Loading...
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * ipmi_bt_sm.c
4 *
5 * The state machine for an Open IPMI BT sub-driver under ipmi_si.c, part
6 * of the driver architecture at http://sourceforge.net/projects/openipmi
7 *
8 * Author: Rocky Craig <first.last@hp.com>
9 */
10
11#define DEBUG /* So dev_dbg() is always available. */
12
13#include <linux/kernel.h> /* For printk. */
14#include <linux/string.h>
15#include <linux/module.h>
16#include <linux/moduleparam.h>
17#include <linux/ipmi_msgdefs.h> /* for completion codes */
18#include "ipmi_si_sm.h"
19
20#define BT_DEBUG_OFF 0 /* Used in production */
21#define BT_DEBUG_ENABLE 1 /* Generic messages */
22#define BT_DEBUG_MSG 2 /* Prints all request/response buffers */
23#define BT_DEBUG_STATES 4 /* Verbose look at state changes */
24/*
25 * BT_DEBUG_OFF must be zero to correspond to the default uninitialized
26 * value
27 */
28
29static int bt_debug; /* 0 == BT_DEBUG_OFF */
30
31module_param(bt_debug, int, 0644);
32MODULE_PARM_DESC(bt_debug, "debug bitmask, 1=enable, 2=messages, 4=states");
33
34/*
35 * Typical "Get BT Capabilities" values are 2-3 retries, 5-10 seconds,
36 * and 64 byte buffers. However, one HP implementation wants 255 bytes of
37 * buffer (with a documented message of 160 bytes) so go for the max.
38 * Since the Open IPMI architecture is single-message oriented at this
39 * stage, the queue depth of BT is of no concern.
40 */
41
42#define BT_NORMAL_TIMEOUT 5 /* seconds */
43#define BT_NORMAL_RETRY_LIMIT 2
44#define BT_RESET_DELAY 6 /* seconds after warm reset */
45
46/*
47 * States are written in chronological order and usually cover
48 * multiple rows of the state table discussion in the IPMI spec.
49 */
50
51enum bt_states {
52 BT_STATE_IDLE = 0, /* Order is critical in this list */
53 BT_STATE_XACTION_START,
54 BT_STATE_WRITE_BYTES,
55 BT_STATE_WRITE_CONSUME,
56 BT_STATE_READ_WAIT,
57 BT_STATE_CLEAR_B2H,
58 BT_STATE_READ_BYTES,
59 BT_STATE_RESET1, /* These must come last */
60 BT_STATE_RESET2,
61 BT_STATE_RESET3,
62 BT_STATE_RESTART,
63 BT_STATE_PRINTME,
64 BT_STATE_LONG_BUSY /* BT doesn't get hosed :-) */
65};
66
67/*
68 * Macros seen at the end of state "case" blocks. They help with legibility
69 * and debugging.
70 */
71
72#define BT_STATE_CHANGE(X, Y) { bt->state = X; return Y; }
73
74#define BT_SI_SM_RETURN(Y) { last_printed = BT_STATE_PRINTME; return Y; }
75
76struct si_sm_data {
77 enum bt_states state;
78 unsigned char seq; /* BT sequence number */
79 struct si_sm_io *io;
80 unsigned char write_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
81 int write_count;
82 unsigned char read_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
83 int read_count;
84 int truncated;
85 long timeout; /* microseconds countdown */
86 int error_retries; /* end of "common" fields */
87 int nonzero_status; /* hung BMCs stay all 0 */
88 enum bt_states complete; /* to divert the state machine */
89 long BT_CAP_req2rsp;
90 int BT_CAP_retries; /* Recommended retries */
91};
92
93#define BT_CLR_WR_PTR 0x01 /* See IPMI 1.5 table 11.6.4 */
94#define BT_CLR_RD_PTR 0x02
95#define BT_H2B_ATN 0x04
96#define BT_B2H_ATN 0x08
97#define BT_SMS_ATN 0x10
98#define BT_OEM0 0x20
99#define BT_H_BUSY 0x40
100#define BT_B_BUSY 0x80
101
102/*
103 * Some bits are toggled on each write: write once to set it, once
104 * more to clear it; writing a zero does nothing. To absolutely
105 * clear it, check its state and write if set. This avoids the "get
106 * current then use as mask" scheme to modify one bit. Note that the
107 * variable "bt" is hardcoded into these macros.
108 */
109
110#define BT_STATUS bt->io->inputb(bt->io, 0)
111#define BT_CONTROL(x) bt->io->outputb(bt->io, 0, x)
112
113#define BMC2HOST bt->io->inputb(bt->io, 1)
114#define HOST2BMC(x) bt->io->outputb(bt->io, 1, x)
115
116#define BT_INTMASK_R bt->io->inputb(bt->io, 2)
117#define BT_INTMASK_W(x) bt->io->outputb(bt->io, 2, x)
118
119/*
120 * Convenience routines for debugging. These are not multi-open safe!
121 * Note the macros have hardcoded variables in them.
122 */
123
124static char *state2txt(unsigned char state)
125{
126 switch (state) {
127 case BT_STATE_IDLE: return("IDLE");
128 case BT_STATE_XACTION_START: return("XACTION");
129 case BT_STATE_WRITE_BYTES: return("WR_BYTES");
130 case BT_STATE_WRITE_CONSUME: return("WR_CONSUME");
131 case BT_STATE_READ_WAIT: return("RD_WAIT");
132 case BT_STATE_CLEAR_B2H: return("CLEAR_B2H");
133 case BT_STATE_READ_BYTES: return("RD_BYTES");
134 case BT_STATE_RESET1: return("RESET1");
135 case BT_STATE_RESET2: return("RESET2");
136 case BT_STATE_RESET3: return("RESET3");
137 case BT_STATE_RESTART: return("RESTART");
138 case BT_STATE_LONG_BUSY: return("LONG_BUSY");
139 }
140 return("BAD STATE");
141}
142#define STATE2TXT state2txt(bt->state)
143
144static char *status2txt(unsigned char status)
145{
146 /*
147 * This cannot be called by two threads at the same time and
148 * the buffer is always consumed immediately, so the static is
149 * safe to use.
150 */
151 static char buf[40];
152
153 strcpy(buf, "[ ");
154 if (status & BT_B_BUSY)
155 strcat(buf, "B_BUSY ");
156 if (status & BT_H_BUSY)
157 strcat(buf, "H_BUSY ");
158 if (status & BT_OEM0)
159 strcat(buf, "OEM0 ");
160 if (status & BT_SMS_ATN)
161 strcat(buf, "SMS ");
162 if (status & BT_B2H_ATN)
163 strcat(buf, "B2H ");
164 if (status & BT_H2B_ATN)
165 strcat(buf, "H2B ");
166 strcat(buf, "]");
167 return buf;
168}
169#define STATUS2TXT status2txt(status)
170
171/* called externally at insmod time, and internally on cleanup */
172
173static unsigned int bt_init_data(struct si_sm_data *bt, struct si_sm_io *io)
174{
175 memset(bt, 0, sizeof(struct si_sm_data));
176 if (bt->io != io) {
177 /* external: one-time only things */
178 bt->io = io;
179 bt->seq = 0;
180 }
181 bt->state = BT_STATE_IDLE; /* start here */
182 bt->complete = BT_STATE_IDLE; /* end here */
183 bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * USEC_PER_SEC;
184 bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT;
185 return 3; /* We claim 3 bytes of space; ought to check SPMI table */
186}
187
188/* Jam a completion code (probably an error) into a response */
189
190static void force_result(struct si_sm_data *bt, unsigned char completion_code)
191{
192 bt->read_data[0] = 4; /* # following bytes */
193 bt->read_data[1] = bt->write_data[1] | 4; /* Odd NetFn/LUN */
194 bt->read_data[2] = bt->write_data[2]; /* seq (ignored) */
195 bt->read_data[3] = bt->write_data[3]; /* Command */
196 bt->read_data[4] = completion_code;
197 bt->read_count = 5;
198}
199
200/* The upper state machine starts here */
201
202static int bt_start_transaction(struct si_sm_data *bt,
203 unsigned char *data,
204 unsigned int size)
205{
206 unsigned int i;
207
208 if (size < 2)
209 return IPMI_REQ_LEN_INVALID_ERR;
210 if (size > IPMI_MAX_MSG_LENGTH)
211 return IPMI_REQ_LEN_EXCEEDED_ERR;
212
213 if (bt->state == BT_STATE_LONG_BUSY)
214 return IPMI_NODE_BUSY_ERR;
215
216 if (bt->state != BT_STATE_IDLE) {
217 dev_warn(bt->io->dev, "BT in invalid state %d\n", bt->state);
218 return IPMI_NOT_IN_MY_STATE_ERR;
219 }
220
221 if (bt_debug & BT_DEBUG_MSG) {
222 dev_dbg(bt->io->dev, "+++++++++++++++++ New command\n");
223 dev_dbg(bt->io->dev, "NetFn/LUN CMD [%d data]:", size - 2);
224 for (i = 0; i < size; i ++)
225 pr_cont(" %02x", data[i]);
226 pr_cont("\n");
227 }
228 bt->write_data[0] = size + 1; /* all data plus seq byte */
229 bt->write_data[1] = *data; /* NetFn/LUN */
230 bt->write_data[2] = bt->seq++;
231 memcpy(bt->write_data + 3, data + 1, size - 1);
232 bt->write_count = size + 2;
233 bt->error_retries = 0;
234 bt->nonzero_status = 0;
235 bt->truncated = 0;
236 bt->state = BT_STATE_XACTION_START;
237 bt->timeout = bt->BT_CAP_req2rsp;
238 force_result(bt, IPMI_ERR_UNSPECIFIED);
239 return 0;
240}
241
242/*
243 * After the upper state machine has been told SI_SM_TRANSACTION_COMPLETE
244 * it calls this. Strip out the length and seq bytes.
245 */
246
247static int bt_get_result(struct si_sm_data *bt,
248 unsigned char *data,
249 unsigned int length)
250{
251 int i, msg_len;
252
253 msg_len = bt->read_count - 2; /* account for length & seq */
254 if (msg_len < 3 || msg_len > IPMI_MAX_MSG_LENGTH) {
255 force_result(bt, IPMI_ERR_UNSPECIFIED);
256 msg_len = 3;
257 }
258 data[0] = bt->read_data[1];
259 data[1] = bt->read_data[3];
260 if (length < msg_len || bt->truncated) {
261 data[2] = IPMI_ERR_MSG_TRUNCATED;
262 msg_len = 3;
263 } else
264 memcpy(data + 2, bt->read_data + 4, msg_len - 2);
265
266 if (bt_debug & BT_DEBUG_MSG) {
267 dev_dbg(bt->io->dev, "result %d bytes:", msg_len);
268 for (i = 0; i < msg_len; i++)
269 pr_cont(" %02x", data[i]);
270 pr_cont("\n");
271 }
272 return msg_len;
273}
274
275/* This bit's functionality is optional */
276#define BT_BMC_HWRST 0x80
277
278static void reset_flags(struct si_sm_data *bt)
279{
280 if (bt_debug)
281 dev_dbg(bt->io->dev, "flag reset %s\n", status2txt(BT_STATUS));
282 if (BT_STATUS & BT_H_BUSY)
283 BT_CONTROL(BT_H_BUSY); /* force clear */
284 BT_CONTROL(BT_CLR_WR_PTR); /* always reset */
285 BT_CONTROL(BT_SMS_ATN); /* always clear */
286 BT_INTMASK_W(BT_BMC_HWRST);
287}
288
289/*
290 * Get rid of an unwanted/stale response. This should only be needed for
291 * BMCs that support multiple outstanding requests.
292 */
293
294static void drain_BMC2HOST(struct si_sm_data *bt)
295{
296 int i, size;
297
298 if (!(BT_STATUS & BT_B2H_ATN)) /* Not signalling a response */
299 return;
300
301 BT_CONTROL(BT_H_BUSY); /* now set */
302 BT_CONTROL(BT_B2H_ATN); /* always clear */
303 BT_STATUS; /* pause */
304 BT_CONTROL(BT_B2H_ATN); /* some BMCs are stubborn */
305 BT_CONTROL(BT_CLR_RD_PTR); /* always reset */
306 if (bt_debug)
307 dev_dbg(bt->io->dev, "stale response %s; ",
308 status2txt(BT_STATUS));
309 size = BMC2HOST;
310 for (i = 0; i < size ; i++)
311 BMC2HOST;
312 BT_CONTROL(BT_H_BUSY); /* now clear */
313 if (bt_debug)
314 pr_cont("drained %d bytes\n", size + 1);
315}
316
317static inline void write_all_bytes(struct si_sm_data *bt)
318{
319 int i;
320
321 if (bt_debug & BT_DEBUG_MSG) {
322 dev_dbg(bt->io->dev, "write %d bytes seq=0x%02X",
323 bt->write_count, bt->seq);
324 for (i = 0; i < bt->write_count; i++)
325 pr_cont(" %02x", bt->write_data[i]);
326 pr_cont("\n");
327 }
328 for (i = 0; i < bt->write_count; i++)
329 HOST2BMC(bt->write_data[i]);
330}
331
332static inline int read_all_bytes(struct si_sm_data *bt)
333{
334 unsigned int i;
335
336 /*
337 * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
338 * Keep layout of first four bytes aligned with write_data[]
339 */
340
341 bt->read_data[0] = BMC2HOST;
342 bt->read_count = bt->read_data[0];
343
344 if (bt->read_count < 4 || bt->read_count >= IPMI_MAX_MSG_LENGTH) {
345 if (bt_debug & BT_DEBUG_MSG)
346 dev_dbg(bt->io->dev,
347 "bad raw rsp len=%d\n", bt->read_count);
348 bt->truncated = 1;
349 return 1; /* let next XACTION START clean it up */
350 }
351 for (i = 1; i <= bt->read_count; i++)
352 bt->read_data[i] = BMC2HOST;
353 bt->read_count++; /* Account internally for length byte */
354
355 if (bt_debug & BT_DEBUG_MSG) {
356 int max = bt->read_count;
357
358 dev_dbg(bt->io->dev,
359 "got %d bytes seq=0x%02X", max, bt->read_data[2]);
360 if (max > 16)
361 max = 16;
362 for (i = 0; i < max; i++)
363 pr_cont(" %02x", bt->read_data[i]);
364 pr_cont("%s\n", bt->read_count == max ? "" : " ...");
365 }
366
367 /* per the spec, the (NetFn[1], Seq[2], Cmd[3]) tuples must match */
368 if ((bt->read_data[3] == bt->write_data[3]) &&
369 (bt->read_data[2] == bt->write_data[2]) &&
370 ((bt->read_data[1] & 0xF8) == (bt->write_data[1] & 0xF8)))
371 return 1;
372
373 if (bt_debug & BT_DEBUG_MSG)
374 dev_dbg(bt->io->dev,
375 "IPMI BT: bad packet: want 0x(%02X, %02X, %02X) got (%02X, %02X, %02X)\n",
376 bt->write_data[1] | 0x04, bt->write_data[2],
377 bt->write_data[3],
378 bt->read_data[1], bt->read_data[2], bt->read_data[3]);
379 return 0;
380}
381
382/* Restart if retries are left, or return an error completion code */
383
384static enum si_sm_result error_recovery(struct si_sm_data *bt,
385 unsigned char status,
386 unsigned char cCode)
387{
388 char *reason;
389
390 bt->timeout = bt->BT_CAP_req2rsp;
391
392 switch (cCode) {
393 case IPMI_TIMEOUT_ERR:
394 reason = "timeout";
395 break;
396 default:
397 reason = "internal error";
398 break;
399 }
400
401 dev_warn(bt->io->dev, "IPMI BT: %s in %s %s ", /* open-ended line */
402 reason, STATE2TXT, STATUS2TXT);
403
404 /*
405 * Per the IPMI spec, retries are based on the sequence number
406 * known only to this module, so manage a restart here.
407 */
408 (bt->error_retries)++;
409 if (bt->error_retries < bt->BT_CAP_retries) {
410 pr_cont("%d retries left\n",
411 bt->BT_CAP_retries - bt->error_retries);
412 bt->state = BT_STATE_RESTART;
413 return SI_SM_CALL_WITHOUT_DELAY;
414 }
415
416 dev_warn(bt->io->dev, "failed %d retries, sending error response\n",
417 bt->BT_CAP_retries);
418 if (!bt->nonzero_status)
419 dev_err(bt->io->dev, "stuck, try power cycle\n");
420
421 /* this is most likely during insmod */
422 else if (bt->seq <= (unsigned char)(bt->BT_CAP_retries & 0xFF)) {
423 dev_warn(bt->io->dev, "BT reset (takes 5 secs)\n");
424 bt->state = BT_STATE_RESET1;
425 return SI_SM_CALL_WITHOUT_DELAY;
426 }
427
428 /*
429 * Concoct a useful error message, set up the next state, and
430 * be done with this sequence.
431 */
432
433 bt->state = BT_STATE_IDLE;
434 switch (cCode) {
435 case IPMI_TIMEOUT_ERR:
436 if (status & BT_B_BUSY) {
437 cCode = IPMI_NODE_BUSY_ERR;
438 bt->state = BT_STATE_LONG_BUSY;
439 }
440 break;
441 default:
442 break;
443 }
444 force_result(bt, cCode);
445 return SI_SM_TRANSACTION_COMPLETE;
446}
447
448/* Check status and (usually) take action and change this state machine. */
449
450static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
451{
452 unsigned char status;
453 static enum bt_states last_printed = BT_STATE_PRINTME;
454 int i;
455
456 status = BT_STATUS;
457 bt->nonzero_status |= status;
458 if ((bt_debug & BT_DEBUG_STATES) && (bt->state != last_printed)) {
459 dev_dbg(bt->io->dev, "BT: %s %s TO=%ld - %ld\n",
460 STATE2TXT,
461 STATUS2TXT,
462 bt->timeout,
463 time);
464 last_printed = bt->state;
465 }
466
467 /*
468 * Commands that time out may still (eventually) provide a response.
469 * This stale response will get in the way of a new response so remove
470 * it if possible (hopefully during IDLE). Even if it comes up later
471 * it will be rejected by its (now-forgotten) seq number.
472 */
473
474 if ((bt->state < BT_STATE_WRITE_BYTES) && (status & BT_B2H_ATN)) {
475 drain_BMC2HOST(bt);
476 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
477 }
478
479 if ((bt->state != BT_STATE_IDLE) &&
480 (bt->state < BT_STATE_PRINTME)) {
481 /* check timeout */
482 bt->timeout -= time;
483 if ((bt->timeout < 0) && (bt->state < BT_STATE_RESET1))
484 return error_recovery(bt,
485 status,
486 IPMI_TIMEOUT_ERR);
487 }
488
489 switch (bt->state) {
490
491 /*
492 * Idle state first checks for asynchronous messages from another
493 * channel, then does some opportunistic housekeeping.
494 */
495
496 case BT_STATE_IDLE:
497 if (status & BT_SMS_ATN) {
498 BT_CONTROL(BT_SMS_ATN); /* clear it */
499 return SI_SM_ATTN;
500 }
501
502 if (status & BT_H_BUSY) /* clear a leftover H_BUSY */
503 BT_CONTROL(BT_H_BUSY);
504
505 BT_SI_SM_RETURN(SI_SM_IDLE);
506
507 case BT_STATE_XACTION_START:
508 if (status & (BT_B_BUSY | BT_H2B_ATN))
509 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
510 if (BT_STATUS & BT_H_BUSY)
511 BT_CONTROL(BT_H_BUSY); /* force clear */
512 BT_STATE_CHANGE(BT_STATE_WRITE_BYTES,
513 SI_SM_CALL_WITHOUT_DELAY);
514
515 case BT_STATE_WRITE_BYTES:
516 if (status & BT_H_BUSY)
517 BT_CONTROL(BT_H_BUSY); /* clear */
518 BT_CONTROL(BT_CLR_WR_PTR);
519 write_all_bytes(bt);
520 BT_CONTROL(BT_H2B_ATN); /* can clear too fast to catch */
521 BT_STATE_CHANGE(BT_STATE_WRITE_CONSUME,
522 SI_SM_CALL_WITHOUT_DELAY);
523
524 case BT_STATE_WRITE_CONSUME:
525 if (status & (BT_B_BUSY | BT_H2B_ATN))
526 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
527 BT_STATE_CHANGE(BT_STATE_READ_WAIT,
528 SI_SM_CALL_WITHOUT_DELAY);
529
530 /* Spinning hard can suppress B2H_ATN and force a timeout */
531
532 case BT_STATE_READ_WAIT:
533 if (!(status & BT_B2H_ATN))
534 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
535 BT_CONTROL(BT_H_BUSY); /* set */
536
537 /*
538 * Uncached, ordered writes should just proceed serially but
539 * some BMCs don't clear B2H_ATN with one hit. Fast-path a
540 * workaround without too much penalty to the general case.
541 */
542
543 BT_CONTROL(BT_B2H_ATN); /* clear it to ACK the BMC */
544 BT_STATE_CHANGE(BT_STATE_CLEAR_B2H,
545 SI_SM_CALL_WITHOUT_DELAY);
546
547 case BT_STATE_CLEAR_B2H:
548 if (status & BT_B2H_ATN) {
549 /* keep hitting it */
550 BT_CONTROL(BT_B2H_ATN);
551 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
552 }
553 BT_STATE_CHANGE(BT_STATE_READ_BYTES,
554 SI_SM_CALL_WITHOUT_DELAY);
555
556 case BT_STATE_READ_BYTES:
557 if (!(status & BT_H_BUSY))
558 /* check in case of retry */
559 BT_CONTROL(BT_H_BUSY);
560 BT_CONTROL(BT_CLR_RD_PTR); /* start of BMC2HOST buffer */
561 i = read_all_bytes(bt); /* true == packet seq match */
562 BT_CONTROL(BT_H_BUSY); /* NOW clear */
563 if (!i) /* Not my message */
564 BT_STATE_CHANGE(BT_STATE_READ_WAIT,
565 SI_SM_CALL_WITHOUT_DELAY);
566 bt->state = bt->complete;
567 return bt->state == BT_STATE_IDLE ? /* where to next? */
568 SI_SM_TRANSACTION_COMPLETE : /* normal */
569 SI_SM_CALL_WITHOUT_DELAY; /* Startup magic */
570
571 case BT_STATE_LONG_BUSY: /* For example: after FW update */
572 if (!(status & BT_B_BUSY)) {
573 reset_flags(bt); /* next state is now IDLE */
574 bt_init_data(bt, bt->io);
575 }
576 return SI_SM_CALL_WITH_DELAY; /* No repeat printing */
577
578 case BT_STATE_RESET1:
579 reset_flags(bt);
580 drain_BMC2HOST(bt);
581 BT_STATE_CHANGE(BT_STATE_RESET2,
582 SI_SM_CALL_WITH_DELAY);
583
584 case BT_STATE_RESET2: /* Send a soft reset */
585 BT_CONTROL(BT_CLR_WR_PTR);
586 HOST2BMC(3); /* number of bytes following */
587 HOST2BMC(0x18); /* NetFn/LUN == Application, LUN 0 */
588 HOST2BMC(42); /* Sequence number */
589 HOST2BMC(3); /* Cmd == Soft reset */
590 BT_CONTROL(BT_H2B_ATN);
591 bt->timeout = BT_RESET_DELAY * USEC_PER_SEC;
592 BT_STATE_CHANGE(BT_STATE_RESET3,
593 SI_SM_CALL_WITH_DELAY);
594
595 case BT_STATE_RESET3: /* Hold off everything for a bit */
596 if (bt->timeout > 0)
597 return SI_SM_CALL_WITH_DELAY;
598 drain_BMC2HOST(bt);
599 BT_STATE_CHANGE(BT_STATE_RESTART,
600 SI_SM_CALL_WITH_DELAY);
601
602 case BT_STATE_RESTART: /* don't reset retries or seq! */
603 bt->read_count = 0;
604 bt->nonzero_status = 0;
605 bt->timeout = bt->BT_CAP_req2rsp;
606 BT_STATE_CHANGE(BT_STATE_XACTION_START,
607 SI_SM_CALL_WITH_DELAY);
608
609 default: /* should never occur */
610 return error_recovery(bt,
611 status,
612 IPMI_ERR_UNSPECIFIED);
613 }
614 return SI_SM_CALL_WITH_DELAY;
615}
616
617static int bt_detect(struct si_sm_data *bt)
618{
619 unsigned char GetBT_CAP[] = { 0x18, 0x36 };
620 unsigned char BT_CAP[8];
621 enum si_sm_result smi_result;
622 int rv;
623
624 /*
625 * It's impossible for the BT status and interrupt registers to be
626 * all 1's, (assuming a properly functioning, self-initialized BMC)
627 * but that's what you get from reading a bogus address, so we
628 * test that first. The calling routine uses negative logic.
629 */
630
631 if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF))
632 return 1;
633 reset_flags(bt);
634
635 /*
636 * Try getting the BT capabilities here.
637 */
638 rv = bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP));
639 if (rv) {
640 dev_warn(bt->io->dev,
641 "Can't start capabilities transaction: %d\n", rv);
642 goto out_no_bt_cap;
643 }
644
645 smi_result = SI_SM_CALL_WITHOUT_DELAY;
646 for (;;) {
647 if (smi_result == SI_SM_CALL_WITH_DELAY ||
648 smi_result == SI_SM_CALL_WITH_TICK_DELAY) {
649 schedule_timeout_uninterruptible(1);
650 smi_result = bt_event(bt, jiffies_to_usecs(1));
651 } else if (smi_result == SI_SM_CALL_WITHOUT_DELAY) {
652 smi_result = bt_event(bt, 0);
653 } else
654 break;
655 }
656
657 rv = bt_get_result(bt, BT_CAP, sizeof(BT_CAP));
658 bt_init_data(bt, bt->io);
659 if (rv < 8) {
660 dev_warn(bt->io->dev, "bt cap response too short: %d\n", rv);
661 goto out_no_bt_cap;
662 }
663
664 if (BT_CAP[2]) {
665 dev_warn(bt->io->dev, "Error fetching bt cap: %x\n", BT_CAP[2]);
666out_no_bt_cap:
667 dev_warn(bt->io->dev, "using default values\n");
668 } else {
669 bt->BT_CAP_req2rsp = BT_CAP[6] * USEC_PER_SEC;
670 bt->BT_CAP_retries = BT_CAP[7];
671 }
672
673 dev_info(bt->io->dev, "req2rsp=%ld secs retries=%d\n",
674 bt->BT_CAP_req2rsp / USEC_PER_SEC, bt->BT_CAP_retries);
675
676 return 0;
677}
678
679static void bt_cleanup(struct si_sm_data *bt)
680{
681}
682
683static int bt_size(void)
684{
685 return sizeof(struct si_sm_data);
686}
687
688const struct si_sm_handlers bt_smi_handlers = {
689 .init_data = bt_init_data,
690 .start_transaction = bt_start_transaction,
691 .get_result = bt_get_result,
692 .event = bt_event,
693 .detect = bt_detect,
694 .cleanup = bt_cleanup,
695 .size = bt_size,
696};
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * ipmi_bt_sm.c
4 *
5 * The state machine for an Open IPMI BT sub-driver under ipmi_si.c, part
6 * of the driver architecture at http://sourceforge.net/projects/openipmi
7 *
8 * Author: Rocky Craig <first.last@hp.com>
9 */
10
11#define DEBUG /* So dev_dbg() is always available. */
12
13#include <linux/kernel.h> /* For printk. */
14#include <linux/string.h>
15#include <linux/module.h>
16#include <linux/moduleparam.h>
17#include <linux/ipmi_msgdefs.h> /* for completion codes */
18#include "ipmi_si_sm.h"
19
20#define BT_DEBUG_OFF 0 /* Used in production */
21#define BT_DEBUG_ENABLE 1 /* Generic messages */
22#define BT_DEBUG_MSG 2 /* Prints all request/response buffers */
23#define BT_DEBUG_STATES 4 /* Verbose look at state changes */
24/*
25 * BT_DEBUG_OFF must be zero to correspond to the default uninitialized
26 * value
27 */
28
29static int bt_debug; /* 0 == BT_DEBUG_OFF */
30
31module_param(bt_debug, int, 0644);
32MODULE_PARM_DESC(bt_debug, "debug bitmask, 1=enable, 2=messages, 4=states");
33
34/*
35 * Typical "Get BT Capabilities" values are 2-3 retries, 5-10 seconds,
36 * and 64 byte buffers. However, one HP implementation wants 255 bytes of
37 * buffer (with a documented message of 160 bytes) so go for the max.
38 * Since the Open IPMI architecture is single-message oriented at this
39 * stage, the queue depth of BT is of no concern.
40 */
41
42#define BT_NORMAL_TIMEOUT 5 /* seconds */
43#define BT_NORMAL_RETRY_LIMIT 2
44#define BT_RESET_DELAY 6 /* seconds after warm reset */
45
46/*
47 * States are written in chronological order and usually cover
48 * multiple rows of the state table discussion in the IPMI spec.
49 */
50
51enum bt_states {
52 BT_STATE_IDLE = 0, /* Order is critical in this list */
53 BT_STATE_XACTION_START,
54 BT_STATE_WRITE_BYTES,
55 BT_STATE_WRITE_CONSUME,
56 BT_STATE_READ_WAIT,
57 BT_STATE_CLEAR_B2H,
58 BT_STATE_READ_BYTES,
59 BT_STATE_RESET1, /* These must come last */
60 BT_STATE_RESET2,
61 BT_STATE_RESET3,
62 BT_STATE_RESTART,
63 BT_STATE_PRINTME,
64 BT_STATE_LONG_BUSY /* BT doesn't get hosed :-) */
65};
66
67/*
68 * Macros seen at the end of state "case" blocks. They help with legibility
69 * and debugging.
70 */
71
72#define BT_STATE_CHANGE(X, Y) { bt->state = X; return Y; }
73
74#define BT_SI_SM_RETURN(Y) { last_printed = BT_STATE_PRINTME; return Y; }
75
76struct si_sm_data {
77 enum bt_states state;
78 unsigned char seq; /* BT sequence number */
79 struct si_sm_io *io;
80 unsigned char write_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
81 int write_count;
82 unsigned char read_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
83 int read_count;
84 int truncated;
85 long timeout; /* microseconds countdown */
86 int error_retries; /* end of "common" fields */
87 int nonzero_status; /* hung BMCs stay all 0 */
88 enum bt_states complete; /* to divert the state machine */
89 long BT_CAP_req2rsp;
90 int BT_CAP_retries; /* Recommended retries */
91};
92
93#define BT_CLR_WR_PTR 0x01 /* See IPMI 1.5 table 11.6.4 */
94#define BT_CLR_RD_PTR 0x02
95#define BT_H2B_ATN 0x04
96#define BT_B2H_ATN 0x08
97#define BT_SMS_ATN 0x10
98#define BT_OEM0 0x20
99#define BT_H_BUSY 0x40
100#define BT_B_BUSY 0x80
101
102/*
103 * Some bits are toggled on each write: write once to set it, once
104 * more to clear it; writing a zero does nothing. To absolutely
105 * clear it, check its state and write if set. This avoids the "get
106 * current then use as mask" scheme to modify one bit. Note that the
107 * variable "bt" is hardcoded into these macros.
108 */
109
110#define BT_STATUS bt->io->inputb(bt->io, 0)
111#define BT_CONTROL(x) bt->io->outputb(bt->io, 0, x)
112
113#define BMC2HOST bt->io->inputb(bt->io, 1)
114#define HOST2BMC(x) bt->io->outputb(bt->io, 1, x)
115
116#define BT_INTMASK_R bt->io->inputb(bt->io, 2)
117#define BT_INTMASK_W(x) bt->io->outputb(bt->io, 2, x)
118
119/*
120 * Convenience routines for debugging. These are not multi-open safe!
121 * Note the macros have hardcoded variables in them.
122 */
123
124static char *state2txt(unsigned char state)
125{
126 switch (state) {
127 case BT_STATE_IDLE: return("IDLE");
128 case BT_STATE_XACTION_START: return("XACTION");
129 case BT_STATE_WRITE_BYTES: return("WR_BYTES");
130 case BT_STATE_WRITE_CONSUME: return("WR_CONSUME");
131 case BT_STATE_READ_WAIT: return("RD_WAIT");
132 case BT_STATE_CLEAR_B2H: return("CLEAR_B2H");
133 case BT_STATE_READ_BYTES: return("RD_BYTES");
134 case BT_STATE_RESET1: return("RESET1");
135 case BT_STATE_RESET2: return("RESET2");
136 case BT_STATE_RESET3: return("RESET3");
137 case BT_STATE_RESTART: return("RESTART");
138 case BT_STATE_LONG_BUSY: return("LONG_BUSY");
139 }
140 return("BAD STATE");
141}
142#define STATE2TXT state2txt(bt->state)
143
144static char *status2txt(unsigned char status)
145{
146 /*
147 * This cannot be called by two threads at the same time and
148 * the buffer is always consumed immediately, so the static is
149 * safe to use.
150 */
151 static char buf[40];
152
153 strcpy(buf, "[ ");
154 if (status & BT_B_BUSY)
155 strcat(buf, "B_BUSY ");
156 if (status & BT_H_BUSY)
157 strcat(buf, "H_BUSY ");
158 if (status & BT_OEM0)
159 strcat(buf, "OEM0 ");
160 if (status & BT_SMS_ATN)
161 strcat(buf, "SMS ");
162 if (status & BT_B2H_ATN)
163 strcat(buf, "B2H ");
164 if (status & BT_H2B_ATN)
165 strcat(buf, "H2B ");
166 strcat(buf, "]");
167 return buf;
168}
169#define STATUS2TXT status2txt(status)
170
171/* called externally at insmod time, and internally on cleanup */
172
173static unsigned int bt_init_data(struct si_sm_data *bt, struct si_sm_io *io)
174{
175 memset(bt, 0, sizeof(struct si_sm_data));
176 if (bt->io != io) {
177 /* external: one-time only things */
178 bt->io = io;
179 bt->seq = 0;
180 }
181 bt->state = BT_STATE_IDLE; /* start here */
182 bt->complete = BT_STATE_IDLE; /* end here */
183 bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * USEC_PER_SEC;
184 bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT;
185 return 3; /* We claim 3 bytes of space; ought to check SPMI table */
186}
187
188/* Jam a completion code (probably an error) into a response */
189
190static void force_result(struct si_sm_data *bt, unsigned char completion_code)
191{
192 bt->read_data[0] = 4; /* # following bytes */
193 bt->read_data[1] = bt->write_data[1] | 4; /* Odd NetFn/LUN */
194 bt->read_data[2] = bt->write_data[2]; /* seq (ignored) */
195 bt->read_data[3] = bt->write_data[3]; /* Command */
196 bt->read_data[4] = completion_code;
197 bt->read_count = 5;
198}
199
200/* The upper state machine starts here */
201
202static int bt_start_transaction(struct si_sm_data *bt,
203 unsigned char *data,
204 unsigned int size)
205{
206 unsigned int i;
207
208 if (size < 2)
209 return IPMI_REQ_LEN_INVALID_ERR;
210 if (size > IPMI_MAX_MSG_LENGTH)
211 return IPMI_REQ_LEN_EXCEEDED_ERR;
212
213 if (bt->state == BT_STATE_LONG_BUSY)
214 return IPMI_NODE_BUSY_ERR;
215
216 if (bt->state != BT_STATE_IDLE)
217 return IPMI_NOT_IN_MY_STATE_ERR;
218
219 if (bt_debug & BT_DEBUG_MSG) {
220 dev_dbg(bt->io->dev, "+++++++++++++++++ New command\n");
221 dev_dbg(bt->io->dev, "NetFn/LUN CMD [%d data]:", size - 2);
222 for (i = 0; i < size; i ++)
223 pr_cont(" %02x", data[i]);
224 pr_cont("\n");
225 }
226 bt->write_data[0] = size + 1; /* all data plus seq byte */
227 bt->write_data[1] = *data; /* NetFn/LUN */
228 bt->write_data[2] = bt->seq++;
229 memcpy(bt->write_data + 3, data + 1, size - 1);
230 bt->write_count = size + 2;
231 bt->error_retries = 0;
232 bt->nonzero_status = 0;
233 bt->truncated = 0;
234 bt->state = BT_STATE_XACTION_START;
235 bt->timeout = bt->BT_CAP_req2rsp;
236 force_result(bt, IPMI_ERR_UNSPECIFIED);
237 return 0;
238}
239
240/*
241 * After the upper state machine has been told SI_SM_TRANSACTION_COMPLETE
242 * it calls this. Strip out the length and seq bytes.
243 */
244
245static int bt_get_result(struct si_sm_data *bt,
246 unsigned char *data,
247 unsigned int length)
248{
249 int i, msg_len;
250
251 msg_len = bt->read_count - 2; /* account for length & seq */
252 if (msg_len < 3 || msg_len > IPMI_MAX_MSG_LENGTH) {
253 force_result(bt, IPMI_ERR_UNSPECIFIED);
254 msg_len = 3;
255 }
256 data[0] = bt->read_data[1];
257 data[1] = bt->read_data[3];
258 if (length < msg_len || bt->truncated) {
259 data[2] = IPMI_ERR_MSG_TRUNCATED;
260 msg_len = 3;
261 } else
262 memcpy(data + 2, bt->read_data + 4, msg_len - 2);
263
264 if (bt_debug & BT_DEBUG_MSG) {
265 dev_dbg(bt->io->dev, "result %d bytes:", msg_len);
266 for (i = 0; i < msg_len; i++)
267 pr_cont(" %02x", data[i]);
268 pr_cont("\n");
269 }
270 return msg_len;
271}
272
273/* This bit's functionality is optional */
274#define BT_BMC_HWRST 0x80
275
276static void reset_flags(struct si_sm_data *bt)
277{
278 if (bt_debug)
279 dev_dbg(bt->io->dev, "flag reset %s\n", status2txt(BT_STATUS));
280 if (BT_STATUS & BT_H_BUSY)
281 BT_CONTROL(BT_H_BUSY); /* force clear */
282 BT_CONTROL(BT_CLR_WR_PTR); /* always reset */
283 BT_CONTROL(BT_SMS_ATN); /* always clear */
284 BT_INTMASK_W(BT_BMC_HWRST);
285}
286
287/*
288 * Get rid of an unwanted/stale response. This should only be needed for
289 * BMCs that support multiple outstanding requests.
290 */
291
292static void drain_BMC2HOST(struct si_sm_data *bt)
293{
294 int i, size;
295
296 if (!(BT_STATUS & BT_B2H_ATN)) /* Not signalling a response */
297 return;
298
299 BT_CONTROL(BT_H_BUSY); /* now set */
300 BT_CONTROL(BT_B2H_ATN); /* always clear */
301 BT_STATUS; /* pause */
302 BT_CONTROL(BT_B2H_ATN); /* some BMCs are stubborn */
303 BT_CONTROL(BT_CLR_RD_PTR); /* always reset */
304 if (bt_debug)
305 dev_dbg(bt->io->dev, "stale response %s; ",
306 status2txt(BT_STATUS));
307 size = BMC2HOST;
308 for (i = 0; i < size ; i++)
309 BMC2HOST;
310 BT_CONTROL(BT_H_BUSY); /* now clear */
311 if (bt_debug)
312 pr_cont("drained %d bytes\n", size + 1);
313}
314
315static inline void write_all_bytes(struct si_sm_data *bt)
316{
317 int i;
318
319 if (bt_debug & BT_DEBUG_MSG) {
320 dev_dbg(bt->io->dev, "write %d bytes seq=0x%02X",
321 bt->write_count, bt->seq);
322 for (i = 0; i < bt->write_count; i++)
323 pr_cont(" %02x", bt->write_data[i]);
324 pr_cont("\n");
325 }
326 for (i = 0; i < bt->write_count; i++)
327 HOST2BMC(bt->write_data[i]);
328}
329
330static inline int read_all_bytes(struct si_sm_data *bt)
331{
332 unsigned int i;
333
334 /*
335 * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
336 * Keep layout of first four bytes aligned with write_data[]
337 */
338
339 bt->read_data[0] = BMC2HOST;
340 bt->read_count = bt->read_data[0];
341
342 if (bt->read_count < 4 || bt->read_count >= IPMI_MAX_MSG_LENGTH) {
343 if (bt_debug & BT_DEBUG_MSG)
344 dev_dbg(bt->io->dev,
345 "bad raw rsp len=%d\n", bt->read_count);
346 bt->truncated = 1;
347 return 1; /* let next XACTION START clean it up */
348 }
349 for (i = 1; i <= bt->read_count; i++)
350 bt->read_data[i] = BMC2HOST;
351 bt->read_count++; /* Account internally for length byte */
352
353 if (bt_debug & BT_DEBUG_MSG) {
354 int max = bt->read_count;
355
356 dev_dbg(bt->io->dev,
357 "got %d bytes seq=0x%02X", max, bt->read_data[2]);
358 if (max > 16)
359 max = 16;
360 for (i = 0; i < max; i++)
361 pr_cont(" %02x", bt->read_data[i]);
362 pr_cont("%s\n", bt->read_count == max ? "" : " ...");
363 }
364
365 /* per the spec, the (NetFn[1], Seq[2], Cmd[3]) tuples must match */
366 if ((bt->read_data[3] == bt->write_data[3]) &&
367 (bt->read_data[2] == bt->write_data[2]) &&
368 ((bt->read_data[1] & 0xF8) == (bt->write_data[1] & 0xF8)))
369 return 1;
370
371 if (bt_debug & BT_DEBUG_MSG)
372 dev_dbg(bt->io->dev,
373 "IPMI BT: bad packet: want 0x(%02X, %02X, %02X) got (%02X, %02X, %02X)\n",
374 bt->write_data[1] | 0x04, bt->write_data[2],
375 bt->write_data[3],
376 bt->read_data[1], bt->read_data[2], bt->read_data[3]);
377 return 0;
378}
379
380/* Restart if retries are left, or return an error completion code */
381
382static enum si_sm_result error_recovery(struct si_sm_data *bt,
383 unsigned char status,
384 unsigned char cCode)
385{
386 char *reason;
387
388 bt->timeout = bt->BT_CAP_req2rsp;
389
390 switch (cCode) {
391 case IPMI_TIMEOUT_ERR:
392 reason = "timeout";
393 break;
394 default:
395 reason = "internal error";
396 break;
397 }
398
399 dev_warn(bt->io->dev, "IPMI BT: %s in %s %s ", /* open-ended line */
400 reason, STATE2TXT, STATUS2TXT);
401
402 /*
403 * Per the IPMI spec, retries are based on the sequence number
404 * known only to this module, so manage a restart here.
405 */
406 (bt->error_retries)++;
407 if (bt->error_retries < bt->BT_CAP_retries) {
408 pr_cont("%d retries left\n",
409 bt->BT_CAP_retries - bt->error_retries);
410 bt->state = BT_STATE_RESTART;
411 return SI_SM_CALL_WITHOUT_DELAY;
412 }
413
414 dev_warn(bt->io->dev, "failed %d retries, sending error response\n",
415 bt->BT_CAP_retries);
416 if (!bt->nonzero_status)
417 dev_err(bt->io->dev, "stuck, try power cycle\n");
418
419 /* this is most likely during insmod */
420 else if (bt->seq <= (unsigned char)(bt->BT_CAP_retries & 0xFF)) {
421 dev_warn(bt->io->dev, "BT reset (takes 5 secs)\n");
422 bt->state = BT_STATE_RESET1;
423 return SI_SM_CALL_WITHOUT_DELAY;
424 }
425
426 /*
427 * Concoct a useful error message, set up the next state, and
428 * be done with this sequence.
429 */
430
431 bt->state = BT_STATE_IDLE;
432 switch (cCode) {
433 case IPMI_TIMEOUT_ERR:
434 if (status & BT_B_BUSY) {
435 cCode = IPMI_NODE_BUSY_ERR;
436 bt->state = BT_STATE_LONG_BUSY;
437 }
438 break;
439 default:
440 break;
441 }
442 force_result(bt, cCode);
443 return SI_SM_TRANSACTION_COMPLETE;
444}
445
446/* Check status and (usually) take action and change this state machine. */
447
448static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
449{
450 unsigned char status;
451 static enum bt_states last_printed = BT_STATE_PRINTME;
452 int i;
453
454 status = BT_STATUS;
455 bt->nonzero_status |= status;
456 if ((bt_debug & BT_DEBUG_STATES) && (bt->state != last_printed)) {
457 dev_dbg(bt->io->dev, "BT: %s %s TO=%ld - %ld\n",
458 STATE2TXT,
459 STATUS2TXT,
460 bt->timeout,
461 time);
462 last_printed = bt->state;
463 }
464
465 /*
466 * Commands that time out may still (eventually) provide a response.
467 * This stale response will get in the way of a new response so remove
468 * it if possible (hopefully during IDLE). Even if it comes up later
469 * it will be rejected by its (now-forgotten) seq number.
470 */
471
472 if ((bt->state < BT_STATE_WRITE_BYTES) && (status & BT_B2H_ATN)) {
473 drain_BMC2HOST(bt);
474 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
475 }
476
477 if ((bt->state != BT_STATE_IDLE) &&
478 (bt->state < BT_STATE_PRINTME)) {
479 /* check timeout */
480 bt->timeout -= time;
481 if ((bt->timeout < 0) && (bt->state < BT_STATE_RESET1))
482 return error_recovery(bt,
483 status,
484 IPMI_TIMEOUT_ERR);
485 }
486
487 switch (bt->state) {
488
489 /*
490 * Idle state first checks for asynchronous messages from another
491 * channel, then does some opportunistic housekeeping.
492 */
493
494 case BT_STATE_IDLE:
495 if (status & BT_SMS_ATN) {
496 BT_CONTROL(BT_SMS_ATN); /* clear it */
497 return SI_SM_ATTN;
498 }
499
500 if (status & BT_H_BUSY) /* clear a leftover H_BUSY */
501 BT_CONTROL(BT_H_BUSY);
502
503 BT_SI_SM_RETURN(SI_SM_IDLE);
504
505 case BT_STATE_XACTION_START:
506 if (status & (BT_B_BUSY | BT_H2B_ATN))
507 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
508 if (BT_STATUS & BT_H_BUSY)
509 BT_CONTROL(BT_H_BUSY); /* force clear */
510 BT_STATE_CHANGE(BT_STATE_WRITE_BYTES,
511 SI_SM_CALL_WITHOUT_DELAY);
512
513 case BT_STATE_WRITE_BYTES:
514 if (status & BT_H_BUSY)
515 BT_CONTROL(BT_H_BUSY); /* clear */
516 BT_CONTROL(BT_CLR_WR_PTR);
517 write_all_bytes(bt);
518 BT_CONTROL(BT_H2B_ATN); /* can clear too fast to catch */
519 BT_STATE_CHANGE(BT_STATE_WRITE_CONSUME,
520 SI_SM_CALL_WITHOUT_DELAY);
521
522 case BT_STATE_WRITE_CONSUME:
523 if (status & (BT_B_BUSY | BT_H2B_ATN))
524 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
525 BT_STATE_CHANGE(BT_STATE_READ_WAIT,
526 SI_SM_CALL_WITHOUT_DELAY);
527
528 /* Spinning hard can suppress B2H_ATN and force a timeout */
529
530 case BT_STATE_READ_WAIT:
531 if (!(status & BT_B2H_ATN))
532 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
533 BT_CONTROL(BT_H_BUSY); /* set */
534
535 /*
536 * Uncached, ordered writes should just proceed serially but
537 * some BMCs don't clear B2H_ATN with one hit. Fast-path a
538 * workaround without too much penalty to the general case.
539 */
540
541 BT_CONTROL(BT_B2H_ATN); /* clear it to ACK the BMC */
542 BT_STATE_CHANGE(BT_STATE_CLEAR_B2H,
543 SI_SM_CALL_WITHOUT_DELAY);
544
545 case BT_STATE_CLEAR_B2H:
546 if (status & BT_B2H_ATN) {
547 /* keep hitting it */
548 BT_CONTROL(BT_B2H_ATN);
549 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
550 }
551 BT_STATE_CHANGE(BT_STATE_READ_BYTES,
552 SI_SM_CALL_WITHOUT_DELAY);
553
554 case BT_STATE_READ_BYTES:
555 if (!(status & BT_H_BUSY))
556 /* check in case of retry */
557 BT_CONTROL(BT_H_BUSY);
558 BT_CONTROL(BT_CLR_RD_PTR); /* start of BMC2HOST buffer */
559 i = read_all_bytes(bt); /* true == packet seq match */
560 BT_CONTROL(BT_H_BUSY); /* NOW clear */
561 if (!i) /* Not my message */
562 BT_STATE_CHANGE(BT_STATE_READ_WAIT,
563 SI_SM_CALL_WITHOUT_DELAY);
564 bt->state = bt->complete;
565 return bt->state == BT_STATE_IDLE ? /* where to next? */
566 SI_SM_TRANSACTION_COMPLETE : /* normal */
567 SI_SM_CALL_WITHOUT_DELAY; /* Startup magic */
568
569 case BT_STATE_LONG_BUSY: /* For example: after FW update */
570 if (!(status & BT_B_BUSY)) {
571 reset_flags(bt); /* next state is now IDLE */
572 bt_init_data(bt, bt->io);
573 }
574 return SI_SM_CALL_WITH_DELAY; /* No repeat printing */
575
576 case BT_STATE_RESET1:
577 reset_flags(bt);
578 drain_BMC2HOST(bt);
579 BT_STATE_CHANGE(BT_STATE_RESET2,
580 SI_SM_CALL_WITH_DELAY);
581
582 case BT_STATE_RESET2: /* Send a soft reset */
583 BT_CONTROL(BT_CLR_WR_PTR);
584 HOST2BMC(3); /* number of bytes following */
585 HOST2BMC(0x18); /* NetFn/LUN == Application, LUN 0 */
586 HOST2BMC(42); /* Sequence number */
587 HOST2BMC(3); /* Cmd == Soft reset */
588 BT_CONTROL(BT_H2B_ATN);
589 bt->timeout = BT_RESET_DELAY * USEC_PER_SEC;
590 BT_STATE_CHANGE(BT_STATE_RESET3,
591 SI_SM_CALL_WITH_DELAY);
592
593 case BT_STATE_RESET3: /* Hold off everything for a bit */
594 if (bt->timeout > 0)
595 return SI_SM_CALL_WITH_DELAY;
596 drain_BMC2HOST(bt);
597 BT_STATE_CHANGE(BT_STATE_RESTART,
598 SI_SM_CALL_WITH_DELAY);
599
600 case BT_STATE_RESTART: /* don't reset retries or seq! */
601 bt->read_count = 0;
602 bt->nonzero_status = 0;
603 bt->timeout = bt->BT_CAP_req2rsp;
604 BT_STATE_CHANGE(BT_STATE_XACTION_START,
605 SI_SM_CALL_WITH_DELAY);
606
607 default: /* should never occur */
608 return error_recovery(bt,
609 status,
610 IPMI_ERR_UNSPECIFIED);
611 }
612 return SI_SM_CALL_WITH_DELAY;
613}
614
615static int bt_detect(struct si_sm_data *bt)
616{
617 unsigned char GetBT_CAP[] = { 0x18, 0x36 };
618 unsigned char BT_CAP[8];
619 enum si_sm_result smi_result;
620 int rv;
621
622 /*
623 * It's impossible for the BT status and interrupt registers to be
624 * all 1's, (assuming a properly functioning, self-initialized BMC)
625 * but that's what you get from reading a bogus address, so we
626 * test that first. The calling routine uses negative logic.
627 */
628
629 if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF))
630 return 1;
631 reset_flags(bt);
632
633 /*
634 * Try getting the BT capabilities here.
635 */
636 rv = bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP));
637 if (rv) {
638 dev_warn(bt->io->dev,
639 "Can't start capabilities transaction: %d\n", rv);
640 goto out_no_bt_cap;
641 }
642
643 smi_result = SI_SM_CALL_WITHOUT_DELAY;
644 for (;;) {
645 if (smi_result == SI_SM_CALL_WITH_DELAY ||
646 smi_result == SI_SM_CALL_WITH_TICK_DELAY) {
647 schedule_timeout_uninterruptible(1);
648 smi_result = bt_event(bt, jiffies_to_usecs(1));
649 } else if (smi_result == SI_SM_CALL_WITHOUT_DELAY) {
650 smi_result = bt_event(bt, 0);
651 } else
652 break;
653 }
654
655 rv = bt_get_result(bt, BT_CAP, sizeof(BT_CAP));
656 bt_init_data(bt, bt->io);
657 if (rv < 8) {
658 dev_warn(bt->io->dev, "bt cap response too short: %d\n", rv);
659 goto out_no_bt_cap;
660 }
661
662 if (BT_CAP[2]) {
663 dev_warn(bt->io->dev, "Error fetching bt cap: %x\n", BT_CAP[2]);
664out_no_bt_cap:
665 dev_warn(bt->io->dev, "using default values\n");
666 } else {
667 bt->BT_CAP_req2rsp = BT_CAP[6] * USEC_PER_SEC;
668 bt->BT_CAP_retries = BT_CAP[7];
669 }
670
671 dev_info(bt->io->dev, "req2rsp=%ld secs retries=%d\n",
672 bt->BT_CAP_req2rsp / USEC_PER_SEC, bt->BT_CAP_retries);
673
674 return 0;
675}
676
677static void bt_cleanup(struct si_sm_data *bt)
678{
679}
680
681static int bt_size(void)
682{
683 return sizeof(struct si_sm_data);
684}
685
686const struct si_sm_handlers bt_smi_handlers = {
687 .init_data = bt_init_data,
688 .start_transaction = bt_start_transaction,
689 .get_result = bt_get_result,
690 .event = bt_event,
691 .detect = bt_detect,
692 .cleanup = bt_cleanup,
693 .size = bt_size,
694};