ACPI: thinkpad-acpi: cleanup hotkey_notify and HKEY log messages
[linux-2.6] / drivers / char / ipmi / ipmi_msghandler.c
1 /*
2  * ipmi_msghandler.c
3  *
4  * Incoming and outgoing message routing for an IPMI interface.
5  *
6  * Author: MontaVista Software, Inc.
7  *         Corey Minyard <minyard@mvista.com>
8  *         source@mvista.com
9  *
10  * Copyright 2002 MontaVista Software Inc.
11  *
12  *  This program is free software; you can redistribute it and/or modify it
13  *  under the terms of the GNU General Public License as published by the
14  *  Free Software Foundation; either version 2 of the License, or (at your
15  *  option) any later version.
16  *
17  *
18  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
19  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21  *  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22  *  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23  *  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
24  *  OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25  *  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
26  *  TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
27  *  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  *
29  *  You should have received a copy of the GNU General Public License along
30  *  with this program; if not, write to the Free Software Foundation, Inc.,
31  *  675 Mass Ave, Cambridge, MA 02139, USA.
32  */
33
34 #include <linux/module.h>
35 #include <linux/errno.h>
36 #include <asm/system.h>
37 #include <linux/poll.h>
38 #include <linux/spinlock.h>
39 #include <linux/mutex.h>
40 #include <linux/slab.h>
41 #include <linux/ipmi.h>
42 #include <linux/ipmi_smi.h>
43 #include <linux/notifier.h>
44 #include <linux/init.h>
45 #include <linux/proc_fs.h>
46 #include <linux/rcupdate.h>
47
48 #define PFX "IPMI message handler: "
49
50 #define IPMI_DRIVER_VERSION "39.1"
51
52 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void);
53 static int ipmi_init_msghandler(void);
54
55 static int initialized;
56
57 #ifdef CONFIG_PROC_FS
58 static struct proc_dir_entry *proc_ipmi_root;
59 #endif /* CONFIG_PROC_FS */
60
61 /* Remain in auto-maintenance mode for this amount of time (in ms). */
62 #define IPMI_MAINTENANCE_MODE_TIMEOUT 30000
63
64 #define MAX_EVENTS_IN_QUEUE     25
65
66 /* Don't let a message sit in a queue forever, always time it with at lest
67    the max message timer.  This is in milliseconds. */
68 #define MAX_MSG_TIMEOUT         60000
69
70
71 /*
72  * The main "user" data structure.
73  */
74 struct ipmi_user
75 {
76         struct list_head link;
77
78         /* Set to "0" when the user is destroyed. */
79         int valid;
80
81         struct kref refcount;
82
83         /* The upper layer that handles receive messages. */
84         struct ipmi_user_hndl *handler;
85         void             *handler_data;
86
87         /* The interface this user is bound to. */
88         ipmi_smi_t intf;
89
90         /* Does this interface receive IPMI events? */
91         int gets_events;
92 };
93
94 struct cmd_rcvr
95 {
96         struct list_head link;
97
98         ipmi_user_t   user;
99         unsigned char netfn;
100         unsigned char cmd;
101         unsigned int  chans;
102
103         /*
104          * This is used to form a linked lised during mass deletion.
105          * Since this is in an RCU list, we cannot use the link above
106          * or change any data until the RCU period completes.  So we
107          * use this next variable during mass deletion so we can have
108          * a list and don't have to wait and restart the search on
109          * every individual deletion of a command. */
110         struct cmd_rcvr *next;
111 };
112
113 struct seq_table
114 {
115         unsigned int         inuse : 1;
116         unsigned int         broadcast : 1;
117
118         unsigned long        timeout;
119         unsigned long        orig_timeout;
120         unsigned int         retries_left;
121
122         /* To verify on an incoming send message response that this is
123            the message that the response is for, we keep a sequence id
124            and increment it every time we send a message. */
125         long                 seqid;
126
127         /* This is held so we can properly respond to the message on a
128            timeout, and it is used to hold the temporary data for
129            retransmission, too. */
130         struct ipmi_recv_msg *recv_msg;
131 };
132
133 /* Store the information in a msgid (long) to allow us to find a
134    sequence table entry from the msgid. */
135 #define STORE_SEQ_IN_MSGID(seq, seqid) (((seq&0xff)<<26) | (seqid&0x3ffffff))
136
137 #define GET_SEQ_FROM_MSGID(msgid, seq, seqid) \
138         do {                                                            \
139                 seq = ((msgid >> 26) & 0x3f);                           \
140                 seqid = (msgid & 0x3fffff);                             \
141         } while (0)
142
143 #define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3fffff)
144
145 struct ipmi_channel
146 {
147         unsigned char medium;
148         unsigned char protocol;
149
150         /* My slave address.  This is initialized to IPMI_BMC_SLAVE_ADDR,
151            but may be changed by the user. */
152         unsigned char address;
153
154         /* My LUN.  This should generally stay the SMS LUN, but just in
155            case... */
156         unsigned char lun;
157 };
158
159 #ifdef CONFIG_PROC_FS
160 struct ipmi_proc_entry
161 {
162         char                   *name;
163         struct ipmi_proc_entry *next;
164 };
165 #endif
166
167 struct bmc_device
168 {
169         struct platform_device *dev;
170         struct ipmi_device_id  id;
171         unsigned char          guid[16];
172         int                    guid_set;
173
174         struct kref            refcount;
175
176         /* bmc device attributes */
177         struct device_attribute device_id_attr;
178         struct device_attribute provides_dev_sdrs_attr;
179         struct device_attribute revision_attr;
180         struct device_attribute firmware_rev_attr;
181         struct device_attribute version_attr;
182         struct device_attribute add_dev_support_attr;
183         struct device_attribute manufacturer_id_attr;
184         struct device_attribute product_id_attr;
185         struct device_attribute guid_attr;
186         struct device_attribute aux_firmware_rev_attr;
187 };
188
189 #define IPMI_IPMB_NUM_SEQ       64
190 #define IPMI_MAX_CHANNELS       16
191 struct ipmi_smi
192 {
193         /* What interface number are we? */
194         int intf_num;
195
196         struct kref refcount;
197
198         /* Used for a list of interfaces. */
199         struct list_head link;
200
201         /* The list of upper layers that are using me.  seq_lock
202          * protects this. */
203         struct list_head users;
204
205         /* Information to supply to users. */
206         unsigned char ipmi_version_major;
207         unsigned char ipmi_version_minor;
208
209         /* Used for wake ups at startup. */
210         wait_queue_head_t waitq;
211
212         struct bmc_device *bmc;
213         char *my_dev_name;
214         char *sysfs_name;
215
216         /* This is the lower-layer's sender routine.  Note that you
217          * must either be holding the ipmi_interfaces_mutex or be in
218          * an umpreemptible region to use this.  You must fetch the
219          * value into a local variable and make sure it is not NULL. */
220         struct ipmi_smi_handlers *handlers;
221         void                     *send_info;
222
223 #ifdef CONFIG_PROC_FS
224         /* A list of proc entries for this interface. */
225         struct mutex           proc_entry_lock;
226         struct ipmi_proc_entry *proc_entries;
227 #endif
228
229         /* Driver-model device for the system interface. */
230         struct device          *si_dev;
231
232         /* A table of sequence numbers for this interface.  We use the
233            sequence numbers for IPMB messages that go out of the
234            interface to match them up with their responses.  A routine
235            is called periodically to time the items in this list. */
236         spinlock_t       seq_lock;
237         struct seq_table seq_table[IPMI_IPMB_NUM_SEQ];
238         int curr_seq;
239
240         /* Messages that were delayed for some reason (out of memory,
241            for instance), will go in here to be processed later in a
242            periodic timer interrupt. */
243         spinlock_t       waiting_msgs_lock;
244         struct list_head waiting_msgs;
245
246         /* The list of command receivers that are registered for commands
247            on this interface. */
248         struct mutex     cmd_rcvrs_mutex;
249         struct list_head cmd_rcvrs;
250
251         /* Events that were queues because no one was there to receive
252            them. */
253         spinlock_t       events_lock; /* For dealing with event stuff. */
254         struct list_head waiting_events;
255         unsigned int     waiting_events_count; /* How many events in queue? */
256         int              delivering_events;
257
258         /* The event receiver for my BMC, only really used at panic
259            shutdown as a place to store this. */
260         unsigned char event_receiver;
261         unsigned char event_receiver_lun;
262         unsigned char local_sel_device;
263         unsigned char local_event_generator;
264
265         /* For handling of maintenance mode. */
266         int maintenance_mode;
267         int maintenance_mode_enable;
268         int auto_maintenance_timeout;
269         spinlock_t maintenance_mode_lock; /* Used in a timer... */
270
271         /* A cheap hack, if this is non-null and a message to an
272            interface comes in with a NULL user, call this routine with
273            it.  Note that the message will still be freed by the
274            caller.  This only works on the system interface. */
275         void (*null_user_handler)(ipmi_smi_t intf, struct ipmi_recv_msg *msg);
276
277         /* When we are scanning the channels for an SMI, this will
278            tell which channel we are scanning. */
279         int curr_channel;
280
281         /* Channel information */
282         struct ipmi_channel channels[IPMI_MAX_CHANNELS];
283
284         /* Proc FS stuff. */
285         struct proc_dir_entry *proc_dir;
286         char                  proc_dir_name[10];
287
288         spinlock_t   counter_lock; /* For making counters atomic. */
289
290         /* Commands we got that were invalid. */
291         unsigned int sent_invalid_commands;
292
293         /* Commands we sent to the MC. */
294         unsigned int sent_local_commands;
295         /* Responses from the MC that were delivered to a user. */
296         unsigned int handled_local_responses;
297         /* Responses from the MC that were not delivered to a user. */
298         unsigned int unhandled_local_responses;
299
300         /* Commands we sent out to the IPMB bus. */
301         unsigned int sent_ipmb_commands;
302         /* Commands sent on the IPMB that had errors on the SEND CMD */
303         unsigned int sent_ipmb_command_errs;
304         /* Each retransmit increments this count. */
305         unsigned int retransmitted_ipmb_commands;
306         /* When a message times out (runs out of retransmits) this is
307            incremented. */
308         unsigned int timed_out_ipmb_commands;
309
310         /* This is like above, but for broadcasts.  Broadcasts are
311            *not* included in the above count (they are expected to
312            time out). */
313         unsigned int timed_out_ipmb_broadcasts;
314
315         /* Responses I have sent to the IPMB bus. */
316         unsigned int sent_ipmb_responses;
317
318         /* The response was delivered to the user. */
319         unsigned int handled_ipmb_responses;
320         /* The response had invalid data in it. */
321         unsigned int invalid_ipmb_responses;
322         /* The response didn't have anyone waiting for it. */
323         unsigned int unhandled_ipmb_responses;
324
325         /* Commands we sent out to the IPMB bus. */
326         unsigned int sent_lan_commands;
327         /* Commands sent on the IPMB that had errors on the SEND CMD */
328         unsigned int sent_lan_command_errs;
329         /* Each retransmit increments this count. */
330         unsigned int retransmitted_lan_commands;
331         /* When a message times out (runs out of retransmits) this is
332            incremented. */
333         unsigned int timed_out_lan_commands;
334
335         /* Responses I have sent to the IPMB bus. */
336         unsigned int sent_lan_responses;
337
338         /* The response was delivered to the user. */
339         unsigned int handled_lan_responses;
340         /* The response had invalid data in it. */
341         unsigned int invalid_lan_responses;
342         /* The response didn't have anyone waiting for it. */
343         unsigned int unhandled_lan_responses;
344
345         /* The command was delivered to the user. */
346         unsigned int handled_commands;
347         /* The command had invalid data in it. */
348         unsigned int invalid_commands;
349         /* The command didn't have anyone waiting for it. */
350         unsigned int unhandled_commands;
351
352         /* Invalid data in an event. */
353         unsigned int invalid_events;
354         /* Events that were received with the proper format. */
355         unsigned int events;
356 };
357 #define to_si_intf_from_dev(device) container_of(device, struct ipmi_smi, dev)
358
359 /**
360  * The driver model view of the IPMI messaging driver.
361  */
362 static struct device_driver ipmidriver = {
363         .name = "ipmi",
364         .bus = &platform_bus_type
365 };
366 static DEFINE_MUTEX(ipmidriver_mutex);
367
368 static struct list_head ipmi_interfaces = LIST_HEAD_INIT(ipmi_interfaces);
369 static DEFINE_MUTEX(ipmi_interfaces_mutex);
370
371 /* List of watchers that want to know when smi's are added and
372    deleted. */
373 static struct list_head smi_watchers = LIST_HEAD_INIT(smi_watchers);
374 static DEFINE_MUTEX(smi_watchers_mutex);
375
376
377 static void free_recv_msg_list(struct list_head *q)
378 {
379         struct ipmi_recv_msg *msg, *msg2;
380
381         list_for_each_entry_safe(msg, msg2, q, link) {
382                 list_del(&msg->link);
383                 ipmi_free_recv_msg(msg);
384         }
385 }
386
387 static void free_smi_msg_list(struct list_head *q)
388 {
389         struct ipmi_smi_msg *msg, *msg2;
390
391         list_for_each_entry_safe(msg, msg2, q, link) {
392                 list_del(&msg->link);
393                 ipmi_free_smi_msg(msg);
394         }
395 }
396
397 static void clean_up_interface_data(ipmi_smi_t intf)
398 {
399         int              i;
400         struct cmd_rcvr  *rcvr, *rcvr2;
401         struct list_head list;
402
403         free_smi_msg_list(&intf->waiting_msgs);
404         free_recv_msg_list(&intf->waiting_events);
405
406         /*
407          * Wholesale remove all the entries from the list in the
408          * interface and wait for RCU to know that none are in use.
409          */
410         mutex_lock(&intf->cmd_rcvrs_mutex);
411         INIT_LIST_HEAD(&list);
412         list_splice_init_rcu(&intf->cmd_rcvrs, &list, synchronize_rcu);
413         mutex_unlock(&intf->cmd_rcvrs_mutex);
414
415         list_for_each_entry_safe(rcvr, rcvr2, &list, link)
416                 kfree(rcvr);
417
418         for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
419                 if ((intf->seq_table[i].inuse)
420                     && (intf->seq_table[i].recv_msg))
421                 {
422                         ipmi_free_recv_msg(intf->seq_table[i].recv_msg);
423                 }
424         }
425 }
426
427 static void intf_free(struct kref *ref)
428 {
429         ipmi_smi_t intf = container_of(ref, struct ipmi_smi, refcount);
430
431         clean_up_interface_data(intf);
432         kfree(intf);
433 }
434
435 struct watcher_entry {
436         int              intf_num;
437         ipmi_smi_t       intf;
438         struct list_head link;
439 };
440
441 int ipmi_smi_watcher_register(struct ipmi_smi_watcher *watcher)
442 {
443         ipmi_smi_t intf;
444         struct list_head to_deliver = LIST_HEAD_INIT(to_deliver);
445         struct watcher_entry *e, *e2;
446
447         mutex_lock(&smi_watchers_mutex);
448
449         mutex_lock(&ipmi_interfaces_mutex);
450
451         /* Build a list of things to deliver. */
452         list_for_each_entry(intf, &ipmi_interfaces, link) {
453                 if (intf->intf_num == -1)
454                         continue;
455                 e = kmalloc(sizeof(*e), GFP_KERNEL);
456                 if (!e)
457                         goto out_err;
458                 kref_get(&intf->refcount);
459                 e->intf = intf;
460                 e->intf_num = intf->intf_num;
461                 list_add_tail(&e->link, &to_deliver);
462         }
463
464         /* We will succeed, so add it to the list. */
465         list_add(&watcher->link, &smi_watchers);
466
467         mutex_unlock(&ipmi_interfaces_mutex);
468
469         list_for_each_entry_safe(e, e2, &to_deliver, link) {
470                 list_del(&e->link);
471                 watcher->new_smi(e->intf_num, e->intf->si_dev);
472                 kref_put(&e->intf->refcount, intf_free);
473                 kfree(e);
474         }
475
476         mutex_unlock(&smi_watchers_mutex);
477
478         return 0;
479
480  out_err:
481         mutex_unlock(&ipmi_interfaces_mutex);
482         mutex_unlock(&smi_watchers_mutex);
483         list_for_each_entry_safe(e, e2, &to_deliver, link) {
484                 list_del(&e->link);
485                 kref_put(&e->intf->refcount, intf_free);
486                 kfree(e);
487         }
488         return -ENOMEM;
489 }
490
491 int ipmi_smi_watcher_unregister(struct ipmi_smi_watcher *watcher)
492 {
493         mutex_lock(&smi_watchers_mutex);
494         list_del(&(watcher->link));
495         mutex_unlock(&smi_watchers_mutex);
496         return 0;
497 }
498
499 /*
500  * Must be called with smi_watchers_mutex held.
501  */
502 static void
503 call_smi_watchers(int i, struct device *dev)
504 {
505         struct ipmi_smi_watcher *w;
506
507         list_for_each_entry(w, &smi_watchers, link) {
508                 if (try_module_get(w->owner)) {
509                         w->new_smi(i, dev);
510                         module_put(w->owner);
511                 }
512         }
513 }
514
515 static int
516 ipmi_addr_equal(struct ipmi_addr *addr1, struct ipmi_addr *addr2)
517 {
518         if (addr1->addr_type != addr2->addr_type)
519                 return 0;
520
521         if (addr1->channel != addr2->channel)
522                 return 0;
523
524         if (addr1->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
525                 struct ipmi_system_interface_addr *smi_addr1
526                     = (struct ipmi_system_interface_addr *) addr1;
527                 struct ipmi_system_interface_addr *smi_addr2
528                     = (struct ipmi_system_interface_addr *) addr2;
529                 return (smi_addr1->lun == smi_addr2->lun);
530         }
531
532         if ((addr1->addr_type == IPMI_IPMB_ADDR_TYPE)
533             || (addr1->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
534         {
535                 struct ipmi_ipmb_addr *ipmb_addr1
536                     = (struct ipmi_ipmb_addr *) addr1;
537                 struct ipmi_ipmb_addr *ipmb_addr2
538                     = (struct ipmi_ipmb_addr *) addr2;
539
540                 return ((ipmb_addr1->slave_addr == ipmb_addr2->slave_addr)
541                         && (ipmb_addr1->lun == ipmb_addr2->lun));
542         }
543
544         if (addr1->addr_type == IPMI_LAN_ADDR_TYPE) {
545                 struct ipmi_lan_addr *lan_addr1
546                         = (struct ipmi_lan_addr *) addr1;
547                 struct ipmi_lan_addr *lan_addr2
548                     = (struct ipmi_lan_addr *) addr2;
549
550                 return ((lan_addr1->remote_SWID == lan_addr2->remote_SWID)
551                         && (lan_addr1->local_SWID == lan_addr2->local_SWID)
552                         && (lan_addr1->session_handle
553                             == lan_addr2->session_handle)
554                         && (lan_addr1->lun == lan_addr2->lun));
555         }
556
557         return 1;
558 }
559
560 int ipmi_validate_addr(struct ipmi_addr *addr, int len)
561 {
562         if (len < sizeof(struct ipmi_system_interface_addr)) {
563                 return -EINVAL;
564         }
565
566         if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
567                 if (addr->channel != IPMI_BMC_CHANNEL)
568                         return -EINVAL;
569                 return 0;
570         }
571
572         if ((addr->channel == IPMI_BMC_CHANNEL)
573             || (addr->channel >= IPMI_MAX_CHANNELS)
574             || (addr->channel < 0))
575                 return -EINVAL;
576
577         if ((addr->addr_type == IPMI_IPMB_ADDR_TYPE)
578             || (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
579         {
580                 if (len < sizeof(struct ipmi_ipmb_addr)) {
581                         return -EINVAL;
582                 }
583                 return 0;
584         }
585
586         if (addr->addr_type == IPMI_LAN_ADDR_TYPE) {
587                 if (len < sizeof(struct ipmi_lan_addr)) {
588                         return -EINVAL;
589                 }
590                 return 0;
591         }
592
593         return -EINVAL;
594 }
595
596 unsigned int ipmi_addr_length(int addr_type)
597 {
598         if (addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
599                 return sizeof(struct ipmi_system_interface_addr);
600
601         if ((addr_type == IPMI_IPMB_ADDR_TYPE)
602             || (addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
603         {
604                 return sizeof(struct ipmi_ipmb_addr);
605         }
606
607         if (addr_type == IPMI_LAN_ADDR_TYPE)
608                 return sizeof(struct ipmi_lan_addr);
609
610         return 0;
611 }
612
613 static void deliver_response(struct ipmi_recv_msg *msg)
614 {
615         if (!msg->user) {
616                 ipmi_smi_t    intf = msg->user_msg_data;
617                 unsigned long flags;
618
619                 /* Special handling for NULL users. */
620                 if (intf->null_user_handler) {
621                         intf->null_user_handler(intf, msg);
622                         spin_lock_irqsave(&intf->counter_lock, flags);
623                         intf->handled_local_responses++;
624                         spin_unlock_irqrestore(&intf->counter_lock, flags);
625                 } else {
626                         /* No handler, so give up. */
627                         spin_lock_irqsave(&intf->counter_lock, flags);
628                         intf->unhandled_local_responses++;
629                         spin_unlock_irqrestore(&intf->counter_lock, flags);
630                 }
631                 ipmi_free_recv_msg(msg);
632         } else {
633                 ipmi_user_t user = msg->user;
634                 user->handler->ipmi_recv_hndl(msg, user->handler_data);
635         }
636 }
637
638 static void
639 deliver_err_response(struct ipmi_recv_msg *msg, int err)
640 {
641         msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
642         msg->msg_data[0] = err;
643         msg->msg.netfn |= 1; /* Convert to a response. */
644         msg->msg.data_len = 1;
645         msg->msg.data = msg->msg_data;
646         deliver_response(msg);
647 }
648
649 /* Find the next sequence number not being used and add the given
650    message with the given timeout to the sequence table.  This must be
651    called with the interface's seq_lock held. */
652 static int intf_next_seq(ipmi_smi_t           intf,
653                          struct ipmi_recv_msg *recv_msg,
654                          unsigned long        timeout,
655                          int                  retries,
656                          int                  broadcast,
657                          unsigned char        *seq,
658                          long                 *seqid)
659 {
660         int          rv = 0;
661         unsigned int i;
662
663         for (i = intf->curr_seq;
664              (i+1)%IPMI_IPMB_NUM_SEQ != intf->curr_seq;
665              i = (i+1)%IPMI_IPMB_NUM_SEQ)
666         {
667                 if (!intf->seq_table[i].inuse)
668                         break;
669         }
670
671         if (!intf->seq_table[i].inuse) {
672                 intf->seq_table[i].recv_msg = recv_msg;
673
674                 /* Start with the maximum timeout, when the send response
675                    comes in we will start the real timer. */
676                 intf->seq_table[i].timeout = MAX_MSG_TIMEOUT;
677                 intf->seq_table[i].orig_timeout = timeout;
678                 intf->seq_table[i].retries_left = retries;
679                 intf->seq_table[i].broadcast = broadcast;
680                 intf->seq_table[i].inuse = 1;
681                 intf->seq_table[i].seqid = NEXT_SEQID(intf->seq_table[i].seqid);
682                 *seq = i;
683                 *seqid = intf->seq_table[i].seqid;
684                 intf->curr_seq = (i+1)%IPMI_IPMB_NUM_SEQ;
685         } else {
686                 rv = -EAGAIN;
687         }
688         
689         return rv;
690 }
691
692 /* Return the receive message for the given sequence number and
693    release the sequence number so it can be reused.  Some other data
694    is passed in to be sure the message matches up correctly (to help
695    guard against message coming in after their timeout and the
696    sequence number being reused). */
697 static int intf_find_seq(ipmi_smi_t           intf,
698                          unsigned char        seq,
699                          short                channel,
700                          unsigned char        cmd,
701                          unsigned char        netfn,
702                          struct ipmi_addr     *addr,
703                          struct ipmi_recv_msg **recv_msg)
704 {
705         int           rv = -ENODEV;
706         unsigned long flags;
707
708         if (seq >= IPMI_IPMB_NUM_SEQ)
709                 return -EINVAL;
710
711         spin_lock_irqsave(&(intf->seq_lock), flags);
712         if (intf->seq_table[seq].inuse) {
713                 struct ipmi_recv_msg *msg = intf->seq_table[seq].recv_msg;
714
715                 if ((msg->addr.channel == channel)
716                     && (msg->msg.cmd == cmd)
717                     && (msg->msg.netfn == netfn)
718                     && (ipmi_addr_equal(addr, &(msg->addr))))
719                 {
720                         *recv_msg = msg;
721                         intf->seq_table[seq].inuse = 0;
722                         rv = 0;
723                 }
724         }
725         spin_unlock_irqrestore(&(intf->seq_lock), flags);
726
727         return rv;
728 }
729
730
731 /* Start the timer for a specific sequence table entry. */
732 static int intf_start_seq_timer(ipmi_smi_t intf,
733                                 long       msgid)
734 {
735         int           rv = -ENODEV;
736         unsigned long flags;
737         unsigned char seq;
738         unsigned long seqid;
739
740
741         GET_SEQ_FROM_MSGID(msgid, seq, seqid);
742
743         spin_lock_irqsave(&(intf->seq_lock), flags);
744         /* We do this verification because the user can be deleted
745            while a message is outstanding. */
746         if ((intf->seq_table[seq].inuse)
747             && (intf->seq_table[seq].seqid == seqid))
748         {
749                 struct seq_table *ent = &(intf->seq_table[seq]);
750                 ent->timeout = ent->orig_timeout;
751                 rv = 0;
752         }
753         spin_unlock_irqrestore(&(intf->seq_lock), flags);
754
755         return rv;
756 }
757
758 /* Got an error for the send message for a specific sequence number. */
759 static int intf_err_seq(ipmi_smi_t   intf,
760                         long         msgid,
761                         unsigned int err)
762 {
763         int                  rv = -ENODEV;
764         unsigned long        flags;
765         unsigned char        seq;
766         unsigned long        seqid;
767         struct ipmi_recv_msg *msg = NULL;
768
769
770         GET_SEQ_FROM_MSGID(msgid, seq, seqid);
771
772         spin_lock_irqsave(&(intf->seq_lock), flags);
773         /* We do this verification because the user can be deleted
774            while a message is outstanding. */
775         if ((intf->seq_table[seq].inuse)
776             && (intf->seq_table[seq].seqid == seqid))
777         {
778                 struct seq_table *ent = &(intf->seq_table[seq]);
779
780                 ent->inuse = 0;
781                 msg = ent->recv_msg;
782                 rv = 0;
783         }
784         spin_unlock_irqrestore(&(intf->seq_lock), flags);
785
786         if (msg)
787                 deliver_err_response(msg, err);
788
789         return rv;
790 }
791
792
793 int ipmi_create_user(unsigned int          if_num,
794                      struct ipmi_user_hndl *handler,
795                      void                  *handler_data,
796                      ipmi_user_t           *user)
797 {
798         unsigned long flags;
799         ipmi_user_t   new_user;
800         int           rv = 0;
801         ipmi_smi_t    intf;
802
803         /* There is no module usecount here, because it's not
804            required.  Since this can only be used by and called from
805            other modules, they will implicitly use this module, and
806            thus this can't be removed unless the other modules are
807            removed. */
808
809         if (handler == NULL)
810                 return -EINVAL;
811
812         /* Make sure the driver is actually initialized, this handles
813            problems with initialization order. */
814         if (!initialized) {
815                 rv = ipmi_init_msghandler();
816                 if (rv)
817                         return rv;
818
819                 /* The init code doesn't return an error if it was turned
820                    off, but it won't initialize.  Check that. */
821                 if (!initialized)
822                         return -ENODEV;
823         }
824
825         new_user = kmalloc(sizeof(*new_user), GFP_KERNEL);
826         if (!new_user)
827                 return -ENOMEM;
828
829         mutex_lock(&ipmi_interfaces_mutex);
830         list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
831                 if (intf->intf_num == if_num)
832                         goto found;
833         }
834         /* Not found, return an error */
835         rv = -EINVAL;
836         goto out_kfree;
837
838  found:
839         /* Note that each existing user holds a refcount to the interface. */
840         kref_get(&intf->refcount);
841
842         kref_init(&new_user->refcount);
843         new_user->handler = handler;
844         new_user->handler_data = handler_data;
845         new_user->intf = intf;
846         new_user->gets_events = 0;
847
848         if (!try_module_get(intf->handlers->owner)) {
849                 rv = -ENODEV;
850                 goto out_kref;
851         }
852
853         if (intf->handlers->inc_usecount) {
854                 rv = intf->handlers->inc_usecount(intf->send_info);
855                 if (rv) {
856                         module_put(intf->handlers->owner);
857                         goto out_kref;
858                 }
859         }
860
861         /* Hold the lock so intf->handlers is guaranteed to be good
862          * until now */
863         mutex_unlock(&ipmi_interfaces_mutex);
864
865         new_user->valid = 1;
866         spin_lock_irqsave(&intf->seq_lock, flags);
867         list_add_rcu(&new_user->link, &intf->users);
868         spin_unlock_irqrestore(&intf->seq_lock, flags);
869         *user = new_user;
870         return 0;
871
872 out_kref:
873         kref_put(&intf->refcount, intf_free);
874 out_kfree:
875         mutex_unlock(&ipmi_interfaces_mutex);
876         kfree(new_user);
877         return rv;
878 }
879
880 static void free_user(struct kref *ref)
881 {
882         ipmi_user_t user = container_of(ref, struct ipmi_user, refcount);
883         kfree(user);
884 }
885
886 int ipmi_destroy_user(ipmi_user_t user)
887 {
888         ipmi_smi_t       intf = user->intf;
889         int              i;
890         unsigned long    flags;
891         struct cmd_rcvr  *rcvr;
892         struct cmd_rcvr  *rcvrs = NULL;
893
894         user->valid = 0;
895
896         /* Remove the user from the interface's sequence table. */
897         spin_lock_irqsave(&intf->seq_lock, flags);
898         list_del_rcu(&user->link);
899
900         for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
901                 if (intf->seq_table[i].inuse
902                     && (intf->seq_table[i].recv_msg->user == user))
903                 {
904                         intf->seq_table[i].inuse = 0;
905                         ipmi_free_recv_msg(intf->seq_table[i].recv_msg);
906                 }
907         }
908         spin_unlock_irqrestore(&intf->seq_lock, flags);
909
910         /*
911          * Remove the user from the command receiver's table.  First
912          * we build a list of everything (not using the standard link,
913          * since other things may be using it till we do
914          * synchronize_rcu()) then free everything in that list.
915          */
916         mutex_lock(&intf->cmd_rcvrs_mutex);
917         list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
918                 if (rcvr->user == user) {
919                         list_del_rcu(&rcvr->link);
920                         rcvr->next = rcvrs;
921                         rcvrs = rcvr;
922                 }
923         }
924         mutex_unlock(&intf->cmd_rcvrs_mutex);
925         synchronize_rcu();
926         while (rcvrs) {
927                 rcvr = rcvrs;
928                 rcvrs = rcvr->next;
929                 kfree(rcvr);
930         }
931
932         mutex_lock(&ipmi_interfaces_mutex);
933         if (intf->handlers) {
934                 module_put(intf->handlers->owner);
935                 if (intf->handlers->dec_usecount)
936                         intf->handlers->dec_usecount(intf->send_info);
937         }
938         mutex_unlock(&ipmi_interfaces_mutex);
939
940         kref_put(&intf->refcount, intf_free);
941
942         kref_put(&user->refcount, free_user);
943
944         return 0;
945 }
946
947 void ipmi_get_version(ipmi_user_t   user,
948                       unsigned char *major,
949                       unsigned char *minor)
950 {
951         *major = user->intf->ipmi_version_major;
952         *minor = user->intf->ipmi_version_minor;
953 }
954
955 int ipmi_set_my_address(ipmi_user_t   user,
956                         unsigned int  channel,
957                         unsigned char address)
958 {
959         if (channel >= IPMI_MAX_CHANNELS)
960                 return -EINVAL;
961         user->intf->channels[channel].address = address;
962         return 0;
963 }
964
965 int ipmi_get_my_address(ipmi_user_t   user,
966                         unsigned int  channel,
967                         unsigned char *address)
968 {
969         if (channel >= IPMI_MAX_CHANNELS)
970                 return -EINVAL;
971         *address = user->intf->channels[channel].address;
972         return 0;
973 }
974
975 int ipmi_set_my_LUN(ipmi_user_t   user,
976                     unsigned int  channel,
977                     unsigned char LUN)
978 {
979         if (channel >= IPMI_MAX_CHANNELS)
980                 return -EINVAL;
981         user->intf->channels[channel].lun = LUN & 0x3;
982         return 0;
983 }
984
985 int ipmi_get_my_LUN(ipmi_user_t   user,
986                     unsigned int  channel,
987                     unsigned char *address)
988 {
989         if (channel >= IPMI_MAX_CHANNELS)
990                 return -EINVAL;
991         *address = user->intf->channels[channel].lun;
992         return 0;
993 }
994
995 int ipmi_get_maintenance_mode(ipmi_user_t user)
996 {
997         int           mode;
998         unsigned long flags;
999
1000         spin_lock_irqsave(&user->intf->maintenance_mode_lock, flags);
1001         mode = user->intf->maintenance_mode;
1002         spin_unlock_irqrestore(&user->intf->maintenance_mode_lock, flags);
1003
1004         return mode;
1005 }
1006 EXPORT_SYMBOL(ipmi_get_maintenance_mode);
1007
1008 static void maintenance_mode_update(ipmi_smi_t intf)
1009 {
1010         if (intf->handlers->set_maintenance_mode)
1011                 intf->handlers->set_maintenance_mode(
1012                         intf->send_info, intf->maintenance_mode_enable);
1013 }
1014
1015 int ipmi_set_maintenance_mode(ipmi_user_t user, int mode)
1016 {
1017         int           rv = 0;
1018         unsigned long flags;
1019         ipmi_smi_t    intf = user->intf;
1020
1021         spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
1022         if (intf->maintenance_mode != mode) {
1023                 switch (mode) {
1024                 case IPMI_MAINTENANCE_MODE_AUTO:
1025                         intf->maintenance_mode = mode;
1026                         intf->maintenance_mode_enable
1027                                 = (intf->auto_maintenance_timeout > 0);
1028                         break;
1029
1030                 case IPMI_MAINTENANCE_MODE_OFF:
1031                         intf->maintenance_mode = mode;
1032                         intf->maintenance_mode_enable = 0;
1033                         break;
1034
1035                 case IPMI_MAINTENANCE_MODE_ON:
1036                         intf->maintenance_mode = mode;
1037                         intf->maintenance_mode_enable = 1;
1038                         break;
1039
1040                 default:
1041                         rv = -EINVAL;
1042                         goto out_unlock;
1043                 }
1044
1045                 maintenance_mode_update(intf);
1046         }
1047  out_unlock:
1048         spin_unlock_irqrestore(&intf->maintenance_mode_lock, flags);
1049
1050         return rv;
1051 }
1052 EXPORT_SYMBOL(ipmi_set_maintenance_mode);
1053
1054 int ipmi_set_gets_events(ipmi_user_t user, int val)
1055 {
1056         unsigned long        flags;
1057         ipmi_smi_t           intf = user->intf;
1058         struct ipmi_recv_msg *msg, *msg2;
1059         struct list_head     msgs;
1060
1061         INIT_LIST_HEAD(&msgs);
1062
1063         spin_lock_irqsave(&intf->events_lock, flags);
1064         user->gets_events = val;
1065
1066         if (intf->delivering_events)
1067                 /*
1068                  * Another thread is delivering events for this, so
1069                  * let it handle any new events.
1070                  */
1071                 goto out;
1072
1073         /* Deliver any queued events. */
1074         while (user->gets_events && !list_empty(&intf->waiting_events)) {
1075                 list_for_each_entry_safe(msg, msg2, &intf->waiting_events, link)
1076                         list_move_tail(&msg->link, &msgs);
1077                 intf->waiting_events_count = 0;
1078
1079                 intf->delivering_events = 1;
1080                 spin_unlock_irqrestore(&intf->events_lock, flags);
1081
1082                 list_for_each_entry_safe(msg, msg2, &msgs, link) {
1083                         msg->user = user;
1084                         kref_get(&user->refcount);
1085                         deliver_response(msg);
1086                 }
1087
1088                 spin_lock_irqsave(&intf->events_lock, flags);
1089                 intf->delivering_events = 0;
1090         }
1091
1092  out:
1093         spin_unlock_irqrestore(&intf->events_lock, flags);
1094
1095         return 0;
1096 }
1097
1098 static struct cmd_rcvr *find_cmd_rcvr(ipmi_smi_t    intf,
1099                                       unsigned char netfn,
1100                                       unsigned char cmd,
1101                                       unsigned char chan)
1102 {
1103         struct cmd_rcvr *rcvr;
1104
1105         list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
1106                 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)
1107                                         && (rcvr->chans & (1 << chan)))
1108                         return rcvr;
1109         }
1110         return NULL;
1111 }
1112
1113 static int is_cmd_rcvr_exclusive(ipmi_smi_t    intf,
1114                                  unsigned char netfn,
1115                                  unsigned char cmd,
1116                                  unsigned int  chans)
1117 {
1118         struct cmd_rcvr *rcvr;
1119
1120         list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
1121                 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)
1122                                         && (rcvr->chans & chans))
1123                         return 0;
1124         }
1125         return 1;
1126 }
1127
1128 int ipmi_register_for_cmd(ipmi_user_t   user,
1129                           unsigned char netfn,
1130                           unsigned char cmd,
1131                           unsigned int  chans)
1132 {
1133         ipmi_smi_t      intf = user->intf;
1134         struct cmd_rcvr *rcvr;
1135         int             rv = 0;
1136
1137
1138         rcvr = kmalloc(sizeof(*rcvr), GFP_KERNEL);
1139         if (!rcvr)
1140                 return -ENOMEM;
1141         rcvr->cmd = cmd;
1142         rcvr->netfn = netfn;
1143         rcvr->chans = chans;
1144         rcvr->user = user;
1145
1146         mutex_lock(&intf->cmd_rcvrs_mutex);
1147         /* Make sure the command/netfn is not already registered. */
1148         if (!is_cmd_rcvr_exclusive(intf, netfn, cmd, chans)) {
1149                 rv = -EBUSY;
1150                 goto out_unlock;
1151         }
1152
1153         list_add_rcu(&rcvr->link, &intf->cmd_rcvrs);
1154
1155  out_unlock:
1156         mutex_unlock(&intf->cmd_rcvrs_mutex);
1157         if (rv)
1158                 kfree(rcvr);
1159
1160         return rv;
1161 }
1162
1163 int ipmi_unregister_for_cmd(ipmi_user_t   user,
1164                             unsigned char netfn,
1165                             unsigned char cmd,
1166                             unsigned int  chans)
1167 {
1168         ipmi_smi_t      intf = user->intf;
1169         struct cmd_rcvr *rcvr;
1170         struct cmd_rcvr *rcvrs = NULL;
1171         int i, rv = -ENOENT;
1172
1173         mutex_lock(&intf->cmd_rcvrs_mutex);
1174         for (i = 0; i < IPMI_NUM_CHANNELS; i++) {
1175                 if (((1 << i) & chans) == 0)
1176                         continue;
1177                 rcvr = find_cmd_rcvr(intf, netfn, cmd, i);
1178                 if (rcvr == NULL)
1179                         continue;
1180                 if (rcvr->user == user) {
1181                         rv = 0;
1182                         rcvr->chans &= ~chans;
1183                         if (rcvr->chans == 0) {
1184                                 list_del_rcu(&rcvr->link);
1185                                 rcvr->next = rcvrs;
1186                                 rcvrs = rcvr;
1187                         }
1188                 }
1189         }
1190         mutex_unlock(&intf->cmd_rcvrs_mutex);
1191         synchronize_rcu();
1192         while (rcvrs) {
1193                 rcvr = rcvrs;
1194                 rcvrs = rcvr->next;
1195                 kfree(rcvr);
1196         }
1197         return rv;
1198 }
1199
1200 void ipmi_user_set_run_to_completion(ipmi_user_t user, int val)
1201 {
1202         ipmi_smi_t intf = user->intf;
1203         if (intf->handlers)
1204                 intf->handlers->set_run_to_completion(intf->send_info, val);
1205 }
1206
1207 static unsigned char
1208 ipmb_checksum(unsigned char *data, int size)
1209 {
1210         unsigned char csum = 0;
1211         
1212         for (; size > 0; size--, data++)
1213                 csum += *data;
1214
1215         return -csum;
1216 }
1217
1218 static inline void format_ipmb_msg(struct ipmi_smi_msg   *smi_msg,
1219                                    struct kernel_ipmi_msg *msg,
1220                                    struct ipmi_ipmb_addr *ipmb_addr,
1221                                    long                  msgid,
1222                                    unsigned char         ipmb_seq,
1223                                    int                   broadcast,
1224                                    unsigned char         source_address,
1225                                    unsigned char         source_lun)
1226 {
1227         int i = broadcast;
1228
1229         /* Format the IPMB header data. */
1230         smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
1231         smi_msg->data[1] = IPMI_SEND_MSG_CMD;
1232         smi_msg->data[2] = ipmb_addr->channel;
1233         if (broadcast)
1234                 smi_msg->data[3] = 0;
1235         smi_msg->data[i+3] = ipmb_addr->slave_addr;
1236         smi_msg->data[i+4] = (msg->netfn << 2) | (ipmb_addr->lun & 0x3);
1237         smi_msg->data[i+5] = ipmb_checksum(&(smi_msg->data[i+3]), 2);
1238         smi_msg->data[i+6] = source_address;
1239         smi_msg->data[i+7] = (ipmb_seq << 2) | source_lun;
1240         smi_msg->data[i+8] = msg->cmd;
1241
1242         /* Now tack on the data to the message. */
1243         if (msg->data_len > 0)
1244                 memcpy(&(smi_msg->data[i+9]), msg->data,
1245                        msg->data_len);
1246         smi_msg->data_size = msg->data_len + 9;
1247
1248         /* Now calculate the checksum and tack it on. */
1249         smi_msg->data[i+smi_msg->data_size]
1250                 = ipmb_checksum(&(smi_msg->data[i+6]),
1251                                 smi_msg->data_size-6);
1252
1253         /* Add on the checksum size and the offset from the
1254            broadcast. */
1255         smi_msg->data_size += 1 + i;
1256
1257         smi_msg->msgid = msgid;
1258 }
1259
1260 static inline void format_lan_msg(struct ipmi_smi_msg   *smi_msg,
1261                                   struct kernel_ipmi_msg *msg,
1262                                   struct ipmi_lan_addr  *lan_addr,
1263                                   long                  msgid,
1264                                   unsigned char         ipmb_seq,
1265                                   unsigned char         source_lun)
1266 {
1267         /* Format the IPMB header data. */
1268         smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
1269         smi_msg->data[1] = IPMI_SEND_MSG_CMD;
1270         smi_msg->data[2] = lan_addr->channel;
1271         smi_msg->data[3] = lan_addr->session_handle;
1272         smi_msg->data[4] = lan_addr->remote_SWID;
1273         smi_msg->data[5] = (msg->netfn << 2) | (lan_addr->lun & 0x3);
1274         smi_msg->data[6] = ipmb_checksum(&(smi_msg->data[4]), 2);
1275         smi_msg->data[7] = lan_addr->local_SWID;
1276         smi_msg->data[8] = (ipmb_seq << 2) | source_lun;
1277         smi_msg->data[9] = msg->cmd;
1278
1279         /* Now tack on the data to the message. */
1280         if (msg->data_len > 0)
1281                 memcpy(&(smi_msg->data[10]), msg->data,
1282                        msg->data_len);
1283         smi_msg->data_size = msg->data_len + 10;
1284
1285         /* Now calculate the checksum and tack it on. */
1286         smi_msg->data[smi_msg->data_size]
1287                 = ipmb_checksum(&(smi_msg->data[7]),
1288                                 smi_msg->data_size-7);
1289
1290         /* Add on the checksum size and the offset from the
1291            broadcast. */
1292         smi_msg->data_size += 1;
1293
1294         smi_msg->msgid = msgid;
1295 }
1296
1297 /* Separate from ipmi_request so that the user does not have to be
1298    supplied in certain circumstances (mainly at panic time).  If
1299    messages are supplied, they will be freed, even if an error
1300    occurs. */
1301 static int i_ipmi_request(ipmi_user_t          user,
1302                           ipmi_smi_t           intf,
1303                           struct ipmi_addr     *addr,
1304                           long                 msgid,
1305                           struct kernel_ipmi_msg *msg,
1306                           void                 *user_msg_data,
1307                           void                 *supplied_smi,
1308                           struct ipmi_recv_msg *supplied_recv,
1309                           int                  priority,
1310                           unsigned char        source_address,
1311                           unsigned char        source_lun,
1312                           int                  retries,
1313                           unsigned int         retry_time_ms)
1314 {
1315         int                      rv = 0;
1316         struct ipmi_smi_msg      *smi_msg;
1317         struct ipmi_recv_msg     *recv_msg;
1318         unsigned long            flags;
1319         struct ipmi_smi_handlers *handlers;
1320
1321
1322         if (supplied_recv) {
1323                 recv_msg = supplied_recv;
1324         } else {
1325                 recv_msg = ipmi_alloc_recv_msg();
1326                 if (recv_msg == NULL) {
1327                         return -ENOMEM;
1328                 }
1329         }
1330         recv_msg->user_msg_data = user_msg_data;
1331
1332         if (supplied_smi) {
1333                 smi_msg = (struct ipmi_smi_msg *) supplied_smi;
1334         } else {
1335                 smi_msg = ipmi_alloc_smi_msg();
1336                 if (smi_msg == NULL) {
1337                         ipmi_free_recv_msg(recv_msg);
1338                         return -ENOMEM;
1339                 }
1340         }
1341
1342         rcu_read_lock();
1343         handlers = intf->handlers;
1344         if (!handlers) {
1345                 rv = -ENODEV;
1346                 goto out_err;
1347         }
1348
1349         recv_msg->user = user;
1350         if (user)
1351                 kref_get(&user->refcount);
1352         recv_msg->msgid = msgid;
1353         /* Store the message to send in the receive message so timeout
1354            responses can get the proper response data. */
1355         recv_msg->msg = *msg;
1356
1357         if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
1358                 struct ipmi_system_interface_addr *smi_addr;
1359
1360                 if (msg->netfn & 1) {
1361                         /* Responses are not allowed to the SMI. */
1362                         rv = -EINVAL;
1363                         goto out_err;
1364                 }
1365
1366                 smi_addr = (struct ipmi_system_interface_addr *) addr;
1367                 if (smi_addr->lun > 3) {
1368                         spin_lock_irqsave(&intf->counter_lock, flags);
1369                         intf->sent_invalid_commands++;
1370                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1371                         rv = -EINVAL;
1372                         goto out_err;
1373                 }
1374
1375                 memcpy(&recv_msg->addr, smi_addr, sizeof(*smi_addr));
1376
1377                 if ((msg->netfn == IPMI_NETFN_APP_REQUEST)
1378                     && ((msg->cmd == IPMI_SEND_MSG_CMD)
1379                         || (msg->cmd == IPMI_GET_MSG_CMD)
1380                         || (msg->cmd == IPMI_READ_EVENT_MSG_BUFFER_CMD)))
1381                 {
1382                         /* We don't let the user do these, since we manage
1383                            the sequence numbers. */
1384                         spin_lock_irqsave(&intf->counter_lock, flags);
1385                         intf->sent_invalid_commands++;
1386                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1387                         rv = -EINVAL;
1388                         goto out_err;
1389                 }
1390
1391                 if (((msg->netfn == IPMI_NETFN_APP_REQUEST)
1392                       && ((msg->cmd == IPMI_COLD_RESET_CMD)
1393                           || (msg->cmd == IPMI_WARM_RESET_CMD)))
1394                      || (msg->netfn == IPMI_NETFN_FIRMWARE_REQUEST))
1395                 {
1396                         spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
1397                         intf->auto_maintenance_timeout
1398                                 = IPMI_MAINTENANCE_MODE_TIMEOUT;
1399                         if (!intf->maintenance_mode
1400                             && !intf->maintenance_mode_enable)
1401                         {
1402                                 intf->maintenance_mode_enable = 1;
1403                                 maintenance_mode_update(intf);
1404                         }
1405                         spin_unlock_irqrestore(&intf->maintenance_mode_lock,
1406                                                flags);
1407                 }
1408
1409                 if ((msg->data_len + 2) > IPMI_MAX_MSG_LENGTH) {
1410                         spin_lock_irqsave(&intf->counter_lock, flags);
1411                         intf->sent_invalid_commands++;
1412                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1413                         rv = -EMSGSIZE;
1414                         goto out_err;
1415                 }
1416
1417                 smi_msg->data[0] = (msg->netfn << 2) | (smi_addr->lun & 0x3);
1418                 smi_msg->data[1] = msg->cmd;
1419                 smi_msg->msgid = msgid;
1420                 smi_msg->user_data = recv_msg;
1421                 if (msg->data_len > 0)
1422                         memcpy(&(smi_msg->data[2]), msg->data, msg->data_len);
1423                 smi_msg->data_size = msg->data_len + 2;
1424                 spin_lock_irqsave(&intf->counter_lock, flags);
1425                 intf->sent_local_commands++;
1426                 spin_unlock_irqrestore(&intf->counter_lock, flags);
1427         } else if ((addr->addr_type == IPMI_IPMB_ADDR_TYPE)
1428                    || (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
1429         {
1430                 struct ipmi_ipmb_addr *ipmb_addr;
1431                 unsigned char         ipmb_seq;
1432                 long                  seqid;
1433                 int                   broadcast = 0;
1434
1435                 if (addr->channel >= IPMI_MAX_CHANNELS) {
1436                         spin_lock_irqsave(&intf->counter_lock, flags);
1437                         intf->sent_invalid_commands++;
1438                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1439                         rv = -EINVAL;
1440                         goto out_err;
1441                 }
1442
1443                 if (intf->channels[addr->channel].medium
1444                     != IPMI_CHANNEL_MEDIUM_IPMB)
1445                 {
1446                         spin_lock_irqsave(&intf->counter_lock, flags);
1447                         intf->sent_invalid_commands++;
1448                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1449                         rv = -EINVAL;
1450                         goto out_err;
1451                 }
1452
1453                 if (retries < 0) {
1454                     if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)
1455                         retries = 0; /* Don't retry broadcasts. */
1456                     else
1457                         retries = 4;
1458                 }
1459                 if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE) {
1460                     /* Broadcasts add a zero at the beginning of the
1461                        message, but otherwise is the same as an IPMB
1462                        address. */
1463                     addr->addr_type = IPMI_IPMB_ADDR_TYPE;
1464                     broadcast = 1;
1465                 }
1466
1467
1468                 /* Default to 1 second retries. */
1469                 if (retry_time_ms == 0)
1470                     retry_time_ms = 1000;
1471
1472                 /* 9 for the header and 1 for the checksum, plus
1473                    possibly one for the broadcast. */
1474                 if ((msg->data_len + 10 + broadcast) > IPMI_MAX_MSG_LENGTH) {
1475                         spin_lock_irqsave(&intf->counter_lock, flags);
1476                         intf->sent_invalid_commands++;
1477                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1478                         rv = -EMSGSIZE;
1479                         goto out_err;
1480                 }
1481
1482                 ipmb_addr = (struct ipmi_ipmb_addr *) addr;
1483                 if (ipmb_addr->lun > 3) {
1484                         spin_lock_irqsave(&intf->counter_lock, flags);
1485                         intf->sent_invalid_commands++;
1486                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1487                         rv = -EINVAL;
1488                         goto out_err;
1489                 }
1490
1491                 memcpy(&recv_msg->addr, ipmb_addr, sizeof(*ipmb_addr));
1492
1493                 if (recv_msg->msg.netfn & 0x1) {
1494                         /* It's a response, so use the user's sequence
1495                            from msgid. */
1496                         spin_lock_irqsave(&intf->counter_lock, flags);
1497                         intf->sent_ipmb_responses++;
1498                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1499                         format_ipmb_msg(smi_msg, msg, ipmb_addr, msgid,
1500                                         msgid, broadcast,
1501                                         source_address, source_lun);
1502
1503                         /* Save the receive message so we can use it
1504                            to deliver the response. */
1505                         smi_msg->user_data = recv_msg;
1506                 } else {
1507                         /* It's a command, so get a sequence for it. */
1508
1509                         spin_lock_irqsave(&(intf->seq_lock), flags);
1510
1511                         spin_lock(&intf->counter_lock);
1512                         intf->sent_ipmb_commands++;
1513                         spin_unlock(&intf->counter_lock);
1514
1515                         /* Create a sequence number with a 1 second
1516                            timeout and 4 retries. */
1517                         rv = intf_next_seq(intf,
1518                                            recv_msg,
1519                                            retry_time_ms,
1520                                            retries,
1521                                            broadcast,
1522                                            &ipmb_seq,
1523                                            &seqid);
1524                         if (rv) {
1525                                 /* We have used up all the sequence numbers,
1526                                    probably, so abort. */
1527                                 spin_unlock_irqrestore(&(intf->seq_lock),
1528                                                        flags);
1529                                 goto out_err;
1530                         }
1531
1532                         /* Store the sequence number in the message,
1533                            so that when the send message response
1534                            comes back we can start the timer. */
1535                         format_ipmb_msg(smi_msg, msg, ipmb_addr,
1536                                         STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
1537                                         ipmb_seq, broadcast,
1538                                         source_address, source_lun);
1539
1540                         /* Copy the message into the recv message data, so we
1541                            can retransmit it later if necessary. */
1542                         memcpy(recv_msg->msg_data, smi_msg->data,
1543                                smi_msg->data_size);
1544                         recv_msg->msg.data = recv_msg->msg_data;
1545                         recv_msg->msg.data_len = smi_msg->data_size;
1546
1547                         /* We don't unlock until here, because we need
1548                            to copy the completed message into the
1549                            recv_msg before we release the lock.
1550                            Otherwise, race conditions may bite us.  I
1551                            know that's pretty paranoid, but I prefer
1552                            to be correct. */
1553                         spin_unlock_irqrestore(&(intf->seq_lock), flags);
1554                 }
1555         } else if (addr->addr_type == IPMI_LAN_ADDR_TYPE) {
1556                 struct ipmi_lan_addr  *lan_addr;
1557                 unsigned char         ipmb_seq;
1558                 long                  seqid;
1559
1560                 if (addr->channel >= IPMI_MAX_CHANNELS) {
1561                         spin_lock_irqsave(&intf->counter_lock, flags);
1562                         intf->sent_invalid_commands++;
1563                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1564                         rv = -EINVAL;
1565                         goto out_err;
1566                 }
1567
1568                 if ((intf->channels[addr->channel].medium
1569                     != IPMI_CHANNEL_MEDIUM_8023LAN)
1570                     && (intf->channels[addr->channel].medium
1571                         != IPMI_CHANNEL_MEDIUM_ASYNC))
1572                 {
1573                         spin_lock_irqsave(&intf->counter_lock, flags);
1574                         intf->sent_invalid_commands++;
1575                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1576                         rv = -EINVAL;
1577                         goto out_err;
1578                 }
1579
1580                 retries = 4;
1581
1582                 /* Default to 1 second retries. */
1583                 if (retry_time_ms == 0)
1584                     retry_time_ms = 1000;
1585
1586                 /* 11 for the header and 1 for the checksum. */
1587                 if ((msg->data_len + 12) > IPMI_MAX_MSG_LENGTH) {
1588                         spin_lock_irqsave(&intf->counter_lock, flags);
1589                         intf->sent_invalid_commands++;
1590                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1591                         rv = -EMSGSIZE;
1592                         goto out_err;
1593                 }
1594
1595                 lan_addr = (struct ipmi_lan_addr *) addr;
1596                 if (lan_addr->lun > 3) {
1597                         spin_lock_irqsave(&intf->counter_lock, flags);
1598                         intf->sent_invalid_commands++;
1599                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1600                         rv = -EINVAL;
1601                         goto out_err;
1602                 }
1603
1604                 memcpy(&recv_msg->addr, lan_addr, sizeof(*lan_addr));
1605
1606                 if (recv_msg->msg.netfn & 0x1) {
1607                         /* It's a response, so use the user's sequence
1608                            from msgid. */
1609                         spin_lock_irqsave(&intf->counter_lock, flags);
1610                         intf->sent_lan_responses++;
1611                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1612                         format_lan_msg(smi_msg, msg, lan_addr, msgid,
1613                                        msgid, source_lun);
1614
1615                         /* Save the receive message so we can use it
1616                            to deliver the response. */
1617                         smi_msg->user_data = recv_msg;
1618                 } else {
1619                         /* It's a command, so get a sequence for it. */
1620
1621                         spin_lock_irqsave(&(intf->seq_lock), flags);
1622
1623                         spin_lock(&intf->counter_lock);
1624                         intf->sent_lan_commands++;
1625                         spin_unlock(&intf->counter_lock);
1626
1627                         /* Create a sequence number with a 1 second
1628                            timeout and 4 retries. */
1629                         rv = intf_next_seq(intf,
1630                                            recv_msg,
1631                                            retry_time_ms,
1632                                            retries,
1633                                            0,
1634                                            &ipmb_seq,
1635                                            &seqid);
1636                         if (rv) {
1637                                 /* We have used up all the sequence numbers,
1638                                    probably, so abort. */
1639                                 spin_unlock_irqrestore(&(intf->seq_lock),
1640                                                        flags);
1641                                 goto out_err;
1642                         }
1643
1644                         /* Store the sequence number in the message,
1645                            so that when the send message response
1646                            comes back we can start the timer. */
1647                         format_lan_msg(smi_msg, msg, lan_addr,
1648                                        STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
1649                                        ipmb_seq, source_lun);
1650
1651                         /* Copy the message into the recv message data, so we
1652                            can retransmit it later if necessary. */
1653                         memcpy(recv_msg->msg_data, smi_msg->data,
1654                                smi_msg->data_size);
1655                         recv_msg->msg.data = recv_msg->msg_data;
1656                         recv_msg->msg.data_len = smi_msg->data_size;
1657
1658                         /* We don't unlock until here, because we need
1659                            to copy the completed message into the
1660                            recv_msg before we release the lock.
1661                            Otherwise, race conditions may bite us.  I
1662                            know that's pretty paranoid, but I prefer
1663                            to be correct. */
1664                         spin_unlock_irqrestore(&(intf->seq_lock), flags);
1665                 }
1666         } else {
1667             /* Unknown address type. */
1668                 spin_lock_irqsave(&intf->counter_lock, flags);
1669                 intf->sent_invalid_commands++;
1670                 spin_unlock_irqrestore(&intf->counter_lock, flags);
1671                 rv = -EINVAL;
1672                 goto out_err;
1673         }
1674
1675 #ifdef DEBUG_MSGING
1676         {
1677                 int m;
1678                 for (m = 0; m < smi_msg->data_size; m++)
1679                         printk(" %2.2x", smi_msg->data[m]);
1680                 printk("\n");
1681         }
1682 #endif
1683
1684         handlers->sender(intf->send_info, smi_msg, priority);
1685         rcu_read_unlock();
1686
1687         return 0;
1688
1689  out_err:
1690         rcu_read_unlock();
1691         ipmi_free_smi_msg(smi_msg);
1692         ipmi_free_recv_msg(recv_msg);
1693         return rv;
1694 }
1695
1696 static int check_addr(ipmi_smi_t       intf,
1697                       struct ipmi_addr *addr,
1698                       unsigned char    *saddr,
1699                       unsigned char    *lun)
1700 {
1701         if (addr->channel >= IPMI_MAX_CHANNELS)
1702                 return -EINVAL;
1703         *lun = intf->channels[addr->channel].lun;
1704         *saddr = intf->channels[addr->channel].address;
1705         return 0;
1706 }
1707
1708 int ipmi_request_settime(ipmi_user_t      user,
1709                          struct ipmi_addr *addr,
1710                          long             msgid,
1711                          struct kernel_ipmi_msg  *msg,
1712                          void             *user_msg_data,
1713                          int              priority,
1714                          int              retries,
1715                          unsigned int     retry_time_ms)
1716 {
1717         unsigned char saddr, lun;
1718         int           rv;
1719
1720         if (!user)
1721                 return -EINVAL;
1722         rv = check_addr(user->intf, addr, &saddr, &lun);
1723         if (rv)
1724                 return rv;
1725         return i_ipmi_request(user,
1726                               user->intf,
1727                               addr,
1728                               msgid,
1729                               msg,
1730                               user_msg_data,
1731                               NULL, NULL,
1732                               priority,
1733                               saddr,
1734                               lun,
1735                               retries,
1736                               retry_time_ms);
1737 }
1738
1739 int ipmi_request_supply_msgs(ipmi_user_t          user,
1740                              struct ipmi_addr     *addr,
1741                              long                 msgid,
1742                              struct kernel_ipmi_msg *msg,
1743                              void                 *user_msg_data,
1744                              void                 *supplied_smi,
1745                              struct ipmi_recv_msg *supplied_recv,
1746                              int                  priority)
1747 {
1748         unsigned char saddr, lun;
1749         int           rv;
1750
1751         if (!user)
1752                 return -EINVAL;
1753         rv = check_addr(user->intf, addr, &saddr, &lun);
1754         if (rv)
1755                 return rv;
1756         return i_ipmi_request(user,
1757                               user->intf,
1758                               addr,
1759                               msgid,
1760                               msg,
1761                               user_msg_data,
1762                               supplied_smi,
1763                               supplied_recv,
1764                               priority,
1765                               saddr,
1766                               lun,
1767                               -1, 0);
1768 }
1769
1770 #ifdef CONFIG_PROC_FS
1771 static int ipmb_file_read_proc(char *page, char **start, off_t off,
1772                                int count, int *eof, void *data)
1773 {
1774         char       *out = (char *) page;
1775         ipmi_smi_t intf = data;
1776         int        i;
1777         int        rv = 0;
1778
1779         for (i = 0; i < IPMI_MAX_CHANNELS; i++)
1780                 rv += sprintf(out+rv, "%x ", intf->channels[i].address);
1781         out[rv-1] = '\n'; /* Replace the final space with a newline */
1782         out[rv] = '\0';
1783         rv++;
1784         return rv;
1785 }
1786
1787 static int version_file_read_proc(char *page, char **start, off_t off,
1788                                   int count, int *eof, void *data)
1789 {
1790         char       *out = (char *) page;
1791         ipmi_smi_t intf = data;
1792
1793         return sprintf(out, "%d.%d\n",
1794                        ipmi_version_major(&intf->bmc->id),
1795                        ipmi_version_minor(&intf->bmc->id));
1796 }
1797
1798 static int stat_file_read_proc(char *page, char **start, off_t off,
1799                                int count, int *eof, void *data)
1800 {
1801         char       *out = (char *) page;
1802         ipmi_smi_t intf = data;
1803
1804         out += sprintf(out, "sent_invalid_commands:       %d\n",
1805                        intf->sent_invalid_commands);
1806         out += sprintf(out, "sent_local_commands:         %d\n",
1807                        intf->sent_local_commands);
1808         out += sprintf(out, "handled_local_responses:     %d\n",
1809                        intf->handled_local_responses);
1810         out += sprintf(out, "unhandled_local_responses:   %d\n",
1811                        intf->unhandled_local_responses);
1812         out += sprintf(out, "sent_ipmb_commands:          %d\n",
1813                        intf->sent_ipmb_commands);
1814         out += sprintf(out, "sent_ipmb_command_errs:      %d\n",
1815                        intf->sent_ipmb_command_errs);
1816         out += sprintf(out, "retransmitted_ipmb_commands: %d\n",
1817                        intf->retransmitted_ipmb_commands);
1818         out += sprintf(out, "timed_out_ipmb_commands:     %d\n",
1819                        intf->timed_out_ipmb_commands);
1820         out += sprintf(out, "timed_out_ipmb_broadcasts:   %d\n",
1821                        intf->timed_out_ipmb_broadcasts);
1822         out += sprintf(out, "sent_ipmb_responses:         %d\n",
1823                        intf->sent_ipmb_responses);
1824         out += sprintf(out, "handled_ipmb_responses:      %d\n",
1825                        intf->handled_ipmb_responses);
1826         out += sprintf(out, "invalid_ipmb_responses:      %d\n",
1827                        intf->invalid_ipmb_responses);
1828         out += sprintf(out, "unhandled_ipmb_responses:    %d\n",
1829                        intf->unhandled_ipmb_responses);
1830         out += sprintf(out, "sent_lan_commands:           %d\n",
1831                        intf->sent_lan_commands);
1832         out += sprintf(out, "sent_lan_command_errs:       %d\n",
1833                        intf->sent_lan_command_errs);
1834         out += sprintf(out, "retransmitted_lan_commands:  %d\n",
1835                        intf->retransmitted_lan_commands);
1836         out += sprintf(out, "timed_out_lan_commands:      %d\n",
1837                        intf->timed_out_lan_commands);
1838         out += sprintf(out, "sent_lan_responses:          %d\n",
1839                        intf->sent_lan_responses);
1840         out += sprintf(out, "handled_lan_responses:       %d\n",
1841                        intf->handled_lan_responses);
1842         out += sprintf(out, "invalid_lan_responses:       %d\n",
1843                        intf->invalid_lan_responses);
1844         out += sprintf(out, "unhandled_lan_responses:     %d\n",
1845                        intf->unhandled_lan_responses);
1846         out += sprintf(out, "handled_commands:            %d\n",
1847                        intf->handled_commands);
1848         out += sprintf(out, "invalid_commands:            %d\n",
1849                        intf->invalid_commands);
1850         out += sprintf(out, "unhandled_commands:          %d\n",
1851                        intf->unhandled_commands);
1852         out += sprintf(out, "invalid_events:              %d\n",
1853                        intf->invalid_events);
1854         out += sprintf(out, "events:                      %d\n",
1855                        intf->events);
1856
1857         return (out - ((char *) page));
1858 }
1859 #endif /* CONFIG_PROC_FS */
1860
1861 int ipmi_smi_add_proc_entry(ipmi_smi_t smi, char *name,
1862                             read_proc_t *read_proc, write_proc_t *write_proc,
1863                             void *data, struct module *owner)
1864 {
1865         int                    rv = 0;
1866 #ifdef CONFIG_PROC_FS
1867         struct proc_dir_entry  *file;
1868         struct ipmi_proc_entry *entry;
1869
1870         /* Create a list element. */
1871         entry = kmalloc(sizeof(*entry), GFP_KERNEL);
1872         if (!entry)
1873                 return -ENOMEM;
1874         entry->name = kmalloc(strlen(name)+1, GFP_KERNEL);
1875         if (!entry->name) {
1876                 kfree(entry);
1877                 return -ENOMEM;
1878         }
1879         strcpy(entry->name, name);
1880
1881         file = create_proc_entry(name, 0, smi->proc_dir);
1882         if (!file) {
1883                 kfree(entry->name);
1884                 kfree(entry);
1885                 rv = -ENOMEM;
1886         } else {
1887                 file->data = data;
1888                 file->read_proc = read_proc;
1889                 file->write_proc = write_proc;
1890                 file->owner = owner;
1891
1892                 mutex_lock(&smi->proc_entry_lock);
1893                 /* Stick it on the list. */
1894                 entry->next = smi->proc_entries;
1895                 smi->proc_entries = entry;
1896                 mutex_unlock(&smi->proc_entry_lock);
1897         }
1898 #endif /* CONFIG_PROC_FS */
1899
1900         return rv;
1901 }
1902
1903 static int add_proc_entries(ipmi_smi_t smi, int num)
1904 {
1905         int rv = 0;
1906
1907 #ifdef CONFIG_PROC_FS
1908         sprintf(smi->proc_dir_name, "%d", num);
1909         smi->proc_dir = proc_mkdir(smi->proc_dir_name, proc_ipmi_root);
1910         if (!smi->proc_dir)
1911                 rv = -ENOMEM;
1912         else {
1913                 smi->proc_dir->owner = THIS_MODULE;
1914         }
1915
1916         if (rv == 0)
1917                 rv = ipmi_smi_add_proc_entry(smi, "stats",
1918                                              stat_file_read_proc, NULL,
1919                                              smi, THIS_MODULE);
1920
1921         if (rv == 0)
1922                 rv = ipmi_smi_add_proc_entry(smi, "ipmb",
1923                                              ipmb_file_read_proc, NULL,
1924                                              smi, THIS_MODULE);
1925
1926         if (rv == 0)
1927                 rv = ipmi_smi_add_proc_entry(smi, "version",
1928                                              version_file_read_proc, NULL,
1929                                              smi, THIS_MODULE);
1930 #endif /* CONFIG_PROC_FS */
1931
1932         return rv;
1933 }
1934
1935 static void remove_proc_entries(ipmi_smi_t smi)
1936 {
1937 #ifdef CONFIG_PROC_FS
1938         struct ipmi_proc_entry *entry;
1939
1940         mutex_lock(&smi->proc_entry_lock);
1941         while (smi->proc_entries) {
1942                 entry = smi->proc_entries;
1943                 smi->proc_entries = entry->next;
1944
1945                 remove_proc_entry(entry->name, smi->proc_dir);
1946                 kfree(entry->name);
1947                 kfree(entry);
1948         }
1949         mutex_unlock(&smi->proc_entry_lock);
1950         remove_proc_entry(smi->proc_dir_name, proc_ipmi_root);
1951 #endif /* CONFIG_PROC_FS */
1952 }
1953
1954 static int __find_bmc_guid(struct device *dev, void *data)
1955 {
1956         unsigned char *id = data;
1957         struct bmc_device *bmc = dev_get_drvdata(dev);
1958         return memcmp(bmc->guid, id, 16) == 0;
1959 }
1960
1961 static struct bmc_device *ipmi_find_bmc_guid(struct device_driver *drv,
1962                                              unsigned char *guid)
1963 {
1964         struct device *dev;
1965
1966         dev = driver_find_device(drv, NULL, guid, __find_bmc_guid);
1967         if (dev)
1968                 return dev_get_drvdata(dev);
1969         else
1970                 return NULL;
1971 }
1972
1973 struct prod_dev_id {
1974         unsigned int  product_id;
1975         unsigned char device_id;
1976 };
1977
1978 static int __find_bmc_prod_dev_id(struct device *dev, void *data)
1979 {
1980         struct prod_dev_id *id = data;
1981         struct bmc_device *bmc = dev_get_drvdata(dev);
1982
1983         return (bmc->id.product_id == id->product_id
1984                 && bmc->id.device_id == id->device_id);
1985 }
1986
1987 static struct bmc_device *ipmi_find_bmc_prod_dev_id(
1988         struct device_driver *drv,
1989         unsigned int product_id, unsigned char device_id)
1990 {
1991         struct prod_dev_id id = {
1992                 .product_id = product_id,
1993                 .device_id = device_id,
1994         };
1995         struct device *dev;
1996
1997         dev = driver_find_device(drv, NULL, &id, __find_bmc_prod_dev_id);
1998         if (dev)
1999                 return dev_get_drvdata(dev);
2000         else
2001                 return NULL;
2002 }
2003
2004 static ssize_t device_id_show(struct device *dev,
2005                               struct device_attribute *attr,
2006                               char *buf)
2007 {
2008         struct bmc_device *bmc = dev_get_drvdata(dev);
2009
2010         return snprintf(buf, 10, "%u\n", bmc->id.device_id);
2011 }
2012
2013 static ssize_t provides_dev_sdrs_show(struct device *dev,
2014                                       struct device_attribute *attr,
2015                                       char *buf)
2016 {
2017         struct bmc_device *bmc = dev_get_drvdata(dev);
2018
2019         return snprintf(buf, 10, "%u\n",
2020                         (bmc->id.device_revision & 0x80) >> 7);
2021 }
2022
2023 static ssize_t revision_show(struct device *dev, struct device_attribute *attr,
2024                              char *buf)
2025 {
2026         struct bmc_device *bmc = dev_get_drvdata(dev);
2027
2028         return snprintf(buf, 20, "%u\n",
2029                         bmc->id.device_revision & 0x0F);
2030 }
2031
2032 static ssize_t firmware_rev_show(struct device *dev,
2033                                  struct device_attribute *attr,
2034                                  char *buf)
2035 {
2036         struct bmc_device *bmc = dev_get_drvdata(dev);
2037
2038         return snprintf(buf, 20, "%u.%x\n", bmc->id.firmware_revision_1,
2039                         bmc->id.firmware_revision_2);
2040 }
2041
2042 static ssize_t ipmi_version_show(struct device *dev,
2043                                  struct device_attribute *attr,
2044                                  char *buf)
2045 {
2046         struct bmc_device *bmc = dev_get_drvdata(dev);
2047
2048         return snprintf(buf, 20, "%u.%u\n",
2049                         ipmi_version_major(&bmc->id),
2050                         ipmi_version_minor(&bmc->id));
2051 }
2052
2053 static ssize_t add_dev_support_show(struct device *dev,
2054                                     struct device_attribute *attr,
2055                                     char *buf)
2056 {
2057         struct bmc_device *bmc = dev_get_drvdata(dev);
2058
2059         return snprintf(buf, 10, "0x%02x\n",
2060                         bmc->id.additional_device_support);
2061 }
2062
2063 static ssize_t manufacturer_id_show(struct device *dev,
2064                                     struct device_attribute *attr,
2065                                     char *buf)
2066 {
2067         struct bmc_device *bmc = dev_get_drvdata(dev);
2068
2069         return snprintf(buf, 20, "0x%6.6x\n", bmc->id.manufacturer_id);
2070 }
2071
2072 static ssize_t product_id_show(struct device *dev,
2073                                struct device_attribute *attr,
2074                                char *buf)
2075 {
2076         struct bmc_device *bmc = dev_get_drvdata(dev);
2077
2078         return snprintf(buf, 10, "0x%4.4x\n", bmc->id.product_id);
2079 }
2080
2081 static ssize_t aux_firmware_rev_show(struct device *dev,
2082                                      struct device_attribute *attr,
2083                                      char *buf)
2084 {
2085         struct bmc_device *bmc = dev_get_drvdata(dev);
2086
2087         return snprintf(buf, 21, "0x%02x 0x%02x 0x%02x 0x%02x\n",
2088                         bmc->id.aux_firmware_revision[3],
2089                         bmc->id.aux_firmware_revision[2],
2090                         bmc->id.aux_firmware_revision[1],
2091                         bmc->id.aux_firmware_revision[0]);
2092 }
2093
2094 static ssize_t guid_show(struct device *dev, struct device_attribute *attr,
2095                          char *buf)
2096 {
2097         struct bmc_device *bmc = dev_get_drvdata(dev);
2098
2099         return snprintf(buf, 100, "%Lx%Lx\n",
2100                         (long long) bmc->guid[0],
2101                         (long long) bmc->guid[8]);
2102 }
2103
2104 static void remove_files(struct bmc_device *bmc)
2105 {
2106         if (!bmc->dev)
2107                 return;
2108
2109         device_remove_file(&bmc->dev->dev,
2110                            &bmc->device_id_attr);
2111         device_remove_file(&bmc->dev->dev,
2112                            &bmc->provides_dev_sdrs_attr);
2113         device_remove_file(&bmc->dev->dev,
2114                            &bmc->revision_attr);
2115         device_remove_file(&bmc->dev->dev,
2116                            &bmc->firmware_rev_attr);
2117         device_remove_file(&bmc->dev->dev,
2118                            &bmc->version_attr);
2119         device_remove_file(&bmc->dev->dev,
2120                            &bmc->add_dev_support_attr);
2121         device_remove_file(&bmc->dev->dev,
2122                            &bmc->manufacturer_id_attr);
2123         device_remove_file(&bmc->dev->dev,
2124                            &bmc->product_id_attr);
2125
2126         if (bmc->id.aux_firmware_revision_set)
2127                 device_remove_file(&bmc->dev->dev,
2128                                    &bmc->aux_firmware_rev_attr);
2129         if (bmc->guid_set)
2130                 device_remove_file(&bmc->dev->dev,
2131                                    &bmc->guid_attr);
2132 }
2133
2134 static void
2135 cleanup_bmc_device(struct kref *ref)
2136 {
2137         struct bmc_device *bmc;
2138
2139         bmc = container_of(ref, struct bmc_device, refcount);
2140
2141         remove_files(bmc);
2142         platform_device_unregister(bmc->dev);
2143         kfree(bmc);
2144 }
2145
2146 static void ipmi_bmc_unregister(ipmi_smi_t intf)
2147 {
2148         struct bmc_device *bmc = intf->bmc;
2149
2150         if (intf->sysfs_name) {
2151                 sysfs_remove_link(&intf->si_dev->kobj, intf->sysfs_name);
2152                 kfree(intf->sysfs_name);
2153                 intf->sysfs_name = NULL;
2154         }
2155         if (intf->my_dev_name) {
2156                 sysfs_remove_link(&bmc->dev->dev.kobj, intf->my_dev_name);
2157                 kfree(intf->my_dev_name);
2158                 intf->my_dev_name = NULL;
2159         }
2160
2161         mutex_lock(&ipmidriver_mutex);
2162         kref_put(&bmc->refcount, cleanup_bmc_device);
2163         intf->bmc = NULL;
2164         mutex_unlock(&ipmidriver_mutex);
2165 }
2166
2167 static int create_files(struct bmc_device *bmc)
2168 {
2169         int err;
2170
2171         bmc->device_id_attr.attr.name = "device_id";
2172         bmc->device_id_attr.attr.mode = S_IRUGO;
2173         bmc->device_id_attr.show = device_id_show;
2174
2175         bmc->provides_dev_sdrs_attr.attr.name = "provides_device_sdrs";
2176         bmc->provides_dev_sdrs_attr.attr.mode = S_IRUGO;
2177         bmc->provides_dev_sdrs_attr.show = provides_dev_sdrs_show;
2178
2179         bmc->revision_attr.attr.name = "revision";
2180         bmc->revision_attr.attr.mode = S_IRUGO;
2181         bmc->revision_attr.show = revision_show;
2182
2183         bmc->firmware_rev_attr.attr.name = "firmware_revision";
2184         bmc->firmware_rev_attr.attr.mode = S_IRUGO;
2185         bmc->firmware_rev_attr.show = firmware_rev_show;
2186
2187         bmc->version_attr.attr.name = "ipmi_version";
2188         bmc->version_attr.attr.mode = S_IRUGO;
2189         bmc->version_attr.show = ipmi_version_show;
2190
2191         bmc->add_dev_support_attr.attr.name = "additional_device_support";
2192         bmc->add_dev_support_attr.attr.mode = S_IRUGO;
2193         bmc->add_dev_support_attr.show = add_dev_support_show;
2194
2195         bmc->manufacturer_id_attr.attr.name = "manufacturer_id";
2196         bmc->manufacturer_id_attr.attr.mode = S_IRUGO;
2197         bmc->manufacturer_id_attr.show = manufacturer_id_show;
2198
2199         bmc->product_id_attr.attr.name = "product_id";
2200         bmc->product_id_attr.attr.mode = S_IRUGO;
2201         bmc->product_id_attr.show = product_id_show;
2202
2203         bmc->guid_attr.attr.name = "guid";
2204         bmc->guid_attr.attr.mode = S_IRUGO;
2205         bmc->guid_attr.show = guid_show;
2206
2207         bmc->aux_firmware_rev_attr.attr.name = "aux_firmware_revision";
2208         bmc->aux_firmware_rev_attr.attr.mode = S_IRUGO;
2209         bmc->aux_firmware_rev_attr.show = aux_firmware_rev_show;
2210
2211         err = device_create_file(&bmc->dev->dev,
2212                            &bmc->device_id_attr);
2213         if (err) goto out;
2214         err = device_create_file(&bmc->dev->dev,
2215                            &bmc->provides_dev_sdrs_attr);
2216         if (err) goto out_devid;
2217         err = device_create_file(&bmc->dev->dev,
2218                            &bmc->revision_attr);
2219         if (err) goto out_sdrs;
2220         err = device_create_file(&bmc->dev->dev,
2221                            &bmc->firmware_rev_attr);
2222         if (err) goto out_rev;
2223         err = device_create_file(&bmc->dev->dev,
2224                            &bmc->version_attr);
2225         if (err) goto out_firm;
2226         err = device_create_file(&bmc->dev->dev,
2227                            &bmc->add_dev_support_attr);
2228         if (err) goto out_version;
2229         err = device_create_file(&bmc->dev->dev,
2230                            &bmc->manufacturer_id_attr);
2231         if (err) goto out_add_dev;
2232         err = device_create_file(&bmc->dev->dev,
2233                            &bmc->product_id_attr);
2234         if (err) goto out_manu;
2235         if (bmc->id.aux_firmware_revision_set) {
2236                 err = device_create_file(&bmc->dev->dev,
2237                                    &bmc->aux_firmware_rev_attr);
2238                 if (err) goto out_prod_id;
2239         }
2240         if (bmc->guid_set) {
2241                 err = device_create_file(&bmc->dev->dev,
2242                                    &bmc->guid_attr);
2243                 if (err) goto out_aux_firm;
2244         }
2245
2246         return 0;
2247
2248 out_aux_firm:
2249         if (bmc->id.aux_firmware_revision_set)
2250                 device_remove_file(&bmc->dev->dev,
2251                                    &bmc->aux_firmware_rev_attr);
2252 out_prod_id:
2253         device_remove_file(&bmc->dev->dev,
2254                            &bmc->product_id_attr);
2255 out_manu:
2256         device_remove_file(&bmc->dev->dev,
2257                            &bmc->manufacturer_id_attr);
2258 out_add_dev:
2259         device_remove_file(&bmc->dev->dev,
2260                            &bmc->add_dev_support_attr);
2261 out_version:
2262         device_remove_file(&bmc->dev->dev,
2263                            &bmc->version_attr);
2264 out_firm:
2265         device_remove_file(&bmc->dev->dev,
2266                            &bmc->firmware_rev_attr);
2267 out_rev:
2268         device_remove_file(&bmc->dev->dev,
2269                            &bmc->revision_attr);
2270 out_sdrs:
2271         device_remove_file(&bmc->dev->dev,
2272                            &bmc->provides_dev_sdrs_attr);
2273 out_devid:
2274         device_remove_file(&bmc->dev->dev,
2275                            &bmc->device_id_attr);
2276 out:
2277         return err;
2278 }
2279
2280 static int ipmi_bmc_register(ipmi_smi_t intf, int ifnum,
2281                              const char *sysfs_name)
2282 {
2283         int               rv;
2284         struct bmc_device *bmc = intf->bmc;
2285         struct bmc_device *old_bmc;
2286         int               size;
2287         char              dummy[1];
2288
2289         mutex_lock(&ipmidriver_mutex);
2290
2291         /*
2292          * Try to find if there is an bmc_device struct
2293          * representing the interfaced BMC already
2294          */
2295         if (bmc->guid_set)
2296                 old_bmc = ipmi_find_bmc_guid(&ipmidriver, bmc->guid);
2297         else
2298                 old_bmc = ipmi_find_bmc_prod_dev_id(&ipmidriver,
2299                                                     bmc->id.product_id,
2300                                                     bmc->id.device_id);
2301
2302         /*
2303          * If there is already an bmc_device, free the new one,
2304          * otherwise register the new BMC device
2305          */
2306         if (old_bmc) {
2307                 kfree(bmc);
2308                 intf->bmc = old_bmc;
2309                 bmc = old_bmc;
2310
2311                 kref_get(&bmc->refcount);
2312                 mutex_unlock(&ipmidriver_mutex);
2313
2314                 printk(KERN_INFO
2315                        "ipmi: interfacing existing BMC (man_id: 0x%6.6x,"
2316                        " prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",
2317                        bmc->id.manufacturer_id,
2318                        bmc->id.product_id,
2319                        bmc->id.device_id);
2320         } else {
2321                 char name[14];
2322                 unsigned char orig_dev_id = bmc->id.device_id;
2323                 int warn_printed = 0;
2324
2325                 snprintf(name, sizeof(name),
2326                          "ipmi_bmc.%4.4x", bmc->id.product_id);
2327
2328                 while (ipmi_find_bmc_prod_dev_id(&ipmidriver,
2329                                                  bmc->id.product_id,
2330                                                  bmc->id.device_id)) {
2331                         if (!warn_printed) {
2332                                 printk(KERN_WARNING PFX
2333                                        "This machine has two different BMCs"
2334                                        " with the same product id and device"
2335                                        " id.  This is an error in the"
2336                                        " firmware, but incrementing the"
2337                                        " device id to work around the problem."
2338                                        " Prod ID = 0x%x, Dev ID = 0x%x\n",
2339                                        bmc->id.product_id, bmc->id.device_id);
2340                                 warn_printed = 1;
2341                         }
2342                         bmc->id.device_id++; /* Wraps at 255 */
2343                         if (bmc->id.device_id == orig_dev_id) {
2344                                 printk(KERN_ERR PFX
2345                                        "Out of device ids!\n");
2346                                 break;
2347                         }
2348                 }
2349
2350                 bmc->dev = platform_device_alloc(name, bmc->id.device_id);
2351                 if (!bmc->dev) {
2352                         mutex_unlock(&ipmidriver_mutex);
2353                         printk(KERN_ERR
2354                                "ipmi_msghandler:"
2355                                " Unable to allocate platform device\n");
2356                         return -ENOMEM;
2357                 }
2358                 bmc->dev->dev.driver = &ipmidriver;
2359                 dev_set_drvdata(&bmc->dev->dev, bmc);
2360                 kref_init(&bmc->refcount);
2361
2362                 rv = platform_device_add(bmc->dev);
2363                 mutex_unlock(&ipmidriver_mutex);
2364                 if (rv) {
2365                         platform_device_put(bmc->dev);
2366                         bmc->dev = NULL;
2367                         printk(KERN_ERR
2368                                "ipmi_msghandler:"
2369                                " Unable to register bmc device: %d\n",
2370                                rv);
2371                         /* Don't go to out_err, you can only do that if
2372                            the device is registered already. */
2373                         return rv;
2374                 }
2375
2376                 rv = create_files(bmc);
2377                 if (rv) {
2378                         mutex_lock(&ipmidriver_mutex);
2379                         platform_device_unregister(bmc->dev);
2380                         mutex_unlock(&ipmidriver_mutex);
2381
2382                         return rv;
2383                 }
2384
2385                 printk(KERN_INFO
2386                        "ipmi: Found new BMC (man_id: 0x%6.6x, "
2387                        " prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",
2388                        bmc->id.manufacturer_id,
2389                        bmc->id.product_id,
2390                        bmc->id.device_id);
2391         }
2392
2393         /*
2394          * create symlink from system interface device to bmc device
2395          * and back.
2396          */
2397         intf->sysfs_name = kstrdup(sysfs_name, GFP_KERNEL);
2398         if (!intf->sysfs_name) {
2399                 rv = -ENOMEM;
2400                 printk(KERN_ERR
2401                        "ipmi_msghandler: allocate link to BMC: %d\n",
2402                        rv);
2403                 goto out_err;
2404         }
2405
2406         rv = sysfs_create_link(&intf->si_dev->kobj,
2407                                &bmc->dev->dev.kobj, intf->sysfs_name);
2408         if (rv) {
2409                 kfree(intf->sysfs_name);
2410                 intf->sysfs_name = NULL;
2411                 printk(KERN_ERR
2412                        "ipmi_msghandler: Unable to create bmc symlink: %d\n",
2413                        rv);
2414                 goto out_err;
2415         }
2416
2417         size = snprintf(dummy, 0, "ipmi%d", ifnum);
2418         intf->my_dev_name = kmalloc(size+1, GFP_KERNEL);
2419         if (!intf->my_dev_name) {
2420                 kfree(intf->sysfs_name);
2421                 intf->sysfs_name = NULL;
2422                 rv = -ENOMEM;
2423                 printk(KERN_ERR
2424                        "ipmi_msghandler: allocate link from BMC: %d\n",
2425                        rv);
2426                 goto out_err;
2427         }
2428         snprintf(intf->my_dev_name, size+1, "ipmi%d", ifnum);
2429
2430         rv = sysfs_create_link(&bmc->dev->dev.kobj, &intf->si_dev->kobj,
2431                                intf->my_dev_name);
2432         if (rv) {
2433                 kfree(intf->sysfs_name);
2434                 intf->sysfs_name = NULL;
2435                 kfree(intf->my_dev_name);
2436                 intf->my_dev_name = NULL;
2437                 printk(KERN_ERR
2438                        "ipmi_msghandler:"
2439                        " Unable to create symlink to bmc: %d\n",
2440                        rv);
2441                 goto out_err;
2442         }
2443
2444         return 0;
2445
2446 out_err:
2447         ipmi_bmc_unregister(intf);
2448         return rv;
2449 }
2450
2451 static int
2452 send_guid_cmd(ipmi_smi_t intf, int chan)
2453 {
2454         struct kernel_ipmi_msg            msg;
2455         struct ipmi_system_interface_addr si;
2456
2457         si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2458         si.channel = IPMI_BMC_CHANNEL;
2459         si.lun = 0;
2460
2461         msg.netfn = IPMI_NETFN_APP_REQUEST;
2462         msg.cmd = IPMI_GET_DEVICE_GUID_CMD;
2463         msg.data = NULL;
2464         msg.data_len = 0;
2465         return i_ipmi_request(NULL,
2466                               intf,
2467                               (struct ipmi_addr *) &si,
2468                               0,
2469                               &msg,
2470                               intf,
2471                               NULL,
2472                               NULL,
2473                               0,
2474                               intf->channels[0].address,
2475                               intf->channels[0].lun,
2476                               -1, 0);
2477 }
2478
2479 static void
2480 guid_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
2481 {
2482         if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
2483             || (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE)
2484             || (msg->msg.cmd != IPMI_GET_DEVICE_GUID_CMD))
2485                 /* Not for me */
2486                 return;
2487
2488         if (msg->msg.data[0] != 0) {
2489                 /* Error from getting the GUID, the BMC doesn't have one. */
2490                 intf->bmc->guid_set = 0;
2491                 goto out;
2492         }
2493
2494         if (msg->msg.data_len < 17) {
2495                 intf->bmc->guid_set = 0;
2496                 printk(KERN_WARNING PFX
2497                        "guid_handler: The GUID response from the BMC was too"
2498                        " short, it was %d but should have been 17.  Assuming"
2499                        " GUID is not available.\n",
2500                        msg->msg.data_len);
2501                 goto out;
2502         }
2503
2504         memcpy(intf->bmc->guid, msg->msg.data, 16);
2505         intf->bmc->guid_set = 1;
2506  out:
2507         wake_up(&intf->waitq);
2508 }
2509
2510 static void
2511 get_guid(ipmi_smi_t intf)
2512 {
2513         int rv;
2514
2515         intf->bmc->guid_set = 0x2;
2516         intf->null_user_handler = guid_handler;
2517         rv = send_guid_cmd(intf, 0);
2518         if (rv)
2519                 /* Send failed, no GUID available. */
2520                 intf->bmc->guid_set = 0;
2521         wait_event(intf->waitq, intf->bmc->guid_set != 2);
2522         intf->null_user_handler = NULL;
2523 }
2524
2525 static int
2526 send_channel_info_cmd(ipmi_smi_t intf, int chan)
2527 {
2528         struct kernel_ipmi_msg            msg;
2529         unsigned char                     data[1];
2530         struct ipmi_system_interface_addr si;
2531
2532         si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2533         si.channel = IPMI_BMC_CHANNEL;
2534         si.lun = 0;
2535
2536         msg.netfn = IPMI_NETFN_APP_REQUEST;
2537         msg.cmd = IPMI_GET_CHANNEL_INFO_CMD;
2538         msg.data = data;
2539         msg.data_len = 1;
2540         data[0] = chan;
2541         return i_ipmi_request(NULL,
2542                               intf,
2543                               (struct ipmi_addr *) &si,
2544                               0,
2545                               &msg,
2546                               intf,
2547                               NULL,
2548                               NULL,
2549                               0,
2550                               intf->channels[0].address,
2551                               intf->channels[0].lun,
2552                               -1, 0);
2553 }
2554
2555 static void
2556 channel_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
2557 {
2558         int rv = 0;
2559         int chan;
2560
2561         if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
2562             && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
2563             && (msg->msg.cmd == IPMI_GET_CHANNEL_INFO_CMD))
2564         {
2565                 /* It's the one we want */
2566                 if (msg->msg.data[0] != 0) {
2567                         /* Got an error from the channel, just go on. */
2568
2569                         if (msg->msg.data[0] == IPMI_INVALID_COMMAND_ERR) {
2570                                 /* If the MC does not support this
2571                                    command, that is legal.  We just
2572                                    assume it has one IPMB at channel
2573                                    zero. */
2574                                 intf->channels[0].medium
2575                                         = IPMI_CHANNEL_MEDIUM_IPMB;
2576                                 intf->channels[0].protocol
2577                                         = IPMI_CHANNEL_PROTOCOL_IPMB;
2578                                 rv = -ENOSYS;
2579
2580                                 intf->curr_channel = IPMI_MAX_CHANNELS;
2581                                 wake_up(&intf->waitq);
2582                                 goto out;
2583                         }
2584                         goto next_channel;
2585                 }
2586                 if (msg->msg.data_len < 4) {
2587                         /* Message not big enough, just go on. */
2588                         goto next_channel;
2589                 }
2590                 chan = intf->curr_channel;
2591                 intf->channels[chan].medium = msg->msg.data[2] & 0x7f;
2592                 intf->channels[chan].protocol = msg->msg.data[3] & 0x1f;
2593
2594         next_channel:
2595                 intf->curr_channel++;
2596                 if (intf->curr_channel >= IPMI_MAX_CHANNELS)
2597                         wake_up(&intf->waitq);
2598                 else
2599                         rv = send_channel_info_cmd(intf, intf->curr_channel);
2600
2601                 if (rv) {
2602                         /* Got an error somehow, just give up. */
2603                         intf->curr_channel = IPMI_MAX_CHANNELS;
2604                         wake_up(&intf->waitq);
2605
2606                         printk(KERN_WARNING PFX
2607                                "Error sending channel information: %d\n",
2608                                rv);
2609                 }
2610         }
2611  out:
2612         return;
2613 }
2614
2615 void ipmi_poll_interface(ipmi_user_t user)
2616 {
2617         ipmi_smi_t intf = user->intf;
2618
2619         if (intf->handlers->poll)
2620                 intf->handlers->poll(intf->send_info);
2621 }
2622
2623 int ipmi_register_smi(struct ipmi_smi_handlers *handlers,
2624                       void                     *send_info,
2625                       struct ipmi_device_id    *device_id,
2626                       struct device            *si_dev,
2627                       const char               *sysfs_name,
2628                       unsigned char            slave_addr)
2629 {
2630         int              i, j;
2631         int              rv;
2632         ipmi_smi_t       intf;
2633         ipmi_smi_t       tintf;
2634         struct list_head *link;
2635
2636         /* Make sure the driver is actually initialized, this handles
2637            problems with initialization order. */
2638         if (!initialized) {
2639                 rv = ipmi_init_msghandler();
2640                 if (rv)
2641                         return rv;
2642                 /* The init code doesn't return an error if it was turned
2643                    off, but it won't initialize.  Check that. */
2644                 if (!initialized)
2645                         return -ENODEV;
2646         }
2647
2648         intf = kzalloc(sizeof(*intf), GFP_KERNEL);
2649         if (!intf)
2650                 return -ENOMEM;
2651
2652         intf->ipmi_version_major = ipmi_version_major(device_id);
2653         intf->ipmi_version_minor = ipmi_version_minor(device_id);
2654
2655         intf->bmc = kzalloc(sizeof(*intf->bmc), GFP_KERNEL);
2656         if (!intf->bmc) {
2657                 kfree(intf);
2658                 return -ENOMEM;
2659         }
2660         intf->intf_num = -1; /* Mark it invalid for now. */
2661         kref_init(&intf->refcount);
2662         intf->bmc->id = *device_id;
2663         intf->si_dev = si_dev;
2664         for (j = 0; j < IPMI_MAX_CHANNELS; j++) {
2665                 intf->channels[j].address = IPMI_BMC_SLAVE_ADDR;
2666                 intf->channels[j].lun = 2;
2667         }
2668         if (slave_addr != 0)
2669                 intf->channels[0].address = slave_addr;
2670         INIT_LIST_HEAD(&intf->users);
2671         intf->handlers = handlers;
2672         intf->send_info = send_info;
2673         spin_lock_init(&intf->seq_lock);
2674         for (j = 0; j < IPMI_IPMB_NUM_SEQ; j++) {
2675                 intf->seq_table[j].inuse = 0;
2676                 intf->seq_table[j].seqid = 0;
2677         }
2678         intf->curr_seq = 0;
2679 #ifdef CONFIG_PROC_FS
2680         mutex_init(&intf->proc_entry_lock);
2681 #endif
2682         spin_lock_init(&intf->waiting_msgs_lock);
2683         INIT_LIST_HEAD(&intf->waiting_msgs);
2684         spin_lock_init(&intf->events_lock);
2685         INIT_LIST_HEAD(&intf->waiting_events);
2686         intf->waiting_events_count = 0;
2687         mutex_init(&intf->cmd_rcvrs_mutex);
2688         spin_lock_init(&intf->maintenance_mode_lock);
2689         INIT_LIST_HEAD(&intf->cmd_rcvrs);
2690         init_waitqueue_head(&intf->waitq);
2691
2692         spin_lock_init(&intf->counter_lock);
2693         intf->proc_dir = NULL;
2694
2695         mutex_lock(&smi_watchers_mutex);
2696         mutex_lock(&ipmi_interfaces_mutex);
2697         /* Look for a hole in the numbers. */
2698         i = 0;
2699         link = &ipmi_interfaces;
2700         list_for_each_entry_rcu(tintf, &ipmi_interfaces, link) {
2701                 if (tintf->intf_num != i) {
2702                         link = &tintf->link;
2703                         break;
2704                 }
2705                 i++;
2706         }
2707         /* Add the new interface in numeric order. */
2708         if (i == 0)
2709                 list_add_rcu(&intf->link, &ipmi_interfaces);
2710         else
2711                 list_add_tail_rcu(&intf->link, link);
2712
2713         rv = handlers->start_processing(send_info, intf);
2714         if (rv)
2715                 goto out;
2716
2717         get_guid(intf);
2718
2719         if ((intf->ipmi_version_major > 1)
2720             || ((intf->ipmi_version_major == 1)
2721                 && (intf->ipmi_version_minor >= 5)))
2722         {
2723                 /* Start scanning the channels to see what is
2724                    available. */
2725                 intf->null_user_handler = channel_handler;
2726                 intf->curr_channel = 0;
2727                 rv = send_channel_info_cmd(intf, 0);
2728                 if (rv)
2729                         goto out;
2730
2731                 /* Wait for the channel info to be read. */
2732                 wait_event(intf->waitq,
2733                            intf->curr_channel >= IPMI_MAX_CHANNELS);
2734                 intf->null_user_handler = NULL;
2735         } else {
2736                 /* Assume a single IPMB channel at zero. */
2737                 intf->channels[0].medium = IPMI_CHANNEL_MEDIUM_IPMB;
2738                 intf->channels[0].protocol = IPMI_CHANNEL_PROTOCOL_IPMB;
2739         }
2740
2741         if (rv == 0)
2742                 rv = add_proc_entries(intf, i);
2743
2744         rv = ipmi_bmc_register(intf, i, sysfs_name);
2745
2746  out:
2747         if (rv) {
2748                 if (intf->proc_dir)
2749                         remove_proc_entries(intf);
2750                 intf->handlers = NULL;
2751                 list_del_rcu(&intf->link);
2752                 mutex_unlock(&ipmi_interfaces_mutex);
2753                 mutex_unlock(&smi_watchers_mutex);
2754                 synchronize_rcu();
2755                 kref_put(&intf->refcount, intf_free);
2756         } else {
2757                 /*
2758                  * Keep memory order straight for RCU readers.  Make
2759                  * sure everything else is committed to memory before
2760                  * setting intf_num to mark the interface valid.
2761                  */
2762                 smp_wmb();
2763                 intf->intf_num = i;
2764                 mutex_unlock(&ipmi_interfaces_mutex);
2765                 /* After this point the interface is legal to use. */
2766                 call_smi_watchers(i, intf->si_dev);
2767                 mutex_unlock(&smi_watchers_mutex);
2768         }
2769
2770         return rv;
2771 }
2772
2773 static void cleanup_smi_msgs(ipmi_smi_t intf)
2774 {
2775         int              i;
2776         struct seq_table *ent;
2777
2778         /* No need for locks, the interface is down. */
2779         for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
2780                 ent = &(intf->seq_table[i]);
2781                 if (!ent->inuse)
2782                         continue;
2783                 deliver_err_response(ent->recv_msg, IPMI_ERR_UNSPECIFIED);
2784         }
2785 }
2786
2787 int ipmi_unregister_smi(ipmi_smi_t intf)
2788 {
2789         struct ipmi_smi_watcher *w;
2790         int    intf_num = intf->intf_num;
2791
2792         ipmi_bmc_unregister(intf);
2793
2794         mutex_lock(&smi_watchers_mutex);
2795         mutex_lock(&ipmi_interfaces_mutex);
2796         intf->intf_num = -1;
2797         intf->handlers = NULL;
2798         list_del_rcu(&intf->link);
2799         mutex_unlock(&ipmi_interfaces_mutex);
2800         synchronize_rcu();
2801
2802         cleanup_smi_msgs(intf);
2803
2804         remove_proc_entries(intf);
2805
2806         /* Call all the watcher interfaces to tell them that
2807            an interface is gone. */
2808         list_for_each_entry(w, &smi_watchers, link)
2809                 w->smi_gone(intf_num);
2810         mutex_unlock(&smi_watchers_mutex);
2811
2812         kref_put(&intf->refcount, intf_free);
2813         return 0;
2814 }
2815
2816 static int handle_ipmb_get_msg_rsp(ipmi_smi_t          intf,
2817                                    struct ipmi_smi_msg *msg)
2818 {
2819         struct ipmi_ipmb_addr ipmb_addr;
2820         struct ipmi_recv_msg  *recv_msg;
2821         unsigned long         flags;
2822
2823         
2824         /* This is 11, not 10, because the response must contain a
2825          * completion code. */
2826         if (msg->rsp_size < 11) {
2827                 /* Message not big enough, just ignore it. */
2828                 spin_lock_irqsave(&intf->counter_lock, flags);
2829                 intf->invalid_ipmb_responses++;
2830                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2831                 return 0;
2832         }
2833
2834         if (msg->rsp[2] != 0) {
2835                 /* An error getting the response, just ignore it. */
2836                 return 0;
2837         }
2838
2839         ipmb_addr.addr_type = IPMI_IPMB_ADDR_TYPE;
2840         ipmb_addr.slave_addr = msg->rsp[6];
2841         ipmb_addr.channel = msg->rsp[3] & 0x0f;
2842         ipmb_addr.lun = msg->rsp[7] & 3;
2843
2844         /* It's a response from a remote entity.  Look up the sequence
2845            number and handle the response. */
2846         if (intf_find_seq(intf,
2847                           msg->rsp[7] >> 2,
2848                           msg->rsp[3] & 0x0f,
2849                           msg->rsp[8],
2850                           (msg->rsp[4] >> 2) & (~1),
2851                           (struct ipmi_addr *) &(ipmb_addr),
2852                           &recv_msg))
2853         {
2854                 /* We were unable to find the sequence number,
2855                    so just nuke the message. */
2856                 spin_lock_irqsave(&intf->counter_lock, flags);
2857                 intf->unhandled_ipmb_responses++;
2858                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2859                 return 0;
2860         }
2861
2862         memcpy(recv_msg->msg_data,
2863                &(msg->rsp[9]),
2864                msg->rsp_size - 9);
2865         /* THe other fields matched, so no need to set them, except
2866            for netfn, which needs to be the response that was
2867            returned, not the request value. */
2868         recv_msg->msg.netfn = msg->rsp[4] >> 2;
2869         recv_msg->msg.data = recv_msg->msg_data;
2870         recv_msg->msg.data_len = msg->rsp_size - 10;
2871         recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
2872         spin_lock_irqsave(&intf->counter_lock, flags);
2873         intf->handled_ipmb_responses++;
2874         spin_unlock_irqrestore(&intf->counter_lock, flags);
2875         deliver_response(recv_msg);
2876
2877         return 0;
2878 }
2879
2880 static int handle_ipmb_get_msg_cmd(ipmi_smi_t          intf,
2881                                    struct ipmi_smi_msg *msg)
2882 {
2883         struct cmd_rcvr          *rcvr;
2884         int                      rv = 0;
2885         unsigned char            netfn;
2886         unsigned char            cmd;
2887         unsigned char            chan;
2888         ipmi_user_t              user = NULL;
2889         struct ipmi_ipmb_addr    *ipmb_addr;
2890         struct ipmi_recv_msg     *recv_msg;
2891         unsigned long            flags;
2892         struct ipmi_smi_handlers *handlers;
2893
2894         if (msg->rsp_size < 10) {
2895                 /* Message not big enough, just ignore it. */
2896                 spin_lock_irqsave(&intf->counter_lock, flags);
2897                 intf->invalid_commands++;
2898                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2899                 return 0;
2900         }
2901
2902         if (msg->rsp[2] != 0) {
2903                 /* An error getting the response, just ignore it. */
2904                 return 0;
2905         }
2906
2907         netfn = msg->rsp[4] >> 2;
2908         cmd = msg->rsp[8];
2909         chan = msg->rsp[3] & 0xf;
2910
2911         rcu_read_lock();
2912         rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);
2913         if (rcvr) {
2914                 user = rcvr->user;
2915                 kref_get(&user->refcount);
2916         } else
2917                 user = NULL;
2918         rcu_read_unlock();
2919
2920         if (user == NULL) {
2921                 /* We didn't find a user, deliver an error response. */
2922                 spin_lock_irqsave(&intf->counter_lock, flags);
2923                 intf->unhandled_commands++;
2924                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2925
2926                 msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
2927                 msg->data[1] = IPMI_SEND_MSG_CMD;
2928                 msg->data[2] = msg->rsp[3];
2929                 msg->data[3] = msg->rsp[6];
2930                 msg->data[4] = ((netfn + 1) << 2) | (msg->rsp[7] & 0x3);
2931                 msg->data[5] = ipmb_checksum(&(msg->data[3]), 2);
2932                 msg->data[6] = intf->channels[msg->rsp[3] & 0xf].address;
2933                 /* rqseq/lun */
2934                 msg->data[7] = (msg->rsp[7] & 0xfc) | (msg->rsp[4] & 0x3);
2935                 msg->data[8] = msg->rsp[8]; /* cmd */
2936                 msg->data[9] = IPMI_INVALID_CMD_COMPLETION_CODE;
2937                 msg->data[10] = ipmb_checksum(&(msg->data[6]), 4);
2938                 msg->data_size = 11;
2939
2940 #ifdef DEBUG_MSGING
2941         {
2942                 int m;
2943                 printk("Invalid command:");
2944                 for (m = 0; m < msg->data_size; m++)
2945                         printk(" %2.2x", msg->data[m]);
2946                 printk("\n");
2947         }
2948 #endif
2949                 rcu_read_lock();
2950                 handlers = intf->handlers;
2951                 if (handlers) {
2952                         handlers->sender(intf->send_info, msg, 0);
2953                         /* We used the message, so return the value
2954                            that causes it to not be freed or
2955                            queued. */
2956                         rv = -1;
2957                 }
2958                 rcu_read_unlock();
2959         } else {
2960                 /* Deliver the message to the user. */
2961                 spin_lock_irqsave(&intf->counter_lock, flags);
2962                 intf->handled_commands++;
2963                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2964
2965                 recv_msg = ipmi_alloc_recv_msg();
2966                 if (!recv_msg) {
2967                         /* We couldn't allocate memory for the
2968                            message, so requeue it for handling
2969                            later. */
2970                         rv = 1;
2971                         kref_put(&user->refcount, free_user);
2972                 } else {
2973                         /* Extract the source address from the data. */
2974                         ipmb_addr = (struct ipmi_ipmb_addr *) &recv_msg->addr;
2975                         ipmb_addr->addr_type = IPMI_IPMB_ADDR_TYPE;
2976                         ipmb_addr->slave_addr = msg->rsp[6];
2977                         ipmb_addr->lun = msg->rsp[7] & 3;
2978                         ipmb_addr->channel = msg->rsp[3] & 0xf;
2979
2980                         /* Extract the rest of the message information
2981                            from the IPMB header.*/
2982                         recv_msg->user = user;
2983                         recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
2984                         recv_msg->msgid = msg->rsp[7] >> 2;
2985                         recv_msg->msg.netfn = msg->rsp[4] >> 2;
2986                         recv_msg->msg.cmd = msg->rsp[8];
2987                         recv_msg->msg.data = recv_msg->msg_data;
2988
2989                         /* We chop off 10, not 9 bytes because the checksum
2990                            at the end also needs to be removed. */
2991                         recv_msg->msg.data_len = msg->rsp_size - 10;
2992                         memcpy(recv_msg->msg_data,
2993                                &(msg->rsp[9]),
2994                                msg->rsp_size - 10);
2995                         deliver_response(recv_msg);
2996                 }
2997         }
2998
2999         return rv;
3000 }
3001
3002 static int handle_lan_get_msg_rsp(ipmi_smi_t          intf,
3003                                   struct ipmi_smi_msg *msg)
3004 {
3005         struct ipmi_lan_addr  lan_addr;
3006         struct ipmi_recv_msg  *recv_msg;
3007         unsigned long         flags;
3008
3009
3010         /* This is 13, not 12, because the response must contain a
3011          * completion code. */
3012         if (msg->rsp_size < 13) {
3013                 /* Message not big enough, just ignore it. */
3014                 spin_lock_irqsave(&intf->counter_lock, flags);
3015                 intf->invalid_lan_responses++;
3016                 spin_unlock_irqrestore(&intf->counter_lock, flags);
3017                 return 0;
3018         }
3019
3020         if (msg->rsp[2] != 0) {
3021                 /* An error getting the response, just ignore it. */
3022                 return 0;
3023         }
3024
3025         lan_addr.addr_type = IPMI_LAN_ADDR_TYPE;
3026         lan_addr.session_handle = msg->rsp[4];
3027         lan_addr.remote_SWID = msg->rsp[8];
3028         lan_addr.local_SWID = msg->rsp[5];
3029         lan_addr.channel = msg->rsp[3] & 0x0f;
3030         lan_addr.privilege = msg->rsp[3] >> 4;
3031         lan_addr.lun = msg->rsp[9] & 3;
3032
3033         /* It's a response from a remote entity.  Look up the sequence
3034            number and handle the response. */
3035         if (intf_find_seq(intf,
3036                           msg->rsp[9] >> 2,
3037                           msg->rsp[3] & 0x0f,
3038                           msg->rsp[10],
3039                           (msg->rsp[6] >> 2) & (~1),
3040                           (struct ipmi_addr *) &(lan_addr),
3041                           &recv_msg))
3042         {
3043                 /* We were unable to find the sequence number,
3044                    so just nuke the message. */
3045                 spin_lock_irqsave(&intf->counter_lock, flags);
3046                 intf->unhandled_lan_responses++;
3047                 spin_unlock_irqrestore(&intf->counter_lock, flags);
3048                 return 0;
3049         }
3050
3051         memcpy(recv_msg->msg_data,
3052                &(msg->rsp[11]),
3053                msg->rsp_size - 11);
3054         /* The other fields matched, so no need to set them, except
3055            for netfn, which needs to be the response that was
3056            returned, not the request value. */
3057         recv_msg->msg.netfn = msg->rsp[6] >> 2;
3058         recv_msg->msg.data = recv_msg->msg_data;
3059         recv_msg->msg.data_len = msg->rsp_size - 12;
3060         recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
3061         spin_lock_irqsave(&intf->counter_lock, flags);
3062         intf->handled_lan_responses++;
3063         spin_unlock_irqrestore(&intf->counter_lock, flags);
3064         deliver_response(recv_msg);
3065
3066         return 0;
3067 }
3068
3069 static int handle_lan_get_msg_cmd(ipmi_smi_t          intf,
3070                                   struct ipmi_smi_msg *msg)
3071 {
3072         struct cmd_rcvr          *rcvr;
3073         int                      rv = 0;
3074         unsigned char            netfn;
3075         unsigned char            cmd;
3076         unsigned char            chan;
3077         ipmi_user_t              user = NULL;
3078         struct ipmi_lan_addr     *lan_addr;
3079         struct ipmi_recv_msg     *recv_msg;
3080         unsigned long            flags;
3081
3082         if (msg->rsp_size < 12) {
3083                 /* Message not big enough, just ignore it. */
3084                 spin_lock_irqsave(&intf->counter_lock, flags);
3085                 intf->invalid_commands++;
3086                 spin_unlock_irqrestore(&intf->counter_lock, flags);
3087                 return 0;
3088         }
3089
3090         if (msg->rsp[2] != 0) {
3091                 /* An error getting the response, just ignore it. */
3092                 return 0;
3093         }
3094
3095         netfn = msg->rsp[6] >> 2;
3096         cmd = msg->rsp[10];
3097         chan = msg->rsp[3] & 0xf;
3098
3099         rcu_read_lock();
3100         rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);
3101         if (rcvr) {
3102                 user = rcvr->user;
3103                 kref_get(&user->refcount);
3104         } else
3105                 user = NULL;
3106         rcu_read_unlock();
3107
3108         if (user == NULL) {
3109                 /* We didn't find a user, just give up. */
3110                 spin_lock_irqsave(&intf->counter_lock, flags);
3111                 intf->unhandled_commands++;
3112                 spin_unlock_irqrestore(&intf->counter_lock, flags);
3113
3114                 rv = 0; /* Don't do anything with these messages, just
3115                            allow them to be freed. */
3116         } else {
3117                 /* Deliver the message to the user. */
3118                 spin_lock_irqsave(&intf->counter_lock, flags);
3119                 intf->handled_commands++;
3120                 spin_unlock_irqrestore(&intf->counter_lock, flags);
3121
3122                 recv_msg = ipmi_alloc_recv_msg();
3123                 if (!recv_msg) {
3124                         /* We couldn't allocate memory for the
3125                            message, so requeue it for handling
3126                            later. */
3127                         rv = 1;
3128                         kref_put(&user->refcount, free_user);
3129                 } else {
3130                         /* Extract the source address from the data. */
3131                         lan_addr = (struct ipmi_lan_addr *) &recv_msg->addr;
3132                         lan_addr->addr_type = IPMI_LAN_ADDR_TYPE;
3133                         lan_addr->session_handle = msg->rsp[4];
3134                         lan_addr->remote_SWID = msg->rsp[8];
3135                         lan_addr->local_SWID = msg->rsp[5];
3136                         lan_addr->lun = msg->rsp[9] & 3;
3137                         lan_addr->channel = msg->rsp[3] & 0xf;
3138                         lan_addr->privilege = msg->rsp[3] >> 4;
3139
3140                         /* Extract the rest of the message information
3141                            from the IPMB header.*/
3142                         recv_msg->user = user;
3143                         recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
3144                         recv_msg->msgid = msg->rsp[9] >> 2;
3145                         recv_msg->msg.netfn = msg->rsp[6] >> 2;
3146                         recv_msg->msg.cmd = msg->rsp[10];
3147                         recv_msg->msg.data = recv_msg->msg_data;
3148
3149                         /* We chop off 12, not 11 bytes because the checksum
3150                            at the end also needs to be removed. */
3151                         recv_msg->msg.data_len = msg->rsp_size - 12;
3152                         memcpy(recv_msg->msg_data,
3153                                &(msg->rsp[11]),
3154                                msg->rsp_size - 12);
3155                         deliver_response(recv_msg);
3156                 }
3157         }
3158
3159         return rv;
3160 }
3161
3162 static void copy_event_into_recv_msg(struct ipmi_recv_msg *recv_msg,
3163                                      struct ipmi_smi_msg  *msg)
3164 {
3165         struct ipmi_system_interface_addr *smi_addr;
3166         
3167         recv_msg->msgid = 0;
3168         smi_addr = (struct ipmi_system_interface_addr *) &(recv_msg->addr);
3169         smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3170         smi_addr->channel = IPMI_BMC_CHANNEL;
3171         smi_addr->lun = msg->rsp[0] & 3;
3172         recv_msg->recv_type = IPMI_ASYNC_EVENT_RECV_TYPE;
3173         recv_msg->msg.netfn = msg->rsp[0] >> 2;
3174         recv_msg->msg.cmd = msg->rsp[1];
3175         memcpy(recv_msg->msg_data, &(msg->rsp[3]), msg->rsp_size - 3);
3176         recv_msg->msg.data = recv_msg->msg_data;
3177         recv_msg->msg.data_len = msg->rsp_size - 3;
3178 }
3179
3180 static int handle_read_event_rsp(ipmi_smi_t          intf,
3181                                  struct ipmi_smi_msg *msg)
3182 {
3183         struct ipmi_recv_msg *recv_msg, *recv_msg2;
3184         struct list_head     msgs;
3185         ipmi_user_t          user;
3186         int                  rv = 0;
3187         int                  deliver_count = 0;
3188         unsigned long        flags;
3189
3190         if (msg->rsp_size < 19) {
3191                 /* Message is too small to be an IPMB event. */
3192                 spin_lock_irqsave(&intf->counter_lock, flags);
3193                 intf->invalid_events++;
3194                 spin_unlock_irqrestore(&intf->counter_lock, flags);
3195                 return 0;
3196         }
3197
3198         if (msg->rsp[2] != 0) {
3199                 /* An error getting the event, just ignore it. */
3200                 return 0;
3201         }
3202
3203         INIT_LIST_HEAD(&msgs);
3204
3205         spin_lock_irqsave(&intf->events_lock, flags);
3206
3207         spin_lock(&intf->counter_lock);
3208         intf->events++;
3209         spin_unlock(&intf->counter_lock);
3210
3211         /* Allocate and fill in one message for every user that is getting
3212            events. */
3213         rcu_read_lock();
3214         list_for_each_entry_rcu(user, &intf->users, link) {
3215                 if (!user->gets_events)
3216                         continue;
3217
3218                 recv_msg = ipmi_alloc_recv_msg();
3219                 if (!recv_msg) {
3220                         rcu_read_unlock();
3221                         list_for_each_entry_safe(recv_msg, recv_msg2, &msgs,
3222                                                  link) {
3223                                 list_del(&recv_msg->link);
3224                                 ipmi_free_recv_msg(recv_msg);
3225                         }
3226                         /* We couldn't allocate memory for the
3227                            message, so requeue it for handling
3228                            later. */
3229                         rv = 1;
3230                         goto out;
3231                 }
3232
3233                 deliver_count++;
3234
3235                 copy_event_into_recv_msg(recv_msg, msg);
3236                 recv_msg->user = user;
3237                 kref_get(&user->refcount);
3238                 list_add_tail(&(recv_msg->link), &msgs);
3239         }
3240         rcu_read_unlock();
3241
3242         if (deliver_count) {
3243                 /* Now deliver all the messages. */
3244                 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) {
3245                         list_del(&recv_msg->link);
3246                         deliver_response(recv_msg);
3247                 }
3248         } else if (intf->waiting_events_count < MAX_EVENTS_IN_QUEUE) {
3249                 /* No one to receive the message, put it in queue if there's
3250                    not already too many things in the queue. */
3251                 recv_msg = ipmi_alloc_recv_msg();
3252                 if (!recv_msg) {
3253                         /* We couldn't allocate memory for the
3254                            message, so requeue it for handling
3255                            later. */
3256                         rv = 1;
3257                         goto out;
3258                 }
3259
3260                 copy_event_into_recv_msg(recv_msg, msg);
3261                 list_add_tail(&(recv_msg->link), &(intf->waiting_events));
3262                 intf->waiting_events_count++;
3263         } else {
3264                 /* There's too many things in the queue, discard this
3265                    message. */
3266                 printk(KERN_WARNING PFX "Event queue full, discarding an"
3267                        " incoming event\n");
3268         }
3269
3270  out:
3271         spin_unlock_irqrestore(&(intf->events_lock), flags);
3272
3273         return rv;
3274 }
3275
3276 static int handle_bmc_rsp(ipmi_smi_t          intf,
3277                           struct ipmi_smi_msg *msg)
3278 {
3279         struct ipmi_recv_msg *recv_msg;
3280         unsigned long        flags;
3281         struct ipmi_user     *user;
3282
3283         recv_msg = (struct ipmi_recv_msg *) msg->user_data;
3284         if (recv_msg == NULL)
3285         {
3286                 printk(KERN_WARNING"IPMI message received with no owner. This\n"
3287                         "could be because of a malformed message, or\n"
3288                         "because of a hardware error.  Contact your\n"
3289                         "hardware vender for assistance\n");
3290                 return 0;
3291         }
3292
3293         user = recv_msg->user;
3294         /* Make sure the user still exists. */
3295         if (user && !user->valid) {
3296                 /* The user for the message went away, so give up. */
3297                 spin_lock_irqsave(&intf->counter_lock, flags);
3298                 intf->unhandled_local_responses++;
3299                 spin_unlock_irqrestore(&intf->counter_lock, flags);
3300                 ipmi_free_recv_msg(recv_msg);
3301         } else {
3302                 struct ipmi_system_interface_addr *smi_addr;
3303
3304                 spin_lock_irqsave(&intf->counter_lock, flags);
3305                 intf->handled_local_responses++;
3306                 spin_unlock_irqrestore(&intf->counter_lock, flags);
3307                 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
3308                 recv_msg->msgid = msg->msgid;
3309                 smi_addr = ((struct ipmi_system_interface_addr *)
3310                             &(recv_msg->addr));
3311                 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3312                 smi_addr->channel = IPMI_BMC_CHANNEL;
3313                 smi_addr->lun = msg->rsp[0] & 3;
3314                 recv_msg->msg.netfn = msg->rsp[0] >> 2;
3315                 recv_msg->msg.cmd = msg->rsp[1];
3316                 memcpy(recv_msg->msg_data,
3317                        &(msg->rsp[2]),
3318                        msg->rsp_size - 2);
3319                 recv_msg->msg.data = recv_msg->msg_data;
3320                 recv_msg->msg.data_len = msg->rsp_size - 2;
3321                 deliver_response(recv_msg);
3322         }
3323
3324         return 0;
3325 }
3326
3327 /* Handle a new message.  Return 1 if the message should be requeued,
3328    0 if the message should be freed, or -1 if the message should not
3329    be freed or requeued. */
3330 static int handle_new_recv_msg(ipmi_smi_t          intf,
3331                                struct ipmi_smi_msg *msg)
3332 {
3333         int requeue;
3334         int chan;
3335
3336 #ifdef DEBUG_MSGING
3337         int m;
3338         printk("Recv:");
3339         for (m = 0; m < msg->rsp_size; m++)
3340                 printk(" %2.2x", msg->rsp[m]);
3341         printk("\n");
3342 #endif
3343         if (msg->rsp_size < 2) {
3344                 /* Message is too small to be correct. */
3345                 printk(KERN_WARNING PFX "BMC returned to small a message"
3346                        " for netfn %x cmd %x, got %d bytes\n",
3347                        (msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size);
3348
3349                 /* Generate an error response for the message. */
3350                 msg->rsp[0] = msg->data[0] | (1 << 2);
3351                 msg->rsp[1] = msg->data[1];
3352                 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
3353                 msg->rsp_size = 3;
3354         } else if (((msg->rsp[0] >> 2) != ((msg->data[0] >> 2) | 1))/* Netfn */
3355                    || (msg->rsp[1] != msg->data[1]))              /* Command */
3356         {
3357                 /* The response is not even marginally correct. */
3358                 printk(KERN_WARNING PFX "BMC returned incorrect response,"
3359                        " expected netfn %x cmd %x, got netfn %x cmd %x\n",
3360                        (msg->data[0] >> 2) | 1, msg->data[1],
3361                        msg->rsp[0] >> 2, msg->rsp[1]);
3362
3363                 /* Generate an error response for the message. */
3364                 msg->rsp[0] = msg->data[0] | (1 << 2);
3365                 msg->rsp[1] = msg->data[1];
3366                 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
3367                 msg->rsp_size = 3;
3368         }
3369
3370         if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
3371             && (msg->rsp[1] == IPMI_SEND_MSG_CMD)
3372             && (msg->user_data != NULL))
3373         {
3374                 /* It's a response to a response we sent.  For this we
3375                    deliver a send message response to the user. */
3376                 struct ipmi_recv_msg     *recv_msg = msg->user_data;
3377
3378                 requeue = 0;
3379                 if (msg->rsp_size < 2)
3380                         /* Message is too small to be correct. */
3381                         goto out;
3382
3383                 chan = msg->data[2] & 0x0f;
3384                 if (chan >= IPMI_MAX_CHANNELS)
3385                         /* Invalid channel number */
3386                         goto out;
3387
3388                 if (!recv_msg)
3389                         goto out;
3390
3391                 /* Make sure the user still exists. */
3392                 if (!recv_msg->user || !recv_msg->user->valid)
3393                         goto out;
3394
3395                 recv_msg->recv_type = IPMI_RESPONSE_RESPONSE_TYPE;
3396                 recv_msg->msg.data = recv_msg->msg_data;
3397                 recv_msg->msg.data_len = 1;
3398                 recv_msg->msg_data[0] = msg->rsp[2];
3399                 deliver_response(recv_msg);
3400         } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
3401                    && (msg->rsp[1] == IPMI_GET_MSG_CMD))
3402         {
3403                 /* It's from the receive queue. */
3404                 chan = msg->rsp[3] & 0xf;
3405                 if (chan >= IPMI_MAX_CHANNELS) {
3406                         /* Invalid channel number */
3407                         requeue = 0;
3408                         goto out;
3409                 }
3410
3411                 switch (intf->channels[chan].medium) {
3412                 case IPMI_CHANNEL_MEDIUM_IPMB:
3413                         if (msg->rsp[4] & 0x04) {
3414                                 /* It's a response, so find the
3415                                    requesting message and send it up. */
3416                                 requeue = handle_ipmb_get_msg_rsp(intf, msg);
3417                         } else {
3418                                 /* It's a command to the SMS from some other
3419                                    entity.  Handle that. */
3420                                 requeue = handle_ipmb_get_msg_cmd(intf, msg);
3421                         }
3422                         break;
3423
3424                 case IPMI_CHANNEL_MEDIUM_8023LAN:
3425                 case IPMI_CHANNEL_MEDIUM_ASYNC:
3426                         if (msg->rsp[6] & 0x04) {
3427                                 /* It's a response, so find the
3428                                    requesting message and send it up. */
3429                                 requeue = handle_lan_get_msg_rsp(intf, msg);
3430                         } else {
3431                                 /* It's a command to the SMS from some other
3432                                    entity.  Handle that. */
3433                                 requeue = handle_lan_get_msg_cmd(intf, msg);
3434                         }
3435                         break;
3436
3437                 default:
3438                         /* We don't handle the channel type, so just
3439                          * free the message. */
3440                         requeue = 0;
3441                 }
3442
3443         } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
3444                    && (msg->rsp[1] == IPMI_READ_EVENT_MSG_BUFFER_CMD))
3445         {
3446                 /* It's an asyncronous event. */
3447                 requeue = handle_read_event_rsp(intf, msg);
3448         } else {
3449                 /* It's a response from the local BMC. */
3450                 requeue = handle_bmc_rsp(intf, msg);
3451         }
3452
3453  out:
3454         return requeue;
3455 }
3456
3457 /* Handle a new message from the lower layer. */
3458 void ipmi_smi_msg_received(ipmi_smi_t          intf,
3459                            struct ipmi_smi_msg *msg)
3460 {
3461         unsigned long flags;
3462         int           rv;
3463
3464
3465         if ((msg->data_size >= 2)
3466             && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2))
3467             && (msg->data[1] == IPMI_SEND_MSG_CMD)
3468             && (msg->user_data == NULL))
3469         {
3470                 /* This is the local response to a command send, start
3471                    the timer for these.  The user_data will not be
3472                    NULL if this is a response send, and we will let
3473                    response sends just go through. */
3474
3475                 /* Check for errors, if we get certain errors (ones
3476                    that mean basically we can try again later), we
3477                    ignore them and start the timer.  Otherwise we
3478                    report the error immediately. */
3479                 if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0)
3480                     && (msg->rsp[2] != IPMI_NODE_BUSY_ERR)
3481                     && (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR)
3482                     && (msg->rsp[2] != IPMI_BUS_ERR)
3483                     && (msg->rsp[2] != IPMI_NAK_ON_WRITE_ERR))
3484                 {
3485                         int chan = msg->rsp[3] & 0xf;
3486
3487                         /* Got an error sending the message, handle it. */
3488                         spin_lock_irqsave(&intf->counter_lock, flags);
3489                         if (chan >= IPMI_MAX_CHANNELS)
3490                                 ; /* This shouldn't happen */
3491                         else if ((intf->channels[chan].medium
3492                                   == IPMI_CHANNEL_MEDIUM_8023LAN)
3493                                  || (intf->channels[chan].medium
3494                                      == IPMI_CHANNEL_MEDIUM_ASYNC))
3495                                 intf->sent_lan_command_errs++;
3496                         else
3497                                 intf->sent_ipmb_command_errs++;
3498                         spin_unlock_irqrestore(&intf->counter_lock, flags);
3499                         intf_err_seq(intf, msg->msgid, msg->rsp[2]);
3500                 } else {
3501                         /* The message was sent, start the timer. */
3502                         intf_start_seq_timer(intf, msg->msgid);
3503                 }
3504
3505                 ipmi_free_smi_msg(msg);
3506                 goto out;
3507         }
3508
3509         /* To preserve message order, if the list is not empty, we
3510            tack this message onto the end of the list. */
3511         spin_lock_irqsave(&intf->waiting_msgs_lock, flags);
3512         if (!list_empty(&intf->waiting_msgs)) {
3513                 list_add_tail(&msg->link, &intf->waiting_msgs);
3514                 spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
3515                 goto out;
3516         }
3517         spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
3518                 
3519         rv = handle_new_recv_msg(intf, msg);
3520         if (rv > 0) {
3521                 /* Could not handle the message now, just add it to a
3522                    list to handle later. */
3523                 spin_lock_irqsave(&intf->waiting_msgs_lock, flags);
3524                 list_add_tail(&msg->link, &intf->waiting_msgs);
3525                 spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
3526         } else if (rv == 0) {
3527                 ipmi_free_smi_msg(msg);
3528         }
3529
3530  out:
3531         return;
3532 }
3533
3534 void ipmi_smi_watchdog_pretimeout(ipmi_smi_t intf)
3535 {
3536         ipmi_user_t user;
3537
3538         rcu_read_lock();
3539         list_for_each_entry_rcu(user, &intf->users, link) {
3540                 if (!user->handler->ipmi_watchdog_pretimeout)
3541                         continue;
3542
3543                 user->handler->ipmi_watchdog_pretimeout(user->handler_data);
3544         }
3545         rcu_read_unlock();
3546 }
3547
3548
3549 static struct ipmi_smi_msg *
3550 smi_from_recv_msg(ipmi_smi_t intf, struct ipmi_recv_msg *recv_msg,
3551                   unsigned char seq, long seqid)
3552 {
3553         struct ipmi_smi_msg *smi_msg = ipmi_alloc_smi_msg();
3554         if (!smi_msg)
3555                 /* If we can't allocate the message, then just return, we
3556                    get 4 retries, so this should be ok. */
3557                 return NULL;
3558
3559         memcpy(smi_msg->data, recv_msg->msg.data, recv_msg->msg.data_len);
3560         smi_msg->data_size = recv_msg->msg.data_len;
3561         smi_msg->msgid = STORE_SEQ_IN_MSGID(seq, seqid);
3562                 
3563 #ifdef DEBUG_MSGING
3564         {
3565                 int m;
3566                 printk("Resend: ");
3567                 for (m = 0; m < smi_msg->data_size; m++)
3568                         printk(" %2.2x", smi_msg->data[m]);
3569                 printk("\n");
3570         }
3571 #endif
3572         return smi_msg;
3573 }
3574
3575 static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent,
3576                               struct list_head *timeouts, long timeout_period,
3577                               int slot, unsigned long *flags)
3578 {
3579         struct ipmi_recv_msg     *msg;
3580         struct ipmi_smi_handlers *handlers;
3581
3582         if (intf->intf_num == -1)
3583                 return;
3584
3585         if (!ent->inuse)
3586                 return;
3587
3588         ent->timeout -= timeout_period;
3589         if (ent->timeout > 0)
3590                 return;
3591
3592         if (ent->retries_left == 0) {
3593                 /* The message has used all its retries. */
3594                 ent->inuse = 0;
3595                 msg = ent->recv_msg;
3596                 list_add_tail(&msg->link, timeouts);
3597                 spin_lock(&intf->counter_lock);
3598                 if (ent->broadcast)
3599                         intf->timed_out_ipmb_broadcasts++;
3600                 else if (ent->recv_msg->addr.addr_type == IPMI_LAN_ADDR_TYPE)
3601                         intf->timed_out_lan_commands++;
3602                 else
3603                         intf->timed_out_ipmb_commands++;
3604                 spin_unlock(&intf->counter_lock);
3605         } else {
3606                 struct ipmi_smi_msg *smi_msg;
3607                 /* More retries, send again. */
3608
3609                 /* Start with the max timer, set to normal
3610                    timer after the message is sent. */
3611                 ent->timeout = MAX_MSG_TIMEOUT;
3612                 ent->retries_left--;
3613                 spin_lock(&intf->counter_lock);
3614                 if (ent->recv_msg->addr.addr_type == IPMI_LAN_ADDR_TYPE)
3615                         intf->retransmitted_lan_commands++;
3616                 else
3617                         intf->retransmitted_ipmb_commands++;
3618                 spin_unlock(&intf->counter_lock);
3619
3620                 smi_msg = smi_from_recv_msg(intf, ent->recv_msg, slot,
3621                                             ent->seqid);
3622                 if (!smi_msg)
3623                         return;
3624
3625                 spin_unlock_irqrestore(&intf->seq_lock, *flags);
3626
3627                 /* Send the new message.  We send with a zero
3628                  * priority.  It timed out, I doubt time is
3629                  * that critical now, and high priority
3630                  * messages are really only for messages to the
3631                  * local MC, which don't get resent. */
3632                 handlers = intf->handlers;
3633                 if (handlers)
3634                         intf->handlers->sender(intf->send_info,
3635                                                smi_msg, 0);
3636                 else
3637                         ipmi_free_smi_msg(smi_msg);
3638
3639                 spin_lock_irqsave(&intf->seq_lock, *flags);
3640         }
3641 }
3642
3643 static void ipmi_timeout_handler(long timeout_period)
3644 {
3645         ipmi_smi_t           intf;
3646         struct list_head     timeouts;
3647         struct ipmi_recv_msg *msg, *msg2;
3648         struct ipmi_smi_msg  *smi_msg, *smi_msg2;
3649         unsigned long        flags;
3650         int                  i;
3651
3652         rcu_read_lock();
3653         list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
3654                 /* See if any waiting messages need to be processed. */
3655                 spin_lock_irqsave(&intf->waiting_msgs_lock, flags);
3656                 list_for_each_entry_safe(smi_msg, smi_msg2,
3657                                          &intf->waiting_msgs, link) {
3658                         if (!handle_new_recv_msg(intf, smi_msg)) {
3659                                 list_del(&smi_msg->link);
3660                                 ipmi_free_smi_msg(smi_msg);
3661                         } else {
3662                                 /* To preserve message order, quit if we
3663                                    can't handle a message. */
3664                                 break;
3665                         }
3666                 }
3667                 spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
3668
3669                 /* Go through the seq table and find any messages that
3670                    have timed out, putting them in the timeouts
3671                    list. */
3672                 INIT_LIST_HEAD(&timeouts);
3673                 spin_lock_irqsave(&intf->seq_lock, flags);
3674                 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++)
3675                         check_msg_timeout(intf, &(intf->seq_table[i]),
3676                                           &timeouts, timeout_period, i,
3677                                           &flags);
3678                 spin_unlock_irqrestore(&intf->seq_lock, flags);
3679
3680                 list_for_each_entry_safe(msg, msg2, &timeouts, link)
3681                         deliver_err_response(msg, IPMI_TIMEOUT_COMPLETION_CODE);
3682
3683                 /*
3684                  * Maintenance mode handling.  Check the timeout
3685                  * optimistically before we claim the lock.  It may
3686                  * mean a timeout gets missed occasionally, but that
3687                  * only means the timeout gets extended by one period
3688                  * in that case.  No big deal, and it avoids the lock
3689                  * most of the time.
3690                  */
3691                 if (intf->auto_maintenance_timeout > 0) {
3692                         spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
3693                         if (intf->auto_maintenance_timeout > 0) {
3694                                 intf->auto_maintenance_timeout
3695                                         -= timeout_period;
3696                                 if (!intf->maintenance_mode
3697                                     && (intf->auto_maintenance_timeout <= 0))
3698                                 {
3699                                         intf->maintenance_mode_enable = 0;
3700                                         maintenance_mode_update(intf);
3701                                 }
3702                         }
3703                         spin_unlock_irqrestore(&intf->maintenance_mode_lock,
3704                                                flags);
3705                 }
3706         }
3707         rcu_read_unlock();
3708 }
3709
3710 static void ipmi_request_event(void)
3711 {
3712         ipmi_smi_t               intf;
3713         struct ipmi_smi_handlers *handlers;
3714
3715         rcu_read_lock();
3716         /* Called from the timer, no need to check if handlers is
3717          * valid. */
3718         list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
3719                 /* No event requests when in maintenance mode. */
3720                 if (intf->maintenance_mode_enable)
3721                         continue;
3722
3723                 handlers = intf->handlers;
3724                 if (handlers)
3725                         handlers->request_events(intf->send_info);
3726         }
3727         rcu_read_unlock();
3728 }
3729
3730 static struct timer_list ipmi_timer;
3731
3732 /* Call every ~100 ms. */
3733 #define IPMI_TIMEOUT_TIME       100
3734
3735 /* How many jiffies does it take to get to the timeout time. */
3736 #define IPMI_TIMEOUT_JIFFIES    ((IPMI_TIMEOUT_TIME * HZ) / 1000)
3737
3738 /* Request events from the queue every second (this is the number of
3739    IPMI_TIMEOUT_TIMES between event requests).  Hopefully, in the
3740    future, IPMI will add a way to know immediately if an event is in
3741    the queue and this silliness can go away. */
3742 #define IPMI_REQUEST_EV_TIME    (1000 / (IPMI_TIMEOUT_TIME))
3743
3744 static atomic_t stop_operation;
3745 static unsigned int ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
3746
3747 static void ipmi_timeout(unsigned long data)
3748 {
3749         if (atomic_read(&stop_operation))
3750                 return;
3751
3752         ticks_to_req_ev--;
3753         if (ticks_to_req_ev == 0) {
3754                 ipmi_request_event();
3755                 ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
3756         }
3757
3758         ipmi_timeout_handler(IPMI_TIMEOUT_TIME);
3759
3760         mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
3761 }
3762
3763
3764 static atomic_t smi_msg_inuse_count = ATOMIC_INIT(0);
3765 static atomic_t recv_msg_inuse_count = ATOMIC_INIT(0);
3766
3767 /* FIXME - convert these to slabs. */
3768 static void free_smi_msg(struct ipmi_smi_msg *msg)
3769 {
3770         atomic_dec(&smi_msg_inuse_count);
3771         kfree(msg);
3772 }
3773
3774 struct ipmi_smi_msg *ipmi_alloc_smi_msg(void)
3775 {
3776         struct ipmi_smi_msg *rv;
3777         rv = kmalloc(sizeof(struct ipmi_smi_msg), GFP_ATOMIC);
3778         if (rv) {
3779                 rv->done = free_smi_msg;
3780                 rv->user_data = NULL;
3781                 atomic_inc(&smi_msg_inuse_count);
3782         }
3783         return rv;
3784 }
3785
3786 static void free_recv_msg(struct ipmi_recv_msg *msg)
3787 {
3788         atomic_dec(&recv_msg_inuse_count);
3789         kfree(msg);
3790 }
3791
3792 struct ipmi_recv_msg *ipmi_alloc_recv_msg(void)
3793 {
3794         struct ipmi_recv_msg *rv;
3795
3796         rv = kmalloc(sizeof(struct ipmi_recv_msg), GFP_ATOMIC);
3797         if (rv) {
3798                 rv->user = NULL;
3799                 rv->done = free_recv_msg;
3800                 atomic_inc(&recv_msg_inuse_count);
3801         }
3802         return rv;
3803 }
3804
3805 void ipmi_free_recv_msg(struct ipmi_recv_msg *msg)
3806 {
3807         if (msg->user)
3808                 kref_put(&msg->user->refcount, free_user);
3809         msg->done(msg);
3810 }
3811
3812 #ifdef CONFIG_IPMI_PANIC_EVENT
3813
3814 static void dummy_smi_done_handler(struct ipmi_smi_msg *msg)
3815 {
3816 }
3817
3818 static void dummy_recv_done_handler(struct ipmi_recv_msg *msg)
3819 {
3820 }
3821
3822 #ifdef CONFIG_IPMI_PANIC_STRING
3823 static void event_receiver_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
3824 {
3825         if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
3826             && (msg->msg.netfn == IPMI_NETFN_SENSOR_EVENT_RESPONSE)
3827             && (msg->msg.cmd == IPMI_GET_EVENT_RECEIVER_CMD)
3828             && (msg->msg.data[0] == IPMI_CC_NO_ERROR))
3829         {
3830                 /* A get event receiver command, save it. */
3831                 intf->event_receiver = msg->msg.data[1];
3832                 intf->event_receiver_lun = msg->msg.data[2] & 0x3;
3833         }
3834 }
3835
3836 static void device_id_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
3837 {
3838         if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
3839             && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
3840             && (msg->msg.cmd == IPMI_GET_DEVICE_ID_CMD)
3841             && (msg->msg.data[0] == IPMI_CC_NO_ERROR))
3842         {
3843                 /* A get device id command, save if we are an event
3844                    receiver or generator. */
3845                 intf->local_sel_device = (msg->msg.data[6] >> 2) & 1;
3846                 intf->local_event_generator = (msg->msg.data[6] >> 5) & 1;
3847         }
3848 }
3849 #endif
3850
3851 static void send_panic_events(char *str)
3852 {
3853         struct kernel_ipmi_msg            msg;
3854         ipmi_smi_t                        intf;
3855         unsigned char                     data[16];
3856         struct ipmi_system_interface_addr *si;
3857         struct ipmi_addr                  addr;
3858         struct ipmi_smi_msg               smi_msg;
3859         struct ipmi_recv_msg              recv_msg;
3860
3861         si = (struct ipmi_system_interface_addr *) &addr;
3862         si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3863         si->channel = IPMI_BMC_CHANNEL;
3864         si->lun = 0;
3865
3866         /* Fill in an event telling that we have failed. */
3867         msg.netfn = 0x04; /* Sensor or Event. */
3868         msg.cmd = 2; /* Platform event command. */
3869         msg.data = data;
3870         msg.data_len = 8;
3871         data[0] = 0x41; /* Kernel generator ID, IPMI table 5-4 */
3872         data[1] = 0x03; /* This is for IPMI 1.0. */
3873         data[2] = 0x20; /* OS Critical Stop, IPMI table 36-3 */
3874         data[4] = 0x6f; /* Sensor specific, IPMI table 36-1 */
3875         data[5] = 0xa1; /* Runtime stop OEM bytes 2 & 3. */
3876
3877         /* Put a few breadcrumbs in.  Hopefully later we can add more things
3878            to make the panic events more useful. */
3879         if (str) {
3880                 data[3] = str[0];
3881                 data[6] = str[1];
3882                 data[7] = str[2];
3883         }
3884
3885         smi_msg.done = dummy_smi_done_handler;
3886         recv_msg.done = dummy_recv_done_handler;
3887
3888         /* For every registered interface, send the event. */
3889         list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
3890                 if (!intf->handlers)
3891                         /* Interface is not ready. */
3892                         continue;
3893
3894                 /* Send the event announcing the panic. */
3895                 intf->handlers->set_run_to_completion(intf->send_info, 1);
3896                 i_ipmi_request(NULL,
3897                                intf,
3898                                &addr,
3899                                0,
3900                                &msg,
3901                                intf,
3902                                &smi_msg,
3903                                &recv_msg,
3904                                0,
3905                                intf->channels[0].address,
3906                                intf->channels[0].lun,
3907                                0, 1); /* Don't retry, and don't wait. */
3908         }
3909
3910 #ifdef CONFIG_IPMI_PANIC_STRING
3911         /* On every interface, dump a bunch of OEM event holding the
3912            string. */
3913         if (!str) 
3914                 return;
3915
3916         /* For every registered interface, send the event. */
3917         list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
3918                 char                  *p = str;
3919                 struct ipmi_ipmb_addr *ipmb;
3920                 int                   j;
3921
3922                 if (intf->intf_num == -1)
3923                         /* Interface was not ready yet. */
3924                         continue;
3925
3926                 /*
3927                  * intf_num is used as an marker to tell if the
3928                  * interface is valid.  Thus we need a read barrier to
3929                  * make sure data fetched before checking intf_num
3930                  * won't be used.
3931                  */
3932                 smp_rmb();
3933
3934                 /* First job here is to figure out where to send the
3935                    OEM events.  There's no way in IPMI to send OEM
3936                    events using an event send command, so we have to
3937                    find the SEL to put them in and stick them in
3938                    there. */
3939
3940                 /* Get capabilities from the get device id. */
3941                 intf->local_sel_device = 0;
3942                 intf->local_event_generator = 0;
3943                 intf->event_receiver = 0;
3944
3945                 /* Request the device info from the local MC. */
3946                 msg.netfn = IPMI_NETFN_APP_REQUEST;
3947                 msg.cmd = IPMI_GET_DEVICE_ID_CMD;
3948                 msg.data = NULL;
3949                 msg.data_len = 0;
3950                 intf->null_user_handler = device_id_fetcher;
3951                 i_ipmi_request(NULL,
3952                                intf,
3953                                &addr,
3954                                0,
3955                                &msg,
3956                                intf,
3957                                &smi_msg,
3958                                &recv_msg,
3959                                0,
3960                                intf->channels[0].address,
3961                                intf->channels[0].lun,
3962                                0, 1); /* Don't retry, and don't wait. */
3963
3964                 if (intf->local_event_generator) {
3965                         /* Request the event receiver from the local MC. */
3966                         msg.netfn = IPMI_NETFN_SENSOR_EVENT_REQUEST;
3967                         msg.cmd = IPMI_GET_EVENT_RECEIVER_CMD;
3968                         msg.data = NULL;
3969                         msg.data_len = 0;
3970                         intf->null_user_handler = event_receiver_fetcher;
3971                         i_ipmi_request(NULL,
3972                                        intf,
3973                                        &addr,
3974                                        0,
3975                                        &msg,
3976                                        intf,
3977                                        &smi_msg,
3978                                        &recv_msg,
3979                                        0,
3980                                        intf->channels[0].address,
3981                                        intf->channels[0].lun,
3982                                        0, 1); /* no retry, and no wait. */
3983                 }
3984                 intf->null_user_handler = NULL;
3985
3986                 /* Validate the event receiver.  The low bit must not
3987                    be 1 (it must be a valid IPMB address), it cannot
3988                    be zero, and it must not be my address. */
3989                 if (((intf->event_receiver & 1) == 0)
3990                     && (intf->event_receiver != 0)
3991                     && (intf->event_receiver != intf->channels[0].address))
3992                 {
3993                         /* The event receiver is valid, send an IPMB
3994                            message. */
3995                         ipmb = (struct ipmi_ipmb_addr *) &addr;
3996                         ipmb->addr_type = IPMI_IPMB_ADDR_TYPE;
3997                         ipmb->channel = 0; /* FIXME - is this right? */
3998                         ipmb->lun = intf->event_receiver_lun;
3999                         ipmb->slave_addr = intf->event_receiver;
4000                 } else if (intf->local_sel_device) {
4001                         /* The event receiver was not valid (or was
4002                            me), but I am an SEL device, just dump it
4003                            in my SEL. */
4004                         si = (struct ipmi_system_interface_addr *) &addr;
4005                         si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
4006                         si->channel = IPMI_BMC_CHANNEL;
4007                         si->lun = 0;
4008                 } else
4009                         continue; /* No where to send the event. */
4010
4011                 
4012                 msg.netfn = IPMI_NETFN_STORAGE_REQUEST; /* Storage. */
4013                 msg.cmd = IPMI_ADD_SEL_ENTRY_CMD;
4014                 msg.data = data;
4015                 msg.data_len = 16;
4016
4017                 j = 0;
4018                 while (*p) {
4019                         int size = strlen(p);
4020
4021                         if (size > 11)
4022                                 size = 11;
4023                         data[0] = 0;
4024                         data[1] = 0;
4025                         data[2] = 0xf0; /* OEM event without timestamp. */
4026                         data[3] = intf->channels[0].address;
4027                         data[4] = j++; /* sequence # */
4028                         /* Always give 11 bytes, so strncpy will fill
4029                            it with zeroes for me. */
4030                         strncpy(data+5, p, 11);
4031                         p += size;
4032
4033                         i_ipmi_request(NULL,
4034                                        intf,
4035                                        &addr,
4036                                        0,
4037                                        &msg,
4038                                        intf,
4039                                        &smi_msg,
4040                                        &recv_msg,
4041                                        0,
4042                                        intf->channels[0].address,
4043                                        intf->channels[0].lun,
4044                                        0, 1); /* no retry, and no wait. */
4045                 }
4046         }       
4047 #endif /* CONFIG_IPMI_PANIC_STRING */
4048 }
4049 #endif /* CONFIG_IPMI_PANIC_EVENT */
4050
4051 static int has_panicked;
4052
4053 static int panic_event(struct notifier_block *this,
4054                        unsigned long         event,
4055                        void                  *ptr)
4056 {
4057         ipmi_smi_t intf;
4058
4059         if (has_panicked)
4060                 return NOTIFY_DONE;
4061         has_panicked = 1;
4062
4063         /* For every registered interface, set it to run to completion. */
4064         list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
4065                 if (!intf->handlers)
4066                         /* Interface is not ready. */
4067                         continue;
4068
4069                 intf->handlers->set_run_to_completion(intf->send_info, 1);
4070         }
4071
4072 #ifdef CONFIG_IPMI_PANIC_EVENT
4073         send_panic_events(ptr);
4074 #endif
4075
4076         return NOTIFY_DONE;
4077 }
4078
4079 static struct notifier_block panic_block = {
4080         .notifier_call  = panic_event,
4081         .next           = NULL,
4082         .priority       = 200   /* priority: INT_MAX >= x >= 0 */
4083 };
4084
4085 static int ipmi_init_msghandler(void)
4086 {
4087         int rv;
4088
4089         if (initialized)
4090                 return 0;
4091
4092         rv = driver_register(&ipmidriver);
4093         if (rv) {
4094                 printk(KERN_ERR PFX "Could not register IPMI driver\n");
4095                 return rv;
4096         }
4097
4098         printk(KERN_INFO "ipmi message handler version "
4099                IPMI_DRIVER_VERSION "\n");
4100
4101 #ifdef CONFIG_PROC_FS
4102         proc_ipmi_root = proc_mkdir("ipmi", NULL);
4103         if (!proc_ipmi_root) {
4104             printk(KERN_ERR PFX "Unable to create IPMI proc dir");
4105             return -ENOMEM;
4106         }
4107
4108         proc_ipmi_root->owner = THIS_MODULE;
4109 #endif /* CONFIG_PROC_FS */
4110
4111         setup_timer(&ipmi_timer, ipmi_timeout, 0);
4112         mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
4113
4114         atomic_notifier_chain_register(&panic_notifier_list, &panic_block);
4115
4116         initialized = 1;
4117
4118         return 0;
4119 }
4120
4121 static __init int ipmi_init_msghandler_mod(void)
4122 {
4123         ipmi_init_msghandler();
4124         return 0;
4125 }
4126
4127 static __exit void cleanup_ipmi(void)
4128 {
4129         int count;
4130
4131         if (!initialized)
4132                 return;
4133
4134         atomic_notifier_chain_unregister(&panic_notifier_list, &panic_block);
4135
4136         /* This can't be called if any interfaces exist, so no worry about
4137            shutting down the interfaces. */
4138
4139         /* Tell the timer to stop, then wait for it to stop.  This avoids
4140            problems with race conditions removing the timer here. */
4141         atomic_inc(&stop_operation);
4142         del_timer_sync(&ipmi_timer);
4143
4144 #ifdef CONFIG_PROC_FS
4145         remove_proc_entry(proc_ipmi_root->name, NULL);
4146 #endif /* CONFIG_PROC_FS */
4147
4148         driver_unregister(&ipmidriver);
4149
4150         initialized = 0;
4151
4152         /* Check for buffer leaks. */
4153         count = atomic_read(&smi_msg_inuse_count);
4154         if (count != 0)
4155                 printk(KERN_WARNING PFX "SMI message count %d at exit\n",
4156                        count);
4157         count = atomic_read(&recv_msg_inuse_count);
4158         if (count != 0)
4159                 printk(KERN_WARNING PFX "recv message count %d at exit\n",
4160                        count);
4161 }
4162 module_exit(cleanup_ipmi);
4163
4164 module_init(ipmi_init_msghandler_mod);
4165 MODULE_LICENSE("GPL");
4166 MODULE_AUTHOR("Corey Minyard <minyard@mvista.com>");
4167 MODULE_DESCRIPTION("Incoming and outgoing message routing for an IPMI interface.");
4168 MODULE_VERSION(IPMI_DRIVER_VERSION);
4169
4170 EXPORT_SYMBOL(ipmi_create_user);
4171 EXPORT_SYMBOL(ipmi_destroy_user);
4172 EXPORT_SYMBOL(ipmi_get_version);
4173 EXPORT_SYMBOL(ipmi_request_settime);
4174 EXPORT_SYMBOL(ipmi_request_supply_msgs);
4175 EXPORT_SYMBOL(ipmi_poll_interface);
4176 EXPORT_SYMBOL(ipmi_register_smi);
4177 EXPORT_SYMBOL(ipmi_unregister_smi);
4178 EXPORT_SYMBOL(ipmi_register_for_cmd);
4179 EXPORT_SYMBOL(ipmi_unregister_for_cmd);
4180 EXPORT_SYMBOL(ipmi_smi_msg_received);
4181 EXPORT_SYMBOL(ipmi_smi_watchdog_pretimeout);
4182 EXPORT_SYMBOL(ipmi_alloc_smi_msg);
4183 EXPORT_SYMBOL(ipmi_addr_length);
4184 EXPORT_SYMBOL(ipmi_validate_addr);
4185 EXPORT_SYMBOL(ipmi_set_gets_events);
4186 EXPORT_SYMBOL(ipmi_smi_watcher_register);
4187 EXPORT_SYMBOL(ipmi_smi_watcher_unregister);
4188 EXPORT_SYMBOL(ipmi_set_my_address);
4189 EXPORT_SYMBOL(ipmi_get_my_address);
4190 EXPORT_SYMBOL(ipmi_set_my_LUN);
4191 EXPORT_SYMBOL(ipmi_get_my_LUN);
4192 EXPORT_SYMBOL(ipmi_smi_add_proc_entry);
4193 EXPORT_SYMBOL(ipmi_user_set_run_to_completion);
4194 EXPORT_SYMBOL(ipmi_free_recv_msg);