1/*
2 *  ipmi_bt_sm.c
3 *
4 *  The state machine for an Open IPMI BT sub-driver under ipmi_si.c, part
5 *  of the driver architecture at http://sourceforge.net/projects/openipmi
6 *
7 *  Author:	Rocky Craig <first.last@hp.com>
8 *
9 *  This program is free software; you can redistribute it and/or modify it
10 *  under the terms of the GNU General Public License as published by the
11 *  Free Software Foundation; either version 2 of the License, or (at your
12 *  option) any later version.
13 *
14 *  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
15 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
16 *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 *  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 *  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
19 *  BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
20 *  OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
21 *  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
22 *  TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
23 *  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 *  You should have received a copy of the GNU General Public License along
26 *  with this program; if not, write to the Free Software Foundation, Inc.,
27 *  675 Mass Ave, Cambridge, MA 02139, USA.  */
28
29#include <linux/kernel.h> /* For printk. */
30#include <linux/string.h>
31#include <linux/module.h>
32#include <linux/moduleparam.h>
33#include <linux/ipmi_msgdefs.h>		/* for completion codes */
34#include "ipmi_si_sm.h"
35
36#define BT_DEBUG_OFF	0	/* Used in production */
37#define BT_DEBUG_ENABLE	1	/* Generic messages */
38#define BT_DEBUG_MSG	2	/* Prints all request/response buffers */
39#define BT_DEBUG_STATES	4	/* Verbose look at state changes */
40/*
41 * BT_DEBUG_OFF must be zero to correspond to the default uninitialized
42 * value
43 */
44
45static int bt_debug; /* 0 == BT_DEBUG_OFF */
46
47module_param(bt_debug, int, 0644);
48MODULE_PARM_DESC(bt_debug, "debug bitmask, 1=enable, 2=messages, 4=states");
49
50/*
51 * Typical "Get BT Capabilities" values are 2-3 retries, 5-10 seconds,
52 * and 64 byte buffers.  However, one HP implementation wants 255 bytes of
53 * buffer (with a documented message of 160 bytes) so go for the max.
54 * Since the Open IPMI architecture is single-message oriented at this
55 * stage, the queue depth of BT is of no concern.
56 */
57
58#define BT_NORMAL_TIMEOUT	5	/* seconds */
59#define BT_NORMAL_RETRY_LIMIT	2
60#define BT_RESET_DELAY		6	/* seconds after warm reset */
61
62/*
63 * States are written in chronological order and usually cover
64 * multiple rows of the state table discussion in the IPMI spec.
65 */
66
67enum bt_states {
68	BT_STATE_IDLE = 0,	/* Order is critical in this list */
69	BT_STATE_XACTION_START,
70	BT_STATE_WRITE_BYTES,
71	BT_STATE_WRITE_CONSUME,
72	BT_STATE_READ_WAIT,
73	BT_STATE_CLEAR_B2H,
74	BT_STATE_READ_BYTES,
75	BT_STATE_RESET1,	/* These must come last */
76	BT_STATE_RESET2,
77	BT_STATE_RESET3,
78	BT_STATE_RESTART,
79	BT_STATE_PRINTME,
80	BT_STATE_CAPABILITIES_BEGIN,
81	BT_STATE_CAPABILITIES_END,
82	BT_STATE_LONG_BUSY	/* BT doesn't get hosed :-) */
83};
84
85/*
86 * Macros seen at the end of state "case" blocks.  They help with legibility
87 * and debugging.
88 */
89
90#define BT_STATE_CHANGE(X, Y) { bt->state = X; return Y; }
91
92#define BT_SI_SM_RETURN(Y)   { last_printed = BT_STATE_PRINTME; return Y; }
93
94struct si_sm_data {
95	enum bt_states	state;
96	unsigned char	seq;		/* BT sequence number */
97	struct si_sm_io	*io;
98	unsigned char	write_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
99	int		write_count;
100	unsigned char	read_data[IPMI_MAX_MSG_LENGTH + 2]; /* +2 for memcpy */
101	int		read_count;
102	int		truncated;
103	long		timeout;	/* microseconds countdown */
104	int		error_retries;	/* end of "common" fields */
105	int		nonzero_status;	/* hung BMCs stay all 0 */
106	enum bt_states	complete;	/* to divert the state machine */
107	int		BT_CAP_outreqs;
108	long		BT_CAP_req2rsp;
109	int		BT_CAP_retries;	/* Recommended retries */
110};
111
112#define BT_CLR_WR_PTR	0x01	/* See IPMI 1.5 table 11.6.4 */
113#define BT_CLR_RD_PTR	0x02
114#define BT_H2B_ATN	0x04
115#define BT_B2H_ATN	0x08
116#define BT_SMS_ATN	0x10
117#define BT_OEM0		0x20
118#define BT_H_BUSY	0x40
119#define BT_B_BUSY	0x80
120
121/*
122 * Some bits are toggled on each write: write once to set it, once
123 * more to clear it; writing a zero does nothing.  To absolutely
124 * clear it, check its state and write if set.  This avoids the "get
125 * current then use as mask" scheme to modify one bit.  Note that the
126 * variable "bt" is hardcoded into these macros.
127 */
128
129#define BT_STATUS	bt->io->inputb(bt->io, 0)
130#define BT_CONTROL(x)	bt->io->outputb(bt->io, 0, x)
131
132#define BMC2HOST	bt->io->inputb(bt->io, 1)
133#define HOST2BMC(x)	bt->io->outputb(bt->io, 1, x)
134
135#define BT_INTMASK_R	bt->io->inputb(bt->io, 2)
136#define BT_INTMASK_W(x)	bt->io->outputb(bt->io, 2, x)
137
138/*
139 * Convenience routines for debugging.  These are not multi-open safe!
140 * Note the macros have hardcoded variables in them.
141 */
142
143static char *state2txt(unsigned char state)
144{
145	switch (state) {
146	case BT_STATE_IDLE:		return("IDLE");
147	case BT_STATE_XACTION_START:	return("XACTION");
148	case BT_STATE_WRITE_BYTES:	return("WR_BYTES");
149	case BT_STATE_WRITE_CONSUME:	return("WR_CONSUME");
150	case BT_STATE_READ_WAIT:	return("RD_WAIT");
151	case BT_STATE_CLEAR_B2H:	return("CLEAR_B2H");
152	case BT_STATE_READ_BYTES:	return("RD_BYTES");
153	case BT_STATE_RESET1:		return("RESET1");
154	case BT_STATE_RESET2:		return("RESET2");
155	case BT_STATE_RESET3:		return("RESET3");
156	case BT_STATE_RESTART:		return("RESTART");
157	case BT_STATE_LONG_BUSY:	return("LONG_BUSY");
158	case BT_STATE_CAPABILITIES_BEGIN: return("CAP_BEGIN");
159	case BT_STATE_CAPABILITIES_END:	return("CAP_END");
160	}
161	return("BAD STATE");
162}
163#define STATE2TXT state2txt(bt->state)
164
165static char *status2txt(unsigned char status)
166{
167	/*
168	 * This cannot be called by two threads at the same time and
169	 * the buffer is always consumed immediately, so the static is
170	 * safe to use.
171	 */
172	static char buf[40];
173
174	strcpy(buf, "[ ");
175	if (status & BT_B_BUSY)
176		strcat(buf, "B_BUSY ");
177	if (status & BT_H_BUSY)
178		strcat(buf, "H_BUSY ");
179	if (status & BT_OEM0)
180		strcat(buf, "OEM0 ");
181	if (status & BT_SMS_ATN)
182		strcat(buf, "SMS ");
183	if (status & BT_B2H_ATN)
184		strcat(buf, "B2H ");
185	if (status & BT_H2B_ATN)
186		strcat(buf, "H2B ");
187	strcat(buf, "]");
188	return buf;
189}
190#define STATUS2TXT status2txt(status)
191
192/* called externally at insmod time, and internally on cleanup */
193
194static unsigned int bt_init_data(struct si_sm_data *bt, struct si_sm_io *io)
195{
196	memset(bt, 0, sizeof(struct si_sm_data));
197	if (bt->io != io) {
198		/* external: one-time only things */
199		bt->io = io;
200		bt->seq = 0;
201	}
202	bt->state = BT_STATE_IDLE;	/* start here */
203	bt->complete = BT_STATE_IDLE;	/* end here */
204	bt->BT_CAP_req2rsp = BT_NORMAL_TIMEOUT * USEC_PER_SEC;
205	bt->BT_CAP_retries = BT_NORMAL_RETRY_LIMIT;
206	/* BT_CAP_outreqs == zero is a flag to read BT Capabilities */
207	return 3; /* We claim 3 bytes of space; ought to check SPMI table */
208}
209
210/* Jam a completion code (probably an error) into a response */
211
212static void force_result(struct si_sm_data *bt, unsigned char completion_code)
213{
214	bt->read_data[0] = 4;				/* # following bytes */
215	bt->read_data[1] = bt->write_data[1] | 4;	/* Odd NetFn/LUN */
216	bt->read_data[2] = bt->write_data[2];		/* seq (ignored) */
217	bt->read_data[3] = bt->write_data[3];		/* Command */
218	bt->read_data[4] = completion_code;
219	bt->read_count = 5;
220}
221
222/* The upper state machine starts here */
223
224static int bt_start_transaction(struct si_sm_data *bt,
225				unsigned char *data,
226				unsigned int size)
227{
228	unsigned int i;
229
230	if (size < 2)
231		return IPMI_REQ_LEN_INVALID_ERR;
232	if (size > IPMI_MAX_MSG_LENGTH)
233		return IPMI_REQ_LEN_EXCEEDED_ERR;
234
235	if (bt->state == BT_STATE_LONG_BUSY)
236		return IPMI_NODE_BUSY_ERR;
237
238	if (bt->state != BT_STATE_IDLE)
239		return IPMI_NOT_IN_MY_STATE_ERR;
240
241	if (bt_debug & BT_DEBUG_MSG) {
242		printk(KERN_WARNING "BT: +++++++++++++++++ New command\n");
243		printk(KERN_WARNING "BT: NetFn/LUN CMD [%d data]:", size - 2);
244		for (i = 0; i < size; i ++)
245			printk(" %02x", data[i]);
246		printk("\n");
247	}
248	bt->write_data[0] = size + 1;	/* all data plus seq byte */
249	bt->write_data[1] = *data;	/* NetFn/LUN */
250	bt->write_data[2] = bt->seq++;
251	memcpy(bt->write_data + 3, data + 1, size - 1);
252	bt->write_count = size + 2;
253	bt->error_retries = 0;
254	bt->nonzero_status = 0;
255	bt->truncated = 0;
256	bt->state = BT_STATE_XACTION_START;
257	bt->timeout = bt->BT_CAP_req2rsp;
258	force_result(bt, IPMI_ERR_UNSPECIFIED);
259	return 0;
260}
261
262/*
263 * After the upper state machine has been told SI_SM_TRANSACTION_COMPLETE
264 * it calls this.  Strip out the length and seq bytes.
265 */
266
267static int bt_get_result(struct si_sm_data *bt,
268			 unsigned char *data,
269			 unsigned int length)
270{
271	int i, msg_len;
272
273	msg_len = bt->read_count - 2;		/* account for length & seq */
274	if (msg_len < 3 || msg_len > IPMI_MAX_MSG_LENGTH) {
275		force_result(bt, IPMI_ERR_UNSPECIFIED);
276		msg_len = 3;
277	}
278	data[0] = bt->read_data[1];
279	data[1] = bt->read_data[3];
280	if (length < msg_len || bt->truncated) {
281		data[2] = IPMI_ERR_MSG_TRUNCATED;
282		msg_len = 3;
283	} else
284		memcpy(data + 2, bt->read_data + 4, msg_len - 2);
285
286	if (bt_debug & BT_DEBUG_MSG) {
287		printk(KERN_WARNING "BT: result %d bytes:", msg_len);
288		for (i = 0; i < msg_len; i++)
289			printk(" %02x", data[i]);
290		printk("\n");
291	}
292	return msg_len;
293}
294
295/* This bit's functionality is optional */
296#define BT_BMC_HWRST	0x80
297
298static void reset_flags(struct si_sm_data *bt)
299{
300	if (bt_debug)
301		printk(KERN_WARNING "IPMI BT: flag reset %s\n",
302					status2txt(BT_STATUS));
303	if (BT_STATUS & BT_H_BUSY)
304		BT_CONTROL(BT_H_BUSY);	/* force clear */
305	BT_CONTROL(BT_CLR_WR_PTR);	/* always reset */
306	BT_CONTROL(BT_SMS_ATN);		/* always clear */
307	BT_INTMASK_W(BT_BMC_HWRST);
308}
309
310/*
311 * Get rid of an unwanted/stale response.  This should only be needed for
312 * BMCs that support multiple outstanding requests.
313 */
314
315static void drain_BMC2HOST(struct si_sm_data *bt)
316{
317	int i, size;
318
319	if (!(BT_STATUS & BT_B2H_ATN)) 	/* Not signalling a response */
320		return;
321
322	BT_CONTROL(BT_H_BUSY);		/* now set */
323	BT_CONTROL(BT_B2H_ATN);		/* always clear */
324	BT_STATUS;			/* pause */
325	BT_CONTROL(BT_B2H_ATN);		/* some BMCs are stubborn */
326	BT_CONTROL(BT_CLR_RD_PTR);	/* always reset */
327	if (bt_debug)
328		printk(KERN_WARNING "IPMI BT: stale response %s; ",
329			status2txt(BT_STATUS));
330	size = BMC2HOST;
331	for (i = 0; i < size ; i++)
332		BMC2HOST;
333	BT_CONTROL(BT_H_BUSY);		/* now clear */
334	if (bt_debug)
335		printk("drained %d bytes\n", size + 1);
336}
337
338static inline void write_all_bytes(struct si_sm_data *bt)
339{
340	int i;
341
342	if (bt_debug & BT_DEBUG_MSG) {
343		printk(KERN_WARNING "BT: write %d bytes seq=0x%02X",
344			bt->write_count, bt->seq);
345		for (i = 0; i < bt->write_count; i++)
346			printk(" %02x", bt->write_data[i]);
347		printk("\n");
348	}
349	for (i = 0; i < bt->write_count; i++)
350		HOST2BMC(bt->write_data[i]);
351}
352
353static inline int read_all_bytes(struct si_sm_data *bt)
354{
355	unsigned int i;
356
357	/*
358	 * length is "framing info", minimum = 4: NetFn, Seq, Cmd, cCode.
359	 * Keep layout of first four bytes aligned with write_data[]
360	 */
361
362	bt->read_data[0] = BMC2HOST;
363	bt->read_count = bt->read_data[0];
364
365	if (bt->read_count < 4 || bt->read_count >= IPMI_MAX_MSG_LENGTH) {
366		if (bt_debug & BT_DEBUG_MSG)
367			printk(KERN_WARNING "BT: bad raw rsp len=%d\n",
368				bt->read_count);
369		bt->truncated = 1;
370		return 1;	/* let next XACTION START clean it up */
371	}
372	for (i = 1; i <= bt->read_count; i++)
373		bt->read_data[i] = BMC2HOST;
374	bt->read_count++;	/* Account internally for length byte */
375
376	if (bt_debug & BT_DEBUG_MSG) {
377		int max = bt->read_count;
378
379		printk(KERN_WARNING "BT: got %d bytes seq=0x%02X",
380			max, bt->read_data[2]);
381		if (max > 16)
382			max = 16;
383		for (i = 0; i < max; i++)
384			printk(KERN_CONT " %02x", bt->read_data[i]);
385		printk(KERN_CONT "%s\n", bt->read_count == max ? "" : " ...");
386	}
387
388	/* per the spec, the (NetFn[1], Seq[2], Cmd[3]) tuples must match */
389	if ((bt->read_data[3] == bt->write_data[3]) &&
390	    (bt->read_data[2] == bt->write_data[2]) &&
391	    ((bt->read_data[1] & 0xF8) == (bt->write_data[1] & 0xF8)))
392			return 1;
393
394	if (bt_debug & BT_DEBUG_MSG)
395		printk(KERN_WARNING "IPMI BT: bad packet: "
396		"want 0x(%02X, %02X, %02X) got (%02X, %02X, %02X)\n",
397		bt->write_data[1] | 0x04, bt->write_data[2], bt->write_data[3],
398		bt->read_data[1],  bt->read_data[2],  bt->read_data[3]);
399	return 0;
400}
401
402/* Restart if retries are left, or return an error completion code */
403
404static enum si_sm_result error_recovery(struct si_sm_data *bt,
405					unsigned char status,
406					unsigned char cCode)
407{
408	char *reason;
409
410	bt->timeout = bt->BT_CAP_req2rsp;
411
412	switch (cCode) {
413	case IPMI_TIMEOUT_ERR:
414		reason = "timeout";
415		break;
416	default:
417		reason = "internal error";
418		break;
419	}
420
421	printk(KERN_WARNING "IPMI BT: %s in %s %s ", 	/* open-ended line */
422		reason, STATE2TXT, STATUS2TXT);
423
424	/*
425	 * Per the IPMI spec, retries are based on the sequence number
426	 * known only to this module, so manage a restart here.
427	 */
428	(bt->error_retries)++;
429	if (bt->error_retries < bt->BT_CAP_retries) {
430		printk("%d retries left\n",
431			bt->BT_CAP_retries - bt->error_retries);
432		bt->state = BT_STATE_RESTART;
433		return SI_SM_CALL_WITHOUT_DELAY;
434	}
435
436	printk(KERN_WARNING "failed %d retries, sending error response\n",
437	       bt->BT_CAP_retries);
438	if (!bt->nonzero_status)
439		printk(KERN_ERR "IPMI BT: stuck, try power cycle\n");
440
441	/* this is most likely during insmod */
442	else if (bt->seq <= (unsigned char)(bt->BT_CAP_retries & 0xFF)) {
443		printk(KERN_WARNING "IPMI: BT reset (takes 5 secs)\n");
444		bt->state = BT_STATE_RESET1;
445		return SI_SM_CALL_WITHOUT_DELAY;
446	}
447
448	/*
449	 * Concoct a useful error message, set up the next state, and
450	 * be done with this sequence.
451	 */
452
453	bt->state = BT_STATE_IDLE;
454	switch (cCode) {
455	case IPMI_TIMEOUT_ERR:
456		if (status & BT_B_BUSY) {
457			cCode = IPMI_NODE_BUSY_ERR;
458			bt->state = BT_STATE_LONG_BUSY;
459		}
460		break;
461	default:
462		break;
463	}
464	force_result(bt, cCode);
465	return SI_SM_TRANSACTION_COMPLETE;
466}
467
468/* Check status and (usually) take action and change this state machine. */
469
470static enum si_sm_result bt_event(struct si_sm_data *bt, long time)
471{
472	unsigned char status, BT_CAP[8];
473	static enum bt_states last_printed = BT_STATE_PRINTME;
474	int i;
475
476	status = BT_STATUS;
477	bt->nonzero_status |= status;
478	if ((bt_debug & BT_DEBUG_STATES) && (bt->state != last_printed)) {
479		printk(KERN_WARNING "BT: %s %s TO=%ld - %ld \n",
480			STATE2TXT,
481			STATUS2TXT,
482			bt->timeout,
483			time);
484		last_printed = bt->state;
485	}
486
487	/*
488	 * Commands that time out may still (eventually) provide a response.
489	 * This stale response will get in the way of a new response so remove
490	 * it if possible (hopefully during IDLE).  Even if it comes up later
491	 * it will be rejected by its (now-forgotten) seq number.
492	 */
493
494	if ((bt->state < BT_STATE_WRITE_BYTES) && (status & BT_B2H_ATN)) {
495		drain_BMC2HOST(bt);
496		BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
497	}
498
499	if ((bt->state != BT_STATE_IDLE) &&
500	    (bt->state <  BT_STATE_PRINTME)) {
501		/* check timeout */
502		bt->timeout -= time;
503		if ((bt->timeout < 0) && (bt->state < BT_STATE_RESET1))
504			return error_recovery(bt,
505					      status,
506					      IPMI_TIMEOUT_ERR);
507	}
508
509	switch (bt->state) {
510
511	/*
512	 * Idle state first checks for asynchronous messages from another
513	 * channel, then does some opportunistic housekeeping.
514	 */
515
516	case BT_STATE_IDLE:
517		if (status & BT_SMS_ATN) {
518			BT_CONTROL(BT_SMS_ATN);	/* clear it */
519			return SI_SM_ATTN;
520		}
521
522		if (status & BT_H_BUSY)		/* clear a leftover H_BUSY */
523			BT_CONTROL(BT_H_BUSY);
524
525		/* Read BT capabilities if it hasn't been done yet */
526		if (!bt->BT_CAP_outreqs)
527			BT_STATE_CHANGE(BT_STATE_CAPABILITIES_BEGIN,
528					SI_SM_CALL_WITHOUT_DELAY);
529		bt->timeout = bt->BT_CAP_req2rsp;
530		BT_SI_SM_RETURN(SI_SM_IDLE);
531
532	case BT_STATE_XACTION_START:
533		if (status & (BT_B_BUSY | BT_H2B_ATN))
534			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
535		if (BT_STATUS & BT_H_BUSY)
536			BT_CONTROL(BT_H_BUSY);	/* force clear */
537		BT_STATE_CHANGE(BT_STATE_WRITE_BYTES,
538				SI_SM_CALL_WITHOUT_DELAY);
539
540	case BT_STATE_WRITE_BYTES:
541		if (status & BT_H_BUSY)
542			BT_CONTROL(BT_H_BUSY);	/* clear */
543		BT_CONTROL(BT_CLR_WR_PTR);
544		write_all_bytes(bt);
545		BT_CONTROL(BT_H2B_ATN);	/* can clear too fast to catch */
546		BT_STATE_CHANGE(BT_STATE_WRITE_CONSUME,
547				SI_SM_CALL_WITHOUT_DELAY);
548
549	case BT_STATE_WRITE_CONSUME:
550		if (status & (BT_B_BUSY | BT_H2B_ATN))
551			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
552		BT_STATE_CHANGE(BT_STATE_READ_WAIT,
553				SI_SM_CALL_WITHOUT_DELAY);
554
555	/* Spinning hard can suppress B2H_ATN and force a timeout */
556
557	case BT_STATE_READ_WAIT:
558		if (!(status & BT_B2H_ATN))
559			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
560		BT_CONTROL(BT_H_BUSY);		/* set */
561
562		/*
563		 * Uncached, ordered writes should just proceed serially but
564		 * some BMCs don't clear B2H_ATN with one hit.  Fast-path a
565		 * workaround without too much penalty to the general case.
566		 */
567
568		BT_CONTROL(BT_B2H_ATN);		/* clear it to ACK the BMC */
569		BT_STATE_CHANGE(BT_STATE_CLEAR_B2H,
570				SI_SM_CALL_WITHOUT_DELAY);
571
572	case BT_STATE_CLEAR_B2H:
573		if (status & BT_B2H_ATN) {
574			/* keep hitting it */
575			BT_CONTROL(BT_B2H_ATN);
576			BT_SI_SM_RETURN(SI_SM_CALL_WITH_DELAY);
577		}
578		BT_STATE_CHANGE(BT_STATE_READ_BYTES,
579				SI_SM_CALL_WITHOUT_DELAY);
580
581	case BT_STATE_READ_BYTES:
582		if (!(status & BT_H_BUSY))
583			/* check in case of retry */
584			BT_CONTROL(BT_H_BUSY);
585		BT_CONTROL(BT_CLR_RD_PTR);	/* start of BMC2HOST buffer */
586		i = read_all_bytes(bt);		/* true == packet seq match */
587		BT_CONTROL(BT_H_BUSY);		/* NOW clear */
588		if (!i) 			/* Not my message */
589			BT_STATE_CHANGE(BT_STATE_READ_WAIT,
590					SI_SM_CALL_WITHOUT_DELAY);
591		bt->state = bt->complete;
592		return bt->state == BT_STATE_IDLE ?	/* where to next? */
593			SI_SM_TRANSACTION_COMPLETE :	/* normal */
594			SI_SM_CALL_WITHOUT_DELAY;	/* Startup magic */
595
596	case BT_STATE_LONG_BUSY:	/* For example: after FW update */
597		if (!(status & BT_B_BUSY)) {
598			reset_flags(bt);	/* next state is now IDLE */
599			bt_init_data(bt, bt->io);
600		}
601		return SI_SM_CALL_WITH_DELAY;	/* No repeat printing */
602
603	case BT_STATE_RESET1:
604		reset_flags(bt);
605		drain_BMC2HOST(bt);
606		BT_STATE_CHANGE(BT_STATE_RESET2,
607				SI_SM_CALL_WITH_DELAY);
608
609	case BT_STATE_RESET2:		/* Send a soft reset */
610		BT_CONTROL(BT_CLR_WR_PTR);
611		HOST2BMC(3);		/* number of bytes following */
612		HOST2BMC(0x18);		/* NetFn/LUN == Application, LUN 0 */
613		HOST2BMC(42);		/* Sequence number */
614		HOST2BMC(3);		/* Cmd == Soft reset */
615		BT_CONTROL(BT_H2B_ATN);
616		bt->timeout = BT_RESET_DELAY * USEC_PER_SEC;
617		BT_STATE_CHANGE(BT_STATE_RESET3,
618				SI_SM_CALL_WITH_DELAY);
619
620	case BT_STATE_RESET3:		/* Hold off everything for a bit */
621		if (bt->timeout > 0)
622			return SI_SM_CALL_WITH_DELAY;
623		drain_BMC2HOST(bt);
624		BT_STATE_CHANGE(BT_STATE_RESTART,
625				SI_SM_CALL_WITH_DELAY);
626
627	case BT_STATE_RESTART:		/* don't reset retries or seq! */
628		bt->read_count = 0;
629		bt->nonzero_status = 0;
630		bt->timeout = bt->BT_CAP_req2rsp;
631		BT_STATE_CHANGE(BT_STATE_XACTION_START,
632				SI_SM_CALL_WITH_DELAY);
633
634	/*
635	 * Get BT Capabilities, using timing of upper level state machine.
636	 * Set outreqs to prevent infinite loop on timeout.
637	 */
638	case BT_STATE_CAPABILITIES_BEGIN:
639		bt->BT_CAP_outreqs = 1;
640		{
641			unsigned char GetBT_CAP[] = { 0x18, 0x36 };
642			bt->state = BT_STATE_IDLE;
643			bt_start_transaction(bt, GetBT_CAP, sizeof(GetBT_CAP));
644		}
645		bt->complete = BT_STATE_CAPABILITIES_END;
646		BT_STATE_CHANGE(BT_STATE_XACTION_START,
647				SI_SM_CALL_WITH_DELAY);
648
649	case BT_STATE_CAPABILITIES_END:
650		i = bt_get_result(bt, BT_CAP, sizeof(BT_CAP));
651		bt_init_data(bt, bt->io);
652		if ((i == 8) && !BT_CAP[2]) {
653			bt->BT_CAP_outreqs = BT_CAP[3];
654			bt->BT_CAP_req2rsp = BT_CAP[6] * USEC_PER_SEC;
655			bt->BT_CAP_retries = BT_CAP[7];
656		} else
657			printk(KERN_WARNING "IPMI BT: using default values\n");
658		if (!bt->BT_CAP_outreqs)
659			bt->BT_CAP_outreqs = 1;
660		printk(KERN_WARNING "IPMI BT: req2rsp=%ld secs retries=%d\n",
661			bt->BT_CAP_req2rsp / USEC_PER_SEC, bt->BT_CAP_retries);
662		bt->timeout = bt->BT_CAP_req2rsp;
663		return SI_SM_CALL_WITHOUT_DELAY;
664
665	default:	/* should never occur */
666		return error_recovery(bt,
667				      status,
668				      IPMI_ERR_UNSPECIFIED);
669	}
670	return SI_SM_CALL_WITH_DELAY;
671}
672
673static int bt_detect(struct si_sm_data *bt)
674{
675	/*
676	 * It's impossible for the BT status and interrupt registers to be
677	 * all 1's, (assuming a properly functioning, self-initialized BMC)
678	 * but that's what you get from reading a bogus address, so we
679	 * test that first.  The calling routine uses negative logic.
680	 */
681
682	if ((BT_STATUS == 0xFF) && (BT_INTMASK_R == 0xFF))
683		return 1;
684	reset_flags(bt);
685	return 0;
686}
687
688static void bt_cleanup(struct si_sm_data *bt)
689{
690}
691
692static int bt_size(void)
693{
694	return sizeof(struct si_sm_data);
695}
696
697struct si_sm_handlers bt_smi_handlers = {
698	.init_data		= bt_init_data,
699	.start_transaction	= bt_start_transaction,
700	.get_result		= bt_get_result,
701	.event			= bt_event,
702	.detect			= bt_detect,
703	.cleanup		= bt_cleanup,
704	.size			= bt_size,
705};
706