1 // SPDX-License-Identifier: GPL-2.0
2
3 /*
4 * Driver to talk to a remote management controller on IPMB.
5 */
6
7 #include <linux/acpi.h>
8 #include <linux/errno.h>
9 #include <linux/i2c.h>
10 #include <linux/miscdevice.h>
11 #include <linux/module.h>
12 #include <linux/mutex.h>
13 #include <linux/poll.h>
14 #include <linux/slab.h>
15 #include <linux/spinlock.h>
16 #include <linux/semaphore.h>
17 #include <linux/kthread.h>
18 #include <linux/wait.h>
19 #include <linux/ipmi_msgdefs.h>
20 #include <linux/ipmi_smi.h>
21
22 #define DEVICE_NAME "ipmi-ipmb"
23
24 static int bmcaddr = 0x20;
25 module_param(bmcaddr, int, 0644);
26 MODULE_PARM_DESC(bmcaddr, "Address to use for BMC.");
27
28 static unsigned int retry_time_ms = 250;
29 module_param(retry_time_ms, uint, 0644);
30 MODULE_PARM_DESC(retry_time_ms, "Timeout time between retries, in milliseconds.");
31
32 static unsigned int max_retries = 1;
33 module_param(max_retries, uint, 0644);
34 MODULE_PARM_DESC(max_retries, "Max resends of a command before timing out.");
35
36 /* Add room for the two slave addresses, two checksums, and rqSeq. */
37 #define IPMB_MAX_MSG_LEN (IPMI_MAX_MSG_LENGTH + 5)
38
39 struct ipmi_ipmb_dev {
40 struct ipmi_smi *intf;
41 struct i2c_client *client;
42 struct i2c_client *slave;
43
44 struct ipmi_smi_handlers handlers;
45
46 bool ready;
47
48 u8 curr_seq;
49
50 u8 bmcaddr;
51 u32 retry_time_ms;
52 u32 max_retries;
53
54 struct ipmi_smi_msg *next_msg;
55 struct ipmi_smi_msg *working_msg;
56
57 /* Transmit thread. */
58 struct task_struct *thread;
59 struct semaphore wake_thread;
60 struct semaphore got_rsp;
61 spinlock_t lock;
62 bool stopping;
63
64 u8 xmitmsg[IPMB_MAX_MSG_LEN];
65 unsigned int xmitlen;
66
67 u8 rcvmsg[IPMB_MAX_MSG_LEN];
68 unsigned int rcvlen;
69 bool overrun;
70 };
71
valid_ipmb(struct ipmi_ipmb_dev * iidev)72 static bool valid_ipmb(struct ipmi_ipmb_dev *iidev)
73 {
74 u8 *msg = iidev->rcvmsg;
75 u8 netfn;
76
77 if (iidev->overrun)
78 return false;
79
80 /* Minimum message size. */
81 if (iidev->rcvlen < 7)
82 return false;
83
84 /* Is it a response? */
85 netfn = msg[1] >> 2;
86 if (netfn & 1) {
87 /* Response messages have an added completion code. */
88 if (iidev->rcvlen < 8)
89 return false;
90 }
91
92 if (ipmb_checksum(msg, 3) != 0)
93 return false;
94 if (ipmb_checksum(msg + 3, iidev->rcvlen - 3) != 0)
95 return false;
96
97 return true;
98 }
99
ipmi_ipmb_check_msg_done(struct ipmi_ipmb_dev * iidev)100 static void ipmi_ipmb_check_msg_done(struct ipmi_ipmb_dev *iidev)
101 {
102 struct ipmi_smi_msg *imsg = NULL;
103 u8 *msg = iidev->rcvmsg;
104 bool is_cmd;
105 unsigned long flags;
106
107 if (iidev->rcvlen == 0)
108 return;
109 if (!valid_ipmb(iidev))
110 goto done;
111
112 is_cmd = ((msg[1] >> 2) & 1) == 0;
113
114 if (is_cmd) {
115 /* Ignore commands until we are up. */
116 if (!iidev->ready)
117 goto done;
118
119 /* It's a command, allocate a message for it. */
120 imsg = ipmi_alloc_smi_msg();
121 if (!imsg)
122 goto done;
123 imsg->type = IPMI_SMI_MSG_TYPE_IPMB_DIRECT;
124 imsg->data_size = 0;
125 } else {
126 spin_lock_irqsave(&iidev->lock, flags);
127 if (iidev->working_msg) {
128 u8 seq = msg[4] >> 2;
129 bool xmit_rsp = (iidev->working_msg->data[0] >> 2) & 1;
130
131 /*
132 * Responses should carry the sequence we sent
133 * them with. If it's a transmitted response,
134 * ignore it. And if the message hasn't been
135 * transmitted, ignore it.
136 */
137 if (!xmit_rsp && seq == iidev->curr_seq) {
138 iidev->curr_seq = (iidev->curr_seq + 1) & 0x3f;
139
140 imsg = iidev->working_msg;
141 iidev->working_msg = NULL;
142 }
143 }
144 spin_unlock_irqrestore(&iidev->lock, flags);
145 }
146
147 if (!imsg)
148 goto done;
149
150 if (imsg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
151 imsg->rsp[0] = msg[1]; /* NetFn/LUN */
152 /*
153 * Keep the source address, rqSeq. Drop the trailing
154 * checksum.
155 */
156 memcpy(imsg->rsp + 1, msg + 3, iidev->rcvlen - 4);
157 imsg->rsp_size = iidev->rcvlen - 3;
158 } else {
159 imsg->rsp[0] = msg[1]; /* NetFn/LUN */
160 /*
161 * Skip the source address, rqSeq. Drop the trailing
162 * checksum.
163 */
164 memcpy(imsg->rsp + 1, msg + 5, iidev->rcvlen - 6);
165 imsg->rsp_size = iidev->rcvlen - 5;
166 }
167 ipmi_smi_msg_received(iidev->intf, imsg);
168 if (!is_cmd)
169 up(&iidev->got_rsp);
170
171 done:
172 iidev->overrun = false;
173 iidev->rcvlen = 0;
174 }
175
176 /*
177 * The IPMB protocol only supports i2c writes so there is no need to
178 * support I2C_SLAVE_READ* events, except to know if the other end has
179 * issued a read without going to stop mode.
180 */
ipmi_ipmb_slave_cb(struct i2c_client * client,enum i2c_slave_event event,u8 * val)181 static int ipmi_ipmb_slave_cb(struct i2c_client *client,
182 enum i2c_slave_event event, u8 *val)
183 {
184 struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client);
185
186 switch (event) {
187 case I2C_SLAVE_WRITE_REQUESTED:
188 ipmi_ipmb_check_msg_done(iidev);
189 /*
190 * First byte is the slave address, to ease the checksum
191 * calculation.
192 */
193 iidev->rcvmsg[0] = client->addr << 1;
194 iidev->rcvlen = 1;
195 break;
196
197 case I2C_SLAVE_WRITE_RECEIVED:
198 if (iidev->rcvlen >= sizeof(iidev->rcvmsg))
199 iidev->overrun = true;
200 else
201 iidev->rcvmsg[iidev->rcvlen++] = *val;
202 break;
203
204 case I2C_SLAVE_READ_REQUESTED:
205 *val = 0xff;
206 ipmi_ipmb_check_msg_done(iidev);
207 break;
208
209 case I2C_SLAVE_STOP:
210 ipmi_ipmb_check_msg_done(iidev);
211 break;
212
213 case I2C_SLAVE_READ_PROCESSED:
214 *val = 0xff;
215 break;
216 }
217
218 return 0;
219 }
220
ipmi_ipmb_send_response(struct ipmi_ipmb_dev * iidev,struct ipmi_smi_msg * msg,u8 cc)221 static void ipmi_ipmb_send_response(struct ipmi_ipmb_dev *iidev,
222 struct ipmi_smi_msg *msg, u8 cc)
223 {
224 if ((msg->data[0] >> 2) & 1) {
225 /*
226 * It's a response being sent, we need to return a
227 * response to the response. Fake a send msg command
228 * response with channel 0. This will always be ipmb
229 * direct.
230 */
231 msg->data[0] = (IPMI_NETFN_APP_REQUEST | 1) << 2;
232 msg->data[3] = IPMI_SEND_MSG_CMD;
233 msg->data[4] = cc;
234 msg->data_size = 5;
235 }
236 msg->rsp[0] = msg->data[0] | (1 << 2);
237 if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
238 msg->rsp[1] = msg->data[1];
239 msg->rsp[2] = msg->data[2];
240 msg->rsp[3] = msg->data[3];
241 msg->rsp[4] = cc;
242 msg->rsp_size = 5;
243 } else {
244 msg->rsp[1] = msg->data[1];
245 msg->rsp[2] = cc;
246 msg->rsp_size = 3;
247 }
248 ipmi_smi_msg_received(iidev->intf, msg);
249 }
250
ipmi_ipmb_format_for_xmit(struct ipmi_ipmb_dev * iidev,struct ipmi_smi_msg * msg)251 static void ipmi_ipmb_format_for_xmit(struct ipmi_ipmb_dev *iidev,
252 struct ipmi_smi_msg *msg)
253 {
254 if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
255 iidev->xmitmsg[0] = msg->data[1];
256 iidev->xmitmsg[1] = msg->data[0];
257 memcpy(iidev->xmitmsg + 4, msg->data + 2, msg->data_size - 2);
258 iidev->xmitlen = msg->data_size + 2;
259 } else {
260 iidev->xmitmsg[0] = iidev->bmcaddr;
261 iidev->xmitmsg[1] = msg->data[0];
262 iidev->xmitmsg[4] = 0;
263 memcpy(iidev->xmitmsg + 5, msg->data + 1, msg->data_size - 1);
264 iidev->xmitlen = msg->data_size + 4;
265 }
266 iidev->xmitmsg[3] = iidev->slave->addr << 1;
267 if (((msg->data[0] >> 2) & 1) == 0)
268 /* If it's a command, put in our own sequence number. */
269 iidev->xmitmsg[4] = ((iidev->xmitmsg[4] & 0x03) |
270 (iidev->curr_seq << 2));
271
272 /* Now add on the final checksums. */
273 iidev->xmitmsg[2] = ipmb_checksum(iidev->xmitmsg, 2);
274 iidev->xmitmsg[iidev->xmitlen] =
275 ipmb_checksum(iidev->xmitmsg + 3, iidev->xmitlen - 3);
276 iidev->xmitlen++;
277 }
278
ipmi_ipmb_thread(void * data)279 static int ipmi_ipmb_thread(void *data)
280 {
281 struct ipmi_ipmb_dev *iidev = data;
282
283 while (!kthread_should_stop()) {
284 long ret;
285 struct i2c_msg i2c_msg;
286 struct ipmi_smi_msg *msg = NULL;
287 unsigned long flags;
288 unsigned int retries = 0;
289
290 /* Wait for a message to send */
291 ret = down_interruptible(&iidev->wake_thread);
292 if (iidev->stopping)
293 break;
294 if (ret)
295 continue;
296
297 spin_lock_irqsave(&iidev->lock, flags);
298 if (iidev->next_msg) {
299 msg = iidev->next_msg;
300 iidev->next_msg = NULL;
301 }
302 spin_unlock_irqrestore(&iidev->lock, flags);
303 if (!msg)
304 continue;
305
306 ipmi_ipmb_format_for_xmit(iidev, msg);
307
308 retry:
309 i2c_msg.len = iidev->xmitlen - 1;
310 if (i2c_msg.len > 32) {
311 ipmi_ipmb_send_response(iidev, msg,
312 IPMI_REQ_LEN_EXCEEDED_ERR);
313 continue;
314 }
315
316 i2c_msg.addr = iidev->xmitmsg[0] >> 1;
317 i2c_msg.flags = 0;
318 i2c_msg.buf = iidev->xmitmsg + 1;
319
320 /* Rely on i2c_transfer for a barrier. */
321 iidev->working_msg = msg;
322
323 ret = i2c_transfer(iidev->client->adapter, &i2c_msg, 1);
324
325 if ((msg->data[0] >> 2) & 1) {
326 /*
327 * It's a response, nothing will be returned
328 * by the other end.
329 */
330
331 iidev->working_msg = NULL;
332 ipmi_ipmb_send_response(iidev, msg,
333 ret < 0 ? IPMI_BUS_ERR : 0);
334 continue;
335 }
336 if (ret < 0) {
337 iidev->working_msg = NULL;
338 ipmi_ipmb_send_response(iidev, msg, IPMI_BUS_ERR);
339 continue;
340 }
341
342 /* A command was sent, wait for its response. */
343 ret = down_timeout(&iidev->got_rsp,
344 msecs_to_jiffies(iidev->retry_time_ms));
345
346 /*
347 * Grab the message if we can. If the handler hasn't
348 * already handled it, the message will still be there.
349 */
350 spin_lock_irqsave(&iidev->lock, flags);
351 msg = iidev->working_msg;
352 iidev->working_msg = NULL;
353 spin_unlock_irqrestore(&iidev->lock, flags);
354
355 if (!msg && ret) {
356 /*
357 * If working_msg is not set and we timed out,
358 * that means the message grabbed by
359 * check_msg_done before we could grab it
360 * here. Wait again for check_msg_done to up
361 * the semaphore.
362 */
363 down(&iidev->got_rsp);
364 } else if (msg && ++retries <= iidev->max_retries) {
365 spin_lock_irqsave(&iidev->lock, flags);
366 iidev->working_msg = msg;
367 spin_unlock_irqrestore(&iidev->lock, flags);
368 goto retry;
369 }
370
371 if (msg)
372 ipmi_ipmb_send_response(iidev, msg, IPMI_TIMEOUT_ERR);
373 }
374
375 if (iidev->next_msg)
376 /* Return an unspecified error. */
377 ipmi_ipmb_send_response(iidev, iidev->next_msg, 0xff);
378
379 return 0;
380 }
381
ipmi_ipmb_start_processing(void * send_info,struct ipmi_smi * new_intf)382 static int ipmi_ipmb_start_processing(void *send_info,
383 struct ipmi_smi *new_intf)
384 {
385 struct ipmi_ipmb_dev *iidev = send_info;
386
387 iidev->intf = new_intf;
388 iidev->ready = true;
389 return 0;
390 }
391
ipmi_ipmb_stop_thread(struct ipmi_ipmb_dev * iidev)392 static void ipmi_ipmb_stop_thread(struct ipmi_ipmb_dev *iidev)
393 {
394 if (iidev->thread) {
395 struct task_struct *t = iidev->thread;
396
397 iidev->thread = NULL;
398 iidev->stopping = true;
399 up(&iidev->wake_thread);
400 up(&iidev->got_rsp);
401 kthread_stop(t);
402 }
403 }
404
ipmi_ipmb_shutdown(void * send_info)405 static void ipmi_ipmb_shutdown(void *send_info)
406 {
407 struct ipmi_ipmb_dev *iidev = send_info;
408
409 ipmi_ipmb_stop_thread(iidev);
410 }
411
ipmi_ipmb_sender(void * send_info,struct ipmi_smi_msg * msg)412 static int ipmi_ipmb_sender(void *send_info, struct ipmi_smi_msg *msg)
413 {
414 struct ipmi_ipmb_dev *iidev = send_info;
415 unsigned long flags;
416
417 spin_lock_irqsave(&iidev->lock, flags);
418 BUG_ON(iidev->next_msg);
419
420 iidev->next_msg = msg;
421 spin_unlock_irqrestore(&iidev->lock, flags);
422
423 up(&iidev->wake_thread);
424 return IPMI_CC_NO_ERROR;
425 }
426
ipmi_ipmb_request_events(void * send_info)427 static void ipmi_ipmb_request_events(void *send_info)
428 {
429 /* We don't fetch events here. */
430 }
431
ipmi_ipmb_cleanup(struct ipmi_ipmb_dev * iidev)432 static void ipmi_ipmb_cleanup(struct ipmi_ipmb_dev *iidev)
433 {
434 if (iidev->slave) {
435 i2c_slave_unregister(iidev->slave);
436 if (iidev->slave != iidev->client)
437 i2c_unregister_device(iidev->slave);
438 }
439 iidev->slave = NULL;
440 iidev->client = NULL;
441 ipmi_ipmb_stop_thread(iidev);
442 }
443
ipmi_ipmb_remove(struct i2c_client * client)444 static void ipmi_ipmb_remove(struct i2c_client *client)
445 {
446 struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client);
447
448 ipmi_ipmb_cleanup(iidev);
449 ipmi_unregister_smi(iidev->intf);
450 }
451
ipmi_ipmb_probe(struct i2c_client * client)452 static int ipmi_ipmb_probe(struct i2c_client *client)
453 {
454 struct device *dev = &client->dev;
455 struct ipmi_ipmb_dev *iidev;
456 struct device_node *slave_np;
457 struct i2c_adapter *slave_adap = NULL;
458 struct i2c_client *slave = NULL;
459 int rv;
460
461 iidev = devm_kzalloc(&client->dev, sizeof(*iidev), GFP_KERNEL);
462 if (!iidev)
463 return -ENOMEM;
464
465 if (of_property_read_u8(dev->of_node, "bmcaddr", &iidev->bmcaddr) != 0)
466 iidev->bmcaddr = bmcaddr;
467 if (iidev->bmcaddr == 0 || iidev->bmcaddr & 1) {
468 /* Can't have the write bit set. */
469 dev_notice(&client->dev,
470 "Invalid bmc address value %2.2x\n", iidev->bmcaddr);
471 return -EINVAL;
472 }
473
474 if (of_property_read_u32(dev->of_node, "retry-time",
475 &iidev->retry_time_ms) != 0)
476 iidev->retry_time_ms = retry_time_ms;
477
478 if (of_property_read_u32(dev->of_node, "max-retries",
479 &iidev->max_retries) != 0)
480 iidev->max_retries = max_retries;
481
482 slave_np = of_parse_phandle(dev->of_node, "slave-dev", 0);
483 if (slave_np) {
484 slave_adap = of_get_i2c_adapter_by_node(slave_np);
485 of_node_put(slave_np);
486 if (!slave_adap) {
487 dev_notice(&client->dev,
488 "Could not find slave adapter\n");
489 return -EINVAL;
490 }
491 }
492
493 iidev->client = client;
494
495 if (slave_adap) {
496 struct i2c_board_info binfo;
497
498 memset(&binfo, 0, sizeof(binfo));
499 strscpy(binfo.type, "ipmb-slave", I2C_NAME_SIZE);
500 binfo.addr = client->addr;
501 binfo.flags = I2C_CLIENT_SLAVE;
502 slave = i2c_new_client_device(slave_adap, &binfo);
503 i2c_put_adapter(slave_adap);
504 if (IS_ERR(slave)) {
505 rv = PTR_ERR(slave);
506 dev_notice(&client->dev,
507 "Could not allocate slave device: %d\n", rv);
508 return rv;
509 }
510 i2c_set_clientdata(slave, iidev);
511 } else {
512 slave = client;
513 }
514 i2c_set_clientdata(client, iidev);
515 slave->flags |= I2C_CLIENT_SLAVE;
516
517 rv = i2c_slave_register(slave, ipmi_ipmb_slave_cb);
518 if (rv)
519 goto out_err;
520 iidev->slave = slave;
521 slave = NULL;
522
523 iidev->handlers.flags = IPMI_SMI_CAN_HANDLE_IPMB_DIRECT;
524 iidev->handlers.start_processing = ipmi_ipmb_start_processing;
525 iidev->handlers.shutdown = ipmi_ipmb_shutdown;
526 iidev->handlers.sender = ipmi_ipmb_sender;
527 iidev->handlers.request_events = ipmi_ipmb_request_events;
528
529 spin_lock_init(&iidev->lock);
530 sema_init(&iidev->wake_thread, 0);
531 sema_init(&iidev->got_rsp, 0);
532
533 iidev->thread = kthread_run(ipmi_ipmb_thread, iidev,
534 "kipmb%4.4x", client->addr);
535 if (IS_ERR(iidev->thread)) {
536 rv = PTR_ERR(iidev->thread);
537 dev_notice(&client->dev,
538 "Could not start kernel thread: error %d\n", rv);
539 goto out_err;
540 }
541
542 rv = ipmi_register_smi(&iidev->handlers,
543 iidev,
544 &client->dev,
545 iidev->bmcaddr);
546 if (rv)
547 goto out_err;
548
549 return 0;
550
551 out_err:
552 if (slave && slave != client)
553 i2c_unregister_device(slave);
554 ipmi_ipmb_cleanup(iidev);
555 return rv;
556 }
557
558 #ifdef CONFIG_OF
559 static const struct of_device_id of_ipmi_ipmb_match[] = {
560 { .type = "ipmi", .compatible = DEVICE_NAME },
561 {},
562 };
563 MODULE_DEVICE_TABLE(of, of_ipmi_ipmb_match);
564 #else
565 #define of_ipmi_ipmb_match NULL
566 #endif
567
568 static const struct i2c_device_id ipmi_ipmb_id[] = {
569 { DEVICE_NAME },
570 {}
571 };
572 MODULE_DEVICE_TABLE(i2c, ipmi_ipmb_id);
573
574 static struct i2c_driver ipmi_ipmb_driver = {
575 .class = I2C_CLASS_HWMON,
576 .driver = {
577 .name = DEVICE_NAME,
578 .of_match_table = of_ipmi_ipmb_match,
579 },
580 .probe = ipmi_ipmb_probe,
581 .remove = ipmi_ipmb_remove,
582 .id_table = ipmi_ipmb_id,
583 };
584 module_i2c_driver(ipmi_ipmb_driver);
585
586 MODULE_AUTHOR("Corey Minyard");
587 MODULE_DESCRIPTION("IPMI IPMB driver");
588 MODULE_LICENSE("GPL v2");
589