aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorRafael J. Wysocki <rafael.j.wysocki@intel.com>2013-10-27 20:15:55 -0400
committerRafael J. Wysocki <rafael.j.wysocki@intel.com>2013-10-27 20:15:55 -0400
commitc0ced86d38f418448dce1ca8a825dfd16ee9a23a (patch)
tree30b2a6bd07fc88098b559ecc697cb1d35acac953 /drivers
parent9183ea62f71484dd2e91e313b766adeb15789f90 (diff)
parent50065300314e95c945665a17febc0c4e02941b06 (diff)
Merge branch 'acpi-ipmi'
* acpi-ipmi: ACPI / IPMI: Cleanup coding styles ACPI / IPMI: Cleanup some Kconfig codes ACPI / IPMI: Cleanup some inclusion codes ACPI / IPMI: Cleanup some initialization codes ACPI / IPMI: Cleanup several acpi_ipmi_device members ACPI / IPMI: Add reference counting for ACPI IPMI transfers ACPI / IPMI: Use global IPMI operation region handler ACPI / IPMI: Fix race caused by the unprotected ACPI IPMI user ACPI / IPMI: Fix race caused by the timed out ACPI IPMI transfers ACPI / IPMI: Fix race caused by the unprotected ACPI IPMI transfers ACPI / IPMI: Fix potential response buffer overflow
Diffstat (limited to 'drivers')
-rw-r--r--drivers/acpi/Kconfig3
-rw-r--r--drivers/acpi/acpi_ipmi.c580
2 files changed, 358 insertions, 225 deletions
diff --git a/drivers/acpi/Kconfig b/drivers/acpi/Kconfig
index 10e399f97189..589da059ce39 100644
--- a/drivers/acpi/Kconfig
+++ b/drivers/acpi/Kconfig
@@ -158,9 +158,10 @@ config ACPI_PROCESSOR
158 158
159 To compile this driver as a module, choose M here: 159 To compile this driver as a module, choose M here:
160 the module will be called processor. 160 the module will be called processor.
161
161config ACPI_IPMI 162config ACPI_IPMI
162 tristate "IPMI" 163 tristate "IPMI"
163 depends on IPMI_SI && IPMI_HANDLER 164 depends on IPMI_SI
164 default n 165 default n
165 help 166 help
166 This driver enables the ACPI to access the BMC controller. And it 167 This driver enables the ACPI to access the BMC controller. And it
diff --git a/drivers/acpi/acpi_ipmi.c b/drivers/acpi/acpi_ipmi.c
index a6977e12d574..ac0f52f6df2b 100644
--- a/drivers/acpi/acpi_ipmi.c
+++ b/drivers/acpi/acpi_ipmi.c
@@ -1,8 +1,9 @@
1/* 1/*
2 * acpi_ipmi.c - ACPI IPMI opregion 2 * acpi_ipmi.c - ACPI IPMI opregion
3 * 3 *
4 * Copyright (C) 2010 Intel Corporation 4 * Copyright (C) 2010, 2013 Intel Corporation
5 * Copyright (C) 2010 Zhao Yakui <yakui.zhao@intel.com> 5 * Author: Zhao Yakui <yakui.zhao@intel.com>
6 * Lv Zheng <lv.zheng@intel.com>
6 * 7 *
7 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
8 * 9 *
@@ -23,60 +24,58 @@
23 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 24 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
24 */ 25 */
25 26
26#include <linux/kernel.h>
27#include <linux/module.h> 27#include <linux/module.h>
28#include <linux/init.h> 28#include <linux/acpi.h>
29#include <linux/types.h>
30#include <linux/delay.h>
31#include <linux/proc_fs.h>
32#include <linux/seq_file.h>
33#include <linux/interrupt.h>
34#include <linux/list.h>
35#include <linux/spinlock.h>
36#include <linux/io.h>
37#include <acpi/acpi_bus.h>
38#include <acpi/acpi_drivers.h>
39#include <linux/ipmi.h> 29#include <linux/ipmi.h>
40#include <linux/device.h>
41#include <linux/pnp.h>
42#include <linux/spinlock.h> 30#include <linux/spinlock.h>
43 31
44MODULE_AUTHOR("Zhao Yakui"); 32MODULE_AUTHOR("Zhao Yakui");
45MODULE_DESCRIPTION("ACPI IPMI Opregion driver"); 33MODULE_DESCRIPTION("ACPI IPMI Opregion driver");
46MODULE_LICENSE("GPL"); 34MODULE_LICENSE("GPL");
47 35
48#define IPMI_FLAGS_HANDLER_INSTALL 0
49
50#define ACPI_IPMI_OK 0 36#define ACPI_IPMI_OK 0
51#define ACPI_IPMI_TIMEOUT 0x10 37#define ACPI_IPMI_TIMEOUT 0x10
52#define ACPI_IPMI_UNKNOWN 0x07 38#define ACPI_IPMI_UNKNOWN 0x07
53/* the IPMI timeout is 5s */ 39/* the IPMI timeout is 5s */
54#define IPMI_TIMEOUT (5 * HZ) 40#define IPMI_TIMEOUT (5000)
41#define ACPI_IPMI_MAX_MSG_LENGTH 64
55 42
56struct acpi_ipmi_device { 43struct acpi_ipmi_device {
57 /* the device list attached to driver_data.ipmi_devices */ 44 /* the device list attached to driver_data.ipmi_devices */
58 struct list_head head; 45 struct list_head head;
46
59 /* the IPMI request message list */ 47 /* the IPMI request message list */
60 struct list_head tx_msg_list; 48 struct list_head tx_msg_list;
61 spinlock_t tx_msg_lock; 49
50 spinlock_t tx_msg_lock;
62 acpi_handle handle; 51 acpi_handle handle;
63 struct pnp_dev *pnp_dev; 52 struct device *dev;
64 ipmi_user_t user_interface; 53 ipmi_user_t user_interface;
65 int ipmi_ifnum; /* IPMI interface number */ 54 int ipmi_ifnum; /* IPMI interface number */
66 long curr_msgid; 55 long curr_msgid;
67 unsigned long flags; 56 bool dead;
68 struct ipmi_smi_info smi_data; 57 struct kref kref;
69}; 58};
70 59
71struct ipmi_driver_data { 60struct ipmi_driver_data {
72 struct list_head ipmi_devices; 61 struct list_head ipmi_devices;
73 struct ipmi_smi_watcher bmc_events; 62 struct ipmi_smi_watcher bmc_events;
74 struct ipmi_user_hndl ipmi_hndlrs; 63 struct ipmi_user_hndl ipmi_hndlrs;
75 struct mutex ipmi_lock; 64 struct mutex ipmi_lock;
65
66 /*
67 * NOTE: IPMI System Interface Selection
68 * There is no system interface specified by the IPMI operation
69 * region access. We try to select one system interface with ACPI
70 * handle set. IPMI messages passed from the ACPI codes are sent
71 * to this selected global IPMI system interface.
72 */
73 struct acpi_ipmi_device *selected_smi;
76}; 74};
77 75
78struct acpi_ipmi_msg { 76struct acpi_ipmi_msg {
79 struct list_head head; 77 struct list_head head;
78
80 /* 79 /*
81 * General speaking the addr type should be SI_ADDR_TYPE. And 80 * General speaking the addr type should be SI_ADDR_TYPE. And
82 * the addr channel should be BMC. 81 * the addr channel should be BMC.
@@ -86,30 +85,31 @@ struct acpi_ipmi_msg {
86 */ 85 */
87 struct ipmi_addr addr; 86 struct ipmi_addr addr;
88 long tx_msgid; 87 long tx_msgid;
88
89 /* it is used to track whether the IPMI message is finished */ 89 /* it is used to track whether the IPMI message is finished */
90 struct completion tx_complete; 90 struct completion tx_complete;
91
91 struct kernel_ipmi_msg tx_message; 92 struct kernel_ipmi_msg tx_message;
92 int msg_done; 93 int msg_done;
93 /* tx data . And copy it from ACPI object buffer */ 94
94 u8 tx_data[64]; 95 /* tx/rx data . And copy it from/to ACPI object buffer */
95 int tx_len; 96 u8 data[ACPI_IPMI_MAX_MSG_LENGTH];
96 u8 rx_data[64]; 97 u8 rx_len;
97 int rx_len; 98
98 struct acpi_ipmi_device *device; 99 struct acpi_ipmi_device *device;
100 struct kref kref;
99}; 101};
100 102
101/* IPMI request/response buffer per ACPI 4.0, sec 5.5.2.4.3.2 */ 103/* IPMI request/response buffer per ACPI 4.0, sec 5.5.2.4.3.2 */
102struct acpi_ipmi_buffer { 104struct acpi_ipmi_buffer {
103 u8 status; 105 u8 status;
104 u8 length; 106 u8 length;
105 u8 data[64]; 107 u8 data[ACPI_IPMI_MAX_MSG_LENGTH];
106}; 108};
107 109
108static void ipmi_register_bmc(int iface, struct device *dev); 110static void ipmi_register_bmc(int iface, struct device *dev);
109static void ipmi_bmc_gone(int iface); 111static void ipmi_bmc_gone(int iface);
110static void ipmi_msg_handler(struct ipmi_recv_msg *msg, void *user_msg_data); 112static void ipmi_msg_handler(struct ipmi_recv_msg *msg, void *user_msg_data);
111static void acpi_add_ipmi_device(struct acpi_ipmi_device *ipmi_device);
112static void acpi_remove_ipmi_device(struct acpi_ipmi_device *ipmi_device);
113 113
114static struct ipmi_driver_data driver_data = { 114static struct ipmi_driver_data driver_data = {
115 .ipmi_devices = LIST_HEAD_INIT(driver_data.ipmi_devices), 115 .ipmi_devices = LIST_HEAD_INIT(driver_data.ipmi_devices),
@@ -121,29 +121,142 @@ static struct ipmi_driver_data driver_data = {
121 .ipmi_hndlrs = { 121 .ipmi_hndlrs = {
122 .ipmi_recv_hndl = ipmi_msg_handler, 122 .ipmi_recv_hndl = ipmi_msg_handler,
123 }, 123 },
124 .ipmi_lock = __MUTEX_INITIALIZER(driver_data.ipmi_lock)
124}; 125};
125 126
126static struct acpi_ipmi_msg *acpi_alloc_ipmi_msg(struct acpi_ipmi_device *ipmi) 127static struct acpi_ipmi_device *
128ipmi_dev_alloc(int iface, struct device *dev, acpi_handle handle)
129{
130 struct acpi_ipmi_device *ipmi_device;
131 int err;
132 ipmi_user_t user;
133
134 ipmi_device = kzalloc(sizeof(*ipmi_device), GFP_KERNEL);
135 if (!ipmi_device)
136 return NULL;
137
138 kref_init(&ipmi_device->kref);
139 INIT_LIST_HEAD(&ipmi_device->head);
140 INIT_LIST_HEAD(&ipmi_device->tx_msg_list);
141 spin_lock_init(&ipmi_device->tx_msg_lock);
142 ipmi_device->handle = handle;
143 ipmi_device->dev = get_device(dev);
144 ipmi_device->ipmi_ifnum = iface;
145
146 err = ipmi_create_user(iface, &driver_data.ipmi_hndlrs,
147 ipmi_device, &user);
148 if (err) {
149 put_device(dev);
150 kfree(ipmi_device);
151 return NULL;
152 }
153 ipmi_device->user_interface = user;
154
155 return ipmi_device;
156}
157
158static void ipmi_dev_release(struct acpi_ipmi_device *ipmi_device)
159{
160 ipmi_destroy_user(ipmi_device->user_interface);
161 put_device(ipmi_device->dev);
162 kfree(ipmi_device);
163}
164
165static void ipmi_dev_release_kref(struct kref *kref)
166{
167 struct acpi_ipmi_device *ipmi =
168 container_of(kref, struct acpi_ipmi_device, kref);
169
170 ipmi_dev_release(ipmi);
171}
172
173static void __ipmi_dev_kill(struct acpi_ipmi_device *ipmi_device)
174{
175 list_del(&ipmi_device->head);
176 if (driver_data.selected_smi == ipmi_device)
177 driver_data.selected_smi = NULL;
178
179 /*
180 * Always setting dead flag after deleting from the list or
181 * list_for_each_entry() codes must get changed.
182 */
183 ipmi_device->dead = true;
184}
185
186static struct acpi_ipmi_device *acpi_ipmi_dev_get(void)
187{
188 struct acpi_ipmi_device *ipmi_device = NULL;
189
190 mutex_lock(&driver_data.ipmi_lock);
191 if (driver_data.selected_smi) {
192 ipmi_device = driver_data.selected_smi;
193 kref_get(&ipmi_device->kref);
194 }
195 mutex_unlock(&driver_data.ipmi_lock);
196
197 return ipmi_device;
198}
199
200static void acpi_ipmi_dev_put(struct acpi_ipmi_device *ipmi_device)
201{
202 kref_put(&ipmi_device->kref, ipmi_dev_release_kref);
203}
204
205static struct acpi_ipmi_msg *ipmi_msg_alloc(void)
127{ 206{
207 struct acpi_ipmi_device *ipmi;
128 struct acpi_ipmi_msg *ipmi_msg; 208 struct acpi_ipmi_msg *ipmi_msg;
129 struct pnp_dev *pnp_dev = ipmi->pnp_dev; 209
210 ipmi = acpi_ipmi_dev_get();
211 if (!ipmi)
212 return NULL;
130 213
131 ipmi_msg = kzalloc(sizeof(struct acpi_ipmi_msg), GFP_KERNEL); 214 ipmi_msg = kzalloc(sizeof(struct acpi_ipmi_msg), GFP_KERNEL);
132 if (!ipmi_msg) { 215 if (!ipmi_msg) {
133 dev_warn(&pnp_dev->dev, "Can't allocate memory for ipmi_msg\n"); 216 acpi_ipmi_dev_put(ipmi);
134 return NULL; 217 return NULL;
135 } 218 }
219
220 kref_init(&ipmi_msg->kref);
136 init_completion(&ipmi_msg->tx_complete); 221 init_completion(&ipmi_msg->tx_complete);
137 INIT_LIST_HEAD(&ipmi_msg->head); 222 INIT_LIST_HEAD(&ipmi_msg->head);
138 ipmi_msg->device = ipmi; 223 ipmi_msg->device = ipmi;
224 ipmi_msg->msg_done = ACPI_IPMI_UNKNOWN;
225
139 return ipmi_msg; 226 return ipmi_msg;
140} 227}
141 228
142#define IPMI_OP_RGN_NETFN(offset) ((offset >> 8) & 0xff) 229static void ipmi_msg_release(struct acpi_ipmi_msg *tx_msg)
143#define IPMI_OP_RGN_CMD(offset) (offset & 0xff) 230{
144static void acpi_format_ipmi_msg(struct acpi_ipmi_msg *tx_msg, 231 acpi_ipmi_dev_put(tx_msg->device);
145 acpi_physical_address address, 232 kfree(tx_msg);
146 acpi_integer *value) 233}
234
235static void ipmi_msg_release_kref(struct kref *kref)
236{
237 struct acpi_ipmi_msg *tx_msg =
238 container_of(kref, struct acpi_ipmi_msg, kref);
239
240 ipmi_msg_release(tx_msg);
241}
242
243static struct acpi_ipmi_msg *acpi_ipmi_msg_get(struct acpi_ipmi_msg *tx_msg)
244{
245 kref_get(&tx_msg->kref);
246
247 return tx_msg;
248}
249
250static void acpi_ipmi_msg_put(struct acpi_ipmi_msg *tx_msg)
251{
252 kref_put(&tx_msg->kref, ipmi_msg_release_kref);
253}
254
255#define IPMI_OP_RGN_NETFN(offset) ((offset >> 8) & 0xff)
256#define IPMI_OP_RGN_CMD(offset) (offset & 0xff)
257static int acpi_format_ipmi_request(struct acpi_ipmi_msg *tx_msg,
258 acpi_physical_address address,
259 acpi_integer *value)
147{ 260{
148 struct kernel_ipmi_msg *msg; 261 struct kernel_ipmi_msg *msg;
149 struct acpi_ipmi_buffer *buffer; 262 struct acpi_ipmi_buffer *buffer;
@@ -151,21 +264,31 @@ static void acpi_format_ipmi_msg(struct acpi_ipmi_msg *tx_msg,
151 unsigned long flags; 264 unsigned long flags;
152 265
153 msg = &tx_msg->tx_message; 266 msg = &tx_msg->tx_message;
267
154 /* 268 /*
155 * IPMI network function and command are encoded in the address 269 * IPMI network function and command are encoded in the address
156 * within the IPMI OpRegion; see ACPI 4.0, sec 5.5.2.4.3. 270 * within the IPMI OpRegion; see ACPI 4.0, sec 5.5.2.4.3.
157 */ 271 */
158 msg->netfn = IPMI_OP_RGN_NETFN(address); 272 msg->netfn = IPMI_OP_RGN_NETFN(address);
159 msg->cmd = IPMI_OP_RGN_CMD(address); 273 msg->cmd = IPMI_OP_RGN_CMD(address);
160 msg->data = tx_msg->tx_data; 274 msg->data = tx_msg->data;
275
161 /* 276 /*
162 * value is the parameter passed by the IPMI opregion space handler. 277 * value is the parameter passed by the IPMI opregion space handler.
163 * It points to the IPMI request message buffer 278 * It points to the IPMI request message buffer
164 */ 279 */
165 buffer = (struct acpi_ipmi_buffer *)value; 280 buffer = (struct acpi_ipmi_buffer *)value;
281
166 /* copy the tx message data */ 282 /* copy the tx message data */
283 if (buffer->length > ACPI_IPMI_MAX_MSG_LENGTH) {
284 dev_WARN_ONCE(tx_msg->device->dev, true,
285 "Unexpected request (msg len %d).\n",
286 buffer->length);
287 return -EINVAL;
288 }
167 msg->data_len = buffer->length; 289 msg->data_len = buffer->length;
168 memcpy(tx_msg->tx_data, buffer->data, msg->data_len); 290 memcpy(tx_msg->data, buffer->data, msg->data_len);
291
169 /* 292 /*
170 * now the default type is SYSTEM_INTERFACE and channel type is BMC. 293 * now the default type is SYSTEM_INTERFACE and channel type is BMC.
171 * If the netfn is APP_REQUEST and the cmd is SEND_MESSAGE, 294 * If the netfn is APP_REQUEST and the cmd is SEND_MESSAGE,
@@ -179,14 +302,17 @@ static void acpi_format_ipmi_msg(struct acpi_ipmi_msg *tx_msg,
179 302
180 /* Get the msgid */ 303 /* Get the msgid */
181 device = tx_msg->device; 304 device = tx_msg->device;
305
182 spin_lock_irqsave(&device->tx_msg_lock, flags); 306 spin_lock_irqsave(&device->tx_msg_lock, flags);
183 device->curr_msgid++; 307 device->curr_msgid++;
184 tx_msg->tx_msgid = device->curr_msgid; 308 tx_msg->tx_msgid = device->curr_msgid;
185 spin_unlock_irqrestore(&device->tx_msg_lock, flags); 309 spin_unlock_irqrestore(&device->tx_msg_lock, flags);
310
311 return 0;
186} 312}
187 313
188static void acpi_format_ipmi_response(struct acpi_ipmi_msg *msg, 314static void acpi_format_ipmi_response(struct acpi_ipmi_msg *msg,
189 acpi_integer *value, int rem_time) 315 acpi_integer *value)
190{ 316{
191 struct acpi_ipmi_buffer *buffer; 317 struct acpi_ipmi_buffer *buffer;
192 318
@@ -195,110 +321,158 @@ static void acpi_format_ipmi_response(struct acpi_ipmi_msg *msg,
195 * IPMI message returned by IPMI command. 321 * IPMI message returned by IPMI command.
196 */ 322 */
197 buffer = (struct acpi_ipmi_buffer *)value; 323 buffer = (struct acpi_ipmi_buffer *)value;
198 if (!rem_time && !msg->msg_done) { 324
199 buffer->status = ACPI_IPMI_TIMEOUT;
200 return;
201 }
202 /* 325 /*
203 * If the flag of msg_done is not set or the recv length is zero, it 326 * If the flag of msg_done is not set, it means that the IPMI command is
204 * means that the IPMI command is not executed correctly. 327 * not executed correctly.
205 * The status code will be ACPI_IPMI_UNKNOWN.
206 */ 328 */
207 if (!msg->msg_done || !msg->rx_len) { 329 buffer->status = msg->msg_done;
208 buffer->status = ACPI_IPMI_UNKNOWN; 330 if (msg->msg_done != ACPI_IPMI_OK)
209 return; 331 return;
210 } 332
211 /* 333 /*
212 * If the IPMI response message is obtained correctly, the status code 334 * If the IPMI response message is obtained correctly, the status code
213 * will be ACPI_IPMI_OK 335 * will be ACPI_IPMI_OK
214 */ 336 */
215 buffer->status = ACPI_IPMI_OK;
216 buffer->length = msg->rx_len; 337 buffer->length = msg->rx_len;
217 memcpy(buffer->data, msg->rx_data, msg->rx_len); 338 memcpy(buffer->data, msg->data, msg->rx_len);
218} 339}
219 340
220static void ipmi_flush_tx_msg(struct acpi_ipmi_device *ipmi) 341static void ipmi_flush_tx_msg(struct acpi_ipmi_device *ipmi)
221{ 342{
222 struct acpi_ipmi_msg *tx_msg, *temp; 343 struct acpi_ipmi_msg *tx_msg;
223 int count = HZ / 10; 344 unsigned long flags;
224 struct pnp_dev *pnp_dev = ipmi->pnp_dev; 345
346 /*
347 * NOTE: On-going ipmi_recv_msg
348 * ipmi_msg_handler() may still be invoked by ipmi_si after
349 * flushing. But it is safe to do a fast flushing on module_exit()
350 * without waiting for all ipmi_recv_msg(s) to complete from
351 * ipmi_msg_handler() as it is ensured by ipmi_si that all
352 * ipmi_recv_msg(s) are freed after invoking ipmi_destroy_user().
353 */
354 spin_lock_irqsave(&ipmi->tx_msg_lock, flags);
355 while (!list_empty(&ipmi->tx_msg_list)) {
356 tx_msg = list_first_entry(&ipmi->tx_msg_list,
357 struct acpi_ipmi_msg,
358 head);
359 list_del(&tx_msg->head);
360 spin_unlock_irqrestore(&ipmi->tx_msg_lock, flags);
225 361
226 list_for_each_entry_safe(tx_msg, temp, &ipmi->tx_msg_list, head) {
227 /* wake up the sleep thread on the Tx msg */ 362 /* wake up the sleep thread on the Tx msg */
228 complete(&tx_msg->tx_complete); 363 complete(&tx_msg->tx_complete);
364 acpi_ipmi_msg_put(tx_msg);
365 spin_lock_irqsave(&ipmi->tx_msg_lock, flags);
229 } 366 }
367 spin_unlock_irqrestore(&ipmi->tx_msg_lock, flags);
368}
369
370static void ipmi_cancel_tx_msg(struct acpi_ipmi_device *ipmi,
371 struct acpi_ipmi_msg *msg)
372{
373 struct acpi_ipmi_msg *tx_msg, *temp;
374 bool msg_found = false;
375 unsigned long flags;
230 376
231 /* wait for about 100ms to flush the tx message list */ 377 spin_lock_irqsave(&ipmi->tx_msg_lock, flags);
232 while (count--) { 378 list_for_each_entry_safe(tx_msg, temp, &ipmi->tx_msg_list, head) {
233 if (list_empty(&ipmi->tx_msg_list)) 379 if (msg == tx_msg) {
380 msg_found = true;
381 list_del(&tx_msg->head);
234 break; 382 break;
235 schedule_timeout(1); 383 }
236 } 384 }
237 if (!list_empty(&ipmi->tx_msg_list)) 385 spin_unlock_irqrestore(&ipmi->tx_msg_lock, flags);
238 dev_warn(&pnp_dev->dev, "tx msg list is not NULL\n"); 386
387 if (msg_found)
388 acpi_ipmi_msg_put(tx_msg);
239} 389}
240 390
241static void ipmi_msg_handler(struct ipmi_recv_msg *msg, void *user_msg_data) 391static void ipmi_msg_handler(struct ipmi_recv_msg *msg, void *user_msg_data)
242{ 392{
243 struct acpi_ipmi_device *ipmi_device = user_msg_data; 393 struct acpi_ipmi_device *ipmi_device = user_msg_data;
244 int msg_found = 0; 394 bool msg_found = false;
245 struct acpi_ipmi_msg *tx_msg; 395 struct acpi_ipmi_msg *tx_msg, *temp;
246 struct pnp_dev *pnp_dev = ipmi_device->pnp_dev; 396 struct device *dev = ipmi_device->dev;
247 unsigned long flags; 397 unsigned long flags;
248 398
249 if (msg->user != ipmi_device->user_interface) { 399 if (msg->user != ipmi_device->user_interface) {
250 dev_warn(&pnp_dev->dev, "Unexpected response is returned. " 400 dev_warn(dev,
251 "returned user %p, expected user %p\n", 401 "Unexpected response is returned. returned user %p, expected user %p\n",
252 msg->user, ipmi_device->user_interface); 402 msg->user, ipmi_device->user_interface);
253 ipmi_free_recv_msg(msg); 403 goto out_msg;
254 return;
255 } 404 }
405
256 spin_lock_irqsave(&ipmi_device->tx_msg_lock, flags); 406 spin_lock_irqsave(&ipmi_device->tx_msg_lock, flags);
257 list_for_each_entry(tx_msg, &ipmi_device->tx_msg_list, head) { 407 list_for_each_entry_safe(tx_msg, temp, &ipmi_device->tx_msg_list, head) {
258 if (msg->msgid == tx_msg->tx_msgid) { 408 if (msg->msgid == tx_msg->tx_msgid) {
259 msg_found = 1; 409 msg_found = true;
410 list_del(&tx_msg->head);
260 break; 411 break;
261 } 412 }
262 } 413 }
263
264 spin_unlock_irqrestore(&ipmi_device->tx_msg_lock, flags); 414 spin_unlock_irqrestore(&ipmi_device->tx_msg_lock, flags);
415
265 if (!msg_found) { 416 if (!msg_found) {
266 dev_warn(&pnp_dev->dev, "Unexpected response (msg id %ld) is " 417 dev_warn(dev,
267 "returned.\n", msg->msgid); 418 "Unexpected response (msg id %ld) is returned.\n",
268 ipmi_free_recv_msg(msg); 419 msg->msgid);
269 return; 420 goto out_msg;
270 } 421 }
271 422
272 if (msg->msg.data_len) { 423 /* copy the response data to Rx_data buffer */
273 /* copy the response data to Rx_data buffer */ 424 if (msg->msg.data_len > ACPI_IPMI_MAX_MSG_LENGTH) {
274 memcpy(tx_msg->rx_data, msg->msg_data, msg->msg.data_len); 425 dev_WARN_ONCE(dev, true,
275 tx_msg->rx_len = msg->msg.data_len; 426 "Unexpected response (msg len %d).\n",
276 tx_msg->msg_done = 1; 427 msg->msg.data_len);
428 goto out_comp;
277 } 429 }
430
431 /* response msg is an error msg */
432 msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
433 if (msg->recv_type == IPMI_RESPONSE_RECV_TYPE &&
434 msg->msg.data_len == 1) {
435 if (msg->msg.data[0] == IPMI_TIMEOUT_COMPLETION_CODE) {
436 dev_WARN_ONCE(dev, true,
437 "Unexpected response (timeout).\n");
438 tx_msg->msg_done = ACPI_IPMI_TIMEOUT;
439 }
440 goto out_comp;
441 }
442
443 tx_msg->rx_len = msg->msg.data_len;
444 memcpy(tx_msg->data, msg->msg.data, tx_msg->rx_len);
445 tx_msg->msg_done = ACPI_IPMI_OK;
446
447out_comp:
278 complete(&tx_msg->tx_complete); 448 complete(&tx_msg->tx_complete);
449 acpi_ipmi_msg_put(tx_msg);
450out_msg:
279 ipmi_free_recv_msg(msg); 451 ipmi_free_recv_msg(msg);
280}; 452}
281 453
282static void ipmi_register_bmc(int iface, struct device *dev) 454static void ipmi_register_bmc(int iface, struct device *dev)
283{ 455{
284 struct acpi_ipmi_device *ipmi_device, *temp; 456 struct acpi_ipmi_device *ipmi_device, *temp;
285 struct pnp_dev *pnp_dev;
286 ipmi_user_t user;
287 int err; 457 int err;
288 struct ipmi_smi_info smi_data; 458 struct ipmi_smi_info smi_data;
289 acpi_handle handle; 459 acpi_handle handle;
290 460
291 err = ipmi_get_smi_info(iface, &smi_data); 461 err = ipmi_get_smi_info(iface, &smi_data);
292
293 if (err) 462 if (err)
294 return; 463 return;
295 464
296 if (smi_data.addr_src != SI_ACPI) { 465 if (smi_data.addr_src != SI_ACPI)
297 put_device(smi_data.dev); 466 goto err_ref;
298 return;
299 }
300
301 handle = smi_data.addr_info.acpi_info.acpi_handle; 467 handle = smi_data.addr_info.acpi_info.acpi_handle;
468 if (!handle)
469 goto err_ref;
470
471 ipmi_device = ipmi_dev_alloc(iface, smi_data.dev, handle);
472 if (!ipmi_device) {
473 dev_warn(smi_data.dev, "Can't create IPMI user interface\n");
474 goto err_ref;
475 }
302 476
303 mutex_lock(&driver_data.ipmi_lock); 477 mutex_lock(&driver_data.ipmi_lock);
304 list_for_each_entry(temp, &driver_data.ipmi_devices, head) { 478 list_for_each_entry(temp, &driver_data.ipmi_devices, head) {
@@ -307,34 +481,20 @@ static void ipmi_register_bmc(int iface, struct device *dev)
307 * to the device list, don't add it again. 481 * to the device list, don't add it again.
308 */ 482 */
309 if (temp->handle == handle) 483 if (temp->handle == handle)
310 goto out; 484 goto err_lock;
311 } 485 }
312 486 if (!driver_data.selected_smi)
313 ipmi_device = kzalloc(sizeof(*ipmi_device), GFP_KERNEL); 487 driver_data.selected_smi = ipmi_device;
314 488 list_add_tail(&ipmi_device->head, &driver_data.ipmi_devices);
315 if (!ipmi_device)
316 goto out;
317
318 pnp_dev = to_pnp_dev(smi_data.dev);
319 ipmi_device->handle = handle;
320 ipmi_device->pnp_dev = pnp_dev;
321
322 err = ipmi_create_user(iface, &driver_data.ipmi_hndlrs,
323 ipmi_device, &user);
324 if (err) {
325 dev_warn(&pnp_dev->dev, "Can't create IPMI user interface\n");
326 kfree(ipmi_device);
327 goto out;
328 }
329 acpi_add_ipmi_device(ipmi_device);
330 ipmi_device->user_interface = user;
331 ipmi_device->ipmi_ifnum = iface;
332 mutex_unlock(&driver_data.ipmi_lock); 489 mutex_unlock(&driver_data.ipmi_lock);
333 memcpy(&ipmi_device->smi_data, &smi_data, sizeof(struct ipmi_smi_info)); 490
491 put_device(smi_data.dev);
334 return; 492 return;
335 493
336out: 494err_lock:
337 mutex_unlock(&driver_data.ipmi_lock); 495 mutex_unlock(&driver_data.ipmi_lock);
496 ipmi_dev_release(ipmi_device);
497err_ref:
338 put_device(smi_data.dev); 498 put_device(smi_data.dev);
339 return; 499 return;
340} 500}
@@ -342,23 +502,29 @@ out:
342static void ipmi_bmc_gone(int iface) 502static void ipmi_bmc_gone(int iface)
343{ 503{
344 struct acpi_ipmi_device *ipmi_device, *temp; 504 struct acpi_ipmi_device *ipmi_device, *temp;
505 bool dev_found = false;
345 506
346 mutex_lock(&driver_data.ipmi_lock); 507 mutex_lock(&driver_data.ipmi_lock);
347 list_for_each_entry_safe(ipmi_device, temp, 508 list_for_each_entry_safe(ipmi_device, temp,
348 &driver_data.ipmi_devices, head) { 509 &driver_data.ipmi_devices, head) {
349 if (ipmi_device->ipmi_ifnum != iface) 510 if (ipmi_device->ipmi_ifnum != iface) {
350 continue; 511 dev_found = true;
351 512 __ipmi_dev_kill(ipmi_device);
352 acpi_remove_ipmi_device(ipmi_device); 513 break;
353 put_device(ipmi_device->smi_data.dev); 514 }
354 kfree(ipmi_device);
355 break;
356 } 515 }
516 if (!driver_data.selected_smi)
517 driver_data.selected_smi = list_first_entry_or_null(
518 &driver_data.ipmi_devices,
519 struct acpi_ipmi_device, head);
357 mutex_unlock(&driver_data.ipmi_lock); 520 mutex_unlock(&driver_data.ipmi_lock);
521
522 if (dev_found) {
523 ipmi_flush_tx_msg(ipmi_device);
524 acpi_ipmi_dev_put(ipmi_device);
525 }
358} 526}
359/* -------------------------------------------------------------------------- 527
360 * Address Space Management
361 * -------------------------------------------------------------------------- */
362/* 528/*
363 * This is the IPMI opregion space handler. 529 * This is the IPMI opregion space handler.
364 * @function: indicates the read/write. In fact as the IPMI message is driven 530 * @function: indicates the read/write. In fact as the IPMI message is driven
@@ -371,17 +537,17 @@ static void ipmi_bmc_gone(int iface)
371 * the response IPMI message returned by IPMI command. 537 * the response IPMI message returned by IPMI command.
372 * @handler_context: IPMI device context. 538 * @handler_context: IPMI device context.
373 */ 539 */
374
375static acpi_status 540static acpi_status
376acpi_ipmi_space_handler(u32 function, acpi_physical_address address, 541acpi_ipmi_space_handler(u32 function, acpi_physical_address address,
377 u32 bits, acpi_integer *value, 542 u32 bits, acpi_integer *value,
378 void *handler_context, void *region_context) 543 void *handler_context, void *region_context)
379{ 544{
380 struct acpi_ipmi_msg *tx_msg; 545 struct acpi_ipmi_msg *tx_msg;
381 struct acpi_ipmi_device *ipmi_device = handler_context; 546 struct acpi_ipmi_device *ipmi_device;
382 int err, rem_time; 547 int err;
383 acpi_status status; 548 acpi_status status;
384 unsigned long flags; 549 unsigned long flags;
550
385 /* 551 /*
386 * IPMI opregion message. 552 * IPMI opregion message.
387 * IPMI message is firstly written to the BMC and system software 553 * IPMI message is firstly written to the BMC and system software
@@ -391,118 +557,75 @@ acpi_ipmi_space_handler(u32 function, acpi_physical_address address,
391 if ((function & ACPI_IO_MASK) == ACPI_READ) 557 if ((function & ACPI_IO_MASK) == ACPI_READ)
392 return AE_TYPE; 558 return AE_TYPE;
393 559
394 if (!ipmi_device->user_interface) 560 tx_msg = ipmi_msg_alloc();
561 if (!tx_msg)
395 return AE_NOT_EXIST; 562 return AE_NOT_EXIST;
563 ipmi_device = tx_msg->device;
396 564
397 tx_msg = acpi_alloc_ipmi_msg(ipmi_device); 565 if (acpi_format_ipmi_request(tx_msg, address, value) != 0) {
398 if (!tx_msg) 566 ipmi_msg_release(tx_msg);
399 return AE_NO_MEMORY; 567 return AE_TYPE;
568 }
400 569
401 acpi_format_ipmi_msg(tx_msg, address, value); 570 acpi_ipmi_msg_get(tx_msg);
571 mutex_lock(&driver_data.ipmi_lock);
572 /* Do not add a tx_msg that can not be flushed. */
573 if (ipmi_device->dead) {
574 mutex_unlock(&driver_data.ipmi_lock);
575 ipmi_msg_release(tx_msg);
576 return AE_NOT_EXIST;
577 }
402 spin_lock_irqsave(&ipmi_device->tx_msg_lock, flags); 578 spin_lock_irqsave(&ipmi_device->tx_msg_lock, flags);
403 list_add_tail(&tx_msg->head, &ipmi_device->tx_msg_list); 579 list_add_tail(&tx_msg->head, &ipmi_device->tx_msg_list);
404 spin_unlock_irqrestore(&ipmi_device->tx_msg_lock, flags); 580 spin_unlock_irqrestore(&ipmi_device->tx_msg_lock, flags);
581 mutex_unlock(&driver_data.ipmi_lock);
582
405 err = ipmi_request_settime(ipmi_device->user_interface, 583 err = ipmi_request_settime(ipmi_device->user_interface,
406 &tx_msg->addr, 584 &tx_msg->addr,
407 tx_msg->tx_msgid, 585 tx_msg->tx_msgid,
408 &tx_msg->tx_message, 586 &tx_msg->tx_message,
409 NULL, 0, 0, 0); 587 NULL, 0, 0, IPMI_TIMEOUT);
410 if (err) { 588 if (err) {
411 status = AE_ERROR; 589 status = AE_ERROR;
412 goto end_label; 590 goto out_msg;
413 } 591 }
414 rem_time = wait_for_completion_timeout(&tx_msg->tx_complete, 592 wait_for_completion(&tx_msg->tx_complete);
415 IPMI_TIMEOUT); 593
416 acpi_format_ipmi_response(tx_msg, value, rem_time); 594 acpi_format_ipmi_response(tx_msg, value);
417 status = AE_OK; 595 status = AE_OK;
418 596
419end_label: 597out_msg:
420 spin_lock_irqsave(&ipmi_device->tx_msg_lock, flags); 598 ipmi_cancel_tx_msg(ipmi_device, tx_msg);
421 list_del(&tx_msg->head); 599 acpi_ipmi_msg_put(tx_msg);
422 spin_unlock_irqrestore(&ipmi_device->tx_msg_lock, flags);
423 kfree(tx_msg);
424 return status; 600 return status;
425} 601}
426 602
427static void ipmi_remove_space_handler(struct acpi_ipmi_device *ipmi) 603static int __init acpi_ipmi_init(void)
428{
429 if (!test_bit(IPMI_FLAGS_HANDLER_INSTALL, &ipmi->flags))
430 return;
431
432 acpi_remove_address_space_handler(ipmi->handle,
433 ACPI_ADR_SPACE_IPMI, &acpi_ipmi_space_handler);
434
435 clear_bit(IPMI_FLAGS_HANDLER_INSTALL, &ipmi->flags);
436}
437
438static int ipmi_install_space_handler(struct acpi_ipmi_device *ipmi)
439{ 604{
605 int result;
440 acpi_status status; 606 acpi_status status;
441 607
442 if (test_bit(IPMI_FLAGS_HANDLER_INSTALL, &ipmi->flags)) 608 if (acpi_disabled)
443 return 0; 609 return 0;
444 610
445 status = acpi_install_address_space_handler(ipmi->handle, 611 status = acpi_install_address_space_handler(ACPI_ROOT_OBJECT,
446 ACPI_ADR_SPACE_IPMI, 612 ACPI_ADR_SPACE_IPMI,
447 &acpi_ipmi_space_handler, 613 &acpi_ipmi_space_handler,
448 NULL, ipmi); 614 NULL, NULL);
449 if (ACPI_FAILURE(status)) { 615 if (ACPI_FAILURE(status)) {
450 struct pnp_dev *pnp_dev = ipmi->pnp_dev; 616 pr_warn("Can't register IPMI opregion space handle\n");
451 dev_warn(&pnp_dev->dev, "Can't register IPMI opregion space "
452 "handle\n");
453 return -EINVAL; 617 return -EINVAL;
454 } 618 }
455 set_bit(IPMI_FLAGS_HANDLER_INSTALL, &ipmi->flags);
456 return 0;
457}
458
459static void acpi_add_ipmi_device(struct acpi_ipmi_device *ipmi_device)
460{
461
462 INIT_LIST_HEAD(&ipmi_device->head);
463
464 spin_lock_init(&ipmi_device->tx_msg_lock);
465 INIT_LIST_HEAD(&ipmi_device->tx_msg_list);
466 ipmi_install_space_handler(ipmi_device);
467
468 list_add_tail(&ipmi_device->head, &driver_data.ipmi_devices);
469}
470
471static void acpi_remove_ipmi_device(struct acpi_ipmi_device *ipmi_device)
472{
473 /*
474 * If the IPMI user interface is created, it should be
475 * destroyed.
476 */
477 if (ipmi_device->user_interface) {
478 ipmi_destroy_user(ipmi_device->user_interface);
479 ipmi_device->user_interface = NULL;
480 }
481 /* flush the Tx_msg list */
482 if (!list_empty(&ipmi_device->tx_msg_list))
483 ipmi_flush_tx_msg(ipmi_device);
484
485 list_del(&ipmi_device->head);
486 ipmi_remove_space_handler(ipmi_device);
487}
488
489static int __init acpi_ipmi_init(void)
490{
491 int result = 0;
492
493 if (acpi_disabled)
494 return result;
495
496 mutex_init(&driver_data.ipmi_lock);
497
498 result = ipmi_smi_watcher_register(&driver_data.bmc_events); 619 result = ipmi_smi_watcher_register(&driver_data.bmc_events);
620 if (result)
621 pr_err("Can't register IPMI system interface watcher\n");
499 622
500 return result; 623 return result;
501} 624}
502 625
503static void __exit acpi_ipmi_exit(void) 626static void __exit acpi_ipmi_exit(void)
504{ 627{
505 struct acpi_ipmi_device *ipmi_device, *temp; 628 struct acpi_ipmi_device *ipmi_device;
506 629
507 if (acpi_disabled) 630 if (acpi_disabled)
508 return; 631 return;
@@ -516,13 +639,22 @@ static void __exit acpi_ipmi_exit(void)
516 * handler and free it. 639 * handler and free it.
517 */ 640 */
518 mutex_lock(&driver_data.ipmi_lock); 641 mutex_lock(&driver_data.ipmi_lock);
519 list_for_each_entry_safe(ipmi_device, temp, 642 while (!list_empty(&driver_data.ipmi_devices)) {
520 &driver_data.ipmi_devices, head) { 643 ipmi_device = list_first_entry(&driver_data.ipmi_devices,
521 acpi_remove_ipmi_device(ipmi_device); 644 struct acpi_ipmi_device,
522 put_device(ipmi_device->smi_data.dev); 645 head);
523 kfree(ipmi_device); 646 __ipmi_dev_kill(ipmi_device);
647 mutex_unlock(&driver_data.ipmi_lock);
648
649 ipmi_flush_tx_msg(ipmi_device);
650 acpi_ipmi_dev_put(ipmi_device);
651
652 mutex_lock(&driver_data.ipmi_lock);
524 } 653 }
525 mutex_unlock(&driver_data.ipmi_lock); 654 mutex_unlock(&driver_data.ipmi_lock);
655 acpi_remove_address_space_handler(ACPI_ROOT_OBJECT,
656 ACPI_ADR_SPACE_IPMI,
657 &acpi_ipmi_space_handler);
526} 658}
527 659
528module_init(acpi_ipmi_init); 660module_init(acpi_ipmi_init);
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-21 17:39:45 -0500