1 /*
2 * IPMI BMC external connection
3 *
4 * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 /*
26 * This is designed to connect with OpenIPMI's lanserv serial interface
27 * using the "VM" connection type. See that for details.
28 */
29
30 #include "qemu/osdep.h"
31 #include "qemu/error-report.h"
32 #include "qapi/error.h"
33 #include "qemu/timer.h"
34 #include "chardev/char-fe.h"
35 #include "sysemu/sysemu.h"
36 #include "hw/ipmi/ipmi.h"
37
38 #define VM_MSG_CHAR 0xA0 /* Marks end of message */
39 #define VM_CMD_CHAR 0xA1 /* Marks end of a command */
40 #define VM_ESCAPE_CHAR 0xAA /* Set bit 4 from the next byte to 0 */
41
42 #define VM_PROTOCOL_VERSION 1
43 #define VM_CMD_VERSION 0xff /* A version number byte follows */
44 #define VM_CMD_NOATTN 0x00
45 #define VM_CMD_ATTN 0x01
46 #define VM_CMD_ATTN_IRQ 0x02
47 #define VM_CMD_POWEROFF 0x03
48 #define VM_CMD_RESET 0x04
49 #define VM_CMD_ENABLE_IRQ 0x05 /* Enable/disable the messaging irq */
50 #define VM_CMD_DISABLE_IRQ 0x06
51 #define VM_CMD_SEND_NMI 0x07
52 #define VM_CMD_CAPABILITIES 0x08
53 #define VM_CAPABILITIES_POWER 0x01
54 #define VM_CAPABILITIES_RESET 0x02
55 #define VM_CAPABILITIES_IRQ 0x04
56 #define VM_CAPABILITIES_NMI 0x08
57 #define VM_CAPABILITIES_ATTN 0x10
58 #define VM_CAPABILITIES_GRACEFUL_SHUTDOWN 0x20
59 #define VM_CMD_GRACEFUL_SHUTDOWN 0x09
60
61 #define TYPE_IPMI_BMC_EXTERN "ipmi-bmc-extern"
62 #define IPMI_BMC_EXTERN(obj) OBJECT_CHECK(IPMIBmcExtern, (obj), \
63 TYPE_IPMI_BMC_EXTERN)
64 typedef struct IPMIBmcExtern {
65 IPMIBmc parent;
66
67 CharBackend chr;
68
69 bool connected;
70
71 unsigned char inbuf[MAX_IPMI_MSG_SIZE + 2];
72 unsigned int inpos;
73 bool in_escape;
74 bool in_too_many;
75 bool waiting_rsp;
76 bool sending_cmd;
77
78 unsigned char outbuf[(MAX_IPMI_MSG_SIZE + 2) * 2 + 1];
79 unsigned int outpos;
80 unsigned int outlen;
81
82 struct QEMUTimer *extern_timer;
83
84 /* A reset event is pending to be sent upstream. */
85 bool send_reset;
86 } IPMIBmcExtern;
87
88 static int can_receive(void *opaque);
89 static void receive(void *opaque, const uint8_t *buf, int size);
90 static void chr_event(void *opaque, int event);
91
92 static unsigned char
ipmb_checksum(const unsigned char * data,int size,unsigned char start)93 ipmb_checksum(const unsigned char *data, int size, unsigned char start)
94 {
95 unsigned char csum = start;
96
97 for (; size > 0; size--, data++) {
98 csum += *data;
99 }
100 return csum;
101 }
102
continue_send(IPMIBmcExtern * ibe)103 static void continue_send(IPMIBmcExtern *ibe)
104 {
105 int ret;
106 if (ibe->outlen == 0) {
107 goto check_reset;
108 }
109 send:
110 ret = qemu_chr_fe_write(&ibe->chr, ibe->outbuf + ibe->outpos,
111 ibe->outlen - ibe->outpos);
112 if (ret > 0) {
113 ibe->outpos += ret;
114 }
115 if (ibe->outpos < ibe->outlen) {
116 /* Not fully transmitted, try again in a 10ms */
117 timer_mod_ns(ibe->extern_timer,
118 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 10000000);
119 } else {
120 /* Sent */
121 ibe->outlen = 0;
122 ibe->outpos = 0;
123 if (!ibe->sending_cmd) {
124 ibe->waiting_rsp = true;
125 } else {
126 ibe->sending_cmd = false;
127 }
128 check_reset:
129 if (ibe->connected && ibe->send_reset) {
130 /* Send the reset */
131 ibe->outbuf[0] = VM_CMD_RESET;
132 ibe->outbuf[1] = VM_CMD_CHAR;
133 ibe->outlen = 2;
134 ibe->outpos = 0;
135 ibe->send_reset = false;
136 ibe->sending_cmd = true;
137 goto send;
138 }
139
140 if (ibe->waiting_rsp) {
141 /* Make sure we get a response within 4 seconds. */
142 timer_mod_ns(ibe->extern_timer,
143 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 4000000000ULL);
144 }
145 }
146 return;
147 }
148
extern_timeout(void * opaque)149 static void extern_timeout(void *opaque)
150 {
151 IPMIBmcExtern *ibe = opaque;
152 IPMIInterface *s = ibe->parent.intf;
153
154 if (ibe->connected) {
155 if (ibe->waiting_rsp && (ibe->outlen == 0)) {
156 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
157 /* The message response timed out, return an error. */
158 ibe->waiting_rsp = false;
159 ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
160 ibe->inbuf[2] = ibe->outbuf[2];
161 ibe->inbuf[3] = IPMI_CC_TIMEOUT;
162 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3);
163 } else {
164 continue_send(ibe);
165 }
166 }
167 }
168
addchar(IPMIBmcExtern * ibe,unsigned char ch)169 static void addchar(IPMIBmcExtern *ibe, unsigned char ch)
170 {
171 switch (ch) {
172 case VM_MSG_CHAR:
173 case VM_CMD_CHAR:
174 case VM_ESCAPE_CHAR:
175 ibe->outbuf[ibe->outlen] = VM_ESCAPE_CHAR;
176 ibe->outlen++;
177 ch |= 0x10;
178 /* No break */
179
180 default:
181 ibe->outbuf[ibe->outlen] = ch;
182 ibe->outlen++;
183 }
184 }
185
ipmi_bmc_extern_handle_command(IPMIBmc * b,uint8_t * cmd,unsigned int cmd_len,unsigned int max_cmd_len,uint8_t msg_id)186 static void ipmi_bmc_extern_handle_command(IPMIBmc *b,
187 uint8_t *cmd, unsigned int cmd_len,
188 unsigned int max_cmd_len,
189 uint8_t msg_id)
190 {
191 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b);
192 IPMIInterface *s = ibe->parent.intf;
193 uint8_t err = 0, csum;
194 unsigned int i;
195
196 if (ibe->outlen) {
197 /* We already have a command queued. Shouldn't ever happen. */
198 error_report("IPMI KCS: Got command when not finished with the"
199 " previous command");
200 abort();
201 }
202
203 /* If it's too short or it was truncated, return an error. */
204 if (cmd_len < 2) {
205 err = IPMI_CC_REQUEST_DATA_LENGTH_INVALID;
206 } else if ((cmd_len > max_cmd_len) || (cmd_len > MAX_IPMI_MSG_SIZE)) {
207 err = IPMI_CC_REQUEST_DATA_TRUNCATED;
208 } else if (!ibe->connected) {
209 err = IPMI_CC_BMC_INIT_IN_PROGRESS;
210 }
211 if (err) {
212 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
213 unsigned char rsp[3];
214 rsp[0] = cmd[0] | 0x04;
215 rsp[1] = cmd[1];
216 rsp[2] = err;
217 ibe->waiting_rsp = false;
218 k->handle_rsp(s, msg_id, rsp, 3);
219 goto out;
220 }
221
222 addchar(ibe, msg_id);
223 for (i = 0; i < cmd_len; i++) {
224 addchar(ibe, cmd[i]);
225 }
226 csum = ipmb_checksum(&msg_id, 1, 0);
227 addchar(ibe, -ipmb_checksum(cmd, cmd_len, csum));
228
229 ibe->outbuf[ibe->outlen] = VM_MSG_CHAR;
230 ibe->outlen++;
231
232 /* Start the transmit */
233 continue_send(ibe);
234
235 out:
236 return;
237 }
238
handle_hw_op(IPMIBmcExtern * ibe,unsigned char hw_op)239 static void handle_hw_op(IPMIBmcExtern *ibe, unsigned char hw_op)
240 {
241 IPMIInterface *s = ibe->parent.intf;
242 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
243
244 switch (hw_op) {
245 case VM_CMD_VERSION:
246 /* We only support one version at this time. */
247 break;
248
249 case VM_CMD_NOATTN:
250 k->set_atn(s, 0, 0);
251 break;
252
253 case VM_CMD_ATTN:
254 k->set_atn(s, 1, 0);
255 break;
256
257 case VM_CMD_ATTN_IRQ:
258 k->set_atn(s, 1, 1);
259 break;
260
261 case VM_CMD_POWEROFF:
262 k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0);
263 break;
264
265 case VM_CMD_RESET:
266 k->do_hw_op(s, IPMI_RESET_CHASSIS, 0);
267 break;
268
269 case VM_CMD_ENABLE_IRQ:
270 k->set_irq_enable(s, 1);
271 break;
272
273 case VM_CMD_DISABLE_IRQ:
274 k->set_irq_enable(s, 0);
275 break;
276
277 case VM_CMD_SEND_NMI:
278 k->do_hw_op(s, IPMI_SEND_NMI, 0);
279 break;
280
281 case VM_CMD_GRACEFUL_SHUTDOWN:
282 k->do_hw_op(s, IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 0);
283 break;
284 }
285 }
286
handle_msg(IPMIBmcExtern * ibe)287 static void handle_msg(IPMIBmcExtern *ibe)
288 {
289 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(ibe->parent.intf);
290
291 if (ibe->in_escape) {
292 ipmi_debug("msg escape not ended\n");
293 return;
294 }
295 if (ibe->inpos < 5) {
296 ipmi_debug("msg too short\n");
297 return;
298 }
299 if (ibe->in_too_many) {
300 ibe->inbuf[3] = IPMI_CC_REQUEST_DATA_TRUNCATED;
301 ibe->inpos = 4;
302 } else if (ipmb_checksum(ibe->inbuf, ibe->inpos, 0) != 0) {
303 ipmi_debug("msg checksum failure\n");
304 return;
305 } else {
306 ibe->inpos--; /* Remove checkum */
307 }
308
309 timer_del(ibe->extern_timer);
310 ibe->waiting_rsp = false;
311 k->handle_rsp(ibe->parent.intf, ibe->inbuf[0], ibe->inbuf + 1, ibe->inpos - 1);
312 }
313
can_receive(void * opaque)314 static int can_receive(void *opaque)
315 {
316 return 1;
317 }
318
receive(void * opaque,const uint8_t * buf,int size)319 static void receive(void *opaque, const uint8_t *buf, int size)
320 {
321 IPMIBmcExtern *ibe = opaque;
322 int i;
323 unsigned char hw_op;
324
325 for (i = 0; i < size; i++) {
326 unsigned char ch = buf[i];
327
328 switch (ch) {
329 case VM_MSG_CHAR:
330 handle_msg(ibe);
331 ibe->in_too_many = false;
332 ibe->inpos = 0;
333 break;
334
335 case VM_CMD_CHAR:
336 if (ibe->in_too_many) {
337 ipmi_debug("cmd in too many\n");
338 ibe->in_too_many = false;
339 ibe->inpos = 0;
340 break;
341 }
342 if (ibe->in_escape) {
343 ipmi_debug("cmd in escape\n");
344 ibe->in_too_many = false;
345 ibe->inpos = 0;
346 ibe->in_escape = false;
347 break;
348 }
349 ibe->in_too_many = false;
350 if (ibe->inpos < 1) {
351 break;
352 }
353 hw_op = ibe->inbuf[0];
354 ibe->inpos = 0;
355 goto out_hw_op;
356 break;
357
358 case VM_ESCAPE_CHAR:
359 ibe->in_escape = true;
360 break;
361
362 default:
363 if (ibe->in_escape) {
364 ch &= ~0x10;
365 ibe->in_escape = false;
366 }
367 if (ibe->in_too_many) {
368 break;
369 }
370 if (ibe->inpos >= sizeof(ibe->inbuf)) {
371 ibe->in_too_many = true;
372 break;
373 }
374 ibe->inbuf[ibe->inpos] = ch;
375 ibe->inpos++;
376 break;
377 }
378 }
379 return;
380
381 out_hw_op:
382 handle_hw_op(ibe, hw_op);
383 }
384
chr_event(void * opaque,int event)385 static void chr_event(void *opaque, int event)
386 {
387 IPMIBmcExtern *ibe = opaque;
388 IPMIInterface *s = ibe->parent.intf;
389 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
390 unsigned char v;
391
392 switch (event) {
393 case CHR_EVENT_OPENED:
394 ibe->connected = true;
395 ibe->outpos = 0;
396 ibe->outlen = 0;
397 addchar(ibe, VM_CMD_VERSION);
398 addchar(ibe, VM_PROTOCOL_VERSION);
399 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR;
400 ibe->outlen++;
401 addchar(ibe, VM_CMD_CAPABILITIES);
402 v = VM_CAPABILITIES_IRQ | VM_CAPABILITIES_ATTN;
403 if (k->do_hw_op(ibe->parent.intf, IPMI_POWEROFF_CHASSIS, 1) == 0) {
404 v |= VM_CAPABILITIES_POWER;
405 }
406 if (k->do_hw_op(ibe->parent.intf, IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 1)
407 == 0) {
408 v |= VM_CAPABILITIES_GRACEFUL_SHUTDOWN;
409 }
410 if (k->do_hw_op(ibe->parent.intf, IPMI_RESET_CHASSIS, 1) == 0) {
411 v |= VM_CAPABILITIES_RESET;
412 }
413 if (k->do_hw_op(ibe->parent.intf, IPMI_SEND_NMI, 1) == 0) {
414 v |= VM_CAPABILITIES_NMI;
415 }
416 addchar(ibe, v);
417 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR;
418 ibe->outlen++;
419 ibe->sending_cmd = false;
420 continue_send(ibe);
421 break;
422
423 case CHR_EVENT_CLOSED:
424 if (!ibe->connected) {
425 return;
426 }
427 ibe->connected = false;
428 /*
429 * Don't hang the OS trying to handle the ATN bit, other end will
430 * resend on a reconnect.
431 */
432 k->set_atn(s, 0, 0);
433 if (ibe->waiting_rsp) {
434 ibe->waiting_rsp = false;
435 ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
436 ibe->inbuf[2] = ibe->outbuf[2];
437 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS;
438 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3);
439 }
440 break;
441 }
442 }
443
ipmi_bmc_extern_handle_reset(IPMIBmc * b)444 static void ipmi_bmc_extern_handle_reset(IPMIBmc *b)
445 {
446 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b);
447
448 ibe->send_reset = true;
449 continue_send(ibe);
450 }
451
ipmi_bmc_extern_realize(DeviceState * dev,Error ** errp)452 static void ipmi_bmc_extern_realize(DeviceState *dev, Error **errp)
453 {
454 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(dev);
455
456 if (!qemu_chr_fe_backend_connected(&ibe->chr)) {
457 error_setg(errp, "IPMI external bmc requires chardev attribute");
458 return;
459 }
460
461 qemu_chr_fe_set_handlers(&ibe->chr, can_receive, receive,
462 chr_event, NULL, ibe, NULL, true);
463 }
464
ipmi_bmc_extern_post_migrate(void * opaque,int version_id)465 static int ipmi_bmc_extern_post_migrate(void *opaque, int version_id)
466 {
467 IPMIBmcExtern *ibe = opaque;
468
469 /*
470 * We don't directly restore waiting_rsp, Instead, we return an
471 * error on the interface if a response was being waited for.
472 */
473 if (ibe->waiting_rsp) {
474 IPMIInterface *ii = ibe->parent.intf;
475 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
476
477 ibe->waiting_rsp = false;
478 ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
479 ibe->inbuf[2] = ibe->outbuf[2];
480 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS;
481 iic->handle_rsp(ii, ibe->outbuf[0], ibe->inbuf + 1, 3);
482 }
483 return 0;
484 }
485
486 static const VMStateDescription vmstate_ipmi_bmc_extern = {
487 .name = TYPE_IPMI_BMC_EXTERN,
488 .version_id = 1,
489 .minimum_version_id = 1,
490 .post_load = ipmi_bmc_extern_post_migrate,
491 .fields = (VMStateField[]) {
492 VMSTATE_BOOL(send_reset, IPMIBmcExtern),
493 VMSTATE_BOOL(waiting_rsp, IPMIBmcExtern),
494 VMSTATE_END_OF_LIST()
495 }
496 };
497
ipmi_bmc_extern_init(Object * obj)498 static void ipmi_bmc_extern_init(Object *obj)
499 {
500 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj);
501
502 ibe->extern_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, extern_timeout, ibe);
503 vmstate_register(NULL, 0, &vmstate_ipmi_bmc_extern, ibe);
504 }
505
ipmi_bmc_extern_finalize(Object * obj)506 static void ipmi_bmc_extern_finalize(Object *obj)
507 {
508 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj);
509
510 timer_del(ibe->extern_timer);
511 timer_free(ibe->extern_timer);
512 }
513
514 static Property ipmi_bmc_extern_properties[] = {
515 DEFINE_PROP_CHR("chardev", IPMIBmcExtern, chr),
516 DEFINE_PROP_END_OF_LIST(),
517 };
518
ipmi_bmc_extern_class_init(ObjectClass * oc,void * data)519 static void ipmi_bmc_extern_class_init(ObjectClass *oc, void *data)
520 {
521 DeviceClass *dc = DEVICE_CLASS(oc);
522 IPMIBmcClass *bk = IPMI_BMC_CLASS(oc);
523
524 bk->handle_command = ipmi_bmc_extern_handle_command;
525 bk->handle_reset = ipmi_bmc_extern_handle_reset;
526 dc->hotpluggable = false;
527 dc->realize = ipmi_bmc_extern_realize;
528 dc->props = ipmi_bmc_extern_properties;
529 }
530
531 static const TypeInfo ipmi_bmc_extern_type = {
532 .name = TYPE_IPMI_BMC_EXTERN,
533 .parent = TYPE_IPMI_BMC,
534 .instance_size = sizeof(IPMIBmcExtern),
535 .instance_init = ipmi_bmc_extern_init,
536 .instance_finalize = ipmi_bmc_extern_finalize,
537 .class_init = ipmi_bmc_extern_class_init,
538 };
539
ipmi_bmc_extern_register_types(void)540 static void ipmi_bmc_extern_register_types(void)
541 {
542 type_register_static(&ipmi_bmc_extern_type);
543 }
544
545 type_init(ipmi_bmc_extern_register_types)
546