Commit Graph

866 Commits

Author SHA1 Message Date
Uwe Kleine-König
19a01155dd ipmi: Drop explicit initialization of struct i2c_device_id::driver_data to 0
These drivers don't use the driver_data member of struct i2c_device_id,
so don't explicitly initialize this member.

This prepares putting driver_data in an anonymous union which requires
either no initialization or named designators. But it's also a nice
cleanup on its own.

While at it, also remove commas after the sentinel entries.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@baylibre.com>
Message-Id: <20240708150914.18190-2-u.kleine-koenig@baylibre.com>
Signed-off-by: Corey Minyard <corey@minyard.net>
2024-07-08 15:05:18 -05:00
Dan Carpenter
0627cef361 ipmi: ssif_bmc: prevent integer overflow on 32bit systems
There are actually two bugs here.  First, we need to ensure that count
is at least sizeof(u32) or msg.len will be uninitialized data.

The "msg.len" variable is a u32 that comes from the user.  On 32bit
systems the "sizeof_field(struct ipmi_ssif_msg, len) + msg.len"
addition can overflow if "msg.len" is greater than U32_MAX - 4.

Valid lengths for "msg.len" are 1-254.  Add a check for that to
prevent the integer overflow.

Fixes: dd2bc5cc9e ("ipmi: ssif_bmc: Add SSIF BMC driver")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Message-Id: <1431ca2e-4e9c-4520-bfc0-6879313c30e9@moroto.mountain>
Signed-off-by: Corey Minyard <corey@minyard.net>
2024-06-14 13:51:36 -05:00
Uwe Kleine-König
999dff3c13 ipmi: kcs_bmc_npcm7xx: Convert to platform remove callback returning void
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart
from emitting a warning) and this typically results in resource leaks.

To improve here there is a quest to make the remove callback return
void. In the first step of this quest all drivers are converted to
.remove_new(), which already returns void. Eventually after all drivers
are converted, .remove_new() will be renamed to .remove().

Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <16144ffaa6f40a1a126d5cf19ef4337218a04fbb.1709655755.git.u.kleine-koenig@pengutronix.de>
Signed-off-by: Corey Minyard <minyard@acm.org>
2024-04-17 14:55:04 -05:00
Uwe Kleine-König
c61090f4ef ipmi: kcs_bmc_aspeed: Convert to platform remove callback returning void
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart
from emitting a warning) and this typically results in resource leaks.

To improve here there is a quest to make the remove callback return
void. In the first step of this quest all drivers are converted to
.remove_new(), which already returns void. Eventually after all drivers
are converted, .remove_new() will be renamed to .remove().

Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <d125e83788ddc27fc52a3f11b2c329b40cbdd6f9.1709655755.git.u.kleine-koenig@pengutronix.de>
Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Signed-off-by: Corey Minyard <minyard@acm.org>
2024-04-17 14:55:04 -05:00
Uwe Kleine-König
a69da50299 ipmi: ipmi_ssif: Convert to platform remove callback returning void
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart
from emitting a warning) and this typically results in resource leaks.

To improve here there is a quest to make the remove callback return
void. In the first step of this quest all drivers are converted to
.remove_new(), which already returns void. Eventually after all drivers
are converted, .remove_new() will be renamed to .remove().

Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <c8a6cd95ad7a8220e211373c44cdaba2a8c06052.1709655755.git.u.kleine-koenig@pengutronix.de>
Signed-off-by: Corey Minyard <minyard@acm.org>
2024-04-17 14:55:04 -05:00
Uwe Kleine-König
f99a996574 ipmi: ipmi_si_platform: Convert to platform remove callback returning void
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart
from emitting a warning) and this typically results in resource leaks.

To improve here there is a quest to make the remove callback return
void. In the first step of this quest all drivers are converted to
.remove_new(), which already returns void. Eventually after all drivers
are converted, .remove_new() will be renamed to .remove().

Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <789cd7876780241430dd5604bc4322453fe4e581.1709655755.git.u.kleine-koenig@pengutronix.de>
Signed-off-by: Corey Minyard <minyard@acm.org>
2024-04-17 14:55:04 -05:00
Uwe Kleine-König
26edd74f5d ipmi: ipmi_powernv: Convert to platform remove callback returning void
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart
from emitting a warning) and this typically results in resource leaks.

To improve here there is a quest to make the remove callback return
void. In the first step of this quest all drivers are converted to
.remove_new(), which already returns void. Eventually after all drivers
are converted, .remove_new() will be renamed to .remove().

Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <22375be2dd616d8ccc2959586a08e49a5ad9e47b.1709655755.git.u.kleine-koenig@pengutronix.de>
Signed-off-by: Corey Minyard <minyard@acm.org>
2024-04-17 14:55:04 -05:00
Uwe Kleine-König
2348918407 ipmi: bt-bmc: Convert to platform remove callback returning void
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart
from emitting a warning) and this typically results in resource leaks.

To improve here there is a quest to make the remove callback return
void. In the first step of this quest all drivers are converted to
.remove_new(), which already returns void. Eventually after all drivers
are converted, .remove_new() will be renamed to .remove().

Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <dc5e67fb45c8c673cbf3cdbc4997c5deb3a700fe.1709655755.git.u.kleine-koenig@pengutronix.de>
Signed-off-by: Corey Minyard <minyard@acm.org>
2024-04-17 14:55:04 -05:00
Niklas Schnelle
c5c76d800a char: ipmi: handle HAS_IOPORT dependencies
In a future patch HAS_IOPORT=n will disable inb()/outb() and friends at
compile time. We thus need to add this dependency and ifdef sections of
code using inb()/outb() as alternative access methods.

Acked-by: Corey Minyard <cminyard@mvista.com>
Co-developed-by: Arnd Bergmann <arnd@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@kernel.org>
Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
Message-Id: <20240404104506.3352637-2-schnelle@linux.ibm.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
2024-04-17 14:55:04 -05:00
Allen Pais
a9b5bb5c22 ipmi: Convert from tasklet to BH workqueue
The only generic interface to execute asynchronously in the BH context is
tasklet; however, it's marked deprecated and has some design flaws. To
replace tasklets, BH workqueue support was recently added. A BH workqueue
behaves similarly to regular workqueues except that the queued work items
are executed in the BH context.

This patch converts drivers/char/ipmi/* from tasklet to BH workqueue.

Based on the work done by Tejun Heo <tj@kernel.org>
Branch: https://git.kernel.org/pub/scm/linux/kernel/git/tj/wq.git for-6.10

Signed-off-by: Allen Pais <allen.lkml@gmail.com>
Message-Id: <20240327160314.9982-7-apais@linux.microsoft.com>
[Removed a duplicate include of workqueue.h]
Signed-off-by: Corey Minyard <minyard@acm.org>
2024-04-17 14:54:45 -05:00
Christophe JAILLET
9bd9fbd903 ipmi: Remove usage of the deprecated ida_simple_xx() API
ida_alloc() and ida_free() should be preferred to the deprecated
ida_simple_get() and ida_simple_remove().

This is less verbose.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Message-Id: <b1a7a75263400742e5fda6bd7ba426772dc8ef11.1702961986.git.christophe.jaillet@wanadoo.fr>
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-12-19 06:33:45 -06:00
Emilio Perez
242c6fd473 ipmi: Use regspacings passed as a module parameter
regspacings parameter is currently ignored and the platform data uses a
default value of 0, this has been fixed by setting the appropriate field
in the platform data.

Fixes: 3cd83bac48 ("ipmi: Consolidate the adding of platform devices")
Signed-off-by: Emilio Perez <emiliopeju@gmail.com>
Message-Id: <20231122203433.443098-1-emiliopeju@gmail.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-12-19 06:32:27 -06:00
Rob Herring
5be50eb5ae ipmi: si: Use device_get_match_data()
Use preferred device_get_match_data() instead of of_match_device() to
get the driver match data. With this, adjust the includes to explicitly
include the correct headers.

Signed-off-by: Rob Herring <robh@kernel.org>
Message-Id: <20231115210230.3744198-1-robh@kernel.org>
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-12-19 06:32:27 -06:00
Linus Torvalds
e576033588 Pull request for IPMI
Well, only one change, and I would normally just wait, but it will make
 the people trying to get rid of strncpy happy.  Its a good change,
 anyway.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE/Q1c5nzg9ZpmiCaGYfOMkJGb/4EFAmVCsCgACgkQYfOMkJGb
 /4Hx6BAAjVYJOOlVrzL1P4RoJw6CPQcZqRtun9tJ44lCDt0ZBZMdc2RmMMS4b5jy
 ilNjKKez9xKWBIYSH1QEbs5wJlkq1KoQejc/dqZLTmWDQDciURf6LGLtQGSP7zH4
 HKYahGCKo5iAnWYN/ZUgZklmkDehhjJWLZlTpfLwB/0ZaitPMkYuRIp9Expw2DIe
 n0fXibzE2V1dZkrYXtps/M23n3fjJCVK2uKXLmB2S9BIEnVlu5oOWnEw/9GSAdQX
 v+B9UV/A06sDWKIPxhkwZzrQZrUm42GHuOmllxJum6IJqDtxZjSMZuZjEsDHlkcr
 UrmQ60ep+cfKdyg5S0eKpFntcEhM+e1XIEhOBN8SZynCwULOZbcZBJpSF2eaULb+
 00bIqVMzv62c0Itm5dshWqNVQLgiJUhghnWF5jewy/nWtIROLiqRRLUyoyWKgioL
 lB3Ry/xIap3kyuzRu5MjZAQ2rtznAjyaQPYEkAbXxXsMxUmxsr+4eveEHENVXWwj
 NmX0toH51N0smmr4qByW3XdwqfTaji3uvv7Vm3DBCy0wF8JO0Q93/6WhEaODSOqs
 H9EYUDA2foJIakWqG6USV0f0yfweCpkEx+THTjT3crssbhQy/+TkOOqRShJYI3xD
 Dp1LkfNY8qbNzo9J4BDp1vc7Bjg09sFnNQeTX4L9EKlI2miNDFI=
 =xBYP
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-6.7-1' of https://github.com/cminyard/linux-ipmi

Pull IPMI update from Corey Minyard:
 "Only one change, and I would normally just wait, but it will make the
  people trying to get rid of strncpy happy. Its a good change, anyway"

* tag 'for-linus-6.7-1' of https://github.com/cminyard/linux-ipmi:
  ipmi: refactor deprecated strncpy
2023-11-02 15:01:33 -10:00
Joel Granados
ed1aa959b5 char-misc: Remove the now superfluous sentinel element from ctl_table array
This commit comes at the tail end of a greater effort to remove the
empty elements at the end of the ctl_table arrays (sentinels) which
will reduce the overall build time size of the kernel and run time
memory bloat by ~64 bytes per sentinel (further information Link :
https://lore.kernel.org/all/ZO5Yx5JFogGi%2FcBo@bombadil.infradead.org/)

Remove sentinel from impi_table and random_table

Signed-off-by: Joel Granados <j.granados@samsung.com>
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
2023-10-11 12:16:13 -07:00
Justin Stitt
b00839ca4c ipmi: refactor deprecated strncpy
`strncpy` is deprecated for use on NUL-terminated destination strings [1].

In this case, strncpy is being used specifically for its NUL-padding
behavior (and has been commented as such). Moreover, the destination
string is not required to be NUL-terminated [2].

We can use a more robust and less ambiguous interface in
`memcpy_and_pad` which makes the code more readable and even eliminates
the need for that comment.

Let's also use `strnlen` instead of `strlen()` with an upper-bounds
check as this is intrinsically a part of `strnlen`.

Also included in this patch is a simple 1:1 change of `strncpy` to
`strscpy` for ipmi_ssif.c. If NUL-padding is wanted here as well then we
should opt again for `strscpy_pad`.

Link: https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings [1]
Link: https://lore.kernel.org/all/ZQEADYBl0uZ1nX60@mail.minyard.net/ [2]
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Justin Stitt <justinstitt@google.com>
Message-Id: <20230913-strncpy-drivers-char-ipmi-ipmi-v2-1-e3bc0f6e599f@google.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-09-13 12:55:11 -05:00
Linus Torvalds
a55b0a0288 Minor fixes for IPMI
Lots of small unconnected things, memory leaks on error, a possible
 (though unlikely) deadlock, changes for updates to other things
 that have changed.  Nothing earth-shattering, but things that need
 update.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE/Q1c5nzg9ZpmiCaGYfOMkJGb/4EFAmTuYY4ACgkQYfOMkJGb
 /4FMig/9EwOklGT3DCla/TKxIJ8mOmxy0nRQhKUvqMrR5sVAKDnT90rDA+BKxad9
 1ywevcVSM7nf+GPaSKedSR9Tg67kr8Eqv97F55rneUB4VQCoash4mvkDr/ChHNY0
 AcnMf4/BQJzSxxYGjbqlbxWMDYIgi8odYjMDddfPhqEKQ3lrbTXDbq4PdscpBiGS
 gnBcdr8gpUqJHsN5yC1fYpwuw6Iq6u2rHpIXaJXKeoVouW4dj/1VqO7BQiIhSp21
 GC+XOcJbMGLoxtNNZ9FpZ0YixNf6q0z9xuFVFv32UcdEN81+sTCPlRdUvzKyDGrB
 +J77lHRqWzh9B8yO22m0USWku3OP1FdToHxj3QR4VmukjMUHh7a3rKKf8NSIfaQ1
 Sjl8KVs2NyRleisY2tfANGGb+C//pQjVtCBRsT6mtEFn6Zec+d8QrlXgR6nVOlGB
 kR5V6/T/YUSCWlqF8wyFZfzCD1llapvRKLTAuqRpPCpaUHvaJShJ51efZ0AnvaQZ
 NjMH2LMEgcFlTSq7+6qDvE4i0P1UEi+6g5B+ltVpmJgUVB86ByKgdXGJQAIPoF0v
 7g8lHAHty0mOITq6JpB/4XP4UBshly5bFeTeGk+pALDeoUEvQ+TNMvVbttl/49Qh
 kwW/9Ev6W1n8ZFE4PpZbckOqC9dD6PeiXLUYybrHA1xMvrDvh5E=
 =W3Nx
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-6.6-1' of https://github.com/cminyard/linux-ipmi

Pull IPMI updates from Corey Minyard:
 "Minor fixes for IPMI

  Lots of small unconnected things, memory leaks on error, a possible
  (though unlikely) deadlock, changes for updates to other things that
  have changed. Nothing earth-shattering, but things that need update"

* tag 'for-linus-6.6-1' of https://github.com/cminyard/linux-ipmi:
  ipmi_si: fix -Wvoid-pointer-to-enum-cast warning
  ipmi: fix potential deadlock on &kcs_bmc->lock
  ipmi_si: fix a memleak in try_smi_init()
  ipmi: Change request_module to request_module_nowait
  ipmi: make ipmi_class a static const structure
  ipmi:ssif: Fix a memory leak when scanning for an adapter
  ipmi:ssif: Add check for kstrdup
  dt-bindings: ipmi: aspeed,ast2400-kcs-bmc: drop unneeded quotes
  ipmi: Switch i2c drivers back to use .probe()
  ipmi_watchdog: Fix read syscall not responding to signals during sleep
2023-08-30 19:20:35 -07:00
Rob Herring
86cdae14a5 ipmi: Explicitly include correct DT includes
The DT of_device.h and of_platform.h date back to the separate
of_platform_bus_type before it was merged into the regular platform bus.
As part of that merge prepping Arm DT support 13 years ago, they
"temporarily" include each other. They also include platform_device.h
and of.h. As a result, there's a pretty much random mix of those include
files used throughout the tree. In order to detangle these headers and
replace the implicit includes with struct declarations, users need to
explicitly include the correct includes.

Link: https://lore.kernel.org/r/20230728134819.3224045-1-robh@kernel.org
Signed-off-by: Rob Herring <robh@kernel.org>
2023-08-28 13:36:24 -05:00
Justin Stitt
d40f09c1a2 ipmi_si: fix -Wvoid-pointer-to-enum-cast warning
With W=1 we see the following warning:

|  drivers/char/ipmi/ipmi_si_platform.c:272:15: error: \
|       cast to smaller integer type 'enum si_type' from \
|       'const void *' [-Werror,-Wvoid-pointer-to-enum-cast]
|    272 |         io.si_type      = (enum si_type) match->data;
|        |                           ^~~~~~~~~~~~~~~~~~~~~~~~~~

This is due to the fact that the `si_type` enum members are int-width
and a cast from pointer-width down to int will cause truncation and
possible data loss. Although in this case `si_type` has only a few
enumerated fields and thus there is likely no data loss occurring.
Nonetheless, this patch is necessary to the goal of promoting this
warning out of W=1.

Link: https://github.com/ClangBuiltLinux/linux/issues/1902
Link: https://lore.kernel.org/llvm/202308081000.tTL1ElTr-lkp@intel.com/
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Justin Stitt <justinstitt@google.com>
Message-Id: <20230809-cbl-1902-v1-1-92def12d1dea@google.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-08-15 15:46:06 -05:00
Chengfeng Ye
b02bb79eee ipmi: fix potential deadlock on &kcs_bmc->lock
As kcs_bmc_handle_event() is executed inside both a timer and a hardirq,
it should disable irq before lock acquisition otherwise deadlock could
happen if the timmer is preemtped by the irq.

Possible deadlock scenario:
aspeed_kcs_check_obe() (timer)
    -> kcs_bmc_handle_event()
    -> spin_lock(&kcs_bmc->lock)
        <irq interruption>
        -> aspeed_kcs_irq()
        -> kcs_bmc_handle_event()
        -> spin_lock(&kcs_bmc->lock) (deadlock here)

This flaw was found using an experimental static analysis tool we are
developing for irq-related deadlock.

The tentative patch fix the potential deadlock by spin_lock_irqsave()

Signed-off-by: Chengfeng Ye <dg573847474@gmail.com>
Message-Id: <20230627152449.36093-1-dg573847474@gmail.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-07-04 09:22:45 -05:00
Yi Yang
6cf1a126de ipmi_si: fix a memleak in try_smi_init()
Kmemleak reported the following leak info in try_smi_init():

unreferenced object 0xffff00018ecf9400 (size 1024):
  comm "modprobe", pid 2707763, jiffies 4300851415 (age 773.308s)
  backtrace:
    [<000000004ca5b312>] __kmalloc+0x4b8/0x7b0
    [<00000000953b1072>] try_smi_init+0x148/0x5dc [ipmi_si]
    [<000000006460d325>] 0xffff800081b10148
    [<0000000039206ea5>] do_one_initcall+0x64/0x2a4
    [<00000000601399ce>] do_init_module+0x50/0x300
    [<000000003c12ba3c>] load_module+0x7a8/0x9e0
    [<00000000c246fffe>] __se_sys_init_module+0x104/0x180
    [<00000000eea99093>] __arm64_sys_init_module+0x24/0x30
    [<0000000021b1ef87>] el0_svc_common.constprop.0+0x94/0x250
    [<0000000070f4f8b7>] do_el0_svc+0x48/0xe0
    [<000000005a05337f>] el0_svc+0x24/0x3c
    [<000000005eb248d6>] el0_sync_handler+0x160/0x164
    [<0000000030a59039>] el0_sync+0x160/0x180

The problem was that when an error occurred before handlers registration
and after allocating `new_smi->si_sm`, the variable wouldn't be freed in
the error handling afterwards since `shutdown_smi()` hadn't been
registered yet. Fix it by adding a `kfree()` in the error handling path
in `try_smi_init()`.

Cc: stable@vger.kernel.org # 4.19+
Fixes: 7960f18a56 ("ipmi_si: Convert over to a shutdown handler")
Signed-off-by: Yi Yang <yiyang13@huawei.com>
Co-developed-by: GONG, Ruiqi <gongruiqi@huaweicloud.com>
Signed-off-by: GONG, Ruiqi <gongruiqi@huaweicloud.com>
Message-Id: <20230629123328.2402075-1-gongruiqi@huaweicloud.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-06-29 08:06:45 -05:00
Corey Minyard
e87443a5f6 ipmi: Change request_module to request_module_nowait
When probing for an ACPI-specified IPMI device, the code would request
that the acpi_ipmi module be loaded ACPI operations through IPMI can be
performed.  This could happen through module load context, for instance,
if an I2C module is loaded that caused the IPMI interface to be probed.

This is not allowed because a synchronous module load in this context
can result in an deadlock, and I was getting a warning:

[   23.967853] WARNING: CPU: 0 PID: 21 at kernel/module/kmod.c:144 __request_module+0x1de/0x2d0
[   23.968852] Modules linked in: i2c_i801 ipmi_ssif

The IPMI driver is not dependent on acpi_ipmi, so just change the called
to request_module_nowait to make the load asynchronous.

Signed-off-by: Corey Minyard <minyard@acm.org>
2023-06-20 09:59:53 -05:00
Ivan Orlov
392fa3a3ab ipmi: make ipmi_class a static const structure
Now that the driver core allows for struct class to be in read-only
memory, move the ipmi_class structure to be declared at build time
placing it into read-only memory, instead of having to be dynamically
allocated at boot time.

Cc: Corey Minyard <minyard@acm.org>
Cc: openipmi-developer@lists.sourceforge.net
Suggested-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ivan Orlov <ivan.orlov0322@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Message-Id: <20230620143701.577657-2-gregkh@linuxfoundation.org>
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-06-20 09:49:08 -05:00
Corey Minyard
b8d72e32e1 ipmi:ssif: Fix a memory leak when scanning for an adapter
The adapter scan ssif_info_find() sets info->adapter_name if the adapter
info came from SMBIOS, as it's not set in that case.  However, this
function can be called more than once, and it will leak the adapter name
if it had already been set.  So check for NULL before setting it.

Fixes: c4436c9149 ("ipmi_ssif: avoid registering duplicate ssif interface")
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-06-20 06:54:20 -05:00
Jiasheng Jiang
c5586d0f71 ipmi:ssif: Add check for kstrdup
Add check for the return value of kstrdup() and return the error
if it fails in order to avoid NULL pointer dereference.

Fixes: c4436c9149 ("ipmi_ssif: avoid registering duplicate ssif interface")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Message-Id: <20230619092802.35384-1-jiasheng@iscas.ac.cn>
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-06-19 11:40:38 -05:00
Uwe Kleine-König
e64c82b806 ipmi: Switch i2c drivers back to use .probe()
After commit b8a1a4cd5a ("i2c: Provide a temporary .probe_new()
call-back type"), all drivers being converted to .probe_new() and then
03c835f498 ("i2c: Switch .probe() to not take an id parameter") convert
back to (the new) .probe() to be able to eventually drop .probe_new() from
struct i2c_driver.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <20230525204021.696858-1-u.kleine-koenig@pengutronix.de>
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-05-25 18:48:06 -05:00
Corey Minyard
9930702cfe ipmi_watchdog: Fix read syscall not responding to signals during sleep
Read syscall cannot response to sigals when data_to_read remains at 0
and the while loop cannot break.  Check signal_pending in the loop.

Reported-by: Zhen Ni <zhen.ni@easystack.cn>
Message-Id: <20230517085412.367022-1-zhen.ni@easystack.cn>
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-05-18 17:31:31 -05:00
Linus Torvalds
556eb8b791 Driver core changes for 6.4-rc1
Here is the large set of driver core changes for 6.4-rc1.
 
 Once again, a busy development cycle, with lots of changes happening in
 the driver core in the quest to be able to move "struct bus" and "struct
 class" into read-only memory, a task now complete with these changes.
 
 This will make the future rust interactions with the driver core more
 "provably correct" as well as providing more obvious lifetime rules for
 all busses and classes in the kernel.
 
 The changes required for this did touch many individual classes and
 busses as many callbacks were changed to take const * parameters
 instead.  All of these changes have been submitted to the various
 subsystem maintainers, giving them plenty of time to review, and most of
 them actually did so.
 
 Other than those changes, included in here are a small set of other
 things:
   - kobject logging improvements
   - cacheinfo improvements and updates
   - obligatory fw_devlink updates and fixes
   - documentation updates
   - device property cleanups and const * changes
   - firwmare loader dependency fixes.
 
 All of these have been in linux-next for a while with no reported
 problems.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCZEp7Sw8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ykitQCfamUHpxGcKOAGuLXMotXNakTEsxgAoIquENm5
 LEGadNS38k5fs+73UaxV
 =7K4B
 -----END PGP SIGNATURE-----

Merge tag 'driver-core-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull driver core updates from Greg KH:
 "Here is the large set of driver core changes for 6.4-rc1.

  Once again, a busy development cycle, with lots of changes happening
  in the driver core in the quest to be able to move "struct bus" and
  "struct class" into read-only memory, a task now complete with these
  changes.

  This will make the future rust interactions with the driver core more
  "provably correct" as well as providing more obvious lifetime rules
  for all busses and classes in the kernel.

  The changes required for this did touch many individual classes and
  busses as many callbacks were changed to take const * parameters
  instead. All of these changes have been submitted to the various
  subsystem maintainers, giving them plenty of time to review, and most
  of them actually did so.

  Other than those changes, included in here are a small set of other
  things:

   - kobject logging improvements

   - cacheinfo improvements and updates

   - obligatory fw_devlink updates and fixes

   - documentation updates

   - device property cleanups and const * changes

   - firwmare loader dependency fixes.

  All of these have been in linux-next for a while with no reported
  problems"

* tag 'driver-core-6.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (120 commits)
  device property: make device_property functions take const device *
  driver core: update comments in device_rename()
  driver core: Don't require dynamic_debug for initcall_debug probe timing
  firmware_loader: rework crypto dependencies
  firmware_loader: Strip off \n from customized path
  zram: fix up permission for the hot_add sysfs file
  cacheinfo: Add use_arch[|_cache]_info field/function
  arch_topology: Remove early cacheinfo error message if -ENOENT
  cacheinfo: Check cache properties are present in DT
  cacheinfo: Check sib_leaf in cache_leaves_are_shared()
  cacheinfo: Allow early level detection when DT/ACPI info is missing/broken
  cacheinfo: Add arm64 early level initializer implementation
  cacheinfo: Add arch specific early level initializer
  tty: make tty_class a static const structure
  driver core: class: remove struct class_interface * from callbacks
  driver core: class: mark the struct class in struct class_interface constant
  driver core: class: make class_register() take a const *
  driver core: class: mark class_release() as taking a const *
  driver core: remove incorrect comment for device_create*
  MIPS: vpe-cmp: remove module owner pointer from struct class usage.
  ...
2023-04-27 11:53:57 -07:00
Uwe Kleine-König
d08076678c ipmi:ssif: Drop if blocks with always false condition
For both variants (platform and i2c driver) after a successful bind
(i.e. .probe completed without error) driver data is set to a non-NULL
value.

So the return value of i2c_get_clientdata and dev_get_drvdata
respectively are not NULL and so the if blocks are never executed. (And
if you fear they might, they shouldn't return silently and yield a
resource leak.)

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <20221230124431.202474-1-u.kleine-koenig@pengutronix.de>
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-04-12 11:13:26 -05:00
Zhang Yuchen
6d2555cde2 ipmi: fix SSIF not responding under certain cond.
The ipmi communication is not restored after a specific version of BMC is
upgraded on our server.
The ipmi driver does not respond after printing the following log:

    ipmi_ssif: Invalid response getting flags: 1c 1

I found that after entering this branch, ssif_info->ssif_state always
holds SSIF_GETTING_FLAGS and never return to IDLE.

As a result, the driver cannot be loaded, because the driver status is
checked during the unload process and must be IDLE in shutdown_ssif():

        while (ssif_info->ssif_state != SSIF_IDLE)
                schedule_timeout(1);

The process trigger this problem is:

1. One msg timeout and next msg start send, and call
ssif_set_need_watch().

2. ssif_set_need_watch()->watch_timeout()->start_flag_fetch() change
ssif_state to SSIF_GETTING_FLAGS.

3. In msg_done_handler() ssif_state == SSIF_GETTING_FLAGS, if an error
message is received, the second branch does not modify the ssif_state.

4. All retry action need IS_SSIF_IDLE() == True. Include retry action in
watch_timeout(), msg_done_handler(). Sending msg does not work either.
SSIF_IDLE is also checked in start_next_msg().

5. The only thing that can be triggered in the SSIF driver is
watch_timeout(), after destory_user(), this timer will stop too.

So, if enter this branch, the ssif_state will remain SSIF_GETTING_FLAGS
and can't send msg, no timer started, can't unload.

We did a comparative test before and after adding this patch, and the
result is effective.

Fixes: 259307074b ("ipmi: Add SMBus interface driver (SSIF)")

Cc: stable@vger.kernel.org
Signed-off-by: Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
Message-Id: <20230412074907.80046-1-zhangyuchen.lcr@bytedance.com>
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-04-12 07:33:34 -05:00
Corey Minyard
6ce7995a43 ipmi:ssif: Add send_retries increment
A recent change removed an increment of send_retries, re-add it.

Fixes: 95767ed78a ipmi:ssif: resend_msg() cannot fail
Reported-by: Pavel Machek <pavel@denx.de>
Cc: stable@vger.kernel.org
Signed-off-by: Corey Minyard <minyard@acm.org>
2023-04-04 12:23:25 +00:00
Greg Kroah-Hartman
1aaba11da9 driver core: class: remove module * from class_create()
The module pointer in class_create() never actually did anything, and it
shouldn't have been requred to be set as a parameter even if it did
something.  So just remove it and fix up all callers of the function in
the kernel tree at the same time.

Cc: "Rafael J. Wysocki" <rafael@kernel.org>
Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Link: https://lore.kernel.org/r/20230313181843.1207845-4-gregkh@linuxfoundation.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-03-17 15:16:33 +01:00
zipeng zhang
957c822a9c char:ipmi:Fix spelling mistake "asychronously" -> "asynchronously"
There is a spelling mistake in the comment information. Fix it.

Signed-off-by: zipeng zhang <zhangzipeng0@foxmail.com>
Message-Id: <tencent_F0BFF85BC7C1FC84E440A7B7D364D2ED4209@qq.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2023-03-16 07:04:47 -05:00
Luis Chamberlain
d352cb47df ipmi: simplify sysctl registration
register_sysctl_table() is a deprecated compatibility wrapper.
register_sysctl() can do the directory creation for you so just use
that.

Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Message-Id: <20230302204612.782387-3-mcgrof@kernel.org>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2023-03-02 16:16:37 -06:00
Randy Dunlap
2a587b9ad0 ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it
REGMAP is a hidden (not user visible) symbol. Users cannot set it
directly thru "make *config", so drivers should select it instead of
depending on it if they need it.

Consistently using "select" or "depends on" can also help reduce
Kconfig circular dependency issues.

Therefore, change the use of "depends on REGMAP_MMIO" to
"select REGMAP_MMIO", which will also set REGMAP.

Fixes: eb994594bc ("ipmi: bt-bmc: Use a regmap for register access")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Andrew Jeffery <andrew@aj.id.au>
Cc: Corey Minyard <minyard@acm.org>
Cc: openipmi-developer@lists.sourceforge.net
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Message-Id: <20230226053953.4681-2-rdunlap@infradead.org>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2023-03-02 16:14:15 -06:00
Christophe JAILLET
befb28f267 ipmi: ipmb: Fix the MODULE_PARM_DESC associated to 'retry_time_ms'
'This should be 'retry_time_ms' instead of 'max_retries'.

Fixes: 63c4eb3471 ("ipmi:ipmb: Add initial support for IPMI over IPMB")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Message-Id: <0d8670cff2c656e99a832a249e77dc90578f67de.1675591429.git.christophe.jaillet@wanadoo.fr>
Cc: stable@vger.kernel.org
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2023-02-10 07:38:18 -06:00
Corey Minyard
00bb7e763e ipmi:ssif: Add a timer between request retries
The IPMI spec has a time (T6) specified between request retries.  Add
the handling for that.

Reported by: Tony Camuso <tcamuso@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2023-02-10 07:38:07 -06:00
Corey Minyard
9e8b89926f ipmi:ssif: Remove rtc_us_timer
It was cruft left over from older handling of run to completion.

Cc: stable@vger.kernel.org
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2023-02-10 07:37:57 -06:00
Corey Minyard
8230831c43 ipmi_ssif: Rename idle state and check
Rename the SSIF_IDLE() to IS_SSIF_IDLE(), since that is more clear, and
rename SSIF_NORMAL to SSIF_IDLE, since that's more accurate.

Cc: stable@vger.kernel.org
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2023-02-10 07:37:45 -06:00
Corey Minyard
95767ed78a ipmi:ssif: resend_msg() cannot fail
The resend_msg() function cannot fail, but there was error handling
around using it.  Rework the handling of the error, and fix the out of
retries debug reporting that was wrong around this, too.

Cc: stable@vger.kernel.org
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2023-02-10 07:37:23 -06:00
yang.yang29@zte.com.cn
c6f613e5f3 ipmi/watchdog: use strscpy() to instead of strncpy()
Xu Panda <xu.panda@zte.com.cn>

The implementation of strscpy() is more robust and safer.
That's now the recommended way to copy NUL terminated strings.

Signed-off-by: Xu Panda <xu.panda@zte.com.cn>
Signed-off-by: Yang Yang <yang.yang29@zte.com>
Message-Id: <202212051936400309332@zte.com.cn>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2022-12-05 06:50:09 -06:00
Uwe Kleine-König
b8fadb3964 ipmi: ssif_bmc: Convert to i2c's .probe_new()
The probe function doesn't make use of the i2c_device_id * parameter so it
can be trivially converted.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Message-Id: <20221118224540.619276-606-uwe@kleine-koenig.org>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2022-11-21 06:59:41 -06:00
Dan Carpenter
a92ce570c8 ipmi: fix use after free in _ipmi_destroy_user()
The intf_free() function frees the "intf" pointer so we cannot
dereference it again on the next line.

Fixes: cbb79863fc ("ipmi: Don't allow device module unload when in use")
Signed-off-by: Dan Carpenter <error27@gmail.com>
Message-Id: <Y3M8xa1drZv4CToE@kili>
Cc: <stable@vger.kernel.org> # 5.5+
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2022-11-15 08:14:29 -06:00
Christophe JAILLET
0eb1762f3c ipmi/watchdog: Include <linux/kstrtox.h> when appropriate
The kstrto<something>() functions have been moved from kernel.h to
kstrtox.h.

So, in order to eventually remove <linux/kernel.h> from <linux/watchdog.h>,
include the latter directly in the appropriate files.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Message-Id: <37daa028845d90ee77f1e547121a051a983fec2e.1667647002.git.christophe.jaillet@wanadoo.fr>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2022-11-05 12:42:46 -05:00
Corey Minyard
39721d62bb ipmi:ssif: Increase the message retry time
The spec states that the minimum message retry time is 60ms, but it was
set to 20ms.  Correct it.

Reported by: Tony Camuso <tcamuso@redhat.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2022-11-03 21:13:51 -05:00
Bo Liu
cad3fe56d0 ipmi: Fix some kernel-doc warnings
The current code provokes some kernel-doc warnings:
	drivers/char/ipmi/ipmi_msghandler.c:618: warning: This comment starts with '/**', but isn't a kernel-doc comment. Refer Documentation/doc-guide/kernel-doc.rst

Signed-off-by: Bo Liu <liubo03@inspur.com>
Message-Id: <20221025060436.4372-1-liubo03@inspur.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2022-10-25 06:45:26 -05:00
Quan Nguyen
6dbd4341b9 ipmi: ssif_bmc: Use EPOLLIN instead of POLLIN
This fixes the following sparse warning:
sparse warnings: (new ones prefixed by >>)
>> drivers/char/ipmi/ssif_bmc.c:254:22: sparse: sparse: invalid assignment: |=
>> drivers/char/ipmi/ssif_bmc.c:254:22: sparse:    left side has type restricted __poll_t
>> drivers/char/ipmi/ssif_bmc.c:254:22: sparse:    right side has type int

Fixes: dd2bc5cc9e ("ipmi: ssif_bmc: Add SSIF BMC driver")
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/all/202210181103.ontD9tRT-lkp@intel.com/
Signed-off-by: Quan Nguyen <quan@os.amperecomputing.com>
Message-Id: <20221024075956.3312552-1-quan@os.amperecomputing.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2022-10-24 09:19:12 -05:00
Zhang Yuchen
c608966f3f ipmi: fix msg stack when IPMI is disconnected
If you continue to access and send messages at a high frequency (once
every 55s) when the IPMI is disconnected, messages will accumulate in
intf->[hp_]xmit_msg. If it lasts long enough, it takes up a lot of
memory.

The reason is that if IPMI is disconnected, each message will be set to
IDLE after it returns to HOSED through IDLE->ERROR0->HOSED. The next
message goes through the same process when it comes in. This process
needs to wait for IBF_TIMEOUT * (MAX_ERROR_RETRIES + 1) = 55s.

Each message takes 55S to destroy. This results in a continuous increase
in memory.

I find that if I wait 5 seconds after the first message fails, the
status changes to ERROR0 in smi_timeout(). The next message will return
the error code IPMI_NOT_IN_MY_STATE_ERR directly without wait.

This is more in line with our needs.

So instead of setting each message state to IDLE after it reaches the
state HOSED, set state to ERROR0.

After testing, the problem has been solved, no matter how many
consecutive sends, will not cause continuous memory growth. It also
returns to normal immediately after the IPMI is restored.

In addition, the HOSED state should also count as invalid. So the HOSED
is removed from the invalid judgment in start_kcs_transaction().

The verification operations are as follows:

1. Use BPF to record the ipmi_alloc/free_smi_msg().

  $ bpftrace -e 'kretprobe:ipmi_alloc_recv_msg {printf("alloc
      %p\n",retval);} kprobe:free_recv_msg {printf("free  %p\n",arg0)}'

2. Exec `date; time for x in $(seq 1 2); do ipmitool mc info; done`.
3. Record the output of `time` and when free all msgs.

Before:

`time` takes 120s, This is because `ipmitool mc info` send 4 msgs and
waits only 15 seconds for each message. Last msg is free after 440s.

  $ bpftrace -e 'kretprobe:ipmi_alloc_recv_msg {printf("alloc
      %p\n",retval);} kprobe:free_recv_msg {printf("free  %p\n",arg0)}'
  Oct 05 11:40:55 Attaching 2 probes...
  Oct 05 11:41:12 alloc 0xffff9558a05f0c00
  Oct 05 11:41:27 alloc 0xffff9558a05f1a00
  Oct 05 11:41:42 alloc 0xffff9558a05f0000
  Oct 05 11:41:57 alloc 0xffff9558a05f1400
  Oct 05 11:42:07 free  0xffff9558a05f0c00
  Oct 05 11:42:07 alloc 0xffff9558a05f7000
  Oct 05 11:42:22 alloc 0xffff9558a05f2a00
  Oct 05 11:42:37 alloc 0xffff9558a05f5a00
  Oct 05 11:42:52 alloc 0xffff9558a05f3a00
  Oct 05 11:43:02 free  0xffff9558a05f1a00
  Oct 05 11:43:57 free  0xffff9558a05f0000
  Oct 05 11:44:52 free  0xffff9558a05f1400
  Oct 05 11:45:47 free  0xffff9558a05f7000
  Oct 05 11:46:42 free  0xffff9558a05f2a00
  Oct 05 11:47:37 free  0xffff9558a05f5a00
  Oct 05 11:48:32 free  0xffff9558a05f3a00

  $ root@dc00-pb003-t106-n078:~# date;time for x in $(seq 1 2); do
  ipmitool mc info; done

  Wed Oct  5 11:41:12 CST 2022
  No data available
  Get Device ID command failed
  No data available
  No data available
  No valid response received
  Get Device ID command failed: Unspecified error
  No data available
  Get Device ID command failed
  No data available
  No data available
  No valid response received
  No data available
  Get Device ID command failed

  real        1m55.052s
  user        0m0.001s
  sys        0m0.001s

After:

`time` takes 55s, all msgs is returned and free after 55s.

  $ bpftrace -e 'kretprobe:ipmi_alloc_recv_msg {printf("alloc
      %p\n",retval);} kprobe:free_recv_msg {printf("free  %p\n",arg0)}'

  Oct 07 16:30:35 Attaching 2 probes...
  Oct 07 16:30:45 alloc 0xffff955943aa9800
  Oct 07 16:31:00 alloc 0xffff955943aacc00
  Oct 07 16:31:15 alloc 0xffff955943aa8c00
  Oct 07 16:31:30 alloc 0xffff955943aaf600
  Oct 07 16:31:40 free  0xffff955943aa9800
  Oct 07 16:31:40 free  0xffff955943aacc00
  Oct 07 16:31:40 free  0xffff955943aa8c00
  Oct 07 16:31:40 free  0xffff955943aaf600
  Oct 07 16:31:40 alloc 0xffff9558ec8f7e00
  Oct 07 16:31:40 free  0xffff9558ec8f7e00
  Oct 07 16:31:40 alloc 0xffff9558ec8f7800
  Oct 07 16:31:40 free  0xffff9558ec8f7800
  Oct 07 16:31:40 alloc 0xffff9558ec8f7e00
  Oct 07 16:31:40 free  0xffff9558ec8f7e00
  Oct 07 16:31:40 alloc 0xffff9558ec8f7800
  Oct 07 16:31:40 free  0xffff9558ec8f7800

  root@dc00-pb003-t106-n078:~# date;time for x in $(seq 1 2); do
  ipmitool mc info; done
  Fri Oct  7 16:30:45 CST 2022
  No data available
  Get Device ID command failed
  No data available
  No data available
  No valid response received
  Get Device ID command failed: Unspecified error
  Get Device ID command failed: 0xd5 Command not supported in present state
  Get Device ID command failed: Command not supported in present state

  real        0m55.038s
  user        0m0.001s
  sys        0m0.001s

Signed-off-by: Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
Message-Id: <20221009091811.40240-2-zhangyuchen.lcr@bytedance.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2022-10-17 09:51:27 -05:00
Zhang Yuchen
36992eb6b9 ipmi: fix memleak when unload ipmi driver
After the IPMI disconnect problem, the memory kept rising and we tried
to unload the driver to free the memory. However, only part of the
free memory is recovered after the driver is uninstalled. Using
ebpf to hook free functions, we find that neither ipmi_user nor
ipmi_smi_msg is free, only ipmi_recv_msg is free.

We find that the deliver_smi_err_response call in clean_smi_msgs does
the destroy processing on each message from the xmit_msg queue without
checking the return value and free ipmi_smi_msg.

deliver_smi_err_response is called only at this location. Adding the
free handling has no effect.

To verify, try using ebpf to trace the free function.

  $ bpftrace -e 'kretprobe:ipmi_alloc_recv_msg {printf("alloc rcv
      %p\n",retval);} kprobe:free_recv_msg {printf("free recv %p\n",
      arg0)} kretprobe:ipmi_alloc_smi_msg {printf("alloc smi %p\n",
        retval);} kprobe:free_smi_msg {printf("free smi  %p\n",arg0)}'

Signed-off-by: Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
Message-Id: <20221007092617.87597-4-zhangyuchen.lcr@bytedance.com>
[Fixed the comment above handle_one_recv_msg().]
Signed-off-by: Corey Minyard <cminyard@mvista.com>
2022-10-17 09:51:27 -05:00
Zhang Yuchen
f6f1234d98 ipmi: fix long wait in unload when IPMI disconnect
When fixing the problem mentioned in PATCH1, we also found
the following problem:

If the IPMI is disconnected and in the sending process, the
uninstallation driver will be stuck for a long time.

The main problem is that uninstalling the driver waits for curr_msg to
be sent or HOSED. After stopping tasklet, the only place to trigger the
timeout mechanism is the circular poll in shutdown_smi.

The poll function delays 10us and calls smi_event_handler(smi_info,10).
Smi_event_handler deducts 10us from kcs->ibf_timeout.

But the poll func is followed by schedule_timeout_uninterruptible(1).
The time consumed here is not counted in kcs->ibf_timeout.

So when 10us is deducted from kcs->ibf_timeout, at least 1 jiffies has
actually passed. The waiting time has increased by more than a
hundredfold.

Now instead of calling poll(). call smi_event_handler() directly and
calculate the elapsed time.

For verification, you can directly use ebpf to check the kcs->
ibf_timeout for each call to kcs_event() when IPMI is disconnected.
Decrement at normal rate before unloading. The decrement rate becomes
very slow after unloading.

  $ bpftrace -e 'kprobe:kcs_event {printf("kcs->ibftimeout : %d\n",
      *(arg0+584));}'

Signed-off-by: Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
Message-Id: <20221007092617.87597-3-zhangyuchen.lcr@bytedance.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Cc: stable@vger.kernel.org
2022-10-17 09:51:27 -05:00