1 /* 2 * Virtual hardware watchdog. 3 * 4 * Copyright (C) 2009 Red Hat Inc. 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 2 9 * of the License, or (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, see <http://www.gnu.org/licenses/>. 18 * 19 * By Richard W.M. Jones (rjones@redhat.com). 20 */ 21 22 #include <inttypes.h> 23 24 #include "qemu-common.h" 25 #include "qemu/timer.h" 26 #include "sysemu/watchdog.h" 27 #include "hw/hw.h" 28 #include "hw/pci/pci.h" 29 30 /*#define I6300ESB_DEBUG 1*/ 31 32 #ifdef I6300ESB_DEBUG 33 #define i6300esb_debug(fs,...) \ 34 fprintf(stderr,"i6300esb: %s: "fs,__func__,##__VA_ARGS__) 35 #else 36 #define i6300esb_debug(fs,...) 37 #endif 38 39 /* PCI configuration registers */ 40 #define ESB_CONFIG_REG 0x60 /* Config register */ 41 #define ESB_LOCK_REG 0x68 /* WDT lock register */ 42 43 /* Memory mapped registers (offset from base address) */ 44 #define ESB_TIMER1_REG 0x00 /* Timer1 value after each reset */ 45 #define ESB_TIMER2_REG 0x04 /* Timer2 value after each reset */ 46 #define ESB_GINTSR_REG 0x08 /* General Interrupt Status Register */ 47 #define ESB_RELOAD_REG 0x0c /* Reload register */ 48 49 /* Lock register bits */ 50 #define ESB_WDT_FUNC (0x01 << 2) /* Watchdog functionality */ 51 #define ESB_WDT_ENABLE (0x01 << 1) /* Enable WDT */ 52 #define ESB_WDT_LOCK (0x01 << 0) /* Lock (nowayout) */ 53 54 /* Config register bits */ 55 #define ESB_WDT_REBOOT (0x01 << 5) /* Enable reboot on timeout */ 56 #define ESB_WDT_FREQ (0x01 << 2) /* Decrement frequency */ 57 #define ESB_WDT_INTTYPE (0x11 << 0) /* Interrupt type on timer1 timeout */ 58 59 /* Reload register bits */ 60 #define ESB_WDT_RELOAD (0x01 << 8) /* prevent timeout */ 61 62 /* Magic constants */ 63 #define ESB_UNLOCK1 0x80 /* Step 1 to unlock reset registers */ 64 #define ESB_UNLOCK2 0x86 /* Step 2 to unlock reset registers */ 65 66 /* Device state. */ 67 struct I6300State { 68 PCIDevice dev; 69 MemoryRegion io_mem; 70 71 int reboot_enabled; /* "Reboot" on timer expiry. The real action 72 * performed depends on the -watchdog-action 73 * param passed on QEMU command line. 74 */ 75 int clock_scale; /* Clock scale. */ 76 #define CLOCK_SCALE_1KHZ 0 77 #define CLOCK_SCALE_1MHZ 1 78 79 int int_type; /* Interrupt type generated. */ 80 #define INT_TYPE_IRQ 0 /* APIC 1, INT 10 */ 81 #define INT_TYPE_SMI 2 82 #define INT_TYPE_DISABLED 3 83 84 int free_run; /* If true, reload timer on expiry. */ 85 int locked; /* If true, enabled field cannot be changed. */ 86 int enabled; /* If true, watchdog is enabled. */ 87 88 QEMUTimer *timer; /* The actual watchdog timer. */ 89 90 uint32_t timer1_preload; /* Values preloaded into timer1, timer2. */ 91 uint32_t timer2_preload; 92 int stage; /* Stage (1 or 2). */ 93 94 int unlock_state; /* Guest writes 0x80, 0x86 to unlock the 95 * registers, and we transition through 96 * states 0 -> 1 -> 2 when this happens. 97 */ 98 99 int previous_reboot_flag; /* If the watchdog caused the previous 100 * reboot, this flag will be set. 101 */ 102 }; 103 104 typedef struct I6300State I6300State; 105 106 #define TYPE_WATCHDOG_I6300ESB_DEVICE "i6300esb" 107 #define WATCHDOG_I6300ESB_DEVICE(obj) \ 108 OBJECT_CHECK(I6300State, (obj), TYPE_WATCHDOG_I6300ESB_DEVICE) 109 110 /* This function is called when the watchdog has either been enabled 111 * (hence it starts counting down) or has been keep-alived. 112 */ 113 static void i6300esb_restart_timer(I6300State *d, int stage) 114 { 115 int64_t timeout; 116 117 if (!d->enabled) 118 return; 119 120 d->stage = stage; 121 122 if (d->stage <= 1) 123 timeout = d->timer1_preload; 124 else 125 timeout = d->timer2_preload; 126 127 if (d->clock_scale == CLOCK_SCALE_1KHZ) 128 timeout <<= 15; 129 else 130 timeout <<= 5; 131 132 /* Get the timeout in nanoseconds. */ 133 134 timeout = timeout * 30; /* on a PCI bus, 1 tick is 30 ns*/ 135 136 i6300esb_debug("stage %d, timeout %" PRIi64 "\n", d->stage, timeout); 137 138 timer_mod(d->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + timeout); 139 } 140 141 /* This is called when the guest disables the watchdog. */ 142 static void i6300esb_disable_timer(I6300State *d) 143 { 144 i6300esb_debug("timer disabled\n"); 145 146 timer_del(d->timer); 147 } 148 149 static void i6300esb_reset(DeviceState *dev) 150 { 151 PCIDevice *pdev = PCI_DEVICE(dev); 152 I6300State *d = WATCHDOG_I6300ESB_DEVICE(pdev); 153 154 i6300esb_debug("I6300State = %p\n", d); 155 156 i6300esb_disable_timer(d); 157 158 /* NB: Don't change d->previous_reboot_flag in this function. */ 159 160 d->reboot_enabled = 1; 161 d->clock_scale = CLOCK_SCALE_1KHZ; 162 d->int_type = INT_TYPE_IRQ; 163 d->free_run = 0; 164 d->locked = 0; 165 d->enabled = 0; 166 d->timer1_preload = 0xfffff; 167 d->timer2_preload = 0xfffff; 168 d->stage = 1; 169 d->unlock_state = 0; 170 } 171 172 /* This function is called when the watchdog expires. Note that 173 * the hardware has two timers, and so expiry happens in two stages. 174 * If d->stage == 1 then we perform the first stage action (usually, 175 * sending an interrupt) and then restart the timer again for the 176 * second stage. If the second stage expires then the watchdog 177 * really has run out. 178 */ 179 static void i6300esb_timer_expired(void *vp) 180 { 181 I6300State *d = vp; 182 183 i6300esb_debug("stage %d\n", d->stage); 184 185 if (d->stage == 1) { 186 /* What to do at the end of stage 1? */ 187 switch (d->int_type) { 188 case INT_TYPE_IRQ: 189 fprintf(stderr, "i6300esb_timer_expired: I would send APIC 1 INT 10 here if I knew how (XXX)\n"); 190 break; 191 case INT_TYPE_SMI: 192 fprintf(stderr, "i6300esb_timer_expired: I would send SMI here if I knew how (XXX)\n"); 193 break; 194 } 195 196 /* Start the second stage. */ 197 i6300esb_restart_timer(d, 2); 198 } else { 199 /* Second stage expired, reboot for real. */ 200 if (d->reboot_enabled) { 201 d->previous_reboot_flag = 1; 202 watchdog_perform_action(); /* This reboots, exits, etc */ 203 i6300esb_reset(&d->dev.qdev); 204 } 205 206 /* In "free running mode" we start stage 1 again. */ 207 if (d->free_run) 208 i6300esb_restart_timer(d, 1); 209 } 210 } 211 212 static void i6300esb_config_write(PCIDevice *dev, uint32_t addr, 213 uint32_t data, int len) 214 { 215 I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev); 216 int old; 217 218 i6300esb_debug("addr = %x, data = %x, len = %d\n", addr, data, len); 219 220 if (addr == ESB_CONFIG_REG && len == 2) { 221 d->reboot_enabled = (data & ESB_WDT_REBOOT) == 0; 222 d->clock_scale = 223 (data & ESB_WDT_FREQ) != 0 ? CLOCK_SCALE_1MHZ : CLOCK_SCALE_1KHZ; 224 d->int_type = (data & ESB_WDT_INTTYPE); 225 } else if (addr == ESB_LOCK_REG && len == 1) { 226 if (!d->locked) { 227 d->locked = (data & ESB_WDT_LOCK) != 0; 228 d->free_run = (data & ESB_WDT_FUNC) != 0; 229 old = d->enabled; 230 d->enabled = (data & ESB_WDT_ENABLE) != 0; 231 if (!old && d->enabled) /* Enabled transitioned from 0 -> 1 */ 232 i6300esb_restart_timer(d, 1); 233 else if (!d->enabled) 234 i6300esb_disable_timer(d); 235 } 236 } else { 237 pci_default_write_config(dev, addr, data, len); 238 } 239 } 240 241 static uint32_t i6300esb_config_read(PCIDevice *dev, uint32_t addr, int len) 242 { 243 I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev); 244 uint32_t data; 245 246 i6300esb_debug ("addr = %x, len = %d\n", addr, len); 247 248 if (addr == ESB_CONFIG_REG && len == 2) { 249 data = 250 (d->reboot_enabled ? 0 : ESB_WDT_REBOOT) | 251 (d->clock_scale == CLOCK_SCALE_1MHZ ? ESB_WDT_FREQ : 0) | 252 d->int_type; 253 return data; 254 } else if (addr == ESB_LOCK_REG && len == 1) { 255 data = 256 (d->free_run ? ESB_WDT_FUNC : 0) | 257 (d->locked ? ESB_WDT_LOCK : 0) | 258 (d->enabled ? ESB_WDT_ENABLE : 0); 259 return data; 260 } else { 261 return pci_default_read_config(dev, addr, len); 262 } 263 } 264 265 static uint32_t i6300esb_mem_readb(void *vp, hwaddr addr) 266 { 267 i6300esb_debug ("addr = %x\n", (int) addr); 268 269 return 0; 270 } 271 272 static uint32_t i6300esb_mem_readw(void *vp, hwaddr addr) 273 { 274 uint32_t data = 0; 275 I6300State *d = vp; 276 277 i6300esb_debug("addr = %x\n", (int) addr); 278 279 if (addr == 0xc) { 280 /* The previous reboot flag is really bit 9, but there is 281 * a bug in the Linux driver where it thinks it's bit 12. 282 * Set both. 283 */ 284 data = d->previous_reboot_flag ? 0x1200 : 0; 285 } 286 287 return data; 288 } 289 290 static uint32_t i6300esb_mem_readl(void *vp, hwaddr addr) 291 { 292 i6300esb_debug("addr = %x\n", (int) addr); 293 294 return 0; 295 } 296 297 static void i6300esb_mem_writeb(void *vp, hwaddr addr, uint32_t val) 298 { 299 I6300State *d = vp; 300 301 i6300esb_debug("addr = %x, val = %x\n", (int) addr, val); 302 303 if (addr == 0xc && val == 0x80) 304 d->unlock_state = 1; 305 else if (addr == 0xc && val == 0x86 && d->unlock_state == 1) 306 d->unlock_state = 2; 307 } 308 309 static void i6300esb_mem_writew(void *vp, hwaddr addr, uint32_t val) 310 { 311 I6300State *d = vp; 312 313 i6300esb_debug("addr = %x, val = %x\n", (int) addr, val); 314 315 if (addr == 0xc && val == 0x80) 316 d->unlock_state = 1; 317 else if (addr == 0xc && val == 0x86 && d->unlock_state == 1) 318 d->unlock_state = 2; 319 else { 320 if (d->unlock_state == 2) { 321 if (addr == 0xc) { 322 if ((val & 0x100) != 0) 323 /* This is the "ping" from the userspace watchdog in 324 * the guest ... 325 */ 326 i6300esb_restart_timer(d, 1); 327 328 /* Setting bit 9 resets the previous reboot flag. 329 * There's a bug in the Linux driver where it sets 330 * bit 12 instead. 331 */ 332 if ((val & 0x200) != 0 || (val & 0x1000) != 0) { 333 d->previous_reboot_flag = 0; 334 } 335 } 336 337 d->unlock_state = 0; 338 } 339 } 340 } 341 342 static void i6300esb_mem_writel(void *vp, hwaddr addr, uint32_t val) 343 { 344 I6300State *d = vp; 345 346 i6300esb_debug ("addr = %x, val = %x\n", (int) addr, val); 347 348 if (addr == 0xc && val == 0x80) 349 d->unlock_state = 1; 350 else if (addr == 0xc && val == 0x86 && d->unlock_state == 1) 351 d->unlock_state = 2; 352 else { 353 if (d->unlock_state == 2) { 354 if (addr == 0) 355 d->timer1_preload = val & 0xfffff; 356 else if (addr == 4) 357 d->timer2_preload = val & 0xfffff; 358 359 d->unlock_state = 0; 360 } 361 } 362 } 363 364 static const MemoryRegionOps i6300esb_ops = { 365 .old_mmio = { 366 .read = { 367 i6300esb_mem_readb, 368 i6300esb_mem_readw, 369 i6300esb_mem_readl, 370 }, 371 .write = { 372 i6300esb_mem_writeb, 373 i6300esb_mem_writew, 374 i6300esb_mem_writel, 375 }, 376 }, 377 .endianness = DEVICE_LITTLE_ENDIAN, 378 }; 379 380 static const VMStateDescription vmstate_i6300esb = { 381 .name = "i6300esb_wdt", 382 /* With this VMSD's introduction, version_id/minimum_version_id were 383 * erroneously set to sizeof(I6300State), causing a somewhat random 384 * version_id to be set for every build. This eventually broke 385 * migration. 386 * 387 * To correct this without breaking old->new migration for older 388 * versions of QEMU, we've set version_id to a value high enough 389 * to exceed all past values of sizeof(I6300State) across various 390 * build environments, and have reset minimum_version_id to 1, 391 * since this VMSD has never changed and thus can accept all past 392 * versions. 393 * 394 * For future changes we can treat these values as we normally would. 395 */ 396 .version_id = 10000, 397 .minimum_version_id = 1, 398 .fields = (VMStateField[]) { 399 VMSTATE_PCI_DEVICE(dev, I6300State), 400 VMSTATE_INT32(reboot_enabled, I6300State), 401 VMSTATE_INT32(clock_scale, I6300State), 402 VMSTATE_INT32(int_type, I6300State), 403 VMSTATE_INT32(free_run, I6300State), 404 VMSTATE_INT32(locked, I6300State), 405 VMSTATE_INT32(enabled, I6300State), 406 VMSTATE_TIMER_PTR(timer, I6300State), 407 VMSTATE_UINT32(timer1_preload, I6300State), 408 VMSTATE_UINT32(timer2_preload, I6300State), 409 VMSTATE_INT32(stage, I6300State), 410 VMSTATE_INT32(unlock_state, I6300State), 411 VMSTATE_INT32(previous_reboot_flag, I6300State), 412 VMSTATE_END_OF_LIST() 413 } 414 }; 415 416 static void i6300esb_realize(PCIDevice *dev, Error **errp) 417 { 418 I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev); 419 420 i6300esb_debug("I6300State = %p\n", d); 421 422 d->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, i6300esb_timer_expired, d); 423 d->previous_reboot_flag = 0; 424 425 memory_region_init_io(&d->io_mem, OBJECT(d), &i6300esb_ops, d, 426 "i6300esb", 0x10); 427 pci_register_bar(&d->dev, 0, 0, &d->io_mem); 428 /* qemu_register_coalesced_mmio (addr, 0x10); ? */ 429 } 430 431 static WatchdogTimerModel model = { 432 .wdt_name = "i6300esb", 433 .wdt_description = "Intel 6300ESB", 434 }; 435 436 static void i6300esb_class_init(ObjectClass *klass, void *data) 437 { 438 DeviceClass *dc = DEVICE_CLASS(klass); 439 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 440 441 k->config_read = i6300esb_config_read; 442 k->config_write = i6300esb_config_write; 443 k->realize = i6300esb_realize; 444 k->vendor_id = PCI_VENDOR_ID_INTEL; 445 k->device_id = PCI_DEVICE_ID_INTEL_ESB_9; 446 k->class_id = PCI_CLASS_SYSTEM_OTHER; 447 dc->reset = i6300esb_reset; 448 dc->vmsd = &vmstate_i6300esb; 449 set_bit(DEVICE_CATEGORY_MISC, dc->categories); 450 } 451 452 static const TypeInfo i6300esb_info = { 453 .name = TYPE_WATCHDOG_I6300ESB_DEVICE, 454 .parent = TYPE_PCI_DEVICE, 455 .instance_size = sizeof(I6300State), 456 .class_init = i6300esb_class_init, 457 }; 458 459 static void i6300esb_register_types(void) 460 { 461 watchdog_add_model(&model); 462 type_register_static(&i6300esb_info); 463 } 464 465 type_init(i6300esb_register_types) 466