[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <54c6562b-f35a-c616-b6c2-a2eadf6937da@acm.org>
Date: Tue, 16 Jan 2018 16:12:57 -0600
From: Corey Minyard <minyard@....org>
To: Haiyue Wang <haiyue.wang@...ux.intel.com>, joel@....id.au,
openbmc@...ts.ozlabs.org, openipmi-developer@...ts.sourceforge.net,
linux-kernel@...r.kernel.org
Cc: andriy.shevchenko@...el.com
Subject: Re: [PATCH arm/aspeed/ast2500 v1] ipmi: add an Aspeed KCS IPMI BMC
driver
On 01/16/2018 02:59 PM, Corey Minyard wrote:
> On 01/16/2018 05:43 AM, Haiyue Wang wrote:
>> The KCS (Keyboard Controller Style) interface is used to perform in-band
>> IPMI communication between a server host and its BMC (BaseBoard
>> Management
>> Controllers).
>>
>> This driver exposes the KCS interface on ASpeed SOCs (AST2400 and
>> AST2500)
>> as a character device. Such SOCs are commonly used as BMCs and this
>> driver
>> implements the BMC side of the KCS interface.
>
> I thought we were going to unify the BMC ioctl interface? My
> preference would be to
> create a file named include/uapi/linux/ipmi-bmc.h and add the following:
>
> #define __IPMI_BMC_IOCTL_MAGIC 0xb1
> #define IPMI_BMC_IOCTL_SMS_SET_ATN _IO(__IPMI_BMC_IOCTL_MAGIC, 0x00)
>
> to make it the same as BT. Then in bt-bmc.h, set BT_BMC_IOCTL_SMS_ATN to
> IPMI_BMC_IOCTL_SMS_SET_ATN. Then add the KCS ioctls in ipmi-bmc.h and
> use that. That way we stay backward compatible but we are unified.
>
> Since more KCS interfaces may come around, can you make the name more
> specific? (I made this same error on bt-bmc,c, it should probably be
> renamed.)
>
> More comments inline, as I'll go ahead and review this.
>
>> Signed-off-by: Haiyue Wang <haiyue.wang@...ux.intel.com>
>> ---
>> .../devicetree/bindings/ipmi/aspeed-kcs-bmc.txt | 26 +
>> drivers/char/ipmi/Kconfig | 9 +
>> drivers/char/ipmi/Makefile | 1 +
>> drivers/char/ipmi/kcs-bmc.c | 744
>> +++++++++++++++++++++
>> include/uapi/linux/kcs-bmc.h | 14 +
>> 5 files changed, 794 insertions(+)
>> create mode 100644
>> Documentation/devicetree/bindings/ipmi/aspeed-kcs-bmc.txt
>> create mode 100644 drivers/char/ipmi/kcs-bmc.c
>> create mode 100644 include/uapi/linux/kcs-bmc.h
>>
>> diff --git
>> a/Documentation/devicetree/bindings/ipmi/aspeed-kcs-bmc.txt
>> b/Documentation/devicetree/bindings/ipmi/aspeed-kcs-bmc.txt
>> new file mode 100644
>> index 0000000..dd0c73d
>> --- /dev/null
>> +++ b/Documentation/devicetree/bindings/ipmi/aspeed-kcs-bmc.txt
>> @@ -0,0 +1,26 @@
>> +* Aspeed KCS (Keyboard Controller Style) IPMI interface
>> +
>> +The Aspeed SOCs (AST2400 and AST2500) are commonly used as BMCs
>> +(BaseBoard Management Controllers) and the KCS interface can be
>> +used to perform in-band IPMI communication with their host.
>> +
>> +Required properties:
>> +- compatible : should be one of
>> + "aspeed,ast2400-kcs-bmc"
>> + "aspeed,ast2500-kcs-bmc"
>> +- interrupts : interrupt generated by the controller
>> +- kcs_chan : The LPC channel number in the controller
>> +- kcs_addr : The host CPU IO map address
>> +
>> +
>> +Example:
>> +
>> + kcs3: kcs3@0 {
>> + compatible = "aspeed,ast2500-kcs-bmc";
>> + reg = <0x0 0x80>;
>> + interrupts = <8>;
>> + kcs_chan = <3>;
>> + kcs_addr = <0xCA2>;
>> + status = "okay";
>> + };
>> +
>> diff --git a/drivers/char/ipmi/Kconfig b/drivers/char/ipmi/Kconfig
>> index 3544abc..36132f8 100644
>> --- a/drivers/char/ipmi/Kconfig
>> +++ b/drivers/char/ipmi/Kconfig
>> @@ -104,3 +104,12 @@ config ASPEED_BT_IPMI_BMC
>> Provides a driver for the BT (Block Transfer) IPMI interface
>> found on Aspeed SOCs (AST2400 and AST2500). The driver
>> implements the BMC side of the BT interface.
>> +
>> +config ASPEED_KCS_IPMI_BMC
>> + depends on ARCH_ASPEED || COMPILE_TEST
>> + select REGMAP_MMIO
>> + tristate "KCS IPMI bmc driver"
>> + help
>> + Provides a driver for the KCS (Keyboard Controller Style) IPMI
>> + interface found on Aspeed SOCs (AST2400 and AST2500). The driver
>> + implements the BMC side of the KCS interface.
>> \ No newline at end of file
>> diff --git a/drivers/char/ipmi/Makefile b/drivers/char/ipmi/Makefile
>> index 33b899f..f217bae 100644
>> --- a/drivers/char/ipmi/Makefile
>> +++ b/drivers/char/ipmi/Makefile
>> @@ -22,3 +22,4 @@ obj-$(CONFIG_IPMI_POWERNV) += ipmi_powernv.o
>> obj-$(CONFIG_IPMI_WATCHDOG) += ipmi_watchdog.o
>> obj-$(CONFIG_IPMI_POWEROFF) += ipmi_poweroff.o
>> obj-$(CONFIG_ASPEED_BT_IPMI_BMC) += bt-bmc.o
>> +obj-$(CONFIG_ASPEED_KCS_IPMI_BMC) += kcs-bmc.o
>> \ No newline at end of file
>> diff --git a/drivers/char/ipmi/kcs-bmc.c b/drivers/char/ipmi/kcs-bmc.c
>> new file mode 100644
>> index 0000000..d6eab0b
>> --- /dev/null
>> +++ b/drivers/char/ipmi/kcs-bmc.c
>> @@ -0,0 +1,744 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +// Copyright (c) 2015-2018, Intel Corporation.
>> +
>> +#include <linux/atomic.h>
>> +#include <linux/errno.h>
>> +#include <linux/interrupt.h>
>> +#include <linux/io.h>
>> +#include <linux/kcs-bmc.h>
>> +#include <linux/mfd/syscon.h>
>> +#include <linux/miscdevice.h>
>> +#include <linux/module.h>
>> +#include <linux/of.h>
>> +#include <linux/platform_device.h>
>> +#include <linux/poll.h>
>> +#include <linux/regmap.h>
>> +#include <linux/sched.h>
>> +#include <linux/slab.h>
>> +#include <linux/timer.h>
>> +
>> +#define KCS_MSG_BUFSIZ 1024
>> +#define KCS_CHANNEL_MAX 4
>> +
>> +/*
>> + * This is a BMC device used to communicate to the host
>> + */
>> +#define DEVICE_NAME "ipmi-kcs-host"
>> +
>> +
>> +/* Different Phases of the KCS Module */
>> +#define KCS_PHASE_IDLE 0x00
>> +#define KCS_PHASE_WRITE 0x01
>> +#define KCS_PHASE_WRITE_END 0x02
>> +#define KCS_PHASE_READ 0x03
>> +#define KCS_PHASE_ABORT 0x04
>> +#define KCS_PHASE_ERROR 0x05
>
> It would be nicer to make the above an enum.
>
>> +
>> +/* Abort Phase */
>> +#define ABORT_PHASE_ERROR1 0x01
>> +#define ABORT_PHASE_ERROR2 0x02
>
> Can the above just be folded into two separate phases in kcs_phase?
> That would be a little cleaner.
>
>
>> +
>> +/* KCS Command Control codes. */
>> +#define KCS_GET_STATUS 0x60
>> +#define KCS_ABORT 0x60
>> +#define KCS_WRITE_START 0x61
>> +#define KCS_WRITE_END 0x62
>> +#define KCS_READ_BYTE 0x68
>> +
>> +/* Status bits.:
>> + * - IDLE_STATE. Interface is idle. System software should not be
>> expecting
>> + * nor sending any data.
>> + * - READ_STATE. BMC is transferring a packet to system software.
>> System
>> + * software should be in the "Read Message" state.
>> + * - WRITE_STATE. BMC is receiving a packet from system software.
>> System
>> + * software should be writing a command to the BMC.
>> + * - ERROR_STATE. BMC has detected a protocol violation at the
>> interface level,
>> + * or the transfer has been aborted. System software
>> can either
>> + * use the "Get_Status" control code to request the
>> nature of
>> + * the error, or it can just retry the command.
>> + */
>> +#define KCS_IDLE_STATE 0
>> +#define KCS_READ_STATE 1
>> +#define KCS_WRITE_STATE 2
>> +#define KCS_ERROR_STATE 3
>> +
>> +/* KCS Error Codes */
>> +#define KCS_NO_ERROR 0x00
>> +#define KCS_ABORTED_BY_COMMAND 0x01
>> +#define KCS_ILLEGAL_CONTROL_CODE 0x02
>> +#define KCS_LENGTH_ERROR 0x06
>> +#define KCS_UNSPECIFIED_ERROR 0xFF
>> +
>> +
>> +#define KCS_ZERO_DATA 0
>> +
>> +/* IPMI 2.0 - Table 9-1, KCS Interface Status Register Bits */
>> +#define KCS_STR_STATE(state) (state << 6)
>> +#define KCS_STR_STATE_MASK KCS_STR_STATE(0x3)
>> +#define KCS_STR_CMD_DAT BIT(3)
>> +#define KCS_STR_SMS_ATN BIT(2)
>> +#define KCS_STR_IBF BIT(1)
>> +#define KCS_STR_OBF BIT(0)
>> +
>> +
>> +/* mapped to lpc-bmc@0 IO space */
>> +#define LPC_HICR0 0x000
>> +#define LPC_HICR0_LPC3E BIT(7)
>> +#define LPC_HICR0_LPC2E BIT(6)
>> +#define LPC_HICR0_LPC1E BIT(5)
>> +#define LPC_HICR2 0x008
>> +#define LPC_HICR2_IBFIF3 BIT(3)
>> +#define LPC_HICR2_IBFIF2 BIT(2)
>> +#define LPC_HICR2_IBFIF1 BIT(1)
>> +#define LPC_HICR4 0x010
>> +#define LPC_HICR4_LADR12AS BIT(7)
>> +#define LPC_HICR4_KCSENBL BIT(2)
>> +#define LPC_LADR3H 0x014
>> +#define LPC_LADR3L 0x018
>> +#define LPC_LADR12H 0x01C
>> +#define LPC_LADR12L 0x020
>> +#define LPC_IDR1 0x024
>> +#define LPC_IDR2 0x028
>> +#define LPC_IDR3 0x02C
>> +#define LPC_ODR1 0x030
>> +#define LPC_ODR2 0x034
>> +#define LPC_ODR3 0x038
>> +#define LPC_STR1 0x03C
>> +#define LPC_STR2 0x040
>> +#define LPC_STR3 0x044
>> +
>> +/* mapped to lpc-host@80 IO space */
>> +#define LPC_HICRB 0x080
>> +#define LPC_HICRB_IBFIF4 BIT(1)
>> +#define LPC_HICRB_LPC4E BIT(0)
>> +#define LPC_LADR4 0x090
>> +#define LPC_IDR4 0x094
>> +#define LPC_ODR4 0x098
>> +#define LPC_STR4 0x09C
>> +
>> +
>> +/* IPMI 2.0 - 9.5, KCS Interface Registers */
>> +struct kcs_ioreg {
>> + u32 idr; /* Input Data Register */
>> + u32 odr; /* Output Data Register */
>> + u32 str; /* Status Register */
>> +};
>> +
>> +static const struct kcs_ioreg kcs_ioreg_map[KCS_CHANNEL_MAX] = {
>> + { .idr = LPC_IDR1, .odr = LPC_ODR1, .str = LPC_STR1 },
>> + { .idr = LPC_IDR2, .odr = LPC_ODR2, .str = LPC_STR2 },
>> + { .idr = LPC_IDR3, .odr = LPC_ODR3, .str = LPC_STR3 },
>> + { .idr = LPC_IDR4, .odr = LPC_ODR4, .str = LPC_STR4 },
>> +};
One more thing... Why aren't the above values being set in the device tree?
Passing in a channel (and address) seems inflexible. Kind of goes
against the
philosophy of device trees.
-corey
>>
>> +
>> +struct kcs_bmc {
>> + struct regmap *map;
>> + spinlock_t lock;
>
> This lock is only used in threads, as far as I can tell. Couldn't it
> just be a normal mutex?
> But more on this later.
>
>> +
>> + u32 chan;
>> + int running;
>> +
>> + u32 idr;
>> + u32 odr;
>> + u32 str;
>> +
>> + int kcs_phase;
>> + u8 abort_phase;
>> + u8 kcs_error;
>> +
>> + wait_queue_head_t queue;
>> + int data_in_avail;
>
> data_in_avail should be a bool.
>
> You set data_in_avail after the data is ready, but you don't have a
> barrier. You
> have similar problems with kcs_phase.
>
> In fact, the locking in the driver doesn't seem quite correct. If
> this ever ran on
> an SMP system, it is likely to not work correctly. You can assume
> that the interrupt
> runs exclusively, but you cannot assume that the data operations are
> available in
> order on another processor that handles a subsequent interrupt.
>
> The easiest way to fix this would be to add the spin lock around the
> case statement
> in the irq handler and add them in the poll and read functions (you
> would need to
> leave it as a spinlock in that case). That would provide the proper
> barriers assuming
> you put them in the right place (checking data_in_avail again inside
> the spinlock
> in the read case, for instance).
>
>> + int data_in_idx;
>> + u8 *data_in;
>> +
>> + int data_out_idx;
>> + int data_out_len;
>> + u8 *data_out;
>> +
>> + struct miscdevice miscdev;
>> +};
>> +
>> +static u8 kcs_inb(struct kcs_bmc *kcs_bmc, u32 reg)
>> +{
>> + u32 val = 0;
>> + int rc;
>> +
>> + rc = regmap_read(kcs_bmc->map, reg, &val);
>> + WARN(rc != 0, "regmap_read() failed: %d\n", rc);
>> +
>> + return rc == 0 ? (u8) val : 0;
>> +}
>> +
>> +static void kcs_outb(struct kcs_bmc *kcs_bmc, u8 data, u32 reg)
>> +{
>> + int rc;
>> +
>> + rc = regmap_write(kcs_bmc->map, reg, data);
>> + WARN(rc != 0, "regmap_write() failed: %d\n", rc);
>> +}
>> +
>> +static inline void kcs_set_state(struct kcs_bmc *kcs_bmc, u8 state)
>> +{
>> + regmap_update_bits(kcs_bmc->map, kcs_bmc->str, KCS_STR_STATE_MASK,
>> + KCS_STR_STATE(state));
>> +}
>> +
>> +static inline void kcs_set_atn(struct kcs_bmc *kcs_bmc)
>> +{
>> + regmap_update_bits(kcs_bmc->map, kcs_bmc->str, KCS_STR_SMS_ATN,
>> + KCS_STR_SMS_ATN);
>> +}
>> +
>> +static inline void kcs_clear_atn(struct kcs_bmc *kcs_bmc)
>> +{
>> + regmap_update_bits(kcs_bmc->map, kcs_bmc->str, KCS_STR_SMS_ATN,
>> + 0);
>> +}
>> +
>> +/*
>> + * AST_usrGuide_KCS.pdf
>> + * 2. Background:
>> + * we note D for Data, and C for Cmd/Status, default rules are
>> + * A. KCS1 / KCS2 ( D / C:X / X+4 )
>> + * D / C : CA0h / CA4h
>> + * D / C : CA8h / CACh
>> + * B. KCS3 ( D / C:XX2h / XX3h )
>> + * D / C : CA2h / CA3h
>> + * D / C : CB2h / CB3h
>> + * C. KCS4
>> + * D / C : CA4h / CA5h
>> + */
>> +static void kcs_set_addr(struct kcs_bmc *kcs_bmc, u16 addr)
>> +{
>> + switch (kcs_bmc->chan) {
>> + case 1:
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR4,
>> + LPC_HICR4_LADR12AS, 0);
>> + regmap_write(kcs_bmc->map, LPC_LADR12H, addr >> 8);
>> + regmap_write(kcs_bmc->map, LPC_LADR12L, addr & 0xFF);
>> + break;
>> +
>> + case 2:
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR4,
>> + LPC_HICR4_LADR12AS, LPC_HICR4_LADR12AS);
>> + regmap_write(kcs_bmc->map, LPC_LADR12H, addr >> 8);
>> + regmap_write(kcs_bmc->map, LPC_LADR12L, addr & 0xFF);
>> + break;
>> +
>> + case 3:
>> + regmap_write(kcs_bmc->map, LPC_LADR3H, addr >> 8);
>> + regmap_write(kcs_bmc->map, LPC_LADR3L, addr & 0xFF);
>> + break;
>> +
>> + case 4:
>> + regmap_write(kcs_bmc->map, LPC_LADR4, ((addr + 1) << 16) |
>> + addr);
>> + break;
>> +
>> + default:
>
> Shouldn't you return an error here?
>
>> + break;
>> + }
>> +}
>> +
>> +static void kcs_enable_channel(struct kcs_bmc *kcs_bmc, int enable)
>> +{
>> + switch (kcs_bmc->chan) {
>> + case 1:
>> + if (enable) {
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR2,
>> + LPC_HICR2_IBFIF1, LPC_HICR2_IBFIF1);
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR0,
>> + LPC_HICR0_LPC1E, LPC_HICR0_LPC1E);
>> + } else {
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR0,
>> + LPC_HICR0_LPC1E, 0);
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR2,
>> + LPC_HICR2_IBFIF1, 0);
>> + }
>> + break;
>> +
>> + case 2:
>> + if (enable) {
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR2,
>> + LPC_HICR2_IBFIF2, LPC_HICR2_IBFIF2);
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR0,
>> + LPC_HICR0_LPC2E, LPC_HICR0_LPC2E);
>> + } else {
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR0,
>> + LPC_HICR0_LPC2E, 0);
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR2,
>> + LPC_HICR2_IBFIF2, 0);
>> + }
>> + break;
>> +
>> + case 3:
>> + if (enable) {
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR2,
>> + LPC_HICR2_IBFIF3, LPC_HICR2_IBFIF3);
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR0,
>> + LPC_HICR0_LPC3E, LPC_HICR0_LPC3E);
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR4,
>> + LPC_HICR4_KCSENBL, LPC_HICR4_KCSENBL);
>> + } else {
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR0,
>> + LPC_HICR0_LPC3E, 0);
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR4,
>> + LPC_HICR4_KCSENBL, 0);
>> + regmap_update_bits(kcs_bmc->map, LPC_HICR2,
>> + LPC_HICR2_IBFIF3, 0);
>> + }
>> + break;
>> +
>> + case 4:
>> + if (enable) {
>> + regmap_update_bits(kcs_bmc->map, LPC_HICRB,
>> + LPC_HICRB_IBFIF4 | LPC_HICRB_LPC4E,
>> + LPC_HICRB_IBFIF4 | LPC_HICRB_LPC4E);
>> + } else {
>> + regmap_update_bits(kcs_bmc->map, LPC_HICRB,
>> + LPC_HICRB_IBFIF4 | LPC_HICRB_LPC4E,
>> + 0);
>> + }
>
> The above shouldn't have {}, did you run this through checkpatch?
>
>> + break;
>> +
>> + default:
>
> Error here, too?
>
>> + break;
>> + }
>> +}
>> +
>> +static void kcs_rx_data(struct kcs_bmc *kcs_bmc)
>> +{
>> + u8 data;
>> +
>> + switch (kcs_bmc->kcs_phase) {
>> + case KCS_PHASE_WRITE:
>> + kcs_set_state(kcs_bmc, KCS_WRITE_STATE);
>> +
>> + /* set OBF before reading data */
>> + kcs_outb(kcs_bmc, KCS_ZERO_DATA, kcs_bmc->odr);
>> +
>> + if (kcs_bmc->data_in_idx < KCS_MSG_BUFSIZ)
>> + kcs_bmc->data_in[kcs_bmc->data_in_idx++] =
>> + kcs_inb(kcs_bmc, kcs_bmc->idr);
>> + break;
>> +
>> + case KCS_PHASE_WRITE_END:
>> + kcs_set_state(kcs_bmc, KCS_READ_STATE);
>> +
>> + if (kcs_bmc->data_in_idx < KCS_MSG_BUFSIZ)
>> + kcs_bmc->data_in[kcs_bmc->data_in_idx++] =
>> + kcs_inb(kcs_bmc, kcs_bmc->idr);
>> +
>> + kcs_bmc->kcs_phase = KCS_PHASE_READ;
>> + if (kcs_bmc->running) {
>> + kcs_bmc->data_in_avail = 1;
>> + wake_up_interruptible(&kcs_bmc->queue);
>> + }
>> + break;
>> +
>> + case KCS_PHASE_READ:
>> + if (kcs_bmc->data_out_idx == kcs_bmc->data_out_len)
>> + kcs_set_state(kcs_bmc, KCS_IDLE_STATE);
>> +
>> + data = kcs_inb(kcs_bmc, kcs_bmc->idr);
>> + if (data != KCS_READ_BYTE) {
>> + kcs_set_state(kcs_bmc, KCS_ERROR_STATE);
>> + kcs_outb(kcs_bmc, KCS_ZERO_DATA, kcs_bmc->odr);
>> + break;
>> + }
>> +
>> + if (kcs_bmc->data_out_idx == kcs_bmc->data_out_len) {
>> + kcs_outb(kcs_bmc, KCS_ZERO_DATA, kcs_bmc->odr);
>> + kcs_bmc->kcs_phase = KCS_PHASE_IDLE;
>> + break;
>> + }
>> +
>> + kcs_outb(kcs_bmc, kcs_bmc->data_out[kcs_bmc->data_out_idx++],
>> + kcs_bmc->odr);
>> + break;
>> +
>> + case KCS_PHASE_ABORT:
>> + switch (kcs_bmc->abort_phase) {
>> + case ABORT_PHASE_ERROR1:
>> + kcs_set_state(kcs_bmc, KCS_READ_STATE);
>> +
>> + /* Read the Dummy byte */
>> + kcs_inb(kcs_bmc, kcs_bmc->idr);
>> +
>> + kcs_outb(kcs_bmc, kcs_bmc->kcs_error, kcs_bmc->odr);
>> + kcs_bmc->abort_phase = ABORT_PHASE_ERROR2;
>> + break;
>> +
>> + case ABORT_PHASE_ERROR2:
>> + kcs_set_state(kcs_bmc, KCS_IDLE_STATE);
>> +
>> + /* Read the Dummy byte */
>> + kcs_inb(kcs_bmc, kcs_bmc->idr);
>> +
>> + kcs_outb(kcs_bmc, KCS_ZERO_DATA, kcs_bmc->odr);
>> + kcs_bmc->kcs_phase = KCS_PHASE_IDLE;
>> + kcs_bmc->abort_phase = 0;
>> + break;
>> +
>> + default:
>> + break;
>> + }
>> +
>> + break;
>> +
>> + case KCS_PHASE_ERROR:
>
> This is identical to the default. And the default should never
> happen, anyway.
> If the default happens you have a software bug and need to report it.
>
>> + kcs_set_state(kcs_bmc, KCS_ERROR_STATE);
>> +
>> + /* Read the Dummy byte */
>> + kcs_inb(kcs_bmc, kcs_bmc->idr);
>> +
>> + kcs_outb(kcs_bmc, KCS_ZERO_DATA, kcs_bmc->odr);
>> + break;
>> +
>> + default:
>> + kcs_set_state(kcs_bmc, KCS_ERROR_STATE);
>> +
>> + /* Read the Dummy byte */
>> + kcs_inb(kcs_bmc, kcs_bmc->idr);
>> +
>> + kcs_outb(kcs_bmc, KCS_ZERO_DATA, kcs_bmc->odr);
>> + break;
>> + }
>> +}
>> +
>> +static void kcs_rx_cmd(struct kcs_bmc *kcs_bmc)
>> +{
>> + u8 cmd;
>> +
>> + kcs_set_state(kcs_bmc, KCS_WRITE_STATE);
>> +
>> + /* Dummy data to generate OBF */
>> + kcs_outb(kcs_bmc, KCS_ZERO_DATA, kcs_bmc->odr);
>> +
>> + cmd = kcs_inb(kcs_bmc, kcs_bmc->idr);
>
> Wouldn't you want to read the command before you write the OBF?
>
>> + switch (cmd) {
>> + case KCS_WRITE_START:
>> + kcs_bmc->data_in_avail = 0;
>> + kcs_bmc->data_in_idx = 0;
>> + kcs_bmc->kcs_phase = KCS_PHASE_WRITE;
>> + kcs_bmc->kcs_error = KCS_NO_ERROR;
>> + break;
>> +
>> + case KCS_WRITE_END:
>> + kcs_bmc->kcs_phase = KCS_PHASE_WRITE_END;
>> + break;
>> +
>> + case KCS_ABORT:
>> + if (kcs_bmc->kcs_error == KCS_NO_ERROR)
>> + kcs_bmc->kcs_error = KCS_ABORTED_BY_COMMAND;
>> +
>> + kcs_bmc->kcs_phase = KCS_PHASE_ABORT;
>> + kcs_bmc->abort_phase = ABORT_PHASE_ERROR1;
>> + break;
>> +
>> + default:
>> + kcs_bmc->kcs_error = KCS_ILLEGAL_CONTROL_CODE;
>> + kcs_set_state(kcs_bmc, KCS_ERROR_STATE);
>> + kcs_outb(kcs_bmc, kcs_bmc->kcs_error, kcs_bmc->odr);
>> + kcs_bmc->kcs_phase = KCS_PHASE_ERROR;
>> + break;
>> + }
>> +}
>> +
>> +/*
>> + * Whenever the BMC is reset (from power-on or a hard reset), the
>> State Bits
>> + * are initialized to "11 - Error State". Doing so allows SMS to
>> detect that
>> + * the BMC has been reset and that any message in process has been
>> terminated
>> + * by the BMC.
>> + */
>> +static void kcs_force_abort(struct kcs_bmc *kcs_bmc)
>> +{
>> + unsigned long flags;
>> +
>> + spin_lock_irqsave(&kcs_bmc->lock, flags);
>> + kcs_set_state(kcs_bmc, KCS_ERROR_STATE);
>> +
>> + /* Read the Dummy byte */
>> + kcs_inb(kcs_bmc, kcs_bmc->idr);
>> +
>> + kcs_outb(kcs_bmc, KCS_ZERO_DATA, kcs_bmc->odr);
>> + kcs_bmc->kcs_phase = KCS_PHASE_ERROR;
>> + spin_unlock_irqrestore(&kcs_bmc->lock, flags);
>
> You don't set data_in_avail() to zero here?
>
>> +}
>> +
>> +static irqreturn_t kcs_bmc_irq(int irq, void *arg)
>> +{
>> + struct kcs_bmc *kcs_bmc = arg;
>> + u32 sts;
>> +
>> + if (regmap_read(kcs_bmc->map, kcs_bmc->str, &sts) != 0)
>> + return IRQ_NONE;
>> +
>> + sts &= (KCS_STR_IBF | KCS_STR_CMD_DAT);
>> +
>> + switch (sts) {
>> + case KCS_STR_IBF | KCS_STR_CMD_DAT:
>> + kcs_rx_cmd(kcs_bmc);
>> + break;
>> +
>> + case KCS_STR_IBF:
>> + kcs_rx_data(kcs_bmc);
>> +
>> + default:
>> + return IRQ_NONE;
>> + }
>> +
>> + return IRQ_HANDLED;
>> +}
>> +
>> +static int kcs_bmc_config_irq(struct kcs_bmc *kcs_bmc,
>> + struct platform_device *pdev)
>> +{
>> + struct device *dev = &pdev->dev;
>> + int irq;
>> +
>> + irq = platform_get_irq(pdev, 0);
>> + if (irq < 0)
>> + return irq;
>> +
>> + return devm_request_irq(dev, irq, kcs_bmc_irq, IRQF_SHARED,
>> + dev_name(dev), kcs_bmc);
>> +}
>> +
>> +
>> +static inline struct kcs_bmc *file_kcs_bmc(struct file *filp)
>> +{
>> + return container_of(filp->private_data, struct kcs_bmc, miscdev);
>> +}
>> +
>> +static int kcs_bmc_open(struct inode *inode, struct file *filp)
>> +{
>> + struct kcs_bmc *kcs_bmc = file_kcs_bmc(filp);
>> + unsigned long flags;
>> +
>> + if (kcs_bmc->running)
>> + return -EBUSY;
>> +
>
> The above is a race, it needs to be done inside the lock.
>
>> + spin_lock_irqsave(&kcs_bmc->lock, flags);
>> + kcs_bmc->kcs_phase = KCS_PHASE_IDLE;
>> + kcs_bmc->running = 1;
>> + kcs_bmc->data_in_avail = 0;
>> + spin_unlock_irqrestore(&kcs_bmc->lock, flags);
>
> What happens if the interface is not in a state where it can send a
> message?
> The release code doesn't block until anything is done, so the
> interface might
> not be in a place where you can use it. I think the init code handles
> it from
> that side, but the release side is not handled.
>
> Also, if release gets called, wouldn't you want to call
> kcs_force_abort() here
> or in release()? That would be the equivalent of the BMC getting reset.
>
>> +
>> + return 0;
>> +}
>> +
>> +static unsigned int kcs_bmc_poll(struct file *filp, poll_table *wait)
>> +{
>> + struct kcs_bmc *kcs_bmc = file_kcs_bmc(filp);
>> + unsigned int mask = 0;
>> +
>> + poll_wait(filp, &kcs_bmc->queue, wait);
>> +
>> + if (kcs_bmc->data_in_avail)
>> + mask |= POLLIN;
>> +
>> + if (kcs_bmc->kcs_phase == KCS_PHASE_READ)
>> + mask |= POLLOUT;
>> +
>> + return mask;
>> +}
>> +
>> +static ssize_t kcs_bmc_read(struct file *filp, char *buf,
>> + size_t count, loff_t *offset)
>> +{
>> + struct kcs_bmc *kcs_bmc = file_kcs_bmc(filp);
>> + int rv;
>> +
>
> You probably ought to handle O_NONBLOCK here. (Same problem on BT, too.)
>
>> + rv = wait_event_interruptible(kcs_bmc->queue,
>> + kcs_bmc->data_in_avail != 0);
>> + if (rv < 0)
>> + return -ERESTARTSYS;
>> +
>
> This is a race condition for multiple users.
>
>> + kcs_bmc->data_in_avail = 0;
>> +
>> + if (count > kcs_bmc->data_in_idx)
>> + count = kcs_bmc->data_in_idx;
>> +
>> + if (copy_to_user(buf, kcs_bmc->data_in, count))
>> + return -EFAULT;
>> +
>> + return count;
>> +}
>> +
>> +static ssize_t kcs_bmc_write(struct file *filp, const char *buf,
>> + size_t count, loff_t *offset)
>> +{
>> + struct kcs_bmc *kcs_bmc = file_kcs_bmc(filp);
>> + unsigned long flags;
>> +
>> + if (count < 1 || count > KCS_MSG_BUFSIZ)
>> + return -EINVAL;
>> +
>> + if (copy_from_user(kcs_bmc->data_out, buf, count))
>> + return -EFAULT;
>> +
>> + spin_lock_irqsave(&kcs_bmc->lock, flags);
>> + if (kcs_bmc->kcs_phase == KCS_PHASE_READ) {
>
> If you don't modify kcs_phase here, you have a race condition. You
> probably
> need a KCS_WAIT_READ condition. Also, the nomenclature of "read" and
> "write"
> here is a little confusing, since your phases are from the host's
> point of view,
> not this driver's point of view. You might want to document that
> explicitly.
>
>> + kcs_bmc->data_out_idx = 1;
>> + kcs_bmc->data_out_len = count;
>> + kcs_outb(kcs_bmc, kcs_bmc->data_out[0], kcs_bmc->odr);
>> + }
>
> So if you write and the data isn't ready, you just drop the data on
> the floor silently?
> Probably not the best design. You should probably return an error, as
> write can
> only be called after read.
>
>> + spin_unlock_irqrestore(&kcs_bmc->lock, flags);
>> +
>> + return count;
>> +}
>> +
>> +static long kcs_bmc_ioctl(struct file *filp, unsigned int cmd,
>> + unsigned long arg)
>> +{
>> + struct kcs_bmc *kcs_bmc = file_kcs_bmc(filp);
>> + long ret = 0;
>> +
>> + switch (cmd) {
>> + case KCS_BMC_IOCTL_SET_ATN:
>> + kcs_set_atn(kcs_bmc);
>> + break;
>> +
>> + case KCS_BMC_IOCTL_CLR_ATN:
>> + kcs_clear_atn(kcs_bmc);
>> + break;
>> +
>> + case KCS_BMC_IOCTL_FORCE_ABORT:
>> + kcs_force_abort(kcs_bmc);
>> + break;
>> +
>> + default:
>> + ret = -EINVAL;
>> + break;
>> + }
>> +
>> + return ret;
>> +}
>> +
>> +static int kcs_bmc_release(struct inode *inode, struct file *filp)
>> +{
>> + struct kcs_bmc *kcs_bmc = file_kcs_bmc(filp);
>> + unsigned long flags;
>> +
>> + spin_lock_irqsave(&kcs_bmc->lock, flags);
>> + kcs_bmc->running = 0;
>> + spin_unlock_irqrestore(&kcs_bmc->lock, flags);
>> +
>> + return 0;
>> +}
>> +
>> +static const struct file_operations kcs_bmc_fops = {
>> + .owner = THIS_MODULE,
>> + .open = kcs_bmc_open,
>> + .read = kcs_bmc_read,
>> + .write = kcs_bmc_write,
>> + .release = kcs_bmc_release,
>> + .poll = kcs_bmc_poll,
>> + .unlocked_ioctl = kcs_bmc_ioctl,
>> +};
>> +
>> +static int kcs_bmc_probe(struct platform_device *pdev)
>> +{
>> + struct device *dev = &pdev->dev;
>> + const struct kcs_ioreg *ioreg;
>> + struct kcs_bmc *kcs_bmc;
>> + u32 chan, addr;
>> + int rc;
>> +
>> + kcs_bmc = devm_kzalloc(dev, sizeof(*kcs_bmc), GFP_KERNEL);
>> + if (!kcs_bmc)
>> + return -ENOMEM;
>
> Every error after this point will leak kcs_bmc. I'd recommend a "goto
> out_err"
> to handle this.
>
>> +
>> + rc = of_property_read_u32(dev->of_node, "kcs_chan", &chan);
>> + if ((rc != 0) || (chan == 0 || chan > KCS_CHANNEL_MAX)) {
>> + dev_err(dev, "no valid 'kcs_chan' configured\n");
>> + return -ENODEV;
>> + }
>> +
>> + rc = of_property_read_u32(dev->of_node, "kcs_addr", &addr);
>> + if (rc) {
>> + dev_err(dev, "no valid 'kcs_addr' configured\n");
>> + return -ENODEV;
>> + }
>> +
>> + kcs_bmc->map = syscon_node_to_regmap(dev->parent->of_node);
>> + if (IS_ERR(kcs_bmc->map)) {
>> + dev_err(dev, "Couldn't get regmap\n");
>> + return -ENODEV;
>> + }
>> +
>> + dev_set_name(dev, "ipmi-kcs%u", chan);
>> +
>> + spin_lock_init(&kcs_bmc->lock);
>> + kcs_bmc->chan = chan;
>
> You need error checking on chan.
>
>> +
>> + ioreg = &kcs_ioreg_map[chan - 1];
>> + kcs_bmc->idr = ioreg->idr;
>> + kcs_bmc->odr = ioreg->odr;
>> + kcs_bmc->str = ioreg->str;
>> +
>> + init_waitqueue_head(&kcs_bmc->queue);
>> + kcs_bmc->data_in = devm_kmalloc(dev, KCS_MSG_BUFSIZ, GFP_KERNEL);
>> + kcs_bmc->data_out = devm_kmalloc(dev, KCS_MSG_BUFSIZ, GFP_KERNEL);
>> + if (kcs_bmc->data_in == NULL || kcs_bmc->data_out == NULL) {
>> + dev_err(dev, "Failed to allocate data buffers\n");
>
> You will leak memory if you fail to allocate data_out but do allocate
> data_in.
>
>> + return -ENOMEM;
>> + }
>> +
>> + kcs_bmc->miscdev.minor = MISC_DYNAMIC_MINOR;
>> + kcs_bmc->miscdev.name = dev_name(dev);
>> + kcs_bmc->miscdev.fops = &kcs_bmc_fops;
>> + rc = misc_register(&kcs_bmc->miscdev);
>> + if (rc) {
>> + dev_err(dev, "Unable to register device\n");
>> + return rc;
>> + }
>
> After you call misc_register something can open the device and use it.
> You need to do that after everything is enabled.
>
>> +
>> + kcs_set_addr(kcs_bmc, addr);
>> + kcs_enable_channel(kcs_bmc, 1);
>> +
>> + rc = kcs_bmc_config_irq(kcs_bmc, pdev);
>> + if (rc) {
>> + misc_deregister(&kcs_bmc->miscdev);
>> + return rc;
>> + }
>> +
>> + dev_set_drvdata(&pdev->dev, kcs_bmc);
>
> This should definitely be before you enable or register. The drvdata
> needs to be available in case an irq comes in, for instance.
>
>> +
>> + dev_info(dev, "addr=0x%x, idr=0x%x, odr=0x%x, str=0x%x\n",
>> + addr, kcs_bmc->idr, kcs_bmc->odr, kcs_bmc->str);
>> +
>> + return 0;
>> +}
>> +
>> +static int kcs_bmc_remove(struct platform_device *pdev)
>> +{
>> + struct kcs_bmc *kcs_bmc = dev_get_drvdata(&pdev->dev);
>> +
>> + misc_deregister(&kcs_bmc->miscdev);
>> +
>> + return 0;
>> +}
>> +
>> +static const struct of_device_id kcs_bmc_match[] = {
>> + { .compatible = "aspeed,ast2400-kcs-bmc" },
>> + { .compatible = "aspeed,ast2500-kcs-bmc" },
>> + { }
>> +};
>> +
>> +static struct platform_driver kcs_bmc_driver = {
>> + .driver = {
>> + .name = DEVICE_NAME,
>> + .of_match_table = kcs_bmc_match,
>> + },
>> + .probe = kcs_bmc_probe,
>> + .remove = kcs_bmc_remove,
>> +};
>> +
>> +module_platform_driver(kcs_bmc_driver);
>> +
>> +MODULE_DEVICE_TABLE(of, kcs_bmc_match);
>> +MODULE_LICENSE("GPL v2");
>> +MODULE_AUTHOR("Haiyue Wang <haiyue.wang@...ux.intel.com>");
>> +MODULE_DESCRIPTION("Linux device interface to the IPMI KCS interface");
>> diff --git a/include/uapi/linux/kcs-bmc.h b/include/uapi/linux/kcs-bmc.h
>> new file mode 100644
>> index 0000000..d1550d3
>> --- /dev/null
>> +++ b/include/uapi/linux/kcs-bmc.h
>> @@ -0,0 +1,14 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +// Copyright (c) 2015-2018, Intel Corporation.
>> +
>> +#ifndef _UAPI_LINUX_KCS_BMC_H
>> +#define _UAPI_LINUX_KCS_BMC_H
>> +
>> +#include <linux/ioctl.h>
>> +
>> +#define __KCS_BMC_IOCTL_MAGIC 'K'
>> +#define KCS_BMC_IOCTL_SET_ATN _IO(__KCS_BMC_IOCTL_MAGIC, 1)
>> +#define KCS_BMC_IOCTL_CLR_ATN _IO(__KCS_BMC_IOCTL_MAGIC, 2)
>> +#define KCS_BMC_IOCTL_FORCE_ABORT _IO(__KCS_BMC_IOCTL_MAGIC, 3)
>> +
>> +#endif /* _UAPI_LINUX_KCS_BMC_H */
>
>
Powered by blists - more mailing lists