1 // SPDX-License-Identifier: GPL-2.0 2 3 /* 4 * Driver to talk to a remote management controller on IPMB. 5 */ 6 7 #include <linux/acpi.h> 8 #include <linux/errno.h> 9 #include <linux/i2c.h> 10 #include <linux/miscdevice.h> 11 #include <linux/module.h> 12 #include <linux/mutex.h> 13 #include <linux/poll.h> 14 #include <linux/slab.h> 15 #include <linux/spinlock.h> 16 #include <linux/semaphore.h> 17 #include <linux/kthread.h> 18 #include <linux/wait.h> 19 #include <linux/ipmi_msgdefs.h> 20 #include <linux/ipmi_smi.h> 21 22 #define DEVICE_NAME "ipmi-ipmb" 23 24 static int bmcaddr = 0x20; 25 module_param(bmcaddr, int, 0644); 26 MODULE_PARM_DESC(bmcaddr, "Address to use for BMC."); 27 28 static unsigned int retry_time_ms = 250; 29 module_param(retry_time_ms, uint, 0644); 30 MODULE_PARM_DESC(retry_time_ms, "Timeout time between retries, in milliseconds."); 31 32 static unsigned int max_retries = 1; 33 module_param(max_retries, uint, 0644); 34 MODULE_PARM_DESC(max_retries, "Max resends of a command before timing out."); 35 36 /* Add room for the two slave addresses, two checksums, and rqSeq. */ 37 #define IPMB_MAX_MSG_LEN (IPMI_MAX_MSG_LENGTH + 5) 38 39 struct ipmi_ipmb_dev { 40 struct ipmi_smi *intf; 41 struct i2c_client *client; 42 struct i2c_client *slave; 43 44 struct ipmi_smi_handlers handlers; 45 46 bool ready; 47 48 u8 curr_seq; 49 50 u8 bmcaddr; 51 u32 retry_time_ms; 52 u32 max_retries; 53 54 struct ipmi_smi_msg *next_msg; 55 struct ipmi_smi_msg *working_msg; 56 57 /* Transmit thread. */ 58 struct task_struct *thread; 59 struct semaphore wake_thread; 60 struct semaphore got_rsp; 61 spinlock_t lock; 62 bool stopping; 63 64 u8 xmitmsg[IPMB_MAX_MSG_LEN]; 65 unsigned int xmitlen; 66 67 u8 rcvmsg[IPMB_MAX_MSG_LEN]; 68 unsigned int rcvlen; 69 bool overrun; 70 }; 71 72 static bool valid_ipmb(struct ipmi_ipmb_dev *iidev) 73 { 74 u8 *msg = iidev->rcvmsg; 75 u8 netfn; 76 77 if (iidev->overrun) 78 return false; 79 80 /* Minimum message size. */ 81 if (iidev->rcvlen < 7) 82 return false; 83 84 /* Is it a response? */ 85 netfn = msg[1] >> 2; 86 if (netfn & 1) { 87 /* Response messages have an added completion code. */ 88 if (iidev->rcvlen < 8) 89 return false; 90 } 91 92 if (ipmb_checksum(msg, 3) != 0) 93 return false; 94 if (ipmb_checksum(msg + 3, iidev->rcvlen - 3) != 0) 95 return false; 96 97 return true; 98 } 99 100 static void ipmi_ipmb_check_msg_done(struct ipmi_ipmb_dev *iidev) 101 { 102 struct ipmi_smi_msg *imsg = NULL; 103 u8 *msg = iidev->rcvmsg; 104 bool is_cmd; 105 unsigned long flags; 106 107 if (iidev->rcvlen == 0) 108 return; 109 if (!valid_ipmb(iidev)) 110 goto done; 111 112 is_cmd = ((msg[1] >> 2) & 1) == 0; 113 114 if (is_cmd) { 115 /* Ignore commands until we are up. */ 116 if (!iidev->ready) 117 goto done; 118 119 /* It's a command, allocate a message for it. */ 120 imsg = ipmi_alloc_smi_msg(); 121 if (!imsg) 122 goto done; 123 imsg->type = IPMI_SMI_MSG_TYPE_IPMB_DIRECT; 124 imsg->data_size = 0; 125 } else { 126 spin_lock_irqsave(&iidev->lock, flags); 127 if (iidev->working_msg) { 128 u8 seq = msg[4] >> 2; 129 bool xmit_rsp = (iidev->working_msg->data[0] >> 2) & 1; 130 131 /* 132 * Responses should carry the sequence we sent 133 * them with. If it's a transmitted response, 134 * ignore it. And if the message hasn't been 135 * transmitted, ignore it. 136 */ 137 if (!xmit_rsp && seq == iidev->curr_seq) { 138 iidev->curr_seq = (iidev->curr_seq + 1) & 0x3f; 139 140 imsg = iidev->working_msg; 141 iidev->working_msg = NULL; 142 } 143 } 144 spin_unlock_irqrestore(&iidev->lock, flags); 145 } 146 147 if (!imsg) 148 goto done; 149 150 if (imsg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) { 151 imsg->rsp[0] = msg[1]; /* NetFn/LUN */ 152 /* 153 * Keep the source address, rqSeq. Drop the trailing 154 * checksum. 155 */ 156 memcpy(imsg->rsp + 1, msg + 3, iidev->rcvlen - 4); 157 imsg->rsp_size = iidev->rcvlen - 3; 158 } else { 159 imsg->rsp[0] = msg[1]; /* NetFn/LUN */ 160 /* 161 * Skip the source address, rqSeq. Drop the trailing 162 * checksum. 163 */ 164 memcpy(imsg->rsp + 1, msg + 5, iidev->rcvlen - 6); 165 imsg->rsp_size = iidev->rcvlen - 5; 166 } 167 ipmi_smi_msg_received(iidev->intf, imsg); 168 if (!is_cmd) 169 up(&iidev->got_rsp); 170 171 done: 172 iidev->overrun = false; 173 iidev->rcvlen = 0; 174 } 175 176 /* 177 * The IPMB protocol only supports i2c writes so there is no need to 178 * support I2C_SLAVE_READ* events, except to know if the other end has 179 * issued a read without going to stop mode. 180 */ 181 static int ipmi_ipmb_slave_cb(struct i2c_client *client, 182 enum i2c_slave_event event, u8 *val) 183 { 184 struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client); 185 186 switch (event) { 187 case I2C_SLAVE_WRITE_REQUESTED: 188 ipmi_ipmb_check_msg_done(iidev); 189 /* 190 * First byte is the slave address, to ease the checksum 191 * calculation. 192 */ 193 iidev->rcvmsg[0] = client->addr << 1; 194 iidev->rcvlen = 1; 195 break; 196 197 case I2C_SLAVE_WRITE_RECEIVED: 198 if (iidev->rcvlen >= sizeof(iidev->rcvmsg)) 199 iidev->overrun = true; 200 else 201 iidev->rcvmsg[iidev->rcvlen++] = *val; 202 break; 203 204 case I2C_SLAVE_READ_REQUESTED: 205 *val = 0xff; 206 ipmi_ipmb_check_msg_done(iidev); 207 break; 208 209 case I2C_SLAVE_STOP: 210 ipmi_ipmb_check_msg_done(iidev); 211 break; 212 213 case I2C_SLAVE_READ_PROCESSED: 214 *val = 0xff; 215 break; 216 } 217 218 return 0; 219 } 220 221 static void ipmi_ipmb_send_response(struct ipmi_ipmb_dev *iidev, 222 struct ipmi_smi_msg *msg, u8 cc) 223 { 224 if ((msg->data[0] >> 2) & 1) { 225 /* 226 * It's a response being sent, we need to return a 227 * response to the response. Fake a send msg command 228 * response with channel 0. This will always be ipmb 229 * direct. 230 */ 231 msg->data[0] = (IPMI_NETFN_APP_REQUEST | 1) << 2; 232 msg->data[3] = IPMI_SEND_MSG_CMD; 233 msg->data[4] = cc; 234 msg->data_size = 5; 235 } 236 msg->rsp[0] = msg->data[0] | (1 << 2); 237 if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) { 238 msg->rsp[1] = msg->data[1]; 239 msg->rsp[2] = msg->data[2]; 240 msg->rsp[3] = msg->data[3]; 241 msg->rsp[4] = cc; 242 msg->rsp_size = 5; 243 } else { 244 msg->rsp[1] = msg->data[1]; 245 msg->rsp[2] = cc; 246 msg->rsp_size = 3; 247 } 248 ipmi_smi_msg_received(iidev->intf, msg); 249 } 250 251 static void ipmi_ipmb_format_for_xmit(struct ipmi_ipmb_dev *iidev, 252 struct ipmi_smi_msg *msg) 253 { 254 if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) { 255 iidev->xmitmsg[0] = msg->data[1]; 256 iidev->xmitmsg[1] = msg->data[0]; 257 memcpy(iidev->xmitmsg + 4, msg->data + 2, msg->data_size - 2); 258 iidev->xmitlen = msg->data_size + 2; 259 } else { 260 iidev->xmitmsg[0] = iidev->bmcaddr; 261 iidev->xmitmsg[1] = msg->data[0]; 262 iidev->xmitmsg[4] = 0; 263 memcpy(iidev->xmitmsg + 5, msg->data + 1, msg->data_size - 1); 264 iidev->xmitlen = msg->data_size + 4; 265 } 266 iidev->xmitmsg[3] = iidev->slave->addr << 1; 267 if (((msg->data[0] >> 2) & 1) == 0) 268 /* If it's a command, put in our own sequence number. */ 269 iidev->xmitmsg[4] = ((iidev->xmitmsg[4] & 0x03) | 270 (iidev->curr_seq << 2)); 271 272 /* Now add on the final checksums. */ 273 iidev->xmitmsg[2] = ipmb_checksum(iidev->xmitmsg, 2); 274 iidev->xmitmsg[iidev->xmitlen] = 275 ipmb_checksum(iidev->xmitmsg + 3, iidev->xmitlen - 3); 276 iidev->xmitlen++; 277 } 278 279 static int ipmi_ipmb_thread(void *data) 280 { 281 struct ipmi_ipmb_dev *iidev = data; 282 283 while (!kthread_should_stop()) { 284 long ret; 285 struct i2c_msg i2c_msg; 286 struct ipmi_smi_msg *msg = NULL; 287 unsigned long flags; 288 unsigned int retries = 0; 289 290 /* Wait for a message to send */ 291 ret = down_interruptible(&iidev->wake_thread); 292 if (iidev->stopping) 293 break; 294 if (ret) 295 continue; 296 297 spin_lock_irqsave(&iidev->lock, flags); 298 if (iidev->next_msg) { 299 msg = iidev->next_msg; 300 iidev->next_msg = NULL; 301 } 302 spin_unlock_irqrestore(&iidev->lock, flags); 303 if (!msg) 304 continue; 305 306 ipmi_ipmb_format_for_xmit(iidev, msg); 307 308 retry: 309 i2c_msg.len = iidev->xmitlen - 1; 310 if (i2c_msg.len > 32) { 311 ipmi_ipmb_send_response(iidev, msg, 312 IPMI_REQ_LEN_EXCEEDED_ERR); 313 continue; 314 } 315 316 i2c_msg.addr = iidev->xmitmsg[0] >> 1; 317 i2c_msg.flags = 0; 318 i2c_msg.buf = iidev->xmitmsg + 1; 319 320 /* Rely on i2c_transfer for a barrier. */ 321 iidev->working_msg = msg; 322 323 ret = i2c_transfer(iidev->client->adapter, &i2c_msg, 1); 324 325 if ((msg->data[0] >> 2) & 1) { 326 /* 327 * It's a response, nothing will be returned 328 * by the other end. 329 */ 330 331 iidev->working_msg = NULL; 332 ipmi_ipmb_send_response(iidev, msg, 333 ret < 0 ? IPMI_BUS_ERR : 0); 334 continue; 335 } 336 if (ret < 0) { 337 iidev->working_msg = NULL; 338 ipmi_ipmb_send_response(iidev, msg, IPMI_BUS_ERR); 339 continue; 340 } 341 342 /* A command was sent, wait for its response. */ 343 ret = down_timeout(&iidev->got_rsp, 344 msecs_to_jiffies(iidev->retry_time_ms)); 345 346 /* 347 * Grab the message if we can. If the handler hasn't 348 * already handled it, the message will still be there. 349 */ 350 spin_lock_irqsave(&iidev->lock, flags); 351 msg = iidev->working_msg; 352 iidev->working_msg = NULL; 353 spin_unlock_irqrestore(&iidev->lock, flags); 354 355 if (!msg && ret) { 356 /* 357 * If working_msg is not set and we timed out, 358 * that means the message grabbed by 359 * check_msg_done before we could grab it 360 * here. Wait again for check_msg_done to up 361 * the semaphore. 362 */ 363 down(&iidev->got_rsp); 364 } else if (msg && ++retries <= iidev->max_retries) { 365 spin_lock_irqsave(&iidev->lock, flags); 366 iidev->working_msg = msg; 367 spin_unlock_irqrestore(&iidev->lock, flags); 368 goto retry; 369 } 370 371 if (msg) 372 ipmi_ipmb_send_response(iidev, msg, IPMI_TIMEOUT_ERR); 373 } 374 375 if (iidev->next_msg) 376 /* Return an unspecified error. */ 377 ipmi_ipmb_send_response(iidev, iidev->next_msg, 0xff); 378 379 return 0; 380 } 381 382 static int ipmi_ipmb_start_processing(void *send_info, 383 struct ipmi_smi *new_intf) 384 { 385 struct ipmi_ipmb_dev *iidev = send_info; 386 387 iidev->intf = new_intf; 388 iidev->ready = true; 389 return 0; 390 } 391 392 static void ipmi_ipmb_stop_thread(struct ipmi_ipmb_dev *iidev) 393 { 394 if (iidev->thread) { 395 struct task_struct *t = iidev->thread; 396 397 iidev->thread = NULL; 398 iidev->stopping = true; 399 up(&iidev->wake_thread); 400 up(&iidev->got_rsp); 401 kthread_stop(t); 402 } 403 } 404 405 static void ipmi_ipmb_shutdown(void *send_info) 406 { 407 struct ipmi_ipmb_dev *iidev = send_info; 408 409 ipmi_ipmb_stop_thread(iidev); 410 } 411 412 static int ipmi_ipmb_sender(void *send_info, struct ipmi_smi_msg *msg) 413 { 414 struct ipmi_ipmb_dev *iidev = send_info; 415 unsigned long flags; 416 417 spin_lock_irqsave(&iidev->lock, flags); 418 BUG_ON(iidev->next_msg); 419 420 iidev->next_msg = msg; 421 spin_unlock_irqrestore(&iidev->lock, flags); 422 423 up(&iidev->wake_thread); 424 return IPMI_CC_NO_ERROR; 425 } 426 427 static void ipmi_ipmb_request_events(void *send_info) 428 { 429 /* We don't fetch events here. */ 430 } 431 432 static void ipmi_ipmb_cleanup(struct ipmi_ipmb_dev *iidev) 433 { 434 if (iidev->slave) { 435 i2c_slave_unregister(iidev->slave); 436 if (iidev->slave != iidev->client) 437 i2c_unregister_device(iidev->slave); 438 } 439 iidev->slave = NULL; 440 iidev->client = NULL; 441 ipmi_ipmb_stop_thread(iidev); 442 } 443 444 static void ipmi_ipmb_remove(struct i2c_client *client) 445 { 446 struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client); 447 448 ipmi_ipmb_cleanup(iidev); 449 ipmi_unregister_smi(iidev->intf); 450 } 451 452 static int ipmi_ipmb_probe(struct i2c_client *client) 453 { 454 struct device *dev = &client->dev; 455 struct ipmi_ipmb_dev *iidev; 456 struct device_node *slave_np; 457 struct i2c_adapter *slave_adap = NULL; 458 struct i2c_client *slave = NULL; 459 int rv; 460 461 iidev = devm_kzalloc(&client->dev, sizeof(*iidev), GFP_KERNEL); 462 if (!iidev) 463 return -ENOMEM; 464 465 if (of_property_read_u8(dev->of_node, "bmcaddr", &iidev->bmcaddr) != 0) 466 iidev->bmcaddr = bmcaddr; 467 if (iidev->bmcaddr == 0 || iidev->bmcaddr & 1) { 468 /* Can't have the write bit set. */ 469 dev_notice(&client->dev, 470 "Invalid bmc address value %2.2x\n", iidev->bmcaddr); 471 return -EINVAL; 472 } 473 474 if (of_property_read_u32(dev->of_node, "retry-time", 475 &iidev->retry_time_ms) != 0) 476 iidev->retry_time_ms = retry_time_ms; 477 478 if (of_property_read_u32(dev->of_node, "max-retries", 479 &iidev->max_retries) != 0) 480 iidev->max_retries = max_retries; 481 482 slave_np = of_parse_phandle(dev->of_node, "slave-dev", 0); 483 if (slave_np) { 484 slave_adap = of_get_i2c_adapter_by_node(slave_np); 485 of_node_put(slave_np); 486 if (!slave_adap) { 487 dev_notice(&client->dev, 488 "Could not find slave adapter\n"); 489 return -EINVAL; 490 } 491 } 492 493 iidev->client = client; 494 495 if (slave_adap) { 496 struct i2c_board_info binfo; 497 498 memset(&binfo, 0, sizeof(binfo)); 499 strscpy(binfo.type, "ipmb-slave", I2C_NAME_SIZE); 500 binfo.addr = client->addr; 501 binfo.flags = I2C_CLIENT_SLAVE; 502 slave = i2c_new_client_device(slave_adap, &binfo); 503 i2c_put_adapter(slave_adap); 504 if (IS_ERR(slave)) { 505 rv = PTR_ERR(slave); 506 dev_notice(&client->dev, 507 "Could not allocate slave device: %d\n", rv); 508 return rv; 509 } 510 i2c_set_clientdata(slave, iidev); 511 } else { 512 slave = client; 513 } 514 i2c_set_clientdata(client, iidev); 515 slave->flags |= I2C_CLIENT_SLAVE; 516 517 rv = i2c_slave_register(slave, ipmi_ipmb_slave_cb); 518 if (rv) 519 goto out_err; 520 iidev->slave = slave; 521 slave = NULL; 522 523 iidev->handlers.flags = IPMI_SMI_CAN_HANDLE_IPMB_DIRECT; 524 iidev->handlers.start_processing = ipmi_ipmb_start_processing; 525 iidev->handlers.shutdown = ipmi_ipmb_shutdown; 526 iidev->handlers.sender = ipmi_ipmb_sender; 527 iidev->handlers.request_events = ipmi_ipmb_request_events; 528 529 spin_lock_init(&iidev->lock); 530 sema_init(&iidev->wake_thread, 0); 531 sema_init(&iidev->got_rsp, 0); 532 533 iidev->thread = kthread_run(ipmi_ipmb_thread, iidev, 534 "kipmb%4.4x", client->addr); 535 if (IS_ERR(iidev->thread)) { 536 rv = PTR_ERR(iidev->thread); 537 dev_notice(&client->dev, 538 "Could not start kernel thread: error %d\n", rv); 539 goto out_err; 540 } 541 542 rv = ipmi_register_smi(&iidev->handlers, 543 iidev, 544 &client->dev, 545 iidev->bmcaddr); 546 if (rv) 547 goto out_err; 548 549 return 0; 550 551 out_err: 552 if (slave && slave != client) 553 i2c_unregister_device(slave); 554 ipmi_ipmb_cleanup(iidev); 555 return rv; 556 } 557 558 #ifdef CONFIG_OF 559 static const struct of_device_id of_ipmi_ipmb_match[] = { 560 { .type = "ipmi", .compatible = DEVICE_NAME }, 561 {}, 562 }; 563 MODULE_DEVICE_TABLE(of, of_ipmi_ipmb_match); 564 #else 565 #define of_ipmi_ipmb_match NULL 566 #endif 567 568 static const struct i2c_device_id ipmi_ipmb_id[] = { 569 { DEVICE_NAME }, 570 {} 571 }; 572 MODULE_DEVICE_TABLE(i2c, ipmi_ipmb_id); 573 574 static struct i2c_driver ipmi_ipmb_driver = { 575 .class = I2C_CLASS_HWMON, 576 .driver = { 577 .name = DEVICE_NAME, 578 .of_match_table = of_ipmi_ipmb_match, 579 }, 580 .probe = ipmi_ipmb_probe, 581 .remove = ipmi_ipmb_remove, 582 .id_table = ipmi_ipmb_id, 583 }; 584 module_i2c_driver(ipmi_ipmb_driver); 585 586 MODULE_AUTHOR("Corey Minyard"); 587 MODULE_DESCRIPTION("IPMI IPMB driver"); 588 MODULE_LICENSE("GPL v2"); 589