1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (c) 2015-2018, Intel Corporation.
4  */
5 
6 #define pr_fmt(fmt) "kcs-bmc: " fmt
7 
8 #include <linux/errno.h>
9 #include <linux/io.h>
10 #include <linux/ipmi_bmc.h>
11 #include <linux/list.h>
12 #include <linux/miscdevice.h>
13 #include <linux/module.h>
14 #include <linux/mutex.h>
15 #include <linux/platform_device.h>
16 #include <linux/poll.h>
17 #include <linux/sched.h>
18 #include <linux/slab.h>
19 
20 #include "kcs_bmc_client.h"
21 
22 /* Different phases of the KCS BMC module.
23  *  KCS_PHASE_IDLE:
24  *            BMC should not be expecting nor sending any data.
25  *  KCS_PHASE_WRITE_START:
26  *            BMC is receiving a WRITE_START command from system software.
27  *  KCS_PHASE_WRITE_DATA:
28  *            BMC is receiving a data byte from system software.
29  *  KCS_PHASE_WRITE_END_CMD:
30  *            BMC is waiting a last data byte from system software.
31  *  KCS_PHASE_WRITE_DONE:
32  *            BMC has received the whole request from system software.
33  *  KCS_PHASE_WAIT_READ:
34  *            BMC is waiting the response from the upper IPMI service.
35  *  KCS_PHASE_READ:
36  *            BMC is transferring the response to system software.
37  *  KCS_PHASE_ABORT_ERROR1:
38  *            BMC is waiting error status request from system software.
39  *  KCS_PHASE_ABORT_ERROR2:
40  *            BMC is waiting for idle status afer error from system software.
41  *  KCS_PHASE_ERROR:
42  *            BMC has detected a protocol violation at the interface level.
43  */
44 enum kcs_ipmi_phases {
45 	KCS_PHASE_IDLE,
46 
47 	KCS_PHASE_WRITE_START,
48 	KCS_PHASE_WRITE_DATA,
49 	KCS_PHASE_WRITE_END_CMD,
50 	KCS_PHASE_WRITE_DONE,
51 
52 	KCS_PHASE_WAIT_READ,
53 	KCS_PHASE_READ,
54 
55 	KCS_PHASE_ABORT_ERROR1,
56 	KCS_PHASE_ABORT_ERROR2,
57 	KCS_PHASE_ERROR
58 };
59 
60 /* IPMI 2.0 - Table 9-4, KCS Interface Status Codes */
61 enum kcs_ipmi_errors {
62 	KCS_NO_ERROR                = 0x00,
63 	KCS_ABORTED_BY_COMMAND      = 0x01,
64 	KCS_ILLEGAL_CONTROL_CODE    = 0x02,
65 	KCS_LENGTH_ERROR            = 0x06,
66 	KCS_UNSPECIFIED_ERROR       = 0xFF
67 };
68 
69 struct kcs_bmc_ipmi {
70 	struct list_head entry;
71 
72 	struct kcs_bmc_client client;
73 
74 	spinlock_t lock;
75 
76 	enum kcs_ipmi_phases phase;
77 	enum kcs_ipmi_errors error;
78 
79 	wait_queue_head_t queue;
80 	bool data_in_avail;
81 	int  data_in_idx;
82 	u8  *data_in;
83 
84 	int  data_out_idx;
85 	int  data_out_len;
86 	u8  *data_out;
87 
88 	struct mutex mutex;
89 	u8 *kbuffer;
90 
91 	struct miscdevice miscdev;
92 };
93 
94 #define DEVICE_NAME "ipmi-kcs"
95 
96 #define KCS_MSG_BUFSIZ    1000
97 
98 #define KCS_ZERO_DATA     0
99 
100 /* IPMI 2.0 - Table 9-1, KCS Interface Status Register Bits */
101 #define KCS_STATUS_STATE(state) (state << 6)
102 #define KCS_STATUS_STATE_MASK   GENMASK(7, 6)
103 #define KCS_STATUS_CMD_DAT      BIT(3)
104 #define KCS_STATUS_SMS_ATN      BIT(2)
105 #define KCS_STATUS_IBF          BIT(1)
106 #define KCS_STATUS_OBF          BIT(0)
107 
108 /* IPMI 2.0 - Table 9-2, KCS Interface State Bits */
109 enum kcs_states {
110 	IDLE_STATE  = 0,
111 	READ_STATE  = 1,
112 	WRITE_STATE = 2,
113 	ERROR_STATE = 3,
114 };
115 
116 /* IPMI 2.0 - Table 9-3, KCS Interface Control Codes */
117 #define KCS_CMD_GET_STATUS_ABORT  0x60
118 #define KCS_CMD_WRITE_START       0x61
119 #define KCS_CMD_WRITE_END         0x62
120 #define KCS_CMD_READ_BYTE         0x68
121 
set_state(struct kcs_bmc_ipmi * priv,u8 state)122 static inline void set_state(struct kcs_bmc_ipmi *priv, u8 state)
123 {
124 	kcs_bmc_update_status(priv->client.dev, KCS_STATUS_STATE_MASK, KCS_STATUS_STATE(state));
125 }
126 
kcs_bmc_ipmi_force_abort(struct kcs_bmc_ipmi * priv)127 static void kcs_bmc_ipmi_force_abort(struct kcs_bmc_ipmi *priv)
128 {
129 	set_state(priv, ERROR_STATE);
130 	kcs_bmc_read_data(priv->client.dev);
131 	kcs_bmc_write_data(priv->client.dev, KCS_ZERO_DATA);
132 
133 	priv->phase = KCS_PHASE_ERROR;
134 	priv->data_in_avail = false;
135 	priv->data_in_idx = 0;
136 }
137 
kcs_bmc_ipmi_handle_data(struct kcs_bmc_ipmi * priv)138 static void kcs_bmc_ipmi_handle_data(struct kcs_bmc_ipmi *priv)
139 {
140 	struct kcs_bmc_device *dev;
141 	u8 data;
142 
143 	dev = priv->client.dev;
144 
145 	switch (priv->phase) {
146 	case KCS_PHASE_WRITE_START:
147 		priv->phase = KCS_PHASE_WRITE_DATA;
148 		fallthrough;
149 
150 	case KCS_PHASE_WRITE_DATA:
151 		if (priv->data_in_idx < KCS_MSG_BUFSIZ) {
152 			set_state(priv, WRITE_STATE);
153 			kcs_bmc_write_data(dev, KCS_ZERO_DATA);
154 			priv->data_in[priv->data_in_idx++] = kcs_bmc_read_data(dev);
155 		} else {
156 			kcs_bmc_ipmi_force_abort(priv);
157 			priv->error = KCS_LENGTH_ERROR;
158 		}
159 		break;
160 
161 	case KCS_PHASE_WRITE_END_CMD:
162 		if (priv->data_in_idx < KCS_MSG_BUFSIZ) {
163 			set_state(priv, READ_STATE);
164 			priv->data_in[priv->data_in_idx++] = kcs_bmc_read_data(dev);
165 			priv->phase = KCS_PHASE_WRITE_DONE;
166 			priv->data_in_avail = true;
167 			wake_up_interruptible(&priv->queue);
168 		} else {
169 			kcs_bmc_ipmi_force_abort(priv);
170 			priv->error = KCS_LENGTH_ERROR;
171 		}
172 		break;
173 
174 	case KCS_PHASE_READ:
175 		if (priv->data_out_idx == priv->data_out_len)
176 			set_state(priv, IDLE_STATE);
177 
178 		data = kcs_bmc_read_data(dev);
179 		if (data != KCS_CMD_READ_BYTE) {
180 			set_state(priv, ERROR_STATE);
181 			kcs_bmc_write_data(dev, KCS_ZERO_DATA);
182 			break;
183 		}
184 
185 		if (priv->data_out_idx == priv->data_out_len) {
186 			kcs_bmc_write_data(dev, KCS_ZERO_DATA);
187 			priv->phase = KCS_PHASE_IDLE;
188 			break;
189 		}
190 
191 		kcs_bmc_write_data(dev, priv->data_out[priv->data_out_idx++]);
192 		break;
193 
194 	case KCS_PHASE_ABORT_ERROR1:
195 		set_state(priv, READ_STATE);
196 		kcs_bmc_read_data(dev);
197 		kcs_bmc_write_data(dev, priv->error);
198 		priv->phase = KCS_PHASE_ABORT_ERROR2;
199 		break;
200 
201 	case KCS_PHASE_ABORT_ERROR2:
202 		set_state(priv, IDLE_STATE);
203 		kcs_bmc_read_data(dev);
204 		kcs_bmc_write_data(dev, KCS_ZERO_DATA);
205 		priv->phase = KCS_PHASE_IDLE;
206 		break;
207 
208 	default:
209 		kcs_bmc_ipmi_force_abort(priv);
210 		break;
211 	}
212 }
213 
kcs_bmc_ipmi_handle_cmd(struct kcs_bmc_ipmi * priv)214 static void kcs_bmc_ipmi_handle_cmd(struct kcs_bmc_ipmi *priv)
215 {
216 	u8 cmd;
217 
218 	set_state(priv, WRITE_STATE);
219 	kcs_bmc_write_data(priv->client.dev, KCS_ZERO_DATA);
220 
221 	cmd = kcs_bmc_read_data(priv->client.dev);
222 	switch (cmd) {
223 	case KCS_CMD_WRITE_START:
224 		priv->phase = KCS_PHASE_WRITE_START;
225 		priv->error = KCS_NO_ERROR;
226 		priv->data_in_avail = false;
227 		priv->data_in_idx = 0;
228 		break;
229 
230 	case KCS_CMD_WRITE_END:
231 		if (priv->phase != KCS_PHASE_WRITE_DATA) {
232 			kcs_bmc_ipmi_force_abort(priv);
233 			break;
234 		}
235 
236 		priv->phase = KCS_PHASE_WRITE_END_CMD;
237 		break;
238 
239 	case KCS_CMD_GET_STATUS_ABORT:
240 		if (priv->error == KCS_NO_ERROR)
241 			priv->error = KCS_ABORTED_BY_COMMAND;
242 
243 		priv->phase = KCS_PHASE_ABORT_ERROR1;
244 		priv->data_in_avail = false;
245 		priv->data_in_idx = 0;
246 		break;
247 
248 	default:
249 		kcs_bmc_ipmi_force_abort(priv);
250 		priv->error = KCS_ILLEGAL_CONTROL_CODE;
251 		break;
252 	}
253 }
254 
client_to_kcs_bmc_ipmi(struct kcs_bmc_client * client)255 static inline struct kcs_bmc_ipmi *client_to_kcs_bmc_ipmi(struct kcs_bmc_client *client)
256 {
257 	return container_of(client, struct kcs_bmc_ipmi, client);
258 }
259 
kcs_bmc_ipmi_event(struct kcs_bmc_client * client)260 static irqreturn_t kcs_bmc_ipmi_event(struct kcs_bmc_client *client)
261 {
262 	struct kcs_bmc_ipmi *priv;
263 	u8 status;
264 	int ret;
265 
266 	priv = client_to_kcs_bmc_ipmi(client);
267 	if (!priv)
268 		return IRQ_NONE;
269 
270 	spin_lock(&priv->lock);
271 
272 	status = kcs_bmc_read_status(client->dev);
273 	if (status & KCS_STATUS_IBF) {
274 		if (status & KCS_STATUS_CMD_DAT)
275 			kcs_bmc_ipmi_handle_cmd(priv);
276 		else
277 			kcs_bmc_ipmi_handle_data(priv);
278 
279 		ret = IRQ_HANDLED;
280 	} else {
281 		ret = IRQ_NONE;
282 	}
283 
284 	spin_unlock(&priv->lock);
285 
286 	return ret;
287 }
288 
289 static const struct kcs_bmc_client_ops kcs_bmc_ipmi_client_ops = {
290 	.event = kcs_bmc_ipmi_event,
291 };
292 
to_kcs_bmc(struct file * filp)293 static inline struct kcs_bmc_ipmi *to_kcs_bmc(struct file *filp)
294 {
295 	return container_of(filp->private_data, struct kcs_bmc_ipmi, miscdev);
296 }
297 
kcs_bmc_ipmi_open(struct inode * inode,struct file * filp)298 static int kcs_bmc_ipmi_open(struct inode *inode, struct file *filp)
299 {
300 	struct kcs_bmc_ipmi *priv = to_kcs_bmc(filp);
301 
302 	return kcs_bmc_enable_device(priv->client.dev, &priv->client);
303 }
304 
kcs_bmc_ipmi_poll(struct file * filp,poll_table * wait)305 static __poll_t kcs_bmc_ipmi_poll(struct file *filp, poll_table *wait)
306 {
307 	struct kcs_bmc_ipmi *priv = to_kcs_bmc(filp);
308 	__poll_t mask = 0;
309 
310 	poll_wait(filp, &priv->queue, wait);
311 
312 	spin_lock_irq(&priv->lock);
313 	if (priv->data_in_avail)
314 		mask |= EPOLLIN;
315 	spin_unlock_irq(&priv->lock);
316 
317 	return mask;
318 }
319 
kcs_bmc_ipmi_read(struct file * filp,char __user * buf,size_t count,loff_t * ppos)320 static ssize_t kcs_bmc_ipmi_read(struct file *filp, char __user *buf,
321 			    size_t count, loff_t *ppos)
322 {
323 	struct kcs_bmc_ipmi *priv = to_kcs_bmc(filp);
324 	bool data_avail;
325 	size_t data_len;
326 	ssize_t ret;
327 
328 	if (!(filp->f_flags & O_NONBLOCK))
329 		wait_event_interruptible(priv->queue,
330 					 priv->data_in_avail);
331 
332 	mutex_lock(&priv->mutex);
333 
334 	spin_lock_irq(&priv->lock);
335 	data_avail = priv->data_in_avail;
336 	if (data_avail) {
337 		data_len = priv->data_in_idx;
338 		memcpy(priv->kbuffer, priv->data_in, data_len);
339 	}
340 	spin_unlock_irq(&priv->lock);
341 
342 	if (!data_avail) {
343 		ret = -EAGAIN;
344 		goto out_unlock;
345 	}
346 
347 	if (count < data_len) {
348 		pr_err("channel=%u with too large data : %zu\n",
349 			priv->client.dev->channel, data_len);
350 
351 		spin_lock_irq(&priv->lock);
352 		kcs_bmc_ipmi_force_abort(priv);
353 		spin_unlock_irq(&priv->lock);
354 
355 		ret = -EOVERFLOW;
356 		goto out_unlock;
357 	}
358 
359 	if (copy_to_user(buf, priv->kbuffer, data_len)) {
360 		ret = -EFAULT;
361 		goto out_unlock;
362 	}
363 
364 	ret = data_len;
365 
366 	spin_lock_irq(&priv->lock);
367 	if (priv->phase == KCS_PHASE_WRITE_DONE) {
368 		priv->phase = KCS_PHASE_WAIT_READ;
369 		priv->data_in_avail = false;
370 		priv->data_in_idx = 0;
371 	} else {
372 		ret = -EAGAIN;
373 	}
374 	spin_unlock_irq(&priv->lock);
375 
376 out_unlock:
377 	mutex_unlock(&priv->mutex);
378 
379 	return ret;
380 }
381 
kcs_bmc_ipmi_write(struct file * filp,const char __user * buf,size_t count,loff_t * ppos)382 static ssize_t kcs_bmc_ipmi_write(struct file *filp, const char __user *buf,
383 			     size_t count, loff_t *ppos)
384 {
385 	struct kcs_bmc_ipmi *priv = to_kcs_bmc(filp);
386 	ssize_t ret;
387 
388 	/* a minimum response size '3' : netfn + cmd + ccode */
389 	if (count < 3 || count > KCS_MSG_BUFSIZ)
390 		return -EINVAL;
391 
392 	mutex_lock(&priv->mutex);
393 
394 	if (copy_from_user(priv->kbuffer, buf, count)) {
395 		ret = -EFAULT;
396 		goto out_unlock;
397 	}
398 
399 	spin_lock_irq(&priv->lock);
400 	if (priv->phase == KCS_PHASE_WAIT_READ) {
401 		priv->phase = KCS_PHASE_READ;
402 		priv->data_out_idx = 1;
403 		priv->data_out_len = count;
404 		memcpy(priv->data_out, priv->kbuffer, count);
405 		kcs_bmc_write_data(priv->client.dev, priv->data_out[0]);
406 		ret = count;
407 	} else {
408 		ret = -EINVAL;
409 	}
410 	spin_unlock_irq(&priv->lock);
411 
412 out_unlock:
413 	mutex_unlock(&priv->mutex);
414 
415 	return ret;
416 }
417 
kcs_bmc_ipmi_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)418 static long kcs_bmc_ipmi_ioctl(struct file *filp, unsigned int cmd,
419 			  unsigned long arg)
420 {
421 	struct kcs_bmc_ipmi *priv = to_kcs_bmc(filp);
422 	long ret = 0;
423 
424 	spin_lock_irq(&priv->lock);
425 
426 	switch (cmd) {
427 	case IPMI_BMC_IOCTL_SET_SMS_ATN:
428 		kcs_bmc_update_status(priv->client.dev, KCS_STATUS_SMS_ATN, KCS_STATUS_SMS_ATN);
429 		break;
430 
431 	case IPMI_BMC_IOCTL_CLEAR_SMS_ATN:
432 		kcs_bmc_update_status(priv->client.dev, KCS_STATUS_SMS_ATN, 0);
433 		break;
434 
435 	case IPMI_BMC_IOCTL_FORCE_ABORT:
436 		kcs_bmc_ipmi_force_abort(priv);
437 		break;
438 
439 	default:
440 		ret = -EINVAL;
441 		break;
442 	}
443 
444 	spin_unlock_irq(&priv->lock);
445 
446 	return ret;
447 }
448 
kcs_bmc_ipmi_release(struct inode * inode,struct file * filp)449 static int kcs_bmc_ipmi_release(struct inode *inode, struct file *filp)
450 {
451 	struct kcs_bmc_ipmi *priv = to_kcs_bmc(filp);
452 
453 	kcs_bmc_ipmi_force_abort(priv);
454 	kcs_bmc_disable_device(priv->client.dev, &priv->client);
455 
456 	return 0;
457 }
458 
459 static const struct file_operations kcs_bmc_ipmi_fops = {
460 	.owner          = THIS_MODULE,
461 	.open           = kcs_bmc_ipmi_open,
462 	.read           = kcs_bmc_ipmi_read,
463 	.write          = kcs_bmc_ipmi_write,
464 	.release        = kcs_bmc_ipmi_release,
465 	.poll           = kcs_bmc_ipmi_poll,
466 	.unlocked_ioctl = kcs_bmc_ipmi_ioctl,
467 };
468 
469 static DEFINE_SPINLOCK(kcs_bmc_ipmi_instances_lock);
470 static LIST_HEAD(kcs_bmc_ipmi_instances);
471 
kcs_bmc_ipmi_add_device(struct kcs_bmc_device * kcs_bmc)472 static int kcs_bmc_ipmi_add_device(struct kcs_bmc_device *kcs_bmc)
473 {
474 	struct kcs_bmc_ipmi *priv;
475 	int rc;
476 
477 	priv = devm_kzalloc(kcs_bmc->dev, sizeof(*priv), GFP_KERNEL);
478 	if (!priv)
479 		return -ENOMEM;
480 
481 	spin_lock_init(&priv->lock);
482 	mutex_init(&priv->mutex);
483 
484 	init_waitqueue_head(&priv->queue);
485 
486 	priv->client.dev = kcs_bmc;
487 	priv->client.ops = &kcs_bmc_ipmi_client_ops;
488 	priv->data_in = devm_kmalloc(kcs_bmc->dev, KCS_MSG_BUFSIZ, GFP_KERNEL);
489 	priv->data_out = devm_kmalloc(kcs_bmc->dev, KCS_MSG_BUFSIZ, GFP_KERNEL);
490 	priv->kbuffer = devm_kmalloc(kcs_bmc->dev, KCS_MSG_BUFSIZ, GFP_KERNEL);
491 
492 	priv->miscdev.minor = MISC_DYNAMIC_MINOR;
493 	priv->miscdev.name = devm_kasprintf(kcs_bmc->dev, GFP_KERNEL, "%s%u", DEVICE_NAME,
494 					   kcs_bmc->channel);
495 	if (!priv->data_in || !priv->data_out || !priv->kbuffer || !priv->miscdev.name)
496 		return -EINVAL;
497 
498 	priv->miscdev.fops = &kcs_bmc_ipmi_fops;
499 
500 	rc = misc_register(&priv->miscdev);
501 	if (rc) {
502 		dev_err(kcs_bmc->dev, "Unable to register device: %d\n", rc);
503 		return rc;
504 	}
505 
506 	spin_lock_irq(&kcs_bmc_ipmi_instances_lock);
507 	list_add(&priv->entry, &kcs_bmc_ipmi_instances);
508 	spin_unlock_irq(&kcs_bmc_ipmi_instances_lock);
509 
510 	dev_info(kcs_bmc->dev, "Initialised IPMI client for channel %d", kcs_bmc->channel);
511 
512 	return 0;
513 }
514 
kcs_bmc_ipmi_remove_device(struct kcs_bmc_device * kcs_bmc)515 static int kcs_bmc_ipmi_remove_device(struct kcs_bmc_device *kcs_bmc)
516 {
517 	struct kcs_bmc_ipmi *priv = NULL, *pos;
518 
519 	spin_lock_irq(&kcs_bmc_ipmi_instances_lock);
520 	list_for_each_entry(pos, &kcs_bmc_ipmi_instances, entry) {
521 		if (pos->client.dev == kcs_bmc) {
522 			priv = pos;
523 			list_del(&pos->entry);
524 			break;
525 		}
526 	}
527 	spin_unlock_irq(&kcs_bmc_ipmi_instances_lock);
528 
529 	if (!priv)
530 		return -ENODEV;
531 
532 	misc_deregister(&priv->miscdev);
533 	kcs_bmc_disable_device(priv->client.dev, &priv->client);
534 	devm_kfree(kcs_bmc->dev, priv->kbuffer);
535 	devm_kfree(kcs_bmc->dev, priv->data_out);
536 	devm_kfree(kcs_bmc->dev, priv->data_in);
537 	devm_kfree(kcs_bmc->dev, priv);
538 
539 	return 0;
540 }
541 
542 static const struct kcs_bmc_driver_ops kcs_bmc_ipmi_driver_ops = {
543 	.add_device = kcs_bmc_ipmi_add_device,
544 	.remove_device = kcs_bmc_ipmi_remove_device,
545 };
546 
547 static struct kcs_bmc_driver kcs_bmc_ipmi_driver = {
548 	.ops = &kcs_bmc_ipmi_driver_ops,
549 };
550 
kcs_bmc_ipmi_init(void)551 static int __init kcs_bmc_ipmi_init(void)
552 {
553 	kcs_bmc_register_driver(&kcs_bmc_ipmi_driver);
554 
555 	return 0;
556 }
557 module_init(kcs_bmc_ipmi_init);
558 
kcs_bmc_ipmi_exit(void)559 static void __exit kcs_bmc_ipmi_exit(void)
560 {
561 	kcs_bmc_unregister_driver(&kcs_bmc_ipmi_driver);
562 }
563 module_exit(kcs_bmc_ipmi_exit);
564 
565 MODULE_LICENSE("GPL v2");
566 MODULE_AUTHOR("Haiyue Wang <haiyue.wang@linux.intel.com>");
567 MODULE_AUTHOR("Andrew Jeffery <andrew@aj.id.au>");
568 MODULE_DESCRIPTION("KCS BMC to handle the IPMI request from system software");
569