xref: /openbmc/linux/drivers/char/ipmi/ipmi_bt_sm.c (revision 8bd1369b)
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  *  ipmi_bt_sm.c
4  *
5  *  The state machine for an Open IPMI BT sub-driver under ipmi_si.c, part
6  *  of the driver architecture at http://sourceforge.net/projects/openipmi
7  *
8  *  Author:	Rocky Craig <first.last@hp.com>
9  */
10 
11 #include <linux/kernel.h> /* For printk. */
12 #include <linux/string.h>
13 #include <linux/module.h>
14 #include <linux/moduleparam.h>
15 #include <linux/ipmi_msgdefs.h>		/* for completion codes */
16 #include "ipmi_si_sm.h"
17 
18 #define BT_DEBUG_OFF	0	/* Used in production */
19 #define BT_DEBUG_ENABLE	1	/* Generic messages */
20 #define BT_DEBUG_MSG	2	/* Prints all request/response buffers */
21 #define BT_DEBUG_STATES	4	/* Verbose look at state changes */
22 /*
23  * BT_DEBUG_OFF must be zero to correspond to the default uninitialized
24  * value
25  */
26 
27 static int bt_debug; /* 0 == BT_DEBUG_OFF */
28 
29 module_param(bt_debug, int, 0644);
30 MODULE_PARM_DESC(bt_debug, "debug bitmask, 1=enable, 2=messages, 4=states");
31 
32 /*
33  * Typical "Get BT Capabilities" values are 2-3 retries, 5-10 seconds,
34  * and 64 byte buffers.  However, one HP implementation wants 255 bytes of
35  * buffer (with a documented message of 160 bytes) so go for the max.
36  * Since the Open IPMI architecture is single-message oriented at this
37  * stage, the queue depth of BT is of no concern.
38  */
39 
40 #define BT_NORMAL_TIMEOUT	5	/* seconds */
41 #define BT_NORMAL_RETRY_LIMIT	2
42 #define BT_RESET_DELAY		6	/* seconds after warm reset */
43 
44 /*
45  * States are written in chronological order and usually cover
46  * multiple rows of the state table discussion in the IPMI spec.
47  */
48 
49 enum bt_states {
50 	BT_STATE_IDLE = 0,	/* Order is critical in this list */
51 	BT_STATE_XACTION_START,
52 	BT_STATE_WRITE_BYTES,
53 	BT_STATE_WRITE_CONSUME,
54 	BT_STATE_READ_WAIT,
55 	BT_STATE_CLEAR_B2H,
56 	BT_STATE_READ_BYTES,
57 	BT_STATE_RESET1,	/* These must come last */
58 	BT_STATE_RESET2,
59 	BT_STATE_RESET3,
60 	BT_STATE_RESTART,
61 	BT_STATE_PRINTME,
62 	BT_STATE_CAPABILITIES_BEGIN,
63 	BT_STATE_CAPABILITIES_END,
64 	BT_STATE_LONG_BUSY	/* BT doesn't get hosed :-) */
65 };
66 
67 /*
68  * Macros seen at the end of state "case" blocks.  They help with legibility
69  * and debugging.
70  */
71 
72 #define BT_STATE_CHANGE(X, Y) { bt->state = X; return Y; }
73 
74 #define BT_SI_SM_RETURN(Y)   { last_printed = BT_STATE_PRINTME; return Y; }
75 
76 struct si_sm_data {
77 	enum bt_states	state;
78 	unsigned char	seq;		/* BT sequence number */
79 	struct si_sm_io	*io;
80 	unsigned char	write_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
81 	int		write_count;
82 	unsigned char	read_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
83 	int		read_count;
84 	int		truncated;
85 	long		timeout;	/* microseconds countdown */
86 	int		error_retries;	/* end of "common" fields */
87 	int		nonzero_status;	/* hung BMCs stay all 0 */
88 	enum bt_states	complete;	/* to divert the state machine */
89 	int		BT_CAP_outreqs;
90 	long		BT_CAP_req2rsp;
91 	int		BT_CAP_retries;	/* Recommended retries */
92 };
93 
94 #define BT_CLR_WR_PTR	0x01	/* See IPMI 1.5 table 11.6.4 */
95 #define BT_CLR_RD_PTR	0x02
96 #define BT_H2B_ATN	0x04
97 #define BT_B2H_ATN	0x08
98 #define BT_SMS_ATN	0x10
99 #define BT_OEM0		0x20
100 #define BT_H_BUSY	0x40
101 #define BT_B_BUSY	0x80
102 
103 /*
104  * Some bits are toggled on each write: write once to set it, once
105  * more to clear it; writing a zero does nothing.  To absolutely
106  * clear it, check its state and write if set.  This avoids the "get
107  * current then use as mask" scheme to modify one bit.  Note that the
108  * variable "bt" is hardcoded into these macros.
109  */
110 
111 #define BT_STATUS	bt->io->inputb(bt->io, 0)
112 #define BT_CONTROL(x)	bt->io->outputb(bt->io, 0, x)
113 
114 #define BMC2HOST	bt->io->inputb(bt->io, 1)
115 #define HOST2BMC(x)	bt->io->outputb(bt->io, 1, x)
116 
117 #define BT_INTMASK_R	bt->io->inputb(bt->io, 2)
118 #define BT_INTMASK_W(x)	bt->io->outputb(bt->io, 2, x)
119 
120 /*
121  * Convenience routines for debugging.  These are not multi-open safe!
122  * Note the macros have hardcoded variables in them.
123  */
124 
125 static char *state2txt(unsigned char state)
126 {
127 	switch (state) {
128 	case BT_STATE_IDLE:		return("IDLE");
129 	case BT_STATE_XACTION_START:	return("XACTION");
130 	case BT_STATE_WRITE_BYTES:	return("WR_BYTES");
131 	case BT_STATE_WRITE_CONSUME:	return("WR_CONSUME");
132 	case BT_STATE_READ_WAIT:	return("RD_WAIT");
133 	case BT_STATE_CLEAR_B2H:	return("CLEAR_B2H");
134 	case BT_STATE_READ_BYTES:	return("RD_BYTES");
135 	case BT_STATE_RESET1:		return("RESET1");
136 	case BT_STATE_RESET2:		return("RESET2");
137 	case BT_STATE_RESET3:		return("RESET3");
138 	case BT_STATE_RESTART:		return("RESTART");
139 	case BT_STATE_LONG_BUSY:	return("LONG_BUSY");
140 	case BT_STATE_CAPABILITIES_BEGIN: return("CAP_BEGIN");
141 	case BT_STATE_CAPABILITIES_END:	return("CAP_END");
142 	}
143 	return("BAD STATE");
144 }
145 #define STATE2TXT state2txt(bt->state)
146 
147 static char *status2txt(unsigned char status)
148 {
149 	/*
150 	 * This cannot be called by two threads at the same time and
151 	 * the buffer is always consumed immediately, so the static is
152 	 * safe to use.
153 	 */
154 	static char buf[40];
155 
156 	strcpy(buf, "[ ");
157 	if (status & BT_B_BUSY)
158 		strcat(buf, "B_BUSY ");
159 	if (status & BT_H_BUSY)
160 		strcat(buf, "H_BUSY ");
161 	if (status & BT_OEM0)
162 		strcat(buf, "OEM0 ");
163 	if (status & BT_SMS_ATN)
164 		strcat(buf, "SMS ");
165 	if (status & BT_B2H_ATN)
166 		strcat(buf, "B2H ");
167 	if (status & BT_H2B_ATN)
168 		strcat(buf, "H2B ");
169 	strcat(buf, "]");
170 	return buf;
171 }
172 #define STATUS2TXT status2txt(status)
173 
174 /* called externally at insmod time, and internally on cleanup */
175 
176 static unsigned int bt_init_data(struct si_sm_data *bt, struct si_sm_io *io)
177 {
178 	memset(bt, 0, sizeof(struct si_sm_data));
179 	if (bt->io != io) {
180 		/* external: one-time only things */
181 		bt->io = io;
182 		bt->seq = 0;
183 	}
184 	bt->state = BT_STATE_IDLE;	/* start here */
185 	bt->complete = BT_STATE_IDLE;	/* end here */
186 	bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * USEC_PER_SEC;
187 	bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT;
188 	/* BT_CAP_outreqs == zero is a flag to read BT Capabilities */
189 	return 3; /* We claim 3 bytes of space; ought to check SPMI table */
190 }
191 
192 /* Jam a completion code (probably an error) into a response */
193 
194 static void force_result(struct si_sm_data *bt, unsigned char completion_code)
195 {
196 	bt->read_data[0] = 4;				/* # following bytes */
197 	bt->read_data[1] = bt->write_data[1] | 4;	/* Odd NetFn/LUN */
198 	bt->read_data[2] = bt->write_data[2];		/* seq (ignored) */
199 	bt->read_data[3] = bt->write_data[3];		/* Command */
200 	bt->read_data[4] = completion_code;
201 	bt->read_count = 5;
202 }
203 
204 /* The upper state machine starts here */
205 
206 static int bt_start_transaction(struct si_sm_data *bt,
207 				unsigned char *data,
208 				unsigned int size)
209 {
210 	unsigned int i;
211 
212 	if (size < 2)
213 		return IPMI_REQ_LEN_INVALID_ERR;
214 	if (size > IPMI_MAX_MSG_LENGTH)
215 		return IPMI_REQ_LEN_EXCEEDED_ERR;
216 
217 	if (bt->state == BT_STATE_LONG_BUSY)
218 		return IPMI_NODE_BUSY_ERR;
219 
220 	if (bt->state != BT_STATE_IDLE)
221 		return IPMI_NOT_IN_MY_STATE_ERR;
222 
223 	if (bt_debug & BT_DEBUG_MSG) {
224 		printk(KERN_WARNING "BT: +++++++++++++++++ New command\n");
225 		printk(KERN_WARNING "BT: NetFn/LUN CMD [%d data]:", size - 2);
226 		for (i = 0; i < size; i ++)
227 			printk(" %02x", data[i]);
228 		printk("\n");
229 	}
230 	bt->write_data[0] = size + 1;	/* all data plus seq byte */
231 	bt->write_data[1] = *data;	/* NetFn/LUN */
232 	bt->write_data[2] = bt->seq++;
233 	memcpy(bt->write_data + 3, data + 1, size - 1);
234 	bt->write_count = size + 2;
235 	bt->error_retries = 0;
236 	bt->nonzero_status = 0;
237 	bt->truncated = 0;
238 	bt->state = BT_STATE_XACTION_START;
239 	bt->timeout = bt->BT_CAP_req2rsp;
240 	force_result(bt, IPMI_ERR_UNSPECIFIED);
241 	return 0;
242 }
243 
244 /*
245  * After the upper state machine has been told SI_SM_TRANSACTION_COMPLETE
246  * it calls this.  Strip out the length and seq bytes.
247  */
248 
249 static int bt_get_result(struct si_sm_data *bt,
250 			 unsigned char *data,
251 			 unsigned int length)
252 {
253 	int i, msg_len;
254 
255 	msg_len = bt->read_count - 2;		/* account for length & seq */
256 	if (msg_len < 3 || msg_len > IPMI_MAX_MSG_LENGTH) {
257 		force_result(bt, IPMI_ERR_UNSPECIFIED);
258 		msg_len = 3;
259 	}
260 	data[0] = bt->read_data[1];
261 	data[1] = bt->read_data[3];
262 	if (length < msg_len || bt->truncated) {
263 		data[2] = IPMI_ERR_MSG_TRUNCATED;
264 		msg_len = 3;
265 	} else
266 		memcpy(data + 2, bt->read_data + 4, msg_len - 2);
267 
268 	if (bt_debug & BT_DEBUG_MSG) {
269 		printk(KERN_WARNING "BT: result %d bytes:", msg_len);
270 		for (i = 0; i < msg_len; i++)
271 			printk(" %02x", data[i]);
272 		printk("\n");
273 	}
274 	return msg_len;
275 }
276 
277 /* This bit's functionality is optional */
278 #define BT_BMC_HWRST	0x80
279 
280 static void reset_flags(struct si_sm_data *bt)
281 {
282 	if (bt_debug)
283 		printk(KERN_WARNING "IPMI BT: flag reset %s\n",
284 					status2txt(BT_STATUS));
285 	if (BT_STATUS & BT_H_BUSY)
286 		BT_CONTROL(BT_H_BUSY);	/* force clear */
287 	BT_CONTROL(BT_CLR_WR_PTR);	/* always reset */
288 	BT_CONTROL(BT_SMS_ATN);		/* always clear */
289 	BT_INTMASK_W(BT_BMC_HWRST);
290 }
291 
292 /*
293  * Get rid of an unwanted/stale response.  This should only be needed for
294  * BMCs that support multiple outstanding requests.
295  */
296 
297 static void drain_BMC2HOST(struct si_sm_data *bt)
298 {
299 	int i, size;
300 
301 	if (!(BT_STATUS & BT_B2H_ATN)) 	/* Not signalling a response */
302 		return;
303 
304 	BT_CONTROL(BT_H_BUSY);		/* now set */
305 	BT_CONTROL(BT_B2H_ATN);		/* always clear */
306 	BT_STATUS;			/* pause */
307 	BT_CONTROL(BT_B2H_ATN);		/* some BMCs are stubborn */
308 	BT_CONTROL(BT_CLR_RD_PTR);	/* always reset */
309 	if (bt_debug)
310 		printk(KERN_WARNING "IPMI BT: stale response %s; ",
311 			status2txt(BT_STATUS));
312 	size = BMC2HOST;
313 	for (i = 0; i < size ; i++)
314 		BMC2HOST;
315 	BT_CONTROL(BT_H_BUSY);		/* now clear */
316 	if (bt_debug)
317 		printk("drained %d bytes\n", size + 1);
318 }
319 
320 static inline void write_all_bytes(struct si_sm_data *bt)
321 {
322 	int i;
323 
324 	if (bt_debug & BT_DEBUG_MSG) {
325 		printk(KERN_WARNING "BT: write %d bytes seq=0x%02X",
326 			bt->write_count, bt->seq);
327 		for (i = 0; i < bt->write_count; i++)
328 			printk(" %02x", bt->write_data[i]);
329 		printk("\n");
330 	}
331 	for (i = 0; i < bt->write_count; i++)
332 		HOST2BMC(bt->write_data[i]);
333 }
334 
335 static inline int read_all_bytes(struct si_sm_data *bt)
336 {
337 	unsigned int i;
338 
339 	/*
340 	 * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
341 	 * Keep layout of first four bytes aligned with write_data[]
342 	 */
343 
344 	bt->read_data[0] = BMC2HOST;
345 	bt->read_count = bt->read_data[0];
346 
347 	if (bt->read_count < 4 || bt->read_count >= IPMI_MAX_MSG_LENGTH) {
348 		if (bt_debug & BT_DEBUG_MSG)
349 			printk(KERN_WARNING "BT: bad raw rsp len=%d\n",
350 				bt->read_count);
351 		bt->truncated = 1;
352 		return 1;	/* let next XACTION START clean it up */
353 	}
354 	for (i = 1; i <= bt->read_count; i++)
355 		bt->read_data[i] = BMC2HOST;
356 	bt->read_count++;	/* Account internally for length byte */
357 
358 	if (bt_debug & BT_DEBUG_MSG) {
359 		int max = bt->read_count;
360 
361 		printk(KERN_WARNING "BT: got %d bytes seq=0x%02X",
362 			max, bt->read_data[2]);
363 		if (max > 16)
364 			max = 16;
365 		for (i = 0; i < max; i++)
366 			printk(KERN_CONT " %02x", bt->read_data[i]);
367 		printk(KERN_CONT "%s\n", bt->read_count == max ? "" : " ...");
368 	}
369 
370 	/* per the spec, the (NetFn[1], Seq[2], Cmd[3]) tuples must match */
371 	if ((bt->read_data[3] == bt->write_data[3]) &&
372 	    (bt->read_data[2] == bt->write_data[2]) &&
373 	    ((bt->read_data[1] & 0xF8) == (bt->write_data[1] & 0xF8)))
374 			return 1;
375 
376 	if (bt_debug & BT_DEBUG_MSG)
377 		printk(KERN_WARNING "IPMI BT: bad packet: "
378 		"want 0x(%02X, %02X, %02X) got (%02X, %02X, %02X)\n",
379 		bt->write_data[1] | 0x04, bt->write_data[2], bt->write_data[3],
380 		bt->read_data[1],  bt->read_data[2],  bt->read_data[3]);
381 	return 0;
382 }
383 
384 /* Restart if retries are left, or return an error completion code */
385 
386 static enum si_sm_result error_recovery(struct si_sm_data *bt,
387 					unsigned char status,
388 					unsigned char cCode)
389 {
390 	char *reason;
391 
392 	bt->timeout = bt->BT_CAP_req2rsp;
393 
394 	switch (cCode) {
395 	case IPMI_TIMEOUT_ERR:
396 		reason = "timeout";
397 		break;
398 	default:
399 		reason = "internal error";
400 		break;
401 	}
402 
403 	printk(KERN_WARNING "IPMI BT: %s in %s %s ", 	/* open-ended line */
404 		reason, STATE2TXT, STATUS2TXT);
405 
406 	/*
407 	 * Per the IPMI spec, retries are based on the sequence number
408 	 * known only to this module, so manage a restart here.
409 	 */
410 	(bt->error_retries)++;
411 	if (bt->error_retries < bt->BT_CAP_retries) {
412 		printk("%d retries left\n",
413 			bt->BT_CAP_retries - bt->error_retries);
414 		bt->state = BT_STATE_RESTART;
415 		return SI_SM_CALL_WITHOUT_DELAY;
416 	}
417 
418 	printk(KERN_WARNING "failed %d retries, sending error response\n",
419 	       bt->BT_CAP_retries);
420 	if (!bt->nonzero_status)
421 		printk(KERN_ERR "IPMI BT: stuck, try power cycle\n");
422 
423 	/* this is most likely during insmod */
424 	else if (bt->seq <= (unsigned char)(bt->BT_CAP_retries & 0xFF)) {
425 		printk(KERN_WARNING "IPMI: BT reset (takes 5 secs)\n");
426 		bt->state = BT_STATE_RESET1;
427 		return SI_SM_CALL_WITHOUT_DELAY;
428 	}
429 
430 	/*
431 	 * Concoct a useful error message, set up the next state, and
432 	 * be done with this sequence.
433 	 */
434 
435 	bt->state = BT_STATE_IDLE;
436 	switch (cCode) {
437 	case IPMI_TIMEOUT_ERR:
438 		if (status & BT_B_BUSY) {
439 			cCode = IPMI_NODE_BUSY_ERR;
440 			bt->state = BT_STATE_LONG_BUSY;
441 		}
442 		break;
443 	default:
444 		break;
445 	}
446 	force_result(bt, cCode);
447 	return SI_SM_TRANSACTION_COMPLETE;
448 }
449 
450 /* Check status and (usually) take action and change this state machine. */
451 
452 static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
453 {
454 	unsigned char status, BT_CAP[8];
455 	static enum bt_states last_printed = BT_STATE_PRINTME;
456 	int i;
457 
458 	status = BT_STATUS;
459 	bt->nonzero_status |= status;
460 	if ((bt_debug & BT_DEBUG_STATES) && (bt->state != last_printed)) {
461 		printk(KERN_WARNING "BT: %s %s TO=%ld - %ld \n",
462 			STATE2TXT,
463 			STATUS2TXT,
464 			bt->timeout,
465 			time);
466 		last_printed = bt->state;
467 	}
468 
469 	/*
470 	 * Commands that time out may still (eventually) provide a response.
471 	 * This stale response will get in the way of a new response so remove
472 	 * it if possible (hopefully during IDLE).  Even if it comes up later
473 	 * it will be rejected by its (now-forgotten) seq number.
474 	 */
475 
476 	if ((bt->state < BT_STATE_WRITE_BYTES) && (status & BT_B2H_ATN)) {
477 		drain_BMC2HOST(bt);
478 		BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
479 	}
480 
481 	if ((bt->state != BT_STATE_IDLE) &&
482 	    (bt->state <  BT_STATE_PRINTME)) {
483 		/* check timeout */
484 		bt->timeout -= time;
485 		if ((bt->timeout < 0) && (bt->state < BT_STATE_RESET1))
486 			return error_recovery(bt,
487 					      status,
488 					      IPMI_TIMEOUT_ERR);
489 	}
490 
491 	switch (bt->state) {
492 
493 	/*
494 	 * Idle state first checks for asynchronous messages from another
495 	 * channel, then does some opportunistic housekeeping.
496 	 */
497 
498 	case BT_STATE_IDLE:
499 		if (status & BT_SMS_ATN) {
500 			BT_CONTROL(BT_SMS_ATN);	/* clear it */
501 			return SI_SM_ATTN;
502 		}
503 
504 		if (status & BT_H_BUSY)		/* clear a leftover H_BUSY */
505 			BT_CONTROL(BT_H_BUSY);
506 
507 		bt->timeout = bt->BT_CAP_req2rsp;
508 
509 		/* Read BT capabilities if it hasn't been done yet */
510 		if (!bt->BT_CAP_outreqs)
511 			BT_STATE_CHANGE(BT_STATE_CAPABILITIES_BEGIN,
512 					SI_SM_CALL_WITHOUT_DELAY);
513 		BT_SI_SM_RETURN(SI_SM_IDLE);
514 
515 	case BT_STATE_XACTION_START:
516 		if (status & (BT_B_BUSY | BT_H2B_ATN))
517 			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
518 		if (BT_STATUS & BT_H_BUSY)
519 			BT_CONTROL(BT_H_BUSY);	/* force clear */
520 		BT_STATE_CHANGE(BT_STATE_WRITE_BYTES,
521 				SI_SM_CALL_WITHOUT_DELAY);
522 
523 	case BT_STATE_WRITE_BYTES:
524 		if (status & BT_H_BUSY)
525 			BT_CONTROL(BT_H_BUSY);	/* clear */
526 		BT_CONTROL(BT_CLR_WR_PTR);
527 		write_all_bytes(bt);
528 		BT_CONTROL(BT_H2B_ATN);	/* can clear too fast to catch */
529 		BT_STATE_CHANGE(BT_STATE_WRITE_CONSUME,
530 				SI_SM_CALL_WITHOUT_DELAY);
531 
532 	case BT_STATE_WRITE_CONSUME:
533 		if (status & (BT_B_BUSY | BT_H2B_ATN))
534 			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
535 		BT_STATE_CHANGE(BT_STATE_READ_WAIT,
536 				SI_SM_CALL_WITHOUT_DELAY);
537 
538 	/* Spinning hard can suppress B2H_ATN and force a timeout */
539 
540 	case BT_STATE_READ_WAIT:
541 		if (!(status & BT_B2H_ATN))
542 			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
543 		BT_CONTROL(BT_H_BUSY);		/* set */
544 
545 		/*
546 		 * Uncached, ordered writes should just proceed serially but
547 		 * some BMCs don't clear B2H_ATN with one hit.  Fast-path a
548 		 * workaround without too much penalty to the general case.
549 		 */
550 
551 		BT_CONTROL(BT_B2H_ATN);		/* clear it to ACK the BMC */
552 		BT_STATE_CHANGE(BT_STATE_CLEAR_B2H,
553 				SI_SM_CALL_WITHOUT_DELAY);
554 
555 	case BT_STATE_CLEAR_B2H:
556 		if (status & BT_B2H_ATN) {
557 			/* keep hitting it */
558 			BT_CONTROL(BT_B2H_ATN);
559 			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
560 		}
561 		BT_STATE_CHANGE(BT_STATE_READ_BYTES,
562 				SI_SM_CALL_WITHOUT_DELAY);
563 
564 	case BT_STATE_READ_BYTES:
565 		if (!(status & BT_H_BUSY))
566 			/* check in case of retry */
567 			BT_CONTROL(BT_H_BUSY);
568 		BT_CONTROL(BT_CLR_RD_PTR);	/* start of BMC2HOST buffer */
569 		i = read_all_bytes(bt);		/* true == packet seq match */
570 		BT_CONTROL(BT_H_BUSY);		/* NOW clear */
571 		if (!i) 			/* Not my message */
572 			BT_STATE_CHANGE(BT_STATE_READ_WAIT,
573 					SI_SM_CALL_WITHOUT_DELAY);
574 		bt->state = bt->complete;
575 		return bt->state == BT_STATE_IDLE ?	/* where to next? */
576 			SI_SM_TRANSACTION_COMPLETE :	/* normal */
577 			SI_SM_CALL_WITHOUT_DELAY;	/* Startup magic */
578 
579 	case BT_STATE_LONG_BUSY:	/* For example: after FW update */
580 		if (!(status & BT_B_BUSY)) {
581 			reset_flags(bt);	/* next state is now IDLE */
582 			bt_init_data(bt, bt->io);
583 		}
584 		return SI_SM_CALL_WITH_DELAY;	/* No repeat printing */
585 
586 	case BT_STATE_RESET1:
587 		reset_flags(bt);
588 		drain_BMC2HOST(bt);
589 		BT_STATE_CHANGE(BT_STATE_RESET2,
590 				SI_SM_CALL_WITH_DELAY);
591 
592 	case BT_STATE_RESET2:		/* Send a soft reset */
593 		BT_CONTROL(BT_CLR_WR_PTR);
594 		HOST2BMC(3);		/* number of bytes following */
595 		HOST2BMC(0x18);		/* NetFn/LUN == Application, LUN 0 */
596 		HOST2BMC(42);		/* Sequence number */
597 		HOST2BMC(3);		/* Cmd == Soft reset */
598 		BT_CONTROL(BT_H2B_ATN);
599 		bt->timeout = BT_RESET_DELAY * USEC_PER_SEC;
600 		BT_STATE_CHANGE(BT_STATE_RESET3,
601 				SI_SM_CALL_WITH_DELAY);
602 
603 	case BT_STATE_RESET3:		/* Hold off everything for a bit */
604 		if (bt->timeout > 0)
605 			return SI_SM_CALL_WITH_DELAY;
606 		drain_BMC2HOST(bt);
607 		BT_STATE_CHANGE(BT_STATE_RESTART,
608 				SI_SM_CALL_WITH_DELAY);
609 
610 	case BT_STATE_RESTART:		/* don't reset retries or seq! */
611 		bt->read_count = 0;
612 		bt->nonzero_status = 0;
613 		bt->timeout = bt->BT_CAP_req2rsp;
614 		BT_STATE_CHANGE(BT_STATE_XACTION_START,
615 				SI_SM_CALL_WITH_DELAY);
616 
617 	/*
618 	 * Get BT Capabilities, using timing of upper level state machine.
619 	 * Set outreqs to prevent infinite loop on timeout.
620 	 */
621 	case BT_STATE_CAPABILITIES_BEGIN:
622 		bt->BT_CAP_outreqs = 1;
623 		{
624 			unsigned char GetBT_CAP[] = { 0x18, 0x36 };
625 			bt->state = BT_STATE_IDLE;
626 			bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP));
627 		}
628 		bt->complete = BT_STATE_CAPABILITIES_END;
629 		BT_STATE_CHANGE(BT_STATE_XACTION_START,
630 				SI_SM_CALL_WITH_DELAY);
631 
632 	case BT_STATE_CAPABILITIES_END:
633 		i = bt_get_result(bt, BT_CAP, sizeof(BT_CAP));
634 		bt_init_data(bt, bt->io);
635 		if ((i == 8) && !BT_CAP[2]) {
636 			bt->BT_CAP_outreqs = BT_CAP[3];
637 			bt->BT_CAP_req2rsp = BT_CAP[6] * USEC_PER_SEC;
638 			bt->BT_CAP_retries = BT_CAP[7];
639 		} else
640 			printk(KERN_WARNING "IPMI BT: using default values\n");
641 		if (!bt->BT_CAP_outreqs)
642 			bt->BT_CAP_outreqs = 1;
643 		printk(KERN_WARNING "IPMI BT: req2rsp=%ld secs retries=%d\n",
644 			bt->BT_CAP_req2rsp / USEC_PER_SEC, bt->BT_CAP_retries);
645 		bt->timeout = bt->BT_CAP_req2rsp;
646 		return SI_SM_CALL_WITHOUT_DELAY;
647 
648 	default:	/* should never occur */
649 		return error_recovery(bt,
650 				      status,
651 				      IPMI_ERR_UNSPECIFIED);
652 	}
653 	return SI_SM_CALL_WITH_DELAY;
654 }
655 
656 static int bt_detect(struct si_sm_data *bt)
657 {
658 	/*
659 	 * It's impossible for the BT status and interrupt registers to be
660 	 * all 1's, (assuming a properly functioning, self-initialized BMC)
661 	 * but that's what you get from reading a bogus address, so we
662 	 * test that first.  The calling routine uses negative logic.
663 	 */
664 
665 	if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF))
666 		return 1;
667 	reset_flags(bt);
668 	return 0;
669 }
670 
671 static void bt_cleanup(struct si_sm_data *bt)
672 {
673 }
674 
675 static int bt_size(void)
676 {
677 	return sizeof(struct si_sm_data);
678 }
679 
680 const struct si_sm_handlers bt_smi_handlers = {
681 	.init_data		= bt_init_data,
682 	.start_transaction	= bt_start_transaction,
683 	.get_result		= bt_get_result,
684 	.event			= bt_event,
685 	.detect			= bt_detect,
686 	.cleanup		= bt_cleanup,
687 	.size			= bt_size,
688 };
689