ipmi: Fix NULL pointer dereference in ssif_probe
[muen/linux.git] / drivers / char / ipmi / ipmi_ssif.c
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * ipmi_ssif.c
4  *
5  * The interface to the IPMI driver for SMBus access to a SMBus
6  * compliant device.  Called SSIF by the IPMI spec.
7  *
8  * Author: Intel Corporation
9  *         Todd Davis <todd.c.davis@intel.com>
10  *
11  * Rewritten by Corey Minyard <minyard@acm.org> to support the
12  * non-blocking I2C interface, add support for multi-part
13  * transactions, add PEC support, and general clenaup.
14  *
15  * Copyright 2003 Intel Corporation
16  * Copyright 2005 MontaVista Software
17  */
18
19 /*
20  * This file holds the "policy" for the interface to the SSIF state
21  * machine.  It does the configuration, handles timers and interrupts,
22  * and drives the real SSIF state machine.
23  */
24
25 /*
26  * TODO: Figure out how to use SMB alerts.  This will require a new
27  * interface into the I2C driver, I believe.
28  */
29
30 #if defined(MODVERSIONS)
31 #include <linux/modversions.h>
32 #endif
33
34 #include <linux/module.h>
35 #include <linux/moduleparam.h>
36 #include <linux/sched.h>
37 #include <linux/seq_file.h>
38 #include <linux/timer.h>
39 #include <linux/delay.h>
40 #include <linux/errno.h>
41 #include <linux/spinlock.h>
42 #include <linux/slab.h>
43 #include <linux/list.h>
44 #include <linux/i2c.h>
45 #include <linux/ipmi_smi.h>
46 #include <linux/init.h>
47 #include <linux/dmi.h>
48 #include <linux/kthread.h>
49 #include <linux/acpi.h>
50 #include <linux/ctype.h>
51 #include <linux/time64.h>
52 #include "ipmi_si_sm.h"
53 #include "ipmi_dmi.h"
54
55 #define PFX "ipmi_ssif: "
56 #define DEVICE_NAME "ipmi_ssif"
57
58 #define IPMI_GET_SYSTEM_INTERFACE_CAPABILITIES_CMD      0x57
59
60 #define SSIF_IPMI_REQUEST                       2
61 #define SSIF_IPMI_MULTI_PART_REQUEST_START      6
62 #define SSIF_IPMI_MULTI_PART_REQUEST_MIDDLE     7
63 #define SSIF_IPMI_RESPONSE                      3
64 #define SSIF_IPMI_MULTI_PART_RESPONSE_MIDDLE    9
65
66 /* ssif_debug is a bit-field
67  *      SSIF_DEBUG_MSG -        commands and their responses
68  *      SSIF_DEBUG_STATES -     message states
69  *      SSIF_DEBUG_TIMING -      Measure times between events in the driver
70  */
71 #define SSIF_DEBUG_TIMING       4
72 #define SSIF_DEBUG_STATE        2
73 #define SSIF_DEBUG_MSG          1
74 #define SSIF_NODEBUG            0
75 #define SSIF_DEFAULT_DEBUG      (SSIF_NODEBUG)
76
77 /*
78  * Timer values
79  */
80 #define SSIF_MSG_USEC           20000   /* 20ms between message tries. */
81 #define SSIF_MSG_PART_USEC      5000    /* 5ms for a message part */
82
83 /* How many times to we retry sending/receiving the message. */
84 #define SSIF_SEND_RETRIES       5
85 #define SSIF_RECV_RETRIES       250
86
87 #define SSIF_MSG_MSEC           (SSIF_MSG_USEC / 1000)
88 #define SSIF_MSG_JIFFIES        ((SSIF_MSG_USEC * 1000) / TICK_NSEC)
89 #define SSIF_MSG_PART_JIFFIES   ((SSIF_MSG_PART_USEC * 1000) / TICK_NSEC)
90
91 enum ssif_intf_state {
92         SSIF_NORMAL,
93         SSIF_GETTING_FLAGS,
94         SSIF_GETTING_EVENTS,
95         SSIF_CLEARING_FLAGS,
96         SSIF_GETTING_MESSAGES,
97         /* FIXME - add watchdog stuff. */
98 };
99
100 #define SSIF_IDLE(ssif)  ((ssif)->ssif_state == SSIF_NORMAL \
101                           && (ssif)->curr_msg == NULL)
102
103 /*
104  * Indexes into stats[] in ssif_info below.
105  */
106 enum ssif_stat_indexes {
107         /* Number of total messages sent. */
108         SSIF_STAT_sent_messages = 0,
109
110         /*
111          * Number of message parts sent.  Messages may be broken into
112          * parts if they are long.
113          */
114         SSIF_STAT_sent_messages_parts,
115
116         /*
117          * Number of time a message was retried.
118          */
119         SSIF_STAT_send_retries,
120
121         /*
122          * Number of times the send of a message failed.
123          */
124         SSIF_STAT_send_errors,
125
126         /*
127          * Number of message responses received.
128          */
129         SSIF_STAT_received_messages,
130
131         /*
132          * Number of message fragments received.
133          */
134         SSIF_STAT_received_message_parts,
135
136         /*
137          * Number of times the receive of a message was retried.
138          */
139         SSIF_STAT_receive_retries,
140
141         /*
142          * Number of errors receiving messages.
143          */
144         SSIF_STAT_receive_errors,
145
146         /*
147          * Number of times a flag fetch was requested.
148          */
149         SSIF_STAT_flag_fetches,
150
151         /*
152          * Number of times the hardware didn't follow the state machine.
153          */
154         SSIF_STAT_hosed,
155
156         /*
157          * Number of received events.
158          */
159         SSIF_STAT_events,
160
161         /* Number of asyncronous messages received. */
162         SSIF_STAT_incoming_messages,
163
164         /* Number of watchdog pretimeouts. */
165         SSIF_STAT_watchdog_pretimeouts,
166
167         /* Number of alers received. */
168         SSIF_STAT_alerts,
169
170         /* Always add statistics before this value, it must be last. */
171         SSIF_NUM_STATS
172 };
173
174 struct ssif_addr_info {
175         struct i2c_board_info binfo;
176         char *adapter_name;
177         int debug;
178         int slave_addr;
179         enum ipmi_addr_src addr_src;
180         union ipmi_smi_info_union addr_info;
181         struct device *dev;
182         struct i2c_client *client;
183
184         struct i2c_client *added_client;
185
186         struct mutex clients_mutex;
187         struct list_head clients;
188
189         struct list_head link;
190 };
191
192 struct ssif_info;
193
194 typedef void (*ssif_i2c_done)(struct ssif_info *ssif_info, int result,
195                              unsigned char *data, unsigned int len);
196
197 struct ssif_info {
198         struct ipmi_smi     *intf;
199         spinlock_t          lock;
200         struct ipmi_smi_msg *waiting_msg;
201         struct ipmi_smi_msg *curr_msg;
202         enum ssif_intf_state ssif_state;
203         unsigned long       ssif_debug;
204
205         struct ipmi_smi_handlers handlers;
206
207         enum ipmi_addr_src addr_source; /* ACPI, PCI, SMBIOS, hardcode, etc. */
208         union ipmi_smi_info_union addr_info;
209
210         /*
211          * Flags from the last GET_MSG_FLAGS command, used when an ATTN
212          * is set to hold the flags until we are done handling everything
213          * from the flags.
214          */
215 #define RECEIVE_MSG_AVAIL       0x01
216 #define EVENT_MSG_BUFFER_FULL   0x02
217 #define WDT_PRE_TIMEOUT_INT     0x08
218         unsigned char       msg_flags;
219
220         u8                  global_enables;
221         bool                has_event_buffer;
222         bool                supports_alert;
223
224         /*
225          * Used to tell what we should do with alerts.  If we are
226          * waiting on a response, read the data immediately.
227          */
228         bool                got_alert;
229         bool                waiting_alert;
230
231         /*
232          * If set to true, this will request events the next time the
233          * state machine is idle.
234          */
235         bool                req_events;
236
237         /*
238          * If set to true, this will request flags the next time the
239          * state machine is idle.
240          */
241         bool                req_flags;
242
243         /*
244          * Used to perform timer operations when run-to-completion
245          * mode is on.  This is a countdown timer.
246          */
247         int                 rtc_us_timer;
248
249         /* Used for sending/receiving data.  +1 for the length. */
250         unsigned char data[IPMI_MAX_MSG_LENGTH + 1];
251         unsigned int  data_len;
252
253         /* Temp receive buffer, gets copied into data. */
254         unsigned char recv[I2C_SMBUS_BLOCK_MAX];
255
256         struct i2c_client *client;
257         ssif_i2c_done done_handler;
258
259         /* Thread interface handling */
260         struct task_struct *thread;
261         struct completion wake_thread;
262         bool stopping;
263         int i2c_read_write;
264         int i2c_command;
265         unsigned char *i2c_data;
266         unsigned int i2c_size;
267
268         struct timer_list retry_timer;
269         int retries_left;
270
271         /* Info from SSIF cmd */
272         unsigned char max_xmit_msg_size;
273         unsigned char max_recv_msg_size;
274         unsigned int  multi_support;
275         int           supports_pec;
276
277 #define SSIF_NO_MULTI           0
278 #define SSIF_MULTI_2_PART       1
279 #define SSIF_MULTI_n_PART       2
280         unsigned char *multi_data;
281         unsigned int  multi_len;
282         unsigned int  multi_pos;
283
284         atomic_t stats[SSIF_NUM_STATS];
285 };
286
287 #define ssif_inc_stat(ssif, stat) \
288         atomic_inc(&(ssif)->stats[SSIF_STAT_ ## stat])
289 #define ssif_get_stat(ssif, stat) \
290         ((unsigned int) atomic_read(&(ssif)->stats[SSIF_STAT_ ## stat]))
291
292 static bool initialized;
293
294 static void return_hosed_msg(struct ssif_info *ssif_info,
295                              struct ipmi_smi_msg *msg);
296 static void start_next_msg(struct ssif_info *ssif_info, unsigned long *flags);
297 static int start_send(struct ssif_info *ssif_info,
298                       unsigned char   *data,
299                       unsigned int    len);
300
301 static unsigned long *ipmi_ssif_lock_cond(struct ssif_info *ssif_info,
302                                           unsigned long *flags)
303 {
304         spin_lock_irqsave(&ssif_info->lock, *flags);
305         return flags;
306 }
307
308 static void ipmi_ssif_unlock_cond(struct ssif_info *ssif_info,
309                                   unsigned long *flags)
310 {
311         spin_unlock_irqrestore(&ssif_info->lock, *flags);
312 }
313
314 static void deliver_recv_msg(struct ssif_info *ssif_info,
315                              struct ipmi_smi_msg *msg)
316 {
317         if (msg->rsp_size < 0) {
318                 return_hosed_msg(ssif_info, msg);
319                 pr_err(PFX
320                        "Malformed message in deliver_recv_msg: rsp_size = %d\n",
321                        msg->rsp_size);
322         } else {
323                 ipmi_smi_msg_received(ssif_info->intf, msg);
324         }
325 }
326
327 static void return_hosed_msg(struct ssif_info *ssif_info,
328                              struct ipmi_smi_msg *msg)
329 {
330         ssif_inc_stat(ssif_info, hosed);
331
332         /* Make it a response */
333         msg->rsp[0] = msg->data[0] | 4;
334         msg->rsp[1] = msg->data[1];
335         msg->rsp[2] = 0xFF; /* Unknown error. */
336         msg->rsp_size = 3;
337
338         deliver_recv_msg(ssif_info, msg);
339 }
340
341 /*
342  * Must be called with the message lock held.  This will release the
343  * message lock.  Note that the caller will check SSIF_IDLE and start a
344  * new operation, so there is no need to check for new messages to
345  * start in here.
346  */
347 static void start_clear_flags(struct ssif_info *ssif_info, unsigned long *flags)
348 {
349         unsigned char msg[3];
350
351         ssif_info->msg_flags &= ~WDT_PRE_TIMEOUT_INT;
352         ssif_info->ssif_state = SSIF_CLEARING_FLAGS;
353         ipmi_ssif_unlock_cond(ssif_info, flags);
354
355         /* Make sure the watchdog pre-timeout flag is not set at startup. */
356         msg[0] = (IPMI_NETFN_APP_REQUEST << 2);
357         msg[1] = IPMI_CLEAR_MSG_FLAGS_CMD;
358         msg[2] = WDT_PRE_TIMEOUT_INT;
359
360         if (start_send(ssif_info, msg, 3) != 0) {
361                 /* Error, just go to normal state. */
362                 ssif_info->ssif_state = SSIF_NORMAL;
363         }
364 }
365
366 static void start_flag_fetch(struct ssif_info *ssif_info, unsigned long *flags)
367 {
368         unsigned char mb[2];
369
370         ssif_info->req_flags = false;
371         ssif_info->ssif_state = SSIF_GETTING_FLAGS;
372         ipmi_ssif_unlock_cond(ssif_info, flags);
373
374         mb[0] = (IPMI_NETFN_APP_REQUEST << 2);
375         mb[1] = IPMI_GET_MSG_FLAGS_CMD;
376         if (start_send(ssif_info, mb, 2) != 0)
377                 ssif_info->ssif_state = SSIF_NORMAL;
378 }
379
380 static void check_start_send(struct ssif_info *ssif_info, unsigned long *flags,
381                              struct ipmi_smi_msg *msg)
382 {
383         if (start_send(ssif_info, msg->data, msg->data_size) != 0) {
384                 unsigned long oflags;
385
386                 flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
387                 ssif_info->curr_msg = NULL;
388                 ssif_info->ssif_state = SSIF_NORMAL;
389                 ipmi_ssif_unlock_cond(ssif_info, flags);
390                 ipmi_free_smi_msg(msg);
391         }
392 }
393
394 static void start_event_fetch(struct ssif_info *ssif_info, unsigned long *flags)
395 {
396         struct ipmi_smi_msg *msg;
397
398         ssif_info->req_events = false;
399
400         msg = ipmi_alloc_smi_msg();
401         if (!msg) {
402                 ssif_info->ssif_state = SSIF_NORMAL;
403                 ipmi_ssif_unlock_cond(ssif_info, flags);
404                 return;
405         }
406
407         ssif_info->curr_msg = msg;
408         ssif_info->ssif_state = SSIF_GETTING_EVENTS;
409         ipmi_ssif_unlock_cond(ssif_info, flags);
410
411         msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
412         msg->data[1] = IPMI_READ_EVENT_MSG_BUFFER_CMD;
413         msg->data_size = 2;
414
415         check_start_send(ssif_info, flags, msg);
416 }
417
418 static void start_recv_msg_fetch(struct ssif_info *ssif_info,
419                                  unsigned long *flags)
420 {
421         struct ipmi_smi_msg *msg;
422
423         msg = ipmi_alloc_smi_msg();
424         if (!msg) {
425                 ssif_info->ssif_state = SSIF_NORMAL;
426                 ipmi_ssif_unlock_cond(ssif_info, flags);
427                 return;
428         }
429
430         ssif_info->curr_msg = msg;
431         ssif_info->ssif_state = SSIF_GETTING_MESSAGES;
432         ipmi_ssif_unlock_cond(ssif_info, flags);
433
434         msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
435         msg->data[1] = IPMI_GET_MSG_CMD;
436         msg->data_size = 2;
437
438         check_start_send(ssif_info, flags, msg);
439 }
440
441 /*
442  * Must be called with the message lock held.  This will release the
443  * message lock.  Note that the caller will check SSIF_IDLE and start a
444  * new operation, so there is no need to check for new messages to
445  * start in here.
446  */
447 static void handle_flags(struct ssif_info *ssif_info, unsigned long *flags)
448 {
449         if (ssif_info->msg_flags & WDT_PRE_TIMEOUT_INT) {
450                 /* Watchdog pre-timeout */
451                 ssif_inc_stat(ssif_info, watchdog_pretimeouts);
452                 start_clear_flags(ssif_info, flags);
453                 ipmi_smi_watchdog_pretimeout(ssif_info->intf);
454         } else if (ssif_info->msg_flags & RECEIVE_MSG_AVAIL)
455                 /* Messages available. */
456                 start_recv_msg_fetch(ssif_info, flags);
457         else if (ssif_info->msg_flags & EVENT_MSG_BUFFER_FULL)
458                 /* Events available. */
459                 start_event_fetch(ssif_info, flags);
460         else {
461                 ssif_info->ssif_state = SSIF_NORMAL;
462                 ipmi_ssif_unlock_cond(ssif_info, flags);
463         }
464 }
465
466 static int ipmi_ssif_thread(void *data)
467 {
468         struct ssif_info *ssif_info = data;
469
470         while (!kthread_should_stop()) {
471                 int result;
472
473                 /* Wait for something to do */
474                 result = wait_for_completion_interruptible(
475                                                 &ssif_info->wake_thread);
476                 if (ssif_info->stopping)
477                         break;
478                 if (result == -ERESTARTSYS)
479                         continue;
480                 init_completion(&ssif_info->wake_thread);
481
482                 if (ssif_info->i2c_read_write == I2C_SMBUS_WRITE) {
483                         result = i2c_smbus_write_block_data(
484                                 ssif_info->client, ssif_info->i2c_command,
485                                 ssif_info->i2c_data[0],
486                                 ssif_info->i2c_data + 1);
487                         ssif_info->done_handler(ssif_info, result, NULL, 0);
488                 } else {
489                         result = i2c_smbus_read_block_data(
490                                 ssif_info->client, ssif_info->i2c_command,
491                                 ssif_info->i2c_data);
492                         if (result < 0)
493                                 ssif_info->done_handler(ssif_info, result,
494                                                         NULL, 0);
495                         else
496                                 ssif_info->done_handler(ssif_info, 0,
497                                                         ssif_info->i2c_data,
498                                                         result);
499                 }
500         }
501
502         return 0;
503 }
504
505 static int ssif_i2c_send(struct ssif_info *ssif_info,
506                         ssif_i2c_done handler,
507                         int read_write, int command,
508                         unsigned char *data, unsigned int size)
509 {
510         ssif_info->done_handler = handler;
511
512         ssif_info->i2c_read_write = read_write;
513         ssif_info->i2c_command = command;
514         ssif_info->i2c_data = data;
515         ssif_info->i2c_size = size;
516         complete(&ssif_info->wake_thread);
517         return 0;
518 }
519
520
521 static void msg_done_handler(struct ssif_info *ssif_info, int result,
522                              unsigned char *data, unsigned int len);
523
524 static void start_get(struct ssif_info *ssif_info)
525 {
526         int rv;
527
528         ssif_info->rtc_us_timer = 0;
529         ssif_info->multi_pos = 0;
530
531         rv = ssif_i2c_send(ssif_info, msg_done_handler, I2C_SMBUS_READ,
532                           SSIF_IPMI_RESPONSE,
533                           ssif_info->recv, I2C_SMBUS_BLOCK_DATA);
534         if (rv < 0) {
535                 /* request failed, just return the error. */
536                 if (ssif_info->ssif_debug & SSIF_DEBUG_MSG)
537                         pr_info("Error from i2c_non_blocking_op(5)\n");
538
539                 msg_done_handler(ssif_info, -EIO, NULL, 0);
540         }
541 }
542
543 static void retry_timeout(struct timer_list *t)
544 {
545         struct ssif_info *ssif_info = from_timer(ssif_info, t, retry_timer);
546         unsigned long oflags, *flags;
547         bool waiting;
548
549         if (ssif_info->stopping)
550                 return;
551
552         flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
553         waiting = ssif_info->waiting_alert;
554         ssif_info->waiting_alert = false;
555         ipmi_ssif_unlock_cond(ssif_info, flags);
556
557         if (waiting)
558                 start_get(ssif_info);
559 }
560
561
562 static void ssif_alert(struct i2c_client *client, enum i2c_alert_protocol type,
563                        unsigned int data)
564 {
565         struct ssif_info *ssif_info = i2c_get_clientdata(client);
566         unsigned long oflags, *flags;
567         bool do_get = false;
568
569         if (type != I2C_PROTOCOL_SMBUS_ALERT)
570                 return;
571
572         ssif_inc_stat(ssif_info, alerts);
573
574         flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
575         if (ssif_info->waiting_alert) {
576                 ssif_info->waiting_alert = false;
577                 del_timer(&ssif_info->retry_timer);
578                 do_get = true;
579         } else if (ssif_info->curr_msg) {
580                 ssif_info->got_alert = true;
581         }
582         ipmi_ssif_unlock_cond(ssif_info, flags);
583         if (do_get)
584                 start_get(ssif_info);
585 }
586
587 static int start_resend(struct ssif_info *ssif_info);
588
589 static void msg_done_handler(struct ssif_info *ssif_info, int result,
590                              unsigned char *data, unsigned int len)
591 {
592         struct ipmi_smi_msg *msg;
593         unsigned long oflags, *flags;
594         int rv;
595
596         /*
597          * We are single-threaded here, so no need for a lock until we
598          * start messing with driver states or the queues.
599          */
600
601         if (result < 0) {
602                 ssif_info->retries_left--;
603                 if (ssif_info->retries_left > 0) {
604                         ssif_inc_stat(ssif_info, receive_retries);
605
606                         flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
607                         ssif_info->waiting_alert = true;
608                         ssif_info->rtc_us_timer = SSIF_MSG_USEC;
609                         mod_timer(&ssif_info->retry_timer,
610                                   jiffies + SSIF_MSG_JIFFIES);
611                         ipmi_ssif_unlock_cond(ssif_info, flags);
612                         return;
613                 }
614
615                 ssif_inc_stat(ssif_info, receive_errors);
616
617                 if  (ssif_info->ssif_debug & SSIF_DEBUG_MSG)
618                         pr_info("Error in msg_done_handler: %d\n", result);
619                 len = 0;
620                 goto continue_op;
621         }
622
623         if ((len > 1) && (ssif_info->multi_pos == 0)
624                                 && (data[0] == 0x00) && (data[1] == 0x01)) {
625                 /* Start of multi-part read.  Start the next transaction. */
626                 int i;
627
628                 ssif_inc_stat(ssif_info, received_message_parts);
629
630                 /* Remove the multi-part read marker. */
631                 len -= 2;
632                 for (i = 0; i < len; i++)
633                         ssif_info->data[i] = data[i+2];
634                 ssif_info->multi_len = len;
635                 ssif_info->multi_pos = 1;
636
637                 rv = ssif_i2c_send(ssif_info, msg_done_handler, I2C_SMBUS_READ,
638                                   SSIF_IPMI_MULTI_PART_RESPONSE_MIDDLE,
639                                   ssif_info->recv, I2C_SMBUS_BLOCK_DATA);
640                 if (rv < 0) {
641                         if (ssif_info->ssif_debug & SSIF_DEBUG_MSG)
642                                 pr_info("Error from i2c_non_blocking_op(1)\n");
643
644                         result = -EIO;
645                 } else
646                         return;
647         } else if (ssif_info->multi_pos) {
648                 /* Middle of multi-part read.  Start the next transaction. */
649                 int i;
650                 unsigned char blocknum;
651
652                 if (len == 0) {
653                         result = -EIO;
654                         if (ssif_info->ssif_debug & SSIF_DEBUG_MSG)
655                                 pr_info(PFX "Middle message with no data\n");
656
657                         goto continue_op;
658                 }
659
660                 blocknum = data[0];
661
662                 if (ssif_info->multi_len + len - 1 > IPMI_MAX_MSG_LENGTH) {
663                         /* Received message too big, abort the operation. */
664                         result = -E2BIG;
665                         if (ssif_info->ssif_debug & SSIF_DEBUG_MSG)
666                                 pr_info("Received message too big\n");
667
668                         goto continue_op;
669                 }
670
671                 /* Remove the blocknum from the data. */
672                 len--;
673                 for (i = 0; i < len; i++)
674                         ssif_info->data[i + ssif_info->multi_len] = data[i + 1];
675                 ssif_info->multi_len += len;
676                 if (blocknum == 0xff) {
677                         /* End of read */
678                         len = ssif_info->multi_len;
679                         data = ssif_info->data;
680                 } else if (blocknum + 1 != ssif_info->multi_pos) {
681                         /*
682                          * Out of sequence block, just abort.  Block
683                          * numbers start at zero for the second block,
684                          * but multi_pos starts at one, so the +1.
685                          */
686                         result = -EIO;
687                 } else {
688                         ssif_inc_stat(ssif_info, received_message_parts);
689
690                         ssif_info->multi_pos++;
691
692                         rv = ssif_i2c_send(ssif_info, msg_done_handler,
693                                            I2C_SMBUS_READ,
694                                            SSIF_IPMI_MULTI_PART_RESPONSE_MIDDLE,
695                                            ssif_info->recv,
696                                            I2C_SMBUS_BLOCK_DATA);
697                         if (rv < 0) {
698                                 if (ssif_info->ssif_debug & SSIF_DEBUG_MSG)
699                                         pr_info(PFX
700                                                 "Error from ssif_i2c_send\n");
701
702                                 result = -EIO;
703                         } else
704                                 return;
705                 }
706         }
707
708         if (result < 0) {
709                 ssif_inc_stat(ssif_info, receive_errors);
710         } else {
711                 ssif_inc_stat(ssif_info, received_messages);
712                 ssif_inc_stat(ssif_info, received_message_parts);
713         }
714
715
716  continue_op:
717         if (ssif_info->ssif_debug & SSIF_DEBUG_STATE)
718                 pr_info(PFX "DONE 1: state = %d, result=%d.\n",
719                         ssif_info->ssif_state, result);
720
721         flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
722         msg = ssif_info->curr_msg;
723         if (msg) {
724                 msg->rsp_size = len;
725                 if (msg->rsp_size > IPMI_MAX_MSG_LENGTH)
726                         msg->rsp_size = IPMI_MAX_MSG_LENGTH;
727                 memcpy(msg->rsp, data, msg->rsp_size);
728                 ssif_info->curr_msg = NULL;
729         }
730
731         switch (ssif_info->ssif_state) {
732         case SSIF_NORMAL:
733                 ipmi_ssif_unlock_cond(ssif_info, flags);
734                 if (!msg)
735                         break;
736
737                 if (result < 0)
738                         return_hosed_msg(ssif_info, msg);
739                 else
740                         deliver_recv_msg(ssif_info, msg);
741                 break;
742
743         case SSIF_GETTING_FLAGS:
744                 /* We got the flags from the SSIF, now handle them. */
745                 if ((result < 0) || (len < 4) || (data[2] != 0)) {
746                         /*
747                          * Error fetching flags, or invalid length,
748                          * just give up for now.
749                          */
750                         ssif_info->ssif_state = SSIF_NORMAL;
751                         ipmi_ssif_unlock_cond(ssif_info, flags);
752                         pr_warn(PFX "Error getting flags: %d %d, %x\n",
753                                result, len, (len >= 3) ? data[2] : 0);
754                 } else if (data[0] != (IPMI_NETFN_APP_REQUEST | 1) << 2
755                            || data[1] != IPMI_GET_MSG_FLAGS_CMD) {
756                         /*
757                          * Don't abort here, maybe it was a queued
758                          * response to a previous command.
759                          */
760                         ipmi_ssif_unlock_cond(ssif_info, flags);
761                         pr_warn(PFX "Invalid response getting flags: %x %x\n",
762                                 data[0], data[1]);
763                 } else {
764                         ssif_inc_stat(ssif_info, flag_fetches);
765                         ssif_info->msg_flags = data[3];
766                         handle_flags(ssif_info, flags);
767                 }
768                 break;
769
770         case SSIF_CLEARING_FLAGS:
771                 /* We cleared the flags. */
772                 if ((result < 0) || (len < 3) || (data[2] != 0)) {
773                         /* Error clearing flags */
774                         pr_warn(PFX "Error clearing flags: %d %d, %x\n",
775                                result, len, (len >= 3) ? data[2] : 0);
776                 } else if (data[0] != (IPMI_NETFN_APP_REQUEST | 1) << 2
777                            || data[1] != IPMI_CLEAR_MSG_FLAGS_CMD) {
778                         pr_warn(PFX "Invalid response clearing flags: %x %x\n",
779                                 data[0], data[1]);
780                 }
781                 ssif_info->ssif_state = SSIF_NORMAL;
782                 ipmi_ssif_unlock_cond(ssif_info, flags);
783                 break;
784
785         case SSIF_GETTING_EVENTS:
786                 if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
787                         /* Error getting event, probably done. */
788                         msg->done(msg);
789
790                         /* Take off the event flag. */
791                         ssif_info->msg_flags &= ~EVENT_MSG_BUFFER_FULL;
792                         handle_flags(ssif_info, flags);
793                 } else if (msg->rsp[0] != (IPMI_NETFN_APP_REQUEST | 1) << 2
794                            || msg->rsp[1] != IPMI_READ_EVENT_MSG_BUFFER_CMD) {
795                         pr_warn(PFX "Invalid response getting events: %x %x\n",
796                                 msg->rsp[0], msg->rsp[1]);
797                         msg->done(msg);
798                         /* Take off the event flag. */
799                         ssif_info->msg_flags &= ~EVENT_MSG_BUFFER_FULL;
800                         handle_flags(ssif_info, flags);
801                 } else {
802                         handle_flags(ssif_info, flags);
803                         ssif_inc_stat(ssif_info, events);
804                         deliver_recv_msg(ssif_info, msg);
805                 }
806                 break;
807
808         case SSIF_GETTING_MESSAGES:
809                 if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
810                         /* Error getting event, probably done. */
811                         msg->done(msg);
812
813                         /* Take off the msg flag. */
814                         ssif_info->msg_flags &= ~RECEIVE_MSG_AVAIL;
815                         handle_flags(ssif_info, flags);
816                 } else if (msg->rsp[0] != (IPMI_NETFN_APP_REQUEST | 1) << 2
817                            || msg->rsp[1] != IPMI_GET_MSG_CMD) {
818                         pr_warn(PFX "Invalid response clearing flags: %x %x\n",
819                                 msg->rsp[0], msg->rsp[1]);
820                         msg->done(msg);
821
822                         /* Take off the msg flag. */
823                         ssif_info->msg_flags &= ~RECEIVE_MSG_AVAIL;
824                         handle_flags(ssif_info, flags);
825                 } else {
826                         ssif_inc_stat(ssif_info, incoming_messages);
827                         handle_flags(ssif_info, flags);
828                         deliver_recv_msg(ssif_info, msg);
829                 }
830                 break;
831         }
832
833         flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
834         if (SSIF_IDLE(ssif_info) && !ssif_info->stopping) {
835                 if (ssif_info->req_events)
836                         start_event_fetch(ssif_info, flags);
837                 else if (ssif_info->req_flags)
838                         start_flag_fetch(ssif_info, flags);
839                 else
840                         start_next_msg(ssif_info, flags);
841         } else
842                 ipmi_ssif_unlock_cond(ssif_info, flags);
843
844         if (ssif_info->ssif_debug & SSIF_DEBUG_STATE)
845                 pr_info(PFX "DONE 2: state = %d.\n", ssif_info->ssif_state);
846 }
847
848 static void msg_written_handler(struct ssif_info *ssif_info, int result,
849                                 unsigned char *data, unsigned int len)
850 {
851         int rv;
852
853         /* We are single-threaded here, so no need for a lock. */
854         if (result < 0) {
855                 ssif_info->retries_left--;
856                 if (ssif_info->retries_left > 0) {
857                         if (!start_resend(ssif_info)) {
858                                 ssif_inc_stat(ssif_info, send_retries);
859                                 return;
860                         }
861                         /* request failed, just return the error. */
862                         ssif_inc_stat(ssif_info, send_errors);
863
864                         if (ssif_info->ssif_debug & SSIF_DEBUG_MSG)
865                                 pr_info(PFX
866                                         "Out of retries in msg_written_handler\n");
867                         msg_done_handler(ssif_info, -EIO, NULL, 0);
868                         return;
869                 }
870
871                 ssif_inc_stat(ssif_info, send_errors);
872
873                 /*
874                  * Got an error on transmit, let the done routine
875                  * handle it.
876                  */
877                 if (ssif_info->ssif_debug & SSIF_DEBUG_MSG)
878                         pr_info("Error in msg_written_handler: %d\n", result);
879
880                 msg_done_handler(ssif_info, result, NULL, 0);
881                 return;
882         }
883
884         if (ssif_info->multi_data) {
885                 /*
886                  * In the middle of a multi-data write.  See the comment
887                  * in the SSIF_MULTI_n_PART case in the probe function
888                  * for details on the intricacies of this.
889                  */
890                 int left;
891                 unsigned char *data_to_send;
892
893                 ssif_inc_stat(ssif_info, sent_messages_parts);
894
895                 left = ssif_info->multi_len - ssif_info->multi_pos;
896                 if (left > 32)
897                         left = 32;
898                 /* Length byte. */
899                 ssif_info->multi_data[ssif_info->multi_pos] = left;
900                 data_to_send = ssif_info->multi_data + ssif_info->multi_pos;
901                 ssif_info->multi_pos += left;
902                 if (left < 32)
903                         /*
904                          * Write is finished.  Note that we must end
905                          * with a write of less than 32 bytes to
906                          * complete the transaction, even if it is
907                          * zero bytes.
908                          */
909                         ssif_info->multi_data = NULL;
910
911                 rv = ssif_i2c_send(ssif_info, msg_written_handler,
912                                   I2C_SMBUS_WRITE,
913                                   SSIF_IPMI_MULTI_PART_REQUEST_MIDDLE,
914                                   data_to_send,
915                                   I2C_SMBUS_BLOCK_DATA);
916                 if (rv < 0) {
917                         /* request failed, just return the error. */
918                         ssif_inc_stat(ssif_info, send_errors);
919
920                         if (ssif_info->ssif_debug & SSIF_DEBUG_MSG)
921                                 pr_info("Error from i2c_non_blocking_op(3)\n");
922                         msg_done_handler(ssif_info, -EIO, NULL, 0);
923                 }
924         } else {
925                 /* Ready to request the result. */
926                 unsigned long oflags, *flags;
927
928                 ssif_inc_stat(ssif_info, sent_messages);
929                 ssif_inc_stat(ssif_info, sent_messages_parts);
930
931                 flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
932                 if (ssif_info->got_alert) {
933                         /* The result is already ready, just start it. */
934                         ssif_info->got_alert = false;
935                         ipmi_ssif_unlock_cond(ssif_info, flags);
936                         start_get(ssif_info);
937                 } else {
938                         /* Wait a jiffie then request the next message */
939                         ssif_info->waiting_alert = true;
940                         ssif_info->retries_left = SSIF_RECV_RETRIES;
941                         ssif_info->rtc_us_timer = SSIF_MSG_PART_USEC;
942                         mod_timer(&ssif_info->retry_timer,
943                                   jiffies + SSIF_MSG_PART_JIFFIES);
944                         ipmi_ssif_unlock_cond(ssif_info, flags);
945                 }
946         }
947 }
948
949 static int start_resend(struct ssif_info *ssif_info)
950 {
951         int rv;
952         int command;
953
954         ssif_info->got_alert = false;
955
956         if (ssif_info->data_len > 32) {
957                 command = SSIF_IPMI_MULTI_PART_REQUEST_START;
958                 ssif_info->multi_data = ssif_info->data;
959                 ssif_info->multi_len = ssif_info->data_len;
960                 /*
961                  * Subtle thing, this is 32, not 33, because we will
962                  * overwrite the thing at position 32 (which was just
963                  * transmitted) with the new length.
964                  */
965                 ssif_info->multi_pos = 32;
966                 ssif_info->data[0] = 32;
967         } else {
968                 ssif_info->multi_data = NULL;
969                 command = SSIF_IPMI_REQUEST;
970                 ssif_info->data[0] = ssif_info->data_len;
971         }
972
973         rv = ssif_i2c_send(ssif_info, msg_written_handler, I2C_SMBUS_WRITE,
974                           command, ssif_info->data, I2C_SMBUS_BLOCK_DATA);
975         if (rv && (ssif_info->ssif_debug & SSIF_DEBUG_MSG))
976                 pr_info("Error from i2c_non_blocking_op(4)\n");
977         return rv;
978 }
979
980 static int start_send(struct ssif_info *ssif_info,
981                       unsigned char   *data,
982                       unsigned int    len)
983 {
984         if (len > IPMI_MAX_MSG_LENGTH)
985                 return -E2BIG;
986         if (len > ssif_info->max_xmit_msg_size)
987                 return -E2BIG;
988
989         ssif_info->retries_left = SSIF_SEND_RETRIES;
990         memcpy(ssif_info->data + 1, data, len);
991         ssif_info->data_len = len;
992         return start_resend(ssif_info);
993 }
994
995 /* Must be called with the message lock held. */
996 static void start_next_msg(struct ssif_info *ssif_info, unsigned long *flags)
997 {
998         struct ipmi_smi_msg *msg;
999         unsigned long oflags;
1000
1001  restart:
1002         if (!SSIF_IDLE(ssif_info)) {
1003                 ipmi_ssif_unlock_cond(ssif_info, flags);
1004                 return;
1005         }
1006
1007         if (!ssif_info->waiting_msg) {
1008                 ssif_info->curr_msg = NULL;
1009                 ipmi_ssif_unlock_cond(ssif_info, flags);
1010         } else {
1011                 int rv;
1012
1013                 ssif_info->curr_msg = ssif_info->waiting_msg;
1014                 ssif_info->waiting_msg = NULL;
1015                 ipmi_ssif_unlock_cond(ssif_info, flags);
1016                 rv = start_send(ssif_info,
1017                                 ssif_info->curr_msg->data,
1018                                 ssif_info->curr_msg->data_size);
1019                 if (rv) {
1020                         msg = ssif_info->curr_msg;
1021                         ssif_info->curr_msg = NULL;
1022                         return_hosed_msg(ssif_info, msg);
1023                         flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
1024                         goto restart;
1025                 }
1026         }
1027 }
1028
1029 static void sender(void                *send_info,
1030                    struct ipmi_smi_msg *msg)
1031 {
1032         struct ssif_info *ssif_info = (struct ssif_info *) send_info;
1033         unsigned long oflags, *flags;
1034
1035         BUG_ON(ssif_info->waiting_msg);
1036         ssif_info->waiting_msg = msg;
1037
1038         flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
1039         start_next_msg(ssif_info, flags);
1040
1041         if (ssif_info->ssif_debug & SSIF_DEBUG_TIMING) {
1042                 struct timespec64 t;
1043
1044                 ktime_get_real_ts64(&t);
1045                 pr_info("**Enqueue %02x %02x: %lld.%6.6ld\n",
1046                        msg->data[0], msg->data[1],
1047                        (long long) t.tv_sec, (long) t.tv_nsec / NSEC_PER_USEC);
1048         }
1049 }
1050
1051 static int get_smi_info(void *send_info, struct ipmi_smi_info *data)
1052 {
1053         struct ssif_info *ssif_info = send_info;
1054
1055         data->addr_src = ssif_info->addr_source;
1056         data->dev = &ssif_info->client->dev;
1057         data->addr_info = ssif_info->addr_info;
1058         get_device(data->dev);
1059
1060         return 0;
1061 }
1062
1063 /*
1064  * Instead of having our own timer to periodically check the message
1065  * flags, we let the message handler drive us.
1066  */
1067 static void request_events(void *send_info)
1068 {
1069         struct ssif_info *ssif_info = (struct ssif_info *) send_info;
1070         unsigned long oflags, *flags;
1071
1072         if (!ssif_info->has_event_buffer)
1073                 return;
1074
1075         flags = ipmi_ssif_lock_cond(ssif_info, &oflags);
1076         /*
1077          * Request flags first, not events, because the lower layer
1078          * doesn't have a way to send an attention.  But make sure
1079          * event checking still happens.
1080          */
1081         ssif_info->req_events = true;
1082         if (SSIF_IDLE(ssif_info))
1083                 start_flag_fetch(ssif_info, flags);
1084         else {
1085                 ssif_info->req_flags = true;
1086                 ipmi_ssif_unlock_cond(ssif_info, flags);
1087         }
1088 }
1089
1090 static int ssif_start_processing(void            *send_info,
1091                                  struct ipmi_smi *intf)
1092 {
1093         struct ssif_info *ssif_info = send_info;
1094
1095         ssif_info->intf = intf;
1096
1097         return 0;
1098 }
1099
1100 #define MAX_SSIF_BMCS 4
1101
1102 static unsigned short addr[MAX_SSIF_BMCS];
1103 static int num_addrs;
1104 module_param_array(addr, ushort, &num_addrs, 0);
1105 MODULE_PARM_DESC(addr, "The addresses to scan for IPMI BMCs on the SSIFs.");
1106
1107 static char *adapter_name[MAX_SSIF_BMCS];
1108 static int num_adapter_names;
1109 module_param_array(adapter_name, charp, &num_adapter_names, 0);
1110 MODULE_PARM_DESC(adapter_name, "The string name of the I2C device that has the BMC.  By default all devices are scanned.");
1111
1112 static int slave_addrs[MAX_SSIF_BMCS];
1113 static int num_slave_addrs;
1114 module_param_array(slave_addrs, int, &num_slave_addrs, 0);
1115 MODULE_PARM_DESC(slave_addrs,
1116                  "The default IPMB slave address for the controller.");
1117
1118 static bool alerts_broken;
1119 module_param(alerts_broken, bool, 0);
1120 MODULE_PARM_DESC(alerts_broken, "Don't enable alerts for the controller.");
1121
1122 /*
1123  * Bit 0 enables message debugging, bit 1 enables state debugging, and
1124  * bit 2 enables timing debugging.  This is an array indexed by
1125  * interface number"
1126  */
1127 static int dbg[MAX_SSIF_BMCS];
1128 static int num_dbg;
1129 module_param_array(dbg, int, &num_dbg, 0);
1130 MODULE_PARM_DESC(dbg, "Turn on debugging.");
1131
1132 static bool ssif_dbg_probe;
1133 module_param_named(dbg_probe, ssif_dbg_probe, bool, 0);
1134 MODULE_PARM_DESC(dbg_probe, "Enable debugging of probing of adapters.");
1135
1136 static bool ssif_tryacpi = true;
1137 module_param_named(tryacpi, ssif_tryacpi, bool, 0);
1138 MODULE_PARM_DESC(tryacpi, "Setting this to zero will disable the default scan of the interfaces identified via ACPI");
1139
1140 static bool ssif_trydmi = true;
1141 module_param_named(trydmi, ssif_trydmi, bool, 0);
1142 MODULE_PARM_DESC(trydmi, "Setting this to zero will disable the default scan of the interfaces identified via DMI (SMBIOS)");
1143
1144 static DEFINE_MUTEX(ssif_infos_mutex);
1145 static LIST_HEAD(ssif_infos);
1146
1147 #define IPMI_SSIF_ATTR(name) \
1148 static ssize_t ipmi_##name##_show(struct device *dev,                   \
1149                                   struct device_attribute *attr,        \
1150                                   char *buf)                            \
1151 {                                                                       \
1152         struct ssif_info *ssif_info = dev_get_drvdata(dev);             \
1153                                                                         \
1154         return snprintf(buf, 10, "%u\n", ssif_get_stat(ssif_info, name));\
1155 }                                                                       \
1156 static DEVICE_ATTR(name, S_IRUGO, ipmi_##name##_show, NULL)
1157
1158 static ssize_t ipmi_type_show(struct device *dev,
1159                               struct device_attribute *attr,
1160                               char *buf)
1161 {
1162         return snprintf(buf, 10, "ssif\n");
1163 }
1164 static DEVICE_ATTR(type, S_IRUGO, ipmi_type_show, NULL);
1165
1166 IPMI_SSIF_ATTR(sent_messages);
1167 IPMI_SSIF_ATTR(sent_messages_parts);
1168 IPMI_SSIF_ATTR(send_retries);
1169 IPMI_SSIF_ATTR(send_errors);
1170 IPMI_SSIF_ATTR(received_messages);
1171 IPMI_SSIF_ATTR(received_message_parts);
1172 IPMI_SSIF_ATTR(receive_retries);
1173 IPMI_SSIF_ATTR(receive_errors);
1174 IPMI_SSIF_ATTR(flag_fetches);
1175 IPMI_SSIF_ATTR(hosed);
1176 IPMI_SSIF_ATTR(events);
1177 IPMI_SSIF_ATTR(watchdog_pretimeouts);
1178 IPMI_SSIF_ATTR(alerts);
1179
1180 static struct attribute *ipmi_ssif_dev_attrs[] = {
1181         &dev_attr_type.attr,
1182         &dev_attr_sent_messages.attr,
1183         &dev_attr_sent_messages_parts.attr,
1184         &dev_attr_send_retries.attr,
1185         &dev_attr_send_errors.attr,
1186         &dev_attr_received_messages.attr,
1187         &dev_attr_received_message_parts.attr,
1188         &dev_attr_receive_retries.attr,
1189         &dev_attr_receive_errors.attr,
1190         &dev_attr_flag_fetches.attr,
1191         &dev_attr_hosed.attr,
1192         &dev_attr_events.attr,
1193         &dev_attr_watchdog_pretimeouts.attr,
1194         &dev_attr_alerts.attr,
1195         NULL
1196 };
1197
1198 static const struct attribute_group ipmi_ssif_dev_attr_group = {
1199         .attrs          = ipmi_ssif_dev_attrs,
1200 };
1201
1202 static void shutdown_ssif(void *send_info)
1203 {
1204         struct ssif_info *ssif_info = send_info;
1205
1206         device_remove_group(&ssif_info->client->dev, &ipmi_ssif_dev_attr_group);
1207         dev_set_drvdata(&ssif_info->client->dev, NULL);
1208
1209         /* make sure the driver is not looking for flags any more. */
1210         while (ssif_info->ssif_state != SSIF_NORMAL)
1211                 schedule_timeout(1);
1212
1213         ssif_info->stopping = true;
1214         del_timer_sync(&ssif_info->retry_timer);
1215         if (ssif_info->thread) {
1216                 complete(&ssif_info->wake_thread);
1217                 kthread_stop(ssif_info->thread);
1218         }
1219 }
1220
1221 static int ssif_remove(struct i2c_client *client)
1222 {
1223         struct ssif_info *ssif_info = i2c_get_clientdata(client);
1224         struct ssif_addr_info *addr_info;
1225
1226         if (!ssif_info)
1227                 return 0;
1228
1229         /*
1230          * After this point, we won't deliver anything asychronously
1231          * to the message handler.  We can unregister ourself.
1232          */
1233         ipmi_unregister_smi(ssif_info->intf);
1234
1235         list_for_each_entry(addr_info, &ssif_infos, link) {
1236                 if (addr_info->client == client) {
1237                         addr_info->client = NULL;
1238                         break;
1239                 }
1240         }
1241
1242         kfree(ssif_info);
1243
1244         return 0;
1245 }
1246
1247 static int do_cmd(struct i2c_client *client, int len, unsigned char *msg,
1248                   int *resp_len, unsigned char *resp)
1249 {
1250         int retry_cnt;
1251         int ret;
1252
1253         retry_cnt = SSIF_SEND_RETRIES;
1254  retry1:
1255         ret = i2c_smbus_write_block_data(client, SSIF_IPMI_REQUEST, len, msg);
1256         if (ret) {
1257                 retry_cnt--;
1258                 if (retry_cnt > 0)
1259                         goto retry1;
1260                 return -ENODEV;
1261         }
1262
1263         ret = -ENODEV;
1264         retry_cnt = SSIF_RECV_RETRIES;
1265         while (retry_cnt > 0) {
1266                 ret = i2c_smbus_read_block_data(client, SSIF_IPMI_RESPONSE,
1267                                                 resp);
1268                 if (ret > 0)
1269                         break;
1270                 msleep(SSIF_MSG_MSEC);
1271                 retry_cnt--;
1272                 if (retry_cnt <= 0)
1273                         break;
1274         }
1275
1276         if (ret > 0) {
1277                 /* Validate that the response is correct. */
1278                 if (ret < 3 ||
1279                     (resp[0] != (msg[0] | (1 << 2))) ||
1280                     (resp[1] != msg[1]))
1281                         ret = -EINVAL;
1282                 else {
1283                         *resp_len = ret;
1284                         ret = 0;
1285                 }
1286         }
1287
1288         return ret;
1289 }
1290
1291 static int ssif_detect(struct i2c_client *client, struct i2c_board_info *info)
1292 {
1293         unsigned char *resp;
1294         unsigned char msg[3];
1295         int           rv;
1296         int           len;
1297
1298         resp = kmalloc(IPMI_MAX_MSG_LENGTH, GFP_KERNEL);
1299         if (!resp)
1300                 return -ENOMEM;
1301
1302         /* Do a Get Device ID command, since it is required. */
1303         msg[0] = IPMI_NETFN_APP_REQUEST << 2;
1304         msg[1] = IPMI_GET_DEVICE_ID_CMD;
1305         rv = do_cmd(client, 2, msg, &len, resp);
1306         if (rv)
1307                 rv = -ENODEV;
1308         else
1309                 strlcpy(info->type, DEVICE_NAME, I2C_NAME_SIZE);
1310         kfree(resp);
1311         return rv;
1312 }
1313
1314 static int strcmp_nospace(char *s1, char *s2)
1315 {
1316         while (*s1 && *s2) {
1317                 while (isspace(*s1))
1318                         s1++;
1319                 while (isspace(*s2))
1320                         s2++;
1321                 if (*s1 > *s2)
1322                         return 1;
1323                 if (*s1 < *s2)
1324                         return -1;
1325                 s1++;
1326                 s2++;
1327         }
1328         return 0;
1329 }
1330
1331 static struct ssif_addr_info *ssif_info_find(unsigned short addr,
1332                                              char *adapter_name,
1333                                              bool match_null_name)
1334 {
1335         struct ssif_addr_info *info, *found = NULL;
1336
1337 restart:
1338         list_for_each_entry(info, &ssif_infos, link) {
1339                 if (info->binfo.addr == addr) {
1340                         if (info->adapter_name || adapter_name) {
1341                                 if (!info->adapter_name != !adapter_name) {
1342                                         /* One is NULL and one is not */
1343                                         continue;
1344                                 }
1345                                 if (adapter_name &&
1346                                     strcmp_nospace(info->adapter_name,
1347                                                    adapter_name))
1348                                         /* Names do not match */
1349                                         continue;
1350                         }
1351                         found = info;
1352                         break;
1353                 }
1354         }
1355
1356         if (!found && match_null_name) {
1357                 /* Try to get an exact match first, then try with a NULL name */
1358                 adapter_name = NULL;
1359                 match_null_name = false;
1360                 goto restart;
1361         }
1362
1363         return found;
1364 }
1365
1366 static bool check_acpi(struct ssif_info *ssif_info, struct device *dev)
1367 {
1368 #ifdef CONFIG_ACPI
1369         acpi_handle acpi_handle;
1370
1371         acpi_handle = ACPI_HANDLE(dev);
1372         if (acpi_handle) {
1373                 ssif_info->addr_source = SI_ACPI;
1374                 ssif_info->addr_info.acpi_info.acpi_handle = acpi_handle;
1375                 return true;
1376         }
1377 #endif
1378         return false;
1379 }
1380
1381 static int find_slave_address(struct i2c_client *client, int slave_addr)
1382 {
1383 #ifdef CONFIG_IPMI_DMI_DECODE
1384         if (!slave_addr)
1385                 slave_addr = ipmi_dmi_get_slave_addr(
1386                         SI_TYPE_INVALID,
1387                         i2c_adapter_id(client->adapter),
1388                         client->addr);
1389 #endif
1390
1391         return slave_addr;
1392 }
1393
1394 /*
1395  * Global enables we care about.
1396  */
1397 #define GLOBAL_ENABLES_MASK (IPMI_BMC_EVT_MSG_BUFF | IPMI_BMC_RCV_MSG_INTR | \
1398                              IPMI_BMC_EVT_MSG_INTR)
1399
1400 static int ssif_probe(struct i2c_client *client, const struct i2c_device_id *id)
1401 {
1402         unsigned char     msg[3];
1403         unsigned char     *resp;
1404         struct ssif_info   *ssif_info;
1405         int               rv = 0;
1406         int               len;
1407         int               i;
1408         u8                slave_addr = 0;
1409         struct ssif_addr_info *addr_info = NULL;
1410
1411         resp = kmalloc(IPMI_MAX_MSG_LENGTH, GFP_KERNEL);
1412         if (!resp)
1413                 return -ENOMEM;
1414
1415         ssif_info = kzalloc(sizeof(*ssif_info), GFP_KERNEL);
1416         if (!ssif_info) {
1417                 kfree(resp);
1418                 return -ENOMEM;
1419         }
1420
1421         if (!check_acpi(ssif_info, &client->dev)) {
1422                 addr_info = ssif_info_find(client->addr, client->adapter->name,
1423                                            true);
1424                 if (!addr_info) {
1425                         /* Must have come in through sysfs. */
1426                         ssif_info->addr_source = SI_HOTMOD;
1427                 } else {
1428                         ssif_info->addr_source = addr_info->addr_src;
1429                         ssif_info->ssif_debug = addr_info->debug;
1430                         ssif_info->addr_info = addr_info->addr_info;
1431                         addr_info->client = client;
1432                         slave_addr = addr_info->slave_addr;
1433                 }
1434         }
1435
1436         slave_addr = find_slave_address(client, slave_addr);
1437
1438         pr_info(PFX "Trying %s-specified SSIF interface at i2c address 0x%x, adapter %s, slave address 0x%x\n",
1439                ipmi_addr_src_to_str(ssif_info->addr_source),
1440                client->addr, client->adapter->name, slave_addr);
1441
1442         ssif_info->client = client;
1443         i2c_set_clientdata(client, ssif_info);
1444
1445         /* Now check for system interface capabilities */
1446         msg[0] = IPMI_NETFN_APP_REQUEST << 2;
1447         msg[1] = IPMI_GET_SYSTEM_INTERFACE_CAPABILITIES_CMD;
1448         msg[2] = 0; /* SSIF */
1449         rv = do_cmd(client, 3, msg, &len, resp);
1450         if (!rv && (len >= 3) && (resp[2] == 0)) {
1451                 if (len < 7) {
1452                         if (ssif_dbg_probe)
1453                                 pr_info(PFX "SSIF info too short: %d\n", len);
1454                         goto no_support;
1455                 }
1456
1457                 /* Got a good SSIF response, handle it. */
1458                 ssif_info->max_xmit_msg_size = resp[5];
1459                 ssif_info->max_recv_msg_size = resp[6];
1460                 ssif_info->multi_support = (resp[4] >> 6) & 0x3;
1461                 ssif_info->supports_pec = (resp[4] >> 3) & 0x1;
1462
1463                 /* Sanitize the data */
1464                 switch (ssif_info->multi_support) {
1465                 case SSIF_NO_MULTI:
1466                         if (ssif_info->max_xmit_msg_size > 32)
1467                                 ssif_info->max_xmit_msg_size = 32;
1468                         if (ssif_info->max_recv_msg_size > 32)
1469                                 ssif_info->max_recv_msg_size = 32;
1470                         break;
1471
1472                 case SSIF_MULTI_2_PART:
1473                         if (ssif_info->max_xmit_msg_size > 63)
1474                                 ssif_info->max_xmit_msg_size = 63;
1475                         if (ssif_info->max_recv_msg_size > 62)
1476                                 ssif_info->max_recv_msg_size = 62;
1477                         break;
1478
1479                 case SSIF_MULTI_n_PART:
1480                         /*
1481                          * The specification is rather confusing at
1482                          * this point, but I think I understand what
1483                          * is meant.  At least I have a workable
1484                          * solution.  With multi-part messages, you
1485                          * cannot send a message that is a multiple of
1486                          * 32-bytes in length, because the start and
1487                          * middle messages are 32-bytes and the end
1488                          * message must be at least one byte.  You
1489                          * can't fudge on an extra byte, that would
1490                          * screw up things like fru data writes.  So
1491                          * we limit the length to 63 bytes.  That way
1492                          * a 32-byte message gets sent as a single
1493                          * part.  A larger message will be a 32-byte
1494                          * start and the next message is always going
1495                          * to be 1-31 bytes in length.  Not ideal, but
1496                          * it should work.
1497                          */
1498                         if (ssif_info->max_xmit_msg_size > 63)
1499                                 ssif_info->max_xmit_msg_size = 63;
1500                         break;
1501
1502                 default:
1503                         /* Data is not sane, just give up. */
1504                         goto no_support;
1505                 }
1506         } else {
1507  no_support:
1508                 /* Assume no multi-part or PEC support */
1509                 pr_info(PFX "Error fetching SSIF: %d %d %2.2x, your system probably doesn't support this command so using defaults\n",
1510                        rv, len, resp[2]);
1511
1512                 ssif_info->max_xmit_msg_size = 32;
1513                 ssif_info->max_recv_msg_size = 32;
1514                 ssif_info->multi_support = SSIF_NO_MULTI;
1515                 ssif_info->supports_pec = 0;
1516         }
1517
1518         /* Make sure the NMI timeout is cleared. */
1519         msg[0] = IPMI_NETFN_APP_REQUEST << 2;
1520         msg[1] = IPMI_CLEAR_MSG_FLAGS_CMD;
1521         msg[2] = WDT_PRE_TIMEOUT_INT;
1522         rv = do_cmd(client, 3, msg, &len, resp);
1523         if (rv || (len < 3) || (resp[2] != 0))
1524                 pr_warn(PFX "Unable to clear message flags: %d %d %2.2x\n",
1525                         rv, len, resp[2]);
1526
1527         /* Attempt to enable the event buffer. */
1528         msg[0] = IPMI_NETFN_APP_REQUEST << 2;
1529         msg[1] = IPMI_GET_BMC_GLOBAL_ENABLES_CMD;
1530         rv = do_cmd(client, 2, msg, &len, resp);
1531         if (rv || (len < 4) || (resp[2] != 0)) {
1532                 pr_warn(PFX "Error getting global enables: %d %d %2.2x\n",
1533                         rv, len, resp[2]);
1534                 rv = 0; /* Not fatal */
1535                 goto found;
1536         }
1537
1538         ssif_info->global_enables = resp[3];
1539
1540         if (resp[3] & IPMI_BMC_EVT_MSG_BUFF) {
1541                 ssif_info->has_event_buffer = true;
1542                 /* buffer is already enabled, nothing to do. */
1543                 goto found;
1544         }
1545
1546         msg[0] = IPMI_NETFN_APP_REQUEST << 2;
1547         msg[1] = IPMI_SET_BMC_GLOBAL_ENABLES_CMD;
1548         msg[2] = ssif_info->global_enables | IPMI_BMC_EVT_MSG_BUFF;
1549         rv = do_cmd(client, 3, msg, &len, resp);
1550         if (rv || (len < 2)) {
1551                 pr_warn(PFX "Error setting global enables: %d %d %2.2x\n",
1552                         rv, len, resp[2]);
1553                 rv = 0; /* Not fatal */
1554                 goto found;
1555         }
1556
1557         if (resp[2] == 0) {
1558                 /* A successful return means the event buffer is supported. */
1559                 ssif_info->has_event_buffer = true;
1560                 ssif_info->global_enables |= IPMI_BMC_EVT_MSG_BUFF;
1561         }
1562
1563         /* Some systems don't behave well if you enable alerts. */
1564         if (alerts_broken)
1565                 goto found;
1566
1567         msg[0] = IPMI_NETFN_APP_REQUEST << 2;
1568         msg[1] = IPMI_SET_BMC_GLOBAL_ENABLES_CMD;
1569         msg[2] = ssif_info->global_enables | IPMI_BMC_RCV_MSG_INTR;
1570         rv = do_cmd(client, 3, msg, &len, resp);
1571         if (rv || (len < 2)) {
1572                 pr_warn(PFX "Error setting global enables: %d %d %2.2x\n",
1573                         rv, len, resp[2]);
1574                 rv = 0; /* Not fatal */
1575                 goto found;
1576         }
1577
1578         if (resp[2] == 0) {
1579                 /* A successful return means the alert is supported. */
1580                 ssif_info->supports_alert = true;
1581                 ssif_info->global_enables |= IPMI_BMC_RCV_MSG_INTR;
1582         }
1583
1584  found:
1585         if (ssif_dbg_probe) {
1586                 pr_info("ssif_probe: i2c_probe found device at i2c address %x\n",
1587                         client->addr);
1588         }
1589
1590         spin_lock_init(&ssif_info->lock);
1591         ssif_info->ssif_state = SSIF_NORMAL;
1592         timer_setup(&ssif_info->retry_timer, retry_timeout, 0);
1593
1594         for (i = 0; i < SSIF_NUM_STATS; i++)
1595                 atomic_set(&ssif_info->stats[i], 0);
1596
1597         if (ssif_info->supports_pec)
1598                 ssif_info->client->flags |= I2C_CLIENT_PEC;
1599
1600         ssif_info->handlers.owner = THIS_MODULE;
1601         ssif_info->handlers.start_processing = ssif_start_processing;
1602         ssif_info->handlers.shutdown = shutdown_ssif;
1603         ssif_info->handlers.get_smi_info = get_smi_info;
1604         ssif_info->handlers.sender = sender;
1605         ssif_info->handlers.request_events = request_events;
1606
1607         {
1608                 unsigned int thread_num;
1609
1610                 thread_num = ((i2c_adapter_id(ssif_info->client->adapter)
1611                                << 8) |
1612                               ssif_info->client->addr);
1613                 init_completion(&ssif_info->wake_thread);
1614                 ssif_info->thread = kthread_run(ipmi_ssif_thread, ssif_info,
1615                                                "kssif%4.4x", thread_num);
1616                 if (IS_ERR(ssif_info->thread)) {
1617                         rv = PTR_ERR(ssif_info->thread);
1618                         dev_notice(&ssif_info->client->dev,
1619                                    "Could not start kernel thread: error %d\n",
1620                                    rv);
1621                         goto out;
1622                 }
1623         }
1624
1625         dev_set_drvdata(&ssif_info->client->dev, ssif_info);
1626         rv = device_add_group(&ssif_info->client->dev,
1627                               &ipmi_ssif_dev_attr_group);
1628         if (rv) {
1629                 dev_err(&ssif_info->client->dev,
1630                         "Unable to add device attributes: error %d\n",
1631                         rv);
1632                 goto out;
1633         }
1634
1635         rv = ipmi_register_smi(&ssif_info->handlers,
1636                                ssif_info,
1637                                &ssif_info->client->dev,
1638                                slave_addr);
1639          if (rv) {
1640                 pr_err(PFX "Unable to register device: error %d\n", rv);
1641                 goto out_remove_attr;
1642         }
1643
1644  out:
1645         if (rv) {
1646                 if (addr_info)
1647                         addr_info->client = NULL;
1648
1649                 dev_err(&client->dev, "Unable to start IPMI SSIF: %d\n", rv);
1650                 kfree(ssif_info);
1651         }
1652         kfree(resp);
1653         return rv;
1654
1655 out_remove_attr:
1656         device_remove_group(&ssif_info->client->dev, &ipmi_ssif_dev_attr_group);
1657         dev_set_drvdata(&ssif_info->client->dev, NULL);
1658         goto out;
1659 }
1660
1661 static int ssif_adapter_handler(struct device *adev, void *opaque)
1662 {
1663         struct ssif_addr_info *addr_info = opaque;
1664
1665         if (adev->type != &i2c_adapter_type)
1666                 return 0;
1667
1668         addr_info->added_client = i2c_new_device(to_i2c_adapter(adev),
1669                                                  &addr_info->binfo);
1670
1671         if (!addr_info->adapter_name)
1672                 return 1; /* Only try the first I2C adapter by default. */
1673         return 0;
1674 }
1675
1676 static int new_ssif_client(int addr, char *adapter_name,
1677                            int debug, int slave_addr,
1678                            enum ipmi_addr_src addr_src,
1679                            struct device *dev)
1680 {
1681         struct ssif_addr_info *addr_info;
1682         int rv = 0;
1683
1684         mutex_lock(&ssif_infos_mutex);
1685         if (ssif_info_find(addr, adapter_name, false)) {
1686                 rv = -EEXIST;
1687                 goto out_unlock;
1688         }
1689
1690         addr_info = kzalloc(sizeof(*addr_info), GFP_KERNEL);
1691         if (!addr_info) {
1692                 rv = -ENOMEM;
1693                 goto out_unlock;
1694         }
1695
1696         if (adapter_name) {
1697                 addr_info->adapter_name = kstrdup(adapter_name, GFP_KERNEL);
1698                 if (!addr_info->adapter_name) {
1699                         kfree(addr_info);
1700                         rv = -ENOMEM;
1701                         goto out_unlock;
1702                 }
1703         }
1704
1705         strncpy(addr_info->binfo.type, DEVICE_NAME,
1706                 sizeof(addr_info->binfo.type));
1707         addr_info->binfo.addr = addr;
1708         addr_info->binfo.platform_data = addr_info;
1709         addr_info->debug = debug;
1710         addr_info->slave_addr = slave_addr;
1711         addr_info->addr_src = addr_src;
1712         addr_info->dev = dev;
1713
1714         if (dev)
1715                 dev_set_drvdata(dev, addr_info);
1716
1717         list_add_tail(&addr_info->link, &ssif_infos);
1718
1719         if (initialized)
1720                 i2c_for_each_dev(addr_info, ssif_adapter_handler);
1721         /* Otherwise address list will get it */
1722
1723 out_unlock:
1724         mutex_unlock(&ssif_infos_mutex);
1725         return rv;
1726 }
1727
1728 static void free_ssif_clients(void)
1729 {
1730         struct ssif_addr_info *info, *tmp;
1731
1732         mutex_lock(&ssif_infos_mutex);
1733         list_for_each_entry_safe(info, tmp, &ssif_infos, link) {
1734                 list_del(&info->link);
1735                 kfree(info->adapter_name);
1736                 kfree(info);
1737         }
1738         mutex_unlock(&ssif_infos_mutex);
1739 }
1740
1741 static unsigned short *ssif_address_list(void)
1742 {
1743         struct ssif_addr_info *info;
1744         unsigned int count = 0, i;
1745         unsigned short *address_list;
1746
1747         list_for_each_entry(info, &ssif_infos, link)
1748                 count++;
1749
1750         address_list = kcalloc(count + 1, sizeof(*address_list),
1751                                GFP_KERNEL);
1752         if (!address_list)
1753                 return NULL;
1754
1755         i = 0;
1756         list_for_each_entry(info, &ssif_infos, link) {
1757                 unsigned short addr = info->binfo.addr;
1758                 int j;
1759
1760                 for (j = 0; j < i; j++) {
1761                         if (address_list[j] == addr)
1762                                 goto skip_addr;
1763                 }
1764                 address_list[i] = addr;
1765 skip_addr:
1766                 i++;
1767         }
1768         address_list[i] = I2C_CLIENT_END;
1769
1770         return address_list;
1771 }
1772
1773 #ifdef CONFIG_ACPI
1774 static const struct acpi_device_id ssif_acpi_match[] = {
1775         { "IPI0001", 0 },
1776         { },
1777 };
1778 MODULE_DEVICE_TABLE(acpi, ssif_acpi_match);
1779 #endif
1780
1781 #ifdef CONFIG_DMI
1782 static int dmi_ipmi_probe(struct platform_device *pdev)
1783 {
1784         u8 slave_addr = 0;
1785         u16 i2c_addr;
1786         int rv;
1787
1788         if (!ssif_trydmi)
1789                 return -ENODEV;
1790
1791         rv = device_property_read_u16(&pdev->dev, "i2c-addr", &i2c_addr);
1792         if (rv) {
1793                 dev_warn(&pdev->dev, PFX "No i2c-addr property\n");
1794                 return -ENODEV;
1795         }
1796
1797         rv = device_property_read_u8(&pdev->dev, "slave-addr", &slave_addr);
1798         if (rv)
1799                 dev_warn(&pdev->dev, "device has no slave-addr property");
1800
1801         return new_ssif_client(i2c_addr, NULL, 0,
1802                                slave_addr, SI_SMBIOS, &pdev->dev);
1803 }
1804 #else
1805 static int dmi_ipmi_probe(struct platform_device *pdev)
1806 {
1807         return -ENODEV;
1808 }
1809 #endif
1810
1811 static const struct i2c_device_id ssif_id[] = {
1812         { DEVICE_NAME, 0 },
1813         { }
1814 };
1815 MODULE_DEVICE_TABLE(i2c, ssif_id);
1816
1817 static struct i2c_driver ssif_i2c_driver = {
1818         .class          = I2C_CLASS_HWMON,
1819         .driver         = {
1820                 .name                   = DEVICE_NAME
1821         },
1822         .probe          = ssif_probe,
1823         .remove         = ssif_remove,
1824         .alert          = ssif_alert,
1825         .id_table       = ssif_id,
1826         .detect         = ssif_detect
1827 };
1828
1829 static int ssif_platform_probe(struct platform_device *dev)
1830 {
1831         return dmi_ipmi_probe(dev);
1832 }
1833
1834 static int ssif_platform_remove(struct platform_device *dev)
1835 {
1836         struct ssif_addr_info *addr_info = dev_get_drvdata(&dev->dev);
1837
1838         if (!addr_info)
1839                 return 0;
1840
1841         mutex_lock(&ssif_infos_mutex);
1842         i2c_unregister_device(addr_info->added_client);
1843
1844         list_del(&addr_info->link);
1845         kfree(addr_info);
1846         mutex_unlock(&ssif_infos_mutex);
1847         return 0;
1848 }
1849
1850 static struct platform_driver ipmi_driver = {
1851         .driver = {
1852                 .name = DEVICE_NAME,
1853         },
1854         .probe          = ssif_platform_probe,
1855         .remove         = ssif_platform_remove,
1856 };
1857
1858 static int init_ipmi_ssif(void)
1859 {
1860         int i;
1861         int rv;
1862
1863         if (initialized)
1864                 return 0;
1865
1866         pr_info("IPMI SSIF Interface driver\n");
1867
1868         /* build list for i2c from addr list */
1869         for (i = 0; i < num_addrs; i++) {
1870                 rv = new_ssif_client(addr[i], adapter_name[i],
1871                                      dbg[i], slave_addrs[i],
1872                                      SI_HARDCODED, NULL);
1873                 if (rv)
1874                         pr_err(PFX
1875                                "Couldn't add hardcoded device at addr 0x%x\n",
1876                                addr[i]);
1877         }
1878
1879         if (ssif_tryacpi)
1880                 ssif_i2c_driver.driver.acpi_match_table =
1881                         ACPI_PTR(ssif_acpi_match);
1882
1883         if (ssif_trydmi) {
1884                 rv = platform_driver_register(&ipmi_driver);
1885                 if (rv)
1886                         pr_err(PFX "Unable to register driver: %d\n", rv);
1887         }
1888
1889         ssif_i2c_driver.address_list = ssif_address_list();
1890
1891         rv = i2c_add_driver(&ssif_i2c_driver);
1892         if (!rv)
1893                 initialized = true;
1894
1895         return rv;
1896 }
1897 module_init(init_ipmi_ssif);
1898
1899 static void cleanup_ipmi_ssif(void)
1900 {
1901         if (!initialized)
1902                 return;
1903
1904         initialized = false;
1905
1906         i2c_del_driver(&ssif_i2c_driver);
1907
1908         platform_driver_unregister(&ipmi_driver);
1909
1910         free_ssif_clients();
1911 }
1912 module_exit(cleanup_ipmi_ssif);
1913
1914 MODULE_ALIAS("platform:dmi-ipmi-ssif");
1915 MODULE_AUTHOR("Todd C Davis <todd.c.davis@intel.com>, Corey Minyard <minyard@acm.org>");
1916 MODULE_DESCRIPTION("IPMI driver for management controllers on a SMBus");
1917 MODULE_LICENSE("GPL");