1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * ipmi_bt_sm.c 4 * 5 * The state machine for an Open IPMI BT sub-driver under ipmi_si.c, part 6 * of the driver architecture at http://sourceforge.net/projects/openipmi 7 * 8 * Author: Rocky Craig <first.last@hp.com> 9 */ 10 11 #include <linux/kernel.h> /* For printk. */ 12 #include <linux/string.h> 13 #include <linux/module.h> 14 #include <linux/moduleparam.h> 15 #include <linux/ipmi_msgdefs.h> /* for completion codes */ 16 #include "ipmi_si_sm.h" 17 18 #define BT_DEBUG_OFF 0 /* Used in production */ 19 #define BT_DEBUG_ENABLE 1 /* Generic messages */ 20 #define BT_DEBUG_MSG 2 /* Prints all request/response buffers */ 21 #define BT_DEBUG_STATES 4 /* Verbose look at state changes */ 22 /* 23 * BT_DEBUG_OFF must be zero to correspond to the default uninitialized 24 * value 25 */ 26 27 static int bt_debug; /* 0 == BT_DEBUG_OFF */ 28 29 module_param(bt_debug, int, 0644); 30 MODULE_PARM_DESC(bt_debug, "debug bitmask, 1=enable, 2=messages, 4=states"); 31 32 /* 33 * Typical "Get BT Capabilities" values are 2-3 retries, 5-10 seconds, 34 * and 64 byte buffers. However, one HP implementation wants 255 bytes of 35 * buffer (with a documented message of 160 bytes) so go for the max. 36 * Since the Open IPMI architecture is single-message oriented at this 37 * stage, the queue depth of BT is of no concern. 38 */ 39 40 #define BT_NORMAL_TIMEOUT 5 /* seconds */ 41 #define BT_NORMAL_RETRY_LIMIT 2 42 #define BT_RESET_DELAY 6 /* seconds after warm reset */ 43 44 /* 45 * States are written in chronological order and usually cover 46 * multiple rows of the state table discussion in the IPMI spec. 47 */ 48 49 enum bt_states { 50 BT_STATE_IDLE = 0, /* Order is critical in this list */ 51 BT_STATE_XACTION_START, 52 BT_STATE_WRITE_BYTES, 53 BT_STATE_WRITE_CONSUME, 54 BT_STATE_READ_WAIT, 55 BT_STATE_CLEAR_B2H, 56 BT_STATE_READ_BYTES, 57 BT_STATE_RESET1, /* These must come last */ 58 BT_STATE_RESET2, 59 BT_STATE_RESET3, 60 BT_STATE_RESTART, 61 BT_STATE_PRINTME, 62 BT_STATE_CAPABILITIES_BEGIN, 63 BT_STATE_CAPABILITIES_END, 64 BT_STATE_LONG_BUSY /* BT doesn't get hosed :-) */ 65 }; 66 67 /* 68 * Macros seen at the end of state "case" blocks. They help with legibility 69 * and debugging. 70 */ 71 72 #define BT_STATE_CHANGE(X, Y) { bt->state = X; return Y; } 73 74 #define BT_SI_SM_RETURN(Y) { last_printed = BT_STATE_PRINTME; return Y; } 75 76 struct si_sm_data { 77 enum bt_states state; 78 unsigned char seq; /* BT sequence number */ 79 struct si_sm_io *io; 80 unsigned char write_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */ 81 int write_count; 82 unsigned char read_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */ 83 int read_count; 84 int truncated; 85 long timeout; /* microseconds countdown */ 86 int error_retries; /* end of "common" fields */ 87 int nonzero_status; /* hung BMCs stay all 0 */ 88 enum bt_states complete; /* to divert the state machine */ 89 int BT_CAP_outreqs; 90 long BT_CAP_req2rsp; 91 int BT_CAP_retries; /* Recommended retries */ 92 }; 93 94 #define BT_CLR_WR_PTR 0x01 /* See IPMI 1.5 table 11.6.4 */ 95 #define BT_CLR_RD_PTR 0x02 96 #define BT_H2B_ATN 0x04 97 #define BT_B2H_ATN 0x08 98 #define BT_SMS_ATN 0x10 99 #define BT_OEM0 0x20 100 #define BT_H_BUSY 0x40 101 #define BT_B_BUSY 0x80 102 103 /* 104 * Some bits are toggled on each write: write once to set it, once 105 * more to clear it; writing a zero does nothing. To absolutely 106 * clear it, check its state and write if set. This avoids the "get 107 * current then use as mask" scheme to modify one bit. Note that the 108 * variable "bt" is hardcoded into these macros. 109 */ 110 111 #define BT_STATUS bt->io->inputb(bt->io, 0) 112 #define BT_CONTROL(x) bt->io->outputb(bt->io, 0, x) 113 114 #define BMC2HOST bt->io->inputb(bt->io, 1) 115 #define HOST2BMC(x) bt->io->outputb(bt->io, 1, x) 116 117 #define BT_INTMASK_R bt->io->inputb(bt->io, 2) 118 #define BT_INTMASK_W(x) bt->io->outputb(bt->io, 2, x) 119 120 /* 121 * Convenience routines for debugging. These are not multi-open safe! 122 * Note the macros have hardcoded variables in them. 123 */ 124 125 static char *state2txt(unsigned char state) 126 { 127 switch (state) { 128 case BT_STATE_IDLE: return("IDLE"); 129 case BT_STATE_XACTION_START: return("XACTION"); 130 case BT_STATE_WRITE_BYTES: return("WR_BYTES"); 131 case BT_STATE_WRITE_CONSUME: return("WR_CONSUME"); 132 case BT_STATE_READ_WAIT: return("RD_WAIT"); 133 case BT_STATE_CLEAR_B2H: return("CLEAR_B2H"); 134 case BT_STATE_READ_BYTES: return("RD_BYTES"); 135 case BT_STATE_RESET1: return("RESET1"); 136 case BT_STATE_RESET2: return("RESET2"); 137 case BT_STATE_RESET3: return("RESET3"); 138 case BT_STATE_RESTART: return("RESTART"); 139 case BT_STATE_LONG_BUSY: return("LONG_BUSY"); 140 case BT_STATE_CAPABILITIES_BEGIN: return("CAP_BEGIN"); 141 case BT_STATE_CAPABILITIES_END: return("CAP_END"); 142 } 143 return("BAD STATE"); 144 } 145 #define STATE2TXT state2txt(bt->state) 146 147 static char *status2txt(unsigned char status) 148 { 149 /* 150 * This cannot be called by two threads at the same time and 151 * the buffer is always consumed immediately, so the static is 152 * safe to use. 153 */ 154 static char buf[40]; 155 156 strcpy(buf, "[ "); 157 if (status & BT_B_BUSY) 158 strcat(buf, "B_BUSY "); 159 if (status & BT_H_BUSY) 160 strcat(buf, "H_BUSY "); 161 if (status & BT_OEM0) 162 strcat(buf, "OEM0 "); 163 if (status & BT_SMS_ATN) 164 strcat(buf, "SMS "); 165 if (status & BT_B2H_ATN) 166 strcat(buf, "B2H "); 167 if (status & BT_H2B_ATN) 168 strcat(buf, "H2B "); 169 strcat(buf, "]"); 170 return buf; 171 } 172 #define STATUS2TXT status2txt(status) 173 174 /* called externally at insmod time, and internally on cleanup */ 175 176 static unsigned int bt_init_data(struct si_sm_data *bt, struct si_sm_io *io) 177 { 178 memset(bt, 0, sizeof(struct si_sm_data)); 179 if (bt->io != io) { 180 /* external: one-time only things */ 181 bt->io = io; 182 bt->seq = 0; 183 } 184 bt->state = BT_STATE_IDLE; /* start here */ 185 bt->complete = BT_STATE_IDLE; /* end here */ 186 bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * USEC_PER_SEC; 187 bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT; 188 /* BT_CAP_outreqs == zero is a flag to read BT Capabilities */ 189 return 3; /* We claim 3 bytes of space; ought to check SPMI table */ 190 } 191 192 /* Jam a completion code (probably an error) into a response */ 193 194 static void force_result(struct si_sm_data *bt, unsigned char completion_code) 195 { 196 bt->read_data[0] = 4; /* # following bytes */ 197 bt->read_data[1] = bt->write_data[1] | 4; /* Odd NetFn/LUN */ 198 bt->read_data[2] = bt->write_data[2]; /* seq (ignored) */ 199 bt->read_data[3] = bt->write_data[3]; /* Command */ 200 bt->read_data[4] = completion_code; 201 bt->read_count = 5; 202 } 203 204 /* The upper state machine starts here */ 205 206 static int bt_start_transaction(struct si_sm_data *bt, 207 unsigned char *data, 208 unsigned int size) 209 { 210 unsigned int i; 211 212 if (size < 2) 213 return IPMI_REQ_LEN_INVALID_ERR; 214 if (size > IPMI_MAX_MSG_LENGTH) 215 return IPMI_REQ_LEN_EXCEEDED_ERR; 216 217 if (bt->state == BT_STATE_LONG_BUSY) 218 return IPMI_NODE_BUSY_ERR; 219 220 if (bt->state != BT_STATE_IDLE) 221 return IPMI_NOT_IN_MY_STATE_ERR; 222 223 if (bt_debug & BT_DEBUG_MSG) { 224 printk(KERN_WARNING "BT: +++++++++++++++++ New command\n"); 225 printk(KERN_WARNING "BT: NetFn/LUN CMD [%d data]:", size - 2); 226 for (i = 0; i < size; i ++) 227 printk(" %02x", data[i]); 228 printk("\n"); 229 } 230 bt->write_data[0] = size + 1; /* all data plus seq byte */ 231 bt->write_data[1] = *data; /* NetFn/LUN */ 232 bt->write_data[2] = bt->seq++; 233 memcpy(bt->write_data + 3, data + 1, size - 1); 234 bt->write_count = size + 2; 235 bt->error_retries = 0; 236 bt->nonzero_status = 0; 237 bt->truncated = 0; 238 bt->state = BT_STATE_XACTION_START; 239 bt->timeout = bt->BT_CAP_req2rsp; 240 force_result(bt, IPMI_ERR_UNSPECIFIED); 241 return 0; 242 } 243 244 /* 245 * After the upper state machine has been told SI_SM_TRANSACTION_COMPLETE 246 * it calls this. Strip out the length and seq bytes. 247 */ 248 249 static int bt_get_result(struct si_sm_data *bt, 250 unsigned char *data, 251 unsigned int length) 252 { 253 int i, msg_len; 254 255 msg_len = bt->read_count - 2; /* account for length & seq */ 256 if (msg_len < 3 || msg_len > IPMI_MAX_MSG_LENGTH) { 257 force_result(bt, IPMI_ERR_UNSPECIFIED); 258 msg_len = 3; 259 } 260 data[0] = bt->read_data[1]; 261 data[1] = bt->read_data[3]; 262 if (length < msg_len || bt->truncated) { 263 data[2] = IPMI_ERR_MSG_TRUNCATED; 264 msg_len = 3; 265 } else 266 memcpy(data + 2, bt->read_data + 4, msg_len - 2); 267 268 if (bt_debug & BT_DEBUG_MSG) { 269 printk(KERN_WARNING "BT: result %d bytes:", msg_len); 270 for (i = 0; i < msg_len; i++) 271 printk(" %02x", data[i]); 272 printk("\n"); 273 } 274 return msg_len; 275 } 276 277 /* This bit's functionality is optional */ 278 #define BT_BMC_HWRST 0x80 279 280 static void reset_flags(struct si_sm_data *bt) 281 { 282 if (bt_debug) 283 printk(KERN_WARNING "IPMI BT: flag reset %s\n", 284 status2txt(BT_STATUS)); 285 if (BT_STATUS & BT_H_BUSY) 286 BT_CONTROL(BT_H_BUSY); /* force clear */ 287 BT_CONTROL(BT_CLR_WR_PTR); /* always reset */ 288 BT_CONTROL(BT_SMS_ATN); /* always clear */ 289 BT_INTMASK_W(BT_BMC_HWRST); 290 } 291 292 /* 293 * Get rid of an unwanted/stale response. This should only be needed for 294 * BMCs that support multiple outstanding requests. 295 */ 296 297 static void drain_BMC2HOST(struct si_sm_data *bt) 298 { 299 int i, size; 300 301 if (!(BT_STATUS & BT_B2H_ATN)) /* Not signalling a response */ 302 return; 303 304 BT_CONTROL(BT_H_BUSY); /* now set */ 305 BT_CONTROL(BT_B2H_ATN); /* always clear */ 306 BT_STATUS; /* pause */ 307 BT_CONTROL(BT_B2H_ATN); /* some BMCs are stubborn */ 308 BT_CONTROL(BT_CLR_RD_PTR); /* always reset */ 309 if (bt_debug) 310 printk(KERN_WARNING "IPMI BT: stale response %s; ", 311 status2txt(BT_STATUS)); 312 size = BMC2HOST; 313 for (i = 0; i < size ; i++) 314 BMC2HOST; 315 BT_CONTROL(BT_H_BUSY); /* now clear */ 316 if (bt_debug) 317 printk("drained %d bytes\n", size + 1); 318 } 319 320 static inline void write_all_bytes(struct si_sm_data *bt) 321 { 322 int i; 323 324 if (bt_debug & BT_DEBUG_MSG) { 325 printk(KERN_WARNING "BT: write %d bytes seq=0x%02X", 326 bt->write_count, bt->seq); 327 for (i = 0; i < bt->write_count; i++) 328 printk(" %02x", bt->write_data[i]); 329 printk("\n"); 330 } 331 for (i = 0; i < bt->write_count; i++) 332 HOST2BMC(bt->write_data[i]); 333 } 334 335 static inline int read_all_bytes(struct si_sm_data *bt) 336 { 337 unsigned int i; 338 339 /* 340 * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode. 341 * Keep layout of first four bytes aligned with write_data[] 342 */ 343 344 bt->read_data[0] = BMC2HOST; 345 bt->read_count = bt->read_data[0]; 346 347 if (bt->read_count < 4 || bt->read_count >= IPMI_MAX_MSG_LENGTH) { 348 if (bt_debug & BT_DEBUG_MSG) 349 printk(KERN_WARNING "BT: bad raw rsp len=%d\n", 350 bt->read_count); 351 bt->truncated = 1; 352 return 1; /* let next XACTION START clean it up */ 353 } 354 for (i = 1; i <= bt->read_count; i++) 355 bt->read_data[i] = BMC2HOST; 356 bt->read_count++; /* Account internally for length byte */ 357 358 if (bt_debug & BT_DEBUG_MSG) { 359 int max = bt->read_count; 360 361 printk(KERN_WARNING "BT: got %d bytes seq=0x%02X", 362 max, bt->read_data[2]); 363 if (max > 16) 364 max = 16; 365 for (i = 0; i < max; i++) 366 printk(KERN_CONT " %02x", bt->read_data[i]); 367 printk(KERN_CONT "%s\n", bt->read_count == max ? "" : " ..."); 368 } 369 370 /* per the spec, the (NetFn[1], Seq[2], Cmd[3]) tuples must match */ 371 if ((bt->read_data[3] == bt->write_data[3]) && 372 (bt->read_data[2] == bt->write_data[2]) && 373 ((bt->read_data[1] & 0xF8) == (bt->write_data[1] & 0xF8))) 374 return 1; 375 376 if (bt_debug & BT_DEBUG_MSG) 377 printk(KERN_WARNING "IPMI BT: bad packet: " 378 "want 0x(%02X, %02X, %02X) got (%02X, %02X, %02X)\n", 379 bt->write_data[1] | 0x04, bt->write_data[2], bt->write_data[3], 380 bt->read_data[1], bt->read_data[2], bt->read_data[3]); 381 return 0; 382 } 383 384 /* Restart if retries are left, or return an error completion code */ 385 386 static enum si_sm_result error_recovery(struct si_sm_data *bt, 387 unsigned char status, 388 unsigned char cCode) 389 { 390 char *reason; 391 392 bt->timeout = bt->BT_CAP_req2rsp; 393 394 switch (cCode) { 395 case IPMI_TIMEOUT_ERR: 396 reason = "timeout"; 397 break; 398 default: 399 reason = "internal error"; 400 break; 401 } 402 403 printk(KERN_WARNING "IPMI BT: %s in %s %s ", /* open-ended line */ 404 reason, STATE2TXT, STATUS2TXT); 405 406 /* 407 * Per the IPMI spec, retries are based on the sequence number 408 * known only to this module, so manage a restart here. 409 */ 410 (bt->error_retries)++; 411 if (bt->error_retries < bt->BT_CAP_retries) { 412 printk("%d retries left\n", 413 bt->BT_CAP_retries - bt->error_retries); 414 bt->state = BT_STATE_RESTART; 415 return SI_SM_CALL_WITHOUT_DELAY; 416 } 417 418 printk(KERN_WARNING "failed %d retries, sending error response\n", 419 bt->BT_CAP_retries); 420 if (!bt->nonzero_status) 421 printk(KERN_ERR "IPMI BT: stuck, try power cycle\n"); 422 423 /* this is most likely during insmod */ 424 else if (bt->seq <= (unsigned char)(bt->BT_CAP_retries & 0xFF)) { 425 printk(KERN_WARNING "IPMI: BT reset (takes 5 secs)\n"); 426 bt->state = BT_STATE_RESET1; 427 return SI_SM_CALL_WITHOUT_DELAY; 428 } 429 430 /* 431 * Concoct a useful error message, set up the next state, and 432 * be done with this sequence. 433 */ 434 435 bt->state = BT_STATE_IDLE; 436 switch (cCode) { 437 case IPMI_TIMEOUT_ERR: 438 if (status & BT_B_BUSY) { 439 cCode = IPMI_NODE_BUSY_ERR; 440 bt->state = BT_STATE_LONG_BUSY; 441 } 442 break; 443 default: 444 break; 445 } 446 force_result(bt, cCode); 447 return SI_SM_TRANSACTION_COMPLETE; 448 } 449 450 /* Check status and (usually) take action and change this state machine. */ 451 452 static enum si_sm_result bt_event(struct si_sm_data *bt, long time) 453 { 454 unsigned char status, BT_CAP[8]; 455 static enum bt_states last_printed = BT_STATE_PRINTME; 456 int i; 457 458 status = BT_STATUS; 459 bt->nonzero_status |= status; 460 if ((bt_debug & BT_DEBUG_STATES) && (bt->state != last_printed)) { 461 printk(KERN_WARNING "BT: %s %s TO=%ld - %ld \n", 462 STATE2TXT, 463 STATUS2TXT, 464 bt->timeout, 465 time); 466 last_printed = bt->state; 467 } 468 469 /* 470 * Commands that time out may still (eventually) provide a response. 471 * This stale response will get in the way of a new response so remove 472 * it if possible (hopefully during IDLE). Even if it comes up later 473 * it will be rejected by its (now-forgotten) seq number. 474 */ 475 476 if ((bt->state < BT_STATE_WRITE_BYTES) && (status & BT_B2H_ATN)) { 477 drain_BMC2HOST(bt); 478 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY); 479 } 480 481 if ((bt->state != BT_STATE_IDLE) && 482 (bt->state < BT_STATE_PRINTME)) { 483 /* check timeout */ 484 bt->timeout -= time; 485 if ((bt->timeout < 0) && (bt->state < BT_STATE_RESET1)) 486 return error_recovery(bt, 487 status, 488 IPMI_TIMEOUT_ERR); 489 } 490 491 switch (bt->state) { 492 493 /* 494 * Idle state first checks for asynchronous messages from another 495 * channel, then does some opportunistic housekeeping. 496 */ 497 498 case BT_STATE_IDLE: 499 if (status & BT_SMS_ATN) { 500 BT_CONTROL(BT_SMS_ATN); /* clear it */ 501 return SI_SM_ATTN; 502 } 503 504 if (status & BT_H_BUSY) /* clear a leftover H_BUSY */ 505 BT_CONTROL(BT_H_BUSY); 506 507 bt->timeout = bt->BT_CAP_req2rsp; 508 509 /* Read BT capabilities if it hasn't been done yet */ 510 if (!bt->BT_CAP_outreqs) 511 BT_STATE_CHANGE(BT_STATE_CAPABILITIES_BEGIN, 512 SI_SM_CALL_WITHOUT_DELAY); 513 BT_SI_SM_RETURN(SI_SM_IDLE); 514 515 case BT_STATE_XACTION_START: 516 if (status & (BT_B_BUSY | BT_H2B_ATN)) 517 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY); 518 if (BT_STATUS & BT_H_BUSY) 519 BT_CONTROL(BT_H_BUSY); /* force clear */ 520 BT_STATE_CHANGE(BT_STATE_WRITE_BYTES, 521 SI_SM_CALL_WITHOUT_DELAY); 522 523 case BT_STATE_WRITE_BYTES: 524 if (status & BT_H_BUSY) 525 BT_CONTROL(BT_H_BUSY); /* clear */ 526 BT_CONTROL(BT_CLR_WR_PTR); 527 write_all_bytes(bt); 528 BT_CONTROL(BT_H2B_ATN); /* can clear too fast to catch */ 529 BT_STATE_CHANGE(BT_STATE_WRITE_CONSUME, 530 SI_SM_CALL_WITHOUT_DELAY); 531 532 case BT_STATE_WRITE_CONSUME: 533 if (status & (BT_B_BUSY | BT_H2B_ATN)) 534 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY); 535 BT_STATE_CHANGE(BT_STATE_READ_WAIT, 536 SI_SM_CALL_WITHOUT_DELAY); 537 538 /* Spinning hard can suppress B2H_ATN and force a timeout */ 539 540 case BT_STATE_READ_WAIT: 541 if (!(status & BT_B2H_ATN)) 542 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY); 543 BT_CONTROL(BT_H_BUSY); /* set */ 544 545 /* 546 * Uncached, ordered writes should just proceed serially but 547 * some BMCs don't clear B2H_ATN with one hit. Fast-path a 548 * workaround without too much penalty to the general case. 549 */ 550 551 BT_CONTROL(BT_B2H_ATN); /* clear it to ACK the BMC */ 552 BT_STATE_CHANGE(BT_STATE_CLEAR_B2H, 553 SI_SM_CALL_WITHOUT_DELAY); 554 555 case BT_STATE_CLEAR_B2H: 556 if (status & BT_B2H_ATN) { 557 /* keep hitting it */ 558 BT_CONTROL(BT_B2H_ATN); 559 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY); 560 } 561 BT_STATE_CHANGE(BT_STATE_READ_BYTES, 562 SI_SM_CALL_WITHOUT_DELAY); 563 564 case BT_STATE_READ_BYTES: 565 if (!(status & BT_H_BUSY)) 566 /* check in case of retry */ 567 BT_CONTROL(BT_H_BUSY); 568 BT_CONTROL(BT_CLR_RD_PTR); /* start of BMC2HOST buffer */ 569 i = read_all_bytes(bt); /* true == packet seq match */ 570 BT_CONTROL(BT_H_BUSY); /* NOW clear */ 571 if (!i) /* Not my message */ 572 BT_STATE_CHANGE(BT_STATE_READ_WAIT, 573 SI_SM_CALL_WITHOUT_DELAY); 574 bt->state = bt->complete; 575 return bt->state == BT_STATE_IDLE ? /* where to next? */ 576 SI_SM_TRANSACTION_COMPLETE : /* normal */ 577 SI_SM_CALL_WITHOUT_DELAY; /* Startup magic */ 578 579 case BT_STATE_LONG_BUSY: /* For example: after FW update */ 580 if (!(status & BT_B_BUSY)) { 581 reset_flags(bt); /* next state is now IDLE */ 582 bt_init_data(bt, bt->io); 583 } 584 return SI_SM_CALL_WITH_DELAY; /* No repeat printing */ 585 586 case BT_STATE_RESET1: 587 reset_flags(bt); 588 drain_BMC2HOST(bt); 589 BT_STATE_CHANGE(BT_STATE_RESET2, 590 SI_SM_CALL_WITH_DELAY); 591 592 case BT_STATE_RESET2: /* Send a soft reset */ 593 BT_CONTROL(BT_CLR_WR_PTR); 594 HOST2BMC(3); /* number of bytes following */ 595 HOST2BMC(0x18); /* NetFn/LUN == Application, LUN 0 */ 596 HOST2BMC(42); /* Sequence number */ 597 HOST2BMC(3); /* Cmd == Soft reset */ 598 BT_CONTROL(BT_H2B_ATN); 599 bt->timeout = BT_RESET_DELAY * USEC_PER_SEC; 600 BT_STATE_CHANGE(BT_STATE_RESET3, 601 SI_SM_CALL_WITH_DELAY); 602 603 case BT_STATE_RESET3: /* Hold off everything for a bit */ 604 if (bt->timeout > 0) 605 return SI_SM_CALL_WITH_DELAY; 606 drain_BMC2HOST(bt); 607 BT_STATE_CHANGE(BT_STATE_RESTART, 608 SI_SM_CALL_WITH_DELAY); 609 610 case BT_STATE_RESTART: /* don't reset retries or seq! */ 611 bt->read_count = 0; 612 bt->nonzero_status = 0; 613 bt->timeout = bt->BT_CAP_req2rsp; 614 BT_STATE_CHANGE(BT_STATE_XACTION_START, 615 SI_SM_CALL_WITH_DELAY); 616 617 /* 618 * Get BT Capabilities, using timing of upper level state machine. 619 * Set outreqs to prevent infinite loop on timeout. 620 */ 621 case BT_STATE_CAPABILITIES_BEGIN: 622 bt->BT_CAP_outreqs = 1; 623 { 624 unsigned char GetBT_CAP[] = { 0x18, 0x36 }; 625 bt->state = BT_STATE_IDLE; 626 bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP)); 627 } 628 bt->complete = BT_STATE_CAPABILITIES_END; 629 BT_STATE_CHANGE(BT_STATE_XACTION_START, 630 SI_SM_CALL_WITH_DELAY); 631 632 case BT_STATE_CAPABILITIES_END: 633 i = bt_get_result(bt, BT_CAP, sizeof(BT_CAP)); 634 bt_init_data(bt, bt->io); 635 if ((i == 8) && !BT_CAP[2]) { 636 bt->BT_CAP_outreqs = BT_CAP[3]; 637 bt->BT_CAP_req2rsp = BT_CAP[6] * USEC_PER_SEC; 638 bt->BT_CAP_retries = BT_CAP[7]; 639 } else 640 printk(KERN_WARNING "IPMI BT: using default values\n"); 641 if (!bt->BT_CAP_outreqs) 642 bt->BT_CAP_outreqs = 1; 643 printk(KERN_WARNING "IPMI BT: req2rsp=%ld secs retries=%d\n", 644 bt->BT_CAP_req2rsp / USEC_PER_SEC, bt->BT_CAP_retries); 645 bt->timeout = bt->BT_CAP_req2rsp; 646 return SI_SM_CALL_WITHOUT_DELAY; 647 648 default: /* should never occur */ 649 return error_recovery(bt, 650 status, 651 IPMI_ERR_UNSPECIFIED); 652 } 653 return SI_SM_CALL_WITH_DELAY; 654 } 655 656 static int bt_detect(struct si_sm_data *bt) 657 { 658 /* 659 * It's impossible for the BT status and interrupt registers to be 660 * all 1's, (assuming a properly functioning, self-initialized BMC) 661 * but that's what you get from reading a bogus address, so we 662 * test that first. The calling routine uses negative logic. 663 */ 664 665 if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF)) 666 return 1; 667 reset_flags(bt); 668 return 0; 669 } 670 671 static void bt_cleanup(struct si_sm_data *bt) 672 { 673 } 674 675 static int bt_size(void) 676 { 677 return sizeof(struct si_sm_data); 678 } 679 680 const struct si_sm_handlers bt_smi_handlers = { 681 .init_data = bt_init_data, 682 .start_transaction = bt_start_transaction, 683 .get_result = bt_get_result, 684 .event = bt_event, 685 .detect = bt_detect, 686 .cleanup = bt_cleanup, 687 .size = bt_size, 688 }; 689