diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak index 7435764869..3f01ed1583 100644 --- a/default-configs/i386-softmmu.mak +++ b/default-configs/i386-softmmu.mak @@ -10,6 +10,7 @@ CONFIG_VMWARE_VGA=y CONFIG_VIRTIO_VGA=y CONFIG_VMMOUSE=y CONFIG_IPMI=y +CONFIG_IPMI_LOCAL=y CONFIG_SERIAL=y CONFIG_PARALLEL=y CONFIG_I8254=y diff --git a/default-configs/x86_64-softmmu.mak b/default-configs/x86_64-softmmu.mak index df9d817996..40685e4aa8 100644 --- a/default-configs/x86_64-softmmu.mak +++ b/default-configs/x86_64-softmmu.mak @@ -10,6 +10,7 @@ CONFIG_VMWARE_VGA=y CONFIG_VIRTIO_VGA=y CONFIG_VMMOUSE=y CONFIG_IPMI=y +CONFIG_IPMI_LOCAL=y CONFIG_SERIAL=y CONFIG_PARALLEL=y CONFIG_I8254=y diff --git a/hw/ipmi/Makefile.objs b/hw/ipmi/Makefile.objs index 65bde11dd0..875271ca56 100644 --- a/hw/ipmi/Makefile.objs +++ b/hw/ipmi/Makefile.objs @@ -1 +1,2 @@ common-obj-$(CONFIG_IPMI) += ipmi.o +common-obj-$(CONFIG_IPMI_LOCAL) += ipmi_bmc_sim.o diff --git a/hw/ipmi/ipmi_bmc_sim.c b/hw/ipmi/ipmi_bmc_sim.c new file mode 100644 index 0000000000..af01e1a813 --- /dev/null +++ b/hw/ipmi/ipmi_bmc_sim.c @@ -0,0 +1,1726 @@ +/* + * IPMI BMC emulation + * + * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include +#include +#include +#include "qemu/timer.h" +#include "hw/ipmi/ipmi.h" +#include "qemu/error-report.h" + +#define IPMI_NETFN_CHASSIS 0x00 +#define IPMI_NETFN_CHASSIS_MAXCMD 0x03 + +#define IPMI_CMD_GET_CHASSIS_CAPABILITIES 0x00 +#define IPMI_CMD_GET_CHASSIS_STATUS 0x01 +#define IPMI_CMD_CHASSIS_CONTROL 0x02 + +#define IPMI_NETFN_SENSOR_EVENT 0x04 +#define IPMI_NETFN_SENSOR_EVENT_MAXCMD 0x2e + +#define IPMI_CMD_SET_SENSOR_EVT_ENABLE 0x28 +#define IPMI_CMD_GET_SENSOR_EVT_ENABLE 0x29 +#define IPMI_CMD_REARM_SENSOR_EVTS 0x2a +#define IPMI_CMD_GET_SENSOR_EVT_STATUS 0x2b +#define IPMI_CMD_GET_SENSOR_READING 0x2d + +/* #define IPMI_NETFN_APP 0x06 In ipmi.h */ +#define IPMI_NETFN_APP_MAXCMD 0x36 + +#define IPMI_CMD_GET_DEVICE_ID 0x01 +#define IPMI_CMD_COLD_RESET 0x02 +#define IPMI_CMD_WARM_RESET 0x03 +#define IPMI_CMD_RESET_WATCHDOG_TIMER 0x22 +#define IPMI_CMD_SET_WATCHDOG_TIMER 0x24 +#define IPMI_CMD_GET_WATCHDOG_TIMER 0x25 +#define IPMI_CMD_SET_BMC_GLOBAL_ENABLES 0x2e +#define IPMI_CMD_GET_BMC_GLOBAL_ENABLES 0x2f +#define IPMI_CMD_CLR_MSG_FLAGS 0x30 +#define IPMI_CMD_GET_MSG_FLAGS 0x31 +#define IPMI_CMD_GET_MSG 0x33 +#define IPMI_CMD_SEND_MSG 0x34 +#define IPMI_CMD_READ_EVT_MSG_BUF 0x35 + +#define IPMI_NETFN_STORAGE 0x0a +#define IPMI_NETFN_STORAGE_MAXCMD 0x4a + +#define IPMI_CMD_GET_SDR_REP_INFO 0x20 +#define IPMI_CMD_GET_SDR_REP_ALLOC_INFO 0x21 +#define IPMI_CMD_RESERVE_SDR_REP 0x22 +#define IPMI_CMD_GET_SDR 0x23 +#define IPMI_CMD_ADD_SDR 0x24 +#define IPMI_CMD_PARTIAL_ADD_SDR 0x25 +#define IPMI_CMD_DELETE_SDR 0x26 +#define IPMI_CMD_CLEAR_SDR_REP 0x27 +#define IPMI_CMD_GET_SDR_REP_TIME 0x28 +#define IPMI_CMD_SET_SDR_REP_TIME 0x29 +#define IPMI_CMD_ENTER_SDR_REP_UPD_MODE 0x2A +#define IPMI_CMD_EXIT_SDR_REP_UPD_MODE 0x2B +#define IPMI_CMD_RUN_INIT_AGENT 0x2C +#define IPMI_CMD_GET_SEL_INFO 0x40 +#define IPMI_CMD_GET_SEL_ALLOC_INFO 0x41 +#define IPMI_CMD_RESERVE_SEL 0x42 +#define IPMI_CMD_GET_SEL_ENTRY 0x43 +#define IPMI_CMD_ADD_SEL_ENTRY 0x44 +#define IPMI_CMD_PARTIAL_ADD_SEL_ENTRY 0x45 +#define IPMI_CMD_DELETE_SEL_ENTRY 0x46 +#define IPMI_CMD_CLEAR_SEL 0x47 +#define IPMI_CMD_GET_SEL_TIME 0x48 +#define IPMI_CMD_SET_SEL_TIME 0x49 + + +/* Same as a timespec struct. */ +struct ipmi_time { + long tv_sec; + long tv_nsec; +}; + +#define MAX_SEL_SIZE 128 + +typedef struct IPMISel { + uint8_t sel[MAX_SEL_SIZE][16]; + unsigned int next_free; + long time_offset; + uint16_t reservation; + uint8_t last_addition[4]; + uint8_t last_clear[4]; + uint8_t overflow; +} IPMISel; + +#define MAX_SDR_SIZE 16384 + +typedef struct IPMISdr { + uint8_t sdr[MAX_SDR_SIZE]; + unsigned int next_free; + uint16_t next_rec_id; + uint16_t reservation; + uint8_t last_addition[4]; + uint8_t last_clear[4]; + uint8_t overflow; +} IPMISdr; + +typedef struct IPMISensor { + uint8_t status; + uint8_t reading; + uint16_t states_suppt; + uint16_t assert_suppt; + uint16_t deassert_suppt; + uint16_t states; + uint16_t assert_states; + uint16_t deassert_states; + uint16_t assert_enable; + uint16_t deassert_enable; + uint8_t sensor_type; + uint8_t evt_reading_type_code; +} IPMISensor; +#define IPMI_SENSOR_GET_PRESENT(s) ((s)->status & 0x01) +#define IPMI_SENSOR_SET_PRESENT(s, v) ((s)->status = (s->status & ~0x01) | \ + !!(v)) +#define IPMI_SENSOR_GET_SCAN_ON(s) ((s)->status & 0x40) +#define IPMI_SENSOR_SET_SCAN_ON(s, v) ((s)->status = (s->status & ~0x40) | \ + ((!!(v)) << 6)) +#define IPMI_SENSOR_GET_EVENTS_ON(s) ((s)->status & 0x80) +#define IPMI_SENSOR_SET_EVENTS_ON(s, v) ((s)->status = (s->status & ~0x80) | \ + ((!!(v)) << 7)) +#define IPMI_SENSOR_GET_RET_STATUS(s) ((s)->status & 0xc0) +#define IPMI_SENSOR_SET_RET_STATUS(s, v) ((s)->status = (s->status & ~0xc0) | \ + (v & 0xc0)) +#define IPMI_SENSOR_IS_DISCRETE(s) ((s)->evt_reading_type_code != 1) + +#define MAX_SENSORS 20 +#define IPMI_WATCHDOG_SENSOR 0 + +typedef struct IPMIBmcSim IPMIBmcSim; + +#define MAX_NETFNS 64 +typedef void (*IPMICmdHandler)(IPMIBmcSim *s, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len); +typedef struct IPMINetfn { + unsigned int cmd_nums; + const IPMICmdHandler *cmd_handlers; +} IPMINetfn; + +typedef struct IPMIRcvBufEntry { + QTAILQ_ENTRY(IPMIRcvBufEntry) entry; + uint8_t len; + uint8_t buf[MAX_IPMI_MSG_SIZE]; +} IPMIRcvBufEntry; + +#define TYPE_IPMI_BMC_SIMULATOR "ipmi-bmc-sim" +#define IPMI_BMC_SIMULATOR(obj) OBJECT_CHECK(IPMIBmcSim, (obj), \ + TYPE_IPMI_BMC_SIMULATOR) +struct IPMIBmcSim { + IPMIBmc parent; + + QEMUTimer *timer; + + uint8_t bmc_global_enables; + uint8_t msg_flags; + + bool watchdog_initialized; + uint8_t watchdog_use; + uint8_t watchdog_action; + uint8_t watchdog_pretimeout; /* In seconds */ + bool watchdog_expired; + uint16_t watchdog_timeout; /* in 100's of milliseconds */ + + bool watchdog_running; + bool watchdog_preaction_ran; + int64_t watchdog_expiry; + + uint8_t device_id; + uint8_t ipmi_version; + uint8_t device_rev; + uint8_t fwrev1; + uint8_t fwrev2; + uint8_t mfg_id[3]; + uint8_t product_id[2]; + + IPMISel sel; + IPMISdr sdr; + IPMISensor sensors[MAX_SENSORS]; + + /* Odd netfns are for responses, so we only need the even ones. */ + const IPMINetfn *netfns[MAX_NETFNS / 2]; + + QemuMutex lock; + /* We allow one event in the buffer */ + uint8_t evtbuf[16]; + + QTAILQ_HEAD(, IPMIRcvBufEntry) rcvbufs; +}; + +#define IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK (1 << 3) +#define IPMI_BMC_MSG_FLAG_EVT_BUF_FULL (1 << 1) +#define IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE (1 << 0) +#define IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK_SET(s) \ + (IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK & (s)->msg_flags) +#define IPMI_BMC_MSG_FLAG_EVT_BUF_FULL_SET(s) \ + (IPMI_BMC_MSG_FLAG_EVT_BUF_FULL & (s)->msg_flags) +#define IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE_SET(s) \ + (IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE & (s)->msg_flags) + +#define IPMI_BMC_RCV_MSG_QUEUE_INT_BIT 0 +#define IPMI_BMC_EVBUF_FULL_INT_BIT 1 +#define IPMI_BMC_EVENT_MSG_BUF_BIT 2 +#define IPMI_BMC_EVENT_LOG_BIT 3 +#define IPMI_BMC_MSG_INTS_ON(s) ((s)->bmc_global_enables & \ + (1 << IPMI_BMC_RCV_MSG_QUEUE_INT_BIT)) +#define IPMI_BMC_EVBUF_FULL_INT_ENABLED(s) ((s)->bmc_global_enables & \ + (1 << IPMI_BMC_EVBUF_FULL_INT_BIT)) +#define IPMI_BMC_EVENT_LOG_ENABLED(s) ((s)->bmc_global_enables & \ + (1 << IPMI_BMC_EVENT_LOG_BIT)) +#define IPMI_BMC_EVENT_MSG_BUF_ENABLED(s) ((s)->bmc_global_enables & \ + (1 << IPMI_BMC_EVENT_MSG_BUF_BIT)) + +#define IPMI_BMC_WATCHDOG_USE_MASK 0xc7 +#define IPMI_BMC_WATCHDOG_ACTION_MASK 0x77 +#define IPMI_BMC_WATCHDOG_GET_USE(s) ((s)->watchdog_use & 0x7) +#define IPMI_BMC_WATCHDOG_GET_DONT_LOG(s) (((s)->watchdog_use >> 7) & 0x1) +#define IPMI_BMC_WATCHDOG_GET_DONT_STOP(s) (((s)->watchdog_use >> 6) & 0x1) +#define IPMI_BMC_WATCHDOG_GET_PRE_ACTION(s) (((s)->watchdog_action >> 4) & 0x7) +#define IPMI_BMC_WATCHDOG_PRE_NONE 0 +#define IPMI_BMC_WATCHDOG_PRE_SMI 1 +#define IPMI_BMC_WATCHDOG_PRE_NMI 2 +#define IPMI_BMC_WATCHDOG_PRE_MSG_INT 3 +#define IPMI_BMC_WATCHDOG_GET_ACTION(s) ((s)->watchdog_action & 0x7) +#define IPMI_BMC_WATCHDOG_ACTION_NONE 0 +#define IPMI_BMC_WATCHDOG_ACTION_RESET 1 +#define IPMI_BMC_WATCHDOG_ACTION_POWER_DOWN 2 +#define IPMI_BMC_WATCHDOG_ACTION_POWER_CYCLE 3 + + +/* Add a byte to the response. */ +#define IPMI_ADD_RSP_DATA(b) \ + do { \ + if (*rsp_len >= max_rsp_len) { \ + rsp[2] = IPMI_CC_REQUEST_DATA_TRUNCATED; \ + goto out; \ + } \ + rsp[(*rsp_len)++] = (b); \ + } while (0) + +/* Verify that the received command is a certain length. */ +#define IPMI_CHECK_CMD_LEN(l) \ + if (cmd_len < l) { \ + rsp[2] = IPMI_CC_REQUEST_DATA_LENGTH_INVALID; \ + goto out; \ + } + +/* Check that the reservation in the command is valid. */ +#define IPMI_CHECK_RESERVATION(off, r) \ + do { \ + if ((cmd[off] | (cmd[off + 1] << 8)) != r) { \ + rsp[2] = IPMI_CC_INVALID_RESERVATION; \ + goto out; \ + } \ + } while (0) + + +static void ipmi_sim_handle_timeout(IPMIBmcSim *ibs); + +static void ipmi_gettime(struct ipmi_time *time) +{ + int64_t stime; + + stime = qemu_clock_get_ns(QEMU_CLOCK_HOST); + time->tv_sec = stime / 1000000000LL; + time->tv_nsec = stime % 1000000000LL; +} + +static int64_t ipmi_getmonotime(void) +{ + return qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL); +} + +static void ipmi_timeout(void *opaque) +{ + IPMIBmcSim *ibs = opaque; + + ipmi_sim_handle_timeout(ibs); +} + +static void set_timestamp(IPMIBmcSim *ibs, uint8_t *ts) +{ + unsigned int val; + struct ipmi_time now; + + ipmi_gettime(&now); + val = now.tv_sec + ibs->sel.time_offset; + ts[0] = val & 0xff; + ts[1] = (val >> 8) & 0xff; + ts[2] = (val >> 16) & 0xff; + ts[3] = (val >> 24) & 0xff; +} + +static void sdr_inc_reservation(IPMISdr *sdr) +{ + sdr->reservation++; + if (sdr->reservation == 0) { + sdr->reservation = 1; + } +} + +static int sdr_add_entry(IPMIBmcSim *ibs, const uint8_t *entry, + unsigned int len, uint16_t *recid) +{ + if ((len < 5) || (len > 255)) { + return 1; + } + + if (entry[4] != len - 5) { + return 1; + } + + if (ibs->sdr.next_free + len > MAX_SDR_SIZE) { + ibs->sdr.overflow = 1; + return 1; + } + + memcpy(ibs->sdr.sdr + ibs->sdr.next_free, entry, len); + ibs->sdr.sdr[ibs->sdr.next_free] = ibs->sdr.next_rec_id & 0xff; + ibs->sdr.sdr[ibs->sdr.next_free+1] = (ibs->sdr.next_rec_id >> 8) & 0xff; + ibs->sdr.sdr[ibs->sdr.next_free+2] = 0x51; /* Conform to IPMI 1.5 spec */ + + if (recid) { + *recid = ibs->sdr.next_rec_id; + } + ibs->sdr.next_rec_id++; + set_timestamp(ibs, ibs->sdr.last_addition); + ibs->sdr.next_free += len; + sdr_inc_reservation(&ibs->sdr); + return 0; +} + +static int sdr_find_entry(IPMISdr *sdr, uint16_t recid, + unsigned int *retpos, uint16_t *nextrec) +{ + unsigned int pos = *retpos; + + while (pos < sdr->next_free) { + uint16_t trec = sdr->sdr[pos] | (sdr->sdr[pos + 1] << 8); + unsigned int nextpos = pos + sdr->sdr[pos + 4]; + + if (trec == recid) { + if (nextrec) { + if (nextpos >= sdr->next_free) { + *nextrec = 0xffff; + } else { + *nextrec = (sdr->sdr[nextpos] | + (sdr->sdr[nextpos + 1] << 8)); + } + } + *retpos = pos; + return 0; + } + pos = nextpos; + } + return 1; +} + +static void sel_inc_reservation(IPMISel *sel) +{ + sel->reservation++; + if (sel->reservation == 0) { + sel->reservation = 1; + } +} + +/* Returns 1 if the SEL is full and can't hold the event. */ +static int sel_add_event(IPMIBmcSim *ibs, uint8_t *event) +{ + event[0] = 0xff; + event[1] = 0xff; + set_timestamp(ibs, event + 3); + if (ibs->sel.next_free == MAX_SEL_SIZE) { + ibs->sel.overflow = 1; + return 1; + } + event[0] = ibs->sel.next_free & 0xff; + event[1] = (ibs->sel.next_free >> 8) & 0xff; + memcpy(ibs->sel.last_addition, event + 3, 4); + memcpy(ibs->sel.sel[ibs->sel.next_free], event, 16); + ibs->sel.next_free++; + sel_inc_reservation(&ibs->sel); + return 0; +} + +static int attn_set(IPMIBmcSim *ibs) +{ + return IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE_SET(ibs) + || IPMI_BMC_MSG_FLAG_EVT_BUF_FULL_SET(ibs) + || IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK_SET(ibs); +} + +static int attn_irq_enabled(IPMIBmcSim *ibs) +{ + return (IPMI_BMC_MSG_INTS_ON(ibs) && IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE_SET(ibs)) + || (IPMI_BMC_EVBUF_FULL_INT_ENABLED(ibs) && + IPMI_BMC_MSG_FLAG_EVT_BUF_FULL_SET(ibs)); +} + +static void gen_event(IPMIBmcSim *ibs, unsigned int sens_num, uint8_t deassert, + uint8_t evd1, uint8_t evd2, uint8_t evd3) +{ + IPMIInterface *s = ibs->parent.intf; + IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); + uint8_t evt[16]; + IPMISensor *sens = ibs->sensors + sens_num; + + if (!IPMI_BMC_EVENT_MSG_BUF_ENABLED(ibs)) { + return; + } + if (!IPMI_SENSOR_GET_EVENTS_ON(sens)) { + return; + } + + evt[2] = 0x2; /* System event record */ + evt[7] = ibs->parent.slave_addr; + evt[8] = 0; + evt[9] = 0x04; /* Format version */ + evt[10] = sens->sensor_type; + evt[11] = sens_num; + evt[12] = sens->evt_reading_type_code | (!!deassert << 7); + evt[13] = evd1; + evt[14] = evd2; + evt[15] = evd3; + + if (IPMI_BMC_EVENT_LOG_ENABLED(ibs)) { + sel_add_event(ibs, evt); + } + + if (ibs->msg_flags & IPMI_BMC_MSG_FLAG_EVT_BUF_FULL) { + goto out; + } + + memcpy(ibs->evtbuf, evt, 16); + ibs->msg_flags |= IPMI_BMC_MSG_FLAG_EVT_BUF_FULL; + k->set_atn(s, 1, attn_irq_enabled(ibs)); + out: + return; +} + +static void sensor_set_discrete_bit(IPMIBmcSim *ibs, unsigned int sensor, + unsigned int bit, unsigned int val, + uint8_t evd1, uint8_t evd2, uint8_t evd3) +{ + IPMISensor *sens; + uint16_t mask; + + if (sensor >= MAX_SENSORS) { + return; + } + if (bit >= 16) { + return; + } + + mask = (1 << bit); + sens = ibs->sensors + sensor; + if (val) { + sens->states |= mask & sens->states_suppt; + if (sens->assert_states & mask) { + return; /* Already asserted */ + } + sens->assert_states |= mask & sens->assert_suppt; + if (sens->assert_enable & mask & sens->assert_states) { + /* Send an event on assert */ + gen_event(ibs, sensor, 0, evd1, evd2, evd3); + } + } else { + sens->states &= ~(mask & sens->states_suppt); + if (sens->deassert_states & mask) { + return; /* Already deasserted */ + } + sens->deassert_states |= mask & sens->deassert_suppt; + if (sens->deassert_enable & mask & sens->deassert_states) { + /* Send an event on deassert */ + gen_event(ibs, sensor, 1, evd1, evd2, evd3); + } + } +} + +static void ipmi_init_sensors_from_sdrs(IPMIBmcSim *s) +{ + unsigned int i, pos; + IPMISensor *sens; + + for (i = 0; i < MAX_SENSORS; i++) { + memset(s->sensors + i, 0, sizeof(*sens)); + } + + pos = 0; + for (i = 0; !sdr_find_entry(&s->sdr, i, &pos, NULL); i++) { + uint8_t *sdr = s->sdr.sdr + pos; + unsigned int len = sdr[4]; + + if (len < 20) { + continue; + } + if ((sdr[3] < 1) || (sdr[3] > 2)) { + continue; /* Not a sensor SDR we set from */ + } + + if (sdr[7] > MAX_SENSORS) { + continue; + } + sens = s->sensors + sdr[7]; + + IPMI_SENSOR_SET_PRESENT(sens, 1); + IPMI_SENSOR_SET_SCAN_ON(sens, (sdr[10] >> 6) & 1); + IPMI_SENSOR_SET_EVENTS_ON(sens, (sdr[10] >> 5) & 1); + sens->assert_suppt = sdr[14] | (sdr[15] << 8); + sens->deassert_suppt = sdr[16] | (sdr[17] << 8); + sens->states_suppt = sdr[18] | (sdr[19] << 8); + sens->sensor_type = sdr[12]; + sens->evt_reading_type_code = sdr[13] & 0x7f; + + /* Enable all the events that are supported. */ + sens->assert_enable = sens->assert_suppt; + sens->deassert_enable = sens->deassert_suppt; + } +} + +static int ipmi_register_netfn(IPMIBmcSim *s, unsigned int netfn, + const IPMINetfn *netfnd) +{ + if ((netfn & 1) || (netfn > MAX_NETFNS) || (s->netfns[netfn / 2])) { + return -1; + } + s->netfns[netfn / 2] = netfnd; + return 0; +} + +static void next_timeout(IPMIBmcSim *ibs) +{ + int64_t next; + if (ibs->watchdog_running) { + next = ibs->watchdog_expiry; + } else { + /* Wait a minute */ + next = ipmi_getmonotime() + 60 * 1000000000LL; + } + timer_mod_ns(ibs->timer, next); +} + +static void ipmi_sim_handle_command(IPMIBmc *b, + uint8_t *cmd, unsigned int cmd_len, + unsigned int max_cmd_len, + uint8_t msg_id) +{ + IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b); + IPMIInterface *s = ibs->parent.intf; + IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); + unsigned int netfn; + uint8_t rsp[MAX_IPMI_MSG_SIZE]; + unsigned int rsp_len_holder = 0; + unsigned int *rsp_len = &rsp_len_holder; + unsigned int max_rsp_len = sizeof(rsp); + + /* Set up the response, set the low bit of NETFN. */ + /* Note that max_rsp_len must be at least 3 */ + IPMI_ADD_RSP_DATA(cmd[0] | 0x04); + IPMI_ADD_RSP_DATA(cmd[1]); + IPMI_ADD_RSP_DATA(0); /* Assume success */ + + /* If it's too short or it was truncated, return an error. */ + if (cmd_len < 2) { + rsp[2] = IPMI_CC_REQUEST_DATA_LENGTH_INVALID; + goto out; + } + if (cmd_len > max_cmd_len) { + rsp[2] = IPMI_CC_REQUEST_DATA_TRUNCATED; + goto out; + } + + if ((cmd[0] & 0x03) != 0) { + /* Only have stuff on LUN 0 */ + rsp[2] = IPMI_CC_COMMAND_INVALID_FOR_LUN; + goto out; + } + + netfn = cmd[0] >> 2; + + /* Odd netfns are not valid, make sure the command is registered */ + if ((netfn & 1) || !ibs->netfns[netfn / 2] || + (cmd[1] >= ibs->netfns[netfn / 2]->cmd_nums) || + (!ibs->netfns[netfn / 2]->cmd_handlers[cmd[1]])) { + rsp[2] = IPMI_CC_INVALID_CMD; + goto out; + } + + ibs->netfns[netfn / 2]->cmd_handlers[cmd[1]](ibs, cmd, cmd_len, rsp, rsp_len, + max_rsp_len); + + out: + k->handle_rsp(s, msg_id, rsp, *rsp_len); + + next_timeout(ibs); +} + +static void ipmi_sim_handle_timeout(IPMIBmcSim *ibs) +{ + IPMIInterface *s = ibs->parent.intf; + IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); + + if (!ibs->watchdog_running) { + goto out; + } + + if (!ibs->watchdog_preaction_ran) { + switch (IPMI_BMC_WATCHDOG_GET_PRE_ACTION(ibs)) { + case IPMI_BMC_WATCHDOG_PRE_NMI: + ibs->msg_flags |= IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK; + k->do_hw_op(s, IPMI_SEND_NMI, 0); + sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 8, 1, + 0xc8, (2 << 4) | 0xf, 0xff); + break; + + case IPMI_BMC_WATCHDOG_PRE_MSG_INT: + ibs->msg_flags |= IPMI_BMC_MSG_FLAG_WATCHDOG_TIMEOUT_MASK; + k->set_atn(s, 1, attn_irq_enabled(ibs)); + sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 8, 1, + 0xc8, (3 << 4) | 0xf, 0xff); + break; + + default: + goto do_full_expiry; + } + + ibs->watchdog_preaction_ran = 1; + /* Issued the pretimeout, do the rest of the timeout now. */ + ibs->watchdog_expiry = ipmi_getmonotime(); + ibs->watchdog_expiry += ibs->watchdog_pretimeout * 1000000000LL; + goto out; + } + + do_full_expiry: + ibs->watchdog_running = 0; /* Stop the watchdog on a timeout */ + ibs->watchdog_expired |= (1 << IPMI_BMC_WATCHDOG_GET_USE(ibs)); + switch (IPMI_BMC_WATCHDOG_GET_ACTION(ibs)) { + case IPMI_BMC_WATCHDOG_ACTION_NONE: + sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 0, 1, + 0xc0, ibs->watchdog_use & 0xf, 0xff); + break; + + case IPMI_BMC_WATCHDOG_ACTION_RESET: + sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 1, 1, + 0xc1, ibs->watchdog_use & 0xf, 0xff); + k->do_hw_op(s, IPMI_RESET_CHASSIS, 0); + break; + + case IPMI_BMC_WATCHDOG_ACTION_POWER_DOWN: + sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 2, 1, + 0xc2, ibs->watchdog_use & 0xf, 0xff); + k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0); + break; + + case IPMI_BMC_WATCHDOG_ACTION_POWER_CYCLE: + sensor_set_discrete_bit(ibs, IPMI_WATCHDOG_SENSOR, 2, 1, + 0xc3, ibs->watchdog_use & 0xf, 0xff); + k->do_hw_op(s, IPMI_POWERCYCLE_CHASSIS, 0); + break; + } + + out: + next_timeout(ibs); +} + +static void chassis_capabilities(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMI_ADD_RSP_DATA(0); + IPMI_ADD_RSP_DATA(ibs->parent.slave_addr); + IPMI_ADD_RSP_DATA(ibs->parent.slave_addr); + IPMI_ADD_RSP_DATA(ibs->parent.slave_addr); + IPMI_ADD_RSP_DATA(ibs->parent.slave_addr); + out: + return; +} + +static void chassis_status(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMI_ADD_RSP_DATA(0x61); /* Unknown power restore, power is on */ + IPMI_ADD_RSP_DATA(0); + IPMI_ADD_RSP_DATA(0); + IPMI_ADD_RSP_DATA(0); + out: + return; +} + +static void chassis_control(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMIInterface *s = ibs->parent.intf; + IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); + + IPMI_CHECK_CMD_LEN(3); + switch (cmd[2] & 0xf) { + case 0: /* power down */ + rsp[2] = k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 0); + break; + case 1: /* power up */ + rsp[2] = k->do_hw_op(s, IPMI_POWERON_CHASSIS, 0); + break; + case 2: /* power cycle */ + rsp[2] = k->do_hw_op(s, IPMI_POWERCYCLE_CHASSIS, 0); + break; + case 3: /* hard reset */ + rsp[2] = k->do_hw_op(s, IPMI_RESET_CHASSIS, 0); + break; + case 4: /* pulse diagnostic interrupt */ + rsp[2] = k->do_hw_op(s, IPMI_PULSE_DIAG_IRQ, 0); + break; + case 5: /* soft shutdown via ACPI by overtemp emulation */ + rsp[2] = k->do_hw_op(s, + IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP, 0); + break; + default: + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } + out: + return; +} + +static void get_device_id(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMI_ADD_RSP_DATA(ibs->device_id); + IPMI_ADD_RSP_DATA(ibs->device_rev & 0xf); + IPMI_ADD_RSP_DATA(ibs->fwrev1 & 0x7f); + IPMI_ADD_RSP_DATA(ibs->fwrev2); + IPMI_ADD_RSP_DATA(ibs->ipmi_version); + IPMI_ADD_RSP_DATA(0x07); /* sensor, SDR, and SEL. */ + IPMI_ADD_RSP_DATA(ibs->mfg_id[0]); + IPMI_ADD_RSP_DATA(ibs->mfg_id[1]); + IPMI_ADD_RSP_DATA(ibs->mfg_id[2]); + IPMI_ADD_RSP_DATA(ibs->product_id[0]); + IPMI_ADD_RSP_DATA(ibs->product_id[1]); + out: + return; +} + +static void set_global_enables(IPMIBmcSim *ibs, uint8_t val) +{ + IPMIInterface *s = ibs->parent.intf; + IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); + bool irqs_on; + + ibs->bmc_global_enables = val; + + irqs_on = val & (IPMI_BMC_EVBUF_FULL_INT_BIT | + IPMI_BMC_RCV_MSG_QUEUE_INT_BIT); + + k->set_irq_enable(s, irqs_on); +} + +static void cold_reset(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMIInterface *s = ibs->parent.intf; + IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); + + /* Disable all interrupts */ + set_global_enables(ibs, 1 << IPMI_BMC_EVENT_LOG_BIT); + + if (k->reset) { + k->reset(s, true); + } +} + +static void warm_reset(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMIInterface *s = ibs->parent.intf; + IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); + + if (k->reset) { + k->reset(s, false); + } +} + +static void set_bmc_global_enables(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMI_CHECK_CMD_LEN(3); + set_global_enables(ibs, cmd[2]); + out: + return; +} + +static void get_bmc_global_enables(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMI_ADD_RSP_DATA(ibs->bmc_global_enables); + out: + return; +} + +static void clr_msg_flags(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMIInterface *s = ibs->parent.intf; + IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); + + IPMI_CHECK_CMD_LEN(3); + ibs->msg_flags &= ~cmd[2]; + k->set_atn(s, attn_set(ibs), attn_irq_enabled(ibs)); + out: + return; +} + +static void get_msg_flags(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMI_ADD_RSP_DATA(ibs->msg_flags); + out: + return; +} + +static void read_evt_msg_buf(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMIInterface *s = ibs->parent.intf; + IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); + unsigned int i; + + if (!(ibs->msg_flags & IPMI_BMC_MSG_FLAG_EVT_BUF_FULL)) { + rsp[2] = 0x80; + goto out; + } + for (i = 0; i < 16; i++) { + IPMI_ADD_RSP_DATA(ibs->evtbuf[i]); + } + ibs->msg_flags &= ~IPMI_BMC_MSG_FLAG_EVT_BUF_FULL; + k->set_atn(s, attn_set(ibs), attn_irq_enabled(ibs)); + out: + return; +} + +static void get_msg(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMIRcvBufEntry *msg; + + qemu_mutex_lock(&ibs->lock); + if (QTAILQ_EMPTY(&ibs->rcvbufs)) { + rsp[2] = 0x80; /* Queue empty */ + goto out; + } + rsp[3] = 0; /* Channel 0 */ + *rsp_len += 1; + msg = QTAILQ_FIRST(&ibs->rcvbufs); + memcpy(rsp + 4, msg->buf, msg->len); + *rsp_len += msg->len; + QTAILQ_REMOVE(&ibs->rcvbufs, msg, entry); + g_free(msg); + + if (QTAILQ_EMPTY(&ibs->rcvbufs)) { + IPMIInterface *s = ibs->parent.intf; + IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); + + ibs->msg_flags &= ~IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE; + k->set_atn(s, attn_set(ibs), attn_irq_enabled(ibs)); + } + + out: + qemu_mutex_unlock(&ibs->lock); + return; +} + +static unsigned char +ipmb_checksum(unsigned char *data, int size, unsigned char csum) +{ + for (; size > 0; size--, data++) { + csum += *data; + } + + return -csum; +} + +static void send_msg(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMIInterface *s = ibs->parent.intf; + IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); + IPMIRcvBufEntry *msg; + uint8_t *buf; + uint8_t netfn, rqLun, rsLun, rqSeq; + + IPMI_CHECK_CMD_LEN(3); + + if (cmd[2] != 0) { + /* We only handle channel 0 with no options */ + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } + + IPMI_CHECK_CMD_LEN(10); + if (cmd[3] != 0x40) { + /* We only emulate a MC at address 0x40. */ + rsp[2] = 0x83; /* NAK on write */ + goto out; + } + + cmd += 3; /* Skip the header. */ + cmd_len -= 3; + + /* + * At this point we "send" the message successfully. Any error will + * be returned in the response. + */ + if (ipmb_checksum(cmd, cmd_len, 0) != 0 || + cmd[3] != 0x20) { /* Improper response address */ + goto out; /* No response */ + } + + netfn = cmd[1] >> 2; + rqLun = cmd[4] & 0x3; + rsLun = cmd[1] & 0x3; + rqSeq = cmd[4] >> 2; + + if (rqLun != 2) { + /* We only support LUN 2 coming back to us. */ + goto out; + } + + msg = g_malloc(sizeof(*msg)); + msg->buf[0] = ((netfn | 1) << 2) | rqLun; /* NetFN, and make a response */ + msg->buf[1] = ipmb_checksum(msg->buf, 1, 0); + msg->buf[2] = cmd[0]; /* rsSA */ + msg->buf[3] = (rqSeq << 2) | rsLun; + msg->buf[4] = cmd[5]; /* Cmd */ + msg->buf[5] = 0; /* Completion Code */ + msg->len = 6; + + if ((cmd[1] >> 2) != IPMI_NETFN_APP || cmd[5] != IPMI_CMD_GET_DEVICE_ID) { + /* Not a command we handle. */ + msg->buf[5] = IPMI_CC_INVALID_CMD; + goto end_msg; + } + + buf = msg->buf + msg->len; /* After the CC */ + buf[0] = 0; + buf[1] = 0; + buf[2] = 0; + buf[3] = 0; + buf[4] = 0x51; + buf[5] = 0; + buf[6] = 0; + buf[7] = 0; + buf[8] = 0; + buf[9] = 0; + buf[10] = 0; + msg->len += 11; + + end_msg: + msg->buf[msg->len] = ipmb_checksum(msg->buf, msg->len, 0); + msg->len++; + qemu_mutex_lock(&ibs->lock); + QTAILQ_INSERT_TAIL(&ibs->rcvbufs, msg, entry); + ibs->msg_flags |= IPMI_BMC_MSG_FLAG_RCV_MSG_QUEUE; + k->set_atn(s, 1, attn_irq_enabled(ibs)); + qemu_mutex_unlock(&ibs->lock); + + out: + return; +} + +static void do_watchdog_reset(IPMIBmcSim *ibs) +{ + if (IPMI_BMC_WATCHDOG_GET_ACTION(ibs) == + IPMI_BMC_WATCHDOG_ACTION_NONE) { + ibs->watchdog_running = 0; + return; + } + ibs->watchdog_preaction_ran = 0; + + + /* Timeout is in tenths of a second, offset is in seconds */ + ibs->watchdog_expiry = ipmi_getmonotime(); + ibs->watchdog_expiry += ibs->watchdog_timeout * 100000000LL; + if (IPMI_BMC_WATCHDOG_GET_PRE_ACTION(ibs) != IPMI_BMC_WATCHDOG_PRE_NONE) { + ibs->watchdog_expiry -= ibs->watchdog_pretimeout * 1000000000LL; + } + ibs->watchdog_running = 1; +} + +static void reset_watchdog_timer(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + if (!ibs->watchdog_initialized) { + rsp[2] = 0x80; + goto out; + } + do_watchdog_reset(ibs); + out: + return; +} + +static void set_watchdog_timer(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMIInterface *s = ibs->parent.intf; + IPMIInterfaceClass *k = IPMI_INTERFACE_GET_CLASS(s); + unsigned int val; + + IPMI_CHECK_CMD_LEN(8); + val = cmd[2] & 0x7; /* Validate use */ + if (val == 0 || val > 5) { + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } + val = cmd[3] & 0x7; /* Validate action */ + switch (val) { + case IPMI_BMC_WATCHDOG_ACTION_NONE: + break; + + case IPMI_BMC_WATCHDOG_ACTION_RESET: + rsp[2] = k->do_hw_op(s, IPMI_RESET_CHASSIS, 1); + break; + + case IPMI_BMC_WATCHDOG_ACTION_POWER_DOWN: + rsp[2] = k->do_hw_op(s, IPMI_POWEROFF_CHASSIS, 1); + break; + + case IPMI_BMC_WATCHDOG_ACTION_POWER_CYCLE: + rsp[2] = k->do_hw_op(s, IPMI_POWERCYCLE_CHASSIS, 1); + break; + + default: + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + } + if (rsp[2]) { + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } + + val = (cmd[3] >> 4) & 0x7; /* Validate preaction */ + switch (val) { + case IPMI_BMC_WATCHDOG_PRE_MSG_INT: + case IPMI_BMC_WATCHDOG_PRE_NONE: + break; + + case IPMI_BMC_WATCHDOG_PRE_NMI: + if (!k->do_hw_op(s, IPMI_SEND_NMI, 1)) { + /* NMI not supported. */ + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } + default: + /* We don't support PRE_SMI */ + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } + + ibs->watchdog_initialized = 1; + ibs->watchdog_use = cmd[2] & IPMI_BMC_WATCHDOG_USE_MASK; + ibs->watchdog_action = cmd[3] & IPMI_BMC_WATCHDOG_ACTION_MASK; + ibs->watchdog_pretimeout = cmd[4]; + ibs->watchdog_expired &= ~cmd[5]; + ibs->watchdog_timeout = cmd[6] | (((uint16_t) cmd[7]) << 8); + if (ibs->watchdog_running & IPMI_BMC_WATCHDOG_GET_DONT_STOP(ibs)) { + do_watchdog_reset(ibs); + } else { + ibs->watchdog_running = 0; + } + out: + return; +} + +static void get_watchdog_timer(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMI_ADD_RSP_DATA(ibs->watchdog_use); + IPMI_ADD_RSP_DATA(ibs->watchdog_action); + IPMI_ADD_RSP_DATA(ibs->watchdog_pretimeout); + IPMI_ADD_RSP_DATA(ibs->watchdog_expired); + if (ibs->watchdog_running) { + long timeout; + timeout = ((ibs->watchdog_expiry - ipmi_getmonotime() + 50000000) + / 100000000); + IPMI_ADD_RSP_DATA(timeout & 0xff); + IPMI_ADD_RSP_DATA((timeout >> 8) & 0xff); + } else { + IPMI_ADD_RSP_DATA(0); + IPMI_ADD_RSP_DATA(0); + } + out: + return; +} + +static void get_sdr_rep_info(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + unsigned int i; + + IPMI_ADD_RSP_DATA(0x51); /* Conform to IPMI 1.5 spec */ + IPMI_ADD_RSP_DATA(ibs->sdr.next_rec_id & 0xff); + IPMI_ADD_RSP_DATA((ibs->sdr.next_rec_id >> 8) & 0xff); + IPMI_ADD_RSP_DATA((MAX_SDR_SIZE - ibs->sdr.next_free) & 0xff); + IPMI_ADD_RSP_DATA(((MAX_SDR_SIZE - ibs->sdr.next_free) >> 8) & 0xff); + for (i = 0; i < 4; i++) { + IPMI_ADD_RSP_DATA(ibs->sdr.last_addition[i]); + } + for (i = 0; i < 4; i++) { + IPMI_ADD_RSP_DATA(ibs->sdr.last_clear[i]); + } + /* Only modal support, reserve supported */ + IPMI_ADD_RSP_DATA((ibs->sdr.overflow << 7) | 0x22); + out: + return; +} + +static void reserve_sdr_rep(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMI_ADD_RSP_DATA(ibs->sdr.reservation & 0xff); + IPMI_ADD_RSP_DATA((ibs->sdr.reservation >> 8) & 0xff); + out: + return; +} + +static void get_sdr(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + unsigned int pos; + uint16_t nextrec; + + IPMI_CHECK_CMD_LEN(8); + if (cmd[6]) { + IPMI_CHECK_RESERVATION(2, ibs->sdr.reservation); + } + pos = 0; + if (sdr_find_entry(&ibs->sdr, cmd[4] | (cmd[5] << 8), + &pos, &nextrec)) { + rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; + goto out; + } + if (cmd[6] > (ibs->sdr.sdr[pos + 4])) { + rsp[2] = IPMI_CC_PARM_OUT_OF_RANGE; + goto out; + } + + IPMI_ADD_RSP_DATA(nextrec & 0xff); + IPMI_ADD_RSP_DATA((nextrec >> 8) & 0xff); + + if (cmd[7] == 0xff) { + cmd[7] = ibs->sdr.sdr[pos + 4] - cmd[6]; + } + + if ((cmd[7] + *rsp_len) > max_rsp_len) { + rsp[2] = IPMI_CC_CANNOT_RETURN_REQ_NUM_BYTES; + goto out; + } + memcpy(rsp + *rsp_len, ibs->sdr.sdr + pos + cmd[6], cmd[7]); + *rsp_len += cmd[7]; + out: + return; +} + +static void add_sdr(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + uint16_t recid; + + if (sdr_add_entry(ibs, cmd + 2, cmd_len - 2, &recid)) { + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } + IPMI_ADD_RSP_DATA(recid & 0xff); + IPMI_ADD_RSP_DATA((recid >> 8) & 0xff); + out: + return; +} + +static void clear_sdr_rep(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMI_CHECK_CMD_LEN(8); + IPMI_CHECK_RESERVATION(2, ibs->sdr.reservation); + if (cmd[4] != 'C' || cmd[5] != 'L' || cmd[6] != 'R') { + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } + if (cmd[7] == 0xaa) { + ibs->sdr.next_free = 0; + ibs->sdr.overflow = 0; + set_timestamp(ibs, ibs->sdr.last_clear); + IPMI_ADD_RSP_DATA(1); /* Erasure complete */ + sdr_inc_reservation(&ibs->sdr); + } else if (cmd[7] == 0) { + IPMI_ADD_RSP_DATA(1); /* Erasure complete */ + } else { + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } + out: + return; +} + +static void get_sel_info(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + unsigned int i, val; + + IPMI_ADD_RSP_DATA(0x51); /* Conform to IPMI 1.5 */ + IPMI_ADD_RSP_DATA(ibs->sel.next_free & 0xff); + IPMI_ADD_RSP_DATA((ibs->sel.next_free >> 8) & 0xff); + val = (MAX_SEL_SIZE - ibs->sel.next_free) * 16; + IPMI_ADD_RSP_DATA(val & 0xff); + IPMI_ADD_RSP_DATA((val >> 8) & 0xff); + for (i = 0; i < 4; i++) { + IPMI_ADD_RSP_DATA(ibs->sel.last_addition[i]); + } + for (i = 0; i < 4; i++) { + IPMI_ADD_RSP_DATA(ibs->sel.last_clear[i]); + } + /* Only support Reserve SEL */ + IPMI_ADD_RSP_DATA((ibs->sel.overflow << 7) | 0x02); + out: + return; +} + +static void reserve_sel(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMI_ADD_RSP_DATA(ibs->sel.reservation & 0xff); + IPMI_ADD_RSP_DATA((ibs->sel.reservation >> 8) & 0xff); + out: + return; +} + +static void get_sel_entry(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + unsigned int val; + + IPMI_CHECK_CMD_LEN(8); + if (cmd[6]) { + IPMI_CHECK_RESERVATION(2, ibs->sel.reservation); + } + if (ibs->sel.next_free == 0) { + rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; + goto out; + } + if (cmd[6] > 15) { + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } + if (cmd[7] == 0xff) { + cmd[7] = 16; + } else if ((cmd[7] + cmd[6]) > 16) { + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } else { + cmd[7] += cmd[6]; + } + + val = cmd[4] | (cmd[5] << 8); + if (val == 0xffff) { + val = ibs->sel.next_free - 1; + } else if (val >= ibs->sel.next_free) { + rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; + goto out; + } + if ((val + 1) == ibs->sel.next_free) { + IPMI_ADD_RSP_DATA(0xff); + IPMI_ADD_RSP_DATA(0xff); + } else { + IPMI_ADD_RSP_DATA((val + 1) & 0xff); + IPMI_ADD_RSP_DATA(((val + 1) >> 8) & 0xff); + } + for (; cmd[6] < cmd[7]; cmd[6]++) { + IPMI_ADD_RSP_DATA(ibs->sel.sel[val][cmd[6]]); + } + out: + return; +} + +static void add_sel_entry(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMI_CHECK_CMD_LEN(18); + if (sel_add_event(ibs, cmd + 2)) { + rsp[2] = IPMI_CC_OUT_OF_SPACE; + goto out; + } + /* sel_add_event fills in the record number. */ + IPMI_ADD_RSP_DATA(cmd[2]); + IPMI_ADD_RSP_DATA(cmd[3]); + out: + return; +} + +static void clear_sel(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMI_CHECK_CMD_LEN(8); + IPMI_CHECK_RESERVATION(2, ibs->sel.reservation); + if (cmd[4] != 'C' || cmd[5] != 'L' || cmd[6] != 'R') { + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } + if (cmd[7] == 0xaa) { + ibs->sel.next_free = 0; + ibs->sel.overflow = 0; + set_timestamp(ibs, ibs->sdr.last_clear); + IPMI_ADD_RSP_DATA(1); /* Erasure complete */ + sel_inc_reservation(&ibs->sel); + } else if (cmd[7] == 0) { + IPMI_ADD_RSP_DATA(1); /* Erasure complete */ + } else { + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } + out: + return; +} + +static void get_sel_time(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + uint32_t val; + struct ipmi_time now; + + ipmi_gettime(&now); + val = now.tv_sec + ibs->sel.time_offset; + IPMI_ADD_RSP_DATA(val & 0xff); + IPMI_ADD_RSP_DATA((val >> 8) & 0xff); + IPMI_ADD_RSP_DATA((val >> 16) & 0xff); + IPMI_ADD_RSP_DATA((val >> 24) & 0xff); + out: + return; +} + +static void set_sel_time(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + uint32_t val; + struct ipmi_time now; + + IPMI_CHECK_CMD_LEN(6); + val = cmd[2] | (cmd[3] << 8) | (cmd[4] << 16) | (cmd[5] << 24); + ipmi_gettime(&now); + ibs->sel.time_offset = now.tv_sec - ((long) val); + out: + return; +} + +static void set_sensor_evt_enable(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMISensor *sens; + + IPMI_CHECK_CMD_LEN(4); + if ((cmd[2] > MAX_SENSORS) || + !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) { + rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; + goto out; + } + sens = ibs->sensors + cmd[2]; + switch ((cmd[3] >> 4) & 0x3) { + case 0: /* Do not change */ + break; + case 1: /* Enable bits */ + if (cmd_len > 4) { + sens->assert_enable |= cmd[4]; + } + if (cmd_len > 5) { + sens->assert_enable |= cmd[5] << 8; + } + if (cmd_len > 6) { + sens->deassert_enable |= cmd[6]; + } + if (cmd_len > 7) { + sens->deassert_enable |= cmd[7] << 8; + } + break; + case 2: /* Disable bits */ + if (cmd_len > 4) { + sens->assert_enable &= ~cmd[4]; + } + if (cmd_len > 5) { + sens->assert_enable &= ~(cmd[5] << 8); + } + if (cmd_len > 6) { + sens->deassert_enable &= ~cmd[6]; + } + if (cmd_len > 7) { + sens->deassert_enable &= ~(cmd[7] << 8); + } + break; + case 3: + rsp[2] = IPMI_CC_INVALID_DATA_FIELD; + goto out; + } + IPMI_SENSOR_SET_RET_STATUS(sens, cmd[3]); + out: + return; +} + +static void get_sensor_evt_enable(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMISensor *sens; + + IPMI_CHECK_CMD_LEN(3); + if ((cmd[2] > MAX_SENSORS) || + !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) { + rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; + goto out; + } + sens = ibs->sensors + cmd[2]; + IPMI_ADD_RSP_DATA(IPMI_SENSOR_GET_RET_STATUS(sens)); + IPMI_ADD_RSP_DATA(sens->assert_enable & 0xff); + IPMI_ADD_RSP_DATA((sens->assert_enable >> 8) & 0xff); + IPMI_ADD_RSP_DATA(sens->deassert_enable & 0xff); + IPMI_ADD_RSP_DATA((sens->deassert_enable >> 8) & 0xff); + out: + return; +} + +static void rearm_sensor_evts(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMISensor *sens; + + IPMI_CHECK_CMD_LEN(4); + if ((cmd[2] > MAX_SENSORS) || + !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) { + rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; + goto out; + } + sens = ibs->sensors + cmd[2]; + + if ((cmd[3] & 0x80) == 0) { + /* Just clear everything */ + sens->states = 0; + goto out; + } + out: + return; +} + +static void get_sensor_evt_status(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMISensor *sens; + + IPMI_CHECK_CMD_LEN(3); + if ((cmd[2] > MAX_SENSORS) || + !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) { + rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; + goto out; + } + sens = ibs->sensors + cmd[2]; + IPMI_ADD_RSP_DATA(sens->reading); + IPMI_ADD_RSP_DATA(IPMI_SENSOR_GET_RET_STATUS(sens)); + IPMI_ADD_RSP_DATA(sens->assert_states & 0xff); + IPMI_ADD_RSP_DATA((sens->assert_states >> 8) & 0xff); + IPMI_ADD_RSP_DATA(sens->deassert_states & 0xff); + IPMI_ADD_RSP_DATA((sens->deassert_states >> 8) & 0xff); + out: + return; +} + +static void get_sensor_reading(IPMIBmcSim *ibs, + uint8_t *cmd, unsigned int cmd_len, + uint8_t *rsp, unsigned int *rsp_len, + unsigned int max_rsp_len) +{ + IPMISensor *sens; + + IPMI_CHECK_CMD_LEN(3); + if ((cmd[2] > MAX_SENSORS) || + !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) { + rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; + goto out; + } + sens = ibs->sensors + cmd[2]; + IPMI_ADD_RSP_DATA(sens->reading); + IPMI_ADD_RSP_DATA(IPMI_SENSOR_GET_RET_STATUS(sens)); + IPMI_ADD_RSP_DATA(sens->states & 0xff); + if (IPMI_SENSOR_IS_DISCRETE(sens)) { + IPMI_ADD_RSP_DATA((sens->states >> 8) & 0xff); + } + out: + return; +} + +static const IPMICmdHandler chassis_cmds[IPMI_NETFN_CHASSIS_MAXCMD] = { + [IPMI_CMD_GET_CHASSIS_CAPABILITIES] = chassis_capabilities, + [IPMI_CMD_GET_CHASSIS_STATUS] = chassis_status, + [IPMI_CMD_CHASSIS_CONTROL] = chassis_control +}; +static const IPMINetfn chassis_netfn = { + .cmd_nums = IPMI_NETFN_CHASSIS_MAXCMD, + .cmd_handlers = chassis_cmds +}; + +static const IPMICmdHandler +sensor_event_cmds[IPMI_NETFN_SENSOR_EVENT_MAXCMD] = { + [IPMI_CMD_SET_SENSOR_EVT_ENABLE] = set_sensor_evt_enable, + [IPMI_CMD_GET_SENSOR_EVT_ENABLE] = get_sensor_evt_enable, + [IPMI_CMD_REARM_SENSOR_EVTS] = rearm_sensor_evts, + [IPMI_CMD_GET_SENSOR_EVT_STATUS] = get_sensor_evt_status, + [IPMI_CMD_GET_SENSOR_READING] = get_sensor_reading +}; +static const IPMINetfn sensor_event_netfn = { + .cmd_nums = IPMI_NETFN_SENSOR_EVENT_MAXCMD, + .cmd_handlers = sensor_event_cmds +}; + +static const IPMICmdHandler app_cmds[IPMI_NETFN_APP_MAXCMD] = { + [IPMI_CMD_GET_DEVICE_ID] = get_device_id, + [IPMI_CMD_COLD_RESET] = cold_reset, + [IPMI_CMD_WARM_RESET] = warm_reset, + [IPMI_CMD_SET_BMC_GLOBAL_ENABLES] = set_bmc_global_enables, + [IPMI_CMD_GET_BMC_GLOBAL_ENABLES] = get_bmc_global_enables, + [IPMI_CMD_CLR_MSG_FLAGS] = clr_msg_flags, + [IPMI_CMD_GET_MSG_FLAGS] = get_msg_flags, + [IPMI_CMD_GET_MSG] = get_msg, + [IPMI_CMD_SEND_MSG] = send_msg, + [IPMI_CMD_READ_EVT_MSG_BUF] = read_evt_msg_buf, + [IPMI_CMD_RESET_WATCHDOG_TIMER] = reset_watchdog_timer, + [IPMI_CMD_SET_WATCHDOG_TIMER] = set_watchdog_timer, + [IPMI_CMD_GET_WATCHDOG_TIMER] = get_watchdog_timer, +}; +static const IPMINetfn app_netfn = { + .cmd_nums = IPMI_NETFN_APP_MAXCMD, + .cmd_handlers = app_cmds +}; + +static const IPMICmdHandler storage_cmds[IPMI_NETFN_STORAGE_MAXCMD] = { + [IPMI_CMD_GET_SDR_REP_INFO] = get_sdr_rep_info, + [IPMI_CMD_RESERVE_SDR_REP] = reserve_sdr_rep, + [IPMI_CMD_GET_SDR] = get_sdr, + [IPMI_CMD_ADD_SDR] = add_sdr, + [IPMI_CMD_CLEAR_SDR_REP] = clear_sdr_rep, + [IPMI_CMD_GET_SEL_INFO] = get_sel_info, + [IPMI_CMD_RESERVE_SEL] = reserve_sel, + [IPMI_CMD_GET_SEL_ENTRY] = get_sel_entry, + [IPMI_CMD_ADD_SEL_ENTRY] = add_sel_entry, + [IPMI_CMD_CLEAR_SEL] = clear_sel, + [IPMI_CMD_GET_SEL_TIME] = get_sel_time, + [IPMI_CMD_SET_SEL_TIME] = set_sel_time, +}; + +static const IPMINetfn storage_netfn = { + .cmd_nums = IPMI_NETFN_STORAGE_MAXCMD, + .cmd_handlers = storage_cmds +}; + +static void register_cmds(IPMIBmcSim *s) +{ + ipmi_register_netfn(s, IPMI_NETFN_CHASSIS, &chassis_netfn); + ipmi_register_netfn(s, IPMI_NETFN_SENSOR_EVENT, &sensor_event_netfn); + ipmi_register_netfn(s, IPMI_NETFN_APP, &app_netfn); + ipmi_register_netfn(s, IPMI_NETFN_STORAGE, &storage_netfn); +} + +static const uint8_t init_sdrs[] = { + /* Watchdog device */ + 0x00, 0x00, 0x51, 0x02, 35, 0x20, 0x00, 0x00, + 0x23, 0x01, 0x63, 0x00, 0x23, 0x6f, 0x0f, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc8, + 'W', 'a', 't', 'c', 'h', 'd', 'o', 'g', + /* End */ + 0xff, 0xff, 0x00, 0x00, 0x00 +}; + +static void ipmi_sim_init(Object *obj) +{ + IPMIBmc *b = IPMI_BMC(obj); + unsigned int i; + unsigned int recid; + IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b); + + qemu_mutex_init(&ibs->lock); + QTAILQ_INIT(&ibs->rcvbufs); + + ibs->bmc_global_enables = (1 << IPMI_BMC_EVENT_LOG_BIT); + ibs->device_id = 0x20; + ibs->ipmi_version = 0x02; /* IPMI 2.0 */ + for (i = 0; i < 4; i++) { + ibs->sel.last_addition[i] = 0xff; + ibs->sel.last_clear[i] = 0xff; + ibs->sdr.last_addition[i] = 0xff; + ibs->sdr.last_clear[i] = 0xff; + } + + for (i = 0;;) { + int len; + if ((i + 5) > sizeof(init_sdrs)) { + error_report("Problem with recid 0x%4.4x: \n", i); + return; + } + len = init_sdrs[i + 4]; + recid = init_sdrs[i] | (init_sdrs[i + 1] << 8); + if (recid == 0xffff) { + break; + } + if ((i + len + 5) > sizeof(init_sdrs)) { + error_report("Problem with recid 0x%4.4x\n", i); + return; + } + sdr_add_entry(ibs, init_sdrs + i, len, NULL); + i += len + 5; + } + + ipmi_init_sensors_from_sdrs(ibs); + register_cmds(ibs); + + ibs->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, ipmi_timeout, ibs); +} + +static void ipmi_sim_class_init(ObjectClass *oc, void *data) +{ + IPMIBmcClass *bk = IPMI_BMC_CLASS(oc); + + bk->handle_command = ipmi_sim_handle_command; +} + +static const TypeInfo ipmi_sim_type = { + .name = TYPE_IPMI_BMC_SIMULATOR, + .parent = TYPE_IPMI_BMC, + .instance_size = sizeof(IPMIBmcSim), + .instance_init = ipmi_sim_init, + .class_init = ipmi_sim_class_init, +}; + +static void ipmi_sim_register_types(void) +{ + type_register_static(&ipmi_sim_type); +} + +type_init(ipmi_sim_register_types)