2 * QEMU ISA IPMI KCS emulation
4 * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 #include "qemu/osdep.h"
27 #include "qemu/module.h"
28 #include "qapi/error.h"
29 #include "hw/ipmi/ipmi.h"
31 #include "hw/isa/isa.h"
32 #include "hw/qdev-properties.h"
33 #include "migration/vmstate.h"
35 #define IPMI_KCS_OBF_BIT 0
36 #define IPMI_KCS_IBF_BIT 1
37 #define IPMI_KCS_SMS_ATN_BIT 2
38 #define IPMI_KCS_CD_BIT 3
40 #define IPMI_KCS_OBF_MASK (1 << IPMI_KCS_OBF_BIT)
41 #define IPMI_KCS_GET_OBF(d) (((d) >> IPMI_KCS_OBF_BIT) & 0x1)
42 #define IPMI_KCS_SET_OBF(d, v) (d) = (((d) & ~IPMI_KCS_OBF_MASK) | \
43 (((v) & 1) << IPMI_KCS_OBF_BIT))
44 #define IPMI_KCS_IBF_MASK (1 << IPMI_KCS_IBF_BIT)
45 #define IPMI_KCS_GET_IBF(d) (((d) >> IPMI_KCS_IBF_BIT) & 0x1)
46 #define IPMI_KCS_SET_IBF(d, v) (d) = (((d) & ~IPMI_KCS_IBF_MASK) | \
47 (((v) & 1) << IPMI_KCS_IBF_BIT))
48 #define IPMI_KCS_SMS_ATN_MASK (1 << IPMI_KCS_SMS_ATN_BIT)
49 #define IPMI_KCS_GET_SMS_ATN(d) (((d) >> IPMI_KCS_SMS_ATN_BIT) & 0x1)
50 #define IPMI_KCS_SET_SMS_ATN(d, v) (d) = (((d) & ~IPMI_KCS_SMS_ATN_MASK) | \
51 (((v) & 1) << IPMI_KCS_SMS_ATN_BIT))
52 #define IPMI_KCS_CD_MASK (1 << IPMI_KCS_CD_BIT)
53 #define IPMI_KCS_GET_CD(d) (((d) >> IPMI_KCS_CD_BIT) & 0x1)
54 #define IPMI_KCS_SET_CD(d, v) (d) = (((d) & ~IPMI_KCS_CD_MASK) | \
55 (((v) & 1) << IPMI_KCS_CD_BIT))
57 #define IPMI_KCS_IDLE_STATE 0
58 #define IPMI_KCS_READ_STATE 1
59 #define IPMI_KCS_WRITE_STATE 2
60 #define IPMI_KCS_ERROR_STATE 3
62 #define IPMI_KCS_GET_STATE(d) (((d) >> 6) & 0x3)
63 #define IPMI_KCS_SET_STATE(d, v) ((d) = ((d) & ~0xc0) | (((v) & 0x3) << 6))
65 #define IPMI_KCS_ABORT_STATUS_CMD 0x60
66 #define IPMI_KCS_WRITE_START_CMD 0x61
67 #define IPMI_KCS_WRITE_END_CMD 0x62
68 #define IPMI_KCS_READ_CMD 0x68
70 #define IPMI_KCS_STATUS_NO_ERR 0x00
71 #define IPMI_KCS_STATUS_ABORTED_ERR 0x01
72 #define IPMI_KCS_STATUS_BAD_CC_ERR 0x02
73 #define IPMI_KCS_STATUS_LENGTH_ERR 0x06
75 typedef struct IPMIKCS
{
83 unsigned long io_length
;
91 uint8_t outmsg
[MAX_IPMI_MSG_SIZE
];
95 uint8_t inmsg
[MAX_IPMI_MSG_SIZE
];
100 uint8_t data_out_reg
;
102 int16_t data_in_reg
; /* -1 means not written */
106 * This is a response number that we send with the command to make
107 * sure that the response matches the command.
114 IPMI_KCS_SET_OBF(ik->status_reg, 1); \
115 if (ik->use_irq && ik->irqs_enabled && !ik->obf_irq_set) { \
116 ik->obf_irq_set = 1; \
117 if (!ik->atn_irq_set) { \
118 qemu_irq_raise(ik->irq); \
123 static void ipmi_kcs_signal(IPMIKCS
*ik
, IPMIInterface
*ii
)
125 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
128 while (ik
->do_wake
) {
130 iic
->handle_if_event(ii
);
134 static void ipmi_kcs_handle_event(IPMIInterface
*ii
)
136 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
137 IPMIKCS
*ik
= iic
->get_backend_data(ii
);
139 if (ik
->cmd_reg
== IPMI_KCS_ABORT_STATUS_CMD
) {
140 if (IPMI_KCS_GET_STATE(ik
->status_reg
) != IPMI_KCS_ERROR_STATE
) {
141 ik
->waiting_rsp
++; /* Invalidate the message */
142 ik
->outmsg
[0] = IPMI_KCS_STATUS_ABORTED_ERR
;
145 IPMI_KCS_SET_STATE(ik
->status_reg
, IPMI_KCS_ERROR_STATE
);
151 switch (IPMI_KCS_GET_STATE(ik
->status_reg
)) {
152 case IPMI_KCS_IDLE_STATE
:
153 if (ik
->cmd_reg
== IPMI_KCS_WRITE_START_CMD
) {
154 IPMI_KCS_SET_STATE(ik
->status_reg
, IPMI_KCS_WRITE_STATE
);
162 case IPMI_KCS_READ_STATE
:
164 if (ik
->outpos
>= ik
->outlen
) {
165 IPMI_KCS_SET_STATE(ik
->status_reg
, IPMI_KCS_IDLE_STATE
);
167 } else if (ik
->data_in_reg
== IPMI_KCS_READ_CMD
) {
168 ik
->data_out_reg
= ik
->outmsg
[ik
->outpos
];
172 ik
->outmsg
[0] = IPMI_KCS_STATUS_BAD_CC_ERR
;
175 IPMI_KCS_SET_STATE(ik
->status_reg
, IPMI_KCS_ERROR_STATE
);
181 case IPMI_KCS_WRITE_STATE
:
182 if (ik
->data_in_reg
!= -1) {
184 * Don't worry about input overrun here, that will be
185 * handled in the BMC.
187 if (ik
->inlen
< sizeof(ik
->inmsg
)) {
188 ik
->inmsg
[ik
->inlen
] = ik
->data_in_reg
;
193 IPMIBmcClass
*bk
= IPMI_BMC_GET_CLASS(ik
->bmc
);
197 bk
->handle_command(ik
->bmc
, ik
->inmsg
, ik
->inlen
, sizeof(ik
->inmsg
),
200 } else if (ik
->cmd_reg
== IPMI_KCS_WRITE_END_CMD
) {
207 case IPMI_KCS_ERROR_STATE
:
208 if (ik
->data_in_reg
!= -1) {
209 IPMI_KCS_SET_STATE(ik
->status_reg
, IPMI_KCS_READ_STATE
);
210 ik
->data_in_reg
= IPMI_KCS_READ_CMD
;
216 if (ik
->cmd_reg
!= -1) {
217 /* Got an invalid command */
218 ik
->outmsg
[0] = IPMI_KCS_STATUS_BAD_CC_ERR
;
221 IPMI_KCS_SET_STATE(ik
->status_reg
, IPMI_KCS_ERROR_STATE
);
226 ik
->data_in_reg
= -1;
227 IPMI_KCS_SET_IBF(ik
->status_reg
, 0);
232 static void ipmi_kcs_handle_rsp(IPMIInterface
*ii
, uint8_t msg_id
,
233 unsigned char *rsp
, unsigned int rsp_len
)
235 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
236 IPMIKCS
*ik
= iic
->get_backend_data(ii
);
238 if (ik
->waiting_rsp
== msg_id
) {
240 if (rsp_len
> sizeof(ik
->outmsg
)) {
241 ik
->outmsg
[0] = rsp
[0];
242 ik
->outmsg
[1] = rsp
[1];
243 ik
->outmsg
[2] = IPMI_CC_CANNOT_RETURN_REQ_NUM_BYTES
;
246 memcpy(ik
->outmsg
, rsp
, rsp_len
);
247 ik
->outlen
= rsp_len
;
249 IPMI_KCS_SET_STATE(ik
->status_reg
, IPMI_KCS_READ_STATE
);
250 ik
->data_in_reg
= IPMI_KCS_READ_CMD
;
251 ipmi_kcs_signal(ik
, ii
);
256 static uint64_t ipmi_kcs_ioport_read(void *opaque
, hwaddr addr
, unsigned size
)
258 IPMIInterface
*ii
= opaque
;
259 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
260 IPMIKCS
*ik
= iic
->get_backend_data(ii
);
265 ret
= ik
->data_out_reg
;
266 IPMI_KCS_SET_OBF(ik
->status_reg
, 0);
267 if (ik
->obf_irq_set
) {
269 if (!ik
->atn_irq_set
) {
270 qemu_irq_lower(ik
->irq
);
275 ret
= ik
->status_reg
;
276 if (ik
->atn_irq_set
) {
278 if (!ik
->obf_irq_set
) {
279 qemu_irq_lower(ik
->irq
);
287 static void ipmi_kcs_ioport_write(void *opaque
, hwaddr addr
, uint64_t val
,
290 IPMIInterface
*ii
= opaque
;
291 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
292 IPMIKCS
*ik
= iic
->get_backend_data(ii
);
294 if (IPMI_KCS_GET_IBF(ik
->status_reg
)) {
300 ik
->data_in_reg
= val
;
307 IPMI_KCS_SET_IBF(ik
->status_reg
, 1);
308 ipmi_kcs_signal(ik
, ii
);
311 const MemoryRegionOps ipmi_kcs_io_ops
= {
312 .read
= ipmi_kcs_ioport_read
,
313 .write
= ipmi_kcs_ioport_write
,
315 .min_access_size
= 1,
316 .max_access_size
= 1,
318 .endianness
= DEVICE_LITTLE_ENDIAN
,
321 static void ipmi_kcs_set_atn(IPMIInterface
*ii
, int val
, int irq
)
323 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
324 IPMIKCS
*ik
= iic
->get_backend_data(ii
);
326 IPMI_KCS_SET_SMS_ATN(ik
->status_reg
, val
);
328 if (irq
&& !ik
->atn_irq_set
&& ik
->use_irq
&& ik
->irqs_enabled
) {
330 if (!ik
->obf_irq_set
) {
331 qemu_irq_raise(ik
->irq
);
335 if (ik
->atn_irq_set
) {
337 if (!ik
->obf_irq_set
) {
338 qemu_irq_lower(ik
->irq
);
344 static void ipmi_kcs_set_irq_enable(IPMIInterface
*ii
, int val
)
346 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
347 IPMIKCS
*ik
= iic
->get_backend_data(ii
);
349 ik
->irqs_enabled
= val
;
352 static void ipmi_kcs_init(IPMIInterface
*ii
, Error
**errp
)
354 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
355 IPMIKCS
*ik
= iic
->get_backend_data(ii
);
358 memory_region_init_io(&ik
->io
, NULL
, &ipmi_kcs_io_ops
, ii
, "ipmi-kcs", 2);
361 #define TYPE_ISA_IPMI_KCS "isa-ipmi-kcs"
362 #define ISA_IPMI_KCS(obj) OBJECT_CHECK(ISAIPMIKCSDevice, (obj), \
365 typedef struct ISAIPMIKCSDevice
{
372 static void ipmi_kcs_get_fwinfo(IPMIInterface
*ii
, IPMIFwInfo
*info
)
374 ISAIPMIKCSDevice
*iik
= ISA_IPMI_KCS(ii
);
376 info
->interface_name
= "kcs";
377 info
->interface_type
= IPMI_SMBIOS_KCS
;
378 info
->ipmi_spec_major_revision
= 2;
379 info
->ipmi_spec_minor_revision
= 0;
380 info
->base_address
= iik
->kcs
.io_base
;
381 info
->i2c_slave_address
= iik
->kcs
.bmc
->slave_addr
;
382 info
->register_length
= iik
->kcs
.io_length
;
383 info
->register_spacing
= 1;
384 info
->memspace
= IPMI_MEMSPACE_IO
;
385 info
->irq_type
= IPMI_LEVEL_IRQ
;
386 info
->interrupt_number
= iik
->isairq
;
387 info
->uuid
= iik
->uuid
;
390 static void ipmi_kcs_class_init(IPMIInterfaceClass
*iic
)
392 iic
->init
= ipmi_kcs_init
;
393 iic
->set_atn
= ipmi_kcs_set_atn
;
394 iic
->handle_rsp
= ipmi_kcs_handle_rsp
;
395 iic
->handle_if_event
= ipmi_kcs_handle_event
;
396 iic
->set_irq_enable
= ipmi_kcs_set_irq_enable
;
397 iic
->get_fwinfo
= ipmi_kcs_get_fwinfo
;
400 static void ipmi_isa_realize(DeviceState
*dev
, Error
**errp
)
402 ISADevice
*isadev
= ISA_DEVICE(dev
);
403 ISAIPMIKCSDevice
*iik
= ISA_IPMI_KCS(dev
);
404 IPMIInterface
*ii
= IPMI_INTERFACE(dev
);
405 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
408 error_setg(errp
, "IPMI device requires a bmc attribute to be set");
412 iik
->uuid
= ipmi_next_uuid();
414 iik
->kcs
.bmc
->intf
= ii
;
420 if (iik
->isairq
> 0) {
421 isa_init_irq(isadev
, &iik
->kcs
.irq
, iik
->isairq
);
422 iik
->kcs
.use_irq
= 1;
425 qdev_set_legacy_instance_id(dev
, iik
->kcs
.io_base
, iik
->kcs
.io_length
);
427 isa_register_ioport(isadev
, &iik
->kcs
.io
, iik
->kcs
.io_base
);
430 static int ipmi_kcs_vmstate_post_load(void *opaque
, int version
)
432 IPMIKCS
*ik
= opaque
;
434 /* Make sure all the values are sane. */
435 if (ik
->outpos
>= MAX_IPMI_MSG_SIZE
|| ik
->outlen
>= MAX_IPMI_MSG_SIZE
||
436 ik
->outpos
>= ik
->outlen
) {
437 qemu_log_mask(LOG_GUEST_ERROR
,
438 "ipmi:kcs: vmstate transfer received bad out values: %d %d\n",
439 ik
->outpos
, ik
->outlen
);
444 if (ik
->inlen
>= MAX_IPMI_MSG_SIZE
) {
445 qemu_log_mask(LOG_GUEST_ERROR
,
446 "ipmi:kcs: vmstate transfer received bad in value: %d\n",
454 static bool vmstate_kcs_before_version2(void *opaque
, int version
)
459 static const VMStateDescription vmstate_IPMIKCS
= {
460 .name
= TYPE_IPMI_INTERFACE_PREFIX
"kcs",
462 .minimum_version_id
= 1,
463 .post_load
= ipmi_kcs_vmstate_post_load
,
464 .fields
= (VMStateField
[]) {
465 VMSTATE_BOOL(obf_irq_set
, IPMIKCS
),
466 VMSTATE_BOOL(atn_irq_set
, IPMIKCS
),
467 VMSTATE_UNUSED_TEST(vmstate_kcs_before_version2
, 1), /* Was use_irq */
468 VMSTATE_BOOL(irqs_enabled
, IPMIKCS
),
469 VMSTATE_UINT32(outpos
, IPMIKCS
),
470 VMSTATE_UINT32_V(outlen
, IPMIKCS
, 2),
471 VMSTATE_UINT8_ARRAY(outmsg
, IPMIKCS
, MAX_IPMI_MSG_SIZE
),
472 VMSTATE_UINT32_V(inlen
, IPMIKCS
, 2),
473 VMSTATE_UINT8_ARRAY(inmsg
, IPMIKCS
, MAX_IPMI_MSG_SIZE
),
474 VMSTATE_BOOL(write_end
, IPMIKCS
),
475 VMSTATE_UINT8(status_reg
, IPMIKCS
),
476 VMSTATE_UINT8(data_out_reg
, IPMIKCS
),
477 VMSTATE_INT16(data_in_reg
, IPMIKCS
),
478 VMSTATE_INT16(cmd_reg
, IPMIKCS
),
479 VMSTATE_UINT8(waiting_rsp
, IPMIKCS
),
480 VMSTATE_END_OF_LIST()
484 static const VMStateDescription vmstate_ISAIPMIKCSDevice
= {
485 .name
= TYPE_IPMI_INTERFACE
,
487 .minimum_version_id
= 1,
488 .fields
= (VMStateField
[]) {
489 VMSTATE_VSTRUCT_TEST(kcs
, ISAIPMIKCSDevice
, vmstate_kcs_before_version2
,
490 0, vmstate_IPMIKCS
, IPMIKCS
, 1),
491 VMSTATE_VSTRUCT_V(kcs
, ISAIPMIKCSDevice
, 2, vmstate_IPMIKCS
,
493 VMSTATE_END_OF_LIST()
497 static void isa_ipmi_kcs_init(Object
*obj
)
499 ISAIPMIKCSDevice
*iik
= ISA_IPMI_KCS(obj
);
501 ipmi_bmc_find_and_link(obj
, (Object
**) &iik
->kcs
.bmc
);
504 * Version 1 had an incorrect name, it clashed with the BT
505 * IPMI device, so receive it, but transmit a different
508 vmstate_register(NULL
, 0, &vmstate_ISAIPMIKCSDevice
, iik
);
511 static void *isa_ipmi_kcs_get_backend_data(IPMIInterface
*ii
)
513 ISAIPMIKCSDevice
*iik
= ISA_IPMI_KCS(ii
);
518 static Property ipmi_isa_properties
[] = {
519 DEFINE_PROP_UINT32("ioport", ISAIPMIKCSDevice
, kcs
.io_base
, 0xca2),
520 DEFINE_PROP_INT32("irq", ISAIPMIKCSDevice
, isairq
, 5),
521 DEFINE_PROP_END_OF_LIST(),
524 static void isa_ipmi_kcs_class_init(ObjectClass
*oc
, void *data
)
526 DeviceClass
*dc
= DEVICE_CLASS(oc
);
527 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_CLASS(oc
);
529 dc
->realize
= ipmi_isa_realize
;
530 dc
->props
= ipmi_isa_properties
;
532 iic
->get_backend_data
= isa_ipmi_kcs_get_backend_data
;
533 ipmi_kcs_class_init(iic
);
536 static const TypeInfo isa_ipmi_kcs_info
= {
537 .name
= TYPE_ISA_IPMI_KCS
,
538 .parent
= TYPE_ISA_DEVICE
,
539 .instance_size
= sizeof(ISAIPMIKCSDevice
),
540 .instance_init
= isa_ipmi_kcs_init
,
541 .class_init
= isa_ipmi_kcs_class_init
,
542 .interfaces
= (InterfaceInfo
[]) {
543 { TYPE_IPMI_INTERFACE
},
548 static void ipmi_register_types(void)
550 type_register_static(&isa_ipmi_kcs_info
);
553 type_init(ipmi_register_types
)