2 * QEMU ISA IPMI BT emulation
4 * Copyright (c) 2015 Corey Minyard, MontaVista Software, LLC
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
25 #include "hw/ipmi/ipmi.h"
26 #include "hw/isa/isa.h"
27 #include "hw/i386/pc.h"
29 /* Control register */
30 #define IPMI_BT_CLR_WR_BIT 0
31 #define IPMI_BT_CLR_RD_BIT 1
32 #define IPMI_BT_H2B_ATN_BIT 2
33 #define IPMI_BT_B2H_ATN_BIT 3
34 #define IPMI_BT_SMS_ATN_BIT 4
35 #define IPMI_BT_HBUSY_BIT 6
36 #define IPMI_BT_BBUSY_BIT 7
38 #define IPMI_BT_CLR_WR_MASK (1 << IPMI_BT_CLR_WR_BIT)
39 #define IPMI_BT_GET_CLR_WR(d) (((d) >> IPMI_BT_CLR_WR_BIT) & 0x1)
40 #define IPMI_BT_SET_CLR_WR(d, v) (d) = (((d) & ~IPMI_BT_CLR_WR_MASK) | \
41 (((v & 1) << IPMI_BT_CLR_WR_BIT)))
43 #define IPMI_BT_CLR_RD_MASK (1 << IPMI_BT_CLR_RD_BIT)
44 #define IPMI_BT_GET_CLR_RD(d) (((d) >> IPMI_BT_CLR_RD_BIT) & 0x1)
45 #define IPMI_BT_SET_CLR_RD(d, v) (d) = (((d) & ~IPMI_BT_CLR_RD_MASK) | \
46 (((v & 1) << IPMI_BT_CLR_RD_BIT)))
48 #define IPMI_BT_H2B_ATN_MASK (1 << IPMI_BT_H2B_ATN_BIT)
49 #define IPMI_BT_GET_H2B_ATN(d) (((d) >> IPMI_BT_H2B_ATN_BIT) & 0x1)
50 #define IPMI_BT_SET_H2B_ATN(d, v) (d) = (((d) & ~IPMI_BT_H2B_ATN_MASK) | \
51 (((v & 1) << IPMI_BT_H2B_ATN_BIT)))
53 #define IPMI_BT_B2H_ATN_MASK (1 << IPMI_BT_B2H_ATN_BIT)
54 #define IPMI_BT_GET_B2H_ATN(d) (((d) >> IPMI_BT_B2H_ATN_BIT) & 0x1)
55 #define IPMI_BT_SET_B2H_ATN(d, v) (d) = (((d) & ~IPMI_BT_B2H_ATN_MASK) | \
56 (((v & 1) << IPMI_BT_B2H_ATN_BIT)))
58 #define IPMI_BT_SMS_ATN_MASK (1 << IPMI_BT_SMS_ATN_BIT)
59 #define IPMI_BT_GET_SMS_ATN(d) (((d) >> IPMI_BT_SMS_ATN_BIT) & 0x1)
60 #define IPMI_BT_SET_SMS_ATN(d, v) (d) = (((d) & ~IPMI_BT_SMS_ATN_MASK) | \
61 (((v & 1) << IPMI_BT_SMS_ATN_BIT)))
63 #define IPMI_BT_HBUSY_MASK (1 << IPMI_BT_HBUSY_BIT)
64 #define IPMI_BT_GET_HBUSY(d) (((d) >> IPMI_BT_HBUSY_BIT) & 0x1)
65 #define IPMI_BT_SET_HBUSY(d, v) (d) = (((d) & ~IPMI_BT_HBUSY_MASK) | \
66 (((v & 1) << IPMI_BT_HBUSY_BIT)))
68 #define IPMI_BT_BBUSY_MASK (1 << IPMI_BT_BBUSY_BIT)
69 #define IPMI_BT_GET_BBUSY(d) (((d) >> IPMI_BT_BBUSY_BIT) & 0x1)
70 #define IPMI_BT_SET_BBUSY(d, v) (d) = (((d) & ~IPMI_BT_BBUSY_MASK) | \
71 (((v & 1) << IPMI_BT_BBUSY_BIT)))
75 #define IPMI_BT_B2H_IRQ_EN_BIT 0
76 #define IPMI_BT_B2H_IRQ_BIT 1
78 #define IPMI_BT_B2H_IRQ_EN_MASK (1 << IPMI_BT_B2H_IRQ_EN_BIT)
79 #define IPMI_BT_GET_B2H_IRQ_EN(d) (((d) >> IPMI_BT_B2H_IRQ_EN_BIT) & 0x1)
80 #define IPMI_BT_SET_B2H_IRQ_EN(d, v) (d) = (((d) & ~IPMI_BT_B2H_IRQ_EN_MASK) | \
81 (((v & 1) << IPMI_BT_B2H_IRQ_EN_BIT)))
83 #define IPMI_BT_B2H_IRQ_MASK (1 << IPMI_BT_B2H_IRQ_BIT)
84 #define IPMI_BT_GET_B2H_IRQ(d) (((d) >> IPMI_BT_B2H_IRQ_BIT) & 0x1)
85 #define IPMI_BT_SET_B2H_IRQ(d, v) (d) = (((d) & ~IPMI_BT_B2H_IRQ_MASK) | \
86 (((v & 1) << IPMI_BT_B2H_IRQ_BIT)))
88 typedef struct IPMIBT
{
96 unsigned long io_length
;
104 uint8_t outmsg
[MAX_IPMI_MSG_SIZE
];
108 uint8_t inmsg
[MAX_IPMI_MSG_SIZE
];
115 * This is a response number that we send with the command to make
116 * sure that the response matches the command.
122 #define IPMI_CMD_GET_BT_INTF_CAP 0x36
124 static void ipmi_bt_handle_event(IPMIInterface
*ii
)
126 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
127 IPMIBT
*ib
= iic
->get_backend_data(ii
);
132 /* Note that overruns are handled by handle_command */
133 if (ib
->inmsg
[0] != (ib
->inlen
- 1)) {
134 /* Length mismatch, just ignore. */
135 IPMI_BT_SET_BBUSY(ib
->control_reg
, 1);
139 if ((ib
->inmsg
[1] == (IPMI_NETFN_APP
<< 2)) &&
140 (ib
->inmsg
[3] == IPMI_CMD_GET_BT_INTF_CAP
)) {
141 /* We handle this one ourselves. */
143 ib
->outmsg
[1] = ib
->inmsg
[1] | 0x04;
144 ib
->outmsg
[2] = ib
->inmsg
[2];
145 ib
->outmsg
[3] = ib
->inmsg
[3];
147 ib
->outmsg
[5] = 1; /* Only support 1 outstanding request. */
148 if (sizeof(ib
->inmsg
) > 0xff) { /* Input buffer size */
149 ib
->outmsg
[6] = 0xff;
151 ib
->outmsg
[6] = (unsigned char) sizeof(ib
->inmsg
);
153 if (sizeof(ib
->outmsg
) > 0xff) { /* Output buffer size */
154 ib
->outmsg
[7] = 0xff;
156 ib
->outmsg
[7] = (unsigned char) sizeof(ib
->outmsg
);
158 ib
->outmsg
[8] = 10; /* Max request to response time */
159 ib
->outmsg
[9] = 0; /* Don't recommend retries */
161 IPMI_BT_SET_BBUSY(ib
->control_reg
, 0);
162 IPMI_BT_SET_B2H_ATN(ib
->control_reg
, 1);
163 if (ib
->use_irq
&& ib
->irqs_enabled
&&
164 !IPMI_BT_GET_B2H_IRQ(ib
->mask_reg
) &&
165 IPMI_BT_GET_B2H_IRQ_EN(ib
->mask_reg
)) {
166 IPMI_BT_SET_B2H_IRQ(ib
->mask_reg
, 1);
167 qemu_irq_raise(ib
->irq
);
171 ib
->waiting_seq
= ib
->inmsg
[2];
172 ib
->inmsg
[2] = ib
->inmsg
[1];
174 IPMIBmcClass
*bk
= IPMI_BMC_GET_CLASS(ib
->bmc
);
175 bk
->handle_command(ib
->bmc
, ib
->inmsg
+ 2, ib
->inlen
- 2,
176 sizeof(ib
->inmsg
), ib
->waiting_rsp
);
182 static void ipmi_bt_handle_rsp(IPMIInterface
*ii
, uint8_t msg_id
,
183 unsigned char *rsp
, unsigned int rsp_len
)
185 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
186 IPMIBT
*ib
= iic
->get_backend_data(ii
);
188 if (ib
->waiting_rsp
== msg_id
) {
190 if (rsp_len
> (sizeof(ib
->outmsg
) - 2)) {
192 ib
->outmsg
[1] = rsp
[0];
193 ib
->outmsg
[2] = ib
->waiting_seq
;
194 ib
->outmsg
[3] = rsp
[1];
195 ib
->outmsg
[4] = IPMI_CC_CANNOT_RETURN_REQ_NUM_BYTES
;
198 ib
->outmsg
[0] = rsp_len
+ 1;
199 ib
->outmsg
[1] = rsp
[0];
200 ib
->outmsg
[2] = ib
->waiting_seq
;
201 memcpy(ib
->outmsg
+ 3, rsp
+ 1, rsp_len
- 1);
202 ib
->outlen
= rsp_len
+ 2;
204 IPMI_BT_SET_BBUSY(ib
->control_reg
, 0);
205 IPMI_BT_SET_B2H_ATN(ib
->control_reg
, 1);
206 if (ib
->use_irq
&& ib
->irqs_enabled
&&
207 !IPMI_BT_GET_B2H_IRQ(ib
->mask_reg
) &&
208 IPMI_BT_GET_B2H_IRQ_EN(ib
->mask_reg
)) {
209 IPMI_BT_SET_B2H_IRQ(ib
->mask_reg
, 1);
210 qemu_irq_raise(ib
->irq
);
216 static uint64_t ipmi_bt_ioport_read(void *opaque
, hwaddr addr
, unsigned size
)
218 IPMIInterface
*ii
= opaque
;
219 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
220 IPMIBT
*ib
= iic
->get_backend_data(ii
);
225 ret
= ib
->control_reg
;
228 if (ib
->outpos
< ib
->outlen
) {
229 ret
= ib
->outmsg
[ib
->outpos
];
231 if (ib
->outpos
== ib
->outlen
) {
246 static void ipmi_bt_signal(IPMIBT
*ib
, IPMIInterface
*ii
)
248 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
251 while (ib
->do_wake
) {
253 iic
->handle_if_event(ii
);
257 static void ipmi_bt_ioport_write(void *opaque
, hwaddr addr
, uint64_t val
,
260 IPMIInterface
*ii
= opaque
;
261 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
262 IPMIBT
*ib
= iic
->get_backend_data(ii
);
266 if (IPMI_BT_GET_CLR_WR(val
)) {
269 if (IPMI_BT_GET_CLR_RD(val
)) {
272 if (IPMI_BT_GET_B2H_ATN(val
)) {
273 IPMI_BT_SET_B2H_ATN(ib
->control_reg
, 0);
275 if (IPMI_BT_GET_SMS_ATN(val
)) {
276 IPMI_BT_SET_SMS_ATN(ib
->control_reg
, 0);
278 if (IPMI_BT_GET_HBUSY(val
)) {
280 IPMI_BT_SET_HBUSY(ib
->control_reg
,
281 !IPMI_BT_GET_HBUSY(ib
->control_reg
));
283 if (IPMI_BT_GET_H2B_ATN(val
)) {
284 IPMI_BT_SET_BBUSY(ib
->control_reg
, 1);
285 ipmi_bt_signal(ib
, ii
);
290 if (ib
->inlen
< sizeof(ib
->inmsg
)) {
291 ib
->inmsg
[ib
->inlen
] = val
;
297 if (IPMI_BT_GET_B2H_IRQ_EN(val
) !=
298 IPMI_BT_GET_B2H_IRQ_EN(ib
->mask_reg
)) {
299 if (IPMI_BT_GET_B2H_IRQ_EN(val
)) {
300 if (IPMI_BT_GET_B2H_ATN(ib
->control_reg
) ||
301 IPMI_BT_GET_SMS_ATN(ib
->control_reg
)) {
302 IPMI_BT_SET_B2H_IRQ(ib
->mask_reg
, 1);
303 qemu_irq_raise(ib
->irq
);
305 IPMI_BT_SET_B2H_IRQ_EN(ib
->mask_reg
, 1);
307 if (IPMI_BT_GET_B2H_IRQ(ib
->mask_reg
)) {
308 IPMI_BT_SET_B2H_IRQ(ib
->mask_reg
, 0);
309 qemu_irq_lower(ib
->irq
);
311 IPMI_BT_SET_B2H_IRQ_EN(ib
->mask_reg
, 0);
314 if (IPMI_BT_GET_B2H_IRQ(val
) && IPMI_BT_GET_B2H_IRQ(ib
->mask_reg
)) {
315 IPMI_BT_SET_B2H_IRQ(ib
->mask_reg
, 0);
316 qemu_irq_lower(ib
->irq
);
322 static const MemoryRegionOps ipmi_bt_io_ops
= {
323 .read
= ipmi_bt_ioport_read
,
324 .write
= ipmi_bt_ioport_write
,
326 .min_access_size
= 1,
327 .max_access_size
= 1,
329 .endianness
= DEVICE_LITTLE_ENDIAN
,
332 static void ipmi_bt_set_atn(IPMIInterface
*ii
, int val
, int irq
)
334 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
335 IPMIBT
*ib
= iic
->get_backend_data(ii
);
337 if (!!val
== IPMI_BT_GET_SMS_ATN(ib
->control_reg
)) {
341 IPMI_BT_SET_SMS_ATN(ib
->control_reg
, val
);
343 if (irq
&& ib
->use_irq
&& ib
->irqs_enabled
&&
344 !IPMI_BT_GET_B2H_ATN(ib
->control_reg
) &&
345 IPMI_BT_GET_B2H_IRQ_EN(ib
->mask_reg
)) {
346 IPMI_BT_SET_B2H_IRQ(ib
->mask_reg
, 1);
347 qemu_irq_raise(ib
->irq
);
350 if (!IPMI_BT_GET_B2H_ATN(ib
->control_reg
) &&
351 IPMI_BT_GET_B2H_IRQ(ib
->mask_reg
)) {
352 IPMI_BT_SET_B2H_IRQ(ib
->mask_reg
, 0);
353 qemu_irq_lower(ib
->irq
);
358 static void ipmi_bt_handle_reset(IPMIInterface
*ii
, bool is_cold
)
360 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
361 IPMIBT
*ib
= iic
->get_backend_data(ii
);
364 /* Disable the BT interrupt on reset */
365 if (IPMI_BT_GET_B2H_IRQ(ib
->mask_reg
)) {
366 IPMI_BT_SET_B2H_IRQ(ib
->mask_reg
, 0);
367 qemu_irq_lower(ib
->irq
);
369 IPMI_BT_SET_B2H_IRQ_EN(ib
->mask_reg
, 0);
373 static void ipmi_bt_set_irq_enable(IPMIInterface
*ii
, int val
)
375 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
376 IPMIBT
*ib
= iic
->get_backend_data(ii
);
378 ib
->irqs_enabled
= val
;
381 static void ipmi_bt_init(IPMIInterface
*ii
, Error
**errp
)
383 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
384 IPMIBT
*ib
= iic
->get_backend_data(ii
);
388 memory_region_init_io(&ib
->io
, NULL
, &ipmi_bt_io_ops
, ii
, "ipmi-bt", 3);
391 static void ipmi_bt_class_init(IPMIInterfaceClass
*iic
)
393 iic
->init
= ipmi_bt_init
;
394 iic
->set_atn
= ipmi_bt_set_atn
;
395 iic
->handle_rsp
= ipmi_bt_handle_rsp
;
396 iic
->handle_if_event
= ipmi_bt_handle_event
;
397 iic
->set_irq_enable
= ipmi_bt_set_irq_enable
;
398 iic
->reset
= ipmi_bt_handle_reset
;
402 #define TYPE_ISA_IPMI_BT "isa-ipmi-bt"
403 #define ISA_IPMI_BT(obj) OBJECT_CHECK(ISAIPMIBTDevice, (obj), \
406 typedef struct ISAIPMIBTDevice
{
413 static void isa_ipmi_bt_realize(DeviceState
*dev
, Error
**errp
)
415 ISADevice
*isadev
= ISA_DEVICE(dev
);
416 ISAIPMIBTDevice
*iib
= ISA_IPMI_BT(dev
);
417 IPMIInterface
*ii
= IPMI_INTERFACE(dev
);
418 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_GET_CLASS(ii
);
421 error_setg(errp
, "IPMI device requires a bmc attribute to be set");
425 iib
->bt
.bmc
->intf
= ii
;
431 if (iib
->isairq
> 0) {
432 isa_init_irq(isadev
, &iib
->bt
.irq
, iib
->isairq
);
436 qdev_set_legacy_instance_id(dev
, iib
->bt
.io_base
, iib
->bt
.io_length
);
438 isa_register_ioport(isadev
, &iib
->bt
.io
, iib
->bt
.io_base
);
440 iib
->fwinfo
.interface_name
= "bt";
441 iib
->fwinfo
.interface_type
= IPMI_SMBIOS_BT
;
442 iib
->fwinfo
.ipmi_spec_major_revision
= 2;
443 iib
->fwinfo
.ipmi_spec_minor_revision
= 0;
444 iib
->fwinfo
.base_address
= iib
->bt
.io_base
;
445 iib
->fwinfo
.register_length
= iib
->bt
.io_length
;
446 iib
->fwinfo
.register_spacing
= 1;
447 iib
->fwinfo
.memspace
= IPMI_MEMSPACE_IO
;
448 iib
->fwinfo
.irq_type
= IPMI_LEVEL_IRQ
;
449 iib
->fwinfo
.interrupt_number
= iib
->isairq
;
450 iib
->fwinfo
.acpi_parent
= "\\_SB.PCI0.ISA";
451 iib
->fwinfo
.i2c_slave_address
= iib
->bt
.bmc
->slave_addr
;
452 ipmi_add_fwinfo(&iib
->fwinfo
, errp
);
455 static const VMStateDescription vmstate_ISAIPMIBTDevice
= {
456 .name
= TYPE_IPMI_INTERFACE
,
458 .minimum_version_id
= 1,
459 .fields
= (VMStateField
[]) {
460 VMSTATE_BOOL(bt
.obf_irq_set
, ISAIPMIBTDevice
),
461 VMSTATE_BOOL(bt
.atn_irq_set
, ISAIPMIBTDevice
),
462 VMSTATE_BOOL(bt
.use_irq
, ISAIPMIBTDevice
),
463 VMSTATE_BOOL(bt
.irqs_enabled
, ISAIPMIBTDevice
),
464 VMSTATE_UINT32(bt
.outpos
, ISAIPMIBTDevice
),
465 VMSTATE_VBUFFER_UINT32(bt
.outmsg
, ISAIPMIBTDevice
, 1, NULL
, 0,
467 VMSTATE_VBUFFER_UINT32(bt
.inmsg
, ISAIPMIBTDevice
, 1, NULL
, 0,
469 VMSTATE_UINT8(bt
.control_reg
, ISAIPMIBTDevice
),
470 VMSTATE_UINT8(bt
.mask_reg
, ISAIPMIBTDevice
),
471 VMSTATE_UINT8(bt
.waiting_rsp
, ISAIPMIBTDevice
),
472 VMSTATE_UINT8(bt
.waiting_seq
, ISAIPMIBTDevice
),
473 VMSTATE_END_OF_LIST()
477 static void isa_ipmi_bt_init(Object
*obj
)
479 ISAIPMIBTDevice
*iib
= ISA_IPMI_BT(obj
);
481 ipmi_bmc_find_and_link(obj
, (Object
**) &iib
->bt
.bmc
);
483 vmstate_register(NULL
, 0, &vmstate_ISAIPMIBTDevice
, iib
);
486 static void *isa_ipmi_bt_get_backend_data(IPMIInterface
*ii
)
488 ISAIPMIBTDevice
*iib
= ISA_IPMI_BT(ii
);
493 static Property ipmi_isa_properties
[] = {
494 DEFINE_PROP_UINT32("ioport", ISAIPMIBTDevice
, bt
.io_base
, 0xe4),
495 DEFINE_PROP_INT32("irq", ISAIPMIBTDevice
, isairq
, 5),
496 DEFINE_PROP_END_OF_LIST(),
499 static void isa_ipmi_bt_class_init(ObjectClass
*oc
, void *data
)
501 DeviceClass
*dc
= DEVICE_CLASS(oc
);
502 IPMIInterfaceClass
*iic
= IPMI_INTERFACE_CLASS(oc
);
504 dc
->realize
= isa_ipmi_bt_realize
;
505 dc
->props
= ipmi_isa_properties
;
507 iic
->get_backend_data
= isa_ipmi_bt_get_backend_data
;
508 ipmi_bt_class_init(iic
);
511 static const TypeInfo isa_ipmi_bt_info
= {
512 .name
= TYPE_ISA_IPMI_BT
,
513 .parent
= TYPE_ISA_DEVICE
,
514 .instance_size
= sizeof(ISAIPMIBTDevice
),
515 .instance_init
= isa_ipmi_bt_init
,
516 .class_init
= isa_ipmi_bt_class_init
,
517 .interfaces
= (InterfaceInfo
[]) {
518 { TYPE_IPMI_INTERFACE
},
523 static void ipmi_register_types(void)
525 type_register_static(&isa_ipmi_bt_info
);
528 type_init(ipmi_register_types
)
