projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ipmi: Move message sending into its own function
[deliverable/linux.git] / drivers / char / ipmi / ipmi_msghandler.c
CommitLineData
1da177e4
LT		 1/*
2 * ipmi_msghandler.c
3 *
4 * Incoming and outgoing message routing for an IPMI interface.
5 *
6 * Author: MontaVista Software, Inc.
7 * Corey Minyard <minyard@mvista.com>
8 * source@mvista.com
9 *
10 * Copyright 2002 MontaVista Software Inc.
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version.
16 *
17 *
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
24 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
26 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
27 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 *
29 * You should have received a copy of the GNU General Public License along
30 * with this program; if not, write to the Free Software Foundation, Inc.,
31 * 675 Mass Ave, Cambridge, MA 02139, USA.
32 */
33
1da177e4
LT		 34#include <linux/module.h>
35#include <linux/errno.h>
1da177e4 36#include <linux/poll.h>
a99bbaf5 37#include <linux/sched.h>
07412736 38#include <linux/seq_file.h>
1da177e4 39#include <linux/spinlock.h>
d6dfd131 40#include <linux/mutex.h>
1da177e4
LT		 41#include <linux/slab.h>
42#include <linux/ipmi.h>
43#include <linux/ipmi_smi.h>
44#include <linux/notifier.h>
45#include <linux/init.h>
46#include <linux/proc_fs.h>
393d2cc3 47#include <linux/rcupdate.h>
7adf579c 48#include <linux/interrupt.h>
1da177e4
LT		 49
50#define PFX "IPMI message handler: "
1fdd75bd 51
f7caa1b5 52#define IPMI_DRIVER_VERSION "39.2"
1da177e4
LT		 53
54static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void);
55static int ipmi_init_msghandler(void);
7adf579c
CM		 56static void smi_recv_tasklet(unsigned long);
57static void handle_new_recv_msgs(ipmi_smi_t intf);
89986496 58static void need_waiter(ipmi_smi_t intf);
1da177e4 59
0c8204b3 60static int initialized;
1da177e4 61
3b625943 62#ifdef CONFIG_PROC_FS
0c8204b3 63static struct proc_dir_entry *proc_ipmi_root;
3b625943 64#endif /* CONFIG_PROC_FS */
1da177e4 65
b9675136
CM		 66/* Remain in auto-maintenance mode for this amount of time (in ms). */
67#define IPMI_MAINTENANCE_MODE_TIMEOUT 30000
68
1da177e4
LT		 69#define MAX_EVENTS_IN_QUEUE 25
70
c70d7499
CM		 71/*
72 * Don't let a message sit in a queue forever, always time it with at lest
73 * the max message timer. This is in milliseconds.
74 */
1da177e4
LT		 75#define MAX_MSG_TIMEOUT 60000
76
89986496
CM		 77/* Call every ~1000 ms. */
78#define IPMI_TIMEOUT_TIME 1000
79
80/* How many jiffies does it take to get to the timeout time. */
81#define IPMI_TIMEOUT_JIFFIES ((IPMI_TIMEOUT_TIME * HZ) / 1000)
82
83/*
84 * Request events from the queue every second (this is the number of
85 * IPMI_TIMEOUT_TIMES between event requests). Hopefully, in the
86 * future, IPMI will add a way to know immediately if an event is in
87 * the queue and this silliness can go away.
88 */
89#define IPMI_REQUEST_EV_TIME (1000 / (IPMI_TIMEOUT_TIME))
90
393d2cc3
CM		 91/*
92 * The main "user" data structure.
93 */
c70d7499 94struct ipmi_user {
1da177e4
LT		 95 struct list_head link;
96
7aefac26
CM		 97 /* Set to false when the user is destroyed. */
98 bool valid;
393d2cc3
CM		 99
100 struct kref refcount;
101
1da177e4
LT		 102 /* The upper layer that handles receive messages. */
103 struct ipmi_user_hndl *handler;
104 void *handler_data;
105
106 /* The interface this user is bound to. */
107 ipmi_smi_t intf;
108
109 /* Does this interface receive IPMI events? */
89986496 110 bool gets_events;
1da177e4
LT		 111};
112
c70d7499 113struct cmd_rcvr {
1da177e4
LT		 114 struct list_head link;
115
116 ipmi_user_t user;
117 unsigned char netfn;
118 unsigned char cmd;
c69c3127 119 unsigned int chans;
393d2cc3
CM		 120
121 /*
122 * This is used to form a linked lised during mass deletion.
123 * Since this is in an RCU list, we cannot use the link above
124 * or change any data until the RCU period completes. So we
125 * use this next variable during mass deletion so we can have
126 * a list and don't have to wait and restart the search on
c70d7499
CM		 127 * every individual deletion of a command.
128 */
393d2cc3 129 struct cmd_rcvr *next;
1da177e4
LT		 130};
131
c70d7499 132struct seq_table {
1da177e4
LT		 133 unsigned int inuse : 1;
134 unsigned int broadcast : 1;
135
136 unsigned long timeout;
137 unsigned long orig_timeout;
138 unsigned int retries_left;
139
c70d7499
CM		 140 /*
141 * To verify on an incoming send message response that this is
142 * the message that the response is for, we keep a sequence id
143 * and increment it every time we send a message.
144 */
1da177e4
LT		 145 long seqid;
146
c70d7499
CM		 147 /*
148 * This is held so we can properly respond to the message on a
149 * timeout, and it is used to hold the temporary data for
150 * retransmission, too.
151 */
1da177e4
LT		 152 struct ipmi_recv_msg *recv_msg;
153};
154
c70d7499
CM		 155/*
156 * Store the information in a msgid (long) to allow us to find a
157 * sequence table entry from the msgid.
158 */
1da177e4
LT		 159#define STORE_SEQ_IN_MSGID(seq, seqid) (((seq&0xff)<<26) | (seqid&0x3ffffff))
160
161#define GET_SEQ_FROM_MSGID(msgid, seq, seqid) \
162 do { \
163 seq = ((msgid >> 26) & 0x3f); \
164 seqid = (msgid & 0x3fffff); \
c70d7499 165 } while (0)
1da177e4
LT		 166
167#define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3fffff)
168
c70d7499 169struct ipmi_channel {
1da177e4
LT		 170 unsigned char medium;
171 unsigned char protocol;
c14979b9 172
c70d7499
CM		 173 /*
174 * My slave address. This is initialized to IPMI_BMC_SLAVE_ADDR,
175 * but may be changed by the user.
176 */
c14979b9
CM		 177 unsigned char address;
178
c70d7499
CM		 179 /*
180 * My LUN. This should generally stay the SMS LUN, but just in
181 * case...
182 */
c14979b9 183 unsigned char lun;
1da177e4
LT		 184};
185
3b625943 186#ifdef CONFIG_PROC_FS
c70d7499 187struct ipmi_proc_entry {
1da177e4
LT		 188 char *name;
189 struct ipmi_proc_entry *next;
190};
3b625943 191#endif
1da177e4 192
c70d7499 193struct bmc_device {
16639eb0 194 struct platform_device pdev;
50c812b2
CM		 195 struct ipmi_device_id id;
196 unsigned char guid[16];
197 int guid_set;
16639eb0
CM		 198 char name[16];
199 struct kref usecount;
50c812b2
CM		 200
201 /* bmc device attributes */
202 struct device_attribute device_id_attr;
203 struct device_attribute provides_dev_sdrs_attr;
204 struct device_attribute revision_attr;
205 struct device_attribute firmware_rev_attr;
206 struct device_attribute version_attr;
207 struct device_attribute add_dev_support_attr;
208 struct device_attribute manufacturer_id_attr;
209 struct device_attribute product_id_attr;
210 struct device_attribute guid_attr;
211 struct device_attribute aux_firmware_rev_attr;
212};
16639eb0 213#define to_bmc_device(x) container_of((x), struct bmc_device, pdev.dev)
50c812b2 214
b2655f26
KB		 215/*
216 * Various statistics for IPMI, these index stats[] in the ipmi_smi
217 * structure.
218 */
73f2bdb9
CM		 219enum ipmi_stat_indexes {
220 /* Commands we got from the user that were invalid. */
221 IPMI_STAT_sent_invalid_commands = 0,
b2655f26 222
73f2bdb9
CM		 223 /* Commands we sent to the MC. */
224 IPMI_STAT_sent_local_commands,
b2655f26 225
73f2bdb9
CM		 226 /* Responses from the MC that were delivered to a user. */
227 IPMI_STAT_handled_local_responses,
b2655f26 228
73f2bdb9
CM		 229 /* Responses from the MC that were not delivered to a user. */
230 IPMI_STAT_unhandled_local_responses,
b2655f26 231
73f2bdb9
CM		 232 /* Commands we sent out to the IPMB bus. */
233 IPMI_STAT_sent_ipmb_commands,
b2655f26 234
73f2bdb9
CM		 235 /* Commands sent on the IPMB that had errors on the SEND CMD */
236 IPMI_STAT_sent_ipmb_command_errs,
b2655f26 237
73f2bdb9
CM		 238 /* Each retransmit increments this count. */
239 IPMI_STAT_retransmitted_ipmb_commands,
b2655f26 240
73f2bdb9
CM		 241 /*
242 * When a message times out (runs out of retransmits) this is
243 * incremented.
244 */
245 IPMI_STAT_timed_out_ipmb_commands,
b2655f26 246
73f2bdb9
CM		 247 /*
248 * This is like above, but for broadcasts. Broadcasts are
249 * *not* included in the above count (they are expected to
250 * time out).
251 */
252 IPMI_STAT_timed_out_ipmb_broadcasts,
b2655f26 253
73f2bdb9
CM		 254 /* Responses I have sent to the IPMB bus. */
255 IPMI_STAT_sent_ipmb_responses,
b2655f26 256
73f2bdb9
CM		 257 /* The response was delivered to the user. */
258 IPMI_STAT_handled_ipmb_responses,
b2655f26 259
73f2bdb9
CM		 260 /* The response had invalid data in it. */
261 IPMI_STAT_invalid_ipmb_responses,
b2655f26 262
73f2bdb9
CM		 263 /* The response didn't have anyone waiting for it. */
264 IPMI_STAT_unhandled_ipmb_responses,
b2655f26 265
73f2bdb9
CM		 266 /* Commands we sent out to the IPMB bus. */
267 IPMI_STAT_sent_lan_commands,
b2655f26 268
73f2bdb9
CM		 269 /* Commands sent on the IPMB that had errors on the SEND CMD */
270 IPMI_STAT_sent_lan_command_errs,
b2655f26 271
73f2bdb9
CM		 272 /* Each retransmit increments this count. */
273 IPMI_STAT_retransmitted_lan_commands,
b2655f26 274
73f2bdb9
CM		 275 /*
276 * When a message times out (runs out of retransmits) this is
277 * incremented.
278 */
279 IPMI_STAT_timed_out_lan_commands,
280
281 /* Responses I have sent to the IPMB bus. */
282 IPMI_STAT_sent_lan_responses,
b2655f26 283
73f2bdb9
CM		 284 /* The response was delivered to the user. */
285 IPMI_STAT_handled_lan_responses,
b2655f26 286
73f2bdb9
CM		 287 /* The response had invalid data in it. */
288 IPMI_STAT_invalid_lan_responses,
b2655f26 289
73f2bdb9
CM		 290 /* The response didn't have anyone waiting for it. */
291 IPMI_STAT_unhandled_lan_responses,
b2655f26 292
73f2bdb9
CM		 293 /* The command was delivered to the user. */
294 IPMI_STAT_handled_commands,
b2655f26 295
73f2bdb9
CM		 296 /* The command had invalid data in it. */
297 IPMI_STAT_invalid_commands,
b2655f26 298
73f2bdb9
CM		 299 /* The command didn't have anyone waiting for it. */
300 IPMI_STAT_unhandled_commands,
b2655f26 301
73f2bdb9
CM		 302 /* Invalid data in an event. */
303 IPMI_STAT_invalid_events,
b2655f26 304
73f2bdb9
CM		 305 /* Events that were received with the proper format. */
306 IPMI_STAT_events,
b2655f26 307
25176ed6
CM		 308 /* Retransmissions on IPMB that failed. */
309 IPMI_STAT_dropped_rexmit_ipmb_commands,
310
311 /* Retransmissions on LAN that failed. */
312 IPMI_STAT_dropped_rexmit_lan_commands,
b2655f26 313
73f2bdb9
CM		 314 /* This *must* remain last, add new values above this. */
315 IPMI_NUM_STATS
316};
b2655f26
KB		 317
318
1da177e4 319#define IPMI_IPMB_NUM_SEQ 64
c14979b9 320#define IPMI_MAX_CHANNELS 16
c70d7499 321struct ipmi_smi {
1da177e4
LT		 322 /* What interface number are we? */
323 int intf_num;
324
393d2cc3
CM		 325 struct kref refcount;
326
bca0324d
CM		 327 /* Used for a list of interfaces. */
328 struct list_head link;
329
c70d7499
CM		 330 /*
331 * The list of upper layers that are using me. seq_lock
332 * protects this.
333 */
393d2cc3 334 struct list_head users;
1da177e4 335
b2c03941
CM		 336 /* Information to supply to users. */
337 unsigned char ipmi_version_major;
338 unsigned char ipmi_version_minor;
339
1da177e4
LT		 340 /* Used for wake ups at startup. */
341 wait_queue_head_t waitq;
342
50c812b2
CM		 343 struct bmc_device *bmc;
344 char *my_dev_name;
1da177e4 345
c70d7499
CM		 346 /*
347 * This is the lower-layer's sender routine. Note that you
b2c03941
CM		 348 * must either be holding the ipmi_interfaces_mutex or be in
349 * an umpreemptible region to use this. You must fetch the
c70d7499
CM		 350 * value into a local variable and make sure it is not NULL.
351 */
1da177e4
LT		 352 struct ipmi_smi_handlers *handlers;
353 void *send_info;
354
3b625943 355#ifdef CONFIG_PROC_FS
ac019151
CM		 356 /* A list of proc entries for this interface. */
357 struct mutex proc_entry_lock;
1da177e4 358 struct ipmi_proc_entry *proc_entries;
3b625943 359#endif
1da177e4 360
50c812b2
CM		 361 /* Driver-model device for the system interface. */
362 struct device *si_dev;
363
c70d7499
CM		 364 /*
365 * A table of sequence numbers for this interface. We use the
366 * sequence numbers for IPMB messages that go out of the
367 * interface to match them up with their responses. A routine
368 * is called periodically to time the items in this list.
369 */
1da177e4
LT		 370 spinlock_t seq_lock;
371 struct seq_table seq_table[IPMI_IPMB_NUM_SEQ];
372 int curr_seq;
373
c70d7499 374 /*
7adf579c
CM		 375 * Messages queued for delivery. If delivery fails (out of memory
376 * for instance), They will stay in here to be processed later in a
377 * periodic timer interrupt. The tasklet is for handling received
378 * messages directly from the handler.
c70d7499 379 */
65be7544
CM		 380 spinlock_t waiting_rcv_msgs_lock;
381 struct list_head waiting_rcv_msgs;
7adf579c
CM		 382 atomic_t watchdog_pretimeouts_to_deliver;
383 struct tasklet_struct recv_tasklet;
1da177e4 384
c70d7499
CM		 385 /*
386 * The list of command receivers that are registered for commands
387 * on this interface.
388 */
d6dfd131 389 struct mutex cmd_rcvrs_mutex;
1da177e4
LT		 390 struct list_head cmd_rcvrs;
391
c70d7499
CM		 392 /*
393 * Events that were queues because no one was there to receive
394 * them.
395 */
1da177e4
LT		 396 spinlock_t events_lock; /* For dealing with event stuff. */
397 struct list_head waiting_events;
398 unsigned int waiting_events_count; /* How many events in queue? */
87ebd06f
CM		 399 char delivering_events;
400 char event_msg_printed;
89986496
CM		 401 atomic_t event_waiters;
402 unsigned int ticks_to_req_ev;
403 int last_needs_timer;
1da177e4 404
c70d7499
CM		 405 /*
406 * The event receiver for my BMC, only really used at panic
407 * shutdown as a place to store this.
408 */
1da177e4
LT		 409 unsigned char event_receiver;
410 unsigned char event_receiver_lun;
411 unsigned char local_sel_device;
412 unsigned char local_event_generator;
413
b9675136
CM		 414 /* For handling of maintenance mode. */
415 int maintenance_mode;
7aefac26 416 bool maintenance_mode_enable;
b9675136
CM		 417 int auto_maintenance_timeout;
418 spinlock_t maintenance_mode_lock; /* Used in a timer... */
419
c70d7499
CM		 420 /*
421 * A cheap hack, if this is non-null and a message to an
422 * interface comes in with a NULL user, call this routine with
423 * it. Note that the message will still be freed by the
424 * caller. This only works on the system interface.
425 */
56a55ec6 426 void (*null_user_handler)(ipmi_smi_t intf, struct ipmi_recv_msg *msg);
1da177e4 427
c70d7499
CM		 428 /*
429 * When we are scanning the channels for an SMI, this will
430 * tell which channel we are scanning.
431 */
1da177e4
LT		 432 int curr_channel;
433
434 /* Channel information */
435 struct ipmi_channel channels[IPMI_MAX_CHANNELS];
436
437 /* Proc FS stuff. */
438 struct proc_dir_entry *proc_dir;
439 char proc_dir_name[10];
440
b2655f26 441 atomic_t stats[IPMI_NUM_STATS];
5956dce1
KB		 442
443 /*
444 * run_to_completion duplicate of smb_info, smi_info
445 * and ipmi_serial_info structures. Used to decrease numbers of
446 * parameters passed by "low" level IPMI code.
447 */
448 int run_to_completion;
1da177e4 449};
50c812b2 450#define to_si_intf_from_dev(device) container_of(device, struct ipmi_smi, dev)
1da177e4 451
50c812b2
CM		 452/**
453 * The driver model view of the IPMI messaging driver.
454 */
fe2d5ffc
DW		 455static struct platform_driver ipmidriver = {
456 .driver = {
457 .name = "ipmi",
458 .bus = &platform_bus_type
459 }
50c812b2
CM		 460};
461static DEFINE_MUTEX(ipmidriver_mutex);
462
bed9759b 463static LIST_HEAD(ipmi_interfaces);
bca0324d 464static DEFINE_MUTEX(ipmi_interfaces_mutex);
1da177e4 465
c70d7499
CM		 466/*
467 * List of watchers that want to know when smi's are added and deleted.
468 */
bed9759b 469static LIST_HEAD(smi_watchers);
b2c03941 470static DEFINE_MUTEX(smi_watchers_mutex);
1da177e4 471
b2655f26
KB		 472#define ipmi_inc_stat(intf, stat) \
473 atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat])
474#define ipmi_get_stat(intf, stat) \
475 ((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat]))
476
7e50387b
CM		 477static char *addr_src_to_str[] = { "invalid", "hotmod", "hardcoded", "SPMI",
478 "ACPI", "SMBIOS", "PCI",
479 "device-tree", "default" };
480
481const char *ipmi_addr_src_to_str(enum ipmi_addr_src src)
482{
483 if (src > SI_DEFAULT)
484 src = 0; /* Invalid */
485 return addr_src_to_str[src];
486}
487EXPORT_SYMBOL(ipmi_addr_src_to_str);
488
25176ed6
CM		 489static int is_lan_addr(struct ipmi_addr *addr)
490{
491 return addr->addr_type == IPMI_LAN_ADDR_TYPE;
492}
493
494static int is_ipmb_addr(struct ipmi_addr *addr)
495{
496 return addr->addr_type == IPMI_IPMB_ADDR_TYPE;
497}
498
499static int is_ipmb_bcast_addr(struct ipmi_addr *addr)
500{
501 return addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE;
502}
b2655f26 503
393d2cc3
CM		 504static void free_recv_msg_list(struct list_head *q)
505{
506 struct ipmi_recv_msg *msg, *msg2;
507
508 list_for_each_entry_safe(msg, msg2, q, link) {
509 list_del(&msg->link);
510 ipmi_free_recv_msg(msg);
511 }
512}
513
f3ce6a0e
CM		 514static void free_smi_msg_list(struct list_head *q)
515{
516 struct ipmi_smi_msg *msg, *msg2;
517
518 list_for_each_entry_safe(msg, msg2, q, link) {
519 list_del(&msg->link);
520 ipmi_free_smi_msg(msg);
521 }
522}
523
393d2cc3
CM		 524static void clean_up_interface_data(ipmi_smi_t intf)
525{
526 int i;
527 struct cmd_rcvr *rcvr, *rcvr2;
393d2cc3
CM		 528 struct list_head list;
529
7adf579c
CM		 530 tasklet_kill(&intf->recv_tasklet);
531
65be7544 532 free_smi_msg_list(&intf->waiting_rcv_msgs);
393d2cc3
CM		 533 free_recv_msg_list(&intf->waiting_events);
534
78ba2faf
CM		 535 /*
536 * Wholesale remove all the entries from the list in the
537 * interface and wait for RCU to know that none are in use.
538 */
d6dfd131 539 mutex_lock(&intf->cmd_rcvrs_mutex);
78ba2faf
CM		 540 INIT_LIST_HEAD(&list);
541 list_splice_init_rcu(&intf->cmd_rcvrs, &list, synchronize_rcu);
d6dfd131 542 mutex_unlock(&intf->cmd_rcvrs_mutex);
393d2cc3
CM		 543
544 list_for_each_entry_safe(rcvr, rcvr2, &list, link)
545 kfree(rcvr);
546
547 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
548 if ((intf->seq_table[i].inuse)
c70d7499 549 && (intf->seq_table[i].recv_msg))
393d2cc3 550 ipmi_free_recv_msg(intf->seq_table[i].recv_msg);
393d2cc3
CM		 551 }
552}
553
554static void intf_free(struct kref *ref)
555{
556 ipmi_smi_t intf = container_of(ref, struct ipmi_smi, refcount);
557
558 clean_up_interface_data(intf);
559 kfree(intf);
560}
561
bca0324d 562struct watcher_entry {
b2c03941
CM		 563 int intf_num;
564 ipmi_smi_t intf;
bca0324d 565 struct list_head link;
bca0324d
CM		 566};
567
1da177e4
LT		 568int ipmi_smi_watcher_register(struct ipmi_smi_watcher *watcher)
569{
bca0324d 570 ipmi_smi_t intf;
e381d1c4 571 LIST_HEAD(to_deliver);
bca0324d
CM		 572 struct watcher_entry *e, *e2;
573
b2c03941
CM		 574 mutex_lock(&smi_watchers_mutex);
575
bca0324d
CM		 576 mutex_lock(&ipmi_interfaces_mutex);
577
b2c03941 578 /* Build a list of things to deliver. */
78ba2faf 579 list_for_each_entry(intf, &ipmi_interfaces, link) {
bca0324d
CM		 580 if (intf->intf_num == -1)
581 continue;
582 e = kmalloc(sizeof(*e), GFP_KERNEL);
583 if (!e)
584 goto out_err;
b2c03941
CM		 585 kref_get(&intf->refcount);
586 e->intf = intf;
bca0324d
CM		 587 e->intf_num = intf->intf_num;
588 list_add_tail(&e->link, &to_deliver);
589 }
1da177e4 590
b2c03941
CM		 591 /* We will succeed, so add it to the list. */
592 list_add(&watcher->link, &smi_watchers);
bca0324d
CM		 593
594 mutex_unlock(&ipmi_interfaces_mutex);
595
596 list_for_each_entry_safe(e, e2, &to_deliver, link) {
597 list_del(&e->link);
b2c03941
CM		 598 watcher->new_smi(e->intf_num, e->intf->si_dev);
599 kref_put(&e->intf->refcount, intf_free);
bca0324d 600 kfree(e);
1da177e4 601 }
bca0324d 602
b2c03941 603 mutex_unlock(&smi_watchers_mutex);
bca0324d 604
1da177e4 605 return 0;
bca0324d
CM		 606
607 out_err:
b2c03941
CM		 608 mutex_unlock(&ipmi_interfaces_mutex);
609 mutex_unlock(&smi_watchers_mutex);
bca0324d
CM		 610 list_for_each_entry_safe(e, e2, &to_deliver, link) {
611 list_del(&e->link);
b2c03941 612 kref_put(&e->intf->refcount, intf_free);
bca0324d
CM		 613 kfree(e);
614 }
615 return -ENOMEM;
1da177e4 616}
c70d7499 617EXPORT_SYMBOL(ipmi_smi_watcher_register);
1da177e4
LT		 618
619int ipmi_smi_watcher_unregister(struct ipmi_smi_watcher *watcher)
620{
b2c03941 621 mutex_lock(&smi_watchers_mutex);
1da177e4 622 list_del(&(watcher->link));
b2c03941 623 mutex_unlock(&smi_watchers_mutex);
1da177e4
LT		 624 return 0;
625}
c70d7499 626EXPORT_SYMBOL(ipmi_smi_watcher_unregister);
1da177e4 627
b2c03941
CM		 628/*
629 * Must be called with smi_watchers_mutex held.
630 */
1da177e4 631static void
50c812b2 632call_smi_watchers(int i, struct device *dev)
1da177e4
LT		 633{
634 struct ipmi_smi_watcher *w;
635
1da177e4
LT		 636 list_for_each_entry(w, &smi_watchers, link) {
637 if (try_module_get(w->owner)) {
50c812b2 638 w->new_smi(i, dev);
1da177e4
LT		 639 module_put(w->owner);
640 }
641 }
1da177e4
LT		 642}
643
644static int
645ipmi_addr_equal(struct ipmi_addr *addr1, struct ipmi_addr *addr2)
646{
647 if (addr1->addr_type != addr2->addr_type)
648 return 0;
649
650 if (addr1->channel != addr2->channel)
651 return 0;
652
653 if (addr1->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
654 struct ipmi_system_interface_addr *smi_addr1
655 = (struct ipmi_system_interface_addr *) addr1;
656 struct ipmi_system_interface_addr *smi_addr2
657 = (struct ipmi_system_interface_addr *) addr2;
658 return (smi_addr1->lun == smi_addr2->lun);
659 }
660
25176ed6 661 if (is_ipmb_addr(addr1) || is_ipmb_bcast_addr(addr1)) {
1da177e4
LT		 662 struct ipmi_ipmb_addr *ipmb_addr1
663 = (struct ipmi_ipmb_addr *) addr1;
664 struct ipmi_ipmb_addr *ipmb_addr2
665 = (struct ipmi_ipmb_addr *) addr2;
666
667 return ((ipmb_addr1->slave_addr == ipmb_addr2->slave_addr)
668 && (ipmb_addr1->lun == ipmb_addr2->lun));
669 }
670
25176ed6 671 if (is_lan_addr(addr1)) {
1da177e4
LT		 672 struct ipmi_lan_addr *lan_addr1
673 = (struct ipmi_lan_addr *) addr1;
674 struct ipmi_lan_addr *lan_addr2
675 = (struct ipmi_lan_addr *) addr2;
676
677 return ((lan_addr1->remote_SWID == lan_addr2->remote_SWID)
678 && (lan_addr1->local_SWID == lan_addr2->local_SWID)
679 && (lan_addr1->session_handle
680 == lan_addr2->session_handle)
681 && (lan_addr1->lun == lan_addr2->lun));
682 }
683
684 return 1;
685}
686
687int ipmi_validate_addr(struct ipmi_addr *addr, int len)
688{
c70d7499 689 if (len < sizeof(struct ipmi_system_interface_addr))
1da177e4 690 return -EINVAL;
1da177e4
LT		 691
692 if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
693 if (addr->channel != IPMI_BMC_CHANNEL)
694 return -EINVAL;
695 return 0;
696 }
697
698 if ((addr->channel == IPMI_BMC_CHANNEL)
12fc1d7b 699 || (addr->channel >= IPMI_MAX_CHANNELS)
1da177e4
LT		 700 || (addr->channel < 0))
701 return -EINVAL;
702
25176ed6 703 if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) {
c70d7499 704 if (len < sizeof(struct ipmi_ipmb_addr))
1da177e4 705 return -EINVAL;
1da177e4
LT		 706 return 0;
707 }
708
25176ed6 709 if (is_lan_addr(addr)) {
c70d7499 710 if (len < sizeof(struct ipmi_lan_addr))
1da177e4 711 return -EINVAL;
1da177e4
LT		 712 return 0;
713 }
714
715 return -EINVAL;
716}
c70d7499 717EXPORT_SYMBOL(ipmi_validate_addr);
1da177e4
LT		 718
719unsigned int ipmi_addr_length(int addr_type)
720{
721 if (addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
722 return sizeof(struct ipmi_system_interface_addr);
723
724 if ((addr_type == IPMI_IPMB_ADDR_TYPE)
c70d7499 725 || (addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
1da177e4 726 return sizeof(struct ipmi_ipmb_addr);
1da177e4
LT		 727
728 if (addr_type == IPMI_LAN_ADDR_TYPE)
729 return sizeof(struct ipmi_lan_addr);
730
731 return 0;
732}
c70d7499 733EXPORT_SYMBOL(ipmi_addr_length);
1da177e4
LT		 734
735static void deliver_response(struct ipmi_recv_msg *msg)
736{
8a3628d5 737 if (!msg->user) {
56a55ec6 738 ipmi_smi_t intf = msg->user_msg_data;
56a55ec6
CM		 739
740 /* Special handling for NULL users. */
741 if (intf->null_user_handler) {
742 intf->null_user_handler(intf, msg);
b2655f26 743 ipmi_inc_stat(intf, handled_local_responses);
56a55ec6
CM		 744 } else {
745 /* No handler, so give up. */
b2655f26 746 ipmi_inc_stat(intf, unhandled_local_responses);
56a55ec6
CM		 747 }
748 ipmi_free_recv_msg(msg);
749 } else {
393d2cc3
CM		 750 ipmi_user_t user = msg->user;
751 user->handler->ipmi_recv_hndl(msg, user->handler_data);
56a55ec6 752 }
1da177e4
LT		 753}
754
b2c03941
CM		 755static void
756deliver_err_response(struct ipmi_recv_msg *msg, int err)
757{
758 msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
759 msg->msg_data[0] = err;
760 msg->msg.netfn |= 1; /* Convert to a response. */
761 msg->msg.data_len = 1;
762 msg->msg.data = msg->msg_data;
763 deliver_response(msg);
764}
765
c70d7499
CM		 766/*
767 * Find the next sequence number not being used and add the given
768 * message with the given timeout to the sequence table. This must be
769 * called with the interface's seq_lock held.
770 */
1da177e4
LT		 771static int intf_next_seq(ipmi_smi_t intf,
772 struct ipmi_recv_msg *recv_msg,
773 unsigned long timeout,
774 int retries,
775 int broadcast,
776 unsigned char *seq,
777 long *seqid)
778{
779 int rv = 0;
780 unsigned int i;
781
c70d7499
CM		 782 for (i = intf->curr_seq; (i+1)%IPMI_IPMB_NUM_SEQ != intf->curr_seq;
783 i = (i+1)%IPMI_IPMB_NUM_SEQ) {
8a3628d5 784 if (!intf->seq_table[i].inuse)
1da177e4
LT		 785 break;
786 }
787
8a3628d5 788 if (!intf->seq_table[i].inuse) {
1da177e4
LT		 789 intf->seq_table[i].recv_msg = recv_msg;
790
c70d7499
CM		 791 /*
792 * Start with the maximum timeout, when the send response
793 * comes in we will start the real timer.
794 */
1da177e4
LT		 795 intf->seq_table[i].timeout = MAX_MSG_TIMEOUT;
796 intf->seq_table[i].orig_timeout = timeout;
797 intf->seq_table[i].retries_left = retries;
798 intf->seq_table[i].broadcast = broadcast;
799 intf->seq_table[i].inuse = 1;
800 intf->seq_table[i].seqid = NEXT_SEQID(intf->seq_table[i].seqid);
801 *seq = i;
802 *seqid = intf->seq_table[i].seqid;
803 intf->curr_seq = (i+1)%IPMI_IPMB_NUM_SEQ;
89986496 804 need_waiter(intf);
1da177e4
LT		 805 } else {
806 rv = -EAGAIN;
807 }
c70d7499 808
1da177e4
LT		 809 return rv;
810}
811
c70d7499
CM		 812/*
813 * Return the receive message for the given sequence number and
814 * release the sequence number so it can be reused. Some other data
815 * is passed in to be sure the message matches up correctly (to help
816 * guard against message coming in after their timeout and the
817 * sequence number being reused).
818 */
1da177e4
LT		 819static int intf_find_seq(ipmi_smi_t intf,
820 unsigned char seq,
821 short channel,
822 unsigned char cmd,
823 unsigned char netfn,
824 struct ipmi_addr *addr,
825 struct ipmi_recv_msg **recv_msg)
826{
827 int rv = -ENODEV;
828 unsigned long flags;
829
830 if (seq >= IPMI_IPMB_NUM_SEQ)
831 return -EINVAL;
832
833 spin_lock_irqsave(&(intf->seq_lock), flags);
834 if (intf->seq_table[seq].inuse) {
835 struct ipmi_recv_msg *msg = intf->seq_table[seq].recv_msg;
836
c70d7499
CM		 837 if ((msg->addr.channel == channel) && (msg->msg.cmd == cmd)
838 && (msg->msg.netfn == netfn)
839 && (ipmi_addr_equal(addr, &(msg->addr)))) {
1da177e4
LT		 840 *recv_msg = msg;
841 intf->seq_table[seq].inuse = 0;
842 rv = 0;
843 }
844 }
845 spin_unlock_irqrestore(&(intf->seq_lock), flags);
846
847 return rv;
848}
849
850
851/* Start the timer for a specific sequence table entry. */
852static int intf_start_seq_timer(ipmi_smi_t intf,
853 long msgid)
854{
855 int rv = -ENODEV;
856 unsigned long flags;
857 unsigned char seq;
858 unsigned long seqid;
859
860
861 GET_SEQ_FROM_MSGID(msgid, seq, seqid);
862
863 spin_lock_irqsave(&(intf->seq_lock), flags);
c70d7499
CM		 864 /*
865 * We do this verification because the user can be deleted
866 * while a message is outstanding.
867 */
1da177e4 868 if ((intf->seq_table[seq].inuse)
c70d7499 869 && (intf->seq_table[seq].seqid == seqid)) {
1da177e4
LT		 870 struct seq_table *ent = &(intf->seq_table[seq]);
871 ent->timeout = ent->orig_timeout;
872 rv = 0;
873 }
874 spin_unlock_irqrestore(&(intf->seq_lock), flags);
875
876 return rv;
877}
878
879/* Got an error for the send message for a specific sequence number. */
880static int intf_err_seq(ipmi_smi_t intf,
881 long msgid,
882 unsigned int err)
883{
884 int rv = -ENODEV;
885 unsigned long flags;
886 unsigned char seq;
887 unsigned long seqid;
888 struct ipmi_recv_msg *msg = NULL;
889
890
891 GET_SEQ_FROM_MSGID(msgid, seq, seqid);
892
893 spin_lock_irqsave(&(intf->seq_lock), flags);
c70d7499
CM		 894 /*
895 * We do this verification because the user can be deleted
896 * while a message is outstanding.
897 */
1da177e4 898 if ((intf->seq_table[seq].inuse)
c70d7499 899 && (intf->seq_table[seq].seqid == seqid)) {
1da177e4
LT		 900 struct seq_table *ent = &(intf->seq_table[seq]);
901
902 ent->inuse = 0;
903 msg = ent->recv_msg;
904 rv = 0;
905 }
906 spin_unlock_irqrestore(&(intf->seq_lock), flags);
907
b2c03941
CM		 908 if (msg)
909 deliver_err_response(msg, err);
1da177e4
LT		 910
911 return rv;
912}
913
914
915int ipmi_create_user(unsigned int if_num,
916 struct ipmi_user_hndl *handler,
917 void *handler_data,
918 ipmi_user_t *user)
919{
920 unsigned long flags;
921 ipmi_user_t new_user;
922 int rv = 0;
923 ipmi_smi_t intf;
924
c70d7499
CM		 925 /*
926 * There is no module usecount here, because it's not
927 * required. Since this can only be used by and called from
928 * other modules, they will implicitly use this module, and
929 * thus this can't be removed unless the other modules are
930 * removed.
931 */
1da177e4
LT		 932
933 if (handler == NULL)
934 return -EINVAL;
935
c70d7499
CM		 936 /*
937 * Make sure the driver is actually initialized, this handles
938 * problems with initialization order.
939 */
1da177e4
LT		 940 if (!initialized) {
941 rv = ipmi_init_msghandler();
942 if (rv)
943 return rv;
944
c70d7499
CM		 945 /*
946 * The init code doesn't return an error if it was turned
947 * off, but it won't initialize. Check that.
948 */
1da177e4
LT		 949 if (!initialized)
950 return -ENODEV;
951 }
952
953 new_user = kmalloc(sizeof(*new_user), GFP_KERNEL);
8a3628d5 954 if (!new_user)
1da177e4
LT		 955 return -ENOMEM;
956
b2c03941 957 mutex_lock(&ipmi_interfaces_mutex);
bca0324d
CM		 958 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
959 if (intf->intf_num == if_num)
960 goto found;
1da177e4 961 }
b2c03941 962 /* Not found, return an error */
bca0324d
CM		 963 rv = -EINVAL;
964 goto out_kfree;
1da177e4 965
bca0324d 966 found:
393d2cc3
CM		 967 /* Note that each existing user holds a refcount to the interface. */
968 kref_get(&intf->refcount);
1da177e4 969
393d2cc3 970 kref_init(&new_user->refcount);
1da177e4
LT		 971 new_user->handler = handler;
972 new_user->handler_data = handler_data;
973 new_user->intf = intf;
89986496 974 new_user->gets_events = false;
1da177e4
LT		 975
976 if (!try_module_get(intf->handlers->owner)) {
977 rv = -ENODEV;
5c98d29a 978 goto out_kref;
1da177e4
LT		 979 }
980
981 if (intf->handlers->inc_usecount) {
982 rv = intf->handlers->inc_usecount(intf->send_info);
983 if (rv) {
984 module_put(intf->handlers->owner);
5c98d29a 985 goto out_kref;
1da177e4
LT		 986 }
987 }
988
c70d7499
CM		 989 /*
990 * Hold the lock so intf->handlers is guaranteed to be good
991 * until now
992 */
b2c03941
CM		 993 mutex_unlock(&ipmi_interfaces_mutex);
994
7aefac26 995 new_user->valid = true;
393d2cc3
CM		 996 spin_lock_irqsave(&intf->seq_lock, flags);
997 list_add_rcu(&new_user->link, &intf->users);
998 spin_unlock_irqrestore(&intf->seq_lock, flags);
89986496
CM		 999 if (handler->ipmi_watchdog_pretimeout) {
1000 /* User wants pretimeouts, so make sure to watch for them. */
1001 if (atomic_inc_return(&intf->event_waiters) == 1)
1002 need_waiter(intf);
1003 }
393d2cc3
CM		 1004 *user = new_user;
1005 return 0;
1da177e4 1006
5c98d29a 1007out_kref:
393d2cc3 1008 kref_put(&intf->refcount, intf_free);
5c98d29a 1009out_kfree:
b2c03941 1010 mutex_unlock(&ipmi_interfaces_mutex);
5c98d29a 1011 kfree(new_user);
1da177e4
LT		 1012 return rv;
1013}
c70d7499 1014EXPORT_SYMBOL(ipmi_create_user);
1da177e4 1015
16f4232c
ZY		 1016int ipmi_get_smi_info(int if_num, struct ipmi_smi_info *data)
1017{
1018 int rv = 0;
1019 ipmi_smi_t intf;
1020 struct ipmi_smi_handlers *handlers;
1021
1022 mutex_lock(&ipmi_interfaces_mutex);
1023 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
1024 if (intf->intf_num == if_num)
1025 goto found;
1026 }
1027 /* Not found, return an error */
1028 rv = -EINVAL;
1029 mutex_unlock(&ipmi_interfaces_mutex);
1030 return rv;
1031
1032found:
1033 handlers = intf->handlers;
1034 rv = -ENOSYS;
1035 if (handlers->get_smi_info)
1036 rv = handlers->get_smi_info(intf->send_info, data);
1037 mutex_unlock(&ipmi_interfaces_mutex);
1038
1039 return rv;
1040}
1041EXPORT_SYMBOL(ipmi_get_smi_info);
1042
393d2cc3
CM		 1043static void free_user(struct kref *ref)
1044{
1045 ipmi_user_t user = container_of(ref, struct ipmi_user, refcount);
1046 kfree(user);
1047}
1048
1049int ipmi_destroy_user(ipmi_user_t user)
1da177e4 1050{
393d2cc3 1051 ipmi_smi_t intf = user->intf;
1da177e4
LT		 1052 int i;
1053 unsigned long flags;
393d2cc3 1054 struct cmd_rcvr *rcvr;
393d2cc3 1055 struct cmd_rcvr *rcvrs = NULL;
1da177e4 1056
7aefac26 1057 user->valid = false;
1da177e4 1058
89986496
CM		 1059 if (user->handler->ipmi_watchdog_pretimeout)
1060 atomic_dec(&intf->event_waiters);
1061
1062 if (user->gets_events)
1063 atomic_dec(&intf->event_waiters);
1064
393d2cc3
CM		 1065 /* Remove the user from the interface's sequence table. */
1066 spin_lock_irqsave(&intf->seq_lock, flags);
1067 list_del_rcu(&user->link);
1da177e4 1068
e8b33617 1069 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
393d2cc3 1070 if (intf->seq_table[i].inuse
c70d7499 1071 && (intf->seq_table[i].recv_msg->user == user)) {
393d2cc3 1072 intf->seq_table[i].inuse = 0;
b2c03941 1073 ipmi_free_recv_msg(intf->seq_table[i].recv_msg);
1da177e4
LT		 1074 }
1075 }
393d2cc3
CM		 1076 spin_unlock_irqrestore(&intf->seq_lock, flags);
1077
1078 /*
1079 * Remove the user from the command receiver's table. First
1080 * we build a list of everything (not using the standard link,
1081 * since other things may be using it till we do
1082 * synchronize_rcu()) then free everything in that list.
1083 */
d6dfd131 1084 mutex_lock(&intf->cmd_rcvrs_mutex);
066bb8d0 1085 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
1da177e4 1086 if (rcvr->user == user) {
393d2cc3
CM		 1087 list_del_rcu(&rcvr->link);
1088 rcvr->next = rcvrs;
1089 rcvrs = rcvr;
1da177e4
LT		 1090 }
1091 }
d6dfd131 1092 mutex_unlock(&intf->cmd_rcvrs_mutex);
393d2cc3
CM		 1093 synchronize_rcu();
1094 while (rcvrs) {
1095 rcvr = rcvrs;
1096 rcvrs = rcvr->next;
1097 kfree(rcvr);
1098 }
1da177e4 1099
b2c03941
CM		 1100 mutex_lock(&ipmi_interfaces_mutex);
1101 if (intf->handlers) {
1102 module_put(intf->handlers->owner);
1103 if (intf->handlers->dec_usecount)
1104 intf->handlers->dec_usecount(intf->send_info);
1105 }
1106 mutex_unlock(&ipmi_interfaces_mutex);
1da177e4 1107
393d2cc3 1108 kref_put(&intf->refcount, intf_free);
1da177e4 1109
393d2cc3 1110 kref_put(&user->refcount, free_user);
1da177e4 1111
8a3628d5 1112 return 0;
1da177e4 1113}
c70d7499 1114EXPORT_SYMBOL(ipmi_destroy_user);
1da177e4
LT		 1115
1116void ipmi_get_version(ipmi_user_t user,
1117 unsigned char *major,
1118 unsigned char *minor)
1119{
b2c03941
CM		 1120 *major = user->intf->ipmi_version_major;
1121 *minor = user->intf->ipmi_version_minor;
1da177e4 1122}
c70d7499 1123EXPORT_SYMBOL(ipmi_get_version);
1da177e4 1124
c14979b9
CM		 1125int ipmi_set_my_address(ipmi_user_t user,
1126 unsigned int channel,
1127 unsigned char address)
1da177e4 1128{
c14979b9
CM		 1129 if (channel >= IPMI_MAX_CHANNELS)
1130 return -EINVAL;
1131 user->intf->channels[channel].address = address;
1132 return 0;
1da177e4 1133}
c70d7499 1134EXPORT_SYMBOL(ipmi_set_my_address);
1da177e4 1135
c14979b9
CM		 1136int ipmi_get_my_address(ipmi_user_t user,
1137 unsigned int channel,
1138 unsigned char *address)
1da177e4 1139{
c14979b9
CM		 1140 if (channel >= IPMI_MAX_CHANNELS)
1141 return -EINVAL;
1142 *address = user->intf->channels[channel].address;
1143 return 0;
1da177e4 1144}
c70d7499 1145EXPORT_SYMBOL(ipmi_get_my_address);
1da177e4 1146
c14979b9
CM		 1147int ipmi_set_my_LUN(ipmi_user_t user,
1148 unsigned int channel,
1149 unsigned char LUN)
1da177e4 1150{
c14979b9
CM		 1151 if (channel >= IPMI_MAX_CHANNELS)
1152 return -EINVAL;
1153 user->intf->channels[channel].lun = LUN & 0x3;
1154 return 0;
1da177e4 1155}
c70d7499 1156EXPORT_SYMBOL(ipmi_set_my_LUN);
1da177e4 1157
c14979b9
CM		 1158int ipmi_get_my_LUN(ipmi_user_t user,
1159 unsigned int channel,
1160 unsigned char *address)
1da177e4 1161{
c14979b9
CM		 1162 if (channel >= IPMI_MAX_CHANNELS)
1163 return -EINVAL;
1164 *address = user->intf->channels[channel].lun;
1165 return 0;
1da177e4 1166}
c70d7499 1167EXPORT_SYMBOL(ipmi_get_my_LUN);
1da177e4 1168
b9675136
CM		 1169int ipmi_get_maintenance_mode(ipmi_user_t user)
1170{
1171 int mode;
1172 unsigned long flags;
1173
1174 spin_lock_irqsave(&user->intf->maintenance_mode_lock, flags);
1175 mode = user->intf->maintenance_mode;
1176 spin_unlock_irqrestore(&user->intf->maintenance_mode_lock, flags);
1177
1178 return mode;
1179}
1180EXPORT_SYMBOL(ipmi_get_maintenance_mode);
1181
1182static void maintenance_mode_update(ipmi_smi_t intf)
1183{
1184 if (intf->handlers->set_maintenance_mode)
1185 intf->handlers->set_maintenance_mode(
1186 intf->send_info, intf->maintenance_mode_enable);
1187}
1188
1189int ipmi_set_maintenance_mode(ipmi_user_t user, int mode)
1190{
1191 int rv = 0;
1192 unsigned long flags;
1193 ipmi_smi_t intf = user->intf;
1194
1195 spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
1196 if (intf->maintenance_mode != mode) {
1197 switch (mode) {
1198 case IPMI_MAINTENANCE_MODE_AUTO:
b9675136
CM		 1199 intf->maintenance_mode_enable
1200 = (intf->auto_maintenance_timeout > 0);
1201 break;
1202
1203 case IPMI_MAINTENANCE_MODE_OFF:
7aefac26 1204 intf->maintenance_mode_enable = false;
b9675136
CM		 1205 break;
1206
1207 case IPMI_MAINTENANCE_MODE_ON:
7aefac26 1208 intf->maintenance_mode_enable = true;
b9675136
CM		 1209 break;
1210
1211 default:
1212 rv = -EINVAL;
1213 goto out_unlock;
1214 }
7aefac26 1215 intf->maintenance_mode = mode;
b9675136
CM		 1216
1217 maintenance_mode_update(intf);
1218 }
1219 out_unlock:
1220 spin_unlock_irqrestore(&intf->maintenance_mode_lock, flags);
1221
1222 return rv;
1223}
1224EXPORT_SYMBOL(ipmi_set_maintenance_mode);
1225
89986496 1226int ipmi_set_gets_events(ipmi_user_t user, bool val)
1da177e4 1227{
393d2cc3
CM		 1228 unsigned long flags;
1229 ipmi_smi_t intf = user->intf;
1230 struct ipmi_recv_msg *msg, *msg2;
1231 struct list_head msgs;
1da177e4 1232
393d2cc3
CM		 1233 INIT_LIST_HEAD(&msgs);
1234
1235 spin_lock_irqsave(&intf->events_lock, flags);
89986496
CM		 1236 if (user->gets_events == val)
1237 goto out;
1238
1da177e4
LT		 1239 user->gets_events = val;
1240
89986496
CM		 1241 if (val) {
1242 if (atomic_inc_return(&intf->event_waiters) == 1)
1243 need_waiter(intf);
1244 } else {
1245 atomic_dec(&intf->event_waiters);
1246 }
1247
b2c03941
CM		 1248 if (intf->delivering_events)
1249 /*
1250 * Another thread is delivering events for this, so
1251 * let it handle any new events.
1252 */
1253 goto out;
1254
1255 /* Deliver any queued events. */
1256 while (user->gets_events && !list_empty(&intf->waiting_events)) {
179e0917
AM		 1257 list_for_each_entry_safe(msg, msg2, &intf->waiting_events, link)
1258 list_move_tail(&msg->link, &msgs);
4791c03d 1259 intf->waiting_events_count = 0;
87ebd06f
CM		 1260 if (intf->event_msg_printed) {
1261 printk(KERN_WARNING PFX "Event queue no longer"
1262 " full\n");
1263 intf->event_msg_printed = 0;
1264 }
393d2cc3 1265
b2c03941
CM		 1266 intf->delivering_events = 1;
1267 spin_unlock_irqrestore(&intf->events_lock, flags);
1268
1269 list_for_each_entry_safe(msg, msg2, &msgs, link) {
1270 msg->user = user;
1271 kref_get(&user->refcount);
1272 deliver_response(msg);
1273 }
1274
1275 spin_lock_irqsave(&intf->events_lock, flags);
1276 intf->delivering_events = 0;
393d2cc3
CM		 1277 }
1278
b2c03941 1279 out:
393d2cc3 1280 spin_unlock_irqrestore(&intf->events_lock, flags);
1da177e4
LT		 1281
1282 return 0;
1283}
c70d7499 1284EXPORT_SYMBOL(ipmi_set_gets_events);
1da177e4 1285
393d2cc3
CM		 1286static struct cmd_rcvr *find_cmd_rcvr(ipmi_smi_t intf,
1287 unsigned char netfn,
c69c3127
CM		 1288 unsigned char cmd,
1289 unsigned char chan)
393d2cc3
CM		 1290{
1291 struct cmd_rcvr *rcvr;
1292
1293 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
c69c3127
CM		 1294 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)
1295 && (rcvr->chans & (1 << chan)))
393d2cc3
CM		 1296 return rcvr;
1297 }
1298 return NULL;
1299}
1300
c69c3127
CM		 1301static int is_cmd_rcvr_exclusive(ipmi_smi_t intf,
1302 unsigned char netfn,
1303 unsigned char cmd,
1304 unsigned int chans)
1305{
1306 struct cmd_rcvr *rcvr;
1307
1308 list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
1309 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)
1310 && (rcvr->chans & chans))
1311 return 0;
1312 }
1313 return 1;
1314}
1315
1da177e4
LT		 1316int ipmi_register_for_cmd(ipmi_user_t user,
1317 unsigned char netfn,
c69c3127
CM		 1318 unsigned char cmd,
1319 unsigned int chans)
1da177e4 1320{
393d2cc3
CM		 1321 ipmi_smi_t intf = user->intf;
1322 struct cmd_rcvr *rcvr;
393d2cc3 1323 int rv = 0;
1da177e4
LT		 1324
1325
1326 rcvr = kmalloc(sizeof(*rcvr), GFP_KERNEL);
8a3628d5 1327 if (!rcvr)
1da177e4 1328 return -ENOMEM;
393d2cc3
CM		 1329 rcvr->cmd = cmd;
1330 rcvr->netfn = netfn;
c69c3127 1331 rcvr->chans = chans;
393d2cc3 1332 rcvr->user = user;
1da177e4 1333
d6dfd131 1334 mutex_lock(&intf->cmd_rcvrs_mutex);
1da177e4 1335 /* Make sure the command/netfn is not already registered. */
c69c3127 1336 if (!is_cmd_rcvr_exclusive(intf, netfn, cmd, chans)) {
393d2cc3
CM		 1337 rv = -EBUSY;
1338 goto out_unlock;
1da177e4 1339 }
877197ef 1340
89986496
CM		 1341 if (atomic_inc_return(&intf->event_waiters) == 1)
1342 need_waiter(intf);
1343
393d2cc3 1344 list_add_rcu(&rcvr->link, &intf->cmd_rcvrs);
1da177e4 1345
393d2cc3 1346 out_unlock:
d6dfd131 1347 mutex_unlock(&intf->cmd_rcvrs_mutex);
1da177e4
LT		 1348 if (rv)
1349 kfree(rcvr);
1350
1351 return rv;
1352}
c70d7499 1353EXPORT_SYMBOL(ipmi_register_for_cmd);
1da177e4
LT		 1354
1355int ipmi_unregister_for_cmd(ipmi_user_t user,
1356 unsigned char netfn,
c69c3127
CM		 1357 unsigned char cmd,
1358 unsigned int chans)
1da177e4 1359{
393d2cc3
CM		 1360 ipmi_smi_t intf = user->intf;
1361 struct cmd_rcvr *rcvr;
c69c3127
CM		 1362 struct cmd_rcvr *rcvrs = NULL;
1363 int i, rv = -ENOENT;
1da177e4 1364
d6dfd131 1365 mutex_lock(&intf->cmd_rcvrs_mutex);
c69c3127
CM		 1366 for (i = 0; i < IPMI_NUM_CHANNELS; i++) {
1367 if (((1 << i) & chans) == 0)
1368 continue;
1369 rcvr = find_cmd_rcvr(intf, netfn, cmd, i);
1370 if (rcvr == NULL)
1371 continue;
1372 if (rcvr->user == user) {
1373 rv = 0;
1374 rcvr->chans &= ~chans;
1375 if (rcvr->chans == 0) {
1376 list_del_rcu(&rcvr->link);
1377 rcvr->next = rcvrs;
1378 rcvrs = rcvr;
1379 }
1380 }
1381 }
1382 mutex_unlock(&intf->cmd_rcvrs_mutex);
1383 synchronize_rcu();
1384 while (rcvrs) {
89986496 1385 atomic_dec(&intf->event_waiters);
c69c3127
CM		 1386 rcvr = rcvrs;
1387 rcvrs = rcvr->next;
393d2cc3 1388 kfree(rcvr);
1da177e4 1389 }
c69c3127 1390 return rv;
1da177e4 1391}
c70d7499 1392EXPORT_SYMBOL(ipmi_unregister_for_cmd);
1da177e4 1393
1da177e4
LT		 1394static unsigned char
1395ipmb_checksum(unsigned char *data, int size)
1396{
1397 unsigned char csum = 0;
c70d7499 1398
1da177e4
LT		 1399 for (; size > 0; size--, data++)
1400 csum += *data;
1401
1402 return -csum;
1403}
1404
1405static inline void format_ipmb_msg(struct ipmi_smi_msg *smi_msg,
1406 struct kernel_ipmi_msg *msg,
1407 struct ipmi_ipmb_addr *ipmb_addr,
1408 long msgid,
1409 unsigned char ipmb_seq,
1410 int broadcast,
1411 unsigned char source_address,
1412 unsigned char source_lun)
1413{
1414 int i = broadcast;
1415
1416 /* Format the IPMB header data. */
1417 smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
1418 smi_msg->data[1] = IPMI_SEND_MSG_CMD;
1419 smi_msg->data[2] = ipmb_addr->channel;
1420 if (broadcast)
1421 smi_msg->data[3] = 0;
1422 smi_msg->data[i+3] = ipmb_addr->slave_addr;
1423 smi_msg->data[i+4] = (msg->netfn << 2) | (ipmb_addr->lun & 0x3);
1424 smi_msg->data[i+5] = ipmb_checksum(&(smi_msg->data[i+3]), 2);
1425 smi_msg->data[i+6] = source_address;
1426 smi_msg->data[i+7] = (ipmb_seq << 2) | source_lun;
1427 smi_msg->data[i+8] = msg->cmd;
1428
1429 /* Now tack on the data to the message. */
1430 if (msg->data_len > 0)
1431 memcpy(&(smi_msg->data[i+9]), msg->data,
1432 msg->data_len);
1433 smi_msg->data_size = msg->data_len + 9;
1434
1435 /* Now calculate the checksum and tack it on. */
1436 smi_msg->data[i+smi_msg->data_size]
1437 = ipmb_checksum(&(smi_msg->data[i+6]),
1438 smi_msg->data_size-6);
1439
c70d7499
CM		 1440 /*
1441 * Add on the checksum size and the offset from the
1442 * broadcast.
1443 */
1da177e4
LT		 1444 smi_msg->data_size += 1 + i;
1445
1446 smi_msg->msgid = msgid;
1447}
1448
1449static inline void format_lan_msg(struct ipmi_smi_msg *smi_msg,
1450 struct kernel_ipmi_msg *msg,
1451 struct ipmi_lan_addr *lan_addr,
1452 long msgid,
1453 unsigned char ipmb_seq,
1454 unsigned char source_lun)
1455{
1456 /* Format the IPMB header data. */
1457 smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
1458 smi_msg->data[1] = IPMI_SEND_MSG_CMD;
1459 smi_msg->data[2] = lan_addr->channel;
1460 smi_msg->data[3] = lan_addr->session_handle;
1461 smi_msg->data[4] = lan_addr->remote_SWID;
1462 smi_msg->data[5] = (msg->netfn << 2) | (lan_addr->lun & 0x3);
1463 smi_msg->data[6] = ipmb_checksum(&(smi_msg->data[4]), 2);
1464 smi_msg->data[7] = lan_addr->local_SWID;
1465 smi_msg->data[8] = (ipmb_seq << 2) | source_lun;
1466 smi_msg->data[9] = msg->cmd;
1467
1468 /* Now tack on the data to the message. */
1469 if (msg->data_len > 0)
1470 memcpy(&(smi_msg->data[10]), msg->data,
1471 msg->data_len);
1472 smi_msg->data_size = msg->data_len + 10;
1473
1474 /* Now calculate the checksum and tack it on. */
1475 smi_msg->data[smi_msg->data_size]
1476 = ipmb_checksum(&(smi_msg->data[7]),
1477 smi_msg->data_size-7);
1478
c70d7499
CM		 1479 /*
1480 * Add on the checksum size and the offset from the
1481 * broadcast.
1482 */
1da177e4
LT		 1483 smi_msg->data_size += 1;
1484
1485 smi_msg->msgid = msgid;
1486}
1487
7f4a1c84
CM		 1488static void smi_send(ipmi_smi_t intf, struct ipmi_smi_handlers *handlers,
1489 struct ipmi_smi_msg *smi_msg, int priority)
1490{
1491 handlers->sender(intf->send_info, smi_msg, 0);
1492}
1493
c70d7499
CM		 1494/*
1495 * Separate from ipmi_request so that the user does not have to be
1496 * supplied in certain circumstances (mainly at panic time). If
1497 * messages are supplied, they will be freed, even if an error
1498 * occurs.
1499 */
393d2cc3
CM		 1500static int i_ipmi_request(ipmi_user_t user,
1501 ipmi_smi_t intf,
1502 struct ipmi_addr *addr,
1503 long msgid,
1504 struct kernel_ipmi_msg *msg,
1505 void *user_msg_data,
1506 void *supplied_smi,
1507 struct ipmi_recv_msg *supplied_recv,
1508 int priority,
1509 unsigned char source_address,
1510 unsigned char source_lun,
1511 int retries,
1512 unsigned int retry_time_ms)
1da177e4 1513{
b2c03941
CM		 1514 int rv = 0;
1515 struct ipmi_smi_msg *smi_msg;
1516 struct ipmi_recv_msg *recv_msg;
1517 unsigned long flags;
1518 struct ipmi_smi_handlers *handlers;
1da177e4
LT		 1519
1520
c70d7499 1521 if (supplied_recv)
1da177e4 1522 recv_msg = supplied_recv;
c70d7499 1523 else {
1da177e4 1524 recv_msg = ipmi_alloc_recv_msg();
c70d7499 1525 if (recv_msg == NULL)
1da177e4 1526 return -ENOMEM;
1da177e4
LT		 1527 }
1528 recv_msg->user_msg_data = user_msg_data;
1529
c70d7499 1530 if (supplied_smi)
1da177e4 1531 smi_msg = (struct ipmi_smi_msg *) supplied_smi;
c70d7499 1532 else {
1da177e4
LT		 1533 smi_msg = ipmi_alloc_smi_msg();
1534 if (smi_msg == NULL) {
1535 ipmi_free_recv_msg(recv_msg);
1536 return -ENOMEM;
1537 }
1538 }
1539
b2c03941
CM		 1540 rcu_read_lock();
1541 handlers = intf->handlers;
1542 if (!handlers) {
1543 rv = -ENODEV;
1544 goto out_err;
1545 }
1546
1da177e4 1547 recv_msg->user = user;
393d2cc3
CM		 1548 if (user)
1549 kref_get(&user->refcount);
1da177e4 1550 recv_msg->msgid = msgid;
c70d7499
CM		 1551 /*
1552 * Store the message to send in the receive message so timeout
1553 * responses can get the proper response data.
1554 */
1da177e4
LT		 1555 recv_msg->msg = *msg;
1556
1557 if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
1558 struct ipmi_system_interface_addr *smi_addr;
1559
1560 if (msg->netfn & 1) {
1561 /* Responses are not allowed to the SMI. */
1562 rv = -EINVAL;
1563 goto out_err;
1564 }
1565
1566 smi_addr = (struct ipmi_system_interface_addr *) addr;
1567 if (smi_addr->lun > 3) {
b2655f26 1568 ipmi_inc_stat(intf, sent_invalid_commands);
1da177e4
LT		 1569 rv = -EINVAL;
1570 goto out_err;
1571 }
1572
1573 memcpy(&recv_msg->addr, smi_addr, sizeof(*smi_addr));
1574
1575 if ((msg->netfn == IPMI_NETFN_APP_REQUEST)
1576 && ((msg->cmd == IPMI_SEND_MSG_CMD)
1577 || (msg->cmd == IPMI_GET_MSG_CMD)
c70d7499
CM		 1578 || (msg->cmd == IPMI_READ_EVENT_MSG_BUFFER_CMD))) {
1579 /*
1580 * We don't let the user do these, since we manage
1581 * the sequence numbers.
1582 */
b2655f26 1583 ipmi_inc_stat(intf, sent_invalid_commands);
1da177e4
LT		 1584 rv = -EINVAL;
1585 goto out_err;
1586 }
1587
b9675136
CM		 1588 if (((msg->netfn == IPMI_NETFN_APP_REQUEST)
1589 && ((msg->cmd == IPMI_COLD_RESET_CMD)
1590 || (msg->cmd == IPMI_WARM_RESET_CMD)))
c70d7499 1591 || (msg->netfn == IPMI_NETFN_FIRMWARE_REQUEST)) {
b9675136
CM		 1592 spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
1593 intf->auto_maintenance_timeout
1594 = IPMI_MAINTENANCE_MODE_TIMEOUT;
1595 if (!intf->maintenance_mode
c70d7499 1596 && !intf->maintenance_mode_enable) {
7aefac26 1597 intf->maintenance_mode_enable = true;
b9675136
CM		 1598 maintenance_mode_update(intf);
1599 }
1600 spin_unlock_irqrestore(&intf->maintenance_mode_lock,
1601 flags);
1602 }
1603
1da177e4 1604 if ((msg->data_len + 2) > IPMI_MAX_MSG_LENGTH) {
b2655f26 1605 ipmi_inc_stat(intf, sent_invalid_commands);
1da177e4
LT		 1606 rv = -EMSGSIZE;
1607 goto out_err;
1608 }
1609
1610 smi_msg->data[0] = (msg->netfn << 2) | (smi_addr->lun & 0x3);
1611 smi_msg->data[1] = msg->cmd;
1612 smi_msg->msgid = msgid;
1613 smi_msg->user_data = recv_msg;
1614 if (msg->data_len > 0)
1615 memcpy(&(smi_msg->data[2]), msg->data, msg->data_len);
1616 smi_msg->data_size = msg->data_len + 2;
b2655f26 1617 ipmi_inc_stat(intf, sent_local_commands);
25176ed6 1618 } else if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) {
1da177e4
LT		 1619 struct ipmi_ipmb_addr *ipmb_addr;
1620 unsigned char ipmb_seq;
1621 long seqid;
1622 int broadcast = 0;
1623
9c101fd4 1624 if (addr->channel >= IPMI_MAX_CHANNELS) {
b2655f26 1625 ipmi_inc_stat(intf, sent_invalid_commands);
1da177e4
LT		 1626 rv = -EINVAL;
1627 goto out_err;
1628 }
1629
1630 if (intf->channels[addr->channel].medium
c70d7499 1631 != IPMI_CHANNEL_MEDIUM_IPMB) {
b2655f26 1632 ipmi_inc_stat(intf, sent_invalid_commands);
1da177e4
LT		 1633 rv = -EINVAL;
1634 goto out_err;
1635 }
1636
1637 if (retries < 0) {
1638 if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)
1639 retries = 0; /* Don't retry broadcasts. */
1640 else
1641 retries = 4;
1642 }
1643 if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE) {
c70d7499
CM		 1644 /*
1645 * Broadcasts add a zero at the beginning of the
1646 * message, but otherwise is the same as an IPMB
1647 * address.
1648 */
1da177e4
LT		 1649 addr->addr_type = IPMI_IPMB_ADDR_TYPE;
1650 broadcast = 1;
1651 }
1652
1653
1654 /* Default to 1 second retries. */
1655 if (retry_time_ms == 0)
1656 retry_time_ms = 1000;
1657
c70d7499
CM		 1658 /*
1659 * 9 for the header and 1 for the checksum, plus
1660 * possibly one for the broadcast.
1661 */
1da177e4 1662 if ((msg->data_len + 10 + broadcast) > IPMI_MAX_MSG_LENGTH) {
b2655f26 1663 ipmi_inc_stat(intf, sent_invalid_commands);
1da177e4
LT		 1664 rv = -EMSGSIZE;
1665 goto out_err;
1666 }
1667
1668 ipmb_addr = (struct ipmi_ipmb_addr *) addr;
1669 if (ipmb_addr->lun > 3) {
b2655f26 1670 ipmi_inc_stat(intf, sent_invalid_commands);
1da177e4
LT		 1671 rv = -EINVAL;
1672 goto out_err;
1673 }
1674
1675 memcpy(&recv_msg->addr, ipmb_addr, sizeof(*ipmb_addr));
1676
1677 if (recv_msg->msg.netfn & 0x1) {
c70d7499
CM		 1678 /*
1679 * It's a response, so use the user's sequence
1680 * from msgid.
1681 */
b2655f26 1682 ipmi_inc_stat(intf, sent_ipmb_responses);
1da177e4
LT		 1683 format_ipmb_msg(smi_msg, msg, ipmb_addr, msgid,
1684 msgid, broadcast,
1685 source_address, source_lun);
1686
c70d7499
CM		 1687 /*
1688 * Save the receive message so we can use it
1689 * to deliver the response.
1690 */
1da177e4
LT		 1691 smi_msg->user_data = recv_msg;
1692 } else {
1693 /* It's a command, so get a sequence for it. */
1694
1695 spin_lock_irqsave(&(intf->seq_lock), flags);
1696
c70d7499
CM		 1697 /*
1698 * Create a sequence number with a 1 second
1699 * timeout and 4 retries.
1700 */
1da177e4
LT		 1701 rv = intf_next_seq(intf,
1702 recv_msg,
1703 retry_time_ms,
1704 retries,
1705 broadcast,
1706 &ipmb_seq,
1707 &seqid);
1708 if (rv) {
c70d7499
CM		 1709 /*
1710 * We have used up all the sequence numbers,
1711 * probably, so abort.
1712 */
1da177e4
LT		 1713 spin_unlock_irqrestore(&(intf->seq_lock),
1714 flags);
1715 goto out_err;
1716 }
1717
25176ed6
CM		 1718 ipmi_inc_stat(intf, sent_ipmb_commands);
1719
c70d7499
CM		 1720 /*
1721 * Store the sequence number in the message,
1722 * so that when the send message response
1723 * comes back we can start the timer.
1724 */
1da177e4
LT		 1725 format_ipmb_msg(smi_msg, msg, ipmb_addr,
1726 STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
1727 ipmb_seq, broadcast,
1728 source_address, source_lun);
1729
c70d7499
CM		 1730 /*
1731 * Copy the message into the recv message data, so we
1732 * can retransmit it later if necessary.
1733 */
1da177e4
LT		 1734 memcpy(recv_msg->msg_data, smi_msg->data,
1735 smi_msg->data_size);
1736 recv_msg->msg.data = recv_msg->msg_data;
1737 recv_msg->msg.data_len = smi_msg->data_size;
1738
c70d7499
CM		 1739 /*
1740 * We don't unlock until here, because we need
1741 * to copy the completed message into the
1742 * recv_msg before we release the lock.
1743 * Otherwise, race conditions may bite us. I
1744 * know that's pretty paranoid, but I prefer
1745 * to be correct.
1746 */
1da177e4
LT		 1747 spin_unlock_irqrestore(&(intf->seq_lock), flags);
1748 }
25176ed6 1749 } else if (is_lan_addr(addr)) {
1da177e4
LT		 1750 struct ipmi_lan_addr *lan_addr;
1751 unsigned char ipmb_seq;
1752 long seqid;
1753
12fc1d7b 1754 if (addr->channel >= IPMI_MAX_CHANNELS) {
b2655f26 1755 ipmi_inc_stat(intf, sent_invalid_commands);
1da177e4
LT		 1756 rv = -EINVAL;
1757 goto out_err;
1758 }
1759
1760 if ((intf->channels[addr->channel].medium
c70d7499 1761 != IPMI_CHANNEL_MEDIUM_8023LAN)
1da177e4 1762 && (intf->channels[addr->channel].medium
c70d7499 1763 != IPMI_CHANNEL_MEDIUM_ASYNC)) {
b2655f26 1764 ipmi_inc_stat(intf, sent_invalid_commands);
1da177e4
LT		 1765 rv = -EINVAL;
1766 goto out_err;
1767 }
1768
1769 retries = 4;
1770
1771 /* Default to 1 second retries. */
1772 if (retry_time_ms == 0)
1773 retry_time_ms = 1000;
1774
1775 /* 11 for the header and 1 for the checksum. */
1776 if ((msg->data_len + 12) > IPMI_MAX_MSG_LENGTH) {
b2655f26 1777 ipmi_inc_stat(intf, sent_invalid_commands);
1da177e4
LT		 1778 rv = -EMSGSIZE;
1779 goto out_err;
1780 }
1781
1782 lan_addr = (struct ipmi_lan_addr *) addr;
1783 if (lan_addr->lun > 3) {
b2655f26 1784 ipmi_inc_stat(intf, sent_invalid_commands);
1da177e4
LT		 1785 rv = -EINVAL;
1786 goto out_err;
1787 }
1788
1789 memcpy(&recv_msg->addr, lan_addr, sizeof(*lan_addr));
1790
1791 if (recv_msg->msg.netfn & 0x1) {
c70d7499
CM		 1792 /*
1793 * It's a response, so use the user's sequence
1794 * from msgid.
1795 */
b2655f26 1796 ipmi_inc_stat(intf, sent_lan_responses);
1da177e4
LT		 1797 format_lan_msg(smi_msg, msg, lan_addr, msgid,
1798 msgid, source_lun);
1799
c70d7499
CM		 1800 /*
1801 * Save the receive message so we can use it
1802 * to deliver the response.
1803 */
1da177e4
LT		 1804 smi_msg->user_data = recv_msg;
1805 } else {
1806 /* It's a command, so get a sequence for it. */
1807
1808 spin_lock_irqsave(&(intf->seq_lock), flags);
1809
c70d7499
CM		 1810 /*
1811 * Create a sequence number with a 1 second
1812 * timeout and 4 retries.
1813 */
1da177e4
LT		 1814 rv = intf_next_seq(intf,
1815 recv_msg,
1816 retry_time_ms,
1817 retries,
1818 0,
1819 &ipmb_seq,
1820 &seqid);
1821 if (rv) {
c70d7499
CM		 1822 /*
1823 * We have used up all the sequence numbers,
1824 * probably, so abort.
1825 */
1da177e4
LT		 1826 spin_unlock_irqrestore(&(intf->seq_lock),
1827 flags);
1828 goto out_err;
1829 }
1830
25176ed6
CM		 1831 ipmi_inc_stat(intf, sent_lan_commands);
1832
c70d7499
CM		 1833 /*
1834 * Store the sequence number in the message,
1835 * so that when the send message response
1836 * comes back we can start the timer.
1837 */
1da177e4
LT		 1838 format_lan_msg(smi_msg, msg, lan_addr,
1839 STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
1840 ipmb_seq, source_lun);
1841
c70d7499
CM		 1842 /*
1843 * Copy the message into the recv message data, so we
1844 * can retransmit it later if necessary.
1845 */
1da177e4
LT		 1846 memcpy(recv_msg->msg_data, smi_msg->data,
1847 smi_msg->data_size);
1848 recv_msg->msg.data = recv_msg->msg_data;
1849 recv_msg->msg.data_len = smi_msg->data_size;
1850
c70d7499
CM		 1851 /*
1852 * We don't unlock until here, because we need
1853 * to copy the completed message into the
1854 * recv_msg before we release the lock.
1855 * Otherwise, race conditions may bite us. I
1856 * know that's pretty paranoid, but I prefer
1857 * to be correct.
1858 */
1da177e4
LT		 1859 spin_unlock_irqrestore(&(intf->seq_lock), flags);
1860 }
1861 } else {
1862 /* Unknown address type. */
b2655f26 1863 ipmi_inc_stat(intf, sent_invalid_commands);
1da177e4
LT		 1864 rv = -EINVAL;
1865 goto out_err;
1866 }
1867
1868#ifdef DEBUG_MSGING
1869 {
1870 int m;
e8b33617 1871 for (m = 0; m < smi_msg->data_size; m++)
1da177e4
LT		 1872 printk(" %2.2x", smi_msg->data[m]);
1873 printk("\n");
1874 }
1875#endif
b2c03941 1876
7f4a1c84 1877 smi_send(intf, handlers, smi_msg, priority);
b2c03941 1878 rcu_read_unlock();
1da177e4
LT		 1879
1880 return 0;
1881
1882 out_err:
b2c03941 1883 rcu_read_unlock();
1da177e4
LT		 1884 ipmi_free_smi_msg(smi_msg);
1885 ipmi_free_recv_msg(recv_msg);
1886 return rv;
1887}
1888
c14979b9
CM		 1889static int check_addr(ipmi_smi_t intf,
1890 struct ipmi_addr *addr,
1891 unsigned char *saddr,
1892 unsigned char *lun)
1893{
1894 if (addr->channel >= IPMI_MAX_CHANNELS)
1895 return -EINVAL;
1896 *lun = intf->channels[addr->channel].lun;
1897 *saddr = intf->channels[addr->channel].address;
1898 return 0;
1899}
1900
1da177e4
LT		 1901int ipmi_request_settime(ipmi_user_t user,
1902 struct ipmi_addr *addr,
1903 long msgid,
1904 struct kernel_ipmi_msg *msg,
1905 void *user_msg_data,
1906 int priority,
1907 int retries,
1908 unsigned int retry_time_ms)
1909{
f0ba9390 1910 unsigned char saddr = 0, lun = 0;
c14979b9
CM		 1911 int rv;
1912
8a3628d5 1913 if (!user)
56a55ec6 1914 return -EINVAL;
c14979b9
CM		 1915 rv = check_addr(user->intf, addr, &saddr, &lun);
1916 if (rv)
1917 return rv;
1da177e4
LT		 1918 return i_ipmi_request(user,
1919 user->intf,
1920 addr,
1921 msgid,
1922 msg,
1923 user_msg_data,
1924 NULL, NULL,
1925 priority,
c14979b9
CM		 1926 saddr,
1927 lun,
1da177e4
LT		 1928 retries,
1929 retry_time_ms);
1930}
c70d7499 1931EXPORT_SYMBOL(ipmi_request_settime);
1da177e4
LT		 1932
1933int ipmi_request_supply_msgs(ipmi_user_t user,
1934 struct ipmi_addr *addr,
1935 long msgid,
1936 struct kernel_ipmi_msg *msg,
1937 void *user_msg_data,
1938 void *supplied_smi,
1939 struct ipmi_recv_msg *supplied_recv,
1940 int priority)
1941{
9ebca93b 1942 unsigned char saddr = 0, lun = 0;
c14979b9
CM		 1943 int rv;
1944
8a3628d5 1945 if (!user)
56a55ec6 1946 return -EINVAL;
c14979b9
CM		 1947 rv = check_addr(user->intf, addr, &saddr, &lun);
1948 if (rv)
1949 return rv;
1da177e4
LT		 1950 return i_ipmi_request(user,
1951 user->intf,
1952 addr,
1953 msgid,
1954 msg,
1955 user_msg_data,
1956 supplied_smi,
1957 supplied_recv,
1958 priority,
c14979b9
CM		 1959 saddr,
1960 lun,
1da177e4
LT		 1961 -1, 0);
1962}
c70d7499 1963EXPORT_SYMBOL(ipmi_request_supply_msgs);
1da177e4 1964
1aa16eea 1965#ifdef CONFIG_PROC_FS
07412736 1966static int smi_ipmb_proc_show(struct seq_file *m, void *v)
1da177e4 1967{
07412736 1968 ipmi_smi_t intf = m->private;
c14979b9 1969 int i;
1da177e4 1970
07412736
AD		 1971 seq_printf(m, "%x", intf->channels[0].address);
1972 for (i = 1; i < IPMI_MAX_CHANNELS; i++)
1973 seq_printf(m, " %x", intf->channels[i].address);
1974 return seq_putc(m, '\n');
1da177e4
LT		 1975}
1976
07412736 1977static int smi_ipmb_proc_open(struct inode *inode, struct file *file)
1da177e4 1978{
d9dda78b 1979 return single_open(file, smi_ipmb_proc_show, PDE_DATA(inode));
07412736 1980}
1da177e4 1981
07412736
AD		 1982static const struct file_operations smi_ipmb_proc_ops = {
1983 .open = smi_ipmb_proc_open,
1984 .read = seq_read,
1985 .llseek = seq_lseek,
1986 .release = single_release,
1987};
1988
1989static int smi_version_proc_show(struct seq_file *m, void *v)
1990{
1991 ipmi_smi_t intf = m->private;
1992
1993 return seq_printf(m, "%u.%u\n",
50c812b2
CM		 1994 ipmi_version_major(&intf->bmc->id),
1995 ipmi_version_minor(&intf->bmc->id));
1da177e4
LT		 1996}
1997
07412736 1998static int smi_version_proc_open(struct inode *inode, struct file *file)
1da177e4 1999{
d9dda78b 2000 return single_open(file, smi_version_proc_show, PDE_DATA(inode));
07412736
AD		 2001}
2002
2003static const struct file_operations smi_version_proc_ops = {
2004 .open = smi_version_proc_open,
2005 .read = seq_read,
2006 .llseek = seq_lseek,
2007 .release = single_release,
2008};
1da177e4 2009
07412736
AD		 2010static int smi_stats_proc_show(struct seq_file *m, void *v)
2011{
2012 ipmi_smi_t intf = m->private;
2013
2014 seq_printf(m, "sent_invalid_commands: %u\n",
b2655f26 2015 ipmi_get_stat(intf, sent_invalid_commands));
07412736 2016 seq_printf(m, "sent_local_commands: %u\n",
b2655f26 2017 ipmi_get_stat(intf, sent_local_commands));
07412736 2018 seq_printf(m, "handled_local_responses: %u\n",
b2655f26 2019 ipmi_get_stat(intf, handled_local_responses));
07412736 2020 seq_printf(m, "unhandled_local_responses: %u\n",
b2655f26 2021 ipmi_get_stat(intf, unhandled_local_responses));
07412736 2022 seq_printf(m, "sent_ipmb_commands: %u\n",
b2655f26 2023 ipmi_get_stat(intf, sent_ipmb_commands));
07412736 2024 seq_printf(m, "sent_ipmb_command_errs: %u\n",
b2655f26 2025 ipmi_get_stat(intf, sent_ipmb_command_errs));
07412736 2026 seq_printf(m, "retransmitted_ipmb_commands: %u\n",
b2655f26 2027 ipmi_get_stat(intf, retransmitted_ipmb_commands));
07412736 2028 seq_printf(m, "timed_out_ipmb_commands: %u\n",
b2655f26 2029 ipmi_get_stat(intf, timed_out_ipmb_commands));
07412736 2030 seq_printf(m, "timed_out_ipmb_broadcasts: %u\n",
b2655f26 2031 ipmi_get_stat(intf, timed_out_ipmb_broadcasts));
07412736 2032 seq_printf(m, "sent_ipmb_responses: %u\n",
b2655f26 2033 ipmi_get_stat(intf, sent_ipmb_responses));
07412736 2034 seq_printf(m, "handled_ipmb_responses: %u\n",
b2655f26 2035 ipmi_get_stat(intf, handled_ipmb_responses));
07412736 2036 seq_printf(m, "invalid_ipmb_responses: %u\n",
b2655f26 2037 ipmi_get_stat(intf, invalid_ipmb_responses));
07412736 2038 seq_printf(m, "unhandled_ipmb_responses: %u\n",
b2655f26 2039 ipmi_get_stat(intf, unhandled_ipmb_responses));
07412736 2040 seq_printf(m, "sent_lan_commands: %u\n",
b2655f26 2041 ipmi_get_stat(intf, sent_lan_commands));
07412736 2042 seq_printf(m, "sent_lan_command_errs: %u\n",
b2655f26 2043 ipmi_get_stat(intf, sent_lan_command_errs));
07412736 2044 seq_printf(m, "retransmitted_lan_commands: %u\n",
b2655f26 2045 ipmi_get_stat(intf, retransmitted_lan_commands));
07412736 2046 seq_printf(m, "timed_out_lan_commands: %u\n",
b2655f26 2047 ipmi_get_stat(intf, timed_out_lan_commands));
07412736 2048 seq_printf(m, "sent_lan_responses: %u\n",
b2655f26 2049 ipmi_get_stat(intf, sent_lan_responses));
07412736 2050 seq_printf(m, "handled_lan_responses: %u\n",
b2655f26 2051 ipmi_get_stat(intf, handled_lan_responses));
07412736 2052 seq_printf(m, "invalid_lan_responses: %u\n",
b2655f26 2053 ipmi_get_stat(intf, invalid_lan_responses));
07412736 2054 seq_printf(m, "unhandled_lan_responses: %u\n",
b2655f26 2055 ipmi_get_stat(intf, unhandled_lan_responses));
07412736 2056 seq_printf(m, "handled_commands: %u\n",
b2655f26 2057 ipmi_get_stat(intf, handled_commands));
07412736 2058 seq_printf(m, "invalid_commands: %u\n",
b2655f26 2059 ipmi_get_stat(intf, invalid_commands));
07412736 2060 seq_printf(m, "unhandled_commands: %u\n",
b2655f26 2061 ipmi_get_stat(intf, unhandled_commands));
07412736 2062 seq_printf(m, "invalid_events: %u\n",
b2655f26 2063 ipmi_get_stat(intf, invalid_events));
07412736 2064 seq_printf(m, "events: %u\n",
b2655f26 2065 ipmi_get_stat(intf, events));
07412736 2066 seq_printf(m, "failed rexmit LAN msgs: %u\n",
25176ed6 2067 ipmi_get_stat(intf, dropped_rexmit_lan_commands));
07412736 2068 seq_printf(m, "failed rexmit IPMB msgs: %u\n",
25176ed6 2069 ipmi_get_stat(intf, dropped_rexmit_ipmb_commands));
07412736
AD		 2070 return 0;
2071}
1da177e4 2072
07412736
AD		 2073static int smi_stats_proc_open(struct inode *inode, struct file *file)
2074{
d9dda78b 2075 return single_open(file, smi_stats_proc_show, PDE_DATA(inode));
1da177e4 2076}
07412736
AD		 2077
2078static const struct file_operations smi_stats_proc_ops = {
2079 .open = smi_stats_proc_open,
2080 .read = seq_read,
2081 .llseek = seq_lseek,
2082 .release = single_release,
2083};
1aa16eea 2084#endif /* CONFIG_PROC_FS */
1da177e4
LT		 2085
2086int ipmi_smi_add_proc_entry(ipmi_smi_t smi, char *name,
07412736 2087 const struct file_operations *proc_ops,
99b76233 2088 void *data)
1da177e4 2089{
1da177e4 2090 int rv = 0;
3b625943
CM		 2091#ifdef CONFIG_PROC_FS
2092 struct proc_dir_entry *file;
1da177e4
LT		 2093 struct ipmi_proc_entry *entry;
2094
2095 /* Create a list element. */
2096 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
2097 if (!entry)
2098 return -ENOMEM;
1b6b698f 2099 entry->name = kstrdup(name, GFP_KERNEL);
1da177e4
LT		 2100 if (!entry->name) {
2101 kfree(entry);
2102 return -ENOMEM;
2103 }
1da177e4 2104
07412736 2105 file = proc_create_data(name, 0, smi->proc_dir, proc_ops, data);
1da177e4
LT		 2106 if (!file) {
2107 kfree(entry->name);
2108 kfree(entry);
2109 rv = -ENOMEM;
2110 } else {
ac019151 2111 mutex_lock(&smi->proc_entry_lock);
1da177e4
LT		 2112 /* Stick it on the list. */
2113 entry->next = smi->proc_entries;
2114 smi->proc_entries = entry;
ac019151 2115 mutex_unlock(&smi->proc_entry_lock);
1da177e4 2116 }
3b625943 2117#endif /* CONFIG_PROC_FS */
1da177e4
LT		 2118
2119 return rv;
2120}
c70d7499 2121EXPORT_SYMBOL(ipmi_smi_add_proc_entry);
1da177e4
LT		 2122
2123static int add_proc_entries(ipmi_smi_t smi, int num)
2124{
2125 int rv = 0;
2126
3b625943 2127#ifdef CONFIG_PROC_FS
1da177e4
LT		 2128 sprintf(smi->proc_dir_name, "%d", num);
2129 smi->proc_dir = proc_mkdir(smi->proc_dir_name, proc_ipmi_root);
2130 if (!smi->proc_dir)
2131 rv = -ENOMEM;
1da177e4
LT		 2132
2133 if (rv == 0)
2134 rv = ipmi_smi_add_proc_entry(smi, "stats",
07412736 2135 &smi_stats_proc_ops,
99b76233 2136 smi);
1da177e4
LT		 2137
2138 if (rv == 0)
2139 rv = ipmi_smi_add_proc_entry(smi, "ipmb",
07412736 2140 &smi_ipmb_proc_ops,
99b76233 2141 smi);
1da177e4
LT		 2142
2143 if (rv == 0)
2144 rv = ipmi_smi_add_proc_entry(smi, "version",
07412736 2145 &smi_version_proc_ops,
99b76233 2146 smi);
3b625943 2147#endif /* CONFIG_PROC_FS */
1da177e4
LT		 2148
2149 return rv;
2150}
2151
2152static void remove_proc_entries(ipmi_smi_t smi)
2153{
3b625943 2154#ifdef CONFIG_PROC_FS
1da177e4
LT		 2155 struct ipmi_proc_entry *entry;
2156
ac019151 2157 mutex_lock(&smi->proc_entry_lock);
1da177e4
LT		 2158 while (smi->proc_entries) {
2159 entry = smi->proc_entries;
2160 smi->proc_entries = entry->next;
2161
2162 remove_proc_entry(entry->name, smi->proc_dir);
2163 kfree(entry->name);
2164 kfree(entry);
2165 }
ac019151 2166 mutex_unlock(&smi->proc_entry_lock);
1da177e4 2167 remove_proc_entry(smi->proc_dir_name, proc_ipmi_root);
3b625943 2168#endif /* CONFIG_PROC_FS */
1da177e4
LT		 2169}
2170
50c812b2
CM		 2171static int __find_bmc_guid(struct device *dev, void *data)
2172{
2173 unsigned char *id = data;
16639eb0 2174 struct bmc_device *bmc = to_bmc_device(dev);
50c812b2
CM		 2175 return memcmp(bmc->guid, id, 16) == 0;
2176}
2177
2178static struct bmc_device *ipmi_find_bmc_guid(struct device_driver *drv,
2179 unsigned char *guid)
2180{
2181 struct device *dev;
2182
2183 dev = driver_find_device(drv, NULL, guid, __find_bmc_guid);
2184 if (dev)
16639eb0 2185 return to_bmc_device(dev);
50c812b2
CM		 2186 else
2187 return NULL;
2188}
2189
2190struct prod_dev_id {
2191 unsigned int product_id;
2192 unsigned char device_id;
2193};
2194
2195static int __find_bmc_prod_dev_id(struct device *dev, void *data)
2196{
2197 struct prod_dev_id *id = data;
16639eb0 2198 struct bmc_device *bmc = to_bmc_device(dev);
50c812b2
CM		 2199
2200 return (bmc->id.product_id == id->product_id
50c812b2
CM		 2201 && bmc->id.device_id == id->device_id);
2202}
2203
2204static struct bmc_device *ipmi_find_bmc_prod_dev_id(
2205 struct device_driver *drv,
f0b55da0 2206 unsigned int product_id, unsigned char device_id)
50c812b2
CM		 2207{
2208 struct prod_dev_id id = {
2209 .product_id = product_id,
2210 .device_id = device_id,
2211 };
2212 struct device *dev;
2213
2214 dev = driver_find_device(drv, NULL, &id, __find_bmc_prod_dev_id);
2215 if (dev)
16639eb0 2216 return to_bmc_device(dev);
50c812b2
CM		 2217 else
2218 return NULL;
2219}
2220
2221static ssize_t device_id_show(struct device *dev,
2222 struct device_attribute *attr,
2223 char *buf)
2224{
16639eb0 2225 struct bmc_device *bmc = to_bmc_device(dev);
50c812b2
CM		 2226
2227 return snprintf(buf, 10, "%u\n", bmc->id.device_id);
2228}
16639eb0 2229DEVICE_ATTR(device_id, S_IRUGO, device_id_show, NULL);
50c812b2 2230
16639eb0
CM		 2231static ssize_t provides_device_sdrs_show(struct device *dev,
2232 struct device_attribute *attr,
2233 char *buf)
50c812b2 2234{
16639eb0 2235 struct bmc_device *bmc = to_bmc_device(dev);
50c812b2
CM		 2236
2237 return snprintf(buf, 10, "%u\n",
7947d2cc 2238 (bmc->id.device_revision & 0x80) >> 7);
50c812b2 2239}
16639eb0 2240DEVICE_ATTR(provides_device_sdrs, S_IRUGO, provides_device_sdrs_show, NULL);
50c812b2
CM		 2241
2242static ssize_t revision_show(struct device *dev, struct device_attribute *attr,
2243 char *buf)
2244{
16639eb0 2245 struct bmc_device *bmc = to_bmc_device(dev);
50c812b2
CM		 2246
2247 return snprintf(buf, 20, "%u\n",
7947d2cc 2248 bmc->id.device_revision & 0x0F);
50c812b2 2249}
16639eb0 2250DEVICE_ATTR(revision, S_IRUGO, revision_show, NULL);
50c812b2 2251
16639eb0
CM		 2252static ssize_t firmware_revision_show(struct device *dev,
2253 struct device_attribute *attr,
2254 char *buf)
50c812b2 2255{
16639eb0 2256 struct bmc_device *bmc = to_bmc_device(dev);
50c812b2
CM		 2257
2258 return snprintf(buf, 20, "%u.%x\n", bmc->id.firmware_revision_1,
2259 bmc->id.firmware_revision_2);
2260}
16639eb0 2261DEVICE_ATTR(firmware_revision, S_IRUGO, firmware_revision_show, NULL);
50c812b2
CM		 2262
2263static ssize_t ipmi_version_show(struct device *dev,
2264 struct device_attribute *attr,
2265 char *buf)
2266{
16639eb0 2267 struct bmc_device *bmc = to_bmc_device(dev);
50c812b2
CM		 2268
2269 return snprintf(buf, 20, "%u.%u\n",
2270 ipmi_version_major(&bmc->id),
2271 ipmi_version_minor(&bmc->id));
2272}
16639eb0 2273DEVICE_ATTR(ipmi_version, S_IRUGO, ipmi_version_show, NULL);
50c812b2
CM		 2274
2275static ssize_t add_dev_support_show(struct device *dev,
2276 struct device_attribute *attr,
2277 char *buf)
2278{
16639eb0 2279 struct bmc_device *bmc = to_bmc_device(dev);
50c812b2
CM		 2280
2281 return snprintf(buf, 10, "0x%02x\n",
2282 bmc->id.additional_device_support);
2283}
16639eb0 2284DEVICE_ATTR(additional_device_support, S_IRUGO, add_dev_support_show, NULL);
50c812b2
CM		 2285
2286static ssize_t manufacturer_id_show(struct device *dev,
2287 struct device_attribute *attr,
2288 char *buf)
2289{
16639eb0 2290 struct bmc_device *bmc = to_bmc_device(dev);
50c812b2
CM		 2291
2292 return snprintf(buf, 20, "0x%6.6x\n", bmc->id.manufacturer_id);
2293}
16639eb0 2294DEVICE_ATTR(manufacturer_id, S_IRUGO, manufacturer_id_show, NULL);
50c812b2
CM		 2295
2296static ssize_t product_id_show(struct device *dev,
2297 struct device_attribute *attr,
2298 char *buf)
2299{
16639eb0 2300 struct bmc_device *bmc = to_bmc_device(dev);
50c812b2
CM		 2301
2302 return snprintf(buf, 10, "0x%4.4x\n", bmc->id.product_id);
2303}
16639eb0 2304DEVICE_ATTR(product_id, S_IRUGO, product_id_show, NULL);
50c812b2
CM		 2305
2306static ssize_t aux_firmware_rev_show(struct device *dev,
2307 struct device_attribute *attr,
2308 char *buf)
2309{
16639eb0 2310 struct bmc_device *bmc = to_bmc_device(dev);
50c812b2
CM		 2311
2312 return snprintf(buf, 21, "0x%02x 0x%02x 0x%02x 0x%02x\n",
2313 bmc->id.aux_firmware_revision[3],
2314 bmc->id.aux_firmware_revision[2],
2315 bmc->id.aux_firmware_revision[1],
2316 bmc->id.aux_firmware_revision[0]);
2317}
16639eb0 2318DEVICE_ATTR(aux_firmware_revision, S_IRUGO, aux_firmware_rev_show, NULL);
50c812b2
CM		 2319
2320static ssize_t guid_show(struct device *dev, struct device_attribute *attr,
2321 char *buf)
2322{
16639eb0 2323 struct bmc_device *bmc = to_bmc_device(dev);
50c812b2
CM		 2324
2325 return snprintf(buf, 100, "%Lx%Lx\n",
2326 (long long) bmc->guid[0],
2327 (long long) bmc->guid[8]);
2328}
16639eb0
CM		 2329DEVICE_ATTR(guid, S_IRUGO, guid_show, NULL);
2330
2331static struct attribute *bmc_dev_attrs[] = {
2332 &dev_attr_device_id.attr,
2333 &dev_attr_provides_device_sdrs.attr,
2334 &dev_attr_revision.attr,
2335 &dev_attr_firmware_revision.attr,
2336 &dev_attr_ipmi_version.attr,
2337 &dev_attr_additional_device_support.attr,
2338 &dev_attr_manufacturer_id.attr,
2339 &dev_attr_product_id.attr,
2340 NULL
2341};
50c812b2 2342
16639eb0
CM		 2343static struct attribute_group bmc_dev_attr_group = {
2344 .attrs = bmc_dev_attrs,
2345};
5e59393e 2346
16639eb0
CM		 2347static const struct attribute_group *bmc_dev_attr_groups[] = {
2348 &bmc_dev_attr_group,
2349 NULL
2350};
2351
2352static struct device_type bmc_device_type = {
2353 .groups = bmc_dev_attr_groups,
2354};
2355
2356static void
2357release_bmc_device(struct device *dev)
2358{
2359 kfree(to_bmc_device(dev));
5e59393e
JG		 2360}
2361
2362static void
2363cleanup_bmc_device(struct kref *ref)
2364{
16639eb0 2365 struct bmc_device *bmc = container_of(ref, struct bmc_device, usecount);
5e59393e 2366
16639eb0
CM		 2367 if (bmc->id.aux_firmware_revision_set)
2368 device_remove_file(&bmc->pdev.dev,
2369 &bmc->aux_firmware_rev_attr);
2370 if (bmc->guid_set)
2371 device_remove_file(&bmc->pdev.dev,
2372 &bmc->guid_attr);
5e59393e 2373
16639eb0 2374 platform_device_unregister(&bmc->pdev);
50c812b2
CM		 2375}
2376
2377static void ipmi_bmc_unregister(ipmi_smi_t intf)
2378{
2379 struct bmc_device *bmc = intf->bmc;
2380
5a0e10ec 2381 sysfs_remove_link(&intf->si_dev->kobj, "bmc");
50c812b2 2382 if (intf->my_dev_name) {
16639eb0 2383 sysfs_remove_link(&bmc->pdev.dev.kobj, intf->my_dev_name);
50c812b2
CM		 2384 kfree(intf->my_dev_name);
2385 intf->my_dev_name = NULL;
2386 }
2387
2388 mutex_lock(&ipmidriver_mutex);
16639eb0 2389 kref_put(&bmc->usecount, cleanup_bmc_device);
f0b55da0 2390 intf->bmc = NULL;
50c812b2
CM		 2391 mutex_unlock(&ipmidriver_mutex);
2392}
2393
16639eb0 2394static int create_bmc_files(struct bmc_device *bmc)
5e59393e
JG		 2395{
2396 int err;
2397
5e59393e 2398 if (bmc->id.aux_firmware_revision_set) {
3d9e5df5 2399 bmc->aux_firmware_rev_attr.attr.name = "aux_firmware_revision";
16639eb0 2400 err = device_create_file(&bmc->pdev.dev,
5e59393e 2401 &bmc->aux_firmware_rev_attr);
c70d7499 2402 if (err)
16639eb0 2403 goto out;
5e59393e
JG		 2404 }
2405 if (bmc->guid_set) {
3d9e5df5 2406 bmc->guid_attr.attr.name = "guid";
16639eb0 2407 err = device_create_file(&bmc->pdev.dev,
5e59393e 2408 &bmc->guid_attr);
c70d7499
CM		 2409 if (err)
2410 goto out_aux_firm;
5e59393e
JG		 2411 }
2412
2413 return 0;
2414
2415out_aux_firm:
2416 if (bmc->id.aux_firmware_revision_set)
16639eb0 2417 device_remove_file(&bmc->pdev.dev,
5e59393e 2418 &bmc->aux_firmware_rev_attr);
5e59393e
JG		 2419out:
2420 return err;
2421}
2422
5a0e10ec 2423static int ipmi_bmc_register(ipmi_smi_t intf, int ifnum)
50c812b2
CM		 2424{
2425 int rv;
2426 struct bmc_device *bmc = intf->bmc;
2427 struct bmc_device *old_bmc;
50c812b2
CM		 2428
2429 mutex_lock(&ipmidriver_mutex);
2430
2431 /*
2432 * Try to find if there is an bmc_device struct
2433 * representing the interfaced BMC already
2434 */
2435 if (bmc->guid_set)
fe2d5ffc 2436 old_bmc = ipmi_find_bmc_guid(&ipmidriver.driver, bmc->guid);
50c812b2 2437 else
fe2d5ffc 2438 old_bmc = ipmi_find_bmc_prod_dev_id(&ipmidriver.driver,
50c812b2
CM		 2439 bmc->id.product_id,
2440 bmc->id.device_id);
2441
2442 /*
2443 * If there is already an bmc_device, free the new one,
2444 * otherwise register the new BMC device
2445 */
2446 if (old_bmc) {
2447 kfree(bmc);
2448 intf->bmc = old_bmc;
2449 bmc = old_bmc;
2450
16639eb0 2451 kref_get(&bmc->usecount);
50c812b2
CM		 2452 mutex_unlock(&ipmidriver_mutex);
2453
2454 printk(KERN_INFO
2455 "ipmi: interfacing existing BMC (man_id: 0x%6.6x,"
2456 " prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",
2457 bmc->id.manufacturer_id,
2458 bmc->id.product_id,
2459 bmc->id.device_id);
2460 } else {
f0b55da0
CM		 2461 unsigned char orig_dev_id = bmc->id.device_id;
2462 int warn_printed = 0;
2463
16639eb0 2464 snprintf(bmc->name, sizeof(bmc->name),
f0b55da0 2465 "ipmi_bmc.%4.4x", bmc->id.product_id);
16639eb0 2466 bmc->pdev.name = bmc->name;
f0b55da0 2467
fe2d5ffc 2468 while (ipmi_find_bmc_prod_dev_id(&ipmidriver.driver,
f0b55da0 2469 bmc->id.product_id,
1d5636cc 2470 bmc->id.device_id)) {
f0b55da0
CM		 2471 if (!warn_printed) {
2472 printk(KERN_WARNING PFX
2473 "This machine has two different BMCs"
2474 " with the same product id and device"
2475 " id. This is an error in the"
2476 " firmware, but incrementing the"
2477 " device id to work around the problem."
2478 " Prod ID = 0x%x, Dev ID = 0x%x\n",
2479 bmc->id.product_id, bmc->id.device_id);
2480 warn_printed = 1;
2481 }
2482 bmc->id.device_id++; /* Wraps at 255 */
2483 if (bmc->id.device_id == orig_dev_id) {
2484 printk(KERN_ERR PFX
2485 "Out of device ids!\n");
2486 break;
2487 }
2488 }
2489
16639eb0
CM		 2490 bmc->pdev.dev.driver = &ipmidriver.driver;
2491 bmc->pdev.id = bmc->id.device_id;
2492 bmc->pdev.dev.release = release_bmc_device;
2493 bmc->pdev.dev.type = &bmc_device_type;
5a0e10ec 2494 kref_init(&bmc->usecount);
50c812b2 2495
16639eb0 2496 rv = platform_device_register(&bmc->pdev);
50c812b2
CM		 2497 mutex_unlock(&ipmidriver_mutex);
2498 if (rv) {
16639eb0 2499 put_device(&bmc->pdev.dev);
50c812b2
CM		 2500 printk(KERN_ERR
2501 "ipmi_msghandler:"
2502 " Unable to register bmc device: %d\n",
2503 rv);
c70d7499
CM		 2504 /*
2505 * Don't go to out_err, you can only do that if
2506 * the device is registered already.
2507 */
50c812b2
CM		 2508 return rv;
2509 }
2510
16639eb0 2511 rv = create_bmc_files(bmc);
5e59393e
JG		 2512 if (rv) {
2513 mutex_lock(&ipmidriver_mutex);
16639eb0 2514 platform_device_unregister(&bmc->pdev);
5e59393e
JG		 2515 mutex_unlock(&ipmidriver_mutex);
2516
2517 return rv;
2518 }
50c812b2 2519
279fbd0c
MS		 2520 dev_info(intf->si_dev, "Found new BMC (man_id: 0x%6.6x, "
2521 "prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",
2522 bmc->id.manufacturer_id,
2523 bmc->id.product_id,
2524 bmc->id.device_id);
50c812b2
CM		 2525 }
2526
2527 /*
2528 * create symlink from system interface device to bmc device
2529 * and back.
2530 */
5a0e10ec 2531 rv = sysfs_create_link(&intf->si_dev->kobj, &bmc->pdev.dev.kobj, "bmc");
50c812b2
CM		 2532 if (rv) {
2533 printk(KERN_ERR
2534 "ipmi_msghandler: Unable to create bmc symlink: %d\n",
2535 rv);
2536 goto out_err;
2537 }
2538
16639eb0 2539 intf->my_dev_name = kasprintf(GFP_KERNEL, "ipmi%d", ifnum);
50c812b2
CM		 2540 if (!intf->my_dev_name) {
2541 rv = -ENOMEM;
2542 printk(KERN_ERR
2543 "ipmi_msghandler: allocate link from BMC: %d\n",
2544 rv);
2545 goto out_err;
2546 }
50c812b2 2547
16639eb0 2548 rv = sysfs_create_link(&bmc->pdev.dev.kobj, &intf->si_dev->kobj,
50c812b2
CM		 2549 intf->my_dev_name);
2550 if (rv) {
2551 kfree(intf->my_dev_name);
2552 intf->my_dev_name = NULL;
2553 printk(KERN_ERR
2554 "ipmi_msghandler:"
2555 " Unable to create symlink to bmc: %d\n",
2556 rv);
2557 goto out_err;
2558 }
2559
2560 return 0;
2561
2562out_err:
2563 ipmi_bmc_unregister(intf);
2564 return rv;
2565}
2566
2567static int
2568send_guid_cmd(ipmi_smi_t intf, int chan)
2569{
2570 struct kernel_ipmi_msg msg;
2571 struct ipmi_system_interface_addr si;
2572
2573 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2574 si.channel = IPMI_BMC_CHANNEL;
2575 si.lun = 0;
2576
2577 msg.netfn = IPMI_NETFN_APP_REQUEST;
2578 msg.cmd = IPMI_GET_DEVICE_GUID_CMD;
2579 msg.data = NULL;
2580 msg.data_len = 0;
2581 return i_ipmi_request(NULL,
2582 intf,
2583 (struct ipmi_addr *) &si,
2584 0,
2585 &msg,
2586 intf,
2587 NULL,
2588 NULL,
2589 0,
2590 intf->channels[0].address,
2591 intf->channels[0].lun,
2592 -1, 0);
2593}
2594
2595static void
2596guid_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
2597{
2598 if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
2599 || (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE)
2600 || (msg->msg.cmd != IPMI_GET_DEVICE_GUID_CMD))
2601 /* Not for me */
2602 return;
2603
2604 if (msg->msg.data[0] != 0) {
2605 /* Error from getting the GUID, the BMC doesn't have one. */
2606 intf->bmc->guid_set = 0;
2607 goto out;
2608 }
2609
2610 if (msg->msg.data_len < 17) {
2611 intf->bmc->guid_set = 0;
2612 printk(KERN_WARNING PFX
2613 "guid_handler: The GUID response from the BMC was too"
2614 " short, it was %d but should have been 17. Assuming"
2615 " GUID is not available.\n",
2616 msg->msg.data_len);
2617 goto out;
2618 }
2619
2620 memcpy(intf->bmc->guid, msg->msg.data, 16);
2621 intf->bmc->guid_set = 1;
2622 out:
2623 wake_up(&intf->waitq);
2624}
2625
2626static void
2627get_guid(ipmi_smi_t intf)
2628{
2629 int rv;
2630
2631 intf->bmc->guid_set = 0x2;
2632 intf->null_user_handler = guid_handler;
2633 rv = send_guid_cmd(intf, 0);
2634 if (rv)
2635 /* Send failed, no GUID available. */
2636 intf->bmc->guid_set = 0;
2637 wait_event(intf->waitq, intf->bmc->guid_set != 2);
2638 intf->null_user_handler = NULL;
2639}
2640
1da177e4
LT		 2641static int
2642send_channel_info_cmd(ipmi_smi_t intf, int chan)
2643{
2644 struct kernel_ipmi_msg msg;
2645 unsigned char data[1];
2646 struct ipmi_system_interface_addr si;
2647
2648 si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2649 si.channel = IPMI_BMC_CHANNEL;
2650 si.lun = 0;
2651
2652 msg.netfn = IPMI_NETFN_APP_REQUEST;
2653 msg.cmd = IPMI_GET_CHANNEL_INFO_CMD;
2654 msg.data = data;
2655 msg.data_len = 1;
2656 data[0] = chan;
2657 return i_ipmi_request(NULL,
2658 intf,
2659 (struct ipmi_addr *) &si,
2660 0,
2661 &msg,
56a55ec6 2662 intf,
1da177e4
LT		 2663 NULL,
2664 NULL,
2665 0,
c14979b9
CM		 2666 intf->channels[0].address,
2667 intf->channels[0].lun,
1da177e4
LT		 2668 -1, 0);
2669}
2670
2671static void
56a55ec6 2672channel_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
1da177e4
LT		 2673{
2674 int rv = 0;
2675 int chan;
2676
56a55ec6
CM		 2677 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
2678 && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
c70d7499 2679 && (msg->msg.cmd == IPMI_GET_CHANNEL_INFO_CMD)) {
1da177e4 2680 /* It's the one we want */
56a55ec6 2681 if (msg->msg.data[0] != 0) {
1da177e4
LT		 2682 /* Got an error from the channel, just go on. */
2683
56a55ec6 2684 if (msg->msg.data[0] == IPMI_INVALID_COMMAND_ERR) {
c70d7499
CM		 2685 /*
2686 * If the MC does not support this
2687 * command, that is legal. We just
2688 * assume it has one IPMB at channel
2689 * zero.
2690 */
1da177e4
LT		 2691 intf->channels[0].medium
2692 = IPMI_CHANNEL_MEDIUM_IPMB;
2693 intf->channels[0].protocol
2694 = IPMI_CHANNEL_PROTOCOL_IPMB;
1da177e4
LT		 2695
2696 intf->curr_channel = IPMI_MAX_CHANNELS;
2697 wake_up(&intf->waitq);
2698 goto out;
2699 }
2700 goto next_channel;
2701 }
56a55ec6 2702 if (msg->msg.data_len < 4) {
1da177e4
LT		 2703 /* Message not big enough, just go on. */
2704 goto next_channel;
2705 }
2706 chan = intf->curr_channel;
56a55ec6
CM		 2707 intf->channels[chan].medium = msg->msg.data[2] & 0x7f;
2708 intf->channels[chan].protocol = msg->msg.data[3] & 0x1f;
1da177e4 2709
c70d7499 2710 next_channel:
1da177e4
LT		 2711 intf->curr_channel++;
2712 if (intf->curr_channel >= IPMI_MAX_CHANNELS)
2713 wake_up(&intf->waitq);
2714 else
2715 rv = send_channel_info_cmd(intf, intf->curr_channel);
2716
2717 if (rv) {
2718 /* Got an error somehow, just give up. */
1f668423
CM		 2719 printk(KERN_WARNING PFX
2720 "Error sending channel information for channel"
2721 " %d: %d\n", intf->curr_channel, rv);
2722
1da177e4
LT		 2723 intf->curr_channel = IPMI_MAX_CHANNELS;
2724 wake_up(&intf->waitq);
1da177e4
LT		 2725 }
2726 }
2727 out:
2728 return;
2729}
2730
895dcfd1 2731static void ipmi_poll(ipmi_smi_t intf)
fcfa4724 2732{
fcfa4724
CM		 2733 if (intf->handlers->poll)
2734 intf->handlers->poll(intf->send_info);
7adf579c
CM		 2735 /* In case something came in */
2736 handle_new_recv_msgs(intf);
fcfa4724 2737}
895dcfd1
CM		 2738
2739void ipmi_poll_interface(ipmi_user_t user)
2740{
2741 ipmi_poll(user->intf);
fcfa4724 2742}
c70d7499 2743EXPORT_SYMBOL(ipmi_poll_interface);
fcfa4724 2744
1da177e4
LT		 2745int ipmi_register_smi(struct ipmi_smi_handlers *handlers,
2746 void *send_info,
50c812b2
CM		 2747 struct ipmi_device_id *device_id,
2748 struct device *si_dev,
453823ba 2749 unsigned char slave_addr)
1da177e4
LT		 2750{
2751 int i, j;
2752 int rv;
393d2cc3 2753 ipmi_smi_t intf;
bca0324d 2754 ipmi_smi_t tintf;
bca0324d 2755 struct list_head *link;
1da177e4 2756
c70d7499
CM		 2757 /*
2758 * Make sure the driver is actually initialized, this handles
2759 * problems with initialization order.
2760 */
1da177e4
LT		 2761 if (!initialized) {
2762 rv = ipmi_init_msghandler();
2763 if (rv)
2764 return rv;
c70d7499
CM		 2765 /*
2766 * The init code doesn't return an error if it was turned
2767 * off, but it won't initialize. Check that.
2768 */
1da177e4
LT		 2769 if (!initialized)
2770 return -ENODEV;
2771 }
2772
dd00cc48 2773 intf = kzalloc(sizeof(*intf), GFP_KERNEL);
393d2cc3 2774 if (!intf)
1da177e4 2775 return -ENOMEM;
b2c03941
CM		 2776
2777 intf->ipmi_version_major = ipmi_version_major(device_id);
2778 intf->ipmi_version_minor = ipmi_version_minor(device_id);
2779
50c812b2
CM		 2780 intf->bmc = kzalloc(sizeof(*intf->bmc), GFP_KERNEL);
2781 if (!intf->bmc) {
2782 kfree(intf);
2783 return -ENOMEM;
2784 }
bca0324d 2785 intf->intf_num = -1; /* Mark it invalid for now. */
393d2cc3 2786 kref_init(&intf->refcount);
50c812b2
CM		 2787 intf->bmc->id = *device_id;
2788 intf->si_dev = si_dev;
393d2cc3
CM		 2789 for (j = 0; j < IPMI_MAX_CHANNELS; j++) {
2790 intf->channels[j].address = IPMI_BMC_SLAVE_ADDR;
2791 intf->channels[j].lun = 2;
2792 }
2793 if (slave_addr != 0)
2794 intf->channels[0].address = slave_addr;
2795 INIT_LIST_HEAD(&intf->users);
2796 intf->handlers = handlers;
2797 intf->send_info = send_info;
2798 spin_lock_init(&intf->seq_lock);
2799 for (j = 0; j < IPMI_IPMB_NUM_SEQ; j++) {
2800 intf->seq_table[j].inuse = 0;
2801 intf->seq_table[j].seqid = 0;
2802 }
2803 intf->curr_seq = 0;
2804#ifdef CONFIG_PROC_FS
ac019151 2805 mutex_init(&intf->proc_entry_lock);
393d2cc3 2806#endif
65be7544
CM		 2807 spin_lock_init(&intf->waiting_rcv_msgs_lock);
2808 INIT_LIST_HEAD(&intf->waiting_rcv_msgs);
7adf579c
CM		 2809 tasklet_init(&intf->recv_tasklet,
2810 smi_recv_tasklet,
2811 (unsigned long) intf);
2812 atomic_set(&intf->watchdog_pretimeouts_to_deliver, 0);
393d2cc3 2813 spin_lock_init(&intf->events_lock);
89986496
CM		 2814 atomic_set(&intf->event_waiters, 0);
2815 intf->ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
393d2cc3
CM		 2816 INIT_LIST_HEAD(&intf->waiting_events);
2817 intf->waiting_events_count = 0;
d6dfd131 2818 mutex_init(&intf->cmd_rcvrs_mutex);
b9675136 2819 spin_lock_init(&intf->maintenance_mode_lock);
393d2cc3
CM		 2820 INIT_LIST_HEAD(&intf->cmd_rcvrs);
2821 init_waitqueue_head(&intf->waitq);
b2655f26
KB		 2822 for (i = 0; i < IPMI_NUM_STATS; i++)
2823 atomic_set(&intf->stats[i], 0);
393d2cc3 2824
393d2cc3 2825 intf->proc_dir = NULL;
1da177e4 2826
b2c03941 2827 mutex_lock(&smi_watchers_mutex);
bca0324d
CM		 2828 mutex_lock(&ipmi_interfaces_mutex);
2829 /* Look for a hole in the numbers. */
2830 i = 0;
2831 link = &ipmi_interfaces;
2832 list_for_each_entry_rcu(tintf, &ipmi_interfaces, link) {
2833 if (tintf->intf_num != i) {
2834 link = &tintf->link;
1da177e4
LT		 2835 break;
2836 }
bca0324d 2837 i++;
1da177e4 2838 }
bca0324d
CM		 2839 /* Add the new interface in numeric order. */
2840 if (i == 0)
2841 list_add_rcu(&intf->link, &ipmi_interfaces);
2842 else
2843 list_add_tail_rcu(&intf->link, link);
1da177e4 2844
453823ba
CM		 2845 rv = handlers->start_processing(send_info, intf);
2846 if (rv)
2847 goto out;
1da177e4 2848
50c812b2
CM		 2849 get_guid(intf);
2850
b2c03941 2851 if ((intf->ipmi_version_major > 1)
c70d7499
CM		 2852 || ((intf->ipmi_version_major == 1)
2853 && (intf->ipmi_version_minor >= 5))) {
2854 /*
2855 * Start scanning the channels to see what is
2856 * available.
2857 */
393d2cc3
CM		 2858 intf->null_user_handler = channel_handler;
2859 intf->curr_channel = 0;
2860 rv = send_channel_info_cmd(intf, 0);
1f668423
CM		 2861 if (rv) {
2862 printk(KERN_WARNING PFX
2863 "Error sending channel information for channel"
2864 " 0, %d\n", rv);
393d2cc3 2865 goto out;
1f668423 2866 }
1da177e4 2867
393d2cc3
CM		 2868 /* Wait for the channel info to be read. */
2869 wait_event(intf->waitq,
2870 intf->curr_channel >= IPMI_MAX_CHANNELS);
50c812b2 2871 intf->null_user_handler = NULL;
393d2cc3
CM		 2872 } else {
2873 /* Assume a single IPMB channel at zero. */
2874 intf->channels[0].medium = IPMI_CHANNEL_MEDIUM_IPMB;
2875 intf->channels[0].protocol = IPMI_CHANNEL_PROTOCOL_IPMB;
9a2845c4 2876 intf->curr_channel = IPMI_MAX_CHANNELS;
1da177e4
LT		 2877 }
2878
393d2cc3
CM		 2879 if (rv == 0)
2880 rv = add_proc_entries(intf, i);
1da177e4 2881
5a0e10ec 2882 rv = ipmi_bmc_register(intf, i);
50c812b2 2883
393d2cc3 2884 out:
1da177e4 2885 if (rv) {
393d2cc3
CM		 2886 if (intf->proc_dir)
2887 remove_proc_entries(intf);
b2c03941 2888 intf->handlers = NULL;
bca0324d
CM		 2889 list_del_rcu(&intf->link);
2890 mutex_unlock(&ipmi_interfaces_mutex);
b2c03941 2891 mutex_unlock(&smi_watchers_mutex);
bca0324d 2892 synchronize_rcu();
393d2cc3 2893 kref_put(&intf->refcount, intf_free);
393d2cc3 2894 } else {
78ba2faf
CM		 2895 /*
2896 * Keep memory order straight for RCU readers. Make
2897 * sure everything else is committed to memory before
2898 * setting intf_num to mark the interface valid.
2899 */
2900 smp_wmb();
bca0324d
CM		 2901 intf->intf_num = i;
2902 mutex_unlock(&ipmi_interfaces_mutex);
78ba2faf 2903 /* After this point the interface is legal to use. */
50c812b2 2904 call_smi_watchers(i, intf->si_dev);
b2c03941 2905 mutex_unlock(&smi_watchers_mutex);
1da177e4
LT		 2906 }
2907
2908 return rv;
2909}
c70d7499 2910EXPORT_SYMBOL(ipmi_register_smi);
1da177e4 2911
b2c03941
CM		 2912static void cleanup_smi_msgs(ipmi_smi_t intf)
2913{
2914 int i;
2915 struct seq_table *ent;
2916
2917 /* No need for locks, the interface is down. */
2918 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
2919 ent = &(intf->seq_table[i]);
2920 if (!ent->inuse)
2921 continue;
2922 deliver_err_response(ent->recv_msg, IPMI_ERR_UNSPECIFIED);
2923 }
2924}
2925
1da177e4
LT		 2926int ipmi_unregister_smi(ipmi_smi_t intf)
2927{
1da177e4 2928 struct ipmi_smi_watcher *w;
b2c03941 2929 int intf_num = intf->intf_num;
1da177e4 2930
50c812b2
CM		 2931 ipmi_bmc_unregister(intf);
2932
b2c03941 2933 mutex_lock(&smi_watchers_mutex);
bca0324d 2934 mutex_lock(&ipmi_interfaces_mutex);
b2c03941
CM		 2935 intf->intf_num = -1;
2936 intf->handlers = NULL;
bca0324d
CM		 2937 list_del_rcu(&intf->link);
2938 mutex_unlock(&ipmi_interfaces_mutex);
2939 synchronize_rcu();
1da177e4 2940
b2c03941
CM		 2941 cleanup_smi_msgs(intf);
2942
393d2cc3 2943 remove_proc_entries(intf);
1da177e4 2944
c70d7499
CM		 2945 /*
2946 * Call all the watcher interfaces to tell them that
2947 * an interface is gone.
2948 */
393d2cc3 2949 list_for_each_entry(w, &smi_watchers, link)
b2c03941
CM		 2950 w->smi_gone(intf_num);
2951 mutex_unlock(&smi_watchers_mutex);
393d2cc3 2952
393d2cc3 2953 kref_put(&intf->refcount, intf_free);
1da177e4
LT		 2954 return 0;
2955}
c70d7499 2956EXPORT_SYMBOL(ipmi_unregister_smi);
1da177e4
LT		 2957
2958static int handle_ipmb_get_msg_rsp(ipmi_smi_t intf,
2959 struct ipmi_smi_msg *msg)
2960{
2961 struct ipmi_ipmb_addr ipmb_addr;
2962 struct ipmi_recv_msg *recv_msg;
1da177e4 2963
c70d7499
CM		 2964 /*
2965 * This is 11, not 10, because the response must contain a
2966 * completion code.
2967 */
1da177e4
LT		 2968 if (msg->rsp_size < 11) {
2969 /* Message not big enough, just ignore it. */
b2655f26 2970 ipmi_inc_stat(intf, invalid_ipmb_responses);
1da177e4
LT		 2971 return 0;
2972 }
2973
2974 if (msg->rsp[2] != 0) {
2975 /* An error getting the response, just ignore it. */
2976 return 0;
2977 }
2978
2979 ipmb_addr.addr_type = IPMI_IPMB_ADDR_TYPE;
2980 ipmb_addr.slave_addr = msg->rsp[6];
2981 ipmb_addr.channel = msg->rsp[3] & 0x0f;
2982 ipmb_addr.lun = msg->rsp[7] & 3;
2983
c70d7499
CM		 2984 /*
2985 * It's a response from a remote entity. Look up the sequence
2986 * number and handle the response.
2987 */
1da177e4
LT		 2988 if (intf_find_seq(intf,
2989 msg->rsp[7] >> 2,
2990 msg->rsp[3] & 0x0f,
2991 msg->rsp[8],
2992 (msg->rsp[4] >> 2) & (~1),
2993 (struct ipmi_addr *) &(ipmb_addr),
c70d7499
CM		 2994 &recv_msg)) {
2995 /*
2996 * We were unable to find the sequence number,
2997 * so just nuke the message.
2998 */
b2655f26 2999 ipmi_inc_stat(intf, unhandled_ipmb_responses);
1da177e4
LT		 3000 return 0;
3001 }
3002
3003 memcpy(recv_msg->msg_data,
3004 &(msg->rsp[9]),
3005 msg->rsp_size - 9);
c70d7499
CM		 3006 /*
3007 * The other fields matched, so no need to set them, except
3008 * for netfn, which needs to be the response that was
3009 * returned, not the request value.
3010 */
1da177e4
LT		 3011 recv_msg->msg.netfn = msg->rsp[4] >> 2;
3012 recv_msg->msg.data = recv_msg->msg_data;
3013 recv_msg->msg.data_len = msg->rsp_size - 10;
3014 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
b2655f26 3015 ipmi_inc_stat(intf, handled_ipmb_responses);
1da177e4
LT		 3016 deliver_response(recv_msg);
3017
3018 return 0;
3019}
3020
3021static int handle_ipmb_get_msg_cmd(ipmi_smi_t intf,
3022 struct ipmi_smi_msg *msg)
3023{
393d2cc3
CM		 3024 struct cmd_rcvr *rcvr;
3025 int rv = 0;
3026 unsigned char netfn;
3027 unsigned char cmd;
c69c3127 3028 unsigned char chan;
393d2cc3
CM		 3029 ipmi_user_t user = NULL;
3030 struct ipmi_ipmb_addr *ipmb_addr;
3031 struct ipmi_recv_msg *recv_msg;
b2c03941 3032 struct ipmi_smi_handlers *handlers;
1da177e4
LT		 3033
3034 if (msg->rsp_size < 10) {
3035 /* Message not big enough, just ignore it. */
b2655f26 3036 ipmi_inc_stat(intf, invalid_commands);
1da177e4
LT		 3037 return 0;
3038 }
3039
3040 if (msg->rsp[2] != 0) {
3041 /* An error getting the response, just ignore it. */
3042 return 0;
3043 }
3044
3045 netfn = msg->rsp[4] >> 2;
3046 cmd = msg->rsp[8];
c69c3127 3047 chan = msg->rsp[3] & 0xf;
1da177e4 3048
e61fb5b6 3049 rcu_read_lock();
c69c3127 3050 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);
393d2cc3
CM		 3051 if (rcvr) {
3052 user = rcvr->user;
3053 kref_get(&user->refcount);
3054 } else
3055 user = NULL;
e61fb5b6 3056 rcu_read_unlock();
1da177e4
LT		 3057
3058 if (user == NULL) {
3059 /* We didn't find a user, deliver an error response. */
b2655f26 3060 ipmi_inc_stat(intf, unhandled_commands);
1da177e4
LT		 3061
3062 msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
3063 msg->data[1] = IPMI_SEND_MSG_CMD;
3064 msg->data[2] = msg->rsp[3];
3065 msg->data[3] = msg->rsp[6];
c70d7499 3066 msg->data[4] = ((netfn + 1) << 2) | (msg->rsp[7] & 0x3);
1da177e4 3067 msg->data[5] = ipmb_checksum(&(msg->data[3]), 2);
c14979b9 3068 msg->data[6] = intf->channels[msg->rsp[3] & 0xf].address;
c70d7499
CM		 3069 /* rqseq/lun */
3070 msg->data[7] = (msg->rsp[7] & 0xfc) | (msg->rsp[4] & 0x3);
1da177e4
LT		 3071 msg->data[8] = msg->rsp[8]; /* cmd */
3072 msg->data[9] = IPMI_INVALID_CMD_COMPLETION_CODE;
3073 msg->data[10] = ipmb_checksum(&(msg->data[6]), 4);
3074 msg->data_size = 11;
3075
3076#ifdef DEBUG_MSGING
3077 {
3078 int m;
3079 printk("Invalid command:");
e8b33617 3080 for (m = 0; m < msg->data_size; m++)
1da177e4
LT		 3081 printk(" %2.2x", msg->data[m]);
3082 printk("\n");
3083 }
3084#endif
b2c03941
CM		 3085 rcu_read_lock();
3086 handlers = intf->handlers;
3087 if (handlers) {
7f4a1c84 3088 smi_send(intf, handlers, msg, 0);
c70d7499
CM		 3089 /*
3090 * We used the message, so return the value
3091 * that causes it to not be freed or
3092 * queued.
3093 */
b2c03941
CM		 3094 rv = -1;
3095 }
3096 rcu_read_unlock();
1da177e4
LT		 3097 } else {
3098 /* Deliver the message to the user. */
b2655f26 3099 ipmi_inc_stat(intf, handled_commands);
1da177e4
LT		 3100
3101 recv_msg = ipmi_alloc_recv_msg();
8a3628d5 3102 if (!recv_msg) {
c70d7499
CM		 3103 /*
3104 * We couldn't allocate memory for the
3105 * message, so requeue it for handling
3106 * later.
3107 */
1da177e4 3108 rv = 1;
393d2cc3 3109 kref_put(&user->refcount, free_user);
1da177e4
LT		 3110 } else {
3111 /* Extract the source address from the data. */
3112 ipmb_addr = (struct ipmi_ipmb_addr *) &recv_msg->addr;
3113 ipmb_addr->addr_type = IPMI_IPMB_ADDR_TYPE;
3114 ipmb_addr->slave_addr = msg->rsp[6];
3115 ipmb_addr->lun = msg->rsp[7] & 3;
3116 ipmb_addr->channel = msg->rsp[3] & 0xf;
3117
c70d7499
CM		 3118 /*
3119 * Extract the rest of the message information
3120 * from the IPMB header.
3121 */
1da177e4
LT		 3122 recv_msg->user = user;
3123 recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
3124 recv_msg->msgid = msg->rsp[7] >> 2;
3125 recv_msg->msg.netfn = msg->rsp[4] >> 2;
3126 recv_msg->msg.cmd = msg->rsp[8];
3127 recv_msg->msg.data = recv_msg->msg_data;
3128
c70d7499
CM		 3129 /*
3130 * We chop off 10, not 9 bytes because the checksum
3131 * at the end also needs to be removed.
3132 */
1da177e4
LT		 3133 recv_msg->msg.data_len = msg->rsp_size - 10;
3134 memcpy(recv_msg->msg_data,
3135 &(msg->rsp[9]),
3136 msg->rsp_size - 10);
3137 deliver_response(recv_msg);
3138 }
3139 }
3140
3141 return rv;
3142}
3143
3144static int handle_lan_get_msg_rsp(ipmi_smi_t intf,
3145 struct ipmi_smi_msg *msg)
3146{
3147 struct ipmi_lan_addr lan_addr;
3148 struct ipmi_recv_msg *recv_msg;
1da177e4
LT		 3149
3150
c70d7499
CM		 3151 /*
3152 * This is 13, not 12, because the response must contain a
3153 * completion code.
3154 */
1da177e4
LT		 3155 if (msg->rsp_size < 13) {
3156 /* Message not big enough, just ignore it. */
b2655f26 3157 ipmi_inc_stat(intf, invalid_lan_responses);
1da177e4
LT		 3158 return 0;
3159 }
3160
3161 if (msg->rsp[2] != 0) {
3162 /* An error getting the response, just ignore it. */
3163 return 0;
3164 }
3165
3166 lan_addr.addr_type = IPMI_LAN_ADDR_TYPE;
3167 lan_addr.session_handle = msg->rsp[4];
3168 lan_addr.remote_SWID = msg->rsp[8];
3169 lan_addr.local_SWID = msg->rsp[5];
3170 lan_addr.channel = msg->rsp[3] & 0x0f;
3171 lan_addr.privilege = msg->rsp[3] >> 4;
3172 lan_addr.lun = msg->rsp[9] & 3;
3173
c70d7499
CM		 3174 /*
3175 * It's a response from a remote entity. Look up the sequence
3176 * number and handle the response.
3177 */
1da177e4
LT		 3178 if (intf_find_seq(intf,
3179 msg->rsp[9] >> 2,
3180 msg->rsp[3] & 0x0f,
3181 msg->rsp[10],
3182 (msg->rsp[6] >> 2) & (~1),
3183 (struct ipmi_addr *) &(lan_addr),
c70d7499
CM		 3184 &recv_msg)) {
3185 /*
3186 * We were unable to find the sequence number,
3187 * so just nuke the message.
3188 */
b2655f26 3189 ipmi_inc_stat(intf, unhandled_lan_responses);
1da177e4
LT		 3190 return 0;
3191 }
3192
3193 memcpy(recv_msg->msg_data,
3194 &(msg->rsp[11]),
3195 msg->rsp_size - 11);
c70d7499
CM		 3196 /*
3197 * The other fields matched, so no need to set them, except
3198 * for netfn, which needs to be the response that was
3199 * returned, not the request value.
3200 */
1da177e4
LT		 3201 recv_msg->msg.netfn = msg->rsp[6] >> 2;
3202 recv_msg->msg.data = recv_msg->msg_data;
3203 recv_msg->msg.data_len = msg->rsp_size - 12;
3204 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
b2655f26 3205 ipmi_inc_stat(intf, handled_lan_responses);
1da177e4
LT		 3206 deliver_response(recv_msg);
3207
3208 return 0;
3209}
3210
3211static int handle_lan_get_msg_cmd(ipmi_smi_t intf,
3212 struct ipmi_smi_msg *msg)
3213{
393d2cc3
CM		 3214 struct cmd_rcvr *rcvr;
3215 int rv = 0;
3216 unsigned char netfn;
3217 unsigned char cmd;
c69c3127 3218 unsigned char chan;
393d2cc3
CM		 3219 ipmi_user_t user = NULL;
3220 struct ipmi_lan_addr *lan_addr;
3221 struct ipmi_recv_msg *recv_msg;
1da177e4
LT		 3222
3223 if (msg->rsp_size < 12) {
3224 /* Message not big enough, just ignore it. */
b2655f26 3225 ipmi_inc_stat(intf, invalid_commands);
1da177e4
LT		 3226 return 0;
3227 }
3228
3229 if (msg->rsp[2] != 0) {
3230 /* An error getting the response, just ignore it. */
3231 return 0;
3232 }
3233
3234 netfn = msg->rsp[6] >> 2;
3235 cmd = msg->rsp[10];
c69c3127 3236 chan = msg->rsp[3] & 0xf;
1da177e4 3237
e61fb5b6 3238 rcu_read_lock();
c69c3127 3239 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);
393d2cc3
CM		 3240 if (rcvr) {
3241 user = rcvr->user;
3242 kref_get(&user->refcount);
3243 } else
3244 user = NULL;
e61fb5b6 3245 rcu_read_unlock();
1da177e4
LT		 3246
3247 if (user == NULL) {
393d2cc3 3248 /* We didn't find a user, just give up. */
b2655f26 3249 ipmi_inc_stat(intf, unhandled_commands);
1da177e4 3250
c70d7499
CM		 3251 /*
3252 * Don't do anything with these messages, just allow
3253 * them to be freed.
3254 */
3255 rv = 0;
1da177e4
LT		 3256 } else {
3257 /* Deliver the message to the user. */
b2655f26 3258 ipmi_inc_stat(intf, handled_commands);
1da177e4
LT		 3259
3260 recv_msg = ipmi_alloc_recv_msg();
8a3628d5 3261 if (!recv_msg) {
c70d7499
CM		 3262 /*
3263 * We couldn't allocate memory for the
3264 * message, so requeue it for handling later.
3265 */
1da177e4 3266 rv = 1;
393d2cc3 3267 kref_put(&user->refcount, free_user);
1da177e4
LT		 3268 } else {
3269 /* Extract the source address from the data. */
3270 lan_addr = (struct ipmi_lan_addr *) &recv_msg->addr;
3271 lan_addr->addr_type = IPMI_LAN_ADDR_TYPE;
3272 lan_addr->session_handle = msg->rsp[4];
3273 lan_addr->remote_SWID = msg->rsp[8];
3274 lan_addr->local_SWID = msg->rsp[5];
3275 lan_addr->lun = msg->rsp[9] & 3;
3276 lan_addr->channel = msg->rsp[3] & 0xf;
3277 lan_addr->privilege = msg->rsp[3] >> 4;
3278
c70d7499
CM		 3279 /*
3280 * Extract the rest of the message information
3281 * from the IPMB header.
3282 */
1da177e4
LT		 3283 recv_msg->user = user;
3284 recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
3285 recv_msg->msgid = msg->rsp[9] >> 2;
3286 recv_msg->msg.netfn = msg->rsp[6] >> 2;
3287 recv_msg->msg.cmd = msg->rsp[10];
3288 recv_msg->msg.data = recv_msg->msg_data;
3289
c70d7499
CM		 3290 /*
3291 * We chop off 12, not 11 bytes because the checksum
3292 * at the end also needs to be removed.
3293 */
1da177e4
LT		 3294 recv_msg->msg.data_len = msg->rsp_size - 12;
3295 memcpy(recv_msg->msg_data,
3296 &(msg->rsp[11]),
3297 msg->rsp_size - 12);
3298 deliver_response(recv_msg);
3299 }
3300 }
3301
3302 return rv;
3303}
3304
4dec302f 3305/*
3306 * This routine will handle "Get Message" command responses with
3307 * channels that use an OEM Medium. The message format belongs to
3308 * the OEM. See IPMI 2.0 specification, Chapter 6 and
3309 * Chapter 22, sections 22.6 and 22.24 for more details.
3310 */
3311static int handle_oem_get_msg_cmd(ipmi_smi_t intf,
3312 struct ipmi_smi_msg *msg)
3313{
3314 struct cmd_rcvr *rcvr;
3315 int rv = 0;
3316 unsigned char netfn;
3317 unsigned char cmd;
3318 unsigned char chan;
3319 ipmi_user_t user = NULL;
3320 struct ipmi_system_interface_addr *smi_addr;
3321 struct ipmi_recv_msg *recv_msg;
3322
3323 /*
3324 * We expect the OEM SW to perform error checking
3325 * so we just do some basic sanity checks
3326 */
3327 if (msg->rsp_size < 4) {
3328 /* Message not big enough, just ignore it. */
3329 ipmi_inc_stat(intf, invalid_commands);
3330 return 0;
3331 }
3332
3333 if (msg->rsp[2] != 0) {
3334 /* An error getting the response, just ignore it. */
3335 return 0;
3336 }
3337
3338 /*
3339 * This is an OEM Message so the OEM needs to know how
3340 * handle the message. We do no interpretation.
3341 */
3342 netfn = msg->rsp[0] >> 2;
3343 cmd = msg->rsp[1];
3344 chan = msg->rsp[3] & 0xf;
3345
3346 rcu_read_lock();
3347 rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);
3348 if (rcvr) {
3349 user = rcvr->user;
3350 kref_get(&user->refcount);
3351 } else
3352 user = NULL;
3353 rcu_read_unlock();
3354
3355 if (user == NULL) {
3356 /* We didn't find a user, just give up. */
3357 ipmi_inc_stat(intf, unhandled_commands);
3358
3359 /*
3360 * Don't do anything with these messages, just allow
3361 * them to be freed.
3362 */
3363
3364 rv = 0;
3365 } else {
3366 /* Deliver the message to the user. */
3367 ipmi_inc_stat(intf, handled_commands);
3368
3369 recv_msg = ipmi_alloc_recv_msg();
3370 if (!recv_msg) {
3371 /*
3372 * We couldn't allocate memory for the
3373 * message, so requeue it for handling
3374 * later.
3375 */
3376 rv = 1;
3377 kref_put(&user->refcount, free_user);
3378 } else {
3379 /*
3380 * OEM Messages are expected to be delivered via
3381 * the system interface to SMS software. We might
3382 * need to visit this again depending on OEM
3383 * requirements
3384 */
3385 smi_addr = ((struct ipmi_system_interface_addr *)
3386 &(recv_msg->addr));
3387 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3388 smi_addr->channel = IPMI_BMC_CHANNEL;
3389 smi_addr->lun = msg->rsp[0] & 3;
3390
3391 recv_msg->user = user;
3392 recv_msg->user_msg_data = NULL;
3393 recv_msg->recv_type = IPMI_OEM_RECV_TYPE;
3394 recv_msg->msg.netfn = msg->rsp[0] >> 2;
3395 recv_msg->msg.cmd = msg->rsp[1];
3396 recv_msg->msg.data = recv_msg->msg_data;
3397
3398 /*
3399 * The message starts at byte 4 which follows the
3400 * the Channel Byte in the "GET MESSAGE" command
3401 */
3402 recv_msg->msg.data_len = msg->rsp_size - 4;
3403 memcpy(recv_msg->msg_data,
3404 &(msg->rsp[4]),
3405 msg->rsp_size - 4);
3406 deliver_response(recv_msg);
3407 }
3408 }
3409
3410 return rv;
3411}
3412
1da177e4
LT		 3413static void copy_event_into_recv_msg(struct ipmi_recv_msg *recv_msg,
3414 struct ipmi_smi_msg *msg)
3415{
3416 struct ipmi_system_interface_addr *smi_addr;
c70d7499 3417
1da177e4
LT		 3418 recv_msg->msgid = 0;
3419 smi_addr = (struct ipmi_system_interface_addr *) &(recv_msg->addr);
3420 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3421 smi_addr->channel = IPMI_BMC_CHANNEL;
3422 smi_addr->lun = msg->rsp[0] & 3;
3423 recv_msg->recv_type = IPMI_ASYNC_EVENT_RECV_TYPE;
3424 recv_msg->msg.netfn = msg->rsp[0] >> 2;
3425 recv_msg->msg.cmd = msg->rsp[1];
3426 memcpy(recv_msg->msg_data, &(msg->rsp[3]), msg->rsp_size - 3);
3427 recv_msg->msg.data = recv_msg->msg_data;
3428 recv_msg->msg.data_len = msg->rsp_size - 3;
3429}
3430
1da177e4
LT		 3431static int handle_read_event_rsp(ipmi_smi_t intf,
3432 struct ipmi_smi_msg *msg)
3433{
3434 struct ipmi_recv_msg *recv_msg, *recv_msg2;
3435 struct list_head msgs;
3436 ipmi_user_t user;
3437 int rv = 0;
3438 int deliver_count = 0;
3439 unsigned long flags;
3440
3441 if (msg->rsp_size < 19) {
3442 /* Message is too small to be an IPMB event. */
b2655f26 3443 ipmi_inc_stat(intf, invalid_events);
1da177e4
LT		 3444 return 0;
3445 }
3446
3447 if (msg->rsp[2] != 0) {
3448 /* An error getting the event, just ignore it. */
3449 return 0;
3450 }
3451
3452 INIT_LIST_HEAD(&msgs);
3453
393d2cc3 3454 spin_lock_irqsave(&intf->events_lock, flags);
1da177e4 3455
b2655f26 3456 ipmi_inc_stat(intf, events);
1da177e4 3457
c70d7499
CM		 3458 /*
3459 * Allocate and fill in one message for every user that is
3460 * getting events.
3461 */
393d2cc3
CM		 3462 rcu_read_lock();
3463 list_for_each_entry_rcu(user, &intf->users, link) {
8a3628d5 3464 if (!user->gets_events)
1da177e4
LT		 3465 continue;
3466
3467 recv_msg = ipmi_alloc_recv_msg();
8a3628d5 3468 if (!recv_msg) {
393d2cc3 3469 rcu_read_unlock();
8a3628d5
CM		 3470 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs,
3471 link) {
1da177e4
LT		 3472 list_del(&recv_msg->link);
3473 ipmi_free_recv_msg(recv_msg);
3474 }
c70d7499
CM		 3475 /*
3476 * We couldn't allocate memory for the
3477 * message, so requeue it for handling
3478 * later.
3479 */
1da177e4
LT		 3480 rv = 1;
3481 goto out;
3482 }
3483
3484 deliver_count++;
3485
3486 copy_event_into_recv_msg(recv_msg, msg);
3487 recv_msg->user = user;
393d2cc3 3488 kref_get(&user->refcount);
1da177e4
LT		 3489 list_add_tail(&(recv_msg->link), &msgs);
3490 }
393d2cc3 3491 rcu_read_unlock();
1da177e4
LT		 3492
3493 if (deliver_count) {
3494 /* Now deliver all the messages. */
3495 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) {
3496 list_del(&recv_msg->link);
3497 deliver_response(recv_msg);
3498 }
3499 } else if (intf->waiting_events_count < MAX_EVENTS_IN_QUEUE) {
c70d7499
CM		 3500 /*
3501 * No one to receive the message, put it in queue if there's
3502 * not already too many things in the queue.
3503 */
1da177e4 3504 recv_msg = ipmi_alloc_recv_msg();
8a3628d5 3505 if (!recv_msg) {
c70d7499
CM		 3506 /*
3507 * We couldn't allocate memory for the
3508 * message, so requeue it for handling
3509 * later.
3510 */
1da177e4
LT		 3511 rv = 1;
3512 goto out;
3513 }
3514
3515 copy_event_into_recv_msg(recv_msg, msg);
3516 list_add_tail(&(recv_msg->link), &(intf->waiting_events));
4791c03d 3517 intf->waiting_events_count++;
87ebd06f 3518 } else if (!intf->event_msg_printed) {
c70d7499
CM		 3519 /*
3520 * There's too many things in the queue, discard this
3521 * message.
3522 */
87ebd06f
CM		 3523 printk(KERN_WARNING PFX "Event queue full, discarding"
3524 " incoming events\n");
3525 intf->event_msg_printed = 1;
1da177e4
LT		 3526 }
3527
3528 out:
3529 spin_unlock_irqrestore(&(intf->events_lock), flags);
3530
3531 return rv;
3532}
3533
3534static int handle_bmc_rsp(ipmi_smi_t intf,
3535 struct ipmi_smi_msg *msg)
3536{
3537 struct ipmi_recv_msg *recv_msg;
393d2cc3 3538 struct ipmi_user *user;
1da177e4
LT		 3539
3540 recv_msg = (struct ipmi_recv_msg *) msg->user_data;
c70d7499
CM		 3541 if (recv_msg == NULL) {
3542 printk(KERN_WARNING
3543 "IPMI message received with no owner. This\n"
3544 "could be because of a malformed message, or\n"
3545 "because of a hardware error. Contact your\n"
3546 "hardware vender for assistance\n");
56a55ec6
CM		 3547 return 0;
3548 }
1da177e4 3549
393d2cc3 3550 user = recv_msg->user;
1da177e4 3551 /* Make sure the user still exists. */
393d2cc3 3552 if (user && !user->valid) {
56a55ec6 3553 /* The user for the message went away, so give up. */
b2655f26 3554 ipmi_inc_stat(intf, unhandled_local_responses);
1da177e4
LT		 3555 ipmi_free_recv_msg(recv_msg);
3556 } else {
3557 struct ipmi_system_interface_addr *smi_addr;
3558
b2655f26 3559 ipmi_inc_stat(intf, handled_local_responses);
1da177e4
LT		 3560 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
3561 recv_msg->msgid = msg->msgid;
3562 smi_addr = ((struct ipmi_system_interface_addr *)
3563 &(recv_msg->addr));
3564 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3565 smi_addr->channel = IPMI_BMC_CHANNEL;
3566 smi_addr->lun = msg->rsp[0] & 3;
3567 recv_msg->msg.netfn = msg->rsp[0] >> 2;
3568 recv_msg->msg.cmd = msg->rsp[1];
3569 memcpy(recv_msg->msg_data,
3570 &(msg->rsp[2]),
3571 msg->rsp_size - 2);
3572 recv_msg->msg.data = recv_msg->msg_data;
3573 recv_msg->msg.data_len = msg->rsp_size - 2;
3574 deliver_response(recv_msg);
3575 }
3576
3577 return 0;
3578}
3579
c70d7499 3580/*
7adf579c 3581 * Handle a received message. Return 1 if the message should be requeued,
c70d7499
CM		 3582 * 0 if the message should be freed, or -1 if the message should not
3583 * be freed or requeued.
3584 */
7adf579c 3585static int handle_one_recv_msg(ipmi_smi_t intf,
1da177e4
LT		 3586 struct ipmi_smi_msg *msg)
3587{
3588 int requeue;
3589 int chan;
3590
3591#ifdef DEBUG_MSGING
3592 int m;
3593 printk("Recv:");
e8b33617 3594 for (m = 0; m < msg->rsp_size; m++)
1da177e4
LT		 3595 printk(" %2.2x", msg->rsp[m]);
3596 printk("\n");
3597#endif
3598 if (msg->rsp_size < 2) {
3599 /* Message is too small to be correct. */
3600 printk(KERN_WARNING PFX "BMC returned to small a message"
3601 " for netfn %x cmd %x, got %d bytes\n",
3602 (msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size);
3603
3604 /* Generate an error response for the message. */
3605 msg->rsp[0] = msg->data[0] | (1 << 2);
3606 msg->rsp[1] = msg->data[1];
3607 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
3608 msg->rsp_size = 3;
c70d7499
CM		 3609 } else if (((msg->rsp[0] >> 2) != ((msg->data[0] >> 2) | 1))
3610 || (msg->rsp[1] != msg->data[1])) {
3611 /*
3612 * The NetFN and Command in the response is not even
3613 * marginally correct.
3614 */
1da177e4
LT		 3615 printk(KERN_WARNING PFX "BMC returned incorrect response,"
3616 " expected netfn %x cmd %x, got netfn %x cmd %x\n",
3617 (msg->data[0] >> 2) | 1, msg->data[1],
3618 msg->rsp[0] >> 2, msg->rsp[1]);
3619
3620 /* Generate an error response for the message. */
3621 msg->rsp[0] = msg->data[0] | (1 << 2);
3622 msg->rsp[1] = msg->data[1];
3623 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
3624 msg->rsp_size = 3;
3625 }
3626
3627 if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
3628 && (msg->rsp[1] == IPMI_SEND_MSG_CMD)
c70d7499
CM		 3629 && (msg->user_data != NULL)) {
3630 /*
3631 * It's a response to a response we sent. For this we
3632 * deliver a send message response to the user.
3633 */
393d2cc3 3634 struct ipmi_recv_msg *recv_msg = msg->user_data;
1da177e4
LT		 3635
3636 requeue = 0;
3637 if (msg->rsp_size < 2)
3638 /* Message is too small to be correct. */
3639 goto out;
3640
3641 chan = msg->data[2] & 0x0f;
3642 if (chan >= IPMI_MAX_CHANNELS)
3643 /* Invalid channel number */
3644 goto out;
3645
393d2cc3
CM		 3646 if (!recv_msg)
3647 goto out;
3648
3649 /* Make sure the user still exists. */
3650 if (!recv_msg->user || !recv_msg->user->valid)
3651 goto out;
3652
3653 recv_msg->recv_type = IPMI_RESPONSE_RESPONSE_TYPE;
3654 recv_msg->msg.data = recv_msg->msg_data;
3655 recv_msg->msg.data_len = 1;
3656 recv_msg->msg_data[0] = msg->rsp[2];
3657 deliver_response(recv_msg);
1da177e4 3658 } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
c70d7499 3659 && (msg->rsp[1] == IPMI_GET_MSG_CMD)) {
1da177e4
LT		 3660 /* It's from the receive queue. */
3661 chan = msg->rsp[3] & 0xf;
3662 if (chan >= IPMI_MAX_CHANNELS) {
3663 /* Invalid channel number */
3664 requeue = 0;
3665 goto out;
3666 }
3667
4dec302f 3668 /*
9a2845c4
CM		 3669 * We need to make sure the channels have been initialized.
3670 * The channel_handler routine will set the "curr_channel"
3671 * equal to or greater than IPMI_MAX_CHANNELS when all the
3672 * channels for this interface have been initialized.
3673 */
4dec302f 3674 if (intf->curr_channel < IPMI_MAX_CHANNELS) {
9a2845c4 3675 requeue = 0; /* Throw the message away */
4dec302f 3676 goto out;
3677 }
3678
1da177e4
LT		 3679 switch (intf->channels[chan].medium) {
3680 case IPMI_CHANNEL_MEDIUM_IPMB:
3681 if (msg->rsp[4] & 0x04) {
c70d7499
CM		 3682 /*
3683 * It's a response, so find the
3684 * requesting message and send it up.
3685 */
1da177e4
LT		 3686 requeue = handle_ipmb_get_msg_rsp(intf, msg);
3687 } else {
c70d7499
CM		 3688 /*
3689 * It's a command to the SMS from some other
3690 * entity. Handle that.
3691 */
1da177e4
LT		 3692 requeue = handle_ipmb_get_msg_cmd(intf, msg);
3693 }
3694 break;
3695
3696 case IPMI_CHANNEL_MEDIUM_8023LAN:
3697 case IPMI_CHANNEL_MEDIUM_ASYNC:
3698 if (msg->rsp[6] & 0x04) {
c70d7499
CM		 3699 /*
3700 * It's a response, so find the
3701 * requesting message and send it up.
3702 */
1da177e4
LT		 3703 requeue = handle_lan_get_msg_rsp(intf, msg);
3704 } else {
c70d7499
CM		 3705 /*
3706 * It's a command to the SMS from some other
3707 * entity. Handle that.
3708 */
1da177e4
LT		 3709 requeue = handle_lan_get_msg_cmd(intf, msg);
3710 }
3711 break;
3712
3713 default:
4dec302f 3714 /* Check for OEM Channels. Clients had better
3715 register for these commands. */
3716 if ((intf->channels[chan].medium
3717 >= IPMI_CHANNEL_MEDIUM_OEM_MIN)
3718 && (intf->channels[chan].medium
3719 <= IPMI_CHANNEL_MEDIUM_OEM_MAX)) {
3720 requeue = handle_oem_get_msg_cmd(intf, msg);
3721 } else {
3722 /*
3723 * We don't handle the channel type, so just
3724 * free the message.
3725 */
3726 requeue = 0;
3727 }
1da177e4
LT		 3728 }
3729
3730 } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
c70d7499 3731 && (msg->rsp[1] == IPMI_READ_EVENT_MSG_BUFFER_CMD)) {
b3834be5 3732 /* It's an asynchronous event. */
1da177e4
LT		 3733 requeue = handle_read_event_rsp(intf, msg);
3734 } else {
3735 /* It's a response from the local BMC. */
3736 requeue = handle_bmc_rsp(intf, msg);
3737 }
3738
3739 out:
3740 return requeue;
3741}
3742
7adf579c
CM		 3743/*
3744 * If there are messages in the queue or pretimeouts, handle them.
3745 */
3746static void handle_new_recv_msgs(ipmi_smi_t intf)
3747{
3748 struct ipmi_smi_msg *smi_msg;
3749 unsigned long flags = 0;
3750 int rv;
3751 int run_to_completion = intf->run_to_completion;
3752
3753 /* See if any waiting messages need to be processed. */
3754 if (!run_to_completion)
65be7544
CM		 3755 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags);
3756 while (!list_empty(&intf->waiting_rcv_msgs)) {
3757 smi_msg = list_entry(intf->waiting_rcv_msgs.next,
7adf579c
CM		 3758 struct ipmi_smi_msg, link);
3759 list_del(&smi_msg->link);
3760 if (!run_to_completion)
65be7544
CM		 3761 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock,
3762 flags);
7adf579c
CM		 3763 rv = handle_one_recv_msg(intf, smi_msg);
3764 if (!run_to_completion)
65be7544 3765 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags);
7adf579c
CM		 3766 if (rv == 0) {
3767 /* Message handled */
3768 ipmi_free_smi_msg(smi_msg);
3769 } else if (rv < 0) {
3770 /* Fatal error on the message, del but don't free. */
3771 } else {
3772 /*
3773 * To preserve message order, quit if we
3774 * can't handle a message.
3775 */
65be7544 3776 list_add(&smi_msg->link, &intf->waiting_rcv_msgs);
7adf579c
CM		 3777 break;
3778 }
3779 }
3780 if (!run_to_completion)
65be7544 3781 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock, flags);
7adf579c
CM		 3782
3783 /*
3784 * If the pretimout count is non-zero, decrement one from it and
3785 * deliver pretimeouts to all the users.
3786 */
3787 if (atomic_add_unless(&intf->watchdog_pretimeouts_to_deliver, -1, 0)) {
3788 ipmi_user_t user;
3789
3790 rcu_read_lock();
3791 list_for_each_entry_rcu(user, &intf->users, link) {
3792 if (user->handler->ipmi_watchdog_pretimeout)
3793 user->handler->ipmi_watchdog_pretimeout(
3794 user->handler_data);
3795 }
3796 rcu_read_unlock();
3797 }
3798}
3799
3800static void smi_recv_tasklet(unsigned long val)
3801{
3802 handle_new_recv_msgs((ipmi_smi_t) val);
3803}
3804
1da177e4
LT		 3805/* Handle a new message from the lower layer. */
3806void ipmi_smi_msg_received(ipmi_smi_t intf,
3807 struct ipmi_smi_msg *msg)
3808{
5956dce1 3809 unsigned long flags = 0; /* keep us warning-free. */
5956dce1 3810 int run_to_completion;
1da177e4
LT		 3811
3812
1da177e4
LT		 3813 if ((msg->data_size >= 2)
3814 && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2))
3815 && (msg->data[1] == IPMI_SEND_MSG_CMD)
c70d7499
CM		 3816 && (msg->user_data == NULL)) {
3817 /*
3818 * This is the local response to a command send, start
3819 * the timer for these. The user_data will not be
3820 * NULL if this is a response send, and we will let
3821 * response sends just go through.
3822 */
3823
3824 /*
3825 * Check for errors, if we get certain errors (ones
3826 * that mean basically we can try again later), we
3827 * ignore them and start the timer. Otherwise we
3828 * report the error immediately.
3829 */
1da177e4
LT		 3830 if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0)
3831 && (msg->rsp[2] != IPMI_NODE_BUSY_ERR)
46d52b09
CM		 3832 && (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR)
3833 && (msg->rsp[2] != IPMI_BUS_ERR)
c70d7499 3834 && (msg->rsp[2] != IPMI_NAK_ON_WRITE_ERR)) {
1da177e4
LT		 3835 int chan = msg->rsp[3] & 0xf;
3836
3837 /* Got an error sending the message, handle it. */
1da177e4
LT		 3838 if (chan >= IPMI_MAX_CHANNELS)
3839 ; /* This shouldn't happen */
3840 else if ((intf->channels[chan].medium
3841 == IPMI_CHANNEL_MEDIUM_8023LAN)
3842 || (intf->channels[chan].medium
3843 == IPMI_CHANNEL_MEDIUM_ASYNC))
b2655f26 3844 ipmi_inc_stat(intf, sent_lan_command_errs);
1da177e4 3845 else
b2655f26 3846 ipmi_inc_stat(intf, sent_ipmb_command_errs);
1da177e4 3847 intf_err_seq(intf, msg->msgid, msg->rsp[2]);
c70d7499 3848 } else
1da177e4
LT		 3849 /* The message was sent, start the timer. */
3850 intf_start_seq_timer(intf, msg->msgid);
1da177e4
LT		 3851
3852 ipmi_free_smi_msg(msg);
393d2cc3 3853 goto out;
1da177e4
LT		 3854 }
3855
c70d7499
CM		 3856 /*
3857 * To preserve message order, if the list is not empty, we
3858 * tack this message onto the end of the list.
3859 */
5956dce1
KB		 3860 run_to_completion = intf->run_to_completion;
3861 if (!run_to_completion)
65be7544
CM		 3862 spin_lock_irqsave(&intf->waiting_rcv_msgs_lock, flags);
3863 list_add_tail(&msg->link, &intf->waiting_rcv_msgs);
5956dce1 3864 if (!run_to_completion)
65be7544 3865 spin_unlock_irqrestore(&intf->waiting_rcv_msgs_lock, flags);
c70d7499 3866
7adf579c 3867 tasklet_schedule(&intf->recv_tasklet);
393d2cc3
CM		 3868 out:
3869 return;
1da177e4 3870}
c70d7499 3871EXPORT_SYMBOL(ipmi_smi_msg_received);
1da177e4
LT		 3872
3873void ipmi_smi_watchdog_pretimeout(ipmi_smi_t intf)
3874{
7adf579c
CM		 3875 atomic_set(&intf->watchdog_pretimeouts_to_deliver, 1);
3876 tasklet_schedule(&intf->recv_tasklet);
1da177e4 3877}
c70d7499 3878EXPORT_SYMBOL(ipmi_smi_watchdog_pretimeout);
1da177e4 3879
882fe011
CM		 3880static struct ipmi_smi_msg *
3881smi_from_recv_msg(ipmi_smi_t intf, struct ipmi_recv_msg *recv_msg,
3882 unsigned char seq, long seqid)
1da177e4 3883{
882fe011 3884 struct ipmi_smi_msg *smi_msg = ipmi_alloc_smi_msg();
1da177e4 3885 if (!smi_msg)
c70d7499
CM		 3886 /*
3887 * If we can't allocate the message, then just return, we
3888 * get 4 retries, so this should be ok.
3889 */
882fe011 3890 return NULL;
1da177e4
LT		 3891
3892 memcpy(smi_msg->data, recv_msg->msg.data, recv_msg->msg.data_len);
3893 smi_msg->data_size = recv_msg->msg.data_len;
3894 smi_msg->msgid = STORE_SEQ_IN_MSGID(seq, seqid);
c70d7499 3895
1da177e4
LT		 3896#ifdef DEBUG_MSGING
3897 {
3898 int m;
3899 printk("Resend: ");
e8b33617 3900 for (m = 0; m < smi_msg->data_size; m++)
1da177e4
LT		 3901 printk(" %2.2x", smi_msg->data[m]);
3902 printk("\n");
3903 }
3904#endif
882fe011 3905 return smi_msg;
1da177e4
LT		 3906}
3907
393d2cc3
CM		 3908static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent,
3909 struct list_head *timeouts, long timeout_period,
89986496
CM		 3910 int slot, unsigned long *flags,
3911 unsigned int *waiting_msgs)
393d2cc3 3912{
b2c03941
CM		 3913 struct ipmi_recv_msg *msg;
3914 struct ipmi_smi_handlers *handlers;
3915
3916 if (intf->intf_num == -1)
3917 return;
393d2cc3
CM		 3918
3919 if (!ent->inuse)
3920 return;
3921
3922 ent->timeout -= timeout_period;
89986496
CM		 3923 if (ent->timeout > 0) {
3924 (*waiting_msgs)++;
393d2cc3 3925 return;
89986496 3926 }
393d2cc3
CM		 3927
3928 if (ent->retries_left == 0) {
3929 /* The message has used all its retries. */
3930 ent->inuse = 0;
3931 msg = ent->recv_msg;
3932 list_add_tail(&msg->link, timeouts);
393d2cc3 3933 if (ent->broadcast)
b2655f26 3934 ipmi_inc_stat(intf, timed_out_ipmb_broadcasts);
25176ed6 3935 else if (is_lan_addr(&ent->recv_msg->addr))
b2655f26 3936 ipmi_inc_stat(intf, timed_out_lan_commands);
393d2cc3 3937 else
b2655f26 3938 ipmi_inc_stat(intf, timed_out_ipmb_commands);
393d2cc3
CM		 3939 } else {
3940 struct ipmi_smi_msg *smi_msg;
3941 /* More retries, send again. */
3942
89986496
CM		 3943 (*waiting_msgs)++;
3944
c70d7499
CM		 3945 /*
3946 * Start with the max timer, set to normal timer after
3947 * the message is sent.
3948 */
393d2cc3
CM		 3949 ent->timeout = MAX_MSG_TIMEOUT;
3950 ent->retries_left--;
393d2cc3
CM		 3951 smi_msg = smi_from_recv_msg(intf, ent->recv_msg, slot,
3952 ent->seqid);
25176ed6
CM		 3953 if (!smi_msg) {
3954 if (is_lan_addr(&ent->recv_msg->addr))
3955 ipmi_inc_stat(intf,
3956 dropped_rexmit_lan_commands);
3957 else
3958 ipmi_inc_stat(intf,
3959 dropped_rexmit_ipmb_commands);
393d2cc3 3960 return;
25176ed6 3961 }
393d2cc3
CM		 3962
3963 spin_unlock_irqrestore(&intf->seq_lock, *flags);
b2c03941 3964
c70d7499
CM		 3965 /*
3966 * Send the new message. We send with a zero
3967 * priority. It timed out, I doubt time is that
3968 * critical now, and high priority messages are really
3969 * only for messages to the local MC, which don't get
3970 * resent.
3971 */
b2c03941 3972 handlers = intf->handlers;
25176ed6
CM		 3973 if (handlers) {
3974 if (is_lan_addr(&ent->recv_msg->addr))
3975 ipmi_inc_stat(intf,
3976 retransmitted_lan_commands);
3977 else
3978 ipmi_inc_stat(intf,
3979 retransmitted_ipmb_commands);
3980
7f4a1c84 3981 smi_send(intf, intf->handlers, smi_msg, 0);
25176ed6 3982 } else
b2c03941
CM		 3983 ipmi_free_smi_msg(smi_msg);
3984
393d2cc3
CM		 3985 spin_lock_irqsave(&intf->seq_lock, *flags);
3986 }
3987}
3988
89986496 3989static unsigned int ipmi_timeout_handler(ipmi_smi_t intf, long timeout_period)
1da177e4 3990{
1da177e4
LT		 3991 struct list_head timeouts;
3992 struct ipmi_recv_msg *msg, *msg2;
1da177e4 3993 unsigned long flags;
bca0324d 3994 int i;
89986496 3995 unsigned int waiting_msgs = 0;
1da177e4 3996
89986496
CM		 3997 /*
3998 * Go through the seq table and find any messages that
3999 * have timed out, putting them in the timeouts
4000 * list.
4001 */
4002 INIT_LIST_HEAD(&timeouts);
4003 spin_lock_irqsave(&intf->seq_lock, flags);
4004 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++)
4005 check_msg_timeout(intf, &(intf->seq_table[i]),
4006 &timeouts, timeout_period, i,
4007 &flags, &waiting_msgs);
4008 spin_unlock_irqrestore(&intf->seq_lock, flags);
393d2cc3 4009
89986496
CM		 4010 list_for_each_entry_safe(msg, msg2, &timeouts, link)
4011 deliver_err_response(msg, IPMI_TIMEOUT_COMPLETION_CODE);
b9675136 4012
89986496
CM		 4013 /*
4014 * Maintenance mode handling. Check the timeout
4015 * optimistically before we claim the lock. It may
4016 * mean a timeout gets missed occasionally, but that
4017 * only means the timeout gets extended by one period
4018 * in that case. No big deal, and it avoids the lock
4019 * most of the time.
4020 */
4021 if (intf->auto_maintenance_timeout > 0) {
4022 spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
b9675136 4023 if (intf->auto_maintenance_timeout > 0) {
89986496
CM		 4024 intf->auto_maintenance_timeout
4025 -= timeout_period;
4026 if (!intf->maintenance_mode
4027 && (intf->auto_maintenance_timeout <= 0)) {
7aefac26 4028 intf->maintenance_mode_enable = false;
89986496 4029 maintenance_mode_update(intf);
b9675136 4030 }
b9675136 4031 }
89986496
CM		 4032 spin_unlock_irqrestore(&intf->maintenance_mode_lock,
4033 flags);
1da177e4 4034 }
89986496
CM		 4035
4036 tasklet_schedule(&intf->recv_tasklet);
4037
4038 return waiting_msgs;
1da177e4
LT		 4039}
4040
89986496 4041static void ipmi_request_event(ipmi_smi_t intf)
1da177e4 4042{
b2c03941 4043 struct ipmi_smi_handlers *handlers;
1da177e4 4044
89986496
CM		 4045 /* No event requests when in maintenance mode. */
4046 if (intf->maintenance_mode_enable)
4047 return;
b9675136 4048
89986496
CM		 4049 handlers = intf->handlers;
4050 if (handlers)
4051 handlers->request_events(intf->send_info);
1da177e4
LT		 4052}
4053
4054static struct timer_list ipmi_timer;
4055
8f43f84f 4056static atomic_t stop_operation;
1da177e4
LT		 4057
4058static void ipmi_timeout(unsigned long data)
4059{
89986496
CM		 4060 ipmi_smi_t intf;
4061 int nt = 0;
4062
8f43f84f 4063 if (atomic_read(&stop_operation))
1da177e4 4064 return;
1da177e4 4065
89986496
CM		 4066 rcu_read_lock();
4067 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
4068 int lnt = 0;
4069
4070 if (atomic_read(&intf->event_waiters)) {
4071 intf->ticks_to_req_ev--;
4072 if (intf->ticks_to_req_ev == 0) {
4073 ipmi_request_event(intf);
4074 intf->ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
4075 }
4076 lnt++;
4077 }
4078
4079 lnt += ipmi_timeout_handler(intf, IPMI_TIMEOUT_TIME);
1da177e4 4080
89986496
CM		 4081 lnt = !!lnt;
4082 if (lnt != intf->last_needs_timer &&
4083 intf->handlers->set_need_watch)
4084 intf->handlers->set_need_watch(intf->send_info, lnt);
4085 intf->last_needs_timer = lnt;
1da177e4 4086
89986496
CM		 4087 nt += lnt;
4088 }
4089 rcu_read_unlock();
4090
4091 if (nt)
4092 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
1da177e4
LT		 4093}
4094
89986496
CM		 4095static void need_waiter(ipmi_smi_t intf)
4096{
4097 /* Racy, but worst case we start the timer twice. */
4098 if (!timer_pending(&ipmi_timer))
4099 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
4100}
1da177e4
LT		 4101
4102static atomic_t smi_msg_inuse_count = ATOMIC_INIT(0);
4103static atomic_t recv_msg_inuse_count = ATOMIC_INIT(0);
4104
4105/* FIXME - convert these to slabs. */
4106static void free_smi_msg(struct ipmi_smi_msg *msg)
4107{
4108 atomic_dec(&smi_msg_inuse_count);
4109 kfree(msg);
4110}
4111
4112struct ipmi_smi_msg *ipmi_alloc_smi_msg(void)
4113{
4114 struct ipmi_smi_msg *rv;
4115 rv = kmalloc(sizeof(struct ipmi_smi_msg), GFP_ATOMIC);
4116 if (rv) {
4117 rv->done = free_smi_msg;
4118 rv->user_data = NULL;
4119 atomic_inc(&smi_msg_inuse_count);
4120 }
4121 return rv;
4122}
c70d7499 4123EXPORT_SYMBOL(ipmi_alloc_smi_msg);
1da177e4
LT		 4124
4125static void free_recv_msg(struct ipmi_recv_msg *msg)
4126{
4127 atomic_dec(&recv_msg_inuse_count);
4128 kfree(msg);
4129}
4130
74006309 4131static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void)
1da177e4
LT		 4132{
4133 struct ipmi_recv_msg *rv;
4134
4135 rv = kmalloc(sizeof(struct ipmi_recv_msg), GFP_ATOMIC);
4136 if (rv) {
a9eec556 4137 rv->user = NULL;
1da177e4
LT		 4138 rv->done = free_recv_msg;
4139 atomic_inc(&recv_msg_inuse_count);
4140 }
4141 return rv;
4142}
4143
393d2cc3
CM		 4144void ipmi_free_recv_msg(struct ipmi_recv_msg *msg)
4145{
4146 if (msg->user)
4147 kref_put(&msg->user->refcount, free_user);
4148 msg->done(msg);
4149}
c70d7499 4150EXPORT_SYMBOL(ipmi_free_recv_msg);
393d2cc3 4151
1da177e4
LT		 4152#ifdef CONFIG_IPMI_PANIC_EVENT
4153
895dcfd1
CM		 4154static atomic_t panic_done_count = ATOMIC_INIT(0);
4155
1da177e4
LT		 4156static void dummy_smi_done_handler(struct ipmi_smi_msg *msg)
4157{
895dcfd1 4158 atomic_dec(&panic_done_count);
1da177e4
LT		 4159}
4160
4161static void dummy_recv_done_handler(struct ipmi_recv_msg *msg)
4162{
895dcfd1
CM		 4163 atomic_dec(&panic_done_count);
4164}
4165
4166/*
4167 * Inside a panic, send a message and wait for a response.
4168 */
4169static void ipmi_panic_request_and_wait(ipmi_smi_t intf,
4170 struct ipmi_addr *addr,
4171 struct kernel_ipmi_msg *msg)
4172{
4173 struct ipmi_smi_msg smi_msg;
4174 struct ipmi_recv_msg recv_msg;
4175 int rv;
4176
4177 smi_msg.done = dummy_smi_done_handler;
4178 recv_msg.done = dummy_recv_done_handler;
4179 atomic_add(2, &panic_done_count);
4180 rv = i_ipmi_request(NULL,
4181 intf,
4182 addr,
4183 0,
4184 msg,
4185 intf,
4186 &smi_msg,
4187 &recv_msg,
4188 0,
4189 intf->channels[0].address,
4190 intf->channels[0].lun,
4191 0, 1); /* Don't retry, and don't wait. */
4192 if (rv)
4193 atomic_sub(2, &panic_done_count);
4194 while (atomic_read(&panic_done_count) != 0)
4195 ipmi_poll(intf);
1da177e4
LT		 4196}
4197
4198#ifdef CONFIG_IPMI_PANIC_STRING
56a55ec6 4199static void event_receiver_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
1da177e4 4200{
56a55ec6
CM		 4201 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
4202 && (msg->msg.netfn == IPMI_NETFN_SENSOR_EVENT_RESPONSE)
4203 && (msg->msg.cmd == IPMI_GET_EVENT_RECEIVER_CMD)
c70d7499 4204 && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) {
1da177e4 4205 /* A get event receiver command, save it. */
56a55ec6
CM		 4206 intf->event_receiver = msg->msg.data[1];
4207 intf->event_receiver_lun = msg->msg.data[2] & 0x3;
1da177e4
LT		 4208 }
4209}
4210
56a55ec6 4211static void device_id_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
1da177e4 4212{
56a55ec6
CM		 4213 if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
4214 && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
4215 && (msg->msg.cmd == IPMI_GET_DEVICE_ID_CMD)
c70d7499
CM		 4216 && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) {
4217 /*
4218 * A get device id command, save if we are an event
4219 * receiver or generator.
4220 */
56a55ec6
CM		 4221 intf->local_sel_device = (msg->msg.data[6] >> 2) & 1;
4222 intf->local_event_generator = (msg->msg.data[6] >> 5) & 1;
1da177e4
LT		 4223 }
4224}
4225#endif
4226
4227static void send_panic_events(char *str)
4228{
4229 struct kernel_ipmi_msg msg;
4230 ipmi_smi_t intf;
4231 unsigned char data[16];
1da177e4
LT		 4232 struct ipmi_system_interface_addr *si;
4233 struct ipmi_addr addr;
1da177e4
LT		 4234
4235 si = (struct ipmi_system_interface_addr *) &addr;
4236 si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
4237 si->channel = IPMI_BMC_CHANNEL;
4238 si->lun = 0;
4239
4240 /* Fill in an event telling that we have failed. */
4241 msg.netfn = 0x04; /* Sensor or Event. */
4242 msg.cmd = 2; /* Platform event command. */
4243 msg.data = data;
4244 msg.data_len = 8;
cda315ab 4245 data[0] = 0x41; /* Kernel generator ID, IPMI table 5-4 */
1da177e4
LT		 4246 data[1] = 0x03; /* This is for IPMI 1.0. */
4247 data[2] = 0x20; /* OS Critical Stop, IPMI table 36-3 */
4248 data[4] = 0x6f; /* Sensor specific, IPMI table 36-1 */
4249 data[5] = 0xa1; /* Runtime stop OEM bytes 2 & 3. */
4250
c70d7499
CM		 4251 /*
4252 * Put a few breadcrumbs in. Hopefully later we can add more things
4253 * to make the panic events more useful.
4254 */
1da177e4
LT		 4255 if (str) {
4256 data[3] = str[0];
4257 data[6] = str[1];
4258 data[7] = str[2];
4259 }
4260
1da177e4 4261 /* For every registered interface, send the event. */
bca0324d 4262 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
b2c03941
CM		 4263 if (!intf->handlers)
4264 /* Interface is not ready. */
1da177e4
LT		 4265 continue;
4266
5956dce1 4267 intf->run_to_completion = 1;
1da177e4
LT		 4268 /* Send the event announcing the panic. */
4269 intf->handlers->set_run_to_completion(intf->send_info, 1);
895dcfd1 4270 ipmi_panic_request_and_wait(intf, &addr, &msg);
1da177e4
LT		 4271 }
4272
4273#ifdef CONFIG_IPMI_PANIC_STRING
c70d7499
CM		 4274 /*
4275 * On every interface, dump a bunch of OEM event holding the
4276 * string.
4277 */
4278 if (!str)
1da177e4
LT		 4279 return;
4280
bca0324d
CM		 4281 /* For every registered interface, send the event. */
4282 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
1da177e4
LT		 4283 char *p = str;
4284 struct ipmi_ipmb_addr *ipmb;
4285 int j;
4286
bca0324d
CM		 4287 if (intf->intf_num == -1)
4288 /* Interface was not ready yet. */
1da177e4
LT		 4289 continue;
4290
78ba2faf
CM		 4291 /*
4292 * intf_num is used as an marker to tell if the
4293 * interface is valid. Thus we need a read barrier to
4294 * make sure data fetched before checking intf_num
4295 * won't be used.
4296 */
4297 smp_rmb();
4298
c70d7499
CM		 4299 /*
4300 * First job here is to figure out where to send the
4301 * OEM events. There's no way in IPMI to send OEM
4302 * events using an event send command, so we have to
4303 * find the SEL to put them in and stick them in
4304 * there.
4305 */
1da177e4
LT		 4306
4307 /* Get capabilities from the get device id. */
4308 intf->local_sel_device = 0;
4309 intf->local_event_generator = 0;
4310 intf->event_receiver = 0;
4311
4312 /* Request the device info from the local MC. */
4313 msg.netfn = IPMI_NETFN_APP_REQUEST;
4314 msg.cmd = IPMI_GET_DEVICE_ID_CMD;
4315 msg.data = NULL;
4316 msg.data_len = 0;
4317 intf->null_user_handler = device_id_fetcher;
895dcfd1 4318 ipmi_panic_request_and_wait(intf, &addr, &msg);
1da177e4
LT		 4319
4320 if (intf->local_event_generator) {
4321 /* Request the event receiver from the local MC. */
4322 msg.netfn = IPMI_NETFN_SENSOR_EVENT_REQUEST;
4323 msg.cmd = IPMI_GET_EVENT_RECEIVER_CMD;
4324 msg.data = NULL;
4325 msg.data_len = 0;
4326 intf->null_user_handler = event_receiver_fetcher;
895dcfd1 4327 ipmi_panic_request_and_wait(intf, &addr, &msg);
1da177e4
LT		 4328 }
4329 intf->null_user_handler = NULL;
4330
c70d7499
CM		 4331 /*
4332 * Validate the event receiver. The low bit must not
4333 * be 1 (it must be a valid IPMB address), it cannot
4334 * be zero, and it must not be my address.
4335 */
4336 if (((intf->event_receiver & 1) == 0)
1da177e4 4337 && (intf->event_receiver != 0)
c70d7499
CM		 4338 && (intf->event_receiver != intf->channels[0].address)) {
4339 /*
4340 * The event receiver is valid, send an IPMB
4341 * message.
4342 */
1da177e4
LT		 4343 ipmb = (struct ipmi_ipmb_addr *) &addr;
4344 ipmb->addr_type = IPMI_IPMB_ADDR_TYPE;
4345 ipmb->channel = 0; /* FIXME - is this right? */
4346 ipmb->lun = intf->event_receiver_lun;
4347 ipmb->slave_addr = intf->event_receiver;
4348 } else if (intf->local_sel_device) {
c70d7499
CM		 4349 /*
4350 * The event receiver was not valid (or was
4351 * me), but I am an SEL device, just dump it
4352 * in my SEL.
4353 */
1da177e4
LT		 4354 si = (struct ipmi_system_interface_addr *) &addr;
4355 si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
4356 si->channel = IPMI_BMC_CHANNEL;
4357 si->lun = 0;
4358 } else
4359 continue; /* No where to send the event. */
4360
1da177e4
LT		 4361 msg.netfn = IPMI_NETFN_STORAGE_REQUEST; /* Storage. */
4362 msg.cmd = IPMI_ADD_SEL_ENTRY_CMD;
4363 msg.data = data;
4364 msg.data_len = 16;
4365
4366 j = 0;
4367 while (*p) {
4368 int size = strlen(p);
4369
4370 if (size > 11)
4371 size = 11;
4372 data[0] = 0;
4373 data[1] = 0;
4374 data[2] = 0xf0; /* OEM event without timestamp. */
c14979b9 4375 data[3] = intf->channels[0].address;
1da177e4 4376 data[4] = j++; /* sequence # */
c70d7499
CM		 4377 /*
4378 * Always give 11 bytes, so strncpy will fill
4379 * it with zeroes for me.
4380 */
1da177e4
LT		 4381 strncpy(data+5, p, 11);
4382 p += size;
4383
895dcfd1 4384 ipmi_panic_request_and_wait(intf, &addr, &msg);
1da177e4 4385 }
c70d7499 4386 }
1da177e4
LT		 4387#endif /* CONFIG_IPMI_PANIC_STRING */
4388}
4389#endif /* CONFIG_IPMI_PANIC_EVENT */
4390
0c8204b3 4391static int has_panicked;
1da177e4
LT		 4392
4393static int panic_event(struct notifier_block *this,
4394 unsigned long event,
c70d7499 4395 void *ptr)
1da177e4 4396{
1da177e4
LT		 4397 ipmi_smi_t intf;
4398
f18190bd 4399 if (has_panicked)
1da177e4 4400 return NOTIFY_DONE;
f18190bd 4401 has_panicked = 1;
1da177e4
LT		 4402
4403 /* For every registered interface, set it to run to completion. */
bca0324d 4404 list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
b2c03941
CM		 4405 if (!intf->handlers)
4406 /* Interface is not ready. */
1da177e4
LT		 4407 continue;
4408
5956dce1 4409 intf->run_to_completion = 1;
1da177e4
LT		 4410 intf->handlers->set_run_to_completion(intf->send_info, 1);
4411 }
4412
4413#ifdef CONFIG_IPMI_PANIC_EVENT
4414 send_panic_events(ptr);
4415#endif
4416
4417 return NOTIFY_DONE;
4418}
4419
4420static struct notifier_block panic_block = {
4421 .notifier_call = panic_event,
4422 .next = NULL,
4423 .priority = 200 /* priority: INT_MAX >= x >= 0 */
4424};
4425
4426static int ipmi_init_msghandler(void)
4427{
50c812b2 4428 int rv;
1da177e4
LT		 4429
4430 if (initialized)
4431 return 0;
4432
fe2d5ffc 4433 rv = driver_register(&ipmidriver.driver);
50c812b2
CM		 4434 if (rv) {
4435 printk(KERN_ERR PFX "Could not register IPMI driver\n");
4436 return rv;
4437 }
4438
1da177e4 4439 printk(KERN_INFO "ipmi message handler version "
1fdd75bd 4440 IPMI_DRIVER_VERSION "\n");
1da177e4 4441
3b625943 4442#ifdef CONFIG_PROC_FS
1da177e4
LT		 4443 proc_ipmi_root = proc_mkdir("ipmi", NULL);
4444 if (!proc_ipmi_root) {
4445 printk(KERN_ERR PFX "Unable to create IPMI proc dir");
80fad5b9 4446 driver_unregister(&ipmidriver.driver);
1da177e4
LT		 4447 return -ENOMEM;
4448 }
4449
3b625943 4450#endif /* CONFIG_PROC_FS */
1da177e4 4451
409035e0
CM		 4452 setup_timer(&ipmi_timer, ipmi_timeout, 0);
4453 mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
1da177e4 4454
e041c683 4455 atomic_notifier_chain_register(&panic_notifier_list, &panic_block);
1da177e4
LT		 4456
4457 initialized = 1;
4458
4459 return 0;
4460}
4461
60ee6d5f 4462static int __init ipmi_init_msghandler_mod(void)
1da177e4
LT		 4463{
4464 ipmi_init_msghandler();
4465 return 0;
4466}
4467
60ee6d5f 4468static void __exit cleanup_ipmi(void)
1da177e4
LT		 4469{
4470 int count;
4471
4472 if (!initialized)
4473 return;
4474
e041c683 4475 atomic_notifier_chain_unregister(&panic_notifier_list, &panic_block);
1da177e4 4476
c70d7499
CM		 4477 /*
4478 * This can't be called if any interfaces exist, so no worry
4479 * about shutting down the interfaces.
4480 */
1da177e4 4481
c70d7499
CM		 4482 /*
4483 * Tell the timer to stop, then wait for it to stop. This
4484 * avoids problems with race conditions removing the timer
4485 * here.
4486 */
8f43f84f
CM		 4487 atomic_inc(&stop_operation);
4488 del_timer_sync(&ipmi_timer);
1da177e4 4489
3b625943 4490#ifdef CONFIG_PROC_FS
a8ca16ea 4491 proc_remove(proc_ipmi_root);
3b625943 4492#endif /* CONFIG_PROC_FS */
1da177e4 4493
fe2d5ffc 4494 driver_unregister(&ipmidriver.driver);
50c812b2 4495
1da177e4
LT		 4496 initialized = 0;
4497
4498 /* Check for buffer leaks. */
4499 count = atomic_read(&smi_msg_inuse_count);
4500 if (count != 0)
4501 printk(KERN_WARNING PFX "SMI message count %d at exit\n",
4502 count);
4503 count = atomic_read(&recv_msg_inuse_count);
4504 if (count != 0)
4505 printk(KERN_WARNING PFX "recv message count %d at exit\n",
4506 count);
4507}
4508module_exit(cleanup_ipmi);
4509
4510module_init(ipmi_init_msghandler_mod);
4511MODULE_LICENSE("GPL");
1fdd75bd 4512MODULE_AUTHOR("Corey Minyard <minyard@mvista.com>");
c70d7499
CM		 4513MODULE_DESCRIPTION("Incoming and outgoing message routing for an IPMI"
4514 " interface.");
1fdd75bd 4515MODULE_VERSION(IPMI_DRIVER_VERSION);
Linux kernel - Deliverables
This page took 1.185793 seconds and 5 git commands to generate.