1 /* 2 * IPMI BMC external connection 3 * 4 * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 /* 26 * This is designed to connect with OpenIPMI's lanserv serial interface 27 * using the "VM" connection type. See that for details. 28 */ 29 30 #include <stdint.h> 31 #include "qemu/timer.h" 32 #include "sysemu/char.h" 33 #include "hw/ipmi/ipmi.h" 34 35 #define VM_MSG_CHAR 0xA0 /* Marks end of message */ 36 #define VM_CMD_CHAR 0xA1 /* Marks end of a command */ 37 #define VM_ESCAPE_CHAR 0xAA /* Set bit 4 from the next byte to 0 */ 38 39 #define VM_PROTOCOL_VERSION 1 40 #define VM_CMD_VERSION 0xff /* A version number byte follows */ 41 #define VM_CMD_NOATTN 0x00 42 #define VM_CMD_ATTN 0x01 43 #define VM_CMD_ATTN_IRQ 0x02 44 #define VM_CMD_POWEROFF 0x03 45 #define VM_CMD_RESET 0x04 46 #define VM_CMD_ENABLE_IRQ 0x05 /* Enable/disable the messaging irq */ 47 #define VM_CMD_DISABLE_IRQ 0x06 48 #define VM_CMD_SEND_NMI 0x07 49 #define VM_CMD_CAPABILITIES 0x08 50 #define VM_CAPABILITIES_POWER 0x01 51 #define VM_CAPABILITIES_RESET 0x02 52 #define VM_CAPABILITIES_IRQ 0x04 53 #define VM_CAPABILITIES_NMI 0x08 54 #define VM_CAPABILITIES_ATTN 0x10 55 56 #define TYPE_IPMI_BMC_EXTERN "ipmi-bmc-extern" 57 #define IPMI_BMC_EXTERN(obj) OBJECT_CHECK(IPMIBmcExtern, (obj), \ 58 TYPE_IPMI_BMC_EXTERN) 59 typedef struct IPMIBmcExtern { 60 IPMIBmc parent; 61 62 CharDriverState *chr; 63 64 bool connected; 65 66 unsigned char inbuf[MAX_IPMI_MSG_SIZE + 2]; 67 unsigned int inpos; 68 bool in_escape; 69 bool in_too_many; 70 bool waiting_rsp; 71 bool sending_cmd; 72 73 unsigned char outbuf[(MAX_IPMI_MSG_SIZE + 2) * 2 + 1]; 74 unsigned int outpos; 75 unsigned int outlen; 76 77 struct QEMUTimer *extern_timer; 78 79 /* A reset event is pending to be sent upstream. */ 80 bool send_reset; 81 } IPMIBmcExtern; 82 83 static int can_receive(void *opaque); 84 static void receive(void *opaque, const uint8_t *buf, int size); 85 static void chr_event(void *opaque, int event); 86 87 static unsigned char 88 ipmb_checksum(const unsigned char *data, int size, unsigned char start) 89 { 90 unsigned char csum = start; 91 92 for (; size > 0; size--, data++) { 93 csum += *data; 94 } 95 return csum; 96 } 97 98 static void continue_send(IPMIBmcExtern *ibe) 99 { 100 if (ibe->outlen == 0) { 101 goto check_reset; 102 } 103 send: 104 ibe->outpos += qemu_chr_fe_write(ibe->chr, ibe->outbuf + ibe->outpos, 105 ibe->outlen - ibe->outpos); 106 if (ibe->outpos < ibe->outlen) { 107 /* Not fully transmitted, try again in a 10ms */ 108 timer_mod_ns(ibe->extern_timer, 109 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 10000000); 110 } else { 111 /* Sent */ 112 ibe->outlen = 0; 113 ibe->outpos = 0; 114 if (!ibe->sending_cmd) { 115 ibe->waiting_rsp = true; 116 } else { 117 ibe->sending_cmd = false; 118 } 119 check_reset: 120 if (ibe->connected && ibe->send_reset) { 121 /* Send the reset */ 122 ibe->outbuf[0] = VM_CMD_RESET; 123 ibe->outbuf[1] = VM_CMD_CHAR; 124 ibe->outlen = 2; 125 ibe->outpos = 0; 126 ibe->send_reset = false; 127 ibe->sending_cmd = true; 128 goto send; 129 } 130 131 if (ibe->waiting_rsp) { 132 /* Make sure we get a response within 4 seconds. */ 133 timer_mod_ns(ibe->extern_timer, 134 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 4000000000ULL); 135 } 136 } 137 return; 138 } 139 140 static void extern_timeout(void *opaque) 141 { 142 IPMIBmcExtern *ibe = opaque; 143 IPMIInterface *s = ibe->parent.intf; 144 145 if (ibe->connected) { 146 if (ibe->waiting_rsp && (ibe->outlen == 0)) { 147 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 148 /* The message response timed out, return an error. */ 149 ibe->waiting_rsp = false; 150 ibe->inbuf[1] = ibe->outbuf[1] | 0x04; 151 ibe->inbuf[2] = ibe->outbuf[2]; 152 ibe->inbuf[3] = IPMI_CC_TIMEOUT; 153 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3); 154 } else { 155 continue_send(ibe); 156 } 157 } 158 } 159 160 static void addchar(IPMIBmcExtern *ibe, unsigned char ch) 161 { 162 switch (ch) { 163 case VM_MSG_CHAR: 164 case VM_CMD_CHAR: 165 case VM_ESCAPE_CHAR: 166 ibe->outbuf[ibe->outlen] = VM_ESCAPE_CHAR; 167 ibe->outlen++; 168 ch |= 0x10; 169 /* No break */ 170 171 default: 172 ibe->outbuf[ibe->outlen] = ch; 173 ibe->outlen++; 174 } 175 } 176 177 static void ipmi_bmc_extern_handle_command(IPMIBmc *b, 178 uint8_t *cmd, unsigned int cmd_len, 179 unsigned int max_cmd_len, 180 uint8_t msg_id) 181 { 182 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b); 183 IPMIInterface *s = ibe->parent.intf; 184 uint8_t err = 0, csum; 185 unsigned int i; 186 187 if (ibe->outlen) { 188 /* We already have a command queued. Shouldn't ever happen. */ 189 fprintf(stderr, "IPMI KCS: Got command when not finished with the" 190 " previous commmand\n"); 191 abort(); 192 } 193 194 /* If it's too short or it was truncated, return an error. */ 195 if (cmd_len < 2) { 196 err = IPMI_CC_REQUEST_DATA_LENGTH_INVALID; 197 } else if ((cmd_len > max_cmd_len) || (cmd_len > MAX_IPMI_MSG_SIZE)) { 198 err = IPMI_CC_REQUEST_DATA_TRUNCATED; 199 } else if (!ibe->connected) { 200 err = IPMI_CC_BMC_INIT_IN_PROGRESS; 201 } 202 if (err) { 203 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 204 unsigned char rsp[3]; 205 rsp[0] = cmd[0] | 0x04; 206 rsp[1] = cmd[1]; 207 rsp[2] = err; 208 ibe->waiting_rsp = false; 209 k->handle_rsp(s, msg_id, rsp, 3); 210 goto out; 211 } 212 213 addchar(ibe, msg_id); 214 for (i = 0; i < cmd_len; i++) { 215 addchar(ibe, cmd[i]); 216 } 217 csum = ipmb_checksum(&msg_id, 1, 0); 218 addchar(ibe, -ipmb_checksum(cmd, cmd_len, csum)); 219 220 ibe->outbuf[ibe->outlen] = VM_MSG_CHAR; 221 ibe->outlen++; 222 223 /* Start the transmit */ 224 continue_send(ibe); 225 226 out: 227 return; 228 } 229 230 static void handle_hw_op(IPMIBmcExtern *ibe, unsigned char hw_op) 231 { 232 IPMIInterface *s = ibe->parent.intf; 233 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 234 235 switch (hw_op) { 236 case VM_CMD_VERSION: 237 /* We only support one version at this time. */ 238 break; 239 240 case VM_CMD_NOATTN: 241 k->set_atn(s, 0, 0); 242 break; 243 244 case VM_CMD_ATTN: 245 k->set_atn(s, 1, 0); 246 break; 247 248 case VM_CMD_ATTN_IRQ: 249 k->set_atn(s, 1, 1); 250 break; 251 252 case VM_CMD_POWEROFF: 253 k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0); 254 break; 255 256 case VM_CMD_RESET: 257 k->do_hw_op(s, IPMI_RESET_CHASSIS, 0); 258 break; 259 260 case VM_CMD_ENABLE_IRQ: 261 k->set_irq_enable(s, 1); 262 break; 263 264 case VM_CMD_DISABLE_IRQ: 265 k->set_irq_enable(s, 0); 266 break; 267 268 case VM_CMD_SEND_NMI: 269 k->do_hw_op(s, IPMI_SEND_NMI, 0); 270 break; 271 } 272 } 273 274 static void handle_msg(IPMIBmcExtern *ibe) 275 { 276 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(ibe->parent.intf); 277 278 if (ibe->in_escape) { 279 ipmi_debug("msg escape not ended\n"); 280 return; 281 } 282 if (ibe->inpos < 5) { 283 ipmi_debug("msg too short\n"); 284 return; 285 } 286 if (ibe->in_too_many) { 287 ibe->inbuf[3] = IPMI_CC_REQUEST_DATA_TRUNCATED; 288 ibe->inpos = 4; 289 } else if (ipmb_checksum(ibe->inbuf, ibe->inpos, 0) != 0) { 290 ipmi_debug("msg checksum failure\n"); 291 return; 292 } else { 293 ibe->inpos--; /* Remove checkum */ 294 } 295 296 timer_del(ibe->extern_timer); 297 ibe->waiting_rsp = false; 298 k->handle_rsp(ibe->parent.intf, ibe->inbuf[0], ibe->inbuf + 1, ibe->inpos - 1); 299 } 300 301 static int can_receive(void *opaque) 302 { 303 return 1; 304 } 305 306 static void receive(void *opaque, const uint8_t *buf, int size) 307 { 308 IPMIBmcExtern *ibe = opaque; 309 int i; 310 unsigned char hw_op; 311 312 for (i = 0; i < size; i++) { 313 unsigned char ch = buf[i]; 314 315 switch (ch) { 316 case VM_MSG_CHAR: 317 handle_msg(ibe); 318 ibe->in_too_many = false; 319 ibe->inpos = 0; 320 break; 321 322 case VM_CMD_CHAR: 323 if (ibe->in_too_many) { 324 ipmi_debug("cmd in too many\n"); 325 ibe->in_too_many = false; 326 ibe->inpos = 0; 327 break; 328 } 329 if (ibe->in_escape) { 330 ipmi_debug("cmd in escape\n"); 331 ibe->in_too_many = false; 332 ibe->inpos = 0; 333 ibe->in_escape = false; 334 break; 335 } 336 ibe->in_too_many = false; 337 if (ibe->inpos < 1) { 338 break; 339 } 340 hw_op = ibe->inbuf[0]; 341 ibe->inpos = 0; 342 goto out_hw_op; 343 break; 344 345 case VM_ESCAPE_CHAR: 346 ibe->in_escape = true; 347 break; 348 349 default: 350 if (ibe->in_escape) { 351 ch &= ~0x10; 352 ibe->in_escape = false; 353 } 354 if (ibe->in_too_many) { 355 break; 356 } 357 if (ibe->inpos >= sizeof(ibe->inbuf)) { 358 ibe->in_too_many = true; 359 break; 360 } 361 ibe->inbuf[ibe->inpos] = ch; 362 ibe->inpos++; 363 break; 364 } 365 } 366 return; 367 368 out_hw_op: 369 handle_hw_op(ibe, hw_op); 370 } 371 372 static void chr_event(void *opaque, int event) 373 { 374 IPMIBmcExtern *ibe = opaque; 375 IPMIInterface *s = ibe->parent.intf; 376 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 377 unsigned char v; 378 379 switch (event) { 380 case CHR_EVENT_OPENED: 381 ibe->connected = true; 382 ibe->outpos = 0; 383 ibe->outlen = 0; 384 addchar(ibe, VM_CMD_VERSION); 385 addchar(ibe, VM_PROTOCOL_VERSION); 386 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR; 387 ibe->outlen++; 388 addchar(ibe, VM_CMD_CAPABILITIES); 389 v = VM_CAPABILITIES_IRQ | VM_CAPABILITIES_ATTN; 390 if (k->do_hw_op(ibe->parent.intf, IPMI_POWEROFF_CHASSIS, 1) == 0) { 391 v |= VM_CAPABILITIES_POWER; 392 } 393 if (k->do_hw_op(ibe->parent.intf, IPMI_RESET_CHASSIS, 1) == 0) { 394 v |= VM_CAPABILITIES_RESET; 395 } 396 if (k->do_hw_op(ibe->parent.intf, IPMI_SEND_NMI, 1) == 0) { 397 v |= VM_CAPABILITIES_NMI; 398 } 399 addchar(ibe, v); 400 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR; 401 ibe->outlen++; 402 ibe->sending_cmd = false; 403 continue_send(ibe); 404 break; 405 406 case CHR_EVENT_CLOSED: 407 if (!ibe->connected) { 408 return; 409 } 410 ibe->connected = false; 411 if (ibe->waiting_rsp) { 412 ibe->waiting_rsp = false; 413 ibe->inbuf[1] = ibe->outbuf[1] | 0x04; 414 ibe->inbuf[2] = ibe->outbuf[2]; 415 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS; 416 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3); 417 } 418 break; 419 } 420 } 421 422 static void ipmi_bmc_extern_handle_reset(IPMIBmc *b) 423 { 424 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b); 425 426 ibe->send_reset = true; 427 continue_send(ibe); 428 } 429 430 static void ipmi_bmc_extern_realize(DeviceState *dev, Error **errp) 431 { 432 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(dev); 433 434 if (!ibe->chr) { 435 error_setg(errp, "IPMI external bmc requires chardev attribute"); 436 return; 437 } 438 439 qemu_chr_add_handlers(ibe->chr, can_receive, receive, chr_event, ibe); 440 } 441 442 static int ipmi_bmc_extern_post_migrate(void *opaque, int version_id) 443 { 444 IPMIBmcExtern *ibe = opaque; 445 446 /* 447 * We don't directly restore waiting_rsp, Instead, we return an 448 * error on the interface if a response was being waited for. 449 */ 450 if (ibe->waiting_rsp) { 451 IPMIInterface *ii = ibe->parent.intf; 452 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 453 454 ibe->waiting_rsp = false; 455 ibe->inbuf[1] = ibe->outbuf[1] | 0x04; 456 ibe->inbuf[2] = ibe->outbuf[2]; 457 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS; 458 iic->handle_rsp(ii, ibe->outbuf[0], ibe->inbuf + 1, 3); 459 } 460 return 0; 461 } 462 463 static const VMStateDescription vmstate_ipmi_bmc_extern = { 464 .name = TYPE_IPMI_BMC_EXTERN, 465 .version_id = 1, 466 .minimum_version_id = 1, 467 .post_load = ipmi_bmc_extern_post_migrate, 468 .fields = (VMStateField[]) { 469 VMSTATE_BOOL(send_reset, IPMIBmcExtern), 470 VMSTATE_BOOL(waiting_rsp, IPMIBmcExtern), 471 VMSTATE_END_OF_LIST() 472 } 473 }; 474 475 static void ipmi_bmc_extern_init(Object *obj) 476 { 477 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj); 478 479 ibe->extern_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, extern_timeout, ibe); 480 vmstate_register(NULL, 0, &vmstate_ipmi_bmc_extern, ibe); 481 } 482 483 static Property ipmi_bmc_extern_properties[] = { 484 DEFINE_PROP_CHR("chardev", IPMIBmcExtern, chr), 485 DEFINE_PROP_END_OF_LIST(), 486 }; 487 488 static void ipmi_bmc_extern_class_init(ObjectClass *oc, void *data) 489 { 490 DeviceClass *dc = DEVICE_CLASS(oc); 491 IPMIBmcClass *bk = IPMI_BMC_CLASS(oc); 492 493 bk->handle_command = ipmi_bmc_extern_handle_command; 494 bk->handle_reset = ipmi_bmc_extern_handle_reset; 495 dc->realize = ipmi_bmc_extern_realize; 496 dc->props = ipmi_bmc_extern_properties; 497 } 498 499 static const TypeInfo ipmi_bmc_extern_type = { 500 .name = TYPE_IPMI_BMC_EXTERN, 501 .parent = TYPE_IPMI_BMC, 502 .instance_size = sizeof(IPMIBmcExtern), 503 .instance_init = ipmi_bmc_extern_init, 504 .class_init = ipmi_bmc_extern_class_init, 505 }; 506 507 static void ipmi_bmc_extern_register_types(void) 508 { 509 type_register_static(&ipmi_bmc_extern_type); 510 } 511 512 type_init(ipmi_bmc_extern_register_types) 513