1 /* 2 * IPMI BMC external connection 3 * 4 * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 /* 26 * This is designed to connect with OpenIPMI's lanserv serial interface 27 * using the "VM" connection type. See that for details. 28 */ 29 30 #include "qemu/osdep.h" 31 #include "qemu/error-report.h" 32 #include "qemu/module.h" 33 #include "qapi/error.h" 34 #include "qemu/timer.h" 35 #include "chardev/char-fe.h" 36 #include "hw/ipmi/ipmi.h" 37 #include "hw/qdev-properties.h" 38 #include "hw/qdev-properties-system.h" 39 #include "migration/vmstate.h" 40 #include "qom/object.h" 41 42 #define VM_MSG_CHAR 0xA0 /* Marks end of message */ 43 #define VM_CMD_CHAR 0xA1 /* Marks end of a command */ 44 #define VM_ESCAPE_CHAR 0xAA /* Set bit 4 from the next byte to 0 */ 45 46 #define VM_PROTOCOL_VERSION 1 47 #define VM_CMD_VERSION 0xff /* A version number byte follows */ 48 #define VM_CMD_NOATTN 0x00 49 #define VM_CMD_ATTN 0x01 50 #define VM_CMD_ATTN_IRQ 0x02 51 #define VM_CMD_POWEROFF 0x03 52 #define VM_CMD_RESET 0x04 53 #define VM_CMD_ENABLE_IRQ 0x05 /* Enable/disable the messaging irq */ 54 #define VM_CMD_DISABLE_IRQ 0x06 55 #define VM_CMD_SEND_NMI 0x07 56 #define VM_CMD_CAPABILITIES 0x08 57 #define VM_CAPABILITIES_POWER 0x01 58 #define VM_CAPABILITIES_RESET 0x02 59 #define VM_CAPABILITIES_IRQ 0x04 60 #define VM_CAPABILITIES_NMI 0x08 61 #define VM_CAPABILITIES_ATTN 0x10 62 #define VM_CAPABILITIES_GRACEFUL_SHUTDOWN 0x20 63 #define VM_CMD_GRACEFUL_SHUTDOWN 0x09 64 65 #define TYPE_IPMI_BMC_EXTERN "ipmi-bmc-extern" 66 OBJECT_DECLARE_SIMPLE_TYPE(IPMIBmcExtern, IPMI_BMC_EXTERN) 67 struct IPMIBmcExtern { 68 IPMIBmc parent; 69 70 CharBackend chr; 71 72 bool connected; 73 74 unsigned char inbuf[MAX_IPMI_MSG_SIZE + 2]; 75 unsigned int inpos; 76 bool in_escape; 77 bool in_too_many; 78 bool waiting_rsp; 79 bool sending_cmd; 80 81 unsigned char outbuf[(MAX_IPMI_MSG_SIZE + 2) * 2 + 1]; 82 unsigned int outpos; 83 unsigned int outlen; 84 85 struct QEMUTimer *extern_timer; 86 87 /* A reset event is pending to be sent upstream. */ 88 bool send_reset; 89 }; 90 91 static unsigned char 92 ipmb_checksum(const unsigned char *data, int size, unsigned char start) 93 { 94 unsigned char csum = start; 95 96 for (; size > 0; size--, data++) { 97 csum += *data; 98 } 99 return csum; 100 } 101 102 static void continue_send(IPMIBmcExtern *ibe) 103 { 104 int ret; 105 if (ibe->outlen == 0) { 106 goto check_reset; 107 } 108 send: 109 ret = qemu_chr_fe_write(&ibe->chr, ibe->outbuf + ibe->outpos, 110 ibe->outlen - ibe->outpos); 111 if (ret > 0) { 112 ibe->outpos += ret; 113 } 114 if (ibe->outpos < ibe->outlen) { 115 /* Not fully transmitted, try again in a 10ms */ 116 timer_mod_ns(ibe->extern_timer, 117 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 10000000); 118 } else { 119 /* Sent */ 120 ibe->outlen = 0; 121 ibe->outpos = 0; 122 if (!ibe->sending_cmd) { 123 ibe->waiting_rsp = true; 124 } else { 125 ibe->sending_cmd = false; 126 } 127 check_reset: 128 if (ibe->connected && ibe->send_reset) { 129 /* Send the reset */ 130 ibe->outbuf[0] = VM_CMD_RESET; 131 ibe->outbuf[1] = VM_CMD_CHAR; 132 ibe->outlen = 2; 133 ibe->outpos = 0; 134 ibe->send_reset = false; 135 ibe->sending_cmd = true; 136 goto send; 137 } 138 139 if (ibe->waiting_rsp) { 140 /* Make sure we get a response within 4 seconds. */ 141 timer_mod_ns(ibe->extern_timer, 142 qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 4000000000ULL); 143 } 144 } 145 } 146 147 static void extern_timeout(void *opaque) 148 { 149 IPMIBmcExtern *ibe = opaque; 150 IPMIInterface *s = ibe->parent.intf; 151 152 if (ibe->connected) { 153 if (ibe->waiting_rsp && (ibe->outlen == 0)) { 154 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 155 /* The message response timed out, return an error. */ 156 ibe->waiting_rsp = false; 157 ibe->inbuf[1] = ibe->outbuf[1] | 0x04; 158 ibe->inbuf[2] = ibe->outbuf[2]; 159 ibe->inbuf[3] = IPMI_CC_TIMEOUT; 160 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3); 161 } else { 162 continue_send(ibe); 163 } 164 } 165 } 166 167 static void addchar(IPMIBmcExtern *ibe, unsigned char ch) 168 { 169 switch (ch) { 170 case VM_MSG_CHAR: 171 case VM_CMD_CHAR: 172 case VM_ESCAPE_CHAR: 173 ibe->outbuf[ibe->outlen] = VM_ESCAPE_CHAR; 174 ibe->outlen++; 175 ch |= 0x10; 176 /* fall through */ 177 default: 178 ibe->outbuf[ibe->outlen] = ch; 179 ibe->outlen++; 180 } 181 } 182 183 static void ipmi_bmc_extern_handle_command(IPMIBmc *b, 184 uint8_t *cmd, unsigned int cmd_len, 185 unsigned int max_cmd_len, 186 uint8_t msg_id) 187 { 188 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b); 189 IPMIInterface *s = ibe->parent.intf; 190 uint8_t err = 0, csum; 191 unsigned int i; 192 193 if (ibe->outlen) { 194 /* We already have a command queued. Shouldn't ever happen. */ 195 error_report("IPMI KCS: Got command when not finished with the" 196 " previous command"); 197 abort(); 198 } 199 200 /* If it's too short or it was truncated, return an error. */ 201 if (cmd_len < 2) { 202 err = IPMI_CC_REQUEST_DATA_LENGTH_INVALID; 203 } else if ((cmd_len > max_cmd_len) || (cmd_len > MAX_IPMI_MSG_SIZE)) { 204 err = IPMI_CC_REQUEST_DATA_TRUNCATED; 205 } else if (!ibe->connected) { 206 err = IPMI_CC_BMC_INIT_IN_PROGRESS; 207 } 208 if (err) { 209 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 210 unsigned char rsp[3]; 211 rsp[0] = cmd[0] | 0x04; 212 rsp[1] = cmd[1]; 213 rsp[2] = err; 214 ibe->waiting_rsp = false; 215 k->handle_rsp(s, msg_id, rsp, 3); 216 goto out; 217 } 218 219 addchar(ibe, msg_id); 220 for (i = 0; i < cmd_len; i++) { 221 addchar(ibe, cmd[i]); 222 } 223 csum = ipmb_checksum(&msg_id, 1, 0); 224 addchar(ibe, -ipmb_checksum(cmd, cmd_len, csum)); 225 226 ibe->outbuf[ibe->outlen] = VM_MSG_CHAR; 227 ibe->outlen++; 228 229 /* Start the transmit */ 230 continue_send(ibe); 231 232 out: 233 } 234 235 static void handle_hw_op(IPMIBmcExtern *ibe, unsigned char hw_op) 236 { 237 IPMIInterface *s = ibe->parent.intf; 238 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 239 240 switch (hw_op) { 241 case VM_CMD_VERSION: 242 /* We only support one version at this time. */ 243 break; 244 245 case VM_CMD_NOATTN: 246 k->set_atn(s, 0, 0); 247 break; 248 249 case VM_CMD_ATTN: 250 k->set_atn(s, 1, 0); 251 break; 252 253 case VM_CMD_ATTN_IRQ: 254 k->set_atn(s, 1, 1); 255 break; 256 257 case VM_CMD_POWEROFF: 258 k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0); 259 break; 260 261 case VM_CMD_RESET: 262 k->do_hw_op(s, IPMI_RESET_CHASSIS, 0); 263 break; 264 265 case VM_CMD_ENABLE_IRQ: 266 k->set_irq_enable(s, 1); 267 break; 268 269 case VM_CMD_DISABLE_IRQ: 270 k->set_irq_enable(s, 0); 271 break; 272 273 case VM_CMD_SEND_NMI: 274 k->do_hw_op(s, IPMI_SEND_NMI, 0); 275 break; 276 277 case VM_CMD_GRACEFUL_SHUTDOWN: 278 k->do_hw_op(s, IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 0); 279 break; 280 } 281 } 282 283 static void handle_msg(IPMIBmcExtern *ibe) 284 { 285 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(ibe->parent.intf); 286 287 if (ibe->in_escape) { 288 ipmi_debug("msg escape not ended\n"); 289 return; 290 } 291 if (ibe->inpos < 5) { 292 ipmi_debug("msg too short\n"); 293 return; 294 } 295 if (ibe->in_too_many) { 296 ibe->inbuf[3] = IPMI_CC_REQUEST_DATA_TRUNCATED; 297 ibe->inpos = 4; 298 } else if (ipmb_checksum(ibe->inbuf, ibe->inpos, 0) != 0) { 299 ipmi_debug("msg checksum failure\n"); 300 return; 301 } else { 302 ibe->inpos--; /* Remove checksum */ 303 } 304 305 timer_del(ibe->extern_timer); 306 ibe->waiting_rsp = false; 307 k->handle_rsp(ibe->parent.intf, ibe->inbuf[0], ibe->inbuf + 1, ibe->inpos - 1); 308 } 309 310 static int can_receive(void *opaque) 311 { 312 return 1; 313 } 314 315 static void receive(void *opaque, const uint8_t *buf, int size) 316 { 317 IPMIBmcExtern *ibe = opaque; 318 int i; 319 unsigned char hw_op; 320 321 for (i = 0; i < size; i++) { 322 unsigned char ch = buf[i]; 323 324 switch (ch) { 325 case VM_MSG_CHAR: 326 handle_msg(ibe); 327 ibe->in_too_many = false; 328 ibe->inpos = 0; 329 break; 330 331 case VM_CMD_CHAR: 332 if (ibe->in_too_many) { 333 ipmi_debug("cmd in too many\n"); 334 ibe->in_too_many = false; 335 ibe->inpos = 0; 336 break; 337 } 338 if (ibe->in_escape) { 339 ipmi_debug("cmd in escape\n"); 340 ibe->in_too_many = false; 341 ibe->inpos = 0; 342 ibe->in_escape = false; 343 break; 344 } 345 ibe->in_too_many = false; 346 if (ibe->inpos < 1) { 347 break; 348 } 349 hw_op = ibe->inbuf[0]; 350 ibe->inpos = 0; 351 goto out_hw_op; 352 break; 353 354 case VM_ESCAPE_CHAR: 355 ibe->in_escape = true; 356 break; 357 358 default: 359 if (ibe->in_escape) { 360 ch &= ~0x10; 361 ibe->in_escape = false; 362 } 363 if (ibe->in_too_many) { 364 break; 365 } 366 if (ibe->inpos >= sizeof(ibe->inbuf)) { 367 ibe->in_too_many = true; 368 break; 369 } 370 ibe->inbuf[ibe->inpos] = ch; 371 ibe->inpos++; 372 break; 373 } 374 } 375 return; 376 377 out_hw_op: 378 handle_hw_op(ibe, hw_op); 379 } 380 381 static void chr_event(void *opaque, QEMUChrEvent event) 382 { 383 IPMIBmcExtern *ibe = opaque; 384 IPMIInterface *s = ibe->parent.intf; 385 IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); 386 unsigned char v; 387 388 switch (event) { 389 case CHR_EVENT_OPENED: 390 ibe->connected = true; 391 ibe->outpos = 0; 392 ibe->outlen = 0; 393 addchar(ibe, VM_CMD_VERSION); 394 addchar(ibe, VM_PROTOCOL_VERSION); 395 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR; 396 ibe->outlen++; 397 addchar(ibe, VM_CMD_CAPABILITIES); 398 v = VM_CAPABILITIES_IRQ | VM_CAPABILITIES_ATTN; 399 if (k->do_hw_op(ibe->parent.intf, IPMI_POWEROFF_CHASSIS, 1) == 0) { 400 v |= VM_CAPABILITIES_POWER; 401 } 402 if (k->do_hw_op(ibe->parent.intf, IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 1) 403 == 0) { 404 v |= VM_CAPABILITIES_GRACEFUL_SHUTDOWN; 405 } 406 if (k->do_hw_op(ibe->parent.intf, IPMI_RESET_CHASSIS, 1) == 0) { 407 v |= VM_CAPABILITIES_RESET; 408 } 409 if (k->do_hw_op(ibe->parent.intf, IPMI_SEND_NMI, 1) == 0) { 410 v |= VM_CAPABILITIES_NMI; 411 } 412 addchar(ibe, v); 413 ibe->outbuf[ibe->outlen] = VM_CMD_CHAR; 414 ibe->outlen++; 415 ibe->sending_cmd = false; 416 continue_send(ibe); 417 break; 418 419 case CHR_EVENT_CLOSED: 420 if (!ibe->connected) { 421 return; 422 } 423 ibe->connected = false; 424 /* 425 * Don't hang the OS trying to handle the ATN bit, other end will 426 * resend on a reconnect. 427 */ 428 k->set_atn(s, 0, 0); 429 if (ibe->waiting_rsp) { 430 ibe->waiting_rsp = false; 431 ibe->inbuf[1] = ibe->outbuf[1] | 0x04; 432 ibe->inbuf[2] = ibe->outbuf[2]; 433 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS; 434 k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3); 435 } 436 break; 437 438 case CHR_EVENT_BREAK: 439 case CHR_EVENT_MUX_IN: 440 case CHR_EVENT_MUX_OUT: 441 /* Ignore */ 442 break; 443 } 444 } 445 446 static void ipmi_bmc_extern_handle_reset(IPMIBmc *b) 447 { 448 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b); 449 450 ibe->send_reset = true; 451 continue_send(ibe); 452 } 453 454 static int ipmi_bmc_extern_post_migrate(void *opaque, int version_id) 455 { 456 IPMIBmcExtern *ibe = opaque; 457 458 /* 459 * We don't directly restore waiting_rsp, Instead, we return an 460 * error on the interface if a response was being waited for. 461 */ 462 if (ibe->waiting_rsp) { 463 IPMIInterface *ii = ibe->parent.intf; 464 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 465 466 ibe->waiting_rsp = false; 467 ibe->inbuf[1] = ibe->outbuf[1] | 0x04; 468 ibe->inbuf[2] = ibe->outbuf[2]; 469 ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS; 470 iic->handle_rsp(ii, ibe->outbuf[0], ibe->inbuf + 1, 3); 471 } 472 return 0; 473 } 474 475 static const VMStateDescription vmstate_ipmi_bmc_extern = { 476 .name = TYPE_IPMI_BMC_EXTERN, 477 .version_id = 1, 478 .minimum_version_id = 1, 479 .post_load = ipmi_bmc_extern_post_migrate, 480 .fields = (const VMStateField[]) { 481 VMSTATE_BOOL(send_reset, IPMIBmcExtern), 482 VMSTATE_BOOL(waiting_rsp, IPMIBmcExtern), 483 VMSTATE_END_OF_LIST() 484 } 485 }; 486 487 static void ipmi_bmc_extern_realize(DeviceState *dev, Error **errp) 488 { 489 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(dev); 490 491 if (!qemu_chr_fe_backend_connected(&ibe->chr)) { 492 error_setg(errp, "IPMI external bmc requires chardev attribute"); 493 return; 494 } 495 496 qemu_chr_fe_set_handlers(&ibe->chr, can_receive, receive, 497 chr_event, NULL, ibe, NULL, true); 498 } 499 500 static void ipmi_bmc_extern_init(Object *obj) 501 { 502 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj); 503 504 ibe->extern_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, extern_timeout, ibe); 505 } 506 507 static void ipmi_bmc_extern_finalize(Object *obj) 508 { 509 IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj); 510 511 timer_free(ibe->extern_timer); 512 } 513 514 static const Property ipmi_bmc_extern_properties[] = { 515 DEFINE_PROP_CHR("chardev", IPMIBmcExtern, chr), 516 }; 517 518 static void ipmi_bmc_extern_class_init(ObjectClass *oc, void *data) 519 { 520 DeviceClass *dc = DEVICE_CLASS(oc); 521 IPMIBmcClass *bk = IPMI_BMC_CLASS(oc); 522 523 bk->handle_command = ipmi_bmc_extern_handle_command; 524 bk->handle_reset = ipmi_bmc_extern_handle_reset; 525 dc->hotpluggable = false; 526 dc->realize = ipmi_bmc_extern_realize; 527 dc->vmsd = &vmstate_ipmi_bmc_extern; 528 device_class_set_props(dc, ipmi_bmc_extern_properties); 529 } 530 531 static const TypeInfo ipmi_bmc_extern_type = { 532 .name = TYPE_IPMI_BMC_EXTERN, 533 .parent = TYPE_IPMI_BMC, 534 .instance_size = sizeof(IPMIBmcExtern), 535 .instance_init = ipmi_bmc_extern_init, 536 .instance_finalize = ipmi_bmc_extern_finalize, 537 .class_init = ipmi_bmc_extern_class_init, 538 }; 539 540 static void ipmi_bmc_extern_register_types(void) 541 { 542 type_register_static(&ipmi_bmc_extern_type); 543 } 544 545 type_init(ipmi_bmc_extern_register_types) 546