LXR linux/drivers/char/ipmi/ipmi_bt

   1// SPDX-License-Identifier: GPL-2.0+
   2/*
   3 *  ipmi_bt_sm.c
   4 *
   5 *  The state machine for an Open IPMI BT sub-driver under ipmi_si.c, part
   6 *  of the driver architecture at http://sourceforge.net/projects/openipmi 
   7 *
   8 *  Author:     Rocky Craig <first.last@hp.com>
   9 */
  10
  11#define DEBUG /* So dev_dbg() is always available. */
  12
  13#include <linux/kernel.h> /* For printk. */
  14#include <linux/string.h>
  15#include <linux/module.h>
  16#include <linux/moduleparam.h>
  17#include <linux/ipmi_msgdefs.h>         /* for completion codes */
  18#include "ipmi_si_sm.h"
  19
  20#define BT_DEBUG_OFF    0       /* Used in production */
  21#define BT_DEBUG_ENABLE 1       /* Generic messages */
  22#define BT_DEBUG_MSG    2       /* Prints all request/response buffers */
  23#define BT_DEBUG_STATES 4       /* Verbose look at state changes */
  24/*
  25 * BT_DEBUG_OFF must be zero to correspond to the default uninitialized
  26 * value
  27 */
  28
  29static int bt_debug; /* 0 == BT_DEBUG_OFF */
  30
  31module_param(bt_debug, int, 0644);
  32MODULE_PARM_DESC(bt_debug, "debug bitmask, 1=enable, 2=messages, 4=states");
  33
  34/*
  35 * Typical "Get BT Capabilities" values are 2-3 retries, 5-10 seconds,
  36 * and 64 byte buffers.  However, one HP implementation wants 255 bytes of
  37 * buffer (with a documented message of 160 bytes) so go for the max.
  38 * Since the Open IPMI architecture is single-message oriented at this
  39 * stage, the queue depth of BT is of no concern.
  40 */
  41
  42#define BT_NORMAL_TIMEOUT       5       /* seconds */
  43#define BT_NORMAL_RETRY_LIMIT   2
  44#define BT_RESET_DELAY          6       /* seconds after warm reset */
  45
  46/*
  47 * States are written in chronological order and usually cover
  48 * multiple rows of the state table discussion in the IPMI spec.
  49 */
  50
  51enum bt_states {
  52        BT_STATE_IDLE = 0,      /* Order is critical in this list */
  53        BT_STATE_XACTION_START,
  54        BT_STATE_WRITE_BYTES,
  55        BT_STATE_WRITE_CONSUME,
  56        BT_STATE_READ_WAIT,
  57        BT_STATE_CLEAR_B2H,
  58        BT_STATE_READ_BYTES,
  59        BT_STATE_RESET1,        /* These must come last */
  60        BT_STATE_RESET2,
  61        BT_STATE_RESET3,
  62        BT_STATE_RESTART,
  63        BT_STATE_PRINTME,
  64        BT_STATE_LONG_BUSY      /* BT doesn't get hosed :-) */
  65};
  66
  67/*
  68 * Macros seen at the end of state "case" blocks.  They help with legibility
  69 * and debugging.
  70 */
  71
  72#define BT_STATE_CHANGE(X, Y) { bt->state = X; return Y; }
  73
  74#define BT_SI_SM_RETURN(Y)   { last_printed = BT_STATE_PRINTME; return Y; }
  75
  76struct si_sm_data {
  77        enum bt_states  state;
  78        unsigned char   seq;            /* BT sequence number */
  79        struct si_sm_io *io;
  80        unsigned char   write_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
  81        int             write_count;
  82        unsigned char   read_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
  83        int             read_count;
  84        int             truncated;
  85        long            timeout;        /* microseconds countdown */
  86        int             error_retries;  /* end of "common" fields */
  87        int             nonzero_status; /* hung BMCs stay all 0 */
  88        enum bt_states  complete;       /* to divert the state machine */
  89        long            BT_CAP_req2rsp;
  90        int             BT_CAP_retries; /* Recommended retries */
  91};
  92
  93#define BT_CLR_WR_PTR   0x01    /* See IPMI 1.5 table 11.6.4 */
  94#define BT_CLR_RD_PTR   0x02
  95#define BT_H2B_ATN      0x04
  96#define BT_B2H_ATN      0x08
  97#define BT_SMS_ATN      0x10
  98#define BT_OEM0         0x20
  99#define BT_H_BUSY       0x40
 100#define BT_B_BUSY       0x80
 101
 102/*
 103 * Some bits are toggled on each write: write once to set it, once
 104 * more to clear it; writing a zero does nothing.  To absolutely
 105 * clear it, check its state and write if set.  This avoids the "get
 106 * current then use as mask" scheme to modify one bit.  Note that the
 107 * variable "bt" is hardcoded into these macros.
 108 */
 109
 110#define BT_STATUS       bt->io->inputb(bt->io, 0)
 111#define BT_CONTROL(x)   bt->io->outputb(bt->io, 0, x)
 112
 113#define BMC2HOST        bt->io->inputb(bt->io, 1)
 114#define HOST2BMC(x)     bt->io->outputb(bt->io, 1, x)
 115
 116#define BT_INTMASK_R    bt->io->inputb(bt->io, 2)
 117#define BT_INTMASK_W(x) bt->io->outputb(bt->io, 2, x)
 118
 119/*
 120 * Convenience routines for debugging.  These are not multi-open safe!
 121 * Note the macros have hardcoded variables in them.
 122 */
 123
 124static char *state2txt(unsigned char state)
 125{
 126        switch (state) {
 127        case BT_STATE_IDLE:             return("IDLE");
 128        case BT_STATE_XACTION_START:    return("XACTION");
 129        case BT_STATE_WRITE_BYTES:      return("WR_BYTES");
 130        case BT_STATE_WRITE_CONSUME:    return("WR_CONSUME");
 131        case BT_STATE_READ_WAIT:        return("RD_WAIT");
 132        case BT_STATE_CLEAR_B2H:        return("CLEAR_B2H");
 133        case BT_STATE_READ_BYTES:       return("RD_BYTES");
 134        case BT_STATE_RESET1:           return("RESET1");
 135        case BT_STATE_RESET2:           return("RESET2");
 136        case BT_STATE_RESET3:           return("RESET3");
 137        case BT_STATE_RESTART:          return("RESTART");
 138        case BT_STATE_LONG_BUSY:        return("LONG_BUSY");
 139        }
 140        return("BAD STATE");
 141}
 142#define STATE2TXT state2txt(bt->state)
 143
 144static char *status2txt(unsigned char status)
 145{
 146        /*
 147         * This cannot be called by two threads at the same time and
 148         * the buffer is always consumed immediately, so the static is
 149         * safe to use.
 150         */
 151        static char buf[40];
 152
 153        strcpy(buf, "[ ");
 154        if (status & BT_B_BUSY)
 155                strcat(buf, "B_BUSY ");
 156        if (status & BT_H_BUSY)
 157                strcat(buf, "H_BUSY ");
 158        if (status & BT_OEM0)
 159                strcat(buf, "OEM0 ");
 160        if (status & BT_SMS_ATN)
 161                strcat(buf, "SMS ");
 162        if (status & BT_B2H_ATN)
 163                strcat(buf, "B2H ");
 164        if (status & BT_H2B_ATN)
 165                strcat(buf, "H2B ");
 166        strcat(buf, "]");
 167        return buf;
 168}
 169#define STATUS2TXT status2txt(status)
 170
 171/* called externally at insmod time, and internally on cleanup */
 172
 173static unsigned int bt_init_data(struct si_sm_data *bt, struct si_sm_io *io)
 174{
 175        memset(bt, 0, sizeof(struct si_sm_data));
 176        if (bt->io != io) {
 177                /* external: one-time only things */
 178                bt->io = io;
 179                bt->seq = 0;
 180        }
 181        bt->state = BT_STATE_IDLE;      /* start here */
 182        bt->complete = BT_STATE_IDLE;   /* end here */
 183        bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * USEC_PER_SEC;
 184        bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT;
 185        return 3; /* We claim 3 bytes of space; ought to check SPMI table */
 186}
 187
 188/* Jam a completion code (probably an error) into a response */
 189
 190static void force_result(struct si_sm_data *bt, unsigned char completion_code)
 191{
 192        bt->read_data[0] = 4;                           /* # following bytes */
 193        bt->read_data[1] = bt->write_data[1] | 4;       /* Odd NetFn/LUN */
 194        bt->read_data[2] = bt->write_data[2];           /* seq (ignored) */
 195        bt->read_data[3] = bt->write_data[3];           /* Command */
 196        bt->read_data[4] = completion_code;
 197        bt->read_count = 5;
 198}
 199
 200/* The upper state machine starts here */
 201
 202static int bt_start_transaction(struct si_sm_data *bt,
 203                                unsigned char *data,
 204                                unsigned int size)
 205{
 206        unsigned int i;
 207
 208        if (size < 2)
 209                return IPMI_REQ_LEN_INVALID_ERR;
 210        if (size > IPMI_MAX_MSG_LENGTH)
 211                return IPMI_REQ_LEN_EXCEEDED_ERR;
 212
 213        if (bt->state == BT_STATE_LONG_BUSY)
 214                return IPMI_NODE_BUSY_ERR;
 215
 216        if (bt->state != BT_STATE_IDLE) {
 217                dev_warn(bt->io->dev, "BT in invalid state %d\n", bt->state);
 218                return IPMI_NOT_IN_MY_STATE_ERR;
 219        }
 220
 221        if (bt_debug & BT_DEBUG_MSG) {
 222                dev_dbg(bt->io->dev, "+++++++++++++++++ New command\n");
 223                dev_dbg(bt->io->dev, "NetFn/LUN CMD [%d data]:", size - 2);
 224                for (i = 0; i < size; i ++)
 225                        pr_cont(" %02x", data[i]);
 226                pr_cont("\n");
 227        }
 228        bt->write_data[0] = size + 1;   /* all data plus seq byte */
 229        bt->write_data[1] = *data;      /* NetFn/LUN */
 230        bt->write_data[2] = bt->seq++;
 231        memcpy(bt->write_data + 3, data + 1, size - 1);
 232        bt->write_count = size + 2;
 233        bt->error_retries = 0;
 234        bt->nonzero_status = 0;
 235        bt->truncated = 0;
 236        bt->state = BT_STATE_XACTION_START;
 237        bt->timeout = bt->BT_CAP_req2rsp;
 238        force_result(bt, IPMI_ERR_UNSPECIFIED);
 239        return 0;
 240}
 241
 242/*
 243 * After the upper state machine has been told SI_SM_TRANSACTION_COMPLETE
 244 * it calls this.  Strip out the length and seq bytes.
 245 */
 246
 247static int bt_get_result(struct si_sm_data *bt,
 248                         unsigned char *data,
 249                         unsigned int length)
 250{
 251        int i, msg_len;
 252
 253        msg_len = bt->read_count - 2;           /* account for length & seq */
 254        if (msg_len < 3 || msg_len > IPMI_MAX_MSG_LENGTH) {
 255                force_result(bt, IPMI_ERR_UNSPECIFIED);
 256                msg_len = 3;
 257        }
 258        data[0] = bt->read_data[1];
 259        data[1] = bt->read_data[3];
 260        if (length < msg_len || bt->truncated) {
 261                data[2] = IPMI_ERR_MSG_TRUNCATED;
 262                msg_len = 3;
 263        } else
 264                memcpy(data + 2, bt->read_data + 4, msg_len - 2);
 265
 266        if (bt_debug & BT_DEBUG_MSG) {
 267                dev_dbg(bt->io->dev, "result %d bytes:", msg_len);
 268                for (i = 0; i < msg_len; i++)
 269                        pr_cont(" %02x", data[i]);
 270                pr_cont("\n");
 271        }
 272        return msg_len;
 273}
 274
 275/* This bit's functionality is optional */
 276#define BT_BMC_HWRST    0x80
 277
 278static void reset_flags(struct si_sm_data *bt)
 279{
 280        if (bt_debug)
 281                dev_dbg(bt->io->dev, "flag reset %s\n", status2txt(BT_STATUS));
 282        if (BT_STATUS & BT_H_BUSY)
 283                BT_CONTROL(BT_H_BUSY);  /* force clear */
 284        BT_CONTROL(BT_CLR_WR_PTR);      /* always reset */
 285        BT_CONTROL(BT_SMS_ATN);         /* always clear */
 286        BT_INTMASK_W(BT_BMC_HWRST);
 287}
 288
 289/*
 290 * Get rid of an unwanted/stale response.  This should only be needed for
 291 * BMCs that support multiple outstanding requests.
 292 */
 293
 294static void drain_BMC2HOST(struct si_sm_data *bt)
 295{
 296        int i, size;
 297
 298        if (!(BT_STATUS & BT_B2H_ATN))  /* Not signalling a response */
 299                return;
 300
 301        BT_CONTROL(BT_H_BUSY);          /* now set */
 302        BT_CONTROL(BT_B2H_ATN);         /* always clear */
 303        BT_STATUS;                      /* pause */
 304        BT_CONTROL(BT_B2H_ATN);         /* some BMCs are stubborn */
 305        BT_CONTROL(BT_CLR_RD_PTR);      /* always reset */
 306        if (bt_debug)
 307                dev_dbg(bt->io->dev, "stale response %s; ",
 308                        status2txt(BT_STATUS));
 309        size = BMC2HOST;
 310        for (i = 0; i < size ; i++)
 311                BMC2HOST;
 312        BT_CONTROL(BT_H_BUSY);          /* now clear */
 313        if (bt_debug)
 314                pr_cont("drained %d bytes\n", size + 1);
 315}
 316
 317static inline void write_all_bytes(struct si_sm_data *bt)
 318{
 319        int i;
 320
 321        if (bt_debug & BT_DEBUG_MSG) {
 322                dev_dbg(bt->io->dev, "write %d bytes seq=0x%02X",
 323                        bt->write_count, bt->seq);
 324                for (i = 0; i < bt->write_count; i++)
 325                        pr_cont(" %02x", bt->write_data[i]);
 326                pr_cont("\n");
 327        }
 328        for (i = 0; i < bt->write_count; i++)
 329                HOST2BMC(bt->write_data[i]);
 330}
 331
 332static inline int read_all_bytes(struct si_sm_data *bt)
 333{
 334        unsigned int i;
 335
 336        /*
 337         * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
 338         * Keep layout of first four bytes aligned with write_data[]
 339         */
 340
 341        bt->read_data[0] = BMC2HOST;
 342        bt->read_count = bt->read_data[0];
 343
 344        if (bt->read_count < 4 || bt->read_count >= IPMI_MAX_MSG_LENGTH) {
 345                if (bt_debug & BT_DEBUG_MSG)
 346                        dev_dbg(bt->io->dev,
 347                                "bad raw rsp len=%d\n", bt->read_count);
 348                bt->truncated = 1;
 349                return 1;       /* let next XACTION START clean it up */
 350        }
 351        for (i = 1; i <= bt->read_count; i++)
 352                bt->read_data[i] = BMC2HOST;
 353        bt->read_count++;       /* Account internally for length byte */
 354
 355        if (bt_debug & BT_DEBUG_MSG) {
 356                int max = bt->read_count;
 357
 358                dev_dbg(bt->io->dev,
 359                        "got %d bytes seq=0x%02X", max, bt->read_data[2]);
 360                if (max > 16)
 361                        max = 16;
 362                for (i = 0; i < max; i++)
 363                        pr_cont(" %02x", bt->read_data[i]);
 364                pr_cont("%s\n", bt->read_count == max ? "" : " ...");
 365        }
 366
 367        /* per the spec, the (NetFn[1], Seq[2], Cmd[3]) tuples must match */
 368        if ((bt->read_data[3] == bt->write_data[3]) &&
 369            (bt->read_data[2] == bt->write_data[2]) &&
 370            ((bt->read_data[1] & 0xF8) == (bt->write_data[1] & 0xF8)))
 371                        return 1;
 372
 373        if (bt_debug & BT_DEBUG_MSG)
 374                dev_dbg(bt->io->dev,
 375                        "IPMI BT: bad packet: want 0x(%02X, %02X, %02X) got (%02X, %02X, %02X)\n",
 376                        bt->write_data[1] | 0x04, bt->write_data[2],
 377                        bt->write_data[3],
 378                        bt->read_data[1],  bt->read_data[2],  bt->read_data[3]);
 379        return 0;
 380}
 381
 382/* Restart if retries are left, or return an error completion code */
 383
 384static enum si_sm_result error_recovery(struct si_sm_data *bt,
 385                                        unsigned char status,
 386                                        unsigned char cCode)
 387{
 388        char *reason;
 389
 390        bt->timeout = bt->BT_CAP_req2rsp;
 391
 392        switch (cCode) {
 393        case IPMI_TIMEOUT_ERR:
 394                reason = "timeout";
 395                break;
 396        default:
 397                reason = "internal error";
 398                break;
 399        }
 400
 401        dev_warn(bt->io->dev, "IPMI BT: %s in %s %s ", /* open-ended line */
 402                 reason, STATE2TXT, STATUS2TXT);
 403
 404        /*
 405         * Per the IPMI spec, retries are based on the sequence number
 406         * known only to this module, so manage a restart here.
 407         */
 408        (bt->error_retries)++;
 409        if (bt->error_retries < bt->BT_CAP_retries) {
 410                pr_cont("%d retries left\n",
 411                        bt->BT_CAP_retries - bt->error_retries);
 412                bt->state = BT_STATE_RESTART;
 413                return SI_SM_CALL_WITHOUT_DELAY;
 414        }
 415
 416        dev_warn(bt->io->dev, "failed %d retries, sending error response\n",
 417                 bt->BT_CAP_retries);
 418        if (!bt->nonzero_status)
 419                dev_err(bt->io->dev, "stuck, try power cycle\n");
 420
 421        /* this is most likely during insmod */
 422        else if (bt->seq <= (unsigned char)(bt->BT_CAP_retries & 0xFF)) {
 423                dev_warn(bt->io->dev, "BT reset (takes 5 secs)\n");
 424                bt->state = BT_STATE_RESET1;
 425                return SI_SM_CALL_WITHOUT_DELAY;
 426        }
 427
 428        /*
 429         * Concoct a useful error message, set up the next state, and
 430         * be done with this sequence.
 431         */
 432
 433        bt->state = BT_STATE_IDLE;
 434        switch (cCode) {
 435        case IPMI_TIMEOUT_ERR:
 436                if (status & BT_B_BUSY) {
 437                        cCode = IPMI_NODE_BUSY_ERR;
 438                        bt->state = BT_STATE_LONG_BUSY;
 439                }
 440                break;
 441        default:
 442                break;
 443        }
 444        force_result(bt, cCode);
 445        return SI_SM_TRANSACTION_COMPLETE;
 446}
 447
 448/* Check status and (usually) take action and change this state machine. */
 449
 450static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
 451{
 452        unsigned char status;
 453        static enum bt_states last_printed = BT_STATE_PRINTME;
 454        int i;
 455
 456        status = BT_STATUS;
 457        bt->nonzero_status |= status;
 458        if ((bt_debug & BT_DEBUG_STATES) && (bt->state != last_printed)) {
 459                dev_dbg(bt->io->dev, "BT: %s %s TO=%ld - %ld\n",
 460                        STATE2TXT,
 461                        STATUS2TXT,
 462                        bt->timeout,
 463                        time);
 464                last_printed = bt->state;
 465        }
 466
 467        /*
 468         * Commands that time out may still (eventually) provide a response.
 469         * This stale response will get in the way of a new response so remove
 470         * it if possible (hopefully during IDLE).  Even if it comes up later
 471         * it will be rejected by its (now-forgotten) seq number.
 472         */
 473
 474        if ((bt->state < BT_STATE_WRITE_BYTES) && (status & BT_B2H_ATN)) {
 475                drain_BMC2HOST(bt);
 476                BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
 477        }
 478
 479        if ((bt->state != BT_STATE_IDLE) &&
 480            (bt->state <  BT_STATE_PRINTME)) {
 481                /* check timeout */
 482                bt->timeout -= time;
 483                if ((bt->timeout < 0) && (bt->state < BT_STATE_RESET1))
 484                        return error_recovery(bt,
 485                                              status,
 486                                              IPMI_TIMEOUT_ERR);
 487        }
 488
 489        switch (bt->state) {
 490
 491        /*
 492         * Idle state first checks for asynchronous messages from another
 493         * channel, then does some opportunistic housekeeping.
 494         */
 495
 496        case BT_STATE_IDLE:
 497                if (status & BT_SMS_ATN) {
 498                        BT_CONTROL(BT_SMS_ATN); /* clear it */
 499                        return SI_SM_ATTN;
 500                }
 501
 502                if (status & BT_H_BUSY)         /* clear a leftover H_BUSY */
 503                        BT_CONTROL(BT_H_BUSY);
 504
 505                BT_SI_SM_RETURN(SI_SM_IDLE);
 506
 507        case BT_STATE_XACTION_START:
 508                if (status & (BT_B_BUSY | BT_H2B_ATN))
 509                        BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
 510                if (BT_STATUS & BT_H_BUSY)
 511                        BT_CONTROL(BT_H_BUSY);  /* force clear */
 512                BT_STATE_CHANGE(BT_STATE_WRITE_BYTES,
 513                                SI_SM_CALL_WITHOUT_DELAY);
 514
 515        case BT_STATE_WRITE_BYTES:
 516                if (status & BT_H_BUSY)
 517                        BT_CONTROL(BT_H_BUSY);  /* clear */
 518                BT_CONTROL(BT_CLR_WR_PTR);
 519                write_all_bytes(bt);
 520                BT_CONTROL(BT_H2B_ATN); /* can clear too fast to catch */
 521                BT_STATE_CHANGE(BT_STATE_WRITE_CONSUME,
 522                                SI_SM_CALL_WITHOUT_DELAY);
 523
 524        case BT_STATE_WRITE_CONSUME:
 525                if (status & (BT_B_BUSY | BT_H2B_ATN))
 526                        BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
 527                BT_STATE_CHANGE(BT_STATE_READ_WAIT,
 528                                SI_SM_CALL_WITHOUT_DELAY);
 529
 530        /* Spinning hard can suppress B2H_ATN and force a timeout */
 531
 532        case BT_STATE_READ_WAIT:
 533                if (!(status & BT_B2H_ATN))
 534                        BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
 535                BT_CONTROL(BT_H_BUSY);          /* set */
 536
 537                /*
 538                 * Uncached, ordered writes should just proceed serially but
 539                 * some BMCs don't clear B2H_ATN with one hit.  Fast-path a
 540                 * workaround without too much penalty to the general case.
 541                 */
 542
 543                BT_CONTROL(BT_B2H_ATN);         /* clear it to ACK the BMC */
 544                BT_STATE_CHANGE(BT_STATE_CLEAR_B2H,
 545                                SI_SM_CALL_WITHOUT_DELAY);
 546
 547        case BT_STATE_CLEAR_B2H:
 548                if (status & BT_B2H_ATN) {
 549                        /* keep hitting it */
 550                        BT_CONTROL(BT_B2H_ATN);
 551                        BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
 552                }
 553                BT_STATE_CHANGE(BT_STATE_READ_BYTES,
 554                                SI_SM_CALL_WITHOUT_DELAY);
 555
 556        case BT_STATE_READ_BYTES:
 557                if (!(status & BT_H_BUSY))
 558                        /* check in case of retry */
 559                        BT_CONTROL(BT_H_BUSY);
 560                BT_CONTROL(BT_CLR_RD_PTR);      /* start of BMC2HOST buffer */
 561                i = read_all_bytes(bt);         /* true == packet seq match */
 562                BT_CONTROL(BT_H_BUSY);          /* NOW clear */
 563                if (!i)                         /* Not my message */
 564                        BT_STATE_CHANGE(BT_STATE_READ_WAIT,
 565                                        SI_SM_CALL_WITHOUT_DELAY);
 566                bt->state = bt->complete;
 567                return bt->state == BT_STATE_IDLE ?     /* where to next? */
 568                        SI_SM_TRANSACTION_COMPLETE :    /* normal */
 569                        SI_SM_CALL_WITHOUT_DELAY;       /* Startup magic */
 570
 571        case BT_STATE_LONG_BUSY:        /* For example: after FW update */
 572                if (!(status & BT_B_BUSY)) {
 573                        reset_flags(bt);        /* next state is now IDLE */
 574                        bt_init_data(bt, bt->io);
 575                }
 576                return SI_SM_CALL_WITH_DELAY;   /* No repeat printing */
 577
 578        case BT_STATE_RESET1:
 579                reset_flags(bt);
 580                drain_BMC2HOST(bt);
 581                BT_STATE_CHANGE(BT_STATE_RESET2,
 582                                SI_SM_CALL_WITH_DELAY);
 583
 584        case BT_STATE_RESET2:           /* Send a soft reset */
 585                BT_CONTROL(BT_CLR_WR_PTR);
 586                HOST2BMC(3);            /* number of bytes following */
 587                HOST2BMC(0x18);         /* NetFn/LUN == Application, LUN 0 */
 588                HOST2BMC(42);           /* Sequence number */
 589                HOST2BMC(3);            /* Cmd == Soft reset */
 590                BT_CONTROL(BT_H2B_ATN);
 591                bt->timeout = BT_RESET_DELAY * USEC_PER_SEC;
 592                BT_STATE_CHANGE(BT_STATE_RESET3,
 593                                SI_SM_CALL_WITH_DELAY);
 594
 595        case BT_STATE_RESET3:           /* Hold off everything for a bit */
 596                if (bt->timeout > 0)
 597                        return SI_SM_CALL_WITH_DELAY;
 598                drain_BMC2HOST(bt);
 599                BT_STATE_CHANGE(BT_STATE_RESTART,
 600                                SI_SM_CALL_WITH_DELAY);
 601
 602        case BT_STATE_RESTART:          /* don't reset retries or seq! */
 603                bt->read_count = 0;
 604                bt->nonzero_status = 0;
 605                bt->timeout = bt->BT_CAP_req2rsp;
 606                BT_STATE_CHANGE(BT_STATE_XACTION_START,
 607                                SI_SM_CALL_WITH_DELAY);
 608
 609        default:        /* should never occur */
 610                return error_recovery(bt,
 611                                      status,
 612                                      IPMI_ERR_UNSPECIFIED);
 613        }
 614        return SI_SM_CALL_WITH_DELAY;
 615}
 616
 617static int bt_detect(struct si_sm_data *bt)
 618{
 619        unsigned char GetBT_CAP[] = { 0x18, 0x36 };
 620        unsigned char BT_CAP[8];
 621        enum si_sm_result smi_result;
 622        int rv;
 623
 624        /*
 625         * It's impossible for the BT status and interrupt registers to be
 626         * all 1's, (assuming a properly functioning, self-initialized BMC)
 627         * but that's what you get from reading a bogus address, so we
 628         * test that first.  The calling routine uses negative logic.
 629         */
 630
 631        if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF))
 632                return 1;
 633        reset_flags(bt);
 634
 635        /*
 636         * Try getting the BT capabilities here.
 637         */
 638        rv = bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP));
 639        if (rv) {
 640                dev_warn(bt->io->dev,
 641                         "Can't start capabilities transaction: %d\n", rv);
 642                goto out_no_bt_cap;
 643        }
 644
 645        smi_result = SI_SM_CALL_WITHOUT_DELAY;
 646        for (;;) {
 647                if (smi_result == SI_SM_CALL_WITH_DELAY ||
 648                    smi_result == SI_SM_CALL_WITH_TICK_DELAY) {
 649                        schedule_timeout_uninterruptible(1);
 650                        smi_result = bt_event(bt, jiffies_to_usecs(1));
 651                } else if (smi_result == SI_SM_CALL_WITHOUT_DELAY) {
 652                        smi_result = bt_event(bt, 0);
 653                } else
 654                        break;
 655        }
 656
 657        rv = bt_get_result(bt, BT_CAP, sizeof(BT_CAP));
 658        bt_init_data(bt, bt->io);
 659        if (rv < 8) {
 660                dev_warn(bt->io->dev, "bt cap response too short: %d\n", rv);
 661                goto out_no_bt_cap;
 662        }
 663
 664        if (BT_CAP[2]) {
 665                dev_warn(bt->io->dev, "Error fetching bt cap: %x\n", BT_CAP[2]);
 666out_no_bt_cap:
 667                dev_warn(bt->io->dev, "using default values\n");
 668        } else {
 669                bt->BT_CAP_req2rsp = BT_CAP[6] * USEC_PER_SEC;
 670                bt->BT_CAP_retries = BT_CAP[7];
 671        }
 672
 673        dev_info(bt->io->dev, "req2rsp=%ld secs retries=%d\n",
 674                 bt->BT_CAP_req2rsp / USEC_PER_SEC, bt->BT_CAP_retries);
 675
 676        return 0;
 677}
 678
 679static void bt_cleanup(struct si_sm_data *bt)
 680{
 681}
 682
 683static int bt_size(void)
 684{
 685        return sizeof(struct si_sm_data);
 686}
 687
 688const struct si_sm_handlers bt_smi_handlers = {
 689        .init_data              = bt_init_data,
 690        .start_transaction      = bt_start_transaction,
 691        .get_result             = bt_get_result,
 692        .event                  = bt_event,
 693        .detect                 = bt_detect,
 694        .cleanup                = bt_cleanup,
 695        .size                   = bt_size,
 696};
 697