abd4c5118a1b52f4e901c6d30ce54df381a97371
[linux-2.6.git] / drivers / char / ipmi / ipmi_msghandler.c
1 /*
2  * ipmi_msghandler.c
3  *
4  * Incoming and outgoing message routing for an IPMI interface.
5  *
6  * Author: MontaVista Software, Inc.
7  *         Corey Minyard <minyard@mvista.com>
8  *         source@mvista.com
9  *
10  * Copyright 2002 MontaVista Software Inc.
11  *
12  *  This program is free software; you can redistribute it and/or modify it
13  *  under the terms of the GNU General Public License as published by the
14  *  Free Software Foundation; either version 2 of the License, or (at your
15  *  option) any later version.
16  *
17  *
18  *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
19  *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21  *  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22  *  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23  *  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
24  *  OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25  *  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
26  *  TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
27  *  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  *
29  *  You should have received a copy of the GNU General Public License along
30  *  with this program; if not, write to the Free Software Foundation, Inc.,
31  *  675 Mass Ave, Cambridge, MA 02139, USA.
32  */
33
34 #include <linux/config.h>
35 #include <linux/module.h>
36 #include <linux/errno.h>
37 #include <asm/system.h>
38 #include <linux/sched.h>
39 #include <linux/poll.h>
40 #include <linux/spinlock.h>
41 #include <linux/slab.h>
42 #include <linux/ipmi.h>
43 #include <linux/ipmi_smi.h>
44 #include <linux/notifier.h>
45 #include <linux/init.h>
46 #include <linux/proc_fs.h>
47 #include <linux/rcupdate.h>
48
49 #define PFX "IPMI message handler: "
50
51 #define IPMI_DRIVER_VERSION "38.0"
52
53 static struct ipmi_recv_msg *ipmi_alloc_recv_msg(void);
54 static int ipmi_init_msghandler(void);
55
56 static int initialized = 0;
57
58 #ifdef CONFIG_PROC_FS
59 struct proc_dir_entry *proc_ipmi_root = NULL;
60 EXPORT_SYMBOL(proc_ipmi_root);
61 #endif /* CONFIG_PROC_FS */
62
63 #define MAX_EVENTS_IN_QUEUE     25
64
65 /* Don't let a message sit in a queue forever, always time it with at lest
66    the max message timer.  This is in milliseconds. */
67 #define MAX_MSG_TIMEOUT         60000
68
69
70 /*
71  * The main "user" data structure.
72  */
73 struct ipmi_user
74 {
75         struct list_head link;
76
77         /* Set to "0" when the user is destroyed. */
78         int valid;
79
80         struct kref refcount;
81
82         /* The upper layer that handles receive messages. */
83         struct ipmi_user_hndl *handler;
84         void             *handler_data;
85
86         /* The interface this user is bound to. */
87         ipmi_smi_t intf;
88
89         /* Does this interface receive IPMI events? */
90         int gets_events;
91 };
92
93 struct cmd_rcvr
94 {
95         struct list_head link;
96
97         ipmi_user_t   user;
98         unsigned char netfn;
99         unsigned char cmd;
100
101         /*
102          * This is used to form a linked lised during mass deletion.
103          * Since this is in an RCU list, we cannot use the link above
104          * or change any data until the RCU period completes.  So we
105          * use this next variable during mass deletion so we can have
106          * a list and don't have to wait and restart the search on
107          * every individual deletion of a command. */
108         struct cmd_rcvr *next;
109 };
110
111 struct seq_table
112 {
113         unsigned int         inuse : 1;
114         unsigned int         broadcast : 1;
115
116         unsigned long        timeout;
117         unsigned long        orig_timeout;
118         unsigned int         retries_left;
119
120         /* To verify on an incoming send message response that this is
121            the message that the response is for, we keep a sequence id
122            and increment it every time we send a message. */
123         long                 seqid;
124
125         /* This is held so we can properly respond to the message on a
126            timeout, and it is used to hold the temporary data for
127            retransmission, too. */
128         struct ipmi_recv_msg *recv_msg;
129 };
130
131 /* Store the information in a msgid (long) to allow us to find a
132    sequence table entry from the msgid. */
133 #define STORE_SEQ_IN_MSGID(seq, seqid) (((seq&0xff)<<26) | (seqid&0x3ffffff))
134
135 #define GET_SEQ_FROM_MSGID(msgid, seq, seqid) \
136         do {                                                            \
137                 seq = ((msgid >> 26) & 0x3f);                           \
138                 seqid = (msgid & 0x3fffff);                             \
139         } while (0)
140
141 #define NEXT_SEQID(seqid) (((seqid) + 1) & 0x3fffff)
142
143 struct ipmi_channel
144 {
145         unsigned char medium;
146         unsigned char protocol;
147
148         /* My slave address.  This is initialized to IPMI_BMC_SLAVE_ADDR,
149            but may be changed by the user. */
150         unsigned char address;
151
152         /* My LUN.  This should generally stay the SMS LUN, but just in
153            case... */
154         unsigned char lun;
155 };
156
157 #ifdef CONFIG_PROC_FS
158 struct ipmi_proc_entry
159 {
160         char                   *name;
161         struct ipmi_proc_entry *next;
162 };
163 #endif
164
165 #define IPMI_IPMB_NUM_SEQ       64
166 #define IPMI_MAX_CHANNELS       16
167 struct ipmi_smi
168 {
169         /* What interface number are we? */
170         int intf_num;
171
172         struct kref refcount;
173
174         /* The list of upper layers that are using me.  seq_lock
175          * protects this. */
176         struct list_head users;
177
178         /* Used for wake ups at startup. */
179         wait_queue_head_t waitq;
180
181         /* The IPMI version of the BMC on the other end. */
182         unsigned char       version_major;
183         unsigned char       version_minor;
184
185         /* This is the lower-layer's sender routine. */
186         struct ipmi_smi_handlers *handlers;
187         void                     *send_info;
188
189 #ifdef CONFIG_PROC_FS
190         /* A list of proc entries for this interface.  This does not
191            need a lock, only one thread creates it and only one thread
192            destroys it. */
193         spinlock_t             proc_entry_lock;
194         struct ipmi_proc_entry *proc_entries;
195 #endif
196
197         /* A table of sequence numbers for this interface.  We use the
198            sequence numbers for IPMB messages that go out of the
199            interface to match them up with their responses.  A routine
200            is called periodically to time the items in this list. */
201         spinlock_t       seq_lock;
202         struct seq_table seq_table[IPMI_IPMB_NUM_SEQ];
203         int curr_seq;
204
205         /* Messages that were delayed for some reason (out of memory,
206            for instance), will go in here to be processed later in a
207            periodic timer interrupt. */
208         spinlock_t       waiting_msgs_lock;
209         struct list_head waiting_msgs;
210
211         /* The list of command receivers that are registered for commands
212            on this interface. */
213         struct semaphore cmd_rcvrs_lock;
214         struct list_head cmd_rcvrs;
215
216         /* Events that were queues because no one was there to receive
217            them. */
218         spinlock_t       events_lock; /* For dealing with event stuff. */
219         struct list_head waiting_events;
220         unsigned int     waiting_events_count; /* How many events in queue? */
221
222         /* The event receiver for my BMC, only really used at panic
223            shutdown as a place to store this. */
224         unsigned char event_receiver;
225         unsigned char event_receiver_lun;
226         unsigned char local_sel_device;
227         unsigned char local_event_generator;
228
229         /* A cheap hack, if this is non-null and a message to an
230            interface comes in with a NULL user, call this routine with
231            it.  Note that the message will still be freed by the
232            caller.  This only works on the system interface. */
233         void (*null_user_handler)(ipmi_smi_t intf, struct ipmi_recv_msg *msg);
234
235         /* When we are scanning the channels for an SMI, this will
236            tell which channel we are scanning. */
237         int curr_channel;
238
239         /* Channel information */
240         struct ipmi_channel channels[IPMI_MAX_CHANNELS];
241
242         /* Proc FS stuff. */
243         struct proc_dir_entry *proc_dir;
244         char                  proc_dir_name[10];
245
246         spinlock_t   counter_lock; /* For making counters atomic. */
247
248         /* Commands we got that were invalid. */
249         unsigned int sent_invalid_commands;
250
251         /* Commands we sent to the MC. */
252         unsigned int sent_local_commands;
253         /* Responses from the MC that were delivered to a user. */
254         unsigned int handled_local_responses;
255         /* Responses from the MC that were not delivered to a user. */
256         unsigned int unhandled_local_responses;
257
258         /* Commands we sent out to the IPMB bus. */
259         unsigned int sent_ipmb_commands;
260         /* Commands sent on the IPMB that had errors on the SEND CMD */
261         unsigned int sent_ipmb_command_errs;
262         /* Each retransmit increments this count. */
263         unsigned int retransmitted_ipmb_commands;
264         /* When a message times out (runs out of retransmits) this is
265            incremented. */
266         unsigned int timed_out_ipmb_commands;
267
268         /* This is like above, but for broadcasts.  Broadcasts are
269            *not* included in the above count (they are expected to
270            time out). */
271         unsigned int timed_out_ipmb_broadcasts;
272
273         /* Responses I have sent to the IPMB bus. */
274         unsigned int sent_ipmb_responses;
275
276         /* The response was delivered to the user. */
277         unsigned int handled_ipmb_responses;
278         /* The response had invalid data in it. */
279         unsigned int invalid_ipmb_responses;
280         /* The response didn't have anyone waiting for it. */
281         unsigned int unhandled_ipmb_responses;
282
283         /* Commands we sent out to the IPMB bus. */
284         unsigned int sent_lan_commands;
285         /* Commands sent on the IPMB that had errors on the SEND CMD */
286         unsigned int sent_lan_command_errs;
287         /* Each retransmit increments this count. */
288         unsigned int retransmitted_lan_commands;
289         /* When a message times out (runs out of retransmits) this is
290            incremented. */
291         unsigned int timed_out_lan_commands;
292
293         /* Responses I have sent to the IPMB bus. */
294         unsigned int sent_lan_responses;
295
296         /* The response was delivered to the user. */
297         unsigned int handled_lan_responses;
298         /* The response had invalid data in it. */
299         unsigned int invalid_lan_responses;
300         /* The response didn't have anyone waiting for it. */
301         unsigned int unhandled_lan_responses;
302
303         /* The command was delivered to the user. */
304         unsigned int handled_commands;
305         /* The command had invalid data in it. */
306         unsigned int invalid_commands;
307         /* The command didn't have anyone waiting for it. */
308         unsigned int unhandled_commands;
309
310         /* Invalid data in an event. */
311         unsigned int invalid_events;
312         /* Events that were received with the proper format. */
313         unsigned int events;
314 };
315
316 /* Used to mark an interface entry that cannot be used but is not a
317  * free entry, either, primarily used at creation and deletion time so
318  * a slot doesn't get reused too quickly. */
319 #define IPMI_INVALID_INTERFACE_ENTRY ((ipmi_smi_t) ((long) 1))
320 #define IPMI_INVALID_INTERFACE(i) (((i) == NULL) \
321                                    || (i == IPMI_INVALID_INTERFACE_ENTRY))
322
323 #define MAX_IPMI_INTERFACES 4
324 static ipmi_smi_t ipmi_interfaces[MAX_IPMI_INTERFACES];
325
326 /* Directly protects the ipmi_interfaces data structure. */
327 static DEFINE_SPINLOCK(interfaces_lock);
328
329 /* List of watchers that want to know when smi's are added and
330    deleted. */
331 static struct list_head smi_watchers = LIST_HEAD_INIT(smi_watchers);
332 static DECLARE_RWSEM(smi_watchers_sem);
333
334
335 static void free_recv_msg_list(struct list_head *q)
336 {
337         struct ipmi_recv_msg *msg, *msg2;
338
339         list_for_each_entry_safe(msg, msg2, q, link) {
340                 list_del(&msg->link);
341                 ipmi_free_recv_msg(msg);
342         }
343 }
344
345 static void clean_up_interface_data(ipmi_smi_t intf)
346 {
347         int              i;
348         struct cmd_rcvr  *rcvr, *rcvr2;
349         struct list_head list;
350
351         free_recv_msg_list(&intf->waiting_msgs);
352         free_recv_msg_list(&intf->waiting_events);
353
354         /* Wholesale remove all the entries from the list in the
355          * interface and wait for RCU to know that none are in use. */
356         down(&intf->cmd_rcvrs_lock);
357         list_add_rcu(&list, &intf->cmd_rcvrs);
358         list_del_rcu(&intf->cmd_rcvrs);
359         up(&intf->cmd_rcvrs_lock);
360         synchronize_rcu();
361
362         list_for_each_entry_safe(rcvr, rcvr2, &list, link)
363                 kfree(rcvr);
364
365         for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
366                 if ((intf->seq_table[i].inuse)
367                     && (intf->seq_table[i].recv_msg))
368                 {
369                         ipmi_free_recv_msg(intf->seq_table[i].recv_msg);
370                 }
371         }
372 }
373
374 static void intf_free(struct kref *ref)
375 {
376         ipmi_smi_t intf = container_of(ref, struct ipmi_smi, refcount);
377
378         clean_up_interface_data(intf);
379         kfree(intf);
380 }
381
382 int ipmi_smi_watcher_register(struct ipmi_smi_watcher *watcher)
383 {
384         int           i;
385         unsigned long flags;
386
387         down_write(&smi_watchers_sem);
388         list_add(&(watcher->link), &smi_watchers);
389         up_write(&smi_watchers_sem);
390         spin_lock_irqsave(&interfaces_lock, flags);
391         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
392                 ipmi_smi_t intf = ipmi_interfaces[i];
393                 if (IPMI_INVALID_INTERFACE(intf))
394                         continue;
395                 spin_unlock_irqrestore(&interfaces_lock, flags);
396                 watcher->new_smi(i);
397                 spin_lock_irqsave(&interfaces_lock, flags);
398         }
399         spin_unlock_irqrestore(&interfaces_lock, flags);
400         return 0;
401 }
402
403 int ipmi_smi_watcher_unregister(struct ipmi_smi_watcher *watcher)
404 {
405         down_write(&smi_watchers_sem);
406         list_del(&(watcher->link));
407         up_write(&smi_watchers_sem);
408         return 0;
409 }
410
411 static void
412 call_smi_watchers(int i)
413 {
414         struct ipmi_smi_watcher *w;
415
416         down_read(&smi_watchers_sem);
417         list_for_each_entry(w, &smi_watchers, link) {
418                 if (try_module_get(w->owner)) {
419                         w->new_smi(i);
420                         module_put(w->owner);
421                 }
422         }
423         up_read(&smi_watchers_sem);
424 }
425
426 static int
427 ipmi_addr_equal(struct ipmi_addr *addr1, struct ipmi_addr *addr2)
428 {
429         if (addr1->addr_type != addr2->addr_type)
430                 return 0;
431
432         if (addr1->channel != addr2->channel)
433                 return 0;
434
435         if (addr1->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
436                 struct ipmi_system_interface_addr *smi_addr1
437                     = (struct ipmi_system_interface_addr *) addr1;
438                 struct ipmi_system_interface_addr *smi_addr2
439                     = (struct ipmi_system_interface_addr *) addr2;
440                 return (smi_addr1->lun == smi_addr2->lun);
441         }
442
443         if ((addr1->addr_type == IPMI_IPMB_ADDR_TYPE)
444             || (addr1->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
445         {
446                 struct ipmi_ipmb_addr *ipmb_addr1
447                     = (struct ipmi_ipmb_addr *) addr1;
448                 struct ipmi_ipmb_addr *ipmb_addr2
449                     = (struct ipmi_ipmb_addr *) addr2;
450
451                 return ((ipmb_addr1->slave_addr == ipmb_addr2->slave_addr)
452                         && (ipmb_addr1->lun == ipmb_addr2->lun));
453         }
454
455         if (addr1->addr_type == IPMI_LAN_ADDR_TYPE) {
456                 struct ipmi_lan_addr *lan_addr1
457                         = (struct ipmi_lan_addr *) addr1;
458                 struct ipmi_lan_addr *lan_addr2
459                     = (struct ipmi_lan_addr *) addr2;
460
461                 return ((lan_addr1->remote_SWID == lan_addr2->remote_SWID)
462                         && (lan_addr1->local_SWID == lan_addr2->local_SWID)
463                         && (lan_addr1->session_handle
464                             == lan_addr2->session_handle)
465                         && (lan_addr1->lun == lan_addr2->lun));
466         }
467
468         return 1;
469 }
470
471 int ipmi_validate_addr(struct ipmi_addr *addr, int len)
472 {
473         if (len < sizeof(struct ipmi_system_interface_addr)) {
474                 return -EINVAL;
475         }
476
477         if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
478                 if (addr->channel != IPMI_BMC_CHANNEL)
479                         return -EINVAL;
480                 return 0;
481         }
482
483         if ((addr->channel == IPMI_BMC_CHANNEL)
484             || (addr->channel >= IPMI_MAX_CHANNELS)
485             || (addr->channel < 0))
486                 return -EINVAL;
487
488         if ((addr->addr_type == IPMI_IPMB_ADDR_TYPE)
489             || (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
490         {
491                 if (len < sizeof(struct ipmi_ipmb_addr)) {
492                         return -EINVAL;
493                 }
494                 return 0;
495         }
496
497         if (addr->addr_type == IPMI_LAN_ADDR_TYPE) {
498                 if (len < sizeof(struct ipmi_lan_addr)) {
499                         return -EINVAL;
500                 }
501                 return 0;
502         }
503
504         return -EINVAL;
505 }
506
507 unsigned int ipmi_addr_length(int addr_type)
508 {
509         if (addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
510                 return sizeof(struct ipmi_system_interface_addr);
511
512         if ((addr_type == IPMI_IPMB_ADDR_TYPE)
513             || (addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
514         {
515                 return sizeof(struct ipmi_ipmb_addr);
516         }
517
518         if (addr_type == IPMI_LAN_ADDR_TYPE)
519                 return sizeof(struct ipmi_lan_addr);
520
521         return 0;
522 }
523
524 static void deliver_response(struct ipmi_recv_msg *msg)
525 {
526         if (! msg->user) {
527                 ipmi_smi_t    intf = msg->user_msg_data;
528                 unsigned long flags;
529
530                 /* Special handling for NULL users. */
531                 if (intf->null_user_handler) {
532                         intf->null_user_handler(intf, msg);
533                         spin_lock_irqsave(&intf->counter_lock, flags);
534                         intf->handled_local_responses++;
535                         spin_unlock_irqrestore(&intf->counter_lock, flags);
536                 } else {
537                         /* No handler, so give up. */
538                         spin_lock_irqsave(&intf->counter_lock, flags);
539                         intf->unhandled_local_responses++;
540                         spin_unlock_irqrestore(&intf->counter_lock, flags);
541                 }
542                 ipmi_free_recv_msg(msg);
543         } else {
544                 ipmi_user_t user = msg->user;
545                 user->handler->ipmi_recv_hndl(msg, user->handler_data);
546         }
547 }
548
549 /* Find the next sequence number not being used and add the given
550    message with the given timeout to the sequence table.  This must be
551    called with the interface's seq_lock held. */
552 static int intf_next_seq(ipmi_smi_t           intf,
553                          struct ipmi_recv_msg *recv_msg,
554                          unsigned long        timeout,
555                          int                  retries,
556                          int                  broadcast,
557                          unsigned char        *seq,
558                          long                 *seqid)
559 {
560         int          rv = 0;
561         unsigned int i;
562
563         for (i = intf->curr_seq;
564              (i+1)%IPMI_IPMB_NUM_SEQ != intf->curr_seq;
565              i = (i+1)%IPMI_IPMB_NUM_SEQ)
566         {
567                 if (! intf->seq_table[i].inuse)
568                         break;
569         }
570
571         if (! intf->seq_table[i].inuse) {
572                 intf->seq_table[i].recv_msg = recv_msg;
573
574                 /* Start with the maximum timeout, when the send response
575                    comes in we will start the real timer. */
576                 intf->seq_table[i].timeout = MAX_MSG_TIMEOUT;
577                 intf->seq_table[i].orig_timeout = timeout;
578                 intf->seq_table[i].retries_left = retries;
579                 intf->seq_table[i].broadcast = broadcast;
580                 intf->seq_table[i].inuse = 1;
581                 intf->seq_table[i].seqid = NEXT_SEQID(intf->seq_table[i].seqid);
582                 *seq = i;
583                 *seqid = intf->seq_table[i].seqid;
584                 intf->curr_seq = (i+1)%IPMI_IPMB_NUM_SEQ;
585         } else {
586                 rv = -EAGAIN;
587         }
588         
589         return rv;
590 }
591
592 /* Return the receive message for the given sequence number and
593    release the sequence number so it can be reused.  Some other data
594    is passed in to be sure the message matches up correctly (to help
595    guard against message coming in after their timeout and the
596    sequence number being reused). */
597 static int intf_find_seq(ipmi_smi_t           intf,
598                          unsigned char        seq,
599                          short                channel,
600                          unsigned char        cmd,
601                          unsigned char        netfn,
602                          struct ipmi_addr     *addr,
603                          struct ipmi_recv_msg **recv_msg)
604 {
605         int           rv = -ENODEV;
606         unsigned long flags;
607
608         if (seq >= IPMI_IPMB_NUM_SEQ)
609                 return -EINVAL;
610
611         spin_lock_irqsave(&(intf->seq_lock), flags);
612         if (intf->seq_table[seq].inuse) {
613                 struct ipmi_recv_msg *msg = intf->seq_table[seq].recv_msg;
614
615                 if ((msg->addr.channel == channel)
616                     && (msg->msg.cmd == cmd)
617                     && (msg->msg.netfn == netfn)
618                     && (ipmi_addr_equal(addr, &(msg->addr))))
619                 {
620                         *recv_msg = msg;
621                         intf->seq_table[seq].inuse = 0;
622                         rv = 0;
623                 }
624         }
625         spin_unlock_irqrestore(&(intf->seq_lock), flags);
626
627         return rv;
628 }
629
630
631 /* Start the timer for a specific sequence table entry. */
632 static int intf_start_seq_timer(ipmi_smi_t intf,
633                                 long       msgid)
634 {
635         int           rv = -ENODEV;
636         unsigned long flags;
637         unsigned char seq;
638         unsigned long seqid;
639
640
641         GET_SEQ_FROM_MSGID(msgid, seq, seqid);
642
643         spin_lock_irqsave(&(intf->seq_lock), flags);
644         /* We do this verification because the user can be deleted
645            while a message is outstanding. */
646         if ((intf->seq_table[seq].inuse)
647             && (intf->seq_table[seq].seqid == seqid))
648         {
649                 struct seq_table *ent = &(intf->seq_table[seq]);
650                 ent->timeout = ent->orig_timeout;
651                 rv = 0;
652         }
653         spin_unlock_irqrestore(&(intf->seq_lock), flags);
654
655         return rv;
656 }
657
658 /* Got an error for the send message for a specific sequence number. */
659 static int intf_err_seq(ipmi_smi_t   intf,
660                         long         msgid,
661                         unsigned int err)
662 {
663         int                  rv = -ENODEV;
664         unsigned long        flags;
665         unsigned char        seq;
666         unsigned long        seqid;
667         struct ipmi_recv_msg *msg = NULL;
668
669
670         GET_SEQ_FROM_MSGID(msgid, seq, seqid);
671
672         spin_lock_irqsave(&(intf->seq_lock), flags);
673         /* We do this verification because the user can be deleted
674            while a message is outstanding. */
675         if ((intf->seq_table[seq].inuse)
676             && (intf->seq_table[seq].seqid == seqid))
677         {
678                 struct seq_table *ent = &(intf->seq_table[seq]);
679
680                 ent->inuse = 0;
681                 msg = ent->recv_msg;
682                 rv = 0;
683         }
684         spin_unlock_irqrestore(&(intf->seq_lock), flags);
685
686         if (msg) {
687                 msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
688                 msg->msg_data[0] = err;
689                 msg->msg.netfn |= 1; /* Convert to a response. */
690                 msg->msg.data_len = 1;
691                 msg->msg.data = msg->msg_data;
692                 deliver_response(msg);
693         }
694
695         return rv;
696 }
697
698
699 int ipmi_create_user(unsigned int          if_num,
700                      struct ipmi_user_hndl *handler,
701                      void                  *handler_data,
702                      ipmi_user_t           *user)
703 {
704         unsigned long flags;
705         ipmi_user_t   new_user;
706         int           rv = 0;
707         ipmi_smi_t    intf;
708
709         /* There is no module usecount here, because it's not
710            required.  Since this can only be used by and called from
711            other modules, they will implicitly use this module, and
712            thus this can't be removed unless the other modules are
713            removed. */
714
715         if (handler == NULL)
716                 return -EINVAL;
717
718         /* Make sure the driver is actually initialized, this handles
719            problems with initialization order. */
720         if (!initialized) {
721                 rv = ipmi_init_msghandler();
722                 if (rv)
723                         return rv;
724
725                 /* The init code doesn't return an error if it was turned
726                    off, but it won't initialize.  Check that. */
727                 if (!initialized)
728                         return -ENODEV;
729         }
730
731         new_user = kmalloc(sizeof(*new_user), GFP_KERNEL);
732         if (! new_user)
733                 return -ENOMEM;
734
735         spin_lock_irqsave(&interfaces_lock, flags);
736         intf = ipmi_interfaces[if_num];
737         if ((if_num >= MAX_IPMI_INTERFACES) || IPMI_INVALID_INTERFACE(intf)) {
738                 spin_unlock_irqrestore(&interfaces_lock, flags);
739                 rv = -EINVAL;
740                 goto out_kfree;
741         }
742
743         /* Note that each existing user holds a refcount to the interface. */
744         kref_get(&intf->refcount);
745         spin_unlock_irqrestore(&interfaces_lock, flags);
746
747         kref_init(&new_user->refcount);
748         new_user->handler = handler;
749         new_user->handler_data = handler_data;
750         new_user->intf = intf;
751         new_user->gets_events = 0;
752
753         if (!try_module_get(intf->handlers->owner)) {
754                 rv = -ENODEV;
755                 goto out_kref;
756         }
757
758         if (intf->handlers->inc_usecount) {
759                 rv = intf->handlers->inc_usecount(intf->send_info);
760                 if (rv) {
761                         module_put(intf->handlers->owner);
762                         goto out_kref;
763                 }
764         }
765
766         new_user->valid = 1;
767         spin_lock_irqsave(&intf->seq_lock, flags);
768         list_add_rcu(&new_user->link, &intf->users);
769         spin_unlock_irqrestore(&intf->seq_lock, flags);
770         *user = new_user;
771         return 0;
772
773 out_kref:
774         kref_put(&intf->refcount, intf_free);
775 out_kfree:
776         kfree(new_user);
777         return rv;
778 }
779
780 static void free_user(struct kref *ref)
781 {
782         ipmi_user_t user = container_of(ref, struct ipmi_user, refcount);
783         kfree(user);
784 }
785
786 int ipmi_destroy_user(ipmi_user_t user)
787 {
788         int              rv = -ENODEV;
789         ipmi_smi_t       intf = user->intf;
790         int              i;
791         unsigned long    flags;
792         struct cmd_rcvr  *rcvr;
793         struct cmd_rcvr  *rcvrs = NULL;
794
795         user->valid = 1;
796
797         /* Remove the user from the interface's sequence table. */
798         spin_lock_irqsave(&intf->seq_lock, flags);
799         list_del_rcu(&user->link);
800
801         for (i = 0; i < IPMI_IPMB_NUM_SEQ; i++) {
802                 if (intf->seq_table[i].inuse
803                     && (intf->seq_table[i].recv_msg->user == user))
804                 {
805                         intf->seq_table[i].inuse = 0;
806                 }
807         }
808         spin_unlock_irqrestore(&intf->seq_lock, flags);
809
810         /*
811          * Remove the user from the command receiver's table.  First
812          * we build a list of everything (not using the standard link,
813          * since other things may be using it till we do
814          * synchronize_rcu()) then free everything in that list.
815          */
816         down(&intf->cmd_rcvrs_lock);
817         list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
818                 if (rcvr->user == user) {
819                         list_del_rcu(&rcvr->link);
820                         rcvr->next = rcvrs;
821                         rcvrs = rcvr;
822                 }
823         }
824         up(&intf->cmd_rcvrs_lock);
825         synchronize_rcu();
826         while (rcvrs) {
827                 rcvr = rcvrs;
828                 rcvrs = rcvr->next;
829                 kfree(rcvr);
830         }
831
832         module_put(intf->handlers->owner);
833         if (intf->handlers->dec_usecount)
834                 intf->handlers->dec_usecount(intf->send_info);
835
836         kref_put(&intf->refcount, intf_free);
837
838         kref_put(&user->refcount, free_user);
839
840         return rv;
841 }
842
843 void ipmi_get_version(ipmi_user_t   user,
844                       unsigned char *major,
845                       unsigned char *minor)
846 {
847         *major = user->intf->version_major;
848         *minor = user->intf->version_minor;
849 }
850
851 int ipmi_set_my_address(ipmi_user_t   user,
852                         unsigned int  channel,
853                         unsigned char address)
854 {
855         if (channel >= IPMI_MAX_CHANNELS)
856                 return -EINVAL;
857         user->intf->channels[channel].address = address;
858         return 0;
859 }
860
861 int ipmi_get_my_address(ipmi_user_t   user,
862                         unsigned int  channel,
863                         unsigned char *address)
864 {
865         if (channel >= IPMI_MAX_CHANNELS)
866                 return -EINVAL;
867         *address = user->intf->channels[channel].address;
868         return 0;
869 }
870
871 int ipmi_set_my_LUN(ipmi_user_t   user,
872                     unsigned int  channel,
873                     unsigned char LUN)
874 {
875         if (channel >= IPMI_MAX_CHANNELS)
876                 return -EINVAL;
877         user->intf->channels[channel].lun = LUN & 0x3;
878         return 0;
879 }
880
881 int ipmi_get_my_LUN(ipmi_user_t   user,
882                     unsigned int  channel,
883                     unsigned char *address)
884 {
885         if (channel >= IPMI_MAX_CHANNELS)
886                 return -EINVAL;
887         *address = user->intf->channels[channel].lun;
888         return 0;
889 }
890
891 int ipmi_set_gets_events(ipmi_user_t user, int val)
892 {
893         unsigned long        flags;
894         ipmi_smi_t           intf = user->intf;
895         struct ipmi_recv_msg *msg, *msg2;
896         struct list_head     msgs;
897
898         INIT_LIST_HEAD(&msgs);
899
900         spin_lock_irqsave(&intf->events_lock, flags);
901         user->gets_events = val;
902
903         if (val) {
904                 /* Deliver any queued events. */
905                 list_for_each_entry_safe(msg, msg2, &intf->waiting_events, link) {
906                         list_del(&msg->link);
907                         list_add_tail(&msg->link, &msgs);
908                 }
909         }
910
911         /* Hold the events lock while doing this to preserve order. */
912         list_for_each_entry_safe(msg, msg2, &msgs, link) {
913                 msg->user = user;
914                 kref_get(&user->refcount);
915                 deliver_response(msg);
916         }
917
918         spin_unlock_irqrestore(&intf->events_lock, flags);
919
920         return 0;
921 }
922
923 static struct cmd_rcvr *find_cmd_rcvr(ipmi_smi_t    intf,
924                                       unsigned char netfn,
925                                       unsigned char cmd)
926 {
927         struct cmd_rcvr *rcvr;
928
929         list_for_each_entry_rcu(rcvr, &intf->cmd_rcvrs, link) {
930                 if ((rcvr->netfn == netfn) && (rcvr->cmd == cmd))
931                         return rcvr;
932         }
933         return NULL;
934 }
935
936 int ipmi_register_for_cmd(ipmi_user_t   user,
937                           unsigned char netfn,
938                           unsigned char cmd)
939 {
940         ipmi_smi_t      intf = user->intf;
941         struct cmd_rcvr *rcvr;
942         struct cmd_rcvr *entry;
943         int             rv = 0;
944
945
946         rcvr = kmalloc(sizeof(*rcvr), GFP_KERNEL);
947         if (! rcvr)
948                 return -ENOMEM;
949         rcvr->cmd = cmd;
950         rcvr->netfn = netfn;
951         rcvr->user = user;
952
953         down(&intf->cmd_rcvrs_lock);
954         /* Make sure the command/netfn is not already registered. */
955         entry = find_cmd_rcvr(intf, netfn, cmd);
956         if (entry) {
957                 rv = -EBUSY;
958                 goto out_unlock;
959         }
960
961         list_add_rcu(&rcvr->link, &intf->cmd_rcvrs);
962
963  out_unlock:
964         up(&intf->cmd_rcvrs_lock);
965         if (rv)
966                 kfree(rcvr);
967
968         return rv;
969 }
970
971 int ipmi_unregister_for_cmd(ipmi_user_t   user,
972                             unsigned char netfn,
973                             unsigned char cmd)
974 {
975         ipmi_smi_t      intf = user->intf;
976         struct cmd_rcvr *rcvr;
977
978         down(&intf->cmd_rcvrs_lock);
979         /* Make sure the command/netfn is not already registered. */
980         rcvr = find_cmd_rcvr(intf, netfn, cmd);
981         if ((rcvr) && (rcvr->user == user)) {
982                 list_del_rcu(&rcvr->link);
983                 up(&intf->cmd_rcvrs_lock);
984                 synchronize_rcu();
985                 kfree(rcvr);
986                 return 0;
987         } else {
988                 up(&intf->cmd_rcvrs_lock);
989                 return -ENOENT;
990         }
991 }
992
993 void ipmi_user_set_run_to_completion(ipmi_user_t user, int val)
994 {
995         ipmi_smi_t intf = user->intf;
996         intf->handlers->set_run_to_completion(intf->send_info, val);
997 }
998
999 static unsigned char
1000 ipmb_checksum(unsigned char *data, int size)
1001 {
1002         unsigned char csum = 0;
1003         
1004         for (; size > 0; size--, data++)
1005                 csum += *data;
1006
1007         return -csum;
1008 }
1009
1010 static inline void format_ipmb_msg(struct ipmi_smi_msg   *smi_msg,
1011                                    struct kernel_ipmi_msg *msg,
1012                                    struct ipmi_ipmb_addr *ipmb_addr,
1013                                    long                  msgid,
1014                                    unsigned char         ipmb_seq,
1015                                    int                   broadcast,
1016                                    unsigned char         source_address,
1017                                    unsigned char         source_lun)
1018 {
1019         int i = broadcast;
1020
1021         /* Format the IPMB header data. */
1022         smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
1023         smi_msg->data[1] = IPMI_SEND_MSG_CMD;
1024         smi_msg->data[2] = ipmb_addr->channel;
1025         if (broadcast)
1026                 smi_msg->data[3] = 0;
1027         smi_msg->data[i+3] = ipmb_addr->slave_addr;
1028         smi_msg->data[i+4] = (msg->netfn << 2) | (ipmb_addr->lun & 0x3);
1029         smi_msg->data[i+5] = ipmb_checksum(&(smi_msg->data[i+3]), 2);
1030         smi_msg->data[i+6] = source_address;
1031         smi_msg->data[i+7] = (ipmb_seq << 2) | source_lun;
1032         smi_msg->data[i+8] = msg->cmd;
1033
1034         /* Now tack on the data to the message. */
1035         if (msg->data_len > 0)
1036                 memcpy(&(smi_msg->data[i+9]), msg->data,
1037                        msg->data_len);
1038         smi_msg->data_size = msg->data_len + 9;
1039
1040         /* Now calculate the checksum and tack it on. */
1041         smi_msg->data[i+smi_msg->data_size]
1042                 = ipmb_checksum(&(smi_msg->data[i+6]),
1043                                 smi_msg->data_size-6);
1044
1045         /* Add on the checksum size and the offset from the
1046            broadcast. */
1047         smi_msg->data_size += 1 + i;
1048
1049         smi_msg->msgid = msgid;
1050 }
1051
1052 static inline void format_lan_msg(struct ipmi_smi_msg   *smi_msg,
1053                                   struct kernel_ipmi_msg *msg,
1054                                   struct ipmi_lan_addr  *lan_addr,
1055                                   long                  msgid,
1056                                   unsigned char         ipmb_seq,
1057                                   unsigned char         source_lun)
1058 {
1059         /* Format the IPMB header data. */
1060         smi_msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
1061         smi_msg->data[1] = IPMI_SEND_MSG_CMD;
1062         smi_msg->data[2] = lan_addr->channel;
1063         smi_msg->data[3] = lan_addr->session_handle;
1064         smi_msg->data[4] = lan_addr->remote_SWID;
1065         smi_msg->data[5] = (msg->netfn << 2) | (lan_addr->lun & 0x3);
1066         smi_msg->data[6] = ipmb_checksum(&(smi_msg->data[4]), 2);
1067         smi_msg->data[7] = lan_addr->local_SWID;
1068         smi_msg->data[8] = (ipmb_seq << 2) | source_lun;
1069         smi_msg->data[9] = msg->cmd;
1070
1071         /* Now tack on the data to the message. */
1072         if (msg->data_len > 0)
1073                 memcpy(&(smi_msg->data[10]), msg->data,
1074                        msg->data_len);
1075         smi_msg->data_size = msg->data_len + 10;
1076
1077         /* Now calculate the checksum and tack it on. */
1078         smi_msg->data[smi_msg->data_size]
1079                 = ipmb_checksum(&(smi_msg->data[7]),
1080                                 smi_msg->data_size-7);
1081
1082         /* Add on the checksum size and the offset from the
1083            broadcast. */
1084         smi_msg->data_size += 1;
1085
1086         smi_msg->msgid = msgid;
1087 }
1088
1089 /* Separate from ipmi_request so that the user does not have to be
1090    supplied in certain circumstances (mainly at panic time).  If
1091    messages are supplied, they will be freed, even if an error
1092    occurs. */
1093 static int i_ipmi_request(ipmi_user_t          user,
1094                           ipmi_smi_t           intf,
1095                           struct ipmi_addr     *addr,
1096                           long                 msgid,
1097                           struct kernel_ipmi_msg *msg,
1098                           void                 *user_msg_data,
1099                           void                 *supplied_smi,
1100                           struct ipmi_recv_msg *supplied_recv,
1101                           int                  priority,
1102                           unsigned char        source_address,
1103                           unsigned char        source_lun,
1104                           int                  retries,
1105                           unsigned int         retry_time_ms)
1106 {
1107         int                  rv = 0;
1108         struct ipmi_smi_msg  *smi_msg;
1109         struct ipmi_recv_msg *recv_msg;
1110         unsigned long        flags;
1111
1112
1113         if (supplied_recv) {
1114                 recv_msg = supplied_recv;
1115         } else {
1116                 recv_msg = ipmi_alloc_recv_msg();
1117                 if (recv_msg == NULL) {
1118                         return -ENOMEM;
1119                 }
1120         }
1121         recv_msg->user_msg_data = user_msg_data;
1122
1123         if (supplied_smi) {
1124                 smi_msg = (struct ipmi_smi_msg *) supplied_smi;
1125         } else {
1126                 smi_msg = ipmi_alloc_smi_msg();
1127                 if (smi_msg == NULL) {
1128                         ipmi_free_recv_msg(recv_msg);
1129                         return -ENOMEM;
1130                 }
1131         }
1132
1133         recv_msg->user = user;
1134         if (user)
1135                 kref_get(&user->refcount);
1136         recv_msg->msgid = msgid;
1137         /* Store the message to send in the receive message so timeout
1138            responses can get the proper response data. */
1139         recv_msg->msg = *msg;
1140
1141         if (addr->addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE) {
1142                 struct ipmi_system_interface_addr *smi_addr;
1143
1144                 if (msg->netfn & 1) {
1145                         /* Responses are not allowed to the SMI. */
1146                         rv = -EINVAL;
1147                         goto out_err;
1148                 }
1149
1150                 smi_addr = (struct ipmi_system_interface_addr *) addr;
1151                 if (smi_addr->lun > 3) {
1152                         spin_lock_irqsave(&intf->counter_lock, flags);
1153                         intf->sent_invalid_commands++;
1154                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1155                         rv = -EINVAL;
1156                         goto out_err;
1157                 }
1158
1159                 memcpy(&recv_msg->addr, smi_addr, sizeof(*smi_addr));
1160
1161                 if ((msg->netfn == IPMI_NETFN_APP_REQUEST)
1162                     && ((msg->cmd == IPMI_SEND_MSG_CMD)
1163                         || (msg->cmd == IPMI_GET_MSG_CMD)
1164                         || (msg->cmd == IPMI_READ_EVENT_MSG_BUFFER_CMD)))
1165                 {
1166                         /* We don't let the user do these, since we manage
1167                            the sequence numbers. */
1168                         spin_lock_irqsave(&intf->counter_lock, flags);
1169                         intf->sent_invalid_commands++;
1170                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1171                         rv = -EINVAL;
1172                         goto out_err;
1173                 }
1174
1175                 if ((msg->data_len + 2) > IPMI_MAX_MSG_LENGTH) {
1176                         spin_lock_irqsave(&intf->counter_lock, flags);
1177                         intf->sent_invalid_commands++;
1178                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1179                         rv = -EMSGSIZE;
1180                         goto out_err;
1181                 }
1182
1183                 smi_msg->data[0] = (msg->netfn << 2) | (smi_addr->lun & 0x3);
1184                 smi_msg->data[1] = msg->cmd;
1185                 smi_msg->msgid = msgid;
1186                 smi_msg->user_data = recv_msg;
1187                 if (msg->data_len > 0)
1188                         memcpy(&(smi_msg->data[2]), msg->data, msg->data_len);
1189                 smi_msg->data_size = msg->data_len + 2;
1190                 spin_lock_irqsave(&intf->counter_lock, flags);
1191                 intf->sent_local_commands++;
1192                 spin_unlock_irqrestore(&intf->counter_lock, flags);
1193         } else if ((addr->addr_type == IPMI_IPMB_ADDR_TYPE)
1194                    || (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE))
1195         {
1196                 struct ipmi_ipmb_addr *ipmb_addr;
1197                 unsigned char         ipmb_seq;
1198                 long                  seqid;
1199                 int                   broadcast = 0;
1200
1201                 if (addr->channel >= IPMI_MAX_CHANNELS) {
1202                         spin_lock_irqsave(&intf->counter_lock, flags);
1203                         intf->sent_invalid_commands++;
1204                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1205                         rv = -EINVAL;
1206                         goto out_err;
1207                 }
1208
1209                 if (intf->channels[addr->channel].medium
1210                     != IPMI_CHANNEL_MEDIUM_IPMB)
1211                 {
1212                         spin_lock_irqsave(&intf->counter_lock, flags);
1213                         intf->sent_invalid_commands++;
1214                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1215                         rv = -EINVAL;
1216                         goto out_err;
1217                 }
1218
1219                 if (retries < 0) {
1220                     if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE)
1221                         retries = 0; /* Don't retry broadcasts. */
1222                     else
1223                         retries = 4;
1224                 }
1225                 if (addr->addr_type == IPMI_IPMB_BROADCAST_ADDR_TYPE) {
1226                     /* Broadcasts add a zero at the beginning of the
1227                        message, but otherwise is the same as an IPMB
1228                        address. */
1229                     addr->addr_type = IPMI_IPMB_ADDR_TYPE;
1230                     broadcast = 1;
1231                 }
1232
1233
1234                 /* Default to 1 second retries. */
1235                 if (retry_time_ms == 0)
1236                     retry_time_ms = 1000;
1237
1238                 /* 9 for the header and 1 for the checksum, plus
1239                    possibly one for the broadcast. */
1240                 if ((msg->data_len + 10 + broadcast) > IPMI_MAX_MSG_LENGTH) {
1241                         spin_lock_irqsave(&intf->counter_lock, flags);
1242                         intf->sent_invalid_commands++;
1243                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1244                         rv = -EMSGSIZE;
1245                         goto out_err;
1246                 }
1247
1248                 ipmb_addr = (struct ipmi_ipmb_addr *) addr;
1249                 if (ipmb_addr->lun > 3) {
1250                         spin_lock_irqsave(&intf->counter_lock, flags);
1251                         intf->sent_invalid_commands++;
1252                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1253                         rv = -EINVAL;
1254                         goto out_err;
1255                 }
1256
1257                 memcpy(&recv_msg->addr, ipmb_addr, sizeof(*ipmb_addr));
1258
1259                 if (recv_msg->msg.netfn & 0x1) {
1260                         /* It's a response, so use the user's sequence
1261                            from msgid. */
1262                         spin_lock_irqsave(&intf->counter_lock, flags);
1263                         intf->sent_ipmb_responses++;
1264                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1265                         format_ipmb_msg(smi_msg, msg, ipmb_addr, msgid,
1266                                         msgid, broadcast,
1267                                         source_address, source_lun);
1268
1269                         /* Save the receive message so we can use it
1270                            to deliver the response. */
1271                         smi_msg->user_data = recv_msg;
1272                 } else {
1273                         /* It's a command, so get a sequence for it. */
1274
1275                         spin_lock_irqsave(&(intf->seq_lock), flags);
1276
1277                         spin_lock(&intf->counter_lock);
1278                         intf->sent_ipmb_commands++;
1279                         spin_unlock(&intf->counter_lock);
1280
1281                         /* Create a sequence number with a 1 second
1282                            timeout and 4 retries. */
1283                         rv = intf_next_seq(intf,
1284                                            recv_msg,
1285                                            retry_time_ms,
1286                                            retries,
1287                                            broadcast,
1288                                            &ipmb_seq,
1289                                            &seqid);
1290                         if (rv) {
1291                                 /* We have used up all the sequence numbers,
1292                                    probably, so abort. */
1293                                 spin_unlock_irqrestore(&(intf->seq_lock),
1294                                                        flags);
1295                                 goto out_err;
1296                         }
1297
1298                         /* Store the sequence number in the message,
1299                            so that when the send message response
1300                            comes back we can start the timer. */
1301                         format_ipmb_msg(smi_msg, msg, ipmb_addr,
1302                                         STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
1303                                         ipmb_seq, broadcast,
1304                                         source_address, source_lun);
1305
1306                         /* Copy the message into the recv message data, so we
1307                            can retransmit it later if necessary. */
1308                         memcpy(recv_msg->msg_data, smi_msg->data,
1309                                smi_msg->data_size);
1310                         recv_msg->msg.data = recv_msg->msg_data;
1311                         recv_msg->msg.data_len = smi_msg->data_size;
1312
1313                         /* We don't unlock until here, because we need
1314                            to copy the completed message into the
1315                            recv_msg before we release the lock.
1316                            Otherwise, race conditions may bite us.  I
1317                            know that's pretty paranoid, but I prefer
1318                            to be correct. */
1319                         spin_unlock_irqrestore(&(intf->seq_lock), flags);
1320                 }
1321         } else if (addr->addr_type == IPMI_LAN_ADDR_TYPE) {
1322                 struct ipmi_lan_addr  *lan_addr;
1323                 unsigned char         ipmb_seq;
1324                 long                  seqid;
1325
1326                 if (addr->channel >= IPMI_MAX_CHANNELS) {
1327                         spin_lock_irqsave(&intf->counter_lock, flags);
1328                         intf->sent_invalid_commands++;
1329                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1330                         rv = -EINVAL;
1331                         goto out_err;
1332                 }
1333
1334                 if ((intf->channels[addr->channel].medium
1335                     != IPMI_CHANNEL_MEDIUM_8023LAN)
1336                     && (intf->channels[addr->channel].medium
1337                         != IPMI_CHANNEL_MEDIUM_ASYNC))
1338                 {
1339                         spin_lock_irqsave(&intf->counter_lock, flags);
1340                         intf->sent_invalid_commands++;
1341                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1342                         rv = -EINVAL;
1343                         goto out_err;
1344                 }
1345
1346                 retries = 4;
1347
1348                 /* Default to 1 second retries. */
1349                 if (retry_time_ms == 0)
1350                     retry_time_ms = 1000;
1351
1352                 /* 11 for the header and 1 for the checksum. */
1353                 if ((msg->data_len + 12) > IPMI_MAX_MSG_LENGTH) {
1354                         spin_lock_irqsave(&intf->counter_lock, flags);
1355                         intf->sent_invalid_commands++;
1356                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1357                         rv = -EMSGSIZE;
1358                         goto out_err;
1359                 }
1360
1361                 lan_addr = (struct ipmi_lan_addr *) addr;
1362                 if (lan_addr->lun > 3) {
1363                         spin_lock_irqsave(&intf->counter_lock, flags);
1364                         intf->sent_invalid_commands++;
1365                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1366                         rv = -EINVAL;
1367                         goto out_err;
1368                 }
1369
1370                 memcpy(&recv_msg->addr, lan_addr, sizeof(*lan_addr));
1371
1372                 if (recv_msg->msg.netfn & 0x1) {
1373                         /* It's a response, so use the user's sequence
1374                            from msgid. */
1375                         spin_lock_irqsave(&intf->counter_lock, flags);
1376                         intf->sent_lan_responses++;
1377                         spin_unlock_irqrestore(&intf->counter_lock, flags);
1378                         format_lan_msg(smi_msg, msg, lan_addr, msgid,
1379                                        msgid, source_lun);
1380
1381                         /* Save the receive message so we can use it
1382                            to deliver the response. */
1383                         smi_msg->user_data = recv_msg;
1384                 } else {
1385                         /* It's a command, so get a sequence for it. */
1386
1387                         spin_lock_irqsave(&(intf->seq_lock), flags);
1388
1389                         spin_lock(&intf->counter_lock);
1390                         intf->sent_lan_commands++;
1391                         spin_unlock(&intf->counter_lock);
1392
1393                         /* Create a sequence number with a 1 second
1394                            timeout and 4 retries. */
1395                         rv = intf_next_seq(intf,
1396                                            recv_msg,
1397                                            retry_time_ms,
1398                                            retries,
1399                                            0,
1400                                            &ipmb_seq,
1401                                            &seqid);
1402                         if (rv) {
1403                                 /* We have used up all the sequence numbers,
1404                                    probably, so abort. */
1405                                 spin_unlock_irqrestore(&(intf->seq_lock),
1406                                                        flags);
1407                                 goto out_err;
1408                         }
1409
1410                         /* Store the sequence number in the message,
1411                            so that when the send message response
1412                            comes back we can start the timer. */
1413                         format_lan_msg(smi_msg, msg, lan_addr,
1414                                        STORE_SEQ_IN_MSGID(ipmb_seq, seqid),
1415                                        ipmb_seq, source_lun);
1416
1417                         /* Copy the message into the recv message data, so we
1418                            can retransmit it later if necessary. */
1419                         memcpy(recv_msg->msg_data, smi_msg->data,
1420                                smi_msg->data_size);
1421                         recv_msg->msg.data = recv_msg->msg_data;
1422                         recv_msg->msg.data_len = smi_msg->data_size;
1423
1424                         /* We don't unlock until here, because we need
1425                            to copy the completed message into the
1426                            recv_msg before we release the lock.
1427                            Otherwise, race conditions may bite us.  I
1428                            know that's pretty paranoid, but I prefer
1429                            to be correct. */
1430                         spin_unlock_irqrestore(&(intf->seq_lock), flags);
1431                 }
1432         } else {
1433             /* Unknown address type. */
1434                 spin_lock_irqsave(&intf->counter_lock, flags);
1435                 intf->sent_invalid_commands++;
1436                 spin_unlock_irqrestore(&intf->counter_lock, flags);
1437                 rv = -EINVAL;
1438                 goto out_err;
1439         }
1440
1441 #ifdef DEBUG_MSGING
1442         {
1443                 int m;
1444                 for (m = 0; m < smi_msg->data_size; m++)
1445                         printk(" %2.2x", smi_msg->data[m]);
1446                 printk("\n");
1447         }
1448 #endif
1449         intf->handlers->sender(intf->send_info, smi_msg, priority);
1450
1451         return 0;
1452
1453  out_err:
1454         ipmi_free_smi_msg(smi_msg);
1455         ipmi_free_recv_msg(recv_msg);
1456         return rv;
1457 }
1458
1459 static int check_addr(ipmi_smi_t       intf,
1460                       struct ipmi_addr *addr,
1461                       unsigned char    *saddr,
1462                       unsigned char    *lun)
1463 {
1464         if (addr->channel >= IPMI_MAX_CHANNELS)
1465                 return -EINVAL;
1466         *lun = intf->channels[addr->channel].lun;
1467         *saddr = intf->channels[addr->channel].address;
1468         return 0;
1469 }
1470
1471 int ipmi_request_settime(ipmi_user_t      user,
1472                          struct ipmi_addr *addr,
1473                          long             msgid,
1474                          struct kernel_ipmi_msg  *msg,
1475                          void             *user_msg_data,
1476                          int              priority,
1477                          int              retries,
1478                          unsigned int     retry_time_ms)
1479 {
1480         unsigned char saddr, lun;
1481         int           rv;
1482
1483         if (! user)
1484                 return -EINVAL;
1485         rv = check_addr(user->intf, addr, &saddr, &lun);
1486         if (rv)
1487                 return rv;
1488         return i_ipmi_request(user,
1489                               user->intf,
1490                               addr,
1491                               msgid,
1492                               msg,
1493                               user_msg_data,
1494                               NULL, NULL,
1495                               priority,
1496                               saddr,
1497                               lun,
1498                               retries,
1499                               retry_time_ms);
1500 }
1501
1502 int ipmi_request_supply_msgs(ipmi_user_t          user,
1503                              struct ipmi_addr     *addr,
1504                              long                 msgid,
1505                              struct kernel_ipmi_msg *msg,
1506                              void                 *user_msg_data,
1507                              void                 *supplied_smi,
1508                              struct ipmi_recv_msg *supplied_recv,
1509                              int                  priority)
1510 {
1511         unsigned char saddr, lun;
1512         int           rv;
1513
1514         if (! user)
1515                 return -EINVAL;
1516         rv = check_addr(user->intf, addr, &saddr, &lun);
1517         if (rv)
1518                 return rv;
1519         return i_ipmi_request(user,
1520                               user->intf,
1521                               addr,
1522                               msgid,
1523                               msg,
1524                               user_msg_data,
1525                               supplied_smi,
1526                               supplied_recv,
1527                               priority,
1528                               saddr,
1529                               lun,
1530                               -1, 0);
1531 }
1532
1533 static int ipmb_file_read_proc(char *page, char **start, off_t off,
1534                                int count, int *eof, void *data)
1535 {
1536         char       *out = (char *) page;
1537         ipmi_smi_t intf = data;
1538         int        i;
1539         int        rv= 0;
1540
1541         for (i = 0; i < IPMI_MAX_CHANNELS; i++)
1542                 rv += sprintf(out+rv, "%x ", intf->channels[i].address);
1543         out[rv-1] = '\n'; /* Replace the final space with a newline */
1544         out[rv] = '\0';
1545         rv++;
1546         return rv;
1547 }
1548
1549 static int version_file_read_proc(char *page, char **start, off_t off,
1550                                   int count, int *eof, void *data)
1551 {
1552         char       *out = (char *) page;
1553         ipmi_smi_t intf = data;
1554
1555         return sprintf(out, "%d.%d\n",
1556                        intf->version_major, intf->version_minor);
1557 }
1558
1559 static int stat_file_read_proc(char *page, char **start, off_t off,
1560                                int count, int *eof, void *data)
1561 {
1562         char       *out = (char *) page;
1563         ipmi_smi_t intf = data;
1564
1565         out += sprintf(out, "sent_invalid_commands:       %d\n",
1566                        intf->sent_invalid_commands);
1567         out += sprintf(out, "sent_local_commands:         %d\n",
1568                        intf->sent_local_commands);
1569         out += sprintf(out, "handled_local_responses:     %d\n",
1570                        intf->handled_local_responses);
1571         out += sprintf(out, "unhandled_local_responses:   %d\n",
1572                        intf->unhandled_local_responses);
1573         out += sprintf(out, "sent_ipmb_commands:          %d\n",
1574                        intf->sent_ipmb_commands);
1575         out += sprintf(out, "sent_ipmb_command_errs:      %d\n",
1576                        intf->sent_ipmb_command_errs);
1577         out += sprintf(out, "retransmitted_ipmb_commands: %d\n",
1578                        intf->retransmitted_ipmb_commands);
1579         out += sprintf(out, "timed_out_ipmb_commands:     %d\n",
1580                        intf->timed_out_ipmb_commands);
1581         out += sprintf(out, "timed_out_ipmb_broadcasts:   %d\n",
1582                        intf->timed_out_ipmb_broadcasts);
1583         out += sprintf(out, "sent_ipmb_responses:         %d\n",
1584                        intf->sent_ipmb_responses);
1585         out += sprintf(out, "handled_ipmb_responses:      %d\n",
1586                        intf->handled_ipmb_responses);
1587         out += sprintf(out, "invalid_ipmb_responses:      %d\n",
1588                        intf->invalid_ipmb_responses);
1589         out += sprintf(out, "unhandled_ipmb_responses:    %d\n",
1590                        intf->unhandled_ipmb_responses);
1591         out += sprintf(out, "sent_lan_commands:           %d\n",
1592                        intf->sent_lan_commands);
1593         out += sprintf(out, "sent_lan_command_errs:       %d\n",
1594                        intf->sent_lan_command_errs);
1595         out += sprintf(out, "retransmitted_lan_commands:  %d\n",
1596                        intf->retransmitted_lan_commands);
1597         out += sprintf(out, "timed_out_lan_commands:      %d\n",
1598                        intf->timed_out_lan_commands);
1599         out += sprintf(out, "sent_lan_responses:          %d\n",
1600                        intf->sent_lan_responses);
1601         out += sprintf(out, "handled_lan_responses:       %d\n",
1602                        intf->handled_lan_responses);
1603         out += sprintf(out, "invalid_lan_responses:       %d\n",
1604                        intf->invalid_lan_responses);
1605         out += sprintf(out, "unhandled_lan_responses:     %d\n",
1606                        intf->unhandled_lan_responses);
1607         out += sprintf(out, "handled_commands:            %d\n",
1608                        intf->handled_commands);
1609         out += sprintf(out, "invalid_commands:            %d\n",
1610                        intf->invalid_commands);
1611         out += sprintf(out, "unhandled_commands:          %d\n",
1612                        intf->unhandled_commands);
1613         out += sprintf(out, "invalid_events:              %d\n",
1614                        intf->invalid_events);
1615         out += sprintf(out, "events:                      %d\n",
1616                        intf->events);
1617
1618         return (out - ((char *) page));
1619 }
1620
1621 int ipmi_smi_add_proc_entry(ipmi_smi_t smi, char *name,
1622                             read_proc_t *read_proc, write_proc_t *write_proc,
1623                             void *data, struct module *owner)
1624 {
1625         int                    rv = 0;
1626 #ifdef CONFIG_PROC_FS
1627         struct proc_dir_entry  *file;
1628         struct ipmi_proc_entry *entry;
1629
1630         /* Create a list element. */
1631         entry = kmalloc(sizeof(*entry), GFP_KERNEL);
1632         if (!entry)
1633                 return -ENOMEM;
1634         entry->name = kmalloc(strlen(name)+1, GFP_KERNEL);
1635         if (!entry->name) {
1636                 kfree(entry);
1637                 return -ENOMEM;
1638         }
1639         strcpy(entry->name, name);
1640
1641         file = create_proc_entry(name, 0, smi->proc_dir);
1642         if (!file) {
1643                 kfree(entry->name);
1644                 kfree(entry);
1645                 rv = -ENOMEM;
1646         } else {
1647                 file->nlink = 1;
1648                 file->data = data;
1649                 file->read_proc = read_proc;
1650                 file->write_proc = write_proc;
1651                 file->owner = owner;
1652
1653                 spin_lock(&smi->proc_entry_lock);
1654                 /* Stick it on the list. */
1655                 entry->next = smi->proc_entries;
1656                 smi->proc_entries = entry;
1657                 spin_unlock(&smi->proc_entry_lock);
1658         }
1659 #endif /* CONFIG_PROC_FS */
1660
1661         return rv;
1662 }
1663
1664 static int add_proc_entries(ipmi_smi_t smi, int num)
1665 {
1666         int rv = 0;
1667
1668 #ifdef CONFIG_PROC_FS
1669         sprintf(smi->proc_dir_name, "%d", num);
1670         smi->proc_dir = proc_mkdir(smi->proc_dir_name, proc_ipmi_root);
1671         if (!smi->proc_dir)
1672                 rv = -ENOMEM;
1673         else {
1674                 smi->proc_dir->owner = THIS_MODULE;
1675         }
1676
1677         if (rv == 0)
1678                 rv = ipmi_smi_add_proc_entry(smi, "stats",
1679                                              stat_file_read_proc, NULL,
1680                                              smi, THIS_MODULE);
1681
1682         if (rv == 0)
1683                 rv = ipmi_smi_add_proc_entry(smi, "ipmb",
1684                                              ipmb_file_read_proc, NULL,
1685                                              smi, THIS_MODULE);
1686
1687         if (rv == 0)
1688                 rv = ipmi_smi_add_proc_entry(smi, "version",
1689                                              version_file_read_proc, NULL,
1690                                              smi, THIS_MODULE);
1691 #endif /* CONFIG_PROC_FS */
1692
1693         return rv;
1694 }
1695
1696 static void remove_proc_entries(ipmi_smi_t smi)
1697 {
1698 #ifdef CONFIG_PROC_FS
1699         struct ipmi_proc_entry *entry;
1700
1701         spin_lock(&smi->proc_entry_lock);
1702         while (smi->proc_entries) {
1703                 entry = smi->proc_entries;
1704                 smi->proc_entries = entry->next;
1705
1706                 remove_proc_entry(entry->name, smi->proc_dir);
1707                 kfree(entry->name);
1708                 kfree(entry);
1709         }
1710         spin_unlock(&smi->proc_entry_lock);
1711         remove_proc_entry(smi->proc_dir_name, proc_ipmi_root);
1712 #endif /* CONFIG_PROC_FS */
1713 }
1714
1715 static int
1716 send_channel_info_cmd(ipmi_smi_t intf, int chan)
1717 {
1718         struct kernel_ipmi_msg            msg;
1719         unsigned char                     data[1];
1720         struct ipmi_system_interface_addr si;
1721
1722         si.addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
1723         si.channel = IPMI_BMC_CHANNEL;
1724         si.lun = 0;
1725
1726         msg.netfn = IPMI_NETFN_APP_REQUEST;
1727         msg.cmd = IPMI_GET_CHANNEL_INFO_CMD;
1728         msg.data = data;
1729         msg.data_len = 1;
1730         data[0] = chan;
1731         return i_ipmi_request(NULL,
1732                               intf,
1733                               (struct ipmi_addr *) &si,
1734                               0,
1735                               &msg,
1736                               intf,
1737                               NULL,
1738                               NULL,
1739                               0,
1740                               intf->channels[0].address,
1741                               intf->channels[0].lun,
1742                               -1, 0);
1743 }
1744
1745 static void
1746 channel_handler(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
1747 {
1748         int rv = 0;
1749         int chan;
1750
1751         if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
1752             && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
1753             && (msg->msg.cmd == IPMI_GET_CHANNEL_INFO_CMD))
1754         {
1755                 /* It's the one we want */
1756                 if (msg->msg.data[0] != 0) {
1757                         /* Got an error from the channel, just go on. */
1758
1759                         if (msg->msg.data[0] == IPMI_INVALID_COMMAND_ERR) {
1760                                 /* If the MC does not support this
1761                                    command, that is legal.  We just
1762                                    assume it has one IPMB at channel
1763                                    zero. */
1764                                 intf->channels[0].medium
1765                                         = IPMI_CHANNEL_MEDIUM_IPMB;
1766                                 intf->channels[0].protocol
1767                                         = IPMI_CHANNEL_PROTOCOL_IPMB;
1768                                 rv = -ENOSYS;
1769
1770                                 intf->curr_channel = IPMI_MAX_CHANNELS;
1771                                 wake_up(&intf->waitq);
1772                                 goto out;
1773                         }
1774                         goto next_channel;
1775                 }
1776                 if (msg->msg.data_len < 4) {
1777                         /* Message not big enough, just go on. */
1778                         goto next_channel;
1779                 }
1780                 chan = intf->curr_channel;
1781                 intf->channels[chan].medium = msg->msg.data[2] & 0x7f;
1782                 intf->channels[chan].protocol = msg->msg.data[3] & 0x1f;
1783
1784         next_channel:
1785                 intf->curr_channel++;
1786                 if (intf->curr_channel >= IPMI_MAX_CHANNELS)
1787                         wake_up(&intf->waitq);
1788                 else
1789                         rv = send_channel_info_cmd(intf, intf->curr_channel);
1790
1791                 if (rv) {
1792                         /* Got an error somehow, just give up. */
1793                         intf->curr_channel = IPMI_MAX_CHANNELS;
1794                         wake_up(&intf->waitq);
1795
1796                         printk(KERN_WARNING PFX
1797                                "Error sending channel information: %d\n",
1798                                rv);
1799                 }
1800         }
1801  out:
1802         return;
1803 }
1804
1805 int ipmi_register_smi(struct ipmi_smi_handlers *handlers,
1806                       void                     *send_info,
1807                       unsigned char            version_major,
1808                       unsigned char            version_minor,
1809                       unsigned char            slave_addr,
1810                       ipmi_smi_t               *new_intf)
1811 {
1812         int              i, j;
1813         int              rv;
1814         ipmi_smi_t       intf;
1815         unsigned long    flags;
1816
1817
1818         /* Make sure the driver is actually initialized, this handles
1819            problems with initialization order. */
1820         if (!initialized) {
1821                 rv = ipmi_init_msghandler();
1822                 if (rv)
1823                         return rv;
1824                 /* The init code doesn't return an error if it was turned
1825                    off, but it won't initialize.  Check that. */
1826                 if (!initialized)
1827                         return -ENODEV;
1828         }
1829
1830         intf = kmalloc(sizeof(*intf), GFP_KERNEL);
1831         if (!intf)
1832                 return -ENOMEM;
1833         memset(intf, 0, sizeof(*intf));
1834         intf->intf_num = -1;
1835         kref_init(&intf->refcount);
1836         intf->version_major = version_major;
1837         intf->version_minor = version_minor;
1838         for (j = 0; j < IPMI_MAX_CHANNELS; j++) {
1839                 intf->channels[j].address = IPMI_BMC_SLAVE_ADDR;
1840                 intf->channels[j].lun = 2;
1841         }
1842         if (slave_addr != 0)
1843                 intf->channels[0].address = slave_addr;
1844         INIT_LIST_HEAD(&intf->users);
1845         intf->handlers = handlers;
1846         intf->send_info = send_info;
1847         spin_lock_init(&intf->seq_lock);
1848         for (j = 0; j < IPMI_IPMB_NUM_SEQ; j++) {
1849                 intf->seq_table[j].inuse = 0;
1850                 intf->seq_table[j].seqid = 0;
1851         }
1852         intf->curr_seq = 0;
1853 #ifdef CONFIG_PROC_FS
1854         spin_lock_init(&intf->proc_entry_lock);
1855 #endif
1856         spin_lock_init(&intf->waiting_msgs_lock);
1857         INIT_LIST_HEAD(&intf->waiting_msgs);
1858         spin_lock_init(&intf->events_lock);
1859         INIT_LIST_HEAD(&intf->waiting_events);
1860         intf->waiting_events_count = 0;
1861         init_MUTEX(&intf->cmd_rcvrs_lock);
1862         INIT_LIST_HEAD(&intf->cmd_rcvrs);
1863         init_waitqueue_head(&intf->waitq);
1864
1865         spin_lock_init(&intf->counter_lock);
1866         intf->proc_dir = NULL;
1867
1868         rv = -ENOMEM;
1869         spin_lock_irqsave(&interfaces_lock, flags);
1870         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
1871                 if (ipmi_interfaces[i] == NULL) {
1872                         intf->intf_num = i;
1873                         /* Reserve the entry till we are done. */
1874                         ipmi_interfaces[i] = IPMI_INVALID_INTERFACE_ENTRY;
1875                         rv = 0;
1876                         break;
1877                 }
1878         }
1879         spin_unlock_irqrestore(&interfaces_lock, flags);
1880         if (rv)
1881                 goto out;
1882
1883         /* FIXME - this is an ugly kludge, this sets the intf for the
1884            caller before sending any messages with it. */
1885         *new_intf = intf;
1886
1887         if ((version_major > 1)
1888             || ((version_major == 1) && (version_minor >= 5)))
1889         {
1890                 /* Start scanning the channels to see what is
1891                    available. */
1892                 intf->null_user_handler = channel_handler;
1893                 intf->curr_channel = 0;
1894                 rv = send_channel_info_cmd(intf, 0);
1895                 if (rv)
1896                         goto out;
1897
1898                 /* Wait for the channel info to be read. */
1899                 wait_event(intf->waitq,
1900                            intf->curr_channel >= IPMI_MAX_CHANNELS);
1901         } else {
1902                 /* Assume a single IPMB channel at zero. */
1903                 intf->channels[0].medium = IPMI_CHANNEL_MEDIUM_IPMB;
1904                 intf->channels[0].protocol = IPMI_CHANNEL_PROTOCOL_IPMB;
1905         }
1906
1907         if (rv == 0)
1908                 rv = add_proc_entries(intf, i);
1909
1910  out:
1911         if (rv) {
1912                 if (intf->proc_dir)
1913                         remove_proc_entries(intf);
1914                 kref_put(&intf->refcount, intf_free);
1915                 if (i < MAX_IPMI_INTERFACES) {
1916                         spin_lock_irqsave(&interfaces_lock, flags);
1917                         ipmi_interfaces[i] = NULL;
1918                         spin_unlock_irqrestore(&interfaces_lock, flags);
1919                 }
1920         } else {
1921                 spin_lock_irqsave(&interfaces_lock, flags);
1922                 ipmi_interfaces[i] = intf;
1923                 spin_unlock_irqrestore(&interfaces_lock, flags);
1924                 call_smi_watchers(i);
1925         }
1926
1927         return rv;
1928 }
1929
1930 int ipmi_unregister_smi(ipmi_smi_t intf)
1931 {
1932         int                     i;
1933         struct ipmi_smi_watcher *w;
1934         unsigned long           flags;
1935
1936         spin_lock_irqsave(&interfaces_lock, flags);
1937         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
1938                 if (ipmi_interfaces[i] == intf) {
1939                         /* Set the interface number reserved until we
1940                          * are done. */
1941                         ipmi_interfaces[i] = IPMI_INVALID_INTERFACE_ENTRY;
1942                         intf->intf_num = -1;
1943                         break;
1944                 }
1945         }
1946         spin_unlock_irqrestore(&interfaces_lock,flags);
1947
1948         if (i == MAX_IPMI_INTERFACES)
1949                 return -ENODEV;
1950
1951         remove_proc_entries(intf);
1952
1953         /* Call all the watcher interfaces to tell them that
1954            an interface is gone. */
1955         down_read(&smi_watchers_sem);
1956         list_for_each_entry(w, &smi_watchers, link)
1957                 w->smi_gone(i);
1958         up_read(&smi_watchers_sem);
1959
1960         /* Allow the entry to be reused now. */
1961         spin_lock_irqsave(&interfaces_lock, flags);
1962         ipmi_interfaces[i] = NULL;
1963         spin_unlock_irqrestore(&interfaces_lock,flags);
1964
1965         kref_put(&intf->refcount, intf_free);
1966         return 0;
1967 }
1968
1969 static int handle_ipmb_get_msg_rsp(ipmi_smi_t          intf,
1970                                    struct ipmi_smi_msg *msg)
1971 {
1972         struct ipmi_ipmb_addr ipmb_addr;
1973         struct ipmi_recv_msg  *recv_msg;
1974         unsigned long         flags;
1975
1976         
1977         /* This is 11, not 10, because the response must contain a
1978          * completion code. */
1979         if (msg->rsp_size < 11) {
1980                 /* Message not big enough, just ignore it. */
1981                 spin_lock_irqsave(&intf->counter_lock, flags);
1982                 intf->invalid_ipmb_responses++;
1983                 spin_unlock_irqrestore(&intf->counter_lock, flags);
1984                 return 0;
1985         }
1986
1987         if (msg->rsp[2] != 0) {
1988                 /* An error getting the response, just ignore it. */
1989                 return 0;
1990         }
1991
1992         ipmb_addr.addr_type = IPMI_IPMB_ADDR_TYPE;
1993         ipmb_addr.slave_addr = msg->rsp[6];
1994         ipmb_addr.channel = msg->rsp[3] & 0x0f;
1995         ipmb_addr.lun = msg->rsp[7] & 3;
1996
1997         /* It's a response from a remote entity.  Look up the sequence
1998            number and handle the response. */
1999         if (intf_find_seq(intf,
2000                           msg->rsp[7] >> 2,
2001                           msg->rsp[3] & 0x0f,
2002                           msg->rsp[8],
2003                           (msg->rsp[4] >> 2) & (~1),
2004                           (struct ipmi_addr *) &(ipmb_addr),
2005                           &recv_msg))
2006         {
2007                 /* We were unable to find the sequence number,
2008                    so just nuke the message. */
2009                 spin_lock_irqsave(&intf->counter_lock, flags);
2010                 intf->unhandled_ipmb_responses++;
2011                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2012                 return 0;
2013         }
2014
2015         memcpy(recv_msg->msg_data,
2016                &(msg->rsp[9]),
2017                msg->rsp_size - 9);
2018         /* THe other fields matched, so no need to set them, except
2019            for netfn, which needs to be the response that was
2020            returned, not the request value. */
2021         recv_msg->msg.netfn = msg->rsp[4] >> 2;
2022         recv_msg->msg.data = recv_msg->msg_data;
2023         recv_msg->msg.data_len = msg->rsp_size - 10;
2024         recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
2025         spin_lock_irqsave(&intf->counter_lock, flags);
2026         intf->handled_ipmb_responses++;
2027         spin_unlock_irqrestore(&intf->counter_lock, flags);
2028         deliver_response(recv_msg);
2029
2030         return 0;
2031 }
2032
2033 static int handle_ipmb_get_msg_cmd(ipmi_smi_t          intf,
2034                                    struct ipmi_smi_msg *msg)
2035 {
2036         struct cmd_rcvr          *rcvr;
2037         int                      rv = 0;
2038         unsigned char            netfn;
2039         unsigned char            cmd;
2040         ipmi_user_t              user = NULL;
2041         struct ipmi_ipmb_addr    *ipmb_addr;
2042         struct ipmi_recv_msg     *recv_msg;
2043         unsigned long            flags;
2044
2045         if (msg->rsp_size < 10) {
2046                 /* Message not big enough, just ignore it. */
2047                 spin_lock_irqsave(&intf->counter_lock, flags);
2048                 intf->invalid_commands++;
2049                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2050                 return 0;
2051         }
2052
2053         if (msg->rsp[2] != 0) {
2054                 /* An error getting the response, just ignore it. */
2055                 return 0;
2056         }
2057
2058         netfn = msg->rsp[4] >> 2;
2059         cmd = msg->rsp[8];
2060
2061         rcu_read_lock();
2062         rcvr = find_cmd_rcvr(intf, netfn, cmd);
2063         if (rcvr) {
2064                 user = rcvr->user;
2065                 kref_get(&user->refcount);
2066         } else
2067                 user = NULL;
2068         rcu_read_unlock();
2069
2070         if (user == NULL) {
2071                 /* We didn't find a user, deliver an error response. */
2072                 spin_lock_irqsave(&intf->counter_lock, flags);
2073                 intf->unhandled_commands++;
2074                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2075
2076                 msg->data[0] = (IPMI_NETFN_APP_REQUEST << 2);
2077                 msg->data[1] = IPMI_SEND_MSG_CMD;
2078                 msg->data[2] = msg->rsp[3];
2079                 msg->data[3] = msg->rsp[6];
2080                 msg->data[4] = ((netfn + 1) << 2) | (msg->rsp[7] & 0x3);
2081                 msg->data[5] = ipmb_checksum(&(msg->data[3]), 2);
2082                 msg->data[6] = intf->channels[msg->rsp[3] & 0xf].address;
2083                 /* rqseq/lun */
2084                 msg->data[7] = (msg->rsp[7] & 0xfc) | (msg->rsp[4] & 0x3);
2085                 msg->data[8] = msg->rsp[8]; /* cmd */
2086                 msg->data[9] = IPMI_INVALID_CMD_COMPLETION_CODE;
2087                 msg->data[10] = ipmb_checksum(&(msg->data[6]), 4);
2088                 msg->data_size = 11;
2089
2090 #ifdef DEBUG_MSGING
2091         {
2092                 int m;
2093                 printk("Invalid command:");
2094                 for (m = 0; m < msg->data_size; m++)
2095                         printk(" %2.2x", msg->data[m]);
2096                 printk("\n");
2097         }
2098 #endif
2099                 intf->handlers->sender(intf->send_info, msg, 0);
2100
2101                 rv = -1; /* We used the message, so return the value that
2102                             causes it to not be freed or queued. */
2103         } else {
2104                 /* Deliver the message to the user. */
2105                 spin_lock_irqsave(&intf->counter_lock, flags);
2106                 intf->handled_commands++;
2107                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2108
2109                 recv_msg = ipmi_alloc_recv_msg();
2110                 if (! recv_msg) {
2111                         /* We couldn't allocate memory for the
2112                            message, so requeue it for handling
2113                            later. */
2114                         rv = 1;
2115                         kref_put(&user->refcount, free_user);
2116                 } else {
2117                         /* Extract the source address from the data. */
2118                         ipmb_addr = (struct ipmi_ipmb_addr *) &recv_msg->addr;
2119                         ipmb_addr->addr_type = IPMI_IPMB_ADDR_TYPE;
2120                         ipmb_addr->slave_addr = msg->rsp[6];
2121                         ipmb_addr->lun = msg->rsp[7] & 3;
2122                         ipmb_addr->channel = msg->rsp[3] & 0xf;
2123
2124                         /* Extract the rest of the message information
2125                            from the IPMB header.*/
2126                         recv_msg->user = user;
2127                         recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
2128                         recv_msg->msgid = msg->rsp[7] >> 2;
2129                         recv_msg->msg.netfn = msg->rsp[4] >> 2;
2130                         recv_msg->msg.cmd = msg->rsp[8];
2131                         recv_msg->msg.data = recv_msg->msg_data;
2132
2133                         /* We chop off 10, not 9 bytes because the checksum
2134                            at the end also needs to be removed. */
2135                         recv_msg->msg.data_len = msg->rsp_size - 10;
2136                         memcpy(recv_msg->msg_data,
2137                                &(msg->rsp[9]),
2138                                msg->rsp_size - 10);
2139                         deliver_response(recv_msg);
2140                 }
2141         }
2142
2143         return rv;
2144 }
2145
2146 static int handle_lan_get_msg_rsp(ipmi_smi_t          intf,
2147                                   struct ipmi_smi_msg *msg)
2148 {
2149         struct ipmi_lan_addr  lan_addr;
2150         struct ipmi_recv_msg  *recv_msg;
2151         unsigned long         flags;
2152
2153
2154         /* This is 13, not 12, because the response must contain a
2155          * completion code. */
2156         if (msg->rsp_size < 13) {
2157                 /* Message not big enough, just ignore it. */
2158                 spin_lock_irqsave(&intf->counter_lock, flags);
2159                 intf->invalid_lan_responses++;
2160                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2161                 return 0;
2162         }
2163
2164         if (msg->rsp[2] != 0) {
2165                 /* An error getting the response, just ignore it. */
2166                 return 0;
2167         }
2168
2169         lan_addr.addr_type = IPMI_LAN_ADDR_TYPE;
2170         lan_addr.session_handle = msg->rsp[4];
2171         lan_addr.remote_SWID = msg->rsp[8];
2172         lan_addr.local_SWID = msg->rsp[5];
2173         lan_addr.channel = msg->rsp[3] & 0x0f;
2174         lan_addr.privilege = msg->rsp[3] >> 4;
2175         lan_addr.lun = msg->rsp[9] & 3;
2176
2177         /* It's a response from a remote entity.  Look up the sequence
2178            number and handle the response. */
2179         if (intf_find_seq(intf,
2180                           msg->rsp[9] >> 2,
2181                           msg->rsp[3] & 0x0f,
2182                           msg->rsp[10],
2183                           (msg->rsp[6] >> 2) & (~1),
2184                           (struct ipmi_addr *) &(lan_addr),
2185                           &recv_msg))
2186         {
2187                 /* We were unable to find the sequence number,
2188                    so just nuke the message. */
2189                 spin_lock_irqsave(&intf->counter_lock, flags);
2190                 intf->unhandled_lan_responses++;
2191                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2192                 return 0;
2193         }
2194
2195         memcpy(recv_msg->msg_data,
2196                &(msg->rsp[11]),
2197                msg->rsp_size - 11);
2198         /* The other fields matched, so no need to set them, except
2199            for netfn, which needs to be the response that was
2200            returned, not the request value. */
2201         recv_msg->msg.netfn = msg->rsp[6] >> 2;
2202         recv_msg->msg.data = recv_msg->msg_data;
2203         recv_msg->msg.data_len = msg->rsp_size - 12;
2204         recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
2205         spin_lock_irqsave(&intf->counter_lock, flags);
2206         intf->handled_lan_responses++;
2207         spin_unlock_irqrestore(&intf->counter_lock, flags);
2208         deliver_response(recv_msg);
2209
2210         return 0;
2211 }
2212
2213 static int handle_lan_get_msg_cmd(ipmi_smi_t          intf,
2214                                   struct ipmi_smi_msg *msg)
2215 {
2216         struct cmd_rcvr          *rcvr;
2217         int                      rv = 0;
2218         unsigned char            netfn;
2219         unsigned char            cmd;
2220         ipmi_user_t              user = NULL;
2221         struct ipmi_lan_addr     *lan_addr;
2222         struct ipmi_recv_msg     *recv_msg;
2223         unsigned long            flags;
2224
2225         if (msg->rsp_size < 12) {
2226                 /* Message not big enough, just ignore it. */
2227                 spin_lock_irqsave(&intf->counter_lock, flags);
2228                 intf->invalid_commands++;
2229                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2230                 return 0;
2231         }
2232
2233         if (msg->rsp[2] != 0) {
2234                 /* An error getting the response, just ignore it. */
2235                 return 0;
2236         }
2237
2238         netfn = msg->rsp[6] >> 2;
2239         cmd = msg->rsp[10];
2240
2241         rcu_read_lock();
2242         rcvr = find_cmd_rcvr(intf, netfn, cmd);
2243         if (rcvr) {
2244                 user = rcvr->user;
2245                 kref_get(&user->refcount);
2246         } else
2247                 user = NULL;
2248         rcu_read_unlock();
2249
2250         if (user == NULL) {
2251                 /* We didn't find a user, just give up. */
2252                 spin_lock_irqsave(&intf->counter_lock, flags);
2253                 intf->unhandled_commands++;
2254                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2255
2256                 rv = 0; /* Don't do anything with these messages, just
2257                            allow them to be freed. */
2258         } else {
2259                 /* Deliver the message to the user. */
2260                 spin_lock_irqsave(&intf->counter_lock, flags);
2261                 intf->handled_commands++;
2262                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2263
2264                 recv_msg = ipmi_alloc_recv_msg();
2265                 if (! recv_msg) {
2266                         /* We couldn't allocate memory for the
2267                            message, so requeue it for handling
2268                            later. */
2269                         rv = 1;
2270                         kref_put(&user->refcount, free_user);
2271                 } else {
2272                         /* Extract the source address from the data. */
2273                         lan_addr = (struct ipmi_lan_addr *) &recv_msg->addr;
2274                         lan_addr->addr_type = IPMI_LAN_ADDR_TYPE;
2275                         lan_addr->session_handle = msg->rsp[4];
2276                         lan_addr->remote_SWID = msg->rsp[8];
2277                         lan_addr->local_SWID = msg->rsp[5];
2278                         lan_addr->lun = msg->rsp[9] & 3;
2279                         lan_addr->channel = msg->rsp[3] & 0xf;
2280                         lan_addr->privilege = msg->rsp[3] >> 4;
2281
2282                         /* Extract the rest of the message information
2283                            from the IPMB header.*/
2284                         recv_msg->user = user;
2285                         recv_msg->recv_type = IPMI_CMD_RECV_TYPE;
2286                         recv_msg->msgid = msg->rsp[9] >> 2;
2287                         recv_msg->msg.netfn = msg->rsp[6] >> 2;
2288                         recv_msg->msg.cmd = msg->rsp[10];
2289                         recv_msg->msg.data = recv_msg->msg_data;
2290
2291                         /* We chop off 12, not 11 bytes because the checksum
2292                            at the end also needs to be removed. */
2293                         recv_msg->msg.data_len = msg->rsp_size - 12;
2294                         memcpy(recv_msg->msg_data,
2295                                &(msg->rsp[11]),
2296                                msg->rsp_size - 12);
2297                         deliver_response(recv_msg);
2298                 }
2299         }
2300
2301         return rv;
2302 }
2303
2304 static void copy_event_into_recv_msg(struct ipmi_recv_msg *recv_msg,
2305                                      struct ipmi_smi_msg  *msg)
2306 {
2307         struct ipmi_system_interface_addr *smi_addr;
2308         
2309         recv_msg->msgid = 0;
2310         smi_addr = (struct ipmi_system_interface_addr *) &(recv_msg->addr);
2311         smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2312         smi_addr->channel = IPMI_BMC_CHANNEL;
2313         smi_addr->lun = msg->rsp[0] & 3;
2314         recv_msg->recv_type = IPMI_ASYNC_EVENT_RECV_TYPE;
2315         recv_msg->msg.netfn = msg->rsp[0] >> 2;
2316         recv_msg->msg.cmd = msg->rsp[1];
2317         memcpy(recv_msg->msg_data, &(msg->rsp[3]), msg->rsp_size - 3);
2318         recv_msg->msg.data = recv_msg->msg_data;
2319         recv_msg->msg.data_len = msg->rsp_size - 3;
2320 }
2321
2322 static int handle_read_event_rsp(ipmi_smi_t          intf,
2323                                  struct ipmi_smi_msg *msg)
2324 {
2325         struct ipmi_recv_msg *recv_msg, *recv_msg2;
2326         struct list_head     msgs;
2327         ipmi_user_t          user;
2328         int                  rv = 0;
2329         int                  deliver_count = 0;
2330         unsigned long        flags;
2331
2332         if (msg->rsp_size < 19) {
2333                 /* Message is too small to be an IPMB event. */
2334                 spin_lock_irqsave(&intf->counter_lock, flags);
2335                 intf->invalid_events++;
2336                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2337                 return 0;
2338         }
2339
2340         if (msg->rsp[2] != 0) {
2341                 /* An error getting the event, just ignore it. */
2342                 return 0;
2343         }
2344
2345         INIT_LIST_HEAD(&msgs);
2346
2347         spin_lock_irqsave(&intf->events_lock, flags);
2348
2349         spin_lock(&intf->counter_lock);
2350         intf->events++;
2351         spin_unlock(&intf->counter_lock);
2352
2353         /* Allocate and fill in one message for every user that is getting
2354            events. */
2355         rcu_read_lock();
2356         list_for_each_entry_rcu(user, &intf->users, link) {
2357                 if (! user->gets_events)
2358                         continue;
2359
2360                 recv_msg = ipmi_alloc_recv_msg();
2361                 if (! recv_msg) {
2362                         rcu_read_unlock();
2363                         list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) {
2364                                 list_del(&recv_msg->link);
2365                                 ipmi_free_recv_msg(recv_msg);
2366                         }
2367                         /* We couldn't allocate memory for the
2368                            message, so requeue it for handling
2369                            later. */
2370                         rv = 1;
2371                         goto out;
2372                 }
2373
2374                 deliver_count++;
2375
2376                 copy_event_into_recv_msg(recv_msg, msg);
2377                 recv_msg->user = user;
2378                 kref_get(&user->refcount);
2379                 list_add_tail(&(recv_msg->link), &msgs);
2380         }
2381         rcu_read_unlock();
2382
2383         if (deliver_count) {
2384                 /* Now deliver all the messages. */
2385                 list_for_each_entry_safe(recv_msg, recv_msg2, &msgs, link) {
2386                         list_del(&recv_msg->link);
2387                         deliver_response(recv_msg);
2388                 }
2389         } else if (intf->waiting_events_count < MAX_EVENTS_IN_QUEUE) {
2390                 /* No one to receive the message, put it in queue if there's
2391                    not already too many things in the queue. */
2392                 recv_msg = ipmi_alloc_recv_msg();
2393                 if (! recv_msg) {
2394                         /* We couldn't allocate memory for the
2395                            message, so requeue it for handling
2396                            later. */
2397                         rv = 1;
2398                         goto out;
2399                 }
2400
2401                 copy_event_into_recv_msg(recv_msg, msg);
2402                 list_add_tail(&(recv_msg->link), &(intf->waiting_events));
2403         } else {
2404                 /* There's too many things in the queue, discard this
2405                    message. */
2406                 printk(KERN_WARNING PFX "Event queue full, discarding an"
2407                        " incoming event\n");
2408         }
2409
2410  out:
2411         spin_unlock_irqrestore(&(intf->events_lock), flags);
2412
2413         return rv;
2414 }
2415
2416 static int handle_bmc_rsp(ipmi_smi_t          intf,
2417                           struct ipmi_smi_msg *msg)
2418 {
2419         struct ipmi_recv_msg *recv_msg;
2420         unsigned long        flags;
2421         struct ipmi_user     *user;
2422
2423         recv_msg = (struct ipmi_recv_msg *) msg->user_data;
2424         if (recv_msg == NULL)
2425         {
2426                 printk(KERN_WARNING"IPMI message received with no owner. This\n"
2427                         "could be because of a malformed message, or\n"
2428                         "because of a hardware error.  Contact your\n"
2429                         "hardware vender for assistance\n");
2430                 return 0;
2431         }
2432
2433         user = recv_msg->user;
2434         /* Make sure the user still exists. */
2435         if (user && !user->valid) {
2436                 /* The user for the message went away, so give up. */
2437                 spin_lock_irqsave(&intf->counter_lock, flags);
2438                 intf->unhandled_local_responses++;
2439                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2440                 ipmi_free_recv_msg(recv_msg);
2441         } else {
2442                 struct ipmi_system_interface_addr *smi_addr;
2443
2444                 spin_lock_irqsave(&intf->counter_lock, flags);
2445                 intf->handled_local_responses++;
2446                 spin_unlock_irqrestore(&intf->counter_lock, flags);
2447                 recv_msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
2448                 recv_msg->msgid = msg->msgid;
2449                 smi_addr = ((struct ipmi_system_interface_addr *)
2450                             &(recv_msg->addr));
2451                 smi_addr->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2452                 smi_addr->channel = IPMI_BMC_CHANNEL;
2453                 smi_addr->lun = msg->rsp[0] & 3;
2454                 recv_msg->msg.netfn = msg->rsp[0] >> 2;
2455                 recv_msg->msg.cmd = msg->rsp[1];
2456                 memcpy(recv_msg->msg_data,
2457                        &(msg->rsp[2]),
2458                        msg->rsp_size - 2);
2459                 recv_msg->msg.data = recv_msg->msg_data;
2460                 recv_msg->msg.data_len = msg->rsp_size - 2;
2461                 deliver_response(recv_msg);
2462         }
2463
2464         return 0;
2465 }
2466
2467 /* Handle a new message.  Return 1 if the message should be requeued,
2468    0 if the message should be freed, or -1 if the message should not
2469    be freed or requeued. */
2470 static int handle_new_recv_msg(ipmi_smi_t          intf,
2471                                struct ipmi_smi_msg *msg)
2472 {
2473         int requeue;
2474         int chan;
2475
2476 #ifdef DEBUG_MSGING
2477         int m;
2478         printk("Recv:");
2479         for (m = 0; m < msg->rsp_size; m++)
2480                 printk(" %2.2x", msg->rsp[m]);
2481         printk("\n");
2482 #endif
2483         if (msg->rsp_size < 2) {
2484                 /* Message is too small to be correct. */
2485                 printk(KERN_WARNING PFX "BMC returned to small a message"
2486                        " for netfn %x cmd %x, got %d bytes\n",
2487                        (msg->data[0] >> 2) | 1, msg->data[1], msg->rsp_size);
2488
2489                 /* Generate an error response for the message. */
2490                 msg->rsp[0] = msg->data[0] | (1 << 2);
2491                 msg->rsp[1] = msg->data[1];
2492                 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
2493                 msg->rsp_size = 3;
2494         } else if (((msg->rsp[0] >> 2) != ((msg->data[0] >> 2) | 1))/* Netfn */
2495                    || (msg->rsp[1] != msg->data[1]))              /* Command */
2496         {
2497                 /* The response is not even marginally correct. */
2498                 printk(KERN_WARNING PFX "BMC returned incorrect response,"
2499                        " expected netfn %x cmd %x, got netfn %x cmd %x\n",
2500                        (msg->data[0] >> 2) | 1, msg->data[1],
2501                        msg->rsp[0] >> 2, msg->rsp[1]);
2502
2503                 /* Generate an error response for the message. */
2504                 msg->rsp[0] = msg->data[0] | (1 << 2);
2505                 msg->rsp[1] = msg->data[1];
2506                 msg->rsp[2] = IPMI_ERR_UNSPECIFIED;
2507                 msg->rsp_size = 3;
2508         }
2509
2510         if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
2511             && (msg->rsp[1] == IPMI_SEND_MSG_CMD)
2512             && (msg->user_data != NULL))
2513         {
2514                 /* It's a response to a response we sent.  For this we
2515                    deliver a send message response to the user. */
2516                 struct ipmi_recv_msg     *recv_msg = msg->user_data;
2517
2518                 requeue = 0;
2519                 if (msg->rsp_size < 2)
2520                         /* Message is too small to be correct. */
2521                         goto out;
2522
2523                 chan = msg->data[2] & 0x0f;
2524                 if (chan >= IPMI_MAX_CHANNELS)
2525                         /* Invalid channel number */
2526                         goto out;
2527
2528                 if (!recv_msg)
2529                         goto out;
2530
2531                 /* Make sure the user still exists. */
2532                 if (!recv_msg->user || !recv_msg->user->valid)
2533                         goto out;
2534
2535                 recv_msg->recv_type = IPMI_RESPONSE_RESPONSE_TYPE;
2536                 recv_msg->msg.data = recv_msg->msg_data;
2537                 recv_msg->msg.data_len = 1;
2538                 recv_msg->msg_data[0] = msg->rsp[2];
2539                 deliver_response(recv_msg);
2540         } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
2541                    && (msg->rsp[1] == IPMI_GET_MSG_CMD))
2542         {
2543                 /* It's from the receive queue. */
2544                 chan = msg->rsp[3] & 0xf;
2545                 if (chan >= IPMI_MAX_CHANNELS) {
2546                         /* Invalid channel number */
2547                         requeue = 0;
2548                         goto out;
2549                 }
2550
2551                 switch (intf->channels[chan].medium) {
2552                 case IPMI_CHANNEL_MEDIUM_IPMB:
2553                         if (msg->rsp[4] & 0x04) {
2554                                 /* It's a response, so find the
2555                                    requesting message and send it up. */
2556                                 requeue = handle_ipmb_get_msg_rsp(intf, msg);
2557                         } else {
2558                                 /* It's a command to the SMS from some other
2559                                    entity.  Handle that. */
2560                                 requeue = handle_ipmb_get_msg_cmd(intf, msg);
2561                         }
2562                         break;
2563
2564                 case IPMI_CHANNEL_MEDIUM_8023LAN:
2565                 case IPMI_CHANNEL_MEDIUM_ASYNC:
2566                         if (msg->rsp[6] & 0x04) {
2567                                 /* It's a response, so find the
2568                                    requesting message and send it up. */
2569                                 requeue = handle_lan_get_msg_rsp(intf, msg);
2570                         } else {
2571                                 /* It's a command to the SMS from some other
2572                                    entity.  Handle that. */
2573                                 requeue = handle_lan_get_msg_cmd(intf, msg);
2574                         }
2575                         break;
2576
2577                 default:
2578                         /* We don't handle the channel type, so just
2579                          * free the message. */
2580                         requeue = 0;
2581                 }
2582
2583         } else if ((msg->rsp[0] == ((IPMI_NETFN_APP_REQUEST|1) << 2))
2584                    && (msg->rsp[1] == IPMI_READ_EVENT_MSG_BUFFER_CMD))
2585         {
2586                 /* It's an asyncronous event. */
2587                 requeue = handle_read_event_rsp(intf, msg);
2588         } else {
2589                 /* It's a response from the local BMC. */
2590                 requeue = handle_bmc_rsp(intf, msg);
2591         }
2592
2593  out:
2594         return requeue;
2595 }
2596
2597 /* Handle a new message from the lower layer. */
2598 void ipmi_smi_msg_received(ipmi_smi_t          intf,
2599                            struct ipmi_smi_msg *msg)
2600 {
2601         unsigned long flags;
2602         int           rv;
2603
2604
2605         if ((msg->data_size >= 2)
2606             && (msg->data[0] == (IPMI_NETFN_APP_REQUEST << 2))
2607             && (msg->data[1] == IPMI_SEND_MSG_CMD)
2608             && (msg->user_data == NULL))
2609         {
2610                 /* This is the local response to a command send, start
2611                    the timer for these.  The user_data will not be
2612                    NULL if this is a response send, and we will let
2613                    response sends just go through. */
2614
2615                 /* Check for errors, if we get certain errors (ones
2616                    that mean basically we can try again later), we
2617                    ignore them and start the timer.  Otherwise we
2618                    report the error immediately. */
2619                 if ((msg->rsp_size >= 3) && (msg->rsp[2] != 0)
2620                     && (msg->rsp[2] != IPMI_NODE_BUSY_ERR)
2621                     && (msg->rsp[2] != IPMI_LOST_ARBITRATION_ERR))
2622                 {
2623                         int chan = msg->rsp[3] & 0xf;
2624
2625                         /* Got an error sending the message, handle it. */
2626                         spin_lock_irqsave(&intf->counter_lock, flags);
2627                         if (chan >= IPMI_MAX_CHANNELS)
2628                                 ; /* This shouldn't happen */
2629                         else if ((intf->channels[chan].medium
2630                                   == IPMI_CHANNEL_MEDIUM_8023LAN)
2631                                  || (intf->channels[chan].medium
2632                                      == IPMI_CHANNEL_MEDIUM_ASYNC))
2633                                 intf->sent_lan_command_errs++;
2634                         else
2635                                 intf->sent_ipmb_command_errs++;
2636                         spin_unlock_irqrestore(&intf->counter_lock, flags);
2637                         intf_err_seq(intf, msg->msgid, msg->rsp[2]);
2638                 } else {
2639                         /* The message was sent, start the timer. */
2640                         intf_start_seq_timer(intf, msg->msgid);
2641                 }
2642
2643                 ipmi_free_smi_msg(msg);
2644                 goto out;
2645         }
2646
2647         /* To preserve message order, if the list is not empty, we
2648            tack this message onto the end of the list. */
2649         spin_lock_irqsave(&intf->waiting_msgs_lock, flags);
2650         if (!list_empty(&intf->waiting_msgs)) {
2651                 list_add_tail(&msg->link, &intf->waiting_msgs);
2652                 spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
2653                 goto out;
2654         }
2655         spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
2656                 
2657         rv = handle_new_recv_msg(intf, msg);
2658         if (rv > 0) {
2659                 /* Could not handle the message now, just add it to a
2660                    list to handle later. */
2661                 spin_lock_irqsave(&intf->waiting_msgs_lock, flags);
2662                 list_add_tail(&msg->link, &intf->waiting_msgs);
2663                 spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
2664         } else if (rv == 0) {
2665                 ipmi_free_smi_msg(msg);
2666         }
2667
2668  out:
2669         return;
2670 }
2671
2672 void ipmi_smi_watchdog_pretimeout(ipmi_smi_t intf)
2673 {
2674         ipmi_user_t user;
2675
2676         rcu_read_lock();
2677         list_for_each_entry_rcu(user, &intf->users, link) {
2678                 if (! user->handler->ipmi_watchdog_pretimeout)
2679                         continue;
2680
2681                 user->handler->ipmi_watchdog_pretimeout(user->handler_data);
2682         }
2683         rcu_read_unlock();
2684 }
2685
2686 static void
2687 handle_msg_timeout(struct ipmi_recv_msg *msg)
2688 {
2689         msg->recv_type = IPMI_RESPONSE_RECV_TYPE;
2690         msg->msg_data[0] = IPMI_TIMEOUT_COMPLETION_CODE;
2691         msg->msg.netfn |= 1; /* Convert to a response. */
2692         msg->msg.data_len = 1;
2693         msg->msg.data = msg->msg_data;
2694         deliver_response(msg);
2695 }
2696
2697 static struct ipmi_smi_msg *
2698 smi_from_recv_msg(ipmi_smi_t intf, struct ipmi_recv_msg *recv_msg,
2699                   unsigned char seq, long seqid)
2700 {
2701         struct ipmi_smi_msg *smi_msg = ipmi_alloc_smi_msg();
2702         if (!smi_msg)
2703                 /* If we can't allocate the message, then just return, we
2704                    get 4 retries, so this should be ok. */
2705                 return NULL;
2706
2707         memcpy(smi_msg->data, recv_msg->msg.data, recv_msg->msg.data_len);
2708         smi_msg->data_size = recv_msg->msg.data_len;
2709         smi_msg->msgid = STORE_SEQ_IN_MSGID(seq, seqid);
2710                 
2711 #ifdef DEBUG_MSGING
2712         {
2713                 int m;
2714                 printk("Resend: ");
2715                 for (m = 0; m < smi_msg->data_size; m++)
2716                         printk(" %2.2x", smi_msg->data[m]);
2717                 printk("\n");
2718         }
2719 #endif
2720         return smi_msg;
2721 }
2722
2723 static void check_msg_timeout(ipmi_smi_t intf, struct seq_table *ent,
2724                               struct list_head *timeouts, long timeout_period,
2725                               int slot, unsigned long *flags)
2726 {
2727         struct ipmi_recv_msg *msg;
2728
2729         if (!ent->inuse)
2730                 return;
2731
2732         ent->timeout -= timeout_period;
2733         if (ent->timeout > 0)
2734                 return;
2735
2736         if (ent->retries_left == 0) {
2737                 /* The message has used all its retries. */
2738                 ent->inuse = 0;
2739                 msg = ent->recv_msg;
2740                 list_add_tail(&msg->link, timeouts);
2741                 spin_lock(&intf->counter_lock);
2742                 if (ent->broadcast)
2743                         intf->timed_out_ipmb_broadcasts++;
2744                 else if (ent->recv_msg->addr.addr_type == IPMI_LAN_ADDR_TYPE)
2745                         intf->timed_out_lan_commands++;
2746                 else
2747                         intf->timed_out_ipmb_commands++;
2748                 spin_unlock(&intf->counter_lock);
2749         } else {
2750                 struct ipmi_smi_msg *smi_msg;
2751                 /* More retries, send again. */
2752
2753                 /* Start with the max timer, set to normal
2754                    timer after the message is sent. */
2755                 ent->timeout = MAX_MSG_TIMEOUT;
2756                 ent->retries_left--;
2757                 spin_lock(&intf->counter_lock);
2758                 if (ent->recv_msg->addr.addr_type == IPMI_LAN_ADDR_TYPE)
2759                         intf->retransmitted_lan_commands++;
2760                 else
2761                         intf->retransmitted_ipmb_commands++;
2762                 spin_unlock(&intf->counter_lock);
2763
2764                 smi_msg = smi_from_recv_msg(intf, ent->recv_msg, slot,
2765                                             ent->seqid);
2766                 if (! smi_msg)
2767                         return;
2768
2769                 spin_unlock_irqrestore(&intf->seq_lock, *flags);
2770                 /* Send the new message.  We send with a zero
2771                  * priority.  It timed out, I doubt time is
2772                  * that critical now, and high priority
2773                  * messages are really only for messages to the
2774                  * local MC, which don't get resent. */
2775                 intf->handlers->sender(intf->send_info,
2776                                        smi_msg, 0);
2777                 spin_lock_irqsave(&intf->seq_lock, *flags);
2778         }
2779 }
2780
2781 static void ipmi_timeout_handler(long timeout_period)
2782 {
2783         ipmi_smi_t           intf;
2784         struct list_head     timeouts;
2785         struct ipmi_recv_msg *msg, *msg2;
2786         struct ipmi_smi_msg  *smi_msg, *smi_msg2;
2787         unsigned long        flags;
2788         int                  i, j;
2789
2790         INIT_LIST_HEAD(&timeouts);
2791
2792         spin_lock(&interfaces_lock);
2793         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
2794                 intf = ipmi_interfaces[i];
2795                 if (IPMI_INVALID_INTERFACE(intf))
2796                         continue;
2797                 kref_get(&intf->refcount);
2798                 spin_unlock(&interfaces_lock);
2799
2800                 /* See if any waiting messages need to be processed. */
2801                 spin_lock_irqsave(&intf->waiting_msgs_lock, flags);
2802                 list_for_each_entry_safe(smi_msg, smi_msg2, &intf->waiting_msgs, link) {
2803                         if (! handle_new_recv_msg(intf, smi_msg)) {
2804                                 list_del(&smi_msg->link);
2805                                 ipmi_free_smi_msg(smi_msg);
2806                         } else {
2807                                 /* To preserve message order, quit if we
2808                                    can't handle a message. */
2809                                 break;
2810                         }
2811                 }
2812                 spin_unlock_irqrestore(&intf->waiting_msgs_lock, flags);
2813
2814                 /* Go through the seq table and find any messages that
2815                    have timed out, putting them in the timeouts
2816                    list. */
2817                 spin_lock_irqsave(&intf->seq_lock, flags);
2818                 for (j = 0; j < IPMI_IPMB_NUM_SEQ; j++)
2819                         check_msg_timeout(intf, &(intf->seq_table[j]),
2820                                           &timeouts, timeout_period, j,
2821                                           &flags);
2822                 spin_unlock_irqrestore(&intf->seq_lock, flags);
2823
2824                 list_for_each_entry_safe(msg, msg2, &timeouts, link)
2825                         handle_msg_timeout(msg);
2826
2827                 kref_put(&intf->refcount, intf_free);
2828                 spin_lock(&interfaces_lock);
2829         }
2830         spin_unlock(&interfaces_lock);
2831 }
2832
2833 static void ipmi_request_event(void)
2834 {
2835         ipmi_smi_t intf;
2836         int        i;
2837
2838         spin_lock(&interfaces_lock);
2839         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
2840                 intf = ipmi_interfaces[i];
2841                 if (IPMI_INVALID_INTERFACE(intf))
2842                         continue;
2843
2844                 intf->handlers->request_events(intf->send_info);
2845         }
2846         spin_unlock(&interfaces_lock);
2847 }
2848
2849 static struct timer_list ipmi_timer;
2850
2851 /* Call every ~100 ms. */
2852 #define IPMI_TIMEOUT_TIME       100
2853
2854 /* How many jiffies does it take to get to the timeout time. */
2855 #define IPMI_TIMEOUT_JIFFIES    ((IPMI_TIMEOUT_TIME * HZ) / 1000)
2856
2857 /* Request events from the queue every second (this is the number of
2858    IPMI_TIMEOUT_TIMES between event requests).  Hopefully, in the
2859    future, IPMI will add a way to know immediately if an event is in
2860    the queue and this silliness can go away. */
2861 #define IPMI_REQUEST_EV_TIME    (1000 / (IPMI_TIMEOUT_TIME))
2862
2863 static atomic_t stop_operation;
2864 static unsigned int ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
2865
2866 static void ipmi_timeout(unsigned long data)
2867 {
2868         if (atomic_read(&stop_operation))
2869                 return;
2870
2871         ticks_to_req_ev--;
2872         if (ticks_to_req_ev == 0) {
2873                 ipmi_request_event();
2874                 ticks_to_req_ev = IPMI_REQUEST_EV_TIME;
2875         }
2876
2877         ipmi_timeout_handler(IPMI_TIMEOUT_TIME);
2878
2879         mod_timer(&ipmi_timer, jiffies + IPMI_TIMEOUT_JIFFIES);
2880 }
2881
2882
2883 static atomic_t smi_msg_inuse_count = ATOMIC_INIT(0);
2884 static atomic_t recv_msg_inuse_count = ATOMIC_INIT(0);
2885
2886 /* FIXME - convert these to slabs. */
2887 static void free_smi_msg(struct ipmi_smi_msg *msg)
2888 {
2889         atomic_dec(&smi_msg_inuse_count);
2890         kfree(msg);
2891 }
2892
2893 struct ipmi_smi_msg *ipmi_alloc_smi_msg(void)
2894 {
2895         struct ipmi_smi_msg *rv;
2896         rv = kmalloc(sizeof(struct ipmi_smi_msg), GFP_ATOMIC);
2897         if (rv) {
2898                 rv->done = free_smi_msg;
2899                 rv->user_data = NULL;
2900                 atomic_inc(&smi_msg_inuse_count);
2901         }
2902         return rv;
2903 }
2904
2905 static void free_recv_msg(struct ipmi_recv_msg *msg)
2906 {
2907         atomic_dec(&recv_msg_inuse_count);
2908         kfree(msg);
2909 }
2910
2911 struct ipmi_recv_msg *ipmi_alloc_recv_msg(void)
2912 {
2913         struct ipmi_recv_msg *rv;
2914
2915         rv = kmalloc(sizeof(struct ipmi_recv_msg), GFP_ATOMIC);
2916         if (rv) {
2917                 rv->done = free_recv_msg;
2918                 atomic_inc(&recv_msg_inuse_count);
2919         }
2920         return rv;
2921 }
2922
2923 void ipmi_free_recv_msg(struct ipmi_recv_msg *msg)
2924 {
2925         if (msg->user)
2926                 kref_put(&msg->user->refcount, free_user);
2927         msg->done(msg);
2928 }
2929
2930 #ifdef CONFIG_IPMI_PANIC_EVENT
2931
2932 static void dummy_smi_done_handler(struct ipmi_smi_msg *msg)
2933 {
2934 }
2935
2936 static void dummy_recv_done_handler(struct ipmi_recv_msg *msg)
2937 {
2938 }
2939
2940 #ifdef CONFIG_IPMI_PANIC_STRING
2941 static void event_receiver_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
2942 {
2943         if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
2944             && (msg->msg.netfn == IPMI_NETFN_SENSOR_EVENT_RESPONSE)
2945             && (msg->msg.cmd == IPMI_GET_EVENT_RECEIVER_CMD)
2946             && (msg->msg.data[0] == IPMI_CC_NO_ERROR))
2947         {
2948                 /* A get event receiver command, save it. */
2949                 intf->event_receiver = msg->msg.data[1];
2950                 intf->event_receiver_lun = msg->msg.data[2] & 0x3;
2951         }
2952 }
2953
2954 static void device_id_fetcher(ipmi_smi_t intf, struct ipmi_recv_msg *msg)
2955 {
2956         if ((msg->addr.addr_type == IPMI_SYSTEM_INTERFACE_ADDR_TYPE)
2957             && (msg->msg.netfn == IPMI_NETFN_APP_RESPONSE)
2958             && (msg->msg.cmd == IPMI_GET_DEVICE_ID_CMD)
2959             && (msg->msg.data[0] == IPMI_CC_NO_ERROR))
2960         {
2961                 /* A get device id command, save if we are an event
2962                    receiver or generator. */
2963                 intf->local_sel_device = (msg->msg.data[6] >> 2) & 1;
2964                 intf->local_event_generator = (msg->msg.data[6] >> 5) & 1;
2965         }
2966 }
2967 #endif
2968
2969 static void send_panic_events(char *str)
2970 {
2971         struct kernel_ipmi_msg            msg;
2972         ipmi_smi_t                        intf;
2973         unsigned char                     data[16];
2974         int                               i;
2975         struct ipmi_system_interface_addr *si;
2976         struct ipmi_addr                  addr;
2977         struct ipmi_smi_msg               smi_msg;
2978         struct ipmi_recv_msg              recv_msg;
2979
2980         si = (struct ipmi_system_interface_addr *) &addr;
2981         si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
2982         si->channel = IPMI_BMC_CHANNEL;
2983         si->lun = 0;
2984
2985         /* Fill in an event telling that we have failed. */
2986         msg.netfn = 0x04; /* Sensor or Event. */
2987         msg.cmd = 2; /* Platform event command. */
2988         msg.data = data;
2989         msg.data_len = 8;
2990         data[0] = 0x41; /* Kernel generator ID, IPMI table 5-4 */
2991         data[1] = 0x03; /* This is for IPMI 1.0. */
2992         data[2] = 0x20; /* OS Critical Stop, IPMI table 36-3 */
2993         data[4] = 0x6f; /* Sensor specific, IPMI table 36-1 */
2994         data[5] = 0xa1; /* Runtime stop OEM bytes 2 & 3. */
2995
2996         /* Put a few breadcrumbs in.  Hopefully later we can add more things
2997            to make the panic events more useful. */
2998         if (str) {
2999                 data[3] = str[0];
3000                 data[6] = str[1];
3001                 data[7] = str[2];
3002         }
3003
3004         smi_msg.done = dummy_smi_done_handler;
3005         recv_msg.done = dummy_recv_done_handler;
3006
3007         /* For every registered interface, send the event. */
3008         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
3009                 intf = ipmi_interfaces[i];
3010                 if (IPMI_INVALID_INTERFACE(intf))
3011                         continue;
3012
3013                 /* Send the event announcing the panic. */
3014                 intf->handlers->set_run_to_completion(intf->send_info, 1);
3015                 i_ipmi_request(NULL,
3016                                intf,
3017                                &addr,
3018                                0,
3019                                &msg,
3020                                intf,
3021                                &smi_msg,
3022                                &recv_msg,
3023                                0,
3024                                intf->channels[0].address,
3025                                intf->channels[0].lun,
3026                                0, 1); /* Don't retry, and don't wait. */
3027         }
3028
3029 #ifdef CONFIG_IPMI_PANIC_STRING
3030         /* On every interface, dump a bunch of OEM event holding the
3031            string. */
3032         if (!str) 
3033                 return;
3034
3035         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
3036                 char                  *p = str;
3037                 struct ipmi_ipmb_addr *ipmb;
3038                 int                   j;
3039
3040                 intf = ipmi_interfaces[i];
3041                 if (IPMI_INVALID_INTERFACE(intf))
3042                         continue;
3043
3044                 /* First job here is to figure out where to send the
3045                    OEM events.  There's no way in IPMI to send OEM
3046                    events using an event send command, so we have to
3047                    find the SEL to put them in and stick them in
3048                    there. */
3049
3050                 /* Get capabilities from the get device id. */
3051                 intf->local_sel_device = 0;
3052                 intf->local_event_generator = 0;
3053                 intf->event_receiver = 0;
3054
3055                 /* Request the device info from the local MC. */
3056                 msg.netfn = IPMI_NETFN_APP_REQUEST;
3057                 msg.cmd = IPMI_GET_DEVICE_ID_CMD;
3058                 msg.data = NULL;
3059                 msg.data_len = 0;
3060                 intf->null_user_handler = device_id_fetcher;
3061                 i_ipmi_request(NULL,
3062                                intf,
3063                                &addr,
3064                                0,
3065                                &msg,
3066                                intf,
3067                                &smi_msg,
3068                                &recv_msg,
3069                                0,
3070                                intf->channels[0].address,
3071                                intf->channels[0].lun,
3072                                0, 1); /* Don't retry, and don't wait. */
3073
3074                 if (intf->local_event_generator) {
3075                         /* Request the event receiver from the local MC. */
3076                         msg.netfn = IPMI_NETFN_SENSOR_EVENT_REQUEST;
3077                         msg.cmd = IPMI_GET_EVENT_RECEIVER_CMD;
3078                         msg.data = NULL;
3079                         msg.data_len = 0;
3080                         intf->null_user_handler = event_receiver_fetcher;
3081                         i_ipmi_request(NULL,
3082                                        intf,
3083                                        &addr,
3084                                        0,
3085                                        &msg,
3086                                        intf,
3087                                        &smi_msg,
3088                                        &recv_msg,
3089                                        0,
3090                                        intf->channels[0].address,
3091                                        intf->channels[0].lun,
3092                                        0, 1); /* no retry, and no wait. */
3093                 }
3094                 intf->null_user_handler = NULL;
3095
3096                 /* Validate the event receiver.  The low bit must not
3097                    be 1 (it must be a valid IPMB address), it cannot
3098                    be zero, and it must not be my address. */
3099                 if (((intf->event_receiver & 1) == 0)
3100                     && (intf->event_receiver != 0)
3101                     && (intf->event_receiver != intf->channels[0].address))
3102                 {
3103                         /* The event receiver is valid, send an IPMB
3104                            message. */
3105                         ipmb = (struct ipmi_ipmb_addr *) &addr;
3106                         ipmb->addr_type = IPMI_IPMB_ADDR_TYPE;
3107                         ipmb->channel = 0; /* FIXME - is this right? */
3108                         ipmb->lun = intf->event_receiver_lun;
3109                         ipmb->slave_addr = intf->event_receiver;
3110                 } else if (intf->local_sel_device) {
3111                         /* The event receiver was not valid (or was
3112                            me), but I am an SEL device, just dump it
3113                            in my SEL. */
3114                         si = (struct ipmi_system_interface_addr *) &addr;
3115                         si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE;
3116                         si->channel = IPMI_BMC_CHANNEL;
3117                         si->lun = 0;
3118                 } else
3119                         continue; /* No where to send the event. */
3120
3121                 
3122                 msg.netfn = IPMI_NETFN_STORAGE_REQUEST; /* Storage. */
3123                 msg.cmd = IPMI_ADD_SEL_ENTRY_CMD;
3124                 msg.data = data;
3125                 msg.data_len = 16;
3126
3127                 j = 0;
3128                 while (*p) {
3129                         int size = strlen(p);
3130
3131                         if (size > 11)
3132                                 size = 11;
3133                         data[0] = 0;
3134                         data[1] = 0;
3135                         data[2] = 0xf0; /* OEM event without timestamp. */
3136                         data[3] = intf->channels[0].address;
3137                         data[4] = j++; /* sequence # */
3138                         /* Always give 11 bytes, so strncpy will fill
3139                            it with zeroes for me. */
3140                         strncpy(data+5, p, 11);
3141                         p += size;
3142
3143                         i_ipmi_request(NULL,
3144                                        intf,
3145                                        &addr,
3146                                        0,
3147                                        &msg,
3148                                        intf,
3149                                        &smi_msg,
3150                                        &recv_msg,
3151                                        0,
3152                                        intf->channels[0].address,
3153                                        intf->channels[0].lun,
3154                                        0, 1); /* no retry, and no wait. */
3155                 }
3156         }       
3157 #endif /* CONFIG_IPMI_PANIC_STRING */
3158 }
3159 #endif /* CONFIG_IPMI_PANIC_EVENT */
3160
3161 static int has_paniced = 0;
3162
3163 static int panic_event(struct notifier_block *this,
3164                        unsigned long         event,
3165                        void                  *ptr)
3166 {
3167         int        i;
3168         ipmi_smi_t intf;
3169
3170         if (has_paniced)
3171                 return NOTIFY_DONE;
3172         has_paniced = 1;
3173
3174         /* For every registered interface, set it to run to completion. */
3175         for (i = 0; i < MAX_IPMI_INTERFACES; i++) {
3176                 intf = ipmi_interfaces[i];
3177                 if (IPMI_INVALID_INTERFACE(intf))
3178                         continue;
3179
3180                 intf->handlers->set_run_to_completion(intf->send_info, 1);
3181         }
3182
3183 #ifdef CONFIG_IPMI_PANIC_EVENT
3184         send_panic_events(ptr);
3185 #endif
3186
3187         return NOTIFY_DONE;
3188 }
3189
3190 static struct notifier_block panic_block = {
3191         .notifier_call  = panic_event,
3192         .next           = NULL,
3193         .priority       = 200   /* priority: INT_MAX >= x >= 0 */
3194 };
3195
3196 static int ipmi_init_msghandler(void)
3197 {
3198         int i;
3199
3200         if (initialized)
3201                 return 0;
3202
3203         printk(KERN_INFO "ipmi message handler version "
3204                IPMI_DRIVER_VERSION "\n");
3205
3206         for (i = 0; i < MAX_IPMI_INTERFACES; i++)
3207                 ipmi_interfaces[i] = NULL;
3208
3209 #ifdef CONFIG_PROC_FS
3210         proc_ipmi_root = proc_mkdir("ipmi", NULL);
3211         if (!proc_ipmi_root) {
3212             printk(KERN_ERR PFX "Unable to create IPMI proc dir");
3213             return -ENOMEM;
3214         }
3215
3216         proc_ipmi_root->owner = THIS_MODULE;
3217 #endif /* CONFIG_PROC_FS */
3218
3219         init_timer(&ipmi_timer);
3220         ipmi_timer.data = 0;
3221         ipmi_timer.function = ipmi_timeout;
3222         ipmi_timer.expires = jiffies + IPMI_TIMEOUT_JIFFIES;
3223         add_timer(&ipmi_timer);
3224
3225         notifier_chain_register(&panic_notifier_list, &panic_block);
3226
3227         initialized = 1;
3228
3229         return 0;
3230 }
3231
3232 static __init int ipmi_init_msghandler_mod(void)
3233 {
3234         ipmi_init_msghandler();
3235         return 0;
3236 }
3237
3238 static __exit void cleanup_ipmi(void)
3239 {
3240         int count;
3241
3242         if (!initialized)
3243                 return;
3244
3245         notifier_chain_unregister(&panic_notifier_list, &panic_block);
3246
3247         /* This can't be called if any interfaces exist, so no worry about
3248            shutting down the interfaces. */
3249
3250         /* Tell the timer to stop, then wait for it to stop.  This avoids
3251            problems with race conditions removing the timer here. */
3252         atomic_inc(&stop_operation);
3253         del_timer_sync(&ipmi_timer);
3254
3255 #ifdef CONFIG_PROC_FS
3256         remove_proc_entry(proc_ipmi_root->name, &proc_root);
3257 #endif /* CONFIG_PROC_FS */
3258
3259         initialized = 0;
3260
3261         /* Check for buffer leaks. */
3262         count = atomic_read(&smi_msg_inuse_count);
3263         if (count != 0)
3264                 printk(KERN_WARNING PFX "SMI message count %d at exit\n",
3265                        count);
3266         count = atomic_read(&recv_msg_inuse_count);
3267         if (count != 0)
3268                 printk(KERN_WARNING PFX "recv message count %d at exit\n",
3269                        count);
3270 }
3271 module_exit(cleanup_ipmi);
3272
3273 module_init(ipmi_init_msghandler_mod);
3274 MODULE_LICENSE("GPL");
3275 MODULE_AUTHOR("Corey Minyard <minyard@mvista.com>");
3276 MODULE_DESCRIPTION("Incoming and outgoing message routing for an IPMI interface.");
3277 MODULE_VERSION(IPMI_DRIVER_VERSION);
3278
3279 EXPORT_SYMBOL(ipmi_create_user);
3280 EXPORT_SYMBOL(ipmi_destroy_user);
3281 EXPORT_SYMBOL(ipmi_get_version);
3282 EXPORT_SYMBOL(ipmi_request_settime);
3283 EXPORT_SYMBOL(ipmi_request_supply_msgs);
3284 EXPORT_SYMBOL(ipmi_register_smi);
3285 EXPORT_SYMBOL(ipmi_unregister_smi);
3286 EXPORT_SYMBOL(ipmi_register_for_cmd);
3287 EXPORT_SYMBOL(ipmi_unregister_for_cmd);
3288 EXPORT_SYMBOL(ipmi_smi_msg_received);
3289 EXPORT_SYMBOL(ipmi_smi_watchdog_pretimeout);
3290 EXPORT_SYMBOL(ipmi_alloc_smi_msg);
3291 EXPORT_SYMBOL(ipmi_addr_length);
3292 EXPORT_SYMBOL(ipmi_validate_addr);
3293 EXPORT_SYMBOL(ipmi_set_gets_events);
3294 EXPORT_SYMBOL(ipmi_smi_watcher_register);
3295 EXPORT_SYMBOL(ipmi_smi_watcher_unregister);
3296 EXPORT_SYMBOL(ipmi_set_my_address);
3297 EXPORT_SYMBOL(ipmi_get_my_address);
3298 EXPORT_SYMBOL(ipmi_set_my_LUN);
3299 EXPORT_SYMBOL(ipmi_get_my_LUN);
3300 EXPORT_SYMBOL(ipmi_smi_add_proc_entry);
3301 EXPORT_SYMBOL(ipmi_user_set_run_to_completion);
3302 EXPORT_SYMBOL(ipmi_free_recv_msg);