1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * acpi_ipmi.c - ACPI IPMI opregion 4 * 5 * Copyright (C) 2010, 2013 Intel Corporation 6 * Author: Zhao Yakui <yakui.zhao@intel.com> 7 * Lv Zheng <lv.zheng@intel.com> 8 */ 9 10 #include <linux/module.h> 11 #include <linux/acpi.h> 12 #include <linux/ipmi.h> 13 #include <linux/spinlock.h> 14 15 MODULE_AUTHOR("Zhao Yakui"); 16 MODULE_DESCRIPTION("ACPI IPMI Opregion driver"); 17 MODULE_LICENSE("GPL"); 18 19 #define ACPI_IPMI_OK 0 20 #define ACPI_IPMI_TIMEOUT 0x10 21 #define ACPI_IPMI_UNKNOWN 0x07 22 /* the IPMI timeout is 5s */ 23 #define IPMI_TIMEOUT (5000) 24 #define ACPI_IPMI_MAX_MSG_LENGTH 64 25 /* 2s should be suffient for SMI being selected */ 26 #define ACPI_IPMI_SMI_SELECTION_TIMEOUT (2 * HZ) 27 28 struct acpi_ipmi_device { 29 /* the device list attached to driver_data.ipmi_devices */ 30 struct list_head head; 31 32 /* the IPMI request message list */ 33 struct list_head tx_msg_list; 34 35 spinlock_t tx_msg_lock; 36 acpi_handle handle; 37 struct device *dev; 38 struct ipmi_user *user_interface; 39 int ipmi_ifnum; /* IPMI interface number */ 40 long curr_msgid; 41 bool dead; 42 struct kref kref; 43 }; 44 45 struct ipmi_driver_data { 46 struct list_head ipmi_devices; 47 struct ipmi_smi_watcher bmc_events; 48 const struct ipmi_user_hndl ipmi_hndlrs; 49 struct mutex ipmi_lock; 50 51 /* 52 * NOTE: IPMI System Interface Selection 53 * There is no system interface specified by the IPMI operation 54 * region access. We try to select one system interface with ACPI 55 * handle set. IPMI messages passed from the ACPI codes are sent 56 * to this selected global IPMI system interface. 57 */ 58 struct acpi_ipmi_device *selected_smi; 59 struct completion smi_selection_done; 60 }; 61 62 struct acpi_ipmi_msg { 63 struct list_head head; 64 65 /* 66 * General speaking the addr type should be SI_ADDR_TYPE. And 67 * the addr channel should be BMC. 68 * In fact it can also be IPMB type. But we will have to 69 * parse it from the Netfn command buffer. It is so complex 70 * that it is skipped. 71 */ 72 struct ipmi_addr addr; 73 long tx_msgid; 74 75 /* it is used to track whether the IPMI message is finished */ 76 struct completion tx_complete; 77 78 struct kernel_ipmi_msg tx_message; 79 int msg_done; 80 81 /* tx/rx data . And copy it from/to ACPI object buffer */ 82 u8 data[ACPI_IPMI_MAX_MSG_LENGTH]; 83 u8 rx_len; 84 85 struct acpi_ipmi_device *device; 86 struct kref kref; 87 }; 88 89 /* IPMI request/response buffer per ACPI 4.0, sec 5.5.2.4.3.2 */ 90 struct acpi_ipmi_buffer { 91 u8 status; 92 u8 length; 93 u8 data[ACPI_IPMI_MAX_MSG_LENGTH]; 94 }; 95 96 static void ipmi_register_bmc(int iface, struct device *dev); 97 static void ipmi_bmc_gone(int iface); 98 static void ipmi_msg_handler(struct ipmi_recv_msg *msg, void *user_msg_data); 99 100 static struct ipmi_driver_data driver_data = { 101 .ipmi_devices = LIST_HEAD_INIT(driver_data.ipmi_devices), 102 .bmc_events = { 103 .owner = THIS_MODULE, 104 .new_smi = ipmi_register_bmc, 105 .smi_gone = ipmi_bmc_gone, 106 }, 107 .ipmi_hndlrs = { 108 .ipmi_recv_hndl = ipmi_msg_handler, 109 }, 110 .ipmi_lock = __MUTEX_INITIALIZER(driver_data.ipmi_lock) 111 }; 112 113 static struct acpi_ipmi_device * 114 ipmi_dev_alloc(int iface, struct device *dev, acpi_handle handle) 115 { 116 struct acpi_ipmi_device *ipmi_device; 117 int err; 118 struct ipmi_user *user; 119 120 ipmi_device = kzalloc(sizeof(*ipmi_device), GFP_KERNEL); 121 if (!ipmi_device) 122 return NULL; 123 124 kref_init(&ipmi_device->kref); 125 INIT_LIST_HEAD(&ipmi_device->head); 126 INIT_LIST_HEAD(&ipmi_device->tx_msg_list); 127 spin_lock_init(&ipmi_device->tx_msg_lock); 128 ipmi_device->handle = handle; 129 ipmi_device->dev = get_device(dev); 130 ipmi_device->ipmi_ifnum = iface; 131 132 err = ipmi_create_user(iface, &driver_data.ipmi_hndlrs, 133 ipmi_device, &user); 134 if (err) { 135 put_device(dev); 136 kfree(ipmi_device); 137 return NULL; 138 } 139 ipmi_device->user_interface = user; 140 141 return ipmi_device; 142 } 143 144 static void ipmi_dev_release(struct acpi_ipmi_device *ipmi_device) 145 { 146 ipmi_destroy_user(ipmi_device->user_interface); 147 put_device(ipmi_device->dev); 148 kfree(ipmi_device); 149 } 150 151 static void ipmi_dev_release_kref(struct kref *kref) 152 { 153 struct acpi_ipmi_device *ipmi = 154 container_of(kref, struct acpi_ipmi_device, kref); 155 156 ipmi_dev_release(ipmi); 157 } 158 159 static void __ipmi_dev_kill(struct acpi_ipmi_device *ipmi_device) 160 { 161 list_del(&ipmi_device->head); 162 if (driver_data.selected_smi == ipmi_device) 163 driver_data.selected_smi = NULL; 164 165 /* 166 * Always setting dead flag after deleting from the list or 167 * list_for_each_entry() codes must get changed. 168 */ 169 ipmi_device->dead = true; 170 } 171 172 static struct acpi_ipmi_device *acpi_ipmi_dev_get(void) 173 { 174 struct acpi_ipmi_device *ipmi_device = NULL; 175 176 mutex_lock(&driver_data.ipmi_lock); 177 if (driver_data.selected_smi) { 178 ipmi_device = driver_data.selected_smi; 179 kref_get(&ipmi_device->kref); 180 } 181 mutex_unlock(&driver_data.ipmi_lock); 182 183 return ipmi_device; 184 } 185 186 static void acpi_ipmi_dev_put(struct acpi_ipmi_device *ipmi_device) 187 { 188 kref_put(&ipmi_device->kref, ipmi_dev_release_kref); 189 } 190 191 static struct acpi_ipmi_msg *ipmi_msg_alloc(void) 192 { 193 struct acpi_ipmi_device *ipmi; 194 struct acpi_ipmi_msg *ipmi_msg; 195 196 ipmi = acpi_ipmi_dev_get(); 197 if (!ipmi) 198 return NULL; 199 200 ipmi_msg = kzalloc(sizeof(struct acpi_ipmi_msg), GFP_KERNEL); 201 if (!ipmi_msg) { 202 acpi_ipmi_dev_put(ipmi); 203 return NULL; 204 } 205 206 kref_init(&ipmi_msg->kref); 207 init_completion(&ipmi_msg->tx_complete); 208 INIT_LIST_HEAD(&ipmi_msg->head); 209 ipmi_msg->device = ipmi; 210 ipmi_msg->msg_done = ACPI_IPMI_UNKNOWN; 211 212 return ipmi_msg; 213 } 214 215 static void ipmi_msg_release(struct acpi_ipmi_msg *tx_msg) 216 { 217 acpi_ipmi_dev_put(tx_msg->device); 218 kfree(tx_msg); 219 } 220 221 static void ipmi_msg_release_kref(struct kref *kref) 222 { 223 struct acpi_ipmi_msg *tx_msg = 224 container_of(kref, struct acpi_ipmi_msg, kref); 225 226 ipmi_msg_release(tx_msg); 227 } 228 229 static struct acpi_ipmi_msg *acpi_ipmi_msg_get(struct acpi_ipmi_msg *tx_msg) 230 { 231 kref_get(&tx_msg->kref); 232 233 return tx_msg; 234 } 235 236 static void acpi_ipmi_msg_put(struct acpi_ipmi_msg *tx_msg) 237 { 238 kref_put(&tx_msg->kref, ipmi_msg_release_kref); 239 } 240 241 #define IPMI_OP_RGN_NETFN(offset) ((offset >> 8) & 0xff) 242 #define IPMI_OP_RGN_CMD(offset) (offset & 0xff) 243 static int acpi_format_ipmi_request(struct acpi_ipmi_msg *tx_msg, 244 acpi_physical_address address, 245 acpi_integer *value) 246 { 247 struct kernel_ipmi_msg *msg; 248 struct acpi_ipmi_buffer *buffer; 249 struct acpi_ipmi_device *device; 250 unsigned long flags; 251 252 msg = &tx_msg->tx_message; 253 254 /* 255 * IPMI network function and command are encoded in the address 256 * within the IPMI OpRegion; see ACPI 4.0, sec 5.5.2.4.3. 257 */ 258 msg->netfn = IPMI_OP_RGN_NETFN(address); 259 msg->cmd = IPMI_OP_RGN_CMD(address); 260 msg->data = tx_msg->data; 261 262 /* 263 * value is the parameter passed by the IPMI opregion space handler. 264 * It points to the IPMI request message buffer 265 */ 266 buffer = (struct acpi_ipmi_buffer *)value; 267 268 /* copy the tx message data */ 269 if (buffer->length > ACPI_IPMI_MAX_MSG_LENGTH) { 270 dev_WARN_ONCE(tx_msg->device->dev, true, 271 "Unexpected request (msg len %d).\n", 272 buffer->length); 273 return -EINVAL; 274 } 275 msg->data_len = buffer->length; 276 memcpy(tx_msg->data, buffer->data, msg->data_len); 277 278 /* 279 * now the default type is SYSTEM_INTERFACE and channel type is BMC. 280 * If the netfn is APP_REQUEST and the cmd is SEND_MESSAGE, 281 * the addr type should be changed to IPMB. Then we will have to parse 282 * the IPMI request message buffer to get the IPMB address. 283 * If so, please fix me. 284 */ 285 tx_msg->addr.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 286 tx_msg->addr.channel = IPMI_BMC_CHANNEL; 287 tx_msg->addr.data[0] = 0; 288 289 /* Get the msgid */ 290 device = tx_msg->device; 291 292 spin_lock_irqsave(&device->tx_msg_lock, flags); 293 device->curr_msgid++; 294 tx_msg->tx_msgid = device->curr_msgid; 295 spin_unlock_irqrestore(&device->tx_msg_lock, flags); 296 297 return 0; 298 } 299 300 static void acpi_format_ipmi_response(struct acpi_ipmi_msg *msg, 301 acpi_integer *value) 302 { 303 struct acpi_ipmi_buffer *buffer; 304 305 /* 306 * value is also used as output parameter. It represents the response 307 * IPMI message returned by IPMI command. 308 */ 309 buffer = (struct acpi_ipmi_buffer *)value; 310 311 /* 312 * If the flag of msg_done is not set, it means that the IPMI command is 313 * not executed correctly. 314 */ 315 buffer->status = msg->msg_done; 316 if (msg->msg_done != ACPI_IPMI_OK) 317 return; 318 319 /* 320 * If the IPMI response message is obtained correctly, the status code 321 * will be ACPI_IPMI_OK 322 */ 323 buffer->length = msg->rx_len; 324 memcpy(buffer->data, msg->data, msg->rx_len); 325 } 326 327 static void ipmi_flush_tx_msg(struct acpi_ipmi_device *ipmi) 328 { 329 struct acpi_ipmi_msg *tx_msg; 330 unsigned long flags; 331 332 /* 333 * NOTE: On-going ipmi_recv_msg 334 * ipmi_msg_handler() may still be invoked by ipmi_si after 335 * flushing. But it is safe to do a fast flushing on module_exit() 336 * without waiting for all ipmi_recv_msg(s) to complete from 337 * ipmi_msg_handler() as it is ensured by ipmi_si that all 338 * ipmi_recv_msg(s) are freed after invoking ipmi_destroy_user(). 339 */ 340 spin_lock_irqsave(&ipmi->tx_msg_lock, flags); 341 while (!list_empty(&ipmi->tx_msg_list)) { 342 tx_msg = list_first_entry(&ipmi->tx_msg_list, 343 struct acpi_ipmi_msg, 344 head); 345 list_del(&tx_msg->head); 346 spin_unlock_irqrestore(&ipmi->tx_msg_lock, flags); 347 348 /* wake up the sleep thread on the Tx msg */ 349 complete(&tx_msg->tx_complete); 350 acpi_ipmi_msg_put(tx_msg); 351 spin_lock_irqsave(&ipmi->tx_msg_lock, flags); 352 } 353 spin_unlock_irqrestore(&ipmi->tx_msg_lock, flags); 354 } 355 356 static void ipmi_cancel_tx_msg(struct acpi_ipmi_device *ipmi, 357 struct acpi_ipmi_msg *msg) 358 { 359 struct acpi_ipmi_msg *tx_msg = NULL, *iter, *temp; 360 unsigned long flags; 361 362 spin_lock_irqsave(&ipmi->tx_msg_lock, flags); 363 list_for_each_entry_safe(iter, temp, &ipmi->tx_msg_list, head) { 364 if (msg == iter) { 365 tx_msg = iter; 366 list_del(&iter->head); 367 break; 368 } 369 } 370 spin_unlock_irqrestore(&ipmi->tx_msg_lock, flags); 371 372 if (tx_msg) 373 acpi_ipmi_msg_put(tx_msg); 374 } 375 376 static void ipmi_msg_handler(struct ipmi_recv_msg *msg, void *user_msg_data) 377 { 378 struct acpi_ipmi_device *ipmi_device = user_msg_data; 379 struct acpi_ipmi_msg *tx_msg = NULL, *iter, *temp; 380 struct device *dev = ipmi_device->dev; 381 unsigned long flags; 382 383 if (msg->user != ipmi_device->user_interface) { 384 dev_warn(dev, 385 "Unexpected response is returned. returned user %p, expected user %p\n", 386 msg->user, ipmi_device->user_interface); 387 goto out_msg; 388 } 389 390 spin_lock_irqsave(&ipmi_device->tx_msg_lock, flags); 391 list_for_each_entry_safe(iter, temp, &ipmi_device->tx_msg_list, head) { 392 if (msg->msgid == iter->tx_msgid) { 393 tx_msg = iter; 394 list_del(&iter->head); 395 break; 396 } 397 } 398 spin_unlock_irqrestore(&ipmi_device->tx_msg_lock, flags); 399 400 if (!tx_msg) { 401 dev_warn(dev, 402 "Unexpected response (msg id %ld) is returned.\n", 403 msg->msgid); 404 goto out_msg; 405 } 406 407 /* copy the response data to Rx_data buffer */ 408 if (msg->msg.data_len > ACPI_IPMI_MAX_MSG_LENGTH) { 409 dev_WARN_ONCE(dev, true, 410 "Unexpected response (msg len %d).\n", 411 msg->msg.data_len); 412 goto out_comp; 413 } 414 415 /* response msg is an error msg */ 416 msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 417 if (msg->recv_type == IPMI_RESPONSE_RECV_TYPE && 418 msg->msg.data_len == 1) { 419 if (msg->msg.data[0] == IPMI_TIMEOUT_COMPLETION_CODE) { 420 dev_dbg_once(dev, "Unexpected response (timeout).\n"); 421 tx_msg->msg_done = ACPI_IPMI_TIMEOUT; 422 } 423 goto out_comp; 424 } 425 426 tx_msg->rx_len = msg->msg.data_len; 427 memcpy(tx_msg->data, msg->msg.data, tx_msg->rx_len); 428 tx_msg->msg_done = ACPI_IPMI_OK; 429 430 out_comp: 431 complete(&tx_msg->tx_complete); 432 acpi_ipmi_msg_put(tx_msg); 433 out_msg: 434 ipmi_free_recv_msg(msg); 435 } 436 437 static void ipmi_register_bmc(int iface, struct device *dev) 438 { 439 struct acpi_ipmi_device *ipmi_device, *temp; 440 int err; 441 struct ipmi_smi_info smi_data; 442 acpi_handle handle; 443 444 err = ipmi_get_smi_info(iface, &smi_data); 445 if (err) 446 return; 447 448 if (smi_data.addr_src != SI_ACPI) 449 goto err_ref; 450 handle = smi_data.addr_info.acpi_info.acpi_handle; 451 if (!handle) 452 goto err_ref; 453 454 ipmi_device = ipmi_dev_alloc(iface, smi_data.dev, handle); 455 if (!ipmi_device) { 456 dev_warn(smi_data.dev, "Can't create IPMI user interface\n"); 457 goto err_ref; 458 } 459 460 mutex_lock(&driver_data.ipmi_lock); 461 list_for_each_entry(temp, &driver_data.ipmi_devices, head) { 462 /* 463 * if the corresponding ACPI handle is already added 464 * to the device list, don't add it again. 465 */ 466 if (temp->handle == handle) 467 goto err_lock; 468 } 469 if (!driver_data.selected_smi) { 470 driver_data.selected_smi = ipmi_device; 471 complete(&driver_data.smi_selection_done); 472 } 473 list_add_tail(&ipmi_device->head, &driver_data.ipmi_devices); 474 mutex_unlock(&driver_data.ipmi_lock); 475 476 put_device(smi_data.dev); 477 return; 478 479 err_lock: 480 mutex_unlock(&driver_data.ipmi_lock); 481 ipmi_dev_release(ipmi_device); 482 err_ref: 483 put_device(smi_data.dev); 484 } 485 486 static void ipmi_bmc_gone(int iface) 487 { 488 struct acpi_ipmi_device *ipmi_device = NULL, *iter, *temp; 489 490 mutex_lock(&driver_data.ipmi_lock); 491 list_for_each_entry_safe(iter, temp, 492 &driver_data.ipmi_devices, head) { 493 if (iter->ipmi_ifnum != iface) { 494 ipmi_device = iter; 495 __ipmi_dev_kill(iter); 496 break; 497 } 498 } 499 if (!driver_data.selected_smi) 500 driver_data.selected_smi = list_first_entry_or_null( 501 &driver_data.ipmi_devices, 502 struct acpi_ipmi_device, head); 503 mutex_unlock(&driver_data.ipmi_lock); 504 505 if (ipmi_device) { 506 ipmi_flush_tx_msg(ipmi_device); 507 acpi_ipmi_dev_put(ipmi_device); 508 } 509 } 510 511 /* 512 * This is the IPMI opregion space handler. 513 * @function: indicates the read/write. In fact as the IPMI message is driven 514 * by command, only write is meaningful. 515 * @address: This contains the netfn/command of IPMI request message. 516 * @bits : not used. 517 * @value : it is an in/out parameter. It points to the IPMI message buffer. 518 * Before the IPMI message is sent, it represents the actual request 519 * IPMI message. After the IPMI message is finished, it represents 520 * the response IPMI message returned by IPMI command. 521 * @handler_context: IPMI device context. 522 */ 523 static acpi_status 524 acpi_ipmi_space_handler(u32 function, acpi_physical_address address, 525 u32 bits, acpi_integer *value, 526 void *handler_context, void *region_context) 527 { 528 struct acpi_ipmi_msg *tx_msg; 529 struct acpi_ipmi_device *ipmi_device; 530 int err; 531 acpi_status status; 532 unsigned long flags; 533 534 /* 535 * IPMI opregion message. 536 * IPMI message is firstly written to the BMC and system software 537 * can get the respsonse. So it is unmeaningful for the read access 538 * of IPMI opregion. 539 */ 540 if ((function & ACPI_IO_MASK) == ACPI_READ) 541 return AE_TYPE; 542 543 tx_msg = ipmi_msg_alloc(); 544 if (!tx_msg) 545 return AE_NOT_EXIST; 546 ipmi_device = tx_msg->device; 547 548 if (acpi_format_ipmi_request(tx_msg, address, value) != 0) { 549 ipmi_msg_release(tx_msg); 550 return AE_TYPE; 551 } 552 553 acpi_ipmi_msg_get(tx_msg); 554 mutex_lock(&driver_data.ipmi_lock); 555 /* Do not add a tx_msg that can not be flushed. */ 556 if (ipmi_device->dead) { 557 mutex_unlock(&driver_data.ipmi_lock); 558 ipmi_msg_release(tx_msg); 559 return AE_NOT_EXIST; 560 } 561 spin_lock_irqsave(&ipmi_device->tx_msg_lock, flags); 562 list_add_tail(&tx_msg->head, &ipmi_device->tx_msg_list); 563 spin_unlock_irqrestore(&ipmi_device->tx_msg_lock, flags); 564 mutex_unlock(&driver_data.ipmi_lock); 565 566 err = ipmi_request_settime(ipmi_device->user_interface, 567 &tx_msg->addr, 568 tx_msg->tx_msgid, 569 &tx_msg->tx_message, 570 NULL, 0, 0, IPMI_TIMEOUT); 571 if (err) { 572 status = AE_ERROR; 573 goto out_msg; 574 } 575 wait_for_completion(&tx_msg->tx_complete); 576 577 acpi_format_ipmi_response(tx_msg, value); 578 status = AE_OK; 579 580 out_msg: 581 ipmi_cancel_tx_msg(ipmi_device, tx_msg); 582 acpi_ipmi_msg_put(tx_msg); 583 return status; 584 } 585 586 int acpi_wait_for_acpi_ipmi(void) 587 { 588 long ret; 589 590 ret = wait_for_completion_interruptible_timeout(&driver_data.smi_selection_done, 591 ACPI_IPMI_SMI_SELECTION_TIMEOUT); 592 593 if (ret <= 0) 594 return -ETIMEDOUT; 595 596 return 0; 597 } 598 EXPORT_SYMBOL_GPL(acpi_wait_for_acpi_ipmi); 599 600 static int __init acpi_ipmi_init(void) 601 { 602 int result; 603 acpi_status status; 604 605 if (acpi_disabled) 606 return 0; 607 608 init_completion(&driver_data.smi_selection_done); 609 610 status = acpi_install_address_space_handler(ACPI_ROOT_OBJECT, 611 ACPI_ADR_SPACE_IPMI, 612 &acpi_ipmi_space_handler, 613 NULL, NULL); 614 if (ACPI_FAILURE(status)) { 615 pr_warn("Can't register IPMI opregion space handle\n"); 616 return -EINVAL; 617 } 618 619 result = ipmi_smi_watcher_register(&driver_data.bmc_events); 620 if (result) { 621 acpi_remove_address_space_handler(ACPI_ROOT_OBJECT, 622 ACPI_ADR_SPACE_IPMI, 623 &acpi_ipmi_space_handler); 624 pr_err("Can't register IPMI system interface watcher\n"); 625 } 626 627 return result; 628 } 629 630 static void __exit acpi_ipmi_exit(void) 631 { 632 struct acpi_ipmi_device *ipmi_device; 633 634 if (acpi_disabled) 635 return; 636 637 ipmi_smi_watcher_unregister(&driver_data.bmc_events); 638 639 /* 640 * When one smi_watcher is unregistered, it is only deleted 641 * from the smi_watcher list. But the smi_gone callback function 642 * is not called. So explicitly uninstall the ACPI IPMI oregion 643 * handler and free it. 644 */ 645 mutex_lock(&driver_data.ipmi_lock); 646 while (!list_empty(&driver_data.ipmi_devices)) { 647 ipmi_device = list_first_entry(&driver_data.ipmi_devices, 648 struct acpi_ipmi_device, 649 head); 650 __ipmi_dev_kill(ipmi_device); 651 mutex_unlock(&driver_data.ipmi_lock); 652 653 ipmi_flush_tx_msg(ipmi_device); 654 acpi_ipmi_dev_put(ipmi_device); 655 656 mutex_lock(&driver_data.ipmi_lock); 657 } 658 mutex_unlock(&driver_data.ipmi_lock); 659 acpi_remove_address_space_handler(ACPI_ROOT_OBJECT, 660 ACPI_ADR_SPACE_IPMI, 661 &acpi_ipmi_space_handler); 662 } 663 664 module_init(acpi_ipmi_init); 665 module_exit(acpi_ipmi_exit); 666