1 /* 2 * QEMU ISA IPMI KCS emulation 3 * 4 * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "qemu/log.h" 27 #include "qemu/module.h" 28 #include "qapi/error.h" 29 #include "hw/ipmi/ipmi.h" 30 #include "hw/irq.h" 31 #include "hw/isa/isa.h" 32 #include "hw/qdev-properties.h" 33 #include "migration/vmstate.h" 34 35 #define IPMI_KCS_OBF_BIT 0 36 #define IPMI_KCS_IBF_BIT 1 37 #define IPMI_KCS_SMS_ATN_BIT 2 38 #define IPMI_KCS_CD_BIT 3 39 40 #define IPMI_KCS_OBF_MASK (1 << IPMI_KCS_OBF_BIT) 41 #define IPMI_KCS_GET_OBF(d) (((d) >> IPMI_KCS_OBF_BIT) & 0x1) 42 #define IPMI_KCS_SET_OBF(d, v) (d) = (((d) & ~IPMI_KCS_OBF_MASK) | \ 43 (((v) & 1) << IPMI_KCS_OBF_BIT)) 44 #define IPMI_KCS_IBF_MASK (1 << IPMI_KCS_IBF_BIT) 45 #define IPMI_KCS_GET_IBF(d) (((d) >> IPMI_KCS_IBF_BIT) & 0x1) 46 #define IPMI_KCS_SET_IBF(d, v) (d) = (((d) & ~IPMI_KCS_IBF_MASK) | \ 47 (((v) & 1) << IPMI_KCS_IBF_BIT)) 48 #define IPMI_KCS_SMS_ATN_MASK (1 << IPMI_KCS_SMS_ATN_BIT) 49 #define IPMI_KCS_GET_SMS_ATN(d) (((d) >> IPMI_KCS_SMS_ATN_BIT) & 0x1) 50 #define IPMI_KCS_SET_SMS_ATN(d, v) (d) = (((d) & ~IPMI_KCS_SMS_ATN_MASK) | \ 51 (((v) & 1) << IPMI_KCS_SMS_ATN_BIT)) 52 #define IPMI_KCS_CD_MASK (1 << IPMI_KCS_CD_BIT) 53 #define IPMI_KCS_GET_CD(d) (((d) >> IPMI_KCS_CD_BIT) & 0x1) 54 #define IPMI_KCS_SET_CD(d, v) (d) = (((d) & ~IPMI_KCS_CD_MASK) | \ 55 (((v) & 1) << IPMI_KCS_CD_BIT)) 56 57 #define IPMI_KCS_IDLE_STATE 0 58 #define IPMI_KCS_READ_STATE 1 59 #define IPMI_KCS_WRITE_STATE 2 60 #define IPMI_KCS_ERROR_STATE 3 61 62 #define IPMI_KCS_GET_STATE(d) (((d) >> 6) & 0x3) 63 #define IPMI_KCS_SET_STATE(d, v) ((d) = ((d) & ~0xc0) | (((v) & 0x3) << 6)) 64 65 #define IPMI_KCS_ABORT_STATUS_CMD 0x60 66 #define IPMI_KCS_WRITE_START_CMD 0x61 67 #define IPMI_KCS_WRITE_END_CMD 0x62 68 #define IPMI_KCS_READ_CMD 0x68 69 70 #define IPMI_KCS_STATUS_NO_ERR 0x00 71 #define IPMI_KCS_STATUS_ABORTED_ERR 0x01 72 #define IPMI_KCS_STATUS_BAD_CC_ERR 0x02 73 #define IPMI_KCS_STATUS_LENGTH_ERR 0x06 74 75 typedef struct IPMIKCS { 76 IPMIBmc *bmc; 77 78 bool do_wake; 79 80 qemu_irq irq; 81 82 uint32_t io_base; 83 unsigned long io_length; 84 MemoryRegion io; 85 86 bool obf_irq_set; 87 bool atn_irq_set; 88 bool use_irq; 89 bool irqs_enabled; 90 91 uint8_t outmsg[MAX_IPMI_MSG_SIZE]; 92 uint32_t outpos; 93 uint32_t outlen; 94 95 uint8_t inmsg[MAX_IPMI_MSG_SIZE]; 96 uint32_t inlen; 97 bool write_end; 98 99 uint8_t status_reg; 100 uint8_t data_out_reg; 101 102 int16_t data_in_reg; /* -1 means not written */ 103 int16_t cmd_reg; 104 105 /* 106 * This is a response number that we send with the command to make 107 * sure that the response matches the command. 108 */ 109 uint8_t waiting_rsp; 110 } IPMIKCS; 111 112 #define SET_OBF() \ 113 do { \ 114 IPMI_KCS_SET_OBF(ik->status_reg, 1); \ 115 if (ik->use_irq && ik->irqs_enabled && !ik->obf_irq_set) { \ 116 ik->obf_irq_set = 1; \ 117 if (!ik->atn_irq_set) { \ 118 qemu_irq_raise(ik->irq); \ 119 } \ 120 } \ 121 } while (0) 122 123 static void ipmi_kcs_signal(IPMIKCS *ik, IPMIInterface *ii) 124 { 125 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 126 127 ik->do_wake = 1; 128 while (ik->do_wake) { 129 ik->do_wake = 0; 130 iic->handle_if_event(ii); 131 } 132 } 133 134 static void ipmi_kcs_handle_event(IPMIInterface *ii) 135 { 136 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 137 IPMIKCS *ik = iic->get_backend_data(ii); 138 139 if (ik->cmd_reg == IPMI_KCS_ABORT_STATUS_CMD) { 140 if (IPMI_KCS_GET_STATE(ik->status_reg) != IPMI_KCS_ERROR_STATE) { 141 ik->waiting_rsp++; /* Invalidate the message */ 142 ik->outmsg[0] = IPMI_KCS_STATUS_ABORTED_ERR; 143 ik->outlen = 1; 144 ik->outpos = 0; 145 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_ERROR_STATE); 146 SET_OBF(); 147 } 148 goto out; 149 } 150 151 switch (IPMI_KCS_GET_STATE(ik->status_reg)) { 152 case IPMI_KCS_IDLE_STATE: 153 if (ik->cmd_reg == IPMI_KCS_WRITE_START_CMD) { 154 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_WRITE_STATE); 155 ik->cmd_reg = -1; 156 ik->write_end = 0; 157 ik->inlen = 0; 158 SET_OBF(); 159 } 160 break; 161 162 case IPMI_KCS_READ_STATE: 163 handle_read: 164 if (ik->outpos >= ik->outlen) { 165 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_IDLE_STATE); 166 SET_OBF(); 167 } else if (ik->data_in_reg == IPMI_KCS_READ_CMD) { 168 ik->data_out_reg = ik->outmsg[ik->outpos]; 169 ik->outpos++; 170 SET_OBF(); 171 } else { 172 ik->outmsg[0] = IPMI_KCS_STATUS_BAD_CC_ERR; 173 ik->outlen = 1; 174 ik->outpos = 0; 175 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_ERROR_STATE); 176 SET_OBF(); 177 goto out; 178 } 179 break; 180 181 case IPMI_KCS_WRITE_STATE: 182 if (ik->data_in_reg != -1) { 183 /* 184 * Don't worry about input overrun here, that will be 185 * handled in the BMC. 186 */ 187 if (ik->inlen < sizeof(ik->inmsg)) { 188 ik->inmsg[ik->inlen] = ik->data_in_reg; 189 } 190 ik->inlen++; 191 } 192 if (ik->write_end) { 193 IPMIBmcClass *bk = IPMI_BMC_GET_CLASS(ik->bmc); 194 ik->outlen = 0; 195 ik->write_end = 0; 196 ik->outpos = 0; 197 bk->handle_command(ik->bmc, ik->inmsg, ik->inlen, sizeof(ik->inmsg), 198 ik->waiting_rsp); 199 goto out_noibf; 200 } else if (ik->cmd_reg == IPMI_KCS_WRITE_END_CMD) { 201 ik->cmd_reg = -1; 202 ik->write_end = 1; 203 } 204 SET_OBF(); 205 break; 206 207 case IPMI_KCS_ERROR_STATE: 208 if (ik->data_in_reg != -1) { 209 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_READ_STATE); 210 ik->data_in_reg = IPMI_KCS_READ_CMD; 211 goto handle_read; 212 } 213 break; 214 } 215 216 if (ik->cmd_reg != -1) { 217 /* Got an invalid command */ 218 ik->outmsg[0] = IPMI_KCS_STATUS_BAD_CC_ERR; 219 ik->outlen = 1; 220 ik->outpos = 0; 221 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_ERROR_STATE); 222 } 223 224 out: 225 ik->cmd_reg = -1; 226 ik->data_in_reg = -1; 227 IPMI_KCS_SET_IBF(ik->status_reg, 0); 228 out_noibf: 229 return; 230 } 231 232 static void ipmi_kcs_handle_rsp(IPMIInterface *ii, uint8_t msg_id, 233 unsigned char *rsp, unsigned int rsp_len) 234 { 235 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 236 IPMIKCS *ik = iic->get_backend_data(ii); 237 238 if (ik->waiting_rsp == msg_id) { 239 ik->waiting_rsp++; 240 if (rsp_len > sizeof(ik->outmsg)) { 241 ik->outmsg[0] = rsp[0]; 242 ik->outmsg[1] = rsp[1]; 243 ik->outmsg[2] = IPMI_CC_CANNOT_RETURN_REQ_NUM_BYTES; 244 ik->outlen = 3; 245 } else { 246 memcpy(ik->outmsg, rsp, rsp_len); 247 ik->outlen = rsp_len; 248 } 249 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_READ_STATE); 250 ik->data_in_reg = IPMI_KCS_READ_CMD; 251 ipmi_kcs_signal(ik, ii); 252 } 253 } 254 255 256 static uint64_t ipmi_kcs_ioport_read(void *opaque, hwaddr addr, unsigned size) 257 { 258 IPMIInterface *ii = opaque; 259 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 260 IPMIKCS *ik = iic->get_backend_data(ii); 261 uint32_t ret; 262 263 switch (addr & 1) { 264 case 0: 265 ret = ik->data_out_reg; 266 IPMI_KCS_SET_OBF(ik->status_reg, 0); 267 if (ik->obf_irq_set) { 268 ik->obf_irq_set = 0; 269 if (!ik->atn_irq_set) { 270 qemu_irq_lower(ik->irq); 271 } 272 } 273 break; 274 case 1: 275 ret = ik->status_reg; 276 if (ik->atn_irq_set) { 277 ik->atn_irq_set = 0; 278 if (!ik->obf_irq_set) { 279 qemu_irq_lower(ik->irq); 280 } 281 } 282 break; 283 } 284 return ret; 285 } 286 287 static void ipmi_kcs_ioport_write(void *opaque, hwaddr addr, uint64_t val, 288 unsigned size) 289 { 290 IPMIInterface *ii = opaque; 291 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 292 IPMIKCS *ik = iic->get_backend_data(ii); 293 294 if (IPMI_KCS_GET_IBF(ik->status_reg)) { 295 return; 296 } 297 298 switch (addr & 1) { 299 case 0: 300 ik->data_in_reg = val; 301 break; 302 303 case 1: 304 ik->cmd_reg = val; 305 break; 306 } 307 IPMI_KCS_SET_IBF(ik->status_reg, 1); 308 ipmi_kcs_signal(ik, ii); 309 } 310 311 const MemoryRegionOps ipmi_kcs_io_ops = { 312 .read = ipmi_kcs_ioport_read, 313 .write = ipmi_kcs_ioport_write, 314 .impl = { 315 .min_access_size = 1, 316 .max_access_size = 1, 317 }, 318 .endianness = DEVICE_LITTLE_ENDIAN, 319 }; 320 321 static void ipmi_kcs_set_atn(IPMIInterface *ii, int val, int irq) 322 { 323 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 324 IPMIKCS *ik = iic->get_backend_data(ii); 325 326 IPMI_KCS_SET_SMS_ATN(ik->status_reg, val); 327 if (val) { 328 if (irq && !ik->atn_irq_set && ik->use_irq && ik->irqs_enabled) { 329 ik->atn_irq_set = 1; 330 if (!ik->obf_irq_set) { 331 qemu_irq_raise(ik->irq); 332 } 333 } 334 } else { 335 if (ik->atn_irq_set) { 336 ik->atn_irq_set = 0; 337 if (!ik->obf_irq_set) { 338 qemu_irq_lower(ik->irq); 339 } 340 } 341 } 342 } 343 344 static void ipmi_kcs_set_irq_enable(IPMIInterface *ii, int val) 345 { 346 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 347 IPMIKCS *ik = iic->get_backend_data(ii); 348 349 ik->irqs_enabled = val; 350 } 351 352 static void ipmi_kcs_init(IPMIInterface *ii, Error **errp) 353 { 354 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 355 IPMIKCS *ik = iic->get_backend_data(ii); 356 357 ik->io_length = 2; 358 memory_region_init_io(&ik->io, NULL, &ipmi_kcs_io_ops, ii, "ipmi-kcs", 2); 359 } 360 361 #define TYPE_ISA_IPMI_KCS "isa-ipmi-kcs" 362 #define ISA_IPMI_KCS(obj) OBJECT_CHECK(ISAIPMIKCSDevice, (obj), \ 363 TYPE_ISA_IPMI_KCS) 364 365 typedef struct ISAIPMIKCSDevice { 366 ISADevice dev; 367 int32_t isairq; 368 IPMIKCS kcs; 369 uint32_t uuid; 370 } ISAIPMIKCSDevice; 371 372 static void ipmi_kcs_get_fwinfo(IPMIInterface *ii, IPMIFwInfo *info) 373 { 374 ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(ii); 375 376 info->interface_name = "kcs"; 377 info->interface_type = IPMI_SMBIOS_KCS; 378 info->ipmi_spec_major_revision = 2; 379 info->ipmi_spec_minor_revision = 0; 380 info->base_address = iik->kcs.io_base; 381 info->i2c_slave_address = iik->kcs.bmc->slave_addr; 382 info->register_length = iik->kcs.io_length; 383 info->register_spacing = 1; 384 info->memspace = IPMI_MEMSPACE_IO; 385 info->irq_type = IPMI_LEVEL_IRQ; 386 info->interrupt_number = iik->isairq; 387 info->uuid = iik->uuid; 388 } 389 390 static void ipmi_kcs_class_init(IPMIInterfaceClass *iic) 391 { 392 iic->init = ipmi_kcs_init; 393 iic->set_atn = ipmi_kcs_set_atn; 394 iic->handle_rsp = ipmi_kcs_handle_rsp; 395 iic->handle_if_event = ipmi_kcs_handle_event; 396 iic->set_irq_enable = ipmi_kcs_set_irq_enable; 397 iic->get_fwinfo = ipmi_kcs_get_fwinfo; 398 } 399 400 static void ipmi_isa_realize(DeviceState *dev, Error **errp) 401 { 402 ISADevice *isadev = ISA_DEVICE(dev); 403 ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(dev); 404 IPMIInterface *ii = IPMI_INTERFACE(dev); 405 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 406 407 if (!iik->kcs.bmc) { 408 error_setg(errp, "IPMI device requires a bmc attribute to be set"); 409 return; 410 } 411 412 iik->uuid = ipmi_next_uuid(); 413 414 iik->kcs.bmc->intf = ii; 415 416 iic->init(ii, errp); 417 if (*errp) 418 return; 419 420 if (iik->isairq > 0) { 421 isa_init_irq(isadev, &iik->kcs.irq, iik->isairq); 422 iik->kcs.use_irq = 1; 423 } 424 425 qdev_set_legacy_instance_id(dev, iik->kcs.io_base, iik->kcs.io_length); 426 427 isa_register_ioport(isadev, &iik->kcs.io, iik->kcs.io_base); 428 } 429 430 static int ipmi_kcs_vmstate_post_load(void *opaque, int version) 431 { 432 IPMIKCS *ik = opaque; 433 434 /* Make sure all the values are sane. */ 435 if (ik->outpos >= MAX_IPMI_MSG_SIZE || ik->outlen >= MAX_IPMI_MSG_SIZE || 436 ik->outpos >= ik->outlen) { 437 qemu_log_mask(LOG_GUEST_ERROR, 438 "ipmi:kcs: vmstate transfer received bad out values: %d %d\n", 439 ik->outpos, ik->outlen); 440 ik->outpos = 0; 441 ik->outlen = 0; 442 } 443 444 if (ik->inlen >= MAX_IPMI_MSG_SIZE) { 445 qemu_log_mask(LOG_GUEST_ERROR, 446 "ipmi:kcs: vmstate transfer received bad in value: %d\n", 447 ik->inlen); 448 ik->inlen = 0; 449 } 450 451 return 0; 452 } 453 454 static bool vmstate_kcs_before_version2(void *opaque, int version) 455 { 456 return version <= 1; 457 } 458 459 static const VMStateDescription vmstate_IPMIKCS = { 460 .name = TYPE_IPMI_INTERFACE_PREFIX "kcs", 461 .version_id = 2, 462 .minimum_version_id = 1, 463 .post_load = ipmi_kcs_vmstate_post_load, 464 .fields = (VMStateField[]) { 465 VMSTATE_BOOL(obf_irq_set, IPMIKCS), 466 VMSTATE_BOOL(atn_irq_set, IPMIKCS), 467 VMSTATE_UNUSED_TEST(vmstate_kcs_before_version2, 1), /* Was use_irq */ 468 VMSTATE_BOOL(irqs_enabled, IPMIKCS), 469 VMSTATE_UINT32(outpos, IPMIKCS), 470 VMSTATE_UINT32_V(outlen, IPMIKCS, 2), 471 VMSTATE_UINT8_ARRAY(outmsg, IPMIKCS, MAX_IPMI_MSG_SIZE), 472 VMSTATE_UINT32_V(inlen, IPMIKCS, 2), 473 VMSTATE_UINT8_ARRAY(inmsg, IPMIKCS, MAX_IPMI_MSG_SIZE), 474 VMSTATE_BOOL(write_end, IPMIKCS), 475 VMSTATE_UINT8(status_reg, IPMIKCS), 476 VMSTATE_UINT8(data_out_reg, IPMIKCS), 477 VMSTATE_INT16(data_in_reg, IPMIKCS), 478 VMSTATE_INT16(cmd_reg, IPMIKCS), 479 VMSTATE_UINT8(waiting_rsp, IPMIKCS), 480 VMSTATE_END_OF_LIST() 481 } 482 }; 483 484 static const VMStateDescription vmstate_ISAIPMIKCSDevice = { 485 .name = TYPE_IPMI_INTERFACE, 486 .version_id = 2, 487 .minimum_version_id = 1, 488 .fields = (VMStateField[]) { 489 VMSTATE_VSTRUCT_TEST(kcs, ISAIPMIKCSDevice, vmstate_kcs_before_version2, 490 0, vmstate_IPMIKCS, IPMIKCS, 1), 491 VMSTATE_VSTRUCT_V(kcs, ISAIPMIKCSDevice, 2, vmstate_IPMIKCS, 492 IPMIKCS, 2), 493 VMSTATE_END_OF_LIST() 494 } 495 }; 496 497 static void isa_ipmi_kcs_init(Object *obj) 498 { 499 ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(obj); 500 501 ipmi_bmc_find_and_link(obj, (Object **) &iik->kcs.bmc); 502 503 /* 504 * Version 1 had an incorrect name, it clashed with the BT 505 * IPMI device, so receive it, but transmit a different 506 * version. 507 */ 508 vmstate_register(NULL, 0, &vmstate_ISAIPMIKCSDevice, iik); 509 } 510 511 static void *isa_ipmi_kcs_get_backend_data(IPMIInterface *ii) 512 { 513 ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(ii); 514 515 return &iik->kcs; 516 } 517 518 static Property ipmi_isa_properties[] = { 519 DEFINE_PROP_UINT32("ioport", ISAIPMIKCSDevice, kcs.io_base, 0xca2), 520 DEFINE_PROP_INT32("irq", ISAIPMIKCSDevice, isairq, 5), 521 DEFINE_PROP_END_OF_LIST(), 522 }; 523 524 static void isa_ipmi_kcs_class_init(ObjectClass *oc, void *data) 525 { 526 DeviceClass *dc = DEVICE_CLASS(oc); 527 IPMIInterfaceClass *iic = IPMI_INTERFACE_CLASS(oc); 528 529 dc->realize = ipmi_isa_realize; 530 dc->props = ipmi_isa_properties; 531 532 iic->get_backend_data = isa_ipmi_kcs_get_backend_data; 533 ipmi_kcs_class_init(iic); 534 } 535 536 static const TypeInfo isa_ipmi_kcs_info = { 537 .name = TYPE_ISA_IPMI_KCS, 538 .parent = TYPE_ISA_DEVICE, 539 .instance_size = sizeof(ISAIPMIKCSDevice), 540 .instance_init = isa_ipmi_kcs_init, 541 .class_init = isa_ipmi_kcs_class_init, 542 .interfaces = (InterfaceInfo[]) { 543 { TYPE_IPMI_INTERFACE }, 544 { } 545 } 546 }; 547 548 static void ipmi_register_types(void) 549 { 550 type_register_static(&isa_ipmi_kcs_info); 551 } 552 553 type_init(ipmi_register_types) 554