1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * ipmi_msghandler.c 4 * 5 * Incoming and outgoing message routing for an IPMI interface. 6 * 7 * Author: MontaVista Software, Inc. 8 * Corey Minyard <minyard@mvista.com> 9 * source@mvista.com 10 * 11 * Copyright 2002 MontaVista Software Inc. 12 */ 13 14 #define pr_fmt(fmt) "%s" fmt, "IPMI message handler: " 15 #define dev_fmt pr_fmt 16 17 #include <linux/module.h> 18 #include <linux/errno.h> 19 #include <linux/poll.h> 20 #include <linux/sched.h> 21 #include <linux/seq_file.h> 22 #include <linux/spinlock.h> 23 #include <linux/mutex.h> 24 #include <linux/slab.h> 25 #include <linux/ipmi.h> 26 #include <linux/ipmi_smi.h> 27 #include <linux/notifier.h> 28 #include <linux/init.h> 29 #include <linux/proc_fs.h> 30 #include <linux/rcupdate.h> 31 #include <linux/interrupt.h> 32 #include <linux/moduleparam.h> 33 #include <linux/workqueue.h> 34 #include <linux/uuid.h> 35 #include <linux/nospec.h> 36 37 #define IPMI_DRIVER_VERSION "39.2" 38 39 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void); 40 static int ipmi_init_msghandler(void); 41 static void smi_recv_tasklet(unsigned long); 42 static void handle_new_recv_msgs(struct ipmi_smi *intf); 43 static void need_waiter(struct ipmi_smi *intf); 44 static int handle_one_recv_msg(struct ipmi_smi *intf, 45 struct ipmi_smi_msg *msg); 46 47 static bool initialized; 48 static bool drvregistered; 49 50 enum ipmi_panic_event_op { 51 IPMI_SEND_PANIC_EVENT_NONE, 52 IPMI_SEND_PANIC_EVENT, 53 IPMI_SEND_PANIC_EVENT_STRING 54 }; 55 #ifdef CONFIG_IPMI_PANIC_STRING 56 #define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT_STRING 57 #elif defined(CONFIG_IPMI_PANIC_EVENT) 58 #define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT 59 #else 60 #define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT_NONE 61 #endif 62 static enum ipmi_panic_event_op ipmi_send_panic_event = IPMI_PANIC_DEFAULT; 63 64 static int panic_op_write_handler(const char *val, 65 const struct kernel_param *kp) 66 { 67 char valcp[16]; 68 char *s; 69 70 strncpy(valcp, val, 15); 71 valcp[15] = '\0'; 72 73 s = strstrip(valcp); 74 75 if (strcmp(s, "none") == 0) 76 ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT_NONE; 77 else if (strcmp(s, "event") == 0) 78 ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT; 79 else if (strcmp(s, "string") == 0) 80 ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT_STRING; 81 else 82 return -EINVAL; 83 84 return 0; 85 } 86 87 static int panic_op_read_handler(char *buffer, const struct kernel_param *kp) 88 { 89 switch (ipmi_send_panic_event) { 90 case IPMI_SEND_PANIC_EVENT_NONE: 91 strcpy(buffer, "none"); 92 break; 93 94 case IPMI_SEND_PANIC_EVENT: 95 strcpy(buffer, "event"); 96 break; 97 98 case IPMI_SEND_PANIC_EVENT_STRING: 99 strcpy(buffer, "string"); 100 break; 101 102 default: 103 strcpy(buffer, "???"); 104 break; 105 } 106 107 return strlen(buffer); 108 } 109 110 static const struct kernel_param_ops panic_op_ops = { 111 .set = panic_op_write_handler, 112 .get = panic_op_read_handler 113 }; 114 module_param_cb(panic_op, &panic_op_ops, NULL, 0600); 115 MODULE_PARM_DESC(panic_op, "Sets if the IPMI driver will attempt to store panic information in the event log in the event of a panic. Set to 'none' for no, 'event' for a single event, or 'string' for a generic event and the panic string in IPMI OEM events."); 116 117 118 #define MAX_EVENTS_IN_QUEUE 25 119 120 /* Remain in auto-maintenance mode for this amount of time (in ms). */ 121 static unsigned long maintenance_mode_timeout_ms = 30000; 122 module_param(maintenance_mode_timeout_ms, ulong, 0644); 123 MODULE_PARM_DESC(maintenance_mode_timeout_ms, 124 "The time (milliseconds) after the last maintenance message that the connection stays in maintenance mode."); 125 126 /* 127 * Don't let a message sit in a queue forever, always time it with at lest 128 * the max message timer. This is in milliseconds. 129 */ 130 #define MAX_MSG_TIMEOUT 60000 131 132 /* 133 * Timeout times below are in milliseconds, and are done off a 1 134 * second timer. So setting the value to 1000 would mean anything 135 * between 0 and 1000ms. So really the only reasonable minimum 136 * setting it 2000ms, which is between 1 and 2 seconds. 137 */ 138 139 /* The default timeout for message retries. */ 140 static unsigned long default_retry_ms = 2000; 141 module_param(default_retry_ms, ulong, 0644); 142 MODULE_PARM_DESC(default_retry_ms, 143 "The time (milliseconds) between retry sends"); 144 145 /* The default timeout for maintenance mode message retries. */ 146 static unsigned long default_maintenance_retry_ms = 3000; 147 module_param(default_maintenance_retry_ms, ulong, 0644); 148 MODULE_PARM_DESC(default_maintenance_retry_ms, 149 "The time (milliseconds) between retry sends in maintenance mode"); 150 151 /* The default maximum number of retries */ 152 static unsigned int default_max_retries = 4; 153 module_param(default_max_retries, uint, 0644); 154 MODULE_PARM_DESC(default_max_retries, 155 "The time (milliseconds) between retry sends in maintenance mode"); 156 157 /* Call every ~1000 ms. */ 158 #define IPMI_TIMEOUT_TIME 1000 159 160 /* How many jiffies does it take to get to the timeout time. */ 161 #define IPMI_TIMEOUT_JIFFIES ((IPMI_TIMEOUT_TIME * HZ) / 1000) 162 163 /* 164 * Request events from the queue every second (this is the number of 165 * IPMI_TIMEOUT_TIMES between event requests). Hopefully, in the 166 * future, IPMI will add a way to know immediately if an event is in 167 * the queue and this silliness can go away. 168 */ 169 #define IPMI_REQUEST_EV_TIME (1000 / (IPMI_TIMEOUT_TIME)) 170 171 /* How long should we cache dynamic device IDs? */ 172 #define IPMI_DYN_DEV_ID_EXPIRY (10 * HZ) 173 174 /* 175 * The main "user" data structure. 176 */ 177 struct ipmi_user { 178 struct list_head link; 179 180 /* 181 * Set to NULL when the user is destroyed, a pointer to myself 182 * so srcu_dereference can be used on it. 183 */ 184 struct ipmi_user *self; 185 struct srcu_struct release_barrier; 186 187 struct kref refcount; 188 189 /* The upper layer that handles receive messages. */ 190 const struct ipmi_user_hndl *handler; 191 void *handler_data; 192 193 /* The interface this user is bound to. */ 194 struct ipmi_smi *intf; 195 196 /* Does this interface receive IPMI events? */ 197 bool gets_events; 198 199 /* Free must run in process context for RCU cleanup. */ 200 struct work_struct remove_work; 201 }; 202 203 static struct ipmi_user *acquire_ipmi_user(struct ipmi_user *user, int *index) 204 __acquires(user->release_barrier) 205 { 206 struct ipmi_user *ruser; 207 208 *index = srcu_read_lock(&user->release_barrier); 209 ruser = srcu_dereference(user->self, &user->release_barrier); 210 if (!ruser) 211 srcu_read_unlock(&user->release_barrier, *index); 212 return ruser; 213 } 214 215 static void release_ipmi_user(struct ipmi_user *user, int index) 216 { 217 srcu_read_unlock(&user->release_barrier, index); 218 } 219 220 struct cmd_rcvr { 221 struct list_head link; 222 223 struct ipmi_user *user; 224 unsigned char netfn; 225 unsigned char cmd; 226 unsigned int chans; 227 228 /* 229 * This is used to form a linked lised during mass deletion. 230 * Since this is in an RCU list, we cannot use the link above 231 * or change any data until the RCU period completes. So we 232 * use this next variable during mass deletion so we can have 233 * a list and don't have to wait and restart the search on 234 * every individual deletion of a command. 235 */ 236 struct cmd_rcvr *next; 237 }; 238 239 struct seq_table { 240 unsigned int inuse : 1; 241 unsigned int broadcast : 1; 242 243 unsigned long timeout; 244 unsigned long orig_timeout; 245 unsigned int retries_left; 246 247 /* 248 * To verify on an incoming send message response that this is 249 * the message that the response is for, we keep a sequence id 250 * and increment it every time we send a message. 251 */ 252 long seqid; 253 254 /* 255 * This is held so we can properly respond to the message on a 256 * timeout, and it is used to hold the temporary data for 257 * retransmission, too. 258 */ 259 struct ipmi_recv_msg *recv_msg; 260 }; 261 262 /* 263 * Store the information in a msgid (long) to allow us to find a 264 * sequence table entry from the msgid. 265 */ 266 #define STORE_SEQ_IN_MSGID(seq, seqid) \ 267 ((((seq) & 0x3f) << 26) | ((seqid) & 0x3ffffff)) 268 269 #define GET_SEQ_FROM_MSGID(msgid, seq, seqid) \ 270 do { \ 271 seq = (((msgid) >> 26) & 0x3f); \ 272 seqid = ((msgid) & 0x3ffffff); \ 273 } while (0) 274 275 #define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3ffffff) 276 277 #define IPMI_MAX_CHANNELS 16 278 struct ipmi_channel { 279 unsigned char medium; 280 unsigned char protocol; 281 }; 282 283 struct ipmi_channel_set { 284 struct ipmi_channel c[IPMI_MAX_CHANNELS]; 285 }; 286 287 struct ipmi_my_addrinfo { 288 /* 289 * My slave address. This is initialized to IPMI_BMC_SLAVE_ADDR, 290 * but may be changed by the user. 291 */ 292 unsigned char address; 293 294 /* 295 * My LUN. This should generally stay the SMS LUN, but just in 296 * case... 297 */ 298 unsigned char lun; 299 }; 300 301 /* 302 * Note that the product id, manufacturer id, guid, and device id are 303 * immutable in this structure, so dyn_mutex is not required for 304 * accessing those. If those change on a BMC, a new BMC is allocated. 305 */ 306 struct bmc_device { 307 struct platform_device pdev; 308 struct list_head intfs; /* Interfaces on this BMC. */ 309 struct ipmi_device_id id; 310 struct ipmi_device_id fetch_id; 311 int dyn_id_set; 312 unsigned long dyn_id_expiry; 313 struct mutex dyn_mutex; /* Protects id, intfs, & dyn* */ 314 guid_t guid; 315 guid_t fetch_guid; 316 int dyn_guid_set; 317 struct kref usecount; 318 struct work_struct remove_work; 319 }; 320 #define to_bmc_device(x) container_of((x), struct bmc_device, pdev.dev) 321 322 static int bmc_get_device_id(struct ipmi_smi *intf, struct bmc_device *bmc, 323 struct ipmi_device_id *id, 324 bool *guid_set, guid_t *guid); 325 326 /* 327 * Various statistics for IPMI, these index stats[] in the ipmi_smi 328 * structure. 329 */ 330 enum ipmi_stat_indexes { 331 /* Commands we got from the user that were invalid. */ 332 IPMI_STAT_sent_invalid_commands = 0, 333 334 /* Commands we sent to the MC. */ 335 IPMI_STAT_sent_local_commands, 336 337 /* Responses from the MC that were delivered to a user. */ 338 IPMI_STAT_handled_local_responses, 339 340 /* Responses from the MC that were not delivered to a user. */ 341 IPMI_STAT_unhandled_local_responses, 342 343 /* Commands we sent out to the IPMB bus. */ 344 IPMI_STAT_sent_ipmb_commands, 345 346 /* Commands sent on the IPMB that had errors on the SEND CMD */ 347 IPMI_STAT_sent_ipmb_command_errs, 348 349 /* Each retransmit increments this count. */ 350 IPMI_STAT_retransmitted_ipmb_commands, 351 352 /* 353 * When a message times out (runs out of retransmits) this is 354 * incremented. 355 */ 356 IPMI_STAT_timed_out_ipmb_commands, 357 358 /* 359 * This is like above, but for broadcasts. Broadcasts are 360 * *not* included in the above count (they are expected to 361 * time out). 362 */ 363 IPMI_STAT_timed_out_ipmb_broadcasts, 364 365 /* Responses I have sent to the IPMB bus. */ 366 IPMI_STAT_sent_ipmb_responses, 367 368 /* The response was delivered to the user. */ 369 IPMI_STAT_handled_ipmb_responses, 370 371 /* The response had invalid data in it. */ 372 IPMI_STAT_invalid_ipmb_responses, 373 374 /* The response didn't have anyone waiting for it. */ 375 IPMI_STAT_unhandled_ipmb_responses, 376 377 /* Commands we sent out to the IPMB bus. */ 378 IPMI_STAT_sent_lan_commands, 379 380 /* Commands sent on the IPMB that had errors on the SEND CMD */ 381 IPMI_STAT_sent_lan_command_errs, 382 383 /* Each retransmit increments this count. */ 384 IPMI_STAT_retransmitted_lan_commands, 385 386 /* 387 * When a message times out (runs out of retransmits) this is 388 * incremented. 389 */ 390 IPMI_STAT_timed_out_lan_commands, 391 392 /* Responses I have sent to the IPMB bus. */ 393 IPMI_STAT_sent_lan_responses, 394 395 /* The response was delivered to the user. */ 396 IPMI_STAT_handled_lan_responses, 397 398 /* The response had invalid data in it. */ 399 IPMI_STAT_invalid_lan_responses, 400 401 /* The response didn't have anyone waiting for it. */ 402 IPMI_STAT_unhandled_lan_responses, 403 404 /* The command was delivered to the user. */ 405 IPMI_STAT_handled_commands, 406 407 /* The command had invalid data in it. */ 408 IPMI_STAT_invalid_commands, 409 410 /* The command didn't have anyone waiting for it. */ 411 IPMI_STAT_unhandled_commands, 412 413 /* Invalid data in an event. */ 414 IPMI_STAT_invalid_events, 415 416 /* Events that were received with the proper format. */ 417 IPMI_STAT_events, 418 419 /* Retransmissions on IPMB that failed. */ 420 IPMI_STAT_dropped_rexmit_ipmb_commands, 421 422 /* Retransmissions on LAN that failed. */ 423 IPMI_STAT_dropped_rexmit_lan_commands, 424 425 /* This *must* remain last, add new values above this. */ 426 IPMI_NUM_STATS 427 }; 428 429 430 #define IPMI_IPMB_NUM_SEQ 64 431 struct ipmi_smi { 432 struct module *owner; 433 434 /* What interface number are we? */ 435 int intf_num; 436 437 struct kref refcount; 438 439 /* Set when the interface is being unregistered. */ 440 bool in_shutdown; 441 442 /* Used for a list of interfaces. */ 443 struct list_head link; 444 445 /* 446 * The list of upper layers that are using me. seq_lock write 447 * protects this. Read protection is with srcu. 448 */ 449 struct list_head users; 450 struct srcu_struct users_srcu; 451 452 /* Used for wake ups at startup. */ 453 wait_queue_head_t waitq; 454 455 /* 456 * Prevents the interface from being unregistered when the 457 * interface is used by being looked up through the BMC 458 * structure. 459 */ 460 struct mutex bmc_reg_mutex; 461 462 struct bmc_device tmp_bmc; 463 struct bmc_device *bmc; 464 bool bmc_registered; 465 struct list_head bmc_link; 466 char *my_dev_name; 467 bool in_bmc_register; /* Handle recursive situations. Yuck. */ 468 struct work_struct bmc_reg_work; 469 470 const struct ipmi_smi_handlers *handlers; 471 void *send_info; 472 473 /* Driver-model device for the system interface. */ 474 struct device *si_dev; 475 476 /* 477 * A table of sequence numbers for this interface. We use the 478 * sequence numbers for IPMB messages that go out of the 479 * interface to match them up with their responses. A routine 480 * is called periodically to time the items in this list. 481 */ 482 spinlock_t seq_lock; 483 struct seq_table seq_table[IPMI_IPMB_NUM_SEQ]; 484 int curr_seq; 485 486 /* 487 * Messages queued for delivery. If delivery fails (out of memory 488 * for instance), They will stay in here to be processed later in a 489 * periodic timer interrupt. The tasklet is for handling received 490 * messages directly from the handler. 491 */ 492 spinlock_t waiting_rcv_msgs_lock; 493 struct list_head waiting_rcv_msgs; 494 atomic_t watchdog_pretimeouts_to_deliver; 495 struct tasklet_struct recv_tasklet; 496 497 spinlock_t xmit_msgs_lock; 498 struct list_head xmit_msgs; 499 struct ipmi_smi_msg *curr_msg; 500 struct list_head hp_xmit_msgs; 501 502 /* 503 * The list of command receivers that are registered for commands 504 * on this interface. 505 */ 506 struct mutex cmd_rcvrs_mutex; 507 struct list_head cmd_rcvrs; 508 509 /* 510 * Events that were queues because no one was there to receive 511 * them. 512 */ 513 spinlock_t events_lock; /* For dealing with event stuff. */ 514 struct list_head waiting_events; 515 unsigned int waiting_events_count; /* How many events in queue? */ 516 char delivering_events; 517 char event_msg_printed; 518 519 /* How many users are waiting for events? */ 520 atomic_t event_waiters; 521 unsigned int ticks_to_req_ev; 522 523 spinlock_t watch_lock; /* For dealing with watch stuff below. */ 524 525 /* How many users are waiting for commands? */ 526 unsigned int command_waiters; 527 528 /* How many users are waiting for watchdogs? */ 529 unsigned int watchdog_waiters; 530 531 /* How many users are waiting for message responses? */ 532 unsigned int response_waiters; 533 534 /* 535 * Tells what the lower layer has last been asked to watch for, 536 * messages and/or watchdogs. Protected by watch_lock. 537 */ 538 unsigned int last_watch_mask; 539 540 /* 541 * The event receiver for my BMC, only really used at panic 542 * shutdown as a place to store this. 543 */ 544 unsigned char event_receiver; 545 unsigned char event_receiver_lun; 546 unsigned char local_sel_device; 547 unsigned char local_event_generator; 548 549 /* For handling of maintenance mode. */ 550 int maintenance_mode; 551 bool maintenance_mode_enable; 552 int auto_maintenance_timeout; 553 spinlock_t maintenance_mode_lock; /* Used in a timer... */ 554 555 /* 556 * If we are doing maintenance on something on IPMB, extend 557 * the timeout time to avoid timeouts writing firmware and 558 * such. 559 */ 560 int ipmb_maintenance_mode_timeout; 561 562 /* 563 * A cheap hack, if this is non-null and a message to an 564 * interface comes in with a NULL user, call this routine with 565 * it. Note that the message will still be freed by the 566 * caller. This only works on the system interface. 567 * 568 * Protected by bmc_reg_mutex. 569 */ 570 void (*null_user_handler)(struct ipmi_smi *intf, 571 struct ipmi_recv_msg *msg); 572 573 /* 574 * When we are scanning the channels for an SMI, this will 575 * tell which channel we are scanning. 576 */ 577 int curr_channel; 578 579 /* Channel information */ 580 struct ipmi_channel_set *channel_list; 581 unsigned int curr_working_cset; /* First index into the following. */ 582 struct ipmi_channel_set wchannels[2]; 583 struct ipmi_my_addrinfo addrinfo[IPMI_MAX_CHANNELS]; 584 bool channels_ready; 585 586 atomic_t stats[IPMI_NUM_STATS]; 587 588 /* 589 * run_to_completion duplicate of smb_info, smi_info 590 * and ipmi_serial_info structures. Used to decrease numbers of 591 * parameters passed by "low" level IPMI code. 592 */ 593 int run_to_completion; 594 }; 595 #define to_si_intf_from_dev(device) container_of(device, struct ipmi_smi, dev) 596 597 static void __get_guid(struct ipmi_smi *intf); 598 static void __ipmi_bmc_unregister(struct ipmi_smi *intf); 599 static int __ipmi_bmc_register(struct ipmi_smi *intf, 600 struct ipmi_device_id *id, 601 bool guid_set, guid_t *guid, int intf_num); 602 static int __scan_channels(struct ipmi_smi *intf, struct ipmi_device_id *id); 603 604 605 /** 606 * The driver model view of the IPMI messaging driver. 607 */ 608 static struct platform_driver ipmidriver = { 609 .driver = { 610 .name = "ipmi", 611 .bus = &platform_bus_type 612 } 613 }; 614 /* 615 * This mutex keeps us from adding the same BMC twice. 616 */ 617 static DEFINE_MUTEX(ipmidriver_mutex); 618 619 static LIST_HEAD(ipmi_interfaces); 620 static DEFINE_MUTEX(ipmi_interfaces_mutex); 621 #define ipmi_interfaces_mutex_held() \ 622 lockdep_is_held(&ipmi_interfaces_mutex) 623 static struct srcu_struct ipmi_interfaces_srcu; 624 625 /* 626 * List of watchers that want to know when smi's are added and deleted. 627 */ 628 static LIST_HEAD(smi_watchers); 629 static DEFINE_MUTEX(smi_watchers_mutex); 630 631 #define ipmi_inc_stat(intf, stat) \ 632 atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat]) 633 #define ipmi_get_stat(intf, stat) \ 634 ((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat])) 635 636 static const char * const addr_src_to_str[] = { 637 "invalid", "hotmod", "hardcoded", "SPMI", "ACPI", "SMBIOS", "PCI", 638 "device-tree", "platform" 639 }; 640 641 const char *ipmi_addr_src_to_str(enum ipmi_addr_src src) 642 { 643 if (src >= SI_LAST) 644 src = 0; /* Invalid */ 645 return addr_src_to_str[src]; 646 } 647 EXPORT_SYMBOL(ipmi_addr_src_to_str); 648 649 static int is_lan_addr(struct ipmi_addr *addr) 650 { 651 return addr->addr_type == IPMI_LAN_ADDR_TYPE; 652 } 653 654 static int is_ipmb_addr(struct ipmi_addr *addr) 655 { 656 return addr->addr_type == IPMI_IPMB_ADDR_TYPE; 657 } 658 659 static int is_ipmb_bcast_addr(struct ipmi_addr *addr) 660 { 661 return addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE; 662 } 663 664 static void free_recv_msg_list(struct list_head *q) 665 { 666 struct ipmi_recv_msg *msg, *msg2; 667 668 list_for_each_entry_safe(msg, msg2, q, link) { 669 list_del(&msg->link); 670 ipmi_free_recv_msg(msg); 671 } 672 } 673 674 static void free_smi_msg_list(struct list_head *q) 675 { 676 struct ipmi_smi_msg *msg, *msg2; 677 678 list_for_each_entry_safe(msg, msg2, q, link) { 679 list_del(&msg->link); 680 ipmi_free_smi_msg(msg); 681 } 682 } 683 684 static void clean_up_interface_data(struct ipmi_smi *intf) 685 { 686 int i; 687 struct cmd_rcvr *rcvr, *rcvr2; 688 struct list_head list; 689 690 tasklet_kill(&intf->recv_tasklet); 691 692 free_smi_msg_list(&intf->waiting_rcv_msgs); 693 free_recv_msg_list(&intf->waiting_events); 694 695 /* 696 * Wholesale remove all the entries from the list in the 697 * interface and wait for RCU to know that none are in use. 698 */ 699 mutex_lock(&intf->cmd_rcvrs_mutex); 700 INIT_LIST_HEAD(&list); 701 list_splice_init_rcu(&intf->cmd_rcvrs, &list, synchronize_rcu); 702 mutex_unlock(&intf->cmd_rcvrs_mutex); 703 704 list_for_each_entry_safe(rcvr, rcvr2, &list, link) 705 kfree(rcvr); 706 707 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) { 708 if ((intf->seq_table[i].inuse) 709 && (intf->seq_table[i].recv_msg)) 710 ipmi_free_recv_msg(intf->seq_table[i].recv_msg); 711 } 712 } 713 714 static void intf_free(struct kref *ref) 715 { 716 struct ipmi_smi *intf = container_of(ref, struct ipmi_smi, refcount); 717 718 clean_up_interface_data(intf); 719 kfree(intf); 720 } 721 722 struct watcher_entry { 723 int intf_num; 724 struct ipmi_smi *intf; 725 struct list_head link; 726 }; 727 728 int ipmi_smi_watcher_register(struct ipmi_smi_watcher *watcher) 729 { 730 struct ipmi_smi *intf; 731 int index, rv; 732 733 /* 734 * Make sure the driver is actually initialized, this handles 735 * problems with initialization order. 736 */ 737 rv = ipmi_init_msghandler(); 738 if (rv) 739 return rv; 740 741 mutex_lock(&smi_watchers_mutex); 742 743 list_add(&watcher->link, &smi_watchers); 744 745 index = srcu_read_lock(&ipmi_interfaces_srcu); 746 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 747 int intf_num = READ_ONCE(intf->intf_num); 748 749 if (intf_num == -1) 750 continue; 751 watcher->new_smi(intf_num, intf->si_dev); 752 } 753 srcu_read_unlock(&ipmi_interfaces_srcu, index); 754 755 mutex_unlock(&smi_watchers_mutex); 756 757 return 0; 758 } 759 EXPORT_SYMBOL(ipmi_smi_watcher_register); 760 761 int ipmi_smi_watcher_unregister(struct ipmi_smi_watcher *watcher) 762 { 763 mutex_lock(&smi_watchers_mutex); 764 list_del(&watcher->link); 765 mutex_unlock(&smi_watchers_mutex); 766 return 0; 767 } 768 EXPORT_SYMBOL(ipmi_smi_watcher_unregister); 769 770 /* 771 * Must be called with smi_watchers_mutex held. 772 */ 773 static void 774 call_smi_watchers(int i, struct device *dev) 775 { 776 struct ipmi_smi_watcher *w; 777 778 mutex_lock(&smi_watchers_mutex); 779 list_for_each_entry(w, &smi_watchers, link) { 780 if (try_module_get(w->owner)) { 781 w->new_smi(i, dev); 782 module_put(w->owner); 783 } 784 } 785 mutex_unlock(&smi_watchers_mutex); 786 } 787 788 static int 789 ipmi_addr_equal(struct ipmi_addr *addr1, struct ipmi_addr *addr2) 790 { 791 if (addr1->addr_type != addr2->addr_type) 792 return 0; 793 794 if (addr1->channel != addr2->channel) 795 return 0; 796 797 if (addr1->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) { 798 struct ipmi_system_interface_addr *smi_addr1 799 = (struct ipmi_system_interface_addr *) addr1; 800 struct ipmi_system_interface_addr *smi_addr2 801 = (struct ipmi_system_interface_addr *) addr2; 802 return (smi_addr1->lun == smi_addr2->lun); 803 } 804 805 if (is_ipmb_addr(addr1) || is_ipmb_bcast_addr(addr1)) { 806 struct ipmi_ipmb_addr *ipmb_addr1 807 = (struct ipmi_ipmb_addr *) addr1; 808 struct ipmi_ipmb_addr *ipmb_addr2 809 = (struct ipmi_ipmb_addr *) addr2; 810 811 return ((ipmb_addr1->slave_addr == ipmb_addr2->slave_addr) 812 && (ipmb_addr1->lun == ipmb_addr2->lun)); 813 } 814 815 if (is_lan_addr(addr1)) { 816 struct ipmi_lan_addr *lan_addr1 817 = (struct ipmi_lan_addr *) addr1; 818 struct ipmi_lan_addr *lan_addr2 819 = (struct ipmi_lan_addr *) addr2; 820 821 return ((lan_addr1->remote_SWID == lan_addr2->remote_SWID) 822 && (lan_addr1->local_SWID == lan_addr2->local_SWID) 823 && (lan_addr1->session_handle 824 == lan_addr2->session_handle) 825 && (lan_addr1->lun == lan_addr2->lun)); 826 } 827 828 return 1; 829 } 830 831 int ipmi_validate_addr(struct ipmi_addr *addr, int len) 832 { 833 if (len < sizeof(struct ipmi_system_interface_addr)) 834 return -EINVAL; 835 836 if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) { 837 if (addr->channel != IPMI_BMC_CHANNEL) 838 return -EINVAL; 839 return 0; 840 } 841 842 if ((addr->channel == IPMI_BMC_CHANNEL) 843 || (addr->channel >= IPMI_MAX_CHANNELS) 844 || (addr->channel < 0)) 845 return -EINVAL; 846 847 if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) { 848 if (len < sizeof(struct ipmi_ipmb_addr)) 849 return -EINVAL; 850 return 0; 851 } 852 853 if (is_lan_addr(addr)) { 854 if (len < sizeof(struct ipmi_lan_addr)) 855 return -EINVAL; 856 return 0; 857 } 858 859 return -EINVAL; 860 } 861 EXPORT_SYMBOL(ipmi_validate_addr); 862 863 unsigned int ipmi_addr_length(int addr_type) 864 { 865 if (addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 866 return sizeof(struct ipmi_system_interface_addr); 867 868 if ((addr_type == IPMI_IPMB_ADDR_TYPE) 869 || (addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)) 870 return sizeof(struct ipmi_ipmb_addr); 871 872 if (addr_type == IPMI_LAN_ADDR_TYPE) 873 return sizeof(struct ipmi_lan_addr); 874 875 return 0; 876 } 877 EXPORT_SYMBOL(ipmi_addr_length); 878 879 static int deliver_response(struct ipmi_smi *intf, struct ipmi_recv_msg *msg) 880 { 881 int rv = 0; 882 883 if (!msg->user) { 884 /* Special handling for NULL users. */ 885 if (intf->null_user_handler) { 886 intf->null_user_handler(intf, msg); 887 } else { 888 /* No handler, so give up. */ 889 rv = -EINVAL; 890 } 891 ipmi_free_recv_msg(msg); 892 } else if (oops_in_progress) { 893 /* 894 * If we are running in the panic context, calling the 895 * receive handler doesn't much meaning and has a deadlock 896 * risk. At this moment, simply skip it in that case. 897 */ 898 ipmi_free_recv_msg(msg); 899 } else { 900 int index; 901 struct ipmi_user *user = acquire_ipmi_user(msg->user, &index); 902 903 if (user) { 904 user->handler->ipmi_recv_hndl(msg, user->handler_data); 905 release_ipmi_user(user, index); 906 } else { 907 /* User went away, give up. */ 908 ipmi_free_recv_msg(msg); 909 rv = -EINVAL; 910 } 911 } 912 913 return rv; 914 } 915 916 static void deliver_local_response(struct ipmi_smi *intf, 917 struct ipmi_recv_msg *msg) 918 { 919 if (deliver_response(intf, msg)) 920 ipmi_inc_stat(intf, unhandled_local_responses); 921 else 922 ipmi_inc_stat(intf, handled_local_responses); 923 } 924 925 static void deliver_err_response(struct ipmi_smi *intf, 926 struct ipmi_recv_msg *msg, int err) 927 { 928 msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 929 msg->msg_data[0] = err; 930 msg->msg.netfn |= 1; /* Convert to a response. */ 931 msg->msg.data_len = 1; 932 msg->msg.data = msg->msg_data; 933 deliver_local_response(intf, msg); 934 } 935 936 static void smi_add_watch(struct ipmi_smi *intf, unsigned int flags) 937 { 938 unsigned long iflags; 939 940 if (!intf->handlers->set_need_watch) 941 return; 942 943 spin_lock_irqsave(&intf->watch_lock, iflags); 944 if (flags & IPMI_WATCH_MASK_CHECK_MESSAGES) 945 intf->response_waiters++; 946 947 if (flags & IPMI_WATCH_MASK_CHECK_WATCHDOG) 948 intf->watchdog_waiters++; 949 950 if (flags & IPMI_WATCH_MASK_CHECK_COMMANDS) 951 intf->command_waiters++; 952 953 if ((intf->last_watch_mask & flags) != flags) { 954 intf->last_watch_mask |= flags; 955 intf->handlers->set_need_watch(intf->send_info, 956 intf->last_watch_mask); 957 } 958 spin_unlock_irqrestore(&intf->watch_lock, iflags); 959 } 960 961 static void smi_remove_watch(struct ipmi_smi *intf, unsigned int flags) 962 { 963 unsigned long iflags; 964 965 if (!intf->handlers->set_need_watch) 966 return; 967 968 spin_lock_irqsave(&intf->watch_lock, iflags); 969 if (flags & IPMI_WATCH_MASK_CHECK_MESSAGES) 970 intf->response_waiters--; 971 972 if (flags & IPMI_WATCH_MASK_CHECK_WATCHDOG) 973 intf->watchdog_waiters--; 974 975 if (flags & IPMI_WATCH_MASK_CHECK_COMMANDS) 976 intf->command_waiters--; 977 978 flags = 0; 979 if (intf->response_waiters) 980 flags |= IPMI_WATCH_MASK_CHECK_MESSAGES; 981 if (intf->watchdog_waiters) 982 flags |= IPMI_WATCH_MASK_CHECK_WATCHDOG; 983 if (intf->command_waiters) 984 flags |= IPMI_WATCH_MASK_CHECK_COMMANDS; 985 986 if (intf->last_watch_mask != flags) { 987 intf->last_watch_mask = flags; 988 intf->handlers->set_need_watch(intf->send_info, 989 intf->last_watch_mask); 990 } 991 spin_unlock_irqrestore(&intf->watch_lock, iflags); 992 } 993 994 /* 995 * Find the next sequence number not being used and add the given 996 * message with the given timeout to the sequence table. This must be 997 * called with the interface's seq_lock held. 998 */ 999 static int intf_next_seq(struct ipmi_smi *intf, 1000 struct ipmi_recv_msg *recv_msg, 1001 unsigned long timeout, 1002 int retries, 1003 int broadcast, 1004 unsigned char *seq, 1005 long *seqid) 1006 { 1007 int rv = 0; 1008 unsigned int i; 1009 1010 if (timeout == 0) 1011 timeout = default_retry_ms; 1012 if (retries < 0) 1013 retries = default_max_retries; 1014 1015 for (i = intf->curr_seq; (i+1)%IPMI_IPMB_NUM_SEQ != intf->curr_seq; 1016 i = (i+1)%IPMI_IPMB_NUM_SEQ) { 1017 if (!intf->seq_table[i].inuse) 1018 break; 1019 } 1020 1021 if (!intf->seq_table[i].inuse) { 1022 intf->seq_table[i].recv_msg = recv_msg; 1023 1024 /* 1025 * Start with the maximum timeout, when the send response 1026 * comes in we will start the real timer. 1027 */ 1028 intf->seq_table[i].timeout = MAX_MSG_TIMEOUT; 1029 intf->seq_table[i].orig_timeout = timeout; 1030 intf->seq_table[i].retries_left = retries; 1031 intf->seq_table[i].broadcast = broadcast; 1032 intf->seq_table[i].inuse = 1; 1033 intf->seq_table[i].seqid = NEXT_SEQID(intf->seq_table[i].seqid); 1034 *seq = i; 1035 *seqid = intf->seq_table[i].seqid; 1036 intf->curr_seq = (i+1)%IPMI_IPMB_NUM_SEQ; 1037 smi_add_watch(intf, IPMI_WATCH_MASK_CHECK_MESSAGES); 1038 need_waiter(intf); 1039 } else { 1040 rv = -EAGAIN; 1041 } 1042 1043 return rv; 1044 } 1045 1046 /* 1047 * Return the receive message for the given sequence number and 1048 * release the sequence number so it can be reused. Some other data 1049 * is passed in to be sure the message matches up correctly (to help 1050 * guard against message coming in after their timeout and the 1051 * sequence number being reused). 1052 */ 1053 static int intf_find_seq(struct ipmi_smi *intf, 1054 unsigned char seq, 1055 short channel, 1056 unsigned char cmd, 1057 unsigned char netfn, 1058 struct ipmi_addr *addr, 1059 struct ipmi_recv_msg **recv_msg) 1060 { 1061 int rv = -ENODEV; 1062 unsigned long flags; 1063 1064 if (seq >= IPMI_IPMB_NUM_SEQ) 1065 return -EINVAL; 1066 1067 spin_lock_irqsave(&intf->seq_lock, flags); 1068 if (intf->seq_table[seq].inuse) { 1069 struct ipmi_recv_msg *msg = intf->seq_table[seq].recv_msg; 1070 1071 if ((msg->addr.channel == channel) && (msg->msg.cmd == cmd) 1072 && (msg->msg.netfn == netfn) 1073 && (ipmi_addr_equal(addr, &msg->addr))) { 1074 *recv_msg = msg; 1075 intf->seq_table[seq].inuse = 0; 1076 smi_remove_watch(intf, IPMI_WATCH_MASK_CHECK_MESSAGES); 1077 rv = 0; 1078 } 1079 } 1080 spin_unlock_irqrestore(&intf->seq_lock, flags); 1081 1082 return rv; 1083 } 1084 1085 1086 /* Start the timer for a specific sequence table entry. */ 1087 static int intf_start_seq_timer(struct ipmi_smi *intf, 1088 long msgid) 1089 { 1090 int rv = -ENODEV; 1091 unsigned long flags; 1092 unsigned char seq; 1093 unsigned long seqid; 1094 1095 1096 GET_SEQ_FROM_MSGID(msgid, seq, seqid); 1097 1098 spin_lock_irqsave(&intf->seq_lock, flags); 1099 /* 1100 * We do this verification because the user can be deleted 1101 * while a message is outstanding. 1102 */ 1103 if ((intf->seq_table[seq].inuse) 1104 && (intf->seq_table[seq].seqid == seqid)) { 1105 struct seq_table *ent = &intf->seq_table[seq]; 1106 ent->timeout = ent->orig_timeout; 1107 rv = 0; 1108 } 1109 spin_unlock_irqrestore(&intf->seq_lock, flags); 1110 1111 return rv; 1112 } 1113 1114 /* Got an error for the send message for a specific sequence number. */ 1115 static int intf_err_seq(struct ipmi_smi *intf, 1116 long msgid, 1117 unsigned int err) 1118 { 1119 int rv = -ENODEV; 1120 unsigned long flags; 1121 unsigned char seq; 1122 unsigned long seqid; 1123 struct ipmi_recv_msg *msg = NULL; 1124 1125 1126 GET_SEQ_FROM_MSGID(msgid, seq, seqid); 1127 1128 spin_lock_irqsave(&intf->seq_lock, flags); 1129 /* 1130 * We do this verification because the user can be deleted 1131 * while a message is outstanding. 1132 */ 1133 if ((intf->seq_table[seq].inuse) 1134 && (intf->seq_table[seq].seqid == seqid)) { 1135 struct seq_table *ent = &intf->seq_table[seq]; 1136 1137 ent->inuse = 0; 1138 smi_remove_watch(intf, IPMI_WATCH_MASK_CHECK_MESSAGES); 1139 msg = ent->recv_msg; 1140 rv = 0; 1141 } 1142 spin_unlock_irqrestore(&intf->seq_lock, flags); 1143 1144 if (msg) 1145 deliver_err_response(intf, msg, err); 1146 1147 return rv; 1148 } 1149 1150 static void free_user_work(struct work_struct *work) 1151 { 1152 struct ipmi_user *user = container_of(work, struct ipmi_user, 1153 remove_work); 1154 1155 cleanup_srcu_struct(&user->release_barrier); 1156 kfree(user); 1157 } 1158 1159 int ipmi_create_user(unsigned int if_num, 1160 const struct ipmi_user_hndl *handler, 1161 void *handler_data, 1162 struct ipmi_user **user) 1163 { 1164 unsigned long flags; 1165 struct ipmi_user *new_user; 1166 int rv, index; 1167 struct ipmi_smi *intf; 1168 1169 /* 1170 * There is no module usecount here, because it's not 1171 * required. Since this can only be used by and called from 1172 * other modules, they will implicitly use this module, and 1173 * thus this can't be removed unless the other modules are 1174 * removed. 1175 */ 1176 1177 if (handler == NULL) 1178 return -EINVAL; 1179 1180 /* 1181 * Make sure the driver is actually initialized, this handles 1182 * problems with initialization order. 1183 */ 1184 rv = ipmi_init_msghandler(); 1185 if (rv) 1186 return rv; 1187 1188 new_user = kmalloc(sizeof(*new_user), GFP_KERNEL); 1189 if (!new_user) 1190 return -ENOMEM; 1191 1192 index = srcu_read_lock(&ipmi_interfaces_srcu); 1193 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 1194 if (intf->intf_num == if_num) 1195 goto found; 1196 } 1197 /* Not found, return an error */ 1198 rv = -EINVAL; 1199 goto out_kfree; 1200 1201 found: 1202 INIT_WORK(&new_user->remove_work, free_user_work); 1203 1204 rv = init_srcu_struct(&new_user->release_barrier); 1205 if (rv) 1206 goto out_kfree; 1207 1208 if (!try_module_get(intf->owner)) { 1209 rv = -ENODEV; 1210 goto out_kfree; 1211 } 1212 1213 /* Note that each existing user holds a refcount to the interface. */ 1214 kref_get(&intf->refcount); 1215 1216 kref_init(&new_user->refcount); 1217 new_user->handler = handler; 1218 new_user->handler_data = handler_data; 1219 new_user->intf = intf; 1220 new_user->gets_events = false; 1221 1222 rcu_assign_pointer(new_user->self, new_user); 1223 spin_lock_irqsave(&intf->seq_lock, flags); 1224 list_add_rcu(&new_user->link, &intf->users); 1225 spin_unlock_irqrestore(&intf->seq_lock, flags); 1226 if (handler->ipmi_watchdog_pretimeout) 1227 /* User wants pretimeouts, so make sure to watch for them. */ 1228 smi_add_watch(intf, IPMI_WATCH_MASK_CHECK_WATCHDOG); 1229 srcu_read_unlock(&ipmi_interfaces_srcu, index); 1230 *user = new_user; 1231 return 0; 1232 1233 out_kfree: 1234 srcu_read_unlock(&ipmi_interfaces_srcu, index); 1235 kfree(new_user); 1236 return rv; 1237 } 1238 EXPORT_SYMBOL(ipmi_create_user); 1239 1240 int ipmi_get_smi_info(int if_num, struct ipmi_smi_info *data) 1241 { 1242 int rv, index; 1243 struct ipmi_smi *intf; 1244 1245 index = srcu_read_lock(&ipmi_interfaces_srcu); 1246 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 1247 if (intf->intf_num == if_num) 1248 goto found; 1249 } 1250 srcu_read_unlock(&ipmi_interfaces_srcu, index); 1251 1252 /* Not found, return an error */ 1253 return -EINVAL; 1254 1255 found: 1256 if (!intf->handlers->get_smi_info) 1257 rv = -ENOTTY; 1258 else 1259 rv = intf->handlers->get_smi_info(intf->send_info, data); 1260 srcu_read_unlock(&ipmi_interfaces_srcu, index); 1261 1262 return rv; 1263 } 1264 EXPORT_SYMBOL(ipmi_get_smi_info); 1265 1266 static void free_user(struct kref *ref) 1267 { 1268 struct ipmi_user *user = container_of(ref, struct ipmi_user, refcount); 1269 1270 /* SRCU cleanup must happen in task context. */ 1271 schedule_work(&user->remove_work); 1272 } 1273 1274 static void _ipmi_destroy_user(struct ipmi_user *user) 1275 { 1276 struct ipmi_smi *intf = user->intf; 1277 int i; 1278 unsigned long flags; 1279 struct cmd_rcvr *rcvr; 1280 struct cmd_rcvr *rcvrs = NULL; 1281 1282 if (!acquire_ipmi_user(user, &i)) { 1283 /* 1284 * The user has already been cleaned up, just make sure 1285 * nothing is using it and return. 1286 */ 1287 synchronize_srcu(&user->release_barrier); 1288 return; 1289 } 1290 1291 rcu_assign_pointer(user->self, NULL); 1292 release_ipmi_user(user, i); 1293 1294 synchronize_srcu(&user->release_barrier); 1295 1296 if (user->handler->shutdown) 1297 user->handler->shutdown(user->handler_data); 1298 1299 if (user->handler->ipmi_watchdog_pretimeout) 1300 smi_remove_watch(intf, IPMI_WATCH_MASK_CHECK_WATCHDOG); 1301 1302 if (user->gets_events) 1303 atomic_dec(&intf->event_waiters); 1304 1305 /* Remove the user from the interface's sequence table. */ 1306 spin_lock_irqsave(&intf->seq_lock, flags); 1307 list_del_rcu(&user->link); 1308 1309 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) { 1310 if (intf->seq_table[i].inuse 1311 && (intf->seq_table[i].recv_msg->user == user)) { 1312 intf->seq_table[i].inuse = 0; 1313 smi_remove_watch(intf, IPMI_WATCH_MASK_CHECK_MESSAGES); 1314 ipmi_free_recv_msg(intf->seq_table[i].recv_msg); 1315 } 1316 } 1317 spin_unlock_irqrestore(&intf->seq_lock, flags); 1318 1319 /* 1320 * Remove the user from the command receiver's table. First 1321 * we build a list of everything (not using the standard link, 1322 * since other things may be using it till we do 1323 * synchronize_srcu()) then free everything in that list. 1324 */ 1325 mutex_lock(&intf->cmd_rcvrs_mutex); 1326 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link, 1327 lockdep_is_held(&intf->cmd_rcvrs_mutex)) { 1328 if (rcvr->user == user) { 1329 list_del_rcu(&rcvr->link); 1330 rcvr->next = rcvrs; 1331 rcvrs = rcvr; 1332 } 1333 } 1334 mutex_unlock(&intf->cmd_rcvrs_mutex); 1335 synchronize_rcu(); 1336 while (rcvrs) { 1337 rcvr = rcvrs; 1338 rcvrs = rcvr->next; 1339 kfree(rcvr); 1340 } 1341 1342 kref_put(&intf->refcount, intf_free); 1343 module_put(intf->owner); 1344 } 1345 1346 int ipmi_destroy_user(struct ipmi_user *user) 1347 { 1348 _ipmi_destroy_user(user); 1349 1350 kref_put(&user->refcount, free_user); 1351 1352 return 0; 1353 } 1354 EXPORT_SYMBOL(ipmi_destroy_user); 1355 1356 int ipmi_get_version(struct ipmi_user *user, 1357 unsigned char *major, 1358 unsigned char *minor) 1359 { 1360 struct ipmi_device_id id; 1361 int rv, index; 1362 1363 user = acquire_ipmi_user(user, &index); 1364 if (!user) 1365 return -ENODEV; 1366 1367 rv = bmc_get_device_id(user->intf, NULL, &id, NULL, NULL); 1368 if (!rv) { 1369 *major = ipmi_version_major(&id); 1370 *minor = ipmi_version_minor(&id); 1371 } 1372 release_ipmi_user(user, index); 1373 1374 return rv; 1375 } 1376 EXPORT_SYMBOL(ipmi_get_version); 1377 1378 int ipmi_set_my_address(struct ipmi_user *user, 1379 unsigned int channel, 1380 unsigned char address) 1381 { 1382 int index, rv = 0; 1383 1384 user = acquire_ipmi_user(user, &index); 1385 if (!user) 1386 return -ENODEV; 1387 1388 if (channel >= IPMI_MAX_CHANNELS) { 1389 rv = -EINVAL; 1390 } else { 1391 channel = array_index_nospec(channel, IPMI_MAX_CHANNELS); 1392 user->intf->addrinfo[channel].address = address; 1393 } 1394 release_ipmi_user(user, index); 1395 1396 return rv; 1397 } 1398 EXPORT_SYMBOL(ipmi_set_my_address); 1399 1400 int ipmi_get_my_address(struct ipmi_user *user, 1401 unsigned int channel, 1402 unsigned char *address) 1403 { 1404 int index, rv = 0; 1405 1406 user = acquire_ipmi_user(user, &index); 1407 if (!user) 1408 return -ENODEV; 1409 1410 if (channel >= IPMI_MAX_CHANNELS) { 1411 rv = -EINVAL; 1412 } else { 1413 channel = array_index_nospec(channel, IPMI_MAX_CHANNELS); 1414 *address = user->intf->addrinfo[channel].address; 1415 } 1416 release_ipmi_user(user, index); 1417 1418 return rv; 1419 } 1420 EXPORT_SYMBOL(ipmi_get_my_address); 1421 1422 int ipmi_set_my_LUN(struct ipmi_user *user, 1423 unsigned int channel, 1424 unsigned char LUN) 1425 { 1426 int index, rv = 0; 1427 1428 user = acquire_ipmi_user(user, &index); 1429 if (!user) 1430 return -ENODEV; 1431 1432 if (channel >= IPMI_MAX_CHANNELS) { 1433 rv = -EINVAL; 1434 } else { 1435 channel = array_index_nospec(channel, IPMI_MAX_CHANNELS); 1436 user->intf->addrinfo[channel].lun = LUN & 0x3; 1437 } 1438 release_ipmi_user(user, index); 1439 1440 return rv; 1441 } 1442 EXPORT_SYMBOL(ipmi_set_my_LUN); 1443 1444 int ipmi_get_my_LUN(struct ipmi_user *user, 1445 unsigned int channel, 1446 unsigned char *address) 1447 { 1448 int index, rv = 0; 1449 1450 user = acquire_ipmi_user(user, &index); 1451 if (!user) 1452 return -ENODEV; 1453 1454 if (channel >= IPMI_MAX_CHANNELS) { 1455 rv = -EINVAL; 1456 } else { 1457 channel = array_index_nospec(channel, IPMI_MAX_CHANNELS); 1458 *address = user->intf->addrinfo[channel].lun; 1459 } 1460 release_ipmi_user(user, index); 1461 1462 return rv; 1463 } 1464 EXPORT_SYMBOL(ipmi_get_my_LUN); 1465 1466 int ipmi_get_maintenance_mode(struct ipmi_user *user) 1467 { 1468 int mode, index; 1469 unsigned long flags; 1470 1471 user = acquire_ipmi_user(user, &index); 1472 if (!user) 1473 return -ENODEV; 1474 1475 spin_lock_irqsave(&user->intf->maintenance_mode_lock, flags); 1476 mode = user->intf->maintenance_mode; 1477 spin_unlock_irqrestore(&user->intf->maintenance_mode_lock, flags); 1478 release_ipmi_user(user, index); 1479 1480 return mode; 1481 } 1482 EXPORT_SYMBOL(ipmi_get_maintenance_mode); 1483 1484 static void maintenance_mode_update(struct ipmi_smi *intf) 1485 { 1486 if (intf->handlers->set_maintenance_mode) 1487 intf->handlers->set_maintenance_mode( 1488 intf->send_info, intf->maintenance_mode_enable); 1489 } 1490 1491 int ipmi_set_maintenance_mode(struct ipmi_user *user, int mode) 1492 { 1493 int rv = 0, index; 1494 unsigned long flags; 1495 struct ipmi_smi *intf = user->intf; 1496 1497 user = acquire_ipmi_user(user, &index); 1498 if (!user) 1499 return -ENODEV; 1500 1501 spin_lock_irqsave(&intf->maintenance_mode_lock, flags); 1502 if (intf->maintenance_mode != mode) { 1503 switch (mode) { 1504 case IPMI_MAINTENANCE_MODE_AUTO: 1505 intf->maintenance_mode_enable 1506 = (intf->auto_maintenance_timeout > 0); 1507 break; 1508 1509 case IPMI_MAINTENANCE_MODE_OFF: 1510 intf->maintenance_mode_enable = false; 1511 break; 1512 1513 case IPMI_MAINTENANCE_MODE_ON: 1514 intf->maintenance_mode_enable = true; 1515 break; 1516 1517 default: 1518 rv = -EINVAL; 1519 goto out_unlock; 1520 } 1521 intf->maintenance_mode = mode; 1522 1523 maintenance_mode_update(intf); 1524 } 1525 out_unlock: 1526 spin_unlock_irqrestore(&intf->maintenance_mode_lock, flags); 1527 release_ipmi_user(user, index); 1528 1529 return rv; 1530 } 1531 EXPORT_SYMBOL(ipmi_set_maintenance_mode); 1532 1533 int ipmi_set_gets_events(struct ipmi_user *user, bool val) 1534 { 1535 unsigned long flags; 1536 struct ipmi_smi *intf = user->intf; 1537 struct ipmi_recv_msg *msg, *msg2; 1538 struct list_head msgs; 1539 int index; 1540 1541 user = acquire_ipmi_user(user, &index); 1542 if (!user) 1543 return -ENODEV; 1544 1545 INIT_LIST_HEAD(&msgs); 1546 1547 spin_lock_irqsave(&intf->events_lock, flags); 1548 if (user->gets_events == val) 1549 goto out; 1550 1551 user->gets_events = val; 1552 1553 if (val) { 1554 if (atomic_inc_return(&intf->event_waiters) == 1) 1555 need_waiter(intf); 1556 } else { 1557 atomic_dec(&intf->event_waiters); 1558 } 1559 1560 if (intf->delivering_events) 1561 /* 1562 * Another thread is delivering events for this, so 1563 * let it handle any new events. 1564 */ 1565 goto out; 1566 1567 /* Deliver any queued events. */ 1568 while (user->gets_events && !list_empty(&intf->waiting_events)) { 1569 list_for_each_entry_safe(msg, msg2, &intf->waiting_events, link) 1570 list_move_tail(&msg->link, &msgs); 1571 intf->waiting_events_count = 0; 1572 if (intf->event_msg_printed) { 1573 dev_warn(intf->si_dev, "Event queue no longer full\n"); 1574 intf->event_msg_printed = 0; 1575 } 1576 1577 intf->delivering_events = 1; 1578 spin_unlock_irqrestore(&intf->events_lock, flags); 1579 1580 list_for_each_entry_safe(msg, msg2, &msgs, link) { 1581 msg->user = user; 1582 kref_get(&user->refcount); 1583 deliver_local_response(intf, msg); 1584 } 1585 1586 spin_lock_irqsave(&intf->events_lock, flags); 1587 intf->delivering_events = 0; 1588 } 1589 1590 out: 1591 spin_unlock_irqrestore(&intf->events_lock, flags); 1592 release_ipmi_user(user, index); 1593 1594 return 0; 1595 } 1596 EXPORT_SYMBOL(ipmi_set_gets_events); 1597 1598 static struct cmd_rcvr *find_cmd_rcvr(struct ipmi_smi *intf, 1599 unsigned char netfn, 1600 unsigned char cmd, 1601 unsigned char chan) 1602 { 1603 struct cmd_rcvr *rcvr; 1604 1605 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link, 1606 lockdep_is_held(&intf->cmd_rcvrs_mutex)) { 1607 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd) 1608 && (rcvr->chans & (1 << chan))) 1609 return rcvr; 1610 } 1611 return NULL; 1612 } 1613 1614 static int is_cmd_rcvr_exclusive(struct ipmi_smi *intf, 1615 unsigned char netfn, 1616 unsigned char cmd, 1617 unsigned int chans) 1618 { 1619 struct cmd_rcvr *rcvr; 1620 1621 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link, 1622 lockdep_is_held(&intf->cmd_rcvrs_mutex)) { 1623 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd) 1624 && (rcvr->chans & chans)) 1625 return 0; 1626 } 1627 return 1; 1628 } 1629 1630 int ipmi_register_for_cmd(struct ipmi_user *user, 1631 unsigned char netfn, 1632 unsigned char cmd, 1633 unsigned int chans) 1634 { 1635 struct ipmi_smi *intf = user->intf; 1636 struct cmd_rcvr *rcvr; 1637 int rv = 0, index; 1638 1639 user = acquire_ipmi_user(user, &index); 1640 if (!user) 1641 return -ENODEV; 1642 1643 rcvr = kmalloc(sizeof(*rcvr), GFP_KERNEL); 1644 if (!rcvr) { 1645 rv = -ENOMEM; 1646 goto out_release; 1647 } 1648 rcvr->cmd = cmd; 1649 rcvr->netfn = netfn; 1650 rcvr->chans = chans; 1651 rcvr->user = user; 1652 1653 mutex_lock(&intf->cmd_rcvrs_mutex); 1654 /* Make sure the command/netfn is not already registered. */ 1655 if (!is_cmd_rcvr_exclusive(intf, netfn, cmd, chans)) { 1656 rv = -EBUSY; 1657 goto out_unlock; 1658 } 1659 1660 smi_add_watch(intf, IPMI_WATCH_MASK_CHECK_COMMANDS); 1661 1662 list_add_rcu(&rcvr->link, &intf->cmd_rcvrs); 1663 1664 out_unlock: 1665 mutex_unlock(&intf->cmd_rcvrs_mutex); 1666 if (rv) 1667 kfree(rcvr); 1668 out_release: 1669 release_ipmi_user(user, index); 1670 1671 return rv; 1672 } 1673 EXPORT_SYMBOL(ipmi_register_for_cmd); 1674 1675 int ipmi_unregister_for_cmd(struct ipmi_user *user, 1676 unsigned char netfn, 1677 unsigned char cmd, 1678 unsigned int chans) 1679 { 1680 struct ipmi_smi *intf = user->intf; 1681 struct cmd_rcvr *rcvr; 1682 struct cmd_rcvr *rcvrs = NULL; 1683 int i, rv = -ENOENT, index; 1684 1685 user = acquire_ipmi_user(user, &index); 1686 if (!user) 1687 return -ENODEV; 1688 1689 mutex_lock(&intf->cmd_rcvrs_mutex); 1690 for (i = 0; i < IPMI_NUM_CHANNELS; i++) { 1691 if (((1 << i) & chans) == 0) 1692 continue; 1693 rcvr = find_cmd_rcvr(intf, netfn, cmd, i); 1694 if (rcvr == NULL) 1695 continue; 1696 if (rcvr->user == user) { 1697 rv = 0; 1698 rcvr->chans &= ~chans; 1699 if (rcvr->chans == 0) { 1700 list_del_rcu(&rcvr->link); 1701 rcvr->next = rcvrs; 1702 rcvrs = rcvr; 1703 } 1704 } 1705 } 1706 mutex_unlock(&intf->cmd_rcvrs_mutex); 1707 synchronize_rcu(); 1708 release_ipmi_user(user, index); 1709 while (rcvrs) { 1710 smi_remove_watch(intf, IPMI_WATCH_MASK_CHECK_COMMANDS); 1711 rcvr = rcvrs; 1712 rcvrs = rcvr->next; 1713 kfree(rcvr); 1714 } 1715 1716 return rv; 1717 } 1718 EXPORT_SYMBOL(ipmi_unregister_for_cmd); 1719 1720 static unsigned char 1721 ipmb_checksum(unsigned char *data, int size) 1722 { 1723 unsigned char csum = 0; 1724 1725 for (; size > 0; size--, data++) 1726 csum += *data; 1727 1728 return -csum; 1729 } 1730 1731 static inline void format_ipmb_msg(struct ipmi_smi_msg *smi_msg, 1732 struct kernel_ipmi_msg *msg, 1733 struct ipmi_ipmb_addr *ipmb_addr, 1734 long msgid, 1735 unsigned char ipmb_seq, 1736 int broadcast, 1737 unsigned char source_address, 1738 unsigned char source_lun) 1739 { 1740 int i = broadcast; 1741 1742 /* Format the IPMB header data. */ 1743 smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2); 1744 smi_msg->data[1] = IPMI_SEND_MSG_CMD; 1745 smi_msg->data[2] = ipmb_addr->channel; 1746 if (broadcast) 1747 smi_msg->data[3] = 0; 1748 smi_msg->data[i+3] = ipmb_addr->slave_addr; 1749 smi_msg->data[i+4] = (msg->netfn << 2) | (ipmb_addr->lun & 0x3); 1750 smi_msg->data[i+5] = ipmb_checksum(&smi_msg->data[i + 3], 2); 1751 smi_msg->data[i+6] = source_address; 1752 smi_msg->data[i+7] = (ipmb_seq << 2) | source_lun; 1753 smi_msg->data[i+8] = msg->cmd; 1754 1755 /* Now tack on the data to the message. */ 1756 if (msg->data_len > 0) 1757 memcpy(&smi_msg->data[i + 9], msg->data, msg->data_len); 1758 smi_msg->data_size = msg->data_len + 9; 1759 1760 /* Now calculate the checksum and tack it on. */ 1761 smi_msg->data[i+smi_msg->data_size] 1762 = ipmb_checksum(&smi_msg->data[i + 6], smi_msg->data_size - 6); 1763 1764 /* 1765 * Add on the checksum size and the offset from the 1766 * broadcast. 1767 */ 1768 smi_msg->data_size += 1 + i; 1769 1770 smi_msg->msgid = msgid; 1771 } 1772 1773 static inline void format_lan_msg(struct ipmi_smi_msg *smi_msg, 1774 struct kernel_ipmi_msg *msg, 1775 struct ipmi_lan_addr *lan_addr, 1776 long msgid, 1777 unsigned char ipmb_seq, 1778 unsigned char source_lun) 1779 { 1780 /* Format the IPMB header data. */ 1781 smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2); 1782 smi_msg->data[1] = IPMI_SEND_MSG_CMD; 1783 smi_msg->data[2] = lan_addr->channel; 1784 smi_msg->data[3] = lan_addr->session_handle; 1785 smi_msg->data[4] = lan_addr->remote_SWID; 1786 smi_msg->data[5] = (msg->netfn << 2) | (lan_addr->lun & 0x3); 1787 smi_msg->data[6] = ipmb_checksum(&smi_msg->data[4], 2); 1788 smi_msg->data[7] = lan_addr->local_SWID; 1789 smi_msg->data[8] = (ipmb_seq << 2) | source_lun; 1790 smi_msg->data[9] = msg->cmd; 1791 1792 /* Now tack on the data to the message. */ 1793 if (msg->data_len > 0) 1794 memcpy(&smi_msg->data[10], msg->data, msg->data_len); 1795 smi_msg->data_size = msg->data_len + 10; 1796 1797 /* Now calculate the checksum and tack it on. */ 1798 smi_msg->data[smi_msg->data_size] 1799 = ipmb_checksum(&smi_msg->data[7], smi_msg->data_size - 7); 1800 1801 /* 1802 * Add on the checksum size and the offset from the 1803 * broadcast. 1804 */ 1805 smi_msg->data_size += 1; 1806 1807 smi_msg->msgid = msgid; 1808 } 1809 1810 static struct ipmi_smi_msg *smi_add_send_msg(struct ipmi_smi *intf, 1811 struct ipmi_smi_msg *smi_msg, 1812 int priority) 1813 { 1814 if (intf->curr_msg) { 1815 if (priority > 0) 1816 list_add_tail(&smi_msg->link, &intf->hp_xmit_msgs); 1817 else 1818 list_add_tail(&smi_msg->link, &intf->xmit_msgs); 1819 smi_msg = NULL; 1820 } else { 1821 intf->curr_msg = smi_msg; 1822 } 1823 1824 return smi_msg; 1825 } 1826 1827 static void smi_send(struct ipmi_smi *intf, 1828 const struct ipmi_smi_handlers *handlers, 1829 struct ipmi_smi_msg *smi_msg, int priority) 1830 { 1831 int run_to_completion = intf->run_to_completion; 1832 unsigned long flags = 0; 1833 1834 if (!run_to_completion) 1835 spin_lock_irqsave(&intf->xmit_msgs_lock, flags); 1836 smi_msg = smi_add_send_msg(intf, smi_msg, priority); 1837 1838 if (!run_to_completion) 1839 spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags); 1840 1841 if (smi_msg) 1842 handlers->sender(intf->send_info, smi_msg); 1843 } 1844 1845 static bool is_maintenance_mode_cmd(struct kernel_ipmi_msg *msg) 1846 { 1847 return (((msg->netfn == IPMI_NETFN_APP_REQUEST) 1848 && ((msg->cmd == IPMI_COLD_RESET_CMD) 1849 || (msg->cmd == IPMI_WARM_RESET_CMD))) 1850 || (msg->netfn == IPMI_NETFN_FIRMWARE_REQUEST)); 1851 } 1852 1853 static int i_ipmi_req_sysintf(struct ipmi_smi *intf, 1854 struct ipmi_addr *addr, 1855 long msgid, 1856 struct kernel_ipmi_msg *msg, 1857 struct ipmi_smi_msg *smi_msg, 1858 struct ipmi_recv_msg *recv_msg, 1859 int retries, 1860 unsigned int retry_time_ms) 1861 { 1862 struct ipmi_system_interface_addr *smi_addr; 1863 1864 if (msg->netfn & 1) 1865 /* Responses are not allowed to the SMI. */ 1866 return -EINVAL; 1867 1868 smi_addr = (struct ipmi_system_interface_addr *) addr; 1869 if (smi_addr->lun > 3) { 1870 ipmi_inc_stat(intf, sent_invalid_commands); 1871 return -EINVAL; 1872 } 1873 1874 memcpy(&recv_msg->addr, smi_addr, sizeof(*smi_addr)); 1875 1876 if ((msg->netfn == IPMI_NETFN_APP_REQUEST) 1877 && ((msg->cmd == IPMI_SEND_MSG_CMD) 1878 || (msg->cmd == IPMI_GET_MSG_CMD) 1879 || (msg->cmd == IPMI_READ_EVENT_MSG_BUFFER_CMD))) { 1880 /* 1881 * We don't let the user do these, since we manage 1882 * the sequence numbers. 1883 */ 1884 ipmi_inc_stat(intf, sent_invalid_commands); 1885 return -EINVAL; 1886 } 1887 1888 if (is_maintenance_mode_cmd(msg)) { 1889 unsigned long flags; 1890 1891 spin_lock_irqsave(&intf->maintenance_mode_lock, flags); 1892 intf->auto_maintenance_timeout 1893 = maintenance_mode_timeout_ms; 1894 if (!intf->maintenance_mode 1895 && !intf->maintenance_mode_enable) { 1896 intf->maintenance_mode_enable = true; 1897 maintenance_mode_update(intf); 1898 } 1899 spin_unlock_irqrestore(&intf->maintenance_mode_lock, 1900 flags); 1901 } 1902 1903 if (msg->data_len + 2 > IPMI_MAX_MSG_LENGTH) { 1904 ipmi_inc_stat(intf, sent_invalid_commands); 1905 return -EMSGSIZE; 1906 } 1907 1908 smi_msg->data[0] = (msg->netfn << 2) | (smi_addr->lun & 0x3); 1909 smi_msg->data[1] = msg->cmd; 1910 smi_msg->msgid = msgid; 1911 smi_msg->user_data = recv_msg; 1912 if (msg->data_len > 0) 1913 memcpy(&smi_msg->data[2], msg->data, msg->data_len); 1914 smi_msg->data_size = msg->data_len + 2; 1915 ipmi_inc_stat(intf, sent_local_commands); 1916 1917 return 0; 1918 } 1919 1920 static int i_ipmi_req_ipmb(struct ipmi_smi *intf, 1921 struct ipmi_addr *addr, 1922 long msgid, 1923 struct kernel_ipmi_msg *msg, 1924 struct ipmi_smi_msg *smi_msg, 1925 struct ipmi_recv_msg *recv_msg, 1926 unsigned char source_address, 1927 unsigned char source_lun, 1928 int retries, 1929 unsigned int retry_time_ms) 1930 { 1931 struct ipmi_ipmb_addr *ipmb_addr; 1932 unsigned char ipmb_seq; 1933 long seqid; 1934 int broadcast = 0; 1935 struct ipmi_channel *chans; 1936 int rv = 0; 1937 1938 if (addr->channel >= IPMI_MAX_CHANNELS) { 1939 ipmi_inc_stat(intf, sent_invalid_commands); 1940 return -EINVAL; 1941 } 1942 1943 chans = READ_ONCE(intf->channel_list)->c; 1944 1945 if (chans[addr->channel].medium != IPMI_CHANNEL_MEDIUM_IPMB) { 1946 ipmi_inc_stat(intf, sent_invalid_commands); 1947 return -EINVAL; 1948 } 1949 1950 if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE) { 1951 /* 1952 * Broadcasts add a zero at the beginning of the 1953 * message, but otherwise is the same as an IPMB 1954 * address. 1955 */ 1956 addr->addr_type = IPMI_IPMB_ADDR_TYPE; 1957 broadcast = 1; 1958 retries = 0; /* Don't retry broadcasts. */ 1959 } 1960 1961 /* 1962 * 9 for the header and 1 for the checksum, plus 1963 * possibly one for the broadcast. 1964 */ 1965 if ((msg->data_len + 10 + broadcast) > IPMI_MAX_MSG_LENGTH) { 1966 ipmi_inc_stat(intf, sent_invalid_commands); 1967 return -EMSGSIZE; 1968 } 1969 1970 ipmb_addr = (struct ipmi_ipmb_addr *) addr; 1971 if (ipmb_addr->lun > 3) { 1972 ipmi_inc_stat(intf, sent_invalid_commands); 1973 return -EINVAL; 1974 } 1975 1976 memcpy(&recv_msg->addr, ipmb_addr, sizeof(*ipmb_addr)); 1977 1978 if (recv_msg->msg.netfn & 0x1) { 1979 /* 1980 * It's a response, so use the user's sequence 1981 * from msgid. 1982 */ 1983 ipmi_inc_stat(intf, sent_ipmb_responses); 1984 format_ipmb_msg(smi_msg, msg, ipmb_addr, msgid, 1985 msgid, broadcast, 1986 source_address, source_lun); 1987 1988 /* 1989 * Save the receive message so we can use it 1990 * to deliver the response. 1991 */ 1992 smi_msg->user_data = recv_msg; 1993 } else { 1994 /* It's a command, so get a sequence for it. */ 1995 unsigned long flags; 1996 1997 spin_lock_irqsave(&intf->seq_lock, flags); 1998 1999 if (is_maintenance_mode_cmd(msg)) 2000 intf->ipmb_maintenance_mode_timeout = 2001 maintenance_mode_timeout_ms; 2002 2003 if (intf->ipmb_maintenance_mode_timeout && retry_time_ms == 0) 2004 /* Different default in maintenance mode */ 2005 retry_time_ms = default_maintenance_retry_ms; 2006 2007 /* 2008 * Create a sequence number with a 1 second 2009 * timeout and 4 retries. 2010 */ 2011 rv = intf_next_seq(intf, 2012 recv_msg, 2013 retry_time_ms, 2014 retries, 2015 broadcast, 2016 &ipmb_seq, 2017 &seqid); 2018 if (rv) 2019 /* 2020 * We have used up all the sequence numbers, 2021 * probably, so abort. 2022 */ 2023 goto out_err; 2024 2025 ipmi_inc_stat(intf, sent_ipmb_commands); 2026 2027 /* 2028 * Store the sequence number in the message, 2029 * so that when the send message response 2030 * comes back we can start the timer. 2031 */ 2032 format_ipmb_msg(smi_msg, msg, ipmb_addr, 2033 STORE_SEQ_IN_MSGID(ipmb_seq, seqid), 2034 ipmb_seq, broadcast, 2035 source_address, source_lun); 2036 2037 /* 2038 * Copy the message into the recv message data, so we 2039 * can retransmit it later if necessary. 2040 */ 2041 memcpy(recv_msg->msg_data, smi_msg->data, 2042 smi_msg->data_size); 2043 recv_msg->msg.data = recv_msg->msg_data; 2044 recv_msg->msg.data_len = smi_msg->data_size; 2045 2046 /* 2047 * We don't unlock until here, because we need 2048 * to copy the completed message into the 2049 * recv_msg before we release the lock. 2050 * Otherwise, race conditions may bite us. I 2051 * know that's pretty paranoid, but I prefer 2052 * to be correct. 2053 */ 2054 out_err: 2055 spin_unlock_irqrestore(&intf->seq_lock, flags); 2056 } 2057 2058 return rv; 2059 } 2060 2061 static int i_ipmi_req_lan(struct ipmi_smi *intf, 2062 struct ipmi_addr *addr, 2063 long msgid, 2064 struct kernel_ipmi_msg *msg, 2065 struct ipmi_smi_msg *smi_msg, 2066 struct ipmi_recv_msg *recv_msg, 2067 unsigned char source_lun, 2068 int retries, 2069 unsigned int retry_time_ms) 2070 { 2071 struct ipmi_lan_addr *lan_addr; 2072 unsigned char ipmb_seq; 2073 long seqid; 2074 struct ipmi_channel *chans; 2075 int rv = 0; 2076 2077 if (addr->channel >= IPMI_MAX_CHANNELS) { 2078 ipmi_inc_stat(intf, sent_invalid_commands); 2079 return -EINVAL; 2080 } 2081 2082 chans = READ_ONCE(intf->channel_list)->c; 2083 2084 if ((chans[addr->channel].medium 2085 != IPMI_CHANNEL_MEDIUM_8023LAN) 2086 && (chans[addr->channel].medium 2087 != IPMI_CHANNEL_MEDIUM_ASYNC)) { 2088 ipmi_inc_stat(intf, sent_invalid_commands); 2089 return -EINVAL; 2090 } 2091 2092 /* 11 for the header and 1 for the checksum. */ 2093 if ((msg->data_len + 12) > IPMI_MAX_MSG_LENGTH) { 2094 ipmi_inc_stat(intf, sent_invalid_commands); 2095 return -EMSGSIZE; 2096 } 2097 2098 lan_addr = (struct ipmi_lan_addr *) addr; 2099 if (lan_addr->lun > 3) { 2100 ipmi_inc_stat(intf, sent_invalid_commands); 2101 return -EINVAL; 2102 } 2103 2104 memcpy(&recv_msg->addr, lan_addr, sizeof(*lan_addr)); 2105 2106 if (recv_msg->msg.netfn & 0x1) { 2107 /* 2108 * It's a response, so use the user's sequence 2109 * from msgid. 2110 */ 2111 ipmi_inc_stat(intf, sent_lan_responses); 2112 format_lan_msg(smi_msg, msg, lan_addr, msgid, 2113 msgid, source_lun); 2114 2115 /* 2116 * Save the receive message so we can use it 2117 * to deliver the response. 2118 */ 2119 smi_msg->user_data = recv_msg; 2120 } else { 2121 /* It's a command, so get a sequence for it. */ 2122 unsigned long flags; 2123 2124 spin_lock_irqsave(&intf->seq_lock, flags); 2125 2126 /* 2127 * Create a sequence number with a 1 second 2128 * timeout and 4 retries. 2129 */ 2130 rv = intf_next_seq(intf, 2131 recv_msg, 2132 retry_time_ms, 2133 retries, 2134 0, 2135 &ipmb_seq, 2136 &seqid); 2137 if (rv) 2138 /* 2139 * We have used up all the sequence numbers, 2140 * probably, so abort. 2141 */ 2142 goto out_err; 2143 2144 ipmi_inc_stat(intf, sent_lan_commands); 2145 2146 /* 2147 * Store the sequence number in the message, 2148 * so that when the send message response 2149 * comes back we can start the timer. 2150 */ 2151 format_lan_msg(smi_msg, msg, lan_addr, 2152 STORE_SEQ_IN_MSGID(ipmb_seq, seqid), 2153 ipmb_seq, source_lun); 2154 2155 /* 2156 * Copy the message into the recv message data, so we 2157 * can retransmit it later if necessary. 2158 */ 2159 memcpy(recv_msg->msg_data, smi_msg->data, 2160 smi_msg->data_size); 2161 recv_msg->msg.data = recv_msg->msg_data; 2162 recv_msg->msg.data_len = smi_msg->data_size; 2163 2164 /* 2165 * We don't unlock until here, because we need 2166 * to copy the completed message into the 2167 * recv_msg before we release the lock. 2168 * Otherwise, race conditions may bite us. I 2169 * know that's pretty paranoid, but I prefer 2170 * to be correct. 2171 */ 2172 out_err: 2173 spin_unlock_irqrestore(&intf->seq_lock, flags); 2174 } 2175 2176 return rv; 2177 } 2178 2179 /* 2180 * Separate from ipmi_request so that the user does not have to be 2181 * supplied in certain circumstances (mainly at panic time). If 2182 * messages are supplied, they will be freed, even if an error 2183 * occurs. 2184 */ 2185 static int i_ipmi_request(struct ipmi_user *user, 2186 struct ipmi_smi *intf, 2187 struct ipmi_addr *addr, 2188 long msgid, 2189 struct kernel_ipmi_msg *msg, 2190 void *user_msg_data, 2191 void *supplied_smi, 2192 struct ipmi_recv_msg *supplied_recv, 2193 int priority, 2194 unsigned char source_address, 2195 unsigned char source_lun, 2196 int retries, 2197 unsigned int retry_time_ms) 2198 { 2199 struct ipmi_smi_msg *smi_msg; 2200 struct ipmi_recv_msg *recv_msg; 2201 int rv = 0; 2202 2203 if (supplied_recv) 2204 recv_msg = supplied_recv; 2205 else { 2206 recv_msg = ipmi_alloc_recv_msg(); 2207 if (recv_msg == NULL) { 2208 rv = -ENOMEM; 2209 goto out; 2210 } 2211 } 2212 recv_msg->user_msg_data = user_msg_data; 2213 2214 if (supplied_smi) 2215 smi_msg = (struct ipmi_smi_msg *) supplied_smi; 2216 else { 2217 smi_msg = ipmi_alloc_smi_msg(); 2218 if (smi_msg == NULL) { 2219 if (!supplied_recv) 2220 ipmi_free_recv_msg(recv_msg); 2221 rv = -ENOMEM; 2222 goto out; 2223 } 2224 } 2225 2226 rcu_read_lock(); 2227 if (intf->in_shutdown) { 2228 rv = -ENODEV; 2229 goto out_err; 2230 } 2231 2232 recv_msg->user = user; 2233 if (user) 2234 /* The put happens when the message is freed. */ 2235 kref_get(&user->refcount); 2236 recv_msg->msgid = msgid; 2237 /* 2238 * Store the message to send in the receive message so timeout 2239 * responses can get the proper response data. 2240 */ 2241 recv_msg->msg = *msg; 2242 2243 if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) { 2244 rv = i_ipmi_req_sysintf(intf, addr, msgid, msg, smi_msg, 2245 recv_msg, retries, retry_time_ms); 2246 } else if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) { 2247 rv = i_ipmi_req_ipmb(intf, addr, msgid, msg, smi_msg, recv_msg, 2248 source_address, source_lun, 2249 retries, retry_time_ms); 2250 } else if (is_lan_addr(addr)) { 2251 rv = i_ipmi_req_lan(intf, addr, msgid, msg, smi_msg, recv_msg, 2252 source_lun, retries, retry_time_ms); 2253 } else { 2254 /* Unknown address type. */ 2255 ipmi_inc_stat(intf, sent_invalid_commands); 2256 rv = -EINVAL; 2257 } 2258 2259 if (rv) { 2260 out_err: 2261 ipmi_free_smi_msg(smi_msg); 2262 ipmi_free_recv_msg(recv_msg); 2263 } else { 2264 pr_debug("Send: %*ph\n", smi_msg->data_size, smi_msg->data); 2265 2266 smi_send(intf, intf->handlers, smi_msg, priority); 2267 } 2268 rcu_read_unlock(); 2269 2270 out: 2271 return rv; 2272 } 2273 2274 static int check_addr(struct ipmi_smi *intf, 2275 struct ipmi_addr *addr, 2276 unsigned char *saddr, 2277 unsigned char *lun) 2278 { 2279 if (addr->channel >= IPMI_MAX_CHANNELS) 2280 return -EINVAL; 2281 addr->channel = array_index_nospec(addr->channel, IPMI_MAX_CHANNELS); 2282 *lun = intf->addrinfo[addr->channel].lun; 2283 *saddr = intf->addrinfo[addr->channel].address; 2284 return 0; 2285 } 2286 2287 int ipmi_request_settime(struct ipmi_user *user, 2288 struct ipmi_addr *addr, 2289 long msgid, 2290 struct kernel_ipmi_msg *msg, 2291 void *user_msg_data, 2292 int priority, 2293 int retries, 2294 unsigned int retry_time_ms) 2295 { 2296 unsigned char saddr = 0, lun = 0; 2297 int rv, index; 2298 2299 if (!user) 2300 return -EINVAL; 2301 2302 user = acquire_ipmi_user(user, &index); 2303 if (!user) 2304 return -ENODEV; 2305 2306 rv = check_addr(user->intf, addr, &saddr, &lun); 2307 if (!rv) 2308 rv = i_ipmi_request(user, 2309 user->intf, 2310 addr, 2311 msgid, 2312 msg, 2313 user_msg_data, 2314 NULL, NULL, 2315 priority, 2316 saddr, 2317 lun, 2318 retries, 2319 retry_time_ms); 2320 2321 release_ipmi_user(user, index); 2322 return rv; 2323 } 2324 EXPORT_SYMBOL(ipmi_request_settime); 2325 2326 int ipmi_request_supply_msgs(struct ipmi_user *user, 2327 struct ipmi_addr *addr, 2328 long msgid, 2329 struct kernel_ipmi_msg *msg, 2330 void *user_msg_data, 2331 void *supplied_smi, 2332 struct ipmi_recv_msg *supplied_recv, 2333 int priority) 2334 { 2335 unsigned char saddr = 0, lun = 0; 2336 int rv, index; 2337 2338 if (!user) 2339 return -EINVAL; 2340 2341 user = acquire_ipmi_user(user, &index); 2342 if (!user) 2343 return -ENODEV; 2344 2345 rv = check_addr(user->intf, addr, &saddr, &lun); 2346 if (!rv) 2347 rv = i_ipmi_request(user, 2348 user->intf, 2349 addr, 2350 msgid, 2351 msg, 2352 user_msg_data, 2353 supplied_smi, 2354 supplied_recv, 2355 priority, 2356 saddr, 2357 lun, 2358 -1, 0); 2359 2360 release_ipmi_user(user, index); 2361 return rv; 2362 } 2363 EXPORT_SYMBOL(ipmi_request_supply_msgs); 2364 2365 static void bmc_device_id_handler(struct ipmi_smi *intf, 2366 struct ipmi_recv_msg *msg) 2367 { 2368 int rv; 2369 2370 if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 2371 || (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE) 2372 || (msg->msg.cmd != IPMI_GET_DEVICE_ID_CMD)) { 2373 dev_warn(intf->si_dev, 2374 "invalid device_id msg: addr_type=%d netfn=%x cmd=%x\n", 2375 msg->addr.addr_type, msg->msg.netfn, msg->msg.cmd); 2376 return; 2377 } 2378 2379 rv = ipmi_demangle_device_id(msg->msg.netfn, msg->msg.cmd, 2380 msg->msg.data, msg->msg.data_len, &intf->bmc->fetch_id); 2381 if (rv) { 2382 dev_warn(intf->si_dev, "device id demangle failed: %d\n", rv); 2383 intf->bmc->dyn_id_set = 0; 2384 } else { 2385 /* 2386 * Make sure the id data is available before setting 2387 * dyn_id_set. 2388 */ 2389 smp_wmb(); 2390 intf->bmc->dyn_id_set = 1; 2391 } 2392 2393 wake_up(&intf->waitq); 2394 } 2395 2396 static int 2397 send_get_device_id_cmd(struct ipmi_smi *intf) 2398 { 2399 struct ipmi_system_interface_addr si; 2400 struct kernel_ipmi_msg msg; 2401 2402 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 2403 si.channel = IPMI_BMC_CHANNEL; 2404 si.lun = 0; 2405 2406 msg.netfn = IPMI_NETFN_APP_REQUEST; 2407 msg.cmd = IPMI_GET_DEVICE_ID_CMD; 2408 msg.data = NULL; 2409 msg.data_len = 0; 2410 2411 return i_ipmi_request(NULL, 2412 intf, 2413 (struct ipmi_addr *) &si, 2414 0, 2415 &msg, 2416 intf, 2417 NULL, 2418 NULL, 2419 0, 2420 intf->addrinfo[0].address, 2421 intf->addrinfo[0].lun, 2422 -1, 0); 2423 } 2424 2425 static int __get_device_id(struct ipmi_smi *intf, struct bmc_device *bmc) 2426 { 2427 int rv; 2428 2429 bmc->dyn_id_set = 2; 2430 2431 intf->null_user_handler = bmc_device_id_handler; 2432 2433 rv = send_get_device_id_cmd(intf); 2434 if (rv) 2435 return rv; 2436 2437 wait_event(intf->waitq, bmc->dyn_id_set != 2); 2438 2439 if (!bmc->dyn_id_set) 2440 rv = -EIO; /* Something went wrong in the fetch. */ 2441 2442 /* dyn_id_set makes the id data available. */ 2443 smp_rmb(); 2444 2445 intf->null_user_handler = NULL; 2446 2447 return rv; 2448 } 2449 2450 /* 2451 * Fetch the device id for the bmc/interface. You must pass in either 2452 * bmc or intf, this code will get the other one. If the data has 2453 * been recently fetched, this will just use the cached data. Otherwise 2454 * it will run a new fetch. 2455 * 2456 * Except for the first time this is called (in ipmi_add_smi()), 2457 * this will always return good data; 2458 */ 2459 static int __bmc_get_device_id(struct ipmi_smi *intf, struct bmc_device *bmc, 2460 struct ipmi_device_id *id, 2461 bool *guid_set, guid_t *guid, int intf_num) 2462 { 2463 int rv = 0; 2464 int prev_dyn_id_set, prev_guid_set; 2465 bool intf_set = intf != NULL; 2466 2467 if (!intf) { 2468 mutex_lock(&bmc->dyn_mutex); 2469 retry_bmc_lock: 2470 if (list_empty(&bmc->intfs)) { 2471 mutex_unlock(&bmc->dyn_mutex); 2472 return -ENOENT; 2473 } 2474 intf = list_first_entry(&bmc->intfs, struct ipmi_smi, 2475 bmc_link); 2476 kref_get(&intf->refcount); 2477 mutex_unlock(&bmc->dyn_mutex); 2478 mutex_lock(&intf->bmc_reg_mutex); 2479 mutex_lock(&bmc->dyn_mutex); 2480 if (intf != list_first_entry(&bmc->intfs, struct ipmi_smi, 2481 bmc_link)) { 2482 mutex_unlock(&intf->bmc_reg_mutex); 2483 kref_put(&intf->refcount, intf_free); 2484 goto retry_bmc_lock; 2485 } 2486 } else { 2487 mutex_lock(&intf->bmc_reg_mutex); 2488 bmc = intf->bmc; 2489 mutex_lock(&bmc->dyn_mutex); 2490 kref_get(&intf->refcount); 2491 } 2492 2493 /* If we have a valid and current ID, just return that. */ 2494 if (intf->in_bmc_register || 2495 (bmc->dyn_id_set && time_is_after_jiffies(bmc->dyn_id_expiry))) 2496 goto out_noprocessing; 2497 2498 prev_guid_set = bmc->dyn_guid_set; 2499 __get_guid(intf); 2500 2501 prev_dyn_id_set = bmc->dyn_id_set; 2502 rv = __get_device_id(intf, bmc); 2503 if (rv) 2504 goto out; 2505 2506 /* 2507 * The guid, device id, manufacturer id, and product id should 2508 * not change on a BMC. If it does we have to do some dancing. 2509 */ 2510 if (!intf->bmc_registered 2511 || (!prev_guid_set && bmc->dyn_guid_set) 2512 || (!prev_dyn_id_set && bmc->dyn_id_set) 2513 || (prev_guid_set && bmc->dyn_guid_set 2514 && !guid_equal(&bmc->guid, &bmc->fetch_guid)) 2515 || bmc->id.device_id != bmc->fetch_id.device_id 2516 || bmc->id.manufacturer_id != bmc->fetch_id.manufacturer_id 2517 || bmc->id.product_id != bmc->fetch_id.product_id) { 2518 struct ipmi_device_id id = bmc->fetch_id; 2519 int guid_set = bmc->dyn_guid_set; 2520 guid_t guid; 2521 2522 guid = bmc->fetch_guid; 2523 mutex_unlock(&bmc->dyn_mutex); 2524 2525 __ipmi_bmc_unregister(intf); 2526 /* Fill in the temporary BMC for good measure. */ 2527 intf->bmc->id = id; 2528 intf->bmc->dyn_guid_set = guid_set; 2529 intf->bmc->guid = guid; 2530 if (__ipmi_bmc_register(intf, &id, guid_set, &guid, intf_num)) 2531 need_waiter(intf); /* Retry later on an error. */ 2532 else 2533 __scan_channels(intf, &id); 2534 2535 2536 if (!intf_set) { 2537 /* 2538 * We weren't given the interface on the 2539 * command line, so restart the operation on 2540 * the next interface for the BMC. 2541 */ 2542 mutex_unlock(&intf->bmc_reg_mutex); 2543 mutex_lock(&bmc->dyn_mutex); 2544 goto retry_bmc_lock; 2545 } 2546 2547 /* We have a new BMC, set it up. */ 2548 bmc = intf->bmc; 2549 mutex_lock(&bmc->dyn_mutex); 2550 goto out_noprocessing; 2551 } else if (memcmp(&bmc->fetch_id, &bmc->id, sizeof(bmc->id))) 2552 /* Version info changes, scan the channels again. */ 2553 __scan_channels(intf, &bmc->fetch_id); 2554 2555 bmc->dyn_id_expiry = jiffies + IPMI_DYN_DEV_ID_EXPIRY; 2556 2557 out: 2558 if (rv && prev_dyn_id_set) { 2559 rv = 0; /* Ignore failures if we have previous data. */ 2560 bmc->dyn_id_set = prev_dyn_id_set; 2561 } 2562 if (!rv) { 2563 bmc->id = bmc->fetch_id; 2564 if (bmc->dyn_guid_set) 2565 bmc->guid = bmc->fetch_guid; 2566 else if (prev_guid_set) 2567 /* 2568 * The guid used to be valid and it failed to fetch, 2569 * just use the cached value. 2570 */ 2571 bmc->dyn_guid_set = prev_guid_set; 2572 } 2573 out_noprocessing: 2574 if (!rv) { 2575 if (id) 2576 *id = bmc->id; 2577 2578 if (guid_set) 2579 *guid_set = bmc->dyn_guid_set; 2580 2581 if (guid && bmc->dyn_guid_set) 2582 *guid = bmc->guid; 2583 } 2584 2585 mutex_unlock(&bmc->dyn_mutex); 2586 mutex_unlock(&intf->bmc_reg_mutex); 2587 2588 kref_put(&intf->refcount, intf_free); 2589 return rv; 2590 } 2591 2592 static int bmc_get_device_id(struct ipmi_smi *intf, struct bmc_device *bmc, 2593 struct ipmi_device_id *id, 2594 bool *guid_set, guid_t *guid) 2595 { 2596 return __bmc_get_device_id(intf, bmc, id, guid_set, guid, -1); 2597 } 2598 2599 static ssize_t device_id_show(struct device *dev, 2600 struct device_attribute *attr, 2601 char *buf) 2602 { 2603 struct bmc_device *bmc = to_bmc_device(dev); 2604 struct ipmi_device_id id; 2605 int rv; 2606 2607 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2608 if (rv) 2609 return rv; 2610 2611 return snprintf(buf, 10, "%u\n", id.device_id); 2612 } 2613 static DEVICE_ATTR_RO(device_id); 2614 2615 static ssize_t provides_device_sdrs_show(struct device *dev, 2616 struct device_attribute *attr, 2617 char *buf) 2618 { 2619 struct bmc_device *bmc = to_bmc_device(dev); 2620 struct ipmi_device_id id; 2621 int rv; 2622 2623 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2624 if (rv) 2625 return rv; 2626 2627 return snprintf(buf, 10, "%u\n", (id.device_revision & 0x80) >> 7); 2628 } 2629 static DEVICE_ATTR_RO(provides_device_sdrs); 2630 2631 static ssize_t revision_show(struct device *dev, struct device_attribute *attr, 2632 char *buf) 2633 { 2634 struct bmc_device *bmc = to_bmc_device(dev); 2635 struct ipmi_device_id id; 2636 int rv; 2637 2638 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2639 if (rv) 2640 return rv; 2641 2642 return snprintf(buf, 20, "%u\n", id.device_revision & 0x0F); 2643 } 2644 static DEVICE_ATTR_RO(revision); 2645 2646 static ssize_t firmware_revision_show(struct device *dev, 2647 struct device_attribute *attr, 2648 char *buf) 2649 { 2650 struct bmc_device *bmc = to_bmc_device(dev); 2651 struct ipmi_device_id id; 2652 int rv; 2653 2654 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2655 if (rv) 2656 return rv; 2657 2658 return snprintf(buf, 20, "%u.%x\n", id.firmware_revision_1, 2659 id.firmware_revision_2); 2660 } 2661 static DEVICE_ATTR_RO(firmware_revision); 2662 2663 static ssize_t ipmi_version_show(struct device *dev, 2664 struct device_attribute *attr, 2665 char *buf) 2666 { 2667 struct bmc_device *bmc = to_bmc_device(dev); 2668 struct ipmi_device_id id; 2669 int rv; 2670 2671 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2672 if (rv) 2673 return rv; 2674 2675 return snprintf(buf, 20, "%u.%u\n", 2676 ipmi_version_major(&id), 2677 ipmi_version_minor(&id)); 2678 } 2679 static DEVICE_ATTR_RO(ipmi_version); 2680 2681 static ssize_t add_dev_support_show(struct device *dev, 2682 struct device_attribute *attr, 2683 char *buf) 2684 { 2685 struct bmc_device *bmc = to_bmc_device(dev); 2686 struct ipmi_device_id id; 2687 int rv; 2688 2689 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2690 if (rv) 2691 return rv; 2692 2693 return snprintf(buf, 10, "0x%02x\n", id.additional_device_support); 2694 } 2695 static DEVICE_ATTR(additional_device_support, S_IRUGO, add_dev_support_show, 2696 NULL); 2697 2698 static ssize_t manufacturer_id_show(struct device *dev, 2699 struct device_attribute *attr, 2700 char *buf) 2701 { 2702 struct bmc_device *bmc = to_bmc_device(dev); 2703 struct ipmi_device_id id; 2704 int rv; 2705 2706 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2707 if (rv) 2708 return rv; 2709 2710 return snprintf(buf, 20, "0x%6.6x\n", id.manufacturer_id); 2711 } 2712 static DEVICE_ATTR_RO(manufacturer_id); 2713 2714 static ssize_t product_id_show(struct device *dev, 2715 struct device_attribute *attr, 2716 char *buf) 2717 { 2718 struct bmc_device *bmc = to_bmc_device(dev); 2719 struct ipmi_device_id id; 2720 int rv; 2721 2722 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2723 if (rv) 2724 return rv; 2725 2726 return snprintf(buf, 10, "0x%4.4x\n", id.product_id); 2727 } 2728 static DEVICE_ATTR_RO(product_id); 2729 2730 static ssize_t aux_firmware_rev_show(struct device *dev, 2731 struct device_attribute *attr, 2732 char *buf) 2733 { 2734 struct bmc_device *bmc = to_bmc_device(dev); 2735 struct ipmi_device_id id; 2736 int rv; 2737 2738 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2739 if (rv) 2740 return rv; 2741 2742 return snprintf(buf, 21, "0x%02x 0x%02x 0x%02x 0x%02x\n", 2743 id.aux_firmware_revision[3], 2744 id.aux_firmware_revision[2], 2745 id.aux_firmware_revision[1], 2746 id.aux_firmware_revision[0]); 2747 } 2748 static DEVICE_ATTR(aux_firmware_revision, S_IRUGO, aux_firmware_rev_show, NULL); 2749 2750 static ssize_t guid_show(struct device *dev, struct device_attribute *attr, 2751 char *buf) 2752 { 2753 struct bmc_device *bmc = to_bmc_device(dev); 2754 bool guid_set; 2755 guid_t guid; 2756 int rv; 2757 2758 rv = bmc_get_device_id(NULL, bmc, NULL, &guid_set, &guid); 2759 if (rv) 2760 return rv; 2761 if (!guid_set) 2762 return -ENOENT; 2763 2764 return snprintf(buf, UUID_STRING_LEN + 1 + 1, "%pUl\n", &guid); 2765 } 2766 static DEVICE_ATTR_RO(guid); 2767 2768 static struct attribute *bmc_dev_attrs[] = { 2769 &dev_attr_device_id.attr, 2770 &dev_attr_provides_device_sdrs.attr, 2771 &dev_attr_revision.attr, 2772 &dev_attr_firmware_revision.attr, 2773 &dev_attr_ipmi_version.attr, 2774 &dev_attr_additional_device_support.attr, 2775 &dev_attr_manufacturer_id.attr, 2776 &dev_attr_product_id.attr, 2777 &dev_attr_aux_firmware_revision.attr, 2778 &dev_attr_guid.attr, 2779 NULL 2780 }; 2781 2782 static umode_t bmc_dev_attr_is_visible(struct kobject *kobj, 2783 struct attribute *attr, int idx) 2784 { 2785 struct device *dev = kobj_to_dev(kobj); 2786 struct bmc_device *bmc = to_bmc_device(dev); 2787 umode_t mode = attr->mode; 2788 int rv; 2789 2790 if (attr == &dev_attr_aux_firmware_revision.attr) { 2791 struct ipmi_device_id id; 2792 2793 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2794 return (!rv && id.aux_firmware_revision_set) ? mode : 0; 2795 } 2796 if (attr == &dev_attr_guid.attr) { 2797 bool guid_set; 2798 2799 rv = bmc_get_device_id(NULL, bmc, NULL, &guid_set, NULL); 2800 return (!rv && guid_set) ? mode : 0; 2801 } 2802 return mode; 2803 } 2804 2805 static const struct attribute_group bmc_dev_attr_group = { 2806 .attrs = bmc_dev_attrs, 2807 .is_visible = bmc_dev_attr_is_visible, 2808 }; 2809 2810 static const struct attribute_group *bmc_dev_attr_groups[] = { 2811 &bmc_dev_attr_group, 2812 NULL 2813 }; 2814 2815 static const struct device_type bmc_device_type = { 2816 .groups = bmc_dev_attr_groups, 2817 }; 2818 2819 static int __find_bmc_guid(struct device *dev, const void *data) 2820 { 2821 const guid_t *guid = data; 2822 struct bmc_device *bmc; 2823 int rv; 2824 2825 if (dev->type != &bmc_device_type) 2826 return 0; 2827 2828 bmc = to_bmc_device(dev); 2829 rv = bmc->dyn_guid_set && guid_equal(&bmc->guid, guid); 2830 if (rv) 2831 rv = kref_get_unless_zero(&bmc->usecount); 2832 return rv; 2833 } 2834 2835 /* 2836 * Returns with the bmc's usecount incremented, if it is non-NULL. 2837 */ 2838 static struct bmc_device *ipmi_find_bmc_guid(struct device_driver *drv, 2839 guid_t *guid) 2840 { 2841 struct device *dev; 2842 struct bmc_device *bmc = NULL; 2843 2844 dev = driver_find_device(drv, NULL, guid, __find_bmc_guid); 2845 if (dev) { 2846 bmc = to_bmc_device(dev); 2847 put_device(dev); 2848 } 2849 return bmc; 2850 } 2851 2852 struct prod_dev_id { 2853 unsigned int product_id; 2854 unsigned char device_id; 2855 }; 2856 2857 static int __find_bmc_prod_dev_id(struct device *dev, const void *data) 2858 { 2859 const struct prod_dev_id *cid = data; 2860 struct bmc_device *bmc; 2861 int rv; 2862 2863 if (dev->type != &bmc_device_type) 2864 return 0; 2865 2866 bmc = to_bmc_device(dev); 2867 rv = (bmc->id.product_id == cid->product_id 2868 && bmc->id.device_id == cid->device_id); 2869 if (rv) 2870 rv = kref_get_unless_zero(&bmc->usecount); 2871 return rv; 2872 } 2873 2874 /* 2875 * Returns with the bmc's usecount incremented, if it is non-NULL. 2876 */ 2877 static struct bmc_device *ipmi_find_bmc_prod_dev_id( 2878 struct device_driver *drv, 2879 unsigned int product_id, unsigned char device_id) 2880 { 2881 struct prod_dev_id id = { 2882 .product_id = product_id, 2883 .device_id = device_id, 2884 }; 2885 struct device *dev; 2886 struct bmc_device *bmc = NULL; 2887 2888 dev = driver_find_device(drv, NULL, &id, __find_bmc_prod_dev_id); 2889 if (dev) { 2890 bmc = to_bmc_device(dev); 2891 put_device(dev); 2892 } 2893 return bmc; 2894 } 2895 2896 static DEFINE_IDA(ipmi_bmc_ida); 2897 2898 static void 2899 release_bmc_device(struct device *dev) 2900 { 2901 kfree(to_bmc_device(dev)); 2902 } 2903 2904 static void cleanup_bmc_work(struct work_struct *work) 2905 { 2906 struct bmc_device *bmc = container_of(work, struct bmc_device, 2907 remove_work); 2908 int id = bmc->pdev.id; /* Unregister overwrites id */ 2909 2910 platform_device_unregister(&bmc->pdev); 2911 ida_simple_remove(&ipmi_bmc_ida, id); 2912 } 2913 2914 static void 2915 cleanup_bmc_device(struct kref *ref) 2916 { 2917 struct bmc_device *bmc = container_of(ref, struct bmc_device, usecount); 2918 2919 /* 2920 * Remove the platform device in a work queue to avoid issues 2921 * with removing the device attributes while reading a device 2922 * attribute. 2923 */ 2924 schedule_work(&bmc->remove_work); 2925 } 2926 2927 /* 2928 * Must be called with intf->bmc_reg_mutex held. 2929 */ 2930 static void __ipmi_bmc_unregister(struct ipmi_smi *intf) 2931 { 2932 struct bmc_device *bmc = intf->bmc; 2933 2934 if (!intf->bmc_registered) 2935 return; 2936 2937 sysfs_remove_link(&intf->si_dev->kobj, "bmc"); 2938 sysfs_remove_link(&bmc->pdev.dev.kobj, intf->my_dev_name); 2939 kfree(intf->my_dev_name); 2940 intf->my_dev_name = NULL; 2941 2942 mutex_lock(&bmc->dyn_mutex); 2943 list_del(&intf->bmc_link); 2944 mutex_unlock(&bmc->dyn_mutex); 2945 intf->bmc = &intf->tmp_bmc; 2946 kref_put(&bmc->usecount, cleanup_bmc_device); 2947 intf->bmc_registered = false; 2948 } 2949 2950 static void ipmi_bmc_unregister(struct ipmi_smi *intf) 2951 { 2952 mutex_lock(&intf->bmc_reg_mutex); 2953 __ipmi_bmc_unregister(intf); 2954 mutex_unlock(&intf->bmc_reg_mutex); 2955 } 2956 2957 /* 2958 * Must be called with intf->bmc_reg_mutex held. 2959 */ 2960 static int __ipmi_bmc_register(struct ipmi_smi *intf, 2961 struct ipmi_device_id *id, 2962 bool guid_set, guid_t *guid, int intf_num) 2963 { 2964 int rv; 2965 struct bmc_device *bmc; 2966 struct bmc_device *old_bmc; 2967 2968 /* 2969 * platform_device_register() can cause bmc_reg_mutex to 2970 * be claimed because of the is_visible functions of 2971 * the attributes. Eliminate possible recursion and 2972 * release the lock. 2973 */ 2974 intf->in_bmc_register = true; 2975 mutex_unlock(&intf->bmc_reg_mutex); 2976 2977 /* 2978 * Try to find if there is an bmc_device struct 2979 * representing the interfaced BMC already 2980 */ 2981 mutex_lock(&ipmidriver_mutex); 2982 if (guid_set) 2983 old_bmc = ipmi_find_bmc_guid(&ipmidriver.driver, guid); 2984 else 2985 old_bmc = ipmi_find_bmc_prod_dev_id(&ipmidriver.driver, 2986 id->product_id, 2987 id->device_id); 2988 2989 /* 2990 * If there is already an bmc_device, free the new one, 2991 * otherwise register the new BMC device 2992 */ 2993 if (old_bmc) { 2994 bmc = old_bmc; 2995 /* 2996 * Note: old_bmc already has usecount incremented by 2997 * the BMC find functions. 2998 */ 2999 intf->bmc = old_bmc; 3000 mutex_lock(&bmc->dyn_mutex); 3001 list_add_tail(&intf->bmc_link, &bmc->intfs); 3002 mutex_unlock(&bmc->dyn_mutex); 3003 3004 dev_info(intf->si_dev, 3005 "interfacing existing BMC (man_id: 0x%6.6x, prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n", 3006 bmc->id.manufacturer_id, 3007 bmc->id.product_id, 3008 bmc->id.device_id); 3009 } else { 3010 bmc = kzalloc(sizeof(*bmc), GFP_KERNEL); 3011 if (!bmc) { 3012 rv = -ENOMEM; 3013 goto out; 3014 } 3015 INIT_LIST_HEAD(&bmc->intfs); 3016 mutex_init(&bmc->dyn_mutex); 3017 INIT_WORK(&bmc->remove_work, cleanup_bmc_work); 3018 3019 bmc->id = *id; 3020 bmc->dyn_id_set = 1; 3021 bmc->dyn_guid_set = guid_set; 3022 bmc->guid = *guid; 3023 bmc->dyn_id_expiry = jiffies + IPMI_DYN_DEV_ID_EXPIRY; 3024 3025 bmc->pdev.name = "ipmi_bmc"; 3026 3027 rv = ida_simple_get(&ipmi_bmc_ida, 0, 0, GFP_KERNEL); 3028 if (rv < 0) { 3029 kfree(bmc); 3030 goto out; 3031 } 3032 3033 bmc->pdev.dev.driver = &ipmidriver.driver; 3034 bmc->pdev.id = rv; 3035 bmc->pdev.dev.release = release_bmc_device; 3036 bmc->pdev.dev.type = &bmc_device_type; 3037 kref_init(&bmc->usecount); 3038 3039 intf->bmc = bmc; 3040 mutex_lock(&bmc->dyn_mutex); 3041 list_add_tail(&intf->bmc_link, &bmc->intfs); 3042 mutex_unlock(&bmc->dyn_mutex); 3043 3044 rv = platform_device_register(&bmc->pdev); 3045 if (rv) { 3046 dev_err(intf->si_dev, 3047 "Unable to register bmc device: %d\n", 3048 rv); 3049 goto out_list_del; 3050 } 3051 3052 dev_info(intf->si_dev, 3053 "Found new BMC (man_id: 0x%6.6x, prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n", 3054 bmc->id.manufacturer_id, 3055 bmc->id.product_id, 3056 bmc->id.device_id); 3057 } 3058 3059 /* 3060 * create symlink from system interface device to bmc device 3061 * and back. 3062 */ 3063 rv = sysfs_create_link(&intf->si_dev->kobj, &bmc->pdev.dev.kobj, "bmc"); 3064 if (rv) { 3065 dev_err(intf->si_dev, "Unable to create bmc symlink: %d\n", rv); 3066 goto out_put_bmc; 3067 } 3068 3069 if (intf_num == -1) 3070 intf_num = intf->intf_num; 3071 intf->my_dev_name = kasprintf(GFP_KERNEL, "ipmi%d", intf_num); 3072 if (!intf->my_dev_name) { 3073 rv = -ENOMEM; 3074 dev_err(intf->si_dev, "Unable to allocate link from BMC: %d\n", 3075 rv); 3076 goto out_unlink1; 3077 } 3078 3079 rv = sysfs_create_link(&bmc->pdev.dev.kobj, &intf->si_dev->kobj, 3080 intf->my_dev_name); 3081 if (rv) { 3082 kfree(intf->my_dev_name); 3083 intf->my_dev_name = NULL; 3084 dev_err(intf->si_dev, "Unable to create symlink to bmc: %d\n", 3085 rv); 3086 goto out_free_my_dev_name; 3087 } 3088 3089 intf->bmc_registered = true; 3090 3091 out: 3092 mutex_unlock(&ipmidriver_mutex); 3093 mutex_lock(&intf->bmc_reg_mutex); 3094 intf->in_bmc_register = false; 3095 return rv; 3096 3097 3098 out_free_my_dev_name: 3099 kfree(intf->my_dev_name); 3100 intf->my_dev_name = NULL; 3101 3102 out_unlink1: 3103 sysfs_remove_link(&intf->si_dev->kobj, "bmc"); 3104 3105 out_put_bmc: 3106 mutex_lock(&bmc->dyn_mutex); 3107 list_del(&intf->bmc_link); 3108 mutex_unlock(&bmc->dyn_mutex); 3109 intf->bmc = &intf->tmp_bmc; 3110 kref_put(&bmc->usecount, cleanup_bmc_device); 3111 goto out; 3112 3113 out_list_del: 3114 mutex_lock(&bmc->dyn_mutex); 3115 list_del(&intf->bmc_link); 3116 mutex_unlock(&bmc->dyn_mutex); 3117 intf->bmc = &intf->tmp_bmc; 3118 put_device(&bmc->pdev.dev); 3119 goto out; 3120 } 3121 3122 static int 3123 send_guid_cmd(struct ipmi_smi *intf, int chan) 3124 { 3125 struct kernel_ipmi_msg msg; 3126 struct ipmi_system_interface_addr si; 3127 3128 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 3129 si.channel = IPMI_BMC_CHANNEL; 3130 si.lun = 0; 3131 3132 msg.netfn = IPMI_NETFN_APP_REQUEST; 3133 msg.cmd = IPMI_GET_DEVICE_GUID_CMD; 3134 msg.data = NULL; 3135 msg.data_len = 0; 3136 return i_ipmi_request(NULL, 3137 intf, 3138 (struct ipmi_addr *) &si, 3139 0, 3140 &msg, 3141 intf, 3142 NULL, 3143 NULL, 3144 0, 3145 intf->addrinfo[0].address, 3146 intf->addrinfo[0].lun, 3147 -1, 0); 3148 } 3149 3150 static void guid_handler(struct ipmi_smi *intf, struct ipmi_recv_msg *msg) 3151 { 3152 struct bmc_device *bmc = intf->bmc; 3153 3154 if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 3155 || (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE) 3156 || (msg->msg.cmd != IPMI_GET_DEVICE_GUID_CMD)) 3157 /* Not for me */ 3158 return; 3159 3160 if (msg->msg.data[0] != 0) { 3161 /* Error from getting the GUID, the BMC doesn't have one. */ 3162 bmc->dyn_guid_set = 0; 3163 goto out; 3164 } 3165 3166 if (msg->msg.data_len < UUID_SIZE + 1) { 3167 bmc->dyn_guid_set = 0; 3168 dev_warn(intf->si_dev, 3169 "The GUID response from the BMC was too short, it was %d but should have been %d. Assuming GUID is not available.\n", 3170 msg->msg.data_len, UUID_SIZE + 1); 3171 goto out; 3172 } 3173 3174 guid_copy(&bmc->fetch_guid, (guid_t *)(msg->msg.data + 1)); 3175 /* 3176 * Make sure the guid data is available before setting 3177 * dyn_guid_set. 3178 */ 3179 smp_wmb(); 3180 bmc->dyn_guid_set = 1; 3181 out: 3182 wake_up(&intf->waitq); 3183 } 3184 3185 static void __get_guid(struct ipmi_smi *intf) 3186 { 3187 int rv; 3188 struct bmc_device *bmc = intf->bmc; 3189 3190 bmc->dyn_guid_set = 2; 3191 intf->null_user_handler = guid_handler; 3192 rv = send_guid_cmd(intf, 0); 3193 if (rv) 3194 /* Send failed, no GUID available. */ 3195 bmc->dyn_guid_set = 0; 3196 else 3197 wait_event(intf->waitq, bmc->dyn_guid_set != 2); 3198 3199 /* dyn_guid_set makes the guid data available. */ 3200 smp_rmb(); 3201 3202 intf->null_user_handler = NULL; 3203 } 3204 3205 static int 3206 send_channel_info_cmd(struct ipmi_smi *intf, int chan) 3207 { 3208 struct kernel_ipmi_msg msg; 3209 unsigned char data[1]; 3210 struct ipmi_system_interface_addr si; 3211 3212 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 3213 si.channel = IPMI_BMC_CHANNEL; 3214 si.lun = 0; 3215 3216 msg.netfn = IPMI_NETFN_APP_REQUEST; 3217 msg.cmd = IPMI_GET_CHANNEL_INFO_CMD; 3218 msg.data = data; 3219 msg.data_len = 1; 3220 data[0] = chan; 3221 return i_ipmi_request(NULL, 3222 intf, 3223 (struct ipmi_addr *) &si, 3224 0, 3225 &msg, 3226 intf, 3227 NULL, 3228 NULL, 3229 0, 3230 intf->addrinfo[0].address, 3231 intf->addrinfo[0].lun, 3232 -1, 0); 3233 } 3234 3235 static void 3236 channel_handler(struct ipmi_smi *intf, struct ipmi_recv_msg *msg) 3237 { 3238 int rv = 0; 3239 int ch; 3240 unsigned int set = intf->curr_working_cset; 3241 struct ipmi_channel *chans; 3242 3243 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 3244 && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE) 3245 && (msg->msg.cmd == IPMI_GET_CHANNEL_INFO_CMD)) { 3246 /* It's the one we want */ 3247 if (msg->msg.data[0] != 0) { 3248 /* Got an error from the channel, just go on. */ 3249 3250 if (msg->msg.data[0] == IPMI_INVALID_COMMAND_ERR) { 3251 /* 3252 * If the MC does not support this 3253 * command, that is legal. We just 3254 * assume it has one IPMB at channel 3255 * zero. 3256 */ 3257 intf->wchannels[set].c[0].medium 3258 = IPMI_CHANNEL_MEDIUM_IPMB; 3259 intf->wchannels[set].c[0].protocol 3260 = IPMI_CHANNEL_PROTOCOL_IPMB; 3261 3262 intf->channel_list = intf->wchannels + set; 3263 intf->channels_ready = true; 3264 wake_up(&intf->waitq); 3265 goto out; 3266 } 3267 goto next_channel; 3268 } 3269 if (msg->msg.data_len < 4) { 3270 /* Message not big enough, just go on. */ 3271 goto next_channel; 3272 } 3273 ch = intf->curr_channel; 3274 chans = intf->wchannels[set].c; 3275 chans[ch].medium = msg->msg.data[2] & 0x7f; 3276 chans[ch].protocol = msg->msg.data[3] & 0x1f; 3277 3278 next_channel: 3279 intf->curr_channel++; 3280 if (intf->curr_channel >= IPMI_MAX_CHANNELS) { 3281 intf->channel_list = intf->wchannels + set; 3282 intf->channels_ready = true; 3283 wake_up(&intf->waitq); 3284 } else { 3285 intf->channel_list = intf->wchannels + set; 3286 intf->channels_ready = true; 3287 rv = send_channel_info_cmd(intf, intf->curr_channel); 3288 } 3289 3290 if (rv) { 3291 /* Got an error somehow, just give up. */ 3292 dev_warn(intf->si_dev, 3293 "Error sending channel information for channel %d: %d\n", 3294 intf->curr_channel, rv); 3295 3296 intf->channel_list = intf->wchannels + set; 3297 intf->channels_ready = true; 3298 wake_up(&intf->waitq); 3299 } 3300 } 3301 out: 3302 return; 3303 } 3304 3305 /* 3306 * Must be holding intf->bmc_reg_mutex to call this. 3307 */ 3308 static int __scan_channels(struct ipmi_smi *intf, struct ipmi_device_id *id) 3309 { 3310 int rv; 3311 3312 if (ipmi_version_major(id) > 1 3313 || (ipmi_version_major(id) == 1 3314 && ipmi_version_minor(id) >= 5)) { 3315 unsigned int set; 3316 3317 /* 3318 * Start scanning the channels to see what is 3319 * available. 3320 */ 3321 set = !intf->curr_working_cset; 3322 intf->curr_working_cset = set; 3323 memset(&intf->wchannels[set], 0, 3324 sizeof(struct ipmi_channel_set)); 3325 3326 intf->null_user_handler = channel_handler; 3327 intf->curr_channel = 0; 3328 rv = send_channel_info_cmd(intf, 0); 3329 if (rv) { 3330 dev_warn(intf->si_dev, 3331 "Error sending channel information for channel 0, %d\n", 3332 rv); 3333 return -EIO; 3334 } 3335 3336 /* Wait for the channel info to be read. */ 3337 wait_event(intf->waitq, intf->channels_ready); 3338 intf->null_user_handler = NULL; 3339 } else { 3340 unsigned int set = intf->curr_working_cset; 3341 3342 /* Assume a single IPMB channel at zero. */ 3343 intf->wchannels[set].c[0].medium = IPMI_CHANNEL_MEDIUM_IPMB; 3344 intf->wchannels[set].c[0].protocol = IPMI_CHANNEL_PROTOCOL_IPMB; 3345 intf->channel_list = intf->wchannels + set; 3346 intf->channels_ready = true; 3347 } 3348 3349 return 0; 3350 } 3351 3352 static void ipmi_poll(struct ipmi_smi *intf) 3353 { 3354 if (intf->handlers->poll) 3355 intf->handlers->poll(intf->send_info); 3356 /* In case something came in */ 3357 handle_new_recv_msgs(intf); 3358 } 3359 3360 void ipmi_poll_interface(struct ipmi_user *user) 3361 { 3362 ipmi_poll(user->intf); 3363 } 3364 EXPORT_SYMBOL(ipmi_poll_interface); 3365 3366 static void redo_bmc_reg(struct work_struct *work) 3367 { 3368 struct ipmi_smi *intf = container_of(work, struct ipmi_smi, 3369 bmc_reg_work); 3370 3371 if (!intf->in_shutdown) 3372 bmc_get_device_id(intf, NULL, NULL, NULL, NULL); 3373 3374 kref_put(&intf->refcount, intf_free); 3375 } 3376 3377 int ipmi_add_smi(struct module *owner, 3378 const struct ipmi_smi_handlers *handlers, 3379 void *send_info, 3380 struct device *si_dev, 3381 unsigned char slave_addr) 3382 { 3383 int i, j; 3384 int rv; 3385 struct ipmi_smi *intf, *tintf; 3386 struct list_head *link; 3387 struct ipmi_device_id id; 3388 3389 /* 3390 * Make sure the driver is actually initialized, this handles 3391 * problems with initialization order. 3392 */ 3393 rv = ipmi_init_msghandler(); 3394 if (rv) 3395 return rv; 3396 3397 intf = kzalloc(sizeof(*intf), GFP_KERNEL); 3398 if (!intf) 3399 return -ENOMEM; 3400 3401 rv = init_srcu_struct(&intf->users_srcu); 3402 if (rv) { 3403 kfree(intf); 3404 return rv; 3405 } 3406 3407 intf->owner = owner; 3408 intf->bmc = &intf->tmp_bmc; 3409 INIT_LIST_HEAD(&intf->bmc->intfs); 3410 mutex_init(&intf->bmc->dyn_mutex); 3411 INIT_LIST_HEAD(&intf->bmc_link); 3412 mutex_init(&intf->bmc_reg_mutex); 3413 intf->intf_num = -1; /* Mark it invalid for now. */ 3414 kref_init(&intf->refcount); 3415 INIT_WORK(&intf->bmc_reg_work, redo_bmc_reg); 3416 intf->si_dev = si_dev; 3417 for (j = 0; j < IPMI_MAX_CHANNELS; j++) { 3418 intf->addrinfo[j].address = IPMI_BMC_SLAVE_ADDR; 3419 intf->addrinfo[j].lun = 2; 3420 } 3421 if (slave_addr != 0) 3422 intf->addrinfo[0].address = slave_addr; 3423 INIT_LIST_HEAD(&intf->users); 3424 intf->handlers = handlers; 3425 intf->send_info = send_info; 3426 spin_lock_init(&intf->seq_lock); 3427 for (j = 0; j < IPMI_IPMB_NUM_SEQ; j++) { 3428 intf->seq_table[j].inuse = 0; 3429 intf->seq_table[j].seqid = 0; 3430 } 3431 intf->curr_seq = 0; 3432 spin_lock_init(&intf->waiting_rcv_msgs_lock); 3433 INIT_LIST_HEAD(&intf->waiting_rcv_msgs); 3434 tasklet_init(&intf->recv_tasklet, 3435 smi_recv_tasklet, 3436 (unsigned long) intf); 3437 atomic_set(&intf->watchdog_pretimeouts_to_deliver, 0); 3438 spin_lock_init(&intf->xmit_msgs_lock); 3439 INIT_LIST_HEAD(&intf->xmit_msgs); 3440 INIT_LIST_HEAD(&intf->hp_xmit_msgs); 3441 spin_lock_init(&intf->events_lock); 3442 spin_lock_init(&intf->watch_lock); 3443 atomic_set(&intf->event_waiters, 0); 3444 intf->ticks_to_req_ev = IPMI_REQUEST_EV_TIME; 3445 INIT_LIST_HEAD(&intf->waiting_events); 3446 intf->waiting_events_count = 0; 3447 mutex_init(&intf->cmd_rcvrs_mutex); 3448 spin_lock_init(&intf->maintenance_mode_lock); 3449 INIT_LIST_HEAD(&intf->cmd_rcvrs); 3450 init_waitqueue_head(&intf->waitq); 3451 for (i = 0; i < IPMI_NUM_STATS; i++) 3452 atomic_set(&intf->stats[i], 0); 3453 3454 mutex_lock(&ipmi_interfaces_mutex); 3455 /* Look for a hole in the numbers. */ 3456 i = 0; 3457 link = &ipmi_interfaces; 3458 list_for_each_entry_rcu(tintf, &ipmi_interfaces, link, 3459 ipmi_interfaces_mutex_held()) { 3460 if (tintf->intf_num != i) { 3461 link = &tintf->link; 3462 break; 3463 } 3464 i++; 3465 } 3466 /* Add the new interface in numeric order. */ 3467 if (i == 0) 3468 list_add_rcu(&intf->link, &ipmi_interfaces); 3469 else 3470 list_add_tail_rcu(&intf->link, link); 3471 3472 rv = handlers->start_processing(send_info, intf); 3473 if (rv) 3474 goto out_err; 3475 3476 rv = __bmc_get_device_id(intf, NULL, &id, NULL, NULL, i); 3477 if (rv) { 3478 dev_err(si_dev, "Unable to get the device id: %d\n", rv); 3479 goto out_err_started; 3480 } 3481 3482 mutex_lock(&intf->bmc_reg_mutex); 3483 rv = __scan_channels(intf, &id); 3484 mutex_unlock(&intf->bmc_reg_mutex); 3485 if (rv) 3486 goto out_err_bmc_reg; 3487 3488 /* 3489 * Keep memory order straight for RCU readers. Make 3490 * sure everything else is committed to memory before 3491 * setting intf_num to mark the interface valid. 3492 */ 3493 smp_wmb(); 3494 intf->intf_num = i; 3495 mutex_unlock(&ipmi_interfaces_mutex); 3496 3497 /* After this point the interface is legal to use. */ 3498 call_smi_watchers(i, intf->si_dev); 3499 3500 return 0; 3501 3502 out_err_bmc_reg: 3503 ipmi_bmc_unregister(intf); 3504 out_err_started: 3505 if (intf->handlers->shutdown) 3506 intf->handlers->shutdown(intf->send_info); 3507 out_err: 3508 list_del_rcu(&intf->link); 3509 mutex_unlock(&ipmi_interfaces_mutex); 3510 synchronize_srcu(&ipmi_interfaces_srcu); 3511 cleanup_srcu_struct(&intf->users_srcu); 3512 kref_put(&intf->refcount, intf_free); 3513 3514 return rv; 3515 } 3516 EXPORT_SYMBOL(ipmi_add_smi); 3517 3518 static void deliver_smi_err_response(struct ipmi_smi *intf, 3519 struct ipmi_smi_msg *msg, 3520 unsigned char err) 3521 { 3522 msg->rsp[0] = msg->data[0] | 4; 3523 msg->rsp[1] = msg->data[1]; 3524 msg->rsp[2] = err; 3525 msg->rsp_size = 3; 3526 /* It's an error, so it will never requeue, no need to check return. */ 3527 handle_one_recv_msg(intf, msg); 3528 } 3529 3530 static void cleanup_smi_msgs(struct ipmi_smi *intf) 3531 { 3532 int i; 3533 struct seq_table *ent; 3534 struct ipmi_smi_msg *msg; 3535 struct list_head *entry; 3536 struct list_head tmplist; 3537 3538 /* Clear out our transmit queues and hold the messages. */ 3539 INIT_LIST_HEAD(&tmplist); 3540 list_splice_tail(&intf->hp_xmit_msgs, &tmplist); 3541 list_splice_tail(&intf->xmit_msgs, &tmplist); 3542 3543 /* Current message first, to preserve order */ 3544 while (intf->curr_msg && !list_empty(&intf->waiting_rcv_msgs)) { 3545 /* Wait for the message to clear out. */ 3546 schedule_timeout(1); 3547 } 3548 3549 /* No need for locks, the interface is down. */ 3550 3551 /* 3552 * Return errors for all pending messages in queue and in the 3553 * tables waiting for remote responses. 3554 */ 3555 while (!list_empty(&tmplist)) { 3556 entry = tmplist.next; 3557 list_del(entry); 3558 msg = list_entry(entry, struct ipmi_smi_msg, link); 3559 deliver_smi_err_response(intf, msg, IPMI_ERR_UNSPECIFIED); 3560 } 3561 3562 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) { 3563 ent = &intf->seq_table[i]; 3564 if (!ent->inuse) 3565 continue; 3566 deliver_err_response(intf, ent->recv_msg, IPMI_ERR_UNSPECIFIED); 3567 } 3568 } 3569 3570 void ipmi_unregister_smi(struct ipmi_smi *intf) 3571 { 3572 struct ipmi_smi_watcher *w; 3573 int intf_num = intf->intf_num, index; 3574 3575 mutex_lock(&ipmi_interfaces_mutex); 3576 intf->intf_num = -1; 3577 intf->in_shutdown = true; 3578 list_del_rcu(&intf->link); 3579 mutex_unlock(&ipmi_interfaces_mutex); 3580 synchronize_srcu(&ipmi_interfaces_srcu); 3581 3582 /* At this point no users can be added to the interface. */ 3583 3584 /* 3585 * Call all the watcher interfaces to tell them that 3586 * an interface is going away. 3587 */ 3588 mutex_lock(&smi_watchers_mutex); 3589 list_for_each_entry(w, &smi_watchers, link) 3590 w->smi_gone(intf_num); 3591 mutex_unlock(&smi_watchers_mutex); 3592 3593 index = srcu_read_lock(&intf->users_srcu); 3594 while (!list_empty(&intf->users)) { 3595 struct ipmi_user *user = 3596 container_of(list_next_rcu(&intf->users), 3597 struct ipmi_user, link); 3598 3599 _ipmi_destroy_user(user); 3600 } 3601 srcu_read_unlock(&intf->users_srcu, index); 3602 3603 if (intf->handlers->shutdown) 3604 intf->handlers->shutdown(intf->send_info); 3605 3606 cleanup_smi_msgs(intf); 3607 3608 ipmi_bmc_unregister(intf); 3609 3610 cleanup_srcu_struct(&intf->users_srcu); 3611 kref_put(&intf->refcount, intf_free); 3612 } 3613 EXPORT_SYMBOL(ipmi_unregister_smi); 3614 3615 static int handle_ipmb_get_msg_rsp(struct ipmi_smi *intf, 3616 struct ipmi_smi_msg *msg) 3617 { 3618 struct ipmi_ipmb_addr ipmb_addr; 3619 struct ipmi_recv_msg *recv_msg; 3620 3621 /* 3622 * This is 11, not 10, because the response must contain a 3623 * completion code. 3624 */ 3625 if (msg->rsp_size < 11) { 3626 /* Message not big enough, just ignore it. */ 3627 ipmi_inc_stat(intf, invalid_ipmb_responses); 3628 return 0; 3629 } 3630 3631 if (msg->rsp[2] != 0) { 3632 /* An error getting the response, just ignore it. */ 3633 return 0; 3634 } 3635 3636 ipmb_addr.addr_type = IPMI_IPMB_ADDR_TYPE; 3637 ipmb_addr.slave_addr = msg->rsp[6]; 3638 ipmb_addr.channel = msg->rsp[3] & 0x0f; 3639 ipmb_addr.lun = msg->rsp[7] & 3; 3640 3641 /* 3642 * It's a response from a remote entity. Look up the sequence 3643 * number and handle the response. 3644 */ 3645 if (intf_find_seq(intf, 3646 msg->rsp[7] >> 2, 3647 msg->rsp[3] & 0x0f, 3648 msg->rsp[8], 3649 (msg->rsp[4] >> 2) & (~1), 3650 (struct ipmi_addr *) &ipmb_addr, 3651 &recv_msg)) { 3652 /* 3653 * We were unable to find the sequence number, 3654 * so just nuke the message. 3655 */ 3656 ipmi_inc_stat(intf, unhandled_ipmb_responses); 3657 return 0; 3658 } 3659 3660 memcpy(recv_msg->msg_data, &msg->rsp[9], msg->rsp_size - 9); 3661 /* 3662 * The other fields matched, so no need to set them, except 3663 * for netfn, which needs to be the response that was 3664 * returned, not the request value. 3665 */ 3666 recv_msg->msg.netfn = msg->rsp[4] >> 2; 3667 recv_msg->msg.data = recv_msg->msg_data; 3668 recv_msg->msg.data_len = msg->rsp_size - 10; 3669 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 3670 if (deliver_response(intf, recv_msg)) 3671 ipmi_inc_stat(intf, unhandled_ipmb_responses); 3672 else 3673 ipmi_inc_stat(intf, handled_ipmb_responses); 3674 3675 return 0; 3676 } 3677 3678 static int handle_ipmb_get_msg_cmd(struct ipmi_smi *intf, 3679 struct ipmi_smi_msg *msg) 3680 { 3681 struct cmd_rcvr *rcvr; 3682 int rv = 0; 3683 unsigned char netfn; 3684 unsigned char cmd; 3685 unsigned char chan; 3686 struct ipmi_user *user = NULL; 3687 struct ipmi_ipmb_addr *ipmb_addr; 3688 struct ipmi_recv_msg *recv_msg; 3689 3690 if (msg->rsp_size < 10) { 3691 /* Message not big enough, just ignore it. */ 3692 ipmi_inc_stat(intf, invalid_commands); 3693 return 0; 3694 } 3695 3696 if (msg->rsp[2] != 0) { 3697 /* An error getting the response, just ignore it. */ 3698 return 0; 3699 } 3700 3701 netfn = msg->rsp[4] >> 2; 3702 cmd = msg->rsp[8]; 3703 chan = msg->rsp[3] & 0xf; 3704 3705 rcu_read_lock(); 3706 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan); 3707 if (rcvr) { 3708 user = rcvr->user; 3709 kref_get(&user->refcount); 3710 } else 3711 user = NULL; 3712 rcu_read_unlock(); 3713 3714 if (user == NULL) { 3715 /* We didn't find a user, deliver an error response. */ 3716 ipmi_inc_stat(intf, unhandled_commands); 3717 3718 msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2); 3719 msg->data[1] = IPMI_SEND_MSG_CMD; 3720 msg->data[2] = msg->rsp[3]; 3721 msg->data[3] = msg->rsp[6]; 3722 msg->data[4] = ((netfn + 1) << 2) | (msg->rsp[7] & 0x3); 3723 msg->data[5] = ipmb_checksum(&msg->data[3], 2); 3724 msg->data[6] = intf->addrinfo[msg->rsp[3] & 0xf].address; 3725 /* rqseq/lun */ 3726 msg->data[7] = (msg->rsp[7] & 0xfc) | (msg->rsp[4] & 0x3); 3727 msg->data[8] = msg->rsp[8]; /* cmd */ 3728 msg->data[9] = IPMI_INVALID_CMD_COMPLETION_CODE; 3729 msg->data[10] = ipmb_checksum(&msg->data[6], 4); 3730 msg->data_size = 11; 3731 3732 pr_debug("Invalid command: %*ph\n", msg->data_size, msg->data); 3733 3734 rcu_read_lock(); 3735 if (!intf->in_shutdown) { 3736 smi_send(intf, intf->handlers, msg, 0); 3737 /* 3738 * We used the message, so return the value 3739 * that causes it to not be freed or 3740 * queued. 3741 */ 3742 rv = -1; 3743 } 3744 rcu_read_unlock(); 3745 } else { 3746 recv_msg = ipmi_alloc_recv_msg(); 3747 if (!recv_msg) { 3748 /* 3749 * We couldn't allocate memory for the 3750 * message, so requeue it for handling 3751 * later. 3752 */ 3753 rv = 1; 3754 kref_put(&user->refcount, free_user); 3755 } else { 3756 /* Extract the source address from the data. */ 3757 ipmb_addr = (struct ipmi_ipmb_addr *) &recv_msg->addr; 3758 ipmb_addr->addr_type = IPMI_IPMB_ADDR_TYPE; 3759 ipmb_addr->slave_addr = msg->rsp[6]; 3760 ipmb_addr->lun = msg->rsp[7] & 3; 3761 ipmb_addr->channel = msg->rsp[3] & 0xf; 3762 3763 /* 3764 * Extract the rest of the message information 3765 * from the IPMB header. 3766 */ 3767 recv_msg->user = user; 3768 recv_msg->recv_type = IPMI_CMD_RECV_TYPE; 3769 recv_msg->msgid = msg->rsp[7] >> 2; 3770 recv_msg->msg.netfn = msg->rsp[4] >> 2; 3771 recv_msg->msg.cmd = msg->rsp[8]; 3772 recv_msg->msg.data = recv_msg->msg_data; 3773 3774 /* 3775 * We chop off 10, not 9 bytes because the checksum 3776 * at the end also needs to be removed. 3777 */ 3778 recv_msg->msg.data_len = msg->rsp_size - 10; 3779 memcpy(recv_msg->msg_data, &msg->rsp[9], 3780 msg->rsp_size - 10); 3781 if (deliver_response(intf, recv_msg)) 3782 ipmi_inc_stat(intf, unhandled_commands); 3783 else 3784 ipmi_inc_stat(intf, handled_commands); 3785 } 3786 } 3787 3788 return rv; 3789 } 3790 3791 static int handle_lan_get_msg_rsp(struct ipmi_smi *intf, 3792 struct ipmi_smi_msg *msg) 3793 { 3794 struct ipmi_lan_addr lan_addr; 3795 struct ipmi_recv_msg *recv_msg; 3796 3797 3798 /* 3799 * This is 13, not 12, because the response must contain a 3800 * completion code. 3801 */ 3802 if (msg->rsp_size < 13) { 3803 /* Message not big enough, just ignore it. */ 3804 ipmi_inc_stat(intf, invalid_lan_responses); 3805 return 0; 3806 } 3807 3808 if (msg->rsp[2] != 0) { 3809 /* An error getting the response, just ignore it. */ 3810 return 0; 3811 } 3812 3813 lan_addr.addr_type = IPMI_LAN_ADDR_TYPE; 3814 lan_addr.session_handle = msg->rsp[4]; 3815 lan_addr.remote_SWID = msg->rsp[8]; 3816 lan_addr.local_SWID = msg->rsp[5]; 3817 lan_addr.channel = msg->rsp[3] & 0x0f; 3818 lan_addr.privilege = msg->rsp[3] >> 4; 3819 lan_addr.lun = msg->rsp[9] & 3; 3820 3821 /* 3822 * It's a response from a remote entity. Look up the sequence 3823 * number and handle the response. 3824 */ 3825 if (intf_find_seq(intf, 3826 msg->rsp[9] >> 2, 3827 msg->rsp[3] & 0x0f, 3828 msg->rsp[10], 3829 (msg->rsp[6] >> 2) & (~1), 3830 (struct ipmi_addr *) &lan_addr, 3831 &recv_msg)) { 3832 /* 3833 * We were unable to find the sequence number, 3834 * so just nuke the message. 3835 */ 3836 ipmi_inc_stat(intf, unhandled_lan_responses); 3837 return 0; 3838 } 3839 3840 memcpy(recv_msg->msg_data, &msg->rsp[11], msg->rsp_size - 11); 3841 /* 3842 * The other fields matched, so no need to set them, except 3843 * for netfn, which needs to be the response that was 3844 * returned, not the request value. 3845 */ 3846 recv_msg->msg.netfn = msg->rsp[6] >> 2; 3847 recv_msg->msg.data = recv_msg->msg_data; 3848 recv_msg->msg.data_len = msg->rsp_size - 12; 3849 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 3850 if (deliver_response(intf, recv_msg)) 3851 ipmi_inc_stat(intf, unhandled_lan_responses); 3852 else 3853 ipmi_inc_stat(intf, handled_lan_responses); 3854 3855 return 0; 3856 } 3857 3858 static int handle_lan_get_msg_cmd(struct ipmi_smi *intf, 3859 struct ipmi_smi_msg *msg) 3860 { 3861 struct cmd_rcvr *rcvr; 3862 int rv = 0; 3863 unsigned char netfn; 3864 unsigned char cmd; 3865 unsigned char chan; 3866 struct ipmi_user *user = NULL; 3867 struct ipmi_lan_addr *lan_addr; 3868 struct ipmi_recv_msg *recv_msg; 3869 3870 if (msg->rsp_size < 12) { 3871 /* Message not big enough, just ignore it. */ 3872 ipmi_inc_stat(intf, invalid_commands); 3873 return 0; 3874 } 3875 3876 if (msg->rsp[2] != 0) { 3877 /* An error getting the response, just ignore it. */ 3878 return 0; 3879 } 3880 3881 netfn = msg->rsp[6] >> 2; 3882 cmd = msg->rsp[10]; 3883 chan = msg->rsp[3] & 0xf; 3884 3885 rcu_read_lock(); 3886 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan); 3887 if (rcvr) { 3888 user = rcvr->user; 3889 kref_get(&user->refcount); 3890 } else 3891 user = NULL; 3892 rcu_read_unlock(); 3893 3894 if (user == NULL) { 3895 /* We didn't find a user, just give up. */ 3896 ipmi_inc_stat(intf, unhandled_commands); 3897 3898 /* 3899 * Don't do anything with these messages, just allow 3900 * them to be freed. 3901 */ 3902 rv = 0; 3903 } else { 3904 recv_msg = ipmi_alloc_recv_msg(); 3905 if (!recv_msg) { 3906 /* 3907 * We couldn't allocate memory for the 3908 * message, so requeue it for handling later. 3909 */ 3910 rv = 1; 3911 kref_put(&user->refcount, free_user); 3912 } else { 3913 /* Extract the source address from the data. */ 3914 lan_addr = (struct ipmi_lan_addr *) &recv_msg->addr; 3915 lan_addr->addr_type = IPMI_LAN_ADDR_TYPE; 3916 lan_addr->session_handle = msg->rsp[4]; 3917 lan_addr->remote_SWID = msg->rsp[8]; 3918 lan_addr->local_SWID = msg->rsp[5]; 3919 lan_addr->lun = msg->rsp[9] & 3; 3920 lan_addr->channel = msg->rsp[3] & 0xf; 3921 lan_addr->privilege = msg->rsp[3] >> 4; 3922 3923 /* 3924 * Extract the rest of the message information 3925 * from the IPMB header. 3926 */ 3927 recv_msg->user = user; 3928 recv_msg->recv_type = IPMI_CMD_RECV_TYPE; 3929 recv_msg->msgid = msg->rsp[9] >> 2; 3930 recv_msg->msg.netfn = msg->rsp[6] >> 2; 3931 recv_msg->msg.cmd = msg->rsp[10]; 3932 recv_msg->msg.data = recv_msg->msg_data; 3933 3934 /* 3935 * We chop off 12, not 11 bytes because the checksum 3936 * at the end also needs to be removed. 3937 */ 3938 recv_msg->msg.data_len = msg->rsp_size - 12; 3939 memcpy(recv_msg->msg_data, &msg->rsp[11], 3940 msg->rsp_size - 12); 3941 if (deliver_response(intf, recv_msg)) 3942 ipmi_inc_stat(intf, unhandled_commands); 3943 else 3944 ipmi_inc_stat(intf, handled_commands); 3945 } 3946 } 3947 3948 return rv; 3949 } 3950 3951 /* 3952 * This routine will handle "Get Message" command responses with 3953 * channels that use an OEM Medium. The message format belongs to 3954 * the OEM. See IPMI 2.0 specification, Chapter 6 and 3955 * Chapter 22, sections 22.6 and 22.24 for more details. 3956 */ 3957 static int handle_oem_get_msg_cmd(struct ipmi_smi *intf, 3958 struct ipmi_smi_msg *msg) 3959 { 3960 struct cmd_rcvr *rcvr; 3961 int rv = 0; 3962 unsigned char netfn; 3963 unsigned char cmd; 3964 unsigned char chan; 3965 struct ipmi_user *user = NULL; 3966 struct ipmi_system_interface_addr *smi_addr; 3967 struct ipmi_recv_msg *recv_msg; 3968 3969 /* 3970 * We expect the OEM SW to perform error checking 3971 * so we just do some basic sanity checks 3972 */ 3973 if (msg->rsp_size < 4) { 3974 /* Message not big enough, just ignore it. */ 3975 ipmi_inc_stat(intf, invalid_commands); 3976 return 0; 3977 } 3978 3979 if (msg->rsp[2] != 0) { 3980 /* An error getting the response, just ignore it. */ 3981 return 0; 3982 } 3983 3984 /* 3985 * This is an OEM Message so the OEM needs to know how 3986 * handle the message. We do no interpretation. 3987 */ 3988 netfn = msg->rsp[0] >> 2; 3989 cmd = msg->rsp[1]; 3990 chan = msg->rsp[3] & 0xf; 3991 3992 rcu_read_lock(); 3993 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan); 3994 if (rcvr) { 3995 user = rcvr->user; 3996 kref_get(&user->refcount); 3997 } else 3998 user = NULL; 3999 rcu_read_unlock(); 4000 4001 if (user == NULL) { 4002 /* We didn't find a user, just give up. */ 4003 ipmi_inc_stat(intf, unhandled_commands); 4004 4005 /* 4006 * Don't do anything with these messages, just allow 4007 * them to be freed. 4008 */ 4009 4010 rv = 0; 4011 } else { 4012 recv_msg = ipmi_alloc_recv_msg(); 4013 if (!recv_msg) { 4014 /* 4015 * We couldn't allocate memory for the 4016 * message, so requeue it for handling 4017 * later. 4018 */ 4019 rv = 1; 4020 kref_put(&user->refcount, free_user); 4021 } else { 4022 /* 4023 * OEM Messages are expected to be delivered via 4024 * the system interface to SMS software. We might 4025 * need to visit this again depending on OEM 4026 * requirements 4027 */ 4028 smi_addr = ((struct ipmi_system_interface_addr *) 4029 &recv_msg->addr); 4030 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 4031 smi_addr->channel = IPMI_BMC_CHANNEL; 4032 smi_addr->lun = msg->rsp[0] & 3; 4033 4034 recv_msg->user = user; 4035 recv_msg->user_msg_data = NULL; 4036 recv_msg->recv_type = IPMI_OEM_RECV_TYPE; 4037 recv_msg->msg.netfn = msg->rsp[0] >> 2; 4038 recv_msg->msg.cmd = msg->rsp[1]; 4039 recv_msg->msg.data = recv_msg->msg_data; 4040 4041 /* 4042 * The message starts at byte 4 which follows the 4043 * the Channel Byte in the "GET MESSAGE" command 4044 */ 4045 recv_msg->msg.data_len = msg->rsp_size - 4; 4046 memcpy(recv_msg->msg_data, &msg->rsp[4], 4047 msg->rsp_size - 4); 4048 if (deliver_response(intf, recv_msg)) 4049 ipmi_inc_stat(intf, unhandled_commands); 4050 else 4051 ipmi_inc_stat(intf, handled_commands); 4052 } 4053 } 4054 4055 return rv; 4056 } 4057 4058 static void copy_event_into_recv_msg(struct ipmi_recv_msg *recv_msg, 4059 struct ipmi_smi_msg *msg) 4060 { 4061 struct ipmi_system_interface_addr *smi_addr; 4062 4063 recv_msg->msgid = 0; 4064 smi_addr = (struct ipmi_system_interface_addr *) &recv_msg->addr; 4065 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 4066 smi_addr->channel = IPMI_BMC_CHANNEL; 4067 smi_addr->lun = msg->rsp[0] & 3; 4068 recv_msg->recv_type = IPMI_ASYNC_EVENT_RECV_TYPE; 4069 recv_msg->msg.netfn = msg->rsp[0] >> 2; 4070 recv_msg->msg.cmd = msg->rsp[1]; 4071 memcpy(recv_msg->msg_data, &msg->rsp[3], msg->rsp_size - 3); 4072 recv_msg->msg.data = recv_msg->msg_data; 4073 recv_msg->msg.data_len = msg->rsp_size - 3; 4074 } 4075 4076 static int handle_read_event_rsp(struct ipmi_smi *intf, 4077 struct ipmi_smi_msg *msg) 4078 { 4079 struct ipmi_recv_msg *recv_msg, *recv_msg2; 4080 struct list_head msgs; 4081 struct ipmi_user *user; 4082 int rv = 0, deliver_count = 0, index; 4083 unsigned long flags; 4084 4085 if (msg->rsp_size < 19) { 4086 /* Message is too small to be an IPMB event. */ 4087 ipmi_inc_stat(intf, invalid_events); 4088 return 0; 4089 } 4090 4091 if (msg->rsp[2] != 0) { 4092 /* An error getting the event, just ignore it. */ 4093 return 0; 4094 } 4095 4096 INIT_LIST_HEAD(&msgs); 4097 4098 spin_lock_irqsave(&intf->events_lock, flags); 4099 4100 ipmi_inc_stat(intf, events); 4101 4102 /* 4103 * Allocate and fill in one message for every user that is 4104 * getting events. 4105 */ 4106 index = srcu_read_lock(&intf->users_srcu); 4107 list_for_each_entry_rcu(user, &intf->users, link) { 4108 if (!user->gets_events) 4109 continue; 4110 4111 recv_msg = ipmi_alloc_recv_msg(); 4112 if (!recv_msg) { 4113 rcu_read_unlock(); 4114 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, 4115 link) { 4116 list_del(&recv_msg->link); 4117 ipmi_free_recv_msg(recv_msg); 4118 } 4119 /* 4120 * We couldn't allocate memory for the 4121 * message, so requeue it for handling 4122 * later. 4123 */ 4124 rv = 1; 4125 goto out; 4126 } 4127 4128 deliver_count++; 4129 4130 copy_event_into_recv_msg(recv_msg, msg); 4131 recv_msg->user = user; 4132 kref_get(&user->refcount); 4133 list_add_tail(&recv_msg->link, &msgs); 4134 } 4135 srcu_read_unlock(&intf->users_srcu, index); 4136 4137 if (deliver_count) { 4138 /* Now deliver all the messages. */ 4139 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) { 4140 list_del(&recv_msg->link); 4141 deliver_local_response(intf, recv_msg); 4142 } 4143 } else if (intf->waiting_events_count < MAX_EVENTS_IN_QUEUE) { 4144 /* 4145 * No one to receive the message, put it in queue if there's 4146 * not already too many things in the queue. 4147 */ 4148 recv_msg = ipmi_alloc_recv_msg(); 4149 if (!recv_msg) { 4150 /* 4151 * We couldn't allocate memory for the 4152 * message, so requeue it for handling 4153 * later. 4154 */ 4155 rv = 1; 4156 goto out; 4157 } 4158 4159 copy_event_into_recv_msg(recv_msg, msg); 4160 list_add_tail(&recv_msg->link, &intf->waiting_events); 4161 intf->waiting_events_count++; 4162 } else if (!intf->event_msg_printed) { 4163 /* 4164 * There's too many things in the queue, discard this 4165 * message. 4166 */ 4167 dev_warn(intf->si_dev, 4168 "Event queue full, discarding incoming events\n"); 4169 intf->event_msg_printed = 1; 4170 } 4171 4172 out: 4173 spin_unlock_irqrestore(&intf->events_lock, flags); 4174 4175 return rv; 4176 } 4177 4178 static int handle_bmc_rsp(struct ipmi_smi *intf, 4179 struct ipmi_smi_msg *msg) 4180 { 4181 struct ipmi_recv_msg *recv_msg; 4182 struct ipmi_system_interface_addr *smi_addr; 4183 4184 recv_msg = (struct ipmi_recv_msg *) msg->user_data; 4185 if (recv_msg == NULL) { 4186 dev_warn(intf->si_dev, 4187 "IPMI message received with no owner. This could be because of a malformed message, or because of a hardware error. Contact your hardware vendor for assistance.\n"); 4188 return 0; 4189 } 4190 4191 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 4192 recv_msg->msgid = msg->msgid; 4193 smi_addr = ((struct ipmi_system_interface_addr *) 4194 &recv_msg->addr); 4195 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 4196 smi_addr->channel = IPMI_BMC_CHANNEL; 4197 smi_addr->lun = msg->rsp[0] & 3; 4198 recv_msg->msg.netfn = msg->rsp[0] >> 2; 4199 recv_msg->msg.cmd = msg->rsp[1]; 4200 memcpy(recv_msg->msg_data, &msg->rsp[2], msg->rsp_size - 2); 4201 recv_msg->msg.data = recv_msg->msg_data; 4202 recv_msg->msg.data_len = msg->rsp_size - 2; 4203 deliver_local_response(intf, recv_msg); 4204 4205 return 0; 4206 } 4207 4208 /* 4209 * Handle a received message. Return 1 if the message should be requeued, 4210 * 0 if the message should be freed, or -1 if the message should not 4211 * be freed or requeued. 4212 */ 4213 static int handle_one_recv_msg(struct ipmi_smi *intf, 4214 struct ipmi_smi_msg *msg) 4215 { 4216 int requeue; 4217 int chan; 4218 4219 pr_debug("Recv: %*ph\n", msg->rsp_size, msg->rsp); 4220 4221 if ((msg->data_size >= 2) 4222 && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2)) 4223 && (msg->data[1] == IPMI_SEND_MSG_CMD) 4224 && (msg->user_data == NULL)) { 4225 4226 if (intf->in_shutdown) 4227 goto free_msg; 4228 4229 /* 4230 * This is the local response to a command send, start 4231 * the timer for these. The user_data will not be 4232 * NULL if this is a response send, and we will let 4233 * response sends just go through. 4234 */ 4235 4236 /* 4237 * Check for errors, if we get certain errors (ones 4238 * that mean basically we can try again later), we 4239 * ignore them and start the timer. Otherwise we 4240 * report the error immediately. 4241 */ 4242 if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0) 4243 && (msg->rsp[2] != IPMI_NODE_BUSY_ERR) 4244 && (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR) 4245 && (msg->rsp[2] != IPMI_BUS_ERR) 4246 && (msg->rsp[2] != IPMI_NAK_ON_WRITE_ERR)) { 4247 int ch = msg->rsp[3] & 0xf; 4248 struct ipmi_channel *chans; 4249 4250 /* Got an error sending the message, handle it. */ 4251 4252 chans = READ_ONCE(intf->channel_list)->c; 4253 if ((chans[ch].medium == IPMI_CHANNEL_MEDIUM_8023LAN) 4254 || (chans[ch].medium == IPMI_CHANNEL_MEDIUM_ASYNC)) 4255 ipmi_inc_stat(intf, sent_lan_command_errs); 4256 else 4257 ipmi_inc_stat(intf, sent_ipmb_command_errs); 4258 intf_err_seq(intf, msg->msgid, msg->rsp[2]); 4259 } else 4260 /* The message was sent, start the timer. */ 4261 intf_start_seq_timer(intf, msg->msgid); 4262 free_msg: 4263 requeue = 0; 4264 goto out; 4265 4266 } else if (msg->rsp_size < 2) { 4267 /* Message is too small to be correct. */ 4268 dev_warn(intf->si_dev, 4269 "BMC returned too small a message for netfn %x cmd %x, got %d bytes\n", 4270 (msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size); 4271 4272 /* Generate an error response for the message. */ 4273 msg->rsp[0] = msg->data[0] | (1 << 2); 4274 msg->rsp[1] = msg->data[1]; 4275 msg->rsp[2] = IPMI_ERR_UNSPECIFIED; 4276 msg->rsp_size = 3; 4277 } else if (((msg->rsp[0] >> 2) != ((msg->data[0] >> 2) | 1)) 4278 || (msg->rsp[1] != msg->data[1])) { 4279 /* 4280 * The NetFN and Command in the response is not even 4281 * marginally correct. 4282 */ 4283 dev_warn(intf->si_dev, 4284 "BMC returned incorrect response, expected netfn %x cmd %x, got netfn %x cmd %x\n", 4285 (msg->data[0] >> 2) | 1, msg->data[1], 4286 msg->rsp[0] >> 2, msg->rsp[1]); 4287 4288 /* Generate an error response for the message. */ 4289 msg->rsp[0] = msg->data[0] | (1 << 2); 4290 msg->rsp[1] = msg->data[1]; 4291 msg->rsp[2] = IPMI_ERR_UNSPECIFIED; 4292 msg->rsp_size = 3; 4293 } 4294 4295 if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2)) 4296 && (msg->rsp[1] == IPMI_SEND_MSG_CMD) 4297 && (msg->user_data != NULL)) { 4298 /* 4299 * It's a response to a response we sent. For this we 4300 * deliver a send message response to the user. 4301 */ 4302 struct ipmi_recv_msg *recv_msg = msg->user_data; 4303 4304 requeue = 0; 4305 if (msg->rsp_size < 2) 4306 /* Message is too small to be correct. */ 4307 goto out; 4308 4309 chan = msg->data[2] & 0x0f; 4310 if (chan >= IPMI_MAX_CHANNELS) 4311 /* Invalid channel number */ 4312 goto out; 4313 4314 if (!recv_msg) 4315 goto out; 4316 4317 recv_msg->recv_type = IPMI_RESPONSE_RESPONSE_TYPE; 4318 recv_msg->msg.data = recv_msg->msg_data; 4319 recv_msg->msg.data_len = 1; 4320 recv_msg->msg_data[0] = msg->rsp[2]; 4321 deliver_local_response(intf, recv_msg); 4322 } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2)) 4323 && (msg->rsp[1] == IPMI_GET_MSG_CMD)) { 4324 struct ipmi_channel *chans; 4325 4326 /* It's from the receive queue. */ 4327 chan = msg->rsp[3] & 0xf; 4328 if (chan >= IPMI_MAX_CHANNELS) { 4329 /* Invalid channel number */ 4330 requeue = 0; 4331 goto out; 4332 } 4333 4334 /* 4335 * We need to make sure the channels have been initialized. 4336 * The channel_handler routine will set the "curr_channel" 4337 * equal to or greater than IPMI_MAX_CHANNELS when all the 4338 * channels for this interface have been initialized. 4339 */ 4340 if (!intf->channels_ready) { 4341 requeue = 0; /* Throw the message away */ 4342 goto out; 4343 } 4344 4345 chans = READ_ONCE(intf->channel_list)->c; 4346 4347 switch (chans[chan].medium) { 4348 case IPMI_CHANNEL_MEDIUM_IPMB: 4349 if (msg->rsp[4] & 0x04) { 4350 /* 4351 * It's a response, so find the 4352 * requesting message and send it up. 4353 */ 4354 requeue = handle_ipmb_get_msg_rsp(intf, msg); 4355 } else { 4356 /* 4357 * It's a command to the SMS from some other 4358 * entity. Handle that. 4359 */ 4360 requeue = handle_ipmb_get_msg_cmd(intf, msg); 4361 } 4362 break; 4363 4364 case IPMI_CHANNEL_MEDIUM_8023LAN: 4365 case IPMI_CHANNEL_MEDIUM_ASYNC: 4366 if (msg->rsp[6] & 0x04) { 4367 /* 4368 * It's a response, so find the 4369 * requesting message and send it up. 4370 */ 4371 requeue = handle_lan_get_msg_rsp(intf, msg); 4372 } else { 4373 /* 4374 * It's a command to the SMS from some other 4375 * entity. Handle that. 4376 */ 4377 requeue = handle_lan_get_msg_cmd(intf, msg); 4378 } 4379 break; 4380 4381 default: 4382 /* Check for OEM Channels. Clients had better 4383 register for these commands. */ 4384 if ((chans[chan].medium >= IPMI_CHANNEL_MEDIUM_OEM_MIN) 4385 && (chans[chan].medium 4386 <= IPMI_CHANNEL_MEDIUM_OEM_MAX)) { 4387 requeue = handle_oem_get_msg_cmd(intf, msg); 4388 } else { 4389 /* 4390 * We don't handle the channel type, so just 4391 * free the message. 4392 */ 4393 requeue = 0; 4394 } 4395 } 4396 4397 } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2)) 4398 && (msg->rsp[1] == IPMI_READ_EVENT_MSG_BUFFER_CMD)) { 4399 /* It's an asynchronous event. */ 4400 requeue = handle_read_event_rsp(intf, msg); 4401 } else { 4402 /* It's a response from the local BMC. */ 4403 requeue = handle_bmc_rsp(intf, msg); 4404 } 4405 4406 out: 4407 return requeue; 4408 } 4409 4410 /* 4411 * If there are messages in the queue or pretimeouts, handle them. 4412 */ 4413 static void handle_new_recv_msgs(struct ipmi_smi *intf) 4414 { 4415 struct ipmi_smi_msg *smi_msg; 4416 unsigned long flags = 0; 4417 int rv; 4418 int run_to_completion = intf->run_to_completion; 4419 4420 /* See if any waiting messages need to be processed. */ 4421 if (!run_to_completion) 4422 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags); 4423 while (!list_empty(&intf->waiting_rcv_msgs)) { 4424 smi_msg = list_entry(intf->waiting_rcv_msgs.next, 4425 struct ipmi_smi_msg, link); 4426 list_del(&smi_msg->link); 4427 if (!run_to_completion) 4428 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock, 4429 flags); 4430 rv = handle_one_recv_msg(intf, smi_msg); 4431 if (!run_to_completion) 4432 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags); 4433 if (rv > 0) { 4434 /* 4435 * To preserve message order, quit if we 4436 * can't handle a message. Add the message 4437 * back at the head, this is safe because this 4438 * tasklet is the only thing that pulls the 4439 * messages. 4440 */ 4441 list_add(&smi_msg->link, &intf->waiting_rcv_msgs); 4442 break; 4443 } else { 4444 if (rv == 0) 4445 /* Message handled */ 4446 ipmi_free_smi_msg(smi_msg); 4447 /* If rv < 0, fatal error, del but don't free. */ 4448 } 4449 } 4450 if (!run_to_completion) 4451 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock, flags); 4452 4453 /* 4454 * If the pretimout count is non-zero, decrement one from it and 4455 * deliver pretimeouts to all the users. 4456 */ 4457 if (atomic_add_unless(&intf->watchdog_pretimeouts_to_deliver, -1, 0)) { 4458 struct ipmi_user *user; 4459 int index; 4460 4461 index = srcu_read_lock(&intf->users_srcu); 4462 list_for_each_entry_rcu(user, &intf->users, link) { 4463 if (user->handler->ipmi_watchdog_pretimeout) 4464 user->handler->ipmi_watchdog_pretimeout( 4465 user->handler_data); 4466 } 4467 srcu_read_unlock(&intf->users_srcu, index); 4468 } 4469 } 4470 4471 static void smi_recv_tasklet(unsigned long val) 4472 { 4473 unsigned long flags = 0; /* keep us warning-free. */ 4474 struct ipmi_smi *intf = (struct ipmi_smi *) val; 4475 int run_to_completion = intf->run_to_completion; 4476 struct ipmi_smi_msg *newmsg = NULL; 4477 4478 /* 4479 * Start the next message if available. 4480 * 4481 * Do this here, not in the actual receiver, because we may deadlock 4482 * because the lower layer is allowed to hold locks while calling 4483 * message delivery. 4484 */ 4485 4486 rcu_read_lock(); 4487 4488 if (!run_to_completion) 4489 spin_lock_irqsave(&intf->xmit_msgs_lock, flags); 4490 if (intf->curr_msg == NULL && !intf->in_shutdown) { 4491 struct list_head *entry = NULL; 4492 4493 /* Pick the high priority queue first. */ 4494 if (!list_empty(&intf->hp_xmit_msgs)) 4495 entry = intf->hp_xmit_msgs.next; 4496 else if (!list_empty(&intf->xmit_msgs)) 4497 entry = intf->xmit_msgs.next; 4498 4499 if (entry) { 4500 list_del(entry); 4501 newmsg = list_entry(entry, struct ipmi_smi_msg, link); 4502 intf->curr_msg = newmsg; 4503 } 4504 } 4505 4506 if (!run_to_completion) 4507 spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags); 4508 if (newmsg) 4509 intf->handlers->sender(intf->send_info, newmsg); 4510 4511 rcu_read_unlock(); 4512 4513 handle_new_recv_msgs(intf); 4514 } 4515 4516 /* Handle a new message from the lower layer. */ 4517 void ipmi_smi_msg_received(struct ipmi_smi *intf, 4518 struct ipmi_smi_msg *msg) 4519 { 4520 unsigned long flags = 0; /* keep us warning-free. */ 4521 int run_to_completion = intf->run_to_completion; 4522 4523 /* 4524 * To preserve message order, we keep a queue and deliver from 4525 * a tasklet. 4526 */ 4527 if (!run_to_completion) 4528 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags); 4529 list_add_tail(&msg->link, &intf->waiting_rcv_msgs); 4530 if (!run_to_completion) 4531 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock, 4532 flags); 4533 4534 if (!run_to_completion) 4535 spin_lock_irqsave(&intf->xmit_msgs_lock, flags); 4536 /* 4537 * We can get an asynchronous event or receive message in addition 4538 * to commands we send. 4539 */ 4540 if (msg == intf->curr_msg) 4541 intf->curr_msg = NULL; 4542 if (!run_to_completion) 4543 spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags); 4544 4545 if (run_to_completion) 4546 smi_recv_tasklet((unsigned long) intf); 4547 else 4548 tasklet_schedule(&intf->recv_tasklet); 4549 } 4550 EXPORT_SYMBOL(ipmi_smi_msg_received); 4551 4552 void ipmi_smi_watchdog_pretimeout(struct ipmi_smi *intf) 4553 { 4554 if (intf->in_shutdown) 4555 return; 4556 4557 atomic_set(&intf->watchdog_pretimeouts_to_deliver, 1); 4558 tasklet_schedule(&intf->recv_tasklet); 4559 } 4560 EXPORT_SYMBOL(ipmi_smi_watchdog_pretimeout); 4561 4562 static struct ipmi_smi_msg * 4563 smi_from_recv_msg(struct ipmi_smi *intf, struct ipmi_recv_msg *recv_msg, 4564 unsigned char seq, long seqid) 4565 { 4566 struct ipmi_smi_msg *smi_msg = ipmi_alloc_smi_msg(); 4567 if (!smi_msg) 4568 /* 4569 * If we can't allocate the message, then just return, we 4570 * get 4 retries, so this should be ok. 4571 */ 4572 return NULL; 4573 4574 memcpy(smi_msg->data, recv_msg->msg.data, recv_msg->msg.data_len); 4575 smi_msg->data_size = recv_msg->msg.data_len; 4576 smi_msg->msgid = STORE_SEQ_IN_MSGID(seq, seqid); 4577 4578 pr_debug("Resend: %*ph\n", smi_msg->data_size, smi_msg->data); 4579 4580 return smi_msg; 4581 } 4582 4583 static void check_msg_timeout(struct ipmi_smi *intf, struct seq_table *ent, 4584 struct list_head *timeouts, 4585 unsigned long timeout_period, 4586 int slot, unsigned long *flags, 4587 bool *need_timer) 4588 { 4589 struct ipmi_recv_msg *msg; 4590 4591 if (intf->in_shutdown) 4592 return; 4593 4594 if (!ent->inuse) 4595 return; 4596 4597 if (timeout_period < ent->timeout) { 4598 ent->timeout -= timeout_period; 4599 *need_timer = true; 4600 return; 4601 } 4602 4603 if (ent->retries_left == 0) { 4604 /* The message has used all its retries. */ 4605 ent->inuse = 0; 4606 smi_remove_watch(intf, IPMI_WATCH_MASK_CHECK_MESSAGES); 4607 msg = ent->recv_msg; 4608 list_add_tail(&msg->link, timeouts); 4609 if (ent->broadcast) 4610 ipmi_inc_stat(intf, timed_out_ipmb_broadcasts); 4611 else if (is_lan_addr(&ent->recv_msg->addr)) 4612 ipmi_inc_stat(intf, timed_out_lan_commands); 4613 else 4614 ipmi_inc_stat(intf, timed_out_ipmb_commands); 4615 } else { 4616 struct ipmi_smi_msg *smi_msg; 4617 /* More retries, send again. */ 4618 4619 *need_timer = true; 4620 4621 /* 4622 * Start with the max timer, set to normal timer after 4623 * the message is sent. 4624 */ 4625 ent->timeout = MAX_MSG_TIMEOUT; 4626 ent->retries_left--; 4627 smi_msg = smi_from_recv_msg(intf, ent->recv_msg, slot, 4628 ent->seqid); 4629 if (!smi_msg) { 4630 if (is_lan_addr(&ent->recv_msg->addr)) 4631 ipmi_inc_stat(intf, 4632 dropped_rexmit_lan_commands); 4633 else 4634 ipmi_inc_stat(intf, 4635 dropped_rexmit_ipmb_commands); 4636 return; 4637 } 4638 4639 spin_unlock_irqrestore(&intf->seq_lock, *flags); 4640 4641 /* 4642 * Send the new message. We send with a zero 4643 * priority. It timed out, I doubt time is that 4644 * critical now, and high priority messages are really 4645 * only for messages to the local MC, which don't get 4646 * resent. 4647 */ 4648 if (intf->handlers) { 4649 if (is_lan_addr(&ent->recv_msg->addr)) 4650 ipmi_inc_stat(intf, 4651 retransmitted_lan_commands); 4652 else 4653 ipmi_inc_stat(intf, 4654 retransmitted_ipmb_commands); 4655 4656 smi_send(intf, intf->handlers, smi_msg, 0); 4657 } else 4658 ipmi_free_smi_msg(smi_msg); 4659 4660 spin_lock_irqsave(&intf->seq_lock, *flags); 4661 } 4662 } 4663 4664 static bool ipmi_timeout_handler(struct ipmi_smi *intf, 4665 unsigned long timeout_period) 4666 { 4667 struct list_head timeouts; 4668 struct ipmi_recv_msg *msg, *msg2; 4669 unsigned long flags; 4670 int i; 4671 bool need_timer = false; 4672 4673 if (!intf->bmc_registered) { 4674 kref_get(&intf->refcount); 4675 if (!schedule_work(&intf->bmc_reg_work)) { 4676 kref_put(&intf->refcount, intf_free); 4677 need_timer = true; 4678 } 4679 } 4680 4681 /* 4682 * Go through the seq table and find any messages that 4683 * have timed out, putting them in the timeouts 4684 * list. 4685 */ 4686 INIT_LIST_HEAD(&timeouts); 4687 spin_lock_irqsave(&intf->seq_lock, flags); 4688 if (intf->ipmb_maintenance_mode_timeout) { 4689 if (intf->ipmb_maintenance_mode_timeout <= timeout_period) 4690 intf->ipmb_maintenance_mode_timeout = 0; 4691 else 4692 intf->ipmb_maintenance_mode_timeout -= timeout_period; 4693 } 4694 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) 4695 check_msg_timeout(intf, &intf->seq_table[i], 4696 &timeouts, timeout_period, i, 4697 &flags, &need_timer); 4698 spin_unlock_irqrestore(&intf->seq_lock, flags); 4699 4700 list_for_each_entry_safe(msg, msg2, &timeouts, link) 4701 deliver_err_response(intf, msg, IPMI_TIMEOUT_COMPLETION_CODE); 4702 4703 /* 4704 * Maintenance mode handling. Check the timeout 4705 * optimistically before we claim the lock. It may 4706 * mean a timeout gets missed occasionally, but that 4707 * only means the timeout gets extended by one period 4708 * in that case. No big deal, and it avoids the lock 4709 * most of the time. 4710 */ 4711 if (intf->auto_maintenance_timeout > 0) { 4712 spin_lock_irqsave(&intf->maintenance_mode_lock, flags); 4713 if (intf->auto_maintenance_timeout > 0) { 4714 intf->auto_maintenance_timeout 4715 -= timeout_period; 4716 if (!intf->maintenance_mode 4717 && (intf->auto_maintenance_timeout <= 0)) { 4718 intf->maintenance_mode_enable = false; 4719 maintenance_mode_update(intf); 4720 } 4721 } 4722 spin_unlock_irqrestore(&intf->maintenance_mode_lock, 4723 flags); 4724 } 4725 4726 tasklet_schedule(&intf->recv_tasklet); 4727 4728 return need_timer; 4729 } 4730 4731 static void ipmi_request_event(struct ipmi_smi *intf) 4732 { 4733 /* No event requests when in maintenance mode. */ 4734 if (intf->maintenance_mode_enable) 4735 return; 4736 4737 if (!intf->in_shutdown) 4738 intf->handlers->request_events(intf->send_info); 4739 } 4740 4741 static struct timer_list ipmi_timer; 4742 4743 static atomic_t stop_operation; 4744 4745 static void ipmi_timeout(struct timer_list *unused) 4746 { 4747 struct ipmi_smi *intf; 4748 bool need_timer = false; 4749 int index; 4750 4751 if (atomic_read(&stop_operation)) 4752 return; 4753 4754 index = srcu_read_lock(&ipmi_interfaces_srcu); 4755 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 4756 if (atomic_read(&intf->event_waiters)) { 4757 intf->ticks_to_req_ev--; 4758 if (intf->ticks_to_req_ev == 0) { 4759 ipmi_request_event(intf); 4760 intf->ticks_to_req_ev = IPMI_REQUEST_EV_TIME; 4761 } 4762 need_timer = true; 4763 } 4764 4765 need_timer |= ipmi_timeout_handler(intf, IPMI_TIMEOUT_TIME); 4766 } 4767 srcu_read_unlock(&ipmi_interfaces_srcu, index); 4768 4769 if (need_timer) 4770 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES); 4771 } 4772 4773 static void need_waiter(struct ipmi_smi *intf) 4774 { 4775 /* Racy, but worst case we start the timer twice. */ 4776 if (!timer_pending(&ipmi_timer)) 4777 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES); 4778 } 4779 4780 static atomic_t smi_msg_inuse_count = ATOMIC_INIT(0); 4781 static atomic_t recv_msg_inuse_count = ATOMIC_INIT(0); 4782 4783 static void free_smi_msg(struct ipmi_smi_msg *msg) 4784 { 4785 atomic_dec(&smi_msg_inuse_count); 4786 kfree(msg); 4787 } 4788 4789 struct ipmi_smi_msg *ipmi_alloc_smi_msg(void) 4790 { 4791 struct ipmi_smi_msg *rv; 4792 rv = kmalloc(sizeof(struct ipmi_smi_msg), GFP_ATOMIC); 4793 if (rv) { 4794 rv->done = free_smi_msg; 4795 rv->user_data = NULL; 4796 atomic_inc(&smi_msg_inuse_count); 4797 } 4798 return rv; 4799 } 4800 EXPORT_SYMBOL(ipmi_alloc_smi_msg); 4801 4802 static void free_recv_msg(struct ipmi_recv_msg *msg) 4803 { 4804 atomic_dec(&recv_msg_inuse_count); 4805 kfree(msg); 4806 } 4807 4808 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void) 4809 { 4810 struct ipmi_recv_msg *rv; 4811 4812 rv = kmalloc(sizeof(struct ipmi_recv_msg), GFP_ATOMIC); 4813 if (rv) { 4814 rv->user = NULL; 4815 rv->done = free_recv_msg; 4816 atomic_inc(&recv_msg_inuse_count); 4817 } 4818 return rv; 4819 } 4820 4821 void ipmi_free_recv_msg(struct ipmi_recv_msg *msg) 4822 { 4823 if (msg->user) 4824 kref_put(&msg->user->refcount, free_user); 4825 msg->done(msg); 4826 } 4827 EXPORT_SYMBOL(ipmi_free_recv_msg); 4828 4829 static atomic_t panic_done_count = ATOMIC_INIT(0); 4830 4831 static void dummy_smi_done_handler(struct ipmi_smi_msg *msg) 4832 { 4833 atomic_dec(&panic_done_count); 4834 } 4835 4836 static void dummy_recv_done_handler(struct ipmi_recv_msg *msg) 4837 { 4838 atomic_dec(&panic_done_count); 4839 } 4840 4841 /* 4842 * Inside a panic, send a message and wait for a response. 4843 */ 4844 static void ipmi_panic_request_and_wait(struct ipmi_smi *intf, 4845 struct ipmi_addr *addr, 4846 struct kernel_ipmi_msg *msg) 4847 { 4848 struct ipmi_smi_msg smi_msg; 4849 struct ipmi_recv_msg recv_msg; 4850 int rv; 4851 4852 smi_msg.done = dummy_smi_done_handler; 4853 recv_msg.done = dummy_recv_done_handler; 4854 atomic_add(2, &panic_done_count); 4855 rv = i_ipmi_request(NULL, 4856 intf, 4857 addr, 4858 0, 4859 msg, 4860 intf, 4861 &smi_msg, 4862 &recv_msg, 4863 0, 4864 intf->addrinfo[0].address, 4865 intf->addrinfo[0].lun, 4866 0, 1); /* Don't retry, and don't wait. */ 4867 if (rv) 4868 atomic_sub(2, &panic_done_count); 4869 else if (intf->handlers->flush_messages) 4870 intf->handlers->flush_messages(intf->send_info); 4871 4872 while (atomic_read(&panic_done_count) != 0) 4873 ipmi_poll(intf); 4874 } 4875 4876 static void event_receiver_fetcher(struct ipmi_smi *intf, 4877 struct ipmi_recv_msg *msg) 4878 { 4879 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 4880 && (msg->msg.netfn == IPMI_NETFN_SENSOR_EVENT_RESPONSE) 4881 && (msg->msg.cmd == IPMI_GET_EVENT_RECEIVER_CMD) 4882 && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) { 4883 /* A get event receiver command, save it. */ 4884 intf->event_receiver = msg->msg.data[1]; 4885 intf->event_receiver_lun = msg->msg.data[2] & 0x3; 4886 } 4887 } 4888 4889 static void device_id_fetcher(struct ipmi_smi *intf, struct ipmi_recv_msg *msg) 4890 { 4891 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 4892 && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE) 4893 && (msg->msg.cmd == IPMI_GET_DEVICE_ID_CMD) 4894 && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) { 4895 /* 4896 * A get device id command, save if we are an event 4897 * receiver or generator. 4898 */ 4899 intf->local_sel_device = (msg->msg.data[6] >> 2) & 1; 4900 intf->local_event_generator = (msg->msg.data[6] >> 5) & 1; 4901 } 4902 } 4903 4904 static void send_panic_events(struct ipmi_smi *intf, char *str) 4905 { 4906 struct kernel_ipmi_msg msg; 4907 unsigned char data[16]; 4908 struct ipmi_system_interface_addr *si; 4909 struct ipmi_addr addr; 4910 char *p = str; 4911 struct ipmi_ipmb_addr *ipmb; 4912 int j; 4913 4914 if (ipmi_send_panic_event == IPMI_SEND_PANIC_EVENT_NONE) 4915 return; 4916 4917 si = (struct ipmi_system_interface_addr *) &addr; 4918 si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 4919 si->channel = IPMI_BMC_CHANNEL; 4920 si->lun = 0; 4921 4922 /* Fill in an event telling that we have failed. */ 4923 msg.netfn = 0x04; /* Sensor or Event. */ 4924 msg.cmd = 2; /* Platform event command. */ 4925 msg.data = data; 4926 msg.data_len = 8; 4927 data[0] = 0x41; /* Kernel generator ID, IPMI table 5-4 */ 4928 data[1] = 0x03; /* This is for IPMI 1.0. */ 4929 data[2] = 0x20; /* OS Critical Stop, IPMI table 36-3 */ 4930 data[4] = 0x6f; /* Sensor specific, IPMI table 36-1 */ 4931 data[5] = 0xa1; /* Runtime stop OEM bytes 2 & 3. */ 4932 4933 /* 4934 * Put a few breadcrumbs in. Hopefully later we can add more things 4935 * to make the panic events more useful. 4936 */ 4937 if (str) { 4938 data[3] = str[0]; 4939 data[6] = str[1]; 4940 data[7] = str[2]; 4941 } 4942 4943 /* Send the event announcing the panic. */ 4944 ipmi_panic_request_and_wait(intf, &addr, &msg); 4945 4946 /* 4947 * On every interface, dump a bunch of OEM event holding the 4948 * string. 4949 */ 4950 if (ipmi_send_panic_event != IPMI_SEND_PANIC_EVENT_STRING || !str) 4951 return; 4952 4953 /* 4954 * intf_num is used as an marker to tell if the 4955 * interface is valid. Thus we need a read barrier to 4956 * make sure data fetched before checking intf_num 4957 * won't be used. 4958 */ 4959 smp_rmb(); 4960 4961 /* 4962 * First job here is to figure out where to send the 4963 * OEM events. There's no way in IPMI to send OEM 4964 * events using an event send command, so we have to 4965 * find the SEL to put them in and stick them in 4966 * there. 4967 */ 4968 4969 /* Get capabilities from the get device id. */ 4970 intf->local_sel_device = 0; 4971 intf->local_event_generator = 0; 4972 intf->event_receiver = 0; 4973 4974 /* Request the device info from the local MC. */ 4975 msg.netfn = IPMI_NETFN_APP_REQUEST; 4976 msg.cmd = IPMI_GET_DEVICE_ID_CMD; 4977 msg.data = NULL; 4978 msg.data_len = 0; 4979 intf->null_user_handler = device_id_fetcher; 4980 ipmi_panic_request_and_wait(intf, &addr, &msg); 4981 4982 if (intf->local_event_generator) { 4983 /* Request the event receiver from the local MC. */ 4984 msg.netfn = IPMI_NETFN_SENSOR_EVENT_REQUEST; 4985 msg.cmd = IPMI_GET_EVENT_RECEIVER_CMD; 4986 msg.data = NULL; 4987 msg.data_len = 0; 4988 intf->null_user_handler = event_receiver_fetcher; 4989 ipmi_panic_request_and_wait(intf, &addr, &msg); 4990 } 4991 intf->null_user_handler = NULL; 4992 4993 /* 4994 * Validate the event receiver. The low bit must not 4995 * be 1 (it must be a valid IPMB address), it cannot 4996 * be zero, and it must not be my address. 4997 */ 4998 if (((intf->event_receiver & 1) == 0) 4999 && (intf->event_receiver != 0) 5000 && (intf->event_receiver != intf->addrinfo[0].address)) { 5001 /* 5002 * The event receiver is valid, send an IPMB 5003 * message. 5004 */ 5005 ipmb = (struct ipmi_ipmb_addr *) &addr; 5006 ipmb->addr_type = IPMI_IPMB_ADDR_TYPE; 5007 ipmb->channel = 0; /* FIXME - is this right? */ 5008 ipmb->lun = intf->event_receiver_lun; 5009 ipmb->slave_addr = intf->event_receiver; 5010 } else if (intf->local_sel_device) { 5011 /* 5012 * The event receiver was not valid (or was 5013 * me), but I am an SEL device, just dump it 5014 * in my SEL. 5015 */ 5016 si = (struct ipmi_system_interface_addr *) &addr; 5017 si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 5018 si->channel = IPMI_BMC_CHANNEL; 5019 si->lun = 0; 5020 } else 5021 return; /* No where to send the event. */ 5022 5023 msg.netfn = IPMI_NETFN_STORAGE_REQUEST; /* Storage. */ 5024 msg.cmd = IPMI_ADD_SEL_ENTRY_CMD; 5025 msg.data = data; 5026 msg.data_len = 16; 5027 5028 j = 0; 5029 while (*p) { 5030 int size = strlen(p); 5031 5032 if (size > 11) 5033 size = 11; 5034 data[0] = 0; 5035 data[1] = 0; 5036 data[2] = 0xf0; /* OEM event without timestamp. */ 5037 data[3] = intf->addrinfo[0].address; 5038 data[4] = j++; /* sequence # */ 5039 /* 5040 * Always give 11 bytes, so strncpy will fill 5041 * it with zeroes for me. 5042 */ 5043 strncpy(data+5, p, 11); 5044 p += size; 5045 5046 ipmi_panic_request_and_wait(intf, &addr, &msg); 5047 } 5048 } 5049 5050 static int has_panicked; 5051 5052 static int panic_event(struct notifier_block *this, 5053 unsigned long event, 5054 void *ptr) 5055 { 5056 struct ipmi_smi *intf; 5057 struct ipmi_user *user; 5058 5059 if (has_panicked) 5060 return NOTIFY_DONE; 5061 has_panicked = 1; 5062 5063 /* For every registered interface, set it to run to completion. */ 5064 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 5065 if (!intf->handlers || intf->intf_num == -1) 5066 /* Interface is not ready. */ 5067 continue; 5068 5069 if (!intf->handlers->poll) 5070 continue; 5071 5072 /* 5073 * If we were interrupted while locking xmit_msgs_lock or 5074 * waiting_rcv_msgs_lock, the corresponding list may be 5075 * corrupted. In this case, drop items on the list for 5076 * the safety. 5077 */ 5078 if (!spin_trylock(&intf->xmit_msgs_lock)) { 5079 INIT_LIST_HEAD(&intf->xmit_msgs); 5080 INIT_LIST_HEAD(&intf->hp_xmit_msgs); 5081 } else 5082 spin_unlock(&intf->xmit_msgs_lock); 5083 5084 if (!spin_trylock(&intf->waiting_rcv_msgs_lock)) 5085 INIT_LIST_HEAD(&intf->waiting_rcv_msgs); 5086 else 5087 spin_unlock(&intf->waiting_rcv_msgs_lock); 5088 5089 intf->run_to_completion = 1; 5090 if (intf->handlers->set_run_to_completion) 5091 intf->handlers->set_run_to_completion(intf->send_info, 5092 1); 5093 5094 list_for_each_entry_rcu(user, &intf->users, link) { 5095 if (user->handler->ipmi_panic_handler) 5096 user->handler->ipmi_panic_handler( 5097 user->handler_data); 5098 } 5099 5100 send_panic_events(intf, ptr); 5101 } 5102 5103 return NOTIFY_DONE; 5104 } 5105 5106 /* Must be called with ipmi_interfaces_mutex held. */ 5107 static int ipmi_register_driver(void) 5108 { 5109 int rv; 5110 5111 if (drvregistered) 5112 return 0; 5113 5114 rv = driver_register(&ipmidriver.driver); 5115 if (rv) 5116 pr_err("Could not register IPMI driver\n"); 5117 else 5118 drvregistered = true; 5119 return rv; 5120 } 5121 5122 static struct notifier_block panic_block = { 5123 .notifier_call = panic_event, 5124 .next = NULL, 5125 .priority = 200 /* priority: INT_MAX >= x >= 0 */ 5126 }; 5127 5128 static int ipmi_init_msghandler(void) 5129 { 5130 int rv; 5131 5132 mutex_lock(&ipmi_interfaces_mutex); 5133 rv = ipmi_register_driver(); 5134 if (rv) 5135 goto out; 5136 if (initialized) 5137 goto out; 5138 5139 init_srcu_struct(&ipmi_interfaces_srcu); 5140 5141 timer_setup(&ipmi_timer, ipmi_timeout, 0); 5142 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES); 5143 5144 atomic_notifier_chain_register(&panic_notifier_list, &panic_block); 5145 5146 initialized = true; 5147 5148 out: 5149 mutex_unlock(&ipmi_interfaces_mutex); 5150 return rv; 5151 } 5152 5153 static int __init ipmi_init_msghandler_mod(void) 5154 { 5155 int rv; 5156 5157 pr_info("version " IPMI_DRIVER_VERSION "\n"); 5158 5159 mutex_lock(&ipmi_interfaces_mutex); 5160 rv = ipmi_register_driver(); 5161 mutex_unlock(&ipmi_interfaces_mutex); 5162 5163 return rv; 5164 } 5165 5166 static void __exit cleanup_ipmi(void) 5167 { 5168 int count; 5169 5170 if (initialized) { 5171 atomic_notifier_chain_unregister(&panic_notifier_list, 5172 &panic_block); 5173 5174 /* 5175 * This can't be called if any interfaces exist, so no worry 5176 * about shutting down the interfaces. 5177 */ 5178 5179 /* 5180 * Tell the timer to stop, then wait for it to stop. This 5181 * avoids problems with race conditions removing the timer 5182 * here. 5183 */ 5184 atomic_set(&stop_operation, 1); 5185 del_timer_sync(&ipmi_timer); 5186 5187 initialized = false; 5188 5189 /* Check for buffer leaks. */ 5190 count = atomic_read(&smi_msg_inuse_count); 5191 if (count != 0) 5192 pr_warn("SMI message count %d at exit\n", count); 5193 count = atomic_read(&recv_msg_inuse_count); 5194 if (count != 0) 5195 pr_warn("recv message count %d at exit\n", count); 5196 5197 cleanup_srcu_struct(&ipmi_interfaces_srcu); 5198 } 5199 if (drvregistered) 5200 driver_unregister(&ipmidriver.driver); 5201 } 5202 module_exit(cleanup_ipmi); 5203 5204 module_init(ipmi_init_msghandler_mod); 5205 MODULE_LICENSE("GPL"); 5206 MODULE_AUTHOR("Corey Minyard <minyard@mvista.com>"); 5207 MODULE_DESCRIPTION("Incoming and outgoing message routing for an IPMI" 5208 " interface."); 5209 MODULE_VERSION(IPMI_DRIVER_VERSION); 5210 MODULE_SOFTDEP("post: ipmi_devintf"); 5211