xref: /openbmc/linux/drivers/char/ipmi/ipmi_si_intf.c (revision 869b6ca39c08c5b10eeb29d4b3c4bc433bf8ba5e)
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * ipmi_si.c
4  *
5  * The interface to the IPMI driver for the system interfaces (KCS, SMIC,
6  * BT).
7  *
8  * Author: MontaVista Software, Inc.
9  *         Corey Minyard <minyard@mvista.com>
10  *         source@mvista.com
11  *
12  * Copyright 2002 MontaVista Software Inc.
13  * Copyright 2006 IBM Corp., Christian Krafft <krafft@de.ibm.com>
14  */
15 
16 /*
17  * This file holds the "policy" for the interface to the SMI state
18  * machine.  It does the configuration, handles timers and interrupts,
19  * and drives the real SMI state machine.
20  */
21 
22 #define pr_fmt(fmt) "ipmi_si: " fmt
23 
24 #include <linux/module.h>
25 #include <linux/moduleparam.h>
26 #include <linux/sched.h>
27 #include <linux/seq_file.h>
28 #include <linux/timer.h>
29 #include <linux/errno.h>
30 #include <linux/spinlock.h>
31 #include <linux/slab.h>
32 #include <linux/delay.h>
33 #include <linux/list.h>
34 #include <linux/notifier.h>
35 #include <linux/mutex.h>
36 #include <linux/kthread.h>
37 #include <asm/irq.h>
38 #include <linux/interrupt.h>
39 #include <linux/rcupdate.h>
40 #include <linux/ipmi.h>
41 #include <linux/ipmi_smi.h>
42 #include "ipmi_si.h"
43 #include "ipmi_si_sm.h"
44 #include <linux/string.h>
45 #include <linux/ctype.h>
46 
47 /* Measure times between events in the driver. */
48 #undef DEBUG_TIMING
49 
50 /* Call every 10 ms. */
51 #define SI_TIMEOUT_TIME_USEC	10000
52 #define SI_USEC_PER_JIFFY	(1000000/HZ)
53 #define SI_TIMEOUT_JIFFIES	(SI_TIMEOUT_TIME_USEC/SI_USEC_PER_JIFFY)
54 #define SI_SHORT_TIMEOUT_USEC  250 /* .25ms when the SM request a
55 				      short timeout */
56 
57 enum si_intf_state {
58 	SI_NORMAL,
59 	SI_GETTING_FLAGS,
60 	SI_GETTING_EVENTS,
61 	SI_CLEARING_FLAGS,
62 	SI_GETTING_MESSAGES,
63 	SI_CHECKING_ENABLES,
64 	SI_SETTING_ENABLES
65 	/* FIXME - add watchdog stuff. */
66 };
67 
68 /* Some BT-specific defines we need here. */
69 #define IPMI_BT_INTMASK_REG		2
70 #define IPMI_BT_INTMASK_CLEAR_IRQ_BIT	2
71 #define IPMI_BT_INTMASK_ENABLE_IRQ_BIT	1
72 
73 /* 'invalid' to allow a firmware-specified interface to be disabled */
74 const char *const si_to_str[] = { "invalid", "kcs", "smic", "bt", NULL };
75 
76 static bool initialized;
77 
78 /*
79  * Indexes into stats[] in smi_info below.
80  */
81 enum si_stat_indexes {
82 	/*
83 	 * Number of times the driver requested a timer while an operation
84 	 * was in progress.
85 	 */
86 	SI_STAT_short_timeouts = 0,
87 
88 	/*
89 	 * Number of times the driver requested a timer while nothing was in
90 	 * progress.
91 	 */
92 	SI_STAT_long_timeouts,
93 
94 	/* Number of times the interface was idle while being polled. */
95 	SI_STAT_idles,
96 
97 	/* Number of interrupts the driver handled. */
98 	SI_STAT_interrupts,
99 
100 	/* Number of time the driver got an ATTN from the hardware. */
101 	SI_STAT_attentions,
102 
103 	/* Number of times the driver requested flags from the hardware. */
104 	SI_STAT_flag_fetches,
105 
106 	/* Number of times the hardware didn't follow the state machine. */
107 	SI_STAT_hosed_count,
108 
109 	/* Number of completed messages. */
110 	SI_STAT_complete_transactions,
111 
112 	/* Number of IPMI events received from the hardware. */
113 	SI_STAT_events,
114 
115 	/* Number of watchdog pretimeouts. */
116 	SI_STAT_watchdog_pretimeouts,
117 
118 	/* Number of asynchronous messages received. */
119 	SI_STAT_incoming_messages,
120 
121 
122 	/* This *must* remain last, add new values above this. */
123 	SI_NUM_STATS
124 };
125 
126 struct smi_info {
127 	int                    si_num;
128 	struct ipmi_smi        *intf;
129 	struct si_sm_data      *si_sm;
130 	const struct si_sm_handlers *handlers;
131 	spinlock_t             si_lock;
132 	struct ipmi_smi_msg    *waiting_msg;
133 	struct ipmi_smi_msg    *curr_msg;
134 	enum si_intf_state     si_state;
135 
136 	/*
137 	 * Used to handle the various types of I/O that can occur with
138 	 * IPMI
139 	 */
140 	struct si_sm_io io;
141 
142 	/*
143 	 * Per-OEM handler, called from handle_flags().  Returns 1
144 	 * when handle_flags() needs to be re-run or 0 indicating it
145 	 * set si_state itself.
146 	 */
147 	int (*oem_data_avail_handler)(struct smi_info *smi_info);
148 
149 	/*
150 	 * Flags from the last GET_MSG_FLAGS command, used when an ATTN
151 	 * is set to hold the flags until we are done handling everything
152 	 * from the flags.
153 	 */
154 #define RECEIVE_MSG_AVAIL	0x01
155 #define EVENT_MSG_BUFFER_FULL	0x02
156 #define WDT_PRE_TIMEOUT_INT	0x08
157 #define OEM0_DATA_AVAIL     0x20
158 #define OEM1_DATA_AVAIL     0x40
159 #define OEM2_DATA_AVAIL     0x80
160 #define OEM_DATA_AVAIL      (OEM0_DATA_AVAIL | \
161 			     OEM1_DATA_AVAIL | \
162 			     OEM2_DATA_AVAIL)
163 	unsigned char       msg_flags;
164 
165 	/* Does the BMC have an event buffer? */
166 	bool		    has_event_buffer;
167 
168 	/*
169 	 * If set to true, this will request events the next time the
170 	 * state machine is idle.
171 	 */
172 	atomic_t            req_events;
173 
174 	/*
175 	 * If true, run the state machine to completion on every send
176 	 * call.  Generally used after a panic to make sure stuff goes
177 	 * out.
178 	 */
179 	bool                run_to_completion;
180 
181 	/* The timer for this si. */
182 	struct timer_list   si_timer;
183 
184 	/* This flag is set, if the timer can be set */
185 	bool		    timer_can_start;
186 
187 	/* This flag is set, if the timer is running (timer_pending() isn't enough) */
188 	bool		    timer_running;
189 
190 	/* The time (in jiffies) the last timeout occurred at. */
191 	unsigned long       last_timeout_jiffies;
192 
193 	/* Are we waiting for the events, pretimeouts, received msgs? */
194 	atomic_t            need_watch;
195 
196 	/*
197 	 * The driver will disable interrupts when it gets into a
198 	 * situation where it cannot handle messages due to lack of
199 	 * memory.  Once that situation clears up, it will re-enable
200 	 * interrupts.
201 	 */
202 	bool interrupt_disabled;
203 
204 	/*
205 	 * Does the BMC support events?
206 	 */
207 	bool supports_event_msg_buff;
208 
209 	/*
210 	 * Can we disable interrupts the global enables receive irq
211 	 * bit?  There are currently two forms of brokenness, some
212 	 * systems cannot disable the bit (which is technically within
213 	 * the spec but a bad idea) and some systems have the bit
214 	 * forced to zero even though interrupts work (which is
215 	 * clearly outside the spec).  The next bool tells which form
216 	 * of brokenness is present.
217 	 */
218 	bool cannot_disable_irq;
219 
220 	/*
221 	 * Some systems are broken and cannot set the irq enable
222 	 * bit, even if they support interrupts.
223 	 */
224 	bool irq_enable_broken;
225 
226 	/* Is the driver in maintenance mode? */
227 	bool in_maintenance_mode;
228 
229 	/*
230 	 * Did we get an attention that we did not handle?
231 	 */
232 	bool got_attn;
233 
234 	/* From the get device id response... */
235 	struct ipmi_device_id device_id;
236 
237 	/* Have we added the device group to the device? */
238 	bool dev_group_added;
239 
240 	/* Counters and things for the proc filesystem. */
241 	atomic_t stats[SI_NUM_STATS];
242 
243 	struct task_struct *thread;
244 
245 	struct list_head link;
246 };
247 
248 #define smi_inc_stat(smi, stat) \
249 	atomic_inc(&(smi)->stats[SI_STAT_ ## stat])
250 #define smi_get_stat(smi, stat) \
251 	((unsigned int) atomic_read(&(smi)->stats[SI_STAT_ ## stat]))
252 
253 #define IPMI_MAX_INTFS 4
254 static int force_kipmid[IPMI_MAX_INTFS];
255 static int num_force_kipmid;
256 
257 static unsigned int kipmid_max_busy_us[IPMI_MAX_INTFS];
258 static int num_max_busy_us;
259 
260 static bool unload_when_empty = true;
261 
262 static int try_smi_init(struct smi_info *smi);
263 static void cleanup_one_si(struct smi_info *smi_info);
264 static void cleanup_ipmi_si(void);
265 
266 #ifdef DEBUG_TIMING
267 void debug_timestamp(char *msg)
268 {
269 	struct timespec64 t;
270 
271 	ktime_get_ts64(&t);
272 	pr_debug("**%s: %lld.%9.9ld\n", msg, t.tv_sec, t.tv_nsec);
273 }
274 #else
275 #define debug_timestamp(x)
276 #endif
277 
278 static ATOMIC_NOTIFIER_HEAD(xaction_notifier_list);
279 static int register_xaction_notifier(struct notifier_block *nb)
280 {
281 	return atomic_notifier_chain_register(&xaction_notifier_list, nb);
282 }
283 
284 static void deliver_recv_msg(struct smi_info *smi_info,
285 			     struct ipmi_smi_msg *msg)
286 {
287 	/* Deliver the message to the upper layer. */
288 	ipmi_smi_msg_received(smi_info->intf, msg);
289 }
290 
291 static void return_hosed_msg(struct smi_info *smi_info, int cCode)
292 {
293 	struct ipmi_smi_msg *msg = smi_info->curr_msg;
294 
295 	if (cCode < 0 || cCode > IPMI_ERR_UNSPECIFIED)
296 		cCode = IPMI_ERR_UNSPECIFIED;
297 	/* else use it as is */
298 
299 	/* Make it a response */
300 	msg->rsp[0] = msg->data[0] | 4;
301 	msg->rsp[1] = msg->data[1];
302 	msg->rsp[2] = cCode;
303 	msg->rsp_size = 3;
304 
305 	smi_info->curr_msg = NULL;
306 	deliver_recv_msg(smi_info, msg);
307 }
308 
309 static enum si_sm_result start_next_msg(struct smi_info *smi_info)
310 {
311 	int              rv;
312 
313 	if (!smi_info->waiting_msg) {
314 		smi_info->curr_msg = NULL;
315 		rv = SI_SM_IDLE;
316 	} else {
317 		int err;
318 
319 		smi_info->curr_msg = smi_info->waiting_msg;
320 		smi_info->waiting_msg = NULL;
321 		debug_timestamp("Start2");
322 		err = atomic_notifier_call_chain(&xaction_notifier_list,
323 				0, smi_info);
324 		if (err & NOTIFY_STOP_MASK) {
325 			rv = SI_SM_CALL_WITHOUT_DELAY;
326 			goto out;
327 		}
328 		err = smi_info->handlers->start_transaction(
329 			smi_info->si_sm,
330 			smi_info->curr_msg->data,
331 			smi_info->curr_msg->data_size);
332 		if (err)
333 			return_hosed_msg(smi_info, err);
334 
335 		rv = SI_SM_CALL_WITHOUT_DELAY;
336 	}
337 out:
338 	return rv;
339 }
340 
341 static void smi_mod_timer(struct smi_info *smi_info, unsigned long new_val)
342 {
343 	if (!smi_info->timer_can_start)
344 		return;
345 	smi_info->last_timeout_jiffies = jiffies;
346 	mod_timer(&smi_info->si_timer, new_val);
347 	smi_info->timer_running = true;
348 }
349 
350 /*
351  * Start a new message and (re)start the timer and thread.
352  */
353 static void start_new_msg(struct smi_info *smi_info, unsigned char *msg,
354 			  unsigned int size)
355 {
356 	smi_mod_timer(smi_info, jiffies + SI_TIMEOUT_JIFFIES);
357 
358 	if (smi_info->thread)
359 		wake_up_process(smi_info->thread);
360 
361 	smi_info->handlers->start_transaction(smi_info->si_sm, msg, size);
362 }
363 
364 static void start_check_enables(struct smi_info *smi_info)
365 {
366 	unsigned char msg[2];
367 
368 	msg[0] = (IPMI_NETFN_APP_REQUEST << 2);
369 	msg[1] = IPMI_GET_BMC_GLOBAL_ENABLES_CMD;
370 
371 	start_new_msg(smi_info, msg, 2);
372 	smi_info->si_state = SI_CHECKING_ENABLES;
373 }
374 
375 static void start_clear_flags(struct smi_info *smi_info)
376 {
377 	unsigned char msg[3];
378 
379 	/* Make sure the watchdog pre-timeout flag is not set at startup. */
380 	msg[0] = (IPMI_NETFN_APP_REQUEST << 2);
381 	msg[1] = IPMI_CLEAR_MSG_FLAGS_CMD;
382 	msg[2] = WDT_PRE_TIMEOUT_INT;
383 
384 	start_new_msg(smi_info, msg, 3);
385 	smi_info->si_state = SI_CLEARING_FLAGS;
386 }
387 
388 static void start_getting_msg_queue(struct smi_info *smi_info)
389 {
390 	smi_info->curr_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
391 	smi_info->curr_msg->data[1] = IPMI_GET_MSG_CMD;
392 	smi_info->curr_msg->data_size = 2;
393 
394 	start_new_msg(smi_info, smi_info->curr_msg->data,
395 		      smi_info->curr_msg->data_size);
396 	smi_info->si_state = SI_GETTING_MESSAGES;
397 }
398 
399 static void start_getting_events(struct smi_info *smi_info)
400 {
401 	smi_info->curr_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
402 	smi_info->curr_msg->data[1] = IPMI_READ_EVENT_MSG_BUFFER_CMD;
403 	smi_info->curr_msg->data_size = 2;
404 
405 	start_new_msg(smi_info, smi_info->curr_msg->data,
406 		      smi_info->curr_msg->data_size);
407 	smi_info->si_state = SI_GETTING_EVENTS;
408 }
409 
410 /*
411  * When we have a situtaion where we run out of memory and cannot
412  * allocate messages, we just leave them in the BMC and run the system
413  * polled until we can allocate some memory.  Once we have some
414  * memory, we will re-enable the interrupt.
415  *
416  * Note that we cannot just use disable_irq(), since the interrupt may
417  * be shared.
418  */
419 static inline bool disable_si_irq(struct smi_info *smi_info)
420 {
421 	if ((smi_info->io.irq) && (!smi_info->interrupt_disabled)) {
422 		smi_info->interrupt_disabled = true;
423 		start_check_enables(smi_info);
424 		return true;
425 	}
426 	return false;
427 }
428 
429 static inline bool enable_si_irq(struct smi_info *smi_info)
430 {
431 	if ((smi_info->io.irq) && (smi_info->interrupt_disabled)) {
432 		smi_info->interrupt_disabled = false;
433 		start_check_enables(smi_info);
434 		return true;
435 	}
436 	return false;
437 }
438 
439 /*
440  * Allocate a message.  If unable to allocate, start the interrupt
441  * disable process and return NULL.  If able to allocate but
442  * interrupts are disabled, free the message and return NULL after
443  * starting the interrupt enable process.
444  */
445 static struct ipmi_smi_msg *alloc_msg_handle_irq(struct smi_info *smi_info)
446 {
447 	struct ipmi_smi_msg *msg;
448 
449 	msg = ipmi_alloc_smi_msg();
450 	if (!msg) {
451 		if (!disable_si_irq(smi_info))
452 			smi_info->si_state = SI_NORMAL;
453 	} else if (enable_si_irq(smi_info)) {
454 		ipmi_free_smi_msg(msg);
455 		msg = NULL;
456 	}
457 	return msg;
458 }
459 
460 static void handle_flags(struct smi_info *smi_info)
461 {
462 retry:
463 	if (smi_info->msg_flags & WDT_PRE_TIMEOUT_INT) {
464 		/* Watchdog pre-timeout */
465 		smi_inc_stat(smi_info, watchdog_pretimeouts);
466 
467 		start_clear_flags(smi_info);
468 		smi_info->msg_flags &= ~WDT_PRE_TIMEOUT_INT;
469 		ipmi_smi_watchdog_pretimeout(smi_info->intf);
470 	} else if (smi_info->msg_flags & RECEIVE_MSG_AVAIL) {
471 		/* Messages available. */
472 		smi_info->curr_msg = alloc_msg_handle_irq(smi_info);
473 		if (!smi_info->curr_msg)
474 			return;
475 
476 		start_getting_msg_queue(smi_info);
477 	} else if (smi_info->msg_flags & EVENT_MSG_BUFFER_FULL) {
478 		/* Events available. */
479 		smi_info->curr_msg = alloc_msg_handle_irq(smi_info);
480 		if (!smi_info->curr_msg)
481 			return;
482 
483 		start_getting_events(smi_info);
484 	} else if (smi_info->msg_flags & OEM_DATA_AVAIL &&
485 		   smi_info->oem_data_avail_handler) {
486 		if (smi_info->oem_data_avail_handler(smi_info))
487 			goto retry;
488 	} else
489 		smi_info->si_state = SI_NORMAL;
490 }
491 
492 /*
493  * Global enables we care about.
494  */
495 #define GLOBAL_ENABLES_MASK (IPMI_BMC_EVT_MSG_BUFF | IPMI_BMC_RCV_MSG_INTR | \
496 			     IPMI_BMC_EVT_MSG_INTR)
497 
498 static u8 current_global_enables(struct smi_info *smi_info, u8 base,
499 				 bool *irq_on)
500 {
501 	u8 enables = 0;
502 
503 	if (smi_info->supports_event_msg_buff)
504 		enables |= IPMI_BMC_EVT_MSG_BUFF;
505 
506 	if (((smi_info->io.irq && !smi_info->interrupt_disabled) ||
507 	     smi_info->cannot_disable_irq) &&
508 	    !smi_info->irq_enable_broken)
509 		enables |= IPMI_BMC_RCV_MSG_INTR;
510 
511 	if (smi_info->supports_event_msg_buff &&
512 	    smi_info->io.irq && !smi_info->interrupt_disabled &&
513 	    !smi_info->irq_enable_broken)
514 		enables |= IPMI_BMC_EVT_MSG_INTR;
515 
516 	*irq_on = enables & (IPMI_BMC_EVT_MSG_INTR | IPMI_BMC_RCV_MSG_INTR);
517 
518 	return enables;
519 }
520 
521 static void check_bt_irq(struct smi_info *smi_info, bool irq_on)
522 {
523 	u8 irqstate = smi_info->io.inputb(&smi_info->io, IPMI_BT_INTMASK_REG);
524 
525 	irqstate &= IPMI_BT_INTMASK_ENABLE_IRQ_BIT;
526 
527 	if ((bool)irqstate == irq_on)
528 		return;
529 
530 	if (irq_on)
531 		smi_info->io.outputb(&smi_info->io, IPMI_BT_INTMASK_REG,
532 				     IPMI_BT_INTMASK_ENABLE_IRQ_BIT);
533 	else
534 		smi_info->io.outputb(&smi_info->io, IPMI_BT_INTMASK_REG, 0);
535 }
536 
537 static void handle_transaction_done(struct smi_info *smi_info)
538 {
539 	struct ipmi_smi_msg *msg;
540 
541 	debug_timestamp("Done");
542 	switch (smi_info->si_state) {
543 	case SI_NORMAL:
544 		if (!smi_info->curr_msg)
545 			break;
546 
547 		smi_info->curr_msg->rsp_size
548 			= smi_info->handlers->get_result(
549 				smi_info->si_sm,
550 				smi_info->curr_msg->rsp,
551 				IPMI_MAX_MSG_LENGTH);
552 
553 		/*
554 		 * Do this here becase deliver_recv_msg() releases the
555 		 * lock, and a new message can be put in during the
556 		 * time the lock is released.
557 		 */
558 		msg = smi_info->curr_msg;
559 		smi_info->curr_msg = NULL;
560 		deliver_recv_msg(smi_info, msg);
561 		break;
562 
563 	case SI_GETTING_FLAGS:
564 	{
565 		unsigned char msg[4];
566 		unsigned int  len;
567 
568 		/* We got the flags from the SMI, now handle them. */
569 		len = smi_info->handlers->get_result(smi_info->si_sm, msg, 4);
570 		if (msg[2] != 0) {
571 			/* Error fetching flags, just give up for now. */
572 			smi_info->si_state = SI_NORMAL;
573 		} else if (len < 4) {
574 			/*
575 			 * Hmm, no flags.  That's technically illegal, but
576 			 * don't use uninitialized data.
577 			 */
578 			smi_info->si_state = SI_NORMAL;
579 		} else {
580 			smi_info->msg_flags = msg[3];
581 			handle_flags(smi_info);
582 		}
583 		break;
584 	}
585 
586 	case SI_CLEARING_FLAGS:
587 	{
588 		unsigned char msg[3];
589 
590 		/* We cleared the flags. */
591 		smi_info->handlers->get_result(smi_info->si_sm, msg, 3);
592 		if (msg[2] != 0) {
593 			/* Error clearing flags */
594 			dev_warn_ratelimited(smi_info->io.dev,
595 				 "Error clearing flags: %2.2x\n", msg[2]);
596 		}
597 		smi_info->si_state = SI_NORMAL;
598 		break;
599 	}
600 
601 	case SI_GETTING_EVENTS:
602 	{
603 		smi_info->curr_msg->rsp_size
604 			= smi_info->handlers->get_result(
605 				smi_info->si_sm,
606 				smi_info->curr_msg->rsp,
607 				IPMI_MAX_MSG_LENGTH);
608 
609 		/*
610 		 * Do this here becase deliver_recv_msg() releases the
611 		 * lock, and a new message can be put in during the
612 		 * time the lock is released.
613 		 */
614 		msg = smi_info->curr_msg;
615 		smi_info->curr_msg = NULL;
616 		if (msg->rsp[2] != 0) {
617 			/* Error getting event, probably done. */
618 			msg->done(msg);
619 
620 			/* Take off the event flag. */
621 			smi_info->msg_flags &= ~EVENT_MSG_BUFFER_FULL;
622 			handle_flags(smi_info);
623 		} else {
624 			smi_inc_stat(smi_info, events);
625 
626 			/*
627 			 * Do this before we deliver the message
628 			 * because delivering the message releases the
629 			 * lock and something else can mess with the
630 			 * state.
631 			 */
632 			handle_flags(smi_info);
633 
634 			deliver_recv_msg(smi_info, msg);
635 		}
636 		break;
637 	}
638 
639 	case SI_GETTING_MESSAGES:
640 	{
641 		smi_info->curr_msg->rsp_size
642 			= smi_info->handlers->get_result(
643 				smi_info->si_sm,
644 				smi_info->curr_msg->rsp,
645 				IPMI_MAX_MSG_LENGTH);
646 
647 		/*
648 		 * Do this here becase deliver_recv_msg() releases the
649 		 * lock, and a new message can be put in during the
650 		 * time the lock is released.
651 		 */
652 		msg = smi_info->curr_msg;
653 		smi_info->curr_msg = NULL;
654 		if (msg->rsp[2] != 0) {
655 			/* Error getting event, probably done. */
656 			msg->done(msg);
657 
658 			/* Take off the msg flag. */
659 			smi_info->msg_flags &= ~RECEIVE_MSG_AVAIL;
660 			handle_flags(smi_info);
661 		} else {
662 			smi_inc_stat(smi_info, incoming_messages);
663 
664 			/*
665 			 * Do this before we deliver the message
666 			 * because delivering the message releases the
667 			 * lock and something else can mess with the
668 			 * state.
669 			 */
670 			handle_flags(smi_info);
671 
672 			deliver_recv_msg(smi_info, msg);
673 		}
674 		break;
675 	}
676 
677 	case SI_CHECKING_ENABLES:
678 	{
679 		unsigned char msg[4];
680 		u8 enables;
681 		bool irq_on;
682 
683 		/* We got the flags from the SMI, now handle them. */
684 		smi_info->handlers->get_result(smi_info->si_sm, msg, 4);
685 		if (msg[2] != 0) {
686 			dev_warn_ratelimited(smi_info->io.dev,
687 				"Couldn't get irq info: %x,\n"
688 				"Maybe ok, but ipmi might run very slowly.\n",
689 				msg[2]);
690 			smi_info->si_state = SI_NORMAL;
691 			break;
692 		}
693 		enables = current_global_enables(smi_info, 0, &irq_on);
694 		if (smi_info->io.si_type == SI_BT)
695 			/* BT has its own interrupt enable bit. */
696 			check_bt_irq(smi_info, irq_on);
697 		if (enables != (msg[3] & GLOBAL_ENABLES_MASK)) {
698 			/* Enables are not correct, fix them. */
699 			msg[0] = (IPMI_NETFN_APP_REQUEST << 2);
700 			msg[1] = IPMI_SET_BMC_GLOBAL_ENABLES_CMD;
701 			msg[2] = enables | (msg[3] & ~GLOBAL_ENABLES_MASK);
702 			smi_info->handlers->start_transaction(
703 				smi_info->si_sm, msg, 3);
704 			smi_info->si_state = SI_SETTING_ENABLES;
705 		} else if (smi_info->supports_event_msg_buff) {
706 			smi_info->curr_msg = ipmi_alloc_smi_msg();
707 			if (!smi_info->curr_msg) {
708 				smi_info->si_state = SI_NORMAL;
709 				break;
710 			}
711 			start_getting_events(smi_info);
712 		} else {
713 			smi_info->si_state = SI_NORMAL;
714 		}
715 		break;
716 	}
717 
718 	case SI_SETTING_ENABLES:
719 	{
720 		unsigned char msg[4];
721 
722 		smi_info->handlers->get_result(smi_info->si_sm, msg, 4);
723 		if (msg[2] != 0)
724 			dev_warn_ratelimited(smi_info->io.dev,
725 				 "Could not set the global enables: 0x%x.\n",
726 				 msg[2]);
727 
728 		if (smi_info->supports_event_msg_buff) {
729 			smi_info->curr_msg = ipmi_alloc_smi_msg();
730 			if (!smi_info->curr_msg) {
731 				smi_info->si_state = SI_NORMAL;
732 				break;
733 			}
734 			start_getting_events(smi_info);
735 		} else {
736 			smi_info->si_state = SI_NORMAL;
737 		}
738 		break;
739 	}
740 	}
741 }
742 
743 /*
744  * Called on timeouts and events.  Timeouts should pass the elapsed
745  * time, interrupts should pass in zero.  Must be called with
746  * si_lock held and interrupts disabled.
747  */
748 static enum si_sm_result smi_event_handler(struct smi_info *smi_info,
749 					   int time)
750 {
751 	enum si_sm_result si_sm_result;
752 
753 restart:
754 	/*
755 	 * There used to be a loop here that waited a little while
756 	 * (around 25us) before giving up.  That turned out to be
757 	 * pointless, the minimum delays I was seeing were in the 300us
758 	 * range, which is far too long to wait in an interrupt.  So
759 	 * we just run until the state machine tells us something
760 	 * happened or it needs a delay.
761 	 */
762 	si_sm_result = smi_info->handlers->event(smi_info->si_sm, time);
763 	time = 0;
764 	while (si_sm_result == SI_SM_CALL_WITHOUT_DELAY)
765 		si_sm_result = smi_info->handlers->event(smi_info->si_sm, 0);
766 
767 	if (si_sm_result == SI_SM_TRANSACTION_COMPLETE) {
768 		smi_inc_stat(smi_info, complete_transactions);
769 
770 		handle_transaction_done(smi_info);
771 		goto restart;
772 	} else if (si_sm_result == SI_SM_HOSED) {
773 		smi_inc_stat(smi_info, hosed_count);
774 
775 		/*
776 		 * Do the before return_hosed_msg, because that
777 		 * releases the lock.
778 		 */
779 		smi_info->si_state = SI_NORMAL;
780 		if (smi_info->curr_msg != NULL) {
781 			/*
782 			 * If we were handling a user message, format
783 			 * a response to send to the upper layer to
784 			 * tell it about the error.
785 			 */
786 			return_hosed_msg(smi_info, IPMI_ERR_UNSPECIFIED);
787 		}
788 		goto restart;
789 	}
790 
791 	/*
792 	 * We prefer handling attn over new messages.  But don't do
793 	 * this if there is not yet an upper layer to handle anything.
794 	 */
795 	if (si_sm_result == SI_SM_ATTN || smi_info->got_attn) {
796 		unsigned char msg[2];
797 
798 		if (smi_info->si_state != SI_NORMAL) {
799 			/*
800 			 * We got an ATTN, but we are doing something else.
801 			 * Handle the ATTN later.
802 			 */
803 			smi_info->got_attn = true;
804 		} else {
805 			smi_info->got_attn = false;
806 			smi_inc_stat(smi_info, attentions);
807 
808 			/*
809 			 * Got a attn, send down a get message flags to see
810 			 * what's causing it.  It would be better to handle
811 			 * this in the upper layer, but due to the way
812 			 * interrupts work with the SMI, that's not really
813 			 * possible.
814 			 */
815 			msg[0] = (IPMI_NETFN_APP_REQUEST << 2);
816 			msg[1] = IPMI_GET_MSG_FLAGS_CMD;
817 
818 			start_new_msg(smi_info, msg, 2);
819 			smi_info->si_state = SI_GETTING_FLAGS;
820 			goto restart;
821 		}
822 	}
823 
824 	/* If we are currently idle, try to start the next message. */
825 	if (si_sm_result == SI_SM_IDLE) {
826 		smi_inc_stat(smi_info, idles);
827 
828 		si_sm_result = start_next_msg(smi_info);
829 		if (si_sm_result != SI_SM_IDLE)
830 			goto restart;
831 	}
832 
833 	if ((si_sm_result == SI_SM_IDLE)
834 	    && (atomic_read(&smi_info->req_events))) {
835 		/*
836 		 * We are idle and the upper layer requested that I fetch
837 		 * events, so do so.
838 		 */
839 		atomic_set(&smi_info->req_events, 0);
840 
841 		/*
842 		 * Take this opportunity to check the interrupt and
843 		 * message enable state for the BMC.  The BMC can be
844 		 * asynchronously reset, and may thus get interrupts
845 		 * disable and messages disabled.
846 		 */
847 		if (smi_info->supports_event_msg_buff || smi_info->io.irq) {
848 			start_check_enables(smi_info);
849 		} else {
850 			smi_info->curr_msg = alloc_msg_handle_irq(smi_info);
851 			if (!smi_info->curr_msg)
852 				goto out;
853 
854 			start_getting_events(smi_info);
855 		}
856 		goto restart;
857 	}
858 
859 	if (si_sm_result == SI_SM_IDLE && smi_info->timer_running) {
860 		/* Ok it if fails, the timer will just go off. */
861 		if (del_timer(&smi_info->si_timer))
862 			smi_info->timer_running = false;
863 	}
864 
865 out:
866 	return si_sm_result;
867 }
868 
869 static void check_start_timer_thread(struct smi_info *smi_info)
870 {
871 	if (smi_info->si_state == SI_NORMAL && smi_info->curr_msg == NULL) {
872 		smi_mod_timer(smi_info, jiffies + SI_TIMEOUT_JIFFIES);
873 
874 		if (smi_info->thread)
875 			wake_up_process(smi_info->thread);
876 
877 		start_next_msg(smi_info);
878 		smi_event_handler(smi_info, 0);
879 	}
880 }
881 
882 static void flush_messages(void *send_info)
883 {
884 	struct smi_info *smi_info = send_info;
885 	enum si_sm_result result;
886 
887 	/*
888 	 * Currently, this function is called only in run-to-completion
889 	 * mode.  This means we are single-threaded, no need for locks.
890 	 */
891 	result = smi_event_handler(smi_info, 0);
892 	while (result != SI_SM_IDLE) {
893 		udelay(SI_SHORT_TIMEOUT_USEC);
894 		result = smi_event_handler(smi_info, SI_SHORT_TIMEOUT_USEC);
895 	}
896 }
897 
898 static void sender(void                *send_info,
899 		   struct ipmi_smi_msg *msg)
900 {
901 	struct smi_info   *smi_info = send_info;
902 	unsigned long     flags;
903 
904 	debug_timestamp("Enqueue");
905 
906 	if (smi_info->run_to_completion) {
907 		/*
908 		 * If we are running to completion, start it.  Upper
909 		 * layer will call flush_messages to clear it out.
910 		 */
911 		smi_info->waiting_msg = msg;
912 		return;
913 	}
914 
915 	spin_lock_irqsave(&smi_info->si_lock, flags);
916 	/*
917 	 * The following two lines don't need to be under the lock for
918 	 * the lock's sake, but they do need SMP memory barriers to
919 	 * avoid getting things out of order.  We are already claiming
920 	 * the lock, anyway, so just do it under the lock to avoid the
921 	 * ordering problem.
922 	 */
923 	BUG_ON(smi_info->waiting_msg);
924 	smi_info->waiting_msg = msg;
925 	check_start_timer_thread(smi_info);
926 	spin_unlock_irqrestore(&smi_info->si_lock, flags);
927 }
928 
929 static void set_run_to_completion(void *send_info, bool i_run_to_completion)
930 {
931 	struct smi_info   *smi_info = send_info;
932 
933 	smi_info->run_to_completion = i_run_to_completion;
934 	if (i_run_to_completion)
935 		flush_messages(smi_info);
936 }
937 
938 /*
939  * Use -1 as a special constant to tell that we are spinning in kipmid
940  * looking for something and not delaying between checks
941  */
942 #define IPMI_TIME_NOT_BUSY ns_to_ktime(-1ull)
943 static inline bool ipmi_thread_busy_wait(enum si_sm_result smi_result,
944 					 const struct smi_info *smi_info,
945 					 ktime_t *busy_until)
946 {
947 	unsigned int max_busy_us = 0;
948 
949 	if (smi_info->si_num < num_max_busy_us)
950 		max_busy_us = kipmid_max_busy_us[smi_info->si_num];
951 	if (max_busy_us == 0 || smi_result != SI_SM_CALL_WITH_DELAY)
952 		*busy_until = IPMI_TIME_NOT_BUSY;
953 	else if (*busy_until == IPMI_TIME_NOT_BUSY) {
954 		*busy_until = ktime_get() + max_busy_us * NSEC_PER_USEC;
955 	} else {
956 		if (unlikely(ktime_get() > *busy_until)) {
957 			*busy_until = IPMI_TIME_NOT_BUSY;
958 			return false;
959 		}
960 	}
961 	return true;
962 }
963 
964 
965 /*
966  * A busy-waiting loop for speeding up IPMI operation.
967  *
968  * Lousy hardware makes this hard.  This is only enabled for systems
969  * that are not BT and do not have interrupts.  It starts spinning
970  * when an operation is complete or until max_busy tells it to stop
971  * (if that is enabled).  See the paragraph on kimid_max_busy_us in
972  * Documentation/driver-api/ipmi.rst for details.
973  */
974 static int ipmi_thread(void *data)
975 {
976 	struct smi_info *smi_info = data;
977 	unsigned long flags;
978 	enum si_sm_result smi_result;
979 	ktime_t busy_until = IPMI_TIME_NOT_BUSY;
980 
981 	set_user_nice(current, MAX_NICE);
982 	while (!kthread_should_stop()) {
983 		int busy_wait;
984 
985 		spin_lock_irqsave(&(smi_info->si_lock), flags);
986 		smi_result = smi_event_handler(smi_info, 0);
987 
988 		/*
989 		 * If the driver is doing something, there is a possible
990 		 * race with the timer.  If the timer handler see idle,
991 		 * and the thread here sees something else, the timer
992 		 * handler won't restart the timer even though it is
993 		 * required.  So start it here if necessary.
994 		 */
995 		if (smi_result != SI_SM_IDLE && !smi_info->timer_running)
996 			smi_mod_timer(smi_info, jiffies + SI_TIMEOUT_JIFFIES);
997 
998 		spin_unlock_irqrestore(&(smi_info->si_lock), flags);
999 		busy_wait = ipmi_thread_busy_wait(smi_result, smi_info,
1000 						  &busy_until);
1001 		if (smi_result == SI_SM_CALL_WITHOUT_DELAY) {
1002 			; /* do nothing */
1003 		} else if (smi_result == SI_SM_CALL_WITH_DELAY && busy_wait) {
1004 			/*
1005 			 * In maintenance mode we run as fast as
1006 			 * possible to allow firmware updates to
1007 			 * complete as fast as possible, but normally
1008 			 * don't bang on the scheduler.
1009 			 */
1010 			if (smi_info->in_maintenance_mode)
1011 				schedule();
1012 			else
1013 				usleep_range(100, 200);
1014 		} else if (smi_result == SI_SM_IDLE) {
1015 			if (atomic_read(&smi_info->need_watch)) {
1016 				schedule_timeout_interruptible(100);
1017 			} else {
1018 				/* Wait to be woken up when we are needed. */
1019 				__set_current_state(TASK_INTERRUPTIBLE);
1020 				schedule();
1021 			}
1022 		} else {
1023 			schedule_timeout_interruptible(1);
1024 		}
1025 	}
1026 	return 0;
1027 }
1028 
1029 
1030 static void poll(void *send_info)
1031 {
1032 	struct smi_info *smi_info = send_info;
1033 	unsigned long flags = 0;
1034 	bool run_to_completion = smi_info->run_to_completion;
1035 
1036 	/*
1037 	 * Make sure there is some delay in the poll loop so we can
1038 	 * drive time forward and timeout things.
1039 	 */
1040 	udelay(10);
1041 	if (!run_to_completion)
1042 		spin_lock_irqsave(&smi_info->si_lock, flags);
1043 	smi_event_handler(smi_info, 10);
1044 	if (!run_to_completion)
1045 		spin_unlock_irqrestore(&smi_info->si_lock, flags);
1046 }
1047 
1048 static void request_events(void *send_info)
1049 {
1050 	struct smi_info *smi_info = send_info;
1051 
1052 	if (!smi_info->has_event_buffer)
1053 		return;
1054 
1055 	atomic_set(&smi_info->req_events, 1);
1056 }
1057 
1058 static void set_need_watch(void *send_info, unsigned int watch_mask)
1059 {
1060 	struct smi_info *smi_info = send_info;
1061 	unsigned long flags;
1062 	int enable;
1063 
1064 	enable = !!watch_mask;
1065 
1066 	atomic_set(&smi_info->need_watch, enable);
1067 	spin_lock_irqsave(&smi_info->si_lock, flags);
1068 	check_start_timer_thread(smi_info);
1069 	spin_unlock_irqrestore(&smi_info->si_lock, flags);
1070 }
1071 
1072 static void smi_timeout(struct timer_list *t)
1073 {
1074 	struct smi_info   *smi_info = from_timer(smi_info, t, si_timer);
1075 	enum si_sm_result smi_result;
1076 	unsigned long     flags;
1077 	unsigned long     jiffies_now;
1078 	long              time_diff;
1079 	long		  timeout;
1080 
1081 	spin_lock_irqsave(&(smi_info->si_lock), flags);
1082 	debug_timestamp("Timer");
1083 
1084 	jiffies_now = jiffies;
1085 	time_diff = (((long)jiffies_now - (long)smi_info->last_timeout_jiffies)
1086 		     * SI_USEC_PER_JIFFY);
1087 	smi_result = smi_event_handler(smi_info, time_diff);
1088 
1089 	if ((smi_info->io.irq) && (!smi_info->interrupt_disabled)) {
1090 		/* Running with interrupts, only do long timeouts. */
1091 		timeout = jiffies + SI_TIMEOUT_JIFFIES;
1092 		smi_inc_stat(smi_info, long_timeouts);
1093 		goto do_mod_timer;
1094 	}
1095 
1096 	/*
1097 	 * If the state machine asks for a short delay, then shorten
1098 	 * the timer timeout.
1099 	 */
1100 	if (smi_result == SI_SM_CALL_WITH_DELAY) {
1101 		smi_inc_stat(smi_info, short_timeouts);
1102 		timeout = jiffies + 1;
1103 	} else {
1104 		smi_inc_stat(smi_info, long_timeouts);
1105 		timeout = jiffies + SI_TIMEOUT_JIFFIES;
1106 	}
1107 
1108 do_mod_timer:
1109 	if (smi_result != SI_SM_IDLE)
1110 		smi_mod_timer(smi_info, timeout);
1111 	else
1112 		smi_info->timer_running = false;
1113 	spin_unlock_irqrestore(&(smi_info->si_lock), flags);
1114 }
1115 
1116 irqreturn_t ipmi_si_irq_handler(int irq, void *data)
1117 {
1118 	struct smi_info *smi_info = data;
1119 	unsigned long   flags;
1120 
1121 	if (smi_info->io.si_type == SI_BT)
1122 		/* We need to clear the IRQ flag for the BT interface. */
1123 		smi_info->io.outputb(&smi_info->io, IPMI_BT_INTMASK_REG,
1124 				     IPMI_BT_INTMASK_CLEAR_IRQ_BIT
1125 				     | IPMI_BT_INTMASK_ENABLE_IRQ_BIT);
1126 
1127 	spin_lock_irqsave(&(smi_info->si_lock), flags);
1128 
1129 	smi_inc_stat(smi_info, interrupts);
1130 
1131 	debug_timestamp("Interrupt");
1132 
1133 	smi_event_handler(smi_info, 0);
1134 	spin_unlock_irqrestore(&(smi_info->si_lock), flags);
1135 	return IRQ_HANDLED;
1136 }
1137 
1138 static int smi_start_processing(void            *send_info,
1139 				struct ipmi_smi *intf)
1140 {
1141 	struct smi_info *new_smi = send_info;
1142 	int             enable = 0;
1143 
1144 	new_smi->intf = intf;
1145 
1146 	/* Set up the timer that drives the interface. */
1147 	timer_setup(&new_smi->si_timer, smi_timeout, 0);
1148 	new_smi->timer_can_start = true;
1149 	smi_mod_timer(new_smi, jiffies + SI_TIMEOUT_JIFFIES);
1150 
1151 	/* Try to claim any interrupts. */
1152 	if (new_smi->io.irq_setup) {
1153 		new_smi->io.irq_handler_data = new_smi;
1154 		new_smi->io.irq_setup(&new_smi->io);
1155 	}
1156 
1157 	/*
1158 	 * Check if the user forcefully enabled the daemon.
1159 	 */
1160 	if (new_smi->si_num < num_force_kipmid)
1161 		enable = force_kipmid[new_smi->si_num];
1162 	/*
1163 	 * The BT interface is efficient enough to not need a thread,
1164 	 * and there is no need for a thread if we have interrupts.
1165 	 */
1166 	else if ((new_smi->io.si_type != SI_BT) && (!new_smi->io.irq))
1167 		enable = 1;
1168 
1169 	if (enable) {
1170 		new_smi->thread = kthread_run(ipmi_thread, new_smi,
1171 					      "kipmi%d", new_smi->si_num);
1172 		if (IS_ERR(new_smi->thread)) {
1173 			dev_notice(new_smi->io.dev,
1174 				   "Could not start kernel thread due to error %ld, only using timers to drive the interface\n",
1175 				   PTR_ERR(new_smi->thread));
1176 			new_smi->thread = NULL;
1177 		}
1178 	}
1179 
1180 	return 0;
1181 }
1182 
1183 static int get_smi_info(void *send_info, struct ipmi_smi_info *data)
1184 {
1185 	struct smi_info *smi = send_info;
1186 
1187 	data->addr_src = smi->io.addr_source;
1188 	data->dev = smi->io.dev;
1189 	data->addr_info = smi->io.addr_info;
1190 	get_device(smi->io.dev);
1191 
1192 	return 0;
1193 }
1194 
1195 static void set_maintenance_mode(void *send_info, bool enable)
1196 {
1197 	struct smi_info   *smi_info = send_info;
1198 
1199 	if (!enable)
1200 		atomic_set(&smi_info->req_events, 0);
1201 	smi_info->in_maintenance_mode = enable;
1202 }
1203 
1204 static void shutdown_smi(void *send_info);
1205 static const struct ipmi_smi_handlers handlers = {
1206 	.owner                  = THIS_MODULE,
1207 	.start_processing       = smi_start_processing,
1208 	.shutdown               = shutdown_smi,
1209 	.get_smi_info		= get_smi_info,
1210 	.sender			= sender,
1211 	.request_events		= request_events,
1212 	.set_need_watch		= set_need_watch,
1213 	.set_maintenance_mode   = set_maintenance_mode,
1214 	.set_run_to_completion  = set_run_to_completion,
1215 	.flush_messages		= flush_messages,
1216 	.poll			= poll,
1217 };
1218 
1219 static LIST_HEAD(smi_infos);
1220 static DEFINE_MUTEX(smi_infos_lock);
1221 static int smi_num; /* Used to sequence the SMIs */
1222 
1223 static const char * const addr_space_to_str[] = { "i/o", "mem" };
1224 
1225 module_param_array(force_kipmid, int, &num_force_kipmid, 0);
1226 MODULE_PARM_DESC(force_kipmid,
1227 		 "Force the kipmi daemon to be enabled (1) or disabled(0).  Normally the IPMI driver auto-detects this, but the value may be overridden by this parm.");
1228 module_param(unload_when_empty, bool, 0);
1229 MODULE_PARM_DESC(unload_when_empty,
1230 		 "Unload the module if no interfaces are specified or found, default is 1.  Setting to 0 is useful for hot add of devices using hotmod.");
1231 module_param_array(kipmid_max_busy_us, uint, &num_max_busy_us, 0644);
1232 MODULE_PARM_DESC(kipmid_max_busy_us,
1233 		 "Max time (in microseconds) to busy-wait for IPMI data before sleeping. 0 (default) means to wait forever. Set to 100-500 if kipmid is using up a lot of CPU time.");
1234 
1235 void ipmi_irq_finish_setup(struct si_sm_io *io)
1236 {
1237 	if (io->si_type == SI_BT)
1238 		/* Enable the interrupt in the BT interface. */
1239 		io->outputb(io, IPMI_BT_INTMASK_REG,
1240 			    IPMI_BT_INTMASK_ENABLE_IRQ_BIT);
1241 }
1242 
1243 void ipmi_irq_start_cleanup(struct si_sm_io *io)
1244 {
1245 	if (io->si_type == SI_BT)
1246 		/* Disable the interrupt in the BT interface. */
1247 		io->outputb(io, IPMI_BT_INTMASK_REG, 0);
1248 }
1249 
1250 static void std_irq_cleanup(struct si_sm_io *io)
1251 {
1252 	ipmi_irq_start_cleanup(io);
1253 	free_irq(io->irq, io->irq_handler_data);
1254 }
1255 
1256 int ipmi_std_irq_setup(struct si_sm_io *io)
1257 {
1258 	int rv;
1259 
1260 	if (!io->irq)
1261 		return 0;
1262 
1263 	rv = request_irq(io->irq,
1264 			 ipmi_si_irq_handler,
1265 			 IRQF_SHARED,
1266 			 SI_DEVICE_NAME,
1267 			 io->irq_handler_data);
1268 	if (rv) {
1269 		dev_warn(io->dev, "%s unable to claim interrupt %d, running polled\n",
1270 			 SI_DEVICE_NAME, io->irq);
1271 		io->irq = 0;
1272 	} else {
1273 		io->irq_cleanup = std_irq_cleanup;
1274 		ipmi_irq_finish_setup(io);
1275 		dev_info(io->dev, "Using irq %d\n", io->irq);
1276 	}
1277 
1278 	return rv;
1279 }
1280 
1281 static int wait_for_msg_done(struct smi_info *smi_info)
1282 {
1283 	enum si_sm_result     smi_result;
1284 
1285 	smi_result = smi_info->handlers->event(smi_info->si_sm, 0);
1286 	for (;;) {
1287 		if (smi_result == SI_SM_CALL_WITH_DELAY ||
1288 		    smi_result == SI_SM_CALL_WITH_TICK_DELAY) {
1289 			schedule_timeout_uninterruptible(1);
1290 			smi_result = smi_info->handlers->event(
1291 				smi_info->si_sm, jiffies_to_usecs(1));
1292 		} else if (smi_result == SI_SM_CALL_WITHOUT_DELAY) {
1293 			smi_result = smi_info->handlers->event(
1294 				smi_info->si_sm, 0);
1295 		} else
1296 			break;
1297 	}
1298 	if (smi_result == SI_SM_HOSED)
1299 		/*
1300 		 * We couldn't get the state machine to run, so whatever's at
1301 		 * the port is probably not an IPMI SMI interface.
1302 		 */
1303 		return -ENODEV;
1304 
1305 	return 0;
1306 }
1307 
1308 static int try_get_dev_id(struct smi_info *smi_info)
1309 {
1310 	unsigned char         msg[2];
1311 	unsigned char         *resp;
1312 	unsigned long         resp_len;
1313 	int                   rv = 0;
1314 	unsigned int          retry_count = 0;
1315 
1316 	resp = kmalloc(IPMI_MAX_MSG_LENGTH, GFP_KERNEL);
1317 	if (!resp)
1318 		return -ENOMEM;
1319 
1320 	/*
1321 	 * Do a Get Device ID command, since it comes back with some
1322 	 * useful info.
1323 	 */
1324 	msg[0] = IPMI_NETFN_APP_REQUEST << 2;
1325 	msg[1] = IPMI_GET_DEVICE_ID_CMD;
1326 
1327 retry:
1328 	smi_info->handlers->start_transaction(smi_info->si_sm, msg, 2);
1329 
1330 	rv = wait_for_msg_done(smi_info);
1331 	if (rv)
1332 		goto out;
1333 
1334 	resp_len = smi_info->handlers->get_result(smi_info->si_sm,
1335 						  resp, IPMI_MAX_MSG_LENGTH);
1336 
1337 	/* Check and record info from the get device id, in case we need it. */
1338 	rv = ipmi_demangle_device_id(resp[0] >> 2, resp[1],
1339 			resp + 2, resp_len - 2, &smi_info->device_id);
1340 	if (rv) {
1341 		/* record completion code */
1342 		unsigned char cc = *(resp + 2);
1343 
1344 		if (cc != IPMI_CC_NO_ERROR &&
1345 		    ++retry_count <= GET_DEVICE_ID_MAX_RETRY) {
1346 			dev_warn_ratelimited(smi_info->io.dev,
1347 			    "BMC returned 0x%2.2x, retry get bmc device id\n",
1348 			    cc);
1349 			goto retry;
1350 		}
1351 	}
1352 
1353 out:
1354 	kfree(resp);
1355 	return rv;
1356 }
1357 
1358 static int get_global_enables(struct smi_info *smi_info, u8 *enables)
1359 {
1360 	unsigned char         msg[3];
1361 	unsigned char         *resp;
1362 	unsigned long         resp_len;
1363 	int                   rv;
1364 
1365 	resp = kmalloc(IPMI_MAX_MSG_LENGTH, GFP_KERNEL);
1366 	if (!resp)
1367 		return -ENOMEM;
1368 
1369 	msg[0] = IPMI_NETFN_APP_REQUEST << 2;
1370 	msg[1] = IPMI_GET_BMC_GLOBAL_ENABLES_CMD;
1371 	smi_info->handlers->start_transaction(smi_info->si_sm, msg, 2);
1372 
1373 	rv = wait_for_msg_done(smi_info);
1374 	if (rv) {
1375 		dev_warn(smi_info->io.dev,
1376 			 "Error getting response from get global enables command: %d\n",
1377 			 rv);
1378 		goto out;
1379 	}
1380 
1381 	resp_len = smi_info->handlers->get_result(smi_info->si_sm,
1382 						  resp, IPMI_MAX_MSG_LENGTH);
1383 
1384 	if (resp_len < 4 ||
1385 			resp[0] != (IPMI_NETFN_APP_REQUEST | 1) << 2 ||
1386 			resp[1] != IPMI_GET_BMC_GLOBAL_ENABLES_CMD   ||
1387 			resp[2] != 0) {
1388 		dev_warn(smi_info->io.dev,
1389 			 "Invalid return from get global enables command: %ld %x %x %x\n",
1390 			 resp_len, resp[0], resp[1], resp[2]);
1391 		rv = -EINVAL;
1392 		goto out;
1393 	} else {
1394 		*enables = resp[3];
1395 	}
1396 
1397 out:
1398 	kfree(resp);
1399 	return rv;
1400 }
1401 
1402 /*
1403  * Returns 1 if it gets an error from the command.
1404  */
1405 static int set_global_enables(struct smi_info *smi_info, u8 enables)
1406 {
1407 	unsigned char         msg[3];
1408 	unsigned char         *resp;
1409 	unsigned long         resp_len;
1410 	int                   rv;
1411 
1412 	resp = kmalloc(IPMI_MAX_MSG_LENGTH, GFP_KERNEL);
1413 	if (!resp)
1414 		return -ENOMEM;
1415 
1416 	msg[0] = IPMI_NETFN_APP_REQUEST << 2;
1417 	msg[1] = IPMI_SET_BMC_GLOBAL_ENABLES_CMD;
1418 	msg[2] = enables;
1419 	smi_info->handlers->start_transaction(smi_info->si_sm, msg, 3);
1420 
1421 	rv = wait_for_msg_done(smi_info);
1422 	if (rv) {
1423 		dev_warn(smi_info->io.dev,
1424 			 "Error getting response from set global enables command: %d\n",
1425 			 rv);
1426 		goto out;
1427 	}
1428 
1429 	resp_len = smi_info->handlers->get_result(smi_info->si_sm,
1430 						  resp, IPMI_MAX_MSG_LENGTH);
1431 
1432 	if (resp_len < 3 ||
1433 			resp[0] != (IPMI_NETFN_APP_REQUEST | 1) << 2 ||
1434 			resp[1] != IPMI_SET_BMC_GLOBAL_ENABLES_CMD) {
1435 		dev_warn(smi_info->io.dev,
1436 			 "Invalid return from set global enables command: %ld %x %x\n",
1437 			 resp_len, resp[0], resp[1]);
1438 		rv = -EINVAL;
1439 		goto out;
1440 	}
1441 
1442 	if (resp[2] != 0)
1443 		rv = 1;
1444 
1445 out:
1446 	kfree(resp);
1447 	return rv;
1448 }
1449 
1450 /*
1451  * Some BMCs do not support clearing the receive irq bit in the global
1452  * enables (even if they don't support interrupts on the BMC).  Check
1453  * for this and handle it properly.
1454  */
1455 static void check_clr_rcv_irq(struct smi_info *smi_info)
1456 {
1457 	u8 enables = 0;
1458 	int rv;
1459 
1460 	rv = get_global_enables(smi_info, &enables);
1461 	if (!rv) {
1462 		if ((enables & IPMI_BMC_RCV_MSG_INTR) == 0)
1463 			/* Already clear, should work ok. */
1464 			return;
1465 
1466 		enables &= ~IPMI_BMC_RCV_MSG_INTR;
1467 		rv = set_global_enables(smi_info, enables);
1468 	}
1469 
1470 	if (rv < 0) {
1471 		dev_err(smi_info->io.dev,
1472 			"Cannot check clearing the rcv irq: %d\n", rv);
1473 		return;
1474 	}
1475 
1476 	if (rv) {
1477 		/*
1478 		 * An error when setting the event buffer bit means
1479 		 * clearing the bit is not supported.
1480 		 */
1481 		dev_warn(smi_info->io.dev,
1482 			 "The BMC does not support clearing the recv irq bit, compensating, but the BMC needs to be fixed.\n");
1483 		smi_info->cannot_disable_irq = true;
1484 	}
1485 }
1486 
1487 /*
1488  * Some BMCs do not support setting the interrupt bits in the global
1489  * enables even if they support interrupts.  Clearly bad, but we can
1490  * compensate.
1491  */
1492 static void check_set_rcv_irq(struct smi_info *smi_info)
1493 {
1494 	u8 enables = 0;
1495 	int rv;
1496 
1497 	if (!smi_info->io.irq)
1498 		return;
1499 
1500 	rv = get_global_enables(smi_info, &enables);
1501 	if (!rv) {
1502 		enables |= IPMI_BMC_RCV_MSG_INTR;
1503 		rv = set_global_enables(smi_info, enables);
1504 	}
1505 
1506 	if (rv < 0) {
1507 		dev_err(smi_info->io.dev,
1508 			"Cannot check setting the rcv irq: %d\n", rv);
1509 		return;
1510 	}
1511 
1512 	if (rv) {
1513 		/*
1514 		 * An error when setting the event buffer bit means
1515 		 * setting the bit is not supported.
1516 		 */
1517 		dev_warn(smi_info->io.dev,
1518 			 "The BMC does not support setting the recv irq bit, compensating, but the BMC needs to be fixed.\n");
1519 		smi_info->cannot_disable_irq = true;
1520 		smi_info->irq_enable_broken = true;
1521 	}
1522 }
1523 
1524 static int try_enable_event_buffer(struct smi_info *smi_info)
1525 {
1526 	unsigned char         msg[3];
1527 	unsigned char         *resp;
1528 	unsigned long         resp_len;
1529 	int                   rv = 0;
1530 
1531 	resp = kmalloc(IPMI_MAX_MSG_LENGTH, GFP_KERNEL);
1532 	if (!resp)
1533 		return -ENOMEM;
1534 
1535 	msg[0] = IPMI_NETFN_APP_REQUEST << 2;
1536 	msg[1] = IPMI_GET_BMC_GLOBAL_ENABLES_CMD;
1537 	smi_info->handlers->start_transaction(smi_info->si_sm, msg, 2);
1538 
1539 	rv = wait_for_msg_done(smi_info);
1540 	if (rv) {
1541 		pr_warn("Error getting response from get global enables command, the event buffer is not enabled\n");
1542 		goto out;
1543 	}
1544 
1545 	resp_len = smi_info->handlers->get_result(smi_info->si_sm,
1546 						  resp, IPMI_MAX_MSG_LENGTH);
1547 
1548 	if (resp_len < 4 ||
1549 			resp[0] != (IPMI_NETFN_APP_REQUEST | 1) << 2 ||
1550 			resp[1] != IPMI_GET_BMC_GLOBAL_ENABLES_CMD   ||
1551 			resp[2] != 0) {
1552 		pr_warn("Invalid return from get global enables command, cannot enable the event buffer\n");
1553 		rv = -EINVAL;
1554 		goto out;
1555 	}
1556 
1557 	if (resp[3] & IPMI_BMC_EVT_MSG_BUFF) {
1558 		/* buffer is already enabled, nothing to do. */
1559 		smi_info->supports_event_msg_buff = true;
1560 		goto out;
1561 	}
1562 
1563 	msg[0] = IPMI_NETFN_APP_REQUEST << 2;
1564 	msg[1] = IPMI_SET_BMC_GLOBAL_ENABLES_CMD;
1565 	msg[2] = resp[3] | IPMI_BMC_EVT_MSG_BUFF;
1566 	smi_info->handlers->start_transaction(smi_info->si_sm, msg, 3);
1567 
1568 	rv = wait_for_msg_done(smi_info);
1569 	if (rv) {
1570 		pr_warn("Error getting response from set global, enables command, the event buffer is not enabled\n");
1571 		goto out;
1572 	}
1573 
1574 	resp_len = smi_info->handlers->get_result(smi_info->si_sm,
1575 						  resp, IPMI_MAX_MSG_LENGTH);
1576 
1577 	if (resp_len < 3 ||
1578 			resp[0] != (IPMI_NETFN_APP_REQUEST | 1) << 2 ||
1579 			resp[1] != IPMI_SET_BMC_GLOBAL_ENABLES_CMD) {
1580 		pr_warn("Invalid return from get global, enables command, not enable the event buffer\n");
1581 		rv = -EINVAL;
1582 		goto out;
1583 	}
1584 
1585 	if (resp[2] != 0)
1586 		/*
1587 		 * An error when setting the event buffer bit means
1588 		 * that the event buffer is not supported.
1589 		 */
1590 		rv = -ENOENT;
1591 	else
1592 		smi_info->supports_event_msg_buff = true;
1593 
1594 out:
1595 	kfree(resp);
1596 	return rv;
1597 }
1598 
1599 #define IPMI_SI_ATTR(name) \
1600 static ssize_t name##_show(struct device *dev,			\
1601 			   struct device_attribute *attr,		\
1602 			   char *buf)					\
1603 {									\
1604 	struct smi_info *smi_info = dev_get_drvdata(dev);		\
1605 									\
1606 	return sysfs_emit(buf, "%u\n", smi_get_stat(smi_info, name));	\
1607 }									\
1608 static DEVICE_ATTR_RO(name)
1609 
1610 static ssize_t type_show(struct device *dev,
1611 			 struct device_attribute *attr,
1612 			 char *buf)
1613 {
1614 	struct smi_info *smi_info = dev_get_drvdata(dev);
1615 
1616 	return sysfs_emit(buf, "%s\n", si_to_str[smi_info->io.si_type]);
1617 }
1618 static DEVICE_ATTR_RO(type);
1619 
1620 static ssize_t interrupts_enabled_show(struct device *dev,
1621 				       struct device_attribute *attr,
1622 				       char *buf)
1623 {
1624 	struct smi_info *smi_info = dev_get_drvdata(dev);
1625 	int enabled = smi_info->io.irq && !smi_info->interrupt_disabled;
1626 
1627 	return sysfs_emit(buf, "%d\n", enabled);
1628 }
1629 static DEVICE_ATTR_RO(interrupts_enabled);
1630 
1631 IPMI_SI_ATTR(short_timeouts);
1632 IPMI_SI_ATTR(long_timeouts);
1633 IPMI_SI_ATTR(idles);
1634 IPMI_SI_ATTR(interrupts);
1635 IPMI_SI_ATTR(attentions);
1636 IPMI_SI_ATTR(flag_fetches);
1637 IPMI_SI_ATTR(hosed_count);
1638 IPMI_SI_ATTR(complete_transactions);
1639 IPMI_SI_ATTR(events);
1640 IPMI_SI_ATTR(watchdog_pretimeouts);
1641 IPMI_SI_ATTR(incoming_messages);
1642 
1643 static ssize_t params_show(struct device *dev,
1644 			   struct device_attribute *attr,
1645 			   char *buf)
1646 {
1647 	struct smi_info *smi_info = dev_get_drvdata(dev);
1648 
1649 	return sysfs_emit(buf,
1650 			"%s,%s,0x%lx,rsp=%d,rsi=%d,rsh=%d,irq=%d,ipmb=%d\n",
1651 			si_to_str[smi_info->io.si_type],
1652 			addr_space_to_str[smi_info->io.addr_space],
1653 			smi_info->io.addr_data,
1654 			smi_info->io.regspacing,
1655 			smi_info->io.regsize,
1656 			smi_info->io.regshift,
1657 			smi_info->io.irq,
1658 			smi_info->io.slave_addr);
1659 }
1660 static DEVICE_ATTR_RO(params);
1661 
1662 static struct attribute *ipmi_si_dev_attrs[] = {
1663 	&dev_attr_type.attr,
1664 	&dev_attr_interrupts_enabled.attr,
1665 	&dev_attr_short_timeouts.attr,
1666 	&dev_attr_long_timeouts.attr,
1667 	&dev_attr_idles.attr,
1668 	&dev_attr_interrupts.attr,
1669 	&dev_attr_attentions.attr,
1670 	&dev_attr_flag_fetches.attr,
1671 	&dev_attr_hosed_count.attr,
1672 	&dev_attr_complete_transactions.attr,
1673 	&dev_attr_events.attr,
1674 	&dev_attr_watchdog_pretimeouts.attr,
1675 	&dev_attr_incoming_messages.attr,
1676 	&dev_attr_params.attr,
1677 	NULL
1678 };
1679 
1680 static const struct attribute_group ipmi_si_dev_attr_group = {
1681 	.attrs		= ipmi_si_dev_attrs,
1682 };
1683 
1684 /*
1685  * oem_data_avail_to_receive_msg_avail
1686  * @info - smi_info structure with msg_flags set
1687  *
1688  * Converts flags from OEM_DATA_AVAIL to RECEIVE_MSG_AVAIL
1689  * Returns 1 indicating need to re-run handle_flags().
1690  */
1691 static int oem_data_avail_to_receive_msg_avail(struct smi_info *smi_info)
1692 {
1693 	smi_info->msg_flags = ((smi_info->msg_flags & ~OEM_DATA_AVAIL) |
1694 			       RECEIVE_MSG_AVAIL);
1695 	return 1;
1696 }
1697 
1698 /*
1699  * setup_dell_poweredge_oem_data_handler
1700  * @info - smi_info.device_id must be populated
1701  *
1702  * Systems that match, but have firmware version < 1.40 may assert
1703  * OEM0_DATA_AVAIL on their own, without being told via Set Flags that
1704  * it's safe to do so.  Such systems will de-assert OEM1_DATA_AVAIL
1705  * upon receipt of IPMI_GET_MSG_CMD, so we should treat these flags
1706  * as RECEIVE_MSG_AVAIL instead.
1707  *
1708  * As Dell has no plans to release IPMI 1.5 firmware that *ever*
1709  * assert the OEM[012] bits, and if it did, the driver would have to
1710  * change to handle that properly, we don't actually check for the
1711  * firmware version.
1712  * Device ID = 0x20                BMC on PowerEdge 8G servers
1713  * Device Revision = 0x80
1714  * Firmware Revision1 = 0x01       BMC version 1.40
1715  * Firmware Revision2 = 0x40       BCD encoded
1716  * IPMI Version = 0x51             IPMI 1.5
1717  * Manufacturer ID = A2 02 00      Dell IANA
1718  *
1719  * Additionally, PowerEdge systems with IPMI < 1.5 may also assert
1720  * OEM0_DATA_AVAIL and needs to be treated as RECEIVE_MSG_AVAIL.
1721  *
1722  */
1723 #define DELL_POWEREDGE_8G_BMC_DEVICE_ID  0x20
1724 #define DELL_POWEREDGE_8G_BMC_DEVICE_REV 0x80
1725 #define DELL_POWEREDGE_8G_BMC_IPMI_VERSION 0x51
1726 #define DELL_IANA_MFR_ID 0x0002a2
1727 static void setup_dell_poweredge_oem_data_handler(struct smi_info *smi_info)
1728 {
1729 	struct ipmi_device_id *id = &smi_info->device_id;
1730 	if (id->manufacturer_id == DELL_IANA_MFR_ID) {
1731 		if (id->device_id       == DELL_POWEREDGE_8G_BMC_DEVICE_ID  &&
1732 		    id->device_revision == DELL_POWEREDGE_8G_BMC_DEVICE_REV &&
1733 		    id->ipmi_version   == DELL_POWEREDGE_8G_BMC_IPMI_VERSION) {
1734 			smi_info->oem_data_avail_handler =
1735 				oem_data_avail_to_receive_msg_avail;
1736 		} else if (ipmi_version_major(id) < 1 ||
1737 			   (ipmi_version_major(id) == 1 &&
1738 			    ipmi_version_minor(id) < 5)) {
1739 			smi_info->oem_data_avail_handler =
1740 				oem_data_avail_to_receive_msg_avail;
1741 		}
1742 	}
1743 }
1744 
1745 #define CANNOT_RETURN_REQUESTED_LENGTH 0xCA
1746 static void return_hosed_msg_badsize(struct smi_info *smi_info)
1747 {
1748 	struct ipmi_smi_msg *msg = smi_info->curr_msg;
1749 
1750 	/* Make it a response */
1751 	msg->rsp[0] = msg->data[0] | 4;
1752 	msg->rsp[1] = msg->data[1];
1753 	msg->rsp[2] = CANNOT_RETURN_REQUESTED_LENGTH;
1754 	msg->rsp_size = 3;
1755 	smi_info->curr_msg = NULL;
1756 	deliver_recv_msg(smi_info, msg);
1757 }
1758 
1759 /*
1760  * dell_poweredge_bt_xaction_handler
1761  * @info - smi_info.device_id must be populated
1762  *
1763  * Dell PowerEdge servers with the BT interface (x6xx and 1750) will
1764  * not respond to a Get SDR command if the length of the data
1765  * requested is exactly 0x3A, which leads to command timeouts and no
1766  * data returned.  This intercepts such commands, and causes userspace
1767  * callers to try again with a different-sized buffer, which succeeds.
1768  */
1769 
1770 #define STORAGE_NETFN 0x0A
1771 #define STORAGE_CMD_GET_SDR 0x23
1772 static int dell_poweredge_bt_xaction_handler(struct notifier_block *self,
1773 					     unsigned long unused,
1774 					     void *in)
1775 {
1776 	struct smi_info *smi_info = in;
1777 	unsigned char *data = smi_info->curr_msg->data;
1778 	unsigned int size   = smi_info->curr_msg->data_size;
1779 	if (size >= 8 &&
1780 	    (data[0]>>2) == STORAGE_NETFN &&
1781 	    data[1] == STORAGE_CMD_GET_SDR &&
1782 	    data[7] == 0x3A) {
1783 		return_hosed_msg_badsize(smi_info);
1784 		return NOTIFY_STOP;
1785 	}
1786 	return NOTIFY_DONE;
1787 }
1788 
1789 static struct notifier_block dell_poweredge_bt_xaction_notifier = {
1790 	.notifier_call	= dell_poweredge_bt_xaction_handler,
1791 };
1792 
1793 /*
1794  * setup_dell_poweredge_bt_xaction_handler
1795  * @info - smi_info.device_id must be filled in already
1796  *
1797  * Fills in smi_info.device_id.start_transaction_pre_hook
1798  * when we know what function to use there.
1799  */
1800 static void
1801 setup_dell_poweredge_bt_xaction_handler(struct smi_info *smi_info)
1802 {
1803 	struct ipmi_device_id *id = &smi_info->device_id;
1804 	if (id->manufacturer_id == DELL_IANA_MFR_ID &&
1805 	    smi_info->io.si_type == SI_BT)
1806 		register_xaction_notifier(&dell_poweredge_bt_xaction_notifier);
1807 }
1808 
1809 /*
1810  * setup_oem_data_handler
1811  * @info - smi_info.device_id must be filled in already
1812  *
1813  * Fills in smi_info.device_id.oem_data_available_handler
1814  * when we know what function to use there.
1815  */
1816 
1817 static void setup_oem_data_handler(struct smi_info *smi_info)
1818 {
1819 	setup_dell_poweredge_oem_data_handler(smi_info);
1820 }
1821 
1822 static void setup_xaction_handlers(struct smi_info *smi_info)
1823 {
1824 	setup_dell_poweredge_bt_xaction_handler(smi_info);
1825 }
1826 
1827 static void check_for_broken_irqs(struct smi_info *smi_info)
1828 {
1829 	check_clr_rcv_irq(smi_info);
1830 	check_set_rcv_irq(smi_info);
1831 }
1832 
1833 static inline void stop_timer_and_thread(struct smi_info *smi_info)
1834 {
1835 	if (smi_info->thread != NULL) {
1836 		kthread_stop(smi_info->thread);
1837 		smi_info->thread = NULL;
1838 	}
1839 
1840 	smi_info->timer_can_start = false;
1841 	del_timer_sync(&smi_info->si_timer);
1842 }
1843 
1844 static struct smi_info *find_dup_si(struct smi_info *info)
1845 {
1846 	struct smi_info *e;
1847 
1848 	list_for_each_entry(e, &smi_infos, link) {
1849 		if (e->io.addr_space != info->io.addr_space)
1850 			continue;
1851 		if (e->io.addr_data == info->io.addr_data) {
1852 			/*
1853 			 * This is a cheap hack, ACPI doesn't have a defined
1854 			 * slave address but SMBIOS does.  Pick it up from
1855 			 * any source that has it available.
1856 			 */
1857 			if (info->io.slave_addr && !e->io.slave_addr)
1858 				e->io.slave_addr = info->io.slave_addr;
1859 			return e;
1860 		}
1861 	}
1862 
1863 	return NULL;
1864 }
1865 
1866 int ipmi_si_add_smi(struct si_sm_io *io)
1867 {
1868 	int rv = 0;
1869 	struct smi_info *new_smi, *dup;
1870 
1871 	/*
1872 	 * If the user gave us a hard-coded device at the same
1873 	 * address, they presumably want us to use it and not what is
1874 	 * in the firmware.
1875 	 */
1876 	if (io->addr_source != SI_HARDCODED && io->addr_source != SI_HOTMOD &&
1877 	    ipmi_si_hardcode_match(io->addr_space, io->addr_data)) {
1878 		dev_info(io->dev,
1879 			 "Hard-coded device at this address already exists");
1880 		return -ENODEV;
1881 	}
1882 
1883 	if (!io->io_setup) {
1884 		if (io->addr_space == IPMI_IO_ADDR_SPACE) {
1885 			io->io_setup = ipmi_si_port_setup;
1886 		} else if (io->addr_space == IPMI_MEM_ADDR_SPACE) {
1887 			io->io_setup = ipmi_si_mem_setup;
1888 		} else {
1889 			return -EINVAL;
1890 		}
1891 	}
1892 
1893 	new_smi = kzalloc(sizeof(*new_smi), GFP_KERNEL);
1894 	if (!new_smi)
1895 		return -ENOMEM;
1896 	spin_lock_init(&new_smi->si_lock);
1897 
1898 	new_smi->io = *io;
1899 
1900 	mutex_lock(&smi_infos_lock);
1901 	dup = find_dup_si(new_smi);
1902 	if (dup) {
1903 		if (new_smi->io.addr_source == SI_ACPI &&
1904 		    dup->io.addr_source == SI_SMBIOS) {
1905 			/* We prefer ACPI over SMBIOS. */
1906 			dev_info(dup->io.dev,
1907 				 "Removing SMBIOS-specified %s state machine in favor of ACPI\n",
1908 				 si_to_str[new_smi->io.si_type]);
1909 			cleanup_one_si(dup);
1910 		} else {
1911 			dev_info(new_smi->io.dev,
1912 				 "%s-specified %s state machine: duplicate\n",
1913 				 ipmi_addr_src_to_str(new_smi->io.addr_source),
1914 				 si_to_str[new_smi->io.si_type]);
1915 			rv = -EBUSY;
1916 			kfree(new_smi);
1917 			goto out_err;
1918 		}
1919 	}
1920 
1921 	pr_info("Adding %s-specified %s state machine\n",
1922 		ipmi_addr_src_to_str(new_smi->io.addr_source),
1923 		si_to_str[new_smi->io.si_type]);
1924 
1925 	list_add_tail(&new_smi->link, &smi_infos);
1926 
1927 	if (initialized)
1928 		rv = try_smi_init(new_smi);
1929 out_err:
1930 	mutex_unlock(&smi_infos_lock);
1931 	return rv;
1932 }
1933 
1934 /*
1935  * Try to start up an interface.  Must be called with smi_infos_lock
1936  * held, primarily to keep smi_num consistent, we only one to do these
1937  * one at a time.
1938  */
1939 static int try_smi_init(struct smi_info *new_smi)
1940 {
1941 	int rv = 0;
1942 	int i;
1943 
1944 	pr_info("Trying %s-specified %s state machine at %s address 0x%lx, slave address 0x%x, irq %d\n",
1945 		ipmi_addr_src_to_str(new_smi->io.addr_source),
1946 		si_to_str[new_smi->io.si_type],
1947 		addr_space_to_str[new_smi->io.addr_space],
1948 		new_smi->io.addr_data,
1949 		new_smi->io.slave_addr, new_smi->io.irq);
1950 
1951 	switch (new_smi->io.si_type) {
1952 	case SI_KCS:
1953 		new_smi->handlers = &kcs_smi_handlers;
1954 		break;
1955 
1956 	case SI_SMIC:
1957 		new_smi->handlers = &smic_smi_handlers;
1958 		break;
1959 
1960 	case SI_BT:
1961 		new_smi->handlers = &bt_smi_handlers;
1962 		break;
1963 
1964 	default:
1965 		/* No support for anything else yet. */
1966 		rv = -EIO;
1967 		goto out_err;
1968 	}
1969 
1970 	new_smi->si_num = smi_num;
1971 
1972 	/* Do this early so it's available for logs. */
1973 	if (!new_smi->io.dev) {
1974 		pr_err("IPMI interface added with no device\n");
1975 		rv = -EIO;
1976 		goto out_err;
1977 	}
1978 
1979 	/* Allocate the state machine's data and initialize it. */
1980 	new_smi->si_sm = kmalloc(new_smi->handlers->size(), GFP_KERNEL);
1981 	if (!new_smi->si_sm) {
1982 		rv = -ENOMEM;
1983 		goto out_err;
1984 	}
1985 	new_smi->io.io_size = new_smi->handlers->init_data(new_smi->si_sm,
1986 							   &new_smi->io);
1987 
1988 	/* Now that we know the I/O size, we can set up the I/O. */
1989 	rv = new_smi->io.io_setup(&new_smi->io);
1990 	if (rv) {
1991 		dev_err(new_smi->io.dev, "Could not set up I/O space\n");
1992 		goto out_err;
1993 	}
1994 
1995 	/* Do low-level detection first. */
1996 	if (new_smi->handlers->detect(new_smi->si_sm)) {
1997 		if (new_smi->io.addr_source)
1998 			dev_err(new_smi->io.dev,
1999 				"Interface detection failed\n");
2000 		rv = -ENODEV;
2001 		goto out_err;
2002 	}
2003 
2004 	/*
2005 	 * Attempt a get device id command.  If it fails, we probably
2006 	 * don't have a BMC here.
2007 	 */
2008 	rv = try_get_dev_id(new_smi);
2009 	if (rv) {
2010 		if (new_smi->io.addr_source)
2011 			dev_err(new_smi->io.dev,
2012 			       "There appears to be no BMC at this location\n");
2013 		goto out_err;
2014 	}
2015 
2016 	setup_oem_data_handler(new_smi);
2017 	setup_xaction_handlers(new_smi);
2018 	check_for_broken_irqs(new_smi);
2019 
2020 	new_smi->waiting_msg = NULL;
2021 	new_smi->curr_msg = NULL;
2022 	atomic_set(&new_smi->req_events, 0);
2023 	new_smi->run_to_completion = false;
2024 	for (i = 0; i < SI_NUM_STATS; i++)
2025 		atomic_set(&new_smi->stats[i], 0);
2026 
2027 	new_smi->interrupt_disabled = true;
2028 	atomic_set(&new_smi->need_watch, 0);
2029 
2030 	rv = try_enable_event_buffer(new_smi);
2031 	if (rv == 0)
2032 		new_smi->has_event_buffer = true;
2033 
2034 	/*
2035 	 * Start clearing the flags before we enable interrupts or the
2036 	 * timer to avoid racing with the timer.
2037 	 */
2038 	start_clear_flags(new_smi);
2039 
2040 	/*
2041 	 * IRQ is defined to be set when non-zero.  req_events will
2042 	 * cause a global flags check that will enable interrupts.
2043 	 */
2044 	if (new_smi->io.irq) {
2045 		new_smi->interrupt_disabled = false;
2046 		atomic_set(&new_smi->req_events, 1);
2047 	}
2048 
2049 	dev_set_drvdata(new_smi->io.dev, new_smi);
2050 	rv = device_add_group(new_smi->io.dev, &ipmi_si_dev_attr_group);
2051 	if (rv) {
2052 		dev_err(new_smi->io.dev,
2053 			"Unable to add device attributes: error %d\n",
2054 			rv);
2055 		goto out_err;
2056 	}
2057 	new_smi->dev_group_added = true;
2058 
2059 	rv = ipmi_register_smi(&handlers,
2060 			       new_smi,
2061 			       new_smi->io.dev,
2062 			       new_smi->io.slave_addr);
2063 	if (rv) {
2064 		dev_err(new_smi->io.dev,
2065 			"Unable to register device: error %d\n",
2066 			rv);
2067 		goto out_err;
2068 	}
2069 
2070 	/* Don't increment till we know we have succeeded. */
2071 	smi_num++;
2072 
2073 	dev_info(new_smi->io.dev, "IPMI %s interface initialized\n",
2074 		 si_to_str[new_smi->io.si_type]);
2075 
2076 	WARN_ON(new_smi->io.dev->init_name != NULL);
2077 
2078  out_err:
2079 	if (rv && new_smi->io.io_cleanup) {
2080 		new_smi->io.io_cleanup(&new_smi->io);
2081 		new_smi->io.io_cleanup = NULL;
2082 	}
2083 
2084 	return rv;
2085 }
2086 
2087 static int __init init_ipmi_si(void)
2088 {
2089 	struct smi_info *e;
2090 	enum ipmi_addr_src type = SI_INVALID;
2091 
2092 	if (initialized)
2093 		return 0;
2094 
2095 	ipmi_hardcode_init();
2096 
2097 	pr_info("IPMI System Interface driver\n");
2098 
2099 	ipmi_si_platform_init();
2100 
2101 	ipmi_si_pci_init();
2102 
2103 	ipmi_si_parisc_init();
2104 
2105 	/* We prefer devices with interrupts, but in the case of a machine
2106 	   with multiple BMCs we assume that there will be several instances
2107 	   of a given type so if we succeed in registering a type then also
2108 	   try to register everything else of the same type */
2109 	mutex_lock(&smi_infos_lock);
2110 	list_for_each_entry(e, &smi_infos, link) {
2111 		/* Try to register a device if it has an IRQ and we either
2112 		   haven't successfully registered a device yet or this
2113 		   device has the same type as one we successfully registered */
2114 		if (e->io.irq && (!type || e->io.addr_source == type)) {
2115 			if (!try_smi_init(e)) {
2116 				type = e->io.addr_source;
2117 			}
2118 		}
2119 	}
2120 
2121 	/* type will only have been set if we successfully registered an si */
2122 	if (type)
2123 		goto skip_fallback_noirq;
2124 
2125 	/* Fall back to the preferred device */
2126 
2127 	list_for_each_entry(e, &smi_infos, link) {
2128 		if (!e->io.irq && (!type || e->io.addr_source == type)) {
2129 			if (!try_smi_init(e)) {
2130 				type = e->io.addr_source;
2131 			}
2132 		}
2133 	}
2134 
2135 skip_fallback_noirq:
2136 	initialized = true;
2137 	mutex_unlock(&smi_infos_lock);
2138 
2139 	if (type)
2140 		return 0;
2141 
2142 	mutex_lock(&smi_infos_lock);
2143 	if (unload_when_empty && list_empty(&smi_infos)) {
2144 		mutex_unlock(&smi_infos_lock);
2145 		cleanup_ipmi_si();
2146 		pr_warn("Unable to find any System Interface(s)\n");
2147 		return -ENODEV;
2148 	} else {
2149 		mutex_unlock(&smi_infos_lock);
2150 		return 0;
2151 	}
2152 }
2153 module_init(init_ipmi_si);
2154 
2155 static void shutdown_smi(void *send_info)
2156 {
2157 	struct smi_info *smi_info = send_info;
2158 
2159 	if (smi_info->dev_group_added) {
2160 		device_remove_group(smi_info->io.dev, &ipmi_si_dev_attr_group);
2161 		smi_info->dev_group_added = false;
2162 	}
2163 	if (smi_info->io.dev)
2164 		dev_set_drvdata(smi_info->io.dev, NULL);
2165 
2166 	/*
2167 	 * Make sure that interrupts, the timer and the thread are
2168 	 * stopped and will not run again.
2169 	 */
2170 	smi_info->interrupt_disabled = true;
2171 	if (smi_info->io.irq_cleanup) {
2172 		smi_info->io.irq_cleanup(&smi_info->io);
2173 		smi_info->io.irq_cleanup = NULL;
2174 	}
2175 	stop_timer_and_thread(smi_info);
2176 
2177 	/*
2178 	 * Wait until we know that we are out of any interrupt
2179 	 * handlers might have been running before we freed the
2180 	 * interrupt.
2181 	 */
2182 	synchronize_rcu();
2183 
2184 	/*
2185 	 * Timeouts are stopped, now make sure the interrupts are off
2186 	 * in the BMC.  Note that timers and CPU interrupts are off,
2187 	 * so no need for locks.
2188 	 */
2189 	while (smi_info->curr_msg || (smi_info->si_state != SI_NORMAL)) {
2190 		poll(smi_info);
2191 		schedule_timeout_uninterruptible(1);
2192 	}
2193 	if (smi_info->handlers)
2194 		disable_si_irq(smi_info);
2195 	while (smi_info->curr_msg || (smi_info->si_state != SI_NORMAL)) {
2196 		poll(smi_info);
2197 		schedule_timeout_uninterruptible(1);
2198 	}
2199 	if (smi_info->handlers)
2200 		smi_info->handlers->cleanup(smi_info->si_sm);
2201 
2202 	if (smi_info->io.io_cleanup) {
2203 		smi_info->io.io_cleanup(&smi_info->io);
2204 		smi_info->io.io_cleanup = NULL;
2205 	}
2206 
2207 	kfree(smi_info->si_sm);
2208 	smi_info->si_sm = NULL;
2209 
2210 	smi_info->intf = NULL;
2211 }
2212 
2213 /*
2214  * Must be called with smi_infos_lock held, to serialize the
2215  * smi_info->intf check.
2216  */
2217 static void cleanup_one_si(struct smi_info *smi_info)
2218 {
2219 	if (!smi_info)
2220 		return;
2221 
2222 	list_del(&smi_info->link);
2223 
2224 	if (smi_info->intf)
2225 		ipmi_unregister_smi(smi_info->intf);
2226 
2227 	kfree(smi_info);
2228 }
2229 
2230 void ipmi_si_remove_by_dev(struct device *dev)
2231 {
2232 	struct smi_info *e;
2233 
2234 	mutex_lock(&smi_infos_lock);
2235 	list_for_each_entry(e, &smi_infos, link) {
2236 		if (e->io.dev == dev) {
2237 			cleanup_one_si(e);
2238 			break;
2239 		}
2240 	}
2241 	mutex_unlock(&smi_infos_lock);
2242 }
2243 
2244 struct device *ipmi_si_remove_by_data(int addr_space, enum si_type si_type,
2245 				      unsigned long addr)
2246 {
2247 	/* remove */
2248 	struct smi_info *e, *tmp_e;
2249 	struct device *dev = NULL;
2250 
2251 	mutex_lock(&smi_infos_lock);
2252 	list_for_each_entry_safe(e, tmp_e, &smi_infos, link) {
2253 		if (e->io.addr_space != addr_space)
2254 			continue;
2255 		if (e->io.si_type != si_type)
2256 			continue;
2257 		if (e->io.addr_data == addr) {
2258 			dev = get_device(e->io.dev);
2259 			cleanup_one_si(e);
2260 		}
2261 	}
2262 	mutex_unlock(&smi_infos_lock);
2263 
2264 	return dev;
2265 }
2266 
2267 static void cleanup_ipmi_si(void)
2268 {
2269 	struct smi_info *e, *tmp_e;
2270 
2271 	if (!initialized)
2272 		return;
2273 
2274 	ipmi_si_pci_shutdown();
2275 
2276 	ipmi_si_parisc_shutdown();
2277 
2278 	ipmi_si_platform_shutdown();
2279 
2280 	mutex_lock(&smi_infos_lock);
2281 	list_for_each_entry_safe(e, tmp_e, &smi_infos, link)
2282 		cleanup_one_si(e);
2283 	mutex_unlock(&smi_infos_lock);
2284 
2285 	ipmi_si_hardcode_exit();
2286 	ipmi_si_hotmod_exit();
2287 }
2288 module_exit(cleanup_ipmi_si);
2289 
2290 MODULE_ALIAS("platform:dmi-ipmi-si");
2291 MODULE_LICENSE("GPL");
2292 MODULE_AUTHOR("Corey Minyard <minyard@mvista.com>");
2293 MODULE_DESCRIPTION("Interface to the IPMI driver for the KCS, SMIC, and BT system interfaces.");
2294