xref: /openbmc/linux/drivers/char/ipmi/ipmi_ipmb.c (revision 94d964e5)
1 // SPDX-License-Identifier: GPL-2.0
2 
3 /*
4  * Driver to talk to a remote management controller on IPMB.
5  */
6 
7 #include <linux/acpi.h>
8 #include <linux/errno.h>
9 #include <linux/i2c.h>
10 #include <linux/miscdevice.h>
11 #include <linux/module.h>
12 #include <linux/mutex.h>
13 #include <linux/poll.h>
14 #include <linux/slab.h>
15 #include <linux/spinlock.h>
16 #include <linux/semaphore.h>
17 #include <linux/kthread.h>
18 #include <linux/wait.h>
19 #include <linux/ipmi_msgdefs.h>
20 #include <linux/ipmi_smi.h>
21 
22 #define DEVICE_NAME "ipmi-ipmb"
23 
24 static int bmcaddr = 0x20;
25 module_param(bmcaddr, int, 0644);
26 MODULE_PARM_DESC(bmcaddr, "Address to use for BMC.");
27 
28 static unsigned int retry_time_ms = 250;
29 module_param(retry_time_ms, uint, 0644);
30 MODULE_PARM_DESC(max_retries, "Timeout time between retries, in milliseconds.");
31 
32 static unsigned int max_retries = 1;
33 module_param(max_retries, uint, 0644);
34 MODULE_PARM_DESC(max_retries, "Max resends of a command before timing out.");
35 
36 /* Add room for the two slave addresses, two checksums, and rqSeq. */
37 #define IPMB_MAX_MSG_LEN (IPMI_MAX_MSG_LENGTH + 5)
38 
39 struct ipmi_ipmb_dev {
40 	struct ipmi_smi *intf;
41 	struct i2c_client *client;
42 
43 	struct ipmi_smi_handlers handlers;
44 
45 	bool ready;
46 
47 	u8 curr_seq;
48 
49 	u8 bmcaddr;
50 	u32 retry_time_ms;
51 	u32 max_retries;
52 
53 	struct ipmi_smi_msg *next_msg;
54 	struct ipmi_smi_msg *working_msg;
55 
56 	/* Transmit thread. */
57 	struct task_struct *thread;
58 	struct semaphore wake_thread;
59 	struct semaphore got_rsp;
60 	spinlock_t lock;
61 	bool stopping;
62 
63 	u8 xmitmsg[IPMB_MAX_MSG_LEN];
64 	unsigned int xmitlen;
65 
66 	u8 rcvmsg[IPMB_MAX_MSG_LEN];
67 	unsigned int rcvlen;
68 	bool overrun;
69 };
70 
71 static bool valid_ipmb(struct ipmi_ipmb_dev *iidev)
72 {
73 	u8 *msg = iidev->rcvmsg;
74 	u8 netfn;
75 
76 	if (iidev->overrun)
77 		return false;
78 
79 	/* Minimum message size. */
80 	if (iidev->rcvlen < 7)
81 		return false;
82 
83 	/* Is it a response? */
84 	netfn = msg[1] >> 2;
85 	if (netfn & 1) {
86 		/* Response messages have an added completion code. */
87 		if (iidev->rcvlen < 8)
88 			return false;
89 	}
90 
91 	if (ipmb_checksum(msg, 3) != 0)
92 		return false;
93 	if (ipmb_checksum(msg + 3, iidev->rcvlen - 3) != 0)
94 		return false;
95 
96 	return true;
97 }
98 
99 static void ipmi_ipmb_check_msg_done(struct ipmi_ipmb_dev *iidev)
100 {
101 	struct ipmi_smi_msg *imsg = NULL;
102 	u8 *msg = iidev->rcvmsg;
103 	bool is_cmd;
104 	unsigned long flags;
105 
106 	if (iidev->rcvlen == 0)
107 		return;
108 	if (!valid_ipmb(iidev))
109 		goto done;
110 
111 	is_cmd = ((msg[1] >> 2) & 1) == 0;
112 
113 	if (is_cmd) {
114 		/* Ignore commands until we are up. */
115 		if (!iidev->ready)
116 			goto done;
117 
118 		/* It's a command, allocate a message for it. */
119 		imsg = ipmi_alloc_smi_msg();
120 		if (!imsg)
121 			goto done;
122 		imsg->type = IPMI_SMI_MSG_TYPE_IPMB_DIRECT;
123 		imsg->data_size = 0;
124 	} else {
125 		spin_lock_irqsave(&iidev->lock, flags);
126 		if (iidev->working_msg) {
127 			u8 seq = msg[4] >> 2;
128 			bool xmit_rsp = (iidev->working_msg->data[0] >> 2) & 1;
129 
130 			/*
131 			 * Responses should carry the sequence we sent
132 			 * them with.  If it's a transmitted response,
133 			 * ignore it.  And if the message hasn't been
134 			 * transmitted, ignore it.
135 			 */
136 			if (!xmit_rsp && seq == iidev->curr_seq) {
137 				iidev->curr_seq = (iidev->curr_seq + 1) & 0x3f;
138 
139 				imsg = iidev->working_msg;
140 				iidev->working_msg = NULL;
141 			}
142 		}
143 		spin_unlock_irqrestore(&iidev->lock, flags);
144 	}
145 
146 	if (!imsg)
147 		goto done;
148 
149 	if (imsg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
150 		imsg->rsp[0] = msg[1]; /* NetFn/LUN */
151 		/*
152 		 * Keep the source address, rqSeq.  Drop the trailing
153 		 * checksum.
154 		 */
155 		memcpy(imsg->rsp + 1, msg + 3, iidev->rcvlen - 4);
156 		imsg->rsp_size = iidev->rcvlen - 3;
157 	} else {
158 		imsg->rsp[0] = msg[1]; /* NetFn/LUN */
159 		/*
160 		 * Skip the source address, rqSeq.  Drop the trailing
161 		 * checksum.
162 		 */
163 		memcpy(imsg->rsp + 1, msg + 5, iidev->rcvlen - 6);
164 		imsg->rsp_size = iidev->rcvlen - 5;
165 	}
166 	ipmi_smi_msg_received(iidev->intf, imsg);
167 	if (!is_cmd)
168 		up(&iidev->got_rsp);
169 
170 done:
171 	iidev->overrun = false;
172 	iidev->rcvlen = 0;
173 }
174 
175 /*
176  * The IPMB protocol only supports i2c writes so there is no need to
177  * support I2C_SLAVE_READ* events, except to know if the other end has
178  * issued a read without going to stop mode.
179  */
180 static int ipmi_ipmb_slave_cb(struct i2c_client *client,
181 			      enum i2c_slave_event event, u8 *val)
182 {
183 	struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client);
184 
185 	switch (event) {
186 	case I2C_SLAVE_WRITE_REQUESTED:
187 		ipmi_ipmb_check_msg_done(iidev);
188 		/*
189 		 * First byte is the slave address, to ease the checksum
190 		 * calculation.
191 		 */
192 		iidev->rcvmsg[0] = client->addr << 1;
193 		iidev->rcvlen = 1;
194 		break;
195 
196 	case I2C_SLAVE_WRITE_RECEIVED:
197 		if (iidev->rcvlen >= sizeof(iidev->rcvmsg))
198 			iidev->overrun = true;
199 		else
200 			iidev->rcvmsg[iidev->rcvlen++] = *val;
201 		break;
202 
203 	case I2C_SLAVE_READ_REQUESTED:
204 	case I2C_SLAVE_STOP:
205 		ipmi_ipmb_check_msg_done(iidev);
206 		break;
207 
208 	case I2C_SLAVE_READ_PROCESSED:
209 		break;
210 	}
211 
212 	return 0;
213 }
214 
215 static void ipmi_ipmb_send_response(struct ipmi_ipmb_dev *iidev,
216 				    struct ipmi_smi_msg *msg, u8 cc)
217 {
218 	if ((msg->data[0] >> 2) & 1) {
219 		/*
220 		 * It's a response being sent, we needto return a
221 		 * response response.  Fake a send msg command
222 		 * response with channel 0.  This will always be ipmb
223 		 * direct.
224 		 */
225 		msg->data[0] = (IPMI_NETFN_APP_REQUEST | 1) << 2;
226 		msg->data[3] = IPMI_SEND_MSG_CMD;
227 		msg->data[4] = cc;
228 		msg->data_size = 5;
229 	}
230 	msg->rsp[0] = msg->data[0] | (1 << 2);
231 	if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
232 		msg->rsp[1] = msg->data[1];
233 		msg->rsp[2] = msg->data[2];
234 		msg->rsp[3] = msg->data[3];
235 		msg->rsp[4] = cc;
236 		msg->rsp_size = 5;
237 	} else {
238 		msg->rsp[1] = msg->data[1];
239 		msg->rsp[2] = cc;
240 		msg->rsp_size = 3;
241 	}
242 	ipmi_smi_msg_received(iidev->intf, msg);
243 }
244 
245 static void ipmi_ipmb_format_for_xmit(struct ipmi_ipmb_dev *iidev,
246 				      struct ipmi_smi_msg *msg)
247 {
248 	if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
249 		iidev->xmitmsg[0] = msg->data[1];
250 		iidev->xmitmsg[1] = msg->data[0];
251 		memcpy(iidev->xmitmsg + 4, msg->data + 2, msg->data_size - 2);
252 		iidev->xmitlen = msg->data_size + 2;
253 	} else {
254 		iidev->xmitmsg[0] = iidev->bmcaddr;
255 		iidev->xmitmsg[1] = msg->data[0];
256 		iidev->xmitmsg[4] = 0;
257 		memcpy(iidev->xmitmsg + 5, msg->data + 1, msg->data_size - 1);
258 		iidev->xmitlen = msg->data_size + 4;
259 	}
260 	iidev->xmitmsg[3] = iidev->client->addr << 1;
261 	if (((msg->data[0] >> 2) & 1) == 0)
262 		/* If it's a command, put in our own sequence number. */
263 		iidev->xmitmsg[4] = ((iidev->xmitmsg[4] & 0x03) |
264 				     (iidev->curr_seq << 2));
265 
266 	/* Now add on the final checksums. */
267 	iidev->xmitmsg[2] = ipmb_checksum(iidev->xmitmsg, 2);
268 	iidev->xmitmsg[iidev->xmitlen] =
269 		ipmb_checksum(iidev->xmitmsg + 3, iidev->xmitlen - 3);
270 	iidev->xmitlen++;
271 }
272 
273 static int ipmi_ipmb_thread(void *data)
274 {
275 	struct ipmi_ipmb_dev *iidev = data;
276 
277 	while (!kthread_should_stop()) {
278 		long ret;
279 		struct i2c_msg i2c_msg;
280 		struct ipmi_smi_msg *msg = NULL;
281 		unsigned long flags;
282 		unsigned int retries = 0;
283 
284 		/* Wait for a message to send */
285 		ret = down_interruptible(&iidev->wake_thread);
286 		if (iidev->stopping)
287 			break;
288 		if (ret)
289 			continue;
290 
291 		spin_lock_irqsave(&iidev->lock, flags);
292 		if (iidev->next_msg) {
293 			msg = iidev->next_msg;
294 			iidev->next_msg = NULL;
295 		}
296 		spin_unlock_irqrestore(&iidev->lock, flags);
297 		if (!msg)
298 			continue;
299 
300 		ipmi_ipmb_format_for_xmit(iidev, msg);
301 
302 retry:
303 		i2c_msg.len = iidev->xmitlen - 1;
304 		if (i2c_msg.len > 32) {
305 			ipmi_ipmb_send_response(iidev, msg,
306 						IPMI_REQ_LEN_EXCEEDED_ERR);
307 			continue;
308 		}
309 
310 		i2c_msg.addr = iidev->xmitmsg[0] >> 1;
311 		i2c_msg.flags = 0;
312 		i2c_msg.buf = iidev->xmitmsg + 1;
313 
314 		/* Rely on i2c_transfer for a barrier. */
315 		iidev->working_msg = msg;
316 
317 		ret = i2c_transfer(iidev->client->adapter, &i2c_msg, 1);
318 
319 		if ((msg->data[0] >> 2) & 1) {
320 			/*
321 			 * It's a response, nothing will be returned
322 			 * by the other end.
323 			 */
324 
325 			iidev->working_msg = NULL;
326 			ipmi_ipmb_send_response(iidev, msg,
327 						ret < 0 ? IPMI_BUS_ERR : 0);
328 			continue;
329 		}
330 		if (ret < 0) {
331 			iidev->working_msg = NULL;
332 			ipmi_ipmb_send_response(iidev, msg, IPMI_BUS_ERR);
333 			continue;
334 		}
335 
336 		/* A command was sent, wait for its response. */
337 		ret = down_timeout(&iidev->got_rsp,
338 				   msecs_to_jiffies(iidev->retry_time_ms));
339 
340 		/*
341 		 * Grab the message if we can.  If the handler hasn't
342 		 * already handled it, the message will still be there.
343 		 */
344 		spin_lock_irqsave(&iidev->lock, flags);
345 		msg = iidev->working_msg;
346 		iidev->working_msg = NULL;
347 		spin_unlock_irqrestore(&iidev->lock, flags);
348 
349 		if (!msg && ret) {
350 			/*
351 			 * If working_msg is not set and we timed out,
352 			 * that means the message grabbed by
353 			 * check_msg_done before we could grab it
354 			 * here.  Wait again for check_msg_done to up
355 			 * the semaphore.
356 			 */
357 			down(&iidev->got_rsp);
358 		} else if (msg && ++retries <= iidev->max_retries) {
359 			spin_lock_irqsave(&iidev->lock, flags);
360 			iidev->working_msg = msg;
361 			spin_unlock_irqrestore(&iidev->lock, flags);
362 			goto retry;
363 		}
364 
365 		if (msg)
366 			ipmi_ipmb_send_response(iidev, msg, IPMI_TIMEOUT_ERR);
367 	}
368 
369 	if (iidev->next_msg)
370 		/* Return an unspecified error. */
371 		ipmi_ipmb_send_response(iidev, iidev->next_msg, 0xff);
372 
373 	return 0;
374 }
375 
376 static int ipmi_ipmb_start_processing(void *send_info,
377 				      struct ipmi_smi *new_intf)
378 {
379 	struct ipmi_ipmb_dev *iidev = send_info;
380 
381 	iidev->intf = new_intf;
382 	iidev->ready = true;
383 	return 0;
384 }
385 
386 static void ipmi_ipmb_stop_thread(struct ipmi_ipmb_dev *iidev)
387 {
388 	if (iidev->thread) {
389 		struct task_struct *t = iidev->thread;
390 
391 		iidev->thread = NULL;
392 		iidev->stopping = true;
393 		up(&iidev->wake_thread);
394 		up(&iidev->got_rsp);
395 		kthread_stop(t);
396 	}
397 }
398 
399 static void ipmi_ipmb_shutdown(void *send_info)
400 {
401 	struct ipmi_ipmb_dev *iidev = send_info;
402 
403 	ipmi_ipmb_stop_thread(iidev);
404 }
405 
406 static void ipmi_ipmb_sender(void *send_info,
407 			     struct ipmi_smi_msg *msg)
408 {
409 	struct ipmi_ipmb_dev *iidev = send_info;
410 	unsigned long flags;
411 
412 	spin_lock_irqsave(&iidev->lock, flags);
413 	BUG_ON(iidev->next_msg);
414 
415 	iidev->next_msg = msg;
416 	spin_unlock_irqrestore(&iidev->lock, flags);
417 
418 	up(&iidev->wake_thread);
419 }
420 
421 static void ipmi_ipmb_request_events(void *send_info)
422 {
423 	/* We don't fetch events here. */
424 }
425 
426 static int ipmi_ipmb_remove(struct i2c_client *client)
427 {
428 	struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client);
429 
430 	if (iidev->client) {
431 		iidev->client = NULL;
432 		i2c_slave_unregister(client);
433 	}
434 	ipmi_ipmb_stop_thread(iidev);
435 
436 	return 0;
437 }
438 
439 static int ipmi_ipmb_probe(struct i2c_client *client,
440 			   const struct i2c_device_id *id)
441 {
442 	struct device *dev = &client->dev;
443 	struct ipmi_ipmb_dev *iidev;
444 	int rv;
445 
446 	iidev = devm_kzalloc(&client->dev, sizeof(*iidev), GFP_KERNEL);
447 	if (!iidev)
448 		return -ENOMEM;
449 
450 	if (of_property_read_u8(dev->of_node, "bmcaddr", &iidev->bmcaddr) != 0)
451 		iidev->bmcaddr = bmcaddr;
452 	if (iidev->bmcaddr == 0 || iidev->bmcaddr & 1) {
453 		/* Can't have the write bit set. */
454 		dev_notice(&client->dev,
455 			   "Invalid bmc address value %2.2x\n", iidev->bmcaddr);
456 		return -EINVAL;
457 	}
458 
459 	if (of_property_read_u32(dev->of_node, "retry-time",
460 				 &iidev->retry_time_ms) != 0)
461 		iidev->retry_time_ms = retry_time_ms;
462 
463 	if (of_property_read_u32(dev->of_node, "max-retries",
464 				 &iidev->max_retries) != 0)
465 		iidev->max_retries = max_retries;
466 
467 	i2c_set_clientdata(client, iidev);
468 	client->flags |= I2C_CLIENT_SLAVE;
469 
470 	rv = i2c_slave_register(client, ipmi_ipmb_slave_cb);
471 	if (rv)
472 		return rv;
473 
474 	iidev->client = client;
475 
476 	iidev->handlers.flags = IPMI_SMI_CAN_HANDLE_IPMB_DIRECT;
477 	iidev->handlers.start_processing = ipmi_ipmb_start_processing;
478 	iidev->handlers.shutdown = ipmi_ipmb_shutdown;
479 	iidev->handlers.sender = ipmi_ipmb_sender;
480 	iidev->handlers.request_events = ipmi_ipmb_request_events;
481 
482 	spin_lock_init(&iidev->lock);
483 	sema_init(&iidev->wake_thread, 0);
484 	sema_init(&iidev->got_rsp, 0);
485 
486 	iidev->thread = kthread_run(ipmi_ipmb_thread, iidev,
487 				    "kipmb%4.4x", client->addr);
488 	if (IS_ERR(iidev->thread)) {
489 		rv = PTR_ERR(iidev->thread);
490 		dev_notice(&client->dev,
491 			   "Could not start kernel thread: error %d\n", rv);
492 		goto out_err;
493 	}
494 
495 	rv = ipmi_register_smi(&iidev->handlers,
496 			       iidev,
497 			       &client->dev,
498 			       iidev->bmcaddr);
499 	if (rv)
500 		goto out_err;
501 
502 	return 0;
503 
504 out_err:
505 	ipmi_ipmb_remove(client);
506 	return rv;
507 }
508 
509 #ifdef CONFIG_OF
510 static const struct of_device_id of_ipmi_ipmb_match[] = {
511 	{ .type = "ipmi", .compatible = DEVICE_NAME },
512 	{},
513 };
514 MODULE_DEVICE_TABLE(of, of_ipmi_ipmb_match);
515 #else
516 #define of_ipmi_ipmb_match NULL
517 #endif
518 
519 static const struct i2c_device_id ipmi_ipmb_id[] = {
520 	{ DEVICE_NAME, 0 },
521 	{},
522 };
523 MODULE_DEVICE_TABLE(i2c, ipmi_ipmb_id);
524 
525 static struct i2c_driver ipmi_ipmb_driver = {
526 	.class		= I2C_CLASS_HWMON,
527 	.driver = {
528 		.name = DEVICE_NAME,
529 		.of_match_table = of_ipmi_ipmb_match,
530 	},
531 	.probe		= ipmi_ipmb_probe,
532 	.remove		= ipmi_ipmb_remove,
533 	.id_table	= ipmi_ipmb_id,
534 };
535 module_i2c_driver(ipmi_ipmb_driver);
536 
537 MODULE_AUTHOR("Corey Minyard");
538 MODULE_DESCRIPTION("IPMI IPMB driver");
539 MODULE_LICENSE("GPL v2");
540