[XFS] Fix double free of log tickets
[linux-2.6] / drivers / firmware / dcdbas.c
1 /*
2  *  dcdbas.c: Dell Systems Management Base Driver
3  *
4  *  The Dell Systems Management Base Driver provides a sysfs interface for
5  *  systems management software to perform System Management Interrupts (SMIs)
6  *  and Host Control Actions (power cycle or power off after OS shutdown) on
7  *  Dell systems.
8  *
9  *  See Documentation/dcdbas.txt for more information.
10  *
11  *  Copyright (C) 1995-2006 Dell Inc.
12  *
13  *  This program is free software; you can redistribute it and/or modify
14  *  it under the terms of the GNU General Public License v2.0 as published by
15  *  the Free Software Foundation.
16  *
17  *  This program is distributed in the hope that it will be useful,
18  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
19  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20  *  GNU General Public License for more details.
21  */
22
23 #include <linux/platform_device.h>
24 #include <linux/dma-mapping.h>
25 #include <linux/errno.h>
26 #include <linux/init.h>
27 #include <linux/kernel.h>
28 #include <linux/mc146818rtc.h>
29 #include <linux/module.h>
30 #include <linux/reboot.h>
31 #include <linux/sched.h>
32 #include <linux/smp.h>
33 #include <linux/spinlock.h>
34 #include <linux/string.h>
35 #include <linux/types.h>
36 #include <linux/mutex.h>
37 #include <asm/io.h>
38
39 #include "dcdbas.h"
40
41 #define DRIVER_NAME             "dcdbas"
42 #define DRIVER_VERSION          "5.6.0-3.2"
43 #define DRIVER_DESCRIPTION      "Dell Systems Management Base Driver"
44
45 static struct platform_device *dcdbas_pdev;
46
47 static u8 *smi_data_buf;
48 static dma_addr_t smi_data_buf_handle;
49 static unsigned long smi_data_buf_size;
50 static u32 smi_data_buf_phys_addr;
51 static DEFINE_MUTEX(smi_data_lock);
52
53 static unsigned int host_control_action;
54 static unsigned int host_control_smi_type;
55 static unsigned int host_control_on_shutdown;
56
57 /**
58  * smi_data_buf_free: free SMI data buffer
59  */
60 static void smi_data_buf_free(void)
61 {
62         if (!smi_data_buf)
63                 return;
64
65         dev_dbg(&dcdbas_pdev->dev, "%s: phys: %x size: %lu\n",
66                 __func__, smi_data_buf_phys_addr, smi_data_buf_size);
67
68         dma_free_coherent(&dcdbas_pdev->dev, smi_data_buf_size, smi_data_buf,
69                           smi_data_buf_handle);
70         smi_data_buf = NULL;
71         smi_data_buf_handle = 0;
72         smi_data_buf_phys_addr = 0;
73         smi_data_buf_size = 0;
74 }
75
76 /**
77  * smi_data_buf_realloc: grow SMI data buffer if needed
78  */
79 static int smi_data_buf_realloc(unsigned long size)
80 {
81         void *buf;
82         dma_addr_t handle;
83
84         if (smi_data_buf_size >= size)
85                 return 0;
86
87         if (size > MAX_SMI_DATA_BUF_SIZE)
88                 return -EINVAL;
89
90         /* new buffer is needed */
91         buf = dma_alloc_coherent(&dcdbas_pdev->dev, size, &handle, GFP_KERNEL);
92         if (!buf) {
93                 dev_dbg(&dcdbas_pdev->dev,
94                         "%s: failed to allocate memory size %lu\n",
95                         __func__, size);
96                 return -ENOMEM;
97         }
98         /* memory zeroed by dma_alloc_coherent */
99
100         if (smi_data_buf)
101                 memcpy(buf, smi_data_buf, smi_data_buf_size);
102
103         /* free any existing buffer */
104         smi_data_buf_free();
105
106         /* set up new buffer for use */
107         smi_data_buf = buf;
108         smi_data_buf_handle = handle;
109         smi_data_buf_phys_addr = (u32) virt_to_phys(buf);
110         smi_data_buf_size = size;
111
112         dev_dbg(&dcdbas_pdev->dev, "%s: phys: %x size: %lu\n",
113                 __func__, smi_data_buf_phys_addr, smi_data_buf_size);
114
115         return 0;
116 }
117
118 static ssize_t smi_data_buf_phys_addr_show(struct device *dev,
119                                            struct device_attribute *attr,
120                                            char *buf)
121 {
122         return sprintf(buf, "%x\n", smi_data_buf_phys_addr);
123 }
124
125 static ssize_t smi_data_buf_size_show(struct device *dev,
126                                       struct device_attribute *attr,
127                                       char *buf)
128 {
129         return sprintf(buf, "%lu\n", smi_data_buf_size);
130 }
131
132 static ssize_t smi_data_buf_size_store(struct device *dev,
133                                        struct device_attribute *attr,
134                                        const char *buf, size_t count)
135 {
136         unsigned long buf_size;
137         ssize_t ret;
138
139         buf_size = simple_strtoul(buf, NULL, 10);
140
141         /* make sure SMI data buffer is at least buf_size */
142         mutex_lock(&smi_data_lock);
143         ret = smi_data_buf_realloc(buf_size);
144         mutex_unlock(&smi_data_lock);
145         if (ret)
146                 return ret;
147
148         return count;
149 }
150
151 static ssize_t smi_data_read(struct kobject *kobj,
152                              struct bin_attribute *bin_attr,
153                              char *buf, loff_t pos, size_t count)
154 {
155         ssize_t ret;
156
157         mutex_lock(&smi_data_lock);
158         ret = memory_read_from_buffer(buf, count, &pos, smi_data_buf,
159                                         smi_data_buf_size);
160         mutex_unlock(&smi_data_lock);
161         return ret;
162 }
163
164 static ssize_t smi_data_write(struct kobject *kobj,
165                               struct bin_attribute *bin_attr,
166                               char *buf, loff_t pos, size_t count)
167 {
168         ssize_t ret;
169
170         if ((pos + count) > MAX_SMI_DATA_BUF_SIZE)
171                 return -EINVAL;
172
173         mutex_lock(&smi_data_lock);
174
175         ret = smi_data_buf_realloc(pos + count);
176         if (ret)
177                 goto out;
178
179         memcpy(smi_data_buf + pos, buf, count);
180         ret = count;
181 out:
182         mutex_unlock(&smi_data_lock);
183         return ret;
184 }
185
186 static ssize_t host_control_action_show(struct device *dev,
187                                         struct device_attribute *attr,
188                                         char *buf)
189 {
190         return sprintf(buf, "%u\n", host_control_action);
191 }
192
193 static ssize_t host_control_action_store(struct device *dev,
194                                          struct device_attribute *attr,
195                                          const char *buf, size_t count)
196 {
197         ssize_t ret;
198
199         /* make sure buffer is available for host control command */
200         mutex_lock(&smi_data_lock);
201         ret = smi_data_buf_realloc(sizeof(struct apm_cmd));
202         mutex_unlock(&smi_data_lock);
203         if (ret)
204                 return ret;
205
206         host_control_action = simple_strtoul(buf, NULL, 10);
207         return count;
208 }
209
210 static ssize_t host_control_smi_type_show(struct device *dev,
211                                           struct device_attribute *attr,
212                                           char *buf)
213 {
214         return sprintf(buf, "%u\n", host_control_smi_type);
215 }
216
217 static ssize_t host_control_smi_type_store(struct device *dev,
218                                            struct device_attribute *attr,
219                                            const char *buf, size_t count)
220 {
221         host_control_smi_type = simple_strtoul(buf, NULL, 10);
222         return count;
223 }
224
225 static ssize_t host_control_on_shutdown_show(struct device *dev,
226                                              struct device_attribute *attr,
227                                              char *buf)
228 {
229         return sprintf(buf, "%u\n", host_control_on_shutdown);
230 }
231
232 static ssize_t host_control_on_shutdown_store(struct device *dev,
233                                               struct device_attribute *attr,
234                                               const char *buf, size_t count)
235 {
236         host_control_on_shutdown = simple_strtoul(buf, NULL, 10);
237         return count;
238 }
239
240 /**
241  * smi_request: generate SMI request
242  *
243  * Called with smi_data_lock.
244  */
245 static int smi_request(struct smi_cmd *smi_cmd)
246 {
247         cpumask_t old_mask;
248         int ret = 0;
249
250         if (smi_cmd->magic != SMI_CMD_MAGIC) {
251                 dev_info(&dcdbas_pdev->dev, "%s: invalid magic value\n",
252                          __func__);
253                 return -EBADR;
254         }
255
256         /* SMI requires CPU 0 */
257         old_mask = current->cpus_allowed;
258         set_cpus_allowed_ptr(current, &cpumask_of_cpu(0));
259         if (smp_processor_id() != 0) {
260                 dev_dbg(&dcdbas_pdev->dev, "%s: failed to get CPU 0\n",
261                         __func__);
262                 ret = -EBUSY;
263                 goto out;
264         }
265
266         /* generate SMI */
267         asm volatile (
268                 "outb %b0,%w1"
269                 : /* no output args */
270                 : "a" (smi_cmd->command_code),
271                   "d" (smi_cmd->command_address),
272                   "b" (smi_cmd->ebx),
273                   "c" (smi_cmd->ecx)
274                 : "memory"
275         );
276
277 out:
278         set_cpus_allowed_ptr(current, &old_mask);
279         return ret;
280 }
281
282 /**
283  * smi_request_store:
284  *
285  * The valid values are:
286  * 0: zero SMI data buffer
287  * 1: generate calling interface SMI
288  * 2: generate raw SMI
289  *
290  * User application writes smi_cmd to smi_data before telling driver
291  * to generate SMI.
292  */
293 static ssize_t smi_request_store(struct device *dev,
294                                  struct device_attribute *attr,
295                                  const char *buf, size_t count)
296 {
297         struct smi_cmd *smi_cmd;
298         unsigned long val = simple_strtoul(buf, NULL, 10);
299         ssize_t ret;
300
301         mutex_lock(&smi_data_lock);
302
303         if (smi_data_buf_size < sizeof(struct smi_cmd)) {
304                 ret = -ENODEV;
305                 goto out;
306         }
307         smi_cmd = (struct smi_cmd *)smi_data_buf;
308
309         switch (val) {
310         case 2:
311                 /* Raw SMI */
312                 ret = smi_request(smi_cmd);
313                 if (!ret)
314                         ret = count;
315                 break;
316         case 1:
317                 /* Calling Interface SMI */
318                 smi_cmd->ebx = (u32) virt_to_phys(smi_cmd->command_buffer);
319                 ret = smi_request(smi_cmd);
320                 if (!ret)
321                         ret = count;
322                 break;
323         case 0:
324                 memset(smi_data_buf, 0, smi_data_buf_size);
325                 ret = count;
326                 break;
327         default:
328                 ret = -EINVAL;
329                 break;
330         }
331
332 out:
333         mutex_unlock(&smi_data_lock);
334         return ret;
335 }
336
337 /**
338  * host_control_smi: generate host control SMI
339  *
340  * Caller must set up the host control command in smi_data_buf.
341  */
342 static int host_control_smi(void)
343 {
344         struct apm_cmd *apm_cmd;
345         u8 *data;
346         unsigned long flags;
347         u32 num_ticks;
348         s8 cmd_status;
349         u8 index;
350
351         apm_cmd = (struct apm_cmd *)smi_data_buf;
352         apm_cmd->status = ESM_STATUS_CMD_UNSUCCESSFUL;
353
354         switch (host_control_smi_type) {
355         case HC_SMITYPE_TYPE1:
356                 spin_lock_irqsave(&rtc_lock, flags);
357                 /* write SMI data buffer physical address */
358                 data = (u8 *)&smi_data_buf_phys_addr;
359                 for (index = PE1300_CMOS_CMD_STRUCT_PTR;
360                      index < (PE1300_CMOS_CMD_STRUCT_PTR + 4);
361                      index++, data++) {
362                         outb(index,
363                              (CMOS_BASE_PORT + CMOS_PAGE2_INDEX_PORT_PIIX4));
364                         outb(*data,
365                              (CMOS_BASE_PORT + CMOS_PAGE2_DATA_PORT_PIIX4));
366                 }
367
368                 /* first set status to -1 as called by spec */
369                 cmd_status = ESM_STATUS_CMD_UNSUCCESSFUL;
370                 outb((u8) cmd_status, PCAT_APM_STATUS_PORT);
371
372                 /* generate SMM call */
373                 outb(ESM_APM_CMD, PCAT_APM_CONTROL_PORT);
374                 spin_unlock_irqrestore(&rtc_lock, flags);
375
376                 /* wait a few to see if it executed */
377                 num_ticks = TIMEOUT_USEC_SHORT_SEMA_BLOCKING;
378                 while ((cmd_status = inb(PCAT_APM_STATUS_PORT))
379                        == ESM_STATUS_CMD_UNSUCCESSFUL) {
380                         num_ticks--;
381                         if (num_ticks == EXPIRED_TIMER)
382                                 return -ETIME;
383                 }
384                 break;
385
386         case HC_SMITYPE_TYPE2:
387         case HC_SMITYPE_TYPE3:
388                 spin_lock_irqsave(&rtc_lock, flags);
389                 /* write SMI data buffer physical address */
390                 data = (u8 *)&smi_data_buf_phys_addr;
391                 for (index = PE1400_CMOS_CMD_STRUCT_PTR;
392                      index < (PE1400_CMOS_CMD_STRUCT_PTR + 4);
393                      index++, data++) {
394                         outb(index, (CMOS_BASE_PORT + CMOS_PAGE1_INDEX_PORT));
395                         outb(*data, (CMOS_BASE_PORT + CMOS_PAGE1_DATA_PORT));
396                 }
397
398                 /* generate SMM call */
399                 if (host_control_smi_type == HC_SMITYPE_TYPE3)
400                         outb(ESM_APM_CMD, PCAT_APM_CONTROL_PORT);
401                 else
402                         outb(ESM_APM_CMD, PE1400_APM_CONTROL_PORT);
403
404                 /* restore RTC index pointer since it was written to above */
405                 CMOS_READ(RTC_REG_C);
406                 spin_unlock_irqrestore(&rtc_lock, flags);
407
408                 /* read control port back to serialize write */
409                 cmd_status = inb(PE1400_APM_CONTROL_PORT);
410
411                 /* wait a few to see if it executed */
412                 num_ticks = TIMEOUT_USEC_SHORT_SEMA_BLOCKING;
413                 while (apm_cmd->status == ESM_STATUS_CMD_UNSUCCESSFUL) {
414                         num_ticks--;
415                         if (num_ticks == EXPIRED_TIMER)
416                                 return -ETIME;
417                 }
418                 break;
419
420         default:
421                 dev_dbg(&dcdbas_pdev->dev, "%s: invalid SMI type %u\n",
422                         __func__, host_control_smi_type);
423                 return -ENOSYS;
424         }
425
426         return 0;
427 }
428
429 /**
430  * dcdbas_host_control: initiate host control
431  *
432  * This function is called by the driver after the system has
433  * finished shutting down if the user application specified a
434  * host control action to perform on shutdown.  It is safe to
435  * use smi_data_buf at this point because the system has finished
436  * shutting down and no userspace apps are running.
437  */
438 static void dcdbas_host_control(void)
439 {
440         struct apm_cmd *apm_cmd;
441         u8 action;
442
443         if (host_control_action == HC_ACTION_NONE)
444                 return;
445
446         action = host_control_action;
447         host_control_action = HC_ACTION_NONE;
448
449         if (!smi_data_buf) {
450                 dev_dbg(&dcdbas_pdev->dev, "%s: no SMI buffer\n", __func__);
451                 return;
452         }
453
454         if (smi_data_buf_size < sizeof(struct apm_cmd)) {
455                 dev_dbg(&dcdbas_pdev->dev, "%s: SMI buffer too small\n",
456                         __func__);
457                 return;
458         }
459
460         apm_cmd = (struct apm_cmd *)smi_data_buf;
461
462         /* power off takes precedence */
463         if (action & HC_ACTION_HOST_CONTROL_POWEROFF) {
464                 apm_cmd->command = ESM_APM_POWER_CYCLE;
465                 apm_cmd->reserved = 0;
466                 *((s16 *)&apm_cmd->parameters.shortreq.parm[0]) = (s16) 0;
467                 host_control_smi();
468         } else if (action & HC_ACTION_HOST_CONTROL_POWERCYCLE) {
469                 apm_cmd->command = ESM_APM_POWER_CYCLE;
470                 apm_cmd->reserved = 0;
471                 *((s16 *)&apm_cmd->parameters.shortreq.parm[0]) = (s16) 20;
472                 host_control_smi();
473         }
474 }
475
476 /**
477  * dcdbas_reboot_notify: handle reboot notification for host control
478  */
479 static int dcdbas_reboot_notify(struct notifier_block *nb, unsigned long code,
480                                 void *unused)
481 {
482         switch (code) {
483         case SYS_DOWN:
484         case SYS_HALT:
485         case SYS_POWER_OFF:
486                 if (host_control_on_shutdown) {
487                         /* firmware is going to perform host control action */
488                         printk(KERN_WARNING "Please wait for shutdown "
489                                "action to complete...\n");
490                         dcdbas_host_control();
491                 }
492                 break;
493         }
494
495         return NOTIFY_DONE;
496 }
497
498 static struct notifier_block dcdbas_reboot_nb = {
499         .notifier_call = dcdbas_reboot_notify,
500         .next = NULL,
501         .priority = INT_MIN
502 };
503
504 static DCDBAS_BIN_ATTR_RW(smi_data);
505
506 static struct bin_attribute *dcdbas_bin_attrs[] = {
507         &bin_attr_smi_data,
508         NULL
509 };
510
511 static DCDBAS_DEV_ATTR_RW(smi_data_buf_size);
512 static DCDBAS_DEV_ATTR_RO(smi_data_buf_phys_addr);
513 static DCDBAS_DEV_ATTR_WO(smi_request);
514 static DCDBAS_DEV_ATTR_RW(host_control_action);
515 static DCDBAS_DEV_ATTR_RW(host_control_smi_type);
516 static DCDBAS_DEV_ATTR_RW(host_control_on_shutdown);
517
518 static struct attribute *dcdbas_dev_attrs[] = {
519         &dev_attr_smi_data_buf_size.attr,
520         &dev_attr_smi_data_buf_phys_addr.attr,
521         &dev_attr_smi_request.attr,
522         &dev_attr_host_control_action.attr,
523         &dev_attr_host_control_smi_type.attr,
524         &dev_attr_host_control_on_shutdown.attr,
525         NULL
526 };
527
528 static struct attribute_group dcdbas_attr_group = {
529         .attrs = dcdbas_dev_attrs,
530 };
531
532 static int __devinit dcdbas_probe(struct platform_device *dev)
533 {
534         int i, error;
535
536         host_control_action = HC_ACTION_NONE;
537         host_control_smi_type = HC_SMITYPE_NONE;
538
539         /*
540          * BIOS SMI calls require buffer addresses be in 32-bit address space.
541          * This is done by setting the DMA mask below.
542          */
543         dcdbas_pdev->dev.coherent_dma_mask = DMA_32BIT_MASK;
544         dcdbas_pdev->dev.dma_mask = &dcdbas_pdev->dev.coherent_dma_mask;
545
546         error = sysfs_create_group(&dev->dev.kobj, &dcdbas_attr_group);
547         if (error)
548                 return error;
549
550         for (i = 0; dcdbas_bin_attrs[i]; i++) {
551                 error = sysfs_create_bin_file(&dev->dev.kobj,
552                                               dcdbas_bin_attrs[i]);
553                 if (error) {
554                         while (--i >= 0)
555                                 sysfs_remove_bin_file(&dev->dev.kobj,
556                                                       dcdbas_bin_attrs[i]);
557                         sysfs_remove_group(&dev->dev.kobj, &dcdbas_attr_group);
558                         return error;
559                 }
560         }
561
562         register_reboot_notifier(&dcdbas_reboot_nb);
563
564         dev_info(&dev->dev, "%s (version %s)\n",
565                  DRIVER_DESCRIPTION, DRIVER_VERSION);
566
567         return 0;
568 }
569
570 static int __devexit dcdbas_remove(struct platform_device *dev)
571 {
572         int i;
573
574         unregister_reboot_notifier(&dcdbas_reboot_nb);
575         for (i = 0; dcdbas_bin_attrs[i]; i++)
576                 sysfs_remove_bin_file(&dev->dev.kobj, dcdbas_bin_attrs[i]);
577         sysfs_remove_group(&dev->dev.kobj, &dcdbas_attr_group);
578
579         return 0;
580 }
581
582 static struct platform_driver dcdbas_driver = {
583         .driver         = {
584                 .name   = DRIVER_NAME,
585                 .owner  = THIS_MODULE,
586         },
587         .probe          = dcdbas_probe,
588         .remove         = __devexit_p(dcdbas_remove),
589 };
590
591 /**
592  * dcdbas_init: initialize driver
593  */
594 static int __init dcdbas_init(void)
595 {
596         int error;
597
598         error = platform_driver_register(&dcdbas_driver);
599         if (error)
600                 return error;
601
602         dcdbas_pdev = platform_device_alloc(DRIVER_NAME, -1);
603         if (!dcdbas_pdev) {
604                 error = -ENOMEM;
605                 goto err_unregister_driver;
606         }
607
608         error = platform_device_add(dcdbas_pdev);
609         if (error)
610                 goto err_free_device;
611
612         return 0;
613
614  err_free_device:
615         platform_device_put(dcdbas_pdev);
616  err_unregister_driver:
617         platform_driver_unregister(&dcdbas_driver);
618         return error;
619 }
620
621 /**
622  * dcdbas_exit: perform driver cleanup
623  */
624 static void __exit dcdbas_exit(void)
625 {
626         /*
627          * make sure functions that use dcdbas_pdev are called
628          * before platform_device_unregister
629          */
630         unregister_reboot_notifier(&dcdbas_reboot_nb);
631         smi_data_buf_free();
632         platform_device_unregister(dcdbas_pdev);
633         platform_driver_unregister(&dcdbas_driver);
634
635         /*
636          * We have to free the buffer here instead of dcdbas_remove
637          * because only in module exit function we can be sure that
638          * all sysfs attributes belonging to this module have been
639          * released.
640          */
641         smi_data_buf_free();
642 }
643
644 module_init(dcdbas_init);
645 module_exit(dcdbas_exit);
646
647 MODULE_DESCRIPTION(DRIVER_DESCRIPTION " (version " DRIVER_VERSION ")");
648 MODULE_VERSION(DRIVER_VERSION);
649 MODULE_AUTHOR("Dell Inc.");
650 MODULE_LICENSE("GPL");
651 /* Any System or BIOS claiming to be by Dell */
652 MODULE_ALIAS("dmi:*:[bs]vnD[Ee][Ll][Ll]*:*");