Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394...
[linux-2.6] / drivers / char / ipmi / ipmi_msghandler.c
1 /*
2  * ipmi_msghandler.c
3  *
4  * Incoming and outgoing message routing for an IPMI interface.
5  *
6  * Author: MontaVista Software, Inc.
7  *         Corey Minyard <minyard@mvista.com>
8  *         source@mvista.com
9  *
10  * Copyright 2002 MontaVista Software Inc.
11  *
12  *  This program is free software; you can redistribute it and/or modify it
13  *  under the terms of the GNU General Public License as published by the
14  *  Free Software Foundation; either version 2 of the License, or (at your
15  *  option) any later version.
16  *
17  *
18  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
19  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21  *  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22  *  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23  *  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
24  *  OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25  *  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
26  *  TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
27  *  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  *
29  *  You should have received a copy of the GNU General Public License along
30  *  with this program; if not, write to the Free Software Foundation, Inc.,
31  *  675 Mass Ave, Cambridge, MA 02139, USA.
32  */
33
34 #include <linux/module.h>
35 #include <linux/errno.h>
36 #include <asm/system.h>
37 #include <linux/poll.h>
38 #include <linux/spinlock.h>
39 #include <linux/mutex.h>
40 #include <linux/slab.h>
41 #include <linux/ipmi.h>
42 #include <linux/ipmi_smi.h>
43 #include <linux/notifier.h>
44 #include <linux/init.h>
45 #include <linux/proc_fs.h>
46 #include <linux/rcupdate.h>
47
48 #define PFX "IPMI message handler: "
49
50 #define IPMI_DRIVER_VERSION "39.2"
51
52 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void);
53 static int ipmi_init_msghandler(void);
54
55 static int initialized;
56
57 #ifdef CONFIG_PROC_FS
58 static struct proc_dir_entry *proc_ipmi_root;
59 #endif /* CONFIG_PROC_FS */
60
61 /* Remain in auto-maintenance mode for this amount of time (in ms). */
62 #define IPMI_MAINTENANCE_MODE_TIMEOUT 30000
63
64 #define MAX_EVENTS_IN_QUEUE     25
65
66 /*
67  * Don't let a message sit in a queue forever, always time it with at lest
68  * the max message timer.  This is in milliseconds.
69  */
70 #define MAX_MSG_TIMEOUT         60000
71
72 /*
73  * The main "user" data structure.
74  */
75 struct ipmi_user {
76         struct list_head link;
77
78         /* Set to "0" when the user is destroyed. */
79         int valid;
80
81         struct kref refcount;
82
83         /* The upper layer that handles receive messages. */
84         struct ipmi_user_hndl *handler;
85         void             *handler_data;
86
87         /* The interface this user is bound to. */
88         ipmi_smi_t intf;
89
90         /* Does this interface receive IPMI events? */
91         int gets_events;
92 };
93
94 struct cmd_rcvr {
95         struct list_head link;
96
97         ipmi_user_t   user;
98         unsigned char netfn;
99         unsigned char cmd;
100         unsigned int  chans;
101
102         /*
103          * This is used to form a linked lised during mass deletion.
104          * Since this is in an RCU list, we cannot use the link above
105          * or change any data until the RCU period completes.  So we
106          * use this next variable during mass deletion so we can have
107          * a list and don't have to wait and restart the search on
108          * every individual deletion of a command.
109          */
110         struct cmd_rcvr *next;
111 };
112
113 struct seq_table {
114         unsigned int         inuse : 1;
115         unsigned int         broadcast : 1;
116
117         unsigned long        timeout;
118         unsigned long        orig_timeout;
119         unsigned int         retries_left;
120
121         /*
122          * To verify on an incoming send message response that this is
123          * the message that the response is for, we keep a sequence id
124          * and increment it every time we send a message.
125          */
126         long                 seqid;
127
128         /*
129          * This is held so we can properly respond to the message on a
130          * timeout, and it is used to hold the temporary data for
131          * retransmission, too.
132          */
133         struct ipmi_recv_msg *recv_msg;
134 };
135
136 /*
137  * Store the information in a msgid (long) to allow us to find a
138  * sequence table entry from the msgid.
139  */
140 #define STORE_SEQ_IN_MSGID(seq, seqid) (((seq&0xff)<<26) | (seqid&0x3ffffff))
141
142 #define GET_SEQ_FROM_MSGID(msgid, seq, seqid) \
143         do {                                                            \
144                 seq = ((msgid >> 26) & 0x3f);                           \
145                 seqid = (msgid & 0x3fffff);                             \
146         } while (0)
147
148 #define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3fffff)
149
150 struct ipmi_channel {
151         unsigned char medium;
152         unsigned char protocol;
153
154         /*
155          * My slave address.  This is initialized to IPMI_BMC_SLAVE_ADDR,
156          * but may be changed by the user.
157          */
158         unsigned char address;
159
160         /*
161          * My LUN.  This should generally stay the SMS LUN, but just in
162          * case...
163          */
164         unsigned char lun;
165 };
166
167 #ifdef CONFIG_PROC_FS
168 struct ipmi_proc_entry {
169         char                   *name;
170         struct ipmi_proc_entry *next;
171 };
172 #endif
173
174 struct bmc_device {
175         struct platform_device *dev;
176         struct ipmi_device_id  id;
177         unsigned char          guid[16];
178         int                    guid_set;
179
180         struct kref            refcount;
181
182         /* bmc device attributes */
183         struct device_attribute device_id_attr;
184         struct device_attribute provides_dev_sdrs_attr;
185         struct device_attribute revision_attr;
186         struct device_attribute firmware_rev_attr;
187         struct device_attribute version_attr;
188         struct device_attribute add_dev_support_attr;
189         struct device_attribute manufacturer_id_attr;
190         struct device_attribute product_id_attr;
191         struct device_attribute guid_attr;
192         struct device_attribute aux_firmware_rev_attr;
193 };
194
195 /*
196  * Various statistics for IPMI, these index stats[] in the ipmi_smi
197  * structure.
198  */
199 enum ipmi_stat_indexes {
200         /* Commands we got from the user that were invalid. */
201         IPMI_STAT_sent_invalid_commands = 0,
202
203         /* Commands we sent to the MC. */
204         IPMI_STAT_sent_local_commands,
205
206         /* Responses from the MC that were delivered to a user. */
207         IPMI_STAT_handled_local_responses,
208
209         /* Responses from the MC that were not delivered to a user. */
210         IPMI_STAT_unhandled_local_responses,
211
212         /* Commands we sent out to the IPMB bus. */
213         IPMI_STAT_sent_ipmb_commands,
214
215         /* Commands sent on the IPMB that had errors on the SEND CMD */
216         IPMI_STAT_sent_ipmb_command_errs,
217
218         /* Each retransmit increments this count. */
219         IPMI_STAT_retransmitted_ipmb_commands,
220
221         /*
222          * When a message times out (runs out of retransmits) this is
223          * incremented.
224          */
225         IPMI_STAT_timed_out_ipmb_commands,
226
227         /*
228          * This is like above, but for broadcasts.  Broadcasts are
229          * *not* included in the above count (they are expected to
230          * time out).
231          */
232         IPMI_STAT_timed_out_ipmb_broadcasts,
233
234         /* Responses I have sent to the IPMB bus. */
235         IPMI_STAT_sent_ipmb_responses,
236
237         /* The response was delivered to the user. */
238         IPMI_STAT_handled_ipmb_responses,
239
240         /* The response had invalid data in it. */
241         IPMI_STAT_invalid_ipmb_responses,
242
243         /* The response didn't have anyone waiting for it. */
244         IPMI_STAT_unhandled_ipmb_responses,
245
246         /* Commands we sent out to the IPMB bus. */
247         IPMI_STAT_sent_lan_commands,
248
249         /* Commands sent on the IPMB that had errors on the SEND CMD */
250         IPMI_STAT_sent_lan_command_errs,
251
252         /* Each retransmit increments this count. */
253         IPMI_STAT_retransmitted_lan_commands,
254
255         /*
256          * When a message times out (runs out of retransmits) this is
257          * incremented.
258          */
259         IPMI_STAT_timed_out_lan_commands,
260
261         /* Responses I have sent to the IPMB bus. */
262         IPMI_STAT_sent_lan_responses,
263
264         /* The response was delivered to the user. */
265         IPMI_STAT_handled_lan_responses,
266
267         /* The response had invalid data in it. */
268         IPMI_STAT_invalid_lan_responses,
269
270         /* The response didn't have anyone waiting for it. */
271         IPMI_STAT_unhandled_lan_responses,
272
273         /* The command was delivered to the user. */
274         IPMI_STAT_handled_commands,
275
276         /* The command had invalid data in it. */
277         IPMI_STAT_invalid_commands,
278
279         /* The command didn't have anyone waiting for it. */
280         IPMI_STAT_unhandled_commands,
281
282         /* Invalid data in an event. */
283         IPMI_STAT_invalid_events,
284
285         /* Events that were received with the proper format. */
286         IPMI_STAT_events,
287
288
289         /* This *must* remain last, add new values above this. */
290         IPMI_NUM_STATS
291 };
292
293
294 #define IPMI_IPMB_NUM_SEQ       64
295 #define IPMI_MAX_CHANNELS       16
296 struct ipmi_smi {
297         /* What interface number are we? */
298         int intf_num;
299
300         struct kref refcount;
301
302         /* Used for a list of interfaces. */
303         struct list_head link;
304
305         /*
306          * The list of upper layers that are using me.  seq_lock
307          * protects this.
308          */
309         struct list_head users;
310
311         /* Information to supply to users. */
312         unsigned char ipmi_version_major;
313         unsigned char ipmi_version_minor;
314
315         /* Used for wake ups at startup. */
316         wait_queue_head_t waitq;
317
318         struct bmc_device *bmc;
319         char *my_dev_name;
320         char *sysfs_name;
321
322         /*
323          * This is the lower-layer's sender routine.  Note that you
324          * must either be holding the ipmi_interfaces_mutex or be in
325          * an umpreemptible region to use this.  You must fetch the
326          * value into a local variable and make sure it is not NULL.
327          */
328         struct ipmi_smi_handlers *handlers;
329         void                     *send_info;
330
331 #ifdef CONFIG_PROC_FS
332         /* A list of proc entries for this interface. */
333         struct mutex           proc_entry_lock;
334         struct ipmi_proc_entry *proc_entries;
335 #endif
336
337         /* Driver-model device for the system interface. */
338         struct device          *si_dev;
339
340         /*
341          * A table of sequence numbers for this interface.  We use the
342          * sequence numbers for IPMB messages that go out of the
343          * interface to match them up with their responses.  A routine
344          * is called periodically to time the items in this list.
345          */
346         spinlock_t       seq_lock;
347         struct seq_table seq_table[IPMI_IPMB_NUM_SEQ];
348         int curr_seq;
349
350         /*
351          * Messages that were delayed for some reason (out of memory,
352          * for instance), will go in here to be processed later in a
353          * periodic timer interrupt.
354          */
355         spinlock_t       waiting_msgs_lock;
356         struct list_head waiting_msgs;
357
358         /*
359          * The list of command receivers that are registered for commands
360          * on this interface.
361          */
362         struct mutex     cmd_rcvrs_mutex;
363         struct list_head cmd_rcvrs;
364
365         /*
366          * Events that were queues because no one was there to receive
367          * them.
368          */
369         spinlock_t       events_lock; /* For dealing with event stuff. */
370         struct list_head waiting_events;
371         unsigned int     waiting_events_count; /* How many events in queue? */
372         char             delivering_events;
373         char             event_msg_printed;
374
375         /*
376          * The event receiver for my BMC, only really used at panic
377          * shutdown as a place to store this.
378          */
379         unsigned char event_receiver;
380         unsigned char event_receiver_lun;
381         unsigned char local_sel_device;
382         unsigned char local_event_generator;
383
384         /* For handling of maintenance mode. */
385         int maintenance_mode;
386         int maintenance_mode_enable;
387         int auto_maintenance_timeout;
388         spinlock_t maintenance_mode_lock; /* Used in a timer... */
389
390         /*
391          * A cheap hack, if this is non-null and a message to an
392          * interface comes in with a NULL user, call this routine with
393          * it.  Note that the message will still be freed by the
394          * caller.  This only works on the system interface.
395          */
396         void (*null_user_handler)(ipmi_smi_t intf, struct ipmi_recv_msg *msg);
397
398         /*
399          * When we are scanning the channels for an SMI, this will
400          * tell which channel we are scanning.
401          */
402         int curr_channel;
403
404         /* Channel information */
405         struct ipmi_channel channels[IPMI_MAX_CHANNELS];
406
407         /* Proc FS stuff. */
408         struct proc_dir_entry *proc_dir;
409         char                  proc_dir_name[10];
410
411         atomic_t stats[IPMI_NUM_STATS];
412
413         /*
414          * run_to_completion duplicate of smb_info, smi_info
415          * and ipmi_serial_info structures. Used to decrease numbers of
416          * parameters passed by "low" level IPMI code.
417          */
418         int run_to_completion;
419 };
420 #define to_si_intf_from_dev(device) container_of(device, struct ipmi_smi, dev)
421
422 /**
423  * The driver model view of the IPMI messaging driver.
424  */
425 static struct device_driver ipmidriver = {
426         .name = "ipmi",
427         .bus = &platform_bus_type
428 };
429 static DEFINE_MUTEX(ipmidriver_mutex);
430
431 static LIST_HEAD(ipmi_interfaces);
432 static DEFINE_MUTEX(ipmi_interfaces_mutex);
433
434 /*
435  * List of watchers that want to know when smi's are added and deleted.
436  */
437 static LIST_HEAD(smi_watchers);
438 static DEFINE_MUTEX(smi_watchers_mutex);
439
440
441 #define ipmi_inc_stat(intf, stat) \
442         atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat])
443 #define ipmi_get_stat(intf, stat) \
444         ((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat]))
445
446
447 static void free_recv_msg_list(struct list_head *q)
448 {
449         struct ipmi_recv_msg *msg, *msg2;
450
451         list_for_each_entry_safe(msg, msg2, q, link) {
452                 list_del(&msg->link);
453                 ipmi_free_recv_msg(msg);
454         }
455 }
456
457 static void free_smi_msg_list(struct list_head *q)
458 {
459         struct ipmi_smi_msg *msg, *msg2;
460
461         list_for_each_entry_safe(msg, msg2, q, link) {
462                 list_del(&msg->link);
463                 ipmi_free_smi_msg(msg);
464         }
465 }
466
467 static void clean_up_interface_data(ipmi_smi_t intf)
468 {
469         int              i;
470         struct cmd_rcvr  *rcvr, *rcvr2;
471         struct list_head list;
472
473         free_smi_msg_list(&intf->waiting_msgs);
474         free_recv_msg_list(&intf->waiting_events);
475
476         /*
477          * Wholesale remove all the entries from the list in the
478          * interface and wait for RCU to know that none are in use.
479          */
480         mutex_lock(&intf->cmd_rcvrs_mutex);
481         INIT_LIST_HEAD(&list);
482         list_splice_init_rcu(&intf->cmd_rcvrs, &list, synchronize_rcu);
483         mutex_unlock(&intf->cmd_rcvrs_mutex);
484
485         list_for_each_entry_safe(rcvr, rcvr2, &list, link)
486                 kfree(rcvr);
487
488         for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
489                 if ((intf->seq_table[i].inuse)
490                                         && (intf->seq_table[i].recv_msg))
491                         ipmi_free_recv_msg(intf->seq_table[i].recv_msg);
492         }
493 }
494
495 static void intf_free(struct kref *ref)
496 {
497         ipmi_smi_t intf = container_of(ref, struct ipmi_smi, refcount);
498
499         clean_up_interface_data(intf);
500         kfree(intf);
501 }
502
503 struct watcher_entry {
504         int              intf_num;
505         ipmi_smi_t       intf;
506         struct list_head link;
507 };
508
509 int ipmi_smi_watcher_register(struct ipmi_smi_watcher *watcher)
510 {
511         ipmi_smi_t intf;
512         LIST_HEAD(to_deliver);
513         struct watcher_entry *e, *e2;
514
515         mutex_lock(&smi_watchers_mutex);
516
517         mutex_lock(&ipmi_interfaces_mutex);
518
519         /* Build a list of things to deliver. */
520         list_for_each_entry(intf, &ipmi_interfaces, link) {
521                 if (intf->intf_num == -1)
522                         continue;
523                 e = kmalloc(sizeof(*e), GFP_KERNEL);
524                 if (!e)
525                         goto out_err;
526                 kref_get(&intf->refcount);
527                 e->intf = intf;
528                 e->intf_num = intf->intf_num;
529                 list_add_tail(&e->link, &to_deliver);
530         }
531
532         /* We will succeed, so add it to the list. */
533         list_add(&watcher->link, &smi_watchers);
534
535         mutex_unlock(&ipmi_interfaces_mutex);
536
537         list_for_each_entry_safe(e, e2, &to_deliver, link) {
538                 list_del(&e->link);
539                 watcher->new_smi(e->intf_num, e->intf->si_dev);
540                 kref_put(&e->intf->refcount, intf_free);
541                 kfree(e);
542         }
543
544         mutex_unlock(&smi_watchers_mutex);
545
546         return 0;
547
548  out_err:
549         mutex_unlock(&ipmi_interfaces_mutex);
550         mutex_unlock(&smi_watchers_mutex);
551         list_for_each_entry_safe(e, e2, &to_deliver, link) {
552                 list_del(&e->link);
553                 kref_put(&e->intf->refcount, intf_free);
554                 kfree(e);
555         }
556         return -ENOMEM;
557 }
558 EXPORT_SYMBOL(ipmi_smi_watcher_register);
559
560 int ipmi_smi_watcher_unregister(struct ipmi_smi_watcher *watcher)
561 {
562         mutex_lock(&smi_watchers_mutex);
563         list_del(&(watcher->link));
564         mutex_unlock(&smi_watchers_mutex);
565         return 0;
566 }
567 EXPORT_SYMBOL(ipmi_smi_watcher_unregister);
568
569 /*
570  * Must be called with smi_watchers_mutex held.
571  */
572 static void
573 call_smi_watchers(int i, struct device *dev)
574 {
575         struct ipmi_smi_watcher *w;
576
577         list_for_each_entry(w, &smi_watchers, link) {
578                 if (try_module_get(w->owner)) {
579                         w->new_smi(i, dev);
580                         module_put(w->owner);
581                 }
582         }
583 }
584
585 static int
586 ipmi_addr_equal(struct ipmi_addr *addr1, struct ipmi_addr *addr2)
587 {
588         if (addr1->addr_type != addr2->addr_type)
589                 return 0;
590
591         if (addr1->channel != addr2->channel)
592                 return 0;
593
594         if (addr1->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
595                 struct ipmi_system_interface_addr *smi_addr1
596                     = (struct ipmi_system_interface_addr *) addr1;
597                 struct ipmi_system_interface_addr *smi_addr2
598                     = (struct ipmi_system_interface_addr *) addr2;
599                 return (smi_addr1->lun == smi_addr2->lun);
600         }
601
602         if ((addr1->addr_type == IPMI_IPMB_ADDR_TYPE)
603             || (addr1->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)) {
604                 struct ipmi_ipmb_addr *ipmb_addr1
605                     = (struct ipmi_ipmb_addr *) addr1;
606                 struct ipmi_ipmb_addr *ipmb_addr2
607                     = (struct ipmi_ipmb_addr *) addr2;
608
609                 return ((ipmb_addr1->slave_addr == ipmb_addr2->slave_addr)
610                         && (ipmb_addr1->lun == ipmb_addr2->lun));
611         }
612
613         if (addr1->addr_type == IPMI_LAN_ADDR_TYPE) {
614                 struct ipmi_lan_addr *lan_addr1
615                         = (struct ipmi_lan_addr *) addr1;
616                 struct ipmi_lan_addr *lan_addr2
617                     = (struct ipmi_lan_addr *) addr2;
618
619                 return ((lan_addr1->remote_SWID == lan_addr2->remote_SWID)
620                         && (lan_addr1->local_SWID == lan_addr2->local_SWID)
621                         && (lan_addr1->session_handle
622                             == lan_addr2->session_handle)
623                         && (lan_addr1->lun == lan_addr2->lun));
624         }
625
626         return 1;
627 }
628
629 int ipmi_validate_addr(struct ipmi_addr *addr, int len)
630 {
631         if (len < sizeof(struct ipmi_system_interface_addr))
632                 return -EINVAL;
633
634         if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
635                 if (addr->channel != IPMI_BMC_CHANNEL)
636                         return -EINVAL;
637                 return 0;
638         }
639
640         if ((addr->channel == IPMI_BMC_CHANNEL)
641             || (addr->channel >= IPMI_MAX_CHANNELS)
642             || (addr->channel < 0))
643                 return -EINVAL;
644
645         if ((addr->addr_type == IPMI_IPMB_ADDR_TYPE)
646             || (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)) {
647                 if (len < sizeof(struct ipmi_ipmb_addr))
648                         return -EINVAL;
649                 return 0;
650         }
651
652         if (addr->addr_type == IPMI_LAN_ADDR_TYPE) {
653                 if (len < sizeof(struct ipmi_lan_addr))
654                         return -EINVAL;
655                 return 0;
656         }
657
658         return -EINVAL;
659 }
660 EXPORT_SYMBOL(ipmi_validate_addr);
661
662 unsigned int ipmi_addr_length(int addr_type)
663 {
664         if (addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
665                 return sizeof(struct ipmi_system_interface_addr);
666
667         if ((addr_type == IPMI_IPMB_ADDR_TYPE)
668                         || (addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
669                 return sizeof(struct ipmi_ipmb_addr);
670
671         if (addr_type == IPMI_LAN_ADDR_TYPE)
672                 return sizeof(struct ipmi_lan_addr);
673
674         return 0;
675 }
676 EXPORT_SYMBOL(ipmi_addr_length);
677
678 static void deliver_response(struct ipmi_recv_msg *msg)
679 {
680         if (!msg->user) {
681                 ipmi_smi_t    intf = msg->user_msg_data;
682
683                 /* Special handling for NULL users. */
684                 if (intf->null_user_handler) {
685                         intf->null_user_handler(intf, msg);
686                         ipmi_inc_stat(intf, handled_local_responses);
687                 } else {
688                         /* No handler, so give up. */
689                         ipmi_inc_stat(intf, unhandled_local_responses);
690                 }
691                 ipmi_free_recv_msg(msg);
692         } else {
693                 ipmi_user_t user = msg->user;
694                 user->handler->ipmi_recv_hndl(msg, user->handler_data);
695         }
696 }
697
698 static void
699 deliver_err_response(struct ipmi_recv_msg *msg, int err)
700 {
701         msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
702         msg->msg_data[0] = err;
703         msg->msg.netfn |= 1; /* Convert to a response. */
704         msg->msg.data_len = 1;
705         msg->msg.data = msg->msg_data;
706         deliver_response(msg);
707 }
708
709 /*
710  * Find the next sequence number not being used and add the given
711  * message with the given timeout to the sequence table.  This must be
712  * called with the interface's seq_lock held.
713  */
714 static int intf_next_seq(ipmi_smi_t           intf,
715                          struct ipmi_recv_msg *recv_msg,
716                          unsigned long        timeout,
717                          int                  retries,
718                          int                  broadcast,
719                          unsigned char        *seq,
720                          long                 *seqid)
721 {
722         int          rv = 0;
723         unsigned int i;
724
725         for (i = intf->curr_seq; (i+1)%IPMI_IPMB_NUM_SEQ != intf->curr_seq;
726                                         i = (i+1)%IPMI_IPMB_NUM_SEQ) {
727                 if (!intf->seq_table[i].inuse)
728                         break;
729         }
730
731         if (!intf->seq_table[i].inuse) {
732                 intf->seq_table[i].recv_msg = recv_msg;
733
734                 /*
735                  * Start with the maximum timeout, when the send response
736                  * comes in we will start the real timer.
737                  */
738                 intf->seq_table[i].timeout = MAX_MSG_TIMEOUT;
739                 intf->seq_table[i].orig_timeout = timeout;
740                 intf->seq_table[i].retries_left = retries;
741                 intf->seq_table[i].broadcast = broadcast;
742                 intf->seq_table[i].inuse = 1;
743                 intf->seq_table[i].seqid = NEXT_SEQID(intf->seq_table[i].seqid);
744                 *seq = i;
745                 *seqid = intf->seq_table[i].seqid;
746                 intf->curr_seq = (i+1)%IPMI_IPMB_NUM_SEQ;
747         } else {
748                 rv = -EAGAIN;
749         }
750
751         return rv;
752 }
753
754 /*
755  * Return the receive message for the given sequence number and
756  * release the sequence number so it can be reused.  Some other data
757  * is passed in to be sure the message matches up correctly (to help
758  * guard against message coming in after their timeout and the
759  * sequence number being reused).
760  */
761 static int intf_find_seq(ipmi_smi_t           intf,
762                          unsigned char        seq,
763                          short                channel,
764                          unsigned char        cmd,
765                          unsigned char        netfn,
766                          struct ipmi_addr     *addr,
767                          struct ipmi_recv_msg **recv_msg)
768 {
769         int           rv = -ENODEV;
770         unsigned long flags;
771
772         if (seq >= IPMI_IPMB_NUM_SEQ)
773                 return -EINVAL;
774
775         spin_lock_irqsave(&(intf->seq_lock), flags);
776         if (intf->seq_table[seq].inuse) {
777                 struct ipmi_recv_msg *msg = intf->seq_table[seq].recv_msg;
778
779                 if ((msg->addr.channel == channel) && (msg->msg.cmd == cmd)
780                                 && (msg->msg.netfn == netfn)
781                                 && (ipmi_addr_equal(addr, &(msg->addr)))) {
782                         *recv_msg = msg;
783                         intf->seq_table[seq].inuse = 0;
784                         rv = 0;
785                 }
786         }
787         spin_unlock_irqrestore(&(intf->seq_lock), flags);
788
789         return rv;
790 }
791
792
793 /* Start the timer for a specific sequence table entry. */
794 static int intf_start_seq_timer(ipmi_smi_t intf,
795                                 long       msgid)
796 {
797         int           rv = -ENODEV;
798         unsigned long flags;
799         unsigned char seq;
800         unsigned long seqid;
801
802
803         GET_SEQ_FROM_MSGID(msgid, seq, seqid);
804
805         spin_lock_irqsave(&(intf->seq_lock), flags);
806         /*
807          * We do this verification because the user can be deleted
808          * while a message is outstanding.
809          */
810         if ((intf->seq_table[seq].inuse)
811                                 && (intf->seq_table[seq].seqid == seqid)) {
812                 struct seq_table *ent = &(intf->seq_table[seq]);
813                 ent->timeout = ent->orig_timeout;
814                 rv = 0;
815         }
816         spin_unlock_irqrestore(&(intf->seq_lock), flags);
817
818         return rv;
819 }
820
821 /* Got an error for the send message for a specific sequence number. */
822 static int intf_err_seq(ipmi_smi_t   intf,
823                         long         msgid,
824                         unsigned int err)
825 {
826         int                  rv = -ENODEV;
827         unsigned long        flags;
828         unsigned char        seq;
829         unsigned long        seqid;
830         struct ipmi_recv_msg *msg = NULL;
831
832
833         GET_SEQ_FROM_MSGID(msgid, seq, seqid);
834
835         spin_lock_irqsave(&(intf->seq_lock), flags);
836         /*
837          * We do this verification because the user can be deleted
838          * while a message is outstanding.
839          */
840         if ((intf->seq_table[seq].inuse)
841                                 && (intf->seq_table[seq].seqid == seqid)) {
842                 struct seq_table *ent = &(intf->seq_table[seq]);
843
844                 ent->inuse = 0;
845                 msg = ent->recv_msg;
846                 rv = 0;
847         }
848         spin_unlock_irqrestore(&(intf->seq_lock), flags);
849
850         if (msg)
851                 deliver_err_response(msg, err);
852
853         return rv;
854 }
855
856
857 int ipmi_create_user(unsigned int          if_num,
858                      struct ipmi_user_hndl *handler,
859                      void                  *handler_data,
860                      ipmi_user_t           *user)
861 {
862         unsigned long flags;
863         ipmi_user_t   new_user;
864         int           rv = 0;
865         ipmi_smi_t    intf;
866
867         /*
868          * There is no module usecount here, because it's not
869          * required.  Since this can only be used by and called from
870          * other modules, they will implicitly use this module, and
871          * thus this can't be removed unless the other modules are
872          * removed.
873          */
874
875         if (handler == NULL)
876                 return -EINVAL;
877
878         /*
879          * Make sure the driver is actually initialized, this handles
880          * problems with initialization order.
881          */
882         if (!initialized) {
883                 rv = ipmi_init_msghandler();
884                 if (rv)
885                         return rv;
886
887                 /*
888                  * The init code doesn't return an error if it was turned
889                  * off, but it won't initialize.  Check that.
890                  */
891                 if (!initialized)
892                         return -ENODEV;
893         }
894
895         new_user = kmalloc(sizeof(*new_user), GFP_KERNEL);
896         if (!new_user)
897                 return -ENOMEM;
898
899         mutex_lock(&ipmi_interfaces_mutex);
900         list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
901                 if (intf->intf_num == if_num)
902                         goto found;
903         }
904         /* Not found, return an error */
905         rv = -EINVAL;
906         goto out_kfree;
907
908  found:
909         /* Note that each existing user holds a refcount to the interface. */
910         kref_get(&intf->refcount);
911
912         kref_init(&new_user->refcount);
913         new_user->handler = handler;
914         new_user->handler_data = handler_data;
915         new_user->intf = intf;
916         new_user->gets_events = 0;
917
918         if (!try_module_get(intf->handlers->owner)) {
919                 rv = -ENODEV;
920                 goto out_kref;
921         }
922
923         if (intf->handlers->inc_usecount) {
924                 rv = intf->handlers->inc_usecount(intf->send_info);
925                 if (rv) {
926                         module_put(intf->handlers->owner);
927                         goto out_kref;
928                 }
929         }
930
931         /*
932          * Hold the lock so intf->handlers is guaranteed to be good
933          * until now
934          */
935         mutex_unlock(&ipmi_interfaces_mutex);
936
937         new_user->valid = 1;
938         spin_lock_irqsave(&intf->seq_lock, flags);
939         list_add_rcu(&new_user->link, &intf->users);
940         spin_unlock_irqrestore(&intf->seq_lock, flags);
941         *user = new_user;
942         return 0;
943
944 out_kref:
945         kref_put(&intf->refcount, intf_free);
946 out_kfree:
947         mutex_unlock(&ipmi_interfaces_mutex);
948         kfree(new_user);
949         return rv;
950 }
951 EXPORT_SYMBOL(ipmi_create_user);
952
953 static void free_user(struct kref *ref)
954 {
955         ipmi_user_t user = container_of(ref, struct ipmi_user, refcount);
956         kfree(user);
957 }
958
959 int ipmi_destroy_user(ipmi_user_t user)
960 {
961         ipmi_smi_t       intf = user->intf;
962         int              i;
963         unsigned long    flags;
964         struct cmd_rcvr  *rcvr;
965         struct cmd_rcvr  *rcvrs = NULL;
966
967         user->valid = 0;
968
969         /* Remove the user from the interface's sequence table. */
970         spin_lock_irqsave(&intf->seq_lock, flags);
971         list_del_rcu(&user->link);
972
973         for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
974                 if (intf->seq_table[i].inuse
975                     && (intf->seq_table[i].recv_msg->user == user)) {
976                         intf->seq_table[i].inuse = 0;
977                         ipmi_free_recv_msg(intf->seq_table[i].recv_msg);
978                 }
979         }
980         spin_unlock_irqrestore(&intf->seq_lock, flags);
981
982         /*
983          * Remove the user from the command receiver's table.  First
984          * we build a list of everything (not using the standard link,
985          * since other things may be using it till we do
986          * synchronize_rcu()) then free everything in that list.
987          */
988         mutex_lock(&intf->cmd_rcvrs_mutex);
989         list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
990                 if (rcvr->user == user) {
991                         list_del_rcu(&rcvr->link);
992                         rcvr->next = rcvrs;
993                         rcvrs = rcvr;
994                 }
995         }
996         mutex_unlock(&intf->cmd_rcvrs_mutex);
997         synchronize_rcu();
998         while (rcvrs) {
999                 rcvr = rcvrs;
1000                 rcvrs = rcvr->next;
1001                 kfree(rcvr);
1002         }
1003
1004         mutex_lock(&ipmi_interfaces_mutex);
1005         if (intf->handlers) {
1006                 module_put(intf->handlers->owner);
1007                 if (intf->handlers->dec_usecount)
1008                         intf->handlers->dec_usecount(intf->send_info);
1009         }
1010         mutex_unlock(&ipmi_interfaces_mutex);
1011
1012         kref_put(&intf->refcount, intf_free);
1013
1014         kref_put(&user->refcount, free_user);
1015
1016         return 0;
1017 }
1018 EXPORT_SYMBOL(ipmi_destroy_user);
1019
1020 void ipmi_get_version(ipmi_user_t   user,
1021                       unsigned char *major,
1022                       unsigned char *minor)
1023 {
1024         *major = user->intf->ipmi_version_major;
1025         *minor = user->intf->ipmi_version_minor;
1026 }
1027 EXPORT_SYMBOL(ipmi_get_version);
1028
1029 int ipmi_set_my_address(ipmi_user_t   user,
1030                         unsigned int  channel,
1031                         unsigned char address)
1032 {
1033         if (channel >= IPMI_MAX_CHANNELS)
1034                 return -EINVAL;
1035         user->intf->channels[channel].address = address;
1036         return 0;
1037 }
1038 EXPORT_SYMBOL(ipmi_set_my_address);
1039
1040 int ipmi_get_my_address(ipmi_user_t   user,
1041                         unsigned int  channel,
1042                         unsigned char *address)
1043 {
1044         if (channel >= IPMI_MAX_CHANNELS)
1045                 return -EINVAL;
1046         *address = user->intf->channels[channel].address;
1047         return 0;
1048 }
1049 EXPORT_SYMBOL(ipmi_get_my_address);
1050
1051 int ipmi_set_my_LUN(ipmi_user_t   user,
1052                     unsigned int  channel,
1053                     unsigned char LUN)
1054 {
1055         if (channel >= IPMI_MAX_CHANNELS)
1056                 return -EINVAL;
1057         user->intf->channels[channel].lun = LUN & 0x3;
1058         return 0;
1059 }
1060 EXPORT_SYMBOL(ipmi_set_my_LUN);
1061
1062 int ipmi_get_my_LUN(ipmi_user_t   user,
1063                     unsigned int  channel,
1064                     unsigned char *address)
1065 {
1066         if (channel >= IPMI_MAX_CHANNELS)
1067                 return -EINVAL;
1068         *address = user->intf->channels[channel].lun;
1069         return 0;
1070 }
1071 EXPORT_SYMBOL(ipmi_get_my_LUN);
1072
1073 int ipmi_get_maintenance_mode(ipmi_user_t user)
1074 {
1075         int           mode;
1076         unsigned long flags;
1077
1078         spin_lock_irqsave(&user->intf->maintenance_mode_lock, flags);
1079         mode = user->intf->maintenance_mode;
1080         spin_unlock_irqrestore(&user->intf->maintenance_mode_lock, flags);
1081
1082         return mode;
1083 }
1084 EXPORT_SYMBOL(ipmi_get_maintenance_mode);
1085
1086 static void maintenance_mode_update(ipmi_smi_t intf)
1087 {
1088         if (intf->handlers->set_maintenance_mode)
1089                 intf->handlers->set_maintenance_mode(
1090                         intf->send_info, intf->maintenance_mode_enable);
1091 }
1092
1093 int ipmi_set_maintenance_mode(ipmi_user_t user, int mode)
1094 {
1095         int           rv = 0;
1096         unsigned long flags;
1097         ipmi_smi_t    intf = user->intf;
1098
1099         spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
1100         if (intf->maintenance_mode != mode) {
1101                 switch (mode) {
1102                 case IPMI_MAINTENANCE_MODE_AUTO:
1103                         intf->maintenance_mode = mode;
1104                         intf->maintenance_mode_enable
1105                                 = (intf->auto_maintenance_timeout > 0);
1106                         break;
1107
1108                 case IPMI_MAINTENANCE_MODE_OFF:
1109                         intf->maintenance_mode = mode;
1110                         intf->maintenance_mode_enable = 0;
1111                         break;
1112
1113                 case IPMI_MAINTENANCE_MODE_ON:
1114                         intf->maintenance_mode = mode;
1115                         intf->maintenance_mode_enable = 1;
1116                         break;
1117
1118                 default:
1119                         rv = -EINVAL;
1120                         goto out_unlock;
1121                 }
1122
1123                 maintenance_mode_update(intf);
1124         }
1125  out_unlock:
1126         spin_unlock_irqrestore(&intf->maintenance_mode_lock, flags);
1127
1128         return rv;
1129 }
1130 EXPORT_SYMBOL(ipmi_set_maintenance_mode);
1131
1132 int ipmi_set_gets_events(ipmi_user_t user, int val)
1133 {
1134         unsigned long        flags;
1135         ipmi_smi_t           intf = user->intf;
1136         struct ipmi_recv_msg *msg, *msg2;
1137         struct list_head     msgs;
1138
1139         INIT_LIST_HEAD(&msgs);
1140
1141         spin_lock_irqsave(&intf->events_lock, flags);
1142         user->gets_events = val;
1143
1144         if (intf->delivering_events)
1145                 /*
1146                  * Another thread is delivering events for this, so
1147                  * let it handle any new events.
1148                  */
1149                 goto out;
1150
1151         /* Deliver any queued events. */
1152         while (user->gets_events && !list_empty(&intf->waiting_events)) {
1153                 list_for_each_entry_safe(msg, msg2, &intf->waiting_events, link)
1154                         list_move_tail(&msg->link, &msgs);
1155                 intf->waiting_events_count = 0;
1156                 if (intf->event_msg_printed) {
1157                         printk(KERN_WARNING PFX "Event queue no longer"
1158                                " full\n");
1159                         intf->event_msg_printed = 0;
1160                 }
1161
1162                 intf->delivering_events = 1;
1163                 spin_unlock_irqrestore(&intf->events_lock, flags);
1164
1165                 list_for_each_entry_safe(msg, msg2, &msgs, link) {
1166                         msg->user = user;
1167                         kref_get(&user->refcount);
1168                         deliver_response(msg);
1169                 }
1170
1171                 spin_lock_irqsave(&intf->events_lock, flags);
1172                 intf->delivering_events = 0;
1173         }
1174
1175  out:
1176         spin_unlock_irqrestore(&intf->events_lock, flags);
1177
1178         return 0;
1179 }
1180 EXPORT_SYMBOL(ipmi_set_gets_events);
1181
1182 static struct cmd_rcvr *find_cmd_rcvr(ipmi_smi_t    intf,
1183                                       unsigned char netfn,
1184                                       unsigned char cmd,
1185                                       unsigned char chan)
1186 {
1187         struct cmd_rcvr *rcvr;
1188
1189         list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
1190                 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)
1191                                         && (rcvr->chans & (1 << chan)))
1192                         return rcvr;
1193         }
1194         return NULL;
1195 }
1196
1197 static int is_cmd_rcvr_exclusive(ipmi_smi_t    intf,
1198                                  unsigned char netfn,
1199                                  unsigned char cmd,
1200                                  unsigned int  chans)
1201 {
1202         struct cmd_rcvr *rcvr;
1203
1204         list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
1205                 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)
1206                                         && (rcvr->chans & chans))
1207                         return 0;
1208         }
1209         return 1;
1210 }
1211
1212 int ipmi_register_for_cmd(ipmi_user_t   user,
1213                           unsigned char netfn,
1214                           unsigned char cmd,
1215                           unsigned int  chans)
1216 {
1217         ipmi_smi_t      intf = user->intf;
1218         struct cmd_rcvr *rcvr;
1219         int             rv = 0;
1220
1221
1222         rcvr = kmalloc(sizeof(*rcvr), GFP_KERNEL);
1223         if (!rcvr)
1224                 return -ENOMEM;
1225         rcvr->cmd = cmd;
1226         rcvr->netfn = netfn;
1227         rcvr->chans = chans;
1228         rcvr->user = user;
1229
1230         mutex_lock(&intf->cmd_rcvrs_mutex);
1231         /* Make sure the command/netfn is not already registered. */
1232         if (!is_cmd_rcvr_exclusive(intf, netfn, cmd, chans)) {
1233                 rv = -EBUSY;
1234                 goto out_unlock;
1235         }
1236
1237         list_add_rcu(&rcvr->link, &intf->cmd_rcvrs);
1238
1239  out_unlock:
1240         mutex_unlock(&intf->cmd_rcvrs_mutex);
1241         if (rv)
1242                 kfree(rcvr);
1243
1244         return rv;
1245 }
1246 EXPORT_SYMBOL(ipmi_register_for_cmd);
1247
1248 int ipmi_unregister_for_cmd(ipmi_user_t   user,
1249                             unsigned char netfn,
1250                             unsigned char cmd,
1251                             unsigned int  chans)
1252 {
1253         ipmi_smi_t      intf = user->intf;
1254         struct cmd_rcvr *rcvr;
1255         struct cmd_rcvr *rcvrs = NULL;
1256         int i, rv = -ENOENT;
1257
1258         mutex_lock(&intf->cmd_rcvrs_mutex);
1259         for (i = 0; i < IPMI_NUM_CHANNELS; i++) {
1260                 if (((1 << i) & chans) == 0)
1261                         continue;
1262                 rcvr = find_cmd_rcvr(intf, netfn, cmd, i);
1263                 if (rcvr == NULL)
1264                         continue;
1265                 if (rcvr->user == user) {
1266                         rv = 0;
1267                         rcvr->chans &= ~chans;
1268                         if (rcvr->chans == 0) {
1269                                 list_del_rcu(&rcvr->link);
1270                                 rcvr->next = rcvrs;
1271                                 rcvrs = rcvr;
1272                         }
1273                 }
1274         }
1275         mutex_unlock(&intf->cmd_rcvrs_mutex);
1276         synchronize_rcu();
1277         while (rcvrs) {
1278                 rcvr = rcvrs;
1279                 rcvrs = rcvr->next;
1280                 kfree(rcvr);
1281         }
1282         return rv;
1283 }
1284 EXPORT_SYMBOL(ipmi_unregister_for_cmd);
1285
1286 static unsigned char
1287 ipmb_checksum(unsigned char *data, int size)
1288 {
1289         unsigned char csum = 0;
1290
1291         for (; size > 0; size--, data++)
1292                 csum += *data;
1293
1294         return -csum;
1295 }
1296
1297 static inline void format_ipmb_msg(struct ipmi_smi_msg   *smi_msg,
1298                                    struct kernel_ipmi_msg *msg,
1299                                    struct ipmi_ipmb_addr *ipmb_addr,
1300                                    long                  msgid,
1301                                    unsigned char         ipmb_seq,
1302                                    int                   broadcast,
1303                                    unsigned char         source_address,
1304                                    unsigned char         source_lun)
1305 {
1306         int i = broadcast;
1307
1308         /* Format the IPMB header data. */
1309         smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
1310         smi_msg->data[1] = IPMI_SEND_MSG_CMD;
1311         smi_msg->data[2] = ipmb_addr->channel;
1312         if (broadcast)
1313                 smi_msg->data[3] = 0;
1314         smi_msg->data[i+3] = ipmb_addr->slave_addr;
1315         smi_msg->data[i+4] = (msg->netfn << 2) | (ipmb_addr->lun & 0x3);
1316         smi_msg->data[i+5] = ipmb_checksum(&(smi_msg->data[i+3]), 2);
1317         smi_msg->data[i+6] = source_address;
1318         smi_msg->data[i+7] = (ipmb_seq << 2) | source_lun;
1319         smi_msg->data[i+8] = msg->cmd;
1320
1321         /* Now tack on the data to the message. */
1322         if (msg->data_len > 0)
1323                 memcpy(&(smi_msg->data[i+9]), msg->data,
1324                        msg->data_len);
1325         smi_msg->data_size = msg->data_len + 9;
1326
1327         /* Now calculate the checksum and tack it on. */
1328         smi_msg->data[i+smi_msg->data_size]
1329                 = ipmb_checksum(&(smi_msg->data[i+6]),
1330                                 smi_msg->data_size-6);
1331
1332         /*
1333          * Add on the checksum size and the offset from the
1334          * broadcast.
1335          */
1336         smi_msg->data_size += 1 + i;
1337
1338         smi_msg->msgid = msgid;
1339 }
1340
1341 static inline void format_lan_msg(struct ipmi_smi_msg   *smi_msg,
1342                                   struct kernel_ipmi_msg *msg,
1343                                   struct ipmi_lan_addr  *lan_addr,
1344                                   long                  msgid,
1345                                   unsigned char         ipmb_seq,
1346                                   unsigned char         source_lun)
1347 {
1348         /* Format the IPMB header data. */
1349         smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
1350         smi_msg->data[1] = IPMI_SEND_MSG_CMD;
1351         smi_msg->data[2] = lan_addr->channel;
1352         smi_msg->data[3] = lan_addr->session_handle;
1353         smi_msg->data[4] = lan_addr->remote_SWID;
1354         smi_msg->data[5] = (msg->netfn << 2) | (lan_addr->lun & 0x3);
1355         smi_msg->data[6] = ipmb_checksum(&(smi_msg->data[4]), 2);
1356         smi_msg->data[7] = lan_addr->local_SWID;
1357         smi_msg->data[8] = (ipmb_seq << 2) | source_lun;
1358         smi_msg->data[9] = msg->cmd;
1359
1360         /* Now tack on the data to the message. */
1361         if (msg->data_len > 0)
1362                 memcpy(&(smi_msg->data[10]), msg->data,
1363                        msg->data_len);
1364         smi_msg->data_size = msg->data_len + 10;
1365
1366         /* Now calculate the checksum and tack it on. */
1367         smi_msg->data[smi_msg->data_size]
1368                 = ipmb_checksum(&(smi_msg->data[7]),
1369                                 smi_msg->data_size-7);
1370
1371         /*
1372          * Add on the checksum size and the offset from the
1373          * broadcast.
1374          */
1375         smi_msg->data_size += 1;
1376
1377         smi_msg->msgid = msgid;
1378 }
1379
1380 /*
1381  * Separate from ipmi_request so that the user does not have to be
1382  * supplied in certain circumstances (mainly at panic time).  If
1383  * messages are supplied, they will be freed, even if an error
1384  * occurs.
1385  */
1386 static int i_ipmi_request(ipmi_user_t          user,
1387                           ipmi_smi_t           intf,
1388                           struct ipmi_addr     *addr,
1389                           long                 msgid,
1390                           struct kernel_ipmi_msg *msg,
1391                           void                 *user_msg_data,
1392                           void                 *supplied_smi,
1393                           struct ipmi_recv_msg *supplied_recv,
1394                           int                  priority,
1395                           unsigned char        source_address,
1396                           unsigned char        source_lun,
1397                           int                  retries,
1398                           unsigned int         retry_time_ms)
1399 {
1400         int                      rv = 0;
1401         struct ipmi_smi_msg      *smi_msg;
1402         struct ipmi_recv_msg     *recv_msg;
1403         unsigned long            flags;
1404         struct ipmi_smi_handlers *handlers;
1405
1406
1407         if (supplied_recv)
1408                 recv_msg = supplied_recv;
1409         else {
1410                 recv_msg = ipmi_alloc_recv_msg();
1411                 if (recv_msg == NULL)
1412                         return -ENOMEM;
1413         }
1414         recv_msg->user_msg_data = user_msg_data;
1415
1416         if (supplied_smi)
1417                 smi_msg = (struct ipmi_smi_msg *) supplied_smi;
1418         else {
1419                 smi_msg = ipmi_alloc_smi_msg();
1420                 if (smi_msg == NULL) {
1421                         ipmi_free_recv_msg(recv_msg);
1422                         return -ENOMEM;
1423                 }
1424         }
1425
1426         rcu_read_lock();
1427         handlers = intf->handlers;
1428         if (!handlers) {
1429                 rv = -ENODEV;
1430                 goto out_err;
1431         }
1432
1433         recv_msg->user = user;
1434         if (user)
1435                 kref_get(&user->refcount);
1436         recv_msg->msgid = msgid;
1437         /*
1438          * Store the message to send in the receive message so timeout
1439          * responses can get the proper response data.
1440          */
1441         recv_msg->msg = *msg;
1442
1443         if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
1444                 struct ipmi_system_interface_addr *smi_addr;
1445
1446                 if (msg->netfn & 1) {
1447                         /* Responses are not allowed to the SMI. */
1448                         rv = -EINVAL;
1449                         goto out_err;
1450                 }
1451
1452                 smi_addr = (struct ipmi_system_interface_addr *) addr;
1453                 if (smi_addr->lun > 3) {
1454                         ipmi_inc_stat(intf, sent_invalid_commands);
1455                         rv = -EINVAL;
1456                         goto out_err;
1457                 }
1458
1459                 memcpy(&recv_msg->addr, smi_addr, sizeof(*smi_addr));
1460
1461                 if ((msg->netfn == IPMI_NETFN_APP_REQUEST)
1462                     && ((msg->cmd == IPMI_SEND_MSG_CMD)
1463                         || (msg->cmd == IPMI_GET_MSG_CMD)
1464                         || (msg->cmd == IPMI_READ_EVENT_MSG_BUFFER_CMD))) {
1465                         /*
1466                          * We don't let the user do these, since we manage
1467                          * the sequence numbers.
1468                          */
1469                         ipmi_inc_stat(intf, sent_invalid_commands);
1470                         rv = -EINVAL;
1471                         goto out_err;
1472                 }
1473
1474                 if (((msg->netfn == IPMI_NETFN_APP_REQUEST)
1475                       && ((msg->cmd == IPMI_COLD_RESET_CMD)
1476                           || (msg->cmd == IPMI_WARM_RESET_CMD)))
1477                      || (msg->netfn == IPMI_NETFN_FIRMWARE_REQUEST)) {
1478                         spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
1479                         intf->auto_maintenance_timeout
1480                                 = IPMI_MAINTENANCE_MODE_TIMEOUT;
1481                         if (!intf->maintenance_mode
1482                             && !intf->maintenance_mode_enable) {
1483                                 intf->maintenance_mode_enable = 1;
1484                                 maintenance_mode_update(intf);
1485                         }
1486                         spin_unlock_irqrestore(&intf->maintenance_mode_lock,
1487                                                flags);
1488                 }
1489
1490                 if ((msg->data_len + 2) > IPMI_MAX_MSG_LENGTH) {
1491                         ipmi_inc_stat(intf, sent_invalid_commands);
1492                         rv = -EMSGSIZE;
1493                         goto out_err;
1494                 }
1495
1496                 smi_msg->data[0] = (msg->netfn << 2) | (smi_addr->lun & 0x3);
1497                 smi_msg->data[1] = msg->cmd;
1498                 smi_msg->msgid = msgid;
1499                 smi_msg->user_data = recv_msg;
1500                 if (msg->data_len > 0)
1501                         memcpy(&(smi_msg->data[2]), msg->data, msg->data_len);
1502                 smi_msg->data_size = msg->data_len + 2;
1503                 ipmi_inc_stat(intf, sent_local_commands);
1504         } else if ((addr->addr_type == IPMI_IPMB_ADDR_TYPE)
1505                    || (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)) {
1506                 struct ipmi_ipmb_addr *ipmb_addr;
1507                 unsigned char         ipmb_seq;
1508                 long                  seqid;
1509                 int                   broadcast = 0;
1510
1511                 if (addr->channel >= IPMI_MAX_CHANNELS) {
1512                         ipmi_inc_stat(intf, sent_invalid_commands);
1513                         rv = -EINVAL;
1514                         goto out_err;
1515                 }
1516
1517                 if (intf->channels[addr->channel].medium
1518                                         != IPMI_CHANNEL_MEDIUM_IPMB) {
1519                         ipmi_inc_stat(intf, sent_invalid_commands);
1520                         rv = -EINVAL;
1521                         goto out_err;
1522                 }
1523
1524                 if (retries < 0) {
1525                     if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)
1526                         retries = 0; /* Don't retry broadcasts. */
1527                     else
1528                         retries = 4;
1529                 }
1530                 if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE) {
1531                     /*
1532                      * Broadcasts add a zero at the beginning of the
1533                      * message, but otherwise is the same as an IPMB
1534                      * address.
1535                      */
1536                     addr->addr_type = IPMI_IPMB_ADDR_TYPE;
1537                     broadcast = 1;
1538                 }
1539
1540
1541                 /* Default to 1 second retries. */
1542                 if (retry_time_ms == 0)
1543                     retry_time_ms = 1000;
1544
1545                 /*
1546                  * 9 for the header and 1 for the checksum, plus
1547                  * possibly one for the broadcast.
1548                  */
1549                 if ((msg->data_len + 10 + broadcast) > IPMI_MAX_MSG_LENGTH) {
1550                         ipmi_inc_stat(intf, sent_invalid_commands);
1551                         rv = -EMSGSIZE;
1552                         goto out_err;
1553                 }
1554
1555                 ipmb_addr = (struct ipmi_ipmb_addr *) addr;
1556                 if (ipmb_addr->lun > 3) {
1557                         ipmi_inc_stat(intf, sent_invalid_commands);
1558                         rv = -EINVAL;
1559                         goto out_err;
1560                 }
1561
1562                 memcpy(&recv_msg->addr, ipmb_addr, sizeof(*ipmb_addr));
1563
1564                 if (recv_msg->msg.netfn & 0x1) {
1565                         /*
1566                          * It's a response, so use the user's sequence
1567                          * from msgid.
1568                          */
1569                         ipmi_inc_stat(intf, sent_ipmb_responses);
1570                         format_ipmb_msg(smi_msg, msg, ipmb_addr, msgid,
1571                                         msgid, broadcast,
1572                                         source_address, source_lun);
1573
1574                         /*
1575                          * Save the receive message so we can use it
1576                          * to deliver the response.
1577                          */
1578                         smi_msg->user_data = recv_msg;
1579                 } else {
1580                         /* It's a command, so get a sequence for it. */
1581
1582                         spin_lock_irqsave(&(intf->seq_lock), flags);
1583
1584                         ipmi_inc_stat(intf, sent_ipmb_commands);
1585
1586                         /*
1587                          * Create a sequence number with a 1 second
1588                          * timeout and 4 retries.
1589                          */
1590                         rv = intf_next_seq(intf,
1591                                            recv_msg,
1592                                            retry_time_ms,
1593                                            retries,
1594                                            broadcast,
1595                                            &ipmb_seq,
1596                                            &seqid);
1597                         if (rv) {
1598                                 /*
1599                                  * We have used up all the sequence numbers,
1600                                  * probably, so abort.
1601                                  */
1602                                 spin_unlock_irqrestore(&(intf->seq_lock),
1603                                                        flags);
1604                                 goto out_err;
1605                         }
1606
1607                         /*
1608                          * Store the sequence number in the message,
1609                          * so that when the send message response
1610                          * comes back we can start the timer.
1611                          */
1612                         format_ipmb_msg(smi_msg, msg, ipmb_addr,
1613                                         STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
1614                                         ipmb_seq, broadcast,
1615                                         source_address, source_lun);
1616
1617                         /*
1618                          * Copy the message into the recv message data, so we
1619                          * can retransmit it later if necessary.
1620                          */
1621                         memcpy(recv_msg->msg_data, smi_msg->data,
1622                                smi_msg->data_size);
1623                         recv_msg->msg.data = recv_msg->msg_data;
1624                         recv_msg->msg.data_len = smi_msg->data_size;
1625
1626                         /*
1627                          * We don't unlock until here, because we need
1628                          * to copy the completed message into the
1629                          * recv_msg before we release the lock.
1630                          * Otherwise, race conditions may bite us.  I
1631                          * know that's pretty paranoid, but I prefer
1632                          * to be correct.
1633                          */
1634                         spin_unlock_irqrestore(&(intf->seq_lock), flags);
1635                 }
1636         } else if (addr->addr_type == IPMI_LAN_ADDR_TYPE) {
1637                 struct ipmi_lan_addr  *lan_addr;
1638                 unsigned char         ipmb_seq;
1639                 long                  seqid;
1640
1641                 if (addr->channel >= IPMI_MAX_CHANNELS) {
1642                         ipmi_inc_stat(intf, sent_invalid_commands);
1643                         rv = -EINVAL;
1644                         goto out_err;
1645                 }
1646
1647                 if ((intf->channels[addr->channel].medium
1648                                 != IPMI_CHANNEL_MEDIUM_8023LAN)
1649                     && (intf->channels[addr->channel].medium
1650                                 != IPMI_CHANNEL_MEDIUM_ASYNC)) {
1651                         ipmi_inc_stat(intf, sent_invalid_commands);
1652                         rv = -EINVAL;
1653                         goto out_err;
1654                 }
1655
1656                 retries = 4;
1657
1658                 /* Default to 1 second retries. */
1659                 if (retry_time_ms == 0)
1660                     retry_time_ms = 1000;
1661
1662                 /* 11 for the header and 1 for the checksum. */
1663                 if ((msg->data_len + 12) > IPMI_MAX_MSG_LENGTH) {
1664                         ipmi_inc_stat(intf, sent_invalid_commands);
1665                         rv = -EMSGSIZE;
1666                         goto out_err;
1667                 }
1668
1669                 lan_addr = (struct ipmi_lan_addr *) addr;
1670                 if (lan_addr->lun > 3) {
1671                         ipmi_inc_stat(intf, sent_invalid_commands);
1672                         rv = -EINVAL;
1673                         goto out_err;
1674                 }
1675
1676                 memcpy(&recv_msg->addr, lan_addr, sizeof(*lan_addr));
1677
1678                 if (recv_msg->msg.netfn & 0x1) {
1679                         /*
1680                          * It's a response, so use the user's sequence
1681                          * from msgid.
1682                          */
1683                         ipmi_inc_stat(intf, sent_lan_responses);
1684                         format_lan_msg(smi_msg, msg, lan_addr, msgid,
1685                                        msgid, source_lun);
1686
1687                         /*
1688                          * Save the receive message so we can use it
1689                          * to deliver the response.
1690                          */
1691                         smi_msg->user_data = recv_msg;
1692                 } else {
1693                         /* It's a command, so get a sequence for it. */
1694
1695                         spin_lock_irqsave(&(intf->seq_lock), flags);
1696
1697                         ipmi_inc_stat(intf, sent_lan_commands);
1698
1699                         /*
1700                          * Create a sequence number with a 1 second
1701                          * timeout and 4 retries.
1702                          */
1703                         rv = intf_next_seq(intf,
1704                                            recv_msg,
1705                                            retry_time_ms,
1706                                            retries,
1707                                            0,
1708                                            &ipmb_seq,
1709                                            &seqid);
1710                         if (rv) {
1711                                 /*
1712                                  * We have used up all the sequence numbers,
1713                                  * probably, so abort.
1714                                  */
1715                                 spin_unlock_irqrestore(&(intf->seq_lock),
1716                                                        flags);
1717                                 goto out_err;
1718                         }
1719
1720                         /*
1721                          * Store the sequence number in the message,
1722                          * so that when the send message response
1723                          * comes back we can start the timer.
1724                          */
1725                         format_lan_msg(smi_msg, msg, lan_addr,
1726                                        STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
1727                                        ipmb_seq, source_lun);
1728
1729                         /*
1730                          * Copy the message into the recv message data, so we
1731                          * can retransmit it later if necessary.
1732                          */
1733                         memcpy(recv_msg->msg_data, smi_msg->data,
1734                                smi_msg->data_size);
1735                         recv_msg->msg.data = recv_msg->msg_data;
1736                         recv_msg->msg.data_len = smi_msg->data_size;
1737
1738                         /*
1739                          * We don't unlock until here, because we need
1740                          * to copy the completed message into the
1741                          * recv_msg before we release the lock.
1742                          * Otherwise, race conditions may bite us.  I
1743                          * know that's pretty paranoid, but I prefer
1744                          * to be correct.
1745                          */
1746                         spin_unlock_irqrestore(&(intf->seq_lock), flags);
1747                 }
1748         } else {
1749             /* Unknown address type. */
1750                 ipmi_inc_stat(intf, sent_invalid_commands);
1751                 rv = -EINVAL;
1752                 goto out_err;
1753         }
1754
1755 #ifdef DEBUG_MSGING
1756         {
1757                 int m;
1758                 for (m = 0; m < smi_msg->data_size; m++)
1759                         printk(" %2.2x", smi_msg->data[m]);
1760                 printk("\n");
1761         }
1762 #endif
1763
1764         handlers->sender(intf->send_info, smi_msg, priority);
1765         rcu_read_unlock();
1766
1767         return 0;
1768
1769  out_err:
1770         rcu_read_unlock();
1771         ipmi_free_smi_msg(smi_msg);
1772         ipmi_free_recv_msg(recv_msg);
1773         return rv;
1774 }
1775
1776 static int check_addr(ipmi_smi_t       intf,
1777                       struct ipmi_addr *addr,
1778                       unsigned char    *saddr,
1779                       unsigned char    *lun)
1780 {
1781         if (addr->channel >= IPMI_MAX_CHANNELS)
1782                 return -EINVAL;
1783         *lun = intf->channels[addr->channel].lun;
1784         *saddr = intf->channels[addr->channel].address;
1785         return 0;
1786 }
1787
1788 int ipmi_request_settime(ipmi_user_t      user,
1789                          struct ipmi_addr *addr,
1790                          long             msgid,
1791                          struct kernel_ipmi_msg  *msg,
1792                          void             *user_msg_data,
1793                          int              priority,
1794                          int              retries,
1795                          unsigned int     retry_time_ms)
1796 {
1797         unsigned char saddr, lun;
1798         int           rv;
1799
1800         if (!user)
1801                 return -EINVAL;
1802         rv = check_addr(user->intf, addr, &saddr, &lun);
1803         if (rv)
1804                 return rv;
1805         return i_ipmi_request(user,
1806                               user->intf,
1807                               addr,
1808                               msgid,
1809                               msg,
1810                               user_msg_data,
1811                               NULL, NULL,
1812                               priority,
1813                               saddr,
1814                               lun,
1815                               retries,
1816                               retry_time_ms);
1817 }
1818 EXPORT_SYMBOL(ipmi_request_settime);
1819
1820 int ipmi_request_supply_msgs(ipmi_user_t          user,
1821                              struct ipmi_addr     *addr,
1822                              long                 msgid,
1823                              struct kernel_ipmi_msg *msg,
1824                              void                 *user_msg_data,
1825                              void                 *supplied_smi,
1826                              struct ipmi_recv_msg *supplied_recv,
1827                              int                  priority)
1828 {
1829         unsigned char saddr, lun;
1830         int           rv;
1831
1832         if (!user)
1833                 return -EINVAL;
1834         rv = check_addr(user->intf, addr, &saddr, &lun);
1835         if (rv)
1836                 return rv;
1837         return i_ipmi_request(user,
1838                               user->intf,
1839                               addr,
1840                               msgid,
1841                               msg,
1842                               user_msg_data,
1843                               supplied_smi,
1844                               supplied_recv,
1845                               priority,
1846                               saddr,
1847                               lun,
1848                               -1, 0);
1849 }
1850 EXPORT_SYMBOL(ipmi_request_supply_msgs);
1851
1852 #ifdef CONFIG_PROC_FS
1853 static int ipmb_file_read_proc(char *page, char **start, off_t off,
1854                                int count, int *eof, void *data)
1855 {
1856         char       *out = (char *) page;
1857         ipmi_smi_t intf = data;
1858         int        i;
1859         int        rv = 0;
1860
1861         for (i = 0; i < IPMI_MAX_CHANNELS; i++)
1862                 rv += sprintf(out+rv, "%x ", intf->channels[i].address);
1863         out[rv-1] = '\n'; /* Replace the final space with a newline */
1864         out[rv] = '\0';
1865         rv++;
1866         return rv;
1867 }
1868
1869 static int version_file_read_proc(char *page, char **start, off_t off,
1870                                   int count, int *eof, void *data)
1871 {
1872         char       *out = (char *) page;
1873         ipmi_smi_t intf = data;
1874
1875         return sprintf(out, "%u.%u\n",
1876                        ipmi_version_major(&intf->bmc->id),
1877                        ipmi_version_minor(&intf->bmc->id));
1878 }
1879
1880 static int stat_file_read_proc(char *page, char **start, off_t off,
1881                                int count, int *eof, void *data)
1882 {
1883         char       *out = (char *) page;
1884         ipmi_smi_t intf = data;
1885
1886         out += sprintf(out, "sent_invalid_commands:       %u\n",
1887                        ipmi_get_stat(intf, sent_invalid_commands));
1888         out += sprintf(out, "sent_local_commands:         %u\n",
1889                        ipmi_get_stat(intf, sent_local_commands));
1890         out += sprintf(out, "handled_local_responses:     %u\n",
1891                        ipmi_get_stat(intf, handled_local_responses));
1892         out += sprintf(out, "unhandled_local_responses:   %u\n",
1893                        ipmi_get_stat(intf, unhandled_local_responses));
1894         out += sprintf(out, "sent_ipmb_commands:          %u\n",
1895                        ipmi_get_stat(intf, sent_ipmb_commands));
1896         out += sprintf(out, "sent_ipmb_command_errs:      %u\n",
1897                        ipmi_get_stat(intf, sent_ipmb_command_errs));
1898         out += sprintf(out, "retransmitted_ipmb_commands: %u\n",
1899                        ipmi_get_stat(intf, retransmitted_ipmb_commands));
1900         out += sprintf(out, "timed_out_ipmb_commands:     %u\n",
1901                        ipmi_get_stat(intf, timed_out_ipmb_commands));
1902         out += sprintf(out, "timed_out_ipmb_broadcasts:   %u\n",
1903                        ipmi_get_stat(intf, timed_out_ipmb_broadcasts));
1904         out += sprintf(out, "sent_ipmb_responses:         %u\n",
1905                        ipmi_get_stat(intf, sent_ipmb_responses));
1906         out += sprintf(out, "handled_ipmb_responses:      %u\n",
1907                        ipmi_get_stat(intf, handled_ipmb_responses));
1908         out += sprintf(out, "invalid_ipmb_responses:      %u\n",
1909                        ipmi_get_stat(intf, invalid_ipmb_responses));
1910         out += sprintf(out, "unhandled_ipmb_responses:    %u\n",
1911                        ipmi_get_stat(intf, unhandled_ipmb_responses));
1912         out += sprintf(out, "sent_lan_commands:           %u\n",
1913                        ipmi_get_stat(intf, sent_lan_commands));
1914         out += sprintf(out, "sent_lan_command_errs:       %u\n",
1915                        ipmi_get_stat(intf, sent_lan_command_errs));
1916         out += sprintf(out, "retransmitted_lan_commands:  %u\n",
1917                        ipmi_get_stat(intf, retransmitted_lan_commands));
1918         out += sprintf(out, "timed_out_lan_commands:      %u\n",
1919                        ipmi_get_stat(intf, timed_out_lan_commands));
1920         out += sprintf(out, "sent_lan_responses:          %u\n",
1921                        ipmi_get_stat(intf, sent_lan_responses));
1922         out += sprintf(out, "handled_lan_responses:       %u\n",
1923                        ipmi_get_stat(intf, handled_lan_responses));
1924         out += sprintf(out, "invalid_lan_responses:       %u\n",
1925                        ipmi_get_stat(intf, invalid_lan_responses));
1926         out += sprintf(out, "unhandled_lan_responses:     %u\n",
1927                        ipmi_get_stat(intf, unhandled_lan_responses));
1928         out += sprintf(out, "handled_commands:            %u\n",
1929                        ipmi_get_stat(intf, handled_commands));
1930         out += sprintf(out, "invalid_commands:            %u\n",
1931                        ipmi_get_stat(intf, invalid_commands));
1932         out += sprintf(out, "unhandled_commands:          %u\n",
1933                        ipmi_get_stat(intf, unhandled_commands));
1934         out += sprintf(out, "invalid_events:              %u\n",
1935                        ipmi_get_stat(intf, invalid_events));
1936         out += sprintf(out, "events:                      %u\n",
1937                        ipmi_get_stat(intf, events));
1938
1939         return (out - ((char *) page));
1940 }
1941 #endif /* CONFIG_PROC_FS */
1942
1943 int ipmi_smi_add_proc_entry(ipmi_smi_t smi, char *name,
1944                             read_proc_t *read_proc,
1945                             void *data, struct module *owner)
1946 {
1947         int                    rv = 0;
1948 #ifdef CONFIG_PROC_FS
1949         struct proc_dir_entry  *file;
1950         struct ipmi_proc_entry *entry;
1951
1952         /* Create a list element. */
1953         entry = kmalloc(sizeof(*entry), GFP_KERNEL);
1954         if (!entry)
1955                 return -ENOMEM;
1956         entry->name = kmalloc(strlen(name)+1, GFP_KERNEL);
1957         if (!entry->name) {
1958                 kfree(entry);
1959                 return -ENOMEM;
1960         }
1961         strcpy(entry->name, name);
1962
1963         file = create_proc_entry(name, 0, smi->proc_dir);
1964         if (!file) {
1965                 kfree(entry->name);
1966                 kfree(entry);
1967                 rv = -ENOMEM;
1968         } else {
1969                 file->data = data;
1970                 file->read_proc = read_proc;
1971                 file->owner = owner;
1972
1973                 mutex_lock(&smi->proc_entry_lock);
1974                 /* Stick it on the list. */
1975                 entry->next = smi->proc_entries;
1976                 smi->proc_entries = entry;
1977                 mutex_unlock(&smi->proc_entry_lock);
1978         }
1979 #endif /* CONFIG_PROC_FS */
1980
1981         return rv;
1982 }
1983 EXPORT_SYMBOL(ipmi_smi_add_proc_entry);
1984
1985 static int add_proc_entries(ipmi_smi_t smi, int num)
1986 {
1987         int rv = 0;
1988
1989 #ifdef CONFIG_PROC_FS
1990         sprintf(smi->proc_dir_name, "%d", num);
1991         smi->proc_dir = proc_mkdir(smi->proc_dir_name, proc_ipmi_root);
1992         if (!smi->proc_dir)
1993                 rv = -ENOMEM;
1994         else
1995                 smi->proc_dir->owner = THIS_MODULE;
1996
1997         if (rv == 0)
1998                 rv = ipmi_smi_add_proc_entry(smi, "stats",
1999                                              stat_file_read_proc,
2000                                              smi, THIS_MODULE);
2001
2002         if (rv == 0)
2003                 rv = ipmi_smi_add_proc_entry(smi, "ipmb",
2004                                              ipmb_file_read_proc,
2005                                              smi, THIS_MODULE);
2006
2007         if (rv == 0)
2008                 rv = ipmi_smi_add_proc_entry(smi, "version",
2009                                              version_file_read_proc,
2010                                              smi, THIS_MODULE);
2011 #endif /* CONFIG_PROC_FS */
2012
2013         return rv;
2014 }
2015
2016 static void remove_proc_entries(ipmi_smi_t smi)
2017 {
2018 #ifdef CONFIG_PROC_FS
2019         struct ipmi_proc_entry *entry;
2020
2021         mutex_lock(&smi->proc_entry_lock);
2022         while (smi->proc_entries) {
2023                 entry = smi->proc_entries;
2024                 smi->proc_entries = entry->next;
2025
2026                 remove_proc_entry(entry->name, smi->proc_dir);
2027                 kfree(entry->name);
2028                 kfree(entry);
2029         }
2030         mutex_unlock(&smi->proc_entry_lock);
2031         remove_proc_entry(smi->proc_dir_name, proc_ipmi_root);
2032 #endif /* CONFIG_PROC_FS */
2033 }
2034
2035 static int __find_bmc_guid(struct device *dev, void *data)
2036 {
2037         unsigned char *id = data;
2038         struct bmc_device *bmc = dev_get_drvdata(dev);
2039         return memcmp(bmc->guid, id, 16) == 0;
2040 }
2041
2042 static struct bmc_device *ipmi_find_bmc_guid(struct device_driver *drv,
2043                                              unsigned char *guid)
2044 {
2045         struct device *dev;
2046
2047         dev = driver_find_device(drv, NULL, guid, __find_bmc_guid);
2048         if (dev)
2049                 return dev_get_drvdata(dev);
2050         else
2051                 return NULL;
2052 }
2053
2054 struct prod_dev_id {
2055         unsigned int  product_id;
2056         unsigned char device_id;
2057 };
2058
2059 static int __find_bmc_prod_dev_id(struct device *dev, void *data)
2060 {
2061         struct prod_dev_id *id = data;
2062         struct bmc_device *bmc = dev_get_drvdata(dev);
2063
2064         return (bmc->id.product_id == id->product_id
2065                 && bmc->id.device_id == id->device_id);
2066 }
2067
2068 static struct bmc_device *ipmi_find_bmc_prod_dev_id(
2069         struct device_driver *drv,
2070         unsigned int product_id, unsigned char device_id)
2071 {
2072         struct prod_dev_id id = {
2073                 .product_id = product_id,
2074                 .device_id = device_id,
2075         };
2076         struct device *dev;
2077
2078         dev = driver_find_device(drv, NULL, &id, __find_bmc_prod_dev_id);
2079         if (dev)
2080                 return dev_get_drvdata(dev);
2081         else
2082                 return NULL;
2083 }
2084
2085 static ssize_t device_id_show(struct device *dev,
2086                               struct device_attribute *attr,
2087                               char *buf)
2088 {
2089         struct bmc_device *bmc = dev_get_drvdata(dev);
2090
2091         return snprintf(buf, 10, "%u\n", bmc->id.device_id);
2092 }
2093
2094 static ssize_t provides_dev_sdrs_show(struct device *dev,
2095                                       struct device_attribute *attr,
2096                                       char *buf)
2097 {
2098         struct bmc_device *bmc = dev_get_drvdata(dev);
2099
2100         return snprintf(buf, 10, "%u\n",
2101                         (bmc->id.device_revision & 0x80) >> 7);
2102 }
2103
2104 static ssize_t revision_show(struct device *dev, struct device_attribute *attr,
2105                              char *buf)
2106 {
2107         struct bmc_device *bmc = dev_get_drvdata(dev);
2108
2109         return snprintf(buf, 20, "%u\n",
2110                         bmc->id.device_revision & 0x0F);
2111 }
2112
2113 static ssize_t firmware_rev_show(struct device *dev,
2114                                  struct device_attribute *attr,
2115                                  char *buf)
2116 {
2117         struct bmc_device *bmc = dev_get_drvdata(dev);
2118
2119         return snprintf(buf, 20, "%u.%x\n", bmc->id.firmware_revision_1,
2120                         bmc->id.firmware_revision_2);
2121 }
2122
2123 static ssize_t ipmi_version_show(struct device *dev,
2124                                  struct device_attribute *attr,
2125                                  char *buf)
2126 {
2127         struct bmc_device *bmc = dev_get_drvdata(dev);
2128
2129         return snprintf(buf, 20, "%u.%u\n",
2130                         ipmi_version_major(&bmc->id),
2131                         ipmi_version_minor(&bmc->id));
2132 }
2133
2134 static ssize_t add_dev_support_show(struct device *dev,
2135                                     struct device_attribute *attr,
2136                                     char *buf)
2137 {
2138         struct bmc_device *bmc = dev_get_drvdata(dev);
2139
2140         return snprintf(buf, 10, "0x%02x\n",
2141                         bmc->id.additional_device_support);
2142 }
2143
2144 static ssize_t manufacturer_id_show(struct device *dev,
2145                                     struct device_attribute *attr,
2146                                     char *buf)
2147 {
2148         struct bmc_device *bmc = dev_get_drvdata(dev);
2149
2150         return snprintf(buf, 20, "0x%6.6x\n", bmc->id.manufacturer_id);
2151 }
2152
2153 static ssize_t product_id_show(struct device *dev,
2154                                struct device_attribute *attr,
2155                                char *buf)
2156 {
2157         struct bmc_device *bmc = dev_get_drvdata(dev);
2158
2159         return snprintf(buf, 10, "0x%4.4x\n", bmc->id.product_id);
2160 }
2161
2162 static ssize_t aux_firmware_rev_show(struct device *dev,
2163                                      struct device_attribute *attr,
2164                                      char *buf)
2165 {
2166         struct bmc_device *bmc = dev_get_drvdata(dev);
2167
2168         return snprintf(buf, 21, "0x%02x 0x%02x 0x%02x 0x%02x\n",
2169                         bmc->id.aux_firmware_revision[3],
2170                         bmc->id.aux_firmware_revision[2],
2171                         bmc->id.aux_firmware_revision[1],
2172                         bmc->id.aux_firmware_revision[0]);
2173 }
2174
2175 static ssize_t guid_show(struct device *dev, struct device_attribute *attr,
2176                          char *buf)
2177 {
2178         struct bmc_device *bmc = dev_get_drvdata(dev);
2179
2180         return snprintf(buf, 100, "%Lx%Lx\n",
2181                         (long long) bmc->guid[0],
2182                         (long long) bmc->guid[8]);
2183 }
2184
2185 static void remove_files(struct bmc_device *bmc)
2186 {
2187         if (!bmc->dev)
2188                 return;
2189
2190         device_remove_file(&bmc->dev->dev,
2191                            &bmc->device_id_attr);
2192         device_remove_file(&bmc->dev->dev,
2193                            &bmc->provides_dev_sdrs_attr);
2194         device_remove_file(&bmc->dev->dev,
2195                            &bmc->revision_attr);
2196         device_remove_file(&bmc->dev->dev,
2197                            &bmc->firmware_rev_attr);
2198         device_remove_file(&bmc->dev->dev,
2199                            &bmc->version_attr);
2200         device_remove_file(&bmc->dev->dev,
2201                            &bmc->add_dev_support_attr);
2202         device_remove_file(&bmc->dev->dev,
2203                            &bmc->manufacturer_id_attr);
2204         device_remove_file(&bmc->dev->dev,
2205                            &bmc->product_id_attr);
2206
2207         if (bmc->id.aux_firmware_revision_set)
2208                 device_remove_file(&bmc->dev->dev,
2209                                    &bmc->aux_firmware_rev_attr);
2210         if (bmc->guid_set)
2211                 device_remove_file(&bmc->dev->dev,
2212                                    &bmc->guid_attr);
2213 }
2214
2215 static void
2216 cleanup_bmc_device(struct kref *ref)
2217 {
2218         struct bmc_device *bmc;
2219
2220         bmc = container_of(ref, struct bmc_device, refcount);
2221
2222         remove_files(bmc);
2223         platform_device_unregister(bmc->dev);
2224         kfree(bmc);
2225 }
2226
2227 static void ipmi_bmc_unregister(ipmi_smi_t intf)
2228 {
2229         struct bmc_device *bmc = intf->bmc;
2230
2231         if (intf->sysfs_name) {
2232                 sysfs_remove_link(&intf->si_dev->kobj, intf->sysfs_name);
2233                 kfree(intf->sysfs_name);
2234                 intf->sysfs_name = NULL;
2235         }
2236         if (intf->my_dev_name) {
2237                 sysfs_remove_link(&bmc->dev->dev.kobj, intf->my_dev_name);
2238                 kfree(intf->my_dev_name);
2239                 intf->my_dev_name = NULL;
2240         }
2241
2242         mutex_lock(&ipmidriver_mutex);
2243         kref_put(&bmc->refcount, cleanup_bmc_device);
2244         intf->bmc = NULL;
2245         mutex_unlock(&ipmidriver_mutex);
2246 }
2247
2248 static int create_files(struct bmc_device *bmc)
2249 {
2250         int err;
2251
2252         bmc->device_id_attr.attr.name = "device_id";
2253         bmc->device_id_attr.attr.mode = S_IRUGO;
2254         bmc->device_id_attr.show = device_id_show;
2255
2256         bmc->provides_dev_sdrs_attr.attr.name = "provides_device_sdrs";
2257         bmc->provides_dev_sdrs_attr.attr.mode = S_IRUGO;
2258         bmc->provides_dev_sdrs_attr.show = provides_dev_sdrs_show;
2259
2260         bmc->revision_attr.attr.name = "revision";
2261         bmc->revision_attr.attr.mode = S_IRUGO;
2262         bmc->revision_attr.show = revision_show;
2263
2264         bmc->firmware_rev_attr.attr.name = "firmware_revision";
2265         bmc->firmware_rev_attr.attr.mode = S_IRUGO;
2266         bmc->firmware_rev_attr.show = firmware_rev_show;
2267
2268         bmc->version_attr.attr.name = "ipmi_version";
2269         bmc->version_attr.attr.mode = S_IRUGO;
2270         bmc->version_attr.show = ipmi_version_show;
2271
2272         bmc->add_dev_support_attr.attr.name = "additional_device_support";
2273         bmc->add_dev_support_attr.attr.mode = S_IRUGO;
2274         bmc->add_dev_support_attr.show = add_dev_support_show;
2275
2276         bmc->manufacturer_id_attr.attr.name = "manufacturer_id";
2277         bmc->manufacturer_id_attr.attr.mode = S_IRUGO;
2278         bmc->manufacturer_id_attr.show = manufacturer_id_show;
2279
2280         bmc->product_id_attr.attr.name = "product_id";
2281         bmc->product_id_attr.attr.mode = S_IRUGO;
2282         bmc->product_id_attr.show = product_id_show;
2283
2284         bmc->guid_attr.attr.name = "guid";
2285         bmc->guid_attr.attr.mode = S_IRUGO;
2286         bmc->guid_attr.show = guid_show;
2287
2288         bmc->aux_firmware_rev_attr.attr.name = "aux_firmware_revision";
2289         bmc->aux_firmware_rev_attr.attr.mode = S_IRUGO;
2290         bmc->aux_firmware_rev_attr.show = aux_firmware_rev_show;
2291
2292         err = device_create_file(&bmc->dev->dev,
2293                            &bmc->device_id_attr);
2294         if (err)
2295                 goto out;
2296         err = device_create_file(&bmc->dev->dev,
2297                            &bmc->provides_dev_sdrs_attr);
2298         if (err)
2299                 goto out_devid;
2300         err = device_create_file(&bmc->dev->dev,
2301                            &bmc->revision_attr);
2302         if (err)
2303                 goto out_sdrs;
2304         err = device_create_file(&bmc->dev->dev,
2305                            &bmc->firmware_rev_attr);
2306         if (err)
2307                 goto out_rev;
2308         err = device_create_file(&bmc->dev->dev,
2309                            &bmc->version_attr);
2310         if (err)
2311                 goto out_firm;
2312         err = device_create_file(&bmc->dev->dev,
2313                            &bmc->add_dev_support_attr);
2314         if (err)
2315                 goto out_version;
2316         err = device_create_file(&bmc->dev->dev,
2317                            &bmc->manufacturer_id_attr);
2318         if (err)
2319                 goto out_add_dev;
2320         err = device_create_file(&bmc->dev->dev,
2321                            &bmc->product_id_attr);
2322         if (err)
2323                 goto out_manu;
2324         if (bmc->id.aux_firmware_revision_set) {
2325                 err = device_create_file(&bmc->dev->dev,
2326                                    &bmc->aux_firmware_rev_attr);
2327                 if (err)
2328                         goto out_prod_id;
2329         }
2330         if (bmc->guid_set) {
2331                 err = device_create_file(&bmc->dev->dev,
2332                                    &bmc->guid_attr);
2333                 if (err)
2334                         goto out_aux_firm;
2335         }
2336
2337         return 0;
2338
2339 out_aux_firm:
2340         if (bmc->id.aux_firmware_revision_set)
2341                 device_remove_file(&bmc->dev->dev,
2342                                    &bmc->aux_firmware_rev_attr);
2343 out_prod_id:
2344         device_remove_file(&bmc->dev->dev,
2345                            &bmc->product_id_attr);
2346 out_manu:
2347         device_remove_file(&bmc->dev->dev,
2348                            &bmc->manufacturer_id_attr);
2349 out_add_dev:
2350         device_remove_file(&bmc->dev->dev,
2351                            &bmc->add_dev_support_attr);
2352 out_version:
2353         device_remove_file(&bmc->dev->dev,
2354                            &bmc->version_attr);
2355 out_firm:
2356         device_remove_file(&bmc->dev->dev,
2357                            &bmc->firmware_rev_attr);
2358 out_rev:
2359         device_remove_file(&bmc->dev->dev,
2360                            &bmc->revision_attr);
2361 out_sdrs:
2362         device_remove_file(&bmc->dev->dev,
2363                            &bmc->provides_dev_sdrs_attr);
2364 out_devid:
2365         device_remove_file(&bmc->dev->dev,
2366                            &bmc->device_id_attr);
2367 out:
2368         return err;
2369 }
2370
2371 static int ipmi_bmc_register(ipmi_smi_t intf, int ifnum,
2372                              const char *sysfs_name)
2373 {
2374         int               rv;
2375         struct bmc_device *bmc = intf->bmc;
2376         struct bmc_device *old_bmc;
2377         int               size;
2378         char              dummy[1];
2379
2380         mutex_lock(&ipmidriver_mutex);
2381
2382         /*
2383          * Try to find if there is an bmc_device struct
2384          * representing the interfaced BMC already
2385          */
2386         if (bmc->guid_set)
2387                 old_bmc = ipmi_find_bmc_guid(&ipmidriver, bmc->guid);
2388         else
2389                 old_bmc = ipmi_find_bmc_prod_dev_id(&ipmidriver,
2390                                                     bmc->id.product_id,
2391                                                     bmc->id.device_id);
2392
2393         /*
2394          * If there is already an bmc_device, free the new one,
2395          * otherwise register the new BMC device
2396          */
2397         if (old_bmc) {
2398                 kfree(bmc);
2399                 intf->bmc = old_bmc;
2400                 bmc = old_bmc;
2401
2402                 kref_get(&bmc->refcount);
2403                 mutex_unlock(&ipmidriver_mutex);
2404
2405                 printk(KERN_INFO
2406                        "ipmi: interfacing existing BMC (man_id: 0x%6.6x,"
2407                        " prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",
2408                        bmc->id.manufacturer_id,
2409                        bmc->id.product_id,
2410                        bmc->id.device_id);
2411         } else {
2412                 char name[14];
2413                 unsigned char orig_dev_id = bmc->id.device_id;
2414                 int warn_printed = 0;
2415
2416                 snprintf(name, sizeof(name),
2417                          "ipmi_bmc.%4.4x", bmc->id.product_id);
2418
2419                 while (ipmi_find_bmc_prod_dev_id(&ipmidriver,
2420                                                  bmc->id.product_id,
2421                                                  bmc->id.device_id)) {
2422                         if (!warn_printed) {
2423                                 printk(KERN_WARNING PFX
2424                                        "This machine has two different BMCs"
2425                                        " with the same product id and device"
2426                                        " id.  This is an error in the"
2427                                        " firmware, but incrementing the"
2428                                        " device id to work around the problem."
2429                                        " Prod ID = 0x%x, Dev ID = 0x%x\n",
2430                                        bmc->id.product_id, bmc->id.device_id);
2431                                 warn_printed = 1;
2432                         }
2433                         bmc->id.device_id++; /* Wraps at 255 */
2434                         if (bmc->id.device_id == orig_dev_id) {
2435                                 printk(KERN_ERR PFX
2436                                        "Out of device ids!\n");
2437                                 break;
2438                         }
2439                 }
2440
2441                 bmc->dev = platform_device_alloc(name, bmc->id.device_id);
2442                 if (!bmc->dev) {
2443                         mutex_unlock(&ipmidriver_mutex);
2444                         printk(KERN_ERR
2445                                "ipmi_msghandler:"
2446                                " Unable to allocate platform device\n");
2447                         return -ENOMEM;
2448                 }
2449                 bmc->dev->dev.driver = &ipmidriver;
2450                 dev_set_drvdata(&bmc->dev->dev, bmc);
2451                 kref_init(&bmc->refcount);
2452
2453                 rv = platform_device_add(bmc->dev);
2454                 mutex_unlock(&ipmidriver_mutex);
2455                 if (rv) {
2456                         platform_device_put(bmc->dev);
2457                         bmc->dev = NULL;
2458                         printk(KERN_ERR
2459                                "ipmi_msghandler:"
2460                                " Unable to register bmc device: %d\n",
2461                                rv);
2462                         /*
2463                          * Don't go to out_err, you can only do that if
2464                          * the device is registered already.
2465                          */
2466                         return rv;
2467                 }
2468
2469                 rv = create_files(bmc);
2470                 if (rv) {
2471                         mutex_lock(&ipmidriver_mutex);
2472                         platform_device_unregister(bmc->dev);
2473                         mutex_unlock(&ipmidriver_mutex);
2474
2475                         return rv;
2476                 }
2477
2478                 printk(KERN_INFO
2479                        "ipmi: Found new BMC (man_id: 0x%6.6x, "
2480                        " prod_id: 0x%4.4x, dev_id: 0x%2.2x)\n",
2481                        bmc->id.manufacturer_id,
2482                        bmc->id.product_id,
2483                        bmc->id.device_id);
2484         }
2485
2486         /*
2487          * create symlink from system interface device to bmc device
2488          * and back.
2489          */
2490         intf->sysfs_name = kstrdup(sysfs_name, GFP_KERNEL);
2491         if (!intf->sysfs_name) {
2492                 rv = -ENOMEM;
2493                 printk(KERN_ERR
2494                        "ipmi_msghandler: allocate link to BMC: %d\n",
2495                        rv);
2496                 goto out_err;
2497         }
2498
2499         rv = sysfs_create_link(&intf->si_dev->kobj,
2500                                &bmc->dev->dev.kobj, intf->sysfs_name);
2501         if (rv) {
2502                 kfree(intf->sysfs_name);
2503                 intf->sysfs_name = NULL;
2504                 printk(KERN_ERR
2505                        "ipmi_msghandler: Unable to create bmc symlink: %d\n",
2506                        rv);
2507                 goto out_err;
2508         }
2509
2510         size = snprintf(dummy, 0, "ipmi%d", ifnum);
2511         intf->my_dev_name = kmalloc(size+1, GFP_KERNEL);
2512         if (!intf->my_dev_name) {
2513                 kfree(intf->sysfs_name);
2514                 intf->sysfs_name = NULL;
2515                 rv = -ENOMEM;
2516                 printk(KERN_ERR
2517                        "ipmi_msghandler: allocate link from BMC: %d\n",
2518                        rv);
2519                 goto out_err;
2520         }
2521         snprintf(intf->my_dev_name, size+1, "ipmi%d", ifnum);
2522
2523         rv = sysfs_create_link(&bmc->dev->dev.kobj, &intf->si_dev->kobj,
2524                                intf->my_dev_name);
2525         if (rv) {
2526                 kfree(intf->sysfs_name);
2527                 intf->sysfs_name = NULL;
2528                 kfree(intf->my_dev_name);
2529                 intf->my_dev_name = NULL;
2530                 printk(KERN_ERR
2531                        "ipmi_msghandler:"
2532                        " Unable to create symlink to bmc: %d\n",
2533                        rv);
2534                 goto out_err;
2535         }
2536
2537         return 0;
2538
2539 out_err:
2540         ipmi_bmc_unregister(intf);
2541         return rv;
2542 }
2543
2544 static int
2545 send_guid_cmd(ipmi_smi_t intf, int chan)
2546 {
2547         struct kernel_ipmi_msg            msg;
2548         struct ipmi_system_interface_addr si;
2549
2550         si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2551         si.channel = IPMI_BMC_CHANNEL;
2552         si.lun = 0;
2553
2554         msg.netfn = IPMI_NETFN_APP_REQUEST;
2555         msg.cmd = IPMI_GET_DEVICE_GUID_CMD;
2556         msg.data = NULL;
2557         msg.data_len = 0;
2558         return i_ipmi_request(NULL,
2559                               intf,
2560                               (struct ipmi_addr *) &si,
2561                               0,
2562                               &msg,
2563                               intf,
2564                               NULL,
2565                               NULL,
2566                               0,
2567                               intf->channels[0].address,
2568                               intf->channels[0].lun,
2569                               -1, 0);
2570 }
2571
2572 static void
2573 guid_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
2574 {
2575         if ((msg->addr.addr_type != IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
2576             || (msg->msg.netfn != IPMI_NETFN_APP_RESPONSE)
2577             || (msg->msg.cmd != IPMI_GET_DEVICE_GUID_CMD))
2578                 /* Not for me */
2579                 return;
2580
2581         if (msg->msg.data[0] != 0) {
2582                 /* Error from getting the GUID, the BMC doesn't have one. */
2583                 intf->bmc->guid_set = 0;
2584                 goto out;
2585         }
2586
2587         if (msg->msg.data_len < 17) {
2588                 intf->bmc->guid_set = 0;
2589                 printk(KERN_WARNING PFX
2590                        "guid_handler: The GUID response from the BMC was too"
2591                        " short, it was %d but should have been 17.  Assuming"
2592                        " GUID is not available.\n",
2593                        msg->msg.data_len);
2594                 goto out;
2595         }
2596
2597         memcpy(intf->bmc->guid, msg->msg.data, 16);
2598         intf->bmc->guid_set = 1;
2599  out:
2600         wake_up(&intf->waitq);
2601 }
2602
2603 static void
2604 get_guid(ipmi_smi_t intf)
2605 {
2606         int rv;
2607
2608         intf->bmc->guid_set = 0x2;
2609         intf->null_user_handler = guid_handler;
2610         rv = send_guid_cmd(intf, 0);
2611         if (rv)
2612                 /* Send failed, no GUID available. */
2613                 intf->bmc->guid_set = 0;
2614         wait_event(intf->waitq, intf->bmc->guid_set != 2);
2615         intf->null_user_handler = NULL;
2616 }
2617
2618 static int
2619 send_channel_info_cmd(ipmi_smi_t intf, int chan)
2620 {
2621         struct kernel_ipmi_msg            msg;
2622         unsigned char                     data[1];
2623         struct ipmi_system_interface_addr si;
2624
2625         si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2626         si.channel = IPMI_BMC_CHANNEL;
2627         si.lun = 0;
2628
2629         msg.netfn = IPMI_NETFN_APP_REQUEST;
2630         msg.cmd = IPMI_GET_CHANNEL_INFO_CMD;
2631         msg.data = data;
2632         msg.data_len = 1;
2633         data[0] = chan;
2634         return i_ipmi_request(NULL,
2635                               intf,
2636                               (struct ipmi_addr *) &si,
2637                               0,
2638                               &msg,
2639                               intf,
2640                               NULL,
2641                               NULL,
2642                               0,
2643                               intf->channels[0].address,
2644                               intf->channels[0].lun,
2645                               -1, 0);
2646 }
2647
2648 static void
2649 channel_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
2650 {
2651         int rv = 0;
2652         int chan;
2653
2654         if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
2655             && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
2656             && (msg->msg.cmd == IPMI_GET_CHANNEL_INFO_CMD)) {
2657                 /* It's the one we want */
2658                 if (msg->msg.data[0] != 0) {
2659                         /* Got an error from the channel, just go on. */
2660
2661                         if (msg->msg.data[0] == IPMI_INVALID_COMMAND_ERR) {
2662                                 /*
2663                                  * If the MC does not support this
2664                                  * command, that is legal.  We just
2665                                  * assume it has one IPMB at channel
2666                                  * zero.
2667                                  */
2668                                 intf->channels[0].medium
2669                                         = IPMI_CHANNEL_MEDIUM_IPMB;
2670                                 intf->channels[0].protocol
2671                                         = IPMI_CHANNEL_PROTOCOL_IPMB;
2672                                 rv = -ENOSYS;
2673
2674                                 intf->curr_channel = IPMI_MAX_CHANNELS;
2675                                 wake_up(&intf->waitq);
2676                                 goto out;
2677                         }
2678                         goto next_channel;
2679                 }
2680                 if (msg->msg.data_len < 4) {
2681                         /* Message not big enough, just go on. */
2682                         goto next_channel;
2683                 }
2684                 chan = intf->curr_channel;
2685                 intf->channels[chan].medium = msg->msg.data[2] & 0x7f;
2686                 intf->channels[chan].protocol = msg->msg.data[3] & 0x1f;
2687
2688  next_channel:
2689                 intf->curr_channel++;
2690                 if (intf->curr_channel >= IPMI_MAX_CHANNELS)
2691                         wake_up(&intf->waitq);
2692                 else
2693                         rv = send_channel_info_cmd(intf, intf->curr_channel);
2694
2695                 if (rv) {
2696                         /* Got an error somehow, just give up. */
2697                         intf->curr_channel = IPMI_MAX_CHANNELS;
2698                         wake_up(&intf->waitq);
2699
2700                         printk(KERN_WARNING PFX
2701                                "Error sending channel information: %d\n",
2702                                rv);
2703                 }
2704         }
2705  out:
2706         return;
2707 }
2708
2709 void ipmi_poll_interface(ipmi_user_t user)
2710 {
2711         ipmi_smi_t intf = user->intf;
2712
2713         if (intf->handlers->poll)
2714                 intf->handlers->poll(intf->send_info);
2715 }
2716 EXPORT_SYMBOL(ipmi_poll_interface);
2717
2718 int ipmi_register_smi(struct ipmi_smi_handlers *handlers,
2719                       void                     *send_info,
2720                       struct ipmi_device_id    *device_id,
2721                       struct device            *si_dev,
2722                       const char               *sysfs_name,
2723                       unsigned char            slave_addr)
2724 {
2725         int              i, j;
2726         int              rv;
2727         ipmi_smi_t       intf;
2728         ipmi_smi_t       tintf;
2729         struct list_head *link;
2730
2731         /*
2732          * Make sure the driver is actually initialized, this handles
2733          * problems with initialization order.
2734          */
2735         if (!initialized) {
2736                 rv = ipmi_init_msghandler();
2737                 if (rv)
2738                         return rv;
2739                 /*
2740                  * The init code doesn't return an error if it was turned
2741                  * off, but it won't initialize.  Check that.
2742                  */
2743                 if (!initialized)
2744                         return -ENODEV;
2745         }
2746
2747         intf = kzalloc(sizeof(*intf), GFP_KERNEL);
2748         if (!intf)
2749                 return -ENOMEM;
2750
2751         intf->ipmi_version_major = ipmi_version_major(device_id);
2752         intf->ipmi_version_minor = ipmi_version_minor(device_id);
2753
2754         intf->bmc = kzalloc(sizeof(*intf->bmc), GFP_KERNEL);
2755         if (!intf->bmc) {
2756                 kfree(intf);
2757                 return -ENOMEM;
2758         }
2759         intf->intf_num = -1; /* Mark it invalid for now. */
2760         kref_init(&intf->refcount);
2761         intf->bmc->id = *device_id;
2762         intf->si_dev = si_dev;
2763         for (j = 0; j < IPMI_MAX_CHANNELS; j++) {
2764                 intf->channels[j].address = IPMI_BMC_SLAVE_ADDR;
2765                 intf->channels[j].lun = 2;
2766         }
2767         if (slave_addr != 0)
2768                 intf->channels[0].address = slave_addr;
2769         INIT_LIST_HEAD(&intf->users);
2770         intf->handlers = handlers;
2771         intf->send_info = send_info;
2772         spin_lock_init(&intf->seq_lock);
2773         for (j = 0; j < IPMI_IPMB_NUM_SEQ; j++) {
2774                 intf->seq_table[j].inuse = 0;
2775                 intf->seq_table[j].seqid = 0;
2776         }
2777         intf->curr_seq = 0;
2778 #ifdef CONFIG_PROC_FS
2779         mutex_init(&intf->proc_entry_lock);
2780 #endif
2781         spin_lock_init(&intf->waiting_msgs_lock);
2782         INIT_LIST_HEAD(&intf->waiting_msgs);
2783         spin_lock_init(&intf->events_lock);
2784         INIT_LIST_HEAD(&intf->waiting_events);
2785         intf->waiting_events_count = 0;
2786         mutex_init(&intf->cmd_rcvrs_mutex);
2787         spin_lock_init(&intf->maintenance_mode_lock);
2788         INIT_LIST_HEAD(&intf->cmd_rcvrs);
2789         init_waitqueue_head(&intf->waitq);
2790         for (i = 0; i < IPMI_NUM_STATS; i++)
2791                 atomic_set(&intf->stats[i], 0);
2792
2793         intf->proc_dir = NULL;
2794
2795         mutex_lock(&smi_watchers_mutex);
2796         mutex_lock(&ipmi_interfaces_mutex);
2797         /* Look for a hole in the numbers. */
2798         i = 0;
2799         link = &ipmi_interfaces;
2800         list_for_each_entry_rcu(tintf, &ipmi_interfaces, link) {
2801                 if (tintf->intf_num != i) {
2802                         link = &tintf->link;
2803                         break;
2804                 }
2805                 i++;
2806         }
2807         /* Add the new interface in numeric order. */
2808         if (i == 0)
2809                 list_add_rcu(&intf->link, &ipmi_interfaces);
2810         else
2811                 list_add_tail_rcu(&intf->link, link);
2812
2813         rv = handlers->start_processing(send_info, intf);
2814         if (rv)
2815                 goto out;
2816
2817         get_guid(intf);
2818
2819         if ((intf->ipmi_version_major > 1)
2820                         || ((intf->ipmi_version_major == 1)
2821                             && (intf->ipmi_version_minor >= 5))) {
2822                 /*
2823                  * Start scanning the channels to see what is
2824                  * available.
2825                  */
2826                 intf->null_user_handler = channel_handler;
2827                 intf->curr_channel = 0;
2828                 rv = send_channel_info_cmd(intf, 0);
2829                 if (rv)
2830                         goto out;
2831
2832                 /* Wait for the channel info to be read. */
2833                 wait_event(intf->waitq,
2834                            intf->curr_channel >= IPMI_MAX_CHANNELS);
2835                 intf->null_user_handler = NULL;
2836         } else {
2837                 /* Assume a single IPMB channel at zero. */
2838                 intf->channels[0].medium = IPMI_CHANNEL_MEDIUM_IPMB;
2839                 intf->channels[0].protocol = IPMI_CHANNEL_PROTOCOL_IPMB;
2840         }
2841
2842         if (rv == 0)
2843                 rv = add_proc_entries(intf, i);
2844
2845         rv = ipmi_bmc_register(intf, i, sysfs_name);
2846
2847  out:
2848         if (rv) {
2849                 if (intf->proc_dir)
2850                         remove_proc_entries(intf);
2851                 intf->handlers = NULL;
2852                 list_del_rcu(&intf->link);
2853                 mutex_unlock(&ipmi_interfaces_mutex);
2854                 mutex_unlock(&smi_watchers_mutex);
2855                 synchronize_rcu();
2856                 kref_put(&intf->refcount, intf_free);
2857         } else {
2858                 /*
2859                  * Keep memory order straight for RCU readers.  Make
2860                  * sure everything else is committed to memory before
2861                  * setting intf_num to mark the interface valid.
2862                  */
2863                 smp_wmb();
2864                 intf->intf_num = i;
2865                 mutex_unlock(&ipmi_interfaces_mutex);
2866                 /* After this point the interface is legal to use. */
2867                 call_smi_watchers(i, intf->si_dev);
2868                 mutex_unlock(&smi_watchers_mutex);
2869         }
2870
2871         return rv;
2872 }
2873 EXPORT_SYMBOL(ipmi_register_smi);
2874
2875 static void cleanup_smi_msgs(ipmi_smi_t intf)
2876 {
2877         int              i;
2878         struct seq_table *ent;
2879
2880         /* No need for locks, the interface is down. */
2881         for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
2882                 ent = &(intf->seq_table[i]);
2883                 if (!ent->inuse)
2884                         continue;
2885                 deliver_err_response(ent->recv_msg, IPMI_ERR_UNSPECIFIED);
2886         }
2887 }
2888
2889 int ipmi_unregister_smi(ipmi_smi_t intf)
2890 {
2891         struct ipmi_smi_watcher *w;
2892         int    intf_num = intf->intf_num;
2893
2894         ipmi_bmc_unregister(intf);
2895
2896         mutex_lock(&smi_watchers_mutex);
2897         mutex_lock(&ipmi_interfaces_mutex);
2898         intf->intf_num = -1;
2899         intf->handlers = NULL;
2900         list_del_rcu(&intf->link);
2901         mutex_unlock(&ipmi_interfaces_mutex);
2902         synchronize_rcu();
2903
2904         cleanup_smi_msgs(intf);
2905
2906         remove_proc_entries(intf);
2907
2908         /*
2909          * Call all the watcher interfaces to tell them that
2910          * an interface is gone.
2911          */
2912         list_for_each_entry(w, &smi_watchers, link)
2913                 w->smi_gone(intf_num);
2914         mutex_unlock(&smi_watchers_mutex);
2915
2916         kref_put(&intf->refcount, intf_free);
2917         return 0;
2918 }
2919 EXPORT_SYMBOL(ipmi_unregister_smi);
2920
2921 static int handle_ipmb_get_msg_rsp(ipmi_smi_t          intf,
2922                                    struct ipmi_smi_msg *msg)
2923 {
2924         struct ipmi_ipmb_addr ipmb_addr;
2925         struct ipmi_recv_msg  *recv_msg;
2926
2927         /*
2928          * This is 11, not 10, because the response must contain a
2929          * completion code.
2930          */
2931         if (msg->rsp_size < 11) {
2932                 /* Message not big enough, just ignore it. */
2933                 ipmi_inc_stat(intf, invalid_ipmb_responses);
2934                 return 0;
2935         }
2936
2937         if (msg->rsp[2] != 0) {
2938                 /* An error getting the response, just ignore it. */
2939                 return 0;
2940         }
2941
2942         ipmb_addr.addr_type = IPMI_IPMB_ADDR_TYPE;
2943         ipmb_addr.slave_addr = msg->rsp[6];
2944         ipmb_addr.channel = msg->rsp[3] & 0x0f;
2945         ipmb_addr.lun = msg->rsp[7] & 3;
2946
2947         /*
2948          * It's a response from a remote entity.  Look up the sequence
2949          * number and handle the response.
2950          */
2951         if (intf_find_seq(intf,
2952                           msg->rsp[7] >> 2,
2953                           msg->rsp[3] & 0x0f,
2954                           msg->rsp[8],
2955                           (msg->rsp[4] >> 2) & (~1),
2956                           (struct ipmi_addr *) &(ipmb_addr),
2957                           &recv_msg)) {
2958                 /*
2959                  * We were unable to find the sequence number,
2960                  * so just nuke the message.
2961                  */
2962                 ipmi_inc_stat(intf, unhandled_ipmb_responses);
2963                 return 0;
2964         }
2965
2966         memcpy(recv_msg->msg_data,
2967                &(msg->rsp[9]),
2968                msg->rsp_size - 9);
2969         /*
2970          * The other fields matched, so no need to set them, except
2971          * for netfn, which needs to be the response that was
2972          * returned, not the request value.
2973          */
2974         recv_msg->msg.netfn = msg->rsp[4] >> 2;
2975         recv_msg->msg.data = recv_msg->msg_data;
2976         recv_msg->msg.data_len = msg->rsp_size - 10;
2977         recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
2978         ipmi_inc_stat(intf, handled_ipmb_responses);
2979         deliver_response(recv_msg);
2980
2981         return 0;
2982 }
2983
2984 static int handle_ipmb_get_msg_cmd(ipmi_smi_t          intf,
2985                                    struct ipmi_smi_msg *msg)
2986 {
2987         struct cmd_rcvr          *rcvr;
2988         int                      rv = 0;
2989         unsigned char            netfn;
2990         unsigned char            cmd;
2991         unsigned char            chan;
2992         ipmi_user_t              user = NULL;
2993         struct ipmi_ipmb_addr    *ipmb_addr;
2994         struct ipmi_recv_msg     *recv_msg;
2995         struct ipmi_smi_handlers *handlers;
2996
2997         if (msg->rsp_size < 10) {
2998                 /* Message not big enough, just ignore it. */
2999                 ipmi_inc_stat(intf, invalid_commands);
3000                 return 0;
3001         }
3002
3003         if (msg->rsp[2] != 0) {
3004                 /* An error getting the response, just ignore it. */
3005                 return 0;
3006         }
3007
3008         netfn = msg->rsp[4] >> 2;
3009         cmd = msg->rsp[8];
3010         chan = msg->rsp[3] & 0xf;
3011
3012         rcu_read_lock();
3013         rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);
3014         if (rcvr) {
3015                 user = rcvr->user;
3016                 kref_get(&user->refcount);
3017         } else
3018                 user = NULL;
3019         rcu_read_unlock();
3020
3021         if (user == NULL) {
3022                 /* We didn't find a user, deliver an error response. */
3023                 ipmi_inc_stat(intf, unhandled_commands);
3024
3025                 msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
3026                 msg->data[1] = IPMI_SEND_MSG_CMD;
3027                 msg->data[2] = msg->rsp[3];
3028                 msg->data[3] = msg->rsp[6];
3029                 msg->data[4] = ((netfn + 1) << 2) | (msg->rsp[7] & 0x3);
3030                 msg->data[5] = ipmb_checksum(&(msg->data[3]), 2);
3031                 msg->data[6] = intf->channels[msg->rsp[3] & 0xf].address;
3032                 /* rqseq/lun */
3033                 msg->data[7] = (msg->rsp[7] & 0xfc) | (msg->rsp[4] & 0x3);
3034                 msg->data[8] = msg->rsp[8]; /* cmd */
3035                 msg->data[9] = IPMI_INVALID_CMD_COMPLETION_CODE;
3036                 msg->data[10] = ipmb_checksum(&(msg->data[6]), 4);
3037                 msg->data_size = 11;
3038
3039 #ifdef DEBUG_MSGING
3040         {
3041                 int m;
3042                 printk("Invalid command:");
3043                 for (m = 0; m < msg->data_size; m++)
3044                         printk(" %2.2x", msg->data[m]);
3045                 printk("\n");
3046         }
3047 #endif
3048                 rcu_read_lock();
3049                 handlers = intf->handlers;
3050                 if (handlers) {
3051                         handlers->sender(intf->send_info, msg, 0);
3052                         /*
3053                          * We used the message, so return the value
3054                          * that causes it to not be freed or
3055                          * queued.
3056                          */
3057                         rv = -1;
3058                 }
3059                 rcu_read_unlock();
3060         } else {
3061                 /* Deliver the message to the user. */
3062                 ipmi_inc_stat(intf, handled_commands);
3063
3064                 recv_msg = ipmi_alloc_recv_msg();
3065                 if (!recv_msg) {
3066                         /*
3067                          * We couldn't allocate memory for the
3068                          * message, so requeue it for handling
3069                          * later.
3070                          */
3071                         rv = 1;
3072                         kref_put(&user->refcount, free_user);
3073                 } else {
3074                         /* Extract the source address from the data. */
3075                         ipmb_addr = (struct ipmi_ipmb_addr *) &recv_msg->addr;
3076                         ipmb_addr->addr_type = IPMI_IPMB_ADDR_TYPE;
3077                         ipmb_addr->slave_addr = msg->rsp[6];
3078                         ipmb_addr->lun = msg->rsp[7] & 3;
3079                         ipmb_addr->channel = msg->rsp[3] & 0xf;
3080
3081                         /*
3082                          * Extract the rest of the message information
3083                          * from the IPMB header.
3084                          */
3085                         recv_msg->user = user;
3086                         recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
3087                         recv_msg->msgid = msg->rsp[7] >> 2;
3088                         recv_msg->msg.netfn = msg->rsp[4] >> 2;
3089                         recv_msg->msg.cmd = msg->rsp[8];
3090                         recv_msg->msg.data = recv_msg->msg_data;
3091
3092                         /*
3093                          * We chop off 10, not 9 bytes because the checksum
3094                          * at the end also needs to be removed.
3095                          */
3096                         recv_msg->msg.data_len = msg->rsp_size - 10;
3097                         memcpy(recv_msg->msg_data,
3098                                &(msg->rsp[9]),
3099                                msg->rsp_size - 10);
3100                         deliver_response(recv_msg);
3101                 }
3102         }
3103
3104         return rv;
3105 }
3106
3107 static int handle_lan_get_msg_rsp(ipmi_smi_t          intf,
3108                                   struct ipmi_smi_msg *msg)
3109 {
3110         struct ipmi_lan_addr  lan_addr;
3111         struct ipmi_recv_msg  *recv_msg;
3112
3113
3114         /*
3115          * This is 13, not 12, because the response must contain a
3116          * completion code.
3117          */
3118         if (msg->rsp_size < 13) {
3119                 /* Message not big enough, just ignore it. */
3120                 ipmi_inc_stat(intf, invalid_lan_responses);
3121                 return 0;
3122         }
3123
3124         if (msg->rsp[2] != 0) {
3125                 /* An error getting the response, just ignore it. */
3126                 return 0;
3127         }
3128
3129         lan_addr.addr_type = IPMI_LAN_ADDR_TYPE;
3130         lan_addr.session_handle = msg->rsp[4];
3131         lan_addr.remote_SWID = msg->rsp[8];
3132         lan_addr.local_SWID = msg->rsp[5];
3133         lan_addr.channel = msg->rsp[3] & 0x0f;
3134         lan_addr.privilege = msg->rsp[3] >> 4;
3135         lan_addr.lun = msg->rsp[9] & 3;
3136
3137         /*
3138          * It's a response from a remote entity.  Look up the sequence
3139          * number and handle the response.
3140          */
3141         if (intf_find_seq(intf,
3142                           msg->rsp[9] >> 2,
3143                           msg->rsp[3] & 0x0f,
3144                           msg->rsp[10],
3145                           (msg->rsp[6] >> 2) & (~1),
3146                           (struct ipmi_addr *) &(lan_addr),
3147                           &recv_msg)) {
3148                 /*
3149                  * We were unable to find the sequence number,
3150                  * so just nuke the message.
3151                  */
3152                 ipmi_inc_stat(intf, unhandled_lan_responses);
3153                 return 0;
3154         }
3155
3156         memcpy(recv_msg->msg_data,
3157                &(msg->rsp[11]),
3158                msg->rsp_size - 11);
3159         /*
3160          * The other fields matched, so no need to set them, except
3161          * for netfn, which needs to be the response that was
3162          * returned, not the request value.
3163          */
3164         recv_msg->msg.netfn = msg->rsp[6] >> 2;
3165         recv_msg->msg.data = recv_msg->msg_data;
3166         recv_msg->msg.data_len = msg->rsp_size - 12;
3167         recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
3168         ipmi_inc_stat(intf, handled_lan_responses);
3169         deliver_response(recv_msg);
3170
3171         return 0;
3172 }
3173
3174 static int handle_lan_get_msg_cmd(ipmi_smi_t          intf,
3175                                   struct ipmi_smi_msg *msg)
3176 {
3177         struct cmd_rcvr          *rcvr;
3178         int                      rv = 0;
3179         unsigned char            netfn;
3180         unsigned char            cmd;
3181         unsigned char            chan;
3182         ipmi_user_t              user = NULL;
3183         struct ipmi_lan_addr     *lan_addr;
3184         struct ipmi_recv_msg     *recv_msg;
3185
3186         if (msg->rsp_size < 12) {
3187                 /* Message not big enough, just ignore it. */
3188                 ipmi_inc_stat(intf, invalid_commands);
3189                 return 0;
3190         }
3191
3192         if (msg->rsp[2] != 0) {
3193                 /* An error getting the response, just ignore it. */
3194                 return 0;
3195         }
3196
3197         netfn = msg->rsp[6] >> 2;
3198         cmd = msg->rsp[10];
3199         chan = msg->rsp[3] & 0xf;
3200
3201         rcu_read_lock();
3202         rcvr = find_cmd_rcvr(intf, netfn, cmd, chan);
3203         if (rcvr) {
3204                 user = rcvr->user;
3205                 kref_get(&user->refcount);
3206         } else
3207                 user = NULL;
3208         rcu_read_unlock();
3209
3210         if (user == NULL) {
3211                 /* We didn't find a user, just give up. */
3212                 ipmi_inc_stat(intf, unhandled_commands);
3213
3214                 /*
3215                  * Don't do anything with these messages, just allow
3216                  * them to be freed.
3217                  */
3218                 rv = 0;
3219         } else {
3220                 /* Deliver the message to the user. */
3221                 ipmi_inc_stat(intf, handled_commands);
3222
3223                 recv_msg = ipmi_alloc_recv_msg();
3224                 if (!recv_msg) {
3225                         /*
3226                          * We couldn't allocate memory for the
3227                          * message, so requeue it for handling later.
3228                          */
3229                         rv = 1;
3230                         kref_put(&user->refcount, free_user);
3231                 } else {
3232                         /* Extract the source address from the data. */
3233                         lan_addr = (struct ipmi_lan_addr *) &recv_msg->addr;
3234                         lan_addr->addr_type = IPMI_LAN_ADDR_TYPE;
3235                         lan_addr->session_handle = msg->rsp[4];
3236                         lan_addr->remote_SWID = msg->rsp[8];
3237                         lan_addr->local_SWID = msg->rsp[5];
3238                         lan_addr->lun = msg->rsp[9] & 3;
3239                         lan_addr->channel = msg->rsp[3] & 0xf;
3240                         lan_addr->privilege = msg->rsp[3] >> 4;
3241
3242                         /*
3243                          * Extract the rest of the message information
3244                          * from the IPMB header.
3245                          */
3246                         recv_msg->user = user;
3247                         recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
3248                         recv_msg->msgid = msg->rsp[9] >> 2;
3249                         recv_msg->msg.netfn = msg->rsp[6] >> 2;
3250                         recv_msg->msg.cmd = msg->rsp[10];
3251                         recv_msg->msg.data = recv_msg->msg_data;
3252
3253                         /*
3254                          * We chop off 12, not 11 bytes because the checksum
3255                          * at the end also needs to be removed.
3256                          */
3257                         recv_msg->msg.data_len = msg->rsp_size - 12;
3258                         memcpy(recv_msg->msg_data,
3259                                &(msg->rsp[11]),
3260                                msg->rsp_size - 12);
3261                         deliver_response(recv_msg);
3262                 }
3263         }
3264
3265         return rv;
3266 }
3267
3268 static void copy_event_into_recv_msg(struct ipmi_recv_msg *recv_msg,
3269                                      struct ipmi_smi_msg  *msg)
3270 {
3271         struct ipmi_system_interface_addr *smi_addr;
3272
3273         recv_msg->msgid = 0;
3274         smi_addr = (struct ipmi_system_interface_addr *) &(recv_msg->addr);
3275         smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3276         smi_addr->channel = IPMI_BMC_CHANNEL;
3277         smi_addr->lun = msg->rsp[0] & 3;
3278         recv_msg->recv_type = IPMI_ASYNC_EVENT_RECV_TYPE;
3279         recv_msg->msg.netfn = msg->rsp[0] >> 2;
3280         recv_msg->msg.cmd = msg->rsp[1];
3281         memcpy(recv_msg->msg_data, &(msg->rsp[3]), msg->rsp_size - 3);
3282         recv_msg->msg.data = recv_msg->msg_data;
3283         recv_msg->msg.data_len = msg->rsp_size - 3;
3284 }
3285
3286 static int handle_read_event_rsp(ipmi_smi_t          intf,
3287                                  struct ipmi_smi_msg *msg)
3288 {
3289         struct ipmi_recv_msg *recv_msg, *recv_msg2;
3290         struct list_head     msgs;
3291         ipmi_user_t          user;
3292         int                  rv = 0;
3293         int                  deliver_count = 0;
3294         unsigned long        flags;
3295
3296         if (msg->rsp_size < 19) {
3297                 /* Message is too small to be an IPMB event. */
3298                 ipmi_inc_stat(intf, invalid_events);
3299                 return 0;
3300         }
3301
3302         if (msg->rsp[2] != 0) {
3303                 /* An error getting the event, just ignore it. */
3304                 return 0;
3305         }
3306
3307         INIT_LIST_HEAD(&msgs);
3308
3309         spin_lock_irqsave(&intf->events_lock, flags);
3310
3311         ipmi_inc_stat(intf, events);
3312
3313         /*
3314          * Allocate and fill in one message for every user that is
3315          * getting events.
3316          */
3317         rcu_read_lock();
3318         list_for_each_entry_rcu(user, &intf->users, link) {
3319                 if (!user->gets_events)
3320                         continue;
3321
3322                 recv_msg = ipmi_alloc_recv_msg();
3323                 if (!recv_msg) {
3324                         rcu_read_unlock();
3325                         list_for_each_entry_safe(recv_msg, recv_msg2, &msgs,
3326                                                  link) {
3327                                 list_del(&recv_msg->link);
3328                                 ipmi_free_recv_msg(recv_msg);
3329                         }
3330                         /*
3331                          * We couldn't allocate memory for the
3332                          * message, so requeue it for handling
3333                          * later.
3334                          */
3335                         rv = 1;
3336                         goto out;
3337                 }
3338
3339                 deliver_count++;
3340
3341                 copy_event_into_recv_msg(recv_msg, msg);
3342                 recv_msg->user = user;
3343                 kref_get(&user->refcount);
3344                 list_add_tail(&(recv_msg->link), &msgs);
3345         }
3346         rcu_read_unlock();
3347
3348         if (deliver_count) {
3349                 /* Now deliver all the messages. */
3350                 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) {
3351                         list_del(&recv_msg->link);
3352                         deliver_response(recv_msg);
3353                 }
3354         } else if (intf->waiting_events_count < MAX_EVENTS_IN_QUEUE) {
3355                 /*
3356                  * No one to receive the message, put it in queue if there's
3357                  * not already too many things in the queue.
3358                  */
3359                 recv_msg = ipmi_alloc_recv_msg();
3360                 if (!recv_msg) {
3361                         /*
3362                          * We couldn't allocate memory for the
3363                          * message, so requeue it for handling
3364                          * later.
3365                          */
3366                         rv = 1;
3367                         goto out;
3368                 }
3369
3370                 copy_event_into_recv_msg(recv_msg, msg);
3371                 list_add_tail(&(recv_msg->link), &(intf->waiting_events));
3372                 intf->waiting_events_count++;
3373         } else if (!intf->event_msg_printed) {
3374                 /*
3375                  * There's too many things in the queue, discard this
3376                  * message.
3377                  */
3378                 printk(KERN_WARNING PFX "Event queue full, discarding"
3379                        " incoming events\n");
3380                 intf->event_msg_printed = 1;
3381         }
3382
3383  out:
3384         spin_unlock_irqrestore(&(intf->events_lock), flags);
3385
3386         return rv;
3387 }
3388
3389 static int handle_bmc_rsp(ipmi_smi_t          intf,
3390                           struct ipmi_smi_msg *msg)
3391 {
3392         struct ipmi_recv_msg *recv_msg;
3393         struct ipmi_user     *user;
3394
3395         recv_msg = (struct ipmi_recv_msg *) msg->user_data;
3396         if (recv_msg == NULL) {
3397                 printk(KERN_WARNING
3398                        "IPMI message received with no owner. This\n"
3399                        "could be because of a malformed message, or\n"
3400                        "because of a hardware error.  Contact your\n"
3401                        "hardware vender for assistance\n");
3402                 return 0;
3403         }
3404
3405         user = recv_msg->user;
3406         /* Make sure the user still exists. */
3407         if (user && !user->valid) {
3408                 /* The user for the message went away, so give up. */
3409                 ipmi_inc_stat(intf, unhandled_local_responses);
3410                 ipmi_free_recv_msg(recv_msg);
3411         } else {
3412                 struct ipmi_system_interface_addr *smi_addr;
3413
3414                 ipmi_inc_stat(intf, handled_local_responses);
3415                 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
3416                 recv_msg->msgid = msg->msgid;
3417                 smi_addr = ((struct ipmi_system_interface_addr *)
3418                             &(recv_msg->addr));
3419                 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3420                 smi_addr->channel = IPMI_BMC_CHANNEL;
3421                 smi_addr->lun = msg->rsp[0] & 3;
3422                 recv_msg->msg.netfn = msg->rsp[0] >> 2;
3423                 recv_msg->msg.cmd = msg->rsp[1];
3424                 memcpy(recv_msg->msg_data,
3425                        &(msg->rsp[2]),
3426                        msg->rsp_size - 2);
3427                 recv_msg->msg.data = recv_msg->msg_data;
3428                 recv_msg->msg.data_len = msg->rsp_size - 2;
3429                 deliver_response(recv_msg);
3430         }
3431
3432         return 0;
3433 }
3434
3435 /*
3436  * Handle a new message.  Return 1 if the message should be requeued,
3437  * 0 if the message should be freed, or -1 if the message should not
3438  * be freed or requeued.
3439  */
3440 static int handle_new_recv_msg(ipmi_smi_t          intf,
3441                                struct ipmi_smi_msg *msg)
3442 {
3443         int requeue;
3444         int chan;
3445
3446 #ifdef DEBUG_MSGING
3447         int m;
3448         printk("Recv:");
3449         for (m = 0; m < msg->rsp_size; m++)
3450                 printk(" %2.2x", msg->rsp[m]);
3451         printk("\n");
3452 #endif
3453         if (msg->rsp_size < 2) {
3454                 /* Message is too small to be correct. */
3455                 printk(KERN_WARNING PFX "BMC returned to small a message"
3456                        " for netfn %x cmd %x, got %d bytes\n",
3457                        (msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size);
3458
3459                 /* Generate an error response for the message. */
3460                 msg->rsp[0] = msg->data[0] | (1 << 2);
3461                 msg->rsp[1] = msg->data[1];
3462                 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
3463                 msg->rsp_size = 3;
3464         } else if (((msg->rsp[0] >> 2) != ((msg->data[0] >> 2) | 1))
3465                    || (msg->rsp[1] != msg->data[1])) {
3466                 /*
3467                  * The NetFN and Command in the response is not even
3468                  * marginally correct.
3469                  */
3470                 printk(KERN_WARNING PFX "BMC returned incorrect response,"
3471                        " expected netfn %x cmd %x, got netfn %x cmd %x\n",
3472                        (msg->data[0] >> 2) | 1, msg->data[1],
3473                        msg->rsp[0] >> 2, msg->rsp[1]);
3474
3475                 /* Generate an error response for the message. */
3476                 msg->rsp[0] = msg->data[0] | (1 << 2);
3477                 msg->rsp[1] = msg->data[1];
3478                 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
3479                 msg->rsp_size = 3;
3480         }
3481
3482         if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
3483             && (msg->rsp[1] == IPMI_SEND_MSG_CMD)
3484             && (msg->user_data != NULL)) {
3485                 /*
3486                  * It's a response to a response we sent.  For this we
3487                  * deliver a send message response to the user.
3488                  */
3489                 struct ipmi_recv_msg     *recv_msg = msg->user_data;
3490
3491                 requeue = 0;
3492                 if (msg->rsp_size < 2)
3493                         /* Message is too small to be correct. */
3494                         goto out;
3495
3496                 chan = msg->data[2] & 0x0f;
3497                 if (chan >= IPMI_MAX_CHANNELS)
3498                         /* Invalid channel number */
3499                         goto out;
3500
3501                 if (!recv_msg)
3502                         goto out;
3503
3504                 /* Make sure the user still exists. */
3505                 if (!recv_msg->user || !recv_msg->user->valid)
3506                         goto out;
3507
3508                 recv_msg->recv_type = IPMI_RESPONSE_RESPONSE_TYPE;
3509                 recv_msg->msg.data = recv_msg->msg_data;
3510                 recv_msg->msg.data_len = 1;
3511                 recv_msg->msg_data[0] = msg->rsp[2];
3512                 deliver_response(recv_msg);
3513         } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
3514                    && (msg->rsp[1] == IPMI_GET_MSG_CMD)) {
3515                 /* It's from the receive queue. */
3516                 chan = msg->rsp[3] & 0xf;
3517                 if (chan >= IPMI_MAX_CHANNELS) {
3518                         /* Invalid channel number */
3519                         requeue = 0;
3520                         goto out;
3521                 }
3522
3523                 switch (intf->channels[chan].medium) {
3524                 case IPMI_CHANNEL_MEDIUM_IPMB:
3525                         if (msg->rsp[4] & 0x04) {
3526                                 /*
3527                                  * It's a response, so find the
3528                                  * requesting message and send it up.
3529                                  */
3530                                 requeue = handle_ipmb_get_msg_rsp(intf, msg);
3531                         } else {
3532                                 /*
3533                                  * It's a command to the SMS from some other
3534                                  * entity.  Handle that.
3535                                  */
3536                                 requeue = handle_ipmb_get_msg_cmd(intf, msg);
3537                         }
3538                         break;
3539
3540                 case IPMI_CHANNEL_MEDIUM_8023LAN:
3541                 case IPMI_CHANNEL_MEDIUM_ASYNC:
3542                         if (msg->rsp[6] & 0x04) {
3543                                 /*
3544                                  * It's a response, so find the
3545                                  * requesting message and send it up.
3546                                  */
3547                                 requeue = handle_lan_get_msg_rsp(intf, msg);
3548                         } else {
3549                                 /*
3550                                  * It's a command to the SMS from some other
3551                                  * entity.  Handle that.
3552                                  */
3553                                 requeue = handle_lan_get_msg_cmd(intf, msg);
3554                         }
3555                         break;
3556
3557                 default:
3558                         /*
3559                          * We don't handle the channel type, so just
3560                          * free the message.
3561                          */
3562                         requeue = 0;
3563                 }
3564
3565         } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
3566                    && (msg->rsp[1] == IPMI_READ_EVENT_MSG_BUFFER_CMD)) {
3567                 /* It's an asyncronous event. */
3568                 requeue = handle_read_event_rsp(intf, msg);
3569         } else {
3570                 /* It's a response from the local BMC. */
3571                 requeue = handle_bmc_rsp(intf, msg);
3572         }
3573
3574  out:
3575         return requeue;
3576 }
3577
3578 /* Handle a new message from the lower layer. */
3579 void ipmi_smi_msg_received(ipmi_smi_t          intf,
3580                            struct ipmi_smi_msg *msg)
3581 {
3582         unsigned long flags = 0; /* keep us warning-free. */
3583         int           rv;
3584         int           run_to_completion;
3585
3586
3587         if ((msg->data_size >= 2)
3588             && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2))
3589             && (msg->data[1] == IPMI_SEND_MSG_CMD)
3590             && (msg->user_data == NULL)) {
3591                 /*
3592                  * This is the local response to a command send, start
3593                  * the timer for these.  The user_data will not be
3594                  * NULL if this is a response send, and we will let
3595                  * response sends just go through.
3596                  */
3597
3598                 /*
3599                  * Check for errors, if we get certain errors (ones
3600                  * that mean basically we can try again later), we
3601                  * ignore them and start the timer.  Otherwise we
3602                  * report the error immediately.
3603                  */
3604                 if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0)
3605                     && (msg->rsp[2] != IPMI_NODE_BUSY_ERR)
3606                     && (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR)
3607                     && (msg->rsp[2] != IPMI_BUS_ERR)
3608                     && (msg->rsp[2] != IPMI_NAK_ON_WRITE_ERR)) {
3609                         int chan = msg->rsp[3] & 0xf;
3610
3611                         /* Got an error sending the message, handle it. */
3612                         if (chan >= IPMI_MAX_CHANNELS)
3613                                 ; /* This shouldn't happen */
3614                         else if ((intf->channels[chan].medium
3615                                   == IPMI_CHANNEL_MEDIUM_8023LAN)
3616                                  || (intf->channels[chan].medium
3617                                      == IPMI_CHANNEL_MEDIUM_ASYNC))
3618                                 ipmi_inc_stat(intf, sent_lan_command_errs);
3619                         else
3620                                 ipmi_inc_stat(intf, sent_ipmb_command_errs);
3621                         intf_err_seq(intf, msg->msgid, msg->rsp[2]);
3622                 } else
3623                         /* The message was sent, start the timer. */
3624                         intf_start_seq_timer(intf, msg->msgid);
3625
3626                 ipmi_free_smi_msg(msg);
3627                 goto out;
3628         }
3629
3630         /*
3631          * To preserve message order, if the list is not empty, we
3632          * tack this message onto the end of the list.
3633          */
3634         run_to_completion = intf->run_to_completion;
3635         if (!run_to_completion)
3636                 spin_lock_irqsave(&intf->waiting_msgs_lock, flags);
3637         if (!list_empty(&intf->waiting_msgs)) {
3638                 list_add_tail(&msg->link, &intf->waiting_msgs);
3639                 if (!run_to_completion)
3640                         spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
3641                 goto out;
3642         }
3643         if (!run_to_completion)
3644                 spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
3645
3646         rv = handle_new_recv_msg(intf, msg);
3647         if (rv > 0) {
3648                 /*
3649                  * Could not handle the message now, just add it to a
3650                  * list to handle later.
3651                  */
3652                 run_to_completion = intf->run_to_completion;
3653                 if (!run_to_completion)
3654                         spin_lock_irqsave(&intf->waiting_msgs_lock, flags);
3655                 list_add_tail(&msg->link, &intf->waiting_msgs);
3656                 if (!run_to_completion)
3657                         spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
3658         } else if (rv == 0) {
3659                 ipmi_free_smi_msg(msg);
3660         }
3661
3662  out:
3663         return;
3664 }
3665 EXPORT_SYMBOL(ipmi_smi_msg_received);
3666
3667 void ipmi_smi_watchdog_pretimeout(ipmi_smi_t intf)
3668 {
3669         ipmi_user_t user;
3670
3671         rcu_read_lock();
3672         list_for_each_entry_rcu(user, &intf->users, link) {
3673                 if (!user->handler->ipmi_watchdog_pretimeout)
3674                         continue;
3675
3676                 user->handler->ipmi_watchdog_pretimeout(user->handler_data);
3677         }
3678         rcu_read_unlock();
3679 }
3680 EXPORT_SYMBOL(ipmi_smi_watchdog_pretimeout);
3681
3682 static struct ipmi_smi_msg *
3683 smi_from_recv_msg(ipmi_smi_t intf, struct ipmi_recv_msg *recv_msg,
3684                   unsigned char seq, long seqid)
3685 {
3686         struct ipmi_smi_msg *smi_msg = ipmi_alloc_smi_msg();
3687         if (!smi_msg)
3688                 /*
3689                  * If we can't allocate the message, then just return, we
3690                  * get 4 retries, so this should be ok.
3691                  */
3692                 return NULL;
3693
3694         memcpy(smi_msg->data, recv_msg->msg.data, recv_msg->msg.data_len);
3695         smi_msg->data_size = recv_msg->msg.data_len;
3696         smi_msg->msgid = STORE_SEQ_IN_MSGID(seq, seqid);
3697
3698 #ifdef DEBUG_MSGING
3699         {
3700                 int m;
3701                 printk("Resend: ");
3702                 for (m = 0; m < smi_msg->data_size; m++)
3703                         printk(" %2.2x", smi_msg->data[m]);
3704                 printk("\n");
3705         }
3706 #endif
3707         return smi_msg;
3708 }
3709
3710 static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent,
3711                               struct list_head *timeouts, long timeout_period,
3712                               int slot, unsigned long *flags)
3713 {
3714         struct ipmi_recv_msg     *msg;
3715         struct ipmi_smi_handlers *handlers;
3716
3717         if (intf->intf_num == -1)
3718                 return;
3719
3720         if (!ent->inuse)
3721                 return;
3722
3723         ent->timeout -= timeout_period;
3724         if (ent->timeout > 0)
3725                 return;
3726
3727         if (ent->retries_left == 0) {
3728                 /* The message has used all its retries. */
3729                 ent->inuse = 0;
3730                 msg = ent->recv_msg;
3731                 list_add_tail(&msg->link, timeouts);
3732                 if (ent->broadcast)
3733                         ipmi_inc_stat(intf, timed_out_ipmb_broadcasts);
3734                 else if (ent->recv_msg->addr.addr_type == IPMI_LAN_ADDR_TYPE)
3735                         ipmi_inc_stat(intf, timed_out_lan_commands);
3736                 else
3737                         ipmi_inc_stat(intf, timed_out_ipmb_commands);
3738         } else {
3739                 struct ipmi_smi_msg *smi_msg;
3740                 /* More retries, send again. */
3741
3742                 /*
3743                  * Start with the max timer, set to normal timer after
3744                  * the message is sent.
3745                  */
3746                 ent->timeout = MAX_MSG_TIMEOUT;
3747                 ent->retries_left--;
3748                 if (ent->recv_msg->addr.addr_type == IPMI_LAN_ADDR_TYPE)
3749                         ipmi_inc_stat(intf, retransmitted_lan_commands);
3750                 else
3751                         ipmi_inc_stat(intf, retransmitted_ipmb_commands);
3752
3753                 smi_msg = smi_from_recv_msg(intf, ent->recv_msg, slot,
3754                                             ent->seqid);
3755                 if (!smi_msg)
3756                         return;
3757
3758                 spin_unlock_irqrestore(&intf->seq_lock, *flags);
3759
3760                 /*
3761                  * Send the new message.  We send with a zero
3762                  * priority.  It timed out, I doubt time is that
3763                  * critical now, and high priority messages are really
3764                  * only for messages to the local MC, which don't get
3765                  * resent.
3766                  */
3767                 handlers = intf->handlers;
3768                 if (handlers)
3769                         intf->handlers->sender(intf->send_info,
3770                                                smi_msg, 0);
3771                 else
3772                         ipmi_free_smi_msg(smi_msg);
3773
3774                 spin_lock_irqsave(&intf->seq_lock, *flags);
3775         }
3776 }
3777
3778 static void ipmi_timeout_handler(long timeout_period)
3779 {
3780         ipmi_smi_t           intf;
3781         struct list_head     timeouts;
3782         struct ipmi_recv_msg *msg, *msg2;
3783         struct ipmi_smi_msg  *smi_msg, *smi_msg2;
3784         unsigned long        flags;
3785         int                  i;
3786
3787         rcu_read_lock();
3788         list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
3789                 /* See if any waiting messages need to be processed. */
3790                 spin_lock_irqsave(&intf->waiting_msgs_lock, flags);
3791                 list_for_each_entry_safe(smi_msg, smi_msg2,
3792                                          &intf->waiting_msgs, link) {
3793                         if (!handle_new_recv_msg(intf, smi_msg)) {
3794                                 list_del(&smi_msg->link);
3795                                 ipmi_free_smi_msg(smi_msg);
3796                         } else {
3797                                 /*
3798                                  * To preserve message order, quit if we
3799                                  * can't handle a message.
3800                                  */
3801                                 break;
3802                         }
3803                 }
3804                 spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
3805
3806                 /*
3807                  * Go through the seq table and find any messages that
3808                  * have timed out, putting them in the timeouts
3809                  * list.
3810                  */
3811                 INIT_LIST_HEAD(&timeouts);
3812                 spin_lock_irqsave(&intf->seq_lock, flags);
3813                 for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++)
3814                         check_msg_timeout(intf, &(intf->seq_table[i]),
3815                                           &timeouts, timeout_period, i,
3816                                           &flags);
3817                 spin_unlock_irqrestore(&intf->seq_lock, flags);
3818
3819                 list_for_each_entry_safe(msg, msg2, &timeouts, link)
3820                         deliver_err_response(msg, IPMI_TIMEOUT_COMPLETION_CODE);
3821
3822                 /*
3823                  * Maintenance mode handling.  Check the timeout
3824                  * optimistically before we claim the lock.  It may
3825                  * mean a timeout gets missed occasionally, but that
3826                  * only means the timeout gets extended by one period
3827                  * in that case.  No big deal, and it avoids the lock
3828                  * most of the time.
3829                  */
3830                 if (intf->auto_maintenance_timeout > 0) {
3831                         spin_lock_irqsave(&intf->maintenance_mode_lock, flags);
3832                         if (intf->auto_maintenance_timeout > 0) {
3833                                 intf->auto_maintenance_timeout
3834                                         -= timeout_period;
3835                                 if (!intf->maintenance_mode
3836                                     && (intf->auto_maintenance_timeout <= 0)) {
3837                                         intf->maintenance_mode_enable = 0;
3838                                         maintenance_mode_update(intf);
3839                                 }
3840                         }
3841                         spin_unlock_irqrestore(&intf->maintenance_mode_lock,
3842                                                flags);
3843                 }
3844         }
3845         rcu_read_unlock();
3846 }
3847
3848 static void ipmi_request_event(void)
3849 {
3850         ipmi_smi_t               intf;
3851         struct ipmi_smi_handlers *handlers;
3852
3853         rcu_read_lock();
3854         /*
3855          * Called from the timer, no need to check if handlers is
3856          * valid.
3857          */
3858         list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
3859                 /* No event requests when in maintenance mode. */
3860                 if (intf->maintenance_mode_enable)
3861                         continue;
3862
3863                 handlers = intf->handlers;
3864                 if (handlers)
3865                         handlers->request_events(intf->send_info);
3866         }
3867         rcu_read_unlock();
3868 }
3869
3870 static struct timer_list ipmi_timer;
3871
3872 /* Call every ~100 ms. */
3873 #define IPMI_TIMEOUT_TIME       100
3874
3875 /* How many jiffies does it take to get to the timeout time. */
3876 #define IPMI_TIMEOUT_JIFFIES    ((IPMI_TIMEOUT_TIME * HZ) / 1000)
3877
3878 /*
3879  * Request events from the queue every second (this is the number of
3880  * IPMI_TIMEOUT_TIMES between event requests).  Hopefully, in the
3881  * future, IPMI will add a way to know immediately if an event is in
3882  * the queue and this silliness can go away.
3883  */
3884 #define IPMI_REQUEST_EV_TIME    (1000 / (IPMI_TIMEOUT_TIME))
3885
3886 static atomic_t stop_operation;
3887 static unsigned int ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
3888
3889 static void ipmi_timeout(unsigned long data)
3890 {
3891         if (atomic_read(&stop_operation))
3892                 return;
3893
3894         ticks_to_req_ev--;
3895         if (ticks_to_req_ev == 0) {
3896                 ipmi_request_event();
3897                 ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
3898         }
3899
3900         ipmi_timeout_handler(IPMI_TIMEOUT_TIME);
3901
3902         mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
3903 }
3904
3905
3906 static atomic_t smi_msg_inuse_count = ATOMIC_INIT(0);
3907 static atomic_t recv_msg_inuse_count = ATOMIC_INIT(0);
3908
3909 /* FIXME - convert these to slabs. */
3910 static void free_smi_msg(struct ipmi_smi_msg *msg)
3911 {
3912         atomic_dec(&smi_msg_inuse_count);
3913         kfree(msg);
3914 }
3915
3916 struct ipmi_smi_msg *ipmi_alloc_smi_msg(void)
3917 {
3918         struct ipmi_smi_msg *rv;
3919         rv = kmalloc(sizeof(struct ipmi_smi_msg), GFP_ATOMIC);
3920         if (rv) {
3921                 rv->done = free_smi_msg;
3922                 rv->user_data = NULL;
3923                 atomic_inc(&smi_msg_inuse_count);
3924         }
3925         return rv;
3926 }
3927 EXPORT_SYMBOL(ipmi_alloc_smi_msg);
3928
3929 static void free_recv_msg(struct ipmi_recv_msg *msg)
3930 {
3931         atomic_dec(&recv_msg_inuse_count);
3932         kfree(msg);
3933 }
3934
3935 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void)
3936 {
3937         struct ipmi_recv_msg *rv;
3938
3939         rv = kmalloc(sizeof(struct ipmi_recv_msg), GFP_ATOMIC);
3940         if (rv) {
3941                 rv->user = NULL;
3942                 rv->done = free_recv_msg;
3943                 atomic_inc(&recv_msg_inuse_count);
3944         }
3945         return rv;
3946 }
3947
3948 void ipmi_free_recv_msg(struct ipmi_recv_msg *msg)
3949 {
3950         if (msg->user)
3951                 kref_put(&msg->user->refcount, free_user);
3952         msg->done(msg);
3953 }
3954 EXPORT_SYMBOL(ipmi_free_recv_msg);
3955
3956 #ifdef CONFIG_IPMI_PANIC_EVENT
3957
3958 static void dummy_smi_done_handler(struct ipmi_smi_msg *msg)
3959 {
3960 }
3961
3962 static void dummy_recv_done_handler(struct ipmi_recv_msg *msg)
3963 {
3964 }
3965
3966 #ifdef CONFIG_IPMI_PANIC_STRING
3967 static void event_receiver_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
3968 {
3969         if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
3970             && (msg->msg.netfn == IPMI_NETFN_SENSOR_EVENT_RESPONSE)
3971             && (msg->msg.cmd == IPMI_GET_EVENT_RECEIVER_CMD)
3972             && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) {
3973                 /* A get event receiver command, save it. */
3974                 intf->event_receiver = msg->msg.data[1];
3975                 intf->event_receiver_lun = msg->msg.data[2] & 0x3;
3976         }
3977 }
3978
3979 static void device_id_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
3980 {
3981         if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
3982             && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
3983             && (msg->msg.cmd == IPMI_GET_DEVICE_ID_CMD)
3984             && (msg->msg.data[0] == IPMI_CC_NO_ERROR)) {
3985                 /*
3986                  * A get device id command, save if we are an event
3987                  * receiver or generator.
3988                  */
3989                 intf->local_sel_device = (msg->msg.data[6] >> 2) & 1;
3990                 intf->local_event_generator = (msg->msg.data[6] >> 5) & 1;
3991         }
3992 }
3993 #endif
3994
3995 static void send_panic_events(char *str)
3996 {
3997         struct kernel_ipmi_msg            msg;
3998         ipmi_smi_t                        intf;
3999         unsigned char                     data[16];
4000         struct ipmi_system_interface_addr *si;
4001         struct ipmi_addr                  addr;
4002         struct ipmi_smi_msg               smi_msg;
4003         struct ipmi_recv_msg              recv_msg;
4004
4005         si = (struct ipmi_system_interface_addr *) &addr;
4006         si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
4007         si->channel = IPMI_BMC_CHANNEL;
4008         si->lun = 0;
4009
4010         /* Fill in an event telling that we have failed. */
4011         msg.netfn = 0x04; /* Sensor or Event. */
4012         msg.cmd = 2; /* Platform event command. */
4013         msg.data = data;
4014         msg.data_len = 8;
4015         data[0] = 0x41; /* Kernel generator ID, IPMI table 5-4 */
4016         data[1] = 0x03; /* This is for IPMI 1.0. */
4017         data[2] = 0x20; /* OS Critical Stop, IPMI table 36-3 */
4018         data[4] = 0x6f; /* Sensor specific, IPMI table 36-1 */
4019         data[5] = 0xa1; /* Runtime stop OEM bytes 2 & 3. */
4020
4021         /*
4022          * Put a few breadcrumbs in.  Hopefully later we can add more things
4023          * to make the panic events more useful.
4024          */
4025         if (str) {
4026                 data[3] = str[0];
4027                 data[6] = str[1];
4028                 data[7] = str[2];
4029         }
4030
4031         smi_msg.done = dummy_smi_done_handler;
4032         recv_msg.done = dummy_recv_done_handler;
4033
4034         /* For every registered interface, send the event. */
4035         list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
4036                 if (!intf->handlers)
4037                         /* Interface is not ready. */
4038                         continue;
4039
4040                 intf->run_to_completion = 1;
4041                 /* Send the event announcing the panic. */
4042                 intf->handlers->set_run_to_completion(intf->send_info, 1);
4043                 i_ipmi_request(NULL,
4044                                intf,
4045                                &addr,
4046                                0,
4047                                &msg,
4048                                intf,
4049                                &smi_msg,
4050                                &recv_msg,
4051                                0,
4052                                intf->channels[0].address,
4053                                intf->channels[0].lun,
4054                                0, 1); /* Don't retry, and don't wait. */
4055         }
4056
4057 #ifdef CONFIG_IPMI_PANIC_STRING
4058         /*
4059          * On every interface, dump a bunch of OEM event holding the
4060          * string.
4061          */
4062         if (!str)
4063                 return;
4064
4065         /* For every registered interface, send the event. */
4066         list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
4067                 char                  *p = str;
4068                 struct ipmi_ipmb_addr *ipmb;
4069                 int                   j;
4070
4071                 if (intf->intf_num == -1)
4072                         /* Interface was not ready yet. */
4073                         continue;
4074
4075                 /*
4076                  * intf_num is used as an marker to tell if the
4077                  * interface is valid.  Thus we need a read barrier to
4078                  * make sure data fetched before checking intf_num
4079                  * won't be used.
4080                  */
4081                 smp_rmb();
4082
4083                 /*
4084                  * First job here is to figure out where to send the
4085                  * OEM events.  There's no way in IPMI to send OEM
4086                  * events using an event send command, so we have to
4087                  * find the SEL to put them in and stick them in
4088                  * there.
4089                  */
4090
4091                 /* Get capabilities from the get device id. */
4092                 intf->local_sel_device = 0;
4093                 intf->local_event_generator = 0;
4094                 intf->event_receiver = 0;
4095
4096                 /* Request the device info from the local MC. */
4097                 msg.netfn = IPMI_NETFN_APP_REQUEST;
4098                 msg.cmd = IPMI_GET_DEVICE_ID_CMD;
4099                 msg.data = NULL;
4100                 msg.data_len = 0;
4101                 intf->null_user_handler = device_id_fetcher;
4102                 i_ipmi_request(NULL,
4103                                intf,
4104                                &addr,
4105                                0,
4106                                &msg,
4107                                intf,
4108                                &smi_msg,
4109                                &recv_msg,
4110                                0,
4111                                intf->channels[0].address,
4112                                intf->channels[0].lun,
4113                                0, 1); /* Don't retry, and don't wait. */
4114
4115                 if (intf->local_event_generator) {
4116                         /* Request the event receiver from the local MC. */
4117                         msg.netfn = IPMI_NETFN_SENSOR_EVENT_REQUEST;
4118                         msg.cmd = IPMI_GET_EVENT_RECEIVER_CMD;
4119                         msg.data = NULL;
4120                         msg.data_len = 0;
4121                         intf->null_user_handler = event_receiver_fetcher;
4122                         i_ipmi_request(NULL,
4123                                        intf,
4124                                        &addr,
4125                                        0,
4126                                        &msg,
4127                                        intf,
4128                                        &smi_msg,
4129                                        &recv_msg,
4130                                        0,
4131                                        intf->channels[0].address,
4132                                        intf->channels[0].lun,
4133                                        0, 1); /* no retry, and no wait. */
4134                 }
4135                 intf->null_user_handler = NULL;
4136
4137                 /*
4138                  * Validate the event receiver.  The low bit must not
4139                  * be 1 (it must be a valid IPMB address), it cannot
4140                  * be zero, and it must not be my address.
4141                  */
4142                 if (((intf->event_receiver & 1) == 0)
4143                     && (intf->event_receiver != 0)
4144                     && (intf->event_receiver != intf->channels[0].address)) {
4145                         /*
4146                          * The event receiver is valid, send an IPMB
4147                          * message.
4148                          */
4149                         ipmb = (struct ipmi_ipmb_addr *) &addr;
4150                         ipmb->addr_type = IPMI_IPMB_ADDR_TYPE;
4151                         ipmb->channel = 0; /* FIXME - is this right? */
4152                         ipmb->lun = intf->event_receiver_lun;
4153                         ipmb->slave_addr = intf->event_receiver;
4154                 } else if (intf->local_sel_device) {
4155                         /*
4156                          * The event receiver was not valid (or was
4157                          * me), but I am an SEL device, just dump it
4158                          * in my SEL.
4159                          */
4160                         si = (struct ipmi_system_interface_addr *) &addr;
4161                         si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
4162                         si->channel = IPMI_BMC_CHANNEL;
4163                         si->lun = 0;
4164                 } else
4165                         continue; /* No where to send the event. */
4166
4167                 msg.netfn = IPMI_NETFN_STORAGE_REQUEST; /* Storage. */
4168                 msg.cmd = IPMI_ADD_SEL_ENTRY_CMD;
4169                 msg.data = data;
4170                 msg.data_len = 16;
4171
4172                 j = 0;
4173                 while (*p) {
4174                         int size = strlen(p);
4175
4176                         if (size > 11)
4177                                 size = 11;
4178                         data[0] = 0;
4179                         data[1] = 0;
4180                         data[2] = 0xf0; /* OEM event without timestamp. */
4181                         data[3] = intf->channels[0].address;
4182                         data[4] = j++; /* sequence # */
4183                         /*
4184                          * Always give 11 bytes, so strncpy will fill
4185                          * it with zeroes for me.
4186                          */
4187                         strncpy(data+5, p, 11);
4188                         p += size;
4189
4190                         i_ipmi_request(NULL,
4191                                        intf,
4192                                        &addr,
4193                                        0,
4194                                        &msg,
4195                                        intf,
4196                                        &smi_msg,
4197                                        &recv_msg,
4198                                        0,
4199                                        intf->channels[0].address,
4200                                        intf->channels[0].lun,
4201                                        0, 1); /* no retry, and no wait. */
4202                 }
4203         }
4204 #endif /* CONFIG_IPMI_PANIC_STRING */
4205 }
4206 #endif /* CONFIG_IPMI_PANIC_EVENT */
4207
4208 static int has_panicked;
4209
4210 static int panic_event(struct notifier_block *this,
4211                        unsigned long         event,
4212                        void                  *ptr)
4213 {
4214         ipmi_smi_t intf;
4215
4216         if (has_panicked)
4217                 return NOTIFY_DONE;
4218         has_panicked = 1;
4219
4220         /* For every registered interface, set it to run to completion. */
4221         list_for_each_entry_rcu(intf, &ipmi_interfaces, link) {
4222                 if (!intf->handlers)
4223                         /* Interface is not ready. */
4224                         continue;
4225
4226                 intf->run_to_completion = 1;
4227                 intf->handlers->set_run_to_completion(intf->send_info, 1);
4228         }
4229
4230 #ifdef CONFIG_IPMI_PANIC_EVENT
4231         send_panic_events(ptr);
4232 #endif
4233
4234         return NOTIFY_DONE;
4235 }
4236
4237 static struct notifier_block panic_block = {
4238         .notifier_call  = panic_event,
4239         .next           = NULL,
4240         .priority       = 200   /* priority: INT_MAX >= x >= 0 */
4241 };
4242
4243 static int ipmi_init_msghandler(void)
4244 {
4245         int rv;
4246
4247         if (initialized)
4248                 return 0;
4249
4250         rv = driver_register(&ipmidriver);
4251         if (rv) {
4252                 printk(KERN_ERR PFX "Could not register IPMI driver\n");
4253                 return rv;
4254         }
4255
4256         printk(KERN_INFO "ipmi message handler version "
4257                IPMI_DRIVER_VERSION "\n");
4258
4259 #ifdef CONFIG_PROC_FS
4260         proc_ipmi_root = proc_mkdir("ipmi", NULL);
4261         if (!proc_ipmi_root) {
4262             printk(KERN_ERR PFX "Unable to create IPMI proc dir");
4263             return -ENOMEM;
4264         }
4265
4266         proc_ipmi_root->owner = THIS_MODULE;
4267 #endif /* CONFIG_PROC_FS */
4268
4269         setup_timer(&ipmi_timer, ipmi_timeout, 0);
4270         mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
4271
4272         atomic_notifier_chain_register(&panic_notifier_list, &panic_block);
4273
4274         initialized = 1;
4275
4276         return 0;
4277 }
4278
4279 static __init int ipmi_init_msghandler_mod(void)
4280 {
4281         ipmi_init_msghandler();
4282         return 0;
4283 }
4284
4285 static __exit void cleanup_ipmi(void)
4286 {
4287         int count;
4288
4289         if (!initialized)
4290                 return;
4291
4292         atomic_notifier_chain_unregister(&panic_notifier_list, &panic_block);
4293
4294         /*
4295          * This can't be called if any interfaces exist, so no worry
4296          * about shutting down the interfaces.
4297          */
4298
4299         /*
4300          * Tell the timer to stop, then wait for it to stop.  This
4301          * avoids problems with race conditions removing the timer
4302          * here.
4303          */
4304         atomic_inc(&stop_operation);
4305         del_timer_sync(&ipmi_timer);
4306
4307 #ifdef CONFIG_PROC_FS
4308         remove_proc_entry(proc_ipmi_root->name, NULL);
4309 #endif /* CONFIG_PROC_FS */
4310
4311         driver_unregister(&ipmidriver);
4312
4313         initialized = 0;
4314
4315         /* Check for buffer leaks. */
4316         count = atomic_read(&smi_msg_inuse_count);
4317         if (count != 0)
4318                 printk(KERN_WARNING PFX "SMI message count %d at exit\n",
4319                        count);
4320         count = atomic_read(&recv_msg_inuse_count);
4321         if (count != 0)
4322                 printk(KERN_WARNING PFX "recv message count %d at exit\n",
4323                        count);
4324 }
4325 module_exit(cleanup_ipmi);
4326
4327 module_init(ipmi_init_msghandler_mod);
4328 MODULE_LICENSE("GPL");
4329 MODULE_AUTHOR("Corey Minyard <minyard@mvista.com>");
4330 MODULE_DESCRIPTION("Incoming and outgoing message routing for an IPMI"
4331                    " interface.");
4332 MODULE_VERSION(IPMI_DRIVER_VERSION);