xref: /openbmc/qemu/hw/ipmi/ipmi_bmc_sim.c (revision f6476697)
1 /*
2  * IPMI BMC emulation
3  *
4  * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 
25 #include "qemu/osdep.h"
26 #include "sysemu/sysemu.h"
27 #include "qemu/timer.h"
28 #include "hw/ipmi/ipmi.h"
29 #include "qemu/error-report.h"
30 #include "qemu/module.h"
31 #include "hw/loader.h"
32 #include "hw/qdev-properties.h"
33 #include "hw/qdev-properties-system.h"
34 #include "migration/vmstate.h"
35 
36 #define IPMI_NETFN_CHASSIS            0x00
37 
38 #define IPMI_CMD_GET_CHASSIS_CAPABILITIES 0x00
39 #define IPMI_CMD_GET_CHASSIS_STATUS       0x01
40 #define IPMI_CMD_CHASSIS_CONTROL          0x02
41 #define IPMI_CMD_GET_SYS_RESTART_CAUSE    0x09
42 
43 #define IPMI_NETFN_SENSOR_EVENT       0x04
44 
45 #define IPMI_CMD_PLATFORM_EVENT_MSG       0x02
46 #define IPMI_CMD_SET_SENSOR_EVT_ENABLE    0x28
47 #define IPMI_CMD_GET_SENSOR_EVT_ENABLE    0x29
48 #define IPMI_CMD_REARM_SENSOR_EVTS        0x2a
49 #define IPMI_CMD_GET_SENSOR_EVT_STATUS    0x2b
50 #define IPMI_CMD_GET_SENSOR_READING       0x2d
51 #define IPMI_CMD_SET_SENSOR_TYPE          0x2e
52 #define IPMI_CMD_GET_SENSOR_TYPE          0x2f
53 #define IPMI_CMD_SET_SENSOR_READING       0x30
54 
55 /* #define IPMI_NETFN_APP             0x06 In ipmi.h */
56 
57 #define IPMI_CMD_GET_DEVICE_ID            0x01
58 #define IPMI_CMD_COLD_RESET               0x02
59 #define IPMI_CMD_WARM_RESET               0x03
60 #define IPMI_CMD_SET_ACPI_POWER_STATE     0x06
61 #define IPMI_CMD_GET_ACPI_POWER_STATE     0x07
62 #define IPMI_CMD_GET_DEVICE_GUID          0x08
63 #define IPMI_CMD_RESET_WATCHDOG_TIMER     0x22
64 #define IPMI_CMD_SET_WATCHDOG_TIMER       0x24
65 #define IPMI_CMD_GET_WATCHDOG_TIMER       0x25
66 #define IPMI_CMD_SET_BMC_GLOBAL_ENABLES   0x2e
67 #define IPMI_CMD_GET_BMC_GLOBAL_ENABLES   0x2f
68 #define IPMI_CMD_CLR_MSG_FLAGS            0x30
69 #define IPMI_CMD_GET_MSG_FLAGS            0x31
70 #define IPMI_CMD_GET_MSG                  0x33
71 #define IPMI_CMD_SEND_MSG                 0x34
72 #define IPMI_CMD_READ_EVT_MSG_BUF         0x35
73 
74 #define IPMI_NETFN_STORAGE            0x0a
75 
76 #define IPMI_CMD_GET_SDR_REP_INFO         0x20
77 #define IPMI_CMD_GET_SDR_REP_ALLOC_INFO   0x21
78 #define IPMI_CMD_RESERVE_SDR_REP          0x22
79 #define IPMI_CMD_GET_SDR                  0x23
80 #define IPMI_CMD_ADD_SDR                  0x24
81 #define IPMI_CMD_PARTIAL_ADD_SDR          0x25
82 #define IPMI_CMD_DELETE_SDR               0x26
83 #define IPMI_CMD_CLEAR_SDR_REP            0x27
84 #define IPMI_CMD_GET_SDR_REP_TIME         0x28
85 #define IPMI_CMD_SET_SDR_REP_TIME         0x29
86 #define IPMI_CMD_ENTER_SDR_REP_UPD_MODE   0x2A
87 #define IPMI_CMD_EXIT_SDR_REP_UPD_MODE    0x2B
88 #define IPMI_CMD_RUN_INIT_AGENT           0x2C
89 #define IPMI_CMD_GET_FRU_AREA_INFO        0x10
90 #define IPMI_CMD_READ_FRU_DATA            0x11
91 #define IPMI_CMD_WRITE_FRU_DATA           0x12
92 #define IPMI_CMD_GET_SEL_INFO             0x40
93 #define IPMI_CMD_GET_SEL_ALLOC_INFO       0x41
94 #define IPMI_CMD_RESERVE_SEL              0x42
95 #define IPMI_CMD_GET_SEL_ENTRY            0x43
96 #define IPMI_CMD_ADD_SEL_ENTRY            0x44
97 #define IPMI_CMD_PARTIAL_ADD_SEL_ENTRY    0x45
98 #define IPMI_CMD_DELETE_SEL_ENTRY         0x46
99 #define IPMI_CMD_CLEAR_SEL                0x47
100 #define IPMI_CMD_GET_SEL_TIME             0x48
101 #define IPMI_CMD_SET_SEL_TIME             0x49
102 
103 
104 /* Same as a timespec struct. */
105 struct ipmi_time {
106     long tv_sec;
107     long tv_nsec;
108 };
109 
110 #define MAX_SEL_SIZE 128
111 
112 typedef struct IPMISel {
113     uint8_t sel[MAX_SEL_SIZE][16];
114     unsigned int next_free;
115     long time_offset;
116     uint16_t reservation;
117     uint8_t last_addition[4];
118     uint8_t last_clear[4];
119     uint8_t overflow;
120 } IPMISel;
121 
122 #define MAX_SDR_SIZE 16384
123 
124 typedef struct IPMISdr {
125     uint8_t sdr[MAX_SDR_SIZE];
126     unsigned int next_free;
127     uint16_t next_rec_id;
128     uint16_t reservation;
129     uint8_t last_addition[4];
130     uint8_t last_clear[4];
131     uint8_t overflow;
132 } IPMISdr;
133 
134 typedef struct IPMIFru {
135     char *filename;
136     unsigned int nentries;
137     uint16_t areasize;
138     uint8_t *data;
139 } IPMIFru;
140 
141 typedef struct IPMISensor {
142     uint8_t status;
143     uint8_t reading;
144     uint16_t states_suppt;
145     uint16_t assert_suppt;
146     uint16_t deassert_suppt;
147     uint16_t states;
148     uint16_t assert_states;
149     uint16_t deassert_states;
150     uint16_t assert_enable;
151     uint16_t deassert_enable;
152     uint8_t  sensor_type;
153     uint8_t  evt_reading_type_code;
154 } IPMISensor;
155 #define IPMI_SENSOR_GET_PRESENT(s)       ((s)->status & 0x01)
156 #define IPMI_SENSOR_SET_PRESENT(s, v)    ((s)->status = (s->status & ~0x01) | \
157                                              !!(v))
158 #define IPMI_SENSOR_GET_SCAN_ON(s)       ((s)->status & 0x40)
159 #define IPMI_SENSOR_SET_SCAN_ON(s, v)    ((s)->status = (s->status & ~0x40) | \
160                                              ((!!(v)) << 6))
161 #define IPMI_SENSOR_GET_EVENTS_ON(s)     ((s)->status & 0x80)
162 #define IPMI_SENSOR_SET_EVENTS_ON(s, v)  ((s)->status = (s->status & ~0x80) | \
163                                              ((!!(v)) << 7))
164 #define IPMI_SENSOR_GET_RET_STATUS(s)    ((s)->status & 0xc0)
165 #define IPMI_SENSOR_SET_RET_STATUS(s, v) ((s)->status = (s->status & ~0xc0) | \
166                                              (v & 0xc0))
167 #define IPMI_SENSOR_IS_DISCRETE(s) ((s)->evt_reading_type_code != 1)
168 
169 #define MAX_SENSORS 20
170 #define IPMI_WATCHDOG_SENSOR 0
171 
172 #define MAX_NETFNS 64
173 
174 typedef struct IPMIRcvBufEntry {
175     QTAILQ_ENTRY(IPMIRcvBufEntry) entry;
176     uint8_t len;
177     uint8_t buf[MAX_IPMI_MSG_SIZE];
178 } IPMIRcvBufEntry;
179 
180 struct IPMIBmcSim {
181     IPMIBmc parent;
182 
183     QEMUTimer *timer;
184 
185     uint8_t bmc_global_enables;
186     uint8_t msg_flags;
187 
188     bool     watchdog_initialized;
189     uint8_t  watchdog_use;
190     uint8_t  watchdog_action;
191     uint8_t  watchdog_pretimeout; /* In seconds */
192     bool     watchdog_expired;
193     uint16_t watchdog_timeout; /* in 100's of milliseconds */
194 
195     bool     watchdog_running;
196     bool     watchdog_preaction_ran;
197     int64_t  watchdog_expiry;
198 
199     uint8_t device_id;
200     uint8_t ipmi_version;
201     uint8_t device_rev;
202     uint8_t fwrev1;
203     uint8_t fwrev2;
204     uint32_t mfg_id;
205     uint16_t product_id;
206 
207     uint8_t restart_cause;
208 
209     uint8_t acpi_power_state[2];
210     QemuUUID uuid;
211 
212     IPMISel sel;
213     IPMISdr sdr;
214     IPMIFru fru;
215     IPMISensor sensors[MAX_SENSORS];
216     char *sdr_filename;
217 
218     /* Odd netfns are for responses, so we only need the even ones. */
219     const IPMINetfn *netfns[MAX_NETFNS / 2];
220 
221     /* We allow one event in the buffer */
222     uint8_t evtbuf[16];
223 
224     QTAILQ_HEAD(, IPMIRcvBufEntry) rcvbufs;
225 };
226 
227 #define IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK        (1 << 3)
228 #define IPMI_BMC_MSG_FLAG_EVT_BUF_FULL                 (1 << 1)
229 #define IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE                (1 << 0)
230 #define IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK_SET(s) \
231     (IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK & (s)->msg_flags)
232 #define IPMI_BMC_MSG_FLAG_EVT_BUF_FULL_SET(s) \
233     (IPMI_BMC_MSG_FLAG_EVT_BUF_FULL & (s)->msg_flags)
234 #define IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE_SET(s) \
235     (IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE & (s)->msg_flags)
236 
237 #define IPMI_BMC_RCV_MSG_QUEUE_INT_BIT    0
238 #define IPMI_BMC_EVBUF_FULL_INT_BIT       1
239 #define IPMI_BMC_EVENT_MSG_BUF_BIT        2
240 #define IPMI_BMC_EVENT_LOG_BIT            3
241 #define IPMI_BMC_MSG_INTS_ON(s) ((s)->bmc_global_enables & \
242                                  (1 << IPMI_BMC_RCV_MSG_QUEUE_INT_BIT))
243 #define IPMI_BMC_EVBUF_FULL_INT_ENABLED(s) ((s)->bmc_global_enables & \
244                                         (1 << IPMI_BMC_EVBUF_FULL_INT_BIT))
245 #define IPMI_BMC_EVENT_LOG_ENABLED(s) ((s)->bmc_global_enables & \
246                                        (1 << IPMI_BMC_EVENT_LOG_BIT))
247 #define IPMI_BMC_EVENT_MSG_BUF_ENABLED(s) ((s)->bmc_global_enables & \
248                                            (1 << IPMI_BMC_EVENT_MSG_BUF_BIT))
249 
250 #define IPMI_BMC_WATCHDOG_USE_MASK 0xc7
251 #define IPMI_BMC_WATCHDOG_ACTION_MASK 0x77
252 #define IPMI_BMC_WATCHDOG_GET_USE(s) ((s)->watchdog_use & 0x7)
253 #define IPMI_BMC_WATCHDOG_GET_DONT_LOG(s) (((s)->watchdog_use >> 7) & 0x1)
254 #define IPMI_BMC_WATCHDOG_GET_DONT_STOP(s) (((s)->watchdog_use >> 6) & 0x1)
255 #define IPMI_BMC_WATCHDOG_GET_PRE_ACTION(s) (((s)->watchdog_action >> 4) & 0x7)
256 #define IPMI_BMC_WATCHDOG_PRE_NONE               0
257 #define IPMI_BMC_WATCHDOG_PRE_SMI                1
258 #define IPMI_BMC_WATCHDOG_PRE_NMI                2
259 #define IPMI_BMC_WATCHDOG_PRE_MSG_INT            3
260 #define IPMI_BMC_WATCHDOG_GET_ACTION(s) ((s)->watchdog_action & 0x7)
261 #define IPMI_BMC_WATCHDOG_ACTION_NONE            0
262 #define IPMI_BMC_WATCHDOG_ACTION_RESET           1
263 #define IPMI_BMC_WATCHDOG_ACTION_POWER_DOWN      2
264 #define IPMI_BMC_WATCHDOG_ACTION_POWER_CYCLE     3
265 
266 #define RSP_BUFFER_INITIALIZER { }
267 
268 static inline void rsp_buffer_pushmore(RspBuffer *rsp, uint8_t *bytes,
269                                        unsigned int n)
270 {
271     if (rsp->len + n >= sizeof(rsp->buffer)) {
272         rsp_buffer_set_error(rsp, IPMI_CC_REQUEST_DATA_TRUNCATED);
273         return;
274     }
275 
276     memcpy(&rsp->buffer[rsp->len], bytes, n);
277     rsp->len += n;
278 }
279 
280 static void ipmi_sim_handle_timeout(IPMIBmcSim *ibs);
281 
282 static void ipmi_gettime(struct ipmi_time *time)
283 {
284     int64_t stime;
285 
286     stime = qemu_clock_get_ns(QEMU_CLOCK_HOST);
287     time->tv_sec = stime / 1000000000LL;
288     time->tv_nsec = stime % 1000000000LL;
289 }
290 
291 static int64_t ipmi_getmonotime(void)
292 {
293     return qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
294 }
295 
296 static void ipmi_timeout(void *opaque)
297 {
298     IPMIBmcSim *ibs = opaque;
299 
300     ipmi_sim_handle_timeout(ibs);
301 }
302 
303 static void set_timestamp(IPMIBmcSim *ibs, uint8_t *ts)
304 {
305     unsigned int val;
306     struct ipmi_time now;
307 
308     ipmi_gettime(&now);
309     val = now.tv_sec + ibs->sel.time_offset;
310     ts[0] = val & 0xff;
311     ts[1] = (val >> 8) & 0xff;
312     ts[2] = (val >> 16) & 0xff;
313     ts[3] = (val >> 24) & 0xff;
314 }
315 
316 static void sdr_inc_reservation(IPMISdr *sdr)
317 {
318     sdr->reservation++;
319     if (sdr->reservation == 0) {
320         sdr->reservation = 1;
321     }
322 }
323 
324 static int sdr_add_entry(IPMIBmcSim *ibs,
325                          const struct ipmi_sdr_header *sdrh_entry,
326                          unsigned int len, uint16_t *recid)
327 {
328     struct ipmi_sdr_header *sdrh =
329         (struct ipmi_sdr_header *) &ibs->sdr.sdr[ibs->sdr.next_free];
330 
331     if ((len < IPMI_SDR_HEADER_SIZE) || (len > 255)) {
332         return 1;
333     }
334 
335     if (ipmi_sdr_length(sdrh_entry) != len) {
336         return 1;
337     }
338 
339     if (ibs->sdr.next_free + len > MAX_SDR_SIZE) {
340         ibs->sdr.overflow = 1;
341         return 1;
342     }
343 
344     memcpy(sdrh, sdrh_entry, len);
345     sdrh->rec_id[0] = ibs->sdr.next_rec_id & 0xff;
346     sdrh->rec_id[1] = (ibs->sdr.next_rec_id >> 8) & 0xff;
347     sdrh->sdr_version = 0x51; /* Conform to IPMI 1.5 spec */
348 
349     if (recid) {
350         *recid = ibs->sdr.next_rec_id;
351     }
352     ibs->sdr.next_rec_id++;
353     set_timestamp(ibs, ibs->sdr.last_addition);
354     ibs->sdr.next_free += len;
355     sdr_inc_reservation(&ibs->sdr);
356     return 0;
357 }
358 
359 static int sdr_find_entry(IPMISdr *sdr, uint16_t recid,
360                           unsigned int *retpos, uint16_t *nextrec)
361 {
362     unsigned int pos = *retpos;
363 
364     while (pos < sdr->next_free) {
365         struct ipmi_sdr_header *sdrh =
366             (struct ipmi_sdr_header *) &sdr->sdr[pos];
367         uint16_t trec = ipmi_sdr_recid(sdrh);
368         unsigned int nextpos = pos + ipmi_sdr_length(sdrh);
369 
370         if (trec == recid) {
371             if (nextrec) {
372                 if (nextpos >= sdr->next_free) {
373                     *nextrec = 0xffff;
374                 } else {
375                     *nextrec = (sdr->sdr[nextpos] |
376                                 (sdr->sdr[nextpos + 1] << 8));
377                 }
378             }
379             *retpos = pos;
380             return 0;
381         }
382         pos = nextpos;
383     }
384     return 1;
385 }
386 
387 int ipmi_bmc_sdr_find(IPMIBmc *b, uint16_t recid,
388                       const struct ipmi_sdr_compact **sdr, uint16_t *nextrec)
389 
390 {
391     IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b);
392     unsigned int pos;
393 
394     pos = 0;
395     if (sdr_find_entry(&ibs->sdr, recid, &pos, nextrec)) {
396         return -1;
397     }
398 
399     *sdr = (const struct ipmi_sdr_compact *) &ibs->sdr.sdr[pos];
400     return 0;
401 }
402 
403 static void sel_inc_reservation(IPMISel *sel)
404 {
405     sel->reservation++;
406     if (sel->reservation == 0) {
407         sel->reservation = 1;
408     }
409 }
410 
411 /* Returns 1 if the SEL is full and can't hold the event. */
412 static int sel_add_event(IPMIBmcSim *ibs, uint8_t *event)
413 {
414     uint8_t ts[4];
415 
416     event[0] = 0xff;
417     event[1] = 0xff;
418     set_timestamp(ibs, ts);
419     if (event[2] < 0xe0) { /* Don't set timestamps for type 0xe0-0xff. */
420         memcpy(event + 3, ts, 4);
421     }
422     if (ibs->sel.next_free == MAX_SEL_SIZE) {
423         ibs->sel.overflow = 1;
424         return 1;
425     }
426     event[0] = ibs->sel.next_free & 0xff;
427     event[1] = (ibs->sel.next_free >> 8) & 0xff;
428     memcpy(ibs->sel.last_addition, ts, 4);
429     memcpy(ibs->sel.sel[ibs->sel.next_free], event, 16);
430     ibs->sel.next_free++;
431     sel_inc_reservation(&ibs->sel);
432     return 0;
433 }
434 
435 static int attn_set(IPMIBmcSim *ibs)
436 {
437     return IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE_SET(ibs)
438         || IPMI_BMC_MSG_FLAG_EVT_BUF_FULL_SET(ibs)
439         || IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK_SET(ibs);
440 }
441 
442 static int attn_irq_enabled(IPMIBmcSim *ibs)
443 {
444     return (IPMI_BMC_MSG_INTS_ON(ibs) &&
445             (IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE_SET(ibs) ||
446              IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK_SET(ibs)))
447         || (IPMI_BMC_EVBUF_FULL_INT_ENABLED(ibs) &&
448             IPMI_BMC_MSG_FLAG_EVT_BUF_FULL_SET(ibs));
449 }
450 
451 void ipmi_bmc_gen_event(IPMIBmc *b, uint8_t *evt, bool log)
452 {
453     IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b);
454     IPMIInterface *s = ibs->parent.intf;
455     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
456 
457     if (!IPMI_BMC_EVENT_MSG_BUF_ENABLED(ibs)) {
458         return;
459     }
460 
461     if (log && IPMI_BMC_EVENT_LOG_ENABLED(ibs)) {
462         sel_add_event(ibs, evt);
463     }
464 
465     if (ibs->msg_flags & IPMI_BMC_MSG_FLAG_EVT_BUF_FULL) {
466         goto out;
467     }
468 
469     memcpy(ibs->evtbuf, evt, 16);
470     ibs->msg_flags |= IPMI_BMC_MSG_FLAG_EVT_BUF_FULL;
471     k->set_atn(s, 1, attn_irq_enabled(ibs));
472  out:
473     return;
474 }
475 static void gen_event(IPMIBmcSim *ibs, unsigned int sens_num, uint8_t deassert,
476                       uint8_t evd1, uint8_t evd2, uint8_t evd3)
477 {
478     IPMIInterface *s = ibs->parent.intf;
479     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
480     uint8_t evt[16];
481     IPMISensor *sens = ibs->sensors + sens_num;
482 
483     if (!IPMI_BMC_EVENT_MSG_BUF_ENABLED(ibs)) {
484         return;
485     }
486     if (!IPMI_SENSOR_GET_EVENTS_ON(sens)) {
487         return;
488     }
489 
490     evt[2] = 0x2; /* System event record */
491     evt[7] = ibs->parent.slave_addr;
492     evt[8] = 0;
493     evt[9] = 0x04; /* Format version */
494     evt[10] = sens->sensor_type;
495     evt[11] = sens_num;
496     evt[12] = sens->evt_reading_type_code | (!!deassert << 7);
497     evt[13] = evd1;
498     evt[14] = evd2;
499     evt[15] = evd3;
500 
501     if (IPMI_BMC_EVENT_LOG_ENABLED(ibs)) {
502         sel_add_event(ibs, evt);
503     }
504 
505     if (ibs->msg_flags & IPMI_BMC_MSG_FLAG_EVT_BUF_FULL) {
506         return;
507     }
508 
509     memcpy(ibs->evtbuf, evt, 16);
510     ibs->msg_flags |= IPMI_BMC_MSG_FLAG_EVT_BUF_FULL;
511     k->set_atn(s, 1, attn_irq_enabled(ibs));
512 }
513 
514 static void sensor_set_discrete_bit(IPMIBmcSim *ibs, unsigned int sensor,
515                                     unsigned int bit, unsigned int val,
516                                     uint8_t evd1, uint8_t evd2, uint8_t evd3)
517 {
518     IPMISensor *sens;
519     uint16_t mask;
520 
521     if (sensor >= MAX_SENSORS) {
522         return;
523     }
524     if (bit >= 16) {
525         return;
526     }
527 
528     mask = (1 << bit);
529     sens = ibs->sensors + sensor;
530     if (val) {
531         sens->states |= mask & sens->states_suppt;
532         if (sens->assert_states & mask) {
533             return; /* Already asserted */
534         }
535         sens->assert_states |= mask & sens->assert_suppt;
536         if (sens->assert_enable & mask & sens->assert_states) {
537             /* Send an event on assert */
538             gen_event(ibs, sensor, 0, evd1, evd2, evd3);
539         }
540     } else {
541         sens->states &= ~(mask & sens->states_suppt);
542         if (sens->deassert_states & mask) {
543             return; /* Already deasserted */
544         }
545         sens->deassert_states |= mask & sens->deassert_suppt;
546         if (sens->deassert_enable & mask & sens->deassert_states) {
547             /* Send an event on deassert */
548             gen_event(ibs, sensor, 1, evd1, evd2, evd3);
549         }
550     }
551 }
552 
553 static void ipmi_init_sensors_from_sdrs(IPMIBmcSim *s)
554 {
555     unsigned int i, pos;
556     IPMISensor *sens;
557 
558     for (i = 0; i < MAX_SENSORS; i++) {
559         memset(s->sensors + i, 0, sizeof(*sens));
560     }
561 
562     pos = 0;
563     for (i = 0; !sdr_find_entry(&s->sdr, i, &pos, NULL); i++) {
564         struct ipmi_sdr_compact *sdr =
565             (struct ipmi_sdr_compact *) &s->sdr.sdr[pos];
566         unsigned int len = sdr->header.rec_length;
567 
568         if (len < 20) {
569             continue;
570         }
571         if (sdr->header.rec_type != IPMI_SDR_COMPACT_TYPE) {
572             continue; /* Not a sensor SDR we set from */
573         }
574 
575         if (sdr->sensor_owner_number >= MAX_SENSORS) {
576             continue;
577         }
578         sens = s->sensors + sdr->sensor_owner_number;
579 
580         IPMI_SENSOR_SET_PRESENT(sens, 1);
581         IPMI_SENSOR_SET_SCAN_ON(sens, (sdr->sensor_init >> 6) & 1);
582         IPMI_SENSOR_SET_EVENTS_ON(sens, (sdr->sensor_init >> 5) & 1);
583         sens->assert_suppt = sdr->assert_mask[0] | (sdr->assert_mask[1] << 8);
584         sens->deassert_suppt =
585             sdr->deassert_mask[0] | (sdr->deassert_mask[1] << 8);
586         sens->states_suppt =
587             sdr->discrete_mask[0] | (sdr->discrete_mask[1] << 8);
588         sens->sensor_type = sdr->sensor_type;
589         sens->evt_reading_type_code = sdr->reading_type & 0x7f;
590 
591         /* Enable all the events that are supported. */
592         sens->assert_enable = sens->assert_suppt;
593         sens->deassert_enable = sens->deassert_suppt;
594     }
595 }
596 
597 int ipmi_sim_register_netfn(IPMIBmcSim *s, unsigned int netfn,
598                         const IPMINetfn *netfnd)
599 {
600     if ((netfn & 1) || (netfn >= MAX_NETFNS) || (s->netfns[netfn / 2])) {
601         return -1;
602     }
603     s->netfns[netfn / 2] = netfnd;
604     return 0;
605 }
606 
607 static const IPMICmdHandler *ipmi_get_handler(IPMIBmcSim *ibs,
608                                               unsigned int netfn,
609                                               unsigned int cmd)
610 {
611     const IPMICmdHandler *hdl;
612 
613     if (netfn & 1 || netfn >= MAX_NETFNS || !ibs->netfns[netfn / 2]) {
614         return NULL;
615     }
616 
617     if (cmd >= ibs->netfns[netfn / 2]->cmd_nums) {
618         return NULL;
619     }
620 
621     hdl = &ibs->netfns[netfn / 2]->cmd_handlers[cmd];
622     if (!hdl->cmd_handler) {
623         return NULL;
624     }
625 
626     return hdl;
627 }
628 
629 static void next_timeout(IPMIBmcSim *ibs)
630 {
631     int64_t next;
632     if (ibs->watchdog_running) {
633         next = ibs->watchdog_expiry;
634     } else {
635         /* Wait a minute */
636         next = ipmi_getmonotime() + 60 * 1000000000LL;
637     }
638     timer_mod_ns(ibs->timer, next);
639 }
640 
641 static void ipmi_sim_handle_command(IPMIBmc *b,
642                                     uint8_t *cmd, unsigned int cmd_len,
643                                     unsigned int max_cmd_len,
644                                     uint8_t msg_id)
645 {
646     IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b);
647     IPMIInterface *s = ibs->parent.intf;
648     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
649     const IPMICmdHandler *hdl;
650     RspBuffer rsp = RSP_BUFFER_INITIALIZER;
651 
652     /* Set up the response, set the low bit of NETFN. */
653     /* Note that max_rsp_len must be at least 3 */
654     if (sizeof(rsp.buffer) < 3) {
655         rsp_buffer_set_error(&rsp, IPMI_CC_REQUEST_DATA_TRUNCATED);
656         goto out;
657     }
658 
659     rsp_buffer_push(&rsp, cmd[0] | 0x04);
660     rsp_buffer_push(&rsp, cmd[1]);
661     rsp_buffer_push(&rsp, 0); /* Assume success */
662 
663     /* If it's too short or it was truncated, return an error. */
664     if (cmd_len < 2) {
665         rsp_buffer_set_error(&rsp, IPMI_CC_REQUEST_DATA_LENGTH_INVALID);
666         goto out;
667     }
668     if (cmd_len > max_cmd_len) {
669         rsp_buffer_set_error(&rsp, IPMI_CC_REQUEST_DATA_TRUNCATED);
670         goto out;
671     }
672 
673     if ((cmd[0] & 0x03) != 0) {
674         /* Only have stuff on LUN 0 */
675         rsp_buffer_set_error(&rsp, IPMI_CC_COMMAND_INVALID_FOR_LUN);
676         goto out;
677     }
678 
679     hdl = ipmi_get_handler(ibs, cmd[0] >> 2, cmd[1]);
680     if (!hdl) {
681         rsp_buffer_set_error(&rsp, IPMI_CC_INVALID_CMD);
682         goto out;
683     }
684 
685     if (cmd_len < hdl->cmd_len_min) {
686         rsp_buffer_set_error(&rsp, IPMI_CC_REQUEST_DATA_LENGTH_INVALID);
687         goto out;
688     }
689 
690     hdl->cmd_handler(ibs, cmd, cmd_len, &rsp);
691 
692  out:
693     k->handle_rsp(s, msg_id, rsp.buffer, rsp.len);
694 
695     next_timeout(ibs);
696 }
697 
698 static void ipmi_sim_handle_timeout(IPMIBmcSim *ibs)
699 {
700     IPMIInterface *s = ibs->parent.intf;
701     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
702 
703     if (!ibs->watchdog_running) {
704         goto out;
705     }
706 
707     if (!ibs->watchdog_preaction_ran) {
708         switch (IPMI_BMC_WATCHDOG_GET_PRE_ACTION(ibs)) {
709         case IPMI_BMC_WATCHDOG_PRE_NMI:
710             ibs->msg_flags |= IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK;
711             k->do_hw_op(s, IPMI_SEND_NMI, 0);
712             sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 8, 1,
713                                     0xc8, (2 << 4) | 0xf, 0xff);
714             break;
715 
716         case IPMI_BMC_WATCHDOG_PRE_MSG_INT:
717             ibs->msg_flags |= IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK;
718             k->set_atn(s, 1, attn_irq_enabled(ibs));
719             sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 8, 1,
720                                     0xc8, (3 << 4) | 0xf, 0xff);
721             break;
722 
723         default:
724             goto do_full_expiry;
725         }
726 
727         ibs->watchdog_preaction_ran = 1;
728         /* Issued the pretimeout, do the rest of the timeout now. */
729         ibs->watchdog_expiry = ipmi_getmonotime();
730         ibs->watchdog_expiry += ibs->watchdog_pretimeout * 1000000000LL;
731         goto out;
732     }
733 
734  do_full_expiry:
735     ibs->watchdog_running = 0; /* Stop the watchdog on a timeout */
736     ibs->watchdog_expired |= (1 << IPMI_BMC_WATCHDOG_GET_USE(ibs));
737     switch (IPMI_BMC_WATCHDOG_GET_ACTION(ibs)) {
738     case IPMI_BMC_WATCHDOG_ACTION_NONE:
739         sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 0, 1,
740                                 0xc0, ibs->watchdog_use & 0xf, 0xff);
741         break;
742 
743     case IPMI_BMC_WATCHDOG_ACTION_RESET:
744         sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 1, 1,
745                                 0xc1, ibs->watchdog_use & 0xf, 0xff);
746         k->do_hw_op(s, IPMI_RESET_CHASSIS, 0);
747         break;
748 
749     case IPMI_BMC_WATCHDOG_ACTION_POWER_DOWN:
750         sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 2, 1,
751                                 0xc2, ibs->watchdog_use & 0xf, 0xff);
752         k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0);
753         break;
754 
755     case IPMI_BMC_WATCHDOG_ACTION_POWER_CYCLE:
756         sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 2, 1,
757                                 0xc3, ibs->watchdog_use & 0xf, 0xff);
758         k->do_hw_op(s, IPMI_POWERCYCLE_CHASSIS, 0);
759         break;
760     }
761 
762  out:
763     next_timeout(ibs);
764 }
765 
766 static void chassis_capabilities(IPMIBmcSim *ibs,
767                                  uint8_t *cmd, unsigned int cmd_len,
768                                  RspBuffer *rsp)
769 {
770     rsp_buffer_push(rsp, 0);
771     rsp_buffer_push(rsp, ibs->parent.slave_addr);
772     rsp_buffer_push(rsp, ibs->parent.slave_addr);
773     rsp_buffer_push(rsp, ibs->parent.slave_addr);
774     rsp_buffer_push(rsp, ibs->parent.slave_addr);
775 }
776 
777 static void chassis_status(IPMIBmcSim *ibs,
778                            uint8_t *cmd, unsigned int cmd_len,
779                            RspBuffer *rsp)
780 {
781     rsp_buffer_push(rsp, 0x61); /* Unknown power restore, power is on */
782     rsp_buffer_push(rsp, 0);
783     rsp_buffer_push(rsp, 0);
784     rsp_buffer_push(rsp, 0);
785 }
786 
787 static void chassis_control(IPMIBmcSim *ibs,
788                             uint8_t *cmd, unsigned int cmd_len,
789                             RspBuffer *rsp)
790 {
791     IPMIInterface *s = ibs->parent.intf;
792     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
793 
794     switch (cmd[2] & 0xf) {
795     case 0: /* power down */
796         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0));
797         break;
798     case 1: /* power up */
799         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWERON_CHASSIS, 0));
800         break;
801     case 2: /* power cycle */
802         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWERCYCLE_CHASSIS, 0));
803         break;
804     case 3: /* hard reset */
805         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_RESET_CHASSIS, 0));
806         break;
807     case 4: /* pulse diagnostic interrupt */
808         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_PULSE_DIAG_IRQ, 0));
809         break;
810     case 5: /* soft shutdown via ACPI by overtemp emulation */
811         rsp_buffer_set_error(rsp, k->do_hw_op(s,
812                                           IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 0));
813         break;
814     default:
815         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
816         return;
817     }
818 }
819 
820 static void chassis_get_sys_restart_cause(IPMIBmcSim *ibs,
821                            uint8_t *cmd, unsigned int cmd_len,
822                            RspBuffer *rsp)
823 
824 {
825     rsp_buffer_push(rsp, ibs->restart_cause & 0xf); /* Restart Cause */
826     rsp_buffer_push(rsp, 0);  /* Channel 0 */
827 }
828 
829 static void get_device_id(IPMIBmcSim *ibs,
830                           uint8_t *cmd, unsigned int cmd_len,
831                           RspBuffer *rsp)
832 {
833     rsp_buffer_push(rsp, ibs->device_id);
834     rsp_buffer_push(rsp, ibs->device_rev & 0xf);
835     rsp_buffer_push(rsp, ibs->fwrev1 & 0x7f);
836     rsp_buffer_push(rsp, ibs->fwrev2);
837     rsp_buffer_push(rsp, ibs->ipmi_version);
838     rsp_buffer_push(rsp, 0x07); /* sensor, SDR, and SEL. */
839     rsp_buffer_push(rsp, ibs->mfg_id & 0xff);
840     rsp_buffer_push(rsp, (ibs->mfg_id >> 8) & 0xff);
841     rsp_buffer_push(rsp, (ibs->mfg_id >> 16) & 0xff);
842     rsp_buffer_push(rsp, ibs->product_id & 0xff);
843     rsp_buffer_push(rsp, (ibs->product_id >> 8) & 0xff);
844 }
845 
846 static void set_global_enables(IPMIBmcSim *ibs, uint8_t val)
847 {
848     IPMIInterface *s = ibs->parent.intf;
849     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
850     bool irqs_on;
851 
852     ibs->bmc_global_enables = val;
853 
854     irqs_on = val & (IPMI_BMC_EVBUF_FULL_INT_BIT |
855                      IPMI_BMC_RCV_MSG_QUEUE_INT_BIT);
856 
857     k->set_irq_enable(s, irqs_on);
858 }
859 
860 static void cold_reset(IPMIBmcSim *ibs,
861                        uint8_t *cmd, unsigned int cmd_len,
862                        RspBuffer *rsp)
863 {
864     IPMIInterface *s = ibs->parent.intf;
865     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
866 
867     /* Disable all interrupts */
868     set_global_enables(ibs, 1 << IPMI_BMC_EVENT_LOG_BIT);
869 
870     if (k->reset) {
871         k->reset(s, true);
872     }
873 }
874 
875 static void warm_reset(IPMIBmcSim *ibs,
876                        uint8_t *cmd, unsigned int cmd_len,
877                        RspBuffer *rsp)
878 {
879     IPMIInterface *s = ibs->parent.intf;
880     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
881 
882     if (k->reset) {
883         k->reset(s, false);
884     }
885 }
886 static void set_acpi_power_state(IPMIBmcSim *ibs,
887                                  uint8_t *cmd, unsigned int cmd_len,
888                                  RspBuffer *rsp)
889 {
890     ibs->acpi_power_state[0] = cmd[2];
891     ibs->acpi_power_state[1] = cmd[3];
892 }
893 
894 static void get_acpi_power_state(IPMIBmcSim *ibs,
895                                  uint8_t *cmd, unsigned int cmd_len,
896                                  RspBuffer *rsp)
897 {
898     rsp_buffer_push(rsp, ibs->acpi_power_state[0]);
899     rsp_buffer_push(rsp, ibs->acpi_power_state[1]);
900 }
901 
902 static void get_device_guid(IPMIBmcSim *ibs,
903                             uint8_t *cmd, unsigned int cmd_len,
904                             RspBuffer *rsp)
905 {
906     unsigned int i;
907 
908     /* An uninitialized uuid is all zeros, use that to know if it is set. */
909     for (i = 0; i < 16; i++) {
910         if (ibs->uuid.data[i]) {
911             goto uuid_set;
912         }
913     }
914     /* No uuid is set, return an error. */
915     rsp_buffer_set_error(rsp, IPMI_CC_INVALID_CMD);
916     return;
917 
918  uuid_set:
919     for (i = 0; i < 16; i++) {
920         rsp_buffer_push(rsp, ibs->uuid.data[i]);
921     }
922 }
923 
924 static void set_bmc_global_enables(IPMIBmcSim *ibs,
925                                    uint8_t *cmd, unsigned int cmd_len,
926                                    RspBuffer *rsp)
927 {
928     set_global_enables(ibs, cmd[2]);
929 }
930 
931 static void get_bmc_global_enables(IPMIBmcSim *ibs,
932                                    uint8_t *cmd, unsigned int cmd_len,
933                                    RspBuffer *rsp)
934 {
935     rsp_buffer_push(rsp, ibs->bmc_global_enables);
936 }
937 
938 static void clr_msg_flags(IPMIBmcSim *ibs,
939                           uint8_t *cmd, unsigned int cmd_len,
940                           RspBuffer *rsp)
941 {
942     IPMIInterface *s = ibs->parent.intf;
943     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
944 
945     ibs->msg_flags &= ~cmd[2];
946     k->set_atn(s, attn_set(ibs), attn_irq_enabled(ibs));
947 }
948 
949 static void get_msg_flags(IPMIBmcSim *ibs,
950                           uint8_t *cmd, unsigned int cmd_len,
951                           RspBuffer *rsp)
952 {
953     rsp_buffer_push(rsp, ibs->msg_flags);
954 }
955 
956 static void read_evt_msg_buf(IPMIBmcSim *ibs,
957                              uint8_t *cmd, unsigned int cmd_len,
958                              RspBuffer *rsp)
959 {
960     IPMIInterface *s = ibs->parent.intf;
961     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
962     unsigned int i;
963 
964     if (!(ibs->msg_flags & IPMI_BMC_MSG_FLAG_EVT_BUF_FULL)) {
965         rsp_buffer_set_error(rsp, 0x80);
966         return;
967     }
968     for (i = 0; i < 16; i++) {
969         rsp_buffer_push(rsp, ibs->evtbuf[i]);
970     }
971     ibs->msg_flags &= ~IPMI_BMC_MSG_FLAG_EVT_BUF_FULL;
972     k->set_atn(s, attn_set(ibs), attn_irq_enabled(ibs));
973 }
974 
975 static void get_msg(IPMIBmcSim *ibs,
976                     uint8_t *cmd, unsigned int cmd_len,
977                     RspBuffer *rsp)
978 {
979     IPMIRcvBufEntry *msg;
980 
981     if (QTAILQ_EMPTY(&ibs->rcvbufs)) {
982         rsp_buffer_set_error(rsp, 0x80); /* Queue empty */
983         goto out;
984     }
985     rsp_buffer_push(rsp, 0); /* Channel 0 */
986     msg = QTAILQ_FIRST(&ibs->rcvbufs);
987     rsp_buffer_pushmore(rsp, msg->buf, msg->len);
988     QTAILQ_REMOVE(&ibs->rcvbufs, msg, entry);
989     g_free(msg);
990 
991     if (QTAILQ_EMPTY(&ibs->rcvbufs)) {
992         IPMIInterface *s = ibs->parent.intf;
993         IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
994 
995         ibs->msg_flags &= ~IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE;
996         k->set_atn(s, attn_set(ibs), attn_irq_enabled(ibs));
997     }
998 
999 out:
1000     return;
1001 }
1002 
1003 static unsigned char
1004 ipmb_checksum(unsigned char *data, int size, unsigned char csum)
1005 {
1006     for (; size > 0; size--, data++) {
1007             csum += *data;
1008     }
1009 
1010     return -csum;
1011 }
1012 
1013 static void send_msg(IPMIBmcSim *ibs,
1014                      uint8_t *cmd, unsigned int cmd_len,
1015                      RspBuffer *rsp)
1016 {
1017     IPMIInterface *s = ibs->parent.intf;
1018     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
1019     IPMIRcvBufEntry *msg;
1020     uint8_t *buf;
1021     uint8_t netfn, rqLun, rsLun, rqSeq;
1022 
1023     if (cmd[2] != 0) {
1024         /* We only handle channel 0 with no options */
1025         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1026         return;
1027     }
1028 
1029     if (cmd_len < 10) {
1030         rsp_buffer_set_error(rsp, IPMI_CC_REQUEST_DATA_LENGTH_INVALID);
1031         return;
1032     }
1033 
1034     if (cmd[3] != 0x40) {
1035         /* We only emulate a MC at address 0x40. */
1036         rsp_buffer_set_error(rsp, 0x83); /* NAK on write */
1037         return;
1038     }
1039 
1040     cmd += 3; /* Skip the header. */
1041     cmd_len -= 3;
1042 
1043     /*
1044      * At this point we "send" the message successfully.  Any error will
1045      * be returned in the response.
1046      */
1047     if (ipmb_checksum(cmd, cmd_len, 0) != 0 ||
1048         cmd[3] != 0x20) { /* Improper response address */
1049         return; /* No response */
1050     }
1051 
1052     netfn = cmd[1] >> 2;
1053     rqLun = cmd[4] & 0x3;
1054     rsLun = cmd[1] & 0x3;
1055     rqSeq = cmd[4] >> 2;
1056 
1057     if (rqLun != 2) {
1058         /* We only support LUN 2 coming back to us. */
1059         return;
1060     }
1061 
1062     msg = g_malloc(sizeof(*msg));
1063     msg->buf[0] = ((netfn | 1) << 2) | rqLun; /* NetFN, and make a response */
1064     msg->buf[1] = ipmb_checksum(msg->buf, 1, 0);
1065     msg->buf[2] = cmd[0]; /* rsSA */
1066     msg->buf[3] = (rqSeq << 2) | rsLun;
1067     msg->buf[4] = cmd[5]; /* Cmd */
1068     msg->buf[5] = 0; /* Completion Code */
1069     msg->len = 6;
1070 
1071     if ((cmd[1] >> 2) != IPMI_NETFN_APP || cmd[5] != IPMI_CMD_GET_DEVICE_ID) {
1072         /* Not a command we handle. */
1073         msg->buf[5] = IPMI_CC_INVALID_CMD;
1074         goto end_msg;
1075     }
1076 
1077     buf = msg->buf + msg->len; /* After the CC */
1078     buf[0] = 0;
1079     buf[1] = 0;
1080     buf[2] = 0;
1081     buf[3] = 0;
1082     buf[4] = 0x51;
1083     buf[5] = 0;
1084     buf[6] = 0;
1085     buf[7] = 0;
1086     buf[8] = 0;
1087     buf[9] = 0;
1088     buf[10] = 0;
1089     msg->len += 11;
1090 
1091  end_msg:
1092     msg->buf[msg->len] = ipmb_checksum(msg->buf, msg->len, 0);
1093     msg->len++;
1094     QTAILQ_INSERT_TAIL(&ibs->rcvbufs, msg, entry);
1095     ibs->msg_flags |= IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE;
1096     k->set_atn(s, 1, attn_irq_enabled(ibs));
1097 }
1098 
1099 static void do_watchdog_reset(IPMIBmcSim *ibs)
1100 {
1101     if (IPMI_BMC_WATCHDOG_GET_ACTION(ibs) ==
1102         IPMI_BMC_WATCHDOG_ACTION_NONE) {
1103         ibs->watchdog_running = 0;
1104         return;
1105     }
1106     ibs->watchdog_preaction_ran = 0;
1107 
1108 
1109     /* Timeout is in tenths of a second, offset is in seconds */
1110     ibs->watchdog_expiry = ipmi_getmonotime();
1111     ibs->watchdog_expiry += ibs->watchdog_timeout * 100000000LL;
1112     if (IPMI_BMC_WATCHDOG_GET_PRE_ACTION(ibs) != IPMI_BMC_WATCHDOG_PRE_NONE) {
1113         ibs->watchdog_expiry -= ibs->watchdog_pretimeout * 1000000000LL;
1114     }
1115     ibs->watchdog_running = 1;
1116 }
1117 
1118 static void reset_watchdog_timer(IPMIBmcSim *ibs,
1119                                  uint8_t *cmd, unsigned int cmd_len,
1120                                  RspBuffer *rsp)
1121 {
1122     if (!ibs->watchdog_initialized) {
1123         rsp_buffer_set_error(rsp, 0x80);
1124         return;
1125     }
1126     do_watchdog_reset(ibs);
1127 }
1128 
1129 static void set_watchdog_timer(IPMIBmcSim *ibs,
1130                                uint8_t *cmd, unsigned int cmd_len,
1131                                RspBuffer *rsp)
1132 {
1133     IPMIInterface *s = ibs->parent.intf;
1134     IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
1135     unsigned int val;
1136 
1137     val = cmd[2] & 0x7; /* Validate use */
1138     if (val == 0 || val > 5) {
1139         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1140         return;
1141     }
1142     val = cmd[3] & 0x7; /* Validate action */
1143     switch (val) {
1144     case IPMI_BMC_WATCHDOG_ACTION_NONE:
1145         break;
1146 
1147     case IPMI_BMC_WATCHDOG_ACTION_RESET:
1148         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_RESET_CHASSIS, 1));
1149         break;
1150 
1151     case IPMI_BMC_WATCHDOG_ACTION_POWER_DOWN:
1152         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 1));
1153         break;
1154 
1155     case IPMI_BMC_WATCHDOG_ACTION_POWER_CYCLE:
1156         rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWERCYCLE_CHASSIS, 1));
1157         break;
1158 
1159     default:
1160         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1161     }
1162     if (rsp->buffer[2]) {
1163         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1164         return;
1165     }
1166 
1167     val = (cmd[3] >> 4) & 0x7; /* Validate preaction */
1168     switch (val) {
1169     case IPMI_BMC_WATCHDOG_PRE_MSG_INT:
1170     case IPMI_BMC_WATCHDOG_PRE_NONE:
1171         break;
1172 
1173     case IPMI_BMC_WATCHDOG_PRE_NMI:
1174         if (k->do_hw_op(s, IPMI_SEND_NMI, 1)) {
1175             /* NMI not supported. */
1176             rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1177             return;
1178         }
1179         break;
1180 
1181     default:
1182         /* We don't support PRE_SMI */
1183         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1184         return;
1185     }
1186 
1187     ibs->watchdog_initialized = 1;
1188     ibs->watchdog_use = cmd[2] & IPMI_BMC_WATCHDOG_USE_MASK;
1189     ibs->watchdog_action = cmd[3] & IPMI_BMC_WATCHDOG_ACTION_MASK;
1190     ibs->watchdog_pretimeout = cmd[4];
1191     ibs->watchdog_expired &= ~cmd[5];
1192     ibs->watchdog_timeout = cmd[6] | (((uint16_t) cmd[7]) << 8);
1193     if (ibs->watchdog_running & IPMI_BMC_WATCHDOG_GET_DONT_STOP(ibs)) {
1194         do_watchdog_reset(ibs);
1195     } else {
1196         ibs->watchdog_running = 0;
1197     }
1198 }
1199 
1200 static void get_watchdog_timer(IPMIBmcSim *ibs,
1201                                uint8_t *cmd, unsigned int cmd_len,
1202                                RspBuffer *rsp)
1203 {
1204     rsp_buffer_push(rsp, ibs->watchdog_use);
1205     rsp_buffer_push(rsp, ibs->watchdog_action);
1206     rsp_buffer_push(rsp, ibs->watchdog_pretimeout);
1207     rsp_buffer_push(rsp, ibs->watchdog_expired);
1208     rsp_buffer_push(rsp, ibs->watchdog_timeout & 0xff);
1209     rsp_buffer_push(rsp, (ibs->watchdog_timeout >> 8) & 0xff);
1210     if (ibs->watchdog_running) {
1211         long timeout;
1212         timeout = ((ibs->watchdog_expiry - ipmi_getmonotime() + 50000000)
1213                    / 100000000);
1214         rsp_buffer_push(rsp, timeout & 0xff);
1215         rsp_buffer_push(rsp, (timeout >> 8) & 0xff);
1216     } else {
1217         rsp_buffer_push(rsp, 0);
1218         rsp_buffer_push(rsp, 0);
1219     }
1220 }
1221 
1222 static void get_sdr_rep_info(IPMIBmcSim *ibs,
1223                              uint8_t *cmd, unsigned int cmd_len,
1224                              RspBuffer *rsp)
1225 {
1226     unsigned int i;
1227 
1228     rsp_buffer_push(rsp, 0x51); /* Conform to IPMI 1.5 spec */
1229     rsp_buffer_push(rsp, ibs->sdr.next_rec_id & 0xff);
1230     rsp_buffer_push(rsp, (ibs->sdr.next_rec_id >> 8) & 0xff);
1231     rsp_buffer_push(rsp, (MAX_SDR_SIZE - ibs->sdr.next_free) & 0xff);
1232     rsp_buffer_push(rsp, ((MAX_SDR_SIZE - ibs->sdr.next_free) >> 8) & 0xff);
1233     for (i = 0; i < 4; i++) {
1234         rsp_buffer_push(rsp, ibs->sdr.last_addition[i]);
1235     }
1236     for (i = 0; i < 4; i++) {
1237         rsp_buffer_push(rsp, ibs->sdr.last_clear[i]);
1238     }
1239     /* Only modal support, reserve supported */
1240     rsp_buffer_push(rsp, (ibs->sdr.overflow << 7) | 0x22);
1241 }
1242 
1243 static void reserve_sdr_rep(IPMIBmcSim *ibs,
1244                             uint8_t *cmd, unsigned int cmd_len,
1245                             RspBuffer *rsp)
1246 {
1247     rsp_buffer_push(rsp, ibs->sdr.reservation & 0xff);
1248     rsp_buffer_push(rsp, (ibs->sdr.reservation >> 8) & 0xff);
1249 }
1250 
1251 static void get_sdr(IPMIBmcSim *ibs,
1252                     uint8_t *cmd, unsigned int cmd_len,
1253                     RspBuffer *rsp)
1254 {
1255     unsigned int pos;
1256     uint16_t nextrec;
1257     struct ipmi_sdr_header *sdrh;
1258 
1259     if (cmd[6]) {
1260         if ((cmd[2] | (cmd[3] << 8)) != ibs->sdr.reservation) {
1261             rsp_buffer_set_error(rsp, IPMI_CC_INVALID_RESERVATION);
1262             return;
1263         }
1264     }
1265 
1266     pos = 0;
1267     if (sdr_find_entry(&ibs->sdr, cmd[4] | (cmd[5] << 8),
1268                        &pos, &nextrec)) {
1269         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1270         return;
1271     }
1272 
1273     sdrh = (struct ipmi_sdr_header *) &ibs->sdr.sdr[pos];
1274 
1275     if (cmd[6] > ipmi_sdr_length(sdrh)) {
1276         rsp_buffer_set_error(rsp, IPMI_CC_PARM_OUT_OF_RANGE);
1277         return;
1278     }
1279 
1280     rsp_buffer_push(rsp, nextrec & 0xff);
1281     rsp_buffer_push(rsp, (nextrec >> 8) & 0xff);
1282 
1283     if (cmd[7] == 0xff) {
1284         cmd[7] = ipmi_sdr_length(sdrh) - cmd[6];
1285     }
1286 
1287     if ((cmd[7] + rsp->len) > sizeof(rsp->buffer)) {
1288         rsp_buffer_set_error(rsp, IPMI_CC_CANNOT_RETURN_REQ_NUM_BYTES);
1289         return;
1290     }
1291 
1292     rsp_buffer_pushmore(rsp, ibs->sdr.sdr + pos + cmd[6], cmd[7]);
1293 }
1294 
1295 static void add_sdr(IPMIBmcSim *ibs,
1296                     uint8_t *cmd, unsigned int cmd_len,
1297                     RspBuffer *rsp)
1298 {
1299     uint16_t recid;
1300     struct ipmi_sdr_header *sdrh = (struct ipmi_sdr_header *) cmd + 2;
1301 
1302     if (sdr_add_entry(ibs, sdrh, cmd_len - 2, &recid)) {
1303         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1304         return;
1305     }
1306     rsp_buffer_push(rsp, recid & 0xff);
1307     rsp_buffer_push(rsp, (recid >> 8) & 0xff);
1308 }
1309 
1310 static void clear_sdr_rep(IPMIBmcSim *ibs,
1311                           uint8_t *cmd, unsigned int cmd_len,
1312                           RspBuffer *rsp)
1313 {
1314     if ((cmd[2] | (cmd[3] << 8)) != ibs->sdr.reservation) {
1315         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_RESERVATION);
1316         return;
1317     }
1318 
1319     if (cmd[4] != 'C' || cmd[5] != 'L' || cmd[6] != 'R') {
1320         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1321         return;
1322     }
1323     if (cmd[7] == 0xaa) {
1324         ibs->sdr.next_free = 0;
1325         ibs->sdr.overflow = 0;
1326         set_timestamp(ibs, ibs->sdr.last_clear);
1327         rsp_buffer_push(rsp, 1); /* Erasure complete */
1328         sdr_inc_reservation(&ibs->sdr);
1329     } else if (cmd[7] == 0) {
1330         rsp_buffer_push(rsp, 1); /* Erasure complete */
1331     } else {
1332         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1333         return;
1334     }
1335 }
1336 
1337 static void get_sel_info(IPMIBmcSim *ibs,
1338                          uint8_t *cmd, unsigned int cmd_len,
1339                          RspBuffer *rsp)
1340 {
1341     unsigned int i, val;
1342 
1343     rsp_buffer_push(rsp, 0x51); /* Conform to IPMI 1.5 */
1344     rsp_buffer_push(rsp, ibs->sel.next_free & 0xff);
1345     rsp_buffer_push(rsp, (ibs->sel.next_free >> 8) & 0xff);
1346     val = (MAX_SEL_SIZE - ibs->sel.next_free) * 16;
1347     rsp_buffer_push(rsp, val & 0xff);
1348     rsp_buffer_push(rsp, (val >> 8) & 0xff);
1349     for (i = 0; i < 4; i++) {
1350         rsp_buffer_push(rsp, ibs->sel.last_addition[i]);
1351     }
1352     for (i = 0; i < 4; i++) {
1353         rsp_buffer_push(rsp, ibs->sel.last_clear[i]);
1354     }
1355     /* Only support Reserve SEL */
1356     rsp_buffer_push(rsp, (ibs->sel.overflow << 7) | 0x02);
1357 }
1358 
1359 static void get_fru_area_info(IPMIBmcSim *ibs,
1360                          uint8_t *cmd, unsigned int cmd_len,
1361                          RspBuffer *rsp)
1362 {
1363     uint8_t fruid;
1364     uint16_t fru_entry_size;
1365 
1366     fruid = cmd[2];
1367 
1368     if (fruid >= ibs->fru.nentries) {
1369         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1370         return;
1371     }
1372 
1373     fru_entry_size = ibs->fru.areasize;
1374 
1375     rsp_buffer_push(rsp, fru_entry_size & 0xff);
1376     rsp_buffer_push(rsp, fru_entry_size >> 8 & 0xff);
1377     rsp_buffer_push(rsp, 0x0);
1378 }
1379 
1380 static void read_fru_data(IPMIBmcSim *ibs,
1381                          uint8_t *cmd, unsigned int cmd_len,
1382                          RspBuffer *rsp)
1383 {
1384     uint8_t fruid;
1385     uint16_t offset;
1386     int i;
1387     uint8_t *fru_entry;
1388     unsigned int count;
1389 
1390     fruid = cmd[2];
1391     offset = (cmd[3] | cmd[4] << 8);
1392 
1393     if (fruid >= ibs->fru.nentries) {
1394         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1395         return;
1396     }
1397 
1398     if (offset >= ibs->fru.areasize - 1) {
1399         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1400         return;
1401     }
1402 
1403     fru_entry = &ibs->fru.data[fruid * ibs->fru.areasize];
1404 
1405     count = MIN(cmd[5], ibs->fru.areasize - offset);
1406 
1407     rsp_buffer_push(rsp, count & 0xff);
1408     for (i = 0; i < count; i++) {
1409         rsp_buffer_push(rsp, fru_entry[offset + i]);
1410     }
1411 }
1412 
1413 static void write_fru_data(IPMIBmcSim *ibs,
1414                          uint8_t *cmd, unsigned int cmd_len,
1415                          RspBuffer *rsp)
1416 {
1417     uint8_t fruid;
1418     uint16_t offset;
1419     uint8_t *fru_entry;
1420     unsigned int count;
1421 
1422     fruid = cmd[2];
1423     offset = (cmd[3] | cmd[4] << 8);
1424 
1425     if (fruid >= ibs->fru.nentries) {
1426         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1427         return;
1428     }
1429 
1430     if (offset >= ibs->fru.areasize - 1) {
1431         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1432         return;
1433     }
1434 
1435     fru_entry = &ibs->fru.data[fruid * ibs->fru.areasize];
1436 
1437     count = MIN(cmd_len - 5, ibs->fru.areasize - offset);
1438 
1439     memcpy(fru_entry + offset, cmd + 5, count);
1440 
1441     rsp_buffer_push(rsp, count & 0xff);
1442 }
1443 
1444 static void reserve_sel(IPMIBmcSim *ibs,
1445                         uint8_t *cmd, unsigned int cmd_len,
1446                         RspBuffer *rsp)
1447 {
1448     rsp_buffer_push(rsp, ibs->sel.reservation & 0xff);
1449     rsp_buffer_push(rsp, (ibs->sel.reservation >> 8) & 0xff);
1450 }
1451 
1452 static void get_sel_entry(IPMIBmcSim *ibs,
1453                           uint8_t *cmd, unsigned int cmd_len,
1454                           RspBuffer *rsp)
1455 {
1456     unsigned int val;
1457 
1458     if (cmd[6]) {
1459         if ((cmd[2] | (cmd[3] << 8)) != ibs->sel.reservation) {
1460             rsp_buffer_set_error(rsp, IPMI_CC_INVALID_RESERVATION);
1461             return;
1462         }
1463     }
1464     if (ibs->sel.next_free == 0) {
1465         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1466         return;
1467     }
1468     if (cmd[6] > 15) {
1469         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1470         return;
1471     }
1472     if (cmd[7] == 0xff) {
1473         cmd[7] = 16;
1474     } else if ((cmd[7] + cmd[6]) > 16) {
1475         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1476         return;
1477     } else {
1478         cmd[7] += cmd[6];
1479     }
1480 
1481     val = cmd[4] | (cmd[5] << 8);
1482     if (val == 0xffff) {
1483         val = ibs->sel.next_free - 1;
1484     } else if (val >= ibs->sel.next_free) {
1485         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1486         return;
1487     }
1488     if ((val + 1) == ibs->sel.next_free) {
1489         rsp_buffer_push(rsp, 0xff);
1490         rsp_buffer_push(rsp, 0xff);
1491     } else {
1492         rsp_buffer_push(rsp, (val + 1) & 0xff);
1493         rsp_buffer_push(rsp, ((val + 1) >> 8) & 0xff);
1494     }
1495     for (; cmd[6] < cmd[7]; cmd[6]++) {
1496         rsp_buffer_push(rsp, ibs->sel.sel[val][cmd[6]]);
1497     }
1498 }
1499 
1500 static void add_sel_entry(IPMIBmcSim *ibs,
1501                           uint8_t *cmd, unsigned int cmd_len,
1502                           RspBuffer *rsp)
1503 {
1504     if (sel_add_event(ibs, cmd + 2)) {
1505         rsp_buffer_set_error(rsp, IPMI_CC_OUT_OF_SPACE);
1506         return;
1507     }
1508     /* sel_add_event fills in the record number. */
1509     rsp_buffer_push(rsp, cmd[2]);
1510     rsp_buffer_push(rsp, cmd[3]);
1511 }
1512 
1513 static void clear_sel(IPMIBmcSim *ibs,
1514                       uint8_t *cmd, unsigned int cmd_len,
1515                       RspBuffer *rsp)
1516 {
1517     if ((cmd[2] | (cmd[3] << 8)) != ibs->sel.reservation) {
1518         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_RESERVATION);
1519         return;
1520     }
1521 
1522     if (cmd[4] != 'C' || cmd[5] != 'L' || cmd[6] != 'R') {
1523         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1524         return;
1525     }
1526     if (cmd[7] == 0xaa) {
1527         ibs->sel.next_free = 0;
1528         ibs->sel.overflow = 0;
1529         set_timestamp(ibs, ibs->sdr.last_clear);
1530         rsp_buffer_push(rsp, 1); /* Erasure complete */
1531         sel_inc_reservation(&ibs->sel);
1532     } else if (cmd[7] == 0) {
1533         rsp_buffer_push(rsp, 1); /* Erasure complete */
1534     } else {
1535         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1536         return;
1537     }
1538 }
1539 
1540 static void get_sel_time(IPMIBmcSim *ibs,
1541                          uint8_t *cmd, unsigned int cmd_len,
1542                          RspBuffer *rsp)
1543 {
1544     uint32_t val;
1545     struct ipmi_time now;
1546 
1547     ipmi_gettime(&now);
1548     val = now.tv_sec + ibs->sel.time_offset;
1549     rsp_buffer_push(rsp, val & 0xff);
1550     rsp_buffer_push(rsp, (val >> 8) & 0xff);
1551     rsp_buffer_push(rsp, (val >> 16) & 0xff);
1552     rsp_buffer_push(rsp, (val >> 24) & 0xff);
1553 }
1554 
1555 static void set_sel_time(IPMIBmcSim *ibs,
1556                          uint8_t *cmd, unsigned int cmd_len,
1557                          RspBuffer *rsp)
1558 {
1559     uint32_t val;
1560     struct ipmi_time now;
1561 
1562     val = cmd[2] | (cmd[3] << 8) | (cmd[4] << 16) | (cmd[5] << 24);
1563     ipmi_gettime(&now);
1564     ibs->sel.time_offset = now.tv_sec - ((long) val);
1565 }
1566 
1567 static void platform_event_msg(IPMIBmcSim *ibs,
1568                                uint8_t *cmd, unsigned int cmd_len,
1569                                RspBuffer *rsp)
1570 {
1571     uint8_t event[16];
1572 
1573     event[2] = 2; /* System event record */
1574     event[7] = cmd[2]; /* Generator ID */
1575     event[8] = 0;
1576     event[9] = cmd[3]; /* EvMRev */
1577     event[10] = cmd[4]; /* Sensor type */
1578     event[11] = cmd[5]; /* Sensor number */
1579     event[12] = cmd[6]; /* Event dir / Event type */
1580     event[13] = cmd[7]; /* Event data 1 */
1581     event[14] = cmd[8]; /* Event data 2 */
1582     event[15] = cmd[9]; /* Event data 3 */
1583 
1584     if (sel_add_event(ibs, event)) {
1585         rsp_buffer_set_error(rsp, IPMI_CC_OUT_OF_SPACE);
1586     }
1587 }
1588 
1589 static void set_sensor_evt_enable(IPMIBmcSim *ibs,
1590                                   uint8_t *cmd, unsigned int cmd_len,
1591                                   RspBuffer *rsp)
1592 {
1593     IPMISensor *sens;
1594 
1595     if ((cmd[2] >= MAX_SENSORS) ||
1596             !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1597         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1598         return;
1599     }
1600     sens = ibs->sensors + cmd[2];
1601     switch ((cmd[3] >> 4) & 0x3) {
1602     case 0: /* Do not change */
1603         break;
1604     case 1: /* Enable bits */
1605         if (cmd_len > 4) {
1606             sens->assert_enable |= cmd[4];
1607         }
1608         if (cmd_len > 5) {
1609             sens->assert_enable |= cmd[5] << 8;
1610         }
1611         if (cmd_len > 6) {
1612             sens->deassert_enable |= cmd[6];
1613         }
1614         if (cmd_len > 7) {
1615             sens->deassert_enable |= cmd[7] << 8;
1616         }
1617         break;
1618     case 2: /* Disable bits */
1619         if (cmd_len > 4) {
1620             sens->assert_enable &= ~cmd[4];
1621         }
1622         if (cmd_len > 5) {
1623             sens->assert_enable &= ~(cmd[5] << 8);
1624         }
1625         if (cmd_len > 6) {
1626             sens->deassert_enable &= ~cmd[6];
1627         }
1628         if (cmd_len > 7) {
1629             sens->deassert_enable &= ~(cmd[7] << 8);
1630         }
1631         break;
1632     case 3:
1633         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1634         return;
1635     }
1636     IPMI_SENSOR_SET_RET_STATUS(sens, cmd[3]);
1637 }
1638 
1639 static void get_sensor_evt_enable(IPMIBmcSim *ibs,
1640                                   uint8_t *cmd, unsigned int cmd_len,
1641                                   RspBuffer *rsp)
1642 {
1643     IPMISensor *sens;
1644 
1645     if ((cmd[2] >= MAX_SENSORS) ||
1646         !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1647         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1648         return;
1649     }
1650     sens = ibs->sensors + cmd[2];
1651     rsp_buffer_push(rsp, IPMI_SENSOR_GET_RET_STATUS(sens));
1652     rsp_buffer_push(rsp, sens->assert_enable & 0xff);
1653     rsp_buffer_push(rsp, (sens->assert_enable >> 8) & 0xff);
1654     rsp_buffer_push(rsp, sens->deassert_enable & 0xff);
1655     rsp_buffer_push(rsp, (sens->deassert_enable >> 8) & 0xff);
1656 }
1657 
1658 static void rearm_sensor_evts(IPMIBmcSim *ibs,
1659                               uint8_t *cmd, unsigned int cmd_len,
1660                               RspBuffer *rsp)
1661 {
1662     IPMISensor *sens;
1663 
1664     if ((cmd[2] >= MAX_SENSORS) ||
1665         !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1666         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1667         return;
1668     }
1669     sens = ibs->sensors + cmd[2];
1670 
1671     if ((cmd[3] & 0x80) == 0) {
1672         /* Just clear everything */
1673         sens->states = 0;
1674         return;
1675     }
1676 }
1677 
1678 static void get_sensor_evt_status(IPMIBmcSim *ibs,
1679                                   uint8_t *cmd, unsigned int cmd_len,
1680                                   RspBuffer *rsp)
1681 {
1682     IPMISensor *sens;
1683 
1684     if ((cmd[2] >= MAX_SENSORS) ||
1685         !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1686         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1687         return;
1688     }
1689     sens = ibs->sensors + cmd[2];
1690     rsp_buffer_push(rsp, sens->reading);
1691     rsp_buffer_push(rsp, IPMI_SENSOR_GET_RET_STATUS(sens));
1692     rsp_buffer_push(rsp, sens->assert_states & 0xff);
1693     rsp_buffer_push(rsp, (sens->assert_states >> 8) & 0xff);
1694     rsp_buffer_push(rsp, sens->deassert_states & 0xff);
1695     rsp_buffer_push(rsp, (sens->deassert_states >> 8) & 0xff);
1696 }
1697 
1698 static void get_sensor_reading(IPMIBmcSim *ibs,
1699                                uint8_t *cmd, unsigned int cmd_len,
1700                                RspBuffer *rsp)
1701 {
1702     IPMISensor *sens;
1703 
1704     if ((cmd[2] >= MAX_SENSORS) ||
1705             !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1706         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1707         return;
1708     }
1709     sens = ibs->sensors + cmd[2];
1710     rsp_buffer_push(rsp, sens->reading);
1711     rsp_buffer_push(rsp, IPMI_SENSOR_GET_RET_STATUS(sens));
1712     rsp_buffer_push(rsp, sens->states & 0xff);
1713     if (IPMI_SENSOR_IS_DISCRETE(sens)) {
1714         rsp_buffer_push(rsp, (sens->states >> 8) & 0xff);
1715     }
1716 }
1717 
1718 static void set_sensor_type(IPMIBmcSim *ibs,
1719                             uint8_t *cmd, unsigned int cmd_len,
1720                             RspBuffer *rsp)
1721 {
1722     IPMISensor *sens;
1723 
1724 
1725     if ((cmd[2] >= MAX_SENSORS) ||
1726             !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1727         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1728         return;
1729     }
1730     sens = ibs->sensors + cmd[2];
1731     sens->sensor_type = cmd[3];
1732     sens->evt_reading_type_code = cmd[4] & 0x7f;
1733 }
1734 
1735 static void get_sensor_type(IPMIBmcSim *ibs,
1736                             uint8_t *cmd, unsigned int cmd_len,
1737                             RspBuffer *rsp)
1738 {
1739     IPMISensor *sens;
1740 
1741 
1742     if ((cmd[2] >= MAX_SENSORS) ||
1743             !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1744         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1745         return;
1746     }
1747     sens = ibs->sensors + cmd[2];
1748     rsp_buffer_push(rsp, sens->sensor_type);
1749     rsp_buffer_push(rsp, sens->evt_reading_type_code);
1750 }
1751 
1752 /*
1753  * bytes   parameter
1754  *    1    sensor number
1755  *    2    operation (see below for bits meaning)
1756  *    3    sensor reading
1757  *  4:5    assertion states (optional)
1758  *  6:7    deassertion states (optional)
1759  *  8:10   event data 1,2,3 (optional)
1760  */
1761 static void set_sensor_reading(IPMIBmcSim *ibs,
1762                                uint8_t *cmd, unsigned int cmd_len,
1763                                RspBuffer *rsp)
1764 {
1765     IPMISensor *sens;
1766     uint8_t evd1 = 0;
1767     uint8_t evd2 = 0;
1768     uint8_t evd3 = 0;
1769     uint8_t new_reading = 0;
1770     uint16_t new_assert_states = 0;
1771     uint16_t new_deassert_states = 0;
1772     bool change_reading = false;
1773     bool change_assert = false;
1774     bool change_deassert = false;
1775     enum {
1776         SENSOR_GEN_EVENT_NONE,
1777         SENSOR_GEN_EVENT_DATA,
1778         SENSOR_GEN_EVENT_BMC,
1779     } do_gen_event = SENSOR_GEN_EVENT_NONE;
1780 
1781     if ((cmd[2] >= MAX_SENSORS) ||
1782             !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
1783         rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
1784         return;
1785     }
1786 
1787     sens = ibs->sensors + cmd[2];
1788 
1789     /* [1:0] Sensor Reading operation */
1790     switch ((cmd[3]) & 0x3) {
1791     case 0: /* Do not change */
1792         break;
1793     case 1: /* write given value to sensor reading byte */
1794         new_reading = cmd[4];
1795         if (sens->reading != new_reading) {
1796             change_reading = true;
1797         }
1798         break;
1799     case 2:
1800     case 3:
1801         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1802         return;
1803     }
1804 
1805     /* [3:2] Deassertion bits operation */
1806     switch ((cmd[3] >> 2) & 0x3) {
1807     case 0: /* Do not change */
1808         break;
1809     case 1: /* write given value */
1810         if (cmd_len > 7) {
1811             new_deassert_states = cmd[7];
1812             change_deassert = true;
1813         }
1814         if (cmd_len > 8) {
1815             new_deassert_states |= (cmd[8] << 8);
1816         }
1817         break;
1818 
1819     case 2: /* mask on */
1820         if (cmd_len > 7) {
1821             new_deassert_states = (sens->deassert_states | cmd[7]);
1822             change_deassert = true;
1823         }
1824         if (cmd_len > 8) {
1825             new_deassert_states |= (sens->deassert_states | (cmd[8] << 8));
1826         }
1827         break;
1828 
1829     case 3: /* mask off */
1830         if (cmd_len > 7) {
1831             new_deassert_states = (sens->deassert_states & cmd[7]);
1832             change_deassert = true;
1833         }
1834         if (cmd_len > 8) {
1835             new_deassert_states |= (sens->deassert_states & (cmd[8] << 8));
1836         }
1837         break;
1838     }
1839 
1840     if (change_deassert && (new_deassert_states == sens->deassert_states)) {
1841         change_deassert = false;
1842     }
1843 
1844     /* [5:4] Assertion bits operation */
1845     switch ((cmd[3] >> 4) & 0x3) {
1846     case 0: /* Do not change */
1847         break;
1848     case 1: /* write given value */
1849         if (cmd_len > 5) {
1850             new_assert_states = cmd[5];
1851             change_assert = true;
1852         }
1853         if (cmd_len > 6) {
1854             new_assert_states |= (cmd[6] << 8);
1855         }
1856         break;
1857 
1858     case 2: /* mask on */
1859         if (cmd_len > 5) {
1860             new_assert_states = (sens->assert_states | cmd[5]);
1861             change_assert = true;
1862         }
1863         if (cmd_len > 6) {
1864             new_assert_states |= (sens->assert_states | (cmd[6] << 8));
1865         }
1866         break;
1867 
1868     case 3: /* mask off */
1869         if (cmd_len > 5) {
1870             new_assert_states = (sens->assert_states & cmd[5]);
1871             change_assert = true;
1872         }
1873         if (cmd_len > 6) {
1874             new_assert_states |= (sens->assert_states & (cmd[6] << 8));
1875         }
1876         break;
1877     }
1878 
1879     if (change_assert && (new_assert_states == sens->assert_states)) {
1880         change_assert = false;
1881     }
1882 
1883     if (cmd_len > 9) {
1884         evd1 = cmd[9];
1885     }
1886     if (cmd_len > 10) {
1887         evd2 = cmd[10];
1888     }
1889     if (cmd_len > 11) {
1890         evd3 = cmd[11];
1891     }
1892 
1893     /* [7:6] Event Data Bytes operation */
1894     switch ((cmd[3] >> 6) & 0x3) {
1895     case 0: /*
1896              * Don’t use Event Data bytes from this command. BMC will
1897              * generate it's own Event Data bytes based on its sensor
1898              * implementation.
1899              */
1900         evd1 = evd2 = evd3 = 0x0;
1901         do_gen_event = SENSOR_GEN_EVENT_BMC;
1902         break;
1903     case 1: /*
1904              * Write given values to event data bytes including bits
1905              * [3:0] Event Data 1.
1906              */
1907         do_gen_event = SENSOR_GEN_EVENT_DATA;
1908         break;
1909     case 2: /*
1910              * Write given values to event data bytes excluding bits
1911              * [3:0] Event Data 1.
1912              */
1913         evd1 &= 0xf0;
1914         do_gen_event = SENSOR_GEN_EVENT_DATA;
1915         break;
1916     case 3:
1917         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1918         return;
1919     }
1920 
1921     /*
1922      * Event Data Bytes operation and parameter are inconsistent. The
1923      * Specs are not clear on that topic but generating an error seems
1924      * correct.
1925      */
1926     if (do_gen_event == SENSOR_GEN_EVENT_DATA && cmd_len < 10) {
1927         rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
1928         return;
1929     }
1930 
1931     /* commit values */
1932     if (change_reading) {
1933         sens->reading = new_reading;
1934     }
1935 
1936     if (change_assert) {
1937         sens->assert_states = new_assert_states;
1938     }
1939 
1940     if (change_deassert) {
1941         sens->deassert_states = new_deassert_states;
1942     }
1943 
1944     /* TODO: handle threshold sensor */
1945     if (!IPMI_SENSOR_IS_DISCRETE(sens)) {
1946         return;
1947     }
1948 
1949     switch (do_gen_event) {
1950     case SENSOR_GEN_EVENT_DATA: {
1951         unsigned int bit = evd1 & 0xf;
1952         uint16_t mask = (1 << bit);
1953 
1954         if (sens->assert_states & mask & sens->assert_enable) {
1955             gen_event(ibs, cmd[2], 0, evd1, evd2, evd3);
1956         }
1957 
1958         if (sens->deassert_states & mask & sens->deassert_enable) {
1959             gen_event(ibs, cmd[2], 1, evd1, evd2, evd3);
1960         }
1961         break;
1962     }
1963     case SENSOR_GEN_EVENT_BMC:
1964         /*
1965          * TODO: generate event and event data bytes depending on the
1966          * sensor
1967          */
1968         break;
1969     case SENSOR_GEN_EVENT_NONE:
1970         break;
1971     }
1972 }
1973 
1974 static const IPMICmdHandler chassis_cmds[] = {
1975     [IPMI_CMD_GET_CHASSIS_CAPABILITIES] = { chassis_capabilities },
1976     [IPMI_CMD_GET_CHASSIS_STATUS] = { chassis_status },
1977     [IPMI_CMD_CHASSIS_CONTROL] = { chassis_control, 3 },
1978     [IPMI_CMD_GET_SYS_RESTART_CAUSE] = { chassis_get_sys_restart_cause }
1979 };
1980 static const IPMINetfn chassis_netfn = {
1981     .cmd_nums = ARRAY_SIZE(chassis_cmds),
1982     .cmd_handlers = chassis_cmds
1983 };
1984 
1985 static const IPMICmdHandler sensor_event_cmds[] = {
1986     [IPMI_CMD_PLATFORM_EVENT_MSG] = { platform_event_msg, 10 },
1987     [IPMI_CMD_SET_SENSOR_EVT_ENABLE] = { set_sensor_evt_enable, 4 },
1988     [IPMI_CMD_GET_SENSOR_EVT_ENABLE] = { get_sensor_evt_enable, 3 },
1989     [IPMI_CMD_REARM_SENSOR_EVTS] = { rearm_sensor_evts, 4 },
1990     [IPMI_CMD_GET_SENSOR_EVT_STATUS] = { get_sensor_evt_status, 3 },
1991     [IPMI_CMD_GET_SENSOR_READING] = { get_sensor_reading, 3 },
1992     [IPMI_CMD_SET_SENSOR_TYPE] = { set_sensor_type, 5 },
1993     [IPMI_CMD_GET_SENSOR_TYPE] = { get_sensor_type, 3 },
1994     [IPMI_CMD_SET_SENSOR_READING] = { set_sensor_reading, 5 },
1995 };
1996 static const IPMINetfn sensor_event_netfn = {
1997     .cmd_nums = ARRAY_SIZE(sensor_event_cmds),
1998     .cmd_handlers = sensor_event_cmds
1999 };
2000 
2001 static const IPMICmdHandler app_cmds[] = {
2002     [IPMI_CMD_GET_DEVICE_ID] = { get_device_id },
2003     [IPMI_CMD_COLD_RESET] = { cold_reset },
2004     [IPMI_CMD_WARM_RESET] = { warm_reset },
2005     [IPMI_CMD_SET_ACPI_POWER_STATE] = { set_acpi_power_state, 4 },
2006     [IPMI_CMD_GET_ACPI_POWER_STATE] = { get_acpi_power_state },
2007     [IPMI_CMD_GET_DEVICE_GUID] = { get_device_guid },
2008     [IPMI_CMD_SET_BMC_GLOBAL_ENABLES] = { set_bmc_global_enables, 3 },
2009     [IPMI_CMD_GET_BMC_GLOBAL_ENABLES] = { get_bmc_global_enables },
2010     [IPMI_CMD_CLR_MSG_FLAGS] = { clr_msg_flags, 3 },
2011     [IPMI_CMD_GET_MSG_FLAGS] = { get_msg_flags },
2012     [IPMI_CMD_GET_MSG] = { get_msg },
2013     [IPMI_CMD_SEND_MSG] = { send_msg, 3 },
2014     [IPMI_CMD_READ_EVT_MSG_BUF] = { read_evt_msg_buf },
2015     [IPMI_CMD_RESET_WATCHDOG_TIMER] = { reset_watchdog_timer },
2016     [IPMI_CMD_SET_WATCHDOG_TIMER] = { set_watchdog_timer, 8 },
2017     [IPMI_CMD_GET_WATCHDOG_TIMER] = { get_watchdog_timer },
2018 };
2019 static const IPMINetfn app_netfn = {
2020     .cmd_nums = ARRAY_SIZE(app_cmds),
2021     .cmd_handlers = app_cmds
2022 };
2023 
2024 static const IPMICmdHandler storage_cmds[] = {
2025     [IPMI_CMD_GET_FRU_AREA_INFO] = { get_fru_area_info, 3 },
2026     [IPMI_CMD_READ_FRU_DATA] = { read_fru_data, 5 },
2027     [IPMI_CMD_WRITE_FRU_DATA] = { write_fru_data, 5 },
2028     [IPMI_CMD_GET_SDR_REP_INFO] = { get_sdr_rep_info },
2029     [IPMI_CMD_RESERVE_SDR_REP] = { reserve_sdr_rep },
2030     [IPMI_CMD_GET_SDR] = { get_sdr, 8 },
2031     [IPMI_CMD_ADD_SDR] = { add_sdr },
2032     [IPMI_CMD_CLEAR_SDR_REP] = { clear_sdr_rep, 8 },
2033     [IPMI_CMD_GET_SEL_INFO] = { get_sel_info },
2034     [IPMI_CMD_RESERVE_SEL] = { reserve_sel },
2035     [IPMI_CMD_GET_SEL_ENTRY] = { get_sel_entry, 8 },
2036     [IPMI_CMD_ADD_SEL_ENTRY] = { add_sel_entry, 18 },
2037     [IPMI_CMD_CLEAR_SEL] = { clear_sel, 8 },
2038     [IPMI_CMD_GET_SEL_TIME] = { get_sel_time },
2039     [IPMI_CMD_SET_SEL_TIME] = { set_sel_time, 6 },
2040 };
2041 
2042 static const IPMINetfn storage_netfn = {
2043     .cmd_nums = ARRAY_SIZE(storage_cmds),
2044     .cmd_handlers = storage_cmds
2045 };
2046 
2047 static void register_cmds(IPMIBmcSim *s)
2048 {
2049     ipmi_sim_register_netfn(s, IPMI_NETFN_CHASSIS, &chassis_netfn);
2050     ipmi_sim_register_netfn(s, IPMI_NETFN_SENSOR_EVENT, &sensor_event_netfn);
2051     ipmi_sim_register_netfn(s, IPMI_NETFN_APP, &app_netfn);
2052     ipmi_sim_register_netfn(s, IPMI_NETFN_STORAGE, &storage_netfn);
2053 }
2054 
2055 static uint8_t init_sdrs[] = {
2056     /* Watchdog device */
2057     0x00, 0x00, 0x51, 0x02,   35, 0x20, 0x00, 0x00,
2058     0x23, 0x01, 0x63, 0x00, 0x23, 0x6f, 0x0f, 0x01,
2059     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2060     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc8,
2061     'W',  'a',  't',  'c',  'h',  'd',  'o',  'g',
2062 };
2063 
2064 static void ipmi_sdr_init(IPMIBmcSim *ibs)
2065 {
2066     unsigned int i;
2067     int len;
2068     size_t sdrs_size;
2069     uint8_t *sdrs;
2070 
2071     sdrs_size = sizeof(init_sdrs);
2072     sdrs = init_sdrs;
2073     if (ibs->sdr_filename &&
2074         !g_file_get_contents(ibs->sdr_filename, (gchar **) &sdrs, &sdrs_size,
2075                              NULL)) {
2076         error_report("failed to load sdr file '%s'", ibs->sdr_filename);
2077         sdrs_size = sizeof(init_sdrs);
2078         sdrs = init_sdrs;
2079     }
2080 
2081     for (i = 0; i < sdrs_size; i += len) {
2082         struct ipmi_sdr_header *sdrh;
2083 
2084         if (i + IPMI_SDR_HEADER_SIZE > sdrs_size) {
2085             error_report("Problem with recid 0x%4.4x", i);
2086             break;
2087         }
2088         sdrh = (struct ipmi_sdr_header *) &sdrs[i];
2089         len = ipmi_sdr_length(sdrh);
2090         if (i + len > sdrs_size) {
2091             error_report("Problem with recid 0x%4.4x", i);
2092             break;
2093         }
2094         sdr_add_entry(ibs, sdrh, len, NULL);
2095     }
2096 
2097     if (sdrs != init_sdrs) {
2098         g_free(sdrs);
2099     }
2100 }
2101 
2102 static const VMStateDescription vmstate_ipmi_sim = {
2103     .name = TYPE_IPMI_BMC_SIMULATOR,
2104     .version_id = 1,
2105     .minimum_version_id = 1,
2106     .fields      = (VMStateField[]) {
2107         VMSTATE_UINT8(bmc_global_enables, IPMIBmcSim),
2108         VMSTATE_UINT8(msg_flags, IPMIBmcSim),
2109         VMSTATE_BOOL(watchdog_initialized, IPMIBmcSim),
2110         VMSTATE_UINT8(watchdog_use, IPMIBmcSim),
2111         VMSTATE_UINT8(watchdog_action, IPMIBmcSim),
2112         VMSTATE_UINT8(watchdog_pretimeout, IPMIBmcSim),
2113         VMSTATE_BOOL(watchdog_expired, IPMIBmcSim),
2114         VMSTATE_UINT16(watchdog_timeout, IPMIBmcSim),
2115         VMSTATE_BOOL(watchdog_running, IPMIBmcSim),
2116         VMSTATE_BOOL(watchdog_preaction_ran, IPMIBmcSim),
2117         VMSTATE_INT64(watchdog_expiry, IPMIBmcSim),
2118         VMSTATE_UINT8_ARRAY(evtbuf, IPMIBmcSim, 16),
2119         VMSTATE_UINT8(sensors[IPMI_WATCHDOG_SENSOR].status, IPMIBmcSim),
2120         VMSTATE_UINT8(sensors[IPMI_WATCHDOG_SENSOR].reading, IPMIBmcSim),
2121         VMSTATE_UINT16(sensors[IPMI_WATCHDOG_SENSOR].states, IPMIBmcSim),
2122         VMSTATE_UINT16(sensors[IPMI_WATCHDOG_SENSOR].assert_states, IPMIBmcSim),
2123         VMSTATE_UINT16(sensors[IPMI_WATCHDOG_SENSOR].deassert_states,
2124                        IPMIBmcSim),
2125         VMSTATE_UINT16(sensors[IPMI_WATCHDOG_SENSOR].assert_enable, IPMIBmcSim),
2126         VMSTATE_END_OF_LIST()
2127     }
2128 };
2129 
2130 static void ipmi_fru_init(IPMIFru *fru)
2131 {
2132     int fsize;
2133     int size = 0;
2134 
2135     if (!fru->filename) {
2136         goto out;
2137     }
2138 
2139     fsize = get_image_size(fru->filename);
2140     if (fsize > 0) {
2141         size = QEMU_ALIGN_UP(fsize, fru->areasize);
2142         fru->data = g_malloc0(size);
2143         if (load_image_size(fru->filename, fru->data, fsize) != fsize) {
2144             error_report("Could not load file '%s'", fru->filename);
2145             g_free(fru->data);
2146             fru->data = NULL;
2147         }
2148     }
2149 
2150 out:
2151     if (!fru->data) {
2152         /* give one default FRU */
2153         size = fru->areasize;
2154         fru->data = g_malloc0(size);
2155     }
2156 
2157     fru->nentries = size / fru->areasize;
2158 }
2159 
2160 static void ipmi_sim_realize(DeviceState *dev, Error **errp)
2161 {
2162     IPMIBmc *b = IPMI_BMC(dev);
2163     unsigned int i;
2164     IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b);
2165 
2166     QTAILQ_INIT(&ibs->rcvbufs);
2167 
2168     ibs->bmc_global_enables = (1 << IPMI_BMC_EVENT_LOG_BIT);
2169     ibs->device_id = 0x20;
2170     ibs->ipmi_version = 0x02; /* IPMI 2.0 */
2171     ibs->restart_cause = 0;
2172     for (i = 0; i < 4; i++) {
2173         ibs->sel.last_addition[i] = 0xff;
2174         ibs->sel.last_clear[i] = 0xff;
2175         ibs->sdr.last_addition[i] = 0xff;
2176         ibs->sdr.last_clear[i] = 0xff;
2177     }
2178 
2179     ipmi_sdr_init(ibs);
2180 
2181     ipmi_fru_init(&ibs->fru);
2182 
2183     ibs->acpi_power_state[0] = 0;
2184     ibs->acpi_power_state[1] = 0;
2185 
2186     ipmi_init_sensors_from_sdrs(ibs);
2187     register_cmds(ibs);
2188 
2189     ibs->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ipmi_timeout, ibs);
2190 
2191     vmstate_register(NULL, 0, &vmstate_ipmi_sim, ibs);
2192 }
2193 
2194 static Property ipmi_sim_properties[] = {
2195     DEFINE_PROP_UINT16("fruareasize", IPMIBmcSim, fru.areasize, 1024),
2196     DEFINE_PROP_STRING("frudatafile", IPMIBmcSim, fru.filename),
2197     DEFINE_PROP_STRING("sdrfile", IPMIBmcSim, sdr_filename),
2198     DEFINE_PROP_UINT8("device_id", IPMIBmcSim, device_id, 0x20),
2199     DEFINE_PROP_UINT8("ipmi_version", IPMIBmcSim, ipmi_version, 0x02),
2200     DEFINE_PROP_UINT8("device_rev", IPMIBmcSim, device_rev, 0),
2201     DEFINE_PROP_UINT8("fwrev1", IPMIBmcSim, fwrev1, 0),
2202     DEFINE_PROP_UINT8("fwrev2", IPMIBmcSim, fwrev2, 0),
2203     DEFINE_PROP_UINT32("mfg_id", IPMIBmcSim, mfg_id, 0),
2204     DEFINE_PROP_UINT16("product_id", IPMIBmcSim, product_id, 0),
2205     DEFINE_PROP_UUID_NODEFAULT("guid", IPMIBmcSim, uuid),
2206     DEFINE_PROP_END_OF_LIST(),
2207 };
2208 
2209 static void ipmi_sim_class_init(ObjectClass *oc, void *data)
2210 {
2211     DeviceClass *dc = DEVICE_CLASS(oc);
2212     IPMIBmcClass *bk = IPMI_BMC_CLASS(oc);
2213 
2214     dc->hotpluggable = false;
2215     dc->realize = ipmi_sim_realize;
2216     device_class_set_props(dc, ipmi_sim_properties);
2217     bk->handle_command = ipmi_sim_handle_command;
2218 }
2219 
2220 static const TypeInfo ipmi_sim_type = {
2221     .name          = TYPE_IPMI_BMC_SIMULATOR,
2222     .parent        = TYPE_IPMI_BMC,
2223     .instance_size = sizeof(IPMIBmcSim),
2224     .class_init    = ipmi_sim_class_init,
2225 };
2226 
2227 static void ipmi_sim_register_types(void)
2228 {
2229     type_register_static(&ipmi_sim_type);
2230 }
2231 
2232 type_init(ipmi_sim_register_types)
2233