1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#include "qemu/osdep.h"
31#include "qapi/error.h"
32#include "qemu/timer.h"
33#include "sysemu/char.h"
34#include "sysemu/sysemu.h"
35#include "hw/ipmi/ipmi.h"
36
37#define VM_MSG_CHAR 0xA0
38#define VM_CMD_CHAR 0xA1
39#define VM_ESCAPE_CHAR 0xAA
40
41#define VM_PROTOCOL_VERSION 1
42#define VM_CMD_VERSION 0xff
43#define VM_CMD_NOATTN 0x00
44#define VM_CMD_ATTN 0x01
45#define VM_CMD_ATTN_IRQ 0x02
46#define VM_CMD_POWEROFF 0x03
47#define VM_CMD_RESET 0x04
48#define VM_CMD_ENABLE_IRQ 0x05
49#define VM_CMD_DISABLE_IRQ 0x06
50#define VM_CMD_SEND_NMI 0x07
51#define VM_CMD_CAPABILITIES 0x08
52#define VM_CAPABILITIES_POWER 0x01
53#define VM_CAPABILITIES_RESET 0x02
54#define VM_CAPABILITIES_IRQ 0x04
55#define VM_CAPABILITIES_NMI 0x08
56#define VM_CAPABILITIES_ATTN 0x10
57#define VM_CMD_FORCEOFF 0x09
58
59#define TYPE_IPMI_BMC_EXTERN "ipmi-bmc-extern"
60#define IPMI_BMC_EXTERN(obj) OBJECT_CHECK(IPMIBmcExtern, (obj), \
61 TYPE_IPMI_BMC_EXTERN)
62typedef struct IPMIBmcExtern {
63 IPMIBmc parent;
64
65 CharDriverState *chr;
66
67 bool connected;
68
69 unsigned char inbuf[MAX_IPMI_MSG_SIZE + 2];
70 unsigned int inpos;
71 bool in_escape;
72 bool in_too_many;
73 bool waiting_rsp;
74 bool sending_cmd;
75
76 unsigned char outbuf[(MAX_IPMI_MSG_SIZE + 2) * 2 + 1];
77 unsigned int outpos;
78 unsigned int outlen;
79
80 struct QEMUTimer *extern_timer;
81
82
83 bool send_reset;
84} IPMIBmcExtern;
85
86static int can_receive(void *opaque);
87static void receive(void *opaque, const uint8_t *buf, int size);
88static void chr_event(void *opaque, int event);
89
90static unsigned char
91ipmb_checksum(const unsigned char *data, int size, unsigned char start)
92{
93 unsigned char csum = start;
94
95 for (; size > 0; size--, data++) {
96 csum += *data;
97 }
98 return csum;
99}
100
101static void continue_send(IPMIBmcExtern *ibe)
102{
103 if (ibe->outlen == 0) {
104 goto check_reset;
105 }
106 send:
107 ibe->outpos += qemu_chr_fe_write(ibe->chr, ibe->outbuf + ibe->outpos,
108 ibe->outlen - ibe->outpos);
109 if (ibe->outpos < ibe->outlen) {
110
111 timer_mod_ns(ibe->extern_timer,
112 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 10000000);
113 } else {
114
115 ibe->outlen = 0;
116 ibe->outpos = 0;
117 if (!ibe->sending_cmd) {
118 ibe->waiting_rsp = true;
119 } else {
120 ibe->sending_cmd = false;
121 }
122 check_reset:
123 if (ibe->connected && ibe->send_reset) {
124
125 ibe->outbuf[0] = VM_CMD_RESET;
126 ibe->outbuf[1] = VM_CMD_CHAR;
127 ibe->outlen = 2;
128 ibe->outpos = 0;
129 ibe->send_reset = false;
130 ibe->sending_cmd = true;
131 goto send;
132 }
133
134 if (ibe->waiting_rsp) {
135
136 timer_mod_ns(ibe->extern_timer,
137 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 4000000000ULL);
138 }
139 }
140 return;
141}
142
143static void extern_timeout(void *opaque)
144{
145 IPMIBmcExtern *ibe = opaque;
146 IPMIInterface *s = ibe->parent.intf;
147
148 if (ibe->connected) {
149 if (ibe->waiting_rsp && (ibe->outlen == 0)) {
150 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
151
152 ibe->waiting_rsp = false;
153 ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
154 ibe->inbuf[2] = ibe->outbuf[2];
155 ibe->inbuf[3] = IPMI_CC_TIMEOUT;
156 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3);
157 } else {
158 continue_send(ibe);
159 }
160 }
161}
162
163static void addchar(IPMIBmcExtern *ibe, unsigned char ch)
164{
165 switch (ch) {
166 case VM_MSG_CHAR:
167 case VM_CMD_CHAR:
168 case VM_ESCAPE_CHAR:
169 ibe->outbuf[ibe->outlen] = VM_ESCAPE_CHAR;
170 ibe->outlen++;
171 ch |= 0x10;
172
173
174 default:
175 ibe->outbuf[ibe->outlen] = ch;
176 ibe->outlen++;
177 }
178}
179
180static void ipmi_bmc_extern_handle_command(IPMIBmc *b,
181 uint8_t *cmd, unsigned int cmd_len,
182 unsigned int max_cmd_len,
183 uint8_t msg_id)
184{
185 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b);
186 IPMIInterface *s = ibe->parent.intf;
187 uint8_t err = 0, csum;
188 unsigned int i;
189
190 if (ibe->outlen) {
191
192 fprintf(stderr, "IPMI KCS: Got command when not finished with the"
193 " previous commmand\n");
194 abort();
195 }
196
197
198 if (cmd_len < 2) {
199 err = IPMI_CC_REQUEST_DATA_LENGTH_INVALID;
200 } else if ((cmd_len > max_cmd_len) || (cmd_len > MAX_IPMI_MSG_SIZE)) {
201 err = IPMI_CC_REQUEST_DATA_TRUNCATED;
202 } else if (!ibe->connected) {
203 err = IPMI_CC_BMC_INIT_IN_PROGRESS;
204 }
205 if (err) {
206 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
207 unsigned char rsp[3];
208 rsp[0] = cmd[0] | 0x04;
209 rsp[1] = cmd[1];
210 rsp[2] = err;
211 ibe->waiting_rsp = false;
212 k->handle_rsp(s, msg_id, rsp, 3);
213 goto out;
214 }
215
216 addchar(ibe, msg_id);
217 for (i = 0; i < cmd_len; i++) {
218 addchar(ibe, cmd[i]);
219 }
220 csum = ipmb_checksum(&msg_id, 1, 0);
221 addchar(ibe, -ipmb_checksum(cmd, cmd_len, csum));
222
223 ibe->outbuf[ibe->outlen] = VM_MSG_CHAR;
224 ibe->outlen++;
225
226
227 continue_send(ibe);
228
229 out:
230 return;
231}
232
233static void handle_hw_op(IPMIBmcExtern *ibe, unsigned char hw_op)
234{
235 IPMIInterface *s = ibe->parent.intf;
236 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
237
238 switch (hw_op) {
239 case VM_CMD_VERSION:
240
241 break;
242
243 case VM_CMD_NOATTN:
244 k->set_atn(s, 0, 0);
245 break;
246
247 case VM_CMD_ATTN:
248 k->set_atn(s, 1, 0);
249 break;
250
251 case VM_CMD_ATTN_IRQ:
252 k->set_atn(s, 1, 1);
253 break;
254
255 case VM_CMD_POWEROFF:
256 k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0);
257 break;
258
259 case VM_CMD_RESET:
260 k->do_hw_op(s, IPMI_RESET_CHASSIS, 0);
261 break;
262
263 case VM_CMD_ENABLE_IRQ:
264 k->set_irq_enable(s, 1);
265 break;
266
267 case VM_CMD_DISABLE_IRQ:
268 k->set_irq_enable(s, 0);
269 break;
270
271 case VM_CMD_SEND_NMI:
272 k->do_hw_op(s, IPMI_SEND_NMI, 0);
273 break;
274
275 case VM_CMD_FORCEOFF:
276 qemu_system_shutdown_request();
277 break;
278 }
279}
280
281static void handle_msg(IPMIBmcExtern *ibe)
282{
283 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(ibe->parent.intf);
284
285 if (ibe->in_escape) {
286 ipmi_debug("msg escape not ended\n");
287 return;
288 }
289 if (ibe->inpos < 5) {
290 ipmi_debug("msg too short\n");
291 return;
292 }
293 if (ibe->in_too_many) {
294 ibe->inbuf[3] = IPMI_CC_REQUEST_DATA_TRUNCATED;
295 ibe->inpos = 4;
296 } else if (ipmb_checksum(ibe->inbuf, ibe->inpos, 0) != 0) {
297 ipmi_debug("msg checksum failure\n");
298 return;
299 } else {
300 ibe->inpos--;
301 }
302
303 timer_del(ibe->extern_timer);
304 ibe->waiting_rsp = false;
305 k->handle_rsp(ibe->parent.intf, ibe->inbuf[0], ibe->inbuf + 1, ibe->inpos - 1);
306}
307
308static int can_receive(void *opaque)
309{
310 return 1;
311}
312
313static void receive(void *opaque, const uint8_t *buf, int size)
314{
315 IPMIBmcExtern *ibe = opaque;
316 int i;
317 unsigned char hw_op;
318
319 for (i = 0; i < size; i++) {
320 unsigned char ch = buf[i];
321
322 switch (ch) {
323 case VM_MSG_CHAR:
324 handle_msg(ibe);
325 ibe->in_too_many = false;
326 ibe->inpos = 0;
327 break;
328
329 case VM_CMD_CHAR:
330 if (ibe->in_too_many) {
331 ipmi_debug("cmd in too many\n");
332 ibe->in_too_many = false;
333 ibe->inpos = 0;
334 break;
335 }
336 if (ibe->in_escape) {
337 ipmi_debug("cmd in escape\n");
338 ibe->in_too_many = false;
339 ibe->inpos = 0;
340 ibe->in_escape = false;
341 break;
342 }
343 ibe->in_too_many = false;
344 if (ibe->inpos < 1) {
345 break;
346 }
347 hw_op = ibe->inbuf[0];
348 ibe->inpos = 0;
349 goto out_hw_op;
350 break;
351
352 case VM_ESCAPE_CHAR:
353 ibe->in_escape = true;
354 break;
355
356 default:
357 if (ibe->in_escape) {
358 ch &= ~0x10;
359 ibe->in_escape = false;
360 }
361 if (ibe->in_too_many) {
362 break;
363 }
364 if (ibe->inpos >= sizeof(ibe->inbuf)) {
365 ibe->in_too_many = true;
366 break;
367 }
368 ibe->inbuf[ibe->inpos] = ch;
369 ibe->inpos++;
370 break;
371 }
372 }
373 return;
374
375 out_hw_op:
376 handle_hw_op(ibe, hw_op);
377}
378
379static void chr_event(void *opaque, int event)
380{
381 IPMIBmcExtern *ibe = opaque;
382 IPMIInterface *s = ibe->parent.intf;
383 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
384 unsigned char v;
385
386 switch (event) {
387 case CHR_EVENT_OPENED:
388 ibe->connected = true;
389 ibe->outpos = 0;
390 ibe->outlen = 0;
391 addchar(ibe, VM_CMD_VERSION);
392 addchar(ibe, VM_PROTOCOL_VERSION);
393 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR;
394 ibe->outlen++;
395 addchar(ibe, VM_CMD_CAPABILITIES);
396 v = VM_CAPABILITIES_IRQ | VM_CAPABILITIES_ATTN;
397 if (k->do_hw_op(ibe->parent.intf, IPMI_POWEROFF_CHASSIS, 1) == 0) {
398 v |= VM_CAPABILITIES_POWER;
399 }
400 if (k->do_hw_op(ibe->parent.intf, IPMI_RESET_CHASSIS, 1) == 0) {
401 v |= VM_CAPABILITIES_RESET;
402 }
403 if (k->do_hw_op(ibe->parent.intf, IPMI_SEND_NMI, 1) == 0) {
404 v |= VM_CAPABILITIES_NMI;
405 }
406 addchar(ibe, v);
407 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR;
408 ibe->outlen++;
409 ibe->sending_cmd = false;
410 continue_send(ibe);
411 break;
412
413 case CHR_EVENT_CLOSED:
414 if (!ibe->connected) {
415 return;
416 }
417 ibe->connected = false;
418 if (ibe->waiting_rsp) {
419 ibe->waiting_rsp = false;
420 ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
421 ibe->inbuf[2] = ibe->outbuf[2];
422 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS;
423 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3);
424 }
425 break;
426 }
427}
428
429static void ipmi_bmc_extern_handle_reset(IPMIBmc *b)
430{
431 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b);
432
433 ibe->send_reset = true;
434 continue_send(ibe);
435}
436
437static void ipmi_bmc_extern_realize(DeviceState *dev, Error **errp)
438{
439 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(dev);
440
441 if (!ibe->chr) {
442 error_setg(errp, "IPMI external bmc requires chardev attribute");
443 return;
444 }
445
446 qemu_chr_add_handlers(ibe->chr, can_receive, receive, chr_event, ibe);
447}
448
449static int ipmi_bmc_extern_post_migrate(void *opaque, int version_id)
450{
451 IPMIBmcExtern *ibe = opaque;
452
453
454
455
456
457 if (ibe->waiting_rsp) {
458 IPMIInterface *ii = ibe->parent.intf;
459 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
460
461 ibe->waiting_rsp = false;
462 ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
463 ibe->inbuf[2] = ibe->outbuf[2];
464 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS;
465 iic->handle_rsp(ii, ibe->outbuf[0], ibe->inbuf + 1, 3);
466 }
467 return 0;
468}
469
470static const VMStateDescription vmstate_ipmi_bmc_extern = {
471 .name = TYPE_IPMI_BMC_EXTERN,
472 .version_id = 1,
473 .minimum_version_id = 1,
474 .post_load = ipmi_bmc_extern_post_migrate,
475 .fields = (VMStateField[]) {
476 VMSTATE_BOOL(send_reset, IPMIBmcExtern),
477 VMSTATE_BOOL(waiting_rsp, IPMIBmcExtern),
478 VMSTATE_END_OF_LIST()
479 }
480};
481
482static void ipmi_bmc_extern_init(Object *obj)
483{
484 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj);
485
486 ibe->extern_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, extern_timeout, ibe);
487 vmstate_register(NULL, 0, &vmstate_ipmi_bmc_extern, ibe);
488}
489
490static Property ipmi_bmc_extern_properties[] = {
491 DEFINE_PROP_CHR("chardev", IPMIBmcExtern, chr),
492 DEFINE_PROP_END_OF_LIST(),
493};
494
495static void ipmi_bmc_extern_class_init(ObjectClass *oc, void *data)
496{
497 DeviceClass *dc = DEVICE_CLASS(oc);
498 IPMIBmcClass *bk = IPMI_BMC_CLASS(oc);
499
500 bk->handle_command = ipmi_bmc_extern_handle_command;
501 bk->handle_reset = ipmi_bmc_extern_handle_reset;
502 dc->realize = ipmi_bmc_extern_realize;
503 dc->props = ipmi_bmc_extern_properties;
504}
505
506static const TypeInfo ipmi_bmc_extern_type = {
507 .name = TYPE_IPMI_BMC_EXTERN,
508 .parent = TYPE_IPMI_BMC,
509 .instance_size = sizeof(IPMIBmcExtern),
510 .instance_init = ipmi_bmc_extern_init,
511 .class_init = ipmi_bmc_extern_class_init,
512 };
513
514static void ipmi_bmc_extern_register_types(void)
515{
516 type_register_static(&ipmi_bmc_extern_type);
517}
518
519type_init(ipmi_bmc_extern_register_types)
520