1 /* 2 * QEMU ISA IPMI KCS emulation 3 * 4 * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to deal 8 * in the Software without restriction, including without limitation the rights 9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 * copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 * THE SOFTWARE. 23 */ 24 #include "qemu/osdep.h" 25 #include "qemu/log.h" 26 #include "qapi/error.h" 27 #include "hw/hw.h" 28 #include "hw/ipmi/ipmi.h" 29 #include "hw/isa/isa.h" 30 31 #define IPMI_KCS_OBF_BIT 0 32 #define IPMI_KCS_IBF_BIT 1 33 #define IPMI_KCS_SMS_ATN_BIT 2 34 #define IPMI_KCS_CD_BIT 3 35 36 #define IPMI_KCS_OBF_MASK (1 << IPMI_KCS_OBF_BIT) 37 #define IPMI_KCS_GET_OBF(d) (((d) >> IPMI_KCS_OBF_BIT) & 0x1) 38 #define IPMI_KCS_SET_OBF(d, v) (d) = (((d) & ~IPMI_KCS_OBF_MASK) | \ 39 (((v) & 1) << IPMI_KCS_OBF_BIT)) 40 #define IPMI_KCS_IBF_MASK (1 << IPMI_KCS_IBF_BIT) 41 #define IPMI_KCS_GET_IBF(d) (((d) >> IPMI_KCS_IBF_BIT) & 0x1) 42 #define IPMI_KCS_SET_IBF(d, v) (d) = (((d) & ~IPMI_KCS_IBF_MASK) | \ 43 (((v) & 1) << IPMI_KCS_IBF_BIT)) 44 #define IPMI_KCS_SMS_ATN_MASK (1 << IPMI_KCS_SMS_ATN_BIT) 45 #define IPMI_KCS_GET_SMS_ATN(d) (((d) >> IPMI_KCS_SMS_ATN_BIT) & 0x1) 46 #define IPMI_KCS_SET_SMS_ATN(d, v) (d) = (((d) & ~IPMI_KCS_SMS_ATN_MASK) | \ 47 (((v) & 1) << IPMI_KCS_SMS_ATN_BIT)) 48 #define IPMI_KCS_CD_MASK (1 << IPMI_KCS_CD_BIT) 49 #define IPMI_KCS_GET_CD(d) (((d) >> IPMI_KCS_CD_BIT) & 0x1) 50 #define IPMI_KCS_SET_CD(d, v) (d) = (((d) & ~IPMI_KCS_CD_MASK) | \ 51 (((v) & 1) << IPMI_KCS_CD_BIT)) 52 53 #define IPMI_KCS_IDLE_STATE 0 54 #define IPMI_KCS_READ_STATE 1 55 #define IPMI_KCS_WRITE_STATE 2 56 #define IPMI_KCS_ERROR_STATE 3 57 58 #define IPMI_KCS_GET_STATE(d) (((d) >> 6) & 0x3) 59 #define IPMI_KCS_SET_STATE(d, v) ((d) = ((d) & ~0xc0) | (((v) & 0x3) << 6)) 60 61 #define IPMI_KCS_ABORT_STATUS_CMD 0x60 62 #define IPMI_KCS_WRITE_START_CMD 0x61 63 #define IPMI_KCS_WRITE_END_CMD 0x62 64 #define IPMI_KCS_READ_CMD 0x68 65 66 #define IPMI_KCS_STATUS_NO_ERR 0x00 67 #define IPMI_KCS_STATUS_ABORTED_ERR 0x01 68 #define IPMI_KCS_STATUS_BAD_CC_ERR 0x02 69 #define IPMI_KCS_STATUS_LENGTH_ERR 0x06 70 71 typedef struct IPMIKCS { 72 IPMIBmc *bmc; 73 74 bool do_wake; 75 76 qemu_irq irq; 77 78 uint32_t io_base; 79 unsigned long io_length; 80 MemoryRegion io; 81 82 bool obf_irq_set; 83 bool atn_irq_set; 84 bool use_irq; 85 bool irqs_enabled; 86 87 uint8_t outmsg[MAX_IPMI_MSG_SIZE]; 88 uint32_t outpos; 89 uint32_t outlen; 90 91 uint8_t inmsg[MAX_IPMI_MSG_SIZE]; 92 uint32_t inlen; 93 bool write_end; 94 95 uint8_t status_reg; 96 uint8_t data_out_reg; 97 98 int16_t data_in_reg; /* -1 means not written */ 99 int16_t cmd_reg; 100 101 /* 102 * This is a response number that we send with the command to make 103 * sure that the response matches the command. 104 */ 105 uint8_t waiting_rsp; 106 } IPMIKCS; 107 108 #define SET_OBF() \ 109 do { \ 110 IPMI_KCS_SET_OBF(ik->status_reg, 1); \ 111 if (ik->use_irq && ik->irqs_enabled && !ik->obf_irq_set) { \ 112 ik->obf_irq_set = 1; \ 113 if (!ik->atn_irq_set) { \ 114 qemu_irq_raise(ik->irq); \ 115 } \ 116 } \ 117 } while (0) 118 119 static void ipmi_kcs_signal(IPMIKCS *ik, IPMIInterface *ii) 120 { 121 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 122 123 ik->do_wake = 1; 124 while (ik->do_wake) { 125 ik->do_wake = 0; 126 iic->handle_if_event(ii); 127 } 128 } 129 130 static void ipmi_kcs_handle_event(IPMIInterface *ii) 131 { 132 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 133 IPMIKCS *ik = iic->get_backend_data(ii); 134 135 if (ik->cmd_reg == IPMI_KCS_ABORT_STATUS_CMD) { 136 if (IPMI_KCS_GET_STATE(ik->status_reg) != IPMI_KCS_ERROR_STATE) { 137 ik->waiting_rsp++; /* Invalidate the message */ 138 ik->outmsg[0] = IPMI_KCS_STATUS_ABORTED_ERR; 139 ik->outlen = 1; 140 ik->outpos = 0; 141 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_ERROR_STATE); 142 SET_OBF(); 143 } 144 goto out; 145 } 146 147 switch (IPMI_KCS_GET_STATE(ik->status_reg)) { 148 case IPMI_KCS_IDLE_STATE: 149 if (ik->cmd_reg == IPMI_KCS_WRITE_START_CMD) { 150 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_WRITE_STATE); 151 ik->cmd_reg = -1; 152 ik->write_end = 0; 153 ik->inlen = 0; 154 SET_OBF(); 155 } 156 break; 157 158 case IPMI_KCS_READ_STATE: 159 handle_read: 160 if (ik->outpos >= ik->outlen) { 161 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_IDLE_STATE); 162 SET_OBF(); 163 } else if (ik->data_in_reg == IPMI_KCS_READ_CMD) { 164 ik->data_out_reg = ik->outmsg[ik->outpos]; 165 ik->outpos++; 166 SET_OBF(); 167 } else { 168 ik->outmsg[0] = IPMI_KCS_STATUS_BAD_CC_ERR; 169 ik->outlen = 1; 170 ik->outpos = 0; 171 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_ERROR_STATE); 172 SET_OBF(); 173 goto out; 174 } 175 break; 176 177 case IPMI_KCS_WRITE_STATE: 178 if (ik->data_in_reg != -1) { 179 /* 180 * Don't worry about input overrun here, that will be 181 * handled in the BMC. 182 */ 183 if (ik->inlen < sizeof(ik->inmsg)) { 184 ik->inmsg[ik->inlen] = ik->data_in_reg; 185 } 186 ik->inlen++; 187 } 188 if (ik->write_end) { 189 IPMIBmcClass *bk = IPMI_BMC_GET_CLASS(ik->bmc); 190 ik->outlen = 0; 191 ik->write_end = 0; 192 ik->outpos = 0; 193 bk->handle_command(ik->bmc, ik->inmsg, ik->inlen, sizeof(ik->inmsg), 194 ik->waiting_rsp); 195 goto out_noibf; 196 } else if (ik->cmd_reg == IPMI_KCS_WRITE_END_CMD) { 197 ik->cmd_reg = -1; 198 ik->write_end = 1; 199 } 200 SET_OBF(); 201 break; 202 203 case IPMI_KCS_ERROR_STATE: 204 if (ik->data_in_reg != -1) { 205 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_READ_STATE); 206 ik->data_in_reg = IPMI_KCS_READ_CMD; 207 goto handle_read; 208 } 209 break; 210 } 211 212 if (ik->cmd_reg != -1) { 213 /* Got an invalid command */ 214 ik->outmsg[0] = IPMI_KCS_STATUS_BAD_CC_ERR; 215 ik->outlen = 1; 216 ik->outpos = 0; 217 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_ERROR_STATE); 218 } 219 220 out: 221 ik->cmd_reg = -1; 222 ik->data_in_reg = -1; 223 IPMI_KCS_SET_IBF(ik->status_reg, 0); 224 out_noibf: 225 return; 226 } 227 228 static void ipmi_kcs_handle_rsp(IPMIInterface *ii, uint8_t msg_id, 229 unsigned char *rsp, unsigned int rsp_len) 230 { 231 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 232 IPMIKCS *ik = iic->get_backend_data(ii); 233 234 if (ik->waiting_rsp == msg_id) { 235 ik->waiting_rsp++; 236 if (rsp_len > sizeof(ik->outmsg)) { 237 ik->outmsg[0] = rsp[0]; 238 ik->outmsg[1] = rsp[1]; 239 ik->outmsg[2] = IPMI_CC_CANNOT_RETURN_REQ_NUM_BYTES; 240 ik->outlen = 3; 241 } else { 242 memcpy(ik->outmsg, rsp, rsp_len); 243 ik->outlen = rsp_len; 244 } 245 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_READ_STATE); 246 ik->data_in_reg = IPMI_KCS_READ_CMD; 247 ipmi_kcs_signal(ik, ii); 248 } 249 } 250 251 252 static uint64_t ipmi_kcs_ioport_read(void *opaque, hwaddr addr, unsigned size) 253 { 254 IPMIInterface *ii = opaque; 255 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 256 IPMIKCS *ik = iic->get_backend_data(ii); 257 uint32_t ret; 258 259 switch (addr & 1) { 260 case 0: 261 ret = ik->data_out_reg; 262 IPMI_KCS_SET_OBF(ik->status_reg, 0); 263 if (ik->obf_irq_set) { 264 ik->obf_irq_set = 0; 265 if (!ik->atn_irq_set) { 266 qemu_irq_lower(ik->irq); 267 } 268 } 269 break; 270 case 1: 271 ret = ik->status_reg; 272 if (ik->atn_irq_set) { 273 ik->atn_irq_set = 0; 274 if (!ik->obf_irq_set) { 275 qemu_irq_lower(ik->irq); 276 } 277 } 278 break; 279 } 280 return ret; 281 } 282 283 static void ipmi_kcs_ioport_write(void *opaque, hwaddr addr, uint64_t val, 284 unsigned size) 285 { 286 IPMIInterface *ii = opaque; 287 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 288 IPMIKCS *ik = iic->get_backend_data(ii); 289 290 if (IPMI_KCS_GET_IBF(ik->status_reg)) { 291 return; 292 } 293 294 switch (addr & 1) { 295 case 0: 296 ik->data_in_reg = val; 297 break; 298 299 case 1: 300 ik->cmd_reg = val; 301 break; 302 } 303 IPMI_KCS_SET_IBF(ik->status_reg, 1); 304 ipmi_kcs_signal(ik, ii); 305 } 306 307 const MemoryRegionOps ipmi_kcs_io_ops = { 308 .read = ipmi_kcs_ioport_read, 309 .write = ipmi_kcs_ioport_write, 310 .impl = { 311 .min_access_size = 1, 312 .max_access_size = 1, 313 }, 314 .endianness = DEVICE_LITTLE_ENDIAN, 315 }; 316 317 static void ipmi_kcs_set_atn(IPMIInterface *ii, int val, int irq) 318 { 319 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 320 IPMIKCS *ik = iic->get_backend_data(ii); 321 322 IPMI_KCS_SET_SMS_ATN(ik->status_reg, val); 323 if (val) { 324 if (irq && !ik->atn_irq_set && ik->use_irq && ik->irqs_enabled) { 325 ik->atn_irq_set = 1; 326 if (!ik->obf_irq_set) { 327 qemu_irq_raise(ik->irq); 328 } 329 } 330 } else { 331 if (ik->atn_irq_set) { 332 ik->atn_irq_set = 0; 333 if (!ik->obf_irq_set) { 334 qemu_irq_lower(ik->irq); 335 } 336 } 337 } 338 } 339 340 static void ipmi_kcs_set_irq_enable(IPMIInterface *ii, int val) 341 { 342 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 343 IPMIKCS *ik = iic->get_backend_data(ii); 344 345 ik->irqs_enabled = val; 346 } 347 348 static void ipmi_kcs_init(IPMIInterface *ii, Error **errp) 349 { 350 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 351 IPMIKCS *ik = iic->get_backend_data(ii); 352 353 ik->io_length = 2; 354 memory_region_init_io(&ik->io, NULL, &ipmi_kcs_io_ops, ii, "ipmi-kcs", 2); 355 } 356 357 #define TYPE_ISA_IPMI_KCS "isa-ipmi-kcs" 358 #define ISA_IPMI_KCS(obj) OBJECT_CHECK(ISAIPMIKCSDevice, (obj), \ 359 TYPE_ISA_IPMI_KCS) 360 361 typedef struct ISAIPMIKCSDevice { 362 ISADevice dev; 363 int32_t isairq; 364 IPMIKCS kcs; 365 uint32_t uuid; 366 } ISAIPMIKCSDevice; 367 368 static void ipmi_kcs_get_fwinfo(IPMIInterface *ii, IPMIFwInfo *info) 369 { 370 ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(ii); 371 372 info->interface_name = "kcs"; 373 info->interface_type = IPMI_SMBIOS_KCS; 374 info->ipmi_spec_major_revision = 2; 375 info->ipmi_spec_minor_revision = 0; 376 info->base_address = iik->kcs.io_base; 377 info->i2c_slave_address = iik->kcs.bmc->slave_addr; 378 info->register_length = iik->kcs.io_length; 379 info->register_spacing = 1; 380 info->memspace = IPMI_MEMSPACE_IO; 381 info->irq_type = IPMI_LEVEL_IRQ; 382 info->interrupt_number = iik->isairq; 383 info->uuid = iik->uuid; 384 } 385 386 static void ipmi_kcs_class_init(IPMIInterfaceClass *iic) 387 { 388 iic->init = ipmi_kcs_init; 389 iic->set_atn = ipmi_kcs_set_atn; 390 iic->handle_rsp = ipmi_kcs_handle_rsp; 391 iic->handle_if_event = ipmi_kcs_handle_event; 392 iic->set_irq_enable = ipmi_kcs_set_irq_enable; 393 iic->get_fwinfo = ipmi_kcs_get_fwinfo; 394 } 395 396 static void ipmi_isa_realize(DeviceState *dev, Error **errp) 397 { 398 ISADevice *isadev = ISA_DEVICE(dev); 399 ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(dev); 400 IPMIInterface *ii = IPMI_INTERFACE(dev); 401 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii); 402 403 if (!iik->kcs.bmc) { 404 error_setg(errp, "IPMI device requires a bmc attribute to be set"); 405 return; 406 } 407 408 iik->uuid = ipmi_next_uuid(); 409 410 iik->kcs.bmc->intf = ii; 411 412 iic->init(ii, errp); 413 if (*errp) 414 return; 415 416 if (iik->isairq > 0) { 417 isa_init_irq(isadev, &iik->kcs.irq, iik->isairq); 418 iik->kcs.use_irq = 1; 419 } 420 421 qdev_set_legacy_instance_id(dev, iik->kcs.io_base, iik->kcs.io_length); 422 423 isa_register_ioport(isadev, &iik->kcs.io, iik->kcs.io_base); 424 } 425 426 static int ipmi_kcs_vmstate_post_load(void *opaque, int version) 427 { 428 IPMIKCS *ik = opaque; 429 430 /* Make sure all the values are sane. */ 431 if (ik->outpos >= MAX_IPMI_MSG_SIZE || ik->outlen >= MAX_IPMI_MSG_SIZE || 432 ik->outpos >= ik->outlen) { 433 qemu_log_mask(LOG_GUEST_ERROR, 434 "ipmi:kcs: vmstate transfer received bad out values: %d %d\n", 435 ik->outpos, ik->outlen); 436 ik->outpos = 0; 437 ik->outlen = 0; 438 } 439 440 if (ik->inlen >= MAX_IPMI_MSG_SIZE) { 441 qemu_log_mask(LOG_GUEST_ERROR, 442 "ipmi:kcs: vmstate transfer received bad in value: %d\n", 443 ik->inlen); 444 ik->inlen = 0; 445 } 446 447 return 0; 448 } 449 450 static bool vmstate_kcs_before_version2(void *opaque, int version) 451 { 452 return version <= 1; 453 } 454 455 static const VMStateDescription vmstate_IPMIKCS = { 456 .name = TYPE_IPMI_INTERFACE_PREFIX "kcs", 457 .version_id = 2, 458 .minimum_version_id = 1, 459 .post_load = ipmi_kcs_vmstate_post_load, 460 .fields = (VMStateField[]) { 461 VMSTATE_BOOL(obf_irq_set, IPMIKCS), 462 VMSTATE_BOOL(atn_irq_set, IPMIKCS), 463 VMSTATE_UNUSED_TEST(vmstate_kcs_before_version2, 1), /* Was use_irq */ 464 VMSTATE_BOOL(irqs_enabled, IPMIKCS), 465 VMSTATE_UINT32(outpos, IPMIKCS), 466 VMSTATE_UINT32_V(outlen, IPMIKCS, 2), 467 VMSTATE_UINT8_ARRAY(outmsg, IPMIKCS, MAX_IPMI_MSG_SIZE), 468 VMSTATE_UINT32_V(inlen, IPMIKCS, 2), 469 VMSTATE_UINT8_ARRAY(inmsg, IPMIKCS, MAX_IPMI_MSG_SIZE), 470 VMSTATE_BOOL(write_end, IPMIKCS), 471 VMSTATE_UINT8(status_reg, IPMIKCS), 472 VMSTATE_UINT8(data_out_reg, IPMIKCS), 473 VMSTATE_INT16(data_in_reg, IPMIKCS), 474 VMSTATE_INT16(cmd_reg, IPMIKCS), 475 VMSTATE_UINT8(waiting_rsp, IPMIKCS), 476 VMSTATE_END_OF_LIST() 477 } 478 }; 479 480 static const VMStateDescription vmstate_ISAIPMIKCSDevice = { 481 .name = TYPE_IPMI_INTERFACE, 482 .version_id = 2, 483 .minimum_version_id = 1, 484 .fields = (VMStateField[]) { 485 VMSTATE_VSTRUCT_TEST(kcs, ISAIPMIKCSDevice, vmstate_kcs_before_version2, 486 0, vmstate_IPMIKCS, IPMIKCS, 1), 487 VMSTATE_VSTRUCT_V(kcs, ISAIPMIKCSDevice, 2, vmstate_IPMIKCS, 488 IPMIKCS, 2), 489 VMSTATE_END_OF_LIST() 490 } 491 }; 492 493 static void isa_ipmi_kcs_init(Object *obj) 494 { 495 ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(obj); 496 497 ipmi_bmc_find_and_link(obj, (Object **) &iik->kcs.bmc); 498 499 /* 500 * Version 1 had an incorrect name, it clashed with the BT 501 * IPMI device, so receive it, but transmit a different 502 * version. 503 */ 504 vmstate_register(NULL, 0, &vmstate_ISAIPMIKCSDevice, iik); 505 } 506 507 static void *isa_ipmi_kcs_get_backend_data(IPMIInterface *ii) 508 { 509 ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(ii); 510 511 return &iik->kcs; 512 } 513 514 static Property ipmi_isa_properties[] = { 515 DEFINE_PROP_UINT32("ioport", ISAIPMIKCSDevice, kcs.io_base, 0xca2), 516 DEFINE_PROP_INT32("irq", ISAIPMIKCSDevice, isairq, 5), 517 DEFINE_PROP_END_OF_LIST(), 518 }; 519 520 static void isa_ipmi_kcs_class_init(ObjectClass *oc, void *data) 521 { 522 DeviceClass *dc = DEVICE_CLASS(oc); 523 IPMIInterfaceClass *iic = IPMI_INTERFACE_CLASS(oc); 524 525 dc->realize = ipmi_isa_realize; 526 dc->props = ipmi_isa_properties; 527 528 iic->get_backend_data = isa_ipmi_kcs_get_backend_data; 529 ipmi_kcs_class_init(iic); 530 } 531 532 static const TypeInfo isa_ipmi_kcs_info = { 533 .name = TYPE_ISA_IPMI_KCS, 534 .parent = TYPE_ISA_DEVICE, 535 .instance_size = sizeof(ISAIPMIKCSDevice), 536 .instance_init = isa_ipmi_kcs_init, 537 .class_init = isa_ipmi_kcs_class_init, 538 .interfaces = (InterfaceInfo[]) { 539 { TYPE_IPMI_INTERFACE }, 540 { } 541 } 542 }; 543 544 static void ipmi_register_types(void) 545 { 546 type_register_static(&isa_ipmi_kcs_info); 547 } 548 549 type_init(ipmi_register_types) 550