]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - drivers/char/ipmi/ipmi_msghandler.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
[mirror_ubuntu-bionic-kernel.git] / drivers / char / ipmi / ipmi_msghandler.c
1 /*
2 * ipmi_msghandler.c
3 *
4 * Incoming and outgoing message routing for an IPMI interface.
5 *
6 * Author: MontaVista Software, Inc.
7 * Corey Minyard <minyard@mvista.com>
8 * source@mvista.com
9 *
10 * Copyright 2002 MontaVista Software Inc.
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version.
16 *
17 *
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
24 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
26 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
27 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
29 * You should have received a copy of the GNU General Public License along
30 * with this program; if not, write to the Free Software Foundation, Inc.,
31 * 675 Mass Ave, Cambridge, MA 02139, USA.
32 */
33
34 #include <linux/module.h>
35 #include <linux/errno.h>
36 #include <linux/poll.h>
37 #include <linux/sched.h>
38 #include <linux/seq_file.h>
39 #include <linux/spinlock.h>
40 #include <linux/mutex.h>
41 #include <linux/slab.h>
42 #include <linux/ipmi.h>
43 #include <linux/ipmi_smi.h>
44 #include <linux/notifier.h>
45 #include <linux/init.h>
46 #include <linux/proc_fs.h>
47 #include <linux/rcupdate.h>
48 #include <linux/interrupt.h>
49 #include <linux/moduleparam.h>
50 #include <linux/workqueue.h>
51 #include <linux/uuid.h>
52 #include <linux/nospec.h>
53
54 #define PFX "IPMI message handler: "
55
56 #define IPMI_DRIVER_VERSION "39.2"
57
58 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void);
59 static int ipmi_init_msghandler(void);
60 static void smi_recv_tasklet(unsigned long);
61 static void handle_new_recv_msgs(ipmi_smi_t intf);
62 static void need_waiter(ipmi_smi_t intf);
63 static int handle_one_recv_msg(ipmi_smi_t intf,
64 struct ipmi_smi_msg *msg);
65
66 static int initialized;
67
68 enum ipmi_panic_event_op {
69 IPMI_SEND_PANIC_EVENT_NONE,
70 IPMI_SEND_PANIC_EVENT,
71 IPMI_SEND_PANIC_EVENT_STRING
72 };
73 #ifdef CONFIG_IPMI_PANIC_STRING
74 #define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT_STRING
75 #elif defined(CONFIG_IPMI_PANIC_EVENT)
76 #define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT
77 #else
78 #define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT_NONE
79 #endif
80 static enum ipmi_panic_event_op ipmi_send_panic_event = IPMI_PANIC_DEFAULT;
81
82 static int panic_op_write_handler(const char *val,
83 const struct kernel_param *kp)
84 {
85 char valcp[16];
86 char *s;
87
88 strncpy(valcp, val, 16);
89 valcp[15] = '\0';
90
91 s = strstrip(valcp);
92
93 if (strcmp(s, "none") == 0)
94 ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT_NONE;
95 else if (strcmp(s, "event") == 0)
96 ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT;
97 else if (strcmp(s, "string") == 0)
98 ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT_STRING;
99 else
100 return -EINVAL;
101
102 return 0;
103 }
104
105 static int panic_op_read_handler(char *buffer, const struct kernel_param *kp)
106 {
107 switch (ipmi_send_panic_event) {
108 case IPMI_SEND_PANIC_EVENT_NONE:
109 strcpy(buffer, "none");
110 break;
111
112 case IPMI_SEND_PANIC_EVENT:
113 strcpy(buffer, "event");
114 break;
115
116 case IPMI_SEND_PANIC_EVENT_STRING:
117 strcpy(buffer, "string");
118 break;
119
120 default:
121 strcpy(buffer, "???");
122 break;
123 }
124
125 return strlen(buffer);
126 }
127
128 static const struct kernel_param_ops panic_op_ops = {
129 .set = panic_op_write_handler,
130 .get = panic_op_read_handler
131 };
132 module_param_cb(panic_op, &panic_op_ops, NULL, 0600);
133 MODULE_PARM_DESC(panic_op, "Sets if the IPMI driver will attempt to store panic information in the event log in the event of a panic. Set to 'none' for no, 'event' for a single event, or 'string' for a generic event and the panic string in IPMI OEM events.");
134
135
136 #ifdef CONFIG_IPMI_PROC_INTERFACE
137 static struct proc_dir_entry *proc_ipmi_root;
138 #endif /* CONFIG_IPMI_PROC_INTERFACE */
139
140 /* Remain in auto-maintenance mode for this amount of time (in ms). */
141 #define IPMI_MAINTENANCE_MODE_TIMEOUT 30000
142
143 #define MAX_EVENTS_IN_QUEUE 25
144
145 /*
146 * Don't let a message sit in a queue forever, always time it with at lest
147 * the max message timer. This is in milliseconds.
148 */
149 #define MAX_MSG_TIMEOUT 60000
150
151 /* Call every ~1000 ms. */
152 #define IPMI_TIMEOUT_TIME 1000
153
154 /* How many jiffies does it take to get to the timeout time. */
155 #define IPMI_TIMEOUT_JIFFIES ((IPMI_TIMEOUT_TIME * HZ) / 1000)
156
157 /*
158 * Request events from the queue every second (this is the number of
159 * IPMI_TIMEOUT_TIMES between event requests). Hopefully, in the
160 * future, IPMI will add a way to know immediately if an event is in
161 * the queue and this silliness can go away.
162 */
163 #define IPMI_REQUEST_EV_TIME (1000 / (IPMI_TIMEOUT_TIME))
164
165 /* How long should we cache dynamic device IDs? */
166 #define IPMI_DYN_DEV_ID_EXPIRY (10 * HZ)
167
168 /*
169 * The main "user" data structure.
170 */
171 struct ipmi_user {
172 struct list_head link;
173
174 /* Set to false when the user is destroyed. */
175 bool valid;
176
177 struct kref refcount;
178
179 /* The upper layer that handles receive messages. */
180 const struct ipmi_user_hndl *handler;
181 void *handler_data;
182
183 /* The interface this user is bound to. */
184 ipmi_smi_t intf;
185
186 /* Does this interface receive IPMI events? */
187 bool gets_events;
188 };
189
190 struct cmd_rcvr {
191 struct list_head link;
192
193 ipmi_user_t user;
194 unsigned char netfn;
195 unsigned char cmd;
196 unsigned int chans;
197
198 /*
199 * This is used to form a linked lised during mass deletion.
200 * Since this is in an RCU list, we cannot use the link above
201 * or change any data until the RCU period completes. So we
202 * use this next variable during mass deletion so we can have
203 * a list and don't have to wait and restart the search on
204 * every individual deletion of a command.
205 */
206 struct cmd_rcvr *next;
207 };
208
209 struct seq_table {
210 unsigned int inuse : 1;
211 unsigned int broadcast : 1;
212
213 unsigned long timeout;
214 unsigned long orig_timeout;
215 unsigned int retries_left;
216
217 /*
218 * To verify on an incoming send message response that this is
219 * the message that the response is for, we keep a sequence id
220 * and increment it every time we send a message.
221 */
222 long seqid;
223
224 /*
225 * This is held so we can properly respond to the message on a
226 * timeout, and it is used to hold the temporary data for
227 * retransmission, too.
228 */
229 struct ipmi_recv_msg *recv_msg;
230 };
231
232 /*
233 * Store the information in a msgid (long) to allow us to find a
234 * sequence table entry from the msgid.
235 */
236 #define STORE_SEQ_IN_MSGID(seq, seqid) \
237 ((((seq) & 0x3f) << 26) | ((seqid) & 0x3ffffff))
238
239 #define GET_SEQ_FROM_MSGID(msgid, seq, seqid) \
240 do { \
241 seq = (((msgid) >> 26) & 0x3f); \
242 seqid = ((msgid) & 0x3ffffff); \
243 } while (0)
244
245 #define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3ffffff)
246
247 #define IPMI_MAX_CHANNELS 16
248 struct ipmi_channel {
249 unsigned char medium;
250 unsigned char protocol;
251 };
252
253 struct ipmi_channel_set {
254 struct ipmi_channel c[IPMI_MAX_CHANNELS];
255 };
256
257 struct ipmi_my_addrinfo {
258 /*
259 * My slave address. This is initialized to IPMI_BMC_SLAVE_ADDR,
260 * but may be changed by the user.
261 */
262 unsigned char address;
263
264 /*
265 * My LUN. This should generally stay the SMS LUN, but just in
266 * case...
267 */
268 unsigned char lun;
269 };
270
271 #ifdef CONFIG_IPMI_PROC_INTERFACE
272 struct ipmi_proc_entry {
273 char *name;
274 struct ipmi_proc_entry *next;
275 };
276 #endif
277
278 /*
279 * Note that the product id, manufacturer id, guid, and device id are
280 * immutable in this structure, so dyn_mutex is not required for
281 * accessing those. If those change on a BMC, a new BMC is allocated.
282 */
283 struct bmc_device {
284 struct platform_device pdev;
285 struct list_head intfs; /* Interfaces on this BMC. */
286 struct ipmi_device_id id;
287 struct ipmi_device_id fetch_id;
288 int dyn_id_set;
289 unsigned long dyn_id_expiry;
290 struct mutex dyn_mutex; /* Protects id, intfs, & dyn* */
291 guid_t guid;
292 guid_t fetch_guid;
293 int dyn_guid_set;
294 struct kref usecount;
295 struct work_struct remove_work;
296 };
297 #define to_bmc_device(x) container_of((x), struct bmc_device, pdev.dev)
298
299 static int bmc_get_device_id(ipmi_smi_t intf, struct bmc_device *bmc,
300 struct ipmi_device_id *id,
301 bool *guid_set, guid_t *guid);
302
303 /*
304 * Various statistics for IPMI, these index stats[] in the ipmi_smi
305 * structure.
306 */
307 enum ipmi_stat_indexes {
308 /* Commands we got from the user that were invalid. */
309 IPMI_STAT_sent_invalid_commands = 0,
310
311 /* Commands we sent to the MC. */
312 IPMI_STAT_sent_local_commands,
313
314 /* Responses from the MC that were delivered to a user. */
315 IPMI_STAT_handled_local_responses,
316
317 /* Responses from the MC that were not delivered to a user. */
318 IPMI_STAT_unhandled_local_responses,
319
320 /* Commands we sent out to the IPMB bus. */
321 IPMI_STAT_sent_ipmb_commands,
322
323 /* Commands sent on the IPMB that had errors on the SEND CMD */
324 IPMI_STAT_sent_ipmb_command_errs,
325
326 /* Each retransmit increments this count. */
327 IPMI_STAT_retransmitted_ipmb_commands,
328
329 /*
330 * When a message times out (runs out of retransmits) this is
331 * incremented.
332 */
333 IPMI_STAT_timed_out_ipmb_commands,
334
335 /*
336 * This is like above, but for broadcasts. Broadcasts are
337 * *not* included in the above count (they are expected to
338 * time out).
339 */
340 IPMI_STAT_timed_out_ipmb_broadcasts,
341
342 /* Responses I have sent to the IPMB bus. */
343 IPMI_STAT_sent_ipmb_responses,
344
345 /* The response was delivered to the user. */
346 IPMI_STAT_handled_ipmb_responses,
347
348 /* The response had invalid data in it. */
349 IPMI_STAT_invalid_ipmb_responses,
350
351 /* The response didn't have anyone waiting for it. */
352 IPMI_STAT_unhandled_ipmb_responses,
353
354 /* Commands we sent out to the IPMB bus. */
355 IPMI_STAT_sent_lan_commands,
356
357 /* Commands sent on the IPMB that had errors on the SEND CMD */
358 IPMI_STAT_sent_lan_command_errs,
359
360 /* Each retransmit increments this count. */
361 IPMI_STAT_retransmitted_lan_commands,
362
363 /*
364 * When a message times out (runs out of retransmits) this is
365 * incremented.
366 */
367 IPMI_STAT_timed_out_lan_commands,
368
369 /* Responses I have sent to the IPMB bus. */
370 IPMI_STAT_sent_lan_responses,
371
372 /* The response was delivered to the user. */
373 IPMI_STAT_handled_lan_responses,
374
375 /* The response had invalid data in it. */
376 IPMI_STAT_invalid_lan_responses,
377
378 /* The response didn't have anyone waiting for it. */
379 IPMI_STAT_unhandled_lan_responses,
380
381 /* The command was delivered to the user. */
382 IPMI_STAT_handled_commands,
383
384 /* The command had invalid data in it. */
385 IPMI_STAT_invalid_commands,
386
387 /* The command didn't have anyone waiting for it. */
388 IPMI_STAT_unhandled_commands,
389
390 /* Invalid data in an event. */
391 IPMI_STAT_invalid_events,
392
393 /* Events that were received with the proper format. */
394 IPMI_STAT_events,
395
396 /* Retransmissions on IPMB that failed. */
397 IPMI_STAT_dropped_rexmit_ipmb_commands,
398
399 /* Retransmissions on LAN that failed. */
400 IPMI_STAT_dropped_rexmit_lan_commands,
401
402 /* This *must* remain last, add new values above this. */
403 IPMI_NUM_STATS
404 };
405
406
407 #define IPMI_IPMB_NUM_SEQ 64
408 struct ipmi_smi {
409 /* What interface number are we? */
410 int intf_num;
411
412 struct kref refcount;
413
414 /* Set when the interface is being unregistered. */
415 bool in_shutdown;
416
417 /* Used for a list of interfaces. */
418 struct list_head link;
419
420 /*
421 * The list of upper layers that are using me. seq_lock
422 * protects this.
423 */
424 struct list_head users;
425
426 /* Used for wake ups at startup. */
427 wait_queue_head_t waitq;
428
429 /*
430 * Prevents the interface from being unregistered when the
431 * interface is used by being looked up through the BMC
432 * structure.
433 */
434 struct mutex bmc_reg_mutex;
435
436 struct bmc_device tmp_bmc;
437 struct bmc_device *bmc;
438 bool bmc_registered;
439 struct list_head bmc_link;
440 char *my_dev_name;
441 bool in_bmc_register; /* Handle recursive situations. Yuck. */
442 struct work_struct bmc_reg_work;
443
444 /*
445 * This is the lower-layer's sender routine. Note that you
446 * must either be holding the ipmi_interfaces_mutex or be in
447 * an umpreemptible region to use this. You must fetch the
448 * value into a local variable and make sure it is not NULL.
449 */
450 const struct ipmi_smi_handlers *handlers;
451 void *send_info;
452
453 #ifdef CONFIG_IPMI_PROC_INTERFACE
454 /* A list of proc entries for this interface. */
455 struct mutex proc_entry_lock;
456 struct ipmi_proc_entry *proc_entries;
457
458 struct proc_dir_entry *proc_dir;
459 char proc_dir_name[10];
460 #endif
461
462 /* Driver-model device for the system interface. */
463 struct device *si_dev;
464
465 /*
466 * A table of sequence numbers for this interface. We use the
467 * sequence numbers for IPMB messages that go out of the
468 * interface to match them up with their responses. A routine
469 * is called periodically to time the items in this list.
470 */
471 spinlock_t seq_lock;
472 struct seq_table seq_table[IPMI_IPMB_NUM_SEQ];
473 int curr_seq;
474
475 /*
476 * Messages queued for delivery. If delivery fails (out of memory
477 * for instance), They will stay in here to be processed later in a
478 * periodic timer interrupt. The tasklet is for handling received
479 * messages directly from the handler.
480 */
481 spinlock_t waiting_rcv_msgs_lock;
482 struct list_head waiting_rcv_msgs;
483 atomic_t watchdog_pretimeouts_to_deliver;
484 struct tasklet_struct recv_tasklet;
485
486 spinlock_t xmit_msgs_lock;
487 struct list_head xmit_msgs;
488 struct ipmi_smi_msg *curr_msg;
489 struct list_head hp_xmit_msgs;
490
491 /*
492 * The list of command receivers that are registered for commands
493 * on this interface.
494 */
495 struct mutex cmd_rcvrs_mutex;
496 struct list_head cmd_rcvrs;
497
498 /*
499 * Events that were queues because no one was there to receive
500 * them.
501 */
502 spinlock_t events_lock; /* For dealing with event stuff. */
503 struct list_head waiting_events;
504 unsigned int waiting_events_count; /* How many events in queue? */
505 char delivering_events;
506 char event_msg_printed;
507 atomic_t event_waiters;
508 unsigned int ticks_to_req_ev;
509 int last_needs_timer;
510
511 /*
512 * The event receiver for my BMC, only really used at panic
513 * shutdown as a place to store this.
514 */
515 unsigned char event_receiver;
516 unsigned char event_receiver_lun;
517 unsigned char local_sel_device;
518 unsigned char local_event_generator;
519
520 /* For handling of maintenance mode. */
521 int maintenance_mode;
522 bool maintenance_mode_enable;
523 int auto_maintenance_timeout;
524 spinlock_t maintenance_mode_lock; /* Used in a timer... */
525
526 /*
527 * A cheap hack, if this is non-null and a message to an
528 * interface comes in with a NULL user, call this routine with
529 * it. Note that the message will still be freed by the
530 * caller. This only works on the system interface.
531 *
532 * Protected by bmc_reg_mutex.
533 */
534 void (*null_user_handler)(ipmi_smi_t intf, struct ipmi_recv_msg *msg);
535
536 /*
537 * When we are scanning the channels for an SMI, this will
538 * tell which channel we are scanning.
539 */
540 int curr_channel;
541
542 /* Channel information */
543 struct ipmi_channel_set *channel_list;
544 unsigned int curr_working_cset; /* First index into the following. */
545 struct ipmi_channel_set wchannels[2];
546 struct ipmi_my_addrinfo addrinfo[IPMI_MAX_CHANNELS];
547 bool channels_ready;
548
549 atomic_t stats[IPMI_NUM_STATS];
550
551 /*
552 * run_to_completion duplicate of smb_info, smi_info
553 * and ipmi_serial_info structures. Used to decrease numbers of
554 * parameters passed by "low" level IPMI code.
555 */
556 int run_to_completion;
557 };
558 #define to_si_intf_from_dev(device) container_of(device, struct ipmi_smi, dev)
559
560 static void __get_guid(ipmi_smi_t intf);
561 static void __ipmi_bmc_unregister(ipmi_smi_t intf);
562 static int __ipmi_bmc_register(ipmi_smi_t intf,
563 struct ipmi_device_id *id,
564 bool guid_set, guid_t *guid, int intf_num);
565 static int __scan_channels(ipmi_smi_t intf, struct ipmi_device_id *id);
566
567
568 /**
569 * The driver model view of the IPMI messaging driver.
570 */
571 static struct platform_driver ipmidriver = {
572 .driver = {
573 .name = "ipmi",
574 .bus = &platform_bus_type
575 }
576 };
577 /*
578 * This mutex keeps us from adding the same BMC twice.
579 */
580 static DEFINE_MUTEX(ipmidriver_mutex);
581
582 static LIST_HEAD(ipmi_interfaces);
583 static DEFINE_MUTEX(ipmi_interfaces_mutex);
584
585 /*
586 * List of watchers that want to know when smi's are added and deleted.
587 */
588 static LIST_HEAD(smi_watchers);
589 static DEFINE_MUTEX(smi_watchers_mutex);
590
591 #define ipmi_inc_stat(intf, stat) \
592 atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat])
593 #define ipmi_get_stat(intf, stat) \
594 ((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat]))
595
596 static const char * const addr_src_to_str[] = {
597 "invalid", "hotmod", "hardcoded", "SPMI", "ACPI", "SMBIOS", "PCI",
598 "device-tree", "platform"
599 };
600
601 const char *ipmi_addr_src_to_str(enum ipmi_addr_src src)
602 {
603 if (src >= SI_LAST)
604 src = 0; /* Invalid */
605 return addr_src_to_str[src];
606 }
607 EXPORT_SYMBOL(ipmi_addr_src_to_str);
608
609 static int is_lan_addr(struct ipmi_addr *addr)
610 {
611 return addr->addr_type == IPMI_LAN_ADDR_TYPE;
612 }
613
614 static int is_ipmb_addr(struct ipmi_addr *addr)
615 {
616 return addr->addr_type == IPMI_IPMB_ADDR_TYPE;
617 }
618
619 static int is_ipmb_bcast_addr(struct ipmi_addr *addr)
620 {
621 return addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE;
622 }
623
624 static void free_recv_msg_list(struct list_head *q)
625 {
626 struct ipmi_recv_msg *msg, *msg2;
627
628 list_for_each_entry_safe(msg, msg2, q, link) {
629 list_del(&msg->link);
630 ipmi_free_recv_msg(msg);
631 }
632 }
633
634 static void free_smi_msg_list(struct list_head *q)
635 {
636 struct ipmi_smi_msg *msg, *msg2;
637
638 list_for_each_entry_safe(msg, msg2, q, link) {
639 list_del(&msg->link);
640 ipmi_free_smi_msg(msg);
641 }
642 }
643
644 static void clean_up_interface_data(ipmi_smi_t intf)
645 {
646 int i;
647 struct cmd_rcvr *rcvr, *rcvr2;
648 struct list_head list;
649
650 tasklet_kill(&intf->recv_tasklet);
651
652 free_smi_msg_list(&intf->waiting_rcv_msgs);
653 free_recv_msg_list(&intf->waiting_events);
654
655 /*
656 * Wholesale remove all the entries from the list in the
657 * interface and wait for RCU to know that none are in use.
658 */
659 mutex_lock(&intf->cmd_rcvrs_mutex);
660 INIT_LIST_HEAD(&list);
661 list_splice_init_rcu(&intf->cmd_rcvrs, &list, synchronize_rcu);
662 mutex_unlock(&intf->cmd_rcvrs_mutex);
663
664 list_for_each_entry_safe(rcvr, rcvr2, &list, link)
665 kfree(rcvr);
666
667 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
668 if ((intf->seq_table[i].inuse)
669 && (intf->seq_table[i].recv_msg))
670 ipmi_free_recv_msg(intf->seq_table[i].recv_msg);
671 }
672 }
673
674 static void intf_free(struct kref *ref)
675 {
676 ipmi_smi_t intf = container_of(ref, struct ipmi_smi, refcount);
677
678 clean_up_interface_data(intf);
679 kfree(intf);
680 }
681
682 struct watcher_entry {
683 int intf_num;
684 ipmi_smi_t intf;
685 struct list_head link;
686 };
687
688 int ipmi_smi_watcher_register(struct ipmi_smi_watcher *watcher)
689 {
690 ipmi_smi_t intf;
691 LIST_HEAD(to_deliver);
692 struct watcher_entry *e, *e2;
693
694 mutex_lock(&smi_watchers_mutex);
695
696 mutex_lock(&ipmi_interfaces_mutex);
697
698 /* Build a list of things to deliver. */
699 list_for_each_entry(intf, &ipmi_interfaces, link) {
700 if (intf->intf_num == -1)
701 continue;
702 e = kmalloc(sizeof(*e), GFP_KERNEL);
703 if (!e)
704 goto out_err;
705 kref_get(&intf->refcount);
706 e->intf = intf;
707 e->intf_num = intf->intf_num;
708 list_add_tail(&e->link, &to_deliver);
709 }
710
711 /* We will succeed, so add it to the list. */
712 list_add(&watcher->link, &smi_watchers);
713
714 mutex_unlock(&ipmi_interfaces_mutex);
715
716 list_for_each_entry_safe(e, e2, &to_deliver, link) {
717 list_del(&e->link);
718 watcher->new_smi(e->intf_num, e->intf->si_dev);
719 kref_put(&e->intf->refcount, intf_free);
720 kfree(e);
721 }
722
723 mutex_unlock(&smi_watchers_mutex);
724
725 return 0;
726
727 out_err:
728 mutex_unlock(&ipmi_interfaces_mutex);
729 mutex_unlock(&smi_watchers_mutex);
730 list_for_each_entry_safe(e, e2, &to_deliver, link) {
731 list_del(&e->link);
732 kref_put(&e->intf->refcount, intf_free);
733 kfree(e);
734 }
735 return -ENOMEM;
736 }
737 EXPORT_SYMBOL(ipmi_smi_watcher_register);
738
739 int ipmi_smi_watcher_unregister(struct ipmi_smi_watcher *watcher)
740 {
741 mutex_lock(&smi_watchers_mutex);
742 list_del(&(watcher->link));
743 mutex_unlock(&smi_watchers_mutex);
744 return 0;
745 }
746 EXPORT_SYMBOL(ipmi_smi_watcher_unregister);
747
748 /*
749 * Must be called with smi_watchers_mutex held.
750 */
751 static void
752 call_smi_watchers(int i, struct device *dev)
753 {
754 struct ipmi_smi_watcher *w;
755
756 list_for_each_entry(w, &smi_watchers, link) {
757 if (try_module_get(w->owner)) {
758 w->new_smi(i, dev);
759 module_put(w->owner);
760 }
761 }
762 }
763
764 static int
765 ipmi_addr_equal(struct ipmi_addr *addr1, struct ipmi_addr *addr2)
766 {
767 if (addr1->addr_type != addr2->addr_type)
768 return 0;
769
770 if (addr1->channel != addr2->channel)
771 return 0;
772
773 if (addr1->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
774 struct ipmi_system_interface_addr *smi_addr1
775 = (struct ipmi_system_interface_addr *) addr1;
776 struct ipmi_system_interface_addr *smi_addr2
777 = (struct ipmi_system_interface_addr *) addr2;
778 return (smi_addr1->lun == smi_addr2->lun);
779 }
780
781 if (is_ipmb_addr(addr1) || is_ipmb_bcast_addr(addr1)) {
782 struct ipmi_ipmb_addr *ipmb_addr1
783 = (struct ipmi_ipmb_addr *) addr1;
784 struct ipmi_ipmb_addr *ipmb_addr2
785 = (struct ipmi_ipmb_addr *) addr2;
786
787 return ((ipmb_addr1->slave_addr == ipmb_addr2->slave_addr)
788 && (ipmb_addr1->lun == ipmb_addr2->lun));
789 }
790
791 if (is_lan_addr(addr1)) {
792 struct ipmi_lan_addr *lan_addr1
793 = (struct ipmi_lan_addr *) addr1;
794 struct ipmi_lan_addr *lan_addr2
795 = (struct ipmi_lan_addr *) addr2;
796
797 return ((lan_addr1->remote_SWID == lan_addr2->remote_SWID)
798 && (lan_addr1->local_SWID == lan_addr2->local_SWID)
799 && (lan_addr1->session_handle
800 == lan_addr2->session_handle)
801 && (lan_addr1->lun == lan_addr2->lun));
802 }
803
804 return 1;
805 }
806
807 int ipmi_validate_addr(struct ipmi_addr *addr, int len)
808 {
809 if (len < sizeof(struct ipmi_system_interface_addr))
810 return -EINVAL;
811
812 if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
813 if (addr->channel != IPMI_BMC_CHANNEL)
814 return -EINVAL;
815 return 0;
816 }
817
818 if ((addr->channel == IPMI_BMC_CHANNEL)
819 || (addr->channel >= IPMI_MAX_CHANNELS)
820 || (addr->channel < 0))
821 return -EINVAL;
822
823 if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) {
824 if (len < sizeof(struct ipmi_ipmb_addr))
825 return -EINVAL;
826 return 0;
827 }
828
829 if (is_lan_addr(addr)) {
830 if (len < sizeof(struct ipmi_lan_addr))
831 return -EINVAL;
832 return 0;
833 }
834
835 return -EINVAL;
836 }
837 EXPORT_SYMBOL(ipmi_validate_addr);
838
839 unsigned int ipmi_addr_length(int addr_type)
840 {
841 if (addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
842 return sizeof(struct ipmi_system_interface_addr);
843
844 if ((addr_type == IPMI_IPMB_ADDR_TYPE)
845 || (addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
846 return sizeof(struct ipmi_ipmb_addr);
847
848 if (addr_type == IPMI_LAN_ADDR_TYPE)
849 return sizeof(struct ipmi_lan_addr);
850
851 return 0;
852 }
853 EXPORT_SYMBOL(ipmi_addr_length);
854
855 static void deliver_response(struct ipmi_recv_msg *msg)
856 {
857 if (!msg->user) {
858 ipmi_smi_t intf = msg->user_msg_data;
859
860 /* Special handling for NULL users. */
861 if (intf->null_user_handler) {
862 intf->null_user_handler(intf, msg);
863 ipmi_inc_stat(intf, handled_local_responses);
864 } else {
865 /* No handler, so give up. */
866 ipmi_inc_stat(intf, unhandled_local_responses);
867 }
868 ipmi_free_recv_msg(msg);
869 } else if (!oops_in_progress) {
870 /*
871 * If we are running in the panic context, calling the
872 * receive handler doesn't much meaning and has a deadlock
873 * risk. At this moment, simply skip it in that case.
874 */
875
876 ipmi_user_t user = msg->user;
877 user->handler->ipmi_recv_hndl(msg, user->handler_data);
878 }
879 }
880
881 static void
882 deliver_err_response(struct ipmi_recv_msg *msg, int err)
883 {
884 msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
885 msg->msg_data[0] = err;
886 msg->msg.netfn |= 1; /* Convert to a response. */
887 msg->msg.data_len = 1;
888 msg->msg.data = msg->msg_data;
889 deliver_response(msg);
890 }
891
892 /*
893 * Find the next sequence number not being used and add the given
894 * message with the given timeout to the sequence table. This must be
895 * called with the interface's seq_lock held.
896 */
897 static int intf_next_seq(ipmi_smi_t intf,
898 struct ipmi_recv_msg *recv_msg,
899 unsigned long timeout,
900 int retries,
901 int broadcast,
902 unsigned char *seq,
903 long *seqid)
904 {
905 int rv = 0;
906 unsigned int i;
907
908 for (i = intf->curr_seq; (i+1)%IPMI_IPMB_NUM_SEQ != intf->curr_seq;
909 i = (i+1)%IPMI_IPMB_NUM_SEQ) {
910 if (!intf->seq_table[i].inuse)
911 break;
912 }
913
914 if (!intf->seq_table[i].inuse) {
915 intf->seq_table[i].recv_msg = recv_msg;
916
917 /*
918 * Start with the maximum timeout, when the send response
919 * comes in we will start the real timer.
920 */
921 intf->seq_table[i].timeout = MAX_MSG_TIMEOUT;
922 intf->seq_table[i].orig_timeout = timeout;
923 intf->seq_table[i].retries_left = retries;
924 intf->seq_table[i].broadcast = broadcast;
925 intf->seq_table[i].inuse = 1;
926 intf->seq_table[i].seqid = NEXT_SEQID(intf->seq_table[i].seqid);
927 *seq = i;
928 *seqid = intf->seq_table[i].seqid;
929 intf->curr_seq = (i+1)%IPMI_IPMB_NUM_SEQ;
930 need_waiter(intf);
931 } else {
932 rv = -EAGAIN;
933 }
934
935 return rv;
936 }
937
938 /*
939 * Return the receive message for the given sequence number and
940 * release the sequence number so it can be reused. Some other data
941 * is passed in to be sure the message matches up correctly (to help
942 * guard against message coming in after their timeout and the
943 * sequence number being reused).
944 */
945 static int intf_find_seq(ipmi_smi_t intf,
946 unsigned char seq,
947 short channel,
948 unsigned char cmd,
949 unsigned char netfn,
950 struct ipmi_addr *addr,
951 struct ipmi_recv_msg **recv_msg)
952 {
953 int rv = -ENODEV;
954 unsigned long flags;
955
956 if (seq >= IPMI_IPMB_NUM_SEQ)
957 return -EINVAL;
958
959 spin_lock_irqsave(&(intf->seq_lock), flags);
960 if (intf->seq_table[seq].inuse) {
961 struct ipmi_recv_msg *msg = intf->seq_table[seq].recv_msg;
962
963 if ((msg->addr.channel == channel) && (msg->msg.cmd == cmd)
964 && (msg->msg.netfn == netfn)
965 && (ipmi_addr_equal(addr, &(msg->addr)))) {
966 *recv_msg = msg;
967 intf->seq_table[seq].inuse = 0;
968 rv = 0;
969 }
970 }
971 spin_unlock_irqrestore(&(intf->seq_lock), flags);
972
973 return rv;
974 }
975
976
977 /* Start the timer for a specific sequence table entry. */
978 static int intf_start_seq_timer(ipmi_smi_t intf,
979 long msgid)
980 {
981 int rv = -ENODEV;
982 unsigned long flags;
983 unsigned char seq;
984 unsigned long seqid;
985
986
987 GET_SEQ_FROM_MSGID(msgid, seq, seqid);
988
989 spin_lock_irqsave(&(intf->seq_lock), flags);
990 /*
991 * We do this verification because the user can be deleted
992 * while a message is outstanding.
993 */
994 if ((intf->seq_table[seq].inuse)
995 && (intf->seq_table[seq].seqid == seqid)) {
996 struct seq_table *ent = &(intf->seq_table[seq]);
997 ent->timeout = ent->orig_timeout;
998 rv = 0;
999 }
1000 spin_unlock_irqrestore(&(intf->seq_lock), flags);
1001
1002 return rv;
1003 }
1004
1005 /* Got an error for the send message for a specific sequence number. */
1006 static int intf_err_seq(ipmi_smi_t intf,
1007 long msgid,
1008 unsigned int err)
1009 {
1010 int rv = -ENODEV;
1011 unsigned long flags;
1012 unsigned char seq;
1013 unsigned long seqid;
1014 struct ipmi_recv_msg *msg = NULL;
1015
1016
1017 GET_SEQ_FROM_MSGID(msgid, seq, seqid);
1018
1019 spin_lock_irqsave(&(intf->seq_lock), flags);
1020 /*
1021 * We do this verification because the user can be deleted
1022 * while a message is outstanding.
1023 */
1024 if ((intf->seq_table[seq].inuse)
1025 && (intf->seq_table[seq].seqid == seqid)) {
1026 struct seq_table *ent = &(intf->seq_table[seq]);
1027
1028 ent->inuse = 0;
1029 msg = ent->recv_msg;
1030 rv = 0;
1031 }
1032 spin_unlock_irqrestore(&(intf->seq_lock), flags);
1033
1034 if (msg)
1035 deliver_err_response(msg, err);
1036
1037 return rv;
1038 }
1039
1040
1041 int ipmi_create_user(unsigned int if_num,
1042 const struct ipmi_user_hndl *handler,
1043 void *handler_data,
1044 ipmi_user_t *user)
1045 {
1046 unsigned long flags;
1047 ipmi_user_t new_user;
1048 int rv = 0;
1049 ipmi_smi_t intf;
1050
1051 /*
1052 * There is no module usecount here, because it's not
1053 * required. Since this can only be used by and called from
1054 * other modules, they will implicitly use this module, and
1055 * thus this can't be removed unless the other modules are
1056 * removed.
1057 */
1058
1059 if (handler == NULL)
1060 return -EINVAL;
1061
1062 /*
1063 * Make sure the driver is actually initialized, this handles
1064 * problems with initialization order.
1065 */
1066 if (!initialized) {
1067 rv = ipmi_init_msghandler();
1068 if (rv)
1069 return rv;
1070
1071 /*
1072 * The init code doesn't return an error if it was turned
1073 * off, but it won't initialize. Check that.
1074 */
1075 if (!initialized)
1076 return -ENODEV;
1077 }
1078
1079 new_user = kmalloc(sizeof(*new_user), GFP_KERNEL);
1080 if (!new_user)
1081 return -ENOMEM;
1082
1083 mutex_lock(&ipmi_interfaces_mutex);
1084 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
1085 if (intf->intf_num == if_num)
1086 goto found;
1087 }
1088 /* Not found, return an error */
1089 rv = -EINVAL;
1090 goto out_kfree;
1091
1092 found:
1093 /* Note that each existing user holds a refcount to the interface. */
1094 kref_get(&intf->refcount);
1095
1096 kref_init(&new_user->refcount);
1097 new_user->handler = handler;
1098 new_user->handler_data = handler_data;
1099 new_user->intf = intf;
1100 new_user->gets_events = false;
1101
1102 if (!try_module_get(intf->handlers->owner)) {
1103 rv = -ENODEV;
1104 goto out_kref;
1105 }
1106
1107 if (intf->handlers->inc_usecount) {
1108 rv = intf->handlers->inc_usecount(intf->send_info);
1109 if (rv) {
1110 module_put(intf->handlers->owner);
1111 goto out_kref;
1112 }
1113 }
1114
1115 /*
1116 * Hold the lock so intf->handlers is guaranteed to be good
1117 * until now
1118 */
1119 mutex_unlock(&ipmi_interfaces_mutex);
1120
1121 new_user->valid = true;
1122 spin_lock_irqsave(&intf->seq_lock, flags);
1123 list_add_rcu(&new_user->link, &intf->users);
1124 spin_unlock_irqrestore(&intf->seq_lock, flags);
1125 if (handler->ipmi_watchdog_pretimeout) {
1126 /* User wants pretimeouts, so make sure to watch for them. */
1127 if (atomic_inc_return(&intf->event_waiters) == 1)
1128 need_waiter(intf);
1129 }
1130 *user = new_user;
1131 return 0;
1132
1133 out_kref:
1134 kref_put(&intf->refcount, intf_free);
1135 out_kfree:
1136 mutex_unlock(&ipmi_interfaces_mutex);
1137 kfree(new_user);
1138 return rv;
1139 }
1140 EXPORT_SYMBOL(ipmi_create_user);
1141
1142 int ipmi_get_smi_info(int if_num, struct ipmi_smi_info *data)
1143 {
1144 int rv = 0;
1145 ipmi_smi_t intf;
1146 const struct ipmi_smi_handlers *handlers;
1147
1148 mutex_lock(&ipmi_interfaces_mutex);
1149 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
1150 if (intf->intf_num == if_num)
1151 goto found;
1152 }
1153 /* Not found, return an error */
1154 rv = -EINVAL;
1155 mutex_unlock(&ipmi_interfaces_mutex);
1156 return rv;
1157
1158 found:
1159 handlers = intf->handlers;
1160 rv = -ENOSYS;
1161 if (handlers->get_smi_info)
1162 rv = handlers->get_smi_info(intf->send_info, data);
1163 mutex_unlock(&ipmi_interfaces_mutex);
1164
1165 return rv;
1166 }
1167 EXPORT_SYMBOL(ipmi_get_smi_info);
1168
1169 static void free_user(struct kref *ref)
1170 {
1171 ipmi_user_t user = container_of(ref, struct ipmi_user, refcount);
1172 kfree(user);
1173 }
1174
1175 int ipmi_destroy_user(ipmi_user_t user)
1176 {
1177 ipmi_smi_t intf = user->intf;
1178 int i;
1179 unsigned long flags;
1180 struct cmd_rcvr *rcvr;
1181 struct cmd_rcvr *rcvrs = NULL;
1182
1183 user->valid = false;
1184
1185 if (user->handler->ipmi_watchdog_pretimeout)
1186 atomic_dec(&intf->event_waiters);
1187
1188 if (user->gets_events)
1189 atomic_dec(&intf->event_waiters);
1190
1191 /* Remove the user from the interface's sequence table. */
1192 spin_lock_irqsave(&intf->seq_lock, flags);
1193 list_del_rcu(&user->link);
1194
1195 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
1196 if (intf->seq_table[i].inuse
1197 && (intf->seq_table[i].recv_msg->user == user)) {
1198 intf->seq_table[i].inuse = 0;
1199 ipmi_free_recv_msg(intf->seq_table[i].recv_msg);
1200 }
1201 }
1202 spin_unlock_irqrestore(&intf->seq_lock, flags);
1203
1204 /*
1205 * Remove the user from the command receiver's table. First
1206 * we build a list of everything (not using the standard link,
1207 * since other things may be using it till we do
1208 * synchronize_rcu()) then free everything in that list.
1209 */
1210 mutex_lock(&intf->cmd_rcvrs_mutex);
1211 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
1212 if (rcvr->user == user) {
1213 list_del_rcu(&rcvr->link);
1214 rcvr->next = rcvrs;
1215 rcvrs = rcvr;
1216 }
1217 }
1218 mutex_unlock(&intf->cmd_rcvrs_mutex);
1219 synchronize_rcu();
1220 while (rcvrs) {
1221 rcvr = rcvrs;
1222 rcvrs = rcvr->next;
1223 kfree(rcvr);
1224 }
1225
1226 mutex_lock(&ipmi_interfaces_mutex);
1227 if (intf->handlers) {
1228 module_put(intf->handlers->owner);
1229 if (intf->handlers->dec_usecount)
1230 intf->handlers->dec_usecount(intf->send_info);
1231 }
1232 mutex_unlock(&ipmi_interfaces_mutex);
1233
1234 kref_put(&intf->refcount, intf_free);
1235
1236 kref_put(&user->refcount, free_user);
1237
1238 return 0;
1239 }
1240 EXPORT_SYMBOL(ipmi_destroy_user);
1241
1242 int ipmi_get_version(ipmi_user_t user,
1243 unsigned char *major,
1244 unsigned char *minor)
1245 {
1246 struct ipmi_device_id id;
1247 int rv;
1248
1249 rv = bmc_get_device_id(user->intf, NULL, &id, NULL, NULL);
1250 if (rv)
1251 return rv;
1252
1253 *major = ipmi_version_major(&id);
1254 *minor = ipmi_version_minor(&id);
1255
1256 return 0;
1257 }
1258 EXPORT_SYMBOL(ipmi_get_version);
1259
1260 int ipmi_set_my_address(ipmi_user_t user,
1261 unsigned int channel,
1262 unsigned char address)
1263 {
1264 if (channel >= IPMI_MAX_CHANNELS)
1265 return -EINVAL;
1266 channel = array_index_nospec(channel, IPMI_MAX_CHANNELS);
1267 user->intf->addrinfo[channel].address = address;
1268 return 0;
1269 }
1270 EXPORT_SYMBOL(ipmi_set_my_address);
1271
1272 int ipmi_get_my_address(ipmi_user_t user,
1273 unsigned int channel,
1274 unsigned char *address)
1275 {
1276 if (channel >= IPMI_MAX_CHANNELS)
1277 return -EINVAL;
1278 channel = array_index_nospec(channel, IPMI_MAX_CHANNELS);
1279 *address = user->intf->addrinfo[channel].address;
1280 return 0;
1281 }
1282 EXPORT_SYMBOL(ipmi_get_my_address);
1283
1284 int ipmi_set_my_LUN(ipmi_user_t user,
1285 unsigned int channel,
1286 unsigned char LUN)
1287 {
1288 if (channel >= IPMI_MAX_CHANNELS)
1289 return -EINVAL;
1290 channel = array_index_nospec(channel, IPMI_MAX_CHANNELS);
1291 user->intf->addrinfo[channel].lun = LUN & 0x3;
1292 return 0;
1293 }
1294 EXPORT_SYMBOL(ipmi_set_my_LUN);
1295
1296 int ipmi_get_my_LUN(ipmi_user_t user,
1297 unsigned int channel,
1298 unsigned char *address)
1299 {
1300 if (channel >= IPMI_MAX_CHANNELS)
1301 return -EINVAL;
1302 channel = array_index_nospec(channel, IPMI_MAX_CHANNELS);
1303 *address = user->intf->addrinfo[channel].lun;
1304 return 0;
1305 }
1306 EXPORT_SYMBOL(ipmi_get_my_LUN);
1307
1308 int ipmi_get_maintenance_mode(ipmi_user_t user)
1309 {
1310 int mode;
1311 unsigned long flags;
1312
1313 spin_lock_irqsave(&user->intf->maintenance_mode_lock, flags);
1314 mode = user->intf->maintenance_mode;
1315 spin_unlock_irqrestore(&user->intf->maintenance_mode_lock, flags);
1316
1317 return mode;
1318 }
1319 EXPORT_SYMBOL(ipmi_get_maintenance_mode);
1320
1321 static void maintenance_mode_update(ipmi_smi_t intf)
1322 {
1323 if (intf->handlers->set_maintenance_mode)
1324 intf->handlers->set_maintenance_mode(
1325 intf->send_info, intf->maintenance_mode_enable);
1326 }
1327
1328 int ipmi_set_maintenance_mode(ipmi_user_t user, int mode)
1329 {
1330 int rv = 0;
1331 unsigned long flags;
1332 ipmi_smi_t intf = user->intf;
1333
1334 spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
1335 if (intf->maintenance_mode != mode) {
1336 switch (mode) {
1337 case IPMI_MAINTENANCE_MODE_AUTO:
1338 intf->maintenance_mode_enable
1339 = (intf->auto_maintenance_timeout > 0);
1340 break;
1341
1342 case IPMI_MAINTENANCE_MODE_OFF:
1343 intf->maintenance_mode_enable = false;
1344 break;
1345
1346 case IPMI_MAINTENANCE_MODE_ON:
1347 intf->maintenance_mode_enable = true;
1348 break;
1349
1350 default:
1351 rv = -EINVAL;
1352 goto out_unlock;
1353 }
1354 intf->maintenance_mode = mode;
1355
1356 maintenance_mode_update(intf);
1357 }
1358 out_unlock:
1359 spin_unlock_irqrestore(&intf->maintenance_mode_lock, flags);
1360
1361 return rv;
1362 }
1363 EXPORT_SYMBOL(ipmi_set_maintenance_mode);
1364
1365 int ipmi_set_gets_events(ipmi_user_t user, bool val)
1366 {
1367 unsigned long flags;
1368 ipmi_smi_t intf = user->intf;
1369 struct ipmi_recv_msg *msg, *msg2;
1370 struct list_head msgs;
1371
1372 INIT_LIST_HEAD(&msgs);
1373
1374 spin_lock_irqsave(&intf->events_lock, flags);
1375 if (user->gets_events == val)
1376 goto out;
1377
1378 user->gets_events = val;
1379
1380 if (val) {
1381 if (atomic_inc_return(&intf->event_waiters) == 1)
1382 need_waiter(intf);
1383 } else {
1384 atomic_dec(&intf->event_waiters);
1385 }
1386
1387 if (intf->delivering_events)
1388 /*
1389 * Another thread is delivering events for this, so
1390 * let it handle any new events.
1391 */
1392 goto out;
1393
1394 /* Deliver any queued events. */
1395 while (user->gets_events && !list_empty(&intf->waiting_events)) {
1396 list_for_each_entry_safe(msg, msg2, &intf->waiting_events, link)
1397 list_move_tail(&msg->link, &msgs);
1398 intf->waiting_events_count = 0;
1399 if (intf->event_msg_printed) {
1400 dev_warn(intf->si_dev,
1401 PFX "Event queue no longer full\n");
1402 intf->event_msg_printed = 0;
1403 }
1404
1405 intf->delivering_events = 1;
1406 spin_unlock_irqrestore(&intf->events_lock, flags);
1407
1408 list_for_each_entry_safe(msg, msg2, &msgs, link) {
1409 msg->user = user;
1410 kref_get(&user->refcount);
1411 deliver_response(msg);
1412 }
1413
1414 spin_lock_irqsave(&intf->events_lock, flags);
1415 intf->delivering_events = 0;
1416 }
1417
1418 out:
1419 spin_unlock_irqrestore(&intf->events_lock, flags);
1420
1421 return 0;
1422 }
1423 EXPORT_SYMBOL(ipmi_set_gets_events);
1424
1425 static struct cmd_rcvr *find_cmd_rcvr(ipmi_smi_t intf,
1426 unsigned char netfn,
1427 unsigned char cmd,
1428 unsigned char chan)
1429 {
1430 struct cmd_rcvr *rcvr;
1431
1432 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
1433 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)
1434 && (rcvr->chans & (1 << chan)))
1435 return rcvr;
1436 }
1437 return NULL;
1438 }
1439
1440 static int is_cmd_rcvr_exclusive(ipmi_smi_t intf,
1441 unsigned char netfn,
1442 unsigned char cmd,
1443 unsigned int chans)
1444 {
1445 struct cmd_rcvr *rcvr;
1446
1447 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
1448 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)
1449 && (rcvr->chans & chans))
1450 return 0;
1451 }
1452 return 1;
1453 }
1454
1455 int ipmi_register_for_cmd(ipmi_user_t user,
1456 unsigned char netfn,
1457 unsigned char cmd,
1458 unsigned int chans)
1459 {
1460 ipmi_smi_t intf = user->intf;
1461 struct cmd_rcvr *rcvr;
1462 int rv = 0;
1463
1464
1465 rcvr = kmalloc(sizeof(*rcvr), GFP_KERNEL);
1466 if (!rcvr)
1467 return -ENOMEM;
1468 rcvr->cmd = cmd;
1469 rcvr->netfn = netfn;
1470 rcvr->chans = chans;
1471 rcvr->user = user;
1472
1473 mutex_lock(&intf->cmd_rcvrs_mutex);
1474 /* Make sure the command/netfn is not already registered. */
1475 if (!is_cmd_rcvr_exclusive(intf, netfn, cmd, chans)) {
1476 rv = -EBUSY;
1477 goto out_unlock;
1478 }
1479
1480 if (atomic_inc_return(&intf->event_waiters) == 1)
1481 need_waiter(intf);
1482
1483 list_add_rcu(&rcvr->link, &intf->cmd_rcvrs);
1484
1485 out_unlock:
1486 mutex_unlock(&intf->cmd_rcvrs_mutex);
1487 if (rv)
1488 kfree(rcvr);
1489
1490 return rv;
1491 }
1492 EXPORT_SYMBOL(ipmi_register_for_cmd);
1493
1494 int ipmi_unregister_for_cmd(ipmi_user_t user,
1495 unsigned char netfn,
1496 unsigned char cmd,
1497 unsigned int chans)
1498 {
1499 ipmi_smi_t intf = user->intf;
1500 struct cmd_rcvr *rcvr;
1501 struct cmd_rcvr *rcvrs = NULL;
1502 int i, rv = -ENOENT;
1503
1504 mutex_lock(&intf->cmd_rcvrs_mutex);
1505 for (i = 0; i < IPMI_NUM_CHANNELS; i++) {
1506 if (((1 << i) & chans) == 0)
1507 continue;
1508 rcvr = find_cmd_rcvr(intf, netfn, cmd, i);
1509 if (rcvr == NULL)
1510 continue;
1511 if (rcvr->user == user) {
1512 rv = 0;
1513 rcvr->chans &= ~chans;
1514 if (rcvr->chans == 0) {
1515 list_del_rcu(&rcvr->link);
1516 rcvr->next = rcvrs;
1517 rcvrs = rcvr;
1518 }
1519 }
1520 }
1521 mutex_unlock(&intf->cmd_rcvrs_mutex);
1522 synchronize_rcu();
1523 while (rcvrs) {
1524 atomic_dec(&intf->event_waiters);
1525 rcvr = rcvrs;
1526 rcvrs = rcvr->next;
1527 kfree(rcvr);
1528 }
1529 return rv;
1530 }
1531 EXPORT_SYMBOL(ipmi_unregister_for_cmd);
1532
1533 static unsigned char
1534 ipmb_checksum(unsigned char *data, int size)
1535 {
1536 unsigned char csum = 0;
1537
1538 for (; size > 0; size--, data++)
1539 csum += *data;
1540
1541 return -csum;
1542 }
1543
1544 static inline void format_ipmb_msg(struct ipmi_smi_msg *smi_msg,
1545 struct kernel_ipmi_msg *msg,
1546 struct ipmi_ipmb_addr *ipmb_addr,
1547 long msgid,
1548 unsigned char ipmb_seq,
1549 int broadcast,
1550 unsigned char source_address,
1551 unsigned char source_lun)
1552 {
1553 int i = broadcast;
1554
1555 /* Format the IPMB header data. */
1556 smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
1557 smi_msg->data[1] = IPMI_SEND_MSG_CMD;
1558 smi_msg->data[2] = ipmb_addr->channel;
1559 if (broadcast)
1560 smi_msg->data[3] = 0;
1561 smi_msg->data[i+3] = ipmb_addr->slave_addr;
1562 smi_msg->data[i+4] = (msg->netfn << 2) | (ipmb_addr->lun & 0x3);
1563 smi_msg->data[i+5] = ipmb_checksum(&(smi_msg->data[i+3]), 2);
1564 smi_msg->data[i+6] = source_address;
1565 smi_msg->data[i+7] = (ipmb_seq << 2) | source_lun;
1566 smi_msg->data[i+8] = msg->cmd;
1567
1568 /* Now tack on the data to the message. */
1569 if (msg->data_len > 0)
1570 memcpy(&(smi_msg->data[i+9]), msg->data,
1571 msg->data_len);
1572 smi_msg->data_size = msg->data_len + 9;
1573
1574 /* Now calculate the checksum and tack it on. */
1575 smi_msg->data[i+smi_msg->data_size]
1576 = ipmb_checksum(&(smi_msg->data[i+6]),
1577 smi_msg->data_size-6);
1578
1579 /*
1580 * Add on the checksum size and the offset from the
1581 * broadcast.
1582 */
1583 smi_msg->data_size += 1 + i;
1584
1585 smi_msg->msgid = msgid;
1586 }
1587
1588 static inline void format_lan_msg(struct ipmi_smi_msg *smi_msg,
1589 struct kernel_ipmi_msg *msg,
1590 struct ipmi_lan_addr *lan_addr,
1591 long msgid,
1592 unsigned char ipmb_seq,
1593 unsigned char source_lun)
1594 {
1595 /* Format the IPMB header data. */
1596 smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
1597 smi_msg->data[1] = IPMI_SEND_MSG_CMD;
1598 smi_msg->data[2] = lan_addr->channel;
1599 smi_msg->data[3] = lan_addr->session_handle;
1600 smi_msg->data[4] = lan_addr->remote_SWID;
1601 smi_msg->data[5] = (msg->netfn << 2) | (lan_addr->lun & 0x3);
1602 smi_msg->data[6] = ipmb_checksum(&(smi_msg->data[4]), 2);
1603 smi_msg->data[7] = lan_addr->local_SWID;
1604 smi_msg->data[8] = (ipmb_seq << 2) | source_lun;
1605 smi_msg->data[9] = msg->cmd;
1606
1607 /* Now tack on the data to the message. */
1608 if (msg->data_len > 0)
1609 memcpy(&(smi_msg->data[10]), msg->data,
1610 msg->data_len);
1611 smi_msg->data_size = msg->data_len + 10;
1612
1613 /* Now calculate the checksum and tack it on. */
1614 smi_msg->data[smi_msg->data_size]
1615 = ipmb_checksum(&(smi_msg->data[7]),
1616 smi_msg->data_size-7);
1617
1618 /*
1619 * Add on the checksum size and the offset from the
1620 * broadcast.
1621 */
1622 smi_msg->data_size += 1;
1623
1624 smi_msg->msgid = msgid;
1625 }
1626
1627 static struct ipmi_smi_msg *smi_add_send_msg(ipmi_smi_t intf,
1628 struct ipmi_smi_msg *smi_msg,
1629 int priority)
1630 {
1631 if (intf->curr_msg) {
1632 if (priority > 0)
1633 list_add_tail(&smi_msg->link, &intf->hp_xmit_msgs);
1634 else
1635 list_add_tail(&smi_msg->link, &intf->xmit_msgs);
1636 smi_msg = NULL;
1637 } else {
1638 intf->curr_msg = smi_msg;
1639 }
1640
1641 return smi_msg;
1642 }
1643
1644
1645 static void smi_send(ipmi_smi_t intf, const struct ipmi_smi_handlers *handlers,
1646 struct ipmi_smi_msg *smi_msg, int priority)
1647 {
1648 int run_to_completion = intf->run_to_completion;
1649
1650 if (run_to_completion) {
1651 smi_msg = smi_add_send_msg(intf, smi_msg, priority);
1652 } else {
1653 unsigned long flags;
1654
1655 spin_lock_irqsave(&intf->xmit_msgs_lock, flags);
1656 smi_msg = smi_add_send_msg(intf, smi_msg, priority);
1657 spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags);
1658 }
1659
1660 if (smi_msg)
1661 handlers->sender(intf->send_info, smi_msg);
1662 }
1663
1664 /*
1665 * Separate from ipmi_request so that the user does not have to be
1666 * supplied in certain circumstances (mainly at panic time). If
1667 * messages are supplied, they will be freed, even if an error
1668 * occurs.
1669 */
1670 static int i_ipmi_request(ipmi_user_t user,
1671 ipmi_smi_t intf,
1672 struct ipmi_addr *addr,
1673 long msgid,
1674 struct kernel_ipmi_msg *msg,
1675 void *user_msg_data,
1676 void *supplied_smi,
1677 struct ipmi_recv_msg *supplied_recv,
1678 int priority,
1679 unsigned char source_address,
1680 unsigned char source_lun,
1681 int retries,
1682 unsigned int retry_time_ms)
1683 {
1684 int rv = 0;
1685 struct ipmi_smi_msg *smi_msg;
1686 struct ipmi_recv_msg *recv_msg;
1687 unsigned long flags;
1688
1689
1690 if (supplied_recv)
1691 recv_msg = supplied_recv;
1692 else {
1693 recv_msg = ipmi_alloc_recv_msg();
1694 if (recv_msg == NULL)
1695 return -ENOMEM;
1696 }
1697 recv_msg->user_msg_data = user_msg_data;
1698
1699 if (supplied_smi)
1700 smi_msg = (struct ipmi_smi_msg *) supplied_smi;
1701 else {
1702 smi_msg = ipmi_alloc_smi_msg();
1703 if (smi_msg == NULL) {
1704 ipmi_free_recv_msg(recv_msg);
1705 return -ENOMEM;
1706 }
1707 }
1708
1709 rcu_read_lock();
1710 if (intf->in_shutdown) {
1711 rv = -ENODEV;
1712 goto out_err;
1713 }
1714
1715 recv_msg->user = user;
1716 if (user)
1717 kref_get(&user->refcount);
1718 recv_msg->msgid = msgid;
1719 /*
1720 * Store the message to send in the receive message so timeout
1721 * responses can get the proper response data.
1722 */
1723 recv_msg->msg = *msg;
1724
1725 if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
1726 struct ipmi_system_interface_addr *smi_addr;
1727
1728 if (msg->netfn & 1) {
1729 /* Responses are not allowed to the SMI. */
1730 rv = -EINVAL;
1731 goto out_err;
1732 }
1733
1734 smi_addr = (struct ipmi_system_interface_addr *) addr;
1735 if (smi_addr->lun > 3) {
1736 ipmi_inc_stat(intf, sent_invalid_commands);
1737 rv = -EINVAL;
1738 goto out_err;
1739 }
1740
1741 memcpy(&recv_msg->addr, smi_addr, sizeof(*smi_addr));
1742
1743 if ((msg->netfn == IPMI_NETFN_APP_REQUEST)
1744 && ((msg->cmd == IPMI_SEND_MSG_CMD)
1745 || (msg->cmd == IPMI_GET_MSG_CMD)
1746 || (msg->cmd == IPMI_READ_EVENT_MSG_BUFFER_CMD))) {
1747 /*
1748 * We don't let the user do these, since we manage
1749 * the sequence numbers.
1750 */
1751 ipmi_inc_stat(intf, sent_invalid_commands);
1752 rv = -EINVAL;
1753 goto out_err;
1754 }
1755
1756 if (((msg->netfn == IPMI_NETFN_APP_REQUEST)
1757 && ((msg->cmd == IPMI_COLD_RESET_CMD)
1758 || (msg->cmd == IPMI_WARM_RESET_CMD)))
1759 || (msg->netfn == IPMI_NETFN_FIRMWARE_REQUEST)) {
1760 spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
1761 intf->auto_maintenance_timeout
1762 = IPMI_MAINTENANCE_MODE_TIMEOUT;
1763 if (!intf->maintenance_mode
1764 && !intf->maintenance_mode_enable) {
1765 intf->maintenance_mode_enable = true;
1766 maintenance_mode_update(intf);
1767 }
1768 spin_unlock_irqrestore(&intf->maintenance_mode_lock,
1769 flags);
1770 }
1771
1772 if ((msg->data_len + 2) > IPMI_MAX_MSG_LENGTH) {
1773 ipmi_inc_stat(intf, sent_invalid_commands);
1774 rv = -EMSGSIZE;
1775 goto out_err;
1776 }
1777
1778 smi_msg->data[0] = (msg->netfn << 2) | (smi_addr->lun & 0x3);
1779 smi_msg->data[1] = msg->cmd;
1780 smi_msg->msgid = msgid;
1781 smi_msg->user_data = recv_msg;
1782 if (msg->data_len > 0)
1783 memcpy(&(smi_msg->data[2]), msg->data, msg->data_len);
1784 smi_msg->data_size = msg->data_len + 2;
1785 ipmi_inc_stat(intf, sent_local_commands);
1786 } else if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) {
1787 struct ipmi_ipmb_addr *ipmb_addr;
1788 unsigned char ipmb_seq;
1789 long seqid;
1790 int broadcast = 0;
1791 struct ipmi_channel *chans;
1792
1793 if (addr->channel >= IPMI_MAX_CHANNELS) {
1794 ipmi_inc_stat(intf, sent_invalid_commands);
1795 rv = -EINVAL;
1796 goto out_err;
1797 }
1798
1799 chans = READ_ONCE(intf->channel_list)->c;
1800
1801 if (chans[addr->channel].medium != IPMI_CHANNEL_MEDIUM_IPMB) {
1802 ipmi_inc_stat(intf, sent_invalid_commands);
1803 rv = -EINVAL;
1804 goto out_err;
1805 }
1806
1807 if (retries < 0) {
1808 if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)
1809 retries = 0; /* Don't retry broadcasts. */
1810 else
1811 retries = 4;
1812 }
1813 if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE) {
1814 /*
1815 * Broadcasts add a zero at the beginning of the
1816 * message, but otherwise is the same as an IPMB
1817 * address.
1818 */
1819 addr->addr_type = IPMI_IPMB_ADDR_TYPE;
1820 broadcast = 1;
1821 }
1822
1823
1824 /* Default to 1 second retries. */
1825 if (retry_time_ms == 0)
1826 retry_time_ms = 1000;
1827
1828 /*
1829 * 9 for the header and 1 for the checksum, plus
1830 * possibly one for the broadcast.
1831 */
1832 if ((msg->data_len + 10 + broadcast) > IPMI_MAX_MSG_LENGTH) {
1833 ipmi_inc_stat(intf, sent_invalid_commands);
1834 rv = -EMSGSIZE;
1835 goto out_err;
1836 }
1837
1838 ipmb_addr = (struct ipmi_ipmb_addr *) addr;
1839 if (ipmb_addr->lun > 3) {
1840 ipmi_inc_stat(intf, sent_invalid_commands);
1841 rv = -EINVAL;
1842 goto out_err;
1843 }
1844
1845 memcpy(&recv_msg->addr, ipmb_addr, sizeof(*ipmb_addr));
1846
1847 if (recv_msg->msg.netfn & 0x1) {
1848 /*
1849 * It's a response, so use the user's sequence
1850 * from msgid.
1851 */
1852 ipmi_inc_stat(intf, sent_ipmb_responses);
1853 format_ipmb_msg(smi_msg, msg, ipmb_addr, msgid,
1854 msgid, broadcast,
1855 source_address, source_lun);
1856
1857 /*
1858 * Save the receive message so we can use it
1859 * to deliver the response.
1860 */
1861 smi_msg->user_data = recv_msg;
1862 } else {
1863 /* It's a command, so get a sequence for it. */
1864
1865 spin_lock_irqsave(&(intf->seq_lock), flags);
1866
1867 /*
1868 * Create a sequence number with a 1 second
1869 * timeout and 4 retries.
1870 */
1871 rv = intf_next_seq(intf,
1872 recv_msg,
1873 retry_time_ms,
1874 retries,
1875 broadcast,
1876 &ipmb_seq,
1877 &seqid);
1878 if (rv) {
1879 /*
1880 * We have used up all the sequence numbers,
1881 * probably, so abort.
1882 */
1883 spin_unlock_irqrestore(&(intf->seq_lock),
1884 flags);
1885 goto out_err;
1886 }
1887
1888 ipmi_inc_stat(intf, sent_ipmb_commands);
1889
1890 /*
1891 * Store the sequence number in the message,
1892 * so that when the send message response
1893 * comes back we can start the timer.
1894 */
1895 format_ipmb_msg(smi_msg, msg, ipmb_addr,
1896 STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
1897 ipmb_seq, broadcast,
1898 source_address, source_lun);
1899
1900 /*
1901 * Copy the message into the recv message data, so we
1902 * can retransmit it later if necessary.
1903 */
1904 memcpy(recv_msg->msg_data, smi_msg->data,
1905 smi_msg->data_size);
1906 recv_msg->msg.data = recv_msg->msg_data;
1907 recv_msg->msg.data_len = smi_msg->data_size;
1908
1909 /*
1910 * We don't unlock until here, because we need
1911 * to copy the completed message into the
1912 * recv_msg before we release the lock.
1913 * Otherwise, race conditions may bite us. I
1914 * know that's pretty paranoid, but I prefer
1915 * to be correct.
1916 */
1917 spin_unlock_irqrestore(&(intf->seq_lock), flags);
1918 }
1919 } else if (is_lan_addr(addr)) {
1920 struct ipmi_lan_addr *lan_addr;
1921 unsigned char ipmb_seq;
1922 long seqid;
1923 struct ipmi_channel *chans;
1924
1925 if (addr->channel >= IPMI_MAX_CHANNELS) {
1926 ipmi_inc_stat(intf, sent_invalid_commands);
1927 rv = -EINVAL;
1928 goto out_err;
1929 }
1930
1931 chans = READ_ONCE(intf->channel_list)->c;
1932
1933 if ((chans[addr->channel].medium
1934 != IPMI_CHANNEL_MEDIUM_8023LAN)
1935 && (chans[addr->channel].medium
1936 != IPMI_CHANNEL_MEDIUM_ASYNC)) {
1937 ipmi_inc_stat(intf, sent_invalid_commands);
1938 rv = -EINVAL;
1939 goto out_err;
1940 }
1941
1942 retries = 4;
1943
1944 /* Default to 1 second retries. */
1945 if (retry_time_ms == 0)
1946 retry_time_ms = 1000;
1947
1948 /* 11 for the header and 1 for the checksum. */
1949 if ((msg->data_len + 12) > IPMI_MAX_MSG_LENGTH) {
1950 ipmi_inc_stat(intf, sent_invalid_commands);
1951 rv = -EMSGSIZE;
1952 goto out_err;
1953 }
1954
1955 lan_addr = (struct ipmi_lan_addr *) addr;
1956 if (lan_addr->lun > 3) {
1957 ipmi_inc_stat(intf, sent_invalid_commands);
1958 rv = -EINVAL;
1959 goto out_err;
1960 }
1961
1962 memcpy(&recv_msg->addr, lan_addr, sizeof(*lan_addr));
1963
1964 if (recv_msg->msg.netfn & 0x1) {
1965 /*
1966 * It's a response, so use the user's sequence
1967 * from msgid.
1968 */
1969 ipmi_inc_stat(intf, sent_lan_responses);
1970 format_lan_msg(smi_msg, msg, lan_addr, msgid,
1971 msgid, source_lun);
1972
1973 /*
1974 * Save the receive message so we can use it
1975 * to deliver the response.
1976 */
1977 smi_msg->user_data = recv_msg;
1978 } else {
1979 /* It's a command, so get a sequence for it. */
1980
1981 spin_lock_irqsave(&(intf->seq_lock), flags);
1982
1983 /*
1984 * Create a sequence number with a 1 second
1985 * timeout and 4 retries.
1986 */
1987 rv = intf_next_seq(intf,
1988 recv_msg,
1989 retry_time_ms,
1990 retries,
1991 0,
1992 &ipmb_seq,
1993 &seqid);
1994 if (rv) {
1995 /*
1996 * We have used up all the sequence numbers,
1997 * probably, so abort.
1998 */
1999 spin_unlock_irqrestore(&(intf->seq_lock),
2000 flags);
2001 goto out_err;
2002 }
2003
2004 ipmi_inc_stat(intf, sent_lan_commands);
2005
2006 /*
2007 * Store the sequence number in the message,
2008 * so that when the send message response
2009 * comes back we can start the timer.
2010 */
2011 format_lan_msg(smi_msg, msg, lan_addr,
2012 STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
2013 ipmb_seq, source_lun);
2014
2015 /*
2016 * Copy the message into the recv message data, so we
2017 * can retransmit it later if necessary.
2018 */
2019 memcpy(recv_msg->msg_data, smi_msg->data,
2020 smi_msg->data_size);
2021 recv_msg->msg.data = recv_msg->msg_data;
2022 recv_msg->msg.data_len = smi_msg->data_size;
2023
2024 /*
2025 * We don't unlock until here, because we need
2026 * to copy the completed message into the
2027 * recv_msg before we release the lock.
2028 * Otherwise, race conditions may bite us. I
2029 * know that's pretty paranoid, but I prefer
2030 * to be correct.
2031 */
2032 spin_unlock_irqrestore(&(intf->seq_lock), flags);
2033 }
2034 } else {
2035 /* Unknown address type. */
2036 ipmi_inc_stat(intf, sent_invalid_commands);
2037 rv = -EINVAL;
2038 goto out_err;
2039 }
2040
2041 #ifdef DEBUG_MSGING
2042 {
2043 int m;
2044 for (m = 0; m < smi_msg->data_size; m++)
2045 printk(" %2.2x", smi_msg->data[m]);
2046 printk("\n");
2047 }
2048 #endif
2049
2050 smi_send(intf, intf->handlers, smi_msg, priority);
2051 rcu_read_unlock();
2052
2053 return 0;
2054
2055 out_err:
2056 rcu_read_unlock();
2057 ipmi_free_smi_msg(smi_msg);
2058 ipmi_free_recv_msg(recv_msg);
2059 return rv;
2060 }
2061
2062 static int check_addr(ipmi_smi_t intf,
2063 struct ipmi_addr *addr,
2064 unsigned char *saddr,
2065 unsigned char *lun)
2066 {
2067 if (addr->channel >= IPMI_MAX_CHANNELS)
2068 return -EINVAL;
2069 addr->channel = array_index_nospec(addr->channel, IPMI_MAX_CHANNELS);
2070 *lun = intf->addrinfo[addr->channel].lun;
2071 *saddr = intf->addrinfo[addr->channel].address;
2072 return 0;
2073 }
2074
2075 int ipmi_request_settime(ipmi_user_t user,
2076 struct ipmi_addr *addr,
2077 long msgid,
2078 struct kernel_ipmi_msg *msg,
2079 void *user_msg_data,
2080 int priority,
2081 int retries,
2082 unsigned int retry_time_ms)
2083 {
2084 unsigned char saddr = 0, lun = 0;
2085 int rv;
2086
2087 if (!user)
2088 return -EINVAL;
2089 rv = check_addr(user->intf, addr, &saddr, &lun);
2090 if (rv)
2091 return rv;
2092 return i_ipmi_request(user,
2093 user->intf,
2094 addr,
2095 msgid,
2096 msg,
2097 user_msg_data,
2098 NULL, NULL,
2099 priority,
2100 saddr,
2101 lun,
2102 retries,
2103 retry_time_ms);
2104 }
2105 EXPORT_SYMBOL(ipmi_request_settime);
2106
2107 int ipmi_request_supply_msgs(ipmi_user_t user,
2108 struct ipmi_addr *addr,
2109 long msgid,
2110 struct kernel_ipmi_msg *msg,
2111 void *user_msg_data,
2112 void *supplied_smi,
2113 struct ipmi_recv_msg *supplied_recv,
2114 int priority)
2115 {
2116 unsigned char saddr = 0, lun = 0;
2117 int rv;
2118
2119 if (!user)
2120 return -EINVAL;
2121 rv = check_addr(user->intf, addr, &saddr, &lun);
2122 if (rv)
2123 return rv;
2124 return i_ipmi_request(user,
2125 user->intf,
2126 addr,
2127 msgid,
2128 msg,
2129 user_msg_data,
2130 supplied_smi,
2131 supplied_recv,
2132 priority,
2133 saddr,
2134 lun,
2135 -1, 0);
2136 }
2137 EXPORT_SYMBOL(ipmi_request_supply_msgs);
2138
2139 static void bmc_device_id_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
2140 {
2141 int rv;
2142
2143 if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
2144 || (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE)
2145 || (msg->msg.cmd != IPMI_GET_DEVICE_ID_CMD)) {
2146 dev_warn(intf->si_dev,
2147 PFX "invalid device_id msg: addr_type=%d netfn=%x cmd=%x\n",
2148 msg->addr.addr_type, msg->msg.netfn, msg->msg.cmd);
2149 return;
2150 }
2151
2152 rv = ipmi_demangle_device_id(msg->msg.netfn, msg->msg.cmd,
2153 msg->msg.data, msg->msg.data_len, &intf->bmc->fetch_id);
2154 if (rv) {
2155 dev_warn(intf->si_dev,
2156 PFX "device id demangle failed: %d\n", rv);
2157 intf->bmc->dyn_id_set = 0;
2158 } else {
2159 /*
2160 * Make sure the id data is available before setting
2161 * dyn_id_set.
2162 */
2163 smp_wmb();
2164 intf->bmc->dyn_id_set = 1;
2165 }
2166
2167 wake_up(&intf->waitq);
2168 }
2169
2170 static int
2171 send_get_device_id_cmd(ipmi_smi_t intf)
2172 {
2173 struct ipmi_system_interface_addr si;
2174 struct kernel_ipmi_msg msg;
2175
2176 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2177 si.channel = IPMI_BMC_CHANNEL;
2178 si.lun = 0;
2179
2180 msg.netfn = IPMI_NETFN_APP_REQUEST;
2181 msg.cmd = IPMI_GET_DEVICE_ID_CMD;
2182 msg.data = NULL;
2183 msg.data_len = 0;
2184
2185 return i_ipmi_request(NULL,
2186 intf,
2187 (struct ipmi_addr *) &si,
2188 0,
2189 &msg,
2190 intf,
2191 NULL,
2192 NULL,
2193 0,
2194 intf->addrinfo[0].address,
2195 intf->addrinfo[0].lun,
2196 -1, 0);
2197 }
2198
2199 static int __get_device_id(ipmi_smi_t intf, struct bmc_device *bmc)
2200 {
2201 int rv;
2202
2203 bmc->dyn_id_set = 2;
2204
2205 intf->null_user_handler = bmc_device_id_handler;
2206
2207 rv = send_get_device_id_cmd(intf);
2208 if (rv)
2209 return rv;
2210
2211 wait_event(intf->waitq, bmc->dyn_id_set != 2);
2212
2213 if (!bmc->dyn_id_set)
2214 rv = -EIO; /* Something went wrong in the fetch. */
2215
2216 /* dyn_id_set makes the id data available. */
2217 smp_rmb();
2218
2219 intf->null_user_handler = NULL;
2220
2221 return rv;
2222 }
2223
2224 /*
2225 * Fetch the device id for the bmc/interface. You must pass in either
2226 * bmc or intf, this code will get the other one. If the data has
2227 * been recently fetched, this will just use the cached data. Otherwise
2228 * it will run a new fetch.
2229 *
2230 * Except for the first time this is called (in ipmi_register_smi()),
2231 * this will always return good data;
2232 */
2233 static int __bmc_get_device_id(ipmi_smi_t intf, struct bmc_device *bmc,
2234 struct ipmi_device_id *id,
2235 bool *guid_set, guid_t *guid, int intf_num)
2236 {
2237 int rv = 0;
2238 int prev_dyn_id_set, prev_guid_set;
2239 bool intf_set = intf != NULL;
2240
2241 if (!intf) {
2242 mutex_lock(&bmc->dyn_mutex);
2243 retry_bmc_lock:
2244 if (list_empty(&bmc->intfs)) {
2245 mutex_unlock(&bmc->dyn_mutex);
2246 return -ENOENT;
2247 }
2248 intf = list_first_entry(&bmc->intfs, struct ipmi_smi,
2249 bmc_link);
2250 kref_get(&intf->refcount);
2251 mutex_unlock(&bmc->dyn_mutex);
2252 mutex_lock(&intf->bmc_reg_mutex);
2253 mutex_lock(&bmc->dyn_mutex);
2254 if (intf != list_first_entry(&bmc->intfs, struct ipmi_smi,
2255 bmc_link)) {
2256 mutex_unlock(&intf->bmc_reg_mutex);
2257 kref_put(&intf->refcount, intf_free);
2258 goto retry_bmc_lock;
2259 }
2260 } else {
2261 mutex_lock(&intf->bmc_reg_mutex);
2262 bmc = intf->bmc;
2263 mutex_lock(&bmc->dyn_mutex);
2264 kref_get(&intf->refcount);
2265 }
2266
2267 /* If we have a valid and current ID, just return that. */
2268 if (intf->in_bmc_register ||
2269 (bmc->dyn_id_set && time_is_after_jiffies(bmc->dyn_id_expiry)))
2270 goto out_noprocessing;
2271
2272 prev_guid_set = bmc->dyn_guid_set;
2273 __get_guid(intf);
2274
2275 prev_dyn_id_set = bmc->dyn_id_set;
2276 rv = __get_device_id(intf, bmc);
2277 if (rv)
2278 goto out;
2279
2280 /*
2281 * The guid, device id, manufacturer id, and product id should
2282 * not change on a BMC. If it does we have to do some dancing.
2283 */
2284 if (!intf->bmc_registered
2285 || (!prev_guid_set && bmc->dyn_guid_set)
2286 || (!prev_dyn_id_set && bmc->dyn_id_set)
2287 || (prev_guid_set && bmc->dyn_guid_set
2288 && !guid_equal(&bmc->guid, &bmc->fetch_guid))
2289 || bmc->id.device_id != bmc->fetch_id.device_id
2290 || bmc->id.manufacturer_id != bmc->fetch_id.manufacturer_id
2291 || bmc->id.product_id != bmc->fetch_id.product_id) {
2292 struct ipmi_device_id id = bmc->fetch_id;
2293 int guid_set = bmc->dyn_guid_set;
2294 guid_t guid;
2295
2296 guid = bmc->fetch_guid;
2297 mutex_unlock(&bmc->dyn_mutex);
2298
2299 __ipmi_bmc_unregister(intf);
2300 /* Fill in the temporary BMC for good measure. */
2301 intf->bmc->id = id;
2302 intf->bmc->dyn_guid_set = guid_set;
2303 intf->bmc->guid = guid;
2304 if (__ipmi_bmc_register(intf, &id, guid_set, &guid, intf_num))
2305 need_waiter(intf); /* Retry later on an error. */
2306 else
2307 __scan_channels(intf, &id);
2308
2309
2310 if (!intf_set) {
2311 /*
2312 * We weren't given the interface on the
2313 * command line, so restart the operation on
2314 * the next interface for the BMC.
2315 */
2316 mutex_unlock(&intf->bmc_reg_mutex);
2317 mutex_lock(&bmc->dyn_mutex);
2318 goto retry_bmc_lock;
2319 }
2320
2321 /* We have a new BMC, set it up. */
2322 bmc = intf->bmc;
2323 mutex_lock(&bmc->dyn_mutex);
2324 goto out_noprocessing;
2325 } else if (memcmp(&bmc->fetch_id, &bmc->id, sizeof(bmc->id)))
2326 /* Version info changes, scan the channels again. */
2327 __scan_channels(intf, &bmc->fetch_id);
2328
2329 bmc->dyn_id_expiry = jiffies + IPMI_DYN_DEV_ID_EXPIRY;
2330
2331 out:
2332 if (rv && prev_dyn_id_set) {
2333 rv = 0; /* Ignore failures if we have previous data. */
2334 bmc->dyn_id_set = prev_dyn_id_set;
2335 }
2336 if (!rv) {
2337 bmc->id = bmc->fetch_id;
2338 if (bmc->dyn_guid_set)
2339 bmc->guid = bmc->fetch_guid;
2340 else if (prev_guid_set)
2341 /*
2342 * The guid used to be valid and it failed to fetch,
2343 * just use the cached value.
2344 */
2345 bmc->dyn_guid_set = prev_guid_set;
2346 }
2347 out_noprocessing:
2348 if (!rv) {
2349 if (id)
2350 *id = bmc->id;
2351
2352 if (guid_set)
2353 *guid_set = bmc->dyn_guid_set;
2354
2355 if (guid && bmc->dyn_guid_set)
2356 *guid = bmc->guid;
2357 }
2358
2359 mutex_unlock(&bmc->dyn_mutex);
2360 mutex_unlock(&intf->bmc_reg_mutex);
2361
2362 kref_put(&intf->refcount, intf_free);
2363 return rv;
2364 }
2365
2366 static int bmc_get_device_id(ipmi_smi_t intf, struct bmc_device *bmc,
2367 struct ipmi_device_id *id,
2368 bool *guid_set, guid_t *guid)
2369 {
2370 return __bmc_get_device_id(intf, bmc, id, guid_set, guid, -1);
2371 }
2372
2373 #ifdef CONFIG_IPMI_PROC_INTERFACE
2374 static int smi_ipmb_proc_show(struct seq_file *m, void *v)
2375 {
2376 ipmi_smi_t intf = m->private;
2377 int i;
2378
2379 seq_printf(m, "%x", intf->addrinfo[0].address);
2380 for (i = 1; i < IPMI_MAX_CHANNELS; i++)
2381 seq_printf(m, " %x", intf->addrinfo[i].address);
2382 seq_putc(m, '\n');
2383
2384 return 0;
2385 }
2386
2387 static int smi_ipmb_proc_open(struct inode *inode, struct file *file)
2388 {
2389 return single_open(file, smi_ipmb_proc_show, PDE_DATA(inode));
2390 }
2391
2392 static const struct file_operations smi_ipmb_proc_ops = {
2393 .open = smi_ipmb_proc_open,
2394 .read = seq_read,
2395 .llseek = seq_lseek,
2396 .release = single_release,
2397 };
2398
2399 static int smi_version_proc_show(struct seq_file *m, void *v)
2400 {
2401 ipmi_smi_t intf = m->private;
2402 struct ipmi_device_id id;
2403 int rv;
2404
2405 rv = bmc_get_device_id(intf, NULL, &id, NULL, NULL);
2406 if (rv)
2407 return rv;
2408
2409 seq_printf(m, "%u.%u\n",
2410 ipmi_version_major(&id),
2411 ipmi_version_minor(&id));
2412
2413 return 0;
2414 }
2415
2416 static int smi_version_proc_open(struct inode *inode, struct file *file)
2417 {
2418 return single_open(file, smi_version_proc_show, PDE_DATA(inode));
2419 }
2420
2421 static const struct file_operations smi_version_proc_ops = {
2422 .open = smi_version_proc_open,
2423 .read = seq_read,
2424 .llseek = seq_lseek,
2425 .release = single_release,
2426 };
2427
2428 static int smi_stats_proc_show(struct seq_file *m, void *v)
2429 {
2430 ipmi_smi_t intf = m->private;
2431
2432 seq_printf(m, "sent_invalid_commands: %u\n",
2433 ipmi_get_stat(intf, sent_invalid_commands));
2434 seq_printf(m, "sent_local_commands: %u\n",
2435 ipmi_get_stat(intf, sent_local_commands));
2436 seq_printf(m, "handled_local_responses: %u\n",
2437 ipmi_get_stat(intf, handled_local_responses));
2438 seq_printf(m, "unhandled_local_responses: %u\n",
2439 ipmi_get_stat(intf, unhandled_local_responses));
2440 seq_printf(m, "sent_ipmb_commands: %u\n",
2441 ipmi_get_stat(intf, sent_ipmb_commands));
2442 seq_printf(m, "sent_ipmb_command_errs: %u\n",
2443 ipmi_get_stat(intf, sent_ipmb_command_errs));
2444 seq_printf(m, "retransmitted_ipmb_commands: %u\n",
2445 ipmi_get_stat(intf, retransmitted_ipmb_commands));
2446 seq_printf(m, "timed_out_ipmb_commands: %u\n",
2447 ipmi_get_stat(intf, timed_out_ipmb_commands));
2448 seq_printf(m, "timed_out_ipmb_broadcasts: %u\n",
2449 ipmi_get_stat(intf, timed_out_ipmb_broadcasts));
2450 seq_printf(m, "sent_ipmb_responses: %u\n",
2451 ipmi_get_stat(intf, sent_ipmb_responses));
2452 seq_printf(m, "handled_ipmb_responses: %u\n",
2453 ipmi_get_stat(intf, handled_ipmb_responses));
2454 seq_printf(m, "invalid_ipmb_responses: %u\n",
2455 ipmi_get_stat(intf, invalid_ipmb_responses));
2456 seq_printf(m, "unhandled_ipmb_responses: %u\n",
2457 ipmi_get_stat(intf, unhandled_ipmb_responses));
2458 seq_printf(m, "sent_lan_commands: %u\n",
2459 ipmi_get_stat(intf, sent_lan_commands));
2460 seq_printf(m, "sent_lan_command_errs: %u\n",
2461 ipmi_get_stat(intf, sent_lan_command_errs));
2462 seq_printf(m, "retransmitted_lan_commands: %u\n",
2463 ipmi_get_stat(intf, retransmitted_lan_commands));
2464 seq_printf(m, "timed_out_lan_commands: %u\n",
2465 ipmi_get_stat(intf, timed_out_lan_commands));
2466 seq_printf(m, "sent_lan_responses: %u\n",
2467 ipmi_get_stat(intf, sent_lan_responses));
2468 seq_printf(m, "handled_lan_responses: %u\n",
2469 ipmi_get_stat(intf, handled_lan_responses));
2470 seq_printf(m, "invalid_lan_responses: %u\n",
2471 ipmi_get_stat(intf, invalid_lan_responses));
2472 seq_printf(m, "unhandled_lan_responses: %u\n",
2473 ipmi_get_stat(intf, unhandled_lan_responses));
2474 seq_printf(m, "handled_commands: %u\n",
2475 ipmi_get_stat(intf, handled_commands));
2476 seq_printf(m, "invalid_commands: %u\n",
2477 ipmi_get_stat(intf, invalid_commands));
2478 seq_printf(m, "unhandled_commands: %u\n",
2479 ipmi_get_stat(intf, unhandled_commands));
2480 seq_printf(m, "invalid_events: %u\n",
2481 ipmi_get_stat(intf, invalid_events));
2482 seq_printf(m, "events: %u\n",
2483 ipmi_get_stat(intf, events));
2484 seq_printf(m, "failed rexmit LAN msgs: %u\n",
2485 ipmi_get_stat(intf, dropped_rexmit_lan_commands));
2486 seq_printf(m, "failed rexmit IPMB msgs: %u\n",
2487 ipmi_get_stat(intf, dropped_rexmit_ipmb_commands));
2488 return 0;
2489 }
2490
2491 static int smi_stats_proc_open(struct inode *inode, struct file *file)
2492 {
2493 return single_open(file, smi_stats_proc_show, PDE_DATA(inode));
2494 }
2495
2496 static const struct file_operations smi_stats_proc_ops = {
2497 .open = smi_stats_proc_open,
2498 .read = seq_read,
2499 .llseek = seq_lseek,
2500 .release = single_release,
2501 };
2502
2503 int ipmi_smi_add_proc_entry(ipmi_smi_t smi, char *name,
2504 const struct file_operations *proc_ops,
2505 void *data)
2506 {
2507 int rv = 0;
2508 struct proc_dir_entry *file;
2509 struct ipmi_proc_entry *entry;
2510
2511 /* Create a list element. */
2512 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
2513 if (!entry)
2514 return -ENOMEM;
2515 entry->name = kstrdup(name, GFP_KERNEL);
2516 if (!entry->name) {
2517 kfree(entry);
2518 return -ENOMEM;
2519 }
2520
2521 file = proc_create_data(name, 0, smi->proc_dir, proc_ops, data);
2522 if (!file) {
2523 kfree(entry->name);
2524 kfree(entry);
2525 rv = -ENOMEM;
2526 } else {
2527 mutex_lock(&smi->proc_entry_lock);
2528 /* Stick it on the list. */
2529 entry->next = smi->proc_entries;
2530 smi->proc_entries = entry;
2531 mutex_unlock(&smi->proc_entry_lock);
2532 }
2533
2534 return rv;
2535 }
2536 EXPORT_SYMBOL(ipmi_smi_add_proc_entry);
2537
2538 static int add_proc_entries(ipmi_smi_t smi, int num)
2539 {
2540 int rv = 0;
2541
2542 sprintf(smi->proc_dir_name, "%d", num);
2543 smi->proc_dir = proc_mkdir(smi->proc_dir_name, proc_ipmi_root);
2544 if (!smi->proc_dir)
2545 rv = -ENOMEM;
2546
2547 if (rv == 0)
2548 rv = ipmi_smi_add_proc_entry(smi, "stats",
2549 &smi_stats_proc_ops,
2550 smi);
2551
2552 if (rv == 0)
2553 rv = ipmi_smi_add_proc_entry(smi, "ipmb",
2554 &smi_ipmb_proc_ops,
2555 smi);
2556
2557 if (rv == 0)
2558 rv = ipmi_smi_add_proc_entry(smi, "version",
2559 &smi_version_proc_ops,
2560 smi);
2561
2562 return rv;
2563 }
2564
2565 static void remove_proc_entries(ipmi_smi_t smi)
2566 {
2567 struct ipmi_proc_entry *entry;
2568
2569 mutex_lock(&smi->proc_entry_lock);
2570 while (smi->proc_entries) {
2571 entry = smi->proc_entries;
2572 smi->proc_entries = entry->next;
2573
2574 remove_proc_entry(entry->name, smi->proc_dir);
2575 kfree(entry->name);
2576 kfree(entry);
2577 }
2578 mutex_unlock(&smi->proc_entry_lock);
2579 remove_proc_entry(smi->proc_dir_name, proc_ipmi_root);
2580 }
2581 #endif /* CONFIG_IPMI_PROC_INTERFACE */
2582
2583 static ssize_t device_id_show(struct device *dev,
2584 struct device_attribute *attr,
2585 char *buf)
2586 {
2587 struct bmc_device *bmc = to_bmc_device(dev);
2588 struct ipmi_device_id id;
2589 int rv;
2590
2591 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2592 if (rv)
2593 return rv;
2594
2595 return snprintf(buf, 10, "%u\n", id.device_id);
2596 }
2597 static DEVICE_ATTR_RO(device_id);
2598
2599 static ssize_t provides_device_sdrs_show(struct device *dev,
2600 struct device_attribute *attr,
2601 char *buf)
2602 {
2603 struct bmc_device *bmc = to_bmc_device(dev);
2604 struct ipmi_device_id id;
2605 int rv;
2606
2607 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2608 if (rv)
2609 return rv;
2610
2611 return snprintf(buf, 10, "%u\n", (id.device_revision & 0x80) >> 7);
2612 }
2613 static DEVICE_ATTR_RO(provides_device_sdrs);
2614
2615 static ssize_t revision_show(struct device *dev, struct device_attribute *attr,
2616 char *buf)
2617 {
2618 struct bmc_device *bmc = to_bmc_device(dev);
2619 struct ipmi_device_id id;
2620 int rv;
2621
2622 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2623 if (rv)
2624 return rv;
2625
2626 return snprintf(buf, 20, "%u\n", id.device_revision & 0x0F);
2627 }
2628 static DEVICE_ATTR_RO(revision);
2629
2630 static ssize_t firmware_revision_show(struct device *dev,
2631 struct device_attribute *attr,
2632 char *buf)
2633 {
2634 struct bmc_device *bmc = to_bmc_device(dev);
2635 struct ipmi_device_id id;
2636 int rv;
2637
2638 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2639 if (rv)
2640 return rv;
2641
2642 return snprintf(buf, 20, "%u.%x\n", id.firmware_revision_1,
2643 id.firmware_revision_2);
2644 }
2645 static DEVICE_ATTR_RO(firmware_revision);
2646
2647 static ssize_t ipmi_version_show(struct device *dev,
2648 struct device_attribute *attr,
2649 char *buf)
2650 {
2651 struct bmc_device *bmc = to_bmc_device(dev);
2652 struct ipmi_device_id id;
2653 int rv;
2654
2655 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2656 if (rv)
2657 return rv;
2658
2659 return snprintf(buf, 20, "%u.%u\n",
2660 ipmi_version_major(&id),
2661 ipmi_version_minor(&id));
2662 }
2663 static DEVICE_ATTR_RO(ipmi_version);
2664
2665 static ssize_t add_dev_support_show(struct device *dev,
2666 struct device_attribute *attr,
2667 char *buf)
2668 {
2669 struct bmc_device *bmc = to_bmc_device(dev);
2670 struct ipmi_device_id id;
2671 int rv;
2672
2673 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2674 if (rv)
2675 return rv;
2676
2677 return snprintf(buf, 10, "0x%02x\n", id.additional_device_support);
2678 }
2679 static DEVICE_ATTR(additional_device_support, S_IRUGO, add_dev_support_show,
2680 NULL);
2681
2682 static ssize_t manufacturer_id_show(struct device *dev,
2683 struct device_attribute *attr,
2684 char *buf)
2685 {
2686 struct bmc_device *bmc = to_bmc_device(dev);
2687 struct ipmi_device_id id;
2688 int rv;
2689
2690 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2691 if (rv)
2692 return rv;
2693
2694 return snprintf(buf, 20, "0x%6.6x\n", id.manufacturer_id);
2695 }
2696 static DEVICE_ATTR_RO(manufacturer_id);
2697
2698 static ssize_t product_id_show(struct device *dev,
2699 struct device_attribute *attr,
2700 char *buf)
2701 {
2702 struct bmc_device *bmc = to_bmc_device(dev);
2703 struct ipmi_device_id id;
2704 int rv;
2705
2706 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2707 if (rv)
2708 return rv;
2709
2710 return snprintf(buf, 10, "0x%4.4x\n", id.product_id);
2711 }
2712 static DEVICE_ATTR_RO(product_id);
2713
2714 static ssize_t aux_firmware_rev_show(struct device *dev,
2715 struct device_attribute *attr,
2716 char *buf)
2717 {
2718 struct bmc_device *bmc = to_bmc_device(dev);
2719 struct ipmi_device_id id;
2720 int rv;
2721
2722 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2723 if (rv)
2724 return rv;
2725
2726 return snprintf(buf, 21, "0x%02x 0x%02x 0x%02x 0x%02x\n",
2727 id.aux_firmware_revision[3],
2728 id.aux_firmware_revision[2],
2729 id.aux_firmware_revision[1],
2730 id.aux_firmware_revision[0]);
2731 }
2732 static DEVICE_ATTR(aux_firmware_revision, S_IRUGO, aux_firmware_rev_show, NULL);
2733
2734 static ssize_t guid_show(struct device *dev, struct device_attribute *attr,
2735 char *buf)
2736 {
2737 struct bmc_device *bmc = to_bmc_device(dev);
2738 bool guid_set;
2739 guid_t guid;
2740 int rv;
2741
2742 rv = bmc_get_device_id(NULL, bmc, NULL, &guid_set, &guid);
2743 if (rv)
2744 return rv;
2745 if (!guid_set)
2746 return -ENOENT;
2747
2748 return snprintf(buf, 38, "%pUl\n", guid.b);
2749 }
2750 static DEVICE_ATTR_RO(guid);
2751
2752 static struct attribute *bmc_dev_attrs[] = {
2753 &dev_attr_device_id.attr,
2754 &dev_attr_provides_device_sdrs.attr,
2755 &dev_attr_revision.attr,
2756 &dev_attr_firmware_revision.attr,
2757 &dev_attr_ipmi_version.attr,
2758 &dev_attr_additional_device_support.attr,
2759 &dev_attr_manufacturer_id.attr,
2760 &dev_attr_product_id.attr,
2761 &dev_attr_aux_firmware_revision.attr,
2762 &dev_attr_guid.attr,
2763 NULL
2764 };
2765
2766 static umode_t bmc_dev_attr_is_visible(struct kobject *kobj,
2767 struct attribute *attr, int idx)
2768 {
2769 struct device *dev = kobj_to_dev(kobj);
2770 struct bmc_device *bmc = to_bmc_device(dev);
2771 umode_t mode = attr->mode;
2772 int rv;
2773
2774 if (attr == &dev_attr_aux_firmware_revision.attr) {
2775 struct ipmi_device_id id;
2776
2777 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL);
2778 return (!rv && id.aux_firmware_revision_set) ? mode : 0;
2779 }
2780 if (attr == &dev_attr_guid.attr) {
2781 bool guid_set;
2782
2783 rv = bmc_get_device_id(NULL, bmc, NULL, &guid_set, NULL);
2784 return (!rv && guid_set) ? mode : 0;
2785 }
2786 return mode;
2787 }
2788
2789 static const struct attribute_group bmc_dev_attr_group = {
2790 .attrs = bmc_dev_attrs,
2791 .is_visible = bmc_dev_attr_is_visible,
2792 };
2793
2794 static const struct attribute_group *bmc_dev_attr_groups[] = {
2795 &bmc_dev_attr_group,
2796 NULL
2797 };
2798
2799 static const struct device_type bmc_device_type = {
2800 .groups = bmc_dev_attr_groups,
2801 };
2802
2803 static int __find_bmc_guid(struct device *dev, void *data)
2804 {
2805 guid_t *guid = data;
2806 struct bmc_device *bmc;
2807 int rv;
2808
2809 if (dev->type != &bmc_device_type)
2810 return 0;
2811
2812 bmc = to_bmc_device(dev);
2813 rv = bmc->dyn_guid_set && guid_equal(&bmc->guid, guid);
2814 if (rv)
2815 rv = kref_get_unless_zero(&bmc->usecount);
2816 return rv;
2817 }
2818
2819 /*
2820 * Returns with the bmc's usecount incremented, if it is non-NULL.
2821 */
2822 static struct bmc_device *ipmi_find_bmc_guid(struct device_driver *drv,
2823 guid_t *guid)
2824 {
2825 struct device *dev;
2826 struct bmc_device *bmc = NULL;
2827
2828 dev = driver_find_device(drv, NULL, guid, __find_bmc_guid);
2829 if (dev) {
2830 bmc = to_bmc_device(dev);
2831 put_device(dev);
2832 }
2833 return bmc;
2834 }
2835
2836 struct prod_dev_id {
2837 unsigned int product_id;
2838 unsigned char device_id;
2839 };
2840
2841 static int __find_bmc_prod_dev_id(struct device *dev, void *data)
2842 {
2843 struct prod_dev_id *cid = data;
2844 struct bmc_device *bmc;
2845 int rv;
2846
2847 if (dev->type != &bmc_device_type)
2848 return 0;
2849
2850 bmc = to_bmc_device(dev);
2851 rv = (bmc->id.product_id == cid->product_id
2852 && bmc->id.device_id == cid->device_id);
2853 if (rv)
2854 rv = kref_get_unless_zero(&bmc->usecount);
2855 return rv;
2856 }
2857
2858 /*
2859 * Returns with the bmc's usecount incremented, if it is non-NULL.
2860 */
2861 static struct bmc_device *ipmi_find_bmc_prod_dev_id(
2862 struct device_driver *drv,
2863 unsigned int product_id, unsigned char device_id)
2864 {
2865 struct prod_dev_id id = {
2866 .product_id = product_id,
2867 .device_id = device_id,
2868 };
2869 struct device *dev;
2870 struct bmc_device *bmc = NULL;
2871
2872 dev = driver_find_device(drv, NULL, &id, __find_bmc_prod_dev_id);
2873 if (dev) {
2874 bmc = to_bmc_device(dev);
2875 put_device(dev);
2876 }
2877 return bmc;
2878 }
2879
2880 static DEFINE_IDA(ipmi_bmc_ida);
2881
2882 static void
2883 release_bmc_device(struct device *dev)
2884 {
2885 kfree(to_bmc_device(dev));
2886 }
2887
2888 static void cleanup_bmc_work(struct work_struct *work)
2889 {
2890 struct bmc_device *bmc = container_of(work, struct bmc_device,
2891 remove_work);
2892 int id = bmc->pdev.id; /* Unregister overwrites id */
2893
2894 platform_device_unregister(&bmc->pdev);
2895 ida_simple_remove(&ipmi_bmc_ida, id);
2896 }
2897
2898 static void
2899 cleanup_bmc_device(struct kref *ref)
2900 {
2901 struct bmc_device *bmc = container_of(ref, struct bmc_device, usecount);
2902
2903 /*
2904 * Remove the platform device in a work queue to avoid issues
2905 * with removing the device attributes while reading a device
2906 * attribute.
2907 */
2908 schedule_work(&bmc->remove_work);
2909 }
2910
2911 /*
2912 * Must be called with intf->bmc_reg_mutex held.
2913 */
2914 static void __ipmi_bmc_unregister(ipmi_smi_t intf)
2915 {
2916 struct bmc_device *bmc = intf->bmc;
2917
2918 if (!intf->bmc_registered)
2919 return;
2920
2921 sysfs_remove_link(&intf->si_dev->kobj, "bmc");
2922 sysfs_remove_link(&bmc->pdev.dev.kobj, intf->my_dev_name);
2923 kfree(intf->my_dev_name);
2924 intf->my_dev_name = NULL;
2925
2926 mutex_lock(&bmc->dyn_mutex);
2927 list_del(&intf->bmc_link);
2928 mutex_unlock(&bmc->dyn_mutex);
2929 intf->bmc = &intf->tmp_bmc;
2930 kref_put(&bmc->usecount, cleanup_bmc_device);
2931 intf->bmc_registered = false;
2932 }
2933
2934 static void ipmi_bmc_unregister(ipmi_smi_t intf)
2935 {
2936 mutex_lock(&intf->bmc_reg_mutex);
2937 __ipmi_bmc_unregister(intf);
2938 mutex_unlock(&intf->bmc_reg_mutex);
2939 }
2940
2941 /*
2942 * Must be called with intf->bmc_reg_mutex held.
2943 */
2944 static int __ipmi_bmc_register(ipmi_smi_t intf,
2945 struct ipmi_device_id *id,
2946 bool guid_set, guid_t *guid, int intf_num)
2947 {
2948 int rv;
2949 struct bmc_device *bmc;
2950 struct bmc_device *old_bmc;
2951
2952 /*
2953 * platform_device_register() can cause bmc_reg_mutex to
2954 * be claimed because of the is_visible functions of
2955 * the attributes. Eliminate possible recursion and
2956 * release the lock.
2957 */
2958 intf->in_bmc_register = true;
2959 mutex_unlock(&intf->bmc_reg_mutex);
2960
2961 /*
2962 * Try to find if there is an bmc_device struct
2963 * representing the interfaced BMC already
2964 */
2965 mutex_lock(&ipmidriver_mutex);
2966 if (guid_set)
2967 old_bmc = ipmi_find_bmc_guid(&ipmidriver.driver, guid);
2968 else
2969 old_bmc = ipmi_find_bmc_prod_dev_id(&ipmidriver.driver,
2970 id->product_id,
2971 id->device_id);
2972
2973 /*
2974 * If there is already an bmc_device, free the new one,
2975 * otherwise register the new BMC device
2976 */
2977 if (old_bmc) {
2978 bmc = old_bmc;
2979 /*
2980 * Note: old_bmc already has usecount incremented by
2981 * the BMC find functions.
2982 */
2983 intf->bmc = old_bmc;
2984 mutex_lock(&bmc->dyn_mutex);
2985 list_add_tail(&intf->bmc_link, &bmc->intfs);
2986 mutex_unlock(&bmc->dyn_mutex);
2987
2988 dev_info(intf->si_dev,
2989 "ipmi: interfacing existing BMC (man_id: 0x%6.6x,"
2990 " prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",
2991 bmc->id.manufacturer_id,
2992 bmc->id.product_id,
2993 bmc->id.device_id);
2994 } else {
2995 bmc = kzalloc(sizeof(*bmc), GFP_KERNEL);
2996 if (!bmc) {
2997 rv = -ENOMEM;
2998 goto out;
2999 }
3000 INIT_LIST_HEAD(&bmc->intfs);
3001 mutex_init(&bmc->dyn_mutex);
3002 INIT_WORK(&bmc->remove_work, cleanup_bmc_work);
3003
3004 bmc->id = *id;
3005 bmc->dyn_id_set = 1;
3006 bmc->dyn_guid_set = guid_set;
3007 bmc->guid = *guid;
3008 bmc->dyn_id_expiry = jiffies + IPMI_DYN_DEV_ID_EXPIRY;
3009
3010 bmc->pdev.name = "ipmi_bmc";
3011
3012 rv = ida_simple_get(&ipmi_bmc_ida, 0, 0, GFP_KERNEL);
3013 if (rv < 0)
3014 goto out;
3015 bmc->pdev.dev.driver = &ipmidriver.driver;
3016 bmc->pdev.id = rv;
3017 bmc->pdev.dev.release = release_bmc_device;
3018 bmc->pdev.dev.type = &bmc_device_type;
3019 kref_init(&bmc->usecount);
3020
3021 intf->bmc = bmc;
3022 mutex_lock(&bmc->dyn_mutex);
3023 list_add_tail(&intf->bmc_link, &bmc->intfs);
3024 mutex_unlock(&bmc->dyn_mutex);
3025
3026 rv = platform_device_register(&bmc->pdev);
3027 if (rv) {
3028 dev_err(intf->si_dev,
3029 PFX " Unable to register bmc device: %d\n",
3030 rv);
3031 goto out_list_del;
3032 }
3033
3034 dev_info(intf->si_dev,
3035 "Found new BMC (man_id: 0x%6.6x, prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",
3036 bmc->id.manufacturer_id,
3037 bmc->id.product_id,
3038 bmc->id.device_id);
3039 }
3040
3041 /*
3042 * create symlink from system interface device to bmc device
3043 * and back.
3044 */
3045 rv = sysfs_create_link(&intf->si_dev->kobj, &bmc->pdev.dev.kobj, "bmc");
3046 if (rv) {
3047 dev_err(intf->si_dev,
3048 PFX "Unable to create bmc symlink: %d\n", rv);
3049 goto out_put_bmc;
3050 }
3051
3052 if (intf_num == -1)
3053 intf_num = intf->intf_num;
3054 intf->my_dev_name = kasprintf(GFP_KERNEL, "ipmi%d", intf_num);
3055 if (!intf->my_dev_name) {
3056 rv = -ENOMEM;
3057 dev_err(intf->si_dev,
3058 PFX "Unable to allocate link from BMC: %d\n", rv);
3059 goto out_unlink1;
3060 }
3061
3062 rv = sysfs_create_link(&bmc->pdev.dev.kobj, &intf->si_dev->kobj,
3063 intf->my_dev_name);
3064 if (rv) {
3065 kfree(intf->my_dev_name);
3066 intf->my_dev_name = NULL;
3067 dev_err(intf->si_dev,
3068 PFX "Unable to create symlink to bmc: %d\n", rv);
3069 goto out_free_my_dev_name;
3070 }
3071
3072 intf->bmc_registered = true;
3073
3074 out:
3075 mutex_unlock(&ipmidriver_mutex);
3076 mutex_lock(&intf->bmc_reg_mutex);
3077 intf->in_bmc_register = false;
3078 return rv;
3079
3080
3081 out_free_my_dev_name:
3082 kfree(intf->my_dev_name);
3083 intf->my_dev_name = NULL;
3084
3085 out_unlink1:
3086 sysfs_remove_link(&intf->si_dev->kobj, "bmc");
3087
3088 out_put_bmc:
3089 mutex_lock(&bmc->dyn_mutex);
3090 list_del(&intf->bmc_link);
3091 mutex_unlock(&bmc->dyn_mutex);
3092 intf->bmc = &intf->tmp_bmc;
3093 kref_put(&bmc->usecount, cleanup_bmc_device);
3094 goto out;
3095
3096 out_list_del:
3097 mutex_lock(&bmc->dyn_mutex);
3098 list_del(&intf->bmc_link);
3099 mutex_unlock(&bmc->dyn_mutex);
3100 intf->bmc = &intf->tmp_bmc;
3101 put_device(&bmc->pdev.dev);
3102 goto out;
3103 }
3104
3105 static int
3106 send_guid_cmd(ipmi_smi_t intf, int chan)
3107 {
3108 struct kernel_ipmi_msg msg;
3109 struct ipmi_system_interface_addr si;
3110
3111 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3112 si.channel = IPMI_BMC_CHANNEL;
3113 si.lun = 0;
3114
3115 msg.netfn = IPMI_NETFN_APP_REQUEST;
3116 msg.cmd = IPMI_GET_DEVICE_GUID_CMD;
3117 msg.data = NULL;
3118 msg.data_len = 0;
3119 return i_ipmi_request(NULL,
3120 intf,
3121 (struct ipmi_addr *) &si,
3122 0,
3123 &msg,
3124 intf,
3125 NULL,
3126 NULL,
3127 0,
3128 intf->addrinfo[0].address,
3129 intf->addrinfo[0].lun,
3130 -1, 0);
3131 }
3132
3133 static void guid_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
3134 {
3135 struct bmc_device *bmc = intf->bmc;
3136
3137 if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
3138 || (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE)
3139 || (msg->msg.cmd != IPMI_GET_DEVICE_GUID_CMD))
3140 /* Not for me */
3141 return;
3142
3143 if (msg->msg.data[0] != 0) {
3144 /* Error from getting the GUID, the BMC doesn't have one. */
3145 bmc->dyn_guid_set = 0;
3146 goto out;
3147 }
3148
3149 if (msg->msg.data_len < 17) {
3150 bmc->dyn_guid_set = 0;
3151 dev_warn(intf->si_dev,
3152 PFX "The GUID response from the BMC was too short, it was %d but should have been 17. Assuming GUID is not available.\n",
3153 msg->msg.data_len);
3154 goto out;
3155 }
3156
3157 memcpy(bmc->fetch_guid.b, msg->msg.data + 1, 16);
3158 /*
3159 * Make sure the guid data is available before setting
3160 * dyn_guid_set.
3161 */
3162 smp_wmb();
3163 bmc->dyn_guid_set = 1;
3164 out:
3165 wake_up(&intf->waitq);
3166 }
3167
3168 static void __get_guid(ipmi_smi_t intf)
3169 {
3170 int rv;
3171 struct bmc_device *bmc = intf->bmc;
3172
3173 bmc->dyn_guid_set = 2;
3174 intf->null_user_handler = guid_handler;
3175 rv = send_guid_cmd(intf, 0);
3176 if (rv)
3177 /* Send failed, no GUID available. */
3178 bmc->dyn_guid_set = 0;
3179
3180 wait_event(intf->waitq, bmc->dyn_guid_set != 2);
3181
3182 /* dyn_guid_set makes the guid data available. */
3183 smp_rmb();
3184
3185 intf->null_user_handler = NULL;
3186 }
3187
3188 static int
3189 send_channel_info_cmd(ipmi_smi_t intf, int chan)
3190 {
3191 struct kernel_ipmi_msg msg;
3192 unsigned char data[1];
3193 struct ipmi_system_interface_addr si;
3194
3195 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3196 si.channel = IPMI_BMC_CHANNEL;
3197 si.lun = 0;
3198
3199 msg.netfn = IPMI_NETFN_APP_REQUEST;
3200 msg.cmd = IPMI_GET_CHANNEL_INFO_CMD;
3201 msg.data = data;
3202 msg.data_len = 1;
3203 data[0] = chan;
3204 return i_ipmi_request(NULL,
3205 intf,
3206 (struct ipmi_addr *) &si,
3207 0,
3208 &msg,
3209 intf,
3210 NULL,
3211 NULL,
3212 0,
3213 intf->addrinfo[0].address,
3214 intf->addrinfo[0].lun,
3215 -1, 0);
3216 }
3217
3218 static void
3219 channel_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
3220 {
3221 int rv = 0;
3222 int ch;
3223 unsigned int set = intf->curr_working_cset;
3224 struct ipmi_channel *chans;
3225
3226 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
3227 && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
3228 && (msg->msg.cmd == IPMI_GET_CHANNEL_INFO_CMD)) {
3229 /* It's the one we want */
3230 if (msg->msg.data[0] != 0) {
3231 /* Got an error from the channel, just go on. */
3232
3233 if (msg->msg.data[0] == IPMI_INVALID_COMMAND_ERR) {
3234 /*
3235 * If the MC does not support this
3236 * command, that is legal. We just
3237 * assume it has one IPMB at channel
3238 * zero.
3239 */
3240 intf->wchannels[set].c[0].medium
3241 = IPMI_CHANNEL_MEDIUM_IPMB;
3242 intf->wchannels[set].c[0].protocol
3243 = IPMI_CHANNEL_PROTOCOL_IPMB;
3244
3245 intf->channel_list = intf->wchannels + set;
3246 intf->channels_ready = true;
3247 wake_up(&intf->waitq);
3248 goto out;
3249 }
3250 goto next_channel;
3251 }
3252 if (msg->msg.data_len < 4) {
3253 /* Message not big enough, just go on. */
3254 goto next_channel;
3255 }
3256 ch = intf->curr_channel;
3257 chans = intf->wchannels[set].c;
3258 chans[ch].medium = msg->msg.data[2] & 0x7f;
3259 chans[ch].protocol = msg->msg.data[3] & 0x1f;
3260
3261 next_channel:
3262 intf->curr_channel++;
3263 if (intf->curr_channel >= IPMI_MAX_CHANNELS) {
3264 intf->channel_list = intf->wchannels + set;
3265 intf->channels_ready = true;
3266 wake_up(&intf->waitq);
3267 } else {
3268 intf->channel_list = intf->wchannels + set;
3269 intf->channels_ready = true;
3270 rv = send_channel_info_cmd(intf, intf->curr_channel);
3271 }
3272
3273 if (rv) {
3274 /* Got an error somehow, just give up. */
3275 dev_warn(intf->si_dev,
3276 PFX "Error sending channel information for channel %d: %d\n",
3277 intf->curr_channel, rv);
3278
3279 intf->channel_list = intf->wchannels + set;
3280 intf->channels_ready = true;
3281 wake_up(&intf->waitq);
3282 }
3283 }
3284 out:
3285 return;
3286 }
3287
3288 /*
3289 * Must be holding intf->bmc_reg_mutex to call this.
3290 */
3291 static int __scan_channels(ipmi_smi_t intf, struct ipmi_device_id *id)
3292 {
3293 int rv;
3294
3295 if (ipmi_version_major(id) > 1
3296 || (ipmi_version_major(id) == 1
3297 && ipmi_version_minor(id) >= 5)) {
3298 unsigned int set;
3299
3300 /*
3301 * Start scanning the channels to see what is
3302 * available.
3303 */
3304 set = !intf->curr_working_cset;
3305 intf->curr_working_cset = set;
3306 memset(&intf->wchannels[set], 0,
3307 sizeof(struct ipmi_channel_set));
3308
3309 intf->null_user_handler = channel_handler;
3310 intf->curr_channel = 0;
3311 rv = send_channel_info_cmd(intf, 0);
3312 if (rv) {
3313 dev_warn(intf->si_dev,
3314 "Error sending channel information for channel 0, %d\n",
3315 rv);
3316 return -EIO;
3317 }
3318
3319 /* Wait for the channel info to be read. */
3320 wait_event(intf->waitq, intf->channels_ready);
3321 intf->null_user_handler = NULL;
3322 } else {
3323 unsigned int set = intf->curr_working_cset;
3324
3325 /* Assume a single IPMB channel at zero. */
3326 intf->wchannels[set].c[0].medium = IPMI_CHANNEL_MEDIUM_IPMB;
3327 intf->wchannels[set].c[0].protocol = IPMI_CHANNEL_PROTOCOL_IPMB;
3328 intf->channel_list = intf->wchannels + set;
3329 intf->channels_ready = true;
3330 }
3331
3332 return 0;
3333 }
3334
3335 static void ipmi_poll(ipmi_smi_t intf)
3336 {
3337 if (intf->handlers->poll)
3338 intf->handlers->poll(intf->send_info);
3339 /* In case something came in */
3340 handle_new_recv_msgs(intf);
3341 }
3342
3343 void ipmi_poll_interface(ipmi_user_t user)
3344 {
3345 ipmi_poll(user->intf);
3346 }
3347 EXPORT_SYMBOL(ipmi_poll_interface);
3348
3349 static void redo_bmc_reg(struct work_struct *work)
3350 {
3351 ipmi_smi_t intf = container_of(work, struct ipmi_smi, bmc_reg_work);
3352
3353 if (!intf->in_shutdown)
3354 bmc_get_device_id(intf, NULL, NULL, NULL, NULL);
3355
3356 kref_put(&intf->refcount, intf_free);
3357 }
3358
3359 int ipmi_register_smi(const struct ipmi_smi_handlers *handlers,
3360 void *send_info,
3361 struct device *si_dev,
3362 unsigned char slave_addr)
3363 {
3364 int i, j;
3365 int rv;
3366 ipmi_smi_t intf;
3367 ipmi_smi_t tintf;
3368 struct list_head *link;
3369 struct ipmi_device_id id;
3370
3371 /*
3372 * Make sure the driver is actually initialized, this handles
3373 * problems with initialization order.
3374 */
3375 if (!initialized) {
3376 rv = ipmi_init_msghandler();
3377 if (rv)
3378 return rv;
3379 /*
3380 * The init code doesn't return an error if it was turned
3381 * off, but it won't initialize. Check that.
3382 */
3383 if (!initialized)
3384 return -ENODEV;
3385 }
3386
3387 intf = kzalloc(sizeof(*intf), GFP_KERNEL);
3388 if (!intf)
3389 return -ENOMEM;
3390
3391 intf->bmc = &intf->tmp_bmc;
3392 INIT_LIST_HEAD(&intf->bmc->intfs);
3393 mutex_init(&intf->bmc->dyn_mutex);
3394 INIT_LIST_HEAD(&intf->bmc_link);
3395 mutex_init(&intf->bmc_reg_mutex);
3396 intf->intf_num = -1; /* Mark it invalid for now. */
3397 kref_init(&intf->refcount);
3398 INIT_WORK(&intf->bmc_reg_work, redo_bmc_reg);
3399 intf->si_dev = si_dev;
3400 for (j = 0; j < IPMI_MAX_CHANNELS; j++) {
3401 intf->addrinfo[j].address = IPMI_BMC_SLAVE_ADDR;
3402 intf->addrinfo[j].lun = 2;
3403 }
3404 if (slave_addr != 0)
3405 intf->addrinfo[0].address = slave_addr;
3406 INIT_LIST_HEAD(&intf->users);
3407 intf->handlers = handlers;
3408 intf->send_info = send_info;
3409 spin_lock_init(&intf->seq_lock);
3410 for (j = 0; j < IPMI_IPMB_NUM_SEQ; j++) {
3411 intf->seq_table[j].inuse = 0;
3412 intf->seq_table[j].seqid = 0;
3413 }
3414 intf->curr_seq = 0;
3415 #ifdef CONFIG_IPMI_PROC_INTERFACE
3416 mutex_init(&intf->proc_entry_lock);
3417 #endif
3418 spin_lock_init(&intf->waiting_rcv_msgs_lock);
3419 INIT_LIST_HEAD(&intf->waiting_rcv_msgs);
3420 tasklet_init(&intf->recv_tasklet,
3421 smi_recv_tasklet,
3422 (unsigned long) intf);
3423 atomic_set(&intf->watchdog_pretimeouts_to_deliver, 0);
3424 spin_lock_init(&intf->xmit_msgs_lock);
3425 INIT_LIST_HEAD(&intf->xmit_msgs);
3426 INIT_LIST_HEAD(&intf->hp_xmit_msgs);
3427 spin_lock_init(&intf->events_lock);
3428 atomic_set(&intf->event_waiters, 0);
3429 intf->ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
3430 INIT_LIST_HEAD(&intf->waiting_events);
3431 intf->waiting_events_count = 0;
3432 mutex_init(&intf->cmd_rcvrs_mutex);
3433 spin_lock_init(&intf->maintenance_mode_lock);
3434 INIT_LIST_HEAD(&intf->cmd_rcvrs);
3435 init_waitqueue_head(&intf->waitq);
3436 for (i = 0; i < IPMI_NUM_STATS; i++)
3437 atomic_set(&intf->stats[i], 0);
3438
3439 #ifdef CONFIG_IPMI_PROC_INTERFACE
3440 intf->proc_dir = NULL;
3441 #endif
3442
3443 mutex_lock(&smi_watchers_mutex);
3444 mutex_lock(&ipmi_interfaces_mutex);
3445 /* Look for a hole in the numbers. */
3446 i = 0;
3447 link = &ipmi_interfaces;
3448 list_for_each_entry_rcu(tintf, &ipmi_interfaces, link) {
3449 if (tintf->intf_num != i) {
3450 link = &tintf->link;
3451 break;
3452 }
3453 i++;
3454 }
3455 /* Add the new interface in numeric order. */
3456 if (i == 0)
3457 list_add_rcu(&intf->link, &ipmi_interfaces);
3458 else
3459 list_add_tail_rcu(&intf->link, link);
3460
3461 rv = handlers->start_processing(send_info, intf);
3462 if (rv)
3463 goto out;
3464
3465 rv = __bmc_get_device_id(intf, NULL, &id, NULL, NULL, i);
3466 if (rv) {
3467 dev_err(si_dev, "Unable to get the device id: %d\n", rv);
3468 goto out;
3469 }
3470
3471 mutex_lock(&intf->bmc_reg_mutex);
3472 rv = __scan_channels(intf, &id);
3473 mutex_unlock(&intf->bmc_reg_mutex);
3474 if (rv)
3475 goto out;
3476
3477 #ifdef CONFIG_IPMI_PROC_INTERFACE
3478 rv = add_proc_entries(intf, i);
3479 #endif
3480
3481 out:
3482 if (rv) {
3483 ipmi_bmc_unregister(intf);
3484 #ifdef CONFIG_IPMI_PROC_INTERFACE
3485 if (intf->proc_dir)
3486 remove_proc_entries(intf);
3487 #endif
3488 intf->handlers = NULL;
3489 list_del_rcu(&intf->link);
3490 mutex_unlock(&ipmi_interfaces_mutex);
3491 mutex_unlock(&smi_watchers_mutex);
3492 synchronize_rcu();
3493 kref_put(&intf->refcount, intf_free);
3494 } else {
3495 /*
3496 * Keep memory order straight for RCU readers. Make
3497 * sure everything else is committed to memory before
3498 * setting intf_num to mark the interface valid.
3499 */
3500 smp_wmb();
3501 intf->intf_num = i;
3502 mutex_unlock(&ipmi_interfaces_mutex);
3503 /* After this point the interface is legal to use. */
3504 call_smi_watchers(i, intf->si_dev);
3505 mutex_unlock(&smi_watchers_mutex);
3506 }
3507
3508 return rv;
3509 }
3510 EXPORT_SYMBOL(ipmi_register_smi);
3511
3512 static void deliver_smi_err_response(ipmi_smi_t intf,
3513 struct ipmi_smi_msg *msg,
3514 unsigned char err)
3515 {
3516 msg->rsp[0] = msg->data[0] | 4;
3517 msg->rsp[1] = msg->data[1];
3518 msg->rsp[2] = err;
3519 msg->rsp_size = 3;
3520 /* It's an error, so it will never requeue, no need to check return. */
3521 handle_one_recv_msg(intf, msg);
3522 }
3523
3524 static void cleanup_smi_msgs(ipmi_smi_t intf)
3525 {
3526 int i;
3527 struct seq_table *ent;
3528 struct ipmi_smi_msg *msg;
3529 struct list_head *entry;
3530 struct list_head tmplist;
3531
3532 /* Clear out our transmit queues and hold the messages. */
3533 INIT_LIST_HEAD(&tmplist);
3534 list_splice_tail(&intf->hp_xmit_msgs, &tmplist);
3535 list_splice_tail(&intf->xmit_msgs, &tmplist);
3536
3537 /* Current message first, to preserve order */
3538 while (intf->curr_msg && !list_empty(&intf->waiting_rcv_msgs)) {
3539 /* Wait for the message to clear out. */
3540 schedule_timeout(1);
3541 }
3542
3543 /* No need for locks, the interface is down. */
3544
3545 /*
3546 * Return errors for all pending messages in queue and in the
3547 * tables waiting for remote responses.
3548 */
3549 while (!list_empty(&tmplist)) {
3550 entry = tmplist.next;
3551 list_del(entry);
3552 msg = list_entry(entry, struct ipmi_smi_msg, link);
3553 deliver_smi_err_response(intf, msg, IPMI_ERR_UNSPECIFIED);
3554 }
3555
3556 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
3557 ent = &(intf->seq_table[i]);
3558 if (!ent->inuse)
3559 continue;
3560 deliver_err_response(ent->recv_msg, IPMI_ERR_UNSPECIFIED);
3561 }
3562 }
3563
3564 int ipmi_unregister_smi(ipmi_smi_t intf)
3565 {
3566 struct ipmi_smi_watcher *w;
3567 int intf_num = intf->intf_num;
3568 ipmi_user_t user;
3569
3570 mutex_lock(&smi_watchers_mutex);
3571 mutex_lock(&ipmi_interfaces_mutex);
3572 intf->intf_num = -1;
3573 intf->in_shutdown = true;
3574 list_del_rcu(&intf->link);
3575 mutex_unlock(&ipmi_interfaces_mutex);
3576 synchronize_rcu();
3577
3578 cleanup_smi_msgs(intf);
3579
3580 /* Clean up the effects of users on the lower-level software. */
3581 mutex_lock(&ipmi_interfaces_mutex);
3582 rcu_read_lock();
3583 list_for_each_entry_rcu(user, &intf->users, link) {
3584 module_put(intf->handlers->owner);
3585 if (intf->handlers->dec_usecount)
3586 intf->handlers->dec_usecount(intf->send_info);
3587 }
3588 rcu_read_unlock();
3589 intf->handlers = NULL;
3590 mutex_unlock(&ipmi_interfaces_mutex);
3591
3592 #ifdef CONFIG_IPMI_PROC_INTERFACE
3593 remove_proc_entries(intf);
3594 #endif
3595 ipmi_bmc_unregister(intf);
3596
3597 /*
3598 * Call all the watcher interfaces to tell them that
3599 * an interface is gone.
3600 */
3601 list_for_each_entry(w, &smi_watchers, link)
3602 w->smi_gone(intf_num);
3603 mutex_unlock(&smi_watchers_mutex);
3604
3605 kref_put(&intf->refcount, intf_free);
3606 return 0;
3607 }
3608 EXPORT_SYMBOL(ipmi_unregister_smi);
3609
3610 static int handle_ipmb_get_msg_rsp(ipmi_smi_t intf,
3611 struct ipmi_smi_msg *msg)
3612 {
3613 struct ipmi_ipmb_addr ipmb_addr;
3614 struct ipmi_recv_msg *recv_msg;
3615
3616 /*
3617 * This is 11, not 10, because the response must contain a
3618 * completion code.
3619 */
3620 if (msg->rsp_size < 11) {
3621 /* Message not big enough, just ignore it. */
3622 ipmi_inc_stat(intf, invalid_ipmb_responses);
3623 return 0;
3624 }
3625
3626 if (msg->rsp[2] != 0) {
3627 /* An error getting the response, just ignore it. */
3628 return 0;
3629 }
3630
3631 ipmb_addr.addr_type = IPMI_IPMB_ADDR_TYPE;
3632 ipmb_addr.slave_addr = msg->rsp[6];
3633 ipmb_addr.channel = msg->rsp[3] & 0x0f;
3634 ipmb_addr.lun = msg->rsp[7] & 3;
3635
3636 /*
3637 * It's a response from a remote entity. Look up the sequence
3638 * number and handle the response.
3639 */
3640 if (intf_find_seq(intf,
3641 msg->rsp[7] >> 2,
3642 msg->rsp[3] & 0x0f,
3643 msg->rsp[8],
3644 (msg->rsp[4] >> 2) & (~1),
3645 (struct ipmi_addr *) &(ipmb_addr),
3646 &recv_msg)) {
3647 /*
3648 * We were unable to find the sequence number,
3649 * so just nuke the message.
3650 */
3651 ipmi_inc_stat(intf, unhandled_ipmb_responses);
3652 return 0;
3653 }
3654
3655 memcpy(recv_msg->msg_data,
3656 &(msg->rsp[9]),
3657 msg->rsp_size - 9);
3658 /*
3659 * The other fields matched, so no need to set them, except
3660 * for netfn, which needs to be the response that was
3661 * returned, not the request value.
3662 */
3663 recv_msg->msg.netfn = msg->rsp[4] >> 2;
3664 recv_msg->msg.data = recv_msg->msg_data;
3665 recv_msg->msg.data_len = msg->rsp_size - 10;
3666 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
3667 ipmi_inc_stat(intf, handled_ipmb_responses);
3668 deliver_response(recv_msg);
3669
3670 return 0;
3671 }
3672
3673 static int handle_ipmb_get_msg_cmd(ipmi_smi_t intf,
3674 struct ipmi_smi_msg *msg)
3675 {
3676 struct cmd_rcvr *rcvr;
3677 int rv = 0;
3678 unsigned char netfn;
3679 unsigned char cmd;
3680 unsigned char chan;
3681 ipmi_user_t user = NULL;
3682 struct ipmi_ipmb_addr *ipmb_addr;
3683 struct ipmi_recv_msg *recv_msg;
3684
3685 if (msg->rsp_size < 10) {
3686 /* Message not big enough, just ignore it. */
3687 ipmi_inc_stat(intf, invalid_commands);
3688 return 0;
3689 }
3690
3691 if (msg->rsp[2] != 0) {
3692 /* An error getting the response, just ignore it. */
3693 return 0;
3694 }
3695
3696 netfn = msg->rsp[4] >> 2;
3697 cmd = msg->rsp[8];
3698 chan = msg->rsp[3] & 0xf;
3699
3700 rcu_read_lock();
3701 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);
3702 if (rcvr) {
3703 user = rcvr->user;
3704 kref_get(&user->refcount);
3705 } else
3706 user = NULL;
3707 rcu_read_unlock();
3708
3709 if (user == NULL) {
3710 /* We didn't find a user, deliver an error response. */
3711 ipmi_inc_stat(intf, unhandled_commands);
3712
3713 msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
3714 msg->data[1] = IPMI_SEND_MSG_CMD;
3715 msg->data[2] = msg->rsp[3];
3716 msg->data[3] = msg->rsp[6];
3717 msg->data[4] = ((netfn + 1) << 2) | (msg->rsp[7] & 0x3);
3718 msg->data[5] = ipmb_checksum(&(msg->data[3]), 2);
3719 msg->data[6] = intf->addrinfo[msg->rsp[3] & 0xf].address;
3720 /* rqseq/lun */
3721 msg->data[7] = (msg->rsp[7] & 0xfc) | (msg->rsp[4] & 0x3);
3722 msg->data[8] = msg->rsp[8]; /* cmd */
3723 msg->data[9] = IPMI_INVALID_CMD_COMPLETION_CODE;
3724 msg->data[10] = ipmb_checksum(&(msg->data[6]), 4);
3725 msg->data_size = 11;
3726
3727 #ifdef DEBUG_MSGING
3728 {
3729 int m;
3730 printk("Invalid command:");
3731 for (m = 0; m < msg->data_size; m++)
3732 printk(" %2.2x", msg->data[m]);
3733 printk("\n");
3734 }
3735 #endif
3736 rcu_read_lock();
3737 if (!intf->in_shutdown) {
3738 smi_send(intf, intf->handlers, msg, 0);
3739 /*
3740 * We used the message, so return the value
3741 * that causes it to not be freed or
3742 * queued.
3743 */
3744 rv = -1;
3745 }
3746 rcu_read_unlock();
3747 } else {
3748 /* Deliver the message to the user. */
3749 ipmi_inc_stat(intf, handled_commands);
3750
3751 recv_msg = ipmi_alloc_recv_msg();
3752 if (!recv_msg) {
3753 /*
3754 * We couldn't allocate memory for the
3755 * message, so requeue it for handling
3756 * later.
3757 */
3758 rv = 1;
3759 kref_put(&user->refcount, free_user);
3760 } else {
3761 /* Extract the source address from the data. */
3762 ipmb_addr = (struct ipmi_ipmb_addr *) &recv_msg->addr;
3763 ipmb_addr->addr_type = IPMI_IPMB_ADDR_TYPE;
3764 ipmb_addr->slave_addr = msg->rsp[6];
3765 ipmb_addr->lun = msg->rsp[7] & 3;
3766 ipmb_addr->channel = msg->rsp[3] & 0xf;
3767
3768 /*
3769 * Extract the rest of the message information
3770 * from the IPMB header.
3771 */
3772 recv_msg->user = user;
3773 recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
3774 recv_msg->msgid = msg->rsp[7] >> 2;
3775 recv_msg->msg.netfn = msg->rsp[4] >> 2;
3776 recv_msg->msg.cmd = msg->rsp[8];
3777 recv_msg->msg.data = recv_msg->msg_data;
3778
3779 /*
3780 * We chop off 10, not 9 bytes because the checksum
3781 * at the end also needs to be removed.
3782 */
3783 recv_msg->msg.data_len = msg->rsp_size - 10;
3784 memcpy(recv_msg->msg_data,
3785 &(msg->rsp[9]),
3786 msg->rsp_size - 10);
3787 deliver_response(recv_msg);
3788 }
3789 }
3790
3791 return rv;
3792 }
3793
3794 static int handle_lan_get_msg_rsp(ipmi_smi_t intf,
3795 struct ipmi_smi_msg *msg)
3796 {
3797 struct ipmi_lan_addr lan_addr;
3798 struct ipmi_recv_msg *recv_msg;
3799
3800
3801 /*
3802 * This is 13, not 12, because the response must contain a
3803 * completion code.
3804 */
3805 if (msg->rsp_size < 13) {
3806 /* Message not big enough, just ignore it. */
3807 ipmi_inc_stat(intf, invalid_lan_responses);
3808 return 0;
3809 }
3810
3811 if (msg->rsp[2] != 0) {
3812 /* An error getting the response, just ignore it. */
3813 return 0;
3814 }
3815
3816 lan_addr.addr_type = IPMI_LAN_ADDR_TYPE;
3817 lan_addr.session_handle = msg->rsp[4];
3818 lan_addr.remote_SWID = msg->rsp[8];
3819 lan_addr.local_SWID = msg->rsp[5];
3820 lan_addr.channel = msg->rsp[3] & 0x0f;
3821 lan_addr.privilege = msg->rsp[3] >> 4;
3822 lan_addr.lun = msg->rsp[9] & 3;
3823
3824 /*
3825 * It's a response from a remote entity. Look up the sequence
3826 * number and handle the response.
3827 */
3828 if (intf_find_seq(intf,
3829 msg->rsp[9] >> 2,
3830 msg->rsp[3] & 0x0f,
3831 msg->rsp[10],
3832 (msg->rsp[6] >> 2) & (~1),
3833 (struct ipmi_addr *) &(lan_addr),
3834 &recv_msg)) {
3835 /*
3836 * We were unable to find the sequence number,
3837 * so just nuke the message.
3838 */
3839 ipmi_inc_stat(intf, unhandled_lan_responses);
3840 return 0;
3841 }
3842
3843 memcpy(recv_msg->msg_data,
3844 &(msg->rsp[11]),
3845 msg->rsp_size - 11);
3846 /*
3847 * The other fields matched, so no need to set them, except
3848 * for netfn, which needs to be the response that was
3849 * returned, not the request value.
3850 */
3851 recv_msg->msg.netfn = msg->rsp[6] >> 2;
3852 recv_msg->msg.data = recv_msg->msg_data;
3853 recv_msg->msg.data_len = msg->rsp_size - 12;
3854 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
3855 ipmi_inc_stat(intf, handled_lan_responses);
3856 deliver_response(recv_msg);
3857
3858 return 0;
3859 }
3860
3861 static int handle_lan_get_msg_cmd(ipmi_smi_t intf,
3862 struct ipmi_smi_msg *msg)
3863 {
3864 struct cmd_rcvr *rcvr;
3865 int rv = 0;
3866 unsigned char netfn;
3867 unsigned char cmd;
3868 unsigned char chan;
3869 ipmi_user_t user = NULL;
3870 struct ipmi_lan_addr *lan_addr;
3871 struct ipmi_recv_msg *recv_msg;
3872
3873 if (msg->rsp_size < 12) {
3874 /* Message not big enough, just ignore it. */
3875 ipmi_inc_stat(intf, invalid_commands);
3876 return 0;
3877 }
3878
3879 if (msg->rsp[2] != 0) {
3880 /* An error getting the response, just ignore it. */
3881 return 0;
3882 }
3883
3884 netfn = msg->rsp[6] >> 2;
3885 cmd = msg->rsp[10];
3886 chan = msg->rsp[3] & 0xf;
3887
3888 rcu_read_lock();
3889 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);
3890 if (rcvr) {
3891 user = rcvr->user;
3892 kref_get(&user->refcount);
3893 } else
3894 user = NULL;
3895 rcu_read_unlock();
3896
3897 if (user == NULL) {
3898 /* We didn't find a user, just give up. */
3899 ipmi_inc_stat(intf, unhandled_commands);
3900
3901 /*
3902 * Don't do anything with these messages, just allow
3903 * them to be freed.
3904 */
3905 rv = 0;
3906 } else {
3907 /* Deliver the message to the user. */
3908 ipmi_inc_stat(intf, handled_commands);
3909
3910 recv_msg = ipmi_alloc_recv_msg();
3911 if (!recv_msg) {
3912 /*
3913 * We couldn't allocate memory for the
3914 * message, so requeue it for handling later.
3915 */
3916 rv = 1;
3917 kref_put(&user->refcount, free_user);
3918 } else {
3919 /* Extract the source address from the data. */
3920 lan_addr = (struct ipmi_lan_addr *) &recv_msg->addr;
3921 lan_addr->addr_type = IPMI_LAN_ADDR_TYPE;
3922 lan_addr->session_handle = msg->rsp[4];
3923 lan_addr->remote_SWID = msg->rsp[8];
3924 lan_addr->local_SWID = msg->rsp[5];
3925 lan_addr->lun = msg->rsp[9] & 3;
3926 lan_addr->channel = msg->rsp[3] & 0xf;
3927 lan_addr->privilege = msg->rsp[3] >> 4;
3928
3929 /*
3930 * Extract the rest of the message information
3931 * from the IPMB header.
3932 */
3933 recv_msg->user = user;
3934 recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
3935 recv_msg->msgid = msg->rsp[9] >> 2;
3936 recv_msg->msg.netfn = msg->rsp[6] >> 2;
3937 recv_msg->msg.cmd = msg->rsp[10];
3938 recv_msg->msg.data = recv_msg->msg_data;
3939
3940 /*
3941 * We chop off 12, not 11 bytes because the checksum
3942 * at the end also needs to be removed.
3943 */
3944 recv_msg->msg.data_len = msg->rsp_size - 12;
3945 memcpy(recv_msg->msg_data,
3946 &(msg->rsp[11]),
3947 msg->rsp_size - 12);
3948 deliver_response(recv_msg);
3949 }
3950 }
3951
3952 return rv;
3953 }
3954
3955 /*
3956 * This routine will handle "Get Message" command responses with
3957 * channels that use an OEM Medium. The message format belongs to
3958 * the OEM. See IPMI 2.0 specification, Chapter 6 and
3959 * Chapter 22, sections 22.6 and 22.24 for more details.
3960 */
3961 static int handle_oem_get_msg_cmd(ipmi_smi_t intf,
3962 struct ipmi_smi_msg *msg)
3963 {
3964 struct cmd_rcvr *rcvr;
3965 int rv = 0;
3966 unsigned char netfn;
3967 unsigned char cmd;
3968 unsigned char chan;
3969 ipmi_user_t user = NULL;
3970 struct ipmi_system_interface_addr *smi_addr;
3971 struct ipmi_recv_msg *recv_msg;
3972
3973 /*
3974 * We expect the OEM SW to perform error checking
3975 * so we just do some basic sanity checks
3976 */
3977 if (msg->rsp_size < 4) {
3978 /* Message not big enough, just ignore it. */
3979 ipmi_inc_stat(intf, invalid_commands);
3980 return 0;
3981 }
3982
3983 if (msg->rsp[2] != 0) {
3984 /* An error getting the response, just ignore it. */
3985 return 0;
3986 }
3987
3988 /*
3989 * This is an OEM Message so the OEM needs to know how
3990 * handle the message. We do no interpretation.
3991 */
3992 netfn = msg->rsp[0] >> 2;
3993 cmd = msg->rsp[1];
3994 chan = msg->rsp[3] & 0xf;
3995
3996 rcu_read_lock();
3997 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);
3998 if (rcvr) {
3999 user = rcvr->user;
4000 kref_get(&user->refcount);
4001 } else
4002 user = NULL;
4003 rcu_read_unlock();
4004
4005 if (user == NULL) {
4006 /* We didn't find a user, just give up. */
4007 ipmi_inc_stat(intf, unhandled_commands);
4008
4009 /*
4010 * Don't do anything with these messages, just allow
4011 * them to be freed.
4012 */
4013
4014 rv = 0;
4015 } else {
4016 /* Deliver the message to the user. */
4017 ipmi_inc_stat(intf, handled_commands);
4018
4019 recv_msg = ipmi_alloc_recv_msg();
4020 if (!recv_msg) {
4021 /*
4022 * We couldn't allocate memory for the
4023 * message, so requeue it for handling
4024 * later.
4025 */
4026 rv = 1;
4027 kref_put(&user->refcount, free_user);
4028 } else {
4029 /*
4030 * OEM Messages are expected to be delivered via
4031 * the system interface to SMS software. We might
4032 * need to visit this again depending on OEM
4033 * requirements
4034 */
4035 smi_addr = ((struct ipmi_system_interface_addr *)
4036 &(recv_msg->addr));
4037 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
4038 smi_addr->channel = IPMI_BMC_CHANNEL;
4039 smi_addr->lun = msg->rsp[0] & 3;
4040
4041 recv_msg->user = user;
4042 recv_msg->user_msg_data = NULL;
4043 recv_msg->recv_type = IPMI_OEM_RECV_TYPE;
4044 recv_msg->msg.netfn = msg->rsp[0] >> 2;
4045 recv_msg->msg.cmd = msg->rsp[1];
4046 recv_msg->msg.data = recv_msg->msg_data;
4047
4048 /*
4049 * The message starts at byte 4 which follows the
4050 * the Channel Byte in the "GET MESSAGE" command
4051 */
4052 recv_msg->msg.data_len = msg->rsp_size - 4;
4053 memcpy(recv_msg->msg_data,
4054 &(msg->rsp[4]),
4055 msg->rsp_size - 4);
4056 deliver_response(recv_msg);
4057 }
4058 }
4059
4060 return rv;
4061 }
4062
4063 static void copy_event_into_recv_msg(struct ipmi_recv_msg *recv_msg,
4064 struct ipmi_smi_msg *msg)
4065 {
4066 struct ipmi_system_interface_addr *smi_addr;
4067
4068 recv_msg->msgid = 0;
4069 smi_addr = (struct ipmi_system_interface_addr *) &(recv_msg->addr);
4070 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
4071 smi_addr->channel = IPMI_BMC_CHANNEL;
4072 smi_addr->lun = msg->rsp[0] & 3;
4073 recv_msg->recv_type = IPMI_ASYNC_EVENT_RECV_TYPE;
4074 recv_msg->msg.netfn = msg->rsp[0] >> 2;
4075 recv_msg->msg.cmd = msg->rsp[1];
4076 memcpy(recv_msg->msg_data, &(msg->rsp[3]), msg->rsp_size - 3);
4077 recv_msg->msg.data = recv_msg->msg_data;
4078 recv_msg->msg.data_len = msg->rsp_size - 3;
4079 }
4080
4081 static int handle_read_event_rsp(ipmi_smi_t intf,
4082 struct ipmi_smi_msg *msg)
4083 {
4084 struct ipmi_recv_msg *recv_msg, *recv_msg2;
4085 struct list_head msgs;
4086 ipmi_user_t user;
4087 int rv = 0;
4088 int deliver_count = 0;
4089 unsigned long flags;
4090
4091 if (msg->rsp_size < 19) {
4092 /* Message is too small to be an IPMB event. */
4093 ipmi_inc_stat(intf, invalid_events);
4094 return 0;
4095 }
4096
4097 if (msg->rsp[2] != 0) {
4098 /* An error getting the event, just ignore it. */
4099 return 0;
4100 }
4101
4102 INIT_LIST_HEAD(&msgs);
4103
4104 spin_lock_irqsave(&intf->events_lock, flags);
4105
4106 ipmi_inc_stat(intf, events);
4107
4108 /*
4109 * Allocate and fill in one message for every user that is
4110 * getting events.
4111 */
4112 rcu_read_lock();
4113 list_for_each_entry_rcu(user, &intf->users, link) {
4114 if (!user->gets_events)
4115 continue;
4116
4117 recv_msg = ipmi_alloc_recv_msg();
4118 if (!recv_msg) {
4119 rcu_read_unlock();
4120 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs,
4121 link) {
4122 list_del(&recv_msg->link);
4123 ipmi_free_recv_msg(recv_msg);
4124 }
4125 /*
4126 * We couldn't allocate memory for the
4127 * message, so requeue it for handling
4128 * later.
4129 */
4130 rv = 1;
4131 goto out;
4132 }
4133
4134 deliver_count++;
4135
4136 copy_event_into_recv_msg(recv_msg, msg);
4137 recv_msg->user = user;
4138 kref_get(&user->refcount);
4139 list_add_tail(&(recv_msg->link), &msgs);
4140 }
4141 rcu_read_unlock();
4142
4143 if (deliver_count) {
4144 /* Now deliver all the messages. */
4145 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) {
4146 list_del(&recv_msg->link);
4147 deliver_response(recv_msg);
4148 }
4149 } else if (intf->waiting_events_count < MAX_EVENTS_IN_QUEUE) {
4150 /*
4151 * No one to receive the message, put it in queue if there's
4152 * not already too many things in the queue.
4153 */
4154 recv_msg = ipmi_alloc_recv_msg();
4155 if (!recv_msg) {
4156 /*
4157 * We couldn't allocate memory for the
4158 * message, so requeue it for handling
4159 * later.
4160 */
4161 rv = 1;
4162 goto out;
4163 }
4164
4165 copy_event_into_recv_msg(recv_msg, msg);
4166 list_add_tail(&(recv_msg->link), &(intf->waiting_events));
4167 intf->waiting_events_count++;
4168 } else if (!intf->event_msg_printed) {
4169 /*
4170 * There's too many things in the queue, discard this
4171 * message.
4172 */
4173 dev_warn(intf->si_dev,
4174 PFX "Event queue full, discarding incoming events\n");
4175 intf->event_msg_printed = 1;
4176 }
4177
4178 out:
4179 spin_unlock_irqrestore(&(intf->events_lock), flags);
4180
4181 return rv;
4182 }
4183
4184 static int handle_bmc_rsp(ipmi_smi_t intf,
4185 struct ipmi_smi_msg *msg)
4186 {
4187 struct ipmi_recv_msg *recv_msg;
4188 struct ipmi_user *user;
4189
4190 recv_msg = (struct ipmi_recv_msg *) msg->user_data;
4191 if (recv_msg == NULL) {
4192 dev_warn(intf->si_dev,
4193 "IPMI message received with no owner. This could be because of a malformed message, or because of a hardware error. Contact your hardware vender for assistance\n");
4194 return 0;
4195 }
4196
4197 user = recv_msg->user;
4198 /* Make sure the user still exists. */
4199 if (user && !user->valid) {
4200 /* The user for the message went away, so give up. */
4201 ipmi_inc_stat(intf, unhandled_local_responses);
4202 ipmi_free_recv_msg(recv_msg);
4203 } else {
4204 struct ipmi_system_interface_addr *smi_addr;
4205
4206 ipmi_inc_stat(intf, handled_local_responses);
4207 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
4208 recv_msg->msgid = msg->msgid;
4209 smi_addr = ((struct ipmi_system_interface_addr *)
4210 &(recv_msg->addr));
4211 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
4212 smi_addr->channel = IPMI_BMC_CHANNEL;
4213 smi_addr->lun = msg->rsp[0] & 3;
4214 recv_msg->msg.netfn = msg->rsp[0] >> 2;
4215 recv_msg->msg.cmd = msg->rsp[1];
4216 memcpy(recv_msg->msg_data,
4217 &(msg->rsp[2]),
4218 msg->rsp_size - 2);
4219 recv_msg->msg.data = recv_msg->msg_data;
4220 recv_msg->msg.data_len = msg->rsp_size - 2;
4221 deliver_response(recv_msg);
4222 }
4223
4224 return 0;
4225 }
4226
4227 /*
4228 * Handle a received message. Return 1 if the message should be requeued,
4229 * 0 if the message should be freed, or -1 if the message should not
4230 * be freed or requeued.
4231 */
4232 static int handle_one_recv_msg(ipmi_smi_t intf,
4233 struct ipmi_smi_msg *msg)
4234 {
4235 int requeue;
4236 int chan;
4237
4238 #ifdef DEBUG_MSGING
4239 int m;
4240 printk("Recv:");
4241 for (m = 0; m < msg->rsp_size; m++)
4242 printk(" %2.2x", msg->rsp[m]);
4243 printk("\n");
4244 #endif
4245 if (msg->rsp_size < 2) {
4246 /* Message is too small to be correct. */
4247 dev_warn(intf->si_dev,
4248 PFX "BMC returned to small a message for netfn %x cmd %x, got %d bytes\n",
4249 (msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size);
4250
4251 /* Generate an error response for the message. */
4252 msg->rsp[0] = msg->data[0] | (1 << 2);
4253 msg->rsp[1] = msg->data[1];
4254 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
4255 msg->rsp_size = 3;
4256 } else if (((msg->rsp[0] >> 2) != ((msg->data[0] >> 2) | 1))
4257 || (msg->rsp[1] != msg->data[1])) {
4258 /*
4259 * The NetFN and Command in the response is not even
4260 * marginally correct.
4261 */
4262 dev_warn(intf->si_dev,
4263 PFX "BMC returned incorrect response, expected netfn %x cmd %x, got netfn %x cmd %x\n",
4264 (msg->data[0] >> 2) | 1, msg->data[1],
4265 msg->rsp[0] >> 2, msg->rsp[1]);
4266
4267 /* Generate an error response for the message. */
4268 msg->rsp[0] = msg->data[0] | (1 << 2);
4269 msg->rsp[1] = msg->data[1];
4270 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
4271 msg->rsp_size = 3;
4272 }
4273
4274 if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
4275 && (msg->rsp[1] == IPMI_SEND_MSG_CMD)
4276 && (msg->user_data != NULL)) {
4277 /*
4278 * It's a response to a response we sent. For this we
4279 * deliver a send message response to the user.
4280 */
4281 struct ipmi_recv_msg *recv_msg = msg->user_data;
4282
4283 requeue = 0;
4284 if (msg->rsp_size < 2)
4285 /* Message is too small to be correct. */
4286 goto out;
4287
4288 chan = msg->data[2] & 0x0f;
4289 if (chan >= IPMI_MAX_CHANNELS)
4290 /* Invalid channel number */
4291 goto out;
4292
4293 if (!recv_msg)
4294 goto out;
4295
4296 /* Make sure the user still exists. */
4297 if (!recv_msg->user || !recv_msg->user->valid)
4298 goto out;
4299
4300 recv_msg->recv_type = IPMI_RESPONSE_RESPONSE_TYPE;
4301 recv_msg->msg.data = recv_msg->msg_data;
4302 recv_msg->msg.data_len = 1;
4303 recv_msg->msg_data[0] = msg->rsp[2];
4304 deliver_response(recv_msg);
4305 } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
4306 && (msg->rsp[1] == IPMI_GET_MSG_CMD)) {
4307 struct ipmi_channel *chans;
4308
4309 /* It's from the receive queue. */
4310 chan = msg->rsp[3] & 0xf;
4311 if (chan >= IPMI_MAX_CHANNELS) {
4312 /* Invalid channel number */
4313 requeue = 0;
4314 goto out;
4315 }
4316
4317 /*
4318 * We need to make sure the channels have been initialized.
4319 * The channel_handler routine will set the "curr_channel"
4320 * equal to or greater than IPMI_MAX_CHANNELS when all the
4321 * channels for this interface have been initialized.
4322 */
4323 if (!intf->channels_ready) {
4324 requeue = 0; /* Throw the message away */
4325 goto out;
4326 }
4327
4328 chans = READ_ONCE(intf->channel_list)->c;
4329
4330 switch (chans[chan].medium) {
4331 case IPMI_CHANNEL_MEDIUM_IPMB:
4332 if (msg->rsp[4] & 0x04) {
4333 /*
4334 * It's a response, so find the
4335 * requesting message and send it up.
4336 */
4337 requeue = handle_ipmb_get_msg_rsp(intf, msg);
4338 } else {
4339 /*
4340 * It's a command to the SMS from some other
4341 * entity. Handle that.
4342 */
4343 requeue = handle_ipmb_get_msg_cmd(intf, msg);
4344 }
4345 break;
4346
4347 case IPMI_CHANNEL_MEDIUM_8023LAN:
4348 case IPMI_CHANNEL_MEDIUM_ASYNC:
4349 if (msg->rsp[6] & 0x04) {
4350 /*
4351 * It's a response, so find the
4352 * requesting message and send it up.
4353 */
4354 requeue = handle_lan_get_msg_rsp(intf, msg);
4355 } else {
4356 /*
4357 * It's a command to the SMS from some other
4358 * entity. Handle that.
4359 */
4360 requeue = handle_lan_get_msg_cmd(intf, msg);
4361 }
4362 break;
4363
4364 default:
4365 /* Check for OEM Channels. Clients had better
4366 register for these commands. */
4367 if ((chans[chan].medium >= IPMI_CHANNEL_MEDIUM_OEM_MIN)
4368 && (chans[chan].medium
4369 <= IPMI_CHANNEL_MEDIUM_OEM_MAX)) {
4370 requeue = handle_oem_get_msg_cmd(intf, msg);
4371 } else {
4372 /*
4373 * We don't handle the channel type, so just
4374 * free the message.
4375 */
4376 requeue = 0;
4377 }
4378 }
4379
4380 } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
4381 && (msg->rsp[1] == IPMI_READ_EVENT_MSG_BUFFER_CMD)) {
4382 /* It's an asynchronous event. */
4383 requeue = handle_read_event_rsp(intf, msg);
4384 } else {
4385 /* It's a response from the local BMC. */
4386 requeue = handle_bmc_rsp(intf, msg);
4387 }
4388
4389 out:
4390 return requeue;
4391 }
4392
4393 /*
4394 * If there are messages in the queue or pretimeouts, handle them.
4395 */
4396 static void handle_new_recv_msgs(ipmi_smi_t intf)
4397 {
4398 struct ipmi_smi_msg *smi_msg;
4399 unsigned long flags = 0;
4400 int rv;
4401 int run_to_completion = intf->run_to_completion;
4402
4403 /* See if any waiting messages need to be processed. */
4404 if (!run_to_completion)
4405 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags);
4406 while (!list_empty(&intf->waiting_rcv_msgs)) {
4407 smi_msg = list_entry(intf->waiting_rcv_msgs.next,
4408 struct ipmi_smi_msg, link);
4409 list_del(&smi_msg->link);
4410 if (!run_to_completion)
4411 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock,
4412 flags);
4413 rv = handle_one_recv_msg(intf, smi_msg);
4414 if (!run_to_completion)
4415 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags);
4416 if (rv > 0) {
4417 /*
4418 * To preserve message order, quit if we
4419 * can't handle a message. Add the message
4420 * back at the head, this is safe because this
4421 * tasklet is the only thing that pulls the
4422 * messages.
4423 */
4424 list_add(&smi_msg->link, &intf->waiting_rcv_msgs);
4425 break;
4426 } else {
4427 if (rv == 0)
4428 /* Message handled */
4429 ipmi_free_smi_msg(smi_msg);
4430 /* If rv < 0, fatal error, del but don't free. */
4431 }
4432 }
4433 if (!run_to_completion)
4434 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock, flags);
4435
4436 /*
4437 * If the pretimout count is non-zero, decrement one from it and
4438 * deliver pretimeouts to all the users.
4439 */
4440 if (atomic_add_unless(&intf->watchdog_pretimeouts_to_deliver, -1, 0)) {
4441 ipmi_user_t user;
4442
4443 rcu_read_lock();
4444 list_for_each_entry_rcu(user, &intf->users, link) {
4445 if (user->handler->ipmi_watchdog_pretimeout)
4446 user->handler->ipmi_watchdog_pretimeout(
4447 user->handler_data);
4448 }
4449 rcu_read_unlock();
4450 }
4451 }
4452
4453 static void smi_recv_tasklet(unsigned long val)
4454 {
4455 unsigned long flags = 0; /* keep us warning-free. */
4456 ipmi_smi_t intf = (ipmi_smi_t) val;
4457 int run_to_completion = intf->run_to_completion;
4458 struct ipmi_smi_msg *newmsg = NULL;
4459
4460 /*
4461 * Start the next message if available.
4462 *
4463 * Do this here, not in the actual receiver, because we may deadlock
4464 * because the lower layer is allowed to hold locks while calling
4465 * message delivery.
4466 */
4467
4468 rcu_read_lock();
4469
4470 if (!run_to_completion)
4471 spin_lock_irqsave(&intf->xmit_msgs_lock, flags);
4472 if (intf->curr_msg == NULL && !intf->in_shutdown) {
4473 struct list_head *entry = NULL;
4474
4475 /* Pick the high priority queue first. */
4476 if (!list_empty(&intf->hp_xmit_msgs))
4477 entry = intf->hp_xmit_msgs.next;
4478 else if (!list_empty(&intf->xmit_msgs))
4479 entry = intf->xmit_msgs.next;
4480
4481 if (entry) {
4482 list_del(entry);
4483 newmsg = list_entry(entry, struct ipmi_smi_msg, link);
4484 intf->curr_msg = newmsg;
4485 }
4486 }
4487 if (!run_to_completion)
4488 spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags);
4489 if (newmsg)
4490 intf->handlers->sender(intf->send_info, newmsg);
4491
4492 rcu_read_unlock();
4493
4494 handle_new_recv_msgs(intf);
4495 }
4496
4497 /* Handle a new message from the lower layer. */
4498 void ipmi_smi_msg_received(ipmi_smi_t intf,
4499 struct ipmi_smi_msg *msg)
4500 {
4501 unsigned long flags = 0; /* keep us warning-free. */
4502 int run_to_completion = intf->run_to_completion;
4503
4504 if ((msg->data_size >= 2)
4505 && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2))
4506 && (msg->data[1] == IPMI_SEND_MSG_CMD)
4507 && (msg->user_data == NULL)) {
4508
4509 if (intf->in_shutdown)
4510 goto free_msg;
4511
4512 /*
4513 * This is the local response to a command send, start
4514 * the timer for these. The user_data will not be
4515 * NULL if this is a response send, and we will let
4516 * response sends just go through.
4517 */
4518
4519 /*
4520 * Check for errors, if we get certain errors (ones
4521 * that mean basically we can try again later), we
4522 * ignore them and start the timer. Otherwise we
4523 * report the error immediately.
4524 */
4525 if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0)
4526 && (msg->rsp[2] != IPMI_NODE_BUSY_ERR)
4527 && (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR)
4528 && (msg->rsp[2] != IPMI_BUS_ERR)
4529 && (msg->rsp[2] != IPMI_NAK_ON_WRITE_ERR)) {
4530 int ch = msg->rsp[3] & 0xf;
4531 struct ipmi_channel *chans;
4532
4533 /* Got an error sending the message, handle it. */
4534
4535 chans = READ_ONCE(intf->channel_list)->c;
4536 if ((chans[ch].medium == IPMI_CHANNEL_MEDIUM_8023LAN)
4537 || (chans[ch].medium == IPMI_CHANNEL_MEDIUM_ASYNC))
4538 ipmi_inc_stat(intf, sent_lan_command_errs);
4539 else
4540 ipmi_inc_stat(intf, sent_ipmb_command_errs);
4541 intf_err_seq(intf, msg->msgid, msg->rsp[2]);
4542 } else
4543 /* The message was sent, start the timer. */
4544 intf_start_seq_timer(intf, msg->msgid);
4545
4546 free_msg:
4547 ipmi_free_smi_msg(msg);
4548 } else {
4549 /*
4550 * To preserve message order, we keep a queue and deliver from
4551 * a tasklet.
4552 */
4553 if (!run_to_completion)
4554 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags);
4555 list_add_tail(&msg->link, &intf->waiting_rcv_msgs);
4556 if (!run_to_completion)
4557 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock,
4558 flags);
4559 }
4560
4561 if (!run_to_completion)
4562 spin_lock_irqsave(&intf->xmit_msgs_lock, flags);
4563 /*
4564 * We can get an asynchronous event or receive message in addition
4565 * to commands we send.
4566 */
4567 if (msg == intf->curr_msg)
4568 intf->curr_msg = NULL;
4569 if (!run_to_completion)
4570 spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags);
4571
4572 if (run_to_completion)
4573 smi_recv_tasklet((unsigned long) intf);
4574 else
4575 tasklet_schedule(&intf->recv_tasklet);
4576 }
4577 EXPORT_SYMBOL(ipmi_smi_msg_received);
4578
4579 void ipmi_smi_watchdog_pretimeout(ipmi_smi_t intf)
4580 {
4581 if (intf->in_shutdown)
4582 return;
4583
4584 atomic_set(&intf->watchdog_pretimeouts_to_deliver, 1);
4585 tasklet_schedule(&intf->recv_tasklet);
4586 }
4587 EXPORT_SYMBOL(ipmi_smi_watchdog_pretimeout);
4588
4589 static struct ipmi_smi_msg *
4590 smi_from_recv_msg(ipmi_smi_t intf, struct ipmi_recv_msg *recv_msg,
4591 unsigned char seq, long seqid)
4592 {
4593 struct ipmi_smi_msg *smi_msg = ipmi_alloc_smi_msg();
4594 if (!smi_msg)
4595 /*
4596 * If we can't allocate the message, then just return, we
4597 * get 4 retries, so this should be ok.
4598 */
4599 return NULL;
4600
4601 memcpy(smi_msg->data, recv_msg->msg.data, recv_msg->msg.data_len);
4602 smi_msg->data_size = recv_msg->msg.data_len;
4603 smi_msg->msgid = STORE_SEQ_IN_MSGID(seq, seqid);
4604
4605 #ifdef DEBUG_MSGING
4606 {
4607 int m;
4608 printk("Resend: ");
4609 for (m = 0; m < smi_msg->data_size; m++)
4610 printk(" %2.2x", smi_msg->data[m]);
4611 printk("\n");
4612 }
4613 #endif
4614 return smi_msg;
4615 }
4616
4617 static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent,
4618 struct list_head *timeouts,
4619 unsigned long timeout_period,
4620 int slot, unsigned long *flags,
4621 unsigned int *waiting_msgs)
4622 {
4623 struct ipmi_recv_msg *msg;
4624 const struct ipmi_smi_handlers *handlers;
4625
4626 if (intf->in_shutdown)
4627 return;
4628
4629 if (!ent->inuse)
4630 return;
4631
4632 if (timeout_period < ent->timeout) {
4633 ent->timeout -= timeout_period;
4634 (*waiting_msgs)++;
4635 return;
4636 }
4637
4638 if (ent->retries_left == 0) {
4639 /* The message has used all its retries. */
4640 ent->inuse = 0;
4641 msg = ent->recv_msg;
4642 list_add_tail(&msg->link, timeouts);
4643 if (ent->broadcast)
4644 ipmi_inc_stat(intf, timed_out_ipmb_broadcasts);
4645 else if (is_lan_addr(&ent->recv_msg->addr))
4646 ipmi_inc_stat(intf, timed_out_lan_commands);
4647 else
4648 ipmi_inc_stat(intf, timed_out_ipmb_commands);
4649 } else {
4650 struct ipmi_smi_msg *smi_msg;
4651 /* More retries, send again. */
4652
4653 (*waiting_msgs)++;
4654
4655 /*
4656 * Start with the max timer, set to normal timer after
4657 * the message is sent.
4658 */
4659 ent->timeout = MAX_MSG_TIMEOUT;
4660 ent->retries_left--;
4661 smi_msg = smi_from_recv_msg(intf, ent->recv_msg, slot,
4662 ent->seqid);
4663 if (!smi_msg) {
4664 if (is_lan_addr(&ent->recv_msg->addr))
4665 ipmi_inc_stat(intf,
4666 dropped_rexmit_lan_commands);
4667 else
4668 ipmi_inc_stat(intf,
4669 dropped_rexmit_ipmb_commands);
4670 return;
4671 }
4672
4673 spin_unlock_irqrestore(&intf->seq_lock, *flags);
4674
4675 /*
4676 * Send the new message. We send with a zero
4677 * priority. It timed out, I doubt time is that
4678 * critical now, and high priority messages are really
4679 * only for messages to the local MC, which don't get
4680 * resent.
4681 */
4682 handlers = intf->handlers;
4683 if (handlers) {
4684 if (is_lan_addr(&ent->recv_msg->addr))
4685 ipmi_inc_stat(intf,
4686 retransmitted_lan_commands);
4687 else
4688 ipmi_inc_stat(intf,
4689 retransmitted_ipmb_commands);
4690
4691 smi_send(intf, handlers, smi_msg, 0);
4692 } else
4693 ipmi_free_smi_msg(smi_msg);
4694
4695 spin_lock_irqsave(&intf->seq_lock, *flags);
4696 }
4697 }
4698
4699 static unsigned int ipmi_timeout_handler(ipmi_smi_t intf,
4700 unsigned long timeout_period)
4701 {
4702 struct list_head timeouts;
4703 struct ipmi_recv_msg *msg, *msg2;
4704 unsigned long flags;
4705 int i;
4706 unsigned int waiting_msgs = 0;
4707
4708 if (!intf->bmc_registered) {
4709 kref_get(&intf->refcount);
4710 if (!schedule_work(&intf->bmc_reg_work)) {
4711 kref_put(&intf->refcount, intf_free);
4712 waiting_msgs++;
4713 }
4714 }
4715
4716 /*
4717 * Go through the seq table and find any messages that
4718 * have timed out, putting them in the timeouts
4719 * list.
4720 */
4721 INIT_LIST_HEAD(&timeouts);
4722 spin_lock_irqsave(&intf->seq_lock, flags);
4723 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++)
4724 check_msg_timeout(intf, &(intf->seq_table[i]),
4725 &timeouts, timeout_period, i,
4726 &flags, &waiting_msgs);
4727 spin_unlock_irqrestore(&intf->seq_lock, flags);
4728
4729 list_for_each_entry_safe(msg, msg2, &timeouts, link)
4730 deliver_err_response(msg, IPMI_TIMEOUT_COMPLETION_CODE);
4731
4732 /*
4733 * Maintenance mode handling. Check the timeout
4734 * optimistically before we claim the lock. It may
4735 * mean a timeout gets missed occasionally, but that
4736 * only means the timeout gets extended by one period
4737 * in that case. No big deal, and it avoids the lock
4738 * most of the time.
4739 */
4740 if (intf->auto_maintenance_timeout > 0) {
4741 spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
4742 if (intf->auto_maintenance_timeout > 0) {
4743 intf->auto_maintenance_timeout
4744 -= timeout_period;
4745 if (!intf->maintenance_mode
4746 && (intf->auto_maintenance_timeout <= 0)) {
4747 intf->maintenance_mode_enable = false;
4748 maintenance_mode_update(intf);
4749 }
4750 }
4751 spin_unlock_irqrestore(&intf->maintenance_mode_lock,
4752 flags);
4753 }
4754
4755 tasklet_schedule(&intf->recv_tasklet);
4756
4757 return waiting_msgs;
4758 }
4759
4760 static void ipmi_request_event(ipmi_smi_t intf)
4761 {
4762 /* No event requests when in maintenance mode. */
4763 if (intf->maintenance_mode_enable)
4764 return;
4765
4766 if (!intf->in_shutdown)
4767 intf->handlers->request_events(intf->send_info);
4768 }
4769
4770 static struct timer_list ipmi_timer;
4771
4772 static atomic_t stop_operation;
4773
4774 static void ipmi_timeout(struct timer_list *unused)
4775 {
4776 ipmi_smi_t intf;
4777 int nt = 0;
4778
4779 if (atomic_read(&stop_operation))
4780 return;
4781
4782 rcu_read_lock();
4783 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
4784 int lnt = 0;
4785
4786 if (atomic_read(&intf->event_waiters)) {
4787 intf->ticks_to_req_ev--;
4788 if (intf->ticks_to_req_ev == 0) {
4789 ipmi_request_event(intf);
4790 intf->ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
4791 }
4792 lnt++;
4793 }
4794
4795 lnt += ipmi_timeout_handler(intf, IPMI_TIMEOUT_TIME);
4796
4797 lnt = !!lnt;
4798 if (lnt != intf->last_needs_timer &&
4799 intf->handlers->set_need_watch)
4800 intf->handlers->set_need_watch(intf->send_info, lnt);
4801 intf->last_needs_timer = lnt;
4802
4803 nt += lnt;
4804 }
4805 rcu_read_unlock();
4806
4807 if (nt)
4808 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
4809 }
4810
4811 static void need_waiter(ipmi_smi_t intf)
4812 {
4813 /* Racy, but worst case we start the timer twice. */
4814 if (!timer_pending(&ipmi_timer))
4815 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
4816 }
4817
4818 static atomic_t smi_msg_inuse_count = ATOMIC_INIT(0);
4819 static atomic_t recv_msg_inuse_count = ATOMIC_INIT(0);
4820
4821 static void free_smi_msg(struct ipmi_smi_msg *msg)
4822 {
4823 atomic_dec(&smi_msg_inuse_count);
4824 kfree(msg);
4825 }
4826
4827 struct ipmi_smi_msg *ipmi_alloc_smi_msg(void)
4828 {
4829 struct ipmi_smi_msg *rv;
4830 rv = kmalloc(sizeof(struct ipmi_smi_msg), GFP_ATOMIC);
4831 if (rv) {
4832 rv->done = free_smi_msg;
4833 rv->user_data = NULL;
4834 atomic_inc(&smi_msg_inuse_count);
4835 }
4836 return rv;
4837 }
4838 EXPORT_SYMBOL(ipmi_alloc_smi_msg);
4839
4840 static void free_recv_msg(struct ipmi_recv_msg *msg)
4841 {
4842 atomic_dec(&recv_msg_inuse_count);
4843 kfree(msg);
4844 }
4845
4846 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void)
4847 {
4848 struct ipmi_recv_msg *rv;
4849
4850 rv = kmalloc(sizeof(struct ipmi_recv_msg), GFP_ATOMIC);
4851 if (rv) {
4852 rv->user = NULL;
4853 rv->done = free_recv_msg;
4854 atomic_inc(&recv_msg_inuse_count);
4855 }
4856 return rv;
4857 }
4858
4859 void ipmi_free_recv_msg(struct ipmi_recv_msg *msg)
4860 {
4861 if (msg->user)
4862 kref_put(&msg->user->refcount, free_user);
4863 msg->done(msg);
4864 }
4865 EXPORT_SYMBOL(ipmi_free_recv_msg);
4866
4867 static atomic_t panic_done_count = ATOMIC_INIT(0);
4868
4869 static void dummy_smi_done_handler(struct ipmi_smi_msg *msg)
4870 {
4871 atomic_dec(&panic_done_count);
4872 }
4873
4874 static void dummy_recv_done_handler(struct ipmi_recv_msg *msg)
4875 {
4876 atomic_dec(&panic_done_count);
4877 }
4878
4879 /*
4880 * Inside a panic, send a message and wait for a response.
4881 */
4882 static void ipmi_panic_request_and_wait(ipmi_smi_t intf,
4883 struct ipmi_addr *addr,
4884 struct kernel_ipmi_msg *msg)
4885 {
4886 struct ipmi_smi_msg smi_msg;
4887 struct ipmi_recv_msg recv_msg;
4888 int rv;
4889
4890 smi_msg.done = dummy_smi_done_handler;
4891 recv_msg.done = dummy_recv_done_handler;
4892 atomic_add(2, &panic_done_count);
4893 rv = i_ipmi_request(NULL,
4894 intf,
4895 addr,
4896 0,
4897 msg,
4898 intf,
4899 &smi_msg,
4900 &recv_msg,
4901 0,
4902 intf->addrinfo[0].address,
4903 intf->addrinfo[0].lun,
4904 0, 1); /* Don't retry, and don't wait. */
4905 if (rv)
4906 atomic_sub(2, &panic_done_count);
4907 else if (intf->handlers->flush_messages)
4908 intf->handlers->flush_messages(intf->send_info);
4909
4910 while (atomic_read(&panic_done_count) != 0)
4911 ipmi_poll(intf);
4912 }
4913
4914 static void event_receiver_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
4915 {
4916 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
4917 && (msg->msg.netfn == IPMI_NETFN_SENSOR_EVENT_RESPONSE)
4918 && (msg->msg.cmd == IPMI_GET_EVENT_RECEIVER_CMD)
4919 && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) {
4920 /* A get event receiver command, save it. */
4921 intf->event_receiver = msg->msg.data[1];
4922 intf->event_receiver_lun = msg->msg.data[2] & 0x3;
4923 }
4924 }
4925
4926 static void device_id_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
4927 {
4928 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
4929 && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
4930 && (msg->msg.cmd == IPMI_GET_DEVICE_ID_CMD)
4931 && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) {
4932 /*
4933 * A get device id command, save if we are an event
4934 * receiver or generator.
4935 */
4936 intf->local_sel_device = (msg->msg.data[6] >> 2) & 1;
4937 intf->local_event_generator = (msg->msg.data[6] >> 5) & 1;
4938 }
4939 }
4940
4941 static void send_panic_events(char *str)
4942 {
4943 struct kernel_ipmi_msg msg;
4944 ipmi_smi_t intf;
4945 unsigned char data[16];
4946 struct ipmi_system_interface_addr *si;
4947 struct ipmi_addr addr;
4948
4949 if (ipmi_send_panic_event == IPMI_SEND_PANIC_EVENT_NONE)
4950 return;
4951
4952 si = (struct ipmi_system_interface_addr *) &addr;
4953 si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
4954 si->channel = IPMI_BMC_CHANNEL;
4955 si->lun = 0;
4956
4957 /* Fill in an event telling that we have failed. */
4958 msg.netfn = 0x04; /* Sensor or Event. */
4959 msg.cmd = 2; /* Platform event command. */
4960 msg.data = data;
4961 msg.data_len = 8;
4962 data[0] = 0x41; /* Kernel generator ID, IPMI table 5-4 */
4963 data[1] = 0x03; /* This is for IPMI 1.0. */
4964 data[2] = 0x20; /* OS Critical Stop, IPMI table 36-3 */
4965 data[4] = 0x6f; /* Sensor specific, IPMI table 36-1 */
4966 data[5] = 0xa1; /* Runtime stop OEM bytes 2 & 3. */
4967
4968 /*
4969 * Put a few breadcrumbs in. Hopefully later we can add more things
4970 * to make the panic events more useful.
4971 */
4972 if (str) {
4973 data[3] = str[0];
4974 data[6] = str[1];
4975 data[7] = str[2];
4976 }
4977
4978 /* For every registered interface, send the event. */
4979 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
4980 if (!intf->handlers || !intf->handlers->poll)
4981 /* Interface is not ready or can't run at panic time. */
4982 continue;
4983
4984 /* Send the event announcing the panic. */
4985 ipmi_panic_request_and_wait(intf, &addr, &msg);
4986 }
4987
4988 /*
4989 * On every interface, dump a bunch of OEM event holding the
4990 * string.
4991 */
4992 if (ipmi_send_panic_event != IPMI_SEND_PANIC_EVENT_STRING || !str)
4993 return;
4994
4995 /* For every registered interface, send the event. */
4996 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
4997 char *p = str;
4998 struct ipmi_ipmb_addr *ipmb;
4999 int j;
5000
5001 if (intf->intf_num == -1)
5002 /* Interface was not ready yet. */
5003 continue;
5004
5005 /*
5006 * intf_num is used as an marker to tell if the
5007 * interface is valid. Thus we need a read barrier to
5008 * make sure data fetched before checking intf_num
5009 * won't be used.
5010 */
5011 smp_rmb();
5012
5013 /*
5014 * First job here is to figure out where to send the
5015 * OEM events. There's no way in IPMI to send OEM
5016 * events using an event send command, so we have to
5017 * find the SEL to put them in and stick them in
5018 * there.
5019 */
5020
5021 /* Get capabilities from the get device id. */
5022 intf->local_sel_device = 0;
5023 intf->local_event_generator = 0;
5024 intf->event_receiver = 0;
5025
5026 /* Request the device info from the local MC. */
5027 msg.netfn = IPMI_NETFN_APP_REQUEST;
5028 msg.cmd = IPMI_GET_DEVICE_ID_CMD;
5029 msg.data = NULL;
5030 msg.data_len = 0;
5031 intf->null_user_handler = device_id_fetcher;
5032 ipmi_panic_request_and_wait(intf, &addr, &msg);
5033
5034 if (intf->local_event_generator) {
5035 /* Request the event receiver from the local MC. */
5036 msg.netfn = IPMI_NETFN_SENSOR_EVENT_REQUEST;
5037 msg.cmd = IPMI_GET_EVENT_RECEIVER_CMD;
5038 msg.data = NULL;
5039 msg.data_len = 0;
5040 intf->null_user_handler = event_receiver_fetcher;
5041 ipmi_panic_request_and_wait(intf, &addr, &msg);
5042 }
5043 intf->null_user_handler = NULL;
5044
5045 /*
5046 * Validate the event receiver. The low bit must not
5047 * be 1 (it must be a valid IPMB address), it cannot
5048 * be zero, and it must not be my address.
5049 */
5050 if (((intf->event_receiver & 1) == 0)
5051 && (intf->event_receiver != 0)
5052 && (intf->event_receiver != intf->addrinfo[0].address)) {
5053 /*
5054 * The event receiver is valid, send an IPMB
5055 * message.
5056 */
5057 ipmb = (struct ipmi_ipmb_addr *) &addr;
5058 ipmb->addr_type = IPMI_IPMB_ADDR_TYPE;
5059 ipmb->channel = 0; /* FIXME - is this right? */
5060 ipmb->lun = intf->event_receiver_lun;
5061 ipmb->slave_addr = intf->event_receiver;
5062 } else if (intf->local_sel_device) {
5063 /*
5064 * The event receiver was not valid (or was
5065 * me), but I am an SEL device, just dump it
5066 * in my SEL.
5067 */
5068 si = (struct ipmi_system_interface_addr *) &addr;
5069 si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
5070 si->channel = IPMI_BMC_CHANNEL;
5071 si->lun = 0;
5072 } else
5073 continue; /* No where to send the event. */
5074
5075 msg.netfn = IPMI_NETFN_STORAGE_REQUEST; /* Storage. */
5076 msg.cmd = IPMI_ADD_SEL_ENTRY_CMD;
5077 msg.data = data;
5078 msg.data_len = 16;
5079
5080 j = 0;
5081 while (*p) {
5082 int size = strlen(p);
5083
5084 if (size > 11)
5085 size = 11;
5086 data[0] = 0;
5087 data[1] = 0;
5088 data[2] = 0xf0; /* OEM event without timestamp. */
5089 data[3] = intf->addrinfo[0].address;
5090 data[4] = j++; /* sequence # */
5091 /*
5092 * Always give 11 bytes, so strncpy will fill
5093 * it with zeroes for me.
5094 */
5095 strncpy(data+5, p, 11);
5096 p += size;
5097
5098 ipmi_panic_request_and_wait(intf, &addr, &msg);
5099 }
5100 }
5101 }
5102
5103 static int has_panicked;
5104
5105 static int panic_event(struct notifier_block *this,
5106 unsigned long event,
5107 void *ptr)
5108 {
5109 ipmi_smi_t intf;
5110
5111 if (has_panicked)
5112 return NOTIFY_DONE;
5113 has_panicked = 1;
5114
5115 /* For every registered interface, set it to run to completion. */
5116 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
5117 if (!intf->handlers)
5118 /* Interface is not ready. */
5119 continue;
5120
5121 /*
5122 * If we were interrupted while locking xmit_msgs_lock or
5123 * waiting_rcv_msgs_lock, the corresponding list may be
5124 * corrupted. In this case, drop items on the list for
5125 * the safety.
5126 */
5127 if (!spin_trylock(&intf->xmit_msgs_lock)) {
5128 INIT_LIST_HEAD(&intf->xmit_msgs);
5129 INIT_LIST_HEAD(&intf->hp_xmit_msgs);
5130 } else
5131 spin_unlock(&intf->xmit_msgs_lock);
5132
5133 if (!spin_trylock(&intf->waiting_rcv_msgs_lock))
5134 INIT_LIST_HEAD(&intf->waiting_rcv_msgs);
5135 else
5136 spin_unlock(&intf->waiting_rcv_msgs_lock);
5137
5138 intf->run_to_completion = 1;
5139 if (intf->handlers->set_run_to_completion)
5140 intf->handlers->set_run_to_completion(intf->send_info,
5141 1);
5142 }
5143
5144 send_panic_events(ptr);
5145
5146 return NOTIFY_DONE;
5147 }
5148
5149 static struct notifier_block panic_block = {
5150 .notifier_call = panic_event,
5151 .next = NULL,
5152 .priority = 200 /* priority: INT_MAX >= x >= 0 */
5153 };
5154
5155 static int ipmi_init_msghandler(void)
5156 {
5157 int rv;
5158
5159 if (initialized)
5160 return 0;
5161
5162 rv = driver_register(&ipmidriver.driver);
5163 if (rv) {
5164 pr_err(PFX "Could not register IPMI driver\n");
5165 return rv;
5166 }
5167
5168 pr_info("ipmi message handler version " IPMI_DRIVER_VERSION "\n");
5169
5170 #ifdef CONFIG_IPMI_PROC_INTERFACE
5171 proc_ipmi_root = proc_mkdir("ipmi", NULL);
5172 if (!proc_ipmi_root) {
5173 pr_err(PFX "Unable to create IPMI proc dir");
5174 driver_unregister(&ipmidriver.driver);
5175 return -ENOMEM;
5176 }
5177
5178 #endif /* CONFIG_IPMI_PROC_INTERFACE */
5179
5180 timer_setup(&ipmi_timer, ipmi_timeout, 0);
5181 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
5182
5183 atomic_notifier_chain_register(&panic_notifier_list, &panic_block);
5184
5185 initialized = 1;
5186
5187 return 0;
5188 }
5189
5190 static int __init ipmi_init_msghandler_mod(void)
5191 {
5192 ipmi_init_msghandler();
5193 return 0;
5194 }
5195
5196 static void __exit cleanup_ipmi(void)
5197 {
5198 int count;
5199
5200 if (!initialized)
5201 return;
5202
5203 atomic_notifier_chain_unregister(&panic_notifier_list, &panic_block);
5204
5205 /*
5206 * This can't be called if any interfaces exist, so no worry
5207 * about shutting down the interfaces.
5208 */
5209
5210 /*
5211 * Tell the timer to stop, then wait for it to stop. This
5212 * avoids problems with race conditions removing the timer
5213 * here.
5214 */
5215 atomic_inc(&stop_operation);
5216 del_timer_sync(&ipmi_timer);
5217
5218 #ifdef CONFIG_IPMI_PROC_INTERFACE
5219 proc_remove(proc_ipmi_root);
5220 #endif /* CONFIG_IPMI_PROC_INTERFACE */
5221
5222 driver_unregister(&ipmidriver.driver);
5223
5224 initialized = 0;
5225
5226 /* Check for buffer leaks. */
5227 count = atomic_read(&smi_msg_inuse_count);
5228 if (count != 0)
5229 pr_warn(PFX "SMI message count %d at exit\n", count);
5230 count = atomic_read(&recv_msg_inuse_count);
5231 if (count != 0)
5232 pr_warn(PFX "recv message count %d at exit\n", count);
5233 }
5234 module_exit(cleanup_ipmi);
5235
5236 module_init(ipmi_init_msghandler_mod);
5237 MODULE_LICENSE("GPL");
5238 MODULE_AUTHOR("Corey Minyard <minyard@mvista.com>");
5239 MODULE_DESCRIPTION("Incoming and outgoing message routing for an IPMI"
5240 " interface.");
5241 MODULE_VERSION(IPMI_DRIVER_VERSION);
5242 MODULE_SOFTDEP("post: ipmi_devintf");
ubuntu-bionic-kernel mirror