saner FASYNC handling on file close
[linux-2.6] / drivers / char / ipmi / ipmi_bt_sm.c
1 /*
2  *  ipmi_bt_sm.c
3  *
4  *  The state machine for an Open IPMI BT sub-driver under ipmi_si.c, part
5  *  of the driver architecture at http://sourceforge.net/project/openipmi
6  *
7  *  Author:     Rocky Craig <first.last@hp.com>
8  *
9  *  This program is free software; you can redistribute it and/or modify it
10  *  under the terms of the GNU General Public License as published by the
11  *  Free Software Foundation; either version 2 of the License, or (at your
12  *  option) any later version.
13  *
14  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
15  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  *  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  *  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19  *  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
20  *  OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
21  *  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
22  *  TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
23  *  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  *  You should have received a copy of the GNU General Public License along
26  *  with this program; if not, write to the Free Software Foundation, Inc.,
27  *  675 Mass Ave, Cambridge, MA 02139, USA.  */
28
29 #include <linux/kernel.h> /* For printk. */
30 #include <linux/string.h>
31 #include <linux/module.h>
32 #include <linux/moduleparam.h>
33 #include <linux/ipmi_msgdefs.h>         /* for completion codes */
34 #include "ipmi_si_sm.h"
35
36 #define BT_DEBUG_OFF    0       /* Used in production */
37 #define BT_DEBUG_ENABLE 1       /* Generic messages */
38 #define BT_DEBUG_MSG    2       /* Prints all request/response buffers */
39 #define BT_DEBUG_STATES 4       /* Verbose look at state changes */
40 /*
41  * BT_DEBUG_OFF must be zero to correspond to the default uninitialized
42  * value
43  */
44
45 static int bt_debug; /* 0 == BT_DEBUG_OFF */
46
47 module_param(bt_debug, int, 0644);
48 MODULE_PARM_DESC(bt_debug, "debug bitmask, 1=enable, 2=messages, 4=states");
49
50 /*
51  * Typical "Get BT Capabilities" values are 2-3 retries, 5-10 seconds,
52  * and 64 byte buffers.  However, one HP implementation wants 255 bytes of
53  * buffer (with a documented message of 160 bytes) so go for the max.
54  * Since the Open IPMI architecture is single-message oriented at this
55  * stage, the queue depth of BT is of no concern.
56  */
57
58 #define BT_NORMAL_TIMEOUT       5       /* seconds */
59 #define BT_NORMAL_RETRY_LIMIT   2
60 #define BT_RESET_DELAY          6       /* seconds after warm reset */
61
62 /*
63  * States are written in chronological order and usually cover
64  * multiple rows of the state table discussion in the IPMI spec.
65  */
66
67 enum bt_states {
68         BT_STATE_IDLE = 0,      /* Order is critical in this list */
69         BT_STATE_XACTION_START,
70         BT_STATE_WRITE_BYTES,
71         BT_STATE_WRITE_CONSUME,
72         BT_STATE_READ_WAIT,
73         BT_STATE_CLEAR_B2H,
74         BT_STATE_READ_BYTES,
75         BT_STATE_RESET1,        /* These must come last */
76         BT_STATE_RESET2,
77         BT_STATE_RESET3,
78         BT_STATE_RESTART,
79         BT_STATE_PRINTME,
80         BT_STATE_CAPABILITIES_BEGIN,
81         BT_STATE_CAPABILITIES_END,
82         BT_STATE_LONG_BUSY      /* BT doesn't get hosed :-) */
83 };
84
85 /*
86  * Macros seen at the end of state "case" blocks.  They help with legibility
87  * and debugging.
88  */
89
90 #define BT_STATE_CHANGE(X, Y) { bt->state = X; return Y; }
91
92 #define BT_SI_SM_RETURN(Y)   { last_printed = BT_STATE_PRINTME; return Y; }
93
94 struct si_sm_data {
95         enum bt_states  state;
96         unsigned char   seq;            /* BT sequence number */
97         struct si_sm_io *io;
98         unsigned char   write_data[IPMI_MAX_MSG_LENGTH];
99         int             write_count;
100         unsigned char   read_data[IPMI_MAX_MSG_LENGTH];
101         int             read_count;
102         int             truncated;
103         long            timeout;        /* microseconds countdown */
104         int             error_retries;  /* end of "common" fields */
105         int             nonzero_status; /* hung BMCs stay all 0 */
106         enum bt_states  complete;       /* to divert the state machine */
107         int             BT_CAP_outreqs;
108         long            BT_CAP_req2rsp;
109         int             BT_CAP_retries; /* Recommended retries */
110 };
111
112 #define BT_CLR_WR_PTR   0x01    /* See IPMI 1.5 table 11.6.4 */
113 #define BT_CLR_RD_PTR   0x02
114 #define BT_H2B_ATN      0x04
115 #define BT_B2H_ATN      0x08
116 #define BT_SMS_ATN      0x10
117 #define BT_OEM0         0x20
118 #define BT_H_BUSY       0x40
119 #define BT_B_BUSY       0x80
120
121 /*
122  * Some bits are toggled on each write: write once to set it, once
123  * more to clear it; writing a zero does nothing.  To absolutely
124  * clear it, check its state and write if set.  This avoids the "get
125  * current then use as mask" scheme to modify one bit.  Note that the
126  * variable "bt" is hardcoded into these macros.
127  */
128
129 #define BT_STATUS       bt->io->inputb(bt->io, 0)
130 #define BT_CONTROL(x)   bt->io->outputb(bt->io, 0, x)
131
132 #define BMC2HOST        bt->io->inputb(bt->io, 1)
133 #define HOST2BMC(x)     bt->io->outputb(bt->io, 1, x)
134
135 #define BT_INTMASK_R    bt->io->inputb(bt->io, 2)
136 #define BT_INTMASK_W(x) bt->io->outputb(bt->io, 2, x)
137
138 /*
139  * Convenience routines for debugging.  These are not multi-open safe!
140  * Note the macros have hardcoded variables in them.
141  */
142
143 static char *state2txt(unsigned char state)
144 {
145         switch (state) {
146         case BT_STATE_IDLE:             return("IDLE");
147         case BT_STATE_XACTION_START:    return("XACTION");
148         case BT_STATE_WRITE_BYTES:      return("WR_BYTES");
149         case BT_STATE_WRITE_CONSUME:    return("WR_CONSUME");
150         case BT_STATE_READ_WAIT:        return("RD_WAIT");
151         case BT_STATE_CLEAR_B2H:        return("CLEAR_B2H");
152         case BT_STATE_READ_BYTES:       return("RD_BYTES");
153         case BT_STATE_RESET1:           return("RESET1");
154         case BT_STATE_RESET2:           return("RESET2");
155         case BT_STATE_RESET3:           return("RESET3");
156         case BT_STATE_RESTART:          return("RESTART");
157         case BT_STATE_LONG_BUSY:        return("LONG_BUSY");
158         case BT_STATE_CAPABILITIES_BEGIN: return("CAP_BEGIN");
159         case BT_STATE_CAPABILITIES_END: return("CAP_END");
160         }
161         return("BAD STATE");
162 }
163 #define STATE2TXT state2txt(bt->state)
164
165 static char *status2txt(unsigned char status)
166 {
167         /*
168          * This cannot be called by two threads at the same time and
169          * the buffer is always consumed immediately, so the static is
170          * safe to use.
171          */
172         static char buf[40];
173
174         strcpy(buf, "[ ");
175         if (status & BT_B_BUSY)
176                 strcat(buf, "B_BUSY ");
177         if (status & BT_H_BUSY)
178                 strcat(buf, "H_BUSY ");
179         if (status & BT_OEM0)
180                 strcat(buf, "OEM0 ");
181         if (status & BT_SMS_ATN)
182                 strcat(buf, "SMS ");
183         if (status & BT_B2H_ATN)
184                 strcat(buf, "B2H ");
185         if (status & BT_H2B_ATN)
186                 strcat(buf, "H2B ");
187         strcat(buf, "]");
188         return buf;
189 }
190 #define STATUS2TXT status2txt(status)
191
192 /* called externally at insmod time, and internally on cleanup */
193
194 static unsigned int bt_init_data(struct si_sm_data *bt, struct si_sm_io *io)
195 {
196         memset(bt, 0, sizeof(struct si_sm_data));
197         if (bt->io != io) {
198                 /* external: one-time only things */
199                 bt->io = io;
200                 bt->seq = 0;
201         }
202         bt->state = BT_STATE_IDLE;      /* start here */
203         bt->complete = BT_STATE_IDLE;   /* end here */
204         bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * 1000000;
205         bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT;
206         /* BT_CAP_outreqs == zero is a flag to read BT Capabilities */
207         return 3; /* We claim 3 bytes of space; ought to check SPMI table */
208 }
209
210 /* Jam a completion code (probably an error) into a response */
211
212 static void force_result(struct si_sm_data *bt, unsigned char completion_code)
213 {
214         bt->read_data[0] = 4;                           /* # following bytes */
215         bt->read_data[1] = bt->write_data[1] | 4;       /* Odd NetFn/LUN */
216         bt->read_data[2] = bt->write_data[2];           /* seq (ignored) */
217         bt->read_data[3] = bt->write_data[3];           /* Command */
218         bt->read_data[4] = completion_code;
219         bt->read_count = 5;
220 }
221
222 /* The upper state machine starts here */
223
224 static int bt_start_transaction(struct si_sm_data *bt,
225                                 unsigned char *data,
226                                 unsigned int size)
227 {
228         unsigned int i;
229
230         if (size < 2)
231                 return IPMI_REQ_LEN_INVALID_ERR;
232         if (size > IPMI_MAX_MSG_LENGTH)
233                 return IPMI_REQ_LEN_EXCEEDED_ERR;
234
235         if (bt->state == BT_STATE_LONG_BUSY)
236                 return IPMI_NODE_BUSY_ERR;
237
238         if (bt->state != BT_STATE_IDLE)
239                 return IPMI_NOT_IN_MY_STATE_ERR;
240
241         if (bt_debug & BT_DEBUG_MSG) {
242                 printk(KERN_WARNING "BT: +++++++++++++++++ New command\n");
243                 printk(KERN_WARNING "BT: NetFn/LUN CMD [%d data]:", size - 2);
244                 for (i = 0; i < size; i ++)
245                         printk(" %02x", data[i]);
246                 printk("\n");
247         }
248         bt->write_data[0] = size + 1;   /* all data plus seq byte */
249         bt->write_data[1] = *data;      /* NetFn/LUN */
250         bt->write_data[2] = bt->seq++;
251         memcpy(bt->write_data + 3, data + 1, size - 1);
252         bt->write_count = size + 2;
253         bt->error_retries = 0;
254         bt->nonzero_status = 0;
255         bt->truncated = 0;
256         bt->state = BT_STATE_XACTION_START;
257         bt->timeout = bt->BT_CAP_req2rsp;
258         force_result(bt, IPMI_ERR_UNSPECIFIED);
259         return 0;
260 }
261
262 /*
263  * After the upper state machine has been told SI_SM_TRANSACTION_COMPLETE
264  * it calls this.  Strip out the length and seq bytes.
265  */
266
267 static int bt_get_result(struct si_sm_data *bt,
268                          unsigned char *data,
269                          unsigned int length)
270 {
271         int i, msg_len;
272
273         msg_len = bt->read_count - 2;           /* account for length & seq */
274         if (msg_len < 3 || msg_len > IPMI_MAX_MSG_LENGTH) {
275                 force_result(bt, IPMI_ERR_UNSPECIFIED);
276                 msg_len = 3;
277         }
278         data[0] = bt->read_data[1];
279         data[1] = bt->read_data[3];
280         if (length < msg_len || bt->truncated) {
281                 data[2] = IPMI_ERR_MSG_TRUNCATED;
282                 msg_len = 3;
283         } else
284                 memcpy(data + 2, bt->read_data + 4, msg_len - 2);
285
286         if (bt_debug & BT_DEBUG_MSG) {
287                 printk(KERN_WARNING "BT: result %d bytes:", msg_len);
288                 for (i = 0; i < msg_len; i++)
289                         printk(" %02x", data[i]);
290                 printk("\n");
291         }
292         return msg_len;
293 }
294
295 /* This bit's functionality is optional */
296 #define BT_BMC_HWRST    0x80
297
298 static void reset_flags(struct si_sm_data *bt)
299 {
300         if (bt_debug)
301                 printk(KERN_WARNING "IPMI BT: flag reset %s\n",
302                                         status2txt(BT_STATUS));
303         if (BT_STATUS & BT_H_BUSY)
304                 BT_CONTROL(BT_H_BUSY);  /* force clear */
305         BT_CONTROL(BT_CLR_WR_PTR);      /* always reset */
306         BT_CONTROL(BT_SMS_ATN);         /* always clear */
307         BT_INTMASK_W(BT_BMC_HWRST);
308 }
309
310 /*
311  * Get rid of an unwanted/stale response.  This should only be needed for
312  * BMCs that support multiple outstanding requests.
313  */
314
315 static void drain_BMC2HOST(struct si_sm_data *bt)
316 {
317         int i, size;
318
319         if (!(BT_STATUS & BT_B2H_ATN))  /* Not signalling a response */
320                 return;
321
322         BT_CONTROL(BT_H_BUSY);          /* now set */
323         BT_CONTROL(BT_B2H_ATN);         /* always clear */
324         BT_STATUS;                      /* pause */
325         BT_CONTROL(BT_B2H_ATN);         /* some BMCs are stubborn */
326         BT_CONTROL(BT_CLR_RD_PTR);      /* always reset */
327         if (bt_debug)
328                 printk(KERN_WARNING "IPMI BT: stale response %s; ",
329                         status2txt(BT_STATUS));
330         size = BMC2HOST;
331         for (i = 0; i < size ; i++)
332                 BMC2HOST;
333         BT_CONTROL(BT_H_BUSY);          /* now clear */
334         if (bt_debug)
335                 printk("drained %d bytes\n", size + 1);
336 }
337
338 static inline void write_all_bytes(struct si_sm_data *bt)
339 {
340         int i;
341
342         if (bt_debug & BT_DEBUG_MSG) {
343                 printk(KERN_WARNING "BT: write %d bytes seq=0x%02X",
344                         bt->write_count, bt->seq);
345                 for (i = 0; i < bt->write_count; i++)
346                         printk(" %02x", bt->write_data[i]);
347                 printk("\n");
348         }
349         for (i = 0; i < bt->write_count; i++)
350                 HOST2BMC(bt->write_data[i]);
351 }
352
353 static inline int read_all_bytes(struct si_sm_data *bt)
354 {
355         unsigned char i;
356
357         /*
358          * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
359          * Keep layout of first four bytes aligned with write_data[]
360          */
361
362         bt->read_data[0] = BMC2HOST;
363         bt->read_count = bt->read_data[0];
364
365         if (bt->read_count < 4 || bt->read_count >= IPMI_MAX_MSG_LENGTH) {
366                 if (bt_debug & BT_DEBUG_MSG)
367                         printk(KERN_WARNING "BT: bad raw rsp len=%d\n",
368                                 bt->read_count);
369                 bt->truncated = 1;
370                 return 1;       /* let next XACTION START clean it up */
371         }
372         for (i = 1; i <= bt->read_count; i++)
373                 bt->read_data[i] = BMC2HOST;
374         bt->read_count++;       /* Account internally for length byte */
375
376         if (bt_debug & BT_DEBUG_MSG) {
377                 int max = bt->read_count;
378
379                 printk(KERN_WARNING "BT: got %d bytes seq=0x%02X",
380                         max, bt->read_data[2]);
381                 if (max > 16)
382                         max = 16;
383                 for (i = 0; i < max; i++)
384                         printk(KERN_CONT " %02x", bt->read_data[i]);
385                 printk(KERN_CONT "%s\n", bt->read_count == max ? "" : " ...");
386         }
387
388         /* per the spec, the (NetFn[1], Seq[2], Cmd[3]) tuples must match */
389         if ((bt->read_data[3] == bt->write_data[3]) &&
390             (bt->read_data[2] == bt->write_data[2]) &&
391             ((bt->read_data[1] & 0xF8) == (bt->write_data[1] & 0xF8)))
392                         return 1;
393
394         if (bt_debug & BT_DEBUG_MSG)
395                 printk(KERN_WARNING "IPMI BT: bad packet: "
396                 "want 0x(%02X, %02X, %02X) got (%02X, %02X, %02X)\n",
397                 bt->write_data[1] | 0x04, bt->write_data[2], bt->write_data[3],
398                 bt->read_data[1],  bt->read_data[2],  bt->read_data[3]);
399         return 0;
400 }
401
402 /* Restart if retries are left, or return an error completion code */
403
404 static enum si_sm_result error_recovery(struct si_sm_data *bt,
405                                         unsigned char status,
406                                         unsigned char cCode)
407 {
408         char *reason;
409
410         bt->timeout = bt->BT_CAP_req2rsp;
411
412         switch (cCode) {
413         case IPMI_TIMEOUT_ERR:
414                 reason = "timeout";
415                 break;
416         default:
417                 reason = "internal error";
418                 break;
419         }
420
421         printk(KERN_WARNING "IPMI BT: %s in %s %s ",    /* open-ended line */
422                 reason, STATE2TXT, STATUS2TXT);
423
424         /*
425          * Per the IPMI spec, retries are based on the sequence number
426          * known only to this module, so manage a restart here.
427          */
428         (bt->error_retries)++;
429         if (bt->error_retries < bt->BT_CAP_retries) {
430                 printk("%d retries left\n",
431                         bt->BT_CAP_retries - bt->error_retries);
432                 bt->state = BT_STATE_RESTART;
433                 return SI_SM_CALL_WITHOUT_DELAY;
434         }
435
436         printk(KERN_WARNING "failed %d retries, sending error response\n",
437                bt->BT_CAP_retries);
438         if (!bt->nonzero_status)
439                 printk(KERN_ERR "IPMI BT: stuck, try power cycle\n");
440
441         /* this is most likely during insmod */
442         else if (bt->seq <= (unsigned char)(bt->BT_CAP_retries & 0xFF)) {
443                 printk(KERN_WARNING "IPMI: BT reset (takes 5 secs)\n");
444                 bt->state = BT_STATE_RESET1;
445                 return SI_SM_CALL_WITHOUT_DELAY;
446         }
447
448         /*
449          * Concoct a useful error message, set up the next state, and
450          * be done with this sequence.
451          */
452
453         bt->state = BT_STATE_IDLE;
454         switch (cCode) {
455         case IPMI_TIMEOUT_ERR:
456                 if (status & BT_B_BUSY) {
457                         cCode = IPMI_NODE_BUSY_ERR;
458                         bt->state = BT_STATE_LONG_BUSY;
459                 }
460                 break;
461         default:
462                 break;
463         }
464         force_result(bt, cCode);
465         return SI_SM_TRANSACTION_COMPLETE;
466 }
467
468 /* Check status and (usually) take action and change this state machine. */
469
470 static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
471 {
472         unsigned char status, BT_CAP[8];
473         static enum bt_states last_printed = BT_STATE_PRINTME;
474         int i;
475
476         status = BT_STATUS;
477         bt->nonzero_status |= status;
478         if ((bt_debug & BT_DEBUG_STATES) && (bt->state != last_printed)) {
479                 printk(KERN_WARNING "BT: %s %s TO=%ld - %ld \n",
480                         STATE2TXT,
481                         STATUS2TXT,
482                         bt->timeout,
483                         time);
484                 last_printed = bt->state;
485         }
486
487         /*
488          * Commands that time out may still (eventually) provide a response.
489          * This stale response will get in the way of a new response so remove
490          * it if possible (hopefully during IDLE).  Even if it comes up later
491          * it will be rejected by its (now-forgotten) seq number.
492          */
493
494         if ((bt->state < BT_STATE_WRITE_BYTES) && (status & BT_B2H_ATN)) {
495                 drain_BMC2HOST(bt);
496                 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
497         }
498
499         if ((bt->state != BT_STATE_IDLE) &&
500             (bt->state <  BT_STATE_PRINTME)) {
501                 /* check timeout */
502                 bt->timeout -= time;
503                 if ((bt->timeout < 0) && (bt->state < BT_STATE_RESET1))
504                         return error_recovery(bt,
505                                               status,
506                                               IPMI_TIMEOUT_ERR);
507         }
508
509         switch (bt->state) {
510
511         /*
512          * Idle state first checks for asynchronous messages from another
513          * channel, then does some opportunistic housekeeping.
514          */
515
516         case BT_STATE_IDLE:
517                 if (status & BT_SMS_ATN) {
518                         BT_CONTROL(BT_SMS_ATN); /* clear it */
519                         return SI_SM_ATTN;
520                 }
521
522                 if (status & BT_H_BUSY)         /* clear a leftover H_BUSY */
523                         BT_CONTROL(BT_H_BUSY);
524
525                 /* Read BT capabilities if it hasn't been done yet */
526                 if (!bt->BT_CAP_outreqs)
527                         BT_STATE_CHANGE(BT_STATE_CAPABILITIES_BEGIN,
528                                         SI_SM_CALL_WITHOUT_DELAY);
529                 bt->timeout = bt->BT_CAP_req2rsp;
530                 BT_SI_SM_RETURN(SI_SM_IDLE);
531
532         case BT_STATE_XACTION_START:
533                 if (status & (BT_B_BUSY | BT_H2B_ATN))
534                         BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
535                 if (BT_STATUS & BT_H_BUSY)
536                         BT_CONTROL(BT_H_BUSY);  /* force clear */
537                 BT_STATE_CHANGE(BT_STATE_WRITE_BYTES,
538                                 SI_SM_CALL_WITHOUT_DELAY);
539
540         case BT_STATE_WRITE_BYTES:
541                 if (status & BT_H_BUSY)
542                         BT_CONTROL(BT_H_BUSY);  /* clear */
543                 BT_CONTROL(BT_CLR_WR_PTR);
544                 write_all_bytes(bt);
545                 BT_CONTROL(BT_H2B_ATN); /* can clear too fast to catch */
546                 BT_STATE_CHANGE(BT_STATE_WRITE_CONSUME,
547                                 SI_SM_CALL_WITHOUT_DELAY);
548
549         case BT_STATE_WRITE_CONSUME:
550                 if (status & (BT_B_BUSY | BT_H2B_ATN))
551                         BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
552                 BT_STATE_CHANGE(BT_STATE_READ_WAIT,
553                                 SI_SM_CALL_WITHOUT_DELAY);
554
555         /* Spinning hard can suppress B2H_ATN and force a timeout */
556
557         case BT_STATE_READ_WAIT:
558                 if (!(status & BT_B2H_ATN))
559                         BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
560                 BT_CONTROL(BT_H_BUSY);          /* set */
561
562                 /*
563                  * Uncached, ordered writes should just proceeed serially but
564                  * some BMCs don't clear B2H_ATN with one hit.  Fast-path a
565                  * workaround without too much penalty to the general case.
566                  */
567
568                 BT_CONTROL(BT_B2H_ATN);         /* clear it to ACK the BMC */
569                 BT_STATE_CHANGE(BT_STATE_CLEAR_B2H,
570                                 SI_SM_CALL_WITHOUT_DELAY);
571
572         case BT_STATE_CLEAR_B2H:
573                 if (status & BT_B2H_ATN) {
574                         /* keep hitting it */
575                         BT_CONTROL(BT_B2H_ATN);
576                         BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
577                 }
578                 BT_STATE_CHANGE(BT_STATE_READ_BYTES,
579                                 SI_SM_CALL_WITHOUT_DELAY);
580
581         case BT_STATE_READ_BYTES:
582                 if (!(status & BT_H_BUSY))
583                         /* check in case of retry */
584                         BT_CONTROL(BT_H_BUSY);
585                 BT_CONTROL(BT_CLR_RD_PTR);      /* start of BMC2HOST buffer */
586                 i = read_all_bytes(bt);         /* true == packet seq match */
587                 BT_CONTROL(BT_H_BUSY);          /* NOW clear */
588                 if (!i)                         /* Not my message */
589                         BT_STATE_CHANGE(BT_STATE_READ_WAIT,
590                                         SI_SM_CALL_WITHOUT_DELAY);
591                 bt->state = bt->complete;
592                 return bt->state == BT_STATE_IDLE ?     /* where to next? */
593                         SI_SM_TRANSACTION_COMPLETE :    /* normal */
594                         SI_SM_CALL_WITHOUT_DELAY;       /* Startup magic */
595
596         case BT_STATE_LONG_BUSY:        /* For example: after FW update */
597                 if (!(status & BT_B_BUSY)) {
598                         reset_flags(bt);        /* next state is now IDLE */
599                         bt_init_data(bt, bt->io);
600                 }
601                 return SI_SM_CALL_WITH_DELAY;   /* No repeat printing */
602
603         case BT_STATE_RESET1:
604                 reset_flags(bt);
605                 drain_BMC2HOST(bt);
606                 BT_STATE_CHANGE(BT_STATE_RESET2,
607                                 SI_SM_CALL_WITH_DELAY);
608
609         case BT_STATE_RESET2:           /* Send a soft reset */
610                 BT_CONTROL(BT_CLR_WR_PTR);
611                 HOST2BMC(3);            /* number of bytes following */
612                 HOST2BMC(0x18);         /* NetFn/LUN == Application, LUN 0 */
613                 HOST2BMC(42);           /* Sequence number */
614                 HOST2BMC(3);            /* Cmd == Soft reset */
615                 BT_CONTROL(BT_H2B_ATN);
616                 bt->timeout = BT_RESET_DELAY * 1000000;
617                 BT_STATE_CHANGE(BT_STATE_RESET3,
618                                 SI_SM_CALL_WITH_DELAY);
619
620         case BT_STATE_RESET3:           /* Hold off everything for a bit */
621                 if (bt->timeout > 0)
622                         return SI_SM_CALL_WITH_DELAY;
623                 drain_BMC2HOST(bt);
624                 BT_STATE_CHANGE(BT_STATE_RESTART,
625                                 SI_SM_CALL_WITH_DELAY);
626
627         case BT_STATE_RESTART:          /* don't reset retries or seq! */
628                 bt->read_count = 0;
629                 bt->nonzero_status = 0;
630                 bt->timeout = bt->BT_CAP_req2rsp;
631                 BT_STATE_CHANGE(BT_STATE_XACTION_START,
632                                 SI_SM_CALL_WITH_DELAY);
633
634         /*
635          * Get BT Capabilities, using timing of upper level state machine.
636          * Set outreqs to prevent infinite loop on timeout.
637          */
638         case BT_STATE_CAPABILITIES_BEGIN:
639                 bt->BT_CAP_outreqs = 1;
640                 {
641                         unsigned char GetBT_CAP[] = { 0x18, 0x36 };
642                         bt->state = BT_STATE_IDLE;
643                         bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP));
644                 }
645                 bt->complete = BT_STATE_CAPABILITIES_END;
646                 BT_STATE_CHANGE(BT_STATE_XACTION_START,
647                                 SI_SM_CALL_WITH_DELAY);
648
649         case BT_STATE_CAPABILITIES_END:
650                 i = bt_get_result(bt, BT_CAP, sizeof(BT_CAP));
651                 bt_init_data(bt, bt->io);
652                 if ((i == 8) && !BT_CAP[2]) {
653                         bt->BT_CAP_outreqs = BT_CAP[3];
654                         bt->BT_CAP_req2rsp = BT_CAP[6] * 1000000;
655                         bt->BT_CAP_retries = BT_CAP[7];
656                 } else
657                         printk(KERN_WARNING "IPMI BT: using default values\n");
658                 if (!bt->BT_CAP_outreqs)
659                         bt->BT_CAP_outreqs = 1;
660                 printk(KERN_WARNING "IPMI BT: req2rsp=%ld secs retries=%d\n",
661                         bt->BT_CAP_req2rsp / 1000000L, bt->BT_CAP_retries);
662                 bt->timeout = bt->BT_CAP_req2rsp;
663                 return SI_SM_CALL_WITHOUT_DELAY;
664
665         default:        /* should never occur */
666                 return error_recovery(bt,
667                                       status,
668                                       IPMI_ERR_UNSPECIFIED);
669         }
670         return SI_SM_CALL_WITH_DELAY;
671 }
672
673 static int bt_detect(struct si_sm_data *bt)
674 {
675         /*
676          * It's impossible for the BT status and interrupt registers to be
677          * all 1's, (assuming a properly functioning, self-initialized BMC)
678          * but that's what you get from reading a bogus address, so we
679          * test that first.  The calling routine uses negative logic.
680          */
681
682         if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF))
683                 return 1;
684         reset_flags(bt);
685         return 0;
686 }
687
688 static void bt_cleanup(struct si_sm_data *bt)
689 {
690 }
691
692 static int bt_size(void)
693 {
694         return sizeof(struct si_sm_data);
695 }
696
697 struct si_sm_handlers bt_smi_handlers = {
698         .init_data              = bt_init_data,
699         .start_transaction      = bt_start_transaction,
700         .get_result             = bt_get_result,
701         .event                  = bt_event,
702         .detect                 = bt_detect,
703         .cleanup                = bt_cleanup,
704         .size                   = bt_size,
705 };