Path: blob/master/drivers/char/ipmi/ipmi_msghandler.c
15112 views
/*1* ipmi_msghandler.c2*3* Incoming and outgoing message routing for an IPMI interface.4*5* Author: MontaVista Software, Inc.6* Corey Minyard <[email protected]>7* [email protected]8*9* Copyright 2002 MontaVista Software Inc.10*11* This program is free software; you can redistribute it and/or modify it12* under the terms of the GNU General Public License as published by the13* Free Software Foundation; either version 2 of the License, or (at your14* option) any later version.15*16*17* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED18* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF19* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.20* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,21* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,22* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS23* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND24* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR25* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE26* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.27*28* You should have received a copy of the GNU General Public License along29* with this program; if not, write to the Free Software Foundation, Inc.,30* 675 Mass Ave, Cambridge, MA 02139, USA.31*/3233#include <linux/module.h>34#include <linux/errno.h>35#include <asm/system.h>36#include <linux/poll.h>37#include <linux/sched.h>38#include <linux/seq_file.h>39#include <linux/spinlock.h>40#include <linux/mutex.h>41#include <linux/slab.h>42#include <linux/ipmi.h>43#include <linux/ipmi_smi.h>44#include <linux/notifier.h>45#include <linux/init.h>46#include <linux/proc_fs.h>47#include <linux/rcupdate.h>4849#define PFX "IPMI message handler: "5051#define IPMI_DRIVER_VERSION "39.2"5253static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void);54static int ipmi_init_msghandler(void);5556static int initialized;5758#ifdef CONFIG_PROC_FS59static struct proc_dir_entry *proc_ipmi_root;60#endif /* CONFIG_PROC_FS */6162/* Remain in auto-maintenance mode for this amount of time (in ms). */63#define IPMI_MAINTENANCE_MODE_TIMEOUT 300006465#define MAX_EVENTS_IN_QUEUE 256667/*68* Don't let a message sit in a queue forever, always time it with at lest69* the max message timer. This is in milliseconds.70*/71#define MAX_MSG_TIMEOUT 600007273/*74* The main "user" data structure.75*/76struct ipmi_user {77struct list_head link;7879/* Set to "0" when the user is destroyed. */80int valid;8182struct kref refcount;8384/* The upper layer that handles receive messages. */85struct ipmi_user_hndl *handler;86void *handler_data;8788/* The interface this user is bound to. */89ipmi_smi_t intf;9091/* Does this interface receive IPMI events? */92int gets_events;93};9495struct cmd_rcvr {96struct list_head link;9798ipmi_user_t user;99unsigned char netfn;100unsigned char cmd;101unsigned int chans;102103/*104* This is used to form a linked lised during mass deletion.105* Since this is in an RCU list, we cannot use the link above106* or change any data until the RCU period completes. So we107* use this next variable during mass deletion so we can have108* a list and don't have to wait and restart the search on109* every individual deletion of a command.110*/111struct cmd_rcvr *next;112};113114struct seq_table {115unsigned int inuse : 1;116unsigned int broadcast : 1;117118unsigned long timeout;119unsigned long orig_timeout;120unsigned int retries_left;121122/*123* To verify on an incoming send message response that this is124* the message that the response is for, we keep a sequence id125* and increment it every time we send a message.126*/127long seqid;128129/*130* This is held so we can properly respond to the message on a131* timeout, and it is used to hold the temporary data for132* retransmission, too.133*/134struct ipmi_recv_msg *recv_msg;135};136137/*138* Store the information in a msgid (long) to allow us to find a139* sequence table entry from the msgid.140*/141#define STORE_SEQ_IN_MSGID(seq, seqid) (((seq&0xff)<<26) | (seqid&0x3ffffff))142143#define GET_SEQ_FROM_MSGID(msgid, seq, seqid) \144do { \145seq = ((msgid >> 26) & 0x3f); \146seqid = (msgid & 0x3fffff); \147} while (0)148149#define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3fffff)150151struct ipmi_channel {152unsigned char medium;153unsigned char protocol;154155/*156* My slave address. This is initialized to IPMI_BMC_SLAVE_ADDR,157* but may be changed by the user.158*/159unsigned char address;160161/*162* My LUN. This should generally stay the SMS LUN, but just in163* case...164*/165unsigned char lun;166};167168#ifdef CONFIG_PROC_FS169struct ipmi_proc_entry {170char *name;171struct ipmi_proc_entry *next;172};173#endif174175struct bmc_device {176struct platform_device *dev;177struct ipmi_device_id id;178unsigned char guid[16];179int guid_set;180181struct kref refcount;182183/* bmc device attributes */184struct device_attribute device_id_attr;185struct device_attribute provides_dev_sdrs_attr;186struct device_attribute revision_attr;187struct device_attribute firmware_rev_attr;188struct device_attribute version_attr;189struct device_attribute add_dev_support_attr;190struct device_attribute manufacturer_id_attr;191struct device_attribute product_id_attr;192struct device_attribute guid_attr;193struct device_attribute aux_firmware_rev_attr;194};195196/*197* Various statistics for IPMI, these index stats[] in the ipmi_smi198* structure.199*/200enum ipmi_stat_indexes {201/* Commands we got from the user that were invalid. */202IPMI_STAT_sent_invalid_commands = 0,203204/* Commands we sent to the MC. */205IPMI_STAT_sent_local_commands,206207/* Responses from the MC that were delivered to a user. */208IPMI_STAT_handled_local_responses,209210/* Responses from the MC that were not delivered to a user. */211IPMI_STAT_unhandled_local_responses,212213/* Commands we sent out to the IPMB bus. */214IPMI_STAT_sent_ipmb_commands,215216/* Commands sent on the IPMB that had errors on the SEND CMD */217IPMI_STAT_sent_ipmb_command_errs,218219/* Each retransmit increments this count. */220IPMI_STAT_retransmitted_ipmb_commands,221222/*223* When a message times out (runs out of retransmits) this is224* incremented.225*/226IPMI_STAT_timed_out_ipmb_commands,227228/*229* This is like above, but for broadcasts. Broadcasts are230* *not* included in the above count (they are expected to231* time out).232*/233IPMI_STAT_timed_out_ipmb_broadcasts,234235/* Responses I have sent to the IPMB bus. */236IPMI_STAT_sent_ipmb_responses,237238/* The response was delivered to the user. */239IPMI_STAT_handled_ipmb_responses,240241/* The response had invalid data in it. */242IPMI_STAT_invalid_ipmb_responses,243244/* The response didn't have anyone waiting for it. */245IPMI_STAT_unhandled_ipmb_responses,246247/* Commands we sent out to the IPMB bus. */248IPMI_STAT_sent_lan_commands,249250/* Commands sent on the IPMB that had errors on the SEND CMD */251IPMI_STAT_sent_lan_command_errs,252253/* Each retransmit increments this count. */254IPMI_STAT_retransmitted_lan_commands,255256/*257* When a message times out (runs out of retransmits) this is258* incremented.259*/260IPMI_STAT_timed_out_lan_commands,261262/* Responses I have sent to the IPMB bus. */263IPMI_STAT_sent_lan_responses,264265/* The response was delivered to the user. */266IPMI_STAT_handled_lan_responses,267268/* The response had invalid data in it. */269IPMI_STAT_invalid_lan_responses,270271/* The response didn't have anyone waiting for it. */272IPMI_STAT_unhandled_lan_responses,273274/* The command was delivered to the user. */275IPMI_STAT_handled_commands,276277/* The command had invalid data in it. */278IPMI_STAT_invalid_commands,279280/* The command didn't have anyone waiting for it. */281IPMI_STAT_unhandled_commands,282283/* Invalid data in an event. */284IPMI_STAT_invalid_events,285286/* Events that were received with the proper format. */287IPMI_STAT_events,288289/* Retransmissions on IPMB that failed. */290IPMI_STAT_dropped_rexmit_ipmb_commands,291292/* Retransmissions on LAN that failed. */293IPMI_STAT_dropped_rexmit_lan_commands,294295/* This *must* remain last, add new values above this. */296IPMI_NUM_STATS297};298299300#define IPMI_IPMB_NUM_SEQ 64301#define IPMI_MAX_CHANNELS 16302struct ipmi_smi {303/* What interface number are we? */304int intf_num;305306struct kref refcount;307308/* Used for a list of interfaces. */309struct list_head link;310311/*312* The list of upper layers that are using me. seq_lock313* protects this.314*/315struct list_head users;316317/* Information to supply to users. */318unsigned char ipmi_version_major;319unsigned char ipmi_version_minor;320321/* Used for wake ups at startup. */322wait_queue_head_t waitq;323324struct bmc_device *bmc;325char *my_dev_name;326char *sysfs_name;327328/*329* This is the lower-layer's sender routine. Note that you330* must either be holding the ipmi_interfaces_mutex or be in331* an umpreemptible region to use this. You must fetch the332* value into a local variable and make sure it is not NULL.333*/334struct ipmi_smi_handlers *handlers;335void *send_info;336337#ifdef CONFIG_PROC_FS338/* A list of proc entries for this interface. */339struct mutex proc_entry_lock;340struct ipmi_proc_entry *proc_entries;341#endif342343/* Driver-model device for the system interface. */344struct device *si_dev;345346/*347* A table of sequence numbers for this interface. We use the348* sequence numbers for IPMB messages that go out of the349* interface to match them up with their responses. A routine350* is called periodically to time the items in this list.351*/352spinlock_t seq_lock;353struct seq_table seq_table[IPMI_IPMB_NUM_SEQ];354int curr_seq;355356/*357* Messages that were delayed for some reason (out of memory,358* for instance), will go in here to be processed later in a359* periodic timer interrupt.360*/361spinlock_t waiting_msgs_lock;362struct list_head waiting_msgs;363364/*365* The list of command receivers that are registered for commands366* on this interface.367*/368struct mutex cmd_rcvrs_mutex;369struct list_head cmd_rcvrs;370371/*372* Events that were queues because no one was there to receive373* them.374*/375spinlock_t events_lock; /* For dealing with event stuff. */376struct list_head waiting_events;377unsigned int waiting_events_count; /* How many events in queue? */378char delivering_events;379char event_msg_printed;380381/*382* The event receiver for my BMC, only really used at panic383* shutdown as a place to store this.384*/385unsigned char event_receiver;386unsigned char event_receiver_lun;387unsigned char local_sel_device;388unsigned char local_event_generator;389390/* For handling of maintenance mode. */391int maintenance_mode;392int maintenance_mode_enable;393int auto_maintenance_timeout;394spinlock_t maintenance_mode_lock; /* Used in a timer... */395396/*397* A cheap hack, if this is non-null and a message to an398* interface comes in with a NULL user, call this routine with399* it. Note that the message will still be freed by the400* caller. This only works on the system interface.401*/402void (*null_user_handler)(ipmi_smi_t intf, struct ipmi_recv_msg *msg);403404/*405* When we are scanning the channels for an SMI, this will406* tell which channel we are scanning.407*/408int curr_channel;409410/* Channel information */411struct ipmi_channel channels[IPMI_MAX_CHANNELS];412413/* Proc FS stuff. */414struct proc_dir_entry *proc_dir;415char proc_dir_name[10];416417atomic_t stats[IPMI_NUM_STATS];418419/*420* run_to_completion duplicate of smb_info, smi_info421* and ipmi_serial_info structures. Used to decrease numbers of422* parameters passed by "low" level IPMI code.423*/424int run_to_completion;425};426#define to_si_intf_from_dev(device) container_of(device, struct ipmi_smi, dev)427428/**429* The driver model view of the IPMI messaging driver.430*/431static struct platform_driver ipmidriver = {432.driver = {433.name = "ipmi",434.bus = &platform_bus_type435}436};437static DEFINE_MUTEX(ipmidriver_mutex);438439static LIST_HEAD(ipmi_interfaces);440static DEFINE_MUTEX(ipmi_interfaces_mutex);441442/*443* List of watchers that want to know when smi's are added and deleted.444*/445static LIST_HEAD(smi_watchers);446static DEFINE_MUTEX(smi_watchers_mutex);447448449#define ipmi_inc_stat(intf, stat) \450atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat])451#define ipmi_get_stat(intf, stat) \452((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat]))453454static int is_lan_addr(struct ipmi_addr *addr)455{456return addr->addr_type == IPMI_LAN_ADDR_TYPE;457}458459static int is_ipmb_addr(struct ipmi_addr *addr)460{461return addr->addr_type == IPMI_IPMB_ADDR_TYPE;462}463464static int is_ipmb_bcast_addr(struct ipmi_addr *addr)465{466return addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE;467}468469static void free_recv_msg_list(struct list_head *q)470{471struct ipmi_recv_msg *msg, *msg2;472473list_for_each_entry_safe(msg, msg2, q, link) {474list_del(&msg->link);475ipmi_free_recv_msg(msg);476}477}478479static void free_smi_msg_list(struct list_head *q)480{481struct ipmi_smi_msg *msg, *msg2;482483list_for_each_entry_safe(msg, msg2, q, link) {484list_del(&msg->link);485ipmi_free_smi_msg(msg);486}487}488489static void clean_up_interface_data(ipmi_smi_t intf)490{491int i;492struct cmd_rcvr *rcvr, *rcvr2;493struct list_head list;494495free_smi_msg_list(&intf->waiting_msgs);496free_recv_msg_list(&intf->waiting_events);497498/*499* Wholesale remove all the entries from the list in the500* interface and wait for RCU to know that none are in use.501*/502mutex_lock(&intf->cmd_rcvrs_mutex);503INIT_LIST_HEAD(&list);504list_splice_init_rcu(&intf->cmd_rcvrs, &list, synchronize_rcu);505mutex_unlock(&intf->cmd_rcvrs_mutex);506507list_for_each_entry_safe(rcvr, rcvr2, &list, link)508kfree(rcvr);509510for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {511if ((intf->seq_table[i].inuse)512&& (intf->seq_table[i].recv_msg))513ipmi_free_recv_msg(intf->seq_table[i].recv_msg);514}515}516517static void intf_free(struct kref *ref)518{519ipmi_smi_t intf = container_of(ref, struct ipmi_smi, refcount);520521clean_up_interface_data(intf);522kfree(intf);523}524525struct watcher_entry {526int intf_num;527ipmi_smi_t intf;528struct list_head link;529};530531int ipmi_smi_watcher_register(struct ipmi_smi_watcher *watcher)532{533ipmi_smi_t intf;534LIST_HEAD(to_deliver);535struct watcher_entry *e, *e2;536537mutex_lock(&smi_watchers_mutex);538539mutex_lock(&ipmi_interfaces_mutex);540541/* Build a list of things to deliver. */542list_for_each_entry(intf, &ipmi_interfaces, link) {543if (intf->intf_num == -1)544continue;545e = kmalloc(sizeof(*e), GFP_KERNEL);546if (!e)547goto out_err;548kref_get(&intf->refcount);549e->intf = intf;550e->intf_num = intf->intf_num;551list_add_tail(&e->link, &to_deliver);552}553554/* We will succeed, so add it to the list. */555list_add(&watcher->link, &smi_watchers);556557mutex_unlock(&ipmi_interfaces_mutex);558559list_for_each_entry_safe(e, e2, &to_deliver, link) {560list_del(&e->link);561watcher->new_smi(e->intf_num, e->intf->si_dev);562kref_put(&e->intf->refcount, intf_free);563kfree(e);564}565566mutex_unlock(&smi_watchers_mutex);567568return 0;569570out_err:571mutex_unlock(&ipmi_interfaces_mutex);572mutex_unlock(&smi_watchers_mutex);573list_for_each_entry_safe(e, e2, &to_deliver, link) {574list_del(&e->link);575kref_put(&e->intf->refcount, intf_free);576kfree(e);577}578return -ENOMEM;579}580EXPORT_SYMBOL(ipmi_smi_watcher_register);581582int ipmi_smi_watcher_unregister(struct ipmi_smi_watcher *watcher)583{584mutex_lock(&smi_watchers_mutex);585list_del(&(watcher->link));586mutex_unlock(&smi_watchers_mutex);587return 0;588}589EXPORT_SYMBOL(ipmi_smi_watcher_unregister);590591/*592* Must be called with smi_watchers_mutex held.593*/594static void595call_smi_watchers(int i, struct device *dev)596{597struct ipmi_smi_watcher *w;598599list_for_each_entry(w, &smi_watchers, link) {600if (try_module_get(w->owner)) {601w->new_smi(i, dev);602module_put(w->owner);603}604}605}606607static int608ipmi_addr_equal(struct ipmi_addr *addr1, struct ipmi_addr *addr2)609{610if (addr1->addr_type != addr2->addr_type)611return 0;612613if (addr1->channel != addr2->channel)614return 0;615616if (addr1->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {617struct ipmi_system_interface_addr *smi_addr1618= (struct ipmi_system_interface_addr *) addr1;619struct ipmi_system_interface_addr *smi_addr2620= (struct ipmi_system_interface_addr *) addr2;621return (smi_addr1->lun == smi_addr2->lun);622}623624if (is_ipmb_addr(addr1) || is_ipmb_bcast_addr(addr1)) {625struct ipmi_ipmb_addr *ipmb_addr1626= (struct ipmi_ipmb_addr *) addr1;627struct ipmi_ipmb_addr *ipmb_addr2628= (struct ipmi_ipmb_addr *) addr2;629630return ((ipmb_addr1->slave_addr == ipmb_addr2->slave_addr)631&& (ipmb_addr1->lun == ipmb_addr2->lun));632}633634if (is_lan_addr(addr1)) {635struct ipmi_lan_addr *lan_addr1636= (struct ipmi_lan_addr *) addr1;637struct ipmi_lan_addr *lan_addr2638= (struct ipmi_lan_addr *) addr2;639640return ((lan_addr1->remote_SWID == lan_addr2->remote_SWID)641&& (lan_addr1->local_SWID == lan_addr2->local_SWID)642&& (lan_addr1->session_handle643== lan_addr2->session_handle)644&& (lan_addr1->lun == lan_addr2->lun));645}646647return 1;648}649650int ipmi_validate_addr(struct ipmi_addr *addr, int len)651{652if (len < sizeof(struct ipmi_system_interface_addr))653return -EINVAL;654655if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {656if (addr->channel != IPMI_BMC_CHANNEL)657return -EINVAL;658return 0;659}660661if ((addr->channel == IPMI_BMC_CHANNEL)662|| (addr->channel >= IPMI_MAX_CHANNELS)663|| (addr->channel < 0))664return -EINVAL;665666if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) {667if (len < sizeof(struct ipmi_ipmb_addr))668return -EINVAL;669return 0;670}671672if (is_lan_addr(addr)) {673if (len < sizeof(struct ipmi_lan_addr))674return -EINVAL;675return 0;676}677678return -EINVAL;679}680EXPORT_SYMBOL(ipmi_validate_addr);681682unsigned int ipmi_addr_length(int addr_type)683{684if (addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)685return sizeof(struct ipmi_system_interface_addr);686687if ((addr_type == IPMI_IPMB_ADDR_TYPE)688|| (addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))689return sizeof(struct ipmi_ipmb_addr);690691if (addr_type == IPMI_LAN_ADDR_TYPE)692return sizeof(struct ipmi_lan_addr);693694return 0;695}696EXPORT_SYMBOL(ipmi_addr_length);697698static void deliver_response(struct ipmi_recv_msg *msg)699{700if (!msg->user) {701ipmi_smi_t intf = msg->user_msg_data;702703/* Special handling for NULL users. */704if (intf->null_user_handler) {705intf->null_user_handler(intf, msg);706ipmi_inc_stat(intf, handled_local_responses);707} else {708/* No handler, so give up. */709ipmi_inc_stat(intf, unhandled_local_responses);710}711ipmi_free_recv_msg(msg);712} else {713ipmi_user_t user = msg->user;714user->handler->ipmi_recv_hndl(msg, user->handler_data);715}716}717718static void719deliver_err_response(struct ipmi_recv_msg *msg, int err)720{721msg->recv_type = IPMI_RESPONSE_RECV_TYPE;722msg->msg_data[0] = err;723msg->msg.netfn |= 1; /* Convert to a response. */724msg->msg.data_len = 1;725msg->msg.data = msg->msg_data;726deliver_response(msg);727}728729/*730* Find the next sequence number not being used and add the given731* message with the given timeout to the sequence table. This must be732* called with the interface's seq_lock held.733*/734static int intf_next_seq(ipmi_smi_t intf,735struct ipmi_recv_msg *recv_msg,736unsigned long timeout,737int retries,738int broadcast,739unsigned char *seq,740long *seqid)741{742int rv = 0;743unsigned int i;744745for (i = intf->curr_seq; (i+1)%IPMI_IPMB_NUM_SEQ != intf->curr_seq;746i = (i+1)%IPMI_IPMB_NUM_SEQ) {747if (!intf->seq_table[i].inuse)748break;749}750751if (!intf->seq_table[i].inuse) {752intf->seq_table[i].recv_msg = recv_msg;753754/*755* Start with the maximum timeout, when the send response756* comes in we will start the real timer.757*/758intf->seq_table[i].timeout = MAX_MSG_TIMEOUT;759intf->seq_table[i].orig_timeout = timeout;760intf->seq_table[i].retries_left = retries;761intf->seq_table[i].broadcast = broadcast;762intf->seq_table[i].inuse = 1;763intf->seq_table[i].seqid = NEXT_SEQID(intf->seq_table[i].seqid);764*seq = i;765*seqid = intf->seq_table[i].seqid;766intf->curr_seq = (i+1)%IPMI_IPMB_NUM_SEQ;767} else {768rv = -EAGAIN;769}770771return rv;772}773774/*775* Return the receive message for the given sequence number and776* release the sequence number so it can be reused. Some other data777* is passed in to be sure the message matches up correctly (to help778* guard against message coming in after their timeout and the779* sequence number being reused).780*/781static int intf_find_seq(ipmi_smi_t intf,782unsigned char seq,783short channel,784unsigned char cmd,785unsigned char netfn,786struct ipmi_addr *addr,787struct ipmi_recv_msg **recv_msg)788{789int rv = -ENODEV;790unsigned long flags;791792if (seq >= IPMI_IPMB_NUM_SEQ)793return -EINVAL;794795spin_lock_irqsave(&(intf->seq_lock), flags);796if (intf->seq_table[seq].inuse) {797struct ipmi_recv_msg *msg = intf->seq_table[seq].recv_msg;798799if ((msg->addr.channel == channel) && (msg->msg.cmd == cmd)800&& (msg->msg.netfn == netfn)801&& (ipmi_addr_equal(addr, &(msg->addr)))) {802*recv_msg = msg;803intf->seq_table[seq].inuse = 0;804rv = 0;805}806}807spin_unlock_irqrestore(&(intf->seq_lock), flags);808809return rv;810}811812813/* Start the timer for a specific sequence table entry. */814static int intf_start_seq_timer(ipmi_smi_t intf,815long msgid)816{817int rv = -ENODEV;818unsigned long flags;819unsigned char seq;820unsigned long seqid;821822823GET_SEQ_FROM_MSGID(msgid, seq, seqid);824825spin_lock_irqsave(&(intf->seq_lock), flags);826/*827* We do this verification because the user can be deleted828* while a message is outstanding.829*/830if ((intf->seq_table[seq].inuse)831&& (intf->seq_table[seq].seqid == seqid)) {832struct seq_table *ent = &(intf->seq_table[seq]);833ent->timeout = ent->orig_timeout;834rv = 0;835}836spin_unlock_irqrestore(&(intf->seq_lock), flags);837838return rv;839}840841/* Got an error for the send message for a specific sequence number. */842static int intf_err_seq(ipmi_smi_t intf,843long msgid,844unsigned int err)845{846int rv = -ENODEV;847unsigned long flags;848unsigned char seq;849unsigned long seqid;850struct ipmi_recv_msg *msg = NULL;851852853GET_SEQ_FROM_MSGID(msgid, seq, seqid);854855spin_lock_irqsave(&(intf->seq_lock), flags);856/*857* We do this verification because the user can be deleted858* while a message is outstanding.859*/860if ((intf->seq_table[seq].inuse)861&& (intf->seq_table[seq].seqid == seqid)) {862struct seq_table *ent = &(intf->seq_table[seq]);863864ent->inuse = 0;865msg = ent->recv_msg;866rv = 0;867}868spin_unlock_irqrestore(&(intf->seq_lock), flags);869870if (msg)871deliver_err_response(msg, err);872873return rv;874}875876877int ipmi_create_user(unsigned int if_num,878struct ipmi_user_hndl *handler,879void *handler_data,880ipmi_user_t *user)881{882unsigned long flags;883ipmi_user_t new_user;884int rv = 0;885ipmi_smi_t intf;886887/*888* There is no module usecount here, because it's not889* required. Since this can only be used by and called from890* other modules, they will implicitly use this module, and891* thus this can't be removed unless the other modules are892* removed.893*/894895if (handler == NULL)896return -EINVAL;897898/*899* Make sure the driver is actually initialized, this handles900* problems with initialization order.901*/902if (!initialized) {903rv = ipmi_init_msghandler();904if (rv)905return rv;906907/*908* The init code doesn't return an error if it was turned909* off, but it won't initialize. Check that.910*/911if (!initialized)912return -ENODEV;913}914915new_user = kmalloc(sizeof(*new_user), GFP_KERNEL);916if (!new_user)917return -ENOMEM;918919mutex_lock(&ipmi_interfaces_mutex);920list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {921if (intf->intf_num == if_num)922goto found;923}924/* Not found, return an error */925rv = -EINVAL;926goto out_kfree;927928found:929/* Note that each existing user holds a refcount to the interface. */930kref_get(&intf->refcount);931932kref_init(&new_user->refcount);933new_user->handler = handler;934new_user->handler_data = handler_data;935new_user->intf = intf;936new_user->gets_events = 0;937938if (!try_module_get(intf->handlers->owner)) {939rv = -ENODEV;940goto out_kref;941}942943if (intf->handlers->inc_usecount) {944rv = intf->handlers->inc_usecount(intf->send_info);945if (rv) {946module_put(intf->handlers->owner);947goto out_kref;948}949}950951/*952* Hold the lock so intf->handlers is guaranteed to be good953* until now954*/955mutex_unlock(&ipmi_interfaces_mutex);956957new_user->valid = 1;958spin_lock_irqsave(&intf->seq_lock, flags);959list_add_rcu(&new_user->link, &intf->users);960spin_unlock_irqrestore(&intf->seq_lock, flags);961*user = new_user;962return 0;963964out_kref:965kref_put(&intf->refcount, intf_free);966out_kfree:967mutex_unlock(&ipmi_interfaces_mutex);968kfree(new_user);969return rv;970}971EXPORT_SYMBOL(ipmi_create_user);972973int ipmi_get_smi_info(int if_num, struct ipmi_smi_info *data)974{975int rv = 0;976ipmi_smi_t intf;977struct ipmi_smi_handlers *handlers;978979mutex_lock(&ipmi_interfaces_mutex);980list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {981if (intf->intf_num == if_num)982goto found;983}984/* Not found, return an error */985rv = -EINVAL;986mutex_unlock(&ipmi_interfaces_mutex);987return rv;988989found:990handlers = intf->handlers;991rv = -ENOSYS;992if (handlers->get_smi_info)993rv = handlers->get_smi_info(intf->send_info, data);994mutex_unlock(&ipmi_interfaces_mutex);995996return rv;997}998EXPORT_SYMBOL(ipmi_get_smi_info);9991000static void free_user(struct kref *ref)1001{1002ipmi_user_t user = container_of(ref, struct ipmi_user, refcount);1003kfree(user);1004}10051006int ipmi_destroy_user(ipmi_user_t user)1007{1008ipmi_smi_t intf = user->intf;1009int i;1010unsigned long flags;1011struct cmd_rcvr *rcvr;1012struct cmd_rcvr *rcvrs = NULL;10131014user->valid = 0;10151016/* Remove the user from the interface's sequence table. */1017spin_lock_irqsave(&intf->seq_lock, flags);1018list_del_rcu(&user->link);10191020for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {1021if (intf->seq_table[i].inuse1022&& (intf->seq_table[i].recv_msg->user == user)) {1023intf->seq_table[i].inuse = 0;1024ipmi_free_recv_msg(intf->seq_table[i].recv_msg);1025}1026}1027spin_unlock_irqrestore(&intf->seq_lock, flags);10281029/*1030* Remove the user from the command receiver's table. First1031* we build a list of everything (not using the standard link,1032* since other things may be using it till we do1033* synchronize_rcu()) then free everything in that list.1034*/1035mutex_lock(&intf->cmd_rcvrs_mutex);1036list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {1037if (rcvr->user == user) {1038list_del_rcu(&rcvr->link);1039rcvr->next = rcvrs;1040rcvrs = rcvr;1041}1042}1043mutex_unlock(&intf->cmd_rcvrs_mutex);1044synchronize_rcu();1045while (rcvrs) {1046rcvr = rcvrs;1047rcvrs = rcvr->next;1048kfree(rcvr);1049}10501051mutex_lock(&ipmi_interfaces_mutex);1052if (intf->handlers) {1053module_put(intf->handlers->owner);1054if (intf->handlers->dec_usecount)1055intf->handlers->dec_usecount(intf->send_info);1056}1057mutex_unlock(&ipmi_interfaces_mutex);10581059kref_put(&intf->refcount, intf_free);10601061kref_put(&user->refcount, free_user);10621063return 0;1064}1065EXPORT_SYMBOL(ipmi_destroy_user);10661067void ipmi_get_version(ipmi_user_t user,1068unsigned char *major,1069unsigned char *minor)1070{1071*major = user->intf->ipmi_version_major;1072*minor = user->intf->ipmi_version_minor;1073}1074EXPORT_SYMBOL(ipmi_get_version);10751076int ipmi_set_my_address(ipmi_user_t user,1077unsigned int channel,1078unsigned char address)1079{1080if (channel >= IPMI_MAX_CHANNELS)1081return -EINVAL;1082user->intf->channels[channel].address = address;1083return 0;1084}1085EXPORT_SYMBOL(ipmi_set_my_address);10861087int ipmi_get_my_address(ipmi_user_t user,1088unsigned int channel,1089unsigned char *address)1090{1091if (channel >= IPMI_MAX_CHANNELS)1092return -EINVAL;1093*address = user->intf->channels[channel].address;1094return 0;1095}1096EXPORT_SYMBOL(ipmi_get_my_address);10971098int ipmi_set_my_LUN(ipmi_user_t user,1099unsigned int channel,1100unsigned char LUN)1101{1102if (channel >= IPMI_MAX_CHANNELS)1103return -EINVAL;1104user->intf->channels[channel].lun = LUN & 0x3;1105return 0;1106}1107EXPORT_SYMBOL(ipmi_set_my_LUN);11081109int ipmi_get_my_LUN(ipmi_user_t user,1110unsigned int channel,1111unsigned char *address)1112{1113if (channel >= IPMI_MAX_CHANNELS)1114return -EINVAL;1115*address = user->intf->channels[channel].lun;1116return 0;1117}1118EXPORT_SYMBOL(ipmi_get_my_LUN);11191120int ipmi_get_maintenance_mode(ipmi_user_t user)1121{1122int mode;1123unsigned long flags;11241125spin_lock_irqsave(&user->intf->maintenance_mode_lock, flags);1126mode = user->intf->maintenance_mode;1127spin_unlock_irqrestore(&user->intf->maintenance_mode_lock, flags);11281129return mode;1130}1131EXPORT_SYMBOL(ipmi_get_maintenance_mode);11321133static void maintenance_mode_update(ipmi_smi_t intf)1134{1135if (intf->handlers->set_maintenance_mode)1136intf->handlers->set_maintenance_mode(1137intf->send_info, intf->maintenance_mode_enable);1138}11391140int ipmi_set_maintenance_mode(ipmi_user_t user, int mode)1141{1142int rv = 0;1143unsigned long flags;1144ipmi_smi_t intf = user->intf;11451146spin_lock_irqsave(&intf->maintenance_mode_lock, flags);1147if (intf->maintenance_mode != mode) {1148switch (mode) {1149case IPMI_MAINTENANCE_MODE_AUTO:1150intf->maintenance_mode = mode;1151intf->maintenance_mode_enable1152= (intf->auto_maintenance_timeout > 0);1153break;11541155case IPMI_MAINTENANCE_MODE_OFF:1156intf->maintenance_mode = mode;1157intf->maintenance_mode_enable = 0;1158break;11591160case IPMI_MAINTENANCE_MODE_ON:1161intf->maintenance_mode = mode;1162intf->maintenance_mode_enable = 1;1163break;11641165default:1166rv = -EINVAL;1167goto out_unlock;1168}11691170maintenance_mode_update(intf);1171}1172out_unlock:1173spin_unlock_irqrestore(&intf->maintenance_mode_lock, flags);11741175return rv;1176}1177EXPORT_SYMBOL(ipmi_set_maintenance_mode);11781179int ipmi_set_gets_events(ipmi_user_t user, int val)1180{1181unsigned long flags;1182ipmi_smi_t intf = user->intf;1183struct ipmi_recv_msg *msg, *msg2;1184struct list_head msgs;11851186INIT_LIST_HEAD(&msgs);11871188spin_lock_irqsave(&intf->events_lock, flags);1189user->gets_events = val;11901191if (intf->delivering_events)1192/*1193* Another thread is delivering events for this, so1194* let it handle any new events.1195*/1196goto out;11971198/* Deliver any queued events. */1199while (user->gets_events && !list_empty(&intf->waiting_events)) {1200list_for_each_entry_safe(msg, msg2, &intf->waiting_events, link)1201list_move_tail(&msg->link, &msgs);1202intf->waiting_events_count = 0;1203if (intf->event_msg_printed) {1204printk(KERN_WARNING PFX "Event queue no longer"1205" full\n");1206intf->event_msg_printed = 0;1207}12081209intf->delivering_events = 1;1210spin_unlock_irqrestore(&intf->events_lock, flags);12111212list_for_each_entry_safe(msg, msg2, &msgs, link) {1213msg->user = user;1214kref_get(&user->refcount);1215deliver_response(msg);1216}12171218spin_lock_irqsave(&intf->events_lock, flags);1219intf->delivering_events = 0;1220}12211222out:1223spin_unlock_irqrestore(&intf->events_lock, flags);12241225return 0;1226}1227EXPORT_SYMBOL(ipmi_set_gets_events);12281229static struct cmd_rcvr *find_cmd_rcvr(ipmi_smi_t intf,1230unsigned char netfn,1231unsigned char cmd,1232unsigned char chan)1233{1234struct cmd_rcvr *rcvr;12351236list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {1237if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)1238&& (rcvr->chans & (1 << chan)))1239return rcvr;1240}1241return NULL;1242}12431244static int is_cmd_rcvr_exclusive(ipmi_smi_t intf,1245unsigned char netfn,1246unsigned char cmd,1247unsigned int chans)1248{1249struct cmd_rcvr *rcvr;12501251list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {1252if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)1253&& (rcvr->chans & chans))1254return 0;1255}1256return 1;1257}12581259int ipmi_register_for_cmd(ipmi_user_t user,1260unsigned char netfn,1261unsigned char cmd,1262unsigned int chans)1263{1264ipmi_smi_t intf = user->intf;1265struct cmd_rcvr *rcvr;1266int rv = 0;126712681269rcvr = kmalloc(sizeof(*rcvr), GFP_KERNEL);1270if (!rcvr)1271return -ENOMEM;1272rcvr->cmd = cmd;1273rcvr->netfn = netfn;1274rcvr->chans = chans;1275rcvr->user = user;12761277mutex_lock(&intf->cmd_rcvrs_mutex);1278/* Make sure the command/netfn is not already registered. */1279if (!is_cmd_rcvr_exclusive(intf, netfn, cmd, chans)) {1280rv = -EBUSY;1281goto out_unlock;1282}12831284list_add_rcu(&rcvr->link, &intf->cmd_rcvrs);12851286out_unlock:1287mutex_unlock(&intf->cmd_rcvrs_mutex);1288if (rv)1289kfree(rcvr);12901291return rv;1292}1293EXPORT_SYMBOL(ipmi_register_for_cmd);12941295int ipmi_unregister_for_cmd(ipmi_user_t user,1296unsigned char netfn,1297unsigned char cmd,1298unsigned int chans)1299{1300ipmi_smi_t intf = user->intf;1301struct cmd_rcvr *rcvr;1302struct cmd_rcvr *rcvrs = NULL;1303int i, rv = -ENOENT;13041305mutex_lock(&intf->cmd_rcvrs_mutex);1306for (i = 0; i < IPMI_NUM_CHANNELS; i++) {1307if (((1 << i) & chans) == 0)1308continue;1309rcvr = find_cmd_rcvr(intf, netfn, cmd, i);1310if (rcvr == NULL)1311continue;1312if (rcvr->user == user) {1313rv = 0;1314rcvr->chans &= ~chans;1315if (rcvr->chans == 0) {1316list_del_rcu(&rcvr->link);1317rcvr->next = rcvrs;1318rcvrs = rcvr;1319}1320}1321}1322mutex_unlock(&intf->cmd_rcvrs_mutex);1323synchronize_rcu();1324while (rcvrs) {1325rcvr = rcvrs;1326rcvrs = rcvr->next;1327kfree(rcvr);1328}1329return rv;1330}1331EXPORT_SYMBOL(ipmi_unregister_for_cmd);13321333static unsigned char1334ipmb_checksum(unsigned char *data, int size)1335{1336unsigned char csum = 0;13371338for (; size > 0; size--, data++)1339csum += *data;13401341return -csum;1342}13431344static inline void format_ipmb_msg(struct ipmi_smi_msg *smi_msg,1345struct kernel_ipmi_msg *msg,1346struct ipmi_ipmb_addr *ipmb_addr,1347long msgid,1348unsigned char ipmb_seq,1349int broadcast,1350unsigned char source_address,1351unsigned char source_lun)1352{1353int i = broadcast;13541355/* Format the IPMB header data. */1356smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);1357smi_msg->data[1] = IPMI_SEND_MSG_CMD;1358smi_msg->data[2] = ipmb_addr->channel;1359if (broadcast)1360smi_msg->data[3] = 0;1361smi_msg->data[i+3] = ipmb_addr->slave_addr;1362smi_msg->data[i+4] = (msg->netfn << 2) | (ipmb_addr->lun & 0x3);1363smi_msg->data[i+5] = ipmb_checksum(&(smi_msg->data[i+3]), 2);1364smi_msg->data[i+6] = source_address;1365smi_msg->data[i+7] = (ipmb_seq << 2) | source_lun;1366smi_msg->data[i+8] = msg->cmd;13671368/* Now tack on the data to the message. */1369if (msg->data_len > 0)1370memcpy(&(smi_msg->data[i+9]), msg->data,1371msg->data_len);1372smi_msg->data_size = msg->data_len + 9;13731374/* Now calculate the checksum and tack it on. */1375smi_msg->data[i+smi_msg->data_size]1376= ipmb_checksum(&(smi_msg->data[i+6]),1377smi_msg->data_size-6);13781379/*1380* Add on the checksum size and the offset from the1381* broadcast.1382*/1383smi_msg->data_size += 1 + i;13841385smi_msg->msgid = msgid;1386}13871388static inline void format_lan_msg(struct ipmi_smi_msg *smi_msg,1389struct kernel_ipmi_msg *msg,1390struct ipmi_lan_addr *lan_addr,1391long msgid,1392unsigned char ipmb_seq,1393unsigned char source_lun)1394{1395/* Format the IPMB header data. */1396smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);1397smi_msg->data[1] = IPMI_SEND_MSG_CMD;1398smi_msg->data[2] = lan_addr->channel;1399smi_msg->data[3] = lan_addr->session_handle;1400smi_msg->data[4] = lan_addr->remote_SWID;1401smi_msg->data[5] = (msg->netfn << 2) | (lan_addr->lun & 0x3);1402smi_msg->data[6] = ipmb_checksum(&(smi_msg->data[4]), 2);1403smi_msg->data[7] = lan_addr->local_SWID;1404smi_msg->data[8] = (ipmb_seq << 2) | source_lun;1405smi_msg->data[9] = msg->cmd;14061407/* Now tack on the data to the message. */1408if (msg->data_len > 0)1409memcpy(&(smi_msg->data[10]), msg->data,1410msg->data_len);1411smi_msg->data_size = msg->data_len + 10;14121413/* Now calculate the checksum and tack it on. */1414smi_msg->data[smi_msg->data_size]1415= ipmb_checksum(&(smi_msg->data[7]),1416smi_msg->data_size-7);14171418/*1419* Add on the checksum size and the offset from the1420* broadcast.1421*/1422smi_msg->data_size += 1;14231424smi_msg->msgid = msgid;1425}14261427/*1428* Separate from ipmi_request so that the user does not have to be1429* supplied in certain circumstances (mainly at panic time). If1430* messages are supplied, they will be freed, even if an error1431* occurs.1432*/1433static int i_ipmi_request(ipmi_user_t user,1434ipmi_smi_t intf,1435struct ipmi_addr *addr,1436long msgid,1437struct kernel_ipmi_msg *msg,1438void *user_msg_data,1439void *supplied_smi,1440struct ipmi_recv_msg *supplied_recv,1441int priority,1442unsigned char source_address,1443unsigned char source_lun,1444int retries,1445unsigned int retry_time_ms)1446{1447int rv = 0;1448struct ipmi_smi_msg *smi_msg;1449struct ipmi_recv_msg *recv_msg;1450unsigned long flags;1451struct ipmi_smi_handlers *handlers;145214531454if (supplied_recv)1455recv_msg = supplied_recv;1456else {1457recv_msg = ipmi_alloc_recv_msg();1458if (recv_msg == NULL)1459return -ENOMEM;1460}1461recv_msg->user_msg_data = user_msg_data;14621463if (supplied_smi)1464smi_msg = (struct ipmi_smi_msg *) supplied_smi;1465else {1466smi_msg = ipmi_alloc_smi_msg();1467if (smi_msg == NULL) {1468ipmi_free_recv_msg(recv_msg);1469return -ENOMEM;1470}1471}14721473rcu_read_lock();1474handlers = intf->handlers;1475if (!handlers) {1476rv = -ENODEV;1477goto out_err;1478}14791480recv_msg->user = user;1481if (user)1482kref_get(&user->refcount);1483recv_msg->msgid = msgid;1484/*1485* Store the message to send in the receive message so timeout1486* responses can get the proper response data.1487*/1488recv_msg->msg = *msg;14891490if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {1491struct ipmi_system_interface_addr *smi_addr;14921493if (msg->netfn & 1) {1494/* Responses are not allowed to the SMI. */1495rv = -EINVAL;1496goto out_err;1497}14981499smi_addr = (struct ipmi_system_interface_addr *) addr;1500if (smi_addr->lun > 3) {1501ipmi_inc_stat(intf, sent_invalid_commands);1502rv = -EINVAL;1503goto out_err;1504}15051506memcpy(&recv_msg->addr, smi_addr, sizeof(*smi_addr));15071508if ((msg->netfn == IPMI_NETFN_APP_REQUEST)1509&& ((msg->cmd == IPMI_SEND_MSG_CMD)1510|| (msg->cmd == IPMI_GET_MSG_CMD)1511|| (msg->cmd == IPMI_READ_EVENT_MSG_BUFFER_CMD))) {1512/*1513* We don't let the user do these, since we manage1514* the sequence numbers.1515*/1516ipmi_inc_stat(intf, sent_invalid_commands);1517rv = -EINVAL;1518goto out_err;1519}15201521if (((msg->netfn == IPMI_NETFN_APP_REQUEST)1522&& ((msg->cmd == IPMI_COLD_RESET_CMD)1523|| (msg->cmd == IPMI_WARM_RESET_CMD)))1524|| (msg->netfn == IPMI_NETFN_FIRMWARE_REQUEST)) {1525spin_lock_irqsave(&intf->maintenance_mode_lock, flags);1526intf->auto_maintenance_timeout1527= IPMI_MAINTENANCE_MODE_TIMEOUT;1528if (!intf->maintenance_mode1529&& !intf->maintenance_mode_enable) {1530intf->maintenance_mode_enable = 1;1531maintenance_mode_update(intf);1532}1533spin_unlock_irqrestore(&intf->maintenance_mode_lock,1534flags);1535}15361537if ((msg->data_len + 2) > IPMI_MAX_MSG_LENGTH) {1538ipmi_inc_stat(intf, sent_invalid_commands);1539rv = -EMSGSIZE;1540goto out_err;1541}15421543smi_msg->data[0] = (msg->netfn << 2) | (smi_addr->lun & 0x3);1544smi_msg->data[1] = msg->cmd;1545smi_msg->msgid = msgid;1546smi_msg->user_data = recv_msg;1547if (msg->data_len > 0)1548memcpy(&(smi_msg->data[2]), msg->data, msg->data_len);1549smi_msg->data_size = msg->data_len + 2;1550ipmi_inc_stat(intf, sent_local_commands);1551} else if (is_ipmb_addr(addr) || is_ipmb_bcast_addr(addr)) {1552struct ipmi_ipmb_addr *ipmb_addr;1553unsigned char ipmb_seq;1554long seqid;1555int broadcast = 0;15561557if (addr->channel >= IPMI_MAX_CHANNELS) {1558ipmi_inc_stat(intf, sent_invalid_commands);1559rv = -EINVAL;1560goto out_err;1561}15621563if (intf->channels[addr->channel].medium1564!= IPMI_CHANNEL_MEDIUM_IPMB) {1565ipmi_inc_stat(intf, sent_invalid_commands);1566rv = -EINVAL;1567goto out_err;1568}15691570if (retries < 0) {1571if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)1572retries = 0; /* Don't retry broadcasts. */1573else1574retries = 4;1575}1576if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE) {1577/*1578* Broadcasts add a zero at the beginning of the1579* message, but otherwise is the same as an IPMB1580* address.1581*/1582addr->addr_type = IPMI_IPMB_ADDR_TYPE;1583broadcast = 1;1584}158515861587/* Default to 1 second retries. */1588if (retry_time_ms == 0)1589retry_time_ms = 1000;15901591/*1592* 9 for the header and 1 for the checksum, plus1593* possibly one for the broadcast.1594*/1595if ((msg->data_len + 10 + broadcast) > IPMI_MAX_MSG_LENGTH) {1596ipmi_inc_stat(intf, sent_invalid_commands);1597rv = -EMSGSIZE;1598goto out_err;1599}16001601ipmb_addr = (struct ipmi_ipmb_addr *) addr;1602if (ipmb_addr->lun > 3) {1603ipmi_inc_stat(intf, sent_invalid_commands);1604rv = -EINVAL;1605goto out_err;1606}16071608memcpy(&recv_msg->addr, ipmb_addr, sizeof(*ipmb_addr));16091610if (recv_msg->msg.netfn & 0x1) {1611/*1612* It's a response, so use the user's sequence1613* from msgid.1614*/1615ipmi_inc_stat(intf, sent_ipmb_responses);1616format_ipmb_msg(smi_msg, msg, ipmb_addr, msgid,1617msgid, broadcast,1618source_address, source_lun);16191620/*1621* Save the receive message so we can use it1622* to deliver the response.1623*/1624smi_msg->user_data = recv_msg;1625} else {1626/* It's a command, so get a sequence for it. */16271628spin_lock_irqsave(&(intf->seq_lock), flags);16291630/*1631* Create a sequence number with a 1 second1632* timeout and 4 retries.1633*/1634rv = intf_next_seq(intf,1635recv_msg,1636retry_time_ms,1637retries,1638broadcast,1639&ipmb_seq,1640&seqid);1641if (rv) {1642/*1643* We have used up all the sequence numbers,1644* probably, so abort.1645*/1646spin_unlock_irqrestore(&(intf->seq_lock),1647flags);1648goto out_err;1649}16501651ipmi_inc_stat(intf, sent_ipmb_commands);16521653/*1654* Store the sequence number in the message,1655* so that when the send message response1656* comes back we can start the timer.1657*/1658format_ipmb_msg(smi_msg, msg, ipmb_addr,1659STORE_SEQ_IN_MSGID(ipmb_seq, seqid),1660ipmb_seq, broadcast,1661source_address, source_lun);16621663/*1664* Copy the message into the recv message data, so we1665* can retransmit it later if necessary.1666*/1667memcpy(recv_msg->msg_data, smi_msg->data,1668smi_msg->data_size);1669recv_msg->msg.data = recv_msg->msg_data;1670recv_msg->msg.data_len = smi_msg->data_size;16711672/*1673* We don't unlock until here, because we need1674* to copy the completed message into the1675* recv_msg before we release the lock.1676* Otherwise, race conditions may bite us. I1677* know that's pretty paranoid, but I prefer1678* to be correct.1679*/1680spin_unlock_irqrestore(&(intf->seq_lock), flags);1681}1682} else if (is_lan_addr(addr)) {1683struct ipmi_lan_addr *lan_addr;1684unsigned char ipmb_seq;1685long seqid;16861687if (addr->channel >= IPMI_MAX_CHANNELS) {1688ipmi_inc_stat(intf, sent_invalid_commands);1689rv = -EINVAL;1690goto out_err;1691}16921693if ((intf->channels[addr->channel].medium1694!= IPMI_CHANNEL_MEDIUM_8023LAN)1695&& (intf->channels[addr->channel].medium1696!= IPMI_CHANNEL_MEDIUM_ASYNC)) {1697ipmi_inc_stat(intf, sent_invalid_commands);1698rv = -EINVAL;1699goto out_err;1700}17011702retries = 4;17031704/* Default to 1 second retries. */1705if (retry_time_ms == 0)1706retry_time_ms = 1000;17071708/* 11 for the header and 1 for the checksum. */1709if ((msg->data_len + 12) > IPMI_MAX_MSG_LENGTH) {1710ipmi_inc_stat(intf, sent_invalid_commands);1711rv = -EMSGSIZE;1712goto out_err;1713}17141715lan_addr = (struct ipmi_lan_addr *) addr;1716if (lan_addr->lun > 3) {1717ipmi_inc_stat(intf, sent_invalid_commands);1718rv = -EINVAL;1719goto out_err;1720}17211722memcpy(&recv_msg->addr, lan_addr, sizeof(*lan_addr));17231724if (recv_msg->msg.netfn & 0x1) {1725/*1726* It's a response, so use the user's sequence1727* from msgid.1728*/1729ipmi_inc_stat(intf, sent_lan_responses);1730format_lan_msg(smi_msg, msg, lan_addr, msgid,1731msgid, source_lun);17321733/*1734* Save the receive message so we can use it1735* to deliver the response.1736*/1737smi_msg->user_data = recv_msg;1738} else {1739/* It's a command, so get a sequence for it. */17401741spin_lock_irqsave(&(intf->seq_lock), flags);17421743/*1744* Create a sequence number with a 1 second1745* timeout and 4 retries.1746*/1747rv = intf_next_seq(intf,1748recv_msg,1749retry_time_ms,1750retries,17510,1752&ipmb_seq,1753&seqid);1754if (rv) {1755/*1756* We have used up all the sequence numbers,1757* probably, so abort.1758*/1759spin_unlock_irqrestore(&(intf->seq_lock),1760flags);1761goto out_err;1762}17631764ipmi_inc_stat(intf, sent_lan_commands);17651766/*1767* Store the sequence number in the message,1768* so that when the send message response1769* comes back we can start the timer.1770*/1771format_lan_msg(smi_msg, msg, lan_addr,1772STORE_SEQ_IN_MSGID(ipmb_seq, seqid),1773ipmb_seq, source_lun);17741775/*1776* Copy the message into the recv message data, so we1777* can retransmit it later if necessary.1778*/1779memcpy(recv_msg->msg_data, smi_msg->data,1780smi_msg->data_size);1781recv_msg->msg.data = recv_msg->msg_data;1782recv_msg->msg.data_len = smi_msg->data_size;17831784/*1785* We don't unlock until here, because we need1786* to copy the completed message into the1787* recv_msg before we release the lock.1788* Otherwise, race conditions may bite us. I1789* know that's pretty paranoid, but I prefer1790* to be correct.1791*/1792spin_unlock_irqrestore(&(intf->seq_lock), flags);1793}1794} else {1795/* Unknown address type. */1796ipmi_inc_stat(intf, sent_invalid_commands);1797rv = -EINVAL;1798goto out_err;1799}18001801#ifdef DEBUG_MSGING1802{1803int m;1804for (m = 0; m < smi_msg->data_size; m++)1805printk(" %2.2x", smi_msg->data[m]);1806printk("\n");1807}1808#endif18091810handlers->sender(intf->send_info, smi_msg, priority);1811rcu_read_unlock();18121813return 0;18141815out_err:1816rcu_read_unlock();1817ipmi_free_smi_msg(smi_msg);1818ipmi_free_recv_msg(recv_msg);1819return rv;1820}18211822static int check_addr(ipmi_smi_t intf,1823struct ipmi_addr *addr,1824unsigned char *saddr,1825unsigned char *lun)1826{1827if (addr->channel >= IPMI_MAX_CHANNELS)1828return -EINVAL;1829*lun = intf->channels[addr->channel].lun;1830*saddr = intf->channels[addr->channel].address;1831return 0;1832}18331834int ipmi_request_settime(ipmi_user_t user,1835struct ipmi_addr *addr,1836long msgid,1837struct kernel_ipmi_msg *msg,1838void *user_msg_data,1839int priority,1840int retries,1841unsigned int retry_time_ms)1842{1843unsigned char saddr, lun;1844int rv;18451846if (!user)1847return -EINVAL;1848rv = check_addr(user->intf, addr, &saddr, &lun);1849if (rv)1850return rv;1851return i_ipmi_request(user,1852user->intf,1853addr,1854msgid,1855msg,1856user_msg_data,1857NULL, NULL,1858priority,1859saddr,1860lun,1861retries,1862retry_time_ms);1863}1864EXPORT_SYMBOL(ipmi_request_settime);18651866int ipmi_request_supply_msgs(ipmi_user_t user,1867struct ipmi_addr *addr,1868long msgid,1869struct kernel_ipmi_msg *msg,1870void *user_msg_data,1871void *supplied_smi,1872struct ipmi_recv_msg *supplied_recv,1873int priority)1874{1875unsigned char saddr, lun;1876int rv;18771878if (!user)1879return -EINVAL;1880rv = check_addr(user->intf, addr, &saddr, &lun);1881if (rv)1882return rv;1883return i_ipmi_request(user,1884user->intf,1885addr,1886msgid,1887msg,1888user_msg_data,1889supplied_smi,1890supplied_recv,1891priority,1892saddr,1893lun,1894-1, 0);1895}1896EXPORT_SYMBOL(ipmi_request_supply_msgs);18971898#ifdef CONFIG_PROC_FS1899static int smi_ipmb_proc_show(struct seq_file *m, void *v)1900{1901ipmi_smi_t intf = m->private;1902int i;19031904seq_printf(m, "%x", intf->channels[0].address);1905for (i = 1; i < IPMI_MAX_CHANNELS; i++)1906seq_printf(m, " %x", intf->channels[i].address);1907return seq_putc(m, '\n');1908}19091910static int smi_ipmb_proc_open(struct inode *inode, struct file *file)1911{1912return single_open(file, smi_ipmb_proc_show, PDE(inode)->data);1913}19141915static const struct file_operations smi_ipmb_proc_ops = {1916.open = smi_ipmb_proc_open,1917.read = seq_read,1918.llseek = seq_lseek,1919.release = single_release,1920};19211922static int smi_version_proc_show(struct seq_file *m, void *v)1923{1924ipmi_smi_t intf = m->private;19251926return seq_printf(m, "%u.%u\n",1927ipmi_version_major(&intf->bmc->id),1928ipmi_version_minor(&intf->bmc->id));1929}19301931static int smi_version_proc_open(struct inode *inode, struct file *file)1932{1933return single_open(file, smi_version_proc_show, PDE(inode)->data);1934}19351936static const struct file_operations smi_version_proc_ops = {1937.open = smi_version_proc_open,1938.read = seq_read,1939.llseek = seq_lseek,1940.release = single_release,1941};19421943static int smi_stats_proc_show(struct seq_file *m, void *v)1944{1945ipmi_smi_t intf = m->private;19461947seq_printf(m, "sent_invalid_commands: %u\n",1948ipmi_get_stat(intf, sent_invalid_commands));1949seq_printf(m, "sent_local_commands: %u\n",1950ipmi_get_stat(intf, sent_local_commands));1951seq_printf(m, "handled_local_responses: %u\n",1952ipmi_get_stat(intf, handled_local_responses));1953seq_printf(m, "unhandled_local_responses: %u\n",1954ipmi_get_stat(intf, unhandled_local_responses));1955seq_printf(m, "sent_ipmb_commands: %u\n",1956ipmi_get_stat(intf, sent_ipmb_commands));1957seq_printf(m, "sent_ipmb_command_errs: %u\n",1958ipmi_get_stat(intf, sent_ipmb_command_errs));1959seq_printf(m, "retransmitted_ipmb_commands: %u\n",1960ipmi_get_stat(intf, retransmitted_ipmb_commands));1961seq_printf(m, "timed_out_ipmb_commands: %u\n",1962ipmi_get_stat(intf, timed_out_ipmb_commands));1963seq_printf(m, "timed_out_ipmb_broadcasts: %u\n",1964ipmi_get_stat(intf, timed_out_ipmb_broadcasts));1965seq_printf(m, "sent_ipmb_responses: %u\n",1966ipmi_get_stat(intf, sent_ipmb_responses));1967seq_printf(m, "handled_ipmb_responses: %u\n",1968ipmi_get_stat(intf, handled_ipmb_responses));1969seq_printf(m, "invalid_ipmb_responses: %u\n",1970ipmi_get_stat(intf, invalid_ipmb_responses));1971seq_printf(m, "unhandled_ipmb_responses: %u\n",1972ipmi_get_stat(intf, unhandled_ipmb_responses));1973seq_printf(m, "sent_lan_commands: %u\n",1974ipmi_get_stat(intf, sent_lan_commands));1975seq_printf(m, "sent_lan_command_errs: %u\n",1976ipmi_get_stat(intf, sent_lan_command_errs));1977seq_printf(m, "retransmitted_lan_commands: %u\n",1978ipmi_get_stat(intf, retransmitted_lan_commands));1979seq_printf(m, "timed_out_lan_commands: %u\n",1980ipmi_get_stat(intf, timed_out_lan_commands));1981seq_printf(m, "sent_lan_responses: %u\n",1982ipmi_get_stat(intf, sent_lan_responses));1983seq_printf(m, "handled_lan_responses: %u\n",1984ipmi_get_stat(intf, handled_lan_responses));1985seq_printf(m, "invalid_lan_responses: %u\n",1986ipmi_get_stat(intf, invalid_lan_responses));1987seq_printf(m, "unhandled_lan_responses: %u\n",1988ipmi_get_stat(intf, unhandled_lan_responses));1989seq_printf(m, "handled_commands: %u\n",1990ipmi_get_stat(intf, handled_commands));1991seq_printf(m, "invalid_commands: %u\n",1992ipmi_get_stat(intf, invalid_commands));1993seq_printf(m, "unhandled_commands: %u\n",1994ipmi_get_stat(intf, unhandled_commands));1995seq_printf(m, "invalid_events: %u\n",1996ipmi_get_stat(intf, invalid_events));1997seq_printf(m, "events: %u\n",1998ipmi_get_stat(intf, events));1999seq_printf(m, "failed rexmit LAN msgs: %u\n",2000ipmi_get_stat(intf, dropped_rexmit_lan_commands));2001seq_printf(m, "failed rexmit IPMB msgs: %u\n",2002ipmi_get_stat(intf, dropped_rexmit_ipmb_commands));2003return 0;2004}20052006static int smi_stats_proc_open(struct inode *inode, struct file *file)2007{2008return single_open(file, smi_stats_proc_show, PDE(inode)->data);2009}20102011static const struct file_operations smi_stats_proc_ops = {2012.open = smi_stats_proc_open,2013.read = seq_read,2014.llseek = seq_lseek,2015.release = single_release,2016};2017#endif /* CONFIG_PROC_FS */20182019int ipmi_smi_add_proc_entry(ipmi_smi_t smi, char *name,2020const struct file_operations *proc_ops,2021void *data)2022{2023int rv = 0;2024#ifdef CONFIG_PROC_FS2025struct proc_dir_entry *file;2026struct ipmi_proc_entry *entry;20272028/* Create a list element. */2029entry = kmalloc(sizeof(*entry), GFP_KERNEL);2030if (!entry)2031return -ENOMEM;2032entry->name = kmalloc(strlen(name)+1, GFP_KERNEL);2033if (!entry->name) {2034kfree(entry);2035return -ENOMEM;2036}2037strcpy(entry->name, name);20382039file = proc_create_data(name, 0, smi->proc_dir, proc_ops, data);2040if (!file) {2041kfree(entry->name);2042kfree(entry);2043rv = -ENOMEM;2044} else {2045mutex_lock(&smi->proc_entry_lock);2046/* Stick it on the list. */2047entry->next = smi->proc_entries;2048smi->proc_entries = entry;2049mutex_unlock(&smi->proc_entry_lock);2050}2051#endif /* CONFIG_PROC_FS */20522053return rv;2054}2055EXPORT_SYMBOL(ipmi_smi_add_proc_entry);20562057static int add_proc_entries(ipmi_smi_t smi, int num)2058{2059int rv = 0;20602061#ifdef CONFIG_PROC_FS2062sprintf(smi->proc_dir_name, "%d", num);2063smi->proc_dir = proc_mkdir(smi->proc_dir_name, proc_ipmi_root);2064if (!smi->proc_dir)2065rv = -ENOMEM;20662067if (rv == 0)2068rv = ipmi_smi_add_proc_entry(smi, "stats",2069&smi_stats_proc_ops,2070smi);20712072if (rv == 0)2073rv = ipmi_smi_add_proc_entry(smi, "ipmb",2074&smi_ipmb_proc_ops,2075smi);20762077if (rv == 0)2078rv = ipmi_smi_add_proc_entry(smi, "version",2079&smi_version_proc_ops,2080smi);2081#endif /* CONFIG_PROC_FS */20822083return rv;2084}20852086static void remove_proc_entries(ipmi_smi_t smi)2087{2088#ifdef CONFIG_PROC_FS2089struct ipmi_proc_entry *entry;20902091mutex_lock(&smi->proc_entry_lock);2092while (smi->proc_entries) {2093entry = smi->proc_entries;2094smi->proc_entries = entry->next;20952096remove_proc_entry(entry->name, smi->proc_dir);2097kfree(entry->name);2098kfree(entry);2099}2100mutex_unlock(&smi->proc_entry_lock);2101remove_proc_entry(smi->proc_dir_name, proc_ipmi_root);2102#endif /* CONFIG_PROC_FS */2103}21042105static int __find_bmc_guid(struct device *dev, void *data)2106{2107unsigned char *id = data;2108struct bmc_device *bmc = dev_get_drvdata(dev);2109return memcmp(bmc->guid, id, 16) == 0;2110}21112112static struct bmc_device *ipmi_find_bmc_guid(struct device_driver *drv,2113unsigned char *guid)2114{2115struct device *dev;21162117dev = driver_find_device(drv, NULL, guid, __find_bmc_guid);2118if (dev)2119return dev_get_drvdata(dev);2120else2121return NULL;2122}21232124struct prod_dev_id {2125unsigned int product_id;2126unsigned char device_id;2127};21282129static int __find_bmc_prod_dev_id(struct device *dev, void *data)2130{2131struct prod_dev_id *id = data;2132struct bmc_device *bmc = dev_get_drvdata(dev);21332134return (bmc->id.product_id == id->product_id2135&& bmc->id.device_id == id->device_id);2136}21372138static struct bmc_device *ipmi_find_bmc_prod_dev_id(2139struct device_driver *drv,2140unsigned int product_id, unsigned char device_id)2141{2142struct prod_dev_id id = {2143.product_id = product_id,2144.device_id = device_id,2145};2146struct device *dev;21472148dev = driver_find_device(drv, NULL, &id, __find_bmc_prod_dev_id);2149if (dev)2150return dev_get_drvdata(dev);2151else2152return NULL;2153}21542155static ssize_t device_id_show(struct device *dev,2156struct device_attribute *attr,2157char *buf)2158{2159struct bmc_device *bmc = dev_get_drvdata(dev);21602161return snprintf(buf, 10, "%u\n", bmc->id.device_id);2162}21632164static ssize_t provides_dev_sdrs_show(struct device *dev,2165struct device_attribute *attr,2166char *buf)2167{2168struct bmc_device *bmc = dev_get_drvdata(dev);21692170return snprintf(buf, 10, "%u\n",2171(bmc->id.device_revision & 0x80) >> 7);2172}21732174static ssize_t revision_show(struct device *dev, struct device_attribute *attr,2175char *buf)2176{2177struct bmc_device *bmc = dev_get_drvdata(dev);21782179return snprintf(buf, 20, "%u\n",2180bmc->id.device_revision & 0x0F);2181}21822183static ssize_t firmware_rev_show(struct device *dev,2184struct device_attribute *attr,2185char *buf)2186{2187struct bmc_device *bmc = dev_get_drvdata(dev);21882189return snprintf(buf, 20, "%u.%x\n", bmc->id.firmware_revision_1,2190bmc->id.firmware_revision_2);2191}21922193static ssize_t ipmi_version_show(struct device *dev,2194struct device_attribute *attr,2195char *buf)2196{2197struct bmc_device *bmc = dev_get_drvdata(dev);21982199return snprintf(buf, 20, "%u.%u\n",2200ipmi_version_major(&bmc->id),2201ipmi_version_minor(&bmc->id));2202}22032204static ssize_t add_dev_support_show(struct device *dev,2205struct device_attribute *attr,2206char *buf)2207{2208struct bmc_device *bmc = dev_get_drvdata(dev);22092210return snprintf(buf, 10, "0x%02x\n",2211bmc->id.additional_device_support);2212}22132214static ssize_t manufacturer_id_show(struct device *dev,2215struct device_attribute *attr,2216char *buf)2217{2218struct bmc_device *bmc = dev_get_drvdata(dev);22192220return snprintf(buf, 20, "0x%6.6x\n", bmc->id.manufacturer_id);2221}22222223static ssize_t product_id_show(struct device *dev,2224struct device_attribute *attr,2225char *buf)2226{2227struct bmc_device *bmc = dev_get_drvdata(dev);22282229return snprintf(buf, 10, "0x%4.4x\n", bmc->id.product_id);2230}22312232static ssize_t aux_firmware_rev_show(struct device *dev,2233struct device_attribute *attr,2234char *buf)2235{2236struct bmc_device *bmc = dev_get_drvdata(dev);22372238return snprintf(buf, 21, "0x%02x 0x%02x 0x%02x 0x%02x\n",2239bmc->id.aux_firmware_revision[3],2240bmc->id.aux_firmware_revision[2],2241bmc->id.aux_firmware_revision[1],2242bmc->id.aux_firmware_revision[0]);2243}22442245static ssize_t guid_show(struct device *dev, struct device_attribute *attr,2246char *buf)2247{2248struct bmc_device *bmc = dev_get_drvdata(dev);22492250return snprintf(buf, 100, "%Lx%Lx\n",2251(long long) bmc->guid[0],2252(long long) bmc->guid[8]);2253}22542255static void remove_files(struct bmc_device *bmc)2256{2257if (!bmc->dev)2258return;22592260device_remove_file(&bmc->dev->dev,2261&bmc->device_id_attr);2262device_remove_file(&bmc->dev->dev,2263&bmc->provides_dev_sdrs_attr);2264device_remove_file(&bmc->dev->dev,2265&bmc->revision_attr);2266device_remove_file(&bmc->dev->dev,2267&bmc->firmware_rev_attr);2268device_remove_file(&bmc->dev->dev,2269&bmc->version_attr);2270device_remove_file(&bmc->dev->dev,2271&bmc->add_dev_support_attr);2272device_remove_file(&bmc->dev->dev,2273&bmc->manufacturer_id_attr);2274device_remove_file(&bmc->dev->dev,2275&bmc->product_id_attr);22762277if (bmc->id.aux_firmware_revision_set)2278device_remove_file(&bmc->dev->dev,2279&bmc->aux_firmware_rev_attr);2280if (bmc->guid_set)2281device_remove_file(&bmc->dev->dev,2282&bmc->guid_attr);2283}22842285static void2286cleanup_bmc_device(struct kref *ref)2287{2288struct bmc_device *bmc;22892290bmc = container_of(ref, struct bmc_device, refcount);22912292remove_files(bmc);2293platform_device_unregister(bmc->dev);2294kfree(bmc);2295}22962297static void ipmi_bmc_unregister(ipmi_smi_t intf)2298{2299struct bmc_device *bmc = intf->bmc;23002301if (intf->sysfs_name) {2302sysfs_remove_link(&intf->si_dev->kobj, intf->sysfs_name);2303kfree(intf->sysfs_name);2304intf->sysfs_name = NULL;2305}2306if (intf->my_dev_name) {2307sysfs_remove_link(&bmc->dev->dev.kobj, intf->my_dev_name);2308kfree(intf->my_dev_name);2309intf->my_dev_name = NULL;2310}23112312mutex_lock(&ipmidriver_mutex);2313kref_put(&bmc->refcount, cleanup_bmc_device);2314intf->bmc = NULL;2315mutex_unlock(&ipmidriver_mutex);2316}23172318static int create_files(struct bmc_device *bmc)2319{2320int err;23212322bmc->device_id_attr.attr.name = "device_id";2323bmc->device_id_attr.attr.mode = S_IRUGO;2324bmc->device_id_attr.show = device_id_show;2325sysfs_attr_init(&bmc->device_id_attr.attr);23262327bmc->provides_dev_sdrs_attr.attr.name = "provides_device_sdrs";2328bmc->provides_dev_sdrs_attr.attr.mode = S_IRUGO;2329bmc->provides_dev_sdrs_attr.show = provides_dev_sdrs_show;2330sysfs_attr_init(&bmc->provides_dev_sdrs_attr.attr);23312332bmc->revision_attr.attr.name = "revision";2333bmc->revision_attr.attr.mode = S_IRUGO;2334bmc->revision_attr.show = revision_show;2335sysfs_attr_init(&bmc->revision_attr.attr);23362337bmc->firmware_rev_attr.attr.name = "firmware_revision";2338bmc->firmware_rev_attr.attr.mode = S_IRUGO;2339bmc->firmware_rev_attr.show = firmware_rev_show;2340sysfs_attr_init(&bmc->firmware_rev_attr.attr);23412342bmc->version_attr.attr.name = "ipmi_version";2343bmc->version_attr.attr.mode = S_IRUGO;2344bmc->version_attr.show = ipmi_version_show;2345sysfs_attr_init(&bmc->version_attr.attr);23462347bmc->add_dev_support_attr.attr.name = "additional_device_support";2348bmc->add_dev_support_attr.attr.mode = S_IRUGO;2349bmc->add_dev_support_attr.show = add_dev_support_show;2350sysfs_attr_init(&bmc->add_dev_support_attr.attr);23512352bmc->manufacturer_id_attr.attr.name = "manufacturer_id";2353bmc->manufacturer_id_attr.attr.mode = S_IRUGO;2354bmc->manufacturer_id_attr.show = manufacturer_id_show;2355sysfs_attr_init(&bmc->manufacturer_id_attr.attr);23562357bmc->product_id_attr.attr.name = "product_id";2358bmc->product_id_attr.attr.mode = S_IRUGO;2359bmc->product_id_attr.show = product_id_show;2360sysfs_attr_init(&bmc->product_id_attr.attr);23612362bmc->guid_attr.attr.name = "guid";2363bmc->guid_attr.attr.mode = S_IRUGO;2364bmc->guid_attr.show = guid_show;2365sysfs_attr_init(&bmc->guid_attr.attr);23662367bmc->aux_firmware_rev_attr.attr.name = "aux_firmware_revision";2368bmc->aux_firmware_rev_attr.attr.mode = S_IRUGO;2369bmc->aux_firmware_rev_attr.show = aux_firmware_rev_show;2370sysfs_attr_init(&bmc->aux_firmware_rev_attr.attr);23712372err = device_create_file(&bmc->dev->dev,2373&bmc->device_id_attr);2374if (err)2375goto out;2376err = device_create_file(&bmc->dev->dev,2377&bmc->provides_dev_sdrs_attr);2378if (err)2379goto out_devid;2380err = device_create_file(&bmc->dev->dev,2381&bmc->revision_attr);2382if (err)2383goto out_sdrs;2384err = device_create_file(&bmc->dev->dev,2385&bmc->firmware_rev_attr);2386if (err)2387goto out_rev;2388err = device_create_file(&bmc->dev->dev,2389&bmc->version_attr);2390if (err)2391goto out_firm;2392err = device_create_file(&bmc->dev->dev,2393&bmc->add_dev_support_attr);2394if (err)2395goto out_version;2396err = device_create_file(&bmc->dev->dev,2397&bmc->manufacturer_id_attr);2398if (err)2399goto out_add_dev;2400err = device_create_file(&bmc->dev->dev,2401&bmc->product_id_attr);2402if (err)2403goto out_manu;2404if (bmc->id.aux_firmware_revision_set) {2405err = device_create_file(&bmc->dev->dev,2406&bmc->aux_firmware_rev_attr);2407if (err)2408goto out_prod_id;2409}2410if (bmc->guid_set) {2411err = device_create_file(&bmc->dev->dev,2412&bmc->guid_attr);2413if (err)2414goto out_aux_firm;2415}24162417return 0;24182419out_aux_firm:2420if (bmc->id.aux_firmware_revision_set)2421device_remove_file(&bmc->dev->dev,2422&bmc->aux_firmware_rev_attr);2423out_prod_id:2424device_remove_file(&bmc->dev->dev,2425&bmc->product_id_attr);2426out_manu:2427device_remove_file(&bmc->dev->dev,2428&bmc->manufacturer_id_attr);2429out_add_dev:2430device_remove_file(&bmc->dev->dev,2431&bmc->add_dev_support_attr);2432out_version:2433device_remove_file(&bmc->dev->dev,2434&bmc->version_attr);2435out_firm:2436device_remove_file(&bmc->dev->dev,2437&bmc->firmware_rev_attr);2438out_rev:2439device_remove_file(&bmc->dev->dev,2440&bmc->revision_attr);2441out_sdrs:2442device_remove_file(&bmc->dev->dev,2443&bmc->provides_dev_sdrs_attr);2444out_devid:2445device_remove_file(&bmc->dev->dev,2446&bmc->device_id_attr);2447out:2448return err;2449}24502451static int ipmi_bmc_register(ipmi_smi_t intf, int ifnum,2452const char *sysfs_name)2453{2454int rv;2455struct bmc_device *bmc = intf->bmc;2456struct bmc_device *old_bmc;2457int size;2458char dummy[1];24592460mutex_lock(&ipmidriver_mutex);24612462/*2463* Try to find if there is an bmc_device struct2464* representing the interfaced BMC already2465*/2466if (bmc->guid_set)2467old_bmc = ipmi_find_bmc_guid(&ipmidriver.driver, bmc->guid);2468else2469old_bmc = ipmi_find_bmc_prod_dev_id(&ipmidriver.driver,2470bmc->id.product_id,2471bmc->id.device_id);24722473/*2474* If there is already an bmc_device, free the new one,2475* otherwise register the new BMC device2476*/2477if (old_bmc) {2478kfree(bmc);2479intf->bmc = old_bmc;2480bmc = old_bmc;24812482kref_get(&bmc->refcount);2483mutex_unlock(&ipmidriver_mutex);24842485printk(KERN_INFO2486"ipmi: interfacing existing BMC (man_id: 0x%6.6x,"2487" prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",2488bmc->id.manufacturer_id,2489bmc->id.product_id,2490bmc->id.device_id);2491} else {2492char name[14];2493unsigned char orig_dev_id = bmc->id.device_id;2494int warn_printed = 0;24952496snprintf(name, sizeof(name),2497"ipmi_bmc.%4.4x", bmc->id.product_id);24982499while (ipmi_find_bmc_prod_dev_id(&ipmidriver.driver,2500bmc->id.product_id,2501bmc->id.device_id)) {2502if (!warn_printed) {2503printk(KERN_WARNING PFX2504"This machine has two different BMCs"2505" with the same product id and device"2506" id. This is an error in the"2507" firmware, but incrementing the"2508" device id to work around the problem."2509" Prod ID = 0x%x, Dev ID = 0x%x\n",2510bmc->id.product_id, bmc->id.device_id);2511warn_printed = 1;2512}2513bmc->id.device_id++; /* Wraps at 255 */2514if (bmc->id.device_id == orig_dev_id) {2515printk(KERN_ERR PFX2516"Out of device ids!\n");2517break;2518}2519}25202521bmc->dev = platform_device_alloc(name, bmc->id.device_id);2522if (!bmc->dev) {2523mutex_unlock(&ipmidriver_mutex);2524printk(KERN_ERR2525"ipmi_msghandler:"2526" Unable to allocate platform device\n");2527return -ENOMEM;2528}2529bmc->dev->dev.driver = &ipmidriver.driver;2530dev_set_drvdata(&bmc->dev->dev, bmc);2531kref_init(&bmc->refcount);25322533rv = platform_device_add(bmc->dev);2534mutex_unlock(&ipmidriver_mutex);2535if (rv) {2536platform_device_put(bmc->dev);2537bmc->dev = NULL;2538printk(KERN_ERR2539"ipmi_msghandler:"2540" Unable to register bmc device: %d\n",2541rv);2542/*2543* Don't go to out_err, you can only do that if2544* the device is registered already.2545*/2546return rv;2547}25482549rv = create_files(bmc);2550if (rv) {2551mutex_lock(&ipmidriver_mutex);2552platform_device_unregister(bmc->dev);2553mutex_unlock(&ipmidriver_mutex);25542555return rv;2556}25572558dev_info(intf->si_dev, "Found new BMC (man_id: 0x%6.6x, "2559"prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",2560bmc->id.manufacturer_id,2561bmc->id.product_id,2562bmc->id.device_id);2563}25642565/*2566* create symlink from system interface device to bmc device2567* and back.2568*/2569intf->sysfs_name = kstrdup(sysfs_name, GFP_KERNEL);2570if (!intf->sysfs_name) {2571rv = -ENOMEM;2572printk(KERN_ERR2573"ipmi_msghandler: allocate link to BMC: %d\n",2574rv);2575goto out_err;2576}25772578rv = sysfs_create_link(&intf->si_dev->kobj,2579&bmc->dev->dev.kobj, intf->sysfs_name);2580if (rv) {2581kfree(intf->sysfs_name);2582intf->sysfs_name = NULL;2583printk(KERN_ERR2584"ipmi_msghandler: Unable to create bmc symlink: %d\n",2585rv);2586goto out_err;2587}25882589size = snprintf(dummy, 0, "ipmi%d", ifnum);2590intf->my_dev_name = kmalloc(size+1, GFP_KERNEL);2591if (!intf->my_dev_name) {2592kfree(intf->sysfs_name);2593intf->sysfs_name = NULL;2594rv = -ENOMEM;2595printk(KERN_ERR2596"ipmi_msghandler: allocate link from BMC: %d\n",2597rv);2598goto out_err;2599}2600snprintf(intf->my_dev_name, size+1, "ipmi%d", ifnum);26012602rv = sysfs_create_link(&bmc->dev->dev.kobj, &intf->si_dev->kobj,2603intf->my_dev_name);2604if (rv) {2605kfree(intf->sysfs_name);2606intf->sysfs_name = NULL;2607kfree(intf->my_dev_name);2608intf->my_dev_name = NULL;2609printk(KERN_ERR2610"ipmi_msghandler:"2611" Unable to create symlink to bmc: %d\n",2612rv);2613goto out_err;2614}26152616return 0;26172618out_err:2619ipmi_bmc_unregister(intf);2620return rv;2621}26222623static int2624send_guid_cmd(ipmi_smi_t intf, int chan)2625{2626struct kernel_ipmi_msg msg;2627struct ipmi_system_interface_addr si;26282629si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;2630si.channel = IPMI_BMC_CHANNEL;2631si.lun = 0;26322633msg.netfn = IPMI_NETFN_APP_REQUEST;2634msg.cmd = IPMI_GET_DEVICE_GUID_CMD;2635msg.data = NULL;2636msg.data_len = 0;2637return i_ipmi_request(NULL,2638intf,2639(struct ipmi_addr *) &si,26400,2641&msg,2642intf,2643NULL,2644NULL,26450,2646intf->channels[0].address,2647intf->channels[0].lun,2648-1, 0);2649}26502651static void2652guid_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)2653{2654if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE)2655|| (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE)2656|| (msg->msg.cmd != IPMI_GET_DEVICE_GUID_CMD))2657/* Not for me */2658return;26592660if (msg->msg.data[0] != 0) {2661/* Error from getting the GUID, the BMC doesn't have one. */2662intf->bmc->guid_set = 0;2663goto out;2664}26652666if (msg->msg.data_len < 17) {2667intf->bmc->guid_set = 0;2668printk(KERN_WARNING PFX2669"guid_handler: The GUID response from the BMC was too"2670" short, it was %d but should have been 17. Assuming"2671" GUID is not available.\n",2672msg->msg.data_len);2673goto out;2674}26752676memcpy(intf->bmc->guid, msg->msg.data, 16);2677intf->bmc->guid_set = 1;2678out:2679wake_up(&intf->waitq);2680}26812682static void2683get_guid(ipmi_smi_t intf)2684{2685int rv;26862687intf->bmc->guid_set = 0x2;2688intf->null_user_handler = guid_handler;2689rv = send_guid_cmd(intf, 0);2690if (rv)2691/* Send failed, no GUID available. */2692intf->bmc->guid_set = 0;2693wait_event(intf->waitq, intf->bmc->guid_set != 2);2694intf->null_user_handler = NULL;2695}26962697static int2698send_channel_info_cmd(ipmi_smi_t intf, int chan)2699{2700struct kernel_ipmi_msg msg;2701unsigned char data[1];2702struct ipmi_system_interface_addr si;27032704si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;2705si.channel = IPMI_BMC_CHANNEL;2706si.lun = 0;27072708msg.netfn = IPMI_NETFN_APP_REQUEST;2709msg.cmd = IPMI_GET_CHANNEL_INFO_CMD;2710msg.data = data;2711msg.data_len = 1;2712data[0] = chan;2713return i_ipmi_request(NULL,2714intf,2715(struct ipmi_addr *) &si,27160,2717&msg,2718intf,2719NULL,2720NULL,27210,2722intf->channels[0].address,2723intf->channels[0].lun,2724-1, 0);2725}27262727static void2728channel_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)2729{2730int rv = 0;2731int chan;27322733if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)2734&& (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)2735&& (msg->msg.cmd == IPMI_GET_CHANNEL_INFO_CMD)) {2736/* It's the one we want */2737if (msg->msg.data[0] != 0) {2738/* Got an error from the channel, just go on. */27392740if (msg->msg.data[0] == IPMI_INVALID_COMMAND_ERR) {2741/*2742* If the MC does not support this2743* command, that is legal. We just2744* assume it has one IPMB at channel2745* zero.2746*/2747intf->channels[0].medium2748= IPMI_CHANNEL_MEDIUM_IPMB;2749intf->channels[0].protocol2750= IPMI_CHANNEL_PROTOCOL_IPMB;2751rv = -ENOSYS;27522753intf->curr_channel = IPMI_MAX_CHANNELS;2754wake_up(&intf->waitq);2755goto out;2756}2757goto next_channel;2758}2759if (msg->msg.data_len < 4) {2760/* Message not big enough, just go on. */2761goto next_channel;2762}2763chan = intf->curr_channel;2764intf->channels[chan].medium = msg->msg.data[2] & 0x7f;2765intf->channels[chan].protocol = msg->msg.data[3] & 0x1f;27662767next_channel:2768intf->curr_channel++;2769if (intf->curr_channel >= IPMI_MAX_CHANNELS)2770wake_up(&intf->waitq);2771else2772rv = send_channel_info_cmd(intf, intf->curr_channel);27732774if (rv) {2775/* Got an error somehow, just give up. */2776intf->curr_channel = IPMI_MAX_CHANNELS;2777wake_up(&intf->waitq);27782779printk(KERN_WARNING PFX2780"Error sending channel information: %d\n",2781rv);2782}2783}2784out:2785return;2786}27872788void ipmi_poll_interface(ipmi_user_t user)2789{2790ipmi_smi_t intf = user->intf;27912792if (intf->handlers->poll)2793intf->handlers->poll(intf->send_info);2794}2795EXPORT_SYMBOL(ipmi_poll_interface);27962797int ipmi_register_smi(struct ipmi_smi_handlers *handlers,2798void *send_info,2799struct ipmi_device_id *device_id,2800struct device *si_dev,2801const char *sysfs_name,2802unsigned char slave_addr)2803{2804int i, j;2805int rv;2806ipmi_smi_t intf;2807ipmi_smi_t tintf;2808struct list_head *link;28092810/*2811* Make sure the driver is actually initialized, this handles2812* problems with initialization order.2813*/2814if (!initialized) {2815rv = ipmi_init_msghandler();2816if (rv)2817return rv;2818/*2819* The init code doesn't return an error if it was turned2820* off, but it won't initialize. Check that.2821*/2822if (!initialized)2823return -ENODEV;2824}28252826intf = kzalloc(sizeof(*intf), GFP_KERNEL);2827if (!intf)2828return -ENOMEM;28292830intf->ipmi_version_major = ipmi_version_major(device_id);2831intf->ipmi_version_minor = ipmi_version_minor(device_id);28322833intf->bmc = kzalloc(sizeof(*intf->bmc), GFP_KERNEL);2834if (!intf->bmc) {2835kfree(intf);2836return -ENOMEM;2837}2838intf->intf_num = -1; /* Mark it invalid for now. */2839kref_init(&intf->refcount);2840intf->bmc->id = *device_id;2841intf->si_dev = si_dev;2842for (j = 0; j < IPMI_MAX_CHANNELS; j++) {2843intf->channels[j].address = IPMI_BMC_SLAVE_ADDR;2844intf->channels[j].lun = 2;2845}2846if (slave_addr != 0)2847intf->channels[0].address = slave_addr;2848INIT_LIST_HEAD(&intf->users);2849intf->handlers = handlers;2850intf->send_info = send_info;2851spin_lock_init(&intf->seq_lock);2852for (j = 0; j < IPMI_IPMB_NUM_SEQ; j++) {2853intf->seq_table[j].inuse = 0;2854intf->seq_table[j].seqid = 0;2855}2856intf->curr_seq = 0;2857#ifdef CONFIG_PROC_FS2858mutex_init(&intf->proc_entry_lock);2859#endif2860spin_lock_init(&intf->waiting_msgs_lock);2861INIT_LIST_HEAD(&intf->waiting_msgs);2862spin_lock_init(&intf->events_lock);2863INIT_LIST_HEAD(&intf->waiting_events);2864intf->waiting_events_count = 0;2865mutex_init(&intf->cmd_rcvrs_mutex);2866spin_lock_init(&intf->maintenance_mode_lock);2867INIT_LIST_HEAD(&intf->cmd_rcvrs);2868init_waitqueue_head(&intf->waitq);2869for (i = 0; i < IPMI_NUM_STATS; i++)2870atomic_set(&intf->stats[i], 0);28712872intf->proc_dir = NULL;28732874mutex_lock(&smi_watchers_mutex);2875mutex_lock(&ipmi_interfaces_mutex);2876/* Look for a hole in the numbers. */2877i = 0;2878link = &ipmi_interfaces;2879list_for_each_entry_rcu(tintf, &ipmi_interfaces, link) {2880if (tintf->intf_num != i) {2881link = &tintf->link;2882break;2883}2884i++;2885}2886/* Add the new interface in numeric order. */2887if (i == 0)2888list_add_rcu(&intf->link, &ipmi_interfaces);2889else2890list_add_tail_rcu(&intf->link, link);28912892rv = handlers->start_processing(send_info, intf);2893if (rv)2894goto out;28952896get_guid(intf);28972898if ((intf->ipmi_version_major > 1)2899|| ((intf->ipmi_version_major == 1)2900&& (intf->ipmi_version_minor >= 5))) {2901/*2902* Start scanning the channels to see what is2903* available.2904*/2905intf->null_user_handler = channel_handler;2906intf->curr_channel = 0;2907rv = send_channel_info_cmd(intf, 0);2908if (rv)2909goto out;29102911/* Wait for the channel info to be read. */2912wait_event(intf->waitq,2913intf->curr_channel >= IPMI_MAX_CHANNELS);2914intf->null_user_handler = NULL;2915} else {2916/* Assume a single IPMB channel at zero. */2917intf->channels[0].medium = IPMI_CHANNEL_MEDIUM_IPMB;2918intf->channels[0].protocol = IPMI_CHANNEL_PROTOCOL_IPMB;2919intf->curr_channel = IPMI_MAX_CHANNELS;2920}29212922if (rv == 0)2923rv = add_proc_entries(intf, i);29242925rv = ipmi_bmc_register(intf, i, sysfs_name);29262927out:2928if (rv) {2929if (intf->proc_dir)2930remove_proc_entries(intf);2931intf->handlers = NULL;2932list_del_rcu(&intf->link);2933mutex_unlock(&ipmi_interfaces_mutex);2934mutex_unlock(&smi_watchers_mutex);2935synchronize_rcu();2936kref_put(&intf->refcount, intf_free);2937} else {2938/*2939* Keep memory order straight for RCU readers. Make2940* sure everything else is committed to memory before2941* setting intf_num to mark the interface valid.2942*/2943smp_wmb();2944intf->intf_num = i;2945mutex_unlock(&ipmi_interfaces_mutex);2946/* After this point the interface is legal to use. */2947call_smi_watchers(i, intf->si_dev);2948mutex_unlock(&smi_watchers_mutex);2949}29502951return rv;2952}2953EXPORT_SYMBOL(ipmi_register_smi);29542955static void cleanup_smi_msgs(ipmi_smi_t intf)2956{2957int i;2958struct seq_table *ent;29592960/* No need for locks, the interface is down. */2961for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {2962ent = &(intf->seq_table[i]);2963if (!ent->inuse)2964continue;2965deliver_err_response(ent->recv_msg, IPMI_ERR_UNSPECIFIED);2966}2967}29682969int ipmi_unregister_smi(ipmi_smi_t intf)2970{2971struct ipmi_smi_watcher *w;2972int intf_num = intf->intf_num;29732974ipmi_bmc_unregister(intf);29752976mutex_lock(&smi_watchers_mutex);2977mutex_lock(&ipmi_interfaces_mutex);2978intf->intf_num = -1;2979intf->handlers = NULL;2980list_del_rcu(&intf->link);2981mutex_unlock(&ipmi_interfaces_mutex);2982synchronize_rcu();29832984cleanup_smi_msgs(intf);29852986remove_proc_entries(intf);29872988/*2989* Call all the watcher interfaces to tell them that2990* an interface is gone.2991*/2992list_for_each_entry(w, &smi_watchers, link)2993w->smi_gone(intf_num);2994mutex_unlock(&smi_watchers_mutex);29952996kref_put(&intf->refcount, intf_free);2997return 0;2998}2999EXPORT_SYMBOL(ipmi_unregister_smi);30003001static int handle_ipmb_get_msg_rsp(ipmi_smi_t intf,3002struct ipmi_smi_msg *msg)3003{3004struct ipmi_ipmb_addr ipmb_addr;3005struct ipmi_recv_msg *recv_msg;30063007/*3008* This is 11, not 10, because the response must contain a3009* completion code.3010*/3011if (msg->rsp_size < 11) {3012/* Message not big enough, just ignore it. */3013ipmi_inc_stat(intf, invalid_ipmb_responses);3014return 0;3015}30163017if (msg->rsp[2] != 0) {3018/* An error getting the response, just ignore it. */3019return 0;3020}30213022ipmb_addr.addr_type = IPMI_IPMB_ADDR_TYPE;3023ipmb_addr.slave_addr = msg->rsp[6];3024ipmb_addr.channel = msg->rsp[3] & 0x0f;3025ipmb_addr.lun = msg->rsp[7] & 3;30263027/*3028* It's a response from a remote entity. Look up the sequence3029* number and handle the response.3030*/3031if (intf_find_seq(intf,3032msg->rsp[7] >> 2,3033msg->rsp[3] & 0x0f,3034msg->rsp[8],3035(msg->rsp[4] >> 2) & (~1),3036(struct ipmi_addr *) &(ipmb_addr),3037&recv_msg)) {3038/*3039* We were unable to find the sequence number,3040* so just nuke the message.3041*/3042ipmi_inc_stat(intf, unhandled_ipmb_responses);3043return 0;3044}30453046memcpy(recv_msg->msg_data,3047&(msg->rsp[9]),3048msg->rsp_size - 9);3049/*3050* The other fields matched, so no need to set them, except3051* for netfn, which needs to be the response that was3052* returned, not the request value.3053*/3054recv_msg->msg.netfn = msg->rsp[4] >> 2;3055recv_msg->msg.data = recv_msg->msg_data;3056recv_msg->msg.data_len = msg->rsp_size - 10;3057recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;3058ipmi_inc_stat(intf, handled_ipmb_responses);3059deliver_response(recv_msg);30603061return 0;3062}30633064static int handle_ipmb_get_msg_cmd(ipmi_smi_t intf,3065struct ipmi_smi_msg *msg)3066{3067struct cmd_rcvr *rcvr;3068int rv = 0;3069unsigned char netfn;3070unsigned char cmd;3071unsigned char chan;3072ipmi_user_t user = NULL;3073struct ipmi_ipmb_addr *ipmb_addr;3074struct ipmi_recv_msg *recv_msg;3075struct ipmi_smi_handlers *handlers;30763077if (msg->rsp_size < 10) {3078/* Message not big enough, just ignore it. */3079ipmi_inc_stat(intf, invalid_commands);3080return 0;3081}30823083if (msg->rsp[2] != 0) {3084/* An error getting the response, just ignore it. */3085return 0;3086}30873088netfn = msg->rsp[4] >> 2;3089cmd = msg->rsp[8];3090chan = msg->rsp[3] & 0xf;30913092rcu_read_lock();3093rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);3094if (rcvr) {3095user = rcvr->user;3096kref_get(&user->refcount);3097} else3098user = NULL;3099rcu_read_unlock();31003101if (user == NULL) {3102/* We didn't find a user, deliver an error response. */3103ipmi_inc_stat(intf, unhandled_commands);31043105msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);3106msg->data[1] = IPMI_SEND_MSG_CMD;3107msg->data[2] = msg->rsp[3];3108msg->data[3] = msg->rsp[6];3109msg->data[4] = ((netfn + 1) << 2) | (msg->rsp[7] & 0x3);3110msg->data[5] = ipmb_checksum(&(msg->data[3]), 2);3111msg->data[6] = intf->channels[msg->rsp[3] & 0xf].address;3112/* rqseq/lun */3113msg->data[7] = (msg->rsp[7] & 0xfc) | (msg->rsp[4] & 0x3);3114msg->data[8] = msg->rsp[8]; /* cmd */3115msg->data[9] = IPMI_INVALID_CMD_COMPLETION_CODE;3116msg->data[10] = ipmb_checksum(&(msg->data[6]), 4);3117msg->data_size = 11;31183119#ifdef DEBUG_MSGING3120{3121int m;3122printk("Invalid command:");3123for (m = 0; m < msg->data_size; m++)3124printk(" %2.2x", msg->data[m]);3125printk("\n");3126}3127#endif3128rcu_read_lock();3129handlers = intf->handlers;3130if (handlers) {3131handlers->sender(intf->send_info, msg, 0);3132/*3133* We used the message, so return the value3134* that causes it to not be freed or3135* queued.3136*/3137rv = -1;3138}3139rcu_read_unlock();3140} else {3141/* Deliver the message to the user. */3142ipmi_inc_stat(intf, handled_commands);31433144recv_msg = ipmi_alloc_recv_msg();3145if (!recv_msg) {3146/*3147* We couldn't allocate memory for the3148* message, so requeue it for handling3149* later.3150*/3151rv = 1;3152kref_put(&user->refcount, free_user);3153} else {3154/* Extract the source address from the data. */3155ipmb_addr = (struct ipmi_ipmb_addr *) &recv_msg->addr;3156ipmb_addr->addr_type = IPMI_IPMB_ADDR_TYPE;3157ipmb_addr->slave_addr = msg->rsp[6];3158ipmb_addr->lun = msg->rsp[7] & 3;3159ipmb_addr->channel = msg->rsp[3] & 0xf;31603161/*3162* Extract the rest of the message information3163* from the IPMB header.3164*/3165recv_msg->user = user;3166recv_msg->recv_type = IPMI_CMD_RECV_TYPE;3167recv_msg->msgid = msg->rsp[7] >> 2;3168recv_msg->msg.netfn = msg->rsp[4] >> 2;3169recv_msg->msg.cmd = msg->rsp[8];3170recv_msg->msg.data = recv_msg->msg_data;31713172/*3173* We chop off 10, not 9 bytes because the checksum3174* at the end also needs to be removed.3175*/3176recv_msg->msg.data_len = msg->rsp_size - 10;3177memcpy(recv_msg->msg_data,3178&(msg->rsp[9]),3179msg->rsp_size - 10);3180deliver_response(recv_msg);3181}3182}31833184return rv;3185}31863187static int handle_lan_get_msg_rsp(ipmi_smi_t intf,3188struct ipmi_smi_msg *msg)3189{3190struct ipmi_lan_addr lan_addr;3191struct ipmi_recv_msg *recv_msg;319231933194/*3195* This is 13, not 12, because the response must contain a3196* completion code.3197*/3198if (msg->rsp_size < 13) {3199/* Message not big enough, just ignore it. */3200ipmi_inc_stat(intf, invalid_lan_responses);3201return 0;3202}32033204if (msg->rsp[2] != 0) {3205/* An error getting the response, just ignore it. */3206return 0;3207}32083209lan_addr.addr_type = IPMI_LAN_ADDR_TYPE;3210lan_addr.session_handle = msg->rsp[4];3211lan_addr.remote_SWID = msg->rsp[8];3212lan_addr.local_SWID = msg->rsp[5];3213lan_addr.channel = msg->rsp[3] & 0x0f;3214lan_addr.privilege = msg->rsp[3] >> 4;3215lan_addr.lun = msg->rsp[9] & 3;32163217/*3218* It's a response from a remote entity. Look up the sequence3219* number and handle the response.3220*/3221if (intf_find_seq(intf,3222msg->rsp[9] >> 2,3223msg->rsp[3] & 0x0f,3224msg->rsp[10],3225(msg->rsp[6] >> 2) & (~1),3226(struct ipmi_addr *) &(lan_addr),3227&recv_msg)) {3228/*3229* We were unable to find the sequence number,3230* so just nuke the message.3231*/3232ipmi_inc_stat(intf, unhandled_lan_responses);3233return 0;3234}32353236memcpy(recv_msg->msg_data,3237&(msg->rsp[11]),3238msg->rsp_size - 11);3239/*3240* The other fields matched, so no need to set them, except3241* for netfn, which needs to be the response that was3242* returned, not the request value.3243*/3244recv_msg->msg.netfn = msg->rsp[6] >> 2;3245recv_msg->msg.data = recv_msg->msg_data;3246recv_msg->msg.data_len = msg->rsp_size - 12;3247recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;3248ipmi_inc_stat(intf, handled_lan_responses);3249deliver_response(recv_msg);32503251return 0;3252}32533254static int handle_lan_get_msg_cmd(ipmi_smi_t intf,3255struct ipmi_smi_msg *msg)3256{3257struct cmd_rcvr *rcvr;3258int rv = 0;3259unsigned char netfn;3260unsigned char cmd;3261unsigned char chan;3262ipmi_user_t user = NULL;3263struct ipmi_lan_addr *lan_addr;3264struct ipmi_recv_msg *recv_msg;32653266if (msg->rsp_size < 12) {3267/* Message not big enough, just ignore it. */3268ipmi_inc_stat(intf, invalid_commands);3269return 0;3270}32713272if (msg->rsp[2] != 0) {3273/* An error getting the response, just ignore it. */3274return 0;3275}32763277netfn = msg->rsp[6] >> 2;3278cmd = msg->rsp[10];3279chan = msg->rsp[3] & 0xf;32803281rcu_read_lock();3282rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);3283if (rcvr) {3284user = rcvr->user;3285kref_get(&user->refcount);3286} else3287user = NULL;3288rcu_read_unlock();32893290if (user == NULL) {3291/* We didn't find a user, just give up. */3292ipmi_inc_stat(intf, unhandled_commands);32933294/*3295* Don't do anything with these messages, just allow3296* them to be freed.3297*/3298rv = 0;3299} else {3300/* Deliver the message to the user. */3301ipmi_inc_stat(intf, handled_commands);33023303recv_msg = ipmi_alloc_recv_msg();3304if (!recv_msg) {3305/*3306* We couldn't allocate memory for the3307* message, so requeue it for handling later.3308*/3309rv = 1;3310kref_put(&user->refcount, free_user);3311} else {3312/* Extract the source address from the data. */3313lan_addr = (struct ipmi_lan_addr *) &recv_msg->addr;3314lan_addr->addr_type = IPMI_LAN_ADDR_TYPE;3315lan_addr->session_handle = msg->rsp[4];3316lan_addr->remote_SWID = msg->rsp[8];3317lan_addr->local_SWID = msg->rsp[5];3318lan_addr->lun = msg->rsp[9] & 3;3319lan_addr->channel = msg->rsp[3] & 0xf;3320lan_addr->privilege = msg->rsp[3] >> 4;33213322/*3323* Extract the rest of the message information3324* from the IPMB header.3325*/3326recv_msg->user = user;3327recv_msg->recv_type = IPMI_CMD_RECV_TYPE;3328recv_msg->msgid = msg->rsp[9] >> 2;3329recv_msg->msg.netfn = msg->rsp[6] >> 2;3330recv_msg->msg.cmd = msg->rsp[10];3331recv_msg->msg.data = recv_msg->msg_data;33323333/*3334* We chop off 12, not 11 bytes because the checksum3335* at the end also needs to be removed.3336*/3337recv_msg->msg.data_len = msg->rsp_size - 12;3338memcpy(recv_msg->msg_data,3339&(msg->rsp[11]),3340msg->rsp_size - 12);3341deliver_response(recv_msg);3342}3343}33443345return rv;3346}33473348/*3349* This routine will handle "Get Message" command responses with3350* channels that use an OEM Medium. The message format belongs to3351* the OEM. See IPMI 2.0 specification, Chapter 6 and3352* Chapter 22, sections 22.6 and 22.24 for more details.3353*/3354static int handle_oem_get_msg_cmd(ipmi_smi_t intf,3355struct ipmi_smi_msg *msg)3356{3357struct cmd_rcvr *rcvr;3358int rv = 0;3359unsigned char netfn;3360unsigned char cmd;3361unsigned char chan;3362ipmi_user_t user = NULL;3363struct ipmi_system_interface_addr *smi_addr;3364struct ipmi_recv_msg *recv_msg;33653366/*3367* We expect the OEM SW to perform error checking3368* so we just do some basic sanity checks3369*/3370if (msg->rsp_size < 4) {3371/* Message not big enough, just ignore it. */3372ipmi_inc_stat(intf, invalid_commands);3373return 0;3374}33753376if (msg->rsp[2] != 0) {3377/* An error getting the response, just ignore it. */3378return 0;3379}33803381/*3382* This is an OEM Message so the OEM needs to know how3383* handle the message. We do no interpretation.3384*/3385netfn = msg->rsp[0] >> 2;3386cmd = msg->rsp[1];3387chan = msg->rsp[3] & 0xf;33883389rcu_read_lock();3390rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);3391if (rcvr) {3392user = rcvr->user;3393kref_get(&user->refcount);3394} else3395user = NULL;3396rcu_read_unlock();33973398if (user == NULL) {3399/* We didn't find a user, just give up. */3400ipmi_inc_stat(intf, unhandled_commands);34013402/*3403* Don't do anything with these messages, just allow3404* them to be freed.3405*/34063407rv = 0;3408} else {3409/* Deliver the message to the user. */3410ipmi_inc_stat(intf, handled_commands);34113412recv_msg = ipmi_alloc_recv_msg();3413if (!recv_msg) {3414/*3415* We couldn't allocate memory for the3416* message, so requeue it for handling3417* later.3418*/3419rv = 1;3420kref_put(&user->refcount, free_user);3421} else {3422/*3423* OEM Messages are expected to be delivered via3424* the system interface to SMS software. We might3425* need to visit this again depending on OEM3426* requirements3427*/3428smi_addr = ((struct ipmi_system_interface_addr *)3429&(recv_msg->addr));3430smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;3431smi_addr->channel = IPMI_BMC_CHANNEL;3432smi_addr->lun = msg->rsp[0] & 3;34333434recv_msg->user = user;3435recv_msg->user_msg_data = NULL;3436recv_msg->recv_type = IPMI_OEM_RECV_TYPE;3437recv_msg->msg.netfn = msg->rsp[0] >> 2;3438recv_msg->msg.cmd = msg->rsp[1];3439recv_msg->msg.data = recv_msg->msg_data;34403441/*3442* The message starts at byte 4 which follows the3443* the Channel Byte in the "GET MESSAGE" command3444*/3445recv_msg->msg.data_len = msg->rsp_size - 4;3446memcpy(recv_msg->msg_data,3447&(msg->rsp[4]),3448msg->rsp_size - 4);3449deliver_response(recv_msg);3450}3451}34523453return rv;3454}34553456static void copy_event_into_recv_msg(struct ipmi_recv_msg *recv_msg,3457struct ipmi_smi_msg *msg)3458{3459struct ipmi_system_interface_addr *smi_addr;34603461recv_msg->msgid = 0;3462smi_addr = (struct ipmi_system_interface_addr *) &(recv_msg->addr);3463smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;3464smi_addr->channel = IPMI_BMC_CHANNEL;3465smi_addr->lun = msg->rsp[0] & 3;3466recv_msg->recv_type = IPMI_ASYNC_EVENT_RECV_TYPE;3467recv_msg->msg.netfn = msg->rsp[0] >> 2;3468recv_msg->msg.cmd = msg->rsp[1];3469memcpy(recv_msg->msg_data, &(msg->rsp[3]), msg->rsp_size - 3);3470recv_msg->msg.data = recv_msg->msg_data;3471recv_msg->msg.data_len = msg->rsp_size - 3;3472}34733474static int handle_read_event_rsp(ipmi_smi_t intf,3475struct ipmi_smi_msg *msg)3476{3477struct ipmi_recv_msg *recv_msg, *recv_msg2;3478struct list_head msgs;3479ipmi_user_t user;3480int rv = 0;3481int deliver_count = 0;3482unsigned long flags;34833484if (msg->rsp_size < 19) {3485/* Message is too small to be an IPMB event. */3486ipmi_inc_stat(intf, invalid_events);3487return 0;3488}34893490if (msg->rsp[2] != 0) {3491/* An error getting the event, just ignore it. */3492return 0;3493}34943495INIT_LIST_HEAD(&msgs);34963497spin_lock_irqsave(&intf->events_lock, flags);34983499ipmi_inc_stat(intf, events);35003501/*3502* Allocate and fill in one message for every user that is3503* getting events.3504*/3505rcu_read_lock();3506list_for_each_entry_rcu(user, &intf->users, link) {3507if (!user->gets_events)3508continue;35093510recv_msg = ipmi_alloc_recv_msg();3511if (!recv_msg) {3512rcu_read_unlock();3513list_for_each_entry_safe(recv_msg, recv_msg2, &msgs,3514link) {3515list_del(&recv_msg->link);3516ipmi_free_recv_msg(recv_msg);3517}3518/*3519* We couldn't allocate memory for the3520* message, so requeue it for handling3521* later.3522*/3523rv = 1;3524goto out;3525}35263527deliver_count++;35283529copy_event_into_recv_msg(recv_msg, msg);3530recv_msg->user = user;3531kref_get(&user->refcount);3532list_add_tail(&(recv_msg->link), &msgs);3533}3534rcu_read_unlock();35353536if (deliver_count) {3537/* Now deliver all the messages. */3538list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) {3539list_del(&recv_msg->link);3540deliver_response(recv_msg);3541}3542} else if (intf->waiting_events_count < MAX_EVENTS_IN_QUEUE) {3543/*3544* No one to receive the message, put it in queue if there's3545* not already too many things in the queue.3546*/3547recv_msg = ipmi_alloc_recv_msg();3548if (!recv_msg) {3549/*3550* We couldn't allocate memory for the3551* message, so requeue it for handling3552* later.3553*/3554rv = 1;3555goto out;3556}35573558copy_event_into_recv_msg(recv_msg, msg);3559list_add_tail(&(recv_msg->link), &(intf->waiting_events));3560intf->waiting_events_count++;3561} else if (!intf->event_msg_printed) {3562/*3563* There's too many things in the queue, discard this3564* message.3565*/3566printk(KERN_WARNING PFX "Event queue full, discarding"3567" incoming events\n");3568intf->event_msg_printed = 1;3569}35703571out:3572spin_unlock_irqrestore(&(intf->events_lock), flags);35733574return rv;3575}35763577static int handle_bmc_rsp(ipmi_smi_t intf,3578struct ipmi_smi_msg *msg)3579{3580struct ipmi_recv_msg *recv_msg;3581struct ipmi_user *user;35823583recv_msg = (struct ipmi_recv_msg *) msg->user_data;3584if (recv_msg == NULL) {3585printk(KERN_WARNING3586"IPMI message received with no owner. This\n"3587"could be because of a malformed message, or\n"3588"because of a hardware error. Contact your\n"3589"hardware vender for assistance\n");3590return 0;3591}35923593user = recv_msg->user;3594/* Make sure the user still exists. */3595if (user && !user->valid) {3596/* The user for the message went away, so give up. */3597ipmi_inc_stat(intf, unhandled_local_responses);3598ipmi_free_recv_msg(recv_msg);3599} else {3600struct ipmi_system_interface_addr *smi_addr;36013602ipmi_inc_stat(intf, handled_local_responses);3603recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;3604recv_msg->msgid = msg->msgid;3605smi_addr = ((struct ipmi_system_interface_addr *)3606&(recv_msg->addr));3607smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;3608smi_addr->channel = IPMI_BMC_CHANNEL;3609smi_addr->lun = msg->rsp[0] & 3;3610recv_msg->msg.netfn = msg->rsp[0] >> 2;3611recv_msg->msg.cmd = msg->rsp[1];3612memcpy(recv_msg->msg_data,3613&(msg->rsp[2]),3614msg->rsp_size - 2);3615recv_msg->msg.data = recv_msg->msg_data;3616recv_msg->msg.data_len = msg->rsp_size - 2;3617deliver_response(recv_msg);3618}36193620return 0;3621}36223623/*3624* Handle a new message. Return 1 if the message should be requeued,3625* 0 if the message should be freed, or -1 if the message should not3626* be freed or requeued.3627*/3628static int handle_new_recv_msg(ipmi_smi_t intf,3629struct ipmi_smi_msg *msg)3630{3631int requeue;3632int chan;36333634#ifdef DEBUG_MSGING3635int m;3636printk("Recv:");3637for (m = 0; m < msg->rsp_size; m++)3638printk(" %2.2x", msg->rsp[m]);3639printk("\n");3640#endif3641if (msg->rsp_size < 2) {3642/* Message is too small to be correct. */3643printk(KERN_WARNING PFX "BMC returned to small a message"3644" for netfn %x cmd %x, got %d bytes\n",3645(msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size);36463647/* Generate an error response for the message. */3648msg->rsp[0] = msg->data[0] | (1 << 2);3649msg->rsp[1] = msg->data[1];3650msg->rsp[2] = IPMI_ERR_UNSPECIFIED;3651msg->rsp_size = 3;3652} else if (((msg->rsp[0] >> 2) != ((msg->data[0] >> 2) | 1))3653|| (msg->rsp[1] != msg->data[1])) {3654/*3655* The NetFN and Command in the response is not even3656* marginally correct.3657*/3658printk(KERN_WARNING PFX "BMC returned incorrect response,"3659" expected netfn %x cmd %x, got netfn %x cmd %x\n",3660(msg->data[0] >> 2) | 1, msg->data[1],3661msg->rsp[0] >> 2, msg->rsp[1]);36623663/* Generate an error response for the message. */3664msg->rsp[0] = msg->data[0] | (1 << 2);3665msg->rsp[1] = msg->data[1];3666msg->rsp[2] = IPMI_ERR_UNSPECIFIED;3667msg->rsp_size = 3;3668}36693670if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))3671&& (msg->rsp[1] == IPMI_SEND_MSG_CMD)3672&& (msg->user_data != NULL)) {3673/*3674* It's a response to a response we sent. For this we3675* deliver a send message response to the user.3676*/3677struct ipmi_recv_msg *recv_msg = msg->user_data;36783679requeue = 0;3680if (msg->rsp_size < 2)3681/* Message is too small to be correct. */3682goto out;36833684chan = msg->data[2] & 0x0f;3685if (chan >= IPMI_MAX_CHANNELS)3686/* Invalid channel number */3687goto out;36883689if (!recv_msg)3690goto out;36913692/* Make sure the user still exists. */3693if (!recv_msg->user || !recv_msg->user->valid)3694goto out;36953696recv_msg->recv_type = IPMI_RESPONSE_RESPONSE_TYPE;3697recv_msg->msg.data = recv_msg->msg_data;3698recv_msg->msg.data_len = 1;3699recv_msg->msg_data[0] = msg->rsp[2];3700deliver_response(recv_msg);3701} else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))3702&& (msg->rsp[1] == IPMI_GET_MSG_CMD)) {3703/* It's from the receive queue. */3704chan = msg->rsp[3] & 0xf;3705if (chan >= IPMI_MAX_CHANNELS) {3706/* Invalid channel number */3707requeue = 0;3708goto out;3709}37103711/*3712* We need to make sure the channels have been initialized.3713* The channel_handler routine will set the "curr_channel"3714* equal to or greater than IPMI_MAX_CHANNELS when all the3715* channels for this interface have been initialized.3716*/3717if (intf->curr_channel < IPMI_MAX_CHANNELS) {3718requeue = 0; /* Throw the message away */3719goto out;3720}37213722switch (intf->channels[chan].medium) {3723case IPMI_CHANNEL_MEDIUM_IPMB:3724if (msg->rsp[4] & 0x04) {3725/*3726* It's a response, so find the3727* requesting message and send it up.3728*/3729requeue = handle_ipmb_get_msg_rsp(intf, msg);3730} else {3731/*3732* It's a command to the SMS from some other3733* entity. Handle that.3734*/3735requeue = handle_ipmb_get_msg_cmd(intf, msg);3736}3737break;37383739case IPMI_CHANNEL_MEDIUM_8023LAN:3740case IPMI_CHANNEL_MEDIUM_ASYNC:3741if (msg->rsp[6] & 0x04) {3742/*3743* It's a response, so find the3744* requesting message and send it up.3745*/3746requeue = handle_lan_get_msg_rsp(intf, msg);3747} else {3748/*3749* It's a command to the SMS from some other3750* entity. Handle that.3751*/3752requeue = handle_lan_get_msg_cmd(intf, msg);3753}3754break;37553756default:3757/* Check for OEM Channels. Clients had better3758register for these commands. */3759if ((intf->channels[chan].medium3760>= IPMI_CHANNEL_MEDIUM_OEM_MIN)3761&& (intf->channels[chan].medium3762<= IPMI_CHANNEL_MEDIUM_OEM_MAX)) {3763requeue = handle_oem_get_msg_cmd(intf, msg);3764} else {3765/*3766* We don't handle the channel type, so just3767* free the message.3768*/3769requeue = 0;3770}3771}37723773} else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))3774&& (msg->rsp[1] == IPMI_READ_EVENT_MSG_BUFFER_CMD)) {3775/* It's an asyncronous event. */3776requeue = handle_read_event_rsp(intf, msg);3777} else {3778/* It's a response from the local BMC. */3779requeue = handle_bmc_rsp(intf, msg);3780}37813782out:3783return requeue;3784}37853786/* Handle a new message from the lower layer. */3787void ipmi_smi_msg_received(ipmi_smi_t intf,3788struct ipmi_smi_msg *msg)3789{3790unsigned long flags = 0; /* keep us warning-free. */3791int rv;3792int run_to_completion;379337943795if ((msg->data_size >= 2)3796&& (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2))3797&& (msg->data[1] == IPMI_SEND_MSG_CMD)3798&& (msg->user_data == NULL)) {3799/*3800* This is the local response to a command send, start3801* the timer for these. The user_data will not be3802* NULL if this is a response send, and we will let3803* response sends just go through.3804*/38053806/*3807* Check for errors, if we get certain errors (ones3808* that mean basically we can try again later), we3809* ignore them and start the timer. Otherwise we3810* report the error immediately.3811*/3812if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0)3813&& (msg->rsp[2] != IPMI_NODE_BUSY_ERR)3814&& (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR)3815&& (msg->rsp[2] != IPMI_BUS_ERR)3816&& (msg->rsp[2] != IPMI_NAK_ON_WRITE_ERR)) {3817int chan = msg->rsp[3] & 0xf;38183819/* Got an error sending the message, handle it. */3820if (chan >= IPMI_MAX_CHANNELS)3821; /* This shouldn't happen */3822else if ((intf->channels[chan].medium3823== IPMI_CHANNEL_MEDIUM_8023LAN)3824|| (intf->channels[chan].medium3825== IPMI_CHANNEL_MEDIUM_ASYNC))3826ipmi_inc_stat(intf, sent_lan_command_errs);3827else3828ipmi_inc_stat(intf, sent_ipmb_command_errs);3829intf_err_seq(intf, msg->msgid, msg->rsp[2]);3830} else3831/* The message was sent, start the timer. */3832intf_start_seq_timer(intf, msg->msgid);38333834ipmi_free_smi_msg(msg);3835goto out;3836}38373838/*3839* To preserve message order, if the list is not empty, we3840* tack this message onto the end of the list.3841*/3842run_to_completion = intf->run_to_completion;3843if (!run_to_completion)3844spin_lock_irqsave(&intf->waiting_msgs_lock, flags);3845if (!list_empty(&intf->waiting_msgs)) {3846list_add_tail(&msg->link, &intf->waiting_msgs);3847if (!run_to_completion)3848spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);3849goto out;3850}3851if (!run_to_completion)3852spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);38533854rv = handle_new_recv_msg(intf, msg);3855if (rv > 0) {3856/*3857* Could not handle the message now, just add it to a3858* list to handle later.3859*/3860run_to_completion = intf->run_to_completion;3861if (!run_to_completion)3862spin_lock_irqsave(&intf->waiting_msgs_lock, flags);3863list_add_tail(&msg->link, &intf->waiting_msgs);3864if (!run_to_completion)3865spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);3866} else if (rv == 0) {3867ipmi_free_smi_msg(msg);3868}38693870out:3871return;3872}3873EXPORT_SYMBOL(ipmi_smi_msg_received);38743875void ipmi_smi_watchdog_pretimeout(ipmi_smi_t intf)3876{3877ipmi_user_t user;38783879rcu_read_lock();3880list_for_each_entry_rcu(user, &intf->users, link) {3881if (!user->handler->ipmi_watchdog_pretimeout)3882continue;38833884user->handler->ipmi_watchdog_pretimeout(user->handler_data);3885}3886rcu_read_unlock();3887}3888EXPORT_SYMBOL(ipmi_smi_watchdog_pretimeout);38893890static struct ipmi_smi_msg *3891smi_from_recv_msg(ipmi_smi_t intf, struct ipmi_recv_msg *recv_msg,3892unsigned char seq, long seqid)3893{3894struct ipmi_smi_msg *smi_msg = ipmi_alloc_smi_msg();3895if (!smi_msg)3896/*3897* If we can't allocate the message, then just return, we3898* get 4 retries, so this should be ok.3899*/3900return NULL;39013902memcpy(smi_msg->data, recv_msg->msg.data, recv_msg->msg.data_len);3903smi_msg->data_size = recv_msg->msg.data_len;3904smi_msg->msgid = STORE_SEQ_IN_MSGID(seq, seqid);39053906#ifdef DEBUG_MSGING3907{3908int m;3909printk("Resend: ");3910for (m = 0; m < smi_msg->data_size; m++)3911printk(" %2.2x", smi_msg->data[m]);3912printk("\n");3913}3914#endif3915return smi_msg;3916}39173918static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent,3919struct list_head *timeouts, long timeout_period,3920int slot, unsigned long *flags)3921{3922struct ipmi_recv_msg *msg;3923struct ipmi_smi_handlers *handlers;39243925if (intf->intf_num == -1)3926return;39273928if (!ent->inuse)3929return;39303931ent->timeout -= timeout_period;3932if (ent->timeout > 0)3933return;39343935if (ent->retries_left == 0) {3936/* The message has used all its retries. */3937ent->inuse = 0;3938msg = ent->recv_msg;3939list_add_tail(&msg->link, timeouts);3940if (ent->broadcast)3941ipmi_inc_stat(intf, timed_out_ipmb_broadcasts);3942else if (is_lan_addr(&ent->recv_msg->addr))3943ipmi_inc_stat(intf, timed_out_lan_commands);3944else3945ipmi_inc_stat(intf, timed_out_ipmb_commands);3946} else {3947struct ipmi_smi_msg *smi_msg;3948/* More retries, send again. */39493950/*3951* Start with the max timer, set to normal timer after3952* the message is sent.3953*/3954ent->timeout = MAX_MSG_TIMEOUT;3955ent->retries_left--;3956smi_msg = smi_from_recv_msg(intf, ent->recv_msg, slot,3957ent->seqid);3958if (!smi_msg) {3959if (is_lan_addr(&ent->recv_msg->addr))3960ipmi_inc_stat(intf,3961dropped_rexmit_lan_commands);3962else3963ipmi_inc_stat(intf,3964dropped_rexmit_ipmb_commands);3965return;3966}39673968spin_unlock_irqrestore(&intf->seq_lock, *flags);39693970/*3971* Send the new message. We send with a zero3972* priority. It timed out, I doubt time is that3973* critical now, and high priority messages are really3974* only for messages to the local MC, which don't get3975* resent.3976*/3977handlers = intf->handlers;3978if (handlers) {3979if (is_lan_addr(&ent->recv_msg->addr))3980ipmi_inc_stat(intf,3981retransmitted_lan_commands);3982else3983ipmi_inc_stat(intf,3984retransmitted_ipmb_commands);39853986intf->handlers->sender(intf->send_info,3987smi_msg, 0);3988} else3989ipmi_free_smi_msg(smi_msg);39903991spin_lock_irqsave(&intf->seq_lock, *flags);3992}3993}39943995static void ipmi_timeout_handler(long timeout_period)3996{3997ipmi_smi_t intf;3998struct list_head timeouts;3999struct ipmi_recv_msg *msg, *msg2;4000struct ipmi_smi_msg *smi_msg, *smi_msg2;4001unsigned long flags;4002int i;40034004rcu_read_lock();4005list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {4006/* See if any waiting messages need to be processed. */4007spin_lock_irqsave(&intf->waiting_msgs_lock, flags);4008list_for_each_entry_safe(smi_msg, smi_msg2,4009&intf->waiting_msgs, link) {4010if (!handle_new_recv_msg(intf, smi_msg)) {4011list_del(&smi_msg->link);4012ipmi_free_smi_msg(smi_msg);4013} else {4014/*4015* To preserve message order, quit if we4016* can't handle a message.4017*/4018break;4019}4020}4021spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);40224023/*4024* Go through the seq table and find any messages that4025* have timed out, putting them in the timeouts4026* list.4027*/4028INIT_LIST_HEAD(&timeouts);4029spin_lock_irqsave(&intf->seq_lock, flags);4030for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++)4031check_msg_timeout(intf, &(intf->seq_table[i]),4032&timeouts, timeout_period, i,4033&flags);4034spin_unlock_irqrestore(&intf->seq_lock, flags);40354036list_for_each_entry_safe(msg, msg2, &timeouts, link)4037deliver_err_response(msg, IPMI_TIMEOUT_COMPLETION_CODE);40384039/*4040* Maintenance mode handling. Check the timeout4041* optimistically before we claim the lock. It may4042* mean a timeout gets missed occasionally, but that4043* only means the timeout gets extended by one period4044* in that case. No big deal, and it avoids the lock4045* most of the time.4046*/4047if (intf->auto_maintenance_timeout > 0) {4048spin_lock_irqsave(&intf->maintenance_mode_lock, flags);4049if (intf->auto_maintenance_timeout > 0) {4050intf->auto_maintenance_timeout4051-= timeout_period;4052if (!intf->maintenance_mode4053&& (intf->auto_maintenance_timeout <= 0)) {4054intf->maintenance_mode_enable = 0;4055maintenance_mode_update(intf);4056}4057}4058spin_unlock_irqrestore(&intf->maintenance_mode_lock,4059flags);4060}4061}4062rcu_read_unlock();4063}40644065static void ipmi_request_event(void)4066{4067ipmi_smi_t intf;4068struct ipmi_smi_handlers *handlers;40694070rcu_read_lock();4071/*4072* Called from the timer, no need to check if handlers is4073* valid.4074*/4075list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {4076/* No event requests when in maintenance mode. */4077if (intf->maintenance_mode_enable)4078continue;40794080handlers = intf->handlers;4081if (handlers)4082handlers->request_events(intf->send_info);4083}4084rcu_read_unlock();4085}40864087static struct timer_list ipmi_timer;40884089/* Call every ~1000 ms. */4090#define IPMI_TIMEOUT_TIME 100040914092/* How many jiffies does it take to get to the timeout time. */4093#define IPMI_TIMEOUT_JIFFIES ((IPMI_TIMEOUT_TIME * HZ) / 1000)40944095/*4096* Request events from the queue every second (this is the number of4097* IPMI_TIMEOUT_TIMES between event requests). Hopefully, in the4098* future, IPMI will add a way to know immediately if an event is in4099* the queue and this silliness can go away.4100*/4101#define IPMI_REQUEST_EV_TIME (1000 / (IPMI_TIMEOUT_TIME))41024103static atomic_t stop_operation;4104static unsigned int ticks_to_req_ev = IPMI_REQUEST_EV_TIME;41054106static void ipmi_timeout(unsigned long data)4107{4108if (atomic_read(&stop_operation))4109return;41104111ticks_to_req_ev--;4112if (ticks_to_req_ev == 0) {4113ipmi_request_event();4114ticks_to_req_ev = IPMI_REQUEST_EV_TIME;4115}41164117ipmi_timeout_handler(IPMI_TIMEOUT_TIME);41184119mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);4120}412141224123static atomic_t smi_msg_inuse_count = ATOMIC_INIT(0);4124static atomic_t recv_msg_inuse_count = ATOMIC_INIT(0);41254126/* FIXME - convert these to slabs. */4127static void free_smi_msg(struct ipmi_smi_msg *msg)4128{4129atomic_dec(&smi_msg_inuse_count);4130kfree(msg);4131}41324133struct ipmi_smi_msg *ipmi_alloc_smi_msg(void)4134{4135struct ipmi_smi_msg *rv;4136rv = kmalloc(sizeof(struct ipmi_smi_msg), GFP_ATOMIC);4137if (rv) {4138rv->done = free_smi_msg;4139rv->user_data = NULL;4140atomic_inc(&smi_msg_inuse_count);4141}4142return rv;4143}4144EXPORT_SYMBOL(ipmi_alloc_smi_msg);41454146static void free_recv_msg(struct ipmi_recv_msg *msg)4147{4148atomic_dec(&recv_msg_inuse_count);4149kfree(msg);4150}41514152static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void)4153{4154struct ipmi_recv_msg *rv;41554156rv = kmalloc(sizeof(struct ipmi_recv_msg), GFP_ATOMIC);4157if (rv) {4158rv->user = NULL;4159rv->done = free_recv_msg;4160atomic_inc(&recv_msg_inuse_count);4161}4162return rv;4163}41644165void ipmi_free_recv_msg(struct ipmi_recv_msg *msg)4166{4167if (msg->user)4168kref_put(&msg->user->refcount, free_user);4169msg->done(msg);4170}4171EXPORT_SYMBOL(ipmi_free_recv_msg);41724173#ifdef CONFIG_IPMI_PANIC_EVENT41744175static void dummy_smi_done_handler(struct ipmi_smi_msg *msg)4176{4177}41784179static void dummy_recv_done_handler(struct ipmi_recv_msg *msg)4180{4181}41824183#ifdef CONFIG_IPMI_PANIC_STRING4184static void event_receiver_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)4185{4186if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)4187&& (msg->msg.netfn == IPMI_NETFN_SENSOR_EVENT_RESPONSE)4188&& (msg->msg.cmd == IPMI_GET_EVENT_RECEIVER_CMD)4189&& (msg->msg.data[0] == IPMI_CC_NO_ERROR)) {4190/* A get event receiver command, save it. */4191intf->event_receiver = msg->msg.data[1];4192intf->event_receiver_lun = msg->msg.data[2] & 0x3;4193}4194}41954196static void device_id_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)4197{4198if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)4199&& (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)4200&& (msg->msg.cmd == IPMI_GET_DEVICE_ID_CMD)4201&& (msg->msg.data[0] == IPMI_CC_NO_ERROR)) {4202/*4203* A get device id command, save if we are an event4204* receiver or generator.4205*/4206intf->local_sel_device = (msg->msg.data[6] >> 2) & 1;4207intf->local_event_generator = (msg->msg.data[6] >> 5) & 1;4208}4209}4210#endif42114212static void send_panic_events(char *str)4213{4214struct kernel_ipmi_msg msg;4215ipmi_smi_t intf;4216unsigned char data[16];4217struct ipmi_system_interface_addr *si;4218struct ipmi_addr addr;4219struct ipmi_smi_msg smi_msg;4220struct ipmi_recv_msg recv_msg;42214222si = (struct ipmi_system_interface_addr *) &addr;4223si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;4224si->channel = IPMI_BMC_CHANNEL;4225si->lun = 0;42264227/* Fill in an event telling that we have failed. */4228msg.netfn = 0x04; /* Sensor or Event. */4229msg.cmd = 2; /* Platform event command. */4230msg.data = data;4231msg.data_len = 8;4232data[0] = 0x41; /* Kernel generator ID, IPMI table 5-4 */4233data[1] = 0x03; /* This is for IPMI 1.0. */4234data[2] = 0x20; /* OS Critical Stop, IPMI table 36-3 */4235data[4] = 0x6f; /* Sensor specific, IPMI table 36-1 */4236data[5] = 0xa1; /* Runtime stop OEM bytes 2 & 3. */42374238/*4239* Put a few breadcrumbs in. Hopefully later we can add more things4240* to make the panic events more useful.4241*/4242if (str) {4243data[3] = str[0];4244data[6] = str[1];4245data[7] = str[2];4246}42474248smi_msg.done = dummy_smi_done_handler;4249recv_msg.done = dummy_recv_done_handler;42504251/* For every registered interface, send the event. */4252list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {4253if (!intf->handlers)4254/* Interface is not ready. */4255continue;42564257intf->run_to_completion = 1;4258/* Send the event announcing the panic. */4259intf->handlers->set_run_to_completion(intf->send_info, 1);4260i_ipmi_request(NULL,4261intf,4262&addr,42630,4264&msg,4265intf,4266&smi_msg,4267&recv_msg,42680,4269intf->channels[0].address,4270intf->channels[0].lun,42710, 1); /* Don't retry, and don't wait. */4272}42734274#ifdef CONFIG_IPMI_PANIC_STRING4275/*4276* On every interface, dump a bunch of OEM event holding the4277* string.4278*/4279if (!str)4280return;42814282/* For every registered interface, send the event. */4283list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {4284char *p = str;4285struct ipmi_ipmb_addr *ipmb;4286int j;42874288if (intf->intf_num == -1)4289/* Interface was not ready yet. */4290continue;42914292/*4293* intf_num is used as an marker to tell if the4294* interface is valid. Thus we need a read barrier to4295* make sure data fetched before checking intf_num4296* won't be used.4297*/4298smp_rmb();42994300/*4301* First job here is to figure out where to send the4302* OEM events. There's no way in IPMI to send OEM4303* events using an event send command, so we have to4304* find the SEL to put them in and stick them in4305* there.4306*/43074308/* Get capabilities from the get device id. */4309intf->local_sel_device = 0;4310intf->local_event_generator = 0;4311intf->event_receiver = 0;43124313/* Request the device info from the local MC. */4314msg.netfn = IPMI_NETFN_APP_REQUEST;4315msg.cmd = IPMI_GET_DEVICE_ID_CMD;4316msg.data = NULL;4317msg.data_len = 0;4318intf->null_user_handler = device_id_fetcher;4319i_ipmi_request(NULL,4320intf,4321&addr,43220,4323&msg,4324intf,4325&smi_msg,4326&recv_msg,43270,4328intf->channels[0].address,4329intf->channels[0].lun,43300, 1); /* Don't retry, and don't wait. */43314332if (intf->local_event_generator) {4333/* Request the event receiver from the local MC. */4334msg.netfn = IPMI_NETFN_SENSOR_EVENT_REQUEST;4335msg.cmd = IPMI_GET_EVENT_RECEIVER_CMD;4336msg.data = NULL;4337msg.data_len = 0;4338intf->null_user_handler = event_receiver_fetcher;4339i_ipmi_request(NULL,4340intf,4341&addr,43420,4343&msg,4344intf,4345&smi_msg,4346&recv_msg,43470,4348intf->channels[0].address,4349intf->channels[0].lun,43500, 1); /* no retry, and no wait. */4351}4352intf->null_user_handler = NULL;43534354/*4355* Validate the event receiver. The low bit must not4356* be 1 (it must be a valid IPMB address), it cannot4357* be zero, and it must not be my address.4358*/4359if (((intf->event_receiver & 1) == 0)4360&& (intf->event_receiver != 0)4361&& (intf->event_receiver != intf->channels[0].address)) {4362/*4363* The event receiver is valid, send an IPMB4364* message.4365*/4366ipmb = (struct ipmi_ipmb_addr *) &addr;4367ipmb->addr_type = IPMI_IPMB_ADDR_TYPE;4368ipmb->channel = 0; /* FIXME - is this right? */4369ipmb->lun = intf->event_receiver_lun;4370ipmb->slave_addr = intf->event_receiver;4371} else if (intf->local_sel_device) {4372/*4373* The event receiver was not valid (or was4374* me), but I am an SEL device, just dump it4375* in my SEL.4376*/4377si = (struct ipmi_system_interface_addr *) &addr;4378si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;4379si->channel = IPMI_BMC_CHANNEL;4380si->lun = 0;4381} else4382continue; /* No where to send the event. */43834384msg.netfn = IPMI_NETFN_STORAGE_REQUEST; /* Storage. */4385msg.cmd = IPMI_ADD_SEL_ENTRY_CMD;4386msg.data = data;4387msg.data_len = 16;43884389j = 0;4390while (*p) {4391int size = strlen(p);43924393if (size > 11)4394size = 11;4395data[0] = 0;4396data[1] = 0;4397data[2] = 0xf0; /* OEM event without timestamp. */4398data[3] = intf->channels[0].address;4399data[4] = j++; /* sequence # */4400/*4401* Always give 11 bytes, so strncpy will fill4402* it with zeroes for me.4403*/4404strncpy(data+5, p, 11);4405p += size;44064407i_ipmi_request(NULL,4408intf,4409&addr,44100,4411&msg,4412intf,4413&smi_msg,4414&recv_msg,44150,4416intf->channels[0].address,4417intf->channels[0].lun,44180, 1); /* no retry, and no wait. */4419}4420}4421#endif /* CONFIG_IPMI_PANIC_STRING */4422}4423#endif /* CONFIG_IPMI_PANIC_EVENT */44244425static int has_panicked;44264427static int panic_event(struct notifier_block *this,4428unsigned long event,4429void *ptr)4430{4431ipmi_smi_t intf;44324433if (has_panicked)4434return NOTIFY_DONE;4435has_panicked = 1;44364437/* For every registered interface, set it to run to completion. */4438list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {4439if (!intf->handlers)4440/* Interface is not ready. */4441continue;44424443intf->run_to_completion = 1;4444intf->handlers->set_run_to_completion(intf->send_info, 1);4445}44464447#ifdef CONFIG_IPMI_PANIC_EVENT4448send_panic_events(ptr);4449#endif44504451return NOTIFY_DONE;4452}44534454static struct notifier_block panic_block = {4455.notifier_call = panic_event,4456.next = NULL,4457.priority = 200 /* priority: INT_MAX >= x >= 0 */4458};44594460static int ipmi_init_msghandler(void)4461{4462int rv;44634464if (initialized)4465return 0;44664467rv = driver_register(&ipmidriver.driver);4468if (rv) {4469printk(KERN_ERR PFX "Could not register IPMI driver\n");4470return rv;4471}44724473printk(KERN_INFO "ipmi message handler version "4474IPMI_DRIVER_VERSION "\n");44754476#ifdef CONFIG_PROC_FS4477proc_ipmi_root = proc_mkdir("ipmi", NULL);4478if (!proc_ipmi_root) {4479printk(KERN_ERR PFX "Unable to create IPMI proc dir");4480return -ENOMEM;4481}44824483#endif /* CONFIG_PROC_FS */44844485setup_timer(&ipmi_timer, ipmi_timeout, 0);4486mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);44874488atomic_notifier_chain_register(&panic_notifier_list, &panic_block);44894490initialized = 1;44914492return 0;4493}44944495static int __init ipmi_init_msghandler_mod(void)4496{4497ipmi_init_msghandler();4498return 0;4499}45004501static void __exit cleanup_ipmi(void)4502{4503int count;45044505if (!initialized)4506return;45074508atomic_notifier_chain_unregister(&panic_notifier_list, &panic_block);45094510/*4511* This can't be called if any interfaces exist, so no worry4512* about shutting down the interfaces.4513*/45144515/*4516* Tell the timer to stop, then wait for it to stop. This4517* avoids problems with race conditions removing the timer4518* here.4519*/4520atomic_inc(&stop_operation);4521del_timer_sync(&ipmi_timer);45224523#ifdef CONFIG_PROC_FS4524remove_proc_entry(proc_ipmi_root->name, NULL);4525#endif /* CONFIG_PROC_FS */45264527driver_unregister(&ipmidriver.driver);45284529initialized = 0;45304531/* Check for buffer leaks. */4532count = atomic_read(&smi_msg_inuse_count);4533if (count != 0)4534printk(KERN_WARNING PFX "SMI message count %d at exit\n",4535count);4536count = atomic_read(&recv_msg_inuse_count);4537if (count != 0)4538printk(KERN_WARNING PFX "recv message count %d at exit\n",4539count);4540}4541module_exit(cleanup_ipmi);45424543module_init(ipmi_init_msghandler_mod);4544MODULE_LICENSE("GPL");4545MODULE_AUTHOR("Corey Minyard <[email protected]>");4546MODULE_DESCRIPTION("Incoming and outgoing message routing for an IPMI"4547" interface.");4548MODULE_VERSION(IPMI_DRIVER_VERSION);454945504551