1 /* 2 * acpi_ipmi.c - ACPI IPMI opregion 3 * 4 * Copyright (C) 2010, 2013 Intel Corporation 5 * Author: Zhao Yakui <yakui.zhao@intel.com> 6 * Lv Zheng <lv.zheng@intel.com> 7 * 8 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or (at 13 * your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, but 16 * WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 * General Public License for more details. 19 * 20 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 21 */ 22 23 #include <linux/module.h> 24 #include <linux/acpi.h> 25 #include <linux/ipmi.h> 26 #include <linux/spinlock.h> 27 28 MODULE_AUTHOR("Zhao Yakui"); 29 MODULE_DESCRIPTION("ACPI IPMI Opregion driver"); 30 MODULE_LICENSE("GPL"); 31 32 #define ACPI_IPMI_OK 0 33 #define ACPI_IPMI_TIMEOUT 0x10 34 #define ACPI_IPMI_UNKNOWN 0x07 35 /* the IPMI timeout is 5s */ 36 #define IPMI_TIMEOUT (5000) 37 #define ACPI_IPMI_MAX_MSG_LENGTH 64 38 39 struct acpi_ipmi_device { 40 /* the device list attached to driver_data.ipmi_devices */ 41 struct list_head head; 42 43 /* the IPMI request message list */ 44 struct list_head tx_msg_list; 45 46 spinlock_t tx_msg_lock; 47 acpi_handle handle; 48 struct device *dev; 49 ipmi_user_t user_interface; 50 int ipmi_ifnum; /* IPMI interface number */ 51 long curr_msgid; 52 bool dead; 53 struct kref kref; 54 }; 55 56 struct ipmi_driver_data { 57 struct list_head ipmi_devices; 58 struct ipmi_smi_watcher bmc_events; 59 struct ipmi_user_hndl ipmi_hndlrs; 60 struct mutex ipmi_lock; 61 62 /* 63 * NOTE: IPMI System Interface Selection 64 * There is no system interface specified by the IPMI operation 65 * region access. We try to select one system interface with ACPI 66 * handle set. IPMI messages passed from the ACPI codes are sent 67 * to this selected global IPMI system interface. 68 */ 69 struct acpi_ipmi_device *selected_smi; 70 }; 71 72 struct acpi_ipmi_msg { 73 struct list_head head; 74 75 /* 76 * General speaking the addr type should be SI_ADDR_TYPE. And 77 * the addr channel should be BMC. 78 * In fact it can also be IPMB type. But we will have to 79 * parse it from the Netfn command buffer. It is so complex 80 * that it is skipped. 81 */ 82 struct ipmi_addr addr; 83 long tx_msgid; 84 85 /* it is used to track whether the IPMI message is finished */ 86 struct completion tx_complete; 87 88 struct kernel_ipmi_msg tx_message; 89 int msg_done; 90 91 /* tx/rx data . And copy it from/to ACPI object buffer */ 92 u8 data[ACPI_IPMI_MAX_MSG_LENGTH]; 93 u8 rx_len; 94 95 struct acpi_ipmi_device *device; 96 struct kref kref; 97 }; 98 99 /* IPMI request/response buffer per ACPI 4.0, sec 5.5.2.4.3.2 */ 100 struct acpi_ipmi_buffer { 101 u8 status; 102 u8 length; 103 u8 data[ACPI_IPMI_MAX_MSG_LENGTH]; 104 }; 105 106 static void ipmi_register_bmc(int iface, struct device *dev); 107 static void ipmi_bmc_gone(int iface); 108 static void ipmi_msg_handler(struct ipmi_recv_msg *msg, void *user_msg_data); 109 110 static struct ipmi_driver_data driver_data = { 111 .ipmi_devices = LIST_HEAD_INIT(driver_data.ipmi_devices), 112 .bmc_events = { 113 .owner = THIS_MODULE, 114 .new_smi = ipmi_register_bmc, 115 .smi_gone = ipmi_bmc_gone, 116 }, 117 .ipmi_hndlrs = { 118 .ipmi_recv_hndl = ipmi_msg_handler, 119 }, 120 .ipmi_lock = __MUTEX_INITIALIZER(driver_data.ipmi_lock) 121 }; 122 123 static struct acpi_ipmi_device * 124 ipmi_dev_alloc(int iface, struct device *dev, acpi_handle handle) 125 { 126 struct acpi_ipmi_device *ipmi_device; 127 int err; 128 ipmi_user_t user; 129 130 ipmi_device = kzalloc(sizeof(*ipmi_device), GFP_KERNEL); 131 if (!ipmi_device) 132 return NULL; 133 134 kref_init(&ipmi_device->kref); 135 INIT_LIST_HEAD(&ipmi_device->head); 136 INIT_LIST_HEAD(&ipmi_device->tx_msg_list); 137 spin_lock_init(&ipmi_device->tx_msg_lock); 138 ipmi_device->handle = handle; 139 ipmi_device->dev = get_device(dev); 140 ipmi_device->ipmi_ifnum = iface; 141 142 err = ipmi_create_user(iface, &driver_data.ipmi_hndlrs, 143 ipmi_device, &user); 144 if (err) { 145 put_device(dev); 146 kfree(ipmi_device); 147 return NULL; 148 } 149 ipmi_device->user_interface = user; 150 151 return ipmi_device; 152 } 153 154 static void ipmi_dev_release(struct acpi_ipmi_device *ipmi_device) 155 { 156 ipmi_destroy_user(ipmi_device->user_interface); 157 put_device(ipmi_device->dev); 158 kfree(ipmi_device); 159 } 160 161 static void ipmi_dev_release_kref(struct kref *kref) 162 { 163 struct acpi_ipmi_device *ipmi = 164 container_of(kref, struct acpi_ipmi_device, kref); 165 166 ipmi_dev_release(ipmi); 167 } 168 169 static void __ipmi_dev_kill(struct acpi_ipmi_device *ipmi_device) 170 { 171 list_del(&ipmi_device->head); 172 if (driver_data.selected_smi == ipmi_device) 173 driver_data.selected_smi = NULL; 174 175 /* 176 * Always setting dead flag after deleting from the list or 177 * list_for_each_entry() codes must get changed. 178 */ 179 ipmi_device->dead = true; 180 } 181 182 static struct acpi_ipmi_device *acpi_ipmi_dev_get(void) 183 { 184 struct acpi_ipmi_device *ipmi_device = NULL; 185 186 mutex_lock(&driver_data.ipmi_lock); 187 if (driver_data.selected_smi) { 188 ipmi_device = driver_data.selected_smi; 189 kref_get(&ipmi_device->kref); 190 } 191 mutex_unlock(&driver_data.ipmi_lock); 192 193 return ipmi_device; 194 } 195 196 static void acpi_ipmi_dev_put(struct acpi_ipmi_device *ipmi_device) 197 { 198 kref_put(&ipmi_device->kref, ipmi_dev_release_kref); 199 } 200 201 static struct acpi_ipmi_msg *ipmi_msg_alloc(void) 202 { 203 struct acpi_ipmi_device *ipmi; 204 struct acpi_ipmi_msg *ipmi_msg; 205 206 ipmi = acpi_ipmi_dev_get(); 207 if (!ipmi) 208 return NULL; 209 210 ipmi_msg = kzalloc(sizeof(struct acpi_ipmi_msg), GFP_KERNEL); 211 if (!ipmi_msg) { 212 acpi_ipmi_dev_put(ipmi); 213 return NULL; 214 } 215 216 kref_init(&ipmi_msg->kref); 217 init_completion(&ipmi_msg->tx_complete); 218 INIT_LIST_HEAD(&ipmi_msg->head); 219 ipmi_msg->device = ipmi; 220 ipmi_msg->msg_done = ACPI_IPMI_UNKNOWN; 221 222 return ipmi_msg; 223 } 224 225 static void ipmi_msg_release(struct acpi_ipmi_msg *tx_msg) 226 { 227 acpi_ipmi_dev_put(tx_msg->device); 228 kfree(tx_msg); 229 } 230 231 static void ipmi_msg_release_kref(struct kref *kref) 232 { 233 struct acpi_ipmi_msg *tx_msg = 234 container_of(kref, struct acpi_ipmi_msg, kref); 235 236 ipmi_msg_release(tx_msg); 237 } 238 239 static struct acpi_ipmi_msg *acpi_ipmi_msg_get(struct acpi_ipmi_msg *tx_msg) 240 { 241 kref_get(&tx_msg->kref); 242 243 return tx_msg; 244 } 245 246 static void acpi_ipmi_msg_put(struct acpi_ipmi_msg *tx_msg) 247 { 248 kref_put(&tx_msg->kref, ipmi_msg_release_kref); 249 } 250 251 #define IPMI_OP_RGN_NETFN(offset) ((offset >> 8) & 0xff) 252 #define IPMI_OP_RGN_CMD(offset) (offset & 0xff) 253 static int acpi_format_ipmi_request(struct acpi_ipmi_msg *tx_msg, 254 acpi_physical_address address, 255 acpi_integer *value) 256 { 257 struct kernel_ipmi_msg *msg; 258 struct acpi_ipmi_buffer *buffer; 259 struct acpi_ipmi_device *device; 260 unsigned long flags; 261 262 msg = &tx_msg->tx_message; 263 264 /* 265 * IPMI network function and command are encoded in the address 266 * within the IPMI OpRegion; see ACPI 4.0, sec 5.5.2.4.3. 267 */ 268 msg->netfn = IPMI_OP_RGN_NETFN(address); 269 msg->cmd = IPMI_OP_RGN_CMD(address); 270 msg->data = tx_msg->data; 271 272 /* 273 * value is the parameter passed by the IPMI opregion space handler. 274 * It points to the IPMI request message buffer 275 */ 276 buffer = (struct acpi_ipmi_buffer *)value; 277 278 /* copy the tx message data */ 279 if (buffer->length > ACPI_IPMI_MAX_MSG_LENGTH) { 280 dev_WARN_ONCE(tx_msg->device->dev, true, 281 "Unexpected request (msg len %d).\n", 282 buffer->length); 283 return -EINVAL; 284 } 285 msg->data_len = buffer->length; 286 memcpy(tx_msg->data, buffer->data, msg->data_len); 287 288 /* 289 * now the default type is SYSTEM_INTERFACE and channel type is BMC. 290 * If the netfn is APP_REQUEST and the cmd is SEND_MESSAGE, 291 * the addr type should be changed to IPMB. Then we will have to parse 292 * the IPMI request message buffer to get the IPMB address. 293 * If so, please fix me. 294 */ 295 tx_msg->addr.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 296 tx_msg->addr.channel = IPMI_BMC_CHANNEL; 297 tx_msg->addr.data[0] = 0; 298 299 /* Get the msgid */ 300 device = tx_msg->device; 301 302 spin_lock_irqsave(&device->tx_msg_lock, flags); 303 device->curr_msgid++; 304 tx_msg->tx_msgid = device->curr_msgid; 305 spin_unlock_irqrestore(&device->tx_msg_lock, flags); 306 307 return 0; 308 } 309 310 static void acpi_format_ipmi_response(struct acpi_ipmi_msg *msg, 311 acpi_integer *value) 312 { 313 struct acpi_ipmi_buffer *buffer; 314 315 /* 316 * value is also used as output parameter. It represents the response 317 * IPMI message returned by IPMI command. 318 */ 319 buffer = (struct acpi_ipmi_buffer *)value; 320 321 /* 322 * If the flag of msg_done is not set, it means that the IPMI command is 323 * not executed correctly. 324 */ 325 buffer->status = msg->msg_done; 326 if (msg->msg_done != ACPI_IPMI_OK) 327 return; 328 329 /* 330 * If the IPMI response message is obtained correctly, the status code 331 * will be ACPI_IPMI_OK 332 */ 333 buffer->length = msg->rx_len; 334 memcpy(buffer->data, msg->data, msg->rx_len); 335 } 336 337 static void ipmi_flush_tx_msg(struct acpi_ipmi_device *ipmi) 338 { 339 struct acpi_ipmi_msg *tx_msg; 340 unsigned long flags; 341 342 /* 343 * NOTE: On-going ipmi_recv_msg 344 * ipmi_msg_handler() may still be invoked by ipmi_si after 345 * flushing. But it is safe to do a fast flushing on module_exit() 346 * without waiting for all ipmi_recv_msg(s) to complete from 347 * ipmi_msg_handler() as it is ensured by ipmi_si that all 348 * ipmi_recv_msg(s) are freed after invoking ipmi_destroy_user(). 349 */ 350 spin_lock_irqsave(&ipmi->tx_msg_lock, flags); 351 while (!list_empty(&ipmi->tx_msg_list)) { 352 tx_msg = list_first_entry(&ipmi->tx_msg_list, 353 struct acpi_ipmi_msg, 354 head); 355 list_del(&tx_msg->head); 356 spin_unlock_irqrestore(&ipmi->tx_msg_lock, flags); 357 358 /* wake up the sleep thread on the Tx msg */ 359 complete(&tx_msg->tx_complete); 360 acpi_ipmi_msg_put(tx_msg); 361 spin_lock_irqsave(&ipmi->tx_msg_lock, flags); 362 } 363 spin_unlock_irqrestore(&ipmi->tx_msg_lock, flags); 364 } 365 366 static void ipmi_cancel_tx_msg(struct acpi_ipmi_device *ipmi, 367 struct acpi_ipmi_msg *msg) 368 { 369 struct acpi_ipmi_msg *tx_msg, *temp; 370 bool msg_found = false; 371 unsigned long flags; 372 373 spin_lock_irqsave(&ipmi->tx_msg_lock, flags); 374 list_for_each_entry_safe(tx_msg, temp, &ipmi->tx_msg_list, head) { 375 if (msg == tx_msg) { 376 msg_found = true; 377 list_del(&tx_msg->head); 378 break; 379 } 380 } 381 spin_unlock_irqrestore(&ipmi->tx_msg_lock, flags); 382 383 if (msg_found) 384 acpi_ipmi_msg_put(tx_msg); 385 } 386 387 static void ipmi_msg_handler(struct ipmi_recv_msg *msg, void *user_msg_data) 388 { 389 struct acpi_ipmi_device *ipmi_device = user_msg_data; 390 bool msg_found = false; 391 struct acpi_ipmi_msg *tx_msg, *temp; 392 struct device *dev = ipmi_device->dev; 393 unsigned long flags; 394 395 if (msg->user != ipmi_device->user_interface) { 396 dev_warn(dev, 397 "Unexpected response is returned. returned user %p, expected user %p\n", 398 msg->user, ipmi_device->user_interface); 399 goto out_msg; 400 } 401 402 spin_lock_irqsave(&ipmi_device->tx_msg_lock, flags); 403 list_for_each_entry_safe(tx_msg, temp, &ipmi_device->tx_msg_list, head) { 404 if (msg->msgid == tx_msg->tx_msgid) { 405 msg_found = true; 406 list_del(&tx_msg->head); 407 break; 408 } 409 } 410 spin_unlock_irqrestore(&ipmi_device->tx_msg_lock, flags); 411 412 if (!msg_found) { 413 dev_warn(dev, 414 "Unexpected response (msg id %ld) is returned.\n", 415 msg->msgid); 416 goto out_msg; 417 } 418 419 /* copy the response data to Rx_data buffer */ 420 if (msg->msg.data_len > ACPI_IPMI_MAX_MSG_LENGTH) { 421 dev_WARN_ONCE(dev, true, 422 "Unexpected response (msg len %d).\n", 423 msg->msg.data_len); 424 goto out_comp; 425 } 426 427 /* response msg is an error msg */ 428 msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 429 if (msg->recv_type == IPMI_RESPONSE_RECV_TYPE && 430 msg->msg.data_len == 1) { 431 if (msg->msg.data[0] == IPMI_TIMEOUT_COMPLETION_CODE) { 432 dev_WARN_ONCE(dev, true, 433 "Unexpected response (timeout).\n"); 434 tx_msg->msg_done = ACPI_IPMI_TIMEOUT; 435 } 436 goto out_comp; 437 } 438 439 tx_msg->rx_len = msg->msg.data_len; 440 memcpy(tx_msg->data, msg->msg.data, tx_msg->rx_len); 441 tx_msg->msg_done = ACPI_IPMI_OK; 442 443 out_comp: 444 complete(&tx_msg->tx_complete); 445 acpi_ipmi_msg_put(tx_msg); 446 out_msg: 447 ipmi_free_recv_msg(msg); 448 } 449 450 static void ipmi_register_bmc(int iface, struct device *dev) 451 { 452 struct acpi_ipmi_device *ipmi_device, *temp; 453 int err; 454 struct ipmi_smi_info smi_data; 455 acpi_handle handle; 456 457 err = ipmi_get_smi_info(iface, &smi_data); 458 if (err) 459 return; 460 461 if (smi_data.addr_src != SI_ACPI) 462 goto err_ref; 463 handle = smi_data.addr_info.acpi_info.acpi_handle; 464 if (!handle) 465 goto err_ref; 466 467 ipmi_device = ipmi_dev_alloc(iface, smi_data.dev, handle); 468 if (!ipmi_device) { 469 dev_warn(smi_data.dev, "Can't create IPMI user interface\n"); 470 goto err_ref; 471 } 472 473 mutex_lock(&driver_data.ipmi_lock); 474 list_for_each_entry(temp, &driver_data.ipmi_devices, head) { 475 /* 476 * if the corresponding ACPI handle is already added 477 * to the device list, don't add it again. 478 */ 479 if (temp->handle == handle) 480 goto err_lock; 481 } 482 if (!driver_data.selected_smi) 483 driver_data.selected_smi = ipmi_device; 484 list_add_tail(&ipmi_device->head, &driver_data.ipmi_devices); 485 mutex_unlock(&driver_data.ipmi_lock); 486 487 put_device(smi_data.dev); 488 return; 489 490 err_lock: 491 mutex_unlock(&driver_data.ipmi_lock); 492 ipmi_dev_release(ipmi_device); 493 err_ref: 494 put_device(smi_data.dev); 495 return; 496 } 497 498 static void ipmi_bmc_gone(int iface) 499 { 500 struct acpi_ipmi_device *ipmi_device, *temp; 501 bool dev_found = false; 502 503 mutex_lock(&driver_data.ipmi_lock); 504 list_for_each_entry_safe(ipmi_device, temp, 505 &driver_data.ipmi_devices, head) { 506 if (ipmi_device->ipmi_ifnum != iface) { 507 dev_found = true; 508 __ipmi_dev_kill(ipmi_device); 509 break; 510 } 511 } 512 if (!driver_data.selected_smi) 513 driver_data.selected_smi = list_first_entry_or_null( 514 &driver_data.ipmi_devices, 515 struct acpi_ipmi_device, head); 516 mutex_unlock(&driver_data.ipmi_lock); 517 518 if (dev_found) { 519 ipmi_flush_tx_msg(ipmi_device); 520 acpi_ipmi_dev_put(ipmi_device); 521 } 522 } 523 524 /* 525 * This is the IPMI opregion space handler. 526 * @function: indicates the read/write. In fact as the IPMI message is driven 527 * by command, only write is meaningful. 528 * @address: This contains the netfn/command of IPMI request message. 529 * @bits : not used. 530 * @value : it is an in/out parameter. It points to the IPMI message buffer. 531 * Before the IPMI message is sent, it represents the actual request 532 * IPMI message. After the IPMI message is finished, it represents 533 * the response IPMI message returned by IPMI command. 534 * @handler_context: IPMI device context. 535 */ 536 static acpi_status 537 acpi_ipmi_space_handler(u32 function, acpi_physical_address address, 538 u32 bits, acpi_integer *value, 539 void *handler_context, void *region_context) 540 { 541 struct acpi_ipmi_msg *tx_msg; 542 struct acpi_ipmi_device *ipmi_device; 543 int err; 544 acpi_status status; 545 unsigned long flags; 546 547 /* 548 * IPMI opregion message. 549 * IPMI message is firstly written to the BMC and system software 550 * can get the respsonse. So it is unmeaningful for the read access 551 * of IPMI opregion. 552 */ 553 if ((function & ACPI_IO_MASK) == ACPI_READ) 554 return AE_TYPE; 555 556 tx_msg = ipmi_msg_alloc(); 557 if (!tx_msg) 558 return AE_NOT_EXIST; 559 ipmi_device = tx_msg->device; 560 561 if (acpi_format_ipmi_request(tx_msg, address, value) != 0) { 562 ipmi_msg_release(tx_msg); 563 return AE_TYPE; 564 } 565 566 acpi_ipmi_msg_get(tx_msg); 567 mutex_lock(&driver_data.ipmi_lock); 568 /* Do not add a tx_msg that can not be flushed. */ 569 if (ipmi_device->dead) { 570 mutex_unlock(&driver_data.ipmi_lock); 571 ipmi_msg_release(tx_msg); 572 return AE_NOT_EXIST; 573 } 574 spin_lock_irqsave(&ipmi_device->tx_msg_lock, flags); 575 list_add_tail(&tx_msg->head, &ipmi_device->tx_msg_list); 576 spin_unlock_irqrestore(&ipmi_device->tx_msg_lock, flags); 577 mutex_unlock(&driver_data.ipmi_lock); 578 579 err = ipmi_request_settime(ipmi_device->user_interface, 580 &tx_msg->addr, 581 tx_msg->tx_msgid, 582 &tx_msg->tx_message, 583 NULL, 0, 0, IPMI_TIMEOUT); 584 if (err) { 585 status = AE_ERROR; 586 goto out_msg; 587 } 588 wait_for_completion(&tx_msg->tx_complete); 589 590 acpi_format_ipmi_response(tx_msg, value); 591 status = AE_OK; 592 593 out_msg: 594 ipmi_cancel_tx_msg(ipmi_device, tx_msg); 595 acpi_ipmi_msg_put(tx_msg); 596 return status; 597 } 598 599 static int __init acpi_ipmi_init(void) 600 { 601 int result; 602 acpi_status status; 603 604 if (acpi_disabled) 605 return 0; 606 607 status = acpi_install_address_space_handler(ACPI_ROOT_OBJECT, 608 ACPI_ADR_SPACE_IPMI, 609 &acpi_ipmi_space_handler, 610 NULL, NULL); 611 if (ACPI_FAILURE(status)) { 612 pr_warn("Can't register IPMI opregion space handle\n"); 613 return -EINVAL; 614 } 615 result = ipmi_smi_watcher_register(&driver_data.bmc_events); 616 if (result) 617 pr_err("Can't register IPMI system interface watcher\n"); 618 619 return result; 620 } 621 622 static void __exit acpi_ipmi_exit(void) 623 { 624 struct acpi_ipmi_device *ipmi_device; 625 626 if (acpi_disabled) 627 return; 628 629 ipmi_smi_watcher_unregister(&driver_data.bmc_events); 630 631 /* 632 * When one smi_watcher is unregistered, it is only deleted 633 * from the smi_watcher list. But the smi_gone callback function 634 * is not called. So explicitly uninstall the ACPI IPMI oregion 635 * handler and free it. 636 */ 637 mutex_lock(&driver_data.ipmi_lock); 638 while (!list_empty(&driver_data.ipmi_devices)) { 639 ipmi_device = list_first_entry(&driver_data.ipmi_devices, 640 struct acpi_ipmi_device, 641 head); 642 __ipmi_dev_kill(ipmi_device); 643 mutex_unlock(&driver_data.ipmi_lock); 644 645 ipmi_flush_tx_msg(ipmi_device); 646 acpi_ipmi_dev_put(ipmi_device); 647 648 mutex_lock(&driver_data.ipmi_lock); 649 } 650 mutex_unlock(&driver_data.ipmi_lock); 651 acpi_remove_address_space_handler(ACPI_ROOT_OBJECT, 652 ACPI_ADR_SPACE_IPMI, 653 &acpi_ipmi_space_handler); 654 } 655 656 module_init(acpi_ipmi_init); 657 module_exit(acpi_ipmi_exit); 658