1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * ipmi_msghandler.c 4 * 5 * Incoming and outgoing message routing for an IPMI interface. 6 * 7 * Author: MontaVista Software, Inc. 8 * Corey Minyard <minyard@mvista.com> 9 * source@mvista.com 10 * 11 * Copyright 2002 MontaVista Software Inc. 12 */ 13 14 #include <linux/module.h> 15 #include <linux/errno.h> 16 #include <linux/poll.h> 17 #include <linux/sched.h> 18 #include <linux/seq_file.h> 19 #include <linux/spinlock.h> 20 #include <linux/mutex.h> 21 #include <linux/slab.h> 22 #include <linux/ipmi.h> 23 #include <linux/ipmi_smi.h> 24 #include <linux/notifier.h> 25 #include <linux/init.h> 26 #include <linux/proc_fs.h> 27 #include <linux/rcupdate.h> 28 #include <linux/interrupt.h> 29 #include <linux/moduleparam.h> 30 #include <linux/workqueue.h> 31 #include <linux/uuid.h> 32 33 #define PFX "IPMI message handler: " 34 35 #define IPMI_DRIVER_VERSION "39.2" 36 37 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void); 38 static int ipmi_init_msghandler(void); 39 static void smi_recv_tasklet(unsigned long); 40 static void handle_new_recv_msgs(ipmi_smi_t intf); 41 static void need_waiter(ipmi_smi_t intf); 42 static int handle_one_recv_msg(ipmi_smi_t intf, 43 struct ipmi_smi_msg *msg); 44 45 static int initialized; 46 47 enum ipmi_panic_event_op { 48 IPMI_SEND_PANIC_EVENT_NONE, 49 IPMI_SEND_PANIC_EVENT, 50 IPMI_SEND_PANIC_EVENT_STRING 51 }; 52 #ifdef CONFIG_IPMI_PANIC_STRING 53 #define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT_STRING 54 #elif defined(CONFIG_IPMI_PANIC_EVENT) 55 #define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT 56 #else 57 #define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT_NONE 58 #endif 59 static enum ipmi_panic_event_op ipmi_send_panic_event = IPMI_PANIC_DEFAULT; 60 61 static int panic_op_write_handler(const char *val, 62 const struct kernel_param *kp) 63 { 64 char valcp[16]; 65 char *s; 66 67 strncpy(valcp, val, 15); 68 valcp[15] = '\0'; 69 70 s = strstrip(valcp); 71 72 if (strcmp(s, "none") == 0) 73 ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT_NONE; 74 else if (strcmp(s, "event") == 0) 75 ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT; 76 else if (strcmp(s, "string") == 0) 77 ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT_STRING; 78 else 79 return -EINVAL; 80 81 return 0; 82 } 83 84 static int panic_op_read_handler(char *buffer, const struct kernel_param *kp) 85 { 86 switch (ipmi_send_panic_event) { 87 case IPMI_SEND_PANIC_EVENT_NONE: 88 strcpy(buffer, "none"); 89 break; 90 91 case IPMI_SEND_PANIC_EVENT: 92 strcpy(buffer, "event"); 93 break; 94 95 case IPMI_SEND_PANIC_EVENT_STRING: 96 strcpy(buffer, "string"); 97 break; 98 99 default: 100 strcpy(buffer, "???"); 101 break; 102 } 103 104 return strlen(buffer); 105 } 106 107 static const struct kernel_param_ops panic_op_ops = { 108 .set = panic_op_write_handler, 109 .get = panic_op_read_handler 110 }; 111 module_param_cb(panic_op, &panic_op_ops, NULL, 0600); 112 MODULE_PARM_DESC(panic_op, "Sets if the IPMI driver will attempt to store panic information in the event log in the event of a panic. Set to 'none' for no, 'event' for a single event, or 'string' for a generic event and the panic string in IPMI OEM events."); 113 114 115 #ifdef CONFIG_IPMI_PROC_INTERFACE 116 static struct proc_dir_entry *proc_ipmi_root; 117 #endif /* CONFIG_IPMI_PROC_INTERFACE */ 118 119 /* Remain in auto-maintenance mode for this amount of time (in ms). */ 120 #define IPMI_MAINTENANCE_MODE_TIMEOUT 30000 121 122 #define MAX_EVENTS_IN_QUEUE 25 123 124 /* 125 * Don't let a message sit in a queue forever, always time it with at lest 126 * the max message timer. This is in milliseconds. 127 */ 128 #define MAX_MSG_TIMEOUT 60000 129 130 /* Call every ~1000 ms. */ 131 #define IPMI_TIMEOUT_TIME 1000 132 133 /* How many jiffies does it take to get to the timeout time. */ 134 #define IPMI_TIMEOUT_JIFFIES ((IPMI_TIMEOUT_TIME * HZ) / 1000) 135 136 /* 137 * Request events from the queue every second (this is the number of 138 * IPMI_TIMEOUT_TIMES between event requests). Hopefully, in the 139 * future, IPMI will add a way to know immediately if an event is in 140 * the queue and this silliness can go away. 141 */ 142 #define IPMI_REQUEST_EV_TIME (1000 / (IPMI_TIMEOUT_TIME)) 143 144 /* How long should we cache dynamic device IDs? */ 145 #define IPMI_DYN_DEV_ID_EXPIRY (10 * HZ) 146 147 /* 148 * The main "user" data structure. 149 */ 150 struct ipmi_user { 151 struct list_head link; 152 153 /* Set to false when the user is destroyed. */ 154 bool valid; 155 156 struct kref refcount; 157 158 /* The upper layer that handles receive messages. */ 159 const struct ipmi_user_hndl *handler; 160 void *handler_data; 161 162 /* The interface this user is bound to. */ 163 ipmi_smi_t intf; 164 165 /* Does this interface receive IPMI events? */ 166 bool gets_events; 167 }; 168 169 struct cmd_rcvr { 170 struct list_head link; 171 172 ipmi_user_t user; 173 unsigned char netfn; 174 unsigned char cmd; 175 unsigned int chans; 176 177 /* 178 * This is used to form a linked lised during mass deletion. 179 * Since this is in an RCU list, we cannot use the link above 180 * or change any data until the RCU period completes. So we 181 * use this next variable during mass deletion so we can have 182 * a list and don't have to wait and restart the search on 183 * every individual deletion of a command. 184 */ 185 struct cmd_rcvr *next; 186 }; 187 188 struct seq_table { 189 unsigned int inuse : 1; 190 unsigned int broadcast : 1; 191 192 unsigned long timeout; 193 unsigned long orig_timeout; 194 unsigned int retries_left; 195 196 /* 197 * To verify on an incoming send message response that this is 198 * the message that the response is for, we keep a sequence id 199 * and increment it every time we send a message. 200 */ 201 long seqid; 202 203 /* 204 * This is held so we can properly respond to the message on a 205 * timeout, and it is used to hold the temporary data for 206 * retransmission, too. 207 */ 208 struct ipmi_recv_msg *recv_msg; 209 }; 210 211 /* 212 * Store the information in a msgid (long) to allow us to find a 213 * sequence table entry from the msgid. 214 */ 215 #define STORE_SEQ_IN_MSGID(seq, seqid) \ 216 ((((seq) & 0x3f) << 26) | ((seqid) & 0x3ffffff)) 217 218 #define GET_SEQ_FROM_MSGID(msgid, seq, seqid) \ 219 do { \ 220 seq = (((msgid) >> 26) & 0x3f); \ 221 seqid = ((msgid) & 0x3ffffff); \ 222 } while (0) 223 224 #define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3ffffff) 225 226 #define IPMI_MAX_CHANNELS 16 227 struct ipmi_channel { 228 unsigned char medium; 229 unsigned char protocol; 230 }; 231 232 struct ipmi_channel_set { 233 struct ipmi_channel c[IPMI_MAX_CHANNELS]; 234 }; 235 236 struct ipmi_my_addrinfo { 237 /* 238 * My slave address. This is initialized to IPMI_BMC_SLAVE_ADDR, 239 * but may be changed by the user. 240 */ 241 unsigned char address; 242 243 /* 244 * My LUN. This should generally stay the SMS LUN, but just in 245 * case... 246 */ 247 unsigned char lun; 248 }; 249 250 #ifdef CONFIG_IPMI_PROC_INTERFACE 251 struct ipmi_proc_entry { 252 char *name; 253 struct ipmi_proc_entry *next; 254 }; 255 #endif 256 257 /* 258 * Note that the product id, manufacturer id, guid, and device id are 259 * immutable in this structure, so dyn_mutex is not required for 260 * accessing those. If those change on a BMC, a new BMC is allocated. 261 */ 262 struct bmc_device { 263 struct platform_device pdev; 264 struct list_head intfs; /* Interfaces on this BMC. */ 265 struct ipmi_device_id id; 266 struct ipmi_device_id fetch_id; 267 int dyn_id_set; 268 unsigned long dyn_id_expiry; 269 struct mutex dyn_mutex; /* Protects id, intfs, & dyn* */ 270 guid_t guid; 271 guid_t fetch_guid; 272 int dyn_guid_set; 273 struct kref usecount; 274 struct work_struct remove_work; 275 }; 276 #define to_bmc_device(x) container_of((x), struct bmc_device, pdev.dev) 277 278 static int bmc_get_device_id(ipmi_smi_t intf, struct bmc_device *bmc, 279 struct ipmi_device_id *id, 280 bool *guid_set, guid_t *guid); 281 282 /* 283 * Various statistics for IPMI, these index stats[] in the ipmi_smi 284 * structure. 285 */ 286 enum ipmi_stat_indexes { 287 /* Commands we got from the user that were invalid. */ 288 IPMI_STAT_sent_invalid_commands = 0, 289 290 /* Commands we sent to the MC. */ 291 IPMI_STAT_sent_local_commands, 292 293 /* Responses from the MC that were delivered to a user. */ 294 IPMI_STAT_handled_local_responses, 295 296 /* Responses from the MC that were not delivered to a user. */ 297 IPMI_STAT_unhandled_local_responses, 298 299 /* Commands we sent out to the IPMB bus. */ 300 IPMI_STAT_sent_ipmb_commands, 301 302 /* Commands sent on the IPMB that had errors on the SEND CMD */ 303 IPMI_STAT_sent_ipmb_command_errs, 304 305 /* Each retransmit increments this count. */ 306 IPMI_STAT_retransmitted_ipmb_commands, 307 308 /* 309 * When a message times out (runs out of retransmits) this is 310 * incremented. 311 */ 312 IPMI_STAT_timed_out_ipmb_commands, 313 314 /* 315 * This is like above, but for broadcasts. Broadcasts are 316 * *not* included in the above count (they are expected to 317 * time out). 318 */ 319 IPMI_STAT_timed_out_ipmb_broadcasts, 320 321 /* Responses I have sent to the IPMB bus. */ 322 IPMI_STAT_sent_ipmb_responses, 323 324 /* The response was delivered to the user. */ 325 IPMI_STAT_handled_ipmb_responses, 326 327 /* The response had invalid data in it. */ 328 IPMI_STAT_invalid_ipmb_responses, 329 330 /* The response didn't have anyone waiting for it. */ 331 IPMI_STAT_unhandled_ipmb_responses, 332 333 /* Commands we sent out to the IPMB bus. */ 334 IPMI_STAT_sent_lan_commands, 335 336 /* Commands sent on the IPMB that had errors on the SEND CMD */ 337 IPMI_STAT_sent_lan_command_errs, 338 339 /* Each retransmit increments this count. */ 340 IPMI_STAT_retransmitted_lan_commands, 341 342 /* 343 * When a message times out (runs out of retransmits) this is 344 * incremented. 345 */ 346 IPMI_STAT_timed_out_lan_commands, 347 348 /* Responses I have sent to the IPMB bus. */ 349 IPMI_STAT_sent_lan_responses, 350 351 /* The response was delivered to the user. */ 352 IPMI_STAT_handled_lan_responses, 353 354 /* The response had invalid data in it. */ 355 IPMI_STAT_invalid_lan_responses, 356 357 /* The response didn't have anyone waiting for it. */ 358 IPMI_STAT_unhandled_lan_responses, 359 360 /* The command was delivered to the user. */ 361 IPMI_STAT_handled_commands, 362 363 /* The command had invalid data in it. */ 364 IPMI_STAT_invalid_commands, 365 366 /* The command didn't have anyone waiting for it. */ 367 IPMI_STAT_unhandled_commands, 368 369 /* Invalid data in an event. */ 370 IPMI_STAT_invalid_events, 371 372 /* Events that were received with the proper format. */ 373 IPMI_STAT_events, 374 375 /* Retransmissions on IPMB that failed. */ 376 IPMI_STAT_dropped_rexmit_ipmb_commands, 377 378 /* Retransmissions on LAN that failed. */ 379 IPMI_STAT_dropped_rexmit_lan_commands, 380 381 /* This *must* remain last, add new values above this. */ 382 IPMI_NUM_STATS 383 }; 384 385 386 #define IPMI_IPMB_NUM_SEQ 64 387 struct ipmi_smi { 388 /* What interface number are we? */ 389 int intf_num; 390 391 struct kref refcount; 392 393 /* Set when the interface is being unregistered. */ 394 bool in_shutdown; 395 396 /* Used for a list of interfaces. */ 397 struct list_head link; 398 399 /* 400 * The list of upper layers that are using me. seq_lock 401 * protects this. 402 */ 403 struct list_head users; 404 405 /* Used for wake ups at startup. */ 406 wait_queue_head_t waitq; 407 408 /* 409 * Prevents the interface from being unregistered when the 410 * interface is used by being looked up through the BMC 411 * structure. 412 */ 413 struct mutex bmc_reg_mutex; 414 415 struct bmc_device tmp_bmc; 416 struct bmc_device *bmc; 417 bool bmc_registered; 418 struct list_head bmc_link; 419 char *my_dev_name; 420 bool in_bmc_register; /* Handle recursive situations. Yuck. */ 421 struct work_struct bmc_reg_work; 422 423 /* 424 * This is the lower-layer's sender routine. Note that you 425 * must either be holding the ipmi_interfaces_mutex or be in 426 * an umpreemptible region to use this. You must fetch the 427 * value into a local variable and make sure it is not NULL. 428 */ 429 const struct ipmi_smi_handlers *handlers; 430 void *send_info; 431 432 #ifdef CONFIG_IPMI_PROC_INTERFACE 433 /* A list of proc entries for this interface. */ 434 struct mutex proc_entry_lock; 435 struct ipmi_proc_entry *proc_entries; 436 437 struct proc_dir_entry *proc_dir; 438 char proc_dir_name[10]; 439 #endif 440 441 /* Driver-model device for the system interface. */ 442 struct device *si_dev; 443 444 /* 445 * A table of sequence numbers for this interface. We use the 446 * sequence numbers for IPMB messages that go out of the 447 * interface to match them up with their responses. A routine 448 * is called periodically to time the items in this list. 449 */ 450 spinlock_t seq_lock; 451 struct seq_table seq_table[IPMI_IPMB_NUM_SEQ]; 452 int curr_seq; 453 454 /* 455 * Messages queued for delivery. If delivery fails (out of memory 456 * for instance), They will stay in here to be processed later in a 457 * periodic timer interrupt. The tasklet is for handling received 458 * messages directly from the handler. 459 */ 460 spinlock_t waiting_rcv_msgs_lock; 461 struct list_head waiting_rcv_msgs; 462 atomic_t watchdog_pretimeouts_to_deliver; 463 struct tasklet_struct recv_tasklet; 464 465 spinlock_t xmit_msgs_lock; 466 struct list_head xmit_msgs; 467 struct ipmi_smi_msg *curr_msg; 468 struct list_head hp_xmit_msgs; 469 470 /* 471 * The list of command receivers that are registered for commands 472 * on this interface. 473 */ 474 struct mutex cmd_rcvrs_mutex; 475 struct list_head cmd_rcvrs; 476 477 /* 478 * Events that were queues because no one was there to receive 479 * them. 480 */ 481 spinlock_t events_lock; /* For dealing with event stuff. */ 482 struct list_head waiting_events; 483 unsigned int waiting_events_count; /* How many events in queue? */ 484 char delivering_events; 485 char event_msg_printed; 486 atomic_t event_waiters; 487 unsigned int ticks_to_req_ev; 488 int last_needs_timer; 489 490 /* 491 * The event receiver for my BMC, only really used at panic 492 * shutdown as a place to store this. 493 */ 494 unsigned char event_receiver; 495 unsigned char event_receiver_lun; 496 unsigned char local_sel_device; 497 unsigned char local_event_generator; 498 499 /* For handling of maintenance mode. */ 500 int maintenance_mode; 501 bool maintenance_mode_enable; 502 int auto_maintenance_timeout; 503 spinlock_t maintenance_mode_lock; /* Used in a timer... */ 504 505 /* 506 * A cheap hack, if this is non-null and a message to an 507 * interface comes in with a NULL user, call this routine with 508 * it. Note that the message will still be freed by the 509 * caller. This only works on the system interface. 510 * 511 * Protected by bmc_reg_mutex. 512 */ 513 void (*null_user_handler)(ipmi_smi_t intf, struct ipmi_recv_msg *msg); 514 515 /* 516 * When we are scanning the channels for an SMI, this will 517 * tell which channel we are scanning. 518 */ 519 int curr_channel; 520 521 /* Channel information */ 522 struct ipmi_channel_set *channel_list; 523 unsigned int curr_working_cset; /* First index into the following. */ 524 struct ipmi_channel_set wchannels[2]; 525 struct ipmi_my_addrinfo addrinfo[IPMI_MAX_CHANNELS]; 526 bool channels_ready; 527 528 atomic_t stats[IPMI_NUM_STATS]; 529 530 /* 531 * run_to_completion duplicate of smb_info, smi_info 532 * and ipmi_serial_info structures. Used to decrease numbers of 533 * parameters passed by "low" level IPMI code. 534 */ 535 int run_to_completion; 536 }; 537 #define to_si_intf_from_dev(device) container_of(device, struct ipmi_smi, dev) 538 539 static void __get_guid(ipmi_smi_t intf); 540 static void __ipmi_bmc_unregister(ipmi_smi_t intf); 541 static int __ipmi_bmc_register(ipmi_smi_t intf, 542 struct ipmi_device_id *id, 543 bool guid_set, guid_t *guid, int intf_num); 544 static int __scan_channels(ipmi_smi_t intf, struct ipmi_device_id *id); 545 546 547 /** 548 * The driver model view of the IPMI messaging driver. 549 */ 550 static struct platform_driver ipmidriver = { 551 .driver = { 552 .name = "ipmi", 553 .bus = &platform_bus_type 554 } 555 }; 556 /* 557 * This mutex keeps us from adding the same BMC twice. 558 */ 559 static DEFINE_MUTEX(ipmidriver_mutex); 560 561 static LIST_HEAD(ipmi_interfaces); 562 static DEFINE_MUTEX(ipmi_interfaces_mutex); 563 564 /* 565 * List of watchers that want to know when smi's are added and deleted. 566 */ 567 static LIST_HEAD(smi_watchers); 568 static DEFINE_MUTEX(smi_watchers_mutex); 569 570 #define ipmi_inc_stat(intf, stat) \ 571 atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat]) 572 #define ipmi_get_stat(intf, stat) \ 573 ((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat])) 574 575 static const char * const addr_src_to_str[] = { 576 "invalid", "hotmod", "hardcoded", "SPMI", "ACPI", "SMBIOS", "PCI", 577 "device-tree", "platform" 578 }; 579 580 const char *ipmi_addr_src_to_str(enum ipmi_addr_src src) 581 { 582 if (src >= SI_LAST) 583 src = 0; /* Invalid */ 584 return addr_src_to_str[src]; 585 } 586 EXPORT_SYMBOL(ipmi_addr_src_to_str); 587 588 static int is_lan_addr(struct ipmi_addr *addr) 589 { 590 return addr->addr_type == IPMI_LAN_ADDR_TYPE; 591 } 592 593 static int is_ipmb_addr(struct ipmi_addr *addr) 594 { 595 return addr->addr_type == IPMI_IPMB_ADDR_TYPE; 596 } 597 598 static int is_ipmb_bcast_addr(struct ipmi_addr *addr) 599 { 600 return addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE; 601 } 602 603 static void free_recv_msg_list(struct list_head *q) 604 { 605 struct ipmi_recv_msg *msg, *msg2; 606 607 list_for_each_entry_safe(msg, msg2, q, link) { 608 list_del(&msg->link); 609 ipmi_free_recv_msg(msg); 610 } 611 } 612 613 static void free_smi_msg_list(struct list_head *q) 614 { 615 struct ipmi_smi_msg *msg, *msg2; 616 617 list_for_each_entry_safe(msg, msg2, q, link) { 618 list_del(&msg->link); 619 ipmi_free_smi_msg(msg); 620 } 621 } 622 623 static void clean_up_interface_data(ipmi_smi_t intf) 624 { 625 int i; 626 struct cmd_rcvr *rcvr, *rcvr2; 627 struct list_head list; 628 629 tasklet_kill(&intf->recv_tasklet); 630 631 free_smi_msg_list(&intf->waiting_rcv_msgs); 632 free_recv_msg_list(&intf->waiting_events); 633 634 /* 635 * Wholesale remove all the entries from the list in the 636 * interface and wait for RCU to know that none are in use. 637 */ 638 mutex_lock(&intf->cmd_rcvrs_mutex); 639 INIT_LIST_HEAD(&list); 640 list_splice_init_rcu(&intf->cmd_rcvrs, &list, synchronize_rcu); 641 mutex_unlock(&intf->cmd_rcvrs_mutex); 642 643 list_for_each_entry_safe(rcvr, rcvr2, &list, link) 644 kfree(rcvr); 645 646 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) { 647 if ((intf->seq_table[i].inuse) 648 && (intf->seq_table[i].recv_msg)) 649 ipmi_free_recv_msg(intf->seq_table[i].recv_msg); 650 } 651 } 652 653 static void intf_free(struct kref *ref) 654 { 655 ipmi_smi_t intf = container_of(ref, struct ipmi_smi, refcount); 656 657 clean_up_interface_data(intf); 658 kfree(intf); 659 } 660 661 struct watcher_entry { 662 int intf_num; 663 ipmi_smi_t intf; 664 struct list_head link; 665 }; 666 667 int ipmi_smi_watcher_register(struct ipmi_smi_watcher *watcher) 668 { 669 ipmi_smi_t intf; 670 LIST_HEAD(to_deliver); 671 struct watcher_entry *e, *e2; 672 673 mutex_lock(&smi_watchers_mutex); 674 675 mutex_lock(&ipmi_interfaces_mutex); 676 677 /* Build a list of things to deliver. */ 678 list_for_each_entry(intf, &ipmi_interfaces, link) { 679 if (intf->intf_num == -1) 680 continue; 681 e = kmalloc(sizeof(*e), GFP_KERNEL); 682 if (!e) 683 goto out_err; 684 kref_get(&intf->refcount); 685 e->intf = intf; 686 e->intf_num = intf->intf_num; 687 list_add_tail(&e->link, &to_deliver); 688 } 689 690 /* We will succeed, so add it to the list. */ 691 list_add(&watcher->link, &smi_watchers); 692 693 mutex_unlock(&ipmi_interfaces_mutex); 694 695 list_for_each_entry_safe(e, e2, &to_deliver, link) { 696 list_del(&e->link); 697 watcher->new_smi(e->intf_num, e->intf->si_dev); 698 kref_put(&e->intf->refcount, intf_free); 699 kfree(e); 700 } 701 702 mutex_unlock(&smi_watchers_mutex); 703 704 return 0; 705 706 out_err: 707 mutex_unlock(&ipmi_interfaces_mutex); 708 mutex_unlock(&smi_watchers_mutex); 709 list_for_each_entry_safe(e, e2, &to_deliver, link) { 710 list_del(&e->link); 711 kref_put(&e->intf->refcount, intf_free); 712 kfree(e); 713 } 714 return -ENOMEM; 715 } 716 EXPORT_SYMBOL(ipmi_smi_watcher_register); 717 718 int ipmi_smi_watcher_unregister(struct ipmi_smi_watcher *watcher) 719 { 720 mutex_lock(&smi_watchers_mutex); 721 list_del(&(watcher->link)); 722 mutex_unlock(&smi_watchers_mutex); 723 return 0; 724 } 725 EXPORT_SYMBOL(ipmi_smi_watcher_unregister); 726 727 /* 728 * Must be called with smi_watchers_mutex held. 729 */ 730 static void 731 call_smi_watchers(int i, struct device *dev) 732 { 733 struct ipmi_smi_watcher *w; 734 735 list_for_each_entry(w, &smi_watchers, link) { 736 if (try_module_get(w->owner)) { 737 w->new_smi(i, dev); 738 module_put(w->owner); 739 } 740 } 741 } 742 743 static int 744 ipmi_addr_equal(struct ipmi_addr *addr1, struct ipmi_addr *addr2) 745 { 746 if (addr1->addr_type != addr2->addr_type) 747 return 0; 748 749 if (addr1->channel != addr2->channel) 750 return 0; 751 752 if (addr1->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) { 753 struct ipmi_system_interface_addr *smi_addr1 754 = (struct ipmi_system_interface_addr *) addr1; 755 struct ipmi_system_interface_addr *smi_addr2 756 = (struct ipmi_system_interface_addr *) addr2; 757 return (smi_addr1->lun == smi_addr2->lun); 758 } 759 760 if (is_ipmb_addr(addr1) || is_ipmb_bcast_addr(addr1)) { 761 struct ipmi_ipmb_addr *ipmb_addr1 762 = (struct ipmi_ipmb_addr *) addr1; 763 struct ipmi_ipmb_addr *ipmb_addr2 764 = (struct ipmi_ipmb_addr *) addr2; 765 766 return ((ipmb_addr1->slave_addr == ipmb_addr2->slave_addr) 767 && (ipmb_addr1->lun == ipmb_addr2->lun)); 768 } 769 770 if (is_lan_addr(addr1)) { 771 struct ipmi_lan_addr *lan_addr1 772 = (struct ipmi_lan_addr *) addr1; 773 struct ipmi_lan_addr *lan_addr2 774 = (struct ipmi_lan_addr *) addr2; 775 776 return ((lan_addr1->remote_SWID == lan_addr2->remote_SWID) 777 && (lan_addr1->local_SWID == lan_addr2->local_SWID) 778 && (lan_addr1->session_handle 779 == lan_addr2->session_handle) 780 && (lan_addr1->lun == lan_addr2->lun)); 781 } 782 783 return 1; 784 } 785 786 int ipmi_validate_addr(struct ipmi_addr *addr, int len) 787 { 788 if (len < sizeof(struct ipmi_system_interface_addr)) 789 return -EINVAL; 790 791 if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) { 792 if (addr->channel != IPMI_BMC_CHANNEL) 793 return -EINVAL; 794 return 0; 795 } 796 797 if ((addr->channel == IPMI_BMC_CHANNEL) 798 || (addr->channel >= IPMI_MAX_CHANNELS) 799 || (addr->channel < 0)) 800 return -EINVAL; 801 802 if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) { 803 if (len < sizeof(struct ipmi_ipmb_addr)) 804 return -EINVAL; 805 return 0; 806 } 807 808 if (is_lan_addr(addr)) { 809 if (len < sizeof(struct ipmi_lan_addr)) 810 return -EINVAL; 811 return 0; 812 } 813 814 return -EINVAL; 815 } 816 EXPORT_SYMBOL(ipmi_validate_addr); 817 818 unsigned int ipmi_addr_length(int addr_type) 819 { 820 if (addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 821 return sizeof(struct ipmi_system_interface_addr); 822 823 if ((addr_type == IPMI_IPMB_ADDR_TYPE) 824 || (addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)) 825 return sizeof(struct ipmi_ipmb_addr); 826 827 if (addr_type == IPMI_LAN_ADDR_TYPE) 828 return sizeof(struct ipmi_lan_addr); 829 830 return 0; 831 } 832 EXPORT_SYMBOL(ipmi_addr_length); 833 834 static void deliver_response(struct ipmi_recv_msg *msg) 835 { 836 if (!msg->user) { 837 ipmi_smi_t intf = msg->user_msg_data; 838 839 /* Special handling for NULL users. */ 840 if (intf->null_user_handler) { 841 intf->null_user_handler(intf, msg); 842 ipmi_inc_stat(intf, handled_local_responses); 843 } else { 844 /* No handler, so give up. */ 845 ipmi_inc_stat(intf, unhandled_local_responses); 846 } 847 ipmi_free_recv_msg(msg); 848 } else if (!oops_in_progress) { 849 /* 850 * If we are running in the panic context, calling the 851 * receive handler doesn't much meaning and has a deadlock 852 * risk. At this moment, simply skip it in that case. 853 */ 854 855 ipmi_user_t user = msg->user; 856 user->handler->ipmi_recv_hndl(msg, user->handler_data); 857 } 858 } 859 860 static void 861 deliver_err_response(struct ipmi_recv_msg *msg, int err) 862 { 863 msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 864 msg->msg_data[0] = err; 865 msg->msg.netfn |= 1; /* Convert to a response. */ 866 msg->msg.data_len = 1; 867 msg->msg.data = msg->msg_data; 868 deliver_response(msg); 869 } 870 871 /* 872 * Find the next sequence number not being used and add the given 873 * message with the given timeout to the sequence table. This must be 874 * called with the interface's seq_lock held. 875 */ 876 static int intf_next_seq(ipmi_smi_t intf, 877 struct ipmi_recv_msg *recv_msg, 878 unsigned long timeout, 879 int retries, 880 int broadcast, 881 unsigned char *seq, 882 long *seqid) 883 { 884 int rv = 0; 885 unsigned int i; 886 887 for (i = intf->curr_seq; (i+1)%IPMI_IPMB_NUM_SEQ != intf->curr_seq; 888 i = (i+1)%IPMI_IPMB_NUM_SEQ) { 889 if (!intf->seq_table[i].inuse) 890 break; 891 } 892 893 if (!intf->seq_table[i].inuse) { 894 intf->seq_table[i].recv_msg = recv_msg; 895 896 /* 897 * Start with the maximum timeout, when the send response 898 * comes in we will start the real timer. 899 */ 900 intf->seq_table[i].timeout = MAX_MSG_TIMEOUT; 901 intf->seq_table[i].orig_timeout = timeout; 902 intf->seq_table[i].retries_left = retries; 903 intf->seq_table[i].broadcast = broadcast; 904 intf->seq_table[i].inuse = 1; 905 intf->seq_table[i].seqid = NEXT_SEQID(intf->seq_table[i].seqid); 906 *seq = i; 907 *seqid = intf->seq_table[i].seqid; 908 intf->curr_seq = (i+1)%IPMI_IPMB_NUM_SEQ; 909 need_waiter(intf); 910 } else { 911 rv = -EAGAIN; 912 } 913 914 return rv; 915 } 916 917 /* 918 * Return the receive message for the given sequence number and 919 * release the sequence number so it can be reused. Some other data 920 * is passed in to be sure the message matches up correctly (to help 921 * guard against message coming in after their timeout and the 922 * sequence number being reused). 923 */ 924 static int intf_find_seq(ipmi_smi_t intf, 925 unsigned char seq, 926 short channel, 927 unsigned char cmd, 928 unsigned char netfn, 929 struct ipmi_addr *addr, 930 struct ipmi_recv_msg **recv_msg) 931 { 932 int rv = -ENODEV; 933 unsigned long flags; 934 935 if (seq >= IPMI_IPMB_NUM_SEQ) 936 return -EINVAL; 937 938 spin_lock_irqsave(&(intf->seq_lock), flags); 939 if (intf->seq_table[seq].inuse) { 940 struct ipmi_recv_msg *msg = intf->seq_table[seq].recv_msg; 941 942 if ((msg->addr.channel == channel) && (msg->msg.cmd == cmd) 943 && (msg->msg.netfn == netfn) 944 && (ipmi_addr_equal(addr, &(msg->addr)))) { 945 *recv_msg = msg; 946 intf->seq_table[seq].inuse = 0; 947 rv = 0; 948 } 949 } 950 spin_unlock_irqrestore(&(intf->seq_lock), flags); 951 952 return rv; 953 } 954 955 956 /* Start the timer for a specific sequence table entry. */ 957 static int intf_start_seq_timer(ipmi_smi_t intf, 958 long msgid) 959 { 960 int rv = -ENODEV; 961 unsigned long flags; 962 unsigned char seq; 963 unsigned long seqid; 964 965 966 GET_SEQ_FROM_MSGID(msgid, seq, seqid); 967 968 spin_lock_irqsave(&(intf->seq_lock), flags); 969 /* 970 * We do this verification because the user can be deleted 971 * while a message is outstanding. 972 */ 973 if ((intf->seq_table[seq].inuse) 974 && (intf->seq_table[seq].seqid == seqid)) { 975 struct seq_table *ent = &(intf->seq_table[seq]); 976 ent->timeout = ent->orig_timeout; 977 rv = 0; 978 } 979 spin_unlock_irqrestore(&(intf->seq_lock), flags); 980 981 return rv; 982 } 983 984 /* Got an error for the send message for a specific sequence number. */ 985 static int intf_err_seq(ipmi_smi_t intf, 986 long msgid, 987 unsigned int err) 988 { 989 int rv = -ENODEV; 990 unsigned long flags; 991 unsigned char seq; 992 unsigned long seqid; 993 struct ipmi_recv_msg *msg = NULL; 994 995 996 GET_SEQ_FROM_MSGID(msgid, seq, seqid); 997 998 spin_lock_irqsave(&(intf->seq_lock), flags); 999 /* 1000 * We do this verification because the user can be deleted 1001 * while a message is outstanding. 1002 */ 1003 if ((intf->seq_table[seq].inuse) 1004 && (intf->seq_table[seq].seqid == seqid)) { 1005 struct seq_table *ent = &(intf->seq_table[seq]); 1006 1007 ent->inuse = 0; 1008 msg = ent->recv_msg; 1009 rv = 0; 1010 } 1011 spin_unlock_irqrestore(&(intf->seq_lock), flags); 1012 1013 if (msg) 1014 deliver_err_response(msg, err); 1015 1016 return rv; 1017 } 1018 1019 1020 int ipmi_create_user(unsigned int if_num, 1021 const struct ipmi_user_hndl *handler, 1022 void *handler_data, 1023 ipmi_user_t *user) 1024 { 1025 unsigned long flags; 1026 ipmi_user_t new_user; 1027 int rv = 0; 1028 ipmi_smi_t intf; 1029 1030 /* 1031 * There is no module usecount here, because it's not 1032 * required. Since this can only be used by and called from 1033 * other modules, they will implicitly use this module, and 1034 * thus this can't be removed unless the other modules are 1035 * removed. 1036 */ 1037 1038 if (handler == NULL) 1039 return -EINVAL; 1040 1041 /* 1042 * Make sure the driver is actually initialized, this handles 1043 * problems with initialization order. 1044 */ 1045 if (!initialized) { 1046 rv = ipmi_init_msghandler(); 1047 if (rv) 1048 return rv; 1049 1050 /* 1051 * The init code doesn't return an error if it was turned 1052 * off, but it won't initialize. Check that. 1053 */ 1054 if (!initialized) 1055 return -ENODEV; 1056 } 1057 1058 new_user = kmalloc(sizeof(*new_user), GFP_KERNEL); 1059 if (!new_user) 1060 return -ENOMEM; 1061 1062 mutex_lock(&ipmi_interfaces_mutex); 1063 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 1064 if (intf->intf_num == if_num) 1065 goto found; 1066 } 1067 /* Not found, return an error */ 1068 rv = -EINVAL; 1069 goto out_kfree; 1070 1071 found: 1072 /* Note that each existing user holds a refcount to the interface. */ 1073 kref_get(&intf->refcount); 1074 1075 kref_init(&new_user->refcount); 1076 new_user->handler = handler; 1077 new_user->handler_data = handler_data; 1078 new_user->intf = intf; 1079 new_user->gets_events = false; 1080 1081 if (!try_module_get(intf->handlers->owner)) { 1082 rv = -ENODEV; 1083 goto out_kref; 1084 } 1085 1086 if (intf->handlers->inc_usecount) { 1087 rv = intf->handlers->inc_usecount(intf->send_info); 1088 if (rv) { 1089 module_put(intf->handlers->owner); 1090 goto out_kref; 1091 } 1092 } 1093 1094 /* 1095 * Hold the lock so intf->handlers is guaranteed to be good 1096 * until now 1097 */ 1098 mutex_unlock(&ipmi_interfaces_mutex); 1099 1100 new_user->valid = true; 1101 spin_lock_irqsave(&intf->seq_lock, flags); 1102 list_add_rcu(&new_user->link, &intf->users); 1103 spin_unlock_irqrestore(&intf->seq_lock, flags); 1104 if (handler->ipmi_watchdog_pretimeout) { 1105 /* User wants pretimeouts, so make sure to watch for them. */ 1106 if (atomic_inc_return(&intf->event_waiters) == 1) 1107 need_waiter(intf); 1108 } 1109 *user = new_user; 1110 return 0; 1111 1112 out_kref: 1113 kref_put(&intf->refcount, intf_free); 1114 out_kfree: 1115 mutex_unlock(&ipmi_interfaces_mutex); 1116 kfree(new_user); 1117 return rv; 1118 } 1119 EXPORT_SYMBOL(ipmi_create_user); 1120 1121 int ipmi_get_smi_info(int if_num, struct ipmi_smi_info *data) 1122 { 1123 int rv = 0; 1124 ipmi_smi_t intf; 1125 const struct ipmi_smi_handlers *handlers; 1126 1127 mutex_lock(&ipmi_interfaces_mutex); 1128 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 1129 if (intf->intf_num == if_num) 1130 goto found; 1131 } 1132 /* Not found, return an error */ 1133 rv = -EINVAL; 1134 mutex_unlock(&ipmi_interfaces_mutex); 1135 return rv; 1136 1137 found: 1138 handlers = intf->handlers; 1139 rv = -ENOSYS; 1140 if (handlers->get_smi_info) 1141 rv = handlers->get_smi_info(intf->send_info, data); 1142 mutex_unlock(&ipmi_interfaces_mutex); 1143 1144 return rv; 1145 } 1146 EXPORT_SYMBOL(ipmi_get_smi_info); 1147 1148 static void free_user(struct kref *ref) 1149 { 1150 ipmi_user_t user = container_of(ref, struct ipmi_user, refcount); 1151 kfree(user); 1152 } 1153 1154 int ipmi_destroy_user(ipmi_user_t user) 1155 { 1156 ipmi_smi_t intf = user->intf; 1157 int i; 1158 unsigned long flags; 1159 struct cmd_rcvr *rcvr; 1160 struct cmd_rcvr *rcvrs = NULL; 1161 1162 user->valid = false; 1163 1164 if (user->handler->ipmi_watchdog_pretimeout) 1165 atomic_dec(&intf->event_waiters); 1166 1167 if (user->gets_events) 1168 atomic_dec(&intf->event_waiters); 1169 1170 /* Remove the user from the interface's sequence table. */ 1171 spin_lock_irqsave(&intf->seq_lock, flags); 1172 list_del_rcu(&user->link); 1173 1174 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) { 1175 if (intf->seq_table[i].inuse 1176 && (intf->seq_table[i].recv_msg->user == user)) { 1177 intf->seq_table[i].inuse = 0; 1178 ipmi_free_recv_msg(intf->seq_table[i].recv_msg); 1179 } 1180 } 1181 spin_unlock_irqrestore(&intf->seq_lock, flags); 1182 1183 /* 1184 * Remove the user from the command receiver's table. First 1185 * we build a list of everything (not using the standard link, 1186 * since other things may be using it till we do 1187 * synchronize_rcu()) then free everything in that list. 1188 */ 1189 mutex_lock(&intf->cmd_rcvrs_mutex); 1190 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) { 1191 if (rcvr->user == user) { 1192 list_del_rcu(&rcvr->link); 1193 rcvr->next = rcvrs; 1194 rcvrs = rcvr; 1195 } 1196 } 1197 mutex_unlock(&intf->cmd_rcvrs_mutex); 1198 synchronize_rcu(); 1199 while (rcvrs) { 1200 rcvr = rcvrs; 1201 rcvrs = rcvr->next; 1202 kfree(rcvr); 1203 } 1204 1205 mutex_lock(&ipmi_interfaces_mutex); 1206 if (intf->handlers) { 1207 module_put(intf->handlers->owner); 1208 if (intf->handlers->dec_usecount) 1209 intf->handlers->dec_usecount(intf->send_info); 1210 } 1211 mutex_unlock(&ipmi_interfaces_mutex); 1212 1213 kref_put(&intf->refcount, intf_free); 1214 1215 kref_put(&user->refcount, free_user); 1216 1217 return 0; 1218 } 1219 EXPORT_SYMBOL(ipmi_destroy_user); 1220 1221 int ipmi_get_version(ipmi_user_t user, 1222 unsigned char *major, 1223 unsigned char *minor) 1224 { 1225 struct ipmi_device_id id; 1226 int rv; 1227 1228 rv = bmc_get_device_id(user->intf, NULL, &id, NULL, NULL); 1229 if (rv) 1230 return rv; 1231 1232 *major = ipmi_version_major(&id); 1233 *minor = ipmi_version_minor(&id); 1234 1235 return 0; 1236 } 1237 EXPORT_SYMBOL(ipmi_get_version); 1238 1239 int ipmi_set_my_address(ipmi_user_t user, 1240 unsigned int channel, 1241 unsigned char address) 1242 { 1243 if (channel >= IPMI_MAX_CHANNELS) 1244 return -EINVAL; 1245 user->intf->addrinfo[channel].address = address; 1246 return 0; 1247 } 1248 EXPORT_SYMBOL(ipmi_set_my_address); 1249 1250 int ipmi_get_my_address(ipmi_user_t user, 1251 unsigned int channel, 1252 unsigned char *address) 1253 { 1254 if (channel >= IPMI_MAX_CHANNELS) 1255 return -EINVAL; 1256 *address = user->intf->addrinfo[channel].address; 1257 return 0; 1258 } 1259 EXPORT_SYMBOL(ipmi_get_my_address); 1260 1261 int ipmi_set_my_LUN(ipmi_user_t user, 1262 unsigned int channel, 1263 unsigned char LUN) 1264 { 1265 if (channel >= IPMI_MAX_CHANNELS) 1266 return -EINVAL; 1267 user->intf->addrinfo[channel].lun = LUN & 0x3; 1268 return 0; 1269 } 1270 EXPORT_SYMBOL(ipmi_set_my_LUN); 1271 1272 int ipmi_get_my_LUN(ipmi_user_t user, 1273 unsigned int channel, 1274 unsigned char *address) 1275 { 1276 if (channel >= IPMI_MAX_CHANNELS) 1277 return -EINVAL; 1278 *address = user->intf->addrinfo[channel].lun; 1279 return 0; 1280 } 1281 EXPORT_SYMBOL(ipmi_get_my_LUN); 1282 1283 int ipmi_get_maintenance_mode(ipmi_user_t user) 1284 { 1285 int mode; 1286 unsigned long flags; 1287 1288 spin_lock_irqsave(&user->intf->maintenance_mode_lock, flags); 1289 mode = user->intf->maintenance_mode; 1290 spin_unlock_irqrestore(&user->intf->maintenance_mode_lock, flags); 1291 1292 return mode; 1293 } 1294 EXPORT_SYMBOL(ipmi_get_maintenance_mode); 1295 1296 static void maintenance_mode_update(ipmi_smi_t intf) 1297 { 1298 if (intf->handlers->set_maintenance_mode) 1299 intf->handlers->set_maintenance_mode( 1300 intf->send_info, intf->maintenance_mode_enable); 1301 } 1302 1303 int ipmi_set_maintenance_mode(ipmi_user_t user, int mode) 1304 { 1305 int rv = 0; 1306 unsigned long flags; 1307 ipmi_smi_t intf = user->intf; 1308 1309 spin_lock_irqsave(&intf->maintenance_mode_lock, flags); 1310 if (intf->maintenance_mode != mode) { 1311 switch (mode) { 1312 case IPMI_MAINTENANCE_MODE_AUTO: 1313 intf->maintenance_mode_enable 1314 = (intf->auto_maintenance_timeout > 0); 1315 break; 1316 1317 case IPMI_MAINTENANCE_MODE_OFF: 1318 intf->maintenance_mode_enable = false; 1319 break; 1320 1321 case IPMI_MAINTENANCE_MODE_ON: 1322 intf->maintenance_mode_enable = true; 1323 break; 1324 1325 default: 1326 rv = -EINVAL; 1327 goto out_unlock; 1328 } 1329 intf->maintenance_mode = mode; 1330 1331 maintenance_mode_update(intf); 1332 } 1333 out_unlock: 1334 spin_unlock_irqrestore(&intf->maintenance_mode_lock, flags); 1335 1336 return rv; 1337 } 1338 EXPORT_SYMBOL(ipmi_set_maintenance_mode); 1339 1340 int ipmi_set_gets_events(ipmi_user_t user, bool val) 1341 { 1342 unsigned long flags; 1343 ipmi_smi_t intf = user->intf; 1344 struct ipmi_recv_msg *msg, *msg2; 1345 struct list_head msgs; 1346 1347 INIT_LIST_HEAD(&msgs); 1348 1349 spin_lock_irqsave(&intf->events_lock, flags); 1350 if (user->gets_events == val) 1351 goto out; 1352 1353 user->gets_events = val; 1354 1355 if (val) { 1356 if (atomic_inc_return(&intf->event_waiters) == 1) 1357 need_waiter(intf); 1358 } else { 1359 atomic_dec(&intf->event_waiters); 1360 } 1361 1362 if (intf->delivering_events) 1363 /* 1364 * Another thread is delivering events for this, so 1365 * let it handle any new events. 1366 */ 1367 goto out; 1368 1369 /* Deliver any queued events. */ 1370 while (user->gets_events && !list_empty(&intf->waiting_events)) { 1371 list_for_each_entry_safe(msg, msg2, &intf->waiting_events, link) 1372 list_move_tail(&msg->link, &msgs); 1373 intf->waiting_events_count = 0; 1374 if (intf->event_msg_printed) { 1375 dev_warn(intf->si_dev, 1376 PFX "Event queue no longer full\n"); 1377 intf->event_msg_printed = 0; 1378 } 1379 1380 intf->delivering_events = 1; 1381 spin_unlock_irqrestore(&intf->events_lock, flags); 1382 1383 list_for_each_entry_safe(msg, msg2, &msgs, link) { 1384 msg->user = user; 1385 kref_get(&user->refcount); 1386 deliver_response(msg); 1387 } 1388 1389 spin_lock_irqsave(&intf->events_lock, flags); 1390 intf->delivering_events = 0; 1391 } 1392 1393 out: 1394 spin_unlock_irqrestore(&intf->events_lock, flags); 1395 1396 return 0; 1397 } 1398 EXPORT_SYMBOL(ipmi_set_gets_events); 1399 1400 static struct cmd_rcvr *find_cmd_rcvr(ipmi_smi_t intf, 1401 unsigned char netfn, 1402 unsigned char cmd, 1403 unsigned char chan) 1404 { 1405 struct cmd_rcvr *rcvr; 1406 1407 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) { 1408 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd) 1409 && (rcvr->chans & (1 << chan))) 1410 return rcvr; 1411 } 1412 return NULL; 1413 } 1414 1415 static int is_cmd_rcvr_exclusive(ipmi_smi_t intf, 1416 unsigned char netfn, 1417 unsigned char cmd, 1418 unsigned int chans) 1419 { 1420 struct cmd_rcvr *rcvr; 1421 1422 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) { 1423 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd) 1424 && (rcvr->chans & chans)) 1425 return 0; 1426 } 1427 return 1; 1428 } 1429 1430 int ipmi_register_for_cmd(ipmi_user_t user, 1431 unsigned char netfn, 1432 unsigned char cmd, 1433 unsigned int chans) 1434 { 1435 ipmi_smi_t intf = user->intf; 1436 struct cmd_rcvr *rcvr; 1437 int rv = 0; 1438 1439 1440 rcvr = kmalloc(sizeof(*rcvr), GFP_KERNEL); 1441 if (!rcvr) 1442 return -ENOMEM; 1443 rcvr->cmd = cmd; 1444 rcvr->netfn = netfn; 1445 rcvr->chans = chans; 1446 rcvr->user = user; 1447 1448 mutex_lock(&intf->cmd_rcvrs_mutex); 1449 /* Make sure the command/netfn is not already registered. */ 1450 if (!is_cmd_rcvr_exclusive(intf, netfn, cmd, chans)) { 1451 rv = -EBUSY; 1452 goto out_unlock; 1453 } 1454 1455 if (atomic_inc_return(&intf->event_waiters) == 1) 1456 need_waiter(intf); 1457 1458 list_add_rcu(&rcvr->link, &intf->cmd_rcvrs); 1459 1460 out_unlock: 1461 mutex_unlock(&intf->cmd_rcvrs_mutex); 1462 if (rv) 1463 kfree(rcvr); 1464 1465 return rv; 1466 } 1467 EXPORT_SYMBOL(ipmi_register_for_cmd); 1468 1469 int ipmi_unregister_for_cmd(ipmi_user_t user, 1470 unsigned char netfn, 1471 unsigned char cmd, 1472 unsigned int chans) 1473 { 1474 ipmi_smi_t intf = user->intf; 1475 struct cmd_rcvr *rcvr; 1476 struct cmd_rcvr *rcvrs = NULL; 1477 int i, rv = -ENOENT; 1478 1479 mutex_lock(&intf->cmd_rcvrs_mutex); 1480 for (i = 0; i < IPMI_NUM_CHANNELS; i++) { 1481 if (((1 << i) & chans) == 0) 1482 continue; 1483 rcvr = find_cmd_rcvr(intf, netfn, cmd, i); 1484 if (rcvr == NULL) 1485 continue; 1486 if (rcvr->user == user) { 1487 rv = 0; 1488 rcvr->chans &= ~chans; 1489 if (rcvr->chans == 0) { 1490 list_del_rcu(&rcvr->link); 1491 rcvr->next = rcvrs; 1492 rcvrs = rcvr; 1493 } 1494 } 1495 } 1496 mutex_unlock(&intf->cmd_rcvrs_mutex); 1497 synchronize_rcu(); 1498 while (rcvrs) { 1499 atomic_dec(&intf->event_waiters); 1500 rcvr = rcvrs; 1501 rcvrs = rcvr->next; 1502 kfree(rcvr); 1503 } 1504 return rv; 1505 } 1506 EXPORT_SYMBOL(ipmi_unregister_for_cmd); 1507 1508 static unsigned char 1509 ipmb_checksum(unsigned char *data, int size) 1510 { 1511 unsigned char csum = 0; 1512 1513 for (; size > 0; size--, data++) 1514 csum += *data; 1515 1516 return -csum; 1517 } 1518 1519 static inline void format_ipmb_msg(struct ipmi_smi_msg *smi_msg, 1520 struct kernel_ipmi_msg *msg, 1521 struct ipmi_ipmb_addr *ipmb_addr, 1522 long msgid, 1523 unsigned char ipmb_seq, 1524 int broadcast, 1525 unsigned char source_address, 1526 unsigned char source_lun) 1527 { 1528 int i = broadcast; 1529 1530 /* Format the IPMB header data. */ 1531 smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2); 1532 smi_msg->data[1] = IPMI_SEND_MSG_CMD; 1533 smi_msg->data[2] = ipmb_addr->channel; 1534 if (broadcast) 1535 smi_msg->data[3] = 0; 1536 smi_msg->data[i+3] = ipmb_addr->slave_addr; 1537 smi_msg->data[i+4] = (msg->netfn << 2) | (ipmb_addr->lun & 0x3); 1538 smi_msg->data[i+5] = ipmb_checksum(&(smi_msg->data[i+3]), 2); 1539 smi_msg->data[i+6] = source_address; 1540 smi_msg->data[i+7] = (ipmb_seq << 2) | source_lun; 1541 smi_msg->data[i+8] = msg->cmd; 1542 1543 /* Now tack on the data to the message. */ 1544 if (msg->data_len > 0) 1545 memcpy(&(smi_msg->data[i+9]), msg->data, 1546 msg->data_len); 1547 smi_msg->data_size = msg->data_len + 9; 1548 1549 /* Now calculate the checksum and tack it on. */ 1550 smi_msg->data[i+smi_msg->data_size] 1551 = ipmb_checksum(&(smi_msg->data[i+6]), 1552 smi_msg->data_size-6); 1553 1554 /* 1555 * Add on the checksum size and the offset from the 1556 * broadcast. 1557 */ 1558 smi_msg->data_size += 1 + i; 1559 1560 smi_msg->msgid = msgid; 1561 } 1562 1563 static inline void format_lan_msg(struct ipmi_smi_msg *smi_msg, 1564 struct kernel_ipmi_msg *msg, 1565 struct ipmi_lan_addr *lan_addr, 1566 long msgid, 1567 unsigned char ipmb_seq, 1568 unsigned char source_lun) 1569 { 1570 /* Format the IPMB header data. */ 1571 smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2); 1572 smi_msg->data[1] = IPMI_SEND_MSG_CMD; 1573 smi_msg->data[2] = lan_addr->channel; 1574 smi_msg->data[3] = lan_addr->session_handle; 1575 smi_msg->data[4] = lan_addr->remote_SWID; 1576 smi_msg->data[5] = (msg->netfn << 2) | (lan_addr->lun & 0x3); 1577 smi_msg->data[6] = ipmb_checksum(&(smi_msg->data[4]), 2); 1578 smi_msg->data[7] = lan_addr->local_SWID; 1579 smi_msg->data[8] = (ipmb_seq << 2) | source_lun; 1580 smi_msg->data[9] = msg->cmd; 1581 1582 /* Now tack on the data to the message. */ 1583 if (msg->data_len > 0) 1584 memcpy(&(smi_msg->data[10]), msg->data, 1585 msg->data_len); 1586 smi_msg->data_size = msg->data_len + 10; 1587 1588 /* Now calculate the checksum and tack it on. */ 1589 smi_msg->data[smi_msg->data_size] 1590 = ipmb_checksum(&(smi_msg->data[7]), 1591 smi_msg->data_size-7); 1592 1593 /* 1594 * Add on the checksum size and the offset from the 1595 * broadcast. 1596 */ 1597 smi_msg->data_size += 1; 1598 1599 smi_msg->msgid = msgid; 1600 } 1601 1602 static struct ipmi_smi_msg *smi_add_send_msg(ipmi_smi_t intf, 1603 struct ipmi_smi_msg *smi_msg, 1604 int priority) 1605 { 1606 if (intf->curr_msg) { 1607 if (priority > 0) 1608 list_add_tail(&smi_msg->link, &intf->hp_xmit_msgs); 1609 else 1610 list_add_tail(&smi_msg->link, &intf->xmit_msgs); 1611 smi_msg = NULL; 1612 } else { 1613 intf->curr_msg = smi_msg; 1614 } 1615 1616 return smi_msg; 1617 } 1618 1619 1620 static void smi_send(ipmi_smi_t intf, const struct ipmi_smi_handlers *handlers, 1621 struct ipmi_smi_msg *smi_msg, int priority) 1622 { 1623 int run_to_completion = intf->run_to_completion; 1624 1625 if (run_to_completion) { 1626 smi_msg = smi_add_send_msg(intf, smi_msg, priority); 1627 } else { 1628 unsigned long flags; 1629 1630 spin_lock_irqsave(&intf->xmit_msgs_lock, flags); 1631 smi_msg = smi_add_send_msg(intf, smi_msg, priority); 1632 spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags); 1633 } 1634 1635 if (smi_msg) 1636 handlers->sender(intf->send_info, smi_msg); 1637 } 1638 1639 /* 1640 * Separate from ipmi_request so that the user does not have to be 1641 * supplied in certain circumstances (mainly at panic time). If 1642 * messages are supplied, they will be freed, even if an error 1643 * occurs. 1644 */ 1645 static int i_ipmi_request(ipmi_user_t user, 1646 ipmi_smi_t intf, 1647 struct ipmi_addr *addr, 1648 long msgid, 1649 struct kernel_ipmi_msg *msg, 1650 void *user_msg_data, 1651 void *supplied_smi, 1652 struct ipmi_recv_msg *supplied_recv, 1653 int priority, 1654 unsigned char source_address, 1655 unsigned char source_lun, 1656 int retries, 1657 unsigned int retry_time_ms) 1658 { 1659 int rv = 0; 1660 struct ipmi_smi_msg *smi_msg; 1661 struct ipmi_recv_msg *recv_msg; 1662 unsigned long flags; 1663 1664 1665 if (supplied_recv) 1666 recv_msg = supplied_recv; 1667 else { 1668 recv_msg = ipmi_alloc_recv_msg(); 1669 if (recv_msg == NULL) 1670 return -ENOMEM; 1671 } 1672 recv_msg->user_msg_data = user_msg_data; 1673 1674 if (supplied_smi) 1675 smi_msg = (struct ipmi_smi_msg *) supplied_smi; 1676 else { 1677 smi_msg = ipmi_alloc_smi_msg(); 1678 if (smi_msg == NULL) { 1679 ipmi_free_recv_msg(recv_msg); 1680 return -ENOMEM; 1681 } 1682 } 1683 1684 rcu_read_lock(); 1685 if (intf->in_shutdown) { 1686 rv = -ENODEV; 1687 goto out_err; 1688 } 1689 1690 recv_msg->user = user; 1691 if (user) 1692 kref_get(&user->refcount); 1693 recv_msg->msgid = msgid; 1694 /* 1695 * Store the message to send in the receive message so timeout 1696 * responses can get the proper response data. 1697 */ 1698 recv_msg->msg = *msg; 1699 1700 if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) { 1701 struct ipmi_system_interface_addr *smi_addr; 1702 1703 if (msg->netfn & 1) { 1704 /* Responses are not allowed to the SMI. */ 1705 rv = -EINVAL; 1706 goto out_err; 1707 } 1708 1709 smi_addr = (struct ipmi_system_interface_addr *) addr; 1710 if (smi_addr->lun > 3) { 1711 ipmi_inc_stat(intf, sent_invalid_commands); 1712 rv = -EINVAL; 1713 goto out_err; 1714 } 1715 1716 memcpy(&recv_msg->addr, smi_addr, sizeof(*smi_addr)); 1717 1718 if ((msg->netfn == IPMI_NETFN_APP_REQUEST) 1719 && ((msg->cmd == IPMI_SEND_MSG_CMD) 1720 || (msg->cmd == IPMI_GET_MSG_CMD) 1721 || (msg->cmd == IPMI_READ_EVENT_MSG_BUFFER_CMD))) { 1722 /* 1723 * We don't let the user do these, since we manage 1724 * the sequence numbers. 1725 */ 1726 ipmi_inc_stat(intf, sent_invalid_commands); 1727 rv = -EINVAL; 1728 goto out_err; 1729 } 1730 1731 if (((msg->netfn == IPMI_NETFN_APP_REQUEST) 1732 && ((msg->cmd == IPMI_COLD_RESET_CMD) 1733 || (msg->cmd == IPMI_WARM_RESET_CMD))) 1734 || (msg->netfn == IPMI_NETFN_FIRMWARE_REQUEST)) { 1735 spin_lock_irqsave(&intf->maintenance_mode_lock, flags); 1736 intf->auto_maintenance_timeout 1737 = IPMI_MAINTENANCE_MODE_TIMEOUT; 1738 if (!intf->maintenance_mode 1739 && !intf->maintenance_mode_enable) { 1740 intf->maintenance_mode_enable = true; 1741 maintenance_mode_update(intf); 1742 } 1743 spin_unlock_irqrestore(&intf->maintenance_mode_lock, 1744 flags); 1745 } 1746 1747 if ((msg->data_len + 2) > IPMI_MAX_MSG_LENGTH) { 1748 ipmi_inc_stat(intf, sent_invalid_commands); 1749 rv = -EMSGSIZE; 1750 goto out_err; 1751 } 1752 1753 smi_msg->data[0] = (msg->netfn << 2) | (smi_addr->lun & 0x3); 1754 smi_msg->data[1] = msg->cmd; 1755 smi_msg->msgid = msgid; 1756 smi_msg->user_data = recv_msg; 1757 if (msg->data_len > 0) 1758 memcpy(&(smi_msg->data[2]), msg->data, msg->data_len); 1759 smi_msg->data_size = msg->data_len + 2; 1760 ipmi_inc_stat(intf, sent_local_commands); 1761 } else if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) { 1762 struct ipmi_ipmb_addr *ipmb_addr; 1763 unsigned char ipmb_seq; 1764 long seqid; 1765 int broadcast = 0; 1766 struct ipmi_channel *chans; 1767 1768 if (addr->channel >= IPMI_MAX_CHANNELS) { 1769 ipmi_inc_stat(intf, sent_invalid_commands); 1770 rv = -EINVAL; 1771 goto out_err; 1772 } 1773 1774 chans = READ_ONCE(intf->channel_list)->c; 1775 1776 if (chans[addr->channel].medium != IPMI_CHANNEL_MEDIUM_IPMB) { 1777 ipmi_inc_stat(intf, sent_invalid_commands); 1778 rv = -EINVAL; 1779 goto out_err; 1780 } 1781 1782 if (retries < 0) { 1783 if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE) 1784 retries = 0; /* Don't retry broadcasts. */ 1785 else 1786 retries = 4; 1787 } 1788 if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE) { 1789 /* 1790 * Broadcasts add a zero at the beginning of the 1791 * message, but otherwise is the same as an IPMB 1792 * address. 1793 */ 1794 addr->addr_type = IPMI_IPMB_ADDR_TYPE; 1795 broadcast = 1; 1796 } 1797 1798 1799 /* Default to 1 second retries. */ 1800 if (retry_time_ms == 0) 1801 retry_time_ms = 1000; 1802 1803 /* 1804 * 9 for the header and 1 for the checksum, plus 1805 * possibly one for the broadcast. 1806 */ 1807 if ((msg->data_len + 10 + broadcast) > IPMI_MAX_MSG_LENGTH) { 1808 ipmi_inc_stat(intf, sent_invalid_commands); 1809 rv = -EMSGSIZE; 1810 goto out_err; 1811 } 1812 1813 ipmb_addr = (struct ipmi_ipmb_addr *) addr; 1814 if (ipmb_addr->lun > 3) { 1815 ipmi_inc_stat(intf, sent_invalid_commands); 1816 rv = -EINVAL; 1817 goto out_err; 1818 } 1819 1820 memcpy(&recv_msg->addr, ipmb_addr, sizeof(*ipmb_addr)); 1821 1822 if (recv_msg->msg.netfn & 0x1) { 1823 /* 1824 * It's a response, so use the user's sequence 1825 * from msgid. 1826 */ 1827 ipmi_inc_stat(intf, sent_ipmb_responses); 1828 format_ipmb_msg(smi_msg, msg, ipmb_addr, msgid, 1829 msgid, broadcast, 1830 source_address, source_lun); 1831 1832 /* 1833 * Save the receive message so we can use it 1834 * to deliver the response. 1835 */ 1836 smi_msg->user_data = recv_msg; 1837 } else { 1838 /* It's a command, so get a sequence for it. */ 1839 1840 spin_lock_irqsave(&(intf->seq_lock), flags); 1841 1842 /* 1843 * Create a sequence number with a 1 second 1844 * timeout and 4 retries. 1845 */ 1846 rv = intf_next_seq(intf, 1847 recv_msg, 1848 retry_time_ms, 1849 retries, 1850 broadcast, 1851 &ipmb_seq, 1852 &seqid); 1853 if (rv) { 1854 /* 1855 * We have used up all the sequence numbers, 1856 * probably, so abort. 1857 */ 1858 spin_unlock_irqrestore(&(intf->seq_lock), 1859 flags); 1860 goto out_err; 1861 } 1862 1863 ipmi_inc_stat(intf, sent_ipmb_commands); 1864 1865 /* 1866 * Store the sequence number in the message, 1867 * so that when the send message response 1868 * comes back we can start the timer. 1869 */ 1870 format_ipmb_msg(smi_msg, msg, ipmb_addr, 1871 STORE_SEQ_IN_MSGID(ipmb_seq, seqid), 1872 ipmb_seq, broadcast, 1873 source_address, source_lun); 1874 1875 /* 1876 * Copy the message into the recv message data, so we 1877 * can retransmit it later if necessary. 1878 */ 1879 memcpy(recv_msg->msg_data, smi_msg->data, 1880 smi_msg->data_size); 1881 recv_msg->msg.data = recv_msg->msg_data; 1882 recv_msg->msg.data_len = smi_msg->data_size; 1883 1884 /* 1885 * We don't unlock until here, because we need 1886 * to copy the completed message into the 1887 * recv_msg before we release the lock. 1888 * Otherwise, race conditions may bite us. I 1889 * know that's pretty paranoid, but I prefer 1890 * to be correct. 1891 */ 1892 spin_unlock_irqrestore(&(intf->seq_lock), flags); 1893 } 1894 } else if (is_lan_addr(addr)) { 1895 struct ipmi_lan_addr *lan_addr; 1896 unsigned char ipmb_seq; 1897 long seqid; 1898 struct ipmi_channel *chans; 1899 1900 if (addr->channel >= IPMI_MAX_CHANNELS) { 1901 ipmi_inc_stat(intf, sent_invalid_commands); 1902 rv = -EINVAL; 1903 goto out_err; 1904 } 1905 1906 chans = READ_ONCE(intf->channel_list)->c; 1907 1908 if ((chans[addr->channel].medium 1909 != IPMI_CHANNEL_MEDIUM_8023LAN) 1910 && (chans[addr->channel].medium 1911 != IPMI_CHANNEL_MEDIUM_ASYNC)) { 1912 ipmi_inc_stat(intf, sent_invalid_commands); 1913 rv = -EINVAL; 1914 goto out_err; 1915 } 1916 1917 retries = 4; 1918 1919 /* Default to 1 second retries. */ 1920 if (retry_time_ms == 0) 1921 retry_time_ms = 1000; 1922 1923 /* 11 for the header and 1 for the checksum. */ 1924 if ((msg->data_len + 12) > IPMI_MAX_MSG_LENGTH) { 1925 ipmi_inc_stat(intf, sent_invalid_commands); 1926 rv = -EMSGSIZE; 1927 goto out_err; 1928 } 1929 1930 lan_addr = (struct ipmi_lan_addr *) addr; 1931 if (lan_addr->lun > 3) { 1932 ipmi_inc_stat(intf, sent_invalid_commands); 1933 rv = -EINVAL; 1934 goto out_err; 1935 } 1936 1937 memcpy(&recv_msg->addr, lan_addr, sizeof(*lan_addr)); 1938 1939 if (recv_msg->msg.netfn & 0x1) { 1940 /* 1941 * It's a response, so use the user's sequence 1942 * from msgid. 1943 */ 1944 ipmi_inc_stat(intf, sent_lan_responses); 1945 format_lan_msg(smi_msg, msg, lan_addr, msgid, 1946 msgid, source_lun); 1947 1948 /* 1949 * Save the receive message so we can use it 1950 * to deliver the response. 1951 */ 1952 smi_msg->user_data = recv_msg; 1953 } else { 1954 /* It's a command, so get a sequence for it. */ 1955 1956 spin_lock_irqsave(&(intf->seq_lock), flags); 1957 1958 /* 1959 * Create a sequence number with a 1 second 1960 * timeout and 4 retries. 1961 */ 1962 rv = intf_next_seq(intf, 1963 recv_msg, 1964 retry_time_ms, 1965 retries, 1966 0, 1967 &ipmb_seq, 1968 &seqid); 1969 if (rv) { 1970 /* 1971 * We have used up all the sequence numbers, 1972 * probably, so abort. 1973 */ 1974 spin_unlock_irqrestore(&(intf->seq_lock), 1975 flags); 1976 goto out_err; 1977 } 1978 1979 ipmi_inc_stat(intf, sent_lan_commands); 1980 1981 /* 1982 * Store the sequence number in the message, 1983 * so that when the send message response 1984 * comes back we can start the timer. 1985 */ 1986 format_lan_msg(smi_msg, msg, lan_addr, 1987 STORE_SEQ_IN_MSGID(ipmb_seq, seqid), 1988 ipmb_seq, source_lun); 1989 1990 /* 1991 * Copy the message into the recv message data, so we 1992 * can retransmit it later if necessary. 1993 */ 1994 memcpy(recv_msg->msg_data, smi_msg->data, 1995 smi_msg->data_size); 1996 recv_msg->msg.data = recv_msg->msg_data; 1997 recv_msg->msg.data_len = smi_msg->data_size; 1998 1999 /* 2000 * We don't unlock until here, because we need 2001 * to copy the completed message into the 2002 * recv_msg before we release the lock. 2003 * Otherwise, race conditions may bite us. I 2004 * know that's pretty paranoid, but I prefer 2005 * to be correct. 2006 */ 2007 spin_unlock_irqrestore(&(intf->seq_lock), flags); 2008 } 2009 } else { 2010 /* Unknown address type. */ 2011 ipmi_inc_stat(intf, sent_invalid_commands); 2012 rv = -EINVAL; 2013 goto out_err; 2014 } 2015 2016 #ifdef DEBUG_MSGING 2017 { 2018 int m; 2019 for (m = 0; m < smi_msg->data_size; m++) 2020 printk(" %2.2x", smi_msg->data[m]); 2021 printk("\n"); 2022 } 2023 #endif 2024 2025 smi_send(intf, intf->handlers, smi_msg, priority); 2026 rcu_read_unlock(); 2027 2028 return 0; 2029 2030 out_err: 2031 rcu_read_unlock(); 2032 ipmi_free_smi_msg(smi_msg); 2033 ipmi_free_recv_msg(recv_msg); 2034 return rv; 2035 } 2036 2037 static int check_addr(ipmi_smi_t intf, 2038 struct ipmi_addr *addr, 2039 unsigned char *saddr, 2040 unsigned char *lun) 2041 { 2042 if (addr->channel >= IPMI_MAX_CHANNELS) 2043 return -EINVAL; 2044 *lun = intf->addrinfo[addr->channel].lun; 2045 *saddr = intf->addrinfo[addr->channel].address; 2046 return 0; 2047 } 2048 2049 int ipmi_request_settime(ipmi_user_t user, 2050 struct ipmi_addr *addr, 2051 long msgid, 2052 struct kernel_ipmi_msg *msg, 2053 void *user_msg_data, 2054 int priority, 2055 int retries, 2056 unsigned int retry_time_ms) 2057 { 2058 unsigned char saddr = 0, lun = 0; 2059 int rv; 2060 2061 if (!user) 2062 return -EINVAL; 2063 rv = check_addr(user->intf, addr, &saddr, &lun); 2064 if (rv) 2065 return rv; 2066 return i_ipmi_request(user, 2067 user->intf, 2068 addr, 2069 msgid, 2070 msg, 2071 user_msg_data, 2072 NULL, NULL, 2073 priority, 2074 saddr, 2075 lun, 2076 retries, 2077 retry_time_ms); 2078 } 2079 EXPORT_SYMBOL(ipmi_request_settime); 2080 2081 int ipmi_request_supply_msgs(ipmi_user_t user, 2082 struct ipmi_addr *addr, 2083 long msgid, 2084 struct kernel_ipmi_msg *msg, 2085 void *user_msg_data, 2086 void *supplied_smi, 2087 struct ipmi_recv_msg *supplied_recv, 2088 int priority) 2089 { 2090 unsigned char saddr = 0, lun = 0; 2091 int rv; 2092 2093 if (!user) 2094 return -EINVAL; 2095 rv = check_addr(user->intf, addr, &saddr, &lun); 2096 if (rv) 2097 return rv; 2098 return i_ipmi_request(user, 2099 user->intf, 2100 addr, 2101 msgid, 2102 msg, 2103 user_msg_data, 2104 supplied_smi, 2105 supplied_recv, 2106 priority, 2107 saddr, 2108 lun, 2109 -1, 0); 2110 } 2111 EXPORT_SYMBOL(ipmi_request_supply_msgs); 2112 2113 static void bmc_device_id_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg) 2114 { 2115 int rv; 2116 2117 if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 2118 || (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE) 2119 || (msg->msg.cmd != IPMI_GET_DEVICE_ID_CMD)) { 2120 dev_warn(intf->si_dev, 2121 PFX "invalid device_id msg: addr_type=%d netfn=%x cmd=%x\n", 2122 msg->addr.addr_type, msg->msg.netfn, msg->msg.cmd); 2123 return; 2124 } 2125 2126 rv = ipmi_demangle_device_id(msg->msg.netfn, msg->msg.cmd, 2127 msg->msg.data, msg->msg.data_len, &intf->bmc->fetch_id); 2128 if (rv) { 2129 dev_warn(intf->si_dev, 2130 PFX "device id demangle failed: %d\n", rv); 2131 intf->bmc->dyn_id_set = 0; 2132 } else { 2133 /* 2134 * Make sure the id data is available before setting 2135 * dyn_id_set. 2136 */ 2137 smp_wmb(); 2138 intf->bmc->dyn_id_set = 1; 2139 } 2140 2141 wake_up(&intf->waitq); 2142 } 2143 2144 static int 2145 send_get_device_id_cmd(ipmi_smi_t intf) 2146 { 2147 struct ipmi_system_interface_addr si; 2148 struct kernel_ipmi_msg msg; 2149 2150 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 2151 si.channel = IPMI_BMC_CHANNEL; 2152 si.lun = 0; 2153 2154 msg.netfn = IPMI_NETFN_APP_REQUEST; 2155 msg.cmd = IPMI_GET_DEVICE_ID_CMD; 2156 msg.data = NULL; 2157 msg.data_len = 0; 2158 2159 return i_ipmi_request(NULL, 2160 intf, 2161 (struct ipmi_addr *) &si, 2162 0, 2163 &msg, 2164 intf, 2165 NULL, 2166 NULL, 2167 0, 2168 intf->addrinfo[0].address, 2169 intf->addrinfo[0].lun, 2170 -1, 0); 2171 } 2172 2173 static int __get_device_id(ipmi_smi_t intf, struct bmc_device *bmc) 2174 { 2175 int rv; 2176 2177 bmc->dyn_id_set = 2; 2178 2179 intf->null_user_handler = bmc_device_id_handler; 2180 2181 rv = send_get_device_id_cmd(intf); 2182 if (rv) 2183 return rv; 2184 2185 wait_event(intf->waitq, bmc->dyn_id_set != 2); 2186 2187 if (!bmc->dyn_id_set) 2188 rv = -EIO; /* Something went wrong in the fetch. */ 2189 2190 /* dyn_id_set makes the id data available. */ 2191 smp_rmb(); 2192 2193 intf->null_user_handler = NULL; 2194 2195 return rv; 2196 } 2197 2198 /* 2199 * Fetch the device id for the bmc/interface. You must pass in either 2200 * bmc or intf, this code will get the other one. If the data has 2201 * been recently fetched, this will just use the cached data. Otherwise 2202 * it will run a new fetch. 2203 * 2204 * Except for the first time this is called (in ipmi_register_smi()), 2205 * this will always return good data; 2206 */ 2207 static int __bmc_get_device_id(ipmi_smi_t intf, struct bmc_device *bmc, 2208 struct ipmi_device_id *id, 2209 bool *guid_set, guid_t *guid, int intf_num) 2210 { 2211 int rv = 0; 2212 int prev_dyn_id_set, prev_guid_set; 2213 bool intf_set = intf != NULL; 2214 2215 if (!intf) { 2216 mutex_lock(&bmc->dyn_mutex); 2217 retry_bmc_lock: 2218 if (list_empty(&bmc->intfs)) { 2219 mutex_unlock(&bmc->dyn_mutex); 2220 return -ENOENT; 2221 } 2222 intf = list_first_entry(&bmc->intfs, struct ipmi_smi, 2223 bmc_link); 2224 kref_get(&intf->refcount); 2225 mutex_unlock(&bmc->dyn_mutex); 2226 mutex_lock(&intf->bmc_reg_mutex); 2227 mutex_lock(&bmc->dyn_mutex); 2228 if (intf != list_first_entry(&bmc->intfs, struct ipmi_smi, 2229 bmc_link)) { 2230 mutex_unlock(&intf->bmc_reg_mutex); 2231 kref_put(&intf->refcount, intf_free); 2232 goto retry_bmc_lock; 2233 } 2234 } else { 2235 mutex_lock(&intf->bmc_reg_mutex); 2236 bmc = intf->bmc; 2237 mutex_lock(&bmc->dyn_mutex); 2238 kref_get(&intf->refcount); 2239 } 2240 2241 /* If we have a valid and current ID, just return that. */ 2242 if (intf->in_bmc_register || 2243 (bmc->dyn_id_set && time_is_after_jiffies(bmc->dyn_id_expiry))) 2244 goto out_noprocessing; 2245 2246 prev_guid_set = bmc->dyn_guid_set; 2247 __get_guid(intf); 2248 2249 prev_dyn_id_set = bmc->dyn_id_set; 2250 rv = __get_device_id(intf, bmc); 2251 if (rv) 2252 goto out; 2253 2254 /* 2255 * The guid, device id, manufacturer id, and product id should 2256 * not change on a BMC. If it does we have to do some dancing. 2257 */ 2258 if (!intf->bmc_registered 2259 || (!prev_guid_set && bmc->dyn_guid_set) 2260 || (!prev_dyn_id_set && bmc->dyn_id_set) 2261 || (prev_guid_set && bmc->dyn_guid_set 2262 && !guid_equal(&bmc->guid, &bmc->fetch_guid)) 2263 || bmc->id.device_id != bmc->fetch_id.device_id 2264 || bmc->id.manufacturer_id != bmc->fetch_id.manufacturer_id 2265 || bmc->id.product_id != bmc->fetch_id.product_id) { 2266 struct ipmi_device_id id = bmc->fetch_id; 2267 int guid_set = bmc->dyn_guid_set; 2268 guid_t guid; 2269 2270 guid = bmc->fetch_guid; 2271 mutex_unlock(&bmc->dyn_mutex); 2272 2273 __ipmi_bmc_unregister(intf); 2274 /* Fill in the temporary BMC for good measure. */ 2275 intf->bmc->id = id; 2276 intf->bmc->dyn_guid_set = guid_set; 2277 intf->bmc->guid = guid; 2278 if (__ipmi_bmc_register(intf, &id, guid_set, &guid, intf_num)) 2279 need_waiter(intf); /* Retry later on an error. */ 2280 else 2281 __scan_channels(intf, &id); 2282 2283 2284 if (!intf_set) { 2285 /* 2286 * We weren't given the interface on the 2287 * command line, so restart the operation on 2288 * the next interface for the BMC. 2289 */ 2290 mutex_unlock(&intf->bmc_reg_mutex); 2291 mutex_lock(&bmc->dyn_mutex); 2292 goto retry_bmc_lock; 2293 } 2294 2295 /* We have a new BMC, set it up. */ 2296 bmc = intf->bmc; 2297 mutex_lock(&bmc->dyn_mutex); 2298 goto out_noprocessing; 2299 } else if (memcmp(&bmc->fetch_id, &bmc->id, sizeof(bmc->id))) 2300 /* Version info changes, scan the channels again. */ 2301 __scan_channels(intf, &bmc->fetch_id); 2302 2303 bmc->dyn_id_expiry = jiffies + IPMI_DYN_DEV_ID_EXPIRY; 2304 2305 out: 2306 if (rv && prev_dyn_id_set) { 2307 rv = 0; /* Ignore failures if we have previous data. */ 2308 bmc->dyn_id_set = prev_dyn_id_set; 2309 } 2310 if (!rv) { 2311 bmc->id = bmc->fetch_id; 2312 if (bmc->dyn_guid_set) 2313 bmc->guid = bmc->fetch_guid; 2314 else if (prev_guid_set) 2315 /* 2316 * The guid used to be valid and it failed to fetch, 2317 * just use the cached value. 2318 */ 2319 bmc->dyn_guid_set = prev_guid_set; 2320 } 2321 out_noprocessing: 2322 if (!rv) { 2323 if (id) 2324 *id = bmc->id; 2325 2326 if (guid_set) 2327 *guid_set = bmc->dyn_guid_set; 2328 2329 if (guid && bmc->dyn_guid_set) 2330 *guid = bmc->guid; 2331 } 2332 2333 mutex_unlock(&bmc->dyn_mutex); 2334 mutex_unlock(&intf->bmc_reg_mutex); 2335 2336 kref_put(&intf->refcount, intf_free); 2337 return rv; 2338 } 2339 2340 static int bmc_get_device_id(ipmi_smi_t intf, struct bmc_device *bmc, 2341 struct ipmi_device_id *id, 2342 bool *guid_set, guid_t *guid) 2343 { 2344 return __bmc_get_device_id(intf, bmc, id, guid_set, guid, -1); 2345 } 2346 2347 #ifdef CONFIG_IPMI_PROC_INTERFACE 2348 static int smi_ipmb_proc_show(struct seq_file *m, void *v) 2349 { 2350 ipmi_smi_t intf = m->private; 2351 int i; 2352 2353 seq_printf(m, "%x", intf->addrinfo[0].address); 2354 for (i = 1; i < IPMI_MAX_CHANNELS; i++) 2355 seq_printf(m, " %x", intf->addrinfo[i].address); 2356 seq_putc(m, '\n'); 2357 2358 return 0; 2359 } 2360 2361 static int smi_ipmb_proc_open(struct inode *inode, struct file *file) 2362 { 2363 return single_open(file, smi_ipmb_proc_show, PDE_DATA(inode)); 2364 } 2365 2366 static const struct file_operations smi_ipmb_proc_ops = { 2367 .open = smi_ipmb_proc_open, 2368 .read = seq_read, 2369 .llseek = seq_lseek, 2370 .release = single_release, 2371 }; 2372 2373 static int smi_version_proc_show(struct seq_file *m, void *v) 2374 { 2375 ipmi_smi_t intf = m->private; 2376 struct ipmi_device_id id; 2377 int rv; 2378 2379 rv = bmc_get_device_id(intf, NULL, &id, NULL, NULL); 2380 if (rv) 2381 return rv; 2382 2383 seq_printf(m, "%u.%u\n", 2384 ipmi_version_major(&id), 2385 ipmi_version_minor(&id)); 2386 2387 return 0; 2388 } 2389 2390 static int smi_version_proc_open(struct inode *inode, struct file *file) 2391 { 2392 return single_open(file, smi_version_proc_show, PDE_DATA(inode)); 2393 } 2394 2395 static const struct file_operations smi_version_proc_ops = { 2396 .open = smi_version_proc_open, 2397 .read = seq_read, 2398 .llseek = seq_lseek, 2399 .release = single_release, 2400 }; 2401 2402 static int smi_stats_proc_show(struct seq_file *m, void *v) 2403 { 2404 ipmi_smi_t intf = m->private; 2405 2406 seq_printf(m, "sent_invalid_commands: %u\n", 2407 ipmi_get_stat(intf, sent_invalid_commands)); 2408 seq_printf(m, "sent_local_commands: %u\n", 2409 ipmi_get_stat(intf, sent_local_commands)); 2410 seq_printf(m, "handled_local_responses: %u\n", 2411 ipmi_get_stat(intf, handled_local_responses)); 2412 seq_printf(m, "unhandled_local_responses: %u\n", 2413 ipmi_get_stat(intf, unhandled_local_responses)); 2414 seq_printf(m, "sent_ipmb_commands: %u\n", 2415 ipmi_get_stat(intf, sent_ipmb_commands)); 2416 seq_printf(m, "sent_ipmb_command_errs: %u\n", 2417 ipmi_get_stat(intf, sent_ipmb_command_errs)); 2418 seq_printf(m, "retransmitted_ipmb_commands: %u\n", 2419 ipmi_get_stat(intf, retransmitted_ipmb_commands)); 2420 seq_printf(m, "timed_out_ipmb_commands: %u\n", 2421 ipmi_get_stat(intf, timed_out_ipmb_commands)); 2422 seq_printf(m, "timed_out_ipmb_broadcasts: %u\n", 2423 ipmi_get_stat(intf, timed_out_ipmb_broadcasts)); 2424 seq_printf(m, "sent_ipmb_responses: %u\n", 2425 ipmi_get_stat(intf, sent_ipmb_responses)); 2426 seq_printf(m, "handled_ipmb_responses: %u\n", 2427 ipmi_get_stat(intf, handled_ipmb_responses)); 2428 seq_printf(m, "invalid_ipmb_responses: %u\n", 2429 ipmi_get_stat(intf, invalid_ipmb_responses)); 2430 seq_printf(m, "unhandled_ipmb_responses: %u\n", 2431 ipmi_get_stat(intf, unhandled_ipmb_responses)); 2432 seq_printf(m, "sent_lan_commands: %u\n", 2433 ipmi_get_stat(intf, sent_lan_commands)); 2434 seq_printf(m, "sent_lan_command_errs: %u\n", 2435 ipmi_get_stat(intf, sent_lan_command_errs)); 2436 seq_printf(m, "retransmitted_lan_commands: %u\n", 2437 ipmi_get_stat(intf, retransmitted_lan_commands)); 2438 seq_printf(m, "timed_out_lan_commands: %u\n", 2439 ipmi_get_stat(intf, timed_out_lan_commands)); 2440 seq_printf(m, "sent_lan_responses: %u\n", 2441 ipmi_get_stat(intf, sent_lan_responses)); 2442 seq_printf(m, "handled_lan_responses: %u\n", 2443 ipmi_get_stat(intf, handled_lan_responses)); 2444 seq_printf(m, "invalid_lan_responses: %u\n", 2445 ipmi_get_stat(intf, invalid_lan_responses)); 2446 seq_printf(m, "unhandled_lan_responses: %u\n", 2447 ipmi_get_stat(intf, unhandled_lan_responses)); 2448 seq_printf(m, "handled_commands: %u\n", 2449 ipmi_get_stat(intf, handled_commands)); 2450 seq_printf(m, "invalid_commands: %u\n", 2451 ipmi_get_stat(intf, invalid_commands)); 2452 seq_printf(m, "unhandled_commands: %u\n", 2453 ipmi_get_stat(intf, unhandled_commands)); 2454 seq_printf(m, "invalid_events: %u\n", 2455 ipmi_get_stat(intf, invalid_events)); 2456 seq_printf(m, "events: %u\n", 2457 ipmi_get_stat(intf, events)); 2458 seq_printf(m, "failed rexmit LAN msgs: %u\n", 2459 ipmi_get_stat(intf, dropped_rexmit_lan_commands)); 2460 seq_printf(m, "failed rexmit IPMB msgs: %u\n", 2461 ipmi_get_stat(intf, dropped_rexmit_ipmb_commands)); 2462 return 0; 2463 } 2464 2465 static int smi_stats_proc_open(struct inode *inode, struct file *file) 2466 { 2467 return single_open(file, smi_stats_proc_show, PDE_DATA(inode)); 2468 } 2469 2470 static const struct file_operations smi_stats_proc_ops = { 2471 .open = smi_stats_proc_open, 2472 .read = seq_read, 2473 .llseek = seq_lseek, 2474 .release = single_release, 2475 }; 2476 2477 int ipmi_smi_add_proc_entry(ipmi_smi_t smi, char *name, 2478 const struct file_operations *proc_ops, 2479 void *data) 2480 { 2481 int rv = 0; 2482 struct proc_dir_entry *file; 2483 struct ipmi_proc_entry *entry; 2484 2485 /* Create a list element. */ 2486 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 2487 if (!entry) 2488 return -ENOMEM; 2489 entry->name = kstrdup(name, GFP_KERNEL); 2490 if (!entry->name) { 2491 kfree(entry); 2492 return -ENOMEM; 2493 } 2494 2495 file = proc_create_data(name, 0, smi->proc_dir, proc_ops, data); 2496 if (!file) { 2497 kfree(entry->name); 2498 kfree(entry); 2499 rv = -ENOMEM; 2500 } else { 2501 mutex_lock(&smi->proc_entry_lock); 2502 /* Stick it on the list. */ 2503 entry->next = smi->proc_entries; 2504 smi->proc_entries = entry; 2505 mutex_unlock(&smi->proc_entry_lock); 2506 } 2507 2508 return rv; 2509 } 2510 EXPORT_SYMBOL(ipmi_smi_add_proc_entry); 2511 2512 static int add_proc_entries(ipmi_smi_t smi, int num) 2513 { 2514 int rv = 0; 2515 2516 sprintf(smi->proc_dir_name, "%d", num); 2517 smi->proc_dir = proc_mkdir(smi->proc_dir_name, proc_ipmi_root); 2518 if (!smi->proc_dir) 2519 rv = -ENOMEM; 2520 2521 if (rv == 0) 2522 rv = ipmi_smi_add_proc_entry(smi, "stats", 2523 &smi_stats_proc_ops, 2524 smi); 2525 2526 if (rv == 0) 2527 rv = ipmi_smi_add_proc_entry(smi, "ipmb", 2528 &smi_ipmb_proc_ops, 2529 smi); 2530 2531 if (rv == 0) 2532 rv = ipmi_smi_add_proc_entry(smi, "version", 2533 &smi_version_proc_ops, 2534 smi); 2535 2536 return rv; 2537 } 2538 2539 static void remove_proc_entries(ipmi_smi_t smi) 2540 { 2541 struct ipmi_proc_entry *entry; 2542 2543 mutex_lock(&smi->proc_entry_lock); 2544 while (smi->proc_entries) { 2545 entry = smi->proc_entries; 2546 smi->proc_entries = entry->next; 2547 2548 remove_proc_entry(entry->name, smi->proc_dir); 2549 kfree(entry->name); 2550 kfree(entry); 2551 } 2552 mutex_unlock(&smi->proc_entry_lock); 2553 remove_proc_entry(smi->proc_dir_name, proc_ipmi_root); 2554 } 2555 #endif /* CONFIG_IPMI_PROC_INTERFACE */ 2556 2557 static ssize_t device_id_show(struct device *dev, 2558 struct device_attribute *attr, 2559 char *buf) 2560 { 2561 struct bmc_device *bmc = to_bmc_device(dev); 2562 struct ipmi_device_id id; 2563 int rv; 2564 2565 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2566 if (rv) 2567 return rv; 2568 2569 return snprintf(buf, 10, "%u\n", id.device_id); 2570 } 2571 static DEVICE_ATTR_RO(device_id); 2572 2573 static ssize_t provides_device_sdrs_show(struct device *dev, 2574 struct device_attribute *attr, 2575 char *buf) 2576 { 2577 struct bmc_device *bmc = to_bmc_device(dev); 2578 struct ipmi_device_id id; 2579 int rv; 2580 2581 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2582 if (rv) 2583 return rv; 2584 2585 return snprintf(buf, 10, "%u\n", (id.device_revision & 0x80) >> 7); 2586 } 2587 static DEVICE_ATTR_RO(provides_device_sdrs); 2588 2589 static ssize_t revision_show(struct device *dev, struct device_attribute *attr, 2590 char *buf) 2591 { 2592 struct bmc_device *bmc = to_bmc_device(dev); 2593 struct ipmi_device_id id; 2594 int rv; 2595 2596 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2597 if (rv) 2598 return rv; 2599 2600 return snprintf(buf, 20, "%u\n", id.device_revision & 0x0F); 2601 } 2602 static DEVICE_ATTR_RO(revision); 2603 2604 static ssize_t firmware_revision_show(struct device *dev, 2605 struct device_attribute *attr, 2606 char *buf) 2607 { 2608 struct bmc_device *bmc = to_bmc_device(dev); 2609 struct ipmi_device_id id; 2610 int rv; 2611 2612 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2613 if (rv) 2614 return rv; 2615 2616 return snprintf(buf, 20, "%u.%x\n", id.firmware_revision_1, 2617 id.firmware_revision_2); 2618 } 2619 static DEVICE_ATTR_RO(firmware_revision); 2620 2621 static ssize_t ipmi_version_show(struct device *dev, 2622 struct device_attribute *attr, 2623 char *buf) 2624 { 2625 struct bmc_device *bmc = to_bmc_device(dev); 2626 struct ipmi_device_id id; 2627 int rv; 2628 2629 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2630 if (rv) 2631 return rv; 2632 2633 return snprintf(buf, 20, "%u.%u\n", 2634 ipmi_version_major(&id), 2635 ipmi_version_minor(&id)); 2636 } 2637 static DEVICE_ATTR_RO(ipmi_version); 2638 2639 static ssize_t add_dev_support_show(struct device *dev, 2640 struct device_attribute *attr, 2641 char *buf) 2642 { 2643 struct bmc_device *bmc = to_bmc_device(dev); 2644 struct ipmi_device_id id; 2645 int rv; 2646 2647 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2648 if (rv) 2649 return rv; 2650 2651 return snprintf(buf, 10, "0x%02x\n", id.additional_device_support); 2652 } 2653 static DEVICE_ATTR(additional_device_support, S_IRUGO, add_dev_support_show, 2654 NULL); 2655 2656 static ssize_t manufacturer_id_show(struct device *dev, 2657 struct device_attribute *attr, 2658 char *buf) 2659 { 2660 struct bmc_device *bmc = to_bmc_device(dev); 2661 struct ipmi_device_id id; 2662 int rv; 2663 2664 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2665 if (rv) 2666 return rv; 2667 2668 return snprintf(buf, 20, "0x%6.6x\n", id.manufacturer_id); 2669 } 2670 static DEVICE_ATTR_RO(manufacturer_id); 2671 2672 static ssize_t product_id_show(struct device *dev, 2673 struct device_attribute *attr, 2674 char *buf) 2675 { 2676 struct bmc_device *bmc = to_bmc_device(dev); 2677 struct ipmi_device_id id; 2678 int rv; 2679 2680 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2681 if (rv) 2682 return rv; 2683 2684 return snprintf(buf, 10, "0x%4.4x\n", id.product_id); 2685 } 2686 static DEVICE_ATTR_RO(product_id); 2687 2688 static ssize_t aux_firmware_rev_show(struct device *dev, 2689 struct device_attribute *attr, 2690 char *buf) 2691 { 2692 struct bmc_device *bmc = to_bmc_device(dev); 2693 struct ipmi_device_id id; 2694 int rv; 2695 2696 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2697 if (rv) 2698 return rv; 2699 2700 return snprintf(buf, 21, "0x%02x 0x%02x 0x%02x 0x%02x\n", 2701 id.aux_firmware_revision[3], 2702 id.aux_firmware_revision[2], 2703 id.aux_firmware_revision[1], 2704 id.aux_firmware_revision[0]); 2705 } 2706 static DEVICE_ATTR(aux_firmware_revision, S_IRUGO, aux_firmware_rev_show, NULL); 2707 2708 static ssize_t guid_show(struct device *dev, struct device_attribute *attr, 2709 char *buf) 2710 { 2711 struct bmc_device *bmc = to_bmc_device(dev); 2712 bool guid_set; 2713 guid_t guid; 2714 int rv; 2715 2716 rv = bmc_get_device_id(NULL, bmc, NULL, &guid_set, &guid); 2717 if (rv) 2718 return rv; 2719 if (!guid_set) 2720 return -ENOENT; 2721 2722 return snprintf(buf, 38, "%pUl\n", guid.b); 2723 } 2724 static DEVICE_ATTR_RO(guid); 2725 2726 static struct attribute *bmc_dev_attrs[] = { 2727 &dev_attr_device_id.attr, 2728 &dev_attr_provides_device_sdrs.attr, 2729 &dev_attr_revision.attr, 2730 &dev_attr_firmware_revision.attr, 2731 &dev_attr_ipmi_version.attr, 2732 &dev_attr_additional_device_support.attr, 2733 &dev_attr_manufacturer_id.attr, 2734 &dev_attr_product_id.attr, 2735 &dev_attr_aux_firmware_revision.attr, 2736 &dev_attr_guid.attr, 2737 NULL 2738 }; 2739 2740 static umode_t bmc_dev_attr_is_visible(struct kobject *kobj, 2741 struct attribute *attr, int idx) 2742 { 2743 struct device *dev = kobj_to_dev(kobj); 2744 struct bmc_device *bmc = to_bmc_device(dev); 2745 umode_t mode = attr->mode; 2746 int rv; 2747 2748 if (attr == &dev_attr_aux_firmware_revision.attr) { 2749 struct ipmi_device_id id; 2750 2751 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2752 return (!rv && id.aux_firmware_revision_set) ? mode : 0; 2753 } 2754 if (attr == &dev_attr_guid.attr) { 2755 bool guid_set; 2756 2757 rv = bmc_get_device_id(NULL, bmc, NULL, &guid_set, NULL); 2758 return (!rv && guid_set) ? mode : 0; 2759 } 2760 return mode; 2761 } 2762 2763 static const struct attribute_group bmc_dev_attr_group = { 2764 .attrs = bmc_dev_attrs, 2765 .is_visible = bmc_dev_attr_is_visible, 2766 }; 2767 2768 static const struct attribute_group *bmc_dev_attr_groups[] = { 2769 &bmc_dev_attr_group, 2770 NULL 2771 }; 2772 2773 static const struct device_type bmc_device_type = { 2774 .groups = bmc_dev_attr_groups, 2775 }; 2776 2777 static int __find_bmc_guid(struct device *dev, void *data) 2778 { 2779 guid_t *guid = data; 2780 struct bmc_device *bmc; 2781 int rv; 2782 2783 if (dev->type != &bmc_device_type) 2784 return 0; 2785 2786 bmc = to_bmc_device(dev); 2787 rv = bmc->dyn_guid_set && guid_equal(&bmc->guid, guid); 2788 if (rv) 2789 rv = kref_get_unless_zero(&bmc->usecount); 2790 return rv; 2791 } 2792 2793 /* 2794 * Returns with the bmc's usecount incremented, if it is non-NULL. 2795 */ 2796 static struct bmc_device *ipmi_find_bmc_guid(struct device_driver *drv, 2797 guid_t *guid) 2798 { 2799 struct device *dev; 2800 struct bmc_device *bmc = NULL; 2801 2802 dev = driver_find_device(drv, NULL, guid, __find_bmc_guid); 2803 if (dev) { 2804 bmc = to_bmc_device(dev); 2805 put_device(dev); 2806 } 2807 return bmc; 2808 } 2809 2810 struct prod_dev_id { 2811 unsigned int product_id; 2812 unsigned char device_id; 2813 }; 2814 2815 static int __find_bmc_prod_dev_id(struct device *dev, void *data) 2816 { 2817 struct prod_dev_id *cid = data; 2818 struct bmc_device *bmc; 2819 int rv; 2820 2821 if (dev->type != &bmc_device_type) 2822 return 0; 2823 2824 bmc = to_bmc_device(dev); 2825 rv = (bmc->id.product_id == cid->product_id 2826 && bmc->id.device_id == cid->device_id); 2827 if (rv) 2828 rv = kref_get_unless_zero(&bmc->usecount); 2829 return rv; 2830 } 2831 2832 /* 2833 * Returns with the bmc's usecount incremented, if it is non-NULL. 2834 */ 2835 static struct bmc_device *ipmi_find_bmc_prod_dev_id( 2836 struct device_driver *drv, 2837 unsigned int product_id, unsigned char device_id) 2838 { 2839 struct prod_dev_id id = { 2840 .product_id = product_id, 2841 .device_id = device_id, 2842 }; 2843 struct device *dev; 2844 struct bmc_device *bmc = NULL; 2845 2846 dev = driver_find_device(drv, NULL, &id, __find_bmc_prod_dev_id); 2847 if (dev) { 2848 bmc = to_bmc_device(dev); 2849 put_device(dev); 2850 } 2851 return bmc; 2852 } 2853 2854 static DEFINE_IDA(ipmi_bmc_ida); 2855 2856 static void 2857 release_bmc_device(struct device *dev) 2858 { 2859 kfree(to_bmc_device(dev)); 2860 } 2861 2862 static void cleanup_bmc_work(struct work_struct *work) 2863 { 2864 struct bmc_device *bmc = container_of(work, struct bmc_device, 2865 remove_work); 2866 int id = bmc->pdev.id; /* Unregister overwrites id */ 2867 2868 platform_device_unregister(&bmc->pdev); 2869 ida_simple_remove(&ipmi_bmc_ida, id); 2870 } 2871 2872 static void 2873 cleanup_bmc_device(struct kref *ref) 2874 { 2875 struct bmc_device *bmc = container_of(ref, struct bmc_device, usecount); 2876 2877 /* 2878 * Remove the platform device in a work queue to avoid issues 2879 * with removing the device attributes while reading a device 2880 * attribute. 2881 */ 2882 schedule_work(&bmc->remove_work); 2883 } 2884 2885 /* 2886 * Must be called with intf->bmc_reg_mutex held. 2887 */ 2888 static void __ipmi_bmc_unregister(ipmi_smi_t intf) 2889 { 2890 struct bmc_device *bmc = intf->bmc; 2891 2892 if (!intf->bmc_registered) 2893 return; 2894 2895 sysfs_remove_link(&intf->si_dev->kobj, "bmc"); 2896 sysfs_remove_link(&bmc->pdev.dev.kobj, intf->my_dev_name); 2897 kfree(intf->my_dev_name); 2898 intf->my_dev_name = NULL; 2899 2900 mutex_lock(&bmc->dyn_mutex); 2901 list_del(&intf->bmc_link); 2902 mutex_unlock(&bmc->dyn_mutex); 2903 intf->bmc = &intf->tmp_bmc; 2904 kref_put(&bmc->usecount, cleanup_bmc_device); 2905 intf->bmc_registered = false; 2906 } 2907 2908 static void ipmi_bmc_unregister(ipmi_smi_t intf) 2909 { 2910 mutex_lock(&intf->bmc_reg_mutex); 2911 __ipmi_bmc_unregister(intf); 2912 mutex_unlock(&intf->bmc_reg_mutex); 2913 } 2914 2915 /* 2916 * Must be called with intf->bmc_reg_mutex held. 2917 */ 2918 static int __ipmi_bmc_register(ipmi_smi_t intf, 2919 struct ipmi_device_id *id, 2920 bool guid_set, guid_t *guid, int intf_num) 2921 { 2922 int rv; 2923 struct bmc_device *bmc; 2924 struct bmc_device *old_bmc; 2925 2926 /* 2927 * platform_device_register() can cause bmc_reg_mutex to 2928 * be claimed because of the is_visible functions of 2929 * the attributes. Eliminate possible recursion and 2930 * release the lock. 2931 */ 2932 intf->in_bmc_register = true; 2933 mutex_unlock(&intf->bmc_reg_mutex); 2934 2935 /* 2936 * Try to find if there is an bmc_device struct 2937 * representing the interfaced BMC already 2938 */ 2939 mutex_lock(&ipmidriver_mutex); 2940 if (guid_set) 2941 old_bmc = ipmi_find_bmc_guid(&ipmidriver.driver, guid); 2942 else 2943 old_bmc = ipmi_find_bmc_prod_dev_id(&ipmidriver.driver, 2944 id->product_id, 2945 id->device_id); 2946 2947 /* 2948 * If there is already an bmc_device, free the new one, 2949 * otherwise register the new BMC device 2950 */ 2951 if (old_bmc) { 2952 bmc = old_bmc; 2953 /* 2954 * Note: old_bmc already has usecount incremented by 2955 * the BMC find functions. 2956 */ 2957 intf->bmc = old_bmc; 2958 mutex_lock(&bmc->dyn_mutex); 2959 list_add_tail(&intf->bmc_link, &bmc->intfs); 2960 mutex_unlock(&bmc->dyn_mutex); 2961 2962 dev_info(intf->si_dev, 2963 "ipmi: interfacing existing BMC (man_id: 0x%6.6x," 2964 " prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n", 2965 bmc->id.manufacturer_id, 2966 bmc->id.product_id, 2967 bmc->id.device_id); 2968 } else { 2969 bmc = kzalloc(sizeof(*bmc), GFP_KERNEL); 2970 if (!bmc) { 2971 rv = -ENOMEM; 2972 goto out; 2973 } 2974 INIT_LIST_HEAD(&bmc->intfs); 2975 mutex_init(&bmc->dyn_mutex); 2976 INIT_WORK(&bmc->remove_work, cleanup_bmc_work); 2977 2978 bmc->id = *id; 2979 bmc->dyn_id_set = 1; 2980 bmc->dyn_guid_set = guid_set; 2981 bmc->guid = *guid; 2982 bmc->dyn_id_expiry = jiffies + IPMI_DYN_DEV_ID_EXPIRY; 2983 2984 bmc->pdev.name = "ipmi_bmc"; 2985 2986 rv = ida_simple_get(&ipmi_bmc_ida, 0, 0, GFP_KERNEL); 2987 if (rv < 0) 2988 goto out; 2989 bmc->pdev.dev.driver = &ipmidriver.driver; 2990 bmc->pdev.id = rv; 2991 bmc->pdev.dev.release = release_bmc_device; 2992 bmc->pdev.dev.type = &bmc_device_type; 2993 kref_init(&bmc->usecount); 2994 2995 intf->bmc = bmc; 2996 mutex_lock(&bmc->dyn_mutex); 2997 list_add_tail(&intf->bmc_link, &bmc->intfs); 2998 mutex_unlock(&bmc->dyn_mutex); 2999 3000 rv = platform_device_register(&bmc->pdev); 3001 if (rv) { 3002 dev_err(intf->si_dev, 3003 PFX " Unable to register bmc device: %d\n", 3004 rv); 3005 goto out_list_del; 3006 } 3007 3008 dev_info(intf->si_dev, 3009 "Found new BMC (man_id: 0x%6.6x, prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n", 3010 bmc->id.manufacturer_id, 3011 bmc->id.product_id, 3012 bmc->id.device_id); 3013 } 3014 3015 /* 3016 * create symlink from system interface device to bmc device 3017 * and back. 3018 */ 3019 rv = sysfs_create_link(&intf->si_dev->kobj, &bmc->pdev.dev.kobj, "bmc"); 3020 if (rv) { 3021 dev_err(intf->si_dev, 3022 PFX "Unable to create bmc symlink: %d\n", rv); 3023 goto out_put_bmc; 3024 } 3025 3026 if (intf_num == -1) 3027 intf_num = intf->intf_num; 3028 intf->my_dev_name = kasprintf(GFP_KERNEL, "ipmi%d", intf_num); 3029 if (!intf->my_dev_name) { 3030 rv = -ENOMEM; 3031 dev_err(intf->si_dev, 3032 PFX "Unable to allocate link from BMC: %d\n", rv); 3033 goto out_unlink1; 3034 } 3035 3036 rv = sysfs_create_link(&bmc->pdev.dev.kobj, &intf->si_dev->kobj, 3037 intf->my_dev_name); 3038 if (rv) { 3039 kfree(intf->my_dev_name); 3040 intf->my_dev_name = NULL; 3041 dev_err(intf->si_dev, 3042 PFX "Unable to create symlink to bmc: %d\n", rv); 3043 goto out_free_my_dev_name; 3044 } 3045 3046 intf->bmc_registered = true; 3047 3048 out: 3049 mutex_unlock(&ipmidriver_mutex); 3050 mutex_lock(&intf->bmc_reg_mutex); 3051 intf->in_bmc_register = false; 3052 return rv; 3053 3054 3055 out_free_my_dev_name: 3056 kfree(intf->my_dev_name); 3057 intf->my_dev_name = NULL; 3058 3059 out_unlink1: 3060 sysfs_remove_link(&intf->si_dev->kobj, "bmc"); 3061 3062 out_put_bmc: 3063 mutex_lock(&bmc->dyn_mutex); 3064 list_del(&intf->bmc_link); 3065 mutex_unlock(&bmc->dyn_mutex); 3066 intf->bmc = &intf->tmp_bmc; 3067 kref_put(&bmc->usecount, cleanup_bmc_device); 3068 goto out; 3069 3070 out_list_del: 3071 mutex_lock(&bmc->dyn_mutex); 3072 list_del(&intf->bmc_link); 3073 mutex_unlock(&bmc->dyn_mutex); 3074 intf->bmc = &intf->tmp_bmc; 3075 put_device(&bmc->pdev.dev); 3076 goto out; 3077 } 3078 3079 static int 3080 send_guid_cmd(ipmi_smi_t intf, int chan) 3081 { 3082 struct kernel_ipmi_msg msg; 3083 struct ipmi_system_interface_addr si; 3084 3085 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 3086 si.channel = IPMI_BMC_CHANNEL; 3087 si.lun = 0; 3088 3089 msg.netfn = IPMI_NETFN_APP_REQUEST; 3090 msg.cmd = IPMI_GET_DEVICE_GUID_CMD; 3091 msg.data = NULL; 3092 msg.data_len = 0; 3093 return i_ipmi_request(NULL, 3094 intf, 3095 (struct ipmi_addr *) &si, 3096 0, 3097 &msg, 3098 intf, 3099 NULL, 3100 NULL, 3101 0, 3102 intf->addrinfo[0].address, 3103 intf->addrinfo[0].lun, 3104 -1, 0); 3105 } 3106 3107 static void guid_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg) 3108 { 3109 struct bmc_device *bmc = intf->bmc; 3110 3111 if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 3112 || (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE) 3113 || (msg->msg.cmd != IPMI_GET_DEVICE_GUID_CMD)) 3114 /* Not for me */ 3115 return; 3116 3117 if (msg->msg.data[0] != 0) { 3118 /* Error from getting the GUID, the BMC doesn't have one. */ 3119 bmc->dyn_guid_set = 0; 3120 goto out; 3121 } 3122 3123 if (msg->msg.data_len < 17) { 3124 bmc->dyn_guid_set = 0; 3125 dev_warn(intf->si_dev, 3126 PFX "The GUID response from the BMC was too short, it was %d but should have been 17. Assuming GUID is not available.\n", 3127 msg->msg.data_len); 3128 goto out; 3129 } 3130 3131 memcpy(bmc->fetch_guid.b, msg->msg.data + 1, 16); 3132 /* 3133 * Make sure the guid data is available before setting 3134 * dyn_guid_set. 3135 */ 3136 smp_wmb(); 3137 bmc->dyn_guid_set = 1; 3138 out: 3139 wake_up(&intf->waitq); 3140 } 3141 3142 static void __get_guid(ipmi_smi_t intf) 3143 { 3144 int rv; 3145 struct bmc_device *bmc = intf->bmc; 3146 3147 bmc->dyn_guid_set = 2; 3148 intf->null_user_handler = guid_handler; 3149 rv = send_guid_cmd(intf, 0); 3150 if (rv) 3151 /* Send failed, no GUID available. */ 3152 bmc->dyn_guid_set = 0; 3153 3154 wait_event(intf->waitq, bmc->dyn_guid_set != 2); 3155 3156 /* dyn_guid_set makes the guid data available. */ 3157 smp_rmb(); 3158 3159 intf->null_user_handler = NULL; 3160 } 3161 3162 static int 3163 send_channel_info_cmd(ipmi_smi_t intf, int chan) 3164 { 3165 struct kernel_ipmi_msg msg; 3166 unsigned char data[1]; 3167 struct ipmi_system_interface_addr si; 3168 3169 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 3170 si.channel = IPMI_BMC_CHANNEL; 3171 si.lun = 0; 3172 3173 msg.netfn = IPMI_NETFN_APP_REQUEST; 3174 msg.cmd = IPMI_GET_CHANNEL_INFO_CMD; 3175 msg.data = data; 3176 msg.data_len = 1; 3177 data[0] = chan; 3178 return i_ipmi_request(NULL, 3179 intf, 3180 (struct ipmi_addr *) &si, 3181 0, 3182 &msg, 3183 intf, 3184 NULL, 3185 NULL, 3186 0, 3187 intf->addrinfo[0].address, 3188 intf->addrinfo[0].lun, 3189 -1, 0); 3190 } 3191 3192 static void 3193 channel_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg) 3194 { 3195 int rv = 0; 3196 int ch; 3197 unsigned int set = intf->curr_working_cset; 3198 struct ipmi_channel *chans; 3199 3200 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 3201 && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE) 3202 && (msg->msg.cmd == IPMI_GET_CHANNEL_INFO_CMD)) { 3203 /* It's the one we want */ 3204 if (msg->msg.data[0] != 0) { 3205 /* Got an error from the channel, just go on. */ 3206 3207 if (msg->msg.data[0] == IPMI_INVALID_COMMAND_ERR) { 3208 /* 3209 * If the MC does not support this 3210 * command, that is legal. We just 3211 * assume it has one IPMB at channel 3212 * zero. 3213 */ 3214 intf->wchannels[set].c[0].medium 3215 = IPMI_CHANNEL_MEDIUM_IPMB; 3216 intf->wchannels[set].c[0].protocol 3217 = IPMI_CHANNEL_PROTOCOL_IPMB; 3218 3219 intf->channel_list = intf->wchannels + set; 3220 intf->channels_ready = true; 3221 wake_up(&intf->waitq); 3222 goto out; 3223 } 3224 goto next_channel; 3225 } 3226 if (msg->msg.data_len < 4) { 3227 /* Message not big enough, just go on. */ 3228 goto next_channel; 3229 } 3230 ch = intf->curr_channel; 3231 chans = intf->wchannels[set].c; 3232 chans[ch].medium = msg->msg.data[2] & 0x7f; 3233 chans[ch].protocol = msg->msg.data[3] & 0x1f; 3234 3235 next_channel: 3236 intf->curr_channel++; 3237 if (intf->curr_channel >= IPMI_MAX_CHANNELS) { 3238 intf->channel_list = intf->wchannels + set; 3239 intf->channels_ready = true; 3240 wake_up(&intf->waitq); 3241 } else { 3242 intf->channel_list = intf->wchannels + set; 3243 intf->channels_ready = true; 3244 rv = send_channel_info_cmd(intf, intf->curr_channel); 3245 } 3246 3247 if (rv) { 3248 /* Got an error somehow, just give up. */ 3249 dev_warn(intf->si_dev, 3250 PFX "Error sending channel information for channel %d: %d\n", 3251 intf->curr_channel, rv); 3252 3253 intf->channel_list = intf->wchannels + set; 3254 intf->channels_ready = true; 3255 wake_up(&intf->waitq); 3256 } 3257 } 3258 out: 3259 return; 3260 } 3261 3262 /* 3263 * Must be holding intf->bmc_reg_mutex to call this. 3264 */ 3265 static int __scan_channels(ipmi_smi_t intf, struct ipmi_device_id *id) 3266 { 3267 int rv; 3268 3269 if (ipmi_version_major(id) > 1 3270 || (ipmi_version_major(id) == 1 3271 && ipmi_version_minor(id) >= 5)) { 3272 unsigned int set; 3273 3274 /* 3275 * Start scanning the channels to see what is 3276 * available. 3277 */ 3278 set = !intf->curr_working_cset; 3279 intf->curr_working_cset = set; 3280 memset(&intf->wchannels[set], 0, 3281 sizeof(struct ipmi_channel_set)); 3282 3283 intf->null_user_handler = channel_handler; 3284 intf->curr_channel = 0; 3285 rv = send_channel_info_cmd(intf, 0); 3286 if (rv) { 3287 dev_warn(intf->si_dev, 3288 "Error sending channel information for channel 0, %d\n", 3289 rv); 3290 return -EIO; 3291 } 3292 3293 /* Wait for the channel info to be read. */ 3294 wait_event(intf->waitq, intf->channels_ready); 3295 intf->null_user_handler = NULL; 3296 } else { 3297 unsigned int set = intf->curr_working_cset; 3298 3299 /* Assume a single IPMB channel at zero. */ 3300 intf->wchannels[set].c[0].medium = IPMI_CHANNEL_MEDIUM_IPMB; 3301 intf->wchannels[set].c[0].protocol = IPMI_CHANNEL_PROTOCOL_IPMB; 3302 intf->channel_list = intf->wchannels + set; 3303 intf->channels_ready = true; 3304 } 3305 3306 return 0; 3307 } 3308 3309 static void ipmi_poll(ipmi_smi_t intf) 3310 { 3311 if (intf->handlers->poll) 3312 intf->handlers->poll(intf->send_info); 3313 /* In case something came in */ 3314 handle_new_recv_msgs(intf); 3315 } 3316 3317 void ipmi_poll_interface(ipmi_user_t user) 3318 { 3319 ipmi_poll(user->intf); 3320 } 3321 EXPORT_SYMBOL(ipmi_poll_interface); 3322 3323 static void redo_bmc_reg(struct work_struct *work) 3324 { 3325 ipmi_smi_t intf = container_of(work, struct ipmi_smi, bmc_reg_work); 3326 3327 if (!intf->in_shutdown) 3328 bmc_get_device_id(intf, NULL, NULL, NULL, NULL); 3329 3330 kref_put(&intf->refcount, intf_free); 3331 } 3332 3333 int ipmi_register_smi(const struct ipmi_smi_handlers *handlers, 3334 void *send_info, 3335 struct device *si_dev, 3336 unsigned char slave_addr) 3337 { 3338 int i, j; 3339 int rv; 3340 ipmi_smi_t intf; 3341 ipmi_smi_t tintf; 3342 struct list_head *link; 3343 struct ipmi_device_id id; 3344 3345 /* 3346 * Make sure the driver is actually initialized, this handles 3347 * problems with initialization order. 3348 */ 3349 if (!initialized) { 3350 rv = ipmi_init_msghandler(); 3351 if (rv) 3352 return rv; 3353 /* 3354 * The init code doesn't return an error if it was turned 3355 * off, but it won't initialize. Check that. 3356 */ 3357 if (!initialized) 3358 return -ENODEV; 3359 } 3360 3361 intf = kzalloc(sizeof(*intf), GFP_KERNEL); 3362 if (!intf) 3363 return -ENOMEM; 3364 3365 intf->bmc = &intf->tmp_bmc; 3366 INIT_LIST_HEAD(&intf->bmc->intfs); 3367 mutex_init(&intf->bmc->dyn_mutex); 3368 INIT_LIST_HEAD(&intf->bmc_link); 3369 mutex_init(&intf->bmc_reg_mutex); 3370 intf->intf_num = -1; /* Mark it invalid for now. */ 3371 kref_init(&intf->refcount); 3372 INIT_WORK(&intf->bmc_reg_work, redo_bmc_reg); 3373 intf->si_dev = si_dev; 3374 for (j = 0; j < IPMI_MAX_CHANNELS; j++) { 3375 intf->addrinfo[j].address = IPMI_BMC_SLAVE_ADDR; 3376 intf->addrinfo[j].lun = 2; 3377 } 3378 if (slave_addr != 0) 3379 intf->addrinfo[0].address = slave_addr; 3380 INIT_LIST_HEAD(&intf->users); 3381 intf->handlers = handlers; 3382 intf->send_info = send_info; 3383 spin_lock_init(&intf->seq_lock); 3384 for (j = 0; j < IPMI_IPMB_NUM_SEQ; j++) { 3385 intf->seq_table[j].inuse = 0; 3386 intf->seq_table[j].seqid = 0; 3387 } 3388 intf->curr_seq = 0; 3389 #ifdef CONFIG_IPMI_PROC_INTERFACE 3390 mutex_init(&intf->proc_entry_lock); 3391 #endif 3392 spin_lock_init(&intf->waiting_rcv_msgs_lock); 3393 INIT_LIST_HEAD(&intf->waiting_rcv_msgs); 3394 tasklet_init(&intf->recv_tasklet, 3395 smi_recv_tasklet, 3396 (unsigned long) intf); 3397 atomic_set(&intf->watchdog_pretimeouts_to_deliver, 0); 3398 spin_lock_init(&intf->xmit_msgs_lock); 3399 INIT_LIST_HEAD(&intf->xmit_msgs); 3400 INIT_LIST_HEAD(&intf->hp_xmit_msgs); 3401 spin_lock_init(&intf->events_lock); 3402 atomic_set(&intf->event_waiters, 0); 3403 intf->ticks_to_req_ev = IPMI_REQUEST_EV_TIME; 3404 INIT_LIST_HEAD(&intf->waiting_events); 3405 intf->waiting_events_count = 0; 3406 mutex_init(&intf->cmd_rcvrs_mutex); 3407 spin_lock_init(&intf->maintenance_mode_lock); 3408 INIT_LIST_HEAD(&intf->cmd_rcvrs); 3409 init_waitqueue_head(&intf->waitq); 3410 for (i = 0; i < IPMI_NUM_STATS; i++) 3411 atomic_set(&intf->stats[i], 0); 3412 3413 #ifdef CONFIG_IPMI_PROC_INTERFACE 3414 intf->proc_dir = NULL; 3415 #endif 3416 3417 mutex_lock(&smi_watchers_mutex); 3418 mutex_lock(&ipmi_interfaces_mutex); 3419 /* Look for a hole in the numbers. */ 3420 i = 0; 3421 link = &ipmi_interfaces; 3422 list_for_each_entry_rcu(tintf, &ipmi_interfaces, link) { 3423 if (tintf->intf_num != i) { 3424 link = &tintf->link; 3425 break; 3426 } 3427 i++; 3428 } 3429 /* Add the new interface in numeric order. */ 3430 if (i == 0) 3431 list_add_rcu(&intf->link, &ipmi_interfaces); 3432 else 3433 list_add_tail_rcu(&intf->link, link); 3434 3435 rv = handlers->start_processing(send_info, intf); 3436 if (rv) 3437 goto out; 3438 3439 rv = __bmc_get_device_id(intf, NULL, &id, NULL, NULL, i); 3440 if (rv) { 3441 dev_err(si_dev, "Unable to get the device id: %d\n", rv); 3442 goto out; 3443 } 3444 3445 mutex_lock(&intf->bmc_reg_mutex); 3446 rv = __scan_channels(intf, &id); 3447 mutex_unlock(&intf->bmc_reg_mutex); 3448 if (rv) 3449 goto out; 3450 3451 #ifdef CONFIG_IPMI_PROC_INTERFACE 3452 rv = add_proc_entries(intf, i); 3453 #endif 3454 3455 out: 3456 if (rv) { 3457 ipmi_bmc_unregister(intf); 3458 #ifdef CONFIG_IPMI_PROC_INTERFACE 3459 if (intf->proc_dir) 3460 remove_proc_entries(intf); 3461 #endif 3462 intf->handlers = NULL; 3463 list_del_rcu(&intf->link); 3464 mutex_unlock(&ipmi_interfaces_mutex); 3465 mutex_unlock(&smi_watchers_mutex); 3466 synchronize_rcu(); 3467 kref_put(&intf->refcount, intf_free); 3468 } else { 3469 /* 3470 * Keep memory order straight for RCU readers. Make 3471 * sure everything else is committed to memory before 3472 * setting intf_num to mark the interface valid. 3473 */ 3474 smp_wmb(); 3475 intf->intf_num = i; 3476 mutex_unlock(&ipmi_interfaces_mutex); 3477 /* After this point the interface is legal to use. */ 3478 call_smi_watchers(i, intf->si_dev); 3479 mutex_unlock(&smi_watchers_mutex); 3480 } 3481 3482 return rv; 3483 } 3484 EXPORT_SYMBOL(ipmi_register_smi); 3485 3486 static void deliver_smi_err_response(ipmi_smi_t intf, 3487 struct ipmi_smi_msg *msg, 3488 unsigned char err) 3489 { 3490 msg->rsp[0] = msg->data[0] | 4; 3491 msg->rsp[1] = msg->data[1]; 3492 msg->rsp[2] = err; 3493 msg->rsp_size = 3; 3494 /* It's an error, so it will never requeue, no need to check return. */ 3495 handle_one_recv_msg(intf, msg); 3496 } 3497 3498 static void cleanup_smi_msgs(ipmi_smi_t intf) 3499 { 3500 int i; 3501 struct seq_table *ent; 3502 struct ipmi_smi_msg *msg; 3503 struct list_head *entry; 3504 struct list_head tmplist; 3505 3506 /* Clear out our transmit queues and hold the messages. */ 3507 INIT_LIST_HEAD(&tmplist); 3508 list_splice_tail(&intf->hp_xmit_msgs, &tmplist); 3509 list_splice_tail(&intf->xmit_msgs, &tmplist); 3510 3511 /* Current message first, to preserve order */ 3512 while (intf->curr_msg && !list_empty(&intf->waiting_rcv_msgs)) { 3513 /* Wait for the message to clear out. */ 3514 schedule_timeout(1); 3515 } 3516 3517 /* No need for locks, the interface is down. */ 3518 3519 /* 3520 * Return errors for all pending messages in queue and in the 3521 * tables waiting for remote responses. 3522 */ 3523 while (!list_empty(&tmplist)) { 3524 entry = tmplist.next; 3525 list_del(entry); 3526 msg = list_entry(entry, struct ipmi_smi_msg, link); 3527 deliver_smi_err_response(intf, msg, IPMI_ERR_UNSPECIFIED); 3528 } 3529 3530 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) { 3531 ent = &(intf->seq_table[i]); 3532 if (!ent->inuse) 3533 continue; 3534 deliver_err_response(ent->recv_msg, IPMI_ERR_UNSPECIFIED); 3535 } 3536 } 3537 3538 int ipmi_unregister_smi(ipmi_smi_t intf) 3539 { 3540 struct ipmi_smi_watcher *w; 3541 int intf_num = intf->intf_num; 3542 ipmi_user_t user; 3543 3544 mutex_lock(&smi_watchers_mutex); 3545 mutex_lock(&ipmi_interfaces_mutex); 3546 intf->intf_num = -1; 3547 intf->in_shutdown = true; 3548 list_del_rcu(&intf->link); 3549 mutex_unlock(&ipmi_interfaces_mutex); 3550 synchronize_rcu(); 3551 3552 cleanup_smi_msgs(intf); 3553 3554 /* Clean up the effects of users on the lower-level software. */ 3555 mutex_lock(&ipmi_interfaces_mutex); 3556 rcu_read_lock(); 3557 list_for_each_entry_rcu(user, &intf->users, link) { 3558 module_put(intf->handlers->owner); 3559 if (intf->handlers->dec_usecount) 3560 intf->handlers->dec_usecount(intf->send_info); 3561 } 3562 rcu_read_unlock(); 3563 intf->handlers = NULL; 3564 mutex_unlock(&ipmi_interfaces_mutex); 3565 3566 #ifdef CONFIG_IPMI_PROC_INTERFACE 3567 remove_proc_entries(intf); 3568 #endif 3569 ipmi_bmc_unregister(intf); 3570 3571 /* 3572 * Call all the watcher interfaces to tell them that 3573 * an interface is gone. 3574 */ 3575 list_for_each_entry(w, &smi_watchers, link) 3576 w->smi_gone(intf_num); 3577 mutex_unlock(&smi_watchers_mutex); 3578 3579 kref_put(&intf->refcount, intf_free); 3580 return 0; 3581 } 3582 EXPORT_SYMBOL(ipmi_unregister_smi); 3583 3584 static int handle_ipmb_get_msg_rsp(ipmi_smi_t intf, 3585 struct ipmi_smi_msg *msg) 3586 { 3587 struct ipmi_ipmb_addr ipmb_addr; 3588 struct ipmi_recv_msg *recv_msg; 3589 3590 /* 3591 * This is 11, not 10, because the response must contain a 3592 * completion code. 3593 */ 3594 if (msg->rsp_size < 11) { 3595 /* Message not big enough, just ignore it. */ 3596 ipmi_inc_stat(intf, invalid_ipmb_responses); 3597 return 0; 3598 } 3599 3600 if (msg->rsp[2] != 0) { 3601 /* An error getting the response, just ignore it. */ 3602 return 0; 3603 } 3604 3605 ipmb_addr.addr_type = IPMI_IPMB_ADDR_TYPE; 3606 ipmb_addr.slave_addr = msg->rsp[6]; 3607 ipmb_addr.channel = msg->rsp[3] & 0x0f; 3608 ipmb_addr.lun = msg->rsp[7] & 3; 3609 3610 /* 3611 * It's a response from a remote entity. Look up the sequence 3612 * number and handle the response. 3613 */ 3614 if (intf_find_seq(intf, 3615 msg->rsp[7] >> 2, 3616 msg->rsp[3] & 0x0f, 3617 msg->rsp[8], 3618 (msg->rsp[4] >> 2) & (~1), 3619 (struct ipmi_addr *) &(ipmb_addr), 3620 &recv_msg)) { 3621 /* 3622 * We were unable to find the sequence number, 3623 * so just nuke the message. 3624 */ 3625 ipmi_inc_stat(intf, unhandled_ipmb_responses); 3626 return 0; 3627 } 3628 3629 memcpy(recv_msg->msg_data, 3630 &(msg->rsp[9]), 3631 msg->rsp_size - 9); 3632 /* 3633 * The other fields matched, so no need to set them, except 3634 * for netfn, which needs to be the response that was 3635 * returned, not the request value. 3636 */ 3637 recv_msg->msg.netfn = msg->rsp[4] >> 2; 3638 recv_msg->msg.data = recv_msg->msg_data; 3639 recv_msg->msg.data_len = msg->rsp_size - 10; 3640 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 3641 ipmi_inc_stat(intf, handled_ipmb_responses); 3642 deliver_response(recv_msg); 3643 3644 return 0; 3645 } 3646 3647 static int handle_ipmb_get_msg_cmd(ipmi_smi_t intf, 3648 struct ipmi_smi_msg *msg) 3649 { 3650 struct cmd_rcvr *rcvr; 3651 int rv = 0; 3652 unsigned char netfn; 3653 unsigned char cmd; 3654 unsigned char chan; 3655 ipmi_user_t user = NULL; 3656 struct ipmi_ipmb_addr *ipmb_addr; 3657 struct ipmi_recv_msg *recv_msg; 3658 3659 if (msg->rsp_size < 10) { 3660 /* Message not big enough, just ignore it. */ 3661 ipmi_inc_stat(intf, invalid_commands); 3662 return 0; 3663 } 3664 3665 if (msg->rsp[2] != 0) { 3666 /* An error getting the response, just ignore it. */ 3667 return 0; 3668 } 3669 3670 netfn = msg->rsp[4] >> 2; 3671 cmd = msg->rsp[8]; 3672 chan = msg->rsp[3] & 0xf; 3673 3674 rcu_read_lock(); 3675 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan); 3676 if (rcvr) { 3677 user = rcvr->user; 3678 kref_get(&user->refcount); 3679 } else 3680 user = NULL; 3681 rcu_read_unlock(); 3682 3683 if (user == NULL) { 3684 /* We didn't find a user, deliver an error response. */ 3685 ipmi_inc_stat(intf, unhandled_commands); 3686 3687 msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2); 3688 msg->data[1] = IPMI_SEND_MSG_CMD; 3689 msg->data[2] = msg->rsp[3]; 3690 msg->data[3] = msg->rsp[6]; 3691 msg->data[4] = ((netfn + 1) << 2) | (msg->rsp[7] & 0x3); 3692 msg->data[5] = ipmb_checksum(&(msg->data[3]), 2); 3693 msg->data[6] = intf->addrinfo[msg->rsp[3] & 0xf].address; 3694 /* rqseq/lun */ 3695 msg->data[7] = (msg->rsp[7] & 0xfc) | (msg->rsp[4] & 0x3); 3696 msg->data[8] = msg->rsp[8]; /* cmd */ 3697 msg->data[9] = IPMI_INVALID_CMD_COMPLETION_CODE; 3698 msg->data[10] = ipmb_checksum(&(msg->data[6]), 4); 3699 msg->data_size = 11; 3700 3701 #ifdef DEBUG_MSGING 3702 { 3703 int m; 3704 printk("Invalid command:"); 3705 for (m = 0; m < msg->data_size; m++) 3706 printk(" %2.2x", msg->data[m]); 3707 printk("\n"); 3708 } 3709 #endif 3710 rcu_read_lock(); 3711 if (!intf->in_shutdown) { 3712 smi_send(intf, intf->handlers, msg, 0); 3713 /* 3714 * We used the message, so return the value 3715 * that causes it to not be freed or 3716 * queued. 3717 */ 3718 rv = -1; 3719 } 3720 rcu_read_unlock(); 3721 } else { 3722 /* Deliver the message to the user. */ 3723 ipmi_inc_stat(intf, handled_commands); 3724 3725 recv_msg = ipmi_alloc_recv_msg(); 3726 if (!recv_msg) { 3727 /* 3728 * We couldn't allocate memory for the 3729 * message, so requeue it for handling 3730 * later. 3731 */ 3732 rv = 1; 3733 kref_put(&user->refcount, free_user); 3734 } else { 3735 /* Extract the source address from the data. */ 3736 ipmb_addr = (struct ipmi_ipmb_addr *) &recv_msg->addr; 3737 ipmb_addr->addr_type = IPMI_IPMB_ADDR_TYPE; 3738 ipmb_addr->slave_addr = msg->rsp[6]; 3739 ipmb_addr->lun = msg->rsp[7] & 3; 3740 ipmb_addr->channel = msg->rsp[3] & 0xf; 3741 3742 /* 3743 * Extract the rest of the message information 3744 * from the IPMB header. 3745 */ 3746 recv_msg->user = user; 3747 recv_msg->recv_type = IPMI_CMD_RECV_TYPE; 3748 recv_msg->msgid = msg->rsp[7] >> 2; 3749 recv_msg->msg.netfn = msg->rsp[4] >> 2; 3750 recv_msg->msg.cmd = msg->rsp[8]; 3751 recv_msg->msg.data = recv_msg->msg_data; 3752 3753 /* 3754 * We chop off 10, not 9 bytes because the checksum 3755 * at the end also needs to be removed. 3756 */ 3757 recv_msg->msg.data_len = msg->rsp_size - 10; 3758 memcpy(recv_msg->msg_data, 3759 &(msg->rsp[9]), 3760 msg->rsp_size - 10); 3761 deliver_response(recv_msg); 3762 } 3763 } 3764 3765 return rv; 3766 } 3767 3768 static int handle_lan_get_msg_rsp(ipmi_smi_t intf, 3769 struct ipmi_smi_msg *msg) 3770 { 3771 struct ipmi_lan_addr lan_addr; 3772 struct ipmi_recv_msg *recv_msg; 3773 3774 3775 /* 3776 * This is 13, not 12, because the response must contain a 3777 * completion code. 3778 */ 3779 if (msg->rsp_size < 13) { 3780 /* Message not big enough, just ignore it. */ 3781 ipmi_inc_stat(intf, invalid_lan_responses); 3782 return 0; 3783 } 3784 3785 if (msg->rsp[2] != 0) { 3786 /* An error getting the response, just ignore it. */ 3787 return 0; 3788 } 3789 3790 lan_addr.addr_type = IPMI_LAN_ADDR_TYPE; 3791 lan_addr.session_handle = msg->rsp[4]; 3792 lan_addr.remote_SWID = msg->rsp[8]; 3793 lan_addr.local_SWID = msg->rsp[5]; 3794 lan_addr.channel = msg->rsp[3] & 0x0f; 3795 lan_addr.privilege = msg->rsp[3] >> 4; 3796 lan_addr.lun = msg->rsp[9] & 3; 3797 3798 /* 3799 * It's a response from a remote entity. Look up the sequence 3800 * number and handle the response. 3801 */ 3802 if (intf_find_seq(intf, 3803 msg->rsp[9] >> 2, 3804 msg->rsp[3] & 0x0f, 3805 msg->rsp[10], 3806 (msg->rsp[6] >> 2) & (~1), 3807 (struct ipmi_addr *) &(lan_addr), 3808 &recv_msg)) { 3809 /* 3810 * We were unable to find the sequence number, 3811 * so just nuke the message. 3812 */ 3813 ipmi_inc_stat(intf, unhandled_lan_responses); 3814 return 0; 3815 } 3816 3817 memcpy(recv_msg->msg_data, 3818 &(msg->rsp[11]), 3819 msg->rsp_size - 11); 3820 /* 3821 * The other fields matched, so no need to set them, except 3822 * for netfn, which needs to be the response that was 3823 * returned, not the request value. 3824 */ 3825 recv_msg->msg.netfn = msg->rsp[6] >> 2; 3826 recv_msg->msg.data = recv_msg->msg_data; 3827 recv_msg->msg.data_len = msg->rsp_size - 12; 3828 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 3829 ipmi_inc_stat(intf, handled_lan_responses); 3830 deliver_response(recv_msg); 3831 3832 return 0; 3833 } 3834 3835 static int handle_lan_get_msg_cmd(ipmi_smi_t intf, 3836 struct ipmi_smi_msg *msg) 3837 { 3838 struct cmd_rcvr *rcvr; 3839 int rv = 0; 3840 unsigned char netfn; 3841 unsigned char cmd; 3842 unsigned char chan; 3843 ipmi_user_t user = NULL; 3844 struct ipmi_lan_addr *lan_addr; 3845 struct ipmi_recv_msg *recv_msg; 3846 3847 if (msg->rsp_size < 12) { 3848 /* Message not big enough, just ignore it. */ 3849 ipmi_inc_stat(intf, invalid_commands); 3850 return 0; 3851 } 3852 3853 if (msg->rsp[2] != 0) { 3854 /* An error getting the response, just ignore it. */ 3855 return 0; 3856 } 3857 3858 netfn = msg->rsp[6] >> 2; 3859 cmd = msg->rsp[10]; 3860 chan = msg->rsp[3] & 0xf; 3861 3862 rcu_read_lock(); 3863 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan); 3864 if (rcvr) { 3865 user = rcvr->user; 3866 kref_get(&user->refcount); 3867 } else 3868 user = NULL; 3869 rcu_read_unlock(); 3870 3871 if (user == NULL) { 3872 /* We didn't find a user, just give up. */ 3873 ipmi_inc_stat(intf, unhandled_commands); 3874 3875 /* 3876 * Don't do anything with these messages, just allow 3877 * them to be freed. 3878 */ 3879 rv = 0; 3880 } else { 3881 /* Deliver the message to the user. */ 3882 ipmi_inc_stat(intf, handled_commands); 3883 3884 recv_msg = ipmi_alloc_recv_msg(); 3885 if (!recv_msg) { 3886 /* 3887 * We couldn't allocate memory for the 3888 * message, so requeue it for handling later. 3889 */ 3890 rv = 1; 3891 kref_put(&user->refcount, free_user); 3892 } else { 3893 /* Extract the source address from the data. */ 3894 lan_addr = (struct ipmi_lan_addr *) &recv_msg->addr; 3895 lan_addr->addr_type = IPMI_LAN_ADDR_TYPE; 3896 lan_addr->session_handle = msg->rsp[4]; 3897 lan_addr->remote_SWID = msg->rsp[8]; 3898 lan_addr->local_SWID = msg->rsp[5]; 3899 lan_addr->lun = msg->rsp[9] & 3; 3900 lan_addr->channel = msg->rsp[3] & 0xf; 3901 lan_addr->privilege = msg->rsp[3] >> 4; 3902 3903 /* 3904 * Extract the rest of the message information 3905 * from the IPMB header. 3906 */ 3907 recv_msg->user = user; 3908 recv_msg->recv_type = IPMI_CMD_RECV_TYPE; 3909 recv_msg->msgid = msg->rsp[9] >> 2; 3910 recv_msg->msg.netfn = msg->rsp[6] >> 2; 3911 recv_msg->msg.cmd = msg->rsp[10]; 3912 recv_msg->msg.data = recv_msg->msg_data; 3913 3914 /* 3915 * We chop off 12, not 11 bytes because the checksum 3916 * at the end also needs to be removed. 3917 */ 3918 recv_msg->msg.data_len = msg->rsp_size - 12; 3919 memcpy(recv_msg->msg_data, 3920 &(msg->rsp[11]), 3921 msg->rsp_size - 12); 3922 deliver_response(recv_msg); 3923 } 3924 } 3925 3926 return rv; 3927 } 3928 3929 /* 3930 * This routine will handle "Get Message" command responses with 3931 * channels that use an OEM Medium. The message format belongs to 3932 * the OEM. See IPMI 2.0 specification, Chapter 6 and 3933 * Chapter 22, sections 22.6 and 22.24 for more details. 3934 */ 3935 static int handle_oem_get_msg_cmd(ipmi_smi_t intf, 3936 struct ipmi_smi_msg *msg) 3937 { 3938 struct cmd_rcvr *rcvr; 3939 int rv = 0; 3940 unsigned char netfn; 3941 unsigned char cmd; 3942 unsigned char chan; 3943 ipmi_user_t user = NULL; 3944 struct ipmi_system_interface_addr *smi_addr; 3945 struct ipmi_recv_msg *recv_msg; 3946 3947 /* 3948 * We expect the OEM SW to perform error checking 3949 * so we just do some basic sanity checks 3950 */ 3951 if (msg->rsp_size < 4) { 3952 /* Message not big enough, just ignore it. */ 3953 ipmi_inc_stat(intf, invalid_commands); 3954 return 0; 3955 } 3956 3957 if (msg->rsp[2] != 0) { 3958 /* An error getting the response, just ignore it. */ 3959 return 0; 3960 } 3961 3962 /* 3963 * This is an OEM Message so the OEM needs to know how 3964 * handle the message. We do no interpretation. 3965 */ 3966 netfn = msg->rsp[0] >> 2; 3967 cmd = msg->rsp[1]; 3968 chan = msg->rsp[3] & 0xf; 3969 3970 rcu_read_lock(); 3971 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan); 3972 if (rcvr) { 3973 user = rcvr->user; 3974 kref_get(&user->refcount); 3975 } else 3976 user = NULL; 3977 rcu_read_unlock(); 3978 3979 if (user == NULL) { 3980 /* We didn't find a user, just give up. */ 3981 ipmi_inc_stat(intf, unhandled_commands); 3982 3983 /* 3984 * Don't do anything with these messages, just allow 3985 * them to be freed. 3986 */ 3987 3988 rv = 0; 3989 } else { 3990 /* Deliver the message to the user. */ 3991 ipmi_inc_stat(intf, handled_commands); 3992 3993 recv_msg = ipmi_alloc_recv_msg(); 3994 if (!recv_msg) { 3995 /* 3996 * We couldn't allocate memory for the 3997 * message, so requeue it for handling 3998 * later. 3999 */ 4000 rv = 1; 4001 kref_put(&user->refcount, free_user); 4002 } else { 4003 /* 4004 * OEM Messages are expected to be delivered via 4005 * the system interface to SMS software. We might 4006 * need to visit this again depending on OEM 4007 * requirements 4008 */ 4009 smi_addr = ((struct ipmi_system_interface_addr *) 4010 &(recv_msg->addr)); 4011 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 4012 smi_addr->channel = IPMI_BMC_CHANNEL; 4013 smi_addr->lun = msg->rsp[0] & 3; 4014 4015 recv_msg->user = user; 4016 recv_msg->user_msg_data = NULL; 4017 recv_msg->recv_type = IPMI_OEM_RECV_TYPE; 4018 recv_msg->msg.netfn = msg->rsp[0] >> 2; 4019 recv_msg->msg.cmd = msg->rsp[1]; 4020 recv_msg->msg.data = recv_msg->msg_data; 4021 4022 /* 4023 * The message starts at byte 4 which follows the 4024 * the Channel Byte in the "GET MESSAGE" command 4025 */ 4026 recv_msg->msg.data_len = msg->rsp_size - 4; 4027 memcpy(recv_msg->msg_data, 4028 &(msg->rsp[4]), 4029 msg->rsp_size - 4); 4030 deliver_response(recv_msg); 4031 } 4032 } 4033 4034 return rv; 4035 } 4036 4037 static void copy_event_into_recv_msg(struct ipmi_recv_msg *recv_msg, 4038 struct ipmi_smi_msg *msg) 4039 { 4040 struct ipmi_system_interface_addr *smi_addr; 4041 4042 recv_msg->msgid = 0; 4043 smi_addr = (struct ipmi_system_interface_addr *) &(recv_msg->addr); 4044 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 4045 smi_addr->channel = IPMI_BMC_CHANNEL; 4046 smi_addr->lun = msg->rsp[0] & 3; 4047 recv_msg->recv_type = IPMI_ASYNC_EVENT_RECV_TYPE; 4048 recv_msg->msg.netfn = msg->rsp[0] >> 2; 4049 recv_msg->msg.cmd = msg->rsp[1]; 4050 memcpy(recv_msg->msg_data, &(msg->rsp[3]), msg->rsp_size - 3); 4051 recv_msg->msg.data = recv_msg->msg_data; 4052 recv_msg->msg.data_len = msg->rsp_size - 3; 4053 } 4054 4055 static int handle_read_event_rsp(ipmi_smi_t intf, 4056 struct ipmi_smi_msg *msg) 4057 { 4058 struct ipmi_recv_msg *recv_msg, *recv_msg2; 4059 struct list_head msgs; 4060 ipmi_user_t user; 4061 int rv = 0; 4062 int deliver_count = 0; 4063 unsigned long flags; 4064 4065 if (msg->rsp_size < 19) { 4066 /* Message is too small to be an IPMB event. */ 4067 ipmi_inc_stat(intf, invalid_events); 4068 return 0; 4069 } 4070 4071 if (msg->rsp[2] != 0) { 4072 /* An error getting the event, just ignore it. */ 4073 return 0; 4074 } 4075 4076 INIT_LIST_HEAD(&msgs); 4077 4078 spin_lock_irqsave(&intf->events_lock, flags); 4079 4080 ipmi_inc_stat(intf, events); 4081 4082 /* 4083 * Allocate and fill in one message for every user that is 4084 * getting events. 4085 */ 4086 rcu_read_lock(); 4087 list_for_each_entry_rcu(user, &intf->users, link) { 4088 if (!user->gets_events) 4089 continue; 4090 4091 recv_msg = ipmi_alloc_recv_msg(); 4092 if (!recv_msg) { 4093 rcu_read_unlock(); 4094 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, 4095 link) { 4096 list_del(&recv_msg->link); 4097 ipmi_free_recv_msg(recv_msg); 4098 } 4099 /* 4100 * We couldn't allocate memory for the 4101 * message, so requeue it for handling 4102 * later. 4103 */ 4104 rv = 1; 4105 goto out; 4106 } 4107 4108 deliver_count++; 4109 4110 copy_event_into_recv_msg(recv_msg, msg); 4111 recv_msg->user = user; 4112 kref_get(&user->refcount); 4113 list_add_tail(&(recv_msg->link), &msgs); 4114 } 4115 rcu_read_unlock(); 4116 4117 if (deliver_count) { 4118 /* Now deliver all the messages. */ 4119 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) { 4120 list_del(&recv_msg->link); 4121 deliver_response(recv_msg); 4122 } 4123 } else if (intf->waiting_events_count < MAX_EVENTS_IN_QUEUE) { 4124 /* 4125 * No one to receive the message, put it in queue if there's 4126 * not already too many things in the queue. 4127 */ 4128 recv_msg = ipmi_alloc_recv_msg(); 4129 if (!recv_msg) { 4130 /* 4131 * We couldn't allocate memory for the 4132 * message, so requeue it for handling 4133 * later. 4134 */ 4135 rv = 1; 4136 goto out; 4137 } 4138 4139 copy_event_into_recv_msg(recv_msg, msg); 4140 list_add_tail(&(recv_msg->link), &(intf->waiting_events)); 4141 intf->waiting_events_count++; 4142 } else if (!intf->event_msg_printed) { 4143 /* 4144 * There's too many things in the queue, discard this 4145 * message. 4146 */ 4147 dev_warn(intf->si_dev, 4148 PFX "Event queue full, discarding incoming events\n"); 4149 intf->event_msg_printed = 1; 4150 } 4151 4152 out: 4153 spin_unlock_irqrestore(&(intf->events_lock), flags); 4154 4155 return rv; 4156 } 4157 4158 static int handle_bmc_rsp(ipmi_smi_t intf, 4159 struct ipmi_smi_msg *msg) 4160 { 4161 struct ipmi_recv_msg *recv_msg; 4162 struct ipmi_user *user; 4163 4164 recv_msg = (struct ipmi_recv_msg *) msg->user_data; 4165 if (recv_msg == NULL) { 4166 dev_warn(intf->si_dev, 4167 "IPMI message received with no owner. This could be because of a malformed message, or because of a hardware error. Contact your hardware vender for assistance\n"); 4168 return 0; 4169 } 4170 4171 user = recv_msg->user; 4172 /* Make sure the user still exists. */ 4173 if (user && !user->valid) { 4174 /* The user for the message went away, so give up. */ 4175 ipmi_inc_stat(intf, unhandled_local_responses); 4176 ipmi_free_recv_msg(recv_msg); 4177 } else { 4178 struct ipmi_system_interface_addr *smi_addr; 4179 4180 ipmi_inc_stat(intf, handled_local_responses); 4181 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 4182 recv_msg->msgid = msg->msgid; 4183 smi_addr = ((struct ipmi_system_interface_addr *) 4184 &(recv_msg->addr)); 4185 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 4186 smi_addr->channel = IPMI_BMC_CHANNEL; 4187 smi_addr->lun = msg->rsp[0] & 3; 4188 recv_msg->msg.netfn = msg->rsp[0] >> 2; 4189 recv_msg->msg.cmd = msg->rsp[1]; 4190 memcpy(recv_msg->msg_data, 4191 &(msg->rsp[2]), 4192 msg->rsp_size - 2); 4193 recv_msg->msg.data = recv_msg->msg_data; 4194 recv_msg->msg.data_len = msg->rsp_size - 2; 4195 deliver_response(recv_msg); 4196 } 4197 4198 return 0; 4199 } 4200 4201 /* 4202 * Handle a received message. Return 1 if the message should be requeued, 4203 * 0 if the message should be freed, or -1 if the message should not 4204 * be freed or requeued. 4205 */ 4206 static int handle_one_recv_msg(ipmi_smi_t intf, 4207 struct ipmi_smi_msg *msg) 4208 { 4209 int requeue; 4210 int chan; 4211 4212 #ifdef DEBUG_MSGING 4213 int m; 4214 printk("Recv:"); 4215 for (m = 0; m < msg->rsp_size; m++) 4216 printk(" %2.2x", msg->rsp[m]); 4217 printk("\n"); 4218 #endif 4219 if (msg->rsp_size < 2) { 4220 /* Message is too small to be correct. */ 4221 dev_warn(intf->si_dev, 4222 PFX "BMC returned to small a message for netfn %x cmd %x, got %d bytes\n", 4223 (msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size); 4224 4225 /* Generate an error response for the message. */ 4226 msg->rsp[0] = msg->data[0] | (1 << 2); 4227 msg->rsp[1] = msg->data[1]; 4228 msg->rsp[2] = IPMI_ERR_UNSPECIFIED; 4229 msg->rsp_size = 3; 4230 } else if (((msg->rsp[0] >> 2) != ((msg->data[0] >> 2) | 1)) 4231 || (msg->rsp[1] != msg->data[1])) { 4232 /* 4233 * The NetFN and Command in the response is not even 4234 * marginally correct. 4235 */ 4236 dev_warn(intf->si_dev, 4237 PFX "BMC returned incorrect response, expected netfn %x cmd %x, got netfn %x cmd %x\n", 4238 (msg->data[0] >> 2) | 1, msg->data[1], 4239 msg->rsp[0] >> 2, msg->rsp[1]); 4240 4241 /* Generate an error response for the message. */ 4242 msg->rsp[0] = msg->data[0] | (1 << 2); 4243 msg->rsp[1] = msg->data[1]; 4244 msg->rsp[2] = IPMI_ERR_UNSPECIFIED; 4245 msg->rsp_size = 3; 4246 } 4247 4248 if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2)) 4249 && (msg->rsp[1] == IPMI_SEND_MSG_CMD) 4250 && (msg->user_data != NULL)) { 4251 /* 4252 * It's a response to a response we sent. For this we 4253 * deliver a send message response to the user. 4254 */ 4255 struct ipmi_recv_msg *recv_msg = msg->user_data; 4256 4257 requeue = 0; 4258 if (msg->rsp_size < 2) 4259 /* Message is too small to be correct. */ 4260 goto out; 4261 4262 chan = msg->data[2] & 0x0f; 4263 if (chan >= IPMI_MAX_CHANNELS) 4264 /* Invalid channel number */ 4265 goto out; 4266 4267 if (!recv_msg) 4268 goto out; 4269 4270 /* Make sure the user still exists. */ 4271 if (!recv_msg->user || !recv_msg->user->valid) 4272 goto out; 4273 4274 recv_msg->recv_type = IPMI_RESPONSE_RESPONSE_TYPE; 4275 recv_msg->msg.data = recv_msg->msg_data; 4276 recv_msg->msg.data_len = 1; 4277 recv_msg->msg_data[0] = msg->rsp[2]; 4278 deliver_response(recv_msg); 4279 } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2)) 4280 && (msg->rsp[1] == IPMI_GET_MSG_CMD)) { 4281 struct ipmi_channel *chans; 4282 4283 /* It's from the receive queue. */ 4284 chan = msg->rsp[3] & 0xf; 4285 if (chan >= IPMI_MAX_CHANNELS) { 4286 /* Invalid channel number */ 4287 requeue = 0; 4288 goto out; 4289 } 4290 4291 /* 4292 * We need to make sure the channels have been initialized. 4293 * The channel_handler routine will set the "curr_channel" 4294 * equal to or greater than IPMI_MAX_CHANNELS when all the 4295 * channels for this interface have been initialized. 4296 */ 4297 if (!intf->channels_ready) { 4298 requeue = 0; /* Throw the message away */ 4299 goto out; 4300 } 4301 4302 chans = READ_ONCE(intf->channel_list)->c; 4303 4304 switch (chans[chan].medium) { 4305 case IPMI_CHANNEL_MEDIUM_IPMB: 4306 if (msg->rsp[4] & 0x04) { 4307 /* 4308 * It's a response, so find the 4309 * requesting message and send it up. 4310 */ 4311 requeue = handle_ipmb_get_msg_rsp(intf, msg); 4312 } else { 4313 /* 4314 * It's a command to the SMS from some other 4315 * entity. Handle that. 4316 */ 4317 requeue = handle_ipmb_get_msg_cmd(intf, msg); 4318 } 4319 break; 4320 4321 case IPMI_CHANNEL_MEDIUM_8023LAN: 4322 case IPMI_CHANNEL_MEDIUM_ASYNC: 4323 if (msg->rsp[6] & 0x04) { 4324 /* 4325 * It's a response, so find the 4326 * requesting message and send it up. 4327 */ 4328 requeue = handle_lan_get_msg_rsp(intf, msg); 4329 } else { 4330 /* 4331 * It's a command to the SMS from some other 4332 * entity. Handle that. 4333 */ 4334 requeue = handle_lan_get_msg_cmd(intf, msg); 4335 } 4336 break; 4337 4338 default: 4339 /* Check for OEM Channels. Clients had better 4340 register for these commands. */ 4341 if ((chans[chan].medium >= IPMI_CHANNEL_MEDIUM_OEM_MIN) 4342 && (chans[chan].medium 4343 <= IPMI_CHANNEL_MEDIUM_OEM_MAX)) { 4344 requeue = handle_oem_get_msg_cmd(intf, msg); 4345 } else { 4346 /* 4347 * We don't handle the channel type, so just 4348 * free the message. 4349 */ 4350 requeue = 0; 4351 } 4352 } 4353 4354 } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2)) 4355 && (msg->rsp[1] == IPMI_READ_EVENT_MSG_BUFFER_CMD)) { 4356 /* It's an asynchronous event. */ 4357 requeue = handle_read_event_rsp(intf, msg); 4358 } else { 4359 /* It's a response from the local BMC. */ 4360 requeue = handle_bmc_rsp(intf, msg); 4361 } 4362 4363 out: 4364 return requeue; 4365 } 4366 4367 /* 4368 * If there are messages in the queue or pretimeouts, handle them. 4369 */ 4370 static void handle_new_recv_msgs(ipmi_smi_t intf) 4371 { 4372 struct ipmi_smi_msg *smi_msg; 4373 unsigned long flags = 0; 4374 int rv; 4375 int run_to_completion = intf->run_to_completion; 4376 4377 /* See if any waiting messages need to be processed. */ 4378 if (!run_to_completion) 4379 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags); 4380 while (!list_empty(&intf->waiting_rcv_msgs)) { 4381 smi_msg = list_entry(intf->waiting_rcv_msgs.next, 4382 struct ipmi_smi_msg, link); 4383 list_del(&smi_msg->link); 4384 if (!run_to_completion) 4385 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock, 4386 flags); 4387 rv = handle_one_recv_msg(intf, smi_msg); 4388 if (!run_to_completion) 4389 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags); 4390 if (rv > 0) { 4391 /* 4392 * To preserve message order, quit if we 4393 * can't handle a message. Add the message 4394 * back at the head, this is safe because this 4395 * tasklet is the only thing that pulls the 4396 * messages. 4397 */ 4398 list_add(&smi_msg->link, &intf->waiting_rcv_msgs); 4399 break; 4400 } else { 4401 if (rv == 0) 4402 /* Message handled */ 4403 ipmi_free_smi_msg(smi_msg); 4404 /* If rv < 0, fatal error, del but don't free. */ 4405 } 4406 } 4407 if (!run_to_completion) 4408 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock, flags); 4409 4410 /* 4411 * If the pretimout count is non-zero, decrement one from it and 4412 * deliver pretimeouts to all the users. 4413 */ 4414 if (atomic_add_unless(&intf->watchdog_pretimeouts_to_deliver, -1, 0)) { 4415 ipmi_user_t user; 4416 4417 rcu_read_lock(); 4418 list_for_each_entry_rcu(user, &intf->users, link) { 4419 if (user->handler->ipmi_watchdog_pretimeout) 4420 user->handler->ipmi_watchdog_pretimeout( 4421 user->handler_data); 4422 } 4423 rcu_read_unlock(); 4424 } 4425 } 4426 4427 static void smi_recv_tasklet(unsigned long val) 4428 { 4429 unsigned long flags = 0; /* keep us warning-free. */ 4430 ipmi_smi_t intf = (ipmi_smi_t) val; 4431 int run_to_completion = intf->run_to_completion; 4432 struct ipmi_smi_msg *newmsg = NULL; 4433 4434 /* 4435 * Start the next message if available. 4436 * 4437 * Do this here, not in the actual receiver, because we may deadlock 4438 * because the lower layer is allowed to hold locks while calling 4439 * message delivery. 4440 */ 4441 4442 rcu_read_lock(); 4443 4444 if (!run_to_completion) 4445 spin_lock_irqsave(&intf->xmit_msgs_lock, flags); 4446 if (intf->curr_msg == NULL && !intf->in_shutdown) { 4447 struct list_head *entry = NULL; 4448 4449 /* Pick the high priority queue first. */ 4450 if (!list_empty(&intf->hp_xmit_msgs)) 4451 entry = intf->hp_xmit_msgs.next; 4452 else if (!list_empty(&intf->xmit_msgs)) 4453 entry = intf->xmit_msgs.next; 4454 4455 if (entry) { 4456 list_del(entry); 4457 newmsg = list_entry(entry, struct ipmi_smi_msg, link); 4458 intf->curr_msg = newmsg; 4459 } 4460 } 4461 if (!run_to_completion) 4462 spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags); 4463 if (newmsg) 4464 intf->handlers->sender(intf->send_info, newmsg); 4465 4466 rcu_read_unlock(); 4467 4468 handle_new_recv_msgs(intf); 4469 } 4470 4471 /* Handle a new message from the lower layer. */ 4472 void ipmi_smi_msg_received(ipmi_smi_t intf, 4473 struct ipmi_smi_msg *msg) 4474 { 4475 unsigned long flags = 0; /* keep us warning-free. */ 4476 int run_to_completion = intf->run_to_completion; 4477 4478 if ((msg->data_size >= 2) 4479 && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2)) 4480 && (msg->data[1] == IPMI_SEND_MSG_CMD) 4481 && (msg->user_data == NULL)) { 4482 4483 if (intf->in_shutdown) 4484 goto free_msg; 4485 4486 /* 4487 * This is the local response to a command send, start 4488 * the timer for these. The user_data will not be 4489 * NULL if this is a response send, and we will let 4490 * response sends just go through. 4491 */ 4492 4493 /* 4494 * Check for errors, if we get certain errors (ones 4495 * that mean basically we can try again later), we 4496 * ignore them and start the timer. Otherwise we 4497 * report the error immediately. 4498 */ 4499 if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0) 4500 && (msg->rsp[2] != IPMI_NODE_BUSY_ERR) 4501 && (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR) 4502 && (msg->rsp[2] != IPMI_BUS_ERR) 4503 && (msg->rsp[2] != IPMI_NAK_ON_WRITE_ERR)) { 4504 int ch = msg->rsp[3] & 0xf; 4505 struct ipmi_channel *chans; 4506 4507 /* Got an error sending the message, handle it. */ 4508 4509 chans = READ_ONCE(intf->channel_list)->c; 4510 if ((chans[ch].medium == IPMI_CHANNEL_MEDIUM_8023LAN) 4511 || (chans[ch].medium == IPMI_CHANNEL_MEDIUM_ASYNC)) 4512 ipmi_inc_stat(intf, sent_lan_command_errs); 4513 else 4514 ipmi_inc_stat(intf, sent_ipmb_command_errs); 4515 intf_err_seq(intf, msg->msgid, msg->rsp[2]); 4516 } else 4517 /* The message was sent, start the timer. */ 4518 intf_start_seq_timer(intf, msg->msgid); 4519 4520 free_msg: 4521 ipmi_free_smi_msg(msg); 4522 } else { 4523 /* 4524 * To preserve message order, we keep a queue and deliver from 4525 * a tasklet. 4526 */ 4527 if (!run_to_completion) 4528 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags); 4529 list_add_tail(&msg->link, &intf->waiting_rcv_msgs); 4530 if (!run_to_completion) 4531 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock, 4532 flags); 4533 } 4534 4535 if (!run_to_completion) 4536 spin_lock_irqsave(&intf->xmit_msgs_lock, flags); 4537 /* 4538 * We can get an asynchronous event or receive message in addition 4539 * to commands we send. 4540 */ 4541 if (msg == intf->curr_msg) 4542 intf->curr_msg = NULL; 4543 if (!run_to_completion) 4544 spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags); 4545 4546 if (run_to_completion) 4547 smi_recv_tasklet((unsigned long) intf); 4548 else 4549 tasklet_schedule(&intf->recv_tasklet); 4550 } 4551 EXPORT_SYMBOL(ipmi_smi_msg_received); 4552 4553 void ipmi_smi_watchdog_pretimeout(ipmi_smi_t intf) 4554 { 4555 if (intf->in_shutdown) 4556 return; 4557 4558 atomic_set(&intf->watchdog_pretimeouts_to_deliver, 1); 4559 tasklet_schedule(&intf->recv_tasklet); 4560 } 4561 EXPORT_SYMBOL(ipmi_smi_watchdog_pretimeout); 4562 4563 static struct ipmi_smi_msg * 4564 smi_from_recv_msg(ipmi_smi_t intf, struct ipmi_recv_msg *recv_msg, 4565 unsigned char seq, long seqid) 4566 { 4567 struct ipmi_smi_msg *smi_msg = ipmi_alloc_smi_msg(); 4568 if (!smi_msg) 4569 /* 4570 * If we can't allocate the message, then just return, we 4571 * get 4 retries, so this should be ok. 4572 */ 4573 return NULL; 4574 4575 memcpy(smi_msg->data, recv_msg->msg.data, recv_msg->msg.data_len); 4576 smi_msg->data_size = recv_msg->msg.data_len; 4577 smi_msg->msgid = STORE_SEQ_IN_MSGID(seq, seqid); 4578 4579 #ifdef DEBUG_MSGING 4580 { 4581 int m; 4582 printk("Resend: "); 4583 for (m = 0; m < smi_msg->data_size; m++) 4584 printk(" %2.2x", smi_msg->data[m]); 4585 printk("\n"); 4586 } 4587 #endif 4588 return smi_msg; 4589 } 4590 4591 static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent, 4592 struct list_head *timeouts, 4593 unsigned long timeout_period, 4594 int slot, unsigned long *flags, 4595 unsigned int *waiting_msgs) 4596 { 4597 struct ipmi_recv_msg *msg; 4598 const struct ipmi_smi_handlers *handlers; 4599 4600 if (intf->in_shutdown) 4601 return; 4602 4603 if (!ent->inuse) 4604 return; 4605 4606 if (timeout_period < ent->timeout) { 4607 ent->timeout -= timeout_period; 4608 (*waiting_msgs)++; 4609 return; 4610 } 4611 4612 if (ent->retries_left == 0) { 4613 /* The message has used all its retries. */ 4614 ent->inuse = 0; 4615 msg = ent->recv_msg; 4616 list_add_tail(&msg->link, timeouts); 4617 if (ent->broadcast) 4618 ipmi_inc_stat(intf, timed_out_ipmb_broadcasts); 4619 else if (is_lan_addr(&ent->recv_msg->addr)) 4620 ipmi_inc_stat(intf, timed_out_lan_commands); 4621 else 4622 ipmi_inc_stat(intf, timed_out_ipmb_commands); 4623 } else { 4624 struct ipmi_smi_msg *smi_msg; 4625 /* More retries, send again. */ 4626 4627 (*waiting_msgs)++; 4628 4629 /* 4630 * Start with the max timer, set to normal timer after 4631 * the message is sent. 4632 */ 4633 ent->timeout = MAX_MSG_TIMEOUT; 4634 ent->retries_left--; 4635 smi_msg = smi_from_recv_msg(intf, ent->recv_msg, slot, 4636 ent->seqid); 4637 if (!smi_msg) { 4638 if (is_lan_addr(&ent->recv_msg->addr)) 4639 ipmi_inc_stat(intf, 4640 dropped_rexmit_lan_commands); 4641 else 4642 ipmi_inc_stat(intf, 4643 dropped_rexmit_ipmb_commands); 4644 return; 4645 } 4646 4647 spin_unlock_irqrestore(&intf->seq_lock, *flags); 4648 4649 /* 4650 * Send the new message. We send with a zero 4651 * priority. It timed out, I doubt time is that 4652 * critical now, and high priority messages are really 4653 * only for messages to the local MC, which don't get 4654 * resent. 4655 */ 4656 handlers = intf->handlers; 4657 if (handlers) { 4658 if (is_lan_addr(&ent->recv_msg->addr)) 4659 ipmi_inc_stat(intf, 4660 retransmitted_lan_commands); 4661 else 4662 ipmi_inc_stat(intf, 4663 retransmitted_ipmb_commands); 4664 4665 smi_send(intf, handlers, smi_msg, 0); 4666 } else 4667 ipmi_free_smi_msg(smi_msg); 4668 4669 spin_lock_irqsave(&intf->seq_lock, *flags); 4670 } 4671 } 4672 4673 static unsigned int ipmi_timeout_handler(ipmi_smi_t intf, 4674 unsigned long timeout_period) 4675 { 4676 struct list_head timeouts; 4677 struct ipmi_recv_msg *msg, *msg2; 4678 unsigned long flags; 4679 int i; 4680 unsigned int waiting_msgs = 0; 4681 4682 if (!intf->bmc_registered) { 4683 kref_get(&intf->refcount); 4684 if (!schedule_work(&intf->bmc_reg_work)) { 4685 kref_put(&intf->refcount, intf_free); 4686 waiting_msgs++; 4687 } 4688 } 4689 4690 /* 4691 * Go through the seq table and find any messages that 4692 * have timed out, putting them in the timeouts 4693 * list. 4694 */ 4695 INIT_LIST_HEAD(&timeouts); 4696 spin_lock_irqsave(&intf->seq_lock, flags); 4697 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) 4698 check_msg_timeout(intf, &(intf->seq_table[i]), 4699 &timeouts, timeout_period, i, 4700 &flags, &waiting_msgs); 4701 spin_unlock_irqrestore(&intf->seq_lock, flags); 4702 4703 list_for_each_entry_safe(msg, msg2, &timeouts, link) 4704 deliver_err_response(msg, IPMI_TIMEOUT_COMPLETION_CODE); 4705 4706 /* 4707 * Maintenance mode handling. Check the timeout 4708 * optimistically before we claim the lock. It may 4709 * mean a timeout gets missed occasionally, but that 4710 * only means the timeout gets extended by one period 4711 * in that case. No big deal, and it avoids the lock 4712 * most of the time. 4713 */ 4714 if (intf->auto_maintenance_timeout > 0) { 4715 spin_lock_irqsave(&intf->maintenance_mode_lock, flags); 4716 if (intf->auto_maintenance_timeout > 0) { 4717 intf->auto_maintenance_timeout 4718 -= timeout_period; 4719 if (!intf->maintenance_mode 4720 && (intf->auto_maintenance_timeout <= 0)) { 4721 intf->maintenance_mode_enable = false; 4722 maintenance_mode_update(intf); 4723 } 4724 } 4725 spin_unlock_irqrestore(&intf->maintenance_mode_lock, 4726 flags); 4727 } 4728 4729 tasklet_schedule(&intf->recv_tasklet); 4730 4731 return waiting_msgs; 4732 } 4733 4734 static void ipmi_request_event(ipmi_smi_t intf) 4735 { 4736 /* No event requests when in maintenance mode. */ 4737 if (intf->maintenance_mode_enable) 4738 return; 4739 4740 if (!intf->in_shutdown) 4741 intf->handlers->request_events(intf->send_info); 4742 } 4743 4744 static struct timer_list ipmi_timer; 4745 4746 static atomic_t stop_operation; 4747 4748 static void ipmi_timeout(struct timer_list *unused) 4749 { 4750 ipmi_smi_t intf; 4751 int nt = 0; 4752 4753 if (atomic_read(&stop_operation)) 4754 return; 4755 4756 rcu_read_lock(); 4757 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 4758 int lnt = 0; 4759 4760 if (atomic_read(&intf->event_waiters)) { 4761 intf->ticks_to_req_ev--; 4762 if (intf->ticks_to_req_ev == 0) { 4763 ipmi_request_event(intf); 4764 intf->ticks_to_req_ev = IPMI_REQUEST_EV_TIME; 4765 } 4766 lnt++; 4767 } 4768 4769 lnt += ipmi_timeout_handler(intf, IPMI_TIMEOUT_TIME); 4770 4771 lnt = !!lnt; 4772 if (lnt != intf->last_needs_timer && 4773 intf->handlers->set_need_watch) 4774 intf->handlers->set_need_watch(intf->send_info, lnt); 4775 intf->last_needs_timer = lnt; 4776 4777 nt += lnt; 4778 } 4779 rcu_read_unlock(); 4780 4781 if (nt) 4782 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES); 4783 } 4784 4785 static void need_waiter(ipmi_smi_t intf) 4786 { 4787 /* Racy, but worst case we start the timer twice. */ 4788 if (!timer_pending(&ipmi_timer)) 4789 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES); 4790 } 4791 4792 static atomic_t smi_msg_inuse_count = ATOMIC_INIT(0); 4793 static atomic_t recv_msg_inuse_count = ATOMIC_INIT(0); 4794 4795 static void free_smi_msg(struct ipmi_smi_msg *msg) 4796 { 4797 atomic_dec(&smi_msg_inuse_count); 4798 kfree(msg); 4799 } 4800 4801 struct ipmi_smi_msg *ipmi_alloc_smi_msg(void) 4802 { 4803 struct ipmi_smi_msg *rv; 4804 rv = kmalloc(sizeof(struct ipmi_smi_msg), GFP_ATOMIC); 4805 if (rv) { 4806 rv->done = free_smi_msg; 4807 rv->user_data = NULL; 4808 atomic_inc(&smi_msg_inuse_count); 4809 } 4810 return rv; 4811 } 4812 EXPORT_SYMBOL(ipmi_alloc_smi_msg); 4813 4814 static void free_recv_msg(struct ipmi_recv_msg *msg) 4815 { 4816 atomic_dec(&recv_msg_inuse_count); 4817 kfree(msg); 4818 } 4819 4820 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void) 4821 { 4822 struct ipmi_recv_msg *rv; 4823 4824 rv = kmalloc(sizeof(struct ipmi_recv_msg), GFP_ATOMIC); 4825 if (rv) { 4826 rv->user = NULL; 4827 rv->done = free_recv_msg; 4828 atomic_inc(&recv_msg_inuse_count); 4829 } 4830 return rv; 4831 } 4832 4833 void ipmi_free_recv_msg(struct ipmi_recv_msg *msg) 4834 { 4835 if (msg->user) 4836 kref_put(&msg->user->refcount, free_user); 4837 msg->done(msg); 4838 } 4839 EXPORT_SYMBOL(ipmi_free_recv_msg); 4840 4841 static atomic_t panic_done_count = ATOMIC_INIT(0); 4842 4843 static void dummy_smi_done_handler(struct ipmi_smi_msg *msg) 4844 { 4845 atomic_dec(&panic_done_count); 4846 } 4847 4848 static void dummy_recv_done_handler(struct ipmi_recv_msg *msg) 4849 { 4850 atomic_dec(&panic_done_count); 4851 } 4852 4853 /* 4854 * Inside a panic, send a message and wait for a response. 4855 */ 4856 static void ipmi_panic_request_and_wait(ipmi_smi_t intf, 4857 struct ipmi_addr *addr, 4858 struct kernel_ipmi_msg *msg) 4859 { 4860 struct ipmi_smi_msg smi_msg; 4861 struct ipmi_recv_msg recv_msg; 4862 int rv; 4863 4864 smi_msg.done = dummy_smi_done_handler; 4865 recv_msg.done = dummy_recv_done_handler; 4866 atomic_add(2, &panic_done_count); 4867 rv = i_ipmi_request(NULL, 4868 intf, 4869 addr, 4870 0, 4871 msg, 4872 intf, 4873 &smi_msg, 4874 &recv_msg, 4875 0, 4876 intf->addrinfo[0].address, 4877 intf->addrinfo[0].lun, 4878 0, 1); /* Don't retry, and don't wait. */ 4879 if (rv) 4880 atomic_sub(2, &panic_done_count); 4881 else if (intf->handlers->flush_messages) 4882 intf->handlers->flush_messages(intf->send_info); 4883 4884 while (atomic_read(&panic_done_count) != 0) 4885 ipmi_poll(intf); 4886 } 4887 4888 static void event_receiver_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg) 4889 { 4890 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 4891 && (msg->msg.netfn == IPMI_NETFN_SENSOR_EVENT_RESPONSE) 4892 && (msg->msg.cmd == IPMI_GET_EVENT_RECEIVER_CMD) 4893 && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) { 4894 /* A get event receiver command, save it. */ 4895 intf->event_receiver = msg->msg.data[1]; 4896 intf->event_receiver_lun = msg->msg.data[2] & 0x3; 4897 } 4898 } 4899 4900 static void device_id_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg) 4901 { 4902 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 4903 && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE) 4904 && (msg->msg.cmd == IPMI_GET_DEVICE_ID_CMD) 4905 && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) { 4906 /* 4907 * A get device id command, save if we are an event 4908 * receiver or generator. 4909 */ 4910 intf->local_sel_device = (msg->msg.data[6] >> 2) & 1; 4911 intf->local_event_generator = (msg->msg.data[6] >> 5) & 1; 4912 } 4913 } 4914 4915 static void send_panic_events(char *str) 4916 { 4917 struct kernel_ipmi_msg msg; 4918 ipmi_smi_t intf; 4919 unsigned char data[16]; 4920 struct ipmi_system_interface_addr *si; 4921 struct ipmi_addr addr; 4922 4923 if (ipmi_send_panic_event == IPMI_SEND_PANIC_EVENT_NONE) 4924 return; 4925 4926 si = (struct ipmi_system_interface_addr *) &addr; 4927 si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 4928 si->channel = IPMI_BMC_CHANNEL; 4929 si->lun = 0; 4930 4931 /* Fill in an event telling that we have failed. */ 4932 msg.netfn = 0x04; /* Sensor or Event. */ 4933 msg.cmd = 2; /* Platform event command. */ 4934 msg.data = data; 4935 msg.data_len = 8; 4936 data[0] = 0x41; /* Kernel generator ID, IPMI table 5-4 */ 4937 data[1] = 0x03; /* This is for IPMI 1.0. */ 4938 data[2] = 0x20; /* OS Critical Stop, IPMI table 36-3 */ 4939 data[4] = 0x6f; /* Sensor specific, IPMI table 36-1 */ 4940 data[5] = 0xa1; /* Runtime stop OEM bytes 2 & 3. */ 4941 4942 /* 4943 * Put a few breadcrumbs in. Hopefully later we can add more things 4944 * to make the panic events more useful. 4945 */ 4946 if (str) { 4947 data[3] = str[0]; 4948 data[6] = str[1]; 4949 data[7] = str[2]; 4950 } 4951 4952 /* For every registered interface, send the event. */ 4953 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 4954 if (!intf->handlers || !intf->handlers->poll) 4955 /* Interface is not ready or can't run at panic time. */ 4956 continue; 4957 4958 /* Send the event announcing the panic. */ 4959 ipmi_panic_request_and_wait(intf, &addr, &msg); 4960 } 4961 4962 /* 4963 * On every interface, dump a bunch of OEM event holding the 4964 * string. 4965 */ 4966 if (ipmi_send_panic_event != IPMI_SEND_PANIC_EVENT_STRING || !str) 4967 return; 4968 4969 /* For every registered interface, send the event. */ 4970 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 4971 char *p = str; 4972 struct ipmi_ipmb_addr *ipmb; 4973 int j; 4974 4975 if (intf->intf_num == -1) 4976 /* Interface was not ready yet. */ 4977 continue; 4978 4979 /* 4980 * intf_num is used as an marker to tell if the 4981 * interface is valid. Thus we need a read barrier to 4982 * make sure data fetched before checking intf_num 4983 * won't be used. 4984 */ 4985 smp_rmb(); 4986 4987 /* 4988 * First job here is to figure out where to send the 4989 * OEM events. There's no way in IPMI to send OEM 4990 * events using an event send command, so we have to 4991 * find the SEL to put them in and stick them in 4992 * there. 4993 */ 4994 4995 /* Get capabilities from the get device id. */ 4996 intf->local_sel_device = 0; 4997 intf->local_event_generator = 0; 4998 intf->event_receiver = 0; 4999 5000 /* Request the device info from the local MC. */ 5001 msg.netfn = IPMI_NETFN_APP_REQUEST; 5002 msg.cmd = IPMI_GET_DEVICE_ID_CMD; 5003 msg.data = NULL; 5004 msg.data_len = 0; 5005 intf->null_user_handler = device_id_fetcher; 5006 ipmi_panic_request_and_wait(intf, &addr, &msg); 5007 5008 if (intf->local_event_generator) { 5009 /* Request the event receiver from the local MC. */ 5010 msg.netfn = IPMI_NETFN_SENSOR_EVENT_REQUEST; 5011 msg.cmd = IPMI_GET_EVENT_RECEIVER_CMD; 5012 msg.data = NULL; 5013 msg.data_len = 0; 5014 intf->null_user_handler = event_receiver_fetcher; 5015 ipmi_panic_request_and_wait(intf, &addr, &msg); 5016 } 5017 intf->null_user_handler = NULL; 5018 5019 /* 5020 * Validate the event receiver. The low bit must not 5021 * be 1 (it must be a valid IPMB address), it cannot 5022 * be zero, and it must not be my address. 5023 */ 5024 if (((intf->event_receiver & 1) == 0) 5025 && (intf->event_receiver != 0) 5026 && (intf->event_receiver != intf->addrinfo[0].address)) { 5027 /* 5028 * The event receiver is valid, send an IPMB 5029 * message. 5030 */ 5031 ipmb = (struct ipmi_ipmb_addr *) &addr; 5032 ipmb->addr_type = IPMI_IPMB_ADDR_TYPE; 5033 ipmb->channel = 0; /* FIXME - is this right? */ 5034 ipmb->lun = intf->event_receiver_lun; 5035 ipmb->slave_addr = intf->event_receiver; 5036 } else if (intf->local_sel_device) { 5037 /* 5038 * The event receiver was not valid (or was 5039 * me), but I am an SEL device, just dump it 5040 * in my SEL. 5041 */ 5042 si = (struct ipmi_system_interface_addr *) &addr; 5043 si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 5044 si->channel = IPMI_BMC_CHANNEL; 5045 si->lun = 0; 5046 } else 5047 continue; /* No where to send the event. */ 5048 5049 msg.netfn = IPMI_NETFN_STORAGE_REQUEST; /* Storage. */ 5050 msg.cmd = IPMI_ADD_SEL_ENTRY_CMD; 5051 msg.data = data; 5052 msg.data_len = 16; 5053 5054 j = 0; 5055 while (*p) { 5056 int size = strlen(p); 5057 5058 if (size > 11) 5059 size = 11; 5060 data[0] = 0; 5061 data[1] = 0; 5062 data[2] = 0xf0; /* OEM event without timestamp. */ 5063 data[3] = intf->addrinfo[0].address; 5064 data[4] = j++; /* sequence # */ 5065 /* 5066 * Always give 11 bytes, so strncpy will fill 5067 * it with zeroes for me. 5068 */ 5069 strncpy(data+5, p, 11); 5070 p += size; 5071 5072 ipmi_panic_request_and_wait(intf, &addr, &msg); 5073 } 5074 } 5075 } 5076 5077 static int has_panicked; 5078 5079 static int panic_event(struct notifier_block *this, 5080 unsigned long event, 5081 void *ptr) 5082 { 5083 ipmi_smi_t intf; 5084 5085 if (has_panicked) 5086 return NOTIFY_DONE; 5087 has_panicked = 1; 5088 5089 /* For every registered interface, set it to run to completion. */ 5090 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 5091 if (!intf->handlers) 5092 /* Interface is not ready. */ 5093 continue; 5094 5095 /* 5096 * If we were interrupted while locking xmit_msgs_lock or 5097 * waiting_rcv_msgs_lock, the corresponding list may be 5098 * corrupted. In this case, drop items on the list for 5099 * the safety. 5100 */ 5101 if (!spin_trylock(&intf->xmit_msgs_lock)) { 5102 INIT_LIST_HEAD(&intf->xmit_msgs); 5103 INIT_LIST_HEAD(&intf->hp_xmit_msgs); 5104 } else 5105 spin_unlock(&intf->xmit_msgs_lock); 5106 5107 if (!spin_trylock(&intf->waiting_rcv_msgs_lock)) 5108 INIT_LIST_HEAD(&intf->waiting_rcv_msgs); 5109 else 5110 spin_unlock(&intf->waiting_rcv_msgs_lock); 5111 5112 intf->run_to_completion = 1; 5113 if (intf->handlers->set_run_to_completion) 5114 intf->handlers->set_run_to_completion(intf->send_info, 5115 1); 5116 } 5117 5118 send_panic_events(ptr); 5119 5120 return NOTIFY_DONE; 5121 } 5122 5123 static struct notifier_block panic_block = { 5124 .notifier_call = panic_event, 5125 .next = NULL, 5126 .priority = 200 /* priority: INT_MAX >= x >= 0 */ 5127 }; 5128 5129 static int ipmi_init_msghandler(void) 5130 { 5131 int rv; 5132 5133 if (initialized) 5134 return 0; 5135 5136 rv = driver_register(&ipmidriver.driver); 5137 if (rv) { 5138 pr_err(PFX "Could not register IPMI driver\n"); 5139 return rv; 5140 } 5141 5142 pr_info("ipmi message handler version " IPMI_DRIVER_VERSION "\n"); 5143 5144 #ifdef CONFIG_IPMI_PROC_INTERFACE 5145 proc_ipmi_root = proc_mkdir("ipmi", NULL); 5146 if (!proc_ipmi_root) { 5147 pr_err(PFX "Unable to create IPMI proc dir"); 5148 driver_unregister(&ipmidriver.driver); 5149 return -ENOMEM; 5150 } 5151 5152 #endif /* CONFIG_IPMI_PROC_INTERFACE */ 5153 5154 timer_setup(&ipmi_timer, ipmi_timeout, 0); 5155 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES); 5156 5157 atomic_notifier_chain_register(&panic_notifier_list, &panic_block); 5158 5159 initialized = 1; 5160 5161 return 0; 5162 } 5163 5164 static int __init ipmi_init_msghandler_mod(void) 5165 { 5166 ipmi_init_msghandler(); 5167 return 0; 5168 } 5169 5170 static void __exit cleanup_ipmi(void) 5171 { 5172 int count; 5173 5174 if (!initialized) 5175 return; 5176 5177 atomic_notifier_chain_unregister(&panic_notifier_list, &panic_block); 5178 5179 /* 5180 * This can't be called if any interfaces exist, so no worry 5181 * about shutting down the interfaces. 5182 */ 5183 5184 /* 5185 * Tell the timer to stop, then wait for it to stop. This 5186 * avoids problems with race conditions removing the timer 5187 * here. 5188 */ 5189 atomic_inc(&stop_operation); 5190 del_timer_sync(&ipmi_timer); 5191 5192 #ifdef CONFIG_IPMI_PROC_INTERFACE 5193 proc_remove(proc_ipmi_root); 5194 #endif /* CONFIG_IPMI_PROC_INTERFACE */ 5195 5196 driver_unregister(&ipmidriver.driver); 5197 5198 initialized = 0; 5199 5200 /* Check for buffer leaks. */ 5201 count = atomic_read(&smi_msg_inuse_count); 5202 if (count != 0) 5203 pr_warn(PFX "SMI message count %d at exit\n", count); 5204 count = atomic_read(&recv_msg_inuse_count); 5205 if (count != 0) 5206 pr_warn(PFX "recv message count %d at exit\n", count); 5207 } 5208 module_exit(cleanup_ipmi); 5209 5210 module_init(ipmi_init_msghandler_mod); 5211 MODULE_LICENSE("GPL"); 5212 MODULE_AUTHOR("Corey Minyard <minyard@mvista.com>"); 5213 MODULE_DESCRIPTION("Incoming and outgoing message routing for an IPMI" 5214 " interface."); 5215 MODULE_VERSION(IPMI_DRIVER_VERSION); 5216 MODULE_SOFTDEP("post: ipmi_devintf"); 5217