Merge tag 'for-linus-5.16-1' of https://github.com/cminyard/linux-ipmi

+1

Documentation/devicetree/bindings/ipmi/aspeed,ast2400-ibt-bmc.txt

··· 9 9 - compatible : should be one of 10 10 "aspeed,ast2400-ibt-bmc" 11 11 "aspeed,ast2500-ibt-bmc" 12 + "aspeed,ast2600-ibt-bmc" 12 13 - reg: physical address and size of the registers 13 14 14 15 Optional properties:

+59

Documentation/devicetree/bindings/ipmi/ipmi-ipmb.yaml

··· 1 + # SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 2 + %YAML 1.2 3 + --- 4 + $id: http://devicetree.org/schemas/ipmi/ipmi-ipmb.yaml# 5 + $schema: http://devicetree.org/meta-schemas/core.yaml# 6 + 7 + title: IPMI IPMB device bindings 8 + 9 + description: IPMI IPMB device bindings 10 + 11 + maintainers: 12 + - Corey Minyard <cminyard@mvista.com> 13 + 14 + properties: 15 + compatible: 16 + enum: 17 + - ipmi-ipmb 18 + 19 + device_type: 20 + items: 21 + - const: "ipmi" 22 + 23 + reg: 24 + maxItems: 1 25 + 26 + bmcaddr: 27 + $ref: /schemas/types.yaml#/definitions/uint8 28 + description: The address of the BMC on the IPMB bus. Defaults to 0x20. 29 + 30 + retry-time: 31 + $ref: /schemas/types.yaml#/definitions/uint32 32 + description: | 33 + Time between retries of sends, in milliseconds. Defaults to 250. 34 + 35 + max-retries: 36 + $ref: /schemas/types.yaml#/definitions/uint32 37 + description: Number of retries before a failure is declared. Defaults to 1. 38 + 39 + required: 40 + - compatible 41 + - reg 42 + 43 + additionalProperties: false 44 + 45 + examples: 46 + - | 47 + i2c { 48 + #address-cells = <1>; 49 + #size-cells = <0>; 50 + 51 + ipmi-ipmb@40 { 52 + compatible = "ipmi-ipmb"; 53 + device_type = "ipmi"; 54 + reg = <0x40>; 55 + bmcaddr = /bits/ 8 <0x20>; 56 + retry-time = <250>; 57 + max-retries = <1>; 58 + }; 59 + };

+62 -2

Documentation/driver-api/ipmi.rst

··· 166 166 straight to the BMC on the current card. The channel must be 167 167 IPMI_BMC_CHANNEL. 168 168 169 - Messages that are destined to go out on the IPMB bus use the 170 - IPMI_IPMB_ADDR_TYPE address type. The format is:: 169 + Messages that are destined to go out on the IPMB bus going through the 170 + BMC use the IPMI_IPMB_ADDR_TYPE address type. The format is:: 171 171 172 172 struct ipmi_ipmb_addr 173 173 { ··· 181 181 than one channel, it corresponds to the channel as defined in the IPMI 182 182 spec. 183 183 184 + There is also an IPMB direct address for a situation where the sender 185 + is directly on an IPMB bus and doesn't have to go through the BMC. 186 + You can send messages to a specific management controller (MC) on the 187 + IPMB using the IPMI_IPMB_DIRECT_ADDR_TYPE with the following format:: 188 + 189 + struct ipmi_ipmb_direct_addr 190 + { 191 + int addr_type; 192 + short channel; 193 + unsigned char slave_addr; 194 + unsigned char rq_lun; 195 + unsigned char rs_lun; 196 + }; 197 + 198 + The channel is always zero. You can also receive commands from other 199 + MCs that you have registered to handle and respond to them, so you can 200 + use this to implement a management controller on a bus.. 184 201 185 202 Messages 186 203 -------- ··· 364 347 user may be registered for each netfn/cmd/channel, but different users 365 348 may register for different commands, or the same command if the 366 349 channel bitmasks do not overlap. 350 + 351 + To respond to a received command, set the response bit in the returned 352 + netfn, use the address from the received message, and use the same 353 + msgid that you got in the receive message. 367 354 368 355 From userland, equivalent IOCTLs are provided to do these functions. 369 356 ··· 590 569 591 570 The driver supports a hot add and remove of interfaces through the I2C 592 571 sysfs interface. 572 + 573 + The IPMI IPMB Driver 574 + -------------------- 575 + 576 + This driver is for supporting a system that sits on an IPMB bus; it 577 + allows the interface to look like a normal IPMI interface. Sending 578 + system interface addressed messages to it will cause the message to go 579 + to the registered BMC on the system (default at IPMI address 0x20). 580 + 581 + It also allows you to directly address other MCs on the bus using the 582 + ipmb direct addressing. You can receive commands from other MCs on 583 + the bus and they will be handled through the normal received command 584 + mechanism described above. 585 + 586 + Parameters are:: 587 + 588 + ipmi_ipmb.bmcaddr=<address to use for system interface addresses messages> 589 + ipmi_ipmb.retry_time_ms=<Time between retries on IPMB> 590 + ipmi_ipmb.max_retries=<Number of times to retry a message> 591 + 592 + Loading the module will not result in the driver automatcially 593 + starting unless there is device tree information setting it up. If 594 + you want to instantiate one of these by hand, do:: 595 + 596 + echo ipmi-ipmb <addr> > /sys/class/i2c-dev/i2c-<n>/device/new_device 597 + 598 + Note that the address you give here is the I2C address, not the IPMI 599 + address. So if you want your MC address to be 0x60, you put 0x30 600 + here. See the I2C driver info for more details. 601 + 602 + Command bridging to other IPMB busses through this interface does not 603 + work. The receive message queue is not implemented, by design. There 604 + is only one receive message queue on a BMC, and that is meant for the 605 + host drivers, not something on the IPMB bus. 606 + 607 + A BMC may have multiple IPMB busses, which bus your device sits on 608 + depends on how the system is wired. You can fetch the channels with 609 + "ipmitool channel info <n>" where <n> is the channel, with the 610 + channels being 0-7 and try the IPMB channels. 593 611 594 612 Other Pieces 595 613 ------------

+10 -1

drivers/char/ipmi/Kconfig

··· 69 69 70 70 config IPMI_SSIF 71 71 tristate 'IPMI SMBus handler (SSIF)' 72 - select I2C 72 + depends on I2C 73 73 help 74 74 Provides a driver for a SMBus interface to a BMC, meaning that you 75 75 have a driver that must be accessed over an I2C bus instead of a 76 76 standard interface. This module requires I2C support. 77 + 78 + config IPMI_IPMB 79 + tristate 'IPMI IPMB interface' 80 + depends on I2C && I2C_SLAVE 81 + help 82 + Provides a driver for a system running right on the IPMB bus. 83 + It supports normal system interface messages to a BMC on the IPMB 84 + bus, and it also supports direct messaging on the bus using 85 + IPMB direct messages. This module requires I2C support. 77 86 78 87 config IPMI_POWERNV 79 88 depends on PPC_POWERNV

+1

drivers/char/ipmi/Makefile

··· 19 19 obj-$(CONFIG_IPMI_DMI_DECODE) += ipmi_dmi.o 20 20 obj-$(CONFIG_IPMI_PLAT_DATA) += ipmi_plat_data.o 21 21 obj-$(CONFIG_IPMI_SSIF) += ipmi_ssif.o 22 + obj-$(CONFIG_IPMI_IPMB) += ipmi_ipmb.o 22 23 obj-$(CONFIG_IPMI_POWERNV) += ipmi_powernv.o 23 24 obj-$(CONFIG_IPMI_WATCHDOG) += ipmi_watchdog.o 24 25 obj-$(CONFIG_IPMI_POWEROFF) += ipmi_poweroff.o

+17 -52

drivers/char/ipmi/bt-bmc.c

··· 8 8 #include <linux/errno.h> 9 9 #include <linux/interrupt.h> 10 10 #include <linux/io.h> 11 - #include <linux/mfd/syscon.h> 12 11 #include <linux/miscdevice.h> 13 12 #include <linux/module.h> 14 13 #include <linux/of.h> 15 14 #include <linux/platform_device.h> 16 15 #include <linux/poll.h> 17 - #include <linux/regmap.h> 18 16 #include <linux/sched.h> 19 17 #include <linux/timer.h> 20 18 ··· 57 59 struct bt_bmc { 58 60 struct device dev; 59 61 struct miscdevice miscdev; 60 - struct regmap *map; 61 - int offset; 62 + void __iomem *base; 62 63 int irq; 63 64 wait_queue_head_t queue; 64 65 struct timer_list poll_timer; ··· 66 69 67 70 static atomic_t open_count = ATOMIC_INIT(0); 68 71 69 - static const struct regmap_config bt_regmap_cfg = { 70 - .reg_bits = 32, 71 - .val_bits = 32, 72 - .reg_stride = 4, 73 - }; 74 - 75 72 static u8 bt_inb(struct bt_bmc *bt_bmc, int reg) 76 73 { 77 - uint32_t val = 0; 78 - int rc; 79 - 80 - rc = regmap_read(bt_bmc->map, bt_bmc->offset + reg, &val); 81 - WARN(rc != 0, "regmap_read() failed: %d\n", rc); 82 - 83 - return rc == 0 ? (u8) val : 0; 74 + return readb(bt_bmc->base + reg); 84 75 } 85 76 86 77 static void bt_outb(struct bt_bmc *bt_bmc, u8 data, int reg) 87 78 { 88 - int rc; 89 - 90 - rc = regmap_write(bt_bmc->map, bt_bmc->offset + reg, data); 91 - WARN(rc != 0, "regmap_write() failed: %d\n", rc); 79 + writeb(data, bt_bmc->base + reg); 92 80 } 93 81 94 82 static void clr_rd_ptr(struct bt_bmc *bt_bmc) ··· 358 376 { 359 377 struct bt_bmc *bt_bmc = arg; 360 378 u32 reg; 361 - int rc; 362 379 363 - rc = regmap_read(bt_bmc->map, bt_bmc->offset + BT_CR2, &reg); 364 - if (rc) 365 - return IRQ_NONE; 380 + reg = readl(bt_bmc->base + BT_CR2); 366 381 367 382 reg &= BT_CR2_IRQ_H2B | BT_CR2_IRQ_HBUSY; 368 383 if (!reg) 369 384 return IRQ_NONE; 370 385 371 386 /* ack pending IRQs */ 372 - regmap_write(bt_bmc->map, bt_bmc->offset + BT_CR2, reg); 387 + writel(reg, bt_bmc->base + BT_CR2); 373 388 374 389 wake_up(&bt_bmc->queue); 375 390 return IRQ_HANDLED; ··· 377 398 { 378 399 struct device *dev = &pdev->dev; 379 400 int rc; 401 + u32 reg; 380 402 381 403 bt_bmc->irq = platform_get_irq_optional(pdev, 0); 382 404 if (bt_bmc->irq < 0) ··· 397 417 * will be cleared (along with B2H) when we can write the next 398 418 * message to the BT buffer 399 419 */ 400 - rc = regmap_update_bits(bt_bmc->map, bt_bmc->offset + BT_CR1, 401 - (BT_CR1_IRQ_H2B | BT_CR1_IRQ_HBUSY), 402 - (BT_CR1_IRQ_H2B | BT_CR1_IRQ_HBUSY)); 420 + reg = readl(bt_bmc->base + BT_CR1); 421 + reg |= BT_CR1_IRQ_H2B | BT_CR1_IRQ_HBUSY; 422 + writel(reg, bt_bmc->base + BT_CR1); 403 423 404 - return rc; 424 + return 0; 405 425 } 406 426 407 427 static int bt_bmc_probe(struct platform_device *pdev) ··· 419 439 420 440 dev_set_drvdata(&pdev->dev, bt_bmc); 421 441 422 - bt_bmc->map = syscon_node_to_regmap(pdev->dev.parent->of_node); 423 - if (IS_ERR(bt_bmc->map)) { 424 - void __iomem *base; 425 - 426 - /* 427 - * Assume it's not the MFD-based devicetree description, in 428 - * which case generate a regmap ourselves 429 - */ 430 - base = devm_platform_ioremap_resource(pdev, 0); 431 - if (IS_ERR(base)) 432 - return PTR_ERR(base); 433 - 434 - bt_bmc->map = devm_regmap_init_mmio(dev, base, &bt_regmap_cfg); 435 - bt_bmc->offset = 0; 436 - } else { 437 - rc = of_property_read_u32(dev->of_node, "reg", &bt_bmc->offset); 438 - if (rc) 439 - return rc; 440 - } 442 + bt_bmc->base = devm_platform_ioremap_resource(pdev, 0); 443 + if (IS_ERR(bt_bmc->base)) 444 + return PTR_ERR(bt_bmc->base); 441 445 442 446 mutex_init(&bt_bmc->mutex); 443 447 init_waitqueue_head(&bt_bmc->queue); ··· 447 483 add_timer(&bt_bmc->poll_timer); 448 484 } 449 485 450 - regmap_write(bt_bmc->map, bt_bmc->offset + BT_CR0, 451 - (BT_IO_BASE << BT_CR0_IO_BASE) | 486 + writel((BT_IO_BASE << BT_CR0_IO_BASE) | 452 487 (BT_IRQ << BT_CR0_IRQ) | 453 488 BT_CR0_EN_CLR_SLV_RDP | 454 489 BT_CR0_EN_CLR_SLV_WRP | 455 - BT_CR0_ENABLE_IBT); 490 + BT_CR0_ENABLE_IBT, 491 + bt_bmc->base + BT_CR0); 456 492 457 493 clr_b_busy(bt_bmc); 458 494 ··· 472 508 static const struct of_device_id bt_bmc_match[] = { 473 509 { .compatible = "aspeed,ast2400-ibt-bmc" }, 474 510 { .compatible = "aspeed,ast2500-ibt-bmc" }, 511 + { .compatible = "aspeed,ast2600-ibt-bmc" }, 475 512 { }, 476 513 }; 477 514

+5 -3

drivers/char/ipmi/ipmi_devintf.c

··· 247 247 248 248 if (msg->msg.data_len > 0) { 249 249 if (rsp->msg.data_len < msg->msg.data_len) { 250 - rv2 = -EMSGSIZE; 251 - if (trunc) 250 + if (trunc) { 251 + rv2 = -EMSGSIZE; 252 252 msg->msg.data_len = rsp->msg.data_len; 253 - else 253 + } else { 254 + rv = -EMSGSIZE; 254 255 goto recv_putback_on_err; 256 + } 255 257 } 256 258 257 259 if (copy_to_user(rsp->msg.data,

+539

drivers/char/ipmi/ipmi_ipmb.c

··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + 3 + /* 4 + * Driver to talk to a remote management controller on IPMB. 5 + */ 6 + 7 + #include <linux/acpi.h> 8 + #include <linux/errno.h> 9 + #include <linux/i2c.h> 10 + #include <linux/miscdevice.h> 11 + #include <linux/module.h> 12 + #include <linux/mutex.h> 13 + #include <linux/poll.h> 14 + #include <linux/slab.h> 15 + #include <linux/spinlock.h> 16 + #include <linux/semaphore.h> 17 + #include <linux/kthread.h> 18 + #include <linux/wait.h> 19 + #include <linux/ipmi_msgdefs.h> 20 + #include <linux/ipmi_smi.h> 21 + 22 + #define DEVICE_NAME "ipmi-ipmb" 23 + 24 + static int bmcaddr = 0x20; 25 + module_param(bmcaddr, int, 0644); 26 + MODULE_PARM_DESC(bmcaddr, "Address to use for BMC."); 27 + 28 + static unsigned int retry_time_ms = 250; 29 + module_param(retry_time_ms, uint, 0644); 30 + MODULE_PARM_DESC(max_retries, "Timeout time between retries, in milliseconds."); 31 + 32 + static unsigned int max_retries = 1; 33 + module_param(max_retries, uint, 0644); 34 + MODULE_PARM_DESC(max_retries, "Max resends of a command before timing out."); 35 + 36 + /* Add room for the two slave addresses, two checksums, and rqSeq. */ 37 + #define IPMB_MAX_MSG_LEN (IPMI_MAX_MSG_LENGTH + 5) 38 + 39 + struct ipmi_ipmb_dev { 40 + struct ipmi_smi *intf; 41 + struct i2c_client *client; 42 + 43 + struct ipmi_smi_handlers handlers; 44 + 45 + bool ready; 46 + 47 + u8 curr_seq; 48 + 49 + u8 bmcaddr; 50 + u32 retry_time_ms; 51 + u32 max_retries; 52 + 53 + struct ipmi_smi_msg *next_msg; 54 + struct ipmi_smi_msg *working_msg; 55 + 56 + /* Transmit thread. */ 57 + struct task_struct *thread; 58 + struct semaphore wake_thread; 59 + struct semaphore got_rsp; 60 + spinlock_t lock; 61 + bool stopping; 62 + 63 + u8 xmitmsg[IPMB_MAX_MSG_LEN]; 64 + unsigned int xmitlen; 65 + 66 + u8 rcvmsg[IPMB_MAX_MSG_LEN]; 67 + unsigned int rcvlen; 68 + bool overrun; 69 + }; 70 + 71 + static bool valid_ipmb(struct ipmi_ipmb_dev *iidev) 72 + { 73 + u8 *msg = iidev->rcvmsg; 74 + u8 netfn; 75 + 76 + if (iidev->overrun) 77 + return false; 78 + 79 + /* Minimum message size. */ 80 + if (iidev->rcvlen < 7) 81 + return false; 82 + 83 + /* Is it a response? */ 84 + netfn = msg[1] >> 2; 85 + if (netfn & 1) { 86 + /* Response messages have an added completion code. */ 87 + if (iidev->rcvlen < 8) 88 + return false; 89 + } 90 + 91 + if (ipmb_checksum(msg, 3) != 0) 92 + return false; 93 + if (ipmb_checksum(msg + 3, iidev->rcvlen - 3) != 0) 94 + return false; 95 + 96 + return true; 97 + } 98 + 99 + static void ipmi_ipmb_check_msg_done(struct ipmi_ipmb_dev *iidev) 100 + { 101 + struct ipmi_smi_msg *imsg = NULL; 102 + u8 *msg = iidev->rcvmsg; 103 + bool is_cmd; 104 + unsigned long flags; 105 + 106 + if (iidev->rcvlen == 0) 107 + return; 108 + if (!valid_ipmb(iidev)) 109 + goto done; 110 + 111 + is_cmd = ((msg[1] >> 2) & 1) == 0; 112 + 113 + if (is_cmd) { 114 + /* Ignore commands until we are up. */ 115 + if (!iidev->ready) 116 + goto done; 117 + 118 + /* It's a command, allocate a message for it. */ 119 + imsg = ipmi_alloc_smi_msg(); 120 + if (!imsg) 121 + goto done; 122 + imsg->type = IPMI_SMI_MSG_TYPE_IPMB_DIRECT; 123 + imsg->data_size = 0; 124 + } else { 125 + spin_lock_irqsave(&iidev->lock, flags); 126 + if (iidev->working_msg) { 127 + u8 seq = msg[4] >> 2; 128 + bool xmit_rsp = (iidev->working_msg->data[0] >> 2) & 1; 129 + 130 + /* 131 + * Responses should carry the sequence we sent 132 + * them with. If it's a transmitted response, 133 + * ignore it. And if the message hasn't been 134 + * transmitted, ignore it. 135 + */ 136 + if (!xmit_rsp && seq == iidev->curr_seq) { 137 + iidev->curr_seq = (iidev->curr_seq + 1) & 0x3f; 138 + 139 + imsg = iidev->working_msg; 140 + iidev->working_msg = NULL; 141 + } 142 + } 143 + spin_unlock_irqrestore(&iidev->lock, flags); 144 + } 145 + 146 + if (!imsg) 147 + goto done; 148 + 149 + if (imsg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) { 150 + imsg->rsp[0] = msg[1]; /* NetFn/LUN */ 151 + /* 152 + * Keep the source address, rqSeq. Drop the trailing 153 + * checksum. 154 + */ 155 + memcpy(imsg->rsp + 1, msg + 3, iidev->rcvlen - 4); 156 + imsg->rsp_size = iidev->rcvlen - 3; 157 + } else { 158 + imsg->rsp[0] = msg[1]; /* NetFn/LUN */ 159 + /* 160 + * Skip the source address, rqSeq. Drop the trailing 161 + * checksum. 162 + */ 163 + memcpy(imsg->rsp + 1, msg + 5, iidev->rcvlen - 6); 164 + imsg->rsp_size = iidev->rcvlen - 5; 165 + } 166 + ipmi_smi_msg_received(iidev->intf, imsg); 167 + if (!is_cmd) 168 + up(&iidev->got_rsp); 169 + 170 + done: 171 + iidev->overrun = false; 172 + iidev->rcvlen = 0; 173 + } 174 + 175 + /* 176 + * The IPMB protocol only supports i2c writes so there is no need to 177 + * support I2C_SLAVE_READ* events, except to know if the other end has 178 + * issued a read without going to stop mode. 179 + */ 180 + static int ipmi_ipmb_slave_cb(struct i2c_client *client, 181 + enum i2c_slave_event event, u8 *val) 182 + { 183 + struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client); 184 + 185 + switch (event) { 186 + case I2C_SLAVE_WRITE_REQUESTED: 187 + ipmi_ipmb_check_msg_done(iidev); 188 + /* 189 + * First byte is the slave address, to ease the checksum 190 + * calculation. 191 + */ 192 + iidev->rcvmsg[0] = client->addr << 1; 193 + iidev->rcvlen = 1; 194 + break; 195 + 196 + case I2C_SLAVE_WRITE_RECEIVED: 197 + if (iidev->rcvlen >= sizeof(iidev->rcvmsg)) 198 + iidev->overrun = true; 199 + else 200 + iidev->rcvmsg[iidev->rcvlen++] = *val; 201 + break; 202 + 203 + case I2C_SLAVE_READ_REQUESTED: 204 + case I2C_SLAVE_STOP: 205 + ipmi_ipmb_check_msg_done(iidev); 206 + break; 207 + 208 + case I2C_SLAVE_READ_PROCESSED: 209 + break; 210 + } 211 + 212 + return 0; 213 + } 214 + 215 + static void ipmi_ipmb_send_response(struct ipmi_ipmb_dev *iidev, 216 + struct ipmi_smi_msg *msg, u8 cc) 217 + { 218 + if ((msg->data[0] >> 2) & 1) { 219 + /* 220 + * It's a response being sent, we needto return a 221 + * response response. Fake a send msg command 222 + * response with channel 0. This will always be ipmb 223 + * direct. 224 + */ 225 + msg->data[0] = (IPMI_NETFN_APP_REQUEST | 1) << 2; 226 + msg->data[3] = IPMI_SEND_MSG_CMD; 227 + msg->data[4] = cc; 228 + msg->data_size = 5; 229 + } 230 + msg->rsp[0] = msg->data[0] | (1 << 2); 231 + if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) { 232 + msg->rsp[1] = msg->data[1]; 233 + msg->rsp[2] = msg->data[2]; 234 + msg->rsp[3] = msg->data[3]; 235 + msg->rsp[4] = cc; 236 + msg->rsp_size = 5; 237 + } else { 238 + msg->rsp[1] = msg->data[1]; 239 + msg->rsp[2] = cc; 240 + msg->rsp_size = 3; 241 + } 242 + ipmi_smi_msg_received(iidev->intf, msg); 243 + } 244 + 245 + static void ipmi_ipmb_format_for_xmit(struct ipmi_ipmb_dev *iidev, 246 + struct ipmi_smi_msg *msg) 247 + { 248 + if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) { 249 + iidev->xmitmsg[0] = msg->data[1]; 250 + iidev->xmitmsg[1] = msg->data[0]; 251 + memcpy(iidev->xmitmsg + 4, msg->data + 2, msg->data_size - 2); 252 + iidev->xmitlen = msg->data_size + 2; 253 + } else { 254 + iidev->xmitmsg[0] = iidev->bmcaddr; 255 + iidev->xmitmsg[1] = msg->data[0]; 256 + iidev->xmitmsg[4] = 0; 257 + memcpy(iidev->xmitmsg + 5, msg->data + 1, msg->data_size - 1); 258 + iidev->xmitlen = msg->data_size + 4; 259 + } 260 + iidev->xmitmsg[3] = iidev->client->addr << 1; 261 + if (((msg->data[0] >> 2) & 1) == 0) 262 + /* If it's a command, put in our own sequence number. */ 263 + iidev->xmitmsg[4] = ((iidev->xmitmsg[4] & 0x03) | 264 + (iidev->curr_seq << 2)); 265 + 266 + /* Now add on the final checksums. */ 267 + iidev->xmitmsg[2] = ipmb_checksum(iidev->xmitmsg, 2); 268 + iidev->xmitmsg[iidev->xmitlen] = 269 + ipmb_checksum(iidev->xmitmsg + 3, iidev->xmitlen - 3); 270 + iidev->xmitlen++; 271 + } 272 + 273 + static int ipmi_ipmb_thread(void *data) 274 + { 275 + struct ipmi_ipmb_dev *iidev = data; 276 + 277 + while (!kthread_should_stop()) { 278 + long ret; 279 + struct i2c_msg i2c_msg; 280 + struct ipmi_smi_msg *msg = NULL; 281 + unsigned long flags; 282 + unsigned int retries = 0; 283 + 284 + /* Wait for a message to send */ 285 + ret = down_interruptible(&iidev->wake_thread); 286 + if (iidev->stopping) 287 + break; 288 + if (ret) 289 + continue; 290 + 291 + spin_lock_irqsave(&iidev->lock, flags); 292 + if (iidev->next_msg) { 293 + msg = iidev->next_msg; 294 + iidev->next_msg = NULL; 295 + } 296 + spin_unlock_irqrestore(&iidev->lock, flags); 297 + if (!msg) 298 + continue; 299 + 300 + ipmi_ipmb_format_for_xmit(iidev, msg); 301 + 302 + retry: 303 + i2c_msg.len = iidev->xmitlen - 1; 304 + if (i2c_msg.len > 32) { 305 + ipmi_ipmb_send_response(iidev, msg, 306 + IPMI_REQ_LEN_EXCEEDED_ERR); 307 + continue; 308 + } 309 + 310 + i2c_msg.addr = iidev->xmitmsg[0] >> 1; 311 + i2c_msg.flags = 0; 312 + i2c_msg.buf = iidev->xmitmsg + 1; 313 + 314 + /* Rely on i2c_transfer for a barrier. */ 315 + iidev->working_msg = msg; 316 + 317 + ret = i2c_transfer(iidev->client->adapter, &i2c_msg, 1); 318 + 319 + if ((msg->data[0] >> 2) & 1) { 320 + /* 321 + * It's a response, nothing will be returned 322 + * by the other end. 323 + */ 324 + 325 + iidev->working_msg = NULL; 326 + ipmi_ipmb_send_response(iidev, msg, 327 + ret < 0 ? IPMI_BUS_ERR : 0); 328 + continue; 329 + } 330 + if (ret < 0) { 331 + iidev->working_msg = NULL; 332 + ipmi_ipmb_send_response(iidev, msg, IPMI_BUS_ERR); 333 + continue; 334 + } 335 + 336 + /* A command was sent, wait for its response. */ 337 + ret = down_timeout(&iidev->got_rsp, 338 + msecs_to_jiffies(iidev->retry_time_ms)); 339 + 340 + /* 341 + * Grab the message if we can. If the handler hasn't 342 + * already handled it, the message will still be there. 343 + */ 344 + spin_lock_irqsave(&iidev->lock, flags); 345 + msg = iidev->working_msg; 346 + iidev->working_msg = NULL; 347 + spin_unlock_irqrestore(&iidev->lock, flags); 348 + 349 + if (!msg && ret) { 350 + /* 351 + * If working_msg is not set and we timed out, 352 + * that means the message grabbed by 353 + * check_msg_done before we could grab it 354 + * here. Wait again for check_msg_done to up 355 + * the semaphore. 356 + */ 357 + down(&iidev->got_rsp); 358 + } else if (msg && ++retries <= iidev->max_retries) { 359 + spin_lock_irqsave(&iidev->lock, flags); 360 + iidev->working_msg = msg; 361 + spin_unlock_irqrestore(&iidev->lock, flags); 362 + goto retry; 363 + } 364 + 365 + if (msg) 366 + ipmi_ipmb_send_response(iidev, msg, IPMI_TIMEOUT_ERR); 367 + } 368 + 369 + if (iidev->next_msg) 370 + /* Return an unspecified error. */ 371 + ipmi_ipmb_send_response(iidev, iidev->next_msg, 0xff); 372 + 373 + return 0; 374 + } 375 + 376 + static int ipmi_ipmb_start_processing(void *send_info, 377 + struct ipmi_smi *new_intf) 378 + { 379 + struct ipmi_ipmb_dev *iidev = send_info; 380 + 381 + iidev->intf = new_intf; 382 + iidev->ready = true; 383 + return 0; 384 + } 385 + 386 + static void ipmi_ipmb_stop_thread(struct ipmi_ipmb_dev *iidev) 387 + { 388 + if (iidev->thread) { 389 + struct task_struct *t = iidev->thread; 390 + 391 + iidev->thread = NULL; 392 + iidev->stopping = true; 393 + up(&iidev->wake_thread); 394 + up(&iidev->got_rsp); 395 + kthread_stop(t); 396 + } 397 + } 398 + 399 + static void ipmi_ipmb_shutdown(void *send_info) 400 + { 401 + struct ipmi_ipmb_dev *iidev = send_info; 402 + 403 + ipmi_ipmb_stop_thread(iidev); 404 + } 405 + 406 + static void ipmi_ipmb_sender(void *send_info, 407 + struct ipmi_smi_msg *msg) 408 + { 409 + struct ipmi_ipmb_dev *iidev = send_info; 410 + unsigned long flags; 411 + 412 + spin_lock_irqsave(&iidev->lock, flags); 413 + BUG_ON(iidev->next_msg); 414 + 415 + iidev->next_msg = msg; 416 + spin_unlock_irqrestore(&iidev->lock, flags); 417 + 418 + up(&iidev->wake_thread); 419 + } 420 + 421 + static void ipmi_ipmb_request_events(void *send_info) 422 + { 423 + /* We don't fetch events here. */ 424 + } 425 + 426 + static int ipmi_ipmb_remove(struct i2c_client *client) 427 + { 428 + struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client); 429 + 430 + if (iidev->client) { 431 + iidev->client = NULL; 432 + i2c_slave_unregister(client); 433 + } 434 + ipmi_ipmb_stop_thread(iidev); 435 + 436 + return 0; 437 + } 438 + 439 + static int ipmi_ipmb_probe(struct i2c_client *client, 440 + const struct i2c_device_id *id) 441 + { 442 + struct device *dev = &client->dev; 443 + struct ipmi_ipmb_dev *iidev; 444 + int rv; 445 + 446 + iidev = devm_kzalloc(&client->dev, sizeof(*iidev), GFP_KERNEL); 447 + if (!iidev) 448 + return -ENOMEM; 449 + 450 + if (of_property_read_u8(dev->of_node, "bmcaddr", &iidev->bmcaddr) != 0) 451 + iidev->bmcaddr = bmcaddr; 452 + if (iidev->bmcaddr == 0 || iidev->bmcaddr & 1) { 453 + /* Can't have the write bit set. */ 454 + dev_notice(&client->dev, 455 + "Invalid bmc address value %2.2x\n", iidev->bmcaddr); 456 + return -EINVAL; 457 + } 458 + 459 + if (of_property_read_u32(dev->of_node, "retry-time", 460 + &iidev->retry_time_ms) != 0) 461 + iidev->retry_time_ms = retry_time_ms; 462 + 463 + if (of_property_read_u32(dev->of_node, "max-retries", 464 + &iidev->max_retries) != 0) 465 + iidev->max_retries = max_retries; 466 + 467 + i2c_set_clientdata(client, iidev); 468 + client->flags |= I2C_CLIENT_SLAVE; 469 + 470 + rv = i2c_slave_register(client, ipmi_ipmb_slave_cb); 471 + if (rv) 472 + return rv; 473 + 474 + iidev->client = client; 475 + 476 + iidev->handlers.flags = IPMI_SMI_CAN_HANDLE_IPMB_DIRECT; 477 + iidev->handlers.start_processing = ipmi_ipmb_start_processing; 478 + iidev->handlers.shutdown = ipmi_ipmb_shutdown; 479 + iidev->handlers.sender = ipmi_ipmb_sender; 480 + iidev->handlers.request_events = ipmi_ipmb_request_events; 481 + 482 + spin_lock_init(&iidev->lock); 483 + sema_init(&iidev->wake_thread, 0); 484 + sema_init(&iidev->got_rsp, 0); 485 + 486 + iidev->thread = kthread_run(ipmi_ipmb_thread, iidev, 487 + "kipmb%4.4x", client->addr); 488 + if (IS_ERR(iidev->thread)) { 489 + rv = PTR_ERR(iidev->thread); 490 + dev_notice(&client->dev, 491 + "Could not start kernel thread: error %d\n", rv); 492 + goto out_err; 493 + } 494 + 495 + rv = ipmi_register_smi(&iidev->handlers, 496 + iidev, 497 + &client->dev, 498 + iidev->bmcaddr); 499 + if (rv) 500 + goto out_err; 501 + 502 + return 0; 503 + 504 + out_err: 505 + ipmi_ipmb_remove(client); 506 + return rv; 507 + } 508 + 509 + #ifdef CONFIG_OF 510 + static const struct of_device_id of_ipmi_ipmb_match[] = { 511 + { .type = "ipmi", .compatible = DEVICE_NAME }, 512 + {}, 513 + }; 514 + MODULE_DEVICE_TABLE(of, of_ipmi_ipmb_match); 515 + #else 516 + #define of_ipmi_ipmb_match NULL 517 + #endif 518 + 519 + static const struct i2c_device_id ipmi_ipmb_id[] = { 520 + { DEVICE_NAME, 0 }, 521 + {}, 522 + }; 523 + MODULE_DEVICE_TABLE(i2c, ipmi_ipmb_id); 524 + 525 + static struct i2c_driver ipmi_ipmb_driver = { 526 + .class = I2C_CLASS_HWMON, 527 + .driver = { 528 + .name = DEVICE_NAME, 529 + .of_match_table = of_ipmi_ipmb_match, 530 + }, 531 + .probe = ipmi_ipmb_probe, 532 + .remove = ipmi_ipmb_remove, 533 + .id_table = ipmi_ipmb_id, 534 + }; 535 + module_i2c_driver(ipmi_ipmb_driver); 536 + 537 + MODULE_AUTHOR("Corey Minyard"); 538 + MODULE_DESCRIPTION("IPMI IPMB driver"); 539 + MODULE_LICENSE("GPL v2");

+282 -48

drivers/char/ipmi/ipmi_msghandler.c

··· 653 653 return addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE; 654 654 } 655 655 656 + static int is_ipmb_direct_addr(struct ipmi_addr *addr) 657 + { 658 + return addr->addr_type == IPMI_IPMB_DIRECT_ADDR_TYPE; 659 + } 660 + 656 661 static void free_recv_msg_list(struct list_head *q) 657 662 { 658 663 struct ipmi_recv_msg *msg, *msg2; ··· 810 805 && (ipmb_addr1->lun == ipmb_addr2->lun)); 811 806 } 812 807 808 + if (is_ipmb_direct_addr(addr1)) { 809 + struct ipmi_ipmb_direct_addr *daddr1 810 + = (struct ipmi_ipmb_direct_addr *) addr1; 811 + struct ipmi_ipmb_direct_addr *daddr2 812 + = (struct ipmi_ipmb_direct_addr *) addr2; 813 + 814 + return daddr1->slave_addr == daddr2->slave_addr && 815 + daddr1->rq_lun == daddr2->rq_lun && 816 + daddr1->rs_lun == daddr2->rs_lun; 817 + } 818 + 813 819 if (is_lan_addr(addr1)) { 814 820 struct ipmi_lan_addr *lan_addr1 815 821 = (struct ipmi_lan_addr *) addr1; ··· 859 843 return 0; 860 844 } 861 845 846 + if (is_ipmb_direct_addr(addr)) { 847 + struct ipmi_ipmb_direct_addr *daddr = (void *) addr; 848 + 849 + if (addr->channel != 0) 850 + return -EINVAL; 851 + if (len < sizeof(struct ipmi_ipmb_direct_addr)) 852 + return -EINVAL; 853 + 854 + if (daddr->slave_addr & 0x01) 855 + return -EINVAL; 856 + if (daddr->rq_lun >= 4) 857 + return -EINVAL; 858 + if (daddr->rs_lun >= 4) 859 + return -EINVAL; 860 + return 0; 861 + } 862 + 862 863 if (is_lan_addr(addr)) { 863 864 if (len < sizeof(struct ipmi_lan_addr)) 864 865 return -EINVAL; ··· 894 861 if ((addr_type == IPMI_IPMB_ADDR_TYPE) 895 862 || (addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)) 896 863 return sizeof(struct ipmi_ipmb_addr); 864 + 865 + if (addr_type == IPMI_IPMB_DIRECT_ADDR_TYPE) 866 + return sizeof(struct ipmi_ipmb_direct_addr); 897 867 898 868 if (addr_type == IPMI_LAN_ADDR_TYPE) 899 869 return sizeof(struct ipmi_lan_addr); ··· 1746 1710 } 1747 1711 EXPORT_SYMBOL(ipmi_unregister_for_cmd); 1748 1712 1749 - static unsigned char 1713 + unsigned char 1750 1714 ipmb_checksum(unsigned char *data, int size) 1751 1715 { 1752 1716 unsigned char csum = 0; ··· 1756 1720 1757 1721 return -csum; 1758 1722 } 1723 + EXPORT_SYMBOL(ipmb_checksum); 1759 1724 1760 1725 static inline void format_ipmb_msg(struct ipmi_smi_msg *smi_msg, 1761 1726 struct kernel_ipmi_msg *msg, ··· 2088 2051 return rv; 2089 2052 } 2090 2053 2054 + static int i_ipmi_req_ipmb_direct(struct ipmi_smi *intf, 2055 + struct ipmi_addr *addr, 2056 + long msgid, 2057 + struct kernel_ipmi_msg *msg, 2058 + struct ipmi_smi_msg *smi_msg, 2059 + struct ipmi_recv_msg *recv_msg, 2060 + unsigned char source_lun) 2061 + { 2062 + struct ipmi_ipmb_direct_addr *daddr; 2063 + bool is_cmd = !(recv_msg->msg.netfn & 0x1); 2064 + 2065 + if (!(intf->handlers->flags & IPMI_SMI_CAN_HANDLE_IPMB_DIRECT)) 2066 + return -EAFNOSUPPORT; 2067 + 2068 + /* Responses must have a completion code. */ 2069 + if (!is_cmd && msg->data_len < 1) { 2070 + ipmi_inc_stat(intf, sent_invalid_commands); 2071 + return -EINVAL; 2072 + } 2073 + 2074 + if ((msg->data_len + 4) > IPMI_MAX_MSG_LENGTH) { 2075 + ipmi_inc_stat(intf, sent_invalid_commands); 2076 + return -EMSGSIZE; 2077 + } 2078 + 2079 + daddr = (struct ipmi_ipmb_direct_addr *) addr; 2080 + if (daddr->rq_lun > 3 || daddr->rs_lun > 3) { 2081 + ipmi_inc_stat(intf, sent_invalid_commands); 2082 + return -EINVAL; 2083 + } 2084 + 2085 + smi_msg->type = IPMI_SMI_MSG_TYPE_IPMB_DIRECT; 2086 + smi_msg->msgid = msgid; 2087 + 2088 + if (is_cmd) { 2089 + smi_msg->data[0] = msg->netfn << 2 | daddr->rs_lun; 2090 + smi_msg->data[2] = recv_msg->msgid << 2 | daddr->rq_lun; 2091 + } else { 2092 + smi_msg->data[0] = msg->netfn << 2 | daddr->rq_lun; 2093 + smi_msg->data[2] = recv_msg->msgid << 2 | daddr->rs_lun; 2094 + } 2095 + smi_msg->data[1] = daddr->slave_addr; 2096 + smi_msg->data[3] = msg->cmd; 2097 + 2098 + memcpy(smi_msg->data + 4, msg->data, msg->data_len); 2099 + smi_msg->data_size = msg->data_len + 4; 2100 + 2101 + smi_msg->user_data = recv_msg; 2102 + 2103 + return 0; 2104 + } 2105 + 2091 2106 static int i_ipmi_req_lan(struct ipmi_smi *intf, 2092 2107 struct ipmi_addr *addr, 2093 2108 long msgid, ··· 2329 2240 rv = i_ipmi_req_ipmb(intf, addr, msgid, msg, smi_msg, recv_msg, 2330 2241 source_address, source_lun, 2331 2242 retries, retry_time_ms); 2243 + } else if (is_ipmb_direct_addr(addr)) { 2244 + rv = i_ipmi_req_ipmb_direct(intf, addr, msgid, msg, smi_msg, 2245 + recv_msg, source_lun); 2332 2246 } else if (is_lan_addr(addr)) { 2333 2247 rv = i_ipmi_req_lan(intf, addr, msgid, msg, smi_msg, recv_msg, 2334 2248 source_lun, retries, retry_time_ms); ··· 2461 2369 return; 2462 2370 } 2463 2371 2372 + if (msg->msg.data[0]) { 2373 + dev_warn(intf->si_dev, "device id fetch failed: 0x%2.2x\n", 2374 + msg->msg.data[0]); 2375 + intf->bmc->dyn_id_set = 0; 2376 + goto out; 2377 + } 2378 + 2464 2379 rv = ipmi_demangle_device_id(msg->msg.netfn, msg->msg.cmd, 2465 2380 msg->msg.data, msg->msg.data_len, &intf->bmc->fetch_id); 2466 2381 if (rv) { ··· 2483 2384 smp_wmb(); 2484 2385 intf->bmc->dyn_id_set = 1; 2485 2386 } 2486 - 2387 + out: 2487 2388 wake_up(&intf->waitq); 2488 2389 } 2489 2390 ··· 2716 2617 if (rv) 2717 2618 return rv; 2718 2619 2719 - return snprintf(buf, 10, "%u\n", id.device_id); 2620 + return sysfs_emit(buf, "%u\n", id.device_id); 2720 2621 } 2721 2622 static DEVICE_ATTR_RO(device_id); 2722 2623 ··· 2732 2633 if (rv) 2733 2634 return rv; 2734 2635 2735 - return snprintf(buf, 10, "%u\n", (id.device_revision & 0x80) >> 7); 2636 + return sysfs_emit(buf, "%u\n", (id.device_revision & 0x80) >> 7); 2736 2637 } 2737 2638 static DEVICE_ATTR_RO(provides_device_sdrs); 2738 2639 ··· 2747 2648 if (rv) 2748 2649 return rv; 2749 2650 2750 - return snprintf(buf, 20, "%u\n", id.device_revision & 0x0F); 2651 + return sysfs_emit(buf, "%u\n", id.device_revision & 0x0F); 2751 2652 } 2752 2653 static DEVICE_ATTR_RO(revision); 2753 2654 ··· 2763 2664 if (rv) 2764 2665 return rv; 2765 2666 2766 - return snprintf(buf, 20, "%u.%x\n", id.firmware_revision_1, 2667 + return sysfs_emit(buf, "%u.%x\n", id.firmware_revision_1, 2767 2668 id.firmware_revision_2); 2768 2669 } 2769 2670 static DEVICE_ATTR_RO(firmware_revision); ··· 2780 2681 if (rv) 2781 2682 return rv; 2782 2683 2783 - return snprintf(buf, 20, "%u.%u\n", 2684 + return sysfs_emit(buf, "%u.%u\n", 2784 2685 ipmi_version_major(&id), 2785 2686 ipmi_version_minor(&id)); 2786 2687 } ··· 2798 2699 if (rv) 2799 2700 return rv; 2800 2701 2801 - return snprintf(buf, 10, "0x%02x\n", id.additional_device_support); 2702 + return sysfs_emit(buf, "0x%02x\n", id.additional_device_support); 2802 2703 } 2803 2704 static DEVICE_ATTR(additional_device_support, S_IRUGO, add_dev_support_show, 2804 2705 NULL); ··· 2815 2716 if (rv) 2816 2717 return rv; 2817 2718 2818 - return snprintf(buf, 20, "0x%6.6x\n", id.manufacturer_id); 2719 + return sysfs_emit(buf, "0x%6.6x\n", id.manufacturer_id); 2819 2720 } 2820 2721 static DEVICE_ATTR_RO(manufacturer_id); 2821 2722 ··· 2831 2732 if (rv) 2832 2733 return rv; 2833 2734 2834 - return snprintf(buf, 10, "0x%4.4x\n", id.product_id); 2735 + return sysfs_emit(buf, "0x%4.4x\n", id.product_id); 2835 2736 } 2836 2737 static DEVICE_ATTR_RO(product_id); 2837 2738 ··· 2847 2748 if (rv) 2848 2749 return rv; 2849 2750 2850 - return snprintf(buf, 21, "0x%02x 0x%02x 0x%02x 0x%02x\n", 2751 + return sysfs_emit(buf, "0x%02x 0x%02x 0x%02x 0x%02x\n", 2851 2752 id.aux_firmware_revision[3], 2852 2753 id.aux_firmware_revision[2], 2853 2754 id.aux_firmware_revision[1], ··· 2869 2770 if (!guid_set) 2870 2771 return -ENOENT; 2871 2772 2872 - return snprintf(buf, UUID_STRING_LEN + 1 + 1, "%pUl\n", &guid); 2773 + return sysfs_emit(buf, "%pUl\n", &guid); 2873 2774 } 2874 2775 static DEVICE_ATTR_RO(guid); 2875 2776 ··· 3893 3794 return rv; 3894 3795 } 3895 3796 3797 + static int handle_ipmb_direct_rcv_cmd(struct ipmi_smi *intf, 3798 + struct ipmi_smi_msg *msg) 3799 + { 3800 + struct cmd_rcvr *rcvr; 3801 + int rv = 0; 3802 + struct ipmi_user *user = NULL; 3803 + struct ipmi_ipmb_direct_addr *daddr; 3804 + struct ipmi_recv_msg *recv_msg; 3805 + unsigned char netfn = msg->rsp[0] >> 2; 3806 + unsigned char cmd = msg->rsp[3]; 3807 + 3808 + rcu_read_lock(); 3809 + /* We always use channel 0 for direct messages. */ 3810 + rcvr = find_cmd_rcvr(intf, netfn, cmd, 0); 3811 + if (rcvr) { 3812 + user = rcvr->user; 3813 + kref_get(&user->refcount); 3814 + } else 3815 + user = NULL; 3816 + rcu_read_unlock(); 3817 + 3818 + if (user == NULL) { 3819 + /* We didn't find a user, deliver an error response. */ 3820 + ipmi_inc_stat(intf, unhandled_commands); 3821 + 3822 + msg->data[0] = ((netfn + 1) << 2) | (msg->rsp[4] & 0x3); 3823 + msg->data[1] = msg->rsp[2]; 3824 + msg->data[2] = msg->rsp[4] & ~0x3; 3825 + msg->data[3] = cmd; 3826 + msg->data[4] = IPMI_INVALID_CMD_COMPLETION_CODE; 3827 + msg->data_size = 5; 3828 + 3829 + rcu_read_lock(); 3830 + if (!intf->in_shutdown) { 3831 + smi_send(intf, intf->handlers, msg, 0); 3832 + /* 3833 + * We used the message, so return the value 3834 + * that causes it to not be freed or 3835 + * queued. 3836 + */ 3837 + rv = -1; 3838 + } 3839 + rcu_read_unlock(); 3840 + } else { 3841 + recv_msg = ipmi_alloc_recv_msg(); 3842 + if (!recv_msg) { 3843 + /* 3844 + * We couldn't allocate memory for the 3845 + * message, so requeue it for handling 3846 + * later. 3847 + */ 3848 + rv = 1; 3849 + kref_put(&user->refcount, free_user); 3850 + } else { 3851 + /* Extract the source address from the data. */ 3852 + daddr = (struct ipmi_ipmb_direct_addr *)&recv_msg->addr; 3853 + daddr->addr_type = IPMI_IPMB_DIRECT_ADDR_TYPE; 3854 + daddr->channel = 0; 3855 + daddr->slave_addr = msg->rsp[1]; 3856 + daddr->rs_lun = msg->rsp[0] & 3; 3857 + daddr->rq_lun = msg->rsp[2] & 3; 3858 + 3859 + /* 3860 + * Extract the rest of the message information 3861 + * from the IPMB header. 3862 + */ 3863 + recv_msg->user = user; 3864 + recv_msg->recv_type = IPMI_CMD_RECV_TYPE; 3865 + recv_msg->msgid = (msg->rsp[2] >> 2); 3866 + recv_msg->msg.netfn = msg->rsp[0] >> 2; 3867 + recv_msg->msg.cmd = msg->rsp[3]; 3868 + recv_msg->msg.data = recv_msg->msg_data; 3869 + 3870 + recv_msg->msg.data_len = msg->rsp_size - 4; 3871 + memcpy(recv_msg->msg_data, msg->rsp + 4, 3872 + msg->rsp_size - 4); 3873 + if (deliver_response(intf, recv_msg)) 3874 + ipmi_inc_stat(intf, unhandled_commands); 3875 + else 3876 + ipmi_inc_stat(intf, handled_commands); 3877 + } 3878 + } 3879 + 3880 + return rv; 3881 + } 3882 + 3883 + static int handle_ipmb_direct_rcv_rsp(struct ipmi_smi *intf, 3884 + struct ipmi_smi_msg *msg) 3885 + { 3886 + struct ipmi_recv_msg *recv_msg; 3887 + struct ipmi_ipmb_direct_addr *daddr; 3888 + 3889 + recv_msg = (struct ipmi_recv_msg *) msg->user_data; 3890 + if (recv_msg == NULL) { 3891 + dev_warn(intf->si_dev, 3892 + "IPMI message received with no owner. This could be because of a malformed message, or because of a hardware error. Contact your hardware vendor for assistance.\n"); 3893 + return 0; 3894 + } 3895 + 3896 + recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE; 3897 + recv_msg->msgid = msg->msgid; 3898 + daddr = (struct ipmi_ipmb_direct_addr *) &recv_msg->addr; 3899 + daddr->addr_type = IPMI_IPMB_DIRECT_ADDR_TYPE; 3900 + daddr->channel = 0; 3901 + daddr->slave_addr = msg->rsp[1]; 3902 + daddr->rq_lun = msg->rsp[0] & 3; 3903 + daddr->rs_lun = msg->rsp[2] & 3; 3904 + recv_msg->msg.netfn = msg->rsp[0] >> 2; 3905 + recv_msg->msg.cmd = msg->rsp[3]; 3906 + memcpy(recv_msg->msg_data, &msg->rsp[4], msg->rsp_size - 4); 3907 + recv_msg->msg.data = recv_msg->msg_data; 3908 + recv_msg->msg.data_len = msg->rsp_size - 4; 3909 + deliver_local_response(intf, recv_msg); 3910 + 3911 + return 0; 3912 + } 3913 + 3896 3914 static int handle_lan_get_msg_rsp(struct ipmi_smi *intf, 3897 3915 struct ipmi_smi_msg *msg) 3898 3916 { ··· 4435 4219 static int handle_one_recv_msg(struct ipmi_smi *intf, 4436 4220 struct ipmi_smi_msg *msg) 4437 4221 { 4438 - int requeue; 4222 + int requeue = 0; 4439 4223 int chan; 4224 + unsigned char cc; 4225 + bool is_cmd = !((msg->rsp[0] >> 2) & 1); 4440 4226 4441 4227 pr_debug("Recv: %*ph\n", msg->rsp_size, msg->rsp); 4442 4228 4443 - if ((msg->data_size >= 2) 4229 + if (msg->rsp_size < 2) { 4230 + /* Message is too small to be correct. */ 4231 + dev_warn(intf->si_dev, 4232 + "BMC returned too small a message for netfn %x cmd %x, got %d bytes\n", 4233 + (msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size); 4234 + 4235 + return_unspecified: 4236 + /* Generate an error response for the message. */ 4237 + msg->rsp[0] = msg->data[0] | (1 << 2); 4238 + msg->rsp[1] = msg->data[1]; 4239 + msg->rsp[2] = IPMI_ERR_UNSPECIFIED; 4240 + msg->rsp_size = 3; 4241 + } else if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) { 4242 + /* commands must have at least 3 bytes, responses 4. */ 4243 + if (is_cmd && (msg->rsp_size < 3)) { 4244 + ipmi_inc_stat(intf, invalid_commands); 4245 + goto out; 4246 + } 4247 + if (!is_cmd && (msg->rsp_size < 4)) 4248 + goto return_unspecified; 4249 + } else if ((msg->data_size >= 2) 4444 4250 && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2)) 4445 4251 && (msg->data[1] == IPMI_SEND_MSG_CMD) 4446 4252 && (msg->user_data == NULL)) { 4447 4253 4448 4254 if (intf->in_shutdown) 4449 - goto free_msg; 4255 + goto out; 4450 4256 4451 4257 /* 4452 4258 * This is the local response to a command send, start ··· 4503 4265 } else 4504 4266 /* The message was sent, start the timer. */ 4505 4267 intf_start_seq_timer(intf, msg->msgid); 4506 - free_msg: 4507 - requeue = 0; 4508 - goto out; 4509 - 4510 - } else if (msg->rsp_size < 2) { 4511 - /* Message is too small to be correct. */ 4512 - dev_warn(intf->si_dev, 4513 - "BMC returned too small a message for netfn %x cmd %x, got %d bytes\n", 4514 - (msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size); 4515 - 4516 - /* Generate an error response for the message. */ 4517 - msg->rsp[0] = msg->data[0] | (1 << 2); 4518 - msg->rsp[1] = msg->data[1]; 4519 - msg->rsp[2] = IPMI_ERR_UNSPECIFIED; 4520 - msg->rsp_size = 3; 4521 4268 } else if (((msg->rsp[0] >> 2) != ((msg->data[0] >> 2) | 1)) 4522 4269 || (msg->rsp[1] != msg->data[1])) { 4523 4270 /* ··· 4514 4291 (msg->data[0] >> 2) | 1, msg->data[1], 4515 4292 msg->rsp[0] >> 2, msg->rsp[1]); 4516 4293 4517 - /* Generate an error response for the message. */ 4518 - msg->rsp[0] = msg->data[0] | (1 << 2); 4519 - msg->rsp[1] = msg->data[1]; 4520 - msg->rsp[2] = IPMI_ERR_UNSPECIFIED; 4521 - msg->rsp_size = 3; 4294 + goto return_unspecified; 4522 4295 } 4523 4296 4524 - if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2)) 4525 - && (msg->rsp[1] == IPMI_SEND_MSG_CMD) 4526 - && (msg->user_data != NULL)) { 4297 + if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) { 4298 + if ((msg->data[0] >> 2) & 1) { 4299 + /* It's a response to a sent response. */ 4300 + chan = 0; 4301 + cc = msg->rsp[4]; 4302 + goto process_response_response; 4303 + } 4304 + if (is_cmd) 4305 + requeue = handle_ipmb_direct_rcv_cmd(intf, msg); 4306 + else 4307 + requeue = handle_ipmb_direct_rcv_rsp(intf, msg); 4308 + } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2)) 4309 + && (msg->rsp[1] == IPMI_SEND_MSG_CMD) 4310 + && (msg->user_data != NULL)) { 4527 4311 /* 4528 4312 * It's a response to a response we sent. For this we 4529 4313 * deliver a send message response to the user. 4530 4314 */ 4531 - struct ipmi_recv_msg *recv_msg = msg->user_data; 4532 - 4533 - requeue = 0; 4534 - if (msg->rsp_size < 2) 4535 - /* Message is too small to be correct. */ 4536 - goto out; 4315 + struct ipmi_recv_msg *recv_msg; 4537 4316 4538 4317 chan = msg->data[2] & 0x0f; 4539 4318 if (chan >= IPMI_MAX_CHANNELS) 4540 4319 /* Invalid channel number */ 4541 4320 goto out; 4321 + cc = msg->rsp[2]; 4542 4322 4323 + process_response_response: 4324 + recv_msg = msg->user_data; 4325 + 4326 + requeue = 0; 4543 4327 if (!recv_msg) 4544 4328 goto out; 4545 4329 4546 4330 recv_msg->recv_type = IPMI_RESPONSE_RESPONSE_TYPE; 4547 4331 recv_msg->msg.data = recv_msg->msg_data; 4332 + recv_msg->msg_data[0] = cc; 4548 4333 recv_msg->msg.data_len = 1; 4549 - recv_msg->msg_data[0] = msg->rsp[2]; 4550 4334 deliver_local_response(intf, recv_msg); 4551 4335 } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2)) 4552 4336 && (msg->rsp[1] == IPMI_GET_MSG_CMD)) { ··· 5019 4789 static void free_smi_msg(struct ipmi_smi_msg *msg) 5020 4790 { 5021 4791 atomic_dec(&smi_msg_inuse_count); 5022 - kfree(msg); 4792 + /* Try to keep as much stuff out of the panic path as possible. */ 4793 + if (!oops_in_progress) 4794 + kfree(msg); 5023 4795 } 5024 4796 5025 4797 struct ipmi_smi_msg *ipmi_alloc_smi_msg(void) ··· 5040 4808 static void free_recv_msg(struct ipmi_recv_msg *msg) 5041 4809 { 5042 4810 atomic_dec(&recv_msg_inuse_count); 5043 - kfree(msg); 4811 + /* Try to keep as much stuff out of the panic path as possible. */ 4812 + if (!oops_in_progress) 4813 + kfree(msg); 5044 4814 } 5045 4815 5046 4816 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void) ··· 5060 4826 5061 4827 void ipmi_free_recv_msg(struct ipmi_recv_msg *msg) 5062 4828 { 5063 - if (msg->user) 4829 + if (msg->user && !oops_in_progress) 5064 4830 kref_put(&msg->user->refcount, free_user); 5065 4831 msg->done(msg); 5066 4832 }

+4 -4

drivers/char/ipmi/ipmi_si_intf.c

··· 1603 1603 { \ 1604 1604 struct smi_info *smi_info = dev_get_drvdata(dev); \ 1605 1605 \ 1606 - return snprintf(buf, 10, "%u\n", smi_get_stat(smi_info, name)); \ 1606 + return sysfs_emit(buf, "%u\n", smi_get_stat(smi_info, name)); \ 1607 1607 } \ 1608 1608 static DEVICE_ATTR_RO(name) 1609 1609 ··· 1613 1613 { 1614 1614 struct smi_info *smi_info = dev_get_drvdata(dev); 1615 1615 1616 - return snprintf(buf, 10, "%s\n", si_to_str[smi_info->io.si_type]); 1616 + return sysfs_emit(buf, "%s\n", si_to_str[smi_info->io.si_type]); 1617 1617 } 1618 1618 static DEVICE_ATTR_RO(type); 1619 1619 ··· 1624 1624 struct smi_info *smi_info = dev_get_drvdata(dev); 1625 1625 int enabled = smi_info->io.irq && !smi_info->interrupt_disabled; 1626 1626 1627 - return snprintf(buf, 10, "%d\n", enabled); 1627 + return sysfs_emit(buf, "%d\n", enabled); 1628 1628 } 1629 1629 static DEVICE_ATTR_RO(interrupts_enabled); 1630 1630 ··· 1646 1646 { 1647 1647 struct smi_info *smi_info = dev_get_drvdata(dev); 1648 1648 1649 - return snprintf(buf, 200, 1649 + return sysfs_emit(buf, 1650 1650 "%s,%s,0x%lx,rsp=%d,rsi=%d,rsh=%d,irq=%d,ipmb=%d\n", 1651 1651 si_to_str[smi_info->io.si_type], 1652 1652 addr_space_to_str[smi_info->io.addr_space],

+2 -2

drivers/char/ipmi/ipmi_ssif.c

··· 1190 1190 { \ 1191 1191 struct ssif_info *ssif_info = dev_get_drvdata(dev); \ 1192 1192 \ 1193 - return snprintf(buf, 10, "%u\n", ssif_get_stat(ssif_info, name));\ 1193 + return sysfs_emit(buf, "%u\n", ssif_get_stat(ssif_info, name));\ 1194 1194 } \ 1195 1195 static DEVICE_ATTR(name, S_IRUGO, ipmi_##name##_show, NULL) 1196 1196 ··· 1198 1198 struct device_attribute *attr, 1199 1199 char *buf) 1200 1200 { 1201 - return snprintf(buf, 10, "ssif\n"); 1201 + return sysfs_emit(buf, "ssif\n"); 1202 1202 } 1203 1203 static DEVICE_ATTR(type, S_IRUGO, ipmi_type_show, NULL); 1204 1204

+16 -9

drivers/char/ipmi/ipmi_watchdog.c

··· 342 342 static DECLARE_COMPLETION(msg_wait); 343 343 static void msg_free_smi(struct ipmi_smi_msg *msg) 344 344 { 345 - if (atomic_dec_and_test(&msg_tofree)) 346 - complete(&msg_wait); 345 + if (atomic_dec_and_test(&msg_tofree)) { 346 + if (!oops_in_progress) 347 + complete(&msg_wait); 348 + } 347 349 } 348 350 static void msg_free_recv(struct ipmi_recv_msg *msg) 349 351 { 350 - if (atomic_dec_and_test(&msg_tofree)) 351 - complete(&msg_wait); 352 + if (atomic_dec_and_test(&msg_tofree)) { 353 + if (!oops_in_progress) 354 + complete(&msg_wait); 355 + } 352 356 } 353 357 static struct ipmi_smi_msg smi_msg = { 354 358 .done = msg_free_smi ··· 438 434 rv = __ipmi_set_timeout(&smi_msg, 439 435 &recv_msg, 440 436 &send_heartbeat_now); 441 - if (rv) 437 + if (rv) { 438 + atomic_set(&msg_tofree, 0); 442 439 return rv; 440 + } 443 441 444 442 wait_for_completion(&msg_wait); 445 443 ··· 503 497 msg.cmd = IPMI_WDOG_RESET_TIMER; 504 498 msg.data = NULL; 505 499 msg.data_len = 0; 506 - atomic_inc(&panic_done_count); 500 + atomic_add(2, &panic_done_count); 507 501 rv = ipmi_request_supply_msgs(watchdog_user, 508 502 (struct ipmi_addr *) &addr, 509 503 0, ··· 513 507 &panic_halt_heartbeat_recv_msg, 514 508 1); 515 509 if (rv) 516 - atomic_dec(&panic_done_count); 510 + atomic_sub(2, &panic_done_count); 517 511 } 518 512 519 513 static struct ipmi_smi_msg panic_halt_smi_msg = { ··· 537 531 /* Wait for the messages to be free. */ 538 532 while (atomic_read(&panic_done_count) != 0) 539 533 ipmi_poll_interface(watchdog_user); 540 - atomic_inc(&panic_done_count); 534 + atomic_add(2, &panic_done_count); 541 535 rv = __ipmi_set_timeout(&panic_halt_smi_msg, 542 536 &panic_halt_recv_msg, 543 537 &send_heartbeat_now); 544 538 if (rv) { 545 - atomic_dec(&panic_done_count); 539 + atomic_sub(2, &panic_done_count); 546 540 pr_warn("Unable to extend the watchdog timeout\n"); 547 541 } else { 548 542 if (send_heartbeat_now) ··· 586 580 &recv_msg, 587 581 1); 588 582 if (rv) { 583 + atomic_set(&msg_tofree, 0); 589 584 pr_warn("heartbeat send failure: %d\n", rv); 590 585 return rv; 591 586 }

+3 -1

drivers/char/ipmi/kcs_bmc_serio.c

··· 73 73 struct serio *port; 74 74 75 75 priv = devm_kzalloc(kcs_bmc->dev, sizeof(*priv), GFP_KERNEL); 76 + if (!priv) 77 + return -ENOMEM; 76 78 77 79 /* Use kzalloc() as the allocation is cleaned up with kfree() via serio_unregister_port() */ 78 80 port = kzalloc(sizeof(*port), GFP_KERNEL); 79 - if (!(priv && port)) 81 + if (!port) 80 82 return -ENOMEM; 81 83 82 84 port->id.type = SERIO_8042;

+3

include/linux/ipmi.h

··· 335 335 336 336 #define GET_DEVICE_ID_MAX_RETRY 5 337 337 338 + /* Helper function for computing the IPMB checksum of some data. */ 339 + unsigned char ipmb_checksum(unsigned char *data, int size); 340 + 338 341 #endif /* __LINUX_IPMI_H */

+59

include/linux/ipmi_smi.h

··· 39 39 #define IPMI_WATCH_MASK_CHECK_COMMANDS (1 << 2) 40 40 41 41 /* 42 + * SMI messages 43 + * 44 + * When communicating with an SMI, messages come in two formats: 45 + * 46 + * * Normal (to a BMC over a BMC interface) 47 + * 48 + * * IPMB (over a IPMB to another MC) 49 + * 50 + * When normal, commands are sent using the format defined by a 51 + * standard message over KCS (NetFn must be even): 52 + * 53 + * +-----------+-----+------+ 54 + * | NetFn/LUN | Cmd | Data | 55 + * +-----------+-----+------+ 56 + * 57 + * And responses, similarly, with an completion code added (NetFn must 58 + * be odd): 59 + * 60 + * +-----------+-----+------+------+ 61 + * | NetFn/LUN | Cmd | CC | Data | 62 + * +-----------+-----+------+------+ 63 + * 64 + * With normal messages, only commands are sent and only responses are 65 + * received. 66 + * 67 + * In IPMB mode, we are acting as an IPMB device. Commands will be in 68 + * the following format (NetFn must be even): 69 + * 70 + * +-------------+------+-------------+-----+------+ 71 + * | NetFn/rsLUN | Addr | rqSeq/rqLUN | Cmd | Data | 72 + * +-------------+------+-------------+-----+------+ 73 + * 74 + * Responses will using the following format: 75 + * 76 + * +-------------+------+-------------+-----+------+------+ 77 + * | NetFn/rqLUN | Addr | rqSeq/rsLUN | Cmd | CC | Data | 78 + * +-------------+------+-------------+-----+------+------+ 79 + * 80 + * This is similar to the format defined in the IPMB manual section 81 + * 2.11.1 with the checksums and the first address removed. Also, the 82 + * address is always the remote address. 83 + * 84 + * IPMB messages can be commands and responses in both directions. 85 + * Received commands are handled as received commands from the message 86 + * queue. 87 + */ 88 + 89 + enum ipmi_smi_msg_type { 90 + IPMI_SMI_MSG_TYPE_NORMAL = 0, 91 + IPMI_SMI_MSG_TYPE_IPMB_DIRECT 92 + }; 93 + 94 + /* 42 95 * Messages to/from the lower layer. The smi interface will take one 43 96 * of these to send. After the send has occurred and a response has 44 97 * been received, it will report this same data structure back up to ··· 106 53 */ 107 54 struct ipmi_smi_msg { 108 55 struct list_head link; 56 + 57 + enum ipmi_smi_msg_type type; 109 58 110 59 long msgid; 111 60 void *user_data; ··· 127 72 128 73 struct ipmi_smi_handlers { 129 74 struct module *owner; 75 + 76 + /* Capabilities of the SMI. */ 77 + #define IPMI_SMI_CAN_HANDLE_IPMB_DIRECT (1 << 0) 78 + unsigned int flags; 130 79 131 80 /* 132 81 * The low-level interface cannot start sending messages to

+15 -1

include/uapi/linux/ipmi.h

··· 81 81 }; 82 82 83 83 /* 84 + * Used for messages received directly from an IPMB that have not gone 85 + * through a MC. This is for systems that sit right on an IPMB so 86 + * they can receive commands and respond to them. 87 + */ 88 + #define IPMI_IPMB_DIRECT_ADDR_TYPE 0x81 89 + struct ipmi_ipmb_direct_addr { 90 + int addr_type; 91 + short channel; 92 + unsigned char slave_addr; 93 + unsigned char rs_lun; 94 + unsigned char rq_lun; 95 + }; 96 + 97 + /* 84 98 * A LAN Address. This is an address to/from a LAN interface bridged 85 99 * by the BMC, not an address actually out on the LAN. 86 100 * ··· 172 158 * is used for the receive in-kernel interface and in the receive 173 159 * IOCTL. 174 160 * 175 - * The "IPMI_RESPONSE_RESPNOSE_TYPE" is a little strange sounding, but 161 + * The "IPMI_RESPONSE_RESPONSE_TYPE" is a little strange sounding, but 176 162 * it allows you to get the message results when you send a response 177 163 * message. 178 164 */