Merge branch 'from-linus' into upstream
[linux-2.6] / drivers / char / ipmi / ipmi_msghandler.c
1 /*
2  * ipmi_msghandler.c
3  *
4  * Incoming and outgoing message routing for an IPMI interface.
5  *
6  * Author: MontaVista Software, Inc.
7  *         Corey Minyard <minyard@mvista.com>
8  *         source@mvista.com
9  *
10  * Copyright 2002 MontaVista Software Inc.
11  *
12  *  This program is free software; you can redistribute it and/or modify it
13  *  under the terms of the GNU General Public License as published by the
14  *  Free Software Foundation; either version 2 of the License, or (at your
15  *  option) any later version.
16  *
17  *
18  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
19  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21  *  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22  *  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23  *  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
24  *  OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25  *  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
26  *  TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
27  *  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  *
29  *  You should have received a copy of the GNU General Public License along
30  *  with this program; if not, write to the Free Software Foundation, Inc.,
31  *  675 Mass Ave, Cambridge, MA 02139, USA.
32  */
33
34 #include <linux/config.h>
35 #include <linux/module.h>
36 #include <linux/errno.h>
37 #include <asm/system.h>
38 #include <linux/sched.h>
39 #include <linux/poll.h>
40 #include <linux/spinlock.h>
41 #include <linux/mutex.h>
42 #include <linux/slab.h>
43 #include <linux/ipmi.h>
44 #include <linux/ipmi_smi.h>
45 #include <linux/notifier.h>
46 #include <linux/init.h>
47 #include <linux/proc_fs.h>
48 #include <linux/rcupdate.h>
49
50 #define PFX "IPMI message handler: "
51
52 #define IPMI_DRIVER_VERSION "39.0"
53
54 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void);
55 static int ipmi_init_msghandler(void);
56
57 static int initialized = 0;
58
59 #ifdef CONFIG_PROC_FS
60 struct proc_dir_entry *proc_ipmi_root = NULL;
61 EXPORT_SYMBOL(proc_ipmi_root);
62 #endif /* CONFIG_PROC_FS */
63
64 #define MAX_EVENTS_IN_QUEUE     25
65
66 /* Don't let a message sit in a queue forever, always time it with at lest
67    the max message timer.  This is in milliseconds. */
68 #define MAX_MSG_TIMEOUT         60000
69
70
71 /*
72  * The main "user" data structure.
73  */
74 struct ipmi_user
75 {
76         struct list_head link;
77
78         /* Set to "0" when the user is destroyed. */
79         int valid;
80
81         struct kref refcount;
82
83         /* The upper layer that handles receive messages. */
84         struct ipmi_user_hndl *handler;
85         void             *handler_data;
86
87         /* The interface this user is bound to. */
88         ipmi_smi_t intf;
89
90         /* Does this interface receive IPMI events? */
91         int gets_events;
92 };
93
94 struct cmd_rcvr
95 {
96         struct list_head link;
97
98         ipmi_user_t   user;
99         unsigned char netfn;
100         unsigned char cmd;
101
102         /*
103          * This is used to form a linked lised during mass deletion.
104          * Since this is in an RCU list, we cannot use the link above
105          * or change any data until the RCU period completes.  So we
106          * use this next variable during mass deletion so we can have
107          * a list and don't have to wait and restart the search on
108          * every individual deletion of a command. */
109         struct cmd_rcvr *next;
110 };
111
112 struct seq_table
113 {
114         unsigned int         inuse : 1;
115         unsigned int         broadcast : 1;
116
117         unsigned long        timeout;
118         unsigned long        orig_timeout;
119         unsigned int         retries_left;
120
121         /* To verify on an incoming send message response that this is
122            the message that the response is for, we keep a sequence id
123            and increment it every time we send a message. */
124         long                 seqid;
125
126         /* This is held so we can properly respond to the message on a
127            timeout, and it is used to hold the temporary data for
128            retransmission, too. */
129         struct ipmi_recv_msg *recv_msg;
130 };
131
132 /* Store the information in a msgid (long) to allow us to find a
133    sequence table entry from the msgid. */
134 #define STORE_SEQ_IN_MSGID(seq, seqid) (((seq&0xff)<<26) | (seqid&0x3ffffff))
135
136 #define GET_SEQ_FROM_MSGID(msgid, seq, seqid) \
137         do {                                                            \
138                 seq = ((msgid >> 26) & 0x3f);                           \
139                 seqid = (msgid & 0x3fffff);                             \
140         } while (0)
141
142 #define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3fffff)
143
144 struct ipmi_channel
145 {
146         unsigned char medium;
147         unsigned char protocol;
148
149         /* My slave address.  This is initialized to IPMI_BMC_SLAVE_ADDR,
150            but may be changed by the user. */
151         unsigned char address;
152
153         /* My LUN.  This should generally stay the SMS LUN, but just in
154            case... */
155         unsigned char lun;
156 };
157
158 #ifdef CONFIG_PROC_FS
159 struct ipmi_proc_entry
160 {
161         char                   *name;
162         struct ipmi_proc_entry *next;
163 };
164 #endif
165
166 struct bmc_device
167 {
168         struct platform_device *dev;
169         struct ipmi_device_id  id;
170         unsigned char          guid[16];
171         int                    guid_set;
172
173         struct kref            refcount;
174
175         /* bmc device attributes */
176         struct device_attribute device_id_attr;
177         struct device_attribute provides_dev_sdrs_attr;
178         struct device_attribute revision_attr;
179         struct device_attribute firmware_rev_attr;
180         struct device_attribute version_attr;
181         struct device_attribute add_dev_support_attr;
182         struct device_attribute manufacturer_id_attr;
183         struct device_attribute product_id_attr;
184         struct device_attribute guid_attr;
185         struct device_attribute aux_firmware_rev_attr;
186 };
187
188 #define IPMI_IPMB_NUM_SEQ       64
189 #define IPMI_MAX_CHANNELS       16
190 struct ipmi_smi
191 {
192         /* What interface number are we? */
193         int intf_num;
194
195         struct kref refcount;
196
197         /* The list of upper layers that are using me.  seq_lock
198          * protects this. */
199         struct list_head users;
200
201         /* Used for wake ups at startup. */
202         wait_queue_head_t waitq;
203
204         struct bmc_device *bmc;
205         char *my_dev_name;
206
207         /* This is the lower-layer's sender routine. */
208         struct ipmi_smi_handlers *handlers;
209         void                     *send_info;
210
211 #ifdef CONFIG_PROC_FS
212         /* A list of proc entries for this interface.  This does not
213            need a lock, only one thread creates it and only one thread
214            destroys it. */
215         spinlock_t             proc_entry_lock;
216         struct ipmi_proc_entry *proc_entries;
217 #endif
218
219         /* Driver-model device for the system interface. */
220         struct device          *si_dev;
221
222         /* A table of sequence numbers for this interface.  We use the
223            sequence numbers for IPMB messages that go out of the
224            interface to match them up with their responses.  A routine
225            is called periodically to time the items in this list. */
226         spinlock_t       seq_lock;
227         struct seq_table seq_table[IPMI_IPMB_NUM_SEQ];
228         int curr_seq;
229
230         /* Messages that were delayed for some reason (out of memory,
231            for instance), will go in here to be processed later in a
232            periodic timer interrupt. */
233         spinlock_t       waiting_msgs_lock;
234         struct list_head waiting_msgs;
235
236         /* The list of command receivers that are registered for commands
237            on this interface. */
238         struct mutex     cmd_rcvrs_mutex;
239         struct list_head cmd_rcvrs;
240
241         /* Events that were queues because no one was there to receive
242            them. */
243         spinlock_t       events_lock; /* For dealing with event stuff. */
244         struct list_head waiting_events;
245         unsigned int     waiting_events_count; /* How many events in queue? */
246
247         /* The event receiver for my BMC, only really used at panic
248            shutdown as a place to store this. */
249         unsigned char event_receiver;
250         unsigned char event_receiver_lun;
251         unsigned char local_sel_device;
252         unsigned char local_event_generator;
253
254         /* A cheap hack, if this is non-null and a message to an
255            interface comes in with a NULL user, call this routine with
256            it.  Note that the message will still be freed by the
257            caller.  This only works on the system interface. */
258         void (*null_user_handler)(ipmi_smi_t intf, struct ipmi_recv_msg *msg);
259
260         /* When we are scanning the channels for an SMI, this will
261            tell which channel we are scanning. */
262         int curr_channel;
263
264         /* Channel information */
265         struct ipmi_channel channels[IPMI_MAX_CHANNELS];
266
267         /* Proc FS stuff. */
268         struct proc_dir_entry *proc_dir;
269         char                  proc_dir_name[10];
270
271         spinlock_t   counter_lock; /* For making counters atomic. */
272
273         /* Commands we got that were invalid. */
274         unsigned int sent_invalid_commands;
275
276         /* Commands we sent to the MC. */
277         unsigned int sent_local_commands;
278         /* Responses from the MC that were delivered to a user. */
279         unsigned int handled_local_responses;
280         /* Responses from the MC that were not delivered to a user. */
281         unsigned int unhandled_local_responses;
282
283         /* Commands we sent out to the IPMB bus. */
284         unsigned int sent_ipmb_commands;
285         /* Commands sent on the IPMB that had errors on the SEND CMD */
286         unsigned int sent_ipmb_command_errs;
287         /* Each retransmit increments this count. */
288         unsigned int retransmitted_ipmb_commands;
289         /* When a message times out (runs out of retransmits) this is
290            incremented. */
291         unsigned int timed_out_ipmb_commands;
292
293         /* This is like above, but for broadcasts.  Broadcasts are
294            *not* included in the above count (they are expected to
295            time out). */
296         unsigned int timed_out_ipmb_broadcasts;
297
298         /* Responses I have sent to the IPMB bus. */
299         unsigned int sent_ipmb_responses;
300
301         /* The response was delivered to the user. */
302         unsigned int handled_ipmb_responses;
303         /* The response had invalid data in it. */
304         unsigned int invalid_ipmb_responses;
305         /* The response didn't have anyone waiting for it. */
306         unsigned int unhandled_ipmb_responses;
307
308         /* Commands we sent out to the IPMB bus. */
309         unsigned int sent_lan_commands;
310         /* Commands sent on the IPMB that had errors on the SEND CMD */
311         unsigned int sent_lan_command_errs;
312         /* Each retransmit increments this count. */
313         unsigned int retransmitted_lan_commands;
314         /* When a message times out (runs out of retransmits) this is
315            incremented. */
316         unsigned int timed_out_lan_commands;
317
318         /* Responses I have sent to the IPMB bus. */
319         unsigned int sent_lan_responses;
320
321         /* The response was delivered to the user. */
322         unsigned int handled_lan_responses;
323         /* The response had invalid data in it. */
324         unsigned int invalid_lan_responses;
325         /* The response didn't have anyone waiting for it. */
326         unsigned int unhandled_lan_responses;
327
328         /* The command was delivered to the user. */
329         unsigned int handled_commands;
330         /* The command had invalid data in it. */
331         unsigned int invalid_commands;
332         /* The command didn't have anyone waiting for it. */
333         unsigned int unhandled_commands;
334
335         /* Invalid data in an event. */
336         unsigned int invalid_events;
337         /* Events that were received with the proper format. */
338         unsigned int events;
339 };
340 #define to_si_intf_from_dev(device) container_of(device, struct ipmi_smi, dev)
341
342 /* Used to mark an interface entry that cannot be used but is not a
343  * free entry, either, primarily used at creation and deletion time so
344  * a slot doesn't get reused too quickly. */
345 #define IPMI_INVALID_INTERFACE_ENTRY ((ipmi_smi_t) ((long) 1))
346 #define IPMI_INVALID_INTERFACE(i) (((i) == NULL) \
347                                    || (i == IPMI_INVALID_INTERFACE_ENTRY))
348
349 /**
350  * The driver model view of the IPMI messaging driver.
351  */
352 static struct device_driver ipmidriver = {
353         .name = "ipmi",
354         .bus = &platform_bus_type
355 };
356 static DEFINE_MUTEX(ipmidriver_mutex);
357
358 #define MAX_IPMI_INTERFACES 4
359 static ipmi_smi_t ipmi_interfaces[MAX_IPMI_INTERFACES];
360
361 /* Directly protects the ipmi_interfaces data structure. */
362 static DEFINE_SPINLOCK(interfaces_lock);
363
364 /* List of watchers that want to know when smi's are added and
365    deleted. */
366 static struct list_head smi_watchers = LIST_HEAD_INIT(smi_watchers);
367 static DECLARE_RWSEM(smi_watchers_sem);
368
369
370 static void free_recv_msg_list(struct list_head *q)
371 {
372         struct ipmi_recv_msg *msg, *msg2;
373
374         list_for_each_entry_safe(msg, msg2, q, link) {
375                 list_del(&msg->link);
376                 ipmi_free_recv_msg(msg);
377         }
378 }
379
380 static void clean_up_interface_data(ipmi_smi_t intf)
381 {
382         int              i;
383         struct cmd_rcvr  *rcvr, *rcvr2;
384         struct list_head list;
385
386         free_recv_msg_list(&intf->waiting_msgs);
387         free_recv_msg_list(&intf->waiting_events);
388
389         /* Wholesale remove all the entries from the list in the
390          * interface and wait for RCU to know that none are in use. */
391         mutex_lock(&intf->cmd_rcvrs_mutex);
392         list_add_rcu(&list, &intf->cmd_rcvrs);
393         list_del_rcu(&intf->cmd_rcvrs);
394         mutex_unlock(&intf->cmd_rcvrs_mutex);
395         synchronize_rcu();
396
397         list_for_each_entry_safe(rcvr, rcvr2, &list, link)
398                 kfree(rcvr);
399
400         for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
401                 if ((intf->seq_table[i].inuse)
402                     && (intf->seq_table[i].recv_msg))
403                 {
404                         ipmi_free_recv_msg(intf->seq_table[i].recv_msg);
405                 }
406         }
407 }
408
409 static void intf_free(struct kref *ref)
410 {
411         ipmi_smi_t intf = container_of(ref, struct ipmi_smi, refcount);
412
413         clean_up_interface_data(intf);
414         kfree(intf);
415 }
416
417 int ipmi_smi_watcher_register(struct ipmi_smi_watcher *watcher)
418 {
419         int           i;
420         unsigned long flags;
421
422         down_write(&smi_watchers_sem);
423         list_add(&(watcher->link), &smi_watchers);
424         up_write(&smi_watchers_sem);
425         spin_lock_irqsave(&interfaces_lock, flags);
426         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
427                 ipmi_smi_t intf = ipmi_interfaces[i];
428                 if (IPMI_INVALID_INTERFACE(intf))
429                         continue;
430                 spin_unlock_irqrestore(&interfaces_lock, flags);
431                 watcher->new_smi(i, intf->si_dev);
432                 spin_lock_irqsave(&interfaces_lock, flags);
433         }
434         spin_unlock_irqrestore(&interfaces_lock, flags);
435         return 0;
436 }
437
438 int ipmi_smi_watcher_unregister(struct ipmi_smi_watcher *watcher)
439 {
440         down_write(&smi_watchers_sem);
441         list_del(&(watcher->link));
442         up_write(&smi_watchers_sem);
443         return 0;
444 }
445
446 static void
447 call_smi_watchers(int i, struct device *dev)
448 {
449         struct ipmi_smi_watcher *w;
450
451         down_read(&smi_watchers_sem);
452         list_for_each_entry(w, &smi_watchers, link) {
453                 if (try_module_get(w->owner)) {
454                         w->new_smi(i, dev);
455                         module_put(w->owner);
456                 }
457         }
458         up_read(&smi_watchers_sem);
459 }
460
461 static int
462 ipmi_addr_equal(struct ipmi_addr *addr1, struct ipmi_addr *addr2)
463 {
464         if (addr1->addr_type != addr2->addr_type)
465                 return 0;
466
467         if (addr1->channel != addr2->channel)
468                 return 0;
469
470         if (addr1->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
471                 struct ipmi_system_interface_addr *smi_addr1
472                     = (struct ipmi_system_interface_addr *) addr1;
473                 struct ipmi_system_interface_addr *smi_addr2
474                     = (struct ipmi_system_interface_addr *) addr2;
475                 return (smi_addr1->lun == smi_addr2->lun);
476         }
477
478         if ((addr1->addr_type == IPMI_IPMB_ADDR_TYPE)
479             || (addr1->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
480         {
481                 struct ipmi_ipmb_addr *ipmb_addr1
482                     = (struct ipmi_ipmb_addr *) addr1;
483                 struct ipmi_ipmb_addr *ipmb_addr2
484                     = (struct ipmi_ipmb_addr *) addr2;
485
486                 return ((ipmb_addr1->slave_addr == ipmb_addr2->slave_addr)
487                         && (ipmb_addr1->lun == ipmb_addr2->lun));
488         }
489
490         if (addr1->addr_type == IPMI_LAN_ADDR_TYPE) {
491                 struct ipmi_lan_addr *lan_addr1
492                         = (struct ipmi_lan_addr *) addr1;
493                 struct ipmi_lan_addr *lan_addr2
494                     = (struct ipmi_lan_addr *) addr2;
495
496                 return ((lan_addr1->remote_SWID == lan_addr2->remote_SWID)
497                         && (lan_addr1->local_SWID == lan_addr2->local_SWID)
498                         && (lan_addr1->session_handle
499                             == lan_addr2->session_handle)
500                         && (lan_addr1->lun == lan_addr2->lun));
501         }
502
503         return 1;
504 }
505
506 int ipmi_validate_addr(struct ipmi_addr *addr, int len)
507 {
508         if (len < sizeof(struct ipmi_system_interface_addr)) {
509                 return -EINVAL;
510         }
511
512         if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
513                 if (addr->channel != IPMI_BMC_CHANNEL)
514                         return -EINVAL;
515                 return 0;
516         }
517
518         if ((addr->channel == IPMI_BMC_CHANNEL)
519             || (addr->channel >= IPMI_MAX_CHANNELS)
520             || (addr->channel < 0))
521                 return -EINVAL;
522
523         if ((addr->addr_type == IPMI_IPMB_ADDR_TYPE)
524             || (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
525         {
526                 if (len < sizeof(struct ipmi_ipmb_addr)) {
527                         return -EINVAL;
528                 }
529                 return 0;
530         }
531
532         if (addr->addr_type == IPMI_LAN_ADDR_TYPE) {
533                 if (len < sizeof(struct ipmi_lan_addr)) {
534                         return -EINVAL;
535                 }
536                 return 0;
537         }
538
539         return -EINVAL;
540 }
541
542 unsigned int ipmi_addr_length(int addr_type)
543 {
544         if (addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
545                 return sizeof(struct ipmi_system_interface_addr);
546
547         if ((addr_type == IPMI_IPMB_ADDR_TYPE)
548             || (addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
549         {
550                 return sizeof(struct ipmi_ipmb_addr);
551         }
552
553         if (addr_type == IPMI_LAN_ADDR_TYPE)
554                 return sizeof(struct ipmi_lan_addr);
555
556         return 0;
557 }
558
559 static void deliver_response(struct ipmi_recv_msg *msg)
560 {
561         if (!msg->user) {
562                 ipmi_smi_t    intf = msg->user_msg_data;
563                 unsigned long flags;
564
565                 /* Special handling for NULL users. */
566                 if (intf->null_user_handler) {
567                         intf->null_user_handler(intf, msg);
568                         spin_lock_irqsave(&intf->counter_lock, flags);
569                         intf->handled_local_responses++;
570                         spin_unlock_irqrestore(&intf->counter_lock, flags);
571                 } else {
572                         /* No handler, so give up. */
573                         spin_lock_irqsave(&intf->counter_lock, flags);
574                         intf->unhandled_local_responses++;
575                         spin_unlock_irqrestore(&intf->counter_lock, flags);
576                 }
577                 ipmi_free_recv_msg(msg);
578         } else {
579                 ipmi_user_t user = msg->user;
580                 user->handler->ipmi_recv_hndl(msg, user->handler_data);
581         }
582 }
583
584 /* Find the next sequence number not being used and add the given
585    message with the given timeout to the sequence table.  This must be
586    called with the interface's seq_lock held. */
587 static int intf_next_seq(ipmi_smi_t           intf,
588                          struct ipmi_recv_msg *recv_msg,
589                          unsigned long        timeout,
590                          int                  retries,
591                          int                  broadcast,
592                          unsigned char        *seq,
593                          long                 *seqid)
594 {
595         int          rv = 0;
596         unsigned int i;
597
598         for (i = intf->curr_seq;
599              (i+1)%IPMI_IPMB_NUM_SEQ != intf->curr_seq;
600              i = (i+1)%IPMI_IPMB_NUM_SEQ)
601         {
602                 if (!intf->seq_table[i].inuse)
603                         break;
604         }
605
606         if (!intf->seq_table[i].inuse) {
607                 intf->seq_table[i].recv_msg = recv_msg;
608
609                 /* Start with the maximum timeout, when the send response
610                    comes in we will start the real timer. */
611                 intf->seq_table[i].timeout = MAX_MSG_TIMEOUT;
612                 intf->seq_table[i].orig_timeout = timeout;
613                 intf->seq_table[i].retries_left = retries;
614                 intf->seq_table[i].broadcast = broadcast;
615                 intf->seq_table[i].inuse = 1;
616                 intf->seq_table[i].seqid = NEXT_SEQID(intf->seq_table[i].seqid);
617                 *seq = i;
618                 *seqid = intf->seq_table[i].seqid;
619                 intf->curr_seq = (i+1)%IPMI_IPMB_NUM_SEQ;
620         } else {
621                 rv = -EAGAIN;
622         }
623         
624         return rv;
625 }
626
627 /* Return the receive message for the given sequence number and
628    release the sequence number so it can be reused.  Some other data
629    is passed in to be sure the message matches up correctly (to help
630    guard against message coming in after their timeout and the
631    sequence number being reused). */
632 static int intf_find_seq(ipmi_smi_t           intf,
633                          unsigned char        seq,
634                          short                channel,
635                          unsigned char        cmd,
636                          unsigned char        netfn,
637                          struct ipmi_addr     *addr,
638                          struct ipmi_recv_msg **recv_msg)
639 {
640         int           rv = -ENODEV;
641         unsigned long flags;
642
643         if (seq >= IPMI_IPMB_NUM_SEQ)
644                 return -EINVAL;
645
646         spin_lock_irqsave(&(intf->seq_lock), flags);
647         if (intf->seq_table[seq].inuse) {
648                 struct ipmi_recv_msg *msg = intf->seq_table[seq].recv_msg;
649
650                 if ((msg->addr.channel == channel)
651                     && (msg->msg.cmd == cmd)
652                     && (msg->msg.netfn == netfn)
653                     && (ipmi_addr_equal(addr, &(msg->addr))))
654                 {
655                         *recv_msg = msg;
656                         intf->seq_table[seq].inuse = 0;
657                         rv = 0;
658                 }
659         }
660         spin_unlock_irqrestore(&(intf->seq_lock), flags);
661
662         return rv;
663 }
664
665
666 /* Start the timer for a specific sequence table entry. */
667 static int intf_start_seq_timer(ipmi_smi_t intf,
668                                 long       msgid)
669 {
670         int           rv = -ENODEV;
671         unsigned long flags;
672         unsigned char seq;
673         unsigned long seqid;
674
675
676         GET_SEQ_FROM_MSGID(msgid, seq, seqid);
677
678         spin_lock_irqsave(&(intf->seq_lock), flags);
679         /* We do this verification because the user can be deleted
680            while a message is outstanding. */
681         if ((intf->seq_table[seq].inuse)
682             && (intf->seq_table[seq].seqid == seqid))
683         {
684                 struct seq_table *ent = &(intf->seq_table[seq]);
685                 ent->timeout = ent->orig_timeout;
686                 rv = 0;
687         }
688         spin_unlock_irqrestore(&(intf->seq_lock), flags);
689
690         return rv;
691 }
692
693 /* Got an error for the send message for a specific sequence number. */
694 static int intf_err_seq(ipmi_smi_t   intf,
695                         long         msgid,
696                         unsigned int err)
697 {
698         int                  rv = -ENODEV;
699         unsigned long        flags;
700         unsigned char        seq;
701         unsigned long        seqid;
702         struct ipmi_recv_msg *msg = NULL;
703
704
705         GET_SEQ_FROM_MSGID(msgid, seq, seqid);
706
707         spin_lock_irqsave(&(intf->seq_lock), flags);
708         /* We do this verification because the user can be deleted
709            while a message is outstanding. */
710         if ((intf->seq_table[seq].inuse)
711             && (intf->seq_table[seq].seqid == seqid))
712         {
713                 struct seq_table *ent = &(intf->seq_table[seq]);
714
715                 ent->inuse = 0;
716                 msg = ent->recv_msg;
717                 rv = 0;
718         }
719         spin_unlock_irqrestore(&(intf->seq_lock), flags);
720
721         if (msg) {
722                 msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
723                 msg->msg_data[0] = err;
724                 msg->msg.netfn |= 1; /* Convert to a response. */
725                 msg->msg.data_len = 1;
726                 msg->msg.data = msg->msg_data;
727                 deliver_response(msg);
728         }
729
730         return rv;
731 }
732
733
734 int ipmi_create_user(unsigned int          if_num,
735                      struct ipmi_user_hndl *handler,
736                      void                  *handler_data,
737                      ipmi_user_t           *user)
738 {
739         unsigned long flags;
740         ipmi_user_t   new_user;
741         int           rv = 0;
742         ipmi_smi_t    intf;
743
744         /* There is no module usecount here, because it's not
745            required.  Since this can only be used by and called from
746            other modules, they will implicitly use this module, and
747            thus this can't be removed unless the other modules are
748            removed. */
749
750         if (handler == NULL)
751                 return -EINVAL;
752
753         /* Make sure the driver is actually initialized, this handles
754            problems with initialization order. */
755         if (!initialized) {
756                 rv = ipmi_init_msghandler();
757                 if (rv)
758                         return rv;
759
760                 /* The init code doesn't return an error if it was turned
761                    off, but it won't initialize.  Check that. */
762                 if (!initialized)
763                         return -ENODEV;
764         }
765
766         new_user = kmalloc(sizeof(*new_user), GFP_KERNEL);
767         if (!new_user)
768                 return -ENOMEM;
769
770         spin_lock_irqsave(&interfaces_lock, flags);
771         intf = ipmi_interfaces[if_num];
772         if ((if_num >= MAX_IPMI_INTERFACES) || IPMI_INVALID_INTERFACE(intf)) {
773                 spin_unlock_irqrestore(&interfaces_lock, flags);
774                 rv = -EINVAL;
775                 goto out_kfree;
776         }
777
778         /* Note that each existing user holds a refcount to the interface. */
779         kref_get(&intf->refcount);
780         spin_unlock_irqrestore(&interfaces_lock, flags);
781
782         kref_init(&new_user->refcount);
783         new_user->handler = handler;
784         new_user->handler_data = handler_data;
785         new_user->intf = intf;
786         new_user->gets_events = 0;
787
788         if (!try_module_get(intf->handlers->owner)) {
789                 rv = -ENODEV;
790                 goto out_kref;
791         }
792
793         if (intf->handlers->inc_usecount) {
794                 rv = intf->handlers->inc_usecount(intf->send_info);
795                 if (rv) {
796                         module_put(intf->handlers->owner);
797                         goto out_kref;
798                 }
799         }
800
801         new_user->valid = 1;
802         spin_lock_irqsave(&intf->seq_lock, flags);
803         list_add_rcu(&new_user->link, &intf->users);
804         spin_unlock_irqrestore(&intf->seq_lock, flags);
805         *user = new_user;
806         return 0;
807
808 out_kref:
809         kref_put(&intf->refcount, intf_free);
810 out_kfree:
811         kfree(new_user);
812         return rv;
813 }
814
815 static void free_user(struct kref *ref)
816 {
817         ipmi_user_t user = container_of(ref, struct ipmi_user, refcount);
818         kfree(user);
819 }
820
821 int ipmi_destroy_user(ipmi_user_t user)
822 {
823         ipmi_smi_t       intf = user->intf;
824         int              i;
825         unsigned long    flags;
826         struct cmd_rcvr  *rcvr;
827         struct cmd_rcvr  *rcvrs = NULL;
828
829         user->valid = 0;
830
831         /* Remove the user from the interface's sequence table. */
832         spin_lock_irqsave(&intf->seq_lock, flags);
833         list_del_rcu(&user->link);
834
835         for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
836                 if (intf->seq_table[i].inuse
837                     && (intf->seq_table[i].recv_msg->user == user))
838                 {
839                         intf->seq_table[i].inuse = 0;
840                 }
841         }
842         spin_unlock_irqrestore(&intf->seq_lock, flags);
843
844         /*
845          * Remove the user from the command receiver's table.  First
846          * we build a list of everything (not using the standard link,
847          * since other things may be using it till we do
848          * synchronize_rcu()) then free everything in that list.
849          */
850         mutex_lock(&intf->cmd_rcvrs_mutex);
851         list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
852                 if (rcvr->user == user) {
853                         list_del_rcu(&rcvr->link);
854                         rcvr->next = rcvrs;
855                         rcvrs = rcvr;
856                 }
857         }
858         mutex_unlock(&intf->cmd_rcvrs_mutex);
859         synchronize_rcu();
860         while (rcvrs) {
861                 rcvr = rcvrs;
862                 rcvrs = rcvr->next;
863                 kfree(rcvr);
864         }
865
866         module_put(intf->handlers->owner);
867         if (intf->handlers->dec_usecount)
868                 intf->handlers->dec_usecount(intf->send_info);
869
870         kref_put(&intf->refcount, intf_free);
871
872         kref_put(&user->refcount, free_user);
873
874         return 0;
875 }
876
877 void ipmi_get_version(ipmi_user_t   user,
878                       unsigned char *major,
879                       unsigned char *minor)
880 {
881         *major = ipmi_version_major(&user->intf->bmc->id);
882         *minor = ipmi_version_minor(&user->intf->bmc->id);
883 }
884
885 int ipmi_set_my_address(ipmi_user_t   user,
886                         unsigned int  channel,
887                         unsigned char address)
888 {
889         if (channel >= IPMI_MAX_CHANNELS)
890                 return -EINVAL;
891         user->intf->channels[channel].address = address;
892         return 0;
893 }
894
895 int ipmi_get_my_address(ipmi_user_t   user,
896                         unsigned int  channel,
897                         unsigned char *address)
898 {
899         if (channel >= IPMI_MAX_CHANNELS)
900                 return -EINVAL;
901         *address = user->intf->channels[channel].address;
902         return 0;
903 }
904
905 int ipmi_set_my_LUN(ipmi_user_t   user,
906                     unsigned int  channel,
907                     unsigned char LUN)
908 {
909         if (channel >= IPMI_MAX_CHANNELS)
910                 return -EINVAL;
911         user->intf->channels[channel].lun = LUN & 0x3;
912         return 0;
913 }
914
915 int ipmi_get_my_LUN(ipmi_user_t   user,
916                     unsigned int  channel,
917                     unsigned char *address)
918 {
919         if (channel >= IPMI_MAX_CHANNELS)
920                 return -EINVAL;
921         *address = user->intf->channels[channel].lun;
922         return 0;
923 }
924
925 int ipmi_set_gets_events(ipmi_user_t user, int val)
926 {
927         unsigned long        flags;
928         ipmi_smi_t           intf = user->intf;
929         struct ipmi_recv_msg *msg, *msg2;
930         struct list_head     msgs;
931
932         INIT_LIST_HEAD(&msgs);
933
934         spin_lock_irqsave(&intf->events_lock, flags);
935         user->gets_events = val;
936
937         if (val) {
938                 /* Deliver any queued events. */
939                 list_for_each_entry_safe(msg, msg2, &intf->waiting_events,
940                                          link) {
941                         list_del(&msg->link);
942                         list_add_tail(&msg->link, &msgs);
943                 }
944                 intf->waiting_events_count = 0;
945         }
946
947         /* Hold the events lock while doing this to preserve order. */
948         list_for_each_entry_safe(msg, msg2, &msgs, link) {
949                 msg->user = user;
950                 kref_get(&user->refcount);
951                 deliver_response(msg);
952         }
953
954         spin_unlock_irqrestore(&intf->events_lock, flags);
955
956         return 0;
957 }
958
959 static struct cmd_rcvr *find_cmd_rcvr(ipmi_smi_t    intf,
960                                       unsigned char netfn,
961                                       unsigned char cmd)
962 {
963         struct cmd_rcvr *rcvr;
964
965         list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
966                 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd))
967                         return rcvr;
968         }
969         return NULL;
970 }
971
972 int ipmi_register_for_cmd(ipmi_user_t   user,
973                           unsigned char netfn,
974                           unsigned char cmd)
975 {
976         ipmi_smi_t      intf = user->intf;
977         struct cmd_rcvr *rcvr;
978         struct cmd_rcvr *entry;
979         int             rv = 0;
980
981
982         rcvr = kmalloc(sizeof(*rcvr), GFP_KERNEL);
983         if (!rcvr)
984                 return -ENOMEM;
985         rcvr->cmd = cmd;
986         rcvr->netfn = netfn;
987         rcvr->user = user;
988
989         mutex_lock(&intf->cmd_rcvrs_mutex);
990         /* Make sure the command/netfn is not already registered. */
991         entry = find_cmd_rcvr(intf, netfn, cmd);
992         if (entry) {
993                 rv = -EBUSY;
994                 goto out_unlock;
995         }
996
997         list_add_rcu(&rcvr->link, &intf->cmd_rcvrs);
998
999  out_unlock:
1000         mutex_unlock(&intf->cmd_rcvrs_mutex);
1001         if (rv)
1002                 kfree(rcvr);
1003
1004         return rv;
1005 }
1006
1007 int ipmi_unregister_for_cmd(ipmi_user_t   user,
1008                             unsigned char netfn,
1009                             unsigned char cmd)
1010 {
1011         ipmi_smi_t      intf = user->intf;
1012         struct cmd_rcvr *rcvr;
1013
1014         mutex_lock(&intf->cmd_rcvrs_mutex);
1015         /* Make sure the command/netfn is not already registered. */
1016         rcvr = find_cmd_rcvr(intf, netfn, cmd);
1017         if ((rcvr) && (rcvr->user == user)) {
1018                 list_del_rcu(&rcvr->link);
1019                 mutex_unlock(&intf->cmd_rcvrs_mutex);
1020                 synchronize_rcu();
1021                 kfree(rcvr);
1022                 return 0;
1023         } else {
1024                 mutex_unlock(&intf->cmd_rcvrs_mutex);
1025                 return -ENOENT;
1026         }
1027 }
1028
1029 void ipmi_user_set_run_to_completion(ipmi_user_t user, int val)
1030 {
1031         ipmi_smi_t intf = user->intf;
1032         intf->handlers->set_run_to_completion(intf->send_info, val);
1033 }
1034
1035 static unsigned char
1036 ipmb_checksum(unsigned char *data, int size)
1037 {
1038         unsigned char csum = 0;
1039         
1040         for (; size > 0; size--, data++)
1041                 csum += *data;
1042
1043         return -csum;
1044 }
1045
1046 static inline void format_ipmb_msg(struct ipmi_smi_msg   *smi_msg,
1047                                    struct kernel_ipmi_msg *msg,
1048                                    struct ipmi_ipmb_addr *ipmb_addr,
1049                                    long                  msgid,
1050                                    unsigned char         ipmb_seq,
1051                                    int                   broadcast,
1052                                    unsigned char         source_address,
1053                                    unsigned char         source_lun)
1054 {
1055         int i = broadcast;
1056
1057         /* Format the IPMB header data. */
1058         smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
1059         smi_msg->data[1] = IPMI_SEND_MSG_CMD;
1060         smi_msg->data[2] = ipmb_addr->channel;
1061         if (broadcast)
1062                 smi_msg->data[3] = 0;
1063         smi_msg->data[i+3] = ipmb_addr->slave_addr;
1064         smi_msg->data[i+4] = (msg->netfn << 2) | (ipmb_addr->lun & 0x3);
1065         smi_msg->data[i+5] = ipmb_checksum(&(smi_msg->data[i+3]), 2);
1066         smi_msg->data[i+6] = source_address;
1067         smi_msg->data[i+7] = (ipmb_seq << 2) | source_lun;
1068         smi_msg->data[i+8] = msg->cmd;
1069
1070         /* Now tack on the data to the message. */
1071         if (msg->data_len > 0)
1072                 memcpy(&(smi_msg->data[i+9]), msg->data,
1073                        msg->data_len);
1074         smi_msg->data_size = msg->data_len + 9;
1075
1076         /* Now calculate the checksum and tack it on. */
1077         smi_msg->data[i+smi_msg->data_size]
1078                 = ipmb_checksum(&(smi_msg->data[i+6]),
1079                                 smi_msg->data_size-6);
1080
1081         /* Add on the checksum size and the offset from the
1082            broadcast. */
1083         smi_msg->data_size += 1 + i;
1084
1085         smi_msg->msgid = msgid;
1086 }
1087
1088 static inline void format_lan_msg(struct ipmi_smi_msg   *smi_msg,
1089                                   struct kernel_ipmi_msg *msg,
1090                                   struct ipmi_lan_addr  *lan_addr,
1091                                   long                  msgid,
1092                                   unsigned char         ipmb_seq,
1093                                   unsigned char         source_lun)
1094 {
1095         /* Format the IPMB header data. */
1096         smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
1097         smi_msg->data[1] = IPMI_SEND_MSG_CMD;
1098         smi_msg->data[2] = lan_addr->channel;
1099         smi_msg->data[3] = lan_addr->session_handle;
1100         smi_msg->data[4] = lan_addr->remote_SWID;
1101         smi_msg->data[5] = (msg->netfn << 2) | (lan_addr->lun & 0x3);
1102         smi_msg->data[6] = ipmb_checksum(&(smi_msg->data[4]), 2);
1103         smi_msg->data[7] = lan_addr->local_SWID;
1104         smi_msg->data[8] = (ipmb_seq << 2) | source_lun;
1105         smi_msg->data[9] = msg->cmd;
1106
1107         /* Now tack on the data to the message. */
1108         if (msg->data_len > 0)
1109                 memcpy(&(smi_msg->data[10]), msg->data,
1110                        msg->data_len);
1111         smi_msg->data_size = msg->data_len + 10;
1112
1113         /* Now calculate the checksum and tack it on. */
1114         smi_msg->data[smi_msg->data_size]
1115                 = ipmb_checksum(&(smi_msg->data[7]),
1116                                 smi_msg->data_size-7);
1117
1118         /* Add on the checksum size and the offset from the
1119            broadcast. */
1120         smi_msg->data_size += 1;
1121
1122         smi_msg->msgid = msgid;
1123 }
1124
1125 /* Separate from ipmi_request so that the user does not have to be
1126    supplied in certain circumstances (mainly at panic time).  If
1127    messages are supplied, they will be freed, even if an error
1128    occurs. */
1129 static int i_ipmi_request(ipmi_user_t          user,
1130                           ipmi_smi_t           intf,
1131                           struct ipmi_addr     *addr,
1132                           long                 msgid,
1133                           struct kernel_ipmi_msg *msg,
1134                           void                 *user_msg_data,
1135                           void                 *supplied_smi,
1136                           struct ipmi_recv_msg *supplied_recv,
1137                           int                  priority,
1138                           unsigned char        source_address,
1139                           unsigned char        source_lun,
1140                           int                  retries,
1141                           unsigned int         retry_time_ms)
1142 {
1143         int                  rv = 0;
1144         struct ipmi_smi_msg  *smi_msg;
1145         struct ipmi_recv_msg *recv_msg;
1146         unsigned long        flags;
1147
1148
1149         if (supplied_recv) {
1150                 recv_msg = supplied_recv;
1151         } else {
1152                 recv_msg = ipmi_alloc_recv_msg();
1153                 if (recv_msg == NULL) {
1154                         return -ENOMEM;
1155                 }
1156         }
1157         recv_msg->user_msg_data = user_msg_data;
1158
1159         if (supplied_smi) {
1160                 smi_msg = (struct ipmi_smi_msg *) supplied_smi;
1161         } else {
1162                 smi_msg = ipmi_alloc_smi_msg();
1163                 if (smi_msg == NULL) {
1164                         ipmi_free_recv_msg(recv_msg);
1165                         return -ENOMEM;
1166                 }
1167         }
1168
1169         recv_msg->user = user;
1170         if (user)
1171                 kref_get(&user->refcount);
1172         recv_msg->msgid = msgid;
1173         /* Store the message to send in the receive message so timeout
1174            responses can get the proper response data. */
1175         recv_msg->msg = *msg;
1176
1177         if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
1178                 struct ipmi_system_interface_addr *smi_addr;
1179
1180                 if (msg->netfn & 1) {
1181                         /* Responses are not allowed to the SMI. */
1182                         rv = -EINVAL;
1183                         goto out_err;
1184                 }
1185
1186                 smi_addr = (struct ipmi_system_interface_addr *) addr;
1187                 if (smi_addr->lun > 3) {
1188                         spin_lock_irqsave(&intf->counter_lock, flags);
1189                         intf->sent_invalid_commands++;
1190                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1191                         rv = -EINVAL;
1192                         goto out_err;
1193                 }
1194
1195                 memcpy(&recv_msg->addr, smi_addr, sizeof(*smi_addr));
1196
1197                 if ((msg->netfn == IPMI_NETFN_APP_REQUEST)
1198                     && ((msg->cmd == IPMI_SEND_MSG_CMD)
1199                         || (msg->cmd == IPMI_GET_MSG_CMD)
1200                         || (msg->cmd == IPMI_READ_EVENT_MSG_BUFFER_CMD)))
1201                 {
1202                         /* We don't let the user do these, since we manage
1203                            the sequence numbers. */
1204                         spin_lock_irqsave(&intf->counter_lock, flags);
1205                         intf->sent_invalid_commands++;
1206                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1207                         rv = -EINVAL;
1208                         goto out_err;
1209                 }
1210
1211                 if ((msg->data_len + 2) > IPMI_MAX_MSG_LENGTH) {
1212                         spin_lock_irqsave(&intf->counter_lock, flags);
1213                         intf->sent_invalid_commands++;
1214                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1215                         rv = -EMSGSIZE;
1216                         goto out_err;
1217                 }
1218
1219                 smi_msg->data[0] = (msg->netfn << 2) | (smi_addr->lun & 0x3);
1220                 smi_msg->data[1] = msg->cmd;
1221                 smi_msg->msgid = msgid;
1222                 smi_msg->user_data = recv_msg;
1223                 if (msg->data_len > 0)
1224                         memcpy(&(smi_msg->data[2]), msg->data, msg->data_len);
1225                 smi_msg->data_size = msg->data_len + 2;
1226                 spin_lock_irqsave(&intf->counter_lock, flags);
1227                 intf->sent_local_commands++;
1228                 spin_unlock_irqrestore(&intf->counter_lock, flags);
1229         } else if ((addr->addr_type == IPMI_IPMB_ADDR_TYPE)
1230                    || (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
1231         {
1232                 struct ipmi_ipmb_addr *ipmb_addr;
1233                 unsigned char         ipmb_seq;
1234                 long                  seqid;
1235                 int                   broadcast = 0;
1236
1237                 if (addr->channel >= IPMI_MAX_CHANNELS) {
1238                         spin_lock_irqsave(&intf->counter_lock, flags);
1239                         intf->sent_invalid_commands++;
1240                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1241                         rv = -EINVAL;
1242                         goto out_err;
1243                 }
1244
1245                 if (intf->channels[addr->channel].medium
1246                     != IPMI_CHANNEL_MEDIUM_IPMB)
1247                 {
1248                         spin_lock_irqsave(&intf->counter_lock, flags);
1249                         intf->sent_invalid_commands++;
1250                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1251                         rv = -EINVAL;
1252                         goto out_err;
1253                 }
1254
1255                 if (retries < 0) {
1256                     if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)
1257                         retries = 0; /* Don't retry broadcasts. */
1258                     else
1259                         retries = 4;
1260                 }
1261                 if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE) {
1262                     /* Broadcasts add a zero at the beginning of the
1263                        message, but otherwise is the same as an IPMB
1264                        address. */
1265                     addr->addr_type = IPMI_IPMB_ADDR_TYPE;
1266                     broadcast = 1;
1267                 }
1268
1269
1270                 /* Default to 1 second retries. */
1271                 if (retry_time_ms == 0)
1272                     retry_time_ms = 1000;
1273
1274                 /* 9 for the header and 1 for the checksum, plus
1275                    possibly one for the broadcast. */
1276                 if ((msg->data_len + 10 + broadcast) > IPMI_MAX_MSG_LENGTH) {
1277                         spin_lock_irqsave(&intf->counter_lock, flags);
1278                         intf->sent_invalid_commands++;
1279                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1280                         rv = -EMSGSIZE;
1281                         goto out_err;
1282                 }
1283
1284                 ipmb_addr = (struct ipmi_ipmb_addr *) addr;
1285                 if (ipmb_addr->lun > 3) {
1286                         spin_lock_irqsave(&intf->counter_lock, flags);
1287                         intf->sent_invalid_commands++;
1288                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1289                         rv = -EINVAL;
1290                         goto out_err;
1291                 }
1292
1293                 memcpy(&recv_msg->addr, ipmb_addr, sizeof(*ipmb_addr));
1294
1295                 if (recv_msg->msg.netfn & 0x1) {
1296                         /* It's a response, so use the user's sequence
1297                            from msgid. */
1298                         spin_lock_irqsave(&intf->counter_lock, flags);
1299                         intf->sent_ipmb_responses++;
1300                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1301                         format_ipmb_msg(smi_msg, msg, ipmb_addr, msgid,
1302                                         msgid, broadcast,
1303                                         source_address, source_lun);
1304
1305                         /* Save the receive message so we can use it
1306                            to deliver the response. */
1307                         smi_msg->user_data = recv_msg;
1308                 } else {
1309                         /* It's a command, so get a sequence for it. */
1310
1311                         spin_lock_irqsave(&(intf->seq_lock), flags);
1312
1313                         spin_lock(&intf->counter_lock);
1314                         intf->sent_ipmb_commands++;
1315                         spin_unlock(&intf->counter_lock);
1316
1317                         /* Create a sequence number with a 1 second
1318                            timeout and 4 retries. */
1319                         rv = intf_next_seq(intf,
1320                                            recv_msg,
1321                                            retry_time_ms,
1322                                            retries,
1323                                            broadcast,
1324                                            &ipmb_seq,
1325                                            &seqid);
1326                         if (rv) {
1327                                 /* We have used up all the sequence numbers,
1328                                    probably, so abort. */
1329                                 spin_unlock_irqrestore(&(intf->seq_lock),
1330                                                        flags);
1331                                 goto out_err;
1332                         }
1333
1334                         /* Store the sequence number in the message,
1335                            so that when the send message response
1336                            comes back we can start the timer. */
1337                         format_ipmb_msg(smi_msg, msg, ipmb_addr,
1338                                         STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
1339                                         ipmb_seq, broadcast,
1340                                         source_address, source_lun);
1341
1342                         /* Copy the message into the recv message data, so we
1343                            can retransmit it later if necessary. */
1344                         memcpy(recv_msg->msg_data, smi_msg->data,
1345                                smi_msg->data_size);
1346                         recv_msg->msg.data = recv_msg->msg_data;
1347                         recv_msg->msg.data_len = smi_msg->data_size;
1348
1349                         /* We don't unlock until here, because we need
1350                            to copy the completed message into the
1351                            recv_msg before we release the lock.
1352                            Otherwise, race conditions may bite us.  I
1353                            know that's pretty paranoid, but I prefer
1354                            to be correct. */
1355                         spin_unlock_irqrestore(&(intf->seq_lock), flags);
1356                 }
1357         } else if (addr->addr_type == IPMI_LAN_ADDR_TYPE) {
1358                 struct ipmi_lan_addr  *lan_addr;
1359                 unsigned char         ipmb_seq;
1360                 long                  seqid;
1361
1362                 if (addr->channel >= IPMI_MAX_CHANNELS) {
1363                         spin_lock_irqsave(&intf->counter_lock, flags);
1364                         intf->sent_invalid_commands++;
1365                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1366                         rv = -EINVAL;
1367                         goto out_err;
1368                 }
1369
1370                 if ((intf->channels[addr->channel].medium
1371                     != IPMI_CHANNEL_MEDIUM_8023LAN)
1372                     && (intf->channels[addr->channel].medium
1373                         != IPMI_CHANNEL_MEDIUM_ASYNC))
1374                 {
1375                         spin_lock_irqsave(&intf->counter_lock, flags);
1376                         intf->sent_invalid_commands++;
1377                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1378                         rv = -EINVAL;
1379                         goto out_err;
1380                 }
1381
1382                 retries = 4;
1383
1384                 /* Default to 1 second retries. */
1385                 if (retry_time_ms == 0)
1386                     retry_time_ms = 1000;
1387
1388                 /* 11 for the header and 1 for the checksum. */
1389                 if ((msg->data_len + 12) > IPMI_MAX_MSG_LENGTH) {
1390                         spin_lock_irqsave(&intf->counter_lock, flags);
1391                         intf->sent_invalid_commands++;
1392                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1393                         rv = -EMSGSIZE;
1394                         goto out_err;
1395                 }
1396
1397                 lan_addr = (struct ipmi_lan_addr *) addr;
1398                 if (lan_addr->lun > 3) {
1399                         spin_lock_irqsave(&intf->counter_lock, flags);
1400                         intf->sent_invalid_commands++;
1401                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1402                         rv = -EINVAL;
1403                         goto out_err;
1404                 }
1405
1406                 memcpy(&recv_msg->addr, lan_addr, sizeof(*lan_addr));
1407
1408                 if (recv_msg->msg.netfn & 0x1) {
1409                         /* It's a response, so use the user's sequence
1410                            from msgid. */
1411                         spin_lock_irqsave(&intf->counter_lock, flags);
1412                         intf->sent_lan_responses++;
1413                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1414                         format_lan_msg(smi_msg, msg, lan_addr, msgid,
1415                                        msgid, source_lun);
1416
1417                         /* Save the receive message so we can use it
1418                            to deliver the response. */
1419                         smi_msg->user_data = recv_msg;
1420                 } else {
1421                         /* It's a command, so get a sequence for it. */
1422
1423                         spin_lock_irqsave(&(intf->seq_lock), flags);
1424
1425                         spin_lock(&intf->counter_lock);
1426                         intf->sent_lan_commands++;
1427                         spin_unlock(&intf->counter_lock);
1428
1429                         /* Create a sequence number with a 1 second
1430                            timeout and 4 retries. */
1431                         rv = intf_next_seq(intf,
1432                                            recv_msg,
1433                                            retry_time_ms,
1434                                            retries,
1435                                            0,
1436                                            &ipmb_seq,
1437                                            &seqid);
1438                         if (rv) {
1439                                 /* We have used up all the sequence numbers,
1440                                    probably, so abort. */
1441                                 spin_unlock_irqrestore(&(intf->seq_lock),
1442                                                        flags);
1443                                 goto out_err;
1444                         }
1445
1446                         /* Store the sequence number in the message,
1447                            so that when the send message response
1448                            comes back we can start the timer. */
1449                         format_lan_msg(smi_msg, msg, lan_addr,
1450                                        STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
1451                                        ipmb_seq, source_lun);
1452
1453                         /* Copy the message into the recv message data, so we
1454                            can retransmit it later if necessary. */
1455                         memcpy(recv_msg->msg_data, smi_msg->data,
1456                                smi_msg->data_size);
1457                         recv_msg->msg.data = recv_msg->msg_data;
1458                         recv_msg->msg.data_len = smi_msg->data_size;
1459
1460                         /* We don't unlock until here, because we need
1461                            to copy the completed message into the
1462                            recv_msg before we release the lock.
1463                            Otherwise, race conditions may bite us.  I
1464                            know that's pretty paranoid, but I prefer
1465                            to be correct. */
1466                         spin_unlock_irqrestore(&(intf->seq_lock), flags);
1467                 }
1468         } else {
1469             /* Unknown address type. */
1470                 spin_lock_irqsave(&intf->counter_lock, flags);
1471                 intf->sent_invalid_commands++;
1472                 spin_unlock_irqrestore(&intf->counter_lock, flags);
1473                 rv = -EINVAL;
1474                 goto out_err;
1475         }
1476
1477 #ifdef DEBUG_MSGING
1478         {
1479                 int m;
1480                 for (m = 0; m < smi_msg->data_size; m++)
1481                         printk(" %2.2x", smi_msg->data[m]);
1482                 printk("\n");
1483         }
1484 #endif
1485         intf->handlers->sender(intf->send_info, smi_msg, priority);
1486
1487         return 0;
1488
1489  out_err:
1490         ipmi_free_smi_msg(smi_msg);
1491         ipmi_free_recv_msg(recv_msg);
1492         return rv;
1493 }
1494
1495 static int check_addr(ipmi_smi_t       intf,
1496                       struct ipmi_addr *addr,
1497                       unsigned char    *saddr,
1498                       unsigned char    *lun)
1499 {
1500         if (addr->channel >= IPMI_MAX_CHANNELS)
1501                 return -EINVAL;
1502         *lun = intf->channels[addr->channel].lun;
1503         *saddr = intf->channels[addr->channel].address;
1504         return 0;
1505 }
1506
1507 int ipmi_request_settime(ipmi_user_t      user,
1508                          struct ipmi_addr *addr,
1509                          long             msgid,
1510                          struct kernel_ipmi_msg  *msg,
1511                          void             *user_msg_data,
1512                          int              priority,
1513                          int              retries,
1514                          unsigned int     retry_time_ms)
1515 {
1516         unsigned char saddr, lun;
1517         int           rv;
1518
1519         if (!user)
1520                 return -EINVAL;
1521         rv = check_addr(user->intf, addr, &saddr, &lun);
1522         if (rv)
1523                 return rv;
1524         return i_ipmi_request(user,
1525                               user->intf,
1526                               addr,
1527                               msgid,
1528                               msg,
1529                               user_msg_data,
1530                               NULL, NULL,
1531                               priority,
1532                               saddr,
1533                               lun,
1534                               retries,
1535                               retry_time_ms);
1536 }
1537
1538 int ipmi_request_supply_msgs(ipmi_user_t          user,
1539                              struct ipmi_addr     *addr,
1540                              long                 msgid,
1541                              struct kernel_ipmi_msg *msg,
1542                              void                 *user_msg_data,
1543                              void                 *supplied_smi,
1544                              struct ipmi_recv_msg *supplied_recv,
1545                              int                  priority)
1546 {
1547         unsigned char saddr, lun;
1548         int           rv;
1549
1550         if (!user)
1551                 return -EINVAL;
1552         rv = check_addr(user->intf, addr, &saddr, &lun);
1553         if (rv)
1554                 return rv;
1555         return i_ipmi_request(user,
1556                               user->intf,
1557                               addr,
1558                               msgid,
1559                               msg,
1560                               user_msg_data,
1561                               supplied_smi,
1562                               supplied_recv,
1563                               priority,
1564                               saddr,
1565                               lun,
1566                               -1, 0);
1567 }
1568
1569 static int ipmb_file_read_proc(char *page, char **start, off_t off,
1570                                int count, int *eof, void *data)
1571 {
1572         char       *out = (char *) page;
1573         ipmi_smi_t intf = data;
1574         int        i;
1575         int        rv = 0;
1576
1577         for (i = 0; i < IPMI_MAX_CHANNELS; i++)
1578                 rv += sprintf(out+rv, "%x ", intf->channels[i].address);
1579         out[rv-1] = '\n'; /* Replace the final space with a newline */
1580         out[rv] = '\0';
1581         rv++;
1582         return rv;
1583 }
1584
1585 static int version_file_read_proc(char *page, char **start, off_t off,
1586                                   int count, int *eof, void *data)
1587 {
1588         char       *out = (char *) page;
1589         ipmi_smi_t intf = data;
1590
1591         return sprintf(out, "%d.%d\n",
1592                        ipmi_version_major(&intf->bmc->id),
1593                        ipmi_version_minor(&intf->bmc->id));
1594 }
1595
1596 static int stat_file_read_proc(char *page, char **start, off_t off,
1597                                int count, int *eof, void *data)
1598 {
1599         char       *out = (char *) page;
1600         ipmi_smi_t intf = data;
1601
1602         out += sprintf(out, "sent_invalid_commands:       %d\n",
1603                        intf->sent_invalid_commands);
1604         out += sprintf(out, "sent_local_commands:         %d\n",
1605                        intf->sent_local_commands);
1606         out += sprintf(out, "handled_local_responses:     %d\n",
1607                        intf->handled_local_responses);
1608         out += sprintf(out, "unhandled_local_responses:   %d\n",
1609                        intf->unhandled_local_responses);
1610         out += sprintf(out, "sent_ipmb_commands:          %d\n",
1611                        intf->sent_ipmb_commands);
1612         out += sprintf(out, "sent_ipmb_command_errs:      %d\n",
1613                        intf->sent_ipmb_command_errs);
1614         out += sprintf(out, "retransmitted_ipmb_commands: %d\n",
1615                        intf->retransmitted_ipmb_commands);
1616         out += sprintf(out, "timed_out_ipmb_commands:     %d\n",
1617                        intf->timed_out_ipmb_commands);
1618         out += sprintf(out, "timed_out_ipmb_broadcasts:   %d\n",
1619                        intf->timed_out_ipmb_broadcasts);
1620         out += sprintf(out, "sent_ipmb_responses:         %d\n",
1621                        intf->sent_ipmb_responses);
1622         out += sprintf(out, "handled_ipmb_responses:      %d\n",
1623                        intf->handled_ipmb_responses);
1624         out += sprintf(out, "invalid_ipmb_responses:      %d\n",
1625                        intf->invalid_ipmb_responses);
1626         out += sprintf(out, "unhandled_ipmb_responses:    %d\n",
1627                        intf->unhandled_ipmb_responses);
1628         out += sprintf(out, "sent_lan_commands:           %d\n",
1629                        intf->sent_lan_commands);
1630         out += sprintf(out, "sent_lan_command_errs:       %d\n",
1631                        intf->sent_lan_command_errs);
1632         out += sprintf(out, "retransmitted_lan_commands:  %d\n",
1633                        intf->retransmitted_lan_commands);
1634         out += sprintf(out, "timed_out_lan_commands:      %d\n",
1635                        intf->timed_out_lan_commands);
1636         out += sprintf(out, "sent_lan_responses:          %d\n",
1637                        intf->sent_lan_responses);
1638         out += sprintf(out, "handled_lan_responses:       %d\n",
1639                        intf->handled_lan_responses);
1640         out += sprintf(out, "invalid_lan_responses:       %d\n",
1641                        intf->invalid_lan_responses);
1642         out += sprintf(out, "unhandled_lan_responses:     %d\n",
1643                        intf->unhandled_lan_responses);
1644         out += sprintf(out, "handled_commands:            %d\n",
1645                        intf->handled_commands);
1646         out += sprintf(out, "invalid_commands:            %d\n",
1647                        intf->invalid_commands);
1648         out += sprintf(out, "unhandled_commands:          %d\n",
1649                        intf->unhandled_commands);
1650         out += sprintf(out, "invalid_events:              %d\n",
1651                        intf->invalid_events);
1652         out += sprintf(out, "events:                      %d\n",
1653                        intf->events);
1654
1655         return (out - ((char *) page));
1656 }
1657
1658 int ipmi_smi_add_proc_entry(ipmi_smi_t smi, char *name,
1659                             read_proc_t *read_proc, write_proc_t *write_proc,
1660                             void *data, struct module *owner)
1661 {
1662         int                    rv = 0;
1663 #ifdef CONFIG_PROC_FS
1664         struct proc_dir_entry  *file;
1665         struct ipmi_proc_entry *entry;
1666
1667         /* Create a list element. */
1668         entry = kmalloc(sizeof(*entry), GFP_KERNEL);
1669         if (!entry)
1670                 return -ENOMEM;
1671         entry->name = kmalloc(strlen(name)+1, GFP_KERNEL);
1672         if (!entry->name) {
1673                 kfree(entry);
1674                 return -ENOMEM;
1675         }
1676         strcpy(entry->name, name);
1677
1678         file = create_proc_entry(name, 0, smi->proc_dir);
1679         if (!file) {
1680                 kfree(entry->name);
1681                 kfree(entry);
1682                 rv = -ENOMEM;
1683         } else {
1684                 file->nlink = 1;
1685                 file->data = data;
1686                 file->read_proc = read_proc;
1687                 file->write_proc = write_proc;
1688                 file->owner = owner;
1689
1690                 spin_lock(&smi->proc_entry_lock);
1691                 /* Stick it on the list. */
1692                 entry->next = smi->proc_entries;
1693                 smi->proc_entries = entry;
1694                 spin_unlock(&smi->proc_entry_lock);
1695         }
1696 #endif /* CONFIG_PROC_FS */
1697
1698         return rv;
1699 }
1700
1701 static int add_proc_entries(ipmi_smi_t smi, int num)
1702 {
1703         int rv = 0;
1704
1705 #ifdef CONFIG_PROC_FS
1706         sprintf(smi->proc_dir_name, "%d", num);
1707         smi->proc_dir = proc_mkdir(smi->proc_dir_name, proc_ipmi_root);
1708         if (!smi->proc_dir)
1709                 rv = -ENOMEM;
1710         else {
1711                 smi->proc_dir->owner = THIS_MODULE;
1712         }
1713
1714         if (rv == 0)
1715                 rv = ipmi_smi_add_proc_entry(smi, "stats",
1716                                              stat_file_read_proc, NULL,
1717                                              smi, THIS_MODULE);
1718
1719         if (rv == 0)
1720                 rv = ipmi_smi_add_proc_entry(smi, "ipmb",
1721                                              ipmb_file_read_proc, NULL,
1722                                              smi, THIS_MODULE);
1723
1724         if (rv == 0)
1725                 rv = ipmi_smi_add_proc_entry(smi, "version",
1726                                              version_file_read_proc, NULL,
1727                                              smi, THIS_MODULE);
1728 #endif /* CONFIG_PROC_FS */
1729
1730         return rv;
1731 }
1732
1733 static void remove_proc_entries(ipmi_smi_t smi)
1734 {
1735 #ifdef CONFIG_PROC_FS
1736         struct ipmi_proc_entry *entry;
1737
1738         spin_lock(&smi->proc_entry_lock);
1739         while (smi->proc_entries) {
1740                 entry = smi->proc_entries;
1741                 smi->proc_entries = entry->next;
1742
1743                 remove_proc_entry(entry->name, smi->proc_dir);
1744                 kfree(entry->name);
1745                 kfree(entry);
1746         }
1747         spin_unlock(&smi->proc_entry_lock);
1748         remove_proc_entry(smi->proc_dir_name, proc_ipmi_root);
1749 #endif /* CONFIG_PROC_FS */
1750 }
1751
1752 static int __find_bmc_guid(struct device *dev, void *data)
1753 {
1754         unsigned char *id = data;
1755         struct bmc_device *bmc = dev_get_drvdata(dev);
1756         return memcmp(bmc->guid, id, 16) == 0;
1757 }
1758
1759 static struct bmc_device *ipmi_find_bmc_guid(struct device_driver *drv,
1760                                              unsigned char *guid)
1761 {
1762         struct device *dev;
1763
1764         dev = driver_find_device(drv, NULL, guid, __find_bmc_guid);
1765         if (dev)
1766                 return dev_get_drvdata(dev);
1767         else
1768                 return NULL;
1769 }
1770
1771 struct prod_dev_id {
1772         unsigned int  product_id;
1773         unsigned char device_id;
1774 };
1775
1776 static int __find_bmc_prod_dev_id(struct device *dev, void *data)
1777 {
1778         struct prod_dev_id *id = data;
1779         struct bmc_device *bmc = dev_get_drvdata(dev);
1780
1781         return (bmc->id.product_id == id->product_id
1782                 && bmc->id.product_id == id->product_id
1783                 && bmc->id.device_id == id->device_id);
1784 }
1785
1786 static struct bmc_device *ipmi_find_bmc_prod_dev_id(
1787         struct device_driver *drv,
1788         unsigned char product_id, unsigned char device_id)
1789 {
1790         struct prod_dev_id id = {
1791                 .product_id = product_id,
1792                 .device_id = device_id,
1793         };
1794         struct device *dev;
1795
1796         dev = driver_find_device(drv, NULL, &id, __find_bmc_prod_dev_id);
1797         if (dev)
1798                 return dev_get_drvdata(dev);
1799         else
1800                 return NULL;
1801 }
1802
1803 static ssize_t device_id_show(struct device *dev,
1804                               struct device_attribute *attr,
1805                               char *buf)
1806 {
1807         struct bmc_device *bmc = dev_get_drvdata(dev);
1808
1809         return snprintf(buf, 10, "%u\n", bmc->id.device_id);
1810 }
1811
1812 static ssize_t provides_dev_sdrs_show(struct device *dev,
1813                                       struct device_attribute *attr,
1814                                       char *buf)
1815 {
1816         struct bmc_device *bmc = dev_get_drvdata(dev);
1817
1818         return snprintf(buf, 10, "%u\n",
1819                         bmc->id.device_revision && 0x80 >> 7);
1820 }
1821
1822 static ssize_t revision_show(struct device *dev, struct device_attribute *attr,
1823                              char *buf)
1824 {
1825         struct bmc_device *bmc = dev_get_drvdata(dev);
1826
1827         return snprintf(buf, 20, "%u\n",
1828                         bmc->id.device_revision && 0x0F);
1829 }
1830
1831 static ssize_t firmware_rev_show(struct device *dev,
1832                                  struct device_attribute *attr,
1833                                  char *buf)
1834 {
1835         struct bmc_device *bmc = dev_get_drvdata(dev);
1836
1837         return snprintf(buf, 20, "%u.%x\n", bmc->id.firmware_revision_1,
1838                         bmc->id.firmware_revision_2);
1839 }
1840
1841 static ssize_t ipmi_version_show(struct device *dev,
1842                                  struct device_attribute *attr,
1843                                  char *buf)
1844 {
1845         struct bmc_device *bmc = dev_get_drvdata(dev);
1846
1847         return snprintf(buf, 20, "%u.%u\n",
1848                         ipmi_version_major(&bmc->id),
1849                         ipmi_version_minor(&bmc->id));
1850 }
1851
1852 static ssize_t add_dev_support_show(struct device *dev,
1853                                     struct device_attribute *attr,
1854                                     char *buf)
1855 {
1856         struct bmc_device *bmc = dev_get_drvdata(dev);
1857
1858         return snprintf(buf, 10, "0x%02x\n",
1859                         bmc->id.additional_device_support);
1860 }
1861
1862 static ssize_t manufacturer_id_show(struct device *dev,
1863                                     struct device_attribute *attr,
1864                                     char *buf)
1865 {
1866         struct bmc_device *bmc = dev_get_drvdata(dev);
1867
1868         return snprintf(buf, 20, "0x%6.6x\n", bmc->id.manufacturer_id);
1869 }
1870
1871 static ssize_t product_id_show(struct device *dev,
1872                                struct device_attribute *attr,
1873                                char *buf)
1874 {
1875         struct bmc_device *bmc = dev_get_drvdata(dev);
1876
1877         return snprintf(buf, 10, "0x%4.4x\n", bmc->id.product_id);
1878 }
1879
1880 static ssize_t aux_firmware_rev_show(struct device *dev,
1881                                      struct device_attribute *attr,
1882                                      char *buf)
1883 {
1884         struct bmc_device *bmc = dev_get_drvdata(dev);
1885
1886         return snprintf(buf, 21, "0x%02x 0x%02x 0x%02x 0x%02x\n",
1887                         bmc->id.aux_firmware_revision[3],
1888                         bmc->id.aux_firmware_revision[2],
1889                         bmc->id.aux_firmware_revision[1],
1890                         bmc->id.aux_firmware_revision[0]);
1891 }
1892
1893 static ssize_t guid_show(struct device *dev, struct device_attribute *attr,
1894                          char *buf)
1895 {
1896         struct bmc_device *bmc = dev_get_drvdata(dev);
1897
1898         return snprintf(buf, 100, "%Lx%Lx\n",
1899                         (long long) bmc->guid[0],
1900                         (long long) bmc->guid[8]);
1901 }
1902
1903 static void
1904 cleanup_bmc_device(struct kref *ref)
1905 {
1906         struct bmc_device *bmc;
1907
1908         bmc = container_of(ref, struct bmc_device, refcount);
1909
1910         device_remove_file(&bmc->dev->dev,
1911                            &bmc->device_id_attr);
1912         device_remove_file(&bmc->dev->dev,
1913                            &bmc->provides_dev_sdrs_attr);
1914         device_remove_file(&bmc->dev->dev,
1915                            &bmc->revision_attr);
1916         device_remove_file(&bmc->dev->dev,
1917                            &bmc->firmware_rev_attr);
1918         device_remove_file(&bmc->dev->dev,
1919                            &bmc->version_attr);
1920         device_remove_file(&bmc->dev->dev,
1921                            &bmc->add_dev_support_attr);
1922         device_remove_file(&bmc->dev->dev,
1923                            &bmc->manufacturer_id_attr);
1924         device_remove_file(&bmc->dev->dev,
1925                            &bmc->product_id_attr);
1926         if (bmc->id.aux_firmware_revision_set)
1927                 device_remove_file(&bmc->dev->dev,
1928                                    &bmc->aux_firmware_rev_attr);
1929         if (bmc->guid_set)
1930                 device_remove_file(&bmc->dev->dev,
1931                                    &bmc->guid_attr);
1932         platform_device_unregister(bmc->dev);
1933         kfree(bmc);
1934 }
1935
1936 static void ipmi_bmc_unregister(ipmi_smi_t intf)
1937 {
1938         struct bmc_device *bmc = intf->bmc;
1939
1940         sysfs_remove_link(&intf->si_dev->kobj, "bmc");
1941         if (intf->my_dev_name) {
1942                 sysfs_remove_link(&bmc->dev->dev.kobj, intf->my_dev_name);
1943                 kfree(intf->my_dev_name);
1944                 intf->my_dev_name = NULL;
1945         }
1946
1947         mutex_lock(&ipmidriver_mutex);
1948         kref_put(&bmc->refcount, cleanup_bmc_device);
1949         mutex_unlock(&ipmidriver_mutex);
1950 }
1951
1952 static int ipmi_bmc_register(ipmi_smi_t intf)
1953 {
1954         int               rv;
1955         struct bmc_device *bmc = intf->bmc;
1956         struct bmc_device *old_bmc;
1957         int               size;
1958         char              dummy[1];
1959
1960         mutex_lock(&ipmidriver_mutex);
1961
1962         /*
1963          * Try to find if there is an bmc_device struct
1964          * representing the interfaced BMC already
1965          */
1966         if (bmc->guid_set)
1967                 old_bmc = ipmi_find_bmc_guid(&ipmidriver, bmc->guid);
1968         else
1969                 old_bmc = ipmi_find_bmc_prod_dev_id(&ipmidriver,
1970                                                     bmc->id.product_id,
1971                                                     bmc->id.device_id);
1972
1973         /*
1974          * If there is already an bmc_device, free the new one,
1975          * otherwise register the new BMC device
1976          */
1977         if (old_bmc) {
1978                 kfree(bmc);
1979                 intf->bmc = old_bmc;
1980                 bmc = old_bmc;
1981
1982                 kref_get(&bmc->refcount);
1983                 mutex_unlock(&ipmidriver_mutex);
1984
1985                 printk(KERN_INFO
1986                        "ipmi: interfacing existing BMC (man_id: 0x%6.6x,"
1987                        " prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",
1988                        bmc->id.manufacturer_id,
1989                        bmc->id.product_id,
1990                        bmc->id.device_id);
1991         } else {
1992                 bmc->dev = platform_device_alloc("ipmi_bmc",
1993                                                  bmc->id.device_id);
1994                 if (!bmc->dev) {
1995                         printk(KERN_ERR
1996                                "ipmi_msghandler:"
1997                                " Unable to allocate platform device\n");
1998                         return -ENOMEM;
1999                 }
2000                 bmc->dev->dev.driver = &ipmidriver;
2001                 dev_set_drvdata(&bmc->dev->dev, bmc);
2002                 kref_init(&bmc->refcount);
2003
2004                 rv = platform_device_register(bmc->dev);
2005                 mutex_unlock(&ipmidriver_mutex);
2006                 if (rv) {
2007                         printk(KERN_ERR
2008                                "ipmi_msghandler:"
2009                                " Unable to register bmc device: %d\n",
2010                                rv);
2011                         /* Don't go to out_err, you can only do that if
2012                            the device is registered already. */
2013                         return rv;
2014                 }
2015
2016                 bmc->device_id_attr.attr.name = "device_id";
2017                 bmc->device_id_attr.attr.owner = THIS_MODULE;
2018                 bmc->device_id_attr.attr.mode = S_IRUGO;
2019                 bmc->device_id_attr.show = device_id_show;
2020
2021                 bmc->provides_dev_sdrs_attr.attr.name = "provides_device_sdrs";
2022                 bmc->provides_dev_sdrs_attr.attr.owner = THIS_MODULE;
2023                 bmc->provides_dev_sdrs_attr.attr.mode = S_IRUGO;
2024                 bmc->provides_dev_sdrs_attr.show = provides_dev_sdrs_show;
2025
2026
2027                 bmc->revision_attr.attr.name = "revision";
2028                 bmc->revision_attr.attr.owner = THIS_MODULE;
2029                 bmc->revision_attr.attr.mode = S_IRUGO;
2030                 bmc->revision_attr.show = revision_show;
2031
2032                 bmc->firmware_rev_attr.attr.name = "firmware_revision";
2033                 bmc->firmware_rev_attr.attr.owner = THIS_MODULE;
2034                 bmc->firmware_rev_attr.attr.mode = S_IRUGO;
2035                 bmc->firmware_rev_attr.show = firmware_rev_show;
2036
2037                 bmc->version_attr.attr.name = "ipmi_version";
2038                 bmc->version_attr.attr.owner = THIS_MODULE;
2039                 bmc->version_attr.attr.mode = S_IRUGO;
2040                 bmc->version_attr.show = ipmi_version_show;
2041
2042                 bmc->add_dev_support_attr.attr.name
2043                         = "additional_device_support";
2044                 bmc->add_dev_support_attr.attr.owner = THIS_MODULE;
2045                 bmc->add_dev_support_attr.attr.mode = S_IRUGO;
2046                 bmc->add_dev_support_attr.show = add_dev_support_show;
2047
2048                 bmc->manufacturer_id_attr.attr.name = "manufacturer_id";
2049                 bmc->manufacturer_id_attr.attr.owner = THIS_MODULE;
2050                 bmc->manufacturer_id_attr.attr.mode = S_IRUGO;
2051                 bmc->manufacturer_id_attr.show = manufacturer_id_show;
2052
2053                 bmc->product_id_attr.attr.name = "product_id";
2054                 bmc->product_id_attr.attr.owner = THIS_MODULE;
2055                 bmc->product_id_attr.attr.mode = S_IRUGO;
2056                 bmc->product_id_attr.show = product_id_show;
2057
2058                 bmc->guid_attr.attr.name = "guid";
2059                 bmc->guid_attr.attr.owner = THIS_MODULE;
2060                 bmc->guid_attr.attr.mode = S_IRUGO;
2061                 bmc->guid_attr.show = guid_show;
2062
2063                 bmc->aux_firmware_rev_attr.attr.name = "aux_firmware_revision";
2064                 bmc->aux_firmware_rev_attr.attr.owner = THIS_MODULE;
2065                 bmc->aux_firmware_rev_attr.attr.mode = S_IRUGO;
2066                 bmc->aux_firmware_rev_attr.show = aux_firmware_rev_show;
2067
2068                 device_create_file(&bmc->dev->dev,
2069                                    &bmc->device_id_attr);
2070                 device_create_file(&bmc->dev->dev,
2071                                    &bmc->provides_dev_sdrs_attr);
2072                 device_create_file(&bmc->dev->dev,
2073                                    &bmc->revision_attr);
2074                 device_create_file(&bmc->dev->dev,
2075                                    &bmc->firmware_rev_attr);
2076                 device_create_file(&bmc->dev->dev,
2077                                    &bmc->version_attr);
2078                 device_create_file(&bmc->dev->dev,
2079                                    &bmc->add_dev_support_attr);
2080                 device_create_file(&bmc->dev->dev,
2081                                    &bmc->manufacturer_id_attr);
2082                 device_create_file(&bmc->dev->dev,
2083                                    &bmc->product_id_attr);
2084                 if (bmc->id.aux_firmware_revision_set)
2085                         device_create_file(&bmc->dev->dev,
2086                                            &bmc->aux_firmware_rev_attr);
2087                 if (bmc->guid_set)
2088                         device_create_file(&bmc->dev->dev,
2089                                            &bmc->guid_attr);
2090
2091                 printk(KERN_INFO
2092                        "ipmi: Found new BMC (man_id: 0x%6.6x, "
2093                        " prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",
2094                        bmc->id.manufacturer_id,
2095                        bmc->id.product_id,
2096                        bmc->id.device_id);
2097         }
2098
2099         /*
2100          * create symlink from system interface device to bmc device
2101          * and back.
2102          */
2103         rv = sysfs_create_link(&intf->si_dev->kobj,
2104                                &bmc->dev->dev.kobj, "bmc");
2105         if (rv) {
2106                 printk(KERN_ERR
2107                        "ipmi_msghandler: Unable to create bmc symlink: %d\n",
2108                        rv);
2109                 goto out_err;
2110         }
2111
2112         size = snprintf(dummy, 0, "ipmi%d", intf->intf_num);
2113         intf->my_dev_name = kmalloc(size+1, GFP_KERNEL);
2114         if (!intf->my_dev_name) {
2115                 rv = -ENOMEM;
2116                 printk(KERN_ERR
2117                        "ipmi_msghandler: allocate link from BMC: %d\n",
2118                        rv);
2119                 goto out_err;
2120         }
2121         snprintf(intf->my_dev_name, size+1, "ipmi%d", intf->intf_num);
2122
2123         rv = sysfs_create_link(&bmc->dev->dev.kobj, &intf->si_dev->kobj,
2124                                intf->my_dev_name);
2125         if (rv) {
2126                 kfree(intf->my_dev_name);
2127                 intf->my_dev_name = NULL;
2128                 printk(KERN_ERR
2129                        "ipmi_msghandler:"
2130                        " Unable to create symlink to bmc: %d\n",
2131                        rv);
2132                 goto out_err;
2133         }
2134
2135         return 0;
2136
2137 out_err:
2138         ipmi_bmc_unregister(intf);
2139         return rv;
2140 }
2141
2142 static int
2143 send_guid_cmd(ipmi_smi_t intf, int chan)
2144 {
2145         struct kernel_ipmi_msg            msg;
2146         struct ipmi_system_interface_addr si;
2147
2148         si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2149         si.channel = IPMI_BMC_CHANNEL;
2150         si.lun = 0;
2151
2152         msg.netfn = IPMI_NETFN_APP_REQUEST;
2153         msg.cmd = IPMI_GET_DEVICE_GUID_CMD;
2154         msg.data = NULL;
2155         msg.data_len = 0;
2156         return i_ipmi_request(NULL,
2157                               intf,
2158                               (struct ipmi_addr *) &si,
2159                               0,
2160                               &msg,
2161                               intf,
2162                               NULL,
2163                               NULL,
2164                               0,
2165                               intf->channels[0].address,
2166                               intf->channels[0].lun,
2167                               -1, 0);
2168 }
2169
2170 static void
2171 guid_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
2172 {
2173         if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
2174             || (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE)
2175             || (msg->msg.cmd != IPMI_GET_DEVICE_GUID_CMD))
2176                 /* Not for me */
2177                 return;
2178
2179         if (msg->msg.data[0] != 0) {
2180                 /* Error from getting the GUID, the BMC doesn't have one. */
2181                 intf->bmc->guid_set = 0;
2182                 goto out;
2183         }
2184
2185         if (msg->msg.data_len < 17) {
2186                 intf->bmc->guid_set = 0;
2187                 printk(KERN_WARNING PFX
2188                        "guid_handler: The GUID response from the BMC was too"
2189                        " short, it was %d but should have been 17.  Assuming"
2190                        " GUID is not available.\n",
2191                        msg->msg.data_len);
2192                 goto out;
2193         }
2194
2195         memcpy(intf->bmc->guid, msg->msg.data, 16);
2196         intf->bmc->guid_set = 1;
2197  out:
2198         wake_up(&intf->waitq);
2199 }
2200
2201 static void
2202 get_guid(ipmi_smi_t intf)
2203 {
2204         int rv;
2205
2206         intf->bmc->guid_set = 0x2;
2207         intf->null_user_handler = guid_handler;
2208         rv = send_guid_cmd(intf, 0);
2209         if (rv)
2210                 /* Send failed, no GUID available. */
2211                 intf->bmc->guid_set = 0;
2212         wait_event(intf->waitq, intf->bmc->guid_set != 2);
2213         intf->null_user_handler = NULL;
2214 }
2215
2216 static int
2217 send_channel_info_cmd(ipmi_smi_t intf, int chan)
2218 {
2219         struct kernel_ipmi_msg            msg;
2220         unsigned char                     data[1];
2221         struct ipmi_system_interface_addr si;
2222
2223         si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2224         si.channel = IPMI_BMC_CHANNEL;
2225         si.lun = 0;
2226
2227         msg.netfn = IPMI_NETFN_APP_REQUEST;
2228         msg.cmd = IPMI_GET_CHANNEL_INFO_CMD;
2229         msg.data = data;
2230         msg.data_len = 1;
2231         data[0] = chan;
2232         return i_ipmi_request(NULL,
2233                               intf,
2234                               (struct ipmi_addr *) &si,
2235                               0,
2236                               &msg,
2237                               intf,
2238                               NULL,
2239                               NULL,
2240                               0,
2241                               intf->channels[0].address,
2242                               intf->channels[0].lun,
2243                               -1, 0);
2244 }
2245
2246 static void
2247 channel_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
2248 {
2249         int rv = 0;
2250         int chan;
2251
2252         if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
2253             && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
2254             && (msg->msg.cmd == IPMI_GET_CHANNEL_INFO_CMD))
2255         {
2256                 /* It's the one we want */
2257                 if (msg->msg.data[0] != 0) {
2258                         /* Got an error from the channel, just go on. */
2259
2260                         if (msg->msg.data[0] == IPMI_INVALID_COMMAND_ERR) {
2261                                 /* If the MC does not support this
2262                                    command, that is legal.  We just
2263                                    assume it has one IPMB at channel
2264                                    zero. */
2265                                 intf->channels[0].medium
2266                                         = IPMI_CHANNEL_MEDIUM_IPMB;
2267                                 intf->channels[0].protocol
2268                                         = IPMI_CHANNEL_PROTOCOL_IPMB;
2269                                 rv = -ENOSYS;
2270
2271                                 intf->curr_channel = IPMI_MAX_CHANNELS;
2272                                 wake_up(&intf->waitq);
2273                                 goto out;
2274                         }
2275                         goto next_channel;
2276                 }
2277                 if (msg->msg.data_len < 4) {
2278                         /* Message not big enough, just go on. */
2279                         goto next_channel;
2280                 }
2281                 chan = intf->curr_channel;
2282                 intf->channels[chan].medium = msg->msg.data[2] & 0x7f;
2283                 intf->channels[chan].protocol = msg->msg.data[3] & 0x1f;
2284
2285         next_channel:
2286                 intf->curr_channel++;
2287                 if (intf->curr_channel >= IPMI_MAX_CHANNELS)
2288                         wake_up(&intf->waitq);
2289                 else
2290                         rv = send_channel_info_cmd(intf, intf->curr_channel);
2291
2292                 if (rv) {
2293                         /* Got an error somehow, just give up. */
2294                         intf->curr_channel = IPMI_MAX_CHANNELS;
2295                         wake_up(&intf->waitq);
2296
2297                         printk(KERN_WARNING PFX
2298                                "Error sending channel information: %d\n",
2299                                rv);
2300                 }
2301         }
2302  out:
2303         return;
2304 }
2305
2306 int ipmi_register_smi(struct ipmi_smi_handlers *handlers,
2307                       void                     *send_info,
2308                       struct ipmi_device_id    *device_id,
2309                       struct device            *si_dev,
2310                       unsigned char            slave_addr)
2311 {
2312         int              i, j;
2313         int              rv;
2314         ipmi_smi_t       intf;
2315         unsigned long    flags;
2316         int              version_major;
2317         int              version_minor;
2318
2319         version_major = ipmi_version_major(device_id);
2320         version_minor = ipmi_version_minor(device_id);
2321
2322         /* Make sure the driver is actually initialized, this handles
2323            problems with initialization order. */
2324         if (!initialized) {
2325                 rv = ipmi_init_msghandler();
2326                 if (rv)
2327                         return rv;
2328                 /* The init code doesn't return an error if it was turned
2329                    off, but it won't initialize.  Check that. */
2330                 if (!initialized)
2331                         return -ENODEV;
2332         }
2333
2334         intf = kmalloc(sizeof(*intf), GFP_KERNEL);
2335         if (!intf)
2336                 return -ENOMEM;
2337         memset(intf, 0, sizeof(*intf));
2338         intf->bmc = kzalloc(sizeof(*intf->bmc), GFP_KERNEL);
2339         if (!intf->bmc) {
2340                 kfree(intf);
2341                 return -ENOMEM;
2342         }
2343         intf->intf_num = -1;
2344         kref_init(&intf->refcount);
2345         intf->bmc->id = *device_id;
2346         intf->si_dev = si_dev;
2347         for (j = 0; j < IPMI_MAX_CHANNELS; j++) {
2348                 intf->channels[j].address = IPMI_BMC_SLAVE_ADDR;
2349                 intf->channels[j].lun = 2;
2350         }
2351         if (slave_addr != 0)
2352                 intf->channels[0].address = slave_addr;
2353         INIT_LIST_HEAD(&intf->users);
2354         intf->handlers = handlers;
2355         intf->send_info = send_info;
2356         spin_lock_init(&intf->seq_lock);
2357         for (j = 0; j < IPMI_IPMB_NUM_SEQ; j++) {
2358                 intf->seq_table[j].inuse = 0;
2359                 intf->seq_table[j].seqid = 0;
2360         }
2361         intf->curr_seq = 0;
2362 #ifdef CONFIG_PROC_FS
2363         spin_lock_init(&intf->proc_entry_lock);
2364 #endif
2365         spin_lock_init(&intf->waiting_msgs_lock);
2366         INIT_LIST_HEAD(&intf->waiting_msgs);
2367         spin_lock_init(&intf->events_lock);
2368         INIT_LIST_HEAD(&intf->waiting_events);
2369         intf->waiting_events_count = 0;
2370         mutex_init(&intf->cmd_rcvrs_mutex);
2371         INIT_LIST_HEAD(&intf->cmd_rcvrs);
2372         init_waitqueue_head(&intf->waitq);
2373
2374         spin_lock_init(&intf->counter_lock);
2375         intf->proc_dir = NULL;
2376
2377         rv = -ENOMEM;
2378         spin_lock_irqsave(&interfaces_lock, flags);
2379         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
2380                 if (ipmi_interfaces[i] == NULL) {
2381                         intf->intf_num = i;
2382                         /* Reserve the entry till we are done. */
2383                         ipmi_interfaces[i] = IPMI_INVALID_INTERFACE_ENTRY;
2384                         rv = 0;
2385                         break;
2386                 }
2387         }
2388         spin_unlock_irqrestore(&interfaces_lock, flags);
2389         if (rv)
2390                 goto out;
2391
2392         rv = handlers->start_processing(send_info, intf);
2393         if (rv)
2394                 goto out;
2395
2396         get_guid(intf);
2397
2398         if ((version_major > 1)
2399             || ((version_major == 1) && (version_minor >= 5)))
2400         {
2401                 /* Start scanning the channels to see what is
2402                    available. */
2403                 intf->null_user_handler = channel_handler;
2404                 intf->curr_channel = 0;
2405                 rv = send_channel_info_cmd(intf, 0);
2406                 if (rv)
2407                         goto out;
2408
2409                 /* Wait for the channel info to be read. */
2410                 wait_event(intf->waitq,
2411                            intf->curr_channel >= IPMI_MAX_CHANNELS);
2412                 intf->null_user_handler = NULL;
2413         } else {
2414                 /* Assume a single IPMB channel at zero. */
2415                 intf->channels[0].medium = IPMI_CHANNEL_MEDIUM_IPMB;
2416                 intf->channels[0].protocol = IPMI_CHANNEL_PROTOCOL_IPMB;
2417         }
2418
2419         if (rv == 0)
2420                 rv = add_proc_entries(intf, i);
2421
2422         rv = ipmi_bmc_register(intf);
2423
2424  out:
2425         if (rv) {
2426                 if (intf->proc_dir)
2427                         remove_proc_entries(intf);
2428                 kref_put(&intf->refcount, intf_free);
2429                 if (i < MAX_IPMI_INTERFACES) {
2430                         spin_lock_irqsave(&interfaces_lock, flags);
2431                         ipmi_interfaces[i] = NULL;
2432                         spin_unlock_irqrestore(&interfaces_lock, flags);
2433                 }
2434         } else {
2435                 spin_lock_irqsave(&interfaces_lock, flags);
2436                 ipmi_interfaces[i] = intf;
2437                 spin_unlock_irqrestore(&interfaces_lock, flags);
2438                 call_smi_watchers(i, intf->si_dev);
2439         }
2440
2441         return rv;
2442 }
2443
2444 int ipmi_unregister_smi(ipmi_smi_t intf)
2445 {
2446         int                     i;
2447         struct ipmi_smi_watcher *w;
2448         unsigned long           flags;
2449
2450         ipmi_bmc_unregister(intf);
2451
2452         spin_lock_irqsave(&interfaces_lock, flags);
2453         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
2454                 if (ipmi_interfaces[i] == intf) {
2455                         /* Set the interface number reserved until we
2456                          * are done. */
2457                         ipmi_interfaces[i] = IPMI_INVALID_INTERFACE_ENTRY;
2458                         intf->intf_num = -1;
2459                         break;
2460                 }
2461         }
2462         spin_unlock_irqrestore(&interfaces_lock,flags);
2463
2464         if (i == MAX_IPMI_INTERFACES)
2465                 return -ENODEV;
2466
2467         remove_proc_entries(intf);
2468
2469         /* Call all the watcher interfaces to tell them that
2470            an interface is gone. */
2471         down_read(&smi_watchers_sem);
2472         list_for_each_entry(w, &smi_watchers, link)
2473                 w->smi_gone(i);
2474         up_read(&smi_watchers_sem);
2475
2476         /* Allow the entry to be reused now. */
2477         spin_lock_irqsave(&interfaces_lock, flags);
2478         ipmi_interfaces[i] = NULL;
2479         spin_unlock_irqrestore(&interfaces_lock,flags);
2480
2481         kref_put(&intf->refcount, intf_free);
2482         return 0;
2483 }
2484
2485 static int handle_ipmb_get_msg_rsp(ipmi_smi_t          intf,
2486                                    struct ipmi_smi_msg *msg)
2487 {
2488         struct ipmi_ipmb_addr ipmb_addr;
2489         struct ipmi_recv_msg  *recv_msg;
2490         unsigned long         flags;
2491
2492         
2493         /* This is 11, not 10, because the response must contain a
2494          * completion code. */
2495         if (msg->rsp_size < 11) {
2496                 /* Message not big enough, just ignore it. */
2497                 spin_lock_irqsave(&intf->counter_lock, flags);
2498                 intf->invalid_ipmb_responses++;
2499                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2500                 return 0;
2501         }
2502
2503         if (msg->rsp[2] != 0) {
2504                 /* An error getting the response, just ignore it. */
2505                 return 0;
2506         }
2507
2508         ipmb_addr.addr_type = IPMI_IPMB_ADDR_TYPE;
2509         ipmb_addr.slave_addr = msg->rsp[6];
2510         ipmb_addr.channel = msg->rsp[3] & 0x0f;
2511         ipmb_addr.lun = msg->rsp[7] & 3;
2512
2513         /* It's a response from a remote entity.  Look up the sequence
2514            number and handle the response. */
2515         if (intf_find_seq(intf,
2516                           msg->rsp[7] >> 2,
2517                           msg->rsp[3] & 0x0f,
2518                           msg->rsp[8],
2519                           (msg->rsp[4] >> 2) & (~1),
2520                           (struct ipmi_addr *) &(ipmb_addr),
2521                           &recv_msg))
2522         {
2523                 /* We were unable to find the sequence number,
2524                    so just nuke the message. */
2525                 spin_lock_irqsave(&intf->counter_lock, flags);
2526                 intf->unhandled_ipmb_responses++;
2527                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2528                 return 0;
2529         }
2530
2531         memcpy(recv_msg->msg_data,
2532                &(msg->rsp[9]),
2533                msg->rsp_size - 9);
2534         /* THe other fields matched, so no need to set them, except
2535            for netfn, which needs to be the response that was
2536            returned, not the request value. */
2537         recv_msg->msg.netfn = msg->rsp[4] >> 2;
2538         recv_msg->msg.data = recv_msg->msg_data;
2539         recv_msg->msg.data_len = msg->rsp_size - 10;
2540         recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
2541         spin_lock_irqsave(&intf->counter_lock, flags);
2542         intf->handled_ipmb_responses++;
2543         spin_unlock_irqrestore(&intf->counter_lock, flags);
2544         deliver_response(recv_msg);
2545
2546         return 0;
2547 }
2548
2549 static int handle_ipmb_get_msg_cmd(ipmi_smi_t          intf,
2550                                    struct ipmi_smi_msg *msg)
2551 {
2552         struct cmd_rcvr          *rcvr;
2553         int                      rv = 0;
2554         unsigned char            netfn;
2555         unsigned char            cmd;
2556         ipmi_user_t              user = NULL;
2557         struct ipmi_ipmb_addr    *ipmb_addr;
2558         struct ipmi_recv_msg     *recv_msg;
2559         unsigned long            flags;
2560
2561         if (msg->rsp_size < 10) {
2562                 /* Message not big enough, just ignore it. */
2563                 spin_lock_irqsave(&intf->counter_lock, flags);
2564                 intf->invalid_commands++;
2565                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2566                 return 0;
2567         }
2568
2569         if (msg->rsp[2] != 0) {
2570                 /* An error getting the response, just ignore it. */
2571                 return 0;
2572         }
2573
2574         netfn = msg->rsp[4] >> 2;
2575         cmd = msg->rsp[8];
2576
2577         rcu_read_lock();
2578         rcvr = find_cmd_rcvr(intf, netfn, cmd);
2579         if (rcvr) {
2580                 user = rcvr->user;
2581                 kref_get(&user->refcount);
2582         } else
2583                 user = NULL;
2584         rcu_read_unlock();
2585
2586         if (user == NULL) {
2587                 /* We didn't find a user, deliver an error response. */
2588                 spin_lock_irqsave(&intf->counter_lock, flags);
2589                 intf->unhandled_commands++;
2590                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2591
2592                 msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
2593                 msg->data[1] = IPMI_SEND_MSG_CMD;
2594                 msg->data[2] = msg->rsp[3];
2595                 msg->data[3] = msg->rsp[6];
2596                 msg->data[4] = ((netfn + 1) << 2) | (msg->rsp[7] & 0x3);
2597                 msg->data[5] = ipmb_checksum(&(msg->data[3]), 2);
2598                 msg->data[6] = intf->channels[msg->rsp[3] & 0xf].address;
2599                 /* rqseq/lun */
2600                 msg->data[7] = (msg->rsp[7] & 0xfc) | (msg->rsp[4] & 0x3);
2601                 msg->data[8] = msg->rsp[8]; /* cmd */
2602                 msg->data[9] = IPMI_INVALID_CMD_COMPLETION_CODE;
2603                 msg->data[10] = ipmb_checksum(&(msg->data[6]), 4);
2604                 msg->data_size = 11;
2605
2606 #ifdef DEBUG_MSGING
2607         {
2608                 int m;
2609                 printk("Invalid command:");
2610                 for (m = 0; m < msg->data_size; m++)
2611                         printk(" %2.2x", msg->data[m]);
2612                 printk("\n");
2613         }
2614 #endif
2615                 intf->handlers->sender(intf->send_info, msg, 0);
2616
2617                 rv = -1; /* We used the message, so return the value that
2618                             causes it to not be freed or queued. */
2619         } else {
2620                 /* Deliver the message to the user. */
2621                 spin_lock_irqsave(&intf->counter_lock, flags);
2622                 intf->handled_commands++;
2623                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2624
2625                 recv_msg = ipmi_alloc_recv_msg();
2626                 if (!recv_msg) {
2627                         /* We couldn't allocate memory for the
2628                            message, so requeue it for handling
2629                            later. */
2630                         rv = 1;
2631                         kref_put(&user->refcount, free_user);
2632                 } else {
2633                         /* Extract the source address from the data. */
2634                         ipmb_addr = (struct ipmi_ipmb_addr *) &recv_msg->addr;
2635                         ipmb_addr->addr_type = IPMI_IPMB_ADDR_TYPE;
2636                         ipmb_addr->slave_addr = msg->rsp[6];
2637                         ipmb_addr->lun = msg->rsp[7] & 3;
2638                         ipmb_addr->channel = msg->rsp[3] & 0xf;
2639
2640                         /* Extract the rest of the message information
2641                            from the IPMB header.*/
2642                         recv_msg->user = user;
2643                         recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
2644                         recv_msg->msgid = msg->rsp[7] >> 2;
2645                         recv_msg->msg.netfn = msg->rsp[4] >> 2;
2646                         recv_msg->msg.cmd = msg->rsp[8];
2647                         recv_msg->msg.data = recv_msg->msg_data;
2648
2649                         /* We chop off 10, not 9 bytes because the checksum
2650                            at the end also needs to be removed. */
2651                         recv_msg->msg.data_len = msg->rsp_size - 10;
2652                         memcpy(recv_msg->msg_data,
2653                                &(msg->rsp[9]),
2654                                msg->rsp_size - 10);
2655                         deliver_response(recv_msg);
2656                 }
2657         }
2658
2659         return rv;
2660 }
2661
2662 static int handle_lan_get_msg_rsp(ipmi_smi_t          intf,
2663                                   struct ipmi_smi_msg *msg)
2664 {
2665         struct ipmi_lan_addr  lan_addr;
2666         struct ipmi_recv_msg  *recv_msg;
2667         unsigned long         flags;
2668
2669
2670         /* This is 13, not 12, because the response must contain a
2671          * completion code. */
2672         if (msg->rsp_size < 13) {
2673                 /* Message not big enough, just ignore it. */
2674                 spin_lock_irqsave(&intf->counter_lock, flags);
2675                 intf->invalid_lan_responses++;
2676                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2677                 return 0;
2678         }
2679
2680         if (msg->rsp[2] != 0) {
2681                 /* An error getting the response, just ignore it. */
2682                 return 0;
2683         }
2684
2685         lan_addr.addr_type = IPMI_LAN_ADDR_TYPE;
2686         lan_addr.session_handle = msg->rsp[4];
2687         lan_addr.remote_SWID = msg->rsp[8];
2688         lan_addr.local_SWID = msg->rsp[5];
2689         lan_addr.channel = msg->rsp[3] & 0x0f;
2690         lan_addr.privilege = msg->rsp[3] >> 4;
2691         lan_addr.lun = msg->rsp[9] & 3;
2692
2693         /* It's a response from a remote entity.  Look up the sequence
2694            number and handle the response. */
2695         if (intf_find_seq(intf,
2696                           msg->rsp[9] >> 2,
2697                           msg->rsp[3] & 0x0f,
2698                           msg->rsp[10],
2699                           (msg->rsp[6] >> 2) & (~1),
2700                           (struct ipmi_addr *) &(lan_addr),
2701                           &recv_msg))
2702         {
2703                 /* We were unable to find the sequence number,
2704                    so just nuke the message. */
2705                 spin_lock_irqsave(&intf->counter_lock, flags);
2706                 intf->unhandled_lan_responses++;
2707                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2708                 return 0;
2709         }
2710
2711         memcpy(recv_msg->msg_data,
2712                &(msg->rsp[11]),
2713                msg->rsp_size - 11);
2714         /* The other fields matched, so no need to set them, except
2715            for netfn, which needs to be the response that was
2716            returned, not the request value. */
2717         recv_msg->msg.netfn = msg->rsp[6] >> 2;
2718         recv_msg->msg.data = recv_msg->msg_data;
2719         recv_msg->msg.data_len = msg->rsp_size - 12;
2720         recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
2721         spin_lock_irqsave(&intf->counter_lock, flags);
2722         intf->handled_lan_responses++;
2723         spin_unlock_irqrestore(&intf->counter_lock, flags);
2724         deliver_response(recv_msg);
2725
2726         return 0;
2727 }
2728
2729 static int handle_lan_get_msg_cmd(ipmi_smi_t          intf,
2730                                   struct ipmi_smi_msg *msg)
2731 {
2732         struct cmd_rcvr          *rcvr;
2733         int                      rv = 0;
2734         unsigned char            netfn;
2735         unsigned char            cmd;
2736         ipmi_user_t              user = NULL;
2737         struct ipmi_lan_addr     *lan_addr;
2738         struct ipmi_recv_msg     *recv_msg;
2739         unsigned long            flags;
2740
2741         if (msg->rsp_size < 12) {
2742                 /* Message not big enough, just ignore it. */
2743                 spin_lock_irqsave(&intf->counter_lock, flags);
2744                 intf->invalid_commands++;
2745                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2746                 return 0;
2747         }
2748
2749         if (msg->rsp[2] != 0) {
2750                 /* An error getting the response, just ignore it. */
2751                 return 0;
2752         }
2753
2754         netfn = msg->rsp[6] >> 2;
2755         cmd = msg->rsp[10];
2756
2757         rcu_read_lock();
2758         rcvr = find_cmd_rcvr(intf, netfn, cmd);
2759         if (rcvr) {
2760                 user = rcvr->user;
2761                 kref_get(&user->refcount);
2762         } else
2763                 user = NULL;
2764         rcu_read_unlock();
2765
2766         if (user == NULL) {
2767                 /* We didn't find a user, just give up. */
2768                 spin_lock_irqsave(&intf->counter_lock, flags);
2769                 intf->unhandled_commands++;
2770                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2771
2772                 rv = 0; /* Don't do anything with these messages, just
2773                            allow them to be freed. */
2774         } else {
2775                 /* Deliver the message to the user. */
2776                 spin_lock_irqsave(&intf->counter_lock, flags);
2777                 intf->handled_commands++;
2778                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2779
2780                 recv_msg = ipmi_alloc_recv_msg();
2781                 if (!recv_msg) {
2782                         /* We couldn't allocate memory for the
2783                            message, so requeue it for handling
2784                            later. */
2785                         rv = 1;
2786                         kref_put(&user->refcount, free_user);
2787                 } else {
2788                         /* Extract the source address from the data. */
2789                         lan_addr = (struct ipmi_lan_addr *) &recv_msg->addr;
2790                         lan_addr->addr_type = IPMI_LAN_ADDR_TYPE;
2791                         lan_addr->session_handle = msg->rsp[4];
2792                         lan_addr->remote_SWID = msg->rsp[8];
2793                         lan_addr->local_SWID = msg->rsp[5];
2794                         lan_addr->lun = msg->rsp[9] & 3;
2795                         lan_addr->channel = msg->rsp[3] & 0xf;
2796                         lan_addr->privilege = msg->rsp[3] >> 4;
2797
2798                         /* Extract the rest of the message information
2799                            from the IPMB header.*/
2800                         recv_msg->user = user;
2801                         recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
2802                         recv_msg->msgid = msg->rsp[9] >> 2;
2803                         recv_msg->msg.netfn = msg->rsp[6] >> 2;
2804                         recv_msg->msg.cmd = msg->rsp[10];
2805                         recv_msg->msg.data = recv_msg->msg_data;
2806
2807                         /* We chop off 12, not 11 bytes because the checksum
2808                            at the end also needs to be removed. */
2809                         recv_msg->msg.data_len = msg->rsp_size - 12;
2810                         memcpy(recv_msg->msg_data,
2811                                &(msg->rsp[11]),
2812                                msg->rsp_size - 12);
2813                         deliver_response(recv_msg);
2814                 }
2815         }
2816
2817         return rv;
2818 }
2819
2820 static void copy_event_into_recv_msg(struct ipmi_recv_msg *recv_msg,
2821                                      struct ipmi_smi_msg  *msg)
2822 {
2823         struct ipmi_system_interface_addr *smi_addr;
2824         
2825         recv_msg->msgid = 0;
2826         smi_addr = (struct ipmi_system_interface_addr *) &(recv_msg->addr);
2827         smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2828         smi_addr->channel = IPMI_BMC_CHANNEL;
2829         smi_addr->lun = msg->rsp[0] & 3;
2830         recv_msg->recv_type = IPMI_ASYNC_EVENT_RECV_TYPE;
2831         recv_msg->msg.netfn = msg->rsp[0] >> 2;
2832         recv_msg->msg.cmd = msg->rsp[1];
2833         memcpy(recv_msg->msg_data, &(msg->rsp[3]), msg->rsp_size - 3);
2834         recv_msg->msg.data = recv_msg->msg_data;
2835         recv_msg->msg.data_len = msg->rsp_size - 3;
2836 }
2837
2838 static int handle_read_event_rsp(ipmi_smi_t          intf,
2839                                  struct ipmi_smi_msg *msg)
2840 {
2841         struct ipmi_recv_msg *recv_msg, *recv_msg2;
2842         struct list_head     msgs;
2843         ipmi_user_t          user;
2844         int                  rv = 0;
2845         int                  deliver_count = 0;
2846         unsigned long        flags;
2847
2848         if (msg->rsp_size < 19) {
2849                 /* Message is too small to be an IPMB event. */
2850                 spin_lock_irqsave(&intf->counter_lock, flags);
2851                 intf->invalid_events++;
2852                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2853                 return 0;
2854         }
2855
2856         if (msg->rsp[2] != 0) {
2857                 /* An error getting the event, just ignore it. */
2858                 return 0;
2859         }
2860
2861         INIT_LIST_HEAD(&msgs);
2862
2863         spin_lock_irqsave(&intf->events_lock, flags);
2864
2865         spin_lock(&intf->counter_lock);
2866         intf->events++;
2867         spin_unlock(&intf->counter_lock);
2868
2869         /* Allocate and fill in one message for every user that is getting
2870            events. */
2871         rcu_read_lock();
2872         list_for_each_entry_rcu(user, &intf->users, link) {
2873                 if (!user->gets_events)
2874                         continue;
2875
2876                 recv_msg = ipmi_alloc_recv_msg();
2877                 if (!recv_msg) {
2878                         rcu_read_unlock();
2879                         list_for_each_entry_safe(recv_msg, recv_msg2, &msgs,
2880                                                  link) {
2881                                 list_del(&recv_msg->link);
2882                                 ipmi_free_recv_msg(recv_msg);
2883                         }
2884                         /* We couldn't allocate memory for the
2885                            message, so requeue it for handling
2886                            later. */
2887                         rv = 1;
2888                         goto out;
2889                 }
2890
2891                 deliver_count++;
2892
2893                 copy_event_into_recv_msg(recv_msg, msg);
2894                 recv_msg->user = user;
2895                 kref_get(&user->refcount);
2896                 list_add_tail(&(recv_msg->link), &msgs);
2897         }
2898         rcu_read_unlock();
2899
2900         if (deliver_count) {
2901                 /* Now deliver all the messages. */
2902                 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) {
2903                         list_del(&recv_msg->link);
2904                         deliver_response(recv_msg);
2905                 }
2906         } else if (intf->waiting_events_count < MAX_EVENTS_IN_QUEUE) {
2907                 /* No one to receive the message, put it in queue if there's
2908                    not already too many things in the queue. */
2909                 recv_msg = ipmi_alloc_recv_msg();
2910                 if (!recv_msg) {
2911                         /* We couldn't allocate memory for the
2912                            message, so requeue it for handling
2913                            later. */
2914                         rv = 1;
2915                         goto out;
2916                 }
2917
2918                 copy_event_into_recv_msg(recv_msg, msg);
2919                 list_add_tail(&(recv_msg->link), &(intf->waiting_events));
2920                 intf->waiting_events_count++;
2921         } else {
2922                 /* There's too many things in the queue, discard this
2923                    message. */
2924                 printk(KERN_WARNING PFX "Event queue full, discarding an"
2925                        " incoming event\n");
2926         }
2927
2928  out:
2929         spin_unlock_irqrestore(&(intf->events_lock), flags);
2930
2931         return rv;
2932 }
2933
2934 static int handle_bmc_rsp(ipmi_smi_t          intf,
2935                           struct ipmi_smi_msg *msg)
2936 {
2937         struct ipmi_recv_msg *recv_msg;
2938         unsigned long        flags;
2939         struct ipmi_user     *user;
2940
2941         recv_msg = (struct ipmi_recv_msg *) msg->user_data;
2942         if (recv_msg == NULL)
2943         {
2944                 printk(KERN_WARNING"IPMI message received with no owner. This\n"
2945                         "could be because of a malformed message, or\n"
2946                         "because of a hardware error.  Contact your\n"
2947                         "hardware vender for assistance\n");
2948                 return 0;
2949         }
2950
2951         user = recv_msg->user;
2952         /* Make sure the user still exists. */
2953         if (user && !user->valid) {
2954                 /* The user for the message went away, so give up. */
2955                 spin_lock_irqsave(&intf->counter_lock, flags);
2956                 intf->unhandled_local_responses++;
2957                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2958                 ipmi_free_recv_msg(recv_msg);
2959         } else {
2960                 struct ipmi_system_interface_addr *smi_addr;
2961
2962                 spin_lock_irqsave(&intf->counter_lock, flags);
2963                 intf->handled_local_responses++;
2964                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2965                 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
2966                 recv_msg->msgid = msg->msgid;
2967                 smi_addr = ((struct ipmi_system_interface_addr *)
2968                             &(recv_msg->addr));
2969                 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2970                 smi_addr->channel = IPMI_BMC_CHANNEL;
2971                 smi_addr->lun = msg->rsp[0] & 3;
2972                 recv_msg->msg.netfn = msg->rsp[0] >> 2;
2973                 recv_msg->msg.cmd = msg->rsp[1];
2974                 memcpy(recv_msg->msg_data,
2975                        &(msg->rsp[2]),
2976                        msg->rsp_size - 2);
2977                 recv_msg->msg.data = recv_msg->msg_data;
2978                 recv_msg->msg.data_len = msg->rsp_size - 2;
2979                 deliver_response(recv_msg);
2980         }
2981
2982         return 0;
2983 }
2984
2985 /* Handle a new message.  Return 1 if the message should be requeued,
2986    0 if the message should be freed, or -1 if the message should not
2987    be freed or requeued. */
2988 static int handle_new_recv_msg(ipmi_smi_t          intf,
2989                                struct ipmi_smi_msg *msg)
2990 {
2991         int requeue;
2992         int chan;
2993
2994 #ifdef DEBUG_MSGING
2995         int m;
2996         printk("Recv:");
2997         for (m = 0; m < msg->rsp_size; m++)
2998                 printk(" %2.2x", msg->rsp[m]);
2999         printk("\n");
3000 #endif
3001         if (msg->rsp_size < 2) {
3002                 /* Message is too small to be correct. */
3003                 printk(KERN_WARNING PFX "BMC returned to small a message"
3004                        " for netfn %x cmd %x, got %d bytes\n",
3005                        (msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size);
3006
3007                 /* Generate an error response for the message. */
3008                 msg->rsp[0] = msg->data[0] | (1 << 2);
3009                 msg->rsp[1] = msg->data[1];
3010                 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
3011                 msg->rsp_size = 3;
3012         } else if (((msg->rsp[0] >> 2) != ((msg->data[0] >> 2) | 1))/* Netfn */
3013                    || (msg->rsp[1] != msg->data[1]))              /* Command */
3014         {
3015                 /* The response is not even marginally correct. */
3016                 printk(KERN_WARNING PFX "BMC returned incorrect response,"
3017                        " expected netfn %x cmd %x, got netfn %x cmd %x\n",
3018                        (msg->data[0] >> 2) | 1, msg->data[1],
3019                        msg->rsp[0] >> 2, msg->rsp[1]);
3020
3021                 /* Generate an error response for the message. */
3022                 msg->rsp[0] = msg->data[0] | (1 << 2);
3023                 msg->rsp[1] = msg->data[1];
3024                 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
3025                 msg->rsp_size = 3;
3026         }
3027
3028         if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
3029             && (msg->rsp[1] == IPMI_SEND_MSG_CMD)
3030             && (msg->user_data != NULL))
3031         {
3032                 /* It's a response to a response we sent.  For this we
3033                    deliver a send message response to the user. */
3034                 struct ipmi_recv_msg     *recv_msg = msg->user_data;
3035
3036                 requeue = 0;
3037                 if (msg->rsp_size < 2)
3038                         /* Message is too small to be correct. */
3039                         goto out;
3040
3041                 chan = msg->data[2] & 0x0f;
3042                 if (chan >= IPMI_MAX_CHANNELS)
3043                         /* Invalid channel number */
3044                         goto out;
3045
3046                 if (!recv_msg)
3047                         goto out;
3048
3049                 /* Make sure the user still exists. */
3050                 if (!recv_msg->user || !recv_msg->user->valid)
3051                         goto out;
3052
3053                 recv_msg->recv_type = IPMI_RESPONSE_RESPONSE_TYPE;
3054                 recv_msg->msg.data = recv_msg->msg_data;
3055                 recv_msg->msg.data_len = 1;
3056                 recv_msg->msg_data[0] = msg->rsp[2];
3057                 deliver_response(recv_msg);
3058         } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
3059                    && (msg->rsp[1] == IPMI_GET_MSG_CMD))
3060         {
3061                 /* It's from the receive queue. */
3062                 chan = msg->rsp[3] & 0xf;
3063                 if (chan >= IPMI_MAX_CHANNELS) {
3064                         /* Invalid channel number */
3065                         requeue = 0;
3066                         goto out;
3067                 }
3068
3069                 switch (intf->channels[chan].medium) {
3070                 case IPMI_CHANNEL_MEDIUM_IPMB:
3071                         if (msg->rsp[4] & 0x04) {
3072                                 /* It's a response, so find the
3073                                    requesting message and send it up. */
3074                                 requeue = handle_ipmb_get_msg_rsp(intf, msg);
3075                         } else {
3076                                 /* It's a command to the SMS from some other
3077                                    entity.  Handle that. */
3078                                 requeue = handle_ipmb_get_msg_cmd(intf, msg);
3079                         }
3080                         break;
3081
3082                 case IPMI_CHANNEL_MEDIUM_8023LAN:
3083                 case IPMI_CHANNEL_MEDIUM_ASYNC:
3084                         if (msg->rsp[6] & 0x04) {
3085                                 /* It's a response, so find the
3086                                    requesting message and send it up. */
3087                                 requeue = handle_lan_get_msg_rsp(intf, msg);
3088                         } else {
3089                                 /* It's a command to the SMS from some other
3090                                    entity.  Handle that. */
3091                                 requeue = handle_lan_get_msg_cmd(intf, msg);
3092                         }
3093                         break;
3094
3095                 default:
3096                         /* We don't handle the channel type, so just
3097                          * free the message. */
3098                         requeue = 0;
3099                 }
3100
3101         } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
3102                    && (msg->rsp[1] == IPMI_READ_EVENT_MSG_BUFFER_CMD))
3103         {
3104                 /* It's an asyncronous event. */
3105                 requeue = handle_read_event_rsp(intf, msg);
3106         } else {
3107                 /* It's a response from the local BMC. */
3108                 requeue = handle_bmc_rsp(intf, msg);
3109         }
3110
3111  out:
3112         return requeue;
3113 }
3114
3115 /* Handle a new message from the lower layer. */
3116 void ipmi_smi_msg_received(ipmi_smi_t          intf,
3117                            struct ipmi_smi_msg *msg)
3118 {
3119         unsigned long flags;
3120         int           rv;
3121
3122
3123         if ((msg->data_size >= 2)
3124             && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2))
3125             && (msg->data[1] == IPMI_SEND_MSG_CMD)
3126             && (msg->user_data == NULL))
3127         {
3128                 /* This is the local response to a command send, start
3129                    the timer for these.  The user_data will not be
3130                    NULL if this is a response send, and we will let
3131                    response sends just go through. */
3132
3133                 /* Check for errors, if we get certain errors (ones
3134                    that mean basically we can try again later), we
3135                    ignore them and start the timer.  Otherwise we
3136                    report the error immediately. */
3137                 if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0)
3138                     && (msg->rsp[2] != IPMI_NODE_BUSY_ERR)
3139                     && (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR))
3140                 {
3141                         int chan = msg->rsp[3] & 0xf;
3142
3143                         /* Got an error sending the message, handle it. */
3144                         spin_lock_irqsave(&intf->counter_lock, flags);
3145                         if (chan >= IPMI_MAX_CHANNELS)
3146                                 ; /* This shouldn't happen */
3147                         else if ((intf->channels[chan].medium
3148                                   == IPMI_CHANNEL_MEDIUM_8023LAN)
3149                                  || (intf->channels[chan].medium
3150                                      == IPMI_CHANNEL_MEDIUM_ASYNC))
3151                                 intf->sent_lan_command_errs++;
3152                         else
3153                                 intf->sent_ipmb_command_errs++;
3154                         spin_unlock_irqrestore(&intf->counter_lock, flags);
3155                         intf_err_seq(intf, msg->msgid, msg->rsp[2]);
3156                 } else {
3157                         /* The message was sent, start the timer. */
3158                         intf_start_seq_timer(intf, msg->msgid);
3159                 }
3160
3161                 ipmi_free_smi_msg(msg);
3162                 goto out;
3163         }
3164
3165         /* To preserve message order, if the list is not empty, we
3166            tack this message onto the end of the list. */
3167         spin_lock_irqsave(&intf->waiting_msgs_lock, flags);
3168         if (!list_empty(&intf->waiting_msgs)) {
3169                 list_add_tail(&msg->link, &intf->waiting_msgs);
3170                 spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
3171                 goto out;
3172         }
3173         spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
3174                 
3175         rv = handle_new_recv_msg(intf, msg);
3176         if (rv > 0) {
3177                 /* Could not handle the message now, just add it to a
3178                    list to handle later. */
3179                 spin_lock_irqsave(&intf->waiting_msgs_lock, flags);
3180                 list_add_tail(&msg->link, &intf->waiting_msgs);
3181                 spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
3182         } else if (rv == 0) {
3183                 ipmi_free_smi_msg(msg);
3184         }
3185
3186  out:
3187         return;
3188 }
3189
3190 void ipmi_smi_watchdog_pretimeout(ipmi_smi_t intf)
3191 {
3192         ipmi_user_t user;
3193
3194         rcu_read_lock();
3195         list_for_each_entry_rcu(user, &intf->users, link) {
3196                 if (!user->handler->ipmi_watchdog_pretimeout)
3197                         continue;
3198
3199                 user->handler->ipmi_watchdog_pretimeout(user->handler_data);
3200         }
3201         rcu_read_unlock();
3202 }
3203
3204 static void
3205 handle_msg_timeout(struct ipmi_recv_msg *msg)
3206 {
3207         msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
3208         msg->msg_data[0] = IPMI_TIMEOUT_COMPLETION_CODE;
3209         msg->msg.netfn |= 1; /* Convert to a response. */
3210         msg->msg.data_len = 1;
3211         msg->msg.data = msg->msg_data;
3212         deliver_response(msg);
3213 }
3214
3215 static struct ipmi_smi_msg *
3216 smi_from_recv_msg(ipmi_smi_t intf, struct ipmi_recv_msg *recv_msg,
3217                   unsigned char seq, long seqid)
3218 {
3219         struct ipmi_smi_msg *smi_msg = ipmi_alloc_smi_msg();
3220         if (!smi_msg)
3221                 /* If we can't allocate the message, then just return, we
3222                    get 4 retries, so this should be ok. */
3223                 return NULL;
3224
3225         memcpy(smi_msg->data, recv_msg->msg.data, recv_msg->msg.data_len);
3226         smi_msg->data_size = recv_msg->msg.data_len;
3227         smi_msg->msgid = STORE_SEQ_IN_MSGID(seq, seqid);
3228                 
3229 #ifdef DEBUG_MSGING
3230         {
3231                 int m;
3232                 printk("Resend: ");
3233                 for (m = 0; m < smi_msg->data_size; m++)
3234                         printk(" %2.2x", smi_msg->data[m]);
3235                 printk("\n");
3236         }
3237 #endif
3238         return smi_msg;
3239 }
3240
3241 static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent,
3242                               struct list_head *timeouts, long timeout_period,
3243                               int slot, unsigned long *flags)
3244 {
3245         struct ipmi_recv_msg *msg;
3246
3247         if (!ent->inuse)
3248                 return;
3249
3250         ent->timeout -= timeout_period;
3251         if (ent->timeout > 0)
3252                 return;
3253
3254         if (ent->retries_left == 0) {
3255                 /* The message has used all its retries. */
3256                 ent->inuse = 0;
3257                 msg = ent->recv_msg;
3258                 list_add_tail(&msg->link, timeouts);
3259                 spin_lock(&intf->counter_lock);
3260                 if (ent->broadcast)
3261                         intf->timed_out_ipmb_broadcasts++;
3262                 else if (ent->recv_msg->addr.addr_type == IPMI_LAN_ADDR_TYPE)
3263                         intf->timed_out_lan_commands++;
3264                 else
3265                         intf->timed_out_ipmb_commands++;
3266                 spin_unlock(&intf->counter_lock);
3267         } else {
3268                 struct ipmi_smi_msg *smi_msg;
3269                 /* More retries, send again. */
3270
3271                 /* Start with the max timer, set to normal
3272                    timer after the message is sent. */
3273                 ent->timeout = MAX_MSG_TIMEOUT;
3274                 ent->retries_left--;
3275                 spin_lock(&intf->counter_lock);
3276                 if (ent->recv_msg->addr.addr_type == IPMI_LAN_ADDR_TYPE)
3277                         intf->retransmitted_lan_commands++;
3278                 else
3279                         intf->retransmitted_ipmb_commands++;
3280                 spin_unlock(&intf->counter_lock);
3281
3282                 smi_msg = smi_from_recv_msg(intf, ent->recv_msg, slot,
3283                                             ent->seqid);
3284                 if (!smi_msg)
3285                         return;
3286
3287                 spin_unlock_irqrestore(&intf->seq_lock, *flags);
3288                 /* Send the new message.  We send with a zero
3289                  * priority.  It timed out, I doubt time is
3290                  * that critical now, and high priority
3291                  * messages are really only for messages to the
3292                  * local MC, which don't get resent. */
3293                 intf->handlers->sender(intf->send_info,
3294                                        smi_msg, 0);
3295                 spin_lock_irqsave(&intf->seq_lock, *flags);
3296         }
3297 }
3298
3299 static void ipmi_timeout_handler(long timeout_period)
3300 {
3301         ipmi_smi_t           intf;
3302         struct list_head     timeouts;
3303         struct ipmi_recv_msg *msg, *msg2;
3304         struct ipmi_smi_msg  *smi_msg, *smi_msg2;
3305         unsigned long        flags;
3306         int                  i, j;
3307
3308         INIT_LIST_HEAD(&timeouts);
3309
3310         spin_lock(&interfaces_lock);
3311         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
3312                 intf = ipmi_interfaces[i];
3313                 if (IPMI_INVALID_INTERFACE(intf))
3314                         continue;
3315                 kref_get(&intf->refcount);
3316                 spin_unlock(&interfaces_lock);
3317
3318                 /* See if any waiting messages need to be processed. */
3319                 spin_lock_irqsave(&intf->waiting_msgs_lock, flags);
3320                 list_for_each_entry_safe(smi_msg, smi_msg2,
3321                                          &intf->waiting_msgs, link) {
3322                         if (!handle_new_recv_msg(intf, smi_msg)) {
3323                                 list_del(&smi_msg->link);
3324                                 ipmi_free_smi_msg(smi_msg);
3325                         } else {
3326                                 /* To preserve message order, quit if we
3327                                    can't handle a message. */
3328                                 break;
3329                         }
3330                 }
3331                 spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
3332
3333                 /* Go through the seq table and find any messages that
3334                    have timed out, putting them in the timeouts
3335                    list. */
3336                 spin_lock_irqsave(&intf->seq_lock, flags);
3337                 for (j = 0; j < IPMI_IPMB_NUM_SEQ; j++)
3338                         check_msg_timeout(intf, &(intf->seq_table[j]),
3339                                           &timeouts, timeout_period, j,
3340                                           &flags);
3341                 spin_unlock_irqrestore(&intf->seq_lock, flags);
3342
3343                 list_for_each_entry_safe(msg, msg2, &timeouts, link)
3344                         handle_msg_timeout(msg);
3345
3346                 kref_put(&intf->refcount, intf_free);
3347                 spin_lock(&interfaces_lock);
3348         }
3349         spin_unlock(&interfaces_lock);
3350 }
3351
3352 static void ipmi_request_event(void)
3353 {
3354         ipmi_smi_t intf;
3355         int        i;
3356
3357         spin_lock(&interfaces_lock);
3358         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
3359                 intf = ipmi_interfaces[i];
3360                 if (IPMI_INVALID_INTERFACE(intf))
3361                         continue;
3362
3363                 intf->handlers->request_events(intf->send_info);
3364         }
3365         spin_unlock(&interfaces_lock);
3366 }
3367
3368 static struct timer_list ipmi_timer;
3369
3370 /* Call every ~100 ms. */
3371 #define IPMI_TIMEOUT_TIME       100
3372
3373 /* How many jiffies does it take to get to the timeout time. */
3374 #define IPMI_TIMEOUT_JIFFIES    ((IPMI_TIMEOUT_TIME * HZ) / 1000)
3375
3376 /* Request events from the queue every second (this is the number of
3377    IPMI_TIMEOUT_TIMES between event requests).  Hopefully, in the
3378    future, IPMI will add a way to know immediately if an event is in
3379    the queue and this silliness can go away. */
3380 #define IPMI_REQUEST_EV_TIME    (1000 / (IPMI_TIMEOUT_TIME))
3381
3382 static atomic_t stop_operation;
3383 static unsigned int ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
3384
3385 static void ipmi_timeout(unsigned long data)
3386 {
3387         if (atomic_read(&stop_operation))
3388                 return;
3389
3390         ticks_to_req_ev--;
3391         if (ticks_to_req_ev == 0) {
3392                 ipmi_request_event();
3393                 ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
3394         }
3395
3396         ipmi_timeout_handler(IPMI_TIMEOUT_TIME);
3397
3398         mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
3399 }
3400
3401
3402 static atomic_t smi_msg_inuse_count = ATOMIC_INIT(0);
3403 static atomic_t recv_msg_inuse_count = ATOMIC_INIT(0);
3404
3405 /* FIXME - convert these to slabs. */
3406 static void free_smi_msg(struct ipmi_smi_msg *msg)
3407 {
3408         atomic_dec(&smi_msg_inuse_count);
3409         kfree(msg);
3410 }
3411
3412 struct ipmi_smi_msg *ipmi_alloc_smi_msg(void)
3413 {
3414         struct ipmi_smi_msg *rv;
3415         rv = kmalloc(sizeof(struct ipmi_smi_msg), GFP_ATOMIC);
3416         if (rv) {
3417                 rv->done = free_smi_msg;
3418                 rv->user_data = NULL;
3419                 atomic_inc(&smi_msg_inuse_count);
3420         }
3421         return rv;
3422 }
3423
3424 static void free_recv_msg(struct ipmi_recv_msg *msg)
3425 {
3426         atomic_dec(&recv_msg_inuse_count);
3427         kfree(msg);
3428 }
3429
3430 struct ipmi_recv_msg *ipmi_alloc_recv_msg(void)
3431 {
3432         struct ipmi_recv_msg *rv;
3433
3434         rv = kmalloc(sizeof(struct ipmi_recv_msg), GFP_ATOMIC);
3435         if (rv) {
3436                 rv->done = free_recv_msg;
3437                 atomic_inc(&recv_msg_inuse_count);
3438         }
3439         return rv;
3440 }
3441
3442 void ipmi_free_recv_msg(struct ipmi_recv_msg *msg)
3443 {
3444         if (msg->user)
3445                 kref_put(&msg->user->refcount, free_user);
3446         msg->done(msg);
3447 }
3448
3449 #ifdef CONFIG_IPMI_PANIC_EVENT
3450
3451 static void dummy_smi_done_handler(struct ipmi_smi_msg *msg)
3452 {
3453 }
3454
3455 static void dummy_recv_done_handler(struct ipmi_recv_msg *msg)
3456 {
3457 }
3458
3459 #ifdef CONFIG_IPMI_PANIC_STRING
3460 static void event_receiver_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
3461 {
3462         if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
3463             && (msg->msg.netfn == IPMI_NETFN_SENSOR_EVENT_RESPONSE)
3464             && (msg->msg.cmd == IPMI_GET_EVENT_RECEIVER_CMD)
3465             && (msg->msg.data[0] == IPMI_CC_NO_ERROR))
3466         {
3467                 /* A get event receiver command, save it. */
3468                 intf->event_receiver = msg->msg.data[1];
3469                 intf->event_receiver_lun = msg->msg.data[2] & 0x3;
3470         }
3471 }
3472
3473 static void device_id_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
3474 {
3475         if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
3476             && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
3477             && (msg->msg.cmd == IPMI_GET_DEVICE_ID_CMD)
3478             && (msg->msg.data[0] == IPMI_CC_NO_ERROR))
3479         {
3480                 /* A get device id command, save if we are an event
3481                    receiver or generator. */
3482                 intf->local_sel_device = (msg->msg.data[6] >> 2) & 1;
3483                 intf->local_event_generator = (msg->msg.data[6] >> 5) & 1;
3484         }
3485 }
3486 #endif
3487
3488 static void send_panic_events(char *str)
3489 {
3490         struct kernel_ipmi_msg            msg;
3491         ipmi_smi_t                        intf;
3492         unsigned char                     data[16];
3493         int                               i;
3494         struct ipmi_system_interface_addr *si;
3495         struct ipmi_addr                  addr;
3496         struct ipmi_smi_msg               smi_msg;
3497         struct ipmi_recv_msg              recv_msg;
3498
3499         si = (struct ipmi_system_interface_addr *) &addr;
3500         si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3501         si->channel = IPMI_BMC_CHANNEL;
3502         si->lun = 0;
3503
3504         /* Fill in an event telling that we have failed. */
3505         msg.netfn = 0x04; /* Sensor or Event. */
3506         msg.cmd = 2; /* Platform event command. */
3507         msg.data = data;
3508         msg.data_len = 8;
3509         data[0] = 0x41; /* Kernel generator ID, IPMI table 5-4 */
3510         data[1] = 0x03; /* This is for IPMI 1.0. */
3511         data[2] = 0x20; /* OS Critical Stop, IPMI table 36-3 */
3512         data[4] = 0x6f; /* Sensor specific, IPMI table 36-1 */
3513         data[5] = 0xa1; /* Runtime stop OEM bytes 2 & 3. */
3514
3515         /* Put a few breadcrumbs in.  Hopefully later we can add more things
3516            to make the panic events more useful. */
3517         if (str) {
3518                 data[3] = str[0];
3519                 data[6] = str[1];
3520                 data[7] = str[2];
3521         }
3522
3523         smi_msg.done = dummy_smi_done_handler;
3524         recv_msg.done = dummy_recv_done_handler;
3525
3526         /* For every registered interface, send the event. */
3527         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
3528                 intf = ipmi_interfaces[i];
3529                 if (IPMI_INVALID_INTERFACE(intf))
3530                         continue;
3531
3532                 /* Send the event announcing the panic. */
3533                 intf->handlers->set_run_to_completion(intf->send_info, 1);
3534                 i_ipmi_request(NULL,
3535                                intf,
3536                                &addr,
3537                                0,
3538                                &msg,
3539                                intf,
3540                                &smi_msg,
3541                                &recv_msg,
3542                                0,
3543                                intf->channels[0].address,
3544                                intf->channels[0].lun,
3545                                0, 1); /* Don't retry, and don't wait. */
3546         }
3547
3548 #ifdef CONFIG_IPMI_PANIC_STRING
3549         /* On every interface, dump a bunch of OEM event holding the
3550            string. */
3551         if (!str) 
3552                 return;
3553
3554         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
3555                 char                  *p = str;
3556                 struct ipmi_ipmb_addr *ipmb;
3557                 int                   j;
3558
3559                 intf = ipmi_interfaces[i];
3560                 if (IPMI_INVALID_INTERFACE(intf))
3561                         continue;
3562
3563                 /* First job here is to figure out where to send the
3564                    OEM events.  There's no way in IPMI to send OEM
3565                    events using an event send command, so we have to
3566                    find the SEL to put them in and stick them in
3567                    there. */
3568
3569                 /* Get capabilities from the get device id. */
3570                 intf->local_sel_device = 0;
3571                 intf->local_event_generator = 0;
3572                 intf->event_receiver = 0;
3573
3574                 /* Request the device info from the local MC. */
3575                 msg.netfn = IPMI_NETFN_APP_REQUEST;
3576                 msg.cmd = IPMI_GET_DEVICE_ID_CMD;
3577                 msg.data = NULL;
3578                 msg.data_len = 0;
3579                 intf->null_user_handler = device_id_fetcher;
3580                 i_ipmi_request(NULL,
3581                                intf,
3582                                &addr,
3583                                0,
3584                                &msg,
3585                                intf,
3586                                &smi_msg,
3587                                &recv_msg,
3588                                0,
3589                                intf->channels[0].address,
3590                                intf->channels[0].lun,
3591                                0, 1); /* Don't retry, and don't wait. */
3592
3593                 if (intf->local_event_generator) {
3594                         /* Request the event receiver from the local MC. */
3595                         msg.netfn = IPMI_NETFN_SENSOR_EVENT_REQUEST;
3596                         msg.cmd = IPMI_GET_EVENT_RECEIVER_CMD;
3597                         msg.data = NULL;
3598                         msg.data_len = 0;
3599                         intf->null_user_handler = event_receiver_fetcher;
3600                         i_ipmi_request(NULL,
3601                                        intf,
3602                                        &addr,
3603                                        0,
3604                                        &msg,
3605                                        intf,
3606                                        &smi_msg,
3607                                        &recv_msg,
3608                                        0,
3609                                        intf->channels[0].address,
3610                                        intf->channels[0].lun,
3611                                        0, 1); /* no retry, and no wait. */
3612                 }
3613                 intf->null_user_handler = NULL;
3614
3615                 /* Validate the event receiver.  The low bit must not
3616                    be 1 (it must be a valid IPMB address), it cannot
3617                    be zero, and it must not be my address. */
3618                 if (((intf->event_receiver & 1) == 0)
3619                     && (intf->event_receiver != 0)
3620                     && (intf->event_receiver != intf->channels[0].address))
3621                 {
3622                         /* The event receiver is valid, send an IPMB
3623                            message. */
3624                         ipmb = (struct ipmi_ipmb_addr *) &addr;
3625                         ipmb->addr_type = IPMI_IPMB_ADDR_TYPE;
3626                         ipmb->channel = 0; /* FIXME - is this right? */
3627                         ipmb->lun = intf->event_receiver_lun;
3628                         ipmb->slave_addr = intf->event_receiver;
3629                 } else if (intf->local_sel_device) {
3630                         /* The event receiver was not valid (or was
3631                            me), but I am an SEL device, just dump it
3632                            in my SEL. */
3633                         si = (struct ipmi_system_interface_addr *) &addr;
3634                         si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3635                         si->channel = IPMI_BMC_CHANNEL;
3636                         si->lun = 0;
3637                 } else
3638                         continue; /* No where to send the event. */
3639
3640                 
3641                 msg.netfn = IPMI_NETFN_STORAGE_REQUEST; /* Storage. */
3642                 msg.cmd = IPMI_ADD_SEL_ENTRY_CMD;
3643                 msg.data = data;
3644                 msg.data_len = 16;
3645
3646                 j = 0;
3647                 while (*p) {
3648                         int size = strlen(p);
3649
3650                         if (size > 11)
3651                                 size = 11;
3652                         data[0] = 0;
3653                         data[1] = 0;
3654                         data[2] = 0xf0; /* OEM event without timestamp. */
3655                         data[3] = intf->channels[0].address;
3656                         data[4] = j++; /* sequence # */
3657                         /* Always give 11 bytes, so strncpy will fill
3658                            it with zeroes for me. */
3659                         strncpy(data+5, p, 11);
3660                         p += size;
3661
3662                         i_ipmi_request(NULL,
3663                                        intf,
3664                                        &addr,
3665                                        0,
3666                                        &msg,
3667                                        intf,
3668                                        &smi_msg,
3669                                        &recv_msg,
3670                                        0,
3671                                        intf->channels[0].address,
3672                                        intf->channels[0].lun,
3673                                        0, 1); /* no retry, and no wait. */
3674                 }
3675         }       
3676 #endif /* CONFIG_IPMI_PANIC_STRING */
3677 }
3678 #endif /* CONFIG_IPMI_PANIC_EVENT */
3679
3680 static int has_paniced = 0;
3681
3682 static int panic_event(struct notifier_block *this,
3683                        unsigned long         event,
3684                        void                  *ptr)
3685 {
3686         int        i;
3687         ipmi_smi_t intf;
3688
3689         if (has_paniced)
3690                 return NOTIFY_DONE;
3691         has_paniced = 1;
3692
3693         /* For every registered interface, set it to run to completion. */
3694         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
3695                 intf = ipmi_interfaces[i];
3696                 if (IPMI_INVALID_INTERFACE(intf))
3697                         continue;
3698
3699                 intf->handlers->set_run_to_completion(intf->send_info, 1);
3700         }
3701
3702 #ifdef CONFIG_IPMI_PANIC_EVENT
3703         send_panic_events(ptr);
3704 #endif
3705
3706         return NOTIFY_DONE;
3707 }
3708
3709 static struct notifier_block panic_block = {
3710         .notifier_call  = panic_event,
3711         .next           = NULL,
3712         .priority       = 200   /* priority: INT_MAX >= x >= 0 */
3713 };
3714
3715 static int ipmi_init_msghandler(void)
3716 {
3717         int i;
3718         int rv;
3719
3720         if (initialized)
3721                 return 0;
3722
3723         rv = driver_register(&ipmidriver);
3724         if (rv) {
3725                 printk(KERN_ERR PFX "Could not register IPMI driver\n");
3726                 return rv;
3727         }
3728
3729         printk(KERN_INFO "ipmi message handler version "
3730                IPMI_DRIVER_VERSION "\n");
3731
3732         for (i = 0; i < MAX_IPMI_INTERFACES; i++)
3733                 ipmi_interfaces[i] = NULL;
3734
3735 #ifdef CONFIG_PROC_FS
3736         proc_ipmi_root = proc_mkdir("ipmi", NULL);
3737         if (!proc_ipmi_root) {
3738             printk(KERN_ERR PFX "Unable to create IPMI proc dir");
3739             return -ENOMEM;
3740         }
3741
3742         proc_ipmi_root->owner = THIS_MODULE;
3743 #endif /* CONFIG_PROC_FS */
3744
3745         init_timer(&ipmi_timer);
3746         ipmi_timer.data = 0;
3747         ipmi_timer.function = ipmi_timeout;
3748         ipmi_timer.expires = jiffies + IPMI_TIMEOUT_JIFFIES;
3749         add_timer(&ipmi_timer);
3750
3751         atomic_notifier_chain_register(&panic_notifier_list, &panic_block);
3752
3753         initialized = 1;
3754
3755         return 0;
3756 }
3757
3758 static __init int ipmi_init_msghandler_mod(void)
3759 {
3760         ipmi_init_msghandler();
3761         return 0;
3762 }
3763
3764 static __exit void cleanup_ipmi(void)
3765 {
3766         int count;
3767
3768         if (!initialized)
3769                 return;
3770
3771         atomic_notifier_chain_unregister(&panic_notifier_list, &panic_block);
3772
3773         /* This can't be called if any interfaces exist, so no worry about
3774            shutting down the interfaces. */
3775
3776         /* Tell the timer to stop, then wait for it to stop.  This avoids
3777            problems with race conditions removing the timer here. */
3778         atomic_inc(&stop_operation);
3779         del_timer_sync(&ipmi_timer);
3780
3781 #ifdef CONFIG_PROC_FS
3782         remove_proc_entry(proc_ipmi_root->name, &proc_root);
3783 #endif /* CONFIG_PROC_FS */
3784
3785         driver_unregister(&ipmidriver);
3786
3787         initialized = 0;
3788
3789         /* Check for buffer leaks. */
3790         count = atomic_read(&smi_msg_inuse_count);
3791         if (count != 0)
3792                 printk(KERN_WARNING PFX "SMI message count %d at exit\n",
3793                        count);
3794         count = atomic_read(&recv_msg_inuse_count);
3795         if (count != 0)
3796                 printk(KERN_WARNING PFX "recv message count %d at exit\n",
3797                        count);
3798 }
3799 module_exit(cleanup_ipmi);
3800
3801 module_init(ipmi_init_msghandler_mod);
3802 MODULE_LICENSE("GPL");
3803 MODULE_AUTHOR("Corey Minyard <minyard@mvista.com>");
3804 MODULE_DESCRIPTION("Incoming and outgoing message routing for an IPMI interface.");
3805 MODULE_VERSION(IPMI_DRIVER_VERSION);
3806
3807 EXPORT_SYMBOL(ipmi_create_user);
3808 EXPORT_SYMBOL(ipmi_destroy_user);
3809 EXPORT_SYMBOL(ipmi_get_version);
3810 EXPORT_SYMBOL(ipmi_request_settime);
3811 EXPORT_SYMBOL(ipmi_request_supply_msgs);
3812 EXPORT_SYMBOL(ipmi_register_smi);
3813 EXPORT_SYMBOL(ipmi_unregister_smi);
3814 EXPORT_SYMBOL(ipmi_register_for_cmd);
3815 EXPORT_SYMBOL(ipmi_unregister_for_cmd);
3816 EXPORT_SYMBOL(ipmi_smi_msg_received);
3817 EXPORT_SYMBOL(ipmi_smi_watchdog_pretimeout);
3818 EXPORT_SYMBOL(ipmi_alloc_smi_msg);
3819 EXPORT_SYMBOL(ipmi_addr_length);
3820 EXPORT_SYMBOL(ipmi_validate_addr);
3821 EXPORT_SYMBOL(ipmi_set_gets_events);
3822 EXPORT_SYMBOL(ipmi_smi_watcher_register);
3823 EXPORT_SYMBOL(ipmi_smi_watcher_unregister);
3824 EXPORT_SYMBOL(ipmi_set_my_address);
3825 EXPORT_SYMBOL(ipmi_get_my_address);
3826 EXPORT_SYMBOL(ipmi_set_my_LUN);
3827 EXPORT_SYMBOL(ipmi_get_my_LUN);
3828 EXPORT_SYMBOL(ipmi_smi_add_proc_entry);
3829 EXPORT_SYMBOL(ipmi_user_set_run_to_completion);
3830 EXPORT_SYMBOL(ipmi_free_recv_msg);