xref: /openbmc/qemu/hw/ipmi/ipmi_bmc_sim.c (revision c5a5839856119a3644dcc0775a046ed0ee3081c3)
1 /*
2  * IPMI BMC emulation
3  *
4  * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 
25 #include "qemu/osdep.h"
26 #include "sysemu/sysemu.h"
27 #include "qemu/timer.h"
28 #include "hw/ipmi/ipmi.h"
29 #include "qemu/error-report.h"
30 #include "qemu/module.h"
31 #include "hw/loader.h"
32 #include "hw/qdev-properties.h"
33 #include "migration/vmstate.h"
34 
35 #define IPMI_NETFN_CHASSIS            0x00
36 
37 #define IPMI_CMD_GET_CHASSIS_CAPABILITIES 0x00
38 #define IPMI_CMD_GET_CHASSIS_STATUS       0x01
39 #define IPMI_CMD_CHASSIS_CONTROL          0x02
40 #define IPMI_CMD_GET_SYS_RESTART_CAUSE    0x09
41 
42 #define IPMI_NETFN_SENSOR_EVENT       0x04
43 
44 #define IPMI_CMD_PLATFORM_EVENT_MSG       0x02
45 #define IPMI_CMD_SET_SENSOR_EVT_ENABLE    0x28
46 #define IPMI_CMD_GET_SENSOR_EVT_ENABLE    0x29
47 #define IPMI_CMD_REARM_SENSOR_EVTS        0x2a
48 #define IPMI_CMD_GET_SENSOR_EVT_STATUS    0x2b
49 #define IPMI_CMD_GET_SENSOR_READING       0x2d
50 #define IPMI_CMD_SET_SENSOR_TYPE          0x2e
51 #define IPMI_CMD_GET_SENSOR_TYPE          0x2f
52 
53 /* #define IPMI_NETFN_APP             0x06 In ipmi.h */
54 
55 #define IPMI_CMD_GET_DEVICE_ID            0x01
56 #define IPMI_CMD_COLD_RESET               0x02
57 #define IPMI_CMD_WARM_RESET               0x03
58 #define IPMI_CMD_SET_ACPI_POWER_STATE     0x06
59 #define IPMI_CMD_GET_ACPI_POWER_STATE     0x07
60 #define IPMI_CMD_GET_DEVICE_GUID          0x08
61 #define IPMI_CMD_RESET_WATCHDOG_TIMER     0x22
62 #define IPMI_CMD_SET_WATCHDOG_TIMER       0x24
63 #define IPMI_CMD_GET_WATCHDOG_TIMER       0x25
64 #define IPMI_CMD_SET_BMC_GLOBAL_ENABLES   0x2e
65 #define IPMI_CMD_GET_BMC_GLOBAL_ENABLES   0x2f
66 #define IPMI_CMD_CLR_MSG_FLAGS            0x30
67 #define IPMI_CMD_GET_MSG_FLAGS            0x31
68 #define IPMI_CMD_GET_MSG                  0x33
69 #define IPMI_CMD_SEND_MSG                 0x34
70 #define IPMI_CMD_READ_EVT_MSG_BUF         0x35
71 
72 #define IPMI_NETFN_STORAGE            0x0a
73 
74 #define IPMI_CMD_GET_SDR_REP_INFO         0x20
75 #define IPMI_CMD_GET_SDR_REP_ALLOC_INFO   0x21
76 #define IPMI_CMD_RESERVE_SDR_REP          0x22
77 #define IPMI_CMD_GET_SDR                  0x23
78 #define IPMI_CMD_ADD_SDR                  0x24
79 #define IPMI_CMD_PARTIAL_ADD_SDR          0x25
80 #define IPMI_CMD_DELETE_SDR               0x26
81 #define IPMI_CMD_CLEAR_SDR_REP            0x27
82 #define IPMI_CMD_GET_SDR_REP_TIME         0x28
83 #define IPMI_CMD_SET_SDR_REP_TIME         0x29
84 #define IPMI_CMD_ENTER_SDR_REP_UPD_MODE   0x2A
85 #define IPMI_CMD_EXIT_SDR_REP_UPD_MODE    0x2B
86 #define IPMI_CMD_RUN_INIT_AGENT           0x2C
87 #define IPMI_CMD_GET_FRU_AREA_INFO        0x10
88 #define IPMI_CMD_READ_FRU_DATA            0x11
89 #define IPMI_CMD_WRITE_FRU_DATA           0x12
90 #define IPMI_CMD_GET_SEL_INFO             0x40
91 #define IPMI_CMD_GET_SEL_ALLOC_INFO       0x41
92 #define IPMI_CMD_RESERVE_SEL              0x42
93 #define IPMI_CMD_GET_SEL_ENTRY            0x43
94 #define IPMI_CMD_ADD_SEL_ENTRY            0x44
95 #define IPMI_CMD_PARTIAL_ADD_SEL_ENTRY    0x45
96 #define IPMI_CMD_DELETE_SEL_ENTRY         0x46
97 #define IPMI_CMD_CLEAR_SEL                0x47
98 #define IPMI_CMD_GET_SEL_TIME             0x48
99 #define IPMI_CMD_SET_SEL_TIME             0x49
100 
101 
102 /* Same as a timespec struct. */
103 struct ipmi_time {
104     long tv_sec;
105     long tv_nsec;
106 };
107 
108 #define MAX_SEL_SIZE 128
109 
110 typedef struct IPMISel {
111     uint8_t sel[MAX_SEL_SIZE][16];
112     unsigned int next_free;
113     long time_offset;
114     uint16_t reservation;
115     uint8_t last_addition[4];
116     uint8_t last_clear[4];
117     uint8_t overflow;
118 } IPMISel;
119 
120 #define MAX_SDR_SIZE 16384
121 
122 typedef struct IPMISdr {
123     uint8_t sdr[MAX_SDR_SIZE];
124     unsigned int next_free;
125     uint16_t next_rec_id;
126     uint16_t reservation;
127     uint8_t last_addition[4];
128     uint8_t last_clear[4];
129     uint8_t overflow;
130 } IPMISdr;
131 
132 typedef struct IPMIFru {
133     char *filename;
134     unsigned int nentries;
135     uint16_t areasize;
136     uint8_t *data;
137 } IPMIFru;
138 
139 typedef struct IPMISensor {
140     uint8_t status;
141     uint8_t reading;
142     uint16_t states_suppt;
143     uint16_t assert_suppt;
144     uint16_t deassert_suppt;
145     uint16_t states;
146     uint16_t assert_states;
147     uint16_t deassert_states;
148     uint16_t assert_enable;
149     uint16_t deassert_enable;
150     uint8_t  sensor_type;
151     uint8_t  evt_reading_type_code;
152 } IPMISensor;
153 #define IPMI_SENSOR_GET_PRESENT(s)       ((s)->status & 0x01)
154 #define IPMI_SENSOR_SET_PRESENT(s, v)    ((s)->status = (s->status & ~0x01) | \
155                                              !!(v))
156 #define IPMI_SENSOR_GET_SCAN_ON(s)       ((s)->status & 0x40)
157 #define IPMI_SENSOR_SET_SCAN_ON(s, v)    ((s)->status = (s->status & ~0x40) | \
158                                              ((!!(v)) << 6))
159 #define IPMI_SENSOR_GET_EVENTS_ON(s)     ((s)->status & 0x80)
160 #define IPMI_SENSOR_SET_EVENTS_ON(s, v)  ((s)->status = (s->status & ~0x80) | \
161                                              ((!!(v)) << 7))
162 #define IPMI_SENSOR_GET_RET_STATUS(s)    ((s)->status & 0xc0)
163 #define IPMI_SENSOR_SET_RET_STATUS(s, v) ((s)->status = (s->status & ~0xc0) | \
164                                              (v & 0xc0))
165 #define IPMI_SENSOR_IS_DISCRETE(s) ((s)->evt_reading_type_code != 1)
166 
167 #define MAX_SENSORS 20
168 #define IPMI_WATCHDOG_SENSOR 0
169 
170 #define MAX_NETFNS 64
171 
172 typedef struct IPMIRcvBufEntry {
173     QTAILQ_ENTRY(IPMIRcvBufEntry) entry;
174     uint8_t len;
175     uint8_t buf[MAX_IPMI_MSG_SIZE];
176 } IPMIRcvBufEntry;
177 
178 struct IPMIBmcSim {
179     IPMIBmc parent;
180 
181     QEMUTimer *timer;
182 
183     uint8_t bmc_global_enables;
184     uint8_t msg_flags;
185 
186     bool     watchdog_initialized;
187     uint8_t  watchdog_use;
188     uint8_t  watchdog_action;
189     uint8_t  watchdog_pretimeout; /* In seconds */
190     bool     watchdog_expired;
191     uint16_t watchdog_timeout; /* in 100's of milliseconds */
192 
193     bool     watchdog_running;
194     bool     watchdog_preaction_ran;
195     int64_t  watchdog_expiry;
196 
197     uint8_t device_id;
198     uint8_t ipmi_version;
199     uint8_t device_rev;
200     uint8_t fwrev1;
201     uint8_t fwrev2;
202     uint32_t mfg_id;
203     uint16_t product_id;
204 
205     uint8_t restart_cause;
206 
207     uint8_t acpi_power_state[2];
208     QemuUUID uuid;
209 
210     IPMISel sel;
211     IPMISdr sdr;
212     IPMIFru fru;
213     IPMISensor sensors[MAX_SENSORS];
214     char *sdr_filename;
215 
216     /* Odd netfns are for responses, so we only need the even ones. */
217     const IPMINetfn *netfns[MAX_NETFNS / 2];
218 
219     /* We allow one event in the buffer */
220     uint8_t evtbuf[16];
221 
222     QTAILQ_HEAD(, IPMIRcvBufEntry) rcvbufs;
223 };
224 
225 #define IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK        (1 << 3)
226 #define IPMI_BMC_MSG_FLAG_EVT_BUF_FULL                 (1 << 1)
227 #define IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE                (1 << 0)
228 #define IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK_SET(s) \
229     (IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK & (s)->msg_flags)
230 #define IPMI_BMC_MSG_FLAG_EVT_BUF_FULL_SET(s) \
231     (IPMI_BMC_MSG_FLAG_EVT_BUF_FULL & (s)->msg_flags)
232 #define IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE_SET(s) \
233     (IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE & (s)->msg_flags)
234 
235 #define IPMI_BMC_RCV_MSG_QUEUE_INT_BIT    0
236 #define IPMI_BMC_EVBUF_FULL_INT_BIT       1
237 #define IPMI_BMC_EVENT_MSG_BUF_BIT        2
238 #define IPMI_BMC_EVENT_LOG_BIT            3
239 #define IPMI_BMC_MSG_INTS_ON(s) ((s)->bmc_global_enables & \
240                                  (1 << IPMI_BMC_RCV_MSG_QUEUE_INT_BIT))
241 #define IPMI_BMC_EVBUF_FULL_INT_ENABLED(s) ((s)->bmc_global_enables & \
242                                         (1 << IPMI_BMC_EVBUF_FULL_INT_BIT))
243 #define IPMI_BMC_EVENT_LOG_ENABLED(s) ((s)->bmc_global_enables & \
244                                        (1 << IPMI_BMC_EVENT_LOG_BIT))
245 #define IPMI_BMC_EVENT_MSG_BUF_ENABLED(s) ((s)->bmc_global_enables & \
246                                            (1 << IPMI_BMC_EVENT_MSG_BUF_BIT))
247 
248 #define IPMI_BMC_WATCHDOG_USE_MASK 0xc7
249 #define IPMI_BMC_WATCHDOG_ACTION_MASK 0x77
250 #define IPMI_BMC_WATCHDOG_GET_USE(s) ((s)->watchdog_use & 0x7)
251 #define IPMI_BMC_WATCHDOG_GET_DONT_LOG(s) (((s)->watchdog_use >> 7) & 0x1)
252 #define IPMI_BMC_WATCHDOG_GET_DONT_STOP(s) (((s)->watchdog_use >> 6) & 0x1)
253 #define IPMI_BMC_WATCHDOG_GET_PRE_ACTION(s) (((s)->watchdog_action >> 4) & 0x7)
254 #define IPMI_BMC_WATCHDOG_PRE_NONE               0
255 #define IPMI_BMC_WATCHDOG_PRE_SMI                1
256 #define IPMI_BMC_WATCHDOG_PRE_NMI                2
257 #define IPMI_BMC_WATCHDOG_PRE_MSG_INT            3
258 #define IPMI_BMC_WATCHDOG_GET_ACTION(s) ((s)->watchdog_action & 0x7)
259 #define IPMI_BMC_WATCHDOG_ACTION_NONE            0
260 #define IPMI_BMC_WATCHDOG_ACTION_RESET           1
261 #define IPMI_BMC_WATCHDOG_ACTION_POWER_DOWN      2
262 #define IPMI_BMC_WATCHDOG_ACTION_POWER_CYCLE     3
263 
264 #define RSP_BUFFER_INITIALIZER { }
265 
266 static inline void rsp_buffer_pushmore(RspBuffer *rsp, uint8_t *bytes,
267                                        unsigned int n)
268 {
269     if (rsp->len + n >= sizeof(rsp->buffer)) {
270         rsp_buffer_set_error(rsp, IPMI_CC_REQUEST_DATA_TRUNCATED);
271         return;
272     }
273 
274     memcpy(&rsp->buffer[rsp->len], bytes, n);
275     rsp->len += n;
276 }
277 
278 static void ipmi_sim_handle_timeout(IPMIBmcSim *ibs);
279 
280 static void ipmi_gettime(struct ipmi_time *time)
281 {
282     int64_t stime;
283 
284     stime = qemu_clock_get_ns(QEMU_CLOCK_HOST);
285     time->tv_sec = stime / 1000000000LL;
286     time->tv_nsec = stime % 1000000000LL;
287 }
288 
289 static int64_t ipmi_getmonotime(void)
290 {
291     return qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
292 }
293 
294 static void ipmi_timeout(void *opaque)
295 {
296     IPMIBmcSim *ibs = opaque;
297 
298     ipmi_sim_handle_timeout(ibs);
299 }
300 
301 static void set_timestamp(IPMIBmcSim *ibs, uint8_t *ts)
302 {
303     unsigned int val;
304     struct ipmi_time now;
305 
306     ipmi_gettime(&now);
307     val = now.tv_sec + ibs->sel.time_offset;
308     ts[0] = val & 0xff;
309     ts[1] = (val >> 8) & 0xff;
310     ts[2] = (val >> 16) & 0xff;
311     ts[3] = (val >> 24) & 0xff;
312 }
313 
314 static void sdr_inc_reservation(IPMISdr *sdr)
315 {
316     sdr->reservation++;
317     if (sdr->reservation == 0) {
318         sdr->reservation = 1;
319     }
320 }
321 
322 static int sdr_add_entry(IPMIBmcSim *ibs,
323                          const struct ipmi_sdr_header *sdrh_entry,
324                          unsigned int len, uint16_t *recid)
325 {
326     struct ipmi_sdr_header *sdrh =
327         (struct ipmi_sdr_header *) &ibs->sdr.sdr[ibs->sdr.next_free];
328 
329     if ((len < IPMI_SDR_HEADER_SIZE) || (len > 255)) {
330         return 1;
331     }
332 
333     if (ipmi_sdr_length(sdrh_entry) != len) {
334         return 1;
335     }
336 
337     if (ibs->sdr.next_free + len > MAX_SDR_SIZE) {
338         ibs->sdr.overflow = 1;
339         return 1;
340     }
341 
342     memcpy(sdrh, sdrh_entry, len);
343     sdrh->rec_id[0] = ibs->sdr.next_rec_id & 0xff;
344     sdrh->rec_id[1] = (ibs->sdr.next_rec_id >> 8) & 0xff;
345     sdrh->sdr_version = 0x51; /* Conform to IPMI 1.5 spec */
346 
347     if (recid) {
348         *recid = ibs->sdr.next_rec_id;
349     }
350     ibs->sdr.next_rec_id++;
351     set_timestamp(ibs, ibs->sdr.last_addition);
352     ibs->sdr.next_free += len;
353     sdr_inc_reservation(&ibs->sdr);
354     return 0;
355 }
356 
357 static int sdr_find_entry(IPMISdr *sdr, uint16_t recid,
358                           unsigned int *retpos, uint16_t *nextrec)
359 {
360     unsigned int pos = *retpos;
361 
362     while (pos < sdr->next_free) {
363         struct ipmi_sdr_header *sdrh =
364             (struct ipmi_sdr_header *) &sdr->sdr[pos];
365         uint16_t trec = ipmi_sdr_recid(sdrh);
366         unsigned int nextpos = pos + ipmi_sdr_length(sdrh);
367 
368         if (trec == recid) {
369             if (nextrec) {
370                 if (nextpos >= sdr->next_free) {
371                     *nextrec = 0xffff;
372                 } else {
373                     *nextrec = (sdr->sdr[nextpos] |
374                                 (sdr->sdr[nextpos + 1] << 8));
375                 }
376             }
377             *retpos = pos;
378             return 0;
379         }
380         pos = nextpos;
381     }
382     return 1;
383 }
384 
385 int ipmi_bmc_sdr_find(IPMIBmc *b, uint16_t recid,
386                       const struct ipmi_sdr_compact **sdr, uint16_t *nextrec)
387 
388 {
389     IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b);
390     unsigned int pos;
391 
392     pos = 0;
393     if (sdr_find_entry(&ibs->sdr, recid, &pos, nextrec)) {
394         return -1;
395     }
396 
397     *sdr = (const struct ipmi_sdr_compact *) &ibs->sdr.sdr[pos];
398     return 0;
399 }
400 
401 static void sel_inc_reservation(IPMISel *sel)
402 {
403     sel->reservation++;
404     if (sel->reservation == 0) {
405         sel->reservation = 1;
406     }
407 }
408 
409 /* Returns 1 if the SEL is full and can't hold the event. */
410 static int sel_add_event(IPMIBmcSim *ibs, uint8_t *event)
411 {
412     uint8_t ts[4];
413 
414     event[0] = 0xff;
415     event[1] = 0xff;
416     set_timestamp(ibs, ts);
417     if (event[2] < 0xe0) { /* Don't set timestamps for type 0xe0-0xff. */
418         memcpy(event + 3, ts, 4);
419     }
420     if (ibs->sel.next_free == MAX_SEL_SIZE) {
421         ibs->sel.overflow = 1;
422         return 1;
423     }
424     event[0] = ibs->sel.next_free & 0xff;
425     event[1] = (ibs->sel.next_free >> 8) & 0xff;
426     memcpy(ibs->sel.last_addition, ts, 4);
427     memcpy(ibs->sel.sel[ibs->sel.next_free], event, 16);
428     ibs->sel.next_free++;
429     sel_inc_reservation(&ibs->sel);
430     return 0;
431 }
432 
433 static int attn_set(IPMIBmcSim *ibs)
434 {
435     return IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE_SET(ibs)
436         || IPMI_BMC_MSG_FLAG_EVT_BUF_FULL_SET(ibs)
437         || IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK_SET(ibs);
438 }
439 
440 static int attn_irq_enabled(IPMIBmcSim *ibs)
441 {
442     return (IPMI_BMC_MSG_INTS_ON(ibs) &&
443             (IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE_SET(ibs) ||
444              IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK_SET(ibs)))
445         || (IPMI_BMC_EVBUF_FULL_INT_ENABLED(ibs) &&
446             IPMI_BMC_MSG_FLAG_EVT_BUF_FULL_SET(ibs));
447 }
448 
449 void ipmi_bmc_gen_event(IPMIBmc *b, uint8_t *evt, bool log)
450 {
451     IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b);
452     IPMIInterface *s = ibs->parent.intf;
453     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
454 
455     if (!IPMI_BMC_EVENT_MSG_BUF_ENABLED(ibs)) {
456         return;
457     }
458 
459     if (log && IPMI_BMC_EVENT_LOG_ENABLED(ibs)) {
460         sel_add_event(ibs, evt);
461     }
462 
463     if (ibs->msg_flags & IPMI_BMC_MSG_FLAG_EVT_BUF_FULL) {
464         goto out;
465     }
466 
467     memcpy(ibs->evtbuf, evt, 16);
468     ibs->msg_flags |= IPMI_BMC_MSG_FLAG_EVT_BUF_FULL;
469     k->set_atn(s, 1, attn_irq_enabled(ibs));
470  out:
471     return;
472 }
473 static void gen_event(IPMIBmcSim *ibs, unsigned int sens_num, uint8_t deassert,
474                       uint8_t evd1, uint8_t evd2, uint8_t evd3)
475 {
476     IPMIInterface *s = ibs->parent.intf;
477     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
478     uint8_t evt[16];
479     IPMISensor *sens = ibs->sensors + sens_num;
480 
481     if (!IPMI_BMC_EVENT_MSG_BUF_ENABLED(ibs)) {
482         return;
483     }
484     if (!IPMI_SENSOR_GET_EVENTS_ON(sens)) {
485         return;
486     }
487 
488     evt[2] = 0x2; /* System event record */
489     evt[7] = ibs->parent.slave_addr;
490     evt[8] = 0;
491     evt[9] = 0x04; /* Format version */
492     evt[10] = sens->sensor_type;
493     evt[11] = sens_num;
494     evt[12] = sens->evt_reading_type_code | (!!deassert << 7);
495     evt[13] = evd1;
496     evt[14] = evd2;
497     evt[15] = evd3;
498 
499     if (IPMI_BMC_EVENT_LOG_ENABLED(ibs)) {
500         sel_add_event(ibs, evt);
501     }
502 
503     if (ibs->msg_flags & IPMI_BMC_MSG_FLAG_EVT_BUF_FULL) {
504         return;
505     }
506 
507     memcpy(ibs->evtbuf, evt, 16);
508     ibs->msg_flags |= IPMI_BMC_MSG_FLAG_EVT_BUF_FULL;
509     k->set_atn(s, 1, attn_irq_enabled(ibs));
510 }
511 
512 static void sensor_set_discrete_bit(IPMIBmcSim *ibs, unsigned int sensor,
513                                     unsigned int bit, unsigned int val,
514                                     uint8_t evd1, uint8_t evd2, uint8_t evd3)
515 {
516     IPMISensor *sens;
517     uint16_t mask;
518 
519     if (sensor >= MAX_SENSORS) {
520         return;
521     }
522     if (bit >= 16) {
523         return;
524     }
525 
526     mask = (1 << bit);
527     sens = ibs->sensors + sensor;
528     if (val) {
529         sens->states |= mask & sens->states_suppt;
530         if (sens->assert_states & mask) {
531             return; /* Already asserted */
532         }
533         sens->assert_states |= mask & sens->assert_suppt;
534         if (sens->assert_enable & mask & sens->assert_states) {
535             /* Send an event on assert */
536             gen_event(ibs, sensor, 0, evd1, evd2, evd3);
537         }
538     } else {
539         sens->states &= ~(mask & sens->states_suppt);
540         if (sens->deassert_states & mask) {
541             return; /* Already deasserted */
542         }
543         sens->deassert_states |= mask & sens->deassert_suppt;
544         if (sens->deassert_enable & mask & sens->deassert_states) {
545             /* Send an event on deassert */
546             gen_event(ibs, sensor, 1, evd1, evd2, evd3);
547         }
548     }
549 }
550 
551 static void ipmi_init_sensors_from_sdrs(IPMIBmcSim *s)
552 {
553     unsigned int i, pos;
554     IPMISensor *sens;
555 
556     for (i = 0; i < MAX_SENSORS; i++) {
557         memset(s->sensors + i, 0, sizeof(*sens));
558     }
559 
560     pos = 0;
561     for (i = 0; !sdr_find_entry(&s->sdr, i, &pos, NULL); i++) {
562         struct ipmi_sdr_compact *sdr =
563             (struct ipmi_sdr_compact *) &s->sdr.sdr[pos];
564         unsigned int len = sdr->header.rec_length;
565 
566         if (len < 20) {
567             continue;
568         }
569         if (sdr->header.rec_type != IPMI_SDR_COMPACT_TYPE) {
570             continue; /* Not a sensor SDR we set from */
571         }
572 
573         if (sdr->sensor_owner_number >= MAX_SENSORS) {
574             continue;
575         }
576         sens = s->sensors + sdr->sensor_owner_number;
577 
578         IPMI_SENSOR_SET_PRESENT(sens, 1);
579         IPMI_SENSOR_SET_SCAN_ON(sens, (sdr->sensor_init >> 6) & 1);
580         IPMI_SENSOR_SET_EVENTS_ON(sens, (sdr->sensor_init >> 5) & 1);
581         sens->assert_suppt = sdr->assert_mask[0] | (sdr->assert_mask[1] << 8);
582         sens->deassert_suppt =
583             sdr->deassert_mask[0] | (sdr->deassert_mask[1] << 8);
584         sens->states_suppt =
585             sdr->discrete_mask[0] | (sdr->discrete_mask[1] << 8);
586         sens->sensor_type = sdr->sensor_type;
587         sens->evt_reading_type_code = sdr->reading_type & 0x7f;
588 
589         /* Enable all the events that are supported. */
590         sens->assert_enable = sens->assert_suppt;
591         sens->deassert_enable = sens->deassert_suppt;
592     }
593 }
594 
595 int ipmi_sim_register_netfn(IPMIBmcSim *s, unsigned int netfn,
596                         const IPMINetfn *netfnd)
597 {
598     if ((netfn & 1) || (netfn >= MAX_NETFNS) || (s->netfns[netfn / 2])) {
599         return -1;
600     }
601     s->netfns[netfn / 2] = netfnd;
602     return 0;
603 }
604 
605 static const IPMICmdHandler *ipmi_get_handler(IPMIBmcSim *ibs,
606                                               unsigned int netfn,
607                                               unsigned int cmd)
608 {
609     const IPMICmdHandler *hdl;
610 
611     if (netfn & 1 || netfn >= MAX_NETFNS || !ibs->netfns[netfn / 2]) {
612         return NULL;
613     }
614 
615     if (cmd >= ibs->netfns[netfn / 2]->cmd_nums) {
616         return NULL;
617     }
618 
619     hdl = &ibs->netfns[netfn / 2]->cmd_handlers[cmd];
620     if (!hdl->cmd_handler) {
621         return NULL;
622     }
623 
624     return hdl;
625 }
626 
627 static void next_timeout(IPMIBmcSim *ibs)
628 {
629     int64_t next;
630     if (ibs->watchdog_running) {
631         next = ibs->watchdog_expiry;
632     } else {
633         /* Wait a minute */
634         next = ipmi_getmonotime() + 60 * 1000000000LL;
635     }
636     timer_mod_ns(ibs->timer, next);
637 }
638 
639 static void ipmi_sim_handle_command(IPMIBmc *b,
640                                     uint8_t *cmd, unsigned int cmd_len,
641                                     unsigned int max_cmd_len,
642                                     uint8_t msg_id)
643 {
644     IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b);
645     IPMIInterface *s = ibs->parent.intf;
646     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
647     const IPMICmdHandler *hdl;
648     RspBuffer rsp = RSP_BUFFER_INITIALIZER;
649 
650     /* Set up the response, set the low bit of NETFN. */
651     /* Note that max_rsp_len must be at least 3 */
652     if (sizeof(rsp.buffer) < 3) {
653         rsp_buffer_set_error(&rsp, IPMI_CC_REQUEST_DATA_TRUNCATED);
654         goto out;
655     }
656 
657     rsp_buffer_push(&rsp, cmd[0] | 0x04);
658     rsp_buffer_push(&rsp, cmd[1]);
659     rsp_buffer_push(&rsp, 0); /* Assume success */
660 
661     /* If it's too short or it was truncated, return an error. */
662     if (cmd_len < 2) {
663         rsp_buffer_set_error(&rsp, IPMI_CC_REQUEST_DATA_LENGTH_INVALID);
664         goto out;
665     }
666     if (cmd_len > max_cmd_len) {
667         rsp_buffer_set_error(&rsp, IPMI_CC_REQUEST_DATA_TRUNCATED);
668         goto out;
669     }
670 
671     if ((cmd[0] & 0x03) != 0) {
672         /* Only have stuff on LUN 0 */
673         rsp_buffer_set_error(&rsp, IPMI_CC_COMMAND_INVALID_FOR_LUN);
674         goto out;
675     }
676 
677     hdl = ipmi_get_handler(ibs, cmd[0] >> 2, cmd[1]);
678     if (!hdl) {
679         rsp_buffer_set_error(&rsp, IPMI_CC_INVALID_CMD);
680         goto out;
681     }
682 
683     if (cmd_len < hdl->cmd_len_min) {
684         rsp_buffer_set_error(&rsp, IPMI_CC_REQUEST_DATA_LENGTH_INVALID);
685         goto out;
686     }
687 
688     hdl->cmd_handler(ibs, cmd, cmd_len, &rsp);
689 
690  out:
691     k->handle_rsp(s, msg_id, rsp.buffer, rsp.len);
692 
693     next_timeout(ibs);
694 }
695 
696 static void ipmi_sim_handle_timeout(IPMIBmcSim *ibs)
697 {
698     IPMIInterface *s = ibs->parent.intf;
699     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
700 
701     if (!ibs->watchdog_running) {
702         goto out;
703     }
704 
705     if (!ibs->watchdog_preaction_ran) {
706         switch (IPMI_BMC_WATCHDOG_GET_PRE_ACTION(ibs)) {
707         case IPMI_BMC_WATCHDOG_PRE_NMI:
708             ibs->msg_flags |= IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK;
709             k->do_hw_op(s, IPMI_SEND_NMI, 0);
710             sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 8, 1,
711                                     0xc8, (2 << 4) | 0xf, 0xff);
712             break;
713 
714         case IPMI_BMC_WATCHDOG_PRE_MSG_INT:
715             ibs->msg_flags |= IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK;
716             k->set_atn(s, 1, attn_irq_enabled(ibs));
717             sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 8, 1,
718                                     0xc8, (3 << 4) | 0xf, 0xff);
719             break;
720 
721         default:
722             goto do_full_expiry;
723         }
724 
725         ibs->watchdog_preaction_ran = 1;
726         /* Issued the pretimeout, do the rest of the timeout now. */
727         ibs->watchdog_expiry = ipmi_getmonotime();
728         ibs->watchdog_expiry += ibs->watchdog_pretimeout * 1000000000LL;
729         goto out;
730     }
731 
732  do_full_expiry:
733     ibs->watchdog_running = 0; /* Stop the watchdog on a timeout */
734     ibs->watchdog_expired |= (1 << IPMI_BMC_WATCHDOG_GET_USE(ibs));
735     switch (IPMI_BMC_WATCHDOG_GET_ACTION(ibs)) {
736     case IPMI_BMC_WATCHDOG_ACTION_NONE:
737         sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 0, 1,
738                                 0xc0, ibs->watchdog_use & 0xf, 0xff);
739         break;
740 
741     case IPMI_BMC_WATCHDOG_ACTION_RESET:
742         sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 1, 1,
743                                 0xc1, ibs->watchdog_use & 0xf, 0xff);
744         k->do_hw_op(s, IPMI_RESET_CHASSIS, 0);
745         break;
746 
747     case IPMI_BMC_WATCHDOG_ACTION_POWER_DOWN:
748         sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 2, 1,
749                                 0xc2, ibs->watchdog_use & 0xf, 0xff);
750         k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0);
751         break;
752 
753     case IPMI_BMC_WATCHDOG_ACTION_POWER_CYCLE:
754         sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 2, 1,
755                                 0xc3, ibs->watchdog_use & 0xf, 0xff);
756         k->do_hw_op(s, IPMI_POWERCYCLE_CHASSIS, 0);
757         break;
758     }
759 
760  out:
761     next_timeout(ibs);
762 }
763 
764 static void chassis_capabilities(IPMIBmcSim *ibs,
765                                  uint8_t *cmd, unsigned int cmd_len,
766                                  RspBuffer *rsp)
767 {
768     rsp_buffer_push(rsp, 0);
769     rsp_buffer_push(rsp, ibs->parent.slave_addr);
770     rsp_buffer_push(rsp, ibs->parent.slave_addr);
771     rsp_buffer_push(rsp, ibs->parent.slave_addr);
772     rsp_buffer_push(rsp, ibs->parent.slave_addr);
773 }
774 
775 static void chassis_status(IPMIBmcSim *ibs,
776                            uint8_t *cmd, unsigned int cmd_len,
777                            RspBuffer *rsp)
778 {
779     rsp_buffer_push(rsp, 0x61); /* Unknown power restore, power is on */
780     rsp_buffer_push(rsp, 0);
781     rsp_buffer_push(rsp, 0);
782     rsp_buffer_push(rsp, 0);
783 }
784 
785 static void chassis_control(IPMIBmcSim *ibs,
786                             uint8_t *cmd, unsigned int cmd_len,
787                             RspBuffer *rsp)
788 {
789     IPMIInterface *s = ibs->parent.intf;
790     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
791 
792     switch (cmd[2] & 0xf) {
793     case 0: /* power down */
794         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0));
795         break;
796     case 1: /* power up */
797         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWERON_CHASSIS, 0));
798         break;
799     case 2: /* power cycle */
800         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWERCYCLE_CHASSIS, 0));
801         break;
802     case 3: /* hard reset */
803         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_RESET_CHASSIS, 0));
804         break;
805     case 4: /* pulse diagnostic interrupt */
806         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_PULSE_DIAG_IRQ, 0));
807         break;
808     case 5: /* soft shutdown via ACPI by overtemp emulation */
809         rsp_buffer_set_error(rsp, k->do_hw_op(s,
810                                           IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 0));
811         break;
812     default:
813         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
814         return;
815     }
816 }
817 
818 static void chassis_get_sys_restart_cause(IPMIBmcSim *ibs,
819                            uint8_t *cmd, unsigned int cmd_len,
820                            RspBuffer *rsp)
821 
822 {
823     rsp_buffer_push(rsp, ibs->restart_cause & 0xf); /* Restart Cause */
824     rsp_buffer_push(rsp, 0);  /* Channel 0 */
825 }
826 
827 static void get_device_id(IPMIBmcSim *ibs,
828                           uint8_t *cmd, unsigned int cmd_len,
829                           RspBuffer *rsp)
830 {
831     rsp_buffer_push(rsp, ibs->device_id);
832     rsp_buffer_push(rsp, ibs->device_rev & 0xf);
833     rsp_buffer_push(rsp, ibs->fwrev1 & 0x7f);
834     rsp_buffer_push(rsp, ibs->fwrev2);
835     rsp_buffer_push(rsp, ibs->ipmi_version);
836     rsp_buffer_push(rsp, 0x07); /* sensor, SDR, and SEL. */
837     rsp_buffer_push(rsp, ibs->mfg_id & 0xff);
838     rsp_buffer_push(rsp, (ibs->mfg_id >> 8) & 0xff);
839     rsp_buffer_push(rsp, (ibs->mfg_id >> 16) & 0xff);
840     rsp_buffer_push(rsp, ibs->product_id & 0xff);
841     rsp_buffer_push(rsp, (ibs->product_id >> 8) & 0xff);
842 }
843 
844 static void set_global_enables(IPMIBmcSim *ibs, uint8_t val)
845 {
846     IPMIInterface *s = ibs->parent.intf;
847     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
848     bool irqs_on;
849 
850     ibs->bmc_global_enables = val;
851 
852     irqs_on = val & (IPMI_BMC_EVBUF_FULL_INT_BIT |
853                      IPMI_BMC_RCV_MSG_QUEUE_INT_BIT);
854 
855     k->set_irq_enable(s, irqs_on);
856 }
857 
858 static void cold_reset(IPMIBmcSim *ibs,
859                        uint8_t *cmd, unsigned int cmd_len,
860                        RspBuffer *rsp)
861 {
862     IPMIInterface *s = ibs->parent.intf;
863     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
864 
865     /* Disable all interrupts */
866     set_global_enables(ibs, 1 << IPMI_BMC_EVENT_LOG_BIT);
867 
868     if (k->reset) {
869         k->reset(s, true);
870     }
871 }
872 
873 static void warm_reset(IPMIBmcSim *ibs,
874                        uint8_t *cmd, unsigned int cmd_len,
875                        RspBuffer *rsp)
876 {
877     IPMIInterface *s = ibs->parent.intf;
878     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
879 
880     if (k->reset) {
881         k->reset(s, false);
882     }
883 }
884 static void set_acpi_power_state(IPMIBmcSim *ibs,
885                                  uint8_t *cmd, unsigned int cmd_len,
886                                  RspBuffer *rsp)
887 {
888     ibs->acpi_power_state[0] = cmd[2];
889     ibs->acpi_power_state[1] = cmd[3];
890 }
891 
892 static void get_acpi_power_state(IPMIBmcSim *ibs,
893                                  uint8_t *cmd, unsigned int cmd_len,
894                                  RspBuffer *rsp)
895 {
896     rsp_buffer_push(rsp, ibs->acpi_power_state[0]);
897     rsp_buffer_push(rsp, ibs->acpi_power_state[1]);
898 }
899 
900 static void get_device_guid(IPMIBmcSim *ibs,
901                             uint8_t *cmd, unsigned int cmd_len,
902                             RspBuffer *rsp)
903 {
904     unsigned int i;
905 
906     /* An uninitialized uuid is all zeros, use that to know if it is set. */
907     for (i = 0; i < 16; i++) {
908         if (ibs->uuid.data[i]) {
909             goto uuid_set;
910         }
911     }
912     /* No uuid is set, return an error. */
913     rsp_buffer_set_error(rsp, IPMI_CC_INVALID_CMD);
914     return;
915 
916  uuid_set:
917     for (i = 0; i < 16; i++) {
918         rsp_buffer_push(rsp, ibs->uuid.data[i]);
919     }
920 }
921 
922 static void set_bmc_global_enables(IPMIBmcSim *ibs,
923                                    uint8_t *cmd, unsigned int cmd_len,
924                                    RspBuffer *rsp)
925 {
926     set_global_enables(ibs, cmd[2]);
927 }
928 
929 static void get_bmc_global_enables(IPMIBmcSim *ibs,
930                                    uint8_t *cmd, unsigned int cmd_len,
931                                    RspBuffer *rsp)
932 {
933     rsp_buffer_push(rsp, ibs->bmc_global_enables);
934 }
935 
936 static void clr_msg_flags(IPMIBmcSim *ibs,
937                           uint8_t *cmd, unsigned int cmd_len,
938                           RspBuffer *rsp)
939 {
940     IPMIInterface *s = ibs->parent.intf;
941     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
942 
943     ibs->msg_flags &= ~cmd[2];
944     k->set_atn(s, attn_set(ibs), attn_irq_enabled(ibs));
945 }
946 
947 static void get_msg_flags(IPMIBmcSim *ibs,
948                           uint8_t *cmd, unsigned int cmd_len,
949                           RspBuffer *rsp)
950 {
951     rsp_buffer_push(rsp, ibs->msg_flags);
952 }
953 
954 static void read_evt_msg_buf(IPMIBmcSim *ibs,
955                              uint8_t *cmd, unsigned int cmd_len,
956                              RspBuffer *rsp)
957 {
958     IPMIInterface *s = ibs->parent.intf;
959     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
960     unsigned int i;
961 
962     if (!(ibs->msg_flags & IPMI_BMC_MSG_FLAG_EVT_BUF_FULL)) {
963         rsp_buffer_set_error(rsp, 0x80);
964         return;
965     }
966     for (i = 0; i < 16; i++) {
967         rsp_buffer_push(rsp, ibs->evtbuf[i]);
968     }
969     ibs->msg_flags &= ~IPMI_BMC_MSG_FLAG_EVT_BUF_FULL;
970     k->set_atn(s, attn_set(ibs), attn_irq_enabled(ibs));
971 }
972 
973 static void get_msg(IPMIBmcSim *ibs,
974                     uint8_t *cmd, unsigned int cmd_len,
975                     RspBuffer *rsp)
976 {
977     IPMIRcvBufEntry *msg;
978 
979     if (QTAILQ_EMPTY(&ibs->rcvbufs)) {
980         rsp_buffer_set_error(rsp, 0x80); /* Queue empty */
981         goto out;
982     }
983     rsp_buffer_push(rsp, 0); /* Channel 0 */
984     msg = QTAILQ_FIRST(&ibs->rcvbufs);
985     rsp_buffer_pushmore(rsp, msg->buf, msg->len);
986     QTAILQ_REMOVE(&ibs->rcvbufs, msg, entry);
987     g_free(msg);
988 
989     if (QTAILQ_EMPTY(&ibs->rcvbufs)) {
990         IPMIInterface *s = ibs->parent.intf;
991         IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
992 
993         ibs->msg_flags &= ~IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE;
994         k->set_atn(s, attn_set(ibs), attn_irq_enabled(ibs));
995     }
996 
997 out:
998     return;
999 }
1000 
1001 static unsigned char
1002 ipmb_checksum(unsigned char *data, int size, unsigned char csum)
1003 {
1004     for (; size > 0; size--, data++) {
1005             csum += *data;
1006     }
1007 
1008     return -csum;
1009 }
1010 
1011 static void send_msg(IPMIBmcSim *ibs,
1012                      uint8_t *cmd, unsigned int cmd_len,
1013                      RspBuffer *rsp)
1014 {
1015     IPMIInterface *s = ibs->parent.intf;
1016     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
1017     IPMIRcvBufEntry *msg;
1018     uint8_t *buf;
1019     uint8_t netfn, rqLun, rsLun, rqSeq;
1020 
1021     if (cmd[2] != 0) {
1022         /* We only handle channel 0 with no options */
1023         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1024         return;
1025     }
1026 
1027     if (cmd_len < 10) {
1028         rsp_buffer_set_error(rsp, IPMI_CC_REQUEST_DATA_LENGTH_INVALID);
1029         return;
1030     }
1031 
1032     if (cmd[3] != 0x40) {
1033         /* We only emulate a MC at address 0x40. */
1034         rsp_buffer_set_error(rsp, 0x83); /* NAK on write */
1035         return;
1036     }
1037 
1038     cmd += 3; /* Skip the header. */
1039     cmd_len -= 3;
1040 
1041     /*
1042      * At this point we "send" the message successfully.  Any error will
1043      * be returned in the response.
1044      */
1045     if (ipmb_checksum(cmd, cmd_len, 0) != 0 ||
1046         cmd[3] != 0x20) { /* Improper response address */
1047         return; /* No response */
1048     }
1049 
1050     netfn = cmd[1] >> 2;
1051     rqLun = cmd[4] & 0x3;
1052     rsLun = cmd[1] & 0x3;
1053     rqSeq = cmd[4] >> 2;
1054 
1055     if (rqLun != 2) {
1056         /* We only support LUN 2 coming back to us. */
1057         return;
1058     }
1059 
1060     msg = g_malloc(sizeof(*msg));
1061     msg->buf[0] = ((netfn | 1) << 2) | rqLun; /* NetFN, and make a response */
1062     msg->buf[1] = ipmb_checksum(msg->buf, 1, 0);
1063     msg->buf[2] = cmd[0]; /* rsSA */
1064     msg->buf[3] = (rqSeq << 2) | rsLun;
1065     msg->buf[4] = cmd[5]; /* Cmd */
1066     msg->buf[5] = 0; /* Completion Code */
1067     msg->len = 6;
1068 
1069     if ((cmd[1] >> 2) != IPMI_NETFN_APP || cmd[5] != IPMI_CMD_GET_DEVICE_ID) {
1070         /* Not a command we handle. */
1071         msg->buf[5] = IPMI_CC_INVALID_CMD;
1072         goto end_msg;
1073     }
1074 
1075     buf = msg->buf + msg->len; /* After the CC */
1076     buf[0] = 0;
1077     buf[1] = 0;
1078     buf[2] = 0;
1079     buf[3] = 0;
1080     buf[4] = 0x51;
1081     buf[5] = 0;
1082     buf[6] = 0;
1083     buf[7] = 0;
1084     buf[8] = 0;
1085     buf[9] = 0;
1086     buf[10] = 0;
1087     msg->len += 11;
1088 
1089  end_msg:
1090     msg->buf[msg->len] = ipmb_checksum(msg->buf, msg->len, 0);
1091     msg->len++;
1092     QTAILQ_INSERT_TAIL(&ibs->rcvbufs, msg, entry);
1093     ibs->msg_flags |= IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE;
1094     k->set_atn(s, 1, attn_irq_enabled(ibs));
1095 }
1096 
1097 static void do_watchdog_reset(IPMIBmcSim *ibs)
1098 {
1099     if (IPMI_BMC_WATCHDOG_GET_ACTION(ibs) ==
1100         IPMI_BMC_WATCHDOG_ACTION_NONE) {
1101         ibs->watchdog_running = 0;
1102         return;
1103     }
1104     ibs->watchdog_preaction_ran = 0;
1105 
1106 
1107     /* Timeout is in tenths of a second, offset is in seconds */
1108     ibs->watchdog_expiry = ipmi_getmonotime();
1109     ibs->watchdog_expiry += ibs->watchdog_timeout * 100000000LL;
1110     if (IPMI_BMC_WATCHDOG_GET_PRE_ACTION(ibs) != IPMI_BMC_WATCHDOG_PRE_NONE) {
1111         ibs->watchdog_expiry -= ibs->watchdog_pretimeout * 1000000000LL;
1112     }
1113     ibs->watchdog_running = 1;
1114 }
1115 
1116 static void reset_watchdog_timer(IPMIBmcSim *ibs,
1117                                  uint8_t *cmd, unsigned int cmd_len,
1118                                  RspBuffer *rsp)
1119 {
1120     if (!ibs->watchdog_initialized) {
1121         rsp_buffer_set_error(rsp, 0x80);
1122         return;
1123     }
1124     do_watchdog_reset(ibs);
1125 }
1126 
1127 static void set_watchdog_timer(IPMIBmcSim *ibs,
1128                                uint8_t *cmd, unsigned int cmd_len,
1129                                RspBuffer *rsp)
1130 {
1131     IPMIInterface *s = ibs->parent.intf;
1132     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
1133     unsigned int val;
1134 
1135     val = cmd[2] & 0x7; /* Validate use */
1136     if (val == 0 || val > 5) {
1137         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1138         return;
1139     }
1140     val = cmd[3] & 0x7; /* Validate action */
1141     switch (val) {
1142     case IPMI_BMC_WATCHDOG_ACTION_NONE:
1143         break;
1144 
1145     case IPMI_BMC_WATCHDOG_ACTION_RESET:
1146         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_RESET_CHASSIS, 1));
1147         break;
1148 
1149     case IPMI_BMC_WATCHDOG_ACTION_POWER_DOWN:
1150         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 1));
1151         break;
1152 
1153     case IPMI_BMC_WATCHDOG_ACTION_POWER_CYCLE:
1154         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWERCYCLE_CHASSIS, 1));
1155         break;
1156 
1157     default:
1158         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1159     }
1160     if (rsp->buffer[2]) {
1161         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1162         return;
1163     }
1164 
1165     val = (cmd[3] >> 4) & 0x7; /* Validate preaction */
1166     switch (val) {
1167     case IPMI_BMC_WATCHDOG_PRE_MSG_INT:
1168     case IPMI_BMC_WATCHDOG_PRE_NONE:
1169         break;
1170 
1171     case IPMI_BMC_WATCHDOG_PRE_NMI:
1172         if (k->do_hw_op(s, IPMI_SEND_NMI, 1)) {
1173             /* NMI not supported. */
1174             rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1175             return;
1176         }
1177         break;
1178 
1179     default:
1180         /* We don't support PRE_SMI */
1181         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1182         return;
1183     }
1184 
1185     ibs->watchdog_initialized = 1;
1186     ibs->watchdog_use = cmd[2] & IPMI_BMC_WATCHDOG_USE_MASK;
1187     ibs->watchdog_action = cmd[3] & IPMI_BMC_WATCHDOG_ACTION_MASK;
1188     ibs->watchdog_pretimeout = cmd[4];
1189     ibs->watchdog_expired &= ~cmd[5];
1190     ibs->watchdog_timeout = cmd[6] | (((uint16_t) cmd[7]) << 8);
1191     if (ibs->watchdog_running & IPMI_BMC_WATCHDOG_GET_DONT_STOP(ibs)) {
1192         do_watchdog_reset(ibs);
1193     } else {
1194         ibs->watchdog_running = 0;
1195     }
1196 }
1197 
1198 static void get_watchdog_timer(IPMIBmcSim *ibs,
1199                                uint8_t *cmd, unsigned int cmd_len,
1200                                RspBuffer *rsp)
1201 {
1202     rsp_buffer_push(rsp, ibs->watchdog_use);
1203     rsp_buffer_push(rsp, ibs->watchdog_action);
1204     rsp_buffer_push(rsp, ibs->watchdog_pretimeout);
1205     rsp_buffer_push(rsp, ibs->watchdog_expired);
1206     rsp_buffer_push(rsp, ibs->watchdog_timeout & 0xff);
1207     rsp_buffer_push(rsp, (ibs->watchdog_timeout >> 8) & 0xff);
1208     if (ibs->watchdog_running) {
1209         long timeout;
1210         timeout = ((ibs->watchdog_expiry - ipmi_getmonotime() + 50000000)
1211                    / 100000000);
1212         rsp_buffer_push(rsp, timeout & 0xff);
1213         rsp_buffer_push(rsp, (timeout >> 8) & 0xff);
1214     } else {
1215         rsp_buffer_push(rsp, 0);
1216         rsp_buffer_push(rsp, 0);
1217     }
1218 }
1219 
1220 static void get_sdr_rep_info(IPMIBmcSim *ibs,
1221                              uint8_t *cmd, unsigned int cmd_len,
1222                              RspBuffer *rsp)
1223 {
1224     unsigned int i;
1225 
1226     rsp_buffer_push(rsp, 0x51); /* Conform to IPMI 1.5 spec */
1227     rsp_buffer_push(rsp, ibs->sdr.next_rec_id & 0xff);
1228     rsp_buffer_push(rsp, (ibs->sdr.next_rec_id >> 8) & 0xff);
1229     rsp_buffer_push(rsp, (MAX_SDR_SIZE - ibs->sdr.next_free) & 0xff);
1230     rsp_buffer_push(rsp, ((MAX_SDR_SIZE - ibs->sdr.next_free) >> 8) & 0xff);
1231     for (i = 0; i < 4; i++) {
1232         rsp_buffer_push(rsp, ibs->sdr.last_addition[i]);
1233     }
1234     for (i = 0; i < 4; i++) {
1235         rsp_buffer_push(rsp, ibs->sdr.last_clear[i]);
1236     }
1237     /* Only modal support, reserve supported */
1238     rsp_buffer_push(rsp, (ibs->sdr.overflow << 7) | 0x22);
1239 }
1240 
1241 static void reserve_sdr_rep(IPMIBmcSim *ibs,
1242                             uint8_t *cmd, unsigned int cmd_len,
1243                             RspBuffer *rsp)
1244 {
1245     rsp_buffer_push(rsp, ibs->sdr.reservation & 0xff);
1246     rsp_buffer_push(rsp, (ibs->sdr.reservation >> 8) & 0xff);
1247 }
1248 
1249 static void get_sdr(IPMIBmcSim *ibs,
1250                     uint8_t *cmd, unsigned int cmd_len,
1251                     RspBuffer *rsp)
1252 {
1253     unsigned int pos;
1254     uint16_t nextrec;
1255     struct ipmi_sdr_header *sdrh;
1256 
1257     if (cmd[6]) {
1258         if ((cmd[2] | (cmd[3] << 8)) != ibs->sdr.reservation) {
1259             rsp_buffer_set_error(rsp, IPMI_CC_INVALID_RESERVATION);
1260             return;
1261         }
1262     }
1263 
1264     pos = 0;
1265     if (sdr_find_entry(&ibs->sdr, cmd[4] | (cmd[5] << 8),
1266                        &pos, &nextrec)) {
1267         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1268         return;
1269     }
1270 
1271     sdrh = (struct ipmi_sdr_header *) &ibs->sdr.sdr[pos];
1272 
1273     if (cmd[6] > ipmi_sdr_length(sdrh)) {
1274         rsp_buffer_set_error(rsp, IPMI_CC_PARM_OUT_OF_RANGE);
1275         return;
1276     }
1277 
1278     rsp_buffer_push(rsp, nextrec & 0xff);
1279     rsp_buffer_push(rsp, (nextrec >> 8) & 0xff);
1280 
1281     if (cmd[7] == 0xff) {
1282         cmd[7] = ipmi_sdr_length(sdrh) - cmd[6];
1283     }
1284 
1285     if ((cmd[7] + rsp->len) > sizeof(rsp->buffer)) {
1286         rsp_buffer_set_error(rsp, IPMI_CC_CANNOT_RETURN_REQ_NUM_BYTES);
1287         return;
1288     }
1289 
1290     rsp_buffer_pushmore(rsp, ibs->sdr.sdr + pos + cmd[6], cmd[7]);
1291 }
1292 
1293 static void add_sdr(IPMIBmcSim *ibs,
1294                     uint8_t *cmd, unsigned int cmd_len,
1295                     RspBuffer *rsp)
1296 {
1297     uint16_t recid;
1298     struct ipmi_sdr_header *sdrh = (struct ipmi_sdr_header *) cmd + 2;
1299 
1300     if (sdr_add_entry(ibs, sdrh, cmd_len - 2, &recid)) {
1301         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1302         return;
1303     }
1304     rsp_buffer_push(rsp, recid & 0xff);
1305     rsp_buffer_push(rsp, (recid >> 8) & 0xff);
1306 }
1307 
1308 static void clear_sdr_rep(IPMIBmcSim *ibs,
1309                           uint8_t *cmd, unsigned int cmd_len,
1310                           RspBuffer *rsp)
1311 {
1312     if ((cmd[2] | (cmd[3] << 8)) != ibs->sdr.reservation) {
1313         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_RESERVATION);
1314         return;
1315     }
1316 
1317     if (cmd[4] != 'C' || cmd[5] != 'L' || cmd[6] != 'R') {
1318         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1319         return;
1320     }
1321     if (cmd[7] == 0xaa) {
1322         ibs->sdr.next_free = 0;
1323         ibs->sdr.overflow = 0;
1324         set_timestamp(ibs, ibs->sdr.last_clear);
1325         rsp_buffer_push(rsp, 1); /* Erasure complete */
1326         sdr_inc_reservation(&ibs->sdr);
1327     } else if (cmd[7] == 0) {
1328         rsp_buffer_push(rsp, 1); /* Erasure complete */
1329     } else {
1330         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1331         return;
1332     }
1333 }
1334 
1335 static void get_sel_info(IPMIBmcSim *ibs,
1336                          uint8_t *cmd, unsigned int cmd_len,
1337                          RspBuffer *rsp)
1338 {
1339     unsigned int i, val;
1340 
1341     rsp_buffer_push(rsp, 0x51); /* Conform to IPMI 1.5 */
1342     rsp_buffer_push(rsp, ibs->sel.next_free & 0xff);
1343     rsp_buffer_push(rsp, (ibs->sel.next_free >> 8) & 0xff);
1344     val = (MAX_SEL_SIZE - ibs->sel.next_free) * 16;
1345     rsp_buffer_push(rsp, val & 0xff);
1346     rsp_buffer_push(rsp, (val >> 8) & 0xff);
1347     for (i = 0; i < 4; i++) {
1348         rsp_buffer_push(rsp, ibs->sel.last_addition[i]);
1349     }
1350     for (i = 0; i < 4; i++) {
1351         rsp_buffer_push(rsp, ibs->sel.last_clear[i]);
1352     }
1353     /* Only support Reserve SEL */
1354     rsp_buffer_push(rsp, (ibs->sel.overflow << 7) | 0x02);
1355 }
1356 
1357 static void get_fru_area_info(IPMIBmcSim *ibs,
1358                          uint8_t *cmd, unsigned int cmd_len,
1359                          RspBuffer *rsp)
1360 {
1361     uint8_t fruid;
1362     uint16_t fru_entry_size;
1363 
1364     fruid = cmd[2];
1365 
1366     if (fruid >= ibs->fru.nentries) {
1367         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1368         return;
1369     }
1370 
1371     fru_entry_size = ibs->fru.areasize;
1372 
1373     rsp_buffer_push(rsp, fru_entry_size & 0xff);
1374     rsp_buffer_push(rsp, fru_entry_size >> 8 & 0xff);
1375     rsp_buffer_push(rsp, 0x0);
1376 }
1377 
1378 static void read_fru_data(IPMIBmcSim *ibs,
1379                          uint8_t *cmd, unsigned int cmd_len,
1380                          RspBuffer *rsp)
1381 {
1382     uint8_t fruid;
1383     uint16_t offset;
1384     int i;
1385     uint8_t *fru_entry;
1386     unsigned int count;
1387 
1388     fruid = cmd[2];
1389     offset = (cmd[3] | cmd[4] << 8);
1390 
1391     if (fruid >= ibs->fru.nentries) {
1392         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1393         return;
1394     }
1395 
1396     if (offset >= ibs->fru.areasize - 1) {
1397         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1398         return;
1399     }
1400 
1401     fru_entry = &ibs->fru.data[fruid * ibs->fru.areasize];
1402 
1403     count = MIN(cmd[5], ibs->fru.areasize - offset);
1404 
1405     rsp_buffer_push(rsp, count & 0xff);
1406     for (i = 0; i < count; i++) {
1407         rsp_buffer_push(rsp, fru_entry[offset + i]);
1408     }
1409 }
1410 
1411 static void write_fru_data(IPMIBmcSim *ibs,
1412                          uint8_t *cmd, unsigned int cmd_len,
1413                          RspBuffer *rsp)
1414 {
1415     uint8_t fruid;
1416     uint16_t offset;
1417     uint8_t *fru_entry;
1418     unsigned int count;
1419 
1420     fruid = cmd[2];
1421     offset = (cmd[3] | cmd[4] << 8);
1422 
1423     if (fruid >= ibs->fru.nentries) {
1424         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1425         return;
1426     }
1427 
1428     if (offset >= ibs->fru.areasize - 1) {
1429         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1430         return;
1431     }
1432 
1433     fru_entry = &ibs->fru.data[fruid * ibs->fru.areasize];
1434 
1435     count = MIN(cmd_len - 5, ibs->fru.areasize - offset);
1436 
1437     memcpy(fru_entry + offset, cmd + 5, count);
1438 
1439     rsp_buffer_push(rsp, count & 0xff);
1440 }
1441 
1442 static void reserve_sel(IPMIBmcSim *ibs,
1443                         uint8_t *cmd, unsigned int cmd_len,
1444                         RspBuffer *rsp)
1445 {
1446     rsp_buffer_push(rsp, ibs->sel.reservation & 0xff);
1447     rsp_buffer_push(rsp, (ibs->sel.reservation >> 8) & 0xff);
1448 }
1449 
1450 static void get_sel_entry(IPMIBmcSim *ibs,
1451                           uint8_t *cmd, unsigned int cmd_len,
1452                           RspBuffer *rsp)
1453 {
1454     unsigned int val;
1455 
1456     if (cmd[6]) {
1457         if ((cmd[2] | (cmd[3] << 8)) != ibs->sel.reservation) {
1458             rsp_buffer_set_error(rsp, IPMI_CC_INVALID_RESERVATION);
1459             return;
1460         }
1461     }
1462     if (ibs->sel.next_free == 0) {
1463         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1464         return;
1465     }
1466     if (cmd[6] > 15) {
1467         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1468         return;
1469     }
1470     if (cmd[7] == 0xff) {
1471         cmd[7] = 16;
1472     } else if ((cmd[7] + cmd[6]) > 16) {
1473         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1474         return;
1475     } else {
1476         cmd[7] += cmd[6];
1477     }
1478 
1479     val = cmd[4] | (cmd[5] << 8);
1480     if (val == 0xffff) {
1481         val = ibs->sel.next_free - 1;
1482     } else if (val >= ibs->sel.next_free) {
1483         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1484         return;
1485     }
1486     if ((val + 1) == ibs->sel.next_free) {
1487         rsp_buffer_push(rsp, 0xff);
1488         rsp_buffer_push(rsp, 0xff);
1489     } else {
1490         rsp_buffer_push(rsp, (val + 1) & 0xff);
1491         rsp_buffer_push(rsp, ((val + 1) >> 8) & 0xff);
1492     }
1493     for (; cmd[6] < cmd[7]; cmd[6]++) {
1494         rsp_buffer_push(rsp, ibs->sel.sel[val][cmd[6]]);
1495     }
1496 }
1497 
1498 static void add_sel_entry(IPMIBmcSim *ibs,
1499                           uint8_t *cmd, unsigned int cmd_len,
1500                           RspBuffer *rsp)
1501 {
1502     if (sel_add_event(ibs, cmd + 2)) {
1503         rsp_buffer_set_error(rsp, IPMI_CC_OUT_OF_SPACE);
1504         return;
1505     }
1506     /* sel_add_event fills in the record number. */
1507     rsp_buffer_push(rsp, cmd[2]);
1508     rsp_buffer_push(rsp, cmd[3]);
1509 }
1510 
1511 static void clear_sel(IPMIBmcSim *ibs,
1512                       uint8_t *cmd, unsigned int cmd_len,
1513                       RspBuffer *rsp)
1514 {
1515     if ((cmd[2] | (cmd[3] << 8)) != ibs->sel.reservation) {
1516         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_RESERVATION);
1517         return;
1518     }
1519 
1520     if (cmd[4] != 'C' || cmd[5] != 'L' || cmd[6] != 'R') {
1521         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1522         return;
1523     }
1524     if (cmd[7] == 0xaa) {
1525         ibs->sel.next_free = 0;
1526         ibs->sel.overflow = 0;
1527         set_timestamp(ibs, ibs->sdr.last_clear);
1528         rsp_buffer_push(rsp, 1); /* Erasure complete */
1529         sel_inc_reservation(&ibs->sel);
1530     } else if (cmd[7] == 0) {
1531         rsp_buffer_push(rsp, 1); /* Erasure complete */
1532     } else {
1533         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1534         return;
1535     }
1536 }
1537 
1538 static void get_sel_time(IPMIBmcSim *ibs,
1539                          uint8_t *cmd, unsigned int cmd_len,
1540                          RspBuffer *rsp)
1541 {
1542     uint32_t val;
1543     struct ipmi_time now;
1544 
1545     ipmi_gettime(&now);
1546     val = now.tv_sec + ibs->sel.time_offset;
1547     rsp_buffer_push(rsp, val & 0xff);
1548     rsp_buffer_push(rsp, (val >> 8) & 0xff);
1549     rsp_buffer_push(rsp, (val >> 16) & 0xff);
1550     rsp_buffer_push(rsp, (val >> 24) & 0xff);
1551 }
1552 
1553 static void set_sel_time(IPMIBmcSim *ibs,
1554                          uint8_t *cmd, unsigned int cmd_len,
1555                          RspBuffer *rsp)
1556 {
1557     uint32_t val;
1558     struct ipmi_time now;
1559 
1560     val = cmd[2] | (cmd[3] << 8) | (cmd[4] << 16) | (cmd[5] << 24);
1561     ipmi_gettime(&now);
1562     ibs->sel.time_offset = now.tv_sec - ((long) val);
1563 }
1564 
1565 static void platform_event_msg(IPMIBmcSim *ibs,
1566                                uint8_t *cmd, unsigned int cmd_len,
1567                                RspBuffer *rsp)
1568 {
1569     uint8_t event[16];
1570 
1571     event[2] = 2; /* System event record */
1572     event[7] = cmd[2]; /* Generator ID */
1573     event[8] = 0;
1574     event[9] = cmd[3]; /* EvMRev */
1575     event[10] = cmd[4]; /* Sensor type */
1576     event[11] = cmd[5]; /* Sensor number */
1577     event[12] = cmd[6]; /* Event dir / Event type */
1578     event[13] = cmd[7]; /* Event data 1 */
1579     event[14] = cmd[8]; /* Event data 2 */
1580     event[15] = cmd[9]; /* Event data 3 */
1581 
1582     if (sel_add_event(ibs, event)) {
1583         rsp_buffer_set_error(rsp, IPMI_CC_OUT_OF_SPACE);
1584     }
1585 }
1586 
1587 static void set_sensor_evt_enable(IPMIBmcSim *ibs,
1588                                   uint8_t *cmd, unsigned int cmd_len,
1589                                   RspBuffer *rsp)
1590 {
1591     IPMISensor *sens;
1592 
1593     if ((cmd[2] >= MAX_SENSORS) ||
1594             !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1595         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1596         return;
1597     }
1598     sens = ibs->sensors + cmd[2];
1599     switch ((cmd[3] >> 4) & 0x3) {
1600     case 0: /* Do not change */
1601         break;
1602     case 1: /* Enable bits */
1603         if (cmd_len > 4) {
1604             sens->assert_enable |= cmd[4];
1605         }
1606         if (cmd_len > 5) {
1607             sens->assert_enable |= cmd[5] << 8;
1608         }
1609         if (cmd_len > 6) {
1610             sens->deassert_enable |= cmd[6];
1611         }
1612         if (cmd_len > 7) {
1613             sens->deassert_enable |= cmd[7] << 8;
1614         }
1615         break;
1616     case 2: /* Disable bits */
1617         if (cmd_len > 4) {
1618             sens->assert_enable &= ~cmd[4];
1619         }
1620         if (cmd_len > 5) {
1621             sens->assert_enable &= ~(cmd[5] << 8);
1622         }
1623         if (cmd_len > 6) {
1624             sens->deassert_enable &= ~cmd[6];
1625         }
1626         if (cmd_len > 7) {
1627             sens->deassert_enable &= ~(cmd[7] << 8);
1628         }
1629         break;
1630     case 3:
1631         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1632         return;
1633     }
1634     IPMI_SENSOR_SET_RET_STATUS(sens, cmd[3]);
1635 }
1636 
1637 static void get_sensor_evt_enable(IPMIBmcSim *ibs,
1638                                   uint8_t *cmd, unsigned int cmd_len,
1639                                   RspBuffer *rsp)
1640 {
1641     IPMISensor *sens;
1642 
1643     if ((cmd[2] >= MAX_SENSORS) ||
1644         !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1645         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1646         return;
1647     }
1648     sens = ibs->sensors + cmd[2];
1649     rsp_buffer_push(rsp, IPMI_SENSOR_GET_RET_STATUS(sens));
1650     rsp_buffer_push(rsp, sens->assert_enable & 0xff);
1651     rsp_buffer_push(rsp, (sens->assert_enable >> 8) & 0xff);
1652     rsp_buffer_push(rsp, sens->deassert_enable & 0xff);
1653     rsp_buffer_push(rsp, (sens->deassert_enable >> 8) & 0xff);
1654 }
1655 
1656 static void rearm_sensor_evts(IPMIBmcSim *ibs,
1657                               uint8_t *cmd, unsigned int cmd_len,
1658                               RspBuffer *rsp)
1659 {
1660     IPMISensor *sens;
1661 
1662     if ((cmd[2] >= MAX_SENSORS) ||
1663         !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1664         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1665         return;
1666     }
1667     sens = ibs->sensors + cmd[2];
1668 
1669     if ((cmd[3] & 0x80) == 0) {
1670         /* Just clear everything */
1671         sens->states = 0;
1672         return;
1673     }
1674 }
1675 
1676 static void get_sensor_evt_status(IPMIBmcSim *ibs,
1677                                   uint8_t *cmd, unsigned int cmd_len,
1678                                   RspBuffer *rsp)
1679 {
1680     IPMISensor *sens;
1681 
1682     if ((cmd[2] >= MAX_SENSORS) ||
1683         !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1684         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1685         return;
1686     }
1687     sens = ibs->sensors + cmd[2];
1688     rsp_buffer_push(rsp, sens->reading);
1689     rsp_buffer_push(rsp, IPMI_SENSOR_GET_RET_STATUS(sens));
1690     rsp_buffer_push(rsp, sens->assert_states & 0xff);
1691     rsp_buffer_push(rsp, (sens->assert_states >> 8) & 0xff);
1692     rsp_buffer_push(rsp, sens->deassert_states & 0xff);
1693     rsp_buffer_push(rsp, (sens->deassert_states >> 8) & 0xff);
1694 }
1695 
1696 static void get_sensor_reading(IPMIBmcSim *ibs,
1697                                uint8_t *cmd, unsigned int cmd_len,
1698                                RspBuffer *rsp)
1699 {
1700     IPMISensor *sens;
1701 
1702     if ((cmd[2] >= MAX_SENSORS) ||
1703             !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1704         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1705         return;
1706     }
1707     sens = ibs->sensors + cmd[2];
1708     rsp_buffer_push(rsp, sens->reading);
1709     rsp_buffer_push(rsp, IPMI_SENSOR_GET_RET_STATUS(sens));
1710     rsp_buffer_push(rsp, sens->states & 0xff);
1711     if (IPMI_SENSOR_IS_DISCRETE(sens)) {
1712         rsp_buffer_push(rsp, (sens->states >> 8) & 0xff);
1713     }
1714 }
1715 
1716 static void set_sensor_type(IPMIBmcSim *ibs,
1717                             uint8_t *cmd, unsigned int cmd_len,
1718                             RspBuffer *rsp)
1719 {
1720     IPMISensor *sens;
1721 
1722 
1723     if ((cmd[2] >= MAX_SENSORS) ||
1724             !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1725         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1726         return;
1727     }
1728     sens = ibs->sensors + cmd[2];
1729     sens->sensor_type = cmd[3];
1730     sens->evt_reading_type_code = cmd[4] & 0x7f;
1731 }
1732 
1733 static void get_sensor_type(IPMIBmcSim *ibs,
1734                             uint8_t *cmd, unsigned int cmd_len,
1735                             RspBuffer *rsp)
1736 {
1737     IPMISensor *sens;
1738 
1739 
1740     if ((cmd[2] >= MAX_SENSORS) ||
1741             !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1742         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1743         return;
1744     }
1745     sens = ibs->sensors + cmd[2];
1746     rsp_buffer_push(rsp, sens->sensor_type);
1747     rsp_buffer_push(rsp, sens->evt_reading_type_code);
1748 }
1749 
1750 
1751 static const IPMICmdHandler chassis_cmds[] = {
1752     [IPMI_CMD_GET_CHASSIS_CAPABILITIES] = { chassis_capabilities },
1753     [IPMI_CMD_GET_CHASSIS_STATUS] = { chassis_status },
1754     [IPMI_CMD_CHASSIS_CONTROL] = { chassis_control, 3 },
1755     [IPMI_CMD_GET_SYS_RESTART_CAUSE] = { chassis_get_sys_restart_cause }
1756 };
1757 static const IPMINetfn chassis_netfn = {
1758     .cmd_nums = ARRAY_SIZE(chassis_cmds),
1759     .cmd_handlers = chassis_cmds
1760 };
1761 
1762 static const IPMICmdHandler sensor_event_cmds[] = {
1763     [IPMI_CMD_PLATFORM_EVENT_MSG] = { platform_event_msg, 10 },
1764     [IPMI_CMD_SET_SENSOR_EVT_ENABLE] = { set_sensor_evt_enable, 4 },
1765     [IPMI_CMD_GET_SENSOR_EVT_ENABLE] = { get_sensor_evt_enable, 3 },
1766     [IPMI_CMD_REARM_SENSOR_EVTS] = { rearm_sensor_evts, 4 },
1767     [IPMI_CMD_GET_SENSOR_EVT_STATUS] = { get_sensor_evt_status, 3 },
1768     [IPMI_CMD_GET_SENSOR_READING] = { get_sensor_reading, 3 },
1769     [IPMI_CMD_SET_SENSOR_TYPE] = { set_sensor_type, 5 },
1770     [IPMI_CMD_GET_SENSOR_TYPE] = { get_sensor_type, 3 },
1771 };
1772 static const IPMINetfn sensor_event_netfn = {
1773     .cmd_nums = ARRAY_SIZE(sensor_event_cmds),
1774     .cmd_handlers = sensor_event_cmds
1775 };
1776 
1777 static const IPMICmdHandler app_cmds[] = {
1778     [IPMI_CMD_GET_DEVICE_ID] = { get_device_id },
1779     [IPMI_CMD_COLD_RESET] = { cold_reset },
1780     [IPMI_CMD_WARM_RESET] = { warm_reset },
1781     [IPMI_CMD_SET_ACPI_POWER_STATE] = { set_acpi_power_state, 4 },
1782     [IPMI_CMD_GET_ACPI_POWER_STATE] = { get_acpi_power_state },
1783     [IPMI_CMD_GET_DEVICE_GUID] = { get_device_guid },
1784     [IPMI_CMD_SET_BMC_GLOBAL_ENABLES] = { set_bmc_global_enables, 3 },
1785     [IPMI_CMD_GET_BMC_GLOBAL_ENABLES] = { get_bmc_global_enables },
1786     [IPMI_CMD_CLR_MSG_FLAGS] = { clr_msg_flags, 3 },
1787     [IPMI_CMD_GET_MSG_FLAGS] = { get_msg_flags },
1788     [IPMI_CMD_GET_MSG] = { get_msg },
1789     [IPMI_CMD_SEND_MSG] = { send_msg, 3 },
1790     [IPMI_CMD_READ_EVT_MSG_BUF] = { read_evt_msg_buf },
1791     [IPMI_CMD_RESET_WATCHDOG_TIMER] = { reset_watchdog_timer },
1792     [IPMI_CMD_SET_WATCHDOG_TIMER] = { set_watchdog_timer, 8 },
1793     [IPMI_CMD_GET_WATCHDOG_TIMER] = { get_watchdog_timer },
1794 };
1795 static const IPMINetfn app_netfn = {
1796     .cmd_nums = ARRAY_SIZE(app_cmds),
1797     .cmd_handlers = app_cmds
1798 };
1799 
1800 static const IPMICmdHandler storage_cmds[] = {
1801     [IPMI_CMD_GET_FRU_AREA_INFO] = { get_fru_area_info, 3 },
1802     [IPMI_CMD_READ_FRU_DATA] = { read_fru_data, 5 },
1803     [IPMI_CMD_WRITE_FRU_DATA] = { write_fru_data, 5 },
1804     [IPMI_CMD_GET_SDR_REP_INFO] = { get_sdr_rep_info },
1805     [IPMI_CMD_RESERVE_SDR_REP] = { reserve_sdr_rep },
1806     [IPMI_CMD_GET_SDR] = { get_sdr, 8 },
1807     [IPMI_CMD_ADD_SDR] = { add_sdr },
1808     [IPMI_CMD_CLEAR_SDR_REP] = { clear_sdr_rep, 8 },
1809     [IPMI_CMD_GET_SEL_INFO] = { get_sel_info },
1810     [IPMI_CMD_RESERVE_SEL] = { reserve_sel },
1811     [IPMI_CMD_GET_SEL_ENTRY] = { get_sel_entry, 8 },
1812     [IPMI_CMD_ADD_SEL_ENTRY] = { add_sel_entry, 18 },
1813     [IPMI_CMD_CLEAR_SEL] = { clear_sel, 8 },
1814     [IPMI_CMD_GET_SEL_TIME] = { get_sel_time },
1815     [IPMI_CMD_SET_SEL_TIME] = { set_sel_time, 6 },
1816 };
1817 
1818 static const IPMINetfn storage_netfn = {
1819     .cmd_nums = ARRAY_SIZE(storage_cmds),
1820     .cmd_handlers = storage_cmds
1821 };
1822 
1823 static void register_cmds(IPMIBmcSim *s)
1824 {
1825     ipmi_sim_register_netfn(s, IPMI_NETFN_CHASSIS, &chassis_netfn);
1826     ipmi_sim_register_netfn(s, IPMI_NETFN_SENSOR_EVENT, &sensor_event_netfn);
1827     ipmi_sim_register_netfn(s, IPMI_NETFN_APP, &app_netfn);
1828     ipmi_sim_register_netfn(s, IPMI_NETFN_STORAGE, &storage_netfn);
1829 }
1830 
1831 static uint8_t init_sdrs[] = {
1832     /* Watchdog device */
1833     0x00, 0x00, 0x51, 0x02,   35, 0x20, 0x00, 0x00,
1834     0x23, 0x01, 0x63, 0x00, 0x23, 0x6f, 0x0f, 0x01,
1835     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1836     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc8,
1837     'W',  'a',  't',  'c',  'h',  'd',  'o',  'g',
1838 };
1839 
1840 static void ipmi_sdr_init(IPMIBmcSim *ibs)
1841 {
1842     unsigned int i;
1843     int len;
1844     size_t sdrs_size;
1845     uint8_t *sdrs;
1846 
1847     sdrs_size = sizeof(init_sdrs);
1848     sdrs = init_sdrs;
1849     if (ibs->sdr_filename &&
1850         !g_file_get_contents(ibs->sdr_filename, (gchar **) &sdrs, &sdrs_size,
1851                              NULL)) {
1852         error_report("failed to load sdr file '%s'", ibs->sdr_filename);
1853         sdrs_size = sizeof(init_sdrs);
1854         sdrs = init_sdrs;
1855     }
1856 
1857     for (i = 0; i < sdrs_size; i += len) {
1858         struct ipmi_sdr_header *sdrh;
1859 
1860         if (i + IPMI_SDR_HEADER_SIZE > sdrs_size) {
1861             error_report("Problem with recid 0x%4.4x", i);
1862             break;
1863         }
1864         sdrh = (struct ipmi_sdr_header *) &sdrs[i];
1865         len = ipmi_sdr_length(sdrh);
1866         if (i + len > sdrs_size) {
1867             error_report("Problem with recid 0x%4.4x", i);
1868             break;
1869         }
1870         sdr_add_entry(ibs, sdrh, len, NULL);
1871     }
1872 
1873     if (sdrs != init_sdrs) {
1874         g_free(sdrs);
1875     }
1876 }
1877 
1878 static const VMStateDescription vmstate_ipmi_sim = {
1879     .name = TYPE_IPMI_BMC_SIMULATOR,
1880     .version_id = 1,
1881     .minimum_version_id = 1,
1882     .fields      = (VMStateField[]) {
1883         VMSTATE_UINT8(bmc_global_enables, IPMIBmcSim),
1884         VMSTATE_UINT8(msg_flags, IPMIBmcSim),
1885         VMSTATE_BOOL(watchdog_initialized, IPMIBmcSim),
1886         VMSTATE_UINT8(watchdog_use, IPMIBmcSim),
1887         VMSTATE_UINT8(watchdog_action, IPMIBmcSim),
1888         VMSTATE_UINT8(watchdog_pretimeout, IPMIBmcSim),
1889         VMSTATE_BOOL(watchdog_expired, IPMIBmcSim),
1890         VMSTATE_UINT16(watchdog_timeout, IPMIBmcSim),
1891         VMSTATE_BOOL(watchdog_running, IPMIBmcSim),
1892         VMSTATE_BOOL(watchdog_preaction_ran, IPMIBmcSim),
1893         VMSTATE_INT64(watchdog_expiry, IPMIBmcSim),
1894         VMSTATE_UINT8_ARRAY(evtbuf, IPMIBmcSim, 16),
1895         VMSTATE_UINT8(sensors[IPMI_WATCHDOG_SENSOR].status, IPMIBmcSim),
1896         VMSTATE_UINT8(sensors[IPMI_WATCHDOG_SENSOR].reading, IPMIBmcSim),
1897         VMSTATE_UINT16(sensors[IPMI_WATCHDOG_SENSOR].states, IPMIBmcSim),
1898         VMSTATE_UINT16(sensors[IPMI_WATCHDOG_SENSOR].assert_states, IPMIBmcSim),
1899         VMSTATE_UINT16(sensors[IPMI_WATCHDOG_SENSOR].deassert_states,
1900                        IPMIBmcSim),
1901         VMSTATE_UINT16(sensors[IPMI_WATCHDOG_SENSOR].assert_enable, IPMIBmcSim),
1902         VMSTATE_END_OF_LIST()
1903     }
1904 };
1905 
1906 static void ipmi_fru_init(IPMIFru *fru)
1907 {
1908     int fsize;
1909     int size = 0;
1910 
1911     if (!fru->filename) {
1912         goto out;
1913     }
1914 
1915     fsize = get_image_size(fru->filename);
1916     if (fsize > 0) {
1917         size = QEMU_ALIGN_UP(fsize, fru->areasize);
1918         fru->data = g_malloc0(size);
1919         if (load_image_size(fru->filename, fru->data, fsize) != fsize) {
1920             error_report("Could not load file '%s'", fru->filename);
1921             g_free(fru->data);
1922             fru->data = NULL;
1923         }
1924     }
1925 
1926 out:
1927     if (!fru->data) {
1928         /* give one default FRU */
1929         size = fru->areasize;
1930         fru->data = g_malloc0(size);
1931     }
1932 
1933     fru->nentries = size / fru->areasize;
1934 }
1935 
1936 static void ipmi_sim_realize(DeviceState *dev, Error **errp)
1937 {
1938     IPMIBmc *b = IPMI_BMC(dev);
1939     unsigned int i;
1940     IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b);
1941 
1942     QTAILQ_INIT(&ibs->rcvbufs);
1943 
1944     ibs->bmc_global_enables = (1 << IPMI_BMC_EVENT_LOG_BIT);
1945     ibs->device_id = 0x20;
1946     ibs->ipmi_version = 0x02; /* IPMI 2.0 */
1947     ibs->restart_cause = 0;
1948     for (i = 0; i < 4; i++) {
1949         ibs->sel.last_addition[i] = 0xff;
1950         ibs->sel.last_clear[i] = 0xff;
1951         ibs->sdr.last_addition[i] = 0xff;
1952         ibs->sdr.last_clear[i] = 0xff;
1953     }
1954 
1955     ipmi_sdr_init(ibs);
1956 
1957     ipmi_fru_init(&ibs->fru);
1958 
1959     ibs->acpi_power_state[0] = 0;
1960     ibs->acpi_power_state[1] = 0;
1961 
1962     ipmi_init_sensors_from_sdrs(ibs);
1963     register_cmds(ibs);
1964 
1965     ibs->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ipmi_timeout, ibs);
1966 
1967     vmstate_register(NULL, 0, &vmstate_ipmi_sim, ibs);
1968 }
1969 
1970 static Property ipmi_sim_properties[] = {
1971     DEFINE_PROP_UINT16("fruareasize", IPMIBmcSim, fru.areasize, 1024),
1972     DEFINE_PROP_STRING("frudatafile", IPMIBmcSim, fru.filename),
1973     DEFINE_PROP_STRING("sdrfile", IPMIBmcSim, sdr_filename),
1974     DEFINE_PROP_UINT8("device_id", IPMIBmcSim, device_id, 0x20),
1975     DEFINE_PROP_UINT8("ipmi_version", IPMIBmcSim, ipmi_version, 0x02),
1976     DEFINE_PROP_UINT8("device_rev", IPMIBmcSim, device_rev, 0),
1977     DEFINE_PROP_UINT8("fwrev1", IPMIBmcSim, fwrev1, 0),
1978     DEFINE_PROP_UINT8("fwrev2", IPMIBmcSim, fwrev2, 0),
1979     DEFINE_PROP_UINT32("mfg_id", IPMIBmcSim, mfg_id, 0),
1980     DEFINE_PROP_UINT16("product_id", IPMIBmcSim, product_id, 0),
1981     DEFINE_PROP_UUID_NODEFAULT("guid", IPMIBmcSim, uuid),
1982     DEFINE_PROP_END_OF_LIST(),
1983 };
1984 
1985 static void ipmi_sim_class_init(ObjectClass *oc, void *data)
1986 {
1987     DeviceClass *dc = DEVICE_CLASS(oc);
1988     IPMIBmcClass *bk = IPMI_BMC_CLASS(oc);
1989 
1990     dc->hotpluggable = false;
1991     dc->realize = ipmi_sim_realize;
1992     device_class_set_props(dc, ipmi_sim_properties);
1993     bk->handle_command = ipmi_sim_handle_command;
1994 }
1995 
1996 static const TypeInfo ipmi_sim_type = {
1997     .name          = TYPE_IPMI_BMC_SIMULATOR,
1998     .parent        = TYPE_IPMI_BMC,
1999     .instance_size = sizeof(IPMIBmcSim),
2000     .class_init    = ipmi_sim_class_init,
2001 };
2002 
2003 static void ipmi_sim_register_types(void)
2004 {
2005     type_register_static(&ipmi_sim_type);
2006 }
2007 
2008 type_init(ipmi_sim_register_types)
2009