2 * IPMI BMC external connection
4 * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 * This is designed to connect with OpenIPMI's lanserv serial interface
27 * using the "VM" connection type. See that for details.
30 #include "qemu/osdep.h"
31 #include "qemu/error-report.h"
32 #include "qemu/module.h"
33 #include "qapi/error.h"
34 #include "qemu/timer.h"
35 #include "chardev/char-fe.h"
36 #include "hw/ipmi/ipmi.h"
37 #include "hw/qdev-properties.h"
38 #include "migration/vmstate.h"
40 #define VM_MSG_CHAR 0xA0 /* Marks end of message */
41 #define VM_CMD_CHAR 0xA1 /* Marks end of a command */
42 #define VM_ESCAPE_CHAR 0xAA /* Set bit 4 from the next byte to 0 */
44 #define VM_PROTOCOL_VERSION 1
45 #define VM_CMD_VERSION 0xff /* A version number byte follows */
46 #define VM_CMD_NOATTN 0x00
47 #define VM_CMD_ATTN 0x01
48 #define VM_CMD_ATTN_IRQ 0x02
49 #define VM_CMD_POWEROFF 0x03
50 #define VM_CMD_RESET 0x04
51 #define VM_CMD_ENABLE_IRQ 0x05 /* Enable/disable the messaging irq */
52 #define VM_CMD_DISABLE_IRQ 0x06
53 #define VM_CMD_SEND_NMI 0x07
54 #define VM_CMD_CAPABILITIES 0x08
55 #define VM_CAPABILITIES_POWER 0x01
56 #define VM_CAPABILITIES_RESET 0x02
57 #define VM_CAPABILITIES_IRQ 0x04
58 #define VM_CAPABILITIES_NMI 0x08
59 #define VM_CAPABILITIES_ATTN 0x10
60 #define VM_CAPABILITIES_GRACEFUL_SHUTDOWN 0x20
61 #define VM_CMD_GRACEFUL_SHUTDOWN 0x09
63 #define TYPE_IPMI_BMC_EXTERN "ipmi-bmc-extern"
64 #define IPMI_BMC_EXTERN(obj) OBJECT_CHECK(IPMIBmcExtern, (obj), \
66 typedef struct IPMIBmcExtern {
73 unsigned char inbuf[MAX_IPMI_MSG_SIZE + 2];
80 unsigned char outbuf[(MAX_IPMI_MSG_SIZE + 2) * 2 + 1];
84 struct QEMUTimer *extern_timer;
86 /* A reset event is pending to be sent upstream. */
90 static int can_receive(void *opaque);
91 static void receive(void *opaque, const uint8_t *buf, int size);
92 static void chr_event(void *opaque, int event);
95 ipmb_checksum(const unsigned char *data, int size, unsigned char start)
97 unsigned char csum = start;
99 for (; size > 0; size--, data++) {
105 static void continue_send(IPMIBmcExtern *ibe)
108 if (ibe->outlen == 0) {
112 ret = qemu_chr_fe_write(&ibe->chr, ibe->outbuf + ibe->outpos,
113 ibe->outlen - ibe->outpos);
117 if (ibe->outpos < ibe->outlen) {
118 /* Not fully transmitted, try again in a 10ms */
119 timer_mod_ns(ibe->extern_timer,
120 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 10000000);
125 if (!ibe->sending_cmd) {
126 ibe->waiting_rsp = true;
128 ibe->sending_cmd = false;
131 if (ibe->connected && ibe->send_reset) {
133 ibe->outbuf[0] = VM_CMD_RESET;
134 ibe->outbuf[1] = VM_CMD_CHAR;
137 ibe->send_reset = false;
138 ibe->sending_cmd = true;
142 if (ibe->waiting_rsp) {
143 /* Make sure we get a response within 4 seconds. */
144 timer_mod_ns(ibe->extern_timer,
145 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 4000000000ULL);
151 static void extern_timeout(void *opaque)
153 IPMIBmcExtern *ibe = opaque;
154 IPMIInterface *s = ibe->parent.intf;
156 if (ibe->connected) {
157 if (ibe->waiting_rsp && (ibe->outlen == 0)) {
158 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
159 /* The message response timed out, return an error. */
160 ibe->waiting_rsp = false;
161 ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
162 ibe->inbuf[2] = ibe->outbuf[2];
163 ibe->inbuf[3] = IPMI_CC_TIMEOUT;
164 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3);
171 static void addchar(IPMIBmcExtern *ibe, unsigned char ch)
177 ibe->outbuf[ibe->outlen] = VM_ESCAPE_CHAR;
183 ibe->outbuf[ibe->outlen] = ch;
188 static void ipmi_bmc_extern_handle_command(IPMIBmc *b,
189 uint8_t *cmd, unsigned int cmd_len,
190 unsigned int max_cmd_len,
193 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b);
194 IPMIInterface *s = ibe->parent.intf;
195 uint8_t err = 0, csum;
199 /* We already have a command queued. Shouldn't ever happen. */
200 error_report("IPMI KCS: Got command when not finished with the"
201 " previous command");
205 /* If it's too short or it was truncated, return an error. */
207 err = IPMI_CC_REQUEST_DATA_LENGTH_INVALID;
208 } else if ((cmd_len > max_cmd_len) || (cmd_len > MAX_IPMI_MSG_SIZE)) {
209 err = IPMI_CC_REQUEST_DATA_TRUNCATED;
210 } else if (!ibe->connected) {
211 err = IPMI_CC_BMC_INIT_IN_PROGRESS;
214 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
215 unsigned char rsp[3];
216 rsp[0] = cmd[0] | 0x04;
219 ibe->waiting_rsp = false;
220 k->handle_rsp(s, msg_id, rsp, 3);
224 addchar(ibe, msg_id);
225 for (i = 0; i < cmd_len; i++) {
226 addchar(ibe, cmd[i]);
228 csum = ipmb_checksum(&msg_id, 1, 0);
229 addchar(ibe, -ipmb_checksum(cmd, cmd_len, csum));
231 ibe->outbuf[ibe->outlen] = VM_MSG_CHAR;
234 /* Start the transmit */
241 static void handle_hw_op(IPMIBmcExtern *ibe, unsigned char hw_op)
243 IPMIInterface *s = ibe->parent.intf;
244 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
248 /* We only support one version at this time. */
259 case VM_CMD_ATTN_IRQ:
263 case VM_CMD_POWEROFF:
264 k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0);
268 k->do_hw_op(s, IPMI_RESET_CHASSIS, 0);
271 case VM_CMD_ENABLE_IRQ:
272 k->set_irq_enable(s, 1);
275 case VM_CMD_DISABLE_IRQ:
276 k->set_irq_enable(s, 0);
279 case VM_CMD_SEND_NMI:
280 k->do_hw_op(s, IPMI_SEND_NMI, 0);
283 case VM_CMD_GRACEFUL_SHUTDOWN:
284 k->do_hw_op(s, IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 0);
289 static void handle_msg(IPMIBmcExtern *ibe)
291 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(ibe->parent.intf);
293 if (ibe->in_escape) {
294 ipmi_debug("msg escape not ended\n");
297 if (ibe->inpos < 5) {
298 ipmi_debug("msg too short\n");
301 if (ibe->in_too_many) {
302 ibe->inbuf[3] = IPMI_CC_REQUEST_DATA_TRUNCATED;
304 } else if (ipmb_checksum(ibe->inbuf, ibe->inpos, 0) != 0) {
305 ipmi_debug("msg checksum failure\n");
308 ibe->inpos--; /* Remove checkum */
311 timer_del(ibe->extern_timer);
312 ibe->waiting_rsp = false;
313 k->handle_rsp(ibe->parent.intf, ibe->inbuf[0], ibe->inbuf + 1, ibe->inpos - 1);
316 static int can_receive(void *opaque)
321 static void receive(void *opaque, const uint8_t *buf, int size)
323 IPMIBmcExtern *ibe = opaque;
327 for (i = 0; i < size; i++) {
328 unsigned char ch = buf[i];
333 ibe->in_too_many = false;
338 if (ibe->in_too_many) {
339 ipmi_debug("cmd in too many\n");
340 ibe->in_too_many = false;
344 if (ibe->in_escape) {
345 ipmi_debug("cmd in escape\n");
346 ibe->in_too_many = false;
348 ibe->in_escape = false;
351 ibe->in_too_many = false;
352 if (ibe->inpos < 1) {
355 hw_op = ibe->inbuf[0];
361 ibe->in_escape = true;
365 if (ibe->in_escape) {
367 ibe->in_escape = false;
369 if (ibe->in_too_many) {
372 if (ibe->inpos >= sizeof(ibe->inbuf)) {
373 ibe->in_too_many = true;
376 ibe->inbuf[ibe->inpos] = ch;
384 handle_hw_op(ibe, hw_op);
387 static void chr_event(void *opaque, int event)
389 IPMIBmcExtern *ibe = opaque;
390 IPMIInterface *s = ibe->parent.intf;
391 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
395 case CHR_EVENT_OPENED:
396 ibe->connected = true;
399 addchar(ibe, VM_CMD_VERSION);
400 addchar(ibe, VM_PROTOCOL_VERSION);
401 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR;
403 addchar(ibe, VM_CMD_CAPABILITIES);
404 v = VM_CAPABILITIES_IRQ | VM_CAPABILITIES_ATTN;
405 if (k->do_hw_op(ibe->parent.intf, IPMI_POWEROFF_CHASSIS, 1) == 0) {
406 v |= VM_CAPABILITIES_POWER;
408 if (k->do_hw_op(ibe->parent.intf, IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 1)
410 v |= VM_CAPABILITIES_GRACEFUL_SHUTDOWN;
412 if (k->do_hw_op(ibe->parent.intf, IPMI_RESET_CHASSIS, 1) == 0) {
413 v |= VM_CAPABILITIES_RESET;
415 if (k->do_hw_op(ibe->parent.intf, IPMI_SEND_NMI, 1) == 0) {
416 v |= VM_CAPABILITIES_NMI;
419 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR;
421 ibe->sending_cmd = false;
425 case CHR_EVENT_CLOSED:
426 if (!ibe->connected) {
429 ibe->connected = false;
431 * Don't hang the OS trying to handle the ATN bit, other end will
432 * resend on a reconnect.
435 if (ibe->waiting_rsp) {
436 ibe->waiting_rsp = false;
437 ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
438 ibe->inbuf[2] = ibe->outbuf[2];
439 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS;
440 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3);
446 static void ipmi_bmc_extern_handle_reset(IPMIBmc *b)
448 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b);
450 ibe->send_reset = true;
454 static void ipmi_bmc_extern_realize(DeviceState *dev, Error **errp)
456 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(dev);
458 if (!qemu_chr_fe_backend_connected(&ibe->chr)) {
459 error_setg(errp, "IPMI external bmc requires chardev attribute");
463 qemu_chr_fe_set_handlers(&ibe->chr, can_receive, receive,
464 chr_event, NULL, ibe, NULL, true);
467 static int ipmi_bmc_extern_post_migrate(void *opaque, int version_id)
469 IPMIBmcExtern *ibe = opaque;
472 * We don't directly restore waiting_rsp, Instead, we return an
473 * error on the interface if a response was being waited for.
475 if (ibe->waiting_rsp) {
476 IPMIInterface *ii = ibe->parent.intf;
477 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
479 ibe->waiting_rsp = false;
480 ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
481 ibe->inbuf[2] = ibe->outbuf[2];
482 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS;
483 iic->handle_rsp(ii, ibe->outbuf[0], ibe->inbuf + 1, 3);
488 static const VMStateDescription vmstate_ipmi_bmc_extern = {
489 .name = TYPE_IPMI_BMC_EXTERN,
491 .minimum_version_id = 1,
492 .post_load = ipmi_bmc_extern_post_migrate,
493 .fields = (VMStateField[]) {
494 VMSTATE_BOOL(send_reset, IPMIBmcExtern),
495 VMSTATE_BOOL(waiting_rsp, IPMIBmcExtern),
496 VMSTATE_END_OF_LIST()
500 static void ipmi_bmc_extern_init(Object *obj)
502 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj);
504 ibe->extern_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, extern_timeout, ibe);
505 vmstate_register(NULL, 0, &vmstate_ipmi_bmc_extern, ibe);
508 static void ipmi_bmc_extern_finalize(Object *obj)
510 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj);
512 timer_del(ibe->extern_timer);
513 timer_free(ibe->extern_timer);
516 static Property ipmi_bmc_extern_properties[] = {
517 DEFINE_PROP_CHR("chardev", IPMIBmcExtern, chr),
518 DEFINE_PROP_END_OF_LIST(),
521 static void ipmi_bmc_extern_class_init(ObjectClass *oc, void *data)
523 DeviceClass *dc = DEVICE_CLASS(oc);
524 IPMIBmcClass *bk = IPMI_BMC_CLASS(oc);
526 bk->handle_command = ipmi_bmc_extern_handle_command;
527 bk->handle_reset = ipmi_bmc_extern_handle_reset;
528 dc->hotpluggable = false;
529 dc->realize = ipmi_bmc_extern_realize;
530 dc->props = ipmi_bmc_extern_properties;
533 static const TypeInfo ipmi_bmc_extern_type = {
534 .name = TYPE_IPMI_BMC_EXTERN,
535 .parent = TYPE_IPMI_BMC,
536 .instance_size = sizeof(IPMIBmcExtern),
537 .instance_init = ipmi_bmc_extern_init,
538 .instance_finalize = ipmi_bmc_extern_finalize,
539 .class_init = ipmi_bmc_extern_class_init,
542 static void ipmi_bmc_extern_register_types(void)
544 type_register_static(&ipmi_bmc_extern_type);
547 type_init(ipmi_bmc_extern_register_types)