1/*
2 * QEMU ISA IPMI KCS emulation
3 *
4 * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25#include "qemu/osdep.h"
26#include "qemu/log.h"
27#include "qemu/module.h"
28#include "qapi/error.h"
29#include "hw/ipmi/ipmi.h"
30#include "hw/irq.h"
31#include "hw/isa/isa.h"
32#include "hw/qdev-properties.h"
33#include "migration/vmstate.h"
34
35#define IPMI_KCS_OBF_BIT 0
36#define IPMI_KCS_IBF_BIT 1
37#define IPMI_KCS_SMS_ATN_BIT 2
38#define IPMI_KCS_CD_BIT 3
39
40#define IPMI_KCS_OBF_MASK (1 << IPMI_KCS_OBF_BIT)
41#define IPMI_KCS_GET_OBF(d) (((d) >> IPMI_KCS_OBF_BIT) & 0x1)
42#define IPMI_KCS_SET_OBF(d, v) (d) = (((d) & ~IPMI_KCS_OBF_MASK) | \
43 (((v) & 1) << IPMI_KCS_OBF_BIT))
44#define IPMI_KCS_IBF_MASK (1 << IPMI_KCS_IBF_BIT)
45#define IPMI_KCS_GET_IBF(d) (((d) >> IPMI_KCS_IBF_BIT) & 0x1)
46#define IPMI_KCS_SET_IBF(d, v) (d) = (((d) & ~IPMI_KCS_IBF_MASK) | \
47 (((v) & 1) << IPMI_KCS_IBF_BIT))
48#define IPMI_KCS_SMS_ATN_MASK (1 << IPMI_KCS_SMS_ATN_BIT)
49#define IPMI_KCS_GET_SMS_ATN(d) (((d) >> IPMI_KCS_SMS_ATN_BIT) & 0x1)
50#define IPMI_KCS_SET_SMS_ATN(d, v) (d) = (((d) & ~IPMI_KCS_SMS_ATN_MASK) | \
51 (((v) & 1) << IPMI_KCS_SMS_ATN_BIT))
52#define IPMI_KCS_CD_MASK (1 << IPMI_KCS_CD_BIT)
53#define IPMI_KCS_GET_CD(d) (((d) >> IPMI_KCS_CD_BIT) & 0x1)
54#define IPMI_KCS_SET_CD(d, v) (d) = (((d) & ~IPMI_KCS_CD_MASK) | \
55 (((v) & 1) << IPMI_KCS_CD_BIT))
56
57#define IPMI_KCS_IDLE_STATE 0
58#define IPMI_KCS_READ_STATE 1
59#define IPMI_KCS_WRITE_STATE 2
60#define IPMI_KCS_ERROR_STATE 3
61
62#define IPMI_KCS_GET_STATE(d) (((d) >> 6) & 0x3)
63#define IPMI_KCS_SET_STATE(d, v) ((d) = ((d) & ~0xc0) | (((v) & 0x3) << 6))
64
65#define IPMI_KCS_ABORT_STATUS_CMD 0x60
66#define IPMI_KCS_WRITE_START_CMD 0x61
67#define IPMI_KCS_WRITE_END_CMD 0x62
68#define IPMI_KCS_READ_CMD 0x68
69
70#define IPMI_KCS_STATUS_NO_ERR 0x00
71#define IPMI_KCS_STATUS_ABORTED_ERR 0x01
72#define IPMI_KCS_STATUS_BAD_CC_ERR 0x02
73#define IPMI_KCS_STATUS_LENGTH_ERR 0x06
74
75typedef struct IPMIKCS {
76 IPMIBmc *bmc;
77
78 bool do_wake;
79
80 qemu_irq irq;
81
82 uint32_t io_base;
83 unsigned long io_length;
84 MemoryRegion io;
85
86 bool obf_irq_set;
87 bool atn_irq_set;
88 bool use_irq;
89 bool irqs_enabled;
90
91 uint8_t outmsg[MAX_IPMI_MSG_SIZE];
92 uint32_t outpos;
93 uint32_t outlen;
94
95 uint8_t inmsg[MAX_IPMI_MSG_SIZE];
96 uint32_t inlen;
97 bool write_end;
98
99 uint8_t status_reg;
100 uint8_t data_out_reg;
101
102 int16_t data_in_reg; /* -1 means not written */
103 int16_t cmd_reg;
104
105 /*
106 * This is a response number that we send with the command to make
107 * sure that the response matches the command.
108 */
109 uint8_t waiting_rsp;
110} IPMIKCS;
111
112#define SET_OBF() \
113 do { \
114 IPMI_KCS_SET_OBF(ik->status_reg, 1); \
115 if (ik->use_irq && ik->irqs_enabled && !ik->obf_irq_set) { \
116 ik->obf_irq_set = 1; \
117 if (!ik->atn_irq_set) { \
118 qemu_irq_raise(ik->irq); \
119 } \
120 } \
121 } while (0)
122
123static void ipmi_kcs_signal(IPMIKCS *ik, IPMIInterface *ii)
124{
125 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
126
127 ik->do_wake = 1;
128 while (ik->do_wake) {
129 ik->do_wake = 0;
130 iic->handle_if_event(ii);
131 }
132}
133
134static void ipmi_kcs_handle_event(IPMIInterface *ii)
135{
136 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
137 IPMIKCS *ik = iic->get_backend_data(ii);
138
139 if (ik->cmd_reg == IPMI_KCS_ABORT_STATUS_CMD) {
140 if (IPMI_KCS_GET_STATE(ik->status_reg) != IPMI_KCS_ERROR_STATE) {
141 ik->waiting_rsp++; /* Invalidate the message */
142 ik->outmsg[0] = IPMI_KCS_STATUS_ABORTED_ERR;
143 ik->outlen = 1;
144 ik->outpos = 0;
145 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_ERROR_STATE);
146 SET_OBF();
147 }
148 goto out;
149 }
150
151 switch (IPMI_KCS_GET_STATE(ik->status_reg)) {
152 case IPMI_KCS_IDLE_STATE:
153 if (ik->cmd_reg == IPMI_KCS_WRITE_START_CMD) {
154 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_WRITE_STATE);
155 ik->cmd_reg = -1;
156 ik->write_end = 0;
157 ik->inlen = 0;
158 SET_OBF();
159 }
160 break;
161
162 case IPMI_KCS_READ_STATE:
163 handle_read:
164 if (ik->outpos >= ik->outlen) {
165 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_IDLE_STATE);
166 SET_OBF();
167 } else if (ik->data_in_reg == IPMI_KCS_READ_CMD) {
168 ik->data_out_reg = ik->outmsg[ik->outpos];
169 ik->outpos++;
170 SET_OBF();
171 } else {
172 ik->outmsg[0] = IPMI_KCS_STATUS_BAD_CC_ERR;
173 ik->outlen = 1;
174 ik->outpos = 0;
175 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_ERROR_STATE);
176 SET_OBF();
177 goto out;
178 }
179 break;
180
181 case IPMI_KCS_WRITE_STATE:
182 if (ik->data_in_reg != -1) {
183 /*
184 * Don't worry about input overrun here, that will be
185 * handled in the BMC.
186 */
187 if (ik->inlen < sizeof(ik->inmsg)) {
188 ik->inmsg[ik->inlen] = ik->data_in_reg;
189 }
190 ik->inlen++;
191 }
192 if (ik->write_end) {
193 IPMIBmcClass *bk = IPMI_BMC_GET_CLASS(ik->bmc);
194 ik->outlen = 0;
195 ik->write_end = 0;
196 ik->outpos = 0;
197 bk->handle_command(ik->bmc, ik->inmsg, ik->inlen, sizeof(ik->inmsg),
198 ik->waiting_rsp);
199 goto out_noibf;
200 } else if (ik->cmd_reg == IPMI_KCS_WRITE_END_CMD) {
201 ik->cmd_reg = -1;
202 ik->write_end = 1;
203 }
204 SET_OBF();
205 break;
206
207 case IPMI_KCS_ERROR_STATE:
208 if (ik->data_in_reg != -1) {
209 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_READ_STATE);
210 ik->data_in_reg = IPMI_KCS_READ_CMD;
211 goto handle_read;
212 }
213 break;
214 }
215
216 if (ik->cmd_reg != -1) {
217 /* Got an invalid command */
218 ik->outmsg[0] = IPMI_KCS_STATUS_BAD_CC_ERR;
219 ik->outlen = 1;
220 ik->outpos = 0;
221 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_ERROR_STATE);
222 }
223
224 out:
225 ik->cmd_reg = -1;
226 ik->data_in_reg = -1;
227 IPMI_KCS_SET_IBF(ik->status_reg, 0);
228 out_noibf:
229 return;
230}
231
232static void ipmi_kcs_handle_rsp(IPMIInterface *ii, uint8_t msg_id,
233 unsigned char *rsp, unsigned int rsp_len)
234{
235 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
236 IPMIKCS *ik = iic->get_backend_data(ii);
237
238 if (ik->waiting_rsp == msg_id) {
239 ik->waiting_rsp++;
240 if (rsp_len > sizeof(ik->outmsg)) {
241 ik->outmsg[0] = rsp[0];
242 ik->outmsg[1] = rsp[1];
243 ik->outmsg[2] = IPMI_CC_CANNOT_RETURN_REQ_NUM_BYTES;
244 ik->outlen = 3;
245 } else {
246 memcpy(ik->outmsg, rsp, rsp_len);
247 ik->outlen = rsp_len;
248 }
249 IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_READ_STATE);
250 ik->data_in_reg = IPMI_KCS_READ_CMD;
251 ipmi_kcs_signal(ik, ii);
252 }
253}
254
255
256static uint64_t ipmi_kcs_ioport_read(void *opaque, hwaddr addr, unsigned size)
257{
258 IPMIInterface *ii = opaque;
259 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
260 IPMIKCS *ik = iic->get_backend_data(ii);
261 uint32_t ret;
262
263 switch (addr & 1) {
264 case 0:
265 ret = ik->data_out_reg;
266 IPMI_KCS_SET_OBF(ik->status_reg, 0);
267 if (ik->obf_irq_set) {
268 ik->obf_irq_set = 0;
269 if (!ik->atn_irq_set) {
270 qemu_irq_lower(ik->irq);
271 }
272 }
273 break;
274 case 1:
275 ret = ik->status_reg;
276 if (ik->atn_irq_set) {
277 ik->atn_irq_set = 0;
278 if (!ik->obf_irq_set) {
279 qemu_irq_lower(ik->irq);
280 }
281 }
282 break;
283 }
284 return ret;
285}
286
287static void ipmi_kcs_ioport_write(void *opaque, hwaddr addr, uint64_t val,
288 unsigned size)
289{
290 IPMIInterface *ii = opaque;
291 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
292 IPMIKCS *ik = iic->get_backend_data(ii);
293
294 if (IPMI_KCS_GET_IBF(ik->status_reg)) {
295 return;
296 }
297
298 switch (addr & 1) {
299 case 0:
300 ik->data_in_reg = val;
301 break;
302
303 case 1:
304 ik->cmd_reg = val;
305 break;
306 }
307 IPMI_KCS_SET_IBF(ik->status_reg, 1);
308 ipmi_kcs_signal(ik, ii);
309}
310
311const MemoryRegionOps ipmi_kcs_io_ops = {
312 .read = ipmi_kcs_ioport_read,
313 .write = ipmi_kcs_ioport_write,
314 .impl = {
315 .min_access_size = 1,
316 .max_access_size = 1,
317 },
318 .endianness = DEVICE_LITTLE_ENDIAN,
319};
320
321static void ipmi_kcs_set_atn(IPMIInterface *ii, int val, int irq)
322{
323 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
324 IPMIKCS *ik = iic->get_backend_data(ii);
325
326 IPMI_KCS_SET_SMS_ATN(ik->status_reg, val);
327 if (val) {
328 if (irq && !ik->atn_irq_set && ik->use_irq && ik->irqs_enabled) {
329 ik->atn_irq_set = 1;
330 if (!ik->obf_irq_set) {
331 qemu_irq_raise(ik->irq);
332 }
333 }
334 } else {
335 if (ik->atn_irq_set) {
336 ik->atn_irq_set = 0;
337 if (!ik->obf_irq_set) {
338 qemu_irq_lower(ik->irq);
339 }
340 }
341 }
342}
343
344static void ipmi_kcs_set_irq_enable(IPMIInterface *ii, int val)
345{
346 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
347 IPMIKCS *ik = iic->get_backend_data(ii);
348
349 ik->irqs_enabled = val;
350}
351
352static void ipmi_kcs_init(IPMIInterface *ii, Error **errp)
353{
354 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
355 IPMIKCS *ik = iic->get_backend_data(ii);
356
357 ik->io_length = 2;
358 memory_region_init_io(&ik->io, NULL, &ipmi_kcs_io_ops, ii, "ipmi-kcs", 2);
359}
360
361#define TYPE_ISA_IPMI_KCS "isa-ipmi-kcs"
362#define ISA_IPMI_KCS(obj) OBJECT_CHECK(ISAIPMIKCSDevice, (obj), \
363 TYPE_ISA_IPMI_KCS)
364
365typedef struct ISAIPMIKCSDevice {
366 ISADevice dev;
367 int32_t isairq;
368 IPMIKCS kcs;
369 uint32_t uuid;
370} ISAIPMIKCSDevice;
371
372static void ipmi_kcs_get_fwinfo(IPMIInterface *ii, IPMIFwInfo *info)
373{
374 ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(ii);
375
376 info->interface_name = "kcs";
377 info->interface_type = IPMI_SMBIOS_KCS;
378 info->ipmi_spec_major_revision = 2;
379 info->ipmi_spec_minor_revision = 0;
380 info->base_address = iik->kcs.io_base;
381 info->i2c_slave_address = iik->kcs.bmc->slave_addr;
382 info->register_length = iik->kcs.io_length;
383 info->register_spacing = 1;
384 info->memspace = IPMI_MEMSPACE_IO;
385 info->irq_type = IPMI_LEVEL_IRQ;
386 info->interrupt_number = iik->isairq;
387 info->uuid = iik->uuid;
388}
389
390static void ipmi_kcs_class_init(IPMIInterfaceClass *iic)
391{
392 iic->init = ipmi_kcs_init;
393 iic->set_atn = ipmi_kcs_set_atn;
394 iic->handle_rsp = ipmi_kcs_handle_rsp;
395 iic->handle_if_event = ipmi_kcs_handle_event;
396 iic->set_irq_enable = ipmi_kcs_set_irq_enable;
397 iic->get_fwinfo = ipmi_kcs_get_fwinfo;
398}
399
400static void ipmi_isa_realize(DeviceState *dev, Error **errp)
401{
402 ISADevice *isadev = ISA_DEVICE(dev);
403 ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(dev);
404 IPMIInterface *ii = IPMI_INTERFACE(dev);
405 IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
406
407 if (!iik->kcs.bmc) {
408 error_setg(errp, "IPMI device requires a bmc attribute to be set");
409 return;
410 }
411
412 iik->uuid = ipmi_next_uuid();
413
414 iik->kcs.bmc->intf = ii;
415
416 iic->init(ii, errp);
417 if (*errp)
418 return;
419
420 if (iik->isairq > 0) {
421 isa_init_irq(isadev, &iik->kcs.irq, iik->isairq);
422 iik->kcs.use_irq = 1;
423 }
424
425 qdev_set_legacy_instance_id(dev, iik->kcs.io_base, iik->kcs.io_length);
426
427 isa_register_ioport(isadev, &iik->kcs.io, iik->kcs.io_base);
428}
429
430static int ipmi_kcs_vmstate_post_load(void *opaque, int version)
431{
432 IPMIKCS *ik = opaque;
433
434 /* Make sure all the values are sane. */
435 if (ik->outpos >= MAX_IPMI_MSG_SIZE || ik->outlen >= MAX_IPMI_MSG_SIZE ||
436 ik->outpos >= ik->outlen) {
437 qemu_log_mask(LOG_GUEST_ERROR,
438 "ipmi:kcs: vmstate transfer received bad out values: %d %d\n",
439 ik->outpos, ik->outlen);
440 ik->outpos = 0;
441 ik->outlen = 0;
442 }
443
444 if (ik->inlen >= MAX_IPMI_MSG_SIZE) {
445 qemu_log_mask(LOG_GUEST_ERROR,
446 "ipmi:kcs: vmstate transfer received bad in value: %d\n",
447 ik->inlen);
448 ik->inlen = 0;
449 }
450
451 return 0;
452}
453
454static bool vmstate_kcs_before_version2(void *opaque, int version)
455{
456 return version <= 1;
457}
458
459static const VMStateDescription vmstate_IPMIKCS = {
460 .name = TYPE_IPMI_INTERFACE_PREFIX "kcs",
461 .version_id = 2,
462 .minimum_version_id = 1,
463 .post_load = ipmi_kcs_vmstate_post_load,
464 .fields = (VMStateField[]) {
465 VMSTATE_BOOL(obf_irq_set, IPMIKCS),
466 VMSTATE_BOOL(atn_irq_set, IPMIKCS),
467 VMSTATE_UNUSED_TEST(vmstate_kcs_before_version2, 1), /* Was use_irq */
468 VMSTATE_BOOL(irqs_enabled, IPMIKCS),
469 VMSTATE_UINT32(outpos, IPMIKCS),
470 VMSTATE_UINT32_V(outlen, IPMIKCS, 2),
471 VMSTATE_UINT8_ARRAY(outmsg, IPMIKCS, MAX_IPMI_MSG_SIZE),
472 VMSTATE_UINT32_V(inlen, IPMIKCS, 2),
473 VMSTATE_UINT8_ARRAY(inmsg, IPMIKCS, MAX_IPMI_MSG_SIZE),
474 VMSTATE_BOOL(write_end, IPMIKCS),
475 VMSTATE_UINT8(status_reg, IPMIKCS),
476 VMSTATE_UINT8(data_out_reg, IPMIKCS),
477 VMSTATE_INT16(data_in_reg, IPMIKCS),
478 VMSTATE_INT16(cmd_reg, IPMIKCS),
479 VMSTATE_UINT8(waiting_rsp, IPMIKCS),
480 VMSTATE_END_OF_LIST()
481 }
482};
483
484static const VMStateDescription vmstate_ISAIPMIKCSDevice = {
485 .name = TYPE_IPMI_INTERFACE,
486 .version_id = 2,
487 .minimum_version_id = 1,
488 .fields = (VMStateField[]) {
489 VMSTATE_VSTRUCT_TEST(kcs, ISAIPMIKCSDevice, vmstate_kcs_before_version2,
490 0, vmstate_IPMIKCS, IPMIKCS, 1),
491 VMSTATE_VSTRUCT_V(kcs, ISAIPMIKCSDevice, 2, vmstate_IPMIKCS,
492 IPMIKCS, 2),
493 VMSTATE_END_OF_LIST()
494 }
495};
496
497static void isa_ipmi_kcs_init(Object *obj)
498{
499 ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(obj);
500
501 ipmi_bmc_find_and_link(obj, (Object **) &iik->kcs.bmc);
502
503 /*
504 * Version 1 had an incorrect name, it clashed with the BT
505 * IPMI device, so receive it, but transmit a different
506 * version.
507 */
508 vmstate_register(NULL, 0, &vmstate_ISAIPMIKCSDevice, iik);
509}
510
511static void *isa_ipmi_kcs_get_backend_data(IPMIInterface *ii)
512{
513 ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(ii);
514
515 return &iik->kcs;
516}
517
518static Property ipmi_isa_properties[] = {
519 DEFINE_PROP_UINT32("ioport", ISAIPMIKCSDevice, kcs.io_base, 0xca2),
520 DEFINE_PROP_INT32("irq", ISAIPMIKCSDevice, isairq, 5),
521 DEFINE_PROP_END_OF_LIST(),
522};
523
524static void isa_ipmi_kcs_class_init(ObjectClass *oc, void *data)
525{
526 DeviceClass *dc = DEVICE_CLASS(oc);
527 IPMIInterfaceClass *iic = IPMI_INTERFACE_CLASS(oc);
528
529 dc->realize = ipmi_isa_realize;
530 dc->props = ipmi_isa_properties;
531
532 iic->get_backend_data = isa_ipmi_kcs_get_backend_data;
533 ipmi_kcs_class_init(iic);
534}
535
536static const TypeInfo isa_ipmi_kcs_info = {
537 .name = TYPE_ISA_IPMI_KCS,
538 .parent = TYPE_ISA_DEVICE,
539 .instance_size = sizeof(ISAIPMIKCSDevice),
540 .instance_init = isa_ipmi_kcs_init,
541 .class_init = isa_ipmi_kcs_class_init,
542 .interfaces = (InterfaceInfo[]) {
543 { TYPE_IPMI_INTERFACE },
544 { }
545 }
546};
547
548static void ipmi_register_types(void)
549{
550 type_register_static(&isa_ipmi_kcs_info);
551}
552
553type_init(ipmi_register_types)
554