summaryrefslogtreecommitdiffstats
path: root/hw/ipmi
diff options
context:
space:
mode:
Diffstat (limited to 'hw/ipmi')
-rw-r--r--hw/ipmi/Kconfig37
-rw-r--r--hw/ipmi/ipmi.c138
-rw-r--r--hw/ipmi/ipmi_bmc_extern.c548
-rw-r--r--hw/ipmi/ipmi_bmc_sim.c2232
-rw-r--r--hw/ipmi/ipmi_bt.c437
-rw-r--r--hw/ipmi/ipmi_kcs.c423
-rw-r--r--hw/ipmi/isa_ipmi_bt.c177
-rw-r--r--hw/ipmi/isa_ipmi_kcs.c184
-rw-r--r--hw/ipmi/meson.build11
-rw-r--r--hw/ipmi/pci_ipmi_bt.c148
-rw-r--r--hw/ipmi/pci_ipmi_kcs.c148
-rw-r--r--hw/ipmi/smbus_ipmi.c391
12 files changed, 4874 insertions, 0 deletions
diff --git a/hw/ipmi/Kconfig b/hw/ipmi/Kconfig
new file mode 100644
index 00000000..9befd4f4
--- /dev/null
+++ b/hw/ipmi/Kconfig
@@ -0,0 +1,37 @@
+config IPMI
+ bool
+
+config IPMI_LOCAL
+ bool
+ default y
+ depends on IPMI
+
+config IPMI_EXTERN
+ bool
+ default y
+ depends on IPMI
+
+config ISA_IPMI_KCS
+ bool
+ depends on ISA_BUS
+ select IPMI
+
+config ISA_IPMI_BT
+ bool
+ depends on ISA_BUS
+ select IPMI
+
+config PCI_IPMI_KCS
+ bool
+ depends on PCI
+ select IPMI
+
+config PCI_IPMI_BT
+ bool
+ depends on PCI
+ select IPMI
+
+config IPMI_SSIF
+ bool
+ depends on I2C
+ select IPMI
diff --git a/hw/ipmi/ipmi.c b/hw/ipmi/ipmi.c
new file mode 100644
index 00000000..bbb07b15
--- /dev/null
+++ b/hw/ipmi/ipmi.c
@@ -0,0 +1,138 @@
+/*
+ * QEMU IPMI emulation
+ *
+ * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/ipmi/ipmi.h"
+#include "hw/qdev-properties.h"
+#include "qom/object_interfaces.h"
+#include "sysemu/runstate.h"
+#include "qapi/error.h"
+#include "qemu/module.h"
+#include "hw/nmi.h"
+
+static uint32_t ipmi_current_uuid = 1;
+
+uint32_t ipmi_next_uuid(void)
+{
+ return ipmi_current_uuid++;
+}
+
+static int ipmi_do_hw_op(IPMIInterface *s, enum ipmi_op op, int checkonly)
+{
+ switch (op) {
+ case IPMI_RESET_CHASSIS:
+ if (checkonly) {
+ return 0;
+ }
+ qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
+ return 0;
+
+ case IPMI_POWEROFF_CHASSIS:
+ if (checkonly) {
+ return 0;
+ }
+ qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
+ return 0;
+
+ case IPMI_SEND_NMI:
+ if (checkonly) {
+ return 0;
+ }
+ /* We don't care what CPU we use. */
+ nmi_monitor_handle(0, NULL);
+ return 0;
+
+ case IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP:
+ if (checkonly) {
+ return 0;
+ }
+ qemu_system_powerdown_request();
+ return 0;
+
+ case IPMI_POWERCYCLE_CHASSIS:
+ case IPMI_PULSE_DIAG_IRQ:
+ case IPMI_POWERON_CHASSIS:
+ default:
+ return IPMI_CC_COMMAND_NOT_SUPPORTED;
+ }
+}
+
+static void ipmi_interface_class_init(ObjectClass *class, void *data)
+{
+ IPMIInterfaceClass *ik = IPMI_INTERFACE_CLASS(class);
+
+ ik->do_hw_op = ipmi_do_hw_op;
+}
+
+static const TypeInfo ipmi_interface_type_info = {
+ .name = TYPE_IPMI_INTERFACE,
+ .parent = TYPE_INTERFACE,
+ .class_size = sizeof(IPMIInterfaceClass),
+ .class_init = ipmi_interface_class_init,
+};
+
+static void isa_ipmi_bmc_check(const Object *obj, const char *name,
+ Object *val, Error **errp)
+{
+ IPMIBmc *bmc = IPMI_BMC(val);
+
+ if (bmc->intf)
+ error_setg(errp, "BMC object is already in use");
+}
+
+void ipmi_bmc_find_and_link(Object *obj, Object **bmc)
+{
+ object_property_add_link(obj, "bmc", TYPE_IPMI_BMC, bmc,
+ isa_ipmi_bmc_check,
+ OBJ_PROP_LINK_STRONG);
+}
+
+static Property ipmi_bmc_properties[] = {
+ DEFINE_PROP_UINT8("slave_addr", IPMIBmc, slave_addr, 0x20),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void bmc_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+
+ device_class_set_props(dc, ipmi_bmc_properties);
+}
+
+static const TypeInfo ipmi_bmc_type_info = {
+ .name = TYPE_IPMI_BMC,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(IPMIBmc),
+ .abstract = true,
+ .class_size = sizeof(IPMIBmcClass),
+ .class_init = bmc_class_init,
+};
+
+static void ipmi_register_types(void)
+{
+ type_register_static(&ipmi_interface_type_info);
+ type_register_static(&ipmi_bmc_type_info);
+}
+
+type_init(ipmi_register_types)
diff --git a/hw/ipmi/ipmi_bmc_extern.c b/hw/ipmi/ipmi_bmc_extern.c
new file mode 100644
index 00000000..acf2bab3
--- /dev/null
+++ b/hw/ipmi/ipmi_bmc_extern.c
@@ -0,0 +1,548 @@
+/*
+ * IPMI BMC external connection
+ *
+ * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/*
+ * This is designed to connect with OpenIPMI's lanserv serial interface
+ * using the "VM" connection type. See that for details.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "qemu/module.h"
+#include "qapi/error.h"
+#include "qemu/timer.h"
+#include "chardev/char-fe.h"
+#include "hw/ipmi/ipmi.h"
+#include "hw/qdev-properties.h"
+#include "hw/qdev-properties-system.h"
+#include "migration/vmstate.h"
+#include "qom/object.h"
+
+#define VM_MSG_CHAR 0xA0 /* Marks end of message */
+#define VM_CMD_CHAR 0xA1 /* Marks end of a command */
+#define VM_ESCAPE_CHAR 0xAA /* Set bit 4 from the next byte to 0 */
+
+#define VM_PROTOCOL_VERSION 1
+#define VM_CMD_VERSION 0xff /* A version number byte follows */
+#define VM_CMD_NOATTN 0x00
+#define VM_CMD_ATTN 0x01
+#define VM_CMD_ATTN_IRQ 0x02
+#define VM_CMD_POWEROFF 0x03
+#define VM_CMD_RESET 0x04
+#define VM_CMD_ENABLE_IRQ 0x05 /* Enable/disable the messaging irq */
+#define VM_CMD_DISABLE_IRQ 0x06
+#define VM_CMD_SEND_NMI 0x07
+#define VM_CMD_CAPABILITIES 0x08
+#define VM_CAPABILITIES_POWER 0x01
+#define VM_CAPABILITIES_RESET 0x02
+#define VM_CAPABILITIES_IRQ 0x04
+#define VM_CAPABILITIES_NMI 0x08
+#define VM_CAPABILITIES_ATTN 0x10
+#define VM_CAPABILITIES_GRACEFUL_SHUTDOWN 0x20
+#define VM_CMD_GRACEFUL_SHUTDOWN 0x09
+
+#define TYPE_IPMI_BMC_EXTERN "ipmi-bmc-extern"
+OBJECT_DECLARE_SIMPLE_TYPE(IPMIBmcExtern, IPMI_BMC_EXTERN)
+struct IPMIBmcExtern {
+ IPMIBmc parent;
+
+ CharBackend chr;
+
+ bool connected;
+
+ unsigned char inbuf[MAX_IPMI_MSG_SIZE + 2];
+ unsigned int inpos;
+ bool in_escape;
+ bool in_too_many;
+ bool waiting_rsp;
+ bool sending_cmd;
+
+ unsigned char outbuf[(MAX_IPMI_MSG_SIZE + 2) * 2 + 1];
+ unsigned int outpos;
+ unsigned int outlen;
+
+ struct QEMUTimer *extern_timer;
+
+ /* A reset event is pending to be sent upstream. */
+ bool send_reset;
+};
+
+static unsigned char
+ipmb_checksum(const unsigned char *data, int size, unsigned char start)
+{
+ unsigned char csum = start;
+
+ for (; size > 0; size--, data++) {
+ csum += *data;
+ }
+ return csum;
+}
+
+static void continue_send(IPMIBmcExtern *ibe)
+{
+ int ret;
+ if (ibe->outlen == 0) {
+ goto check_reset;
+ }
+ send:
+ ret = qemu_chr_fe_write(&ibe->chr, ibe->outbuf + ibe->outpos,
+ ibe->outlen - ibe->outpos);
+ if (ret > 0) {
+ ibe->outpos += ret;
+ }
+ if (ibe->outpos < ibe->outlen) {
+ /* Not fully transmitted, try again in a 10ms */
+ timer_mod_ns(ibe->extern_timer,
+ qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 10000000);
+ } else {
+ /* Sent */
+ ibe->outlen = 0;
+ ibe->outpos = 0;
+ if (!ibe->sending_cmd) {
+ ibe->waiting_rsp = true;
+ } else {
+ ibe->sending_cmd = false;
+ }
+ check_reset:
+ if (ibe->connected && ibe->send_reset) {
+ /* Send the reset */
+ ibe->outbuf[0] = VM_CMD_RESET;
+ ibe->outbuf[1] = VM_CMD_CHAR;
+ ibe->outlen = 2;
+ ibe->outpos = 0;
+ ibe->send_reset = false;
+ ibe->sending_cmd = true;
+ goto send;
+ }
+
+ if (ibe->waiting_rsp) {
+ /* Make sure we get a response within 4 seconds. */
+ timer_mod_ns(ibe->extern_timer,
+ qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 4000000000ULL);
+ }
+ }
+ return;
+}
+
+static void extern_timeout(void *opaque)
+{
+ IPMIBmcExtern *ibe = opaque;
+ IPMIInterface *s = ibe->parent.intf;
+
+ if (ibe->connected) {
+ if (ibe->waiting_rsp && (ibe->outlen == 0)) {
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+ /* The message response timed out, return an error. */
+ ibe->waiting_rsp = false;
+ ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
+ ibe->inbuf[2] = ibe->outbuf[2];
+ ibe->inbuf[3] = IPMI_CC_TIMEOUT;
+ k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3);
+ } else {
+ continue_send(ibe);
+ }
+ }
+}
+
+static void addchar(IPMIBmcExtern *ibe, unsigned char ch)
+{
+ switch (ch) {
+ case VM_MSG_CHAR:
+ case VM_CMD_CHAR:
+ case VM_ESCAPE_CHAR:
+ ibe->outbuf[ibe->outlen] = VM_ESCAPE_CHAR;
+ ibe->outlen++;
+ ch |= 0x10;
+ /* fall through */
+ default:
+ ibe->outbuf[ibe->outlen] = ch;
+ ibe->outlen++;
+ }
+}
+
+static void ipmi_bmc_extern_handle_command(IPMIBmc *b,
+ uint8_t *cmd, unsigned int cmd_len,
+ unsigned int max_cmd_len,
+ uint8_t msg_id)
+{
+ IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b);
+ IPMIInterface *s = ibe->parent.intf;
+ uint8_t err = 0, csum;
+ unsigned int i;
+
+ if (ibe->outlen) {
+ /* We already have a command queued. Shouldn't ever happen. */
+ error_report("IPMI KCS: Got command when not finished with the"
+ " previous command");
+ abort();
+ }
+
+ /* If it's too short or it was truncated, return an error. */
+ if (cmd_len < 2) {
+ err = IPMI_CC_REQUEST_DATA_LENGTH_INVALID;
+ } else if ((cmd_len > max_cmd_len) || (cmd_len > MAX_IPMI_MSG_SIZE)) {
+ err = IPMI_CC_REQUEST_DATA_TRUNCATED;
+ } else if (!ibe->connected) {
+ err = IPMI_CC_BMC_INIT_IN_PROGRESS;
+ }
+ if (err) {
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+ unsigned char rsp[3];
+ rsp[0] = cmd[0] | 0x04;
+ rsp[1] = cmd[1];
+ rsp[2] = err;
+ ibe->waiting_rsp = false;
+ k->handle_rsp(s, msg_id, rsp, 3);
+ goto out;
+ }
+
+ addchar(ibe, msg_id);
+ for (i = 0; i < cmd_len; i++) {
+ addchar(ibe, cmd[i]);
+ }
+ csum = ipmb_checksum(&msg_id, 1, 0);
+ addchar(ibe, -ipmb_checksum(cmd, cmd_len, csum));
+
+ ibe->outbuf[ibe->outlen] = VM_MSG_CHAR;
+ ibe->outlen++;
+
+ /* Start the transmit */
+ continue_send(ibe);
+
+ out:
+ return;
+}
+
+static void handle_hw_op(IPMIBmcExtern *ibe, unsigned char hw_op)
+{
+ IPMIInterface *s = ibe->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+
+ switch (hw_op) {
+ case VM_CMD_VERSION:
+ /* We only support one version at this time. */
+ break;
+
+ case VM_CMD_NOATTN:
+ k->set_atn(s, 0, 0);
+ break;
+
+ case VM_CMD_ATTN:
+ k->set_atn(s, 1, 0);
+ break;
+
+ case VM_CMD_ATTN_IRQ:
+ k->set_atn(s, 1, 1);
+ break;
+
+ case VM_CMD_POWEROFF:
+ k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0);
+ break;
+
+ case VM_CMD_RESET:
+ k->do_hw_op(s, IPMI_RESET_CHASSIS, 0);
+ break;
+
+ case VM_CMD_ENABLE_IRQ:
+ k->set_irq_enable(s, 1);
+ break;
+
+ case VM_CMD_DISABLE_IRQ:
+ k->set_irq_enable(s, 0);
+ break;
+
+ case VM_CMD_SEND_NMI:
+ k->do_hw_op(s, IPMI_SEND_NMI, 0);
+ break;
+
+ case VM_CMD_GRACEFUL_SHUTDOWN:
+ k->do_hw_op(s, IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 0);
+ break;
+ }
+}
+
+static void handle_msg(IPMIBmcExtern *ibe)
+{
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(ibe->parent.intf);
+
+ if (ibe->in_escape) {
+ ipmi_debug("msg escape not ended\n");
+ return;
+ }
+ if (ibe->inpos < 5) {
+ ipmi_debug("msg too short\n");
+ return;
+ }
+ if (ibe->in_too_many) {
+ ibe->inbuf[3] = IPMI_CC_REQUEST_DATA_TRUNCATED;
+ ibe->inpos = 4;
+ } else if (ipmb_checksum(ibe->inbuf, ibe->inpos, 0) != 0) {
+ ipmi_debug("msg checksum failure\n");
+ return;
+ } else {
+ ibe->inpos--; /* Remove checkum */
+ }
+
+ timer_del(ibe->extern_timer);
+ ibe->waiting_rsp = false;
+ k->handle_rsp(ibe->parent.intf, ibe->inbuf[0], ibe->inbuf + 1, ibe->inpos - 1);
+}
+
+static int can_receive(void *opaque)
+{
+ return 1;
+}
+
+static void receive(void *opaque, const uint8_t *buf, int size)
+{
+ IPMIBmcExtern *ibe = opaque;
+ int i;
+ unsigned char hw_op;
+
+ for (i = 0; i < size; i++) {
+ unsigned char ch = buf[i];
+
+ switch (ch) {
+ case VM_MSG_CHAR:
+ handle_msg(ibe);
+ ibe->in_too_many = false;
+ ibe->inpos = 0;
+ break;
+
+ case VM_CMD_CHAR:
+ if (ibe->in_too_many) {
+ ipmi_debug("cmd in too many\n");
+ ibe->in_too_many = false;
+ ibe->inpos = 0;
+ break;
+ }
+ if (ibe->in_escape) {
+ ipmi_debug("cmd in escape\n");
+ ibe->in_too_many = false;
+ ibe->inpos = 0;
+ ibe->in_escape = false;
+ break;
+ }
+ ibe->in_too_many = false;
+ if (ibe->inpos < 1) {
+ break;
+ }
+ hw_op = ibe->inbuf[0];
+ ibe->inpos = 0;
+ goto out_hw_op;
+ break;
+
+ case VM_ESCAPE_CHAR:
+ ibe->in_escape = true;
+ break;
+
+ default:
+ if (ibe->in_escape) {
+ ch &= ~0x10;
+ ibe->in_escape = false;
+ }
+ if (ibe->in_too_many) {
+ break;
+ }
+ if (ibe->inpos >= sizeof(ibe->inbuf)) {
+ ibe->in_too_many = true;
+ break;
+ }
+ ibe->inbuf[ibe->inpos] = ch;
+ ibe->inpos++;
+ break;
+ }
+ }
+ return;
+
+ out_hw_op:
+ handle_hw_op(ibe, hw_op);
+}
+
+static void chr_event(void *opaque, QEMUChrEvent event)
+{
+ IPMIBmcExtern *ibe = opaque;
+ IPMIInterface *s = ibe->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+ unsigned char v;
+
+ switch (event) {
+ case CHR_EVENT_OPENED:
+ ibe->connected = true;
+ ibe->outpos = 0;
+ ibe->outlen = 0;
+ addchar(ibe, VM_CMD_VERSION);
+ addchar(ibe, VM_PROTOCOL_VERSION);
+ ibe->outbuf[ibe->outlen] = VM_CMD_CHAR;
+ ibe->outlen++;
+ addchar(ibe, VM_CMD_CAPABILITIES);
+ v = VM_CAPABILITIES_IRQ | VM_CAPABILITIES_ATTN;
+ if (k->do_hw_op(ibe->parent.intf, IPMI_POWEROFF_CHASSIS, 1) == 0) {
+ v |= VM_CAPABILITIES_POWER;
+ }
+ if (k->do_hw_op(ibe->parent.intf, IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 1)
+ == 0) {
+ v |= VM_CAPABILITIES_GRACEFUL_SHUTDOWN;
+ }
+ if (k->do_hw_op(ibe->parent.intf, IPMI_RESET_CHASSIS, 1) == 0) {
+ v |= VM_CAPABILITIES_RESET;
+ }
+ if (k->do_hw_op(ibe->parent.intf, IPMI_SEND_NMI, 1) == 0) {
+ v |= VM_CAPABILITIES_NMI;
+ }
+ addchar(ibe, v);
+ ibe->outbuf[ibe->outlen] = VM_CMD_CHAR;
+ ibe->outlen++;
+ ibe->sending_cmd = false;
+ continue_send(ibe);
+ break;
+
+ case CHR_EVENT_CLOSED:
+ if (!ibe->connected) {
+ return;
+ }
+ ibe->connected = false;
+ /*
+ * Don't hang the OS trying to handle the ATN bit, other end will
+ * resend on a reconnect.
+ */
+ k->set_atn(s, 0, 0);
+ if (ibe->waiting_rsp) {
+ ibe->waiting_rsp = false;
+ ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
+ ibe->inbuf[2] = ibe->outbuf[2];
+ ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS;
+ k->handle_rsp(s, ibe->outbuf[0], ibe->inbuf + 1, 3);
+ }
+ break;
+
+ case CHR_EVENT_BREAK:
+ case CHR_EVENT_MUX_IN:
+ case CHR_EVENT_MUX_OUT:
+ /* Ignore */
+ break;
+ }
+}
+
+static void ipmi_bmc_extern_handle_reset(IPMIBmc *b)
+{
+ IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(b);
+
+ ibe->send_reset = true;
+ continue_send(ibe);
+}
+
+static void ipmi_bmc_extern_realize(DeviceState *dev, Error **errp)
+{
+ IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(dev);
+
+ if (!qemu_chr_fe_backend_connected(&ibe->chr)) {
+ error_setg(errp, "IPMI external bmc requires chardev attribute");
+ return;
+ }
+
+ qemu_chr_fe_set_handlers(&ibe->chr, can_receive, receive,
+ chr_event, NULL, ibe, NULL, true);
+}
+
+static int ipmi_bmc_extern_post_migrate(void *opaque, int version_id)
+{
+ IPMIBmcExtern *ibe = opaque;
+
+ /*
+ * We don't directly restore waiting_rsp, Instead, we return an
+ * error on the interface if a response was being waited for.
+ */
+ if (ibe->waiting_rsp) {
+ IPMIInterface *ii = ibe->parent.intf;
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+
+ ibe->waiting_rsp = false;
+ ibe->inbuf[1] = ibe->outbuf[1] | 0x04;
+ ibe->inbuf[2] = ibe->outbuf[2];
+ ibe->inbuf[3] = IPMI_CC_BMC_INIT_IN_PROGRESS;
+ iic->handle_rsp(ii, ibe->outbuf[0], ibe->inbuf + 1, 3);
+ }
+ return 0;
+}
+
+static const VMStateDescription vmstate_ipmi_bmc_extern = {
+ .name = TYPE_IPMI_BMC_EXTERN,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .post_load = ipmi_bmc_extern_post_migrate,
+ .fields = (VMStateField[]) {
+ VMSTATE_BOOL(send_reset, IPMIBmcExtern),
+ VMSTATE_BOOL(waiting_rsp, IPMIBmcExtern),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void ipmi_bmc_extern_init(Object *obj)
+{
+ IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj);
+
+ ibe->extern_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, extern_timeout, ibe);
+ vmstate_register(NULL, 0, &vmstate_ipmi_bmc_extern, ibe);
+}
+
+static void ipmi_bmc_extern_finalize(Object *obj)
+{
+ IPMIBmcExtern *ibe = IPMI_BMC_EXTERN(obj);
+
+ timer_free(ibe->extern_timer);
+}
+
+static Property ipmi_bmc_extern_properties[] = {
+ DEFINE_PROP_CHR("chardev", IPMIBmcExtern, chr),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void ipmi_bmc_extern_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ IPMIBmcClass *bk = IPMI_BMC_CLASS(oc);
+
+ bk->handle_command = ipmi_bmc_extern_handle_command;
+ bk->handle_reset = ipmi_bmc_extern_handle_reset;
+ dc->hotpluggable = false;
+ dc->realize = ipmi_bmc_extern_realize;
+ device_class_set_props(dc, ipmi_bmc_extern_properties);
+}
+
+static const TypeInfo ipmi_bmc_extern_type = {
+ .name = TYPE_IPMI_BMC_EXTERN,
+ .parent = TYPE_IPMI_BMC,
+ .instance_size = sizeof(IPMIBmcExtern),
+ .instance_init = ipmi_bmc_extern_init,
+ .instance_finalize = ipmi_bmc_extern_finalize,
+ .class_init = ipmi_bmc_extern_class_init,
+ };
+
+static void ipmi_bmc_extern_register_types(void)
+{
+ type_register_static(&ipmi_bmc_extern_type);
+}
+
+type_init(ipmi_bmc_extern_register_types)
diff --git a/hw/ipmi/ipmi_bmc_sim.c b/hw/ipmi/ipmi_bmc_sim.c
new file mode 100644
index 00000000..905e0910
--- /dev/null
+++ b/hw/ipmi/ipmi_bmc_sim.c
@@ -0,0 +1,2232 @@
+/*
+ * IPMI BMC emulation
+ *
+ * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "sysemu/sysemu.h"
+#include "qemu/timer.h"
+#include "hw/ipmi/ipmi.h"
+#include "qemu/error-report.h"
+#include "qemu/module.h"
+#include "hw/loader.h"
+#include "hw/qdev-properties.h"
+#include "hw/qdev-properties-system.h"
+#include "migration/vmstate.h"
+
+#define IPMI_NETFN_CHASSIS 0x00
+
+#define IPMI_CMD_GET_CHASSIS_CAPABILITIES 0x00
+#define IPMI_CMD_GET_CHASSIS_STATUS 0x01
+#define IPMI_CMD_CHASSIS_CONTROL 0x02
+#define IPMI_CMD_GET_SYS_RESTART_CAUSE 0x09
+
+#define IPMI_NETFN_SENSOR_EVENT 0x04
+
+#define IPMI_CMD_PLATFORM_EVENT_MSG 0x02
+#define IPMI_CMD_SET_SENSOR_EVT_ENABLE 0x28
+#define IPMI_CMD_GET_SENSOR_EVT_ENABLE 0x29
+#define IPMI_CMD_REARM_SENSOR_EVTS 0x2a
+#define IPMI_CMD_GET_SENSOR_EVT_STATUS 0x2b
+#define IPMI_CMD_GET_SENSOR_READING 0x2d
+#define IPMI_CMD_SET_SENSOR_TYPE 0x2e
+#define IPMI_CMD_GET_SENSOR_TYPE 0x2f
+#define IPMI_CMD_SET_SENSOR_READING 0x30
+
+/* #define IPMI_NETFN_APP 0x06 In ipmi.h */
+
+#define IPMI_CMD_GET_DEVICE_ID 0x01
+#define IPMI_CMD_COLD_RESET 0x02
+#define IPMI_CMD_WARM_RESET 0x03
+#define IPMI_CMD_SET_ACPI_POWER_STATE 0x06
+#define IPMI_CMD_GET_ACPI_POWER_STATE 0x07
+#define IPMI_CMD_GET_DEVICE_GUID 0x08
+#define IPMI_CMD_RESET_WATCHDOG_TIMER 0x22
+#define IPMI_CMD_SET_WATCHDOG_TIMER 0x24
+#define IPMI_CMD_GET_WATCHDOG_TIMER 0x25
+#define IPMI_CMD_SET_BMC_GLOBAL_ENABLES 0x2e
+#define IPMI_CMD_GET_BMC_GLOBAL_ENABLES 0x2f
+#define IPMI_CMD_CLR_MSG_FLAGS 0x30
+#define IPMI_CMD_GET_MSG_FLAGS 0x31
+#define IPMI_CMD_GET_MSG 0x33
+#define IPMI_CMD_SEND_MSG 0x34
+#define IPMI_CMD_READ_EVT_MSG_BUF 0x35
+
+#define IPMI_NETFN_STORAGE 0x0a
+
+#define IPMI_CMD_GET_SDR_REP_INFO 0x20
+#define IPMI_CMD_GET_SDR_REP_ALLOC_INFO 0x21
+#define IPMI_CMD_RESERVE_SDR_REP 0x22
+#define IPMI_CMD_GET_SDR 0x23
+#define IPMI_CMD_ADD_SDR 0x24
+#define IPMI_CMD_PARTIAL_ADD_SDR 0x25
+#define IPMI_CMD_DELETE_SDR 0x26
+#define IPMI_CMD_CLEAR_SDR_REP 0x27
+#define IPMI_CMD_GET_SDR_REP_TIME 0x28
+#define IPMI_CMD_SET_SDR_REP_TIME 0x29
+#define IPMI_CMD_ENTER_SDR_REP_UPD_MODE 0x2A
+#define IPMI_CMD_EXIT_SDR_REP_UPD_MODE 0x2B
+#define IPMI_CMD_RUN_INIT_AGENT 0x2C
+#define IPMI_CMD_GET_FRU_AREA_INFO 0x10
+#define IPMI_CMD_READ_FRU_DATA 0x11
+#define IPMI_CMD_WRITE_FRU_DATA 0x12
+#define IPMI_CMD_GET_SEL_INFO 0x40
+#define IPMI_CMD_GET_SEL_ALLOC_INFO 0x41
+#define IPMI_CMD_RESERVE_SEL 0x42
+#define IPMI_CMD_GET_SEL_ENTRY 0x43
+#define IPMI_CMD_ADD_SEL_ENTRY 0x44
+#define IPMI_CMD_PARTIAL_ADD_SEL_ENTRY 0x45
+#define IPMI_CMD_DELETE_SEL_ENTRY 0x46
+#define IPMI_CMD_CLEAR_SEL 0x47
+#define IPMI_CMD_GET_SEL_TIME 0x48
+#define IPMI_CMD_SET_SEL_TIME 0x49
+
+
+/* Same as a timespec struct. */
+struct ipmi_time {
+ long tv_sec;
+ long tv_nsec;
+};
+
+#define MAX_SEL_SIZE 128
+
+typedef struct IPMISel {
+ uint8_t sel[MAX_SEL_SIZE][16];
+ unsigned int next_free;
+ long time_offset;
+ uint16_t reservation;
+ uint8_t last_addition[4];
+ uint8_t last_clear[4];
+ uint8_t overflow;
+} IPMISel;
+
+#define MAX_SDR_SIZE 16384
+
+typedef struct IPMISdr {
+ uint8_t sdr[MAX_SDR_SIZE];
+ unsigned int next_free;
+ uint16_t next_rec_id;
+ uint16_t reservation;
+ uint8_t last_addition[4];
+ uint8_t last_clear[4];
+ uint8_t overflow;
+} IPMISdr;
+
+typedef struct IPMIFru {
+ char *filename;
+ unsigned int nentries;
+ uint16_t areasize;
+ uint8_t *data;
+} IPMIFru;
+
+typedef struct IPMISensor {
+ uint8_t status;
+ uint8_t reading;
+ uint16_t states_suppt;
+ uint16_t assert_suppt;
+ uint16_t deassert_suppt;
+ uint16_t states;
+ uint16_t assert_states;
+ uint16_t deassert_states;
+ uint16_t assert_enable;
+ uint16_t deassert_enable;
+ uint8_t sensor_type;
+ uint8_t evt_reading_type_code;
+} IPMISensor;
+#define IPMI_SENSOR_GET_PRESENT(s) ((s)->status & 0x01)
+#define IPMI_SENSOR_SET_PRESENT(s, v) ((s)->status = (s->status & ~0x01) | \
+ !!(v))
+#define IPMI_SENSOR_GET_SCAN_ON(s) ((s)->status & 0x40)
+#define IPMI_SENSOR_SET_SCAN_ON(s, v) ((s)->status = (s->status & ~0x40) | \
+ ((!!(v)) << 6))
+#define IPMI_SENSOR_GET_EVENTS_ON(s) ((s)->status & 0x80)
+#define IPMI_SENSOR_SET_EVENTS_ON(s, v) ((s)->status = (s->status & ~0x80) | \
+ ((!!(v)) << 7))
+#define IPMI_SENSOR_GET_RET_STATUS(s) ((s)->status & 0xc0)
+#define IPMI_SENSOR_SET_RET_STATUS(s, v) ((s)->status = (s->status & ~0xc0) | \
+ (v & 0xc0))
+#define IPMI_SENSOR_IS_DISCRETE(s) ((s)->evt_reading_type_code != 1)
+
+#define MAX_SENSORS 20
+#define IPMI_WATCHDOG_SENSOR 0
+
+#define MAX_NETFNS 64
+
+typedef struct IPMIRcvBufEntry {
+ QTAILQ_ENTRY(IPMIRcvBufEntry) entry;
+ uint8_t len;
+ uint8_t buf[MAX_IPMI_MSG_SIZE];
+} IPMIRcvBufEntry;
+
+struct IPMIBmcSim {
+ IPMIBmc parent;
+
+ QEMUTimer *timer;
+
+ uint8_t bmc_global_enables;
+ uint8_t msg_flags;
+
+ bool watchdog_initialized;
+ uint8_t watchdog_use;
+ uint8_t watchdog_action;
+ uint8_t watchdog_pretimeout; /* In seconds */
+ uint8_t watchdog_expired;
+ uint16_t watchdog_timeout; /* in 100's of milliseconds */
+
+ bool watchdog_running;
+ bool watchdog_preaction_ran;
+ int64_t watchdog_expiry;
+
+ uint8_t device_id;
+ uint8_t ipmi_version;
+ uint8_t device_rev;
+ uint8_t fwrev1;
+ uint8_t fwrev2;
+ uint32_t mfg_id;
+ uint16_t product_id;
+
+ uint8_t restart_cause;
+
+ uint8_t acpi_power_state[2];
+ QemuUUID uuid;
+
+ IPMISel sel;
+ IPMISdr sdr;
+ IPMIFru fru;
+ IPMISensor sensors[MAX_SENSORS];
+ char *sdr_filename;
+
+ /* Odd netfns are for responses, so we only need the even ones. */
+ const IPMINetfn *netfns[MAX_NETFNS / 2];
+
+ /* We allow one event in the buffer */
+ uint8_t evtbuf[16];
+
+ QTAILQ_HEAD(, IPMIRcvBufEntry) rcvbufs;
+};
+
+#define IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK (1 << 3)
+#define IPMI_BMC_MSG_FLAG_EVT_BUF_FULL (1 << 1)
+#define IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE (1 << 0)
+#define IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK_SET(s) \
+ (IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK & (s)->msg_flags)
+#define IPMI_BMC_MSG_FLAG_EVT_BUF_FULL_SET(s) \
+ (IPMI_BMC_MSG_FLAG_EVT_BUF_FULL & (s)->msg_flags)
+#define IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE_SET(s) \
+ (IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE & (s)->msg_flags)
+
+#define IPMI_BMC_RCV_MSG_QUEUE_INT_BIT 0
+#define IPMI_BMC_EVBUF_FULL_INT_BIT 1
+#define IPMI_BMC_EVENT_MSG_BUF_BIT 2
+#define IPMI_BMC_EVENT_LOG_BIT 3
+#define IPMI_BMC_MSG_INTS_ON(s) ((s)->bmc_global_enables & \
+ (1 << IPMI_BMC_RCV_MSG_QUEUE_INT_BIT))
+#define IPMI_BMC_EVBUF_FULL_INT_ENABLED(s) ((s)->bmc_global_enables & \
+ (1 << IPMI_BMC_EVBUF_FULL_INT_BIT))
+#define IPMI_BMC_EVENT_LOG_ENABLED(s) ((s)->bmc_global_enables & \
+ (1 << IPMI_BMC_EVENT_LOG_BIT))
+#define IPMI_BMC_EVENT_MSG_BUF_ENABLED(s) ((s)->bmc_global_enables & \
+ (1 << IPMI_BMC_EVENT_MSG_BUF_BIT))
+
+#define IPMI_BMC_WATCHDOG_USE_MASK 0xc7
+#define IPMI_BMC_WATCHDOG_ACTION_MASK 0x77
+#define IPMI_BMC_WATCHDOG_GET_USE(s) ((s)->watchdog_use & 0x7)
+#define IPMI_BMC_WATCHDOG_GET_DONT_LOG(s) (((s)->watchdog_use >> 7) & 0x1)
+#define IPMI_BMC_WATCHDOG_GET_DONT_STOP(s) (((s)->watchdog_use >> 6) & 0x1)
+#define IPMI_BMC_WATCHDOG_GET_PRE_ACTION(s) (((s)->watchdog_action >> 4) & 0x7)
+#define IPMI_BMC_WATCHDOG_PRE_NONE 0
+#define IPMI_BMC_WATCHDOG_PRE_SMI 1
+#define IPMI_BMC_WATCHDOG_PRE_NMI 2
+#define IPMI_BMC_WATCHDOG_PRE_MSG_INT 3
+#define IPMI_BMC_WATCHDOG_GET_ACTION(s) ((s)->watchdog_action & 0x7)
+#define IPMI_BMC_WATCHDOG_ACTION_NONE 0
+#define IPMI_BMC_WATCHDOG_ACTION_RESET 1
+#define IPMI_BMC_WATCHDOG_ACTION_POWER_DOWN 2
+#define IPMI_BMC_WATCHDOG_ACTION_POWER_CYCLE 3
+
+#define RSP_BUFFER_INITIALIZER { }
+
+static inline void rsp_buffer_pushmore(RspBuffer *rsp, uint8_t *bytes,
+ unsigned int n)
+{
+ if (rsp->len + n >= sizeof(rsp->buffer)) {
+ rsp_buffer_set_error(rsp, IPMI_CC_REQUEST_DATA_TRUNCATED);
+ return;
+ }
+
+ memcpy(&rsp->buffer[rsp->len], bytes, n);
+ rsp->len += n;
+}
+
+static void ipmi_sim_handle_timeout(IPMIBmcSim *ibs);
+
+static void ipmi_gettime(struct ipmi_time *time)
+{
+ int64_t stime;
+
+ stime = qemu_clock_get_ns(QEMU_CLOCK_HOST);
+ time->tv_sec = stime / 1000000000LL;
+ time->tv_nsec = stime % 1000000000LL;
+}
+
+static int64_t ipmi_getmonotime(void)
+{
+ return qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+}
+
+static void ipmi_timeout(void *opaque)
+{
+ IPMIBmcSim *ibs = opaque;
+
+ ipmi_sim_handle_timeout(ibs);
+}
+
+static void set_timestamp(IPMIBmcSim *ibs, uint8_t *ts)
+{
+ unsigned int val;
+ struct ipmi_time now;
+
+ ipmi_gettime(&now);
+ val = now.tv_sec + ibs->sel.time_offset;
+ ts[0] = val & 0xff;
+ ts[1] = (val >> 8) & 0xff;
+ ts[2] = (val >> 16) & 0xff;
+ ts[3] = (val >> 24) & 0xff;
+}
+
+static void sdr_inc_reservation(IPMISdr *sdr)
+{
+ sdr->reservation++;
+ if (sdr->reservation == 0) {
+ sdr->reservation = 1;
+ }
+}
+
+static int sdr_add_entry(IPMIBmcSim *ibs,
+ const struct ipmi_sdr_header *sdrh_entry,
+ unsigned int len, uint16_t *recid)
+{
+ struct ipmi_sdr_header *sdrh =
+ (struct ipmi_sdr_header *) &ibs->sdr.sdr[ibs->sdr.next_free];
+
+ if ((len < IPMI_SDR_HEADER_SIZE) || (len > 255)) {
+ return 1;
+ }
+
+ if (ipmi_sdr_length(sdrh_entry) != len) {
+ return 1;
+ }
+
+ if (ibs->sdr.next_free + len > MAX_SDR_SIZE) {
+ ibs->sdr.overflow = 1;
+ return 1;
+ }
+
+ memcpy(sdrh, sdrh_entry, len);
+ sdrh->rec_id[0] = ibs->sdr.next_rec_id & 0xff;
+ sdrh->rec_id[1] = (ibs->sdr.next_rec_id >> 8) & 0xff;
+ sdrh->sdr_version = 0x51; /* Conform to IPMI 1.5 spec */
+
+ if (recid) {
+ *recid = ibs->sdr.next_rec_id;
+ }
+ ibs->sdr.next_rec_id++;
+ set_timestamp(ibs, ibs->sdr.last_addition);
+ ibs->sdr.next_free += len;
+ sdr_inc_reservation(&ibs->sdr);
+ return 0;
+}
+
+static int sdr_find_entry(IPMISdr *sdr, uint16_t recid,
+ unsigned int *retpos, uint16_t *nextrec)
+{
+ unsigned int pos = *retpos;
+
+ while (pos < sdr->next_free) {
+ struct ipmi_sdr_header *sdrh =
+ (struct ipmi_sdr_header *) &sdr->sdr[pos];
+ uint16_t trec = ipmi_sdr_recid(sdrh);
+ unsigned int nextpos = pos + ipmi_sdr_length(sdrh);
+
+ if (trec == recid) {
+ if (nextrec) {
+ if (nextpos >= sdr->next_free) {
+ *nextrec = 0xffff;
+ } else {
+ *nextrec = (sdr->sdr[nextpos] |
+ (sdr->sdr[nextpos + 1] << 8));
+ }
+ }
+ *retpos = pos;
+ return 0;
+ }
+ pos = nextpos;
+ }
+ return 1;
+}
+
+int ipmi_bmc_sdr_find(IPMIBmc *b, uint16_t recid,
+ const struct ipmi_sdr_compact **sdr, uint16_t *nextrec)
+
+{
+ IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b);
+ unsigned int pos;
+
+ pos = 0;
+ if (sdr_find_entry(&ibs->sdr, recid, &pos, nextrec)) {
+ return -1;
+ }
+
+ *sdr = (const struct ipmi_sdr_compact *) &ibs->sdr.sdr[pos];
+ return 0;
+}
+
+static void sel_inc_reservation(IPMISel *sel)
+{
+ sel->reservation++;
+ if (sel->reservation == 0) {
+ sel->reservation = 1;
+ }
+}
+
+/* Returns 1 if the SEL is full and can't hold the event. */
+static int sel_add_event(IPMIBmcSim *ibs, uint8_t *event)
+{
+ uint8_t ts[4];
+
+ event[0] = 0xff;
+ event[1] = 0xff;
+ set_timestamp(ibs, ts);
+ if (event[2] < 0xe0) { /* Don't set timestamps for type 0xe0-0xff. */
+ memcpy(event + 3, ts, 4);
+ }
+ if (ibs->sel.next_free == MAX_SEL_SIZE) {
+ ibs->sel.overflow = 1;
+ return 1;
+ }
+ event[0] = ibs->sel.next_free & 0xff;
+ event[1] = (ibs->sel.next_free >> 8) & 0xff;
+ memcpy(ibs->sel.last_addition, ts, 4);
+ memcpy(ibs->sel.sel[ibs->sel.next_free], event, 16);
+ ibs->sel.next_free++;
+ sel_inc_reservation(&ibs->sel);
+ return 0;
+}
+
+static int attn_set(IPMIBmcSim *ibs)
+{
+ return IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE_SET(ibs)
+ || IPMI_BMC_MSG_FLAG_EVT_BUF_FULL_SET(ibs)
+ || IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK_SET(ibs);
+}
+
+static int attn_irq_enabled(IPMIBmcSim *ibs)
+{
+ return (IPMI_BMC_MSG_INTS_ON(ibs) &&
+ (IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE_SET(ibs) ||
+ IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK_SET(ibs)))
+ || (IPMI_BMC_EVBUF_FULL_INT_ENABLED(ibs) &&
+ IPMI_BMC_MSG_FLAG_EVT_BUF_FULL_SET(ibs));
+}
+
+void ipmi_bmc_gen_event(IPMIBmc *b, uint8_t *evt, bool log)
+{
+ IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b);
+ IPMIInterface *s = ibs->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+
+ if (!IPMI_BMC_EVENT_MSG_BUF_ENABLED(ibs)) {
+ return;
+ }
+
+ if (log && IPMI_BMC_EVENT_LOG_ENABLED(ibs)) {
+ sel_add_event(ibs, evt);
+ }
+
+ if (ibs->msg_flags & IPMI_BMC_MSG_FLAG_EVT_BUF_FULL) {
+ goto out;
+ }
+
+ memcpy(ibs->evtbuf, evt, 16);
+ ibs->msg_flags |= IPMI_BMC_MSG_FLAG_EVT_BUF_FULL;
+ k->set_atn(s, 1, attn_irq_enabled(ibs));
+ out:
+ return;
+}
+static void gen_event(IPMIBmcSim *ibs, unsigned int sens_num, uint8_t deassert,
+ uint8_t evd1, uint8_t evd2, uint8_t evd3)
+{
+ IPMIInterface *s = ibs->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+ uint8_t evt[16];
+ IPMISensor *sens = ibs->sensors + sens_num;
+
+ if (!IPMI_BMC_EVENT_MSG_BUF_ENABLED(ibs)) {
+ return;
+ }
+ if (!IPMI_SENSOR_GET_EVENTS_ON(sens)) {
+ return;
+ }
+
+ evt[2] = 0x2; /* System event record */
+ evt[7] = ibs->parent.slave_addr;
+ evt[8] = 0;
+ evt[9] = 0x04; /* Format version */
+ evt[10] = sens->sensor_type;
+ evt[11] = sens_num;
+ evt[12] = sens->evt_reading_type_code | (!!deassert << 7);
+ evt[13] = evd1;
+ evt[14] = evd2;
+ evt[15] = evd3;
+
+ if (IPMI_BMC_EVENT_LOG_ENABLED(ibs)) {
+ sel_add_event(ibs, evt);
+ }
+
+ if (ibs->msg_flags & IPMI_BMC_MSG_FLAG_EVT_BUF_FULL) {
+ return;
+ }
+
+ memcpy(ibs->evtbuf, evt, 16);
+ ibs->msg_flags |= IPMI_BMC_MSG_FLAG_EVT_BUF_FULL;
+ k->set_atn(s, 1, attn_irq_enabled(ibs));
+}
+
+static void sensor_set_discrete_bit(IPMIBmcSim *ibs, unsigned int sensor,
+ unsigned int bit, unsigned int val,
+ uint8_t evd1, uint8_t evd2, uint8_t evd3)
+{
+ IPMISensor *sens;
+ uint16_t mask;
+
+ if (sensor >= MAX_SENSORS) {
+ return;
+ }
+ if (bit >= 16) {
+ return;
+ }
+
+ mask = (1 << bit);
+ sens = ibs->sensors + sensor;
+ if (val) {
+ sens->states |= mask & sens->states_suppt;
+ if (sens->assert_states & mask) {
+ return; /* Already asserted */
+ }
+ sens->assert_states |= mask & sens->assert_suppt;
+ if (sens->assert_enable & mask & sens->assert_states) {
+ /* Send an event on assert */
+ gen_event(ibs, sensor, 0, evd1, evd2, evd3);
+ }
+ } else {
+ sens->states &= ~(mask & sens->states_suppt);
+ if (sens->deassert_states & mask) {
+ return; /* Already deasserted */
+ }
+ sens->deassert_states |= mask & sens->deassert_suppt;
+ if (sens->deassert_enable & mask & sens->deassert_states) {
+ /* Send an event on deassert */
+ gen_event(ibs, sensor, 1, evd1, evd2, evd3);
+ }
+ }
+}
+
+static void ipmi_init_sensors_from_sdrs(IPMIBmcSim *s)
+{
+ unsigned int i, pos;
+ IPMISensor *sens;
+
+ for (i = 0; i < MAX_SENSORS; i++) {
+ memset(s->sensors + i, 0, sizeof(*sens));
+ }
+
+ pos = 0;
+ for (i = 0; !sdr_find_entry(&s->sdr, i, &pos, NULL); i++) {
+ struct ipmi_sdr_compact *sdr =
+ (struct ipmi_sdr_compact *) &s->sdr.sdr[pos];
+ unsigned int len = sdr->header.rec_length;
+
+ if (len < 20) {
+ continue;
+ }
+ if (sdr->header.rec_type != IPMI_SDR_COMPACT_TYPE) {
+ continue; /* Not a sensor SDR we set from */
+ }
+
+ if (sdr->sensor_owner_number >= MAX_SENSORS) {
+ continue;
+ }
+ sens = s->sensors + sdr->sensor_owner_number;
+
+ IPMI_SENSOR_SET_PRESENT(sens, 1);
+ IPMI_SENSOR_SET_SCAN_ON(sens, (sdr->sensor_init >> 6) & 1);
+ IPMI_SENSOR_SET_EVENTS_ON(sens, (sdr->sensor_init >> 5) & 1);
+ sens->assert_suppt = sdr->assert_mask[0] | (sdr->assert_mask[1] << 8);
+ sens->deassert_suppt =
+ sdr->deassert_mask[0] | (sdr->deassert_mask[1] << 8);
+ sens->states_suppt =
+ sdr->discrete_mask[0] | (sdr->discrete_mask[1] << 8);
+ sens->sensor_type = sdr->sensor_type;
+ sens->evt_reading_type_code = sdr->reading_type & 0x7f;
+
+ /* Enable all the events that are supported. */
+ sens->assert_enable = sens->assert_suppt;
+ sens->deassert_enable = sens->deassert_suppt;
+ }
+}
+
+int ipmi_sim_register_netfn(IPMIBmcSim *s, unsigned int netfn,
+ const IPMINetfn *netfnd)
+{
+ if ((netfn & 1) || (netfn >= MAX_NETFNS) || (s->netfns[netfn / 2])) {
+ return -1;
+ }
+ s->netfns[netfn / 2] = netfnd;
+ return 0;
+}
+
+static const IPMICmdHandler *ipmi_get_handler(IPMIBmcSim *ibs,
+ unsigned int netfn,
+ unsigned int cmd)
+{
+ const IPMICmdHandler *hdl;
+
+ if (netfn & 1 || netfn >= MAX_NETFNS || !ibs->netfns[netfn / 2]) {
+ return NULL;
+ }
+
+ if (cmd >= ibs->netfns[netfn / 2]->cmd_nums) {
+ return NULL;
+ }
+
+ hdl = &ibs->netfns[netfn / 2]->cmd_handlers[cmd];
+ if (!hdl->cmd_handler) {
+ return NULL;
+ }
+
+ return hdl;
+}
+
+static void next_timeout(IPMIBmcSim *ibs)
+{
+ int64_t next;
+ if (ibs->watchdog_running) {
+ next = ibs->watchdog_expiry;
+ } else {
+ /* Wait a minute */
+ next = ipmi_getmonotime() + 60 * 1000000000LL;
+ }
+ timer_mod_ns(ibs->timer, next);
+}
+
+static void ipmi_sim_handle_command(IPMIBmc *b,
+ uint8_t *cmd, unsigned int cmd_len,
+ unsigned int max_cmd_len,
+ uint8_t msg_id)
+{
+ IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b);
+ IPMIInterface *s = ibs->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+ const IPMICmdHandler *hdl;
+ RspBuffer rsp = RSP_BUFFER_INITIALIZER;
+
+ /* Set up the response, set the low bit of NETFN. */
+ /* Note that max_rsp_len must be at least 3 */
+ if (sizeof(rsp.buffer) < 3) {
+ rsp_buffer_set_error(&rsp, IPMI_CC_REQUEST_DATA_TRUNCATED);
+ goto out;
+ }
+
+ rsp_buffer_push(&rsp, cmd[0] | 0x04);
+ rsp_buffer_push(&rsp, cmd[1]);
+ rsp_buffer_push(&rsp, 0); /* Assume success */
+
+ /* If it's too short or it was truncated, return an error. */
+ if (cmd_len < 2) {
+ rsp_buffer_set_error(&rsp, IPMI_CC_REQUEST_DATA_LENGTH_INVALID);
+ goto out;
+ }
+ if (cmd_len > max_cmd_len) {
+ rsp_buffer_set_error(&rsp, IPMI_CC_REQUEST_DATA_TRUNCATED);
+ goto out;
+ }
+
+ if ((cmd[0] & 0x03) != 0) {
+ /* Only have stuff on LUN 0 */
+ rsp_buffer_set_error(&rsp, IPMI_CC_COMMAND_INVALID_FOR_LUN);
+ goto out;
+ }
+
+ hdl = ipmi_get_handler(ibs, cmd[0] >> 2, cmd[1]);
+ if (!hdl) {
+ rsp_buffer_set_error(&rsp, IPMI_CC_INVALID_CMD);
+ goto out;
+ }
+
+ if (cmd_len < hdl->cmd_len_min) {
+ rsp_buffer_set_error(&rsp, IPMI_CC_REQUEST_DATA_LENGTH_INVALID);
+ goto out;
+ }
+
+ hdl->cmd_handler(ibs, cmd, cmd_len, &rsp);
+
+ out:
+ k->handle_rsp(s, msg_id, rsp.buffer, rsp.len);
+
+ next_timeout(ibs);
+}
+
+static void ipmi_sim_handle_timeout(IPMIBmcSim *ibs)
+{
+ IPMIInterface *s = ibs->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+
+ if (!ibs->watchdog_running) {
+ goto out;
+ }
+
+ if (!ibs->watchdog_preaction_ran) {
+ switch (IPMI_BMC_WATCHDOG_GET_PRE_ACTION(ibs)) {
+ case IPMI_BMC_WATCHDOG_PRE_NMI:
+ ibs->msg_flags |= IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK;
+ k->do_hw_op(s, IPMI_SEND_NMI, 0);
+ sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 8, 1,
+ 0xc8, (2 << 4) | 0xf, 0xff);
+ break;
+
+ case IPMI_BMC_WATCHDOG_PRE_MSG_INT:
+ ibs->msg_flags |= IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK;
+ k->set_atn(s, 1, attn_irq_enabled(ibs));
+ sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 8, 1,
+ 0xc8, (3 << 4) | 0xf, 0xff);
+ break;
+
+ default:
+ goto do_full_expiry;
+ }
+
+ ibs->watchdog_preaction_ran = 1;
+ /* Issued the pretimeout, do the rest of the timeout now. */
+ ibs->watchdog_expiry = ipmi_getmonotime();
+ ibs->watchdog_expiry += ibs->watchdog_pretimeout * 1000000000LL;
+ goto out;
+ }
+
+ do_full_expiry:
+ ibs->watchdog_running = 0; /* Stop the watchdog on a timeout */
+ ibs->watchdog_expired |= (1 << IPMI_BMC_WATCHDOG_GET_USE(ibs));
+ switch (IPMI_BMC_WATCHDOG_GET_ACTION(ibs)) {
+ case IPMI_BMC_WATCHDOG_ACTION_NONE:
+ sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 0, 1,
+ 0xc0, ibs->watchdog_use & 0xf, 0xff);
+ break;
+
+ case IPMI_BMC_WATCHDOG_ACTION_RESET:
+ sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 1, 1,
+ 0xc1, ibs->watchdog_use & 0xf, 0xff);
+ k->do_hw_op(s, IPMI_RESET_CHASSIS, 0);
+ break;
+
+ case IPMI_BMC_WATCHDOG_ACTION_POWER_DOWN:
+ sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 2, 1,
+ 0xc2, ibs->watchdog_use & 0xf, 0xff);
+ k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0);
+ break;
+
+ case IPMI_BMC_WATCHDOG_ACTION_POWER_CYCLE:
+ sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 2, 1,
+ 0xc3, ibs->watchdog_use & 0xf, 0xff);
+ k->do_hw_op(s, IPMI_POWERCYCLE_CHASSIS, 0);
+ break;
+ }
+
+ out:
+ next_timeout(ibs);
+}
+
+static void chassis_capabilities(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ rsp_buffer_push(rsp, 0);
+ rsp_buffer_push(rsp, ibs->parent.slave_addr);
+ rsp_buffer_push(rsp, ibs->parent.slave_addr);
+ rsp_buffer_push(rsp, ibs->parent.slave_addr);
+ rsp_buffer_push(rsp, ibs->parent.slave_addr);
+}
+
+static void chassis_status(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ rsp_buffer_push(rsp, 0x61); /* Unknown power restore, power is on */
+ rsp_buffer_push(rsp, 0);
+ rsp_buffer_push(rsp, 0);
+ rsp_buffer_push(rsp, 0);
+}
+
+static void chassis_control(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMIInterface *s = ibs->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+
+ switch (cmd[2] & 0xf) {
+ case 0: /* power down */
+ rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0));
+ break;
+ case 1: /* power up */
+ rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWERON_CHASSIS, 0));
+ break;
+ case 2: /* power cycle */
+ rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWERCYCLE_CHASSIS, 0));
+ break;
+ case 3: /* hard reset */
+ rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_RESET_CHASSIS, 0));
+ break;
+ case 4: /* pulse diagnostic interrupt */
+ rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_PULSE_DIAG_IRQ, 0));
+ break;
+ case 5: /* soft shutdown via ACPI by overtemp emulation */
+ rsp_buffer_set_error(rsp, k->do_hw_op(s,
+ IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 0));
+ break;
+ default:
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+}
+
+static void chassis_get_sys_restart_cause(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+
+{
+ rsp_buffer_push(rsp, ibs->restart_cause & 0xf); /* Restart Cause */
+ rsp_buffer_push(rsp, 0); /* Channel 0 */
+}
+
+static void get_device_id(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ rsp_buffer_push(rsp, ibs->device_id);
+ rsp_buffer_push(rsp, ibs->device_rev & 0xf);
+ rsp_buffer_push(rsp, ibs->fwrev1 & 0x7f);
+ rsp_buffer_push(rsp, ibs->fwrev2);
+ rsp_buffer_push(rsp, ibs->ipmi_version);
+ rsp_buffer_push(rsp, 0x07); /* sensor, SDR, and SEL. */
+ rsp_buffer_push(rsp, ibs->mfg_id & 0xff);
+ rsp_buffer_push(rsp, (ibs->mfg_id >> 8) & 0xff);
+ rsp_buffer_push(rsp, (ibs->mfg_id >> 16) & 0xff);
+ rsp_buffer_push(rsp, ibs->product_id & 0xff);
+ rsp_buffer_push(rsp, (ibs->product_id >> 8) & 0xff);
+}
+
+static void set_global_enables(IPMIBmcSim *ibs, uint8_t val)
+{
+ IPMIInterface *s = ibs->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+ bool irqs_on;
+
+ ibs->bmc_global_enables = val;
+
+ irqs_on = val & (IPMI_BMC_EVBUF_FULL_INT_BIT |
+ IPMI_BMC_RCV_MSG_QUEUE_INT_BIT);
+
+ k->set_irq_enable(s, irqs_on);
+}
+
+static void cold_reset(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMIInterface *s = ibs->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+
+ /* Disable all interrupts */
+ set_global_enables(ibs, 1 << IPMI_BMC_EVENT_LOG_BIT);
+
+ if (k->reset) {
+ k->reset(s, true);
+ }
+}
+
+static void warm_reset(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMIInterface *s = ibs->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+
+ if (k->reset) {
+ k->reset(s, false);
+ }
+}
+static void set_acpi_power_state(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ ibs->acpi_power_state[0] = cmd[2];
+ ibs->acpi_power_state[1] = cmd[3];
+}
+
+static void get_acpi_power_state(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ rsp_buffer_push(rsp, ibs->acpi_power_state[0]);
+ rsp_buffer_push(rsp, ibs->acpi_power_state[1]);
+}
+
+static void get_device_guid(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ unsigned int i;
+
+ /* An uninitialized uuid is all zeros, use that to know if it is set. */
+ for (i = 0; i < 16; i++) {
+ if (ibs->uuid.data[i]) {
+ goto uuid_set;
+ }
+ }
+ /* No uuid is set, return an error. */
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_CMD);
+ return;
+
+ uuid_set:
+ for (i = 0; i < 16; i++) {
+ rsp_buffer_push(rsp, ibs->uuid.data[i]);
+ }
+}
+
+static void set_bmc_global_enables(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ set_global_enables(ibs, cmd[2]);
+}
+
+static void get_bmc_global_enables(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ rsp_buffer_push(rsp, ibs->bmc_global_enables);
+}
+
+static void clr_msg_flags(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMIInterface *s = ibs->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+
+ ibs->msg_flags &= ~cmd[2];
+ k->set_atn(s, attn_set(ibs), attn_irq_enabled(ibs));
+}
+
+static void get_msg_flags(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ rsp_buffer_push(rsp, ibs->msg_flags);
+}
+
+static void read_evt_msg_buf(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMIInterface *s = ibs->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+ unsigned int i;
+
+ if (!(ibs->msg_flags & IPMI_BMC_MSG_FLAG_EVT_BUF_FULL)) {
+ rsp_buffer_set_error(rsp, 0x80);
+ return;
+ }
+ for (i = 0; i < 16; i++) {
+ rsp_buffer_push(rsp, ibs->evtbuf[i]);
+ }
+ ibs->msg_flags &= ~IPMI_BMC_MSG_FLAG_EVT_BUF_FULL;
+ k->set_atn(s, attn_set(ibs), attn_irq_enabled(ibs));
+}
+
+static void get_msg(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMIRcvBufEntry *msg;
+
+ if (QTAILQ_EMPTY(&ibs->rcvbufs)) {
+ rsp_buffer_set_error(rsp, 0x80); /* Queue empty */
+ goto out;
+ }
+ rsp_buffer_push(rsp, 0); /* Channel 0 */
+ msg = QTAILQ_FIRST(&ibs->rcvbufs);
+ rsp_buffer_pushmore(rsp, msg->buf, msg->len);
+ QTAILQ_REMOVE(&ibs->rcvbufs, msg, entry);
+ g_free(msg);
+
+ if (QTAILQ_EMPTY(&ibs->rcvbufs)) {
+ IPMIInterface *s = ibs->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+
+ ibs->msg_flags &= ~IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE;
+ k->set_atn(s, attn_set(ibs), attn_irq_enabled(ibs));
+ }
+
+out:
+ return;
+}
+
+static unsigned char
+ipmb_checksum(unsigned char *data, int size, unsigned char csum)
+{
+ for (; size > 0; size--, data++) {
+ csum += *data;
+ }
+
+ return -csum;
+}
+
+static void send_msg(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMIInterface *s = ibs->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+ IPMIRcvBufEntry *msg;
+ uint8_t *buf;
+ uint8_t netfn, rqLun, rsLun, rqSeq;
+
+ if (cmd[2] != 0) {
+ /* We only handle channel 0 with no options */
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+
+ if (cmd_len < 10) {
+ rsp_buffer_set_error(rsp, IPMI_CC_REQUEST_DATA_LENGTH_INVALID);
+ return;
+ }
+
+ if (cmd[3] != 0x40) {
+ /* We only emulate a MC at address 0x40. */
+ rsp_buffer_set_error(rsp, 0x83); /* NAK on write */
+ return;
+ }
+
+ cmd += 3; /* Skip the header. */
+ cmd_len -= 3;
+
+ /*
+ * At this point we "send" the message successfully. Any error will
+ * be returned in the response.
+ */
+ if (ipmb_checksum(cmd, cmd_len, 0) != 0 ||
+ cmd[3] != 0x20) { /* Improper response address */
+ return; /* No response */
+ }
+
+ netfn = cmd[1] >> 2;
+ rqLun = cmd[4] & 0x3;
+ rsLun = cmd[1] & 0x3;
+ rqSeq = cmd[4] >> 2;
+
+ if (rqLun != 2) {
+ /* We only support LUN 2 coming back to us. */
+ return;
+ }
+
+ msg = g_malloc(sizeof(*msg));
+ msg->buf[0] = ((netfn | 1) << 2) | rqLun; /* NetFN, and make a response */
+ msg->buf[1] = ipmb_checksum(msg->buf, 1, 0);
+ msg->buf[2] = cmd[0]; /* rsSA */
+ msg->buf[3] = (rqSeq << 2) | rsLun;
+ msg->buf[4] = cmd[5]; /* Cmd */
+ msg->buf[5] = 0; /* Completion Code */
+ msg->len = 6;
+
+ if ((cmd[1] >> 2) != IPMI_NETFN_APP || cmd[5] != IPMI_CMD_GET_DEVICE_ID) {
+ /* Not a command we handle. */
+ msg->buf[5] = IPMI_CC_INVALID_CMD;
+ goto end_msg;
+ }
+
+ buf = msg->buf + msg->len; /* After the CC */
+ buf[0] = 0;
+ buf[1] = 0;
+ buf[2] = 0;
+ buf[3] = 0;
+ buf[4] = 0x51;
+ buf[5] = 0;
+ buf[6] = 0;
+ buf[7] = 0;
+ buf[8] = 0;
+ buf[9] = 0;
+ buf[10] = 0;
+ msg->len += 11;
+
+ end_msg:
+ msg->buf[msg->len] = ipmb_checksum(msg->buf, msg->len, 0);
+ msg->len++;
+ QTAILQ_INSERT_TAIL(&ibs->rcvbufs, msg, entry);
+ ibs->msg_flags |= IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE;
+ k->set_atn(s, 1, attn_irq_enabled(ibs));
+}
+
+static void do_watchdog_reset(IPMIBmcSim *ibs)
+{
+ if (IPMI_BMC_WATCHDOG_GET_ACTION(ibs) ==
+ IPMI_BMC_WATCHDOG_ACTION_NONE) {
+ ibs->watchdog_running = 0;
+ return;
+ }
+ ibs->watchdog_preaction_ran = 0;
+
+
+ /* Timeout is in tenths of a second, offset is in seconds */
+ ibs->watchdog_expiry = ipmi_getmonotime();
+ ibs->watchdog_expiry += ibs->watchdog_timeout * 100000000LL;
+ if (IPMI_BMC_WATCHDOG_GET_PRE_ACTION(ibs) != IPMI_BMC_WATCHDOG_PRE_NONE) {
+ ibs->watchdog_expiry -= ibs->watchdog_pretimeout * 1000000000LL;
+ }
+ ibs->watchdog_running = 1;
+}
+
+static void reset_watchdog_timer(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ if (!ibs->watchdog_initialized) {
+ rsp_buffer_set_error(rsp, 0x80);
+ return;
+ }
+ do_watchdog_reset(ibs);
+}
+
+static void set_watchdog_timer(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMIInterface *s = ibs->parent.intf;
+ IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s);
+ unsigned int val;
+
+ val = cmd[2] & 0x7; /* Validate use */
+ if (val == 0 || val > 5) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+ val = cmd[3] & 0x7; /* Validate action */
+ switch (val) {
+ case IPMI_BMC_WATCHDOG_ACTION_NONE:
+ break;
+
+ case IPMI_BMC_WATCHDOG_ACTION_RESET:
+ rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_RESET_CHASSIS, 1));
+ break;
+
+ case IPMI_BMC_WATCHDOG_ACTION_POWER_DOWN:
+ rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 1));
+ break;
+
+ case IPMI_BMC_WATCHDOG_ACTION_POWER_CYCLE:
+ rsp_buffer_set_error(rsp, k->do_hw_op(s, IPMI_POWERCYCLE_CHASSIS, 1));
+ break;
+
+ default:
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ }
+ if (rsp->buffer[2]) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+
+ val = (cmd[3] >> 4) & 0x7; /* Validate preaction */
+ switch (val) {
+ case IPMI_BMC_WATCHDOG_PRE_MSG_INT:
+ case IPMI_BMC_WATCHDOG_PRE_NONE:
+ break;
+
+ case IPMI_BMC_WATCHDOG_PRE_NMI:
+ if (k->do_hw_op(s, IPMI_SEND_NMI, 1)) {
+ /* NMI not supported. */
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+ break;
+
+ default:
+ /* We don't support PRE_SMI */
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+
+ ibs->watchdog_initialized = 1;
+ ibs->watchdog_use = cmd[2] & IPMI_BMC_WATCHDOG_USE_MASK;
+ ibs->watchdog_action = cmd[3] & IPMI_BMC_WATCHDOG_ACTION_MASK;
+ ibs->watchdog_pretimeout = cmd[4];
+ ibs->watchdog_expired &= ~cmd[5];
+ ibs->watchdog_timeout = cmd[6] | (((uint16_t) cmd[7]) << 8);
+ if (ibs->watchdog_running & IPMI_BMC_WATCHDOG_GET_DONT_STOP(ibs)) {
+ do_watchdog_reset(ibs);
+ } else {
+ ibs->watchdog_running = 0;
+ }
+}
+
+static void get_watchdog_timer(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ rsp_buffer_push(rsp, ibs->watchdog_use);
+ rsp_buffer_push(rsp, ibs->watchdog_action);
+ rsp_buffer_push(rsp, ibs->watchdog_pretimeout);
+ rsp_buffer_push(rsp, ibs->watchdog_expired);
+ rsp_buffer_push(rsp, ibs->watchdog_timeout & 0xff);
+ rsp_buffer_push(rsp, (ibs->watchdog_timeout >> 8) & 0xff);
+ if (ibs->watchdog_running) {
+ long timeout;
+ timeout = ((ibs->watchdog_expiry - ipmi_getmonotime() + 50000000)
+ / 100000000);
+ rsp_buffer_push(rsp, timeout & 0xff);
+ rsp_buffer_push(rsp, (timeout >> 8) & 0xff);
+ } else {
+ rsp_buffer_push(rsp, 0);
+ rsp_buffer_push(rsp, 0);
+ }
+}
+
+static void get_sdr_rep_info(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ unsigned int i;
+
+ rsp_buffer_push(rsp, 0x51); /* Conform to IPMI 1.5 spec */
+ rsp_buffer_push(rsp, ibs->sdr.next_rec_id & 0xff);
+ rsp_buffer_push(rsp, (ibs->sdr.next_rec_id >> 8) & 0xff);
+ rsp_buffer_push(rsp, (MAX_SDR_SIZE - ibs->sdr.next_free) & 0xff);
+ rsp_buffer_push(rsp, ((MAX_SDR_SIZE - ibs->sdr.next_free) >> 8) & 0xff);
+ for (i = 0; i < 4; i++) {
+ rsp_buffer_push(rsp, ibs->sdr.last_addition[i]);
+ }
+ for (i = 0; i < 4; i++) {
+ rsp_buffer_push(rsp, ibs->sdr.last_clear[i]);
+ }
+ /* Only modal support, reserve supported */
+ rsp_buffer_push(rsp, (ibs->sdr.overflow << 7) | 0x22);
+}
+
+static void reserve_sdr_rep(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ rsp_buffer_push(rsp, ibs->sdr.reservation & 0xff);
+ rsp_buffer_push(rsp, (ibs->sdr.reservation >> 8) & 0xff);
+}
+
+static void get_sdr(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ unsigned int pos;
+ uint16_t nextrec;
+ struct ipmi_sdr_header *sdrh;
+
+ if (cmd[6]) {
+ if ((cmd[2] | (cmd[3] << 8)) != ibs->sdr.reservation) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_RESERVATION);
+ return;
+ }
+ }
+
+ pos = 0;
+ if (sdr_find_entry(&ibs->sdr, cmd[4] | (cmd[5] << 8),
+ &pos, &nextrec)) {
+ rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
+ return;
+ }
+
+ sdrh = (struct ipmi_sdr_header *) &ibs->sdr.sdr[pos];
+
+ if (cmd[6] > ipmi_sdr_length(sdrh)) {
+ rsp_buffer_set_error(rsp, IPMI_CC_PARM_OUT_OF_RANGE);
+ return;
+ }
+
+ rsp_buffer_push(rsp, nextrec & 0xff);
+ rsp_buffer_push(rsp, (nextrec >> 8) & 0xff);
+
+ if (cmd[7] == 0xff) {
+ cmd[7] = ipmi_sdr_length(sdrh) - cmd[6];
+ }
+
+ if ((cmd[7] + rsp->len) > sizeof(rsp->buffer)) {
+ rsp_buffer_set_error(rsp, IPMI_CC_CANNOT_RETURN_REQ_NUM_BYTES);
+ return;
+ }
+
+ rsp_buffer_pushmore(rsp, ibs->sdr.sdr + pos + cmd[6], cmd[7]);
+}
+
+static void add_sdr(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ uint16_t recid;
+ struct ipmi_sdr_header *sdrh = (struct ipmi_sdr_header *) cmd + 2;
+
+ if (sdr_add_entry(ibs, sdrh, cmd_len - 2, &recid)) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+ rsp_buffer_push(rsp, recid & 0xff);
+ rsp_buffer_push(rsp, (recid >> 8) & 0xff);
+}
+
+static void clear_sdr_rep(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ if ((cmd[2] | (cmd[3] << 8)) != ibs->sdr.reservation) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_RESERVATION);
+ return;
+ }
+
+ if (cmd[4] != 'C' || cmd[5] != 'L' || cmd[6] != 'R') {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+ if (cmd[7] == 0xaa) {
+ ibs->sdr.next_free = 0;
+ ibs->sdr.overflow = 0;
+ set_timestamp(ibs, ibs->sdr.last_clear);
+ rsp_buffer_push(rsp, 1); /* Erasure complete */
+ sdr_inc_reservation(&ibs->sdr);
+ } else if (cmd[7] == 0) {
+ rsp_buffer_push(rsp, 1); /* Erasure complete */
+ } else {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+}
+
+static void get_sel_info(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ unsigned int i, val;
+
+ rsp_buffer_push(rsp, 0x51); /* Conform to IPMI 1.5 */
+ rsp_buffer_push(rsp, ibs->sel.next_free & 0xff);
+ rsp_buffer_push(rsp, (ibs->sel.next_free >> 8) & 0xff);
+ val = (MAX_SEL_SIZE - ibs->sel.next_free) * 16;
+ rsp_buffer_push(rsp, val & 0xff);
+ rsp_buffer_push(rsp, (val >> 8) & 0xff);
+ for (i = 0; i < 4; i++) {
+ rsp_buffer_push(rsp, ibs->sel.last_addition[i]);
+ }
+ for (i = 0; i < 4; i++) {
+ rsp_buffer_push(rsp, ibs->sel.last_clear[i]);
+ }
+ /* Only support Reserve SEL */
+ rsp_buffer_push(rsp, (ibs->sel.overflow << 7) | 0x02);
+}
+
+static void get_fru_area_info(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ uint8_t fruid;
+ uint16_t fru_entry_size;
+
+ fruid = cmd[2];
+
+ if (fruid >= ibs->fru.nentries) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+
+ fru_entry_size = ibs->fru.areasize;
+
+ rsp_buffer_push(rsp, fru_entry_size & 0xff);
+ rsp_buffer_push(rsp, fru_entry_size >> 8 & 0xff);
+ rsp_buffer_push(rsp, 0x0);
+}
+
+static void read_fru_data(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ uint8_t fruid;
+ uint16_t offset;
+ int i;
+ uint8_t *fru_entry;
+ unsigned int count;
+
+ fruid = cmd[2];
+ offset = (cmd[3] | cmd[4] << 8);
+
+ if (fruid >= ibs->fru.nentries) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+
+ if (offset >= ibs->fru.areasize - 1) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+
+ fru_entry = &ibs->fru.data[fruid * ibs->fru.areasize];
+
+ count = MIN(cmd[5], ibs->fru.areasize - offset);
+
+ rsp_buffer_push(rsp, count & 0xff);
+ for (i = 0; i < count; i++) {
+ rsp_buffer_push(rsp, fru_entry[offset + i]);
+ }
+}
+
+static void write_fru_data(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ uint8_t fruid;
+ uint16_t offset;
+ uint8_t *fru_entry;
+ unsigned int count;
+
+ fruid = cmd[2];
+ offset = (cmd[3] | cmd[4] << 8);
+
+ if (fruid >= ibs->fru.nentries) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+
+ if (offset >= ibs->fru.areasize - 1) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+
+ fru_entry = &ibs->fru.data[fruid * ibs->fru.areasize];
+
+ count = MIN(cmd_len - 5, ibs->fru.areasize - offset);
+
+ memcpy(fru_entry + offset, cmd + 5, count);
+
+ rsp_buffer_push(rsp, count & 0xff);
+}
+
+static void reserve_sel(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ rsp_buffer_push(rsp, ibs->sel.reservation & 0xff);
+ rsp_buffer_push(rsp, (ibs->sel.reservation >> 8) & 0xff);
+}
+
+static void get_sel_entry(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ unsigned int val;
+
+ if (cmd[6]) {
+ if ((cmd[2] | (cmd[3] << 8)) != ibs->sel.reservation) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_RESERVATION);
+ return;
+ }
+ }
+ if (ibs->sel.next_free == 0) {
+ rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
+ return;
+ }
+ if (cmd[6] > 15) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+ if (cmd[7] == 0xff) {
+ cmd[7] = 16;
+ } else if ((cmd[7] + cmd[6]) > 16) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ } else {
+ cmd[7] += cmd[6];
+ }
+
+ val = cmd[4] | (cmd[5] << 8);
+ if (val == 0xffff) {
+ val = ibs->sel.next_free - 1;
+ } else if (val >= ibs->sel.next_free) {
+ rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
+ return;
+ }
+ if ((val + 1) == ibs->sel.next_free) {
+ rsp_buffer_push(rsp, 0xff);
+ rsp_buffer_push(rsp, 0xff);
+ } else {
+ rsp_buffer_push(rsp, (val + 1) & 0xff);
+ rsp_buffer_push(rsp, ((val + 1) >> 8) & 0xff);
+ }
+ for (; cmd[6] < cmd[7]; cmd[6]++) {
+ rsp_buffer_push(rsp, ibs->sel.sel[val][cmd[6]]);
+ }
+}
+
+static void add_sel_entry(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ if (sel_add_event(ibs, cmd + 2)) {
+ rsp_buffer_set_error(rsp, IPMI_CC_OUT_OF_SPACE);
+ return;
+ }
+ /* sel_add_event fills in the record number. */
+ rsp_buffer_push(rsp, cmd[2]);
+ rsp_buffer_push(rsp, cmd[3]);
+}
+
+static void clear_sel(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ if ((cmd[2] | (cmd[3] << 8)) != ibs->sel.reservation) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_RESERVATION);
+ return;
+ }
+
+ if (cmd[4] != 'C' || cmd[5] != 'L' || cmd[6] != 'R') {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+ if (cmd[7] == 0xaa) {
+ ibs->sel.next_free = 0;
+ ibs->sel.overflow = 0;
+ set_timestamp(ibs, ibs->sdr.last_clear);
+ rsp_buffer_push(rsp, 1); /* Erasure complete */
+ sel_inc_reservation(&ibs->sel);
+ } else if (cmd[7] == 0) {
+ rsp_buffer_push(rsp, 1); /* Erasure complete */
+ } else {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+}
+
+static void get_sel_time(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ uint32_t val;
+ struct ipmi_time now;
+
+ ipmi_gettime(&now);
+ val = now.tv_sec + ibs->sel.time_offset;
+ rsp_buffer_push(rsp, val & 0xff);
+ rsp_buffer_push(rsp, (val >> 8) & 0xff);
+ rsp_buffer_push(rsp, (val >> 16) & 0xff);
+ rsp_buffer_push(rsp, (val >> 24) & 0xff);
+}
+
+static void set_sel_time(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ uint32_t val;
+ struct ipmi_time now;
+
+ val = cmd[2] | (cmd[3] << 8) | (cmd[4] << 16) | (cmd[5] << 24);
+ ipmi_gettime(&now);
+ ibs->sel.time_offset = now.tv_sec - ((long) val);
+}
+
+static void platform_event_msg(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ uint8_t event[16];
+
+ event[2] = 2; /* System event record */
+ event[7] = cmd[2]; /* Generator ID */
+ event[8] = 0;
+ event[9] = cmd[3]; /* EvMRev */
+ event[10] = cmd[4]; /* Sensor type */
+ event[11] = cmd[5]; /* Sensor number */
+ event[12] = cmd[6]; /* Event dir / Event type */
+ event[13] = cmd[7]; /* Event data 1 */
+ event[14] = cmd[8]; /* Event data 2 */
+ event[15] = cmd[9]; /* Event data 3 */
+
+ if (sel_add_event(ibs, event)) {
+ rsp_buffer_set_error(rsp, IPMI_CC_OUT_OF_SPACE);
+ }
+}
+
+static void set_sensor_evt_enable(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMISensor *sens;
+
+ if ((cmd[2] >= MAX_SENSORS) ||
+ !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
+ rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
+ return;
+ }
+ sens = ibs->sensors + cmd[2];
+ switch ((cmd[3] >> 4) & 0x3) {
+ case 0: /* Do not change */
+ break;
+ case 1: /* Enable bits */
+ if (cmd_len > 4) {
+ sens->assert_enable |= cmd[4];
+ }
+ if (cmd_len > 5) {
+ sens->assert_enable |= cmd[5] << 8;
+ }
+ if (cmd_len > 6) {
+ sens->deassert_enable |= cmd[6];
+ }
+ if (cmd_len > 7) {
+ sens->deassert_enable |= cmd[7] << 8;
+ }
+ break;
+ case 2: /* Disable bits */
+ if (cmd_len > 4) {
+ sens->assert_enable &= ~cmd[4];
+ }
+ if (cmd_len > 5) {
+ sens->assert_enable &= ~(cmd[5] << 8);
+ }
+ if (cmd_len > 6) {
+ sens->deassert_enable &= ~cmd[6];
+ }
+ if (cmd_len > 7) {
+ sens->deassert_enable &= ~(cmd[7] << 8);
+ }
+ break;
+ case 3:
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+ IPMI_SENSOR_SET_RET_STATUS(sens, cmd[3]);
+}
+
+static void get_sensor_evt_enable(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMISensor *sens;
+
+ if ((cmd[2] >= MAX_SENSORS) ||
+ !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
+ rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
+ return;
+ }
+ sens = ibs->sensors + cmd[2];
+ rsp_buffer_push(rsp, IPMI_SENSOR_GET_RET_STATUS(sens));
+ rsp_buffer_push(rsp, sens->assert_enable & 0xff);
+ rsp_buffer_push(rsp, (sens->assert_enable >> 8) & 0xff);
+ rsp_buffer_push(rsp, sens->deassert_enable & 0xff);
+ rsp_buffer_push(rsp, (sens->deassert_enable >> 8) & 0xff);
+}
+
+static void rearm_sensor_evts(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMISensor *sens;
+
+ if ((cmd[2] >= MAX_SENSORS) ||
+ !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
+ rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
+ return;
+ }
+ sens = ibs->sensors + cmd[2];
+
+ if ((cmd[3] & 0x80) == 0) {
+ /* Just clear everything */
+ sens->states = 0;
+ return;
+ }
+}
+
+static void get_sensor_evt_status(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMISensor *sens;
+
+ if ((cmd[2] >= MAX_SENSORS) ||
+ !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
+ rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
+ return;
+ }
+ sens = ibs->sensors + cmd[2];
+ rsp_buffer_push(rsp, sens->reading);
+ rsp_buffer_push(rsp, IPMI_SENSOR_GET_RET_STATUS(sens));
+ rsp_buffer_push(rsp, sens->assert_states & 0xff);
+ rsp_buffer_push(rsp, (sens->assert_states >> 8) & 0xff);
+ rsp_buffer_push(rsp, sens->deassert_states & 0xff);
+ rsp_buffer_push(rsp, (sens->deassert_states >> 8) & 0xff);
+}
+
+static void get_sensor_reading(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMISensor *sens;
+
+ if ((cmd[2] >= MAX_SENSORS) ||
+ !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
+ rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
+ return;
+ }
+ sens = ibs->sensors + cmd[2];
+ rsp_buffer_push(rsp, sens->reading);
+ rsp_buffer_push(rsp, IPMI_SENSOR_GET_RET_STATUS(sens));
+ rsp_buffer_push(rsp, sens->states & 0xff);
+ if (IPMI_SENSOR_IS_DISCRETE(sens)) {
+ rsp_buffer_push(rsp, (sens->states >> 8) & 0xff);
+ }
+}
+
+static void set_sensor_type(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMISensor *sens;
+
+
+ if ((cmd[2] >= MAX_SENSORS) ||
+ !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
+ rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
+ return;
+ }
+ sens = ibs->sensors + cmd[2];
+ sens->sensor_type = cmd[3];
+ sens->evt_reading_type_code = cmd[4] & 0x7f;
+}
+
+static void get_sensor_type(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMISensor *sens;
+
+
+ if ((cmd[2] >= MAX_SENSORS) ||
+ !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
+ rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
+ return;
+ }
+ sens = ibs->sensors + cmd[2];
+ rsp_buffer_push(rsp, sens->sensor_type);
+ rsp_buffer_push(rsp, sens->evt_reading_type_code);
+}
+
+/*
+ * bytes parameter
+ * 1 sensor number
+ * 2 operation (see below for bits meaning)
+ * 3 sensor reading
+ * 4:5 assertion states (optional)
+ * 6:7 deassertion states (optional)
+ * 8:10 event data 1,2,3 (optional)
+ */
+static void set_sensor_reading(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ RspBuffer *rsp)
+{
+ IPMISensor *sens;
+ uint8_t evd1 = 0;
+ uint8_t evd2 = 0;
+ uint8_t evd3 = 0;
+ uint8_t new_reading = 0;
+ uint16_t new_assert_states = 0;
+ uint16_t new_deassert_states = 0;
+ bool change_reading = false;
+ bool change_assert = false;
+ bool change_deassert = false;
+ enum {
+ SENSOR_GEN_EVENT_NONE,
+ SENSOR_GEN_EVENT_DATA,
+ SENSOR_GEN_EVENT_BMC,
+ } do_gen_event = SENSOR_GEN_EVENT_NONE;
+
+ if ((cmd[2] >= MAX_SENSORS) ||
+ !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
+ rsp_buffer_set_error(rsp, IPMI_CC_REQ_ENTRY_NOT_PRESENT);
+ return;
+ }
+
+ sens = ibs->sensors + cmd[2];
+
+ /* [1:0] Sensor Reading operation */
+ switch ((cmd[3]) & 0x3) {
+ case 0: /* Do not change */
+ break;
+ case 1: /* write given value to sensor reading byte */
+ new_reading = cmd[4];
+ if (sens->reading != new_reading) {
+ change_reading = true;
+ }
+ break;
+ case 2:
+ case 3:
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+
+ /* [3:2] Deassertion bits operation */
+ switch ((cmd[3] >> 2) & 0x3) {
+ case 0: /* Do not change */
+ break;
+ case 1: /* write given value */
+ if (cmd_len > 7) {
+ new_deassert_states = cmd[7];
+ change_deassert = true;
+ }
+ if (cmd_len > 8) {
+ new_deassert_states |= (cmd[8] << 8);
+ }
+ break;
+
+ case 2: /* mask on */
+ if (cmd_len > 7) {
+ new_deassert_states = (sens->deassert_states | cmd[7]);
+ change_deassert = true;
+ }
+ if (cmd_len > 8) {
+ new_deassert_states |= (sens->deassert_states | (cmd[8] << 8));
+ }
+ break;
+
+ case 3: /* mask off */
+ if (cmd_len > 7) {
+ new_deassert_states = (sens->deassert_states & cmd[7]);
+ change_deassert = true;
+ }
+ if (cmd_len > 8) {
+ new_deassert_states |= (sens->deassert_states & (cmd[8] << 8));
+ }
+ break;
+ }
+
+ if (change_deassert && (new_deassert_states == sens->deassert_states)) {
+ change_deassert = false;
+ }
+
+ /* [5:4] Assertion bits operation */
+ switch ((cmd[3] >> 4) & 0x3) {
+ case 0: /* Do not change */
+ break;
+ case 1: /* write given value */
+ if (cmd_len > 5) {
+ new_assert_states = cmd[5];
+ change_assert = true;
+ }
+ if (cmd_len > 6) {
+ new_assert_states |= (cmd[6] << 8);
+ }
+ break;
+
+ case 2: /* mask on */
+ if (cmd_len > 5) {
+ new_assert_states = (sens->assert_states | cmd[5]);
+ change_assert = true;
+ }
+ if (cmd_len > 6) {
+ new_assert_states |= (sens->assert_states | (cmd[6] << 8));
+ }
+ break;
+
+ case 3: /* mask off */
+ if (cmd_len > 5) {
+ new_assert_states = (sens->assert_states & cmd[5]);
+ change_assert = true;
+ }
+ if (cmd_len > 6) {
+ new_assert_states |= (sens->assert_states & (cmd[6] << 8));
+ }
+ break;
+ }
+
+ if (change_assert && (new_assert_states == sens->assert_states)) {
+ change_assert = false;
+ }
+
+ if (cmd_len > 9) {
+ evd1 = cmd[9];
+ }
+ if (cmd_len > 10) {
+ evd2 = cmd[10];
+ }
+ if (cmd_len > 11) {
+ evd3 = cmd[11];
+ }
+
+ /* [7:6] Event Data Bytes operation */
+ switch ((cmd[3] >> 6) & 0x3) {
+ case 0: /*
+ * Don’t use Event Data bytes from this command. BMC will
+ * generate it's own Event Data bytes based on its sensor
+ * implementation.
+ */
+ evd1 = evd2 = evd3 = 0x0;
+ do_gen_event = SENSOR_GEN_EVENT_BMC;
+ break;
+ case 1: /*
+ * Write given values to event data bytes including bits
+ * [3:0] Event Data 1.
+ */
+ do_gen_event = SENSOR_GEN_EVENT_DATA;
+ break;
+ case 2: /*
+ * Write given values to event data bytes excluding bits
+ * [3:0] Event Data 1.
+ */
+ evd1 &= 0xf0;
+ do_gen_event = SENSOR_GEN_EVENT_DATA;
+ break;
+ case 3:
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+
+ /*
+ * Event Data Bytes operation and parameter are inconsistent. The
+ * Specs are not clear on that topic but generating an error seems
+ * correct.
+ */
+ if (do_gen_event == SENSOR_GEN_EVENT_DATA && cmd_len < 10) {
+ rsp_buffer_set_error(rsp, IPMI_CC_INVALID_DATA_FIELD);
+ return;
+ }
+
+ /* commit values */
+ if (change_reading) {
+ sens->reading = new_reading;
+ }
+
+ if (change_assert) {
+ sens->assert_states = new_assert_states;
+ }
+
+ if (change_deassert) {
+ sens->deassert_states = new_deassert_states;
+ }
+
+ /* TODO: handle threshold sensor */
+ if (!IPMI_SENSOR_IS_DISCRETE(sens)) {
+ return;
+ }
+
+ switch (do_gen_event) {
+ case SENSOR_GEN_EVENT_DATA: {
+ unsigned int bit = evd1 & 0xf;
+ uint16_t mask = (1 << bit);
+
+ if (sens->assert_states & mask & sens->assert_enable) {
+ gen_event(ibs, cmd[2], 0, evd1, evd2, evd3);
+ }
+
+ if (sens->deassert_states & mask & sens->deassert_enable) {
+ gen_event(ibs, cmd[2], 1, evd1, evd2, evd3);
+ }
+ break;
+ }
+ case SENSOR_GEN_EVENT_BMC:
+ /*
+ * TODO: generate event and event data bytes depending on the
+ * sensor
+ */
+ break;
+ case SENSOR_GEN_EVENT_NONE:
+ break;
+ }
+}
+
+static const IPMICmdHandler chassis_cmds[] = {
+ [IPMI_CMD_GET_CHASSIS_CAPABILITIES] = { chassis_capabilities },
+ [IPMI_CMD_GET_CHASSIS_STATUS] = { chassis_status },
+ [IPMI_CMD_CHASSIS_CONTROL] = { chassis_control, 3 },
+ [IPMI_CMD_GET_SYS_RESTART_CAUSE] = { chassis_get_sys_restart_cause }
+};
+static const IPMINetfn chassis_netfn = {
+ .cmd_nums = ARRAY_SIZE(chassis_cmds),
+ .cmd_handlers = chassis_cmds
+};
+
+static const IPMICmdHandler sensor_event_cmds[] = {
+ [IPMI_CMD_PLATFORM_EVENT_MSG] = { platform_event_msg, 10 },
+ [IPMI_CMD_SET_SENSOR_EVT_ENABLE] = { set_sensor_evt_enable, 4 },
+ [IPMI_CMD_GET_SENSOR_EVT_ENABLE] = { get_sensor_evt_enable, 3 },
+ [IPMI_CMD_REARM_SENSOR_EVTS] = { rearm_sensor_evts, 4 },
+ [IPMI_CMD_GET_SENSOR_EVT_STATUS] = { get_sensor_evt_status, 3 },
+ [IPMI_CMD_GET_SENSOR_READING] = { get_sensor_reading, 3 },
+ [IPMI_CMD_SET_SENSOR_TYPE] = { set_sensor_type, 5 },
+ [IPMI_CMD_GET_SENSOR_TYPE] = { get_sensor_type, 3 },
+ [IPMI_CMD_SET_SENSOR_READING] = { set_sensor_reading, 5 },
+};
+static const IPMINetfn sensor_event_netfn = {
+ .cmd_nums = ARRAY_SIZE(sensor_event_cmds),
+ .cmd_handlers = sensor_event_cmds
+};
+
+static const IPMICmdHandler app_cmds[] = {
+ [IPMI_CMD_GET_DEVICE_ID] = { get_device_id },
+ [IPMI_CMD_COLD_RESET] = { cold_reset },
+ [IPMI_CMD_WARM_RESET] = { warm_reset },
+ [IPMI_CMD_SET_ACPI_POWER_STATE] = { set_acpi_power_state, 4 },
+ [IPMI_CMD_GET_ACPI_POWER_STATE] = { get_acpi_power_state },
+ [IPMI_CMD_GET_DEVICE_GUID] = { get_device_guid },
+ [IPMI_CMD_SET_BMC_GLOBAL_ENABLES] = { set_bmc_global_enables, 3 },
+ [IPMI_CMD_GET_BMC_GLOBAL_ENABLES] = { get_bmc_global_enables },
+ [IPMI_CMD_CLR_MSG_FLAGS] = { clr_msg_flags, 3 },
+ [IPMI_CMD_GET_MSG_FLAGS] = { get_msg_flags },
+ [IPMI_CMD_GET_MSG] = { get_msg },
+ [IPMI_CMD_SEND_MSG] = { send_msg, 3 },
+ [IPMI_CMD_READ_EVT_MSG_BUF] = { read_evt_msg_buf },
+ [IPMI_CMD_RESET_WATCHDOG_TIMER] = { reset_watchdog_timer },
+ [IPMI_CMD_SET_WATCHDOG_TIMER] = { set_watchdog_timer, 8 },
+ [IPMI_CMD_GET_WATCHDOG_TIMER] = { get_watchdog_timer },
+};
+static const IPMINetfn app_netfn = {
+ .cmd_nums = ARRAY_SIZE(app_cmds),
+ .cmd_handlers = app_cmds
+};
+
+static const IPMICmdHandler storage_cmds[] = {
+ [IPMI_CMD_GET_FRU_AREA_INFO] = { get_fru_area_info, 3 },
+ [IPMI_CMD_READ_FRU_DATA] = { read_fru_data, 5 },
+ [IPMI_CMD_WRITE_FRU_DATA] = { write_fru_data, 5 },
+ [IPMI_CMD_GET_SDR_REP_INFO] = { get_sdr_rep_info },
+ [IPMI_CMD_RESERVE_SDR_REP] = { reserve_sdr_rep },
+ [IPMI_CMD_GET_SDR] = { get_sdr, 8 },
+ [IPMI_CMD_ADD_SDR] = { add_sdr },
+ [IPMI_CMD_CLEAR_SDR_REP] = { clear_sdr_rep, 8 },
+ [IPMI_CMD_GET_SEL_INFO] = { get_sel_info },
+ [IPMI_CMD_RESERVE_SEL] = { reserve_sel },
+ [IPMI_CMD_GET_SEL_ENTRY] = { get_sel_entry, 8 },
+ [IPMI_CMD_ADD_SEL_ENTRY] = { add_sel_entry, 18 },
+ [IPMI_CMD_CLEAR_SEL] = { clear_sel, 8 },
+ [IPMI_CMD_GET_SEL_TIME] = { get_sel_time },
+ [IPMI_CMD_SET_SEL_TIME] = { set_sel_time, 6 },
+};
+
+static const IPMINetfn storage_netfn = {
+ .cmd_nums = ARRAY_SIZE(storage_cmds),
+ .cmd_handlers = storage_cmds
+};
+
+static void register_cmds(IPMIBmcSim *s)
+{
+ ipmi_sim_register_netfn(s, IPMI_NETFN_CHASSIS, &chassis_netfn);
+ ipmi_sim_register_netfn(s, IPMI_NETFN_SENSOR_EVENT, &sensor_event_netfn);
+ ipmi_sim_register_netfn(s, IPMI_NETFN_APP, &app_netfn);
+ ipmi_sim_register_netfn(s, IPMI_NETFN_STORAGE, &storage_netfn);
+}
+
+static uint8_t init_sdrs[] = {
+ /* Watchdog device */
+ 0x00, 0x00, 0x51, 0x02, 35, 0x20, 0x00, 0x00,
+ 0x23, 0x01, 0x63, 0x00, 0x23, 0x6f, 0x0f, 0x01,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc8,
+ 'W', 'a', 't', 'c', 'h', 'd', 'o', 'g',
+};
+
+static void ipmi_sdr_init(IPMIBmcSim *ibs)
+{
+ unsigned int i;
+ int len;
+ size_t sdrs_size;
+ uint8_t *sdrs;
+
+ sdrs_size = sizeof(init_sdrs);
+ sdrs = init_sdrs;
+ if (ibs->sdr_filename &&
+ !g_file_get_contents(ibs->sdr_filename, (gchar **) &sdrs, &sdrs_size,
+ NULL)) {
+ error_report("failed to load sdr file '%s'", ibs->sdr_filename);
+ sdrs_size = sizeof(init_sdrs);
+ sdrs = init_sdrs;
+ }
+
+ for (i = 0; i < sdrs_size; i += len) {
+ struct ipmi_sdr_header *sdrh;
+
+ if (i + IPMI_SDR_HEADER_SIZE > sdrs_size) {
+ error_report("Problem with recid 0x%4.4x", i);
+ break;
+ }
+ sdrh = (struct ipmi_sdr_header *) &sdrs[i];
+ len = ipmi_sdr_length(sdrh);
+ if (i + len > sdrs_size) {
+ error_report("Problem with recid 0x%4.4x", i);
+ break;
+ }
+ sdr_add_entry(ibs, sdrh, len, NULL);
+ }
+
+ if (sdrs != init_sdrs) {
+ g_free(sdrs);
+ }
+}
+
+static const VMStateDescription vmstate_ipmi_sim = {
+ .name = TYPE_IPMI_BMC_SIMULATOR,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(bmc_global_enables, IPMIBmcSim),
+ VMSTATE_UINT8(msg_flags, IPMIBmcSim),
+ VMSTATE_BOOL(watchdog_initialized, IPMIBmcSim),
+ VMSTATE_UINT8(watchdog_use, IPMIBmcSim),
+ VMSTATE_UINT8(watchdog_action, IPMIBmcSim),
+ VMSTATE_UINT8(watchdog_pretimeout, IPMIBmcSim),
+ VMSTATE_UINT8(watchdog_expired, IPMIBmcSim),
+ VMSTATE_UINT16(watchdog_timeout, IPMIBmcSim),
+ VMSTATE_BOOL(watchdog_running, IPMIBmcSim),
+ VMSTATE_BOOL(watchdog_preaction_ran, IPMIBmcSim),
+ VMSTATE_INT64(watchdog_expiry, IPMIBmcSim),
+ VMSTATE_UINT8_ARRAY(evtbuf, IPMIBmcSim, 16),
+ VMSTATE_UINT8(sensors[IPMI_WATCHDOG_SENSOR].status, IPMIBmcSim),
+ VMSTATE_UINT8(sensors[IPMI_WATCHDOG_SENSOR].reading, IPMIBmcSim),
+ VMSTATE_UINT16(sensors[IPMI_WATCHDOG_SENSOR].states, IPMIBmcSim),
+ VMSTATE_UINT16(sensors[IPMI_WATCHDOG_SENSOR].assert_states, IPMIBmcSim),
+ VMSTATE_UINT16(sensors[IPMI_WATCHDOG_SENSOR].deassert_states,
+ IPMIBmcSim),
+ VMSTATE_UINT16(sensors[IPMI_WATCHDOG_SENSOR].assert_enable, IPMIBmcSim),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void ipmi_fru_init(IPMIFru *fru)
+{
+ int fsize;
+ int size = 0;
+
+ if (!fru->filename) {
+ goto out;
+ }
+
+ fsize = get_image_size(fru->filename);
+ if (fsize > 0) {
+ size = QEMU_ALIGN_UP(fsize, fru->areasize);
+ fru->data = g_malloc0(size);
+ if (load_image_size(fru->filename, fru->data, fsize) != fsize) {
+ error_report("Could not load file '%s'", fru->filename);
+ g_free(fru->data);
+ fru->data = NULL;
+ }
+ }
+
+out:
+ if (!fru->data) {
+ /* give one default FRU */
+ size = fru->areasize;
+ fru->data = g_malloc0(size);
+ }
+
+ fru->nentries = size / fru->areasize;
+}
+
+static void ipmi_sim_realize(DeviceState *dev, Error **errp)
+{
+ IPMIBmc *b = IPMI_BMC(dev);
+ unsigned int i;
+ IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b);
+
+ QTAILQ_INIT(&ibs->rcvbufs);
+
+ ibs->bmc_global_enables = (1 << IPMI_BMC_EVENT_LOG_BIT);
+ ibs->device_id = 0x20;
+ ibs->ipmi_version = 0x02; /* IPMI 2.0 */
+ ibs->restart_cause = 0;
+ for (i = 0; i < 4; i++) {
+ ibs->sel.last_addition[i] = 0xff;
+ ibs->sel.last_clear[i] = 0xff;
+ ibs->sdr.last_addition[i] = 0xff;
+ ibs->sdr.last_clear[i] = 0xff;
+ }
+
+ ipmi_sdr_init(ibs);
+
+ ipmi_fru_init(&ibs->fru);
+
+ ibs->acpi_power_state[0] = 0;
+ ibs->acpi_power_state[1] = 0;
+
+ ipmi_init_sensors_from_sdrs(ibs);
+ register_cmds(ibs);
+
+ ibs->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ipmi_timeout, ibs);
+
+ vmstate_register(NULL, 0, &vmstate_ipmi_sim, ibs);
+}
+
+static Property ipmi_sim_properties[] = {
+ DEFINE_PROP_UINT16("fruareasize", IPMIBmcSim, fru.areasize, 1024),
+ DEFINE_PROP_STRING("frudatafile", IPMIBmcSim, fru.filename),
+ DEFINE_PROP_STRING("sdrfile", IPMIBmcSim, sdr_filename),
+ DEFINE_PROP_UINT8("device_id", IPMIBmcSim, device_id, 0x20),
+ DEFINE_PROP_UINT8("ipmi_version", IPMIBmcSim, ipmi_version, 0x02),
+ DEFINE_PROP_UINT8("device_rev", IPMIBmcSim, device_rev, 0),
+ DEFINE_PROP_UINT8("fwrev1", IPMIBmcSim, fwrev1, 0),
+ DEFINE_PROP_UINT8("fwrev2", IPMIBmcSim, fwrev2, 0),
+ DEFINE_PROP_UINT32("mfg_id", IPMIBmcSim, mfg_id, 0),
+ DEFINE_PROP_UINT16("product_id", IPMIBmcSim, product_id, 0),
+ DEFINE_PROP_UUID_NODEFAULT("guid", IPMIBmcSim, uuid),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void ipmi_sim_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ IPMIBmcClass *bk = IPMI_BMC_CLASS(oc);
+
+ dc->hotpluggable = false;
+ dc->realize = ipmi_sim_realize;
+ device_class_set_props(dc, ipmi_sim_properties);
+ bk->handle_command = ipmi_sim_handle_command;
+}
+
+static const TypeInfo ipmi_sim_type = {
+ .name = TYPE_IPMI_BMC_SIMULATOR,
+ .parent = TYPE_IPMI_BMC,
+ .instance_size = sizeof(IPMIBmcSim),
+ .class_init = ipmi_sim_class_init,
+};
+
+static void ipmi_sim_register_types(void)
+{
+ type_register_static(&ipmi_sim_type);
+}
+
+type_init(ipmi_sim_register_types)
diff --git a/hw/ipmi/ipmi_bt.c b/hw/ipmi/ipmi_bt.c
new file mode 100644
index 00000000..22f94fb9
--- /dev/null
+++ b/hw/ipmi/ipmi_bt.c
@@ -0,0 +1,437 @@
+/*
+ * QEMU IPMI BT emulation
+ *
+ * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "migration/vmstate.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "hw/ipmi/ipmi_bt.h"
+
+/* Control register */
+#define IPMI_BT_CLR_WR_BIT 0
+#define IPMI_BT_CLR_RD_BIT 1
+#define IPMI_BT_H2B_ATN_BIT 2
+#define IPMI_BT_B2H_ATN_BIT 3
+#define IPMI_BT_SMS_ATN_BIT 4
+#define IPMI_BT_HBUSY_BIT 6
+#define IPMI_BT_BBUSY_BIT 7
+
+#define IPMI_BT_GET_CLR_WR(d) (((d) >> IPMI_BT_CLR_WR_BIT) & 0x1)
+
+#define IPMI_BT_GET_CLR_RD(d) (((d) >> IPMI_BT_CLR_RD_BIT) & 0x1)
+
+#define IPMI_BT_GET_H2B_ATN(d) (((d) >> IPMI_BT_H2B_ATN_BIT) & 0x1)
+
+#define IPMI_BT_B2H_ATN_MASK (1 << IPMI_BT_B2H_ATN_BIT)
+#define IPMI_BT_GET_B2H_ATN(d) (((d) >> IPMI_BT_B2H_ATN_BIT) & 0x1)
+#define IPMI_BT_SET_B2H_ATN(d, v) ((d) = (((d) & ~IPMI_BT_B2H_ATN_MASK) | \
+ (!!(v) << IPMI_BT_B2H_ATN_BIT)))
+
+#define IPMI_BT_SMS_ATN_MASK (1 << IPMI_BT_SMS_ATN_BIT)
+#define IPMI_BT_GET_SMS_ATN(d) (((d) >> IPMI_BT_SMS_ATN_BIT) & 0x1)
+#define IPMI_BT_SET_SMS_ATN(d, v) ((d) = (((d) & ~IPMI_BT_SMS_ATN_MASK) | \
+ (!!(v) << IPMI_BT_SMS_ATN_BIT)))
+
+#define IPMI_BT_HBUSY_MASK (1 << IPMI_BT_HBUSY_BIT)
+#define IPMI_BT_GET_HBUSY(d) (((d) >> IPMI_BT_HBUSY_BIT) & 0x1)
+#define IPMI_BT_SET_HBUSY(d, v) ((d) = (((d) & ~IPMI_BT_HBUSY_MASK) | \
+ (!!(v) << IPMI_BT_HBUSY_BIT)))
+
+#define IPMI_BT_BBUSY_MASK (1 << IPMI_BT_BBUSY_BIT)
+#define IPMI_BT_SET_BBUSY(d, v) ((d) = (((d) & ~IPMI_BT_BBUSY_MASK) | \
+ (!!(v) << IPMI_BT_BBUSY_BIT)))
+
+
+/* Mask register */
+#define IPMI_BT_B2H_IRQ_EN_BIT 0
+#define IPMI_BT_B2H_IRQ_BIT 1
+
+#define IPMI_BT_B2H_IRQ_EN_MASK (1 << IPMI_BT_B2H_IRQ_EN_BIT)
+#define IPMI_BT_GET_B2H_IRQ_EN(d) (((d) >> IPMI_BT_B2H_IRQ_EN_BIT) & 0x1)
+#define IPMI_BT_SET_B2H_IRQ_EN(d, v) ((d) = (((d) & ~IPMI_BT_B2H_IRQ_EN_MASK) |\
+ (!!(v) << IPMI_BT_B2H_IRQ_EN_BIT)))
+
+#define IPMI_BT_B2H_IRQ_MASK (1 << IPMI_BT_B2H_IRQ_BIT)
+#define IPMI_BT_GET_B2H_IRQ(d) (((d) >> IPMI_BT_B2H_IRQ_BIT) & 0x1)
+#define IPMI_BT_SET_B2H_IRQ(d, v) ((d) = (((d) & ~IPMI_BT_B2H_IRQ_MASK) | \
+ (!!(v) << IPMI_BT_B2H_IRQ_BIT)))
+
+#define IPMI_CMD_GET_BT_INTF_CAP 0x36
+
+static void ipmi_bt_raise_irq(IPMIBT *ib)
+{
+ if (ib->use_irq && ib->irqs_enabled && ib->raise_irq) {
+ ib->raise_irq(ib);
+ }
+}
+
+static void ipmi_bt_lower_irq(IPMIBT *ib)
+{
+ if (ib->lower_irq) {
+ ib->lower_irq(ib);
+ }
+}
+
+static void ipmi_bt_handle_event(IPMIInterface *ii)
+{
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIBT *ib = iic->get_backend_data(ii);
+
+ if (ib->inlen < 4) {
+ goto out;
+ }
+ /* Note that overruns are handled by handle_command */
+ if (ib->inmsg[0] != (ib->inlen - 1)) {
+ /* Length mismatch, just ignore. */
+ IPMI_BT_SET_BBUSY(ib->control_reg, 1);
+ ib->inlen = 0;
+ goto out;
+ }
+ if ((ib->inmsg[1] == (IPMI_NETFN_APP << 2)) &&
+ (ib->inmsg[3] == IPMI_CMD_GET_BT_INTF_CAP)) {
+ /* We handle this one ourselves. */
+ ib->outmsg[0] = 9;
+ ib->outmsg[1] = ib->inmsg[1] | 0x04;
+ ib->outmsg[2] = ib->inmsg[2];
+ ib->outmsg[3] = ib->inmsg[3];
+ ib->outmsg[4] = 0;
+ ib->outmsg[5] = 1; /* Only support 1 outstanding request. */
+ if (sizeof(ib->inmsg) > 0xff) { /* Input buffer size */
+ ib->outmsg[6] = 0xff;
+ } else {
+ ib->outmsg[6] = (unsigned char) sizeof(ib->inmsg);
+ }
+ if (sizeof(ib->outmsg) > 0xff) { /* Output buffer size */
+ ib->outmsg[7] = 0xff;
+ } else {
+ ib->outmsg[7] = (unsigned char) sizeof(ib->outmsg);
+ }
+ ib->outmsg[8] = 10; /* Max request to response time */
+ ib->outmsg[9] = 0; /* Don't recommend retries */
+ ib->outlen = 10;
+ IPMI_BT_SET_BBUSY(ib->control_reg, 0);
+ IPMI_BT_SET_B2H_ATN(ib->control_reg, 1);
+ if (!IPMI_BT_GET_B2H_IRQ(ib->mask_reg) &&
+ IPMI_BT_GET_B2H_IRQ_EN(ib->mask_reg)) {
+ IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 1);
+ ipmi_bt_raise_irq(ib);
+ }
+ goto out;
+ }
+ ib->waiting_seq = ib->inmsg[2];
+ ib->inmsg[2] = ib->inmsg[1];
+ {
+ IPMIBmcClass *bk = IPMI_BMC_GET_CLASS(ib->bmc);
+ bk->handle_command(ib->bmc, ib->inmsg + 2, ib->inlen - 2,
+ sizeof(ib->inmsg), ib->waiting_rsp);
+ }
+ out:
+ return;
+}
+
+static void ipmi_bt_handle_rsp(IPMIInterface *ii, uint8_t msg_id,
+ unsigned char *rsp, unsigned int rsp_len)
+{
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIBT *ib = iic->get_backend_data(ii);
+
+ if (ib->waiting_rsp == msg_id) {
+ ib->waiting_rsp++;
+ if (rsp_len > (sizeof(ib->outmsg) - 2)) {
+ ib->outmsg[0] = 4;
+ ib->outmsg[1] = rsp[0];
+ ib->outmsg[2] = ib->waiting_seq;
+ ib->outmsg[3] = rsp[1];
+ ib->outmsg[4] = IPMI_CC_CANNOT_RETURN_REQ_NUM_BYTES;
+ ib->outlen = 5;
+ } else {
+ ib->outmsg[0] = rsp_len + 1;
+ ib->outmsg[1] = rsp[0];
+ ib->outmsg[2] = ib->waiting_seq;
+ memcpy(ib->outmsg + 3, rsp + 1, rsp_len - 1);
+ ib->outlen = rsp_len + 2;
+ }
+ IPMI_BT_SET_BBUSY(ib->control_reg, 0);
+ IPMI_BT_SET_B2H_ATN(ib->control_reg, 1);
+ if (!IPMI_BT_GET_B2H_IRQ(ib->mask_reg) &&
+ IPMI_BT_GET_B2H_IRQ_EN(ib->mask_reg)) {
+ IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 1);
+ ipmi_bt_raise_irq(ib);
+ }
+ }
+}
+
+
+static uint64_t ipmi_bt_ioport_read(void *opaque, hwaddr addr, unsigned size)
+{
+ IPMIInterface *ii = opaque;
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIBT *ib = iic->get_backend_data(ii);
+ uint32_t ret = 0xff;
+
+ switch (addr & ib->size_mask) {
+ case 0:
+ ret = ib->control_reg;
+ break;
+ case 1:
+ if (ib->outpos < ib->outlen) {
+ ret = ib->outmsg[ib->outpos];
+ ib->outpos++;
+ if (ib->outpos == ib->outlen) {
+ ib->outpos = 0;
+ ib->outlen = 0;
+ }
+ } else {
+ ret = 0xff;
+ }
+ break;
+ case 2:
+ ret = ib->mask_reg;
+ break;
+ default:
+ ret = 0xff;
+ break;
+ }
+ return ret;
+}
+
+static void ipmi_bt_signal(IPMIBT *ib, IPMIInterface *ii)
+{
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+
+ ib->do_wake = 1;
+ while (ib->do_wake) {
+ ib->do_wake = 0;
+ iic->handle_if_event(ii);
+ }
+}
+
+static void ipmi_bt_ioport_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ IPMIInterface *ii = opaque;
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIBT *ib = iic->get_backend_data(ii);
+
+ switch (addr & ib->size_mask) {
+ case 0:
+ if (IPMI_BT_GET_CLR_WR(val)) {
+ ib->inlen = 0;
+ }
+ if (IPMI_BT_GET_CLR_RD(val)) {
+ ib->outpos = 0;
+ }
+ if (IPMI_BT_GET_B2H_ATN(val)) {
+ IPMI_BT_SET_B2H_ATN(ib->control_reg, 0);
+ }
+ if (IPMI_BT_GET_SMS_ATN(val)) {
+ IPMI_BT_SET_SMS_ATN(ib->control_reg, 0);
+ }
+ if (IPMI_BT_GET_HBUSY(val)) {
+ /* Toggle */
+ IPMI_BT_SET_HBUSY(ib->control_reg,
+ !IPMI_BT_GET_HBUSY(ib->control_reg));
+ }
+ if (IPMI_BT_GET_H2B_ATN(val)) {
+ IPMI_BT_SET_BBUSY(ib->control_reg, 1);
+ ipmi_bt_signal(ib, ii);
+ }
+ break;
+
+ case 1:
+ if (ib->inlen < sizeof(ib->inmsg)) {
+ ib->inmsg[ib->inlen] = val;
+ }
+ ib->inlen++;
+ break;
+
+ case 2:
+ if (IPMI_BT_GET_B2H_IRQ_EN(val) !=
+ IPMI_BT_GET_B2H_IRQ_EN(ib->mask_reg)) {
+ if (IPMI_BT_GET_B2H_IRQ_EN(val)) {
+ if (IPMI_BT_GET_B2H_ATN(ib->control_reg) ||
+ IPMI_BT_GET_SMS_ATN(ib->control_reg)) {
+ IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 1);
+ ipmi_bt_raise_irq(ib);
+ }
+ IPMI_BT_SET_B2H_IRQ_EN(ib->mask_reg, 1);
+ } else {
+ if (IPMI_BT_GET_B2H_IRQ(ib->mask_reg)) {
+ IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 0);
+ ipmi_bt_lower_irq(ib);
+ }
+ IPMI_BT_SET_B2H_IRQ_EN(ib->mask_reg, 0);
+ }
+ }
+ if (IPMI_BT_GET_B2H_IRQ(val) && IPMI_BT_GET_B2H_IRQ(ib->mask_reg)) {
+ IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 0);
+ ipmi_bt_lower_irq(ib);
+ }
+ break;
+ default:
+ /* Ignore. */
+ break;
+ }
+}
+
+static const MemoryRegionOps ipmi_bt_io_ops = {
+ .read = ipmi_bt_ioport_read,
+ .write = ipmi_bt_ioport_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void ipmi_bt_set_atn(IPMIInterface *ii, int val, int irq)
+{
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIBT *ib = iic->get_backend_data(ii);
+
+ if (!!val == IPMI_BT_GET_SMS_ATN(ib->control_reg)) {
+ return;
+ }
+
+ IPMI_BT_SET_SMS_ATN(ib->control_reg, val);
+ if (val) {
+ if (irq && !IPMI_BT_GET_B2H_ATN(ib->control_reg) &&
+ IPMI_BT_GET_B2H_IRQ_EN(ib->mask_reg)) {
+ IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 1);
+ ipmi_bt_raise_irq(ib);
+ }
+ } else {
+ if (!IPMI_BT_GET_B2H_ATN(ib->control_reg) &&
+ IPMI_BT_GET_B2H_IRQ(ib->mask_reg)) {
+ IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 0);
+ ipmi_bt_lower_irq(ib);
+ }
+ }
+}
+
+static void ipmi_bt_handle_reset(IPMIInterface *ii, bool is_cold)
+{
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIBT *ib = iic->get_backend_data(ii);
+
+ if (is_cold) {
+ /* Disable the BT interrupt on reset */
+ if (IPMI_BT_GET_B2H_IRQ(ib->mask_reg)) {
+ IPMI_BT_SET_B2H_IRQ(ib->mask_reg, 0);
+ ipmi_bt_lower_irq(ib);
+ }
+ IPMI_BT_SET_B2H_IRQ_EN(ib->mask_reg, 0);
+ }
+}
+
+static void ipmi_bt_set_irq_enable(IPMIInterface *ii, int val)
+{
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIBT *ib = iic->get_backend_data(ii);
+
+ ib->irqs_enabled = val;
+}
+
+static void ipmi_bt_init(IPMIInterface *ii, unsigned int min_size, Error **errp)
+{
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIBT *ib = iic->get_backend_data(ii);
+
+ if (min_size == 0) {
+ min_size = 4;
+ }
+ ib->size_mask = min_size - 1;
+ ib->io_length = 3;
+
+ memory_region_init_io(&ib->io, NULL, &ipmi_bt_io_ops, ii, "ipmi-bt",
+ min_size);
+}
+
+int ipmi_bt_vmstate_post_load(void *opaque, int version)
+{
+ IPMIBT *ib = opaque;
+
+ /* Make sure all the values are sane. */
+ if (ib->outpos >= MAX_IPMI_MSG_SIZE || ib->outlen >= MAX_IPMI_MSG_SIZE ||
+ ib->outpos >= ib->outlen) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "ipmi:bt: vmstate transfer received bad out values: %d %d\n",
+ ib->outpos, ib->outlen);
+ ib->outpos = 0;
+ ib->outlen = 0;
+ }
+
+ if (ib->inlen >= MAX_IPMI_MSG_SIZE) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "ipmi:bt: vmstate transfer received bad in value: %d\n",
+ ib->inlen);
+ ib->inlen = 0;
+ }
+
+ return 0;
+}
+
+const VMStateDescription vmstate_IPMIBT = {
+ .name = TYPE_IPMI_INTERFACE_PREFIX "bt",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .post_load = ipmi_bt_vmstate_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_BOOL(obf_irq_set, IPMIBT),
+ VMSTATE_BOOL(atn_irq_set, IPMIBT),
+ VMSTATE_BOOL(irqs_enabled, IPMIBT),
+ VMSTATE_UINT32(outpos, IPMIBT),
+ VMSTATE_UINT32(outlen, IPMIBT),
+ VMSTATE_UINT8_ARRAY(outmsg, IPMIBT, MAX_IPMI_MSG_SIZE),
+ VMSTATE_UINT32(inlen, IPMIBT),
+ VMSTATE_UINT8_ARRAY(inmsg, IPMIBT, MAX_IPMI_MSG_SIZE),
+ VMSTATE_UINT8(control_reg, IPMIBT),
+ VMSTATE_UINT8(mask_reg, IPMIBT),
+ VMSTATE_UINT8(waiting_rsp, IPMIBT),
+ VMSTATE_UINT8(waiting_seq, IPMIBT),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+void ipmi_bt_get_fwinfo(struct IPMIBT *ib, IPMIFwInfo *info)
+{
+ info->interface_name = "bt";
+ info->interface_type = IPMI_SMBIOS_BT;
+ info->ipmi_spec_major_revision = 2;
+ info->ipmi_spec_minor_revision = 0;
+ info->base_address = ib->io_base;
+ info->register_length = ib->io_length;
+ info->register_spacing = 1;
+ info->memspace = IPMI_MEMSPACE_IO;
+ info->irq_type = IPMI_LEVEL_IRQ;
+}
+
+void ipmi_bt_class_init(IPMIInterfaceClass *iic)
+{
+ iic->init = ipmi_bt_init;
+ iic->set_atn = ipmi_bt_set_atn;
+ iic->handle_rsp = ipmi_bt_handle_rsp;
+ iic->handle_if_event = ipmi_bt_handle_event;
+ iic->set_irq_enable = ipmi_bt_set_irq_enable;
+ iic->reset = ipmi_bt_handle_reset;
+}
diff --git a/hw/ipmi/ipmi_kcs.c b/hw/ipmi/ipmi_kcs.c
new file mode 100644
index 00000000..a7761294
--- /dev/null
+++ b/hw/ipmi/ipmi_kcs.c
@@ -0,0 +1,423 @@
+/*
+ * QEMU IPMI KCS emulation
+ *
+ * Copyright (c) 2015,2017 Corey Minyard, MontaVista Software, LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "migration/vmstate.h"
+#include "qemu/log.h"
+#include "qapi/error.h"
+#include "hw/ipmi/ipmi_kcs.h"
+
+#define IPMI_KCS_OBF_BIT 0
+#define IPMI_KCS_IBF_BIT 1
+#define IPMI_KCS_SMS_ATN_BIT 2
+#define IPMI_KCS_CD_BIT 3
+
+#define IPMI_KCS_OBF_MASK (1 << IPMI_KCS_OBF_BIT)
+#define IPMI_KCS_GET_OBF(d) (((d) >> IPMI_KCS_OBF_BIT) & 0x1)
+#define IPMI_KCS_SET_OBF(d, v) (d) = (((d) & ~IPMI_KCS_OBF_MASK) | \
+ (((v) & 1) << IPMI_KCS_OBF_BIT))
+#define IPMI_KCS_IBF_MASK (1 << IPMI_KCS_IBF_BIT)
+#define IPMI_KCS_GET_IBF(d) (((d) >> IPMI_KCS_IBF_BIT) & 0x1)
+#define IPMI_KCS_SET_IBF(d, v) (d) = (((d) & ~IPMI_KCS_IBF_MASK) | \
+ (((v) & 1) << IPMI_KCS_IBF_BIT))
+#define IPMI_KCS_SMS_ATN_MASK (1 << IPMI_KCS_SMS_ATN_BIT)
+#define IPMI_KCS_GET_SMS_ATN(d) (((d) >> IPMI_KCS_SMS_ATN_BIT) & 0x1)
+#define IPMI_KCS_SET_SMS_ATN(d, v) (d) = (((d) & ~IPMI_KCS_SMS_ATN_MASK) | \
+ (((v) & 1) << IPMI_KCS_SMS_ATN_BIT))
+#define IPMI_KCS_CD_MASK (1 << IPMI_KCS_CD_BIT)
+#define IPMI_KCS_GET_CD(d) (((d) >> IPMI_KCS_CD_BIT) & 0x1)
+#define IPMI_KCS_SET_CD(d, v) (d) = (((d) & ~IPMI_KCS_CD_MASK) | \
+ (((v) & 1) << IPMI_KCS_CD_BIT))
+
+#define IPMI_KCS_IDLE_STATE 0
+#define IPMI_KCS_READ_STATE 1
+#define IPMI_KCS_WRITE_STATE 2
+#define IPMI_KCS_ERROR_STATE 3
+
+#define IPMI_KCS_GET_STATE(d) (((d) >> 6) & 0x3)
+#define IPMI_KCS_SET_STATE(d, v) ((d) = ((d) & ~0xc0) | (((v) & 0x3) << 6))
+
+#define IPMI_KCS_ABORT_STATUS_CMD 0x60
+#define IPMI_KCS_WRITE_START_CMD 0x61
+#define IPMI_KCS_WRITE_END_CMD 0x62
+#define IPMI_KCS_READ_CMD 0x68
+
+#define IPMI_KCS_STATUS_NO_ERR 0x00
+#define IPMI_KCS_STATUS_ABORTED_ERR 0x01
+#define IPMI_KCS_STATUS_BAD_CC_ERR 0x02
+#define IPMI_KCS_STATUS_LENGTH_ERR 0x06
+
+static void ipmi_kcs_raise_irq(IPMIKCS *ik)
+{
+ if (ik->use_irq && ik->irqs_enabled && ik->raise_irq) {
+ ik->raise_irq(ik);
+ }
+}
+
+static void ipmi_kcs_lower_irq(IPMIKCS *ik)
+{
+ if (ik->lower_irq) {
+ ik->lower_irq(ik);
+ }
+}
+
+#define SET_OBF() \
+ do { \
+ IPMI_KCS_SET_OBF(ik->status_reg, 1); \
+ if (!ik->obf_irq_set) { \
+ ik->obf_irq_set = 1; \
+ if (!ik->atn_irq_set) { \
+ ipmi_kcs_raise_irq(ik); \
+ } \
+ } \
+ } while (0)
+
+static void ipmi_kcs_signal(IPMIKCS *ik, IPMIInterface *ii)
+{
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+
+ ik->do_wake = 1;
+ while (ik->do_wake) {
+ ik->do_wake = 0;
+ iic->handle_if_event(ii);
+ }
+}
+
+static void ipmi_kcs_handle_event(IPMIInterface *ii)
+{
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIKCS *ik = iic->get_backend_data(ii);
+
+ if (ik->cmd_reg == IPMI_KCS_ABORT_STATUS_CMD) {
+ if (IPMI_KCS_GET_STATE(ik->status_reg) != IPMI_KCS_ERROR_STATE) {
+ ik->waiting_rsp++; /* Invalidate the message */
+ ik->outmsg[0] = IPMI_KCS_STATUS_ABORTED_ERR;
+ ik->outlen = 1;
+ ik->outpos = 0;
+ IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_ERROR_STATE);
+ SET_OBF();
+ }
+ goto out;
+ }
+
+ switch (IPMI_KCS_GET_STATE(ik->status_reg)) {
+ case IPMI_KCS_IDLE_STATE:
+ if (ik->cmd_reg == IPMI_KCS_WRITE_START_CMD) {
+ IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_WRITE_STATE);
+ ik->cmd_reg = -1;
+ ik->write_end = 0;
+ ik->inlen = 0;
+ SET_OBF();
+ }
+ break;
+
+ case IPMI_KCS_READ_STATE:
+ handle_read:
+ if (ik->outpos >= ik->outlen) {
+ IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_IDLE_STATE);
+ SET_OBF();
+ } else if (ik->data_in_reg == IPMI_KCS_READ_CMD) {
+ ik->data_out_reg = ik->outmsg[ik->outpos];
+ ik->outpos++;
+ SET_OBF();
+ } else {
+ ik->outmsg[0] = IPMI_KCS_STATUS_BAD_CC_ERR;
+ ik->outlen = 1;
+ ik->outpos = 0;
+ IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_ERROR_STATE);
+ SET_OBF();
+ goto out;
+ }
+ break;
+
+ case IPMI_KCS_WRITE_STATE:
+ if (ik->data_in_reg != -1) {
+ /*
+ * Don't worry about input overrun here, that will be
+ * handled in the BMC.
+ */
+ if (ik->inlen < sizeof(ik->inmsg)) {
+ ik->inmsg[ik->inlen] = ik->data_in_reg;
+ }
+ ik->inlen++;
+ }
+ if (ik->write_end) {
+ IPMIBmcClass *bk = IPMI_BMC_GET_CLASS(ik->bmc);
+ ik->outlen = 0;
+ ik->write_end = 0;
+ ik->outpos = 0;
+ bk->handle_command(ik->bmc, ik->inmsg, ik->inlen, sizeof(ik->inmsg),
+ ik->waiting_rsp);
+ goto out_noibf;
+ } else if (ik->cmd_reg == IPMI_KCS_WRITE_END_CMD) {
+ ik->cmd_reg = -1;
+ ik->write_end = 1;
+ }
+ SET_OBF();
+ break;
+
+ case IPMI_KCS_ERROR_STATE:
+ if (ik->data_in_reg != -1) {
+ IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_READ_STATE);
+ ik->data_in_reg = IPMI_KCS_READ_CMD;
+ goto handle_read;
+ }
+ break;
+ }
+
+ if (ik->cmd_reg != -1) {
+ /* Got an invalid command */
+ ik->outmsg[0] = IPMI_KCS_STATUS_BAD_CC_ERR;
+ ik->outlen = 1;
+ ik->outpos = 0;
+ IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_ERROR_STATE);
+ }
+
+ out:
+ ik->cmd_reg = -1;
+ ik->data_in_reg = -1;
+ IPMI_KCS_SET_IBF(ik->status_reg, 0);
+ out_noibf:
+ return;
+}
+
+static void ipmi_kcs_handle_rsp(IPMIInterface *ii, uint8_t msg_id,
+ unsigned char *rsp, unsigned int rsp_len)
+{
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIKCS *ik = iic->get_backend_data(ii);
+
+ if (ik->waiting_rsp == msg_id) {
+ ik->waiting_rsp++;
+ if (rsp_len > sizeof(ik->outmsg)) {
+ ik->outmsg[0] = rsp[0];
+ ik->outmsg[1] = rsp[1];
+ ik->outmsg[2] = IPMI_CC_CANNOT_RETURN_REQ_NUM_BYTES;
+ ik->outlen = 3;
+ } else {
+ memcpy(ik->outmsg, rsp, rsp_len);
+ ik->outlen = rsp_len;
+ }
+ IPMI_KCS_SET_STATE(ik->status_reg, IPMI_KCS_READ_STATE);
+ ik->data_in_reg = IPMI_KCS_READ_CMD;
+ ipmi_kcs_signal(ik, ii);
+ }
+}
+
+
+static uint64_t ipmi_kcs_ioport_read(void *opaque, hwaddr addr, unsigned size)
+{
+ IPMIInterface *ii = opaque;
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIKCS *ik = iic->get_backend_data(ii);
+ uint32_t ret;
+
+ switch (addr & ik->size_mask) {
+ case 0:
+ ret = ik->data_out_reg;
+ IPMI_KCS_SET_OBF(ik->status_reg, 0);
+ if (ik->obf_irq_set) {
+ ik->obf_irq_set = 0;
+ if (!ik->atn_irq_set) {
+ ipmi_kcs_lower_irq(ik);
+ }
+ }
+ break;
+
+ case 1:
+ ret = ik->status_reg;
+ if (ik->atn_irq_set) {
+ ik->atn_irq_set = 0;
+ if (!ik->obf_irq_set) {
+ ipmi_kcs_lower_irq(ik);
+ }
+ }
+ break;
+
+ default:
+ ret = 0xff;
+ }
+ return ret;
+}
+
+static void ipmi_kcs_ioport_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ IPMIInterface *ii = opaque;
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIKCS *ik = iic->get_backend_data(ii);
+
+ if (IPMI_KCS_GET_IBF(ik->status_reg)) {
+ return;
+ }
+
+ switch (addr & ik->size_mask) {
+ case 0:
+ ik->data_in_reg = val;
+ break;
+
+ case 1:
+ ik->cmd_reg = val;
+ break;
+
+ default:
+ /* Ignore. */
+ break;
+ }
+ IPMI_KCS_SET_IBF(ik->status_reg, 1);
+ ipmi_kcs_signal(ik, ii);
+}
+
+const MemoryRegionOps ipmi_kcs_io_ops = {
+ .read = ipmi_kcs_ioport_read,
+ .write = ipmi_kcs_ioport_write,
+ .impl = {
+ .min_access_size = 1,
+ .max_access_size = 1,
+ },
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void ipmi_kcs_set_atn(IPMIInterface *ii, int val, int irq)
+{
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIKCS *ik = iic->get_backend_data(ii);
+
+ IPMI_KCS_SET_SMS_ATN(ik->status_reg, val);
+ if (val) {
+ if (irq && !ik->atn_irq_set) {
+ ik->atn_irq_set = 1;
+ if (!ik->obf_irq_set) {
+ ipmi_kcs_raise_irq(ik);
+ }
+ }
+ } else {
+ if (ik->atn_irq_set) {
+ ik->atn_irq_set = 0;
+ if (!ik->obf_irq_set) {
+ ipmi_kcs_lower_irq(ik);
+ }
+ }
+ }
+}
+
+static void ipmi_kcs_set_irq_enable(IPMIInterface *ii, int val)
+{
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIKCS *ik = iic->get_backend_data(ii);
+
+ ik->irqs_enabled = val;
+}
+
+/* min_size must be a power of 2. */
+static void ipmi_kcs_init(IPMIInterface *ii, unsigned int min_size,
+ Error **errp)
+{
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+ IPMIKCS *ik = iic->get_backend_data(ii);
+
+ if (min_size == 0) {
+ min_size = 2;
+ }
+ ik->size_mask = min_size - 1;
+ ik->io_length = 2;
+ memory_region_init_io(&ik->io, NULL, &ipmi_kcs_io_ops, ii, "ipmi-kcs",
+ min_size);
+}
+
+int ipmi_kcs_vmstate_post_load(void *opaque, int version)
+{
+ IPMIKCS *ik = opaque;
+
+ /* Make sure all the values are sane. */
+ if (ik->outpos >= MAX_IPMI_MSG_SIZE || ik->outlen >= MAX_IPMI_MSG_SIZE ||
+ ik->outpos >= ik->outlen) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "ipmi:kcs: vmstate transfer received bad out values: %d %d\n",
+ ik->outpos, ik->outlen);
+ ik->outpos = 0;
+ ik->outlen = 0;
+ }
+
+ if (ik->inlen >= MAX_IPMI_MSG_SIZE) {
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "ipmi:kcs: vmstate transfer received bad in value: %d\n",
+ ik->inlen);
+ ik->inlen = 0;
+ }
+
+ return 0;
+}
+
+static bool vmstate_kcs_before_version2(void *opaque, int version)
+{
+ return version <= 1;
+}
+
+const VMStateDescription vmstate_IPMIKCS = {
+ .name = TYPE_IPMI_INTERFACE_PREFIX "kcs",
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .post_load = ipmi_kcs_vmstate_post_load,
+ .fields = (VMStateField[]) {
+ VMSTATE_BOOL(obf_irq_set, IPMIKCS),
+ VMSTATE_BOOL(atn_irq_set, IPMIKCS),
+ VMSTATE_UNUSED_TEST(vmstate_kcs_before_version2, 1), /* Was use_irq */
+ VMSTATE_BOOL(irqs_enabled, IPMIKCS),
+ VMSTATE_UINT32(outpos, IPMIKCS),
+ VMSTATE_UINT32_V(outlen, IPMIKCS, 2),
+ VMSTATE_UINT8_ARRAY(outmsg, IPMIKCS, MAX_IPMI_MSG_SIZE),
+ VMSTATE_UINT32_V(inlen, IPMIKCS, 2),
+ VMSTATE_UINT8_ARRAY(inmsg, IPMIKCS, MAX_IPMI_MSG_SIZE),
+ VMSTATE_BOOL(write_end, IPMIKCS),
+ VMSTATE_UINT8(status_reg, IPMIKCS),
+ VMSTATE_UINT8(data_out_reg, IPMIKCS),
+ VMSTATE_INT16(data_in_reg, IPMIKCS),
+ VMSTATE_INT16(cmd_reg, IPMIKCS),
+ VMSTATE_UINT8(waiting_rsp, IPMIKCS),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+void ipmi_kcs_get_fwinfo(IPMIKCS *ik, IPMIFwInfo *info)
+{
+ info->interface_name = "kcs";
+ info->interface_type = IPMI_SMBIOS_KCS;
+ info->ipmi_spec_major_revision = 2;
+ info->ipmi_spec_minor_revision = 0;
+ info->base_address = ik->io_base;
+ info->i2c_slave_address = ik->bmc->slave_addr;
+ info->register_length = ik->io_length;
+ info->register_spacing = 1;
+ info->memspace = IPMI_MEMSPACE_IO;
+ info->irq_type = IPMI_LEVEL_IRQ;
+}
+
+void ipmi_kcs_class_init(IPMIInterfaceClass *iic)
+{
+ iic->init = ipmi_kcs_init;
+ iic->set_atn = ipmi_kcs_set_atn;
+ iic->handle_rsp = ipmi_kcs_handle_rsp;
+ iic->handle_if_event = ipmi_kcs_handle_event;
+ iic->set_irq_enable = ipmi_kcs_set_irq_enable;
+}
diff --git a/hw/ipmi/isa_ipmi_bt.c b/hw/ipmi/isa_ipmi_bt.c
new file mode 100644
index 00000000..a83e7243
--- /dev/null
+++ b/hw/ipmi/isa_ipmi_bt.c
@@ -0,0 +1,177 @@
+/*
+ * QEMU ISA IPMI BT emulation
+ *
+ * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/module.h"
+#include "qapi/error.h"
+#include "hw/irq.h"
+#include "hw/ipmi/ipmi_bt.h"
+#include "hw/isa/isa.h"
+#include "hw/qdev-properties.h"
+#include "migration/vmstate.h"
+#include "qom/object.h"
+#include "hw/acpi/ipmi.h"
+
+#define TYPE_ISA_IPMI_BT "isa-ipmi-bt"
+OBJECT_DECLARE_SIMPLE_TYPE(ISAIPMIBTDevice, ISA_IPMI_BT)
+
+struct ISAIPMIBTDevice {
+ ISADevice dev;
+ int32_t isairq;
+ qemu_irq irq;
+ IPMIBT bt;
+ uint32_t uuid;
+};
+
+static void isa_ipmi_bt_get_fwinfo(struct IPMIInterface *ii, IPMIFwInfo *info)
+{
+ ISAIPMIBTDevice *iib = ISA_IPMI_BT(ii);
+
+ ipmi_bt_get_fwinfo(&iib->bt, info);
+ info->interrupt_number = iib->isairq;
+ info->i2c_slave_address = iib->bt.bmc->slave_addr;
+ info->uuid = iib->uuid;
+}
+
+static void isa_ipmi_bt_raise_irq(IPMIBT *ib)
+{
+ ISAIPMIBTDevice *iib = ib->opaque;
+
+ qemu_irq_raise(iib->irq);
+}
+
+static void isa_ipmi_bt_lower_irq(IPMIBT *ib)
+{
+ ISAIPMIBTDevice *iib = ib->opaque;
+
+ qemu_irq_lower(iib->irq);
+}
+
+static void isa_ipmi_bt_realize(DeviceState *dev, Error **errp)
+{
+ Error *err = NULL;
+ ISADevice *isadev = ISA_DEVICE(dev);
+ ISAIPMIBTDevice *iib = ISA_IPMI_BT(dev);
+ IPMIInterface *ii = IPMI_INTERFACE(dev);
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+
+ if (!iib->bt.bmc) {
+ error_setg(errp, "IPMI device requires a bmc attribute to be set");
+ return;
+ }
+
+ iib->uuid = ipmi_next_uuid();
+
+ iib->bt.bmc->intf = ii;
+ iib->bt.opaque = iib;
+
+ iic->init(ii, 0, &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ if (iib->isairq > 0) {
+ iib->irq = isa_get_irq(isadev, iib->isairq);
+ iib->bt.use_irq = 1;
+ iib->bt.raise_irq = isa_ipmi_bt_raise_irq;
+ iib->bt.lower_irq = isa_ipmi_bt_lower_irq;
+ }
+
+ qdev_set_legacy_instance_id(dev, iib->bt.io_base, iib->bt.io_length);
+
+ isa_register_ioport(isadev, &iib->bt.io, iib->bt.io_base);
+}
+
+static const VMStateDescription vmstate_ISAIPMIBTDevice = {
+ .name = TYPE_IPMI_INTERFACE_PREFIX "isa-bt",
+ .version_id = 2,
+ .minimum_version_id = 2,
+ /*
+ * Version 1 had messed up the array transfer, it's not even usable
+ * because it used VMSTATE_VBUFFER_UINT32, but it did not transfer
+ * the buffer length, so random things would happen.
+ */
+ .fields = (VMStateField[]) {
+ VMSTATE_STRUCT(bt, ISAIPMIBTDevice, 1, vmstate_IPMIBT, IPMIBT),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void isa_ipmi_bt_init(Object *obj)
+{
+ ISAIPMIBTDevice *iib = ISA_IPMI_BT(obj);
+
+ ipmi_bmc_find_and_link(obj, (Object **) &iib->bt.bmc);
+
+ vmstate_register(NULL, 0, &vmstate_ISAIPMIBTDevice, iib);
+}
+
+static void *isa_ipmi_bt_get_backend_data(IPMIInterface *ii)
+{
+ ISAIPMIBTDevice *iib = ISA_IPMI_BT(ii);
+
+ return &iib->bt;
+}
+
+static Property ipmi_isa_properties[] = {
+ DEFINE_PROP_UINT32("ioport", ISAIPMIBTDevice, bt.io_base, 0xe4),
+ DEFINE_PROP_INT32("irq", ISAIPMIBTDevice, isairq, 5),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void isa_ipmi_bt_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_CLASS(oc);
+ AcpiDevAmlIfClass *adevc = ACPI_DEV_AML_IF_CLASS(oc);
+
+ dc->realize = isa_ipmi_bt_realize;
+ device_class_set_props(dc, ipmi_isa_properties);
+
+ iic->get_backend_data = isa_ipmi_bt_get_backend_data;
+ ipmi_bt_class_init(iic);
+ iic->get_fwinfo = isa_ipmi_bt_get_fwinfo;
+ adevc->build_dev_aml = build_ipmi_dev_aml;
+}
+
+static const TypeInfo isa_ipmi_bt_info = {
+ .name = TYPE_ISA_IPMI_BT,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(ISAIPMIBTDevice),
+ .instance_init = isa_ipmi_bt_init,
+ .class_init = isa_ipmi_bt_class_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_IPMI_INTERFACE },
+ { TYPE_ACPI_DEV_AML_IF },
+ { }
+ }
+};
+
+static void ipmi_register_types(void)
+{
+ type_register_static(&isa_ipmi_bt_info);
+}
+
+type_init(ipmi_register_types)
diff --git a/hw/ipmi/isa_ipmi_kcs.c b/hw/ipmi/isa_ipmi_kcs.c
new file mode 100644
index 00000000..b2ed70b9
--- /dev/null
+++ b/hw/ipmi/isa_ipmi_kcs.c
@@ -0,0 +1,184 @@
+/*
+ * QEMU ISA IPMI KCS emulation
+ *
+ * Copyright (c) 2015,2017 Corey Minyard, MontaVista Software, LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/module.h"
+#include "qapi/error.h"
+#include "hw/irq.h"
+#include "hw/ipmi/ipmi_kcs.h"
+#include "hw/isa/isa.h"
+#include "hw/qdev-properties.h"
+#include "migration/vmstate.h"
+#include "qom/object.h"
+#include "hw/acpi/ipmi.h"
+
+#define TYPE_ISA_IPMI_KCS "isa-ipmi-kcs"
+OBJECT_DECLARE_SIMPLE_TYPE(ISAIPMIKCSDevice, ISA_IPMI_KCS)
+
+struct ISAIPMIKCSDevice {
+ ISADevice dev;
+ int32_t isairq;
+ qemu_irq irq;
+ IPMIKCS kcs;
+ uint32_t uuid;
+};
+
+static void isa_ipmi_kcs_get_fwinfo(IPMIInterface *ii, IPMIFwInfo *info)
+{
+ ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(ii);
+
+ ipmi_kcs_get_fwinfo(&iik->kcs, info);
+ info->interrupt_number = iik->isairq;
+ info->uuid = iik->uuid;
+}
+
+static void isa_ipmi_kcs_raise_irq(IPMIKCS *ik)
+{
+ ISAIPMIKCSDevice *iik = ik->opaque;
+
+ qemu_irq_raise(iik->irq);
+}
+
+static void isa_ipmi_kcs_lower_irq(IPMIKCS *ik)
+{
+ ISAIPMIKCSDevice *iik = ik->opaque;
+
+ qemu_irq_lower(iik->irq);
+}
+
+static void ipmi_isa_realize(DeviceState *dev, Error **errp)
+{
+ Error *err = NULL;
+ ISADevice *isadev = ISA_DEVICE(dev);
+ ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(dev);
+ IPMIInterface *ii = IPMI_INTERFACE(dev);
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+
+ if (!iik->kcs.bmc) {
+ error_setg(errp, "IPMI device requires a bmc attribute to be set");
+ return;
+ }
+
+ iik->uuid = ipmi_next_uuid();
+
+ iik->kcs.bmc->intf = ii;
+ iik->kcs.opaque = iik;
+
+ iic->init(ii, 0, &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+
+ if (iik->isairq > 0) {
+ iik->irq = isa_get_irq(isadev, iik->isairq);
+ iik->kcs.use_irq = 1;
+ iik->kcs.raise_irq = isa_ipmi_kcs_raise_irq;
+ iik->kcs.lower_irq = isa_ipmi_kcs_lower_irq;
+ }
+
+ qdev_set_legacy_instance_id(dev, iik->kcs.io_base, iik->kcs.io_length);
+
+ isa_register_ioport(isadev, &iik->kcs.io, iik->kcs.io_base);
+}
+
+static bool vmstate_kcs_before_version2(void *opaque, int version)
+{
+ return version <= 1;
+}
+
+static const VMStateDescription vmstate_ISAIPMIKCSDevice = {
+ .name = TYPE_IPMI_INTERFACE,
+ .version_id = 2,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_VSTRUCT_TEST(kcs, ISAIPMIKCSDevice, vmstate_kcs_before_version2,
+ 0, vmstate_IPMIKCS, IPMIKCS, 1),
+ VMSTATE_VSTRUCT_V(kcs, ISAIPMIKCSDevice, 2, vmstate_IPMIKCS,
+ IPMIKCS, 2),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void isa_ipmi_kcs_init(Object *obj)
+{
+ ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(obj);
+
+ ipmi_bmc_find_and_link(obj, (Object **) &iik->kcs.bmc);
+
+ /*
+ * Version 1 had an incorrect name, it clashed with the BT
+ * IPMI device, so receive it, but transmit a different
+ * version.
+ */
+ vmstate_register(NULL, 0, &vmstate_ISAIPMIKCSDevice, iik);
+}
+
+static void *isa_ipmi_kcs_get_backend_data(IPMIInterface *ii)
+{
+ ISAIPMIKCSDevice *iik = ISA_IPMI_KCS(ii);
+
+ return &iik->kcs;
+}
+
+static Property ipmi_isa_properties[] = {
+ DEFINE_PROP_UINT32("ioport", ISAIPMIKCSDevice, kcs.io_base, 0xca2),
+ DEFINE_PROP_INT32("irq", ISAIPMIKCSDevice, isairq, 5),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void isa_ipmi_kcs_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_CLASS(oc);
+ AcpiDevAmlIfClass *adevc = ACPI_DEV_AML_IF_CLASS(oc);
+
+ dc->realize = ipmi_isa_realize;
+ device_class_set_props(dc, ipmi_isa_properties);
+
+ iic->get_backend_data = isa_ipmi_kcs_get_backend_data;
+ ipmi_kcs_class_init(iic);
+ iic->get_fwinfo = isa_ipmi_kcs_get_fwinfo;
+ adevc->build_dev_aml = build_ipmi_dev_aml;
+}
+
+static const TypeInfo isa_ipmi_kcs_info = {
+ .name = TYPE_ISA_IPMI_KCS,
+ .parent = TYPE_ISA_DEVICE,
+ .instance_size = sizeof(ISAIPMIKCSDevice),
+ .instance_init = isa_ipmi_kcs_init,
+ .class_init = isa_ipmi_kcs_class_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_IPMI_INTERFACE },
+ { TYPE_ACPI_DEV_AML_IF },
+ { }
+ }
+};
+
+static void ipmi_register_types(void)
+{
+ type_register_static(&isa_ipmi_kcs_info);
+}
+
+type_init(ipmi_register_types)
diff --git a/hw/ipmi/meson.build b/hw/ipmi/meson.build
new file mode 100644
index 00000000..9622ea2a
--- /dev/null
+++ b/hw/ipmi/meson.build
@@ -0,0 +1,11 @@
+ipmi_ss = ss.source_set()
+ipmi_ss.add(when: 'CONFIG_IPMI', if_true: files('ipmi.c', 'ipmi_kcs.c', 'ipmi_bt.c'))
+ipmi_ss.add(when: 'CONFIG_IPMI_LOCAL', if_true: files('ipmi_bmc_sim.c'))
+ipmi_ss.add(when: 'CONFIG_IPMI_EXTERN', if_true: files('ipmi_bmc_extern.c'))
+ipmi_ss.add(when: 'CONFIG_ISA_IPMI_KCS', if_true: files('isa_ipmi_kcs.c'))
+ipmi_ss.add(when: 'CONFIG_PCI_IPMI_KCS', if_true: files('pci_ipmi_kcs.c'))
+ipmi_ss.add(when: 'CONFIG_ISA_IPMI_BT', if_true: files('isa_ipmi_bt.c'))
+ipmi_ss.add(when: 'CONFIG_PCI_IPMI_BT', if_true: files('pci_ipmi_bt.c'))
+ipmi_ss.add(when: 'CONFIG_IPMI_SSIF', if_true: files('smbus_ipmi.c'))
+
+softmmu_ss.add_all(when: 'CONFIG_IPMI', if_true: ipmi_ss)
diff --git a/hw/ipmi/pci_ipmi_bt.c b/hw/ipmi/pci_ipmi_bt.c
new file mode 100644
index 00000000..b6e52730
--- /dev/null
+++ b/hw/ipmi/pci_ipmi_bt.c
@@ -0,0 +1,148 @@
+/*
+ * QEMU PCI IPMI BT emulation
+ *
+ * Copyright (c) 2017 Corey Minyard, MontaVista Software, LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "migration/vmstate.h"
+#include "qapi/error.h"
+#include "hw/ipmi/ipmi_bt.h"
+#include "hw/pci/pci.h"
+#include "qom/object.h"
+
+#define TYPE_PCI_IPMI_BT "pci-ipmi-bt"
+OBJECT_DECLARE_SIMPLE_TYPE(PCIIPMIBTDevice, PCI_IPMI_BT)
+
+struct PCIIPMIBTDevice {
+ PCIDevice dev;
+ IPMIBT bt;
+ bool irq_enabled;
+ uint32_t uuid;
+};
+
+static void pci_ipmi_raise_irq(IPMIBT *ik)
+{
+ PCIIPMIBTDevice *pik = ik->opaque;
+
+ pci_set_irq(&pik->dev, true);
+}
+
+static void pci_ipmi_lower_irq(IPMIBT *ik)
+{
+ PCIIPMIBTDevice *pik = ik->opaque;
+
+ pci_set_irq(&pik->dev, false);
+}
+
+static void pci_ipmi_bt_realize(PCIDevice *pd, Error **errp)
+{
+ Error *err = NULL;
+ PCIIPMIBTDevice *pik = PCI_IPMI_BT(pd);
+ IPMIInterface *ii = IPMI_INTERFACE(pd);
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+
+ if (!pik->bt.bmc) {
+ error_setg(errp, "IPMI device requires a bmc attribute to be set");
+ return;
+ }
+
+ pik->uuid = ipmi_next_uuid();
+
+ pik->bt.bmc->intf = ii;
+ pik->bt.opaque = pik;
+
+ pci_config_set_prog_interface(pd->config, 0x02); /* BT */
+ pci_config_set_interrupt_pin(pd->config, 0x01);
+ pik->bt.use_irq = 1;
+ pik->bt.raise_irq = pci_ipmi_raise_irq;
+ pik->bt.lower_irq = pci_ipmi_lower_irq;
+
+ iic->init(ii, 8, &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+ pci_register_bar(pd, 0, PCI_BASE_ADDRESS_SPACE_IO, &pik->bt.io);
+}
+
+const VMStateDescription vmstate_PCIIPMIBTDevice = {
+ .name = TYPE_IPMI_INTERFACE_PREFIX "pci-bt",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(dev, PCIIPMIBTDevice),
+ VMSTATE_STRUCT(bt, PCIIPMIBTDevice, 1, vmstate_IPMIBT, IPMIBT),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void pci_ipmi_bt_instance_init(Object *obj)
+{
+ PCIIPMIBTDevice *pik = PCI_IPMI_BT(obj);
+
+ ipmi_bmc_find_and_link(obj, (Object **) &pik->bt.bmc);
+}
+
+static void *pci_ipmi_bt_get_backend_data(IPMIInterface *ii)
+{
+ PCIIPMIBTDevice *pik = PCI_IPMI_BT(ii);
+
+ return &pik->bt;
+}
+
+static void pci_ipmi_bt_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ PCIDeviceClass *pdc = PCI_DEVICE_CLASS(oc);
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_CLASS(oc);
+
+ pdc->vendor_id = PCI_VENDOR_ID_QEMU;
+ pdc->device_id = PCI_DEVICE_ID_QEMU_IPMI;
+ pdc->revision = 1;
+ pdc->class_id = PCI_CLASS_SERIAL_IPMI;
+
+ dc->vmsd = &vmstate_PCIIPMIBTDevice;
+ dc->desc = "PCI IPMI BT";
+ pdc->realize = pci_ipmi_bt_realize;
+
+ iic->get_backend_data = pci_ipmi_bt_get_backend_data;
+ ipmi_bt_class_init(iic);
+}
+
+static const TypeInfo pci_ipmi_bt_info = {
+ .name = TYPE_PCI_IPMI_BT,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIIPMIBTDevice),
+ .instance_init = pci_ipmi_bt_instance_init,
+ .class_init = pci_ipmi_bt_class_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_IPMI_INTERFACE },
+ { INTERFACE_CONVENTIONAL_PCI_DEVICE },
+ { }
+ }
+};
+
+static void pci_ipmi_bt_register_types(void)
+{
+ type_register_static(&pci_ipmi_bt_info);
+}
+
+type_init(pci_ipmi_bt_register_types)
diff --git a/hw/ipmi/pci_ipmi_kcs.c b/hw/ipmi/pci_ipmi_kcs.c
new file mode 100644
index 00000000..de134188
--- /dev/null
+++ b/hw/ipmi/pci_ipmi_kcs.c
@@ -0,0 +1,148 @@
+/*
+ * QEMU PCI IPMI KCS emulation
+ *
+ * Copyright (c) 2017 Corey Minyard, MontaVista Software, LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "migration/vmstate.h"
+#include "qapi/error.h"
+#include "hw/ipmi/ipmi_kcs.h"
+#include "hw/pci/pci.h"
+#include "qom/object.h"
+
+#define TYPE_PCI_IPMI_KCS "pci-ipmi-kcs"
+OBJECT_DECLARE_SIMPLE_TYPE(PCIIPMIKCSDevice, PCI_IPMI_KCS)
+
+struct PCIIPMIKCSDevice {
+ PCIDevice dev;
+ IPMIKCS kcs;
+ bool irq_enabled;
+ uint32_t uuid;
+};
+
+static void pci_ipmi_raise_irq(IPMIKCS *ik)
+{
+ PCIIPMIKCSDevice *pik = ik->opaque;
+
+ pci_set_irq(&pik->dev, true);
+}
+
+static void pci_ipmi_lower_irq(IPMIKCS *ik)
+{
+ PCIIPMIKCSDevice *pik = ik->opaque;
+
+ pci_set_irq(&pik->dev, false);
+}
+
+static void pci_ipmi_kcs_realize(PCIDevice *pd, Error **errp)
+{
+ Error *err = NULL;
+ PCIIPMIKCSDevice *pik = PCI_IPMI_KCS(pd);
+ IPMIInterface *ii = IPMI_INTERFACE(pd);
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_GET_CLASS(ii);
+
+ if (!pik->kcs.bmc) {
+ error_setg(errp, "IPMI device requires a bmc attribute to be set");
+ return;
+ }
+
+ pik->uuid = ipmi_next_uuid();
+
+ pik->kcs.bmc->intf = ii;
+ pik->kcs.opaque = pik;
+
+ pci_config_set_prog_interface(pd->config, 0x01); /* KCS */
+ pci_config_set_interrupt_pin(pd->config, 0x01);
+ pik->kcs.use_irq = 1;
+ pik->kcs.raise_irq = pci_ipmi_raise_irq;
+ pik->kcs.lower_irq = pci_ipmi_lower_irq;
+
+ iic->init(ii, 8, &err);
+ if (err) {
+ error_propagate(errp, err);
+ return;
+ }
+ pci_register_bar(pd, 0, PCI_BASE_ADDRESS_SPACE_IO, &pik->kcs.io);
+}
+
+const VMStateDescription vmstate_PCIIPMIKCSDevice = {
+ .name = TYPE_IPMI_INTERFACE_PREFIX "pci-kcs",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_PCI_DEVICE(dev, PCIIPMIKCSDevice),
+ VMSTATE_STRUCT(kcs, PCIIPMIKCSDevice, 1, vmstate_IPMIKCS, IPMIKCS),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void pci_ipmi_kcs_instance_init(Object *obj)
+{
+ PCIIPMIKCSDevice *pik = PCI_IPMI_KCS(obj);
+
+ ipmi_bmc_find_and_link(obj, (Object **) &pik->kcs.bmc);
+}
+
+static void *pci_ipmi_kcs_get_backend_data(IPMIInterface *ii)
+{
+ PCIIPMIKCSDevice *pik = PCI_IPMI_KCS(ii);
+
+ return &pik->kcs;
+}
+
+static void pci_ipmi_kcs_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ PCIDeviceClass *pdc = PCI_DEVICE_CLASS(oc);
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_CLASS(oc);
+
+ pdc->vendor_id = PCI_VENDOR_ID_QEMU;
+ pdc->device_id = PCI_DEVICE_ID_QEMU_IPMI;
+ pdc->revision = 1;
+ pdc->class_id = PCI_CLASS_SERIAL_IPMI;
+
+ dc->vmsd = &vmstate_PCIIPMIKCSDevice;
+ dc->desc = "PCI IPMI KCS";
+ pdc->realize = pci_ipmi_kcs_realize;
+
+ iic->get_backend_data = pci_ipmi_kcs_get_backend_data;
+ ipmi_kcs_class_init(iic);
+}
+
+static const TypeInfo pci_ipmi_kcs_info = {
+ .name = TYPE_PCI_IPMI_KCS,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(PCIIPMIKCSDevice),
+ .instance_init = pci_ipmi_kcs_instance_init,
+ .class_init = pci_ipmi_kcs_class_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_IPMI_INTERFACE },
+ { INTERFACE_CONVENTIONAL_PCI_DEVICE },
+ { }
+ }
+};
+
+static void pci_ipmi_kcs_register_types(void)
+{
+ type_register_static(&pci_ipmi_kcs_info);
+}
+
+type_init(pci_ipmi_kcs_register_types)
diff --git a/hw/ipmi/smbus_ipmi.c b/hw/ipmi/smbus_ipmi.c
new file mode 100644
index 00000000..d0991ab7
--- /dev/null
+++ b/hw/ipmi/smbus_ipmi.c
@@ -0,0 +1,391 @@
+/*
+ * QEMU IPMI SMBus (SSIF) emulation
+ *
+ * Copyright (c) 2015,2016 Corey Minyard, MontaVista Software, LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "migration/vmstate.h"
+#include "hw/i2c/smbus_slave.h"
+#include "qapi/error.h"
+#include "qemu/error-report.h"
+#include "hw/ipmi/ipmi.h"
+#include "qom/object.h"
+#include "hw/acpi/ipmi.h"
+
+#define TYPE_SMBUS_IPMI "smbus-ipmi"
+OBJECT_DECLARE_SIMPLE_TYPE(SMBusIPMIDevice, SMBUS_IPMI)
+
+#define SSIF_IPMI_REQUEST 2
+#define SSIF_IPMI_MULTI_PART_REQUEST_START 6
+#define SSIF_IPMI_MULTI_PART_REQUEST_MIDDLE 7
+#define SSIF_IPMI_MULTI_PART_REQUEST_END 8
+#define SSIF_IPMI_RESPONSE 3
+#define SSIF_IPMI_MULTI_PART_RESPONSE_MIDDLE 9
+#define SSIF_IPMI_MULTI_PART_RETRY 0xa
+
+#define MAX_SSIF_IPMI_MSG_SIZE 255
+#define MAX_SSIF_IPMI_MSG_CHUNK 32
+
+#define IPMI_GET_SYS_INTF_CAP_CMD 0x57
+
+struct SMBusIPMIDevice {
+ SMBusDevice parent;
+
+ IPMIBmc *bmc;
+
+ uint8_t outmsg[MAX_SSIF_IPMI_MSG_SIZE];
+ uint32_t outlen;
+ uint32_t currblk;
+
+ /* Holds the SMBUS message currently being sent to the host. */
+ uint8_t outbuf[MAX_SSIF_IPMI_MSG_CHUNK + 1]; /* len + message. */
+ uint32_t outpos;
+
+ uint8_t inmsg[MAX_SSIF_IPMI_MSG_SIZE];
+ uint32_t inlen;
+
+ /*
+ * This is a response number that we send with the command to make
+ * sure that the response matches the command.
+ */
+ uint8_t waiting_rsp;
+
+ uint32_t uuid;
+};
+
+static void smbus_ipmi_handle_event(IPMIInterface *ii)
+{
+ /* No interrupts, so nothing to do here. */
+}
+
+static void smbus_ipmi_handle_rsp(IPMIInterface *ii, uint8_t msg_id,
+ unsigned char *rsp, unsigned int rsp_len)
+{
+ SMBusIPMIDevice *sid = SMBUS_IPMI(ii);
+
+ if (sid->waiting_rsp == msg_id) {
+ sid->waiting_rsp++;
+
+ if (rsp_len > MAX_SSIF_IPMI_MSG_SIZE) {
+ rsp[2] = IPMI_CC_REQUEST_DATA_TRUNCATED;
+ rsp_len = MAX_SSIF_IPMI_MSG_SIZE;
+ }
+ memcpy(sid->outmsg, rsp, rsp_len);
+ sid->outlen = rsp_len;
+ sid->outpos = 0;
+ sid->currblk = 0;
+ }
+}
+
+static void smbus_ipmi_set_atn(IPMIInterface *ii, int val, int irq)
+{
+ /* This is where PEC would go. */
+}
+
+static void smbus_ipmi_set_irq_enable(IPMIInterface *ii, int val)
+{
+}
+
+static void smbus_ipmi_send_msg(SMBusIPMIDevice *sid)
+{
+ uint8_t *msg = sid->inmsg;
+ uint32_t len = sid->inlen;
+ IPMIBmcClass *bk = IPMI_BMC_GET_CLASS(sid->bmc);
+
+ sid->outlen = 0;
+ sid->outpos = 0;
+ sid->currblk = 0;
+
+ if (msg[0] == (IPMI_NETFN_APP << 2) && msg[1] == IPMI_GET_SYS_INTF_CAP_CMD)
+ {
+ /* We handle this ourself. */
+ sid->outmsg[0] = (IPMI_NETFN_APP + 1) << 2;
+ sid->outmsg[1] = msg[1];
+ if (len < 3) {
+ sid->outmsg[2] = IPMI_CC_REQUEST_DATA_LENGTH_INVALID;
+ sid->outlen = 3;
+ } else if ((msg[2] & 0x0f) != 0) {
+ sid->outmsg[2] = IPMI_CC_INVALID_DATA_FIELD;
+ sid->outlen = 3;
+ } else {
+ sid->outmsg[2] = 0;
+ sid->outmsg[3] = 0;
+ sid->outmsg[4] = (2 << 6); /* Multi-part supported. */
+ sid->outmsg[5] = MAX_SSIF_IPMI_MSG_SIZE;
+ sid->outmsg[6] = MAX_SSIF_IPMI_MSG_SIZE;
+ sid->outlen = 7;
+ }
+ return;
+ }
+
+ bk->handle_command(sid->bmc, sid->inmsg, sid->inlen, sizeof(sid->inmsg),
+ sid->waiting_rsp);
+}
+
+static uint8_t ipmi_receive_byte(SMBusDevice *dev)
+{
+ SMBusIPMIDevice *sid = SMBUS_IPMI(dev);
+
+ if (sid->outpos >= sizeof(sid->outbuf)) {
+ return 0xff;
+ }
+
+ return sid->outbuf[sid->outpos++];
+}
+
+static int ipmi_load_readbuf(SMBusIPMIDevice *sid)
+{
+ unsigned int block = sid->currblk, pos, len;
+
+ if (sid->outlen == 0) {
+ return -1;
+ }
+
+ if (sid->outlen <= 32) {
+ if (block != 0) {
+ return -1;
+ }
+ sid->outbuf[0] = sid->outlen;
+ memcpy(sid->outbuf + 1, sid->outmsg, sid->outlen);
+ sid->outpos = 0;
+ return 0;
+ }
+
+ if (block == 0) {
+ sid->outbuf[0] = 32;
+ sid->outbuf[1] = 0;
+ sid->outbuf[2] = 1;
+ memcpy(sid->outbuf + 3, sid->outmsg, 30);
+ sid->outpos = 0;
+ return 0;
+ }
+
+ /*
+ * Calculate the position in outmsg. 30 for the first block, 31
+ * for the rest of the blocks.
+ */
+ pos = 30 + (block - 1) * 31;
+
+ if (pos >= sid->outlen) {
+ return -1;
+ }
+
+ len = sid->outlen - pos;
+ if (len > 31) {
+ /* More chunks after this. */
+ len = 31;
+ /* Blocks start at 0 for the first middle transaction. */
+ sid->outbuf[1] = block - 1;
+ } else {
+ sid->outbuf[1] = 0xff; /* End of message marker. */
+ }
+
+ sid->outbuf[0] = len + 1;
+ memcpy(sid->outbuf + 2, sid->outmsg + pos, len);
+ sid->outpos = 0;
+ return 0;
+}
+
+static int ipmi_write_data(SMBusDevice *dev, uint8_t *buf, uint8_t len)
+{
+ SMBusIPMIDevice *sid = SMBUS_IPMI(dev);
+ bool send = false;
+ uint8_t cmd;
+ int ret = 0;
+
+ /* length is guaranteed to be >= 1. */
+ cmd = *buf++;
+ len--;
+
+ /* Handle read request, which don't have any data in the write part. */
+ switch (cmd) {
+ case SSIF_IPMI_RESPONSE:
+ sid->currblk = 0;
+ ret = ipmi_load_readbuf(sid);
+ break;
+
+ case SSIF_IPMI_MULTI_PART_RESPONSE_MIDDLE:
+ sid->currblk++;
+ ret = ipmi_load_readbuf(sid);
+ break;
+
+ case SSIF_IPMI_MULTI_PART_RETRY:
+ if (len >= 1) {
+ sid->currblk = buf[0];
+ ret = ipmi_load_readbuf(sid);
+ } else {
+ ret = -1;
+ }
+ break;
+
+ default:
+ break;
+ }
+
+ /* This should be a message write, make the length is there and correct. */
+ if (len >= 1) {
+ if (*buf != len - 1 || *buf > MAX_SSIF_IPMI_MSG_CHUNK) {
+ return -1; /* Bogus message */
+ }
+ buf++;
+ len--;
+ }
+
+ switch (cmd) {
+ case SSIF_IPMI_REQUEST:
+ send = true;
+ /* FALLTHRU */
+ case SSIF_IPMI_MULTI_PART_REQUEST_START:
+ if (len < 2) {
+ return -1; /* Bogus. */
+ }
+ memcpy(sid->inmsg, buf, len);
+ sid->inlen = len;
+ break;
+
+ case SSIF_IPMI_MULTI_PART_REQUEST_END:
+ send = true;
+ /* FALLTHRU */
+ case SSIF_IPMI_MULTI_PART_REQUEST_MIDDLE:
+ if (!sid->inlen) {
+ return -1; /* Bogus. */
+ }
+ if (sid->inlen + len > MAX_SSIF_IPMI_MSG_SIZE) {
+ sid->inlen = 0; /* Discard the message. */
+ return -1; /* Bogus. */
+ }
+ if (len < 32) {
+ /*
+ * Special hack, a multi-part middle that is less than 32 bytes
+ * marks the end of a message. The specification is fairly
+ * confusing, so some systems to this, even sending a zero
+ * length end message to mark the end.
+ */
+ send = true;
+ }
+ if (len > 0) {
+ memcpy(sid->inmsg + sid->inlen, buf, len);
+ }
+ sid->inlen += len;
+ break;
+ }
+
+ if (send && sid->inlen) {
+ smbus_ipmi_send_msg(sid);
+ }
+
+ return ret;
+}
+
+static const VMStateDescription vmstate_smbus_ipmi = {
+ .name = TYPE_SMBUS_IPMI,
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_SMBUS_DEVICE(parent, SMBusIPMIDevice),
+ VMSTATE_UINT8(waiting_rsp, SMBusIPMIDevice),
+ VMSTATE_UINT32(outlen, SMBusIPMIDevice),
+ VMSTATE_UINT32(currblk, SMBusIPMIDevice),
+ VMSTATE_UINT8_ARRAY(outmsg, SMBusIPMIDevice, MAX_SSIF_IPMI_MSG_SIZE),
+ VMSTATE_UINT32(outpos, SMBusIPMIDevice),
+ VMSTATE_UINT8_ARRAY(outbuf, SMBusIPMIDevice,
+ MAX_SSIF_IPMI_MSG_CHUNK + 1),
+ VMSTATE_UINT32(inlen, SMBusIPMIDevice),
+ VMSTATE_UINT8_ARRAY(inmsg, SMBusIPMIDevice, MAX_SSIF_IPMI_MSG_SIZE),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
+static void smbus_ipmi_realize(DeviceState *dev, Error **errp)
+{
+ SMBusIPMIDevice *sid = SMBUS_IPMI(dev);
+ IPMIInterface *ii = IPMI_INTERFACE(dev);
+
+ if (!sid->bmc) {
+ error_setg(errp, "IPMI device requires a bmc attribute to be set");
+ return;
+ }
+
+ sid->uuid = ipmi_next_uuid();
+
+ sid->bmc->intf = ii;
+}
+
+static void smbus_ipmi_init(Object *obj)
+{
+ SMBusIPMIDevice *sid = SMBUS_IPMI(obj);
+
+ ipmi_bmc_find_and_link(obj, (Object **) &sid->bmc);
+}
+
+static void smbus_ipmi_get_fwinfo(struct IPMIInterface *ii, IPMIFwInfo *info)
+{
+ SMBusIPMIDevice *sid = SMBUS_IPMI(ii);
+
+ info->interface_name = "smbus";
+ info->interface_type = IPMI_SMBIOS_SSIF;
+ info->ipmi_spec_major_revision = 2;
+ info->ipmi_spec_minor_revision = 0;
+ info->i2c_slave_address = sid->bmc->slave_addr;
+ info->base_address = sid->parent.i2c.address;
+ info->memspace = IPMI_MEMSPACE_SMBUS;
+ info->register_spacing = 1;
+ info->uuid = sid->uuid;
+}
+
+static void smbus_ipmi_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ IPMIInterfaceClass *iic = IPMI_INTERFACE_CLASS(oc);
+ SMBusDeviceClass *sc = SMBUS_DEVICE_CLASS(oc);
+ AcpiDevAmlIfClass *adevc = ACPI_DEV_AML_IF_CLASS(oc);
+
+ sc->receive_byte = ipmi_receive_byte;
+ sc->write_data = ipmi_write_data;
+ dc->vmsd = &vmstate_smbus_ipmi;
+ dc->realize = smbus_ipmi_realize;
+ iic->set_atn = smbus_ipmi_set_atn;
+ iic->handle_rsp = smbus_ipmi_handle_rsp;
+ iic->handle_if_event = smbus_ipmi_handle_event;
+ iic->set_irq_enable = smbus_ipmi_set_irq_enable;
+ iic->get_fwinfo = smbus_ipmi_get_fwinfo;
+ adevc->build_dev_aml = build_ipmi_dev_aml;
+}
+
+static const TypeInfo smbus_ipmi_info = {
+ .name = TYPE_SMBUS_IPMI,
+ .parent = TYPE_SMBUS_DEVICE,
+ .instance_size = sizeof(SMBusIPMIDevice),
+ .instance_init = smbus_ipmi_init,
+ .class_init = smbus_ipmi_class_init,
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_IPMI_INTERFACE },
+ { TYPE_ACPI_DEV_AML_IF },
+ { }
+ }
+};
+
+static void smbus_ipmi_register_types(void)
+{
+ type_register_static(&smbus_ipmi_info);
+}
+
+type_init(smbus_ipmi_register_types)
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-28 18:02:33 +0000