aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2018-09-13 01:33:56 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2018-09-13 01:33:56 -0400
commitd3bd5973c72e04f03539858b9149e6b604bfb51d (patch)
treecf72b833875a185be7523af26cd896153a755e73
parent7428b2e5d0b195f2a5e40f91d2b41a8503fcfe68 (diff)
parenta8627cda7cfffe1792c199660c2b4f03ba2bd97b (diff)
Merge tag 'for-linus-4.19' of git://github.com/cminyard/linux-ipmi
Pull IPMI bugfixes from Corey Minyard: "A few fixes that came around or after the merge window, except for commit cd2315d471f4 ("ipmi: kcs_bmc: don't change device name") which is for a driver that very few people use, and those people need the change" * tag 'for-linus-4.19' of git://github.com/cminyard/linux-ipmi: ipmi: Fix NULL pointer dereference in ssif_probe ipmi: Fix I2C client removal in the SSIF driver ipmi: Move BT capabilities detection to the detect call ipmi: Rework SMI registration failure ipmi: kcs_bmc: don't change device name
Diffstat
-rw-r--r--drivers/char/ipmi/ipmi_bt_sm.c92
-rw-r--r--drivers/char/ipmi/ipmi_msghandler.c53
-rw-r--r--drivers/char/ipmi/ipmi_si_intf.c17
-rw-r--r--drivers/char/ipmi/ipmi_ssif.c32
-rw-r--r--drivers/char/ipmi/kcs_bmc.c7
5 files changed, 97 insertions, 104 deletions
diff --git a/drivers/char/ipmi/ipmi_bt_sm.c b/drivers/char/ipmi/ipmi_bt_sm.c
index a3397664f800..97d6856c9c0f 100644
--- a/drivers/char/ipmi/ipmi_bt_sm.c
+++ b/drivers/char/ipmi/ipmi_bt_sm.c
@@ -59,8 +59,6 @@ enum bt_states {
59 BT_STATE_RESET3, 59 BT_STATE_RESET3,
60 BT_STATE_RESTART, 60 BT_STATE_RESTART,
61 BT_STATE_PRINTME, 61 BT_STATE_PRINTME,
62 BT_STATE_CAPABILITIES_BEGIN,
63 BT_STATE_CAPABILITIES_END,
64 BT_STATE_LONG_BUSY /* BT doesn't get hosed :-) */ 62 BT_STATE_LONG_BUSY /* BT doesn't get hosed :-) */
65}; 63};
66 64
@@ -86,7 +84,6 @@ struct si_sm_data {
86 int error_retries; /* end of "common" fields */ 84 int error_retries; /* end of "common" fields */
87 int nonzero_status; /* hung BMCs stay all 0 */ 85 int nonzero_status; /* hung BMCs stay all 0 */
88 enum bt_states complete; /* to divert the state machine */ 86 enum bt_states complete; /* to divert the state machine */
89 int BT_CAP_outreqs;
90 long BT_CAP_req2rsp; 87 long BT_CAP_req2rsp;
91 int BT_CAP_retries; /* Recommended retries */ 88 int BT_CAP_retries; /* Recommended retries */
92}; 89};
@@ -137,8 +134,6 @@ static char *state2txt(unsigned char state)
137 case BT_STATE_RESET3: return("RESET3"); 134 case BT_STATE_RESET3: return("RESET3");
138 case BT_STATE_RESTART: return("RESTART"); 135 case BT_STATE_RESTART: return("RESTART");
139 case BT_STATE_LONG_BUSY: return("LONG_BUSY"); 136 case BT_STATE_LONG_BUSY: return("LONG_BUSY");
140 case BT_STATE_CAPABILITIES_BEGIN: return("CAP_BEGIN");
141 case BT_STATE_CAPABILITIES_END: return("CAP_END");
142 } 137 }
143 return("BAD STATE"); 138 return("BAD STATE");
144} 139}
@@ -185,7 +180,6 @@ static unsigned int bt_init_data(struct si_sm_data *bt, struct si_sm_io *io)
185 bt->complete = BT_STATE_IDLE; /* end here */ 180 bt->complete = BT_STATE_IDLE; /* end here */
186 bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * USEC_PER_SEC; 181 bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * USEC_PER_SEC;
187 bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT; 182 bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT;
188 /* BT_CAP_outreqs == zero is a flag to read BT Capabilities */
189 return 3; /* We claim 3 bytes of space; ought to check SPMI table */ 183 return 3; /* We claim 3 bytes of space; ought to check SPMI table */
190} 184}
191 185
@@ -451,7 +445,7 @@ static enum si_sm_result error_recovery(struct si_sm_data *bt,
451 445
452static enum si_sm_result bt_event(struct si_sm_data *bt, long time) 446static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
453{ 447{
454 unsigned char status, BT_CAP[8]; 448 unsigned char status;
455 static enum bt_states last_printed = BT_STATE_PRINTME; 449 static enum bt_states last_printed = BT_STATE_PRINTME;
456 int i; 450 int i;
457 451
@@ -504,12 +498,6 @@ static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
504 if (status & BT_H_BUSY) /* clear a leftover H_BUSY */ 498 if (status & BT_H_BUSY) /* clear a leftover H_BUSY */
505 BT_CONTROL(BT_H_BUSY); 499 BT_CONTROL(BT_H_BUSY);
506 500
507 bt->timeout = bt->BT_CAP_req2rsp;
508
509 /* Read BT capabilities if it hasn't been done yet */
510 if (!bt->BT_CAP_outreqs)
511 BT_STATE_CHANGE(BT_STATE_CAPABILITIES_BEGIN,
512 SI_SM_CALL_WITHOUT_DELAY);
513 BT_SI_SM_RETURN(SI_SM_IDLE); 501 BT_SI_SM_RETURN(SI_SM_IDLE);
514 502
515 case BT_STATE_XACTION_START: 503 case BT_STATE_XACTION_START:
@@ -614,37 +602,6 @@ static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
614 BT_STATE_CHANGE(BT_STATE_XACTION_START, 602 BT_STATE_CHANGE(BT_STATE_XACTION_START,
615 SI_SM_CALL_WITH_DELAY); 603 SI_SM_CALL_WITH_DELAY);
616 604
617 /*
618 * Get BT Capabilities, using timing of upper level state machine.
619 * Set outreqs to prevent infinite loop on timeout.
620 */
621 case BT_STATE_CAPABILITIES_BEGIN:
622 bt->BT_CAP_outreqs = 1;
623 {
624 unsigned char GetBT_CAP[] = { 0x18, 0x36 };
625 bt->state = BT_STATE_IDLE;
626 bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP));
627 }
628 bt->complete = BT_STATE_CAPABILITIES_END;
629 BT_STATE_CHANGE(BT_STATE_XACTION_START,
630 SI_SM_CALL_WITH_DELAY);
631
632 case BT_STATE_CAPABILITIES_END:
633 i = bt_get_result(bt, BT_CAP, sizeof(BT_CAP));
634 bt_init_data(bt, bt->io);
635 if ((i == 8) && !BT_CAP[2]) {
636 bt->BT_CAP_outreqs = BT_CAP[3];
637 bt->BT_CAP_req2rsp = BT_CAP[6] * USEC_PER_SEC;
638 bt->BT_CAP_retries = BT_CAP[7];
639 } else
640 printk(KERN_WARNING "IPMI BT: using default values\n");
641 if (!bt->BT_CAP_outreqs)
642 bt->BT_CAP_outreqs = 1;
643 printk(KERN_WARNING "IPMI BT: req2rsp=%ld secs retries=%d\n",
644 bt->BT_CAP_req2rsp / USEC_PER_SEC, bt->BT_CAP_retries);
645 bt->timeout = bt->BT_CAP_req2rsp;
646 return SI_SM_CALL_WITHOUT_DELAY;
647
648 default: /* should never occur */ 605 default: /* should never occur */
649 return error_recovery(bt, 606 return error_recovery(bt,
650 status, 607 status,
@@ -655,6 +612,11 @@ static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
655 612
656static int bt_detect(struct si_sm_data *bt) 613static int bt_detect(struct si_sm_data *bt)
657{ 614{
615 unsigned char GetBT_CAP[] = { 0x18, 0x36 };
616 unsigned char BT_CAP[8];
617 enum si_sm_result smi_result;
618 int rv;
619
658 /* 620 /*
659 * It's impossible for the BT status and interrupt registers to be 621 * It's impossible for the BT status and interrupt registers to be
660 * all 1's, (assuming a properly functioning, self-initialized BMC) 622 * all 1's, (assuming a properly functioning, self-initialized BMC)
@@ -665,6 +627,48 @@ static int bt_detect(struct si_sm_data *bt)
665 if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF)) 627 if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF))
666 return 1; 628 return 1;
667 reset_flags(bt); 629 reset_flags(bt);
630
631 /*
632 * Try getting the BT capabilities here.
633 */
634 rv = bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP));
635 if (rv) {
636 dev_warn(bt->io->dev,
637 "Can't start capabilities transaction: %d\n", rv);
638 goto out_no_bt_cap;
639 }
640
641 smi_result = SI_SM_CALL_WITHOUT_DELAY;
642 for (;;) {
643 if (smi_result == SI_SM_CALL_WITH_DELAY ||
644 smi_result == SI_SM_CALL_WITH_TICK_DELAY) {
645 schedule_timeout_uninterruptible(1);
646 smi_result = bt_event(bt, jiffies_to_usecs(1));
647 } else if (smi_result == SI_SM_CALL_WITHOUT_DELAY) {
648 smi_result = bt_event(bt, 0);
649 } else
650 break;
651 }
652
653 rv = bt_get_result(bt, BT_CAP, sizeof(BT_CAP));
654 bt_init_data(bt, bt->io);
655 if (rv < 8) {
656 dev_warn(bt->io->dev, "bt cap response too short: %d\n", rv);
657 goto out_no_bt_cap;
658 }
659
660 if (BT_CAP[2]) {
661 dev_warn(bt->io->dev, "Error fetching bt cap: %x\n", BT_CAP[2]);
662out_no_bt_cap:
663 dev_warn(bt->io->dev, "using default values\n");
664 } else {
665 bt->BT_CAP_req2rsp = BT_CAP[6] * USEC_PER_SEC;
666 bt->BT_CAP_retries = BT_CAP[7];
667 }
668
669 dev_info(bt->io->dev, "req2rsp=%ld secs retries=%d\n",
670 bt->BT_CAP_req2rsp / USEC_PER_SEC, bt->BT_CAP_retries);
671
668 return 0; 672 return 0;
669} 673}
670 674
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
index 51832b8a2c62..7fc9612070a1 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
+++ b/drivers/char/ipmi/ipmi_msghandler.c
@@ -3381,39 +3381,45 @@ int ipmi_register_smi(const struct ipmi_smi_handlers *handlers,
3381 3381
3382 rv = handlers->start_processing(send_info, intf); 3382 rv = handlers->start_processing(send_info, intf);
3383 if (rv) 3383 if (rv)
3384 goto out; 3384 goto out_err;
3385 3385
3386 rv = __bmc_get_device_id(intf, NULL, &id, NULL, NULL, i); 3386 rv = __bmc_get_device_id(intf, NULL, &id, NULL, NULL, i);
3387 if (rv) { 3387 if (rv) {
3388 dev_err(si_dev, "Unable to get the device id: %d\n", rv); 3388 dev_err(si_dev, "Unable to get the device id: %d\n", rv);
3389 goto out; 3389 goto out_err_started;
3390 } 3390 }
3391 3391
3392 mutex_lock(&intf->bmc_reg_mutex); 3392 mutex_lock(&intf->bmc_reg_mutex);
3393 rv = __scan_channels(intf, &id); 3393 rv = __scan_channels(intf, &id);
3394 mutex_unlock(&intf->bmc_reg_mutex); 3394 mutex_unlock(&intf->bmc_reg_mutex);
3395 if (rv)
3396 goto out_err_bmc_reg;
3395 3397
3396 out: 3398 /*
3397 if (rv) { 3399 * Keep memory order straight for RCU readers. Make
3398 ipmi_bmc_unregister(intf); 3400 * sure everything else is committed to memory before
3399 list_del_rcu(&intf->link); 3401 * setting intf_num to mark the interface valid.
3400 mutex_unlock(&ipmi_interfaces_mutex); 3402 */
3401 synchronize_srcu(&ipmi_interfaces_srcu); 3403 smp_wmb();
3402 cleanup_srcu_struct(&intf->users_srcu); 3404 intf->intf_num = i;
3403 kref_put(&intf->refcount, intf_free); 3405 mutex_unlock(&ipmi_interfaces_mutex);
3404 } else {
3405 /*
3406 * Keep memory order straight for RCU readers. Make
3407 * sure everything else is committed to memory before
3408 * setting intf_num to mark the interface valid.
3409 */
3410 smp_wmb();
3411 intf->intf_num = i;
3412 mutex_unlock(&ipmi_interfaces_mutex);
3413 3406
3414 /* After this point the interface is legal to use. */ 3407 /* After this point the interface is legal to use. */
3415 call_smi_watchers(i, intf->si_dev); 3408 call_smi_watchers(i, intf->si_dev);
3416 } 3409
3410 return 0;
3411
3412 out_err_bmc_reg:
3413 ipmi_bmc_unregister(intf);
3414 out_err_started:
3415 if (intf->handlers->shutdown)
3416 intf->handlers->shutdown(intf->send_info);
3417 out_err:
3418 list_del_rcu(&intf->link);
3419 mutex_unlock(&ipmi_interfaces_mutex);
3420 synchronize_srcu(&ipmi_interfaces_srcu);
3421 cleanup_srcu_struct(&intf->users_srcu);
3422 kref_put(&intf->refcount, intf_free);
3417 3423
3418 return rv; 3424 return rv;
3419} 3425}
@@ -3504,7 +3510,8 @@ void ipmi_unregister_smi(struct ipmi_smi *intf)
3504 } 3510 }
3505 srcu_read_unlock(&intf->users_srcu, index); 3511 srcu_read_unlock(&intf->users_srcu, index);
3506 3512
3507 intf->handlers->shutdown(intf->send_info); 3513 if (intf->handlers->shutdown)
3514 intf->handlers->shutdown(intf->send_info);
3508 3515
3509 cleanup_smi_msgs(intf); 3516 cleanup_smi_msgs(intf);
3510 3517
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
index 90ec010bffbd..5faa917df1b6 100644
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -2083,18 +2083,9 @@ static int try_smi_init(struct smi_info *new_smi)
2083 si_to_str[new_smi->io.si_type]); 2083 si_to_str[new_smi->io.si_type]);
2084 2084
2085 WARN_ON(new_smi->io.dev->init_name != NULL); 2085 WARN_ON(new_smi->io.dev->init_name != NULL);
2086 kfree(init_name);
2087
2088 return 0;
2089
2090out_err:
2091 if (new_smi->intf) {
2092 ipmi_unregister_smi(new_smi->intf);
2093 new_smi->intf = NULL;
2094 }
2095 2086
2087 out_err:
2096 kfree(init_name); 2088 kfree(init_name);
2097
2098 return rv; 2089 return rv;
2099} 2090}
2100 2091
@@ -2227,6 +2218,8 @@ static void shutdown_smi(void *send_info)
2227 2218
2228 kfree(smi_info->si_sm); 2219 kfree(smi_info->si_sm);
2229 smi_info->si_sm = NULL; 2220 smi_info->si_sm = NULL;
2221
2222 smi_info->intf = NULL;
2230} 2223}
2231 2224
2232/* 2225/*
@@ -2240,10 +2233,8 @@ static void cleanup_one_si(struct smi_info *smi_info)
2240 2233
2241 list_del(&smi_info->link); 2234 list_del(&smi_info->link);
2242 2235
2243 if (smi_info->intf) { 2236 if (smi_info->intf)
2244 ipmi_unregister_smi(smi_info->intf); 2237 ipmi_unregister_smi(smi_info->intf);
2245 smi_info->intf = NULL;
2246 }
2247 2238
2248 if (smi_info->pdev) { 2239 if (smi_info->pdev) {
2249 if (smi_info->pdev_registered) 2240 if (smi_info->pdev_registered)
diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
index 18e4650c233b..29e67a80fb20 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -181,6 +181,8 @@ struct ssif_addr_info {
181 struct device *dev; 181 struct device *dev;
182 struct i2c_client *client; 182 struct i2c_client *client;
183 183
184 struct i2c_client *added_client;
185
184 struct mutex clients_mutex; 186 struct mutex clients_mutex;
185 struct list_head clients; 187 struct list_head clients;
186 188
@@ -1214,18 +1216,11 @@ static void shutdown_ssif(void *send_info)
1214 complete(&ssif_info->wake_thread); 1216 complete(&ssif_info->wake_thread);
1215 kthread_stop(ssif_info->thread); 1217 kthread_stop(ssif_info->thread);
1216 } 1218 }
1217
1218 /*
1219 * No message can be outstanding now, we have removed the
1220 * upper layer and it permitted us to do so.
1221 */
1222 kfree(ssif_info);
1223} 1219}
1224 1220
1225static int ssif_remove(struct i2c_client *client) 1221static int ssif_remove(struct i2c_client *client)
1226{ 1222{
1227 struct ssif_info *ssif_info = i2c_get_clientdata(client); 1223 struct ssif_info *ssif_info = i2c_get_clientdata(client);
1228 struct ipmi_smi *intf;
1229 struct ssif_addr_info *addr_info; 1224 struct ssif_addr_info *addr_info;
1230 1225
1231 if (!ssif_info) 1226 if (!ssif_info)
@@ -1235,9 +1230,7 @@ static int ssif_remove(struct i2c_client *client)
1235 * After this point, we won't deliver anything asychronously 1230 * After this point, we won't deliver anything asychronously
1236 * to the message handler. We can unregister ourself. 1231 * to the message handler. We can unregister ourself.
1237 */ 1232 */
1238 intf = ssif_info->intf; 1233 ipmi_unregister_smi(ssif_info->intf);
1239 ssif_info->intf = NULL;
1240 ipmi_unregister_smi(intf);
1241 1234
1242 list_for_each_entry(addr_info, &ssif_infos, link) { 1235 list_for_each_entry(addr_info, &ssif_infos, link) {
1243 if (addr_info->client == client) { 1236 if (addr_info->client == client) {
@@ -1246,6 +1239,8 @@ static int ssif_remove(struct i2c_client *client)
1246 } 1239 }
1247 } 1240 }
1248 1241
1242 kfree(ssif_info);
1243
1249 return 0; 1244 return 0;
1250} 1245}
1251 1246
@@ -1648,15 +1643,9 @@ static int ssif_probe(struct i2c_client *client, const struct i2c_device_id *id)
1648 1643
1649 out: 1644 out:
1650 if (rv) { 1645 if (rv) {
1651 /* 1646 if (addr_info)
1652 * Note that if addr_info->client is assigned, we 1647 addr_info->client = NULL;
1653 * leave it. The i2c client hangs around even if we 1648
1654 * return a failure here, and the failure here is not
1655 * propagated back to the i2c code. This seems to be
1656 * design intent, strange as it may be. But if we
1657 * don't leave it, ssif_platform_remove will not remove
1658 * the client like it should.
1659 */
1660 dev_err(&client->dev, "Unable to start IPMI SSIF: %d\n", rv); 1649 dev_err(&client->dev, "Unable to start IPMI SSIF: %d\n", rv);
1661 kfree(ssif_info); 1650 kfree(ssif_info);
1662 } 1651 }
@@ -1676,7 +1665,8 @@ static int ssif_adapter_handler(struct device *adev, void *opaque)
1676 if (adev->type != &i2c_adapter_type) 1665 if (adev->type != &i2c_adapter_type)
1677 return 0; 1666 return 0;
1678 1667
1679 i2c_new_device(to_i2c_adapter(adev), &addr_info->binfo); 1668 addr_info->added_client = i2c_new_device(to_i2c_adapter(adev),
1669 &addr_info->binfo);
1680 1670
1681 if (!addr_info->adapter_name) 1671 if (!addr_info->adapter_name)
1682 return 1; /* Only try the first I2C adapter by default. */ 1672 return 1; /* Only try the first I2C adapter by default. */
@@ -1849,7 +1839,7 @@ static int ssif_platform_remove(struct platform_device *dev)
1849 return 0; 1839 return 0;
1850 1840
1851 mutex_lock(&ssif_infos_mutex); 1841 mutex_lock(&ssif_infos_mutex);
1852 i2c_unregister_device(addr_info->client); 1842 i2c_unregister_device(addr_info->added_client);
1853 1843
1854 list_del(&addr_info->link); 1844 list_del(&addr_info->link);
1855 kfree(addr_info); 1845 kfree(addr_info);
diff --git a/drivers/char/ipmi/kcs_bmc.c b/drivers/char/ipmi/kcs_bmc.c
index bb882ab161fe..e6124bd548df 100644
--- a/drivers/char/ipmi/kcs_bmc.c
+++ b/drivers/char/ipmi/kcs_bmc.c
@@ -16,6 +16,8 @@
16 16
17#include "kcs_bmc.h" 17#include "kcs_bmc.h"
18 18
19#define DEVICE_NAME "ipmi-kcs"
20
19#define KCS_MSG_BUFSIZ 1000 21#define KCS_MSG_BUFSIZ 1000
20 22
21#define KCS_ZERO_DATA 0 23#define KCS_ZERO_DATA 0
@@ -429,8 +431,6 @@ struct kcs_bmc *kcs_bmc_alloc(struct device *dev, int sizeof_priv, u32 channel)
429 if (!kcs_bmc) 431 if (!kcs_bmc)
430 return NULL; 432 return NULL;
431 433
432 dev_set_name(dev, "ipmi-kcs%u", channel);
433
434 spin_lock_init(&kcs_bmc->lock); 434 spin_lock_init(&kcs_bmc->lock);
435 kcs_bmc->channel = channel; 435 kcs_bmc->channel = channel;
436 436
@@ -444,7 +444,8 @@ struct kcs_bmc *kcs_bmc_alloc(struct device *dev, int sizeof_priv, u32 channel)
444 return NULL; 444 return NULL;
445 445
446 kcs_bmc->miscdev.minor = MISC_DYNAMIC_MINOR; 446 kcs_bmc->miscdev.minor = MISC_DYNAMIC_MINOR;
447 kcs_bmc->miscdev.name = dev_name(dev); 447 kcs_bmc->miscdev.name = devm_kasprintf(dev, GFP_KERNEL, "%s%u",
448 DEVICE_NAME, channel);
448 kcs_bmc->miscdev.fops = &kcs_bmc_fops; 449 kcs_bmc->miscdev.fops = &kcs_bmc_fops;
449 450
450 return kcs_bmc; 451 return kcs_bmc;
generated by cgit v1.2.2 (git 2.25.0) at 2025-05-28 05:56:37 -0400