1 // SPDX-License-Identifier: GPL-2.0
2
3 /*
4 * Driver to talk to a remote management controller on IPMB.
5 */
6
7 #include <linux/acpi.h>
8 #include <linux/errno.h>
9 #include <linux/i2c.h>
10 #include <linux/miscdevice.h>
11 #include <linux/module.h>
12 #include <linux/mutex.h>
13 #include <linux/poll.h>
14 #include <linux/slab.h>
15 #include <linux/spinlock.h>
16 #include <linux/semaphore.h>
17 #include <linux/kthread.h>
18 #include <linux/wait.h>
19 #include <linux/ipmi_msgdefs.h>
20 #include <linux/ipmi_smi.h>
21
22 #define DEVICE_NAME "ipmi-ipmb"
23
24 static int bmcaddr = 0x20;
25 module_param(bmcaddr, int, 0644);
26 MODULE_PARM_DESC(bmcaddr, "Address to use for BMC.");
27
28 static unsigned int retry_time_ms = 250;
29 module_param(retry_time_ms, uint, 0644);
30 MODULE_PARM_DESC(max_retries, "Timeout time between retries, in milliseconds.");
31
32 static unsigned int max_retries = 1;
33 module_param(max_retries, uint, 0644);
34 MODULE_PARM_DESC(max_retries, "Max resends of a command before timing out.");
35
36 /* Add room for the two slave addresses, two checksums, and rqSeq. */
37 #define IPMB_MAX_MSG_LEN (IPMI_MAX_MSG_LENGTH + 5)
38
39 struct ipmi_ipmb_dev {
40 struct ipmi_smi *intf;
41 struct i2c_client *client;
42
43 struct ipmi_smi_handlers handlers;
44
45 bool ready;
46
47 u8 curr_seq;
48
49 u8 bmcaddr;
50 u32 retry_time_ms;
51 u32 max_retries;
52
53 struct ipmi_smi_msg *next_msg;
54 struct ipmi_smi_msg *working_msg;
55
56 /* Transmit thread. */
57 struct task_struct *thread;
58 struct semaphore wake_thread;
59 struct semaphore got_rsp;
60 spinlock_t lock;
61 bool stopping;
62
63 u8 xmitmsg[IPMB_MAX_MSG_LEN];
64 unsigned int xmitlen;
65
66 u8 rcvmsg[IPMB_MAX_MSG_LEN];
67 unsigned int rcvlen;
68 bool overrun;
69 };
70
valid_ipmb(struct ipmi_ipmb_dev * iidev)71 static bool valid_ipmb(struct ipmi_ipmb_dev *iidev)
72 {
73 u8 *msg = iidev->rcvmsg;
74 u8 netfn;
75
76 if (iidev->overrun)
77 return false;
78
79 /* Minimum message size. */
80 if (iidev->rcvlen < 7)
81 return false;
82
83 /* Is it a response? */
84 netfn = msg[1] >> 2;
85 if (netfn & 1) {
86 /* Response messages have an added completion code. */
87 if (iidev->rcvlen < 8)
88 return false;
89 }
90
91 if (ipmb_checksum(msg, 3) != 0)
92 return false;
93 if (ipmb_checksum(msg + 3, iidev->rcvlen - 3) != 0)
94 return false;
95
96 return true;
97 }
98
ipmi_ipmb_check_msg_done(struct ipmi_ipmb_dev * iidev)99 static void ipmi_ipmb_check_msg_done(struct ipmi_ipmb_dev *iidev)
100 {
101 struct ipmi_smi_msg *imsg = NULL;
102 u8 *msg = iidev->rcvmsg;
103 bool is_cmd;
104 unsigned long flags;
105
106 if (iidev->rcvlen == 0)
107 return;
108 if (!valid_ipmb(iidev))
109 goto done;
110
111 is_cmd = ((msg[1] >> 2) & 1) == 0;
112
113 if (is_cmd) {
114 /* Ignore commands until we are up. */
115 if (!iidev->ready)
116 goto done;
117
118 /* It's a command, allocate a message for it. */
119 imsg = ipmi_alloc_smi_msg();
120 if (!imsg)
121 goto done;
122 imsg->type = IPMI_SMI_MSG_TYPE_IPMB_DIRECT;
123 imsg->data_size = 0;
124 } else {
125 spin_lock_irqsave(&iidev->lock, flags);
126 if (iidev->working_msg) {
127 u8 seq = msg[4] >> 2;
128 bool xmit_rsp = (iidev->working_msg->data[0] >> 2) & 1;
129
130 /*
131 * Responses should carry the sequence we sent
132 * them with. If it's a transmitted response,
133 * ignore it. And if the message hasn't been
134 * transmitted, ignore it.
135 */
136 if (!xmit_rsp && seq == iidev->curr_seq) {
137 iidev->curr_seq = (iidev->curr_seq + 1) & 0x3f;
138
139 imsg = iidev->working_msg;
140 iidev->working_msg = NULL;
141 }
142 }
143 spin_unlock_irqrestore(&iidev->lock, flags);
144 }
145
146 if (!imsg)
147 goto done;
148
149 if (imsg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
150 imsg->rsp[0] = msg[1]; /* NetFn/LUN */
151 /*
152 * Keep the source address, rqSeq. Drop the trailing
153 * checksum.
154 */
155 memcpy(imsg->rsp + 1, msg + 3, iidev->rcvlen - 4);
156 imsg->rsp_size = iidev->rcvlen - 3;
157 } else {
158 imsg->rsp[0] = msg[1]; /* NetFn/LUN */
159 /*
160 * Skip the source address, rqSeq. Drop the trailing
161 * checksum.
162 */
163 memcpy(imsg->rsp + 1, msg + 5, iidev->rcvlen - 6);
164 imsg->rsp_size = iidev->rcvlen - 5;
165 }
166 ipmi_smi_msg_received(iidev->intf, imsg);
167 if (!is_cmd)
168 up(&iidev->got_rsp);
169
170 done:
171 iidev->overrun = false;
172 iidev->rcvlen = 0;
173 }
174
175 /*
176 * The IPMB protocol only supports i2c writes so there is no need to
177 * support I2C_SLAVE_READ* events, except to know if the other end has
178 * issued a read without going to stop mode.
179 */
ipmi_ipmb_slave_cb(struct i2c_client * client,enum i2c_slave_event event,u8 * val)180 static int ipmi_ipmb_slave_cb(struct i2c_client *client,
181 enum i2c_slave_event event, u8 *val)
182 {
183 struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client);
184
185 switch (event) {
186 case I2C_SLAVE_WRITE_REQUESTED:
187 ipmi_ipmb_check_msg_done(iidev);
188 /*
189 * First byte is the slave address, to ease the checksum
190 * calculation.
191 */
192 iidev->rcvmsg[0] = client->addr << 1;
193 iidev->rcvlen = 1;
194 break;
195
196 case I2C_SLAVE_WRITE_RECEIVED:
197 if (iidev->rcvlen >= sizeof(iidev->rcvmsg))
198 iidev->overrun = true;
199 else
200 iidev->rcvmsg[iidev->rcvlen++] = *val;
201 break;
202
203 case I2C_SLAVE_READ_REQUESTED:
204 case I2C_SLAVE_STOP:
205 ipmi_ipmb_check_msg_done(iidev);
206 break;
207
208 case I2C_SLAVE_READ_PROCESSED:
209 break;
210 }
211
212 return 0;
213 }
214
ipmi_ipmb_send_response(struct ipmi_ipmb_dev * iidev,struct ipmi_smi_msg * msg,u8 cc)215 static void ipmi_ipmb_send_response(struct ipmi_ipmb_dev *iidev,
216 struct ipmi_smi_msg *msg, u8 cc)
217 {
218 if ((msg->data[0] >> 2) & 1) {
219 /*
220 * It's a response being sent, we needto return a
221 * response response. Fake a send msg command
222 * response with channel 0. This will always be ipmb
223 * direct.
224 */
225 msg->data[0] = (IPMI_NETFN_APP_REQUEST | 1) << 2;
226 msg->data[3] = IPMI_SEND_MSG_CMD;
227 msg->data[4] = cc;
228 msg->data_size = 5;
229 }
230 msg->rsp[0] = msg->data[0] | (1 << 2);
231 if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
232 msg->rsp[1] = msg->data[1];
233 msg->rsp[2] = msg->data[2];
234 msg->rsp[3] = msg->data[3];
235 msg->rsp[4] = cc;
236 msg->rsp_size = 5;
237 } else {
238 msg->rsp[1] = msg->data[1];
239 msg->rsp[2] = cc;
240 msg->rsp_size = 3;
241 }
242 ipmi_smi_msg_received(iidev->intf, msg);
243 }
244
ipmi_ipmb_format_for_xmit(struct ipmi_ipmb_dev * iidev,struct ipmi_smi_msg * msg)245 static void ipmi_ipmb_format_for_xmit(struct ipmi_ipmb_dev *iidev,
246 struct ipmi_smi_msg *msg)
247 {
248 if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
249 iidev->xmitmsg[0] = msg->data[1];
250 iidev->xmitmsg[1] = msg->data[0];
251 memcpy(iidev->xmitmsg + 4, msg->data + 2, msg->data_size - 2);
252 iidev->xmitlen = msg->data_size + 2;
253 } else {
254 iidev->xmitmsg[0] = iidev->bmcaddr;
255 iidev->xmitmsg[1] = msg->data[0];
256 iidev->xmitmsg[4] = 0;
257 memcpy(iidev->xmitmsg + 5, msg->data + 1, msg->data_size - 1);
258 iidev->xmitlen = msg->data_size + 4;
259 }
260 iidev->xmitmsg[3] = iidev->client->addr << 1;
261 if (((msg->data[0] >> 2) & 1) == 0)
262 /* If it's a command, put in our own sequence number. */
263 iidev->xmitmsg[4] = ((iidev->xmitmsg[4] & 0x03) |
264 (iidev->curr_seq << 2));
265
266 /* Now add on the final checksums. */
267 iidev->xmitmsg[2] = ipmb_checksum(iidev->xmitmsg, 2);
268 iidev->xmitmsg[iidev->xmitlen] =
269 ipmb_checksum(iidev->xmitmsg + 3, iidev->xmitlen - 3);
270 iidev->xmitlen++;
271 }
272
ipmi_ipmb_thread(void * data)273 static int ipmi_ipmb_thread(void *data)
274 {
275 struct ipmi_ipmb_dev *iidev = data;
276
277 while (!kthread_should_stop()) {
278 long ret;
279 struct i2c_msg i2c_msg;
280 struct ipmi_smi_msg *msg = NULL;
281 unsigned long flags;
282 unsigned int retries = 0;
283
284 /* Wait for a message to send */
285 ret = down_interruptible(&iidev->wake_thread);
286 if (iidev->stopping)
287 break;
288 if (ret)
289 continue;
290
291 spin_lock_irqsave(&iidev->lock, flags);
292 if (iidev->next_msg) {
293 msg = iidev->next_msg;
294 iidev->next_msg = NULL;
295 }
296 spin_unlock_irqrestore(&iidev->lock, flags);
297 if (!msg)
298 continue;
299
300 ipmi_ipmb_format_for_xmit(iidev, msg);
301
302 retry:
303 i2c_msg.len = iidev->xmitlen - 1;
304 if (i2c_msg.len > 32) {
305 ipmi_ipmb_send_response(iidev, msg,
306 IPMI_REQ_LEN_EXCEEDED_ERR);
307 continue;
308 }
309
310 i2c_msg.addr = iidev->xmitmsg[0] >> 1;
311 i2c_msg.flags = 0;
312 i2c_msg.buf = iidev->xmitmsg + 1;
313
314 /* Rely on i2c_transfer for a barrier. */
315 iidev->working_msg = msg;
316
317 ret = i2c_transfer(iidev->client->adapter, &i2c_msg, 1);
318
319 if ((msg->data[0] >> 2) & 1) {
320 /*
321 * It's a response, nothing will be returned
322 * by the other end.
323 */
324
325 iidev->working_msg = NULL;
326 ipmi_ipmb_send_response(iidev, msg,
327 ret < 0 ? IPMI_BUS_ERR : 0);
328 continue;
329 }
330 if (ret < 0) {
331 iidev->working_msg = NULL;
332 ipmi_ipmb_send_response(iidev, msg, IPMI_BUS_ERR);
333 continue;
334 }
335
336 /* A command was sent, wait for its response. */
337 ret = down_timeout(&iidev->got_rsp,
338 msecs_to_jiffies(iidev->retry_time_ms));
339
340 /*
341 * Grab the message if we can. If the handler hasn't
342 * already handled it, the message will still be there.
343 */
344 spin_lock_irqsave(&iidev->lock, flags);
345 msg = iidev->working_msg;
346 iidev->working_msg = NULL;
347 spin_unlock_irqrestore(&iidev->lock, flags);
348
349 if (!msg && ret) {
350 /*
351 * If working_msg is not set and we timed out,
352 * that means the message grabbed by
353 * check_msg_done before we could grab it
354 * here. Wait again for check_msg_done to up
355 * the semaphore.
356 */
357 down(&iidev->got_rsp);
358 } else if (msg && ++retries <= iidev->max_retries) {
359 spin_lock_irqsave(&iidev->lock, flags);
360 iidev->working_msg = msg;
361 spin_unlock_irqrestore(&iidev->lock, flags);
362 goto retry;
363 }
364
365 if (msg)
366 ipmi_ipmb_send_response(iidev, msg, IPMI_TIMEOUT_ERR);
367 }
368
369 if (iidev->next_msg)
370 /* Return an unspecified error. */
371 ipmi_ipmb_send_response(iidev, iidev->next_msg, 0xff);
372
373 return 0;
374 }
375
ipmi_ipmb_start_processing(void * send_info,struct ipmi_smi * new_intf)376 static int ipmi_ipmb_start_processing(void *send_info,
377 struct ipmi_smi *new_intf)
378 {
379 struct ipmi_ipmb_dev *iidev = send_info;
380
381 iidev->intf = new_intf;
382 iidev->ready = true;
383 return 0;
384 }
385
ipmi_ipmb_stop_thread(struct ipmi_ipmb_dev * iidev)386 static void ipmi_ipmb_stop_thread(struct ipmi_ipmb_dev *iidev)
387 {
388 if (iidev->thread) {
389 struct task_struct *t = iidev->thread;
390
391 iidev->thread = NULL;
392 iidev->stopping = true;
393 up(&iidev->wake_thread);
394 up(&iidev->got_rsp);
395 kthread_stop(t);
396 }
397 }
398
ipmi_ipmb_shutdown(void * send_info)399 static void ipmi_ipmb_shutdown(void *send_info)
400 {
401 struct ipmi_ipmb_dev *iidev = send_info;
402
403 ipmi_ipmb_stop_thread(iidev);
404 }
405
ipmi_ipmb_sender(void * send_info,struct ipmi_smi_msg * msg)406 static void ipmi_ipmb_sender(void *send_info,
407 struct ipmi_smi_msg *msg)
408 {
409 struct ipmi_ipmb_dev *iidev = send_info;
410 unsigned long flags;
411
412 spin_lock_irqsave(&iidev->lock, flags);
413 BUG_ON(iidev->next_msg);
414
415 iidev->next_msg = msg;
416 spin_unlock_irqrestore(&iidev->lock, flags);
417
418 up(&iidev->wake_thread);
419 }
420
ipmi_ipmb_request_events(void * send_info)421 static void ipmi_ipmb_request_events(void *send_info)
422 {
423 /* We don't fetch events here. */
424 }
425
ipmi_ipmb_remove(struct i2c_client * client)426 static int ipmi_ipmb_remove(struct i2c_client *client)
427 {
428 struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client);
429
430 if (iidev->client) {
431 iidev->client = NULL;
432 i2c_slave_unregister(client);
433 }
434 ipmi_ipmb_stop_thread(iidev);
435
436 return 0;
437 }
438
ipmi_ipmb_probe(struct i2c_client * client,const struct i2c_device_id * id)439 static int ipmi_ipmb_probe(struct i2c_client *client,
440 const struct i2c_device_id *id)
441 {
442 struct device *dev = &client->dev;
443 struct ipmi_ipmb_dev *iidev;
444 int rv;
445
446 iidev = devm_kzalloc(&client->dev, sizeof(*iidev), GFP_KERNEL);
447 if (!iidev)
448 return -ENOMEM;
449
450 if (of_property_read_u8(dev->of_node, "bmcaddr", &iidev->bmcaddr) != 0)
451 iidev->bmcaddr = bmcaddr;
452 if (iidev->bmcaddr == 0 || iidev->bmcaddr & 1) {
453 /* Can't have the write bit set. */
454 dev_notice(&client->dev,
455 "Invalid bmc address value %2.2x\n", iidev->bmcaddr);
456 return -EINVAL;
457 }
458
459 if (of_property_read_u32(dev->of_node, "retry-time",
460 &iidev->retry_time_ms) != 0)
461 iidev->retry_time_ms = retry_time_ms;
462
463 if (of_property_read_u32(dev->of_node, "max-retries",
464 &iidev->max_retries) != 0)
465 iidev->max_retries = max_retries;
466
467 i2c_set_clientdata(client, iidev);
468 client->flags |= I2C_CLIENT_SLAVE;
469
470 rv = i2c_slave_register(client, ipmi_ipmb_slave_cb);
471 if (rv)
472 return rv;
473
474 iidev->client = client;
475
476 iidev->handlers.flags = IPMI_SMI_CAN_HANDLE_IPMB_DIRECT;
477 iidev->handlers.start_processing = ipmi_ipmb_start_processing;
478 iidev->handlers.shutdown = ipmi_ipmb_shutdown;
479 iidev->handlers.sender = ipmi_ipmb_sender;
480 iidev->handlers.request_events = ipmi_ipmb_request_events;
481
482 spin_lock_init(&iidev->lock);
483 sema_init(&iidev->wake_thread, 0);
484 sema_init(&iidev->got_rsp, 0);
485
486 iidev->thread = kthread_run(ipmi_ipmb_thread, iidev,
487 "kipmb%4.4x", client->addr);
488 if (IS_ERR(iidev->thread)) {
489 rv = PTR_ERR(iidev->thread);
490 dev_notice(&client->dev,
491 "Could not start kernel thread: error %d\n", rv);
492 goto out_err;
493 }
494
495 rv = ipmi_register_smi(&iidev->handlers,
496 iidev,
497 &client->dev,
498 iidev->bmcaddr);
499 if (rv)
500 goto out_err;
501
502 return 0;
503
504 out_err:
505 ipmi_ipmb_remove(client);
506 return rv;
507 }
508
509 #ifdef CONFIG_OF
510 static const struct of_device_id of_ipmi_ipmb_match[] = {
511 { .type = "ipmi", .compatible = DEVICE_NAME },
512 {},
513 };
514 MODULE_DEVICE_TABLE(of, of_ipmi_ipmb_match);
515 #else
516 #define of_ipmi_ipmb_match NULL
517 #endif
518
519 static const struct i2c_device_id ipmi_ipmb_id[] = {
520 { DEVICE_NAME, 0 },
521 {},
522 };
523 MODULE_DEVICE_TABLE(i2c, ipmi_ipmb_id);
524
525 static struct i2c_driver ipmi_ipmb_driver = {
526 .class = I2C_CLASS_HWMON,
527 .driver = {
528 .name = DEVICE_NAME,
529 .of_match_table = of_ipmi_ipmb_match,
530 },
531 .probe = ipmi_ipmb_probe,
532 .remove = ipmi_ipmb_remove,
533 .id_table = ipmi_ipmb_id,
534 };
535 module_i2c_driver(ipmi_ipmb_driver);
536
537 MODULE_AUTHOR("Corey Minyard");
538 MODULE_DESCRIPTION("IPMI IPMB driver");
539 MODULE_LICENSE("GPL v2");
540