1 // SPDX-License-Identifier: GPL-2.0
2 
3 /*
4  * Driver to talk to a remote management controller on IPMB.
5  */
6 
7 #include <linux/acpi.h>
8 #include <linux/errno.h>
9 #include <linux/i2c.h>
10 #include <linux/miscdevice.h>
11 #include <linux/module.h>
12 #include <linux/mutex.h>
13 #include <linux/poll.h>
14 #include <linux/slab.h>
15 #include <linux/spinlock.h>
16 #include <linux/semaphore.h>
17 #include <linux/kthread.h>
18 #include <linux/wait.h>
19 #include <linux/ipmi_msgdefs.h>
20 #include <linux/ipmi_smi.h>
21 
22 #define DEVICE_NAME "ipmi-ipmb"
23 
24 static int bmcaddr = 0x20;
25 module_param(bmcaddr, int, 0644);
26 MODULE_PARM_DESC(bmcaddr, "Address to use for BMC.");
27 
28 static unsigned int retry_time_ms = 250;
29 module_param(retry_time_ms, uint, 0644);
30 MODULE_PARM_DESC(retry_time_ms, "Timeout time between retries, in milliseconds.");
31 
32 static unsigned int max_retries = 1;
33 module_param(max_retries, uint, 0644);
34 MODULE_PARM_DESC(max_retries, "Max resends of a command before timing out.");
35 
36 /* Add room for the two slave addresses, two checksums, and rqSeq. */
37 #define IPMB_MAX_MSG_LEN (IPMI_MAX_MSG_LENGTH + 5)
38 
39 struct ipmi_ipmb_dev {
40 	struct ipmi_smi *intf;
41 	struct i2c_client *client;
42 	struct i2c_client *slave;
43 
44 	struct ipmi_smi_handlers handlers;
45 
46 	bool ready;
47 
48 	u8 curr_seq;
49 
50 	u8 bmcaddr;
51 	u32 retry_time_ms;
52 	u32 max_retries;
53 
54 	struct ipmi_smi_msg *next_msg;
55 	struct ipmi_smi_msg *working_msg;
56 
57 	/* Transmit thread. */
58 	struct task_struct *thread;
59 	struct semaphore wake_thread;
60 	struct semaphore got_rsp;
61 	spinlock_t lock;
62 	bool stopping;
63 
64 	u8 xmitmsg[IPMB_MAX_MSG_LEN];
65 	unsigned int xmitlen;
66 
67 	u8 rcvmsg[IPMB_MAX_MSG_LEN];
68 	unsigned int rcvlen;
69 	bool overrun;
70 };
71 
valid_ipmb(struct ipmi_ipmb_dev * iidev)72 static bool valid_ipmb(struct ipmi_ipmb_dev *iidev)
73 {
74 	u8 *msg = iidev->rcvmsg;
75 	u8 netfn;
76 
77 	if (iidev->overrun)
78 		return false;
79 
80 	/* Minimum message size. */
81 	if (iidev->rcvlen < 7)
82 		return false;
83 
84 	/* Is it a response? */
85 	netfn = msg[1] >> 2;
86 	if (netfn & 1) {
87 		/* Response messages have an added completion code. */
88 		if (iidev->rcvlen < 8)
89 			return false;
90 	}
91 
92 	if (ipmb_checksum(msg, 3) != 0)
93 		return false;
94 	if (ipmb_checksum(msg + 3, iidev->rcvlen - 3) != 0)
95 		return false;
96 
97 	return true;
98 }
99 
ipmi_ipmb_check_msg_done(struct ipmi_ipmb_dev * iidev)100 static void ipmi_ipmb_check_msg_done(struct ipmi_ipmb_dev *iidev)
101 {
102 	struct ipmi_smi_msg *imsg = NULL;
103 	u8 *msg = iidev->rcvmsg;
104 	bool is_cmd;
105 	unsigned long flags;
106 
107 	if (iidev->rcvlen == 0)
108 		return;
109 	if (!valid_ipmb(iidev))
110 		goto done;
111 
112 	is_cmd = ((msg[1] >> 2) & 1) == 0;
113 
114 	if (is_cmd) {
115 		/* Ignore commands until we are up. */
116 		if (!iidev->ready)
117 			goto done;
118 
119 		/* It's a command, allocate a message for it. */
120 		imsg = ipmi_alloc_smi_msg();
121 		if (!imsg)
122 			goto done;
123 		imsg->type = IPMI_SMI_MSG_TYPE_IPMB_DIRECT;
124 		imsg->data_size = 0;
125 	} else {
126 		spin_lock_irqsave(&iidev->lock, flags);
127 		if (iidev->working_msg) {
128 			u8 seq = msg[4] >> 2;
129 			bool xmit_rsp = (iidev->working_msg->data[0] >> 2) & 1;
130 
131 			/*
132 			 * Responses should carry the sequence we sent
133 			 * them with.  If it's a transmitted response,
134 			 * ignore it.  And if the message hasn't been
135 			 * transmitted, ignore it.
136 			 */
137 			if (!xmit_rsp && seq == iidev->curr_seq) {
138 				iidev->curr_seq = (iidev->curr_seq + 1) & 0x3f;
139 
140 				imsg = iidev->working_msg;
141 				iidev->working_msg = NULL;
142 			}
143 		}
144 		spin_unlock_irqrestore(&iidev->lock, flags);
145 	}
146 
147 	if (!imsg)
148 		goto done;
149 
150 	if (imsg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
151 		imsg->rsp[0] = msg[1]; /* NetFn/LUN */
152 		/*
153 		 * Keep the source address, rqSeq.  Drop the trailing
154 		 * checksum.
155 		 */
156 		memcpy(imsg->rsp + 1, msg + 3, iidev->rcvlen - 4);
157 		imsg->rsp_size = iidev->rcvlen - 3;
158 	} else {
159 		imsg->rsp[0] = msg[1]; /* NetFn/LUN */
160 		/*
161 		 * Skip the source address, rqSeq.  Drop the trailing
162 		 * checksum.
163 		 */
164 		memcpy(imsg->rsp + 1, msg + 5, iidev->rcvlen - 6);
165 		imsg->rsp_size = iidev->rcvlen - 5;
166 	}
167 	ipmi_smi_msg_received(iidev->intf, imsg);
168 	if (!is_cmd)
169 		up(&iidev->got_rsp);
170 
171 done:
172 	iidev->overrun = false;
173 	iidev->rcvlen = 0;
174 }
175 
176 /*
177  * The IPMB protocol only supports i2c writes so there is no need to
178  * support I2C_SLAVE_READ* events, except to know if the other end has
179  * issued a read without going to stop mode.
180  */
ipmi_ipmb_slave_cb(struct i2c_client * client,enum i2c_slave_event event,u8 * val)181 static int ipmi_ipmb_slave_cb(struct i2c_client *client,
182 			      enum i2c_slave_event event, u8 *val)
183 {
184 	struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client);
185 
186 	switch (event) {
187 	case I2C_SLAVE_WRITE_REQUESTED:
188 		ipmi_ipmb_check_msg_done(iidev);
189 		/*
190 		 * First byte is the slave address, to ease the checksum
191 		 * calculation.
192 		 */
193 		iidev->rcvmsg[0] = client->addr << 1;
194 		iidev->rcvlen = 1;
195 		break;
196 
197 	case I2C_SLAVE_WRITE_RECEIVED:
198 		if (iidev->rcvlen >= sizeof(iidev->rcvmsg))
199 			iidev->overrun = true;
200 		else
201 			iidev->rcvmsg[iidev->rcvlen++] = *val;
202 		break;
203 
204 	case I2C_SLAVE_READ_REQUESTED:
205 	case I2C_SLAVE_STOP:
206 		ipmi_ipmb_check_msg_done(iidev);
207 		break;
208 
209 	case I2C_SLAVE_READ_PROCESSED:
210 		break;
211 	}
212 
213 	return 0;
214 }
215 
ipmi_ipmb_send_response(struct ipmi_ipmb_dev * iidev,struct ipmi_smi_msg * msg,u8 cc)216 static void ipmi_ipmb_send_response(struct ipmi_ipmb_dev *iidev,
217 				    struct ipmi_smi_msg *msg, u8 cc)
218 {
219 	if ((msg->data[0] >> 2) & 1) {
220 		/*
221 		 * It's a response being sent, we need to return a
222 		 * response to the response.  Fake a send msg command
223 		 * response with channel 0.  This will always be ipmb
224 		 * direct.
225 		 */
226 		msg->data[0] = (IPMI_NETFN_APP_REQUEST | 1) << 2;
227 		msg->data[3] = IPMI_SEND_MSG_CMD;
228 		msg->data[4] = cc;
229 		msg->data_size = 5;
230 	}
231 	msg->rsp[0] = msg->data[0] | (1 << 2);
232 	if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
233 		msg->rsp[1] = msg->data[1];
234 		msg->rsp[2] = msg->data[2];
235 		msg->rsp[3] = msg->data[3];
236 		msg->rsp[4] = cc;
237 		msg->rsp_size = 5;
238 	} else {
239 		msg->rsp[1] = msg->data[1];
240 		msg->rsp[2] = cc;
241 		msg->rsp_size = 3;
242 	}
243 	ipmi_smi_msg_received(iidev->intf, msg);
244 }
245 
ipmi_ipmb_format_for_xmit(struct ipmi_ipmb_dev * iidev,struct ipmi_smi_msg * msg)246 static void ipmi_ipmb_format_for_xmit(struct ipmi_ipmb_dev *iidev,
247 				      struct ipmi_smi_msg *msg)
248 {
249 	if (msg->type == IPMI_SMI_MSG_TYPE_IPMB_DIRECT) {
250 		iidev->xmitmsg[0] = msg->data[1];
251 		iidev->xmitmsg[1] = msg->data[0];
252 		memcpy(iidev->xmitmsg + 4, msg->data + 2, msg->data_size - 2);
253 		iidev->xmitlen = msg->data_size + 2;
254 	} else {
255 		iidev->xmitmsg[0] = iidev->bmcaddr;
256 		iidev->xmitmsg[1] = msg->data[0];
257 		iidev->xmitmsg[4] = 0;
258 		memcpy(iidev->xmitmsg + 5, msg->data + 1, msg->data_size - 1);
259 		iidev->xmitlen = msg->data_size + 4;
260 	}
261 	iidev->xmitmsg[3] = iidev->slave->addr << 1;
262 	if (((msg->data[0] >> 2) & 1) == 0)
263 		/* If it's a command, put in our own sequence number. */
264 		iidev->xmitmsg[4] = ((iidev->xmitmsg[4] & 0x03) |
265 				     (iidev->curr_seq << 2));
266 
267 	/* Now add on the final checksums. */
268 	iidev->xmitmsg[2] = ipmb_checksum(iidev->xmitmsg, 2);
269 	iidev->xmitmsg[iidev->xmitlen] =
270 		ipmb_checksum(iidev->xmitmsg + 3, iidev->xmitlen - 3);
271 	iidev->xmitlen++;
272 }
273 
ipmi_ipmb_thread(void * data)274 static int ipmi_ipmb_thread(void *data)
275 {
276 	struct ipmi_ipmb_dev *iidev = data;
277 
278 	while (!kthread_should_stop()) {
279 		long ret;
280 		struct i2c_msg i2c_msg;
281 		struct ipmi_smi_msg *msg = NULL;
282 		unsigned long flags;
283 		unsigned int retries = 0;
284 
285 		/* Wait for a message to send */
286 		ret = down_interruptible(&iidev->wake_thread);
287 		if (iidev->stopping)
288 			break;
289 		if (ret)
290 			continue;
291 
292 		spin_lock_irqsave(&iidev->lock, flags);
293 		if (iidev->next_msg) {
294 			msg = iidev->next_msg;
295 			iidev->next_msg = NULL;
296 		}
297 		spin_unlock_irqrestore(&iidev->lock, flags);
298 		if (!msg)
299 			continue;
300 
301 		ipmi_ipmb_format_for_xmit(iidev, msg);
302 
303 retry:
304 		i2c_msg.len = iidev->xmitlen - 1;
305 		if (i2c_msg.len > 32) {
306 			ipmi_ipmb_send_response(iidev, msg,
307 						IPMI_REQ_LEN_EXCEEDED_ERR);
308 			continue;
309 		}
310 
311 		i2c_msg.addr = iidev->xmitmsg[0] >> 1;
312 		i2c_msg.flags = 0;
313 		i2c_msg.buf = iidev->xmitmsg + 1;
314 
315 		/* Rely on i2c_transfer for a barrier. */
316 		iidev->working_msg = msg;
317 
318 		ret = i2c_transfer(iidev->client->adapter, &i2c_msg, 1);
319 
320 		if ((msg->data[0] >> 2) & 1) {
321 			/*
322 			 * It's a response, nothing will be returned
323 			 * by the other end.
324 			 */
325 
326 			iidev->working_msg = NULL;
327 			ipmi_ipmb_send_response(iidev, msg,
328 						ret < 0 ? IPMI_BUS_ERR : 0);
329 			continue;
330 		}
331 		if (ret < 0) {
332 			iidev->working_msg = NULL;
333 			ipmi_ipmb_send_response(iidev, msg, IPMI_BUS_ERR);
334 			continue;
335 		}
336 
337 		/* A command was sent, wait for its response. */
338 		ret = down_timeout(&iidev->got_rsp,
339 				   msecs_to_jiffies(iidev->retry_time_ms));
340 
341 		/*
342 		 * Grab the message if we can.  If the handler hasn't
343 		 * already handled it, the message will still be there.
344 		 */
345 		spin_lock_irqsave(&iidev->lock, flags);
346 		msg = iidev->working_msg;
347 		iidev->working_msg = NULL;
348 		spin_unlock_irqrestore(&iidev->lock, flags);
349 
350 		if (!msg && ret) {
351 			/*
352 			 * If working_msg is not set and we timed out,
353 			 * that means the message grabbed by
354 			 * check_msg_done before we could grab it
355 			 * here.  Wait again for check_msg_done to up
356 			 * the semaphore.
357 			 */
358 			down(&iidev->got_rsp);
359 		} else if (msg && ++retries <= iidev->max_retries) {
360 			spin_lock_irqsave(&iidev->lock, flags);
361 			iidev->working_msg = msg;
362 			spin_unlock_irqrestore(&iidev->lock, flags);
363 			goto retry;
364 		}
365 
366 		if (msg)
367 			ipmi_ipmb_send_response(iidev, msg, IPMI_TIMEOUT_ERR);
368 	}
369 
370 	if (iidev->next_msg)
371 		/* Return an unspecified error. */
372 		ipmi_ipmb_send_response(iidev, iidev->next_msg, 0xff);
373 
374 	return 0;
375 }
376 
ipmi_ipmb_start_processing(void * send_info,struct ipmi_smi * new_intf)377 static int ipmi_ipmb_start_processing(void *send_info,
378 				      struct ipmi_smi *new_intf)
379 {
380 	struct ipmi_ipmb_dev *iidev = send_info;
381 
382 	iidev->intf = new_intf;
383 	iidev->ready = true;
384 	return 0;
385 }
386 
ipmi_ipmb_stop_thread(struct ipmi_ipmb_dev * iidev)387 static void ipmi_ipmb_stop_thread(struct ipmi_ipmb_dev *iidev)
388 {
389 	if (iidev->thread) {
390 		struct task_struct *t = iidev->thread;
391 
392 		iidev->thread = NULL;
393 		iidev->stopping = true;
394 		up(&iidev->wake_thread);
395 		up(&iidev->got_rsp);
396 		kthread_stop(t);
397 	}
398 }
399 
ipmi_ipmb_shutdown(void * send_info)400 static void ipmi_ipmb_shutdown(void *send_info)
401 {
402 	struct ipmi_ipmb_dev *iidev = send_info;
403 
404 	ipmi_ipmb_stop_thread(iidev);
405 }
406 
ipmi_ipmb_sender(void * send_info,struct ipmi_smi_msg * msg)407 static void ipmi_ipmb_sender(void *send_info,
408 			     struct ipmi_smi_msg *msg)
409 {
410 	struct ipmi_ipmb_dev *iidev = send_info;
411 	unsigned long flags;
412 
413 	spin_lock_irqsave(&iidev->lock, flags);
414 	BUG_ON(iidev->next_msg);
415 
416 	iidev->next_msg = msg;
417 	spin_unlock_irqrestore(&iidev->lock, flags);
418 
419 	up(&iidev->wake_thread);
420 }
421 
ipmi_ipmb_request_events(void * send_info)422 static void ipmi_ipmb_request_events(void *send_info)
423 {
424 	/* We don't fetch events here. */
425 }
426 
ipmi_ipmb_cleanup(struct ipmi_ipmb_dev * iidev)427 static void ipmi_ipmb_cleanup(struct ipmi_ipmb_dev *iidev)
428 {
429 	if (iidev->slave) {
430 		i2c_slave_unregister(iidev->slave);
431 		if (iidev->slave != iidev->client)
432 			i2c_unregister_device(iidev->slave);
433 	}
434 	iidev->slave = NULL;
435 	iidev->client = NULL;
436 	ipmi_ipmb_stop_thread(iidev);
437 }
438 
ipmi_ipmb_remove(struct i2c_client * client)439 static void ipmi_ipmb_remove(struct i2c_client *client)
440 {
441 	struct ipmi_ipmb_dev *iidev = i2c_get_clientdata(client);
442 
443 	ipmi_ipmb_cleanup(iidev);
444 	ipmi_unregister_smi(iidev->intf);
445 }
446 
ipmi_ipmb_probe(struct i2c_client * client)447 static int ipmi_ipmb_probe(struct i2c_client *client)
448 {
449 	struct device *dev = &client->dev;
450 	struct ipmi_ipmb_dev *iidev;
451 	struct device_node *slave_np;
452 	struct i2c_adapter *slave_adap = NULL;
453 	struct i2c_client *slave = NULL;
454 	int rv;
455 
456 	iidev = devm_kzalloc(&client->dev, sizeof(*iidev), GFP_KERNEL);
457 	if (!iidev)
458 		return -ENOMEM;
459 
460 	if (of_property_read_u8(dev->of_node, "bmcaddr", &iidev->bmcaddr) != 0)
461 		iidev->bmcaddr = bmcaddr;
462 	if (iidev->bmcaddr == 0 || iidev->bmcaddr & 1) {
463 		/* Can't have the write bit set. */
464 		dev_notice(&client->dev,
465 			   "Invalid bmc address value %2.2x\n", iidev->bmcaddr);
466 		return -EINVAL;
467 	}
468 
469 	if (of_property_read_u32(dev->of_node, "retry-time",
470 				 &iidev->retry_time_ms) != 0)
471 		iidev->retry_time_ms = retry_time_ms;
472 
473 	if (of_property_read_u32(dev->of_node, "max-retries",
474 				 &iidev->max_retries) != 0)
475 		iidev->max_retries = max_retries;
476 
477 	slave_np = of_parse_phandle(dev->of_node, "slave-dev", 0);
478 	if (slave_np) {
479 		slave_adap = of_get_i2c_adapter_by_node(slave_np);
480 		of_node_put(slave_np);
481 		if (!slave_adap) {
482 			dev_notice(&client->dev,
483 				   "Could not find slave adapter\n");
484 			return -EINVAL;
485 		}
486 	}
487 
488 	iidev->client = client;
489 
490 	if (slave_adap) {
491 		struct i2c_board_info binfo;
492 
493 		memset(&binfo, 0, sizeof(binfo));
494 		strscpy(binfo.type, "ipmb-slave", I2C_NAME_SIZE);
495 		binfo.addr = client->addr;
496 		binfo.flags = I2C_CLIENT_SLAVE;
497 		slave = i2c_new_client_device(slave_adap, &binfo);
498 		i2c_put_adapter(slave_adap);
499 		if (IS_ERR(slave)) {
500 			rv = PTR_ERR(slave);
501 			dev_notice(&client->dev,
502 				   "Could not allocate slave device: %d\n", rv);
503 			return rv;
504 		}
505 		i2c_set_clientdata(slave, iidev);
506 	} else {
507 		slave = client;
508 	}
509 	i2c_set_clientdata(client, iidev);
510 	slave->flags |= I2C_CLIENT_SLAVE;
511 
512 	rv = i2c_slave_register(slave, ipmi_ipmb_slave_cb);
513 	if (rv)
514 		goto out_err;
515 	iidev->slave = slave;
516 	slave = NULL;
517 
518 	iidev->handlers.flags = IPMI_SMI_CAN_HANDLE_IPMB_DIRECT;
519 	iidev->handlers.start_processing = ipmi_ipmb_start_processing;
520 	iidev->handlers.shutdown = ipmi_ipmb_shutdown;
521 	iidev->handlers.sender = ipmi_ipmb_sender;
522 	iidev->handlers.request_events = ipmi_ipmb_request_events;
523 
524 	spin_lock_init(&iidev->lock);
525 	sema_init(&iidev->wake_thread, 0);
526 	sema_init(&iidev->got_rsp, 0);
527 
528 	iidev->thread = kthread_run(ipmi_ipmb_thread, iidev,
529 				    "kipmb%4.4x", client->addr);
530 	if (IS_ERR(iidev->thread)) {
531 		rv = PTR_ERR(iidev->thread);
532 		dev_notice(&client->dev,
533 			   "Could not start kernel thread: error %d\n", rv);
534 		goto out_err;
535 	}
536 
537 	rv = ipmi_register_smi(&iidev->handlers,
538 			       iidev,
539 			       &client->dev,
540 			       iidev->bmcaddr);
541 	if (rv)
542 		goto out_err;
543 
544 	return 0;
545 
546 out_err:
547 	if (slave && slave != client)
548 		i2c_unregister_device(slave);
549 	ipmi_ipmb_cleanup(iidev);
550 	return rv;
551 }
552 
553 #ifdef CONFIG_OF
554 static const struct of_device_id of_ipmi_ipmb_match[] = {
555 	{ .type = "ipmi", .compatible = DEVICE_NAME },
556 	{},
557 };
558 MODULE_DEVICE_TABLE(of, of_ipmi_ipmb_match);
559 #else
560 #define of_ipmi_ipmb_match NULL
561 #endif
562 
563 static const struct i2c_device_id ipmi_ipmb_id[] = {
564 	{ DEVICE_NAME, 0 },
565 	{},
566 };
567 MODULE_DEVICE_TABLE(i2c, ipmi_ipmb_id);
568 
569 static struct i2c_driver ipmi_ipmb_driver = {
570 	.class		= I2C_CLASS_HWMON,
571 	.driver = {
572 		.name = DEVICE_NAME,
573 		.of_match_table = of_ipmi_ipmb_match,
574 	},
575 	.probe		= ipmi_ipmb_probe,
576 	.remove		= ipmi_ipmb_remove,
577 	.id_table	= ipmi_ipmb_id,
578 };
579 module_i2c_driver(ipmi_ipmb_driver);
580 
581 MODULE_AUTHOR("Corey Minyard");
582 MODULE_DESCRIPTION("IPMI IPMB driver");
583 MODULE_LICENSE("GPL v2");
584