Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / char / ipmi / ipmi_kcs_sm.c
blobcf82fedae09975272fd6517b1fa5346eff95a814
1 /*
2 * ipmi_kcs_sm.c
4 * State machine for handling IPMI KCS interfaces.
6 * Author: MontaVista Software, Inc.
7 * Corey Minyard <minyard@mvista.com>
8 * source@mvista.com
10 * Copyright 2002 MontaVista Software Inc.
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
24 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
26 * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
27 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 * You should have received a copy of the GNU General Public License along
30 * with this program; if not, write to the Free Software Foundation, Inc.,
31 * 675 Mass Ave, Cambridge, MA 02139, USA.
35 * This state machine is taken from the state machine in the IPMI spec,
36 * pretty much verbatim. If you have questions about the states, see
37 * that document.
40 #include <linux/kernel.h> /* For printk. */
41 #include <linux/module.h>
42 #include <linux/moduleparam.h>
43 #include <linux/string.h>
44 #include <linux/jiffies.h>
45 #include <linux/ipmi_msgdefs.h> /* for completion codes */
46 #include "ipmi_si_sm.h"
48 /* kcs_debug is a bit-field
49 * KCS_DEBUG_ENABLE - turned on for now
50 * KCS_DEBUG_MSG - commands and their responses
51 * KCS_DEBUG_STATES - state machine
53 #define KCS_DEBUG_STATES 4
54 #define KCS_DEBUG_MSG 2
55 #define KCS_DEBUG_ENABLE 1
57 static int kcs_debug;
58 module_param(kcs_debug, int, 0644);
59 MODULE_PARM_DESC(kcs_debug, "debug bitmask, 1=enable, 2=messages, 4=states");
61 /* The states the KCS driver may be in. */
62 enum kcs_states {
63 /* The KCS interface is currently doing nothing. */
64 KCS_IDLE,
67 * We are starting an operation. The data is in the output
68 * buffer, but nothing has been done to the interface yet. This
69 * was added to the state machine in the spec to wait for the
70 * initial IBF.
72 KCS_START_OP,
74 /* We have written a write cmd to the interface. */
75 KCS_WAIT_WRITE_START,
77 /* We are writing bytes to the interface. */
78 KCS_WAIT_WRITE,
81 * We have written the write end cmd to the interface, and
82 * still need to write the last byte.
84 KCS_WAIT_WRITE_END,
86 /* We are waiting to read data from the interface. */
87 KCS_WAIT_READ,
90 * State to transition to the error handler, this was added to
91 * the state machine in the spec to be sure IBF was there.
93 KCS_ERROR0,
96 * First stage error handler, wait for the interface to
97 * respond.
99 KCS_ERROR1,
102 * The abort cmd has been written, wait for the interface to
103 * respond.
105 KCS_ERROR2,
108 * We wrote some data to the interface, wait for it to switch
109 * to read mode.
111 KCS_ERROR3,
113 /* The hardware failed to follow the state machine. */
114 KCS_HOSED
117 #define MAX_KCS_READ_SIZE IPMI_MAX_MSG_LENGTH
118 #define MAX_KCS_WRITE_SIZE IPMI_MAX_MSG_LENGTH
120 /* Timeouts in microseconds. */
121 #define IBF_RETRY_TIMEOUT 1000000
122 #define OBF_RETRY_TIMEOUT 1000000
123 #define MAX_ERROR_RETRIES 10
124 #define ERROR0_OBF_WAIT_JIFFIES (2*HZ)
126 struct si_sm_data {
127 enum kcs_states state;
128 struct si_sm_io *io;
129 unsigned char write_data[MAX_KCS_WRITE_SIZE];
130 int write_pos;
131 int write_count;
132 int orig_write_count;
133 unsigned char read_data[MAX_KCS_READ_SIZE];
134 int read_pos;
135 int truncated;
137 unsigned int error_retries;
138 long ibf_timeout;
139 long obf_timeout;
140 unsigned long error0_timeout;
143 static unsigned int init_kcs_data(struct si_sm_data *kcs,
144 struct si_sm_io *io)
146 kcs->state = KCS_IDLE;
147 kcs->io = io;
148 kcs->write_pos = 0;
149 kcs->write_count = 0;
150 kcs->orig_write_count = 0;
151 kcs->read_pos = 0;
152 kcs->error_retries = 0;
153 kcs->truncated = 0;
154 kcs->ibf_timeout = IBF_RETRY_TIMEOUT;
155 kcs->obf_timeout = OBF_RETRY_TIMEOUT;
157 /* Reserve 2 I/O bytes. */
158 return 2;
161 static inline unsigned char read_status(struct si_sm_data *kcs)
163 return kcs->io->inputb(kcs->io, 1);
166 static inline unsigned char read_data(struct si_sm_data *kcs)
168 return kcs->io->inputb(kcs->io, 0);
171 static inline void write_cmd(struct si_sm_data *kcs, unsigned char data)
173 kcs->io->outputb(kcs->io, 1, data);
176 static inline void write_data(struct si_sm_data *kcs, unsigned char data)
178 kcs->io->outputb(kcs->io, 0, data);
181 /* Control codes. */
182 #define KCS_GET_STATUS_ABORT 0x60
183 #define KCS_WRITE_START 0x61
184 #define KCS_WRITE_END 0x62
185 #define KCS_READ_BYTE 0x68
187 /* Status bits. */
188 #define GET_STATUS_STATE(status) (((status) >> 6) & 0x03)
189 #define KCS_IDLE_STATE 0
190 #define KCS_READ_STATE 1
191 #define KCS_WRITE_STATE 2
192 #define KCS_ERROR_STATE 3
193 #define GET_STATUS_ATN(status) ((status) & 0x04)
194 #define GET_STATUS_IBF(status) ((status) & 0x02)
195 #define GET_STATUS_OBF(status) ((status) & 0x01)
198 static inline void write_next_byte(struct si_sm_data *kcs)
200 write_data(kcs, kcs->write_data[kcs->write_pos]);
201 (kcs->write_pos)++;
202 (kcs->write_count)--;
205 static inline void start_error_recovery(struct si_sm_data *kcs, char *reason)
207 (kcs->error_retries)++;
208 if (kcs->error_retries > MAX_ERROR_RETRIES) {
209 if (kcs_debug & KCS_DEBUG_ENABLE)
210 printk(KERN_DEBUG "ipmi_kcs_sm: kcs hosed: %s\n",
211 reason);
212 kcs->state = KCS_HOSED;
213 } else {
214 kcs->error0_timeout = jiffies + ERROR0_OBF_WAIT_JIFFIES;
215 kcs->state = KCS_ERROR0;
219 static inline void read_next_byte(struct si_sm_data *kcs)
221 if (kcs->read_pos >= MAX_KCS_READ_SIZE) {
222 /* Throw the data away and mark it truncated. */
223 read_data(kcs);
224 kcs->truncated = 1;
225 } else {
226 kcs->read_data[kcs->read_pos] = read_data(kcs);
227 (kcs->read_pos)++;
229 write_data(kcs, KCS_READ_BYTE);
232 static inline int check_ibf(struct si_sm_data *kcs, unsigned char status,
233 long time)
235 if (GET_STATUS_IBF(status)) {
236 kcs->ibf_timeout -= time;
237 if (kcs->ibf_timeout < 0) {
238 start_error_recovery(kcs, "IBF not ready in time");
239 kcs->ibf_timeout = IBF_RETRY_TIMEOUT;
240 return 1;
242 return 0;
244 kcs->ibf_timeout = IBF_RETRY_TIMEOUT;
245 return 1;
248 static inline int check_obf(struct si_sm_data *kcs, unsigned char status,
249 long time)
251 if (!GET_STATUS_OBF(status)) {
252 kcs->obf_timeout -= time;
253 if (kcs->obf_timeout < 0) {
254 start_error_recovery(kcs, "OBF not ready in time");
255 return 1;
257 return 0;
259 kcs->obf_timeout = OBF_RETRY_TIMEOUT;
260 return 1;
263 static void clear_obf(struct si_sm_data *kcs, unsigned char status)
265 if (GET_STATUS_OBF(status))
266 read_data(kcs);
269 static void restart_kcs_transaction(struct si_sm_data *kcs)
271 kcs->write_count = kcs->orig_write_count;
272 kcs->write_pos = 0;
273 kcs->read_pos = 0;
274 kcs->state = KCS_WAIT_WRITE_START;
275 kcs->ibf_timeout = IBF_RETRY_TIMEOUT;
276 kcs->obf_timeout = OBF_RETRY_TIMEOUT;
277 write_cmd(kcs, KCS_WRITE_START);
280 static int start_kcs_transaction(struct si_sm_data *kcs, unsigned char *data,
281 unsigned int size)
283 unsigned int i;
285 if (size < 2)
286 return IPMI_REQ_LEN_INVALID_ERR;
287 if (size > MAX_KCS_WRITE_SIZE)
288 return IPMI_REQ_LEN_EXCEEDED_ERR;
290 if ((kcs->state != KCS_IDLE) && (kcs->state != KCS_HOSED))
291 return IPMI_NOT_IN_MY_STATE_ERR;
293 if (kcs_debug & KCS_DEBUG_MSG) {
294 printk(KERN_DEBUG "start_kcs_transaction -");
295 for (i = 0; i < size; i++)
296 printk(" %02x", (unsigned char) (data [i]));
297 printk("\n");
299 kcs->error_retries = 0;
300 memcpy(kcs->write_data, data, size);
301 kcs->write_count = size;
302 kcs->orig_write_count = size;
303 kcs->write_pos = 0;
304 kcs->read_pos = 0;
305 kcs->state = KCS_START_OP;
306 kcs->ibf_timeout = IBF_RETRY_TIMEOUT;
307 kcs->obf_timeout = OBF_RETRY_TIMEOUT;
308 return 0;
311 static int get_kcs_result(struct si_sm_data *kcs, unsigned char *data,
312 unsigned int length)
314 if (length < kcs->read_pos) {
315 kcs->read_pos = length;
316 kcs->truncated = 1;
319 memcpy(data, kcs->read_data, kcs->read_pos);
321 if ((length >= 3) && (kcs->read_pos < 3)) {
322 /* Guarantee that we return at least 3 bytes, with an
323 error in the third byte if it is too short. */
324 data[2] = IPMI_ERR_UNSPECIFIED;
325 kcs->read_pos = 3;
327 if (kcs->truncated) {
329 * Report a truncated error. We might overwrite
330 * another error, but that's too bad, the user needs
331 * to know it was truncated.
333 data[2] = IPMI_ERR_MSG_TRUNCATED;
334 kcs->truncated = 0;
337 return kcs->read_pos;
341 * This implements the state machine defined in the IPMI manual, see
342 * that for details on how this works. Divide that flowchart into
343 * sections delimited by "Wait for IBF" and this will become clear.
345 static enum si_sm_result kcs_event(struct si_sm_data *kcs, long time)
347 unsigned char status;
348 unsigned char state;
350 status = read_status(kcs);
352 if (kcs_debug & KCS_DEBUG_STATES)
353 printk(KERN_DEBUG "KCS: State = %d, %x\n", kcs->state, status);
355 /* All states wait for ibf, so just do it here. */
356 if (!check_ibf(kcs, status, time))
357 return SI_SM_CALL_WITH_DELAY;
359 /* Just about everything looks at the KCS state, so grab that, too. */
360 state = GET_STATUS_STATE(status);
362 switch (kcs->state) {
363 case KCS_IDLE:
364 /* If there's and interrupt source, turn it off. */
365 clear_obf(kcs, status);
367 if (GET_STATUS_ATN(status))
368 return SI_SM_ATTN;
369 else
370 return SI_SM_IDLE;
372 case KCS_START_OP:
373 if (state != KCS_IDLE_STATE) {
374 start_error_recovery(kcs,
375 "State machine not idle at start");
376 break;
379 clear_obf(kcs, status);
380 write_cmd(kcs, KCS_WRITE_START);
381 kcs->state = KCS_WAIT_WRITE_START;
382 break;
384 case KCS_WAIT_WRITE_START:
385 if (state != KCS_WRITE_STATE) {
386 start_error_recovery(
387 kcs,
388 "Not in write state at write start");
389 break;
391 read_data(kcs);
392 if (kcs->write_count == 1) {
393 write_cmd(kcs, KCS_WRITE_END);
394 kcs->state = KCS_WAIT_WRITE_END;
395 } else {
396 write_next_byte(kcs);
397 kcs->state = KCS_WAIT_WRITE;
399 break;
401 case KCS_WAIT_WRITE:
402 if (state != KCS_WRITE_STATE) {
403 start_error_recovery(kcs,
404 "Not in write state for write");
405 break;
407 clear_obf(kcs, status);
408 if (kcs->write_count == 1) {
409 write_cmd(kcs, KCS_WRITE_END);
410 kcs->state = KCS_WAIT_WRITE_END;
411 } else {
412 write_next_byte(kcs);
414 break;
416 case KCS_WAIT_WRITE_END:
417 if (state != KCS_WRITE_STATE) {
418 start_error_recovery(kcs,
419 "Not in write state"
420 " for write end");
421 break;
423 clear_obf(kcs, status);
424 write_next_byte(kcs);
425 kcs->state = KCS_WAIT_READ;
426 break;
428 case KCS_WAIT_READ:
429 if ((state != KCS_READ_STATE) && (state != KCS_IDLE_STATE)) {
430 start_error_recovery(
431 kcs,
432 "Not in read or idle in read state");
433 break;
436 if (state == KCS_READ_STATE) {
437 if (!check_obf(kcs, status, time))
438 return SI_SM_CALL_WITH_DELAY;
439 read_next_byte(kcs);
440 } else {
442 * We don't implement this exactly like the state
443 * machine in the spec. Some broken hardware
444 * does not write the final dummy byte to the
445 * read register. Thus obf will never go high
446 * here. We just go straight to idle, and we
447 * handle clearing out obf in idle state if it
448 * happens to come in.
450 clear_obf(kcs, status);
451 kcs->orig_write_count = 0;
452 kcs->state = KCS_IDLE;
453 return SI_SM_TRANSACTION_COMPLETE;
455 break;
457 case KCS_ERROR0:
458 clear_obf(kcs, status);
459 status = read_status(kcs);
460 if (GET_STATUS_OBF(status))
461 /* controller isn't responding */
462 if (time_before(jiffies, kcs->error0_timeout))
463 return SI_SM_CALL_WITH_TICK_DELAY;
464 write_cmd(kcs, KCS_GET_STATUS_ABORT);
465 kcs->state = KCS_ERROR1;
466 break;
468 case KCS_ERROR1:
469 clear_obf(kcs, status);
470 write_data(kcs, 0);
471 kcs->state = KCS_ERROR2;
472 break;
474 case KCS_ERROR2:
475 if (state != KCS_READ_STATE) {
476 start_error_recovery(kcs,
477 "Not in read state for error2");
478 break;
480 if (!check_obf(kcs, status, time))
481 return SI_SM_CALL_WITH_DELAY;
483 clear_obf(kcs, status);
484 write_data(kcs, KCS_READ_BYTE);
485 kcs->state = KCS_ERROR3;
486 break;
488 case KCS_ERROR3:
489 if (state != KCS_IDLE_STATE) {
490 start_error_recovery(kcs,
491 "Not in idle state for error3");
492 break;
495 if (!check_obf(kcs, status, time))
496 return SI_SM_CALL_WITH_DELAY;
498 clear_obf(kcs, status);
499 if (kcs->orig_write_count) {
500 restart_kcs_transaction(kcs);
501 } else {
502 kcs->state = KCS_IDLE;
503 return SI_SM_TRANSACTION_COMPLETE;
505 break;
507 case KCS_HOSED:
508 break;
511 if (kcs->state == KCS_HOSED) {
512 init_kcs_data(kcs, kcs->io);
513 return SI_SM_HOSED;
516 return SI_SM_CALL_WITHOUT_DELAY;
519 static int kcs_size(void)
521 return sizeof(struct si_sm_data);
524 static int kcs_detect(struct si_sm_data *kcs)
527 * It's impossible for the KCS status register to be all 1's,
528 * (assuming a properly functioning, self-initialized BMC)
529 * but that's what you get from reading a bogus address, so we
530 * test that first.
532 if (read_status(kcs) == 0xff)
533 return 1;
535 return 0;
538 static void kcs_cleanup(struct si_sm_data *kcs)
542 struct si_sm_handlers kcs_smi_handlers = {
543 .init_data = init_kcs_data,
544 .start_transaction = start_kcs_transaction,
545 .get_result = get_kcs_result,
546 .event = kcs_event,
547 .detect = kcs_detect,
548 .cleanup = kcs_cleanup,
549 .size = kcs_size,