1 /*
2  *  ipmi_bt_sm.c
3  *
4  *  The state machine for an Open IPMI BT sub-driver under ipmi_si.c, part
5  *  of the driver architecture at http://sourceforge.net/projects/openipmi
6  *
7  *  Author:	Rocky Craig <first.last@hp.com>
8  *
9  *  This program is free software; you can redistribute it and/or modify it
10  *  under the terms of the GNU General Public License as published by the
11  *  Free Software Foundation; either version 2 of the License, or (at your
12  *  option) any later version.
13  *
14  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
15  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  *  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  *  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19  *  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
20  *  OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
21  *  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
22  *  TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
23  *  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  *  You should have received a copy of the GNU General Public License along
26  *  with this program; if not, write to the Free Software Foundation, Inc.,
27  *  675 Mass Ave, Cambridge, MA 02139, USA.  */
28 
29 #include <linux/kernel.h> /* For printk. */
30 #include <linux/string.h>
31 #include <linux/module.h>
32 #include <linux/moduleparam.h>
33 #include <linux/ipmi_msgdefs.h>		/* for completion codes */
34 #include "ipmi_si_sm.h"
35 
36 #define BT_DEBUG_OFF	0	/* Used in production */
37 #define BT_DEBUG_ENABLE	1	/* Generic messages */
38 #define BT_DEBUG_MSG	2	/* Prints all request/response buffers */
39 #define BT_DEBUG_STATES	4	/* Verbose look at state changes */
40 /*
41  * BT_DEBUG_OFF must be zero to correspond to the default uninitialized
42  * value
43  */
44 
45 static int bt_debug; /* 0 == BT_DEBUG_OFF */
46 
47 module_param(bt_debug, int, 0644);
48 MODULE_PARM_DESC(bt_debug, "debug bitmask, 1=enable, 2=messages, 4=states");
49 
50 /*
51  * Typical "Get BT Capabilities" values are 2-3 retries, 5-10 seconds,
52  * and 64 byte buffers.  However, one HP implementation wants 255 bytes of
53  * buffer (with a documented message of 160 bytes) so go for the max.
54  * Since the Open IPMI architecture is single-message oriented at this
55  * stage, the queue depth of BT is of no concern.
56  */
57 
58 #define BT_NORMAL_TIMEOUT	5	/* seconds */
59 #define BT_NORMAL_RETRY_LIMIT	2
60 #define BT_RESET_DELAY		6	/* seconds after warm reset */
61 
62 /*
63  * States are written in chronological order and usually cover
64  * multiple rows of the state table discussion in the IPMI spec.
65  */
66 
67 enum bt_states {
68 	BT_STATE_IDLE = 0,	/* Order is critical in this list */
69 	BT_STATE_XACTION_START,
70 	BT_STATE_WRITE_BYTES,
71 	BT_STATE_WRITE_CONSUME,
72 	BT_STATE_READ_WAIT,
73 	BT_STATE_CLEAR_B2H,
74 	BT_STATE_READ_BYTES,
75 	BT_STATE_RESET1,	/* These must come last */
76 	BT_STATE_RESET2,
77 	BT_STATE_RESET3,
78 	BT_STATE_RESTART,
79 	BT_STATE_PRINTME,
80 	BT_STATE_CAPABILITIES_BEGIN,
81 	BT_STATE_CAPABILITIES_END,
82 	BT_STATE_LONG_BUSY	/* BT doesn't get hosed :-) */
83 };
84 
85 /*
86  * Macros seen at the end of state "case" blocks.  They help with legibility
87  * and debugging.
88  */
89 
90 #define BT_STATE_CHANGE(X, Y) { bt->state = X; return Y; }
91 
92 #define BT_SI_SM_RETURN(Y)   { last_printed = BT_STATE_PRINTME; return Y; }
93 
94 struct si_sm_data {
95 	enum bt_states	state;
96 	unsigned char	seq;		/* BT sequence number */
97 	struct si_sm_io	*io;
98 	unsigned char	write_data[IPMI_MAX_MSG_LENGTH];
99 	int		write_count;
100 	unsigned char	read_data[IPMI_MAX_MSG_LENGTH];
101 	int		read_count;
102 	int		truncated;
103 	long		timeout;	/* microseconds countdown */
104 	int		error_retries;	/* end of "common" fields */
105 	int		nonzero_status;	/* hung BMCs stay all 0 */
106 	enum bt_states	complete;	/* to divert the state machine */
107 	int		BT_CAP_outreqs;
108 	long		BT_CAP_req2rsp;
109 	int		BT_CAP_retries;	/* Recommended retries */
110 };
111 
112 #define BT_CLR_WR_PTR	0x01	/* See IPMI 1.5 table 11.6.4 */
113 #define BT_CLR_RD_PTR	0x02
114 #define BT_H2B_ATN	0x04
115 #define BT_B2H_ATN	0x08
116 #define BT_SMS_ATN	0x10
117 #define BT_OEM0		0x20
118 #define BT_H_BUSY	0x40
119 #define BT_B_BUSY	0x80
120 
121 /*
122  * Some bits are toggled on each write: write once to set it, once
123  * more to clear it; writing a zero does nothing.  To absolutely
124  * clear it, check its state and write if set.  This avoids the "get
125  * current then use as mask" scheme to modify one bit.  Note that the
126  * variable "bt" is hardcoded into these macros.
127  */
128 
129 #define BT_STATUS	bt->io->inputb(bt->io, 0)
130 #define BT_CONTROL(x)	bt->io->outputb(bt->io, 0, x)
131 
132 #define BMC2HOST	bt->io->inputb(bt->io, 1)
133 #define HOST2BMC(x)	bt->io->outputb(bt->io, 1, x)
134 
135 #define BT_INTMASK_R	bt->io->inputb(bt->io, 2)
136 #define BT_INTMASK_W(x)	bt->io->outputb(bt->io, 2, x)
137 
138 /*
139  * Convenience routines for debugging.  These are not multi-open safe!
140  * Note the macros have hardcoded variables in them.
141  */
142 
state2txt(unsigned char state)143 static char *state2txt(unsigned char state)
144 {
145 	switch (state) {
146 	case BT_STATE_IDLE:		return("IDLE");
147 	case BT_STATE_XACTION_START:	return("XACTION");
148 	case BT_STATE_WRITE_BYTES:	return("WR_BYTES");
149 	case BT_STATE_WRITE_CONSUME:	return("WR_CONSUME");
150 	case BT_STATE_READ_WAIT:	return("RD_WAIT");
151 	case BT_STATE_CLEAR_B2H:	return("CLEAR_B2H");
152 	case BT_STATE_READ_BYTES:	return("RD_BYTES");
153 	case BT_STATE_RESET1:		return("RESET1");
154 	case BT_STATE_RESET2:		return("RESET2");
155 	case BT_STATE_RESET3:		return("RESET3");
156 	case BT_STATE_RESTART:		return("RESTART");
157 	case BT_STATE_LONG_BUSY:	return("LONG_BUSY");
158 	case BT_STATE_CAPABILITIES_BEGIN: return("CAP_BEGIN");
159 	case BT_STATE_CAPABILITIES_END:	return("CAP_END");
160 	}
161 	return("BAD STATE");
162 }
163 #define STATE2TXT state2txt(bt->state)
164 
status2txt(unsigned char status)165 static char *status2txt(unsigned char status)
166 {
167 	/*
168 	 * This cannot be called by two threads at the same time and
169 	 * the buffer is always consumed immediately, so the static is
170 	 * safe to use.
171 	 */
172 	static char buf[40];
173 
174 	strcpy(buf, "[ ");
175 	if (status & BT_B_BUSY)
176 		strcat(buf, "B_BUSY ");
177 	if (status & BT_H_BUSY)
178 		strcat(buf, "H_BUSY ");
179 	if (status & BT_OEM0)
180 		strcat(buf, "OEM0 ");
181 	if (status & BT_SMS_ATN)
182 		strcat(buf, "SMS ");
183 	if (status & BT_B2H_ATN)
184 		strcat(buf, "B2H ");
185 	if (status & BT_H2B_ATN)
186 		strcat(buf, "H2B ");
187 	strcat(buf, "]");
188 	return buf;
189 }
190 #define STATUS2TXT status2txt(status)
191 
192 /* called externally at insmod time, and internally on cleanup */
193 
bt_init_data(struct si_sm_data * bt,struct si_sm_io * io)194 static unsigned int bt_init_data(struct si_sm_data *bt, struct si_sm_io *io)
195 {
196 	memset(bt, 0, sizeof(struct si_sm_data));
197 	if (bt->io != io) {
198 		/* external: one-time only things */
199 		bt->io = io;
200 		bt->seq = 0;
201 	}
202 	bt->state = BT_STATE_IDLE;	/* start here */
203 	bt->complete = BT_STATE_IDLE;	/* end here */
204 	bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * 1000000;
205 	bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT;
206 	/* BT_CAP_outreqs == zero is a flag to read BT Capabilities */
207 	return 3; /* We claim 3 bytes of space; ought to check SPMI table */
208 }
209 
210 /* Jam a completion code (probably an error) into a response */
211 
force_result(struct si_sm_data * bt,unsigned char completion_code)212 static void force_result(struct si_sm_data *bt, unsigned char completion_code)
213 {
214 	bt->read_data[0] = 4;				/* # following bytes */
215 	bt->read_data[1] = bt->write_data[1] | 4;	/* Odd NetFn/LUN */
216 	bt->read_data[2] = bt->write_data[2];		/* seq (ignored) */
217 	bt->read_data[3] = bt->write_data[3];		/* Command */
218 	bt->read_data[4] = completion_code;
219 	bt->read_count = 5;
220 }
221 
222 /* The upper state machine starts here */
223 
bt_start_transaction(struct si_sm_data * bt,unsigned char * data,unsigned int size)224 static int bt_start_transaction(struct si_sm_data *bt,
225 				unsigned char *data,
226 				unsigned int size)
227 {
228 	unsigned int i;
229 
230 	if (size < 2)
231 		return IPMI_REQ_LEN_INVALID_ERR;
232 	if (size > IPMI_MAX_MSG_LENGTH)
233 		return IPMI_REQ_LEN_EXCEEDED_ERR;
234 
235 	if (bt->state == BT_STATE_LONG_BUSY)
236 		return IPMI_NODE_BUSY_ERR;
237 
238 	if (bt->state != BT_STATE_IDLE)
239 		return IPMI_NOT_IN_MY_STATE_ERR;
240 
241 	if (bt_debug & BT_DEBUG_MSG) {
242 		printk(KERN_WARNING "BT: +++++++++++++++++ New command\n");
243 		printk(KERN_WARNING "BT: NetFn/LUN CMD [%d data]:", size - 2);
244 		for (i = 0; i < size; i ++)
245 			printk(" %02x", data[i]);
246 		printk("\n");
247 	}
248 	bt->write_data[0] = size + 1;	/* all data plus seq byte */
249 	bt->write_data[1] = *data;	/* NetFn/LUN */
250 	bt->write_data[2] = bt->seq++;
251 	memcpy(bt->write_data + 3, data + 1, size - 1);
252 	bt->write_count = size + 2;
253 	bt->error_retries = 0;
254 	bt->nonzero_status = 0;
255 	bt->truncated = 0;
256 	bt->state = BT_STATE_XACTION_START;
257 	bt->timeout = bt->BT_CAP_req2rsp;
258 	force_result(bt, IPMI_ERR_UNSPECIFIED);
259 	return 0;
260 }
261 
262 /*
263  * After the upper state machine has been told SI_SM_TRANSACTION_COMPLETE
264  * it calls this.  Strip out the length and seq bytes.
265  */
266 
bt_get_result(struct si_sm_data * bt,unsigned char * data,unsigned int length)267 static int bt_get_result(struct si_sm_data *bt,
268 			 unsigned char *data,
269 			 unsigned int length)
270 {
271 	int i, msg_len;
272 
273 	msg_len = bt->read_count - 2;		/* account for length & seq */
274 	if (msg_len < 3 || msg_len > IPMI_MAX_MSG_LENGTH) {
275 		force_result(bt, IPMI_ERR_UNSPECIFIED);
276 		msg_len = 3;
277 	}
278 	data[0] = bt->read_data[1];
279 	data[1] = bt->read_data[3];
280 	if (length < msg_len || bt->truncated) {
281 		data[2] = IPMI_ERR_MSG_TRUNCATED;
282 		msg_len = 3;
283 	} else
284 		memcpy(data + 2, bt->read_data + 4, msg_len - 2);
285 
286 	if (bt_debug & BT_DEBUG_MSG) {
287 		printk(KERN_WARNING "BT: result %d bytes:", msg_len);
288 		for (i = 0; i < msg_len; i++)
289 			printk(" %02x", data[i]);
290 		printk("\n");
291 	}
292 	return msg_len;
293 }
294 
295 /* This bit's functionality is optional */
296 #define BT_BMC_HWRST	0x80
297 
reset_flags(struct si_sm_data * bt)298 static void reset_flags(struct si_sm_data *bt)
299 {
300 	if (bt_debug)
301 		printk(KERN_WARNING "IPMI BT: flag reset %s\n",
302 					status2txt(BT_STATUS));
303 	if (BT_STATUS & BT_H_BUSY)
304 		BT_CONTROL(BT_H_BUSY);	/* force clear */
305 	BT_CONTROL(BT_CLR_WR_PTR);	/* always reset */
306 	BT_CONTROL(BT_SMS_ATN);		/* always clear */
307 	BT_INTMASK_W(BT_BMC_HWRST);
308 }
309 
310 /*
311  * Get rid of an unwanted/stale response.  This should only be needed for
312  * BMCs that support multiple outstanding requests.
313  */
314 
drain_BMC2HOST(struct si_sm_data * bt)315 static void drain_BMC2HOST(struct si_sm_data *bt)
316 {
317 	int i, size;
318 
319 	if (!(BT_STATUS & BT_B2H_ATN)) 	/* Not signalling a response */
320 		return;
321 
322 	BT_CONTROL(BT_H_BUSY);		/* now set */
323 	BT_CONTROL(BT_B2H_ATN);		/* always clear */
324 	BT_STATUS;			/* pause */
325 	BT_CONTROL(BT_B2H_ATN);		/* some BMCs are stubborn */
326 	BT_CONTROL(BT_CLR_RD_PTR);	/* always reset */
327 	if (bt_debug)
328 		printk(KERN_WARNING "IPMI BT: stale response %s; ",
329 			status2txt(BT_STATUS));
330 	size = BMC2HOST;
331 	for (i = 0; i < size ; i++)
332 		BMC2HOST;
333 	BT_CONTROL(BT_H_BUSY);		/* now clear */
334 	if (bt_debug)
335 		printk("drained %d bytes\n", size + 1);
336 }
337 
write_all_bytes(struct si_sm_data * bt)338 static inline void write_all_bytes(struct si_sm_data *bt)
339 {
340 	int i;
341 
342 	if (bt_debug & BT_DEBUG_MSG) {
343 		printk(KERN_WARNING "BT: write %d bytes seq=0x%02X",
344 			bt->write_count, bt->seq);
345 		for (i = 0; i < bt->write_count; i++)
346 			printk(" %02x", bt->write_data[i]);
347 		printk("\n");
348 	}
349 	for (i = 0; i < bt->write_count; i++)
350 		HOST2BMC(bt->write_data[i]);
351 }
352 
read_all_bytes(struct si_sm_data * bt)353 static inline int read_all_bytes(struct si_sm_data *bt)
354 {
355 	unsigned char i;
356 
357 	/*
358 	 * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
359 	 * Keep layout of first four bytes aligned with write_data[]
360 	 */
361 
362 	bt->read_data[0] = BMC2HOST;
363 	bt->read_count = bt->read_data[0];
364 
365 	if (bt->read_count < 4 || bt->read_count >= IPMI_MAX_MSG_LENGTH) {
366 		if (bt_debug & BT_DEBUG_MSG)
367 			printk(KERN_WARNING "BT: bad raw rsp len=%d\n",
368 				bt->read_count);
369 		bt->truncated = 1;
370 		return 1;	/* let next XACTION START clean it up */
371 	}
372 	for (i = 1; i <= bt->read_count; i++)
373 		bt->read_data[i] = BMC2HOST;
374 	bt->read_count++;	/* Account internally for length byte */
375 
376 	if (bt_debug & BT_DEBUG_MSG) {
377 		int max = bt->read_count;
378 
379 		printk(KERN_WARNING "BT: got %d bytes seq=0x%02X",
380 			max, bt->read_data[2]);
381 		if (max > 16)
382 			max = 16;
383 		for (i = 0; i < max; i++)
384 			printk(KERN_CONT " %02x", bt->read_data[i]);
385 		printk(KERN_CONT "%s\n", bt->read_count == max ? "" : " ...");
386 	}
387 
388 	/* per the spec, the (NetFn[1], Seq[2], Cmd[3]) tuples must match */
389 	if ((bt->read_data[3] == bt->write_data[3]) &&
390 	    (bt->read_data[2] == bt->write_data[2]) &&
391 	    ((bt->read_data[1] & 0xF8) == (bt->write_data[1] & 0xF8)))
392 			return 1;
393 
394 	if (bt_debug & BT_DEBUG_MSG)
395 		printk(KERN_WARNING "IPMI BT: bad packet: "
396 		"want 0x(%02X, %02X, %02X) got (%02X, %02X, %02X)\n",
397 		bt->write_data[1] | 0x04, bt->write_data[2], bt->write_data[3],
398 		bt->read_data[1],  bt->read_data[2],  bt->read_data[3]);
399 	return 0;
400 }
401 
402 /* Restart if retries are left, or return an error completion code */
403 
error_recovery(struct si_sm_data * bt,unsigned char status,unsigned char cCode)404 static enum si_sm_result error_recovery(struct si_sm_data *bt,
405 					unsigned char status,
406 					unsigned char cCode)
407 {
408 	char *reason;
409 
410 	bt->timeout = bt->BT_CAP_req2rsp;
411 
412 	switch (cCode) {
413 	case IPMI_TIMEOUT_ERR:
414 		reason = "timeout";
415 		break;
416 	default:
417 		reason = "internal error";
418 		break;
419 	}
420 
421 	printk(KERN_WARNING "IPMI BT: %s in %s %s ", 	/* open-ended line */
422 		reason, STATE2TXT, STATUS2TXT);
423 
424 	/*
425 	 * Per the IPMI spec, retries are based on the sequence number
426 	 * known only to this module, so manage a restart here.
427 	 */
428 	(bt->error_retries)++;
429 	if (bt->error_retries < bt->BT_CAP_retries) {
430 		printk("%d retries left\n",
431 			bt->BT_CAP_retries - bt->error_retries);
432 		bt->state = BT_STATE_RESTART;
433 		return SI_SM_CALL_WITHOUT_DELAY;
434 	}
435 
436 	printk(KERN_WARNING "failed %d retries, sending error response\n",
437 	       bt->BT_CAP_retries);
438 	if (!bt->nonzero_status)
439 		printk(KERN_ERR "IPMI BT: stuck, try power cycle\n");
440 
441 	/* this is most likely during insmod */
442 	else if (bt->seq <= (unsigned char)(bt->BT_CAP_retries & 0xFF)) {
443 		printk(KERN_WARNING "IPMI: BT reset (takes 5 secs)\n");
444 		bt->state = BT_STATE_RESET1;
445 		return SI_SM_CALL_WITHOUT_DELAY;
446 	}
447 
448 	/*
449 	 * Concoct a useful error message, set up the next state, and
450 	 * be done with this sequence.
451 	 */
452 
453 	bt->state = BT_STATE_IDLE;
454 	switch (cCode) {
455 	case IPMI_TIMEOUT_ERR:
456 		if (status & BT_B_BUSY) {
457 			cCode = IPMI_NODE_BUSY_ERR;
458 			bt->state = BT_STATE_LONG_BUSY;
459 		}
460 		break;
461 	default:
462 		break;
463 	}
464 	force_result(bt, cCode);
465 	return SI_SM_TRANSACTION_COMPLETE;
466 }
467 
468 /* Check status and (usually) take action and change this state machine. */
469 
bt_event(struct si_sm_data * bt,long time)470 static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
471 {
472 	unsigned char status, BT_CAP[8];
473 	static enum bt_states last_printed = BT_STATE_PRINTME;
474 	int i;
475 
476 	status = BT_STATUS;
477 	bt->nonzero_status |= status;
478 	if ((bt_debug & BT_DEBUG_STATES) && (bt->state != last_printed)) {
479 		printk(KERN_WARNING "BT: %s %s TO=%ld - %ld \n",
480 			STATE2TXT,
481 			STATUS2TXT,
482 			bt->timeout,
483 			time);
484 		last_printed = bt->state;
485 	}
486 
487 	/*
488 	 * Commands that time out may still (eventually) provide a response.
489 	 * This stale response will get in the way of a new response so remove
490 	 * it if possible (hopefully during IDLE).  Even if it comes up later
491 	 * it will be rejected by its (now-forgotten) seq number.
492 	 */
493 
494 	if ((bt->state < BT_STATE_WRITE_BYTES) && (status & BT_B2H_ATN)) {
495 		drain_BMC2HOST(bt);
496 		BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
497 	}
498 
499 	if ((bt->state != BT_STATE_IDLE) &&
500 	    (bt->state <  BT_STATE_PRINTME)) {
501 		/* check timeout */
502 		bt->timeout -= time;
503 		if ((bt->timeout < 0) && (bt->state < BT_STATE_RESET1))
504 			return error_recovery(bt,
505 					      status,
506 					      IPMI_TIMEOUT_ERR);
507 	}
508 
509 	switch (bt->state) {
510 
511 	/*
512 	 * Idle state first checks for asynchronous messages from another
513 	 * channel, then does some opportunistic housekeeping.
514 	 */
515 
516 	case BT_STATE_IDLE:
517 		if (status & BT_SMS_ATN) {
518 			BT_CONTROL(BT_SMS_ATN);	/* clear it */
519 			return SI_SM_ATTN;
520 		}
521 
522 		if (status & BT_H_BUSY)		/* clear a leftover H_BUSY */
523 			BT_CONTROL(BT_H_BUSY);
524 
525 		/* Read BT capabilities if it hasn't been done yet */
526 		if (!bt->BT_CAP_outreqs)
527 			BT_STATE_CHANGE(BT_STATE_CAPABILITIES_BEGIN,
528 					SI_SM_CALL_WITHOUT_DELAY);
529 		bt->timeout = bt->BT_CAP_req2rsp;
530 		BT_SI_SM_RETURN(SI_SM_IDLE);
531 
532 	case BT_STATE_XACTION_START:
533 		if (status & (BT_B_BUSY | BT_H2B_ATN))
534 			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
535 		if (BT_STATUS & BT_H_BUSY)
536 			BT_CONTROL(BT_H_BUSY);	/* force clear */
537 		BT_STATE_CHANGE(BT_STATE_WRITE_BYTES,
538 				SI_SM_CALL_WITHOUT_DELAY);
539 
540 	case BT_STATE_WRITE_BYTES:
541 		if (status & BT_H_BUSY)
542 			BT_CONTROL(BT_H_BUSY);	/* clear */
543 		BT_CONTROL(BT_CLR_WR_PTR);
544 		write_all_bytes(bt);
545 		BT_CONTROL(BT_H2B_ATN);	/* can clear too fast to catch */
546 		BT_STATE_CHANGE(BT_STATE_WRITE_CONSUME,
547 				SI_SM_CALL_WITHOUT_DELAY);
548 
549 	case BT_STATE_WRITE_CONSUME:
550 		if (status & (BT_B_BUSY | BT_H2B_ATN))
551 			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
552 		BT_STATE_CHANGE(BT_STATE_READ_WAIT,
553 				SI_SM_CALL_WITHOUT_DELAY);
554 
555 	/* Spinning hard can suppress B2H_ATN and force a timeout */
556 
557 	case BT_STATE_READ_WAIT:
558 		if (!(status & BT_B2H_ATN))
559 			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
560 		BT_CONTROL(BT_H_BUSY);		/* set */
561 
562 		/*
563 		 * Uncached, ordered writes should just proceeed serially but
564 		 * some BMCs don't clear B2H_ATN with one hit.  Fast-path a
565 		 * workaround without too much penalty to the general case.
566 		 */
567 
568 		BT_CONTROL(BT_B2H_ATN);		/* clear it to ACK the BMC */
569 		BT_STATE_CHANGE(BT_STATE_CLEAR_B2H,
570 				SI_SM_CALL_WITHOUT_DELAY);
571 
572 	case BT_STATE_CLEAR_B2H:
573 		if (status & BT_B2H_ATN) {
574 			/* keep hitting it */
575 			BT_CONTROL(BT_B2H_ATN);
576 			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
577 		}
578 		BT_STATE_CHANGE(BT_STATE_READ_BYTES,
579 				SI_SM_CALL_WITHOUT_DELAY);
580 
581 	case BT_STATE_READ_BYTES:
582 		if (!(status & BT_H_BUSY))
583 			/* check in case of retry */
584 			BT_CONTROL(BT_H_BUSY);
585 		BT_CONTROL(BT_CLR_RD_PTR);	/* start of BMC2HOST buffer */
586 		i = read_all_bytes(bt);		/* true == packet seq match */
587 		BT_CONTROL(BT_H_BUSY);		/* NOW clear */
588 		if (!i) 			/* Not my message */
589 			BT_STATE_CHANGE(BT_STATE_READ_WAIT,
590 					SI_SM_CALL_WITHOUT_DELAY);
591 		bt->state = bt->complete;
592 		return bt->state == BT_STATE_IDLE ?	/* where to next? */
593 			SI_SM_TRANSACTION_COMPLETE :	/* normal */
594 			SI_SM_CALL_WITHOUT_DELAY;	/* Startup magic */
595 
596 	case BT_STATE_LONG_BUSY:	/* For example: after FW update */
597 		if (!(status & BT_B_BUSY)) {
598 			reset_flags(bt);	/* next state is now IDLE */
599 			bt_init_data(bt, bt->io);
600 		}
601 		return SI_SM_CALL_WITH_DELAY;	/* No repeat printing */
602 
603 	case BT_STATE_RESET1:
604 		reset_flags(bt);
605 		drain_BMC2HOST(bt);
606 		BT_STATE_CHANGE(BT_STATE_RESET2,
607 				SI_SM_CALL_WITH_DELAY);
608 
609 	case BT_STATE_RESET2:		/* Send a soft reset */
610 		BT_CONTROL(BT_CLR_WR_PTR);
611 		HOST2BMC(3);		/* number of bytes following */
612 		HOST2BMC(0x18);		/* NetFn/LUN == Application, LUN 0 */
613 		HOST2BMC(42);		/* Sequence number */
614 		HOST2BMC(3);		/* Cmd == Soft reset */
615 		BT_CONTROL(BT_H2B_ATN);
616 		bt->timeout = BT_RESET_DELAY * 1000000;
617 		BT_STATE_CHANGE(BT_STATE_RESET3,
618 				SI_SM_CALL_WITH_DELAY);
619 
620 	case BT_STATE_RESET3:		/* Hold off everything for a bit */
621 		if (bt->timeout > 0)
622 			return SI_SM_CALL_WITH_DELAY;
623 		drain_BMC2HOST(bt);
624 		BT_STATE_CHANGE(BT_STATE_RESTART,
625 				SI_SM_CALL_WITH_DELAY);
626 
627 	case BT_STATE_RESTART:		/* don't reset retries or seq! */
628 		bt->read_count = 0;
629 		bt->nonzero_status = 0;
630 		bt->timeout = bt->BT_CAP_req2rsp;
631 		BT_STATE_CHANGE(BT_STATE_XACTION_START,
632 				SI_SM_CALL_WITH_DELAY);
633 
634 	/*
635 	 * Get BT Capabilities, using timing of upper level state machine.
636 	 * Set outreqs to prevent infinite loop on timeout.
637 	 */
638 	case BT_STATE_CAPABILITIES_BEGIN:
639 		bt->BT_CAP_outreqs = 1;
640 		{
641 			unsigned char GetBT_CAP[] = { 0x18, 0x36 };
642 			bt->state = BT_STATE_IDLE;
643 			bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP));
644 		}
645 		bt->complete = BT_STATE_CAPABILITIES_END;
646 		BT_STATE_CHANGE(BT_STATE_XACTION_START,
647 				SI_SM_CALL_WITH_DELAY);
648 
649 	case BT_STATE_CAPABILITIES_END:
650 		i = bt_get_result(bt, BT_CAP, sizeof(BT_CAP));
651 		bt_init_data(bt, bt->io);
652 		if ((i == 8) && !BT_CAP[2]) {
653 			bt->BT_CAP_outreqs = BT_CAP[3];
654 			bt->BT_CAP_req2rsp = BT_CAP[6] * 1000000;
655 			bt->BT_CAP_retries = BT_CAP[7];
656 		} else
657 			printk(KERN_WARNING "IPMI BT: using default values\n");
658 		if (!bt->BT_CAP_outreqs)
659 			bt->BT_CAP_outreqs = 1;
660 		printk(KERN_WARNING "IPMI BT: req2rsp=%ld secs retries=%d\n",
661 			bt->BT_CAP_req2rsp / 1000000L, bt->BT_CAP_retries);
662 		bt->timeout = bt->BT_CAP_req2rsp;
663 		return SI_SM_CALL_WITHOUT_DELAY;
664 
665 	default:	/* should never occur */
666 		return error_recovery(bt,
667 				      status,
668 				      IPMI_ERR_UNSPECIFIED);
669 	}
670 	return SI_SM_CALL_WITH_DELAY;
671 }
672 
bt_detect(struct si_sm_data * bt)673 static int bt_detect(struct si_sm_data *bt)
674 {
675 	/*
676 	 * It's impossible for the BT status and interrupt registers to be
677 	 * all 1's, (assuming a properly functioning, self-initialized BMC)
678 	 * but that's what you get from reading a bogus address, so we
679 	 * test that first.  The calling routine uses negative logic.
680 	 */
681 
682 	if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF))
683 		return 1;
684 	reset_flags(bt);
685 	return 0;
686 }
687 
bt_cleanup(struct si_sm_data * bt)688 static void bt_cleanup(struct si_sm_data *bt)
689 {
690 }
691 
bt_size(void)692 static int bt_size(void)
693 {
694 	return sizeof(struct si_sm_data);
695 }
696 
697 struct si_sm_handlers bt_smi_handlers = {
698 	.init_data		= bt_init_data,
699 	.start_transaction	= bt_start_transaction,
700 	.get_result		= bt_get_result,
701 	.event			= bt_event,
702 	.detect			= bt_detect,
703 	.cleanup		= bt_cleanup,
704 	.size			= bt_size,
705 };
706