[PATCH] ibmasm driver: fix race in command refcount logic
[linux-2.6.git] / drivers / misc / ibmasm / command.c
1
2 /*
3  * IBM ASM Service Processor Device Driver
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18  *
19  * Copyright (C) IBM Corporation, 2004
20  *
21  * Author: Max Asböck <amax@us.ibm.com> 
22  *
23  */
24
25 #include "ibmasm.h"
26 #include "lowlevel.h"
27
28 static void exec_next_command(struct service_processor *sp);
29 static void free_command(struct kobject *kobj);
30
31 static struct kobj_type ibmasm_cmd_kobj_type = {
32         .release = free_command,
33 };
34
35 static atomic_t command_count = ATOMIC_INIT(0);
36
37 struct command *ibmasm_new_command(struct service_processor *sp, size_t buffer_size)
38 {
39         struct command *cmd;
40
41         if (buffer_size > IBMASM_CMD_MAX_BUFFER_SIZE)
42                 return NULL;
43
44         cmd = kmalloc(sizeof(struct command), GFP_KERNEL);
45         if (cmd == NULL)
46                 return NULL;
47
48         memset(cmd, 0, sizeof(*cmd));
49
50         cmd->buffer = kmalloc(buffer_size, GFP_KERNEL);
51         if (cmd->buffer == NULL) {
52                 kfree(cmd);
53                 return NULL;
54         }
55         memset(cmd->buffer, 0, buffer_size);
56         cmd->buffer_size = buffer_size;
57
58         kobject_init(&cmd->kobj);
59         cmd->kobj.ktype = &ibmasm_cmd_kobj_type;
60         cmd->lock = &sp->lock;
61
62         cmd->status = IBMASM_CMD_PENDING;
63         init_waitqueue_head(&cmd->wait);
64         INIT_LIST_HEAD(&cmd->queue_node);
65
66         atomic_inc(&command_count);
67         dbg("command count: %d\n", atomic_read(&command_count));
68
69         return cmd;
70 }
71
72 static void free_command(struct kobject *kobj)
73 {
74         struct command *cmd = to_command(kobj);
75  
76         list_del(&cmd->queue_node);
77         atomic_dec(&command_count);
78         dbg("command count: %d\n", atomic_read(&command_count));
79         kfree(cmd->buffer);
80         kfree(cmd);
81 }
82
83 static void enqueue_command(struct service_processor *sp, struct command *cmd)
84 {
85         list_add_tail(&cmd->queue_node, &sp->command_queue);
86 }
87
88 static struct command *dequeue_command(struct service_processor *sp)
89 {
90         struct command *cmd;
91         struct list_head *next;
92
93         if (list_empty(&sp->command_queue))
94                 return NULL;
95
96         next = sp->command_queue.next;
97         list_del_init(next);
98         cmd = list_entry(next, struct command, queue_node);
99
100         return cmd;
101 }
102
103 static inline void do_exec_command(struct service_processor *sp)
104 {
105         char tsbuf[32];
106
107         dbg("%s:%d at %s\n", __FUNCTION__, __LINE__, get_timestamp(tsbuf));
108
109         if (ibmasm_send_i2o_message(sp)) {
110                 sp->current_command->status = IBMASM_CMD_FAILED;
111                 wake_up(&sp->current_command->wait);
112                 command_put(sp->current_command);
113                 exec_next_command(sp);
114         }
115 }
116         
117 /**
118  * exec_command
119  * send a command to a service processor
120  * Commands are executed sequentially. One command (sp->current_command)
121  * is sent to the service processor. Once the interrupt handler gets a
122  * message of type command_response, the message is copied into
123  * the current commands buffer, 
124  */
125 void ibmasm_exec_command(struct service_processor *sp, struct command *cmd)
126 {
127         unsigned long flags;
128         char tsbuf[32];
129
130         dbg("%s:%d at %s\n", __FUNCTION__, __LINE__, get_timestamp(tsbuf));
131
132         spin_lock_irqsave(&sp->lock, flags);
133
134         if (!sp->current_command) {
135                 sp->current_command = cmd;
136                 command_get(sp->current_command);
137                 spin_unlock_irqrestore(&sp->lock, flags);
138                 do_exec_command(sp);
139         } else {
140                 enqueue_command(sp, cmd);
141                 spin_unlock_irqrestore(&sp->lock, flags);
142         }
143 }
144
145 static void exec_next_command(struct service_processor *sp)
146 {
147         unsigned long flags;
148         char tsbuf[32];
149
150         dbg("%s:%d at %s\n", __FUNCTION__, __LINE__, get_timestamp(tsbuf));
151
152         spin_lock_irqsave(&sp->lock, flags);
153         sp->current_command = dequeue_command(sp);
154         if (sp->current_command) {
155                 command_get(sp->current_command);
156                 spin_unlock_irqrestore(&sp->lock, flags);
157                 do_exec_command(sp);
158         } else {
159                 spin_unlock_irqrestore(&sp->lock, flags);
160         }
161 }
162
163 /** 
164  * Sleep until a command has failed or a response has been received
165  * and the command status been updated by the interrupt handler.
166  * (see receive_response).
167  */
168 void ibmasm_wait_for_response(struct command *cmd, int timeout)
169 {
170         wait_event_interruptible_timeout(cmd->wait,
171                                 cmd->status == IBMASM_CMD_COMPLETE ||
172                                 cmd->status == IBMASM_CMD_FAILED,
173                                 timeout * HZ);
174 }
175
176 /**
177  * receive_command_response
178  * called by the interrupt handler when a dot command of type command_response
179  * was received.
180  */
181 void ibmasm_receive_command_response(struct service_processor *sp, void *response, size_t size)
182 {
183         struct command *cmd = sp->current_command;
184
185         if (!sp->current_command) 
186                 return; 
187
188         memcpy_fromio(cmd->buffer, response, min(size, cmd->buffer_size));
189         cmd->status = IBMASM_CMD_COMPLETE;
190         wake_up(&sp->current_command->wait);
191         command_put(sp->current_command);
192         exec_next_command(sp);
193 }