1 /* 2 * IPMI BMC external connection 3 * 4 * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 /* 26 * This is designed to connect with OpenIPMI's lanserv serial interface 27 * using the "VM" connection type. See that for details. 28 */ 29 30 #include "qemu/osdep.h" 31 #include "qapi/error.h" 32 #include "qemu/timer.h" 33 #include "sysemu/char.h" 34 #include "sysemu/sysemu.h" 35 #include "hw/ipmi/ipmi.h" 36 37 #define VM_MSG_CHAR 0xA0 /* Marks end of message */ 38 #define VM_CMD_CHAR 0xA1 /* Marks end of a command */ 39 #define VM_ESCAPE_CHAR 0xAA /* Set bit 4 from the next byte to 0 */ 40 41 #define VM_PROTOCOL_VERSION 1 42 #define VM_CMD_VERSION 0xff /* A version number byte follows */ 43 #define VM_CMD_NOATTN 0x00 44 #define VM_CMD_ATTN 0x01 45 #define VM_CMD_ATTN_IRQ 0x02 46 #define VM_CMD_POWEROFF 0x03 47 #define VM_CMD_RESET 0x04 48 #define VM_CMD_ENABLE_IRQ 0x05 /* Enable/disable the messaging irq */ 49 #define VM_CMD_DISABLE_IRQ 0x06 50 #define VM_CMD_SEND_NMI 0x07 51 #define VM_CMD_CAPABILITIES 0x08 52 #define VM_CAPABILITIES_POWER 0x01 53 #define VM_CAPABILITIES_RESET 0x02 54 #define VM_CAPABILITIES_IRQ 0x04 55 #define VM_CAPABILITIES_NMI 0x08 56 #define VM_CAPABILITIES_ATTN 0x10 57 #define VM_CMD_FORCEOFF 0x09 58 59 #define TYPE_IPMI_BMC_EXTERN "ipmi-bmc-extern" 60 #define IPMI_BMC_EXTERN(obj) OBJECT_CHECK(IPMIBmcExtern, (obj), \ 61 TYPE_IPMI_BMC_EXTERN) 62 typedef struct IPMIBmcExtern { 63 IPMIBmc parent; 64 65 CharBackend chr; 66 67 bool connected; 68 69 unsigned char inbuf[MAX_IPMI_MSG_SIZE + 2]; 70 unsigned int inpos; 71 bool in_escape; 72 bool in_too_many; 73 bool waiting_rsp; 74 bool sending_cmd; 75 76 unsigned char outbuf[(MAX_IPMI_MSG_SIZE + 2) * 2 + 1]; 77 unsigned int outpos; 78 unsigned int outlen; 79 80 struct QEMUTimer *extern_timer; 81 82 /* A reset event is pending to be sent upstream. */ 83 bool send_reset; 84 } IPMIBmcExtern; 85 86 static int can_receive(void *opaque); 87 static void receive(void *opaque, const uint8_t *buf, int size); 88 static void chr_event(void *opaque, int event); 89 90 static unsigned char 91 ipmb_checksum(const unsigned char *data, int size, unsigned char start) 92 { 93 unsigned char csum = start; 94 95 for (; size > 0; size--, data++) { 96 csum += *data; 97 } 98 return csum; 99 } 100 101 static void continue_send(IPMIBmcExtern *ibe) 102 { 103 int ret; 104 if (ibe->outlen == 0) { 105 goto check_reset; 106 } 107 send: 108 ret = qemu_chr_fe_write(&ibe->chr, ibe->outbuf + ibe->outpos, 109 ibe->outlen - ibe->outpos); 110 if (ret > 0) { 111 ibe->outpos += ret; 112 } 113 if (ibe->outpos < ibe->outlen) { 114 /* Not fully transmitted, try again in a 10ms */ 115 timer_mod_ns(ibe->extern_timer, 116 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 10000000); 117 } else { 118 /* Sent */ 119 ibe->outlen = 0; 120 ibe->outpos = 0; 121 if (!ibe->sending_cmd) { 122 ibe->waiting_rsp = true; 123 } else { 124 ibe->sending_cmd = false; 125 } 126 check_reset: 127 if (ibe->connected && ibe->send_reset) { 128 /* Send the reset */ 129 ibe->outbuf[0] = VM_CMD_RESET; 130 ibe->outbuf[1] = VM_CMD_CHAR; 131 ibe->outlen = 2; 132 ibe->outpos = 0; 133 ibe->send_reset = false; 134 ibe->sending_cmd = true; 135 goto send; 136 } 137 138 if (ibe->waiting_rsp) { 139 /* Make sure we get a response within 4 seconds. */ 140 timer_mod_ns(ibe->extern_timer, 141 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 4000000000ULL); 142 } 143 } 144 return; 145 } 146 147 static void extern_timeout(void *opaque) 148 { 149 IPMIBmcExtern *ibe = opaque; 150 IPMIInterface *s = ibe->parent.intf; 151 152 if (ibe->connected) { 153 if (ibe->waiting_rsp && (ibe->outlen == 0)) { 154 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 155 /* The message response timed out, return an error. */ 156 ibe->waiting_rsp = false; 157 ibe->inbuf[1] = ibe->outbuf[1] | 0x04; 158 ibe->inbuf[2] = ibe->outbuf[2]; 159 ibe->inbuf[3] = IPMI_CC_TIMEOUT; 160 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3); 161 } else { 162 continue_send(ibe); 163 } 164 } 165 } 166 167 static void addchar(IPMIBmcExtern *ibe, unsigned char ch) 168 { 169 switch (ch) { 170 case VM_MSG_CHAR: 171 case VM_CMD_CHAR: 172 case VM_ESCAPE_CHAR: 173 ibe->outbuf[ibe->outlen] = VM_ESCAPE_CHAR; 174 ibe->outlen++; 175 ch |= 0x10; 176 /* No break */ 177 178 default: 179 ibe->outbuf[ibe->outlen] = ch; 180 ibe->outlen++; 181 } 182 } 183 184 static void ipmi_bmc_extern_handle_command(IPMIBmc *b, 185 uint8_t *cmd, unsigned int cmd_len, 186 unsigned int max_cmd_len, 187 uint8_t msg_id) 188 { 189 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b); 190 IPMIInterface *s = ibe->parent.intf; 191 uint8_t err = 0, csum; 192 unsigned int i; 193 194 if (ibe->outlen) { 195 /* We already have a command queued. Shouldn't ever happen. */ 196 fprintf(stderr, "IPMI KCS: Got command when not finished with the" 197 " previous command\n"); 198 abort(); 199 } 200 201 /* If it's too short or it was truncated, return an error. */ 202 if (cmd_len < 2) { 203 err = IPMI_CC_REQUEST_DATA_LENGTH_INVALID; 204 } else if ((cmd_len > max_cmd_len) || (cmd_len > MAX_IPMI_MSG_SIZE)) { 205 err = IPMI_CC_REQUEST_DATA_TRUNCATED; 206 } else if (!ibe->connected) { 207 err = IPMI_CC_BMC_INIT_IN_PROGRESS; 208 } 209 if (err) { 210 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 211 unsigned char rsp[3]; 212 rsp[0] = cmd[0] | 0x04; 213 rsp[1] = cmd[1]; 214 rsp[2] = err; 215 ibe->waiting_rsp = false; 216 k->handle_rsp(s, msg_id, rsp, 3); 217 goto out; 218 } 219 220 addchar(ibe, msg_id); 221 for (i = 0; i < cmd_len; i++) { 222 addchar(ibe, cmd[i]); 223 } 224 csum = ipmb_checksum(&msg_id, 1, 0); 225 addchar(ibe, -ipmb_checksum(cmd, cmd_len, csum)); 226 227 ibe->outbuf[ibe->outlen] = VM_MSG_CHAR; 228 ibe->outlen++; 229 230 /* Start the transmit */ 231 continue_send(ibe); 232 233 out: 234 return; 235 } 236 237 static void handle_hw_op(IPMIBmcExtern *ibe, unsigned char hw_op) 238 { 239 IPMIInterface *s = ibe->parent.intf; 240 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 241 242 switch (hw_op) { 243 case VM_CMD_VERSION: 244 /* We only support one version at this time. */ 245 break; 246 247 case VM_CMD_NOATTN: 248 k->set_atn(s, 0, 0); 249 break; 250 251 case VM_CMD_ATTN: 252 k->set_atn(s, 1, 0); 253 break; 254 255 case VM_CMD_ATTN_IRQ: 256 k->set_atn(s, 1, 1); 257 break; 258 259 case VM_CMD_POWEROFF: 260 k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0); 261 break; 262 263 case VM_CMD_RESET: 264 k->do_hw_op(s, IPMI_RESET_CHASSIS, 0); 265 break; 266 267 case VM_CMD_ENABLE_IRQ: 268 k->set_irq_enable(s, 1); 269 break; 270 271 case VM_CMD_DISABLE_IRQ: 272 k->set_irq_enable(s, 0); 273 break; 274 275 case VM_CMD_SEND_NMI: 276 k->do_hw_op(s, IPMI_SEND_NMI, 0); 277 break; 278 279 case VM_CMD_FORCEOFF: 280 qemu_system_shutdown_request(); 281 break; 282 } 283 } 284 285 static void handle_msg(IPMIBmcExtern *ibe) 286 { 287 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(ibe->parent.intf); 288 289 if (ibe->in_escape) { 290 ipmi_debug("msg escape not ended\n"); 291 return; 292 } 293 if (ibe->inpos < 5) { 294 ipmi_debug("msg too short\n"); 295 return; 296 } 297 if (ibe->in_too_many) { 298 ibe->inbuf[3] = IPMI_CC_REQUEST_DATA_TRUNCATED; 299 ibe->inpos = 4; 300 } else if (ipmb_checksum(ibe->inbuf, ibe->inpos, 0) != 0) { 301 ipmi_debug("msg checksum failure\n"); 302 return; 303 } else { 304 ibe->inpos--; /* Remove checkum */ 305 } 306 307 timer_del(ibe->extern_timer); 308 ibe->waiting_rsp = false; 309 k->handle_rsp(ibe->parent.intf, ibe->inbuf[0], ibe->inbuf + 1, ibe->inpos - 1); 310 } 311 312 static int can_receive(void *opaque) 313 { 314 return 1; 315 } 316 317 static void receive(void *opaque, const uint8_t *buf, int size) 318 { 319 IPMIBmcExtern *ibe = opaque; 320 int i; 321 unsigned char hw_op; 322 323 for (i = 0; i < size; i++) { 324 unsigned char ch = buf[i]; 325 326 switch (ch) { 327 case VM_MSG_CHAR: 328 handle_msg(ibe); 329 ibe->in_too_many = false; 330 ibe->inpos = 0; 331 break; 332 333 case VM_CMD_CHAR: 334 if (ibe->in_too_many) { 335 ipmi_debug("cmd in too many\n"); 336 ibe->in_too_many = false; 337 ibe->inpos = 0; 338 break; 339 } 340 if (ibe->in_escape) { 341 ipmi_debug("cmd in escape\n"); 342 ibe->in_too_many = false; 343 ibe->inpos = 0; 344 ibe->in_escape = false; 345 break; 346 } 347 ibe->in_too_many = false; 348 if (ibe->inpos < 1) { 349 break; 350 } 351 hw_op = ibe->inbuf[0]; 352 ibe->inpos = 0; 353 goto out_hw_op; 354 break; 355 356 case VM_ESCAPE_CHAR: 357 ibe->in_escape = true; 358 break; 359 360 default: 361 if (ibe->in_escape) { 362 ch &= ~0x10; 363 ibe->in_escape = false; 364 } 365 if (ibe->in_too_many) { 366 break; 367 } 368 if (ibe->inpos >= sizeof(ibe->inbuf)) { 369 ibe->in_too_many = true; 370 break; 371 } 372 ibe->inbuf[ibe->inpos] = ch; 373 ibe->inpos++; 374 break; 375 } 376 } 377 return; 378 379 out_hw_op: 380 handle_hw_op(ibe, hw_op); 381 } 382 383 static void chr_event(void *opaque, int event) 384 { 385 IPMIBmcExtern *ibe = opaque; 386 IPMIInterface *s = ibe->parent.intf; 387 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 388 unsigned char v; 389 390 switch (event) { 391 case CHR_EVENT_OPENED: 392 ibe->connected = true; 393 ibe->outpos = 0; 394 ibe->outlen = 0; 395 addchar(ibe, VM_CMD_VERSION); 396 addchar(ibe, VM_PROTOCOL_VERSION); 397 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR; 398 ibe->outlen++; 399 addchar(ibe, VM_CMD_CAPABILITIES); 400 v = VM_CAPABILITIES_IRQ | VM_CAPABILITIES_ATTN; 401 if (k->do_hw_op(ibe->parent.intf, IPMI_POWEROFF_CHASSIS, 1) == 0) { 402 v |= VM_CAPABILITIES_POWER; 403 } 404 if (k->do_hw_op(ibe->parent.intf, IPMI_RESET_CHASSIS, 1) == 0) { 405 v |= VM_CAPABILITIES_RESET; 406 } 407 if (k->do_hw_op(ibe->parent.intf, IPMI_SEND_NMI, 1) == 0) { 408 v |= VM_CAPABILITIES_NMI; 409 } 410 addchar(ibe, v); 411 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR; 412 ibe->outlen++; 413 ibe->sending_cmd = false; 414 continue_send(ibe); 415 break; 416 417 case CHR_EVENT_CLOSED: 418 if (!ibe->connected) { 419 return; 420 } 421 ibe->connected = false; 422 if (ibe->waiting_rsp) { 423 ibe->waiting_rsp = false; 424 ibe->inbuf[1] = ibe->outbuf[1] | 0x04; 425 ibe->inbuf[2] = ibe->outbuf[2]; 426 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS; 427 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3); 428 } 429 break; 430 } 431 } 432 433 static void ipmi_bmc_extern_handle_reset(IPMIBmc *b) 434 { 435 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b); 436 437 ibe->send_reset = true; 438 continue_send(ibe); 439 } 440 441 static void ipmi_bmc_extern_realize(DeviceState *dev, Error **errp) 442 { 443 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(dev); 444 445 if (!qemu_chr_fe_get_driver(&ibe->chr)) { 446 error_setg(errp, "IPMI external bmc requires chardev attribute"); 447 return; 448 } 449 450 qemu_chr_fe_set_handlers(&ibe->chr, can_receive, receive, 451 chr_event, ibe, NULL, true); 452 } 453 454 static int ipmi_bmc_extern_post_migrate(void *opaque, int version_id) 455 { 456 IPMIBmcExtern *ibe = opaque; 457 458 /* 459 * We don't directly restore waiting_rsp, Instead, we return an 460 * error on the interface if a response was being waited for. 461 */ 462 if (ibe->waiting_rsp) { 463 IPMIInterface *ii = ibe->parent.intf; 464 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 465 466 ibe->waiting_rsp = false; 467 ibe->inbuf[1] = ibe->outbuf[1] | 0x04; 468 ibe->inbuf[2] = ibe->outbuf[2]; 469 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS; 470 iic->handle_rsp(ii, ibe->outbuf[0], ibe->inbuf + 1, 3); 471 } 472 return 0; 473 } 474 475 static const VMStateDescription vmstate_ipmi_bmc_extern = { 476 .name = TYPE_IPMI_BMC_EXTERN, 477 .version_id = 1, 478 .minimum_version_id = 1, 479 .post_load = ipmi_bmc_extern_post_migrate, 480 .fields = (VMStateField[]) { 481 VMSTATE_BOOL(send_reset, IPMIBmcExtern), 482 VMSTATE_BOOL(waiting_rsp, IPMIBmcExtern), 483 VMSTATE_END_OF_LIST() 484 } 485 }; 486 487 static void ipmi_bmc_extern_init(Object *obj) 488 { 489 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj); 490 491 ibe->extern_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, extern_timeout, ibe); 492 vmstate_register(NULL, 0, &vmstate_ipmi_bmc_extern, ibe); 493 } 494 495 static void ipmi_bmc_extern_finalize(Object *obj) 496 { 497 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj); 498 499 timer_del(ibe->extern_timer); 500 timer_free(ibe->extern_timer); 501 } 502 503 static Property ipmi_bmc_extern_properties[] = { 504 DEFINE_PROP_CHR("chardev", IPMIBmcExtern, chr), 505 DEFINE_PROP_END_OF_LIST(), 506 }; 507 508 static void ipmi_bmc_extern_class_init(ObjectClass *oc, void *data) 509 { 510 DeviceClass *dc = DEVICE_CLASS(oc); 511 IPMIBmcClass *bk = IPMI_BMC_CLASS(oc); 512 513 bk->handle_command = ipmi_bmc_extern_handle_command; 514 bk->handle_reset = ipmi_bmc_extern_handle_reset; 515 dc->realize = ipmi_bmc_extern_realize; 516 dc->props = ipmi_bmc_extern_properties; 517 } 518 519 static const TypeInfo ipmi_bmc_extern_type = { 520 .name = TYPE_IPMI_BMC_EXTERN, 521 .parent = TYPE_IPMI_BMC, 522 .instance_size = sizeof(IPMIBmcExtern), 523 .instance_init = ipmi_bmc_extern_init, 524 .instance_finalize = ipmi_bmc_extern_finalize, 525 .class_init = ipmi_bmc_extern_class_init, 526 }; 527 528 static void ipmi_bmc_extern_register_types(void) 529 { 530 type_register_static(&ipmi_bmc_extern_type); 531 } 532 533 type_init(ipmi_bmc_extern_register_types) 534