LXR linux/drivers/char/ipmi/ipmi_bt

   1/*
   2 *  ipmi_bt_sm.c
   3 *
   4 *  The state machine for an Open IPMI BT sub-driver under ipmi_si.c, part
   5 *  of the driver architecture at http://sourceforge.net/projects/openipmi 
   6 *
   7 *  Author:     Rocky Craig <first.last@hp.com>
   8 *
   9 *  This program is free software; you can redistribute it and/or modify it
  10 *  under the terms of the GNU General Public License as published by the
  11 *  Free Software Foundation; either version 2 of the License, or (at your
  12 *  option) any later version.
  13 *
  14 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  15 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  16 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  17 *  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  18 *  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
  19 *  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
  20 *  OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  21 *  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
  22 *  TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
  23 *  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  24 *
  25 *  You should have received a copy of the GNU General Public License along
  26 *  with this program; if not, write to the Free Software Foundation, Inc.,
  27 *  675 Mass Ave, Cambridge, MA 02139, USA.  */
  28
  29#include <linux/kernel.h> /* For printk. */
  30#include <linux/string.h>
  31#include <linux/module.h>
  32#include <linux/moduleparam.h>
  33#include <linux/ipmi_msgdefs.h>         /* for completion codes */
  34#include "ipmi_si_sm.h"
  35
  36#define BT_DEBUG_OFF    0       /* Used in production */
  37#define BT_DEBUG_ENABLE 1       /* Generic messages */
  38#define BT_DEBUG_MSG    2       /* Prints all request/response buffers */
  39#define BT_DEBUG_STATES 4       /* Verbose look at state changes */
  40/*
  41 * BT_DEBUG_OFF must be zero to correspond to the default uninitialized
  42 * value
  43 */
  44
  45static int bt_debug; /* 0 == BT_DEBUG_OFF */
  46
  47module_param(bt_debug, int, 0644);
  48MODULE_PARM_DESC(bt_debug, "debug bitmask, 1=enable, 2=messages, 4=states");
  49
  50/*
  51 * Typical "Get BT Capabilities" values are 2-3 retries, 5-10 seconds,
  52 * and 64 byte buffers.  However, one HP implementation wants 255 bytes of
  53 * buffer (with a documented message of 160 bytes) so go for the max.
  54 * Since the Open IPMI architecture is single-message oriented at this
  55 * stage, the queue depth of BT is of no concern.
  56 */
  57
  58#define BT_NORMAL_TIMEOUT       5       /* seconds */
  59#define BT_NORMAL_RETRY_LIMIT   2
  60#define BT_RESET_DELAY          6       /* seconds after warm reset */
  61
  62/*
  63 * States are written in chronological order and usually cover
  64 * multiple rows of the state table discussion in the IPMI spec.
  65 */
  66
  67enum bt_states {
  68        BT_STATE_IDLE = 0,      /* Order is critical in this list */
  69        BT_STATE_XACTION_START,
  70        BT_STATE_WRITE_BYTES,
  71        BT_STATE_WRITE_CONSUME,
  72        BT_STATE_READ_WAIT,
  73        BT_STATE_CLEAR_B2H,
  74        BT_STATE_READ_BYTES,
  75        BT_STATE_RESET1,        /* These must come last */
  76        BT_STATE_RESET2,
  77        BT_STATE_RESET3,
  78        BT_STATE_RESTART,
  79        BT_STATE_PRINTME,
  80        BT_STATE_CAPABILITIES_BEGIN,
  81        BT_STATE_CAPABILITIES_END,
  82        BT_STATE_LONG_BUSY      /* BT doesn't get hosed :-) */
  83};
  84
  85/*
  86 * Macros seen at the end of state "case" blocks.  They help with legibility
  87 * and debugging.
  88 */
  89
  90#define BT_STATE_CHANGE(X, Y) { bt->state = X; return Y; }
  91
  92#define BT_SI_SM_RETURN(Y)   { last_printed = BT_STATE_PRINTME; return Y; }
  93
  94struct si_sm_data {
  95        enum bt_states  state;
  96        unsigned char   seq;            /* BT sequence number */
  97        struct si_sm_io *io;
  98        unsigned char   write_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
  99        int             write_count;
 100        unsigned char   read_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
 101        int             read_count;
 102        int             truncated;
 103        long            timeout;        /* microseconds countdown */
 104        int             error_retries;  /* end of "common" fields */
 105        int             nonzero_status; /* hung BMCs stay all 0 */
 106        enum bt_states  complete;       /* to divert the state machine */
 107        int             BT_CAP_outreqs;
 108        long            BT_CAP_req2rsp;
 109        int             BT_CAP_retries; /* Recommended retries */
 110};
 111
 112#define BT_CLR_WR_PTR   0x01    /* See IPMI 1.5 table 11.6.4 */
 113#define BT_CLR_RD_PTR   0x02
 114#define BT_H2B_ATN      0x04
 115#define BT_B2H_ATN      0x08
 116#define BT_SMS_ATN      0x10
 117#define BT_OEM0         0x20
 118#define BT_H_BUSY       0x40
 119#define BT_B_BUSY       0x80
 120
 121/*
 122 * Some bits are toggled on each write: write once to set it, once
 123 * more to clear it; writing a zero does nothing.  To absolutely
 124 * clear it, check its state and write if set.  This avoids the "get
 125 * current then use as mask" scheme to modify one bit.  Note that the
 126 * variable "bt" is hardcoded into these macros.
 127 */
 128
 129#define BT_STATUS       bt->io->inputb(bt->io, 0)
 130#define BT_CONTROL(x)   bt->io->outputb(bt->io, 0, x)
 131
 132#define BMC2HOST        bt->io->inputb(bt->io, 1)
 133#define HOST2BMC(x)     bt->io->outputb(bt->io, 1, x)
 134
 135#define BT_INTMASK_R    bt->io->inputb(bt->io, 2)
 136#define BT_INTMASK_W(x) bt->io->outputb(bt->io, 2, x)
 137
 138/*
 139 * Convenience routines for debugging.  These are not multi-open safe!
 140 * Note the macros have hardcoded variables in them.
 141 */
 142
 143static char *state2txt(unsigned char state)
 144{
 145        switch (state) {
 146        case BT_STATE_IDLE:             return("IDLE");
 147        case BT_STATE_XACTION_START:    return("XACTION");
 148        case BT_STATE_WRITE_BYTES:      return("WR_BYTES");
 149        case BT_STATE_WRITE_CONSUME:    return("WR_CONSUME");
 150        case BT_STATE_READ_WAIT:        return("RD_WAIT");
 151        case BT_STATE_CLEAR_B2H:        return("CLEAR_B2H");
 152        case BT_STATE_READ_BYTES:       return("RD_BYTES");
 153        case BT_STATE_RESET1:           return("RESET1");
 154        case BT_STATE_RESET2:           return("RESET2");
 155        case BT_STATE_RESET3:           return("RESET3");
 156        case BT_STATE_RESTART:          return("RESTART");
 157        case BT_STATE_LONG_BUSY:        return("LONG_BUSY");
 158        case BT_STATE_CAPABILITIES_BEGIN: return("CAP_BEGIN");
 159        case BT_STATE_CAPABILITIES_END: return("CAP_END");
 160        }
 161        return("BAD STATE");
 162}
 163#define STATE2TXT state2txt(bt->state)
 164
 165static char *status2txt(unsigned char status)
 166{
 167        /*
 168         * This cannot be called by two threads at the same time and
 169         * the buffer is always consumed immediately, so the static is
 170         * safe to use.
 171         */
 172        static char buf[40];
 173
 174        strcpy(buf, "[ ");
 175        if (status & BT_B_BUSY)
 176                strcat(buf, "B_BUSY ");
 177        if (status & BT_H_BUSY)
 178                strcat(buf, "H_BUSY ");
 179        if (status & BT_OEM0)
 180                strcat(buf, "OEM0 ");
 181        if (status & BT_SMS_ATN)
 182                strcat(buf, "SMS ");
 183        if (status & BT_B2H_ATN)
 184                strcat(buf, "B2H ");
 185        if (status & BT_H2B_ATN)
 186                strcat(buf, "H2B ");
 187        strcat(buf, "]");
 188        return buf;
 189}
 190#define STATUS2TXT status2txt(status)
 191
 192/* called externally at insmod time, and internally on cleanup */
 193
 194static unsigned int bt_init_data(struct si_sm_data *bt, struct si_sm_io *io)
 195{
 196        memset(bt, 0, sizeof(struct si_sm_data));
 197        if (bt->io != io) {
 198                /* external: one-time only things */
 199                bt->io = io;
 200                bt->seq = 0;
 201        }
 202        bt->state = BT_STATE_IDLE;      /* start here */
 203        bt->complete = BT_STATE_IDLE;   /* end here */
 204        bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * USEC_PER_SEC;
 205        bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT;
 206        /* BT_CAP_outreqs == zero is a flag to read BT Capabilities */
 207        return 3; /* We claim 3 bytes of space; ought to check SPMI table */
 208}
 209
 210/* Jam a completion code (probably an error) into a response */
 211
 212static void force_result(struct si_sm_data *bt, unsigned char completion_code)
 213{
 214        bt->read_data[0] = 4;                           /* # following bytes */
 215        bt->read_data[1] = bt->write_data[1] | 4;       /* Odd NetFn/LUN */
 216        bt->read_data[2] = bt->write_data[2];           /* seq (ignored) */
 217        bt->read_data[3] = bt->write_data[3];           /* Command */
 218        bt->read_data[4] = completion_code;
 219        bt->read_count = 5;
 220}
 221
 222/* The upper state machine starts here */
 223
 224static int bt_start_transaction(struct si_sm_data *bt,
 225                                unsigned char *data,
 226                                unsigned int size)
 227{
 228        unsigned int i;
 229
 230        if (size < 2)
 231                return IPMI_REQ_LEN_INVALID_ERR;
 232        if (size > IPMI_MAX_MSG_LENGTH)
 233                return IPMI_REQ_LEN_EXCEEDED_ERR;
 234
 235        if (bt->state == BT_STATE_LONG_BUSY)
 236                return IPMI_NODE_BUSY_ERR;
 237
 238        if (bt->state != BT_STATE_IDLE)
 239                return IPMI_NOT_IN_MY_STATE_ERR;
 240
 241        if (bt_debug & BT_DEBUG_MSG) {
 242                printk(KERN_WARNING "BT: +++++++++++++++++ New command\n");
 243                printk(KERN_WARNING "BT: NetFn/LUN CMD [%d data]:", size - 2);
 244                for (i = 0; i < size; i ++)
 245                        printk(" %02x", data[i]);
 246                printk("\n");
 247        }
 248        bt->write_data[0] = size + 1;   /* all data plus seq byte */
 249        bt->write_data[1] = *data;      /* NetFn/LUN */
 250        bt->write_data[2] = bt->seq++;
 251        memcpy(bt->write_data + 3, data + 1, size - 1);
 252        bt->write_count = size + 2;
 253        bt->error_retries = 0;
 254        bt->nonzero_status = 0;
 255        bt->truncated = 0;
 256        bt->state = BT_STATE_XACTION_START;
 257        bt->timeout = bt->BT_CAP_req2rsp;
 258        force_result(bt, IPMI_ERR_UNSPECIFIED);
 259        return 0;
 260}
 261
 262/*
 263 * After the upper state machine has been told SI_SM_TRANSACTION_COMPLETE
 264 * it calls this.  Strip out the length and seq bytes.
 265 */
 266
 267static int bt_get_result(struct si_sm_data *bt,
 268                         unsigned char *data,
 269                         unsigned int length)
 270{
 271        int i, msg_len;
 272
 273        msg_len = bt->read_count - 2;           /* account for length & seq */
 274        if (msg_len < 3 || msg_len > IPMI_MAX_MSG_LENGTH) {
 275                force_result(bt, IPMI_ERR_UNSPECIFIED);
 276                msg_len = 3;
 277        }
 278        data[0] = bt->read_data[1];
 279        data[1] = bt->read_data[3];
 280        if (length < msg_len || bt->truncated) {
 281                data[2] = IPMI_ERR_MSG_TRUNCATED;
 282                msg_len = 3;
 283        } else
 284                memcpy(data + 2, bt->read_data + 4, msg_len - 2);
 285
 286        if (bt_debug & BT_DEBUG_MSG) {
 287                printk(KERN_WARNING "BT: result %d bytes:", msg_len);
 288                for (i = 0; i < msg_len; i++)
 289                        printk(" %02x", data[i]);
 290                printk("\n");
 291        }
 292        return msg_len;
 293}
 294
 295/* This bit's functionality is optional */
 296#define BT_BMC_HWRST    0x80
 297
 298static void reset_flags(struct si_sm_data *bt)
 299{
 300        if (bt_debug)
 301                printk(KERN_WARNING "IPMI BT: flag reset %s\n",
 302                                        status2txt(BT_STATUS));
 303        if (BT_STATUS & BT_H_BUSY)
 304                BT_CONTROL(BT_H_BUSY);  /* force clear */
 305        BT_CONTROL(BT_CLR_WR_PTR);      /* always reset */
 306        BT_CONTROL(BT_SMS_ATN);         /* always clear */
 307        BT_INTMASK_W(BT_BMC_HWRST);
 308}
 309
 310/*
 311 * Get rid of an unwanted/stale response.  This should only be needed for
 312 * BMCs that support multiple outstanding requests.
 313 */
 314
 315static void drain_BMC2HOST(struct si_sm_data *bt)
 316{
 317        int i, size;
 318
 319        if (!(BT_STATUS & BT_B2H_ATN))  /* Not signalling a response */
 320                return;
 321
 322        BT_CONTROL(BT_H_BUSY);          /* now set */
 323        BT_CONTROL(BT_B2H_ATN);         /* always clear */
 324        BT_STATUS;                      /* pause */
 325        BT_CONTROL(BT_B2H_ATN);         /* some BMCs are stubborn */
 326        BT_CONTROL(BT_CLR_RD_PTR);      /* always reset */
 327        if (bt_debug)
 328                printk(KERN_WARNING "IPMI BT: stale response %s; ",
 329                        status2txt(BT_STATUS));
 330        size = BMC2HOST;
 331        for (i = 0; i < size ; i++)
 332                BMC2HOST;
 333        BT_CONTROL(BT_H_BUSY);          /* now clear */
 334        if (bt_debug)
 335                printk("drained %d bytes\n", size + 1);
 336}
 337
 338static inline void write_all_bytes(struct si_sm_data *bt)
 339{
 340        int i;
 341
 342        if (bt_debug & BT_DEBUG_MSG) {
 343                printk(KERN_WARNING "BT: write %d bytes seq=0x%02X",
 344                        bt->write_count, bt->seq);
 345                for (i = 0; i < bt->write_count; i++)
 346                        printk(" %02x", bt->write_data[i]);
 347                printk("\n");
 348        }
 349        for (i = 0; i < bt->write_count; i++)
 350                HOST2BMC(bt->write_data[i]);
 351}
 352
 353static inline int read_all_bytes(struct si_sm_data *bt)
 354{
 355        unsigned int i;
 356
 357        /*
 358         * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
 359         * Keep layout of first four bytes aligned with write_data[]
 360         */
 361
 362        bt->read_data[0] = BMC2HOST;
 363        bt->read_count = bt->read_data[0];
 364
 365        if (bt->read_count < 4 || bt->read_count >= IPMI_MAX_MSG_LENGTH) {
 366                if (bt_debug & BT_DEBUG_MSG)
 367                        printk(KERN_WARNING "BT: bad raw rsp len=%d\n",
 368                                bt->read_count);
 369                bt->truncated = 1;
 370                return 1;       /* let next XACTION START clean it up */
 371        }
 372        for (i = 1; i <= bt->read_count; i++)
 373                bt->read_data[i] = BMC2HOST;
 374        bt->read_count++;       /* Account internally for length byte */
 375
 376        if (bt_debug & BT_DEBUG_MSG) {
 377                int max = bt->read_count;
 378
 379                printk(KERN_WARNING "BT: got %d bytes seq=0x%02X",
 380                        max, bt->read_data[2]);
 381                if (max > 16)
 382                        max = 16;
 383                for (i = 0; i < max; i++)
 384                        printk(KERN_CONT " %02x", bt->read_data[i]);
 385                printk(KERN_CONT "%s\n", bt->read_count == max ? "" : " ...");
 386        }
 387
 388        /* per the spec, the (NetFn[1], Seq[2], Cmd[3]) tuples must match */
 389        if ((bt->read_data[3] == bt->write_data[3]) &&
 390            (bt->read_data[2] == bt->write_data[2]) &&
 391            ((bt->read_data[1] & 0xF8) == (bt->write_data[1] & 0xF8)))
 392                        return 1;
 393
 394        if (bt_debug & BT_DEBUG_MSG)
 395                printk(KERN_WARNING "IPMI BT: bad packet: "
 396                "want 0x(%02X, %02X, %02X) got (%02X, %02X, %02X)\n",
 397                bt->write_data[1] | 0x04, bt->write_data[2], bt->write_data[3],
 398                bt->read_data[1],  bt->read_data[2],  bt->read_data[3]);
 399        return 0;
 400}
 401
 402/* Restart if retries are left, or return an error completion code */
 403
 404static enum si_sm_result error_recovery(struct si_sm_data *bt,
 405                                        unsigned char status,
 406                                        unsigned char cCode)
 407{
 408        char *reason;
 409
 410        bt->timeout = bt->BT_CAP_req2rsp;
 411
 412        switch (cCode) {
 413        case IPMI_TIMEOUT_ERR:
 414                reason = "timeout";
 415                break;
 416        default:
 417                reason = "internal error";
 418                break;
 419        }
 420
 421        printk(KERN_WARNING "IPMI BT: %s in %s %s ",    /* open-ended line */
 422                reason, STATE2TXT, STATUS2TXT);
 423
 424        /*
 425         * Per the IPMI spec, retries are based on the sequence number
 426         * known only to this module, so manage a restart here.
 427         */
 428        (bt->error_retries)++;
 429        if (bt->error_retries < bt->BT_CAP_retries) {
 430                printk("%d retries left\n",
 431                        bt->BT_CAP_retries - bt->error_retries);
 432                bt->state = BT_STATE_RESTART;
 433                return SI_SM_CALL_WITHOUT_DELAY;
 434        }
 435
 436        printk(KERN_WARNING "failed %d retries, sending error response\n",
 437               bt->BT_CAP_retries);
 438        if (!bt->nonzero_status)
 439                printk(KERN_ERR "IPMI BT: stuck, try power cycle\n");
 440
 441        /* this is most likely during insmod */
 442        else if (bt->seq <= (unsigned char)(bt->BT_CAP_retries & 0xFF)) {
 443                printk(KERN_WARNING "IPMI: BT reset (takes 5 secs)\n");
 444                bt->state = BT_STATE_RESET1;
 445                return SI_SM_CALL_WITHOUT_DELAY;
 446        }
 447
 448        /*
 449         * Concoct a useful error message, set up the next state, and
 450         * be done with this sequence.
 451         */
 452
 453        bt->state = BT_STATE_IDLE;
 454        switch (cCode) {
 455        case IPMI_TIMEOUT_ERR:
 456                if (status & BT_B_BUSY) {
 457                        cCode = IPMI_NODE_BUSY_ERR;
 458                        bt->state = BT_STATE_LONG_BUSY;
 459                }
 460                break;
 461        default:
 462                break;
 463        }
 464        force_result(bt, cCode);
 465        return SI_SM_TRANSACTION_COMPLETE;
 466}
 467
 468/* Check status and (usually) take action and change this state machine. */
 469
 470static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
 471{
 472        unsigned char status, BT_CAP[8];
 473        static enum bt_states last_printed = BT_STATE_PRINTME;
 474        int i;
 475
 476        status = BT_STATUS;
 477        bt->nonzero_status |= status;
 478        if ((bt_debug & BT_DEBUG_STATES) && (bt->state != last_printed)) {
 479                printk(KERN_WARNING "BT: %s %s TO=%ld - %ld \n",
 480                        STATE2TXT,
 481                        STATUS2TXT,
 482                        bt->timeout,
 483                        time);
 484                last_printed = bt->state;
 485        }
 486
 487        /*
 488         * Commands that time out may still (eventually) provide a response.
 489         * This stale response will get in the way of a new response so remove
 490         * it if possible (hopefully during IDLE).  Even if it comes up later
 491         * it will be rejected by its (now-forgotten) seq number.
 492         */
 493
 494        if ((bt->state < BT_STATE_WRITE_BYTES) && (status & BT_B2H_ATN)) {
 495                drain_BMC2HOST(bt);
 496                BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
 497        }
 498
 499        if ((bt->state != BT_STATE_IDLE) &&
 500            (bt->state <  BT_STATE_PRINTME)) {
 501                /* check timeout */
 502                bt->timeout -= time;
 503                if ((bt->timeout < 0) && (bt->state < BT_STATE_RESET1))
 504                        return error_recovery(bt,
 505                                              status,
 506                                              IPMI_TIMEOUT_ERR);
 507        }
 508
 509        switch (bt->state) {
 510
 511        /*
 512         * Idle state first checks for asynchronous messages from another
 513         * channel, then does some opportunistic housekeeping.
 514         */
 515
 516        case BT_STATE_IDLE:
 517                if (status & BT_SMS_ATN) {
 518                        BT_CONTROL(BT_SMS_ATN); /* clear it */
 519                        return SI_SM_ATTN;
 520                }
 521
 522                if (status & BT_H_BUSY)         /* clear a leftover H_BUSY */
 523                        BT_CONTROL(BT_H_BUSY);
 524
 525                /* Read BT capabilities if it hasn't been done yet */
 526                if (!bt->BT_CAP_outreqs)
 527                        BT_STATE_CHANGE(BT_STATE_CAPABILITIES_BEGIN,
 528                                        SI_SM_CALL_WITHOUT_DELAY);
 529                bt->timeout = bt->BT_CAP_req2rsp;
 530                BT_SI_SM_RETURN(SI_SM_IDLE);
 531
 532        case BT_STATE_XACTION_START:
 533                if (status & (BT_B_BUSY | BT_H2B_ATN))
 534                        BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
 535                if (BT_STATUS & BT_H_BUSY)
 536                        BT_CONTROL(BT_H_BUSY);  /* force clear */
 537                BT_STATE_CHANGE(BT_STATE_WRITE_BYTES,
 538                                SI_SM_CALL_WITHOUT_DELAY);
 539
 540        case BT_STATE_WRITE_BYTES:
 541                if (status & BT_H_BUSY)
 542                        BT_CONTROL(BT_H_BUSY);  /* clear */
 543                BT_CONTROL(BT_CLR_WR_PTR);
 544                write_all_bytes(bt);
 545                BT_CONTROL(BT_H2B_ATN); /* can clear too fast to catch */
 546                BT_STATE_CHANGE(BT_STATE_WRITE_CONSUME,
 547                                SI_SM_CALL_WITHOUT_DELAY);
 548
 549        case BT_STATE_WRITE_CONSUME:
 550                if (status & (BT_B_BUSY | BT_H2B_ATN))
 551                        BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
 552                BT_STATE_CHANGE(BT_STATE_READ_WAIT,
 553                                SI_SM_CALL_WITHOUT_DELAY);
 554
 555        /* Spinning hard can suppress B2H_ATN and force a timeout */
 556
 557        case BT_STATE_READ_WAIT:
 558                if (!(status & BT_B2H_ATN))
 559                        BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
 560                BT_CONTROL(BT_H_BUSY);          /* set */
 561
 562                /*
 563                 * Uncached, ordered writes should just proceed serially but
 564                 * some BMCs don't clear B2H_ATN with one hit.  Fast-path a
 565                 * workaround without too much penalty to the general case.
 566                 */
 567
 568                BT_CONTROL(BT_B2H_ATN);         /* clear it to ACK the BMC */
 569                BT_STATE_CHANGE(BT_STATE_CLEAR_B2H,
 570                                SI_SM_CALL_WITHOUT_DELAY);
 571
 572        case BT_STATE_CLEAR_B2H:
 573                if (status & BT_B2H_ATN) {
 574                        /* keep hitting it */
 575                        BT_CONTROL(BT_B2H_ATN);
 576                        BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
 577                }
 578                BT_STATE_CHANGE(BT_STATE_READ_BYTES,
 579                                SI_SM_CALL_WITHOUT_DELAY);
 580
 581        case BT_STATE_READ_BYTES:
 582                if (!(status & BT_H_BUSY))
 583                        /* check in case of retry */
 584                        BT_CONTROL(BT_H_BUSY);
 585                BT_CONTROL(BT_CLR_RD_PTR);      /* start of BMC2HOST buffer */
 586                i = read_all_bytes(bt);         /* true == packet seq match */
 587                BT_CONTROL(BT_H_BUSY);          /* NOW clear */
 588                if (!i)                         /* Not my message */
 589                        BT_STATE_CHANGE(BT_STATE_READ_WAIT,
 590                                        SI_SM_CALL_WITHOUT_DELAY);
 591                bt->state = bt->complete;
 592                return bt->state == BT_STATE_IDLE ?     /* where to next? */
 593                        SI_SM_TRANSACTION_COMPLETE :    /* normal */
 594                        SI_SM_CALL_WITHOUT_DELAY;       /* Startup magic */
 595
 596        case BT_STATE_LONG_BUSY:        /* For example: after FW update */
 597                if (!(status & BT_B_BUSY)) {
 598                        reset_flags(bt);        /* next state is now IDLE */
 599                        bt_init_data(bt, bt->io);
 600                }
 601                return SI_SM_CALL_WITH_DELAY;   /* No repeat printing */
 602
 603        case BT_STATE_RESET1:
 604                reset_flags(bt);
 605                drain_BMC2HOST(bt);
 606                BT_STATE_CHANGE(BT_STATE_RESET2,
 607                                SI_SM_CALL_WITH_DELAY);
 608
 609        case BT_STATE_RESET2:           /* Send a soft reset */
 610                BT_CONTROL(BT_CLR_WR_PTR);
 611                HOST2BMC(3);            /* number of bytes following */
 612                HOST2BMC(0x18);         /* NetFn/LUN == Application, LUN 0 */
 613                HOST2BMC(42);           /* Sequence number */
 614                HOST2BMC(3);            /* Cmd == Soft reset */
 615                BT_CONTROL(BT_H2B_ATN);
 616                bt->timeout = BT_RESET_DELAY * USEC_PER_SEC;
 617                BT_STATE_CHANGE(BT_STATE_RESET3,
 618                                SI_SM_CALL_WITH_DELAY);
 619
 620        case BT_STATE_RESET3:           /* Hold off everything for a bit */
 621                if (bt->timeout > 0)
 622                        return SI_SM_CALL_WITH_DELAY;
 623                drain_BMC2HOST(bt);
 624                BT_STATE_CHANGE(BT_STATE_RESTART,
 625                                SI_SM_CALL_WITH_DELAY);
 626
 627        case BT_STATE_RESTART:          /* don't reset retries or seq! */
 628                bt->read_count = 0;
 629                bt->nonzero_status = 0;
 630                bt->timeout = bt->BT_CAP_req2rsp;
 631                BT_STATE_CHANGE(BT_STATE_XACTION_START,
 632                                SI_SM_CALL_WITH_DELAY);
 633
 634        /*
 635         * Get BT Capabilities, using timing of upper level state machine.
 636         * Set outreqs to prevent infinite loop on timeout.
 637         */
 638        case BT_STATE_CAPABILITIES_BEGIN:
 639                bt->BT_CAP_outreqs = 1;
 640                {
 641                        unsigned char GetBT_CAP[] = { 0x18, 0x36 };
 642                        bt->state = BT_STATE_IDLE;
 643                        bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP));
 644                }
 645                bt->complete = BT_STATE_CAPABILITIES_END;
 646                BT_STATE_CHANGE(BT_STATE_XACTION_START,
 647                                SI_SM_CALL_WITH_DELAY);
 648
 649        case BT_STATE_CAPABILITIES_END:
 650                i = bt_get_result(bt, BT_CAP, sizeof(BT_CAP));
 651                bt_init_data(bt, bt->io);
 652                if ((i == 8) && !BT_CAP[2]) {
 653                        bt->BT_CAP_outreqs = BT_CAP[3];
 654                        bt->BT_CAP_req2rsp = BT_CAP[6] * USEC_PER_SEC;
 655                        bt->BT_CAP_retries = BT_CAP[7];
 656                } else
 657                        printk(KERN_WARNING "IPMI BT: using default values\n");
 658                if (!bt->BT_CAP_outreqs)
 659                        bt->BT_CAP_outreqs = 1;
 660                printk(KERN_WARNING "IPMI BT: req2rsp=%ld secs retries=%d\n",
 661                        bt->BT_CAP_req2rsp / USEC_PER_SEC, bt->BT_CAP_retries);
 662                bt->timeout = bt->BT_CAP_req2rsp;
 663                return SI_SM_CALL_WITHOUT_DELAY;
 664
 665        default:        /* should never occur */
 666                return error_recovery(bt,
 667                                      status,
 668                                      IPMI_ERR_UNSPECIFIED);
 669        }
 670        return SI_SM_CALL_WITH_DELAY;
 671}
 672
 673static int bt_detect(struct si_sm_data *bt)
 674{
 675        /*
 676         * It's impossible for the BT status and interrupt registers to be
 677         * all 1's, (assuming a properly functioning, self-initialized BMC)
 678         * but that's what you get from reading a bogus address, so we
 679         * test that first.  The calling routine uses negative logic.
 680         */
 681
 682        if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF))
 683                return 1;
 684        reset_flags(bt);
 685        return 0;
 686}
 687
 688static void bt_cleanup(struct si_sm_data *bt)
 689{
 690}
 691
 692static int bt_size(void)
 693{
 694        return sizeof(struct si_sm_data);
 695}
 696
 697const struct si_sm_handlers bt_smi_handlers = {
 698        .init_data              = bt_init_data,
 699        .start_transaction      = bt_start_transaction,
 700        .get_result             = bt_get_result,
 701        .event                  = bt_event,
 702        .detect                 = bt_detect,
 703        .cleanup                = bt_cleanup,
 704        .size                   = bt_size,
 705};
 706