1 /* 2 * IPMI BMC external connection 3 * 4 * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 /* 26 * This is designed to connect with OpenIPMI's lanserv serial interface 27 * using the "VM" connection type. See that for details. 28 */ 29 30 #include "qemu/osdep.h" 31 #include "qapi/error.h" 32 #include "qemu/timer.h" 33 #include "chardev/char-fe.h" 34 #include "sysemu/sysemu.h" 35 #include "hw/ipmi/ipmi.h" 36 37 #define VM_MSG_CHAR 0xA0 /* Marks end of message */ 38 #define VM_CMD_CHAR 0xA1 /* Marks end of a command */ 39 #define VM_ESCAPE_CHAR 0xAA /* Set bit 4 from the next byte to 0 */ 40 41 #define VM_PROTOCOL_VERSION 1 42 #define VM_CMD_VERSION 0xff /* A version number byte follows */ 43 #define VM_CMD_NOATTN 0x00 44 #define VM_CMD_ATTN 0x01 45 #define VM_CMD_ATTN_IRQ 0x02 46 #define VM_CMD_POWEROFF 0x03 47 #define VM_CMD_RESET 0x04 48 #define VM_CMD_ENABLE_IRQ 0x05 /* Enable/disable the messaging irq */ 49 #define VM_CMD_DISABLE_IRQ 0x06 50 #define VM_CMD_SEND_NMI 0x07 51 #define VM_CMD_CAPABILITIES 0x08 52 #define VM_CAPABILITIES_POWER 0x01 53 #define VM_CAPABILITIES_RESET 0x02 54 #define VM_CAPABILITIES_IRQ 0x04 55 #define VM_CAPABILITIES_NMI 0x08 56 #define VM_CAPABILITIES_ATTN 0x10 57 #define VM_CAPABILITIES_GRACEFUL_SHUTDOWN 0x20 58 #define VM_CMD_GRACEFUL_SHUTDOWN 0x09 59 60 #define TYPE_IPMI_BMC_EXTERN "ipmi-bmc-extern" 61 #define IPMI_BMC_EXTERN(obj) OBJECT_CHECK(IPMIBmcExtern, (obj), \ 62 TYPE_IPMI_BMC_EXTERN) 63 typedef struct IPMIBmcExtern { 64 IPMIBmc parent; 65 66 CharBackend chr; 67 68 bool connected; 69 70 unsigned char inbuf[MAX_IPMI_MSG_SIZE + 2]; 71 unsigned int inpos; 72 bool in_escape; 73 bool in_too_many; 74 bool waiting_rsp; 75 bool sending_cmd; 76 77 unsigned char outbuf[(MAX_IPMI_MSG_SIZE + 2) * 2 + 1]; 78 unsigned int outpos; 79 unsigned int outlen; 80 81 struct QEMUTimer *extern_timer; 82 83 /* A reset event is pending to be sent upstream. */ 84 bool send_reset; 85 } IPMIBmcExtern; 86 87 static int can_receive(void *opaque); 88 static void receive(void *opaque, const uint8_t *buf, int size); 89 static void chr_event(void *opaque, int event); 90 91 static unsigned char 92 ipmb_checksum(const unsigned char *data, int size, unsigned char start) 93 { 94 unsigned char csum = start; 95 96 for (; size > 0; size--, data++) { 97 csum += *data; 98 } 99 return csum; 100 } 101 102 static void continue_send(IPMIBmcExtern *ibe) 103 { 104 int ret; 105 if (ibe->outlen == 0) { 106 goto check_reset; 107 } 108 send: 109 ret = qemu_chr_fe_write(&ibe->chr, ibe->outbuf + ibe->outpos, 110 ibe->outlen - ibe->outpos); 111 if (ret > 0) { 112 ibe->outpos += ret; 113 } 114 if (ibe->outpos < ibe->outlen) { 115 /* Not fully transmitted, try again in a 10ms */ 116 timer_mod_ns(ibe->extern_timer, 117 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 10000000); 118 } else { 119 /* Sent */ 120 ibe->outlen = 0; 121 ibe->outpos = 0; 122 if (!ibe->sending_cmd) { 123 ibe->waiting_rsp = true; 124 } else { 125 ibe->sending_cmd = false; 126 } 127 check_reset: 128 if (ibe->connected && ibe->send_reset) { 129 /* Send the reset */ 130 ibe->outbuf[0] = VM_CMD_RESET; 131 ibe->outbuf[1] = VM_CMD_CHAR; 132 ibe->outlen = 2; 133 ibe->outpos = 0; 134 ibe->send_reset = false; 135 ibe->sending_cmd = true; 136 goto send; 137 } 138 139 if (ibe->waiting_rsp) { 140 /* Make sure we get a response within 4 seconds. */ 141 timer_mod_ns(ibe->extern_timer, 142 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 4000000000ULL); 143 } 144 } 145 return; 146 } 147 148 static void extern_timeout(void *opaque) 149 { 150 IPMIBmcExtern *ibe = opaque; 151 IPMIInterface *s = ibe->parent.intf; 152 153 if (ibe->connected) { 154 if (ibe->waiting_rsp && (ibe->outlen == 0)) { 155 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 156 /* The message response timed out, return an error. */ 157 ibe->waiting_rsp = false; 158 ibe->inbuf[1] = ibe->outbuf[1] | 0x04; 159 ibe->inbuf[2] = ibe->outbuf[2]; 160 ibe->inbuf[3] = IPMI_CC_TIMEOUT; 161 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3); 162 } else { 163 continue_send(ibe); 164 } 165 } 166 } 167 168 static void addchar(IPMIBmcExtern *ibe, unsigned char ch) 169 { 170 switch (ch) { 171 case VM_MSG_CHAR: 172 case VM_CMD_CHAR: 173 case VM_ESCAPE_CHAR: 174 ibe->outbuf[ibe->outlen] = VM_ESCAPE_CHAR; 175 ibe->outlen++; 176 ch |= 0x10; 177 /* No break */ 178 179 default: 180 ibe->outbuf[ibe->outlen] = ch; 181 ibe->outlen++; 182 } 183 } 184 185 static void ipmi_bmc_extern_handle_command(IPMIBmc *b, 186 uint8_t *cmd, unsigned int cmd_len, 187 unsigned int max_cmd_len, 188 uint8_t msg_id) 189 { 190 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b); 191 IPMIInterface *s = ibe->parent.intf; 192 uint8_t err = 0, csum; 193 unsigned int i; 194 195 if (ibe->outlen) { 196 /* We already have a command queued. Shouldn't ever happen. */ 197 fprintf(stderr, "IPMI KCS: Got command when not finished with the" 198 " previous command\n"); 199 abort(); 200 } 201 202 /* If it's too short or it was truncated, return an error. */ 203 if (cmd_len < 2) { 204 err = IPMI_CC_REQUEST_DATA_LENGTH_INVALID; 205 } else if ((cmd_len > max_cmd_len) || (cmd_len > MAX_IPMI_MSG_SIZE)) { 206 err = IPMI_CC_REQUEST_DATA_TRUNCATED; 207 } else if (!ibe->connected) { 208 err = IPMI_CC_BMC_INIT_IN_PROGRESS; 209 } 210 if (err) { 211 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 212 unsigned char rsp[3]; 213 rsp[0] = cmd[0] | 0x04; 214 rsp[1] = cmd[1]; 215 rsp[2] = err; 216 ibe->waiting_rsp = false; 217 k->handle_rsp(s, msg_id, rsp, 3); 218 goto out; 219 } 220 221 addchar(ibe, msg_id); 222 for (i = 0; i < cmd_len; i++) { 223 addchar(ibe, cmd[i]); 224 } 225 csum = ipmb_checksum(&msg_id, 1, 0); 226 addchar(ibe, -ipmb_checksum(cmd, cmd_len, csum)); 227 228 ibe->outbuf[ibe->outlen] = VM_MSG_CHAR; 229 ibe->outlen++; 230 231 /* Start the transmit */ 232 continue_send(ibe); 233 234 out: 235 return; 236 } 237 238 static void handle_hw_op(IPMIBmcExtern *ibe, unsigned char hw_op) 239 { 240 IPMIInterface *s = ibe->parent.intf; 241 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 242 243 switch (hw_op) { 244 case VM_CMD_VERSION: 245 /* We only support one version at this time. */ 246 break; 247 248 case VM_CMD_NOATTN: 249 k->set_atn(s, 0, 0); 250 break; 251 252 case VM_CMD_ATTN: 253 k->set_atn(s, 1, 0); 254 break; 255 256 case VM_CMD_ATTN_IRQ: 257 k->set_atn(s, 1, 1); 258 break; 259 260 case VM_CMD_POWEROFF: 261 k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0); 262 break; 263 264 case VM_CMD_RESET: 265 k->do_hw_op(s, IPMI_RESET_CHASSIS, 0); 266 break; 267 268 case VM_CMD_ENABLE_IRQ: 269 k->set_irq_enable(s, 1); 270 break; 271 272 case VM_CMD_DISABLE_IRQ: 273 k->set_irq_enable(s, 0); 274 break; 275 276 case VM_CMD_SEND_NMI: 277 k->do_hw_op(s, IPMI_SEND_NMI, 0); 278 break; 279 280 case VM_CMD_GRACEFUL_SHUTDOWN: 281 k->do_hw_op(s, IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 0); 282 break; 283 } 284 } 285 286 static void handle_msg(IPMIBmcExtern *ibe) 287 { 288 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(ibe->parent.intf); 289 290 if (ibe->in_escape) { 291 ipmi_debug("msg escape not ended\n"); 292 return; 293 } 294 if (ibe->inpos < 5) { 295 ipmi_debug("msg too short\n"); 296 return; 297 } 298 if (ibe->in_too_many) { 299 ibe->inbuf[3] = IPMI_CC_REQUEST_DATA_TRUNCATED; 300 ibe->inpos = 4; 301 } else if (ipmb_checksum(ibe->inbuf, ibe->inpos, 0) != 0) { 302 ipmi_debug("msg checksum failure\n"); 303 return; 304 } else { 305 ibe->inpos--; /* Remove checkum */ 306 } 307 308 timer_del(ibe->extern_timer); 309 ibe->waiting_rsp = false; 310 k->handle_rsp(ibe->parent.intf, ibe->inbuf[0], ibe->inbuf + 1, ibe->inpos - 1); 311 } 312 313 static int can_receive(void *opaque) 314 { 315 return 1; 316 } 317 318 static void receive(void *opaque, const uint8_t *buf, int size) 319 { 320 IPMIBmcExtern *ibe = opaque; 321 int i; 322 unsigned char hw_op; 323 324 for (i = 0; i < size; i++) { 325 unsigned char ch = buf[i]; 326 327 switch (ch) { 328 case VM_MSG_CHAR: 329 handle_msg(ibe); 330 ibe->in_too_many = false; 331 ibe->inpos = 0; 332 break; 333 334 case VM_CMD_CHAR: 335 if (ibe->in_too_many) { 336 ipmi_debug("cmd in too many\n"); 337 ibe->in_too_many = false; 338 ibe->inpos = 0; 339 break; 340 } 341 if (ibe->in_escape) { 342 ipmi_debug("cmd in escape\n"); 343 ibe->in_too_many = false; 344 ibe->inpos = 0; 345 ibe->in_escape = false; 346 break; 347 } 348 ibe->in_too_many = false; 349 if (ibe->inpos < 1) { 350 break; 351 } 352 hw_op = ibe->inbuf[0]; 353 ibe->inpos = 0; 354 goto out_hw_op; 355 break; 356 357 case VM_ESCAPE_CHAR: 358 ibe->in_escape = true; 359 break; 360 361 default: 362 if (ibe->in_escape) { 363 ch &= ~0x10; 364 ibe->in_escape = false; 365 } 366 if (ibe->in_too_many) { 367 break; 368 } 369 if (ibe->inpos >= sizeof(ibe->inbuf)) { 370 ibe->in_too_many = true; 371 break; 372 } 373 ibe->inbuf[ibe->inpos] = ch; 374 ibe->inpos++; 375 break; 376 } 377 } 378 return; 379 380 out_hw_op: 381 handle_hw_op(ibe, hw_op); 382 } 383 384 static void chr_event(void *opaque, int event) 385 { 386 IPMIBmcExtern *ibe = opaque; 387 IPMIInterface *s = ibe->parent.intf; 388 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 389 unsigned char v; 390 391 switch (event) { 392 case CHR_EVENT_OPENED: 393 ibe->connected = true; 394 ibe->outpos = 0; 395 ibe->outlen = 0; 396 addchar(ibe, VM_CMD_VERSION); 397 addchar(ibe, VM_PROTOCOL_VERSION); 398 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR; 399 ibe->outlen++; 400 addchar(ibe, VM_CMD_CAPABILITIES); 401 v = VM_CAPABILITIES_IRQ | VM_CAPABILITIES_ATTN; 402 if (k->do_hw_op(ibe->parent.intf, IPMI_POWEROFF_CHASSIS, 1) == 0) { 403 v |= VM_CAPABILITIES_POWER; 404 } 405 if (k->do_hw_op(ibe->parent.intf, IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 1) 406 == 0) { 407 v |= VM_CAPABILITIES_GRACEFUL_SHUTDOWN; 408 } 409 if (k->do_hw_op(ibe->parent.intf, IPMI_RESET_CHASSIS, 1) == 0) { 410 v |= VM_CAPABILITIES_RESET; 411 } 412 if (k->do_hw_op(ibe->parent.intf, IPMI_SEND_NMI, 1) == 0) { 413 v |= VM_CAPABILITIES_NMI; 414 } 415 addchar(ibe, v); 416 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR; 417 ibe->outlen++; 418 ibe->sending_cmd = false; 419 continue_send(ibe); 420 break; 421 422 case CHR_EVENT_CLOSED: 423 if (!ibe->connected) { 424 return; 425 } 426 ibe->connected = false; 427 if (ibe->waiting_rsp) { 428 ibe->waiting_rsp = false; 429 ibe->inbuf[1] = ibe->outbuf[1] | 0x04; 430 ibe->inbuf[2] = ibe->outbuf[2]; 431 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS; 432 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3); 433 } 434 break; 435 } 436 } 437 438 static void ipmi_bmc_extern_handle_reset(IPMIBmc *b) 439 { 440 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b); 441 442 ibe->send_reset = true; 443 continue_send(ibe); 444 } 445 446 static void ipmi_bmc_extern_realize(DeviceState *dev, Error **errp) 447 { 448 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(dev); 449 450 if (!qemu_chr_fe_get_driver(&ibe->chr)) { 451 error_setg(errp, "IPMI external bmc requires chardev attribute"); 452 return; 453 } 454 455 qemu_chr_fe_set_handlers(&ibe->chr, can_receive, receive, 456 chr_event, ibe, NULL, true); 457 } 458 459 static int ipmi_bmc_extern_post_migrate(void *opaque, int version_id) 460 { 461 IPMIBmcExtern *ibe = opaque; 462 463 /* 464 * We don't directly restore waiting_rsp, Instead, we return an 465 * error on the interface if a response was being waited for. 466 */ 467 if (ibe->waiting_rsp) { 468 IPMIInterface *ii = ibe->parent.intf; 469 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 470 471 ibe->waiting_rsp = false; 472 ibe->inbuf[1] = ibe->outbuf[1] | 0x04; 473 ibe->inbuf[2] = ibe->outbuf[2]; 474 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS; 475 iic->handle_rsp(ii, ibe->outbuf[0], ibe->inbuf + 1, 3); 476 } 477 return 0; 478 } 479 480 static const VMStateDescription vmstate_ipmi_bmc_extern = { 481 .name = TYPE_IPMI_BMC_EXTERN, 482 .version_id = 1, 483 .minimum_version_id = 1, 484 .post_load = ipmi_bmc_extern_post_migrate, 485 .fields = (VMStateField[]) { 486 VMSTATE_BOOL(send_reset, IPMIBmcExtern), 487 VMSTATE_BOOL(waiting_rsp, IPMIBmcExtern), 488 VMSTATE_END_OF_LIST() 489 } 490 }; 491 492 static void ipmi_bmc_extern_init(Object *obj) 493 { 494 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj); 495 496 ibe->extern_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, extern_timeout, ibe); 497 vmstate_register(NULL, 0, &vmstate_ipmi_bmc_extern, ibe); 498 } 499 500 static void ipmi_bmc_extern_finalize(Object *obj) 501 { 502 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj); 503 504 timer_del(ibe->extern_timer); 505 timer_free(ibe->extern_timer); 506 } 507 508 static Property ipmi_bmc_extern_properties[] = { 509 DEFINE_PROP_CHR("chardev", IPMIBmcExtern, chr), 510 DEFINE_PROP_END_OF_LIST(), 511 }; 512 513 static void ipmi_bmc_extern_class_init(ObjectClass *oc, void *data) 514 { 515 DeviceClass *dc = DEVICE_CLASS(oc); 516 IPMIBmcClass *bk = IPMI_BMC_CLASS(oc); 517 518 bk->handle_command = ipmi_bmc_extern_handle_command; 519 bk->handle_reset = ipmi_bmc_extern_handle_reset; 520 dc->hotpluggable = false; 521 dc->realize = ipmi_bmc_extern_realize; 522 dc->props = ipmi_bmc_extern_properties; 523 } 524 525 static const TypeInfo ipmi_bmc_extern_type = { 526 .name = TYPE_IPMI_BMC_EXTERN, 527 .parent = TYPE_IPMI_BMC, 528 .instance_size = sizeof(IPMIBmcExtern), 529 .instance_init = ipmi_bmc_extern_init, 530 .instance_finalize = ipmi_bmc_extern_finalize, 531 .class_init = ipmi_bmc_extern_class_init, 532 }; 533 534 static void ipmi_bmc_extern_register_types(void) 535 { 536 type_register_static(&ipmi_bmc_extern_type); 537 } 538 539 type_init(ipmi_bmc_extern_register_types) 540