[PATCH] ipmi: add per-channel IPMB addresses
[linux-2.6.git] / drivers / char / ipmi / ipmi_msghandler.c
1 /*
2  * ipmi_msghandler.c
3  *
4  * Incoming and outgoing message routing for an IPMI interface.
5  *
6  * Author: MontaVista Software, Inc.
7  *         Corey Minyard <minyard@mvista.com>
8  *         source@mvista.com
9  *
10  * Copyright 2002 MontaVista Software Inc.
11  *
12  *  This program is free software; you can redistribute it and/or modify it
13  *  under the terms of the GNU General Public License as published by the
14  *  Free Software Foundation; either version 2 of the License, or (at your
15  *  option) any later version.
16  *
17  *
18  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
19  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21  *  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22  *  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23  *  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
24  *  OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25  *  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
26  *  TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
27  *  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  *
29  *  You should have received a copy of the GNU General Public License along
30  *  with this program; if not, write to the Free Software Foundation, Inc.,
31  *  675 Mass Ave, Cambridge, MA 02139, USA.
32  */
33
34 #include <linux/config.h>
35 #include <linux/module.h>
36 #include <linux/errno.h>
37 #include <asm/system.h>
38 #include <linux/sched.h>
39 #include <linux/poll.h>
40 #include <linux/spinlock.h>
41 #include <linux/rwsem.h>
42 #include <linux/slab.h>
43 #include <linux/ipmi.h>
44 #include <linux/ipmi_smi.h>
45 #include <linux/notifier.h>
46 #include <linux/init.h>
47 #include <linux/proc_fs.h>
48
49 #define PFX "IPMI message handler: "
50 #define IPMI_MSGHANDLER_VERSION "v33"
51
52 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void);
53 static int ipmi_init_msghandler(void);
54
55 static int initialized = 0;
56
57 #ifdef CONFIG_PROC_FS
58 struct proc_dir_entry *proc_ipmi_root = NULL;
59 #endif /* CONFIG_PROC_FS */
60
61 #define MAX_EVENTS_IN_QUEUE     25
62
63 /* Don't let a message sit in a queue forever, always time it with at lest
64    the max message timer.  This is in milliseconds. */
65 #define MAX_MSG_TIMEOUT         60000
66
67 struct ipmi_user
68 {
69         struct list_head link;
70
71         /* The upper layer that handles receive messages. */
72         struct ipmi_user_hndl *handler;
73         void             *handler_data;
74
75         /* The interface this user is bound to. */
76         ipmi_smi_t intf;
77
78         /* Does this interface receive IPMI events? */
79         int gets_events;
80 };
81
82 struct cmd_rcvr
83 {
84         struct list_head link;
85
86         ipmi_user_t   user;
87         unsigned char netfn;
88         unsigned char cmd;
89 };
90
91 struct seq_table
92 {
93         unsigned int         inuse : 1;
94         unsigned int         broadcast : 1;
95
96         unsigned long        timeout;
97         unsigned long        orig_timeout;
98         unsigned int         retries_left;
99
100         /* To verify on an incoming send message response that this is
101            the message that the response is for, we keep a sequence id
102            and increment it every time we send a message. */
103         long                 seqid;
104
105         /* This is held so we can properly respond to the message on a
106            timeout, and it is used to hold the temporary data for
107            retransmission, too. */
108         struct ipmi_recv_msg *recv_msg;
109 };
110
111 /* Store the information in a msgid (long) to allow us to find a
112    sequence table entry from the msgid. */
113 #define STORE_SEQ_IN_MSGID(seq, seqid) (((seq&0xff)<<26) | (seqid&0x3ffffff))
114
115 #define GET_SEQ_FROM_MSGID(msgid, seq, seqid) \
116         do {                                                            \
117                 seq = ((msgid >> 26) & 0x3f);                           \
118                 seqid = (msgid & 0x3fffff);                             \
119         } while(0)
120
121 #define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3fffff)
122
123 struct ipmi_channel
124 {
125         unsigned char medium;
126         unsigned char protocol;
127
128         /* My slave address.  This is initialized to IPMI_BMC_SLAVE_ADDR,
129            but may be changed by the user. */
130         unsigned char address;
131
132         /* My LUN.  This should generally stay the SMS LUN, but just in
133            case... */
134         unsigned char lun;
135 };
136
137 #ifdef CONFIG_PROC_FS
138 struct ipmi_proc_entry
139 {
140         char                   *name;
141         struct ipmi_proc_entry *next;
142 };
143 #endif
144
145 #define IPMI_IPMB_NUM_SEQ       64
146 #define IPMI_MAX_CHANNELS       16
147 struct ipmi_smi
148 {
149         /* What interface number are we? */
150         int intf_num;
151
152         /* The list of upper layers that are using me.  We read-lock
153            this when delivering messages to the upper layer to keep
154            the user from going away while we are processing the
155            message.  This means that you cannot add or delete a user
156            from the receive callback. */
157         rwlock_t                users_lock;
158         struct list_head        users;
159
160         /* Used for wake ups at startup. */
161         wait_queue_head_t waitq;
162
163         /* The IPMI version of the BMC on the other end. */
164         unsigned char       version_major;
165         unsigned char       version_minor;
166
167         /* This is the lower-layer's sender routine. */
168         struct ipmi_smi_handlers *handlers;
169         void                     *send_info;
170
171 #ifdef CONFIG_PROC_FS
172         /* A list of proc entries for this interface.  This does not
173            need a lock, only one thread creates it and only one thread
174            destroys it. */
175         spinlock_t             proc_entry_lock;
176         struct ipmi_proc_entry *proc_entries;
177 #endif
178
179         /* A table of sequence numbers for this interface.  We use the
180            sequence numbers for IPMB messages that go out of the
181            interface to match them up with their responses.  A routine
182            is called periodically to time the items in this list. */
183         spinlock_t       seq_lock;
184         struct seq_table seq_table[IPMI_IPMB_NUM_SEQ];
185         int curr_seq;
186
187         /* Messages that were delayed for some reason (out of memory,
188            for instance), will go in here to be processed later in a
189            periodic timer interrupt. */
190         spinlock_t       waiting_msgs_lock;
191         struct list_head waiting_msgs;
192
193         /* The list of command receivers that are registered for commands
194            on this interface. */
195         rwlock_t         cmd_rcvr_lock;
196         struct list_head cmd_rcvrs;
197
198         /* Events that were queues because no one was there to receive
199            them. */
200         spinlock_t       events_lock; /* For dealing with event stuff. */
201         struct list_head waiting_events;
202         unsigned int     waiting_events_count; /* How many events in queue? */
203
204         /* This will be non-null if someone registers to receive all
205            IPMI commands (this is for interface emulation).  There
206            may not be any things in the cmd_rcvrs list above when
207            this is registered. */
208         ipmi_user_t all_cmd_rcvr;
209
210         /* The event receiver for my BMC, only really used at panic
211            shutdown as a place to store this. */
212         unsigned char event_receiver;
213         unsigned char event_receiver_lun;
214         unsigned char local_sel_device;
215         unsigned char local_event_generator;
216
217         /* A cheap hack, if this is non-null and a message to an
218            interface comes in with a NULL user, call this routine with
219            it.  Note that the message will still be freed by the
220            caller.  This only works on the system interface. */
221         void (*null_user_handler)(ipmi_smi_t intf, struct ipmi_smi_msg *msg);
222
223         /* When we are scanning the channels for an SMI, this will
224            tell which channel we are scanning. */
225         int curr_channel;
226
227         /* Channel information */
228         struct ipmi_channel channels[IPMI_MAX_CHANNELS];
229
230         /* Proc FS stuff. */
231         struct proc_dir_entry *proc_dir;
232         char                  proc_dir_name[10];
233
234         spinlock_t   counter_lock; /* For making counters atomic. */
235
236         /* Commands we got that were invalid. */
237         unsigned int sent_invalid_commands;
238
239         /* Commands we sent to the MC. */
240         unsigned int sent_local_commands;
241         /* Responses from the MC that were delivered to a user. */
242         unsigned int handled_local_responses;
243         /* Responses from the MC that were not delivered to a user. */
244         unsigned int unhandled_local_responses;
245
246         /* Commands we sent out to the IPMB bus. */
247         unsigned int sent_ipmb_commands;
248         /* Commands sent on the IPMB that had errors on the SEND CMD */
249         unsigned int sent_ipmb_command_errs;
250         /* Each retransmit increments this count. */
251         unsigned int retransmitted_ipmb_commands;
252         /* When a message times out (runs out of retransmits) this is
253            incremented. */
254         unsigned int timed_out_ipmb_commands;
255
256         /* This is like above, but for broadcasts.  Broadcasts are
257            *not* included in the above count (they are expected to
258            time out). */
259         unsigned int timed_out_ipmb_broadcasts;
260
261         /* Responses I have sent to the IPMB bus. */
262         unsigned int sent_ipmb_responses;
263
264         /* The response was delivered to the user. */
265         unsigned int handled_ipmb_responses;
266         /* The response had invalid data in it. */
267         unsigned int invalid_ipmb_responses;
268         /* The response didn't have anyone waiting for it. */
269         unsigned int unhandled_ipmb_responses;
270
271         /* Commands we sent out to the IPMB bus. */
272         unsigned int sent_lan_commands;
273         /* Commands sent on the IPMB that had errors on the SEND CMD */
274         unsigned int sent_lan_command_errs;
275         /* Each retransmit increments this count. */
276         unsigned int retransmitted_lan_commands;
277         /* When a message times out (runs out of retransmits) this is
278            incremented. */
279         unsigned int timed_out_lan_commands;
280
281         /* Responses I have sent to the IPMB bus. */
282         unsigned int sent_lan_responses;
283
284         /* The response was delivered to the user. */
285         unsigned int handled_lan_responses;
286         /* The response had invalid data in it. */
287         unsigned int invalid_lan_responses;
288         /* The response didn't have anyone waiting for it. */
289         unsigned int unhandled_lan_responses;
290
291         /* The command was delivered to the user. */
292         unsigned int handled_commands;
293         /* The command had invalid data in it. */
294         unsigned int invalid_commands;
295         /* The command didn't have anyone waiting for it. */
296         unsigned int unhandled_commands;
297
298         /* Invalid data in an event. */
299         unsigned int invalid_events;
300         /* Events that were received with the proper format. */
301         unsigned int events;
302 };
303
304 #define MAX_IPMI_INTERFACES 4
305 static ipmi_smi_t ipmi_interfaces[MAX_IPMI_INTERFACES];
306
307 /* Used to keep interfaces from going away while operations are
308    operating on interfaces.  Grab read if you are not modifying the
309    interfaces, write if you are. */
310 static DECLARE_RWSEM(interfaces_sem);
311
312 /* Directly protects the ipmi_interfaces data structure.  This is
313    claimed in the timer interrupt. */
314 static DEFINE_SPINLOCK(interfaces_lock);
315
316 /* List of watchers that want to know when smi's are added and
317    deleted. */
318 static struct list_head smi_watchers = LIST_HEAD_INIT(smi_watchers);
319 static DECLARE_RWSEM(smi_watchers_sem);
320
321 int ipmi_smi_watcher_register(struct ipmi_smi_watcher *watcher)
322 {
323         int i;
324
325         down_read(&interfaces_sem);
326         down_write(&smi_watchers_sem);
327         list_add(&(watcher->link), &smi_watchers);
328         for (i=0; i<MAX_IPMI_INTERFACES; i++) {
329                 if (ipmi_interfaces[i] != NULL) {
330                         watcher->new_smi(i);
331                 }
332         }
333         up_write(&smi_watchers_sem);
334         up_read(&interfaces_sem);
335         return 0;
336 }
337
338 int ipmi_smi_watcher_unregister(struct ipmi_smi_watcher *watcher)
339 {
340         down_write(&smi_watchers_sem);
341         list_del(&(watcher->link));
342         up_write(&smi_watchers_sem);
343         return 0;
344 }
345
346 static void
347 call_smi_watchers(int i)
348 {
349         struct ipmi_smi_watcher *w;
350
351         down_read(&smi_watchers_sem);
352         list_for_each_entry(w, &smi_watchers, link) {
353                 if (try_module_get(w->owner)) {
354                         w->new_smi(i);
355                         module_put(w->owner);
356                 }
357         }
358         up_read(&smi_watchers_sem);
359 }
360
361 static int
362 ipmi_addr_equal(struct ipmi_addr *addr1, struct ipmi_addr *addr2)
363 {
364         if (addr1->addr_type != addr2->addr_type)
365                 return 0;
366
367         if (addr1->channel != addr2->channel)
368                 return 0;
369
370         if (addr1->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
371                 struct ipmi_system_interface_addr *smi_addr1
372                     = (struct ipmi_system_interface_addr *) addr1;
373                 struct ipmi_system_interface_addr *smi_addr2
374                     = (struct ipmi_system_interface_addr *) addr2;
375                 return (smi_addr1->lun == smi_addr2->lun);
376         }
377
378         if ((addr1->addr_type == IPMI_IPMB_ADDR_TYPE)
379             || (addr1->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
380         {
381                 struct ipmi_ipmb_addr *ipmb_addr1
382                     = (struct ipmi_ipmb_addr *) addr1;
383                 struct ipmi_ipmb_addr *ipmb_addr2
384                     = (struct ipmi_ipmb_addr *) addr2;
385
386                 return ((ipmb_addr1->slave_addr == ipmb_addr2->slave_addr)
387                         && (ipmb_addr1->lun == ipmb_addr2->lun));
388         }
389
390         if (addr1->addr_type == IPMI_LAN_ADDR_TYPE) {
391                 struct ipmi_lan_addr *lan_addr1
392                         = (struct ipmi_lan_addr *) addr1;
393                 struct ipmi_lan_addr *lan_addr2
394                     = (struct ipmi_lan_addr *) addr2;
395
396                 return ((lan_addr1->remote_SWID == lan_addr2->remote_SWID)
397                         && (lan_addr1->local_SWID == lan_addr2->local_SWID)
398                         && (lan_addr1->session_handle
399                             == lan_addr2->session_handle)
400                         && (lan_addr1->lun == lan_addr2->lun));
401         }
402
403         return 1;
404 }
405
406 int ipmi_validate_addr(struct ipmi_addr *addr, int len)
407 {
408         if (len < sizeof(struct ipmi_system_interface_addr)) {
409                 return -EINVAL;
410         }
411
412         if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
413                 if (addr->channel != IPMI_BMC_CHANNEL)
414                         return -EINVAL;
415                 return 0;
416         }
417
418         if ((addr->channel == IPMI_BMC_CHANNEL)
419             || (addr->channel >= IPMI_NUM_CHANNELS)
420             || (addr->channel < 0))
421                 return -EINVAL;
422
423         if ((addr->addr_type == IPMI_IPMB_ADDR_TYPE)
424             || (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
425         {
426                 if (len < sizeof(struct ipmi_ipmb_addr)) {
427                         return -EINVAL;
428                 }
429                 return 0;
430         }
431
432         if (addr->addr_type == IPMI_LAN_ADDR_TYPE) {
433                 if (len < sizeof(struct ipmi_lan_addr)) {
434                         return -EINVAL;
435                 }
436                 return 0;
437         }
438
439         return -EINVAL;
440 }
441
442 unsigned int ipmi_addr_length(int addr_type)
443 {
444         if (addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
445                 return sizeof(struct ipmi_system_interface_addr);
446
447         if ((addr_type == IPMI_IPMB_ADDR_TYPE)
448             || (addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
449         {
450                 return sizeof(struct ipmi_ipmb_addr);
451         }
452
453         if (addr_type == IPMI_LAN_ADDR_TYPE)
454                 return sizeof(struct ipmi_lan_addr);
455
456         return 0;
457 }
458
459 static void deliver_response(struct ipmi_recv_msg *msg)
460 {
461         msg->user->handler->ipmi_recv_hndl(msg, msg->user->handler_data);
462 }
463
464 /* Find the next sequence number not being used and add the given
465    message with the given timeout to the sequence table.  This must be
466    called with the interface's seq_lock held. */
467 static int intf_next_seq(ipmi_smi_t           intf,
468                          struct ipmi_recv_msg *recv_msg,
469                          unsigned long        timeout,
470                          int                  retries,
471                          int                  broadcast,
472                          unsigned char        *seq,
473                          long                 *seqid)
474 {
475         int          rv = 0;
476         unsigned int i;
477
478         for (i=intf->curr_seq;
479              (i+1)%IPMI_IPMB_NUM_SEQ != intf->curr_seq;
480              i=(i+1)%IPMI_IPMB_NUM_SEQ)
481         {
482                 if (! intf->seq_table[i].inuse)
483                         break;
484         }
485
486         if (! intf->seq_table[i].inuse) {
487                 intf->seq_table[i].recv_msg = recv_msg;
488
489                 /* Start with the maximum timeout, when the send response
490                    comes in we will start the real timer. */
491                 intf->seq_table[i].timeout = MAX_MSG_TIMEOUT;
492                 intf->seq_table[i].orig_timeout = timeout;
493                 intf->seq_table[i].retries_left = retries;
494                 intf->seq_table[i].broadcast = broadcast;
495                 intf->seq_table[i].inuse = 1;
496                 intf->seq_table[i].seqid = NEXT_SEQID(intf->seq_table[i].seqid);
497                 *seq = i;
498                 *seqid = intf->seq_table[i].seqid;
499                 intf->curr_seq = (i+1)%IPMI_IPMB_NUM_SEQ;
500         } else {
501                 rv = -EAGAIN;
502         }
503         
504         return rv;
505 }
506
507 /* Return the receive message for the given sequence number and
508    release the sequence number so it can be reused.  Some other data
509    is passed in to be sure the message matches up correctly (to help
510    guard against message coming in after their timeout and the
511    sequence number being reused). */
512 static int intf_find_seq(ipmi_smi_t           intf,
513                          unsigned char        seq,
514                          short                channel,
515                          unsigned char        cmd,
516                          unsigned char        netfn,
517                          struct ipmi_addr     *addr,
518                          struct ipmi_recv_msg **recv_msg)
519 {
520         int           rv = -ENODEV;
521         unsigned long flags;
522
523         if (seq >= IPMI_IPMB_NUM_SEQ)
524                 return -EINVAL;
525
526         spin_lock_irqsave(&(intf->seq_lock), flags);
527         if (intf->seq_table[seq].inuse) {
528                 struct ipmi_recv_msg *msg = intf->seq_table[seq].recv_msg;
529
530                 if ((msg->addr.channel == channel)
531                     && (msg->msg.cmd == cmd)
532                     && (msg->msg.netfn == netfn)
533                     && (ipmi_addr_equal(addr, &(msg->addr))))
534                 {
535                         *recv_msg = msg;
536                         intf->seq_table[seq].inuse = 0;
537                         rv = 0;
538                 }
539         }
540         spin_unlock_irqrestore(&(intf->seq_lock), flags);
541
542         return rv;
543 }
544
545
546 /* Start the timer for a specific sequence table entry. */
547 static int intf_start_seq_timer(ipmi_smi_t intf,
548                                 long       msgid)
549 {
550         int           rv = -ENODEV;
551         unsigned long flags;
552         unsigned char seq;
553         unsigned long seqid;
554
555
556         GET_SEQ_FROM_MSGID(msgid, seq, seqid);
557
558         spin_lock_irqsave(&(intf->seq_lock), flags);
559         /* We do this verification because the user can be deleted
560            while a message is outstanding. */
561         if ((intf->seq_table[seq].inuse)
562             && (intf->seq_table[seq].seqid == seqid))
563         {
564                 struct seq_table *ent = &(intf->seq_table[seq]);
565                 ent->timeout = ent->orig_timeout;
566                 rv = 0;
567         }
568         spin_unlock_irqrestore(&(intf->seq_lock), flags);
569
570         return rv;
571 }
572
573 /* Got an error for the send message for a specific sequence number. */
574 static int intf_err_seq(ipmi_smi_t   intf,
575                         long         msgid,
576                         unsigned int err)
577 {
578         int                  rv = -ENODEV;
579         unsigned long        flags;
580         unsigned char        seq;
581         unsigned long        seqid;
582         struct ipmi_recv_msg *msg = NULL;
583
584
585         GET_SEQ_FROM_MSGID(msgid, seq, seqid);
586
587         spin_lock_irqsave(&(intf->seq_lock), flags);
588         /* We do this verification because the user can be deleted
589            while a message is outstanding. */
590         if ((intf->seq_table[seq].inuse)
591             && (intf->seq_table[seq].seqid == seqid))
592         {
593                 struct seq_table *ent = &(intf->seq_table[seq]);
594
595                 ent->inuse = 0;
596                 msg = ent->recv_msg;
597                 rv = 0;
598         }
599         spin_unlock_irqrestore(&(intf->seq_lock), flags);
600
601         if (msg) {
602                 msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
603                 msg->msg_data[0] = err;
604                 msg->msg.netfn |= 1; /* Convert to a response. */
605                 msg->msg.data_len = 1;
606                 msg->msg.data = msg->msg_data;
607                 deliver_response(msg);
608         }
609
610         return rv;
611 }
612
613
614 int ipmi_create_user(unsigned int          if_num,
615                      struct ipmi_user_hndl *handler,
616                      void                  *handler_data,
617                      ipmi_user_t           *user)
618 {
619         unsigned long flags;
620         ipmi_user_t   new_user;
621         int           rv = 0;
622         ipmi_smi_t    intf;
623
624         /* There is no module usecount here, because it's not
625            required.  Since this can only be used by and called from
626            other modules, they will implicitly use this module, and
627            thus this can't be removed unless the other modules are
628            removed. */
629
630         if (handler == NULL)
631                 return -EINVAL;
632
633         /* Make sure the driver is actually initialized, this handles
634            problems with initialization order. */
635         if (!initialized) {
636                 rv = ipmi_init_msghandler();
637                 if (rv)
638                         return rv;
639
640                 /* The init code doesn't return an error if it was turned
641                    off, but it won't initialize.  Check that. */
642                 if (!initialized)
643                         return -ENODEV;
644         }
645
646         new_user = kmalloc(sizeof(*new_user), GFP_KERNEL);
647         if (! new_user)
648                 return -ENOMEM;
649
650         down_read(&interfaces_sem);
651         if ((if_num >= MAX_IPMI_INTERFACES) || ipmi_interfaces[if_num] == NULL)
652         {
653                 rv = -EINVAL;
654                 goto out_unlock;
655         }
656
657         intf = ipmi_interfaces[if_num];
658
659         new_user->handler = handler;
660         new_user->handler_data = handler_data;
661         new_user->intf = intf;
662         new_user->gets_events = 0;
663
664         if (!try_module_get(intf->handlers->owner)) {
665                 rv = -ENODEV;
666                 goto out_unlock;
667         }
668
669         if (intf->handlers->inc_usecount) {
670                 rv = intf->handlers->inc_usecount(intf->send_info);
671                 if (rv) {
672                         module_put(intf->handlers->owner);
673                         goto out_unlock;
674                 }
675         }
676
677         write_lock_irqsave(&intf->users_lock, flags);
678         list_add_tail(&new_user->link, &intf->users);
679         write_unlock_irqrestore(&intf->users_lock, flags);
680
681  out_unlock:    
682         if (rv) {
683                 kfree(new_user);
684         } else {
685                 *user = new_user;
686         }
687
688         up_read(&interfaces_sem);
689         return rv;
690 }
691
692 static int ipmi_destroy_user_nolock(ipmi_user_t user)
693 {
694         int              rv = -ENODEV;
695         ipmi_user_t      t_user;
696         struct cmd_rcvr  *rcvr, *rcvr2;
697         int              i;
698         unsigned long    flags;
699
700         /* Find the user and delete them from the list. */
701         list_for_each_entry(t_user, &(user->intf->users), link) {
702                 if (t_user == user) {
703                         list_del(&t_user->link);
704                         rv = 0;
705                         break;
706                 }
707         }
708
709         if (rv) {
710                 goto out_unlock;
711         }
712
713         /* Remove the user from the interfaces sequence table. */
714         spin_lock_irqsave(&(user->intf->seq_lock), flags);
715         for (i=0; i<IPMI_IPMB_NUM_SEQ; i++) {
716                 if (user->intf->seq_table[i].inuse
717                     && (user->intf->seq_table[i].recv_msg->user == user))
718                 {
719                         user->intf->seq_table[i].inuse = 0;
720                 }
721         }
722         spin_unlock_irqrestore(&(user->intf->seq_lock), flags);
723
724         /* Remove the user from the command receiver's table. */
725         write_lock_irqsave(&(user->intf->cmd_rcvr_lock), flags);
726         list_for_each_entry_safe(rcvr, rcvr2, &(user->intf->cmd_rcvrs), link) {
727                 if (rcvr->user == user) {
728                         list_del(&rcvr->link);
729                         kfree(rcvr);
730                 }
731         }
732         write_unlock_irqrestore(&(user->intf->cmd_rcvr_lock), flags);
733
734         kfree(user);
735
736  out_unlock:
737
738         return rv;
739 }
740
741 int ipmi_destroy_user(ipmi_user_t user)
742 {
743         int           rv;
744         ipmi_smi_t    intf = user->intf;
745         unsigned long flags;
746
747         down_read(&interfaces_sem);
748         write_lock_irqsave(&intf->users_lock, flags);
749         rv = ipmi_destroy_user_nolock(user);
750         if (!rv) {
751                 module_put(intf->handlers->owner);
752                 if (intf->handlers->dec_usecount)
753                         intf->handlers->dec_usecount(intf->send_info);
754         }
755                 
756         write_unlock_irqrestore(&intf->users_lock, flags);
757         up_read(&interfaces_sem);
758         return rv;
759 }
760
761 void ipmi_get_version(ipmi_user_t   user,
762                       unsigned char *major,
763                       unsigned char *minor)
764 {
765         *major = user->intf->version_major;
766         *minor = user->intf->version_minor;
767 }
768
769 int ipmi_set_my_address(ipmi_user_t   user,
770                         unsigned int  channel,
771                         unsigned char address)
772 {
773         if (channel >= IPMI_MAX_CHANNELS)
774                 return -EINVAL;
775         user->intf->channels[channel].address = address;
776         return 0;
777 }
778
779 int ipmi_get_my_address(ipmi_user_t   user,
780                         unsigned int  channel,
781                         unsigned char *address)
782 {
783         if (channel >= IPMI_MAX_CHANNELS)
784                 return -EINVAL;
785         *address = user->intf->channels[channel].address;
786         return 0;
787 }
788
789 int ipmi_set_my_LUN(ipmi_user_t   user,
790                     unsigned int  channel,
791                     unsigned char LUN)
792 {
793         if (channel >= IPMI_MAX_CHANNELS)
794                 return -EINVAL;
795         user->intf->channels[channel].lun = LUN & 0x3;
796         return 0;
797 }
798
799 int ipmi_get_my_LUN(ipmi_user_t   user,
800                     unsigned int  channel,
801                     unsigned char *address)
802 {
803         if (channel >= IPMI_MAX_CHANNELS)
804                 return -EINVAL;
805         *address = user->intf->channels[channel].lun;
806         return 0;
807 }
808
809 int ipmi_set_gets_events(ipmi_user_t user, int val)
810 {
811         unsigned long         flags;
812         struct ipmi_recv_msg  *msg, *msg2;
813
814         read_lock(&(user->intf->users_lock));
815         spin_lock_irqsave(&(user->intf->events_lock), flags);
816         user->gets_events = val;
817
818         if (val) {
819                 /* Deliver any queued events. */
820                 list_for_each_entry_safe(msg, msg2, &(user->intf->waiting_events), link) {
821                         list_del(&msg->link);
822                         msg->user = user;
823                         deliver_response(msg);
824                 }
825         }
826         
827         spin_unlock_irqrestore(&(user->intf->events_lock), flags);
828         read_unlock(&(user->intf->users_lock));
829
830         return 0;
831 }
832
833 int ipmi_register_for_cmd(ipmi_user_t   user,
834                           unsigned char netfn,
835                           unsigned char cmd)
836 {
837         struct cmd_rcvr  *cmp;
838         unsigned long    flags;
839         struct cmd_rcvr  *rcvr;
840         int              rv = 0;
841
842
843         rcvr = kmalloc(sizeof(*rcvr), GFP_KERNEL);
844         if (! rcvr)
845                 return -ENOMEM;
846
847         read_lock(&(user->intf->users_lock));
848         write_lock_irqsave(&(user->intf->cmd_rcvr_lock), flags);
849         if (user->intf->all_cmd_rcvr != NULL) {
850                 rv = -EBUSY;
851                 goto out_unlock;
852         }
853
854         /* Make sure the command/netfn is not already registered. */
855         list_for_each_entry(cmp, &(user->intf->cmd_rcvrs), link) {
856                 if ((cmp->netfn == netfn) && (cmp->cmd == cmd)) {
857                         rv = -EBUSY;
858                         break;
859                 }
860         }
861
862         if (! rv) {
863                 rcvr->cmd = cmd;
864                 rcvr->netfn = netfn;
865                 rcvr->user = user;
866                 list_add_tail(&(rcvr->link), &(user->intf->cmd_rcvrs));
867         }
868  out_unlock:
869         write_unlock_irqrestore(&(user->intf->cmd_rcvr_lock), flags);
870         read_unlock(&(user->intf->users_lock));
871
872         if (rv)
873                 kfree(rcvr);
874
875         return rv;
876 }
877
878 int ipmi_unregister_for_cmd(ipmi_user_t   user,
879                             unsigned char netfn,
880                             unsigned char cmd)
881 {
882         unsigned long    flags;
883         struct cmd_rcvr  *rcvr;
884         int              rv = -ENOENT;
885
886         read_lock(&(user->intf->users_lock));
887         write_lock_irqsave(&(user->intf->cmd_rcvr_lock), flags);
888         /* Make sure the command/netfn is not already registered. */
889         list_for_each_entry(rcvr, &(user->intf->cmd_rcvrs), link) {
890                 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)) {
891                         rv = 0;
892                         list_del(&rcvr->link);
893                         kfree(rcvr);
894                         break;
895                 }
896         }
897         write_unlock_irqrestore(&(user->intf->cmd_rcvr_lock), flags);
898         read_unlock(&(user->intf->users_lock));
899
900         return rv;
901 }
902
903 void ipmi_user_set_run_to_completion(ipmi_user_t user, int val)
904 {
905         user->intf->handlers->set_run_to_completion(user->intf->send_info,
906                                                     val);
907 }
908
909 static unsigned char
910 ipmb_checksum(unsigned char *data, int size)
911 {
912         unsigned char csum = 0;
913         
914         for (; size > 0; size--, data++)
915                 csum += *data;
916
917         return -csum;
918 }
919
920 static inline void format_ipmb_msg(struct ipmi_smi_msg   *smi_msg,
921                                    struct kernel_ipmi_msg *msg,
922                                    struct ipmi_ipmb_addr *ipmb_addr,
923                                    long                  msgid,
924                                    unsigned char         ipmb_seq,
925                                    int                   broadcast,
926                                    unsigned char         source_address,
927                                    unsigned char         source_lun)
928 {
929         int i = broadcast;
930
931         /* Format the IPMB header data. */
932         smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
933         smi_msg->data[1] = IPMI_SEND_MSG_CMD;
934         smi_msg->data[2] = ipmb_addr->channel;
935         if (broadcast)
936                 smi_msg->data[3] = 0;
937         smi_msg->data[i+3] = ipmb_addr->slave_addr;
938         smi_msg->data[i+4] = (msg->netfn << 2) | (ipmb_addr->lun & 0x3);
939         smi_msg->data[i+5] = ipmb_checksum(&(smi_msg->data[i+3]), 2);
940         smi_msg->data[i+6] = source_address;
941         smi_msg->data[i+7] = (ipmb_seq << 2) | source_lun;
942         smi_msg->data[i+8] = msg->cmd;
943
944         /* Now tack on the data to the message. */
945         if (msg->data_len > 0)
946                 memcpy(&(smi_msg->data[i+9]), msg->data,
947                        msg->data_len);
948         smi_msg->data_size = msg->data_len + 9;
949
950         /* Now calculate the checksum and tack it on. */
951         smi_msg->data[i+smi_msg->data_size]
952                 = ipmb_checksum(&(smi_msg->data[i+6]),
953                                 smi_msg->data_size-6);
954
955         /* Add on the checksum size and the offset from the
956            broadcast. */
957         smi_msg->data_size += 1 + i;
958
959         smi_msg->msgid = msgid;
960 }
961
962 static inline void format_lan_msg(struct ipmi_smi_msg   *smi_msg,
963                                   struct kernel_ipmi_msg *msg,
964                                   struct ipmi_lan_addr  *lan_addr,
965                                   long                  msgid,
966                                   unsigned char         ipmb_seq,
967                                   unsigned char         source_lun)
968 {
969         /* Format the IPMB header data. */
970         smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
971         smi_msg->data[1] = IPMI_SEND_MSG_CMD;
972         smi_msg->data[2] = lan_addr->channel;
973         smi_msg->data[3] = lan_addr->session_handle;
974         smi_msg->data[4] = lan_addr->remote_SWID;
975         smi_msg->data[5] = (msg->netfn << 2) | (lan_addr->lun & 0x3);
976         smi_msg->data[6] = ipmb_checksum(&(smi_msg->data[4]), 2);
977         smi_msg->data[7] = lan_addr->local_SWID;
978         smi_msg->data[8] = (ipmb_seq << 2) | source_lun;
979         smi_msg->data[9] = msg->cmd;
980
981         /* Now tack on the data to the message. */
982         if (msg->data_len > 0)
983                 memcpy(&(smi_msg->data[10]), msg->data,
984                        msg->data_len);
985         smi_msg->data_size = msg->data_len + 10;
986
987         /* Now calculate the checksum and tack it on. */
988         smi_msg->data[smi_msg->data_size]
989                 = ipmb_checksum(&(smi_msg->data[7]),
990                                 smi_msg->data_size-7);
991
992         /* Add on the checksum size and the offset from the
993            broadcast. */
994         smi_msg->data_size += 1;
995
996         smi_msg->msgid = msgid;
997 }
998
999 /* Separate from ipmi_request so that the user does not have to be
1000    supplied in certain circumstances (mainly at panic time).  If
1001    messages are supplied, they will be freed, even if an error
1002    occurs. */
1003 static inline int i_ipmi_request(ipmi_user_t          user,
1004                                  ipmi_smi_t           intf,
1005                                  struct ipmi_addr     *addr,
1006                                  long                 msgid,
1007                                  struct kernel_ipmi_msg *msg,
1008                                  void                 *user_msg_data,
1009                                  void                 *supplied_smi,
1010                                  struct ipmi_recv_msg *supplied_recv,
1011                                  int                  priority,
1012                                  unsigned char        source_address,
1013                                  unsigned char        source_lun,
1014                                  int                  retries,
1015                                  unsigned int         retry_time_ms)
1016 {
1017         int                  rv = 0;
1018         struct ipmi_smi_msg  *smi_msg;
1019         struct ipmi_recv_msg *recv_msg;
1020         unsigned long        flags;
1021
1022
1023         if (supplied_recv) {
1024                 recv_msg = supplied_recv;
1025         } else {
1026                 recv_msg = ipmi_alloc_recv_msg();
1027                 if (recv_msg == NULL) {
1028                         return -ENOMEM;
1029                 }
1030         }
1031         recv_msg->user_msg_data = user_msg_data;
1032
1033         if (supplied_smi) {
1034                 smi_msg = (struct ipmi_smi_msg *) supplied_smi;
1035         } else {
1036                 smi_msg = ipmi_alloc_smi_msg();
1037                 if (smi_msg == NULL) {
1038                         ipmi_free_recv_msg(recv_msg);
1039                         return -ENOMEM;
1040                 }
1041         }
1042
1043         recv_msg->user = user;
1044         recv_msg->msgid = msgid;
1045         /* Store the message to send in the receive message so timeout
1046            responses can get the proper response data. */
1047         recv_msg->msg = *msg;
1048
1049         if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
1050                 struct ipmi_system_interface_addr *smi_addr;
1051
1052                 if (msg->netfn & 1) {
1053                         /* Responses are not allowed to the SMI. */
1054                         rv = -EINVAL;
1055                         goto out_err;
1056                 }
1057
1058                 smi_addr = (struct ipmi_system_interface_addr *) addr;
1059                 if (smi_addr->lun > 3) {
1060                         spin_lock_irqsave(&intf->counter_lock, flags);
1061                         intf->sent_invalid_commands++;
1062                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1063                         rv = -EINVAL;
1064                         goto out_err;
1065                 }
1066
1067                 memcpy(&recv_msg->addr, smi_addr, sizeof(*smi_addr));
1068
1069                 if ((msg->netfn == IPMI_NETFN_APP_REQUEST)
1070                     && ((msg->cmd == IPMI_SEND_MSG_CMD)
1071                         || (msg->cmd == IPMI_GET_MSG_CMD)
1072                         || (msg->cmd == IPMI_READ_EVENT_MSG_BUFFER_CMD)))
1073                 {
1074                         /* We don't let the user do these, since we manage
1075                            the sequence numbers. */
1076                         spin_lock_irqsave(&intf->counter_lock, flags);
1077                         intf->sent_invalid_commands++;
1078                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1079                         rv = -EINVAL;
1080                         goto out_err;
1081                 }
1082
1083                 if ((msg->data_len + 2) > IPMI_MAX_MSG_LENGTH) {
1084                         spin_lock_irqsave(&intf->counter_lock, flags);
1085                         intf->sent_invalid_commands++;
1086                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1087                         rv = -EMSGSIZE;
1088                         goto out_err;
1089                 }
1090
1091                 smi_msg->data[0] = (msg->netfn << 2) | (smi_addr->lun & 0x3);
1092                 smi_msg->data[1] = msg->cmd;
1093                 smi_msg->msgid = msgid;
1094                 smi_msg->user_data = recv_msg;
1095                 if (msg->data_len > 0)
1096                         memcpy(&(smi_msg->data[2]), msg->data, msg->data_len);
1097                 smi_msg->data_size = msg->data_len + 2;
1098                 spin_lock_irqsave(&intf->counter_lock, flags);
1099                 intf->sent_local_commands++;
1100                 spin_unlock_irqrestore(&intf->counter_lock, flags);
1101         } else if ((addr->addr_type == IPMI_IPMB_ADDR_TYPE)
1102                    || (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
1103         {
1104                 struct ipmi_ipmb_addr *ipmb_addr;
1105                 unsigned char         ipmb_seq;
1106                 long                  seqid;
1107                 int                   broadcast = 0;
1108
1109                 if (addr->channel >= IPMI_MAX_CHANNELS) {
1110                         spin_lock_irqsave(&intf->counter_lock, flags);
1111                         intf->sent_invalid_commands++;
1112                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1113                         rv = -EINVAL;
1114                         goto out_err;
1115                 }
1116
1117                 if (intf->channels[addr->channel].medium
1118                     != IPMI_CHANNEL_MEDIUM_IPMB)
1119                 {
1120                         spin_lock_irqsave(&intf->counter_lock, flags);
1121                         intf->sent_invalid_commands++;
1122                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1123                         rv = -EINVAL;
1124                         goto out_err;
1125                 }
1126
1127                 if (retries < 0) {
1128                     if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)
1129                         retries = 0; /* Don't retry broadcasts. */
1130                     else
1131                         retries = 4;
1132                 }
1133                 if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE) {
1134                     /* Broadcasts add a zero at the beginning of the
1135                        message, but otherwise is the same as an IPMB
1136                        address. */
1137                     addr->addr_type = IPMI_IPMB_ADDR_TYPE;
1138                     broadcast = 1;
1139                 }
1140
1141
1142                 /* Default to 1 second retries. */
1143                 if (retry_time_ms == 0)
1144                     retry_time_ms = 1000;
1145
1146                 /* 9 for the header and 1 for the checksum, plus
1147                    possibly one for the broadcast. */
1148                 if ((msg->data_len + 10 + broadcast) > IPMI_MAX_MSG_LENGTH) {
1149                         spin_lock_irqsave(&intf->counter_lock, flags);
1150                         intf->sent_invalid_commands++;
1151                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1152                         rv = -EMSGSIZE;
1153                         goto out_err;
1154                 }
1155
1156                 ipmb_addr = (struct ipmi_ipmb_addr *) addr;
1157                 if (ipmb_addr->lun > 3) {
1158                         spin_lock_irqsave(&intf->counter_lock, flags);
1159                         intf->sent_invalid_commands++;
1160                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1161                         rv = -EINVAL;
1162                         goto out_err;
1163                 }
1164
1165                 memcpy(&recv_msg->addr, ipmb_addr, sizeof(*ipmb_addr));
1166
1167                 if (recv_msg->msg.netfn & 0x1) {
1168                         /* It's a response, so use the user's sequence
1169                            from msgid. */
1170                         spin_lock_irqsave(&intf->counter_lock, flags);
1171                         intf->sent_ipmb_responses++;
1172                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1173                         format_ipmb_msg(smi_msg, msg, ipmb_addr, msgid,
1174                                         msgid, broadcast,
1175                                         source_address, source_lun);
1176
1177                         /* Save the receive message so we can use it
1178                            to deliver the response. */
1179                         smi_msg->user_data = recv_msg;
1180                 } else {
1181                         /* It's a command, so get a sequence for it. */
1182
1183                         spin_lock_irqsave(&(intf->seq_lock), flags);
1184
1185                         spin_lock(&intf->counter_lock);
1186                         intf->sent_ipmb_commands++;
1187                         spin_unlock(&intf->counter_lock);
1188
1189                         /* Create a sequence number with a 1 second
1190                            timeout and 4 retries. */
1191                         rv = intf_next_seq(intf,
1192                                            recv_msg,
1193                                            retry_time_ms,
1194                                            retries,
1195                                            broadcast,
1196                                            &ipmb_seq,
1197                                            &seqid);
1198                         if (rv) {
1199                                 /* We have used up all the sequence numbers,
1200                                    probably, so abort. */
1201                                 spin_unlock_irqrestore(&(intf->seq_lock),
1202                                                        flags);
1203                                 goto out_err;
1204                         }
1205
1206                         /* Store the sequence number in the message,
1207                            so that when the send message response
1208                            comes back we can start the timer. */
1209                         format_ipmb_msg(smi_msg, msg, ipmb_addr,
1210                                         STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
1211                                         ipmb_seq, broadcast,
1212                                         source_address, source_lun);
1213
1214                         /* Copy the message into the recv message data, so we
1215                            can retransmit it later if necessary. */
1216                         memcpy(recv_msg->msg_data, smi_msg->data,
1217                                smi_msg->data_size);
1218                         recv_msg->msg.data = recv_msg->msg_data;
1219                         recv_msg->msg.data_len = smi_msg->data_size;
1220
1221                         /* We don't unlock until here, because we need
1222                            to copy the completed message into the
1223                            recv_msg before we release the lock.
1224                            Otherwise, race conditions may bite us.  I
1225                            know that's pretty paranoid, but I prefer
1226                            to be correct. */
1227                         spin_unlock_irqrestore(&(intf->seq_lock), flags);
1228                 }
1229         } else if (addr->addr_type == IPMI_LAN_ADDR_TYPE) {
1230                 struct ipmi_lan_addr  *lan_addr;
1231                 unsigned char         ipmb_seq;
1232                 long                  seqid;
1233
1234                 if (addr->channel >= IPMI_NUM_CHANNELS) {
1235                         spin_lock_irqsave(&intf->counter_lock, flags);
1236                         intf->sent_invalid_commands++;
1237                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1238                         rv = -EINVAL;
1239                         goto out_err;
1240                 }
1241
1242                 if ((intf->channels[addr->channel].medium
1243                     != IPMI_CHANNEL_MEDIUM_8023LAN)
1244                     && (intf->channels[addr->channel].medium
1245                         != IPMI_CHANNEL_MEDIUM_ASYNC))
1246                 {
1247                         spin_lock_irqsave(&intf->counter_lock, flags);
1248                         intf->sent_invalid_commands++;
1249                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1250                         rv = -EINVAL;
1251                         goto out_err;
1252                 }
1253
1254                 retries = 4;
1255
1256                 /* Default to 1 second retries. */
1257                 if (retry_time_ms == 0)
1258                     retry_time_ms = 1000;
1259
1260                 /* 11 for the header and 1 for the checksum. */
1261                 if ((msg->data_len + 12) > IPMI_MAX_MSG_LENGTH) {
1262                         spin_lock_irqsave(&intf->counter_lock, flags);
1263                         intf->sent_invalid_commands++;
1264                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1265                         rv = -EMSGSIZE;
1266                         goto out_err;
1267                 }
1268
1269                 lan_addr = (struct ipmi_lan_addr *) addr;
1270                 if (lan_addr->lun > 3) {
1271                         spin_lock_irqsave(&intf->counter_lock, flags);
1272                         intf->sent_invalid_commands++;
1273                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1274                         rv = -EINVAL;
1275                         goto out_err;
1276                 }
1277
1278                 memcpy(&recv_msg->addr, lan_addr, sizeof(*lan_addr));
1279
1280                 if (recv_msg->msg.netfn & 0x1) {
1281                         /* It's a response, so use the user's sequence
1282                            from msgid. */
1283                         spin_lock_irqsave(&intf->counter_lock, flags);
1284                         intf->sent_lan_responses++;
1285                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1286                         format_lan_msg(smi_msg, msg, lan_addr, msgid,
1287                                        msgid, source_lun);
1288
1289                         /* Save the receive message so we can use it
1290                            to deliver the response. */
1291                         smi_msg->user_data = recv_msg;
1292                 } else {
1293                         /* It's a command, so get a sequence for it. */
1294
1295                         spin_lock_irqsave(&(intf->seq_lock), flags);
1296
1297                         spin_lock(&intf->counter_lock);
1298                         intf->sent_lan_commands++;
1299                         spin_unlock(&intf->counter_lock);
1300
1301                         /* Create a sequence number with a 1 second
1302                            timeout and 4 retries. */
1303                         rv = intf_next_seq(intf,
1304                                            recv_msg,
1305                                            retry_time_ms,
1306                                            retries,
1307                                            0,
1308                                            &ipmb_seq,
1309                                            &seqid);
1310                         if (rv) {
1311                                 /* We have used up all the sequence numbers,
1312                                    probably, so abort. */
1313                                 spin_unlock_irqrestore(&(intf->seq_lock),
1314                                                        flags);
1315                                 goto out_err;
1316                         }
1317
1318                         /* Store the sequence number in the message,
1319                            so that when the send message response
1320                            comes back we can start the timer. */
1321                         format_lan_msg(smi_msg, msg, lan_addr,
1322                                        STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
1323                                        ipmb_seq, source_lun);
1324
1325                         /* Copy the message into the recv message data, so we
1326                            can retransmit it later if necessary. */
1327                         memcpy(recv_msg->msg_data, smi_msg->data,
1328                                smi_msg->data_size);
1329                         recv_msg->msg.data = recv_msg->msg_data;
1330                         recv_msg->msg.data_len = smi_msg->data_size;
1331
1332                         /* We don't unlock until here, because we need
1333                            to copy the completed message into the
1334                            recv_msg before we release the lock.
1335                            Otherwise, race conditions may bite us.  I
1336                            know that's pretty paranoid, but I prefer
1337                            to be correct. */
1338                         spin_unlock_irqrestore(&(intf->seq_lock), flags);
1339                 }
1340         } else {
1341             /* Unknown address type. */
1342                 spin_lock_irqsave(&intf->counter_lock, flags);
1343                 intf->sent_invalid_commands++;
1344                 spin_unlock_irqrestore(&intf->counter_lock, flags);
1345                 rv = -EINVAL;
1346                 goto out_err;
1347         }
1348
1349 #ifdef DEBUG_MSGING
1350         {
1351                 int m;
1352                 for (m=0; m<smi_msg->data_size; m++)
1353                         printk(" %2.2x", smi_msg->data[m]);
1354                 printk("\n");
1355         }
1356 #endif
1357         intf->handlers->sender(intf->send_info, smi_msg, priority);
1358
1359         return 0;
1360
1361  out_err:
1362         ipmi_free_smi_msg(smi_msg);
1363         ipmi_free_recv_msg(recv_msg);
1364         return rv;
1365 }
1366
1367 static int check_addr(ipmi_smi_t       intf,
1368                       struct ipmi_addr *addr,
1369                       unsigned char    *saddr,
1370                       unsigned char    *lun)
1371 {
1372         if (addr->channel >= IPMI_MAX_CHANNELS)
1373                 return -EINVAL;
1374         *lun = intf->channels[addr->channel].lun;
1375         *saddr = intf->channels[addr->channel].address;
1376         return 0;
1377 }
1378
1379 int ipmi_request_settime(ipmi_user_t      user,
1380                          struct ipmi_addr *addr,
1381                          long             msgid,
1382                          struct kernel_ipmi_msg  *msg,
1383                          void             *user_msg_data,
1384                          int              priority,
1385                          int              retries,
1386                          unsigned int     retry_time_ms)
1387 {
1388         unsigned char saddr, lun;
1389         int           rv;
1390
1391         rv = check_addr(user->intf, addr, &saddr, &lun);
1392         if (rv)
1393                 return rv;
1394         return i_ipmi_request(user,
1395                               user->intf,
1396                               addr,
1397                               msgid,
1398                               msg,
1399                               user_msg_data,
1400                               NULL, NULL,
1401                               priority,
1402                               saddr,
1403                               lun,
1404                               retries,
1405                               retry_time_ms);
1406 }
1407
1408 int ipmi_request_supply_msgs(ipmi_user_t          user,
1409                              struct ipmi_addr     *addr,
1410                              long                 msgid,
1411                              struct kernel_ipmi_msg *msg,
1412                              void                 *user_msg_data,
1413                              void                 *supplied_smi,
1414                              struct ipmi_recv_msg *supplied_recv,
1415                              int                  priority)
1416 {
1417         unsigned char saddr, lun;
1418         int           rv;
1419
1420         rv = check_addr(user->intf, addr, &saddr, &lun);
1421         if (rv)
1422                 return rv;
1423         return i_ipmi_request(user,
1424                               user->intf,
1425                               addr,
1426                               msgid,
1427                               msg,
1428                               user_msg_data,
1429                               supplied_smi,
1430                               supplied_recv,
1431                               priority,
1432                               saddr,
1433                               lun,
1434                               -1, 0);
1435 }
1436
1437 static int ipmb_file_read_proc(char *page, char **start, off_t off,
1438                                int count, int *eof, void *data)
1439 {
1440         char       *out = (char *) page;
1441         ipmi_smi_t intf = data;
1442         int        i;
1443         int        rv= 0;
1444
1445         for (i=0; i<IPMI_MAX_CHANNELS; i++)
1446                 rv += sprintf(out+rv, "%x ", intf->channels[i].address);
1447         out[rv-1] = '\n'; /* Replace the final space with a newline */
1448         out[rv] = '\0';
1449         rv++;
1450         return rv;
1451 }
1452
1453 static int version_file_read_proc(char *page, char **start, off_t off,
1454                                   int count, int *eof, void *data)
1455 {
1456         char       *out = (char *) page;
1457         ipmi_smi_t intf = data;
1458
1459         return sprintf(out, "%d.%d\n",
1460                        intf->version_major, intf->version_minor);
1461 }
1462
1463 static int stat_file_read_proc(char *page, char **start, off_t off,
1464                                int count, int *eof, void *data)
1465 {
1466         char       *out = (char *) page;
1467         ipmi_smi_t intf = data;
1468
1469         out += sprintf(out, "sent_invalid_commands:       %d\n",
1470                        intf->sent_invalid_commands);
1471         out += sprintf(out, "sent_local_commands:         %d\n",
1472                        intf->sent_local_commands);
1473         out += sprintf(out, "handled_local_responses:     %d\n",
1474                        intf->handled_local_responses);
1475         out += sprintf(out, "unhandled_local_responses:   %d\n",
1476                        intf->unhandled_local_responses);
1477         out += sprintf(out, "sent_ipmb_commands:          %d\n",
1478                        intf->sent_ipmb_commands);
1479         out += sprintf(out, "sent_ipmb_command_errs:      %d\n",
1480                        intf->sent_ipmb_command_errs);
1481         out += sprintf(out, "retransmitted_ipmb_commands: %d\n",
1482                        intf->retransmitted_ipmb_commands);
1483         out += sprintf(out, "timed_out_ipmb_commands:     %d\n",
1484                        intf->timed_out_ipmb_commands);
1485         out += sprintf(out, "timed_out_ipmb_broadcasts:   %d\n",
1486                        intf->timed_out_ipmb_broadcasts);
1487         out += sprintf(out, "sent_ipmb_responses:         %d\n",
1488                        intf->sent_ipmb_responses);
1489         out += sprintf(out, "handled_ipmb_responses:      %d\n",
1490                        intf->handled_ipmb_responses);
1491         out += sprintf(out, "invalid_ipmb_responses:      %d\n",
1492                        intf->invalid_ipmb_responses);
1493         out += sprintf(out, "unhandled_ipmb_responses:    %d\n",
1494                        intf->unhandled_ipmb_responses);
1495         out += sprintf(out, "sent_lan_commands:           %d\n",
1496                        intf->sent_lan_commands);
1497         out += sprintf(out, "sent_lan_command_errs:       %d\n",
1498                        intf->sent_lan_command_errs);
1499         out += sprintf(out, "retransmitted_lan_commands:  %d\n",
1500                        intf->retransmitted_lan_commands);
1501         out += sprintf(out, "timed_out_lan_commands:      %d\n",
1502                        intf->timed_out_lan_commands);
1503         out += sprintf(out, "sent_lan_responses:          %d\n",
1504                        intf->sent_lan_responses);
1505         out += sprintf(out, "handled_lan_responses:       %d\n",
1506                        intf->handled_lan_responses);
1507         out += sprintf(out, "invalid_lan_responses:       %d\n",
1508                        intf->invalid_lan_responses);
1509         out += sprintf(out, "unhandled_lan_responses:     %d\n",
1510                        intf->unhandled_lan_responses);
1511         out += sprintf(out, "handled_commands:            %d\n",
1512                        intf->handled_commands);
1513         out += sprintf(out, "invalid_commands:            %d\n",
1514                        intf->invalid_commands);
1515         out += sprintf(out, "unhandled_commands:          %d\n",
1516                        intf->unhandled_commands);
1517         out += sprintf(out, "invalid_events:              %d\n",
1518                        intf->invalid_events);
1519         out += sprintf(out, "events:                      %d\n",
1520                        intf->events);
1521
1522         return (out - ((char *) page));
1523 }
1524
1525 int ipmi_smi_add_proc_entry(ipmi_smi_t smi, char *name,
1526                             read_proc_t *read_proc, write_proc_t *write_proc,
1527                             void *data, struct module *owner)
1528 {
1529         int                    rv = 0;
1530 #ifdef CONFIG_PROC_FS
1531         struct proc_dir_entry  *file;
1532         struct ipmi_proc_entry *entry;
1533
1534         /* Create a list element. */
1535         entry = kmalloc(sizeof(*entry), GFP_KERNEL);
1536         if (!entry)
1537                 return -ENOMEM;
1538         entry->name = kmalloc(strlen(name)+1, GFP_KERNEL);
1539         if (!entry->name) {
1540                 kfree(entry);
1541                 return -ENOMEM;
1542         }
1543         strcpy(entry->name, name);
1544
1545         file = create_proc_entry(name, 0, smi->proc_dir);
1546         if (!file) {
1547                 kfree(entry->name);
1548                 kfree(entry);
1549                 rv = -ENOMEM;
1550         } else {
1551                 file->nlink = 1;
1552                 file->data = data;
1553                 file->read_proc = read_proc;
1554                 file->write_proc = write_proc;
1555                 file->owner = owner;
1556
1557                 spin_lock(&smi->proc_entry_lock);
1558                 /* Stick it on the list. */
1559                 entry->next = smi->proc_entries;
1560                 smi->proc_entries = entry;
1561                 spin_unlock(&smi->proc_entry_lock);
1562         }
1563 #endif /* CONFIG_PROC_FS */
1564
1565         return rv;
1566 }
1567
1568 static int add_proc_entries(ipmi_smi_t smi, int num)
1569 {
1570         int rv = 0;
1571
1572 #ifdef CONFIG_PROC_FS
1573         sprintf(smi->proc_dir_name, "%d", num);
1574         smi->proc_dir = proc_mkdir(smi->proc_dir_name, proc_ipmi_root);
1575         if (!smi->proc_dir)
1576                 rv = -ENOMEM;
1577         else {
1578                 smi->proc_dir->owner = THIS_MODULE;
1579         }
1580
1581         if (rv == 0)
1582                 rv = ipmi_smi_add_proc_entry(smi, "stats",
1583                                              stat_file_read_proc, NULL,
1584                                              smi, THIS_MODULE);
1585
1586         if (rv == 0)
1587                 rv = ipmi_smi_add_proc_entry(smi, "ipmb",
1588                                              ipmb_file_read_proc, NULL,
1589                                              smi, THIS_MODULE);
1590
1591         if (rv == 0)
1592                 rv = ipmi_smi_add_proc_entry(smi, "version",
1593                                              version_file_read_proc, NULL,
1594                                              smi, THIS_MODULE);
1595 #endif /* CONFIG_PROC_FS */
1596
1597         return rv;
1598 }
1599
1600 static void remove_proc_entries(ipmi_smi_t smi)
1601 {
1602 #ifdef CONFIG_PROC_FS
1603         struct ipmi_proc_entry *entry;
1604
1605         spin_lock(&smi->proc_entry_lock);
1606         while (smi->proc_entries) {
1607                 entry = smi->proc_entries;
1608                 smi->proc_entries = entry->next;
1609
1610                 remove_proc_entry(entry->name, smi->proc_dir);
1611                 kfree(entry->name);
1612                 kfree(entry);
1613         }
1614         spin_unlock(&smi->proc_entry_lock);
1615         remove_proc_entry(smi->proc_dir_name, proc_ipmi_root);
1616 #endif /* CONFIG_PROC_FS */
1617 }
1618
1619 static int
1620 send_channel_info_cmd(ipmi_smi_t intf, int chan)
1621 {
1622         struct kernel_ipmi_msg            msg;
1623         unsigned char                     data[1];
1624         struct ipmi_system_interface_addr si;
1625
1626         si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
1627         si.channel = IPMI_BMC_CHANNEL;
1628         si.lun = 0;
1629
1630         msg.netfn = IPMI_NETFN_APP_REQUEST;
1631         msg.cmd = IPMI_GET_CHANNEL_INFO_CMD;
1632         msg.data = data;
1633         msg.data_len = 1;
1634         data[0] = chan;
1635         return i_ipmi_request(NULL,
1636                               intf,
1637                               (struct ipmi_addr *) &si,
1638                               0,
1639                               &msg,
1640                               NULL,
1641                               NULL,
1642                               NULL,
1643                               0,
1644                               intf->channels[0].address,
1645                               intf->channels[0].lun,
1646                               -1, 0);
1647 }
1648
1649 static void
1650 channel_handler(ipmi_smi_t intf, struct ipmi_smi_msg *msg)
1651 {
1652         int rv = 0;
1653         int chan;
1654
1655         if ((msg->rsp[0] == (IPMI_NETFN_APP_RESPONSE << 2))
1656             && (msg->rsp[1] == IPMI_GET_CHANNEL_INFO_CMD))
1657         {
1658                 /* It's the one we want */
1659                 if (msg->rsp[2] != 0) {
1660                         /* Got an error from the channel, just go on. */
1661
1662                         if (msg->rsp[2] == IPMI_INVALID_COMMAND_ERR) {
1663                                 /* If the MC does not support this
1664                                    command, that is legal.  We just
1665                                    assume it has one IPMB at channel
1666                                    zero. */
1667                                 intf->channels[0].medium
1668                                         = IPMI_CHANNEL_MEDIUM_IPMB;
1669                                 intf->channels[0].protocol
1670                                         = IPMI_CHANNEL_PROTOCOL_IPMB;
1671                                 rv = -ENOSYS;
1672
1673                                 intf->curr_channel = IPMI_MAX_CHANNELS;
1674                                 wake_up(&intf->waitq);
1675                                 goto out;
1676                         }
1677                         goto next_channel;
1678                 }
1679                 if (msg->rsp_size < 6) {
1680                         /* Message not big enough, just go on. */
1681                         goto next_channel;
1682                 }
1683                 chan = intf->curr_channel;
1684                 intf->channels[chan].medium = msg->rsp[4] & 0x7f;
1685                 intf->channels[chan].protocol = msg->rsp[5] & 0x1f;
1686
1687         next_channel:
1688                 intf->curr_channel++;
1689                 if (intf->curr_channel >= IPMI_MAX_CHANNELS)
1690                         wake_up(&intf->waitq);
1691                 else
1692                         rv = send_channel_info_cmd(intf, intf->curr_channel);
1693
1694                 if (rv) {
1695                         /* Got an error somehow, just give up. */
1696                         intf->curr_channel = IPMI_MAX_CHANNELS;
1697                         wake_up(&intf->waitq);
1698
1699                         printk(KERN_WARNING PFX
1700                                "Error sending channel information: %d\n",
1701                                rv);
1702                 }
1703         }
1704  out:
1705         return;
1706 }
1707
1708 int ipmi_register_smi(struct ipmi_smi_handlers *handlers,
1709                       void                     *send_info,
1710                       unsigned char            version_major,
1711                       unsigned char            version_minor,
1712                       unsigned char            slave_addr,
1713                       ipmi_smi_t               *intf)
1714 {
1715         int              i, j;
1716         int              rv;
1717         ipmi_smi_t       new_intf;
1718         unsigned long    flags;
1719
1720
1721         /* Make sure the driver is actually initialized, this handles
1722            problems with initialization order. */
1723         if (!initialized) {
1724                 rv = ipmi_init_msghandler();
1725                 if (rv)
1726                         return rv;
1727                 /* The init code doesn't return an error if it was turned
1728                    off, but it won't initialize.  Check that. */
1729                 if (!initialized)
1730                         return -ENODEV;
1731         }
1732
1733         new_intf = kmalloc(sizeof(*new_intf), GFP_KERNEL);
1734         if (!new_intf)
1735                 return -ENOMEM;
1736         memset(new_intf, 0, sizeof(*new_intf));
1737
1738         new_intf->proc_dir = NULL;
1739
1740         rv = -ENOMEM;
1741
1742         down_write(&interfaces_sem);
1743         for (i=0; i<MAX_IPMI_INTERFACES; i++) {
1744                 if (ipmi_interfaces[i] == NULL) {
1745                         new_intf->intf_num = i;
1746                         new_intf->version_major = version_major;
1747                         new_intf->version_minor = version_minor;
1748                         for (j=0; j<IPMI_MAX_CHANNELS; j++) {
1749                                 new_intf->channels[j].address
1750                                         = IPMI_BMC_SLAVE_ADDR;
1751                                 new_intf->channels[j].lun = 2;
1752                         }
1753                         if (slave_addr != 0)
1754                                 new_intf->channels[0].address = slave_addr;
1755                         rwlock_init(&(new_intf->users_lock));
1756                         INIT_LIST_HEAD(&(new_intf->users));
1757                         new_intf->handlers = handlers;
1758                         new_intf->send_info = send_info;
1759                         spin_lock_init(&(new_intf->seq_lock));
1760                         for (j=0; j<IPMI_IPMB_NUM_SEQ; j++) {
1761                                 new_intf->seq_table[j].inuse = 0;
1762                                 new_intf->seq_table[j].seqid = 0;
1763                         }
1764                         new_intf->curr_seq = 0;
1765 #ifdef CONFIG_PROC_FS
1766                         spin_lock_init(&(new_intf->proc_entry_lock));
1767 #endif
1768                         spin_lock_init(&(new_intf->waiting_msgs_lock));
1769                         INIT_LIST_HEAD(&(new_intf->waiting_msgs));
1770                         spin_lock_init(&(new_intf->events_lock));
1771                         INIT_LIST_HEAD(&(new_intf->waiting_events));
1772                         new_intf->waiting_events_count = 0;
1773                         rwlock_init(&(new_intf->cmd_rcvr_lock));
1774                         init_waitqueue_head(&new_intf->waitq);
1775                         INIT_LIST_HEAD(&(new_intf->cmd_rcvrs));
1776                         new_intf->all_cmd_rcvr = NULL;
1777
1778                         spin_lock_init(&(new_intf->counter_lock));
1779
1780                         spin_lock_irqsave(&interfaces_lock, flags);
1781                         ipmi_interfaces[i] = new_intf;
1782                         spin_unlock_irqrestore(&interfaces_lock, flags);
1783
1784                         rv = 0;
1785                         *intf = new_intf;
1786                         break;
1787                 }
1788         }
1789
1790         downgrade_write(&interfaces_sem);
1791
1792         if (rv == 0)
1793                 rv = add_proc_entries(*intf, i);
1794
1795         if (rv == 0) {
1796                 if ((version_major > 1)
1797                     || ((version_major == 1) && (version_minor >= 5)))
1798                 {
1799                         /* Start scanning the channels to see what is
1800                            available. */
1801                         (*intf)->null_user_handler = channel_handler;
1802                         (*intf)->curr_channel = 0;
1803                         rv = send_channel_info_cmd(*intf, 0);
1804                         if (rv)
1805                                 goto out;
1806
1807                         /* Wait for the channel info to be read. */
1808                         up_read(&interfaces_sem);
1809                         wait_event((*intf)->waitq,
1810                                    ((*intf)->curr_channel>=IPMI_MAX_CHANNELS));
1811                         down_read(&interfaces_sem);
1812
1813                         if (ipmi_interfaces[i] != new_intf)
1814                                 /* Well, it went away.  Just return. */
1815                                 goto out;
1816                 } else {
1817                         /* Assume a single IPMB channel at zero. */
1818                         (*intf)->channels[0].medium = IPMI_CHANNEL_MEDIUM_IPMB;
1819                         (*intf)->channels[0].protocol
1820                                 = IPMI_CHANNEL_PROTOCOL_IPMB;
1821                 }
1822
1823                 /* Call all the watcher interfaces to tell
1824                    them that a new interface is available. */
1825                 call_smi_watchers(i);
1826         }
1827
1828  out:
1829         up_read(&interfaces_sem);
1830
1831         if (rv) {
1832                 if (new_intf->proc_dir)
1833                         remove_proc_entries(new_intf);
1834                 kfree(new_intf);
1835         }
1836
1837         return rv;
1838 }
1839
1840 static void free_recv_msg_list(struct list_head *q)
1841 {
1842         struct ipmi_recv_msg *msg, *msg2;
1843
1844         list_for_each_entry_safe(msg, msg2, q, link) {
1845                 list_del(&msg->link);
1846                 ipmi_free_recv_msg(msg);
1847         }
1848 }
1849
1850 static void free_cmd_rcvr_list(struct list_head *q)
1851 {
1852         struct cmd_rcvr  *rcvr, *rcvr2;
1853
1854         list_for_each_entry_safe(rcvr, rcvr2, q, link) {
1855                 list_del(&rcvr->link);
1856                 kfree(rcvr);
1857         }
1858 }
1859
1860 static void clean_up_interface_data(ipmi_smi_t intf)
1861 {
1862         int i;
1863
1864         free_recv_msg_list(&(intf->waiting_msgs));
1865         free_recv_msg_list(&(intf->waiting_events));
1866         free_cmd_rcvr_list(&(intf->cmd_rcvrs));
1867
1868         for (i=0; i<IPMI_IPMB_NUM_SEQ; i++) {
1869                 if ((intf->seq_table[i].inuse)
1870                     && (intf->seq_table[i].recv_msg))
1871                 {
1872                         ipmi_free_recv_msg(intf->seq_table[i].recv_msg);
1873                 }       
1874         }
1875 }
1876
1877 int ipmi_unregister_smi(ipmi_smi_t intf)
1878 {
1879         int                     rv = -ENODEV;
1880         int                     i;
1881         struct ipmi_smi_watcher *w;
1882         unsigned long           flags;
1883
1884         down_write(&interfaces_sem);
1885         if (list_empty(&(intf->users)))
1886         {
1887                 for (i=0; i<MAX_IPMI_INTERFACES; i++) {
1888                         if (ipmi_interfaces[i] == intf) {
1889                                 remove_proc_entries(intf);
1890                                 spin_lock_irqsave(&interfaces_lock, flags);
1891                                 ipmi_interfaces[i] = NULL;
1892                                 clean_up_interface_data(intf);
1893                                 spin_unlock_irqrestore(&interfaces_lock,flags);
1894                                 kfree(intf);
1895                                 rv = 0;
1896                                 goto out_call_watcher;
1897                         }
1898                 }
1899         } else {
1900                 rv = -EBUSY;
1901         }
1902         up_write(&interfaces_sem);
1903
1904         return rv;
1905
1906  out_call_watcher:
1907         downgrade_write(&interfaces_sem);
1908
1909         /* Call all the watcher interfaces to tell them that
1910            an interface is gone. */
1911         down_read(&smi_watchers_sem);
1912         list_for_each_entry(w, &smi_watchers, link) {
1913                 w->smi_gone(i);
1914         }
1915         up_read(&smi_watchers_sem);
1916         up_read(&interfaces_sem);
1917         return 0;
1918 }
1919
1920 static int handle_ipmb_get_msg_rsp(ipmi_smi_t          intf,
1921                                    struct ipmi_smi_msg *msg)
1922 {
1923         struct ipmi_ipmb_addr ipmb_addr;
1924         struct ipmi_recv_msg  *recv_msg;
1925         unsigned long         flags;
1926
1927         
1928         /* This is 11, not 10, because the response must contain a
1929          * completion code. */
1930         if (msg->rsp_size < 11) {
1931                 /* Message not big enough, just ignore it. */
1932                 spin_lock_irqsave(&intf->counter_lock, flags);
1933                 intf->invalid_ipmb_responses++;
1934                 spin_unlock_irqrestore(&intf->counter_lock, flags);
1935                 return 0;
1936         }
1937
1938         if (msg->rsp[2] != 0) {
1939                 /* An error getting the response, just ignore it. */
1940                 return 0;
1941         }
1942
1943         ipmb_addr.addr_type = IPMI_IPMB_ADDR_TYPE;
1944         ipmb_addr.slave_addr = msg->rsp[6];
1945         ipmb_addr.channel = msg->rsp[3] & 0x0f;
1946         ipmb_addr.lun = msg->rsp[7] & 3;
1947
1948         /* It's a response from a remote entity.  Look up the sequence
1949            number and handle the response. */
1950         if (intf_find_seq(intf,
1951                           msg->rsp[7] >> 2,
1952                           msg->rsp[3] & 0x0f,
1953                           msg->rsp[8],
1954                           (msg->rsp[4] >> 2) & (~1),
1955                           (struct ipmi_addr *) &(ipmb_addr),
1956                           &recv_msg))
1957         {
1958                 /* We were unable to find the sequence number,
1959                    so just nuke the message. */
1960                 spin_lock_irqsave(&intf->counter_lock, flags);
1961                 intf->unhandled_ipmb_responses++;
1962                 spin_unlock_irqrestore(&intf->counter_lock, flags);
1963                 return 0;
1964         }
1965
1966         memcpy(recv_msg->msg_data,
1967                &(msg->rsp[9]),
1968                msg->rsp_size - 9);
1969         /* THe other fields matched, so no need to set them, except
1970            for netfn, which needs to be the response that was
1971            returned, not the request value. */
1972         recv_msg->msg.netfn = msg->rsp[4] >> 2;
1973         recv_msg->msg.data = recv_msg->msg_data;
1974         recv_msg->msg.data_len = msg->rsp_size - 10;
1975         recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
1976         spin_lock_irqsave(&intf->counter_lock, flags);
1977         intf->handled_ipmb_responses++;
1978         spin_unlock_irqrestore(&intf->counter_lock, flags);
1979         deliver_response(recv_msg);
1980
1981         return 0;
1982 }
1983
1984 static int handle_ipmb_get_msg_cmd(ipmi_smi_t          intf,
1985                                    struct ipmi_smi_msg *msg)
1986 {
1987         struct cmd_rcvr       *rcvr;
1988         int                   rv = 0;
1989         unsigned char         netfn;
1990         unsigned char         cmd;
1991         ipmi_user_t           user = NULL;
1992         struct ipmi_ipmb_addr *ipmb_addr;
1993         struct ipmi_recv_msg  *recv_msg;
1994         unsigned long         flags;
1995
1996         if (msg->rsp_size < 10) {
1997                 /* Message not big enough, just ignore it. */
1998                 spin_lock_irqsave(&intf->counter_lock, flags);
1999                 intf->invalid_commands++;
2000                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2001                 return 0;
2002         }
2003
2004         if (msg->rsp[2] != 0) {
2005                 /* An error getting the response, just ignore it. */
2006                 return 0;
2007         }
2008
2009         netfn = msg->rsp[4] >> 2;
2010         cmd = msg->rsp[8];
2011
2012         read_lock(&(intf->cmd_rcvr_lock));
2013         
2014         if (intf->all_cmd_rcvr) {
2015                 user = intf->all_cmd_rcvr;
2016         } else {
2017                 /* Find the command/netfn. */
2018                 list_for_each_entry(rcvr, &(intf->cmd_rcvrs), link) {
2019                         if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)) {
2020                                 user = rcvr->user;
2021                                 break;
2022                         }
2023                 }
2024         }
2025         read_unlock(&(intf->cmd_rcvr_lock));
2026
2027         if (user == NULL) {
2028                 /* We didn't find a user, deliver an error response. */
2029                 spin_lock_irqsave(&intf->counter_lock, flags);
2030                 intf->unhandled_commands++;
2031                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2032
2033                 msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
2034                 msg->data[1] = IPMI_SEND_MSG_CMD;
2035                 msg->data[2] = msg->rsp[3];
2036                 msg->data[3] = msg->rsp[6];
2037                 msg->data[4] = ((netfn + 1) << 2) | (msg->rsp[7] & 0x3);
2038                 msg->data[5] = ipmb_checksum(&(msg->data[3]), 2);
2039                 msg->data[6] = intf->channels[msg->rsp[3] & 0xf].address;
2040                 /* rqseq/lun */
2041                 msg->data[7] = (msg->rsp[7] & 0xfc) | (msg->rsp[4] & 0x3);
2042                 msg->data[8] = msg->rsp[8]; /* cmd */
2043                 msg->data[9] = IPMI_INVALID_CMD_COMPLETION_CODE;
2044                 msg->data[10] = ipmb_checksum(&(msg->data[6]), 4);
2045                 msg->data_size = 11;
2046
2047 #ifdef DEBUG_MSGING
2048         {
2049                 int m;
2050                 printk("Invalid command:");
2051                 for (m=0; m<msg->data_size; m++)
2052                         printk(" %2.2x", msg->data[m]);
2053                 printk("\n");
2054         }
2055 #endif
2056                 intf->handlers->sender(intf->send_info, msg, 0);
2057
2058                 rv = -1; /* We used the message, so return the value that
2059                             causes it to not be freed or queued. */
2060         } else {
2061                 /* Deliver the message to the user. */
2062                 spin_lock_irqsave(&intf->counter_lock, flags);
2063                 intf->handled_commands++;
2064                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2065
2066                 recv_msg = ipmi_alloc_recv_msg();
2067                 if (! recv_msg) {
2068                         /* We couldn't allocate memory for the
2069                            message, so requeue it for handling
2070                            later. */
2071                         rv = 1;
2072                 } else {
2073                         /* Extract the source address from the data. */
2074                         ipmb_addr = (struct ipmi_ipmb_addr *) &recv_msg->addr;
2075                         ipmb_addr->addr_type = IPMI_IPMB_ADDR_TYPE;
2076                         ipmb_addr->slave_addr = msg->rsp[6];
2077                         ipmb_addr->lun = msg->rsp[7] & 3;
2078                         ipmb_addr->channel = msg->rsp[3] & 0xf;
2079
2080                         /* Extract the rest of the message information
2081                            from the IPMB header.*/
2082                         recv_msg->user = user;
2083                         recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
2084                         recv_msg->msgid = msg->rsp[7] >> 2;
2085                         recv_msg->msg.netfn = msg->rsp[4] >> 2;
2086                         recv_msg->msg.cmd = msg->rsp[8];
2087                         recv_msg->msg.data = recv_msg->msg_data;
2088
2089                         /* We chop off 10, not 9 bytes because the checksum
2090                            at the end also needs to be removed. */
2091                         recv_msg->msg.data_len = msg->rsp_size - 10;
2092                         memcpy(recv_msg->msg_data,
2093                                &(msg->rsp[9]),
2094                                msg->rsp_size - 10);
2095                         deliver_response(recv_msg);
2096                 }
2097         }
2098
2099         return rv;
2100 }
2101
2102 static int handle_lan_get_msg_rsp(ipmi_smi_t          intf,
2103                                   struct ipmi_smi_msg *msg)
2104 {
2105         struct ipmi_lan_addr  lan_addr;
2106         struct ipmi_recv_msg  *recv_msg;
2107         unsigned long         flags;
2108
2109
2110         /* This is 13, not 12, because the response must contain a
2111          * completion code. */
2112         if (msg->rsp_size < 13) {
2113                 /* Message not big enough, just ignore it. */
2114                 spin_lock_irqsave(&intf->counter_lock, flags);
2115                 intf->invalid_lan_responses++;
2116                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2117                 return 0;
2118         }
2119
2120         if (msg->rsp[2] != 0) {
2121                 /* An error getting the response, just ignore it. */
2122                 return 0;
2123         }
2124
2125         lan_addr.addr_type = IPMI_LAN_ADDR_TYPE;
2126         lan_addr.session_handle = msg->rsp[4];
2127         lan_addr.remote_SWID = msg->rsp[8];
2128         lan_addr.local_SWID = msg->rsp[5];
2129         lan_addr.channel = msg->rsp[3] & 0x0f;
2130         lan_addr.privilege = msg->rsp[3] >> 4;
2131         lan_addr.lun = msg->rsp[9] & 3;
2132
2133         /* It's a response from a remote entity.  Look up the sequence
2134            number and handle the response. */
2135         if (intf_find_seq(intf,
2136                           msg->rsp[9] >> 2,
2137                           msg->rsp[3] & 0x0f,
2138                           msg->rsp[10],
2139                           (msg->rsp[6] >> 2) & (~1),
2140                           (struct ipmi_addr *) &(lan_addr),
2141                           &recv_msg))
2142         {
2143                 /* We were unable to find the sequence number,
2144                    so just nuke the message. */
2145                 spin_lock_irqsave(&intf->counter_lock, flags);
2146                 intf->unhandled_lan_responses++;
2147                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2148                 return 0;
2149         }
2150
2151         memcpy(recv_msg->msg_data,
2152                &(msg->rsp[11]),
2153                msg->rsp_size - 11);
2154         /* The other fields matched, so no need to set them, except
2155            for netfn, which needs to be the response that was
2156            returned, not the request value. */
2157         recv_msg->msg.netfn = msg->rsp[6] >> 2;
2158         recv_msg->msg.data = recv_msg->msg_data;
2159         recv_msg->msg.data_len = msg->rsp_size - 12;
2160         recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
2161         spin_lock_irqsave(&intf->counter_lock, flags);
2162         intf->handled_lan_responses++;
2163         spin_unlock_irqrestore(&intf->counter_lock, flags);
2164         deliver_response(recv_msg);
2165
2166         return 0;
2167 }
2168
2169 static int handle_lan_get_msg_cmd(ipmi_smi_t          intf,
2170                                   struct ipmi_smi_msg *msg)
2171 {
2172         struct cmd_rcvr       *rcvr;
2173         int                   rv = 0;
2174         unsigned char         netfn;
2175         unsigned char         cmd;
2176         ipmi_user_t           user = NULL;
2177         struct ipmi_lan_addr  *lan_addr;
2178         struct ipmi_recv_msg  *recv_msg;
2179         unsigned long         flags;
2180
2181         if (msg->rsp_size < 12) {
2182                 /* Message not big enough, just ignore it. */
2183                 spin_lock_irqsave(&intf->counter_lock, flags);
2184                 intf->invalid_commands++;
2185                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2186                 return 0;
2187         }
2188
2189         if (msg->rsp[2] != 0) {
2190                 /* An error getting the response, just ignore it. */
2191                 return 0;
2192         }
2193
2194         netfn = msg->rsp[6] >> 2;
2195         cmd = msg->rsp[10];
2196
2197         read_lock(&(intf->cmd_rcvr_lock));
2198
2199         if (intf->all_cmd_rcvr) {
2200                 user = intf->all_cmd_rcvr;
2201         } else {
2202                 /* Find the command/netfn. */
2203                 list_for_each_entry(rcvr, &(intf->cmd_rcvrs), link) {
2204                         if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd)) {
2205                                 user = rcvr->user;
2206                                 break;
2207                         }
2208                 }
2209         }
2210         read_unlock(&(intf->cmd_rcvr_lock));
2211
2212         if (user == NULL) {
2213                 /* We didn't find a user, deliver an error response. */
2214                 spin_lock_irqsave(&intf->counter_lock, flags);
2215                 intf->unhandled_commands++;
2216                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2217
2218                 rv = 0; /* Don't do anything with these messages, just
2219                            allow them to be freed. */
2220         } else {
2221                 /* Deliver the message to the user. */
2222                 spin_lock_irqsave(&intf->counter_lock, flags);
2223                 intf->handled_commands++;
2224                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2225
2226                 recv_msg = ipmi_alloc_recv_msg();
2227                 if (! recv_msg) {
2228                         /* We couldn't allocate memory for the
2229                            message, so requeue it for handling
2230                            later. */
2231                         rv = 1;
2232                 } else {
2233                         /* Extract the source address from the data. */
2234                         lan_addr = (struct ipmi_lan_addr *) &recv_msg->addr;
2235                         lan_addr->addr_type = IPMI_LAN_ADDR_TYPE;
2236                         lan_addr->session_handle = msg->rsp[4];
2237                         lan_addr->remote_SWID = msg->rsp[8];
2238                         lan_addr->local_SWID = msg->rsp[5];
2239                         lan_addr->lun = msg->rsp[9] & 3;
2240                         lan_addr->channel = msg->rsp[3] & 0xf;
2241                         lan_addr->privilege = msg->rsp[3] >> 4;
2242
2243                         /* Extract the rest of the message information
2244                            from the IPMB header.*/
2245                         recv_msg->user = user;
2246                         recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
2247                         recv_msg->msgid = msg->rsp[9] >> 2;
2248                         recv_msg->msg.netfn = msg->rsp[6] >> 2;
2249                         recv_msg->msg.cmd = msg->rsp[10];
2250                         recv_msg->msg.data = recv_msg->msg_data;
2251
2252                         /* We chop off 12, not 11 bytes because the checksum
2253                            at the end also needs to be removed. */
2254                         recv_msg->msg.data_len = msg->rsp_size - 12;
2255                         memcpy(recv_msg->msg_data,
2256                                &(msg->rsp[11]),
2257                                msg->rsp_size - 12);
2258                         deliver_response(recv_msg);
2259                 }
2260         }
2261
2262         return rv;
2263 }
2264
2265 static void copy_event_into_recv_msg(struct ipmi_recv_msg *recv_msg,
2266                                      struct ipmi_smi_msg  *msg)
2267 {
2268         struct ipmi_system_interface_addr *smi_addr;
2269         
2270         recv_msg->msgid = 0;
2271         smi_addr = (struct ipmi_system_interface_addr *) &(recv_msg->addr);
2272         smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2273         smi_addr->channel = IPMI_BMC_CHANNEL;
2274         smi_addr->lun = msg->rsp[0] & 3;
2275         recv_msg->recv_type = IPMI_ASYNC_EVENT_RECV_TYPE;
2276         recv_msg->msg.netfn = msg->rsp[0] >> 2;
2277         recv_msg->msg.cmd = msg->rsp[1];
2278         memcpy(recv_msg->msg_data, &(msg->rsp[3]), msg->rsp_size - 3);
2279         recv_msg->msg.data = recv_msg->msg_data;
2280         recv_msg->msg.data_len = msg->rsp_size - 3;
2281 }
2282
2283 /* This will be called with the intf->users_lock read-locked, so no need
2284    to do that here. */
2285 static int handle_read_event_rsp(ipmi_smi_t          intf,
2286                                  struct ipmi_smi_msg *msg)
2287 {
2288         struct ipmi_recv_msg *recv_msg, *recv_msg2;
2289         struct list_head     msgs;
2290         ipmi_user_t          user;
2291         int                  rv = 0;
2292         int                  deliver_count = 0;
2293         unsigned long        flags;
2294
2295         if (msg->rsp_size < 19) {
2296                 /* Message is too small to be an IPMB event. */
2297                 spin_lock_irqsave(&intf->counter_lock, flags);
2298                 intf->invalid_events++;
2299                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2300                 return 0;
2301         }
2302
2303         if (msg->rsp[2] != 0) {
2304                 /* An error getting the event, just ignore it. */
2305                 return 0;
2306         }
2307
2308         INIT_LIST_HEAD(&msgs);
2309
2310         spin_lock_irqsave(&(intf->events_lock), flags);
2311
2312         spin_lock(&intf->counter_lock);
2313         intf->events++;
2314         spin_unlock(&intf->counter_lock);
2315
2316         /* Allocate and fill in one message for every user that is getting
2317            events. */
2318         list_for_each_entry(user, &(intf->users), link) {
2319                 if (! user->gets_events)
2320                         continue;
2321
2322                 recv_msg = ipmi_alloc_recv_msg();
2323                 if (! recv_msg) {
2324                         list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) {
2325                                 list_del(&recv_msg->link);
2326                                 ipmi_free_recv_msg(recv_msg);
2327                         }
2328                         /* We couldn't allocate memory for the
2329                            message, so requeue it for handling
2330                            later. */
2331                         rv = 1;
2332                         goto out;
2333                 }
2334
2335                 deliver_count++;
2336
2337                 copy_event_into_recv_msg(recv_msg, msg);
2338                 recv_msg->user = user;
2339                 list_add_tail(&(recv_msg->link), &msgs);
2340         }
2341
2342         if (deliver_count) {
2343                 /* Now deliver all the messages. */
2344                 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) {
2345                         list_del(&recv_msg->link);
2346                         deliver_response(recv_msg);
2347                 }
2348         } else if (intf->waiting_events_count < MAX_EVENTS_IN_QUEUE) {
2349                 /* No one to receive the message, put it in queue if there's
2350                    not already too many things in the queue. */
2351                 recv_msg = ipmi_alloc_recv_msg();
2352                 if (! recv_msg) {
2353                         /* We couldn't allocate memory for the
2354                            message, so requeue it for handling
2355                            later. */
2356                         rv = 1;
2357                         goto out;
2358                 }
2359
2360                 copy_event_into_recv_msg(recv_msg, msg);
2361                 list_add_tail(&(recv_msg->link), &(intf->waiting_events));
2362         } else {
2363                 /* There's too many things in the queue, discard this
2364                    message. */
2365                 printk(KERN_WARNING PFX "Event queue full, discarding an"
2366                        " incoming event\n");
2367         }
2368
2369  out:
2370         spin_unlock_irqrestore(&(intf->events_lock), flags);
2371
2372         return rv;
2373 }
2374
2375 static int handle_bmc_rsp(ipmi_smi_t          intf,
2376                           struct ipmi_smi_msg *msg)
2377 {
2378         struct ipmi_recv_msg *recv_msg;
2379         int                  found = 0;
2380         struct ipmi_user     *user;
2381         unsigned long        flags;
2382
2383         recv_msg = (struct ipmi_recv_msg *) msg->user_data;
2384
2385         /* Make sure the user still exists. */
2386         list_for_each_entry(user, &(intf->users), link) {
2387                 if (user == recv_msg->user) {
2388                         /* Found it, so we can deliver it */
2389                         found = 1;
2390                         break;
2391                 }
2392         }
2393
2394         if (!found) {
2395                 /* Special handling for NULL users. */
2396                 if (!recv_msg->user && intf->null_user_handler){
2397                         intf->null_user_handler(intf, msg);
2398                         spin_lock_irqsave(&intf->counter_lock, flags);
2399                         intf->handled_local_responses++;
2400                         spin_unlock_irqrestore(&intf->counter_lock, flags);
2401                 }else{
2402                         /* The user for the message went away, so give up. */
2403                         spin_lock_irqsave(&intf->counter_lock, flags);
2404                         intf->unhandled_local_responses++;
2405                         spin_unlock_irqrestore(&intf->counter_lock, flags);
2406                 }
2407                 ipmi_free_recv_msg(recv_msg);
2408         } else {
2409                 struct ipmi_system_interface_addr *smi_addr;
2410
2411                 spin_lock_irqsave(&intf->counter_lock, flags);
2412                 intf->handled_local_responses++;
2413                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2414                 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
2415                 recv_msg->msgid = msg->msgid;
2416                 smi_addr = ((struct ipmi_system_interface_addr *)
2417                             &(recv_msg->addr));
2418                 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2419                 smi_addr->channel = IPMI_BMC_CHANNEL;
2420                 smi_addr->lun = msg->rsp[0] & 3;
2421                 recv_msg->msg.netfn = msg->rsp[0] >> 2;
2422                 recv_msg->msg.cmd = msg->rsp[1];
2423                 memcpy(recv_msg->msg_data,
2424                        &(msg->rsp[2]),
2425                        msg->rsp_size - 2);
2426                 recv_msg->msg.data = recv_msg->msg_data;
2427                 recv_msg->msg.data_len = msg->rsp_size - 2;
2428                 deliver_response(recv_msg);
2429         }
2430
2431         return 0;
2432 }
2433
2434 /* Handle a new message.  Return 1 if the message should be requeued,
2435    0 if the message should be freed, or -1 if the message should not
2436    be freed or requeued. */
2437 static int handle_new_recv_msg(ipmi_smi_t          intf,
2438                                struct ipmi_smi_msg *msg)
2439 {
2440         int requeue;
2441         int chan;
2442
2443 #ifdef DEBUG_MSGING
2444         int m;
2445         printk("Recv:");
2446         for (m=0; m<msg->rsp_size; m++)
2447                 printk(" %2.2x", msg->rsp[m]);
2448         printk("\n");
2449 #endif
2450         if (msg->rsp_size < 2) {
2451                 /* Message is too small to be correct. */
2452                 printk(KERN_WARNING PFX "BMC returned to small a message"
2453                        " for netfn %x cmd %x, got %d bytes\n",
2454                        (msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size);
2455
2456                 /* Generate an error response for the message. */
2457                 msg->rsp[0] = msg->data[0] | (1 << 2);
2458                 msg->rsp[1] = msg->data[1];
2459                 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
2460                 msg->rsp_size = 3;
2461         } else if (((msg->rsp[0] >> 2) != ((msg->data[0] >> 2) | 1))/* Netfn */
2462                    || (msg->rsp[1] != msg->data[1]))              /* Command */
2463         {
2464                 /* The response is not even marginally correct. */
2465                 printk(KERN_WARNING PFX "BMC returned incorrect response,"
2466                        " expected netfn %x cmd %x, got netfn %x cmd %x\n",
2467                        (msg->data[0] >> 2) | 1, msg->data[1],
2468                        msg->rsp[0] >> 2, msg->rsp[1]);
2469
2470                 /* Generate an error response for the message. */
2471                 msg->rsp[0] = msg->data[0] | (1 << 2);
2472                 msg->rsp[1] = msg->data[1];
2473                 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
2474                 msg->rsp_size = 3;
2475         }
2476
2477         if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
2478             && (msg->rsp[1] == IPMI_SEND_MSG_CMD)
2479             && (msg->user_data != NULL))
2480         {
2481                 /* It's a response to a response we sent.  For this we
2482                    deliver a send message response to the user. */
2483                 struct ipmi_recv_msg *recv_msg = msg->user_data;
2484
2485                 requeue = 0;
2486                 if (msg->rsp_size < 2)
2487                         /* Message is too small to be correct. */
2488                         goto out;
2489
2490                 chan = msg->data[2] & 0x0f;
2491                 if (chan >= IPMI_MAX_CHANNELS)
2492                         /* Invalid channel number */
2493                         goto out;
2494
2495                 if (recv_msg) {
2496                         recv_msg->recv_type = IPMI_RESPONSE_RESPONSE_TYPE;
2497                         recv_msg->msg.data = recv_msg->msg_data;
2498                         recv_msg->msg.data_len = 1;
2499                         recv_msg->msg_data[0] = msg->rsp[2];
2500                         deliver_response(recv_msg);
2501                 }
2502         } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
2503                    && (msg->rsp[1] == IPMI_GET_MSG_CMD))
2504         {
2505                 /* It's from the receive queue. */
2506                 chan = msg->rsp[3] & 0xf;
2507                 if (chan >= IPMI_MAX_CHANNELS) {
2508                         /* Invalid channel number */
2509                         requeue = 0;
2510                         goto out;
2511                 }
2512
2513                 switch (intf->channels[chan].medium) {
2514                 case IPMI_CHANNEL_MEDIUM_IPMB:
2515                         if (msg->rsp[4] & 0x04) {
2516                                 /* It's a response, so find the
2517                                    requesting message and send it up. */
2518                                 requeue = handle_ipmb_get_msg_rsp(intf, msg);
2519                         } else {
2520                                 /* It's a command to the SMS from some other
2521                                    entity.  Handle that. */
2522                                 requeue = handle_ipmb_get_msg_cmd(intf, msg);
2523                         }
2524                         break;
2525
2526                 case IPMI_CHANNEL_MEDIUM_8023LAN:
2527                 case IPMI_CHANNEL_MEDIUM_ASYNC:
2528                         if (msg->rsp[6] & 0x04) {
2529                                 /* It's a response, so find the
2530                                    requesting message and send it up. */
2531                                 requeue = handle_lan_get_msg_rsp(intf, msg);
2532                         } else {
2533                                 /* It's a command to the SMS from some other
2534                                    entity.  Handle that. */
2535                                 requeue = handle_lan_get_msg_cmd(intf, msg);
2536                         }
2537                         break;
2538
2539                 default:
2540                         /* We don't handle the channel type, so just
2541                          * free the message. */
2542                         requeue = 0;
2543                 }
2544
2545         } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
2546                    && (msg->rsp[1] == IPMI_READ_EVENT_MSG_BUFFER_CMD))
2547         {
2548                 /* It's an asyncronous event. */
2549                 requeue = handle_read_event_rsp(intf, msg);
2550         } else {
2551                 /* It's a response from the local BMC. */
2552                 requeue = handle_bmc_rsp(intf, msg);
2553         }
2554
2555  out:
2556         return requeue;
2557 }
2558
2559 /* Handle a new message from the lower layer. */
2560 void ipmi_smi_msg_received(ipmi_smi_t          intf,
2561                            struct ipmi_smi_msg *msg)
2562 {
2563         unsigned long flags;
2564         int           rv;
2565
2566
2567         /* Lock the user lock so the user can't go away while we are
2568            working on it. */
2569         read_lock(&(intf->users_lock));
2570
2571         if ((msg->data_size >= 2)
2572             && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2))
2573             && (msg->data[1] == IPMI_SEND_MSG_CMD)
2574             && (msg->user_data == NULL)) {
2575                 /* This is the local response to a command send, start
2576                    the timer for these.  The user_data will not be
2577                    NULL if this is a response send, and we will let
2578                    response sends just go through. */
2579
2580                 /* Check for errors, if we get certain errors (ones
2581                    that mean basically we can try again later), we
2582                    ignore them and start the timer.  Otherwise we
2583                    report the error immediately. */
2584                 if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0)
2585                     && (msg->rsp[2] != IPMI_NODE_BUSY_ERR)
2586                     && (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR))
2587                 {
2588                         int chan = msg->rsp[3] & 0xf;
2589
2590                         /* Got an error sending the message, handle it. */
2591                         spin_lock_irqsave(&intf->counter_lock, flags);
2592                         if (chan >= IPMI_MAX_CHANNELS)
2593                                 ; /* This shouldn't happen */
2594                         else if ((intf->channels[chan].medium
2595                                   == IPMI_CHANNEL_MEDIUM_8023LAN)
2596                                  || (intf->channels[chan].medium
2597                                      == IPMI_CHANNEL_MEDIUM_ASYNC))
2598                                 intf->sent_lan_command_errs++;
2599                         else
2600                                 intf->sent_ipmb_command_errs++;
2601                         spin_unlock_irqrestore(&intf->counter_lock, flags);
2602                         intf_err_seq(intf, msg->msgid, msg->rsp[2]);
2603                 } else {
2604                         /* The message was sent, start the timer. */
2605                         intf_start_seq_timer(intf, msg->msgid);
2606                 }
2607
2608                 ipmi_free_smi_msg(msg);
2609                 goto out_unlock;
2610         }
2611
2612         /* To preserve message order, if the list is not empty, we
2613            tack this message onto the end of the list. */
2614         spin_lock_irqsave(&(intf->waiting_msgs_lock), flags);
2615         if (!list_empty(&(intf->waiting_msgs))) {
2616                 list_add_tail(&(msg->link), &(intf->waiting_msgs));
2617                 spin_unlock(&(intf->waiting_msgs_lock));
2618                 goto out_unlock;
2619         }
2620         spin_unlock_irqrestore(&(intf->waiting_msgs_lock), flags);
2621                 
2622         rv = handle_new_recv_msg(intf, msg);
2623         if (rv > 0) {
2624                 /* Could not handle the message now, just add it to a
2625                    list to handle later. */
2626                 spin_lock(&(intf->waiting_msgs_lock));
2627                 list_add_tail(&(msg->link), &(intf->waiting_msgs));
2628                 spin_unlock(&(intf->waiting_msgs_lock));
2629         } else if (rv == 0) {
2630                 ipmi_free_smi_msg(msg);
2631         }
2632
2633  out_unlock:
2634         read_unlock(&(intf->users_lock));
2635 }
2636
2637 void ipmi_smi_watchdog_pretimeout(ipmi_smi_t intf)
2638 {
2639         ipmi_user_t user;
2640
2641         read_lock(&(intf->users_lock));
2642         list_for_each_entry(user, &(intf->users), link) {
2643                 if (! user->handler->ipmi_watchdog_pretimeout)
2644                         continue;
2645
2646                 user->handler->ipmi_watchdog_pretimeout(user->handler_data);
2647         }
2648         read_unlock(&(intf->users_lock));
2649 }
2650
2651 static void
2652 handle_msg_timeout(struct ipmi_recv_msg *msg)
2653 {
2654         msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
2655         msg->msg_data[0] = IPMI_TIMEOUT_COMPLETION_CODE;
2656         msg->msg.netfn |= 1; /* Convert to a response. */
2657         msg->msg.data_len = 1;
2658         msg->msg.data = msg->msg_data;
2659         deliver_response(msg);
2660 }
2661
2662 static struct ipmi_smi_msg *
2663 smi_from_recv_msg(ipmi_smi_t intf, struct ipmi_recv_msg *recv_msg,
2664                   unsigned char seq, long seqid)
2665 {
2666         struct ipmi_smi_msg *smi_msg = ipmi_alloc_smi_msg();
2667         if (!smi_msg)
2668                 /* If we can't allocate the message, then just return, we
2669                    get 4 retries, so this should be ok. */
2670                 return NULL;
2671
2672         memcpy(smi_msg->data, recv_msg->msg.data, recv_msg->msg.data_len);
2673         smi_msg->data_size = recv_msg->msg.data_len;
2674         smi_msg->msgid = STORE_SEQ_IN_MSGID(seq, seqid);
2675                 
2676 #ifdef DEBUG_MSGING
2677         {
2678                 int m;
2679                 printk("Resend: ");
2680                 for (m=0; m<smi_msg->data_size; m++)
2681                         printk(" %2.2x", smi_msg->data[m]);
2682                 printk("\n");
2683         }
2684 #endif
2685         return smi_msg;
2686 }
2687
2688 static void
2689 ipmi_timeout_handler(long timeout_period)
2690 {
2691         ipmi_smi_t           intf;
2692         struct list_head     timeouts;
2693         struct ipmi_recv_msg *msg, *msg2;
2694         struct ipmi_smi_msg  *smi_msg, *smi_msg2;
2695         unsigned long        flags;
2696         int                  i, j;
2697
2698         INIT_LIST_HEAD(&timeouts);
2699
2700         spin_lock(&interfaces_lock);
2701         for (i=0; i<MAX_IPMI_INTERFACES; i++) {
2702                 intf = ipmi_interfaces[i];
2703                 if (intf == NULL)
2704                         continue;
2705
2706                 read_lock(&(intf->users_lock));
2707
2708                 /* See if any waiting messages need to be processed. */
2709                 spin_lock_irqsave(&(intf->waiting_msgs_lock), flags);
2710                 list_for_each_entry_safe(smi_msg, smi_msg2, &(intf->waiting_msgs), link) {
2711                         if (! handle_new_recv_msg(intf, smi_msg)) {
2712                                 list_del(&smi_msg->link);
2713                                 ipmi_free_smi_msg(smi_msg);
2714                         } else {
2715                                 /* To preserve message order, quit if we
2716                                    can't handle a message. */
2717                                 break;
2718                         }
2719                 }
2720                 spin_unlock_irqrestore(&(intf->waiting_msgs_lock), flags);
2721
2722                 /* Go through the seq table and find any messages that
2723                    have timed out, putting them in the timeouts
2724                    list. */
2725                 spin_lock_irqsave(&(intf->seq_lock), flags);
2726                 for (j=0; j<IPMI_IPMB_NUM_SEQ; j++) {
2727                         struct seq_table *ent = &(intf->seq_table[j]);
2728                         if (!ent->inuse)
2729                                 continue;
2730
2731                         ent->timeout -= timeout_period;
2732                         if (ent->timeout > 0)
2733                                 continue;
2734
2735                         if (ent->retries_left == 0) {
2736                                 /* The message has used all its retries. */
2737                                 ent->inuse = 0;
2738                                 msg = ent->recv_msg;
2739                                 list_add_tail(&(msg->link), &timeouts);
2740                                 spin_lock(&intf->counter_lock);
2741                                 if (ent->broadcast)
2742                                         intf->timed_out_ipmb_broadcasts++;
2743                                 else if (ent->recv_msg->addr.addr_type
2744                                          == IPMI_LAN_ADDR_TYPE)
2745                                         intf->timed_out_lan_commands++;
2746                                 else
2747                                         intf->timed_out_ipmb_commands++;
2748                                 spin_unlock(&intf->counter_lock);
2749                         } else {
2750                                 struct ipmi_smi_msg *smi_msg;
2751                                 /* More retries, send again. */
2752
2753                                 /* Start with the max timer, set to normal
2754                                    timer after the message is sent. */
2755                                 ent->timeout = MAX_MSG_TIMEOUT;
2756                                 ent->retries_left--;
2757                                 spin_lock(&intf->counter_lock);
2758                                 if (ent->recv_msg->addr.addr_type
2759                                     == IPMI_LAN_ADDR_TYPE)
2760                                         intf->retransmitted_lan_commands++;
2761                                 else
2762                                         intf->retransmitted_ipmb_commands++;
2763                                 spin_unlock(&intf->counter_lock);
2764                                 smi_msg = smi_from_recv_msg(intf,
2765                                                 ent->recv_msg, j, ent->seqid);
2766                                 if(!smi_msg)
2767                                         continue;
2768
2769                                 spin_unlock_irqrestore(&(intf->seq_lock),flags);
2770                                 /* Send the new message.  We send with a zero
2771                                  * priority.  It timed out, I doubt time is
2772                                  * that critical now, and high priority
2773                                  * messages are really only for messages to the
2774                                  * local MC, which don't get resent. */
2775                                 intf->handlers->sender(intf->send_info,
2776                                                         smi_msg, 0);
2777                                 spin_lock_irqsave(&(intf->seq_lock), flags);
2778                         }
2779                 }
2780                 spin_unlock_irqrestore(&(intf->seq_lock), flags);
2781
2782                 list_for_each_entry_safe(msg, msg2, &timeouts, link) {
2783                         handle_msg_timeout(msg);
2784                 }
2785
2786                 read_unlock(&(intf->users_lock));
2787         }
2788         spin_unlock(&interfaces_lock);
2789 }
2790
2791 static void ipmi_request_event(void)
2792 {
2793         ipmi_smi_t intf;
2794         int        i;
2795
2796         spin_lock(&interfaces_lock);
2797         for (i=0; i<MAX_IPMI_INTERFACES; i++) {
2798                 intf = ipmi_interfaces[i];
2799                 if (intf == NULL)
2800                         continue;
2801
2802                 intf->handlers->request_events(intf->send_info);
2803         }
2804         spin_unlock(&interfaces_lock);
2805 }
2806
2807 static struct timer_list ipmi_timer;
2808
2809 /* Call every ~100 ms. */
2810 #define IPMI_TIMEOUT_TIME       100
2811
2812 /* How many jiffies does it take to get to the timeout time. */
2813 #define IPMI_TIMEOUT_JIFFIES    ((IPMI_TIMEOUT_TIME * HZ) / 1000)
2814
2815 /* Request events from the queue every second (this is the number of
2816    IPMI_TIMEOUT_TIMES between event requests).  Hopefully, in the
2817    future, IPMI will add a way to know immediately if an event is in
2818    the queue and this silliness can go away. */
2819 #define IPMI_REQUEST_EV_TIME    (1000 / (IPMI_TIMEOUT_TIME))
2820
2821 static atomic_t stop_operation;
2822 static unsigned int ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
2823
2824 static void ipmi_timeout(unsigned long data)
2825 {
2826         if (atomic_read(&stop_operation))
2827                 return;
2828
2829         ticks_to_req_ev--;
2830         if (ticks_to_req_ev == 0) {
2831                 ipmi_request_event();
2832                 ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
2833         }
2834
2835         ipmi_timeout_handler(IPMI_TIMEOUT_TIME);
2836
2837         mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
2838 }
2839
2840
2841 static atomic_t smi_msg_inuse_count = ATOMIC_INIT(0);
2842 static atomic_t recv_msg_inuse_count = ATOMIC_INIT(0);
2843
2844 /* FIXME - convert these to slabs. */
2845 static void free_smi_msg(struct ipmi_smi_msg *msg)
2846 {
2847         atomic_dec(&smi_msg_inuse_count);
2848         kfree(msg);
2849 }
2850
2851 struct ipmi_smi_msg *ipmi_alloc_smi_msg(void)
2852 {
2853         struct ipmi_smi_msg *rv;
2854         rv = kmalloc(sizeof(struct ipmi_smi_msg), GFP_ATOMIC);
2855         if (rv) {
2856                 rv->done = free_smi_msg;
2857                 rv->user_data = NULL;
2858                 atomic_inc(&smi_msg_inuse_count);
2859         }
2860         return rv;
2861 }
2862
2863 static void free_recv_msg(struct ipmi_recv_msg *msg)
2864 {
2865         atomic_dec(&recv_msg_inuse_count);
2866         kfree(msg);
2867 }
2868
2869 struct ipmi_recv_msg *ipmi_alloc_recv_msg(void)
2870 {
2871         struct ipmi_recv_msg *rv;
2872
2873         rv = kmalloc(sizeof(struct ipmi_recv_msg), GFP_ATOMIC);
2874         if (rv) {
2875                 rv->done = free_recv_msg;
2876                 atomic_inc(&recv_msg_inuse_count);
2877         }
2878         return rv;
2879 }
2880
2881 #ifdef CONFIG_IPMI_PANIC_EVENT
2882
2883 static void dummy_smi_done_handler(struct ipmi_smi_msg *msg)
2884 {
2885 }
2886
2887 static void dummy_recv_done_handler(struct ipmi_recv_msg *msg)
2888 {
2889 }
2890
2891 #ifdef CONFIG_IPMI_PANIC_STRING
2892 static void event_receiver_fetcher(ipmi_smi_t intf, struct ipmi_smi_msg *msg)
2893 {
2894         if ((msg->rsp[0] == (IPMI_NETFN_SENSOR_EVENT_RESPONSE << 2))
2895             && (msg->rsp[1] == IPMI_GET_EVENT_RECEIVER_CMD)
2896             && (msg->rsp[2] == IPMI_CC_NO_ERROR))
2897         {
2898                 /* A get event receiver command, save it. */
2899                 intf->event_receiver = msg->rsp[3];
2900                 intf->event_receiver_lun = msg->rsp[4] & 0x3;
2901         }
2902 }
2903
2904 static void device_id_fetcher(ipmi_smi_t intf, struct ipmi_smi_msg *msg)
2905 {
2906         if ((msg->rsp[0] == (IPMI_NETFN_APP_RESPONSE << 2))
2907             && (msg->rsp[1] == IPMI_GET_DEVICE_ID_CMD)
2908             && (msg->rsp[2] == IPMI_CC_NO_ERROR))
2909         {
2910                 /* A get device id command, save if we are an event
2911                    receiver or generator. */
2912                 intf->local_sel_device = (msg->rsp[8] >> 2) & 1;
2913                 intf->local_event_generator = (msg->rsp[8] >> 5) & 1;
2914         }
2915 }
2916 #endif
2917
2918 static void send_panic_events(char *str)
2919 {
2920         struct kernel_ipmi_msg            msg;
2921         ipmi_smi_t                        intf;
2922         unsigned char                     data[16];
2923         int                               i;
2924         struct ipmi_system_interface_addr *si;
2925         struct ipmi_addr                  addr;
2926         struct ipmi_smi_msg               smi_msg;
2927         struct ipmi_recv_msg              recv_msg;
2928
2929         si = (struct ipmi_system_interface_addr *) &addr;
2930         si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2931         si->channel = IPMI_BMC_CHANNEL;
2932         si->lun = 0;
2933
2934         /* Fill in an event telling that we have failed. */
2935         msg.netfn = 0x04; /* Sensor or Event. */
2936         msg.cmd = 2; /* Platform event command. */
2937         msg.data = data;
2938         msg.data_len = 8;
2939         data[0] = 0x21; /* Kernel generator ID, IPMI table 5-4 */
2940         data[1] = 0x03; /* This is for IPMI 1.0. */
2941         data[2] = 0x20; /* OS Critical Stop, IPMI table 36-3 */
2942         data[4] = 0x6f; /* Sensor specific, IPMI table 36-1 */
2943         data[5] = 0xa1; /* Runtime stop OEM bytes 2 & 3. */
2944
2945         /* Put a few breadcrumbs in.  Hopefully later we can add more things
2946            to make the panic events more useful. */
2947         if (str) {
2948                 data[3] = str[0];
2949                 data[6] = str[1];
2950                 data[7] = str[2];
2951         }
2952
2953         smi_msg.done = dummy_smi_done_handler;
2954         recv_msg.done = dummy_recv_done_handler;
2955
2956         /* For every registered interface, send the event. */
2957         for (i=0; i<MAX_IPMI_INTERFACES; i++) {
2958                 intf = ipmi_interfaces[i];
2959                 if (intf == NULL)
2960                         continue;
2961
2962                 /* Send the event announcing the panic. */
2963                 intf->handlers->set_run_to_completion(intf->send_info, 1);
2964                 i_ipmi_request(NULL,
2965                                intf,
2966                                &addr,
2967                                0,
2968                                &msg,
2969                                NULL,
2970                                &smi_msg,
2971                                &recv_msg,
2972                                0,
2973                                intf->channels[0].address,
2974                                intf->channels[0].lun,
2975                                0, 1); /* Don't retry, and don't wait. */
2976         }
2977
2978 #ifdef CONFIG_IPMI_PANIC_STRING
2979         /* On every interface, dump a bunch of OEM event holding the
2980            string. */
2981         if (!str) 
2982                 return;
2983
2984         for (i=0; i<MAX_IPMI_INTERFACES; i++) {
2985                 char                  *p = str;
2986                 struct ipmi_ipmb_addr *ipmb;
2987                 int                   j;
2988
2989                 intf = ipmi_interfaces[i];
2990                 if (intf == NULL)
2991                         continue;
2992
2993                 /* First job here is to figure out where to send the
2994                    OEM events.  There's no way in IPMI to send OEM
2995                    events using an event send command, so we have to
2996                    find the SEL to put them in and stick them in
2997                    there. */
2998
2999                 /* Get capabilities from the get device id. */
3000                 intf->local_sel_device = 0;
3001                 intf->local_event_generator = 0;
3002                 intf->event_receiver = 0;
3003
3004                 /* Request the device info from the local MC. */
3005                 msg.netfn = IPMI_NETFN_APP_REQUEST;
3006                 msg.cmd = IPMI_GET_DEVICE_ID_CMD;
3007                 msg.data = NULL;
3008                 msg.data_len = 0;
3009                 intf->null_user_handler = device_id_fetcher;
3010                 i_ipmi_request(NULL,
3011                                intf,
3012                                &addr,
3013                                0,
3014                                &msg,
3015                                NULL,
3016                                &smi_msg,
3017                                &recv_msg,
3018                                0,
3019                                intf->channels[0].address,
3020                                intf->channels[0].lun,
3021                                0, 1); /* Don't retry, and don't wait. */
3022
3023                 if (intf->local_event_generator) {
3024                         /* Request the event receiver from the local MC. */
3025                         msg.netfn = IPMI_NETFN_SENSOR_EVENT_REQUEST;
3026                         msg.cmd = IPMI_GET_EVENT_RECEIVER_CMD;
3027                         msg.data = NULL;
3028                         msg.data_len = 0;
3029                         intf->null_user_handler = event_receiver_fetcher;
3030                         i_ipmi_request(NULL,
3031                                        intf,
3032                                        &addr,
3033                                        0,
3034                                        &msg,
3035                                        NULL,
3036                                        &smi_msg,
3037                                        &recv_msg,
3038                                        0,
3039                                        intf->channels[0].address,
3040                                        intf->channels[0].lun,
3041                                        0, 1); /* no retry, and no wait. */
3042                 }
3043                 intf->null_user_handler = NULL;
3044
3045                 /* Validate the event receiver.  The low bit must not
3046                    be 1 (it must be a valid IPMB address), it cannot
3047                    be zero, and it must not be my address. */
3048                 if (((intf->event_receiver & 1) == 0)
3049                     && (intf->event_receiver != 0)
3050                     && (intf->event_receiver != intf->channels[0].address))
3051                 {
3052                         /* The event receiver is valid, send an IPMB
3053                            message. */
3054                         ipmb = (struct ipmi_ipmb_addr *) &addr;
3055                         ipmb->addr_type = IPMI_IPMB_ADDR_TYPE;
3056                         ipmb->channel = 0; /* FIXME - is this right? */
3057                         ipmb->lun = intf->event_receiver_lun;
3058                         ipmb->slave_addr = intf->event_receiver;
3059                 } else if (intf->local_sel_device) {
3060                         /* The event receiver was not valid (or was
3061                            me), but I am an SEL device, just dump it
3062                            in my SEL. */
3063                         si = (struct ipmi_system_interface_addr *) &addr;
3064                         si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3065                         si->channel = IPMI_BMC_CHANNEL;
3066                         si->lun = 0;
3067                 } else
3068                         continue; /* No where to send the event. */
3069
3070                 
3071                 msg.netfn = IPMI_NETFN_STORAGE_REQUEST; /* Storage. */
3072                 msg.cmd = IPMI_ADD_SEL_ENTRY_CMD;
3073                 msg.data = data;
3074                 msg.data_len = 16;
3075
3076                 j = 0;
3077                 while (*p) {
3078                         int size = strlen(p);
3079
3080                         if (size > 11)
3081                                 size = 11;
3082                         data[0] = 0;
3083                         data[1] = 0;
3084                         data[2] = 0xf0; /* OEM event without timestamp. */
3085                         data[3] = intf->channels[0].address;
3086                         data[4] = j++; /* sequence # */
3087                         /* Always give 11 bytes, so strncpy will fill
3088                            it with zeroes for me. */
3089                         strncpy(data+5, p, 11);
3090                         p += size;
3091
3092                         i_ipmi_request(NULL,
3093                                        intf,
3094                                        &addr,
3095                                        0,
3096                                        &msg,
3097                                        NULL,
3098                                        &smi_msg,
3099                                        &recv_msg,
3100                                        0,
3101                                        intf->channels[0].address,
3102                                        intf->channels[0].lun,
3103                                        0, 1); /* no retry, and no wait. */
3104                 }
3105         }       
3106 #endif /* CONFIG_IPMI_PANIC_STRING */
3107 }
3108 #endif /* CONFIG_IPMI_PANIC_EVENT */
3109
3110 static int has_paniced = 0;
3111
3112 static int panic_event(struct notifier_block *this,
3113                        unsigned long         event,
3114                        void                  *ptr)
3115 {
3116         int        i;
3117         ipmi_smi_t intf;
3118
3119         if (has_paniced)
3120                 return NOTIFY_DONE;
3121         has_paniced = 1;
3122
3123         /* For every registered interface, set it to run to completion. */
3124         for (i=0; i<MAX_IPMI_INTERFACES; i++) {
3125                 intf = ipmi_interfaces[i];
3126                 if (intf == NULL)
3127                         continue;
3128
3129                 intf->handlers->set_run_to_completion(intf->send_info, 1);
3130         }
3131
3132 #ifdef CONFIG_IPMI_PANIC_EVENT
3133         send_panic_events(ptr);
3134 #endif
3135
3136         return NOTIFY_DONE;
3137 }
3138
3139 static struct notifier_block panic_block = {
3140         .notifier_call  = panic_event,
3141         .next           = NULL,
3142         .priority       = 200   /* priority: INT_MAX >= x >= 0 */
3143 };
3144
3145 static int ipmi_init_msghandler(void)
3146 {
3147         int i;
3148
3149         if (initialized)
3150                 return 0;
3151
3152         printk(KERN_INFO "ipmi message handler version "
3153                IPMI_MSGHANDLER_VERSION "\n");
3154
3155         for (i=0; i<MAX_IPMI_INTERFACES; i++) {
3156                 ipmi_interfaces[i] = NULL;
3157         }
3158
3159 #ifdef CONFIG_PROC_FS
3160         proc_ipmi_root = proc_mkdir("ipmi", NULL);
3161         if (!proc_ipmi_root) {
3162             printk(KERN_ERR PFX "Unable to create IPMI proc dir");
3163             return -ENOMEM;
3164         }
3165
3166         proc_ipmi_root->owner = THIS_MODULE;
3167 #endif /* CONFIG_PROC_FS */
3168
3169         init_timer(&ipmi_timer);
3170         ipmi_timer.data = 0;
3171         ipmi_timer.function = ipmi_timeout;
3172         ipmi_timer.expires = jiffies + IPMI_TIMEOUT_JIFFIES;
3173         add_timer(&ipmi_timer);
3174
3175         notifier_chain_register(&panic_notifier_list, &panic_block);
3176
3177         initialized = 1;
3178
3179         return 0;
3180 }
3181
3182 static __init int ipmi_init_msghandler_mod(void)
3183 {
3184         ipmi_init_msghandler();
3185         return 0;
3186 }
3187
3188 static __exit void cleanup_ipmi(void)
3189 {
3190         int count;
3191
3192         if (!initialized)
3193                 return;
3194
3195         notifier_chain_unregister(&panic_notifier_list, &panic_block);
3196
3197         /* This can't be called if any interfaces exist, so no worry about
3198            shutting down the interfaces. */
3199
3200         /* Tell the timer to stop, then wait for it to stop.  This avoids
3201            problems with race conditions removing the timer here. */
3202         atomic_inc(&stop_operation);
3203         del_timer_sync(&ipmi_timer);
3204
3205 #ifdef CONFIG_PROC_FS
3206         remove_proc_entry(proc_ipmi_root->name, &proc_root);
3207 #endif /* CONFIG_PROC_FS */
3208
3209         initialized = 0;
3210
3211         /* Check for buffer leaks. */
3212         count = atomic_read(&smi_msg_inuse_count);
3213         if (count != 0)
3214                 printk(KERN_WARNING PFX "SMI message count %d at exit\n",
3215                        count);
3216         count = atomic_read(&recv_msg_inuse_count);
3217         if (count != 0)
3218                 printk(KERN_WARNING PFX "recv message count %d at exit\n",
3219                        count);
3220 }
3221 module_exit(cleanup_ipmi);
3222
3223 module_init(ipmi_init_msghandler_mod);
3224 MODULE_LICENSE("GPL");
3225
3226 EXPORT_SYMBOL(ipmi_create_user);
3227 EXPORT_SYMBOL(ipmi_destroy_user);
3228 EXPORT_SYMBOL(ipmi_get_version);
3229 EXPORT_SYMBOL(ipmi_request_settime);
3230 EXPORT_SYMBOL(ipmi_request_supply_msgs);
3231 EXPORT_SYMBOL(ipmi_register_smi);
3232 EXPORT_SYMBOL(ipmi_unregister_smi);
3233 EXPORT_SYMBOL(ipmi_register_for_cmd);
3234 EXPORT_SYMBOL(ipmi_unregister_for_cmd);
3235 EXPORT_SYMBOL(ipmi_smi_msg_received);
3236 EXPORT_SYMBOL(ipmi_smi_watchdog_pretimeout);
3237 EXPORT_SYMBOL(ipmi_alloc_smi_msg);
3238 EXPORT_SYMBOL(ipmi_addr_length);
3239 EXPORT_SYMBOL(ipmi_validate_addr);
3240 EXPORT_SYMBOL(ipmi_set_gets_events);
3241 EXPORT_SYMBOL(ipmi_smi_watcher_register);
3242 EXPORT_SYMBOL(ipmi_smi_watcher_unregister);
3243 EXPORT_SYMBOL(ipmi_set_my_address);
3244 EXPORT_SYMBOL(ipmi_get_my_address);
3245 EXPORT_SYMBOL(ipmi_set_my_LUN);
3246 EXPORT_SYMBOL(ipmi_get_my_LUN);
3247 EXPORT_SYMBOL(ipmi_smi_add_proc_entry);
3248 EXPORT_SYMBOL(proc_ipmi_root);
3249 EXPORT_SYMBOL(ipmi_user_set_run_to_completion);