1 /* 2 * QEMU ISA IPMI BT emulation 3 * 4 * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 #include "qemu/osdep.h" 25 #include "qapi/error.h" 26 #include "hw/hw.h" 27 #include "hw/ipmi/ipmi.h" 28 #include "hw/isa/isa.h" 29 30 /* Control register */ 31 #define IPMI_BT_CLR_WR_BIT 0 32 #define IPMI_BT_CLR_RD_BIT 1 33 #define IPMI_BT_H2B_ATN_BIT 2 34 #define IPMI_BT_B2H_ATN_BIT 3 35 #define IPMI_BT_SMS_ATN_BIT 4 36 #define IPMI_BT_HBUSY_BIT 6 37 #define IPMI_BT_BBUSY_BIT 7 38 39 #define IPMI_BT_GET_CLR_WR(d) (((d) >> IPMI_BT_CLR_WR_BIT) & 0x1) 40 41 #define IPMI_BT_GET_CLR_RD(d) (((d) >> IPMI_BT_CLR_RD_BIT) & 0x1) 42 43 #define IPMI_BT_GET_H2B_ATN(d) (((d) >> IPMI_BT_H2B_ATN_BIT) & 0x1) 44 45 #define IPMI_BT_B2H_ATN_MASK (1 << IPMI_BT_B2H_ATN_BIT) 46 #define IPMI_BT_GET_B2H_ATN(d) (((d) >> IPMI_BT_B2H_ATN_BIT) & 0x1) 47 #define IPMI_BT_SET_B2H_ATN(d, v) ((d) = (((d) & ~IPMI_BT_B2H_ATN_MASK) | \ 48 (!!(v) << IPMI_BT_B2H_ATN_BIT))) 49 50 #define IPMI_BT_SMS_ATN_MASK (1 << IPMI_BT_SMS_ATN_BIT) 51 #define IPMI_BT_GET_SMS_ATN(d) (((d) >> IPMI_BT_SMS_ATN_BIT) & 0x1) 52 #define IPMI_BT_SET_SMS_ATN(d, v) ((d) = (((d) & ~IPMI_BT_SMS_ATN_MASK) | \ 53 (!!(v) << IPMI_BT_SMS_ATN_BIT))) 54 55 #define IPMI_BT_HBUSY_MASK (1 << IPMI_BT_HBUSY_BIT) 56 #define IPMI_BT_GET_HBUSY(d) (((d) >> IPMI_BT_HBUSY_BIT) & 0x1) 57 #define IPMI_BT_SET_HBUSY(d, v) ((d) = (((d) & ~IPMI_BT_HBUSY_MASK) | \ 58 (!!(v) << IPMI_BT_HBUSY_BIT))) 59 60 #define IPMI_BT_BBUSY_MASK (1 << IPMI_BT_BBUSY_BIT) 61 #define IPMI_BT_SET_BBUSY(d, v) ((d) = (((d) & ~IPMI_BT_BBUSY_MASK) | \ 62 (!!(v) << IPMI_BT_BBUSY_BIT))) 63 64 65 /* Mask register */ 66 #define IPMI_BT_B2H_IRQ_EN_BIT 0 67 #define IPMI_BT_B2H_IRQ_BIT 1 68 69 #define IPMI_BT_B2H_IRQ_EN_MASK (1 << IPMI_BT_B2H_IRQ_EN_BIT) 70 #define IPMI_BT_GET_B2H_IRQ_EN(d) (((d) >> IPMI_BT_B2H_IRQ_EN_BIT) & 0x1) 71 #define IPMI_BT_SET_B2H_IRQ_EN(d, v) ((d) = (((d) & ~IPMI_BT_B2H_IRQ_EN_MASK) |\ 72 (!!(v) << IPMI_BT_B2H_IRQ_EN_BIT))) 73 74 #define IPMI_BT_B2H_IRQ_MASK (1 << IPMI_BT_B2H_IRQ_BIT) 75 #define IPMI_BT_GET_B2H_IRQ(d) (((d) >> IPMI_BT_B2H_IRQ_BIT) & 0x1) 76 #define IPMI_BT_SET_B2H_IRQ(d, v) ((d) = (((d) & ~IPMI_BT_B2H_IRQ_MASK) | \ 77 (!!(v) << IPMI_BT_B2H_IRQ_BIT))) 78 79 typedef struct IPMIBT { 80 IPMIBmc *bmc; 81 82 bool do_wake; 83 84 qemu_irq irq; 85 86 uint32_t io_base; 87 unsigned long io_length; 88 MemoryRegion io; 89 90 bool obf_irq_set; 91 bool atn_irq_set; 92 bool use_irq; 93 bool irqs_enabled; 94 95 uint8_t outmsg[MAX_IPMI_MSG_SIZE]; 96 uint32_t outpos; 97 uint32_t outlen; 98 99 uint8_t inmsg[MAX_IPMI_MSG_SIZE]; 100 uint32_t inlen; 101 102 uint8_t control_reg; 103 uint8_t mask_reg; 104 105 /* 106 * This is a response number that we send with the command to make 107 * sure that the response matches the command. 108 */ 109 uint8_t waiting_rsp; 110 uint8_t waiting_seq; 111 } IPMIBT; 112 113 #define IPMI_CMD_GET_BT_INTF_CAP 0x36 114 115 static void ipmi_bt_handle_event(IPMIInterface *ii) 116 { 117 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 118 IPMIBT *ib = iic->get_backend_data(ii); 119 120 if (ib->inlen < 4) { 121 goto out; 122 } 123 /* Note that overruns are handled by handle_command */ 124 if (ib->inmsg[0] != (ib->inlen - 1)) { 125 /* Length mismatch, just ignore. */ 126 IPMI_BT_SET_BBUSY(ib->control_reg, 1); 127 ib->inlen = 0; 128 goto out; 129 } 130 if ((ib->inmsg[1] == (IPMI_NETFN_APP << 2)) && 131 (ib->inmsg[3] == IPMI_CMD_GET_BT_INTF_CAP)) { 132 /* We handle this one ourselves. */ 133 ib->outmsg[0] = 9; 134 ib->outmsg[1] = ib->inmsg[1] | 0x04; 135 ib->outmsg[2] = ib->inmsg[2]; 136 ib->outmsg[3] = ib->inmsg[3]; 137 ib->outmsg[4] = 0; 138 ib->outmsg[5] = 1; /* Only support 1 outstanding request. */ 139 if (sizeof(ib->inmsg) > 0xff) { /* Input buffer size */ 140 ib->outmsg[6] = 0xff; 141 } else { 142 ib->outmsg[6] = (unsigned char) sizeof(ib->inmsg); 143 } 144 if (sizeof(ib->outmsg) > 0xff) { /* Output buffer size */ 145 ib->outmsg[7] = 0xff; 146 } else { 147 ib->outmsg[7] = (unsigned char) sizeof(ib->outmsg); 148 } 149 ib->outmsg[8] = 10; /* Max request to response time */ 150 ib->outmsg[9] = 0; /* Don't recommend retries */ 151 ib->outlen = 10; 152 IPMI_BT_SET_BBUSY(ib->control_reg, 0); 153 IPMI_BT_SET_B2H_ATN(ib->control_reg, 1); 154 if (ib->use_irq && ib->irqs_enabled && 155 !IPMI_BT_GET_B2H_IRQ(ib->mask_reg) && 156 IPMI_BT_GET_B2H_IRQ_EN(ib->mask_reg)) { 157 IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 1); 158 qemu_irq_raise(ib->irq); 159 } 160 goto out; 161 } 162 ib->waiting_seq = ib->inmsg[2]; 163 ib->inmsg[2] = ib->inmsg[1]; 164 { 165 IPMIBmcClass *bk = IPMI_BMC_GET_CLASS(ib->bmc); 166 bk->handle_command(ib->bmc, ib->inmsg + 2, ib->inlen - 2, 167 sizeof(ib->inmsg), ib->waiting_rsp); 168 } 169 out: 170 return; 171 } 172 173 static void ipmi_bt_handle_rsp(IPMIInterface *ii, uint8_t msg_id, 174 unsigned char *rsp, unsigned int rsp_len) 175 { 176 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 177 IPMIBT *ib = iic->get_backend_data(ii); 178 179 if (ib->waiting_rsp == msg_id) { 180 ib->waiting_rsp++; 181 if (rsp_len > (sizeof(ib->outmsg) - 2)) { 182 ib->outmsg[0] = 4; 183 ib->outmsg[1] = rsp[0]; 184 ib->outmsg[2] = ib->waiting_seq; 185 ib->outmsg[3] = rsp[1]; 186 ib->outmsg[4] = IPMI_CC_CANNOT_RETURN_REQ_NUM_BYTES; 187 ib->outlen = 5; 188 } else { 189 ib->outmsg[0] = rsp_len + 1; 190 ib->outmsg[1] = rsp[0]; 191 ib->outmsg[2] = ib->waiting_seq; 192 memcpy(ib->outmsg + 3, rsp + 1, rsp_len - 1); 193 ib->outlen = rsp_len + 2; 194 } 195 IPMI_BT_SET_BBUSY(ib->control_reg, 0); 196 IPMI_BT_SET_B2H_ATN(ib->control_reg, 1); 197 if (ib->use_irq && ib->irqs_enabled && 198 !IPMI_BT_GET_B2H_IRQ(ib->mask_reg) && 199 IPMI_BT_GET_B2H_IRQ_EN(ib->mask_reg)) { 200 IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 1); 201 qemu_irq_raise(ib->irq); 202 } 203 } 204 } 205 206 207 static uint64_t ipmi_bt_ioport_read(void *opaque, hwaddr addr, unsigned size) 208 { 209 IPMIInterface *ii = opaque; 210 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 211 IPMIBT *ib = iic->get_backend_data(ii); 212 uint32_t ret = 0xff; 213 214 switch (addr & 3) { 215 case 0: 216 ret = ib->control_reg; 217 break; 218 case 1: 219 if (ib->outpos < ib->outlen) { 220 ret = ib->outmsg[ib->outpos]; 221 ib->outpos++; 222 if (ib->outpos == ib->outlen) { 223 ib->outpos = 0; 224 ib->outlen = 0; 225 } 226 } else { 227 ret = 0xff; 228 } 229 break; 230 case 2: 231 ret = ib->mask_reg; 232 break; 233 } 234 return ret; 235 } 236 237 static void ipmi_bt_signal(IPMIBT *ib, IPMIInterface *ii) 238 { 239 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 240 241 ib->do_wake = 1; 242 while (ib->do_wake) { 243 ib->do_wake = 0; 244 iic->handle_if_event(ii); 245 } 246 } 247 248 static void ipmi_bt_ioport_write(void *opaque, hwaddr addr, uint64_t val, 249 unsigned size) 250 { 251 IPMIInterface *ii = opaque; 252 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 253 IPMIBT *ib = iic->get_backend_data(ii); 254 255 switch (addr & 3) { 256 case 0: 257 if (IPMI_BT_GET_CLR_WR(val)) { 258 ib->inlen = 0; 259 } 260 if (IPMI_BT_GET_CLR_RD(val)) { 261 ib->outpos = 0; 262 } 263 if (IPMI_BT_GET_B2H_ATN(val)) { 264 IPMI_BT_SET_B2H_ATN(ib->control_reg, 0); 265 } 266 if (IPMI_BT_GET_SMS_ATN(val)) { 267 IPMI_BT_SET_SMS_ATN(ib->control_reg, 0); 268 } 269 if (IPMI_BT_GET_HBUSY(val)) { 270 /* Toggle */ 271 IPMI_BT_SET_HBUSY(ib->control_reg, 272 !IPMI_BT_GET_HBUSY(ib->control_reg)); 273 } 274 if (IPMI_BT_GET_H2B_ATN(val)) { 275 IPMI_BT_SET_BBUSY(ib->control_reg, 1); 276 ipmi_bt_signal(ib, ii); 277 } 278 break; 279 280 case 1: 281 if (ib->inlen < sizeof(ib->inmsg)) { 282 ib->inmsg[ib->inlen] = val; 283 } 284 ib->inlen++; 285 break; 286 287 case 2: 288 if (IPMI_BT_GET_B2H_IRQ_EN(val) != 289 IPMI_BT_GET_B2H_IRQ_EN(ib->mask_reg)) { 290 if (IPMI_BT_GET_B2H_IRQ_EN(val)) { 291 if (IPMI_BT_GET_B2H_ATN(ib->control_reg) || 292 IPMI_BT_GET_SMS_ATN(ib->control_reg)) { 293 IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 1); 294 qemu_irq_raise(ib->irq); 295 } 296 IPMI_BT_SET_B2H_IRQ_EN(ib->mask_reg, 1); 297 } else { 298 if (IPMI_BT_GET_B2H_IRQ(ib->mask_reg)) { 299 IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 0); 300 qemu_irq_lower(ib->irq); 301 } 302 IPMI_BT_SET_B2H_IRQ_EN(ib->mask_reg, 0); 303 } 304 } 305 if (IPMI_BT_GET_B2H_IRQ(val) && IPMI_BT_GET_B2H_IRQ(ib->mask_reg)) { 306 IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 0); 307 qemu_irq_lower(ib->irq); 308 } 309 break; 310 } 311 } 312 313 static const MemoryRegionOps ipmi_bt_io_ops = { 314 .read = ipmi_bt_ioport_read, 315 .write = ipmi_bt_ioport_write, 316 .impl = { 317 .min_access_size = 1, 318 .max_access_size = 1, 319 }, 320 .endianness = DEVICE_LITTLE_ENDIAN, 321 }; 322 323 static void ipmi_bt_set_atn(IPMIInterface *ii, int val, int irq) 324 { 325 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 326 IPMIBT *ib = iic->get_backend_data(ii); 327 328 if (!!val == IPMI_BT_GET_SMS_ATN(ib->control_reg)) { 329 return; 330 } 331 332 IPMI_BT_SET_SMS_ATN(ib->control_reg, val); 333 if (val) { 334 if (irq && ib->use_irq && ib->irqs_enabled && 335 !IPMI_BT_GET_B2H_ATN(ib->control_reg) && 336 IPMI_BT_GET_B2H_IRQ_EN(ib->mask_reg)) { 337 IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 1); 338 qemu_irq_raise(ib->irq); 339 } 340 } else { 341 if (!IPMI_BT_GET_B2H_ATN(ib->control_reg) && 342 IPMI_BT_GET_B2H_IRQ(ib->mask_reg)) { 343 IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 0); 344 qemu_irq_lower(ib->irq); 345 } 346 } 347 } 348 349 static void ipmi_bt_handle_reset(IPMIInterface *ii, bool is_cold) 350 { 351 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 352 IPMIBT *ib = iic->get_backend_data(ii); 353 354 if (is_cold) { 355 /* Disable the BT interrupt on reset */ 356 if (IPMI_BT_GET_B2H_IRQ(ib->mask_reg)) { 357 IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 0); 358 qemu_irq_lower(ib->irq); 359 } 360 IPMI_BT_SET_B2H_IRQ_EN(ib->mask_reg, 0); 361 } 362 } 363 364 static void ipmi_bt_set_irq_enable(IPMIInterface *ii, int val) 365 { 366 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 367 IPMIBT *ib = iic->get_backend_data(ii); 368 369 ib->irqs_enabled = val; 370 } 371 372 static void ipmi_bt_init(IPMIInterface *ii, Error **errp) 373 { 374 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 375 IPMIBT *ib = iic->get_backend_data(ii); 376 377 ib->io_length = 3; 378 379 memory_region_init_io(&ib->io, NULL, &ipmi_bt_io_ops, ii, "ipmi-bt", 3); 380 } 381 382 383 #define TYPE_ISA_IPMI_BT "isa-ipmi-bt" 384 #define ISA_IPMI_BT(obj) OBJECT_CHECK(ISAIPMIBTDevice, (obj), \ 385 TYPE_ISA_IPMI_BT) 386 387 typedef struct ISAIPMIBTDevice { 388 ISADevice dev; 389 int32_t isairq; 390 IPMIBT bt; 391 uint32_t uuid; 392 } ISAIPMIBTDevice; 393 394 static void ipmi_bt_get_fwinfo(struct IPMIInterface *ii, IPMIFwInfo *info) 395 { 396 ISAIPMIBTDevice *iib = ISA_IPMI_BT(ii); 397 398 info->interface_name = "bt"; 399 info->interface_type = IPMI_SMBIOS_BT; 400 info->ipmi_spec_major_revision = 2; 401 info->ipmi_spec_minor_revision = 0; 402 info->base_address = iib->bt.io_base; 403 info->register_length = iib->bt.io_length; 404 info->register_spacing = 1; 405 info->memspace = IPMI_MEMSPACE_IO; 406 info->irq_type = IPMI_LEVEL_IRQ; 407 info->interrupt_number = iib->isairq; 408 info->i2c_slave_address = iib->bt.bmc->slave_addr; 409 info->uuid = iib->uuid; 410 } 411 412 static void ipmi_bt_class_init(IPMIInterfaceClass *iic) 413 { 414 iic->init = ipmi_bt_init; 415 iic->set_atn = ipmi_bt_set_atn; 416 iic->handle_rsp = ipmi_bt_handle_rsp; 417 iic->handle_if_event = ipmi_bt_handle_event; 418 iic->set_irq_enable = ipmi_bt_set_irq_enable; 419 iic->reset = ipmi_bt_handle_reset; 420 iic->get_fwinfo = ipmi_bt_get_fwinfo; 421 } 422 423 static void isa_ipmi_bt_realize(DeviceState *dev, Error **errp) 424 { 425 ISADevice *isadev = ISA_DEVICE(dev); 426 ISAIPMIBTDevice *iib = ISA_IPMI_BT(dev); 427 IPMIInterface *ii = IPMI_INTERFACE(dev); 428 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 429 430 if (!iib->bt.bmc) { 431 error_setg(errp, "IPMI device requires a bmc attribute to be set"); 432 return; 433 } 434 435 iib->uuid = ipmi_next_uuid(); 436 437 iib->bt.bmc->intf = ii; 438 439 iic->init(ii, errp); 440 if (*errp) 441 return; 442 443 if (iib->isairq > 0) { 444 isa_init_irq(isadev, &iib->bt.irq, iib->isairq); 445 iib->bt.use_irq = 1; 446 } 447 448 qdev_set_legacy_instance_id(dev, iib->bt.io_base, iib->bt.io_length); 449 450 isa_register_ioport(isadev, &iib->bt.io, iib->bt.io_base); 451 } 452 453 static const VMStateDescription vmstate_ISAIPMIBTDevice = { 454 .name = TYPE_IPMI_INTERFACE, 455 .version_id = 1, 456 .minimum_version_id = 1, 457 .fields = (VMStateField[]) { 458 VMSTATE_BOOL(bt.obf_irq_set, ISAIPMIBTDevice), 459 VMSTATE_BOOL(bt.atn_irq_set, ISAIPMIBTDevice), 460 VMSTATE_BOOL(bt.use_irq, ISAIPMIBTDevice), 461 VMSTATE_BOOL(bt.irqs_enabled, ISAIPMIBTDevice), 462 VMSTATE_UINT32(bt.outpos, ISAIPMIBTDevice), 463 VMSTATE_VBUFFER_UINT32(bt.outmsg, ISAIPMIBTDevice, 1, NULL, bt.outlen), 464 VMSTATE_VBUFFER_UINT32(bt.inmsg, ISAIPMIBTDevice, 1, NULL, bt.inlen), 465 VMSTATE_UINT8(bt.control_reg, ISAIPMIBTDevice), 466 VMSTATE_UINT8(bt.mask_reg, ISAIPMIBTDevice), 467 VMSTATE_UINT8(bt.waiting_rsp, ISAIPMIBTDevice), 468 VMSTATE_UINT8(bt.waiting_seq, ISAIPMIBTDevice), 469 VMSTATE_END_OF_LIST() 470 } 471 }; 472 473 static void isa_ipmi_bt_init(Object *obj) 474 { 475 ISAIPMIBTDevice *iib = ISA_IPMI_BT(obj); 476 477 ipmi_bmc_find_and_link(obj, (Object **) &iib->bt.bmc); 478 479 vmstate_register(NULL, 0, &vmstate_ISAIPMIBTDevice, iib); 480 } 481 482 static void *isa_ipmi_bt_get_backend_data(IPMIInterface *ii) 483 { 484 ISAIPMIBTDevice *iib = ISA_IPMI_BT(ii); 485 486 return &iib->bt; 487 } 488 489 static Property ipmi_isa_properties[] = { 490 DEFINE_PROP_UINT32("ioport", ISAIPMIBTDevice, bt.io_base, 0xe4), 491 DEFINE_PROP_INT32("irq", ISAIPMIBTDevice, isairq, 5), 492 DEFINE_PROP_END_OF_LIST(), 493 }; 494 495 static void isa_ipmi_bt_class_init(ObjectClass *oc, void *data) 496 { 497 DeviceClass *dc = DEVICE_CLASS(oc); 498 IPMIInterfaceClass *iic = IPMI_INTERFACE_CLASS(oc); 499 500 dc->realize = isa_ipmi_bt_realize; 501 dc->props = ipmi_isa_properties; 502 503 iic->get_backend_data = isa_ipmi_bt_get_backend_data; 504 ipmi_bt_class_init(iic); 505 } 506 507 static const TypeInfo isa_ipmi_bt_info = { 508 .name = TYPE_ISA_IPMI_BT, 509 .parent = TYPE_ISA_DEVICE, 510 .instance_size = sizeof(ISAIPMIBTDevice), 511 .instance_init = isa_ipmi_bt_init, 512 .class_init = isa_ipmi_bt_class_init, 513 .interfaces = (InterfaceInfo[]) { 514 { TYPE_IPMI_INTERFACE }, 515 { } 516 } 517 }; 518 519 static void ipmi_register_types(void) 520 { 521 type_register_static(&isa_ipmi_bt_info); 522 } 523 524 type_init(ipmi_register_types) 525