/*
* IPMI BMC external connection
*
* Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
/*
* This is designed to connect with OpenIPMI's lanserv serial interface
* using the "VM" connection type. See that for details.
*/
#include "qemu/osdep.h"
#include "qemu/timer.h"
#include "sysemu/char.h"
#include "sysemu/sysemu.h"
#include "hw/ipmi/ipmi.h"
#define VM_MSG_CHAR 0xA0 /* Marks end of message */
#define VM_CMD_CHAR 0xA1 /* Marks end of a command */
#define VM_ESCAPE_CHAR 0xAA /* Set bit 4 from the next byte to 0 */
#define VM_PROTOCOL_VERSION 1
#define VM_CMD_VERSION 0xff /* A version number byte follows */
#define VM_CMD_NOATTN 0x00
#define VM_CMD_ATTN 0x01
#define VM_CMD_ATTN_IRQ 0x02
#define VM_CMD_POWEROFF 0x03
#define VM_CMD_RESET 0x04
#define VM_CMD_ENABLE_IRQ 0x05 /* Enable/disable the messaging irq */
#define VM_CMD_DISABLE_IRQ 0x06
#define VM_CMD_SEND_NMI 0x07
#define VM_CMD_CAPABILITIES 0x08
#define VM_CAPABILITIES_POWER 0x01
#define VM_CAPABILITIES_RESET 0x02
#define VM_CAPABILITIES_IRQ 0x04
#define VM_CAPABILITIES_NMI 0x08
#define VM_CAPABILITIES_ATTN 0x10
#define VM_CMD_FORCEOFF 0x09
#define TYPE_IPMI_BMC_EXTERN "ipmi-bmc-extern"
#define IPMI_BMC_EXTERN(obj) OBJECT_CHECK(IPMIBmcExtern, (obj), \
TYPE_IPMI_BMC_EXTERN)
typedef struct IPMIBmcExtern {
IPMIBmc parent;
CharDriverState *chr;
bool connected;
unsigned char inbuf[MAX_IPMI_MSG_SIZE + 2];
unsigned int inpos;
bool in_escape;
bool in_too_many;
bool waiting_rsp;
bool sending_cmd;
unsigned char outbuf[(MAX_IPMI_MSG_SIZE + 2) * 2 + 1];
unsigned int outpos;
unsigned int outlen;
struct QEMUTimer *extern_timer;
/* A reset event is pending to be sent upstream. */
bool send_reset;
} IPMIBmcExtern;
static int can_receive(void *opaque);
static void receive(void *opaque, const uint8_t *buf, int size);
static void chr_event(void *opaque, int event);
static unsigned char
ipmb_checksum(const unsigned char *data, int size, unsigned char start)
{
unsigned char csum = start;
for (; size > 0; size--, data++) {
csum += *data;
}
return csum;
}
static void continue_send(IPMIBmcExtern *ibe)
{
if (ibe->outlen == 0) {
goto check_reset;
}
send:
ibe->outpos += qemu_chr_fe_write(ibe->chr, ibe->outbuf + ibe->outpos,
ibe->outlen - ibe->outpos);
if (ibe->outpos < ibe->outlen) {
/* Not fully transmitted, try again in a 10ms */
timer_mod_ns(ibe->extern_timer,
qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 10000000);
} else {
/* Sent */
ibe->outlen = 0;
ibe->outpos = 0;
if (!ibe->sending_cmd) {
ibe->waiting_rsp = true;
} else {
ibe->sending_cmd = false;
}
check_reset:
if (ibe->connected && ibe->send_reset) {
/* Send the reset */
ibe->outbuf[0] = VM_CMD_RESET;
ibe->outbuf[1] = VM_CMD_CHAR;
ibe->outlen = 2;
ibe->outpos = 0;
ibe->send_reset = false;
ibe->sending_cmd = true;
goto send;
}
if (ibe->waiting_rsp) {
/* Make sure we get a response within 4 seconds. */
timer_mod_ns(ibe->extern_timer,
qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 4000000000ULL);
}
}
return;
}
static void extern_timeout(void *opaque)
{
IPMIBmcExtern *ibe = opaque;
IPMIInterface *s = ibe->parent.intf;
if (ibe->connected) {
if (ibe->waiting_rsp && (ibe->outlen == 0)) {
IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
/* The message response timed out, return an error. */
ibe->waiting_rsp = false;
ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
ibe->inbuf[2] = ibe->outbuf[2];
ibe->inbuf[3] = IPMI_CC_TIMEOUT;
k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3);
} else {
continue_send(ibe);
}
}
}
static void addchar(IPMIBmcExtern *ibe, unsigned char ch)
{
switch (ch) {
case VM_MSG_CHAR:
case VM_CMD_CHAR:
case VM_ESCAPE_CHAR:
ibe->outbuf[ibe->outlen] = VM_ESCAPE_CHAR;
ibe->outlen++;
ch |= 0x10;
/* No break */
default:
ibe->outbuf[ibe->outlen] = ch;
ibe->outlen++;
}
}
static void ipmi_bmc_extern_handle_command(IPMIBmc *b,
uint8_t *cmd, unsigned int cmd_len,
unsigned int max_cmd_len,
uint8_t msg_id)
{
IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b);
IPMIInterface *s = ibe->parent.intf;
uint8_t err = 0, csum;
unsigned int i;
if (ibe->outlen) {
/* We already have a command queued. Shouldn't ever happen. */
fprintf(stderr, "IPMI KCS: Got command when not finished with the"
" previous commmand\n");
abort();
}
/* If it's too short or it was truncated, return an error. */
if (cmd_len < 2) {
err = IPMI_CC_REQUEST_DATA_LENGTH_INVALID;
} else if ((cmd_len > max_cmd_len) || (cmd_len > MAX_IPMI_MSG_SIZE)) {
err = IPMI_CC_REQUEST_DATA_TRUNCATED;
} else if (!ibe->connected) {
err = IPMI_CC_BMC_INIT_IN_PROGRESS;
}
if (err) {
IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
unsigned char rsp[3];
rsp[0] = cmd[0] | 0x04;
rsp[1] = cmd[1];
rsp[2] = err;
ibe->waiting_rsp = false;
k->handle_rsp(s, msg_id, rsp, 3);
goto out;
}
addchar(ibe, msg_id);
for (i = 0; i < cmd_len; i++) {
addchar(ibe, cmd[i]);
}
csum = ipmb_checksum(&msg_id, 1, 0);
addchar(ibe, -ipmb_checksum(cmd, cmd_len, csum));
ibe->outbuf[ibe->outlen] = VM_MSG_CHAR;
ibe->outlen++;
/* Start the transmit */
continue_send(ibe);
out:
return;
}
static void handle_hw_op(IPMIBmcExtern *ibe, unsigned char hw_op)
{
IPMIInterface *s = ibe->parent.intf;
IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
switch (hw_op) {
case VM_CMD_VERSION:
/* We only support one version at this time. */
break;
case VM_CMD_NOATTN:
k->set_atn(s, 0, 0);
break;
case VM_CMD_ATTN:
k->set_atn(s, 1, 0);
break;
case VM_CMD_ATTN_IRQ:
k->set_atn(s, 1, 1);
break;
case VM_CMD_POWEROFF:
k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0);
break;
case VM_CMD_RESET:
k->do_hw_op(s, IPMI_RESET_CHASSIS, 0);
break;
case VM_CMD_ENABLE_IRQ:
k->set_irq_enable(s, 1);
break;
case VM_CMD_DISABLE_IRQ:
k->set_irq_enable(s, 0);
break;
case VM_CMD_SEND_NMI:
k->do_hw_op(s, IPMI_SEND_NMI, 0);
break;
case VM_CMD_FORCEOFF:
qemu_system_shutdown_request();
break;
}
}
static void handle_msg(IPMIBmcExtern *ibe)
{
IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(ibe->parent.intf);
if (ibe->in_escape) {
ipmi_debug("msg escape not ended\n");
return;
}
if (ibe->inpos < 5) {
ipmi_debug("msg too short\n");
return;
}
if (ibe->in_too_many) {
ibe->inbuf[3] = IPMI_CC_REQUEST_DATA_TRUNCATED;
ibe->inpos = 4;
} else if (ipmb_checksum(ibe->inbuf, ibe->inpos, 0) != 0) {
ipmi_debug("msg checksum failure\n");
return;
} else {
ibe->inpos--; /* Remove checkum */
}
timer_del(ibe->extern_timer);
ibe->waiting_rsp = false;
k->handle_rsp(ibe->parent.intf, ibe->inbuf[0], ibe->inbuf + 1, ibe->inpos - 1);
}
static int can_receive(void *opaque)
{
return 1;
}
static void receive(void *opaque, const uint8_t *buf, int size)
{
IPMIBmcExtern *ibe = opaque;
int i;
unsigned char hw_op;
for (i = 0; i < size; i++) {
unsigned char ch = buf[i];
switch (ch) {
case VM_MSG_CHAR:
handle_msg(ibe);
ibe->in_too_many = false;
ibe->inpos = 0;
break;
case VM_CMD_CHAR:
if (ibe->in_too_many) {
ipmi_debug("cmd in too many\n");
ibe->in_too_many = false;
ibe->inpos = 0;
break;
}
if (ibe->in_escape) {
ipmi_debug("cmd in escape\n");
ibe->in_too_many = false;
ibe->inpos = 0;
ibe->in_escape = false;
break;
}
ibe->in_too_many = false;
if (ibe->inpos < 1) {
break;
}
hw_op = ibe->inbuf[0];
ibe->inpos = 0;
goto out_hw_op;
break;
case VM_ESCAPE_CHAR:
ibe->in_escape = true;
break;
default:
if (ibe->in_escape) {
ch &= ~0x10;
ibe->in_escape = false;
}
if (ibe->in_too_many) {
break;
}
if (ibe->inpos >= sizeof(ibe->inbuf)) {
ibe->in_too_many = true;
break;
}
ibe->inbuf[ibe->inpos] = ch;
ibe->inpos++;
break;
}
}
return;
out_hw_op:
handle_hw_op(ibe, hw_op);
}
static void chr_event(void *opaque, int event)
{
IPMIBmcExtern *ibe = opaque;
IPMIInterface *s = ibe->parent.intf;
IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
unsigned char v;
switch (event) {
case CHR_EVENT_OPENED:
ibe->connected = true;
ibe->outpos = 0;
ibe->outlen = 0;
addchar(ibe, VM_CMD_VERSION);
addchar(ibe, VM_PROTOCOL_VERSION);
ibe->outbuf[ibe->outlen] = VM_CMD_CHAR;
ibe->outlen++;
addchar(ibe, VM_CMD_CAPABILITIES);
v = VM_CAPABILITIES_IRQ | VM_CAPABILITIES_ATTN;
if (k->do_hw_op(ibe->parent.intf, IPMI_POWEROFF_CHASSIS, 1) == 0) {
v |= VM_CAPABILITIES_POWER;
}
if (k->do_hw_op(ibe->parent.intf, IPMI_RESET_CHASSIS, 1) == 0) {
v |= VM_CAPABILITIES_RESET;
}
if (k->do_hw_op(ibe->parent.intf, IPMI_SEND_NMI, 1) == 0) {
v |= VM_CAPABILITIES_NMI;
}
addchar(ibe, v);
ibe->outbuf[ibe->outlen] = VM_CMD_CHAR;
ibe->outlen++;
ibe->sending_cmd = false;
continue_send(ibe);
break;
case CHR_EVENT_CLOSED:
if (!ibe->connected) {
return;
}
ibe->connected = false;
if (ibe->waiting_rsp) {
ibe->waiting_rsp = false;
ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
ibe->inbuf[2] = ibe->outbuf[2];
ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS;
k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3);
}
break;
}
}
static void ipmi_bmc_extern_handle_reset(IPMIBmc *b)
{
IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b);
ibe->send_reset = true;
continue_send(ibe);
}
static void ipmi_bmc_extern_realize(DeviceState *dev, Error **errp)
{
IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(dev);
if (!ibe->chr) {
error_setg(errp, "IPMI external bmc requires chardev attribute");
return;
}
qemu_chr_add_handlers(ibe->chr, can_receive, receive, chr_event, ibe);
}
static int ipmi_bmc_extern_post_migrate(void *opaque, int version_id)
{
IPMIBmcExtern *ibe = opaque;
/*
* We don't directly restore waiting_rsp, Instead, we return an
* error on the interface if a response was being waited for.
*/
if (ibe->waiting_rsp) {
IPMIInterface *ii = ibe->parent.intf;
IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
ibe->waiting_rsp = false;
ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
ibe->inbuf[2] = ibe->outbuf[2];
ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS;
iic->handle_rsp(ii, ibe->outbuf[0], ibe->inbuf + 1, 3);
}
return 0;
}
static const VMStateDescription vmstate_ipmi_bmc_extern = {
.name = TYPE_IPMI_BMC_EXTERN,
.version_id = 1,
.minimum_version_id = 1,
.post_load = ipmi_bmc_extern_post_migrate,
.fields = (VMStateField[]) {
VMSTATE_BOOL(send_reset, IPMIBmcExtern),
VMSTATE_BOOL(waiting_rsp, IPMIBmcExtern),
VMSTATE_END_OF_LIST()
}
};
static void ipmi_bmc_extern_init(Object *obj)
{
IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj);
ibe->extern_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, extern_timeout, ibe);
vmstate_register(NULL, 0, &vmstate_ipmi_bmc_extern, ibe);
}
static Property ipmi_bmc_extern_properties[] = {
DEFINE_PROP_CHR("chardev", IPMIBmcExtern, chr),
DEFINE_PROP_END_OF_LIST(),
};
static void ipmi_bmc_extern_class_init(ObjectClass *oc, void *data)
{
DeviceClass *dc = DEVICE_CLASS(oc);
IPMIBmcClass *bk = IPMI_BMC_CLASS(oc);
bk->handle_command = ipmi_bmc_extern_handle_command;
bk->handle_reset = ipmi_bmc_extern_handle_reset;
dc->realize = ipmi_bmc_extern_realize;
dc->props = ipmi_bmc_extern_properties;
}
static const TypeInfo ipmi_bmc_extern_type = {
.name = TYPE_IPMI_BMC_EXTERN,
.parent = TYPE_IPMI_BMC,
.instance_size = sizeof(IPMIBmcExtern),
.instance_init = ipmi_bmc_extern_init,
.class_init = ipmi_bmc_extern_class_init,
};
static void ipmi_bmc_extern_register_types(void)
{
type_register_static(&ipmi_bmc_extern_type);
}
type_init(ipmi_bmc_extern_register_types)
