Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / char / ipmi / ipmi_bt_sm.c
blobcdd4c09fda963b2de1e1e3371090a93625d0b771
1 /*
2 * ipmi_bt_sm.c
4 * The state machine for an Open IPMI BT sub-driver under ipmi_si.c, part
5 * of the driver architecture at http://sourceforge.net/projects/openipmi
7 * Author: Rocky Craig <first.last@hp.com>
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the
11 * Free Software Foundation; either version 2 of the License, or (at your
12 * option) any later version.
14 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
15 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
20 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
21 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
22 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
23 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 * You should have received a copy of the GNU General Public License along
26 * with this program; if not, write to the Free Software Foundation, Inc.,
27 * 675 Mass Ave, Cambridge, MA 02139, USA. */
29 #include <linux/kernel.h> /* For printk. */
30 #include <linux/string.h>
31 #include <linux/module.h>
32 #include <linux/moduleparam.h>
33 #include <linux/ipmi_msgdefs.h> /* for completion codes */
34 #include "ipmi_si_sm.h"
36 #define BT_DEBUG_OFF 0 /* Used in production */
37 #define BT_DEBUG_ENABLE 1 /* Generic messages */
38 #define BT_DEBUG_MSG 2 /* Prints all request/response buffers */
39 #define BT_DEBUG_STATES 4 /* Verbose look at state changes */
41 * BT_DEBUG_OFF must be zero to correspond to the default uninitialized
42 * value
45 static int bt_debug; /* 0 == BT_DEBUG_OFF */
47 module_param(bt_debug, int, 0644);
48 MODULE_PARM_DESC(bt_debug, "debug bitmask, 1=enable, 2=messages, 4=states");
51 * Typical "Get BT Capabilities" values are 2-3 retries, 5-10 seconds,
52 * and 64 byte buffers. However, one HP implementation wants 255 bytes of
53 * buffer (with a documented message of 160 bytes) so go for the max.
54 * Since the Open IPMI architecture is single-message oriented at this
55 * stage, the queue depth of BT is of no concern.
58 #define BT_NORMAL_TIMEOUT 5 /* seconds */
59 #define BT_NORMAL_RETRY_LIMIT 2
60 #define BT_RESET_DELAY 6 /* seconds after warm reset */
63 * States are written in chronological order and usually cover
64 * multiple rows of the state table discussion in the IPMI spec.
67 enum bt_states {
68 BT_STATE_IDLE = 0, /* Order is critical in this list */
69 BT_STATE_XACTION_START,
70 BT_STATE_WRITE_BYTES,
71 BT_STATE_WRITE_CONSUME,
72 BT_STATE_READ_WAIT,
73 BT_STATE_CLEAR_B2H,
74 BT_STATE_READ_BYTES,
75 BT_STATE_RESET1, /* These must come last */
76 BT_STATE_RESET2,
77 BT_STATE_RESET3,
78 BT_STATE_RESTART,
79 BT_STATE_PRINTME,
80 BT_STATE_CAPABILITIES_BEGIN,
81 BT_STATE_CAPABILITIES_END,
82 BT_STATE_LONG_BUSY /* BT doesn't get hosed :-) */
86 * Macros seen at the end of state "case" blocks. They help with legibility
87 * and debugging.
90 #define BT_STATE_CHANGE(X, Y) { bt->state = X; return Y; }
92 #define BT_SI_SM_RETURN(Y) { last_printed = BT_STATE_PRINTME; return Y; }
94 struct si_sm_data {
95 enum bt_states state;
96 unsigned char seq; /* BT sequence number */
97 struct si_sm_io *io;
98 unsigned char write_data[IPMI_MAX_MSG_LENGTH];
99 int write_count;
100 unsigned char read_data[IPMI_MAX_MSG_LENGTH];
101 int read_count;
102 int truncated;
103 long timeout; /* microseconds countdown */
104 int error_retries; /* end of "common" fields */
105 int nonzero_status; /* hung BMCs stay all 0 */
106 enum bt_states complete; /* to divert the state machine */
107 int BT_CAP_outreqs;
108 long BT_CAP_req2rsp;
109 int BT_CAP_retries; /* Recommended retries */
112 #define BT_CLR_WR_PTR 0x01 /* See IPMI 1.5 table 11.6.4 */
113 #define BT_CLR_RD_PTR 0x02
114 #define BT_H2B_ATN 0x04
115 #define BT_B2H_ATN 0x08
116 #define BT_SMS_ATN 0x10
117 #define BT_OEM0 0x20
118 #define BT_H_BUSY 0x40
119 #define BT_B_BUSY 0x80
122 * Some bits are toggled on each write: write once to set it, once
123 * more to clear it; writing a zero does nothing. To absolutely
124 * clear it, check its state and write if set. This avoids the "get
125 * current then use as mask" scheme to modify one bit. Note that the
126 * variable "bt" is hardcoded into these macros.
129 #define BT_STATUS bt->io->inputb(bt->io, 0)
130 #define BT_CONTROL(x) bt->io->outputb(bt->io, 0, x)
132 #define BMC2HOST bt->io->inputb(bt->io, 1)
133 #define HOST2BMC(x) bt->io->outputb(bt->io, 1, x)
135 #define BT_INTMASK_R bt->io->inputb(bt->io, 2)
136 #define BT_INTMASK_W(x) bt->io->outputb(bt->io, 2, x)
139 * Convenience routines for debugging. These are not multi-open safe!
140 * Note the macros have hardcoded variables in them.
143 static char *state2txt(unsigned char state)
145 switch (state) {
146 case BT_STATE_IDLE: return("IDLE");
147 case BT_STATE_XACTION_START: return("XACTION");
148 case BT_STATE_WRITE_BYTES: return("WR_BYTES");
149 case BT_STATE_WRITE_CONSUME: return("WR_CONSUME");
150 case BT_STATE_READ_WAIT: return("RD_WAIT");
151 case BT_STATE_CLEAR_B2H: return("CLEAR_B2H");
152 case BT_STATE_READ_BYTES: return("RD_BYTES");
153 case BT_STATE_RESET1: return("RESET1");
154 case BT_STATE_RESET2: return("RESET2");
155 case BT_STATE_RESET3: return("RESET3");
156 case BT_STATE_RESTART: return("RESTART");
157 case BT_STATE_LONG_BUSY: return("LONG_BUSY");
158 case BT_STATE_CAPABILITIES_BEGIN: return("CAP_BEGIN");
159 case BT_STATE_CAPABILITIES_END: return("CAP_END");
161 return("BAD STATE");
163 #define STATE2TXT state2txt(bt->state)
165 static char *status2txt(unsigned char status)
168 * This cannot be called by two threads at the same time and
169 * the buffer is always consumed immediately, so the static is
170 * safe to use.
172 static char buf[40];
174 strcpy(buf, "[ ");
175 if (status & BT_B_BUSY)
176 strcat(buf, "B_BUSY ");
177 if (status & BT_H_BUSY)
178 strcat(buf, "H_BUSY ");
179 if (status & BT_OEM0)
180 strcat(buf, "OEM0 ");
181 if (status & BT_SMS_ATN)
182 strcat(buf, "SMS ");
183 if (status & BT_B2H_ATN)
184 strcat(buf, "B2H ");
185 if (status & BT_H2B_ATN)
186 strcat(buf, "H2B ");
187 strcat(buf, "]");
188 return buf;
190 #define STATUS2TXT status2txt(status)
192 /* called externally at insmod time, and internally on cleanup */
194 static unsigned int bt_init_data(struct si_sm_data *bt, struct si_sm_io *io)
196 memset(bt, 0, sizeof(struct si_sm_data));
197 if (bt->io != io) {
198 /* external: one-time only things */
199 bt->io = io;
200 bt->seq = 0;
202 bt->state = BT_STATE_IDLE; /* start here */
203 bt->complete = BT_STATE_IDLE; /* end here */
204 bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * 1000000;
205 bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT;
206 /* BT_CAP_outreqs == zero is a flag to read BT Capabilities */
207 return 3; /* We claim 3 bytes of space; ought to check SPMI table */
210 /* Jam a completion code (probably an error) into a response */
212 static void force_result(struct si_sm_data *bt, unsigned char completion_code)
214 bt->read_data[0] = 4; /* # following bytes */
215 bt->read_data[1] = bt->write_data[1] | 4; /* Odd NetFn/LUN */
216 bt->read_data[2] = bt->write_data[2]; /* seq (ignored) */
217 bt->read_data[3] = bt->write_data[3]; /* Command */
218 bt->read_data[4] = completion_code;
219 bt->read_count = 5;
222 /* The upper state machine starts here */
224 static int bt_start_transaction(struct si_sm_data *bt,
225 unsigned char *data,
226 unsigned int size)
228 unsigned int i;
230 if (size < 2)
231 return IPMI_REQ_LEN_INVALID_ERR;
232 if (size > IPMI_MAX_MSG_LENGTH)
233 return IPMI_REQ_LEN_EXCEEDED_ERR;
235 if (bt->state == BT_STATE_LONG_BUSY)
236 return IPMI_NODE_BUSY_ERR;
238 if (bt->state != BT_STATE_IDLE)
239 return IPMI_NOT_IN_MY_STATE_ERR;
241 if (bt_debug & BT_DEBUG_MSG) {
242 printk(KERN_WARNING "BT: +++++++++++++++++ New command\n");
243 printk(KERN_WARNING "BT: NetFn/LUN CMD [%d data]:", size - 2);
244 for (i = 0; i < size; i ++)
245 printk(" %02x", data[i]);
246 printk("\n");
248 bt->write_data[0] = size + 1; /* all data plus seq byte */
249 bt->write_data[1] = *data; /* NetFn/LUN */
250 bt->write_data[2] = bt->seq++;
251 memcpy(bt->write_data + 3, data + 1, size - 1);
252 bt->write_count = size + 2;
253 bt->error_retries = 0;
254 bt->nonzero_status = 0;
255 bt->truncated = 0;
256 bt->state = BT_STATE_XACTION_START;
257 bt->timeout = bt->BT_CAP_req2rsp;
258 force_result(bt, IPMI_ERR_UNSPECIFIED);
259 return 0;
263 * After the upper state machine has been told SI_SM_TRANSACTION_COMPLETE
264 * it calls this. Strip out the length and seq bytes.
267 static int bt_get_result(struct si_sm_data *bt,
268 unsigned char *data,
269 unsigned int length)
271 int i, msg_len;
273 msg_len = bt->read_count - 2; /* account for length & seq */
274 if (msg_len < 3 || msg_len > IPMI_MAX_MSG_LENGTH) {
275 force_result(bt, IPMI_ERR_UNSPECIFIED);
276 msg_len = 3;
278 data[0] = bt->read_data[1];
279 data[1] = bt->read_data[3];
280 if (length < msg_len || bt->truncated) {
281 data[2] = IPMI_ERR_MSG_TRUNCATED;
282 msg_len = 3;
283 } else
284 memcpy(data + 2, bt->read_data + 4, msg_len - 2);
286 if (bt_debug & BT_DEBUG_MSG) {
287 printk(KERN_WARNING "BT: result %d bytes:", msg_len);
288 for (i = 0; i < msg_len; i++)
289 printk(" %02x", data[i]);
290 printk("\n");
292 return msg_len;
295 /* This bit's functionality is optional */
296 #define BT_BMC_HWRST 0x80
298 static void reset_flags(struct si_sm_data *bt)
300 if (bt_debug)
301 printk(KERN_WARNING "IPMI BT: flag reset %s\n",
302 status2txt(BT_STATUS));
303 if (BT_STATUS & BT_H_BUSY)
304 BT_CONTROL(BT_H_BUSY); /* force clear */
305 BT_CONTROL(BT_CLR_WR_PTR); /* always reset */
306 BT_CONTROL(BT_SMS_ATN); /* always clear */
307 BT_INTMASK_W(BT_BMC_HWRST);
311 * Get rid of an unwanted/stale response. This should only be needed for
312 * BMCs that support multiple outstanding requests.
315 static void drain_BMC2HOST(struct si_sm_data *bt)
317 int i, size;
319 if (!(BT_STATUS & BT_B2H_ATN)) /* Not signalling a response */
320 return;
322 BT_CONTROL(BT_H_BUSY); /* now set */
323 BT_CONTROL(BT_B2H_ATN); /* always clear */
324 BT_STATUS; /* pause */
325 BT_CONTROL(BT_B2H_ATN); /* some BMCs are stubborn */
326 BT_CONTROL(BT_CLR_RD_PTR); /* always reset */
327 if (bt_debug)
328 printk(KERN_WARNING "IPMI BT: stale response %s; ",
329 status2txt(BT_STATUS));
330 size = BMC2HOST;
331 for (i = 0; i < size ; i++)
332 BMC2HOST;
333 BT_CONTROL(BT_H_BUSY); /* now clear */
334 if (bt_debug)
335 printk("drained %d bytes\n", size + 1);
338 static inline void write_all_bytes(struct si_sm_data *bt)
340 int i;
342 if (bt_debug & BT_DEBUG_MSG) {
343 printk(KERN_WARNING "BT: write %d bytes seq=0x%02X",
344 bt->write_count, bt->seq);
345 for (i = 0; i < bt->write_count; i++)
346 printk(" %02x", bt->write_data[i]);
347 printk("\n");
349 for (i = 0; i < bt->write_count; i++)
350 HOST2BMC(bt->write_data[i]);
353 static inline int read_all_bytes(struct si_sm_data *bt)
355 unsigned char i;
358 * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
359 * Keep layout of first four bytes aligned with write_data[]
362 bt->read_data[0] = BMC2HOST;
363 bt->read_count = bt->read_data[0];
365 if (bt->read_count < 4 || bt->read_count >= IPMI_MAX_MSG_LENGTH) {
366 if (bt_debug & BT_DEBUG_MSG)
367 printk(KERN_WARNING "BT: bad raw rsp len=%d\n",
368 bt->read_count);
369 bt->truncated = 1;
370 return 1; /* let next XACTION START clean it up */
372 for (i = 1; i <= bt->read_count; i++)
373 bt->read_data[i] = BMC2HOST;
374 bt->read_count++; /* Account internally for length byte */
376 if (bt_debug & BT_DEBUG_MSG) {
377 int max = bt->read_count;
379 printk(KERN_WARNING "BT: got %d bytes seq=0x%02X",
380 max, bt->read_data[2]);
381 if (max > 16)
382 max = 16;
383 for (i = 0; i < max; i++)
384 printk(KERN_CONT " %02x", bt->read_data[i]);
385 printk(KERN_CONT "%s\n", bt->read_count == max ? "" : " ...");
388 /* per the spec, the (NetFn[1], Seq[2], Cmd[3]) tuples must match */
389 if ((bt->read_data[3] == bt->write_data[3]) &&
390 (bt->read_data[2] == bt->write_data[2]) &&
391 ((bt->read_data[1] & 0xF8) == (bt->write_data[1] & 0xF8)))
392 return 1;
394 if (bt_debug & BT_DEBUG_MSG)
395 printk(KERN_WARNING "IPMI BT: bad packet: "
396 "want 0x(%02X, %02X, %02X) got (%02X, %02X, %02X)\n",
397 bt->write_data[1] | 0x04, bt->write_data[2], bt->write_data[3],
398 bt->read_data[1], bt->read_data[2], bt->read_data[3]);
399 return 0;
402 /* Restart if retries are left, or return an error completion code */
404 static enum si_sm_result error_recovery(struct si_sm_data *bt,
405 unsigned char status,
406 unsigned char cCode)
408 char *reason;
410 bt->timeout = bt->BT_CAP_req2rsp;
412 switch (cCode) {
413 case IPMI_TIMEOUT_ERR:
414 reason = "timeout";
415 break;
416 default:
417 reason = "internal error";
418 break;
421 printk(KERN_WARNING "IPMI BT: %s in %s %s ", /* open-ended line */
422 reason, STATE2TXT, STATUS2TXT);
425 * Per the IPMI spec, retries are based on the sequence number
426 * known only to this module, so manage a restart here.
428 (bt->error_retries)++;
429 if (bt->error_retries < bt->BT_CAP_retries) {
430 printk("%d retries left\n",
431 bt->BT_CAP_retries - bt->error_retries);
432 bt->state = BT_STATE_RESTART;
433 return SI_SM_CALL_WITHOUT_DELAY;
436 printk(KERN_WARNING "failed %d retries, sending error response\n",
437 bt->BT_CAP_retries);
438 if (!bt->nonzero_status)
439 printk(KERN_ERR "IPMI BT: stuck, try power cycle\n");
441 /* this is most likely during insmod */
442 else if (bt->seq <= (unsigned char)(bt->BT_CAP_retries & 0xFF)) {
443 printk(KERN_WARNING "IPMI: BT reset (takes 5 secs)\n");
444 bt->state = BT_STATE_RESET1;
445 return SI_SM_CALL_WITHOUT_DELAY;
449 * Concoct a useful error message, set up the next state, and
450 * be done with this sequence.
453 bt->state = BT_STATE_IDLE;
454 switch (cCode) {
455 case IPMI_TIMEOUT_ERR:
456 if (status & BT_B_BUSY) {
457 cCode = IPMI_NODE_BUSY_ERR;
458 bt->state = BT_STATE_LONG_BUSY;
460 break;
461 default:
462 break;
464 force_result(bt, cCode);
465 return SI_SM_TRANSACTION_COMPLETE;
468 /* Check status and (usually) take action and change this state machine. */
470 static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
472 unsigned char status, BT_CAP[8];
473 static enum bt_states last_printed = BT_STATE_PRINTME;
474 int i;
476 status = BT_STATUS;
477 bt->nonzero_status |= status;
478 if ((bt_debug & BT_DEBUG_STATES) && (bt->state != last_printed)) {
479 printk(KERN_WARNING "BT: %s %s TO=%ld - %ld \n",
480 STATE2TXT,
481 STATUS2TXT,
482 bt->timeout,
483 time);
484 last_printed = bt->state;
488 * Commands that time out may still (eventually) provide a response.
489 * This stale response will get in the way of a new response so remove
490 * it if possible (hopefully during IDLE). Even if it comes up later
491 * it will be rejected by its (now-forgotten) seq number.
494 if ((bt->state < BT_STATE_WRITE_BYTES) && (status & BT_B2H_ATN)) {
495 drain_BMC2HOST(bt);
496 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
499 if ((bt->state != BT_STATE_IDLE) &&
500 (bt->state < BT_STATE_PRINTME)) {
501 /* check timeout */
502 bt->timeout -= time;
503 if ((bt->timeout < 0) && (bt->state < BT_STATE_RESET1))
504 return error_recovery(bt,
505 status,
506 IPMI_TIMEOUT_ERR);
509 switch (bt->state) {
512 * Idle state first checks for asynchronous messages from another
513 * channel, then does some opportunistic housekeeping.
516 case BT_STATE_IDLE:
517 if (status & BT_SMS_ATN) {
518 BT_CONTROL(BT_SMS_ATN); /* clear it */
519 return SI_SM_ATTN;
522 if (status & BT_H_BUSY) /* clear a leftover H_BUSY */
523 BT_CONTROL(BT_H_BUSY);
525 /* Read BT capabilities if it hasn't been done yet */
526 if (!bt->BT_CAP_outreqs)
527 BT_STATE_CHANGE(BT_STATE_CAPABILITIES_BEGIN,
528 SI_SM_CALL_WITHOUT_DELAY);
529 bt->timeout = bt->BT_CAP_req2rsp;
530 BT_SI_SM_RETURN(SI_SM_IDLE);
532 case BT_STATE_XACTION_START:
533 if (status & (BT_B_BUSY | BT_H2B_ATN))
534 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
535 if (BT_STATUS & BT_H_BUSY)
536 BT_CONTROL(BT_H_BUSY); /* force clear */
537 BT_STATE_CHANGE(BT_STATE_WRITE_BYTES,
538 SI_SM_CALL_WITHOUT_DELAY);
540 case BT_STATE_WRITE_BYTES:
541 if (status & BT_H_BUSY)
542 BT_CONTROL(BT_H_BUSY); /* clear */
543 BT_CONTROL(BT_CLR_WR_PTR);
544 write_all_bytes(bt);
545 BT_CONTROL(BT_H2B_ATN); /* can clear too fast to catch */
546 BT_STATE_CHANGE(BT_STATE_WRITE_CONSUME,
547 SI_SM_CALL_WITHOUT_DELAY);
549 case BT_STATE_WRITE_CONSUME:
550 if (status & (BT_B_BUSY | BT_H2B_ATN))
551 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
552 BT_STATE_CHANGE(BT_STATE_READ_WAIT,
553 SI_SM_CALL_WITHOUT_DELAY);
555 /* Spinning hard can suppress B2H_ATN and force a timeout */
557 case BT_STATE_READ_WAIT:
558 if (!(status & BT_B2H_ATN))
559 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
560 BT_CONTROL(BT_H_BUSY); /* set */
563 * Uncached, ordered writes should just proceed serially but
564 * some BMCs don't clear B2H_ATN with one hit. Fast-path a
565 * workaround without too much penalty to the general case.
568 BT_CONTROL(BT_B2H_ATN); /* clear it to ACK the BMC */
569 BT_STATE_CHANGE(BT_STATE_CLEAR_B2H,
570 SI_SM_CALL_WITHOUT_DELAY);
572 case BT_STATE_CLEAR_B2H:
573 if (status & BT_B2H_ATN) {
574 /* keep hitting it */
575 BT_CONTROL(BT_B2H_ATN);
576 BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
578 BT_STATE_CHANGE(BT_STATE_READ_BYTES,
579 SI_SM_CALL_WITHOUT_DELAY);
581 case BT_STATE_READ_BYTES:
582 if (!(status & BT_H_BUSY))
583 /* check in case of retry */
584 BT_CONTROL(BT_H_BUSY);
585 BT_CONTROL(BT_CLR_RD_PTR); /* start of BMC2HOST buffer */
586 i = read_all_bytes(bt); /* true == packet seq match */
587 BT_CONTROL(BT_H_BUSY); /* NOW clear */
588 if (!i) /* Not my message */
589 BT_STATE_CHANGE(BT_STATE_READ_WAIT,
590 SI_SM_CALL_WITHOUT_DELAY);
591 bt->state = bt->complete;
592 return bt->state == BT_STATE_IDLE ? /* where to next? */
593 SI_SM_TRANSACTION_COMPLETE : /* normal */
594 SI_SM_CALL_WITHOUT_DELAY; /* Startup magic */
596 case BT_STATE_LONG_BUSY: /* For example: after FW update */
597 if (!(status & BT_B_BUSY)) {
598 reset_flags(bt); /* next state is now IDLE */
599 bt_init_data(bt, bt->io);
601 return SI_SM_CALL_WITH_DELAY; /* No repeat printing */
603 case BT_STATE_RESET1:
604 reset_flags(bt);
605 drain_BMC2HOST(bt);
606 BT_STATE_CHANGE(BT_STATE_RESET2,
607 SI_SM_CALL_WITH_DELAY);
609 case BT_STATE_RESET2: /* Send a soft reset */
610 BT_CONTROL(BT_CLR_WR_PTR);
611 HOST2BMC(3); /* number of bytes following */
612 HOST2BMC(0x18); /* NetFn/LUN == Application, LUN 0 */
613 HOST2BMC(42); /* Sequence number */
614 HOST2BMC(3); /* Cmd == Soft reset */
615 BT_CONTROL(BT_H2B_ATN);
616 bt->timeout = BT_RESET_DELAY * 1000000;
617 BT_STATE_CHANGE(BT_STATE_RESET3,
618 SI_SM_CALL_WITH_DELAY);
620 case BT_STATE_RESET3: /* Hold off everything for a bit */
621 if (bt->timeout > 0)
622 return SI_SM_CALL_WITH_DELAY;
623 drain_BMC2HOST(bt);
624 BT_STATE_CHANGE(BT_STATE_RESTART,
625 SI_SM_CALL_WITH_DELAY);
627 case BT_STATE_RESTART: /* don't reset retries or seq! */
628 bt->read_count = 0;
629 bt->nonzero_status = 0;
630 bt->timeout = bt->BT_CAP_req2rsp;
631 BT_STATE_CHANGE(BT_STATE_XACTION_START,
632 SI_SM_CALL_WITH_DELAY);
635 * Get BT Capabilities, using timing of upper level state machine.
636 * Set outreqs to prevent infinite loop on timeout.
638 case BT_STATE_CAPABILITIES_BEGIN:
639 bt->BT_CAP_outreqs = 1;
641 unsigned char GetBT_CAP[] = { 0x18, 0x36 };
642 bt->state = BT_STATE_IDLE;
643 bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP));
645 bt->complete = BT_STATE_CAPABILITIES_END;
646 BT_STATE_CHANGE(BT_STATE_XACTION_START,
647 SI_SM_CALL_WITH_DELAY);
649 case BT_STATE_CAPABILITIES_END:
650 i = bt_get_result(bt, BT_CAP, sizeof(BT_CAP));
651 bt_init_data(bt, bt->io);
652 if ((i == 8) && !BT_CAP[2]) {
653 bt->BT_CAP_outreqs = BT_CAP[3];
654 bt->BT_CAP_req2rsp = BT_CAP[6] * 1000000;
655 bt->BT_CAP_retries = BT_CAP[7];
656 } else
657 printk(KERN_WARNING "IPMI BT: using default values\n");
658 if (!bt->BT_CAP_outreqs)
659 bt->BT_CAP_outreqs = 1;
660 printk(KERN_WARNING "IPMI BT: req2rsp=%ld secs retries=%d\n",
661 bt->BT_CAP_req2rsp / 1000000L, bt->BT_CAP_retries);
662 bt->timeout = bt->BT_CAP_req2rsp;
663 return SI_SM_CALL_WITHOUT_DELAY;
665 default: /* should never occur */
666 return error_recovery(bt,
667 status,
668 IPMI_ERR_UNSPECIFIED);
670 return SI_SM_CALL_WITH_DELAY;
673 static int bt_detect(struct si_sm_data *bt)
676 * It's impossible for the BT status and interrupt registers to be
677 * all 1's, (assuming a properly functioning, self-initialized BMC)
678 * but that's what you get from reading a bogus address, so we
679 * test that first. The calling routine uses negative logic.
682 if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF))
683 return 1;
684 reset_flags(bt);
685 return 0;
688 static void bt_cleanup(struct si_sm_data *bt)
692 static int bt_size(void)
694 return sizeof(struct si_sm_data);
697 struct si_sm_handlers bt_smi_handlers = {
698 .init_data = bt_init_data,
699 .start_transaction = bt_start_transaction,
700 .get_result = bt_get_result,
701 .event = bt_event,
702 .detect = bt_detect,
703 .cleanup = bt_cleanup,
704 .size = bt_size,