xref: /openbmc/linux/drivers/char/ipmi/ipmi_bt_sm.c (revision cb3908c133f1285069673f11ad651d14ae0406cf)
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  *  ipmi_bt_sm.c
4  *
5  *  The state machine for an Open IPMI BT sub-driver under ipmi_si.c, part
6  *  of the driver architecture at http://sourceforge.net/projects/openipmi
7  *
8  *  Author:	Rocky Craig <first.last@hp.com>
9  */
10 
11 #define DEBUG /* So dev_dbg() is always available. */
12 
13 #include <linux/kernel.h> /* For printk. */
14 #include <linux/string.h>
15 #include <linux/module.h>
16 #include <linux/moduleparam.h>
17 #include <linux/ipmi_msgdefs.h>		/* for completion codes */
18 #include "ipmi_si_sm.h"
19 
20 #define BT_DEBUG_OFF	0	/* Used in production */
21 #define BT_DEBUG_ENABLE	1	/* Generic messages */
22 #define BT_DEBUG_MSG	2	/* Prints all request/response buffers */
23 #define BT_DEBUG_STATES	4	/* Verbose look at state changes */
24 /*
25  * BT_DEBUG_OFF must be zero to correspond to the default uninitialized
26  * value
27  */
28 
29 static int bt_debug; /* 0 == BT_DEBUG_OFF */
30 
31 module_param(bt_debug, int, 0644);
32 MODULE_PARM_DESC(bt_debug, "debug bitmask, 1=enable, 2=messages, 4=states");
33 
34 /*
35  * Typical "Get BT Capabilities" values are 2-3 retries, 5-10 seconds,
36  * and 64 byte buffers.  However, one HP implementation wants 255 bytes of
37  * buffer (with a documented message of 160 bytes) so go for the max.
38  * Since the Open IPMI architecture is single-message oriented at this
39  * stage, the queue depth of BT is of no concern.
40  */
41 
42 #define BT_NORMAL_TIMEOUT	5	/* seconds */
43 #define BT_NORMAL_RETRY_LIMIT	2
44 #define BT_RESET_DELAY		6	/* seconds after warm reset */
45 
46 /*
47  * States are written in chronological order and usually cover
48  * multiple rows of the state table discussion in the IPMI spec.
49  */
50 
51 enum bt_states {
52 	BT_STATE_IDLE = 0,	/* Order is critical in this list */
53 	BT_STATE_XACTION_START,
54 	BT_STATE_WRITE_BYTES,
55 	BT_STATE_WRITE_CONSUME,
56 	BT_STATE_READ_WAIT,
57 	BT_STATE_CLEAR_B2H,
58 	BT_STATE_READ_BYTES,
59 	BT_STATE_RESET1,	/* These must come last */
60 	BT_STATE_RESET2,
61 	BT_STATE_RESET3,
62 	BT_STATE_RESTART,
63 	BT_STATE_PRINTME,
64 	BT_STATE_LONG_BUSY	/* BT doesn't get hosed :-) */
65 };
66 
67 /*
68  * Macros seen at the end of state "case" blocks.  They help with legibility
69  * and debugging.
70  */
71 
72 #define BT_STATE_CHANGE(X, Y) { bt->state = X; return Y; }
73 
74 #define BT_SI_SM_RETURN(Y)   { last_printed = BT_STATE_PRINTME; return Y; }
75 
76 struct si_sm_data {
77 	enum bt_states	state;
78 	unsigned char	seq;		/* BT sequence number */
79 	struct si_sm_io	*io;
80 	unsigned char	write_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
81 	int		write_count;
82 	unsigned char	read_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
83 	int		read_count;
84 	int		truncated;
85 	long		timeout;	/* microseconds countdown */
86 	int		error_retries;	/* end of "common" fields */
87 	int		nonzero_status;	/* hung BMCs stay all 0 */
88 	enum bt_states	complete;	/* to divert the state machine */
89 	long		BT_CAP_req2rsp;
90 	int		BT_CAP_retries;	/* Recommended retries */
91 };
92 
93 #define BT_CLR_WR_PTR	0x01	/* See IPMI 1.5 table 11.6.4 */
94 #define BT_CLR_RD_PTR	0x02
95 #define BT_H2B_ATN	0x04
96 #define BT_B2H_ATN	0x08
97 #define BT_SMS_ATN	0x10
98 #define BT_OEM0		0x20
99 #define BT_H_BUSY	0x40
100 #define BT_B_BUSY	0x80
101 
102 /*
103  * Some bits are toggled on each write: write once to set it, once
104  * more to clear it; writing a zero does nothing.  To absolutely
105  * clear it, check its state and write if set.  This avoids the "get
106  * current then use as mask" scheme to modify one bit.  Note that the
107  * variable "bt" is hardcoded into these macros.
108  */
109 
110 #define BT_STATUS	bt->io->inputb(bt->io, 0)
111 #define BT_CONTROL(x)	bt->io->outputb(bt->io, 0, x)
112 
113 #define BMC2HOST	bt->io->inputb(bt->io, 1)
114 #define HOST2BMC(x)	bt->io->outputb(bt->io, 1, x)
115 
116 #define BT_INTMASK_R	bt->io->inputb(bt->io, 2)
117 #define BT_INTMASK_W(x)	bt->io->outputb(bt->io, 2, x)
118 
119 /*
120  * Convenience routines for debugging.  These are not multi-open safe!
121  * Note the macros have hardcoded variables in them.
122  */
123 
124 static char *state2txt(unsigned char state)
125 {
126 	switch (state) {
127 	case BT_STATE_IDLE:		return("IDLE");
128 	case BT_STATE_XACTION_START:	return("XACTION");
129 	case BT_STATE_WRITE_BYTES:	return("WR_BYTES");
130 	case BT_STATE_WRITE_CONSUME:	return("WR_CONSUME");
131 	case BT_STATE_READ_WAIT:	return("RD_WAIT");
132 	case BT_STATE_CLEAR_B2H:	return("CLEAR_B2H");
133 	case BT_STATE_READ_BYTES:	return("RD_BYTES");
134 	case BT_STATE_RESET1:		return("RESET1");
135 	case BT_STATE_RESET2:		return("RESET2");
136 	case BT_STATE_RESET3:		return("RESET3");
137 	case BT_STATE_RESTART:		return("RESTART");
138 	case BT_STATE_LONG_BUSY:	return("LONG_BUSY");
139 	}
140 	return("BAD STATE");
141 }
142 #define STATE2TXT state2txt(bt->state)
143 
144 static char *status2txt(unsigned char status)
145 {
146 	/*
147 	 * This cannot be called by two threads at the same time and
148 	 * the buffer is always consumed immediately, so the static is
149 	 * safe to use.
150 	 */
151 	static char buf[40];
152 
153 	strcpy(buf, "[ ");
154 	if (status & BT_B_BUSY)
155 		strcat(buf, "B_BUSY ");
156 	if (status & BT_H_BUSY)
157 		strcat(buf, "H_BUSY ");
158 	if (status & BT_OEM0)
159 		strcat(buf, "OEM0 ");
160 	if (status & BT_SMS_ATN)
161 		strcat(buf, "SMS ");
162 	if (status & BT_B2H_ATN)
163 		strcat(buf, "B2H ");
164 	if (status & BT_H2B_ATN)
165 		strcat(buf, "H2B ");
166 	strcat(buf, "]");
167 	return buf;
168 }
169 #define STATUS2TXT status2txt(status)
170 
171 /* called externally at insmod time, and internally on cleanup */
172 
173 static unsigned int bt_init_data(struct si_sm_data *bt, struct si_sm_io *io)
174 {
175 	memset(bt, 0, sizeof(struct si_sm_data));
176 	if (bt->io != io) {
177 		/* external: one-time only things */
178 		bt->io = io;
179 		bt->seq = 0;
180 	}
181 	bt->state = BT_STATE_IDLE;	/* start here */
182 	bt->complete = BT_STATE_IDLE;	/* end here */
183 	bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * USEC_PER_SEC;
184 	bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT;
185 	return 3; /* We claim 3 bytes of space; ought to check SPMI table */
186 }
187 
188 /* Jam a completion code (probably an error) into a response */
189 
190 static void force_result(struct si_sm_data *bt, unsigned char completion_code)
191 {
192 	bt->read_data[0] = 4;				/* # following bytes */
193 	bt->read_data[1] = bt->write_data[1] | 4;	/* Odd NetFn/LUN */
194 	bt->read_data[2] = bt->write_data[2];		/* seq (ignored) */
195 	bt->read_data[3] = bt->write_data[3];		/* Command */
196 	bt->read_data[4] = completion_code;
197 	bt->read_count = 5;
198 }
199 
200 /* The upper state machine starts here */
201 
202 static int bt_start_transaction(struct si_sm_data *bt,
203 				unsigned char *data,
204 				unsigned int size)
205 {
206 	unsigned int i;
207 
208 	if (size < 2)
209 		return IPMI_REQ_LEN_INVALID_ERR;
210 	if (size > IPMI_MAX_MSG_LENGTH)
211 		return IPMI_REQ_LEN_EXCEEDED_ERR;
212 
213 	if (bt->state == BT_STATE_LONG_BUSY)
214 		return IPMI_NODE_BUSY_ERR;
215 
216 	if (bt->state != BT_STATE_IDLE)
217 		return IPMI_NOT_IN_MY_STATE_ERR;
218 
219 	if (bt_debug & BT_DEBUG_MSG) {
220 		dev_dbg(bt->io->dev, "+++++++++++++++++ New command\n");
221 		dev_dbg(bt->io->dev, "NetFn/LUN CMD [%d data]:", size - 2);
222 		for (i = 0; i < size; i ++)
223 			pr_cont(" %02x", data[i]);
224 		pr_cont("\n");
225 	}
226 	bt->write_data[0] = size + 1;	/* all data plus seq byte */
227 	bt->write_data[1] = *data;	/* NetFn/LUN */
228 	bt->write_data[2] = bt->seq++;
229 	memcpy(bt->write_data + 3, data + 1, size - 1);
230 	bt->write_count = size + 2;
231 	bt->error_retries = 0;
232 	bt->nonzero_status = 0;
233 	bt->truncated = 0;
234 	bt->state = BT_STATE_XACTION_START;
235 	bt->timeout = bt->BT_CAP_req2rsp;
236 	force_result(bt, IPMI_ERR_UNSPECIFIED);
237 	return 0;
238 }
239 
240 /*
241  * After the upper state machine has been told SI_SM_TRANSACTION_COMPLETE
242  * it calls this.  Strip out the length and seq bytes.
243  */
244 
245 static int bt_get_result(struct si_sm_data *bt,
246 			 unsigned char *data,
247 			 unsigned int length)
248 {
249 	int i, msg_len;
250 
251 	msg_len = bt->read_count - 2;		/* account for length & seq */
252 	if (msg_len < 3 || msg_len > IPMI_MAX_MSG_LENGTH) {
253 		force_result(bt, IPMI_ERR_UNSPECIFIED);
254 		msg_len = 3;
255 	}
256 	data[0] = bt->read_data[1];
257 	data[1] = bt->read_data[3];
258 	if (length < msg_len || bt->truncated) {
259 		data[2] = IPMI_ERR_MSG_TRUNCATED;
260 		msg_len = 3;
261 	} else
262 		memcpy(data + 2, bt->read_data + 4, msg_len - 2);
263 
264 	if (bt_debug & BT_DEBUG_MSG) {
265 		dev_dbg(bt->io->dev, "result %d bytes:", msg_len);
266 		for (i = 0; i < msg_len; i++)
267 			pr_cont(" %02x", data[i]);
268 		pr_cont("\n");
269 	}
270 	return msg_len;
271 }
272 
273 /* This bit's functionality is optional */
274 #define BT_BMC_HWRST	0x80
275 
276 static void reset_flags(struct si_sm_data *bt)
277 {
278 	if (bt_debug)
279 		dev_dbg(bt->io->dev, "flag reset %s\n", status2txt(BT_STATUS));
280 	if (BT_STATUS & BT_H_BUSY)
281 		BT_CONTROL(BT_H_BUSY);	/* force clear */
282 	BT_CONTROL(BT_CLR_WR_PTR);	/* always reset */
283 	BT_CONTROL(BT_SMS_ATN);		/* always clear */
284 	BT_INTMASK_W(BT_BMC_HWRST);
285 }
286 
287 /*
288  * Get rid of an unwanted/stale response.  This should only be needed for
289  * BMCs that support multiple outstanding requests.
290  */
291 
292 static void drain_BMC2HOST(struct si_sm_data *bt)
293 {
294 	int i, size;
295 
296 	if (!(BT_STATUS & BT_B2H_ATN)) 	/* Not signalling a response */
297 		return;
298 
299 	BT_CONTROL(BT_H_BUSY);		/* now set */
300 	BT_CONTROL(BT_B2H_ATN);		/* always clear */
301 	BT_STATUS;			/* pause */
302 	BT_CONTROL(BT_B2H_ATN);		/* some BMCs are stubborn */
303 	BT_CONTROL(BT_CLR_RD_PTR);	/* always reset */
304 	if (bt_debug)
305 		dev_dbg(bt->io->dev, "stale response %s; ",
306 			status2txt(BT_STATUS));
307 	size = BMC2HOST;
308 	for (i = 0; i < size ; i++)
309 		BMC2HOST;
310 	BT_CONTROL(BT_H_BUSY);		/* now clear */
311 	if (bt_debug)
312 		pr_cont("drained %d bytes\n", size + 1);
313 }
314 
315 static inline void write_all_bytes(struct si_sm_data *bt)
316 {
317 	int i;
318 
319 	if (bt_debug & BT_DEBUG_MSG) {
320 		dev_dbg(bt->io->dev, "write %d bytes seq=0x%02X",
321 			bt->write_count, bt->seq);
322 		for (i = 0; i < bt->write_count; i++)
323 			pr_cont(" %02x", bt->write_data[i]);
324 		pr_cont("\n");
325 	}
326 	for (i = 0; i < bt->write_count; i++)
327 		HOST2BMC(bt->write_data[i]);
328 }
329 
330 static inline int read_all_bytes(struct si_sm_data *bt)
331 {
332 	unsigned int i;
333 
334 	/*
335 	 * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
336 	 * Keep layout of first four bytes aligned with write_data[]
337 	 */
338 
339 	bt->read_data[0] = BMC2HOST;
340 	bt->read_count = bt->read_data[0];
341 
342 	if (bt->read_count < 4 || bt->read_count >= IPMI_MAX_MSG_LENGTH) {
343 		if (bt_debug & BT_DEBUG_MSG)
344 			dev_dbg(bt->io->dev,
345 				"bad raw rsp len=%d\n", bt->read_count);
346 		bt->truncated = 1;
347 		return 1;	/* let next XACTION START clean it up */
348 	}
349 	for (i = 1; i <= bt->read_count; i++)
350 		bt->read_data[i] = BMC2HOST;
351 	bt->read_count++;	/* Account internally for length byte */
352 
353 	if (bt_debug & BT_DEBUG_MSG) {
354 		int max = bt->read_count;
355 
356 		dev_dbg(bt->io->dev,
357 			"got %d bytes seq=0x%02X", max, bt->read_data[2]);
358 		if (max > 16)
359 			max = 16;
360 		for (i = 0; i < max; i++)
361 			pr_cont(" %02x", bt->read_data[i]);
362 		pr_cont("%s\n", bt->read_count == max ? "" : " ...");
363 	}
364 
365 	/* per the spec, the (NetFn[1], Seq[2], Cmd[3]) tuples must match */
366 	if ((bt->read_data[3] == bt->write_data[3]) &&
367 	    (bt->read_data[2] == bt->write_data[2]) &&
368 	    ((bt->read_data[1] & 0xF8) == (bt->write_data[1] & 0xF8)))
369 			return 1;
370 
371 	if (bt_debug & BT_DEBUG_MSG)
372 		dev_dbg(bt->io->dev,
373 			"IPMI BT: bad packet: want 0x(%02X, %02X, %02X) got (%02X, %02X, %02X)\n",
374 			bt->write_data[1] | 0x04, bt->write_data[2],
375 			bt->write_data[3],
376 			bt->read_data[1],  bt->read_data[2],  bt->read_data[3]);
377 	return 0;
378 }
379 
380 /* Restart if retries are left, or return an error completion code */
381 
382 static enum si_sm_result error_recovery(struct si_sm_data *bt,
383 					unsigned char status,
384 					unsigned char cCode)
385 {
386 	char *reason;
387 
388 	bt->timeout = bt->BT_CAP_req2rsp;
389 
390 	switch (cCode) {
391 	case IPMI_TIMEOUT_ERR:
392 		reason = "timeout";
393 		break;
394 	default:
395 		reason = "internal error";
396 		break;
397 	}
398 
399 	dev_warn(bt->io->dev, "IPMI BT: %s in %s %s ", /* open-ended line */
400 		 reason, STATE2TXT, STATUS2TXT);
401 
402 	/*
403 	 * Per the IPMI spec, retries are based on the sequence number
404 	 * known only to this module, so manage a restart here.
405 	 */
406 	(bt->error_retries)++;
407 	if (bt->error_retries < bt->BT_CAP_retries) {
408 		pr_cont("%d retries left\n",
409 			bt->BT_CAP_retries - bt->error_retries);
410 		bt->state = BT_STATE_RESTART;
411 		return SI_SM_CALL_WITHOUT_DELAY;
412 	}
413 
414 	dev_warn(bt->io->dev, "failed %d retries, sending error response\n",
415 		 bt->BT_CAP_retries);
416 	if (!bt->nonzero_status)
417 		dev_err(bt->io->dev, "stuck, try power cycle\n");
418 
419 	/* this is most likely during insmod */
420 	else if (bt->seq <= (unsigned char)(bt->BT_CAP_retries & 0xFF)) {
421 		dev_warn(bt->io->dev, "BT reset (takes 5 secs)\n");
422 		bt->state = BT_STATE_RESET1;
423 		return SI_SM_CALL_WITHOUT_DELAY;
424 	}
425 
426 	/*
427 	 * Concoct a useful error message, set up the next state, and
428 	 * be done with this sequence.
429 	 */
430 
431 	bt->state = BT_STATE_IDLE;
432 	switch (cCode) {
433 	case IPMI_TIMEOUT_ERR:
434 		if (status & BT_B_BUSY) {
435 			cCode = IPMI_NODE_BUSY_ERR;
436 			bt->state = BT_STATE_LONG_BUSY;
437 		}
438 		break;
439 	default:
440 		break;
441 	}
442 	force_result(bt, cCode);
443 	return SI_SM_TRANSACTION_COMPLETE;
444 }
445 
446 /* Check status and (usually) take action and change this state machine. */
447 
448 static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
449 {
450 	unsigned char status;
451 	static enum bt_states last_printed = BT_STATE_PRINTME;
452 	int i;
453 
454 	status = BT_STATUS;
455 	bt->nonzero_status |= status;
456 	if ((bt_debug & BT_DEBUG_STATES) && (bt->state != last_printed)) {
457 		dev_dbg(bt->io->dev, "BT: %s %s TO=%ld - %ld\n",
458 			STATE2TXT,
459 			STATUS2TXT,
460 			bt->timeout,
461 			time);
462 		last_printed = bt->state;
463 	}
464 
465 	/*
466 	 * Commands that time out may still (eventually) provide a response.
467 	 * This stale response will get in the way of a new response so remove
468 	 * it if possible (hopefully during IDLE).  Even if it comes up later
469 	 * it will be rejected by its (now-forgotten) seq number.
470 	 */
471 
472 	if ((bt->state < BT_STATE_WRITE_BYTES) && (status & BT_B2H_ATN)) {
473 		drain_BMC2HOST(bt);
474 		BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
475 	}
476 
477 	if ((bt->state != BT_STATE_IDLE) &&
478 	    (bt->state <  BT_STATE_PRINTME)) {
479 		/* check timeout */
480 		bt->timeout -= time;
481 		if ((bt->timeout < 0) && (bt->state < BT_STATE_RESET1))
482 			return error_recovery(bt,
483 					      status,
484 					      IPMI_TIMEOUT_ERR);
485 	}
486 
487 	switch (bt->state) {
488 
489 	/*
490 	 * Idle state first checks for asynchronous messages from another
491 	 * channel, then does some opportunistic housekeeping.
492 	 */
493 
494 	case BT_STATE_IDLE:
495 		if (status & BT_SMS_ATN) {
496 			BT_CONTROL(BT_SMS_ATN);	/* clear it */
497 			return SI_SM_ATTN;
498 		}
499 
500 		if (status & BT_H_BUSY)		/* clear a leftover H_BUSY */
501 			BT_CONTROL(BT_H_BUSY);
502 
503 		BT_SI_SM_RETURN(SI_SM_IDLE);
504 
505 	case BT_STATE_XACTION_START:
506 		if (status & (BT_B_BUSY | BT_H2B_ATN))
507 			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
508 		if (BT_STATUS & BT_H_BUSY)
509 			BT_CONTROL(BT_H_BUSY);	/* force clear */
510 		BT_STATE_CHANGE(BT_STATE_WRITE_BYTES,
511 				SI_SM_CALL_WITHOUT_DELAY);
512 
513 	case BT_STATE_WRITE_BYTES:
514 		if (status & BT_H_BUSY)
515 			BT_CONTROL(BT_H_BUSY);	/* clear */
516 		BT_CONTROL(BT_CLR_WR_PTR);
517 		write_all_bytes(bt);
518 		BT_CONTROL(BT_H2B_ATN);	/* can clear too fast to catch */
519 		BT_STATE_CHANGE(BT_STATE_WRITE_CONSUME,
520 				SI_SM_CALL_WITHOUT_DELAY);
521 
522 	case BT_STATE_WRITE_CONSUME:
523 		if (status & (BT_B_BUSY | BT_H2B_ATN))
524 			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
525 		BT_STATE_CHANGE(BT_STATE_READ_WAIT,
526 				SI_SM_CALL_WITHOUT_DELAY);
527 
528 	/* Spinning hard can suppress B2H_ATN and force a timeout */
529 
530 	case BT_STATE_READ_WAIT:
531 		if (!(status & BT_B2H_ATN))
532 			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
533 		BT_CONTROL(BT_H_BUSY);		/* set */
534 
535 		/*
536 		 * Uncached, ordered writes should just proceed serially but
537 		 * some BMCs don't clear B2H_ATN with one hit.  Fast-path a
538 		 * workaround without too much penalty to the general case.
539 		 */
540 
541 		BT_CONTROL(BT_B2H_ATN);		/* clear it to ACK the BMC */
542 		BT_STATE_CHANGE(BT_STATE_CLEAR_B2H,
543 				SI_SM_CALL_WITHOUT_DELAY);
544 
545 	case BT_STATE_CLEAR_B2H:
546 		if (status & BT_B2H_ATN) {
547 			/* keep hitting it */
548 			BT_CONTROL(BT_B2H_ATN);
549 			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
550 		}
551 		BT_STATE_CHANGE(BT_STATE_READ_BYTES,
552 				SI_SM_CALL_WITHOUT_DELAY);
553 
554 	case BT_STATE_READ_BYTES:
555 		if (!(status & BT_H_BUSY))
556 			/* check in case of retry */
557 			BT_CONTROL(BT_H_BUSY);
558 		BT_CONTROL(BT_CLR_RD_PTR);	/* start of BMC2HOST buffer */
559 		i = read_all_bytes(bt);		/* true == packet seq match */
560 		BT_CONTROL(BT_H_BUSY);		/* NOW clear */
561 		if (!i) 			/* Not my message */
562 			BT_STATE_CHANGE(BT_STATE_READ_WAIT,
563 					SI_SM_CALL_WITHOUT_DELAY);
564 		bt->state = bt->complete;
565 		return bt->state == BT_STATE_IDLE ?	/* where to next? */
566 			SI_SM_TRANSACTION_COMPLETE :	/* normal */
567 			SI_SM_CALL_WITHOUT_DELAY;	/* Startup magic */
568 
569 	case BT_STATE_LONG_BUSY:	/* For example: after FW update */
570 		if (!(status & BT_B_BUSY)) {
571 			reset_flags(bt);	/* next state is now IDLE */
572 			bt_init_data(bt, bt->io);
573 		}
574 		return SI_SM_CALL_WITH_DELAY;	/* No repeat printing */
575 
576 	case BT_STATE_RESET1:
577 		reset_flags(bt);
578 		drain_BMC2HOST(bt);
579 		BT_STATE_CHANGE(BT_STATE_RESET2,
580 				SI_SM_CALL_WITH_DELAY);
581 
582 	case BT_STATE_RESET2:		/* Send a soft reset */
583 		BT_CONTROL(BT_CLR_WR_PTR);
584 		HOST2BMC(3);		/* number of bytes following */
585 		HOST2BMC(0x18);		/* NetFn/LUN == Application, LUN 0 */
586 		HOST2BMC(42);		/* Sequence number */
587 		HOST2BMC(3);		/* Cmd == Soft reset */
588 		BT_CONTROL(BT_H2B_ATN);
589 		bt->timeout = BT_RESET_DELAY * USEC_PER_SEC;
590 		BT_STATE_CHANGE(BT_STATE_RESET3,
591 				SI_SM_CALL_WITH_DELAY);
592 
593 	case BT_STATE_RESET3:		/* Hold off everything for a bit */
594 		if (bt->timeout > 0)
595 			return SI_SM_CALL_WITH_DELAY;
596 		drain_BMC2HOST(bt);
597 		BT_STATE_CHANGE(BT_STATE_RESTART,
598 				SI_SM_CALL_WITH_DELAY);
599 
600 	case BT_STATE_RESTART:		/* don't reset retries or seq! */
601 		bt->read_count = 0;
602 		bt->nonzero_status = 0;
603 		bt->timeout = bt->BT_CAP_req2rsp;
604 		BT_STATE_CHANGE(BT_STATE_XACTION_START,
605 				SI_SM_CALL_WITH_DELAY);
606 
607 	default:	/* should never occur */
608 		return error_recovery(bt,
609 				      status,
610 				      IPMI_ERR_UNSPECIFIED);
611 	}
612 	return SI_SM_CALL_WITH_DELAY;
613 }
614 
615 static int bt_detect(struct si_sm_data *bt)
616 {
617 	unsigned char GetBT_CAP[] = { 0x18, 0x36 };
618 	unsigned char BT_CAP[8];
619 	enum si_sm_result smi_result;
620 	int rv;
621 
622 	/*
623 	 * It's impossible for the BT status and interrupt registers to be
624 	 * all 1's, (assuming a properly functioning, self-initialized BMC)
625 	 * but that's what you get from reading a bogus address, so we
626 	 * test that first.  The calling routine uses negative logic.
627 	 */
628 
629 	if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF))
630 		return 1;
631 	reset_flags(bt);
632 
633 	/*
634 	 * Try getting the BT capabilities here.
635 	 */
636 	rv = bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP));
637 	if (rv) {
638 		dev_warn(bt->io->dev,
639 			 "Can't start capabilities transaction: %d\n", rv);
640 		goto out_no_bt_cap;
641 	}
642 
643 	smi_result = SI_SM_CALL_WITHOUT_DELAY;
644 	for (;;) {
645 		if (smi_result == SI_SM_CALL_WITH_DELAY ||
646 		    smi_result == SI_SM_CALL_WITH_TICK_DELAY) {
647 			schedule_timeout_uninterruptible(1);
648 			smi_result = bt_event(bt, jiffies_to_usecs(1));
649 		} else if (smi_result == SI_SM_CALL_WITHOUT_DELAY) {
650 			smi_result = bt_event(bt, 0);
651 		} else
652 			break;
653 	}
654 
655 	rv = bt_get_result(bt, BT_CAP, sizeof(BT_CAP));
656 	bt_init_data(bt, bt->io);
657 	if (rv < 8) {
658 		dev_warn(bt->io->dev, "bt cap response too short: %d\n", rv);
659 		goto out_no_bt_cap;
660 	}
661 
662 	if (BT_CAP[2]) {
663 		dev_warn(bt->io->dev, "Error fetching bt cap: %x\n", BT_CAP[2]);
664 out_no_bt_cap:
665 		dev_warn(bt->io->dev, "using default values\n");
666 	} else {
667 		bt->BT_CAP_req2rsp = BT_CAP[6] * USEC_PER_SEC;
668 		bt->BT_CAP_retries = BT_CAP[7];
669 	}
670 
671 	dev_info(bt->io->dev, "req2rsp=%ld secs retries=%d\n",
672 		 bt->BT_CAP_req2rsp / USEC_PER_SEC, bt->BT_CAP_retries);
673 
674 	return 0;
675 }
676 
677 static void bt_cleanup(struct si_sm_data *bt)
678 {
679 }
680 
681 static int bt_size(void)
682 {
683 	return sizeof(struct si_sm_data);
684 }
685 
686 const struct si_sm_handlers bt_smi_handlers = {
687 	.init_data		= bt_init_data,
688 	.start_transaction	= bt_start_transaction,
689 	.get_result		= bt_get_result,
690 	.event			= bt_event,
691 	.detect			= bt_detect,
692 	.cleanup		= bt_cleanup,
693 	.size			= bt_size,
694 };
695