Merge tag 'drm-fixes-2018-09-12' of git://anongit.freedesktop.org/drm/drm
[muen/linux.git] / drivers / char / ipmi / ipmi_bt_sm.c
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  *  ipmi_bt_sm.c
4  *
5  *  The state machine for an Open IPMI BT sub-driver under ipmi_si.c, part
6  *  of the driver architecture at http://sourceforge.net/projects/openipmi 
7  *
8  *  Author:     Rocky Craig <first.last@hp.com>
9  */
10
11 #include <linux/kernel.h> /* For printk. */
12 #include <linux/string.h>
13 #include <linux/module.h>
14 #include <linux/moduleparam.h>
15 #include <linux/ipmi_msgdefs.h>         /* for completion codes */
16 #include "ipmi_si_sm.h"
17
18 #define BT_DEBUG_OFF    0       /* Used in production */
19 #define BT_DEBUG_ENABLE 1       /* Generic messages */
20 #define BT_DEBUG_MSG    2       /* Prints all request/response buffers */
21 #define BT_DEBUG_STATES 4       /* Verbose look at state changes */
22 /*
23  * BT_DEBUG_OFF must be zero to correspond to the default uninitialized
24  * value
25  */
26
27 static int bt_debug; /* 0 == BT_DEBUG_OFF */
28
29 module_param(bt_debug, int, 0644);
30 MODULE_PARM_DESC(bt_debug, "debug bitmask, 1=enable, 2=messages, 4=states");
31
32 /*
33  * Typical "Get BT Capabilities" values are 2-3 retries, 5-10 seconds,
34  * and 64 byte buffers.  However, one HP implementation wants 255 bytes of
35  * buffer (with a documented message of 160 bytes) so go for the max.
36  * Since the Open IPMI architecture is single-message oriented at this
37  * stage, the queue depth of BT is of no concern.
38  */
39
40 #define BT_NORMAL_TIMEOUT       5       /* seconds */
41 #define BT_NORMAL_RETRY_LIMIT   2
42 #define BT_RESET_DELAY          6       /* seconds after warm reset */
43
44 /*
45  * States are written in chronological order and usually cover
46  * multiple rows of the state table discussion in the IPMI spec.
47  */
48
49 enum bt_states {
50         BT_STATE_IDLE = 0,      /* Order is critical in this list */
51         BT_STATE_XACTION_START,
52         BT_STATE_WRITE_BYTES,
53         BT_STATE_WRITE_CONSUME,
54         BT_STATE_READ_WAIT,
55         BT_STATE_CLEAR_B2H,
56         BT_STATE_READ_BYTES,
57         BT_STATE_RESET1,        /* These must come last */
58         BT_STATE_RESET2,
59         BT_STATE_RESET3,
60         BT_STATE_RESTART,
61         BT_STATE_PRINTME,
62         BT_STATE_CAPABILITIES_BEGIN,
63         BT_STATE_CAPABILITIES_END,
64         BT_STATE_LONG_BUSY      /* BT doesn't get hosed :-) */
65 };
66
67 /*
68  * Macros seen at the end of state "case" blocks.  They help with legibility
69  * and debugging.
70  */
71
72 #define BT_STATE_CHANGE(X, Y) { bt->state = X; return Y; }
73
74 #define BT_SI_SM_RETURN(Y)   { last_printed = BT_STATE_PRINTME; return Y; }
75
76 struct si_sm_data {
77         enum bt_states  state;
78         unsigned char   seq;            /* BT sequence number */
79         struct si_sm_io *io;
80         unsigned char   write_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
81         int             write_count;
82         unsigned char   read_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
83         int             read_count;
84         int             truncated;
85         long            timeout;        /* microseconds countdown */
86         int             error_retries;  /* end of "common" fields */
87         int             nonzero_status; /* hung BMCs stay all 0 */
88         enum bt_states  complete;       /* to divert the state machine */
89         int             BT_CAP_outreqs;
90         long            BT_CAP_req2rsp;
91         int             BT_CAP_retries; /* Recommended retries */
92 };
93
94 #define BT_CLR_WR_PTR   0x01    /* See IPMI 1.5 table 11.6.4 */
95 #define BT_CLR_RD_PTR   0x02
96 #define BT_H2B_ATN      0x04
97 #define BT_B2H_ATN      0x08
98 #define BT_SMS_ATN      0x10
99 #define BT_OEM0         0x20
100 #define BT_H_BUSY       0x40
101 #define BT_B_BUSY       0x80
102
103 /*
104  * Some bits are toggled on each write: write once to set it, once
105  * more to clear it; writing a zero does nothing.  To absolutely
106  * clear it, check its state and write if set.  This avoids the "get
107  * current then use as mask" scheme to modify one bit.  Note that the
108  * variable "bt" is hardcoded into these macros.
109  */
110
111 #define BT_STATUS       bt->io->inputb(bt->io, 0)
112 #define BT_CONTROL(x)   bt->io->outputb(bt->io, 0, x)
113
114 #define BMC2HOST        bt->io->inputb(bt->io, 1)
115 #define HOST2BMC(x)     bt->io->outputb(bt->io, 1, x)
116
117 #define BT_INTMASK_R    bt->io->inputb(bt->io, 2)
118 #define BT_INTMASK_W(x) bt->io->outputb(bt->io, 2, x)
119
120 /*
121  * Convenience routines for debugging.  These are not multi-open safe!
122  * Note the macros have hardcoded variables in them.
123  */
124
125 static char *state2txt(unsigned char state)
126 {
127         switch (state) {
128         case BT_STATE_IDLE:             return("IDLE");
129         case BT_STATE_XACTION_START:    return("XACTION");
130         case BT_STATE_WRITE_BYTES:      return("WR_BYTES");
131         case BT_STATE_WRITE_CONSUME:    return("WR_CONSUME");
132         case BT_STATE_READ_WAIT:        return("RD_WAIT");
133         case BT_STATE_CLEAR_B2H:        return("CLEAR_B2H");
134         case BT_STATE_READ_BYTES:       return("RD_BYTES");
135         case BT_STATE_RESET1:           return("RESET1");
136         case BT_STATE_RESET2:           return("RESET2");
137         case BT_STATE_RESET3:           return("RESET3");
138         case BT_STATE_RESTART:          return("RESTART");
139         case BT_STATE_LONG_BUSY:        return("LONG_BUSY");
140         case BT_STATE_CAPABILITIES_BEGIN: return("CAP_BEGIN");
141         case BT_STATE_CAPABILITIES_END: return("CAP_END");
142         }
143         return("BAD STATE");
144 }
145 #define STATE2TXT state2txt(bt->state)
146
147 static char *status2txt(unsigned char status)
148 {
149         /*
150          * This cannot be called by two threads at the same time and
151          * the buffer is always consumed immediately, so the static is
152          * safe to use.
153          */
154         static char buf[40];
155
156         strcpy(buf, "[ ");
157         if (status & BT_B_BUSY)
158                 strcat(buf, "B_BUSY ");
159         if (status & BT_H_BUSY)
160                 strcat(buf, "H_BUSY ");
161         if (status & BT_OEM0)
162                 strcat(buf, "OEM0 ");
163         if (status & BT_SMS_ATN)
164                 strcat(buf, "SMS ");
165         if (status & BT_B2H_ATN)
166                 strcat(buf, "B2H ");
167         if (status & BT_H2B_ATN)
168                 strcat(buf, "H2B ");
169         strcat(buf, "]");
170         return buf;
171 }
172 #define STATUS2TXT status2txt(status)
173
174 /* called externally at insmod time, and internally on cleanup */
175
176 static unsigned int bt_init_data(struct si_sm_data *bt, struct si_sm_io *io)
177 {
178         memset(bt, 0, sizeof(struct si_sm_data));
179         if (bt->io != io) {
180                 /* external: one-time only things */
181                 bt->io = io;
182                 bt->seq = 0;
183         }
184         bt->state = BT_STATE_IDLE;      /* start here */
185         bt->complete = BT_STATE_IDLE;   /* end here */
186         bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * USEC_PER_SEC;
187         bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT;
188         /* BT_CAP_outreqs == zero is a flag to read BT Capabilities */
189         return 3; /* We claim 3 bytes of space; ought to check SPMI table */
190 }
191
192 /* Jam a completion code (probably an error) into a response */
193
194 static void force_result(struct si_sm_data *bt, unsigned char completion_code)
195 {
196         bt->read_data[0] = 4;                           /* # following bytes */
197         bt->read_data[1] = bt->write_data[1] | 4;       /* Odd NetFn/LUN */
198         bt->read_data[2] = bt->write_data[2];           /* seq (ignored) */
199         bt->read_data[3] = bt->write_data[3];           /* Command */
200         bt->read_data[4] = completion_code;
201         bt->read_count = 5;
202 }
203
204 /* The upper state machine starts here */
205
206 static int bt_start_transaction(struct si_sm_data *bt,
207                                 unsigned char *data,
208                                 unsigned int size)
209 {
210         unsigned int i;
211
212         if (size < 2)
213                 return IPMI_REQ_LEN_INVALID_ERR;
214         if (size > IPMI_MAX_MSG_LENGTH)
215                 return IPMI_REQ_LEN_EXCEEDED_ERR;
216
217         if (bt->state == BT_STATE_LONG_BUSY)
218                 return IPMI_NODE_BUSY_ERR;
219
220         if (bt->state != BT_STATE_IDLE)
221                 return IPMI_NOT_IN_MY_STATE_ERR;
222
223         if (bt_debug & BT_DEBUG_MSG) {
224                 printk(KERN_WARNING "BT: +++++++++++++++++ New command\n");
225                 printk(KERN_WARNING "BT: NetFn/LUN CMD [%d data]:", size - 2);
226                 for (i = 0; i < size; i ++)
227                         printk(" %02x", data[i]);
228                 printk("\n");
229         }
230         bt->write_data[0] = size + 1;   /* all data plus seq byte */
231         bt->write_data[1] = *data;      /* NetFn/LUN */
232         bt->write_data[2] = bt->seq++;
233         memcpy(bt->write_data + 3, data + 1, size - 1);
234         bt->write_count = size + 2;
235         bt->error_retries = 0;
236         bt->nonzero_status = 0;
237         bt->truncated = 0;
238         bt->state = BT_STATE_XACTION_START;
239         bt->timeout = bt->BT_CAP_req2rsp;
240         force_result(bt, IPMI_ERR_UNSPECIFIED);
241         return 0;
242 }
243
244 /*
245  * After the upper state machine has been told SI_SM_TRANSACTION_COMPLETE
246  * it calls this.  Strip out the length and seq bytes.
247  */
248
249 static int bt_get_result(struct si_sm_data *bt,
250                          unsigned char *data,
251                          unsigned int length)
252 {
253         int i, msg_len;
254
255         msg_len = bt->read_count - 2;           /* account for length & seq */
256         if (msg_len < 3 || msg_len > IPMI_MAX_MSG_LENGTH) {
257                 force_result(bt, IPMI_ERR_UNSPECIFIED);
258                 msg_len = 3;
259         }
260         data[0] = bt->read_data[1];
261         data[1] = bt->read_data[3];
262         if (length < msg_len || bt->truncated) {
263                 data[2] = IPMI_ERR_MSG_TRUNCATED;
264                 msg_len = 3;
265         } else
266                 memcpy(data + 2, bt->read_data + 4, msg_len - 2);
267
268         if (bt_debug & BT_DEBUG_MSG) {
269                 printk(KERN_WARNING "BT: result %d bytes:", msg_len);
270                 for (i = 0; i < msg_len; i++)
271                         printk(" %02x", data[i]);
272                 printk("\n");
273         }
274         return msg_len;
275 }
276
277 /* This bit's functionality is optional */
278 #define BT_BMC_HWRST    0x80
279
280 static void reset_flags(struct si_sm_data *bt)
281 {
282         if (bt_debug)
283                 printk(KERN_WARNING "IPMI BT: flag reset %s\n",
284                                         status2txt(BT_STATUS));
285         if (BT_STATUS & BT_H_BUSY)
286                 BT_CONTROL(BT_H_BUSY);  /* force clear */
287         BT_CONTROL(BT_CLR_WR_PTR);      /* always reset */
288         BT_CONTROL(BT_SMS_ATN);         /* always clear */
289         BT_INTMASK_W(BT_BMC_HWRST);
290 }
291
292 /*
293  * Get rid of an unwanted/stale response.  This should only be needed for
294  * BMCs that support multiple outstanding requests.
295  */
296
297 static void drain_BMC2HOST(struct si_sm_data *bt)
298 {
299         int i, size;
300
301         if (!(BT_STATUS & BT_B2H_ATN))  /* Not signalling a response */
302                 return;
303
304         BT_CONTROL(BT_H_BUSY);          /* now set */
305         BT_CONTROL(BT_B2H_ATN);         /* always clear */
306         BT_STATUS;                      /* pause */
307         BT_CONTROL(BT_B2H_ATN);         /* some BMCs are stubborn */
308         BT_CONTROL(BT_CLR_RD_PTR);      /* always reset */
309         if (bt_debug)
310                 printk(KERN_WARNING "IPMI BT: stale response %s; ",
311                         status2txt(BT_STATUS));
312         size = BMC2HOST;
313         for (i = 0; i < size ; i++)
314                 BMC2HOST;
315         BT_CONTROL(BT_H_BUSY);          /* now clear */
316         if (bt_debug)
317                 printk("drained %d bytes\n", size + 1);
318 }
319
320 static inline void write_all_bytes(struct si_sm_data *bt)
321 {
322         int i;
323
324         if (bt_debug & BT_DEBUG_MSG) {
325                 printk(KERN_WARNING "BT: write %d bytes seq=0x%02X",
326                         bt->write_count, bt->seq);
327                 for (i = 0; i < bt->write_count; i++)
328                         printk(" %02x", bt->write_data[i]);
329                 printk("\n");
330         }
331         for (i = 0; i < bt->write_count; i++)
332                 HOST2BMC(bt->write_data[i]);
333 }
334
335 static inline int read_all_bytes(struct si_sm_data *bt)
336 {
337         unsigned int i;
338
339         /*
340          * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
341          * Keep layout of first four bytes aligned with write_data[]
342          */
343
344         bt->read_data[0] = BMC2HOST;
345         bt->read_count = bt->read_data[0];
346
347         if (bt->read_count < 4 || bt->read_count >= IPMI_MAX_MSG_LENGTH) {
348                 if (bt_debug & BT_DEBUG_MSG)
349                         printk(KERN_WARNING "BT: bad raw rsp len=%d\n",
350                                 bt->read_count);
351                 bt->truncated = 1;
352                 return 1;       /* let next XACTION START clean it up */
353         }
354         for (i = 1; i <= bt->read_count; i++)
355                 bt->read_data[i] = BMC2HOST;
356         bt->read_count++;       /* Account internally for length byte */
357
358         if (bt_debug & BT_DEBUG_MSG) {
359                 int max = bt->read_count;
360
361                 printk(KERN_WARNING "BT: got %d bytes seq=0x%02X",
362                         max, bt->read_data[2]);
363                 if (max > 16)
364                         max = 16;
365                 for (i = 0; i < max; i++)
366                         printk(KERN_CONT " %02x", bt->read_data[i]);
367                 printk(KERN_CONT "%s\n", bt->read_count == max ? "" : " ...");
368         }
369
370         /* per the spec, the (NetFn[1], Seq[2], Cmd[3]) tuples must match */
371         if ((bt->read_data[3] == bt->write_data[3]) &&
372             (bt->read_data[2] == bt->write_data[2]) &&
373             ((bt->read_data[1] & 0xF8) == (bt->write_data[1] & 0xF8)))
374                         return 1;
375
376         if (bt_debug & BT_DEBUG_MSG)
377                 printk(KERN_WARNING "IPMI BT: bad packet: "
378                 "want 0x(%02X, %02X, %02X) got (%02X, %02X, %02X)\n",
379                 bt->write_data[1] | 0x04, bt->write_data[2], bt->write_data[3],
380                 bt->read_data[1],  bt->read_data[2],  bt->read_data[3]);
381         return 0;
382 }
383
384 /* Restart if retries are left, or return an error completion code */
385
386 static enum si_sm_result error_recovery(struct si_sm_data *bt,
387                                         unsigned char status,
388                                         unsigned char cCode)
389 {
390         char *reason;
391
392         bt->timeout = bt->BT_CAP_req2rsp;
393
394         switch (cCode) {
395         case IPMI_TIMEOUT_ERR:
396                 reason = "timeout";
397                 break;
398         default:
399                 reason = "internal error";
400                 break;
401         }
402
403         printk(KERN_WARNING "IPMI BT: %s in %s %s ",    /* open-ended line */
404                 reason, STATE2TXT, STATUS2TXT);
405
406         /*
407          * Per the IPMI spec, retries are based on the sequence number
408          * known only to this module, so manage a restart here.
409          */
410         (bt->error_retries)++;
411         if (bt->error_retries < bt->BT_CAP_retries) {
412                 printk("%d retries left\n",
413                         bt->BT_CAP_retries - bt->error_retries);
414                 bt->state = BT_STATE_RESTART;
415                 return SI_SM_CALL_WITHOUT_DELAY;
416         }
417
418         printk(KERN_WARNING "failed %d retries, sending error response\n",
419                bt->BT_CAP_retries);
420         if (!bt->nonzero_status)
421                 printk(KERN_ERR "IPMI BT: stuck, try power cycle\n");
422
423         /* this is most likely during insmod */
424         else if (bt->seq <= (unsigned char)(bt->BT_CAP_retries & 0xFF)) {
425                 printk(KERN_WARNING "IPMI: BT reset (takes 5 secs)\n");
426                 bt->state = BT_STATE_RESET1;
427                 return SI_SM_CALL_WITHOUT_DELAY;
428         }
429
430         /*
431          * Concoct a useful error message, set up the next state, and
432          * be done with this sequence.
433          */
434
435         bt->state = BT_STATE_IDLE;
436         switch (cCode) {
437         case IPMI_TIMEOUT_ERR:
438                 if (status & BT_B_BUSY) {
439                         cCode = IPMI_NODE_BUSY_ERR;
440                         bt->state = BT_STATE_LONG_BUSY;
441                 }
442                 break;
443         default:
444                 break;
445         }
446         force_result(bt, cCode);
447         return SI_SM_TRANSACTION_COMPLETE;
448 }
449
450 /* Check status and (usually) take action and change this state machine. */
451
452 static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
453 {
454         unsigned char status, BT_CAP[8];
455         static enum bt_states last_printed = BT_STATE_PRINTME;
456         int i;
457
458         status = BT_STATUS;
459         bt->nonzero_status |= status;
460         if ((bt_debug & BT_DEBUG_STATES) && (bt->state != last_printed)) {
461                 printk(KERN_WARNING "BT: %s %s TO=%ld - %ld \n",
462                         STATE2TXT,
463                         STATUS2TXT,
464                         bt->timeout,
465                         time);
466                 last_printed = bt->state;
467         }
468
469         /*
470          * Commands that time out may still (eventually) provide a response.
471          * This stale response will get in the way of a new response so remove
472          * it if possible (hopefully during IDLE).  Even if it comes up later
473          * it will be rejected by its (now-forgotten) seq number.
474          */
475
476         if ((bt->state < BT_STATE_WRITE_BYTES) && (status & BT_B2H_ATN)) {
477                 drain_BMC2HOST(bt);
478                 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
479         }
480
481         if ((bt->state != BT_STATE_IDLE) &&
482             (bt->state <  BT_STATE_PRINTME)) {
483                 /* check timeout */
484                 bt->timeout -= time;
485                 if ((bt->timeout < 0) && (bt->state < BT_STATE_RESET1))
486                         return error_recovery(bt,
487                                               status,
488                                               IPMI_TIMEOUT_ERR);
489         }
490
491         switch (bt->state) {
492
493         /*
494          * Idle state first checks for asynchronous messages from another
495          * channel, then does some opportunistic housekeeping.
496          */
497
498         case BT_STATE_IDLE:
499                 if (status & BT_SMS_ATN) {
500                         BT_CONTROL(BT_SMS_ATN); /* clear it */
501                         return SI_SM_ATTN;
502                 }
503
504                 if (status & BT_H_BUSY)         /* clear a leftover H_BUSY */
505                         BT_CONTROL(BT_H_BUSY);
506
507                 bt->timeout = bt->BT_CAP_req2rsp;
508
509                 /* Read BT capabilities if it hasn't been done yet */
510                 if (!bt->BT_CAP_outreqs)
511                         BT_STATE_CHANGE(BT_STATE_CAPABILITIES_BEGIN,
512                                         SI_SM_CALL_WITHOUT_DELAY);
513                 BT_SI_SM_RETURN(SI_SM_IDLE);
514
515         case BT_STATE_XACTION_START:
516                 if (status & (BT_B_BUSY | BT_H2B_ATN))
517                         BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
518                 if (BT_STATUS & BT_H_BUSY)
519                         BT_CONTROL(BT_H_BUSY);  /* force clear */
520                 BT_STATE_CHANGE(BT_STATE_WRITE_BYTES,
521                                 SI_SM_CALL_WITHOUT_DELAY);
522
523         case BT_STATE_WRITE_BYTES:
524                 if (status & BT_H_BUSY)
525                         BT_CONTROL(BT_H_BUSY);  /* clear */
526                 BT_CONTROL(BT_CLR_WR_PTR);
527                 write_all_bytes(bt);
528                 BT_CONTROL(BT_H2B_ATN); /* can clear too fast to catch */
529                 BT_STATE_CHANGE(BT_STATE_WRITE_CONSUME,
530                                 SI_SM_CALL_WITHOUT_DELAY);
531
532         case BT_STATE_WRITE_CONSUME:
533                 if (status & (BT_B_BUSY | BT_H2B_ATN))
534                         BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
535                 BT_STATE_CHANGE(BT_STATE_READ_WAIT,
536                                 SI_SM_CALL_WITHOUT_DELAY);
537
538         /* Spinning hard can suppress B2H_ATN and force a timeout */
539
540         case BT_STATE_READ_WAIT:
541                 if (!(status & BT_B2H_ATN))
542                         BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
543                 BT_CONTROL(BT_H_BUSY);          /* set */
544
545                 /*
546                  * Uncached, ordered writes should just proceed serially but
547                  * some BMCs don't clear B2H_ATN with one hit.  Fast-path a
548                  * workaround without too much penalty to the general case.
549                  */
550
551                 BT_CONTROL(BT_B2H_ATN);         /* clear it to ACK the BMC */
552                 BT_STATE_CHANGE(BT_STATE_CLEAR_B2H,
553                                 SI_SM_CALL_WITHOUT_DELAY);
554
555         case BT_STATE_CLEAR_B2H:
556                 if (status & BT_B2H_ATN) {
557                         /* keep hitting it */
558                         BT_CONTROL(BT_B2H_ATN);
559                         BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
560                 }
561                 BT_STATE_CHANGE(BT_STATE_READ_BYTES,
562                                 SI_SM_CALL_WITHOUT_DELAY);
563
564         case BT_STATE_READ_BYTES:
565                 if (!(status & BT_H_BUSY))
566                         /* check in case of retry */
567                         BT_CONTROL(BT_H_BUSY);
568                 BT_CONTROL(BT_CLR_RD_PTR);      /* start of BMC2HOST buffer */
569                 i = read_all_bytes(bt);         /* true == packet seq match */
570                 BT_CONTROL(BT_H_BUSY);          /* NOW clear */
571                 if (!i)                         /* Not my message */
572                         BT_STATE_CHANGE(BT_STATE_READ_WAIT,
573                                         SI_SM_CALL_WITHOUT_DELAY);
574                 bt->state = bt->complete;
575                 return bt->state == BT_STATE_IDLE ?     /* where to next? */
576                         SI_SM_TRANSACTION_COMPLETE :    /* normal */
577                         SI_SM_CALL_WITHOUT_DELAY;       /* Startup magic */
578
579         case BT_STATE_LONG_BUSY:        /* For example: after FW update */
580                 if (!(status & BT_B_BUSY)) {
581                         reset_flags(bt);        /* next state is now IDLE */
582                         bt_init_data(bt, bt->io);
583                 }
584                 return SI_SM_CALL_WITH_DELAY;   /* No repeat printing */
585
586         case BT_STATE_RESET1:
587                 reset_flags(bt);
588                 drain_BMC2HOST(bt);
589                 BT_STATE_CHANGE(BT_STATE_RESET2,
590                                 SI_SM_CALL_WITH_DELAY);
591
592         case BT_STATE_RESET2:           /* Send a soft reset */
593                 BT_CONTROL(BT_CLR_WR_PTR);
594                 HOST2BMC(3);            /* number of bytes following */
595                 HOST2BMC(0x18);         /* NetFn/LUN == Application, LUN 0 */
596                 HOST2BMC(42);           /* Sequence number */
597                 HOST2BMC(3);            /* Cmd == Soft reset */
598                 BT_CONTROL(BT_H2B_ATN);
599                 bt->timeout = BT_RESET_DELAY * USEC_PER_SEC;
600                 BT_STATE_CHANGE(BT_STATE_RESET3,
601                                 SI_SM_CALL_WITH_DELAY);
602
603         case BT_STATE_RESET3:           /* Hold off everything for a bit */
604                 if (bt->timeout > 0)
605                         return SI_SM_CALL_WITH_DELAY;
606                 drain_BMC2HOST(bt);
607                 BT_STATE_CHANGE(BT_STATE_RESTART,
608                                 SI_SM_CALL_WITH_DELAY);
609
610         case BT_STATE_RESTART:          /* don't reset retries or seq! */
611                 bt->read_count = 0;
612                 bt->nonzero_status = 0;
613                 bt->timeout = bt->BT_CAP_req2rsp;
614                 BT_STATE_CHANGE(BT_STATE_XACTION_START,
615                                 SI_SM_CALL_WITH_DELAY);
616
617         /*
618          * Get BT Capabilities, using timing of upper level state machine.
619          * Set outreqs to prevent infinite loop on timeout.
620          */
621         case BT_STATE_CAPABILITIES_BEGIN:
622                 bt->BT_CAP_outreqs = 1;
623                 {
624                         unsigned char GetBT_CAP[] = { 0x18, 0x36 };
625                         bt->state = BT_STATE_IDLE;
626                         bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP));
627                 }
628                 bt->complete = BT_STATE_CAPABILITIES_END;
629                 BT_STATE_CHANGE(BT_STATE_XACTION_START,
630                                 SI_SM_CALL_WITH_DELAY);
631
632         case BT_STATE_CAPABILITIES_END:
633                 i = bt_get_result(bt, BT_CAP, sizeof(BT_CAP));
634                 bt_init_data(bt, bt->io);
635                 if ((i == 8) && !BT_CAP[2]) {
636                         bt->BT_CAP_outreqs = BT_CAP[3];
637                         bt->BT_CAP_req2rsp = BT_CAP[6] * USEC_PER_SEC;
638                         bt->BT_CAP_retries = BT_CAP[7];
639                 } else
640                         printk(KERN_WARNING "IPMI BT: using default values\n");
641                 if (!bt->BT_CAP_outreqs)
642                         bt->BT_CAP_outreqs = 1;
643                 printk(KERN_WARNING "IPMI BT: req2rsp=%ld secs retries=%d\n",
644                         bt->BT_CAP_req2rsp / USEC_PER_SEC, bt->BT_CAP_retries);
645                 bt->timeout = bt->BT_CAP_req2rsp;
646                 return SI_SM_CALL_WITHOUT_DELAY;
647
648         default:        /* should never occur */
649                 return error_recovery(bt,
650                                       status,
651                                       IPMI_ERR_UNSPECIFIED);
652         }
653         return SI_SM_CALL_WITH_DELAY;
654 }
655
656 static int bt_detect(struct si_sm_data *bt)
657 {
658         /*
659          * It's impossible for the BT status and interrupt registers to be
660          * all 1's, (assuming a properly functioning, self-initialized BMC)
661          * but that's what you get from reading a bogus address, so we
662          * test that first.  The calling routine uses negative logic.
663          */
664
665         if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF))
666                 return 1;
667         reset_flags(bt);
668         return 0;
669 }
670
671 static void bt_cleanup(struct si_sm_data *bt)
672 {
673 }
674
675 static int bt_size(void)
676 {
677         return sizeof(struct si_sm_data);
678 }
679
680 const struct si_sm_handlers bt_smi_handlers = {
681         .init_data              = bt_init_data,
682         .start_transaction      = bt_start_transaction,
683         .get_result             = bt_get_result,
684         .event                  = bt_event,
685         .detect                 = bt_detect,
686         .cleanup                = bt_cleanup,
687         .size                   = bt_size,
688 };