1 // SPDX-License-Identifier: GPL-2.0
2
3 /*
4 * Driver to talk to a remote management controller on IPMB.
5 */
6
7 #include <linux/acpi.h>
8 #include <linux/errno.h>
9 #include <linux/i2c.h>
10 #include <linux/miscdevice.h>
11 #include <linux/module.h>
12 #include <linux/mutex.h>
13 #include <linux/poll.h>
14 #include <linux/slab.h>
15 #include <linux/spinlock.h>
16 #include <linux/semaphore.h>
17 #include <linux/kthread.h>
18 #include <linux/wait.h>
19 #include <linux/ipmi_msgdefs.h>
20 #include <linux/ipmi_smi.h>
21
22 #define DEVICE_NAME "ipmi-ipmb"
23
24 static int bmcaddr = 0x20;
25 module_param(bmcaddr, int, 0644);
26 MODULE_PARM_DESC(bmcaddr, "Address to use for BMC.");
27
28 static unsigned int retry_time_ms = 250;
29 module_param(retry_time_ms, uint, 0644);
30 MODULE_PARM_DESC(retry_time_ms, "Timeout time between retries, in milliseconds.");
31
32 static unsigned int max_retries = 1;
33 module_param(max_retries, uint, 0644);
34 MODULE_PARM_DESC(max_retries, "Max resends of a command before timing out.");
35
36 /* Add room for the two slave addresses, two checksums, and rqSeq. */
37 #define IPMB_MAX_MSG_LEN (IPMI_MAX_MSG_LENGTH + 5)
38
39 struct ipmi_ipmb_dev {
40 struct ipmi_smi *intf;
41 struct i2c_client *client;
42 struct i2c_client *slave;
43
44 struct ipmi_smi_handlers handlers;
45
46 bool ready;
47
48 u8 curr_seq;
49
50 u8 bmcaddr;
51 u32 retry_time_ms;
52 u32 max_retries;
53
54 struct ipmi_smi_msg *next_msg;
55 struct ipmi_smi_msg *working_msg;
56
57 /* Transmit thread. */
58 struct task_struct *thread;
59 struct semaphore wake_thread;
60 struct semaphore got_rsp;
61 spinlock_t lock;
62 bool stopping;
63
64 u8 xmitmsg[IPMB_MAX_MSG_LEN];
65 unsigned int xmitlen;
66
67 u8 rcvmsg[IPMB_MAX_MSG_LEN];
68 unsigned int rcvlen;
69 bool overrun;
70 };
71
valid_ipmb(struct ipmi_ipmb_dev * iidev)72 static bool valid_ipmb(struct ipmi_ipmb_dev *iidev)
73 {
74 u8 *msg = iidev->rcvmsg;
75 u8 netfn;
76
77 if (iidev->overrun)
78 return false;
79
80 /* Minimum message size. */
81 if (iidev->rcvlen < 7)
82 return false;
83
84 /* Is it a response? */
85 netfn = msg[1] >> 2;
86 if (netfn & 1) {
87 /* Response messages have an added completion code. */
88 if (iidev->rcvlen < 8)
89 return false;
90 }
91
92 if (ipmb_checksum(msg, 3) != 0)
93 return false;
94 if (ipmb_checksum(msg + 3, iidev->rcvlen - 3) != 0)
95 return false;
96
97 return true;
98 }
99
ipmi_ipmb_check_msg_done(struct ipmi_ipmb_dev * iidev)100 static void ipmi_ipmb_check_msg_done(struct ipmi_ipmb_dev *iidev)
101 {
102 struct ipmi_smi_msg *imsg = NULL;
103 u8 *msg = iidev->rcvmsg;
104 bool is_cmd;
105 unsigned long flags;
106
107 if (iidev->rcvlen == 0)
108 return;
109 if (!valid_ipmb(iidev))
110 goto done;
111
112 is_cmd = ((msg[1] >> 2) & 1) == 0;
113
114 if (is_cmd) {
115 /* Ignore commands until we are up. */
116 if (!iidev->ready)
117 goto done;
118
119 /* It's a command, allocate a message for it. */
120 imsg = ipmi_alloc_smi_msg();
121 if (!imsg)
122 goto done;
123 imsg->type = IPMI_SMI_MSG_TYPE_IPMB_DIRECT;
124 imsg->data_size = 0;
125 } else {
126 spin_lock_irqsave(&iidev->lock, flags);
127 if (iidev->working_msg) {
128 u8 seq = msg[4] >> 2;
129 bool xmit_rsp = (iidev->working_msg->data[0] >> 2) & 1;
130
131 /*
132 * Responses should carry the sequence we sent
133 * them with. If it's a transmitted response,
134 * ignore it. And if the message hasn't been
135 * transmitted, ignore it.
136 */
137 if (!xmit_rsp && seq == iidev->curr_seq) {
138 iidev->curr_seq = (iidev->curr_seq + 1) & 0x3f;
139
140 imsg = iidev->working_msg;
141 iidev->working_msg = NULL;
142 }
143 }
144 spin_unlock_irqrestore(&iidev->lock, flags);
145 }
146
147 if (!imsg)
148 goto done;
149
150 if (imsg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
151 imsg->rsp[0] = msg[1]; /* NetFn/LUN */
152 /*
153 * Keep the source address, rqSeq. Drop the trailing
154 * checksum.
155 */
156 memcpy(imsg->rsp + 1, msg + 3, iidev->rcvlen - 4);
157 imsg->rsp_size = iidev->rcvlen - 3;
158 } else {
159 imsg->rsp[0] = msg[1]; /* NetFn/LUN */
160 /*
161 * Skip the source address, rqSeq. Drop the trailing
162 * checksum.
163 */
164 memcpy(imsg->rsp + 1, msg + 5, iidev->rcvlen - 6);
165 imsg->rsp_size = iidev->rcvlen - 5;
166 }
167 ipmi_smi_msg_received(iidev->intf, imsg);
168 if (!is_cmd)
169 up(&iidev->got_rsp);
170
171 done:
172 iidev->overrun = false;
173 iidev->rcvlen = 0;
174 }
175
176 /*
177 * The IPMB protocol only supports i2c writes so there is no need to
178 * support I2C_SLAVE_READ* events, except to know if the other end has
179 * issued a read without going to stop mode.
180 */
ipmi_ipmb_slave_cb(struct i2c_client * client,enum i2c_slave_event event,u8 * val)181 static int ipmi_ipmb_slave_cb(struct i2c_client *client,
182 enum i2c_slave_event event, u8 *val)
183 {
184 struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client);
185
186 switch (event) {
187 case I2C_SLAVE_WRITE_REQUESTED:
188 ipmi_ipmb_check_msg_done(iidev);
189 /*
190 * First byte is the slave address, to ease the checksum
191 * calculation.
192 */
193 iidev->rcvmsg[0] = client->addr << 1;
194 iidev->rcvlen = 1;
195 break;
196
197 case I2C_SLAVE_WRITE_RECEIVED:
198 if (iidev->rcvlen >= sizeof(iidev->rcvmsg))
199 iidev->overrun = true;
200 else
201 iidev->rcvmsg[iidev->rcvlen++] = *val;
202 break;
203
204 case I2C_SLAVE_READ_REQUESTED:
205 case I2C_SLAVE_STOP:
206 ipmi_ipmb_check_msg_done(iidev);
207 break;
208
209 case I2C_SLAVE_READ_PROCESSED:
210 break;
211 }
212
213 return 0;
214 }
215
ipmi_ipmb_send_response(struct ipmi_ipmb_dev * iidev,struct ipmi_smi_msg * msg,u8 cc)216 static void ipmi_ipmb_send_response(struct ipmi_ipmb_dev *iidev,
217 struct ipmi_smi_msg *msg, u8 cc)
218 {
219 if ((msg->data[0] >> 2) & 1) {
220 /*
221 * It's a response being sent, we need to return a
222 * response to the response. Fake a send msg command
223 * response with channel 0. This will always be ipmb
224 * direct.
225 */
226 msg->data[0] = (IPMI_NETFN_APP_REQUEST | 1) << 2;
227 msg->data[3] = IPMI_SEND_MSG_CMD;
228 msg->data[4] = cc;
229 msg->data_size = 5;
230 }
231 msg->rsp[0] = msg->data[0] | (1 << 2);
232 if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
233 msg->rsp[1] = msg->data[1];
234 msg->rsp[2] = msg->data[2];
235 msg->rsp[3] = msg->data[3];
236 msg->rsp[4] = cc;
237 msg->rsp_size = 5;
238 } else {
239 msg->rsp[1] = msg->data[1];
240 msg->rsp[2] = cc;
241 msg->rsp_size = 3;
242 }
243 ipmi_smi_msg_received(iidev->intf, msg);
244 }
245
ipmi_ipmb_format_for_xmit(struct ipmi_ipmb_dev * iidev,struct ipmi_smi_msg * msg)246 static void ipmi_ipmb_format_for_xmit(struct ipmi_ipmb_dev *iidev,
247 struct ipmi_smi_msg *msg)
248 {
249 if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
250 iidev->xmitmsg[0] = msg->data[1];
251 iidev->xmitmsg[1] = msg->data[0];
252 memcpy(iidev->xmitmsg + 4, msg->data + 2, msg->data_size - 2);
253 iidev->xmitlen = msg->data_size + 2;
254 } else {
255 iidev->xmitmsg[0] = iidev->bmcaddr;
256 iidev->xmitmsg[1] = msg->data[0];
257 iidev->xmitmsg[4] = 0;
258 memcpy(iidev->xmitmsg + 5, msg->data + 1, msg->data_size - 1);
259 iidev->xmitlen = msg->data_size + 4;
260 }
261 iidev->xmitmsg[3] = iidev->slave->addr << 1;
262 if (((msg->data[0] >> 2) & 1) == 0)
263 /* If it's a command, put in our own sequence number. */
264 iidev->xmitmsg[4] = ((iidev->xmitmsg[4] & 0x03) |
265 (iidev->curr_seq << 2));
266
267 /* Now add on the final checksums. */
268 iidev->xmitmsg[2] = ipmb_checksum(iidev->xmitmsg, 2);
269 iidev->xmitmsg[iidev->xmitlen] =
270 ipmb_checksum(iidev->xmitmsg + 3, iidev->xmitlen - 3);
271 iidev->xmitlen++;
272 }
273
ipmi_ipmb_thread(void * data)274 static int ipmi_ipmb_thread(void *data)
275 {
276 struct ipmi_ipmb_dev *iidev = data;
277
278 while (!kthread_should_stop()) {
279 long ret;
280 struct i2c_msg i2c_msg;
281 struct ipmi_smi_msg *msg = NULL;
282 unsigned long flags;
283 unsigned int retries = 0;
284
285 /* Wait for a message to send */
286 ret = down_interruptible(&iidev->wake_thread);
287 if (iidev->stopping)
288 break;
289 if (ret)
290 continue;
291
292 spin_lock_irqsave(&iidev->lock, flags);
293 if (iidev->next_msg) {
294 msg = iidev->next_msg;
295 iidev->next_msg = NULL;
296 }
297 spin_unlock_irqrestore(&iidev->lock, flags);
298 if (!msg)
299 continue;
300
301 ipmi_ipmb_format_for_xmit(iidev, msg);
302
303 retry:
304 i2c_msg.len = iidev->xmitlen - 1;
305 if (i2c_msg.len > 32) {
306 ipmi_ipmb_send_response(iidev, msg,
307 IPMI_REQ_LEN_EXCEEDED_ERR);
308 continue;
309 }
310
311 i2c_msg.addr = iidev->xmitmsg[0] >> 1;
312 i2c_msg.flags = 0;
313 i2c_msg.buf = iidev->xmitmsg + 1;
314
315 /* Rely on i2c_transfer for a barrier. */
316 iidev->working_msg = msg;
317
318 ret = i2c_transfer(iidev->client->adapter, &i2c_msg, 1);
319
320 if ((msg->data[0] >> 2) & 1) {
321 /*
322 * It's a response, nothing will be returned
323 * by the other end.
324 */
325
326 iidev->working_msg = NULL;
327 ipmi_ipmb_send_response(iidev, msg,
328 ret < 0 ? IPMI_BUS_ERR : 0);
329 continue;
330 }
331 if (ret < 0) {
332 iidev->working_msg = NULL;
333 ipmi_ipmb_send_response(iidev, msg, IPMI_BUS_ERR);
334 continue;
335 }
336
337 /* A command was sent, wait for its response. */
338 ret = down_timeout(&iidev->got_rsp,
339 msecs_to_jiffies(iidev->retry_time_ms));
340
341 /*
342 * Grab the message if we can. If the handler hasn't
343 * already handled it, the message will still be there.
344 */
345 spin_lock_irqsave(&iidev->lock, flags);
346 msg = iidev->working_msg;
347 iidev->working_msg = NULL;
348 spin_unlock_irqrestore(&iidev->lock, flags);
349
350 if (!msg && ret) {
351 /*
352 * If working_msg is not set and we timed out,
353 * that means the message grabbed by
354 * check_msg_done before we could grab it
355 * here. Wait again for check_msg_done to up
356 * the semaphore.
357 */
358 down(&iidev->got_rsp);
359 } else if (msg && ++retries <= iidev->max_retries) {
360 spin_lock_irqsave(&iidev->lock, flags);
361 iidev->working_msg = msg;
362 spin_unlock_irqrestore(&iidev->lock, flags);
363 goto retry;
364 }
365
366 if (msg)
367 ipmi_ipmb_send_response(iidev, msg, IPMI_TIMEOUT_ERR);
368 }
369
370 if (iidev->next_msg)
371 /* Return an unspecified error. */
372 ipmi_ipmb_send_response(iidev, iidev->next_msg, 0xff);
373
374 return 0;
375 }
376
ipmi_ipmb_start_processing(void * send_info,struct ipmi_smi * new_intf)377 static int ipmi_ipmb_start_processing(void *send_info,
378 struct ipmi_smi *new_intf)
379 {
380 struct ipmi_ipmb_dev *iidev = send_info;
381
382 iidev->intf = new_intf;
383 iidev->ready = true;
384 return 0;
385 }
386
ipmi_ipmb_stop_thread(struct ipmi_ipmb_dev * iidev)387 static void ipmi_ipmb_stop_thread(struct ipmi_ipmb_dev *iidev)
388 {
389 if (iidev->thread) {
390 struct task_struct *t = iidev->thread;
391
392 iidev->thread = NULL;
393 iidev->stopping = true;
394 up(&iidev->wake_thread);
395 up(&iidev->got_rsp);
396 kthread_stop(t);
397 }
398 }
399
ipmi_ipmb_shutdown(void * send_info)400 static void ipmi_ipmb_shutdown(void *send_info)
401 {
402 struct ipmi_ipmb_dev *iidev = send_info;
403
404 ipmi_ipmb_stop_thread(iidev);
405 }
406
ipmi_ipmb_sender(void * send_info,struct ipmi_smi_msg * msg)407 static void ipmi_ipmb_sender(void *send_info,
408 struct ipmi_smi_msg *msg)
409 {
410 struct ipmi_ipmb_dev *iidev = send_info;
411 unsigned long flags;
412
413 spin_lock_irqsave(&iidev->lock, flags);
414 BUG_ON(iidev->next_msg);
415
416 iidev->next_msg = msg;
417 spin_unlock_irqrestore(&iidev->lock, flags);
418
419 up(&iidev->wake_thread);
420 }
421
ipmi_ipmb_request_events(void * send_info)422 static void ipmi_ipmb_request_events(void *send_info)
423 {
424 /* We don't fetch events here. */
425 }
426
ipmi_ipmb_cleanup(struct ipmi_ipmb_dev * iidev)427 static void ipmi_ipmb_cleanup(struct ipmi_ipmb_dev *iidev)
428 {
429 if (iidev->slave) {
430 i2c_slave_unregister(iidev->slave);
431 if (iidev->slave != iidev->client)
432 i2c_unregister_device(iidev->slave);
433 }
434 iidev->slave = NULL;
435 iidev->client = NULL;
436 ipmi_ipmb_stop_thread(iidev);
437 }
438
ipmi_ipmb_remove(struct i2c_client * client)439 static void ipmi_ipmb_remove(struct i2c_client *client)
440 {
441 struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client);
442
443 ipmi_ipmb_cleanup(iidev);
444 ipmi_unregister_smi(iidev->intf);
445 }
446
ipmi_ipmb_probe(struct i2c_client * client)447 static int ipmi_ipmb_probe(struct i2c_client *client)
448 {
449 struct device *dev = &client->dev;
450 struct ipmi_ipmb_dev *iidev;
451 struct device_node *slave_np;
452 struct i2c_adapter *slave_adap = NULL;
453 struct i2c_client *slave = NULL;
454 int rv;
455
456 iidev = devm_kzalloc(&client->dev, sizeof(*iidev), GFP_KERNEL);
457 if (!iidev)
458 return -ENOMEM;
459
460 if (of_property_read_u8(dev->of_node, "bmcaddr", &iidev->bmcaddr) != 0)
461 iidev->bmcaddr = bmcaddr;
462 if (iidev->bmcaddr == 0 || iidev->bmcaddr & 1) {
463 /* Can't have the write bit set. */
464 dev_notice(&client->dev,
465 "Invalid bmc address value %2.2x\n", iidev->bmcaddr);
466 return -EINVAL;
467 }
468
469 if (of_property_read_u32(dev->of_node, "retry-time",
470 &iidev->retry_time_ms) != 0)
471 iidev->retry_time_ms = retry_time_ms;
472
473 if (of_property_read_u32(dev->of_node, "max-retries",
474 &iidev->max_retries) != 0)
475 iidev->max_retries = max_retries;
476
477 slave_np = of_parse_phandle(dev->of_node, "slave-dev", 0);
478 if (slave_np) {
479 slave_adap = of_get_i2c_adapter_by_node(slave_np);
480 of_node_put(slave_np);
481 if (!slave_adap) {
482 dev_notice(&client->dev,
483 "Could not find slave adapter\n");
484 return -EINVAL;
485 }
486 }
487
488 iidev->client = client;
489
490 if (slave_adap) {
491 struct i2c_board_info binfo;
492
493 memset(&binfo, 0, sizeof(binfo));
494 strscpy(binfo.type, "ipmb-slave", I2C_NAME_SIZE);
495 binfo.addr = client->addr;
496 binfo.flags = I2C_CLIENT_SLAVE;
497 slave = i2c_new_client_device(slave_adap, &binfo);
498 i2c_put_adapter(slave_adap);
499 if (IS_ERR(slave)) {
500 rv = PTR_ERR(slave);
501 dev_notice(&client->dev,
502 "Could not allocate slave device: %d\n", rv);
503 return rv;
504 }
505 i2c_set_clientdata(slave, iidev);
506 } else {
507 slave = client;
508 }
509 i2c_set_clientdata(client, iidev);
510 slave->flags |= I2C_CLIENT_SLAVE;
511
512 rv = i2c_slave_register(slave, ipmi_ipmb_slave_cb);
513 if (rv)
514 goto out_err;
515 iidev->slave = slave;
516 slave = NULL;
517
518 iidev->handlers.flags = IPMI_SMI_CAN_HANDLE_IPMB_DIRECT;
519 iidev->handlers.start_processing = ipmi_ipmb_start_processing;
520 iidev->handlers.shutdown = ipmi_ipmb_shutdown;
521 iidev->handlers.sender = ipmi_ipmb_sender;
522 iidev->handlers.request_events = ipmi_ipmb_request_events;
523
524 spin_lock_init(&iidev->lock);
525 sema_init(&iidev->wake_thread, 0);
526 sema_init(&iidev->got_rsp, 0);
527
528 iidev->thread = kthread_run(ipmi_ipmb_thread, iidev,
529 "kipmb%4.4x", client->addr);
530 if (IS_ERR(iidev->thread)) {
531 rv = PTR_ERR(iidev->thread);
532 dev_notice(&client->dev,
533 "Could not start kernel thread: error %d\n", rv);
534 goto out_err;
535 }
536
537 rv = ipmi_register_smi(&iidev->handlers,
538 iidev,
539 &client->dev,
540 iidev->bmcaddr);
541 if (rv)
542 goto out_err;
543
544 return 0;
545
546 out_err:
547 if (slave && slave != client)
548 i2c_unregister_device(slave);
549 ipmi_ipmb_cleanup(iidev);
550 return rv;
551 }
552
553 #ifdef CONFIG_OF
554 static const struct of_device_id of_ipmi_ipmb_match[] = {
555 { .type = "ipmi", .compatible = DEVICE_NAME },
556 {},
557 };
558 MODULE_DEVICE_TABLE(of, of_ipmi_ipmb_match);
559 #else
560 #define of_ipmi_ipmb_match NULL
561 #endif
562
563 static const struct i2c_device_id ipmi_ipmb_id[] = {
564 { DEVICE_NAME, 0 },
565 {},
566 };
567 MODULE_DEVICE_TABLE(i2c, ipmi_ipmb_id);
568
569 static struct i2c_driver ipmi_ipmb_driver = {
570 .class = I2C_CLASS_HWMON,
571 .driver = {
572 .name = DEVICE_NAME,
573 .of_match_table = of_ipmi_ipmb_match,
574 },
575 .probe = ipmi_ipmb_probe,
576 .remove = ipmi_ipmb_remove,
577 .id_table = ipmi_ipmb_id,
578 };
579 module_i2c_driver(ipmi_ipmb_driver);
580
581 MODULE_AUTHOR("Corey Minyard");
582 MODULE_DESCRIPTION("IPMI IPMB driver");
583 MODULE_LICENSE("GPL v2");
584