1 // SPDX-License-Identifier: GPL-2.0 2 3 /* 4 * Driver to talk to a remote management controller on IPMB. 5 */ 6 7 #include <linux/acpi.h> 8 #include <linux/errno.h> 9 #include <linux/i2c.h> 10 #include <linux/miscdevice.h> 11 #include <linux/module.h> 12 #include <linux/mutex.h> 13 #include <linux/poll.h> 14 #include <linux/slab.h> 15 #include <linux/spinlock.h> 16 #include <linux/semaphore.h> 17 #include <linux/kthread.h> 18 #include <linux/wait.h> 19 #include <linux/ipmi_msgdefs.h> 20 #include <linux/ipmi_smi.h> 21 22 #define DEVICE_NAME "ipmi-ipmb" 23 24 static int bmcaddr = 0x20; 25 module_param(bmcaddr, int, 0644); 26 MODULE_PARM_DESC(bmcaddr, "Address to use for BMC."); 27 28 static unsigned int retry_time_ms = 250; 29 module_param(retry_time_ms, uint, 0644); 30 MODULE_PARM_DESC(max_retries, "Timeout time between retries, in milliseconds."); 31 32 static unsigned int max_retries = 1; 33 module_param(max_retries, uint, 0644); 34 MODULE_PARM_DESC(max_retries, "Max resends of a command before timing out."); 35 36 /* Add room for the two slave addresses, two checksums, and rqSeq. */ 37 #define IPMB_MAX_MSG_LEN (IPMI_MAX_MSG_LENGTH + 5) 38 39 struct ipmi_ipmb_dev { 40 struct ipmi_smi *intf; 41 struct i2c_client *client; 42 43 struct ipmi_smi_handlers handlers; 44 45 bool ready; 46 47 u8 curr_seq; 48 49 u8 bmcaddr; 50 u32 retry_time_ms; 51 u32 max_retries; 52 53 struct ipmi_smi_msg *next_msg; 54 struct ipmi_smi_msg *working_msg; 55 56 /* Transmit thread. */ 57 struct task_struct *thread; 58 struct semaphore wake_thread; 59 struct semaphore got_rsp; 60 spinlock_t lock; 61 bool stopping; 62 63 u8 xmitmsg[IPMB_MAX_MSG_LEN]; 64 unsigned int xmitlen; 65 66 u8 rcvmsg[IPMB_MAX_MSG_LEN]; 67 unsigned int rcvlen; 68 bool overrun; 69 }; 70 71 static bool valid_ipmb(struct ipmi_ipmb_dev *iidev) 72 { 73 u8 *msg = iidev->rcvmsg; 74 u8 netfn; 75 76 if (iidev->overrun) 77 return false; 78 79 /* Minimum message size. */ 80 if (iidev->rcvlen < 7) 81 return false; 82 83 /* Is it a response? */ 84 netfn = msg[1] >> 2; 85 if (netfn & 1) { 86 /* Response messages have an added completion code. */ 87 if (iidev->rcvlen < 8) 88 return false; 89 } 90 91 if (ipmb_checksum(msg, 3) != 0) 92 return false; 93 if (ipmb_checksum(msg + 3, iidev->rcvlen - 3) != 0) 94 return false; 95 96 return true; 97 } 98 99 static void ipmi_ipmb_check_msg_done(struct ipmi_ipmb_dev *iidev) 100 { 101 struct ipmi_smi_msg *imsg = NULL; 102 u8 *msg = iidev->rcvmsg; 103 bool is_cmd; 104 unsigned long flags; 105 106 if (iidev->rcvlen == 0) 107 return; 108 if (!valid_ipmb(iidev)) 109 goto done; 110 111 is_cmd = ((msg[1] >> 2) & 1) == 0; 112 113 if (is_cmd) { 114 /* Ignore commands until we are up. */ 115 if (!iidev->ready) 116 goto done; 117 118 /* It's a command, allocate a message for it. */ 119 imsg = ipmi_alloc_smi_msg(); 120 if (!imsg) 121 goto done; 122 imsg->type = IPMI_SMI_MSG_TYPE_IPMB_DIRECT; 123 imsg->data_size = 0; 124 } else { 125 spin_lock_irqsave(&iidev->lock, flags); 126 if (iidev->working_msg) { 127 u8 seq = msg[4] >> 2; 128 bool xmit_rsp = (iidev->working_msg->data[0] >> 2) & 1; 129 130 /* 131 * Responses should carry the sequence we sent 132 * them with. If it's a transmitted response, 133 * ignore it. And if the message hasn't been 134 * transmitted, ignore it. 135 */ 136 if (!xmit_rsp && seq == iidev->curr_seq) { 137 iidev->curr_seq = (iidev->curr_seq + 1) & 0x3f; 138 139 imsg = iidev->working_msg; 140 iidev->working_msg = NULL; 141 } 142 } 143 spin_unlock_irqrestore(&iidev->lock, flags); 144 } 145 146 if (!imsg) 147 goto done; 148 149 if (imsg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) { 150 imsg->rsp[0] = msg[1]; /* NetFn/LUN */ 151 /* 152 * Keep the source address, rqSeq. Drop the trailing 153 * checksum. 154 */ 155 memcpy(imsg->rsp + 1, msg + 3, iidev->rcvlen - 4); 156 imsg->rsp_size = iidev->rcvlen - 3; 157 } else { 158 imsg->rsp[0] = msg[1]; /* NetFn/LUN */ 159 /* 160 * Skip the source address, rqSeq. Drop the trailing 161 * checksum. 162 */ 163 memcpy(imsg->rsp + 1, msg + 5, iidev->rcvlen - 6); 164 imsg->rsp_size = iidev->rcvlen - 5; 165 } 166 ipmi_smi_msg_received(iidev->intf, imsg); 167 if (!is_cmd) 168 up(&iidev->got_rsp); 169 170 done: 171 iidev->overrun = false; 172 iidev->rcvlen = 0; 173 } 174 175 /* 176 * The IPMB protocol only supports i2c writes so there is no need to 177 * support I2C_SLAVE_READ* events, except to know if the other end has 178 * issued a read without going to stop mode. 179 */ 180 static int ipmi_ipmb_slave_cb(struct i2c_client *client, 181 enum i2c_slave_event event, u8 *val) 182 { 183 struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client); 184 185 switch (event) { 186 case I2C_SLAVE_WRITE_REQUESTED: 187 ipmi_ipmb_check_msg_done(iidev); 188 /* 189 * First byte is the slave address, to ease the checksum 190 * calculation. 191 */ 192 iidev->rcvmsg[0] = client->addr << 1; 193 iidev->rcvlen = 1; 194 break; 195 196 case I2C_SLAVE_WRITE_RECEIVED: 197 if (iidev->rcvlen >= sizeof(iidev->rcvmsg)) 198 iidev->overrun = true; 199 else 200 iidev->rcvmsg[iidev->rcvlen++] = *val; 201 break; 202 203 case I2C_SLAVE_READ_REQUESTED: 204 case I2C_SLAVE_STOP: 205 ipmi_ipmb_check_msg_done(iidev); 206 break; 207 208 case I2C_SLAVE_READ_PROCESSED: 209 break; 210 } 211 212 return 0; 213 } 214 215 static void ipmi_ipmb_send_response(struct ipmi_ipmb_dev *iidev, 216 struct ipmi_smi_msg *msg, u8 cc) 217 { 218 if ((msg->data[0] >> 2) & 1) { 219 /* 220 * It's a response being sent, we needto return a 221 * response response. Fake a send msg command 222 * response with channel 0. This will always be ipmb 223 * direct. 224 */ 225 msg->data[0] = (IPMI_NETFN_APP_REQUEST | 1) << 2; 226 msg->data[3] = IPMI_SEND_MSG_CMD; 227 msg->data[4] = cc; 228 msg->data_size = 5; 229 } 230 msg->rsp[0] = msg->data[0] | (1 << 2); 231 if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) { 232 msg->rsp[1] = msg->data[1]; 233 msg->rsp[2] = msg->data[2]; 234 msg->rsp[3] = msg->data[3]; 235 msg->rsp[4] = cc; 236 msg->rsp_size = 5; 237 } else { 238 msg->rsp[1] = msg->data[1]; 239 msg->rsp[2] = cc; 240 msg->rsp_size = 3; 241 } 242 ipmi_smi_msg_received(iidev->intf, msg); 243 } 244 245 static void ipmi_ipmb_format_for_xmit(struct ipmi_ipmb_dev *iidev, 246 struct ipmi_smi_msg *msg) 247 { 248 if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) { 249 iidev->xmitmsg[0] = msg->data[1]; 250 iidev->xmitmsg[1] = msg->data[0]; 251 memcpy(iidev->xmitmsg + 4, msg->data + 2, msg->data_size - 2); 252 iidev->xmitlen = msg->data_size + 2; 253 } else { 254 iidev->xmitmsg[0] = iidev->bmcaddr; 255 iidev->xmitmsg[1] = msg->data[0]; 256 iidev->xmitmsg[4] = 0; 257 memcpy(iidev->xmitmsg + 5, msg->data + 1, msg->data_size - 1); 258 iidev->xmitlen = msg->data_size + 4; 259 } 260 iidev->xmitmsg[3] = iidev->client->addr << 1; 261 if (((msg->data[0] >> 2) & 1) == 0) 262 /* If it's a command, put in our own sequence number. */ 263 iidev->xmitmsg[4] = ((iidev->xmitmsg[4] & 0x03) | 264 (iidev->curr_seq << 2)); 265 266 /* Now add on the final checksums. */ 267 iidev->xmitmsg[2] = ipmb_checksum(iidev->xmitmsg, 2); 268 iidev->xmitmsg[iidev->xmitlen] = 269 ipmb_checksum(iidev->xmitmsg + 3, iidev->xmitlen - 3); 270 iidev->xmitlen++; 271 } 272 273 static int ipmi_ipmb_thread(void *data) 274 { 275 struct ipmi_ipmb_dev *iidev = data; 276 277 while (!kthread_should_stop()) { 278 long ret; 279 struct i2c_msg i2c_msg; 280 struct ipmi_smi_msg *msg = NULL; 281 unsigned long flags; 282 unsigned int retries = 0; 283 284 /* Wait for a message to send */ 285 ret = down_interruptible(&iidev->wake_thread); 286 if (iidev->stopping) 287 break; 288 if (ret) 289 continue; 290 291 spin_lock_irqsave(&iidev->lock, flags); 292 if (iidev->next_msg) { 293 msg = iidev->next_msg; 294 iidev->next_msg = NULL; 295 } 296 spin_unlock_irqrestore(&iidev->lock, flags); 297 if (!msg) 298 continue; 299 300 ipmi_ipmb_format_for_xmit(iidev, msg); 301 302 retry: 303 i2c_msg.len = iidev->xmitlen - 1; 304 if (i2c_msg.len > 32) { 305 ipmi_ipmb_send_response(iidev, msg, 306 IPMI_REQ_LEN_EXCEEDED_ERR); 307 continue; 308 } 309 310 i2c_msg.addr = iidev->xmitmsg[0] >> 1; 311 i2c_msg.flags = 0; 312 i2c_msg.buf = iidev->xmitmsg + 1; 313 314 /* Rely on i2c_transfer for a barrier. */ 315 iidev->working_msg = msg; 316 317 ret = i2c_transfer(iidev->client->adapter, &i2c_msg, 1); 318 319 if ((msg->data[0] >> 2) & 1) { 320 /* 321 * It's a response, nothing will be returned 322 * by the other end. 323 */ 324 325 iidev->working_msg = NULL; 326 ipmi_ipmb_send_response(iidev, msg, 327 ret < 0 ? IPMI_BUS_ERR : 0); 328 continue; 329 } 330 if (ret < 0) { 331 iidev->working_msg = NULL; 332 ipmi_ipmb_send_response(iidev, msg, IPMI_BUS_ERR); 333 continue; 334 } 335 336 /* A command was sent, wait for its response. */ 337 ret = down_timeout(&iidev->got_rsp, 338 msecs_to_jiffies(iidev->retry_time_ms)); 339 340 /* 341 * Grab the message if we can. If the handler hasn't 342 * already handled it, the message will still be there. 343 */ 344 spin_lock_irqsave(&iidev->lock, flags); 345 msg = iidev->working_msg; 346 iidev->working_msg = NULL; 347 spin_unlock_irqrestore(&iidev->lock, flags); 348 349 if (!msg && ret) { 350 /* 351 * If working_msg is not set and we timed out, 352 * that means the message grabbed by 353 * check_msg_done before we could grab it 354 * here. Wait again for check_msg_done to up 355 * the semaphore. 356 */ 357 down(&iidev->got_rsp); 358 } else if (msg && ++retries <= iidev->max_retries) { 359 spin_lock_irqsave(&iidev->lock, flags); 360 iidev->working_msg = msg; 361 spin_unlock_irqrestore(&iidev->lock, flags); 362 goto retry; 363 } 364 365 if (msg) 366 ipmi_ipmb_send_response(iidev, msg, IPMI_TIMEOUT_ERR); 367 } 368 369 if (iidev->next_msg) 370 /* Return an unspecified error. */ 371 ipmi_ipmb_send_response(iidev, iidev->next_msg, 0xff); 372 373 return 0; 374 } 375 376 static int ipmi_ipmb_start_processing(void *send_info, 377 struct ipmi_smi *new_intf) 378 { 379 struct ipmi_ipmb_dev *iidev = send_info; 380 381 iidev->intf = new_intf; 382 iidev->ready = true; 383 return 0; 384 } 385 386 static void ipmi_ipmb_stop_thread(struct ipmi_ipmb_dev *iidev) 387 { 388 if (iidev->thread) { 389 struct task_struct *t = iidev->thread; 390 391 iidev->thread = NULL; 392 iidev->stopping = true; 393 up(&iidev->wake_thread); 394 up(&iidev->got_rsp); 395 kthread_stop(t); 396 } 397 } 398 399 static void ipmi_ipmb_shutdown(void *send_info) 400 { 401 struct ipmi_ipmb_dev *iidev = send_info; 402 403 ipmi_ipmb_stop_thread(iidev); 404 } 405 406 static void ipmi_ipmb_sender(void *send_info, 407 struct ipmi_smi_msg *msg) 408 { 409 struct ipmi_ipmb_dev *iidev = send_info; 410 unsigned long flags; 411 412 spin_lock_irqsave(&iidev->lock, flags); 413 BUG_ON(iidev->next_msg); 414 415 iidev->next_msg = msg; 416 spin_unlock_irqrestore(&iidev->lock, flags); 417 418 up(&iidev->wake_thread); 419 } 420 421 static void ipmi_ipmb_request_events(void *send_info) 422 { 423 /* We don't fetch events here. */ 424 } 425 426 static int ipmi_ipmb_remove(struct i2c_client *client) 427 { 428 struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client); 429 430 if (iidev->client) { 431 iidev->client = NULL; 432 i2c_slave_unregister(client); 433 } 434 ipmi_ipmb_stop_thread(iidev); 435 436 return 0; 437 } 438 439 static int ipmi_ipmb_probe(struct i2c_client *client, 440 const struct i2c_device_id *id) 441 { 442 struct device *dev = &client->dev; 443 struct ipmi_ipmb_dev *iidev; 444 int rv; 445 446 iidev = devm_kzalloc(&client->dev, sizeof(*iidev), GFP_KERNEL); 447 if (!iidev) 448 return -ENOMEM; 449 450 if (of_property_read_u8(dev->of_node, "bmcaddr", &iidev->bmcaddr) != 0) 451 iidev->bmcaddr = bmcaddr; 452 if (iidev->bmcaddr == 0 || iidev->bmcaddr & 1) { 453 /* Can't have the write bit set. */ 454 dev_notice(&client->dev, 455 "Invalid bmc address value %2.2x\n", iidev->bmcaddr); 456 return -EINVAL; 457 } 458 459 if (of_property_read_u32(dev->of_node, "retry-time", 460 &iidev->retry_time_ms) != 0) 461 iidev->retry_time_ms = retry_time_ms; 462 463 if (of_property_read_u32(dev->of_node, "max-retries", 464 &iidev->max_retries) != 0) 465 iidev->max_retries = max_retries; 466 467 i2c_set_clientdata(client, iidev); 468 client->flags |= I2C_CLIENT_SLAVE; 469 470 rv = i2c_slave_register(client, ipmi_ipmb_slave_cb); 471 if (rv) 472 return rv; 473 474 iidev->client = client; 475 476 iidev->handlers.flags = IPMI_SMI_CAN_HANDLE_IPMB_DIRECT; 477 iidev->handlers.start_processing = ipmi_ipmb_start_processing; 478 iidev->handlers.shutdown = ipmi_ipmb_shutdown; 479 iidev->handlers.sender = ipmi_ipmb_sender; 480 iidev->handlers.request_events = ipmi_ipmb_request_events; 481 482 spin_lock_init(&iidev->lock); 483 sema_init(&iidev->wake_thread, 0); 484 sema_init(&iidev->got_rsp, 0); 485 486 iidev->thread = kthread_run(ipmi_ipmb_thread, iidev, 487 "kipmb%4.4x", client->addr); 488 if (IS_ERR(iidev->thread)) { 489 rv = PTR_ERR(iidev->thread); 490 dev_notice(&client->dev, 491 "Could not start kernel thread: error %d\n", rv); 492 goto out_err; 493 } 494 495 rv = ipmi_register_smi(&iidev->handlers, 496 iidev, 497 &client->dev, 498 iidev->bmcaddr); 499 if (rv) 500 goto out_err; 501 502 return 0; 503 504 out_err: 505 ipmi_ipmb_remove(client); 506 return rv; 507 } 508 509 #ifdef CONFIG_OF 510 static const struct of_device_id of_ipmi_ipmb_match[] = { 511 { .type = "ipmi", .compatible = DEVICE_NAME }, 512 {}, 513 }; 514 MODULE_DEVICE_TABLE(of, of_ipmi_ipmb_match); 515 #else 516 #define of_ipmi_ipmb_match NULL 517 #endif 518 519 static const struct i2c_device_id ipmi_ipmb_id[] = { 520 { DEVICE_NAME, 0 }, 521 {}, 522 }; 523 MODULE_DEVICE_TABLE(i2c, ipmi_ipmb_id); 524 525 static struct i2c_driver ipmi_ipmb_driver = { 526 .class = I2C_CLASS_HWMON, 527 .driver = { 528 .name = DEVICE_NAME, 529 .of_match_table = of_ipmi_ipmb_match, 530 }, 531 .probe = ipmi_ipmb_probe, 532 .remove = ipmi_ipmb_remove, 533 .id_table = ipmi_ipmb_id, 534 }; 535 module_i2c_driver(ipmi_ipmb_driver); 536 537 MODULE_AUTHOR("Corey Minyard"); 538 MODULE_DESCRIPTION("IPMI IPMB driver"); 539 MODULE_LICENSE("GPL v2"); 540