1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * ipmi_msghandler.c 4 * 5 * Incoming and outgoing message routing for an IPMI interface. 6 * 7 * Author: MontaVista Software, Inc. 8 * Corey Minyard <minyard@mvista.com> 9 * source@mvista.com 10 * 11 * Copyright 2002 MontaVista Software Inc. 12 */ 13 14 #define pr_fmt(fmt) "%s" fmt, "IPMI message handler: " 15 #define dev_fmt pr_fmt 16 17 #include <linux/module.h> 18 #include <linux/errno.h> 19 #include <linux/poll.h> 20 #include <linux/sched.h> 21 #include <linux/seq_file.h> 22 #include <linux/spinlock.h> 23 #include <linux/mutex.h> 24 #include <linux/slab.h> 25 #include <linux/ipmi.h> 26 #include <linux/ipmi_smi.h> 27 #include <linux/notifier.h> 28 #include <linux/init.h> 29 #include <linux/proc_fs.h> 30 #include <linux/rcupdate.h> 31 #include <linux/interrupt.h> 32 #include <linux/moduleparam.h> 33 #include <linux/workqueue.h> 34 #include <linux/uuid.h> 35 #include <linux/nospec.h> 36 #include <linux/vmalloc.h> 37 #include <linux/delay.h> 38 39 #define IPMI_DRIVER_VERSION "39.2" 40 41 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void); 42 static int ipmi_init_msghandler(void); 43 static void smi_recv_tasklet(struct tasklet_struct *t); 44 static void handle_new_recv_msgs(struct ipmi_smi *intf); 45 static void need_waiter(struct ipmi_smi *intf); 46 static int handle_one_recv_msg(struct ipmi_smi *intf, 47 struct ipmi_smi_msg *msg); 48 49 static bool initialized; 50 static bool drvregistered; 51 52 enum ipmi_panic_event_op { 53 IPMI_SEND_PANIC_EVENT_NONE, 54 IPMI_SEND_PANIC_EVENT, 55 IPMI_SEND_PANIC_EVENT_STRING 56 }; 57 #ifdef CONFIG_IPMI_PANIC_STRING 58 #define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT_STRING 59 #elif defined(CONFIG_IPMI_PANIC_EVENT) 60 #define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT 61 #else 62 #define IPMI_PANIC_DEFAULT IPMI_SEND_PANIC_EVENT_NONE 63 #endif 64 65 static enum ipmi_panic_event_op ipmi_send_panic_event = IPMI_PANIC_DEFAULT; 66 67 static int panic_op_write_handler(const char *val, 68 const struct kernel_param *kp) 69 { 70 char valcp[16]; 71 char *s; 72 73 strncpy(valcp, val, 15); 74 valcp[15] = '\0'; 75 76 s = strstrip(valcp); 77 78 if (strcmp(s, "none") == 0) 79 ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT_NONE; 80 else if (strcmp(s, "event") == 0) 81 ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT; 82 else if (strcmp(s, "string") == 0) 83 ipmi_send_panic_event = IPMI_SEND_PANIC_EVENT_STRING; 84 else 85 return -EINVAL; 86 87 return 0; 88 } 89 90 static int panic_op_read_handler(char *buffer, const struct kernel_param *kp) 91 { 92 switch (ipmi_send_panic_event) { 93 case IPMI_SEND_PANIC_EVENT_NONE: 94 strcpy(buffer, "none\n"); 95 break; 96 97 case IPMI_SEND_PANIC_EVENT: 98 strcpy(buffer, "event\n"); 99 break; 100 101 case IPMI_SEND_PANIC_EVENT_STRING: 102 strcpy(buffer, "string\n"); 103 break; 104 105 default: 106 strcpy(buffer, "???\n"); 107 break; 108 } 109 110 return strlen(buffer); 111 } 112 113 static const struct kernel_param_ops panic_op_ops = { 114 .set = panic_op_write_handler, 115 .get = panic_op_read_handler 116 }; 117 module_param_cb(panic_op, &panic_op_ops, NULL, 0600); 118 MODULE_PARM_DESC(panic_op, "Sets if the IPMI driver will attempt to store panic information in the event log in the event of a panic. Set to 'none' for no, 'event' for a single event, or 'string' for a generic event and the panic string in IPMI OEM events."); 119 120 121 #define MAX_EVENTS_IN_QUEUE 25 122 123 /* Remain in auto-maintenance mode for this amount of time (in ms). */ 124 static unsigned long maintenance_mode_timeout_ms = 30000; 125 module_param(maintenance_mode_timeout_ms, ulong, 0644); 126 MODULE_PARM_DESC(maintenance_mode_timeout_ms, 127 "The time (milliseconds) after the last maintenance message that the connection stays in maintenance mode."); 128 129 /* 130 * Don't let a message sit in a queue forever, always time it with at lest 131 * the max message timer. This is in milliseconds. 132 */ 133 #define MAX_MSG_TIMEOUT 60000 134 135 /* 136 * Timeout times below are in milliseconds, and are done off a 1 137 * second timer. So setting the value to 1000 would mean anything 138 * between 0 and 1000ms. So really the only reasonable minimum 139 * setting it 2000ms, which is between 1 and 2 seconds. 140 */ 141 142 /* The default timeout for message retries. */ 143 static unsigned long default_retry_ms = 2000; 144 module_param(default_retry_ms, ulong, 0644); 145 MODULE_PARM_DESC(default_retry_ms, 146 "The time (milliseconds) between retry sends"); 147 148 /* The default timeout for maintenance mode message retries. */ 149 static unsigned long default_maintenance_retry_ms = 3000; 150 module_param(default_maintenance_retry_ms, ulong, 0644); 151 MODULE_PARM_DESC(default_maintenance_retry_ms, 152 "The time (milliseconds) between retry sends in maintenance mode"); 153 154 /* The default maximum number of retries */ 155 static unsigned int default_max_retries = 4; 156 module_param(default_max_retries, uint, 0644); 157 MODULE_PARM_DESC(default_max_retries, 158 "The time (milliseconds) between retry sends in maintenance mode"); 159 160 /* Call every ~1000 ms. */ 161 #define IPMI_TIMEOUT_TIME 1000 162 163 /* How many jiffies does it take to get to the timeout time. */ 164 #define IPMI_TIMEOUT_JIFFIES ((IPMI_TIMEOUT_TIME * HZ) / 1000) 165 166 /* 167 * Request events from the queue every second (this is the number of 168 * IPMI_TIMEOUT_TIMES between event requests). Hopefully, in the 169 * future, IPMI will add a way to know immediately if an event is in 170 * the queue and this silliness can go away. 171 */ 172 #define IPMI_REQUEST_EV_TIME (1000 / (IPMI_TIMEOUT_TIME)) 173 174 /* How long should we cache dynamic device IDs? */ 175 #define IPMI_DYN_DEV_ID_EXPIRY (10 * HZ) 176 177 /* 178 * The main "user" data structure. 179 */ 180 struct ipmi_user { 181 struct list_head link; 182 183 /* 184 * Set to NULL when the user is destroyed, a pointer to myself 185 * so srcu_dereference can be used on it. 186 */ 187 struct ipmi_user *self; 188 struct srcu_struct release_barrier; 189 190 struct kref refcount; 191 192 /* The upper layer that handles receive messages. */ 193 const struct ipmi_user_hndl *handler; 194 void *handler_data; 195 196 /* The interface this user is bound to. */ 197 struct ipmi_smi *intf; 198 199 /* Does this interface receive IPMI events? */ 200 bool gets_events; 201 202 /* Free must run in process context for RCU cleanup. */ 203 struct work_struct remove_work; 204 }; 205 206 static struct ipmi_user *acquire_ipmi_user(struct ipmi_user *user, int *index) 207 __acquires(user->release_barrier) 208 { 209 struct ipmi_user *ruser; 210 211 *index = srcu_read_lock(&user->release_barrier); 212 ruser = srcu_dereference(user->self, &user->release_barrier); 213 if (!ruser) 214 srcu_read_unlock(&user->release_barrier, *index); 215 return ruser; 216 } 217 218 static void release_ipmi_user(struct ipmi_user *user, int index) 219 { 220 srcu_read_unlock(&user->release_barrier, index); 221 } 222 223 struct cmd_rcvr { 224 struct list_head link; 225 226 struct ipmi_user *user; 227 unsigned char netfn; 228 unsigned char cmd; 229 unsigned int chans; 230 231 /* 232 * This is used to form a linked lised during mass deletion. 233 * Since this is in an RCU list, we cannot use the link above 234 * or change any data until the RCU period completes. So we 235 * use this next variable during mass deletion so we can have 236 * a list and don't have to wait and restart the search on 237 * every individual deletion of a command. 238 */ 239 struct cmd_rcvr *next; 240 }; 241 242 struct seq_table { 243 unsigned int inuse : 1; 244 unsigned int broadcast : 1; 245 246 unsigned long timeout; 247 unsigned long orig_timeout; 248 unsigned int retries_left; 249 250 /* 251 * To verify on an incoming send message response that this is 252 * the message that the response is for, we keep a sequence id 253 * and increment it every time we send a message. 254 */ 255 long seqid; 256 257 /* 258 * This is held so we can properly respond to the message on a 259 * timeout, and it is used to hold the temporary data for 260 * retransmission, too. 261 */ 262 struct ipmi_recv_msg *recv_msg; 263 }; 264 265 /* 266 * Store the information in a msgid (long) to allow us to find a 267 * sequence table entry from the msgid. 268 */ 269 #define STORE_SEQ_IN_MSGID(seq, seqid) \ 270 ((((seq) & 0x3f) << 26) | ((seqid) & 0x3ffffff)) 271 272 #define GET_SEQ_FROM_MSGID(msgid, seq, seqid) \ 273 do { \ 274 seq = (((msgid) >> 26) & 0x3f); \ 275 seqid = ((msgid) & 0x3ffffff); \ 276 } while (0) 277 278 #define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3ffffff) 279 280 #define IPMI_MAX_CHANNELS 16 281 struct ipmi_channel { 282 unsigned char medium; 283 unsigned char protocol; 284 }; 285 286 struct ipmi_channel_set { 287 struct ipmi_channel c[IPMI_MAX_CHANNELS]; 288 }; 289 290 struct ipmi_my_addrinfo { 291 /* 292 * My slave address. This is initialized to IPMI_BMC_SLAVE_ADDR, 293 * but may be changed by the user. 294 */ 295 unsigned char address; 296 297 /* 298 * My LUN. This should generally stay the SMS LUN, but just in 299 * case... 300 */ 301 unsigned char lun; 302 }; 303 304 /* 305 * Note that the product id, manufacturer id, guid, and device id are 306 * immutable in this structure, so dyn_mutex is not required for 307 * accessing those. If those change on a BMC, a new BMC is allocated. 308 */ 309 struct bmc_device { 310 struct platform_device pdev; 311 struct list_head intfs; /* Interfaces on this BMC. */ 312 struct ipmi_device_id id; 313 struct ipmi_device_id fetch_id; 314 int dyn_id_set; 315 unsigned long dyn_id_expiry; 316 struct mutex dyn_mutex; /* Protects id, intfs, & dyn* */ 317 guid_t guid; 318 guid_t fetch_guid; 319 int dyn_guid_set; 320 struct kref usecount; 321 struct work_struct remove_work; 322 unsigned char cc; /* completion code */ 323 }; 324 #define to_bmc_device(x) container_of((x), struct bmc_device, pdev.dev) 325 326 static int bmc_get_device_id(struct ipmi_smi *intf, struct bmc_device *bmc, 327 struct ipmi_device_id *id, 328 bool *guid_set, guid_t *guid); 329 330 /* 331 * Various statistics for IPMI, these index stats[] in the ipmi_smi 332 * structure. 333 */ 334 enum ipmi_stat_indexes { 335 /* Commands we got from the user that were invalid. */ 336 IPMI_STAT_sent_invalid_commands = 0, 337 338 /* Commands we sent to the MC. */ 339 IPMI_STAT_sent_local_commands, 340 341 /* Responses from the MC that were delivered to a user. */ 342 IPMI_STAT_handled_local_responses, 343 344 /* Responses from the MC that were not delivered to a user. */ 345 IPMI_STAT_unhandled_local_responses, 346 347 /* Commands we sent out to the IPMB bus. */ 348 IPMI_STAT_sent_ipmb_commands, 349 350 /* Commands sent on the IPMB that had errors on the SEND CMD */ 351 IPMI_STAT_sent_ipmb_command_errs, 352 353 /* Each retransmit increments this count. */ 354 IPMI_STAT_retransmitted_ipmb_commands, 355 356 /* 357 * When a message times out (runs out of retransmits) this is 358 * incremented. 359 */ 360 IPMI_STAT_timed_out_ipmb_commands, 361 362 /* 363 * This is like above, but for broadcasts. Broadcasts are 364 * *not* included in the above count (they are expected to 365 * time out). 366 */ 367 IPMI_STAT_timed_out_ipmb_broadcasts, 368 369 /* Responses I have sent to the IPMB bus. */ 370 IPMI_STAT_sent_ipmb_responses, 371 372 /* The response was delivered to the user. */ 373 IPMI_STAT_handled_ipmb_responses, 374 375 /* The response had invalid data in it. */ 376 IPMI_STAT_invalid_ipmb_responses, 377 378 /* The response didn't have anyone waiting for it. */ 379 IPMI_STAT_unhandled_ipmb_responses, 380 381 /* Commands we sent out to the IPMB bus. */ 382 IPMI_STAT_sent_lan_commands, 383 384 /* Commands sent on the IPMB that had errors on the SEND CMD */ 385 IPMI_STAT_sent_lan_command_errs, 386 387 /* Each retransmit increments this count. */ 388 IPMI_STAT_retransmitted_lan_commands, 389 390 /* 391 * When a message times out (runs out of retransmits) this is 392 * incremented. 393 */ 394 IPMI_STAT_timed_out_lan_commands, 395 396 /* Responses I have sent to the IPMB bus. */ 397 IPMI_STAT_sent_lan_responses, 398 399 /* The response was delivered to the user. */ 400 IPMI_STAT_handled_lan_responses, 401 402 /* The response had invalid data in it. */ 403 IPMI_STAT_invalid_lan_responses, 404 405 /* The response didn't have anyone waiting for it. */ 406 IPMI_STAT_unhandled_lan_responses, 407 408 /* The command was delivered to the user. */ 409 IPMI_STAT_handled_commands, 410 411 /* The command had invalid data in it. */ 412 IPMI_STAT_invalid_commands, 413 414 /* The command didn't have anyone waiting for it. */ 415 IPMI_STAT_unhandled_commands, 416 417 /* Invalid data in an event. */ 418 IPMI_STAT_invalid_events, 419 420 /* Events that were received with the proper format. */ 421 IPMI_STAT_events, 422 423 /* Retransmissions on IPMB that failed. */ 424 IPMI_STAT_dropped_rexmit_ipmb_commands, 425 426 /* Retransmissions on LAN that failed. */ 427 IPMI_STAT_dropped_rexmit_lan_commands, 428 429 /* This *must* remain last, add new values above this. */ 430 IPMI_NUM_STATS 431 }; 432 433 434 #define IPMI_IPMB_NUM_SEQ 64 435 struct ipmi_smi { 436 struct module *owner; 437 438 /* What interface number are we? */ 439 int intf_num; 440 441 struct kref refcount; 442 443 /* Set when the interface is being unregistered. */ 444 bool in_shutdown; 445 446 /* Used for a list of interfaces. */ 447 struct list_head link; 448 449 /* 450 * The list of upper layers that are using me. seq_lock write 451 * protects this. Read protection is with srcu. 452 */ 453 struct list_head users; 454 struct srcu_struct users_srcu; 455 456 /* Used for wake ups at startup. */ 457 wait_queue_head_t waitq; 458 459 /* 460 * Prevents the interface from being unregistered when the 461 * interface is used by being looked up through the BMC 462 * structure. 463 */ 464 struct mutex bmc_reg_mutex; 465 466 struct bmc_device tmp_bmc; 467 struct bmc_device *bmc; 468 bool bmc_registered; 469 struct list_head bmc_link; 470 char *my_dev_name; 471 bool in_bmc_register; /* Handle recursive situations. Yuck. */ 472 struct work_struct bmc_reg_work; 473 474 const struct ipmi_smi_handlers *handlers; 475 void *send_info; 476 477 /* Driver-model device for the system interface. */ 478 struct device *si_dev; 479 480 /* 481 * A table of sequence numbers for this interface. We use the 482 * sequence numbers for IPMB messages that go out of the 483 * interface to match them up with their responses. A routine 484 * is called periodically to time the items in this list. 485 */ 486 spinlock_t seq_lock; 487 struct seq_table seq_table[IPMI_IPMB_NUM_SEQ]; 488 int curr_seq; 489 490 /* 491 * Messages queued for delivery. If delivery fails (out of memory 492 * for instance), They will stay in here to be processed later in a 493 * periodic timer interrupt. The tasklet is for handling received 494 * messages directly from the handler. 495 */ 496 spinlock_t waiting_rcv_msgs_lock; 497 struct list_head waiting_rcv_msgs; 498 atomic_t watchdog_pretimeouts_to_deliver; 499 struct tasklet_struct recv_tasklet; 500 501 spinlock_t xmit_msgs_lock; 502 struct list_head xmit_msgs; 503 struct ipmi_smi_msg *curr_msg; 504 struct list_head hp_xmit_msgs; 505 506 /* 507 * The list of command receivers that are registered for commands 508 * on this interface. 509 */ 510 struct mutex cmd_rcvrs_mutex; 511 struct list_head cmd_rcvrs; 512 513 /* 514 * Events that were queues because no one was there to receive 515 * them. 516 */ 517 spinlock_t events_lock; /* For dealing with event stuff. */ 518 struct list_head waiting_events; 519 unsigned int waiting_events_count; /* How many events in queue? */ 520 char delivering_events; 521 char event_msg_printed; 522 523 /* How many users are waiting for events? */ 524 atomic_t event_waiters; 525 unsigned int ticks_to_req_ev; 526 527 spinlock_t watch_lock; /* For dealing with watch stuff below. */ 528 529 /* How many users are waiting for commands? */ 530 unsigned int command_waiters; 531 532 /* How many users are waiting for watchdogs? */ 533 unsigned int watchdog_waiters; 534 535 /* How many users are waiting for message responses? */ 536 unsigned int response_waiters; 537 538 /* 539 * Tells what the lower layer has last been asked to watch for, 540 * messages and/or watchdogs. Protected by watch_lock. 541 */ 542 unsigned int last_watch_mask; 543 544 /* 545 * The event receiver for my BMC, only really used at panic 546 * shutdown as a place to store this. 547 */ 548 unsigned char event_receiver; 549 unsigned char event_receiver_lun; 550 unsigned char local_sel_device; 551 unsigned char local_event_generator; 552 553 /* For handling of maintenance mode. */ 554 int maintenance_mode; 555 bool maintenance_mode_enable; 556 int auto_maintenance_timeout; 557 spinlock_t maintenance_mode_lock; /* Used in a timer... */ 558 559 /* 560 * If we are doing maintenance on something on IPMB, extend 561 * the timeout time to avoid timeouts writing firmware and 562 * such. 563 */ 564 int ipmb_maintenance_mode_timeout; 565 566 /* 567 * A cheap hack, if this is non-null and a message to an 568 * interface comes in with a NULL user, call this routine with 569 * it. Note that the message will still be freed by the 570 * caller. This only works on the system interface. 571 * 572 * Protected by bmc_reg_mutex. 573 */ 574 void (*null_user_handler)(struct ipmi_smi *intf, 575 struct ipmi_recv_msg *msg); 576 577 /* 578 * When we are scanning the channels for an SMI, this will 579 * tell which channel we are scanning. 580 */ 581 int curr_channel; 582 583 /* Channel information */ 584 struct ipmi_channel_set *channel_list; 585 unsigned int curr_working_cset; /* First index into the following. */ 586 struct ipmi_channel_set wchannels[2]; 587 struct ipmi_my_addrinfo addrinfo[IPMI_MAX_CHANNELS]; 588 bool channels_ready; 589 590 atomic_t stats[IPMI_NUM_STATS]; 591 592 /* 593 * run_to_completion duplicate of smb_info, smi_info 594 * and ipmi_serial_info structures. Used to decrease numbers of 595 * parameters passed by "low" level IPMI code. 596 */ 597 int run_to_completion; 598 }; 599 #define to_si_intf_from_dev(device) container_of(device, struct ipmi_smi, dev) 600 601 static void __get_guid(struct ipmi_smi *intf); 602 static void __ipmi_bmc_unregister(struct ipmi_smi *intf); 603 static int __ipmi_bmc_register(struct ipmi_smi *intf, 604 struct ipmi_device_id *id, 605 bool guid_set, guid_t *guid, int intf_num); 606 static int __scan_channels(struct ipmi_smi *intf, struct ipmi_device_id *id); 607 608 609 /** 610 * The driver model view of the IPMI messaging driver. 611 */ 612 static struct platform_driver ipmidriver = { 613 .driver = { 614 .name = "ipmi", 615 .bus = &platform_bus_type 616 } 617 }; 618 /* 619 * This mutex keeps us from adding the same BMC twice. 620 */ 621 static DEFINE_MUTEX(ipmidriver_mutex); 622 623 static LIST_HEAD(ipmi_interfaces); 624 static DEFINE_MUTEX(ipmi_interfaces_mutex); 625 #define ipmi_interfaces_mutex_held() \ 626 lockdep_is_held(&ipmi_interfaces_mutex) 627 static struct srcu_struct ipmi_interfaces_srcu; 628 629 /* 630 * List of watchers that want to know when smi's are added and deleted. 631 */ 632 static LIST_HEAD(smi_watchers); 633 static DEFINE_MUTEX(smi_watchers_mutex); 634 635 #define ipmi_inc_stat(intf, stat) \ 636 atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat]) 637 #define ipmi_get_stat(intf, stat) \ 638 ((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat])) 639 640 static const char * const addr_src_to_str[] = { 641 "invalid", "hotmod", "hardcoded", "SPMI", "ACPI", "SMBIOS", "PCI", 642 "device-tree", "platform" 643 }; 644 645 const char *ipmi_addr_src_to_str(enum ipmi_addr_src src) 646 { 647 if (src >= SI_LAST) 648 src = 0; /* Invalid */ 649 return addr_src_to_str[src]; 650 } 651 EXPORT_SYMBOL(ipmi_addr_src_to_str); 652 653 static int is_lan_addr(struct ipmi_addr *addr) 654 { 655 return addr->addr_type == IPMI_LAN_ADDR_TYPE; 656 } 657 658 static int is_ipmb_addr(struct ipmi_addr *addr) 659 { 660 return addr->addr_type == IPMI_IPMB_ADDR_TYPE; 661 } 662 663 static int is_ipmb_bcast_addr(struct ipmi_addr *addr) 664 { 665 return addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE; 666 } 667 668 static void free_recv_msg_list(struct list_head *q) 669 { 670 struct ipmi_recv_msg *msg, *msg2; 671 672 list_for_each_entry_safe(msg, msg2, q, link) { 673 list_del(&msg->link); 674 ipmi_free_recv_msg(msg); 675 } 676 } 677 678 static void free_smi_msg_list(struct list_head *q) 679 { 680 struct ipmi_smi_msg *msg, *msg2; 681 682 list_for_each_entry_safe(msg, msg2, q, link) { 683 list_del(&msg->link); 684 ipmi_free_smi_msg(msg); 685 } 686 } 687 688 static void clean_up_interface_data(struct ipmi_smi *intf) 689 { 690 int i; 691 struct cmd_rcvr *rcvr, *rcvr2; 692 struct list_head list; 693 694 tasklet_kill(&intf->recv_tasklet); 695 696 free_smi_msg_list(&intf->waiting_rcv_msgs); 697 free_recv_msg_list(&intf->waiting_events); 698 699 /* 700 * Wholesale remove all the entries from the list in the 701 * interface and wait for RCU to know that none are in use. 702 */ 703 mutex_lock(&intf->cmd_rcvrs_mutex); 704 INIT_LIST_HEAD(&list); 705 list_splice_init_rcu(&intf->cmd_rcvrs, &list, synchronize_rcu); 706 mutex_unlock(&intf->cmd_rcvrs_mutex); 707 708 list_for_each_entry_safe(rcvr, rcvr2, &list, link) 709 kfree(rcvr); 710 711 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) { 712 if ((intf->seq_table[i].inuse) 713 && (intf->seq_table[i].recv_msg)) 714 ipmi_free_recv_msg(intf->seq_table[i].recv_msg); 715 } 716 } 717 718 static void intf_free(struct kref *ref) 719 { 720 struct ipmi_smi *intf = container_of(ref, struct ipmi_smi, refcount); 721 722 clean_up_interface_data(intf); 723 kfree(intf); 724 } 725 726 struct watcher_entry { 727 int intf_num; 728 struct ipmi_smi *intf; 729 struct list_head link; 730 }; 731 732 int ipmi_smi_watcher_register(struct ipmi_smi_watcher *watcher) 733 { 734 struct ipmi_smi *intf; 735 int index, rv; 736 737 /* 738 * Make sure the driver is actually initialized, this handles 739 * problems with initialization order. 740 */ 741 rv = ipmi_init_msghandler(); 742 if (rv) 743 return rv; 744 745 mutex_lock(&smi_watchers_mutex); 746 747 list_add(&watcher->link, &smi_watchers); 748 749 index = srcu_read_lock(&ipmi_interfaces_srcu); 750 list_for_each_entry_rcu(intf, &ipmi_interfaces, link, 751 lockdep_is_held(&smi_watchers_mutex)) { 752 int intf_num = READ_ONCE(intf->intf_num); 753 754 if (intf_num == -1) 755 continue; 756 watcher->new_smi(intf_num, intf->si_dev); 757 } 758 srcu_read_unlock(&ipmi_interfaces_srcu, index); 759 760 mutex_unlock(&smi_watchers_mutex); 761 762 return 0; 763 } 764 EXPORT_SYMBOL(ipmi_smi_watcher_register); 765 766 int ipmi_smi_watcher_unregister(struct ipmi_smi_watcher *watcher) 767 { 768 mutex_lock(&smi_watchers_mutex); 769 list_del(&watcher->link); 770 mutex_unlock(&smi_watchers_mutex); 771 return 0; 772 } 773 EXPORT_SYMBOL(ipmi_smi_watcher_unregister); 774 775 /* 776 * Must be called with smi_watchers_mutex held. 777 */ 778 static void 779 call_smi_watchers(int i, struct device *dev) 780 { 781 struct ipmi_smi_watcher *w; 782 783 mutex_lock(&smi_watchers_mutex); 784 list_for_each_entry(w, &smi_watchers, link) { 785 if (try_module_get(w->owner)) { 786 w->new_smi(i, dev); 787 module_put(w->owner); 788 } 789 } 790 mutex_unlock(&smi_watchers_mutex); 791 } 792 793 static int 794 ipmi_addr_equal(struct ipmi_addr *addr1, struct ipmi_addr *addr2) 795 { 796 if (addr1->addr_type != addr2->addr_type) 797 return 0; 798 799 if (addr1->channel != addr2->channel) 800 return 0; 801 802 if (addr1->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) { 803 struct ipmi_system_interface_addr *smi_addr1 804 = (struct ipmi_system_interface_addr *) addr1; 805 struct ipmi_system_interface_addr *smi_addr2 806 = (struct ipmi_system_interface_addr *) addr2; 807 return (smi_addr1->lun == smi_addr2->lun); 808 } 809 810 if (is_ipmb_addr(addr1) || is_ipmb_bcast_addr(addr1)) { 811 struct ipmi_ipmb_addr *ipmb_addr1 812 = (struct ipmi_ipmb_addr *) addr1; 813 struct ipmi_ipmb_addr *ipmb_addr2 814 = (struct ipmi_ipmb_addr *) addr2; 815 816 return ((ipmb_addr1->slave_addr == ipmb_addr2->slave_addr) 817 && (ipmb_addr1->lun == ipmb_addr2->lun)); 818 } 819 820 if (is_lan_addr(addr1)) { 821 struct ipmi_lan_addr *lan_addr1 822 = (struct ipmi_lan_addr *) addr1; 823 struct ipmi_lan_addr *lan_addr2 824 = (struct ipmi_lan_addr *) addr2; 825 826 return ((lan_addr1->remote_SWID == lan_addr2->remote_SWID) 827 && (lan_addr1->local_SWID == lan_addr2->local_SWID) 828 && (lan_addr1->session_handle 829 == lan_addr2->session_handle) 830 && (lan_addr1->lun == lan_addr2->lun)); 831 } 832 833 return 1; 834 } 835 836 int ipmi_validate_addr(struct ipmi_addr *addr, int len) 837 { 838 if (len < sizeof(struct ipmi_system_interface_addr)) 839 return -EINVAL; 840 841 if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) { 842 if (addr->channel != IPMI_BMC_CHANNEL) 843 return -EINVAL; 844 return 0; 845 } 846 847 if ((addr->channel == IPMI_BMC_CHANNEL) 848 || (addr->channel >= IPMI_MAX_CHANNELS) 849 || (addr->channel < 0)) 850 return -EINVAL; 851 852 if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) { 853 if (len < sizeof(struct ipmi_ipmb_addr)) 854 return -EINVAL; 855 return 0; 856 } 857 858 if (is_lan_addr(addr)) { 859 if (len < sizeof(struct ipmi_lan_addr)) 860 return -EINVAL; 861 return 0; 862 } 863 864 return -EINVAL; 865 } 866 EXPORT_SYMBOL(ipmi_validate_addr); 867 868 unsigned int ipmi_addr_length(int addr_type) 869 { 870 if (addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 871 return sizeof(struct ipmi_system_interface_addr); 872 873 if ((addr_type == IPMI_IPMB_ADDR_TYPE) 874 || (addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)) 875 return sizeof(struct ipmi_ipmb_addr); 876 877 if (addr_type == IPMI_LAN_ADDR_TYPE) 878 return sizeof(struct ipmi_lan_addr); 879 880 return 0; 881 } 882 EXPORT_SYMBOL(ipmi_addr_length); 883 884 static int deliver_response(struct ipmi_smi *intf, struct ipmi_recv_msg *msg) 885 { 886 int rv = 0; 887 888 if (!msg->user) { 889 /* Special handling for NULL users. */ 890 if (intf->null_user_handler) { 891 intf->null_user_handler(intf, msg); 892 } else { 893 /* No handler, so give up. */ 894 rv = -EINVAL; 895 } 896 ipmi_free_recv_msg(msg); 897 } else if (oops_in_progress) { 898 /* 899 * If we are running in the panic context, calling the 900 * receive handler doesn't much meaning and has a deadlock 901 * risk. At this moment, simply skip it in that case. 902 */ 903 ipmi_free_recv_msg(msg); 904 } else { 905 int index; 906 struct ipmi_user *user = acquire_ipmi_user(msg->user, &index); 907 908 if (user) { 909 user->handler->ipmi_recv_hndl(msg, user->handler_data); 910 release_ipmi_user(user, index); 911 } else { 912 /* User went away, give up. */ 913 ipmi_free_recv_msg(msg); 914 rv = -EINVAL; 915 } 916 } 917 918 return rv; 919 } 920 921 static void deliver_local_response(struct ipmi_smi *intf, 922 struct ipmi_recv_msg *msg) 923 { 924 if (deliver_response(intf, msg)) 925 ipmi_inc_stat(intf, unhandled_local_responses); 926 else 927 ipmi_inc_stat(intf, handled_local_responses); 928 } 929 930 static void deliver_err_response(struct ipmi_smi *intf, 931 struct ipmi_recv_msg *msg, int err) 932 { 933 msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 934 msg->msg_data[0] = err; 935 msg->msg.netfn |= 1; /* Convert to a response. */ 936 msg->msg.data_len = 1; 937 msg->msg.data = msg->msg_data; 938 deliver_local_response(intf, msg); 939 } 940 941 static void smi_add_watch(struct ipmi_smi *intf, unsigned int flags) 942 { 943 unsigned long iflags; 944 945 if (!intf->handlers->set_need_watch) 946 return; 947 948 spin_lock_irqsave(&intf->watch_lock, iflags); 949 if (flags & IPMI_WATCH_MASK_CHECK_MESSAGES) 950 intf->response_waiters++; 951 952 if (flags & IPMI_WATCH_MASK_CHECK_WATCHDOG) 953 intf->watchdog_waiters++; 954 955 if (flags & IPMI_WATCH_MASK_CHECK_COMMANDS) 956 intf->command_waiters++; 957 958 if ((intf->last_watch_mask & flags) != flags) { 959 intf->last_watch_mask |= flags; 960 intf->handlers->set_need_watch(intf->send_info, 961 intf->last_watch_mask); 962 } 963 spin_unlock_irqrestore(&intf->watch_lock, iflags); 964 } 965 966 static void smi_remove_watch(struct ipmi_smi *intf, unsigned int flags) 967 { 968 unsigned long iflags; 969 970 if (!intf->handlers->set_need_watch) 971 return; 972 973 spin_lock_irqsave(&intf->watch_lock, iflags); 974 if (flags & IPMI_WATCH_MASK_CHECK_MESSAGES) 975 intf->response_waiters--; 976 977 if (flags & IPMI_WATCH_MASK_CHECK_WATCHDOG) 978 intf->watchdog_waiters--; 979 980 if (flags & IPMI_WATCH_MASK_CHECK_COMMANDS) 981 intf->command_waiters--; 982 983 flags = 0; 984 if (intf->response_waiters) 985 flags |= IPMI_WATCH_MASK_CHECK_MESSAGES; 986 if (intf->watchdog_waiters) 987 flags |= IPMI_WATCH_MASK_CHECK_WATCHDOG; 988 if (intf->command_waiters) 989 flags |= IPMI_WATCH_MASK_CHECK_COMMANDS; 990 991 if (intf->last_watch_mask != flags) { 992 intf->last_watch_mask = flags; 993 intf->handlers->set_need_watch(intf->send_info, 994 intf->last_watch_mask); 995 } 996 spin_unlock_irqrestore(&intf->watch_lock, iflags); 997 } 998 999 /* 1000 * Find the next sequence number not being used and add the given 1001 * message with the given timeout to the sequence table. This must be 1002 * called with the interface's seq_lock held. 1003 */ 1004 static int intf_next_seq(struct ipmi_smi *intf, 1005 struct ipmi_recv_msg *recv_msg, 1006 unsigned long timeout, 1007 int retries, 1008 int broadcast, 1009 unsigned char *seq, 1010 long *seqid) 1011 { 1012 int rv = 0; 1013 unsigned int i; 1014 1015 if (timeout == 0) 1016 timeout = default_retry_ms; 1017 if (retries < 0) 1018 retries = default_max_retries; 1019 1020 for (i = intf->curr_seq; (i+1)%IPMI_IPMB_NUM_SEQ != intf->curr_seq; 1021 i = (i+1)%IPMI_IPMB_NUM_SEQ) { 1022 if (!intf->seq_table[i].inuse) 1023 break; 1024 } 1025 1026 if (!intf->seq_table[i].inuse) { 1027 intf->seq_table[i].recv_msg = recv_msg; 1028 1029 /* 1030 * Start with the maximum timeout, when the send response 1031 * comes in we will start the real timer. 1032 */ 1033 intf->seq_table[i].timeout = MAX_MSG_TIMEOUT; 1034 intf->seq_table[i].orig_timeout = timeout; 1035 intf->seq_table[i].retries_left = retries; 1036 intf->seq_table[i].broadcast = broadcast; 1037 intf->seq_table[i].inuse = 1; 1038 intf->seq_table[i].seqid = NEXT_SEQID(intf->seq_table[i].seqid); 1039 *seq = i; 1040 *seqid = intf->seq_table[i].seqid; 1041 intf->curr_seq = (i+1)%IPMI_IPMB_NUM_SEQ; 1042 smi_add_watch(intf, IPMI_WATCH_MASK_CHECK_MESSAGES); 1043 need_waiter(intf); 1044 } else { 1045 rv = -EAGAIN; 1046 } 1047 1048 return rv; 1049 } 1050 1051 /* 1052 * Return the receive message for the given sequence number and 1053 * release the sequence number so it can be reused. Some other data 1054 * is passed in to be sure the message matches up correctly (to help 1055 * guard against message coming in after their timeout and the 1056 * sequence number being reused). 1057 */ 1058 static int intf_find_seq(struct ipmi_smi *intf, 1059 unsigned char seq, 1060 short channel, 1061 unsigned char cmd, 1062 unsigned char netfn, 1063 struct ipmi_addr *addr, 1064 struct ipmi_recv_msg **recv_msg) 1065 { 1066 int rv = -ENODEV; 1067 unsigned long flags; 1068 1069 if (seq >= IPMI_IPMB_NUM_SEQ) 1070 return -EINVAL; 1071 1072 spin_lock_irqsave(&intf->seq_lock, flags); 1073 if (intf->seq_table[seq].inuse) { 1074 struct ipmi_recv_msg *msg = intf->seq_table[seq].recv_msg; 1075 1076 if ((msg->addr.channel == channel) && (msg->msg.cmd == cmd) 1077 && (msg->msg.netfn == netfn) 1078 && (ipmi_addr_equal(addr, &msg->addr))) { 1079 *recv_msg = msg; 1080 intf->seq_table[seq].inuse = 0; 1081 smi_remove_watch(intf, IPMI_WATCH_MASK_CHECK_MESSAGES); 1082 rv = 0; 1083 } 1084 } 1085 spin_unlock_irqrestore(&intf->seq_lock, flags); 1086 1087 return rv; 1088 } 1089 1090 1091 /* Start the timer for a specific sequence table entry. */ 1092 static int intf_start_seq_timer(struct ipmi_smi *intf, 1093 long msgid) 1094 { 1095 int rv = -ENODEV; 1096 unsigned long flags; 1097 unsigned char seq; 1098 unsigned long seqid; 1099 1100 1101 GET_SEQ_FROM_MSGID(msgid, seq, seqid); 1102 1103 spin_lock_irqsave(&intf->seq_lock, flags); 1104 /* 1105 * We do this verification because the user can be deleted 1106 * while a message is outstanding. 1107 */ 1108 if ((intf->seq_table[seq].inuse) 1109 && (intf->seq_table[seq].seqid == seqid)) { 1110 struct seq_table *ent = &intf->seq_table[seq]; 1111 ent->timeout = ent->orig_timeout; 1112 rv = 0; 1113 } 1114 spin_unlock_irqrestore(&intf->seq_lock, flags); 1115 1116 return rv; 1117 } 1118 1119 /* Got an error for the send message for a specific sequence number. */ 1120 static int intf_err_seq(struct ipmi_smi *intf, 1121 long msgid, 1122 unsigned int err) 1123 { 1124 int rv = -ENODEV; 1125 unsigned long flags; 1126 unsigned char seq; 1127 unsigned long seqid; 1128 struct ipmi_recv_msg *msg = NULL; 1129 1130 1131 GET_SEQ_FROM_MSGID(msgid, seq, seqid); 1132 1133 spin_lock_irqsave(&intf->seq_lock, flags); 1134 /* 1135 * We do this verification because the user can be deleted 1136 * while a message is outstanding. 1137 */ 1138 if ((intf->seq_table[seq].inuse) 1139 && (intf->seq_table[seq].seqid == seqid)) { 1140 struct seq_table *ent = &intf->seq_table[seq]; 1141 1142 ent->inuse = 0; 1143 smi_remove_watch(intf, IPMI_WATCH_MASK_CHECK_MESSAGES); 1144 msg = ent->recv_msg; 1145 rv = 0; 1146 } 1147 spin_unlock_irqrestore(&intf->seq_lock, flags); 1148 1149 if (msg) 1150 deliver_err_response(intf, msg, err); 1151 1152 return rv; 1153 } 1154 1155 static void free_user_work(struct work_struct *work) 1156 { 1157 struct ipmi_user *user = container_of(work, struct ipmi_user, 1158 remove_work); 1159 1160 cleanup_srcu_struct(&user->release_barrier); 1161 vfree(user); 1162 } 1163 1164 int ipmi_create_user(unsigned int if_num, 1165 const struct ipmi_user_hndl *handler, 1166 void *handler_data, 1167 struct ipmi_user **user) 1168 { 1169 unsigned long flags; 1170 struct ipmi_user *new_user; 1171 int rv, index; 1172 struct ipmi_smi *intf; 1173 1174 /* 1175 * There is no module usecount here, because it's not 1176 * required. Since this can only be used by and called from 1177 * other modules, they will implicitly use this module, and 1178 * thus this can't be removed unless the other modules are 1179 * removed. 1180 */ 1181 1182 if (handler == NULL) 1183 return -EINVAL; 1184 1185 /* 1186 * Make sure the driver is actually initialized, this handles 1187 * problems with initialization order. 1188 */ 1189 rv = ipmi_init_msghandler(); 1190 if (rv) 1191 return rv; 1192 1193 new_user = vzalloc(sizeof(*new_user)); 1194 if (!new_user) 1195 return -ENOMEM; 1196 1197 index = srcu_read_lock(&ipmi_interfaces_srcu); 1198 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 1199 if (intf->intf_num == if_num) 1200 goto found; 1201 } 1202 /* Not found, return an error */ 1203 rv = -EINVAL; 1204 goto out_kfree; 1205 1206 found: 1207 INIT_WORK(&new_user->remove_work, free_user_work); 1208 1209 rv = init_srcu_struct(&new_user->release_barrier); 1210 if (rv) 1211 goto out_kfree; 1212 1213 if (!try_module_get(intf->owner)) { 1214 rv = -ENODEV; 1215 goto out_kfree; 1216 } 1217 1218 /* Note that each existing user holds a refcount to the interface. */ 1219 kref_get(&intf->refcount); 1220 1221 kref_init(&new_user->refcount); 1222 new_user->handler = handler; 1223 new_user->handler_data = handler_data; 1224 new_user->intf = intf; 1225 new_user->gets_events = false; 1226 1227 rcu_assign_pointer(new_user->self, new_user); 1228 spin_lock_irqsave(&intf->seq_lock, flags); 1229 list_add_rcu(&new_user->link, &intf->users); 1230 spin_unlock_irqrestore(&intf->seq_lock, flags); 1231 if (handler->ipmi_watchdog_pretimeout) 1232 /* User wants pretimeouts, so make sure to watch for them. */ 1233 smi_add_watch(intf, IPMI_WATCH_MASK_CHECK_WATCHDOG); 1234 srcu_read_unlock(&ipmi_interfaces_srcu, index); 1235 *user = new_user; 1236 return 0; 1237 1238 out_kfree: 1239 srcu_read_unlock(&ipmi_interfaces_srcu, index); 1240 vfree(new_user); 1241 return rv; 1242 } 1243 EXPORT_SYMBOL(ipmi_create_user); 1244 1245 int ipmi_get_smi_info(int if_num, struct ipmi_smi_info *data) 1246 { 1247 int rv, index; 1248 struct ipmi_smi *intf; 1249 1250 index = srcu_read_lock(&ipmi_interfaces_srcu); 1251 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 1252 if (intf->intf_num == if_num) 1253 goto found; 1254 } 1255 srcu_read_unlock(&ipmi_interfaces_srcu, index); 1256 1257 /* Not found, return an error */ 1258 return -EINVAL; 1259 1260 found: 1261 if (!intf->handlers->get_smi_info) 1262 rv = -ENOTTY; 1263 else 1264 rv = intf->handlers->get_smi_info(intf->send_info, data); 1265 srcu_read_unlock(&ipmi_interfaces_srcu, index); 1266 1267 return rv; 1268 } 1269 EXPORT_SYMBOL(ipmi_get_smi_info); 1270 1271 static void free_user(struct kref *ref) 1272 { 1273 struct ipmi_user *user = container_of(ref, struct ipmi_user, refcount); 1274 1275 /* SRCU cleanup must happen in task context. */ 1276 schedule_work(&user->remove_work); 1277 } 1278 1279 static void _ipmi_destroy_user(struct ipmi_user *user) 1280 { 1281 struct ipmi_smi *intf = user->intf; 1282 int i; 1283 unsigned long flags; 1284 struct cmd_rcvr *rcvr; 1285 struct cmd_rcvr *rcvrs = NULL; 1286 1287 if (!acquire_ipmi_user(user, &i)) { 1288 /* 1289 * The user has already been cleaned up, just make sure 1290 * nothing is using it and return. 1291 */ 1292 synchronize_srcu(&user->release_barrier); 1293 return; 1294 } 1295 1296 rcu_assign_pointer(user->self, NULL); 1297 release_ipmi_user(user, i); 1298 1299 synchronize_srcu(&user->release_barrier); 1300 1301 if (user->handler->shutdown) 1302 user->handler->shutdown(user->handler_data); 1303 1304 if (user->handler->ipmi_watchdog_pretimeout) 1305 smi_remove_watch(intf, IPMI_WATCH_MASK_CHECK_WATCHDOG); 1306 1307 if (user->gets_events) 1308 atomic_dec(&intf->event_waiters); 1309 1310 /* Remove the user from the interface's sequence table. */ 1311 spin_lock_irqsave(&intf->seq_lock, flags); 1312 list_del_rcu(&user->link); 1313 1314 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) { 1315 if (intf->seq_table[i].inuse 1316 && (intf->seq_table[i].recv_msg->user == user)) { 1317 intf->seq_table[i].inuse = 0; 1318 smi_remove_watch(intf, IPMI_WATCH_MASK_CHECK_MESSAGES); 1319 ipmi_free_recv_msg(intf->seq_table[i].recv_msg); 1320 } 1321 } 1322 spin_unlock_irqrestore(&intf->seq_lock, flags); 1323 1324 /* 1325 * Remove the user from the command receiver's table. First 1326 * we build a list of everything (not using the standard link, 1327 * since other things may be using it till we do 1328 * synchronize_srcu()) then free everything in that list. 1329 */ 1330 mutex_lock(&intf->cmd_rcvrs_mutex); 1331 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link, 1332 lockdep_is_held(&intf->cmd_rcvrs_mutex)) { 1333 if (rcvr->user == user) { 1334 list_del_rcu(&rcvr->link); 1335 rcvr->next = rcvrs; 1336 rcvrs = rcvr; 1337 } 1338 } 1339 mutex_unlock(&intf->cmd_rcvrs_mutex); 1340 synchronize_rcu(); 1341 while (rcvrs) { 1342 rcvr = rcvrs; 1343 rcvrs = rcvr->next; 1344 kfree(rcvr); 1345 } 1346 1347 kref_put(&intf->refcount, intf_free); 1348 module_put(intf->owner); 1349 } 1350 1351 int ipmi_destroy_user(struct ipmi_user *user) 1352 { 1353 _ipmi_destroy_user(user); 1354 1355 kref_put(&user->refcount, free_user); 1356 1357 return 0; 1358 } 1359 EXPORT_SYMBOL(ipmi_destroy_user); 1360 1361 int ipmi_get_version(struct ipmi_user *user, 1362 unsigned char *major, 1363 unsigned char *minor) 1364 { 1365 struct ipmi_device_id id; 1366 int rv, index; 1367 1368 user = acquire_ipmi_user(user, &index); 1369 if (!user) 1370 return -ENODEV; 1371 1372 rv = bmc_get_device_id(user->intf, NULL, &id, NULL, NULL); 1373 if (!rv) { 1374 *major = ipmi_version_major(&id); 1375 *minor = ipmi_version_minor(&id); 1376 } 1377 release_ipmi_user(user, index); 1378 1379 return rv; 1380 } 1381 EXPORT_SYMBOL(ipmi_get_version); 1382 1383 int ipmi_set_my_address(struct ipmi_user *user, 1384 unsigned int channel, 1385 unsigned char address) 1386 { 1387 int index, rv = 0; 1388 1389 user = acquire_ipmi_user(user, &index); 1390 if (!user) 1391 return -ENODEV; 1392 1393 if (channel >= IPMI_MAX_CHANNELS) { 1394 rv = -EINVAL; 1395 } else { 1396 channel = array_index_nospec(channel, IPMI_MAX_CHANNELS); 1397 user->intf->addrinfo[channel].address = address; 1398 } 1399 release_ipmi_user(user, index); 1400 1401 return rv; 1402 } 1403 EXPORT_SYMBOL(ipmi_set_my_address); 1404 1405 int ipmi_get_my_address(struct ipmi_user *user, 1406 unsigned int channel, 1407 unsigned char *address) 1408 { 1409 int index, rv = 0; 1410 1411 user = acquire_ipmi_user(user, &index); 1412 if (!user) 1413 return -ENODEV; 1414 1415 if (channel >= IPMI_MAX_CHANNELS) { 1416 rv = -EINVAL; 1417 } else { 1418 channel = array_index_nospec(channel, IPMI_MAX_CHANNELS); 1419 *address = user->intf->addrinfo[channel].address; 1420 } 1421 release_ipmi_user(user, index); 1422 1423 return rv; 1424 } 1425 EXPORT_SYMBOL(ipmi_get_my_address); 1426 1427 int ipmi_set_my_LUN(struct ipmi_user *user, 1428 unsigned int channel, 1429 unsigned char LUN) 1430 { 1431 int index, rv = 0; 1432 1433 user = acquire_ipmi_user(user, &index); 1434 if (!user) 1435 return -ENODEV; 1436 1437 if (channel >= IPMI_MAX_CHANNELS) { 1438 rv = -EINVAL; 1439 } else { 1440 channel = array_index_nospec(channel, IPMI_MAX_CHANNELS); 1441 user->intf->addrinfo[channel].lun = LUN & 0x3; 1442 } 1443 release_ipmi_user(user, index); 1444 1445 return rv; 1446 } 1447 EXPORT_SYMBOL(ipmi_set_my_LUN); 1448 1449 int ipmi_get_my_LUN(struct ipmi_user *user, 1450 unsigned int channel, 1451 unsigned char *address) 1452 { 1453 int index, rv = 0; 1454 1455 user = acquire_ipmi_user(user, &index); 1456 if (!user) 1457 return -ENODEV; 1458 1459 if (channel >= IPMI_MAX_CHANNELS) { 1460 rv = -EINVAL; 1461 } else { 1462 channel = array_index_nospec(channel, IPMI_MAX_CHANNELS); 1463 *address = user->intf->addrinfo[channel].lun; 1464 } 1465 release_ipmi_user(user, index); 1466 1467 return rv; 1468 } 1469 EXPORT_SYMBOL(ipmi_get_my_LUN); 1470 1471 int ipmi_get_maintenance_mode(struct ipmi_user *user) 1472 { 1473 int mode, index; 1474 unsigned long flags; 1475 1476 user = acquire_ipmi_user(user, &index); 1477 if (!user) 1478 return -ENODEV; 1479 1480 spin_lock_irqsave(&user->intf->maintenance_mode_lock, flags); 1481 mode = user->intf->maintenance_mode; 1482 spin_unlock_irqrestore(&user->intf->maintenance_mode_lock, flags); 1483 release_ipmi_user(user, index); 1484 1485 return mode; 1486 } 1487 EXPORT_SYMBOL(ipmi_get_maintenance_mode); 1488 1489 static void maintenance_mode_update(struct ipmi_smi *intf) 1490 { 1491 if (intf->handlers->set_maintenance_mode) 1492 intf->handlers->set_maintenance_mode( 1493 intf->send_info, intf->maintenance_mode_enable); 1494 } 1495 1496 int ipmi_set_maintenance_mode(struct ipmi_user *user, int mode) 1497 { 1498 int rv = 0, index; 1499 unsigned long flags; 1500 struct ipmi_smi *intf = user->intf; 1501 1502 user = acquire_ipmi_user(user, &index); 1503 if (!user) 1504 return -ENODEV; 1505 1506 spin_lock_irqsave(&intf->maintenance_mode_lock, flags); 1507 if (intf->maintenance_mode != mode) { 1508 switch (mode) { 1509 case IPMI_MAINTENANCE_MODE_AUTO: 1510 intf->maintenance_mode_enable 1511 = (intf->auto_maintenance_timeout > 0); 1512 break; 1513 1514 case IPMI_MAINTENANCE_MODE_OFF: 1515 intf->maintenance_mode_enable = false; 1516 break; 1517 1518 case IPMI_MAINTENANCE_MODE_ON: 1519 intf->maintenance_mode_enable = true; 1520 break; 1521 1522 default: 1523 rv = -EINVAL; 1524 goto out_unlock; 1525 } 1526 intf->maintenance_mode = mode; 1527 1528 maintenance_mode_update(intf); 1529 } 1530 out_unlock: 1531 spin_unlock_irqrestore(&intf->maintenance_mode_lock, flags); 1532 release_ipmi_user(user, index); 1533 1534 return rv; 1535 } 1536 EXPORT_SYMBOL(ipmi_set_maintenance_mode); 1537 1538 int ipmi_set_gets_events(struct ipmi_user *user, bool val) 1539 { 1540 unsigned long flags; 1541 struct ipmi_smi *intf = user->intf; 1542 struct ipmi_recv_msg *msg, *msg2; 1543 struct list_head msgs; 1544 int index; 1545 1546 user = acquire_ipmi_user(user, &index); 1547 if (!user) 1548 return -ENODEV; 1549 1550 INIT_LIST_HEAD(&msgs); 1551 1552 spin_lock_irqsave(&intf->events_lock, flags); 1553 if (user->gets_events == val) 1554 goto out; 1555 1556 user->gets_events = val; 1557 1558 if (val) { 1559 if (atomic_inc_return(&intf->event_waiters) == 1) 1560 need_waiter(intf); 1561 } else { 1562 atomic_dec(&intf->event_waiters); 1563 } 1564 1565 if (intf->delivering_events) 1566 /* 1567 * Another thread is delivering events for this, so 1568 * let it handle any new events. 1569 */ 1570 goto out; 1571 1572 /* Deliver any queued events. */ 1573 while (user->gets_events && !list_empty(&intf->waiting_events)) { 1574 list_for_each_entry_safe(msg, msg2, &intf->waiting_events, link) 1575 list_move_tail(&msg->link, &msgs); 1576 intf->waiting_events_count = 0; 1577 if (intf->event_msg_printed) { 1578 dev_warn(intf->si_dev, "Event queue no longer full\n"); 1579 intf->event_msg_printed = 0; 1580 } 1581 1582 intf->delivering_events = 1; 1583 spin_unlock_irqrestore(&intf->events_lock, flags); 1584 1585 list_for_each_entry_safe(msg, msg2, &msgs, link) { 1586 msg->user = user; 1587 kref_get(&user->refcount); 1588 deliver_local_response(intf, msg); 1589 } 1590 1591 spin_lock_irqsave(&intf->events_lock, flags); 1592 intf->delivering_events = 0; 1593 } 1594 1595 out: 1596 spin_unlock_irqrestore(&intf->events_lock, flags); 1597 release_ipmi_user(user, index); 1598 1599 return 0; 1600 } 1601 EXPORT_SYMBOL(ipmi_set_gets_events); 1602 1603 static struct cmd_rcvr *find_cmd_rcvr(struct ipmi_smi *intf, 1604 unsigned char netfn, 1605 unsigned char cmd, 1606 unsigned char chan) 1607 { 1608 struct cmd_rcvr *rcvr; 1609 1610 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link, 1611 lockdep_is_held(&intf->cmd_rcvrs_mutex)) { 1612 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd) 1613 && (rcvr->chans & (1 << chan))) 1614 return rcvr; 1615 } 1616 return NULL; 1617 } 1618 1619 static int is_cmd_rcvr_exclusive(struct ipmi_smi *intf, 1620 unsigned char netfn, 1621 unsigned char cmd, 1622 unsigned int chans) 1623 { 1624 struct cmd_rcvr *rcvr; 1625 1626 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link, 1627 lockdep_is_held(&intf->cmd_rcvrs_mutex)) { 1628 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd) 1629 && (rcvr->chans & chans)) 1630 return 0; 1631 } 1632 return 1; 1633 } 1634 1635 int ipmi_register_for_cmd(struct ipmi_user *user, 1636 unsigned char netfn, 1637 unsigned char cmd, 1638 unsigned int chans) 1639 { 1640 struct ipmi_smi *intf = user->intf; 1641 struct cmd_rcvr *rcvr; 1642 int rv = 0, index; 1643 1644 user = acquire_ipmi_user(user, &index); 1645 if (!user) 1646 return -ENODEV; 1647 1648 rcvr = kmalloc(sizeof(*rcvr), GFP_KERNEL); 1649 if (!rcvr) { 1650 rv = -ENOMEM; 1651 goto out_release; 1652 } 1653 rcvr->cmd = cmd; 1654 rcvr->netfn = netfn; 1655 rcvr->chans = chans; 1656 rcvr->user = user; 1657 1658 mutex_lock(&intf->cmd_rcvrs_mutex); 1659 /* Make sure the command/netfn is not already registered. */ 1660 if (!is_cmd_rcvr_exclusive(intf, netfn, cmd, chans)) { 1661 rv = -EBUSY; 1662 goto out_unlock; 1663 } 1664 1665 smi_add_watch(intf, IPMI_WATCH_MASK_CHECK_COMMANDS); 1666 1667 list_add_rcu(&rcvr->link, &intf->cmd_rcvrs); 1668 1669 out_unlock: 1670 mutex_unlock(&intf->cmd_rcvrs_mutex); 1671 if (rv) 1672 kfree(rcvr); 1673 out_release: 1674 release_ipmi_user(user, index); 1675 1676 return rv; 1677 } 1678 EXPORT_SYMBOL(ipmi_register_for_cmd); 1679 1680 int ipmi_unregister_for_cmd(struct ipmi_user *user, 1681 unsigned char netfn, 1682 unsigned char cmd, 1683 unsigned int chans) 1684 { 1685 struct ipmi_smi *intf = user->intf; 1686 struct cmd_rcvr *rcvr; 1687 struct cmd_rcvr *rcvrs = NULL; 1688 int i, rv = -ENOENT, index; 1689 1690 user = acquire_ipmi_user(user, &index); 1691 if (!user) 1692 return -ENODEV; 1693 1694 mutex_lock(&intf->cmd_rcvrs_mutex); 1695 for (i = 0; i < IPMI_NUM_CHANNELS; i++) { 1696 if (((1 << i) & chans) == 0) 1697 continue; 1698 rcvr = find_cmd_rcvr(intf, netfn, cmd, i); 1699 if (rcvr == NULL) 1700 continue; 1701 if (rcvr->user == user) { 1702 rv = 0; 1703 rcvr->chans &= ~chans; 1704 if (rcvr->chans == 0) { 1705 list_del_rcu(&rcvr->link); 1706 rcvr->next = rcvrs; 1707 rcvrs = rcvr; 1708 } 1709 } 1710 } 1711 mutex_unlock(&intf->cmd_rcvrs_mutex); 1712 synchronize_rcu(); 1713 release_ipmi_user(user, index); 1714 while (rcvrs) { 1715 smi_remove_watch(intf, IPMI_WATCH_MASK_CHECK_COMMANDS); 1716 rcvr = rcvrs; 1717 rcvrs = rcvr->next; 1718 kfree(rcvr); 1719 } 1720 1721 return rv; 1722 } 1723 EXPORT_SYMBOL(ipmi_unregister_for_cmd); 1724 1725 static unsigned char 1726 ipmb_checksum(unsigned char *data, int size) 1727 { 1728 unsigned char csum = 0; 1729 1730 for (; size > 0; size--, data++) 1731 csum += *data; 1732 1733 return -csum; 1734 } 1735 1736 static inline void format_ipmb_msg(struct ipmi_smi_msg *smi_msg, 1737 struct kernel_ipmi_msg *msg, 1738 struct ipmi_ipmb_addr *ipmb_addr, 1739 long msgid, 1740 unsigned char ipmb_seq, 1741 int broadcast, 1742 unsigned char source_address, 1743 unsigned char source_lun) 1744 { 1745 int i = broadcast; 1746 1747 /* Format the IPMB header data. */ 1748 smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2); 1749 smi_msg->data[1] = IPMI_SEND_MSG_CMD; 1750 smi_msg->data[2] = ipmb_addr->channel; 1751 if (broadcast) 1752 smi_msg->data[3] = 0; 1753 smi_msg->data[i+3] = ipmb_addr->slave_addr; 1754 smi_msg->data[i+4] = (msg->netfn << 2) | (ipmb_addr->lun & 0x3); 1755 smi_msg->data[i+5] = ipmb_checksum(&smi_msg->data[i + 3], 2); 1756 smi_msg->data[i+6] = source_address; 1757 smi_msg->data[i+7] = (ipmb_seq << 2) | source_lun; 1758 smi_msg->data[i+8] = msg->cmd; 1759 1760 /* Now tack on the data to the message. */ 1761 if (msg->data_len > 0) 1762 memcpy(&smi_msg->data[i + 9], msg->data, msg->data_len); 1763 smi_msg->data_size = msg->data_len + 9; 1764 1765 /* Now calculate the checksum and tack it on. */ 1766 smi_msg->data[i+smi_msg->data_size] 1767 = ipmb_checksum(&smi_msg->data[i + 6], smi_msg->data_size - 6); 1768 1769 /* 1770 * Add on the checksum size and the offset from the 1771 * broadcast. 1772 */ 1773 smi_msg->data_size += 1 + i; 1774 1775 smi_msg->msgid = msgid; 1776 } 1777 1778 static inline void format_lan_msg(struct ipmi_smi_msg *smi_msg, 1779 struct kernel_ipmi_msg *msg, 1780 struct ipmi_lan_addr *lan_addr, 1781 long msgid, 1782 unsigned char ipmb_seq, 1783 unsigned char source_lun) 1784 { 1785 /* Format the IPMB header data. */ 1786 smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2); 1787 smi_msg->data[1] = IPMI_SEND_MSG_CMD; 1788 smi_msg->data[2] = lan_addr->channel; 1789 smi_msg->data[3] = lan_addr->session_handle; 1790 smi_msg->data[4] = lan_addr->remote_SWID; 1791 smi_msg->data[5] = (msg->netfn << 2) | (lan_addr->lun & 0x3); 1792 smi_msg->data[6] = ipmb_checksum(&smi_msg->data[4], 2); 1793 smi_msg->data[7] = lan_addr->local_SWID; 1794 smi_msg->data[8] = (ipmb_seq << 2) | source_lun; 1795 smi_msg->data[9] = msg->cmd; 1796 1797 /* Now tack on the data to the message. */ 1798 if (msg->data_len > 0) 1799 memcpy(&smi_msg->data[10], msg->data, msg->data_len); 1800 smi_msg->data_size = msg->data_len + 10; 1801 1802 /* Now calculate the checksum and tack it on. */ 1803 smi_msg->data[smi_msg->data_size] 1804 = ipmb_checksum(&smi_msg->data[7], smi_msg->data_size - 7); 1805 1806 /* 1807 * Add on the checksum size and the offset from the 1808 * broadcast. 1809 */ 1810 smi_msg->data_size += 1; 1811 1812 smi_msg->msgid = msgid; 1813 } 1814 1815 static struct ipmi_smi_msg *smi_add_send_msg(struct ipmi_smi *intf, 1816 struct ipmi_smi_msg *smi_msg, 1817 int priority) 1818 { 1819 if (intf->curr_msg) { 1820 if (priority > 0) 1821 list_add_tail(&smi_msg->link, &intf->hp_xmit_msgs); 1822 else 1823 list_add_tail(&smi_msg->link, &intf->xmit_msgs); 1824 smi_msg = NULL; 1825 } else { 1826 intf->curr_msg = smi_msg; 1827 } 1828 1829 return smi_msg; 1830 } 1831 1832 static void smi_send(struct ipmi_smi *intf, 1833 const struct ipmi_smi_handlers *handlers, 1834 struct ipmi_smi_msg *smi_msg, int priority) 1835 { 1836 int run_to_completion = intf->run_to_completion; 1837 unsigned long flags = 0; 1838 1839 if (!run_to_completion) 1840 spin_lock_irqsave(&intf->xmit_msgs_lock, flags); 1841 smi_msg = smi_add_send_msg(intf, smi_msg, priority); 1842 1843 if (!run_to_completion) 1844 spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags); 1845 1846 if (smi_msg) 1847 handlers->sender(intf->send_info, smi_msg); 1848 } 1849 1850 static bool is_maintenance_mode_cmd(struct kernel_ipmi_msg *msg) 1851 { 1852 return (((msg->netfn == IPMI_NETFN_APP_REQUEST) 1853 && ((msg->cmd == IPMI_COLD_RESET_CMD) 1854 || (msg->cmd == IPMI_WARM_RESET_CMD))) 1855 || (msg->netfn == IPMI_NETFN_FIRMWARE_REQUEST)); 1856 } 1857 1858 static int i_ipmi_req_sysintf(struct ipmi_smi *intf, 1859 struct ipmi_addr *addr, 1860 long msgid, 1861 struct kernel_ipmi_msg *msg, 1862 struct ipmi_smi_msg *smi_msg, 1863 struct ipmi_recv_msg *recv_msg, 1864 int retries, 1865 unsigned int retry_time_ms) 1866 { 1867 struct ipmi_system_interface_addr *smi_addr; 1868 1869 if (msg->netfn & 1) 1870 /* Responses are not allowed to the SMI. */ 1871 return -EINVAL; 1872 1873 smi_addr = (struct ipmi_system_interface_addr *) addr; 1874 if (smi_addr->lun > 3) { 1875 ipmi_inc_stat(intf, sent_invalid_commands); 1876 return -EINVAL; 1877 } 1878 1879 memcpy(&recv_msg->addr, smi_addr, sizeof(*smi_addr)); 1880 1881 if ((msg->netfn == IPMI_NETFN_APP_REQUEST) 1882 && ((msg->cmd == IPMI_SEND_MSG_CMD) 1883 || (msg->cmd == IPMI_GET_MSG_CMD) 1884 || (msg->cmd == IPMI_READ_EVENT_MSG_BUFFER_CMD))) { 1885 /* 1886 * We don't let the user do these, since we manage 1887 * the sequence numbers. 1888 */ 1889 ipmi_inc_stat(intf, sent_invalid_commands); 1890 return -EINVAL; 1891 } 1892 1893 if (is_maintenance_mode_cmd(msg)) { 1894 unsigned long flags; 1895 1896 spin_lock_irqsave(&intf->maintenance_mode_lock, flags); 1897 intf->auto_maintenance_timeout 1898 = maintenance_mode_timeout_ms; 1899 if (!intf->maintenance_mode 1900 && !intf->maintenance_mode_enable) { 1901 intf->maintenance_mode_enable = true; 1902 maintenance_mode_update(intf); 1903 } 1904 spin_unlock_irqrestore(&intf->maintenance_mode_lock, 1905 flags); 1906 } 1907 1908 if (msg->data_len + 2 > IPMI_MAX_MSG_LENGTH) { 1909 ipmi_inc_stat(intf, sent_invalid_commands); 1910 return -EMSGSIZE; 1911 } 1912 1913 smi_msg->data[0] = (msg->netfn << 2) | (smi_addr->lun & 0x3); 1914 smi_msg->data[1] = msg->cmd; 1915 smi_msg->msgid = msgid; 1916 smi_msg->user_data = recv_msg; 1917 if (msg->data_len > 0) 1918 memcpy(&smi_msg->data[2], msg->data, msg->data_len); 1919 smi_msg->data_size = msg->data_len + 2; 1920 ipmi_inc_stat(intf, sent_local_commands); 1921 1922 return 0; 1923 } 1924 1925 static int i_ipmi_req_ipmb(struct ipmi_smi *intf, 1926 struct ipmi_addr *addr, 1927 long msgid, 1928 struct kernel_ipmi_msg *msg, 1929 struct ipmi_smi_msg *smi_msg, 1930 struct ipmi_recv_msg *recv_msg, 1931 unsigned char source_address, 1932 unsigned char source_lun, 1933 int retries, 1934 unsigned int retry_time_ms) 1935 { 1936 struct ipmi_ipmb_addr *ipmb_addr; 1937 unsigned char ipmb_seq; 1938 long seqid; 1939 int broadcast = 0; 1940 struct ipmi_channel *chans; 1941 int rv = 0; 1942 1943 if (addr->channel >= IPMI_MAX_CHANNELS) { 1944 ipmi_inc_stat(intf, sent_invalid_commands); 1945 return -EINVAL; 1946 } 1947 1948 chans = READ_ONCE(intf->channel_list)->c; 1949 1950 if (chans[addr->channel].medium != IPMI_CHANNEL_MEDIUM_IPMB) { 1951 ipmi_inc_stat(intf, sent_invalid_commands); 1952 return -EINVAL; 1953 } 1954 1955 if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE) { 1956 /* 1957 * Broadcasts add a zero at the beginning of the 1958 * message, but otherwise is the same as an IPMB 1959 * address. 1960 */ 1961 addr->addr_type = IPMI_IPMB_ADDR_TYPE; 1962 broadcast = 1; 1963 retries = 0; /* Don't retry broadcasts. */ 1964 } 1965 1966 /* 1967 * 9 for the header and 1 for the checksum, plus 1968 * possibly one for the broadcast. 1969 */ 1970 if ((msg->data_len + 10 + broadcast) > IPMI_MAX_MSG_LENGTH) { 1971 ipmi_inc_stat(intf, sent_invalid_commands); 1972 return -EMSGSIZE; 1973 } 1974 1975 ipmb_addr = (struct ipmi_ipmb_addr *) addr; 1976 if (ipmb_addr->lun > 3) { 1977 ipmi_inc_stat(intf, sent_invalid_commands); 1978 return -EINVAL; 1979 } 1980 1981 memcpy(&recv_msg->addr, ipmb_addr, sizeof(*ipmb_addr)); 1982 1983 if (recv_msg->msg.netfn & 0x1) { 1984 /* 1985 * It's a response, so use the user's sequence 1986 * from msgid. 1987 */ 1988 ipmi_inc_stat(intf, sent_ipmb_responses); 1989 format_ipmb_msg(smi_msg, msg, ipmb_addr, msgid, 1990 msgid, broadcast, 1991 source_address, source_lun); 1992 1993 /* 1994 * Save the receive message so we can use it 1995 * to deliver the response. 1996 */ 1997 smi_msg->user_data = recv_msg; 1998 } else { 1999 /* It's a command, so get a sequence for it. */ 2000 unsigned long flags; 2001 2002 spin_lock_irqsave(&intf->seq_lock, flags); 2003 2004 if (is_maintenance_mode_cmd(msg)) 2005 intf->ipmb_maintenance_mode_timeout = 2006 maintenance_mode_timeout_ms; 2007 2008 if (intf->ipmb_maintenance_mode_timeout && retry_time_ms == 0) 2009 /* Different default in maintenance mode */ 2010 retry_time_ms = default_maintenance_retry_ms; 2011 2012 /* 2013 * Create a sequence number with a 1 second 2014 * timeout and 4 retries. 2015 */ 2016 rv = intf_next_seq(intf, 2017 recv_msg, 2018 retry_time_ms, 2019 retries, 2020 broadcast, 2021 &ipmb_seq, 2022 &seqid); 2023 if (rv) 2024 /* 2025 * We have used up all the sequence numbers, 2026 * probably, so abort. 2027 */ 2028 goto out_err; 2029 2030 ipmi_inc_stat(intf, sent_ipmb_commands); 2031 2032 /* 2033 * Store the sequence number in the message, 2034 * so that when the send message response 2035 * comes back we can start the timer. 2036 */ 2037 format_ipmb_msg(smi_msg, msg, ipmb_addr, 2038 STORE_SEQ_IN_MSGID(ipmb_seq, seqid), 2039 ipmb_seq, broadcast, 2040 source_address, source_lun); 2041 2042 /* 2043 * Copy the message into the recv message data, so we 2044 * can retransmit it later if necessary. 2045 */ 2046 memcpy(recv_msg->msg_data, smi_msg->data, 2047 smi_msg->data_size); 2048 recv_msg->msg.data = recv_msg->msg_data; 2049 recv_msg->msg.data_len = smi_msg->data_size; 2050 2051 /* 2052 * We don't unlock until here, because we need 2053 * to copy the completed message into the 2054 * recv_msg before we release the lock. 2055 * Otherwise, race conditions may bite us. I 2056 * know that's pretty paranoid, but I prefer 2057 * to be correct. 2058 */ 2059 out_err: 2060 spin_unlock_irqrestore(&intf->seq_lock, flags); 2061 } 2062 2063 return rv; 2064 } 2065 2066 static int i_ipmi_req_lan(struct ipmi_smi *intf, 2067 struct ipmi_addr *addr, 2068 long msgid, 2069 struct kernel_ipmi_msg *msg, 2070 struct ipmi_smi_msg *smi_msg, 2071 struct ipmi_recv_msg *recv_msg, 2072 unsigned char source_lun, 2073 int retries, 2074 unsigned int retry_time_ms) 2075 { 2076 struct ipmi_lan_addr *lan_addr; 2077 unsigned char ipmb_seq; 2078 long seqid; 2079 struct ipmi_channel *chans; 2080 int rv = 0; 2081 2082 if (addr->channel >= IPMI_MAX_CHANNELS) { 2083 ipmi_inc_stat(intf, sent_invalid_commands); 2084 return -EINVAL; 2085 } 2086 2087 chans = READ_ONCE(intf->channel_list)->c; 2088 2089 if ((chans[addr->channel].medium 2090 != IPMI_CHANNEL_MEDIUM_8023LAN) 2091 && (chans[addr->channel].medium 2092 != IPMI_CHANNEL_MEDIUM_ASYNC)) { 2093 ipmi_inc_stat(intf, sent_invalid_commands); 2094 return -EINVAL; 2095 } 2096 2097 /* 11 for the header and 1 for the checksum. */ 2098 if ((msg->data_len + 12) > IPMI_MAX_MSG_LENGTH) { 2099 ipmi_inc_stat(intf, sent_invalid_commands); 2100 return -EMSGSIZE; 2101 } 2102 2103 lan_addr = (struct ipmi_lan_addr *) addr; 2104 if (lan_addr->lun > 3) { 2105 ipmi_inc_stat(intf, sent_invalid_commands); 2106 return -EINVAL; 2107 } 2108 2109 memcpy(&recv_msg->addr, lan_addr, sizeof(*lan_addr)); 2110 2111 if (recv_msg->msg.netfn & 0x1) { 2112 /* 2113 * It's a response, so use the user's sequence 2114 * from msgid. 2115 */ 2116 ipmi_inc_stat(intf, sent_lan_responses); 2117 format_lan_msg(smi_msg, msg, lan_addr, msgid, 2118 msgid, source_lun); 2119 2120 /* 2121 * Save the receive message so we can use it 2122 * to deliver the response. 2123 */ 2124 smi_msg->user_data = recv_msg; 2125 } else { 2126 /* It's a command, so get a sequence for it. */ 2127 unsigned long flags; 2128 2129 spin_lock_irqsave(&intf->seq_lock, flags); 2130 2131 /* 2132 * Create a sequence number with a 1 second 2133 * timeout and 4 retries. 2134 */ 2135 rv = intf_next_seq(intf, 2136 recv_msg, 2137 retry_time_ms, 2138 retries, 2139 0, 2140 &ipmb_seq, 2141 &seqid); 2142 if (rv) 2143 /* 2144 * We have used up all the sequence numbers, 2145 * probably, so abort. 2146 */ 2147 goto out_err; 2148 2149 ipmi_inc_stat(intf, sent_lan_commands); 2150 2151 /* 2152 * Store the sequence number in the message, 2153 * so that when the send message response 2154 * comes back we can start the timer. 2155 */ 2156 format_lan_msg(smi_msg, msg, lan_addr, 2157 STORE_SEQ_IN_MSGID(ipmb_seq, seqid), 2158 ipmb_seq, source_lun); 2159 2160 /* 2161 * Copy the message into the recv message data, so we 2162 * can retransmit it later if necessary. 2163 */ 2164 memcpy(recv_msg->msg_data, smi_msg->data, 2165 smi_msg->data_size); 2166 recv_msg->msg.data = recv_msg->msg_data; 2167 recv_msg->msg.data_len = smi_msg->data_size; 2168 2169 /* 2170 * We don't unlock until here, because we need 2171 * to copy the completed message into the 2172 * recv_msg before we release the lock. 2173 * Otherwise, race conditions may bite us. I 2174 * know that's pretty paranoid, but I prefer 2175 * to be correct. 2176 */ 2177 out_err: 2178 spin_unlock_irqrestore(&intf->seq_lock, flags); 2179 } 2180 2181 return rv; 2182 } 2183 2184 /* 2185 * Separate from ipmi_request so that the user does not have to be 2186 * supplied in certain circumstances (mainly at panic time). If 2187 * messages are supplied, they will be freed, even if an error 2188 * occurs. 2189 */ 2190 static int i_ipmi_request(struct ipmi_user *user, 2191 struct ipmi_smi *intf, 2192 struct ipmi_addr *addr, 2193 long msgid, 2194 struct kernel_ipmi_msg *msg, 2195 void *user_msg_data, 2196 void *supplied_smi, 2197 struct ipmi_recv_msg *supplied_recv, 2198 int priority, 2199 unsigned char source_address, 2200 unsigned char source_lun, 2201 int retries, 2202 unsigned int retry_time_ms) 2203 { 2204 struct ipmi_smi_msg *smi_msg; 2205 struct ipmi_recv_msg *recv_msg; 2206 int rv = 0; 2207 2208 if (supplied_recv) 2209 recv_msg = supplied_recv; 2210 else { 2211 recv_msg = ipmi_alloc_recv_msg(); 2212 if (recv_msg == NULL) { 2213 rv = -ENOMEM; 2214 goto out; 2215 } 2216 } 2217 recv_msg->user_msg_data = user_msg_data; 2218 2219 if (supplied_smi) 2220 smi_msg = (struct ipmi_smi_msg *) supplied_smi; 2221 else { 2222 smi_msg = ipmi_alloc_smi_msg(); 2223 if (smi_msg == NULL) { 2224 if (!supplied_recv) 2225 ipmi_free_recv_msg(recv_msg); 2226 rv = -ENOMEM; 2227 goto out; 2228 } 2229 } 2230 2231 rcu_read_lock(); 2232 if (intf->in_shutdown) { 2233 rv = -ENODEV; 2234 goto out_err; 2235 } 2236 2237 recv_msg->user = user; 2238 if (user) 2239 /* The put happens when the message is freed. */ 2240 kref_get(&user->refcount); 2241 recv_msg->msgid = msgid; 2242 /* 2243 * Store the message to send in the receive message so timeout 2244 * responses can get the proper response data. 2245 */ 2246 recv_msg->msg = *msg; 2247 2248 if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) { 2249 rv = i_ipmi_req_sysintf(intf, addr, msgid, msg, smi_msg, 2250 recv_msg, retries, retry_time_ms); 2251 } else if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) { 2252 rv = i_ipmi_req_ipmb(intf, addr, msgid, msg, smi_msg, recv_msg, 2253 source_address, source_lun, 2254 retries, retry_time_ms); 2255 } else if (is_lan_addr(addr)) { 2256 rv = i_ipmi_req_lan(intf, addr, msgid, msg, smi_msg, recv_msg, 2257 source_lun, retries, retry_time_ms); 2258 } else { 2259 /* Unknown address type. */ 2260 ipmi_inc_stat(intf, sent_invalid_commands); 2261 rv = -EINVAL; 2262 } 2263 2264 if (rv) { 2265 out_err: 2266 ipmi_free_smi_msg(smi_msg); 2267 ipmi_free_recv_msg(recv_msg); 2268 } else { 2269 pr_debug("Send: %*ph\n", smi_msg->data_size, smi_msg->data); 2270 2271 smi_send(intf, intf->handlers, smi_msg, priority); 2272 } 2273 rcu_read_unlock(); 2274 2275 out: 2276 return rv; 2277 } 2278 2279 static int check_addr(struct ipmi_smi *intf, 2280 struct ipmi_addr *addr, 2281 unsigned char *saddr, 2282 unsigned char *lun) 2283 { 2284 if (addr->channel >= IPMI_MAX_CHANNELS) 2285 return -EINVAL; 2286 addr->channel = array_index_nospec(addr->channel, IPMI_MAX_CHANNELS); 2287 *lun = intf->addrinfo[addr->channel].lun; 2288 *saddr = intf->addrinfo[addr->channel].address; 2289 return 0; 2290 } 2291 2292 int ipmi_request_settime(struct ipmi_user *user, 2293 struct ipmi_addr *addr, 2294 long msgid, 2295 struct kernel_ipmi_msg *msg, 2296 void *user_msg_data, 2297 int priority, 2298 int retries, 2299 unsigned int retry_time_ms) 2300 { 2301 unsigned char saddr = 0, lun = 0; 2302 int rv, index; 2303 2304 if (!user) 2305 return -EINVAL; 2306 2307 user = acquire_ipmi_user(user, &index); 2308 if (!user) 2309 return -ENODEV; 2310 2311 rv = check_addr(user->intf, addr, &saddr, &lun); 2312 if (!rv) 2313 rv = i_ipmi_request(user, 2314 user->intf, 2315 addr, 2316 msgid, 2317 msg, 2318 user_msg_data, 2319 NULL, NULL, 2320 priority, 2321 saddr, 2322 lun, 2323 retries, 2324 retry_time_ms); 2325 2326 release_ipmi_user(user, index); 2327 return rv; 2328 } 2329 EXPORT_SYMBOL(ipmi_request_settime); 2330 2331 int ipmi_request_supply_msgs(struct ipmi_user *user, 2332 struct ipmi_addr *addr, 2333 long msgid, 2334 struct kernel_ipmi_msg *msg, 2335 void *user_msg_data, 2336 void *supplied_smi, 2337 struct ipmi_recv_msg *supplied_recv, 2338 int priority) 2339 { 2340 unsigned char saddr = 0, lun = 0; 2341 int rv, index; 2342 2343 if (!user) 2344 return -EINVAL; 2345 2346 user = acquire_ipmi_user(user, &index); 2347 if (!user) 2348 return -ENODEV; 2349 2350 rv = check_addr(user->intf, addr, &saddr, &lun); 2351 if (!rv) 2352 rv = i_ipmi_request(user, 2353 user->intf, 2354 addr, 2355 msgid, 2356 msg, 2357 user_msg_data, 2358 supplied_smi, 2359 supplied_recv, 2360 priority, 2361 saddr, 2362 lun, 2363 -1, 0); 2364 2365 release_ipmi_user(user, index); 2366 return rv; 2367 } 2368 EXPORT_SYMBOL(ipmi_request_supply_msgs); 2369 2370 static void bmc_device_id_handler(struct ipmi_smi *intf, 2371 struct ipmi_recv_msg *msg) 2372 { 2373 int rv; 2374 2375 if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 2376 || (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE) 2377 || (msg->msg.cmd != IPMI_GET_DEVICE_ID_CMD)) { 2378 dev_warn(intf->si_dev, 2379 "invalid device_id msg: addr_type=%d netfn=%x cmd=%x\n", 2380 msg->addr.addr_type, msg->msg.netfn, msg->msg.cmd); 2381 return; 2382 } 2383 2384 rv = ipmi_demangle_device_id(msg->msg.netfn, msg->msg.cmd, 2385 msg->msg.data, msg->msg.data_len, &intf->bmc->fetch_id); 2386 if (rv) { 2387 dev_warn(intf->si_dev, "device id demangle failed: %d\n", rv); 2388 /* record completion code when error */ 2389 intf->bmc->cc = msg->msg.data[0]; 2390 intf->bmc->dyn_id_set = 0; 2391 } else { 2392 /* 2393 * Make sure the id data is available before setting 2394 * dyn_id_set. 2395 */ 2396 smp_wmb(); 2397 intf->bmc->dyn_id_set = 1; 2398 } 2399 2400 wake_up(&intf->waitq); 2401 } 2402 2403 static int 2404 send_get_device_id_cmd(struct ipmi_smi *intf) 2405 { 2406 struct ipmi_system_interface_addr si; 2407 struct kernel_ipmi_msg msg; 2408 2409 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 2410 si.channel = IPMI_BMC_CHANNEL; 2411 si.lun = 0; 2412 2413 msg.netfn = IPMI_NETFN_APP_REQUEST; 2414 msg.cmd = IPMI_GET_DEVICE_ID_CMD; 2415 msg.data = NULL; 2416 msg.data_len = 0; 2417 2418 return i_ipmi_request(NULL, 2419 intf, 2420 (struct ipmi_addr *) &si, 2421 0, 2422 &msg, 2423 intf, 2424 NULL, 2425 NULL, 2426 0, 2427 intf->addrinfo[0].address, 2428 intf->addrinfo[0].lun, 2429 -1, 0); 2430 } 2431 2432 static int __get_device_id(struct ipmi_smi *intf, struct bmc_device *bmc) 2433 { 2434 int rv; 2435 unsigned int retry_count = 0; 2436 2437 intf->null_user_handler = bmc_device_id_handler; 2438 2439 retry: 2440 bmc->cc = 0; 2441 bmc->dyn_id_set = 2; 2442 2443 rv = send_get_device_id_cmd(intf); 2444 if (rv) 2445 goto out_reset_handler; 2446 2447 wait_event(intf->waitq, bmc->dyn_id_set != 2); 2448 2449 if (!bmc->dyn_id_set) { 2450 if ((bmc->cc == IPMI_DEVICE_IN_FW_UPDATE_ERR 2451 || bmc->cc == IPMI_DEVICE_IN_INIT_ERR 2452 || bmc->cc == IPMI_NOT_IN_MY_STATE_ERR) 2453 && ++retry_count <= GET_DEVICE_ID_MAX_RETRY) { 2454 msleep(500); 2455 dev_warn(intf->si_dev, 2456 "BMC returned 0x%2.2x, retry get bmc device id\n", 2457 bmc->cc); 2458 goto retry; 2459 } 2460 2461 rv = -EIO; /* Something went wrong in the fetch. */ 2462 } 2463 2464 /* dyn_id_set makes the id data available. */ 2465 smp_rmb(); 2466 2467 out_reset_handler: 2468 intf->null_user_handler = NULL; 2469 2470 return rv; 2471 } 2472 2473 /* 2474 * Fetch the device id for the bmc/interface. You must pass in either 2475 * bmc or intf, this code will get the other one. If the data has 2476 * been recently fetched, this will just use the cached data. Otherwise 2477 * it will run a new fetch. 2478 * 2479 * Except for the first time this is called (in ipmi_add_smi()), 2480 * this will always return good data; 2481 */ 2482 static int __bmc_get_device_id(struct ipmi_smi *intf, struct bmc_device *bmc, 2483 struct ipmi_device_id *id, 2484 bool *guid_set, guid_t *guid, int intf_num) 2485 { 2486 int rv = 0; 2487 int prev_dyn_id_set, prev_guid_set; 2488 bool intf_set = intf != NULL; 2489 2490 if (!intf) { 2491 mutex_lock(&bmc->dyn_mutex); 2492 retry_bmc_lock: 2493 if (list_empty(&bmc->intfs)) { 2494 mutex_unlock(&bmc->dyn_mutex); 2495 return -ENOENT; 2496 } 2497 intf = list_first_entry(&bmc->intfs, struct ipmi_smi, 2498 bmc_link); 2499 kref_get(&intf->refcount); 2500 mutex_unlock(&bmc->dyn_mutex); 2501 mutex_lock(&intf->bmc_reg_mutex); 2502 mutex_lock(&bmc->dyn_mutex); 2503 if (intf != list_first_entry(&bmc->intfs, struct ipmi_smi, 2504 bmc_link)) { 2505 mutex_unlock(&intf->bmc_reg_mutex); 2506 kref_put(&intf->refcount, intf_free); 2507 goto retry_bmc_lock; 2508 } 2509 } else { 2510 mutex_lock(&intf->bmc_reg_mutex); 2511 bmc = intf->bmc; 2512 mutex_lock(&bmc->dyn_mutex); 2513 kref_get(&intf->refcount); 2514 } 2515 2516 /* If we have a valid and current ID, just return that. */ 2517 if (intf->in_bmc_register || 2518 (bmc->dyn_id_set && time_is_after_jiffies(bmc->dyn_id_expiry))) 2519 goto out_noprocessing; 2520 2521 prev_guid_set = bmc->dyn_guid_set; 2522 __get_guid(intf); 2523 2524 prev_dyn_id_set = bmc->dyn_id_set; 2525 rv = __get_device_id(intf, bmc); 2526 if (rv) 2527 goto out; 2528 2529 /* 2530 * The guid, device id, manufacturer id, and product id should 2531 * not change on a BMC. If it does we have to do some dancing. 2532 */ 2533 if (!intf->bmc_registered 2534 || (!prev_guid_set && bmc->dyn_guid_set) 2535 || (!prev_dyn_id_set && bmc->dyn_id_set) 2536 || (prev_guid_set && bmc->dyn_guid_set 2537 && !guid_equal(&bmc->guid, &bmc->fetch_guid)) 2538 || bmc->id.device_id != bmc->fetch_id.device_id 2539 || bmc->id.manufacturer_id != bmc->fetch_id.manufacturer_id 2540 || bmc->id.product_id != bmc->fetch_id.product_id) { 2541 struct ipmi_device_id id = bmc->fetch_id; 2542 int guid_set = bmc->dyn_guid_set; 2543 guid_t guid; 2544 2545 guid = bmc->fetch_guid; 2546 mutex_unlock(&bmc->dyn_mutex); 2547 2548 __ipmi_bmc_unregister(intf); 2549 /* Fill in the temporary BMC for good measure. */ 2550 intf->bmc->id = id; 2551 intf->bmc->dyn_guid_set = guid_set; 2552 intf->bmc->guid = guid; 2553 if (__ipmi_bmc_register(intf, &id, guid_set, &guid, intf_num)) 2554 need_waiter(intf); /* Retry later on an error. */ 2555 else 2556 __scan_channels(intf, &id); 2557 2558 2559 if (!intf_set) { 2560 /* 2561 * We weren't given the interface on the 2562 * command line, so restart the operation on 2563 * the next interface for the BMC. 2564 */ 2565 mutex_unlock(&intf->bmc_reg_mutex); 2566 mutex_lock(&bmc->dyn_mutex); 2567 goto retry_bmc_lock; 2568 } 2569 2570 /* We have a new BMC, set it up. */ 2571 bmc = intf->bmc; 2572 mutex_lock(&bmc->dyn_mutex); 2573 goto out_noprocessing; 2574 } else if (memcmp(&bmc->fetch_id, &bmc->id, sizeof(bmc->id))) 2575 /* Version info changes, scan the channels again. */ 2576 __scan_channels(intf, &bmc->fetch_id); 2577 2578 bmc->dyn_id_expiry = jiffies + IPMI_DYN_DEV_ID_EXPIRY; 2579 2580 out: 2581 if (rv && prev_dyn_id_set) { 2582 rv = 0; /* Ignore failures if we have previous data. */ 2583 bmc->dyn_id_set = prev_dyn_id_set; 2584 } 2585 if (!rv) { 2586 bmc->id = bmc->fetch_id; 2587 if (bmc->dyn_guid_set) 2588 bmc->guid = bmc->fetch_guid; 2589 else if (prev_guid_set) 2590 /* 2591 * The guid used to be valid and it failed to fetch, 2592 * just use the cached value. 2593 */ 2594 bmc->dyn_guid_set = prev_guid_set; 2595 } 2596 out_noprocessing: 2597 if (!rv) { 2598 if (id) 2599 *id = bmc->id; 2600 2601 if (guid_set) 2602 *guid_set = bmc->dyn_guid_set; 2603 2604 if (guid && bmc->dyn_guid_set) 2605 *guid = bmc->guid; 2606 } 2607 2608 mutex_unlock(&bmc->dyn_mutex); 2609 mutex_unlock(&intf->bmc_reg_mutex); 2610 2611 kref_put(&intf->refcount, intf_free); 2612 return rv; 2613 } 2614 2615 static int bmc_get_device_id(struct ipmi_smi *intf, struct bmc_device *bmc, 2616 struct ipmi_device_id *id, 2617 bool *guid_set, guid_t *guid) 2618 { 2619 return __bmc_get_device_id(intf, bmc, id, guid_set, guid, -1); 2620 } 2621 2622 static ssize_t device_id_show(struct device *dev, 2623 struct device_attribute *attr, 2624 char *buf) 2625 { 2626 struct bmc_device *bmc = to_bmc_device(dev); 2627 struct ipmi_device_id id; 2628 int rv; 2629 2630 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2631 if (rv) 2632 return rv; 2633 2634 return snprintf(buf, 10, "%u\n", id.device_id); 2635 } 2636 static DEVICE_ATTR_RO(device_id); 2637 2638 static ssize_t provides_device_sdrs_show(struct device *dev, 2639 struct device_attribute *attr, 2640 char *buf) 2641 { 2642 struct bmc_device *bmc = to_bmc_device(dev); 2643 struct ipmi_device_id id; 2644 int rv; 2645 2646 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2647 if (rv) 2648 return rv; 2649 2650 return snprintf(buf, 10, "%u\n", (id.device_revision & 0x80) >> 7); 2651 } 2652 static DEVICE_ATTR_RO(provides_device_sdrs); 2653 2654 static ssize_t revision_show(struct device *dev, struct device_attribute *attr, 2655 char *buf) 2656 { 2657 struct bmc_device *bmc = to_bmc_device(dev); 2658 struct ipmi_device_id id; 2659 int rv; 2660 2661 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2662 if (rv) 2663 return rv; 2664 2665 return snprintf(buf, 20, "%u\n", id.device_revision & 0x0F); 2666 } 2667 static DEVICE_ATTR_RO(revision); 2668 2669 static ssize_t firmware_revision_show(struct device *dev, 2670 struct device_attribute *attr, 2671 char *buf) 2672 { 2673 struct bmc_device *bmc = to_bmc_device(dev); 2674 struct ipmi_device_id id; 2675 int rv; 2676 2677 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2678 if (rv) 2679 return rv; 2680 2681 return snprintf(buf, 20, "%u.%x\n", id.firmware_revision_1, 2682 id.firmware_revision_2); 2683 } 2684 static DEVICE_ATTR_RO(firmware_revision); 2685 2686 static ssize_t ipmi_version_show(struct device *dev, 2687 struct device_attribute *attr, 2688 char *buf) 2689 { 2690 struct bmc_device *bmc = to_bmc_device(dev); 2691 struct ipmi_device_id id; 2692 int rv; 2693 2694 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2695 if (rv) 2696 return rv; 2697 2698 return snprintf(buf, 20, "%u.%u\n", 2699 ipmi_version_major(&id), 2700 ipmi_version_minor(&id)); 2701 } 2702 static DEVICE_ATTR_RO(ipmi_version); 2703 2704 static ssize_t add_dev_support_show(struct device *dev, 2705 struct device_attribute *attr, 2706 char *buf) 2707 { 2708 struct bmc_device *bmc = to_bmc_device(dev); 2709 struct ipmi_device_id id; 2710 int rv; 2711 2712 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2713 if (rv) 2714 return rv; 2715 2716 return snprintf(buf, 10, "0x%02x\n", id.additional_device_support); 2717 } 2718 static DEVICE_ATTR(additional_device_support, S_IRUGO, add_dev_support_show, 2719 NULL); 2720 2721 static ssize_t manufacturer_id_show(struct device *dev, 2722 struct device_attribute *attr, 2723 char *buf) 2724 { 2725 struct bmc_device *bmc = to_bmc_device(dev); 2726 struct ipmi_device_id id; 2727 int rv; 2728 2729 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2730 if (rv) 2731 return rv; 2732 2733 return snprintf(buf, 20, "0x%6.6x\n", id.manufacturer_id); 2734 } 2735 static DEVICE_ATTR_RO(manufacturer_id); 2736 2737 static ssize_t product_id_show(struct device *dev, 2738 struct device_attribute *attr, 2739 char *buf) 2740 { 2741 struct bmc_device *bmc = to_bmc_device(dev); 2742 struct ipmi_device_id id; 2743 int rv; 2744 2745 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2746 if (rv) 2747 return rv; 2748 2749 return snprintf(buf, 10, "0x%4.4x\n", id.product_id); 2750 } 2751 static DEVICE_ATTR_RO(product_id); 2752 2753 static ssize_t aux_firmware_rev_show(struct device *dev, 2754 struct device_attribute *attr, 2755 char *buf) 2756 { 2757 struct bmc_device *bmc = to_bmc_device(dev); 2758 struct ipmi_device_id id; 2759 int rv; 2760 2761 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2762 if (rv) 2763 return rv; 2764 2765 return snprintf(buf, 21, "0x%02x 0x%02x 0x%02x 0x%02x\n", 2766 id.aux_firmware_revision[3], 2767 id.aux_firmware_revision[2], 2768 id.aux_firmware_revision[1], 2769 id.aux_firmware_revision[0]); 2770 } 2771 static DEVICE_ATTR(aux_firmware_revision, S_IRUGO, aux_firmware_rev_show, NULL); 2772 2773 static ssize_t guid_show(struct device *dev, struct device_attribute *attr, 2774 char *buf) 2775 { 2776 struct bmc_device *bmc = to_bmc_device(dev); 2777 bool guid_set; 2778 guid_t guid; 2779 int rv; 2780 2781 rv = bmc_get_device_id(NULL, bmc, NULL, &guid_set, &guid); 2782 if (rv) 2783 return rv; 2784 if (!guid_set) 2785 return -ENOENT; 2786 2787 return snprintf(buf, UUID_STRING_LEN + 1 + 1, "%pUl\n", &guid); 2788 } 2789 static DEVICE_ATTR_RO(guid); 2790 2791 static struct attribute *bmc_dev_attrs[] = { 2792 &dev_attr_device_id.attr, 2793 &dev_attr_provides_device_sdrs.attr, 2794 &dev_attr_revision.attr, 2795 &dev_attr_firmware_revision.attr, 2796 &dev_attr_ipmi_version.attr, 2797 &dev_attr_additional_device_support.attr, 2798 &dev_attr_manufacturer_id.attr, 2799 &dev_attr_product_id.attr, 2800 &dev_attr_aux_firmware_revision.attr, 2801 &dev_attr_guid.attr, 2802 NULL 2803 }; 2804 2805 static umode_t bmc_dev_attr_is_visible(struct kobject *kobj, 2806 struct attribute *attr, int idx) 2807 { 2808 struct device *dev = kobj_to_dev(kobj); 2809 struct bmc_device *bmc = to_bmc_device(dev); 2810 umode_t mode = attr->mode; 2811 int rv; 2812 2813 if (attr == &dev_attr_aux_firmware_revision.attr) { 2814 struct ipmi_device_id id; 2815 2816 rv = bmc_get_device_id(NULL, bmc, &id, NULL, NULL); 2817 return (!rv && id.aux_firmware_revision_set) ? mode : 0; 2818 } 2819 if (attr == &dev_attr_guid.attr) { 2820 bool guid_set; 2821 2822 rv = bmc_get_device_id(NULL, bmc, NULL, &guid_set, NULL); 2823 return (!rv && guid_set) ? mode : 0; 2824 } 2825 return mode; 2826 } 2827 2828 static const struct attribute_group bmc_dev_attr_group = { 2829 .attrs = bmc_dev_attrs, 2830 .is_visible = bmc_dev_attr_is_visible, 2831 }; 2832 2833 static const struct attribute_group *bmc_dev_attr_groups[] = { 2834 &bmc_dev_attr_group, 2835 NULL 2836 }; 2837 2838 static const struct device_type bmc_device_type = { 2839 .groups = bmc_dev_attr_groups, 2840 }; 2841 2842 static int __find_bmc_guid(struct device *dev, const void *data) 2843 { 2844 const guid_t *guid = data; 2845 struct bmc_device *bmc; 2846 int rv; 2847 2848 if (dev->type != &bmc_device_type) 2849 return 0; 2850 2851 bmc = to_bmc_device(dev); 2852 rv = bmc->dyn_guid_set && guid_equal(&bmc->guid, guid); 2853 if (rv) 2854 rv = kref_get_unless_zero(&bmc->usecount); 2855 return rv; 2856 } 2857 2858 /* 2859 * Returns with the bmc's usecount incremented, if it is non-NULL. 2860 */ 2861 static struct bmc_device *ipmi_find_bmc_guid(struct device_driver *drv, 2862 guid_t *guid) 2863 { 2864 struct device *dev; 2865 struct bmc_device *bmc = NULL; 2866 2867 dev = driver_find_device(drv, NULL, guid, __find_bmc_guid); 2868 if (dev) { 2869 bmc = to_bmc_device(dev); 2870 put_device(dev); 2871 } 2872 return bmc; 2873 } 2874 2875 struct prod_dev_id { 2876 unsigned int product_id; 2877 unsigned char device_id; 2878 }; 2879 2880 static int __find_bmc_prod_dev_id(struct device *dev, const void *data) 2881 { 2882 const struct prod_dev_id *cid = data; 2883 struct bmc_device *bmc; 2884 int rv; 2885 2886 if (dev->type != &bmc_device_type) 2887 return 0; 2888 2889 bmc = to_bmc_device(dev); 2890 rv = (bmc->id.product_id == cid->product_id 2891 && bmc->id.device_id == cid->device_id); 2892 if (rv) 2893 rv = kref_get_unless_zero(&bmc->usecount); 2894 return rv; 2895 } 2896 2897 /* 2898 * Returns with the bmc's usecount incremented, if it is non-NULL. 2899 */ 2900 static struct bmc_device *ipmi_find_bmc_prod_dev_id( 2901 struct device_driver *drv, 2902 unsigned int product_id, unsigned char device_id) 2903 { 2904 struct prod_dev_id id = { 2905 .product_id = product_id, 2906 .device_id = device_id, 2907 }; 2908 struct device *dev; 2909 struct bmc_device *bmc = NULL; 2910 2911 dev = driver_find_device(drv, NULL, &id, __find_bmc_prod_dev_id); 2912 if (dev) { 2913 bmc = to_bmc_device(dev); 2914 put_device(dev); 2915 } 2916 return bmc; 2917 } 2918 2919 static DEFINE_IDA(ipmi_bmc_ida); 2920 2921 static void 2922 release_bmc_device(struct device *dev) 2923 { 2924 kfree(to_bmc_device(dev)); 2925 } 2926 2927 static void cleanup_bmc_work(struct work_struct *work) 2928 { 2929 struct bmc_device *bmc = container_of(work, struct bmc_device, 2930 remove_work); 2931 int id = bmc->pdev.id; /* Unregister overwrites id */ 2932 2933 platform_device_unregister(&bmc->pdev); 2934 ida_simple_remove(&ipmi_bmc_ida, id); 2935 } 2936 2937 static void 2938 cleanup_bmc_device(struct kref *ref) 2939 { 2940 struct bmc_device *bmc = container_of(ref, struct bmc_device, usecount); 2941 2942 /* 2943 * Remove the platform device in a work queue to avoid issues 2944 * with removing the device attributes while reading a device 2945 * attribute. 2946 */ 2947 schedule_work(&bmc->remove_work); 2948 } 2949 2950 /* 2951 * Must be called with intf->bmc_reg_mutex held. 2952 */ 2953 static void __ipmi_bmc_unregister(struct ipmi_smi *intf) 2954 { 2955 struct bmc_device *bmc = intf->bmc; 2956 2957 if (!intf->bmc_registered) 2958 return; 2959 2960 sysfs_remove_link(&intf->si_dev->kobj, "bmc"); 2961 sysfs_remove_link(&bmc->pdev.dev.kobj, intf->my_dev_name); 2962 kfree(intf->my_dev_name); 2963 intf->my_dev_name = NULL; 2964 2965 mutex_lock(&bmc->dyn_mutex); 2966 list_del(&intf->bmc_link); 2967 mutex_unlock(&bmc->dyn_mutex); 2968 intf->bmc = &intf->tmp_bmc; 2969 kref_put(&bmc->usecount, cleanup_bmc_device); 2970 intf->bmc_registered = false; 2971 } 2972 2973 static void ipmi_bmc_unregister(struct ipmi_smi *intf) 2974 { 2975 mutex_lock(&intf->bmc_reg_mutex); 2976 __ipmi_bmc_unregister(intf); 2977 mutex_unlock(&intf->bmc_reg_mutex); 2978 } 2979 2980 /* 2981 * Must be called with intf->bmc_reg_mutex held. 2982 */ 2983 static int __ipmi_bmc_register(struct ipmi_smi *intf, 2984 struct ipmi_device_id *id, 2985 bool guid_set, guid_t *guid, int intf_num) 2986 { 2987 int rv; 2988 struct bmc_device *bmc; 2989 struct bmc_device *old_bmc; 2990 2991 /* 2992 * platform_device_register() can cause bmc_reg_mutex to 2993 * be claimed because of the is_visible functions of 2994 * the attributes. Eliminate possible recursion and 2995 * release the lock. 2996 */ 2997 intf->in_bmc_register = true; 2998 mutex_unlock(&intf->bmc_reg_mutex); 2999 3000 /* 3001 * Try to find if there is an bmc_device struct 3002 * representing the interfaced BMC already 3003 */ 3004 mutex_lock(&ipmidriver_mutex); 3005 if (guid_set) 3006 old_bmc = ipmi_find_bmc_guid(&ipmidriver.driver, guid); 3007 else 3008 old_bmc = ipmi_find_bmc_prod_dev_id(&ipmidriver.driver, 3009 id->product_id, 3010 id->device_id); 3011 3012 /* 3013 * If there is already an bmc_device, free the new one, 3014 * otherwise register the new BMC device 3015 */ 3016 if (old_bmc) { 3017 bmc = old_bmc; 3018 /* 3019 * Note: old_bmc already has usecount incremented by 3020 * the BMC find functions. 3021 */ 3022 intf->bmc = old_bmc; 3023 mutex_lock(&bmc->dyn_mutex); 3024 list_add_tail(&intf->bmc_link, &bmc->intfs); 3025 mutex_unlock(&bmc->dyn_mutex); 3026 3027 dev_info(intf->si_dev, 3028 "interfacing existing BMC (man_id: 0x%6.6x, prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n", 3029 bmc->id.manufacturer_id, 3030 bmc->id.product_id, 3031 bmc->id.device_id); 3032 } else { 3033 bmc = kzalloc(sizeof(*bmc), GFP_KERNEL); 3034 if (!bmc) { 3035 rv = -ENOMEM; 3036 goto out; 3037 } 3038 INIT_LIST_HEAD(&bmc->intfs); 3039 mutex_init(&bmc->dyn_mutex); 3040 INIT_WORK(&bmc->remove_work, cleanup_bmc_work); 3041 3042 bmc->id = *id; 3043 bmc->dyn_id_set = 1; 3044 bmc->dyn_guid_set = guid_set; 3045 bmc->guid = *guid; 3046 bmc->dyn_id_expiry = jiffies + IPMI_DYN_DEV_ID_EXPIRY; 3047 3048 bmc->pdev.name = "ipmi_bmc"; 3049 3050 rv = ida_simple_get(&ipmi_bmc_ida, 0, 0, GFP_KERNEL); 3051 if (rv < 0) { 3052 kfree(bmc); 3053 goto out; 3054 } 3055 3056 bmc->pdev.dev.driver = &ipmidriver.driver; 3057 bmc->pdev.id = rv; 3058 bmc->pdev.dev.release = release_bmc_device; 3059 bmc->pdev.dev.type = &bmc_device_type; 3060 kref_init(&bmc->usecount); 3061 3062 intf->bmc = bmc; 3063 mutex_lock(&bmc->dyn_mutex); 3064 list_add_tail(&intf->bmc_link, &bmc->intfs); 3065 mutex_unlock(&bmc->dyn_mutex); 3066 3067 rv = platform_device_register(&bmc->pdev); 3068 if (rv) { 3069 dev_err(intf->si_dev, 3070 "Unable to register bmc device: %d\n", 3071 rv); 3072 goto out_list_del; 3073 } 3074 3075 dev_info(intf->si_dev, 3076 "Found new BMC (man_id: 0x%6.6x, prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n", 3077 bmc->id.manufacturer_id, 3078 bmc->id.product_id, 3079 bmc->id.device_id); 3080 } 3081 3082 /* 3083 * create symlink from system interface device to bmc device 3084 * and back. 3085 */ 3086 rv = sysfs_create_link(&intf->si_dev->kobj, &bmc->pdev.dev.kobj, "bmc"); 3087 if (rv) { 3088 dev_err(intf->si_dev, "Unable to create bmc symlink: %d\n", rv); 3089 goto out_put_bmc; 3090 } 3091 3092 if (intf_num == -1) 3093 intf_num = intf->intf_num; 3094 intf->my_dev_name = kasprintf(GFP_KERNEL, "ipmi%d", intf_num); 3095 if (!intf->my_dev_name) { 3096 rv = -ENOMEM; 3097 dev_err(intf->si_dev, "Unable to allocate link from BMC: %d\n", 3098 rv); 3099 goto out_unlink1; 3100 } 3101 3102 rv = sysfs_create_link(&bmc->pdev.dev.kobj, &intf->si_dev->kobj, 3103 intf->my_dev_name); 3104 if (rv) { 3105 dev_err(intf->si_dev, "Unable to create symlink to bmc: %d\n", 3106 rv); 3107 goto out_free_my_dev_name; 3108 } 3109 3110 intf->bmc_registered = true; 3111 3112 out: 3113 mutex_unlock(&ipmidriver_mutex); 3114 mutex_lock(&intf->bmc_reg_mutex); 3115 intf->in_bmc_register = false; 3116 return rv; 3117 3118 3119 out_free_my_dev_name: 3120 kfree(intf->my_dev_name); 3121 intf->my_dev_name = NULL; 3122 3123 out_unlink1: 3124 sysfs_remove_link(&intf->si_dev->kobj, "bmc"); 3125 3126 out_put_bmc: 3127 mutex_lock(&bmc->dyn_mutex); 3128 list_del(&intf->bmc_link); 3129 mutex_unlock(&bmc->dyn_mutex); 3130 intf->bmc = &intf->tmp_bmc; 3131 kref_put(&bmc->usecount, cleanup_bmc_device); 3132 goto out; 3133 3134 out_list_del: 3135 mutex_lock(&bmc->dyn_mutex); 3136 list_del(&intf->bmc_link); 3137 mutex_unlock(&bmc->dyn_mutex); 3138 intf->bmc = &intf->tmp_bmc; 3139 put_device(&bmc->pdev.dev); 3140 goto out; 3141 } 3142 3143 static int 3144 send_guid_cmd(struct ipmi_smi *intf, int chan) 3145 { 3146 struct kernel_ipmi_msg msg; 3147 struct ipmi_system_interface_addr si; 3148 3149 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 3150 si.channel = IPMI_BMC_CHANNEL; 3151 si.lun = 0; 3152 3153 msg.netfn = IPMI_NETFN_APP_REQUEST; 3154 msg.cmd = IPMI_GET_DEVICE_GUID_CMD; 3155 msg.data = NULL; 3156 msg.data_len = 0; 3157 return i_ipmi_request(NULL, 3158 intf, 3159 (struct ipmi_addr *) &si, 3160 0, 3161 &msg, 3162 intf, 3163 NULL, 3164 NULL, 3165 0, 3166 intf->addrinfo[0].address, 3167 intf->addrinfo[0].lun, 3168 -1, 0); 3169 } 3170 3171 static void guid_handler(struct ipmi_smi *intf, struct ipmi_recv_msg *msg) 3172 { 3173 struct bmc_device *bmc = intf->bmc; 3174 3175 if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 3176 || (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE) 3177 || (msg->msg.cmd != IPMI_GET_DEVICE_GUID_CMD)) 3178 /* Not for me */ 3179 return; 3180 3181 if (msg->msg.data[0] != 0) { 3182 /* Error from getting the GUID, the BMC doesn't have one. */ 3183 bmc->dyn_guid_set = 0; 3184 goto out; 3185 } 3186 3187 if (msg->msg.data_len < UUID_SIZE + 1) { 3188 bmc->dyn_guid_set = 0; 3189 dev_warn(intf->si_dev, 3190 "The GUID response from the BMC was too short, it was %d but should have been %d. Assuming GUID is not available.\n", 3191 msg->msg.data_len, UUID_SIZE + 1); 3192 goto out; 3193 } 3194 3195 import_guid(&bmc->fetch_guid, msg->msg.data + 1); 3196 /* 3197 * Make sure the guid data is available before setting 3198 * dyn_guid_set. 3199 */ 3200 smp_wmb(); 3201 bmc->dyn_guid_set = 1; 3202 out: 3203 wake_up(&intf->waitq); 3204 } 3205 3206 static void __get_guid(struct ipmi_smi *intf) 3207 { 3208 int rv; 3209 struct bmc_device *bmc = intf->bmc; 3210 3211 bmc->dyn_guid_set = 2; 3212 intf->null_user_handler = guid_handler; 3213 rv = send_guid_cmd(intf, 0); 3214 if (rv) 3215 /* Send failed, no GUID available. */ 3216 bmc->dyn_guid_set = 0; 3217 else 3218 wait_event(intf->waitq, bmc->dyn_guid_set != 2); 3219 3220 /* dyn_guid_set makes the guid data available. */ 3221 smp_rmb(); 3222 3223 intf->null_user_handler = NULL; 3224 } 3225 3226 static int 3227 send_channel_info_cmd(struct ipmi_smi *intf, int chan) 3228 { 3229 struct kernel_ipmi_msg msg; 3230 unsigned char data[1]; 3231 struct ipmi_system_interface_addr si; 3232 3233 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 3234 si.channel = IPMI_BMC_CHANNEL; 3235 si.lun = 0; 3236 3237 msg.netfn = IPMI_NETFN_APP_REQUEST; 3238 msg.cmd = IPMI_GET_CHANNEL_INFO_CMD; 3239 msg.data = data; 3240 msg.data_len = 1; 3241 data[0] = chan; 3242 return i_ipmi_request(NULL, 3243 intf, 3244 (struct ipmi_addr *) &si, 3245 0, 3246 &msg, 3247 intf, 3248 NULL, 3249 NULL, 3250 0, 3251 intf->addrinfo[0].address, 3252 intf->addrinfo[0].lun, 3253 -1, 0); 3254 } 3255 3256 static void 3257 channel_handler(struct ipmi_smi *intf, struct ipmi_recv_msg *msg) 3258 { 3259 int rv = 0; 3260 int ch; 3261 unsigned int set = intf->curr_working_cset; 3262 struct ipmi_channel *chans; 3263 3264 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 3265 && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE) 3266 && (msg->msg.cmd == IPMI_GET_CHANNEL_INFO_CMD)) { 3267 /* It's the one we want */ 3268 if (msg->msg.data[0] != 0) { 3269 /* Got an error from the channel, just go on. */ 3270 if (msg->msg.data[0] == IPMI_INVALID_COMMAND_ERR) { 3271 /* 3272 * If the MC does not support this 3273 * command, that is legal. We just 3274 * assume it has one IPMB at channel 3275 * zero. 3276 */ 3277 intf->wchannels[set].c[0].medium 3278 = IPMI_CHANNEL_MEDIUM_IPMB; 3279 intf->wchannels[set].c[0].protocol 3280 = IPMI_CHANNEL_PROTOCOL_IPMB; 3281 3282 intf->channel_list = intf->wchannels + set; 3283 intf->channels_ready = true; 3284 wake_up(&intf->waitq); 3285 goto out; 3286 } 3287 goto next_channel; 3288 } 3289 if (msg->msg.data_len < 4) { 3290 /* Message not big enough, just go on. */ 3291 goto next_channel; 3292 } 3293 ch = intf->curr_channel; 3294 chans = intf->wchannels[set].c; 3295 chans[ch].medium = msg->msg.data[2] & 0x7f; 3296 chans[ch].protocol = msg->msg.data[3] & 0x1f; 3297 3298 next_channel: 3299 intf->curr_channel++; 3300 if (intf->curr_channel >= IPMI_MAX_CHANNELS) { 3301 intf->channel_list = intf->wchannels + set; 3302 intf->channels_ready = true; 3303 wake_up(&intf->waitq); 3304 } else { 3305 intf->channel_list = intf->wchannels + set; 3306 intf->channels_ready = true; 3307 rv = send_channel_info_cmd(intf, intf->curr_channel); 3308 } 3309 3310 if (rv) { 3311 /* Got an error somehow, just give up. */ 3312 dev_warn(intf->si_dev, 3313 "Error sending channel information for channel %d: %d\n", 3314 intf->curr_channel, rv); 3315 3316 intf->channel_list = intf->wchannels + set; 3317 intf->channels_ready = true; 3318 wake_up(&intf->waitq); 3319 } 3320 } 3321 out: 3322 return; 3323 } 3324 3325 /* 3326 * Must be holding intf->bmc_reg_mutex to call this. 3327 */ 3328 static int __scan_channels(struct ipmi_smi *intf, struct ipmi_device_id *id) 3329 { 3330 int rv; 3331 3332 if (ipmi_version_major(id) > 1 3333 || (ipmi_version_major(id) == 1 3334 && ipmi_version_minor(id) >= 5)) { 3335 unsigned int set; 3336 3337 /* 3338 * Start scanning the channels to see what is 3339 * available. 3340 */ 3341 set = !intf->curr_working_cset; 3342 intf->curr_working_cset = set; 3343 memset(&intf->wchannels[set], 0, 3344 sizeof(struct ipmi_channel_set)); 3345 3346 intf->null_user_handler = channel_handler; 3347 intf->curr_channel = 0; 3348 rv = send_channel_info_cmd(intf, 0); 3349 if (rv) { 3350 dev_warn(intf->si_dev, 3351 "Error sending channel information for channel 0, %d\n", 3352 rv); 3353 intf->null_user_handler = NULL; 3354 return -EIO; 3355 } 3356 3357 /* Wait for the channel info to be read. */ 3358 wait_event(intf->waitq, intf->channels_ready); 3359 intf->null_user_handler = NULL; 3360 } else { 3361 unsigned int set = intf->curr_working_cset; 3362 3363 /* Assume a single IPMB channel at zero. */ 3364 intf->wchannels[set].c[0].medium = IPMI_CHANNEL_MEDIUM_IPMB; 3365 intf->wchannels[set].c[0].protocol = IPMI_CHANNEL_PROTOCOL_IPMB; 3366 intf->channel_list = intf->wchannels + set; 3367 intf->channels_ready = true; 3368 } 3369 3370 return 0; 3371 } 3372 3373 static void ipmi_poll(struct ipmi_smi *intf) 3374 { 3375 if (intf->handlers->poll) 3376 intf->handlers->poll(intf->send_info); 3377 /* In case something came in */ 3378 handle_new_recv_msgs(intf); 3379 } 3380 3381 void ipmi_poll_interface(struct ipmi_user *user) 3382 { 3383 ipmi_poll(user->intf); 3384 } 3385 EXPORT_SYMBOL(ipmi_poll_interface); 3386 3387 static void redo_bmc_reg(struct work_struct *work) 3388 { 3389 struct ipmi_smi *intf = container_of(work, struct ipmi_smi, 3390 bmc_reg_work); 3391 3392 if (!intf->in_shutdown) 3393 bmc_get_device_id(intf, NULL, NULL, NULL, NULL); 3394 3395 kref_put(&intf->refcount, intf_free); 3396 } 3397 3398 int ipmi_add_smi(struct module *owner, 3399 const struct ipmi_smi_handlers *handlers, 3400 void *send_info, 3401 struct device *si_dev, 3402 unsigned char slave_addr) 3403 { 3404 int i, j; 3405 int rv; 3406 struct ipmi_smi *intf, *tintf; 3407 struct list_head *link; 3408 struct ipmi_device_id id; 3409 3410 /* 3411 * Make sure the driver is actually initialized, this handles 3412 * problems with initialization order. 3413 */ 3414 rv = ipmi_init_msghandler(); 3415 if (rv) 3416 return rv; 3417 3418 intf = kzalloc(sizeof(*intf), GFP_KERNEL); 3419 if (!intf) 3420 return -ENOMEM; 3421 3422 rv = init_srcu_struct(&intf->users_srcu); 3423 if (rv) { 3424 kfree(intf); 3425 return rv; 3426 } 3427 3428 intf->owner = owner; 3429 intf->bmc = &intf->tmp_bmc; 3430 INIT_LIST_HEAD(&intf->bmc->intfs); 3431 mutex_init(&intf->bmc->dyn_mutex); 3432 INIT_LIST_HEAD(&intf->bmc_link); 3433 mutex_init(&intf->bmc_reg_mutex); 3434 intf->intf_num = -1; /* Mark it invalid for now. */ 3435 kref_init(&intf->refcount); 3436 INIT_WORK(&intf->bmc_reg_work, redo_bmc_reg); 3437 intf->si_dev = si_dev; 3438 for (j = 0; j < IPMI_MAX_CHANNELS; j++) { 3439 intf->addrinfo[j].address = IPMI_BMC_SLAVE_ADDR; 3440 intf->addrinfo[j].lun = 2; 3441 } 3442 if (slave_addr != 0) 3443 intf->addrinfo[0].address = slave_addr; 3444 INIT_LIST_HEAD(&intf->users); 3445 intf->handlers = handlers; 3446 intf->send_info = send_info; 3447 spin_lock_init(&intf->seq_lock); 3448 for (j = 0; j < IPMI_IPMB_NUM_SEQ; j++) { 3449 intf->seq_table[j].inuse = 0; 3450 intf->seq_table[j].seqid = 0; 3451 } 3452 intf->curr_seq = 0; 3453 spin_lock_init(&intf->waiting_rcv_msgs_lock); 3454 INIT_LIST_HEAD(&intf->waiting_rcv_msgs); 3455 tasklet_setup(&intf->recv_tasklet, 3456 smi_recv_tasklet); 3457 atomic_set(&intf->watchdog_pretimeouts_to_deliver, 0); 3458 spin_lock_init(&intf->xmit_msgs_lock); 3459 INIT_LIST_HEAD(&intf->xmit_msgs); 3460 INIT_LIST_HEAD(&intf->hp_xmit_msgs); 3461 spin_lock_init(&intf->events_lock); 3462 spin_lock_init(&intf->watch_lock); 3463 atomic_set(&intf->event_waiters, 0); 3464 intf->ticks_to_req_ev = IPMI_REQUEST_EV_TIME; 3465 INIT_LIST_HEAD(&intf->waiting_events); 3466 intf->waiting_events_count = 0; 3467 mutex_init(&intf->cmd_rcvrs_mutex); 3468 spin_lock_init(&intf->maintenance_mode_lock); 3469 INIT_LIST_HEAD(&intf->cmd_rcvrs); 3470 init_waitqueue_head(&intf->waitq); 3471 for (i = 0; i < IPMI_NUM_STATS; i++) 3472 atomic_set(&intf->stats[i], 0); 3473 3474 mutex_lock(&ipmi_interfaces_mutex); 3475 /* Look for a hole in the numbers. */ 3476 i = 0; 3477 link = &ipmi_interfaces; 3478 list_for_each_entry_rcu(tintf, &ipmi_interfaces, link, 3479 ipmi_interfaces_mutex_held()) { 3480 if (tintf->intf_num != i) { 3481 link = &tintf->link; 3482 break; 3483 } 3484 i++; 3485 } 3486 /* Add the new interface in numeric order. */ 3487 if (i == 0) 3488 list_add_rcu(&intf->link, &ipmi_interfaces); 3489 else 3490 list_add_tail_rcu(&intf->link, link); 3491 3492 rv = handlers->start_processing(send_info, intf); 3493 if (rv) 3494 goto out_err; 3495 3496 rv = __bmc_get_device_id(intf, NULL, &id, NULL, NULL, i); 3497 if (rv) { 3498 dev_err(si_dev, "Unable to get the device id: %d\n", rv); 3499 goto out_err_started; 3500 } 3501 3502 mutex_lock(&intf->bmc_reg_mutex); 3503 rv = __scan_channels(intf, &id); 3504 mutex_unlock(&intf->bmc_reg_mutex); 3505 if (rv) 3506 goto out_err_bmc_reg; 3507 3508 /* 3509 * Keep memory order straight for RCU readers. Make 3510 * sure everything else is committed to memory before 3511 * setting intf_num to mark the interface valid. 3512 */ 3513 smp_wmb(); 3514 intf->intf_num = i; 3515 mutex_unlock(&ipmi_interfaces_mutex); 3516 3517 /* After this point the interface is legal to use. */ 3518 call_smi_watchers(i, intf->si_dev); 3519 3520 return 0; 3521 3522 out_err_bmc_reg: 3523 ipmi_bmc_unregister(intf); 3524 out_err_started: 3525 if (intf->handlers->shutdown) 3526 intf->handlers->shutdown(intf->send_info); 3527 out_err: 3528 list_del_rcu(&intf->link); 3529 mutex_unlock(&ipmi_interfaces_mutex); 3530 synchronize_srcu(&ipmi_interfaces_srcu); 3531 cleanup_srcu_struct(&intf->users_srcu); 3532 kref_put(&intf->refcount, intf_free); 3533 3534 return rv; 3535 } 3536 EXPORT_SYMBOL(ipmi_add_smi); 3537 3538 static void deliver_smi_err_response(struct ipmi_smi *intf, 3539 struct ipmi_smi_msg *msg, 3540 unsigned char err) 3541 { 3542 msg->rsp[0] = msg->data[0] | 4; 3543 msg->rsp[1] = msg->data[1]; 3544 msg->rsp[2] = err; 3545 msg->rsp_size = 3; 3546 /* It's an error, so it will never requeue, no need to check return. */ 3547 handle_one_recv_msg(intf, msg); 3548 } 3549 3550 static void cleanup_smi_msgs(struct ipmi_smi *intf) 3551 { 3552 int i; 3553 struct seq_table *ent; 3554 struct ipmi_smi_msg *msg; 3555 struct list_head *entry; 3556 struct list_head tmplist; 3557 3558 /* Clear out our transmit queues and hold the messages. */ 3559 INIT_LIST_HEAD(&tmplist); 3560 list_splice_tail(&intf->hp_xmit_msgs, &tmplist); 3561 list_splice_tail(&intf->xmit_msgs, &tmplist); 3562 3563 /* Current message first, to preserve order */ 3564 while (intf->curr_msg && !list_empty(&intf->waiting_rcv_msgs)) { 3565 /* Wait for the message to clear out. */ 3566 schedule_timeout(1); 3567 } 3568 3569 /* No need for locks, the interface is down. */ 3570 3571 /* 3572 * Return errors for all pending messages in queue and in the 3573 * tables waiting for remote responses. 3574 */ 3575 while (!list_empty(&tmplist)) { 3576 entry = tmplist.next; 3577 list_del(entry); 3578 msg = list_entry(entry, struct ipmi_smi_msg, link); 3579 deliver_smi_err_response(intf, msg, IPMI_ERR_UNSPECIFIED); 3580 } 3581 3582 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) { 3583 ent = &intf->seq_table[i]; 3584 if (!ent->inuse) 3585 continue; 3586 deliver_err_response(intf, ent->recv_msg, IPMI_ERR_UNSPECIFIED); 3587 } 3588 } 3589 3590 void ipmi_unregister_smi(struct ipmi_smi *intf) 3591 { 3592 struct ipmi_smi_watcher *w; 3593 int intf_num = intf->intf_num, index; 3594 3595 mutex_lock(&ipmi_interfaces_mutex); 3596 intf->intf_num = -1; 3597 intf->in_shutdown = true; 3598 list_del_rcu(&intf->link); 3599 mutex_unlock(&ipmi_interfaces_mutex); 3600 synchronize_srcu(&ipmi_interfaces_srcu); 3601 3602 /* At this point no users can be added to the interface. */ 3603 3604 /* 3605 * Call all the watcher interfaces to tell them that 3606 * an interface is going away. 3607 */ 3608 mutex_lock(&smi_watchers_mutex); 3609 list_for_each_entry(w, &smi_watchers, link) 3610 w->smi_gone(intf_num); 3611 mutex_unlock(&smi_watchers_mutex); 3612 3613 index = srcu_read_lock(&intf->users_srcu); 3614 while (!list_empty(&intf->users)) { 3615 struct ipmi_user *user = 3616 container_of(list_next_rcu(&intf->users), 3617 struct ipmi_user, link); 3618 3619 _ipmi_destroy_user(user); 3620 } 3621 srcu_read_unlock(&intf->users_srcu, index); 3622 3623 if (intf->handlers->shutdown) 3624 intf->handlers->shutdown(intf->send_info); 3625 3626 cleanup_smi_msgs(intf); 3627 3628 ipmi_bmc_unregister(intf); 3629 3630 cleanup_srcu_struct(&intf->users_srcu); 3631 kref_put(&intf->refcount, intf_free); 3632 } 3633 EXPORT_SYMBOL(ipmi_unregister_smi); 3634 3635 static int handle_ipmb_get_msg_rsp(struct ipmi_smi *intf, 3636 struct ipmi_smi_msg *msg) 3637 { 3638 struct ipmi_ipmb_addr ipmb_addr; 3639 struct ipmi_recv_msg *recv_msg; 3640 3641 /* 3642 * This is 11, not 10, because the response must contain a 3643 * completion code. 3644 */ 3645 if (msg->rsp_size < 11) { 3646 /* Message not big enough, just ignore it. */ 3647 ipmi_inc_stat(intf, invalid_ipmb_responses); 3648 return 0; 3649 } 3650 3651 if (msg->rsp[2] != 0) { 3652 /* An error getting the response, just ignore it. */ 3653 return 0; 3654 } 3655 3656 ipmb_addr.addr_type = IPMI_IPMB_ADDR_TYPE; 3657 ipmb_addr.slave_addr = msg->rsp[6]; 3658 ipmb_addr.channel = msg->rsp[3] & 0x0f; 3659 ipmb_addr.lun = msg->rsp[7] & 3; 3660 3661 /* 3662 * It's a response from a remote entity. Look up the sequence 3663 * number and handle the response. 3664 */ 3665 if (intf_find_seq(intf, 3666 msg->rsp[7] >> 2, 3667 msg->rsp[3] & 0x0f, 3668 msg->rsp[8], 3669 (msg->rsp[4] >> 2) & (~1), 3670 (struct ipmi_addr *) &ipmb_addr, 3671 &recv_msg)) { 3672 /* 3673 * We were unable to find the sequence number, 3674 * so just nuke the message. 3675 */ 3676 ipmi_inc_stat(intf, unhandled_ipmb_responses); 3677 return 0; 3678 } 3679 3680 memcpy(recv_msg->msg_data, &msg->rsp[9], msg->rsp_size - 9); 3681 /* 3682 * The other fields matched, so no need to set them, except 3683 * for netfn, which needs to be the response that was 3684 * returned, not the request value. 3685 */ 3686 recv_msg->msg.netfn = msg->rsp[4] >> 2; 3687 recv_msg->msg.data = recv_msg->msg_data; 3688 recv_msg->msg.data_len = msg->rsp_size - 10; 3689 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 3690 if (deliver_response(intf, recv_msg)) 3691 ipmi_inc_stat(intf, unhandled_ipmb_responses); 3692 else 3693 ipmi_inc_stat(intf, handled_ipmb_responses); 3694 3695 return 0; 3696 } 3697 3698 static int handle_ipmb_get_msg_cmd(struct ipmi_smi *intf, 3699 struct ipmi_smi_msg *msg) 3700 { 3701 struct cmd_rcvr *rcvr; 3702 int rv = 0; 3703 unsigned char netfn; 3704 unsigned char cmd; 3705 unsigned char chan; 3706 struct ipmi_user *user = NULL; 3707 struct ipmi_ipmb_addr *ipmb_addr; 3708 struct ipmi_recv_msg *recv_msg; 3709 3710 if (msg->rsp_size < 10) { 3711 /* Message not big enough, just ignore it. */ 3712 ipmi_inc_stat(intf, invalid_commands); 3713 return 0; 3714 } 3715 3716 if (msg->rsp[2] != 0) { 3717 /* An error getting the response, just ignore it. */ 3718 return 0; 3719 } 3720 3721 netfn = msg->rsp[4] >> 2; 3722 cmd = msg->rsp[8]; 3723 chan = msg->rsp[3] & 0xf; 3724 3725 rcu_read_lock(); 3726 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan); 3727 if (rcvr) { 3728 user = rcvr->user; 3729 kref_get(&user->refcount); 3730 } else 3731 user = NULL; 3732 rcu_read_unlock(); 3733 3734 if (user == NULL) { 3735 /* We didn't find a user, deliver an error response. */ 3736 ipmi_inc_stat(intf, unhandled_commands); 3737 3738 msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2); 3739 msg->data[1] = IPMI_SEND_MSG_CMD; 3740 msg->data[2] = msg->rsp[3]; 3741 msg->data[3] = msg->rsp[6]; 3742 msg->data[4] = ((netfn + 1) << 2) | (msg->rsp[7] & 0x3); 3743 msg->data[5] = ipmb_checksum(&msg->data[3], 2); 3744 msg->data[6] = intf->addrinfo[msg->rsp[3] & 0xf].address; 3745 /* rqseq/lun */ 3746 msg->data[7] = (msg->rsp[7] & 0xfc) | (msg->rsp[4] & 0x3); 3747 msg->data[8] = msg->rsp[8]; /* cmd */ 3748 msg->data[9] = IPMI_INVALID_CMD_COMPLETION_CODE; 3749 msg->data[10] = ipmb_checksum(&msg->data[6], 4); 3750 msg->data_size = 11; 3751 3752 pr_debug("Invalid command: %*ph\n", msg->data_size, msg->data); 3753 3754 rcu_read_lock(); 3755 if (!intf->in_shutdown) { 3756 smi_send(intf, intf->handlers, msg, 0); 3757 /* 3758 * We used the message, so return the value 3759 * that causes it to not be freed or 3760 * queued. 3761 */ 3762 rv = -1; 3763 } 3764 rcu_read_unlock(); 3765 } else { 3766 recv_msg = ipmi_alloc_recv_msg(); 3767 if (!recv_msg) { 3768 /* 3769 * We couldn't allocate memory for the 3770 * message, so requeue it for handling 3771 * later. 3772 */ 3773 rv = 1; 3774 kref_put(&user->refcount, free_user); 3775 } else { 3776 /* Extract the source address from the data. */ 3777 ipmb_addr = (struct ipmi_ipmb_addr *) &recv_msg->addr; 3778 ipmb_addr->addr_type = IPMI_IPMB_ADDR_TYPE; 3779 ipmb_addr->slave_addr = msg->rsp[6]; 3780 ipmb_addr->lun = msg->rsp[7] & 3; 3781 ipmb_addr->channel = msg->rsp[3] & 0xf; 3782 3783 /* 3784 * Extract the rest of the message information 3785 * from the IPMB header. 3786 */ 3787 recv_msg->user = user; 3788 recv_msg->recv_type = IPMI_CMD_RECV_TYPE; 3789 recv_msg->msgid = msg->rsp[7] >> 2; 3790 recv_msg->msg.netfn = msg->rsp[4] >> 2; 3791 recv_msg->msg.cmd = msg->rsp[8]; 3792 recv_msg->msg.data = recv_msg->msg_data; 3793 3794 /* 3795 * We chop off 10, not 9 bytes because the checksum 3796 * at the end also needs to be removed. 3797 */ 3798 recv_msg->msg.data_len = msg->rsp_size - 10; 3799 memcpy(recv_msg->msg_data, &msg->rsp[9], 3800 msg->rsp_size - 10); 3801 if (deliver_response(intf, recv_msg)) 3802 ipmi_inc_stat(intf, unhandled_commands); 3803 else 3804 ipmi_inc_stat(intf, handled_commands); 3805 } 3806 } 3807 3808 return rv; 3809 } 3810 3811 static int handle_lan_get_msg_rsp(struct ipmi_smi *intf, 3812 struct ipmi_smi_msg *msg) 3813 { 3814 struct ipmi_lan_addr lan_addr; 3815 struct ipmi_recv_msg *recv_msg; 3816 3817 3818 /* 3819 * This is 13, not 12, because the response must contain a 3820 * completion code. 3821 */ 3822 if (msg->rsp_size < 13) { 3823 /* Message not big enough, just ignore it. */ 3824 ipmi_inc_stat(intf, invalid_lan_responses); 3825 return 0; 3826 } 3827 3828 if (msg->rsp[2] != 0) { 3829 /* An error getting the response, just ignore it. */ 3830 return 0; 3831 } 3832 3833 lan_addr.addr_type = IPMI_LAN_ADDR_TYPE; 3834 lan_addr.session_handle = msg->rsp[4]; 3835 lan_addr.remote_SWID = msg->rsp[8]; 3836 lan_addr.local_SWID = msg->rsp[5]; 3837 lan_addr.channel = msg->rsp[3] & 0x0f; 3838 lan_addr.privilege = msg->rsp[3] >> 4; 3839 lan_addr.lun = msg->rsp[9] & 3; 3840 3841 /* 3842 * It's a response from a remote entity. Look up the sequence 3843 * number and handle the response. 3844 */ 3845 if (intf_find_seq(intf, 3846 msg->rsp[9] >> 2, 3847 msg->rsp[3] & 0x0f, 3848 msg->rsp[10], 3849 (msg->rsp[6] >> 2) & (~1), 3850 (struct ipmi_addr *) &lan_addr, 3851 &recv_msg)) { 3852 /* 3853 * We were unable to find the sequence number, 3854 * so just nuke the message. 3855 */ 3856 ipmi_inc_stat(intf, unhandled_lan_responses); 3857 return 0; 3858 } 3859 3860 memcpy(recv_msg->msg_data, &msg->rsp[11], msg->rsp_size - 11); 3861 /* 3862 * The other fields matched, so no need to set them, except 3863 * for netfn, which needs to be the response that was 3864 * returned, not the request value. 3865 */ 3866 recv_msg->msg.netfn = msg->rsp[6] >> 2; 3867 recv_msg->msg.data = recv_msg->msg_data; 3868 recv_msg->msg.data_len = msg->rsp_size - 12; 3869 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 3870 if (deliver_response(intf, recv_msg)) 3871 ipmi_inc_stat(intf, unhandled_lan_responses); 3872 else 3873 ipmi_inc_stat(intf, handled_lan_responses); 3874 3875 return 0; 3876 } 3877 3878 static int handle_lan_get_msg_cmd(struct ipmi_smi *intf, 3879 struct ipmi_smi_msg *msg) 3880 { 3881 struct cmd_rcvr *rcvr; 3882 int rv = 0; 3883 unsigned char netfn; 3884 unsigned char cmd; 3885 unsigned char chan; 3886 struct ipmi_user *user = NULL; 3887 struct ipmi_lan_addr *lan_addr; 3888 struct ipmi_recv_msg *recv_msg; 3889 3890 if (msg->rsp_size < 12) { 3891 /* Message not big enough, just ignore it. */ 3892 ipmi_inc_stat(intf, invalid_commands); 3893 return 0; 3894 } 3895 3896 if (msg->rsp[2] != 0) { 3897 /* An error getting the response, just ignore it. */ 3898 return 0; 3899 } 3900 3901 netfn = msg->rsp[6] >> 2; 3902 cmd = msg->rsp[10]; 3903 chan = msg->rsp[3] & 0xf; 3904 3905 rcu_read_lock(); 3906 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan); 3907 if (rcvr) { 3908 user = rcvr->user; 3909 kref_get(&user->refcount); 3910 } else 3911 user = NULL; 3912 rcu_read_unlock(); 3913 3914 if (user == NULL) { 3915 /* We didn't find a user, just give up. */ 3916 ipmi_inc_stat(intf, unhandled_commands); 3917 3918 /* 3919 * Don't do anything with these messages, just allow 3920 * them to be freed. 3921 */ 3922 rv = 0; 3923 } else { 3924 recv_msg = ipmi_alloc_recv_msg(); 3925 if (!recv_msg) { 3926 /* 3927 * We couldn't allocate memory for the 3928 * message, so requeue it for handling later. 3929 */ 3930 rv = 1; 3931 kref_put(&user->refcount, free_user); 3932 } else { 3933 /* Extract the source address from the data. */ 3934 lan_addr = (struct ipmi_lan_addr *) &recv_msg->addr; 3935 lan_addr->addr_type = IPMI_LAN_ADDR_TYPE; 3936 lan_addr->session_handle = msg->rsp[4]; 3937 lan_addr->remote_SWID = msg->rsp[8]; 3938 lan_addr->local_SWID = msg->rsp[5]; 3939 lan_addr->lun = msg->rsp[9] & 3; 3940 lan_addr->channel = msg->rsp[3] & 0xf; 3941 lan_addr->privilege = msg->rsp[3] >> 4; 3942 3943 /* 3944 * Extract the rest of the message information 3945 * from the IPMB header. 3946 */ 3947 recv_msg->user = user; 3948 recv_msg->recv_type = IPMI_CMD_RECV_TYPE; 3949 recv_msg->msgid = msg->rsp[9] >> 2; 3950 recv_msg->msg.netfn = msg->rsp[6] >> 2; 3951 recv_msg->msg.cmd = msg->rsp[10]; 3952 recv_msg->msg.data = recv_msg->msg_data; 3953 3954 /* 3955 * We chop off 12, not 11 bytes because the checksum 3956 * at the end also needs to be removed. 3957 */ 3958 recv_msg->msg.data_len = msg->rsp_size - 12; 3959 memcpy(recv_msg->msg_data, &msg->rsp[11], 3960 msg->rsp_size - 12); 3961 if (deliver_response(intf, recv_msg)) 3962 ipmi_inc_stat(intf, unhandled_commands); 3963 else 3964 ipmi_inc_stat(intf, handled_commands); 3965 } 3966 } 3967 3968 return rv; 3969 } 3970 3971 /* 3972 * This routine will handle "Get Message" command responses with 3973 * channels that use an OEM Medium. The message format belongs to 3974 * the OEM. See IPMI 2.0 specification, Chapter 6 and 3975 * Chapter 22, sections 22.6 and 22.24 for more details. 3976 */ 3977 static int handle_oem_get_msg_cmd(struct ipmi_smi *intf, 3978 struct ipmi_smi_msg *msg) 3979 { 3980 struct cmd_rcvr *rcvr; 3981 int rv = 0; 3982 unsigned char netfn; 3983 unsigned char cmd; 3984 unsigned char chan; 3985 struct ipmi_user *user = NULL; 3986 struct ipmi_system_interface_addr *smi_addr; 3987 struct ipmi_recv_msg *recv_msg; 3988 3989 /* 3990 * We expect the OEM SW to perform error checking 3991 * so we just do some basic sanity checks 3992 */ 3993 if (msg->rsp_size < 4) { 3994 /* Message not big enough, just ignore it. */ 3995 ipmi_inc_stat(intf, invalid_commands); 3996 return 0; 3997 } 3998 3999 if (msg->rsp[2] != 0) { 4000 /* An error getting the response, just ignore it. */ 4001 return 0; 4002 } 4003 4004 /* 4005 * This is an OEM Message so the OEM needs to know how 4006 * handle the message. We do no interpretation. 4007 */ 4008 netfn = msg->rsp[0] >> 2; 4009 cmd = msg->rsp[1]; 4010 chan = msg->rsp[3] & 0xf; 4011 4012 rcu_read_lock(); 4013 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan); 4014 if (rcvr) { 4015 user = rcvr->user; 4016 kref_get(&user->refcount); 4017 } else 4018 user = NULL; 4019 rcu_read_unlock(); 4020 4021 if (user == NULL) { 4022 /* We didn't find a user, just give up. */ 4023 ipmi_inc_stat(intf, unhandled_commands); 4024 4025 /* 4026 * Don't do anything with these messages, just allow 4027 * them to be freed. 4028 */ 4029 4030 rv = 0; 4031 } else { 4032 recv_msg = ipmi_alloc_recv_msg(); 4033 if (!recv_msg) { 4034 /* 4035 * We couldn't allocate memory for the 4036 * message, so requeue it for handling 4037 * later. 4038 */ 4039 rv = 1; 4040 kref_put(&user->refcount, free_user); 4041 } else { 4042 /* 4043 * OEM Messages are expected to be delivered via 4044 * the system interface to SMS software. We might 4045 * need to visit this again depending on OEM 4046 * requirements 4047 */ 4048 smi_addr = ((struct ipmi_system_interface_addr *) 4049 &recv_msg->addr); 4050 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 4051 smi_addr->channel = IPMI_BMC_CHANNEL; 4052 smi_addr->lun = msg->rsp[0] & 3; 4053 4054 recv_msg->user = user; 4055 recv_msg->user_msg_data = NULL; 4056 recv_msg->recv_type = IPMI_OEM_RECV_TYPE; 4057 recv_msg->msg.netfn = msg->rsp[0] >> 2; 4058 recv_msg->msg.cmd = msg->rsp[1]; 4059 recv_msg->msg.data = recv_msg->msg_data; 4060 4061 /* 4062 * The message starts at byte 4 which follows the 4063 * the Channel Byte in the "GET MESSAGE" command 4064 */ 4065 recv_msg->msg.data_len = msg->rsp_size - 4; 4066 memcpy(recv_msg->msg_data, &msg->rsp[4], 4067 msg->rsp_size - 4); 4068 if (deliver_response(intf, recv_msg)) 4069 ipmi_inc_stat(intf, unhandled_commands); 4070 else 4071 ipmi_inc_stat(intf, handled_commands); 4072 } 4073 } 4074 4075 return rv; 4076 } 4077 4078 static void copy_event_into_recv_msg(struct ipmi_recv_msg *recv_msg, 4079 struct ipmi_smi_msg *msg) 4080 { 4081 struct ipmi_system_interface_addr *smi_addr; 4082 4083 recv_msg->msgid = 0; 4084 smi_addr = (struct ipmi_system_interface_addr *) &recv_msg->addr; 4085 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 4086 smi_addr->channel = IPMI_BMC_CHANNEL; 4087 smi_addr->lun = msg->rsp[0] & 3; 4088 recv_msg->recv_type = IPMI_ASYNC_EVENT_RECV_TYPE; 4089 recv_msg->msg.netfn = msg->rsp[0] >> 2; 4090 recv_msg->msg.cmd = msg->rsp[1]; 4091 memcpy(recv_msg->msg_data, &msg->rsp[3], msg->rsp_size - 3); 4092 recv_msg->msg.data = recv_msg->msg_data; 4093 recv_msg->msg.data_len = msg->rsp_size - 3; 4094 } 4095 4096 static int handle_read_event_rsp(struct ipmi_smi *intf, 4097 struct ipmi_smi_msg *msg) 4098 { 4099 struct ipmi_recv_msg *recv_msg, *recv_msg2; 4100 struct list_head msgs; 4101 struct ipmi_user *user; 4102 int rv = 0, deliver_count = 0, index; 4103 unsigned long flags; 4104 4105 if (msg->rsp_size < 19) { 4106 /* Message is too small to be an IPMB event. */ 4107 ipmi_inc_stat(intf, invalid_events); 4108 return 0; 4109 } 4110 4111 if (msg->rsp[2] != 0) { 4112 /* An error getting the event, just ignore it. */ 4113 return 0; 4114 } 4115 4116 INIT_LIST_HEAD(&msgs); 4117 4118 spin_lock_irqsave(&intf->events_lock, flags); 4119 4120 ipmi_inc_stat(intf, events); 4121 4122 /* 4123 * Allocate and fill in one message for every user that is 4124 * getting events. 4125 */ 4126 index = srcu_read_lock(&intf->users_srcu); 4127 list_for_each_entry_rcu(user, &intf->users, link) { 4128 if (!user->gets_events) 4129 continue; 4130 4131 recv_msg = ipmi_alloc_recv_msg(); 4132 if (!recv_msg) { 4133 rcu_read_unlock(); 4134 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, 4135 link) { 4136 list_del(&recv_msg->link); 4137 ipmi_free_recv_msg(recv_msg); 4138 } 4139 /* 4140 * We couldn't allocate memory for the 4141 * message, so requeue it for handling 4142 * later. 4143 */ 4144 rv = 1; 4145 goto out; 4146 } 4147 4148 deliver_count++; 4149 4150 copy_event_into_recv_msg(recv_msg, msg); 4151 recv_msg->user = user; 4152 kref_get(&user->refcount); 4153 list_add_tail(&recv_msg->link, &msgs); 4154 } 4155 srcu_read_unlock(&intf->users_srcu, index); 4156 4157 if (deliver_count) { 4158 /* Now deliver all the messages. */ 4159 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) { 4160 list_del(&recv_msg->link); 4161 deliver_local_response(intf, recv_msg); 4162 } 4163 } else if (intf->waiting_events_count < MAX_EVENTS_IN_QUEUE) { 4164 /* 4165 * No one to receive the message, put it in queue if there's 4166 * not already too many things in the queue. 4167 */ 4168 recv_msg = ipmi_alloc_recv_msg(); 4169 if (!recv_msg) { 4170 /* 4171 * We couldn't allocate memory for the 4172 * message, so requeue it for handling 4173 * later. 4174 */ 4175 rv = 1; 4176 goto out; 4177 } 4178 4179 copy_event_into_recv_msg(recv_msg, msg); 4180 list_add_tail(&recv_msg->link, &intf->waiting_events); 4181 intf->waiting_events_count++; 4182 } else if (!intf->event_msg_printed) { 4183 /* 4184 * There's too many things in the queue, discard this 4185 * message. 4186 */ 4187 dev_warn(intf->si_dev, 4188 "Event queue full, discarding incoming events\n"); 4189 intf->event_msg_printed = 1; 4190 } 4191 4192 out: 4193 spin_unlock_irqrestore(&intf->events_lock, flags); 4194 4195 return rv; 4196 } 4197 4198 static int handle_bmc_rsp(struct ipmi_smi *intf, 4199 struct ipmi_smi_msg *msg) 4200 { 4201 struct ipmi_recv_msg *recv_msg; 4202 struct ipmi_system_interface_addr *smi_addr; 4203 4204 recv_msg = (struct ipmi_recv_msg *) msg->user_data; 4205 if (recv_msg == NULL) { 4206 dev_warn(intf->si_dev, 4207 "IPMI message received with no owner. This could be because of a malformed message, or because of a hardware error. Contact your hardware vendor for assistance.\n"); 4208 return 0; 4209 } 4210 4211 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 4212 recv_msg->msgid = msg->msgid; 4213 smi_addr = ((struct ipmi_system_interface_addr *) 4214 &recv_msg->addr); 4215 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 4216 smi_addr->channel = IPMI_BMC_CHANNEL; 4217 smi_addr->lun = msg->rsp[0] & 3; 4218 recv_msg->msg.netfn = msg->rsp[0] >> 2; 4219 recv_msg->msg.cmd = msg->rsp[1]; 4220 memcpy(recv_msg->msg_data, &msg->rsp[2], msg->rsp_size - 2); 4221 recv_msg->msg.data = recv_msg->msg_data; 4222 recv_msg->msg.data_len = msg->rsp_size - 2; 4223 deliver_local_response(intf, recv_msg); 4224 4225 return 0; 4226 } 4227 4228 /* 4229 * Handle a received message. Return 1 if the message should be requeued, 4230 * 0 if the message should be freed, or -1 if the message should not 4231 * be freed or requeued. 4232 */ 4233 static int handle_one_recv_msg(struct ipmi_smi *intf, 4234 struct ipmi_smi_msg *msg) 4235 { 4236 int requeue; 4237 int chan; 4238 4239 pr_debug("Recv: %*ph\n", msg->rsp_size, msg->rsp); 4240 4241 if ((msg->data_size >= 2) 4242 && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2)) 4243 && (msg->data[1] == IPMI_SEND_MSG_CMD) 4244 && (msg->user_data == NULL)) { 4245 4246 if (intf->in_shutdown) 4247 goto free_msg; 4248 4249 /* 4250 * This is the local response to a command send, start 4251 * the timer for these. The user_data will not be 4252 * NULL if this is a response send, and we will let 4253 * response sends just go through. 4254 */ 4255 4256 /* 4257 * Check for errors, if we get certain errors (ones 4258 * that mean basically we can try again later), we 4259 * ignore them and start the timer. Otherwise we 4260 * report the error immediately. 4261 */ 4262 if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0) 4263 && (msg->rsp[2] != IPMI_NODE_BUSY_ERR) 4264 && (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR) 4265 && (msg->rsp[2] != IPMI_BUS_ERR) 4266 && (msg->rsp[2] != IPMI_NAK_ON_WRITE_ERR)) { 4267 int ch = msg->rsp[3] & 0xf; 4268 struct ipmi_channel *chans; 4269 4270 /* Got an error sending the message, handle it. */ 4271 4272 chans = READ_ONCE(intf->channel_list)->c; 4273 if ((chans[ch].medium == IPMI_CHANNEL_MEDIUM_8023LAN) 4274 || (chans[ch].medium == IPMI_CHANNEL_MEDIUM_ASYNC)) 4275 ipmi_inc_stat(intf, sent_lan_command_errs); 4276 else 4277 ipmi_inc_stat(intf, sent_ipmb_command_errs); 4278 intf_err_seq(intf, msg->msgid, msg->rsp[2]); 4279 } else 4280 /* The message was sent, start the timer. */ 4281 intf_start_seq_timer(intf, msg->msgid); 4282 free_msg: 4283 requeue = 0; 4284 goto out; 4285 4286 } else if (msg->rsp_size < 2) { 4287 /* Message is too small to be correct. */ 4288 dev_warn(intf->si_dev, 4289 "BMC returned too small a message for netfn %x cmd %x, got %d bytes\n", 4290 (msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size); 4291 4292 /* Generate an error response for the message. */ 4293 msg->rsp[0] = msg->data[0] | (1 << 2); 4294 msg->rsp[1] = msg->data[1]; 4295 msg->rsp[2] = IPMI_ERR_UNSPECIFIED; 4296 msg->rsp_size = 3; 4297 } else if (((msg->rsp[0] >> 2) != ((msg->data[0] >> 2) | 1)) 4298 || (msg->rsp[1] != msg->data[1])) { 4299 /* 4300 * The NetFN and Command in the response is not even 4301 * marginally correct. 4302 */ 4303 dev_warn(intf->si_dev, 4304 "BMC returned incorrect response, expected netfn %x cmd %x, got netfn %x cmd %x\n", 4305 (msg->data[0] >> 2) | 1, msg->data[1], 4306 msg->rsp[0] >> 2, msg->rsp[1]); 4307 4308 /* Generate an error response for the message. */ 4309 msg->rsp[0] = msg->data[0] | (1 << 2); 4310 msg->rsp[1] = msg->data[1]; 4311 msg->rsp[2] = IPMI_ERR_UNSPECIFIED; 4312 msg->rsp_size = 3; 4313 } 4314 4315 if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2)) 4316 && (msg->rsp[1] == IPMI_SEND_MSG_CMD) 4317 && (msg->user_data != NULL)) { 4318 /* 4319 * It's a response to a response we sent. For this we 4320 * deliver a send message response to the user. 4321 */ 4322 struct ipmi_recv_msg *recv_msg = msg->user_data; 4323 4324 requeue = 0; 4325 if (msg->rsp_size < 2) 4326 /* Message is too small to be correct. */ 4327 goto out; 4328 4329 chan = msg->data[2] & 0x0f; 4330 if (chan >= IPMI_MAX_CHANNELS) 4331 /* Invalid channel number */ 4332 goto out; 4333 4334 if (!recv_msg) 4335 goto out; 4336 4337 recv_msg->recv_type = IPMI_RESPONSE_RESPONSE_TYPE; 4338 recv_msg->msg.data = recv_msg->msg_data; 4339 recv_msg->msg.data_len = 1; 4340 recv_msg->msg_data[0] = msg->rsp[2]; 4341 deliver_local_response(intf, recv_msg); 4342 } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2)) 4343 && (msg->rsp[1] == IPMI_GET_MSG_CMD)) { 4344 struct ipmi_channel *chans; 4345 4346 /* It's from the receive queue. */ 4347 chan = msg->rsp[3] & 0xf; 4348 if (chan >= IPMI_MAX_CHANNELS) { 4349 /* Invalid channel number */ 4350 requeue = 0; 4351 goto out; 4352 } 4353 4354 /* 4355 * We need to make sure the channels have been initialized. 4356 * The channel_handler routine will set the "curr_channel" 4357 * equal to or greater than IPMI_MAX_CHANNELS when all the 4358 * channels for this interface have been initialized. 4359 */ 4360 if (!intf->channels_ready) { 4361 requeue = 0; /* Throw the message away */ 4362 goto out; 4363 } 4364 4365 chans = READ_ONCE(intf->channel_list)->c; 4366 4367 switch (chans[chan].medium) { 4368 case IPMI_CHANNEL_MEDIUM_IPMB: 4369 if (msg->rsp[4] & 0x04) { 4370 /* 4371 * It's a response, so find the 4372 * requesting message and send it up. 4373 */ 4374 requeue = handle_ipmb_get_msg_rsp(intf, msg); 4375 } else { 4376 /* 4377 * It's a command to the SMS from some other 4378 * entity. Handle that. 4379 */ 4380 requeue = handle_ipmb_get_msg_cmd(intf, msg); 4381 } 4382 break; 4383 4384 case IPMI_CHANNEL_MEDIUM_8023LAN: 4385 case IPMI_CHANNEL_MEDIUM_ASYNC: 4386 if (msg->rsp[6] & 0x04) { 4387 /* 4388 * It's a response, so find the 4389 * requesting message and send it up. 4390 */ 4391 requeue = handle_lan_get_msg_rsp(intf, msg); 4392 } else { 4393 /* 4394 * It's a command to the SMS from some other 4395 * entity. Handle that. 4396 */ 4397 requeue = handle_lan_get_msg_cmd(intf, msg); 4398 } 4399 break; 4400 4401 default: 4402 /* Check for OEM Channels. Clients had better 4403 register for these commands. */ 4404 if ((chans[chan].medium >= IPMI_CHANNEL_MEDIUM_OEM_MIN) 4405 && (chans[chan].medium 4406 <= IPMI_CHANNEL_MEDIUM_OEM_MAX)) { 4407 requeue = handle_oem_get_msg_cmd(intf, msg); 4408 } else { 4409 /* 4410 * We don't handle the channel type, so just 4411 * free the message. 4412 */ 4413 requeue = 0; 4414 } 4415 } 4416 4417 } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2)) 4418 && (msg->rsp[1] == IPMI_READ_EVENT_MSG_BUFFER_CMD)) { 4419 /* It's an asynchronous event. */ 4420 requeue = handle_read_event_rsp(intf, msg); 4421 } else { 4422 /* It's a response from the local BMC. */ 4423 requeue = handle_bmc_rsp(intf, msg); 4424 } 4425 4426 out: 4427 return requeue; 4428 } 4429 4430 /* 4431 * If there are messages in the queue or pretimeouts, handle them. 4432 */ 4433 static void handle_new_recv_msgs(struct ipmi_smi *intf) 4434 { 4435 struct ipmi_smi_msg *smi_msg; 4436 unsigned long flags = 0; 4437 int rv; 4438 int run_to_completion = intf->run_to_completion; 4439 4440 /* See if any waiting messages need to be processed. */ 4441 if (!run_to_completion) 4442 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags); 4443 while (!list_empty(&intf->waiting_rcv_msgs)) { 4444 smi_msg = list_entry(intf->waiting_rcv_msgs.next, 4445 struct ipmi_smi_msg, link); 4446 list_del(&smi_msg->link); 4447 if (!run_to_completion) 4448 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock, 4449 flags); 4450 rv = handle_one_recv_msg(intf, smi_msg); 4451 if (!run_to_completion) 4452 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags); 4453 if (rv > 0) { 4454 /* 4455 * To preserve message order, quit if we 4456 * can't handle a message. Add the message 4457 * back at the head, this is safe because this 4458 * tasklet is the only thing that pulls the 4459 * messages. 4460 */ 4461 list_add(&smi_msg->link, &intf->waiting_rcv_msgs); 4462 break; 4463 } else { 4464 if (rv == 0) 4465 /* Message handled */ 4466 ipmi_free_smi_msg(smi_msg); 4467 /* If rv < 0, fatal error, del but don't free. */ 4468 } 4469 } 4470 if (!run_to_completion) 4471 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock, flags); 4472 4473 /* 4474 * If the pretimout count is non-zero, decrement one from it and 4475 * deliver pretimeouts to all the users. 4476 */ 4477 if (atomic_add_unless(&intf->watchdog_pretimeouts_to_deliver, -1, 0)) { 4478 struct ipmi_user *user; 4479 int index; 4480 4481 index = srcu_read_lock(&intf->users_srcu); 4482 list_for_each_entry_rcu(user, &intf->users, link) { 4483 if (user->handler->ipmi_watchdog_pretimeout) 4484 user->handler->ipmi_watchdog_pretimeout( 4485 user->handler_data); 4486 } 4487 srcu_read_unlock(&intf->users_srcu, index); 4488 } 4489 } 4490 4491 static void smi_recv_tasklet(struct tasklet_struct *t) 4492 { 4493 unsigned long flags = 0; /* keep us warning-free. */ 4494 struct ipmi_smi *intf = from_tasklet(intf, t, recv_tasklet); 4495 int run_to_completion = intf->run_to_completion; 4496 struct ipmi_smi_msg *newmsg = NULL; 4497 4498 /* 4499 * Start the next message if available. 4500 * 4501 * Do this here, not in the actual receiver, because we may deadlock 4502 * because the lower layer is allowed to hold locks while calling 4503 * message delivery. 4504 */ 4505 4506 rcu_read_lock(); 4507 4508 if (!run_to_completion) 4509 spin_lock_irqsave(&intf->xmit_msgs_lock, flags); 4510 if (intf->curr_msg == NULL && !intf->in_shutdown) { 4511 struct list_head *entry = NULL; 4512 4513 /* Pick the high priority queue first. */ 4514 if (!list_empty(&intf->hp_xmit_msgs)) 4515 entry = intf->hp_xmit_msgs.next; 4516 else if (!list_empty(&intf->xmit_msgs)) 4517 entry = intf->xmit_msgs.next; 4518 4519 if (entry) { 4520 list_del(entry); 4521 newmsg = list_entry(entry, struct ipmi_smi_msg, link); 4522 intf->curr_msg = newmsg; 4523 } 4524 } 4525 4526 if (!run_to_completion) 4527 spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags); 4528 if (newmsg) 4529 intf->handlers->sender(intf->send_info, newmsg); 4530 4531 rcu_read_unlock(); 4532 4533 handle_new_recv_msgs(intf); 4534 } 4535 4536 /* Handle a new message from the lower layer. */ 4537 void ipmi_smi_msg_received(struct ipmi_smi *intf, 4538 struct ipmi_smi_msg *msg) 4539 { 4540 unsigned long flags = 0; /* keep us warning-free. */ 4541 int run_to_completion = intf->run_to_completion; 4542 4543 /* 4544 * To preserve message order, we keep a queue and deliver from 4545 * a tasklet. 4546 */ 4547 if (!run_to_completion) 4548 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags); 4549 list_add_tail(&msg->link, &intf->waiting_rcv_msgs); 4550 if (!run_to_completion) 4551 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock, 4552 flags); 4553 4554 if (!run_to_completion) 4555 spin_lock_irqsave(&intf->xmit_msgs_lock, flags); 4556 /* 4557 * We can get an asynchronous event or receive message in addition 4558 * to commands we send. 4559 */ 4560 if (msg == intf->curr_msg) 4561 intf->curr_msg = NULL; 4562 if (!run_to_completion) 4563 spin_unlock_irqrestore(&intf->xmit_msgs_lock, flags); 4564 4565 if (run_to_completion) 4566 smi_recv_tasklet(&intf->recv_tasklet); 4567 else 4568 tasklet_schedule(&intf->recv_tasklet); 4569 } 4570 EXPORT_SYMBOL(ipmi_smi_msg_received); 4571 4572 void ipmi_smi_watchdog_pretimeout(struct ipmi_smi *intf) 4573 { 4574 if (intf->in_shutdown) 4575 return; 4576 4577 atomic_set(&intf->watchdog_pretimeouts_to_deliver, 1); 4578 tasklet_schedule(&intf->recv_tasklet); 4579 } 4580 EXPORT_SYMBOL(ipmi_smi_watchdog_pretimeout); 4581 4582 static struct ipmi_smi_msg * 4583 smi_from_recv_msg(struct ipmi_smi *intf, struct ipmi_recv_msg *recv_msg, 4584 unsigned char seq, long seqid) 4585 { 4586 struct ipmi_smi_msg *smi_msg = ipmi_alloc_smi_msg(); 4587 if (!smi_msg) 4588 /* 4589 * If we can't allocate the message, then just return, we 4590 * get 4 retries, so this should be ok. 4591 */ 4592 return NULL; 4593 4594 memcpy(smi_msg->data, recv_msg->msg.data, recv_msg->msg.data_len); 4595 smi_msg->data_size = recv_msg->msg.data_len; 4596 smi_msg->msgid = STORE_SEQ_IN_MSGID(seq, seqid); 4597 4598 pr_debug("Resend: %*ph\n", smi_msg->data_size, smi_msg->data); 4599 4600 return smi_msg; 4601 } 4602 4603 static void check_msg_timeout(struct ipmi_smi *intf, struct seq_table *ent, 4604 struct list_head *timeouts, 4605 unsigned long timeout_period, 4606 int slot, unsigned long *flags, 4607 bool *need_timer) 4608 { 4609 struct ipmi_recv_msg *msg; 4610 4611 if (intf->in_shutdown) 4612 return; 4613 4614 if (!ent->inuse) 4615 return; 4616 4617 if (timeout_period < ent->timeout) { 4618 ent->timeout -= timeout_period; 4619 *need_timer = true; 4620 return; 4621 } 4622 4623 if (ent->retries_left == 0) { 4624 /* The message has used all its retries. */ 4625 ent->inuse = 0; 4626 smi_remove_watch(intf, IPMI_WATCH_MASK_CHECK_MESSAGES); 4627 msg = ent->recv_msg; 4628 list_add_tail(&msg->link, timeouts); 4629 if (ent->broadcast) 4630 ipmi_inc_stat(intf, timed_out_ipmb_broadcasts); 4631 else if (is_lan_addr(&ent->recv_msg->addr)) 4632 ipmi_inc_stat(intf, timed_out_lan_commands); 4633 else 4634 ipmi_inc_stat(intf, timed_out_ipmb_commands); 4635 } else { 4636 struct ipmi_smi_msg *smi_msg; 4637 /* More retries, send again. */ 4638 4639 *need_timer = true; 4640 4641 /* 4642 * Start with the max timer, set to normal timer after 4643 * the message is sent. 4644 */ 4645 ent->timeout = MAX_MSG_TIMEOUT; 4646 ent->retries_left--; 4647 smi_msg = smi_from_recv_msg(intf, ent->recv_msg, slot, 4648 ent->seqid); 4649 if (!smi_msg) { 4650 if (is_lan_addr(&ent->recv_msg->addr)) 4651 ipmi_inc_stat(intf, 4652 dropped_rexmit_lan_commands); 4653 else 4654 ipmi_inc_stat(intf, 4655 dropped_rexmit_ipmb_commands); 4656 return; 4657 } 4658 4659 spin_unlock_irqrestore(&intf->seq_lock, *flags); 4660 4661 /* 4662 * Send the new message. We send with a zero 4663 * priority. It timed out, I doubt time is that 4664 * critical now, and high priority messages are really 4665 * only for messages to the local MC, which don't get 4666 * resent. 4667 */ 4668 if (intf->handlers) { 4669 if (is_lan_addr(&ent->recv_msg->addr)) 4670 ipmi_inc_stat(intf, 4671 retransmitted_lan_commands); 4672 else 4673 ipmi_inc_stat(intf, 4674 retransmitted_ipmb_commands); 4675 4676 smi_send(intf, intf->handlers, smi_msg, 0); 4677 } else 4678 ipmi_free_smi_msg(smi_msg); 4679 4680 spin_lock_irqsave(&intf->seq_lock, *flags); 4681 } 4682 } 4683 4684 static bool ipmi_timeout_handler(struct ipmi_smi *intf, 4685 unsigned long timeout_period) 4686 { 4687 struct list_head timeouts; 4688 struct ipmi_recv_msg *msg, *msg2; 4689 unsigned long flags; 4690 int i; 4691 bool need_timer = false; 4692 4693 if (!intf->bmc_registered) { 4694 kref_get(&intf->refcount); 4695 if (!schedule_work(&intf->bmc_reg_work)) { 4696 kref_put(&intf->refcount, intf_free); 4697 need_timer = true; 4698 } 4699 } 4700 4701 /* 4702 * Go through the seq table and find any messages that 4703 * have timed out, putting them in the timeouts 4704 * list. 4705 */ 4706 INIT_LIST_HEAD(&timeouts); 4707 spin_lock_irqsave(&intf->seq_lock, flags); 4708 if (intf->ipmb_maintenance_mode_timeout) { 4709 if (intf->ipmb_maintenance_mode_timeout <= timeout_period) 4710 intf->ipmb_maintenance_mode_timeout = 0; 4711 else 4712 intf->ipmb_maintenance_mode_timeout -= timeout_period; 4713 } 4714 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) 4715 check_msg_timeout(intf, &intf->seq_table[i], 4716 &timeouts, timeout_period, i, 4717 &flags, &need_timer); 4718 spin_unlock_irqrestore(&intf->seq_lock, flags); 4719 4720 list_for_each_entry_safe(msg, msg2, &timeouts, link) 4721 deliver_err_response(intf, msg, IPMI_TIMEOUT_COMPLETION_CODE); 4722 4723 /* 4724 * Maintenance mode handling. Check the timeout 4725 * optimistically before we claim the lock. It may 4726 * mean a timeout gets missed occasionally, but that 4727 * only means the timeout gets extended by one period 4728 * in that case. No big deal, and it avoids the lock 4729 * most of the time. 4730 */ 4731 if (intf->auto_maintenance_timeout > 0) { 4732 spin_lock_irqsave(&intf->maintenance_mode_lock, flags); 4733 if (intf->auto_maintenance_timeout > 0) { 4734 intf->auto_maintenance_timeout 4735 -= timeout_period; 4736 if (!intf->maintenance_mode 4737 && (intf->auto_maintenance_timeout <= 0)) { 4738 intf->maintenance_mode_enable = false; 4739 maintenance_mode_update(intf); 4740 } 4741 } 4742 spin_unlock_irqrestore(&intf->maintenance_mode_lock, 4743 flags); 4744 } 4745 4746 tasklet_schedule(&intf->recv_tasklet); 4747 4748 return need_timer; 4749 } 4750 4751 static void ipmi_request_event(struct ipmi_smi *intf) 4752 { 4753 /* No event requests when in maintenance mode. */ 4754 if (intf->maintenance_mode_enable) 4755 return; 4756 4757 if (!intf->in_shutdown) 4758 intf->handlers->request_events(intf->send_info); 4759 } 4760 4761 static struct timer_list ipmi_timer; 4762 4763 static atomic_t stop_operation; 4764 4765 static void ipmi_timeout(struct timer_list *unused) 4766 { 4767 struct ipmi_smi *intf; 4768 bool need_timer = false; 4769 int index; 4770 4771 if (atomic_read(&stop_operation)) 4772 return; 4773 4774 index = srcu_read_lock(&ipmi_interfaces_srcu); 4775 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 4776 if (atomic_read(&intf->event_waiters)) { 4777 intf->ticks_to_req_ev--; 4778 if (intf->ticks_to_req_ev == 0) { 4779 ipmi_request_event(intf); 4780 intf->ticks_to_req_ev = IPMI_REQUEST_EV_TIME; 4781 } 4782 need_timer = true; 4783 } 4784 4785 need_timer |= ipmi_timeout_handler(intf, IPMI_TIMEOUT_TIME); 4786 } 4787 srcu_read_unlock(&ipmi_interfaces_srcu, index); 4788 4789 if (need_timer) 4790 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES); 4791 } 4792 4793 static void need_waiter(struct ipmi_smi *intf) 4794 { 4795 /* Racy, but worst case we start the timer twice. */ 4796 if (!timer_pending(&ipmi_timer)) 4797 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES); 4798 } 4799 4800 static atomic_t smi_msg_inuse_count = ATOMIC_INIT(0); 4801 static atomic_t recv_msg_inuse_count = ATOMIC_INIT(0); 4802 4803 static void free_smi_msg(struct ipmi_smi_msg *msg) 4804 { 4805 atomic_dec(&smi_msg_inuse_count); 4806 kfree(msg); 4807 } 4808 4809 struct ipmi_smi_msg *ipmi_alloc_smi_msg(void) 4810 { 4811 struct ipmi_smi_msg *rv; 4812 rv = kmalloc(sizeof(struct ipmi_smi_msg), GFP_ATOMIC); 4813 if (rv) { 4814 rv->done = free_smi_msg; 4815 rv->user_data = NULL; 4816 atomic_inc(&smi_msg_inuse_count); 4817 } 4818 return rv; 4819 } 4820 EXPORT_SYMBOL(ipmi_alloc_smi_msg); 4821 4822 static void free_recv_msg(struct ipmi_recv_msg *msg) 4823 { 4824 atomic_dec(&recv_msg_inuse_count); 4825 kfree(msg); 4826 } 4827 4828 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void) 4829 { 4830 struct ipmi_recv_msg *rv; 4831 4832 rv = kmalloc(sizeof(struct ipmi_recv_msg), GFP_ATOMIC); 4833 if (rv) { 4834 rv->user = NULL; 4835 rv->done = free_recv_msg; 4836 atomic_inc(&recv_msg_inuse_count); 4837 } 4838 return rv; 4839 } 4840 4841 void ipmi_free_recv_msg(struct ipmi_recv_msg *msg) 4842 { 4843 if (msg->user) 4844 kref_put(&msg->user->refcount, free_user); 4845 msg->done(msg); 4846 } 4847 EXPORT_SYMBOL(ipmi_free_recv_msg); 4848 4849 static atomic_t panic_done_count = ATOMIC_INIT(0); 4850 4851 static void dummy_smi_done_handler(struct ipmi_smi_msg *msg) 4852 { 4853 atomic_dec(&panic_done_count); 4854 } 4855 4856 static void dummy_recv_done_handler(struct ipmi_recv_msg *msg) 4857 { 4858 atomic_dec(&panic_done_count); 4859 } 4860 4861 /* 4862 * Inside a panic, send a message and wait for a response. 4863 */ 4864 static void ipmi_panic_request_and_wait(struct ipmi_smi *intf, 4865 struct ipmi_addr *addr, 4866 struct kernel_ipmi_msg *msg) 4867 { 4868 struct ipmi_smi_msg smi_msg; 4869 struct ipmi_recv_msg recv_msg; 4870 int rv; 4871 4872 smi_msg.done = dummy_smi_done_handler; 4873 recv_msg.done = dummy_recv_done_handler; 4874 atomic_add(2, &panic_done_count); 4875 rv = i_ipmi_request(NULL, 4876 intf, 4877 addr, 4878 0, 4879 msg, 4880 intf, 4881 &smi_msg, 4882 &recv_msg, 4883 0, 4884 intf->addrinfo[0].address, 4885 intf->addrinfo[0].lun, 4886 0, 1); /* Don't retry, and don't wait. */ 4887 if (rv) 4888 atomic_sub(2, &panic_done_count); 4889 else if (intf->handlers->flush_messages) 4890 intf->handlers->flush_messages(intf->send_info); 4891 4892 while (atomic_read(&panic_done_count) != 0) 4893 ipmi_poll(intf); 4894 } 4895 4896 static void event_receiver_fetcher(struct ipmi_smi *intf, 4897 struct ipmi_recv_msg *msg) 4898 { 4899 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 4900 && (msg->msg.netfn == IPMI_NETFN_SENSOR_EVENT_RESPONSE) 4901 && (msg->msg.cmd == IPMI_GET_EVENT_RECEIVER_CMD) 4902 && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) { 4903 /* A get event receiver command, save it. */ 4904 intf->event_receiver = msg->msg.data[1]; 4905 intf->event_receiver_lun = msg->msg.data[2] & 0x3; 4906 } 4907 } 4908 4909 static void device_id_fetcher(struct ipmi_smi *intf, struct ipmi_recv_msg *msg) 4910 { 4911 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) 4912 && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE) 4913 && (msg->msg.cmd == IPMI_GET_DEVICE_ID_CMD) 4914 && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) { 4915 /* 4916 * A get device id command, save if we are an event 4917 * receiver or generator. 4918 */ 4919 intf->local_sel_device = (msg->msg.data[6] >> 2) & 1; 4920 intf->local_event_generator = (msg->msg.data[6] >> 5) & 1; 4921 } 4922 } 4923 4924 static void send_panic_events(struct ipmi_smi *intf, char *str) 4925 { 4926 struct kernel_ipmi_msg msg; 4927 unsigned char data[16]; 4928 struct ipmi_system_interface_addr *si; 4929 struct ipmi_addr addr; 4930 char *p = str; 4931 struct ipmi_ipmb_addr *ipmb; 4932 int j; 4933 4934 if (ipmi_send_panic_event == IPMI_SEND_PANIC_EVENT_NONE) 4935 return; 4936 4937 si = (struct ipmi_system_interface_addr *) &addr; 4938 si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 4939 si->channel = IPMI_BMC_CHANNEL; 4940 si->lun = 0; 4941 4942 /* Fill in an event telling that we have failed. */ 4943 msg.netfn = 0x04; /* Sensor or Event. */ 4944 msg.cmd = 2; /* Platform event command. */ 4945 msg.data = data; 4946 msg.data_len = 8; 4947 data[0] = 0x41; /* Kernel generator ID, IPMI table 5-4 */ 4948 data[1] = 0x03; /* This is for IPMI 1.0. */ 4949 data[2] = 0x20; /* OS Critical Stop, IPMI table 36-3 */ 4950 data[4] = 0x6f; /* Sensor specific, IPMI table 36-1 */ 4951 data[5] = 0xa1; /* Runtime stop OEM bytes 2 & 3. */ 4952 4953 /* 4954 * Put a few breadcrumbs in. Hopefully later we can add more things 4955 * to make the panic events more useful. 4956 */ 4957 if (str) { 4958 data[3] = str[0]; 4959 data[6] = str[1]; 4960 data[7] = str[2]; 4961 } 4962 4963 /* Send the event announcing the panic. */ 4964 ipmi_panic_request_and_wait(intf, &addr, &msg); 4965 4966 /* 4967 * On every interface, dump a bunch of OEM event holding the 4968 * string. 4969 */ 4970 if (ipmi_send_panic_event != IPMI_SEND_PANIC_EVENT_STRING || !str) 4971 return; 4972 4973 /* 4974 * intf_num is used as an marker to tell if the 4975 * interface is valid. Thus we need a read barrier to 4976 * make sure data fetched before checking intf_num 4977 * won't be used. 4978 */ 4979 smp_rmb(); 4980 4981 /* 4982 * First job here is to figure out where to send the 4983 * OEM events. There's no way in IPMI to send OEM 4984 * events using an event send command, so we have to 4985 * find the SEL to put them in and stick them in 4986 * there. 4987 */ 4988 4989 /* Get capabilities from the get device id. */ 4990 intf->local_sel_device = 0; 4991 intf->local_event_generator = 0; 4992 intf->event_receiver = 0; 4993 4994 /* Request the device info from the local MC. */ 4995 msg.netfn = IPMI_NETFN_APP_REQUEST; 4996 msg.cmd = IPMI_GET_DEVICE_ID_CMD; 4997 msg.data = NULL; 4998 msg.data_len = 0; 4999 intf->null_user_handler = device_id_fetcher; 5000 ipmi_panic_request_and_wait(intf, &addr, &msg); 5001 5002 if (intf->local_event_generator) { 5003 /* Request the event receiver from the local MC. */ 5004 msg.netfn = IPMI_NETFN_SENSOR_EVENT_REQUEST; 5005 msg.cmd = IPMI_GET_EVENT_RECEIVER_CMD; 5006 msg.data = NULL; 5007 msg.data_len = 0; 5008 intf->null_user_handler = event_receiver_fetcher; 5009 ipmi_panic_request_and_wait(intf, &addr, &msg); 5010 } 5011 intf->null_user_handler = NULL; 5012 5013 /* 5014 * Validate the event receiver. The low bit must not 5015 * be 1 (it must be a valid IPMB address), it cannot 5016 * be zero, and it must not be my address. 5017 */ 5018 if (((intf->event_receiver & 1) == 0) 5019 && (intf->event_receiver != 0) 5020 && (intf->event_receiver != intf->addrinfo[0].address)) { 5021 /* 5022 * The event receiver is valid, send an IPMB 5023 * message. 5024 */ 5025 ipmb = (struct ipmi_ipmb_addr *) &addr; 5026 ipmb->addr_type = IPMI_IPMB_ADDR_TYPE; 5027 ipmb->channel = 0; /* FIXME - is this right? */ 5028 ipmb->lun = intf->event_receiver_lun; 5029 ipmb->slave_addr = intf->event_receiver; 5030 } else if (intf->local_sel_device) { 5031 /* 5032 * The event receiver was not valid (or was 5033 * me), but I am an SEL device, just dump it 5034 * in my SEL. 5035 */ 5036 si = (struct ipmi_system_interface_addr *) &addr; 5037 si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; 5038 si->channel = IPMI_BMC_CHANNEL; 5039 si->lun = 0; 5040 } else 5041 return; /* No where to send the event. */ 5042 5043 msg.netfn = IPMI_NETFN_STORAGE_REQUEST; /* Storage. */ 5044 msg.cmd = IPMI_ADD_SEL_ENTRY_CMD; 5045 msg.data = data; 5046 msg.data_len = 16; 5047 5048 j = 0; 5049 while (*p) { 5050 int size = strlen(p); 5051 5052 if (size > 11) 5053 size = 11; 5054 data[0] = 0; 5055 data[1] = 0; 5056 data[2] = 0xf0; /* OEM event without timestamp. */ 5057 data[3] = intf->addrinfo[0].address; 5058 data[4] = j++; /* sequence # */ 5059 /* 5060 * Always give 11 bytes, so strncpy will fill 5061 * it with zeroes for me. 5062 */ 5063 strncpy(data+5, p, 11); 5064 p += size; 5065 5066 ipmi_panic_request_and_wait(intf, &addr, &msg); 5067 } 5068 } 5069 5070 static int has_panicked; 5071 5072 static int panic_event(struct notifier_block *this, 5073 unsigned long event, 5074 void *ptr) 5075 { 5076 struct ipmi_smi *intf; 5077 struct ipmi_user *user; 5078 5079 if (has_panicked) 5080 return NOTIFY_DONE; 5081 has_panicked = 1; 5082 5083 /* For every registered interface, set it to run to completion. */ 5084 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) { 5085 if (!intf->handlers || intf->intf_num == -1) 5086 /* Interface is not ready. */ 5087 continue; 5088 5089 if (!intf->handlers->poll) 5090 continue; 5091 5092 /* 5093 * If we were interrupted while locking xmit_msgs_lock or 5094 * waiting_rcv_msgs_lock, the corresponding list may be 5095 * corrupted. In this case, drop items on the list for 5096 * the safety. 5097 */ 5098 if (!spin_trylock(&intf->xmit_msgs_lock)) { 5099 INIT_LIST_HEAD(&intf->xmit_msgs); 5100 INIT_LIST_HEAD(&intf->hp_xmit_msgs); 5101 } else 5102 spin_unlock(&intf->xmit_msgs_lock); 5103 5104 if (!spin_trylock(&intf->waiting_rcv_msgs_lock)) 5105 INIT_LIST_HEAD(&intf->waiting_rcv_msgs); 5106 else 5107 spin_unlock(&intf->waiting_rcv_msgs_lock); 5108 5109 intf->run_to_completion = 1; 5110 if (intf->handlers->set_run_to_completion) 5111 intf->handlers->set_run_to_completion(intf->send_info, 5112 1); 5113 5114 list_for_each_entry_rcu(user, &intf->users, link) { 5115 if (user->handler->ipmi_panic_handler) 5116 user->handler->ipmi_panic_handler( 5117 user->handler_data); 5118 } 5119 5120 send_panic_events(intf, ptr); 5121 } 5122 5123 return NOTIFY_DONE; 5124 } 5125 5126 /* Must be called with ipmi_interfaces_mutex held. */ 5127 static int ipmi_register_driver(void) 5128 { 5129 int rv; 5130 5131 if (drvregistered) 5132 return 0; 5133 5134 rv = driver_register(&ipmidriver.driver); 5135 if (rv) 5136 pr_err("Could not register IPMI driver\n"); 5137 else 5138 drvregistered = true; 5139 return rv; 5140 } 5141 5142 static struct notifier_block panic_block = { 5143 .notifier_call = panic_event, 5144 .next = NULL, 5145 .priority = 200 /* priority: INT_MAX >= x >= 0 */ 5146 }; 5147 5148 static int ipmi_init_msghandler(void) 5149 { 5150 int rv; 5151 5152 mutex_lock(&ipmi_interfaces_mutex); 5153 rv = ipmi_register_driver(); 5154 if (rv) 5155 goto out; 5156 if (initialized) 5157 goto out; 5158 5159 init_srcu_struct(&ipmi_interfaces_srcu); 5160 5161 timer_setup(&ipmi_timer, ipmi_timeout, 0); 5162 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES); 5163 5164 atomic_notifier_chain_register(&panic_notifier_list, &panic_block); 5165 5166 initialized = true; 5167 5168 out: 5169 mutex_unlock(&ipmi_interfaces_mutex); 5170 return rv; 5171 } 5172 5173 static int __init ipmi_init_msghandler_mod(void) 5174 { 5175 int rv; 5176 5177 pr_info("version " IPMI_DRIVER_VERSION "\n"); 5178 5179 mutex_lock(&ipmi_interfaces_mutex); 5180 rv = ipmi_register_driver(); 5181 mutex_unlock(&ipmi_interfaces_mutex); 5182 5183 return rv; 5184 } 5185 5186 static void __exit cleanup_ipmi(void) 5187 { 5188 int count; 5189 5190 if (initialized) { 5191 atomic_notifier_chain_unregister(&panic_notifier_list, 5192 &panic_block); 5193 5194 /* 5195 * This can't be called if any interfaces exist, so no worry 5196 * about shutting down the interfaces. 5197 */ 5198 5199 /* 5200 * Tell the timer to stop, then wait for it to stop. This 5201 * avoids problems with race conditions removing the timer 5202 * here. 5203 */ 5204 atomic_set(&stop_operation, 1); 5205 del_timer_sync(&ipmi_timer); 5206 5207 initialized = false; 5208 5209 /* Check for buffer leaks. */ 5210 count = atomic_read(&smi_msg_inuse_count); 5211 if (count != 0) 5212 pr_warn("SMI message count %d at exit\n", count); 5213 count = atomic_read(&recv_msg_inuse_count); 5214 if (count != 0) 5215 pr_warn("recv message count %d at exit\n", count); 5216 5217 cleanup_srcu_struct(&ipmi_interfaces_srcu); 5218 } 5219 if (drvregistered) 5220 driver_unregister(&ipmidriver.driver); 5221 } 5222 module_exit(cleanup_ipmi); 5223 5224 module_init(ipmi_init_msghandler_mod); 5225 MODULE_LICENSE("GPL"); 5226 MODULE_AUTHOR("Corey Minyard <minyard@mvista.com>"); 5227 MODULE_DESCRIPTION("Incoming and outgoing message routing for an IPMI" 5228 " interface."); 5229 MODULE_VERSION(IPMI_DRIVER_VERSION); 5230 MODULE_SOFTDEP("post: ipmi_devintf"); 5231