipmi_user *user, int index)
{
	srcu_read_unlock(&user->release_barrier, index);
}

235
struct cmd_rcvr {
L
Linus Torvalds 已提交
236 237
	struct list_head link;

238
	struct ipmi_user *user;
L
Linus Torvalds 已提交
239 240
	unsigned char netfn;
	unsigned char cmd;
241
	unsigned int  chans;
242 243 244 245 246 247 248

	/*
	 * This is used to form a linked lised during mass deletion.
	 * Since this is in an RCU list, we cannot use the link above
	 * or change any data until the RCU period completes.  So we
	 * use this next variable during mass deletion so we can have
	 * a list and don't have to wait and restart the search on
249 250
	 * every individual deletion of a command.
	 */
251
	struct cmd_rcvr *next;
L
Linus Torvalds 已提交
252 253
};

254
struct seq_table {
L
Linus Torvalds 已提交
255 256 257 258 259 260 261
	unsigned int         inuse : 1;
	unsigned int         broadcast : 1;

	unsigned long        timeout;
	unsigned long        orig_timeout;
	unsigned int         retries_left;

262 263 264 265 266
	/*
	 * To verify on an incoming send message response that this is
	 * the message that the response is for, we keep a sequence id
	 * and increment it every time we send a message.
	 */
L
Linus Torvalds 已提交
267 268
	long                 seqid;

269 270 271 272 273
	/*
	 * This is held so we can properly respond to the message on a
	 * timeout, and it is used to hold the temporary data for
	 * retransmission, too.
	 */
L
Linus Torvalds 已提交
274 275 276
	struct ipmi_recv_msg *recv_msg;
};

277 278 279 280
/*
 * Store the information in a msgid (long) to allow us to find a
 * sequence table entry from the msgid.
 */
C
Corey Minyard 已提交
281 282
#define STORE_SEQ_IN_MSGID(seq, seqid) \
	((((seq) & 0x3f) << 26) | ((seqid) & 0x3ffffff))
L
Linus Torvalds 已提交
283 284 285

#define GET_SEQ_FROM_MSGID(msgid, seq, seqid) \
	do {								\
C
Corey Minyard 已提交
286 287
		seq = (((msgid) >> 26) & 0x3f);				\
		seqid = ((msgid) & 0x3ffffff);				\
288
	} while (0)
L
Linus Torvalds 已提交
289

C
Corey Minyard 已提交
290
#define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3ffffff)
L
Linus Torvalds 已提交
291

292
#define IPMI_MAX_CHANNELS       16
293
struct ipmi_channel {
L
Linus Torvalds 已提交
294 295
	unsigned char medium;
	unsigned char protocol;
296
};
297

298 299 300 301
struct ipmi_channel_set {
	struct ipmi_channel c[IPMI_MAX_CHANNELS];
};

302
struct ipmi_my_addrinfo {
303 304 305 306
	/*
	 * My slave address.  This is initialized to IPMI_BMC_SLAVE_ADDR,
	 * but may be changed by the user.
	 */
307 308
	unsigned char address;

309 310 311 312
	/*
	 * My LUN.  This should generally stay the SMS LUN, but just in
	 * case...
	 */
313
	unsigned char lun;
L
Linus Torvalds 已提交
314 315
};

316 317 318 319 320
/*
 * Note that the product id, manufacturer id, guid, and device id are
 * immutable in this structure, so dyn_mutex is not required for
 * accessing those.  If those change on a BMC, a new BMC is allocated.
 */
321
struct bmc_device {
322
	struct platform_device pdev;
323
	struct list_head       intfs; /* Interfaces on this BMC. */
324 325 326 327
	struct ipmi_device_id  id;
	struct ipmi_device_id  fetch_id;
	int                    dyn_id_set;
	unsigned long          dyn_id_expiry;
328
	struct mutex           dyn_mutex; /* Protects id, intfs, & dyn* */
329 330
	guid_t                 guid;
	guid_t                 fetch_guid;
331
	int                    dyn_guid_set;
332
	struct kref	       usecount;
333
	struct work_struct     remove_work;
334
};
335
#define to_bmc_device(x) container_of((x), struct bmc_device, pdev.dev)
336

337
static int bmc_get_device_id(struct ipmi_smi *intf, struct bmc_device *bmc,
338
			     struct ipmi_device_id *id,
339
			     bool *guid_set, guid_t *guid);
340

341 342 343 344
/*
 * Various statistics for IPMI, these index stats[] in the ipmi_smi
 * structure.
 */
345 346 347
enum ipmi_stat_indexes {
	/* Commands we got from the user that were invalid. */
	IPMI_STAT_sent_invalid_commands = 0,
348

349 350
	/* Commands we sent to the MC. */
	IPMI_STAT_sent_local_commands,
351

352 353
	/* Responses from the MC that were delivered to a user. */
	IPMI_STAT_handled_local_responses,
354

355 356
	/* Responses from the MC that were not delivered to a user. */
	IPMI_STAT_unhandled_local_responses,
357

358 359
	/* Commands we sent out to the IPMB bus. */
	IPMI_STAT_sent_ipmb_commands,
360

361 362
	/* Commands sent on the IPMB that had errors on the SEND CMD */
	IPMI_STAT_sent_ipmb_command_errs,
363

364 365
	/* Each retransmit increments this count. */
	IPMI_STAT_retransmitted_ipmb_commands,
366

367 368 369 370 371
	/*
	 * When a message times out (runs out of retransmits) this is
	 * incremented.
	 */
	IPMI_STAT_timed_out_ipmb_commands,
372

373 374 375 376 377 378
	/*
	 * This is like above, but for broadcasts.  Broadcasts are
	 * *not* included in the above count (they are expected to
	 * time out).
	 */
	IPMI_STAT_timed_out_ipmb_broadcasts,
379

380 381
	/* Responses I have sent to the IPMB bus. */
	IPMI_STAT_sent_ipmb_responses,
382

383 384
	/* The response was delivered to the user. */
	IPMI_STAT_handled_ipmb_responses,
385

386 387
	/* The response had invalid data in it. */
	IPMI_STAT_invalid_ipmb_responses,
388

389 390
	/* The response didn't have anyone waiting for it. */
	IPMI_STAT_unhandled_ipmb_responses,
391

392 393
	/* Commands we sent out to the IPMB bus. */
	IPMI_STAT_sent_lan_commands,
394

395 396
	/* Commands sent on the IPMB that had errors on the SEND CMD */
	IPMI_STAT_sent_lan_command_errs,
397

398 399
	/* Each retransmit increments this count. */
	IPMI_STAT_retransmitted_lan_commands,
400

401 402 403 404 405 406 407 408
	/*
	 * When a message times out (runs out of retransmits) this is
	 * incremented.
	 */
	IPMI_STAT_timed_out_lan_commands,

	/* Responses I have sent to the IPMB bus. */
	IPMI_STAT_sent_lan_responses,
409

410 411
	/* The response was delivered to the user. */
	IPMI_STAT_handled_lan_responses,
412

413 414
	/* The response had invalid data in it. */
	IPMI_STAT_invalid_lan_responses,
415

416 417
	/* The response didn't have anyone waiting for it. */
	IPMI_STAT_unhandled_lan_responses,
418

419 420
	/* The command was delivered to the user. */
	IPMI_STAT_handled_commands,
421

422 423
	/* The command had invalid data in it. */
	IPMI_STAT_invalid_commands,
424

425 426
	/* The command didn't have anyone waiting for it. */
	IPMI_STAT_unhandled_commands,
427

428 429
	/* Invalid data in an event. */
	IPMI_STAT_invalid_events,
430

431 432
	/* Events that were received with the proper format. */
	IPMI_STAT_events,
433

434 435 436 437 438
	/* Retransmissions on IPMB that failed. */
	IPMI_STAT_dropped_rexmit_ipmb_commands,

	/* Retransmissions on LAN that failed. */
	IPMI_STAT_dropped_rexmit_lan_commands,
439

440 441 442
	/* This *must* remain last, add new values above this. */
	IPMI_NUM_STATS
};
443 444


L
Linus Torvalds 已提交
445
#define IPMI_IPMB_NUM_SEQ	64
446
struct ipmi_smi {
L
Linus Torvalds 已提交
447 448 449
	/* What interface number are we? */
	int intf_num;

450 451
	struct kref refcount;

452 453 454
	/* Set when the interface is being unregistered. */
	bool in_shutdown;

455 456 457
	/* Used for a list of interfaces. */
	struct list_head link;

458
	/*
459 460
	 * The list of upper layers that are using me.  seq_lock write
	 * protects this.  Read protection is with srcu.
461
	 */
462
	struct list_head users;
463
	struct srcu_struct users_srcu;
L
Linus Torvalds 已提交
464 465 466 467

	/* Used for wake ups at startup. */
	wait_queue_head_t waitq;

468 469 470 471 472 473 474
	/*
	 * Prevents the interface from being unregistered when the
	 * interface is used by being looked up through the BMC
	 * structure.
	 */
	struct mutex bmc_reg_mutex;

475
	struct bmc_device tmp_bmc;
476
	struct bmc_device *bmc;
C
Corey Minyard 已提交
477
	bool bmc_registered;
478
	struct list_head bmc_link;
479
	char *my_dev_name;
480
	bool in_bmc_register;  /* Handle recursive situations.  Yuck. */
481
	struct work_struct bmc_reg_work;
L
Linus Torvalds 已提交
482

483
	const struct ipmi_smi_handlers *handlers;
L
Linus Torvalds 已提交
484 485
	void                     *send_info;

486 487 488
	/* Driver-model device for the system interface. */
	struct device          *si_dev;

489 490 491 492 493 494
	/*
	 * A table of sequence numbers for this interface.  We use the
	 * sequence numbers for IPMB messages that go out of the
	 * interface to match them up with their responses.  A routine
	 * is called periodically to time the items in this list.
	 */
L
Linus Torvalds 已提交
495 496 497 498
	spinlock_t       seq_lock;
	struct seq_table seq_table[IPMI_IPMB_NUM_SEQ];
	int curr_seq;

499
	/*
500 501 502 503
	 * Messages queued for delivery.  If delivery fails (out of memory
	 * for instance), They will stay in here to be processed later in a
	 * periodic timer interrupt.  The tasklet is for handling received
	 * messages directly from the handler.
504
	 */
505 506
	spinlock_t       waiting_rcv_msgs_lock;
	struct list_head waiting_rcv_msgs;
507 508
	atomic_t	 watchdog_pretimeouts_to_deliver;
	struct tasklet_struct recv_tasklet;
L
Linus Torvalds 已提交
509

510 511 512 513 514
	spinlock_t             xmit_msgs_lock;
	struct list_head       xmit_msgs;
	struct ipmi_smi_msg    *curr_msg;
	struct list_head       hp_xmit_msgs;

515 516 517 518
	/*
	 * The list of command receivers that are registered for commands
	 * on this interface.
	 */
519
	struct mutex     cmd_rcvrs_mutex;
L
Linus Torvalds 已提交
520 521
	struct list_head cmd_rcvrs;

522 523 524 525
	/*
	 * Events that were queues because no one was there to receive
	 * them.
	 */
L
Linus Torvalds 已提交
526 527 528
	spinlock_t       events_lock; /* For dealing with event stuff. */
	struct list_head waiting_events;
	unsigned int     waiting_events_count; /* How many events in queue? */
529 530
	char             delivering_events;
	char             event_msg_printed;
531 532 533
	atomic_t         event_waiters;
	unsigned int     ticks_to_req_ev;
	int              last_needs_timer;
L
Linus Torvalds 已提交
534

535 536 537 538
	/*
	 * The event receiver for my BMC, only really used at panic
	 * shutdown as a place to store this.
	 */
L
Linus Torvalds 已提交
539 540 541 542 543
	unsigned char event_receiver;
	unsigned char event_receiver_lun;
	unsigned char local_sel_device;
	unsigned char local_event_generator;

C
Corey Minyard 已提交
544 545
	/* For handling of maintenance mode. */
	int maintenance_mode;
C
Corey Minyard 已提交
546
	bool maintenance_mode_enable;
C
Corey Minyard 已提交
547 548 549
	int auto_maintenance_timeout;
	spinlock_t maintenance_mode_lock; /* Used in a timer... */

550 551 552 553 554 555 556
	/*
	 * If we are doing maintenance on something on IPMB, extend
	 * the timeout time to avoid timeouts writing firmware and
	 * such.
	 */
	int ipmb_maintenance_mode_timeout;

557 558 559 560 561
	/*
	 * A cheap hack, if this is non-null and a message to an
	 * interface comes in with a NULL user, call this routine with
	 * it.  Note that the message will still be freed by the
	 * caller.  This only works on the system interface.
562
	 *
563
	 * Protected by bmc_reg_mutex.
564
	 */
565 566
	void (*null_user_handler)(struct ipmi_smi *intf,
				  struct ipmi_recv_msg *msg);
L
Linus Torvalds 已提交
567

568 569 570 571
	/*
	 * When we are scanning the channels for an SMI, this will
	 * tell which channel we are scanning.
	 */
L
Linus Torvalds 已提交
572 573 574
	int curr_channel;

	/* Channel information */
575 576 577
	struct ipmi_channel_set *channel_list;
	unsigned int curr_working_cset; /* First index into the following. */
	struct ipmi_channel_set wchannels[2];
578
	struct ipmi_my_addrinfo addrinfo[IPMI_MAX_CHANNELS];
579
	bool channels_ready;
L
Linus Torvalds 已提交
580

581
	atomic_t stats[IPMI_NUM_STATS];
582 583 584 585 586 587 588

	/*
	 * run_to_completion duplicate of smb_info, smi_info
	 * and ipmi_serial_info structures. Used to decrease numbers of
	 * parameters passed by "low" level IPMI code.
	 */
	int run_to_completion;
L
Linus Torvalds 已提交
589
};
590
#define to_si_intf_from_dev(device) container_of(device, struct ipmi_smi, dev)
L
Linus Torvalds 已提交
591

592 593 594
static void __get_guid(struct ipmi_smi *intf);
static void __ipmi_bmc_unregister(struct ipmi_smi *intf);
static int __ipmi_bmc_register(struct ipmi_smi *intf,
595
			       struct ipmi_device_id *id,
596
			       bool guid_set, guid_t *guid, int intf_num);
597
static int __scan_channels(struct ipmi_smi *intf, struct ipmi_device_id *id);
598

599

600 601 602
/**
 * The driver model view of the IPMI messaging driver.
 */
603 604 605 606 607
static struct platform_driver ipmidriver = {
	.driver = {
		.name = "ipmi",
		.bus = &platform_bus_type
	}
608
};
609
/*
610
 * This mutex keeps us from adding the same BMC twice.
611
 */
612 613
static DEFINE_MUTEX(ipmidriver_mutex);

614
static LIST_HEAD(ipmi_interfaces);
615
static DEFINE_MUTEX(ipmi_interfaces_mutex);
616
DEFINE_STATIC_SRCU(ipmi_interfaces_srcu);
L
Linus Torvalds 已提交
617

618 619 620
/*
 * List of watchers that want to know when smi's are added and deleted.
 */
621
static LIST_HEAD(smi_watchers);
622
static DEFINE_MUTEX(smi_watchers_mutex);
L
Linus Torvalds 已提交
623

624 625 626 627 628
#define ipmi_inc_stat(intf, stat) \
	atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat])
#define ipmi_get_stat(intf, stat) \
	((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat]))

629 630
static const char * const addr_src_to_str[] = {
	"invalid", "hotmod", "hardcoded", "SPMI", "ACPI", "SMBIOS", "PCI",
631
	"device-tree", "platform"
632
};
633 634 635

const char *ipmi_addr_src_to_str(enum ipmi_addr_src src)
{
636
	if (src >= SI_LAST)
637 638 639 640 641
		src = 0; /* Invalid */
	return addr_src_to_str[src];
}
EXPORT_SYMBOL(ipmi_addr_src_to_str);

642 643 644 645 646 647 648 649 650 651 652 653 654 655
static int is_lan_addr(struct ipmi_addr *addr)
{
	return addr->addr_type == IPMI_LAN_ADDR_TYPE;
}

static int is_ipmb_addr(struct ipmi_addr *addr)
{
	return addr->addr_type == IPMI_IPMB_ADDR_TYPE;
}

static int is_ipmb_bcast_addr(struct ipmi_addr *addr)
{
	return addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE;
}
656

657 658 659 660 661 662 663 664 665 666
static void free_recv_msg_list(struct list_head *q)
{
	struct ipmi_recv_msg *msg, *msg2;

	list_for_each_entry_safe(msg, msg2, q, link) {
		list_del(&msg->link);
		ipmi_free_recv_msg(msg);
	}
}

667 668 669 670 671 672 673 674 675 676
static void free_smi_msg_list(struct list_head *q)
{
	struct ipmi_smi_msg *msg, *msg2;

	list_for_each_entry_safe(msg, msg2, q, link) {
		list_del(&msg->link);
		ipmi_free_smi_msg(msg);
	}
}

677
static void clean_up_interface_data(struct ipmi_smi *intf)
678 679 680 681 682
{
	int              i;
	struct cmd_rcvr  *rcvr, *rcvr2;
	struct list_head list;

683 684
	tasklet_kill(&intf->recv_tasklet);

685
	free_smi_msg_list(&intf->waiting_rcv_msgs);
686 687
	free_recv_msg_list(&intf->waiting_events);

688 689 690 691
	/*
	 * Wholesale remove all the entries from the list in the
	 * interface and wait for RCU to know that none are in use.
	 */
692
	mutex_lock(&intf->cmd_rcvrs_mutex);
693 694
	INIT_LIST_HEAD(&list);
	list_splice_init_rcu(&intf->cmd_rcvrs, &list, synchronize_rcu);
695
	mutex_unlock(&intf->cmd_rcvrs_mutex);
696 697 698 699 700 701

	list_for_each_entry_safe(rcvr, rcvr2, &list, link)
		kfree(rcvr);

	for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
		if ((intf->seq_table[i].inuse)
702
					&& (intf->seq_table[i].recv_msg))
703 704 705 706 707 708
			ipmi_free_recv_msg(intf->seq_table[i].recv_msg);
	}
}

static void intf_free(struct kref *ref)
{
709
	struct ipmi_smi *intf = container_of(ref, struct ipmi_smi, refcount);
710 711 712 713 714

	clean_up_interface_data(intf);
	kfree(intf);
}

715
struct watcher_entry {
716
	int              intf_num;
717
	struct ipmi_smi  *intf;
718 719 720
	struct list_head link;
};

L
Linus Torvalds 已提交
721 722
int ipmi_smi_watcher_register(struct ipmi_smi_watcher *watcher)
{
723
	struct ipmi_smi *intf;
724
	int index;
725

726 727 728
	mutex_lock(&smi_watchers_mutex);

	list_add(&watcher->link, &smi_watchers);
729

730 731 732
	index = srcu_read_lock(&ipmi_interfaces_srcu);
	list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
		int intf_num = READ_ONCE(intf->intf_num);
733

734 735 736
		if (intf_num == -1)
			continue;
		watcher->new_smi(intf_num, intf->si_dev);
L
Linus Torvalds 已提交
737
	}
738
	srcu_read_unlock(&ipmi_interfaces_srcu, index);
739

740
	mutex_unlock(&smi_watchers_mutex);
741

L
Linus Torvalds 已提交
742 743
	return 0;
}
744
EXPORT_SYMBOL(ipmi_smi_watcher_register);
L
Linus Torvalds 已提交
745 746 747

int ipmi_smi_watcher_unregister(struct ipmi_smi_watcher *watcher)
{
748
	mutex_lock(&smi_watchers_mutex);
749
	list_del(&watcher->link);
750
	mutex_unlock(&smi_watchers_mutex);
L
Linus Torvalds 已提交
751 752
	return 0;
}
753
EXPORT_SYMBOL(ipmi_smi_watcher_unregister);
L
Linus Torvalds 已提交
754

755 756 757
/*
 * Must be called with smi_watchers_mutex held.
 */
L
Linus Torvalds 已提交
758
static void
759
call_smi_watchers(int i, struct device *dev)
L
Linus Torvalds 已提交
760 761 762
{
	struct ipmi_smi_watcher *w;

763
	mutex_lock(&smi_watchers_mutex);
L
Linus Torvalds 已提交
764 765
	list_for_each_entry(w, &smi_watchers, link) {
		if (try_module_get(w->owner)) {
766
			w->new_smi(i, dev);
L
Linus Torvalds 已提交
767 768 769
			module_put(w->owner);
		}
	}
770
	mutex_unlock(&smi_watchers_mutex);
L
Linus Torvalds 已提交
771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789
}

static int
ipmi_addr_equal(struct ipmi_addr *addr1, struct ipmi_addr *addr2)
{
	if (addr1->addr_type != addr2->addr_type)
		return 0;

	if (addr1->channel != addr2->channel)
		return 0;

	if (addr1->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
		struct ipmi_system_interface_addr *smi_addr1
		    = (struct ipmi_system_interface_addr *) addr1;
		struct ipmi_system_interface_addr *smi_addr2
		    = (struct ipmi_system_interface_addr *) addr2;
		return (smi_addr1->lun == smi_addr2->lun);
	}

790
	if (is_ipmb_addr(addr1) || is_ipmb_bcast_addr(addr1)) {
L
Linus Torvalds 已提交
791 792 793 794 795 796 797 798 799
		struct ipmi_ipmb_addr *ipmb_addr1
		    = (struct ipmi_ipmb_addr *) addr1;
		struct ipmi_ipmb_addr *ipmb_addr2
		    = (struct ipmi_ipmb_addr *) addr2;

		return ((ipmb_addr1->slave_addr == ipmb_addr2->slave_addr)
			&& (ipmb_addr1->lun == ipmb_addr2->lun));
	}

800
	if (is_lan_addr(addr1)) {
L
Linus Torvalds 已提交
801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817
		struct ipmi_lan_addr *lan_addr1
			= (struct ipmi_lan_addr *) addr1;
		struct ipmi_lan_addr *lan_addr2
		    = (struct ipmi_lan_addr *) addr2;

		return ((lan_addr1->remote_SWID == lan_addr2->remote_SWID)
			&& (lan_addr1->local_SWID == lan_addr2->local_SWID)
			&& (lan_addr1->session_handle
			    == lan_addr2->session_handle)
			&& (lan_addr1->lun == lan_addr2->lun));
	}

	return 1;
}

int ipmi_validate_addr(struct ipmi_addr *addr, int len)
{
818
	if (len < sizeof(struct ipmi_system_interface_addr))
L
Linus Torvalds 已提交
819 820 821 822 823 824 825 826 827
		return -EINVAL;

	if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
		if (addr->channel != IPMI_BMC_CHANNEL)
			return -EINVAL;
		return 0;
	}

	if ((addr->channel == IPMI_BMC_CHANNEL)
828
	    || (addr->channel >= IPMI_MAX_CHANNELS)
L
Linus Torvalds 已提交
829 830 831
	    || (addr->channel < 0))
		return -EINVAL;

832
	if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) {
833
		if (len < sizeof(struct ipmi_ipmb_addr))
L
Linus Torvalds 已提交
834 835 836 837
			return -EINVAL;
		return 0;
	}

838
	if (is_lan_addr(addr)) {
839
		if (len < sizeof(struct ipmi_lan_addr))
L
Linus Torvalds 已提交
840 841 842 843 844 845
			return -EINVAL;
		return 0;
	}

	return -EINVAL;
}
846
EXPORT_SYMBOL(ipmi_validate_addr);
L
Linus Torvalds 已提交
847 848 849 850 851 852 853

unsigned int ipmi_addr_length(int addr_type)
{
	if (addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
		return sizeof(struct ipmi_system_interface_addr);

	if ((addr_type == IPMI_IPMB_ADDR_TYPE)
854
			|| (addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
L
Linus Torvalds 已提交
855 856 857 858 859 860 861
		return sizeof(struct ipmi_ipmb_addr);

	if (addr_type == IPMI_LAN_ADDR_TYPE)
		return sizeof(struct ipmi_lan_addr);

	return 0;
}
862
EXPORT_SYMBOL(ipmi_addr_length);
L
Linus Torvalds 已提交
863

C
Corey Minyard 已提交
864
static int deliver_response(struct ipmi_smi *intf, struct ipmi_recv_msg *msg)
L
Linus Torvalds 已提交
865
{
C
Corey Minyard 已提交
866
	int rv = 0;
867

C
Corey Minyard 已提交
868
	if (!msg->user) {
869 870 871 872 873
		/* Special handling for NULL users. */
		if (intf->null_user_handler) {
			intf->null_user_handler(intf, msg);
		} else {
			/* No handler, so give up. */
C
Corey Minyard 已提交
874
			rv = -EINVAL;
875 876
		}
		ipmi_free_recv_msg(msg);
877 878 879 880 881 882
	} else if (!oops_in_progress) {
		/*
		 * If we are running in the panic context, calling the
		 * receive handler doesn't much meaning and has a deadlock
		 * risk.  At this moment, simply skip it in that case.
		 */
883 884
		int index;
		struct ipmi_user *user = acquire_ipmi_user(msg->user, &index);
885

886 887
		if (user) {
			user->handler->ipmi_recv_hndl(msg, user->handler_data);
888
			release_ipmi_user(user, index);
889 890 891 892 893
		} else {
			/* User went away, give up. */
			ipmi_free_recv_msg(msg);
			rv = -EINVAL;
		}
894
	}
C
Corey Minyard 已提交
895 896

	return rv;
L
Linus Torvalds 已提交
897 898
}

C
Corey Minyard 已提交
899 900 901 902 903 904 905 906 907 908 909
static void deliver_local_response(struct ipmi_smi *intf,
				   struct ipmi_recv_msg *msg)
{
	if (deliver_response(intf, msg))
		ipmi_inc_stat(intf, unhandled_local_responses);
	else
		ipmi_inc_stat(intf, handled_local_responses);
}

static void deliver_err_response(struct ipmi_smi *intf,
				 struct ipmi_recv_msg *msg, int err)
910 911 912 913 914 915
{
	msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
	msg->msg_data[0] = err;
	msg->msg.netfn |= 1; /* Convert to a response. */
	msg->msg.data_len = 1;
	msg->msg.data = msg->msg_data;
C
Corey Minyard 已提交
916
	deliver_local_response(intf, msg);
917 918
}

919 920 921 922 923
/*
 * Find the next sequence number not being used and add the given
 * message with the given timeout to the sequence table.  This must be
 * called with the interface's seq_lock held.
 */
924
static int intf_next_seq(struct ipmi_smi      *intf,
L
Linus Torvalds 已提交
925 926 927 928 929 930 931 932 933 934
			 struct ipmi_recv_msg *recv_msg,
			 unsigned long        timeout,
			 int                  retries,
			 int                  broadcast,
			 unsigned char        *seq,
			 long                 *seqid)
{
	int          rv = 0;
	unsigned int i;

935 936 937 938 939
	if (timeout == 0)
		timeout = default_retry_ms;
	if (retries < 0)
		retries = default_max_retries;

940 941
	for (i = intf->curr_seq; (i+1)%IPMI_IPMB_NUM_SEQ != intf->curr_seq;
					i = (i+1)%IPMI_IPMB_NUM_SEQ) {
942
		if (!intf->seq_table[i].inuse)
L
Linus Torvalds 已提交
943 944 945
			break;
	}

946
	if (!intf->seq_table[i].inuse) {
L
Linus Torvalds 已提交
947 948
		intf->seq_table[i].recv_msg = recv_msg;

949 950 951 952
		/*
		 * Start with the maximum timeout, when the send response
		 * comes in we will start the real timer.
		 */
L
Linus Torvalds 已提交
953 954 955 956 957 958 959 960 961
		intf->seq_table[i].timeout = MAX_MSG_TIMEOUT;
		intf->seq_table[i].orig_timeout = timeout;
		intf->seq_table[i].retries_left = retries;
		intf->seq_table[i].broadcast = broadcast;
		intf->seq_table[i].inuse = 1;
		intf->seq_table[i].seqid = NEXT_SEQID(intf->seq_table[i].seqid);
		*seq = i;
		*seqid = intf->seq_table[i].seqid;
		intf->curr_seq = (i+1)%IPMI_IPMB_NUM_SEQ;
962
		need_waiter(intf);
L
Linus Torvalds 已提交
963 964 965
	} else {
		rv = -EAGAIN;
	}
966

L
Linus Torvalds 已提交
967 968 969
	return rv;
}

970 971 972 973 974 975 976
/*
 * Return the receive message for the given sequence number and
 * release the sequence number so it can be reused.  Some other data
 * is passed in to be sure the message matches up correctly (to help
 * guard against message coming in after their timeout and the
 * sequence number being reused).
 */
977
static int intf_find_seq(struct ipmi_smi      *intf,
L
Linus Torvalds 已提交
978 979 980 981 982 983 984 985 986 987 988 989 990
			 unsigned char        seq,
			 short                channel,
			 unsigned char        cmd,
			 unsigned char        netfn,
			 struct ipmi_addr     *addr,
			 struct ipmi_recv_msg **recv_msg)
{
	int           rv = -ENODEV;
	unsigned long flags;

	if (seq >= IPMI_IPMB_NUM_SEQ)
		return -EINVAL;

991
	spin_lock_irqsave(&intf->seq_lock, flags);
L
Linus Torvalds 已提交
992 993 994
	if (intf->seq_table[seq].inuse) {
		struct ipmi_recv_msg *msg = intf->seq_table[seq].recv_msg;

995 996
		if ((msg->addr.channel == channel) && (msg->msg.cmd == cmd)
				&& (msg->msg.netfn == netfn)
997
				&& (ipmi_addr_equal(addr, &msg->addr))) {
L
Linus Torvalds 已提交
998 999 1000 1001 1002
			*recv_msg = msg;
			intf->seq_table[seq].inuse = 0;
			rv = 0;
		}
	}
1003
	spin_unlock_irqrestore(&intf->seq_lock, flags);
L
Linus Torvalds 已提交
1004 1005 1006 1007 1008 1009

	return rv;
}


/* Start the timer for a specific sequence table entry. */
1010
static int intf_start_seq_timer(struct ipmi_smi *intf,
L
Linus Torvalds 已提交
1011 1012 1013 1014 1015 1016 1017 1018 1019 1020
				long       msgid)
{
	int           rv = -ENODEV;
	unsigned long flags;
	unsigned char seq;
	unsigned long seqid;


	GET_SEQ_FROM_MSGID(msgid, seq, seqid);

1021
	spin_lock_irqsave(&intf->seq_lock, flags);
1022 1023 1024 1025
	/*
	 * We do this verification because the user can be deleted
	 * while a message is outstanding.
	 */
L
Linus Torvalds 已提交
1026
	if ((intf->seq_table[seq].inuse)
1027
				&& (intf->seq_table[seq].seqid == seqid)) {
1028
		struct seq_table *ent = &intf->seq_table[seq];
L
Linus Torvalds 已提交
1029 1030 1031
		ent->timeout = ent->orig_timeout;
		rv = 0;
	}
1032
	spin_unlock_irqrestore(&intf->seq_lock, flags);
L
Linus Torvalds 已提交
1033 1034 1035 1036 1037

	return rv;
}

/* Got an error for the send message for a specific sequence number. */
1038
static int intf_err_seq(struct ipmi_smi *intf,
L
Linus Torvalds 已提交
1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050
			long         msgid,
			unsigned int err)
{
	int                  rv = -ENODEV;
	unsigned long        flags;
	unsigned char        seq;
	unsigned long        seqid;
	struct ipmi_recv_msg *msg = NULL;


	GET_SEQ_FROM_MSGID(msgid, seq, seqid);

1051
	spin_lock_irqsave(&intf->seq_lock, flags);
1052 1053 1054 1055
	/*
	 * We do this verification because the user can be deleted
	 * while a message is outstanding.
	 */
L
Linus Torvalds 已提交
1056
	if ((intf->seq_table[seq].inuse)
1057
				&& (intf->seq_table[seq].seqid == seqid)) {
1058
		struct seq_table *ent = &intf->seq_table[seq];
L
Linus Torvalds 已提交
1059 1060 1061 1062 1063

		ent->inuse = 0;
		msg = ent->recv_msg;
		rv = 0;
	}
1064
	spin_unlock_irqrestore(&intf->seq_lock, flags);
L
Linus Torvalds 已提交
1065

1066
	if (msg)
C
Corey Minyard 已提交
1067
		deliver_err_response(intf, msg, err);
L
Linus Torvalds 已提交
1068 1069 1070 1071 1072 1073

	return rv;
}


int ipmi_create_user(unsigned int          if_num,
C
Corey Minyard 已提交
1074
		     const struct ipmi_user_hndl *handler,
L
Linus Torvalds 已提交
1075
		     void                  *handler_data,
1076
		     struct ipmi_user      **user)
L
Linus Torvalds 已提交
1077 1078
{
	unsigned long flags;
1079
	struct ipmi_user *new_user;
1080
	int           rv = 0, index;
1081
	struct ipmi_smi *intf;
L
Linus Torvalds 已提交
1082

1083 1084 1085 1086 1087 1088 1089
	/*
	 * There is no module usecount here, because it's not
	 * required.  Since this can only be used by and called from
	 * other modules, they will implicitly use this module, and
	 * thus this can't be removed unless the other modules are
	 * removed.
	 */
L
Linus Torvalds 已提交
1090 1091 1092 1093

	if (handler == NULL)
		return -EINVAL;

1094 1095 1096 1097
	/*
	 * Make sure the driver is actually initialized, this handles
	 * problems with initialization order.
	 */
L
Linus Torvalds 已提交
1098 1099 1100 1101 1102
	if (!initialized) {
		rv = ipmi_init_msghandler();
		if (rv)
			return rv;

1103 1104 1105 1106
		/*
		 * The init code doesn't return an error if it was turned
		 * off, but it won't initialize.  Check that.
		 */
L
Linus Torvalds 已提交
1107 1108 1109 1110 1111
		if (!initialized)
			return -ENODEV;
	}

	new_user = kmalloc(sizeof(*new_user), GFP_KERNEL);
1112
	if (!new_user)
L
Linus Torvalds 已提交
1113 1114
		return -ENOMEM;

1115
	index = srcu_read_lock(&ipmi_interfaces_srcu);
1116 1117 1118
	list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
		if (intf->intf_num == if_num)
			goto found;
L
Linus Torvalds 已提交
1119
	}
1120
	/* Not found, return an error */
1121 1122
	rv = -EINVAL;
	goto out_kfree;
L
Linus Torvalds 已提交
1123

1124
 found:
1125 1126 1127 1128
	rv = init_srcu_struct(&new_user->release_barrier);
	if (rv)
		goto out_kfree;

1129 1130
	/* Note that each existing user holds a refcount to the interface. */
	kref_get(&intf->refcount);
L
Linus Torvalds 已提交
1131

1132
	kref_init(&new_user->refcount);
L
Linus Torvalds 已提交
1133 1134 1135
	new_user->handler = handler;
	new_user->handler_data = handler_data;
	new_user->intf = intf;
1136
	new_user->gets_events = false;
L
Linus Torvalds 已提交
1137

1138
	rcu_assign_pointer(new_user->self, new_user);
1139 1140 1141
	spin_lock_irqsave(&intf->seq_lock, flags);
	list_add_rcu(&new_user->link, &intf->users);
	spin_unlock_irqrestore(&intf->seq_lock, flags);
1142 1143 1144 1145 1146
	if (handler->ipmi_watchdog_pretimeout) {
		/* User wants pretimeouts, so make sure to watch for them. */
		if (atomic_inc_return(&intf->event_waiters) == 1)
			need_waiter(intf);
	}
1147
	srcu_read_unlock(&ipmi_interfaces_srcu, index);
1148 1149
	*user = new_user;
	return 0;
L
Linus Torvalds 已提交
1150

1151
out_kfree:
1152
	srcu_read_unlock(&ipmi_interfaces_srcu, index);
1153
	kfree(new_user);
L
Linus Torvalds 已提交
1154 1155
	return rv;
}
1156
EXPORT_SYMBOL(ipmi_create_user);
L
Linus Torvalds 已提交
1157

1158 1159
int ipmi_get_smi_info(int if_num, struct ipmi_smi_info *data)
{
1160
	int rv, index;
1161
	struct ipmi_smi *intf;
1162

1163
	index = srcu_read_lock(&ipmi_interfaces_srcu);
1164 1165 1166 1167
	list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
		if (intf->intf_num == if_num)
			goto found;
	}
1168 1169
	srcu_read_unlock(&ipmi_interfaces_srcu, index);

1170
	/* Not found, return an error */
1171
	return -EINVAL;
1172 1173

found:
1174 1175 1176 1177 1178
	if (!intf->handlers->get_smi_info)
		rv = -ENOTTY;
	else
		rv = intf->handlers->get_smi_info(intf->send_info, data);
	srcu_read_unlock(&ipmi_interfaces_srcu, index);
1179 1180 1181 1182 1183

	return rv;
}
EXPORT_SYMBOL(ipmi_get_smi_info);

1184 1185
static void free_user(struct kref *ref)
{
1186
	struct ipmi_user *user = container_of(ref, struct ipmi_user, refcount);
1187 1188 1189
	kfree(user);
}

1190
static void _ipmi_destroy_user(struct ipmi_user *user)
L
Linus Torvalds 已提交
1191
{
1192
	struct ipmi_smi  *intf = user->intf;
L
Linus Torvalds 已提交
1193 1194
	int              i;
	unsigned long    flags;
1195 1196
	struct cmd_rcvr  *rcvr;
	struct cmd_rcvr  *rcvrs = NULL;
L
Linus Torvalds 已提交
1197

1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213
	if (!acquire_ipmi_user(user, &i)) {
		/*
		 * The user has already been cleaned up, just make sure
		 * nothing is using it and return.
		 */
		synchronize_srcu(&user->release_barrier);
		return;
	}

	rcu_assign_pointer(user->self, NULL);
	release_ipmi_user(user, i);

	synchronize_srcu(&user->release_barrier);

	if (user->handler->shutdown)
		user->handler->shutdown(user->handler_data);
L
Linus Torvalds 已提交
1214

1215 1216 1217 1218 1219 1220
	if (user->handler->ipmi_watchdog_pretimeout)
		atomic_dec(&intf->event_waiters);

	if (user->gets_events)
		atomic_dec(&intf->event_waiters);

1221 1222 1223
	/* Remove the user from the interface's sequence table. */
	spin_lock_irqsave(&intf->seq_lock, flags);
	list_del_rcu(&user->link);
L
Linus Torvalds 已提交
1224

C
Corey Minyard 已提交
1225
	for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
1226
		if (intf->seq_table[i].inuse
1227
		    && (intf->seq_table[i].recv_msg->user == user)) {
1228
			intf->seq_table[i].inuse = 0;
1229
			ipmi_free_recv_msg(intf->seq_table[i].recv_msg);
L
Linus Torvalds 已提交
1230 1231
		}
	}
1232 1233 1234 1235 1236 1237
	spin_unlock_irqrestore(&intf->seq_lock, flags);

	/*
	 * Remove the user from the command receiver's table.  First
	 * we build a list of everything (not using the standard link,
	 * since other things may be using it till we do
1238
	 * synchronize_srcu()) then free everything in that list.
1239
	 */
1240
	mutex_lock(&intf->cmd_rcvrs_mutex);
1241
	list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
L
Linus Torvalds 已提交
1242
		if (rcvr->user == user) {
1243 1244 1245
			list_del_rcu(&rcvr->link);
			rcvr->next = rcvrs;
			rcvrs = rcvr;
L
Linus Torvalds 已提交
1246 1247
		}
	}
1248
	mutex_unlock(&intf->cmd_rcvrs_mutex);
1249 1250 1251 1252 1253 1254
	synchronize_rcu();
	while (rcvrs) {
		rcvr = rcvrs;
		rcvrs = rcvr->next;
		kfree(rcvr);
	}
L
Linus Torvalds 已提交
1255

1256
	kref_put(&intf->refcount, intf_free);
1257 1258 1259 1260 1261
}

int ipmi_destroy_user(struct ipmi_user *user)
{
	_ipmi_destroy_user(user);
L
Linus Torvalds 已提交
1262

1263
	cleanup_srcu_struct(&user->release_barrier);
1264
	kref_put(&user->refcount, free_user);
L
Linus Torvalds 已提交
1265

1266
	return 0;
L
Linus Torvalds 已提交
1267
}
1268
EXPORT_SYMBOL(ipmi_destroy_user);
L
Linus Torvalds 已提交
1269

1270
int ipmi_get_version(struct ipmi_user *user,
1271 1272
		     unsigned char *major,
		     unsigned char *minor)
L
Linus Torvalds 已提交
1273
{
1274
	struct ipmi_device_id id;
1275
	int rv, index;
1276

1277 1278 1279
	user = acquire_ipmi_user(user, &index);
	if (!user)
		return -ENODEV;
1280

1281 1282 1283 1284 1285 1286
	rv = bmc_get_device_id(user->intf, NULL, &id, NULL, NULL);
	if (!rv) {
		*major = ipmi_version_major(&id);
		*minor = ipmi_version_minor(&id);
	}
	release_ipmi_user(user, index);
1287

1288
	return rv;
L
Linus Torvalds 已提交
1289
}
1290
EXPORT_SYMBOL(ipmi_get_version);
L
Linus Torvalds 已提交
1291

1292
int ipmi_set_my_address(struct ipmi_user *user,
1293 1294
			unsigned int  channel,
			unsigned char address)
L
Linus Torvalds 已提交
1295
{
1296
	int index, rv = 0;
1297 1298 1299 1300 1301

	user = acquire_ipmi_user(user, &index);
	if (!user)
		return -ENODEV;

1302
	if (channel >= IPMI_MAX_CHANNELS) {
1303
		rv = -EINVAL;
1304 1305
	} else {
		channel = array_index_nospec(channel, IPMI_MAX_CHANNELS);
1306
		user->intf->addrinfo[channel].address = address;
1307
	}
1308 1309
	release_ipmi_user(user, index);

1310
	return rv;
L
Linus Torvalds 已提交
1311
}
1312
EXPORT_SYMBOL(ipmi_set_my_address);
L
Linus Torvalds 已提交
1313

1314
int ipmi_get_my_address(struct ipmi_user *user,
1315 1316
			unsigned int  channel,
			unsigned char *address)
L
Linus Torvalds 已提交
1317
{
1318
	int index, rv = 0;
1319 1320 1321 1322 1323

	user = acquire_ipmi_user(user, &index);
	if (!user)
		return -ENODEV;

1324
	if (channel >= IPMI_MAX_CHANNELS) {
1325
		rv = -EINVAL;
1326 1327
	} else {
		channel = array_index_nospec(channel, IPMI_MAX_CHANNELS);
1328
		*address = user->intf->addrinfo[channel].address;
1329
	}
1330 1331
	release_ipmi_user(user, index);

1332
	return rv;
L
Linus Torvalds 已提交
1333
}
1334
EXPORT_SYMBOL(ipmi_get_my_address);
L
Linus Torvalds 已提交
1335

1336
int ipmi_set_my_LUN(struct ipmi_user *user,
1337 1338
		    unsigned int  channel,
		    unsigned char LUN)
L
Linus Torvalds 已提交
1339
{
1340
	int index, rv = 0;
1341 1342 1343 1344 1345

	user = acquire_ipmi_user(user, &index);
	if (!user)
		return -ENODEV;

1346
	if (channel >= IPMI_MAX_CHANNELS) {
1347
		rv = -EINVAL;
1348 1349
	} else {
		channel = array_index_nospec(channel, IPMI_MAX_CHANNELS);
1350
		user->intf->addrinfo[channel].lun = LUN & 0x3;
1351
	}
1352 1353
	release_ipmi_user(user, index);

1354
	return rv;
L
Linus Torvalds 已提交
1355
}
1356
EXPORT_SYMBOL(ipmi_set_my_LUN);
L
Linus Torvalds 已提交
1357

1358
int ipmi_get_my_LUN(struct ipmi_user *user,
1359 1360
		    unsigned int  channel,
		    unsigned char *address)
L
Linus Torvalds 已提交
1361
{
1362
	int index, rv = 0;
1363 1364 1365 1366 1367

	user = acquire_ipmi_user(user, &index);
	if (!user)
		return -ENODEV;

1368
	if (channel >= IPMI_MAX_CHANNELS) {
1369
		rv = -EINVAL;
1370 1371
	} else {
		channel = array_index_nospec(channel, IPMI_MAX_CHANNELS);
1372
		*address = user->intf->addrinfo[channel].lun;
1373
	}
1374 1375
	release_ipmi_user(user, index);

1376
	return rv;
L
Linus Torvalds 已提交
1377
}
1378
EXPORT_SYMBOL(ipmi_get_my_LUN);
L
Linus Torvalds 已提交
1379

1380
int ipmi_get_maintenance_mode(struct ipmi_user *user)
C
Corey Minyard 已提交
1381
{
1382
	int mode, index;
C
Corey Minyard 已提交
1383 1384
	unsigned long flags;

1385 1386 1387 1388
	user = acquire_ipmi_user(user, &index);
	if (!user)
		return -ENODEV;

C
Corey Minyard 已提交
1389 1390 1391
	spin_lock_irqsave(&user->intf->maintenance_mode_lock, flags);
	mode = user->intf->maintenance_mode;
	spin_unlock_irqrestore(&user->intf->maintenance_mode_lock, flags);
1392
	release_ipmi_user(user, index);
C
Corey Minyard 已提交
1393 1394 1395 1396 1397

	return mode;
}
EXPORT_SYMBOL(ipmi_get_maintenance_mode);

1398
static void maintenance_mode_update(struct ipmi_smi *intf)
C
Corey Minyard 已提交
1399 1400 1401 1402 1403 1404
{
	if (intf->handlers->set_maintenance_mode)
		intf->handlers->set_maintenance_mode(
			intf->send_info, intf->maintenance_mode_enable);
}

1405
int ipmi_set_maintenance_mode(struct ipmi_user *user, int mode)
C
Corey Minyard 已提交
1406
{
1407
	int rv = 0, index;
C
Corey Minyard 已提交
1408
	unsigned long flags;
1409
	struct ipmi_smi *intf = user->intf;
C
Corey Minyard 已提交
1410

1411 1412 1413 1414
	user = acquire_ipmi_user(user, &index);
	if (!user)
		return -ENODEV;

C
Corey Minyard 已提交
1415 1416 1417 1418 1419 1420 1421 1422 1423
	spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
	if (intf->maintenance_mode != mode) {
		switch (mode) {
		case IPMI_MAINTENANCE_MODE_AUTO:
			intf->maintenance_mode_enable
				= (intf->auto_maintenance_timeout > 0);
			break;

		case IPMI_MAINTENANCE_MODE_OFF:
C
Corey Minyard 已提交
1424
			intf->maintenance_mode_enable = false;
C
Corey Minyard 已提交
1425 1426 1427
			break;

		case IPMI_MAINTENANCE_MODE_ON:
C
Corey Minyard 已提交
1428
			intf->maintenance_mode_enable = true;
C
Corey Minyard 已提交
1429 1430 1431 1432 1433 1434
			break;

		default:
			rv = -EINVAL;
			goto out_unlock;
		}
C
Corey Minyard 已提交
1435
		intf->maintenance_mode = mode;
C
Corey Minyard 已提交
1436 1437 1438 1439 1440

		maintenance_mode_update(intf);
	}
 out_unlock:
	spin_unlock_irqrestore(&intf->maintenance_mode_lock, flags);
1441
	release_ipmi_user(user, index);
C
Corey Minyard 已提交
1442 1443 1444 1445 1446

	return rv;
}
EXPORT_SYMBOL(ipmi_set_maintenance_mode);

1447
int ipmi_set_gets_events(struct ipmi_user *user, bool val)
L
Linus Torvalds 已提交
1448
{
1449
	unsigned long        flags;
1450
	struct ipmi_smi      *intf = user->intf;
1451 1452
	struct ipmi_recv_msg *msg, *msg2;
	struct list_head     msgs;
1453 1454 1455 1456 1457
	int index;

	user = acquire_ipmi_user(user, &index);
	if (!user)
		return -ENODEV;
L
Linus Torvalds 已提交
1458

1459 1460 1461
	INIT_LIST_HEAD(&msgs);

	spin_lock_irqsave(&intf->events_lock, flags);
1462 1463 1464
	if (user->gets_events == val)
		goto out;

L
Linus Torvalds 已提交
1465 1466
	user->gets_events = val;

1467 1468 1469 1470 1471 1472 1473
	if (val) {
		if (atomic_inc_return(&intf->event_waiters) == 1)
			need_waiter(intf);
	} else {
		atomic_dec(&intf->event_waiters);
	}

1474 1475 1476 1477 1478 1479 1480 1481 1482
	if (intf->delivering_events)
		/*
		 * Another thread is delivering events for this, so
		 * let it handle any new events.
		 */
		goto out;

	/* Deliver any queued events. */
	while (user->gets_events && !list_empty(&intf->waiting_events)) {
A
Akinobu Mita 已提交
1483 1484
		list_for_each_entry_safe(msg, msg2, &intf->waiting_events, link)
			list_move_tail(&msg->link, &msgs);
1485
		intf->waiting_events_count = 0;
1486
		if (intf->event_msg_printed) {
1487
			dev_warn(intf->si_dev, "Event queue no longer full\n");
1488 1489
			intf->event_msg_printed = 0;
		}
1490

1491 1492 1493 1494 1495 1496
		intf->delivering_events = 1;
		spin_unlock_irqrestore(&intf->events_lock, flags);

		list_for_each_entry_safe(msg, msg2, &msgs, link) {
			msg->user = user;
			kref_get(&user->refcount);
C
Corey Minyard 已提交
1497
			deliver_local_response(intf, msg);
1498 1499 1500 1501
		}

		spin_lock_irqsave(&intf->events_lock, flags);
		intf->delivering_events = 0;
1502 1503
	}

1504
 out:
1505
	spin_unlock_irqrestore(&intf->events_lock, flags);
1506
	release_ipmi_user(user, index);
L
Linus Torvalds 已提交
1507 1508 1509

	return 0;
}
1510
EXPORT_SYMBOL(ipmi_set_gets_events);
L
Linus Torvalds 已提交
1511

1512
static struct cmd_rcvr *find_cmd_rcvr(struct ipmi_smi *intf,
1513
				      unsigned char netfn,
1514 1515
				      unsigned char cmd,
				      unsigned char chan)
1516 1517 1518 1519
{
	struct cmd_rcvr *rcvr;

	list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
1520 1521
		if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)
					&& (rcvr->chans & (1 << chan)))
1522 1523 1524 1525 1526
			return rcvr;
	}
	return NULL;
}

1527
static int is_cmd_rcvr_exclusive(struct ipmi_smi *intf,
1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541
				 unsigned char netfn,
				 unsigned char cmd,
				 unsigned int  chans)
{
	struct cmd_rcvr *rcvr;

	list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
		if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)
					&& (rcvr->chans & chans))
			return 0;
	}
	return 1;
}

1542
int ipmi_register_for_cmd(struct ipmi_user *user,
L
Linus Torvalds 已提交
1543
			  unsigned char netfn,
1544 1545
			  unsigned char cmd,
			  unsigned int  chans)
L
Linus Torvalds 已提交
1546
{
1547
	struct ipmi_smi *intf = user->intf;
1548
	struct cmd_rcvr *rcvr;
1549
	int rv = 0, index;
L
Linus Torvalds 已提交
1550

1551 1552 1553
	user = acquire_ipmi_user(user, &index);
	if (!user)
		return -ENODEV;
L
Linus Torvalds 已提交
1554 1555

	rcvr = kmalloc(sizeof(*rcvr), GFP_KERNEL);
1556 1557 1558 1559
	if (!rcvr) {
		rv = -ENOMEM;
		goto out_release;
	}
1560 1561
	rcvr->cmd = cmd;
	rcvr->netfn = netfn;
1562
	rcvr->chans = chans;
1563
	rcvr->user = user;
L
Linus Torvalds 已提交
1564

1565
	mutex_lock(&intf->cmd_rcvrs_mutex);
L
Linus Torvalds 已提交
1566
	/* Make sure the command/netfn is not already registered. */
1567
	if (!is_cmd_rcvr_exclusive(intf, netfn, cmd, chans)) {
1568 1569
		rv = -EBUSY;
		goto out_unlock;
L
Linus Torvalds 已提交
1570
	}
1571

1572 1573 1574
	if (atomic_inc_return(&intf->event_waiters) == 1)
		need_waiter(intf);

1575
	list_add_rcu(&rcvr->link, &intf->cmd_rcvrs);
L
Linus Torvalds 已提交
1576

1577
out_unlock:
1578
	mutex_unlock(&intf->cmd_rcvrs_mutex);
L
Linus Torvalds 已提交
1579 1580
	if (rv)
		kfree(rcvr);
1581
out_release:
1582
	release_ipmi_user(user, index);
L
Linus Torvalds 已提交
1583 1584 1585

	return rv;
}
1586
EXPORT_SYMBOL(ipmi_register_for_cmd);
L
Linus Torvalds 已提交
1587

1588
int ipmi_unregister_for_cmd(struct ipmi_user *user,
L
Linus Torvalds 已提交
1589
			    unsigned char netfn,
1590 1591
			    unsigned char cmd,
			    unsigned int  chans)
L
Linus Torvalds 已提交
1592
{
1593
	struct ipmi_smi *intf = user->intf;
1594
	struct cmd_rcvr *rcvr;
1595
	struct cmd_rcvr *rcvrs = NULL;
1596 1597 1598 1599 1600
	int i, rv = -ENOENT, index;

	user = acquire_ipmi_user(user, &index);
	if (!user)
		return -ENODEV;
L
Linus Torvalds 已提交
1601

1602
	mutex_lock(&intf->cmd_rcvrs_mutex);
1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620
	for (i = 0; i < IPMI_NUM_CHANNELS; i++) {
		if (((1 << i) & chans) == 0)
			continue;
		rcvr = find_cmd_rcvr(intf, netfn, cmd, i);
		if (rcvr == NULL)
			continue;
		if (rcvr->user == user) {
			rv = 0;
			rcvr->chans &= ~chans;
			if (rcvr->chans == 0) {
				list_del_rcu(&rcvr->link);
				rcvr->next = rcvrs;
				rcvrs = rcvr;
			}
		}
	}
	mutex_unlock(&intf->cmd_rcvrs_mutex);
	synchronize_rcu();
1621
	release_ipmi_user(user, index);
1622
	while (rcvrs) {
1623
		atomic_dec(&intf->event_waiters);
1624 1625
		rcvr = rcvrs;
		rcvrs = rcvr->next;
1626
		kfree(rcvr);
L
Linus Torvalds 已提交
1627
	}
1628

1629
	return rv;
L
Linus Torvalds 已提交
1630
}
1631
EXPORT_SYMBOL(ipmi_unregister_for_cmd);
L
Linus Torvalds 已提交
1632 1633 1634 1635 1636

static unsigned char
ipmb_checksum(unsigned char *data, int size)
{
	unsigned char csum = 0;
1637

L
Linus Torvalds 已提交
1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662
	for (; size > 0; size--, data++)
		csum += *data;

	return -csum;
}

static inline void format_ipmb_msg(struct ipmi_smi_msg   *smi_msg,
				   struct kernel_ipmi_msg *msg,
				   struct ipmi_ipmb_addr *ipmb_addr,
				   long                  msgid,
				   unsigned char         ipmb_seq,
				   int                   broadcast,
				   unsigned char         source_address,
				   unsigned char         source_lun)
{
	int i = broadcast;

	/* Format the IPMB header data. */
	smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
	smi_msg->data[1] = IPMI_SEND_MSG_CMD;
	smi_msg->data[2] = ipmb_addr->channel;
	if (broadcast)
		smi_msg->data[3] = 0;
	smi_msg->data[i+3] = ipmb_addr->slave_addr;
	smi_msg->data[i+4] = (msg->netfn << 2) | (ipmb_addr->lun & 0x3);
1663
	smi_msg->data[i+5] = ipmb_checksum(&smi_msg->data[i + 3], 2);
L
Linus Torvalds 已提交
1664 1665 1666 1667 1668 1669
	smi_msg->data[i+6] = source_address;
	smi_msg->data[i+7] = (ipmb_seq << 2) | source_lun;
	smi_msg->data[i+8] = msg->cmd;

	/* Now tack on the data to the message. */
	if (msg->data_len > 0)
1670
		memcpy(&smi_msg->data[i + 9], msg->data, msg->data_len);
L
Linus Torvalds 已提交
1671 1672 1673 1674
	smi_msg->data_size = msg->data_len + 9;

	/* Now calculate the checksum and tack it on. */
	smi_msg->data[i+smi_msg->data_size]
1675
		= ipmb_checksum(&smi_msg->data[i + 6], smi_msg->data_size - 6);
L
Linus Torvalds 已提交
1676

1677 1678 1679 1680
	/*
	 * Add on the checksum size and the offset from the
	 * broadcast.
	 */
L
Linus Torvalds 已提交
1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699
	smi_msg->data_size += 1 + i;

	smi_msg->msgid = msgid;
}

static inline void format_lan_msg(struct ipmi_smi_msg   *smi_msg,
				  struct kernel_ipmi_msg *msg,
				  struct ipmi_lan_addr  *lan_addr,
				  long                  msgid,
				  unsigned char         ipmb_seq,
				  unsigned char         source_lun)
{
	/* Format the IPMB header data. */
	smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
	smi_msg->data[1] = IPMI_SEND_MSG_CMD;
	smi_msg->data[2] = lan_addr->channel;
	smi_msg->data[3] = lan_addr->session_handle;
	smi_msg->data[4] = lan_addr->remote_SWID;
	smi_msg->data[5] = (msg->netfn << 2) | (lan_addr->lun & 0x3);
1700
	smi_msg->data[6] = ipmb_checksum(&smi_msg->data[4], 2);
L
Linus Torvalds 已提交
1701 1702 1703 1704 1705 1706
	smi_msg->data[7] = lan_addr->local_SWID;
	smi_msg->data[8] = (ipmb_seq << 2) | source_lun;
	smi_msg->data[9] = msg->cmd;

	/* Now tack on the data to the message. */
	if (msg->data_len > 0)
1707
		memcpy(&smi_msg->data[10], msg->data, msg->data_len);
L
Linus Torvalds 已提交
1708 1709 1710 1711
	smi_msg->data_size = msg->data_len + 10;

	/* Now calculate the checksum and tack it on. */
	smi_msg->data[smi_msg->data_size]
1712
		= ipmb_checksum(&smi_msg->data[7], smi_msg->data_size - 7);
L
Linus Torvalds 已提交
1713

1714 1715 1716 1717
	/*
	 * Add on the checksum size and the offset from the
	 * broadcast.
	 */
L
Linus Torvalds 已提交
1718 1719 1720 1721 1722
	smi_msg->data_size += 1;

	smi_msg->msgid = msgid;
}

1723
static struct ipmi_smi_msg *smi_add_send_msg(struct ipmi_smi *intf,
A
Arnd Bergmann 已提交
1724 1725
					     struct ipmi_smi_msg *smi_msg,
					     int priority)
1726
{
1727 1728 1729 1730 1731 1732 1733 1734 1735
	if (intf->curr_msg) {
		if (priority > 0)
			list_add_tail(&smi_msg->link, &intf->hp_xmit_msgs);
		else
			list_add_tail(&smi_msg->link, &intf->xmit_msgs);
		smi_msg = NULL;
	} else {
		intf->curr_msg = smi_msg;
	}
A
Arnd Bergmann 已提交
1736 1737 1738 1739 1740

	return smi_msg;
}


1741 1742
static void smi_send(struct ipmi_smi *intf,
		     const struct ipmi_smi_handlers *handlers,
A
Arnd Bergmann 已提交
1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753
		     struct ipmi_smi_msg *smi_msg, int priority)
{
	int run_to_completion = intf->run_to_completion;

	if (run_to_completion) {
		smi_msg = smi_add_send_msg(intf, smi_msg, priority);
	} else {
		unsigned long flags;

		spin_lock_irqsave(&intf->xmit_msgs_lock, flags);
		smi_msg = smi_add_send_msg(intf, smi_msg, priority);
1754
		spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags);
A
Arnd Bergmann 已提交
1755
	}
1756 1757

	if (smi_msg)
1758
		handlers->sender(intf->send_info, smi_msg);
1759 1760
}

1761 1762 1763 1764 1765 1766 1767 1768
static bool is_maintenance_mode_cmd(struct kernel_ipmi_msg *msg)
{
	return (((msg->netfn == IPMI_NETFN_APP_REQUEST)
		 && ((msg->cmd == IPMI_COLD_RESET_CMD)
		     || (msg->cmd == IPMI_WARM_RESET_CMD)))
		|| (msg->netfn == IPMI_NETFN_FIRMWARE_REQUEST));
}

1769
static int i_ipmi_req_sysintf(struct ipmi_smi        *intf,
C
Corey Minyard 已提交
1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835
			      struct ipmi_addr       *addr,
			      long                   msgid,
			      struct kernel_ipmi_msg *msg,
			      struct ipmi_smi_msg    *smi_msg,
			      struct ipmi_recv_msg   *recv_msg,
			      int                    retries,
			      unsigned int           retry_time_ms)
{
	struct ipmi_system_interface_addr *smi_addr;

	if (msg->netfn & 1)
		/* Responses are not allowed to the SMI. */
		return -EINVAL;

	smi_addr = (struct ipmi_system_interface_addr *) addr;
	if (smi_addr->lun > 3) {
		ipmi_inc_stat(intf, sent_invalid_commands);
		return -EINVAL;
	}

	memcpy(&recv_msg->addr, smi_addr, sizeof(*smi_addr));

	if ((msg->netfn == IPMI_NETFN_APP_REQUEST)
	    && ((msg->cmd == IPMI_SEND_MSG_CMD)
		|| (msg->cmd == IPMI_GET_MSG_CMD)
		|| (msg->cmd == IPMI_READ_EVENT_MSG_BUFFER_CMD))) {
		/*
		 * We don't let the user do these, since we manage
		 * the sequence numbers.
		 */
		ipmi_inc_stat(intf, sent_invalid_commands);
		return -EINVAL;
	}

	if (is_maintenance_mode_cmd(msg)) {
		unsigned long flags;

		spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
		intf->auto_maintenance_timeout
			= maintenance_mode_timeout_ms;
		if (!intf->maintenance_mode
		    && !intf->maintenance_mode_enable) {
			intf->maintenance_mode_enable = true;
			maintenance_mode_update(intf);
		}
		spin_unlock_irqrestore(&intf->maintenance_mode_lock,
				       flags);
	}

	if (msg->data_len + 2 > IPMI_MAX_MSG_LENGTH) {
		ipmi_inc_stat(intf, sent_invalid_commands);
		return -EMSGSIZE;
	}

	smi_msg->data[0] = (msg->netfn << 2) | (smi_addr->lun & 0x3);
	smi_msg->data[1] = msg->cmd;
	smi_msg->msgid = msgid;
	smi_msg->user_data = recv_msg;
	if (msg->data_len > 0)
		memcpy(&smi_msg->data[2], msg->data, msg->data_len);
	smi_msg->data_size = msg->data_len + 2;
	ipmi_inc_stat(intf, sent_local_commands);

	return 0;
}

1836
static int i_ipmi_req_ipmb(struct ipmi_smi        *intf,
C
Corey Minyard 已提交
1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976
			   struct ipmi_addr       *addr,
			   long                   msgid,
			   struct kernel_ipmi_msg *msg,
			   struct ipmi_smi_msg    *smi_msg,
			   struct ipmi_recv_msg   *recv_msg,
			   unsigned char          source_address,
			   unsigned char          source_lun,
			   int                    retries,
			   unsigned int           retry_time_ms)
{
	struct ipmi_ipmb_addr *ipmb_addr;
	unsigned char ipmb_seq;
	long seqid;
	int broadcast = 0;
	struct ipmi_channel *chans;
	int rv = 0;

	if (addr->channel >= IPMI_MAX_CHANNELS) {
		ipmi_inc_stat(intf, sent_invalid_commands);
		return -EINVAL;
	}

	chans = READ_ONCE(intf->channel_list)->c;

	if (chans[addr->channel].medium != IPMI_CHANNEL_MEDIUM_IPMB) {
		ipmi_inc_stat(intf, sent_invalid_commands);
		return -EINVAL;
	}

	if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE) {
		/*
		 * Broadcasts add a zero at the beginning of the
		 * message, but otherwise is the same as an IPMB
		 * address.
		 */
		addr->addr_type = IPMI_IPMB_ADDR_TYPE;
		broadcast = 1;
		retries = 0; /* Don't retry broadcasts. */
	}

	/*
	 * 9 for the header and 1 for the checksum, plus
	 * possibly one for the broadcast.
	 */
	if ((msg->data_len + 10 + broadcast) > IPMI_MAX_MSG_LENGTH) {
		ipmi_inc_stat(intf, sent_invalid_commands);
		return -EMSGSIZE;
	}

	ipmb_addr = (struct ipmi_ipmb_addr *) addr;
	if (ipmb_addr->lun > 3) {
		ipmi_inc_stat(intf, sent_invalid_commands);
		return -EINVAL;
	}

	memcpy(&recv_msg->addr, ipmb_addr, sizeof(*ipmb_addr));

	if (recv_msg->msg.netfn & 0x1) {
		/*
		 * It's a response, so use the user's sequence
		 * from msgid.
		 */
		ipmi_inc_stat(intf, sent_ipmb_responses);
		format_ipmb_msg(smi_msg, msg, ipmb_addr, msgid,
				msgid, broadcast,
				source_address, source_lun);

		/*
		 * Save the receive message so we can use it
		 * to deliver the response.
		 */
		smi_msg->user_data = recv_msg;
	} else {
		/* It's a command, so get a sequence for it. */
		unsigned long flags;

		spin_lock_irqsave(&intf->seq_lock, flags);

		if (is_maintenance_mode_cmd(msg))
			intf->ipmb_maintenance_mode_timeout =
				maintenance_mode_timeout_ms;

		if (intf->ipmb_maintenance_mode_timeout && retry_time_ms == 0)
			/* Different default in maintenance mode */
			retry_time_ms = default_maintenance_retry_ms;

		/*
		 * Create a sequence number with a 1 second
		 * timeout and 4 retries.
		 */
		rv = intf_next_seq(intf,
				   recv_msg,
				   retry_time_ms,
				   retries,
				   broadcast,
				   &ipmb_seq,
				   &seqid);
		if (rv)
			/*
			 * We have used up all the sequence numbers,
			 * probably, so abort.
			 */
			goto out_err;

		ipmi_inc_stat(intf, sent_ipmb_commands);

		/*
		 * Store the sequence number in the message,
		 * so that when the send message response
		 * comes back we can start the timer.
		 */
		format_ipmb_msg(smi_msg, msg, ipmb_addr,
				STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
				ipmb_seq, broadcast,
				source_address, source_lun);

		/*
		 * Copy the message into the recv message data, so we
		 * can retransmit it later if necessary.
		 */
		memcpy(recv_msg->msg_data, smi_msg->data,
		       smi_msg->data_size);
		recv_msg->msg.data = recv_msg->msg_data;
		recv_msg->msg.data_len = smi_msg->data_size;

		/*
		 * We don't unlock until here, because we need
		 * to copy the completed message into the
		 * recv_msg before we release the lock.
		 * Otherwise, race conditions may bite us.  I
		 * know that's pretty paranoid, but I prefer
		 * to be correct.
		 */
out_err:
		spin_unlock_irqrestore(&intf->seq_lock, flags);
	}

	return rv;
}

1977
static int i_ipmi_req_lan(struct ipmi_smi        *intf,
C
Corey Minyard 已提交
1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094
			  struct ipmi_addr       *addr,
			  long                   msgid,
			  struct kernel_ipmi_msg *msg,
			  struct ipmi_smi_msg    *smi_msg,
			  struct ipmi_recv_msg   *recv_msg,
			  unsigned char          source_lun,
			  int                    retries,
			  unsigned int           retry_time_ms)
{
	struct ipmi_lan_addr  *lan_addr;
	unsigned char ipmb_seq;
	long seqid;
	struct ipmi_channel *chans;
	int rv = 0;

	if (addr->channel >= IPMI_MAX_CHANNELS) {
		ipmi_inc_stat(intf, sent_invalid_commands);
		return -EINVAL;
	}

	chans = READ_ONCE(intf->channel_list)->c;

	if ((chans[addr->channel].medium
				!= IPMI_CHANNEL_MEDIUM_8023LAN)
			&& (chans[addr->channel].medium
			    != IPMI_CHANNEL_MEDIUM_ASYNC)) {
		ipmi_inc_stat(intf, sent_invalid_commands);
		return -EINVAL;
	}

	/* 11 for the header and 1 for the checksum. */
	if ((msg->data_len + 12) > IPMI_MAX_MSG_LENGTH) {
		ipmi_inc_stat(intf, sent_invalid_commands);
		return -EMSGSIZE;
	}

	lan_addr = (struct ipmi_lan_addr *) addr;
	if (lan_addr->lun > 3) {
		ipmi_inc_stat(intf, sent_invalid_commands);
		return -EINVAL;
	}

	memcpy(&recv_msg->addr, lan_addr, sizeof(*lan_addr));

	if (recv_msg->msg.netfn & 0x1) {
		/*
		 * It's a response, so use the user's sequence
		 * from msgid.
		 */
		ipmi_inc_stat(intf, sent_lan_responses);
		format_lan_msg(smi_msg, msg, lan_addr, msgid,
			       msgid, source_lun);

		/*
		 * Save the receive message so we can use it
		 * to deliver the response.
		 */
		smi_msg->user_data = recv_msg;
	} else {
		/* It's a command, so get a sequence for it. */
		unsigned long flags;

		spin_lock_irqsave(&intf->seq_lock, flags);

		/*
		 * Create a sequence number with a 1 second
		 * timeout and 4 retries.
		 */
		rv = intf_next_seq(intf,
				   recv_msg,
				   retry_time_ms,
				   retries,
				   0,
				   &ipmb_seq,
				   &seqid);
		if (rv)
			/*
			 * We have used up all the sequence numbers,
			 * probably, so abort.
			 */
			goto out_err;

		ipmi_inc_stat(intf, sent_lan_commands);

		/*
		 * Store the sequence number in the message,
		 * so that when the send message response
		 * comes back we can start the timer.
		 */
		format_lan_msg(smi_msg, msg, lan_addr,
			       STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
			       ipmb_seq, source_lun);

		/*
		 * Copy the message into the recv message data, so we
		 * can retransmit it later if necessary.
		 */
		memcpy(recv_msg->msg_data, smi_msg->data,
		       smi_msg->data_size);
		recv_msg->msg.data = recv_msg->msg_data;
		recv_msg->msg.data_len = smi_msg->data_size;

		/*
		 * We don't unlock until here, because we need
		 * to copy the completed message into the
		 * recv_msg before we release the lock.
		 * Otherwise, race conditions may bite us.  I
		 * know that's pretty paranoid, but I prefer
		 * to be correct.
		 */
out_err:
		spin_unlock_irqrestore(&intf->seq_lock, flags);
	}

	return rv;
}

2095 2096 2097 2098 2099 2100
/*
 * Separate from ipmi_request so that the user does not have to be
 * supplied in certain circumstances (mainly at panic time).  If
 * messages are supplied, they will be freed, even if an error
 * occurs.
 */
2101
static int i_ipmi_request(struct ipmi_user     *user,
2102
			  struct ipmi_smi      *intf,
2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113
			  struct ipmi_addr     *addr,
			  long                 msgid,
			  struct kernel_ipmi_msg *msg,
			  void                 *user_msg_data,
			  void                 *supplied_smi,
			  struct ipmi_recv_msg *supplied_recv,
			  int                  priority,
			  unsigned char        source_address,
			  unsigned char        source_lun,
			  int                  retries,
			  unsigned int         retry_time_ms)
L
Linus Torvalds 已提交
2114
{
C
Corey Minyard 已提交
2115 2116 2117
	struct ipmi_smi_msg *smi_msg;
	struct ipmi_recv_msg *recv_msg;
	int rv = 0;
L
Linus Torvalds 已提交
2118

2119
	if (supplied_recv)
L
Linus Torvalds 已提交
2120
		recv_msg = supplied_recv;
2121
	else {
L
Linus Torvalds 已提交
2122
		recv_msg = ipmi_alloc_recv_msg();
2123 2124 2125 2126
		if (recv_msg == NULL) {
			rv = -ENOMEM;
			goto out;
		}
L
Linus Torvalds 已提交
2127 2128 2129
	}
	recv_msg->user_msg_data = user_msg_data;

2130
	if (supplied_smi)
L
Linus Torvalds 已提交
2131
		smi_msg = (struct ipmi_smi_msg *) supplied_smi;
2132
	else {
L
Linus Torvalds 已提交
2133 2134 2135
		smi_msg = ipmi_alloc_smi_msg();
		if (smi_msg == NULL) {
			ipmi_free_recv_msg(recv_msg);
2136 2137
			rv = -ENOMEM;
			goto out;
L
Linus Torvalds 已提交
2138 2139 2140
		}
	}

2141
	rcu_read_lock();
2142
	if (intf->in_shutdown) {
2143 2144 2145 2146
		rv = -ENODEV;
		goto out_err;
	}

L
Linus Torvalds 已提交
2147
	recv_msg->user = user;
2148
	if (user)
2149
		/* The put happens when the message is freed. */
2150
		kref_get(&user->refcount);
L
Linus Torvalds 已提交
2151
	recv_msg->msgid = msgid;
2152 2153 2154 2155
	/*
	 * Store the message to send in the receive message so timeout
	 * responses can get the proper response data.
	 */
L
Linus Torvalds 已提交
2156 2157 2158
	recv_msg->msg = *msg;

	if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
C
Corey Minyard 已提交
2159 2160
		rv = i_ipmi_req_sysintf(intf, addr, msgid, msg, smi_msg,
					recv_msg, retries, retry_time_ms);
2161
	} else if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) {
C
Corey Minyard 已提交
2162 2163 2164
		rv = i_ipmi_req_ipmb(intf, addr, msgid, msg, smi_msg, recv_msg,
				     source_address, source_lun,
				     retries, retry_time_ms);
2165
	} else if (is_lan_addr(addr)) {
C
Corey Minyard 已提交
2166 2167
		rv = i_ipmi_req_lan(intf, addr, msgid, msg, smi_msg, recv_msg,
				    source_lun, retries, retry_time_ms);
L
Linus Torvalds 已提交
2168 2169
	} else {
	    /* Unknown address type. */
2170
		ipmi_inc_stat(intf, sent_invalid_commands);
L
Linus Torvalds 已提交
2171 2172 2173
		rv = -EINVAL;
	}

C
Corey Minyard 已提交
2174 2175 2176 2177 2178 2179
	if (rv) {
out_err:
		ipmi_free_smi_msg(smi_msg);
		ipmi_free_recv_msg(recv_msg);
	} else {
		ipmi_debug_msg("Send", smi_msg->data, smi_msg->data_size);
2180

C
Corey Minyard 已提交
2181 2182
		smi_send(intf, intf->handlers, smi_msg, priority);
	}
2183
	rcu_read_unlock();
L
Linus Torvalds 已提交
2184

2185
out:
L
Linus Torvalds 已提交
2186 2187 2188
	return rv;
}

2189
static int check_addr(struct ipmi_smi  *intf,
2190 2191 2192 2193 2194 2195
		      struct ipmi_addr *addr,
		      unsigned char    *saddr,
		      unsigned char    *lun)
{
	if (addr->channel >= IPMI_MAX_CHANNELS)
		return -EINVAL;
2196
	addr->channel = array_index_nospec(addr->channel, IPMI_MAX_CHANNELS);
2197 2198
	*lun = intf->addrinfo[addr->channel].lun;
	*saddr = intf->addrinfo[addr->channel].address;
2199 2200 2201
	return 0;
}

2202
int ipmi_request_settime(struct ipmi_user *user,
L
Linus Torvalds 已提交
2203 2204 2205 2206 2207 2208 2209 2210
			 struct ipmi_addr *addr,
			 long             msgid,
			 struct kernel_ipmi_msg  *msg,
			 void             *user_msg_data,
			 int              priority,
			 int              retries,
			 unsigned int     retry_time_ms)
{
2211
	unsigned char saddr = 0, lun = 0;
2212
	int rv, index;
2213

2214
	if (!user)
2215
		return -EINVAL;
2216 2217 2218 2219 2220

	user = acquire_ipmi_user(user, &index);
	if (!user)
		return -ENODEV;

2221
	rv = check_addr(user->intf, addr, &saddr, &lun);
2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237
	if (!rv)
		rv = i_ipmi_request(user,
				    user->intf,
				    addr,
				    msgid,
				    msg,
				    user_msg_data,
				    NULL, NULL,
				    priority,
				    saddr,
				    lun,
				    retries,
				    retry_time_ms);

	release_ipmi_user(user, index);
	return rv;
L
Linus Torvalds 已提交
2238
}
2239
EXPORT_SYMBOL(ipmi_request_settime);
L
Linus Torvalds 已提交
2240

2241
int ipmi_request_supply_msgs(struct ipmi_user     *user,
L
Linus Torvalds 已提交
2242 2243 2244 2245 2246 2247 2248 2249
			     struct ipmi_addr     *addr,
			     long                 msgid,
			     struct kernel_ipmi_msg *msg,
			     void                 *user_msg_data,
			     void                 *supplied_smi,
			     struct ipmi_recv_msg *supplied_recv,
			     int                  priority)
{
2250
	unsigned char saddr = 0, lun = 0;
2251
	int rv, index;
2252

2253
	if (!user)
2254
		return -EINVAL;
2255 2256 2257 2258 2259

	user = acquire_ipmi_user(user, &index);
	if (!user)
		return -ENODEV;

2260
	rv = check_addr(user->intf, addr, &saddr, &lun);
2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276
	if (!rv)
		rv = i_ipmi_request(user,
				    user->intf,
				    addr,
				    msgid,
				    msg,
				    user_msg_data,
				    supplied_smi,
				    supplied_recv,
				    priority,
				    saddr,
				    lun,
				    -1, 0);

	release_ipmi_user(user, index);
	return rv;
L
Linus Torvalds 已提交
2277
}
2278
EXPORT_SYMBOL(ipmi_request_supply_msgs);
L
Linus Torvalds 已提交
2279

2280 2281
static void bmc_device_id_handler(struct ipmi_smi *intf,
				  struct ipmi_recv_msg *msg)
2282 2283 2284 2285 2286 2287
{
	int rv;

	if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
			|| (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE)
			|| (msg->msg.cmd != IPMI_GET_DEVICE_ID_CMD)) {
2288
		dev_warn(intf->si_dev,
2289 2290
			 "invalid device_id msg: addr_type=%d netfn=%x cmd=%x\n",
			 msg->addr.addr_type, msg->msg.netfn, msg->msg.cmd);
2291 2292 2293 2294 2295 2296
		return;
	}

	rv = ipmi_demangle_device_id(msg->msg.netfn, msg->msg.cmd,
			msg->msg.data, msg->msg.data_len, &intf->bmc->fetch_id);
	if (rv) {
2297
		dev_warn(intf->si_dev, "device id demangle failed: %d\n", rv);
2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311
		intf->bmc->dyn_id_set = 0;
	} else {
		/*
		 * Make sure the id data is available before setting
		 * dyn_id_set.
		 */
		smp_wmb();
		intf->bmc->dyn_id_set = 1;
	}

	wake_up(&intf->waitq);
}

static int
2312
send_get_device_id_cmd(struct ipmi_smi *intf)
2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334
{
	struct ipmi_system_interface_addr si;
	struct kernel_ipmi_msg msg;

	si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
	si.channel = IPMI_BMC_CHANNEL;
	si.lun = 0;

	msg.netfn = IPMI_NETFN_APP_REQUEST;
	msg.cmd = IPMI_GET_DEVICE_ID_CMD;
	msg.data = NULL;
	msg.data_len = 0;

	return i_ipmi_request(NULL,
			      intf,
			      (struct ipmi_addr *) &si,
			      0,
			      &msg,
			      intf,
			      NULL,
			      NULL,
			      0,
2335 2336
			      intf->addrinfo[0].address,
			      intf->addrinfo[0].lun,
2337 2338 2339
			      -1, 0);
}

2340
static int __get_device_id(struct ipmi_smi *intf, struct bmc_device *bmc)
2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373
{
	int rv;

	bmc->dyn_id_set = 2;

	intf->null_user_handler = bmc_device_id_handler;

	rv = send_get_device_id_cmd(intf);
	if (rv)
		return rv;

	wait_event(intf->waitq, bmc->dyn_id_set != 2);

	if (!bmc->dyn_id_set)
		rv = -EIO; /* Something went wrong in the fetch. */

	/* dyn_id_set makes the id data available. */
	smp_rmb();

	intf->null_user_handler = NULL;

	return rv;
}

/*
 * Fetch the device id for the bmc/interface.  You must pass in either
 * bmc or intf, this code will get the other one.  If the data has
 * been recently fetched, this will just use the cached data.  Otherwise
 * it will run a new fetch.
 *
 * Except for the first time this is called (in ipmi_register_smi()),
 * this will always return good data;
 */
2374
static int __bmc_get_device_id(struct ipmi_smi *intf, struct bmc_device *bmc,
2375
			       struct ipmi_device_id *id,
2376
			       bool *guid_set, guid_t *guid, int intf_num)
2377
{
2378
	int rv = 0;
2379
	int prev_dyn_id_set, prev_guid_set;
2380
	bool intf_set = intf != NULL;
2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 2400 2401 2402

	if (!intf) {
		mutex_lock(&bmc->dyn_mutex);
retry_bmc_lock:
		if (list_empty(&bmc->intfs)) {
			mutex_unlock(&bmc->dyn_mutex);
			return -ENOENT;
		}
		intf = list_first_entry(&bmc->intfs, struct ipmi_smi,
					bmc_link);
		kref_get(&intf->refcount);
		mutex_unlock(&bmc->dyn_mutex);
		mutex_lock(&intf->bmc_reg_mutex);
		mutex_lock(&bmc->dyn_mutex);
		if (intf != list_first_entry(&bmc->intfs, struct ipmi_smi,
					     bmc_link)) {
			mutex_unlock(&intf->bmc_reg_mutex);
			kref_put(&intf->refcount, intf_free);
			goto retry_bmc_lock;
		}
	} else {
		mutex_lock(&intf->bmc_reg_mutex);
2403
		bmc = intf->bmc;
2404 2405 2406
		mutex_lock(&bmc->dyn_mutex);
		kref_get(&intf->refcount);
	}
2407

2408
	/* If we have a valid and current ID, just return that. */
2409 2410 2411
	if (intf->in_bmc_register ||
	    (bmc->dyn_id_set && time_is_after_jiffies(bmc->dyn_id_expiry)))
		goto out_noprocessing;
2412

2413 2414 2415 2416
	prev_guid_set = bmc->dyn_guid_set;
	__get_guid(intf);

	prev_dyn_id_set = bmc->dyn_id_set;
2417 2418 2419 2420
	rv = __get_device_id(intf, bmc);
	if (rv)
		goto out;

2421 2422 2423 2424 2425 2426 2427 2428
	/*
	 * The guid, device id, manufacturer id, and product id should
	 * not change on a BMC.  If it does we have to do some dancing.
	 */
	if (!intf->bmc_registered
	    || (!prev_guid_set && bmc->dyn_guid_set)
	    || (!prev_dyn_id_set && bmc->dyn_id_set)
	    || (prev_guid_set && bmc->dyn_guid_set
2429
		&& !guid_equal(&bmc->guid, &bmc->fetch_guid))
2430 2431 2432 2433 2434
	    || bmc->id.device_id != bmc->fetch_id.device_id
	    || bmc->id.manufacturer_id != bmc->fetch_id.manufacturer_id
	    || bmc->id.product_id != bmc->fetch_id.product_id) {
		struct ipmi_device_id id = bmc->fetch_id;
		int guid_set = bmc->dyn_guid_set;
2435
		guid_t guid;
2436

2437
		guid = bmc->fetch_guid;
2438 2439 2440 2441 2442 2443
		mutex_unlock(&bmc->dyn_mutex);

		__ipmi_bmc_unregister(intf);
		/* Fill in the temporary BMC for good measure. */
		intf->bmc->id = id;
		intf->bmc->dyn_guid_set = guid_set;
2444 2445
		intf->bmc->guid = guid;
		if (__ipmi_bmc_register(intf, &id, guid_set, &guid, intf_num))
2446
			need_waiter(intf); /* Retry later on an error. */
2447 2448 2449
		else
			__scan_channels(intf, &id);

2450 2451 2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464 2465

		if (!intf_set) {
			/*
			 * We weren't given the interface on the
			 * command line, so restart the operation on
			 * the next interface for the BMC.
			 */
			mutex_unlock(&intf->bmc_reg_mutex);
			mutex_lock(&bmc->dyn_mutex);
			goto retry_bmc_lock;
		}

		/* We have a new BMC, set it up. */
		bmc = intf->bmc;
		mutex_lock(&bmc->dyn_mutex);
		goto out_noprocessing;
2466 2467 2468
	} else if (memcmp(&bmc->fetch_id, &bmc->id, sizeof(bmc->id)))
		/* Version info changes, scan the channels again. */
		__scan_channels(intf, &bmc->fetch_id);
2469 2470 2471 2472 2473 2474 2475 2476

	bmc->dyn_id_expiry = jiffies + IPMI_DYN_DEV_ID_EXPIRY;

out:
	if (rv && prev_dyn_id_set) {
		rv = 0; /* Ignore failures if we have previous data. */
		bmc->dyn_id_set = prev_dyn_id_set;
	}
2477 2478 2479
	if (!rv) {
		bmc->id = bmc->fetch_id;
		if (bmc->dyn_guid_set)
2480
			bmc->guid = bmc->fetch_guid;
2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491
		else if (prev_guid_set)
			/*
			 * The guid used to be valid and it failed to fetch,
			 * just use the cached value.
			 */
			bmc->dyn_guid_set = prev_guid_set;
	}
out_noprocessing:
	if (!rv) {
		if (id)
			*id = bmc->id;
2492

2493 2494
		if (guid_set)
			*guid_set = bmc->dyn_guid_set;
2495

2496
		if (guid && bmc->dyn_guid_set)
2497
			*guid =  bmc->guid;
2498
	}
2499

2500 2501 2502 2503 2504
	mutex_unlock(&bmc->dyn_mutex);
	mutex_unlock(&intf->bmc_reg_mutex);

	kref_put(&intf->refcount, intf_free);
	return rv;
2505 2506
}

2507
static int bmc_get_device_id(struct ipmi_smi *intf, struct bmc_device *bmc,
2508
			     struct ipmi_device_id *id,
2509
			     bool *guid_set, guid_t *guid)
2510 2511 2512 2513
{
	return __bmc_get_device_id(intf, bmc, id, guid_set, guid, -1);
}

2514 2515 2516 2517
static ssize_t device_id_show(struct device *dev,
			      struct device_attribute *attr,
			      char *buf)
{
2518
	struct bmc_device *bmc = to_bmc_device(dev);
2519 2520 2521
	struct ipmi_device_id id;
	int rv;

2522
	rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2523 2524
	if (rv)
		return rv;
2525

2526
	return snprintf(buf, 10, "%u\n", id.device_id);
2527
}
J
Joe Perches 已提交
2528
static DEVICE_ATTR_RO(device_id);
2529

2530 2531 2532
static ssize_t provides_device_sdrs_show(struct device *dev,
					 struct device_attribute *attr,
					 char *buf)
2533
{
2534
	struct bmc_device *bmc = to_bmc_device(dev);
2535 2536
	struct ipmi_device_id id;
	int rv;
2537

2538
	rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2539 2540 2541 2542
	if (rv)
		return rv;

	return snprintf(buf, 10, "%u\n", (id.device_revision & 0x80) >> 7);
2543
}
J
Joe Perches 已提交
2544
static DEVICE_ATTR_RO(provides_device_sdrs);
2545 2546 2547 2548

static ssize_t revision_show(struct device *dev, struct device_attribute *attr,
			     char *buf)
{
2549
	struct bmc_device *bmc = to_bmc_device(dev);
2550 2551
	struct ipmi_device_id id;
	int rv;
2552

2553
	rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2554 2555 2556 2557
	if (rv)
		return rv;

	return snprintf(buf, 20, "%u\n", id.device_revision & 0x0F);
2558
}
J
Joe Perches 已提交
2559
static DEVICE_ATTR_RO(revision);
2560

2561 2562 2563
static ssize_t firmware_revision_show(struct device *dev,
				      struct device_attribute *attr,
				      char *buf)
2564
{
2565
	struct bmc_device *bmc = to_bmc_device(dev);
2566 2567
	struct ipmi_device_id id;
	int rv;
2568

2569
	rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2570 2571 2572 2573 2574
	if (rv)
		return rv;

	return snprintf(buf, 20, "%u.%x\n", id.firmware_revision_1,
			id.firmware_revision_2);
2575
}
J
Joe Perches 已提交
2576
static DEVICE_ATTR_RO(firmware_revision);
2577 2578 2579 2580 2581

static ssize_t ipmi_version_show(struct device *dev,
				 struct device_attribute *attr,
				 char *buf)
{
2582
	struct bmc_device *bmc = to_bmc_device(dev);
2583 2584 2585
	struct ipmi_device_id id;
	int rv;

2586
	rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2587 2588
	if (rv)
		return rv;
2589 2590

	return snprintf(buf, 20, "%u.%u\n",
2591 2592
			ipmi_version_major(&id),
			ipmi_version_minor(&id));
2593
}
J
Joe Perches 已提交
2594
static DEVICE_ATTR_RO(ipmi_version);
2595 2596 2597 2598 2599

static ssize_t add_dev_support_show(struct device *dev,
				    struct device_attribute *attr,
				    char *buf)
{
2600
	struct bmc_device *bmc = to_bmc_device(dev);
2601 2602
	struct ipmi_device_id id;
	int rv;
2603

2604
	rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2605 2606 2607 2608
	if (rv)
		return rv;

	return snprintf(buf, 10, "0x%02x\n", id.additional_device_support);
2609
}
2610 2611
static DEVICE_ATTR(additional_device_support, S_IRUGO, add_dev_support_show,
		   NULL);
2612 2613 2614 2615 2616

static ssize_t manufacturer_id_show(struct device *dev,
				    struct device_attribute *attr,
				    char *buf)
{
2617
	struct bmc_device *bmc = to_bmc_device(dev);
2618 2619 2620
	struct ipmi_device_id id;
	int rv;

2621
	rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2622 2623
	if (rv)
		return rv;
2624

2625
	return snprintf(buf, 20, "0x%6.6x\n", id.manufacturer_id);
2626
}
J
Joe Perches 已提交
2627
static DEVICE_ATTR_RO(manufacturer_id);
2628 2629 2630 2631 2632

static ssize_t product_id_show(struct device *dev,
			       struct device_attribute *attr,
			       char *buf)
{
2633
	struct bmc_device *bmc = to_bmc_device(dev);
2634 2635 2636
	struct ipmi_device_id id;
	int rv;

2637
	rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2638 2639
	if (rv)
		return rv;
2640

2641
	return snprintf(buf, 10, "0x%4.4x\n", id.product_id);
2642
}
J
Joe Perches 已提交
2643
static DEVICE_ATTR_RO(product_id);
2644 2645 2646 2647 2648

static ssize_t aux_firmware_rev_show(struct device *dev,
				     struct device_attribute *attr,
				     char *buf)
{
2649
	struct bmc_device *bmc = to_bmc_device(dev);
2650 2651 2652
	struct ipmi_device_id id;
	int rv;

2653
	rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2654 2655
	if (rv)
		return rv;
2656 2657

	return snprintf(buf, 21, "0x%02x 0x%02x 0x%02x 0x%02x\n",
2658 2659 2660 2661
			id.aux_firmware_revision[3],
			id.aux_firmware_revision[2],
			id.aux_firmware_revision[1],
			id.aux_firmware_revision[0]);
2662
}
2663
static DEVICE_ATTR(aux_firmware_revision, S_IRUGO, aux_firmware_rev_show, NULL);
2664 2665 2666 2667

static ssize_t guid_show(struct device *dev, struct device_attribute *attr,
			 char *buf)
{
2668
	struct bmc_device *bmc = to_bmc_device(dev);
2669
	bool guid_set;
2670
	guid_t guid;
2671 2672
	int rv;

2673
	rv = bmc_get_device_id(NULL, bmc, NULL, &guid_set, &guid);
2674 2675 2676 2677
	if (rv)
		return rv;
	if (!guid_set)
		return -ENOENT;
2678

2679
	return snprintf(buf, 38, "%pUl\n", guid.b);
2680
}
J
Joe Perches 已提交
2681
static DEVICE_ATTR_RO(guid);
2682 2683 2684 2685 2686 2687 2688 2689 2690 2691

static struct attribute *bmc_dev_attrs[] = {
	&dev_attr_device_id.attr,
	&dev_attr_provides_device_sdrs.attr,
	&dev_attr_revision.attr,
	&dev_attr_firmware_revision.attr,
	&dev_attr_ipmi_version.attr,
	&dev_attr_additional_device_support.attr,
	&dev_attr_manufacturer_id.attr,
	&dev_attr_product_id.attr,
2692 2693
	&dev_attr_aux_firmware_revision.attr,
	&dev_attr_guid.attr,
2694 2695
	NULL
};
2696

2697 2698 2699 2700 2701 2702
static umode_t bmc_dev_attr_is_visible(struct kobject *kobj,
				       struct attribute *attr, int idx)
{
	struct device *dev = kobj_to_dev(kobj);
	struct bmc_device *bmc = to_bmc_device(dev);
	umode_t mode = attr->mode;
2703
	int rv;
2704

2705
	if (attr == &dev_attr_aux_firmware_revision.attr) {
2706 2707 2708
		struct ipmi_device_id id;

		rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2709 2710
		return (!rv && id.aux_firmware_revision_set) ? mode : 0;
	}
2711 2712 2713 2714 2715 2716
	if (attr == &dev_attr_guid.attr) {
		bool guid_set;

		rv = bmc_get_device_id(NULL, bmc, NULL, &guid_set, NULL);
		return (!rv && guid_set) ? mode : 0;
	}
2717 2718 2719
	return mode;
}

2720
static const struct attribute_group bmc_dev_attr_group = {
2721
	.attrs		= bmc_dev_attrs,
2722
	.is_visible	= bmc_dev_attr_is_visible,
2723
};
J
Jeff Garzik 已提交
2724

2725 2726 2727 2728 2729
static const struct attribute_group *bmc_dev_attr_groups[] = {
	&bmc_dev_attr_group,
	NULL
};

2730
static const struct device_type bmc_device_type = {
2731 2732 2733
	.groups		= bmc_dev_attr_groups,
};

2734 2735
static int __find_bmc_guid(struct device *dev, void *data)
{
2736
	guid_t *guid = data;
2737 2738
	struct bmc_device *bmc;
	int rv;
2739

2740 2741 2742
	if (dev->type != &bmc_device_type)
		return 0;

2743
	bmc = to_bmc_device(dev);
2744
	rv = bmc->dyn_guid_set && guid_equal(&bmc->guid, guid);
2745 2746 2747
	if (rv)
		rv = kref_get_unless_zero(&bmc->usecount);
	return rv;
2748 2749
}

2750
/*
2751
 * Returns with the bmc's usecount incremented, if it is non-NULL.
2752
 */
2753
static struct bmc_device *ipmi_find_bmc_guid(struct device_driver *drv,
2754
					     guid_t *guid)
2755 2756
{
	struct device *dev;
2757
	struct bmc_device *bmc = NULL;
2758 2759

	dev = driver_find_device(drv, NULL, guid, __find_bmc_guid);
2760 2761 2762 2763 2764
	if (dev) {
		bmc = to_bmc_device(dev);
		put_device(dev);
	}
	return bmc;
2765 2766 2767 2768 2769 2770 2771 2772 2773
}

struct prod_dev_id {
	unsigned int  product_id;
	unsigned char device_id;
};

static int __find_bmc_prod_dev_id(struct device *dev, void *data)
{
2774
	struct prod_dev_id *cid = data;
2775
	struct bmc_device *bmc;
2776
	int rv;
2777 2778 2779

	if (dev->type != &bmc_device_type)
		return 0;
2780

2781
	bmc = to_bmc_device(dev);
2782 2783
	rv = (bmc->id.product_id == cid->product_id
	      && bmc->id.device_id == cid->device_id);
2784
	if (rv)
2785 2786
		rv = kref_get_unless_zero(&bmc->usecount);
	return rv;
2787 2788
}

2789
/*
2790
 * Returns with the bmc's usecount incremented, if it is non-NULL.
2791
 */
2792 2793 2794 2795 2796 2797 2798 2799 2800
static struct bmc_device *ipmi_find_bmc_prod_dev_id(
	struct device_driver *drv,
	unsigned int product_id, unsigned char device_id)
{
	struct prod_dev_id id = {
		.product_id = product_id,
		.device_id = device_id,
	};
	struct device *dev;
2801
	struct bmc_device *bmc = NULL;
2802 2803

	dev = driver_find_device(drv, NULL, &id, __find_bmc_prod_dev_id);
2804 2805 2806 2807 2808
	if (dev) {
		bmc = to_bmc_device(dev);
		put_device(dev);
	}
	return bmc;
2809 2810
}

2811 2812
static DEFINE_IDA(ipmi_bmc_ida);

2813 2814 2815 2816
static void
release_bmc_device(struct device *dev)
{
	kfree(to_bmc_device(dev));
J
Jeff Garzik 已提交
2817 2818
}

2819
static void cleanup_bmc_work(struct work_struct *work)
J
Jeff Garzik 已提交
2820
{
2821 2822
	struct bmc_device *bmc = container_of(work, struct bmc_device,
					      remove_work);
2823
	int id = bmc->pdev.id; /* Unregister overwrites id */
J
Jeff Garzik 已提交
2824

2825
	platform_device_unregister(&bmc->pdev);
2826
	ida_simple_remove(&ipmi_bmc_ida, id);
2827 2828
}

2829 2830 2831 2832 2833 2834 2835 2836 2837 2838 2839 2840 2841 2842 2843 2844
static void
cleanup_bmc_device(struct kref *ref)
{
	struct bmc_device *bmc = container_of(ref, struct bmc_device, usecount);

	/*
	 * Remove the platform device in a work queue to avoid issues
	 * with removing the device attributes while reading a device
	 * attribute.
	 */
	schedule_work(&bmc->remove_work);
}

/*
 * Must be called with intf->bmc_reg_mutex held.
 */
2845
static void __ipmi_bmc_unregister(struct ipmi_smi *intf)
2846 2847 2848
{
	struct bmc_device *bmc = intf->bmc;

C
Corey Minyard 已提交
2849 2850 2851
	if (!intf->bmc_registered)
		return;

2852
	sysfs_remove_link(&intf->si_dev->kobj, "bmc");
C
Corey Minyard 已提交
2853 2854 2855
	sysfs_remove_link(&bmc->pdev.dev.kobj, intf->my_dev_name);
	kfree(intf->my_dev_name);
	intf->my_dev_name = NULL;
2856

2857
	mutex_lock(&bmc->dyn_mutex);
2858
	list_del(&intf->bmc_link);
2859
	mutex_unlock(&bmc->dyn_mutex);
2860
	intf->bmc = &intf->tmp_bmc;
2861
	kref_put(&bmc->usecount, cleanup_bmc_device);
C
Corey Minyard 已提交
2862
	intf->bmc_registered = false;
2863
}
2864

2865
static void ipmi_bmc_unregister(struct ipmi_smi *intf)
2866 2867 2868
{
	mutex_lock(&intf->bmc_reg_mutex);
	__ipmi_bmc_unregister(intf);
2869
	mutex_unlock(&intf->bmc_reg_mutex);
2870 2871
}

2872 2873 2874
/*
 * Must be called with intf->bmc_reg_mutex held.
 */
2875
static int __ipmi_bmc_register(struct ipmi_smi *intf,
2876
			       struct ipmi_device_id *id,
2877
			       bool guid_set, guid_t *guid, int intf_num)
2878 2879
{
	int               rv;
2880
	struct bmc_device *bmc;
2881 2882
	struct bmc_device *old_bmc;

2883 2884 2885 2886 2887 2888 2889 2890 2891
	/*
	 * platform_device_register() can cause bmc_reg_mutex to
	 * be claimed because of the is_visible functions of
	 * the attributes.  Eliminate possible recursion and
	 * release the lock.
	 */
	intf->in_bmc_register = true;
	mutex_unlock(&intf->bmc_reg_mutex);

2892 2893 2894 2895
	/*
	 * Try to find if there is an bmc_device struct
	 * representing the interfaced BMC already
	 */
2896
	mutex_lock(&ipmidriver_mutex);
2897 2898
	if (guid_set)
		old_bmc = ipmi_find_bmc_guid(&ipmidriver.driver, guid);
2899
	else
2900
		old_bmc = ipmi_find_bmc_prod_dev_id(&ipmidriver.driver,
2901 2902
						    id->product_id,
						    id->device_id);
2903 2904 2905 2906 2907 2908

	/*
	 * If there is already an bmc_device, free the new one,
	 * otherwise register the new BMC device
	 */
	if (old_bmc) {
2909
		bmc = old_bmc;
2910 2911 2912 2913
		/*
		 * Note: old_bmc already has usecount incremented by
		 * the BMC find functions.
		 */
2914
		intf->bmc = old_bmc;
2915
		mutex_lock(&bmc->dyn_mutex);
2916
		list_add_tail(&intf->bmc_link, &bmc->intfs);
2917
		mutex_unlock(&bmc->dyn_mutex);
2918

2919
		dev_info(intf->si_dev,
2920
			 "interfacing existing BMC (man_id: 0x%6.6x, prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",
2921 2922 2923
			 bmc->id.manufacturer_id,
			 bmc->id.product_id,
			 bmc->id.device_id);
2924
	} else {
2925 2926 2927 2928 2929 2930 2931
		bmc = kzalloc(sizeof(*bmc), GFP_KERNEL);
		if (!bmc) {
			rv = -ENOMEM;
			goto out;
		}
		INIT_LIST_HEAD(&bmc->intfs);
		mutex_init(&bmc->dyn_mutex);
2932 2933 2934 2935 2936
		INIT_WORK(&bmc->remove_work, cleanup_bmc_work);

		bmc->id = *id;
		bmc->dyn_id_set = 1;
		bmc->dyn_guid_set = guid_set;
2937
		bmc->guid = *guid;
2938
		bmc->dyn_id_expiry = jiffies + IPMI_DYN_DEV_ID_EXPIRY;
2939

2940
		bmc->pdev.name = "ipmi_bmc";
2941

2942 2943 2944
		rv = ida_simple_get(&ipmi_bmc_ida, 0, 0, GFP_KERNEL);
		if (rv < 0)
			goto out;
2945
		bmc->pdev.dev.driver = &ipmidriver.driver;
2946
		bmc->pdev.id = rv;
2947 2948
		bmc->pdev.dev.release = release_bmc_device;
		bmc->pdev.dev.type = &bmc_device_type;
2949
		kref_init(&bmc->usecount);
2950

2951 2952
		intf->bmc = bmc;
		mutex_lock(&bmc->dyn_mutex);
2953
		list_add_tail(&intf->bmc_link, &bmc->intfs);
2954 2955 2956
		mutex_unlock(&bmc->dyn_mutex);

		rv = platform_device_register(&bmc->pdev);
2957
		if (rv) {
2958
			dev_err(intf->si_dev,
2959
				"Unable to register bmc device: %d\n",
2960
				rv);
C
Corey Minyard 已提交
2961
			goto out_list_del;
2962 2963
		}

2964 2965
		dev_info(intf->si_dev,
			 "Found new BMC (man_id: 0x%6.6x, prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",
2966 2967 2968
			 bmc->id.manufacturer_id,
			 bmc->id.product_id,
			 bmc->id.device_id);
2969 2970 2971 2972 2973 2974
	}

	/*
	 * create symlink from system interface device to bmc device
	 * and back.
	 */
2975
	rv = sysfs_create_link(&intf->si_dev->kobj, &bmc->pdev.dev.kobj, "bmc");
2976
	if (rv) {
2977
		dev_err(intf->si_dev, "Unable to create bmc symlink: %d\n", rv);
C
Corey Minyard 已提交
2978
		goto out_put_bmc;
2979 2980
	}

2981 2982 2983
	if (intf_num == -1)
		intf_num = intf->intf_num;
	intf->my_dev_name = kasprintf(GFP_KERNEL, "ipmi%d", intf_num);
2984 2985
	if (!intf->my_dev_name) {
		rv = -ENOMEM;
2986 2987
		dev_err(intf->si_dev, "Unable to allocate link from BMC: %d\n",
			rv);
C
Corey Minyard 已提交
2988
		goto out_unlink1;
2989 2990
	}

2991
	rv = sysfs_create_link(&bmc->pdev.dev.kobj, &intf->si_dev->kobj,
2992 2993 2994 2995
			       intf->my_dev_name);
	if (rv) {
		kfree(intf->my_dev_name);
		intf->my_dev_name = NULL;
2996 2997
		dev_err(intf->si_dev, "Unable to create symlink to bmc: %d\n",
			rv);
C
Corey Minyard 已提交
2998
		goto out_free_my_dev_name;
2999 3000
	}

C
Corey Minyard 已提交
3001
	intf->bmc_registered = true;
3002

C
Corey Minyard 已提交
3003
out:
3004 3005 3006
	mutex_unlock(&ipmidriver_mutex);
	mutex_lock(&intf->bmc_reg_mutex);
	intf->in_bmc_register = false;
3007
	return rv;
C
Corey Minyard 已提交
3008 3009 3010 3011 3012 3013 3014 3015 3016 3017


out_free_my_dev_name:
	kfree(intf->my_dev_name);
	intf->my_dev_name = NULL;

out_unlink1:
	sysfs_remove_link(&intf->si_dev->kobj, "bmc");

out_put_bmc:
3018
	mutex_lock(&bmc->dyn_mutex);
3019
	list_del(&intf->bmc_link);
3020
	mutex_unlock(&bmc->dyn_mutex);
3021
	intf->bmc = &intf->tmp_bmc;
C
Corey Minyard 已提交
3022 3023 3024 3025
	kref_put(&bmc->usecount, cleanup_bmc_device);
	goto out;

out_list_del:
3026
	mutex_lock(&bmc->dyn_mutex);
3027
	list_del(&intf->bmc_link);
3028
	mutex_unlock(&bmc->dyn_mutex);
3029
	intf->bmc = &intf->tmp_bmc;
C
Corey Minyard 已提交
3030 3031
	put_device(&bmc->pdev.dev);
	goto out;
3032 3033 3034
}

static int
3035
send_guid_cmd(struct ipmi_smi *intf, int chan)
3036 3037 3038 3039 3040 3041 3042 3043 3044 3045 3046 3047 3048 3049 3050 3051 3052 3053 3054 3055 3056
{
	struct kernel_ipmi_msg            msg;
	struct ipmi_system_interface_addr si;

	si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
	si.channel = IPMI_BMC_CHANNEL;
	si.lun = 0;

	msg.netfn = IPMI_NETFN_APP_REQUEST;
	msg.cmd = IPMI_GET_DEVICE_GUID_CMD;
	msg.data = NULL;
	msg.data_len = 0;
	return i_ipmi_request(NULL,
			      intf,
			      (struct ipmi_addr *) &si,
			      0,
			      &msg,
			      intf,
			      NULL,
			      NULL,
			      0,
3057 3058
			      intf->addrinfo[0].address,
			      intf->addrinfo[0].lun,
3059 3060 3061
			      -1, 0);
}

3062
static void guid_handler(struct ipmi_smi *intf, struct ipmi_recv_msg *msg)
3063
{
3064 3065
	struct bmc_device *bmc = intf->bmc;

3066 3067 3068 3069 3070 3071 3072 3073
	if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
	    || (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE)
	    || (msg->msg.cmd != IPMI_GET_DEVICE_GUID_CMD))
		/* Not for me */
		return;

	if (msg->msg.data[0] != 0) {
		/* Error from getting the GUID, the BMC doesn't have one. */
3074
		bmc->dyn_guid_set = 0;
3075 3076 3077 3078
		goto out;
	}

	if (msg->msg.data_len < 17) {
3079
		bmc->dyn_guid_set = 0;
3080
		dev_warn(intf->si_dev,
3081
			 "The GUID response from the BMC was too short, it was %d but should have been 17.  Assuming GUID is not available.\n",
3082
			 msg->msg.data_len);
3083 3084 3085
		goto out;
	}

3086
	memcpy(bmc->fetch_guid.b, msg->msg.data + 1, 16);
3087 3088 3089 3090 3091 3092
	/*
	 * Make sure the guid data is available before setting
	 * dyn_guid_set.
	 */
	smp_wmb();
	bmc->dyn_guid_set = 1;
3093 3094 3095 3096
 out:
	wake_up(&intf->waitq);
}

3097
static void __get_guid(struct ipmi_smi *intf)
3098 3099
{
	int rv;
3100
	struct bmc_device *bmc = intf->bmc;
3101

3102
	bmc->dyn_guid_set = 2;
3103 3104 3105 3106
	intf->null_user_handler = guid_handler;
	rv = send_guid_cmd(intf, 0);
	if (rv)
		/* Send failed, no GUID available. */
3107 3108 3109 3110 3111 3112 3113
		bmc->dyn_guid_set = 0;

	wait_event(intf->waitq, bmc->dyn_guid_set != 2);

	/* dyn_guid_set makes the guid data available. */
	smp_rmb();

3114 3115 3116
	intf->null_user_handler = NULL;
}

L
Linus Torvalds 已提交
3117
static int
3118
send_channel_info_cmd(struct ipmi_smi *intf, int chan)
L
Linus Torvalds 已提交
3119 3120 3121 3122 3123 3124 3125 3126 3127 3128 3129 3130 3131 3132 3133 3134 3135 3136 3137
{
	struct kernel_ipmi_msg            msg;
	unsigned char                     data[1];
	struct ipmi_system_interface_addr si;

	si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
	si.channel = IPMI_BMC_CHANNEL;
	si.lun = 0;

	msg.netfn = IPMI_NETFN_APP_REQUEST;
	msg.cmd = IPMI_GET_CHANNEL_INFO_CMD;
	msg.data = data;
	msg.data_len = 1;
	data[0] = chan;
	return i_ipmi_request(NULL,
			      intf,
			      (struct ipmi_addr *) &si,
			      0,
			      &msg,
3138
			      intf,
L
Linus Torvalds 已提交
3139 3140 3141
			      NULL,
			      NULL,
			      0,
3142 3143
			      intf->addrinfo[0].address,
			      intf->addrinfo[0].lun,
L
Linus Torvalds 已提交
3144 3145 3146 3147
			      -1, 0);
}

static void
3148
channel_handler(struct ipmi_smi *intf, struct ipmi_recv_msg *msg)
L
Linus Torvalds 已提交
3149 3150
{
	int rv = 0;
3151 3152 3153
	int ch;
	unsigned int set = intf->curr_working_cset;
	struct ipmi_channel *chans;
L
Linus Torvalds 已提交
3154

3155 3156
	if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
	    && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
3157
	    && (msg->msg.cmd == IPMI_GET_CHANNEL_INFO_CMD)) {
L
Linus Torvalds 已提交
3158
		/* It's the one we want */
3159
		if (msg->msg.data[0] != 0) {
L
Linus Torvalds 已提交
3160 3161
			/* Got an error from the channel, just go on. */

3162
			if (msg->msg.data[0] == IPMI_INVALID_COMMAND_ERR) {
3163 3164 3165 3166 3167 3168
				/*
				 * If the MC does not support this
				 * command, that is legal.  We just
				 * assume it has one IPMB at channel
				 * zero.
				 */
3169
				intf->wchannels[set].c[0].medium
L
Linus Torvalds 已提交
3170
					= IPMI_CHANNEL_MEDIUM_IPMB;
3171
				intf->wchannels[set].c[0].protocol
L
Linus Torvalds 已提交
3172 3173
					= IPMI_CHANNEL_PROTOCOL_IPMB;

3174 3175
				intf->channel_list = intf->wchannels + set;
				intf->channels_ready = true;
L
Linus Torvalds 已提交
3176 3177 3178 3179 3180
				wake_up(&intf->waitq);
				goto out;
			}
			goto next_channel;
		}
3181
		if (msg->msg.data_len < 4) {
L
Linus Torvalds 已提交
3182 3183 3184
			/* Message not big enough, just go on. */
			goto next_channel;
		}
3185 3186 3187 3188
		ch = intf->curr_channel;
		chans = intf->wchannels[set].c;
		chans[ch].medium = msg->msg.data[2] & 0x7f;
		chans[ch].protocol = msg->msg.data[3] & 0x1f;
L
Linus Torvalds 已提交
3189

3190
 next_channel:
L
Linus Torvalds 已提交
3191
		intf->curr_channel++;
3192 3193 3194
		if (intf->curr_channel >= IPMI_MAX_CHANNELS) {
			intf->channel_list = intf->wchannels + set;
			intf->channels_ready = true;
L
Linus Torvalds 已提交
3195
			wake_up(&intf->waitq);
3196 3197 3198
		} else {
			intf->channel_list = intf->wchannels + set;
			intf->channels_ready = true;
L
Linus Torvalds 已提交
3199
			rv = send_channel_info_cmd(intf, intf->curr_channel);
3200
		}
L
Linus Torvalds 已提交
3201 3202 3203

		if (rv) {
			/* Got an error somehow, just give up. */
3204
			dev_warn(intf->si_dev,
3205
				 "Error sending channel information for channel %d: %d\n",
3206
				 intf->curr_channel, rv);
3207

3208 3209
			intf->channel_list = intf->wchannels + set;
			intf->channels_ready = true;
L
Linus Torvalds 已提交
3210 3211 3212 3213 3214 3215 3216
			wake_up(&intf->waitq);
		}
	}
 out:
	return;
}

3217 3218 3219
/*
 * Must be holding intf->bmc_reg_mutex to call this.
 */
3220
static int __scan_channels(struct ipmi_smi *intf, struct ipmi_device_id *id)
3221 3222 3223 3224 3225 3226 3227 3228 3229 3230 3231 3232 3233 3234 3235 3236 3237 3238 3239 3240 3241 3242 3243 3244 3245 3246 3247 3248 3249 3250 3251 3252 3253 3254 3255 3256 3257 3258 3259 3260 3261 3262 3263
{
	int rv;

	if (ipmi_version_major(id) > 1
			|| (ipmi_version_major(id) == 1
			    && ipmi_version_minor(id) >= 5)) {
		unsigned int set;

		/*
		 * Start scanning the channels to see what is
		 * available.
		 */
		set = !intf->curr_working_cset;
		intf->curr_working_cset = set;
		memset(&intf->wchannels[set], 0,
		       sizeof(struct ipmi_channel_set));

		intf->null_user_handler = channel_handler;
		intf->curr_channel = 0;
		rv = send_channel_info_cmd(intf, 0);
		if (rv) {
			dev_warn(intf->si_dev,
				 "Error sending channel information for channel 0, %d\n",
				 rv);
			return -EIO;
		}

		/* Wait for the channel info to be read. */
		wait_event(intf->waitq, intf->channels_ready);
		intf->null_user_handler = NULL;
	} else {
		unsigned int set = intf->curr_working_cset;

		/* Assume a single IPMB channel at zero. */
		intf->wchannels[set].c[0].medium = IPMI_CHANNEL_MEDIUM_IPMB;
		intf->wchannels[set].c[0].protocol = IPMI_CHANNEL_PROTOCOL_IPMB;
		intf->channel_list = intf->wchannels + set;
		intf->channels_ready = true;
	}

	return 0;
}

3264
static void ipmi_poll(struct ipmi_smi *intf)
C
Corey Minyard 已提交
3265 3266 3267
{
	if (intf->handlers->poll)
		intf->handlers->poll(intf->send_info);
3268 3269
	/* In case something came in */
	handle_new_recv_msgs(intf);
C
Corey Minyard 已提交
3270
}
3271

3272
void ipmi_poll_interface(struct ipmi_user *user)
3273 3274
{
	ipmi_poll(user->intf);
C
Corey Minyard 已提交
3275
}
3276
EXPORT_SYMBOL(ipmi_poll_interface);
C
Corey Minyard 已提交
3277

3278 3279
static void redo_bmc_reg(struct work_struct *work)
{
3280 3281
	struct ipmi_smi *intf = container_of(work, struct ipmi_smi,
					     bmc_reg_work);
3282 3283 3284 3285 3286 3287 3288

	if (!intf->in_shutdown)
		bmc_get_device_id(intf, NULL, NULL, NULL, NULL);

	kref_put(&intf->refcount, intf_free);
}

3289
int ipmi_register_smi(const struct ipmi_smi_handlers *handlers,
L
Linus Torvalds 已提交
3290
		      void		       *send_info,
3291
		      struct device            *si_dev,
3292
		      unsigned char            slave_addr)
L
Linus Torvalds 已提交
3293 3294 3295
{
	int              i, j;
	int              rv;
3296
	struct ipmi_smi *intf, *tintf;
3297
	struct list_head *link;
3298
	struct ipmi_device_id id;
L
Linus Torvalds 已提交
3299

3300 3301 3302 3303
	/*
	 * Make sure the driver is actually initialized, this handles
	 * problems with initialization order.
	 */
L
Linus Torvalds 已提交
3304 3305 3306 3307
	if (!initialized) {
		rv = ipmi_init_msghandler();
		if (rv)
			return rv;
3308 3309 3310 3311
		/*
		 * The init code doesn't return an error if it was turned
		 * off, but it won't initialize.  Check that.
		 */
L
Linus Torvalds 已提交
3312 3313 3314 3315
		if (!initialized)
			return -ENODEV;
	}

3316
	intf = kzalloc(sizeof(*intf), GFP_KERNEL);
3317
	if (!intf)
L
Linus Torvalds 已提交
3318
		return -ENOMEM;
3319

3320 3321 3322 3323 3324 3325 3326
	rv = init_srcu_struct(&intf->users_srcu);
	if (rv) {
		kfree(intf);
		return rv;
	}


3327
	intf->bmc = &intf->tmp_bmc;
3328
	INIT_LIST_HEAD(&intf->bmc->intfs);
3329 3330 3331
	mutex_init(&intf->bmc->dyn_mutex);
	INIT_LIST_HEAD(&intf->bmc_link);
	mutex_init(&intf->bmc_reg_mutex);
3332
	intf->intf_num = -1; /* Mark it invalid for now. */
3333
	kref_init(&intf->refcount);
3334
	INIT_WORK(&intf->bmc_reg_work, redo_bmc_reg);
3335
	intf->si_dev = si_dev;
3336
	for (j = 0; j < IPMI_MAX_CHANNELS; j++) {
3337 3338
		intf->addrinfo[j].address = IPMI_BMC_SLAVE_ADDR;
		intf->addrinfo[j].lun = 2;
3339 3340
	}
	if (slave_addr != 0)
3341
		intf->addrinfo[0].address = slave_addr;
3342 3343 3344 3345 3346 3347 3348 3349 3350
	INIT_LIST_HEAD(&intf->users);
	intf->handlers = handlers;
	intf->send_info = send_info;
	spin_lock_init(&intf->seq_lock);
	for (j = 0; j < IPMI_IPMB_NUM_SEQ; j++) {
		intf->seq_table[j].inuse = 0;
		intf->seq_table[j].seqid = 0;
	}
	intf->curr_seq = 0;
3351 3352
	spin_lock_init(&intf->waiting_rcv_msgs_lock);
	INIT_LIST_HEAD(&intf->waiting_rcv_msgs);
3353 3354 3355 3356
	tasklet_init(&intf->recv_tasklet,
		     smi_recv_tasklet,
		     (unsigned long) intf);
	atomic_set(&intf->watchdog_pretimeouts_to_deliver, 0);
3357 3358 3359
	spin_lock_init(&intf->xmit_msgs_lock);
	INIT_LIST_HEAD(&intf->xmit_msgs);
	INIT_LIST_HEAD(&intf->hp_xmit_msgs);
3360
	spin_lock_init(&intf->events_lock);
3361 3362
	atomic_set(&intf->event_waiters, 0);
	intf->ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
3363 3364
	INIT_LIST_HEAD(&intf->waiting_events);
	intf->waiting_events_count = 0;
3365
	mutex_init(&intf->cmd_rcvrs_mutex);
C
Corey Minyard 已提交
3366
	spin_lock_init(&intf->maintenance_mode_lock);
3367 3368
	INIT_LIST_HEAD(&intf->cmd_rcvrs);
	init_waitqueue_head(&intf->waitq);
3369 3370
	for (i = 0; i < IPMI_NUM_STATS; i++)
		atomic_set(&intf->stats[i], 0);
3371

3372 3373 3374 3375 3376 3377 3378
	mutex_lock(&ipmi_interfaces_mutex);
	/* Look for a hole in the numbers. */
	i = 0;
	link = &ipmi_interfaces;
	list_for_each_entry_rcu(tintf, &ipmi_interfaces, link) {
		if (tintf->intf_num != i) {
			link = &tintf->link;
L
Linus Torvalds 已提交
3379 3380
			break;
		}
3381
		i++;
L
Linus Torvalds 已提交
3382
	}
3383 3384 3385 3386 3387
	/* Add the new interface in numeric order. */
	if (i == 0)
		list_add_rcu(&intf->link, &ipmi_interfaces);
	else
		list_add_tail_rcu(&intf->link, link);
L
Linus Torvalds 已提交
3388

3389 3390
	rv = handlers->start_processing(send_info, intf);
	if (rv)
3391
		goto out_err;
L
Linus Torvalds 已提交
3392

3393
	rv = __bmc_get_device_id(intf, NULL, &id, NULL, NULL, i);
3394 3395
	if (rv) {
		dev_err(si_dev, "Unable to get the device id: %d\n", rv);
3396
		goto out_err_started;
3397 3398
	}

3399 3400 3401
	mutex_lock(&intf->bmc_reg_mutex);
	rv = __scan_channels(intf, &id);
	mutex_unlock(&intf->bmc_reg_mutex);
3402 3403
	if (rv)
		goto out_err_bmc_reg;
L
Linus Torvalds 已提交
3404

3405 3406 3407 3408 3409 3410 3411 3412
	/*
	 * Keep memory order straight for RCU readers.  Make
	 * sure everything else is committed to memory before
	 * setting intf_num to mark the interface valid.
	 */
	smp_wmb();
	intf->intf_num = i;
	mutex_unlock(&ipmi_interfaces_mutex);
3413

3414 3415 3416 3417 3418 3419 3420 3421 3422 3423 3424 3425 3426 3427 3428 3429
	/* After this point the interface is legal to use. */
	call_smi_watchers(i, intf->si_dev);

	return 0;

 out_err_bmc_reg:
	ipmi_bmc_unregister(intf);
 out_err_started:
	if (intf->handlers->shutdown)
		intf->handlers->shutdown(intf->send_info);
 out_err:
	list_del_rcu(&intf->link);
	mutex_unlock(&ipmi_interfaces_mutex);
	synchronize_srcu(&ipmi_interfaces_srcu);
	cleanup_srcu_struct(&intf->users_srcu);
	kref_put(&intf->refcount, intf_free);
L
Linus Torvalds 已提交
3430 3431 3432

	return rv;
}
3433
EXPORT_SYMBOL(ipmi_register_smi);
L
Linus Torvalds 已提交
3434

3435
static void deliver_smi_err_response(struct ipmi_smi *intf,
3436 3437 3438 3439 3440 3441 3442 3443 3444 3445 3446
				     struct ipmi_smi_msg *msg,
				     unsigned char err)
{
	msg->rsp[0] = msg->data[0] | 4;
	msg->rsp[1] = msg->data[1];
	msg->rsp[2] = err;
	msg->rsp_size = 3;
	/* It's an error, so it will never requeue, no need to check return. */
	handle_one_recv_msg(intf, msg);
}

3447
static void cleanup_smi_msgs(struct ipmi_smi *intf)
3448 3449 3450
{
	int              i;
	struct seq_table *ent;
3451 3452 3453 3454 3455 3456 3457 3458 3459 3460 3461 3462 3463 3464
	struct ipmi_smi_msg *msg;
	struct list_head *entry;
	struct list_head tmplist;

	/* Clear out our transmit queues and hold the messages. */
	INIT_LIST_HEAD(&tmplist);
	list_splice_tail(&intf->hp_xmit_msgs, &tmplist);
	list_splice_tail(&intf->xmit_msgs, &tmplist);

	/* Current message first, to preserve order */
	while (intf->curr_msg && !list_empty(&intf->waiting_rcv_msgs)) {
		/* Wait for the message to clear out. */
		schedule_timeout(1);
	}
3465 3466

	/* No need for locks, the interface is down. */
3467 3468 3469 3470 3471 3472 3473 3474 3475 3476 3477 3478

	/*
	 * Return errors for all pending messages in queue and in the
	 * tables waiting for remote responses.
	 */
	while (!list_empty(&tmplist)) {
		entry = tmplist.next;
		list_del(entry);
		msg = list_entry(entry, struct ipmi_smi_msg, link);
		deliver_smi_err_response(intf, msg, IPMI_ERR_UNSPECIFIED);
	}

3479
	for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
3480
		ent = &intf->seq_table[i];
3481 3482
		if (!ent->inuse)
			continue;
C
Corey Minyard 已提交
3483
		deliver_err_response(intf, ent->recv_msg, IPMI_ERR_UNSPECIFIED);
3484 3485 3486
	}
}

3487
void ipmi_unregister_smi(struct ipmi_smi *intf)
L
Linus Torvalds 已提交
3488 3489
{
	struct ipmi_smi_watcher *w;
3490
	int intf_num = intf->intf_num, index;
L
Linus Torvalds 已提交
3491

3492
	mutex_lock(&ipmi_interfaces_mutex);
3493
	intf->intf_num = -1;
3494
	intf->in_shutdown = true;
3495 3496
	list_del_rcu(&intf->link);
	mutex_unlock(&ipmi_interfaces_mutex);
3497
	synchronize_srcu(&ipmi_interfaces_srcu);
3498

3499
	/* At this point no users can be added to the interface. */
L
Linus Torvalds 已提交
3500

3501 3502
	/*
	 * Call all the watcher interfaces to tell them that
3503
	 * an interface is going away.
3504
	 */
3505
	mutex_lock(&smi_watchers_mutex);
3506
	list_for_each_entry(w, &smi_watchers, link)
3507 3508
		w->smi_gone(intf_num);
	mutex_unlock(&smi_watchers_mutex);
3509

3510 3511 3512 3513 3514 3515 3516 3517 3518 3519
	index = srcu_read_lock(&intf->users_srcu);
	while (!list_empty(&intf->users)) {
		struct ipmi_user *user =
			container_of(list_next_rcu(&intf->users),
				     struct ipmi_user, link);

		_ipmi_destroy_user(user);
	}
	srcu_read_unlock(&intf->users_srcu, index);

3520 3521
	if (intf->handlers->shutdown)
		intf->handlers->shutdown(intf->send_info);
3522 3523 3524 3525 3526 3527

	cleanup_smi_msgs(intf);

	ipmi_bmc_unregister(intf);

	cleanup_srcu_struct(&intf->users_srcu);
3528
	kref_put(&intf->refcount, intf_free);
L
Linus Torvalds 已提交
3529
}
3530
EXPORT_SYMBOL(ipmi_unregister_smi);
L
Linus Torvalds 已提交
3531

3532
static int handle_ipmb_get_msg_rsp(struct ipmi_smi *intf,
L
Linus Torvalds 已提交
3533 3534 3535 3536 3537
				   struct ipmi_smi_msg *msg)
{
	struct ipmi_ipmb_addr ipmb_addr;
	struct ipmi_recv_msg  *recv_msg;

3538 3539 3540 3541
	/*
	 * This is 11, not 10, because the response must contain a
	 * completion code.
	 */
L
Linus Torvalds 已提交
3542 3543
	if (msg->rsp_size < 11) {
		/* Message not big enough, just ignore it. */
3544
		ipmi_inc_stat(intf, invalid_ipmb_responses);
L
Linus Torvalds 已提交
3545 3546 3547 3548 3549 3550 3551 3552 3553 3554 3555 3556 3557
		return 0;
	}

	if (msg->rsp[2] != 0) {
		/* An error getting the response, just ignore it. */
		return 0;
	}

	ipmb_addr.addr_type = IPMI_IPMB_ADDR_TYPE;
	ipmb_addr.slave_addr = msg->rsp[6];
	ipmb_addr.channel = msg->rsp[3] & 0x0f;
	ipmb_addr.lun = msg->rsp[7] & 3;

3558 3559 3560 3561
	/*
	 * It's a response from a remote entity.  Look up the sequence
	 * number and handle the response.
	 */
L
Linus Torvalds 已提交
3562 3563 3564 3565 3566
	if (intf_find_seq(intf,
			  msg->rsp[7] >> 2,
			  msg->rsp[3] & 0x0f,
			  msg->rsp[8],
			  (msg->rsp[4] >> 2) & (~1),
3567
			  (struct ipmi_addr *) &ipmb_addr,
3568 3569 3570 3571 3572
			  &recv_msg)) {
		/*
		 * We were unable to find the sequence number,
		 * so just nuke the message.
		 */
3573
		ipmi_inc_stat(intf, unhandled_ipmb_responses);
L
Linus Torvalds 已提交
3574 3575 3576
		return 0;
	}

3577
	memcpy(recv_msg->msg_data, &msg->rsp[9], msg->rsp_size - 9);
3578 3579 3580 3581 3582
	/*
	 * The other fields matched, so no need to set them, except
	 * for netfn, which needs to be the response that was
	 * returned, not the request value.
	 */
L
Linus Torvalds 已提交
3583 3584 3585 3586
	recv_msg->msg.netfn = msg->rsp[4] >> 2;
	recv_msg->msg.data = recv_msg->msg_data;
	recv_msg->msg.data_len = msg->rsp_size - 10;
	recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
C
Corey Minyard 已提交
3587 3588 3589 3590
	if (deliver_response(intf, recv_msg))
		ipmi_inc_stat(intf, unhandled_ipmb_responses);
	else
		ipmi_inc_stat(intf, handled_ipmb_responses);
L
Linus Torvalds 已提交
3591 3592 3593 3594

	return 0;
}

3595
static int handle_ipmb_get_msg_cmd(struct ipmi_smi *intf,
L
Linus Torvalds 已提交
3596 3597
				   struct ipmi_smi_msg *msg)
{
3598 3599 3600 3601
	struct cmd_rcvr          *rcvr;
	int                      rv = 0;
	unsigned char            netfn;
	unsigned char            cmd;
3602
	unsigned char            chan;
3603
	struct ipmi_user         *user = NULL;
3604 3605
	struct ipmi_ipmb_addr    *ipmb_addr;
	struct ipmi_recv_msg     *recv_msg;
L
Linus Torvalds 已提交
3606 3607 3608

	if (msg->rsp_size < 10) {
		/* Message not big enough, just ignore it. */
3609
		ipmi_inc_stat(intf, invalid_commands);
L
Linus Torvalds 已提交
3610 3611 3612 3613 3614 3615 3616 3617 3618 3619
		return 0;
	}

	if (msg->rsp[2] != 0) {
		/* An error getting the response, just ignore it. */
		return 0;
	}

	netfn = msg->rsp[4] >> 2;
	cmd = msg->rsp[8];
3620
	chan = msg->rsp[3] & 0xf;
L
Linus Torvalds 已提交
3621

3622
	rcu_read_lock();
3623
	rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);
3624 3625 3626 3627 3628
	if (rcvr) {
		user = rcvr->user;
		kref_get(&user->refcount);
	} else
		user = NULL;
3629
	rcu_read_unlock();
L
Linus Torvalds 已提交
3630 3631 3632

	if (user == NULL) {
		/* We didn't find a user, deliver an error response. */
3633
		ipmi_inc_stat(intf, unhandled_commands);
L
Linus Torvalds 已提交
3634 3635 3636 3637 3638

		msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
		msg->data[1] = IPMI_SEND_MSG_CMD;
		msg->data[2] = msg->rsp[3];
		msg->data[3] = msg->rsp[6];
3639
		msg->data[4] = ((netfn + 1) << 2) | (msg->rsp[7] & 0x3);
3640
		msg->data[5] = ipmb_checksum(&msg->data[3], 2);
3641
		msg->data[6] = intf->addrinfo[msg->rsp[3] & 0xf].address;
3642 3643
		/* rqseq/lun */
		msg->data[7] = (msg->rsp[7] & 0xfc) | (msg->rsp[4] & 0x3);
L
Linus Torvalds 已提交
3644 3645
		msg->data[8] = msg->rsp[8]; /* cmd */
		msg->data[9] = IPMI_INVALID_CMD_COMPLETION_CODE;
3646
		msg->data[10] = ipmb_checksum(&msg->data[6], 4);
L
Linus Torvalds 已提交
3647 3648
		msg->data_size = 11;

C
Corey Minyard 已提交
3649 3650
		ipmi_debug_msg("Invalid command:", msg->data, msg->data_size);

3651
		rcu_read_lock();
3652 3653
		if (!intf->in_shutdown) {
			smi_send(intf, intf->handlers, msg, 0);
3654 3655 3656 3657 3658
			/*
			 * We used the message, so return the value
			 * that causes it to not be freed or
			 * queued.
			 */
3659 3660 3661
			rv = -1;
		}
		rcu_read_unlock();
L
Linus Torvalds 已提交
3662 3663
	} else {
		recv_msg = ipmi_alloc_recv_msg();
3664
		if (!recv_msg) {
3665 3666 3667 3668 3669
			/*
			 * We couldn't allocate memory for the
			 * message, so requeue it for handling
			 * later.
			 */
L
Linus Torvalds 已提交
3670
			rv = 1;
3671
			kref_put(&user->refcount, free_user);
L
Linus Torvalds 已提交
3672 3673 3674 3675 3676 3677 3678 3679
		} else {
			/* Extract the source address from the data. */
			ipmb_addr = (struct ipmi_ipmb_addr *) &recv_msg->addr;
			ipmb_addr->addr_type = IPMI_IPMB_ADDR_TYPE;
			ipmb_addr->slave_addr = msg->rsp[6];
			ipmb_addr->lun = msg->rsp[7] & 3;
			ipmb_addr->channel = msg->rsp[3] & 0xf;

3680 3681 3682 3683
			/*
			 * Extract the rest of the message information
			 * from the IPMB header.
			 */
L
Linus Torvalds 已提交
3684 3685 3686 3687 3688 3689 3690
			recv_msg->user = user;
			recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
			recv_msg->msgid = msg->rsp[7] >> 2;
			recv_msg->msg.netfn = msg->rsp[4] >> 2;
			recv_msg->msg.cmd = msg->rsp[8];
			recv_msg->msg.data = recv_msg->msg_data;

3691 3692 3693 3694
			/*
			 * We chop off 10, not 9 bytes because the checksum
			 * at the end also needs to be removed.
			 */
L
Linus Torvalds 已提交
3695
			recv_msg->msg.data_len = msg->rsp_size - 10;
3696
			memcpy(recv_msg->msg_data, &msg->rsp[9],
L
Linus Torvalds 已提交
3697
			       msg->rsp_size - 10);
C
Corey Minyard 已提交
3698 3699 3700 3701
			if (deliver_response(intf, recv_msg))
				ipmi_inc_stat(intf, unhandled_commands);
			else
				ipmi_inc_stat(intf, handled_commands);
L
Linus Torvalds 已提交
3702 3703 3704 3705 3706 3707
		}
	}

	return rv;
}

3708
static int handle_lan_get_msg_rsp(struct ipmi_smi *intf,
L
Linus Torvalds 已提交
3709 3710 3711 3712 3713 3714
				  struct ipmi_smi_msg *msg)
{
	struct ipmi_lan_addr  lan_addr;
	struct ipmi_recv_msg  *recv_msg;


3715 3716 3717 3718
	/*
	 * This is 13, not 12, because the response must contain a
	 * completion code.
	 */
L
Linus Torvalds 已提交
3719 3720
	if (msg->rsp_size < 13) {
		/* Message not big enough, just ignore it. */
3721
		ipmi_inc_stat(intf, invalid_lan_responses);
L
Linus Torvalds 已提交
3722 3723 3724 3725 3726 3727 3728 3729 3730 3731 3732 3733 3734 3735 3736 3737
		return 0;
	}

	if (msg->rsp[2] != 0) {
		/* An error getting the response, just ignore it. */
		return 0;
	}

	lan_addr.addr_type = IPMI_LAN_ADDR_TYPE;
	lan_addr.session_handle = msg->rsp[4];
	lan_addr.remote_SWID = msg->rsp[8];
	lan_addr.local_SWID = msg->rsp[5];
	lan_addr.channel = msg->rsp[3] & 0x0f;
	lan_addr.privilege = msg->rsp[3] >> 4;
	lan_addr.lun = msg->rsp[9] & 3;

3738 3739 3740 3741
	/*
	 * It's a response from a remote entity.  Look up the sequence
	 * number and handle the response.
	 */
L
Linus Torvalds 已提交
3742 3743 3744 3745 3746
	if (intf_find_seq(intf,
			  msg->rsp[9] >> 2,
			  msg->rsp[3] & 0x0f,
			  msg->rsp[10],
			  (msg->rsp[6] >> 2) & (~1),
3747
			  (struct ipmi_addr *) &lan_addr,
3748 3749 3750 3751 3752
			  &recv_msg)) {
		/*
		 * We were unable to find the sequence number,
		 * so just nuke the message.
		 */
3753
		ipmi_inc_stat(intf, unhandled_lan_responses);
L
Linus Torvalds 已提交
3754 3755 3756
		return 0;
	}

3757
	memcpy(recv_msg->msg_data, &msg->rsp[11], msg->rsp_size - 11);
3758 3759 3760 3761 3762
	/*
	 * The other fields matched, so no need to set them, except
	 * for netfn, which needs to be the response that was
	 * returned, not the request value.
	 */
L
Linus Torvalds 已提交
3763 3764 3765 3766
	recv_msg->msg.netfn = msg->rsp[6] >> 2;
	recv_msg->msg.data = recv_msg->msg_data;
	recv_msg->msg.data_len = msg->rsp_size - 12;
	recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
C
Corey Minyard 已提交
3767 3768 3769 3770
	if (deliver_response(intf, recv_msg))
		ipmi_inc_stat(intf, unhandled_lan_responses);
	else
		ipmi_inc_stat(intf, handled_lan_responses);
L
Linus Torvalds 已提交
3771 3772 3773 3774

	return 0;
}

3775
static int handle_lan_get_msg_cmd(struct ipmi_smi *intf,
L
Linus Torvalds 已提交
3776 3777
				  struct ipmi_smi_msg *msg)
{
3778 3779 3780 3781
	struct cmd_rcvr          *rcvr;
	int                      rv = 0;
	unsigned char            netfn;
	unsigned char            cmd;
3782
	unsigned char            chan;
3783
	struct ipmi_user         *user = NULL;
3784 3785
	struct ipmi_lan_addr     *lan_addr;
	struct ipmi_recv_msg     *recv_msg;
L
Linus Torvalds 已提交
3786 3787 3788

	if (msg->rsp_size < 12) {
		/* Message not big enough, just ignore it. */
3789
		ipmi_inc_stat(intf, invalid_commands);
L
Linus Torvalds 已提交
3790 3791 3792 3793 3794 3795 3796 3797 3798 3799
		return 0;
	}

	if (msg->rsp[2] != 0) {
		/* An error getting the response, just ignore it. */
		return 0;
	}

	netfn = msg->rsp[6] >> 2;
	cmd = msg->rsp[10];
3800
	chan = msg->rsp[3] & 0xf;
L
Linus Torvalds 已提交
3801

3802
	rcu_read_lock();
3803
	rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);
3804 3805 3806 3807 3808
	if (rcvr) {
		user = rcvr->user;
		kref_get(&user->refcount);
	} else
		user = NULL;
3809
	rcu_read_unlock();
L
Linus Torvalds 已提交
3810 3811

	if (user == NULL) {
3812
		/* We didn't find a user, just give up. */
3813
		ipmi_inc_stat(intf, unhandled_commands);
L
Linus Torvalds 已提交
3814

3815 3816 3817 3818 3819
		/*
		 * Don't do anything with these messages, just allow
		 * them to be freed.
		 */
		rv = 0;
L
Linus Torvalds 已提交
3820 3821
	} else {
		recv_msg = ipmi_alloc_recv_msg();
3822
		if (!recv_msg) {
3823 3824 3825 3826
			/*
			 * We couldn't allocate memory for the
			 * message, so requeue it for handling later.
			 */
L
Linus Torvalds 已提交
3827
			rv = 1;
3828
			kref_put(&user->refcount, free_user);
L
Linus Torvalds 已提交
3829 3830 3831 3832 3833 3834 3835 3836 3837 3838 3839
		} else {
			/* Extract the source address from the data. */
			lan_addr = (struct ipmi_lan_addr *) &recv_msg->addr;
			lan_addr->addr_type = IPMI_LAN_ADDR_TYPE;
			lan_addr->session_handle = msg->rsp[4];
			lan_addr->remote_SWID = msg->rsp[8];
			lan_addr->local_SWID = msg->rsp[5];
			lan_addr->lun = msg->rsp[9] & 3;
			lan_addr->channel = msg->rsp[3] & 0xf;
			lan_addr->privilege = msg->rsp[3] >> 4;

3840 3841 3842 3843
			/*
			 * Extract the rest of the message information
			 * from the IPMB header.
			 */
L
Linus Torvalds 已提交
3844 3845 3846 3847 3848 3849 3850
			recv_msg->user = user;
			recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
			recv_msg->msgid = msg->rsp[9] >> 2;
			recv_msg->msg.netfn = msg->rsp[6] >> 2;
			recv_msg->msg.cmd = msg->rsp[10];
			recv_msg->msg.data = recv_msg->msg_data;

3851 3852 3853 3854
			/*
			 * We chop off 12, not 11 bytes because the checksum
			 * at the end also needs to be removed.
			 */
L
Linus Torvalds 已提交
3855
			recv_msg->msg.data_len = msg->rsp_size - 12;
3856
			memcpy(recv_msg->msg_data, &msg->rsp[11],
L
Linus Torvalds 已提交
3857
			       msg->rsp_size - 12);
C
Corey Minyard 已提交
3858 3859 3860 3861
			if (deliver_response(intf, recv_msg))
				ipmi_inc_stat(intf, unhandled_commands);
			else
				ipmi_inc_stat(intf, handled_commands);
L
Linus Torvalds 已提交
3862 3863 3864 3865 3866 3867
		}
	}

	return rv;
}

D
dann frazier 已提交
3868 3869 3870 3871 3872 3873
/*
 * This routine will handle "Get Message" command responses with
 * channels that use an OEM Medium. The message format belongs to
 * the OEM.  See IPMI 2.0 specification, Chapter 6 and
 * Chapter 22, sections 22.6 and 22.24 for more details.
 */
3874
static int handle_oem_get_msg_cmd(struct ipmi_smi *intf,
D
dann frazier 已提交
3875 3876 3877 3878 3879 3880 3881
				  struct ipmi_smi_msg *msg)
{
	struct cmd_rcvr       *rcvr;
	int                   rv = 0;
	unsigned char         netfn;
	unsigned char         cmd;
	unsigned char         chan;
3882
	struct ipmi_user *user = NULL;
D
dann frazier 已提交
3883 3884 3885 3886 3887 3888 3889 3890 3891 3892 3893 3894 3895 3896 3897 3898 3899 3900 3901 3902 3903 3904 3905 3906 3907 3908 3909 3910 3911 3912 3913 3914 3915 3916 3917 3918 3919 3920 3921 3922 3923 3924 3925 3926 3927 3928 3929 3930 3931 3932 3933 3934 3935 3936 3937 3938 3939 3940 3941 3942 3943 3944 3945
	struct ipmi_system_interface_addr *smi_addr;
	struct ipmi_recv_msg  *recv_msg;

	/*
	 * We expect the OEM SW to perform error checking
	 * so we just do some basic sanity checks
	 */
	if (msg->rsp_size < 4) {
		/* Message not big enough, just ignore it. */
		ipmi_inc_stat(intf, invalid_commands);
		return 0;
	}

	if (msg->rsp[2] != 0) {
		/* An error getting the response, just ignore it. */
		return 0;
	}

	/*
	 * This is an OEM Message so the OEM needs to know how
	 * handle the message. We do no interpretation.
	 */
	netfn = msg->rsp[0] >> 2;
	cmd = msg->rsp[1];
	chan = msg->rsp[3] & 0xf;

	rcu_read_lock();
	rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);
	if (rcvr) {
		user = rcvr->user;
		kref_get(&user->refcount);
	} else
		user = NULL;
	rcu_read_unlock();

	if (user == NULL) {
		/* We didn't find a user, just give up. */
		ipmi_inc_stat(intf, unhandled_commands);

		/*
		 * Don't do anything with these messages, just allow
		 * them to be freed.
		 */

		rv = 0;
	} else {
		recv_msg = ipmi_alloc_recv_msg();
		if (!recv_msg) {
			/*
			 * We couldn't allocate memory for the
			 * message, so requeue it for handling
			 * later.
			 */
			rv = 1;
			kref_put(&user->refcount, free_user);
		} else {
			/*
			 * OEM Messages are expected to be delivered via
			 * the system interface to SMS software.  We might
			 * need to visit this again depending on OEM
			 * requirements
			 */
			smi_addr = ((struct ipmi_system_interface_addr *)
3946
				    &recv_msg->addr);
D
dann frazier 已提交
3947 3948 3949 3950 3951 3952 3953 3954 3955 3956 3957 3958 3959 3960 3961 3962
			smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
			smi_addr->channel = IPMI_BMC_CHANNEL;
			smi_addr->lun = msg->rsp[0] & 3;

			recv_msg->user = user;
			recv_msg->user_msg_data = NULL;
			recv_msg->recv_type = IPMI_OEM_RECV_TYPE;
			recv_msg->msg.netfn = msg->rsp[0] >> 2;
			recv_msg->msg.cmd = msg->rsp[1];
			recv_msg->msg.data = recv_msg->msg_data;

			/*
			 * The message starts at byte 4 which follows the
			 * the Channel Byte in the "GET MESSAGE" command
			 */
			recv_msg->msg.data_len = msg->rsp_size - 4;
3963
			memcpy(recv_msg->msg_data, &msg->rsp[4],
D
dann frazier 已提交
3964
			       msg->rsp_size - 4);
C
Corey Minyard 已提交
3965 3966 3967 3968
			if (deliver_response(intf, recv_msg))
				ipmi_inc_stat(intf, unhandled_commands);
			else
				ipmi_inc_stat(intf, handled_commands);
D
dann frazier 已提交
3969 3970 3971 3972 3973 3974
		}
	}

	return rv;
}

L
Linus Torvalds 已提交
3975 3976 3977 3978
static void copy_event_into_recv_msg(struct ipmi_recv_msg *recv_msg,
				     struct ipmi_smi_msg  *msg)
{
	struct ipmi_system_interface_addr *smi_addr;
3979

L
Linus Torvalds 已提交
3980
	recv_msg->msgid = 0;
3981
	smi_addr = (struct ipmi_system_interface_addr *) &recv_msg->addr;
L
Linus Torvalds 已提交
3982 3983 3984 3985 3986 3987
	smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
	smi_addr->channel = IPMI_BMC_CHANNEL;
	smi_addr->lun = msg->rsp[0] & 3;
	recv_msg->recv_type = IPMI_ASYNC_EVENT_RECV_TYPE;
	recv_msg->msg.netfn = msg->rsp[0] >> 2;
	recv_msg->msg.cmd = msg->rsp[1];
3988
	memcpy(recv_msg->msg_data, &msg->rsp[3], msg->rsp_size - 3);
L
Linus Torvalds 已提交
3989 3990 3991 3992
	recv_msg->msg.data = recv_msg->msg_data;
	recv_msg->msg.data_len = msg->rsp_size - 3;
}

3993
static int handle_read_event_rsp(struct ipmi_smi *intf,
L
Linus Torvalds 已提交
3994 3995 3996 3997
				 struct ipmi_smi_msg *msg)
{
	struct ipmi_recv_msg *recv_msg, *recv_msg2;
	struct list_head     msgs;
3998
	struct ipmi_user     *user;
3999
	int rv = 0, deliver_count = 0, index;
L
Linus Torvalds 已提交
4000 4001 4002 4003
	unsigned long        flags;

	if (msg->rsp_size < 19) {
		/* Message is too small to be an IPMB event. */
4004
		ipmi_inc_stat(intf, invalid_events);
L
Linus Torvalds 已提交
4005 4006 4007 4008 4009 4010 4011 4012 4013 4014
		return 0;
	}

	if (msg->rsp[2] != 0) {
		/* An error getting the event, just ignore it. */
		return 0;
	}

	INIT_LIST_HEAD(&msgs);

4015
	spin_lock_irqsave(&intf->events_lock, flags);
L
Linus Torvalds 已提交
4016

4017
	ipmi_inc_stat(intf, events);
L
Linus Torvalds 已提交
4018

4019 4020 4021 4022
	/*
	 * Allocate and fill in one message for every user that is
	 * getting events.
	 */
4023
	index = srcu_read_lock(&intf->users_srcu);
4024
	list_for_each_entry_rcu(user, &intf->users, link) {
4025
		if (!user->gets_events)
L
Linus Torvalds 已提交
4026 4027 4028
			continue;

		recv_msg = ipmi_alloc_recv_msg();
4029
		if (!recv_msg) {
4030
			rcu_read_unlock();
4031 4032
			list_for_each_entry_safe(recv_msg, recv_msg2, &msgs,
						 link) {
L
Linus Torvalds 已提交
4033 4034 4035
				list_del(&recv_msg->link);
				ipmi_free_recv_msg(recv_msg);
			}
4036 4037 4038 4039 4040
			/*
			 * We couldn't allocate memory for the
			 * message, so requeue it for handling
			 * later.
			 */
L
Linus Torvalds 已提交
4041 4042 4043 4044 4045 4046 4047 4048
			rv = 1;
			goto out;
		}

		deliver_count++;

		copy_event_into_recv_msg(recv_msg, msg);
		recv_msg->user = user;
4049
		kref_get(&user->refcount);
4050
		list_add_tail(&recv_msg->link, &msgs);
L
Linus Torvalds 已提交
4051
	}
4052
	srcu_read_unlock(&intf->users_srcu, index);
L
Linus Torvalds 已提交
4053 4054 4055 4056 4057

	if (deliver_count) {
		/* Now deliver all the messages. */
		list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) {
			list_del(&recv_msg->link);
C
Corey Minyard 已提交
4058
			deliver_local_response(intf, recv_msg);
L
Linus Torvalds 已提交
4059 4060
		}
	} else if (intf->waiting_events_count < MAX_EVENTS_IN_QUEUE) {
4061 4062 4063 4064
		/*
		 * No one to receive the message, put it in queue if there's
		 * not already too many things in the queue.
		 */
L
Linus Torvalds 已提交
4065
		recv_msg = ipmi_alloc_recv_msg();
4066
		if (!recv_msg) {
4067 4068 4069 4070 4071
			/*
			 * We couldn't allocate memory for the
			 * message, so requeue it for handling
			 * later.
			 */
L
Linus Torvalds 已提交
4072 4073 4074 4075 4076
			rv = 1;
			goto out;
		}

		copy_event_into_recv_msg(recv_msg, msg);
4077
		list_add_tail(&recv_msg->link, &intf->waiting_events);
4078
		intf->waiting_events_count++;
4079
	} else if (!intf->event_msg_printed) {
4080 4081 4082 4083
		/*
		 * There's too many things in the queue, discard this
		 * message.
		 */
4084
		dev_warn(intf->si_dev,
4085
			 "Event queue full, discarding incoming events\n");
4086
		intf->event_msg_printed = 1;
L
Linus Torvalds 已提交
4087 4088 4089
	}

 out:
4090
	spin_unlock_irqrestore(&intf->events_lock, flags);
L
Linus Torvalds 已提交
4091 4092 4093 4094

	return rv;
}

4095
static int handle_bmc_rsp(struct ipmi_smi *intf,
L
Linus Torvalds 已提交
4096 4097 4098
			  struct ipmi_smi_msg *msg)
{
	struct ipmi_recv_msg *recv_msg;
4099
	struct ipmi_system_interface_addr *smi_addr;
L
Linus Torvalds 已提交
4100 4101

	recv_msg = (struct ipmi_recv_msg *) msg->user_data;
4102
	if (recv_msg == NULL) {
4103
		dev_warn(intf->si_dev,
4104
			 "IPMI message received with no owner. This could be because of a malformed message, or because of a hardware error.  Contact your hardware vendor for assistance.\n");
4105 4106
		return 0;
	}
L
Linus Torvalds 已提交
4107

4108 4109 4110 4111 4112 4113 4114 4115 4116 4117 4118 4119 4120
	recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
	recv_msg->msgid = msg->msgid;
	smi_addr = ((struct ipmi_system_interface_addr *)
		    &recv_msg->addr);
	smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
	smi_addr->channel = IPMI_BMC_CHANNEL;
	smi_addr->lun = msg->rsp[0] & 3;
	recv_msg->msg.netfn = msg->rsp[0] >> 2;
	recv_msg->msg.cmd = msg->rsp[1];
	memcpy(recv_msg->msg_data, &msg->rsp[2], msg->rsp_size - 2);
	recv_msg->msg.data = recv_msg->msg_data;
	recv_msg->msg.data_len = msg->rsp_size - 2;
	deliver_local_response(intf, recv_msg);
L
Linus Torvalds 已提交
4121 4122 4123 4124

	return 0;
}

4125
/*
4126
 * Handle a received message.  Return 1 if the message should be requeued,
4127 4128 4129
 * 0 if the message should be freed, or -1 if the message should not
 * be freed or requeued.
 */
4130
static int handle_one_recv_msg(struct ipmi_smi *intf,
L
Linus Torvalds 已提交
4131 4132 4133 4134 4135
			       struct ipmi_smi_msg *msg)
{
	int requeue;
	int chan;

C
Corey Minyard 已提交
4136
	ipmi_debug_msg("Recv:", msg->rsp, msg->rsp_size);
L
Linus Torvalds 已提交
4137 4138
	if (msg->rsp_size < 2) {
		/* Message is too small to be correct. */
4139
		dev_warn(intf->si_dev,
4140
			 "BMC returned too small a message for netfn %x cmd %x, got %d bytes\n",
4141
			 (msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size);
L
Linus Torvalds 已提交
4142 4143 4144 4145 4146 4147

		/* Generate an error response for the message. */
		msg->rsp[0] = msg->data[0] | (1 << 2);
		msg->rsp[1] = msg->data[1];
		msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
		msg->rsp_size = 3;
4148 4149 4150 4151 4152 4153
	} else if (((msg->rsp[0] >> 2) != ((msg->data[0] >> 2) | 1))
		   || (msg->rsp[1] != msg->data[1])) {
		/*
		 * The NetFN and Command in the response is not even
		 * marginally correct.
		 */
4154
		dev_warn(intf->si_dev,
4155
			 "BMC returned incorrect response, expected netfn %x cmd %x, got netfn %x cmd %x\n",
4156 4157
			 (msg->data[0] >> 2) | 1, msg->data[1],
			 msg->rsp[0] >> 2, msg->rsp[1]);
L
Linus Torvalds 已提交
4158 4159 4160 4161 4162 4163 4164 4165 4166 4167

		/* Generate an error response for the message. */
		msg->rsp[0] = msg->data[0] | (1 << 2);
		msg->rsp[1] = msg->data[1];
		msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
		msg->rsp_size = 3;
	}

	if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
	    && (msg->rsp[1] == IPMI_SEND_MSG_CMD)
4168 4169 4170 4171 4172
	    && (msg->user_data != NULL)) {
		/*
		 * It's a response to a response we sent.  For this we
		 * deliver a send message response to the user.
		 */
4173
		struct ipmi_recv_msg *recv_msg = msg->user_data;
L
Linus Torvalds 已提交
4174 4175 4176 4177 4178 4179 4180 4181 4182 4183 4184

		requeue = 0;
		if (msg->rsp_size < 2)
			/* Message is too small to be correct. */
			goto out;

		chan = msg->data[2] & 0x0f;
		if (chan >= IPMI_MAX_CHANNELS)
			/* Invalid channel number */
			goto out;

4185 4186 4187 4188 4189 4190 4191
		if (!recv_msg)
			goto out;

		recv_msg->recv_type = IPMI_RESPONSE_RESPONSE_TYPE;
		recv_msg->msg.data = recv_msg->msg_data;
		recv_msg->msg.data_len = 1;
		recv_msg->msg_data[0] = msg->rsp[2];
C
Corey Minyard 已提交
4192
		deliver_local_response(intf, recv_msg);
L
Linus Torvalds 已提交
4193
	} else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
4194
		   && (msg->rsp[1] == IPMI_GET_MSG_CMD)) {
4195 4196
		struct ipmi_channel   *chans;

L
Linus Torvalds 已提交
4197 4198 4199 4200 4201 4202 4203 4204
		/* It's from the receive queue. */
		chan = msg->rsp[3] & 0xf;
		if (chan >= IPMI_MAX_CHANNELS) {
			/* Invalid channel number */
			requeue = 0;
			goto out;
		}

D
dann frazier 已提交
4205
		/*
C
Corey Minyard 已提交
4206 4207 4208 4209 4210
		 * We need to make sure the channels have been initialized.
		 * The channel_handler routine will set the "curr_channel"
		 * equal to or greater than IPMI_MAX_CHANNELS when all the
		 * channels for this interface have been initialized.
		 */
4211
		if (!intf->channels_ready) {
C
Corey Minyard 已提交
4212
			requeue = 0; /* Throw the message away */
D
dann frazier 已提交
4213 4214 4215
			goto out;
		}

4216 4217 4218
		chans = READ_ONCE(intf->channel_list)->c;

		switch (chans[chan].medium) {
L
Linus Torvalds 已提交
4219 4220
		case IPMI_CHANNEL_MEDIUM_IPMB:
			if (msg->rsp[4] & 0x04) {
4221 4222 4223 4224
				/*
				 * It's a response, so find the
				 * requesting message and send it up.
				 */
L
Linus Torvalds 已提交
4225 4226
				requeue = handle_ipmb_get_msg_rsp(intf, msg);
			} else {
4227 4228 4229 4230
				/*
				 * It's a command to the SMS from some other
				 * entity.  Handle that.
				 */
L
Linus Torvalds 已提交
4231 4232 4233 4234 4235 4236 4237
				requeue = handle_ipmb_get_msg_cmd(intf, msg);
			}
			break;

		case IPMI_CHANNEL_MEDIUM_8023LAN:
		case IPMI_CHANNEL_MEDIUM_ASYNC:
			if (msg->rsp[6] & 0x04) {
4238 4239 4240 4241
				/*
				 * It's a response, so find the
				 * requesting message and send it up.
				 */
L
Linus Torvalds 已提交
4242 4243
				requeue = handle_lan_get_msg_rsp(intf, msg);
			} else {
4244 4245 4246 4247
				/*
				 * It's a command to the SMS from some other
				 * entity.  Handle that.
				 */
L
Linus Torvalds 已提交
4248 4249 4250 4251 4252
				requeue = handle_lan_get_msg_cmd(intf, msg);
			}
			break;

		default:
D
dann frazier 已提交
4253 4254
			/* Check for OEM Channels.  Clients had better
			   register for these commands. */
4255 4256
			if ((chans[chan].medium >= IPMI_CHANNEL_MEDIUM_OEM_MIN)
			    && (chans[chan].medium
D
dann frazier 已提交
4257 4258 4259 4260 4261 4262 4263 4264 4265
				<= IPMI_CHANNEL_MEDIUM_OEM_MAX)) {
				requeue = handle_oem_get_msg_cmd(intf, msg);
			} else {
				/*
				 * We don't handle the channel type, so just
				 * free the message.
				 */
				requeue = 0;
			}
L
Linus Torvalds 已提交
4266 4267 4268
		}

	} else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
4269
		   && (msg->rsp[1] == IPMI_READ_EVENT_MSG_BUFFER_CMD)) {
4270
		/* It's an asynchronous event. */
L
Linus Torvalds 已提交
4271 4272 4273 4274 4275 4276 4277 4278 4279 4280
		requeue = handle_read_event_rsp(intf, msg);
	} else {
		/* It's a response from the local BMC. */
		requeue = handle_bmc_rsp(intf, msg);
	}

 out:
	return requeue;
}

4281 4282 4283
/*
 * If there are messages in the queue or pretimeouts, handle them.
 */
4284
static void handle_new_recv_msgs(struct ipmi_smi *intf)
4285 4286 4287 4288 4289 4290 4291 4292
{
	struct ipmi_smi_msg  *smi_msg;
	unsigned long        flags = 0;
	int                  rv;
	int                  run_to_completion = intf->run_to_completion;

	/* See if any waiting messages need to be processed. */
	if (!run_to_completion)
4293 4294 4295
		spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags);
	while (!list_empty(&intf->waiting_rcv_msgs)) {
		smi_msg = list_entry(intf->waiting_rcv_msgs.next,
4296
				     struct ipmi_smi_msg, link);
4297
		list_del(&smi_msg->link);
4298
		if (!run_to_completion)
4299 4300
			spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock,
					       flags);
4301 4302
		rv = handle_one_recv_msg(intf, smi_msg);
		if (!run_to_completion)
4303
			spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags);
4304
		if (rv > 0) {
4305 4306
			/*
			 * To preserve message order, quit if we
4307 4308 4309 4310
			 * can't handle a message.  Add the message
			 * back at the head, this is safe because this
			 * tasklet is the only thing that pulls the
			 * messages.
4311
			 */
4312
			list_add(&smi_msg->link, &intf->waiting_rcv_msgs);
4313
			break;
4314 4315 4316 4317 4318
		} else {
			if (rv == 0)
				/* Message handled */
				ipmi_free_smi_msg(smi_msg);
			/* If rv < 0, fatal error, del but don't free. */
4319 4320 4321
		}
	}
	if (!run_to_completion)
4322
		spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock, flags);
4323 4324 4325 4326 4327 4328

	/*
	 * If the pretimout count is non-zero, decrement one from it and
	 * deliver pretimeouts to all the users.
	 */
	if (atomic_add_unless(&intf->watchdog_pretimeouts_to_deliver, -1, 0)) {
4329
		struct ipmi_user *user;
4330
		int index;
4331

4332
		index = srcu_read_lock(&intf->users_srcu);
4333 4334 4335 4336 4337
		list_for_each_entry_rcu(user, &intf->users, link) {
			if (user->handler->ipmi_watchdog_pretimeout)
				user->handler->ipmi_watchdog_pretimeout(
					user->handler_data);
		}
4338
		srcu_read_unlock(&intf->users_srcu, index);
4339 4340 4341 4342 4343
	}
}

static void smi_recv_tasklet(unsigned long val)
{
4344
	unsigned long flags = 0; /* keep us warning-free. */
4345
	struct ipmi_smi *intf = (struct ipmi_smi *) val;
4346 4347 4348 4349 4350 4351 4352 4353 4354 4355
	int run_to_completion = intf->run_to_completion;
	struct ipmi_smi_msg *newmsg = NULL;

	/*
	 * Start the next message if available.
	 *
	 * Do this here, not in the actual receiver, because we may deadlock
	 * because the lower layer is allowed to hold locks while calling
	 * message delivery.
	 */
4356 4357 4358

	rcu_read_lock();

4359 4360 4361 4362 4363 4364 4365 4366 4367 4368 4369 4370 4371 4372 4373 4374 4375 4376 4377 4378
	if (!run_to_completion)
		spin_lock_irqsave(&intf->xmit_msgs_lock, flags);
	if (intf->curr_msg == NULL && !intf->in_shutdown) {
		struct list_head *entry = NULL;

		/* Pick the high priority queue first. */
		if (!list_empty(&intf->hp_xmit_msgs))
			entry = intf->hp_xmit_msgs.next;
		else if (!list_empty(&intf->xmit_msgs))
			entry = intf->xmit_msgs.next;

		if (entry) {
			list_del(entry);
			newmsg = list_entry(entry, struct ipmi_smi_msg, link);
			intf->curr_msg = newmsg;
		}
	}
	if (!run_to_completion)
		spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags);
	if (newmsg)
4379
		intf->handlers->sender(intf->send_info, newmsg);
4380

4381 4382
	rcu_read_unlock();

4383
	handle_new_recv_msgs(intf);
4384 4385
}

L
Linus Torvalds 已提交
4386
/* Handle a new message from the lower layer. */
4387
void ipmi_smi_msg_received(struct ipmi_smi *intf,
L
Linus Torvalds 已提交
4388 4389
			   struct ipmi_smi_msg *msg)
{
4390
	unsigned long flags = 0; /* keep us warning-free. */
4391
	int run_to_completion = intf->run_to_completion;
L
Linus Torvalds 已提交
4392 4393 4394 4395

	if ((msg->data_size >= 2)
	    && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2))
	    && (msg->data[1] == IPMI_SEND_MSG_CMD)
4396
	    && (msg->user_data == NULL)) {
4397 4398 4399 4400

		if (intf->in_shutdown)
			goto free_msg;

4401 4402 4403 4404 4405 4406 4407 4408 4409 4410 4411 4412 4413
		/*
		 * This is the local response to a command send, start
		 * the timer for these.  The user_data will not be
		 * NULL if this is a response send, and we will let
		 * response sends just go through.
		 */

		/*
		 * Check for errors, if we get certain errors (ones
		 * that mean basically we can try again later), we
		 * ignore them and start the timer.  Otherwise we
		 * report the error immediately.
		 */
L
Linus Torvalds 已提交
4414 4415
		if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0)
		    && (msg->rsp[2] != IPMI_NODE_BUSY_ERR)
4416 4417
		    && (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR)
		    && (msg->rsp[2] != IPMI_BUS_ERR)
4418
		    && (msg->rsp[2] != IPMI_NAK_ON_WRITE_ERR)) {
4419 4420
			int ch = msg->rsp[3] & 0xf;
			struct ipmi_channel *chans;
L
Linus Torvalds 已提交
4421 4422

			/* Got an error sending the message, handle it. */
4423 4424 4425 4426

			chans = READ_ONCE(intf->channel_list)->c;
			if ((chans[ch].medium == IPMI_CHANNEL_MEDIUM_8023LAN)
			    || (chans[ch].medium == IPMI_CHANNEL_MEDIUM_ASYNC))
4427
				ipmi_inc_stat(intf, sent_lan_command_errs);
L
Linus Torvalds 已提交
4428
			else
4429
				ipmi_inc_stat(intf, sent_ipmb_command_errs);
L
Linus Torvalds 已提交
4430
			intf_err_seq(intf, msg->msgid, msg->rsp[2]);
4431
		} else
L
Linus Torvalds 已提交
4432 4433 4434
			/* The message was sent, start the timer. */
			intf_start_seq_timer(intf, msg->msgid);

4435
free_msg:
L
Linus Torvalds 已提交
4436
		ipmi_free_smi_msg(msg);
4437 4438 4439 4440 4441 4442 4443 4444 4445 4446 4447
	} else {
		/*
		 * To preserve message order, we keep a queue and deliver from
		 * a tasklet.
		 */
		if (!run_to_completion)
			spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags);
		list_add_tail(&msg->link, &intf->waiting_rcv_msgs);
		if (!run_to_completion)
			spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock,
					       flags);
L
Linus Torvalds 已提交
4448 4449
	}

4450
	if (!run_to_completion)
4451
		spin_lock_irqsave(&intf->xmit_msgs_lock, flags);
4452 4453 4454 4455
	/*
	 * We can get an asynchronous event or receive message in addition
	 * to commands we send.
	 */
4456 4457
	if (msg == intf->curr_msg)
		intf->curr_msg = NULL;
4458
	if (!run_to_completion)
4459
		spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags);
4460

4461 4462 4463 4464
	if (run_to_completion)
		smi_recv_tasklet((unsigned long) intf);
	else
		tasklet_schedule(&intf->recv_tasklet);
L
Linus Torvalds 已提交
4465
}
4466
EXPORT_SYMBOL(ipmi_smi_msg_received);
L
Linus Torvalds 已提交
4467

4468
void ipmi_smi_watchdog_pretimeout(struct ipmi_smi *intf)
L
Linus Torvalds 已提交
4469
{
4470 4471 4472
	if (intf->in_shutdown)
		return;

4473 4474
	atomic_set(&intf->watchdog_pretimeouts_to_deliver, 1);
	tasklet_schedule(&intf->recv_tasklet);
L
Linus Torvalds 已提交
4475
}
4476
EXPORT_SYMBOL(ipmi_smi_watchdog_pretimeout);
L
Linus Torvalds 已提交
4477

C
Corey Minyard 已提交
4478
static struct ipmi_smi_msg *
4479
smi_from_recv_msg(struct ipmi_smi *intf, struct ipmi_recv_msg *recv_msg,
C
Corey Minyard 已提交
4480
		  unsigned char seq, long seqid)
L
Linus Torvalds 已提交
4481
{
C
Corey Minyard 已提交
4482
	struct ipmi_smi_msg *smi_msg = ipmi_alloc_smi_msg();
L
Linus Torvalds 已提交
4483
	if (!smi_msg)
4484 4485 4486 4487
		/*
		 * If we can't allocate the message, then just return, we
		 * get 4 retries, so this should be ok.
		 */
C
Corey Minyard 已提交
4488
		return NULL;
L
Linus Torvalds 已提交
4489 4490 4491 4492

	memcpy(smi_msg->data, recv_msg->msg.data, recv_msg->msg.data_len);
	smi_msg->data_size = recv_msg->msg.data_len;
	smi_msg->msgid = STORE_SEQ_IN_MSGID(seq, seqid);
4493

C
Corey Minyard 已提交
4494 4495
	ipmi_debug_msg("Resend: ", smi_msg->data, smi_msg->data_size);

C
Corey Minyard 已提交
4496
	return smi_msg;
L
Linus Torvalds 已提交
4497 4498
}

4499
static void check_msg_timeout(struct ipmi_smi *intf, struct seq_table *ent,
4500 4501
			      struct list_head *timeouts,
			      unsigned long timeout_period,
4502 4503
			      int slot, unsigned long *flags,
			      unsigned int *waiting_msgs)
4504
{
4505
	struct ipmi_recv_msg *msg;
4506

4507
	if (intf->in_shutdown)
4508
		return;
4509 4510 4511 4512

	if (!ent->inuse)
		return;

4513 4514
	if (timeout_period < ent->timeout) {
		ent->timeout -= timeout_period;
4515
		(*waiting_msgs)++;
4516
		return;
4517
	}
4518 4519 4520 4521 4522 4523 4524

	if (ent->retries_left == 0) {
		/* The message has used all its retries. */
		ent->inuse = 0;
		msg = ent->recv_msg;
		list_add_tail(&msg->link, timeouts);
		if (ent->broadcast)
4525
			ipmi_inc_stat(intf, timed_out_ipmb_broadcasts);
4526
		else if (is_lan_addr(&ent->recv_msg->addr))
4527
			ipmi_inc_stat(intf, timed_out_lan_commands);
4528
		else
4529
			ipmi_inc_stat(intf, timed_out_ipmb_commands);
4530 4531 4532 4533
	} else {
		struct ipmi_smi_msg *smi_msg;
		/* More retries, send again. */

4534 4535
		(*waiting_msgs)++;

4536 4537 4538 4539
		/*
		 * Start with the max timer, set to normal timer after
		 * the message is sent.
		 */
4540 4541 4542 4543
		ent->timeout = MAX_MSG_TIMEOUT;
		ent->retries_left--;
		smi_msg = smi_from_recv_msg(intf, ent->recv_msg, slot,
					    ent->seqid);
4544 4545 4546 4547 4548 4549 4550
		if (!smi_msg) {
			if (is_lan_addr(&ent->recv_msg->addr))
				ipmi_inc_stat(intf,
					      dropped_rexmit_lan_commands);
			else
				ipmi_inc_stat(intf,
					      dropped_rexmit_ipmb_commands);
4551
			return;
4552
		}
4553 4554

		spin_unlock_irqrestore(&intf->seq_lock, *flags);
4555

4556 4557 4558 4559 4560 4561 4562
		/*
		 * Send the new message.  We send with a zero
		 * priority.  It timed out, I doubt time is that
		 * critical now, and high priority messages are really
		 * only for messages to the local MC, which don't get
		 * resent.
		 */
4563
		if (intf->handlers) {
4564 4565 4566 4567 4568 4569 4570
			if (is_lan_addr(&ent->recv_msg->addr))
				ipmi_inc_stat(intf,
					      retransmitted_lan_commands);
			else
				ipmi_inc_stat(intf,
					      retransmitted_ipmb_commands);

4571
			smi_send(intf, intf->handlers, smi_msg, 0);
4572
		} else
4573 4574
			ipmi_free_smi_msg(smi_msg);

4575 4576 4577 4578
		spin_lock_irqsave(&intf->seq_lock, *flags);
	}
}

4579
static unsigned int ipmi_timeout_handler(struct ipmi_smi *intf,
4580
					 unsigned long timeout_period)
L
Linus Torvalds 已提交
4581 4582 4583 4584
{
	struct list_head     timeouts;
	struct ipmi_recv_msg *msg, *msg2;
	unsigned long        flags;
4585
	int                  i;
4586
	unsigned int         waiting_msgs = 0;
L
Linus Torvalds 已提交
4587

4588 4589 4590 4591 4592 4593 4594 4595
	if (!intf->bmc_registered) {
		kref_get(&intf->refcount);
		if (!schedule_work(&intf->bmc_reg_work)) {
			kref_put(&intf->refcount, intf_free);
			waiting_msgs++;
		}
	}

4596 4597 4598 4599 4600 4601 4602
	/*
	 * Go through the seq table and find any messages that
	 * have timed out, putting them in the timeouts
	 * list.
	 */
	INIT_LIST_HEAD(&timeouts);
	spin_lock_irqsave(&intf->seq_lock, flags);
4603 4604 4605 4606 4607 4608
	if (intf->ipmb_maintenance_mode_timeout) {
		if (intf->ipmb_maintenance_mode_timeout <= timeout_period)
			intf->ipmb_maintenance_mode_timeout = 0;
		else
			intf->ipmb_maintenance_mode_timeout -= timeout_period;
	}
4609
	for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++)
4610
		check_msg_timeout(intf, &intf->seq_table[i],
4611 4612 4613
				  &timeouts, timeout_period, i,
				  &flags, &waiting_msgs);
	spin_unlock_irqrestore(&intf->seq_lock, flags);
4614

4615
	list_for_each_entry_safe(msg, msg2, &timeouts, link)
C
Corey Minyard 已提交
4616
		deliver_err_response(intf, msg, IPMI_TIMEOUT_COMPLETION_CODE);
C
Corey Minyard 已提交
4617

4618 4619 4620 4621 4622 4623 4624 4625 4626 4627
	/*
	 * Maintenance mode handling.  Check the timeout
	 * optimistically before we claim the lock.  It may
	 * mean a timeout gets missed occasionally, but that
	 * only means the timeout gets extended by one period
	 * in that case.  No big deal, and it avoids the lock
	 * most of the time.
	 */
	if (intf->auto_maintenance_timeout > 0) {
		spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
C
Corey Minyard 已提交
4628
		if (intf->auto_maintenance_timeout > 0) {
4629 4630 4631 4632
			intf->auto_maintenance_timeout
				-= timeout_period;
			if (!intf->maintenance_mode
			    && (intf->auto_maintenance_timeout <= 0)) {
C
Corey Minyard 已提交
4633
				intf->maintenance_mode_enable = false;
4634
				maintenance_mode_update(intf);
C
Corey Minyard 已提交
4635 4636
			}
		}
4637 4638
		spin_unlock_irqrestore(&intf->maintenance_mode_lock,
				       flags);
L
Linus Torvalds 已提交
4639
	}
4640 4641 4642 4643

	tasklet_schedule(&intf->recv_tasklet);

	return waiting_msgs;
L
Linus Torvalds 已提交
4644 4645
}

4646
static void ipmi_request_event(struct ipmi_smi *intf)
L
Linus Torvalds 已提交
4647
{
4648 4649 4650
	/* No event requests when in maintenance mode. */
	if (intf->maintenance_mode_enable)
		return;
C
Corey Minyard 已提交
4651

4652 4653
	if (!intf->in_shutdown)
		intf->handlers->request_events(intf->send_info);
L
Linus Torvalds 已提交
4654 4655 4656 4657
}

static struct timer_list ipmi_timer;

4658
static atomic_t stop_operation;
L
Linus Torvalds 已提交
4659

4660
static void ipmi_timeout(struct timer_list *unused)
L
Linus Torvalds 已提交
4661
{
4662
	struct ipmi_smi *intf;
4663
	int nt = 0, index;
4664

4665
	if (atomic_read(&stop_operation))
L
Linus Torvalds 已提交
4666 4667
		return;

4668
	index = srcu_read_lock(&ipmi_interfaces_srcu);
4669 4670 4671 4672 4673 4674 4675 4676 4677 4678 4679 4680 4681
	list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
		int lnt = 0;

		if (atomic_read(&intf->event_waiters)) {
			intf->ticks_to_req_ev--;
			if (intf->ticks_to_req_ev == 0) {
				ipmi_request_event(intf);
				intf->ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
			}
			lnt++;
		}

		lnt += ipmi_timeout_handler(intf, IPMI_TIMEOUT_TIME);
L
Linus Torvalds 已提交
4682

4683 4684 4685 4686 4687
		lnt = !!lnt;
		if (lnt != intf->last_needs_timer &&
					intf->handlers->set_need_watch)
			intf->handlers->set_need_watch(intf->send_info, lnt);
		intf->last_needs_timer = lnt;
L
Linus Torvalds 已提交
4688

4689 4690
		nt += lnt;
	}
4691
	srcu_read_unlock(&ipmi_interfaces_srcu, index);
4692 4693 4694

	if (nt)
		mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
L
Linus Torvalds 已提交
4695 4696
}

4697
static void need_waiter(struct ipmi_smi *intf)
4698 4699 4700 4701 4702
{
	/* Racy, but worst case we start the timer twice. */
	if (!timer_pending(&ipmi_timer))
		mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
}
L
Linus Torvalds 已提交
4703 4704 4705 4706 4707 4708 4709 4710 4711 4712 4713 4714 4715 4716 4717 4718 4719 4720 4721 4722 4723

static atomic_t smi_msg_inuse_count = ATOMIC_INIT(0);
static atomic_t recv_msg_inuse_count = ATOMIC_INIT(0);

static void free_smi_msg(struct ipmi_smi_msg *msg)
{
	atomic_dec(&smi_msg_inuse_count);
	kfree(msg);
}

struct ipmi_smi_msg *ipmi_alloc_smi_msg(void)
{
	struct ipmi_smi_msg *rv;
	rv = kmalloc(sizeof(struct ipmi_smi_msg), GFP_ATOMIC);
	if (rv) {
		rv->done = free_smi_msg;
		rv->user_data = NULL;
		atomic_inc(&smi_msg_inuse_count);
	}
	return rv;
}
4724
EXPORT_SYMBOL(ipmi_alloc_smi_msg);
L
Linus Torvalds 已提交
4725 4726 4727 4728 4729 4730 4731

static void free_recv_msg(struct ipmi_recv_msg *msg)
{
	atomic_dec(&recv_msg_inuse_count);
	kfree(msg);
}

A
Adrian Bunk 已提交
4732
static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void)
L
Linus Torvalds 已提交
4733 4734 4735 4736 4737
{
	struct ipmi_recv_msg *rv;

	rv = kmalloc(sizeof(struct ipmi_recv_msg), GFP_ATOMIC);
	if (rv) {
4738
		rv->user = NULL;
L
Linus Torvalds 已提交
4739 4740 4741 4742 4743 4744
		rv->done = free_recv_msg;
		atomic_inc(&recv_msg_inuse_count);
	}
	return rv;
}

4745 4746 4747 4748 4749 4750
void ipmi_free_recv_msg(struct ipmi_recv_msg *msg)
{
	if (msg->user)
		kref_put(&msg->user->refcount, free_user);
	msg->done(msg);
}
4751
EXPORT_SYMBOL(ipmi_free_recv_msg);
4752

4753 4754
static atomic_t panic_done_count = ATOMIC_INIT(0);

L
Linus Torvalds 已提交
4755 4756
static void dummy_smi_done_handler(struct ipmi_smi_msg *msg)
{
4757
	atomic_dec(&panic_done_count);
L
Linus Torvalds 已提交
4758 4759 4760 4761
}

static void dummy_recv_done_handler(struct ipmi_recv_msg *msg)
{
4762 4763 4764 4765 4766 4767
	atomic_dec(&panic_done_count);
}

/*
 * Inside a panic, send a message and wait for a response.
 */
4768 4769
static void ipmi_panic_request_and_wait(struct ipmi_smi *intf,
					struct ipmi_addr *addr,
4770 4771 4772 4773 4774 4775 4776 4777 4778 4779 4780 4781 4782 4783 4784 4785 4786 4787
					struct kernel_ipmi_msg *msg)
{
	struct ipmi_smi_msg  smi_msg;
	struct ipmi_recv_msg recv_msg;
	int rv;

	smi_msg.done = dummy_smi_done_handler;
	recv_msg.done = dummy_recv_done_handler;
	atomic_add(2, &panic_done_count);
	rv = i_ipmi_request(NULL,
			    intf,
			    addr,
			    0,
			    msg,
			    intf,
			    &smi_msg,
			    &recv_msg,
			    0,
4788 4789
			    intf->addrinfo[0].address,
			    intf->addrinfo[0].lun,
4790 4791 4792
			    0, 1); /* Don't retry, and don't wait. */
	if (rv)
		atomic_sub(2, &panic_done_count);
4793 4794 4795
	else if (intf->handlers->flush_messages)
		intf->handlers->flush_messages(intf->send_info);

4796 4797
	while (atomic_read(&panic_done_count) != 0)
		ipmi_poll(intf);
L
Linus Torvalds 已提交
4798 4799
}

4800 4801
static void event_receiver_fetcher(struct ipmi_smi *intf,
				   struct ipmi_recv_msg *msg)
L
Linus Torvalds 已提交
4802
{
4803 4804 4805
	if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
	    && (msg->msg.netfn == IPMI_NETFN_SENSOR_EVENT_RESPONSE)
	    && (msg->msg.cmd == IPMI_GET_EVENT_RECEIVER_CMD)
4806
	    && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) {
L
Linus Torvalds 已提交
4807
		/* A get event receiver command, save it. */
4808 4809
		intf->event_receiver = msg->msg.data[1];
		intf->event_receiver_lun = msg->msg.data[2] & 0x3;
L
Linus Torvalds 已提交
4810 4811 4812
	}
}

4813
static void device_id_fetcher(struct ipmi_smi *intf, struct ipmi_recv_msg *msg)
L
Linus Torvalds 已提交
4814
{
4815 4816 4817
	if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
	    && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
	    && (msg->msg.cmd == IPMI_GET_DEVICE_ID_CMD)
4818 4819 4820 4821 4822
	    && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) {
		/*
		 * A get device id command, save if we are an event
		 * receiver or generator.
		 */
4823 4824
		intf->local_sel_device = (msg->msg.data[6] >> 2) & 1;
		intf->local_event_generator = (msg->msg.data[6] >> 5) & 1;
L
Linus Torvalds 已提交
4825 4826 4827
	}
}

4828
static void send_panic_events(struct ipmi_smi *intf, char *str)
L
Linus Torvalds 已提交
4829
{
4830 4831
	struct kernel_ipmi_msg msg;
	unsigned char data[16];
L
Linus Torvalds 已提交
4832
	struct ipmi_system_interface_addr *si;
4833 4834 4835 4836
	struct ipmi_addr addr;
	char *p = str;
	struct ipmi_ipmb_addr *ipmb;
	int j;
L
Linus Torvalds 已提交
4837

4838 4839 4840
	if (ipmi_send_panic_event == IPMI_SEND_PANIC_EVENT_NONE)
		return;

L
Linus Torvalds 已提交
4841 4842 4843 4844 4845 4846 4847 4848 4849 4850
	si = (struct ipmi_system_interface_addr *) &addr;
	si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
	si->channel = IPMI_BMC_CHANNEL;
	si->lun = 0;

	/* Fill in an event telling that we have failed. */
	msg.netfn = 0x04; /* Sensor or Event. */
	msg.cmd = 2; /* Platform event command. */
	msg.data = data;
	msg.data_len = 8;
M
Matt Domsch 已提交
4851
	data[0] = 0x41; /* Kernel generator ID, IPMI table 5-4 */
L
Linus Torvalds 已提交
4852 4853 4854 4855 4856
	data[1] = 0x03; /* This is for IPMI 1.0. */
	data[2] = 0x20; /* OS Critical Stop, IPMI table 36-3 */
	data[4] = 0x6f; /* Sensor specific, IPMI table 36-1 */
	data[5] = 0xa1; /* Runtime stop OEM bytes 2 & 3. */

4857 4858 4859 4860
	/*
	 * Put a few breadcrumbs in.  Hopefully later we can add more things
	 * to make the panic events more useful.
	 */
L
Linus Torvalds 已提交
4861 4862 4863 4864 4865 4866
	if (str) {
		data[3] = str[0];
		data[6] = str[1];
		data[7] = str[2];
	}

4867 4868
	/* Send the event announcing the panic. */
	ipmi_panic_request_and_wait(intf, &addr, &msg);
L
Linus Torvalds 已提交
4869

4870 4871 4872 4873
	/*
	 * On every interface, dump a bunch of OEM event holding the
	 * string.
	 */
4874
	if (ipmi_send_panic_event != IPMI_SEND_PANIC_EVENT_STRING || !str)
L
Linus Torvalds 已提交
4875 4876
		return;

4877 4878 4879 4880 4881 4882 4883
	/*
	 * intf_num is used as an marker to tell if the
	 * interface is valid.  Thus we need a read barrier to
	 * make sure data fetched before checking intf_num
	 * won't be used.
	 */
	smp_rmb();
L
Linus Torvalds 已提交
4884

4885 4886 4887 4888 4889 4890 4891
	/*
	 * First job here is to figure out where to send the
	 * OEM events.  There's no way in IPMI to send OEM
	 * events using an event send command, so we have to
	 * find the SEL to put them in and stick them in
	 * there.
	 */
4892

4893 4894 4895 4896
	/* Get capabilities from the get device id. */
	intf->local_sel_device = 0;
	intf->local_event_generator = 0;
	intf->event_receiver = 0;
L
Linus Torvalds 已提交
4897

4898 4899 4900 4901 4902 4903 4904
	/* Request the device info from the local MC. */
	msg.netfn = IPMI_NETFN_APP_REQUEST;
	msg.cmd = IPMI_GET_DEVICE_ID_CMD;
	msg.data = NULL;
	msg.data_len = 0;
	intf->null_user_handler = device_id_fetcher;
	ipmi_panic_request_and_wait(intf, &addr, &msg);
L
Linus Torvalds 已提交
4905

4906 4907 4908 4909
	if (intf->local_event_generator) {
		/* Request the event receiver from the local MC. */
		msg.netfn = IPMI_NETFN_SENSOR_EVENT_REQUEST;
		msg.cmd = IPMI_GET_EVENT_RECEIVER_CMD;
L
Linus Torvalds 已提交
4910 4911
		msg.data = NULL;
		msg.data_len = 0;
4912
		intf->null_user_handler = event_receiver_fetcher;
4913
		ipmi_panic_request_and_wait(intf, &addr, &msg);
4914 4915
	}
	intf->null_user_handler = NULL;
L
Linus Torvalds 已提交
4916

4917 4918 4919 4920 4921 4922 4923 4924 4925 4926 4927 4928 4929 4930 4931 4932 4933 4934 4935 4936 4937 4938 4939 4940 4941 4942 4943 4944 4945
	/*
	 * Validate the event receiver.  The low bit must not
	 * be 1 (it must be a valid IPMB address), it cannot
	 * be zero, and it must not be my address.
	 */
	if (((intf->event_receiver & 1) == 0)
	    && (intf->event_receiver != 0)
	    && (intf->event_receiver != intf->addrinfo[0].address)) {
		/*
		 * The event receiver is valid, send an IPMB
		 * message.
		 */
		ipmb = (struct ipmi_ipmb_addr *) &addr;
		ipmb->addr_type = IPMI_IPMB_ADDR_TYPE;
		ipmb->channel = 0; /* FIXME - is this right? */
		ipmb->lun = intf->event_receiver_lun;
		ipmb->slave_addr = intf->event_receiver;
	} else if (intf->local_sel_device) {
		/*
		 * The event receiver was not valid (or was
		 * me), but I am an SEL device, just dump it
		 * in my SEL.
		 */
		si = (struct ipmi_system_interface_addr *) &addr;
		si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
		si->channel = IPMI_BMC_CHANNEL;
		si->lun = 0;
	} else
		return; /* No where to send the event. */
L
Linus Torvalds 已提交
4946

4947 4948 4949 4950 4951 4952 4953 4954 4955 4956 4957 4958 4959 4960 4961 4962
	msg.netfn = IPMI_NETFN_STORAGE_REQUEST; /* Storage. */
	msg.cmd = IPMI_ADD_SEL_ENTRY_CMD;
	msg.data = data;
	msg.data_len = 16;

	j = 0;
	while (*p) {
		int size = strlen(p);

		if (size > 11)
			size = 11;
		data[0] = 0;
		data[1] = 0;
		data[2] = 0xf0; /* OEM event without timestamp. */
		data[3] = intf->addrinfo[0].address;
		data[4] = j++; /* sequence # */
4963
		/*
4964 4965
		 * Always give 11 bytes, so strncpy will fill
		 * it with zeroes for me.
4966
		 */
4967 4968
		strncpy(data+5, p, 11);
		p += size;
L
Linus Torvalds 已提交
4969

4970
		ipmi_panic_request_and_wait(intf, &addr, &msg);
4971
	}
L
Linus Torvalds 已提交
4972 4973
}

R
Randy Dunlap 已提交
4974
static int has_panicked;
L
Linus Torvalds 已提交
4975 4976 4977

static int panic_event(struct notifier_block *this,
		       unsigned long         event,
4978
		       void                  *ptr)
L
Linus Torvalds 已提交
4979
{
4980
	struct ipmi_smi *intf;
4981
	struct ipmi_user *user;
L
Linus Torvalds 已提交
4982

L
Lee Revell 已提交
4983
	if (has_panicked)
L
Linus Torvalds 已提交
4984
		return NOTIFY_DONE;
L
Lee Revell 已提交
4985
	has_panicked = 1;
L
Linus Torvalds 已提交
4986 4987

	/* For every registered interface, set it to run to completion. */
4988
	list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
4989
		if (!intf->handlers || intf->intf_num == -1)
4990
			/* Interface is not ready. */
L
Linus Torvalds 已提交
4991 4992
			continue;

4993 4994 4995
		if (!intf->handlers->poll)
			continue;

4996 4997 4998 4999 5000 5001 5002 5003 5004 5005 5006 5007 5008 5009 5010 5011 5012
		/*
		 * If we were interrupted while locking xmit_msgs_lock or
		 * waiting_rcv_msgs_lock, the corresponding list may be
		 * corrupted.  In this case, drop items on the list for
		 * the safety.
		 */
		if (!spin_trylock(&intf->xmit_msgs_lock)) {
			INIT_LIST_HEAD(&intf->xmit_msgs);
			INIT_LIST_HEAD(&intf->hp_xmit_msgs);
		} else
			spin_unlock(&intf->xmit_msgs_lock);

		if (!spin_trylock(&intf->waiting_rcv_msgs_lock))
			INIT_LIST_HEAD(&intf->waiting_rcv_msgs);
		else
			spin_unlock(&intf->waiting_rcv_msgs_lock);

5013
		intf->run_to_completion = 1;
5014 5015 5016
		if (intf->handlers->set_run_to_completion)
			intf->handlers->set_run_to_completion(intf->send_info,
							      1);
L
Linus Torvalds 已提交
5017

5018 5019 5020 5021 5022 5023 5024 5025
		list_for_each_entry_rcu(user, &intf->users, link) {
			if (user->handler->ipmi_panic_handler)
				user->handler->ipmi_panic_handler(
					user->handler_data);
		}

		send_panic_events(intf, ptr);
	}
L
Linus Torvalds 已提交
5026 5027 5028 5029 5030 5031 5032 5033 5034 5035 5036 5037

	return NOTIFY_DONE;
}

static struct notifier_block panic_block = {
	.notifier_call	= panic_event,
	.next		= NULL,
	.priority	= 200	/* priority: INT_MAX >= x >= 0 */
};

static int ipmi_init_msghandler(void)
{
5038
	int rv;
L
Linus Torvalds 已提交
5039 5040 5041 5042

	if (initialized)
		return 0;

5043
	rv = driver_register(&ipmidriver.driver);
5044
	if (rv) {
5045
		pr_err("Could not register IPMI driver\n");
5046 5047 5048
		return rv;
	}

5049
	pr_info("version " IPMI_DRIVER_VERSION "\n");
L
Linus Torvalds 已提交
5050

5051
	timer_setup(&ipmi_timer, ipmi_timeout, 0);
5052
	mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
L
Linus Torvalds 已提交
5053

5054
	atomic_notifier_chain_register(&panic_notifier_list, &panic_block);
L
Linus Torvalds 已提交
5055 5056 5057 5058 5059 5060

	initialized = 1;

	return 0;
}

5061
static int __init ipmi_init_msghandler_mod(void)
L
Linus Torvalds 已提交
5062 5063 5064 5065 5066
{
	ipmi_init_msghandler();
	return 0;
}

5067
static void __exit cleanup_ipmi(void)
L
Linus Torvalds 已提交
5068 5069 5070 5071 5072 5073
{
	int count;

	if (!initialized)
		return;

5074
	atomic_notifier_chain_unregister(&panic_notifier_list, &panic_block);
L
Linus Torvalds 已提交
5075

5076 5077 5078 5079
	/*
	 * This can't be called if any interfaces exist, so no worry
	 * about shutting down the interfaces.
	 */
L
Linus Torvalds 已提交
5080

5081 5082 5083 5084 5085
	/*
	 * Tell the timer to stop, then wait for it to stop.  This
	 * avoids problems with race conditions removing the timer
	 * here.
	 */
5086 5087
	atomic_inc(&stop_operation);
	del_timer_sync(&ipmi_timer);
L
Linus Torvalds 已提交
5088

5089
	driver_unregister(&ipmidriver.driver);
5090

L
Linus Torvalds 已提交
5091 5092 5093 5094 5095
	initialized = 0;

	/* Check for buffer leaks. */
	count = atomic_read(&smi_msg_inuse_count);
	if (count != 0)
5096
		pr_warn("SMI message count %d at exit\n", count);
L
Linus Torvalds 已提交
5097 5098
	count = atomic_read(&recv_msg_inuse_count);
	if (count != 0)
5099
		pr_warn("recv message count %d at exit\n", count);
L
Linus Torvalds 已提交
5100 5101 5102 5103 5104
}
module_exit(cleanup_ipmi);

module_init(ipmi_init_msghandler_mod);
MODULE_LICENSE("GPL");
5105
MODULE_AUTHOR("Corey Minyard <minyard@mvista.com>");
5106 5107
MODULE_DESCRIPTION("Incoming and outgoing message routing for an IPMI"
		   " interface.");
5108
MODULE_VERSION(IPMI_DRIVER_VERSION);
5109
MODULE_SOFTDEP("post: ipmi_devintf");