1// SPDX-License-Identifier: GPL-2.0
2
3/*
4 * Driver to talk to a remote management controller on IPMB.
5 */
6
7#include <linux/acpi.h>
8#include <linux/errno.h>
9#include <linux/i2c.h>
10#include <linux/miscdevice.h>
11#include <linux/module.h>
12#include <linux/mutex.h>
13#include <linux/poll.h>
14#include <linux/slab.h>
15#include <linux/spinlock.h>
16#include <linux/semaphore.h>
17#include <linux/kthread.h>
18#include <linux/wait.h>
19#include <linux/ipmi_msgdefs.h>
20#include <linux/ipmi_smi.h>
21
22#define DEVICE_NAME "ipmi-ipmb"
23
24static int bmcaddr = 0x20;
25module_param(bmcaddr, int, 0644);
26MODULE_PARM_DESC(bmcaddr, "Address to use for BMC.");
27
28static unsigned int retry_time_ms = 250;
29module_param(retry_time_ms, uint, 0644);
30MODULE_PARM_DESC(retry_time_ms, "Timeout time between retries, in milliseconds.");
31
32static unsigned int max_retries = 1;
33module_param(max_retries, uint, 0644);
34MODULE_PARM_DESC(max_retries, "Max resends of a command before timing out.");
35
36/* Add room for the two slave addresses, two checksums, and rqSeq. */
37#define IPMB_MAX_MSG_LEN (IPMI_MAX_MSG_LENGTH + 5)
38
39struct ipmi_ipmb_dev {
40 struct ipmi_smi *intf;
41 struct i2c_client *client;
42 struct i2c_client *slave;
43
44 struct ipmi_smi_handlers handlers;
45
46 bool ready;
47
48 u8 curr_seq;
49
50 u8 bmcaddr;
51 u32 retry_time_ms;
52 u32 max_retries;
53
54 struct ipmi_smi_msg *next_msg;
55 struct ipmi_smi_msg *working_msg;
56
57 /* Transmit thread. */
58 struct task_struct *thread;
59 struct semaphore wake_thread;
60 struct semaphore got_rsp;
61 spinlock_t lock;
62 bool stopping;
63
64 u8 xmitmsg[IPMB_MAX_MSG_LEN];
65 unsigned int xmitlen;
66
67 u8 rcvmsg[IPMB_MAX_MSG_LEN];
68 unsigned int rcvlen;
69 bool overrun;
70};
71
72static bool valid_ipmb(struct ipmi_ipmb_dev *iidev)
73{
74 u8 *msg = iidev->rcvmsg;
75 u8 netfn;
76
77 if (iidev->overrun)
78 return false;
79
80 /* Minimum message size. */
81 if (iidev->rcvlen < 7)
82 return false;
83
84 /* Is it a response? */
85 netfn = msg[1] >> 2;
86 if (netfn & 1) {
87 /* Response messages have an added completion code. */
88 if (iidev->rcvlen < 8)
89 return false;
90 }
91
92 if (ipmb_checksum(data: msg, size: 3) != 0)
93 return false;
94 if (ipmb_checksum(data: msg + 3, size: iidev->rcvlen - 3) != 0)
95 return false;
96
97 return true;
98}
99
100static void ipmi_ipmb_check_msg_done(struct ipmi_ipmb_dev *iidev)
101{
102 struct ipmi_smi_msg *imsg = NULL;
103 u8 *msg = iidev->rcvmsg;
104 bool is_cmd;
105 unsigned long flags;
106
107 if (iidev->rcvlen == 0)
108 return;
109 if (!valid_ipmb(iidev))
110 goto done;
111
112 is_cmd = ((msg[1] >> 2) & 1) == 0;
113
114 if (is_cmd) {
115 /* Ignore commands until we are up. */
116 if (!iidev->ready)
117 goto done;
118
119 /* It's a command, allocate a message for it. */
120 imsg = ipmi_alloc_smi_msg();
121 if (!imsg)
122 goto done;
123 imsg->type = IPMI_SMI_MSG_TYPE_IPMB_DIRECT;
124 imsg->data_size = 0;
125 } else {
126 spin_lock_irqsave(&iidev->lock, flags);
127 if (iidev->working_msg) {
128 u8 seq = msg[4] >> 2;
129 bool xmit_rsp = (iidev->working_msg->data[0] >> 2) & 1;
130
131 /*
132 * Responses should carry the sequence we sent
133 * them with. If it's a transmitted response,
134 * ignore it. And if the message hasn't been
135 * transmitted, ignore it.
136 */
137 if (!xmit_rsp && seq == iidev->curr_seq) {
138 iidev->curr_seq = (iidev->curr_seq + 1) & 0x3f;
139
140 imsg = iidev->working_msg;
141 iidev->working_msg = NULL;
142 }
143 }
144 spin_unlock_irqrestore(lock: &iidev->lock, flags);
145 }
146
147 if (!imsg)
148 goto done;
149
150 if (imsg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
151 imsg->rsp[0] = msg[1]; /* NetFn/LUN */
152 /*
153 * Keep the source address, rqSeq. Drop the trailing
154 * checksum.
155 */
156 memcpy(imsg->rsp + 1, msg + 3, iidev->rcvlen - 4);
157 imsg->rsp_size = iidev->rcvlen - 3;
158 } else {
159 imsg->rsp[0] = msg[1]; /* NetFn/LUN */
160 /*
161 * Skip the source address, rqSeq. Drop the trailing
162 * checksum.
163 */
164 memcpy(imsg->rsp + 1, msg + 5, iidev->rcvlen - 6);
165 imsg->rsp_size = iidev->rcvlen - 5;
166 }
167 ipmi_smi_msg_received(intf: iidev->intf, msg: imsg);
168 if (!is_cmd)
169 up(sem: &iidev->got_rsp);
170
171done:
172 iidev->overrun = false;
173 iidev->rcvlen = 0;
174}
175
176/*
177 * The IPMB protocol only supports i2c writes so there is no need to
178 * support I2C_SLAVE_READ* events, except to know if the other end has
179 * issued a read without going to stop mode.
180 */
181static int ipmi_ipmb_slave_cb(struct i2c_client *client,
182 enum i2c_slave_event event, u8 *val)
183{
184 struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client);
185
186 switch (event) {
187 case I2C_SLAVE_WRITE_REQUESTED:
188 ipmi_ipmb_check_msg_done(iidev);
189 /*
190 * First byte is the slave address, to ease the checksum
191 * calculation.
192 */
193 iidev->rcvmsg[0] = client->addr << 1;
194 iidev->rcvlen = 1;
195 break;
196
197 case I2C_SLAVE_WRITE_RECEIVED:
198 if (iidev->rcvlen >= sizeof(iidev->rcvmsg))
199 iidev->overrun = true;
200 else
201 iidev->rcvmsg[iidev->rcvlen++] = *val;
202 break;
203
204 case I2C_SLAVE_READ_REQUESTED:
205 case I2C_SLAVE_STOP:
206 ipmi_ipmb_check_msg_done(iidev);
207 break;
208
209 case I2C_SLAVE_READ_PROCESSED:
210 break;
211 }
212
213 return 0;
214}
215
216static void ipmi_ipmb_send_response(struct ipmi_ipmb_dev *iidev,
217 struct ipmi_smi_msg *msg, u8 cc)
218{
219 if ((msg->data[0] >> 2) & 1) {
220 /*
221 * It's a response being sent, we need to return a
222 * response to the response. Fake a send msg command
223 * response with channel 0. This will always be ipmb
224 * direct.
225 */
226 msg->data[0] = (IPMI_NETFN_APP_REQUEST | 1) << 2;
227 msg->data[3] = IPMI_SEND_MSG_CMD;
228 msg->data[4] = cc;
229 msg->data_size = 5;
230 }
231 msg->rsp[0] = msg->data[0] | (1 << 2);
232 if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
233 msg->rsp[1] = msg->data[1];
234 msg->rsp[2] = msg->data[2];
235 msg->rsp[3] = msg->data[3];
236 msg->rsp[4] = cc;
237 msg->rsp_size = 5;
238 } else {
239 msg->rsp[1] = msg->data[1];
240 msg->rsp[2] = cc;
241 msg->rsp_size = 3;
242 }
243 ipmi_smi_msg_received(intf: iidev->intf, msg);
244}
245
246static void ipmi_ipmb_format_for_xmit(struct ipmi_ipmb_dev *iidev,
247 struct ipmi_smi_msg *msg)
248{
249 if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
250 iidev->xmitmsg[0] = msg->data[1];
251 iidev->xmitmsg[1] = msg->data[0];
252 memcpy(iidev->xmitmsg + 4, msg->data + 2, msg->data_size - 2);
253 iidev->xmitlen = msg->data_size + 2;
254 } else {
255 iidev->xmitmsg[0] = iidev->bmcaddr;
256 iidev->xmitmsg[1] = msg->data[0];
257 iidev->xmitmsg[4] = 0;
258 memcpy(iidev->xmitmsg + 5, msg->data + 1, msg->data_size - 1);
259 iidev->xmitlen = msg->data_size + 4;
260 }
261 iidev->xmitmsg[3] = iidev->slave->addr << 1;
262 if (((msg->data[0] >> 2) & 1) == 0)
263 /* If it's a command, put in our own sequence number. */
264 iidev->xmitmsg[4] = ((iidev->xmitmsg[4] & 0x03) |
265 (iidev->curr_seq << 2));
266
267 /* Now add on the final checksums. */
268 iidev->xmitmsg[2] = ipmb_checksum(data: iidev->xmitmsg, size: 2);
269 iidev->xmitmsg[iidev->xmitlen] =
270 ipmb_checksum(data: iidev->xmitmsg + 3, size: iidev->xmitlen - 3);
271 iidev->xmitlen++;
272}
273
274static int ipmi_ipmb_thread(void *data)
275{
276 struct ipmi_ipmb_dev *iidev = data;
277
278 while (!kthread_should_stop()) {
279 long ret;
280 struct i2c_msg i2c_msg;
281 struct ipmi_smi_msg *msg = NULL;
282 unsigned long flags;
283 unsigned int retries = 0;
284
285 /* Wait for a message to send */
286 ret = down_interruptible(sem: &iidev->wake_thread);
287 if (iidev->stopping)
288 break;
289 if (ret)
290 continue;
291
292 spin_lock_irqsave(&iidev->lock, flags);
293 if (iidev->next_msg) {
294 msg = iidev->next_msg;
295 iidev->next_msg = NULL;
296 }
297 spin_unlock_irqrestore(lock: &iidev->lock, flags);
298 if (!msg)
299 continue;
300
301 ipmi_ipmb_format_for_xmit(iidev, msg);
302
303retry:
304 i2c_msg.len = iidev->xmitlen - 1;
305 if (i2c_msg.len > 32) {
306 ipmi_ipmb_send_response(iidev, msg,
307 IPMI_REQ_LEN_EXCEEDED_ERR);
308 continue;
309 }
310
311 i2c_msg.addr = iidev->xmitmsg[0] >> 1;
312 i2c_msg.flags = 0;
313 i2c_msg.buf = iidev->xmitmsg + 1;
314
315 /* Rely on i2c_transfer for a barrier. */
316 iidev->working_msg = msg;
317
318 ret = i2c_transfer(adap: iidev->client->adapter, msgs: &i2c_msg, num: 1);
319
320 if ((msg->data[0] >> 2) & 1) {
321 /*
322 * It's a response, nothing will be returned
323 * by the other end.
324 */
325
326 iidev->working_msg = NULL;
327 ipmi_ipmb_send_response(iidev, msg,
328 cc: ret < 0 ? IPMI_BUS_ERR : 0);
329 continue;
330 }
331 if (ret < 0) {
332 iidev->working_msg = NULL;
333 ipmi_ipmb_send_response(iidev, msg, IPMI_BUS_ERR);
334 continue;
335 }
336
337 /* A command was sent, wait for its response. */
338 ret = down_timeout(sem: &iidev->got_rsp,
339 jiffies: msecs_to_jiffies(m: iidev->retry_time_ms));
340
341 /*
342 * Grab the message if we can. If the handler hasn't
343 * already handled it, the message will still be there.
344 */
345 spin_lock_irqsave(&iidev->lock, flags);
346 msg = iidev->working_msg;
347 iidev->working_msg = NULL;
348 spin_unlock_irqrestore(lock: &iidev->lock, flags);
349
350 if (!msg && ret) {
351 /*
352 * If working_msg is not set and we timed out,
353 * that means the message grabbed by
354 * check_msg_done before we could grab it
355 * here. Wait again for check_msg_done to up
356 * the semaphore.
357 */
358 down(sem: &iidev->got_rsp);
359 } else if (msg && ++retries <= iidev->max_retries) {
360 spin_lock_irqsave(&iidev->lock, flags);
361 iidev->working_msg = msg;
362 spin_unlock_irqrestore(lock: &iidev->lock, flags);
363 goto retry;
364 }
365
366 if (msg)
367 ipmi_ipmb_send_response(iidev, msg, IPMI_TIMEOUT_ERR);
368 }
369
370 if (iidev->next_msg)
371 /* Return an unspecified error. */
372 ipmi_ipmb_send_response(iidev, msg: iidev->next_msg, cc: 0xff);
373
374 return 0;
375}
376
377static int ipmi_ipmb_start_processing(void *send_info,
378 struct ipmi_smi *new_intf)
379{
380 struct ipmi_ipmb_dev *iidev = send_info;
381
382 iidev->intf = new_intf;
383 iidev->ready = true;
384 return 0;
385}
386
387static void ipmi_ipmb_stop_thread(struct ipmi_ipmb_dev *iidev)
388{
389 if (iidev->thread) {
390 struct task_struct *t = iidev->thread;
391
392 iidev->thread = NULL;
393 iidev->stopping = true;
394 up(sem: &iidev->wake_thread);
395 up(sem: &iidev->got_rsp);
396 kthread_stop(k: t);
397 }
398}
399
400static void ipmi_ipmb_shutdown(void *send_info)
401{
402 struct ipmi_ipmb_dev *iidev = send_info;
403
404 ipmi_ipmb_stop_thread(iidev);
405}
406
407static void ipmi_ipmb_sender(void *send_info,
408 struct ipmi_smi_msg *msg)
409{
410 struct ipmi_ipmb_dev *iidev = send_info;
411 unsigned long flags;
412
413 spin_lock_irqsave(&iidev->lock, flags);
414 BUG_ON(iidev->next_msg);
415
416 iidev->next_msg = msg;
417 spin_unlock_irqrestore(lock: &iidev->lock, flags);
418
419 up(sem: &iidev->wake_thread);
420}
421
422static void ipmi_ipmb_request_events(void *send_info)
423{
424 /* We don't fetch events here. */
425}
426
427static void ipmi_ipmb_cleanup(struct ipmi_ipmb_dev *iidev)
428{
429 if (iidev->slave) {
430 i2c_slave_unregister(client: iidev->slave);
431 if (iidev->slave != iidev->client)
432 i2c_unregister_device(client: iidev->slave);
433 }
434 iidev->slave = NULL;
435 iidev->client = NULL;
436 ipmi_ipmb_stop_thread(iidev);
437}
438
439static void ipmi_ipmb_remove(struct i2c_client *client)
440{
441 struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client);
442
443 ipmi_ipmb_cleanup(iidev);
444 ipmi_unregister_smi(intf: iidev->intf);
445}
446
447static int ipmi_ipmb_probe(struct i2c_client *client)
448{
449 struct device *dev = &client->dev;
450 struct ipmi_ipmb_dev *iidev;
451 struct device_node *slave_np;
452 struct i2c_adapter *slave_adap = NULL;
453 struct i2c_client *slave = NULL;
454 int rv;
455
456 iidev = devm_kzalloc(dev: &client->dev, size: sizeof(*iidev), GFP_KERNEL);
457 if (!iidev)
458 return -ENOMEM;
459
460 if (of_property_read_u8(np: dev->of_node, propname: "bmcaddr", out_value: &iidev->bmcaddr) != 0)
461 iidev->bmcaddr = bmcaddr;
462 if (iidev->bmcaddr == 0 || iidev->bmcaddr & 1) {
463 /* Can't have the write bit set. */
464 dev_notice(&client->dev,
465 "Invalid bmc address value %2.2x\n", iidev->bmcaddr);
466 return -EINVAL;
467 }
468
469 if (of_property_read_u32(np: dev->of_node, propname: "retry-time",
470 out_value: &iidev->retry_time_ms) != 0)
471 iidev->retry_time_ms = retry_time_ms;
472
473 if (of_property_read_u32(np: dev->of_node, propname: "max-retries",
474 out_value: &iidev->max_retries) != 0)
475 iidev->max_retries = max_retries;
476
477 slave_np = of_parse_phandle(np: dev->of_node, phandle_name: "slave-dev", index: 0);
478 if (slave_np) {
479 slave_adap = of_get_i2c_adapter_by_node(node: slave_np);
480 of_node_put(node: slave_np);
481 if (!slave_adap) {
482 dev_notice(&client->dev,
483 "Could not find slave adapter\n");
484 return -EINVAL;
485 }
486 }
487
488 iidev->client = client;
489
490 if (slave_adap) {
491 struct i2c_board_info binfo;
492
493 memset(&binfo, 0, sizeof(binfo));
494 strscpy(binfo.type, "ipmb-slave", I2C_NAME_SIZE);
495 binfo.addr = client->addr;
496 binfo.flags = I2C_CLIENT_SLAVE;
497 slave = i2c_new_client_device(adap: slave_adap, info: &binfo);
498 i2c_put_adapter(adap: slave_adap);
499 if (IS_ERR(ptr: slave)) {
500 rv = PTR_ERR(ptr: slave);
501 dev_notice(&client->dev,
502 "Could not allocate slave device: %d\n", rv);
503 return rv;
504 }
505 i2c_set_clientdata(client: slave, data: iidev);
506 } else {
507 slave = client;
508 }
509 i2c_set_clientdata(client, data: iidev);
510 slave->flags |= I2C_CLIENT_SLAVE;
511
512 rv = i2c_slave_register(client: slave, slave_cb: ipmi_ipmb_slave_cb);
513 if (rv)
514 goto out_err;
515 iidev->slave = slave;
516 slave = NULL;
517
518 iidev->handlers.flags = IPMI_SMI_CAN_HANDLE_IPMB_DIRECT;
519 iidev->handlers.start_processing = ipmi_ipmb_start_processing;
520 iidev->handlers.shutdown = ipmi_ipmb_shutdown;
521 iidev->handlers.sender = ipmi_ipmb_sender;
522 iidev->handlers.request_events = ipmi_ipmb_request_events;
523
524 spin_lock_init(&iidev->lock);
525 sema_init(sem: &iidev->wake_thread, val: 0);
526 sema_init(sem: &iidev->got_rsp, val: 0);
527
528 iidev->thread = kthread_run(ipmi_ipmb_thread, iidev,
529 "kipmb%4.4x", client->addr);
530 if (IS_ERR(ptr: iidev->thread)) {
531 rv = PTR_ERR(ptr: iidev->thread);
532 dev_notice(&client->dev,
533 "Could not start kernel thread: error %d\n", rv);
534 goto out_err;
535 }
536
537 rv = ipmi_register_smi(&iidev->handlers,
538 iidev,
539 &client->dev,
540 iidev->bmcaddr);
541 if (rv)
542 goto out_err;
543
544 return 0;
545
546out_err:
547 if (slave && slave != client)
548 i2c_unregister_device(client: slave);
549 ipmi_ipmb_cleanup(iidev);
550 return rv;
551}
552
553#ifdef CONFIG_OF
554static const struct of_device_id of_ipmi_ipmb_match[] = {
555 { .type = "ipmi", .compatible = DEVICE_NAME },
556 {},
557};
558MODULE_DEVICE_TABLE(of, of_ipmi_ipmb_match);
559#else
560#define of_ipmi_ipmb_match NULL
561#endif
562
563static const struct i2c_device_id ipmi_ipmb_id[] = {
564 { DEVICE_NAME, 0 },
565 {},
566};
567MODULE_DEVICE_TABLE(i2c, ipmi_ipmb_id);
568
569static struct i2c_driver ipmi_ipmb_driver = {
570 .class = I2C_CLASS_HWMON,
571 .driver = {
572 .name = DEVICE_NAME,
573 .of_match_table = of_ipmi_ipmb_match,
574 },
575 .probe = ipmi_ipmb_probe,
576 .remove = ipmi_ipmb_remove,
577 .id_table = ipmi_ipmb_id,
578};
579module_i2c_driver(ipmi_ipmb_driver);
580
581MODULE_AUTHOR("Corey Minyard");
582MODULE_DESCRIPTION("IPMI IPMB driver");
583MODULE_LICENSE("GPL v2");
584

source code of linux/drivers/char/ipmi/ipmi_ipmb.c